agent-messenger 2.0.0 → 2.2.0

package/src/platforms/webex/client.ts

@@ -0,0 +1,405 @@
+import type { WebexMembership, WebexMessage, WebexPerson, WebexSpace } from './types'
+import { WebexError } from './types'
+import { WebexCredentialManager } from './credential-manager'
+
+const BASE_URL = 'https://webexapis.com/v1'
+const MAX_RETRIES = 3
+const BASE_BACKOFF_MS = 100
+
+interface RateLimitBucket {
+  remaining: number
+  resetAt: number
+}
+
+export class WebexClient {
+  private token: string | null = null
+  private deviceUrl: string | null = null
+  private tokenType: string | null = null
+  private buckets: Map<string, RateLimitBucket> = new Map()
+  private globalRateLimitUntil: number = 0
+
+  async login(credentials?: { token: string }): Promise<this> {
+    if (credentials) {
+      if (!credentials.token) {
+        throw new WebexError('Token is required', 'missing_token')
+      }
+      this.token = credentials.token
+      return this
+    }
+
+    const { ensureWebexAuth } = await import('./ensure-auth')
+    await ensureWebexAuth()
+    const credManager = new WebexCredentialManager()
+    const config = await credManager.loadConfig()
+    const token = await credManager.getToken(config?.clientId, config?.clientSecret)
+    if (!token) {
+      throw new WebexError(
+        'No Webex credentials found. Run "auth login" to authenticate.',
+        'no_credentials',
+      )
+    }
+    this.deviceUrl = config?.deviceUrl ?? null
+    this.tokenType = config?.tokenType ?? null
+    return this.login({ token })
+  }
+
+  private ensureAuth(): string {
+    if (this.token === null) {
+      throw new WebexError('Not authenticated. Call .login() first.', 'not_authenticated')
+    }
+    return this.token
+  }
+
+  private getBucketKey(method: string, path: string): string {
+    const normalized = path.replace(
+      /\/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}(?=\/|$)/gi,
+      '/{id}',
+    )
+    return `${method}:${normalized}`
+  }
+
+  private async waitForRateLimit(bucketKey: string): Promise<void> {
+    const now = Date.now()
+
+    if (this.globalRateLimitUntil > now) {
+      await this.sleep(this.globalRateLimitUntil - now)
+    }
+
+    const bucket = this.buckets.get(bucketKey)
+    if (bucket && bucket.remaining === 0 && bucket.resetAt * 1000 > now) {
+      await this.sleep(bucket.resetAt * 1000 - now)
+    }
+  }
+
+  private updateBucket(bucketKey: string, response: Response): void {
+    const remaining = response.headers.get('X-RateLimit-Remaining')
+    const reset = response.headers.get('X-RateLimit-Reset')
+
+    if (remaining !== null && reset !== null) {
+      this.buckets.set(bucketKey, {
+        remaining: parseInt(remaining, 10),
+        resetAt: parseFloat(reset),
+      })
+    }
+  }
+
+  private async handleRateLimitResponse(response: Response): Promise<number> {
+    const retryAfter = response.headers.get('Retry-After')
+    const waitMs = parseFloat(retryAfter || '1') * 1000
+
+    this.globalRateLimitUntil = Date.now() + waitMs
+    await this.sleep(waitMs)
+    return waitMs
+  }
+
+  private sleep(ms: number): Promise<void> {
+    return new Promise((resolve) => setTimeout(resolve, ms))
+  }
+
+  private async request<T>(method: string, path: string, body?: unknown): Promise<T> {
+    const url = `${BASE_URL}${path}`
+    const bucketKey = this.getBucketKey(method, path)
+
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+      await this.waitForRateLimit(bucketKey)
+
+      const options: RequestInit = {
+        method,
+        headers: {
+          Authorization: `Bearer ${this.ensureAuth()}`,
+          'Content-Type': 'application/json',
+        },
+      }
+
+      if (body !== undefined) {
+        options.body = JSON.stringify(body)
+      }
+
+      const response = await fetch(url, options)
+      this.updateBucket(bucketKey, response)
+
+      if (response.status === 429) {
+        if (attempt < MAX_RETRIES) {
+          await this.handleRateLimitResponse(response)
+          continue
+        }
+        const errorBody = (await response.json().catch(() => null)) as {
+          message?: string
+        } | null
+        throw new WebexError(errorBody?.message ?? 'Rate limited', 'rate_limited')
+      }
+
+      if (response.status >= 500 && attempt < MAX_RETRIES) {
+        await this.sleep(BASE_BACKOFF_MS * 2 ** attempt)
+        continue
+      }
+
+      if (!response.ok) {
+        const errorBody = (await response.json().catch(() => null)) as {
+          message?: string
+          errors?: Array<{ description: string }>
+          trackingId?: string
+        } | null
+        const message =
+          errorBody?.message ??
+          errorBody?.errors?.[0]?.description ??
+          `HTTP ${response.status}`
+        throw new WebexError(message, `http_${response.status}`)
+      }
+
+      if (response.status === 204) {
+        return undefined as T
+      }
+
+      return response.json() as Promise<T>
+    }
+
+    throw new WebexError('Request failed after retries', 'max_retries')
+  }
+
+  async testAuth(): Promise<WebexPerson> {
+    return this.request<WebexPerson>('GET', '/people/me')
+  }
+
+  async listSpaces(options?: { type?: string; max?: number }): Promise<WebexSpace[]> {
+    const params = new URLSearchParams()
+    if (options?.type) params.set('type', options.type)
+    params.set('max', String(options?.max ?? 50))
+    const query = params.toString()
+    const data = await this.request<{ items: WebexSpace[] }>('GET', `/rooms?${query}`)
+    return data.items
+  }
+
+  async getSpace(spaceId: string): Promise<WebexSpace> {
+    return this.request<WebexSpace>('GET', `/rooms/${spaceId}`)
+  }
+
+  async sendMessage(
+    roomId: string,
+    text: string,
+    options?: { markdown?: boolean },
+  ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      return this.sendMessageInternal(roomId, text, options)
+    }
+    const body = options?.markdown ? { roomId, markdown: text } : { roomId, text }
+    return this.request<WebexMessage>('POST', '/messages', body)
+  }
+
+  private get useInternalAPI(): boolean {
+    return this.tokenType === 'extracted' && this.deviceUrl !== null
+  }
+
+  private get convBaseUrl(): string {
+    const match = this.deviceUrl?.match(/wdm(-[a-z0-9]+)\.wbx2\.com/)
+    return `https://conv${match?.[1] ?? ''}.wbx2.com/conversation/api/v1`
+  }
+
+  private get internalHeaders(): Record<string, string> {
+    return {
+      Authorization: `Bearer ${this.ensureAuth()}`,
+      'Content-Type': 'application/json',
+      'cisco-device-url': this.deviceUrl!,
+    }
+  }
+
+  private decodeConvUuid(roomId: string): string {
+    return Buffer.from(roomId, 'base64').toString('utf8').split('/').pop() ?? roomId
+  }
+
+  private async internalRequest<T>(path: string, init?: RequestInit): Promise<T> {
+    const response = await fetch(`${this.convBaseUrl}${path}`, {
+      ...init,
+      headers: { ...this.internalHeaders, ...init?.headers as Record<string, string> },
+    })
+
+    if (!response.ok) {
+      const errorBody = (await response.json().catch(() => null)) as { message?: string } | null
+      throw new WebexError(
+        errorBody?.message ?? `HTTP ${response.status}`,
+        `http_${response.status}`,
+      )
+    }
+
+    if (response.status === 204) return undefined as T
+    return response.json() as Promise<T>
+  }
+
+  private activityToMessage(a: InternalActivity, roomId: string): WebexMessage {
+    return {
+      id: a.id,
+      roomId,
+      roomType: 'group' as const,
+      text: a.object?.content ?? a.object?.displayName,
+      personId: a.actor?.entryUUID ?? a.actor?.id ?? '',
+      personEmail: a.actor?.emailAddress ?? '',
+      created: a.published,
+    }
+  }
+
+  private async sendMessageInternal(
+    roomId: string,
+    text: string,
+    options?: { markdown?: boolean },
+  ): Promise<WebexMessage> {
+    const convUuid = this.decodeConvUuid(roomId)
+    const object = options?.markdown
+      ? { objectType: 'comment', displayName: text, content: text, markdown: text }
+      : { objectType: 'comment', displayName: text, content: text }
+    const result = await this.internalRequest<InternalActivity>('/activities', {
+      method: 'POST',
+      body: JSON.stringify({
+        verb: 'post',
+        object,
+        target: { id: convUuid, objectType: 'conversation' },
+        clientTempId: `tmp-${Date.now()}`,
+      }),
+    })
+    return this.activityToMessage(result, roomId)
+  }
+
+  async sendDirectMessage(
+    personEmail: string,
+    text: string,
+    options?: { markdown?: boolean },
+  ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const roomId = await this.findDirectRoomByEmail(personEmail)
+      if (!roomId) {
+        throw new WebexError(`No existing direct conversation with ${personEmail}`, 'not_found')
+      }
+      return this.sendMessageInternal(roomId, text, options)
+    }
+    const body = options?.markdown
+      ? { toPersonEmail: personEmail, markdown: text }
+      : { toPersonEmail: personEmail, text }
+    return this.request<WebexMessage>('POST', '/messages', body)
+  }
+
+  private async findDirectRoomByEmail(email: string): Promise<string | null> {
+    const rooms = await this.request<{ items: WebexSpace[] }>('GET', `/rooms?type=direct&max=100`)
+    for (const room of rooms.items) {
+      const members = await this.request<{ items: WebexMembership[] }>(
+        'GET',
+        `/memberships?roomId=${room.id}&max=10`,
+      )
+      if (members.items.some((m) => m.personEmail === email)) {
+        return room.id
+      }
+    }
+    return null
+  }
+
+  async listMessages(roomId: string, options?: { max?: number }): Promise<WebexMessage[]> {
+    if (this.useInternalAPI) {
+      const convUuid = this.decodeConvUuid(roomId)
+      const max = options?.max ?? 50
+      const conv = await this.internalRequest<InternalConversation>(
+        `/conversations/${convUuid}?activitiesLimit=${max}&participantsLimit=0`,
+      )
+      return (conv.activities?.items ?? [])
+        .filter((a) => a.verb === 'post')
+        .map((a) => this.activityToMessage(a, roomId))
+    }
+    const params = new URLSearchParams()
+    params.set('roomId', roomId)
+    params.set('max', String(options?.max ?? 50))
+    const data = await this.request<{ items: WebexMessage[] }>('GET', `/messages?${params}`)
+    return data.items
+  }
+
+  async getMessage(messageId: string): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const activity = await this.internalRequest<InternalActivity>(`/activities/${messageId}`)
+      const convId = activity.target?.id ?? ''
+      const roomId = convId ? Buffer.from(`ciscospark://urn:TEAM:unknown/ROOM/${convId}`).toString('base64') : ''
+      return this.activityToMessage(activity, roomId)
+    }
+    return this.request<WebexMessage>('GET', `/messages/${messageId}`)
+  }
+
+  async deleteMessage(messageId: string): Promise<void> {
+    if (this.useInternalAPI) {
+      const activity = await this.internalRequest<InternalActivity>(`/activities/${messageId}`)
+      const convId = activity.target?.id
+      if (!convId) throw new WebexError('Cannot determine conversation for activity', 'internal_error')
+      await this.internalRequest<unknown>('/activities', {
+        method: 'POST',
+        body: JSON.stringify({
+          verb: 'delete',
+          object: { id: messageId, objectType: 'activity' },
+          target: { id: convId, objectType: 'conversation' },
+        }),
+      })
+      return
+    }
+    return this.request<void>('DELETE', `/messages/${messageId}`)
+  }
+
+  async editMessage(
+    messageId: string,
+    roomId: string,
+    text: string,
+    options?: { markdown?: boolean },
+  ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const convUuid = this.decodeConvUuid(roomId)
+      const result = await this.internalRequest<InternalActivity>('/activities', {
+        method: 'POST',
+        body: JSON.stringify({
+          verb: 'post',
+          object: { objectType: 'comment', displayName: text, content: text },
+          target: { id: convUuid, objectType: 'conversation' },
+          parent: { id: messageId, type: 'edit' },
+          clientTempId: `tmp-${Date.now()}`,
+        }),
+      })
+      return this.activityToMessage(result, roomId)
+    }
+    const body = options?.markdown ? { roomId, markdown: text } : { roomId, text }
+    return this.request<WebexMessage>('PUT', `/messages/${messageId}`, body)
+  }
+
+  async listPeople(options?: {
+    email?: string
+    displayName?: string
+    max?: number
+  }): Promise<WebexPerson[]> {
+    const params = new URLSearchParams()
+    if (options?.email) params.set('email', options.email)
+    if (options?.displayName) params.set('displayName', options.displayName)
+    if (options?.max) params.set('max', String(options.max))
+    const query = params.toString()
+    const path = query ? `/people?${query}` : '/people'
+    const data = await this.request<{ items: WebexPerson[] }>('GET', path)
+    return data.items
+  }
+
+  async listMemberships(
+    roomId: string,
+    options?: { max?: number },
+  ): Promise<WebexMembership[]> {
+    const params = new URLSearchParams()
+    params.set('roomId', roomId)
+    if (options?.max) params.set('max', String(options.max))
+    const data = await this.request<{ items: WebexMembership[] }>(
+      'GET',
+      `/memberships?${params}`,
+    )
+    return data.items
+  }
+}
+
+interface InternalActivity {
+  id: string
+  verb: string
+  actor?: { displayName?: string; emailAddress?: string; entryUUID?: string; id?: string }
+  object?: { content?: string; displayName?: string; objectType?: string }
+  target?: { id: string }
+  published: string
+}
+
+interface InternalConversation {
+  id: string
+  activities?: { items: InternalActivity[] }
+}

package/src/platforms/webex/commands/auth.test.ts

@@ -0,0 +1,222 @@
+import { afterEach, beforeEach, describe, expect, mock, spyOn, test } from 'bun:test'
+import * as childProcess from 'node:child_process'
+
+import { WebexClient } from '../client'
+import { WebexCredentialManager } from '../credential-manager'
+import { loginAction, logoutAction, statusAction } from './auth'
+
+describe('auth commands', () => {
+  let consoleSpy: ReturnType<typeof spyOn>
+  let _consoleErrorSpy: ReturnType<typeof spyOn>
+  const mockPerson = {
+    id: 'person-1',
+    displayName: 'Test User',
+    emails: ['test@example.com'],
+    orgId: 'org-1',
+    type: 'person' as const,
+    created: '2024-01-01T00:00:00.000Z',
+  }
+
+  beforeEach(() => {
+    consoleSpy = spyOn(console, 'log').mockImplementation(() => {})
+    _consoleErrorSpy = spyOn(console, 'error').mockImplementation(() => {})
+    spyOn(childProcess, 'exec').mockImplementation((() => {}) as any)
+  })
+
+  afterEach(() => {
+    mock.restore()
+  })
+
+  describe('loginAction with --token', () => {
+    test('authenticates with provided token (bot token flow)', async () => {
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+      spyOn(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+
+      await loginAction({ token: 'bot-token-123', pretty: false })
+
+      expect(consoleSpy).toHaveBeenCalled()
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.authenticated).toBe(true)
+      expect(output.user.displayName).toBe('Test User')
+    })
+
+    test('saves tokenType as manual with expiresAt 0', async () => {
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+      const saveSpy = spyOn(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+
+      await loginAction({ token: 'bot-token-123', pretty: false })
+
+      const savedConfig = saveSpy.mock.calls[0][0] as { tokenType: string; expiresAt: number; refreshToken: string }
+      expect(savedConfig.tokenType).toBe('manual')
+      expect(savedConfig.expiresAt).toBe(0)
+      expect(savedConfig.refreshToken).toBe('')
+    })
+  })
+
+  describe('loginAction with --client-id and --client-secret', () => {
+    test('uses provided credentials for Device Grant flow', async () => {
+      spyOn(WebexCredentialManager.prototype, 'requestDeviceCode').mockResolvedValue({
+        deviceCode: 'd',
+        userCode: 'u',
+        verificationUri: 'https://v',
+        verificationUriComplete: 'https://vc',
+        expiresIn: 300,
+        interval: 0.01,
+      })
+      spyOn(WebexCredentialManager.prototype, 'pollDeviceToken').mockResolvedValue({
+        accessToken: 'at',
+        refreshToken: 'rt',
+        expiresAt: Date.now() + 3600000,
+      })
+      spyOn(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await loginAction({ clientId: 'my-id', clientSecret: 'my-secret', pretty: false })
+
+      expect(WebexCredentialManager.prototype.requestDeviceCode).toHaveBeenCalledWith('my-id')
+      expect(WebexCredentialManager.prototype.pollDeviceToken).toHaveBeenCalledWith('d', 0.01, 300, 'my-id', 'my-secret')
+    })
+
+    test('saves tokenType as oauth in config', async () => {
+      spyOn(WebexCredentialManager.prototype, 'requestDeviceCode').mockResolvedValue({
+        deviceCode: 'd',
+        userCode: 'u',
+        verificationUri: 'https://v',
+        verificationUriComplete: 'https://vc',
+        expiresIn: 300,
+        interval: 0.01,
+      })
+      spyOn(WebexCredentialManager.prototype, 'pollDeviceToken').mockResolvedValue({
+        accessToken: 'at',
+        refreshToken: 'rt',
+        expiresAt: Date.now() + 3600000,
+      })
+      const saveSpy = spyOn(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await loginAction({ clientId: 'my-id', clientSecret: 'my-secret', pretty: false })
+
+      const savedConfig = saveSpy.mock.calls[0][0] as { tokenType: string }
+      expect(savedConfig.tokenType).toBe('oauth')
+    })
+
+    test('saves clientId and clientSecret in config', async () => {
+      spyOn(WebexCredentialManager.prototype, 'requestDeviceCode').mockResolvedValue({
+        deviceCode: 'd',
+        userCode: 'u',
+        verificationUri: 'https://v',
+        verificationUriComplete: 'https://vc',
+        expiresIn: 300,
+        interval: 0.01,
+      })
+      spyOn(WebexCredentialManager.prototype, 'pollDeviceToken').mockResolvedValue({
+        accessToken: 'at',
+        refreshToken: 'rt',
+        expiresAt: Date.now() + 3600000,
+      })
+      spyOn(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await loginAction({ clientId: 'my-id', clientSecret: 'my-secret', pretty: false })
+
+      const savedConfig = (WebexCredentialManager.prototype.saveConfig as ReturnType<typeof spyOn>).mock.calls[0][0] as { clientId: string; clientSecret: string }
+      expect(savedConfig.clientId).toBe('my-id')
+      expect(savedConfig.clientSecret).toBe('my-secret')
+    })
+  })
+
+  describe('statusAction', () => {
+    test('shows authenticated status when token is valid', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
+      spyOn(WebexCredentialManager.prototype, 'getToken').mockResolvedValue('valid-token')
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await statusAction({ pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.authenticated).toBe(true)
+      expect(output.user.displayName).toBe('Test User')
+    })
+
+    test('shows not authenticated when no token', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
+      spyOn(WebexCredentialManager.prototype, 'getToken').mockResolvedValue(null)
+      const exitSpy = spyOn(process, 'exit').mockImplementation(() => undefined as never)
+
+      await statusAction({ pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.error).toContain('Not authenticated')
+      expect(exitSpy).toHaveBeenCalledWith(1)
+    })
+
+    test('shows not authenticated when token validation fails', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
+      spyOn(WebexCredentialManager.prototype, 'getToken').mockResolvedValue('invalid-token')
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockRejectedValue(new Error('401 Unauthorized'))
+
+      await statusAction({ pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.authenticated).toBe(false)
+    })
+
+    test('loads config for stored client credentials', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue({
+        accessToken: 'at',
+        refreshToken: 'rt',
+        expiresAt: Date.now() + 3600000,
+        clientId: 'stored-id',
+        clientSecret: 'stored-secret',
+      })
+      spyOn(WebexCredentialManager.prototype, 'getToken').mockResolvedValue('valid-token')
+      spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await statusAction({ pretty: false })
+
+      expect(WebexCredentialManager.prototype.getToken).toHaveBeenCalledWith('stored-id', 'stored-secret')
+    })
+  })
+
+  describe('logoutAction', () => {
+    test('clears credentials when authenticated', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue({
+        accessToken: 'token',
+        refreshToken: 'refresh',
+        expiresAt: Date.now() + 3600000,
+      })
+      const clearSpy = spyOn(WebexCredentialManager.prototype, 'clearCredentials').mockResolvedValue(undefined)
+
+      await logoutAction({ pretty: false })
+
+      expect(clearSpy).toHaveBeenCalled()
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.success).toBe(true)
+    })
+
+    test('shows error when not authenticated', async () => {
+      spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
+      const exitSpy = spyOn(process, 'exit').mockImplementation(() => undefined as never)
+
+      await logoutAction({ pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.error).toContain('Not authenticated')
+      expect(exitSpy).toHaveBeenCalledWith(1)
+    })
+  })
+})