mobbdev 1.2.36 → 1.2.45

package/dist/args/commands/upload_ai_blame.mjs

@@ -6700,9 +6700,19 @@ function isAuthError(error) {
   }
   return false;
 }
-function isNetworkError(error) {
+function isTransientError(error) {
   const errorString = error?.toString() ?? "";
-  return errorString.includes("FetchError") || errorString.includes("TypeError") || errorString.includes("ECONNREFUSED") || errorString.includes("ENOTFOUND") || errorString.includes("ETIMEDOUT") || errorString.includes("UND_ERR");
+  if (errorString.includes("FetchError") || errorString.includes("TypeError") || errorString.includes("ECONNREFUSED") || errorString.includes("ENOTFOUND") || errorString.includes("ETIMEDOUT") || errorString.includes("UND_ERR")) {
+    return true;
+  }
+  if (error instanceof ClientError) {
+    const status = error.response?.status;
+    if (status && status >= 502 && status <= 504) return true;
+  }
+  if (errorString.includes("Gateway Time-out") || errorString.includes("Bad Gateway") || errorString.includes("Service Unavailable")) {
+    return true;
+  }
+  return false;
 }
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
@@ -6763,8 +6773,8 @@ var GQLClient = class {
     try {
       await this.getUserInfo();
     } catch (e) {
-      if (isNetworkError(e)) {
-        debug7("verify connection failed (network error) %o", e);
+      if (isTransientError(e)) {
+        debug7("verify connection failed (transient error) %o", e);
         return false;
       }
       debug7("verify connection: endpoint reachable but request failed %o", e);
@@ -6785,11 +6795,7 @@ var GQLClient = class {
         debug7("verify token failed - auth error %o", e);
         return false;
       }
-      if (isNetworkError(e)) {
-        debug7("verify token failed - network error, rethrowing %o", e);
-        throw e;
-      }
-      debug7("verify token failed - unexpected error, rethrowing %o", e);
+      debug7("verify token failed - transient/unknown error, rethrowing %o", e);
       throw e;
     }
   }
@@ -6846,11 +6852,7 @@ var GQLClient = class {
     return res?.cli_login_by_pk?.encryptedApiToken || null;
   }
   async createCommunityUser() {
-    try {
-      await this._clientSdk.CreateCommunityUser();
-    } catch (e) {
-      debug7("create community user failed %o", e);
-    }
+    await this._clientSdk.CreateCommunityUser();
   }
   async updateScmToken(args) {
     const { scmType, url, token, org, refreshToken } = args;
@@ -7406,8 +7408,8 @@ var configStore = getConfigStore();
 
 // src/commands/AuthManager.ts
 var debug10 = Debug9("mobbdev:auth");
-var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
-var LOGIN_CHECK_DELAY = 5 * 1e3;
+var LOGIN_MAX_WAIT = 2 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 2 * 1e3;
 var _AuthManager = class _AuthManager {
   constructor(webAppUrl, apiUrl) {
     __publicField(this, "publicKey");
@@ -7421,22 +7423,33 @@ var _AuthManager = class _AuthManager {
     this.resolvedWebAppUrl = webAppUrl || WEB_APP_URL;
     this.resolvedApiUrl = apiUrl || API_URL;
   }
+  /** Set the minimum interval between browser opens (MCP sets this to 24h) */
+  static setBrowserCooldown(ms) {
+    _AuthManager.browserCooldownMs = ms;
+  }
+  /** Reset cooldown state. Used by tests to ensure isolation. */
+  static resetCooldown() {
+    _AuthManager.lastBrowserOpenTime = 0;
+    _AuthManager.browserCooldownMs = 0;
+  }
   openUrlInBrowser() {
-    if (this.currentBrowserUrl) {
-      open(this.currentBrowserUrl);
-      return true;
+    if (!this.currentBrowserUrl) {
+      return false;
     }
-    return false;
+    if (_AuthManager.browserCooldownMs > 0 && Date.now() - _AuthManager.lastBrowserOpenTime < _AuthManager.browserCooldownMs) {
+      debug10("browser cooldown active, skipping open");
+      return false;
+    }
+    open(this.currentBrowserUrl);
+    _AuthManager.lastBrowserOpenTime = Date.now();
+    return true;
   }
+  /**
+   * Polls for the encrypted API token, decrypts it, validates it, and stores it.
+   * Returns true if login succeeded.
+   */
   async waitForAuthentication() {
-    let newApiToken = null;
-    for (let i = 0; i < _AuthManager.loginMaxWait / LOGIN_CHECK_DELAY; i++) {
-      newApiToken = await this.getApiToken();
-      if (newApiToken) {
-        break;
-      }
-      await sleep(LOGIN_CHECK_DELAY);
-    }
+    const newApiToken = await this.waitForApiToken();
     if (!newApiToken) {
       return false;
     }
@@ -7454,52 +7467,75 @@ var _AuthManager = class _AuthManager {
     return false;
   }
   /**
-   * Checks if the user is already authenticated
+   * Polls for the encrypted API token and decrypts it.
+   * Does NOT validate or store the token — use this when the caller
+   * needs to validate on a specific client type (e.g. McpGQLClient).
+   */
+  async waitForApiToken() {
+    for (let i = 0; i < _AuthManager.loginMaxWait / LOGIN_CHECK_DELAY; i++) {
+      const token = await this.getApiToken();
+      if (token) {
+        return token;
+      }
+      await sleep(LOGIN_CHECK_DELAY);
+    }
+    return null;
+  }
+  /**
+   * Checks if the user is already authenticated.
+   * Returns the full AuthResult so callers can distinguish 'invalid' from 'unknown'.
    */
   async isAuthenticated() {
     if (this.authenticated === null) {
       const result = await this.checkAuthentication();
       this.authenticated = result.isAuthenticated;
       if (!result.isAuthenticated) {
-        debug10("isAuthenticated: false \u2014 %s", result.message);
+        debug10("isAuthenticated: false \u2014 %s (%s)", result.message, result.reason);
       }
     }
     return this.authenticated;
   }
   /**
-   * Private function to check if the user is authenticated with the server
+   * Full 3-state auth check returning an {@link AuthResult}.
+   *
+   * - `isAuthenticated: true` — token is valid.
+   * - `reason: 'invalid'` — definitive auth failure (access-denied). Caller should trigger login.
+   * - `reason: 'unknown'` — transient/network error. Caller should NOT trigger login.
    */
   async checkAuthentication(apiKey) {
+    if (!this.gqlClient) {
+      this.gqlClient = this.getGQLClient(apiKey);
+    }
+    const isConnected = await this.gqlClient.verifyApiConnection();
+    if (!isConnected) {
+      return {
+        isAuthenticated: false,
+        reason: "unknown",
+        message: "Failed to connect to Mobb server"
+      };
+    }
     try {
-      if (!this.gqlClient) {
-        this.gqlClient = this.getGQLClient(apiKey);
-      }
-      const isConnected = await this.gqlClient.verifyApiConnection();
-      if (!isConnected) {
-        return {
-          isAuthenticated: false,
-          message: "Failed to connect to Mobb server"
-        };
-      }
       const userVerify = await this.gqlClient.validateUserToken();
       if (!userVerify) {
         return {
           isAuthenticated: false,
+          reason: "invalid",
           message: "User token validation failed"
         };
       }
     } catch (error) {
       return {
         isAuthenticated: false,
+        reason: "unknown",
         message: error instanceof Error ? error.message : "Unknown authentication error"
       };
     }
-    return { isAuthenticated: true, message: "Successfully authenticated" };
+    return { isAuthenticated: true };
   }
   /**
    * Generates a login URL for manual authentication
    */
-  async generateLoginUrl(loginContext) {
+  async generateLoginUrl(loginPath, loginContext) {
     try {
       if (!this.gqlClient) {
         this.gqlClient = this.getGQLClient();
@@ -7512,7 +7548,7 @@ var _AuthManager = class _AuthManager {
       this.loginId = await this.gqlClient.createCliLogin({
         publicKey: this.publicKey.export({ format: "pem", type: "pkcs1" }).toString()
       });
-      const webLoginUrl = `${this.resolvedWebAppUrl}/cli-login`;
+      const webLoginUrl = `${this.resolvedWebAppUrl}${loginPath || "/cli-login"}`;
       const browserUrl = loginContext ? buildLoginUrl(webLoginUrl, this.loginId, os.hostname(), loginContext) : `${webLoginUrl}/${this.loginId}?hostname=${os.hostname()}`;
       this.currentBrowserUrl = browserUrl;
       return browserUrl;
@@ -7522,22 +7558,32 @@ var _AuthManager = class _AuthManager {
     }
   }
   /**
-   * Retrieves and decrypts the API token after authentication
+   * Retrieves and decrypts the API token after authentication.
+   * Returns null if the token is not yet available or on transient errors.
    */
   async getApiToken() {
     if (!this.gqlClient || !this.loginId || !this.privateKey) {
       return null;
     }
-    const encryptedApiToken = await this.gqlClient.getEncryptedApiToken({
-      loginId: this.loginId
-    });
-    if (encryptedApiToken) {
-      return crypto.privateDecrypt(
-        this.privateKey,
-        Buffer.from(encryptedApiToken, "base64")
-      ).toString("utf-8");
+    try {
+      const encryptedApiToken = await this.gqlClient.getEncryptedApiToken({
+        loginId: this.loginId
+      });
+      if (encryptedApiToken) {
+        return crypto.privateDecrypt(
+          this.privateKey,
+          Buffer.from(encryptedApiToken, "base64")
+        ).toString("utf-8");
+      }
+      return null;
+    } catch (error) {
+      if (isTransientError(error)) {
+        debug10("getApiToken: transient error, will retry");
+      } else {
+        debug10("getApiToken: unexpected error: %O", error);
+      }
+      return null;
     }
-    return null;
   }
   /**
    * Returns true if a non-empty API token is stored in the configStore.
@@ -7581,12 +7627,13 @@ var _AuthManager = class _AuthManager {
 };
 /** Maximum time (ms) to wait for login authentication. Override in tests for faster failures. */
 __publicField(_AuthManager, "loginMaxWait", LOGIN_MAX_WAIT);
+/** Browser cooldown: minimum ms between browser opens (0 = no cooldown) */
+__publicField(_AuthManager, "browserCooldownMs", 0);
+__publicField(_AuthManager, "lastBrowserOpenTime", 0);
 var AuthManager = _AuthManager;
 
 // src/commands/handleMobbLogin.ts
 var debug11 = Debug10("mobbdev:commands");
-var LOGIN_MAX_WAIT2 = 10 * 60 * 1e3;
-var LOGIN_CHECK_DELAY2 = 5 * 1e3;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
   "press any key to continue"
 )};`;
@@ -7617,7 +7664,8 @@ async function handleMobbLogin({
   skipPrompts,
   apiUrl,
   webAppUrl,
-  loginContext
+  loginContext,
+  loginPath
 }) {
   debug11(
     "handleMobbLogin: resolved URLs - apiUrl=%s (from param: %s), webAppUrl=%s (from param: %s)",
@@ -7629,16 +7677,16 @@ async function handleMobbLogin({
   const { createSpinner } = Spinner({ ci: skipPrompts });
   const authManager = new AuthManager(webAppUrl, apiUrl);
   authManager.setGQLClient(inGqlClient);
-  try {
-    const isAuthenticated = await authManager.isAuthenticated();
-    if (isAuthenticated) {
-      createSpinner().start().success({
-        text: `\u{1F513} Login to Mobb succeeded. Already authenticated`
-      });
-      return authManager.getGQLClient();
-    }
-  } catch (error) {
-    debug11("Authentication check failed:", error);
+  const authResult = await authManager.checkAuthentication();
+  if (authResult.isAuthenticated) {
+    createSpinner().start().success({
+      text: `\u{1F513} Login to Mobb succeeded. Already authenticated`
+    });
+    return authManager.getGQLClient();
+  }
+  if (authResult.reason === "unknown") {
+    debug11("Auth check returned unknown: %s", authResult.message);
+    throw new CliError(`Cannot verify authentication: ${authResult.message}`);
   }
   if (apiKey) {
     createSpinner().start().error({
@@ -7657,7 +7705,7 @@ async function handleMobbLogin({
     text: "\u{1F513} Waiting for Mobb login..."
   });
   try {
-    const loginUrl = await authManager.generateLoginUrl(loginContext);
+    const loginUrl = await authManager.generateLoginUrl(loginPath, loginContext);
     if (!loginUrl) {
       loginSpinner.error({
         text: "Failed to generate login URL"