opkg 0.9.2 → 0.9.4

package/packages/cli/dist/login-JWCSTAEU.js

@@ -0,0 +1,150 @@
+#!/usr/bin/env node
+import {
+  getCurrentUsername
+} from "./chunk-EGAP6GNA.js";
+import {
+  createHttpClient
+} from "./chunk-ATYT3SA6.js";
+import {
+  authManager
+} from "./chunk-UR6VJWA3.js";
+import {
+  profileManager
+} from "./chunk-S6OARUVQ.js";
+import "./chunk-PXL2RUMX.js";
+import {
+  createCliExecutionContext,
+  resolveOutput
+} from "./chunk-RAKMX654.js";
+import "./chunk-XEPVYZO3.js";
+import "./chunk-VN22A7NW.js";
+import "./chunk-J4IFFBLP.js";
+import "./chunk-S47F4OG4.js";
+import {
+  UserCancellationError
+} from "./chunk-ID4SVDQZ.js";
+import {
+  logger
+} from "./chunk-5EFWGD33.js";
+
+// ../core/src/core/device-auth.ts
+import { spawn } from "child_process";
+var POLL_SLOWDOWN_SECONDS = 5;
+async function startDeviceAuthorization() {
+  let response = await (await createHttpClient()).post(
+    "/auth/device/authorize",
+    { clientId: "opkg-cli", scope: "openid", deviceName: "opkg-cli" },
+    { headers: { "Content-Type": "application/json" }, skipAuth: !0, timeout: 3e4 }
+  );
+  return {
+    deviceCode: response.device_code,
+    userCode: response.user_code,
+    verificationUri: response.verification_uri,
+    verificationUriComplete: response.verification_uri_complete,
+    expiresIn: response.expires_in,
+    interval: response.interval
+  };
+}
+async function pollForDeviceToken(params) {
+  let client = await createHttpClient(), expiresAt = Date.now() + params.expiresInSeconds * 1e3, intervalMs = params.intervalSeconds * 1e3;
+  for (; Date.now() < expiresAt; ) {
+    if (params.signal?.aborted)
+      throw new Error("Login cancelled.");
+    try {
+      let tokenResponse = await client.post(
+        "/auth/device/token",
+        { deviceCode: params.deviceCode },
+        { headers: { "Content-Type": "application/json" }, skipAuth: !0, timeout: 3e4 }
+      );
+      return {
+        apiKey: tokenResponse.apiKey,
+        keyPrefix: tokenResponse.keyPrefix,
+        expiresAt: tokenResponse.expiresAt,
+        userId: tokenResponse.userId,
+        username: tokenResponse.username
+      };
+    } catch (error) {
+      let code = error?.apiError?.error || "authorization_pending";
+      if (code !== "authorization_pending")
+        if (code === "slow_down")
+          intervalMs += POLL_SLOWDOWN_SECONDS * 1e3;
+        else throw code === "expired_token" ? new Error('Device code expired. Please run "opkg login" again.') : code === "access_denied" ? new Error("Access denied. Please restart the login flow.") : error;
+    }
+    await wait(intervalMs, params.signal);
+  }
+  throw new Error('Device code expired. Please run "opkg login" again.');
+}
+async function persistTokens(profileName, tokens) {
+  await profileManager.setProfileCredentials(profileName, { api_key: tokens.apiKey });
+}
+function openBrowser(url) {
+  let platform = process.platform, command = "";
+  platform === "darwin" ? command = "open" : platform === "win32" ? command = "start" : command = "xdg-open";
+  try {
+    spawn(command, [url], { stdio: "ignore", detached: !0 }).unref();
+  } catch (error) {
+    logger.debug("Failed to open browser automatically", { error, url });
+  }
+}
+function wait(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+      reject(new Error("Login cancelled."));
+      return;
+    }
+    let timer = setTimeout(resolve, ms), onAbort = () => {
+      clearTimeout(timer), reject(new Error("Login cancelled."));
+    };
+    signal?.addEventListener("abort", onAbort, { once: !0 });
+  });
+}
+
+// src/commands/login.ts
+async function setupLoginCommand(args) {
+  let [options] = args, ctx = await createCliExecutionContext(), out = resolveOutput(ctx), profileName = authManager.getCurrentProfile({
+    profile: options.profile
+  });
+  out.info(`Using profile: ${profileName}`);
+  let authorization = await startDeviceAuthorization();
+  out.info(`A browser will open for you to confirm sign-in.
+
+User code: ${authorization.userCode}
+Verification URL: ${authorization.verificationUri}`), out.info("If the browser does not open, visit the URL and enter the code above."), openBrowser(authorization.verificationUriComplete);
+  let abortController = new AbortController(), cleanupKeyListener = setupCancelListener(abortController);
+  try {
+    let tokens = await pollForDeviceToken({
+      deviceCode: authorization.deviceCode,
+      intervalSeconds: authorization.interval,
+      expiresInSeconds: authorization.expiresIn,
+      signal: abortController.signal
+    });
+    cleanupKeyListener(), await persistTokens(profileName, tokens);
+    let username = tokens.username ?? await resolveUsername(tokens.apiKey);
+    username ? (await profileManager.setProfileDefaultScope(profileName, `@${username}`), out.success(`Default scope set to @${username} for profile "${profileName}".`)) : logger.debug("Could not derive username from API key; default scope not set"), out.success("Login successful."), out.success(`API key stored for profile "${profileName}".`);
+  } catch (error) {
+    throw cleanupKeyListener(), abortController.signal.aborted ? (out.warn("Operation cancelled."), new UserCancellationError("Operation cancelled by user")) : (logger.debug("Device login failed", { error }), error);
+  }
+}
+function setupCancelListener(abortController) {
+  let stdin = process.stdin, wasRaw = stdin.isRaw, wasListening = stdin.listenerCount("data") > 0;
+  stdin.isTTY && (stdin.setRawMode(!0), stdin.resume());
+  let onData = (data) => {
+    let key = data.toString();
+    (key === "\x1B" || key === "") && abortController.abort();
+  };
+  return stdin.on("data", onData), () => {
+    stdin.off("data", onData), stdin.isTTY && (stdin.setRawMode(wasRaw ?? !1), wasListening || stdin.pause());
+  };
+}
+async function resolveUsername(apiKey) {
+  try {
+    return await getCurrentUsername({ apiKey });
+  } catch (error) {
+    logger.debug("Unable to resolve username from API key", { error });
+    return;
+  }
+}
+export {
+  setupLoginCommand
+};
+//# sourceMappingURL=login-JWCSTAEU.js.map

package/packages/cli/dist/login-JWCSTAEU.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../core/src/core/device-auth.ts", "../src/commands/login.ts"],
+  "sourcesContent": ["import { spawn } from 'child_process';\nimport { logger } from '../utils/logger.js';\nimport { createHttpClient } from './http-client.js';\nimport { profileManager } from './profiles.js';\n\nexport type DeviceAuthorizationStart = {\n\tdeviceCode: string;\n\tuserCode: string;\n\tverificationUri: string;\n\tverificationUriComplete: string;\n\texpiresIn: number;\n\tinterval: number;\n};\n\nexport type DeviceTokenResult = {\n\tapiKey: string;\n\tkeyPrefix?: string;\n\texpiresAt?: string;\n\tuserId: string;\n\tusername?: string;\n};\n\nconst POLL_SLOWDOWN_SECONDS = 5;\n\nexport async function startDeviceAuthorization(): Promise<DeviceAuthorizationStart> {\n\tconst client = await createHttpClient();\n\tconst response = await client.post<{\n\t\tdevice_code: string;\n\t\tuser_code: string;\n\t\tverification_uri: string;\n\t\tverification_uri_complete: string;\n\t\texpires_in: number;\n\t\tinterval: number;\n\t}>(\n\t\t'/auth/device/authorize',\n\t\t{ clientId: 'opkg-cli', scope: 'openid', deviceName: 'opkg-cli' },\n\t\t{ headers: { 'Content-Type': 'application/json' }, skipAuth: true, timeout: 30000 }\n\t);\n\n\treturn {\n\t\tdeviceCode: response.device_code,\n\t\tuserCode: response.user_code,\n\t\tverificationUri: response.verification_uri,\n\t\tverificationUriComplete: response.verification_uri_complete,\n\t\texpiresIn: response.expires_in,\n\t\tinterval: response.interval,\n\t};\n}\n\nexport async function pollForDeviceToken(params: {\n\tdeviceCode: string;\n\tintervalSeconds: number;\n\texpiresInSeconds: number;\n\tsignal?: AbortSignal;\n}): Promise<DeviceTokenResult> {\n\tconst client = await createHttpClient();\n\tconst expiresAt = Date.now() + params.expiresInSeconds * 1000;\n\tlet intervalMs = params.intervalSeconds * 1000;\n\n\twhile (Date.now() < expiresAt) {\n\t\tif (params.signal?.aborted) {\n\t\t\tthrow new Error('Login cancelled.');\n\t\t}\n\n\t\ttry {\n\t\t\tconst tokenResponse = await client.post<{\n\t\t\t\tapiKey: string;\n\t\t\t\tkeyPrefix?: string;\n\t\t\t\texpiresAt?: string;\n\t\t\t\tuserId: string;\n\t\t\t\tusername?: string;\n\t\t\t}>(\n\t\t\t\t'/auth/device/token',\n\t\t\t\t{ deviceCode: params.deviceCode },\n\t\t\t\t{ headers: { 'Content-Type': 'application/json' }, skipAuth: true, timeout: 30000 }\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\tapiKey: tokenResponse.apiKey,\n\t\t\t\tkeyPrefix: tokenResponse.keyPrefix,\n\t\t\t\texpiresAt: tokenResponse.expiresAt,\n\t\t\t\tuserId: tokenResponse.userId,\n\t\t\t\tusername: tokenResponse.username,\n\t\t\t};\n\t\t} catch (error: any) {\n\t\t\tconst apiError = error?.apiError?.error as string | undefined;\n\t\t\tconst code = apiError || 'authorization_pending';\n\t\t\tif (code === 'authorization_pending') {\n\t\t\t\t// continue polling\n\t\t\t} else if (code === 'slow_down') {\n\t\t\t\tintervalMs += POLL_SLOWDOWN_SECONDS * 1000;\n\t\t\t} else if (code === 'expired_token') {\n\t\t\t\tthrow new Error('Device code expired. Please run \"opkg login\" again.');\n\t\t\t} else if (code === 'access_denied') {\n\t\t\t\tthrow new Error('Access denied. Please restart the login flow.');\n\t\t\t} else {\n\t\t\t\tthrow error;\n\t\t\t}\n\t\t}\n\n\t\tawait wait(intervalMs, params.signal);\n\t}\n\n\tthrow new Error('Device code expired. Please run \"opkg login\" again.');\n}\n\nexport async function persistTokens(\n\tprofileName: string,\n\ttokens: DeviceTokenResult\n): Promise<void> {\n\tawait profileManager.setProfileCredentials(profileName, { api_key: tokens.apiKey });\n}\n\nexport function openBrowser(url: string): void {\n\tconst platform = process.platform;\n\tlet command = '';\n\n\tif (platform === 'darwin') {\n\t\tcommand = 'open';\n\t} else if (platform === 'win32') {\n\t\tcommand = 'start';\n\t} else {\n\t\tcommand = 'xdg-open';\n\t}\n\n\ttry {\n\t\tspawn(command, [url], { stdio: 'ignore', detached: true }).unref();\n\t} catch (error) {\n\t\tlogger.debug('Failed to open browser automatically', { error, url });\n\t}\n}\n\nfunction wait(ms: number, signal?: AbortSignal): Promise<void> {\n\treturn new Promise((resolve, reject) => {\n\t\tif (signal?.aborted) {\n\t\t\treject(new Error('Login cancelled.'));\n\t\t\treturn;\n\t\t}\n\n\t\tconst timer = setTimeout(resolve, ms);\n\n\t\tconst onAbort = () => {\n\t\t\tclearTimeout(timer);\n\t\t\treject(new Error('Login cancelled.'));\n\t\t};\n\n\t\tsignal?.addEventListener('abort', onAbort, { once: true });\n\t});\n}\n\n", "import { authManager } from '@opkg/core/core/auth.js';\nimport {\n\tstartDeviceAuthorization,\n\tpollForDeviceToken,\n\tpersistTokens,\n\topenBrowser,\n} from '@opkg/core/core/device-auth.js';\nimport { profileManager } from '@opkg/core/core/profiles.js';\nimport { logger } from '@opkg/core/utils/logger.js';\nimport { UserCancellationError } from '@opkg/core/utils/errors.js';\nimport { getCurrentUsername } from '@opkg/core/core/api-keys.js';\nimport { createCliExecutionContext } from '../cli/context.js';\nimport { resolveOutput } from '@opkg/core/core/ports/resolve.js';\n\ntype LoginOptions = {\n\tprofile?: string;\n};\n\nexport async function setupLoginCommand(args: any[]): Promise<void> {\n\tconst [options] = args as [LoginOptions];\n\tconst ctx = await createCliExecutionContext();\n\tconst out = resolveOutput(ctx);\n\n\tconst profileName = authManager.getCurrentProfile({\n\t\tprofile: options.profile,\n\t});\n\n\tout.info(`Using profile: ${profileName}`);\n\n\tconst authorization = await startDeviceAuthorization();\n\n\tout.info(`A browser will open for you to confirm sign-in.\\n\\nUser code: ${authorization.userCode}\\nVerification URL: ${authorization.verificationUri}`);\n\tout.info('If the browser does not open, visit the URL and enter the code above.');\n\n\topenBrowser(authorization.verificationUriComplete);\n\n\tconst abortController = new AbortController();\n\tconst cleanupKeyListener = setupCancelListener(abortController);\n\n\ttry {\n\t\tconst tokens = await pollForDeviceToken({\n\t\t\tdeviceCode: authorization.deviceCode,\n\t\t\tintervalSeconds: authorization.interval,\n\t\t\texpiresInSeconds: authorization.expiresIn,\n\t\t\tsignal: abortController.signal,\n\t\t});\n\n\t\tcleanupKeyListener();\n\n\t\tawait persistTokens(profileName, tokens);\n\n\t\tconst username = tokens.username ?? (await resolveUsername(tokens.apiKey));\n\t\tif (username) {\n\t\t\tawait profileManager.setProfileDefaultScope(profileName, `@${username}`);\n\t\t\tout.success(`Default scope set to @${username} for profile \"${profileName}\".`);\n\t\t} else {\n\t\t\tlogger.debug('Could not derive username from API key; default scope not set');\n\t\t}\n\n\t\tout.success('Login successful.');\n\t\tout.success(`API key stored for profile \"${profileName}\".`);\n\t} catch (error: any) {\n\t\tcleanupKeyListener();\n\t\tif (abortController.signal.aborted) {\n\t\t\tout.warn('Operation cancelled.');\n\t\t\tthrow new UserCancellationError('Operation cancelled by user');\n\t\t}\n\t\tlogger.debug('Device login failed', { error });\n\t\tthrow error;\n\t}\n}\n\nfunction setupCancelListener(abortController: AbortController): () => void {\n\tconst stdin = process.stdin;\n\tconst wasRaw = stdin.isRaw;\n\tconst wasListening = stdin.listenerCount('data') > 0;\n\n\tif (stdin.isTTY) {\n\t\tstdin.setRawMode(true);\n\t\tstdin.resume();\n\t}\n\n\tconst onData = (data: Buffer) => {\n\t\tconst key = data.toString();\n\t\t// Escape key (\\x1b without [ following, i.e. bare escape)\n\t\tif (key === '\\x1b' || key === '\\x03') {\n\t\t\tabortController.abort();\n\t\t}\n\t};\n\n\tstdin.on('data', onData);\n\n\treturn () => {\n\t\tstdin.off('data', onData);\n\t\tif (stdin.isTTY) {\n\t\t\tstdin.setRawMode(wasRaw ?? false);\n\t\t\tif (!wasListening) {\n\t\t\t\tstdin.pause();\n\t\t\t}\n\t\t}\n\t};\n}\n\nasync function resolveUsername(apiKey: string): Promise<string | undefined> {\n\ttry {\n\t\treturn await getCurrentUsername({ apiKey });\n\t} catch (error) {\n\t\tlogger.debug('Unable to resolve username from API key', { error });\n\t\treturn undefined;\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AAsBtB,IAAM,wBAAwB;AAE9B,eAAsB,2BAA8D;AAEnF,MAAM,WAAW,OADF,MAAM,iBAAiB,GACR;AAAA,IAQ7B;AAAA,IACA,EAAE,UAAU,YAAY,OAAO,UAAU,YAAY,WAAW;AAAA,IAChE,EAAE,SAAS,EAAE,gBAAgB,mBAAmB,GAAG,UAAU,IAAM,SAAS,IAAM;AAAA,EACnF;AAEA,SAAO;AAAA,IACN,YAAY,SAAS;AAAA,IACrB,UAAU,SAAS;AAAA,IACnB,iBAAiB,SAAS;AAAA,IAC1B,yBAAyB,SAAS;AAAA,IAClC,WAAW,SAAS;AAAA,IACpB,UAAU,SAAS;AAAA,EACpB;AACD;AAEA,eAAsB,mBAAmB,QAKV;AAC9B,MAAM,SAAS,MAAM,iBAAiB,GAChC,YAAY,KAAK,IAAI,IAAI,OAAO,mBAAmB,KACrD,aAAa,OAAO,kBAAkB;AAE1C,SAAO,KAAK,IAAI,IAAI,aAAW;AAC9B,QAAI,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,kBAAkB;AAGnC,QAAI;AACH,UAAM,gBAAgB,MAAM,OAAO;AAAA,QAOlC;AAAA,QACA,EAAE,YAAY,OAAO,WAAW;AAAA,QAChC,EAAE,SAAS,EAAE,gBAAgB,mBAAmB,GAAG,UAAU,IAAM,SAAS,IAAM;AAAA,MACnF;AAEA,aAAO;AAAA,QACN,QAAQ,cAAc;AAAA,QACtB,WAAW,cAAc;AAAA,QACzB,WAAW,cAAc;AAAA,QACzB,QAAQ,cAAc;AAAA,QACtB,UAAU,cAAc;AAAA,MACzB;AAAA,IACD,SAAS,OAAY;AAEpB,UAAM,OADW,OAAO,UAAU,SACT;AACzB,UAAI,SAAS;AAEN,YAAI,SAAS;AACnB,wBAAc,wBAAwB;AAAA,YAChC,OAAI,SAAS,kBACb,IAAI,MAAM,qDAAqD,IAC3D,SAAS,kBACb,IAAI,MAAM,+CAA+C,IAEzD;AAAA,IAER;AAEA,UAAM,KAAK,YAAY,OAAO,MAAM;AAAA,EACrC;AAEA,QAAM,IAAI,MAAM,qDAAqD;AACtE;AAEA,eAAsB,cACrB,aACA,QACgB;AAChB,QAAM,eAAe,sBAAsB,aAAa,EAAE,SAAS,OAAO,OAAO,CAAC;AACnF;AAEO,SAAS,YAAY,KAAmB;AAC9C,MAAM,WAAW,QAAQ,UACrB,UAAU;AAEd,EAAI,aAAa,WAChB,UAAU,SACA,aAAa,UACvB,UAAU,UAEV,UAAU;AAGX,MAAI;AACH,UAAM,SAAS,CAAC,GAAG,GAAG,EAAE,OAAO,UAAU,UAAU,GAAK,CAAC,EAAE,MAAM;AAAA,EAClE,SAAS,OAAO;AACf,WAAO,MAAM,wCAAwC,EAAE,OAAO,IAAI,CAAC;AAAA,EACpE;AACD;AAEA,SAAS,KAAK,IAAY,QAAqC;AAC9D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACvC,QAAI,QAAQ,SAAS;AACpB,aAAO,IAAI,MAAM,kBAAkB,CAAC;AACpC;AAAA,IACD;AAEA,QAAM,QAAQ,WAAW,SAAS,EAAE,GAE9B,UAAU,MAAM;AACrB,mBAAa,KAAK,GAClB,OAAO,IAAI,MAAM,kBAAkB,CAAC;AAAA,IACrC;AAEA,YAAQ,iBAAiB,SAAS,SAAS,EAAE,MAAM,GAAK,CAAC;AAAA,EAC1D,CAAC;AACF;;;AClIA,eAAsB,kBAAkB,MAA4B;AACnE,MAAM,CAAC,OAAO,IAAI,MACZ,MAAM,MAAM,0BAA0B,GACtC,MAAM,cAAc,GAAG,GAEvB,cAAc,YAAY,kBAAkB;AAAA,IACjD,SAAS,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,KAAK,kBAAkB,WAAW,EAAE;AAExC,MAAM,gBAAgB,MAAM,yBAAyB;AAErD,MAAI,KAAK;AAAA;AAAA,aAAiE,cAAc,QAAQ;AAAA,oBAAuB,cAAc,eAAe,EAAE,GACtJ,IAAI,KAAK,uEAAuE,GAEhF,YAAY,cAAc,uBAAuB;AAEjD,MAAM,kBAAkB,IAAI,gBAAgB,GACtC,qBAAqB,oBAAoB,eAAe;AAE9D,MAAI;AACH,QAAM,SAAS,MAAM,mBAAmB;AAAA,MACvC,YAAY,cAAc;AAAA,MAC1B,iBAAiB,cAAc;AAAA,MAC/B,kBAAkB,cAAc;AAAA,MAChC,QAAQ,gBAAgB;AAAA,IACzB,CAAC;AAED,uBAAmB,GAEnB,MAAM,cAAc,aAAa,MAAM;AAEvC,QAAM,WAAW,OAAO,YAAa,MAAM,gBAAgB,OAAO,MAAM;AACxE,IAAI,YACH,MAAM,eAAe,uBAAuB,aAAa,IAAI,QAAQ,EAAE,GACvE,IAAI,QAAQ,yBAAyB,QAAQ,iBAAiB,WAAW,IAAI,KAE7E,OAAO,MAAM,+DAA+D,GAG7E,IAAI,QAAQ,mBAAmB,GAC/B,IAAI,QAAQ,+BAA+B,WAAW,IAAI;AAAA,EAC3D,SAAS,OAAY;AAEpB,UADA,mBAAmB,GACf,gBAAgB,OAAO,WAC1B,IAAI,KAAK,sBAAsB,GACzB,IAAI,sBAAsB,6BAA6B,MAE9D,OAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,GACvC;AAAA,EACP;AACD;AAEA,SAAS,oBAAoB,iBAA8C;AAC1E,MAAM,QAAQ,QAAQ,OAChB,SAAS,MAAM,OACf,eAAe,MAAM,cAAc,MAAM,IAAI;AAEnD,EAAI,MAAM,UACT,MAAM,WAAW,EAAI,GACrB,MAAM,OAAO;AAGd,MAAM,SAAS,CAAC,SAAiB;AAChC,QAAM,MAAM,KAAK,SAAS;AAE1B,KAAI,QAAQ,UAAU,QAAQ,QAC7B,gBAAgB,MAAM;AAAA,EAExB;AAEA,eAAM,GAAG,QAAQ,MAAM,GAEhB,MAAM;AACZ,UAAM,IAAI,QAAQ,MAAM,GACpB,MAAM,UACT,MAAM,WAAW,UAAU,EAAK,GAC3B,gBACJ,MAAM,MAAM;AAAA,EAGf;AACD;AAEA,eAAe,gBAAgB,QAA6C;AAC3E,MAAI;AACH,WAAO,MAAM,mBAAmB,EAAE,OAAO,CAAC;AAAA,EAC3C,SAAS,OAAO;AACf,WAAO,MAAM,2CAA2C,EAAE,MAAM,CAAC;AACjE;AAAA,EACD;AACD;",
+  "names": []
+}

package/packages/cli/dist/login-NRKHXZKM.js

@@ -0,0 +1,150 @@
+#!/usr/bin/env node
+import {
+  getCurrentUsername
+} from "./chunk-EGAP6GNA.js";
+import {
+  createHttpClient
+} from "./chunk-ATYT3SA6.js";
+import {
+  authManager
+} from "./chunk-UR6VJWA3.js";
+import {
+  profileManager
+} from "./chunk-S6OARUVQ.js";
+import "./chunk-PXL2RUMX.js";
+import {
+  createCliExecutionContext,
+  resolveOutput
+} from "./chunk-BROJ6OUT.js";
+import "./chunk-XEPVYZO3.js";
+import "./chunk-VN22A7NW.js";
+import "./chunk-J4IFFBLP.js";
+import "./chunk-S47F4OG4.js";
+import {
+  UserCancellationError
+} from "./chunk-ID4SVDQZ.js";
+import {
+  logger
+} from "./chunk-5EFWGD33.js";
+
+// ../core/src/core/device-auth.ts
+import { spawn } from "child_process";
+var POLL_SLOWDOWN_SECONDS = 5;
+async function startDeviceAuthorization() {
+  let response = await (await createHttpClient()).post(
+    "/auth/device/authorize",
+    { clientId: "opkg-cli", scope: "openid", deviceName: "opkg-cli" },
+    { headers: { "Content-Type": "application/json" }, skipAuth: !0, timeout: 3e4 }
+  );
+  return {
+    deviceCode: response.device_code,
+    userCode: response.user_code,
+    verificationUri: response.verification_uri,
+    verificationUriComplete: response.verification_uri_complete,
+    expiresIn: response.expires_in,
+    interval: response.interval
+  };
+}
+async function pollForDeviceToken(params) {
+  let client = await createHttpClient(), expiresAt = Date.now() + params.expiresInSeconds * 1e3, intervalMs = params.intervalSeconds * 1e3;
+  for (; Date.now() < expiresAt; ) {
+    if (params.signal?.aborted)
+      throw new Error("Login cancelled.");
+    try {
+      let tokenResponse = await client.post(
+        "/auth/device/token",
+        { deviceCode: params.deviceCode },
+        { headers: { "Content-Type": "application/json" }, skipAuth: !0, timeout: 3e4 }
+      );
+      return {
+        apiKey: tokenResponse.apiKey,
+        keyPrefix: tokenResponse.keyPrefix,
+        expiresAt: tokenResponse.expiresAt,
+        userId: tokenResponse.userId,
+        username: tokenResponse.username
+      };
+    } catch (error) {
+      let code = error?.apiError?.error || "authorization_pending";
+      if (code !== "authorization_pending")
+        if (code === "slow_down")
+          intervalMs += POLL_SLOWDOWN_SECONDS * 1e3;
+        else throw code === "expired_token" ? new Error('Device code expired. Please run "opkg login" again.') : code === "access_denied" ? new Error("Access denied. Please restart the login flow.") : error;
+    }
+    await wait(intervalMs, params.signal);
+  }
+  throw new Error('Device code expired. Please run "opkg login" again.');
+}
+async function persistTokens(profileName, tokens) {
+  await profileManager.setProfileCredentials(profileName, { api_key: tokens.apiKey });
+}
+function openBrowser(url) {
+  let platform = process.platform, command = "";
+  platform === "darwin" ? command = "open" : platform === "win32" ? command = "start" : command = "xdg-open";
+  try {
+    spawn(command, [url], { stdio: "ignore", detached: !0 }).unref();
+  } catch (error) {
+    logger.debug("Failed to open browser automatically", { error, url });
+  }
+}
+function wait(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+      reject(new Error("Login cancelled."));
+      return;
+    }
+    let timer = setTimeout(resolve, ms), onAbort = () => {
+      clearTimeout(timer), reject(new Error("Login cancelled."));
+    };
+    signal?.addEventListener("abort", onAbort, { once: !0 });
+  });
+}
+
+// src/commands/login.ts
+async function setupLoginCommand(args) {
+  let [options] = args, ctx = await createCliExecutionContext(), out = resolveOutput(ctx), profileName = authManager.getCurrentProfile({
+    profile: options.profile
+  });
+  out.info(`Using profile: ${profileName}`);
+  let authorization = await startDeviceAuthorization();
+  out.info(`A browser will open for you to confirm sign-in.
+
+User code: ${authorization.userCode}
+Verification URL: ${authorization.verificationUri}`), out.info("If the browser does not open, visit the URL and enter the code above."), openBrowser(authorization.verificationUriComplete);
+  let abortController = new AbortController(), cleanupKeyListener = setupCancelListener(abortController);
+  try {
+    let tokens = await pollForDeviceToken({
+      deviceCode: authorization.deviceCode,
+      intervalSeconds: authorization.interval,
+      expiresInSeconds: authorization.expiresIn,
+      signal: abortController.signal
+    });
+    cleanupKeyListener(), await persistTokens(profileName, tokens);
+    let username = tokens.username ?? await resolveUsername(tokens.apiKey);
+    username ? (await profileManager.setProfileDefaultScope(profileName, `@${username}`), out.success(`Default scope set to @${username} for profile "${profileName}".`)) : logger.debug("Could not derive username from API key; default scope not set"), out.success("Login successful."), out.success(`API key stored for profile "${profileName}".`);
+  } catch (error) {
+    throw cleanupKeyListener(), abortController.signal.aborted ? (out.warn("Operation cancelled."), new UserCancellationError("Operation cancelled by user")) : (logger.debug("Device login failed", { error }), error);
+  }
+}
+function setupCancelListener(abortController) {
+  let stdin = process.stdin, wasRaw = stdin.isRaw, wasListening = stdin.listenerCount("data") > 0;
+  stdin.isTTY && (stdin.setRawMode(!0), stdin.resume());
+  let onData = (data) => {
+    let key = data.toString();
+    (key === "\x1B" || key === "") && abortController.abort();
+  };
+  return stdin.on("data", onData), () => {
+    stdin.off("data", onData), stdin.isTTY && (stdin.setRawMode(wasRaw ?? !1), wasListening || stdin.pause());
+  };
+}
+async function resolveUsername(apiKey) {
+  try {
+    return await getCurrentUsername({ apiKey });
+  } catch (error) {
+    logger.debug("Unable to resolve username from API key", { error });
+    return;
+  }
+}
+export {
+  setupLoginCommand
+};
+//# sourceMappingURL=login-NRKHXZKM.js.map

package/packages/cli/dist/login-NRKHXZKM.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../core/src/core/device-auth.ts", "../src/commands/login.ts"],
+  "sourcesContent": ["import { spawn } from 'child_process';\nimport { logger } from '../utils/logger.js';\nimport { createHttpClient } from './http-client.js';\nimport { profileManager } from './profiles.js';\n\nexport type DeviceAuthorizationStart = {\n\tdeviceCode: string;\n\tuserCode: string;\n\tverificationUri: string;\n\tverificationUriComplete: string;\n\texpiresIn: number;\n\tinterval: number;\n};\n\nexport type DeviceTokenResult = {\n\tapiKey: string;\n\tkeyPrefix?: string;\n\texpiresAt?: string;\n\tuserId: string;\n\tusername?: string;\n};\n\nconst POLL_SLOWDOWN_SECONDS = 5;\n\nexport async function startDeviceAuthorization(): Promise<DeviceAuthorizationStart> {\n\tconst client = await createHttpClient();\n\tconst response = await client.post<{\n\t\tdevice_code: string;\n\t\tuser_code: string;\n\t\tverification_uri: string;\n\t\tverification_uri_complete: string;\n\t\texpires_in: number;\n\t\tinterval: number;\n\t}>(\n\t\t'/auth/device/authorize',\n\t\t{ clientId: 'opkg-cli', scope: 'openid', deviceName: 'opkg-cli' },\n\t\t{ headers: { 'Content-Type': 'application/json' }, skipAuth: true, timeout: 30000 }\n\t);\n\n\treturn {\n\t\tdeviceCode: response.device_code,\n\t\tuserCode: response.user_code,\n\t\tverificationUri: response.verification_uri,\n\t\tverificationUriComplete: response.verification_uri_complete,\n\t\texpiresIn: response.expires_in,\n\t\tinterval: response.interval,\n\t};\n}\n\nexport async function pollForDeviceToken(params: {\n\tdeviceCode: string;\n\tintervalSeconds: number;\n\texpiresInSeconds: number;\n\tsignal?: AbortSignal;\n}): Promise<DeviceTokenResult> {\n\tconst client = await createHttpClient();\n\tconst expiresAt = Date.now() + params.expiresInSeconds * 1000;\n\tlet intervalMs = params.intervalSeconds * 1000;\n\n\twhile (Date.now() < expiresAt) {\n\t\tif (params.signal?.aborted) {\n\t\t\tthrow new Error('Login cancelled.');\n\t\t}\n\n\t\ttry {\n\t\t\tconst tokenResponse = await client.post<{\n\t\t\t\tapiKey: string;\n\t\t\t\tkeyPrefix?: string;\n\t\t\t\texpiresAt?: string;\n\t\t\t\tuserId: string;\n\t\t\t\tusername?: string;\n\t\t\t}>(\n\t\t\t\t'/auth/device/token',\n\t\t\t\t{ deviceCode: params.deviceCode },\n\t\t\t\t{ headers: { 'Content-Type': 'application/json' }, skipAuth: true, timeout: 30000 }\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\tapiKey: tokenResponse.apiKey,\n\t\t\t\tkeyPrefix: tokenResponse.keyPrefix,\n\t\t\t\texpiresAt: tokenResponse.expiresAt,\n\t\t\t\tuserId: tokenResponse.userId,\n\t\t\t\tusername: tokenResponse.username,\n\t\t\t};\n\t\t} catch (error: any) {\n\t\t\tconst apiError = error?.apiError?.error as string | undefined;\n\t\t\tconst code = apiError || 'authorization_pending';\n\t\t\tif (code === 'authorization_pending') {\n\t\t\t\t// continue polling\n\t\t\t} else if (code === 'slow_down') {\n\t\t\t\tintervalMs += POLL_SLOWDOWN_SECONDS * 1000;\n\t\t\t} else if (code === 'expired_token') {\n\t\t\t\tthrow new Error('Device code expired. Please run \"opkg login\" again.');\n\t\t\t} else if (code === 'access_denied') {\n\t\t\t\tthrow new Error('Access denied. Please restart the login flow.');\n\t\t\t} else {\n\t\t\t\tthrow error;\n\t\t\t}\n\t\t}\n\n\t\tawait wait(intervalMs, params.signal);\n\t}\n\n\tthrow new Error('Device code expired. Please run \"opkg login\" again.');\n}\n\nexport async function persistTokens(\n\tprofileName: string,\n\ttokens: DeviceTokenResult\n): Promise<void> {\n\tawait profileManager.setProfileCredentials(profileName, { api_key: tokens.apiKey });\n}\n\nexport function openBrowser(url: string): void {\n\tconst platform = process.platform;\n\tlet command = '';\n\n\tif (platform === 'darwin') {\n\t\tcommand = 'open';\n\t} else if (platform === 'win32') {\n\t\tcommand = 'start';\n\t} else {\n\t\tcommand = 'xdg-open';\n\t}\n\n\ttry {\n\t\tspawn(command, [url], { stdio: 'ignore', detached: true }).unref();\n\t} catch (error) {\n\t\tlogger.debug('Failed to open browser automatically', { error, url });\n\t}\n}\n\nfunction wait(ms: number, signal?: AbortSignal): Promise<void> {\n\treturn new Promise((resolve, reject) => {\n\t\tif (signal?.aborted) {\n\t\t\treject(new Error('Login cancelled.'));\n\t\t\treturn;\n\t\t}\n\n\t\tconst timer = setTimeout(resolve, ms);\n\n\t\tconst onAbort = () => {\n\t\t\tclearTimeout(timer);\n\t\t\treject(new Error('Login cancelled.'));\n\t\t};\n\n\t\tsignal?.addEventListener('abort', onAbort, { once: true });\n\t});\n}\n\n", "import { authManager } from '@opkg/core/core/auth.js';\nimport {\n\tstartDeviceAuthorization,\n\tpollForDeviceToken,\n\tpersistTokens,\n\topenBrowser,\n} from '@opkg/core/core/device-auth.js';\nimport { profileManager } from '@opkg/core/core/profiles.js';\nimport { logger } from '@opkg/core/utils/logger.js';\nimport { UserCancellationError } from '@opkg/core/utils/errors.js';\nimport { getCurrentUsername } from '@opkg/core/core/api-keys.js';\nimport { createCliExecutionContext } from '../cli/context.js';\nimport { resolveOutput } from '@opkg/core/core/ports/resolve.js';\n\ntype LoginOptions = {\n\tprofile?: string;\n};\n\nexport async function setupLoginCommand(args: any[]): Promise<void> {\n\tconst [options] = args as [LoginOptions];\n\tconst ctx = await createCliExecutionContext();\n\tconst out = resolveOutput(ctx);\n\n\tconst profileName = authManager.getCurrentProfile({\n\t\tprofile: options.profile,\n\t});\n\n\tout.info(`Using profile: ${profileName}`);\n\n\tconst authorization = await startDeviceAuthorization();\n\n\tout.info(`A browser will open for you to confirm sign-in.\\n\\nUser code: ${authorization.userCode}\\nVerification URL: ${authorization.verificationUri}`);\n\tout.info('If the browser does not open, visit the URL and enter the code above.');\n\n\topenBrowser(authorization.verificationUriComplete);\n\n\tconst abortController = new AbortController();\n\tconst cleanupKeyListener = setupCancelListener(abortController);\n\n\ttry {\n\t\tconst tokens = await pollForDeviceToken({\n\t\t\tdeviceCode: authorization.deviceCode,\n\t\t\tintervalSeconds: authorization.interval,\n\t\t\texpiresInSeconds: authorization.expiresIn,\n\t\t\tsignal: abortController.signal,\n\t\t});\n\n\t\tcleanupKeyListener();\n\n\t\tawait persistTokens(profileName, tokens);\n\n\t\tconst username = tokens.username ?? (await resolveUsername(tokens.apiKey));\n\t\tif (username) {\n\t\t\tawait profileManager.setProfileDefaultScope(profileName, `@${username}`);\n\t\t\tout.success(`Default scope set to @${username} for profile \"${profileName}\".`);\n\t\t} else {\n\t\t\tlogger.debug('Could not derive username from API key; default scope not set');\n\t\t}\n\n\t\tout.success('Login successful.');\n\t\tout.success(`API key stored for profile \"${profileName}\".`);\n\t} catch (error: any) {\n\t\tcleanupKeyListener();\n\t\tif (abortController.signal.aborted) {\n\t\t\tout.warn('Operation cancelled.');\n\t\t\tthrow new UserCancellationError('Operation cancelled by user');\n\t\t}\n\t\tlogger.debug('Device login failed', { error });\n\t\tthrow error;\n\t}\n}\n\nfunction setupCancelListener(abortController: AbortController): () => void {\n\tconst stdin = process.stdin;\n\tconst wasRaw = stdin.isRaw;\n\tconst wasListening = stdin.listenerCount('data') > 0;\n\n\tif (stdin.isTTY) {\n\t\tstdin.setRawMode(true);\n\t\tstdin.resume();\n\t}\n\n\tconst onData = (data: Buffer) => {\n\t\tconst key = data.toString();\n\t\t// Escape key (\\x1b without [ following, i.e. bare escape)\n\t\tif (key === '\\x1b' || key === '\\x03') {\n\t\t\tabortController.abort();\n\t\t}\n\t};\n\n\tstdin.on('data', onData);\n\n\treturn () => {\n\t\tstdin.off('data', onData);\n\t\tif (stdin.isTTY) {\n\t\t\tstdin.setRawMode(wasRaw ?? false);\n\t\t\tif (!wasListening) {\n\t\t\t\tstdin.pause();\n\t\t\t}\n\t\t}\n\t};\n}\n\nasync function resolveUsername(apiKey: string): Promise<string | undefined> {\n\ttry {\n\t\treturn await getCurrentUsername({ apiKey });\n\t} catch (error) {\n\t\tlogger.debug('Unable to resolve username from API key', { error });\n\t\treturn undefined;\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AAsBtB,IAAM,wBAAwB;AAE9B,eAAsB,2BAA8D;AAEnF,MAAM,WAAW,OADF,MAAM,iBAAiB,GACR;AAAA,IAQ7B;AAAA,IACA,EAAE,UAAU,YAAY,OAAO,UAAU,YAAY,WAAW;AAAA,IAChE,EAAE,SAAS,EAAE,gBAAgB,mBAAmB,GAAG,UAAU,IAAM,SAAS,IAAM;AAAA,EACnF;AAEA,SAAO;AAAA,IACN,YAAY,SAAS;AAAA,IACrB,UAAU,SAAS;AAAA,IACnB,iBAAiB,SAAS;AAAA,IAC1B,yBAAyB,SAAS;AAAA,IAClC,WAAW,SAAS;AAAA,IACpB,UAAU,SAAS;AAAA,EACpB;AACD;AAEA,eAAsB,mBAAmB,QAKV;AAC9B,MAAM,SAAS,MAAM,iBAAiB,GAChC,YAAY,KAAK,IAAI,IAAI,OAAO,mBAAmB,KACrD,aAAa,OAAO,kBAAkB;AAE1C,SAAO,KAAK,IAAI,IAAI,aAAW;AAC9B,QAAI,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,kBAAkB;AAGnC,QAAI;AACH,UAAM,gBAAgB,MAAM,OAAO;AAAA,QAOlC;AAAA,QACA,EAAE,YAAY,OAAO,WAAW;AAAA,QAChC,EAAE,SAAS,EAAE,gBAAgB,mBAAmB,GAAG,UAAU,IAAM,SAAS,IAAM;AAAA,MACnF;AAEA,aAAO;AAAA,QACN,QAAQ,cAAc;AAAA,QACtB,WAAW,cAAc;AAAA,QACzB,WAAW,cAAc;AAAA,QACzB,QAAQ,cAAc;AAAA,QACtB,UAAU,cAAc;AAAA,MACzB;AAAA,IACD,SAAS,OAAY;AAEpB,UAAM,OADW,OAAO,UAAU,SACT;AACzB,UAAI,SAAS;AAEN,YAAI,SAAS;AACnB,wBAAc,wBAAwB;AAAA,YAChC,OAAI,SAAS,kBACb,IAAI,MAAM,qDAAqD,IAC3D,SAAS,kBACb,IAAI,MAAM,+CAA+C,IAEzD;AAAA,IAER;AAEA,UAAM,KAAK,YAAY,OAAO,MAAM;AAAA,EACrC;AAEA,QAAM,IAAI,MAAM,qDAAqD;AACtE;AAEA,eAAsB,cACrB,aACA,QACgB;AAChB,QAAM,eAAe,sBAAsB,aAAa,EAAE,SAAS,OAAO,OAAO,CAAC;AACnF;AAEO,SAAS,YAAY,KAAmB;AAC9C,MAAM,WAAW,QAAQ,UACrB,UAAU;AAEd,EAAI,aAAa,WAChB,UAAU,SACA,aAAa,UACvB,UAAU,UAEV,UAAU;AAGX,MAAI;AACH,UAAM,SAAS,CAAC,GAAG,GAAG,EAAE,OAAO,UAAU,UAAU,GAAK,CAAC,EAAE,MAAM;AAAA,EAClE,SAAS,OAAO;AACf,WAAO,MAAM,wCAAwC,EAAE,OAAO,IAAI,CAAC;AAAA,EACpE;AACD;AAEA,SAAS,KAAK,IAAY,QAAqC;AAC9D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACvC,QAAI,QAAQ,SAAS;AACpB,aAAO,IAAI,MAAM,kBAAkB,CAAC;AACpC;AAAA,IACD;AAEA,QAAM,QAAQ,WAAW,SAAS,EAAE,GAE9B,UAAU,MAAM;AACrB,mBAAa,KAAK,GAClB,OAAO,IAAI,MAAM,kBAAkB,CAAC;AAAA,IACrC;AAEA,YAAQ,iBAAiB,SAAS,SAAS,EAAE,MAAM,GAAK,CAAC;AAAA,EAC1D,CAAC;AACF;;;AClIA,eAAsB,kBAAkB,MAA4B;AACnE,MAAM,CAAC,OAAO,IAAI,MACZ,MAAM,MAAM,0BAA0B,GACtC,MAAM,cAAc,GAAG,GAEvB,cAAc,YAAY,kBAAkB;AAAA,IACjD,SAAS,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,KAAK,kBAAkB,WAAW,EAAE;AAExC,MAAM,gBAAgB,MAAM,yBAAyB;AAErD,MAAI,KAAK;AAAA;AAAA,aAAiE,cAAc,QAAQ;AAAA,oBAAuB,cAAc,eAAe,EAAE,GACtJ,IAAI,KAAK,uEAAuE,GAEhF,YAAY,cAAc,uBAAuB;AAEjD,MAAM,kBAAkB,IAAI,gBAAgB,GACtC,qBAAqB,oBAAoB,eAAe;AAE9D,MAAI;AACH,QAAM,SAAS,MAAM,mBAAmB;AAAA,MACvC,YAAY,cAAc;AAAA,MAC1B,iBAAiB,cAAc;AAAA,MAC/B,kBAAkB,cAAc;AAAA,MAChC,QAAQ,gBAAgB;AAAA,IACzB,CAAC;AAED,uBAAmB,GAEnB,MAAM,cAAc,aAAa,MAAM;AAEvC,QAAM,WAAW,OAAO,YAAa,MAAM,gBAAgB,OAAO,MAAM;AACxE,IAAI,YACH,MAAM,eAAe,uBAAuB,aAAa,IAAI,QAAQ,EAAE,GACvE,IAAI,QAAQ,yBAAyB,QAAQ,iBAAiB,WAAW,IAAI,KAE7E,OAAO,MAAM,+DAA+D,GAG7E,IAAI,QAAQ,mBAAmB,GAC/B,IAAI,QAAQ,+BAA+B,WAAW,IAAI;AAAA,EAC3D,SAAS,OAAY;AAEpB,UADA,mBAAmB,GACf,gBAAgB,OAAO,WAC1B,IAAI,KAAK,sBAAsB,GACzB,IAAI,sBAAsB,6BAA6B,MAE9D,OAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,GACvC;AAAA,EACP;AACD;AAEA,SAAS,oBAAoB,iBAA8C;AAC1E,MAAM,QAAQ,QAAQ,OAChB,SAAS,MAAM,OACf,eAAe,MAAM,cAAc,MAAM,IAAI;AAEnD,EAAI,MAAM,UACT,MAAM,WAAW,EAAI,GACrB,MAAM,OAAO;AAGd,MAAM,SAAS,CAAC,SAAiB;AAChC,QAAM,MAAM,KAAK,SAAS;AAE1B,KAAI,QAAQ,UAAU,QAAQ,QAC7B,gBAAgB,MAAM;AAAA,EAExB;AAEA,eAAM,GAAG,QAAQ,MAAM,GAEhB,MAAM;AACZ,UAAM,IAAI,QAAQ,MAAM,GACpB,MAAM,UACT,MAAM,WAAW,UAAU,EAAK,GAC3B,gBACJ,MAAM,MAAM;AAAA,EAGf;AACD;AAEA,eAAe,gBAAgB,QAA6C;AAC3E,MAAI;AACH,WAAO,MAAM,mBAAmB,EAAE,OAAO,CAAC;AAAA,EAC3C,SAAS,OAAO;AACf,WAAO,MAAM,2CAA2C,EAAE,MAAM,CAAC;AACjE;AAAA,EACD;AACD;",
+  "names": []
+}

package/packages/cli/dist/logout-HDMYRXIE.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import {
+  authManager
+} from "./chunk-C6FY55UP.js";
+import {
+  profileManager
+} from "./chunk-WF7H2YDU.js";
+import "./chunk-PXL2RUMX.js";
+import {
+  createCliExecutionContext,
+  resolveOutput
+} from "./chunk-RAKMX654.js";
+import "./chunk-GDVFS3YP.js";
+import "./chunk-VN22A7NW.js";
+import "./chunk-IHVZ5AUJ.js";
+import "./chunk-S47F4OG4.js";
+import "./chunk-ID4SVDQZ.js";
+import {
+  logger
+} from "./chunk-5EFWGD33.js";
+
+// src/commands/logout.ts
+async function setupLogoutCommand(args) {
+  let [options] = args, ctx = await createCliExecutionContext(), out = resolveOutput(ctx), profileName = authManager.getCurrentProfile({
+    profile: options.profile
+  });
+  if (profileName === "<api-key>") {
+    out.info("No stored credentials when using --api-key directly.");
+    return;
+  }
+  try {
+    await profileManager.clearProfileCredentials(profileName), out.success(`Credentials removed for profile "${profileName}".`);
+  } catch (error) {
+    throw logger.debug("Failed to clear credentials during logout", { error }), error;
+  }
+}
+export {
+  setupLogoutCommand
+};
+//# sourceMappingURL=logout-HDMYRXIE.js.map

package/packages/cli/dist/logout-HDMYRXIE.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/commands/logout.ts"],
+  "sourcesContent": ["import { authManager } from '@opkg/core/core/auth.js'\nimport { profileManager } from '@opkg/core/core/profiles.js'\nimport { logger } from '@opkg/core/utils/logger.js'\nimport { createCliExecutionContext } from '../cli/context.js'\nimport { resolveOutput } from '@opkg/core/core/ports/resolve.js'\n\ntype LogoutOptions = {\n\tprofile?: string\n}\n\nexport async function setupLogoutCommand(args: any[]): Promise<void> {\n\tconst [options] = args as [LogoutOptions]\n\tconst ctx = await createCliExecutionContext()\n\tconst out = resolveOutput(ctx)\n\n\tconst profileName = authManager.getCurrentProfile({\n\t\tprofile: options.profile,\n\t})\n\n\tif (profileName === '<api-key>') {\n\t\tout.info('No stored credentials when using --api-key directly.')\n\t\treturn\n\t}\n\n\ttry {\n\t\tawait profileManager.clearProfileCredentials(profileName)\n\t\tout.success(`Credentials removed for profile \"${profileName}\".`)\n\t} catch (error) {\n\t\tlogger.debug('Failed to clear credentials during logout', { error })\n\t\tthrow error\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;AAUA,eAAsB,mBAAmB,MAA4B;AACpE,MAAM,CAAC,OAAO,IAAI,MACZ,MAAM,MAAM,0BAA0B,GACtC,MAAM,cAAc,GAAG,GAEvB,cAAc,YAAY,kBAAkB;AAAA,IACjD,SAAS,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,gBAAgB,aAAa;AAChC,QAAI,KAAK,sDAAsD;AAC/D;AAAA,EACD;AAEA,MAAI;AACH,UAAM,eAAe,wBAAwB,WAAW,GACxD,IAAI,QAAQ,oCAAoC,WAAW,IAAI;AAAA,EAChE,SAAS,OAAO;AACf,iBAAO,MAAM,6CAA6C,EAAE,MAAM,CAAC,GAC7D;AAAA,EACP;AACD;",
+  "names": []
+}

package/packages/cli/dist/logout-SYHXCVCQ.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import {
+  authManager
+} from "./chunk-UR6VJWA3.js";
+import {
+  profileManager
+} from "./chunk-S6OARUVQ.js";
+import "./chunk-PXL2RUMX.js";
+import {
+  createCliExecutionContext,
+  resolveOutput
+} from "./chunk-BROJ6OUT.js";
+import "./chunk-XEPVYZO3.js";
+import "./chunk-VN22A7NW.js";
+import "./chunk-J4IFFBLP.js";
+import "./chunk-S47F4OG4.js";
+import "./chunk-ID4SVDQZ.js";
+import {
+  logger
+} from "./chunk-5EFWGD33.js";
+
+// src/commands/logout.ts
+async function setupLogoutCommand(args) {
+  let [options] = args, ctx = await createCliExecutionContext(), out = resolveOutput(ctx), profileName = authManager.getCurrentProfile({
+    profile: options.profile
+  });
+  if (profileName === "<api-key>") {
+    out.info("No stored credentials when using --api-key directly.");
+    return;
+  }
+  try {
+    await profileManager.clearProfileCredentials(profileName), out.success(`Credentials removed for profile "${profileName}".`);
+  } catch (error) {
+    throw logger.debug("Failed to clear credentials during logout", { error }), error;
+  }
+}
+export {
+  setupLogoutCommand
+};
+//# sourceMappingURL=logout-SYHXCVCQ.js.map

package/packages/cli/dist/logout-SYHXCVCQ.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/commands/logout.ts"],
+  "sourcesContent": ["import { authManager } from '@opkg/core/core/auth.js'\nimport { profileManager } from '@opkg/core/core/profiles.js'\nimport { logger } from '@opkg/core/utils/logger.js'\nimport { createCliExecutionContext } from '../cli/context.js'\nimport { resolveOutput } from '@opkg/core/core/ports/resolve.js'\n\ntype LogoutOptions = {\n\tprofile?: string\n}\n\nexport async function setupLogoutCommand(args: any[]): Promise<void> {\n\tconst [options] = args as [LogoutOptions]\n\tconst ctx = await createCliExecutionContext()\n\tconst out = resolveOutput(ctx)\n\n\tconst profileName = authManager.getCurrentProfile({\n\t\tprofile: options.profile,\n\t})\n\n\tif (profileName === '<api-key>') {\n\t\tout.info('No stored credentials when using --api-key directly.')\n\t\treturn\n\t}\n\n\ttry {\n\t\tawait profileManager.clearProfileCredentials(profileName)\n\t\tout.success(`Credentials removed for profile \"${profileName}\".`)\n\t} catch (error) {\n\t\tlogger.debug('Failed to clear credentials during logout', { error })\n\t\tthrow error\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;AAUA,eAAsB,mBAAmB,MAA4B;AACpE,MAAM,CAAC,OAAO,IAAI,MACZ,MAAM,MAAM,0BAA0B,GACtC,MAAM,cAAc,GAAG,GAEvB,cAAc,YAAY,kBAAkB;AAAA,IACjD,SAAS,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,gBAAgB,aAAa;AAChC,QAAI,KAAK,sDAAsD;AAC/D;AAAA,EACD;AAEA,MAAI;AACH,UAAM,eAAe,wBAAwB,WAAW,GACxD,IAAI,QAAQ,oCAAoC,WAAW,IAAI;AAAA,EAChE,SAAS,OAAO;AACf,iBAAO,MAAM,6CAA6C,EAAE,MAAM,CAAC,GAC7D;AAAA,EACP;AACD;",
+  "names": []
+}

package/packages/cli/dist/logout-X3XUUOH5.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import {
+  authManager
+} from "./chunk-UR6VJWA3.js";
+import {
+  profileManager
+} from "./chunk-S6OARUVQ.js";
+import "./chunk-PXL2RUMX.js";
+import {
+  createCliExecutionContext,
+  resolveOutput
+} from "./chunk-RAKMX654.js";
+import "./chunk-XEPVYZO3.js";
+import "./chunk-VN22A7NW.js";
+import "./chunk-J4IFFBLP.js";
+import "./chunk-S47F4OG4.js";
+import "./chunk-ID4SVDQZ.js";
+import {
+  logger
+} from "./chunk-5EFWGD33.js";
+
+// src/commands/logout.ts
+async function setupLogoutCommand(args) {
+  let [options] = args, ctx = await createCliExecutionContext(), out = resolveOutput(ctx), profileName = authManager.getCurrentProfile({
+    profile: options.profile
+  });
+  if (profileName === "<api-key>") {
+    out.info("No stored credentials when using --api-key directly.");
+    return;
+  }
+  try {
+    await profileManager.clearProfileCredentials(profileName), out.success(`Credentials removed for profile "${profileName}".`);
+  } catch (error) {
+    throw logger.debug("Failed to clear credentials during logout", { error }), error;
+  }
+}
+export {
+  setupLogoutCommand
+};
+//# sourceMappingURL=logout-X3XUUOH5.js.map

package/packages/cli/dist/logout-X3XUUOH5.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/commands/logout.ts"],
+  "sourcesContent": ["import { authManager } from '@opkg/core/core/auth.js'\nimport { profileManager } from '@opkg/core/core/profiles.js'\nimport { logger } from '@opkg/core/utils/logger.js'\nimport { createCliExecutionContext } from '../cli/context.js'\nimport { resolveOutput } from '@opkg/core/core/ports/resolve.js'\n\ntype LogoutOptions = {\n\tprofile?: string\n}\n\nexport async function setupLogoutCommand(args: any[]): Promise<void> {\n\tconst [options] = args as [LogoutOptions]\n\tconst ctx = await createCliExecutionContext()\n\tconst out = resolveOutput(ctx)\n\n\tconst profileName = authManager.getCurrentProfile({\n\t\tprofile: options.profile,\n\t})\n\n\tif (profileName === '<api-key>') {\n\t\tout.info('No stored credentials when using --api-key directly.')\n\t\treturn\n\t}\n\n\ttry {\n\t\tawait profileManager.clearProfileCredentials(profileName)\n\t\tout.success(`Credentials removed for profile \"${profileName}\".`)\n\t} catch (error) {\n\t\tlogger.debug('Failed to clear credentials during logout', { error })\n\t\tthrow error\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;AAUA,eAAsB,mBAAmB,MAA4B;AACpE,MAAM,CAAC,OAAO,IAAI,MACZ,MAAM,MAAM,0BAA0B,GACtC,MAAM,cAAc,GAAG,GAEvB,cAAc,YAAY,kBAAkB;AAAA,IACjD,SAAS,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,gBAAgB,aAAa;AAChC,QAAI,KAAK,sDAAsD;AAC/D;AAAA,EACD;AAEA,MAAI;AACH,UAAM,eAAe,wBAAwB,WAAW,GACxD,IAAI,QAAQ,oCAAoC,WAAW,IAAI;AAAA,EAChE,SAAS,OAAO;AACf,iBAAO,MAAM,6CAA6C,EAAE,MAAM,CAAC,GAC7D;AAAA,EACP;AACD;",
+  "names": []
+}