appwrite-cli 22.1.2 → 22.2.0

package/dist/cli.cjs

@@ -26710,7 +26710,7 @@ var require_sbcs = __commonJS({
       return mod && mod.__esModule ? mod : { "default": mod };
     };
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.KOI8_R = exports2.windows_1256 = exports2.windows_1251 = exports2.ISO_8859_9 = exports2.ISO_8859_8 = exports2.ISO_8859_7 = exports2.ISO_8859_6 = exports2.ISO_8859_5 = exports2.ISO_8859_2 = exports2.ISO_8859_1 = void 0;
+    exports2.KOI8_R = exports2.windows_874 = exports2.windows_1258 = exports2.windows_1257 = exports2.windows_1256 = exports2.windows_1251 = exports2.ISO_8859_9 = exports2.ISO_8859_8 = exports2.ISO_8859_7 = exports2.ISO_8859_6 = exports2.ISO_8859_5 = exports2.ISO_8859_2 = exports2.ISO_8859_1 = void 0;
     var match_1 = __importDefault(require_match());
     var N_GRAM_MASK = 16777215;
     var NGramParser = class {
@@ -30713,6 +30713,443 @@ var require_sbcs = __commonJS({
       }
     };
     exports2.windows_1256 = windows_1256;
+    var windows_1257 = class extends sbcs {
+      match(det) {
+        return det.inputBytes.some((byte) => byte >= 128) ? super.match(det) : null;
+      }
+      byteMap() {
+        const byteMap = new Array(256).fill(32);
+        byteMap[39] = 0;
+        for (let i = 65; i <= 90; i++)
+          byteMap[i] = i + 32;
+        for (let i = 97; i <= 122; i++)
+          byteMap[i] = i;
+        byteMap[142] = 142;
+        byteMap[168] = byteMap[184] = 184;
+        byteMap[170] = byteMap[186] = 186;
+        byteMap[175] = byteMap[191] = 191;
+        byteMap[181] = 181;
+        for (let i = 192; i <= 214; i++)
+          byteMap[i] = i + 32;
+        for (let i = 216; i <= 222; i++)
+          byteMap[i] = i + 32;
+        byteMap[223] = 223;
+        for (let i = 224; i <= 246; i++)
+          byteMap[i] = i;
+        for (let i = 248; i <= 254; i++)
+          byteMap[i] = i;
+        return byteMap;
+      }
+      ngrams() {
+        return [
+          new NGramsPlusLang("et", [
+            2122090,
+            2122098,
+            2123109,
+            2124135,
+            2124385,
+            2124641,
+            2124645,
+            2124649,
+            2124655,
+            2124661,
+            2124897,
+            2125417,
+            2125678,
+            2126441,
+            2126693,
+            2126949,
+            6365281,
+            6365290,
+            6365291,
+            6365292,
+            6382112,
+            6382624,
+            6384499,
+            6386549,
+            6386785,
+            6387297,
+            6561908,
+            6578464,
+            6583667,
+            6627435,
+            6627443,
+            6645100,
+            6645107,
+            6646816,
+            6646885,
+            6646900,
+            6648608,
+            6648692,
+            6889579,
+            6906912,
+            6910570,
+            6910752,
+            6971680,
+            7037299,
+            7038309,
+            7039346,
+            7040879,
+            7041893,
+            7041908,
+            7104875,
+            7107616,
+            7544929,
+            7544939,
+            7562528,
+            7562604,
+            7566437,
+            7566441,
+            7566708,
+            7627115,
+            7627124,
+            7629088,
+            7697184,
+            7697253,
+            7697505
+          ]),
+          new NGramsPlusLang("lv", [
+            2122098,
+            2122601,
+            2122849,
+            2124146,
+            2124154,
+            2124897,
+            2125282,
+            2125921,
+            2125938,
+            2126433,
+            2126689,
+            2126699,
+            2126949,
+            2127214,
+            2127457,
+            6365289,
+            6365301,
+            6365302,
+            6382185,
+            6383904,
+            6384499,
+            6384751,
+            6385778,
+            6386293,
+            6386464,
+            6386806,
+            6449509,
+            6452512,
+            6515052,
+            6515060,
+            6578464,
+            6578546,
+            6583584,
+            6584864,
+            6644850,
+            6646123,
+            6646643,
+            6647393,
+            6648608,
+            6680693,
+            6889577,
+            6907236,
+            6907376,
+            6908642,
+            6909046,
+            7041908,
+            7102836,
+            7106404,
+            7233824,
+            7300193,
+            7496043,
+            7501166,
+            7544947,
+            7544949,
+            7544950,
+            7566453,
+            7566574,
+            7632160,
+            7632489,
+            7676022,
+            7695904,
+            7697184,
+            7758188,
+            14840608
+          ]),
+          new NGramsPlusLang("lt", [
+            2122089,
+            2122341,
+            2124146,
+            2124641,
+            2124905,
+            2125167,
+            2126433,
+            2126689,
+            2126699,
+            2126709,
+            2126945,
+            2126949,
+            2126965,
+            2127457,
+            2127465,
+            6365300,
+            6365424,
+            6383904,
+            6383988,
+            6384112,
+            6384738,
+            6384993,
+            6385268,
+            6386274,
+            6386292,
+            6386976,
+            6387050,
+            6418553,
+            6447392,
+            6448489,
+            6448494,
+            6647401,
+            6648949,
+            6889569,
+            6889577,
+            6889579,
+            6889581,
+            6906217,
+            6907246,
+            6907252,
+            6909543,
+            6910496,
+            6910752,
+            6942827,
+            6971757,
+            6972704,
+            7037289,
+            7037292,
+            7103073,
+            7104869,
+            7170419,
+            7171947,
+            7269152,
+            7301733,
+            7302009,
+            7303968,
+            7496176,
+            7544937,
+            7544939,
+            7544950,
+            7564129,
+            7629088,
+            7632246,
+            7957356
+          ])
+        ];
+      }
+      name() {
+        return "windows-1257";
+      }
+    };
+    exports2.windows_1257 = windows_1257;
+    var windows_1258 = class extends sbcs {
+      match(det) {
+        return det.inputBytes.some((byte) => byte >= 128) ? super.match(det) : null;
+      }
+      byteMap() {
+        const byteMap = new Array(256).fill(32);
+        byteMap[39] = 0;
+        for (let i = 65; i <= 90; i++)
+          byteMap[i] = i + 32;
+        for (let i = 97; i <= 122; i++)
+          byteMap[i] = i;
+        byteMap[131] = 131;
+        byteMap[136] = 136;
+        byteMap[140] = byteMap[156] = 156;
+        byteMap[159] = 255;
+        byteMap[170] = 170;
+        byteMap[181] = 181;
+        byteMap[186] = 186;
+        for (let i = 192; i <= 203; i++)
+          byteMap[i] = i + 32;
+        byteMap[204] = 204;
+        for (let i = 205; i <= 209; i++)
+          byteMap[i] = i + 32;
+        byteMap[210] = 210;
+        for (let i = 211; i <= 214; i++)
+          byteMap[i] = i + 32;
+        for (let i = 216; i <= 221; i++)
+          byteMap[i] = i + 32;
+        byteMap[222] = 222;
+        byteMap[223] = 223;
+        for (let i = 224; i <= 246; i++)
+          byteMap[i] = i;
+        for (let i = 248; i <= 253; i++)
+          byteMap[i] = i;
+        byteMap[255] = 255;
+        return byteMap;
+      }
+      ngrams() {
+        return [
+          2122600,
+          2122721,
+          2123625,
+          2123887,
+          2125415,
+          2125928,
+          2126952,
+          2126953,
+          2126962,
+          2127465,
+          2127584,
+          6419060,
+          6496355,
+          6496374,
+          6514720,
+          6514925,
+          6545763,
+          6758504,
+          6758510,
+          6758516,
+          6758518,
+          6812782,
+          6815198,
+          6815221,
+          6824052,
+          6844402,
+          6876526,
+          6889582,
+          6889588,
+          6941394,
+          6941420,
+          6941426,
+          7217251,
+          7217262,
+          7217268,
+          7235360,
+          7235572,
+          7235581,
+          7235616,
+          7302759,
+          7336547,
+          7610483,
+          7629053,
+          7629290,
+          7631471,
+          7676020,
+          7760362,
+          7790624,
+          13396256,
+          13397607,
+          14557288,
+          14771048,
+          15395950,
+          15397492,
+          15494759,
+          15496224,
+          15560296,
+          15885088,
+          15886624,
+          15887904,
+          15889440,
+          16018976,
+          16108649,
+          16643532
+        ];
+      }
+      name() {
+        return "windows-1258";
+      }
+      language() {
+        return "vi";
+      }
+    };
+    exports2.windows_1258 = windows_1258;
+    var windows_874 = class extends sbcs {
+      byteMap() {
+        const byteMap = new Array(256).fill(32);
+        byteMap[39] = 0;
+        for (let i = 65; i <= 90; i++)
+          byteMap[i] = i + 32;
+        for (let i = 97; i <= 122; i++)
+          byteMap[i] = i;
+        for (let i = 161; i <= 218; i++)
+          byteMap[i] = i;
+        for (let i = 223; i <= 251; i++)
+          byteMap[i] = i;
+        return byteMap;
+      }
+      ngrams() {
+        return [
+          2138578,
+          2138856,
+          2146514,
+          2148291,
+          2154949,
+          10604985,
+          10605251,
+          10669479,
+          10671554,
+          10799058,
+          11064263,
+          11195847,
+          11200960,
+          11200995,
+          11910083,
+          12042976,
+          12042979,
+          12047848,
+          12132544,
+          12165586,
+          12173522,
+          12305360,
+          12314553,
+          12636873,
+          12828960,
+          12829619,
+          12829633,
+          12832936,
+          12832994,
+          12837026,
+          13091779,
+          13095353,
+          13095617,
+          13096117,
+          13226679,
+          13226724,
+          13293544,
+          13477063,
+          13674707,
+          13689538,
+          13744416,
+          13805473,
+          13812171,
+          13812452,
+          13812512,
+          13812704,
+          13814226,
+          13821111,
+          13879249,
+          13940155,
+          14009017,
+          14010324,
+          14149837,
+          14721749,
+          14728167,
+          14796240,
+          14860964,
+          14920425,
+          14924193,
+          14989250,
+          15258279,
+          15262634,
+          15319250,
+          15328185
+        ];
+      }
+      name() {
+        return "windows-874";
+      }
+      language() {
+        return "th";
+      }
+    };
+    exports2.windows_874 = windows_874;
     var KOI8_R = class extends sbcs {
       byteMap() {
         return [
@@ -31264,6 +31701,9 @@ var require_lib = __commonJS({
       new sbcs.ISO_8859_9(),
       new sbcs.windows_1251(),
       new sbcs.windows_1256(),
+      new sbcs.windows_1257(),
+      new sbcs.windows_1258(),
+      new sbcs.windows_874(),
       new sbcs.KOI8_R(),
       new ascii_1.default()
     ];
@@ -86099,7 +86539,7 @@ var package_default = {
   type: "module",
   homepage: "https://appwrite.io/support",
   description: "Appwrite is an open-source self-hosted backend server that abstracts and simplifies complex and repetitive development tasks behind a very simple REST API",
-  version: "22.1.2",
+  version: "22.2.0",
   license: "BSD-3-Clause",
   main: "dist/index.cjs",
   module: "dist/index.js",
@@ -86131,9 +86571,9 @@ var package_default = {
     "build:types": "tsc -p tsconfig.json --emitDeclarationOnly",
     "build:runtime": "npm run build:lib:runtime && npm run build:cli",
     "build:lib:runtime": "npm run build:lib:esm && npm run build:lib:cjs",
-    "build:lib:esm": "esbuild index.ts --bundle --platform=node --target=node18 --format=esm --loader:.hbs=text --external:terminal-image --outfile=dist/index.js",
-    "build:lib:cjs": "esbuild index.ts --bundle --platform=node --target=node18 --format=cjs --loader:.hbs=text --external:terminal-image --outfile=dist/index.cjs",
-    "build:cli": "esbuild cli.ts --bundle --platform=node --target=node18 --format=cjs --loader:.hbs=text --external:fsevents --external:terminal-image --outfile=dist/cli.cjs",
+    "build:lib:esm": "esbuild index.ts --bundle --platform=node --target=node18 --format=esm --loader:.hbs=text --external:@napi-rs/keyring --external:terminal-image --outfile=dist/index.js",
+    "build:lib:cjs": "esbuild index.ts --bundle --platform=node --target=node18 --format=cjs --loader:.hbs=text --external:@napi-rs/keyring --external:terminal-image --outfile=dist/index.cjs",
+    "build:cli": "esbuild cli.ts --bundle --platform=node --target=node18 --format=cjs --loader:.hbs=text --external:@napi-rs/keyring --external:fsevents --external:terminal-image --outfile=dist/cli.cjs",
     lint: "eslint .",
     format: 'prettier --write "**/*.{js,ts,json,md}"',
     generate: "tsx scripts/generate-commands.ts",
@@ -86147,7 +86587,8 @@ var package_default = {
     "windows-arm64": "bun build cli.ts --compile --minify --target=bun-windows-arm64 --outfile build/appwrite-cli-win-arm64.exe"
   },
   dependencies: {
-    "@appwrite.io/console": "^15.0.0",
+    "@appwrite.io/console": "^15.1.1",
+    "@napi-rs/keyring": "^1.3.0",
     chalk: "4.1.2",
     chokidar: "^3.6.0",
     "cli-progress": "^3.12.0",
@@ -100830,7 +101271,7 @@ var validateCrossDatabase = (data, ctx) => {
 // lib/constants.ts
 var SDK_TITLE = "Appwrite";
 var SDK_TITLE_LOWER = "appwrite";
-var SDK_VERSION = "22.1.2";
+var SDK_VERSION = "22.2.0";
 var SDK_NAME = "Command Line";
 var SDK_PLATFORM = "console";
 var SDK_LANGUAGE = "cli";
@@ -101437,7 +101878,7 @@ var Client = class _Client {
       "x-sdk-name": "Console",
       "x-sdk-platform": "console",
       "x-sdk-language": "web",
-      "x-sdk-version": "15.0.0",
+      "x-sdk-version": "15.1.1",
       "X-Appwrite-Response-Format": "1.9.5"
     };
     this.realtime = {
@@ -108967,15 +109408,21 @@ var Functions = class {
     };
     return this.client.call("get", uri, apiHeaders, payload);
   }
-  /**
-   * List allowed function specifications for this instance.
-   *
-   * @throws {AppwriteException}
-   * @returns {Promise<Models.SpecificationList>}
-   */
-  listSpecifications() {
+  listSpecifications(paramsOrFirst) {
+    let params;
+    if (!paramsOrFirst || paramsOrFirst && typeof paramsOrFirst === "object" && !Array.isArray(paramsOrFirst)) {
+      params = paramsOrFirst || {};
+    } else {
+      params = {
+        type: paramsOrFirst
+      };
+    }
+    const type = params.type;
     const apiPath = "/functions/specifications";
     const payload = {};
+    if (typeof type !== "undefined") {
+      payload["type"] = type;
+    }
     const uri = new URL(this.client.config.endpoint + apiPath);
     const apiHeaders = {
       "X-Appwrite-Project": this.client.config.project,
@@ -110275,28 +110722,6 @@ var Health = class {
     };
     return this.client.call("get", uri, apiHeaders, payload);
   }
-  getQueuePriorityBuilds(paramsOrFirst) {
-    let params;
-    if (!paramsOrFirst || paramsOrFirst && typeof paramsOrFirst === "object" && !Array.isArray(paramsOrFirst)) {
-      params = paramsOrFirst || {};
-    } else {
-      params = {
-        threshold: paramsOrFirst
-      };
-    }
-    const threshold = params.threshold;
-    const apiPath = "/health/queue/builds-priority";
-    const payload = {};
-    if (typeof threshold !== "undefined") {
-      payload["threshold"] = threshold;
-    }
-    const uri = new URL(this.client.config.endpoint + apiPath);
-    const apiHeaders = {
-      "X-Appwrite-Project": this.client.config.project,
-      "accept": "application/json"
-    };
-    return this.client.call("get", uri, apiHeaders, payload);
-  }
   getQueueCertificates(paramsOrFirst) {
     let params;
     if (!paramsOrFirst || paramsOrFirst && typeof paramsOrFirst === "object" && !Array.isArray(paramsOrFirst)) {
@@ -114673,7 +115098,8 @@ var Oauth2 = class {
         codeChallengeMethod: rest[6],
         prompt: rest[7],
         maxAge: rest[8],
-        authorizationDetails: rest[9]
+        authorizationDetails: rest[9],
+        resource: rest[10]
       };
     }
     const clientId = params.clientId;
@@ -114687,6 +115113,7 @@ var Oauth2 = class {
     const prompt = params.prompt;
     const maxAge = params.maxAge;
     const authorizationDetails = params.authorizationDetails;
+    const resource = params.resource;
     if (typeof clientId === "undefined") {
       throw new AppwriteException('Missing required parameter: "clientId"');
     }
@@ -114734,6 +115161,9 @@ var Oauth2 = class {
     if (typeof authorizationDetails !== "undefined") {
       payload["authorization_details"] = authorizationDetails;
     }
+    if (typeof resource !== "undefined") {
+      payload["resource"] = resource;
+    }
     const uri = new URL(this.client.config.endpoint + apiPath);
     const apiHeaders = {
       "accept": "application/json"
@@ -114748,12 +115178,14 @@ var Oauth2 = class {
       params = {
         clientId: paramsOrFirst,
         scope: rest[0],
-        authorizationDetails: rest[1]
+        authorizationDetails: rest[1],
+        resource: rest[2]
       };
     }
     const clientId = params.clientId;
     const scope = params.scope;
     const authorizationDetails = params.authorizationDetails;
+    const resource = params.resource;
     const apiPath = "/oauth2/{project_id}/device_authorization".replace("{project_id}", encodeURIComponent(String(this.client.config.project)));
     const payload = {};
     if (typeof clientId !== "undefined") {
@@ -114765,6 +115197,9 @@ var Oauth2 = class {
     if (typeof authorizationDetails !== "undefined") {
       payload["authorization_details"] = authorizationDetails;
     }
+    if (typeof resource !== "undefined") {
+      payload["resource"] = resource;
+    }
     const uri = new URL(this.client.config.endpoint + apiPath);
     const apiHeaders = {
       "content-type": "application/json",
@@ -114942,7 +115377,8 @@ var Oauth2 = class {
         clientId: rest[3],
         clientSecret: rest[4],
         codeVerifier: rest[5],
-        redirectUri: rest[6]
+        redirectUri: rest[6],
+        resource: rest[7]
       };
     }
     const grantType = params.grantType;
@@ -114953,6 +115389,7 @@ var Oauth2 = class {
     const clientSecret = params.clientSecret;
     const codeVerifier = params.codeVerifier;
     const redirectUri = params.redirectUri;
+    const resource = params.resource;
     if (typeof grantType === "undefined") {
       throw new AppwriteException('Missing required parameter: "grantType"');
     }
@@ -114982,6 +115419,9 @@ var Oauth2 = class {
     if (typeof redirectUri !== "undefined") {
       payload["redirect_uri"] = redirectUri;
     }
+    if (typeof resource !== "undefined") {
+      payload["resource"] = resource;
+    }
     const uri = new URL(this.client.config.endpoint + apiPath);
     const apiHeaders = {
       "content-type": "application/json",
@@ -121121,15 +121561,21 @@ var Sites = class {
     };
     return this.client.call("get", uri, apiHeaders, payload);
   }
-  /**
-   * List allowed site specifications for this instance.
-   *
-   * @throws {AppwriteException}
-   * @returns {Promise<Models.SpecificationList>}
-   */
-  listSpecifications() {
+  listSpecifications(paramsOrFirst) {
+    let params;
+    if (!paramsOrFirst || paramsOrFirst && typeof paramsOrFirst === "object" && !Array.isArray(paramsOrFirst)) {
+      params = paramsOrFirst || {};
+    } else {
+      params = {
+        type: paramsOrFirst
+      };
+    }
+    const type = params.type;
     const apiPath = "/sites/specifications";
     const payload = {};
+    if (typeof type !== "undefined") {
+      payload["type"] = type;
+    }
     const uri = new URL(this.client.config.endpoint + apiPath);
     const apiHeaders = {
       "X-Appwrite-Project": this.client.config.project,
@@ -131696,6 +132142,34 @@ function systemHasCommand(command) {
   }
   return true;
 }
+function openBrowser(url2) {
+  let command;
+  let args;
+  switch (process.platform) {
+    case "win32":
+      command = "rundll32";
+      args = ["url.dll,FileProtocolHandler", url2];
+      break;
+    case "darwin":
+      command = "open";
+      args = [url2];
+      break;
+    default:
+      command = "xdg-open";
+      args = [url2];
+      break;
+  }
+  try {
+    const child = import_child_process.default.spawn(command, args, {
+      stdio: "ignore",
+      detached: true
+    });
+    child.on("error", () => {
+    });
+    child.unref();
+  } catch {
+  }
+}
 var checkDeployConditions = (localConfig2) => {
   if (localConfig2.keys().length === 0) {
     throw new Error(
@@ -132862,6 +133336,9 @@ var Global = class _Global extends Config {
   setCookie(cookie) {
     this.setTo(_Global.PREFERENCE_COOKIE, cookie);
   }
+  removeCookie() {
+    this.deleteFrom(_Global.PREFERENCE_COOKIE);
+  }
   getProject() {
     if (!this.hasFrom(_Global.PREFERENCE_PROJECT)) {
       return "";
@@ -132939,6 +133416,16 @@ var Global = class _Global extends Config {
       this.write();
     }
   }
+  deleteFrom(key) {
+    const current = this.getCurrentSession();
+    if (current) {
+      const config2 = this.get(current);
+      if (config2 && config2[key] !== void 0) {
+        delete config2[key];
+        this.write();
+      }
+    }
+  }
 };
 var localConfig = new Local();
 var globalConfig2 = new Global();
@@ -134581,14 +135068,75 @@ var import_chalk3 = __toESM(require_source(), 1);
 
 // lib/sdks.ts
 var import_os5 = __toESM(require("os"), 1);
+
+// lib/auth/refresh-token.ts
+var import_keyring = require("@napi-rs/keyring");
+var REFRESH_TOKEN_SERVICE = `${EXECUTABLE_NAME}-oauth-refresh-token`;
+var keyringEntryFactory = (service, account2) => new import_keyring.Entry(service, account2);
+var getSessionData = (sessionId) => globalConfig2.get(sessionId);
+var setSessionData = (sessionId, data) => {
+  globalConfig2.addSession(sessionId, data);
+};
+var setPrefsRefreshToken = (sessionId, refreshToken) => {
+  const session = getSessionData(sessionId);
+  if (!session) return;
+  setSessionData(sessionId, {
+    ...session,
+    refreshToken
+  });
+};
+var deletePrefsRefreshToken = (sessionId) => {
+  const session = getSessionData(sessionId);
+  if (!session?.refreshToken) return;
+  const { refreshToken: _refreshToken, ...rest } = session;
+  setSessionData(sessionId, rest);
+};
+var getStoredRefreshToken = (sessionId) => {
+  try {
+    const refreshToken = keyringEntryFactory(
+      REFRESH_TOKEN_SERVICE,
+      sessionId
+    ).getPassword();
+    if (refreshToken) {
+      return refreshToken;
+    }
+  } catch (_error) {
+  }
+  return getSessionData(sessionId)?.refreshToken ?? "";
+};
+var hasStoredRefreshToken = (sessionId) => getStoredRefreshToken(sessionId) !== "";
+var setStoredRefreshToken = (sessionId, refreshToken) => {
+  if (!refreshToken) {
+    deleteStoredRefreshToken(sessionId);
+    return;
+  }
+  try {
+    keyringEntryFactory(REFRESH_TOKEN_SERVICE, sessionId).setPassword(
+      refreshToken
+    );
+    deletePrefsRefreshToken(sessionId);
+  } catch (_error) {
+    setPrefsRefreshToken(sessionId, refreshToken);
+  }
+};
+var deleteStoredRefreshToken = (sessionId) => {
+  try {
+    keyringEntryFactory(REFRESH_TOKEN_SERVICE, sessionId).deletePassword();
+  } catch (_error) {
+  }
+  deletePrefsRefreshToken(sessionId);
+};
+
+// lib/sdks.ts
 var getValidAccessToken = async (endpoint) => {
   const accessToken = globalConfig2.getAccessToken();
-  const refreshToken = globalConfig2.getRefreshToken();
   const tokenExpiry = globalConfig2.getTokenExpiry();
   const clientId = globalConfig2.getClientId() || OAUTH2_CLIENT_ID;
+  const currentSession = globalConfig2.getCurrentSession();
   if (accessToken && tokenExpiry > Date.now() + 6e4) {
     return accessToken;
   }
+  const refreshToken = currentSession ? getStoredRefreshToken(currentSession) : "";
   if (accessToken && tokenExpiry === 0 && !refreshToken) {
     return accessToken;
   }
@@ -134608,7 +135156,7 @@ var getValidAccessToken = async (endpoint) => {
   const newExpiry = Date.now() + token.expires_in * 1e3;
   globalConfig2.setAccessToken(token.access_token);
   if (token.refresh_token) {
-    globalConfig2.setRefreshToken(token.refresh_token);
+    setStoredRefreshToken(currentSession, token.refresh_token);
   }
   globalConfig2.setTokenExpiry(newExpiry);
   return token.access_token;
@@ -135566,21 +136114,21 @@ var questionsLogout = [
   {
     type: "checkbox",
     name: "accounts",
-    message: "Select accounts to logout from",
+    message: "Select accounts to log out",
     validate: (value) => validateRequired("account", value),
     choices() {
       const sessions = globalConfig2.getSessions();
       const current = globalConfig2.getCurrentSession();
       const data = [];
-      const longestEmail = sessions.reduce(
-        (prev, current2) => prev && (prev.email ?? "").length > (current2.email ?? "").length ? prev : current2
-      ).email.length;
       sessions.forEach((session) => {
         if (session.email) {
+          const isCurrent = current === session.id;
+          const currentLabel = isCurrent ? ` ${import_chalk3.default.green.bold("(current)")}` : "";
           data.push({
-            current: current === session.id,
+            current: isCurrent,
             value: session.id,
-            name: `${session.email.padEnd(longestEmail)} ${current === session.id ? import_chalk3.default.green.bold("current") : " ".repeat(6)} ${session.endpoint}`
+            name: `${session.email}${currentLabel} - ${session.endpoint}`,
+            short: `${session.email}${isCurrent ? " (current)" : ""}`
           });
         }
       });
@@ -136241,6 +136789,7 @@ var Client3 = class _Client {
         );
         const current = globalConfig2.getCurrentSession();
         globalConfig2.setCurrentSession("");
+        deleteStoredRefreshToken(current);
         globalConfig2.removeSession(current);
       }
       const isUnauthorized = json3.code === 401 && json3.type === "general_unauthorized_scope" && typeof json3.message === "string" && /role:\s*guests/i.test(json3.message);
@@ -136313,7 +136862,7 @@ var createLegacyConsoleClient = (endpoint, selfSigned = globalConfig2.getSelfSig
 var hasAuthSession = () => globalConfig2.getAccessToken() !== "" || globalConfig2.getCookie() !== "";
 var isLocalOnlySession = (sessionId) => {
   const session = getSession(sessionId);
-  return Boolean(session && !session.refreshToken && !session.cookie);
+  return Boolean(session && !hasStoredRefreshToken(sessionId) && !session.cookie);
 };
 var isLegacySession = (sessionId) => {
   const session = getSession(sessionId);
@@ -136342,6 +136891,7 @@ var restoreCurrentSessionFallback = (preferredSessionId, fallbackSessionIds) =>
 var removeCurrentSession = () => {
   const current = globalConfig2.getCurrentSession();
   globalConfig2.setCurrentSession("");
+  deleteStoredRefreshToken(current);
   globalConfig2.removeSession(current);
 };
 var deleteServerSession = async (sessionId) => {
@@ -136350,10 +136900,11 @@ var deleteServerSession = async (sessionId) => {
     return { deleted: false };
   }
   try {
-    if (session.refreshToken) {
+    const refreshToken = getStoredRefreshToken(sessionId);
+    if (refreshToken) {
       await revokeRefreshToken(
         session.endpoint,
-        session.refreshToken,
+        refreshToken,
         session.clientId || OAUTH2_CLIENT_ID
       );
       return { deleted: true };
@@ -136383,12 +136934,14 @@ var logoutSessions = async (sessionIds) => {
   const errors = [];
   for (const sessionId of sessionIds) {
     if (isLocalOnlySession(sessionId)) {
+      deleteStoredRefreshToken(sessionId);
       globalConfig2.removeSession(sessionId);
       continue;
     }
     globalConfig2.setCurrentSession(sessionId);
     const result = await deleteServerSession(sessionId);
     if (result.deleted) {
+      deleteStoredRefreshToken(sessionId);
       globalConfig2.removeSession(sessionId);
     } else {
       failed++;
@@ -136409,6 +136962,7 @@ var removeLegacySessionsExcept = async (sessionIdToKeep) => {
     }
     const result = await deleteServerSession(sessionId);
     if (result.deleted) {
+      deleteStoredRefreshToken(sessionId);
       globalConfig2.removeSession(sessionId);
       removed++;
     } else {
@@ -136461,6 +137015,40 @@ var startWaitingForApprovalSpinner = () => {
     process.stdout.write("\r\x1B[K");
   };
 };
+var listenForBrowserOpen = (url2, onCancel) => {
+  const stdin = process.stdin;
+  if (!stdin.isTTY) {
+    return () => {
+    };
+  }
+  const canSetRawMode = typeof stdin.setRawMode === "function";
+  const shouldRestoreRawMode = canSetRawMode && stdin.isRaw !== true;
+  if (shouldRestoreRawMode) {
+    stdin.setRawMode?.(true);
+  }
+  stdin.resume();
+  const cleanup = () => {
+    stdin.off("data", onData);
+    if (shouldRestoreRawMode) {
+      stdin.setRawMode?.(false);
+    }
+    stdin.pause();
+  };
+  let opened = false;
+  const onData = (data) => {
+    if (data.includes(3) || data.includes(4)) {
+      cleanup();
+      onCancel();
+      return;
+    }
+    if (!opened && (data.includes(13) || data.includes(10))) {
+      opened = true;
+      openBrowser(url2);
+    }
+  };
+  stdin.on("data", onData);
+  return cleanup;
+};
 var getCurrentAccount = async () => {
   if (globalConfig2.getEndpoint() === "" || !hasAuthSession()) {
     return null;
@@ -136638,10 +137226,20 @@ To sign in, confirm the code below in your browser:
   Code: ${deviceAuth.user_code}
   URL:  ${verificationUri}
 
-`
+` + (process.stdin.isTTY ? "Press Enter to open this URL in your browser.\n\n" : "")
   );
   let token = null;
   const stopWaitingForApprovalSpinner = startWaitingForApprovalSpinner();
+  const stopListeningForBrowserOpen = listenForBrowserOpen(
+    verificationUri,
+    () => {
+      stopWaitingForApprovalSpinner();
+      globalConfig2.removeSession(id);
+      globalConfig2.setCurrentSession(oldCurrent);
+      log("Login cancelled.");
+      process.exit(130);
+    }
+  );
   try {
     token = await pollForDeviceToken(oauth22, deviceAuth, clientId);
   } catch (err) {
@@ -136650,6 +137248,7 @@ To sign in, confirm the code below in your browser:
     throw err;
   } finally {
     stopWaitingForApprovalSpinner();
+    stopListeningForBrowserOpen();
   }
   if (!token || !token.access_token) {
     globalConfig2.removeSession(id);
@@ -136658,7 +137257,7 @@ To sign in, confirm the code below in your browser:
   }
   const tokenExpiry = Date.now() + token.expires_in * 1e3;
   globalConfig2.setAccessToken(token.access_token);
-  globalConfig2.setRefreshToken(token.refresh_token || "");
+  setStoredRefreshToken(id, token.refresh_token || "");
   globalConfig2.setTokenExpiry(tokenExpiry);
   let tokenEmail = "";
   if (token.id_token) {
@@ -136680,6 +137279,7 @@ To sign in, confirm the code below in your browser:
     throw err;
   }
   globalConfig2.setEmail(account2.email);
+  globalConfig2.removeCookie();
   const { removed: removedLegacySessions, failed: failedLegacySessions } = await removeLegacySessionsExcept(id);
   success2("Successfully signed in as " + globalConfig2.getEmail());
   if (removedLegacySessions > 0) {
@@ -151351,9 +151951,9 @@ var functionsListRuntimesCommand = functions.command(`list-runtimes`).descriptio
     async () => parse3(await (await getFunctionsClient()).listRuntimes())
   )
 );
-var functionsListSpecificationsCommand = functions.command(`list-specifications`).description(`List allowed function specifications for this instance.`).action(
+var functionsListSpecificationsCommand = functions.command(`list-specifications`).description(`List allowed function specifications for this instance.`).option(`--type <type>`, `Specification type to list. Can be one of: runtimes, builds.`).action(
   actionRunner(
-    async () => parse3(await (await getFunctionsClient()).listSpecifications())
+    async ({ type }) => parse3(await (await getFunctionsClient()).listSpecifications(type))
   )
 );
 var functionsListTemplatesCommand = functions.command(`list-templates`).description(`List available function templates. You can use template details in createFunction method.`).option(`--runtimes [runtimes...]`, `List of runtimes allowed for filtering function templates. Maximum of 100 runtimes are allowed.`).option(`--use-cases [use-cases...]`, `List of use cases allowed for filtering function templates. Maximum of 100 use cases are allowed.`).option(`--limit <limit>`, `Limit the number of templates returned in the response. Default limit is 25, and maximum limit is 5000.`, parseInteger).option(`--offset <offset>`, `Offset the list of returned templates. Maximum offset is 5000.`, parseInteger).option(
@@ -152371,14 +152971,14 @@ var oauth2ApproveCommand = oauth2.command(`approve`).description(`Approve an OAu
     async ({ grant_id, authorization_details }) => parse3(await (await getOauth2Client()).approve(grant_id, authorization_details))
   )
 );
-var oauth2AuthorizeCommand = oauth2.command(`authorize`).description(`Begin the OAuth2 authorization flow. When called without a session, the user is redirected to the consent screen without grant ID. When called with a session, the redirect URL includes param for grant ID. You can pass Accept header of \`application/json\` to receive a JSON response instead of a redirect.`).requiredOption(`--client-_id <client-_id>`, `OAuth2 client ID.`).requiredOption(`--redirect-_uri <redirect-_uri>`, `Redirect URI where visitor will be redirected after authorization, whether successful or not.`).requiredOption(`--response-_type <response-_type>`, `OAuth2 / OIDC response type. One of \`code\` (Authorization Code Flow), \`id_token\` (Implicit Flow, OIDC login only), or \`code id_token\` (Hybrid Flow).`).requiredOption(`--scope <scope>`, `Space-separated OAuth2 scopes. Can include project scopes, and built-in scopes: \`openid\`, \`email\`, \`profile\`.`).option(`--state <state>`, `OAuth2 state. You receive this back in the redirect URI.`).option(`--nonce <nonce>`, `OIDC nonce parameter to prevent replay attacks. Required when response_type includes \`id_token\`.`).option(`--code-_challenge <code-_challenge>`, `PKCE code challenge. Required when OAuth2 app is public.`).option(`--code-_challenge-_method <code-_challenge-_method>`, `PKCE code challenge method. Required when OAuth2 app is public.`).option(`--prompt <prompt>`, `OIDC prompt parameter for customization of consent screen. Space-separated list of: none, login, consent, select_account.`).option(`--max-_age <max-_age>`, `OIDC max_age paraleter for customization of consent screen. Maximum allowable elapsed time in seconds since the user last authenticated. If exceeded, re-authentication is required.`, parseInteger).option(`--authorization-_details <authorization-_details>`, `Rich authorization request. JSON array of objects, each with a \`type\` and project-defined fields`).action(
+var oauth2AuthorizeCommand = oauth2.command(`authorize`).description(`Begin the OAuth2 authorization flow. When called without a session, the user is redirected to the consent screen without grant ID. When called with a session, the redirect URL includes param for grant ID. You can pass Accept header of \`application/json\` to receive a JSON response instead of a redirect.`).requiredOption(`--client-_id <client-_id>`, `OAuth2 client ID.`).requiredOption(`--redirect-_uri <redirect-_uri>`, `Redirect URI where visitor will be redirected after authorization, whether successful or not.`).requiredOption(`--response-_type <response-_type>`, `OAuth2 / OIDC response type. One of \`code\` (Authorization Code Flow), \`id_token\` (Implicit Flow, OIDC login only), or \`code id_token\` (Hybrid Flow).`).requiredOption(`--scope <scope>`, `Space-separated OAuth2 scopes. Can include project scopes, and built-in scopes: \`openid\`, \`email\`, \`profile\`.`).option(`--state <state>`, `OAuth2 state. You receive this back in the redirect URI.`).option(`--nonce <nonce>`, `OIDC nonce parameter to prevent replay attacks. Required when response_type includes \`id_token\`.`).option(`--code-_challenge <code-_challenge>`, `PKCE code challenge. Required when OAuth2 app is public.`).option(`--code-_challenge-_method <code-_challenge-_method>`, `PKCE code challenge method. Required when OAuth2 app is public.`).option(`--prompt <prompt>`, `OIDC prompt parameter for customization of consent screen. Space-separated list of: none, login, consent, select_account.`).option(`--max-_age <max-_age>`, `OIDC max_age paraleter for customization of consent screen. Maximum allowable elapsed time in seconds since the user last authenticated. If exceeded, re-authentication is required.`, parseInteger).option(`--authorization-_details <authorization-_details>`, `Rich authorization request. JSON array of objects, each with a \`type\` and project-defined fields`).option(`--resource <resource>`, `RFC 8707 resource indicator URI or URI list. Each value must be an absolute URI without a fragment.`).action(
   actionRunner(
-    async ({ client_id, redirect_uri, response_type, scope, state, nonce, code_challenge, code_challenge_method, prompt, max_age, authorization_details }) => parse3(await (await getOauth2Client()).authorize(client_id, redirect_uri, response_type, scope, state, nonce, code_challenge, code_challenge_method, prompt, max_age, authorization_details))
+    async ({ client_id, redirect_uri, response_type, scope, state, nonce, code_challenge, code_challenge_method, prompt, max_age, authorization_details, resource }) => parse3(await (await getOauth2Client()).authorize(client_id, redirect_uri, response_type, scope, state, nonce, code_challenge, code_challenge_method, prompt, max_age, authorization_details, resource))
   )
 );
-var oauth2CreateDeviceAuthorizationCommand = oauth2.command(`create-device-authorization`).description(`Start the OAuth2 Device Authorization Grant. Returns the device code, user code, verification URL, expiration, and polling interval.`).option(`--client-_id <client-_id>`, `OAuth2 client ID.`).option(`--scope <scope>`, `Space-separated OAuth2 scopes. Can include project scopes, and built-in scopes: \`openid\`, \`email\`, \`profile\`.`).option(`--authorization-_details <authorization-_details>`, `Rich authorization request. JSON array of objects, each with a \`type\` and project-defined fields`).action(
+var oauth2CreateDeviceAuthorizationCommand = oauth2.command(`create-device-authorization`).description(`Start the OAuth2 Device Authorization Grant. Returns the device code, user code, verification URL, expiration, and polling interval.`).option(`--client-_id <client-_id>`, `OAuth2 client ID.`).option(`--scope <scope>`, `Space-separated OAuth2 scopes. Can include project scopes, and built-in scopes: \`openid\`, \`email\`, \`profile\`.`).option(`--authorization-_details <authorization-_details>`, `Rich authorization request. JSON array of objects, each with a \`type\` and project-defined fields`).option(`--resource <resource>`, `RFC 8707 resource indicator URI or URI list. Each value must be an absolute URI without a fragment.`).action(
   actionRunner(
-    async ({ client_id, scope, authorization_details }) => parse3(await (await getOauth2Client()).createDeviceAuthorization(client_id, scope, authorization_details))
+    async ({ client_id, scope, authorization_details, resource }) => parse3(await (await getOauth2Client()).createDeviceAuthorization(client_id, scope, authorization_details, resource))
   )
 );
 var oauth2CreateGrantCommand = oauth2.command(`create-grant`).description(`Exchange a device flow user code for an OAuth2 grant. The authenticated user is bound to the pending grant. Pass the returned grant ID to the get grant endpoint to render the consent screen, then to the approve or reject endpoint to complete the flow.`).requiredOption(`--user-_code <user-_code>`, `User code displayed on the device.`).action(
@@ -152406,9 +153006,9 @@ var oauth2RevokeCommand = oauth2.command(`revoke`).description(`Revoke an OAuth2
     async ({ token, token_type_hint, client_id, client_secret }) => parse3(await (await getOauth2Client()).revoke(token, token_type_hint, client_id, client_secret))
   )
 );
-var oauth2CreateTokenCommand = oauth2.command(`create-token`).description(`Exchange an OAuth2 authorization code, refresh token, or device code for access and refresh tokens.`).requiredOption(`--grant-_type <grant-_type>`, `OAuth2 grant type. Can be one of: \`authorization_code\`, \`refresh_token\`, \`urn:ietf:params:oauth:grant-type:device_code\`.`).option(`--code <code>`, `Authorization code to be exchanged for access and refresh tokens. Required for \`authorization_code\` grant type.`).option(`--refresh-_token <refresh-_token>`, `Refresh token to be exchanged for a new access and refresh tokens. Required for \`refresh_token\` grant type.`).option(`--device-_code <device-_code>`, `Device code obtained from the device authorization endpoint. Required for \`urn:ietf:params:oauth:grant-type:device_code\` grant type.`).option(`--client-_id <client-_id>`, `OAuth2 client ID.`).option(`--client-_secret <client-_secret>`, `OAuth2 client secret. Required for confidential apps.`).option(`--code-_verifier <code-_verifier>`, `PKCE code verifier. Required for public apps.`).option(`--redirect-_uri <redirect-_uri>`, `Redirect URI. Required for \`authorization_code\` grant type.`).action(
+var oauth2CreateTokenCommand = oauth2.command(`create-token`).description(`Exchange an OAuth2 authorization code, refresh token, or device code for access and refresh tokens.`).requiredOption(`--grant-_type <grant-_type>`, `OAuth2 grant type. Can be one of: \`authorization_code\`, \`refresh_token\`, \`urn:ietf:params:oauth:grant-type:device_code\`.`).option(`--code <code>`, `Authorization code to be exchanged for access and refresh tokens. Required for \`authorization_code\` grant type.`).option(`--refresh-_token <refresh-_token>`, `Refresh token to be exchanged for a new access and refresh tokens. Required for \`refresh_token\` grant type.`).option(`--device-_code <device-_code>`, `Device code obtained from the device authorization endpoint. Required for \`urn:ietf:params:oauth:grant-type:device_code\` grant type.`).option(`--client-_id <client-_id>`, `OAuth2 client ID.`).option(`--client-_secret <client-_secret>`, `OAuth2 client secret. Required for confidential apps.`).option(`--code-_verifier <code-_verifier>`, `PKCE code verifier. Required for public apps.`).option(`--redirect-_uri <redirect-_uri>`, `Redirect URI. Required for \`authorization_code\` grant type.`).option(`--resource <resource>`, `RFC 8707 resource indicator URI or URI list. Each value must be an absolute URI without a fragment.`).action(
   actionRunner(
-    async ({ grant_type, code, refresh_token, device_code, client_id, client_secret, code_verifier, redirect_uri }) => parse3(await (await getOauth2Client()).createToken(grant_type, code, refresh_token, device_code, client_id, client_secret, code_verifier, redirect_uri))
+    async ({ grant_type, code, refresh_token, device_code, client_id, client_secret, code_verifier, redirect_uri, resource }) => parse3(await (await getOauth2Client()).createToken(grant_type, code, refresh_token, device_code, client_id, client_secret, code_verifier, redirect_uri, resource))
   )
 );
 
@@ -153739,9 +154339,9 @@ var sitesListFrameworksCommand = sites.command(`list-frameworks`).description(`G
     async () => parse3(await (await getSitesClient()).listFrameworks())
   )
 );
-var sitesListSpecificationsCommand = sites.command(`list-specifications`).description(`List allowed site specifications for this instance.`).action(
+var sitesListSpecificationsCommand = sites.command(`list-specifications`).description(`List allowed site specifications for this instance.`).option(`--type <type>`, `Specification type to list. Can be one of: runtimes, builds.`).action(
   actionRunner(
-    async () => parse3(await (await getSitesClient()).listSpecifications())
+    async ({ type }) => parse3(await (await getSitesClient()).listSpecifications(type))
   )
 );
 var sitesListTemplatesCommand = sites.command(`list-templates`).description(`List available site templates. You can use template details in createSite method.`).option(`--frameworks [frameworks...]`, `List of frameworks allowed for filtering site templates. Maximum of 100 frameworks are allowed.`).option(`--use-cases [use-cases...]`, `List of use cases allowed for filtering site templates. Maximum of 100 use cases are allowed.`).option(`--limit <limit>`, `Limit the number of templates returned in the response. Default limit is 25, and maximum limit is 5000.`, parseInteger).option(`--offset <offset>`, `Offset the list of returned templates. Maximum offset is 5000.`, parseInteger).action(