salesprompter-cli 0.1.4 → 0.1.5

package/README.md

@@ -113,12 +113,12 @@ Global output flags:
 The CLI stores a local session file at `~/.config/salesprompter/auth-session.json` (or `SALESPROMPTER_CONFIG_DIR`).
 
 ```bash
-# Production path: generate a short-lived CLI token in the Salesprompter app
-salesprompter auth:login --token "$SALESPROMPTER_TOKEN" --api-url "https://salesprompter.ai"
-
-# Optional: use device flow only if your Salesprompter app exposes it
+# Preferred path: browser/device login
 salesprompter auth:login
 
+# Fallback path: generate a short-lived CLI token in the Salesprompter app
+salesprompter auth:login --token "$SALESPROMPTER_TOKEN" --api-url "https://salesprompter.ai"
+
 # Verify active identity with backend
 salesprompter auth:whoami --verify
 
@@ -137,9 +137,11 @@ Environment variables:
 
 App compatibility:
 
-- Current Salesprompter production uses app-issued CLI tokens.
-- If your app exposes `/api/cli/auth/device/start` and `/api/cli/auth/device/poll`, `salesprompter auth:login` will use device flow.
-- If device auth is not enabled, create a CLI token from the app endpoint `POST /api/cli/auth/token` and use:
+- Salesprompter app should expose `/api/cli/auth/device/start`, `/api/cli/auth/device/poll`, and `/api/cli/auth/me`.
+- `salesprompter auth:login` uses browser/device login and prints the verification URL plus code before polling.
+- `POST /api/cli/auth/token` remains the fallback path when browser/device login is disabled or unavailable.
+
+Fallback command:
 
 ```bash
 salesprompter auth:login --token "<token-from-app>" --api-url "https://salesprompter.ai"

package/dist/auth.js

@@ -1,3 +1,5 @@
+import { randomBytes } from "node:crypto";
+import { createServer } from "node:http";
 import os from "node:os";
 import path from "node:path";
 import { access, mkdir, readFile, rm, writeFile } from "node:fs/promises";
@@ -106,6 +108,12 @@ function buildDeviceFlowUnavailableMessage(apiBaseUrl) {
         `Generate a CLI token in the app and run \`salesprompter auth:login --token <token> --api-url "${apiBaseUrl}"\`.`
     ].join(" ");
 }
+function isBrowserConnectUnavailableError(message) {
+    if (/request failed \((401|403|404|405|500|501|502|503|504)\)/.test(message)) {
+        return true;
+    }
+    return message.includes("invalid localhost callback response");
+}
 async function hasSessionFile() {
     try {
         await access(getSessionPath());
@@ -202,6 +210,99 @@ export async function loginWithToken(token, apiBaseUrl) {
     await writeAuthSession(session);
     return session;
 }
+export async function loginWithBrowserConnect(options) {
+    const apiBaseUrl = normalizeApiBaseUrl(options?.apiBaseUrl);
+    const timeoutSeconds = options?.timeoutSeconds ?? DEFAULT_DEVICE_TIMEOUT_SECONDS;
+    const state = randomBytes(16).toString("hex");
+    let resolveToken;
+    let rejectToken;
+    const tokenPromise = new Promise((resolve, reject) => {
+        resolveToken = resolve;
+        rejectToken = reject;
+    });
+    const server = createServer((request, response) => {
+        try {
+            const requestUrl = new URL(request.url ?? "/", "http://127.0.0.1");
+            if (requestUrl.pathname !== "/callback") {
+                response.statusCode = 404;
+                response.end("Not found");
+                return;
+            }
+            const accessToken = requestUrl.searchParams.get("access_token") ?? "";
+            const responseState = requestUrl.searchParams.get("state") ?? "";
+            if (accessToken.trim().length === 0 || responseState.trim().length === 0) {
+                response.statusCode = 400;
+                response.end("Invalid login response");
+                return;
+            }
+            response.statusCode = 200;
+            response.setHeader("Content-Type", "text/html; charset=utf-8");
+            response.end("<!doctype html><html><body><p>Salesprompter CLI login complete. You can return to the terminal.</p></body></html>");
+            resolveToken?.({ accessToken, state: responseState });
+        }
+        catch (error) {
+            response.statusCode = 500;
+            response.end("Login failed");
+            rejectToken?.(error);
+        }
+    });
+    server.once("error", (error) => {
+        rejectToken?.(error);
+    });
+    await new Promise((resolve, reject) => {
+        server.listen(0, "127.0.0.1", () => resolve());
+        server.once("error", reject);
+    });
+    const address = server.address();
+    if (!address || typeof address === "string") {
+        server.close();
+        throw new Error("failed to bind localhost callback server");
+    }
+    const redirectUri = `http://127.0.0.1:${address.port}/callback`;
+    const closeServer = async () => await new Promise((resolve) => {
+        server.close(() => resolve());
+    });
+    const browserUrl = new URL(`${apiBaseUrl}/api/cli/auth/connect`);
+    browserUrl.searchParams.set("redirect_uri", redirectUri);
+    browserUrl.searchParams.set("state", state);
+    let preflightResponse;
+    try {
+        preflightResponse = await fetch(browserUrl, {
+            method: "GET",
+            redirect: "manual",
+            headers: {
+                "X-Salesprompter-Client": CLIENT_HEADER
+            }
+        });
+    }
+    catch (error) {
+        await closeServer();
+        throw error;
+    }
+    if (preflightResponse.status < 300 || preflightResponse.status >= 400) {
+        await closeServer();
+        throw new Error(`request failed (${preflightResponse.status}) for ${browserUrl}`);
+    }
+    await options?.onConnectStart?.({
+        browserUrl: browserUrl.toString(),
+        redirectUri
+    });
+    const timeoutHandle = setTimeout(() => {
+        rejectToken?.(new Error("timed out waiting for browser login"));
+    }, Math.max(timeoutSeconds, 30) * 1000);
+    let result;
+    try {
+        result = await tokenPromise;
+    }
+    finally {
+        clearTimeout(timeoutHandle);
+        await closeServer();
+    }
+    if (result.state !== state) {
+        throw new Error("invalid localhost callback response");
+    }
+    return await loginWithToken(result.accessToken, apiBaseUrl);
+}
 export async function loginWithDeviceFlow(options) {
     const apiBaseUrl = normalizeApiBaseUrl(options?.apiBaseUrl);
     const timeoutSeconds = options?.timeoutSeconds ?? DEFAULT_DEVICE_TIMEOUT_SECONDS;
@@ -227,6 +328,12 @@ export async function loginWithDeviceFlow(options) {
     if (verificationUrl === undefined) {
         throw new Error("device start response missing verification url");
     }
+    await options?.onDeviceStart?.({
+        verificationUrl,
+        userCode: start.userCode,
+        intervalSeconds: start.intervalSeconds,
+        expiresInSeconds: start.expiresInSeconds
+    });
     const pollIntervalMs = (start.intervalSeconds ?? DEFAULT_DEVICE_POLL_INTERVAL_SECONDS) * 1000;
     const deadline = Date.now() + Math.max(timeoutSeconds, 30) * 1000;
     while (Date.now() < deadline) {

package/dist/cli.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
+import { spawn } from "node:child_process";
 import { createRequire } from "node:module";
 import { Command } from "commander";
 import { z } from "zod";
-import { clearAuthSession, loginWithDeviceFlow, loginWithToken, requireAuthSession, shouldBypassAuth, verifySession } from "./auth.js";
+import { clearAuthSession, loginWithBrowserConnect, loginWithDeviceFlow, loginWithToken, requireAuthSession, shouldBypassAuth, verifySession } from "./auth.js";
 import { buildBigQueryLeadLookupSql, executeBigQuerySql, normalizeBigQueryLeadRows, runBigQueryQuery, runBigQueryRows } from "./bigquery.js";
 import { AccountProfileSchema, EnrichedLeadSchema, IcpSchema, LeadSchema, ScoredLeadSchema, SyncTargetSchema } from "./domain.js";
 import { auditDomainDecisions, buildDomainfinderBacklogQueries, buildDomainfinderCandidatesSql, buildDomainfinderInputSql, buildDomainfinderWritebackSql, buildExistingDomainRepairSql, buildExistingDomainAuditQueries, compareDomainSelectionStrategies, selectBestDomains } from "./domainfinder.js";
@@ -35,6 +36,59 @@ function applyGlobalOutputOptions(actionCommand) {
     runtimeOutputOptions.json = Boolean(globalOptions.json);
     runtimeOutputOptions.quiet = Boolean(globalOptions.quiet);
 }
+function openUrlInBrowser(url) {
+    if (!process.stderr.isTTY) {
+        return false;
+    }
+    const launch = (command, args) => {
+        try {
+            const child = spawn(command, args, { detached: true, stdio: "ignore" });
+            child.on("error", () => undefined);
+            child.unref();
+            return true;
+        }
+        catch {
+            return false;
+        }
+    };
+    try {
+        if (process.platform === "darwin") {
+            return launch("open", [url]);
+        }
+        if (process.platform === "win32") {
+            return launch("cmd", ["/c", "start", "", url]);
+        }
+        return launch("xdg-open", [url]);
+    }
+    catch {
+        return false;
+    }
+}
+function writeDeviceLoginInstructions(info) {
+    if (runtimeOutputOptions.json || runtimeOutputOptions.quiet) {
+        return;
+    }
+    process.stderr.write("Starting device login flow. Complete login in the browser.\n");
+    process.stderr.write(`Open this URL: ${info.verificationUrl}\n`);
+    process.stderr.write(`Enter this code if prompted: ${info.userCode}\n`);
+    if (info.expiresInSeconds !== undefined) {
+        const expiresInMinutes = Math.max(1, Math.ceil(info.expiresInSeconds / 60));
+        process.stderr.write(`Code expires in about ${expiresInMinutes} minute${expiresInMinutes === 1 ? "" : "s"}.\n`);
+    }
+    if (openUrlInBrowser(info.verificationUrl)) {
+        process.stderr.write("Opened the browser for you.\n");
+    }
+}
+function writeBrowserLoginInstructions(info) {
+    if (runtimeOutputOptions.json || runtimeOutputOptions.quiet) {
+        return;
+    }
+    process.stderr.write("Starting browser login flow. Complete login in the browser.\n");
+    process.stderr.write(`Open this URL: ${info.browserUrl}\n`);
+    if (openUrlInBrowser(info.browserUrl)) {
+        process.stderr.write("Opened the browser for you.\n");
+    }
+}
 function buildCliError(error) {
     if (error instanceof z.ZodError) {
         return {
@@ -193,12 +247,35 @@ program
         return;
     }
     const startedAt = new Date().toISOString();
-    if (!runtimeOutputOptions.json && !runtimeOutputOptions.quiet) {
-        process.stderr.write("Starting device login flow. Complete login in the browser.\n");
+    try {
+        const session = await loginWithBrowserConnect({
+            apiBaseUrl: options.apiUrl,
+            timeoutSeconds,
+            onConnectStart: writeBrowserLoginInstructions
+        });
+        printOutput({
+            status: "ok",
+            method: "browser",
+            startedAt,
+            apiBaseUrl: session.apiBaseUrl,
+            user: session.user,
+            expiresAt: session.expiresAt ?? null
+        });
+        return;
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (!message.includes("timed out waiting for browser login") && !message.includes("invalid localhost callback response") && !message.includes("request failed")) {
+            throw error;
+        }
+        if (!/request failed \((401|403|404|405|500|501|502|503|504)\)/.test(message)) {
+            throw error;
+        }
     }
     const result = await loginWithDeviceFlow({
         apiBaseUrl: options.apiUrl,
-        timeoutSeconds
+        timeoutSeconds,
+        onDeviceStart: writeDeviceLoginInstructions
     });
     printOutput({
         status: "ok",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "salesprompter-cli",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "JSON-first sales prospecting CLI for ICP definition, lead generation, enrichment, scoring, and CRM/outreach sync.",
   "type": "module",
   "bin": {