opensteer 0.6.1 → 0.6.2

package/dist/cli/auth.js

@@ -4,7 +4,7 @@ import {
   isCloudModeEnabledForRootDir,
   parseOpensteerAuthArgs,
   runOpensteerAuthCli
-} from "../chunk-3FNI7JUU.js";
+} from "../chunk-7RMY26CM.js";
 import "../chunk-WDRMHPWL.js";
 export {
   ensureCloudCredentialsForCommand,

package/dist/cli/profile.cjs

@@ -14779,13 +14779,10 @@ var import_node_crypto2 = require("crypto");
 var import_node_fs2 = __toESM(require("fs"), 1);
 var import_node_os2 = __toESM(require("os"), 1);
 var import_node_path2 = __toESM(require("path"), 1);
-var METADATA_VERSION = 1;
-var ACTIVE_TARGET_VERSION = 1;
+var METADATA_VERSION = 2;
+var ACTIVE_TARGET_VERSION = 2;
 var KEYCHAIN_SERVICE = "com.opensteer.cli.cloud";
 var KEYCHAIN_ACCOUNT_PREFIX = "machine:";
-var LEGACY_KEYCHAIN_ACCOUNT = "machine";
-var LEGACY_METADATA_FILE_NAME = "cli-login.json";
-var LEGACY_FALLBACK_SECRET_FILE_NAME = "cli-login.secret.json";
 var ACTIVE_TARGET_FILE_NAME = "cli-target.json";
 var MachineCredentialStore = class {
   authDir;
@@ -14800,8 +14797,11 @@ var MachineCredentialStore = class {
     this.warn = options.warn ?? (() => void 0);
   }
   readCloudCredential(target) {
-    const slot = resolveCredentialSlot(this.authDir, target);
-    return this.readCredentialSlot(slot, target) ?? this.readAndMigrateLegacyCredential(target);
+    const normalizedTarget = normalizeCloudCredentialTarget(target);
+    return this.readCredentialSlot(
+      resolveCredentialSlot(this.authDir, normalizedTarget),
+      normalizedTarget
+    );
   }
   writeCloudCredential(args) {
     const accessToken = args.accessToken.trim();
@@ -14809,12 +14809,8 @@ var MachineCredentialStore = class {
     if (!accessToken || !refreshToken2) {
       throw new Error("Cannot persist empty machine credential secrets.");
     }
-    const baseUrl = normalizeCredentialUrl(args.baseUrl, "baseUrl");
-    const siteUrl = normalizeCredentialUrl(args.siteUrl, "siteUrl");
-    const slot = resolveCredentialSlot(this.authDir, {
-      baseUrl,
-      siteUrl
-    });
+    const baseUrl = normalizeCredentialUrl(args.baseUrl);
+    const slot = resolveCredentialSlot(this.authDir, { baseUrl });
     ensureDirectory(this.authDir);
     const secretPayload = {
       accessToken,
@@ -14841,7 +14837,6 @@ var MachineCredentialStore = class {
       version: METADATA_VERSION,
       secretBackend,
       baseUrl,
-      siteUrl,
       scope: args.scope,
       obtainedAt: args.obtainedAt,
       expiresAt: args.expiresAt,
@@ -14853,23 +14848,18 @@ var MachineCredentialStore = class {
     return readActiveCloudTargetMetadata(resolveActiveTargetPath(this.authDir));
   }
   writeActiveCloudTarget(target) {
-    const baseUrl = normalizeCredentialUrl(target.baseUrl, "baseUrl");
-    const siteUrl = normalizeCredentialUrl(target.siteUrl, "siteUrl");
+    const baseUrl = normalizeCredentialUrl(target.baseUrl);
     ensureDirectory(this.authDir);
     writeJsonFile(resolveActiveTargetPath(this.authDir), {
       version: ACTIVE_TARGET_VERSION,
       baseUrl,
-      siteUrl,
       updatedAt: Date.now()
     });
   }
   clearCloudCredential(target) {
-    this.clearCredentialSlot(resolveCredentialSlot(this.authDir, target));
-    const legacySlot = resolveLegacyCredentialSlot(this.authDir);
-    const legacyMetadata = readMetadata(legacySlot.metadataPath);
-    if (legacyMetadata && matchesCredentialTarget(legacyMetadata, target)) {
-      this.clearCredentialSlot(legacySlot);
-    }
+    this.clearCredentialSlot(
+      resolveCredentialSlot(this.authDir, normalizeCloudCredentialTarget(target))
+    );
   }
   readCredentialSlot(slot, target) {
     const metadata = readMetadata(slot.metadataPath);
@@ -14885,7 +14875,6 @@ var MachineCredentialStore = class {
     }
     return {
       baseUrl: metadata.baseUrl,
-      siteUrl: metadata.siteUrl,
       scope: metadata.scope,
       accessToken: secret.accessToken,
       refreshToken: secret.refreshToken,
@@ -14893,16 +14882,6 @@ var MachineCredentialStore = class {
       expiresAt: metadata.expiresAt
     };
   }
-  readAndMigrateLegacyCredential(target) {
-    const legacySlot = resolveLegacyCredentialSlot(this.authDir);
-    const legacyCredential = this.readCredentialSlot(legacySlot, target);
-    if (!legacyCredential) {
-      return null;
-    }
-    this.writeCloudCredential(legacyCredential);
-    this.clearCredentialSlot(legacySlot);
-    return legacyCredential;
-  }
   readSecret(slot, backend) {
     if (backend === "keychain" && this.keychain) {
       try {
@@ -14943,9 +14922,8 @@ function createMachineCredentialStore(options = {}) {
   return new MachineCredentialStore(options);
 }
 function resolveCredentialSlot(authDir, target) {
-  const normalizedBaseUrl = normalizeCredentialUrl(target.baseUrl, "baseUrl");
-  const normalizedSiteUrl = normalizeCredentialUrl(target.siteUrl, "siteUrl");
-  const storageKey = (0, import_node_crypto2.createHash)("sha256").update(`${normalizedBaseUrl}\0${normalizedSiteUrl}`).digest("hex").slice(0, 24);
+  const normalizedBaseUrl = normalizeCredentialUrl(target.baseUrl);
+  const storageKey = (0, import_node_crypto2.createHash)("sha256").update(normalizedBaseUrl).digest("hex").slice(0, 24);
   return {
     keychainAccount: `${KEYCHAIN_ACCOUNT_PREFIX}${storageKey}`,
     metadataPath: import_node_path2.default.join(authDir, `cli-login.${storageKey}.json`),
@@ -14955,26 +14933,24 @@ function resolveCredentialSlot(authDir, target) {
     )
   };
 }
-function resolveLegacyCredentialSlot(authDir) {
-  return {
-    keychainAccount: LEGACY_KEYCHAIN_ACCOUNT,
-    metadataPath: import_node_path2.default.join(authDir, LEGACY_METADATA_FILE_NAME),
-    fallbackSecretPath: import_node_path2.default.join(authDir, LEGACY_FALLBACK_SECRET_FILE_NAME)
-  };
-}
 function resolveActiveTargetPath(authDir) {
   return import_node_path2.default.join(authDir, ACTIVE_TARGET_FILE_NAME);
 }
 function matchesCredentialTarget(value, target) {
-  return normalizeCredentialUrl(value.baseUrl, "baseUrl") === normalizeCredentialUrl(target.baseUrl, "baseUrl") && normalizeCredentialUrl(value.siteUrl, "siteUrl") === normalizeCredentialUrl(target.siteUrl, "siteUrl");
+  return normalizeCredentialUrl(value.baseUrl) === normalizeCredentialUrl(target.baseUrl);
 }
-function normalizeCredentialUrl(value, field) {
+function normalizeCredentialUrl(value) {
   const normalized = stripTrailingSlashes(value.trim());
   if (!normalized) {
-    throw new Error(`Cannot persist machine credential without ${field}.`);
+    throw new Error("Cannot persist machine credential without baseUrl.");
   }
   return normalized;
 }
+function normalizeCloudCredentialTarget(target) {
+  return {
+    baseUrl: normalizeCredentialUrl(target.baseUrl)
+  };
+}
 function resolveConfigDir(appName, env) {
   if (process.platform === "win32") {
     const appData = env.APPDATA?.trim() || import_node_path2.default.join(import_node_os2.default.homedir(), "AppData", "Roaming");
@@ -15013,7 +14989,6 @@ function readMetadata(filePath) {
       return null;
     }
     if (typeof parsed.baseUrl !== "string" || !parsed.baseUrl.trim()) return null;
-    if (typeof parsed.siteUrl !== "string" || !parsed.siteUrl.trim()) return null;
     if (!Array.isArray(parsed.scope)) return null;
     if (typeof parsed.obtainedAt !== "number") return null;
     if (typeof parsed.expiresAt !== "number") return null;
@@ -15022,7 +14997,6 @@ function readMetadata(filePath) {
       version: parsed.version,
       secretBackend: parsed.secretBackend,
       baseUrl: parsed.baseUrl,
-      siteUrl: parsed.siteUrl,
       scope: parsed.scope.filter(
         (value) => typeof value === "string"
       ),
@@ -15047,12 +15021,8 @@ function readActiveCloudTargetMetadata(filePath) {
     if (typeof parsed.baseUrl !== "string" || !parsed.baseUrl.trim()) {
       return null;
     }
-    if (typeof parsed.siteUrl !== "string" || !parsed.siteUrl.trim()) {
-      return null;
-    }
     return {
-      baseUrl: parsed.baseUrl,
-      siteUrl: parsed.siteUrl
+      baseUrl: parsed.baseUrl
     };
   } catch {
     return null;
@@ -15077,14 +15047,13 @@ function readSecretFile(filePath) {
     return null;
   }
   try {
-    const raw = import_node_fs2.default.readFileSync(filePath, "utf8");
-    return parseSecretPayload(raw);
+    return parseSecretPayload(import_node_fs2.default.readFileSync(filePath, "utf8"));
   } catch {
     return null;
   }
 }
-function writeJsonFile(filePath, payload, options = {}) {
-  import_node_fs2.default.writeFileSync(filePath, JSON.stringify(payload, null, 2), {
+function writeJsonFile(filePath, value, options = {}) {
+  import_node_fs2.default.writeFileSync(filePath, JSON.stringify(value, null, 2), {
     encoding: "utf8",
     mode: options.mode ?? 384
   });
@@ -15104,6 +15073,8 @@ var CliAuthHttpError = class extends Error {
     this.body = body;
   }
 };
+var DEFAULT_AUTH_SITE_URL = "https://opensteer.com";
+var INTERNAL_AUTH_SITE_URL_ENV = "OPENSTEER_INTERNAL_AUTH_SITE_URL";
 function resolveBaseUrl(provided, env) {
   const baseUrl = normalizeCloudBaseUrl(
     (provided || env.OPENSTEER_BASE_URL || DEFAULT_CLOUD_BASE_URL).trim()
@@ -15111,16 +15082,19 @@ function resolveBaseUrl(provided, env) {
   assertSecureUrl(baseUrl, "--base-url");
   return baseUrl;
 }
-function resolveSiteUrl(provided, baseUrl, env) {
-  const siteUrl = normalizeCloudBaseUrl(
-    (provided || env.OPENSTEER_CLOUD_SITE_URL || deriveSiteUrlFromBaseUrl(baseUrl)).trim()
+function resolveAuthSiteUrl(env) {
+  const authSiteUrl = normalizeCloudBaseUrl(
+    (env[INTERNAL_AUTH_SITE_URL_ENV] || DEFAULT_AUTH_SITE_URL).trim()
+  );
+  assertSecureUrl(
+    authSiteUrl,
+    `environment variable ${INTERNAL_AUTH_SITE_URL_ENV}`
   );
-  assertSecureUrl(siteUrl, "--site-url");
-  return siteUrl;
+  return authSiteUrl;
 }
-function hasExplicitCloudTargetSelection(providedBaseUrl, providedSiteUrl, env) {
+function hasExplicitCloudTargetSelection(providedBaseUrl, env) {
   return Boolean(
-    providedBaseUrl?.trim() || providedSiteUrl?.trim() || env.OPENSTEER_BASE_URL?.trim() || env.OPENSTEER_CLOUD_SITE_URL?.trim()
+    providedBaseUrl?.trim() || env.OPENSTEER_BASE_URL?.trim()
   );
 }
 function readRememberedCloudTarget(store) {
@@ -15130,57 +15104,21 @@ function readRememberedCloudTarget(store) {
   }
   try {
     const baseUrl = normalizeCloudBaseUrl(activeTarget.baseUrl);
-    const siteUrl = normalizeCloudBaseUrl(activeTarget.siteUrl);
     assertSecureUrl(baseUrl, "--base-url");
-    assertSecureUrl(siteUrl, "--site-url");
-    return {
-      baseUrl,
-      siteUrl
-    };
+    return { baseUrl };
   } catch {
     return null;
   }
 }
-function resolveCloudTarget(args, env, store) {
-  if (!hasExplicitCloudTargetSelection(args.baseUrl, args.siteUrl, env)) {
+function resolveCloudTarget(args, env, store, options = {}) {
+  if (options.allowRememberedTarget !== false && !hasExplicitCloudTargetSelection(args.baseUrl, env)) {
     const rememberedTarget = readRememberedCloudTarget(store);
     if (rememberedTarget) {
       return rememberedTarget;
     }
   }
   const baseUrl = resolveBaseUrl(args.baseUrl, env);
-  const siteUrl = resolveSiteUrl(args.siteUrl, baseUrl, env);
-  return {
-    baseUrl,
-    siteUrl
-  };
-}
-function deriveSiteUrlFromBaseUrl(baseUrl) {
-  let parsed;
-  try {
-    parsed = new URL(baseUrl);
-  } catch {
-    return "https://opensteer.com";
-  }
-  const hostname = parsed.hostname.toLowerCase();
-  if (hostname.startsWith("api.")) {
-    parsed.hostname = hostname.slice("api.".length);
-    parsed.pathname = "";
-    parsed.search = "";
-    parsed.hash = "";
-    return normalizeCloudBaseUrl(parsed.toString());
-  }
-  if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") {
-    parsed.port = "3001";
-    parsed.pathname = "";
-    parsed.search = "";
-    parsed.hash = "";
-    return normalizeCloudBaseUrl(parsed.toString());
-  }
-  parsed.pathname = "";
-  parsed.search = "";
-  parsed.hash = "";
-  return normalizeCloudBaseUrl(parsed.toString());
+  return { baseUrl };
 }
 function assertSecureUrl(value, flag) {
   let parsed;
@@ -15255,10 +15193,10 @@ function parseCliOauthError(error) {
     interval: typeof root.interval === "number" ? root.interval : void 0
   };
 }
-async function startDeviceAuthorization(siteUrl, fetchFn) {
+async function startDeviceAuthorization(authSiteUrl, fetchFn) {
   const response = await postJson(
     fetchFn,
-    `${siteUrl}/api/cli-auth/device/start`,
+    `${authSiteUrl}/api/cli-auth/device/start`,
     {
       scope: ["cloud:browser"]
     }
@@ -15268,18 +15206,18 @@ async function startDeviceAuthorization(siteUrl, fetchFn) {
   }
   return response;
 }
-async function pollDeviceToken(siteUrl, deviceCode, fetchFn) {
+async function pollDeviceToken(authSiteUrl, deviceCode, fetchFn) {
   return await postJson(
     fetchFn,
-    `${siteUrl}/api/cli-auth/device/token`,
+    `${authSiteUrl}/api/cli-auth/device/token`,
     {
       grant_type: "urn:ietf:params:oauth:grant-type:device_code",
       device_code: deviceCode
     }
   );
 }
-async function refreshToken(siteUrl, refreshTokenValue, fetchFn) {
-  return await postJson(fetchFn, `${siteUrl}/api/cli-auth/token`, {
+async function refreshToken(authSiteUrl, refreshTokenValue, fetchFn) {
+  return await postJson(fetchFn, `${authSiteUrl}/api/cli-auth/token`, {
     grant_type: "refresh_token",
     refresh_token: refreshTokenValue
   });
@@ -15297,7 +15235,7 @@ async function openDefaultBrowser(url) {
   }
 }
 async function runDeviceLoginFlow(args) {
-  const start = await startDeviceAuthorization(args.siteUrl, args.fetchFn);
+  const start = await startDeviceAuthorization(args.authSiteUrl, args.fetchFn);
   if (args.openBrowser) {
     args.writeProgress(
       "Opening your default browser for Opensteer CLI authentication.\n"
@@ -15342,7 +15280,7 @@ ${start.verification_uri_complete}
     await args.sleep(pollIntervalMs);
     try {
       const tokenPayload = await pollDeviceToken(
-        args.siteUrl,
+        args.authSiteUrl,
         start.device_code,
         args.fetchFn
       );
@@ -15390,7 +15328,7 @@ ${start.verification_uri_complete}
 }
 async function refreshSavedCredential(saved, deps) {
   const tokenPayload = await refreshToken(
-    saved.siteUrl,
+    resolveAuthSiteUrl(deps.env),
     saved.refreshToken,
     deps.fetchFn
   );
@@ -15403,7 +15341,6 @@ async function refreshSavedCredential(saved, deps) {
   };
   deps.store.writeCloudCredential({
     baseUrl: saved.baseUrl,
-    siteUrl: saved.siteUrl,
     scope: updated.scope,
     accessToken: updated.accessToken,
     refreshToken: updated.refreshToken,
@@ -15432,8 +15369,7 @@ async function ensureSavedCredentialIsFresh(saved, deps) {
       const oauth = parseCliOauthError(error.body);
       if (oauth?.error === "invalid_grant" || oauth?.error === "expired_token") {
         deps.store.clearCloudCredential({
-          baseUrl: saved.baseUrl,
-          siteUrl: saved.siteUrl
+          baseUrl: saved.baseUrl
         });
         return null;
       }
@@ -15468,7 +15404,7 @@ async function ensureCloudCredentialsForCommand(options) {
 `);
     }
   });
-  const { baseUrl, siteUrl } = resolveCloudTarget(options, env, store);
+  const { baseUrl } = resolveCloudTarget(options, env, store);
   const initialCredential = resolveCloudCredential({
     env,
     apiKeyFlag: options.apiKeyFlag,
@@ -15476,11 +15412,9 @@ async function ensureCloudCredentialsForCommand(options) {
   });
   let credential = initialCredential;
   if (!credential) {
-    const saved = store.readCloudCredential({
-      baseUrl,
-      siteUrl
-    });
+    const saved = store.readCloudCredential({ baseUrl });
     const freshSaved = saved ? await ensureSavedCredentialIsFresh(saved, {
+      env,
       fetchFn,
       store,
       now,
@@ -15498,7 +15432,7 @@ async function ensureCloudCredentialsForCommand(options) {
   if (!credential) {
     if (options.autoLoginIfNeeded && (options.interactive ?? false)) {
       const loggedIn = await runDeviceLoginFlow({
-        siteUrl,
+        authSiteUrl: resolveAuthSiteUrl(env),
         fetchFn,
         writeProgress,
         openExternalUrl,
@@ -15508,7 +15442,6 @@ async function ensureCloudCredentialsForCommand(options) {
       });
       store.writeCloudCredential({
         baseUrl,
-        siteUrl,
         scope: loggedIn.scope,
         accessToken: loggedIn.accessToken,
         refreshToken: loggedIn.refreshToken,
@@ -15526,20 +15459,15 @@ async function ensureCloudCredentialsForCommand(options) {
       throw new Error(toAuthMissingMessage(options.commandName));
     }
   }
-  store.writeActiveCloudTarget({
-    baseUrl,
-    siteUrl
-  });
+  store.writeActiveCloudTarget({ baseUrl });
   applyCloudCredentialToEnv(env, credential);
   env.OPENSTEER_BASE_URL = baseUrl;
-  env.OPENSTEER_CLOUD_SITE_URL = siteUrl;
   return {
     token: credential.token,
     authScheme: credential.authScheme,
     source: credential.source,
     kind: credential.kind,
-    baseUrl,
-    siteUrl
+    baseUrl
   };
 }
 
@@ -15557,7 +15485,6 @@ Cloud auth options (all commands):
   --api-key <key>           Cloud API key (defaults to OPENSTEER_API_KEY)
   --access-token <token>    Cloud bearer access token (defaults to OPENSTEER_ACCESS_TOKEN)
   --base-url <url>          Cloud API base URL (defaults to env or the last selected host)
-  --site-url <url>          Cloud site URL for login/refresh/revoke flows
   --auth-scheme <scheme>    api-key (default) or bearer
   --json                    JSON output (progress logs go to stderr)
 
@@ -15644,13 +15571,6 @@ function parseListArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -15743,13 +15663,6 @@ function parseCreateArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -15868,13 +15781,6 @@ function parseSyncArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -15965,7 +15871,6 @@ async function buildCloudAuthContext(args, deps) {
     apiKeyFlag: args.apiKey,
     accessTokenFlag: args.accessToken,
     baseUrl: args.baseUrl,
-    siteUrl: args.siteUrl,
     interactive: deps.isInteractive(),
     autoLoginIfNeeded: true,
     writeProgress: args.json ? deps.writeStderr : deps.writeStdout,
@@ -15987,7 +15892,6 @@ async function buildCloudAuthContext(args, deps) {
   return {
     token: ensured.token,
     baseUrl: ensured.baseUrl,
-    siteUrl: ensured.siteUrl,
     authScheme: ensured.authScheme,
     kind: ensured.kind,
     source: ensured.source

package/dist/cli/profile.d.cts

@@ -21,7 +21,6 @@ interface ProfileCommonCloudArgs {
     apiKey?: string;
     accessToken?: string;
     baseUrl?: string;
-    siteUrl?: string;
     authScheme?: OpensteerAuthScheme;
     json?: boolean;
 }
@@ -46,7 +45,6 @@ interface ProfileSyncArgs extends ProfileCommonCloudArgs {
 interface CloudAuthContext {
     token: string;
     baseUrl: string;
-    siteUrl: string;
     authScheme: OpensteerAuthScheme;
     kind: 'api-key' | 'access-token';
     source: 'flag' | 'env' | 'saved';

package/dist/cli/profile.d.ts

@@ -21,7 +21,6 @@ interface ProfileCommonCloudArgs {
     apiKey?: string;
     accessToken?: string;
     baseUrl?: string;
-    siteUrl?: string;
     authScheme?: OpensteerAuthScheme;
     json?: boolean;
 }
@@ -46,7 +45,6 @@ interface ProfileSyncArgs extends ProfileCommonCloudArgs {
 interface CloudAuthContext {
     token: string;
     baseUrl: string;
-    siteUrl: string;
     authScheme: OpensteerAuthScheme;
     kind: 'api-key' | 'access-token';
     source: 'flag' | 'env' | 'saved';

package/dist/cli/profile.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-WJI7TGBQ.js";
 import {
   ensureCloudCredentialsForCommand
-} from "../chunk-3FNI7JUU.js";
+} from "../chunk-7RMY26CM.js";
 import {
   Opensteer,
   expandHome,
@@ -130,7 +130,6 @@ Cloud auth options (all commands):
   --api-key <key>           Cloud API key (defaults to OPENSTEER_API_KEY)
   --access-token <token>    Cloud bearer access token (defaults to OPENSTEER_ACCESS_TOKEN)
   --base-url <url>          Cloud API base URL (defaults to env or the last selected host)
-  --site-url <url>          Cloud site URL for login/refresh/revoke flows
   --auth-scheme <scheme>    api-key (default) or bearer
   --json                    JSON output (progress logs go to stderr)
 
@@ -217,13 +216,6 @@ function parseListArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -316,13 +308,6 @@ function parseCreateArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -441,13 +426,6 @@ function parseSyncArgs(rawArgs) {
       i = value.nextIndex;
       continue;
     }
-    if (arg === "--site-url") {
-      const value = readFlagValue(rawArgs, i, "--site-url");
-      if (!value.ok) return { mode: "error", error: value.error };
-      args.siteUrl = value.value;
-      i = value.nextIndex;
-      continue;
-    }
     if (arg === "--auth-scheme") {
       const value = readFlagValue(rawArgs, i, "--auth-scheme");
       if (!value.ok) return { mode: "error", error: value.error };
@@ -538,7 +516,6 @@ async function buildCloudAuthContext(args, deps) {
     apiKeyFlag: args.apiKey,
     accessTokenFlag: args.accessToken,
     baseUrl: args.baseUrl,
-    siteUrl: args.siteUrl,
     interactive: deps.isInteractive(),
     autoLoginIfNeeded: true,
     writeProgress: args.json ? deps.writeStderr : deps.writeStdout,
@@ -560,7 +537,6 @@ async function buildCloudAuthContext(args, deps) {
   return {
     token: ensured.token,
     baseUrl: ensured.baseUrl,
-    siteUrl: ensured.siteUrl,
     authScheme: ensured.authScheme,
     kind: ensured.kind,
     source: ensured.source

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opensteer",
-  "version": "0.6.1",
+  "version": "0.6.2",
   "description": "Open-source browser automation SDK and CLI that lets AI agents build complex scrapers directly in your codebase.",
   "license": "MIT",
   "type": "module",