opal-security 3.0.0 → 3.0.1-beta.4f1a7ce

package/lib/commands/set-auth-provider.js

@@ -13,7 +13,7 @@ class SetAuthProvider extends core_1.Command {
             configData.clientID = flags.clientID;
             (0, config_1.writeConfigData)(this.config.configDir, configData);
             await (0, credentials_1.removeOpalCredentials)(this);
-            this.log('Client ID and Issuer URL updated');
+            this.log("Client ID and Issuer URL updated");
         }
         catch (error) {
             this.error(error);
@@ -25,18 +25,20 @@ SetAuthProvider.description = `Sets the Issuer URL and Client ID of the Auth Pro
 
   Note - you will need an OIDC provider that supports the device_code grant.
   `;
-SetAuthProvider.examples = ['$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com'];
+SetAuthProvider.examples = [
+    "$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com",
+];
 SetAuthProvider.flags = {
     help: flags_1.SHARED_FLAGS.help,
     clientID: core_1.Flags.string({
         multiple: false,
         description: "Client ID of your Auth Provider",
-        required: true
+        required: true,
     }),
     issuerUrl: core_1.Flags.string({
         multiple: false,
         description: "Issuer URL of your Auth Provider",
-        required: true
+        required: true,
     }),
 };
 exports.default = SetAuthProvider;

package/lib/commands/set-custom-header.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class SetCustomHeader extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/set-custom-header.js

@@ -16,15 +16,17 @@ class SetCustomHeader extends core_1.Command {
             configData[config_1.customHttpHeaderKey] = header;
             (0, config_1.writeConfigData)(this.config.configDir, configData);
             await (0, apollo_1.initClient)(this);
-            this.log('Custom HTTP header updated');
+            this.log("Custom HTTP header updated");
         }
         catch (error) {
             this.error(error);
         }
     }
 }
-SetCustomHeader.description = 'Sets a custom HTTP header to connect to the Opal server.';
-SetCustomHeader.examples = ['$ opal set-custom-header --header \'cf-access-token: $TOKEN\''];
+SetCustomHeader.description = "Sets a custom HTTP header to connect to the Opal server.";
+SetCustomHeader.examples = [
+    "$ opal set-custom-header --header 'cf-access-token: $TOKEN'",
+];
 SetCustomHeader.flags = {
     help: flags_1.SHARED_FLAGS.help,
     header: core_1.Flags.string({

package/lib/commands/set-token.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class SetToken extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/set-token.js

@@ -2,49 +2,56 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const inquirer = require("inquirer");
+const graphql_1 = require("../graphql");
 const apollo_1 = require("../lib/apollo");
 const credentials_1 = require("../lib/credentials");
-const handler_1 = require("../handler");
-const login_1 = require("./login");
 const flags_1 = require("../lib/flags");
+const CHECK_AUTH_SESSION_QUERY = (0, graphql_1.graphql)(`
+query CheckAuthSessionQuery {
+  organizationSettings {
+    ... on OrganizationSettingsResult {
+      settings {
+        id
+      }
+    }
+  }
+}
+`);
 class SetToken extends core_1.Command {
     async run() {
-        var _a, _b, _c;
+        var _a, _b;
         try {
             await (0, apollo_1.initClient)(this, false);
             const { apiToken } = await inquirer.prompt([
                 {
-                    name: 'apiToken',
-                    message: 'Enter your API Key:',
-                    type: 'password',
+                    name: "apiToken",
+                    message: "Enter your API Key:",
+                    type: "password",
                     validate: (key) => Boolean(key),
                 },
             ]);
             // Overwrite previously-stored credentials from keychain if they exist
-            let email;
-            let organizationID;
             const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
-            await (0, credentials_1.setOpalCredentials)(this, existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.email, (existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.organizationID) || 'unset-org-id', existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.clientIDCandidate, apiToken || '', credentials_1.SecretType.ApiToken);
+            await (0, credentials_1.setOpalCredentials)(this, existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.email, (existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.organizationID) || "unset-org-id", existingCreds === null || existingCreds === void 0 ? void 0 : existingCreds.clientIDCandidate, apiToken || "", credentials_1.SecretType.ApiToken);
             // "Representative" authenticated call to check the log-in worked as expected.
-            const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQuery)({
-                command: this,
-                query: login_1.CLIAuthSessionCheckDocument,
-                variables: {},
+            const client = await (0, apollo_1.getClient)(this, true);
+            const resp = await client.query({
+                query: CHECK_AUTH_SESSION_QUERY,
             });
-            if (authCheckErr ||
-                !((_c = (_b = (_a = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _a === void 0 ? void 0 : _a.organizationSettings) === null || _b === void 0 ? void 0 : _b.settings) === null || _c === void 0 ? void 0 : _c.id)) {
-                this.log('Error verifying log in. Authenticated commands may fail. Please double check your API token and use `opal logout; opal set-token` to try again.\n');
+            if (((_b = (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.organizationSettings) === null || _b === void 0 ? void 0 : _b.__typename) ===
+                "OrganizationSettingsNotFoundError") {
+                this.log("Error verifying log in. Authenticated commands may fail. Please double check your API token and use `opal logout; opal set-token` to try again.\n");
                 return;
             }
-            this.log('🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n');
+            this.log("🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n");
         }
         catch (error) {
             this.error(error);
         }
     }
 }
-SetToken.description = 'Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.';
-SetToken.examples = ['$ opal set-token'];
+SetToken.description = "Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.";
+SetToken.examples = ["$ opal set-token"];
 SetToken.flags = {
     help: flags_1.SHARED_FLAGS.help,
 };

package/lib/commands/set-url.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class SetUrl extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/set-url.js

@@ -17,24 +17,24 @@ class SetUrl extends core_1.Command {
                 url = flags.custom;
             }
             else if (flags.prod) {
-                url = 'https://app.opal.dev';
+                url = "https://app.opal.dev";
             }
             else if (flags.demo) {
-                url = 'https://demo.opal.dev';
+                url = "https://demo.opal.dev";
             }
             else if (flags.dev) {
-                url = 'https://dev.opal.dev';
+                url = "https://dev.opal.dev";
             }
             else if (flags.devLocal) {
-                url = 'http://localhost:3000';
+                url = "http://localhost:3000";
             }
-            if (!url.startsWith('http://') && !url.startsWith('https://')) {
+            if (!url.startsWith("http://") && !url.startsWith("https://")) {
                 // Add protocol if not specified
-                if (url.startsWith('localhost')) {
-                    url = 'http://' + url;
+                if (url.startsWith("localhost")) {
+                    url = `http://${url}`;
                 }
                 else {
-                    url = 'https://' + url;
+                    url = `https://${url}`;
                 }
             }
             if (url.match(/^https?:\/\/[^/]+\/$/)) {
@@ -43,11 +43,12 @@ class SetUrl extends core_1.Command {
             }
             else if (!url.match(/^https?:\/\/[^/]+$/)) {
                 // Error if URL doesn't match `https://x.y.z` or `http://x.y.z`
-                throw new Error('Invalid URL. Please provide only the protocol and domain (e.g. https://app.opal.dev).');
+                throw new Error("Invalid URL. Please provide only the protocol and domain (e.g. https://app.opal.dev).");
             }
             const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
             configData[config_1.urlKey] = url;
-            configData[config_1.allowSelfSignedCertsKey] = flags.allowSelfSignedCerts !== undefined;
+            configData[config_1.allowSelfSignedCertsKey] =
+                flags.allowSelfSignedCerts !== undefined;
             (0, config_1.writeConfigData)(this.config.configDir, configData);
             const updatedConfigData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
             await (0, credentials_1.removeOpalCredentials)(this);
@@ -60,7 +61,7 @@ class SetUrl extends core_1.Command {
     }
 }
 SetUrl.description = `Sets the url of the Opal server. Defaults to ${config_1.defaultUrl}.`;
-SetUrl.examples = ['$ opal set-url'];
+SetUrl.examples = ["$ opal set-url"];
 SetUrl.flags = {
     help: flags_1.SHARED_FLAGS.help,
     allowSelfSignedCerts: core_1.Flags.boolean(),
@@ -77,7 +78,7 @@ SetUrl.flags = {
 };
 SetUrl.args = {
     url: core_1.Args.string({
-        description: 'URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev',
+        description: "URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev",
         required: false,
     }),
 };

package/lib/commands/ssh/copyFrom.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class StartSCPSession extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/ssh/copyFrom.js

@@ -3,11 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
-const ssh_1 = require("../../lib/ssh");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
+const ssh_1 = require("../../lib/ssh");
 const start_1 = require("./start");
-const flags_1 = require("../../lib/flags");
 class StartSCPSession extends core_1.Command {
     async run() {
         (0, cmd_1.setMostRecentCommand)(this);
@@ -20,7 +20,7 @@ class StartSCPSession extends core_1.Command {
         let instanceName = null;
         const sessionId = flags.sessionId;
         if (!instanceId) {
-            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, 'SCP into');
+            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, "SCP into");
             if (!selectedInstance) {
                 return;
             }
@@ -33,7 +33,7 @@ class StartSCPSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedSSMSession': {
+            case "AwsIamFederatedSSMSession": {
                 const envVars = {
                     AWS_ACCESS_KEY_ID: metadata.awsAccessKeyId,
                     AWS_SECRET_ACCESS_KEY: metadata.awsSecretAccessKey,
@@ -41,7 +41,7 @@ class StartSCPSession extends core_1.Command {
                 };
                 // Run SCP script
                 const scpCmd = `$SCRIPT_PATH/../../scripts/ssh_ssm_scp_from_server.sh ${metadata.ec2InstanceId} ${flags.user} ${flags.src} ${metadata.ec2Region} ${flags.dest}`;
-                const outputMessage = `from "${flags.src}" on ${instanceName ? `"${instanceName}" instance` : 'instance'} to "${flags.dest}" locally.`;
+                const outputMessage = `from "${flags.src}" on ${instanceName ? `"${instanceName}" instance` : "instance"} to "${flags.dest}" locally.`;
                 (0, cmd_1.runCommandSpawn)(scpCmd, `Copied ${outputMessage}`, `Failed to copy ${outputMessage}`, envVars);
                 break;
             }
@@ -50,29 +50,29 @@ class StartSCPSession extends core_1.Command {
         }
     }
 }
-StartSCPSession.description = 'Use SCP to copy files from a compute instance.';
+StartSCPSession.description = "Use SCP to copy files from a compute instance.";
 StartSCPSession.examples = [
-    'opal ssh:copyFrom --src instance/dir --dest my/dir',
-    'opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398',
+    "opal ssh:copyFrom --src instance/dir --dest my/dir",
+    "opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398",
 ];
 StartSCPSession.flags = {
     help: flags_1.SHARED_FLAGS.help,
     src: core_1.Flags.string({
         multiple: false,
         required: true,
-        description: 'The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
+        description: "The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.",
     }),
     dest: core_1.Flags.string({
         multiple: false,
         required: false,
-        default: '.',
-        description: 'The directory you want your files to be copied to.',
+        default: ".",
+        description: "The directory you want your files to be copied to.",
     }),
     user: core_1.Flags.string({
         multiple: false,
         required: false,
-        default: 'ssm-user',
-        description: 'The user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
+        default: "ssm-user",
+        description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
     }),
     id: flags_1.SHARED_FLAGS.id,
     sessionId: flags_1.SHARED_FLAGS.sessionId,

package/lib/commands/ssh/copyTo.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class StartSCPSession extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/ssh/copyTo.js

@@ -3,11 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
-const ssh_1 = require("../../lib/ssh");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
+const ssh_1 = require("../../lib/ssh");
 const start_1 = require("./start");
-const flags_1 = require("../../lib/flags");
 class StartSCPSession extends core_1.Command {
     async run() {
         (0, cmd_1.setMostRecentCommand)(this);
@@ -20,7 +20,7 @@ class StartSCPSession extends core_1.Command {
         let instanceName = null;
         const sessionId = flags.sessionId;
         if (!instanceId) {
-            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, 'SCP into');
+            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, "SCP into");
             if (!selectedInstance) {
                 return;
             }
@@ -33,7 +33,7 @@ class StartSCPSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedSSMSession': {
+            case "AwsIamFederatedSSMSession": {
                 const envVars = {
                     AWS_ACCESS_KEY_ID: metadata.awsAccessKeyId,
                     AWS_SECRET_ACCESS_KEY: metadata.awsSecretAccessKey,
@@ -41,7 +41,7 @@ class StartSCPSession extends core_1.Command {
                 };
                 // Run SCP script
                 const scpCmd = `$SCRIPT_PATH/../../scripts/ssh_ssm_scp_to_server.sh ${metadata.ec2InstanceId} ${flags.user} ${flags.src} ${metadata.ec2Region} ${flags.dest}`;
-                const outputMessage = `from "${flags.src}" locally to "${flags.dest}" on ${instanceName ? `"${instanceName}" instance` : 'instance'}.`;
+                const outputMessage = `from "${flags.src}" locally to "${flags.dest}" on ${instanceName ? `"${instanceName}" instance` : "instance"}.`;
                 (0, cmd_1.runCommandSpawn)(scpCmd, `Copied ${outputMessage}`, `Failed to copy ${outputMessage}.`, envVars);
                 break;
             }
@@ -50,29 +50,29 @@ class StartSCPSession extends core_1.Command {
         }
     }
 }
-StartSCPSession.description = 'Use SCP to copy files to a compute instance.';
+StartSCPSession.description = "Use SCP to copy files to a compute instance.";
 StartSCPSession.examples = [
-    'opal ssh:copyTo --src my/dir --dest instance/dir',
-    'opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398',
+    "opal ssh:copyTo --src my/dir --dest instance/dir",
+    "opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398",
 ];
 StartSCPSession.flags = {
     help: flags_1.SHARED_FLAGS.help,
     src: core_1.Flags.string({
         multiple: false,
         required: true,
-        description: 'The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
+        description: "The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.",
     }),
     dest: core_1.Flags.string({
         multiple: false,
         required: false,
-        default: '.',
-        description: 'The directory you want your files to be copied to.',
+        default: ".",
+        description: "The directory you want your files to be copied to.",
     }),
     user: core_1.Flags.string({
         multiple: false,
         required: false,
-        default: 'ssm-user',
-        description: 'The user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
+        default: "ssm-user",
+        description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
     }),
     id: flags_1.SHARED_FLAGS.id,
     sessionId: flags_1.SHARED_FLAGS.sessionId,

package/lib/commands/ssh/start.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export declare const Ec2SessionMetadataFragment = "\n... on AwsIamFederatedSSMSession {\n  awsAccessKeyId\n  awsSecretAccessKey\n  awsSessionToken\n  awsLoginUrl\n  federatedArn\n  ec2InstanceId\n  ec2Region\n}";
 export default class StartSSHSession extends Command {
     static description: string;

package/lib/commands/ssh/start.js

@@ -2,15 +2,15 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Ec2SessionMetadataFragment = void 0;
 const core_1 = require("@oclif/core");
+const get_1 = require("../../commands/resources/get");
 const handler_1 = require("../../handler");
-const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
-const ssh_1 = require("../../lib/ssh");
-const get_1 = require("../../commands/resources/get");
 const aws_1 = require("../../lib/aws");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
-const flags_1 = require("../../lib/flags");
+const ssh_1 = require("../../lib/ssh");
 exports.Ec2SessionMetadataFragment = `
 ... on AwsIamFederatedSSMSession {
   awsAccessKeyId
@@ -26,7 +26,7 @@ class StartSSHSession extends core_1.Command {
         (0, cmd_1.setMostRecentCommand)(this);
         const { flags } = await this.parse(StartSSHSession);
         if (flags.sessionId && flags.refresh) {
-            return (0, apollo_1.handleError)(this, 'Cannot use both --sessionId and --refresh');
+            return (0, apollo_1.handleError)(this, "Cannot use both --sessionId and --refresh");
         }
         const pluginExists = await (0, ssh_1.assertSessionManagerPluginExists)();
         if (!pluginExists) {
@@ -36,7 +36,7 @@ class StartSSHSession extends core_1.Command {
         let instanceName = null;
         const sessionId = flags.sessionId;
         if (!instanceId) {
-            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, 'SSH into');
+            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, "SSH into");
             if (!selectedInstance) {
                 return;
             }
@@ -44,7 +44,7 @@ class StartSSHSession extends core_1.Command {
             instanceName = selectedInstance.name;
         }
         else {
-            const { resp, error } = await (0, handler_1.runQuery)({
+            const { resp, error } = await (0, handler_1.runQueryDeprecated)({
                 command: this,
                 query: get_1.GetResourceDocument,
                 variables: {
@@ -57,8 +57,7 @@ class StartSSHSession extends core_1.Command {
             if (!(resp === null || resp === void 0 ? void 0 : resp.data.resource.resource)) {
                 return (0, apollo_1.handleError)(this, `Resource not found for ID: ${instanceId}`);
             }
-            instanceName =
-                (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || 'ssh-instance';
+            instanceName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || "ssh-instance";
         }
         const session = await (0, sessions_1.getOrCreateSession)(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, exports.Ec2SessionMetadataFragment, flags.refresh);
         if (!session) {
@@ -66,15 +65,15 @@ class StartSSHSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedSSMSession': {
-                this.log(`\n🕰️  Connecting to a session that expires in ${(0, sessions_1.getSessionExpirationMessage)(session)}.`);
+            case "AwsIamFederatedSSMSession": {
+                this.log(`\n🕰  Connecting to a session that expires in ${(0, sessions_1.getSessionExpirationMessage)(session)}.`);
                 const updateAwsConfigCommand = (0, aws_1.getAwsConfigUpdateCmd)(instanceName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
                 const sessionCmd = `aws ssm start-session --target ${metadata.ec2InstanceId} --region ${metadata.ec2Region} --profile opal`;
                 // TODO: Unfortunately allowing SSH over SSM disables logging
                 // Run SSH script
                 // const sessionCmd = `../../scripts/ssh_ssm.sh ${metadata.ec2InstanceId} ${flags.user} ${metadata.ec2Region}`
                 const startSessionCmd = `${updateAwsConfigCommand} && ${sessionCmd}`;
-                (0, cmd_1.startInteractiveShell)(startSessionCmd, `shell into ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
+                (0, cmd_1.startInteractiveShell)(startSessionCmd, `shell into ${instanceName ? `"${instanceName}" instance` : "instance"}`);
                 break;
             }
             default:
@@ -82,10 +81,10 @@ class StartSSHSession extends core_1.Command {
         }
     }
 }
-StartSSHSession.description = 'Starts an SSH session to access a compute instance.';
+StartSSHSession.description = "Starts an SSH session to access a compute instance.";
 StartSSHSession.examples = [
-    'opal ssh:start',
-    'opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
+    "opal ssh:start",
+    "opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
 ];
 StartSSHSession.flags = {
     help: flags_1.SHARED_FLAGS.help,

package/lib/graphql/fragment-masking.d.ts

@@ -0,0 +1,19 @@
+import type { DocumentTypeDecoration, ResultOf, TypedDocumentNode } from "@graphql-typed-document-node/core";
+import type { Incremental } from "./graphql";
+export type FragmentType<TDocumentType extends DocumentTypeDecoration<any, any>> = TDocumentType extends DocumentTypeDecoration<infer TType, any> ? [TType] extends [{
+    " $fragmentName"?: infer TKey;
+}] ? TKey extends string ? {
+    " $fragmentRefs"?: {
+        [key in TKey]: TType;
+    };
+} : never : never : never;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: FragmentType<DocumentTypeDecoration<TType, any>>): TType;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | undefined): TType | undefined;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | null): TType | null;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | null | undefined): TType | null | undefined;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: Array<FragmentType<DocumentTypeDecoration<TType, any>>>): Array<TType>;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: Array<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined): Array<TType> | null | undefined;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>>): ReadonlyArray<TType>;
+export declare function useFragment<TType>(_documentNode: DocumentTypeDecoration<TType, any>, fragmentType: ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined): ReadonlyArray<TType> | null | undefined;
+export declare function makeFragmentData<F extends DocumentTypeDecoration<any, any>, FT extends ResultOf<F>>(data: FT, _fragment: F): FragmentType<F>;
+export declare function isFragmentReady<TQuery, TFrag>(queryNode: DocumentTypeDecoration<TQuery, any>, fragmentNode: TypedDocumentNode<TFrag>, data: FragmentType<TypedDocumentNode<Incremental<TFrag>, any>> | null | undefined): data is FragmentType<typeof fragmentNode>;

package/lib/graphql/fragment-masking.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useFragment = useFragment;
+exports.makeFragmentData = makeFragmentData;
+exports.isFragmentReady = isFragmentReady;
+function useFragment(_documentNode, fragmentType) {
+    return fragmentType;
+}
+function makeFragmentData(data, _fragment) {
+    return data;
+}
+function isFragmentReady(queryNode, fragmentNode, data) {
+    var _a, _b;
+    const deferredFields = (_a = queryNode.__meta__) === null || _a === void 0 ? void 0 : _a.deferredFields;
+    if (!deferredFields)
+        return true;
+    const fragDef = fragmentNode.definitions[0];
+    const fragName = (_b = fragDef === null || fragDef === void 0 ? void 0 : fragDef.name) === null || _b === void 0 ? void 0 : _b.value;
+    const fields = (fragName && deferredFields[fragName]) || [];
+    return fields.length > 0 && fields.every((field) => data && field in data);
+}

package/lib/graphql/gql.d.ts

@@ -0,0 +1,46 @@
+import type { TypedDocumentNode as DocumentNode } from "@graphql-typed-document-node/core";
+import * as types from "./graphql";
+/**
+ * Map of all GraphQL operations in the project.
+ *
+ * This map has several performance disadvantages:
+ * 1. It is not tree-shakeable, so it will include all operations in the project.
+ * 2. It is not minifiable, so the string of a GraphQL query will be multiple times inside the bundle.
+ * 3. It does not support dead code elimination, so it will add unused operations.
+ *
+ * Therefore it is highly recommended to use the babel or swc plugin for production.
+ * Learn more about it here: https://the-guild.dev/graphql/codegen/plugins/presets/preset-client#reducing-bundle-size
+ */
+type Documents = {
+    "\nquery CheckAuthSessionQuery {\n  organizationSettings {\n    ... on OrganizationSettingsResult {\n      settings {\n        id\n      }\n    }\n  }\n}\n": typeof types.CheckAuthSessionQueryDocument;
+    '\n  query GetRequestableAppsQuery($searchQuery: String) {\n    appsV2(\n      filters: {\n        access: REQUESTABLE\n        searchQuery: $searchQuery\n      }\n    ) @connection(key: "paginated-app-dropdown") {\n      edges {\n        node {\n          id\n          displayName\n          ... on Connection {\n            connectionType\n          }\n          ... on Resource {\n            resourceType\n          }\n        }\n      }\n      pageInfo {\n        hasNextPage\n        hasPreviousPage\n        startCursor\n        endCursor\n      }\n    }\n  }\n  ': typeof types.GetRequestableAppsQueryDocument;
+    "\n  query PaginatedEntityDropdown(\n  $id: UUID!\n  $searchQuery: String\n) {\n  app(id: $id) {\n    __typename\n    ... on App {\n      id\n      items(\n        input: {\n          access: REQUESTABLE\n          searchQuery: $searchQuery\n          includeOnlyRequestable: true\n        }\n      ) {\n        items {\n          key\n          resource {\n            id\n            name\n          }\n          group {\n            id\n            name\n          }\n        }\n        cursor\n      }\n    }\n  }\n}\n": typeof types.PaginatedEntityDropdownDocument;
+};
+declare const documents: Documents;
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ *
+ *
+ * @example
+ * ```ts
+ * const query = graphql(`query GetUser($id: ID!) { user(id: $id) { name } }`);
+ * ```
+ *
+ * The query argument is unknown!
+ * Please regenerate the types.
+ */
+export declare function graphql(source: string): unknown;
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: "\nquery CheckAuthSessionQuery {\n  organizationSettings {\n    ... on OrganizationSettingsResult {\n      settings {\n        id\n      }\n    }\n  }\n}\n"): (typeof documents)["\nquery CheckAuthSessionQuery {\n  organizationSettings {\n    ... on OrganizationSettingsResult {\n      settings {\n        id\n      }\n    }\n  }\n}\n"];
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: '\n  query GetRequestableAppsQuery($searchQuery: String) {\n    appsV2(\n      filters: {\n        access: REQUESTABLE\n        searchQuery: $searchQuery\n      }\n    ) @connection(key: "paginated-app-dropdown") {\n      edges {\n        node {\n          id\n          displayName\n          ... on Connection {\n            connectionType\n          }\n          ... on Resource {\n            resourceType\n          }\n        }\n      }\n      pageInfo {\n        hasNextPage\n        hasPreviousPage\n        startCursor\n        endCursor\n      }\n    }\n  }\n  '): (typeof documents)['\n  query GetRequestableAppsQuery($searchQuery: String) {\n    appsV2(\n      filters: {\n        access: REQUESTABLE\n        searchQuery: $searchQuery\n      }\n    ) @connection(key: "paginated-app-dropdown") {\n      edges {\n        node {\n          id\n          displayName\n          ... on Connection {\n            connectionType\n          }\n          ... on Resource {\n            resourceType\n          }\n        }\n      }\n      pageInfo {\n        hasNextPage\n        hasPreviousPage\n        startCursor\n        endCursor\n      }\n    }\n  }\n  '];
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: "\n  query PaginatedEntityDropdown(\n  $id: UUID!\n  $searchQuery: String\n) {\n  app(id: $id) {\n    __typename\n    ... on App {\n      id\n      items(\n        input: {\n          access: REQUESTABLE\n          searchQuery: $searchQuery\n          includeOnlyRequestable: true\n        }\n      ) {\n        items {\n          key\n          resource {\n            id\n            name\n          }\n          group {\n            id\n            name\n          }\n        }\n        cursor\n      }\n    }\n  }\n}\n"): (typeof documents)["\n  query PaginatedEntityDropdown(\n  $id: UUID!\n  $searchQuery: String\n) {\n  app(id: $id) {\n    __typename\n    ... on App {\n      id\n      items(\n        input: {\n          access: REQUESTABLE\n          searchQuery: $searchQuery\n          includeOnlyRequestable: true\n        }\n      ) {\n        items {\n          key\n          resource {\n            id\n            name\n          }\n          group {\n            id\n            name\n          }\n        }\n        cursor\n      }\n    }\n  }\n}\n"];
+export type DocumentType<TDocumentNode extends DocumentNode<any, any>> = TDocumentNode extends DocumentNode<infer TType, any> ? TType : never;
+export {};

package/lib/graphql/gql.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.graphql = graphql;
+/* eslint-disable */
+const types = require("./graphql");
+const documents = {
+    "\nquery CheckAuthSessionQuery {\n  organizationSettings {\n    ... on OrganizationSettingsResult {\n      settings {\n        id\n      }\n    }\n  }\n}\n": types.CheckAuthSessionQueryDocument,
+    '\n  query GetRequestableAppsQuery($searchQuery: String) {\n    appsV2(\n      filters: {\n        access: REQUESTABLE\n        searchQuery: $searchQuery\n      }\n    ) @connection(key: "paginated-app-dropdown") {\n      edges {\n        node {\n          id\n          displayName\n          ... on Connection {\n            connectionType\n          }\n          ... on Resource {\n            resourceType\n          }\n        }\n      }\n      pageInfo {\n        hasNextPage\n        hasPreviousPage\n        startCursor\n        endCursor\n      }\n    }\n  }\n  ': types.GetRequestableAppsQueryDocument,
+    "\n  query PaginatedEntityDropdown(\n  $id: UUID!\n  $searchQuery: String\n) {\n  app(id: $id) {\n    __typename\n    ... on App {\n      id\n      items(\n        input: {\n          access: REQUESTABLE\n          searchQuery: $searchQuery\n          includeOnlyRequestable: true\n        }\n      ) {\n        items {\n          key\n          resource {\n            id\n            name\n          }\n          group {\n            id\n            name\n          }\n        }\n        cursor\n      }\n    }\n  }\n}\n": types.PaginatedEntityDropdownDocument,
+};
+function graphql(source) {
+    var _a;
+    return (_a = documents[source]) !== null && _a !== void 0 ? _a : {};
+}