clishop 0.2.0 → 0.3.0

package/SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security issue in CLISHOP CLI, please report it privately:
+
+- Open a private security advisory on GitHub (preferred), or
+- Contact the maintainers via repository security contact.
+
+Please include:
+- A clear description of the issue
+- Reproduction steps / proof of concept
+- Potential impact
+- Suggested remediation (if available)
+
+## Supported Versions
+
+Until a stable `1.0.0` release is published, only the latest release line is considered supported for security fixes.
+
+## Security Expectations
+
+- Never commit secrets or tokens.
+- Use OS keychain-backed credentials where available.
+- Prefer secure non-interactive auth methods over plaintext CLI arguments.
+- Keep dependencies up to date and monitor advisories.

package/dist/chunk-RHBOI27D.js

@@ -0,0 +1,192 @@
+import {
+  getApiBaseUrl
+} from "./chunk-ZF3JIQRK.js";
+
+// src/auth.ts
+import keytar from "keytar";
+import axios from "axios";
+var SERVICE_NAME = "clishop";
+var ACCOUNT_TOKEN = "auth-token";
+var ACCOUNT_REFRESH = "refresh-token";
+var ACCOUNT_USER = "user-info";
+function assertAuthResponse(data) {
+  const payload = data;
+  if (!payload || typeof payload !== "object") {
+    throw new Error("Invalid auth response from server.");
+  }
+  if (!payload.token || typeof payload.token !== "string") {
+    throw new Error("Auth response missing access token.");
+  }
+  if (payload.refreshToken !== void 0 && typeof payload.refreshToken !== "string") {
+    throw new Error("Auth response has an invalid refresh token.");
+  }
+  if (!payload.user || typeof payload.user !== "object") {
+    throw new Error("Auth response missing user profile.");
+  }
+  if (!payload.user.id || !payload.user.email || !payload.user.name) {
+    throw new Error("Auth response user profile is incomplete.");
+  }
+  return payload;
+}
+async function storeToken(token) {
+  await keytar.setPassword(SERVICE_NAME, ACCOUNT_TOKEN, token);
+}
+async function storeRefreshToken(token) {
+  await keytar.setPassword(SERVICE_NAME, ACCOUNT_REFRESH, token);
+}
+async function storeUserInfo(user) {
+  await keytar.setPassword(SERVICE_NAME, ACCOUNT_USER, JSON.stringify(user));
+}
+async function getToken() {
+  return keytar.getPassword(SERVICE_NAME, ACCOUNT_TOKEN);
+}
+async function getRefreshToken() {
+  return keytar.getPassword(SERVICE_NAME, ACCOUNT_REFRESH);
+}
+async function getUserInfo() {
+  const raw = await keytar.getPassword(SERVICE_NAME, ACCOUNT_USER);
+  if (!raw) return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+async function clearAuth() {
+  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_TOKEN);
+  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_REFRESH);
+  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_USER);
+}
+async function isLoggedIn() {
+  const token = await getToken();
+  return !!token;
+}
+async function login(email, password) {
+  const baseUrl = getApiBaseUrl();
+  const res = await axios.post(`${baseUrl}/auth/login`, { email, password });
+  const { token, refreshToken, user } = assertAuthResponse(res.data);
+  await storeToken(token);
+  if (refreshToken) await storeRefreshToken(refreshToken);
+  await storeUserInfo(user);
+  return user;
+}
+async function register(email, password, name, monthlySpendingLimitInCents) {
+  const baseUrl = getApiBaseUrl();
+  const body = { email, password, name };
+  if (monthlySpendingLimitInCents !== void 0) {
+    body.monthlySpendingLimitInCents = monthlySpendingLimitInCents;
+  }
+  const res = await axios.post(`${baseUrl}/auth/register`, body);
+  const { token, refreshToken, user } = assertAuthResponse(res.data);
+  await storeToken(token);
+  if (refreshToken) await storeRefreshToken(refreshToken);
+  await storeUserInfo(user);
+  return user;
+}
+async function logout() {
+  const baseUrl = getApiBaseUrl();
+  const token = await getToken();
+  if (token) {
+    try {
+      await axios.post(`${baseUrl}/auth/logout`, {}, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    } catch {
+    }
+  }
+  await clearAuth();
+}
+
+// src/api.ts
+import axios2 from "axios";
+import chalk from "chalk";
+var client = null;
+function assertRefreshResponse(data) {
+  const payload = data;
+  if (!payload || typeof payload !== "object" || typeof payload.token !== "string") {
+    throw new Error("Invalid refresh response from server.");
+  }
+  return { token: payload.token };
+}
+function getApiClient() {
+  if (client) return client;
+  const baseUrl = getApiBaseUrl();
+  if (!baseUrl.startsWith("https://")) {
+    console.warn(chalk.yellow(`
+\u26A0 Using a non-HTTPS API URL: ${baseUrl}
+`));
+  }
+  client = axios2.create({
+    baseURL: baseUrl,
+    timeout: 3e4,
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+  client.interceptors.request.use(async (reqConfig) => {
+    const token = await getToken();
+    if (token) {
+      reqConfig.headers.Authorization = `Bearer ${token}`;
+    }
+    return reqConfig;
+  });
+  client.interceptors.response.use(
+    (res) => res,
+    async (error) => {
+      if (error.response?.status === 401) {
+        const refreshToken = await getRefreshToken();
+        if (refreshToken) {
+          try {
+            const res = await axios2.post(`${baseUrl}/auth/refresh`, { refreshToken });
+            const { token } = assertRefreshResponse(res.data);
+            await storeToken(token);
+            if (error.config) {
+              error.config.headers.Authorization = `Bearer ${token}`;
+              return axios2(error.config);
+            }
+          } catch {
+          }
+        }
+        console.error(chalk.red("\n\u2717 Session expired. Please login again: clishop login\n"));
+        process.exit(1);
+      }
+      throw error;
+    }
+  );
+  return client;
+}
+function handleApiError(error) {
+  if (axios2.isAxiosError(error)) {
+    const data = error.response?.data;
+    const message = data?.message || data?.error || error.message;
+    const status = error.response?.status;
+    if (status === 422 && data?.errors) {
+      console.error(chalk.red("\n\u2717 Validation errors:"));
+      for (const [field, msgs] of Object.entries(data.errors)) {
+        console.error(chalk.red(`  ${field}: ${msgs.join(", ")}`));
+      }
+    } else if (status === 404) {
+      console.error(chalk.red(`
+\u2717 Not found: ${message}`));
+    } else {
+      console.error(chalk.red(`
+\u2717 API error (${status || "network"}): ${message}`));
+    }
+  } else if (error instanceof Error) {
+    console.error(chalk.red(`
+\u2717 ${error.message}`));
+  } else {
+    console.error(chalk.red("\n\u2717 An unexpected error occurred."));
+  }
+  process.exit(1);
+}
+
+export {
+  getUserInfo,
+  isLoggedIn,
+  login,
+  register,
+  logout,
+  getApiClient,
+  handleApiError
+};

package/dist/chunk-ZF3JIQRK.js

@@ -0,0 +1,108 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/config.ts
+import Conf from "conf";
+var DEFAULT_AGENT = {
+  name: "default",
+  requireConfirmation: true,
+  maxOrderAmount: 500,
+  allowedCategories: [],
+  blockedCategories: []
+};
+var DEFAULT_API_BASE_URL = "https://clishop-backend.vercel.app/api";
+var config = new Conf({
+  projectName: "clishop",
+  defaults: {
+    activeAgent: "default",
+    agents: {
+      default: DEFAULT_AGENT
+    },
+    apiBaseUrl: DEFAULT_API_BASE_URL,
+    outputFormat: "human",
+    setupCompleted: false
+  }
+});
+function getConfig() {
+  return config;
+}
+function getApiBaseUrl() {
+  const envOverride = process.env.CLISHOP_API_URL?.trim();
+  if (envOverride) return envOverride;
+  return config.get("apiBaseUrl") || DEFAULT_API_BASE_URL;
+}
+function getActiveAgent() {
+  const cfg = config.store;
+  const override = process.env.__CLISHOP_AGENT_OVERRIDE;
+  if (override && cfg.agents[override]) {
+    return cfg.agents[override];
+  }
+  return cfg.agents[cfg.activeAgent] || cfg.agents["default"];
+}
+function getAgent(name) {
+  return config.store.agents[name];
+}
+function setActiveAgent(name) {
+  if (!config.store.agents[name]) {
+    throw new Error(`Agent "${name}" does not exist. Create it first with: clishop agent create ${name}`);
+  }
+  config.set("activeAgent", name);
+}
+function createAgent(name, opts = {}) {
+  if (config.store.agents[name]) {
+    throw new Error(`Agent "${name}" already exists.`);
+  }
+  const agent = {
+    name,
+    requireConfirmation: true,
+    maxOrderAmount: 500,
+    allowedCategories: [],
+    blockedCategories: [],
+    ...opts
+  };
+  config.set(`agents.${name}`, agent);
+  return agent;
+}
+function updateAgent(name, opts) {
+  const existing = config.store.agents[name];
+  if (!existing) {
+    throw new Error(`Agent "${name}" does not exist.`);
+  }
+  const updated = { ...existing, ...opts, name };
+  config.set(`agents.${name}`, updated);
+  return updated;
+}
+function deleteAgent(name) {
+  if (name === "default") {
+    throw new Error('Cannot delete the "default" agent.');
+  }
+  if (!config.store.agents[name]) {
+    throw new Error(`Agent "${name}" does not exist.`);
+  }
+  const agents = { ...config.store.agents };
+  delete agents[name];
+  config.set("agents", agents);
+  if (config.store.activeAgent === name) {
+    config.set("activeAgent", "default");
+  }
+}
+function listAgents() {
+  return Object.values(config.store.agents);
+}
+
+export {
+  __export,
+  DEFAULT_API_BASE_URL,
+  getConfig,
+  getApiBaseUrl,
+  getActiveAgent,
+  getAgent,
+  setActiveAgent,
+  createAgent,
+  updateAgent,
+  deleteAgent,
+  listAgents
+};

package/dist/config-63FY6NWX.js

@@ -0,0 +1,24 @@
+import {
+  DEFAULT_API_BASE_URL,
+  createAgent,
+  deleteAgent,
+  getActiveAgent,
+  getAgent,
+  getApiBaseUrl,
+  getConfig,
+  listAgents,
+  setActiveAgent,
+  updateAgent
+} from "./chunk-ZF3JIQRK.js";
+export {
+  DEFAULT_API_BASE_URL,
+  createAgent,
+  deleteAgent,
+  getActiveAgent,
+  getAgent,
+  getApiBaseUrl,
+  getConfig,
+  listAgents,
+  setActiveAgent,
+  updateAgent
+};