@wayai/cli 0.3.44 → 0.3.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +51 -7
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -15,6 +15,34 @@ var __export = (target, all) => {
|
|
|
15
15
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
16
16
|
};
|
|
17
17
|
|
|
18
|
+
// src/lib/redact.ts
|
|
19
|
+
function redactSecrets(text) {
|
|
20
|
+
let out = text;
|
|
21
|
+
for (const [pattern, replacement] of PATTERNS) {
|
|
22
|
+
out = out.replace(pattern, replacement);
|
|
23
|
+
}
|
|
24
|
+
return out;
|
|
25
|
+
}
|
|
26
|
+
var PATTERNS;
|
|
27
|
+
var init_redact = __esm({
|
|
28
|
+
"src/lib/redact.ts"() {
|
|
29
|
+
"use strict";
|
|
30
|
+
PATTERNS = [
|
|
31
|
+
// JWTs (header.payload.signature) — WorkOS access/refresh tokens, OAuth JWTs.
|
|
32
|
+
// Run first so a `Bearer <jwt>` collapses to the JWT placeholder.
|
|
33
|
+
[/eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, "[REDACTED_JWT]"],
|
|
34
|
+
// way_ scoped API tokens (keyring/CI credentials). Leading \b avoids
|
|
35
|
+
// over-redacting benign substrings (e.g. `gateway_config`); the charset is
|
|
36
|
+
// base64url (no `.`) so a trailing sentence period stays outside the match.
|
|
37
|
+
[/\bway_[A-Za-z0-9_-]{8,}/g, "way_[REDACTED]"],
|
|
38
|
+
// wst_ single-use WebSocket tickets (same opaque base64url format).
|
|
39
|
+
[/\bwst_[A-Za-z0-9_-]{8,}/g, "wst_[REDACTED]"],
|
|
40
|
+
// Authorization: Bearer <opaque token> (anything not already masked above).
|
|
41
|
+
[/(Bearer\s+)[A-Za-z0-9._~+/=-]{8,}/gi, "$1[REDACTED]"]
|
|
42
|
+
];
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
|
|
18
46
|
// src/lib/sentry.ts
|
|
19
47
|
import * as Sentry from "@sentry/node";
|
|
20
48
|
import { readFileSync } from "fs";
|
|
@@ -51,15 +79,26 @@ function initSentry(command2) {
|
|
|
51
79
|
defaultIntegrations: false,
|
|
52
80
|
beforeSend(event) {
|
|
53
81
|
const home = homedir();
|
|
54
|
-
if (
|
|
82
|
+
if (event.exception?.values) {
|
|
55
83
|
for (const value of event.exception.values) {
|
|
56
|
-
if (value.stacktrace?.frames) {
|
|
84
|
+
if (home && value.stacktrace?.frames) {
|
|
57
85
|
for (const frame of value.stacktrace.frames) {
|
|
58
86
|
if (frame.filename && frame.filename.includes(home)) {
|
|
59
87
|
frame.filename = frame.filename.replace(home, "~");
|
|
60
88
|
}
|
|
61
89
|
}
|
|
62
90
|
}
|
|
91
|
+
if (value.value) value.value = redactSecrets(value.value);
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
if (event.breadcrumbs) {
|
|
95
|
+
for (const crumb of event.breadcrumbs) {
|
|
96
|
+
if (crumb.message) crumb.message = redactSecrets(crumb.message);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
if (event.extra) {
|
|
100
|
+
for (const [key, val] of Object.entries(event.extra)) {
|
|
101
|
+
if (typeof val === "string") event.extra[key] = redactSecrets(val);
|
|
63
102
|
}
|
|
64
103
|
}
|
|
65
104
|
return event;
|
|
@@ -127,6 +166,7 @@ var HARDCODED_DSN, initialized;
|
|
|
127
166
|
var init_sentry = __esm({
|
|
128
167
|
"src/lib/sentry.ts"() {
|
|
129
168
|
"use strict";
|
|
169
|
+
init_redact();
|
|
130
170
|
HARDCODED_DSN = "https://ffe500121277babcabf32e5868f00f9e@o4510669417807872.ingest.us.sentry.io/4510960145465344";
|
|
131
171
|
initialized = false;
|
|
132
172
|
}
|
|
@@ -138,14 +178,16 @@ var init_api_client = __esm({
|
|
|
138
178
|
"src/lib/api-client.ts"() {
|
|
139
179
|
"use strict";
|
|
140
180
|
init_sentry();
|
|
181
|
+
init_redact();
|
|
141
182
|
ApiError = class extends Error {
|
|
142
183
|
status;
|
|
143
184
|
body;
|
|
144
185
|
constructor(method, path19, status, body) {
|
|
145
|
-
|
|
186
|
+
const safeBody = redactSecrets(body);
|
|
187
|
+
super(`API request failed: ${method} ${path19} (${status}): ${safeBody}`);
|
|
146
188
|
this.name = "ApiError";
|
|
147
189
|
this.status = status;
|
|
148
|
-
this.body =
|
|
190
|
+
this.body = safeBody;
|
|
149
191
|
}
|
|
150
192
|
/** True when the status code is a 4xx client error (expected user-facing condition, not a bug). */
|
|
151
193
|
get isExpected() {
|
|
@@ -8230,7 +8272,7 @@ async function exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier
|
|
|
8230
8272
|
});
|
|
8231
8273
|
if (!response.ok) {
|
|
8232
8274
|
const body = await response.text();
|
|
8233
|
-
throw new Error(`Token exchange failed (${response.status}): ${body}`);
|
|
8275
|
+
throw new Error(`Token exchange failed (${response.status}): ${redactSecrets(body)}`);
|
|
8234
8276
|
}
|
|
8235
8277
|
return response.json();
|
|
8236
8278
|
}
|
|
@@ -8256,7 +8298,7 @@ async function refreshAccessToken(authkitDomain, clientId, refreshToken) {
|
|
|
8256
8298
|
}
|
|
8257
8299
|
if (isInvalidGrant) throw new Error("SESSION_EXPIRED");
|
|
8258
8300
|
}
|
|
8259
|
-
throw new Error(`Token refresh failed (${status}): ${body}`);
|
|
8301
|
+
throw new Error(`Token refresh failed (${status}): ${redactSecrets(body)}`);
|
|
8260
8302
|
}
|
|
8261
8303
|
return response.json();
|
|
8262
8304
|
}
|
|
@@ -8388,6 +8430,7 @@ var init_auth = __esm({
|
|
|
8388
8430
|
init_config();
|
|
8389
8431
|
init_token_store();
|
|
8390
8432
|
init_sentry();
|
|
8433
|
+
init_redact();
|
|
8391
8434
|
OAUTH_CALLBACK_PORT = 3829;
|
|
8392
8435
|
AUTHKIT_DOMAIN = "https://sprightly-comic-51.authkit.app";
|
|
8393
8436
|
AUTHKIT_CLIENT_ID = "client_01KMZHB50KENM5SV90ZA80VXK4";
|
|
@@ -16691,6 +16734,7 @@ function friendlyHint(err) {
|
|
|
16691
16734
|
}
|
|
16692
16735
|
|
|
16693
16736
|
// src/index.ts
|
|
16737
|
+
init_redact();
|
|
16694
16738
|
init_utils();
|
|
16695
16739
|
|
|
16696
16740
|
// src/lib/version-refresh.ts
|
|
@@ -17072,7 +17116,7 @@ async function runForeground() {
|
|
|
17072
17116
|
captureException2(err);
|
|
17073
17117
|
}
|
|
17074
17118
|
await closeSentry();
|
|
17075
|
-
console.error(err instanceof Error ? err.message : String(err));
|
|
17119
|
+
console.error(redactSecrets(err instanceof Error ? err.message : String(err)));
|
|
17076
17120
|
const hint = friendlyHint(err);
|
|
17077
17121
|
if (hint) console.error(hint);
|
|
17078
17122
|
process.exit(1);
|