agc-api-cli 1.0.0

package/dist/cli.js

@@ -0,0 +1,981 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/cli/index.ts
+var import_commander = require("commander");
+var fs6 = __toESM(require("fs"));
+
+// src/services/auth.ts
+var import_axios = __toESM(require("axios"));
+
+// src/config/index.ts
+var dotenv = __toESM(require("dotenv"));
+var import_path = __toESM(require("path"));
+var import_fs = __toESM(require("fs"));
+var envPath = import_path.default.resolve(process.cwd(), ".env");
+if (import_fs.default.existsSync(envPath)) {
+  dotenv.config({ path: envPath });
+} else {
+  dotenv.config();
+}
+function getConfig() {
+  const clientId = process.env.AGC_CLIENT_ID;
+  const clientSecret = process.env.AGC_CLIENT_SECRET;
+  if (!clientId || !clientSecret) {
+    throw new Error("Missing AGC credentials. Please set AGC_CLIENT_ID and AGC_CLIENT_SECRET environment variables.");
+  }
+  return {
+    clientId,
+    clientSecret,
+    domain: process.env.AGC_DOMAIN || "connect-api.cloud.huawei.com"
+  };
+}
+
+// src/services/auth.ts
+var AuthService = class {
+  /**
+   * 获取访问API的Token
+   */
+  static async getToken() {
+    const config2 = getConfig();
+    const url = `https://${config2.domain}/api/oauth2/v1/token`;
+    const payload = {
+      grant_type: "client_credentials",
+      client_id: config2.clientId,
+      client_secret: config2.clientSecret
+    };
+    const response = await import_axios.default.post(url, payload, {
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+    return response.data;
+  }
+};
+
+// src/core/auth-mgr.ts
+var import_fs2 = __toESM(require("fs"));
+var import_path2 = __toESM(require("path"));
+var import_os = __toESM(require("os"));
+var AuthManager = class {
+  static cacheFile = import_path2.default.join(import_os.default.homedir(), ".agc-cli-token.json");
+  static async getAccessToken() {
+    const cache = this.readCache();
+    if (cache && cache.expiresAt > Date.now() + 5 * 60 * 1e3) {
+      return cache.accessToken;
+    }
+    const res = await AuthService.getToken();
+    if (res.access_token && res.expires_in) {
+      const expiresAt = Date.now() + res.expires_in * 1e3;
+      this.writeCache({ accessToken: res.access_token, expiresAt });
+      return res.access_token;
+    }
+    throw new Error(`Failed to get token: ${JSON.stringify(res.ret)}`);
+  }
+  static readCache() {
+    try {
+      if (import_fs2.default.existsSync(this.cacheFile)) {
+        const data = import_fs2.default.readFileSync(this.cacheFile, "utf8");
+        return JSON.parse(data);
+      }
+    } catch (e) {
+    }
+    return null;
+  }
+  static writeCache(cache) {
+    try {
+      import_fs2.default.writeFileSync(this.cacheFile, JSON.stringify(cache, null, 2), "utf8");
+    } catch (e) {
+    }
+  }
+  /**
+   * 清除缓存的 Token（登出）
+   */
+  static clearCache() {
+    try {
+      if (import_fs2.default.existsSync(this.cacheFile)) {
+        import_fs2.default.unlinkSync(this.cacheFile);
+        return true;
+      }
+      return false;
+    } catch (e) {
+      return false;
+    }
+  }
+};
+
+// src/core/http.ts
+var import_axios2 = __toESM(require("axios"));
+var agcClient = import_axios2.default.create();
+agcClient.interceptors.request.use(async (config2) => {
+  const cfg = getConfig();
+  if (!config2.baseURL) {
+    config2.baseURL = `https://${cfg.domain}`;
+  }
+  const token = await AuthManager.getAccessToken();
+  if (!config2.headers) {
+    config2.headers = {};
+  }
+  if (!config2.headers.Authorization) {
+    config2.headers.Authorization = `Bearer ${token}`;
+  }
+  if (!config2.headers.client_id) {
+    config2.headers.client_id = cfg.clientId;
+  }
+  if (config2.data !== void 0 && !config2.headers["Content-Type"]) {
+    config2.headers["Content-Type"] = "application/json";
+  }
+  return config2;
+}, (error) => {
+  return Promise.reject(error);
+});
+agcClient.interceptors.response.use(
+  (res) => res,
+  (err) => {
+    if (err.response?.status === 403) {
+      const body = err.response?.data;
+      const msg = typeof body === "object" ? JSON.stringify(body, null, 2) : body;
+      err.message = err.message + (msg ? `
+API \u54CD\u5E94: ${msg}` : "");
+    }
+    return Promise.reject(err);
+  }
+);
+
+// src/services/publish.ts
+var PublishService = class {
+  /**
+   * 查询应用包名对应的appid
+   * @param packageName 需要查询的应用包名，多个包名以逗号分隔，最多支持50个
+   */
+  static async getAppIdList(packageName) {
+    const response = await agcClient.get("/api/publish/v2/appid-list", {
+      params: { packageName }
+    });
+    return response.data;
+  }
+  /**
+   * 查询应用信息
+   * @param appId 需要查询的应用ID
+   * @param lang 需要查询的语言 (例如: 'zh-CN')，不传则查询全部语言
+   */
+  static async getAppInfo(appId, lang) {
+    const params = { appId };
+    if (lang) {
+      params.lang = lang;
+    }
+    const response = await agcClient.get("/api/publish/v3/app-info", {
+      params
+    });
+    return response.data;
+  }
+};
+
+// src/services/provision.ts
+var ProvisionService = class {
+  // ================= Certificates =================
+  static async createCert(req) {
+    const response = await agcClient.post("/api/publish/v3/cert", req);
+    return response.data;
+  }
+  static async getCertList(req) {
+    const response = await agcClient.post("/api/publish/v3/cert/list", req);
+    return response.data;
+  }
+  static async deleteCert(req) {
+    const response = await agcClient.post("/api/publish/v2/cert/delete", req);
+    return response.data;
+  }
+  // ================= Devices =================
+  static async addDevice(req) {
+    const response = await agcClient.post("/api/publish/v2/device", req);
+    return response.data;
+  }
+  static async getDeviceList(req) {
+    const params = new URLSearchParams();
+    if (req.deviceName) params.append("deviceName", req.deviceName);
+    if (req.fromRecCount) params.append("fromRecCount", String(req.fromRecCount));
+    if (req.maxReqCount) params.append("maxReqCount", String(req.maxReqCount));
+    if (req.order) params.append("order", String(req.order));
+    const url = `/api/publish/v2/device/list?${params.toString()}`;
+    const response = await agcClient.get(url);
+    return response.data;
+  }
+  static async deleteDevice(req) {
+    const response = await agcClient.post("/api/publish/v2/device/delete", req);
+    return response.data;
+  }
+  // ================= Profile / Provision =================
+  static async createProvision(req) {
+    const response = await agcClient.post("/api/publish/v3/provision", req);
+    return response.data;
+  }
+  static async getProvisionList(req) {
+    const params = new URLSearchParams();
+    if (req.fromRecCount) params.append("fromRecCount", String(req.fromRecCount));
+    if (req.maxReqCount) params.append("maxReqCount", String(req.maxReqCount));
+    const headers = {
+      appId: req.appId
+    };
+    if (req.provisionId) {
+      headers.provisionId = req.provisionId;
+    }
+    const url = `/api/publish/v3/provision/list?${params.toString()}`;
+    const response = await agcClient.get(url, { headers });
+    return response.data;
+  }
+  static async updateProvision(req) {
+    const response = await agcClient.put("/api/publish/v3/provision", req);
+    return response.data;
+  }
+  static async deleteProvision(req) {
+    const params = new URLSearchParams();
+    if (req.id) params.append("id", req.id);
+    const url = `/api/publish/v2/provision?${params.toString()}`;
+    const response = await agcClient.delete(url);
+    return response.data;
+  }
+  // ================= Fingerprint =================
+  static async addFingerprint(req) {
+    const { appId, ...body } = req;
+    const headers = { appId };
+    const response = await agcClient.post("/api/provision/v1/fingerprints", body, { headers });
+    return response.data;
+  }
+  static async getFingerprintList(req) {
+    const headers = { appId: req.appId };
+    const response = await agcClient.get("/api/provision/v1/fingerprints", { headers });
+    return response.data;
+  }
+  static async deleteFingerprint(req) {
+    const { appId, ...body } = req;
+    const headers = { appId };
+    const response = await agcClient.delete("/api/provision/v1/fingerprints", { headers, data: body });
+    return response.data;
+  }
+  // ================= ACL Permission =================
+  static async applyACL(req) {
+    const { appId, ...body } = req;
+    const headers = { appId };
+    const response = await agcClient.post("/api/provision/v1/user/permission/apply", body, { headers });
+    return response.data;
+  }
+  static async getACLStatus(req) {
+    const headers = { appId: req.appId };
+    const response = await agcClient.get("/api/provision/v1/user/permission/apply/status", { headers });
+    return response.data;
+  }
+  static async getACLQuery(req) {
+    const headers = { appId: req.appId };
+    const response = await agcClient.get("/api/provision/v1/user/permission", { headers });
+    return response.data;
+  }
+};
+
+// src/services/upload.ts
+var import_axios3 = __toESM(require("axios"));
+var import_fs3 = __toESM(require("fs"));
+var UploadService = class {
+  // ================= Raw APIs =================
+  static async getUploadUrl(req) {
+    const response = await agcClient.get("/api/publish/v2/upload-url/for-obs", {
+      params: req
+    });
+    return response.data;
+  }
+  static async initMultipart(req) {
+    const response = await agcClient.post("/api/publish/v2/upload/multipart/init", null, {
+      params: req
+    });
+    return response.data;
+  }
+  static async getMultipartParts(req) {
+    const { objectId, nspUploadId, parts } = req;
+    const response = await agcClient.post("/api/publish/v2/upload/multipart/parts", parts, {
+      params: { objectId, nspUploadId }
+    });
+    return response.data;
+  }
+  static async composeMultipart(req) {
+    const { objectId, nspUploadId, parts } = req;
+    const response = await agcClient.post("/api/publish/v2/upload/multipart/compose", parts, {
+      params: { objectId, nspUploadId }
+    });
+    return response.data;
+  }
+  // ================= High-level Operations =================
+  /**
+   * 封装好的上传文件核心流程（支持根据文件大小自动单文件或分片上传）
+   * 文件大小 < 5MB 时使用单文件上传，否则使用分片上传
+   */
+  static async uploadFile(options) {
+    const stat = import_fs3.default.statSync(options.filePath);
+    const fileName = options.filePath.split("/").pop() || "unknown";
+    if (stat.size < 5 * 1024 * 1024) {
+      await this.uploadSingleFile(options, fileName, stat.size);
+    } else {
+      await this.uploadMultipartFile(options, fileName, stat.size);
+    }
+  }
+  /**
+   * 单文件上传流程
+   */
+  static async uploadSingleFile(options, fileName, contentLength) {
+    const urlRes = await this.getUploadUrl({
+      appId: options.appId,
+      fileName,
+      contentLength,
+      releaseType: options.releaseType,
+      chineseMainlandFlag: options.chineseMainlandFlag
+    });
+    if (!urlRes.urlInfo) {
+      throw new Error(`Failed to get upload URL: ${JSON.stringify(urlRes.ret)}`);
+    }
+    const { url, headers } = urlRes.urlInfo;
+    const fileStream = import_fs3.default.createReadStream(options.filePath);
+    await import_axios3.default.put(url, fileStream, {
+      headers: {
+        ...headers,
+        "Content-Type": "application/octet-stream"
+      },
+      maxBodyLength: Infinity,
+      maxContentLength: Infinity
+    });
+  }
+  /**
+   * 分片上传流程
+   */
+  static async uploadMultipartFile(options, fileName, fileSize) {
+    const initRes = await this.initMultipart({
+      appId: options.appId,
+      fileName,
+      releaseType: options.releaseType,
+      chineseMainlandFlag: options.chineseMainlandFlag
+    });
+    const { objectId, nspUploadId, nspPartMinSize = 5242880 } = initRes;
+    if (!objectId || !nspUploadId) {
+      throw new Error(`Failed to init multipart upload: ${JSON.stringify(initRes.ret)}`);
+    }
+    const partSize = Number(nspPartMinSize);
+    const partsCount = Math.ceil(fileSize / partSize);
+    const partsReqBody = {};
+    for (let i = 1; i <= partsCount; i++) {
+      const start = (i - 1) * partSize;
+      const end = Math.min(start + partSize, fileSize);
+      partsReqBody[`additionalProp${i}`] = {
+        length: end - start
+      };
+    }
+    const partsRes = await this.getMultipartParts({
+      objectId,
+      nspUploadId,
+      parts: partsReqBody
+    });
+    const uploadInfoMap = partsRes.uploadInfoMap;
+    if (!uploadInfoMap) {
+      throw new Error(`Failed to get parts upload URL: ${JSON.stringify(partsRes.ret)}`);
+    }
+    const fd = import_fs3.default.openSync(options.filePath, "r");
+    const composeReqBody = {};
+    for (let i = 1; i <= partsCount; i++) {
+      const propKey = `additionalProp${i}`;
+      const uploadInfo = uploadInfoMap[propKey];
+      const start = (i - 1) * partSize;
+      const end = Math.min(start + partSize, fileSize);
+      const length = end - start;
+      const buffer = Buffer.alloc(length);
+      import_fs3.default.readSync(fd, buffer, 0, length, start);
+      const res = await import_axios3.default.put(uploadInfo.url, buffer, {
+        headers: {
+          ...uploadInfo.headers,
+          "Content-Type": "application/octet-stream"
+        },
+        maxBodyLength: Infinity,
+        maxContentLength: Infinity
+      });
+      const etag = res.headers["etag"];
+      composeReqBody[propKey] = {
+        partObjectId: uploadInfo.partObjectId || "",
+        etag
+      };
+    }
+    import_fs3.default.closeSync(fd);
+    await this.composeMultipart({
+      objectId,
+      nspUploadId,
+      parts: composeReqBody
+    });
+  }
+};
+
+// src/services/domain.ts
+var import_fs4 = __toESM(require("fs"));
+var DomainService = class {
+  /**
+   * 查询元服务的域名配置信息
+   */
+  static async queryDomain(req) {
+    const response = await agcClient.get(
+      "/api/dms/domain-manage/v1/app/domain",
+      {
+        params: { category: req.category },
+        headers: { appId: req.appId }
+      }
+    );
+    return response.data;
+  }
+  /**
+   * 新增/更新元服务的域名配置信息
+   */
+  static async updateDomain(req) {
+    const response = await agcClient.post(
+      "/api/dms/domain-manage/v1/app/domain",
+      { domains: req.domains },
+      {
+        params: { category: req.category },
+        headers: { appId: req.appId }
+      }
+    );
+    return response.data;
+  }
+  /**
+   * 查询域名修改次数/配置上限
+   */
+  static async queryDomainConfig(req) {
+    const response = await agcClient.get(
+      "/api/dms/domain-manage/v1/app/domain/config",
+      {
+        params: { appId: req.appId }
+      }
+    );
+    return response.data;
+  }
+  /**
+   * 下载域名配置文件
+   */
+  static async verifyFile(req, outputPath) {
+    const response = await agcClient.get(
+      "/api/dms/domain-manage/v1/app/domain/verify-file",
+      {
+        headers: { appId: req.appId },
+        responseType: "stream"
+      }
+    );
+    return new Promise((resolve, reject) => {
+      const writer = import_fs4.default.createWriteStream(outputPath);
+      response.data.pipe(writer);
+      let error = null;
+      writer.on("error", (err) => {
+        error = err;
+        writer.close();
+        reject(err);
+      });
+      writer.on("close", () => {
+        if (!error) {
+          resolve();
+        }
+      });
+    });
+  }
+  /**
+   * 预检查业务域名配置
+   */
+  static async preCheckDomain(req) {
+    const response = await agcClient.post(
+      "/api/dms/domain-manage/v1/app/domain/pre-check",
+      { domain: req.domain },
+      {
+        headers: { appId: req.appId }
+      }
+    );
+    return response.data;
+  }
+};
+
+// src/services/sign.ts
+var import_fs5 = __toESM(require("fs"));
+var import_path3 = __toESM(require("path"));
+var import_child_process = require("child_process");
+var import_crypto = __toESM(require("crypto"));
+var SignService = class {
+  static async createSignP12AndCsr(options) {
+    const outDir = options.outDir ? import_path3.default.resolve(options.outDir) : import_path3.default.join(process.cwd(), "sign_keys");
+    if (!import_fs5.default.existsSync(outDir)) {
+      import_fs5.default.mkdirSync(outDir, { recursive: true });
+    }
+    const filename = options.filename || this.createSignDefaultFilename();
+    const p12FilePath = import_path3.default.join(outDir, `${filename}.p12`);
+    const csrFilePath = import_path3.default.join(outDir, `${filename}.csr`);
+    const javaPath = options.javaPath || "java";
+    const sdkPath = options.sdkPath || process.env.HARMONYOS_SDK_PATH;
+    if (!sdkPath) {
+      throw new Error("sdkPath is required. Provide it via --sdk-path or HARMONYOS_SDK_PATH env var.");
+    }
+    const signToolPath = import_path3.default.join(sdkPath, "default", "openharmony", "toolchains", "lib", "hap-sign-tool.jar");
+    if (!import_fs5.default.existsSync(signToolPath)) {
+      throw new Error(`hap-sign-tool.jar not found at ${signToolPath}`);
+    }
+    const alias = options.alias;
+    const pwd = options.pwd || "123456";
+    this.doCreateSignFileP12(javaPath, signToolPath, alias, pwd, p12FilePath);
+    this.doCreateSignFileCsr(javaPath, signToolPath, alias, pwd, p12FilePath, csrFilePath);
+    const csrContent = import_fs5.default.readFileSync(csrFilePath, "utf8");
+    const cerPath = import_path3.default.join(outDir, `${filename}.cer`);
+    const p7bPath = import_path3.default.join(outDir, `${filename}.p7b`);
+    return {
+      alias,
+      p12Path: p12FilePath,
+      csrPath: csrFilePath,
+      csrContent,
+      storePath: outDir,
+      cerPath,
+      p7bPath
+    };
+  }
+  static createSignDefaultFilename() {
+    const timestamp = Date.now().toString();
+    const substring = timestamp.substring(timestamp.length - 5);
+    const randomString = import_crypto.default.randomInt(100, 1e3);
+    return `agc-cli-${substring}-${randomString}`;
+  }
+  static doCreateSignFileP12(javaPath, signToolPath, alias, pwd, outFilePath) {
+    const args = [
+      "-jar",
+      signToolPath,
+      "generate-keypair",
+      "-keyAlias",
+      alias,
+      "-keyPwd",
+      pwd,
+      "-keyAlg",
+      "ECC",
+      "-keySize",
+      "NIST-P-256",
+      "-keystoreFile",
+      outFilePath,
+      "-keystorePwd",
+      pwd
+    ];
+    console.log(`Executing: ${javaPath} ${args.join(" ")}`);
+    (0, import_child_process.execFileSync)(javaPath, args, { stdio: "inherit" });
+  }
+  static doCreateSignFileCsr(javaPath, signToolPath, alias, pwd, p12Path, outFilePath) {
+    const args = [
+      "-jar",
+      signToolPath,
+      "generate-csr",
+      "-keyAlias",
+      alias,
+      "-keyPwd",
+      pwd,
+      "-subject",
+      "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App Release",
+      "-signAlg",
+      "SHA256withECDSA",
+      "-keystoreFile",
+      p12Path,
+      "-keystorePwd",
+      pwd,
+      "-outFile",
+      outFilePath
+    ];
+    console.log(`Executing: ${javaPath} ${args.join(" ")}`);
+    (0, import_child_process.execFileSync)(javaPath, args, { stdio: "inherit" });
+  }
+  static COMPONENT = new Int8Array([49, 243, 9, 115, 214, 175, 91, 184, 211, 190, 177, 88, 101, 131, 192, 119]);
+  static readDirBytes(dirPath) {
+    const entries = import_fs5.default.readdirSync(dirPath).filter((f) => f !== ".DS_Store");
+    return new Int8Array(import_fs5.default.readFileSync(import_path3.default.resolve(dirPath, entries[0])));
+  }
+  static readFd(materialPath) {
+    const fdDir = import_path3.default.resolve(materialPath, "fd");
+    return import_fs5.default.readdirSync(fdDir).filter((f) => f !== ".DS_Store").map((e) => this.readDirBytes(import_path3.default.resolve(fdDir, e)));
+  }
+  static xorBuffers(a, b) {
+    const result = new Int8Array(a.byteLength);
+    for (let i = 0; i < a.byteLength; i++) result[i] = a[i] ^ b[i];
+    return result;
+  }
+  static xorAll(components) {
+    let result = this.xorBuffers(components[0], components[1]);
+    for (let i = 2; i < components.length; i++) result = this.xorBuffers(result, components[i]);
+    return Buffer.from(result);
+  }
+  static aesDecrypt(key, data) {
+    const d = Buffer.from(data);
+    const tagLen = (255 & d[0]) << 24 | (255 & d[1]) << 16 | (255 & d[2]) << 8 | 255 & d[3];
+    const ivLen = d.length - 4 - tagLen;
+    const iv = d.subarray(4, 4 + ivLen);
+    const decipher = import_crypto.default.createDecipheriv("aes-128-gcm", key, iv);
+    decipher.setAuthTag(d.subarray(d.length - 16));
+    return Buffer.concat([decipher.update(d.subarray(4 + ivLen, d.length - 16)), decipher.final()]);
+  }
+  static aesEncrypt(key, plaintext) {
+    const iv = import_crypto.default.randomBytes(12);
+    const cipher = import_crypto.default.createCipheriv("aes-128-gcm", key, iv);
+    const enc = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const header = Buffer.alloc(4);
+    header.writeUInt32BE(enc.length + 16, 0);
+    return Buffer.concat([header, iv, enc, tag]).toString("hex").toUpperCase();
+  }
+  static deriveEncryptionKey(configDir) {
+    const materialDir = import_path3.default.resolve(configDir, "material");
+    const fd = this.readFd(materialDir);
+    const salt = this.readDirBytes(import_path3.default.resolve(materialDir, "ac"));
+    const rawKey = new Int8Array(
+      import_crypto.default.pbkdf2Sync(this.xorAll(fd.concat(this.COMPONENT)).toString(), salt, 1e4, 16, "sha256")
+    );
+    return new Int8Array(this.aesDecrypt(rawKey, this.readDirBytes(import_path3.default.resolve(materialDir, "ce"))));
+  }
+  /**
+   * 使用 DevEco Studio 的加密密钥对密码进行 AES-128-GCM 加密，
+   * 生成 build-profile.json5 中 signingConfigs 所需的加密密码。
+   */
+  static encryptPassword(password, configDir) {
+    const dir = configDir || import_path3.default.join(process.env.HOME || "", ".ohos", "config");
+    if (!import_fs5.default.existsSync(import_path3.default.resolve(dir, "material"))) {
+      throw new Error(`\u672A\u627E\u5230\u52A0\u5BC6\u5BC6\u94A5\u76EE\u5F55: ${import_path3.default.resolve(dir, "material")}\u3002\u8BF7\u786E\u8BA4 DevEco Studio \u5DF2\u5B89\u88C5\u5E76\u751F\u6210\u8FC7\u7B7E\u540D\u914D\u7F6E\u3002`);
+    }
+    const key = this.deriveEncryptionKey(dir);
+    return {
+      keyPassword: this.aesEncrypt(key, password),
+      storePassword: this.aesEncrypt(key, password)
+    };
+  }
+};
+
+// src/cli/index.ts
+var program = new import_commander.Command();
+program.name("agc-cli").description("AppGallery Connect API CLI Tool").version("1.0.0");
+var authCmd = program.command("auth").description("Authentication management");
+authCmd.command("login").description("Login to AGC API and cache the access token").action(async () => {
+  try {
+    const token = await AuthManager.getAccessToken();
+    console.log("Successfully logged in. Token generated and cached.");
+    console.log(`Token snippet: ${token.substring(0, 10)}...`);
+  } catch (e) {
+    console.error("Login failed:", e.message);
+  }
+});
+authCmd.command("logout").description("Logout and clear cached access token").action(() => {
+  const cleared = AuthManager.clearCache();
+  if (cleared) {
+    console.log("Successfully logged out. Token cache cleared.");
+  } else {
+    console.log("Already logged out. No token cache found.");
+  }
+});
+var publishCmd = program.command("publish").description("Publishing API commands");
+publishCmd.command("app-id").description("Get App ID by package name").requiredOption("-p, --package-name <packageName>", "Package name").action(async (options) => {
+  try {
+    const res = await PublishService.getAppIdList(options.packageName);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+publishCmd.command("app-info").description("Get App Info by App ID").requiredOption("-a, --app-id <appId>", "App ID").option("-l, --lang <lang>", "Language, e.g. zh-CN").action(async (options) => {
+  try {
+    const res = await PublishService.getAppInfo(options.appId, options.lang);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+var uploadCmd = program.command("upload").description("Upload Management API commands");
+uploadCmd.command("file").description("Upload a file (APP, APK, images, etc.)").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("-f, --file-path <filePath>", "Path to the local file to upload").option("-r, --release-type <releaseType>", "Release type: 1 for Full, 6 for HarmonyOS Test").option("-c, --chinese-mainland <flag>", "Chinese mainland flag: 0 or 1").action(async (options) => {
+  try {
+    console.log(`Uploading file ${options.filePath}...`);
+    await UploadService.uploadFile({
+      appId: options.appId,
+      filePath: options.filePath,
+      releaseType: options.releaseType ? Number(options.releaseType) : void 0,
+      chineseMainlandFlag: options.chineseMainland ? Number(options.chineseMainland) : void 0
+    });
+    console.log("Upload successful.");
+  } catch (e) {
+    console.error("Upload failed:", e.message);
+  }
+});
+var provisionCmd = program.command("provision").description("Provisioning API commands");
+provisionCmd.command("csr-generate").description("Generate a new keypair and CSR file").requiredOption("--alias <alias>", "Key alias").option("--pwd <pwd>", "Key password (default: 123456)").option("--out-dir <outDir>", "Output directory (default: ./sign_keys)").option("--filename <filename>", "Base filename for generated files").option("--sdk-path <sdkPath>", "Path to HarmonyOS SDK (or set HARMONYOS_SDK_PATH env var)").option("--java-path <javaPath>", "Path to java executable (default: java)").action(async (options) => {
+  try {
+    const res = await SignService.createSignP12AndCsr({
+      alias: options.alias,
+      pwd: options.pwd,
+      outDir: options.outDir,
+      filename: options.filename,
+      sdkPath: options.sdkPath,
+      javaPath: options.javaPath
+    });
+    console.log("CSR generation successful.");
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("CSR generation failed:", e.message);
+  }
+});
+provisionCmd.command("encrypt-pwd").description("\u52A0\u5BC6 P12 \u5BC6\u7801\uFF0C\u751F\u6210 build-profile.json5 \u6240\u9700\u7684 keyPassword / storePassword").requiredOption("--pwd <password>", "P12 \u5BC6\u7801\u660E\u6587").option("--config-dir <configDir>", "DevEco Studio \u914D\u7F6E\u76EE\u5F55 (\u9ED8\u8BA4 ~/.ohos/config)").action(async (options) => {
+  try {
+    const res = SignService.encryptPassword(options.pwd, options.configDir);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("\u52A0\u5BC6\u5931\u8D25:", e.message);
+  }
+});
+provisionCmd.command("cert-create").description("Create a certificate").requiredOption("--csr <csrFile>", "Path to CSR file").requiredOption("--cert-name <certName>", "Certificate name").requiredOption("--cert-type <certType>", "Certificate type (1: debug, 2: release, 3: in-house, 4: binary)").action(async (options) => {
+  try {
+    const csrContent = fs6.readFileSync(options.csr, "utf8");
+    const res = await ProvisionService.createCert({
+      csr: csrContent,
+      certName: options.certName,
+      certType: Number(options.certType)
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("cert-list").description("List certificates").option("-t, --cert-type <certType>", "Certificate type").option("--cert-ids <certIds>", "Comma separated certificate IDs").action(async (options) => {
+  try {
+    const req = {};
+    if (options.certType) req.certType = Number(options.certType);
+    if (options.certIds) req.certIds = options.certIds.split(",");
+    const res = await ProvisionService.getCertList(req);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("cert-delete").description("Delete certificates").requiredOption("--cert-ids <certIds>", "Comma separated certificate IDs to delete").action(async (options) => {
+  try {
+    const res = await ProvisionService.deleteCert({
+      certIds: options.certIds.split(",")
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("device-add").description("Add new devices").requiredOption("--devices <devicesFile>", 'Path to JSON file containing devices array [{"deviceName":"name","udid":"udid","deviceType":1}]').action(async (options) => {
+  try {
+    const fileContent = fs6.readFileSync(options.devices, "utf8");
+    const deviceList = JSON.parse(fileContent);
+    const res = await ProvisionService.addDevice({ deviceList });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("device-list").description("List devices").option("--device-name <deviceName>", "Device name to search").option("--from <fromRecCount>", "Starting page").option("--max <maxReqCount>", "Max items per page").option("--order <order>", "1: create time desc, 2: name asc").action(async (options) => {
+  try {
+    const req = {};
+    if (options.deviceName) req.deviceName = options.deviceName;
+    if (options.from) req.fromRecCount = Number(options.from);
+    if (options.max) req.maxReqCount = Number(options.max);
+    if (options.order) req.order = Number(options.order);
+    const res = await ProvisionService.getDeviceList(req);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("device-delete").description("Delete devices").requiredOption("--device-ids <deviceIdList>", "Comma separated device IDs to delete").action(async (options) => {
+  try {
+    const res = await ProvisionService.deleteDevice({
+      deviceIdList: options.deviceIds.split(",")
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("profile-create").description("Create a profile").requiredOption("--name <provisionName>", "Profile name").requiredOption("--type <provisionType>", "Profile type (1:debug, 2:release, 3:in-house, 6:specific device)").requiredOption("--cert <certId>", "Certificate ID").requiredOption("-a, --app-id <appId>", "App ID").option("--device-ids <deviceIdList>", "Comma separated device IDs").option("--acls <aclPermissionList>", "Comma separated ACL permissions").action(async (options) => {
+  try {
+    const req = {
+      provisionName: options.name,
+      provisionType: Number(options.type),
+      certId: options.cert,
+      appId: options.appId
+    };
+    if (options.deviceIds) req.deviceIdList = options.deviceIds.split(",");
+    if (options.acls) req.aclPermissionList = options.acls.split(",");
+    const res = await ProvisionService.createProvision(req);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("profile-list").description("List profiles").requiredOption("-a, --app-id <appId>", "App ID").option("--profile-id <provisionId>", "Profile ID").option("--from <fromRecCount>", "Starting page").option("--max <maxReqCount>", "Max items per page").action(async (options) => {
+  try {
+    const req = { appId: options.appId };
+    if (options.profileId) req.provisionId = options.profileId;
+    if (options.from) req.fromRecCount = Number(options.from);
+    if (options.max) req.maxReqCount = Number(options.max);
+    const res = await ProvisionService.getProvisionList(req);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("profile-update").description("Update profile devices").requiredOption("--id <provisionId>", "Profile ID").requiredOption("--device-ids <deviceIdList>", "Comma separated device IDs").action(async (options) => {
+  try {
+    const res = await ProvisionService.updateProvision({
+      provisionId: options.id,
+      deviceIdList: options.deviceIds.split(",")
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("profile-delete").description("Delete a profile").requiredOption("--id <id>", "Profile ID to delete").action(async (options) => {
+  try {
+    const res = await ProvisionService.deleteProvision({ id: options.id });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("fp-add").description("Add certificate fingerprints").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("--fps <fingerprintList>", "Comma separated fingerprints").action(async (options) => {
+  try {
+    const res = await ProvisionService.addFingerprint({
+      appId: options.appId,
+      fingerprintList: options.fps.split(",")
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("fp-list").description("List certificate fingerprints").requiredOption("-a, --app-id <appId>", "App ID").action(async (options) => {
+  try {
+    const res = await ProvisionService.getFingerprintList({ appId: options.appId });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("fp-delete").description("Delete certificate fingerprints").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("--fps <fingerprintList>", "Comma separated fingerprints to delete").action(async (options) => {
+  try {
+    const res = await ProvisionService.deleteFingerprint({
+      appId: options.appId,
+      fingerprintList: options.fps.split(",")
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("acl-apply").description("Apply for restricted ACL permissions").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("--acls <aclsFile>", 'Path to JSON file containing ACL permissions [{"name":"name","reason":"reason"}]').option("--attachment <attachment>", "Attachment object ID").action(async (options) => {
+  try {
+    const fileContent = fs6.readFileSync(options.acls, "utf8");
+    const aclPermissionList = JSON.parse(fileContent);
+    const req = { appId: options.appId, aclPermissionList };
+    if (options.attachment) req.attachment = options.attachment;
+    const res = await ProvisionService.applyACL(req);
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("acl-status").description("Check ACL permission apply status").requiredOption("-a, --app-id <appId>", "App ID").action(async (options) => {
+  try {
+    const res = await ProvisionService.getACLStatus({ appId: options.appId });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+provisionCmd.command("acl-query").description("Query granted ACL permissions").requiredOption("-a, --app-id <appId>", "App ID").action(async (options) => {
+  try {
+    const res = await ProvisionService.getACLQuery({ appId: options.appId });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+var domainCmd = program.command("domain").description("Domain Management API commands");
+domainCmd.command("query").description("Query domain configuration").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("-c, --category <category>", "Category: server or business").action(async (options) => {
+  try {
+    const res = await DomainService.queryDomain({
+      appId: options.appId,
+      category: options.category
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+domainCmd.command("update").description("Add or update domain configuration").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("-c, --category <category>", "Category: server or business").requiredOption("--domains <domainsFile>", 'Path to JSON file containing domains array [{"type":"httpRequest","value":"https://..."}]').action(async (options) => {
+  try {
+    const fileContent = fs6.readFileSync(options.domains, "utf8");
+    const domains = JSON.parse(fileContent);
+    const res = await DomainService.updateDomain({
+      appId: options.appId,
+      category: options.category,
+      domains
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+domainCmd.command("config").description("Query domain modification counts and limits").requiredOption("-a, --app-id <appId>", "App ID").action(async (options) => {
+  try {
+    const res = await DomainService.queryDomainConfig({
+      appId: options.appId
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+domainCmd.command("verify-file").description("Download domain verify file").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("-o, --output <outputPath>", "Output file path").action(async (options) => {
+  try {
+    console.log(`Downloading verify file to ${options.output}...`);
+    await DomainService.verifyFile({
+      appId: options.appId
+    }, options.output);
+    console.log("Download successful.");
+  } catch (e) {
+    console.error("Download failed:", e.message);
+  }
+});
+domainCmd.command("pre-check").description("Pre-check business domain configuration").requiredOption("-a, --app-id <appId>", "App ID").requiredOption("--domain <domainFile>", 'Path to JSON file containing domain object {"type":"webView","value":"https://..."}').action(async (options) => {
+  try {
+    const fileContent = fs6.readFileSync(options.domain, "utf8");
+    const domain = JSON.parse(fileContent);
+    const res = await DomainService.preCheckDomain({
+      appId: options.appId,
+      domain
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (e) {
+    console.error("Request failed:", e.message);
+  }
+});
+program.parse(process.argv);
+//# sourceMappingURL=cli.js.map