opal-security 3.0.0 → 3.0.1-beta.4f1a7ce

package/lib/lib/credentials/localEncryption.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getSecretFromConfig = exports.setSecretInConfig = void 0;
-const inquirer = require("inquirer");
+const node_crypto_1 = require("node:crypto");
 const argon2 = require("argon2");
-const crypto_1 = require("crypto");
+const inquirer = require("inquirer");
 const config_1 = require("../config");
-const ENCRYPTION_ALGORITHM = 'aes-256-gcm';
+const ENCRYPTION_ALGORITHM = "aes-256-gcm";
 /**
  * On linux, windows, and WSL, we can't easily work with the system keychain
  * So instead, we store the token encrypted in an `accessTokenDetails` block in the CLI's config file
@@ -20,9 +20,9 @@ let password;
 const promptForPassword = async (msg) => {
     const { customKey } = await inquirer.prompt([
         {
-            name: 'customKey',
+            name: "customKey",
             message: msg,
-            type: 'password',
+            type: "password",
             validate: (key) => key.length > 0,
         },
     ]);
@@ -30,44 +30,53 @@ const promptForPassword = async (msg) => {
 };
 const setSecretInConfig = async (command, configData, secret) => {
     if (!password) {
-        password = await promptForPassword('Enter a password to encrypt your credentials: ');
+        password = await promptForPassword("Enter a password to encrypt your credentials: ");
     }
-    const salt = (0, crypto_1.randomBytes)(24);
-    const key = await argon2.hash(password, { hashLength: 32, raw: true, salt: salt });
-    const iv = (0, crypto_1.randomBytes)(12);
-    const cipher = (0, crypto_1.createCipheriv)(ENCRYPTION_ALGORITHM, key, iv);
-    let secretEncrypted = cipher.update(secret, 'utf8', 'base64');
-    secretEncrypted += cipher.final('base64');
+    const salt = (0, node_crypto_1.randomBytes)(24);
+    const key = await argon2.hash(password, {
+        hashLength: 32,
+        raw: true,
+        salt: salt,
+    });
+    const iv = (0, node_crypto_1.randomBytes)(12);
+    const cipher = (0, node_crypto_1.createCipheriv)(ENCRYPTION_ALGORITHM, key, iv);
+    let secretEncrypted = cipher.update(secret, "utf8", "base64");
+    secretEncrypted += cipher.final("base64");
     // In addition to storing the encrypted text, we need to store the argon2 salt, and AES authTag + IV so we can decrypt
     configData.creds.accessTokenDetails = {
         encryptedText: secretEncrypted,
-        authTag: cipher.getAuthTag().toString('base64'),
-        salt: salt.toString('base64'),
-        iv: iv.toString('base64')
+        authTag: cipher.getAuthTag().toString("base64"),
+        salt: salt.toString("base64"),
+        iv: iv.toString("base64"),
     };
     (0, config_1.writeConfigData)(command.config.configDir, configData);
 };
 exports.setSecretInConfig = setSecretInConfig;
 const getSecretFromConfig = async (credsConfig) => {
-    let secret;
+    let secret = "";
     if (credsConfig === null || credsConfig === void 0 ? void 0 : credsConfig.accessTokenDetails) {
         if (!password) {
-            password = await promptForPassword('Enter the password used to encrypt your credentials: ');
+            password = await promptForPassword("Enter the password used to encrypt your credentials: ");
         }
-        const salt = Buffer.from(credsConfig.accessTokenDetails.salt, 'base64');
-        const iv = Buffer.from(credsConfig.accessTokenDetails.iv, 'base64');
-        const key = await argon2.hash(password, { hashLength: 32, raw: true, salt: salt });
+        const salt = Buffer.from(credsConfig.accessTokenDetails.salt, "base64");
+        const iv = Buffer.from(credsConfig.accessTokenDetails.iv, "base64");
+        const key = await argon2.hash(password, {
+            hashLength: 32,
+            raw: true,
+            salt: salt,
+        });
         try {
-            const decipher = (0, crypto_1.createDecipheriv)(ENCRYPTION_ALGORITHM, key, iv);
-            decipher.setAuthTag(Buffer.from(credsConfig.accessTokenDetails.authTag, 'base64'));
-            secret = decipher.update(credsConfig.accessTokenDetails.encryptedText, 'base64', 'utf8');
-            secret += decipher.final('utf8');
+            const decipher = (0, node_crypto_1.createDecipheriv)(ENCRYPTION_ALGORITHM, key, iv);
+            decipher.setAuthTag(Buffer.from(credsConfig.accessTokenDetails.authTag, "base64"));
+            secret = decipher.update(credsConfig.accessTokenDetails.encryptedText, "base64", "utf8");
+            secret += decipher.final("utf8");
         }
         catch (error) {
             console.error("ERROR: Failed to decrypt local credentials.\n" +
                 "  Check that you entered the correct password, or re-authenticate with `opal login`");
             process.exit(1);
         }
+        // biome-ignore lint/performance/noDelete: add tests for this function and remove this eventually
         delete credsConfig.accessTokenDetails;
     }
     return secret;

package/lib/lib/flags.js

@@ -3,24 +3,24 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SHARED_FLAGS = void 0;
 const core_1 = require("@oclif/core");
 exports.SHARED_FLAGS = {
-    help: core_1.Flags.help({ char: 'h' }),
+    help: core_1.Flags.help({ char: "h" }),
     id: core_1.Flags.string({
         multiple: false,
-        char: 'i',
-        description: 'The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]',
+        char: "i",
+        description: "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
     }),
     accessLevelRemoteId: core_1.Flags.string({
         multiple: false,
-        char: 'a',
-        description: 'The remote ID of the access level with which to access the resource.',
+        char: "a",
+        description: "The remote ID of the access level with which to access the resource.",
     }),
     sessionId: core_1.Flags.string({
         multiple: false,
-        char: 's',
-        description: 'The Opal ID of the session to connect to. Uses an existing session that was created via the web flow.',
+        char: "s",
+        description: "The Opal ID of the session to connect to. Uses an existing session that was created via the web flow.",
     }),
     refresh: core_1.Flags.boolean({
-        char: 'r',
-        description: 'Starts a new session even if one already exists. Useful if a session is about to expire.',
+        char: "r",
+        description: "Starts a new session even if one already exists. Useful if a session is about to expire.",
     }),
 };

package/lib/lib/requests.d.ts

@@ -0,0 +1,22 @@
+import type { NormalizedCacheObject } from "@apollo/client/core";
+import type { ApolloClient } from "@apollo/client/core/ApolloClient";
+import type { Command } from "@oclif/core/lib/command";
+export interface AppNode {
+    appName: string;
+    assets: Map<string, AssetNode>;
+}
+export interface AssetNode {
+    assetName: string;
+    roles?: Map<string, RoleNode>;
+}
+export interface RoleNode {
+    roleName: string;
+}
+export type RequestMap = Map<string, AppNode>;
+export declare function selectRequestableItems(cmd: Command, client: ApolloClient<NormalizedCacheObject>, requestMap: RequestMap): Promise<void>;
+export declare function chooseAssets(cmd: Command, client: ApolloClient<NormalizedCacheObject>, appId: string, requestMap: RequestMap): Promise<void>;
+export declare function chooseRoles(appId: string, assetId: string, requestMap: RequestMap): Promise<void>;
+export declare function doneSelectingAssets(): Promise<boolean>;
+export declare function promptForReason(): Promise<any>;
+export declare function promptForExpiration(): Promise<any>;
+export declare function submitFinalRequest(cmd: Command): Promise<void>;

package/lib/lib/requests.js

@@ -0,0 +1,274 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.selectRequestableItems = selectRequestableItems;
+exports.chooseAssets = chooseAssets;
+exports.chooseRoles = chooseRoles;
+exports.doneSelectingAssets = doneSelectingAssets;
+exports.promptForReason = promptForReason;
+exports.promptForExpiration = promptForExpiration;
+exports.submitFinalRequest = submitFinalRequest;
+const inquirer = require("inquirer");
+const graphql_1 = require("../graphql");
+inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
+// Queries and Mutations
+const GET_REQUESTABLE_APPS_QUERY = (0, graphql_1.graphql)(`
+  query GetRequestableAppsQuery($searchQuery: String) {
+    appsV2(
+      filters: {
+        access: REQUESTABLE
+        searchQuery: $searchQuery
+      }
+    ) @connection(key: "paginated-app-dropdown") {
+      edges {
+        node {
+          id
+          displayName
+          ... on Connection {
+            connectionType
+          }
+          ... on Resource {
+            resourceType
+          }
+        }
+      }
+      pageInfo {
+        hasNextPage
+        hasPreviousPage
+        startCursor
+        endCursor
+      }
+    }
+  }
+  `);
+const GET_ASSETS_QUERY = (0, graphql_1.graphql)(`
+  query PaginatedEntityDropdown(
+  $id: UUID!
+  $searchQuery: String
+) {
+  app(id: $id) {
+    __typename
+    ... on App {
+      id
+      items(
+        input: {
+          access: REQUESTABLE
+          searchQuery: $searchQuery
+          includeOnlyRequestable: true
+        }
+      ) {
+        items {
+          key
+          resource {
+            id
+            name
+          }
+          group {
+            id
+            name
+          }
+        }
+        cursor
+      }
+    }
+  }
+}
+`);
+async function queryRequestableApps(cmd, client, input) {
+    var _a, _b;
+    try {
+        const resp = await client.query({
+            query: GET_REQUESTABLE_APPS_QUERY,
+            variables: {
+                searchQuery: input || "",
+            },
+            fetchPolicy: "network-only", // to avoid caching
+        });
+        return (_b = (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.appsV2) === null || _b === void 0 ? void 0 : _b.edges.map((edge) => {
+            let type = undefined;
+            if (edge.node.__typename === "Resource") {
+                type = edge.node.resourceType;
+            }
+            if (edge.node.__typename === "Connection") {
+                type = edge.node.connectionType;
+            }
+            const label = `${edge.node.displayName} (${type})`;
+            return {
+                name: label,
+                value: {
+                    id: edge.node.id,
+                    name: label,
+                },
+            };
+        });
+    }
+    catch (error) {
+        if (error instanceof Error || typeof error === "string") {
+            cmd.error(error);
+        }
+    }
+}
+async function queryRequestableAssets(cmd, client, appId, input) {
+    var _a, _b, _c, _d;
+    try {
+        const resp = await client.query({
+            query: GET_ASSETS_QUERY,
+            variables: {
+                id: appId || "",
+                searchQuery: input || "",
+            },
+            fetchPolicy: "network-only", // to avoid caching
+        });
+        // no fall through doesn't consider process.exit();
+        let x;
+        switch (resp.data.app.__typename) {
+            case "App":
+                return (_d = (_c = (_b = (_a = resp.data) === null || _a === void 0 ? void 0 : _a.app) === null || _b === void 0 ? void 0 : _b.items) === null || _c === void 0 ? void 0 : _c.items) === null || _d === void 0 ? void 0 : _d.map((item) => {
+                    var _a, _b, _c, _d, _e, _f;
+                    const name = ((_a = item.resource) === null || _a === void 0 ? void 0 : _a.name) || ((_b = item.group) === null || _b === void 0 ? void 0 : _b.name);
+                    const id = ((_c = item.resource) === null || _c === void 0 ? void 0 : _c.id) || ((_d = item.group) === null || _d === void 0 ? void 0 : _d.id);
+                    const type = ((_e = item.resource) === null || _e === void 0 ? void 0 : _e.__typename) || ((_f = item.group) === null || _f === void 0 ? void 0 : _f.__typename);
+                    const label = `${name} (${type})`;
+                    return {
+                        name: label,
+                        value: {
+                            name: label,
+                            id: id,
+                        },
+                    };
+                });
+            case "AppNotFoundError":
+                x = cmd.error("App not found");
+                break;
+            default:
+                cmd.error("Unknown error occurred.");
+        }
+    }
+    catch (error) {
+        if (error instanceof Error || typeof error === "string") {
+            cmd.error(error);
+        }
+    }
+}
+// Helper functions
+async function selectRequestableItems(cmd, client, requestMap) {
+    const { App } = await inquirer.prompt([
+        {
+            name: "App",
+            message: "Select an app:",
+            type: "autocomplete",
+            source: async (answers, input) => {
+                var _a;
+                return (_a = (await queryRequestableApps(cmd, client, input))) !== null && _a !== void 0 ? _a : [];
+            },
+            pageSize: 15,
+        },
+    ]);
+    // Set the app in the requestMap and call choose assets step
+    if (!requestMap.has(App.id)) {
+        requestMap.set(App.id, {
+            appName: App.name,
+            assets: new Map(),
+        });
+    }
+    await chooseAssets(cmd, client, App.id, requestMap);
+}
+async function chooseAssets(cmd, client, appId, requestMap) {
+    var _a;
+    const { Assets } = await inquirer.prompt({
+        name: "Assets",
+        type: "checkbox",
+        pageSize: 15,
+        message: "Select one or more items:",
+        choices: (_a = (await queryRequestableAssets(cmd, client, appId, undefined))) !== null && _a !== void 0 ? _a : [],
+        validate: (answer) => {
+            if (answer.length < 1) {
+                return "You must select at least one item.";
+            }
+            return true;
+        },
+    });
+    const entry = requestMap.get(appId);
+    for (const asset of Assets) {
+        if (entry === undefined) {
+            throw new Error(`App ${appId} not found in requestMap`);
+        }
+        if (!entry.assets.has(asset.id)) {
+            entry.assets.set(asset.id, {
+                assetName: asset.name,
+                roles: new Map(),
+            });
+        }
+        await chooseRoles(appId, asset.id, requestMap);
+    }
+}
+async function chooseRoles(appId, assetId, requestMap) {
+    var _a;
+    const { roles } = await inquirer.prompt({
+        name: "roles",
+        type: "checkbox",
+        message: `Select one or more roles for ${assetId}:`,
+        choices: ["push", "pull", "triage", "admin"],
+    });
+    const entry = requestMap.get(appId);
+    const assetEntry = entry === null || entry === void 0 ? void 0 : entry.assets.get(assetId);
+    if (entry === undefined || assetEntry === undefined) {
+        throw new Error(`App ${appId} or Asset ${assetId} not found in requestMap`);
+    }
+    for (const role of roles) {
+        (_a = assetEntry.roles) === null || _a === void 0 ? void 0 : _a.set(role, {
+            roleName: role,
+        });
+    }
+}
+async function doneSelectingAssets() {
+    const submitMessage = "✅ Yes, proceed with request";
+    const addMoreMessage = "❌ No, add more items";
+    const { submitOrAdd } = await inquirer.prompt([
+        {
+            name: "submitOrAdd",
+            message: "Is this all you want to request?",
+            type: "list",
+            choices: [submitMessage, addMoreMessage],
+        },
+    ]);
+    return submitOrAdd === submitMessage;
+}
+async function promptForReason() {
+    return await inquirer.prompt([
+        {
+            name: "reason",
+            message: "I need access to this because...",
+            type: "input",
+        },
+    ]);
+}
+async function promptForExpiration() {
+    return await inquirer.prompt([
+        {
+            name: "expiration",
+            message: "When should access expire?",
+            type: "list",
+            choices: ["1 hour", "1 day", "7 days", "30 days", "1 year", "Indefinite"],
+        },
+    ]);
+}
+async function submitFinalRequest(cmd) {
+    const submitMessage = "✅ Yes, submit request";
+    const cancelMessage = "❌ No, cancel request";
+    const { submit } = await inquirer.prompt([
+        {
+            name: "submit",
+            message: "Submit request?",
+            type: "list",
+            choices: [submitMessage, cancelMessage],
+        },
+    ]);
+    if (submit === submitMessage) {
+        const requestLink = "https://dev.opal.dev/requests/sent/05ca5d5f-ea60-4cdb-84e1-7e3c575b2b72"; //TODO: Replace with actual request link
+        cmd.log("\n🎉 Your Access Request has been submitted! Request ID: 1234");
+        cmd.log(`🔍 View request status here: ${requestLink}`);
+    }
+    else {
+        cmd.log("🚫 Access Request has been cancelled.");
+    }
+}

package/lib/lib/resources.d.ts

@@ -1,5 +1,5 @@
-import { Command } from '@oclif/core';
-import { ResourceAccessLevel, ResourceAccessLevelInput } from '../types';
+import type { Command } from "@oclif/core";
+import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../types";
 export type ResourceInfo = {
     id: string;
     name: string;

package/lib/lib/resources.js

@@ -5,16 +5,15 @@ const inquirer = require("inquirer");
 const handler_1 = require("../handler");
 const apollo_1 = require("./apollo");
 exports.DEFAULT_ACCESS_LEVEL = {
-    accessLevelName: '',
-    accessLevelRemoteId: '',
+    accessLevelName: "",
+    accessLevelRemoteId: "",
 };
 // Returns a filtered array of items that match the input
 const filterChoices = (input, choices) => {
-    input = input || '';
-    if (input === '') {
+    if (!input) {
         return choices;
     }
-    return choices.filter(choice => choice.name.toLowerCase().includes(input.toLowerCase()));
+    return choices.filter((choice) => choice.name.toLowerCase().includes(input.toLowerCase()));
 };
 exports.filterChoices = filterChoices;
 const ListResourcesDocumentTemplate = `
@@ -37,8 +36,8 @@ query ListResources {
   }
 }`;
 const promptUserForResource = async (command, resourceType, message) => {
-    const listResourcesDocument = ListResourcesDocumentTemplate.replace('RESOURCE_TYPE', resourceType);
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const listResourcesDocument = ListResourcesDocumentTemplate.replace("RESOURCE_TYPE", resourceType);
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
         query: listResourcesDocument,
         variables: {},
@@ -60,19 +59,22 @@ const promptUserForResource = async (command, resourceType, message) => {
         };
     });
     if (resourceInfos.length === 0) {
-        return (0, apollo_1.handleError)(command, 'You don\'t have access to any resources of this type. Please go to Opal to request access.');
+        return (0, apollo_1.handleError)(command, "You don't have access to any resources of this type. Please go to Opal to request access.");
     }
     const resourceInfoByName = {};
-    resourceInfos.forEach(resourceInfo => {
+    // biome-ignore lint/complexity/noForEach: fix it when you get the chance
+    resourceInfos.forEach((resourceInfo) => {
         resourceInfoByName[resourceInfo.name] = resourceInfo;
     });
-    inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-    const selectedResourceInfo = await inquirer.prompt([{
-            name: 'resource',
+    inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
+    const selectedResourceInfo = await inquirer.prompt([
+        {
+            name: "resource",
             message: message,
-            type: 'autocomplete',
+            type: "autocomplete",
             source: (answers, input) => (0, exports.filterChoices)(input, resourceInfos),
-        }]);
+        },
+    ]);
     return resourceInfoByName[selectedResourceInfo.resource];
 };
 exports.promptUserForResource = promptUserForResource;
@@ -90,7 +92,7 @@ query ListAccessLevelsForResource($resourceId: ResourceId!) {
 }`;
 const promptUserForAccessLevels = async (command, resourceId, instanceType, accessLevelRemoteId) => {
     var _a, _b, _c;
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
         query: ListAccessLevelsForResource,
         variables: { resourceId },
@@ -103,11 +105,12 @@ const promptUserForAccessLevels = async (command, resourceId, instanceType, acce
         name: resp.accessLevelName,
     }));
     if (!accessLevelInfos) {
-        return (0, apollo_1.handleError)(command, 'This resource requires an access level, but none have been set up in Opal. Please contact your Opal admin.');
+        return (0, apollo_1.handleError)(command, "This resource requires an access level, but none have been set up in Opal. Please contact your Opal admin.");
     }
     const accessLevelInfoByName = {};
     const accessLevelInfoByRemoteId = {};
-    accessLevelInfos.forEach(accessLevelInfo => {
+    // biome-ignore lint/complexity/noForEach: please fix this
+    accessLevelInfos.forEach((accessLevelInfo) => {
         accessLevelInfoByName[accessLevelInfo.name] = accessLevelInfo;
         accessLevelInfoByRemoteId[accessLevelInfo.id] = accessLevelInfo;
     });
@@ -117,14 +120,17 @@ const promptUserForAccessLevels = async (command, resourceId, instanceType, acce
     }
     // Prompt user to pick access levels available to them
     if (!selectedAccessLevel) {
-        inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-        const selectedAccessLevelInfo = await inquirer.prompt([{
-                name: 'accessLevel',
+        inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
+        const selectedAccessLevelInfo = await inquirer.prompt([
+            {
+                name: "accessLevel",
                 message: `Select an access level to the ${instanceType}`,
-                type: 'autocomplete',
+                type: "autocomplete",
                 source: (answers, input) => (0, exports.filterChoices)(input, accessLevelInfos),
-            }]);
-        selectedAccessLevel = accessLevelInfoByName[selectedAccessLevelInfo.accessLevel];
+            },
+        ]);
+        selectedAccessLevel =
+            accessLevelInfoByName[selectedAccessLevelInfo.accessLevel];
     }
     return {
         accessLevelName: selectedAccessLevel.name,

package/lib/lib/sessions.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
-import { ResourceAccessLevelInput } from '../types';
+import type { Command } from "@oclif/core";
+import type { ResourceAccessLevelInput } from "../types";
 export declare const getOrCreateSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string, wantNewSession?: boolean) => Promise<any>;
 export declare const getSessionExpirationMessage: (session: any) => string;

package/lib/lib/sessions.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getSessionExpirationMessage = exports.getOrCreateSession = void 0;
+const moment = require("moment");
 const open = require("open");
-const config_1 = require("../lib/config");
 const handler_1 = require("../handler");
-const moment = require("moment");
 const apollo_1 = require("../lib/apollo");
+const config_1 = require("../lib/config");
 const util_1 = require("./util");
 const CreateSessionDocument = `
 mutation CreateSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
@@ -59,9 +59,9 @@ query ListSessions($id: ResourceId!) {
 }
 `;
 const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, metadataFragment, minCreatedAt) => {
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
-        query: ListSessionsDocument.replace('METADATA_FRAGMENT', metadataFragment),
+        query: ListSessionsDocument.replace("METADATA_FRAGMENT", metadataFragment),
         variables: {
             id: resourceId,
         },
@@ -70,8 +70,9 @@ const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, m
         return (0, apollo_1.handleError)(command, error);
     }
     switch (resp === null || resp === void 0 ? void 0 : resp.data.sessions.__typename) {
-        case 'SessionsResult': {
+        case "SessionsResult": {
             const sessions = resp.data.sessions.sessions;
+            // biome-ignore lint/suspicious/noImplicitAnyLet: please fix how we do queries in this cli
             let selectedSession;
             for (const session of sessions) {
                 if (sessionId && session.id !== sessionId) {
@@ -84,7 +85,8 @@ const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, m
                     // This lets us wait until we get a session that's newly created
                     continue;
                 }
-                if (!selectedSession || moment(session.endTime).diff(selectedSession.endTime) > 0) {
+                if (!selectedSession ||
+                    moment(session.endTime).diff(selectedSession.endTime) > 0) {
                     // Select the session with the latest end time
                     selectedSession = session;
                 }
@@ -105,13 +107,12 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
     const url = configData[config_1.urlKey];
     setTimeout(() => {
-        open(url + `/resources/${resourceId}?showModal=true&refresh=true`);
+        open(`${url}/resources/${resourceId}?showModal=true&refresh=true`);
     }, 2000); // Wait before opening the browser to give the user time to read the message
+    // biome-ignore lint/suspicious/noImplicitAnyLet: please fix typing for queries
     let session;
     while (!session) {
-        // eslint-disable-next-line no-await-in-loop
         await (0, util_1.sleep)(2000);
-        // eslint-disable-next-line no-await-in-loop
         session = await getSession(command, resourceId, accessLevelRemoteId, sessionId, metadataFragment, minCreatedAt);
     }
     return session;
@@ -119,7 +120,7 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
 const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession) => {
     const { resp, error } = await (0, handler_1.runMutation)({
         command: command,
-        query: CreateSessionDocument.replace('METADATA_FRAGMENT', metadataFragment),
+        query: CreateSessionDocument.replace("METADATA_FRAGMENT", metadataFragment),
         variables: {
             id: resourceId,
             accessLevel: accessLevel,
@@ -130,14 +131,14 @@ const createSession = async (command, resourceId, accessLevel, sessionId, metada
         return (0, apollo_1.handleError)(command, error);
     }
     switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
-        case 'CreateSessionResult': {
+        case "CreateSessionResult": {
             return resp.data.createSession.session;
         }
-        case 'MfaInvalidError': {
-            return openBrowserAndPollForSession(command, '❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...', resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
+        case "MfaInvalidError": {
+            return openBrowserAndPollForSession(command, "❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
         }
-        case 'OidcIDTokenNotFoundError': {
-            return openBrowserAndPollForSession(command, '❗ OIDC authentication needed. Please connect via browser. Opening browser and awaiting authentication...', resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
+        case "OidcIDTokenNotFoundError": {
+            return openBrowserAndPollForSession(command, "❗ OIDC authentication needed. Please connect via browser. Opening browser and awaiting authentication...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
         }
         default:
             return (0, apollo_1.handleError)(command, error, resp);
@@ -152,14 +153,14 @@ const getOrCreateSession = async (command, resourceId, accessLevel, sessionId, m
         }
     }
     if (sessionId) {
-        return (0, apollo_1.handleError)(command, 'Session not found for given id: ' + sessionId);
+        return (0, apollo_1.handleError)(command, `Session not found for given id: ${sessionId}`);
     }
     // Create new session
     return createSession(command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession);
 };
 exports.getOrCreateSession = getOrCreateSession;
 const getSessionExpirationMessage = (session) => {
-    const diff = moment(session.endTime).diff(moment(), 'minutes');
+    const diff = moment(session.endTime).diff(moment(), "minutes");
     const hours = Math.floor(diff / 60);
     const minutes = diff % 60;
     return `${hours}h ${minutes}m`;