npm - @wspc/cli - Versions diffs - 0.0.15 → 0.0.17 - Mend

@wspc/cli 0.0.15 → 0.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js CHANGED Viewed

@@ -1177,10 +1177,21 @@ var V1_CRED_KEYS = [
   "actor",
   "agent_label"
 ];
+var CONSISTENCY_BOOKMARK_SERVICES = ["auth", "todo", "calendar", "email", "push"];
+function normalizeConsistencyBookmarks(raw) {
+  if (typeof raw !== "object" || raw === null) return void 0;
+  const out = {};
+  const obj = raw;
+  for (const service of CONSISTENCY_BOOKMARK_SERVICES) {
+    if (typeof obj[service] === "string") out[service] = obj[service];
+  }
+  return Object.keys(out).length ? out : void 0;
+}
 function migrateEnv(raw) {
   const api_base = typeof raw.api_base === "string" ? raw.api_base : "";
   const env = { api_base, accounts: {} };
-  if (typeof raw.consistency_bookmark === "string") env.consistency_bookmark = raw.consistency_bookmark;
+  const consistency_bookmarks = normalizeConsistencyBookmarks(raw.consistency_bookmarks);
+  if (consistency_bookmarks) env.consistency_bookmarks = consistency_bookmarks;
   if (typeof raw.client_id === "string") env.client_id = raw.client_id;
   if (raw.accounts && typeof raw.accounts === "object") {
     env.accounts = raw.accounts;
@@ -1248,6 +1259,49 @@ var ConfigStore = class {
     }
     await fs.writeFile(this.configFile, JSON.stringify(config, null, 2) + "\n", { mode: 384 });
   }
+  /**
+   * Read-modify-write the config under a cross-process file lock. The mutator
+   * runs against a FRESH read taken inside the lock and edits it in place, so
+   * two writers (e.g. token refresh and the consistency-bookmark writeback)
+   * can't clobber each other from stale snapshots — the bug that revoked whole
+   * refresh-token families when several CLI sessions ran concurrently.
+   */
+  async update(mutate) {
+    await this.withLock(async () => {
+      const config = await this.read();
+      mutate(config);
+      await this.write(config);
+    });
+  }
+  async withLock(fn) {
+    await fs.mkdir(this.configDir, { recursive: true, mode: 448 });
+    const lockFile = this.configFile + ".lock";
+    const STALE_MS = 1e4;
+    const RETRY_MS = 25;
+    const MAX_WAIT_MS = 5e3;
+    let waited = 0;
+    for (; ; ) {
+      try {
+        const fh = await fs.open(lockFile, "wx");
+        await fh.close();
+        break;
+      } catch (e) {
+        if (e.code !== "EEXIST") throw e;
+        const age = await fs.stat(lockFile).then((s) => Date.now() - s.mtimeMs).catch(() => Infinity);
+        if (age > STALE_MS || waited >= MAX_WAIT_MS) {
+          await fs.rm(lockFile, { force: true });
+          continue;
+        }
+        await new Promise((r) => setTimeout(r, RETRY_MS));
+        waited += RETRY_MS;
+      }
+    }
+    try {
+      return await fn();
+    } finally {
+      await fs.rm(lockFile, { force: true });
+    }
+  }
   async currentEnv() {
     const c = await this.read();
     const name = c.current_env;
@@ -1259,8 +1313,22 @@ var ConfigStore = class {
 };
 // src/handwritten/auth/consistency-fetch.ts
-var HEADER = "x-consistency-bookmark";
 var INVALID_BOOKMARK = "INVALID_CONSISTENCY_BOOKMARK";
+var SERVICE_HEADERS = {
+  auth: "x-cb-auth",
+  todo: "x-cb-todo",
+  calendar: "x-cb-cal",
+  email: "x-cb-email",
+  push: "x-cb-push"
+};
+var SERVICE_PREFIXES = [
+  { service: "auth", prefix: "/auth" },
+  { service: "todo", prefix: "/todo" },
+  { service: "calendar", prefix: "/calendar" },
+  { service: "email", prefix: "/email" },
+  { service: "push", prefix: "/push" }
+];
+var KNOWN_HEADERS = Object.values(SERVICE_HEADERS);
 function normalizeBasePath(pathname) {
   const trimmed = pathname.replace(/\/+$/, "");
   return trimmed === "" ? "/" : trimmed;
@@ -1270,6 +1338,26 @@ function isUnderApiBase(url, apiBase) {
   const basePath = normalizeBasePath(base.pathname);
   return url.origin === base.origin && (basePath === "/" || url.pathname === basePath || url.pathname.startsWith(`${basePath}/`));
 }
+function pathWithinApiBase(url, apiBase) {
+  const basePath = normalizeBasePath(new URL(apiBase).pathname);
+  if (basePath === "/") return url.pathname;
+  if (url.pathname === basePath) return "/";
+  return url.pathname.slice(basePath.length) || "/";
+}
+function pathMatchesPrefix(pathname, prefix) {
+  return pathname === prefix || pathname.startsWith(`${prefix}/`);
+}
+function serviceForPath(pathname) {
+  return SERVICE_PREFIXES.find(({ prefix }) => pathMatchesPrefix(pathname, prefix))?.service;
+}
+function stripKnownBookmarkHeaders(request, keep) {
+  if (!KNOWN_HEADERS.some((header) => header !== keep && request.headers.has(header))) return request;
+  const headers = new Headers(request.headers);
+  for (const header of KNOWN_HEADERS) {
+    if (header !== keep) headers.delete(header);
+  }
+  return new Request(request, { headers });
+}
 function isJsonContentType(contentType) {
   const mediaType = contentType.toLowerCase().split(";")[0]?.trim() ?? "";
   return mediaType === "application/json" || mediaType.endsWith("+json");
@@ -1291,46 +1379,54 @@ function createConsistencyFetch(opts) {
     const url = new URL(request.url);
     const applies = isUnderApiBase(url, opts.apiBase);
     let outgoing = request;
-    let injectedStoredBookmark = false;
-    if (applies && !outgoing.headers.has(HEADER)) {
-      const config2 = await opts.store.read();
-      const bookmark = config2.envs[opts.envName]?.consistency_bookmark;
-      if (bookmark) {
-        const headers = new Headers(outgoing.headers);
-        headers.set(HEADER, bookmark);
-        outgoing = new Request(outgoing, { headers });
-        injectedStoredBookmark = true;
+    let injectedService;
+    const service = applies ? serviceForPath(pathWithinApiBase(url, opts.apiBase)) : void 0;
+    const serviceHeader = service ? SERVICE_HEADERS[service] : void 0;
+    outgoing = stripKnownBookmarkHeaders(outgoing, applies ? serviceHeader : void 0);
+    if (applies && service) {
+      const header = SERVICE_HEADERS[service];
+      if (!outgoing.headers.has(header)) {
+        const config = await opts.store.read();
+        const bookmark = config.envs[opts.envName]?.consistency_bookmarks?.[service];
+        if (bookmark) {
+          const headers = new Headers(outgoing.headers);
+          headers.set(header, bookmark);
+          outgoing = new Request(outgoing, { headers });
+          injectedService = service;
+        }
       }
     }
-    if (!applies && outgoing.headers.has(HEADER)) {
-      const headers = new Headers(outgoing.headers);
-      headers.delete(HEADER);
-      outgoing = new Request(outgoing, { headers });
-    }
     const response = await fetchImpl(outgoing);
     if (!applies) return response;
-    const nextBookmark = response.headers.get(HEADER);
-    const shouldCheckInvalidBookmark = injectedStoredBookmark && !nextBookmark;
+    const nextBookmarks = Object.entries(SERVICE_HEADERS).flatMap(([serviceName, header]) => {
+      const value = response.headers.get(header);
+      return value ? [[serviceName, value]] : [];
+    });
+    const shouldCheckInvalidBookmark = injectedService !== void 0;
     const invalidBookmark = shouldCheckInvalidBookmark ? await responseHasInvalidBookmark(response) : false;
-    const shouldClearBookmark = invalidBookmark;
-    if (!nextBookmark && !shouldClearBookmark) return response;
-    const config = await opts.store.read();
-    const env = config.envs[opts.envName];
-    if (!env) return response;
-    if (nextBookmark) {
-      env.consistency_bookmark = nextBookmark;
-    } else if (shouldClearBookmark) {
-      delete env.consistency_bookmark;
-    }
-    await opts.store.write(config);
+    if (nextBookmarks.length === 0 && !invalidBookmark) return response;
+    await opts.store.update((config) => {
+      const env = config.envs[opts.envName];
+      if (!env) return;
+      env.consistency_bookmarks ??= {};
+      for (const [serviceName, value] of nextBookmarks) {
+        env.consistency_bookmarks[serviceName] = value;
+      }
+      if (invalidBookmark && injectedService) {
+        delete env.consistency_bookmarks[injectedService];
+      }
+      if (Object.keys(env.consistency_bookmarks).length === 0) {
+        delete env.consistency_bookmarks;
+      }
+    });
     return response;
   };
 }
 // src/version.ts
-var VERSION = "0.0.15";
-var SPEC_SHA = "dac502bc";
-var SPEC_FETCHED_AT = "2026-06-15T16:41:41.264Z";
+var VERSION = "0.0.17";
+var SPEC_SHA = "d0ccc741";
+var SPEC_FETCHED_AT = "2026-06-16T14:51:59.656Z";
 var API_BASE = "https://api.wspc.ai";
 // src/index.ts
@@ -1343,6 +1439,17 @@ var WspcAuthExpiredError = class extends Error {
 };
 // src/handwritten/auth/sdk-auth.ts
+var USER_AGENT = `@wspc/cli/${VERSION}`;
+async function expiredMessage(res) {
+  try {
+    const body = await res.clone().json();
+    if (!body.error) return void 0;
+    const detail = body.error_description ? `: ${body.error_description}` : "";
+    return `wspc token refresh failed (${body.error}${detail}); re-authenticate via \`wspc login\``;
+  } catch {
+    return void 0;
+  }
+}
 function createAuthInterceptor(mode) {
   if ("apiKey" in mode) {
     const apiKey = mode.apiKey;
@@ -1350,6 +1457,7 @@ function createAuthInterceptor(mode) {
     return {
       async onRequest(req) {
         req.headers.set("authorization", `Bearer ${apiKey}`);
+        req.headers.set("user-agent", USER_AGENT);
         return req;
       },
       async execute(req) {
@@ -1365,6 +1473,7 @@ function createAuthInterceptor(mode) {
   return {
     async onRequest(req) {
       req.headers.set("authorization", `Bearer ${accessToken}`);
+      req.headers.set("user-agent", USER_AGENT);
       return req;
     },
     async execute(req) {
@@ -1372,7 +1481,10 @@ function createAuthInterceptor(mode) {
       if (first.status !== 401) return first;
       const refreshRes = await fetchImpl(`${mode.baseUrl}/auth/oauth/token`, {
         method: "POST",
-        headers: { "content-type": "application/x-www-form-urlencoded" },
+        headers: {
+          "content-type": "application/x-www-form-urlencoded",
+          "user-agent": USER_AGENT
+        },
         body: new URLSearchParams({
           grant_type: "refresh_token",
           refresh_token: refreshToken,
@@ -1380,7 +1492,7 @@ function createAuthInterceptor(mode) {
         })
       });
       if (!refreshRes.ok) {
-        throw new WspcAuthExpiredError();
+        throw new WspcAuthExpiredError(await expiredMessage(refreshRes));
       }
       const tokens = await refreshRes.json();
       accessToken = tokens.access_token;
@@ -1450,13 +1562,13 @@ function buildInterceptor(store, resolved, fetchImpl) {
     clientId,
     fetchImpl,
     onTokenRefresh: async ({ accessToken, refreshToken, expiresAt }) => {
-      const cfg = await store.read();
-      const a = cfg.envs[envName]?.accounts?.[email];
-      if (!a) return;
-      a.access_token = accessToken;
-      a.refresh_token = refreshToken;
-      a.access_token_expires_at = expiresAt;
-      await store.write(cfg);
+      await store.update((cfg) => {
+        const a = cfg.envs[envName]?.accounts?.[email];
+        if (!a) return;
+        a.access_token = accessToken;
+        a.refresh_token = refreshToken;
+        a.access_token_expires_at = expiresAt;
+      });
     }
   });
 }