specli 0.0.11 → 0.0.13

package/dist/cli/runtime/request.js

@@ -0,0 +1,283 @@
+import { resolveAuthScheme } from "./auth/resolve.js";
+import { getToken } from "./profile/secrets.js";
+import { getProfile, readProfiles } from "./profile/store.js";
+import { resolveServerUrl } from "./server-url.js";
+import { applyTemplate } from "./template.js";
+import { createAjv, deriveValidationSchemas, formatAjvErrors, } from "./validate/index.js";
+function parseKeyValuePairs(pairs) {
+    const out = {};
+    for (const pair of pairs ?? []) {
+        const idx = pair.indexOf("=");
+        if (idx === -1)
+            throw new Error(`Invalid pair '${pair}', expected name=value`);
+        const name = pair.slice(0, idx).trim();
+        const value = pair.slice(idx + 1).trim();
+        if (!name)
+            throw new Error(`Invalid pair '${pair}', missing name`);
+        out[name] = value;
+    }
+    return out;
+}
+function _parseTimeoutMs(value) {
+    if (!value)
+        return undefined;
+    const n = Number(value);
+    if (!Number.isFinite(n) || n <= 0)
+        throw new Error("--timeout must be a positive number");
+    return n;
+}
+function pickAuthSchemeKey(action, globals) {
+    if (globals.auth)
+        return globals.auth;
+    // If operation declares a single requirement set with a single scheme, default to it.
+    const req = action.auth.alternatives;
+    if (req.length === 1 && req[0]?.length === 1) {
+        return req[0][0]?.key;
+    }
+    return undefined;
+}
+function applyAuth(headers, url, action, globals, authSchemes) {
+    const schemeKey = pickAuthSchemeKey(action, globals);
+    if (!schemeKey)
+        return { headers, url };
+    const scheme = authSchemes.find((s) => s.key === schemeKey);
+    if (!scheme) {
+        throw new Error(`Unknown auth scheme '${schemeKey}'. Available: ${authSchemes
+            .map((s) => s.key)
+            .join(", ")}`);
+    }
+    if (scheme.kind === "http-bearer" ||
+        scheme.kind === "oauth2" ||
+        scheme.kind === "openIdConnect") {
+        const token = globals.bearerToken ?? globals.oauthToken;
+        if (!token)
+            throw new Error("Missing token. Provide --bearer-token <token>.");
+        headers.set("Authorization", `Bearer ${token}`);
+        return { headers, url };
+    }
+    if (scheme.kind === "http-basic") {
+        if (!globals.username)
+            throw new Error("Missing --username for basic auth");
+        if (!globals.password)
+            throw new Error("Missing --password for basic auth");
+        const raw = `${globals.username}:${globals.password}`;
+        const encoded = Buffer.from(raw, "utf8").toString("base64");
+        headers.set("Authorization", `Basic ${encoded}`);
+        return { headers, url };
+    }
+    if (scheme.kind === "api-key") {
+        if (!scheme.name)
+            throw new Error(`apiKey scheme '${scheme.key}' missing name`);
+        if (!scheme.in)
+            throw new Error(`apiKey scheme '${scheme.key}' missing location`);
+        if (!globals.apiKey)
+            throw new Error("Missing --api-key for apiKey auth");
+        if (scheme.in === "header") {
+            headers.set(scheme.name, globals.apiKey);
+        }
+        if (scheme.in === "query") {
+            url.searchParams.set(scheme.name, globals.apiKey);
+        }
+        if (scheme.in === "cookie") {
+            const existing = headers.get("Cookie");
+            const part = `${scheme.name}=${globals.apiKey}`;
+            headers.set("Cookie", existing ? `${existing}; ${part}` : part);
+        }
+        return { headers, url };
+    }
+    return { headers, url };
+}
+export async function buildRequest(input) {
+    // Always use the "default" profile for simplicity
+    const defaultProfileName = "default";
+    const profilesFile = await readProfiles();
+    const profile = getProfile(profilesFile, defaultProfileName);
+    const embedded = input.embeddedDefaults;
+    // Merge server vars: CLI flags override embedded defaults
+    const embeddedServerVars = parseKeyValuePairs(embedded?.serverVars);
+    const cliServerVars = parseKeyValuePairs(input.globals.serverVar);
+    const serverVars = { ...embeddedServerVars, ...cliServerVars };
+    // Priority: CLI flag > profile > embedded default
+    const serverUrl = resolveServerUrl({
+        serverOverride: input.globals.server ?? profile?.server ?? embedded?.server,
+        servers: input.servers,
+        serverVars,
+    });
+    // Path params: action.positionals order matches templated params order.
+    const pathVars = {};
+    for (let i = 0; i < input.action.positionals.length; i++) {
+        const pos = input.action.positionals[i];
+        const raw = input.action.pathArgs[i];
+        const value = input.positionalValues[i];
+        if (typeof raw === "string" && typeof value === "string") {
+            pathVars[raw] = value;
+        }
+        // Use cli name too as fallback
+        if (pos?.name && typeof value === "string") {
+            pathVars[pos.name] = value;
+        }
+    }
+    const path = applyTemplate(input.action.path, pathVars, { encode: true });
+    // Build the full URL by combining server URL and path.
+    // We need to handle the case where path starts with "/" carefully:
+    // URL constructor treats absolute paths as relative to origin, not base path.
+    const baseUrl = serverUrl.endsWith("/") ? serverUrl : `${serverUrl}/`;
+    const relativePath = path.startsWith("/") ? path.slice(1) : path;
+    const url = new URL(relativePath, baseUrl);
+    const headers = new Headers();
+    // Collect declared params for validation.
+    const queryValues = {};
+    const headerValues = {};
+    const cookieValues = {};
+    for (const p of input.action.params) {
+        if (p.kind !== "flag")
+            continue;
+        const optValue = input.flagValues[optionKeyFromFlag(p.flag)];
+        if (typeof optValue === "undefined")
+            continue;
+        if (p.in === "query") {
+            queryValues[p.name] = optValue;
+        }
+        if (p.in === "header") {
+            headerValues[p.name] = optValue;
+        }
+        if (p.in === "cookie") {
+            cookieValues[p.name] = optValue;
+        }
+    }
+    // Validate params (query/header/cookie) using Ajv.
+    const schemas = deriveValidationSchemas(input.action);
+    const ajv = createAjv();
+    if (schemas.querySchema) {
+        const validate = ajv.compile(schemas.querySchema);
+        if (!validate(queryValues)) {
+            throw new Error(formatAjvErrors(validate.errors));
+        }
+    }
+    if (schemas.headerSchema) {
+        const validate = ajv.compile(schemas.headerSchema);
+        if (!validate(headerValues)) {
+            throw new Error(formatAjvErrors(validate.errors));
+        }
+    }
+    if (schemas.cookieSchema) {
+        const validate = ajv.compile(schemas.cookieSchema);
+        if (!validate(cookieValues)) {
+            throw new Error(formatAjvErrors(validate.errors));
+        }
+    }
+    // Apply params -> query/header/cookie
+    for (const [name, value] of Object.entries(queryValues)) {
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                url.searchParams.append(name, String(item));
+            }
+            continue;
+        }
+        url.searchParams.set(name, String(value));
+    }
+    for (const [name, value] of Object.entries(headerValues)) {
+        headers.set(name, String(value));
+    }
+    for (const [name, value] of Object.entries(cookieValues)) {
+        const existing = headers.get("Cookie");
+        const part = `${name}=${String(value)}`;
+        headers.set("Cookie", existing ? `${existing}; ${part}` : part);
+    }
+    let body;
+    if (input.action.requestBody) {
+        // Check if any body flags were provided using the flag definitions
+        const bodyFlagDefs = input.bodyFlagDefs ?? [];
+        const hasBodyFlags = bodyFlagDefs.some((def) => {
+            // Commander keeps dots in option names: --address.street -> "address.street"
+            const dotKey = def.path.join(".");
+            return input.flagValues[dotKey] !== undefined;
+        });
+        const contentType = input.action.requestBody.preferredContentType;
+        if (contentType)
+            headers.set("Content-Type", contentType);
+        const schema = input.action.requestBodySchema;
+        // Check if there are any required fields in the body
+        const requiredFields = bodyFlagDefs.filter((d) => d.required);
+        if (!hasBodyFlags) {
+            if (requiredFields.length > 0) {
+                // Error: user must provide required fields
+                const flagList = requiredFields.map((d) => `--${d.path.join(".")}`);
+                throw new Error(`Required: ${flagList.join(", ")}`);
+            }
+            // No required fields - send empty body if body is required, otherwise skip
+            if (input.action.requestBody.required) {
+                body = "{}";
+            }
+        }
+        else {
+            if (!contentType?.includes("json")) {
+                throw new Error("Body field flags are only supported for JSON request bodies.");
+            }
+            // Check for missing required fields
+            const { findMissingRequired, parseDotNotationFlags } = await import("./body-flags.js");
+            const missing = findMissingRequired(input.flagValues, bodyFlagDefs);
+            if (missing.length > 0) {
+                const missingFlags = missing.map((m) => `--${m}`).join(", ");
+                throw new Error(`Missing required fields: ${missingFlags}`);
+            }
+            // Build nested object from dot-notation flags
+            const built = parseDotNotationFlags(input.flagValues, bodyFlagDefs);
+            if (schema) {
+                const validate = ajv.compile(schema);
+                if (!validate(built)) {
+                    throw new Error(formatAjvErrors(validate.errors));
+                }
+            }
+            body = JSON.stringify(built);
+        }
+    }
+    // Check if user has a stored token (needed for auth scheme auto-selection)
+    const storedToken = profile?.name
+        ? await getToken(input.specId, profile.name)
+        : null;
+    // Auth resolution priority: CLI flag > profile > embedded default
+    const resolvedAuthScheme = resolveAuthScheme(input.authSchemes, input.action.auth, {
+        flagAuthScheme: input.globals.auth,
+        profileAuthScheme: profile?.authScheme,
+        embeddedAuthScheme: embedded?.auth,
+        hasStoredToken: Boolean(storedToken),
+    });
+    const tokenFromProfile = resolvedAuthScheme ? storedToken : null;
+    const globalsWithProfileAuth = {
+        ...input.globals,
+        auth: resolvedAuthScheme,
+        bearerToken: input.globals.bearerToken ??
+            input.globals.oauthToken ??
+            tokenFromProfile ??
+            undefined,
+    };
+    const final = applyAuth(headers, url, input.action, globalsWithProfileAuth, input.authSchemes);
+    const req = new Request(final.url.toString(), {
+        method: input.action.method,
+        headers: final.headers,
+        body,
+    });
+    const curl = buildCurl(req, body);
+    return { request: req, curl };
+}
+function buildCurl(req, body) {
+    const parts = ["curl", "-sS", "-X", req.method];
+    for (const [k, v] of req.headers.entries()) {
+        parts.push("-H", shellQuote(`${k}: ${v}`));
+    }
+    if (typeof body === "string") {
+        parts.push("--data", shellQuote(body));
+    }
+    parts.push(shellQuote(req.url));
+    return parts.join(" ");
+}
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+function optionKeyFromFlag(flag) {
+    // Commander uses camelCase property names derived from long flag.
+    // Example: --x-request-id -> xRequestId
+    const name = flag.replace(/^--/, "");
+    return name.replace(/-([a-z])/g, (_, c) => String(c).toUpperCase());
+}

package/dist/cli/runtime/request.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cli/runtime/request.test.js

@@ -0,0 +1,332 @@
+import { describe, expect, test } from "bun:test";
+import { tmpdir } from "node:os";
+import { generateBodyFlags } from "./body-flags.js";
+import { buildRequest } from "./request.js";
+import { createAjv, formatAjvErrors } from "./validate/index.js";
+function makeAction(partial) {
+    return {
+        id: "test",
+        key: "POST /contacts",
+        action: "create",
+        pathArgs: [],
+        method: "POST",
+        path: "/contacts",
+        tags: [],
+        style: "rest",
+        positionals: [],
+        flags: [],
+        params: [],
+        auth: { alternatives: [] },
+        requestBody: {
+            required: true,
+            content: [
+                {
+                    contentType: "application/json",
+                    required: true,
+                    schemaType: "object",
+                },
+            ],
+            hasJson: true,
+            hasFormUrlEncoded: false,
+            hasMultipart: false,
+            bodyFlags: ["--data", "--file"],
+            preferredContentType: "application/json",
+            preferredSchema: undefined,
+        },
+        requestBodySchema: {
+            type: "object",
+            properties: {
+                name: { type: "string" },
+            },
+            required: ["name"],
+        },
+        ...partial,
+    };
+}
+describe("buildRequest (requestBody)", () => {
+    test("builds body from expanded body flags", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            const action = makeAction();
+            const bodyFlagDefs = generateBodyFlags(action.requestBodySchema, new Set());
+            const { request, curl } = await buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: { name: "A" }, // --name A
+                globals: {},
+                servers: [
+                    { url: "https://api.example.com", variables: [], variableNames: [] },
+                ],
+                authSchemes: [],
+                bodyFlagDefs,
+            });
+            expect(request.headers.get("Content-Type")).toBe("application/json");
+            expect(await request.clone().text()).toBe('{"name":"A"}');
+            expect(curl).toContain("--data");
+            expect(curl).toContain('{"name":"A"}');
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+    test("throws when requestBody is required but missing", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            const action = makeAction();
+            const bodyFlagDefs = generateBodyFlags(action.requestBodySchema, new Set());
+            await expect(() => buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: {},
+                globals: {},
+                servers: [
+                    {
+                        url: "https://api.example.com",
+                        variables: [],
+                        variableNames: [],
+                    },
+                ],
+                authSchemes: [],
+                bodyFlagDefs,
+            })).toThrow("Required: --name");
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+    test("throws friendly error for missing required expanded field", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            // Schema with two fields, one required
+            const action = makeAction({
+                requestBodySchema: {
+                    type: "object",
+                    properties: {
+                        name: { type: "string" },
+                        email: { type: "string" },
+                    },
+                    required: ["name"],
+                },
+            });
+            const bodyFlagDefs = generateBodyFlags(action.requestBodySchema, new Set());
+            // Provide email but not name (the required one)
+            await expect(() => buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: { email: "test@example.com" }, // --email (but missing --name)
+                globals: {},
+                servers: [
+                    {
+                        url: "https://api.example.com",
+                        variables: [],
+                        variableNames: [],
+                    },
+                ],
+                authSchemes: [],
+                bodyFlagDefs,
+            })).toThrow("Missing required fields: --name");
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+    test("builds nested object from dot notation flags", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            const action = makeAction({
+                requestBodySchema: {
+                    type: "object",
+                    properties: {
+                        name: { type: "string" },
+                        address: {
+                            type: "object",
+                            properties: {
+                                street: { type: "string" },
+                                city: { type: "string" },
+                            },
+                        },
+                    },
+                    required: ["name"],
+                },
+            });
+            const bodyFlagDefs = generateBodyFlags(action.requestBodySchema, new Set());
+            // Dot notation: --address.street and --address.city should create nested object
+            const { request } = await buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: {
+                    name: "Ada",
+                    "address.street": "123 Main St", // Commander keeps dots in keys
+                    "address.city": "NYC",
+                },
+                globals: {},
+                servers: [
+                    { url: "https://api.example.com", variables: [], variableNames: [] },
+                ],
+                authSchemes: [],
+                bodyFlagDefs,
+            });
+            const body = JSON.parse(await request.clone().text());
+            expect(body).toEqual({
+                name: "Ada",
+                address: {
+                    street: "123 Main St",
+                    city: "NYC",
+                },
+            });
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+});
+describe("buildRequest (query parameters)", () => {
+    test("builds query string from flag values", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            const action = {
+                id: "test",
+                key: "GET /contacts",
+                action: "list",
+                pathArgs: [],
+                method: "GET",
+                path: "/contacts",
+                tags: [],
+                style: "rest",
+                positionals: [],
+                flags: [
+                    {
+                        flag: "--limit",
+                        name: "limit",
+                        in: "query",
+                        type: "integer",
+                        required: false,
+                    },
+                    {
+                        flag: "--name",
+                        name: "name",
+                        in: "query",
+                        type: "string",
+                        required: false,
+                    },
+                ],
+                params: [
+                    {
+                        kind: "flag",
+                        flag: "--limit",
+                        name: "limit",
+                        in: "query",
+                        required: false,
+                        type: "integer",
+                    },
+                    {
+                        kind: "flag",
+                        flag: "--name",
+                        name: "name",
+                        in: "query",
+                        required: false,
+                        type: "string",
+                    },
+                ],
+                auth: { alternatives: [] },
+            };
+            const { request } = await buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: { limit: 10, name: "andrew" },
+                globals: {},
+                servers: [
+                    { url: "https://api.example.com", variables: [], variableNames: [] },
+                ],
+                authSchemes: [],
+            });
+            expect(request.method).toBe("GET");
+            expect(request.url).toBe("https://api.example.com/contacts?limit=10&name=andrew");
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+    test("handles array query parameters", async () => {
+        const prevHome = process.env.HOME;
+        const home = `${tmpdir()}/specli-test-${crypto.randomUUID()}`;
+        process.env.HOME = home;
+        try {
+            const action = {
+                id: "test",
+                key: "GET /contacts",
+                action: "list",
+                pathArgs: [],
+                method: "GET",
+                path: "/contacts",
+                tags: [],
+                style: "rest",
+                positionals: [],
+                flags: [
+                    {
+                        flag: "--tag",
+                        name: "tag",
+                        in: "query",
+                        type: "array",
+                        itemType: "string",
+                        required: false,
+                    },
+                ],
+                params: [
+                    {
+                        kind: "flag",
+                        flag: "--tag",
+                        name: "tag",
+                        in: "query",
+                        required: false,
+                        type: "array",
+                    },
+                ],
+                auth: { alternatives: [] },
+            };
+            const { request } = await buildRequest({
+                specId: "spec",
+                action,
+                positionalValues: [],
+                flagValues: { tag: ["vip", "active"] },
+                globals: {},
+                servers: [
+                    { url: "https://api.example.com", variables: [], variableNames: [] },
+                ],
+                authSchemes: [],
+            });
+            expect(request.url).toBe("https://api.example.com/contacts?tag=vip&tag=active");
+        }
+        finally {
+            process.env.HOME = prevHome;
+        }
+    });
+});
+describe("formatAjvErrors", () => {
+    test("pretty prints required errors", () => {
+        const ajv = createAjv();
+        const validate = ajv.compile({
+            type: "object",
+            properties: { name: { type: "string" } },
+            required: ["name"],
+        });
+        validate({});
+        const msg = formatAjvErrors(validate.errors);
+        expect(msg).toBe("/ missing required property 'name'");
+    });
+});

package/dist/{src/cli → cli}/runtime/server-url.d.ts

@@ -5,4 +5,3 @@ export type ResolveServerInput = {
     serverVars: Record<string, string>;
 };
 export declare function resolveServerUrl(input: ResolveServerInput): string;
-//# sourceMappingURL=server-url.d.ts.map

package/dist/cli/runtime/server-url.js

@@ -0,0 +1,28 @@
+import { applyTemplate, extractTemplateVars } from "./template.js";
+export function resolveServerUrl(input) {
+    // Treat empty string as undefined (serverOverride can come from env vars or profiles)
+    const base = input.serverOverride || input.servers[0]?.url;
+    if (!base) {
+        throw new Error("No server URL found. Provide --server <url> or define servers in the OpenAPI spec.");
+    }
+    const names = extractTemplateVars(base);
+    if (!names.length)
+        return base;
+    const vars = {};
+    for (const name of names) {
+        const provided = input.serverVars[name];
+        if (typeof provided === "string") {
+            vars[name] = provided;
+            continue;
+        }
+        // If spec has default for this var, use it.
+        const match = input.servers.find((s) => s.url === base);
+        const v = match?.variables.find((x) => x.name === name);
+        if (typeof v?.default === "string") {
+            vars[name] = v.default;
+            continue;
+        }
+        throw new Error(`Missing server variable '${name}'. Provide --server-var ${name}=...`);
+    }
+    return applyTemplate(base, vars);
+}

package/dist/{src/cli → cli}/runtime/template.d.ts

@@ -2,4 +2,3 @@ export declare function extractTemplateVars(template: string): string[];
 export declare function applyTemplate(template: string, vars: Record<string, string>, options?: {
     encode?: boolean;
 }): string;
-//# sourceMappingURL=template.d.ts.map

package/dist/cli/runtime/template.js

@@ -0,0 +1,22 @@
+export function extractTemplateVars(template) {
+    const out = [];
+    const re = /\{([^}]+)\}/g;
+    while (true) {
+        const match = re.exec(template);
+        if (!match)
+            break;
+        out.push((match[1] ?? "").trim());
+    }
+    return out.filter(Boolean);
+}
+export function applyTemplate(template, vars, options) {
+    const encode = options?.encode ?? false;
+    return template.replace(/\{([^}]+)\}/g, (_, rawName) => {
+        const name = String(rawName).trim();
+        const value = vars[name];
+        if (typeof value !== "string") {
+            throw new Error(`Missing template variable: ${name}`);
+        }
+        return encode ? encodeURIComponent(value) : value;
+    });
+}

package/dist/cli/runtime/validate/ajv.d.ts

@@ -0,0 +1,2 @@
+import { Ajv } from "ajv";
+export declare function createAjv(): Ajv;