figmanage 1.1.0 → 1.2.2

package/dist/cli/completion.d.ts

@@ -0,0 +1,7 @@
+import { Command } from 'commander';
+/**
+ * Create the `completion` command. Needs the parent program reference
+ * so it can introspect the full command tree at runtime.
+ */
+export declare function completionCommand(program: Command): Command;
+//# sourceMappingURL=completion.d.ts.map

package/dist/cli/completion.js

@@ -0,0 +1,160 @@
+import { Command } from 'commander';
+/**
+ * Introspect a Commander program and extract its command tree.
+ * Returns a map of command names to their subcommand names.
+ * Top-level commands without subcommands (like login, whoami) get an empty array.
+ */
+function extractCommandTree(program) {
+    const tree = new Map();
+    for (const cmd of program.commands) {
+        const subs = cmd.commands.map((sub) => sub.name());
+        tree.set(cmd.name(), subs);
+    }
+    return tree;
+}
+/**
+ * Extract all option flags from a command (including inherited ones).
+ * Returns long-form flags like --json, --help.
+ */
+function extractOptions(cmd) {
+    const flags = [];
+    for (const opt of cmd.options) {
+        if (opt.long)
+            flags.push(opt.long);
+    }
+    return flags;
+}
+/**
+ * Collect global options that appear across most commands.
+ * These get offered at every completion point.
+ */
+function extractGlobalOptions(program) {
+    const flags = new Set();
+    // Program-level options (--version, etc.)
+    for (const opt of program.options) {
+        if (opt.long)
+            flags.add(opt.long);
+    }
+    // Common flags present on subcommands
+    flags.add('--help');
+    flags.add('--json');
+    return [...flags];
+}
+function generateZshScript(program) {
+    const tree = extractCommandTree(program);
+    const globalOpts = extractGlobalOptions(program);
+    const topLevelCmds = [...tree.keys()];
+    // Build case arms for subcommand completion
+    const caseArms = [];
+    for (const [group, subs] of tree) {
+        if (subs.length > 0) {
+            caseArms.push(`      ${group})\n        local subcmds=(${subs.join(' ')})\n        _describe 'subcommand' subcmds\n        ;;`);
+        }
+    }
+    return `#compdef figmanage
+
+# Shell completion for figmanage
+# Add to ~/.zshrc: eval "$(figmanage completion)"
+
+_figmanage() {
+  local -a commands
+  commands=(${topLevelCmds.join(' ')})
+
+  local global_opts=(${globalOpts.join(' ')})
+
+  _arguments -C \\
+    '1:command:->cmd' \\
+    '2:subcommand:->sub' \\
+    '*::options:->opts'
+
+  case $state in
+    cmd)
+      _describe 'command' commands
+      ;;
+    sub)
+      case $words[1] in
+${caseArms.join('\n')}
+      *)
+        _describe 'option' global_opts
+        ;;
+      esac
+      ;;
+    opts)
+      _values 'options' $global_opts
+      ;;
+  esac
+}
+
+compdef _figmanage figmanage
+`;
+}
+function generateBashScript(program) {
+    const tree = extractCommandTree(program);
+    const globalOpts = extractGlobalOptions(program);
+    const topLevelCmds = [...tree.keys()];
+    // Build case arms for subcommand completion
+    const caseArms = [];
+    for (const [group, subs] of tree) {
+        if (subs.length > 0) {
+            caseArms.push(`      ${group})\n        COMPREPLY=($(compgen -W "${subs.join(' ')}" -- "$cur"))\n        ;;`);
+        }
+    }
+    return `# Shell completion for figmanage
+# Add to ~/.bashrc: eval "$(figmanage completion)"
+
+_figmanage() {
+  local cur prev words cword
+  _init_completion || return
+
+  local commands="${topLevelCmds.join(' ')}"
+  local global_opts="${globalOpts.join(' ')}"
+
+  case $cword in
+    1)
+      COMPREPLY=($(compgen -W "$commands" -- "$cur"))
+      ;;
+    2)
+      case "\${words[1]}" in
+${caseArms.join('\n')}
+      *)
+        COMPREPLY=($(compgen -W "$global_opts" -- "$cur"))
+        ;;
+      esac
+      ;;
+    *)
+      COMPREPLY=($(compgen -W "$global_opts" -- "$cur"))
+      ;;
+  esac
+}
+
+complete -F _figmanage figmanage
+`;
+}
+function detectShell() {
+    const shell = process.env.SHELL ?? '';
+    if (shell.endsWith('/zsh'))
+        return 'zsh';
+    return 'bash';
+}
+/**
+ * Create the `completion` command. Needs the parent program reference
+ * so it can introspect the full command tree at runtime.
+ */
+export function completionCommand(program) {
+    const cmd = new Command('completion')
+        .description('Output shell completion script')
+        .option('--shell <shell>', 'Shell type (bash or zsh)')
+        .action((options) => {
+        const shell = options.shell ?? detectShell();
+        if (shell !== 'bash' && shell !== 'zsh') {
+            console.error(`Unsupported shell: ${shell}. Use --shell bash or --shell zsh.`);
+            process.exit(1);
+        }
+        const script = shell === 'zsh'
+            ? generateZshScript(program)
+            : generateBashScript(program);
+        process.stdout.write(script);
+    });
+    return cmd;
+}
+//# sourceMappingURL=completion.js.map

package/dist/cli/format.js

@@ -2,13 +2,158 @@
 export function isTTY() {
     return process.stdout.isTTY === true;
 }
+/** Get terminal width, defaulting to 80 if unavailable */
+function termWidth() {
+    return process.stdout.columns || 80;
+}
+/** Format a value for display in a table cell */
+function formatCell(value) {
+    if (value === null || value === undefined)
+        return '';
+    if (typeof value === 'string')
+        return value;
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return String(value);
+    if (Array.isArray(value))
+        return `[${value.length} items]`;
+    if (typeof value === 'object')
+        return '{...}';
+    return String(value);
+}
+/** Truncate a string to maxLen, appending ... if truncated */
+function truncate(str, maxLen) {
+    if (maxLen < 4)
+        return str.slice(0, maxLen);
+    if (str.length <= maxLen)
+        return str;
+    return str.slice(0, maxLen - 3) + '...';
+}
+/** Pad a string to the right with spaces */
+function padRight(str, width) {
+    if (str.length >= width)
+        return str;
+    return str + ' '.repeat(width - str.length);
+}
+/**
+ * Render an array of objects as an aligned table.
+ * Columns are auto-sized to content, then shrunk proportionally if they
+ * exceed terminal width. A minimum gap of 2 spaces separates columns.
+ */
+function formatTable(rows) {
+    if (rows.length === 0)
+        return '';
+    // Collect all keys across all rows (preserving insertion order)
+    const keySet = new Set();
+    for (const row of rows) {
+        for (const key of Object.keys(row)) {
+            keySet.add(key);
+        }
+    }
+    const keys = Array.from(keySet);
+    // Build string grid: headers + data
+    const headers = keys.map((k) => k.toUpperCase());
+    const grid = rows.map((row) => keys.map((k) => formatCell(row[k])));
+    // Compute natural column widths (max of header and all data cells)
+    const colWidths = keys.map((_, i) => {
+        let max = headers[i].length;
+        for (const row of grid) {
+            if (row[i].length > max)
+                max = row[i].length;
+        }
+        return max;
+    });
+    const gap = 2;
+    const maxWidth = termWidth();
+    const totalGap = gap * (keys.length - 1);
+    const totalNatural = colWidths.reduce((a, b) => a + b, 0) + totalGap;
+    // If columns exceed terminal width, shrink the widest columns first
+    if (totalNatural > maxWidth && keys.length > 0) {
+        const budget = maxWidth - totalGap;
+        if (budget > 0) {
+            // Give each column at least 4 chars, distribute remaining proportionally
+            const minCol = 4;
+            const guaranteed = Math.min(minCol, Math.floor(budget / keys.length));
+            let remaining = budget;
+            // First pass: cap each column to its natural width or proportional share
+            const totalContent = colWidths.reduce((a, b) => a + b, 0);
+            for (let i = 0; i < colWidths.length; i++) {
+                const share = Math.max(guaranteed, Math.floor((colWidths[i] / totalContent) * budget));
+                colWidths[i] = Math.min(colWidths[i], share);
+                remaining -= colWidths[i];
+            }
+            // Distribute leftover to columns that were truncated
+            if (remaining > 0) {
+                for (let i = 0; i < colWidths.length && remaining > 0; i++) {
+                    const natural = headers[i].length;
+                    const canGrow = Math.max(0, natural - colWidths[i]);
+                    const give = Math.min(canGrow, remaining);
+                    colWidths[i] += give;
+                    remaining -= give;
+                }
+            }
+        }
+    }
+    // Render rows
+    const lines = [];
+    // Header row
+    const headerLine = keys
+        .map((_, i) => padRight(truncate(headers[i], colWidths[i]), colWidths[i]))
+        .join(' '.repeat(gap));
+    lines.push(headerLine.trimEnd());
+    // Data rows
+    for (const row of grid) {
+        const line = keys
+            .map((_, i) => padRight(truncate(row[i], colWidths[i]), colWidths[i]))
+            .join(' '.repeat(gap));
+        lines.push(line.trimEnd());
+    }
+    return lines.join('\n');
+}
+/**
+ * Render a single object as key-value pairs.
+ * Falls back to JSON for deeply nested objects.
+ */
+function formatKeyValue(obj) {
+    // If every value is a nested object/array, this won't be readable as k/v.
+    // Check if the majority of values are complex -- if so, fall back to JSON.
+    const values = Object.values(obj);
+    const complexCount = values.filter((v) => v !== null && typeof v === 'object').length;
+    if (complexCount > values.length / 2) {
+        return JSON.stringify(obj, null, 2);
+    }
+    const entries = Object.entries(obj);
+    if (entries.length === 0)
+        return '{}';
+    return entries.map(([key, val]) => `${key}: ${formatCell(val)}`).join('\n');
+}
 /** Format output: JSON if piped or --json flag, human-readable if TTY */
 export function formatOutput(data, options) {
     if (options.json || !isTTY()) {
         return JSON.stringify(data, null, 2);
     }
-    // Table formatting will be added later; fall back to JSON for now
-    return JSON.stringify(data, null, 2);
+    // Primitives: render as-is
+    if (data === null || data === undefined)
+        return '';
+    if (typeof data === 'string')
+        return data;
+    if (typeof data === 'number' || typeof data === 'boolean')
+        return String(data);
+    // Array of objects: table
+    if (Array.isArray(data)) {
+        if (data.length === 0)
+            return '';
+        // If every element is a plain object, render as table
+        if (data.every((item) => item !== null && typeof item === 'object' && !Array.isArray(item))) {
+            return formatTable(data);
+        }
+        // Array of primitives or mixed: one per line
+        return data.map((item) => formatCell(item)).join('\n');
+    }
+    // Single object
+    if (typeof data === 'object') {
+        return formatKeyValue(data);
+    }
+    return String(data);
 }
 /** Print formatted output to stdout */
 export function output(data, options = {}) {

package/dist/cli/index.js

@@ -14,6 +14,7 @@ import { analyticsCommand } from './analytics.js';
 import { orgCommand } from './org.js';
 import { librariesCommand } from './libraries.js';
 import { teamsCommand } from './teams.js';
+import { completionCommand } from './completion.js';
 import { fileSummaryCommand, workspaceOverviewCommand, openCommentsCommand, cleanupStaleFilesCommand, organizeProjectCommand, setupProjectStructureCommand, seatOptimizationCommand, permissionAuditCommand, branchCleanupCommand, offboardUserCommand, onboardUserCommand, quarterlyReportCommand, } from './compound-commands.js';
 export function registerCliCommands(program) {
     // Auth commands (flat -- not resource-scoped)
@@ -87,5 +88,7 @@ export function registerCliCommands(program) {
     program.addCommand(org);
     program.addCommand(libraries);
     program.addCommand(teams);
+    // Completion must be registered last so it can introspect all commands above
+    program.addCommand(completionCommand(program));
 }
 //# sourceMappingURL=index.js.map

package/dist/mcp.js

@@ -1,4 +1,5 @@
 import { createServer } from 'node:http';
+import { randomBytes } from 'node:crypto';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
@@ -75,12 +76,24 @@ export async function startMcpServer() {
     registerTools(server, config, enabledToolsets, readOnly);
     const httpPort = parseHttpPort(process.argv);
     if (httpPort) {
+        // Bearer token auth for HTTP transport
+        let httpToken = process.env.FIGMA_HTTP_TOKEN || '';
+        if (!httpToken) {
+            httpToken = randomBytes(32).toString('hex');
+            console.error(`Generated HTTP bearer token: ${httpToken}`);
+            console.error('Set FIGMA_HTTP_TOKEN to use a fixed token.');
+        }
         const transport = new StreamableHTTPServerTransport({
             sessionIdGenerator: undefined,
         });
         const httpServer = createServer(async (req, res) => {
             const url = new URL(req.url ?? '/', `http://localhost:${httpPort}`);
             if (url.pathname === '/mcp') {
+                const auth = req.headers.authorization || '';
+                if (auth !== `Bearer ${httpToken}`) {
+                    res.writeHead(401).end('Unauthorized');
+                    return;
+                }
                 await transport.handleRequest(req, res);
             }
             else {

package/dist/operations/compound-manager.js

@@ -460,6 +460,7 @@ export async function quarterlyDesignOpsReport(config, params) {
         }),
     ]);
     // Paginate all members (cursor-based, max 500)
+    const errors = [];
     const allMembers = [];
     let cursor;
     const maxPages = 20;
@@ -478,7 +479,8 @@ export async function quarterlyDesignOpsReport(config, params) {
             if (!cursor || batch.length < 25)
                 break;
         }
-        catch {
+        catch (e) {
+            errors.push(`members: pagination stopped at page ${page} (${e.response?.status || e.message})`);
             break;
         }
     }
@@ -515,7 +517,6 @@ export async function quarterlyDesignOpsReport(config, params) {
         : 0;
     // Billing
     let billing = null;
-    const errors = [];
     if (ratesResult.status === 'fulfilled') {
         const prices = ratesResult.value.data?.meta?.product_prices || [];
         const seatProducts = new Set(['expert', 'developer', 'collaborator']);

package/dist/setup.js

@@ -1,279 +1,14 @@
 #!/usr/bin/env node
-import { execSync, execFileSync } from 'child_process';
-import { createDecipheriv, pbkdf2Sync } from 'crypto';
-import { copyFileSync, unlinkSync, mkdtempSync, mkdirSync, existsSync, rmdirSync, readFileSync, writeFileSync } from 'fs';
+import { execFileSync } from 'child_process';
+import { mkdirSync, existsSync, readFileSync, writeFileSync } from 'fs';
 import { join } from 'path';
-import { tmpdir, homedir, platform } from 'os';
-import axios from 'axios';
-const COOKIE_NAME = '__Host-figma.authn';
-// --- Platform-specific Chrome paths ---
-function getChromePaths() {
-    switch (platform()) {
-        case 'darwin':
-            return [join(homedir(), 'Library/Application Support/Google/Chrome')];
-        case 'linux':
-            return [
-                join(homedir(), '.config/google-chrome'),
-                join(homedir(), '.config/chromium'),
-            ];
-        case 'win32': {
-            const localAppData = process.env.LOCALAPPDATA || join(homedir(), 'AppData/Local');
-            return [join(localAppData, 'Google/Chrome/User Data')];
-        }
-        default:
-            return [];
-    }
-}
-// --- Chrome profile discovery ---
-function findChromeProfiles() {
-    const chromePaths = getChromePaths();
-    const profiles = [];
-    for (const base of chromePaths) {
-        if (!existsSync(base))
-            continue;
-        const defaultProfile = join(base, 'Default');
-        if (existsSync(join(defaultProfile, 'Cookies')))
-            profiles.push(defaultProfile);
-        for (let i = 1; i <= 20; i++) {
-            const profile = join(base, `Profile ${i}`);
-            if (existsSync(join(profile, 'Cookies')))
-                profiles.push(profile);
-        }
-    }
-    if (profiles.length === 0)
-        throw new Error('No Chrome profiles with Cookies found.');
-    return profiles;
-}
-// --- macOS cookie decryption ---
-function getMacDecryptionKey() {
-    const password = execFileSync('security', ['find-generic-password', '-w', '-s', 'Chrome Safe Storage'], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-    return pbkdf2Sync(password, 'saltysalt', 1003, 16, 'sha1');
-}
-// --- Linux cookie decryption ---
-function getLinuxDecryptionKey() {
-    // Try GNOME Keyring first via secret-tool
-    try {
-        const password = execSync('secret-tool lookup application chrome', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-        if (password)
-            return pbkdf2Sync(password, 'saltysalt', 1, 16, 'sha1');
-    }
-    catch {
-        // secret-tool not available or no entry
-    }
-    // Fall back to default Chrome password
-    return pbkdf2Sync('peanuts', 'saltysalt', 1, 16, 'sha1');
-}
-// --- Windows cookie decryption ---
-function getWindowsDecryptionKey(chromeBase) {
-    const localStatePath = join(chromeBase, 'Local State');
-    if (!existsSync(localStatePath)) {
-        throw new Error('Chrome Local State file not found. Cannot decrypt cookies on Windows.');
-    }
-    const localState = JSON.parse(readFileSync(localStatePath, 'utf-8'));
-    const encryptedKeyB64 = localState?.os_crypt?.encrypted_key;
-    if (!encryptedKeyB64) {
-        throw new Error('No encrypted_key in Chrome Local State.');
-    }
-    // The key is base64-encoded, with a 'DPAPI' prefix (5 bytes) before the actual DPAPI blob
-    const encryptedKey = Buffer.from(encryptedKeyB64, 'base64');
-    if (encryptedKey.toString('utf-8', 0, 5) !== 'DPAPI') {
-        throw new Error('Unexpected encrypted_key format (missing DPAPI prefix).');
-    }
-    const dpapiBlob = encryptedKey.slice(5).toString('base64');
-    // Use PowerShell to call DPAPI Unprotect
-    const psScript = `
-    Add-Type -AssemblyName System.Security
-    $blob = [Convert]::FromBase64String('${dpapiBlob}')
-    $dec = [Security.Cryptography.ProtectedData]::Unprotect($blob, $null, [Security.Cryptography.DataProtectionScope]::CurrentUser)
-    [Convert]::ToBase64String($dec)
-  `.trim().replace(/\n/g, '; ');
-    const decryptedB64 = execSync(`powershell -NoProfile -NonInteractive -Command "${psScript}"`, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-    return Buffer.from(decryptedB64, 'base64');
-}
-// --- Decryption ---
-function decryptCBC(encrypted, key) {
-    // v10 prefix = Chrome AES-128-CBC encryption (macOS and Linux)
-    if (encrypted.length > 3 && encrypted[0] === 0x76 && encrypted[1] === 0x31 && encrypted[2] === 0x30) {
-        const iv = Buffer.alloc(16, 0x20); // Chrome uses space (0x20) as IV
-        const decipher = createDecipheriv('aes-128-cbc', key, iv);
-        const decrypted = Buffer.concat([decipher.update(encrypted.slice(3)), decipher.final()]);
-        // Chrome may prepend binary metadata before the cookie value.
-        // The actual cookie is URL-encoded JSON starting with %7B or raw JSON starting with {
-        const str = decrypted.toString('binary');
-        const jsonStart = str.indexOf('%7B');
-        if (jsonStart >= 0)
-            return str.slice(jsonStart);
-        const rawJsonStart = str.indexOf('{');
-        if (rawJsonStart >= 0)
-            return str.slice(rawJsonStart);
-        throw new Error('Decrypted cookie data does not contain expected JSON value');
-    }
-    return encrypted.toString('utf-8');
-}
-function decryptWindows(encrypted, key) {
-    // Windows Chrome uses AES-256-GCM with v10 prefix
-    // Format: v10 (3 bytes) + nonce (12 bytes) + ciphertext + tag (16 bytes)
-    if (encrypted.length > 3 && encrypted[0] === 0x76 && encrypted[1] === 0x31 && encrypted[2] === 0x30) {
-        const nonce = encrypted.slice(3, 15);
-        const ciphertextWithTag = encrypted.slice(15);
-        const tag = ciphertextWithTag.slice(ciphertextWithTag.length - 16);
-        const ciphertext = ciphertextWithTag.slice(0, ciphertextWithTag.length - 16);
-        const decipher = createDecipheriv('aes-256-gcm', key, nonce);
-        decipher.setAuthTag(tag);
-        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-        const str = decrypted.toString('utf-8');
-        const jsonStart = str.indexOf('%7B');
-        if (jsonStart >= 0)
-            return str.slice(jsonStart);
-        const rawJsonStart = str.indexOf('{');
-        if (rawJsonStart >= 0)
-            return str.slice(rawJsonStart);
-        throw new Error('Decrypted cookie data does not contain expected JSON value');
-    }
-    return encrypted.toString('utf-8');
-}
-// --- Cookie extraction ---
-function extractCookie(profilePath) {
-    const cookiesDb = join(profilePath, 'Cookies');
-    const tmpDir = mkdtempSync(join(tmpdir(), 'figmanage-'));
-    const tmpDb = join(tmpDir, 'Cookies');
-    // Copy DB + WAL/SHM (Chrome locks the original)
-    copyFileSync(cookiesDb, tmpDb);
-    for (const ext of ['-wal', '-shm']) {
-        const src = cookiesDb + ext;
-        if (existsSync(src))
-            copyFileSync(src, tmpDb + ext);
-    }
-    try {
-        // Query for the auth cookie -- could be on figma.com or www.figma.com
-        const sqliteBin = platform() === 'win32' ? 'sqlite3.exe' : 'sqlite3';
-        const hex = execSync(`${sqliteBin} "${tmpDb}" "SELECT hex(encrypted_value) FROM cookies WHERE name = '${COOKIE_NAME}' AND host_key LIKE '%figma.com' ORDER BY last_access_utc DESC LIMIT 1;"`, { encoding: 'utf-8' }).trim();
-        if (!hex)
-            throw new Error(`No ${COOKIE_NAME} cookie found. Are you logged into figma.com in Chrome?`);
-        const encrypted = Buffer.from(hex, 'hex');
-        const os = platform();
-        if (os === 'darwin') {
-            const key = getMacDecryptionKey();
-            return decryptCBC(encrypted, key);
-        }
-        else if (os === 'linux') {
-            const key = getLinuxDecryptionKey();
-            return decryptCBC(encrypted, key);
-        }
-        else if (os === 'win32') {
-            // Derive the chrome base from the profile path (go up one level from Default/Profile N)
-            const chromeBase = join(profilePath, '..');
-            const key = getWindowsDecryptionKey(chromeBase);
-            return decryptWindows(encrypted, key);
-        }
-        throw new Error(`Unsupported platform: ${os}`);
-    }
-    finally {
-        for (const f of [tmpDb, tmpDb + '-wal', tmpDb + '-shm']) {
-            try {
-                unlinkSync(f);
-            }
-            catch { }
-        }
-        try {
-            rmdirSync(tmpDir);
-        }
-        catch { }
-    }
-}
-// --- Figma API validation ---
-function parseCookieValue(raw) {
-    // Cookie value is JSON: {"userId":"token"} (may be URL-encoded)
-    let decoded = raw;
-    try {
-        decoded = decodeURIComponent(raw);
-    }
-    catch { }
-    try {
-        const parsed = JSON.parse(decoded);
-        const entries = Object.entries(parsed);
-        if (entries.length === 0)
-            throw new Error('Empty cookie JSON');
-        const [userId, token] = entries[0];
-        return { userId, token, cookieValue: raw };
-    }
-    catch {
-        throw new Error('Unexpected cookie format. Expected URL-encoded JSON with userId field.');
-    }
-}
-async function validateSession(cookieValue, userId) {
-    const headers = {
-        'Cookie': `${COOKIE_NAME}=${cookieValue}`,
-        'X-CSRF-Bypass': 'yes',
-        'X-Figma-User-Id': userId,
-    };
-    const res = await axios.get('https://www.figma.com/api/user/state', {
-        headers,
-        timeout: 15000,
-    });
-    if (res.data?.error !== false)
-        throw new Error('Session invalid');
-    const meta = res.data.meta || {};
-    const teams = (meta.teams || []).map((t) => ({ id: String(t.id), name: t.name }));
-    const orgs = (meta.orgs || []).map((o) => ({ id: String(o.id), name: o.name }));
-    // Try to find org_id: check orgs array, team_users, or follow the recents redirect
-    let orgId = '';
-    if (orgs.length > 0) {
-        orgId = orgs[0].id;
-    }
-    else {
-        // Figma redirects /files/recents-and-sharing to /files/{org_id}/recents-and-sharing
-        try {
-            const redirect = await axios.get('https://www.figma.com/files/recents-and-sharing', {
-                headers,
-                maxRedirects: 0,
-                validateStatus: (s) => s >= 200 && s < 400,
-                timeout: 10000,
-            });
-            // Check final URL for org_id pattern: /files/{org_id}/
-            const finalUrl = redirect.request?.res?.responseUrl || redirect.headers?.location || '';
-            const match = finalUrl.match(/\/files\/(\d+)\//);
-            if (match)
-                orgId = match[1];
-        }
-        catch (e) {
-            // Check redirect location header
-            const loc = e.response?.headers?.location || '';
-            const match = loc.match(/\/files\/(\d+)\//);
-            if (match)
-                orgId = match[1];
-        }
-    }
-    // If orgId found but no orgs entry, try to derive a name from the org's domain
-    if (orgId && orgs.length === 0) {
-        let name = orgId;
-        try {
-            const domRes = await axios.get(`https://www.figma.com/api/orgs/${orgId}/domains`, {
-                headers,
-                timeout: 10000,
-            });
-            const domains = domRes.data?.meta || [];
-            if (Array.isArray(domains) && domains.length > 0 && domains[0].domain) {
-                name = domains[0].domain;
-            }
-        }
-        catch { /* domain lookup optional */ }
-        orgs.push({ id: orgId, name });
-    }
-    return { orgId, orgs, teams };
-}
-// --- PAT validation ---
-async function validatePat(pat) {
-    const res = await axios.get('https://api.figma.com/v1/me', {
-        headers: { 'X-Figma-Token': pat },
-        timeout: 15000,
-    });
-    return res.data.handle || res.data.email || 'valid';
-}
+import { homedir, platform } from 'os';
+import { extractCookies, validateSession, validatePat } from './auth/cookie.js';
 // --- MCP client detection and registration ---
 function claudeCliAvailable() {
     try {
-        execSync('which claude 2>/dev/null || where claude 2>nul', {
+        const whichCmd = platform() === 'win32' ? 'where' : 'which';
+        execFileSync(whichCmd, ['claude'], {
             encoding: 'utf-8',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
@@ -285,9 +20,20 @@ function claudeCliAvailable() {
 }
 function registerWithClaude(envVars) {
     try {
-        execSync('claude mcp remove figmanage -s user 2>/dev/null || true', { encoding: 'utf-8' });
-        const envFlags = Object.entries(envVars).map(([k, v]) => `--env ${k}=${v}`).join(' ');
-        execSync(`claude mcp add figmanage --transport stdio -s user ${envFlags} -- npx -y figmanage`, { encoding: 'utf-8' });
+        try {
+            execFileSync('claude', ['mcp', 'remove', 'figmanage', '-s', 'user'], {
+                encoding: 'utf-8',
+                stdio: ['pipe', 'pipe', 'pipe'],
+            });
+        }
+        catch {
+            // Ignore if not previously registered
+        }
+        execFileSync('claude', [
+            'mcp', 'add', 'figmanage', '--transport', 'stdio', '-s', 'user',
+            ...Object.entries(envVars).flatMap(([k, v]) => ['--env', `${k}=${v}`]),
+            '--', 'npx', '-y', 'figmanage',
+        ], { encoding: 'utf-8' });
         return true;
     }
     catch {
@@ -414,17 +160,7 @@ async function setup() {
     console.log(`Reading Chrome cookies${promptLabel}...`);
     let accounts = [];
     try {
-        const profiles = findChromeProfiles();
-        for (const profilePath of profiles) {
-            try {
-                const rawCookie = extractCookie(profilePath);
-                const { userId, cookieValue } = parseCookieValue(rawCookie);
-                accounts.push({ userId, cookieValue, profile: profilePath.split(/[/\\]/).pop() });
-            }
-            catch {
-                // Profile doesn't have a Figma cookie
-            }
-        }
+        accounts = extractCookies();
     }
     catch (e) {
         if (os === 'win32') {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "figmanage",
   "mcpName": "io.github.dannykeane/figmanage",
-  "version": "1.1.0",
+  "version": "1.2.2",
   "description": "MCP server for managing your Figma workspace from the terminal.",
   "type": "module",
   "main": "dist/index.js",
@@ -40,8 +40,8 @@
   },
   "homepage": "https://github.com/dannykeane/figmanage#readme",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.25.0",
-    "axios": "^1.7.0",
+    "@modelcontextprotocol/sdk": "^1.25.2",
+    "axios": "^1.13.5",
     "axios-retry": "^4.4.0",
     "commander": "^14.0.3",
     "zod": "^3.23.0"