opal-security 5.1.0 → 5.1.2

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/5.1.0 darwin-arm64 node-v18.20.4
+opal-security/5.1.2 darwin-arm64 node-v18.20.4
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -106,7 +106,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-config`
 
@@ -123,7 +123,7 @@ EXAMPLES
   $ opal clear-auth-config
 ```
 
-_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/clear-auth-config.ts)_
+_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/clear-auth-config.ts)_
 
 ## `opal curl-example`
 
@@ -140,7 +140,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -161,7 +161,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -189,12 +189,13 @@ Starts a session to assume an IAM role.
 
 ```
 USAGE
-  $ opal iam-roles start [-h] [-i <value>] [--profileName <value>]
+  $ opal iam-roles start [-h] [-i <value>] [--openBrowser] [--profileName <value>]
 
 FLAGS
   -h, --help                 Show CLI help.
   -i, --id=<value>           The Opal ID of the asset. You can find this from the URL, e.g.
                              https://opal.dev/resources/[ID]
+      --openBrowser          Automatically open the browser without prompting for confirmation.
       --profileName=<value>  Uses a custom AWS profile name for the IAM role. Default value is the role's name.
 
 DESCRIPTION
@@ -208,7 +209,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -216,13 +217,14 @@ Starts a session to assume a Kubernetes cluster IAM role.
 
 ```
 USAGE
-  $ opal kube-roles start [-h] [-i <value>] [-a <value>]
+  $ opal kube-roles start [-h] [-i <value>] [-a <value>] [--openBrowser]
 
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
   -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
+      --openBrowser                  Automatically open the browser without prompting for confirmation.
 
 DESCRIPTION
   Starts a session to assume a Kubernetes cluster IAM role.
@@ -235,7 +237,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -243,11 +245,12 @@ Authenticates you with the Opal server.
 
 ```
 USAGE
-  $ opal login [-h] [--email <value>]
+  $ opal login [-h] [--email <value>] [--openBrowser]
 
 FLAGS
   -h, --help           Show CLI help.
       --email=<value>  Email address to login with.
+      --openBrowser    Automatically open the browser without prompting for confirmation.
 
 DESCRIPTION
   Authenticates you with the Opal server.
@@ -256,7 +259,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -276,7 +279,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -284,7 +287,7 @@ Starts a session to connect to a Postgres database.
 
 ```
 USAGE
-  $ opal postgres-instances start [-h] [-i <value>] [-a <value>] [--action open|psql|view]
+  $ opal postgres-instances start [-h] [-i <value>] [-a <value>] [--openBrowser] [--action open|psql|view]
 
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
@@ -296,6 +299,7 @@ FLAGS
                                      - psql: Start psql session in shell
                                      - view: View connection configuration details
                                      <options: open|psql|view>
+      --openBrowser                  Automatically open the browser without prompting for confirmation.
 
 DESCRIPTION
   Starts a session to connect to a Postgres database.
@@ -310,7 +314,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/postgres-instances/start.ts)_
 
 ## `opal request create`
 
@@ -336,7 +340,7 @@ DESCRIPTION
   Creates an Opal access request via an interactive form
 ```
 
-_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/create.ts)_
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/request/create.ts)_
 
 ## `opal request get`
 
@@ -360,7 +364,7 @@ EXAMPLES
   $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
 ```
 
-_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/get.ts)_
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/request/get.ts)_
 
 ## `opal request list`
 
@@ -392,7 +396,7 @@ EXAMPLES
   $ opal request list --n 5 --pending --verbose
 ```
 
-_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/list.ts)_
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/request/list.ts)_
 
 ## `opal request ls`
 
@@ -443,7 +447,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/resources/get.ts)_
 
 ## `opal set-auth-config`
 
@@ -473,7 +477,7 @@ EXAMPLES
   $ opal set-auth-config --organizationID=org-456 --clientID=abc123 --issuerUrl=https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-auth-config.ts)_
+_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/set-auth-config.ts)_
 
 ## `opal set-custom-header`
 
@@ -494,7 +498,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -514,7 +518,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -538,7 +542,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -546,12 +550,13 @@ Use SCP to copy files from a compute instance.
 
 ```
 USAGE
-  $ opal ssh copyFrom --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>]
+  $ opal ssh copyFrom --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>] [--openBrowser]
 
 FLAGS
   -h, --help          Show CLI help.
   -i, --id=<value>    The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
       --dest=<value>  [default: .] The directory you want your files to be copied to.
+      --openBrowser   Automatically open the browser without prompting for confirmation.
       --src=<value>   (required) The directory or file you would like to copy over SCP. Note we only support one file or
                       directory at a time.
       --user=<value>  [default: ssm-user] The user you want to run SCP over. Keep in mind not all users will have access
@@ -566,7 +571,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -574,12 +579,13 @@ Use SCP to copy files to a compute instance.
 
 ```
 USAGE
-  $ opal ssh copyTo --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>]
+  $ opal ssh copyTo --src <value> [-h] [--dest <value>] [--user <value>] [-i <value>] [--openBrowser]
 
 FLAGS
   -h, --help          Show CLI help.
   -i, --id=<value>    The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
       --dest=<value>  [default: .] The directory you want your files to be copied to.
+      --openBrowser   Automatically open the browser without prompting for confirmation.
       --src=<value>   (required) The directory or file you would like to copy over SCP. Note we only support one file or
                       directory at a time.
       --user=<value>  [default: ssm-user] The user you want to run SCP over. Keep in mind not all users will have access
@@ -594,7 +600,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -602,11 +608,12 @@ Starts an SSH session to access a compute instance.
 
 ```
 USAGE
-  $ opal ssh start [-h] [-i <value>]
+  $ opal ssh start [-h] [-i <value>] [--openBrowser]
 
 FLAGS
-  -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -h, --help         Show CLI help.
+  -i, --id=<value>   The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+      --openBrowser  Automatically open the browser without prompting for confirmation.
 
 DESCRIPTION
   Starts an SSH session to access a compute instance.
@@ -617,7 +624,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -654,5 +661,5 @@ DESCRIPTION
   Describes current url set, organization name, and logged in user if applicable.
 ```
 
-_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/whoami.ts)_
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.2/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/build/commands/iam-roles/start.d.ts

@@ -5,6 +5,7 @@ export default class StartIAMRoleSession extends Command {
     static flags: {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         profileName: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;

package/build/commands/iam-roles/start.js

@@ -52,7 +52,7 @@ class StartIAMRoleSession extends Command {
         if (flags.profileName && flags.profileName !== "") {
             roleName = flags.profileName;
         }
-        const session = await createSession(this, roleId, DEFAULT_ACCESS_LEVEL, sessionId, IamSessionMetadataFragment);
+        const session = await createSession(this, roleId, DEFAULT_ACCESS_LEVEL, sessionId, IamSessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -80,6 +80,7 @@ StartIAMRoleSession.examples = [
 StartIAMRoleSession.flags = {
     help: SHARED_FLAGS.help,
     id: SHARED_FLAGS.id,
+    openBrowser: SHARED_FLAGS.openBrowser,
     profileName: Flags.string({
         multiple: false,
         description: "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",

package/build/commands/kube-roles/start.d.ts

@@ -6,6 +6,7 @@ export default class StartKubeIAMRoleSession extends Command {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         accessLevelRemoteId: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/build/commands/kube-roles/start.js

@@ -34,7 +34,7 @@ class StartKubeIAMRoleSession extends Command {
         if (!accessLevel) {
             return;
         }
-        const session = await createSession(this, clusterId, accessLevel, sessionId, EksSessionMetadataFragment);
+        const session = await createSession(this, clusterId, accessLevel, sessionId, EksSessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -65,5 +65,6 @@ StartKubeIAMRoleSession.flags = {
     help: SHARED_FLAGS.help,
     id: SHARED_FLAGS.id,
     accessLevelRemoteId: SHARED_FLAGS.accessLevelRemoteId,
+    openBrowser: SHARED_FLAGS.openBrowser,
 };
 export default StartKubeIAMRoleSession;

package/build/commands/login.d.ts

@@ -9,6 +9,7 @@ export default class Login extends Command {
     static flags: {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         email: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     static args: {};
     run(): Promise<void>;

package/build/commands/login.js

@@ -249,13 +249,15 @@ To continue, please authorize this application in your browser.
   • After authenticating, you should be redirected to a page that says Authentication Successful!
   • Never enter your credentials on suspicious-looking pages
 `);
-            await inquirer.prompt([
-                {
-                    type: "input",
-                    name: "continue",
-                    message: "Press Enter to open your browser and continue\n",
-                },
-            ]);
+            if (!flags.openBrowser) {
+                await inquirer.prompt([
+                    {
+                        type: "input",
+                        name: "continue",
+                        message: "Press Enter to open your browser and continue\n",
+                    },
+                ]);
+            }
             this.log(`
 If your browser doesn't automatically, go to:
 
@@ -330,6 +332,7 @@ Login.flags = {
         multiple: false,
         description: "Email address to login with.",
     }),
+    openBrowser: SHARED_FLAGS.openBrowser,
 };
 Login.args = {};
 export default Login;

package/build/commands/postgres-instances/start.d.ts

@@ -6,6 +6,7 @@ export default class StartPostgresInstanceSession extends Command {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         accessLevelRemoteId: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         action: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;

package/build/commands/postgres-instances/start.js

@@ -53,7 +53,7 @@ class StartPostgresInstanceSession extends Command {
         if (!accessLevel) {
             return;
         }
-        const session = await createSession(this, instanceId, accessLevel, sessionId, RdsSessionMetadataFragment);
+        const session = await createSession(this, instanceId, accessLevel, sessionId, RdsSessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -120,6 +120,7 @@ StartPostgresInstanceSession.flags = {
     help: SHARED_FLAGS.help,
     id: SHARED_FLAGS.id,
     accessLevelRemoteId: SHARED_FLAGS.accessLevelRemoteId,
+    openBrowser: SHARED_FLAGS.openBrowser,
     action: Flags.string({
         multiple: false,
         description: `Method of connecting to the database.\n${methodChoices.map((c) => `- ${c.value}: ${c.name}`).join("\n")}`,

package/build/commands/request/create.js

@@ -30,7 +30,6 @@ class RequestCreate extends Command {
                 // Step 1: Select first round of assets from an app
                 await selectRequestableItems(this, client, metadata.requestMap);
                 // Step 2: Display the selected items in a tree format
-                headerMessage(this);
                 treeifyRequestMap(this, metadata.requestMap);
                 // Step 3: Prompt to add more items, repeat 1-3 if needed
                 shouldProceed = await doneSelectingAssets();

package/build/commands/ssh/copyFrom.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         user: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/build/commands/ssh/copyFrom.js

@@ -25,7 +25,7 @@ class StartSCPSession extends Command {
             instanceId = selectedInstance.id;
             instanceName = selectedInstance.name;
         }
-        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
+        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -73,5 +73,6 @@ StartSCPSession.flags = {
         description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
     }),
     id: SHARED_FLAGS.id,
+    openBrowser: SHARED_FLAGS.openBrowser,
 };
 export default StartSCPSession;

package/build/commands/ssh/copyTo.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         user: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/build/commands/ssh/copyTo.js

@@ -25,7 +25,7 @@ class StartSCPSession extends Command {
             instanceId = selectedInstance.id;
             instanceName = selectedInstance.name;
         }
-        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
+        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -73,5 +73,6 @@ StartSCPSession.flags = {
         description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
     }),
     id: SHARED_FLAGS.id,
+    openBrowser: SHARED_FLAGS.openBrowser,
 };
 export default StartSCPSession;

package/build/commands/ssh/start.d.ts

@@ -6,6 +6,7 @@ export default class StartSSHSession extends Command {
     static flags: {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/build/commands/ssh/start.js

@@ -56,7 +56,7 @@ class StartSSHSession extends Command {
             }
             instanceName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || "ssh-instance";
         }
-        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
+        const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment, flags.openBrowser);
         if (!session) {
             return;
         }
@@ -86,6 +86,7 @@ StartSSHSession.examples = [
 StartSSHSession.flags = {
     help: SHARED_FLAGS.help,
     id: SHARED_FLAGS.id,
+    openBrowser: SHARED_FLAGS.openBrowser,
     // TODO: Unfortunately allowing SSM over SSH disables logging
     // user: flags.string({
     //   multiple: false,

package/build/hooks/init/version-check.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from "@oclif/core";
+declare const hook: Hook<"init">;
+export default hook;

package/build/hooks/init/version-check.js

@@ -0,0 +1,110 @@
+import http from "node:http";
+import https from "node:https";
+import chalk from "chalk";
+import { allowSelfSignedCertsKey, getOrCreateConfigData, urlKey, } from "../../lib/config.js";
+// Commands that should skip the version check (e.g., configuration commands)
+const SKIP_VERSION_CHECK_COMMANDS = [
+    "set-url",
+    "set-token",
+    "set-auth-config",
+    "version",
+    "help",
+    "autocomplete",
+];
+const hook = async (opts) => {
+    // Skip version check for certain commands
+    if (opts.id && SKIP_VERSION_CHECK_COMMANDS.includes(opts.id)) {
+        return;
+    }
+    try {
+        const configData = getOrCreateConfigData(opts.config.configDir);
+        const baseUrl = configData[urlKey];
+        const allowSelfSignedCerts = configData[allowSelfSignedCertsKey];
+        if (!baseUrl) {
+            return;
+        }
+        const cliVersion = opts.config.version;
+        const url = new URL("/api/cli/version-check", baseUrl);
+        url.searchParams.set("version", cliVersion);
+        const response = await fetchWithTimeout(url.toString(), {
+            method: "GET",
+            headers: {
+                "User-Agent": `Opal CLI v${cliVersion}`,
+            },
+        }, allowSelfSignedCerts, 5000);
+        if (!response.ok) {
+            // Silently fail on non-2xx responses - don't block the CLI
+            return;
+        }
+        const data = JSON.parse(response.body);
+        if (data.status === "ok") {
+            return;
+        }
+        // Display message based on status
+        const formattedMessage = formatMessage(data.status, data.message);
+        if (formattedMessage) {
+            process.stderr.write(`${formattedMessage}\n`);
+        }
+    }
+    catch (_a) {
+        // Silently fail on any errors (network issues, etc.) - don't block the CLI
+    }
+};
+function formatMessage(status, message) {
+    if (!message) {
+        return "";
+    }
+    switch (status) {
+        case "error":
+            return chalk.red(`❗ ${message}`);
+        case "warn":
+            return chalk.yellow(`⚠️  ${message}`);
+        case "info":
+            return chalk.blue(`ℹ️  ${message}`);
+        default:
+            return message;
+    }
+}
+function fetchWithTimeout(url, options, allowSelfSignedCerts, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const parsedUrl = new URL(url);
+        const isHttps = parsedUrl.protocol === "https:";
+        const lib = isHttps ? https : http;
+        const requestOptions = {
+            hostname: parsedUrl.hostname,
+            port: parsedUrl.port || (isHttps ? 443 : 80),
+            path: parsedUrl.pathname + parsedUrl.search,
+            method: options.method,
+            headers: options.headers,
+            timeout: timeoutMs,
+        };
+        if (isHttps) {
+            requestOptions.rejectUnauthorized =
+                !allowSelfSignedCerts;
+        }
+        const req = lib.request(requestOptions, (res) => {
+            let body = "";
+            res.on("data", (chunk) => {
+                body += chunk;
+            });
+            res.on("end", () => {
+                resolve({
+                    ok: res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode < 300,
+                    status: res.statusCode || 0,
+                    body,
+                });
+            });
+        });
+        req.on("error", reject);
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Request timed out"));
+        });
+        req.end();
+    });
+}
+export default hook;

package/build/lib/flags.d.ts

@@ -2,4 +2,5 @@ export declare const SHARED_FLAGS: {
     help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
     id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
     accessLevelRemoteId: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    openBrowser: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
 };

package/build/lib/flags.js

@@ -11,4 +11,8 @@ export const SHARED_FLAGS = {
         char: "a",
         description: "The remote ID of the access level with which to access the resource.",
     }),
+    openBrowser: Flags.boolean({
+        default: false,
+        description: "Automatically open the browser without prompting for confirmation.",
+    }),
 };

package/build/lib/mfa.d.ts

@@ -1,2 +1,2 @@
 import { type Command } from "@oclif/core";
-export declare const waitForMfa: (command: Command) => Promise<void>;
+export declare const waitForMfa: (command: Command, skipPrompt?: boolean) => Promise<void>;

package/build/lib/mfa.js

@@ -17,7 +17,7 @@ const getLastMfaAt = async (command) => {
     });
     return (_a = response.data) === null || _a === void 0 ? void 0 : _a.lastMfaAt;
 };
-export const waitForMfa = async (command) => {
+export const waitForMfa = async (command, skipPrompt = false) => {
     const configData = getOrCreateConfigData(command.config.configDir);
     const baseUrl = configData[urlKey];
     const url = `${baseUrl}/browser-mfa/begin`;
@@ -30,13 +30,15 @@ To continue, validate your identity:
 • Verify the URL starts with: ${url}
 • You should see the Opal logo and a device activation dialog
 `);
-    await inquirer.prompt([
-        {
-            type: "input",
-            name: "continue",
-            message: "Press Enter to open your browser and continue",
-        },
-    ]);
+    if (!skipPrompt) {
+        await inquirer.prompt([
+            {
+                type: "input",
+                name: "continue",
+                message: "Press Enter to open your browser and continue",
+            },
+        ]);
+    }
     console.log(`
 If your browser doesn't open automatically, go to:
 

package/build/lib/oidc.d.ts

@@ -1,3 +1,3 @@
 import { type Command } from "@oclif/core";
 import type { OidcProviderType } from "../graphql/graphql.js";
-export declare const waitForValidOidcToken: (command: Command, oidcProviderType: OidcProviderType) => Promise<void>;
+export declare const waitForValidOidcToken: (command: Command, oidcProviderType: OidcProviderType, skipPrompt?: boolean) => Promise<void>;

package/build/lib/oidc.js

@@ -20,7 +20,7 @@ const hasValidOidcToken = async (command, oidcProviderType) => {
     });
     return (_b = (_a = response.data) === null || _a === void 0 ? void 0 : _a.hasValidOidcToken) !== null && _b !== void 0 ? _b : false;
 };
-export const waitForValidOidcToken = async (command, oidcProviderType) => {
+export const waitForValidOidcToken = async (command, oidcProviderType, skipPrompt = false) => {
     const configData = getOrCreateConfigData(command.config.configDir);
     const baseUrl = configData[urlKey];
     const url = `${baseUrl}/browser-oidc/begin?oidc_provider_type=${oidcProviderType}`;
@@ -33,13 +33,15 @@ To continue, validate your identity with your AWS OIDC provider:
 • Verify the URL starts with: ${url}
 • You should see the Opal logo and a device activation dialog
 `);
-    await inquirer.prompt([
-        {
-            type: "input",
-            name: "continue",
-            message: "Press Enter to open your browser and continue",
-        },
-    ]);
+    if (!skipPrompt) {
+        await inquirer.prompt([
+            {
+                type: "input",
+                name: "continue",
+                message: "Press Enter to open your browser and continue",
+            },
+        ]);
+    }
     console.log(`
 If your browser doesn't open automatically, go to:
 

package/build/lib/request/displays.js

@@ -1,9 +1,14 @@
 import chalk from "chalk";
 import Table from "cli-table3";
 import { getAppTypeLabel, getAssetTypeLabel } from "../../labels.js";
-export function headerMessage(cmd) {
-    console.clear();
+function dividerLine(cmd, withNewline = false) {
+    if (withNewline) {
+        cmd.log();
+    }
     cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+}
+export function headerMessage(cmd) {
+    dividerLine(cmd);
     cmd.log("Opal Access Request ✏️");
     cmd.log("Press Ctrl+C to cancel at any time.\n");
 }
@@ -18,7 +23,7 @@ MongoDB Atlas Test [AppType]
     └── admin:test [Role]
 */
 export function treeifyRequestMap(cmd, requestMap) {
-    headerMessage(cmd);
+    cmd.log();
     for (const [_appId, appNode] of Object.entries(requestMap)) {
         // Print App title first (without tree lines)
         const appTypeLabel = appNode.appType
@@ -45,11 +50,9 @@ export function treeifyRequestMap(cmd, requestMap) {
     cmd.log();
 }
 export function displayFinalRequestSummary(cmd, metadata) {
-    console.clear();
-    cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+    dividerLine(cmd, true);
     cmd.log("Final Summary of Request ✏️");
     cmd.log("Press Ctrl+C to cancel at any time.\n");
-    cmd.log();
     treeifyRequestMap(cmd, metadata.requestMap);
     const durationInMinutes = metadata.durationInMinutes;
     cmd.log(`Duration: ${durationInMinutes ? formatDuration(durationInMinutes) : "Permanent"}`);

package/build/lib/resources.d.ts

@@ -1,5 +1,5 @@
 import type { Command } from "@oclif/core";
-import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../graphql/graphql.js";
+import type { ResourceAccessLevelInput } from "../graphql/graphql.js";
 export type ResourceInfo = {
     id: string;
     name: string;
@@ -11,4 +11,4 @@ export type AccessLevelInfo = {
 export declare const DEFAULT_ACCESS_LEVEL: ResourceAccessLevelInput;
 export declare const filterChoices: (input: string, choices: ResourceInfo[] | AccessLevelInfo[]) => ResourceInfo[];
 export declare const promptUserForResource: (command: Command, resourceType: string, message: string) => Promise<ResourceInfo | void>;
-export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<ResourceAccessLevel | void>;
+export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<ResourceAccessLevelInput | void>;

package/build/lib/resources.js

@@ -131,6 +131,5 @@ export const promptUserForAccessLevels = async (command, resourceId, instanceTyp
     return {
         accessLevelName: selectedAccessLevel.name,
         accessLevelRemoteId: selectedAccessLevel.id,
-        resourceId: resourceId,
     };
 };

package/build/lib/sessions.d.ts

@@ -1,4 +1,4 @@
 import type { Command } from "@oclif/core";
 import type { CreateSessionResult, ResourceAccessLevelInput, Session } from "../graphql/graphql.js";
-export declare const createSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string) => Promise<CreateSessionResult | undefined>;
+export declare const createSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string, skipBrowserPrompt?: boolean) => Promise<CreateSessionResult | undefined>;
 export declare const getSessionExpirationMessage: (session: Session) => string;

package/build/lib/sessions.js

@@ -37,7 +37,7 @@ mutation CreateSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!
   }
 }
 `;
-export const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment) => {
+export const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment, skipBrowserPrompt = false) => {
     var _a, _b, _c;
     const { resp, error } = await runMutation({
         command: command,
@@ -56,12 +56,12 @@ export const createSession = async (command, resourceId, accessLevel, sessionId,
             return (_c = resp.data) === null || _c === void 0 ? void 0 : _c.createSession;
         }
         case "MfaInvalidError": {
-            await waitForMfa(command);
-            return createSession(command, resourceId, accessLevel, sessionId, metadataFragment);
+            await waitForMfa(command, skipBrowserPrompt);
+            return createSession(command, resourceId, accessLevel, sessionId, metadataFragment, skipBrowserPrompt);
         }
         case "OidcIDTokenNotFoundError": {
-            await waitForValidOidcToken(command, OidcProviderType.AwsSession);
-            return createSession(command, resourceId, accessLevel, sessionId, metadataFragment);
+            await waitForValidOidcToken(command, OidcProviderType.AwsSession, skipBrowserPrompt);
+            return createSession(command, resourceId, accessLevel, sessionId, metadataFragment, skipBrowserPrompt);
         }
         default:
             return handleError(command, error, resp);

package/oclif.manifest.json

@@ -72,6 +72,12 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
         }
       },
       "hasDynamicHelp": false,
@@ -416,14 +422,14 @@
         "get.js"
       ]
     },
-    "iam-roles:start": {
+    "kube-roles:start": {
       "aliases": [],
       "args": {},
-      "description": "Starts a session to assume an IAM role.",
+      "description": "Starts a session to assume a Kubernetes cluster IAM role.",
       "examples": [
-        "opal iam-roles:start",
-        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
-        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""
+        "opal kube-roles:start",
+        "opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
+        "opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""
       ],
       "flags": {
         "help": {
@@ -441,17 +447,24 @@
           "multiple": false,
           "type": "option"
         },
-        "profileName": {
-          "description": "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
-          "name": "profileName",
+        "accessLevelRemoteId": {
+          "char": "a",
+          "description": "The remote ID of the access level with which to access the resource.",
+          "name": "accessLevelRemoteId",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
         }
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "iam-roles:start",
+      "id": "kube-roles:start",
       "pluginAlias": "opal-security",
       "pluginName": "opal-security",
       "pluginType": "core",
@@ -461,18 +474,18 @@
       "relativePath": [
         "build",
         "commands",
-        "iam-roles",
+        "kube-roles",
         "start.js"
       ]
     },
-    "kube-roles:start": {
+    "iam-roles:start": {
       "aliases": [],
       "args": {},
-      "description": "Starts a session to assume a Kubernetes cluster IAM role.",
+      "description": "Starts a session to assume an IAM role.",
       "examples": [
-        "opal kube-roles:start",
-        "opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
-        "opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""
+        "opal iam-roles:start",
+        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
+        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""
       ],
       "flags": {
         "help": {
@@ -490,10 +503,15 @@
           "multiple": false,
           "type": "option"
         },
-        "accessLevelRemoteId": {
-          "char": "a",
-          "description": "The remote ID of the access level with which to access the resource.",
-          "name": "accessLevelRemoteId",
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "profileName": {
+          "description": "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
+          "name": "profileName",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
@@ -501,7 +519,7 @@
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "kube-roles:start",
+      "id": "iam-roles:start",
       "pluginAlias": "opal-security",
       "pluginName": "opal-security",
       "pluginType": "core",
@@ -511,7 +529,7 @@
       "relativePath": [
         "build",
         "commands",
-        "kube-roles",
+        "iam-roles",
         "start.js"
       ]
     },
@@ -549,6 +567,12 @@
           "multiple": false,
           "type": "option"
         },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
+        },
         "action": {
           "description": "Method of connecting to the database.\n- open: Open external database app\n- psql: Start psql session in shell\n- view: View connection configuration details",
           "name": "action",
@@ -578,6 +602,46 @@
         "start.js"
       ]
     },
+    "resources:get": {
+      "aliases": [],
+      "args": {},
+      "description": "Get resource info for a particular resource.",
+      "examples": [
+        "opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"
+      ],
+      "flags": {
+        "help": {
+          "char": "h",
+          "description": "Show CLI help.",
+          "name": "help",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "id": {
+          "char": "i",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "name": "id",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "resources:get",
+      "pluginAlias": "opal-security",
+      "pluginName": "opal-security",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": true,
+      "relativePath": [
+        "build",
+        "commands",
+        "resources",
+        "get.js"
+      ]
+    },
     "request:create": {
       "aliases": [],
       "args": {},
@@ -755,46 +819,6 @@
         "list.js"
       ]
     },
-    "resources:get": {
-      "aliases": [],
-      "args": {},
-      "description": "Get resource info for a particular resource.",
-      "examples": [
-        "opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"
-      ],
-      "flags": {
-        "help": {
-          "char": "h",
-          "description": "Show CLI help.",
-          "name": "help",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "id": {
-          "char": "i",
-          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
-          "name": "id",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "resources:get",
-      "pluginAlias": "opal-security",
-      "pluginName": "opal-security",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": false,
-      "isESM": true,
-      "relativePath": [
-        "build",
-        "commands",
-        "resources",
-        "get.js"
-      ]
-    },
     "ssh:copyFrom": {
       "aliases": [],
       "args": {},
@@ -844,6 +868,12 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
         }
       },
       "hasDynamicHelp": false,
@@ -911,6 +941,12 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
         }
       },
       "hasDynamicHelp": false,
@@ -952,6 +988,12 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "openBrowser": {
+          "description": "Automatically open the browser without prompting for confirmation.",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
         }
       },
       "hasDynamicHelp": false,
@@ -971,5 +1013,5 @@
       ]
     }
   },
-  "version": "5.1.0"
+  "version": "5.1.2"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "5.1.0",
+  "version": "5.1.2",
   "type": "module",
   "author": "Opal Security",
   "bin": {
@@ -22,7 +22,7 @@
     "inquirer": "^9.3.8",
     "inquirer-autocomplete-prompt": "^3.0.1",
     "keychain": "^1.5.0",
-    "lodash": "^4.17.23",
+    "lodash": "^4.18.0",
     "moment": "^2.30.1",
     "node-fetch": "^2.6.7",
     "open": "^8.0.4",
@@ -54,7 +54,7 @@
     "get-graphql-schema": "^2.1.2",
     "nock": "^14.0.2",
     "nyc": "^15.1.0",
-    "oclif": "^4.8.0",
+    "oclif": "^4.22.87",
     "ts-node": "^8.10.2",
     "tsc-alias": "^1.8.16",
     "tsx": "^4.20.6",
@@ -83,6 +83,9 @@
       "@oclif/plugin-autocomplete",
       "@oclif/plugin-version"
     ],
+    "hooks": {
+      "init": "./build/hooks/init/version-check"
+    },
     "macos": {
       "identifier": "dev.opal.cli"
     },
@@ -105,5 +108,8 @@
     "get-gql-schema": "get-graphql-schema http://localhost:3000/query > schema.graphql && biome check --write schema.graphql",
     "dev": "tsx ./bin/dev"
   },
-  "types": "build/index.d.ts"
+  "types": "build/index.d.ts",
+  "overrides": {
+    "lodash": "^4.18.0"
+  }
 }