azure-pipelines-tui 0.5.0

package/README.md

@@ -0,0 +1,114 @@
+# Azure Pipelines TUI
+
+A terminal UI for live-following Azure DevOps pipeline runs, with streaming logs via SignalR.
+
+```
+┌ Pipeline ──────────────┐┌ Logs — Initialize job ───────────────────────────────┐
+│ v + build              ││ ##[section]Starting: Initialize job                  │
+│   > + Initialize job   ││ Agent name: 'myorg-pool-agent-abc123'                │
+│   > > Terraform plan   ││ Agent machine name: 'myorg-pool-agent-abc123'        │
+│   . Terraform apply    ││ Current agent version: '4.273.0'                     │
+│ ~ 14 stages skipped    ││ Agent running as: 'agentuser'                        │
+└────────────────────────┘└──────────────────────────────────────────────────────┘
+```
+
+## Requirements
+
+- Node.js 18+
+- Azure CLI (`az`) signed in to the correct tenant
+- `npm install`
+
+## Usage
+
+### TUI — `index.ts`
+
+```bash
+# Full build URL
+npx tsx index.ts https://dev.azure.com/ORG/PROJECT/_build/results?buildId=1234
+
+# URL + separate buildId
+npx tsx index.ts https://dev.azure.com/ORG/PROJECT 1234
+
+# org/project shorthand
+npx tsx index.ts ORG/PROJECT 1234
+
+# Separate arguments
+npx tsx index.ts ORG PROJECT 1234
+
+# Keep timestamps in log output
+npx tsx index.ts ORG/PROJECT 1234 --keep-timestamps
+```
+
+#### Key bindings
+
+| Key | Action |
+|-----|--------|
+| `↑` `↓` | Navigate tree / scroll logs |
+| `Enter` `→` | Expand / select step |
+| `←` `Esc` | Collapse / back to tree |
+| `Tab` | Switch focus between tree and log panel |
+| `f` `End` | Follow mode — tail the log |
+| `r` | Retry/restart the selected stage |
+| `q` `Ctrl+C` | Quit |
+
+### Debug — `debugSignalR.ts`
+
+Dumps all raw SignalR frames to stdout. Useful for exploring the protocol.
+
+```bash
+# Full build URL
+npx tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT/_build/results?buildId=1234
+
+# URL + separate buildId
+npx tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT 1234
+
+# org/project shorthand
+npx tsx debugSignalR.ts ORG/PROJECT 1234
+```
+
+## How it works
+
+The TUI combines two data sources:
+
+1. **REST polling** (every 500 ms) — fetches build status, timeline records, and log lines via the Azure DevOps REST API.
+2. **SignalR** (ASP.NET SignalR 1.x over WebSocket) — receives live events as log lines are written.
+
+### SignalR connection
+
+The connection requires three GUIDs, each from a different source:
+
+| Name | Source | Used in |
+|------|--------|---------|
+| `instanceId` | `GET /_apis/connectionData` | negotiate and start URLs |
+| `projectId` | `GET /_apis/projects/{name}` | WebSocket connect path |
+| `contextToken` | negotiate response `.Url` field | connect query parameter |
+
+```
+negotiate → wss://...connect → /start → WatchBuild(projectId, buildId)
+```
+
+The WebSocket requires the bearer token in two places — as an `Authorization` header and as the `Sec-WebSocket-Protocol` subprotocol value, otherwise the server responds with a 302 redirect.
+
+### Hub events
+
+| Method | Action |
+|--------|--------|
+| `logConsoleLines` | Streams log lines directly into the log panel |
+| `timelineRecordsUpdated` | Triggers a REST poll to refresh the tree |
+| `buildUpdated` / `buildUpdated2` | Triggers a REST poll to refresh the header |
+
+## Files
+
+| File | Purpose |
+|------|---------|
+| `index.ts` | Blessed TUI: tree + log panel |
+| `signalr.ts` | SignalR client (negotiate → connect → start → invoke) |
+| `debugSignalR.ts` | Standalone debug script |
+| `signalr-messages.jsonl` | Runtime dump of all SignalR frames (written by `signalr.ts`) |
+| `signalr-negotiate.json` | Runtime dump of the negotiate response |
+
+## Note
+We reverse engineered this undocumented streaming API by downloading the following javascript bundles and feeding them to Claude:
+
+* https://cdn.vsassets.io/ext/ms.vss-build-web/run/ms.vss-build-web.run.es6.Utcc_6.min.js
+* https://cdn.vsassets.io/ext/ms.vss-features/signalr/ms.vss-features.signalr.es6.yu31LS.min.js

package/dist/cache.js

@@ -0,0 +1,54 @@
+"use strict";
+// cache.ts — File-based TTL cache for Azure Pipelines TUI
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readCache = readCache;
+exports.writeCache = writeCache;
+exports.clearAllCache = clearAllCache;
+exports.clearByPrefix = clearByPrefix;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const CACHE_DIR = path_1.default.join(os_1.default.homedir(), ".azure-pipelines-tui", "cache");
+function sanitize(key) {
+    return key.replace(/[^a-zA-Z0-9._-]/g, "_").slice(0, 200);
+}
+function filePath(key) {
+    return path_1.default.join(CACHE_DIR, sanitize(key) + ".json");
+}
+function readCache(key) {
+    try {
+        const raw = fs_1.default.readFileSync(filePath(key), "utf8");
+        const { data, cachedAt, ttl } = JSON.parse(raw);
+        if (Date.now() - cachedAt < ttl)
+            return data;
+    }
+    catch { }
+    return null;
+}
+function writeCache(key, data, ttlMs) {
+    fs_1.default.mkdirSync(CACHE_DIR, { recursive: true });
+    fs_1.default.writeFileSync(filePath(key), JSON.stringify({ data, cachedAt: Date.now(), ttl: ttlMs }), "utf8");
+}
+function clearAllCache() {
+    try {
+        fs_1.default.rmSync(CACHE_DIR, { recursive: true, force: true });
+    }
+    catch { }
+}
+function clearByPrefix(prefix) {
+    const sp = sanitize(prefix);
+    try {
+        for (const f of fs_1.default.readdirSync(CACHE_DIR)) {
+            if (f.startsWith(sp)) {
+                try {
+                    fs_1.default.unlinkSync(path_1.default.join(CACHE_DIR, f));
+                }
+                catch { }
+            }
+        }
+    }
+    catch { }
+}

package/dist/debugRetry.js

@@ -0,0 +1,150 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * debugRetry.ts — standalone debug script for stage retry
+ *
+ * Usage:
+ *   npx tsx debugRetry.ts <org>/<project> <buildId> [stageRef]
+ *   npx tsx debugRetry.ts IGH-Solution/IGH-Platform-Azure 12345
+ *   npx tsx debugRetry.ts IGH-Solution/IGH-Platform-Azure 12345 MyStage
+ *
+ * Without stageRef: lists all stages with state/result.
+ * With stageRef: tries all state values (1 and 2) and forceRetryAllJobs combos.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const https_1 = __importDefault(require("https"));
+const child_process_1 = require("child_process");
+const ADO_RESOURCE = "499b84ac-1321-427f-aa17-267ca6975798";
+const API_VER = "api-version=7.1";
+const [orgProject, buildId, stageRef] = process.argv.slice(2);
+if (!orgProject || !buildId) {
+    console.error("Usage: npx tsx debugRetry.ts <org>/<project> <buildId> [stageRef]");
+    process.exit(1);
+}
+const [org, ...rest] = orgProject.split("/");
+const project = rest.join("/");
+const ADO_BASE = `https://dev.azure.com/${encodeURIComponent(org)}/${encodeURIComponent(project)}/_apis/build/builds/${buildId}`;
+function getToken() {
+    const raw = (0, child_process_1.execSync)(`az account get-access-token --resource ${ADO_RESOURCE} --output json`, { encoding: "utf8", env: { ...process.env, AZURE_CONFIG_DIR: process.env["AZURE_CONFIG_DIR"] } });
+    return JSON.parse(raw).accessToken;
+}
+function httpGet(url, token) {
+    return new Promise((resolve, reject) => {
+        const u = new URL(url);
+        https_1.default.get({ hostname: u.hostname, path: u.pathname + u.search,
+            headers: { Authorization: `Bearer ${token}`, Accept: "application/json" } }, res => {
+            let data = "";
+            res.on("data", (c) => (data += c));
+            res.on("end", () => {
+                console.log(`  GET ${url} → ${res.statusCode}`);
+                if ((res.statusCode ?? 0) >= 400)
+                    return reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+                resolve(JSON.parse(data));
+            });
+        }).on("error", reject);
+    });
+}
+function httpPatch(url, token, body) {
+    return new Promise((resolve) => {
+        const u = new URL(url);
+        const payload = JSON.stringify(body);
+        console.log(`  PATCH ${url}`);
+        console.log(`  Body: ${payload}`);
+        const req = https_1.default.request({
+            hostname: u.hostname,
+            path: u.pathname + u.search,
+            method: "PATCH",
+            headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/json",
+                "Content-Length": Buffer.byteLength(payload),
+            },
+        }, res => {
+            let data = "";
+            res.on("data", (c) => (data += c));
+            res.on("end", () => {
+                let parsed;
+                try {
+                    parsed = JSON.parse(data);
+                }
+                catch { /* raw */ }
+                resolve({ status: res.statusCode ?? 0, body: data, parsed });
+            });
+        });
+        req.on("error", (e) => resolve({ status: 0, body: String(e) }));
+        req.write(payload);
+        req.end();
+    });
+}
+async function main() {
+    console.log(`\nOrg: ${org}  Project: ${project}  BuildId: ${buildId}`);
+    console.log("Fetching token…");
+    const token = getToken();
+    console.log("Token OK\n");
+    // Fetch timeline
+    const timeline = await httpGet(`${ADO_BASE}/timeline?${API_VER}`, token);
+    const stages = timeline.records
+        .filter(r => r.type === "Stage")
+        .sort((a, b) => (a.order ?? 0) - (b.order ?? 0));
+    console.log("\n── Stages ────────────────────────────────────────────────────────");
+    for (const s of stages) {
+        const ref = s.identifier ?? s.name;
+        console.log(`  [order=${s.order ?? "?"}] ${s.name.padEnd(40)} state=${s.state.padEnd(12)} result=${s.result ?? "(none)".padEnd(20)} ref="${ref}"`);
+    }
+    console.log("");
+    if (!stageRef) {
+        console.log("Pass a stageRef as third argument to test retry.");
+        return;
+    }
+    const target = stages.find(s => (s.identifier ?? s.name) === stageRef);
+    if (!target) {
+        console.warn(`Stage "${stageRef}" not found. Check spelling against the list above.`);
+        return;
+    }
+    console.log(`\n── Testing retry on stage "${target.name}" (ref: ${stageRef}) ────`);
+    console.log(`   Current state: ${target.state}, result: ${target.result ?? "(none)"}\n`);
+    const url = `${ADO_BASE}/stages/${encodeURIComponent(stageRef)}?${API_VER}`;
+    const combos = [
+        { state: 1, forceRetryAllJobs: true, retryDependencies: true },
+        { state: 1, forceRetryAllJobs: true, retryDependencies: false },
+        { state: 1, forceRetryAllJobs: false, retryDependencies: true },
+        { state: 1, forceRetryAllJobs: false, retryDependencies: false },
+        { state: 2, forceRetryAllJobs: true, retryDependencies: true },
+        { state: 2, forceRetryAllJobs: true, retryDependencies: false },
+        { state: 2, forceRetryAllJobs: false, retryDependencies: true },
+        { state: 2, forceRetryAllJobs: false, retryDependencies: false },
+    ];
+    for (const combo of combos) {
+        console.log(`\n[state=${combo.state}, forceRetryAllJobs=${combo.forceRetryAllJobs}, retryDependencies=${combo.retryDependencies}]`);
+        const result = await httpPatch(url, token, combo);
+        console.log(`  Response ${result.status}: ${result.body.slice(0, 300)}`);
+        if (result.status < 400) {
+            console.log("  ✓ SUCCESS — this combo works!");
+            await pollStageState(token, stageRef);
+            break;
+        }
+    }
+}
+async function pollStageState(token, ref, timeoutMs = 60_000, intervalMs = 2_000) {
+    console.log(`\n── Polling stage state (timeout ${timeoutMs / 1000}s) ────────────────`);
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+        const timeline = await httpGet(`${ADO_BASE}/timeline?${API_VER}`, token);
+        const stage = timeline.records.find(r => r.type === "Stage" && (r.identifier ?? r.name) === ref);
+        if (!stage) {
+            console.log("  Stage not found in timeline");
+            break;
+        }
+        const ts = new Date().toISOString().slice(11, 19);
+        console.log(`  [${ts}] state=${stage.state}  result=${stage.result ?? "(none)"}`);
+        if (stage.state === "inProgress" || stage.state === "pending") {
+            console.log("  ✓ Stage transitioned — retry confirmed working.");
+            break;
+        }
+        await new Promise(r => setTimeout(r, intervalMs));
+    }
+}
+main().catch(e => { console.error(e); process.exit(1); });

package/dist/debugSignalR.js

@@ -0,0 +1,151 @@
+#!/usr/bin/env node
+"use strict";
+// Debug script: connect to Azure DevOps SignalR and dump all messages
+//
+// Usage:
+//   tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT <buildId>
+//   tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT/_build/results?buildId=<id>
+//   tsx debugSignalR.ts https://dev.azure.com/ORG PROJECT <buildId>
+//   tsx debugSignalR.ts ORG/PROJECT <buildId>
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const https_1 = __importDefault(require("https"));
+const ws_1 = __importDefault(require("ws"));
+const child_process_1 = require("child_process");
+const url_1 = require("url");
+// ── Arg parsing ───────────────────────────────────────────────────────────────
+function showUsage() {
+    console.error("Usage:\n" +
+        "  tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT <buildId>\n" +
+        "  tsx debugSignalR.ts https://dev.azure.com/ORG/PROJECT/_build/results?buildId=<id>\n" +
+        "  tsx debugSignalR.ts https://dev.azure.com/ORG PROJECT <buildId>\n" +
+        "  tsx debugSignalR.ts ORG/PROJECT <buildId>");
+    process.exit(1);
+}
+const positional = process.argv.slice(2).filter(a => !a.startsWith("--"));
+let ORG, PROJECT, BUILD_ID;
+const first = positional[0] ?? "";
+if (first.startsWith("http")) {
+    const u = new url_1.URL(first);
+    const parts = u.pathname.split("/").filter(Boolean);
+    ORG = parts[0] ?? "";
+    const bidParam = u.searchParams.get("buildId");
+    if (parts.length >= 2 && !parts[1].startsWith("_")) {
+        // https://dev.azure.com/ORG/PROJECT[/...][?buildId=N]
+        PROJECT = parts[1];
+        BUILD_ID = bidParam ? Number(bidParam) : Number(positional[1] ?? "0");
+    }
+    else {
+        // https://dev.azure.com/ORG  PROJECT  buildId
+        PROJECT = positional[1] ?? "";
+        BUILD_ID = Number(positional[2] ?? "0");
+    }
+}
+else if (first.includes("/")) {
+    // ORG/PROJECT  buildId
+    const slash = first.indexOf("/");
+    ORG = first.slice(0, slash);
+    PROJECT = first.slice(slash + 1);
+    BUILD_ID = Number(positional[1] ?? "0");
+}
+else {
+    showUsage();
+}
+if (!ORG || !PROJECT || !BUILD_ID)
+    showUsage();
+const ADO_RESOURCE = "499b84ac-1321-427f-aa17-267ca6975798";
+function getToken() {
+    const raw = (0, child_process_1.execSync)(`az account get-access-token --resource ${ADO_RESOURCE} --output json`, { encoding: "utf8" });
+    return JSON.parse(raw).accessToken;
+}
+function getProjectId(org, project) {
+    const raw = (0, child_process_1.execSync)(`az devops project show --project "${project}" --organization https://dev.azure.com/${org} --query id -o tsv`, { encoding: "utf8" });
+    return raw.trim();
+}
+function httpGet(url, token) {
+    return new Promise((resolve, reject) => {
+        const u = new url_1.URL(url);
+        const req = https_1.default.get({ hostname: u.hostname, path: u.pathname + u.search,
+            headers: { Authorization: `Bearer ${token}`, Accept: "application/json" } }, res => {
+            // Follow redirects
+            if ((res.statusCode ?? 0) >= 300 && (res.statusCode ?? 0) < 400) {
+                const loc = res.headers["location"];
+                res.resume();
+                return resolve(httpGet(loc.startsWith("http") ? loc : `https://${u.hostname}${loc}`, token));
+            }
+            let data = "";
+            res.on("data", (c) => (data += c));
+            res.on("end", () => resolve(data));
+        });
+        req.on("error", reject);
+    });
+}
+async function main() {
+    const token = getToken();
+    const projectId = getProjectId(ORG, PROJECT);
+    console.log("projectId:", projectId);
+    const orgEncoded = encodeURIComponent(ORG);
+    // 1. Get instanceId (org-level, used for negotiate)
+    const connData = JSON.parse(await httpGet(`https://dev.azure.com/${orgEncoded}/_apis/connectionData?connectOptions=0&lastChangeId=-1&lastChangeId64=-1`, token));
+    console.log("instanceId (for negotiate):", connData.instanceId);
+    // 2. Negotiate with instanceId → returns contextToken
+    const CONNECTION_DATA = encodeURIComponent(JSON.stringify([
+        { name: "builddetailhub" },
+        { name: "taskagentpoolhub" },
+    ]));
+    const negotiateUrl = `https://dev.azure.com/_signalr/${orgEncoded}/_apis/${connData.instanceId}/signalr/negotiate` +
+        `?transport=webSockets&clientProtocol=1.5&connectionData=${CONNECTION_DATA}&_=${Date.now()}`;
+    console.log("negotiate URL:", negotiateUrl);
+    const negotiated = JSON.parse(await httpGet(negotiateUrl, token));
+    console.log("negotiate response:", JSON.stringify(negotiated, null, 2));
+    // Extract contextToken from Url field
+    const contextToken = negotiated.Url?.match(/\/_apis\/([0-9a-f-]{36})\//i)?.[1];
+    console.log("contextToken:", contextToken);
+    // 3. Connect WebSocket — projectId in path, contextToken (from negotiate) as query param
+    const wsUrl = `wss://dev.azure.com/_signalr/${orgEncoded}/_apis/${projectId}/signalr/connect` +
+        `?transport=webSockets&clientProtocol=1.5` +
+        `&connectionToken=${encodeURIComponent(negotiated.ConnectionToken)}` +
+        `&connectionData=${CONNECTION_DATA}` +
+        (contextToken ? `&contextToken=${encodeURIComponent(contextToken)}` : "") +
+        `&tid=0`;
+    console.log("WebSocket URL:", wsUrl);
+    const ws = new ws_1.default(wsUrl, {
+        headers: {
+            Authorization: `Bearer ${token}`,
+            "Sec-WebSocket-Protocol": `Bearer, ${token}`,
+        },
+    });
+    ws.on("open", async () => {
+        console.log("WebSocket open");
+        // Start
+        try {
+            const startResp = await httpGet(`https://dev.azure.com/_signalr/${orgEncoded}/_apis/${connData.instanceId}/signalr/start` +
+                `?transport=webSockets&clientProtocol=1.5` +
+                `&connectionToken=${encodeURIComponent(negotiated.ConnectionToken)}` +
+                `&connectionData=${CONNECTION_DATA}&_=${Date.now()}`, token);
+            console.log("start response:", startResp);
+        }
+        catch (e) {
+            console.log("start error:", e.message);
+        }
+        // WatchBuild(projectId: Guid, buildId: Int32) — confirmed signature
+        const msg = JSON.stringify({ H: "builddetailhub", M: "WatchBuild", A: [projectId, BUILD_ID], I: "1" });
+        console.log("→ sending:", msg);
+        ws.send(msg);
+    });
+    ws.on("message", (raw) => {
+        const text = raw.toString();
+        if (text === "{}") {
+            process.stdout.write(".");
+            return;
+        }
+        console.log("\n← received:", text);
+    });
+    ws.on("close", () => { console.log("\nWebSocket closed"); process.exit(0); });
+    ws.on("error", (e) => { console.log("WebSocket error:", e.message); });
+    // Run for 2 minutes
+    setTimeout(() => { console.log("\nTimeout — closing"); ws.close(); }, 120_000);
+}
+main().catch(e => { console.error("Fatal:", e.message); process.exit(1); });

package/dist/debugWarnings.js

@@ -0,0 +1,169 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * debugWarnings.ts — report warning counts per stage/job/task for a build
+ *
+ * Usage:
+ *   npx tsx debugWarnings.ts <org>/<project> <buildId> [--logs]
+ *
+ * Without --logs: prints a tree of stages/jobs/tasks with warning counts.
+ * With    --logs: also fetches log content and prints each ##[warning] line.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const https_1 = __importDefault(require("https"));
+const child_process_1 = require("child_process");
+const ADO_RESOURCE = "499b84ac-1321-427f-aa17-267ca6975798";
+const API_VER = "api-version=7.1";
+const rawArgs = process.argv.slice(2);
+const [orgProject, buildId] = rawArgs.filter(a => !a.startsWith("--"));
+const showLogs = rawArgs.includes("--logs");
+if (!orgProject || !buildId) {
+    console.error("Usage: npx tsx debugWarnings.ts <org>/<project> <buildId> [--logs]");
+    process.exit(1);
+}
+const [org, ...rest] = orgProject.split("/");
+const project = rest.join("/");
+const enc = encodeURIComponent;
+const ADO_BASE = `https://dev.azure.com/${enc(org)}/${enc(project)}/_apis/build/builds/${buildId}`;
+function getToken() {
+    const raw = (0, child_process_1.execSync)(`az account get-access-token --resource ${ADO_RESOURCE} --output json`, { encoding: "utf8", env: { ...process.env, AZURE_CONFIG_DIR: process.env["AZURE_CONFIG_DIR"] } });
+    return JSON.parse(raw).accessToken;
+}
+function httpGet(url, token) {
+    return new Promise((resolve, reject) => {
+        const u = new URL(url);
+        https_1.default.get({ hostname: u.hostname, path: u.pathname + u.search,
+            headers: { Authorization: `Bearer ${token}`, Accept: "application/json" } }, res => {
+            let data = "";
+            res.on("data", (c) => (data += c));
+            res.on("end", () => {
+                if ((res.statusCode ?? 0) >= 400)
+                    return reject(new Error(`HTTP ${res.statusCode}: ${data.slice(0, 300)}`));
+                resolve(JSON.parse(data));
+            });
+        }).on("error", reject);
+    });
+}
+function httpGetText(url, token) {
+    return new Promise((resolve, reject) => {
+        const u = new URL(url);
+        https_1.default.get({ hostname: u.hostname, path: u.pathname + u.search,
+            headers: { Authorization: `Bearer ${token}`, Accept: "text/plain" } }, res => {
+            let data = "";
+            res.on("data", (c) => (data += c));
+            res.on("end", () => {
+                if ((res.statusCode ?? 0) >= 400)
+                    return reject(new Error(`HTTP ${res.statusCode}: ${data.slice(0, 300)}`));
+                resolve(data);
+            });
+        }).on("error", reject);
+    });
+}
+function badge(warnings, errors) {
+    const parts = [];
+    if (warnings > 0)
+        parts.push(`⚠ ${warnings}w`);
+    if (errors > 0)
+        parts.push(`✗ ${errors}e`);
+    return parts.length ? `  [${parts.join("  ")}]` : "";
+}
+async function main() {
+    console.log(`\nOrg: ${org}  Project: ${project}  BuildId: ${buildId}`);
+    console.log("Fetching token…");
+    const token = getToken();
+    console.log("Token OK\n");
+    const timeline = await httpGet(`${ADO_BASE}/timeline?${API_VER}`, token);
+    const records = timeline.records ?? [];
+    // Build parent → children index
+    const children = new Map();
+    for (const r of records) {
+        const p = r.parentId ?? null;
+        if (!children.has(p))
+            children.set(p, []);
+        children.get(p).push(r);
+    }
+    // Stages = top-level records of type Stage
+    const stages = (children.get(null) ?? [])
+        .filter(r => r.type === "Stage")
+        .sort((a, b) => (a.order ?? 0) - (b.order ?? 0));
+    // Totals from leaf records only (Tasks have no children) to avoid double-counting.
+    // Stage/Phase/Job warningCount is often 0 even when children have warnings.
+    const hasChildren = new Set(records.map(r => r.parentId).filter(Boolean));
+    let totalWarnings = 0;
+    let totalErrors = 0;
+    for (const r of records) {
+        if (!hasChildren.has(r.id)) {
+            totalWarnings += r.warningCount ?? 0;
+            totalErrors += r.errorCount ?? 0;
+        }
+    }
+    function sumDescendants(nodeId) {
+        const kids = children.get(nodeId) ?? [];
+        if (kids.length === 0)
+            return { warnings: 0, errors: 0 };
+        let w = 0, e = 0;
+        for (const kid of kids) {
+            if (!hasChildren.has(kid.id)) {
+                w += kid.warningCount ?? 0;
+                e += kid.errorCount ?? 0;
+            }
+            else {
+                const s = sumDescendants(kid.id);
+                w += s.warnings;
+                e += s.errors;
+            }
+        }
+        return { warnings: w, errors: e };
+    }
+    // Collect tasks with logs that have warnings (for --logs mode)
+    const warningTasks = [];
+    function printTree(nodes, indent) {
+        const sorted = [...nodes].sort((a, b) => (a.order ?? 0) - (b.order ?? 0));
+        for (const node of sorted) {
+            const w = node.warningCount ?? 0;
+            const e = node.errorCount ?? 0;
+            const b = badge(w, e);
+            console.log(`${indent}${node.type.padEnd(6)} ${node.name}${b}`);
+            if (showLogs && w > 0 && node.log?.url) {
+                warningTasks.push({ name: node.name, logUrl: node.log.url });
+            }
+            const kids = children.get(node.id) ?? [];
+            if (kids.length)
+                printTree(kids, indent + "  ");
+        }
+    }
+    console.log("── Warning/Error tree ────────────────────────────────────────────");
+    for (const stage of stages) {
+        const { warnings: sw, errors: se } = sumDescendants(stage.id);
+        console.log(`\nSTAGE  ${stage.name}  (state=${stage.state}  result=${stage.result ?? "—"})${badge(sw, se)}`);
+        const kids = children.get(stage.id) ?? [];
+        printTree(kids, "  ");
+    }
+    console.log(`\n── Totals ────────────────────────────────────────────────────────`);
+    console.log(`  Warnings: ${totalWarnings}`);
+    console.log(`  Errors  : ${totalErrors}`);
+    if (!showLogs || warningTasks.length === 0)
+        return;
+    console.log(`\n── Warning log lines (${warningTasks.length} tasks) ──────────────────────────`);
+    for (const task of warningTasks) {
+        console.log(`\n  [${task.name}]`);
+        try {
+            const text = await httpGetText(`${task.logUrl}?${API_VER}`, token);
+            const lines = text.split("\n").filter(l => /##\[warning\]/i.test(l));
+            if (lines.length === 0) {
+                console.log("    (no ##[warning] lines found in log)");
+            }
+            else {
+                for (const line of lines)
+                    console.log(`    ${line.trim()}`);
+            }
+        }
+        catch (e) {
+            console.log(`    Error fetching log: ${e.message}`);
+        }
+    }
+}
+main().catch(e => { console.error(e); process.exit(1); });