cloudops-cli 0.1.0

package/dist/auth/auth-handler.js

@@ -0,0 +1,266 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthHandler = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
+const oidc = __importStar(require("openid-client"));
+/**
+ * Authentication handler for CLI
+ * Manages OAuth/SSO flow and secure token storage
+ */
+class AuthHandler {
+    tokenDir;
+    tokenFile;
+    encryptionKey;
+    constructor(configDir) {
+        this.tokenDir = configDir || path.join(os.homedir(), '.cloudops');
+        this.tokenFile = path.join(this.tokenDir, '.tokens');
+        // Generate or load encryption key for token storage
+        this.encryptionKey = this.getOrCreateEncryptionKey();
+    }
+    /**
+     * Start OAuth/SSO authentication flow
+     * Returns the authorization URL for the user to visit
+     */
+    async startAuthFlow(issuerUrl, clientId, redirectUri = 'http://localhost:8080/callback') {
+        // Discover OIDC configuration
+        const config = await oidc.discovery(new URL(issuerUrl), clientId);
+        // Generate PKCE code verifier and challenge
+        const codeVerifier = oidc.randomPKCECodeVerifier();
+        const codeChallenge = await oidc.calculatePKCECodeChallenge(codeVerifier);
+        // Generate state for CSRF protection
+        const state = oidc.randomState();
+        const authUrl = oidc.buildAuthorizationUrl(config, {
+            redirect_uri: redirectUri,
+            scope: 'openid profile email',
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            state,
+        });
+        return {
+            authUrl: authUrl.href,
+            codeVerifier,
+            state,
+        };
+    }
+    /**
+     * Complete OAuth/SSO authentication flow
+     * Exchange authorization code for tokens
+     */
+    async completeAuthFlow(issuerUrl, clientId, code, codeVerifier, redirectUri = 'http://localhost:8080/callback') {
+        // Discover OIDC configuration
+        const config = await oidc.discovery(new URL(issuerUrl), clientId);
+        try {
+            const currentUrl = new URL(redirectUri);
+            currentUrl.searchParams.set('code', code);
+            const tokens = await oidc.authorizationCodeGrant(config, currentUrl, {
+                pkceCodeVerifier: codeVerifier,
+                expectedState: undefined, // State validation done by callback server
+            });
+            const tokenResponse = {
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+                idToken: tokens.id_token,
+                expiresIn: tokens.expires_in || 3600,
+                tokenType: tokens.token_type || 'Bearer',
+            };
+            // Store tokens securely
+            await this.storeTokens(tokenResponse);
+        }
+        catch (error) {
+            throw new Error(`Failed to exchange code for tokens: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Get current access token, refreshing if necessary
+     */
+    async getAccessToken(issuerUrl, clientId) {
+        const tokens = await this.loadTokens();
+        if (!tokens) {
+            return null;
+        }
+        // Check if token is expired or will expire in the next 5 minutes
+        const now = Math.floor(Date.now() / 1000);
+        const expiryBuffer = 300; // 5 minutes
+        if (tokens.expiresAt > now + expiryBuffer) {
+            // Token is still valid
+            return tokens.accessToken;
+        }
+        // Token is expired or expiring soon, try to refresh
+        if (tokens.refreshToken && issuerUrl && clientId) {
+            try {
+                await this.refreshToken(issuerUrl, clientId, tokens.refreshToken);
+                const refreshedTokens = await this.loadTokens();
+                return refreshedTokens?.accessToken || null;
+            }
+            catch (error) {
+                // Refresh failed, user needs to re-authenticate
+                console.error('Token refresh failed:', error);
+                return null;
+            }
+        }
+        return null;
+    }
+    /**
+     * Refresh access token using refresh token
+     */
+    async refreshToken(issuerUrl, clientId, refreshToken) {
+        // Discover OIDC configuration
+        const config = await oidc.discovery(new URL(issuerUrl), clientId);
+        try {
+            const tokens = await oidc.refreshTokenGrant(config, refreshToken);
+            const tokenResponse = {
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+                idToken: tokens.id_token,
+                expiresIn: tokens.expires_in || 3600,
+                tokenType: tokens.token_type || 'Bearer',
+            };
+            // Store refreshed tokens
+            await this.storeTokens(tokenResponse);
+        }
+        catch (error) {
+            throw new Error(`Failed to refresh token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Check if user is authenticated
+     */
+    async isAuthenticated() {
+        const tokens = await this.loadTokens();
+        if (!tokens) {
+            return false;
+        }
+        const now = Math.floor(Date.now() / 1000);
+        return tokens.expiresAt > now;
+    }
+    /**
+     * Clear stored tokens (logout)
+     */
+    async clearTokens() {
+        if (fs.existsSync(this.tokenFile)) {
+            fs.unlinkSync(this.tokenFile);
+        }
+    }
+    /**
+     * Store tokens securely (encrypted)
+     */
+    async storeTokens(tokens) {
+        const now = Math.floor(Date.now() / 1000);
+        const storage = {
+            accessToken: tokens.accessToken,
+            refreshToken: tokens.refreshToken,
+            expiresAt: now + tokens.expiresIn,
+            tokenType: tokens.tokenType,
+        };
+        // Encrypt token data
+        const encrypted = this.encrypt(JSON.stringify(storage));
+        // Ensure directory exists
+        if (!fs.existsSync(this.tokenDir)) {
+            fs.mkdirSync(this.tokenDir, { recursive: true, mode: 0o700 });
+        }
+        // Write encrypted tokens to file with restricted permissions
+        fs.writeFileSync(this.tokenFile, encrypted, { mode: 0o600 });
+    }
+    /**
+     * Load tokens from secure storage (decrypted)
+     */
+    async loadTokens() {
+        if (!fs.existsSync(this.tokenFile)) {
+            return null;
+        }
+        try {
+            const encrypted = fs.readFileSync(this.tokenFile, 'utf8');
+            const decrypted = this.decrypt(encrypted);
+            return JSON.parse(decrypted);
+        }
+        catch (error) {
+            console.error('Failed to load tokens:', error);
+            return null;
+        }
+    }
+    /**
+     * Get or create encryption key for token storage
+     */
+    getOrCreateEncryptionKey() {
+        const keyFile = path.join(this.tokenDir, '.key');
+        if (fs.existsSync(keyFile)) {
+            return fs.readFileSync(keyFile);
+        }
+        // Generate new encryption key
+        const key = crypto.randomBytes(32); // 256-bit key for AES-256
+        // Ensure directory exists
+        if (!fs.existsSync(this.tokenDir)) {
+            fs.mkdirSync(this.tokenDir, { recursive: true, mode: 0o700 });
+        }
+        // Store key with restricted permissions
+        fs.writeFileSync(keyFile, key, { mode: 0o600 });
+        return key;
+    }
+    /**
+     * Encrypt data using AES-256-GCM
+     */
+    encrypt(plaintext) {
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
+        let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        // Return IV + authTag + encrypted data
+        return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
+    }
+    /**
+     * Decrypt data using AES-256-GCM
+     */
+    decrypt(ciphertext) {
+        const parts = ciphertext.split(':');
+        if (parts.length !== 3) {
+            throw new Error('Invalid ciphertext format');
+        }
+        const iv = Buffer.from(parts[0], 'hex');
+        const authTag = Buffer.from(parts[1], 'hex');
+        const encrypted = parts[2];
+        const decipher = crypto.createDecipheriv('aes-256-gcm', this.encryptionKey, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+}
+exports.AuthHandler = AuthHandler;
+//# sourceMappingURL=auth-handler.js.map

package/dist/auth/auth-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-handler.js","sourceRoot":"","sources":["../../src/auth/auth-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,+CAAiC;AACjC,oDAAsC;AAuBtC;;;GAGG;AACH,MAAa,WAAW;IACd,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,aAAa,CAAS;IAE9B,YAAY,SAAkB;QAC5B,IAAI,CAAC,QAAQ,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,CAAC,CAAC;QAClE,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAErD,oDAAoD;QACpD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,wBAAwB,EAAE,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,QAAgB,EAChB,cAAsB,gCAAgC;QAEtD,8BAA8B;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,IAAI,GAAG,CAAC,SAAS,CAAC,EAClB,QAAQ,CACT,CAAC;QAEF,4CAA4C;QAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACnD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,YAAY,CAAC,CAAC;QAE1E,qCAAqC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE;YACjD,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,sBAAsB;YAC7B,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,IAAI;YACrB,YAAY;YACZ,KAAK;SACN,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CACpB,SAAiB,EACjB,QAAgB,EAChB,IAAY,EACZ,YAAoB,EACpB,cAAsB,gCAAgC;QAEtD,8BAA8B;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,IAAI,GAAG,CAAC,SAAS,CAAC,EAClB,QAAQ,CACT,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;YACxC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC9C,MAAM,EACN,UAAU,EACV;gBACE,gBAAgB,EAAE,YAAY;gBAC9B,aAAa,EAAE,SAAS,EAAE,2CAA2C;aACtE,CACF,CAAC;YAEF,MAAM,aAAa,GAAkB;gBACnC,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,OAAO,EAAE,MAAM,CAAC,QAAQ;gBACxB,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI;gBACpC,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;aACzC,CAAC;YAEF,wBAAwB;YACxB,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QACrH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,SAAkB,EAAE,QAAiB;QACxD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iEAAiE;QACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,YAAY;QAEtC,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,GAAG,YAAY,EAAE,CAAC;YAC1C,uBAAuB;YACvB,OAAO,MAAM,CAAC,WAAW,CAAC;QAC5B,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,CAAC,YAAY,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBAClE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChD,OAAO,eAAe,EAAE,WAAW,IAAI,IAAI,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gDAAgD;gBAChD,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,QAAgB,EAAE,YAAoB;QAC1E,8BAA8B;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,IAAI,GAAG,CAAC,SAAS,CAAC,EAClB,QAAQ,CACT,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YAElE,MAAM,aAAa,GAAkB;gBACnC,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,OAAO,EAAE,MAAM,CAAC,QAAQ;gBACxB,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI;gBACpC,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;aACzC,CAAC;YAEF,yBAAyB;YACzB,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QAC1G,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,OAAO,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,MAAqB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAiB;YAC5B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,SAAS;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;QAEF,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAExD,0BAA0B;QAC1B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,6DAA6D;QAC7D,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAiB,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEjD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QAED,8BAA8B;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,0BAA0B;QAE9D,0BAA0B;QAC1B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,wCAAwC;QACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,SAAiB;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAE5E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,uCAAuC;QACvC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;IAC9E,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,UAAkB;QAChC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAChF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AA3RD,kCA2RC"}

package/dist/auth/callback-server.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Callback result from OAuth flow
+ */
+export interface CallbackResult {
+    code?: string;
+    state?: string;
+    error?: string;
+    errorDescription?: string;
+}
+/**
+ * Simple HTTP server to handle OAuth callback
+ */
+export declare class CallbackServer {
+    private server;
+    private port;
+    constructor(port?: number);
+    /**
+     * Start the callback server and wait for OAuth response
+     * Returns a promise that resolves with the callback result
+     */
+    waitForCallback(expectedState: string, timeoutMs?: number): Promise<CallbackResult>;
+    /**
+     * Stop the callback server
+     */
+    stop(): void;
+    /**
+     * Get the callback URL for this server
+     */
+    getCallbackUrl(): string;
+}
+//# sourceMappingURL=callback-server.d.ts.map

package/dist/auth/callback-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback-server.d.ts","sourceRoot":"","sources":["../../src/auth/callback-server.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,IAAI,CAAS;gBAET,IAAI,GAAE,MAAa;IAI/B;;;OAGG;IACG,eAAe,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,GAAE,MAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAkFjG;;OAEG;IACH,IAAI,IAAI,IAAI;IAOZ;;OAEG;IACH,cAAc,IAAI,MAAM;CAGzB"}

package/dist/auth/callback-server.js

@@ -0,0 +1,143 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CallbackServer = void 0;
+const http = __importStar(require("http"));
+const url = __importStar(require("url"));
+/**
+ * Simple HTTP server to handle OAuth callback
+ */
+class CallbackServer {
+    server = null;
+    port;
+    constructor(port = 8080) {
+        this.port = port;
+    }
+    /**
+     * Start the callback server and wait for OAuth response
+     * Returns a promise that resolves with the callback result
+     */
+    async waitForCallback(expectedState, timeoutMs = 120000) {
+        return new Promise((resolve, reject) => {
+            const timeout = setTimeout(() => {
+                this.stop();
+                reject(new Error('Authentication timeout - no callback received'));
+            }, timeoutMs);
+            this.server = http.createServer((req, res) => {
+                const parsedUrl = url.parse(req.url || '', true);
+                if (parsedUrl.pathname === '/callback') {
+                    const query = parsedUrl.query;
+                    // Send response to browser
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    if (query.error) {
+                        res.end(`
+              <html>
+                <head><title>Authentication Failed</title></head>
+                <body>
+                  <h1>Authentication Failed</h1>
+                  <p>Error: ${query.error}</p>
+                  <p>${query.error_description || ''}</p>
+                  <p>You can close this window and return to the CLI.</p>
+                </body>
+              </html>
+            `);
+                    }
+                    else {
+                        res.end(`
+              <html>
+                <head><title>Authentication Successful</title></head>
+                <body>
+                  <h1>Authentication Successful!</h1>
+                  <p>You can close this window and return to the CLI.</p>
+                </body>
+              </html>
+            `);
+                    }
+                    // Clear timeout
+                    clearTimeout(timeout);
+                    // Stop server
+                    this.stop();
+                    // Validate state to prevent CSRF
+                    if (query.state !== expectedState) {
+                        reject(new Error('State mismatch - possible CSRF attack'));
+                        return;
+                    }
+                    // Resolve with callback result
+                    if (query.error) {
+                        resolve({
+                            error: query.error,
+                            errorDescription: query.error_description,
+                        });
+                    }
+                    else {
+                        resolve({
+                            code: query.code,
+                            state: query.state,
+                        });
+                    }
+                }
+                else {
+                    // Unknown path
+                    res.writeHead(404, { 'Content-Type': 'text/plain' });
+                    res.end('Not Found');
+                }
+            });
+            this.server.listen(this.port, () => {
+                console.log(`Callback server listening on http://localhost:${this.port}`);
+            });
+            this.server.on('error', (error) => {
+                clearTimeout(timeout);
+                reject(new Error(`Failed to start callback server: ${error.message}`));
+            });
+        });
+    }
+    /**
+     * Stop the callback server
+     */
+    stop() {
+        if (this.server) {
+            this.server.close();
+            this.server = null;
+        }
+    }
+    /**
+     * Get the callback URL for this server
+     */
+    getCallbackUrl() {
+        return `http://localhost:${this.port}/callback`;
+    }
+}
+exports.CallbackServer = CallbackServer;
+//# sourceMappingURL=callback-server.js.map

package/dist/auth/callback-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback-server.js","sourceRoot":"","sources":["../../src/auth/callback-server.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAC7B,yCAA2B;AAY3B;;GAEG;AACH,MAAa,cAAc;IACjB,MAAM,GAAuB,IAAI,CAAC;IAClC,IAAI,CAAS;IAErB,YAAY,OAAe,IAAI;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,aAAqB,EAAE,YAAoB,MAAM;QACrE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;YACrE,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC3C,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;gBAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACvC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;oBAE9B,2BAA2B;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBAEpD,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;wBAChB,GAAG,CAAC,GAAG,CAAC;;;;;8BAKU,KAAK,CAAC,KAAK;uBAClB,KAAK,CAAC,iBAAiB,IAAI,EAAE;;;;aAIvC,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,GAAG,CAAC,GAAG,CAAC;;;;;;;;aAQP,CAAC,CAAC;oBACL,CAAC;oBAED,gBAAgB;oBAChB,YAAY,CAAC,OAAO,CAAC,CAAC;oBAEtB,cAAc;oBACd,IAAI,CAAC,IAAI,EAAE,CAAC;oBAEZ,iCAAiC;oBACjC,IAAI,KAAK,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;wBAClC,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;wBAC3D,OAAO;oBACT,CAAC;oBAED,+BAA+B;oBAC/B,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;wBAChB,OAAO,CAAC;4BACN,KAAK,EAAE,KAAK,CAAC,KAAe;4BAC5B,gBAAgB,EAAE,KAAK,CAAC,iBAA2B;yBACpD,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC;4BACN,IAAI,EAAE,KAAK,CAAC,IAAc;4BAC1B,KAAK,EAAE,KAAK,CAAC,KAAe;yBAC7B,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,eAAe;oBACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;oBACrD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;gBACjC,OAAO,CAAC,GAAG,CAAC,iDAAiD,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAChC,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACzE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,oBAAoB,IAAI,CAAC,IAAI,WAAW,CAAC;IAClD,CAAC;CACF;AA9GD,wCA8GC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,3 @@
+export { AuthHandler, TokenStorage } from './auth-handler';
+export { CallbackServer, CallbackResult } from './callback-server';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CallbackServer = exports.AuthHandler = void 0;
+var auth_handler_1 = require("./auth-handler");
+Object.defineProperty(exports, "AuthHandler", { enumerable: true, get: function () { return auth_handler_1.AuthHandler; } });
+var callback_server_1 = require("./callback-server");
+Object.defineProperty(exports, "CallbackServer", { enumerable: true, get: function () { return callback_server_1.CallbackServer; } });
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,+CAA2D;AAAlD,2GAAA,WAAW,OAAA;AACpB,qDAAmE;AAA1D,iHAAA,cAAc,OAAA"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}