not-manage 0.2.1 → 0.2.3

package/src/commands-doctor.js

@@ -0,0 +1,178 @@
+const { fetchWhoAmI, getValidAccessToken } = require("./clio-api");
+const { CliError, UsageError } = require("./cli-errors");
+const { findConfig, getTokenSet } = require("./store");
+const { version } = require("../package.json");
+
+const SAFE_READ_COMMAND = "not-manage users list --limit 1 --json";
+
+function maskEmail(email) {
+  const text = String(email || "");
+  const atIndex = text.indexOf("@");
+  if (atIndex <= 1) {
+    return text ? "[redacted email]" : null;
+  }
+
+  return `${text[0]}****${text.slice(atIndex)}`;
+}
+
+function tokenState(tokenSet) {
+  if (!tokenSet || !tokenSet.accessToken) {
+    return {
+      loggedIn: false,
+      status: "missing",
+    };
+  }
+
+  const now = Math.floor(Date.now() / 1000);
+  const expiresAt = tokenSet.expiresAt || null;
+  const expiresSoon = expiresAt ? expiresAt <= now + 60 : false;
+
+  return {
+    loggedIn: true,
+    source: tokenSet.source || "unknown",
+    status: expiresSoon ? "expires_soon" : "present",
+    expiresAt,
+  };
+}
+
+function configState(config) {
+  if (!config) {
+    return {
+      configured: false,
+      status: "missing",
+    };
+  }
+
+  return {
+    configured: true,
+    source: config.source,
+    region: config.region,
+    regionLabel: config.regionLabel,
+    host: config.host,
+    redirectUri: config.redirectUri,
+    status: "present",
+  };
+}
+
+function severity(report) {
+  if (report.errors.length > 0) {
+    return "error";
+  }
+  if (report.warnings.length > 0) {
+    return "warn";
+  }
+  return "ok";
+}
+
+function maybeFail(report, failOn) {
+  if (!failOn) {
+    return;
+  }
+
+  if (!["warn", "error"].includes(failOn)) {
+    throw new UsageError("`--fail-on` must be `warn` or `error`.", {
+      code: "invalid_fail_on",
+      hint: "not-manage doctor --help",
+    });
+  }
+
+  const status = severity(report);
+  const shouldFail = failOn === "warn" ? status !== "ok" : status === "error";
+  if (!shouldFail) {
+    return;
+  }
+
+  throw new CliError(`Doctor found ${status === "warn" ? "warnings" : "errors"}.`, {
+    code: `doctor_${status}`,
+    details: {
+      status,
+      warnings: report.warnings,
+      errors: report.errors,
+    },
+  });
+}
+
+function printHuman(report) {
+  console.log(`not-manage v${report.version}`);
+  console.log(`Status: ${report.status}`);
+  console.log(`Config: ${report.config.status}`);
+  if (report.config.configured) {
+    console.log(`Region: ${report.config.region} (${report.config.regionLabel})`);
+    console.log(`Host: ${report.config.host}`);
+    console.log(`Redirect URI: ${report.config.redirectUri}`);
+  }
+  console.log(`Auth: ${report.auth.status}`);
+  if (report.api.status) {
+    console.log(`API: ${report.api.status}`);
+  }
+  report.warnings.forEach((warning) => console.log(`Warning: ${warning}`));
+  report.errors.forEach((error) => console.log(`Error: ${error}`));
+  report.suggestions.forEach((suggestion) => console.log(`Suggestion: ${suggestion}`));
+}
+
+async function doctor(options = {}) {
+  const warnings = [];
+  const errors = [];
+  const suggestions = [];
+  const config = await findConfig();
+  const configReport = configState(config);
+  const tokenSet = await getTokenSet();
+  const authReport = tokenState(tokenSet);
+  const apiReport = {};
+
+  if (!config) {
+    warnings.push("Clio app credentials are not configured.");
+    suggestions.push("Run `not-manage auth setup`.");
+  }
+
+  if (config && !authReport.loggedIn) {
+    warnings.push("No local OAuth token was found.");
+    suggestions.push("Run `not-manage auth login`.");
+  }
+
+  if (config && authReport.loggedIn) {
+    try {
+      const accessToken = await getValidAccessToken(config, tokenSet);
+      const payload = await fetchWhoAmI(config, accessToken);
+      const user = payload?.data || payload;
+      apiReport.status = "reachable";
+      apiReport.user = {
+        id: user?.id || null,
+        name: user?.name || null,
+        email: maskEmail(user?.email),
+      };
+      suggestions.push(`Run \`${SAFE_READ_COMMAND}\` to verify a resource read.`);
+    } catch (error) {
+      apiReport.status = "failed";
+      errors.push(error.message);
+      suggestions.push("Run `not-manage auth login` if the token is expired or revoked.");
+    }
+  }
+
+  const report = {
+    version,
+    status: "ok",
+    config: configReport,
+    auth: authReport,
+    api: apiReport,
+    warnings,
+    errors,
+    suggestions,
+  };
+  report.status = severity(report);
+
+  if (options.json) {
+    console.log(JSON.stringify(report, null, options.compact ? 0 : 2));
+  } else {
+    printHuman(report);
+  }
+
+  maybeFail(report, options.failOn);
+}
+
+module.exports = {
+  doctor,
+  __private: {
+    severity,
+  },
+};

package/src/commands-request.js

@@ -0,0 +1,144 @@
+const fs = require("node:fs/promises");
+
+const { __private, getValidAccessToken } = require("./clio-api");
+const { UsageError } = require("./cli-errors");
+const { maybeRedactPayload } = require("./redaction");
+const { getConfig, getTokenSet } = require("./store");
+
+const READ_METHODS = new Set(["GET", "HEAD"]);
+const WRITE_METHODS = new Set(["POST", "PUT", "PATCH", "DELETE"]);
+
+function parseQuery(queryText) {
+  if (!queryText) {
+    return {};
+  }
+
+  return String(queryText)
+    .split(",")
+    .map((part) => part.trim())
+    .filter(Boolean)
+    .reduce((query, part) => {
+      const separatorIndex = part.search(/[:=]/);
+      if (separatorIndex <= 0) {
+        throw new UsageError("`--query` entries must look like `key=value`.", {
+          code: "invalid_query",
+        });
+      }
+
+      query[part.slice(0, separatorIndex).trim()] = part.slice(separatorIndex + 1).trim();
+      return query;
+    }, {});
+}
+
+function normalizePath(config, path, query) {
+  if (!path) {
+    throw new UsageError("Usage: not-manage request <method> <path> [options]", {
+      code: "missing_request_path",
+      hint: "not-manage request --help",
+    });
+  }
+
+  const base = `https://${config.host}`;
+  const url = path.startsWith("http://") || path.startsWith("https://")
+    ? path
+    : `${base}${path.startsWith("/") ? "" : "/"}${path}`;
+
+  const trusted = __private.parseTrustedApiUrl(config, url, "/api/v4/");
+  return __private.buildUrlWithQuery(trusted, query);
+}
+
+async function readBody(bodyFile) {
+  if (!bodyFile) {
+    return undefined;
+  }
+
+  const text = bodyFile === "-"
+    ? await new Promise((resolve, reject) => {
+        let body = "";
+        process.stdin.setEncoding("utf8");
+        process.stdin.on("data", (chunk) => {
+          body += chunk;
+        });
+        process.stdin.on("end", () => resolve(body));
+        process.stdin.on("error", reject);
+      })
+    : await fs.readFile(bodyFile, "utf8");
+
+  return text ? JSON.parse(text) : undefined;
+}
+
+function buildDryRunOutput(method, url, body) {
+  return {
+    dry_run: true,
+    would_send: {
+      method,
+      url: __private.sanitizeUrlForError(url),
+      write: WRITE_METHODS.has(method),
+      has_body: body !== undefined,
+    },
+  };
+}
+
+async function rawRequest(options = {}) {
+  const method = String(options.method || "").toUpperCase();
+  if (!READ_METHODS.has(method) && !WRITE_METHODS.has(method)) {
+    throw new UsageError("Usage: not-manage request <method> <path> [options]", {
+      code: "invalid_request_method",
+      hint: "Use GET, HEAD, POST, PUT, PATCH, or DELETE.",
+    });
+  }
+
+  if (WRITE_METHODS.has(method) && options.write !== true && options.dryRun !== true) {
+    throw new UsageError("Write methods require `--write`.", {
+      code: "write_confirmation_required",
+      hint: "Re-run with `--dry-run` to preview, or `--write` only when you intend to modify Clio data.",
+    });
+  }
+
+  const config = await getConfig();
+  const url = normalizePath(config, options.path, parseQuery(options.query));
+  const body = await readBody(options.bodyFile);
+
+  if (options.dryRun === true) {
+    console.log(JSON.stringify(buildDryRunOutput(method, url, body), null, options.compact ? 0 : 2));
+    return;
+  }
+
+  const tokenSet = await getTokenSet();
+  const accessToken = await getValidAccessToken(config, tokenSet);
+  const response = await fetch(url, {
+    method,
+    headers: {
+      accept: "application/json",
+      authorization: `Bearer ${accessToken}`,
+      ...(body === undefined ? {} : { "content-type": "application/json" }),
+    },
+    body: body === undefined ? undefined : JSON.stringify(body),
+  });
+  const text = method === "HEAD" ? "" : await response.text();
+  let payload = text;
+
+  if (text) {
+    try {
+      payload = JSON.parse(text);
+    } catch (_error) {
+      payload = { body: text };
+    }
+  }
+
+  const output = {
+    status: response.status,
+    ok: response.ok,
+    data: maybeRedactPayload(payload, options, "request"),
+  };
+
+  console.log(JSON.stringify(output, null, options.compact ? 0 : 2));
+}
+
+module.exports = {
+  rawRequest,
+  __private: {
+    buildDryRunOutput,
+    parseQuery,
+  },
+};

package/src/compact-output.js

@@ -0,0 +1,89 @@
+const COMPACT_KEYS = new Set([
+  "id",
+  "data",
+  "name",
+  "first_name",
+  "last_name",
+  "email",
+  "type",
+  "status",
+  "state",
+  "priority",
+  "date",
+  "due_at",
+  "start_at",
+  "end_at",
+  "created_at",
+  "updated_at",
+  "display_number",
+  "number",
+  "subject",
+  "summary",
+  "description",
+  "balance",
+  "total",
+  "paid",
+  "pending",
+  "matter",
+  "client",
+  "contact",
+  "user",
+  "assignee",
+  "assigner",
+  "responsible_attorney",
+  "responsible_staff",
+  "originating_attorney",
+]);
+
+const NESTED_KEYS = new Set([
+  "id",
+  "name",
+  "first_name",
+  "last_name",
+  "email",
+  "type",
+  "status",
+  "state",
+  "display_number",
+  "number",
+  "description",
+]);
+
+function isPlainObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+
+function compactObject(object, allowedKeys) {
+  return Object.entries(object).reduce((output, [key, value]) => {
+    if (!allowedKeys.has(key)) {
+      return output;
+    }
+
+    output[key] = compactValue(value, key === "data" ? COMPACT_KEYS : NESTED_KEYS);
+    return output;
+  }, {});
+}
+
+function compactValue(value, allowedKeys = COMPACT_KEYS) {
+  if (Array.isArray(value)) {
+    return value.map((item) => compactValue(item, allowedKeys));
+  }
+
+  if (!isPlainObject(value)) {
+    return value;
+  }
+
+  const compacted = compactObject(value, allowedKeys);
+  return Object.keys(compacted).length > 0 ? compacted : value;
+}
+
+function maybeCompactPayload(payload, options = {}) {
+  return options.compact ? compactValue(payload) : payload;
+}
+
+module.exports = {
+  maybeCompactPayload,
+  __private: {
+    compactValue,
+  },
+};

package/src/prompt.js

@@ -2,6 +2,10 @@ const { Writable } = require("node:stream");
 const { createInterface } = require("node:readline/promises");
 const { stdin, stdout } = require("node:process");
 
+const isTTYColor = stdout.isTTY && !process.env.NO_COLOR;
+const bold = (text) => (isTTYColor ? `\x1b[1m${text}\x1b[22m` : text);
+const dim = (text) => (isTTYColor ? `\x1b[2m${text}\x1b[22m` : text);
+
 class PromptOutput extends Writable {
   constructor(target) {
     super();
@@ -94,10 +98,54 @@ async function askSecret(rl, label) {
   }
 }
 
+async function selectOption(_rl, label, options, defaultIndex = 0) {
+  if (!Array.isArray(options) || options.length === 0) {
+    throw new Error(`No options available for ${label}.`);
+  }
+
+  if (!stdin.isTTY) {
+    return options[defaultIndex].value;
+  }
+
+  console.log(bold(label));
+  options.forEach((option, index) => {
+    const marker = index === defaultIndex ? "*" : " ";
+    stdout.write(` ${marker} ${index + 1}. ${option.label}\n`);
+  });
+
+  const fallback = String(defaultIndex + 1);
+
+  while (true) {
+    const answer = String(await ask(_rl, "Choose an option", fallback)).trim();
+    const numericIndex = Number.parseInt(answer, 10);
+
+    if (Number.isInteger(numericIndex) && numericIndex >= 1 && numericIndex <= options.length) {
+      return options[numericIndex - 1].value;
+    }
+
+    const normalized = answer.toLowerCase();
+    const matchingOption = options.find((option) => {
+      return (
+        String(option.value).trim().toLowerCase() === normalized ||
+        String(option.label).trim().toLowerCase() === normalized
+      );
+    });
+
+    if (matchingOption) {
+      return matchingOption.value;
+    }
+
+    console.log(`Enter a number from 1 to ${options.length}, or one of the listed values.`);
+  }
+}
+
 module.exports = {
   PromptOutput,
   ask,
   askSecret,
+  bold,
   decodePromptChunk,
+  dim,
+  selectOption,
   withPrompt,
 };

package/src/redaction.js

@@ -71,6 +71,7 @@ const NAME_HEURISTIC_EXCLUDED_TOKENS = new Set([
 ]);
 
 const PLACEHOLDERS = {
+  creditCard: "[REDACTED_CREDIT_CARD]",
   email: "[REDACTED_EMAIL]",
   name: "[REDACTED_NAME]",
   phone: "[REDACTED_PHONE]",
@@ -78,6 +79,11 @@ const PLACEHOLDERS = {
   taxId: "[REDACTED_TAX_ID]",
 };
 const PERSON_NAME_SUFFIXES = new Set(["esq", "ii", "iii", "iv", "jr", "sr"]);
+const COMPANY_NOISE_TOKENS = new Set([
+  "and", "co", "company", "corp", "corporation", "dba", "group",
+  "inc", "incorporated", "limited", "llc", "llp", "lp", "ltd",
+  "of", "pa", "pc", "plc", "pllc", "the",
+]);
 
 function escapeRegExp(value) {
   return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
@@ -116,13 +122,19 @@ function collectContactLikeReplacements(node, replacements, dedupe) {
 
   pushReplacement(replacements, dedupe, node.name, PLACEHOLDERS.name);
 
-  const fullName = [node.first_name, node.last_name]
-    .map((value) => normalizeString(value))
-    .filter(Boolean)
-    .join(" ")
-    .trim();
+  const firstName = normalizeString(node.first_name);
+  const lastName = normalizeString(node.last_name);
+
+  const fullName = [firstName, lastName].filter(Boolean).join(" ").trim();
   pushReplacement(replacements, dedupe, fullName, PLACEHOLDERS.name);
 
+  if (lastName && lastName.length >= 2) {
+    pushReplacement(replacements, dedupe, lastName, PLACEHOLDERS.name);
+  }
+  if (firstName && firstName.length >= 2) {
+    pushReplacement(replacements, dedupe, firstName, PLACEHOLDERS.name);
+  }
+
   EMAIL_FIELDS.forEach((field) => {
     pushReplacement(replacements, dedupe, node[field], PLACEHOLDERS.email);
   });
@@ -220,11 +232,15 @@ function collectSafeIdentityNames(
   return preserved;
 }
 
-function derivePersonSurname(name) {
-  const tokens = normalizeString(name)
-    .split(/\s+/)
+function tokenizeName(name, separator = /\s+/) {
+  return normalizeString(name)
+    .split(separator)
     .map((token) => token.replace(/^[^A-Za-z]+|[^A-Za-z]+$/g, ""))
     .filter(Boolean);
+}
+
+function derivePersonSurname(name) {
+  const tokens = tokenizeName(name);
 
   if (tokens.length < 2) {
     return "";
@@ -238,7 +254,15 @@ function derivePersonSurname(name) {
   return index > 0 ? tokens[index] : "";
 }
 
-function collectPersonClientLabelReplacements(
+function deriveCompanyNameTokens(name) {
+  return tokenizeName(name, /[\s&,]+/).filter(
+    (token) =>
+      token.length >= 3 &&
+      !COMPANY_NOISE_TOKENS.has(token.toLowerCase())
+  );
+}
+
+function collectClientLabelReplacements(
   value,
   policy,
   clientContext = false,
@@ -247,7 +271,7 @@ function collectPersonClientLabelReplacements(
 ) {
   if (Array.isArray(value)) {
     value.forEach((item) => {
-      collectPersonClientLabelReplacements(
+      collectClientLabelReplacements(
         item,
         policy,
         clientContext,
@@ -271,8 +295,14 @@ function collectPersonClientLabelReplacements(
     );
   }
 
+  if (clientContext && value.type === "Company") {
+    deriveCompanyNameTokens(value.name).forEach((token) => {
+      pushReplacement(replacements, dedupe, token, PLACEHOLDERS.name);
+    });
+  }
+
   Object.entries(value).forEach(([key, child]) => {
-    collectPersonClientLabelReplacements(
+    collectClientLabelReplacements(
       child,
       policy,
       clientContext || policy.clientObjectKeys.has(key),
@@ -284,14 +314,19 @@ function collectPersonClientLabelReplacements(
   return replacements;
 }
 
-function replaceKnownSensitiveValues(text, replacements) {
+function applyReplacements(text, replacements, wordBoundary = false) {
   return replacements
     .slice()
     .sort((left, right) => right.value.length - left.value.length)
     .reduce((output, replacement) => {
-      const matcher = new RegExp(escapeRegExp(replacement.value), "gi");
-      return output.replace(matcher, replacement.placeholder);
-    }, text);
+      const escaped = escapeRegExp(replacement.value);
+      const pattern = wordBoundary ? `\\b${escaped}\\b` : escaped;
+      return output.replace(new RegExp(pattern, "gi"), replacement.placeholder);
+    }, String(text));
+}
+
+function replaceKnownSensitiveValues(text, replacements) {
+  return applyReplacements(text, replacements);
 }
 
 function redactPatternPii(text) {
@@ -304,8 +339,16 @@ function redactPatternPii(text) {
     /\b(?:\+?1[-.\s]*)?(?:\(\d{3}\)|\d{3})[-.\s]*\d{3}[-.\s]*\d{4}\b/g,
     PLACEHOLDERS.phone
   );
-  output = output.replace(/\b\d{3}-\d{2}-\d{4}\b/g, PLACEHOLDERS.ssn);
+  output = output.replace(/\b\d{3}[-\s]\d{2}[-\s]\d{4}\b/g, PLACEHOLDERS.ssn);
   output = output.replace(/\b\d{2}-\d{7}\b/g, PLACEHOLDERS.taxId);
+  output = output.replace(
+    /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
+    PLACEHOLDERS.creditCard
+  );
+  output = output.replace(
+    /\b3[47]\d{2}[-\s]?\d{6}[-\s]?\d{5}\b/g,
+    PLACEHOLDERS.creditCard
+  );
 
   return output;
 }
@@ -387,13 +430,7 @@ function redactLikelyBareNames(text, preservedNames) {
 }
 
 function replaceMatterLabelDerivedNames(text, replacements) {
-  return replacements
-    .slice()
-    .sort((left, right) => right.value.length - left.value.length)
-    .reduce((output, replacement) => {
-      const matcher = new RegExp(`\\b${escapeRegExp(replacement.value)}\\b`, "gi");
-      return output.replace(matcher, replacement.placeholder);
-    }, String(text));
+  return applyReplacements(text, replacements, true);
 }
 
 function isMatterLabelContext(policy, path, key) {
@@ -516,7 +553,7 @@ function redactValue(
 function redactPayload(value, resourceType) {
   const policy = getRedactionPolicy(resourceType);
   const replacements = collectSensitiveReplacements(value, resourceType);
-  const derivedLabelReplacements = collectPersonClientLabelReplacements(value, policy);
+  const derivedLabelReplacements = collectClientLabelReplacements(value, policy);
   const preservedNames = collectSafeIdentityNames(
     value,
     policy,
@@ -557,7 +594,7 @@ module.exports = {
   maybeRedactData,
   maybeRedactPayload,
   __private: {
-    collectPersonClientLabelReplacements,
+    collectClientLabelReplacements,
     collectSafeIdentityNames,
     derivePersonSurname,
     redactLikelyBareNames,