opal-security 3.2.3 → 4.0.2

package/build/graphql/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./fragment-masking.js";
+export * from "./gql.js";

package/build/graphql/index.js

@@ -0,0 +1,2 @@
+export * from "./fragment-masking.js";
+export * from "./gql.js";

package/{lib → build}/handler.d.ts

@@ -10,7 +10,7 @@ export declare const runMutation: <TResponse = any, TVar extends OperationVariab
     error: ErrorLike | null;
 }>;
 export declare const runQueryDeprecated: <TResponse = any, TVar extends OperationVariables = Record<string, any>>({ command, query, variables, }: QueryHandlerProps<TVar>) => Promise<{
-    resp: ApolloClient.QueryResult<TResponse> | null | undefined;
+    resp: ApolloClient.QueryResult<any> | undefined;
     error: ErrorLike | null;
 }>;
 export {};

package/build/handler.js

@@ -0,0 +1,36 @@
+import gql from "graphql-tag";
+import { client, initClient } from "./lib/apollo.js";
+export const runMutation = async ({ command, query, variables, }) => {
+    await initClient(command);
+    let mutationResp = undefined;
+    let mutationError = null;
+    try {
+        mutationResp = await (client === null || client === void 0 ? void 0 : client.mutate({
+            mutation: gql `
+        ${query}
+      `,
+            variables: variables,
+        }));
+    }
+    catch (error) {
+        mutationError = error;
+    }
+    return { resp: mutationResp, error: mutationError };
+};
+export const runQueryDeprecated = async ({ command, query, variables, }) => {
+    await initClient(command);
+    let queryResp;
+    let queryError = null;
+    try {
+        queryResp = await (client === null || client === void 0 ? void 0 : client.query({
+            query: gql `
+        ${query}
+      `,
+            variables: variables,
+        }));
+    }
+    catch (error) {
+        queryError = error;
+    }
+    return { resp: queryResp, error: queryError };
+};

package/build/index.js

@@ -0,0 +1 @@
+export { run } from "@oclif/core";

package/{lib → build}/labels.d.ts

@@ -1,3 +1,3 @@
-import { ConnectionType, EntityType } from "./graphql/graphql";
+import { ConnectionType, EntityType } from "./graphql/graphql.js";
 export declare const connectionTypeLabelByType: Record<ConnectionType, string>;
 export declare const DisplayLabels: Partial<Record<EntityType, string>>;

package/build/labels.js

@@ -0,0 +1,37 @@
+import { ConnectionType, EntityType } from "./graphql/graphql.js";
+export const connectionTypeLabelByType = {
+    [ConnectionType.ActiveDirectory]: "Active Directory",
+    [ConnectionType.Aws]: "Amazon Web Services (Legacy)",
+    [ConnectionType.AwsSso]: "Amazon Web Services",
+    [ConnectionType.Custom]: "Custom Integration",
+    [ConnectionType.CustomConnector]: "Custom App Connector",
+    [ConnectionType.Duo]: "Duo",
+    [ConnectionType.Gcp]: "Google Cloud Platform",
+    [ConnectionType.GitHub]: "GitHub",
+    [ConnectionType.GitLab]: "GitLab",
+    [ConnectionType.GoogleGroups]: "Google Groups",
+    [ConnectionType.GoogleWorkspace]: "Google Workspace",
+    [ConnectionType.Ldap]: "LDAP",
+    [ConnectionType.Mongo]: "MongoDB Database",
+    [ConnectionType.MongoAtlas]: "MongoDB Atlas Database",
+    [ConnectionType.OktaDirectory]: "Okta Directory",
+    [ConnectionType.Opal]: "Opal",
+    [ConnectionType.Pagerduty]: "PagerDuty",
+    [ConnectionType.Tailscale]: "Tailscale",
+    [ConnectionType.Salesforce]: "Salesforce",
+    [ConnectionType.Workday]: "Workday",
+    [ConnectionType.Mysql]: "MySQL",
+    [ConnectionType.Mariadb]: "MariaDB",
+    [ConnectionType.Postgres]: "PostgreSQL",
+    [ConnectionType.Teleport]: "Teleport",
+    [ConnectionType.AzureAd]: "Azure",
+    [ConnectionType.Snowflake]: "Snowflake",
+    [ConnectionType.Databricks]: "Databricks",
+    [ConnectionType.Coupa]: "Coupa",
+    [ConnectionType.DatastaxAstra]: "DataStax Astra",
+    [ConnectionType.Ilevel]: "iLEVEL",
+};
+export const DisplayLabels = {
+    [EntityType.Resource]: "Resource",
+    [EntityType.Group]: "Group",
+};

package/{lib → build}/lib/apollo.d.ts

@@ -2,7 +2,7 @@ import { ApolloClient } from "@apollo/client";
 import type { Command } from "@oclif/core";
 export declare let client: ApolloClient | null;
 export declare let cookieStr: string;
-export declare const printResponse: (command: Command, resp: any) => void;
-export declare const handleError: (command: Command, err: any, resp?: any) => void;
+export declare const printResponse: (command: Command, resp?: ApolloClient.QueryResult) => void;
+export declare const handleError: (command: Command, err: unknown, resp?: ApolloClient.QueryResult) => void;
 export declare const initClient: (command: Command, fetchAccessToken?: boolean) => Promise<void>;
 export declare function getClient(command: Command, fetchAccessToken?: boolean): Promise<ApolloClient>;

package/{lib → build}/lib/apollo.js

@@ -1,29 +1,24 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.initClient = exports.handleError = exports.printResponse = exports.cookieStr = exports.client = void 0;
-exports.getClient = getClient;
-const client_1 = require("@apollo/client");
-const context_1 = require("@apollo/client/link/context");
-const error_1 = require("@apollo/client/link/error");
-const chalk_1 = require("chalk");
-const prettyjson_1 = require("prettyjson");
-const operators_1 = require("rxjs/operators");
-const semver_1 = require("semver");
-const invariant_1 = require("@apollo/client/utilities/invariant");
-const rxjs_1 = require("rxjs");
-const login_1 = require("../commands/login");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
-const fetch = require("node-fetch");
-const https = require("node:https");
-const http = require("node:http");
+import { ApolloClient, ApolloLink, HttpLink, InMemoryCache, } from "@apollo/client";
+import { setContext } from "@apollo/client/link/context";
+import { ErrorLink } from "@apollo/client/link/error";
+import chalk from "chalk";
+import { render } from "prettyjson";
+import { map, mergeMap } from "rxjs/operators";
+import { major } from "semver";
+import { invariant } from "@apollo/client/utilities/invariant";
+import { from } from "rxjs";
+import Login, { CLIAuthSessionCheckName, CLISignInMethodName, CLITokenExchangeName, } from "../commands/login.js";
+import { allowSelfSignedCertsKey, customHttpHeaderKey, getOrCreateConfigData, urlKey, } from "./config.js";
+import { SecretType, getOpalCredentials } from "./credentials/index.js";
+import http from "node:http";
+import https from "node:https";
 // DO NOT USE DIRECTLY, use getClient instead
-exports.client = null;
+export let client = null;
 // This is used to keep track of the auth-session cookie during login, before we can persist it into the credential store
-exports.cookieStr = "";
+export let cookieStr = "";
 let alreadyWarnedAboutVersion = false;
-const printResponse = (command, resp) => {
-    const filteredJson = JSON.parse(JSON.stringify(resp.data, (k, v) => {
+export const printResponse = (command, resp) => {
+    const filteredJson = JSON.parse(JSON.stringify(resp === null || resp === void 0 ? void 0 : resp.data, (k, v) => {
         if (k === "__typename" ||
             v === null ||
             (Array.isArray(v) && v.length === 0)) {
@@ -31,13 +26,14 @@ const printResponse = (command, resp) => {
         }
         return v;
     }));
-    command.log((0, prettyjson_1.render)(filteredJson));
+    command.log(render(filteredJson));
 };
-exports.printResponse = printResponse;
-const handleError = (command, err, resp) => {
+export const handleError = (command, err, resp) => {
     if (err &&
         typeof err === "object" &&
         "networkError" in err &&
+        err.networkError &&
+        typeof err.networkError === "object" &&
         "statusCode" in err.networkError) {
         // Status code errors are already handled in the global Apollo handler, so we can just return here.
         return;
@@ -58,42 +54,40 @@ const handleError = (command, err, resp) => {
     errorMsg = `❗ ${errorMsg}`;
     command.log(errorMsg);
     if (resp) {
-        (0, exports.printResponse)(command, resp);
+        printResponse(command, resp);
     }
     // OPAL-6579: Use process.exit to avoid UnhandledPromiseRejectionWarning
     process.exit(1);
 };
-exports.handleError = handleError;
-const initClient = async (command, fetchAccessToken = true) => {
+export const initClient = async (command, fetchAccessToken = true) => {
     const configDir = command.config.configDir;
     const currentCLIVersion = command.config.version;
-    const configData = (0, config_1.getOrCreateConfigData)(configDir);
-    const opalCreds = await (0, credentials_1.getOpalCredentials)(command, fetchAccessToken);
+    const configData = getOrCreateConfigData(configDir);
+    const opalCreds = await getOpalCredentials(command, fetchAccessToken);
     const organizationID = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationID;
     const httpsAgent = new https.Agent({
-        rejectUnauthorized: !configData[config_1.allowSelfSignedCertsKey],
+        rejectUnauthorized: !configData[allowSelfSignedCertsKey],
     });
     const httpAgent = new http.Agent({});
-    const specifiedUrl = configData[config_1.urlKey];
-    const customHeader = configData[config_1.customHttpHeaderKey];
+    const specifiedUrl = configData[urlKey];
+    const customHeader = configData[customHttpHeaderKey];
     const customHeaderKey = customHeader === undefined ? "" : customHeader.split(":")[0];
     const customHeaderValue = customHeader === undefined ? "" : customHeader.split(":")[1];
     const agent = specifiedUrl.includes("https") ? httpsAgent : httpAgent;
-    const httpLink = new client_1.HttpLink({
+    const httpLink = new HttpLink({
         uri: `${specifiedUrl}/query`,
         credentials: "include",
-        fetch,
         fetchOptions: {
             agent: agent,
         },
     });
-    const authLink = (0, context_1.setContext)((_, { headers }) => {
+    const authLink = setContext((_, { headers }) => {
         const baseHeaders = Object.assign(Object.assign({}, headers), { "User-Agent": `Opal CLI v${currentCLIVersion}`, "X-Opal-Organization-ID": organizationID, "X-Opal-Cli-Version": currentCLIVersion });
-        if (opalCreds.secretType === credentials_1.SecretType.ApiToken) {
+        if (opalCreds.secretType === SecretType.ApiToken && !!opalCreds.secret) {
             baseHeaders.authorization = `Bearer ${opalCreds.secret}`;
         }
-        else if (!!opalCreds.secret || !!exports.cookieStr) {
-            baseHeaders.cookie = opalCreds.secret || exports.cookieStr;
+        else if (!!opalCreds.secret || !!cookieStr) {
+            baseHeaders.cookie = opalCreds.secret || cookieStr;
         }
         if (customHeaderKey) {
             return {
@@ -121,15 +115,15 @@ const initClient = async (command, fetchAccessToken = true) => {
             const expectedCLIMajorVersion = headers.get("Opal-CLI-Expected-Major-Version");
             if (expectedCLIMajorVersion === null || expectedCLIMajorVersion === void 0 ? void 0 : expectedCLIMajorVersion.match(/^\d+$/)) {
                 const semverExpectedMinCLIVersion = `${expectedCLIMajorVersion}.0.0`;
-                if ((0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(semverExpectedMinCLIVersion)) {
-                    command.log(chalk_1.default.yellow(`
+                if (major(currentCLIVersion) < major(semverExpectedMinCLIVersion)) {
+                    command.log(chalk.yellow(`
 ❗ Your CLI is outdated and is incompatible with your Opal server.
-   Expected major version ${chalk_1.default.blueBright(semverExpectedMinCLIVersion)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-   Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
+   Expected major version ${chalk.blueBright(semverExpectedMinCLIVersion)}, but version ${chalk.blueBright(currentCLIVersion)} is installed.
+   Upgrade using the following command: ${chalk.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
                     alreadyWarnedAboutVersion = true;
                 }
-                else if ((0, semver_1.major)(currentCLIVersion) > (0, semver_1.major)(semverExpectedMinCLIVersion)) {
-                    command.log(chalk_1.default.yellow(`
+                else if (major(currentCLIVersion) > major(semverExpectedMinCLIVersion)) {
+                    command.log(chalk.yellow(`
 ❗ Uh oh! The currently installed Opal server is outdated. Please contact your Opal admins to let them know they need to upgrade their deployment.\n`));
                     alreadyWarnedAboutVersion = true;
                 }
@@ -138,33 +132,33 @@ const initClient = async (command, fetchAccessToken = true) => {
             if (recommendedCLIMajorVersion === null || recommendedCLIMajorVersion === void 0 ? void 0 : recommendedCLIMajorVersion.match(/^\d+$/)) {
                 const recommendedSemverString = `${recommendedCLIMajorVersion}.0.0`;
                 if (recommendedSemverString &&
-                    (0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(recommendedSemverString)) {
-                    command.log(chalk_1.default.yellow(`
+                    major(currentCLIVersion) < major(recommendedSemverString)) {
+                    command.log(chalk.yellow(`
 ❗ Opal recommends that you upgrade your CLI.
-  Recommended version >=${chalk_1.default.blueBright(recommendedSemverString)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-  Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
+  Recommended version >=${chalk.blueBright(recommendedSemverString)}, but version ${chalk.blueBright(currentCLIVersion)} is installed.
+  Upgrade using the following command: ${chalk.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
                 }
                 alreadyWarnedAboutVersion = true;
             }
         }
     };
-    const checkCLIVersionLink = new client_1.ApolloLink((operation, forward) => {
-        return forward(operation).pipe((0, operators_1.map)((response) => {
+    const checkCLIVersionLink = new ApolloLink((operation, forward) => {
+        return forward(operation).pipe(map((response) => {
             checkCLIVersion(operation);
             return response;
         }));
     });
-    const errorLink = new error_1.ErrorLink(({ error, operation, forward }) => {
+    const errorLink = new ErrorLink(({ error, operation, forward }) => {
         // There's a few GQL operations where we don't want to use this error handler:
         const customErrorOperations = [
             // This is triggered just after the user called `opal login` or `opal set-token`, and has
             // special handling if they fail, so we don't trigger an automatic re-login
-            login_1.CLIAuthSessionCheckName,
+            CLIAuthSessionCheckName,
             // This has special error handling to fall back to an older auth method that uses the OAuth access token
-            login_1.CLITokenExchangeName,
+            CLITokenExchangeName,
             // This has special error handling due to the fact that the backend version
             // can be out of date and not include the new cliClientId field.
-            login_1.CLISignInMethodName,
+            CLISignInMethodName,
         ];
         if (operation.operationName &&
             customErrorOperations.includes(operation.operationName)) {
@@ -174,20 +168,20 @@ const initClient = async (command, fetchAccessToken = true) => {
             const errorMessage = error.message;
             if (errorMessage.includes("invalid authentication")) {
                 command.log("Your session is invalid or expired. Authenticating now...\n");
-                const loginCommand = new login_1.default([], command.config);
-                return (0, rxjs_1.from)(loginCommand.run()).pipe((0, operators_1.mergeMap)(() => forward(operation)));
+                const loginCommand = new Login([], command.config);
+                return from(loginCommand.run()).pipe(mergeMap(() => forward(operation)));
             }
-            return (0, exports.handleError)(command, `Received error from server${errorMessage ? ` with message "${errorMessage}"` : ""}`);
+            return handleError(command, `Received error from server${errorMessage ? ` with message "${errorMessage}"` : ""}`);
         }
     });
     // Parses our auth-session cookie out of the Set-Cookie response header, saving it locally so we can use it for future requests
-    const preserveCookiesLink = new client_1.ApolloLink((operation, forward) => {
-        return forward(operation).pipe((0, operators_1.map)((response) => {
+    const preserveCookiesLink = new ApolloLink((operation, forward) => {
+        return forward(operation).pipe(map((response) => {
             var _a, _b, _c, _d;
             const cookieHeaderStr = (_c = (_b = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.get("Set-Cookie")) !== null && _c !== void 0 ? _c : "";
             const authSessionCookie = (_d = cookieHeaderStr.match(/auth-session=[^;]+;/)) === null || _d === void 0 ? void 0 : _d[0];
             if (authSessionCookie) {
-                exports.cookieStr = authSessionCookie;
+                cookieStr = authSessionCookie;
             }
             return response;
         }));
@@ -196,14 +190,13 @@ const initClient = async (command, fetchAccessToken = true) => {
     link = checkCLIVersionLink.concat(link);
     link = preserveCookiesLink.concat(link);
     link = errorLink.concat(link);
-    exports.client = new client_1.ApolloClient({
+    client = new ApolloClient({
         link: link,
-        cache: new client_1.InMemoryCache(),
+        cache: new InMemoryCache(),
     });
 };
-exports.initClient = initClient;
-async function getClient(command, fetchAccessToken = true) {
-    await (0, exports.initClient)(command, fetchAccessToken);
-    (0, invariant_1.invariant)(exports.client, "Failed to initialize Opal Client");
-    return exports.client;
+export async function getClient(command, fetchAccessToken = true) {
+    await initClient(command, fetchAccessToken);
+    invariant(client, "Failed to initialize Opal Client");
+    return client;
 }

package/build/lib/auth-success-template.d.ts

@@ -0,0 +1,3 @@
+export declare const authSuccessHtml = "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n    <meta charset=\"UTF-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Authentication Successful - Opal CLI</title>\n    <style>\n        * { margin: 0; padding: 0; box-sizing: border-box; }\n        body {\n            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;\n            background: black;\n            min-height: 100vh;\n            display: flex;\n            align-items: center;\n            justify-content: center;\n            padding: 20px;\n        }\n        .container {\n            background: white;\n            border-radius: 16px;\n            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);\n            max-width: 480px;\n            width: 100%;\n            padding: 48px 40px;\n            text-align: center;\n        }\n        .logo {\n            width: 80px;\n            height: 80px;\n            margin: 0 auto 24px;\n            display: flex;\n            align-items: center;\n            justify-content: center;\n        }\n        .logo svg {\n            width: 80px;\n            height: 80px;\n        }\n        .checkmark {\n            width: 80px;\n            height: 80px;\n            margin: 0 auto 24px;\n            background: #10b981;\n            border-radius: 50%;\n            display: flex;\n            align-items: center;\n            justify-content: center;\n            animation: scaleIn 0.5s ease-out;\n        }\n        .checkmark svg {\n            width: 48px;\n            height: 48px;\n            stroke: white;\n            stroke-width: 3;\n            stroke-linecap: round;\n            stroke-linejoin: round;\n            fill: none;\n            animation: checkmark 0.5s ease-out 0.2s forwards;\n            stroke-dasharray: 100;\n            stroke-dashoffset: 100;\n        }\n        @keyframes scaleIn {\n            from { transform: scale(0); opacity: 0; }\n            to { transform: scale(1); opacity: 1; }\n        }\n        @keyframes checkmark {\n            to { stroke-dashoffset: 0; }\n        }\n        h1 {\n            font-size: 28px;\n            color: #1f2937;\n            margin-bottom: 12px;\n            font-weight: 600;\n        }\n        .subtitle {\n            font-size: 16px;\n            color: #6b7280;\n            margin-bottom: 32px;\n            line-height: 1.5;\n        }\n    </style>\n</head>\n<body>\n    <div class=\"container\">\n            <div class=\"checkmark\">\n            <svg viewBox=\"0 0 52 52\">\n                <polyline points=\"14 27 22 35 38 19\" />\n            </svg>\n        </div>\n        <h1>Authentication Successful!</h1>\n        <p class=\"subtitle\">Your Opal CLI has been successfully authenticated and this window can be safely closed</p>\n        <div class=\"logo\">\n            <svg width=\"80\" height=\"80\" viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http://www.w3.org/2000/svg\">\n                <g clip-path=\"url(#clip0_852_5824)\">\n                    <path\n                        d=\"M7.335 5.53875L7.98093 3.16032C8.09343 2.76094 8.505 2.51907 8.91656 2.62125L11.3119 3.2625L11.9859 0.753753L9.59062 0.112503C7.79343 -0.361872 5.93156 0.697503 5.45343 2.48063L4.8075 4.85907L7.335 5.53782V5.53875Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M19.1409 4.86004L18.495 2.4816C18.0169 0.69848 16.155 -0.360895 14.3578 0.11348L11.9625 0.75473L12.6366 3.26348L15.0319 2.62223C15.4434 2.52004 15.855 2.76098 15.9675 3.16129L16.6134 5.53973L19.1409 4.86098V4.86004Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M16.6134 18.4612L15.9675 20.8396C15.855 21.239 15.4434 21.4809 15.0319 21.3787L12.6366 20.7374L11.9625 23.2462L14.3578 23.8874C16.155 24.3618 18.0169 23.3024 18.495 21.5193L19.1409 19.1409L16.6134 18.4621V18.4612Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M4.8075 19.1399L5.45343 21.5183C5.93156 23.3015 7.79343 24.3608 9.59062 23.8865L11.9859 23.2452L11.3119 20.7365L8.91656 21.3777C8.505 21.4799 8.09343 21.239 7.98093 20.8386L7.335 18.4602L4.8075 19.139V19.1399Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M5.53875 16.6397L3.16032 15.9938C2.76094 15.8813 2.51907 15.4697 2.62125 15.0581L3.2625 12.6628L0.753753 11.9888L0.112503 14.3841C-0.361872 16.1813 0.697503 18.0431 2.48063 18.5213L4.85907 19.1672L5.53782 16.6397H5.53875Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M4.86001 4.83374L2.48157 5.47968C0.698449 5.9578 -0.360926 7.81968 0.113449 9.61687L0.754699 12.0122L3.26345 11.3381L2.6222 8.9428C2.52001 8.53124 2.76095 8.11968 3.16126 8.00718L5.5397 7.36124L4.86095 4.83374H4.86001Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M18.4612 7.36026L20.8397 8.0062C21.2391 8.1187 21.4809 8.53026 21.3787 8.94183L20.7375 11.3371L23.2462 12.0112L23.8875 9.61589C24.3619 7.8187 23.3025 5.95683 21.5194 5.4787L19.1409 4.83276L18.4622 7.36026H18.4612Z\"\n                        fill=\"currentColor\" />\n                    <path\n                        d=\"M19.14 19.1662L21.5185 18.5203C23.3016 18.0422 24.361 16.1803 23.8866 14.3831L23.2453 11.9878L20.7366 12.6619L21.3778 15.0572C21.48 15.4687 21.2391 15.8803 20.8388 15.9928L18.4603 16.6387L19.1391 19.1662H19.14Z\"\n                        fill=\"currentColor\" />\n                </g>\n                <defs>\n                    <clipPath id=\"clip0_852_5824\">\n                        <rect width=\"24\" height=\"24\" fill=\"white\" />\n                    </clipPath>\n                </defs>\n            </svg>\n        </div>\n\n    </div>\n</body>\n</html>";
+export declare const authErrorHtml: (error: string) => string;
+export declare const authMissingCodeHtml = "\n<html>\n  <body>\n    <h1>Authentication Failed</h1>\n    <p>Missing authorization code.</p>\n    <p>You can close this window.</p>\n  </body>\n</html>\n";

package/build/lib/auth-success-template.js

@@ -0,0 +1,149 @@
+import sanitizeHtml from "sanitize-html";
+export const authSuccessHtml = `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Authentication Successful - Opal CLI</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+            background: black;
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 20px;
+        }
+        .container {
+            background: white;
+            border-radius: 16px;
+            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+            max-width: 480px;
+            width: 100%;
+            padding: 48px 40px;
+            text-align: center;
+        }
+        .logo {
+            width: 80px;
+            height: 80px;
+            margin: 0 auto 24px;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        .logo svg {
+            width: 80px;
+            height: 80px;
+        }
+        .checkmark {
+            width: 80px;
+            height: 80px;
+            margin: 0 auto 24px;
+            background: #10b981;
+            border-radius: 50%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            animation: scaleIn 0.5s ease-out;
+        }
+        .checkmark svg {
+            width: 48px;
+            height: 48px;
+            stroke: white;
+            stroke-width: 3;
+            stroke-linecap: round;
+            stroke-linejoin: round;
+            fill: none;
+            animation: checkmark 0.5s ease-out 0.2s forwards;
+            stroke-dasharray: 100;
+            stroke-dashoffset: 100;
+        }
+        @keyframes scaleIn {
+            from { transform: scale(0); opacity: 0; }
+            to { transform: scale(1); opacity: 1; }
+        }
+        @keyframes checkmark {
+            to { stroke-dashoffset: 0; }
+        }
+        h1 {
+            font-size: 28px;
+            color: #1f2937;
+            margin-bottom: 12px;
+            font-weight: 600;
+        }
+        .subtitle {
+            font-size: 16px;
+            color: #6b7280;
+            margin-bottom: 32px;
+            line-height: 1.5;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+            <div class="checkmark">
+            <svg viewBox="0 0 52 52">
+                <polyline points="14 27 22 35 38 19" />
+            </svg>
+        </div>
+        <h1>Authentication Successful!</h1>
+        <p class="subtitle">Your Opal CLI has been successfully authenticated and this window can be safely closed</p>
+        <div class="logo">
+            <svg width="80" height="80" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+                <g clip-path="url(#clip0_852_5824)">
+                    <path
+                        d="M7.335 5.53875L7.98093 3.16032C8.09343 2.76094 8.505 2.51907 8.91656 2.62125L11.3119 3.2625L11.9859 0.753753L9.59062 0.112503C7.79343 -0.361872 5.93156 0.697503 5.45343 2.48063L4.8075 4.85907L7.335 5.53782V5.53875Z"
+                        fill="currentColor" />
+                    <path
+                        d="M19.1409 4.86004L18.495 2.4816C18.0169 0.69848 16.155 -0.360895 14.3578 0.11348L11.9625 0.75473L12.6366 3.26348L15.0319 2.62223C15.4434 2.52004 15.855 2.76098 15.9675 3.16129L16.6134 5.53973L19.1409 4.86098V4.86004Z"
+                        fill="currentColor" />
+                    <path
+                        d="M16.6134 18.4612L15.9675 20.8396C15.855 21.239 15.4434 21.4809 15.0319 21.3787L12.6366 20.7374L11.9625 23.2462L14.3578 23.8874C16.155 24.3618 18.0169 23.3024 18.495 21.5193L19.1409 19.1409L16.6134 18.4621V18.4612Z"
+                        fill="currentColor" />
+                    <path
+                        d="M4.8075 19.1399L5.45343 21.5183C5.93156 23.3015 7.79343 24.3608 9.59062 23.8865L11.9859 23.2452L11.3119 20.7365L8.91656 21.3777C8.505 21.4799 8.09343 21.239 7.98093 20.8386L7.335 18.4602L4.8075 19.139V19.1399Z"
+                        fill="currentColor" />
+                    <path
+                        d="M5.53875 16.6397L3.16032 15.9938C2.76094 15.8813 2.51907 15.4697 2.62125 15.0581L3.2625 12.6628L0.753753 11.9888L0.112503 14.3841C-0.361872 16.1813 0.697503 18.0431 2.48063 18.5213L4.85907 19.1672L5.53782 16.6397H5.53875Z"
+                        fill="currentColor" />
+                    <path
+                        d="M4.86001 4.83374L2.48157 5.47968C0.698449 5.9578 -0.360926 7.81968 0.113449 9.61687L0.754699 12.0122L3.26345 11.3381L2.6222 8.9428C2.52001 8.53124 2.76095 8.11968 3.16126 8.00718L5.5397 7.36124L4.86095 4.83374H4.86001Z"
+                        fill="currentColor" />
+                    <path
+                        d="M18.4612 7.36026L20.8397 8.0062C21.2391 8.1187 21.4809 8.53026 21.3787 8.94183L20.7375 11.3371L23.2462 12.0112L23.8875 9.61589C24.3619 7.8187 23.3025 5.95683 21.5194 5.4787L19.1409 4.83276L18.4622 7.36026H18.4612Z"
+                        fill="currentColor" />
+                    <path
+                        d="M19.14 19.1662L21.5185 18.5203C23.3016 18.0422 24.361 16.1803 23.8866 14.3831L23.2453 11.9878L20.7366 12.6619L21.3778 15.0572C21.48 15.4687 21.2391 15.8803 20.8388 15.9928L18.4603 16.6387L19.1391 19.1662H19.14Z"
+                        fill="currentColor" />
+                </g>
+                <defs>
+                    <clipPath id="clip0_852_5824">
+                        <rect width="24" height="24" fill="white" />
+                    </clipPath>
+                </defs>
+            </svg>
+        </div>
+
+    </div>
+</body>
+</html>`;
+export const authErrorHtml = (error) => `
+<html>
+  <body>
+    <h1>Authentication Failed</h1>
+    <p>Error: ${sanitizeHtml(error)}</p>
+    <p>You can close this window.</p>
+  </body>
+</html>
+`;
+export const authMissingCodeHtml = `
+<html>
+  <body>
+    <h1>Authentication Failed</h1>
+    <p>Missing authorization code.</p>
+    <p>You can close this window.</p>
+  </body>
+</html>
+`;

package/{lib → build}/lib/aws.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAwsEnvVarMessage = exports.getAwsConfigUpdateCmd = void 0;
 const opalProfileKey = "opal";
 const sanitize = (str) => {
     // Remove non standard characters.
@@ -13,7 +10,7 @@ const sanitize = (str) => {
     sanitizedStr = sanitizedStr.replace(/ /g, "-");
     return sanitizedStr;
 };
-const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, awsSessionToken) => {
+export const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, awsSessionToken) => {
     let updateProfilesCmd = "";
     const sanitizedProfileName = sanitize(itemName);
     const profileNames = [opalProfileKey, sanitizedProfileName];
@@ -30,8 +27,7 @@ const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, aws
     });
     return updateProfilesCmd;
 };
-exports.getAwsConfigUpdateCmd = getAwsConfigUpdateCmd;
-const getAwsEnvVarMessage = () => {
+export const getAwsEnvVarMessage = () => {
     if (!process.env.AWS_DEFAULT_PROFILE ||
         process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
         let envVarPhrase = "";
@@ -49,4 +45,3 @@ const getAwsEnvVarMessage = () => {
     }
     return "";
 };
-exports.getAwsEnvVarMessage = getAwsEnvVarMessage;

package/{lib → build}/lib/cmd.d.ts

@@ -1,10 +1,10 @@
 import type { ExecException } from "node:child_process";
 import type { Command } from "@oclif/core";
-import * as moment from "moment";
+import moment from "moment";
 export declare let mostRecentCommand: Command | null;
 export declare let mostRecentCommandTime: moment.Moment | null;
 export declare const setMostRecentCommand: (cmd: Command) => void;
 export declare const startInteractiveShell: (runCmd: string, shellName?: string) => void;
-export declare const runCommandExec: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;
-export declare const runCommandExecWithCallback: (cmd: string, callback?: (error: ExecException | null, stdout: Buffer, stderr: Buffer) => void) => Promise<unknown>;
-export declare const runCommandSpawn: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;
+export declare const runCommandExec: (runCmd: string, successMessage: string, errorMessage: string, envVars?: NodeJS.ProcessEnv) => void;
+export declare const runCommandExecWithCallback: (cmd: string, callback?: (error: ExecException | null, stdout: string, stderr: string) => void) => Promise<unknown>;
+export declare const runCommandSpawn: (runCmd: string, successMessage: string, errorMessage: string, envVars?: NodeJS.ProcessEnv) => void;

package/{lib → build}/lib/cmd.js

@@ -1,17 +1,17 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.runCommandSpawn = exports.runCommandExecWithCallback = exports.runCommandExec = exports.startInteractiveShell = exports.setMostRecentCommand = exports.mostRecentCommandTime = exports.mostRecentCommand = void 0;
-const _ = require("lodash");
-const moment = require("moment");
-const { exec, spawn } = require("node:child_process");
-exports.mostRecentCommand = null;
-exports.mostRecentCommandTime = null;
-const setMostRecentCommand = (cmd) => {
-    exports.mostRecentCommand = cmd;
-    exports.mostRecentCommandTime = moment(new Date());
+import { exec, spawn } from "node:child_process";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import _ from "lodash";
+import moment from "moment";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export let mostRecentCommand = null;
+export let mostRecentCommandTime = null;
+export const setMostRecentCommand = (cmd) => {
+    mostRecentCommand = cmd;
+    mostRecentCommandTime = moment(new Date());
 };
-exports.setMostRecentCommand = setMostRecentCommand;
-const startInteractiveShell = (runCmd, shellName) => {
+export const startInteractiveShell = (runCmd, shellName) => {
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }),
         stdio: "inherit",
@@ -37,8 +37,7 @@ const startInteractiveShell = (runCmd, shellName) => {
         // intercepting SIGTSTP
     });
 };
-exports.startInteractiveShell = startInteractiveShell;
-const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
+export const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     exec(`${runCmd}`, {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
@@ -57,8 +56,7 @@ const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
         }
     });
 };
-exports.runCommandExec = runCommandExec;
-const runCommandExecWithCallback = (cmd, callback) => {
+export const runCommandExecWithCallback = (cmd, callback) => {
     return new Promise((resolve) => {
         exec(cmd, (error, stdOut, stdErr) => {
             callback === null || callback === void 0 ? void 0 : callback(error, stdOut, stdErr);
@@ -66,8 +64,7 @@ const runCommandExecWithCallback = (cmd, callback) => {
         });
     });
 };
-exports.runCommandExecWithCallback = runCommandExecWithCallback;
-const runCommandSpawn = (runCmd, successMessage, errorMessage, envVars) => {
+export const runCommandSpawn = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
@@ -83,4 +80,3 @@ const runCommandSpawn = (runCmd, successMessage, errorMessage, envVars) => {
         }
     });
 };
-exports.runCommandSpawn = runCommandSpawn;