@webhookey/cli 0.0.0

package/bin/run.js

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+
+const oclif = require('@oclif/core')
+
+oclif.run().then(oclif.flush).catch(oclif.Errors.handle)

package/dist/commands/config.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class Config extends Command {
+    static description: string;
+    static args: {
+        action: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+        value: import("@oclif/core/lib/interfaces").Arg<string | undefined, Record<string, unknown>>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/config.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const config_1 = require("../lib/config");
+class Config extends core_1.Command {
+    static description = 'Configure the CLI';
+    static args = {
+        action: core_1.Args.string({
+            description: 'Action to perform',
+            options: ['set-url', 'get-url'],
+            required: true,
+        }),
+        value: core_1.Args.string({ description: 'Value for set-url' }),
+    };
+    async run() {
+        const { args } = await this.parse(Config);
+        if (args.action === 'set-url') {
+            if (!args.value) {
+                this.error('URL required for set-url');
+                return;
+            }
+            (0, config_1.setApiUrl)(args.value);
+            this.log(`API URL set to: ${args.value}`);
+        }
+        else if (args.action === 'get-url') {
+            this.log((0, config_1.getApiUrl)());
+        }
+    }
+}
+exports.default = Config;

package/dist/commands/listen.d.ts

@@ -0,0 +1,13 @@
+import { Command } from '@oclif/core';
+export default class Listen extends Command {
+    static description: string;
+    static args: {
+        name: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static flags: {
+        parallel: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        'allow-unverified': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    static strict: boolean;
+    run(): Promise<void>;
+}

package/dist/commands/listen.js

@@ -0,0 +1,204 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const child_process_1 = require("child_process");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+class Listen extends core_1.Command {
+    static description = 'Listen for webhooks on a channel and execute commands';
+    static args = {
+        name: core_1.Args.string({ description: 'Channel name', required: true }),
+    };
+    static flags = {
+        parallel: core_1.Flags.boolean({ description: 'Allow parallel command execution' }),
+        'allow-unverified': core_1.Flags.boolean({ description: 'Execute commands even for unverified webhooks' }),
+    };
+    static strict = false;
+    async run() {
+        const { args, flags } = await this.parse(Listen);
+        const commandStart = process.argv.indexOf('--');
+        const command = commandStart >= 0 ? process.argv.slice(commandStart + 1) : [];
+        if (command.length === 0) {
+            this.error('No command specified. Usage: webhookey listen <name> -- <command>');
+            return;
+        }
+        // Find channel by name
+        const channels = await api_1.api.getChannels();
+        const channel = channels.find((c) => c.name === args.name);
+        if (!channel) {
+            this.error(`Channel "${args.name}" not found`);
+            return;
+        }
+        const apiUrl = (0, config_1.getApiUrl)();
+        let accessToken = await (0, config_1.getAccessToken)();
+        if (!accessToken) {
+            this.error('Not logged in. Run "webhookey login" first.');
+            return;
+        }
+        this.log(`Listening on channel "${args.name}"...`);
+        this.log(`Executing: ${command.join(' ')}`);
+        // Dynamically import eventsource
+        const { default: EventSource } = await Promise.resolve().then(() => __importStar(require('eventsource')));
+        let eventSource;
+        const queue = [];
+        let currentProcess = null;
+        const maxQueueDepth = 10;
+        let reconnectAttempts = 0;
+        const maxReconnectAttempts = 10;
+        const baseReconnectDelay = 1000;
+        let generation = 0; // incremented on each new connection; stale handlers check this
+        let isRefreshing = false; // prevents concurrent token refresh calls
+        let reconnectTimer = null;
+        const connect = () => {
+            const myGeneration = ++generation;
+            // Cancel any pending reconnect scheduled by a previous generation
+            if (reconnectTimer !== null) {
+                clearTimeout(reconnectTimer);
+                reconnectTimer = null;
+            }
+            eventSource = new EventSource(`${apiUrl}/hooks/${channel.slug}/events`, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+            });
+            eventSource.onopen = () => {
+                if (myGeneration !== generation)
+                    return;
+                reconnectAttempts = 0;
+            };
+            eventSource.onmessage = (event) => {
+                if (myGeneration !== generation)
+                    return;
+                const data = JSON.parse(event.data);
+                if (data.type === 'heartbeat') {
+                    return;
+                }
+                if (!data.verified) {
+                    if (!flags['allow-unverified']) {
+                        this.warn('Received unverified webhook, skipping execution');
+                        return;
+                    }
+                }
+                if (queue.length >= maxQueueDepth) {
+                    this.warn('Queue full, dropping event');
+                    return;
+                }
+                queue.push(data.payload);
+                processQueue();
+            };
+            eventSource.onerror = async (err) => {
+                if (myGeneration !== generation)
+                    return;
+                const status = err?.status;
+                // Only attempt token refresh on 401
+                if (status === 401) {
+                    if (isRefreshing)
+                        return;
+                    isRefreshing = true;
+                    const refresh = await (0, config_1.getRefreshToken)();
+                    if (refresh) {
+                        try {
+                            const res = await fetch(`${apiUrl}/auth/refresh`, {
+                                method: 'POST',
+                                headers: { 'Content-Type': 'application/json' },
+                                body: JSON.stringify({ refreshToken: refresh }),
+                            });
+                            if (res.ok) {
+                                const tokens = await res.json();
+                                await (0, config_1.setAccessToken)(tokens.access_token);
+                                await (0, config_1.setRefreshToken)(tokens.refresh_token);
+                                accessToken = tokens.access_token;
+                                isRefreshing = false;
+                                eventSource?.close();
+                                reconnectAttempts = 0;
+                                connect();
+                                return;
+                            }
+                        }
+                        catch {
+                            // Refresh failed, fall through
+                        }
+                    }
+                    // Tokens remain in keyring — subsequent commands can still attempt refresh
+                    this.error('Session expired — run webhookey login');
+                    process.exit(1);
+                    return;
+                }
+                // Transient error (connection reset, server restart, network issue)
+                eventSource?.close();
+                if (reconnectAttempts >= maxReconnectAttempts) {
+                    this.error('Lost connection to server after multiple retries');
+                    process.exit(1);
+                    return;
+                }
+                const delay = Math.min(baseReconnectDelay * 2 ** reconnectAttempts, 60000);
+                reconnectAttempts++;
+                this.warn(`Connection lost, reconnecting in ${Math.round(delay / 1000)}s (attempt ${reconnectAttempts}/${maxReconnectAttempts})...`);
+                reconnectTimer = setTimeout(connect, delay);
+            };
+        };
+        const processQueue = () => {
+            if (queue.length === 0)
+                return;
+            if (currentProcess && !flags.parallel)
+                return;
+            const payload = queue.shift();
+            const payloadJson = JSON.stringify(payload);
+            currentProcess = (0, child_process_1.spawn)(command[0], command.slice(1), {
+                env: { ...process.env, WEBHOOKEY_PAYLOAD: payloadJson },
+                stdio: ['pipe', 'inherit', 'inherit'],
+            });
+            currentProcess.stdin?.write(payloadJson);
+            currentProcess.stdin?.end();
+            currentProcess.on('close', () => {
+                currentProcess = null;
+                processQueue();
+            });
+        };
+        connect();
+        // Handle SIGINT gracefully
+        process.on('SIGINT', () => {
+            if (reconnectTimer !== null)
+                clearTimeout(reconnectTimer);
+            eventSource?.close();
+            if (currentProcess) {
+                currentProcess.kill('SIGTERM');
+            }
+            process.exit(0);
+        });
+        // Keep process running
+        await new Promise(() => { });
+    }
+}
+exports.default = Listen;

package/dist/commands/login.d.ts

@@ -0,0 +1,5 @@
+import { Command } from '@oclif/core';
+export default class Login extends Command {
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/login.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+class Login extends core_1.Command {
+    static description = 'Authenticate via device flow';
+    async run() {
+        const deviceRes = await api_1.api.deviceCode();
+        this.log(`User code: ${deviceRes.user_code}`);
+        this.log(`Open ${deviceRes.verification_uri} to activate`);
+        this.log('Waiting for activation...');
+        let interval = deviceRes.interval * 1000;
+        while (true) {
+            await new Promise((r) => setTimeout(r, interval));
+            const tokenRes = await api_1.api.token(deviceRes.device_code);
+            if (tokenRes.error === 'slow_down') {
+                interval += 5000;
+                this.log('Server requested slow_down, increasing interval...');
+                continue;
+            }
+            if (tokenRes.error === 'authorization_pending') {
+                continue;
+            }
+            if (tokenRes.error) {
+                this.error(`Device flow failed: ${tokenRes.error}`);
+                return;
+            }
+            if (tokenRes.access_token && tokenRes.refresh_token) {
+                await (0, config_1.setAccessToken)(tokenRes.access_token);
+                await (0, config_1.setRefreshToken)(tokenRes.refresh_token);
+                this.log('Logged in successfully!');
+                return;
+            }
+        }
+    }
+}
+exports.default = Login;

package/dist/commands/logout.d.ts

@@ -0,0 +1,5 @@
+import { Command } from '@oclif/core';
+export default class Logout extends Command {
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/logout.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+class Logout extends core_1.Command {
+    static description = 'Log out and clear stored credentials';
+    async run() {
+        const refreshToken = await (0, config_1.getRefreshToken)();
+        if (refreshToken) {
+            try {
+                await api_1.api.logout(refreshToken);
+            }
+            catch (e) {
+                // Ignore errors - still clear local tokens
+            }
+        }
+        await (0, config_1.clearTokens)();
+        this.log('Logged out successfully');
+    }
+}
+exports.default = Logout;

package/dist/commands/ls.d.ts

@@ -0,0 +1,5 @@
+import { Command } from '@oclif/core';
+export default class List extends Command {
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/ls.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+class List extends core_1.Command {
+    static description = 'List your webhook channels';
+    async run() {
+        const channels = await api_1.api.getChannels();
+        if (channels.length === 0) {
+            this.log('No channels found. Run "webhookey new <name>" to create one.');
+            return;
+        }
+        this.log('Channels:');
+        for (const c of channels) {
+            this.log(`  ${c.name}`);
+            this.log(`    URL: ${c.webhookUrl}`);
+            this.log(`    Created: ${new Date(c.createdAt).toLocaleDateString()}`);
+        }
+    }
+}
+exports.default = List;

package/dist/commands/new.d.ts

@@ -0,0 +1,12 @@
+import { Command } from '@oclif/core';
+export default class New extends Command {
+    static description: string;
+    static args: {
+        name: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static flags: {
+        'no-secret': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        'retention-days': import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/new.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+class New extends core_1.Command {
+    static description = 'Create a new webhook channel';
+    static args = {
+        name: core_1.Args.string({ description: 'Channel name', required: true }),
+    };
+    static flags = {
+        'no-secret': core_1.Flags.boolean({ description: 'Create channel without HMAC secret' }),
+        'retention-days': core_1.Flags.integer({ description: 'Number of days to retain webhook events (1-365)' }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(New);
+        const channel = await api_1.api.createChannel(args.name, !flags['no-secret'], flags['retention-days']);
+        this.log(`Channel created: ${channel.name}`);
+        this.log(`Webhook URL: ${channel.webhookUrl}`);
+        if (channel.secret) {
+            this.log(`Secret: ${channel.secret}`);
+            this.log('⚠️  Save your secret — it won\'t be shown again!');
+        }
+        else {
+            this.log('ℹ️  Channel has no secret — all incoming webhooks will be treated as verified');
+        }
+    }
+}
+exports.default = New;

package/dist/commands/remove.d.ts

@@ -0,0 +1,8 @@
+import { Command } from '@oclif/core';
+export default class Remove extends Command {
+    static description: string;
+    static args: {
+        name: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/remove.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+const prompts_1 = require("@inquirer/prompts");
+class Remove extends core_1.Command {
+    static description = 'Remove a webhook channel and all its events';
+    static args = {
+        name: core_1.Args.string({ description: 'Channel name to remove', required: true }),
+    };
+    async run() {
+        const { args } = await this.parse(Remove);
+        // Find channel by name
+        const channels = await api_1.api.getChannels();
+        const channel = channels.find(c => c.name === args.name);
+        if (!channel) {
+            this.error(`Channel "${args.name}" not found`);
+            return;
+        }
+        // Confirm deletion
+        const confirmed = await (0, prompts_1.confirm)({
+            message: `Delete channel "${args.name}" and all its events?`,
+            default: false,
+        });
+        if (!confirmed) {
+            this.log('Deletion cancelled');
+            return;
+        }
+        // Delete the channel
+        await api_1.api.deleteChannel(channel.id);
+        this.log(`Channel "${args.name}" deleted successfully`);
+    }
+}
+exports.default = Remove;

package/dist/commands/whoami.d.ts

@@ -0,0 +1,5 @@
+import { Command } from '@oclif/core';
+export default class Whoami extends Command {
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/whoami.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const api_1 = require("../lib/api");
+class Whoami extends core_1.Command {
+    static description = 'Show current user information';
+    async run() {
+        const user = await api_1.api.me();
+        this.log(`Email: ${user.email}`);
+        this.log(`User ID: ${user.id}`);
+    }
+}
+exports.default = Whoami;

package/dist/lib/api.d.ts

@@ -0,0 +1,36 @@
+export declare const api: {
+    deviceCode: () => Promise<{
+        device_code: string;
+        user_code: string;
+        verification_uri: string;
+        interval: number;
+    }>;
+    token: (deviceCode: string) => Promise<{
+        error?: string;
+        access_token?: string;
+        refresh_token?: string;
+    }>;
+    logout: (refreshToken: string) => Promise<unknown>;
+    me: () => Promise<{
+        id: string;
+        email: string;
+        name: string;
+    }>;
+    getChannels: () => Promise<{
+        id: string;
+        slug: string;
+        name: string;
+        webhookUrl: string;
+        createdAt: string;
+    }[]>;
+    createChannel: (name: string, generateSecret?: boolean, retentionDays?: number) => Promise<{
+        id: string;
+        slug: string;
+        name: string;
+        webhookUrl: string;
+        secret?: string;
+    }>;
+    deleteChannel: (id: string) => Promise<{
+        success: boolean;
+    }>;
+};

package/dist/lib/api.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.api = void 0;
+const config_1 = require("./config");
+async function request(path, options = {}) {
+    const apiUrl = (0, config_1.getApiUrl)();
+    let token = await (0, config_1.getAccessToken)();
+    const doRequest = async (accessToken) => {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (options.headers) {
+            const otherHeaders = options.headers;
+            Object.assign(headers, otherHeaders);
+        }
+        if (accessToken) {
+            headers['Authorization'] = `Bearer ${accessToken}`;
+        }
+        return fetch(`${apiUrl}${path}`, {
+            ...options,
+            headers,
+        });
+    };
+    let res = await doRequest(token);
+    // Handle 401 - try refresh
+    if (res.status === 401) {
+        const refresh = await (0, config_1.getRefreshToken)();
+        if (refresh) {
+            const refreshRes = await fetch(`${apiUrl}/auth/refresh`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ refreshToken: refresh }),
+            });
+            if (refreshRes.ok) {
+                const tokens = await refreshRes.json();
+                await (0, config_1.setAccessToken)(tokens.access_token);
+                await (0, config_1.setRefreshToken)(tokens.refresh_token);
+                res = await doRequest(tokens.access_token);
+            }
+            else {
+                await (0, config_1.clearTokens)();
+                throw new Error('Session expired — run webhookey login');
+            }
+        }
+        else {
+            throw new Error('Session expired — run webhookey login');
+        }
+    }
+    if (!res.ok) {
+        const error = await res.json().catch(() => ({ message: 'Request failed' }));
+        throw new Error(error.error || error.message || 'Request failed');
+    }
+    return res.json();
+}
+exports.api = {
+    deviceCode: () => request('/auth/device', { method: 'POST' }),
+    token: (deviceCode) => request('/auth/token', {
+        method: 'POST',
+        body: JSON.stringify({ device_code: deviceCode }),
+    }),
+    logout: (refreshToken) => request('/auth/logout', {
+        method: 'POST',
+        body: JSON.stringify({ refreshToken }),
+    }),
+    me: () => request('/auth/me'),
+    getChannels: () => request('/channels'),
+    createChannel: (name, generateSecret = true, retentionDays) => request('/channels', {
+        method: 'POST',
+        body: JSON.stringify({ name, generateSecret, retentionDays }),
+    }),
+    deleteChannel: (id) => request(`/channels/${id}`, {
+        method: 'DELETE',
+    }),
+};

package/dist/lib/config.d.ts

@@ -0,0 +1,7 @@
+export declare function getApiUrl(): string;
+export declare function setApiUrl(url: string): void;
+export declare function getAccessToken(): Promise<string | null>;
+export declare function setAccessToken(token: string): Promise<void>;
+export declare function getRefreshToken(): Promise<string | null>;
+export declare function setRefreshToken(token: string): Promise<void>;
+export declare function clearTokens(): Promise<void>;

package/dist/lib/config.js

@@ -0,0 +1,137 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiUrl = getApiUrl;
+exports.setApiUrl = setApiUrl;
+exports.getAccessToken = getAccessToken;
+exports.setAccessToken = setAccessToken;
+exports.getRefreshToken = getRefreshToken;
+exports.setRefreshToken = setRefreshToken;
+exports.clearTokens = clearTokens;
+const keyring_1 = require("@napi-rs/keyring");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const SERVICE_NAME = 'webhookey';
+const configDir = path.join(os.homedir(), '.config', 'webhookey');
+const configPath = path.join(configDir, 'config.json');
+const defaultConfig = {
+    apiUrl: 'http://localhost:3000',
+};
+function loadConfig() {
+    try {
+        if (fs.existsSync(configPath)) {
+            const data = fs.readFileSync(configPath, 'utf-8');
+            return { ...defaultConfig, ...JSON.parse(data) };
+        }
+    }
+    catch {
+        // Ignore errors, use defaults
+    }
+    return { ...defaultConfig };
+}
+function saveConfig(config) {
+    try {
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true });
+        }
+        fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    }
+    catch (e) {
+        throw new Error(`Failed to save config: ${e}`);
+    }
+}
+let cachedConfig = null;
+function getConfig() {
+    if (!cachedConfig) {
+        cachedConfig = loadConfig();
+    }
+    return cachedConfig;
+}
+function getApiUrl() {
+    return process.env.WEBHOOKEY_API_URL || getConfig().apiUrl;
+}
+function setApiUrl(url) {
+    // Validate URL
+    try {
+        new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    const config = getConfig();
+    config.apiUrl = url;
+    saveConfig(config);
+}
+async function getAccessToken() {
+    const entry = new keyring_1.Entry(SERVICE_NAME, 'access_token');
+    try {
+        const password = await entry.getPassword();
+        return password || null;
+    }
+    catch {
+        return null;
+    }
+}
+async function setAccessToken(token) {
+    const entry = new keyring_1.Entry(SERVICE_NAME, 'access_token');
+    await entry.setPassword(token);
+}
+async function getRefreshToken() {
+    const entry = new keyring_1.Entry(SERVICE_NAME, 'refresh_token');
+    try {
+        const password = await entry.getPassword();
+        return password || null;
+    }
+    catch {
+        return null;
+    }
+}
+async function setRefreshToken(token) {
+    const entry = new keyring_1.Entry(SERVICE_NAME, 'refresh_token');
+    await entry.setPassword(token);
+}
+async function clearTokens() {
+    const accessEntry = new keyring_1.Entry(SERVICE_NAME, 'access_token');
+    const refreshEntry = new keyring_1.Entry(SERVICE_NAME, 'refresh_token');
+    try {
+        await accessEntry.deletePassword();
+    }
+    catch { }
+    try {
+        await refreshEntry.deletePassword();
+    }
+    catch { }
+}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@webhookey/cli",
+  "version": "0.0.0",
+  "description": "CLI for webhookey — self-hosted webhook proxy with SSE streaming",
+  "keywords": ["webhookey", "webhook", "proxy", "cli", "sse"],
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  },
+  "bin": {
+    "webhookey": "./bin/run.js"
+  },
+  "files": [
+    "bin",
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "lint": "eslint \"src/**/*.ts\"",
+    "test": "vitest run --passWithNoTests",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "yarn build"
+  },
+  "dependencies": {
+    "@inquirer/prompts": "^8.4.1",
+    "@napi-rs/keyring": "^1.0.0",
+    "@oclif/core": "^3.0.0",
+    "conf": "^12.0.0",
+    "eventsource": "^2.0.0"
+  },
+  "devDependencies": {
+    "@types/eventsource": "^1.0.0",
+    "@types/node": "^20.0.0",
+    "@webhookey/types": "*",
+    "typescript": "^5.0.0",
+    "vitest": "^1.0.0"
+  },
+  "oclif": {
+    "bin": "webhookey",
+    "dirname": "webhookey",
+    "commands": "./dist/commands",
+    "topicSeparator": " "
+  }
+}