@wilm-ai/wilma-cli 1.1.0 → 1.3.0

package/README.md

@@ -26,7 +26,19 @@ Combines today's and tomorrow's schedule, upcoming exams, recent homework, news,
 
 ### Schedule
 ```bash
-wilma schedule list [--when today|tomorrow|week] [--student <id|name>] [--all-students] [--json]
+wilma schedule list [--when today|tomorrow|week] [--date YYYY-MM-DD] [--weekday mon|tue|wed|thu|fri|sat|sun] [--student <id|name>] [--all-students] [--json]
+```
+
+Examples:
+```bash
+# Specific day by date
+wilma schedule list --date 2026-02-25 --student "Stella" --json
+
+# Next Thursday (also accepts Finnish short forms like to/ke/pe)
+wilma schedule list --weekday thu --student "Stella" --json
+
+# Tomorrow
+wilma schedule list --when tomorrow --student "Stella" --json
 ```
 
 ### Homework

package/dist/index.js

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
 import { emitKeypressEvents } from "node:readline";
 import { select, input, password } from "@inquirer/prompts";
+import { createHmac } from "node:crypto";
 import { readFile, writeFile, mkdir } from "node:fs/promises";
 import { spawn } from "node:child_process";
 import { dirname, resolve } from "node:path";
-import { WilmaClient, listTenants, } from "@wilm-ai/wilma-client";
+import { WilmaClient, MfaRequiredError, listTenants, } from "@wilm-ai/wilma-client";
 import { clearConfig, getConfigPath, loadConfig, obfuscateSecret, revealSecret, saveConfig, } from "./config.js";
 // Enable keypress events for escape key detection
 if (process.stdin.isTTY) {
@@ -142,7 +143,8 @@ async function runInteractive(config) {
         if (!profile) {
             return;
         }
-        const client = await WilmaClient.login(profile);
+        const interactiveMfa = createInteractiveMfaCallback();
+        const client = await WilmaClient.login(profile, interactiveMfa);
         let nextAction = await selectOrCancel({
             message: "What do you want to view?",
             pageSize: 15,
@@ -377,7 +379,8 @@ async function handleCommand(args, config) {
     const profile = await getProfileForCommandNonInteractive(config, flags);
     if (!profile)
         return;
-    const client = await WilmaClient.login(profile);
+    const mfaCallback = createNonInteractiveMfaCallback(flags.totpSecret);
+    const client = await WilmaClient.login(profile, mfaCallback);
     if (command === "kids") {
         const students = await getStudentsForCommand(profile, config);
         if (flags.json) {
@@ -409,12 +412,12 @@ async function handleCommand(args, config) {
             const perStudentClient = await WilmaClient.login({
                 ...profile,
                 studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-            });
+            }, mfaCallback);
             await outputNewsItem(perStudentClient, newsId, flags.json);
             return;
         }
         if (flags.allStudents) {
-            await outputAllNews(profile, config, flags.limit ?? 20, flags.json);
+            await outputAllNews(profile, config, flags.limit ?? 20, flags.json, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -425,7 +428,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputNews(perStudentClient, {
             limit: flags.limit ?? 20,
             json: flags.json,
@@ -452,7 +455,7 @@ async function handleCommand(args, config) {
             const perStudentClient = await WilmaClient.login({
                 ...profile,
                 studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-            });
+            }, mfaCallback);
             await outputMessageItem(perStudentClient, messageId, flags.json);
             return;
         }
@@ -461,7 +464,7 @@ async function handleCommand(args, config) {
                 folder: flags.folder ?? "inbox",
                 limit: flags.limit ?? 20,
                 json: flags.json,
-            });
+            }, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -472,7 +475,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputMessages(perStudentClient, {
             folder: flags.folder ?? "inbox",
             limit: flags.limit ?? 20,
@@ -483,7 +486,7 @@ async function handleCommand(args, config) {
     }
     if (command === "exams") {
         if (flags.allStudents) {
-            await outputAllExams(profile, config, flags.limit ?? 20, flags.json);
+            await outputAllExams(profile, config, flags.limit ?? 20, flags.json, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -494,7 +497,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputUpcomingExams(perStudentClient, {
             limit: flags.limit ?? 20,
             json: flags.json,
@@ -504,7 +507,7 @@ async function handleCommand(args, config) {
     }
     if (command === "schedule") {
         if (flags.allStudents) {
-            await outputAllOverviewCommand(profile, config, "schedule", flags);
+            await outputAllOverviewCommand(profile, config, "schedule", flags, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -515,9 +518,11 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputSchedule(perStudentClient, {
             when: flags.when ?? "week",
+            date: flags.date,
+            weekday: flags.weekday,
             json: flags.json,
             label: studentInfo?.name ?? undefined,
         });
@@ -525,7 +530,7 @@ async function handleCommand(args, config) {
     }
     if (command === "homework") {
         if (flags.allStudents) {
-            await outputAllOverviewCommand(profile, config, "homework", flags);
+            await outputAllOverviewCommand(profile, config, "homework", flags, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -536,7 +541,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputHomework(perStudentClient, {
             limit: flags.limit ?? 10,
             json: flags.json,
@@ -546,7 +551,7 @@ async function handleCommand(args, config) {
     }
     if (command === "grades") {
         if (flags.allStudents) {
-            await outputAllOverviewCommand(profile, config, "grades", flags);
+            await outputAllOverviewCommand(profile, config, "grades", flags, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -557,7 +562,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputGrades(perStudentClient, {
             limit: flags.limit ?? 20,
             json: flags.json,
@@ -567,7 +572,7 @@ async function handleCommand(args, config) {
     }
     if (command === "summary") {
         if (flags.allStudents) {
-            await outputAllOverviewCommand(profile, config, "summary", flags);
+            await outputAllOverviewCommand(profile, config, "summary", flags, mfaCallback);
             return;
         }
         const studentInfo = await resolveStudentForFlags(profile, config, flags.student);
@@ -578,7 +583,7 @@ async function handleCommand(args, config) {
         const perStudentClient = await WilmaClient.login({
             ...profile,
             studentNumber: studentInfo?.studentNumber ?? profile.studentNumber,
-        });
+        }, mfaCallback);
         await outputSummary(perStudentClient, {
             days: flags.days ?? 7,
             json: flags.json,
@@ -591,7 +596,7 @@ async function handleCommand(args, config) {
 function printUsage() {
     console.log("Usage:");
     console.log("  wilma summary [--days 7] [--student <id|name>] [--all-students] [--json]");
-    console.log("  wilma schedule list [--when today|tomorrow|week] [--student <id|name>] [--all-students] [--json]");
+    console.log("  wilma schedule list [--when today|tomorrow|week] [--date YYYY-MM-DD] [--weekday mon|tue|wed|thu|fri|sat|sun] [--student <id|name>] [--all-students] [--json]");
     console.log("  wilma homework list [--limit 10] [--student <id|name>] [--all-students] [--json]");
     console.log("  wilma exams list [--limit 20] [--student <id|name>] [--all-students] [--json]");
     console.log("  wilma grades list [--limit 20] [--student <id|name>] [--all-students] [--json]");
@@ -604,6 +609,8 @@ function printUsage() {
     console.log("  wilma config clear");
     console.log("  wilma --help | -h");
     console.log("  wilma --version | -v");
+    console.log("");
+    console.log("MFA: --totp-secret <base32-key|otpauth://...>");
 }
 async function getProfileForCommandNonInteractive(config, flags) {
     if (!config.lastProfileId) {
@@ -683,6 +690,21 @@ function parseArgs(args) {
             i += 2;
             continue;
         }
+        if (arg === "--date") {
+            flags.date = rest[i + 1];
+            i += 2;
+            continue;
+        }
+        if (arg === "--weekday") {
+            flags.weekday = rest[i + 1];
+            i += 2;
+            continue;
+        }
+        if (arg === "--totp-secret") {
+            flags.totpSecret = rest[i + 1];
+            i += 2;
+            continue;
+        }
         if (!flags.id && !arg.startsWith("--")) {
             flags.id = arg;
             i += 1;
@@ -704,6 +726,71 @@ function parseReadId(raw, entity) {
     }
     return id;
 }
+function parseIsoDateOrExit(raw) {
+    const value = (raw ?? "").trim();
+    // Accept YYYY-MM-DD only.
+    if (!/^\d{4}-\d{2}-\d{2}$/.test(value)) {
+        console.error(`Invalid date "${raw}". Expected YYYY-MM-DD.`);
+        process.exit(1);
+    }
+    // Validate date is real.
+    const d = new Date(value + "T12:00:00Z");
+    if (Number.isNaN(d.getTime())) {
+        console.error(`Invalid date "${raw}". Expected a real calendar date.`);
+        process.exit(1);
+    }
+    const iso = d.toISOString().slice(0, 10);
+    if (iso !== value) {
+        console.error(`Invalid date "${raw}". Expected a real calendar date.`);
+        process.exit(1);
+    }
+    return value;
+}
+function normalizeWeekdayOrExit(raw) {
+    const v = (raw ?? "").trim().toLowerCase();
+    const map = {
+        sun: 0,
+        su: 0,
+        sunday: 0,
+        mon: 1,
+        ma: 1,
+        monday: 1,
+        tue: 2,
+        ti: 2,
+        tuesday: 2,
+        wed: 3,
+        ke: 3,
+        wednesday: 3,
+        thu: 4,
+        to: 4,
+        thursday: 4,
+        fri: 5,
+        pe: 5,
+        friday: 5,
+        sat: 6,
+        la: 6,
+        saturday: 6,
+    };
+    const day = map[v];
+    if (day === undefined) {
+        console.error(`Invalid weekday "${raw}". Use mon|tue|wed|thu|fri|sat|sun (also accepts fi: ma|ti|ke|to|pe|la|su).`);
+        process.exit(1);
+    }
+    return day;
+}
+function nextDateForWeekday(rawWeekday) {
+    const target = normalizeWeekdayOrExit(rawWeekday);
+    const now = new Date();
+    // Use local time.
+    const today = new Date(now.getFullYear(), now.getMonth(), now.getDate(), 12, 0, 0);
+    const current = today.getDay();
+    let delta = (target - current + 7) % 7;
+    // If you ask for e.g. "thu" on a Saturday, you'll get next Thursday.
+    // If you ask for today's weekday, you'll get today.
+    const d = new Date(today);
+    d.setDate(d.getDate() + delta);
+    return `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
+}
 async function readPackageVersion() {
     const pkgPath = resolve(dirname(new URL(import.meta.url).pathname), "..", "package.json");
     const raw = await readFile(pkgPath, "utf-8");
@@ -894,7 +981,19 @@ async function outputSchedule(client, opts) {
     const when = opts.when || "week";
     let startDate;
     let endDate;
-    if (when === "today") {
+    if (opts.date && opts.weekday) {
+        console.error("Use either --date or --weekday, not both.");
+        process.exit(1);
+    }
+    if (opts.date) {
+        const parsed = parseIsoDateOrExit(opts.date);
+        startDate = endDate = parsed;
+    }
+    else if (opts.weekday) {
+        const parsed = nextDateForWeekday(opts.weekday);
+        startDate = endDate = parsed;
+    }
+    else if (when === "today") {
         startDate = endDate = todayString();
     }
     else if (when === "tomorrow") {
@@ -905,14 +1004,17 @@ async function outputSchedule(client, opts) {
     }
     const lessons = overview.schedule.filter((l) => l.date >= startDate && l.date <= endDate);
     if (opts.json) {
-        const result = when === "week"
+        const result = !opts.date && !opts.weekday && when === "week"
             ? { when, weekStart: startDate, weekEnd: endDate, lessons }
-            : { when, date: startDate, lessons };
+            : { when: opts.date ? "date" : (opts.weekday ? "weekday" : when), date: startDate, lessons };
         console.log(JSON.stringify(result, null, 2));
         return;
     }
     const prefix = opts.label ? `[${opts.label}] ` : "";
-    if (when === "today") {
+    if (opts.date || opts.weekday) {
+        console.log(`\n${prefix}Schedule for ${startDate}`);
+    }
+    else if (when === "today") {
         console.log(`\n${prefix}Schedule for today (${startDate})`);
     }
     else if (when === "tomorrow") {
@@ -1177,6 +1279,68 @@ async function selectOrCancel(opts, clearScreen = true) {
         process.stdin.removeListener("keypress", onKeypress);
     }
 }
+function createInteractiveMfaCallback() {
+    return async (_formkey) => {
+        const code = await input({ message: "Enter MFA code from authenticator app" });
+        if (!code) {
+            throw new Error("MFA cancelled");
+        }
+        return code.trim();
+    };
+}
+function createNonInteractiveMfaCallback(totpSecret) {
+    if (!totpSecret)
+        return undefined;
+    const secret = parseTotpSecret(totpSecret);
+    return async (_formkey) => {
+        const code = generateTOTP(secret);
+        return code;
+    };
+}
+function parseTotpSecret(raw) {
+    // Accept either a bare base32 key or an otpauth:// URI
+    if (raw.startsWith("otpauth://")) {
+        const url = new URL(raw);
+        const secret = url.searchParams.get("secret");
+        if (!secret) {
+            console.error("No 'secret' parameter found in otpauth:// URI.");
+            process.exit(1);
+        }
+        return secret;
+    }
+    return raw.replace(/[\s-]/g, "");
+}
+function generateTOTP(secret) {
+    // TOTP: RFC 6238 — HMAC-SHA1 based, 6-digit, 30-second period
+    const base32Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    // Decode base32 secret
+    const cleanSecret = secret.replace(/[\s=-]+/g, "").toUpperCase();
+    let bits = "";
+    for (const c of cleanSecret) {
+        const val = base32Chars.indexOf(c);
+        if (val === -1)
+            throw new Error(`Invalid base32 character: ${c}`);
+        bits += val.toString(2).padStart(5, "0");
+    }
+    const bytes = new Uint8Array(Math.floor(bits.length / 8));
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(bits.slice(i * 8, i * 8 + 8), 2);
+    }
+    const epoch = Math.floor(Date.now() / 1000);
+    const counter = Math.floor(epoch / 30);
+    const counterBuf = Buffer.alloc(8);
+    counterBuf.writeUInt32BE(Math.floor(counter / 0x100000000), 0);
+    counterBuf.writeUInt32BE(counter >>> 0, 4);
+    const hmac = createHmac("sha1", Buffer.from(bytes));
+    hmac.update(counterBuf);
+    const hash = hmac.digest();
+    const offset = hash[hash.length - 1] & 0x0f;
+    const code = ((hash[offset] & 0x7f) << 24) |
+        ((hash[offset + 1] & 0xff) << 16) |
+        ((hash[offset + 2] & 0xff) << 8) |
+        (hash[offset + 3] & 0xff);
+    return (code % 1000000).toString().padStart(6, "0");
+}
 async function inputOrCancel(opts) {
     console.clear();
     const prompt = input(opts, { clearPromptOnDone: true });
@@ -1292,11 +1456,11 @@ async function resolveStudentForFlags(profile, config, student) {
     const students = await getStudentsForCommand(profile, config);
     return students[0] ?? null;
 }
-async function outputAllNews(profile, config, limit, json) {
+async function outputAllNews(profile, config, limit, json, onMfa) {
     const students = await getStudentsForCommand(profile, config);
     const results = [];
     for (const student of students) {
-        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
         const news = await client.news.list();
         results.push({ student, items: news.slice(0, limit) });
     }
@@ -1312,11 +1476,11 @@ async function outputAllNews(profile, config, limit, json) {
         });
     });
 }
-async function outputAllMessages(profile, config, opts) {
+async function outputAllMessages(profile, config, opts, onMfa) {
     const students = await getStudentsForCommand(profile, config);
     const results = [];
     for (const student of students) {
-        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
         const messages = await client.messages.list(opts.folder);
         results.push({ student, items: messages.slice(0, opts.limit) });
     }
@@ -1332,11 +1496,11 @@ async function outputAllMessages(profile, config, opts) {
         });
     });
 }
-async function outputAllExams(profile, config, limit, json) {
+async function outputAllExams(profile, config, limit, json, onMfa) {
     const students = await getStudentsForCommand(profile, config);
     const results = [];
     for (const student of students) {
-        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
         const overview = await client.overview.get();
         results.push({ student, items: overview.upcomingExams.slice(0, limit) });
     }
@@ -1352,13 +1516,13 @@ async function outputAllExams(profile, config, limit, json) {
         });
     });
 }
-async function outputAllOverviewCommand(profile, config, command, flags) {
+async function outputAllOverviewCommand(profile, config, command, flags, onMfa) {
     const students = await getStudentsForCommand(profile, config);
     if (command === "summary") {
         if (flags.json) {
             const summaries = [];
             for (const student of students) {
-                const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+                const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
                 const [overview, news, messages] = await Promise.all([
                     client.overview.get(),
                     client.news.list(),
@@ -1377,7 +1541,7 @@ async function outputAllOverviewCommand(profile, config, command, flags) {
         }
         // Human-readable summary output per student
         for (const student of students) {
-            const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+            const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
             await outputSummary(client, {
                 days: flags.days ?? 7,
                 json: false,
@@ -1388,7 +1552,7 @@ async function outputAllOverviewCommand(profile, config, command, flags) {
     }
     const results = [];
     for (const student of students) {
-        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber });
+        const client = await WilmaClient.login({ ...profile, studentNumber: student.studentNumber }, onMfa);
         const overview = await client.overview.get();
         if (command === "schedule") {
             const when = flags.when || "week";
@@ -1453,6 +1617,15 @@ main().catch((err) => {
     if (isPromptCancel(err)) {
         process.exit(0);
     }
+    if (err instanceof MfaRequiredError) {
+        console.error("MFA is enabled on this Wilma account.");
+        console.error("For non-interactive use, provide your TOTP secret:");
+        console.error("  --totp-secret <base32-key>");
+        console.error("  --totp-secret 'otpauth://totp/...'");
+        console.error("Tip: export the key from your authenticator app (base32 string or otpauth:// URI).");
+        console.error("For interactive use, run 'wilma' without arguments.");
+        process.exit(1);
+    }
     console.error("CLI error:", err instanceof Error ? err.message : err);
     process.exit(1);
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wilm-ai/wilma-cli",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -8,9 +8,17 @@
     "wilmai": "dist/index.js",
     "wilma": "dist/index.js"
   },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "echo 'add lint'",
+    "test": "echo 'add tests'",
+    "start": "node dist/index.js",
+    "prepack": "pnpm --filter @wilm-ai/wilma-client build && pnpm --filter @wilm-ai/wilma-cli build",
+    "test:live": "tsc -p tsconfig.json && node test/live.spec.mjs"
+  },
   "dependencies": {
     "@inquirer/prompts": "^5.3.8",
-    "@wilm-ai/wilma-client": "^1.1.0"
+    "@wilm-ai/wilma-client": "workspace:^"
   },
   "devDependencies": {
     "typescript": "^5.6.3"
@@ -21,12 +29,5 @@
   ],
   "publishConfig": {
     "access": "public"
-  },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "lint": "echo 'add lint'",
-    "test": "echo 'add tests'",
-    "start": "node dist/index.js",
-    "test:live": "tsc -p tsconfig.json && node test/live.spec.mjs"
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 Wilm.ai
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.