npm - @walkeros/cli - Versions diffs - 3.4.1-next-1776790594143 → 3.4.2 - Mend

@walkeros/cli 3.4.1-next-1776790594143 → 3.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,35 @@
 # @walkeros/cli
-## 3.4.1-next-1776790594143
+## 3.4.2
+### Patch Changes
+- 2d25eda: Replace `api` mega-tool with four focused management tools: `auth`
+  (device code login), `project_manage`, `flow_manage`, and `deploy_manage`.
+  Enforce strict CLI/MCP separation of concern — MCP no longer reads config
+  files or checks env vars directly. All tools are always registered regardless
+  of auth state.
+  CLI exports new functions: `requestDeviceCode`, `pollForToken`,
+  `setDefaultProject`, `getDefaultProject`, `listAllFlows`,
+  `setFeedbackPreference`, `getFeedbackPreference`, `resolveToken`,
+  `deleteConfig`.
+  Preview CRUD (`preview_list`, `preview_get`, `preview_create`,
+  `preview_delete`) is now part of `flow_manage` — previews are a flow-scoped
+  concern and belong alongside the flow lifecycle actions rather than in a
+  separate tool.
+- cb4c069: Runtime fetchers (`fetchConfig`, `fetchSecrets`) now classify 401/403
+  responses from the app as a typed `RunnerAuthError` with a structured `reason`
+  (`'unauthorised' | 'flow' | 'scope' | 'forbidden'`) and the app's error `code`
+  (`FORBIDDEN_FLOW` / `FORBIDDEN_SCOPE`). Callers can log a specific reason
+  instead of a generic "token may have expired" message, and exit cleanly rather
+  than retry on scope/flow mismatches.
+  - @walkeros/core@3.4.2
+  - @walkeros/server-core@3.4.2
+## 3.4.1
 ### Patch Changes
@@ -16,8 +45,8 @@
   silent analytics breakage.
 - Updated dependencies [12adf24]
 - Updated dependencies [75aa26b]
-  - @walkeros/core@3.4.1-next-1776790594143
-  - @walkeros/server-core@3.4.1-next-1776790594143
+  - @walkeros/core@3.4.1
+  - @walkeros/server-core@3.4.1
 ## 3.4.0

package/dist/cli.js CHANGED Viewed

@@ -665,6 +665,10 @@ function deleteConfig() {
   }
   return false;
 }
+function getDefaultProject() {
+  const config2 = readConfig();
+  return config2?.defaultProjectId ?? null;
+}
 function resolveToken() {
   const envToken = process.env.WALKEROS_TOKEN;
   if (envToken) return { token: envToken, source: "env" };
@@ -1030,8 +1034,11 @@ function resolveRunToken() {
   return resolveDeployToken() ?? resolveToken()?.token ?? null;
 }
 function requireProjectId() {
-  const projectId = process.env.WALKEROS_PROJECT_ID;
-  if (!projectId) throw new Error("WALKEROS_PROJECT_ID not set.");
+  const projectId = process.env.WALKEROS_PROJECT_ID || getDefaultProject();
+  if (!projectId)
+    throw new Error(
+      "No project selected. Set WALKEROS_PROJECT_ID or configure a default project."
+    );
   return projectId;
 }
 var init_auth = __esm({
@@ -18301,6 +18308,101 @@ var init_utils3 = __esm({
   }
 });
+// src/commands/projects/index.ts
+async function listProjects() {
+  const client = createApiClient();
+  const { data, error: error48 } = await client.GET("/api/projects");
+  if (error48) throw new Error(error48.error?.message || "Failed to list projects");
+  return data;
+}
+async function getProject(options = {}) {
+  const id = options.projectId ?? requireProjectId();
+  const client = createApiClient();
+  const { data, error: error48 } = await client.GET("/api/projects/{projectId}", {
+    params: { path: { projectId: id } }
+  });
+  if (error48) throw new Error(error48.error?.message || "Failed to get project");
+  return data;
+}
+async function createProject(options) {
+  const client = createApiClient();
+  const { data, error: error48 } = await client.POST("/api/projects", {
+    body: { name: options.name }
+  });
+  if (error48)
+    throw new Error(error48.error?.message || "Failed to create project");
+  return data;
+}
+async function updateProject(options) {
+  const id = options.projectId ?? requireProjectId();
+  const client = createApiClient();
+  const { data, error: error48 } = await client.PATCH("/api/projects/{projectId}", {
+    params: { path: { projectId: id } },
+    body: { name: options.name }
+  });
+  if (error48)
+    throw new Error(error48.error?.message || "Failed to update project");
+  return data;
+}
+async function deleteProject(options = {}) {
+  const id = options.projectId ?? requireProjectId();
+  const client = createApiClient();
+  const { data, error: error48 } = await client.DELETE("/api/projects/{projectId}", {
+    params: { path: { projectId: id } }
+  });
+  if (error48)
+    throw new Error(error48.error?.message || "Failed to delete project");
+  return data ?? { success: true };
+}
+async function handleResult(fn2, options) {
+  try {
+    const result = await fn2();
+    await writeResult(JSON.stringify(result, null, 2), options);
+  } catch (error48) {
+    handleCliError(error48);
+  }
+}
+async function listProjectsCommand(options) {
+  await handleResult(() => listProjects(), options);
+}
+async function getProjectCommand(projectId, options) {
+  await handleResult(
+    () => getProject({ projectId: projectId ?? options.project }),
+    options
+  );
+}
+async function createProjectCommand(name, options) {
+  await handleResult(() => createProject({ name }), options);
+}
+async function updateProjectCommand(projectId, options) {
+  const name = options.name;
+  if (!name) {
+    throw new Error("Missing required option: --name <name>");
+  }
+  await handleResult(
+    () => updateProject({
+      projectId: projectId ?? options.project,
+      name
+    }),
+    options
+  );
+}
+async function deleteProjectCommand(projectId, options) {
+  await handleResult(
+    () => deleteProject({ projectId: projectId ?? options.project }),
+    options
+  );
+}
+var init_projects = __esm({
+  "src/commands/projects/index.ts"() {
+    "use strict";
+    init_api_client();
+    init_api_error();
+    init_auth();
+    init_output();
+  }
+});
 // src/commands/flows/index.ts
 async function listFlows(options = {}) {
   const id = options.projectId ?? requireProjectId();
@@ -18459,6 +18561,7 @@ var init_flows = __esm({
     init_auth();
     init_output();
     init_stdin();
+    init_projects();
   }
 });
@@ -20039,6 +20142,37 @@ async function resolveBundle(bundleEnv) {
 // src/runtime/config-fetcher.ts
 init_http();
+// src/runtime/runner-auth-error.ts
+var RunnerAuthError = class extends Error {
+  constructor(status, reason, code, message) {
+    super(message);
+    this.status = status;
+    this.reason = reason;
+    this.code = code;
+    this.name = "RunnerAuthError";
+  }
+};
+function isAppErrorBody(value) {
+  return typeof value === "object" && value !== null && "error" in value && typeof value.error === "object";
+}
+async function throwIfRunnerAuthFailure(res) {
+  if (res.status !== 401 && res.status !== 403) return;
+  let code = null;
+  let message = res.statusText;
+  try {
+    const body = await res.clone().json();
+    if (isAppErrorBody(body) && body.error) {
+      if (typeof body.error.code === "string") code = body.error.code;
+      if (typeof body.error.message === "string") message = body.error.message;
+    }
+  } catch {
+  }
+  const reason = res.status === 401 ? "unauthorised" : code === "FORBIDDEN_FLOW" ? "flow" : code === "FORBIDDEN_SCOPE" ? "scope" : "forbidden";
+  throw new RunnerAuthError(res.status, reason, code, message);
+}
+// src/runtime/config-fetcher.ts
 async function fetchConfig(options) {
   const url2 = `${options.appUrl}/api/projects/${options.projectId}/flows/${options.flowId}`;
   const headers = mergeAuthHeaders(
@@ -20052,12 +20186,8 @@ async function fetchConfig(options) {
   if (response.status === 304) {
     return { changed: false };
   }
+  await throwIfRunnerAuthFailure(response);
   if (!response.ok) {
-    if (response.status === 401 || response.status === 403) {
-      throw new Error(
-        `Config fetch failed (${response.status}): token may have expired \u2014 redeploy to rotate`
-      );
-    }
     throw new Error(
       `Config fetch failed: ${response.status} ${response.statusText}`
     );
@@ -20488,6 +20618,7 @@ async function fetchSecrets(options) {
   const res = await fetch(url2, {
     headers: mergeAuthHeaders(token, { "Content-Type": "application/json" })
   });
+  await throwIfRunnerAuthFailure(res);
   if (!res.ok) {
     throw new SecretsHttpError(res.status, res.statusText);
   }
@@ -21611,6 +21742,8 @@ init_cli_logger();
 init_config_file();
 import { hostname as hostname3 } from "os";
 var POLL_TIMEOUT_BUFFER_MS = 5e3;
+var DEFAULT_POLL_TIMEOUT_MS = 6e4;
+var DEFAULT_POLL_INTERVAL_MS = 5e3;
 async function openInBrowser(url2) {
   const { default: open } = await import("open");
   await open(url2);
@@ -21636,25 +21769,143 @@ async function loginCommand(options) {
     process.exit(1);
   }
 }
-async function login(options = {}) {
+async function requestDeviceCode(options = {}) {
   const appUrl = options.url || resolveAppUrl();
   const f2 = options.fetch ?? globalThis.fetch;
-  const codeResponse = await f2(`${appUrl}/api/auth/device/code`, {
+  const response = await f2(`${appUrl}/api/auth/device/code`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
     body: JSON.stringify({})
   });
-  if (!codeResponse.ok) {
+  if (!response.ok) {
+    throw new Error("Failed to request device code");
+  }
+  const data = await response.json();
+  return {
+    deviceCode: data.deviceCode,
+    userCode: data.userCode,
+    verificationUri: data.verificationUri,
+    verificationUriComplete: data.verificationUriComplete,
+    expiresIn: data.expiresIn,
+    interval: data.interval
+  };
+}
+async function pollForToken(deviceCode, options = {}) {
+  const appUrl = options.url || resolveAppUrl();
+  const f2 = options.fetch ?? globalThis.fetch;
+  const timeoutMs = options.timeoutMs ?? DEFAULT_POLL_TIMEOUT_MS;
+  let intervalMs = options.intervalMs ?? DEFAULT_POLL_INTERVAL_MS;
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    await new Promise((r2) => setTimeout(r2, intervalMs));
+    if (Date.now() >= deadline) break;
+    const remaining = Math.max(1, deadline - Date.now());
+    const controller = new AbortController();
+    const timeoutHandle = setTimeout(() => controller.abort(), remaining);
+    let tokenResponse;
+    try {
+      tokenResponse = await f2(`${appUrl}/api/auth/device/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ deviceCode, hostname: hostname3() }),
+        signal: controller.signal
+      });
+    } catch (err) {
+      clearTimeout(timeoutHandle);
+      if (err instanceof Error && err.name === "AbortError") {
+        break;
+      }
+      throw err;
+    } finally {
+      clearTimeout(timeoutHandle);
+    }
+    const data = await safeJsonParse(tokenResponse);
+    if (data === MALFORMED) {
+      return {
+        success: false,
+        status: "error",
+        error: "Server returned malformed response"
+      };
+    }
+    if (tokenResponse.ok) {
+      const token = data.token;
+      const email3 = data.email;
+      if (typeof token === "string" && token.length > 0) {
+        if (typeof email3 !== "string" || email3.length === 0) {
+          return {
+            success: false,
+            status: "error",
+            error: "Server returned malformed response (missing email)"
+          };
+        }
+        writeConfig({ token, email: email3, appUrl });
+        const configPath = getConfigPath();
+        return {
+          success: true,
+          status: "authenticated",
+          email: email3,
+          configPath
+        };
+      }
+      if (token !== void 0) {
+        return {
+          success: false,
+          status: "error",
+          error: "Server returned malformed response (invalid token type)"
+        };
+      }
+      continue;
+    }
+    if (data.error === "authorization_pending") continue;
+    if (data.error === "slow_down") {
+      intervalMs += 5e3;
+      continue;
+    }
+    const errField = data.error;
+    let errorMsg;
+    if (typeof errField === "string") {
+      errorMsg = errField;
+    } else if (errField && typeof errField === "object" && "message" in errField && typeof errField.message === "string") {
+      errorMsg = errField.message;
+    } else {
+      errorMsg = "Authorization failed";
+    }
+    return { success: false, status: "error", error: errorMsg };
+  }
+  return { success: false, status: "pending" };
+}
+var MALFORMED = /* @__PURE__ */ Symbol("malformed-json");
+async function safeJsonParse(response) {
+  try {
+    const parsed = await response.json();
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+    return MALFORMED;
+  } catch {
+    return MALFORMED;
+  }
+}
+async function login(options = {}) {
+  const fetchOption = options.fetch ?? globalThis.fetch;
+  const urlOption = options.url;
+  let codeResult;
+  try {
+    codeResult = await requestDeviceCode({
+      url: urlOption,
+      fetch: fetchOption
+    });
+  } catch {
     return { success: false, error: "Failed to request device code" };
   }
   const {
-    deviceCode,
     userCode,
     verificationUri,
     verificationUriComplete,
     expiresIn,
-    interval
-  } = await codeResponse.json();
+    interval,
+    deviceCode
+  } = codeResult;
   const prompt = (msg) => process.stderr.write(msg + "\n");
   prompt(`
 ! Your one-time code: ${userCode}`);
@@ -21668,30 +21919,95 @@ async function login(options = {}) {
     prompt("  Could not open browser. Visit the URL manually.");
   }
   prompt("  Waiting for authorization... (press Ctrl+C to cancel)\n");
-  const deadline = Date.now() + expiresIn * 1e3 + POLL_TIMEOUT_BUFFER_MS;
-  let pollInterval = (interval ?? 5) * 1e3;
-  const maxAttempts = options.maxPollAttempts ?? Infinity;
-  let attempts = 0;
-  while (Date.now() < deadline && attempts < maxAttempts) {
-    attempts++;
-    await new Promise((r2) => setTimeout(r2, pollInterval));
-    const tokenResponse = await f2(`${appUrl}/api/auth/device/token`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ deviceCode, hostname: hostname3() })
-    });
-    const data = await tokenResponse.json();
-    if (tokenResponse.ok && data.token) {
-      writeConfig({ token: data.token, email: data.email, appUrl });
-      const configPath = getConfigPath();
-      return { success: true, email: data.email, configPath };
-    }
-    if (data.error === "authorization_pending") continue;
-    if (data.error === "slow_down") {
-      pollInterval += 5e3;
-      continue;
+  const timeoutMs = expiresIn * 1e3 + POLL_TIMEOUT_BUFFER_MS;
+  const intervalMs = (interval ?? 5) * 1e3;
+  if (options.maxPollAttempts !== void 0) {
+    const appUrl = urlOption || resolveAppUrl();
+    const f2 = fetchOption;
+    let pollInterval = intervalMs;
+    let attempts = 0;
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline && attempts < options.maxPollAttempts) {
+      attempts++;
+      await new Promise((r2) => setTimeout(r2, pollInterval));
+      const remaining = Math.max(1, deadline - Date.now());
+      const controller = new AbortController();
+      const timeoutHandle = setTimeout(() => controller.abort(), remaining);
+      let tokenResponse;
+      try {
+        tokenResponse = await f2(`${appUrl}/api/auth/device/token`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ deviceCode, hostname: hostname3() }),
+          signal: controller.signal
+        });
+      } catch (err) {
+        clearTimeout(timeoutHandle);
+        if (err instanceof Error && err.name === "AbortError") {
+          break;
+        }
+        throw err;
+      } finally {
+        clearTimeout(timeoutHandle);
+      }
+      const data = await safeJsonParse(tokenResponse);
+      if (data === MALFORMED) {
+        return {
+          success: false,
+          error: "Server returned malformed response"
+        };
+      }
+      if (tokenResponse.ok) {
+        const token = data.token;
+        const email3 = data.email;
+        if (typeof token === "string" && token.length > 0) {
+          if (typeof email3 !== "string" || email3.length === 0) {
+            return {
+              success: false,
+              error: "Server returned malformed response (missing email)"
+            };
+          }
+          writeConfig({ token, email: email3, appUrl });
+          const configPath = getConfigPath();
+          return { success: true, email: email3, configPath };
+        }
+        if (token !== void 0) {
+          return {
+            success: false,
+            error: "Server returned malformed response (invalid token type)"
+          };
+        }
+        continue;
+      }
+      if (data.error === "authorization_pending") continue;
+      if (data.error === "slow_down") {
+        pollInterval += 5e3;
+        continue;
+      }
+      const errField = data.error;
+      const errorMsg = typeof errField === "string" ? errField : "Authorization failed";
+      return { success: false, error: errorMsg };
     }
-    return { success: false, error: data.error || "Authorization failed" };
+    return {
+      success: false,
+      error: "Authorization timed out. Please try again."
+    };
+  }
+  const pollResult = await pollForToken(deviceCode, {
+    url: urlOption,
+    fetch: fetchOption,
+    timeoutMs,
+    intervalMs
+  });
+  if (pollResult.success) {
+    return {
+      success: true,
+      email: pollResult.email,
+      configPath: pollResult.configPath
+    };
+  }
+  if (pollResult.status === "error") {
+    return { success: false, error: pollResult.error };
   }
   return {
     success: false,
@@ -21744,97 +22060,8 @@ async function whoamiCommand(options) {
   }
 }
-// src/commands/projects/index.ts
-init_api_client();
-init_api_error();
-init_auth();
-init_output();
-async function listProjects() {
-  const client = createApiClient();
-  const { data, error: error48 } = await client.GET("/api/projects");
-  if (error48) throw new Error(error48.error?.message || "Failed to list projects");
-  return data;
-}
-async function getProject(options = {}) {
-  const id = options.projectId ?? requireProjectId();
-  const client = createApiClient();
-  const { data, error: error48 } = await client.GET("/api/projects/{projectId}", {
-    params: { path: { projectId: id } }
-  });
-  if (error48) throw new Error(error48.error?.message || "Failed to get project");
-  return data;
-}
-async function createProject(options) {
-  const client = createApiClient();
-  const { data, error: error48 } = await client.POST("/api/projects", {
-    body: { name: options.name }
-  });
-  if (error48)
-    throw new Error(error48.error?.message || "Failed to create project");
-  return data;
-}
-async function updateProject(options) {
-  const id = options.projectId ?? requireProjectId();
-  const client = createApiClient();
-  const { data, error: error48 } = await client.PATCH("/api/projects/{projectId}", {
-    params: { path: { projectId: id } },
-    body: { name: options.name }
-  });
-  if (error48)
-    throw new Error(error48.error?.message || "Failed to update project");
-  return data;
-}
-async function deleteProject(options = {}) {
-  const id = options.projectId ?? requireProjectId();
-  const client = createApiClient();
-  const { data, error: error48 } = await client.DELETE("/api/projects/{projectId}", {
-    params: { path: { projectId: id } }
-  });
-  if (error48)
-    throw new Error(error48.error?.message || "Failed to delete project");
-  return data ?? { success: true };
-}
-async function handleResult(fn2, options) {
-  try {
-    const result = await fn2();
-    await writeResult(JSON.stringify(result, null, 2), options);
-  } catch (error48) {
-    handleCliError(error48);
-  }
-}
-async function listProjectsCommand(options) {
-  await handleResult(() => listProjects(), options);
-}
-async function getProjectCommand(projectId, options) {
-  await handleResult(
-    () => getProject({ projectId: projectId ?? options.project }),
-    options
-  );
-}
-async function createProjectCommand(name, options) {
-  await handleResult(() => createProject({ name }), options);
-}
-async function updateProjectCommand(projectId, options) {
-  const name = options.name;
-  if (!name) {
-    throw new Error("Missing required option: --name <name>");
-  }
-  await handleResult(
-    () => updateProject({
-      projectId: projectId ?? options.project,
-      name
-    }),
-    options
-  );
-}
-async function deleteProjectCommand(projectId, options) {
-  await handleResult(
-    () => deleteProject({ projectId: projectId ?? options.project }),
-    options
-  );
-}
 // src/cli.ts
+init_projects();
 init_flows();
 // src/commands/deploy/index.ts