npm - @zapier/zapier-sdk-cli - Versions diffs - 0.42.2 → 0.43.1 - Mend

@zapier/zapier-sdk-cli 0.42.2 → 0.43.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/CHANGELOG.md +21 -0
package/dist/cli.cjs +1047 -547
package/dist/cli.d.mts +0 -1
package/dist/cli.d.ts +0 -1
package/dist/cli.mjs +1034 -537
package/dist/index.cjs +1037 -538
package/dist/index.d.mts +395 -23
package/dist/index.d.ts +395 -23
package/dist/index.mjs +1027 -531
package/dist/login.cjs +599 -7
package/dist/login.d.mts +144 -1
package/dist/login.d.ts +144 -1
package/dist/login.mjs +565 -1
package/dist/package.json +5 -2
package/dist/src/login/filesystem-cache.d.ts +25 -0
package/dist/src/login/filesystem-cache.js +195 -0
package/dist/src/login/index.d.ts +115 -0
package/dist/src/login/index.js +442 -0
package/dist/src/login/keychain.d.ts +18 -0
package/dist/src/login/keychain.js +74 -0
package/dist/src/login.d.ts +10 -1
package/dist/src/login.js +10 -1
package/dist/src/plugins/add/index.d.ts +250 -11
package/dist/src/plugins/add/index.js +8 -16
package/dist/src/plugins/buildManifest/index.d.ts +116 -9
package/dist/src/plugins/buildManifest/index.js +14 -23
package/dist/src/plugins/bundleCode/index.d.ts +19 -10
package/dist/src/plugins/bundleCode/index.js +7 -17
package/dist/src/plugins/cliOverrides/index.d.ts +12 -10
package/dist/src/plugins/cliOverrides/index.js +16 -20
package/dist/src/plugins/curl/index.d.ts +69 -10
package/dist/src/plugins/curl/index.js +3 -2
package/dist/src/plugins/feedback/index.d.ts +18 -13
package/dist/src/plugins/feedback/index.js +18 -26
package/dist/src/plugins/generateAppTypes/index.d.ts +261 -9
package/dist/src/plugins/generateAppTypes/index.js +17 -45
package/dist/src/plugins/getLoginConfigPath/index.d.ts +12 -10
package/dist/src/plugins/getLoginConfigPath/index.js +9 -19
package/dist/src/plugins/init/index.d.ts +15 -11
package/dist/src/plugins/init/index.js +9 -17
package/dist/src/plugins/login/index.d.ts +18 -13
package/dist/src/plugins/login/index.js +10 -18
package/dist/src/plugins/logout/index.d.ts +12 -11
package/dist/src/plugins/logout/index.js +11 -17
package/dist/src/plugins/mcp/index.d.ts +18 -15
package/dist/src/plugins/mcp/index.js +9 -21
package/dist/src/sdk.js +1 -1
package/dist/src/utils/auth/login.d.ts +1 -1
package/dist/src/utils/auth/login.js +1 -1
package/dist/src/utils/constants.d.ts +1 -1
package/dist/src/utils/constants.js +1 -1
package/dist/src/utils/version-checker.js +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +7 -4

package/dist/login.mjs CHANGED Viewed

@@ -1 +1,565 @@
-export * from '@zapier/zapier-sdk-cli-login';
+import Conf from 'conf';
+import { mkdirSync, existsSync, writeFileSync } from 'fs';
+import * as jwt from 'jsonwebtoken';
+import { deletePassword, setPassword, getKeyring, getPassword } from 'cross-keychain';
+import { createHash } from 'crypto';
+import { dirname } from 'path';
+import * as lockfile from 'proper-lockfile';
+// src/login/index.ts
+var SERVICE = "zapier-sdk-cli";
+var ACCOUNT = "login";
+var cachedBackendInfo;
+async function getBackendInfo() {
+  if (!cachedBackendInfo) {
+    const keyring = await getKeyring();
+    cachedBackendInfo = `${keyring.name} (${keyring.id})`;
+  }
+  return cachedBackendInfo;
+}
+var keychainQueue = Promise.resolve();
+function enqueue(fn) {
+  const result = keychainQueue.then(fn, fn);
+  keychainQueue = result.then(
+    () => {
+    },
+    () => {
+    }
+  );
+  return result;
+}
+async function getTokensFromKeychain({
+  debugLog
+} = {}) {
+  return enqueue(async () => {
+    const backendInfo = await getBackendInfo();
+    debugLog?.(`Keychain read via ${backendInfo}`);
+    const startTime = Date.now();
+    const raw = await getPassword(SERVICE, ACCOUNT);
+    debugLog?.(`Keychain read completed in ${Date.now() - startTime}ms`);
+    if (!raw) {
+      debugLog?.("Keychain returned no data");
+      return void 0;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch {
+      debugLog?.("Keychain data is not valid JSON");
+      return void 0;
+    }
+    if (typeof parsed.login_jwt === "string" && typeof parsed.login_refresh_token === "string") {
+      return {
+        login_jwt: parsed.login_jwt,
+        login_refresh_token: parsed.login_refresh_token
+      };
+    }
+    debugLog?.("Keychain data has invalid shape", parsed);
+    return void 0;
+  });
+}
+async function setTokensInKeychain({
+  data,
+  debugLog
+}) {
+  return enqueue(async () => {
+    const backendInfo = await getBackendInfo();
+    debugLog?.(`Keychain write via ${backendInfo}`);
+    const startTime = Date.now();
+    await setPassword(SERVICE, ACCOUNT, JSON.stringify(data));
+    debugLog?.(`Keychain write completed in ${Date.now() - startTime}ms`);
+  });
+}
+async function clearTokensFromKeychain({
+  debugLog
+} = {}) {
+  return enqueue(async () => {
+    try {
+      const backendInfo = await getBackendInfo();
+      debugLog?.(`Keychain clear via ${backendInfo}`);
+      await deletePassword(SERVICE, ACCOUNT);
+    } catch {
+    }
+  });
+}
+var SERVICE2 = "zapier-sdk-cache";
+var CONFIG_KEY = "cache";
+var LOCK_UPDATE_MS = 5e3;
+var LOCK_STALE_MS = 1e4;
+var LOCK_RETRY_WAIT_MS = 100;
+var LOCK_RETRY_MAX_WAIT_MS = 1e3;
+var LOCK_RETRY_COUNT = 120;
+function keychainAccount(key) {
+  return createHash("sha256").update(key).digest("hex");
+}
+function readConfigMap() {
+  const cfg = getConfig();
+  const stored = cfg.get(CONFIG_KEY);
+  if (stored && typeof stored === "object") {
+    return stored;
+  }
+  return {};
+}
+function writeConfigMap(map) {
+  getConfig().set(CONFIG_KEY, map);
+}
+function entryIsExpired(entry) {
+  return entry.expires_at !== void 0 && entry.expires_at <= Date.now();
+}
+function createCache() {
+  return {
+    async get(key) {
+      const entry = readConfigMap()[key];
+      if (!entry) return void 0;
+      if (entryIsExpired(entry)) return void 0;
+      if (entry.secret) {
+        const stored = await enqueue(async () => {
+          await getBackendInfo();
+          return getPassword(SERVICE2, keychainAccount(key));
+        });
+        if (!stored) {
+          return void 0;
+        }
+        return { value: stored, expiresAt: entry.expires_at };
+      }
+      if (entry.value === void 0) return void 0;
+      return { value: entry.value, expiresAt: entry.expires_at };
+    },
+    async set(key, value, options) {
+      const secret = options?.secret ?? false;
+      const expiresAt = options?.ttl ? Date.now() + options.ttl * 1e3 : void 0;
+      if (secret) {
+        try {
+          await enqueue(async () => {
+            await getBackendInfo();
+            await setPassword(SERVICE2, keychainAccount(key), value);
+          });
+        } catch {
+          return;
+        }
+        const map = readConfigMap();
+        map[key] = { secret: true, expires_at: expiresAt };
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      } else {
+        const map = readConfigMap();
+        map[key] = { secret: false, value, expires_at: expiresAt };
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      }
+    },
+    async delete(key) {
+      const map = readConfigMap();
+      const entry = map[key];
+      if (entry) {
+        delete map[key];
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      }
+      if (entry?.secret) {
+        try {
+          await enqueue(async () => {
+            await getBackendInfo();
+            await deletePassword(SERVICE2, keychainAccount(key));
+          });
+        } catch {
+        }
+      }
+    },
+    async withLock(_key, fn) {
+      const cfg = getConfig();
+      const lockTarget = `${cfg.path}.cache-lock`;
+      try {
+        mkdirSync(dirname(lockTarget), { recursive: true });
+        if (!existsSync(lockTarget)) {
+          writeFileSync(lockTarget, "");
+        }
+      } catch {
+        return fn();
+      }
+      let release = null;
+      try {
+        release = await lockfile.lock(lockTarget, {
+          stale: LOCK_STALE_MS,
+          update: LOCK_UPDATE_MS,
+          retries: {
+            retries: LOCK_RETRY_COUNT,
+            factor: 1.2,
+            minTimeout: LOCK_RETRY_WAIT_MS,
+            maxTimeout: LOCK_RETRY_MAX_WAIT_MS
+          }
+        });
+      } catch {
+        return fn();
+      }
+      try {
+        return await fn();
+      } finally {
+        try {
+          await release();
+        } catch {
+        }
+      }
+    }
+  };
+}
+// src/login/index.ts
+var ZapierAuthenticationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ZapierAuthenticationError";
+  }
+};
+var config = null;
+var DEFAULT_AUTH_CLIENT_ID = "grwWZD5hUWGvb4V8ODBuOtXer3h0DBEZ2HR8aay6";
+var TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1e3;
+function createDebugLog(enabled) {
+  if (!enabled) {
+    return () => {
+    };
+  }
+  return (message, data) => {
+    if (data === void 0) {
+      console.log(`[Zapier SDK CLI Login] ${message}`);
+    } else {
+      console.log(`[Zapier SDK CLI Login] ${message}`, data);
+    }
+  };
+}
+function censorHeaderValue(value) {
+  if (value.length > 12) {
+    return `${value.substring(0, 4)}...${value.substring(value.length - 4)}`;
+  }
+  return `${value.charAt(0)}...`;
+}
+function getAuthClientId(clientId) {
+  return clientId || DEFAULT_AUTH_CLIENT_ID;
+}
+var AUTH_MODE_HEADER = "X-Auth";
+var DEFAULT_AUTH_BASE_URL = "https://zapier.com";
+function getAuthTokenUrl(options) {
+  const authBaseUrl = options?.baseUrl || DEFAULT_AUTH_BASE_URL;
+  return `${authBaseUrl}/oauth/token/`;
+}
+function getAuthAuthorizeUrl(options) {
+  const authBaseUrl = options?.baseUrl || DEFAULT_AUTH_BASE_URL;
+  return `${authBaseUrl}/oauth/authorize/`;
+}
+function getPkceLoginConfig(options) {
+  return {
+    clientId: getAuthClientId(options?.credentials?.clientId),
+    tokenUrl: getAuthTokenUrl({ baseUrl: options?.credentials?.baseUrl }),
+    authorizeUrl: getAuthAuthorizeUrl({
+      baseUrl: options?.credentials?.baseUrl
+    })
+  };
+}
+var cachedLogin;
+function getConfig() {
+  if (!config) {
+    config = new Conf({ projectName: "zapier-sdk-cli" });
+    if (!config.has("login_storage_mode")) {
+      config.set(
+        "login_storage_mode",
+        existsSync(config.path) ? "config" : "keychain"
+      );
+    }
+  }
+  return config;
+}
+function unloadConfig() {
+  config = null;
+  cachedLogin = void 0;
+}
+async function updateLogin(loginData, options = {}) {
+  const debugLog = createDebugLog(options.debug ?? false);
+  const storage = options.storage ?? cachedLogin?.storage ?? "keychain";
+  const expiresAt = Date.now() + loginData.expires_in * 1e3;
+  const cfg = getConfig();
+  cfg.set("login_storage_mode", storage);
+  if (storage === "keychain") {
+    await setTokensInKeychain({
+      data: {
+        login_jwt: loginData.access_token,
+        login_refresh_token: loginData.refresh_token
+      },
+      debugLog
+    });
+    cfg.set("login_expires_at", expiresAt);
+    cfg.delete("login_jwt");
+    cfg.delete("login_refresh_token");
+  } else {
+    cfg.set("login_jwt", loginData.access_token);
+    cfg.set("login_refresh_token", loginData.refresh_token);
+    cfg.set("login_expires_at", expiresAt);
+    await clearTokensFromKeychain({ debugLog });
+  }
+  cachedLogin = {
+    jwt: loginData.access_token,
+    refreshToken: loginData.refresh_token,
+    expiresAt,
+    storage
+  };
+}
+function decodeJwtOrThrow(token) {
+  if (typeof token !== "string") {
+    throw new Error("Expected JWT to be a string");
+  }
+  const decodedJwt = jwt.decode(token, { complete: true });
+  if (!decodedJwt) {
+    throw new Error("Could not decode JWT");
+  }
+  if (typeof decodedJwt.payload === "string") {
+    throw new Error("Did not expect JWT payload to be a string");
+  }
+  return decodedJwt;
+}
+async function refreshJwt(refreshToken, options = {}) {
+  const {
+    onEvent,
+    fetch = globalThis.fetch,
+    credentials,
+    debug = false
+  } = options;
+  const debugLog = createDebugLog(debug);
+  const tokenUrl = getAuthTokenUrl({ baseUrl: credentials?.baseUrl });
+  const clientId = getAuthClientId(credentials?.clientId);
+  const startTime = Date.now();
+  try {
+    onEvent?.({
+      type: "auth_refreshing",
+      payload: {
+        message: "Refreshing your token...",
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    debugLog(`\u2192 POST ${tokenUrl}`, {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        [AUTH_MODE_HEADER]: "no"
+      },
+      body: {
+        client_id: clientId,
+        refresh_token: censorHeaderValue(refreshToken),
+        grant_type: "refresh_token"
+      }
+    });
+    const response = await fetch(tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        [AUTH_MODE_HEADER]: "no"
+      },
+      body: new URLSearchParams({
+        client_id: clientId,
+        refresh_token: refreshToken,
+        grant_type: "refresh_token"
+      })
+    });
+    const duration = Date.now() - startTime;
+    if (!response.ok) {
+      debugLog(`\u2190 ${response.status} ${response.statusText} (${duration}ms)`);
+      throw new Error(
+        `Token refresh failed: ${response.status} ${response.statusText}`
+      );
+    }
+    debugLog(`\u2190 ${response.status} ${response.statusText} (${duration}ms)`);
+    const data = await response.json();
+    await updateLogin(data, { debug });
+    debugLog(
+      `Token refreshed and saved to ${cachedLogin?.storage ?? "keychain"}`
+    );
+    onEvent?.({
+      type: "auth_success",
+      payload: {
+        message: "Token refreshed successfully",
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    return data.access_token;
+  } catch (error) {
+    const duration = Date.now() - startTime;
+    debugLog(`\u2716 Token refresh failed (${duration}ms)`, {
+      error: error instanceof Error ? error.message : error
+    });
+    cachedLogin = void 0;
+    const errorMessage = `Token refresh failed: ${error instanceof Error ? error.message : "Unknown error"}`;
+    onEvent?.({
+      type: "auth_error",
+      payload: {
+        message: errorMessage,
+        error: errorMessage,
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    throw error;
+  }
+}
+var pendingRefresh = null;
+var pendingResolve = null;
+async function resolveStoredLogin(debugLog) {
+  if (cachedLogin) {
+    debugLog("Using in-memory cached credentials");
+    return cachedLogin;
+  }
+  if (pendingResolve) {
+    debugLog("Waiting for existing keychain read to complete");
+    return pendingResolve;
+  }
+  pendingResolve = resolveStoredLoginFromStorage(debugLog).finally(() => {
+    pendingResolve = null;
+  });
+  return pendingResolve;
+}
+async function resolveStoredLoginFromStorage(debugLog) {
+  let cfg;
+  try {
+    cfg = getConfig();
+  } catch (error) {
+    debugLog("Failed to load config", {
+      error: error instanceof Error ? error.message : error
+    });
+    return void 0;
+  }
+  const expiresAt = cfg.get("login_expires_at");
+  const configJwt = cfg.get("login_jwt");
+  const configRefresh = cfg.get("login_refresh_token");
+  if (configJwt && configRefresh && typeof expiresAt === "number") {
+    debugLog("Loaded credentials from config (legacy format)");
+    cachedLogin = {
+      jwt: configJwt,
+      refreshToken: configRefresh,
+      expiresAt,
+      storage: "config"
+    };
+    return cachedLogin;
+  }
+  if (typeof expiresAt !== "number") {
+    debugLog("No stored login credentials found");
+    return void 0;
+  }
+  const keychainData = await getTokensFromKeychain({ debugLog });
+  if (!keychainData) {
+    debugLog("No tokens found in keychain");
+    return void 0;
+  }
+  debugLog("Loaded credentials from keychain");
+  cachedLogin = {
+    jwt: keychainData.login_jwt,
+    refreshToken: keychainData.login_refresh_token,
+    expiresAt,
+    storage: "keychain"
+  };
+  return cachedLogin;
+}
+async function resolveOrRefreshToken(options = {}) {
+  const { debug = false } = options;
+  const debugLog = createDebugLog(debug);
+  const stored = await resolveStoredLogin(debugLog);
+  if (!stored) {
+    return void 0;
+  }
+  const { jwt: storedJwt, refreshToken, expiresAt } = stored;
+  if (expiresAt > Date.now() + TOKEN_REFRESH_BUFFER_MS) {
+    debugLog("Using cached token (still valid)");
+    return storedJwt;
+  }
+  debugLog("Token expired, refreshing...");
+  if (pendingRefresh) {
+    debugLog("Waiting for existing refresh to complete");
+    return pendingRefresh;
+  }
+  pendingRefresh = refreshJwt(refreshToken, options).finally(() => {
+    pendingRefresh = null;
+  });
+  return await pendingRefresh;
+}
+async function getToken(options = {}) {
+  try {
+    return await resolveOrRefreshToken(options);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Token refresh failed";
+    throw new ZapierAuthenticationError(
+      `${message}
+Please run 'login' to authenticate again.`
+    );
+  }
+}
+async function getLoggedInUser(options = {}) {
+  const jwt2 = await getToken(options).catch(() => void 0);
+  if (!jwt2) {
+    throw new Error(
+      "No valid authentication token available. Please login first."
+    );
+  }
+  let decodedJwt = decodeJwtOrThrow(jwt2);
+  if (decodedJwt.payload["sub_type"] == "service") {
+    decodedJwt = decodeJwtOrThrow(decodedJwt.payload["njwt"]);
+  }
+  if (typeof decodedJwt.payload["zap:acc"] !== "string") {
+    throw new Error("JWT payload does not contain accountId");
+  }
+  const accountId = parseInt(decodedJwt.payload["zap:acc"], 10);
+  if (isNaN(accountId)) {
+    throw new Error("JWT accountId is not a number");
+  }
+  if (decodedJwt.payload["sub_type"] !== "customuser" || typeof decodedJwt.payload["sub"] !== "string") {
+    throw new Error("JWT payload does not contain customUserId");
+  }
+  const customUserId = parseInt(decodedJwt.payload["sub"], 10);
+  if (isNaN(customUserId)) {
+    throw new Error("JWT customUserId is not a number");
+  }
+  const email = decodedJwt.payload["zap:uname"];
+  if (typeof email !== "string") {
+    throw new Error("JWT payload does not contain email");
+  }
+  return {
+    accountId,
+    customUserId,
+    email
+  };
+}
+function getLoginStorageMode() {
+  const cfg = getConfig();
+  if (typeof cfg.get("login_jwt") === "string") {
+    return "config";
+  }
+  const explicitMode = cfg.get("login_storage_mode");
+  if (explicitMode === "keychain" || explicitMode === "config") {
+    return explicitMode;
+  }
+  return "keychain";
+}
+async function logout(options = {}) {
+  const { onEvent } = options;
+  const mode = getLoginStorageMode();
+  cachedLogin = void 0;
+  await clearTokensFromKeychain();
+  const cfg = getConfig();
+  cfg.set("login_storage_mode", mode);
+  cfg.delete("login_expires_at");
+  cfg.delete("login_jwt");
+  cfg.delete("login_refresh_token");
+  onEvent?.({
+    type: "auth_logout",
+    payload: { message: "Logged out successfully", operation: "logout" },
+    timestamp: Date.now()
+  });
+}
+function getConfigPath() {
+  const cfg = getConfig();
+  return cfg.path;
+}
+export { AUTH_MODE_HEADER, ZapierAuthenticationError, createCache, getAuthAuthorizeUrl, getAuthTokenUrl, getConfig, getConfigPath, getLoggedInUser, getLoginStorageMode, getPkceLoginConfig, getToken, logout, unloadConfig, updateLogin };

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@zapier/zapier-sdk-cli",
-    "version": "0.42.2",
+    "version": "0.43.1",
     "description": "Command line interface for Zapier SDK",
     "main": "dist/index.cjs",
     "module": "dist/index.mjs",
@@ -66,11 +66,12 @@
     },
     "dependencies": {
         "@zapier/zapier-sdk": "workspace:*",
-        "@zapier/zapier-sdk-cli-login": "workspace:*",
         "@zapier/zapier-sdk-mcp": "workspace:*",
         "chalk": "^5.3.0",
         "cli-table3": "^0.6.5",
         "commander": "^12.0.0",
+        "conf": "^14.0.0",
+        "cross-keychain": "^1.1.0",
         "esbuild": "^0.25.5",
         "express": "^5.1.0",
         "handlebars": "^4.7.8",
@@ -81,6 +82,7 @@
         "ora": "^8.2.0",
         "package-json": "^10.0.1",
         "pkce-challenge": "^5.0.0",
+        "proper-lockfile": "^4.1.2",
         "semver": "^7.7.3",
         "typescript": "^5.8.3",
         "wrap-ansi": "^10.0.0",
@@ -91,6 +93,7 @@
         "@types/inquirer": "^9.0.8",
         "@types/jsonwebtoken": "^9.0.10",
         "@types/node": "^24.0.1",
+        "@types/proper-lockfile": "^4.1.4",
         "@types/semver": "^7.7.1",
         "tsup": "^8.5.0",
         "vitest": "^4.1.4"

package/dist/src/login/filesystem-cache.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Default filesystem + OS keychain cache adapter for the SDK.
+ *
+ * Conforms to the generic ZapierCache interface that the SDK defines.
+ * Secrets go to the OS keychain via cross-keychain; non-secret values
+ * and the identity metadata (expires_at, secret flag) go to the
+ * existing zapier-sdk-cli Conf file. A proper-lockfile lock wraps the
+ * exchange/persist critical section so N concurrent CLI invocations
+ * collapse to a single network exchange.
+ *
+ * The SDK treats this (like any ZapierCache) as a cache — values may
+ * disappear, and the caller must always be able to recreate them.
+ */
+export declare function createCache(): {
+    get(key: string): Promise<{
+        value: string;
+        expiresAt?: number;
+    } | undefined>;
+    set(key: string, value: string, options?: {
+        secret?: boolean;
+        ttl?: number;
+    }): Promise<void>;
+    delete(key: string): Promise<void>;
+    withLock<T>(key: string, fn: () => Promise<T>): Promise<T>;
+};