@zrhsh/wukong-cli 0.4.11 → 0.4.14

package/dist/cli.js

@@ -141,6 +141,7 @@ var init_config = __esm({
         DEVICE_AUTHORIZE: "/oceanet-auth/pkce/device/authorize",
         DEVICE_TOKEN: "/oceanet-auth/pkce/device/token",
         REFRESH_TOKEN: "/oceanet-auth/manage/refreshToken",
+        REFRESH_TOKEN_NRP: "/oceanet-auth/manage/refreshTokenNRP",
         LOGOUT: "/oceanet-auth/manage/logout"
       },
       API: {
@@ -491,14 +492,18 @@ var init_device_flow_service = __esm({
             refresh_token,
             expires_in,
             token_type,
-            scope
+            scope,
+            yst_access_token,
+            yst_refresh_token
           } = data.result;
           return {
             accessToken: access_token,
             refreshToken: refresh_token,
             expiresIn: expires_in,
             tokenType: token_type,
-            scope: Array.isArray(scope) ? scope : [scope || ""]
+            scope: Array.isArray(scope) ? scope : [scope || ""],
+            ...yst_access_token ? { ystAccessToken: yst_access_token } : {},
+            ...yst_refresh_token ? { ystRefreshToken: yst_refresh_token } : {}
           };
         }
         throw new Error("Authorization timed out. Please try again.");
@@ -733,19 +738,31 @@ var init_token_cache = __esm({
     MemoryTokenCache = class {
       accessToken = null;
       refreshToken = null;
+      ystAccessToken = null;
+      ystRefreshToken = null;
       getAccessToken() {
         return this.accessToken;
       }
       getRefreshToken() {
         return this.refreshToken;
       }
-      setTokens(accessToken, refreshToken) {
+      getYstAccessToken() {
+        return this.ystAccessToken;
+      }
+      getYstRefreshToken() {
+        return this.ystRefreshToken;
+      }
+      setTokens(accessToken, refreshToken, ystAccessToken, ystRefreshToken) {
         if (accessToken !== null) this.accessToken = accessToken;
         if (refreshToken !== null) this.refreshToken = refreshToken;
+        if (ystAccessToken !== void 0 && ystAccessToken !== null) this.ystAccessToken = ystAccessToken;
+        if (ystRefreshToken !== void 0 && ystRefreshToken !== null) this.ystRefreshToken = ystRefreshToken;
       }
       clear() {
         this.accessToken = null;
         this.refreshToken = null;
+        this.ystAccessToken = null;
+        this.ystRefreshToken = null;
       }
       hasAccessToken() {
         return this.accessToken !== null && this.accessToken.length > 0;
@@ -1106,27 +1123,21 @@ init_oceanet();
 init_debug();
 import ora2 from "ora";
 var TokenManager = class {
-  /**
-   * 构造函数
-   * @param credentialStore 凭据存储实例
-   * @param tokenCache token 缓存实例
-   */
   constructor(credentialStore, tokenCache) {
     this.credentialStore = credentialStore;
     this.tokenCache = tokenCache;
   }
-  /**
-   * 保存 Token
-   */
-  async saveToken(accessToken, refreshToken) {
+  async saveToken(options) {
     const config = getOceanetConfig();
-    await this.credentialStore.setPassword(config.SERVICE_NAME, "access_token", accessToken);
-    await this.credentialStore.setPassword(config.SERVICE_NAME, "refresh_token", refreshToken);
-    this.tokenCache.setTokens(accessToken, refreshToken);
+    const { accessToken, refreshToken, ystAccessToken, ystRefreshToken } = options;
+    await Promise.all([
+      this.credentialStore.setPassword(config.SERVICE_NAME, "access_token", accessToken),
+      this.credentialStore.setPassword(config.SERVICE_NAME, "refresh_token", refreshToken),
+      ...ystAccessToken ? [this.credentialStore.setPassword(config.SERVICE_NAME, "yst_access_token", ystAccessToken)] : [],
+      ...ystRefreshToken ? [this.credentialStore.setPassword(config.SERVICE_NAME, "yst_refresh_token", ystRefreshToken)] : []
+    ]);
+    this.tokenCache.setTokens(accessToken, refreshToken, ystAccessToken ?? null, ystRefreshToken ?? null);
   }
-  /**
-   * 获取 Access Token
-   */
   async getAccessToken() {
     const cached = this.tokenCache.getAccessToken();
     if (cached) {
@@ -1139,9 +1150,6 @@ var TokenManager = class {
     }
     return token;
   }
-  /**
-   * 获取 Refresh Token
-   */
   async getRefreshToken() {
     const cached = this.tokenCache.getRefreshToken();
     if (cached) {
@@ -1154,9 +1162,30 @@ var TokenManager = class {
     }
     return token;
   }
-  /**
-   * 刷新 Token
-   */
+  async getYstAccessToken() {
+    const cached = this.tokenCache.getYstAccessToken();
+    if (cached) {
+      return cached;
+    }
+    const config = getOceanetConfig();
+    const token = await this.credentialStore.getPassword(config.SERVICE_NAME, "yst_access_token");
+    if (token) {
+      this.tokenCache.setTokens(null, null, token, null);
+    }
+    return token;
+  }
+  async getYstRefreshToken() {
+    const cached = this.tokenCache.getYstRefreshToken();
+    if (cached) {
+      return cached;
+    }
+    const config = getOceanetConfig();
+    const token = await this.credentialStore.getPassword(config.SERVICE_NAME, "yst_refresh_token");
+    if (token) {
+      this.tokenCache.setTokens(null, null, null, token);
+    }
+    return token;
+  }
   async refreshAccessToken(refreshToken) {
     const spinner = ora2("Refreshing access token...").start();
     try {
@@ -1185,7 +1214,9 @@ var TokenManager = class {
         refresh_token: new_refresh_token,
         expires_in,
         token_type,
-        scope
+        scope,
+        yst_access_token,
+        yst_refresh_token: yst_new_refresh_token
       } = data.result;
       spinner.succeed("Token refreshed");
       return {
@@ -1193,38 +1224,78 @@ var TokenManager = class {
         refreshToken: new_refresh_token,
         expiresIn: expires_in,
         tokenType: token_type,
-        scope: Array.isArray(scope) ? scope : [scope || ""]
+        scope: Array.isArray(scope) ? scope : [scope || ""],
+        ...yst_access_token ? { ystAccessToken: yst_access_token } : {},
+        ...yst_new_refresh_token ? { ystRefreshToken: yst_new_refresh_token } : {}
       };
     } catch (error) {
       spinner.fail("Token refresh error");
       throw error;
     }
   }
-  /**
-   * 清除本地 Token
-   */
+  async refreshYstAccessToken(ystRefreshToken) {
+    const spinner = ora2("Refreshing YST access token...").start();
+    try {
+      const config = getOceanetConfig();
+      const url = `${config.AUTH_BASE_URL}${config.AUTH_ENDPOINTS.REFRESH_TOKEN_NRP}`;
+      const requestHeaders = {
+        "Content-Type": "application/json"
+      };
+      const requestBody = { param: ystRefreshToken };
+      debugRequest("POST", url, requestHeaders, requestBody);
+      const startTime = Date.now();
+      const response = await fetch(url, {
+        method: "POST",
+        headers: requestHeaders,
+        body: JSON.stringify(requestBody)
+      });
+      const duration = Date.now() - startTime;
+      const data = await response.json();
+      debugResponse(response.status, response.statusText, data, duration);
+      if (data.code !== 200) {
+        spinner.fail("YST token refresh failed");
+        throw new Error(data.message || "YST refresh token failed");
+      }
+      const { access_token, refresh_token } = data.result;
+      spinner.succeed("YST token refreshed");
+      return {
+        ystAccessToken: access_token,
+        ystRefreshToken: refresh_token
+      };
+    } catch (error) {
+      spinner.fail("YST token refresh error");
+      throw error;
+    }
+  }
   async clearTokens() {
     const config = getOceanetConfig();
-    await this.credentialStore.deletePassword(config.SERVICE_NAME, "access_token");
-    await this.credentialStore.deletePassword(config.SERVICE_NAME, "refresh_token");
+    await Promise.all([
+      this.credentialStore.deletePassword(config.SERVICE_NAME, "access_token"),
+      this.credentialStore.deletePassword(config.SERVICE_NAME, "refresh_token"),
+      this.credentialStore.deletePassword(config.SERVICE_NAME, "yst_access_token"),
+      this.credentialStore.deletePassword(config.SERVICE_NAME, "yst_refresh_token")
+    ]);
     this.tokenCache.clear();
   }
-  /**
-   * 退出登录
-   */
-  async logout(accessToken) {
+  async logout(accessToken, ocAccessToken) {
     try {
       const config = getOceanetConfig();
       const url = `${config.AUTH_BASE_URL}${config.AUTH_ENDPOINTS.LOGOUT}`;
       const requestHeaders = {
-        "Content-Type": "application/json",
-        "Authorization": `Bearer ${accessToken}`
+        "Content-Type": "application/json"
       };
-      debugRequest("POST", url, requestHeaders);
+      const requestBody = {
+        access_token: accessToken
+      };
+      if (ocAccessToken) {
+        requestBody.oc_access_token = ocAccessToken;
+      }
+      debugRequest("POST", url, requestHeaders, requestBody);
       const startTime = Date.now();
       const response = await fetch(url, {
         method: "POST",
-        headers: requestHeaders
+        headers: requestHeaders,
+        body: JSON.stringify(requestBody)
       });
       const duration = Date.now() - startTime;
       let data;
@@ -1237,18 +1308,21 @@ var TokenManager = class {
     }
     await this.clearTokens();
   }
-  /**
-   * 初始化 Token 缓存
-   * 从持久化存储加载 token 到内存缓存
-   */
   async initTokenCache() {
     const config = getOceanetConfig();
-    const [accessToken, refreshToken] = await Promise.all([
+    const [accessToken, refreshToken, ystAccessToken, ystRefreshToken] = await Promise.all([
       this.credentialStore.getPassword(config.SERVICE_NAME, "access_token"),
-      this.credentialStore.getPassword(config.SERVICE_NAME, "refresh_token")
+      this.credentialStore.getPassword(config.SERVICE_NAME, "refresh_token"),
+      this.credentialStore.getPassword(config.SERVICE_NAME, "yst_access_token"),
+      this.credentialStore.getPassword(config.SERVICE_NAME, "yst_refresh_token")
     ]);
-    if (accessToken || refreshToken) {
-      this.tokenCache.setTokens(accessToken || null, refreshToken || null);
+    if (accessToken || refreshToken || ystAccessToken || ystRefreshToken) {
+      this.tokenCache.setTokens(
+        accessToken || null,
+        refreshToken || null,
+        ystAccessToken || null,
+        ystRefreshToken || null
+      );
     }
   }
 };
@@ -1263,17 +1337,30 @@ function getTokenManager() {
   }
   return tokenManagerInstance;
 }
-async function saveToken(accessToken, refreshToken) {
+async function saveToken(accessTokenOrOptions, refreshToken) {
   const manager = getTokenManager();
-  await manager.saveToken(accessToken, refreshToken);
+  const options = typeof accessTokenOrOptions === "string" ? { accessToken: accessTokenOrOptions, refreshToken } : accessTokenOrOptions;
+  await manager.saveToken(options);
 }
 async function getAccessToken() {
   const manager = getTokenManager();
   return await manager.getAccessToken();
 }
-async function logout(accessToken) {
+async function getRefreshToken() {
+  const manager = getTokenManager();
+  return await manager.getRefreshToken();
+}
+async function getYstAccessToken() {
+  const manager = getTokenManager();
+  return await manager.getYstAccessToken();
+}
+async function getYstRefreshToken() {
   const manager = getTokenManager();
-  await manager.logout(accessToken);
+  return await manager.getYstRefreshToken();
+}
+async function logout(accessToken, ocAccessToken) {
+  const manager = getTokenManager();
+  await manager.logout(accessToken, ocAccessToken);
 }
 
 // src/core/http/client.ts
@@ -1511,7 +1598,6 @@ function createRetokenInstance(credentialStore, tokenCache) {
     refreshEndpoint: {
       url: `${config.AUTH_BASE_URL}${config.AUTH_ENDPOINTS.REFRESH_TOKEN}`,
       method: "POST",
-      // Oceanet API 要求: { "param": "refresh_token_string" }
       buildBody: (token) => JSON.stringify({ param: token }),
       headers: {
         "Content-Type": "application/json"
@@ -1547,18 +1633,18 @@ function createRetokenInstance(credentialStore, tokenCache) {
         }
         return {
           accessToken: result.access_token || result.accessToken,
-          refreshToken: result.refresh_token || result.refreshToken
+          refreshToken: result.refresh_token || result.refreshToken,
+          ...result.yst_access_token ? { ystAccessToken: result.yst_access_token } : {},
+          ...result.yst_refresh_token ? { ystRefreshToken: result.yst_refresh_token } : {}
         };
       }
     },
-    // 从缓存获取 token（同步函数）
     getAccessToken: () => {
       return cache.getAccessToken();
     },
     getRefreshToken: () => {
       return cache.getRefreshToken();
     },
-    // 保存 token 到持久化存储和缓存
     setTokens: (tokens) => {
       const accessToken = tokens?.accessToken;
       const refreshToken = tokens?.refreshToken;
@@ -1566,10 +1652,17 @@ function createRetokenInstance(credentialStore, tokenCache) {
         throw new Error("Invalid tokens: missing access_token or refresh_token");
       }
       const cfg = getOceanetConfig();
-      cache.setTokens(accessToken, refreshToken);
+      cache.setTokens(
+        accessToken,
+        refreshToken,
+        tokens?.ystAccessToken ?? null,
+        tokens?.ystRefreshToken ?? null
+      );
       void Promise.all([
         store.setPassword(cfg.SERVICE_NAME, "access_token", accessToken),
-        store.setPassword(cfg.SERVICE_NAME, "refresh_token", refreshToken)
+        store.setPassword(cfg.SERVICE_NAME, "refresh_token", refreshToken),
+        ...tokens?.ystAccessToken ? [store.setPassword(cfg.SERVICE_NAME, "yst_access_token", tokens.ystAccessToken)] : [],
+        ...tokens?.ystRefreshToken ? [store.setPassword(cfg.SERVICE_NAME, "yst_refresh_token", tokens.ystRefreshToken)] : []
       ]).catch((error) => {
         if (cfg.DEBUG || global.__debugMode) {
           console.log("");
@@ -1583,26 +1676,36 @@ function createRetokenInstance(credentialStore, tokenCache) {
         console.log("=== Token Saved ===");
         console.log("Access token saved (length:", accessToken.length, ")");
         console.log("Refresh token saved (length:", refreshToken.length, ")");
+        if (tokens?.ystAccessToken) {
+          console.log("YST access token saved (length:", tokens.ystAccessToken.length, ")");
+        }
+        if (tokens?.ystRefreshToken) {
+          console.log("YST refresh token saved (length:", tokens.ystRefreshToken.length, ")");
+        }
         console.log("");
       }
     },
-    // 清除 token
     clearTokens: async () => {
       const cfg = getOceanetConfig();
-      await store.deletePassword(cfg.SERVICE_NAME, "access_token");
-      await store.deletePassword(cfg.SERVICE_NAME, "refresh_token");
+      await Promise.all([
+        store.deletePassword(cfg.SERVICE_NAME, "access_token"),
+        store.deletePassword(cfg.SERVICE_NAME, "refresh_token"),
+        store.deletePassword(cfg.SERVICE_NAME, "yst_access_token"),
+        store.deletePassword(cfg.SERVICE_NAME, "yst_refresh_token")
+      ]);
       cache.clear();
     },
-    // 提前 1 分钟（60 秒）主动刷新
     expirationLeeway: 60,
-    // 401 时触发重试
     retryStatuses: [401],
-    // 认证完全失败时的回调
     onAuthFailure: async () => {
       const cfg = getOceanetConfig();
       try {
-        await store.deletePassword(cfg.SERVICE_NAME, "access_token");
-        await store.deletePassword(cfg.SERVICE_NAME, "refresh_token");
+        await Promise.all([
+          store.deletePassword(cfg.SERVICE_NAME, "access_token"),
+          store.deletePassword(cfg.SERVICE_NAME, "refresh_token"),
+          store.deletePassword(cfg.SERVICE_NAME, "yst_access_token"),
+          store.deletePassword(cfg.SERVICE_NAME, "yst_refresh_token")
+        ]);
         cache.clear();
       } catch {
       }
@@ -1659,9 +1762,19 @@ var AuthenticatingHttpClient = class {
   async refreshTokenAndPersist(retoken = getRetoken()) {
     const tokens = await retoken.refreshToken();
     if (tokens?.accessToken && tokens?.refreshToken) {
-      this.tokenCache.setTokens(tokens.accessToken, tokens.refreshToken);
+      this.tokenCache.setTokens(
+        tokens.accessToken,
+        tokens.refreshToken,
+        tokens.ystAccessToken ?? null,
+        tokens.ystRefreshToken ?? null
+      );
       const tokenManager = getTokenManager();
-      await tokenManager.saveToken(tokens.accessToken, tokens.refreshToken);
+      await tokenManager.saveToken({
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        ystAccessToken: tokens.ystAccessToken,
+        ystRefreshToken: tokens.ystRefreshToken
+      });
     }
   }
   /**
@@ -1954,7 +2067,12 @@ authCommands.command("login").description("Login using Device Authorization Flow
     console.log(chalk5.dim("\u2550".repeat(50)));
     console.log("");
     const tokens = await adapter.pollToken(deviceCode);
-    await saveToken(tokens.accessToken, tokens.refreshToken);
+    await saveToken({
+      accessToken: tokens.accessToken,
+      refreshToken: tokens.refreshToken,
+      ystAccessToken: tokens.ystAccessToken,
+      ystRefreshToken: tokens.ystRefreshToken
+    });
     console.log("");
     console.log(chalk5.bgGreen.black.bold(" [OK] Login Successful "));
     console.log("");
@@ -1985,8 +2103,9 @@ authCommands.command("logout").description("Logout and clear saved tokens").acti
   const envConfig = allEnvs[env];
   try {
     const accessToken = await getAccessToken();
+    const ystAccessToken = await getYstAccessToken();
     if (accessToken) {
-      await logout(accessToken);
+      await logout(accessToken, ystAccessToken ?? void 0);
     }
     console.log("");
     console.log(chalk5.green(`[OK] Logged out from ${env}`), chalk5.dim(`(${envConfig.displayName})`));
@@ -2099,6 +2218,165 @@ authCommands.command("status").description("Show authentication status").action(
     console.log("");
   }
 });
+authCommands.command("token").description("Display current token structure and JWT payload claims").action(async () => {
+  console.log("");
+  const env = getCurrentEnvironment();
+  const allEnvs = getAllEnvironments();
+  setCurrentEnvironment(env);
+  const envConfig = allEnvs[env];
+  try {
+    let decodeJwt2 = function(token) {
+      try {
+        const parts = token.split(".");
+        if (parts.length !== 3) return null;
+        const header = JSON.parse(Buffer.from(parts[0], "base64url").toString("utf-8"));
+        const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf-8"));
+        return { header, payload };
+      } catch {
+        return null;
+      }
+    };
+    var decodeJwt = decodeJwt2;
+    const config = getOceanetConfig();
+    const accessToken = await getAccessToken();
+    const refreshToken = await getRefreshToken();
+    if (!accessToken) {
+      console.log(chalk5.yellow("[ERROR] Not authenticated"));
+      console.log("");
+      printEnvironmentInfo(env, envConfig.displayName);
+      console.log(chalk5.dim("Run: wukong-cli auth login"));
+      console.log("");
+      return;
+    }
+    console.log(chalk5.bgGreen.black.bold(" Token Information "));
+    console.log("");
+    printEnvironmentInfo(env, envConfig.displayName);
+    console.log("");
+    const decoded = decodeJwt2(accessToken);
+    if (!decoded) {
+      console.log(chalk5.yellow("[WARNING] Access token is not a valid JWT"));
+      console.log("");
+      console.log(chalk5.dim("Access Token (raw):"), chalk5.cyan(accessToken.substring(0, 40) + "..."));
+      if (refreshToken) {
+        console.log(chalk5.dim("Refresh Token:"), chalk5.cyan(refreshToken.substring(0, 20) + "..." + refreshToken.slice(-4)));
+      }
+      console.log("");
+      return;
+    }
+    console.log(chalk5.bold("JWT Header:"));
+    console.log(chalk5.dim("  alg:"), chalk5.cyan(String(decoded.header.alg ?? "N/A")));
+    console.log(chalk5.dim("  typ:"), chalk5.cyan(String(decoded.header.typ ?? "N/A")));
+    console.log("");
+    console.log(chalk5.bold("JWT Payload:"));
+    const skipKeys = /* @__PURE__ */ new Set(["exp", "iat", "nbf", "jti"]);
+    for (const [key, value] of Object.entries(decoded.payload)) {
+      if (skipKeys.has(key)) continue;
+      console.log(chalk5.dim(`  ${key}:`), chalk5.cyan(String(value)));
+    }
+    console.log("");
+    const now = Date.now();
+    const exp = typeof decoded.payload.exp === "number" ? decoded.payload.exp * 1e3 : null;
+    const iat = typeof decoded.payload.iat === "number" ? decoded.payload.iat * 1e3 : null;
+    console.log(chalk5.bold("Expiration:"));
+    if (exp) {
+      const expDate = new Date(exp);
+      const diffMs = exp - now;
+      if (diffMs <= 0) {
+        console.log(chalk5.dim("  Status:"), chalk5.red("EXPIRED"));
+        console.log(chalk5.dim("  Expired at:"), chalk5.red(expDate.toLocaleString()));
+      } else if (diffMs < 5 * 60 * 1e3) {
+        console.log(chalk5.dim("  Status:"), chalk5.yellow("Expiring soon"));
+        console.log(chalk5.dim("  Expires at:"), chalk5.yellow(expDate.toLocaleString()));
+        console.log(chalk5.dim("  Remaining:"), chalk5.yellow(`${Math.floor(diffMs / 6e4)} minutes`));
+      } else {
+        console.log(chalk5.dim("  Status:"), chalk5.green("Valid"));
+        console.log(chalk5.dim("  Expires at:"), chalk5.green(expDate.toLocaleString()));
+        console.log(chalk5.dim("  Remaining:"), chalk5.green(`${Math.floor(diffMs / 6e4)} minutes`));
+      }
+    } else {
+      console.log(chalk5.dim("  exp:"), chalk5.yellow("N/A"));
+    }
+    if (iat) {
+      console.log(chalk5.dim("  Issued at:"), chalk5.cyan(new Date(iat).toLocaleString()));
+    }
+    console.log("");
+    if (refreshToken) {
+      console.log(chalk5.bold("Refresh Token:"));
+      console.log(chalk5.dim("  Token:"), chalk5.cyan(refreshToken.substring(0, 20) + "..." + refreshToken.slice(-4)));
+      console.log(chalk5.dim("  Length:"), chalk5.cyan(`${refreshToken.length} characters`));
+      console.log("");
+    } else {
+      console.log(chalk5.dim("Refresh Token:"), chalk5.yellow("Not available"));
+      console.log("");
+    }
+    const ystAccessToken = await getYstAccessToken();
+    const ystRefreshToken = await getYstRefreshToken();
+    if (ystAccessToken || ystRefreshToken) {
+      console.log(chalk5.bold("YST Token (NRP):"));
+      if (ystAccessToken) {
+        console.log(chalk5.dim("  Access Token:"), chalk5.cyan(ystAccessToken.substring(0, 20) + "..." + ystAccessToken.slice(-4)));
+        console.log(chalk5.dim("  Length:"), chalk5.cyan(`${ystAccessToken.length} characters`));
+        const ystDecoded = decodeJwt2(ystAccessToken);
+        if (ystDecoded) {
+          const ystExp = typeof ystDecoded.payload.exp === "number" ? ystDecoded.payload.exp * 1e3 : null;
+          if (ystExp) {
+            const ystDiffMs = ystExp - now;
+            if (ystDiffMs <= 0) {
+              console.log(chalk5.dim("  JWT Status:"), chalk5.red("EXPIRED"));
+              console.log(chalk5.dim("  Expires at:"), chalk5.red(new Date(ystExp).toLocaleString()));
+            } else if (ystDiffMs < 5 * 60 * 1e3) {
+              console.log(chalk5.dim("  JWT Status:"), chalk5.yellow("Expiring soon"));
+              console.log(chalk5.dim("  Expires at:"), chalk5.yellow(new Date(ystExp).toLocaleString()));
+            } else {
+              console.log(chalk5.dim("  JWT Status:"), chalk5.green("Valid"));
+              console.log(chalk5.dim("  Expires at:"), chalk5.green(new Date(ystExp).toLocaleString()));
+              console.log(chalk5.dim("  Remaining:"), chalk5.green(`${Math.floor(ystDiffMs / 6e4)} minutes`));
+            }
+          }
+        }
+        console.log(chalk5.dim("  Server:"));
+        try {
+          const ystVerifyUrl = `${config.API_BASE_URL}/yst-system/sys/users/current`;
+          const ystResponse = await fetch(ystVerifyUrl, {
+            headers: { "Authorization": `Bearer ${ystAccessToken}` }
+          });
+          if (ystResponse.ok) {
+            console.log(chalk5.dim("    Status:"), chalk5.green("Valid (server verified)"));
+          } else {
+            const ystErrText = await ystResponse.text().catch(() => "");
+            console.log(chalk5.dim("    Status:"), chalk5.red(`Invalid (HTTP ${ystResponse.status})`));
+            if (ystErrText) {
+              console.log(chalk5.dim("    Error:"), chalk5.red(ystErrText.substring(0, 100)));
+            }
+          }
+        } catch (ystVerifyError) {
+          console.log(chalk5.dim("    Status:"), chalk5.yellow("Unable to verify (network error)"));
+        }
+      } else {
+        console.log(chalk5.dim("  Access Token:"), chalk5.yellow("Not available"));
+      }
+      if (ystRefreshToken) {
+        console.log(chalk5.dim("  Refresh Token:"), chalk5.cyan(ystRefreshToken.substring(0, 20) + "..." + ystRefreshToken.slice(-4)));
+        console.log(chalk5.dim("  Refresh Length:"), chalk5.cyan(`${ystRefreshToken.length} characters`));
+      } else {
+        console.log(chalk5.dim("  Refresh Token:"), chalk5.yellow("Not available"));
+      }
+      console.log("");
+    }
+  } catch (error) {
+    if (error instanceof ConfigFileError) {
+      console.log("");
+      console.log(chalk5.red("[ERROR] Configuration Error"));
+      console.log("");
+      console.log(chalk5.red(error.toUserMessage()));
+      console.log("");
+      return;
+    }
+    console.log("");
+    console.log(chalk5.red(`[ERROR] ${error instanceof Error ? error.message : "Unknown error"}`));
+    console.log("");
+  }
+});
 
 // src/commands/http.ts
 init_esm_shims();
@@ -2158,8 +2436,48 @@ async function executeRequest(method, url, options) {
     }
     const fullUrl = buildUrl2(url, options.baseUrl);
     const customHeaders = parseHeaders(options.headers);
-    const client = getClient();
     const requestData = options.data ? JSON.parse(options.data) : void 0;
+    const isYstRequest = fullUrl.includes("/yst-");
+    if (isYstRequest) {
+      const ystAccessToken = await getYstAccessToken();
+      if (!ystAccessToken) {
+        spinner.fail("YST token not available");
+        console.error(chalk6.red("YST token not found. Please re-login: wukong-cli auth login"));
+        process.exit(1);
+      }
+      spinner.text = `${method} ${chalk6.cyan(fullUrl)} (using YST token)`;
+      const startTime2 = Date.now();
+      const fetchOptions = {
+        method: method.toUpperCase(),
+        headers: {
+          "Authorization": `Bearer ${ystAccessToken}`,
+          "Content-Type": "application/json",
+          ...customHeaders
+        }
+      };
+      if (requestData) {
+        fetchOptions.body = JSON.stringify(requestData);
+      }
+      const response = await fetch(fullUrl + parseParams(options.params), fetchOptions);
+      const duration2 = Date.now() - startTime2;
+      if (!response.ok) {
+        const errText = await response.text().catch(() => "");
+        spinner.fail(`Request failed (${response.status})`);
+        console.error(chalk6.red(`HTTP ${response.status}: ${errText.substring(0, 200)}`));
+        process.exit(1);
+      }
+      const data2 = await response.json();
+      spinner.succeed("Response received");
+      console.log("");
+      console.log(chalk6.dim("Status:"), `${response.status} ${response.statusText}`);
+      console.log(chalk6.dim("Token:"), "YST");
+      console.log(chalk6.dim("Duration:"), `${duration2}ms`);
+      console.log("");
+      console.log(chalk6.dim("Response:"));
+      console.log(JSON.stringify(data2, null, 2));
+      return;
+    }
+    const client = getClient();
     spinner.text = `${method} ${chalk6.cyan(fullUrl)}`;
     const startTime = Date.now();
     let data;
@@ -2300,6 +2618,7 @@ import { Command as Command4 } from "commander";
 // src/core/update/npm-updater.ts
 init_esm_shims();
 import { spawn } from "child_process";
+import { platform } from "process";
 var UpdateExecutionError = class extends Error {
   constructor(message, exitCode = null) {
     super(message);
@@ -2311,12 +2630,15 @@ var NpmUpdater = class {
   constructor(spawnFn = spawn) {
     this.spawnFn = spawnFn;
   }
+  getSpawnOptions() {
+    return platform === "win32" ? { shell: true, stdio: ["ignore", "pipe", "pipe"] } : { stdio: ["ignore", "pipe", "pipe"] };
+  }
   updateToLatest() {
     return new Promise((resolve, reject) => {
       const child = this.spawnFn(
         "npm",
         ["install", "-g", "@zrhsh/wukong-cli@latest"],
-        { stdio: ["ignore", "pipe", "pipe"] }
+        this.getSpawnOptions()
       );
       child.stdout?.pipe(process.stdout);
       child.stderr?.pipe(process.stderr);
@@ -2387,7 +2709,7 @@ async function runUpdateCommand({
 }
 var updateCommand = new Command4("update").description("Update wukong-cli to the latest npm version").action(async () => {
   const exitCode = await runUpdateCommand({
-    currentVersion: "0.4.11",
+    currentVersion: "0.4.14",
     versionProvider: new NpmVersionProvider(
       "@zrhsh/wukong-cli",
       "https://registry.npmjs.org"
@@ -2402,7 +2724,7 @@ var updateCommand = new Command4("update").description("Update wukong-cli to the
 
 // src/cli.ts
 var program = new Command5();
-program.name("wukong-cli").description("Wukong CLI - TypeScript implementation").version("0.4.11").option("--debug", "Enable debug mode (show HTTP requests)").hook("preAction", (thisCommand) => {
+program.name("wukong-cli").description("Wukong CLI - TypeScript implementation").version("0.4.14").option("--debug", "Enable debug mode (show HTTP requests)").hook("preAction", (thisCommand) => {
   const options = thisCommand.opts();
   if (options.debug === true) {
     setDebugMode(true, true);
@@ -2420,7 +2742,7 @@ if (process.argv.length === 2) {
 program.parse();
 setImmediate(() => {
   try {
-    const versionChecker = getVersionChecker("0.4.11");
+    const versionChecker = getVersionChecker("0.4.14");
     const notifier = new ConsoleNotifier();
     versionChecker.checkInBackground(notifier).catch(() => {
     });