nexusapp-cli 3.0.0 → 3.1.1

package/dist/client.d.ts

@@ -0,0 +1,6 @@
+import { AxiosInstance } from 'axios';
+export declare const client: AxiosInstance;
+/** Unwrap { success, data } envelope if present, otherwise return as-is. */
+export declare function unwrap(responseData: any): any;
+export declare function apiError(error: unknown): string;
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAc,EAAE,aAAa,EAAc,MAAM,OAAO,CAAC;AAkDzD,eAAO,MAAM,MAAM,eAAiB,CAAC;AAErC,4EAA4E;AAC5E,wBAAgB,MAAM,CAAC,YAAY,EAAE,GAAG,GAAG,GAAG,CAK7C;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAO/C"}

package/dist/client.js

@@ -0,0 +1,63 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.client = void 0;
+exports.unwrap = unwrap;
+exports.apiError = apiError;
+const axios_1 = __importDefault(require("axios"));
+const config_js_1 = require("./config.js");
+function createClient() {
+    const config = (0, config_js_1.getConfig)();
+    const baseURL = config.apiUrl || 'https://nexusai.run';
+    const instance = axios_1.default.create({
+        baseURL,
+        timeout: 30000,
+    });
+    instance.interceptors.request.use((req) => {
+        const cfg = (0, config_js_1.getConfig)();
+        if (cfg.token) {
+            req.headers = req.headers || {};
+            req.headers['Authorization'] = `Bearer ${cfg.token}`;
+        }
+        return req;
+    });
+    instance.interceptors.response.use((res) => res, (error) => {
+        if (!error.response) {
+            const url = baseURL;
+            console.error(`Cannot reach NEXUS AI API at ${url}.`);
+            process.exit(1);
+        }
+        const status = error.response.status;
+        const data = error.response.data;
+        if (status === 401) {
+            console.error("Session expired. Run 'nexus auth login'");
+            process.exit(1);
+        }
+        if (status === 403) {
+            console.error(data?.message || data?.error || 'Access denied.');
+            process.exit(1);
+        }
+        return Promise.reject(error);
+    });
+    return instance;
+}
+exports.client = createClient();
+/** Unwrap { success, data } envelope if present, otherwise return as-is. */
+function unwrap(responseData) {
+    if (responseData && typeof responseData === 'object' && 'data' in responseData) {
+        return responseData.data;
+    }
+    return responseData;
+}
+function apiError(error) {
+    if (axios_1.default.isAxiosError(error)) {
+        const data = error.response?.data;
+        return data?.message || data?.error || error.message;
+    }
+    if (error instanceof Error)
+        return error.message;
+    return String(error);
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;;;;AAqDA,wBAKC;AAED,4BAOC;AAnED,kDAAyD;AACzD,2CAAwC;AAExC,SAAS,YAAY;IACnB,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,qBAAqB,CAAC;IAEvD,MAAM,QAAQ,GAAG,eAAK,CAAC,MAAM,CAAC;QAC5B,OAAO;QACP,OAAO,EAAE,KAAK;KACf,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACxC,MAAM,GAAG,GAAG,IAAA,qBAAS,GAAE,CAAC;QACxB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,GAAG,CAAC,KAAK,EAAE,CAAC;QACvD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAChC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,EACZ,CAAC,KAAiB,EAAE,EAAE;QACpB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,OAAO,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,gCAAgC,GAAG,GAAG,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAW,CAAC;QAExC,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;YACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,IAAI,IAAI,EAAE,KAAK,IAAI,gBAAgB,CAAC,CAAC;YAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEY,QAAA,MAAM,GAAG,YAAY,EAAE,CAAC;AAErC,4EAA4E;AAC5E,SAAgB,MAAM,CAAC,YAAiB;IACtC,IAAI,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,MAAM,IAAI,YAAY,EAAE,CAAC;QAC/E,OAAO,YAAY,CAAC,IAAI,CAAC;IAC3B,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,QAAQ,CAAC,KAAc;IACrC,IAAI,eAAK,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAW,CAAC;QACzC,OAAO,IAAI,EAAE,OAAO,IAAI,IAAI,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC;IACvD,CAAC;IACD,IAAI,KAAK,YAAY,KAAK;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC;IACjD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC"}

package/dist/commands/auth.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function registerAuth(program: Command): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/commands/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAyEpC,wBAAgB,YAAY,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAgHnD"}

package/dist/commands/auth.js

@@ -0,0 +1,178 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAuth = registerAuth;
+const http_1 = __importDefault(require("http"));
+const child_process_1 = require("child_process");
+const axios_1 = __importDefault(require("axios"));
+const config_js_1 = require("../config.js");
+const client_js_1 = require("../client.js");
+const output_js_1 = require("../output.js");
+function openBrowser(url) {
+    const platform = process.platform;
+    if (platform === 'darwin') {
+        (0, child_process_1.execFile)('open', [url], () => { });
+    }
+    else if (platform === 'win32') {
+        (0, child_process_1.execFile)('cmd', ['/c', 'start', '', url], () => { });
+    }
+    else {
+        (0, child_process_1.execFile)('xdg-open', [url], () => { });
+    }
+}
+function successHtml(webUrl) {
+    return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>NEXUS AI CLI</title>
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;background:#0b0c12;color:#e5e7eb}
+.box{text-align:center;padding:2.5rem 3rem;background:#ffffff08;border:1px solid #ffffff14;border-radius:1.25rem;max-width:360px;width:90%}
+.logo{display:flex;align-items:center;justify-content:center;gap:.65rem;margin-bottom:2rem}
+.logo img{height:2.25rem;width:2.25rem}
+.logo-name{font-size:1rem;font-weight:600;color:#fff;letter-spacing:-.01em}
+.check{width:2.75rem;height:2.75rem;background:#0ea5e920;border-radius:50%;display:flex;align-items:center;justify-content:center;margin:0 auto 1.25rem}
+.check svg{width:1.25rem;height:1.25rem;stroke:#38bdf8;fill:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:round}
+.title{font-size:1.2rem;font-weight:700;color:#fff;margin-bottom:.4rem}
+.sub{color:#6b7280;font-size:.85rem;line-height:1.5}
+</style></head>
+<body><div class="box">
+  <div class="logo">
+    <img src="${webUrl}/logo.svg" alt="NEXUS AI" onerror="this.style.display='none'">
+    <span class="logo-name">NEXUS AI</span>
+  </div>
+  <div class="check"><svg viewBox="0 0 24 24"><polyline points="20 6 9 17 4 12"/></svg></div>
+  <div class="title">Authorization successful</div>
+  <div class="sub">You can close this tab and return to your terminal.</div>
+</div></body></html>`;
+}
+function waitForCallback(server, webUrl) {
+    return new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+            server.close();
+            reject(new Error('Timed out waiting for browser authorization (2 minutes).'));
+        }, 120000);
+        server.on('request', (req, res) => {
+            const url = new URL(req.url, `http://localhost`);
+            const token = url.searchParams.get('token');
+            const tokenId = url.searchParams.get('tokenId') || '';
+            const email = url.searchParams.get('email') || '';
+            res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+            res.end(successHtml(webUrl));
+            clearTimeout(timeout);
+            server.close();
+            if (!token) {
+                reject(new Error('No token received from browser.'));
+            }
+            else {
+                resolve({ token, tokenId, email });
+            }
+        });
+    });
+}
+function registerAuth(program) {
+    const auth = program.command('auth').description('Authentication commands');
+    // login
+    auth
+        .command('login')
+        .description('Log in to NEXUS AI via browser')
+        .option('--api-url <url>', 'Backend API base URL (e.g. http://localhost:3001)')
+        .option('--web-url <url>', 'Frontend URL (e.g. http://localhost:3002)')
+        .option('--token <token>', 'Use an existing nxk_* access token directly')
+        .action(async (opts) => {
+        const apiUrl = opts.apiUrl || process.env.NEXUSAI_API_URL || 'https://nexusai.run';
+        const webUrl = opts.webUrl || process.env.NEXUSAI_WEB_URL
+            || apiUrl.replace(':3001', ':3002').replace('api.nexusai.run', 'nexusai.run');
+        // --token shortcut: skip browser
+        if (opts.token) {
+            try {
+                const res = await axios_1.default.get(`${apiUrl}/api/auth/verify`, {
+                    headers: { Authorization: `Bearer ${opts.token}` },
+                });
+                const user = res.data;
+                (0, config_js_1.saveConfig)({ apiUrl, token: opts.token, tokenId: '' });
+                (0, output_js_1.success)(`Logged in as ${user.email || user.user?.email}`);
+            }
+            catch (err) {
+                (0, output_js_1.errorMsg)('Token verification failed: ' + (0, client_js_1.apiError)(err));
+                process.exit(1);
+            }
+            return;
+        }
+        // Start local callback server on a random port
+        const server = http_1.default.createServer();
+        await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+        const port = server.address().port;
+        const callbackUrl = `http://localhost:${port}`;
+        const authUrl = `${webUrl}/cli-auth?callback=${encodeURIComponent(callbackUrl)}`;
+        console.log('');
+        console.log('Opening your browser to complete login...');
+        console.log('');
+        console.log(`  ${authUrl}`);
+        console.log('');
+        console.log('If the browser did not open, copy the URL above into your browser.');
+        console.log('');
+        openBrowser(authUrl);
+        const spin = (0, output_js_1.spinner)('Waiting for browser authorization...');
+        try {
+            const { token, tokenId, email } = await waitForCallback(server, webUrl);
+            (0, config_js_1.saveConfig)({ apiUrl, token, tokenId });
+            spin.stop();
+            (0, output_js_1.success)(`Logged in as ${email}`);
+        }
+        catch (err) {
+            spin.fail(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // logout
+    auth
+        .command('logout')
+        .description('Log out and revoke access token')
+        .action(async () => {
+        const config = (0, config_js_1.getConfig)();
+        if (!config.token) {
+            console.log('Not logged in.');
+            return;
+        }
+        if (config.tokenId) {
+            try {
+                await client_js_1.client.post(`/api/tokens/${config.tokenId}/revoke`);
+            }
+            catch {
+                // best-effort revocation
+            }
+        }
+        (0, config_js_1.clearConfig)();
+        (0, output_js_1.success)('Logged out.');
+    });
+    // whoami
+    auth
+        .command('whoami')
+        .description('Show current authenticated user')
+        .option('--json', 'Output raw JSON')
+        .action(async (opts) => {
+        try {
+            const res = await client_js_1.client.get('/api/auth/verify');
+            const user = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(user);
+                return;
+            }
+            const u = user.user || user;
+            const email = u.email || 'unknown';
+            const org = u.organization?.name || u.organizationId || '—';
+            const role = u.role || '—';
+            (0, output_js_1.printTable)(['Field', 'Value'], [
+                ['Email', email],
+                ['Organization', org],
+                ['Role', role],
+            ]);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/commands/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":";;;;;AAyEA,oCAgHC;AAxLD,gDAAwB;AACxB,iDAAyC;AAEzC,kDAA0B;AAC1B,4CAAkE;AAClE,4CAAwD;AACxD,4CAAiF;AAEjF,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAA,wBAAQ,EAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACpC,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,IAAA,wBAAQ,EAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,IAAA,wBAAQ,EAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO;;;;;;;;;;;;;;;gBAeO,MAAM;;;;;;qBAMD,CAAC;AACtB,CAAC;AAED,SAAS,eAAe,CAAC,MAAmB,EAAE,MAAc;IAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAChF,CAAC,EAAE,MAAO,CAAC,CAAC;QAEZ,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAElD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;YACnE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;YAE7B,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,CAAC,KAAK,EAAE,CAAC;YAEf,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,YAAY,CAAC,OAAgB;IAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,yBAAyB,CAAC,CAAC;IAE5E,QAAQ;IACR,IAAI;SACD,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,gCAAgC,CAAC;SAC7C,MAAM,CAAC,iBAAiB,EAAE,mDAAmD,CAAC;SAC9E,MAAM,CAAC,iBAAiB,EAAE,2CAA2C,CAAC;SACtE,MAAM,CAAC,iBAAiB,EAAE,6CAA6C,CAAC;SACxE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,qBAAqB,CAAC;QACnF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe;eACpD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAEhF,iCAAiC;QACjC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,EAAE;oBACvD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;iBACnD,CAAC,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;gBACtB,IAAA,sBAAU,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;gBACvD,IAAA,mBAAO,EAAC,gBAAgB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAA,oBAAQ,EAAC,6BAA6B,GAAG,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC,CAAC;gBACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,OAAO;QACT,CAAC;QAED,+CAA+C;QAC/C,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,EAAE,CAAC;QACnC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7E,MAAM,IAAI,GAAI,MAAM,CAAC,OAAO,EAAkB,CAAC,IAAI,CAAC;QAEpD,MAAM,WAAW,GAAG,oBAAoB,IAAI,EAAE,CAAC;QAC/C,MAAM,OAAO,GAAG,GAAG,MAAM,sBAAsB,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;QAEjF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,EAAE,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,WAAW,CAAC,OAAO,CAAC,CAAC;QAErB,MAAM,IAAI,GAAG,IAAA,mBAAO,EAAC,sCAAsC,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACxE,IAAA,sBAAU,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACZ,IAAA,mBAAO,EAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,SAAS;IACT,IAAI;SACD,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,iCAAiC,CAAC;SAC9C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,kBAAM,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,OAAO,SAAS,CAAC,CAAC;YAC5D,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;QAED,IAAA,uBAAW,GAAE,CAAC;QACd,IAAA,mBAAO,EAAC,aAAa,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEL,SAAS;IACT,IAAI;SACD,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,iCAAiC,CAAC;SAC9C,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC;SACnC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,kBAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,IAAA,kBAAM,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,qBAAS,EAAC,IAAI,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,SAAS,CAAC;YACnC,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,EAAE,IAAI,IAAI,CAAC,CAAC,cAAc,IAAI,GAAG,CAAC;YAC5D,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC;YAC3B,IAAA,sBAAU,EAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE;gBAC7B,CAAC,OAAO,EAAE,KAAK,CAAC;gBAChB,CAAC,cAAc,EAAE,GAAG,CAAC;gBACrB,CAAC,MAAM,EAAE,IAAI,CAAC;aACf,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAA,oBAAQ,EAAC,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/bucket.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function registerBucket(program: Command): void;
+//# sourceMappingURL=bucket.d.ts.map

package/dist/commands/bucket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bucket.d.ts","sourceRoot":"","sources":["../../src/commands/bucket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAepC,wBAAgB,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAqPrD"}

package/dist/commands/bucket.js

@@ -0,0 +1,354 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerBucket = registerBucket;
+const inquirer_1 = __importDefault(require("inquirer"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const client_js_1 = require("../client.js");
+const output_js_1 = require("../output.js");
+function formatBytes(bytes) {
+    const n = typeof bytes === 'bigint' ? Number(bytes) : bytes;
+    if (n < 1024)
+        return `${n} B`;
+    if (n < 1024 * 1024)
+        return `${(n / 1024).toFixed(1)} KB`;
+    if (n < 1024 * 1024 * 1024)
+        return `${(n / (1024 * 1024)).toFixed(1)} MB`;
+    return `${(n / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+}
+function registerBucket(program) {
+    const bk = program
+        .command('bucket')
+        .description('Object storage buckets (S3-compatible MinIO buckets)');
+    bk
+        .command('list')
+        .description('List buckets')
+        .option('--json', 'Output raw JSON')
+        .action(async (opts) => {
+        try {
+            const res = await client_js_1.client.get('/api/buckets');
+            const buckets = (0, client_js_1.unwrap)(res.data) || [];
+            if (opts.json) {
+                (0, output_js_1.printJson)(buckets);
+                return;
+            }
+            if (!buckets.length) {
+                console.log('No buckets found.');
+                return;
+            }
+            (0, output_js_1.printTable)(['ID', 'NAME', 'SIZE', 'OBJECTS', 'ATTACHED TO', 'CREATED'], buckets.map((b) => [
+                b.id,
+                b.displayName ? `${b.name} (${b.displayName})` : b.name,
+                formatBytes(b.sizeBytes),
+                String(b.objectCount),
+                b.attachments?.length ? b.attachments.map((a) => a.deploymentName).join(', ') : '—',
+                b.createdAt ? (0, output_js_1.timeAgo)(b.createdAt) : '—',
+            ]));
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('create <name>')
+        .description('Create a new bucket (org-scoped)')
+        .option('--display-name <name>', 'Friendly display name')
+        .option('--region <region>', 'Region', 'us-east-1')
+        .option('--json', 'Output raw JSON')
+        .action(async (name, opts) => {
+        try {
+            const res = await client_js_1.client.post('/api/buckets', {
+                name,
+                displayName: opts.displayName,
+                region: opts.region,
+            });
+            const b = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(b);
+                return;
+            }
+            (0, output_js_1.success)(`Bucket created: ${b.id}  (${b.name})`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('delete <id>')
+        .description('Delete a bucket (must be detached first; deletes all objects)')
+        .option('--yes', 'Skip confirmation prompt')
+        .action(async (id, opts) => {
+        if (!opts.yes) {
+            const { confirm } = await inquirer_1.default.prompt([
+                { type: 'confirm', name: 'confirm', message: `Delete bucket "${id}" and ALL its objects?`, default: false },
+            ]);
+            if (!confirm) {
+                console.log('Cancelled.');
+                return;
+            }
+        }
+        try {
+            await client_js_1.client.delete(`/api/buckets/${id}`);
+            (0, output_js_1.success)(`Bucket ${id} deleted.`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('attach <id> <deployment-id>')
+        .description('Attach a bucket to a deployment (injects S3_* env vars on next deploy)')
+        .action(async (id, deploymentId) => {
+        try {
+            await client_js_1.client.post(`/api/buckets/${id}/attach`, { deploymentId });
+            (0, output_js_1.success)(`Attached bucket ${id} to deployment ${deploymentId}.`);
+            console.log("  Run 'nexus deploy redeploy <id>' for env vars to take effect.");
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('detach <id> <deployment-id>')
+        .description('Detach a bucket from a deployment')
+        .action(async (id, deploymentId) => {
+        try {
+            await client_js_1.client.post(`/api/buckets/${id}/detach`, { deploymentId });
+            (0, output_js_1.success)(`Bucket ${id} detached from ${deploymentId}.`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('credentials <id>')
+        .description('Reveal the S3-compatible credentials for an external client (audit-logged)')
+        .option('--json', 'Output raw JSON')
+        .action(async (id, opts) => {
+        try {
+            const res = await client_js_1.client.get(`/api/buckets/${id}/credentials`);
+            const c = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(c);
+                return;
+            }
+            console.log(`Endpoint:    ${c.endpoint}`);
+            console.log(`Region:      ${c.region}`);
+            console.log(`Bucket:      ${c.bucket}`);
+            console.log(`Access key:  ${c.accessKey}`);
+            console.log(`Secret key:  ${c.secretKey}`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('rotate-credentials <id>')
+        .description('Rotate the per-bucket S3 access key (use to migrate legacy buckets to scoped IAM)')
+        .option('--yes', 'Skip confirmation prompt')
+        .action(async (id, opts) => {
+        if (!opts.yes) {
+            const { confirm } = await inquirer_1.default.prompt([
+                {
+                    type: 'confirm',
+                    name: 'confirm',
+                    message: 'Rotate credentials? Attached deployments must be redeployed to pick up new S3_* env vars.',
+                    default: false,
+                },
+            ]);
+            if (!confirm) {
+                console.log('Cancelled.');
+                return;
+            }
+        }
+        try {
+            await client_js_1.client.post(`/api/buckets/${id}/rotate-credentials`);
+            (0, output_js_1.success)(`Credentials rotated. Redeploy any attached deployments.`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('refresh-usage <id>')
+        .description('Refresh size and object count for a bucket')
+        .option('--json', 'Output raw JSON')
+        .action(async (id, opts) => {
+        try {
+            const res = await client_js_1.client.post(`/api/buckets/${id}/refresh-usage`);
+            const b = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(b);
+                return;
+            }
+            (0, output_js_1.success)(`${b.name}: ${formatBytes(b.sizeBytes)} across ${b.objectCount} object(s)`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    // ---- file ops ------------------------------------------------------------
+    bk
+        .command('files <id>')
+        .description('List files in a bucket')
+        .option('--prefix <prefix>', 'Filter by key prefix')
+        .option('--limit <n>', 'Max keys to return (default 1000)', '1000')
+        .option('--json', 'Output raw JSON')
+        .action(async (id, opts) => {
+        try {
+            const params = { limit: opts.limit };
+            if (opts.prefix)
+                params.prefix = opts.prefix;
+            const res = await client_js_1.client.get(`/api/buckets/${id}/files`, { params });
+            const data = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(data);
+                return;
+            }
+            if (!data.objects?.length) {
+                console.log('Empty.');
+                return;
+            }
+            (0, output_js_1.printTable)(['KEY', 'SIZE', 'MODIFIED'], data.objects.map((o) => [
+                o.key,
+                formatBytes(o.sizeBytes),
+                o.lastModified ? (0, output_js_1.timeAgo)(o.lastModified) : '—',
+            ]));
+            if (data.truncated)
+                console.log(`(truncated — pass --limit to see more)`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('upload <id> <local-file>')
+        .description('Upload a local file into the bucket')
+        .option('--key <key>', 'Object key (default: filename of local file)')
+        .action(async (id, localFile, opts) => {
+        try {
+            if (!fs.existsSync(localFile)) {
+                (0, output_js_1.errorMsg)(`File not found: ${localFile}`);
+                process.exit(1);
+            }
+            const key = opts.key || path.basename(localFile);
+            const stat = fs.statSync(localFile);
+            const stream = fs.createReadStream(localFile);
+            await client_js_1.client.put(`/api/buckets/${id}/files/${encodeURIComponent(key)}`, stream, { headers: { 'Content-Type': 'application/octet-stream', 'Content-Length': String(stat.size) } });
+            (0, output_js_1.success)(`Uploaded ${formatBytes(stat.size)} → ${key}`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('download <id> <key>')
+        .description('Download a file from the bucket')
+        .option('--out <path>', 'Local output path (default: key basename)')
+        .option('--share', 'Print a short-lived signed URL instead of downloading')
+        .option('--ttl <seconds>', 'Lifetime for --share URL in seconds (30-3600, default 300)', '300')
+        .option('--json', 'Output raw JSON (only with --share)')
+        .action(async (id, key, opts) => {
+        try {
+            if (opts.share) {
+                const res = await client_js_1.client.post(`/api/buckets/${id}/files/${encodeURIComponent(key)}/download-url`, { ttlSeconds: parseInt(opts.ttl, 10) || 300 });
+                const data = (0, client_js_1.unwrap)(res.data);
+                if (opts.json) {
+                    (0, output_js_1.printJson)(data);
+                    return;
+                }
+                console.log(`URL:        ${data.url}`);
+                console.log(`Key:        ${data.key}`);
+                console.log(`Expires at: ${data.expiresAt}`);
+                return;
+            }
+            const res = await client_js_1.client.get(`/api/buckets/${id}/files/${encodeURIComponent(key)}/download`, { responseType: 'stream' });
+            const outPath = path.resolve(opts.out || path.basename(key));
+            const dir = path.dirname(outPath);
+            if (!fs.existsSync(dir))
+                fs.mkdirSync(dir, { recursive: true });
+            await new Promise((resolve, reject) => {
+                const writer = fs.createWriteStream(outPath);
+                res.data.pipe(writer);
+                writer.on('finish', () => resolve());
+                writer.on('error', reject);
+                res.data.on('error', reject);
+            });
+            (0, output_js_1.success)(`Downloaded → ${outPath}`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    bk
+        .command('rm <id> <key>')
+        .description('Delete a file from the bucket')
+        .option('--yes', 'Skip confirmation prompt')
+        .action(async (id, key, opts) => {
+        if (!opts.yes) {
+            const { confirm } = await inquirer_1.default.prompt([
+                { type: 'confirm', name: 'confirm', message: `Delete "${key}"?`, default: false },
+            ]);
+            if (!confirm) {
+                console.log('Cancelled.');
+                return;
+            }
+        }
+        try {
+            await client_js_1.client.delete(`/api/buckets/${id}/files/${encodeURIComponent(key)}`);
+            (0, output_js_1.success)(`Deleted ${key}`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=bucket.js.map