npm - @xano/cli - Versions diffs - 1.0.3-beta.5 → 1.0.3-beta.7 - Mend

@xano/cli 1.0.3-beta.5 → 1.0.3-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +11 -0
package/dist/commands/auth/index.d.ts +2 -0
package/dist/commands/auth/index.js +43 -3
package/dist/utils/multidoc-push.js +20 -16
package/oclif.manifest.json +2494 -2487
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -46,8 +46,19 @@ These warnings are layer 1 of broader push-safety work; ephemeral sandbox enviro
 xano auth
 xano auth --origin https://custom.xano.com
 xano auth --insecure                         # Skip TLS verification (self-signed certs)
+xano auth --no-browser                       # Headless login (no local callback server)
 ```
+The default flow starts a temporary callback server on `127.0.0.1` and waits
+for the browser to redirect back to it. On remote/SSH sessions, Docker
+containers, or locked-down networks where the browser can't reach the CLI's
+loopback address, use `--no-browser`: the CLI prints a login URL, you open it
+in any browser, and paste back the code it displays. No local server required.
+If you can't run `xano auth` at all, you can always create a profile manually
+with a Metadata API token from the Xano dashboard — see
+[Profiles](#profiles) below.
 ### Profiles
 Profiles store your Xano credentials and default workspace settings.

package/dist/commands/auth/index.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export default class Auth extends Command {
     static flags: {
         config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         insecure: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'no-browser': import("@oclif/core/interfaces").BooleanFlag<boolean>;
         origin: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
@@ -12,6 +13,7 @@ export default class Auth extends Command {
     private fetchBranches;
     private fetchInstances;
     private fetchWorkspaces;
+    private promptForToken;
     private promptProfileName;
     private saveProfile;
     private selectBranch;

package/dist/commands/auth/index.js CHANGED Viewed

@@ -1,4 +1,3 @@
-import { ExitPromptError } from '@inquirer/core';
 import { Command, Flags } from '@oclif/core';
 import inquirer from 'inquirer';
 import * as yaml from 'js-yaml';
@@ -20,6 +19,10 @@ Authenticated as John Doe (john@example.com)
 Profile 'default' created successfully!`,
         `$ xano auth --origin https://custom.xano.com
 Opening browser for Xano login at https://custom.xano.com...`,
+        `$ xano auth --no-browser
+To authenticate, open the following URL in any browser:
+  https://app.xano.com/login?dest=cli&display=code
+? Paste the code shown in your browser: ****`,
     ];
     static flags = {
         config: Flags.string({
@@ -33,6 +36,10 @@ Opening browser for Xano login at https://custom.xano.com...`,
             default: false,
             description: 'Skip TLS certificate verification (for self-signed certificates)',
         }),
+        'no-browser': Flags.boolean({
+            default: false,
+            description: 'Headless login: print a URL and paste back the code shown in the browser, instead of starting a local callback server (use on remote/SSH/Docker hosts where 127.0.0.1 is not reachable from the browser)',
+        }),
         origin: Flags.string({
             char: 'o',
             default: 'https://app.xano.com',
@@ -48,7 +55,9 @@ Opening browser for Xano login at https://custom.xano.com...`,
         try {
             // Step 1: Get token via browser auth
             this.log('Starting authentication flow...');
-            const token = await this.startAuthServer(flags.origin);
+            const token = flags['no-browser']
+                ? await this.promptForToken(flags.origin)
+                : await this.startAuthServer(flags.origin);
             // Step 2: Validate token and get user info
             this.log('');
             this.log('Validating authentication...');
@@ -113,7 +122,10 @@ Opening browser for Xano login at https://custom.xano.com...`,
             process.exit(0);
         }
         catch (error) {
-            if (error instanceof ExitPromptError) {
+            // Ctrl+C at an inquirer prompt throws ExitPromptError. Match on the name
+            // rather than `instanceof`: inquirer bundles its own copy of
+            // @inquirer/core, so the thrown class won't match an imported one.
+            if (error?.name === 'ExitPromptError') {
                 this.log('Authentication cancelled.');
                 return;
             }
@@ -196,6 +208,34 @@ Opening browser for Xano login at https://custom.xano.com...`,
             return [];
         }
     }
+    async promptForToken(origin) {
+        // Headless flow: no local callback server. The login page, when opened
+        // without a `callback` param, renders the access token on screen for the
+        // user to copy. We point the browser there (best-effort) and prompt for
+        // the pasted code.
+        const authUrl = `${origin}/login?dest=cli&display=code`;
+        this.log('To authenticate, open the following URL in any browser:');
+        this.log('');
+        this.log(`  ${authUrl}`);
+        this.log('');
+        try {
+            await open(authUrl);
+        }
+        catch {
+            // Best-effort only; the URL is already printed above for manual use.
+        }
+        const { token } = await inquirer.prompt([
+            {
+                message: 'Paste the code shown in your browser',
+                name: 'token',
+                type: 'password',
+                validate(input) {
+                    return input.trim() === '' ? 'A code is required' : true;
+                },
+            },
+        ]);
+        return token.trim();
+    }
     async promptProfileName() {
         const { profileName } = await inquirer.prompt([
             {

package/dist/utils/multidoc-push.js CHANGED Viewed

@@ -476,6 +476,7 @@ export async function executePush(ctx, target, flags) {
                     }
                     // Warn when the sandbox currently holds a different workspace than the one being
                     // pushed and the change set is large enough that stale state is a real risk.
+                    let mismatchConfirmed = false;
                     if (target.warnOnWorkspaceMismatch && preview.workspace_name) {
                         const localWorkspaceName = findLocalWorkspaceName(documentEntries);
                         const totalChanges = countSummaryChanges(preview.summary, shouldDelete);
@@ -494,29 +495,32 @@ export async function executePush(ctx, target, flags) {
                                     log('Push cancelled. Run `xano sandbox reset` then retry.');
                                     return;
                                 }
+                                mismatchConfirmed = true;
                             }
                             else {
                                 command.error('Workspace mismatch detected in non-interactive mode. Run `xano sandbox reset` first to start clean.');
                             }
                         }
                     }
-                    // Confirm with user
-                    const hasDestructive = preview.operations.some((op) => (shouldDelete && (op.action === 'delete' || op.action === 'cascade_delete')) ||
-                        op.action === 'truncate' ||
-                        op.action === 'drop_field' ||
-                        op.action === 'alter_field');
-                    const message = hasDestructive
-                        ? 'Proceed with push? This includes DESTRUCTIVE operations listed above.'
-                        : 'Proceed with push?';
-                    if (process.stdin.isTTY) {
-                        const confirmed = await confirm(message);
-                        if (!confirmed) {
-                            log('Push cancelled.');
-                            return;
+                    // Confirm with user (skip if workspace mismatch prompt already obtained confirmation)
+                    if (!mismatchConfirmed) {
+                        const hasDestructive = preview.operations.some((op) => (shouldDelete && (op.action === 'delete' || op.action === 'cascade_delete')) ||
+                            op.action === 'truncate' ||
+                            op.action === 'drop_field' ||
+                            op.action === 'alter_field');
+                        const message = hasDestructive
+                            ? 'Proceed with push? This includes DESTRUCTIVE operations listed above.'
+                            : 'Proceed with push?';
+                        if (process.stdin.isTTY) {
+                            const confirmed = await confirm(message);
+                            if (!confirmed) {
+                                log('Push cancelled.');
+                                return;
+                            }
+                        }
+                        else {
+                            command.error('Non-interactive environment detected. Use --force to skip confirmation.');
                         }
-                    }
-                    else {
-                        command.error('Non-interactive environment detected. Use --force to skip confirmation.');
                     }
                 }
                 else {