npm - thinkwork-cli - Versions diffs - 0.6.1 → 0.6.2 - Mend

thinkwork-cli 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.js +125 -28
package/package.json +2 -1

package/dist/cli.js CHANGED Viewed

@@ -802,6 +802,7 @@ function registerBootstrapCommand(program2) {
 // src/commands/login.ts
 import { execSync as execSync4 } from "child_process";
 import { createInterface as createInterface2 } from "readline";
+import { select, Separator } from "@inquirer/prompts";
 import chalk5 from "chalk";
 // src/aws-profiles.ts
@@ -1036,33 +1037,41 @@ function describeType(type) {
   }
 }
 async function pickProfile(profiles) {
-  console.log("");
-  console.log(chalk5.bold("  Found these profiles in ~/.aws:"));
-  profiles.forEach((p, i) => {
-    const idx = String(i + 1).padStart(2, " ");
-    console.log(
-      `    ${chalk5.cyan(idx)}. ${chalk5.bold(p.name)}  ${chalk5.dim(`(${describeType(p.type)})`)}`
+  if (!process.stdin.isTTY) {
+    printError(
+      "The profile picker needs an interactive terminal. Re-run with --keys, --sso, or --profile <name>."
     );
-  });
-  const newIdx = profiles.length + 1;
-  const ssoIdx = profiles.length + 2;
-  console.log(
-    `    ${chalk5.cyan(String(newIdx).padStart(2, " "))}. Enter new access keys`
-  );
-  console.log(
-    `    ${chalk5.cyan(String(ssoIdx).padStart(2, " "))}. Log in via AWS SSO`
-  );
-  console.log("");
-  const answer = await ask(`  Pick a profile [1-${ssoIdx}] (Enter to cancel): `);
-  if (!answer) return { kind: "cancel" };
-  const n = Number.parseInt(answer, 10);
-  if (Number.isNaN(n) || n < 1 || n > ssoIdx) {
-    printError(`"${answer}" is not a valid option.`);
     return { kind: "cancel" };
   }
-  if (n === newIdx) return { kind: "keys" };
-  if (n === ssoIdx) return { kind: "sso" };
-  return { kind: "existing", name: profiles[n - 1].name };
+  const choices = profiles.map((p) => ({
+    name: `${p.name}  ${chalk5.dim(`(${describeType(p.type)})`)}`,
+    value: { kind: "existing", name: p.name }
+  }));
+  choices.push(new Separator());
+  choices.push({
+    name: "Enter new access keys",
+    value: { kind: "keys" },
+    description: "Paste an AWS Access Key ID and Secret Access Key; saved to a new profile."
+  });
+  choices.push({
+    name: "Log in via AWS SSO",
+    value: { kind: "sso" },
+    description: "Run `aws sso login` against the configured SSO profile."
+  });
+  try {
+    const picked = await select({
+      message: "Pick an AWS profile for Thinkwork:",
+      choices,
+      loop: false,
+      pageSize: Math.max(profiles.length + 2, 10)
+    });
+    return picked;
+  } catch (err) {
+    if (err instanceof Error && err.name === "ExitPromptError") {
+      return { kind: "cancel" };
+    }
+    throw err;
+  }
 }
 async function runKeyEntry(targetProfile) {
   console.log("");
@@ -1145,7 +1154,26 @@ function registerLoginCommand(program2) {
     "--profile <name>",
     "AWS profile name to configure (used when entering new keys or SSO)",
     "thinkwork"
-  ).option("--sso", "Skip the picker and go straight to SSO login").option("--keys", "Skip the picker and go straight to access-key entry").action(async (opts) => {
+  ).option("--sso", "Skip the picker and go straight to SSO login").option("--keys", "Skip the picker and go straight to access-key entry").addHelpText(
+    "after",
+    `
+Examples:
+  # Interactive picker \u2014 lists profiles from ~/.aws, verifies the one you pick,
+  # and saves it as your Thinkwork default.
+  $ thinkwork login
+  # Skip the picker, enter fresh access keys into a named profile
+  $ thinkwork login --keys --profile thinkwork
+  # Skip the picker, log in via AWS SSO
+  $ thinkwork login --sso --profile work-sso
+After login, commands resolve the AWS profile in this order:
+  1. --profile <name>            (per-command override)
+  2. $AWS_PROFILE env var
+  3. defaultProfile from ~/.thinkwork/config.json  (set by this command)
+`
+  ).action(async (opts) => {
     printHeader("login", opts.profile);
     const awsOk = await ensureAwsCli();
     if (!awsOk) process.exit(1);
@@ -1744,7 +1772,30 @@ function printStageDetail(info) {
 function registerStatusCommand(program2) {
   program2.command("status").alias("list").alias("ls").description(
     "Show all Thinkwork environments / deployments (AWS + local). Aliases: list, ls"
-  ).option("-s, --stage <name>", "Show details for a specific stage").option("--region <region>", "AWS region to scan", "us-east-1").action(async (opts) => {
+  ).option("-s, --stage <name>", "Show details for a specific stage").option("--region <region>", "AWS region to scan", "us-east-1").addHelpText(
+    "after",
+    `
+Examples:
+  # List every deployment in the current AWS account (us-east-1)
+  $ thinkwork list
+  # Same thing, tighter verb
+  $ thinkwork ls
+  # Deep-dive on one stage (same info but scoped)
+  $ thinkwork list -s dev
+  # Scan a different region
+  $ thinkwork list --region us-west-2
+  # Use a specific AWS profile for this call only
+  $ thinkwork --profile work-sso list
+Discovers stages by looking for \`thinkwork-<stage>-api-graphql-http\`
+Lambdas and fans out to API Gateway, AppSync, S3, RDS, ECS, CloudFront,
+and AgentCore for per-stage detail.
+`
+  ).action(async (opts) => {
     const identity = getAwsIdentity();
     printHeader("status", opts.stage || "all", identity);
     if (!identity) {
@@ -2342,7 +2393,38 @@ function registerUserCommand(program2) {
   const user = program2.command("user").description("User-management utilities for a deployed Thinkwork stack");
   user.command("invite <email>").description(
     "Invite a teammate to a tenant. Creates the Cognito user (Cognito emails a temporary password) and adds them as a tenant member."
-  ).requiredOption("-s, --stage <name>", "Deployment stage").requiredOption("--tenant <slug>", "Tenant slug").option("--name <name>", "Display name for the invited user").option("--role <role>", "Tenant member role", "member").action(
+  ).requiredOption("-s, --stage <name>", "Deployment stage (e.g. dev, prod)").requiredOption(
+    "--tenant <slug>",
+    "Tenant slug (the URL-safe tenant id, e.g. acme)"
+  ).option("--name <name>", "Display name for the invited user").option(
+    "--role <role>",
+    'Tenant member role: "member", "admin", or "owner"',
+    "member"
+  ).addHelpText(
+    "after",
+    `
+Examples:
+  # Invite a teammate as a regular member
+  $ thinkwork user invite alice@example.com --tenant acme -s dev
+  # Invite with a display name and admin role
+  $ thinkwork user invite bob@example.com --tenant acme -s dev \\
+      --name "Bob Smith" --role admin
+  # Re-inviting someone who's already a member is a no-op (no second email)
+  $ thinkwork user invite alice@example.com --tenant acme -s dev
+  \u26A0  alice@example.com is already a member of "acme" (role: member). No email sent.
+What happens:
+  1. A Cognito user is created (or reused if the email already exists).
+  2. Cognito emails the user a temporary password.
+  3. The user is added to the tenant with the given role.
+  4. On first sign-in they're prompted to set a real password.
+Requires the stack to be deployed (the CLI discovers the API Gateway URL
+and reads api_auth_secret from terraform.tfvars for the stage).
+`
+  ).action(
     async (email, opts) => {
       const stageCheck = validateStage(opts.stage);
       if (!stageCheck.valid) {
@@ -2402,9 +2484,24 @@ function registerUserCommand(program2) {
   );
   user.command("reset-password <email>").description(
     "Trigger Cognito's forgot-password flow for a user (admin-initiated). Sends them a verification code email."
-  ).option("-p, --profile <name>", "AWS profile").requiredOption("-s, --stage <name>", "Deployment stage").option(
+  ).option("-p, --profile <name>", "AWS profile").requiredOption("-s, --stage <name>", "Deployment stage (e.g. dev, prod)").option(
     "-r, --region <name>",
     "AWS region (defaults to AWS CLI default / AWS_REGION)"
+  ).addHelpText(
+    "after",
+    `
+Examples:
+  # Admin-triggered password reset \u2014 works even if the account is locked
+  $ thinkwork user reset-password alice@example.com -s dev
+  # Target a specific AWS profile + region
+  $ thinkwork user reset-password alice@example.com -s prod \\
+      --profile thinkwork --region us-east-1
+Cognito emails the user a verification code; they set a new password on
+next sign-in. Use this instead of \`forgot-password\` when the user is in
+FORCE_CHANGE_PASSWORD or has been disabled.
+`
   ).action(
     async (email, opts) => {
       const stageCheck = validateStage(opts.stage);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "thinkwork-cli",
-  "version": "0.6.1",
+  "version": "0.6.2",
   "description": "Thinkwork CLI — deploy, manage, and interact with your Thinkwork stack",
   "license": "MIT",
   "type": "module",
@@ -19,6 +19,7 @@
     "prepublishOnly": "npm run build && npm run typecheck"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.4.1",
     "chalk": "^5.6.2",
     "commander": "^12.0.0",
     "ora": "^9.3.0"