unbound-cli 0.8.1 → 0.8.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "0.8.1",
+  "version": "0.8.2",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/api.js

@@ -29,15 +29,18 @@ class ApiError extends Error {
   }
 }
 
-function request(method, path, { body, query, apiKey } = {}) {
-  const baseUrl = config.getBaseUrl();
+function request(method, path, { body, query, apiKey, baseUrl } = {}) {
+  // Explicit baseUrl wins over env-var-aware getBaseUrl(). Used by login /
+  // setup / onboard so a user's just-passed --backend-url isn't shadowed by a
+  // stale UNBOUND_API_URL env var from a prior shell session.
+  const resolvedBaseUrl = baseUrl || config.getBaseUrl();
   const key = apiKey || config.getApiKey();
 
   if (!key) {
     return Promise.reject(new Error('Not logged in. Run `unbound login` first.'));
   }
 
-  const url = new URL(path, baseUrl);
+  const url = new URL(path, resolvedBaseUrl);
   if (query) {
     for (const [k, v] of Object.entries(query)) {
       if (v !== undefined && v !== null) {

package/src/auth.js

@@ -107,13 +107,17 @@ async function loginWithBrowser(frontendUrl) {
  * Shows a spinner during validation and a success message with user info.
  *
  * @param {string} apiKey - The API key to validate and store
+ * @param {object} [opts]
+ * @param {string} [opts.baseUrl] - Explicit backend URL override. Used when the
+ *   caller just persisted a tenant URL via setUrls and wants validation to hit
+ *   that exact backend, regardless of any stale UNBOUND_API_URL env var.
  * @returns {Promise<true>}
  */
-async function loginWithApiKey(apiKey) {
+async function loginWithApiKey(apiKey, { baseUrl } = {}) {
   const spin = output.spinner('Authenticating...');
   let response;
   try {
-    response = await api.get('/api/v1/users/privileges/', { apiKey });
+    response = await api.get('/api/v1/users/privileges/', { apiKey, baseUrl });
   } catch (err) {
     let msg;
     if (err.statusCode === 401 || err.statusCode === 403) {
@@ -143,10 +147,14 @@ async function loginWithApiKey(apiKey) {
  * Ensures the user is logged in. If an apiKey is provided, validates and
  * stores it first. If not logged in, triggers browser-based login.
  * Returns true if logged in (or just logged in), false on failure.
+ *
+ * `baseUrl` and `frontendUrl` are explicit overrides for the URLs to validate
+ * against / open in the browser. Used by login/setup/onboard so a just-passed
+ * --backend-url / --frontend-url isn't shadowed by a stale env var.
  */
-async function ensureLoggedIn({ apiKey } = {}) {
+async function ensureLoggedIn({ apiKey, baseUrl, frontendUrl } = {}) {
   if (apiKey) {
-    await loginWithApiKey(apiKey);
+    await loginWithApiKey(apiKey, { baseUrl });
     return true;
   }
 
@@ -155,8 +163,7 @@ async function ensureLoggedIn({ apiKey } = {}) {
   }
 
   output.warn('Not logged in. Opening browser to authenticate...');
-  const frontendUrl = config.getFrontendUrl();
-  const result = await loginWithBrowser(frontendUrl);
+  const result = await loginWithBrowser(frontendUrl || config.getFrontendUrl());
 
   const parts = [];
   if (result.email) parts.push(`as ${result.email}`);

package/src/commands/login.js

@@ -47,17 +47,21 @@ Examples:
         // --backend-url is the canonical visible flag; --base-url is a hidden
         // back-compat alias. setUrls writes all provided URLs atomically so
         // a malformed --frontend-url can't leave a fresh --backend-url half-applied.
-        config.setUrls({
+        const written = config.setUrls({
           backend: opts.backendUrl || opts.baseUrl,
           frontend: opts.frontendUrl,
           gateway: opts.gatewayUrl,
         });
-
-        let apiKey;
+        // Prefer just-persisted values over env-var-aware getters so a stale
+        // UNBOUND_*_URL from a prior shell session can't shadow the user's
+        // explicit --backend-url / --frontend-url and route validation at the
+        // wrong tenant.
+        const explicitBaseUrl = written.base_url;
+        const explicitFrontendUrl = written.frontend_url;
 
         if (opts.apiKey) {
           try {
-            await loginWithApiKey(opts.apiKey);
+            await loginWithApiKey(opts.apiKey, { baseUrl: explicitBaseUrl });
           } catch {
             process.exitCode = 1;
             return;
@@ -69,12 +73,13 @@ Examples:
           if (opts.domain) {
             frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
           } else {
-            frontendUrl = config.getFrontendUrl();
+            frontendUrl = explicitFrontendUrl || config.getFrontendUrl();
           }
           await loginWithBrowser(frontendUrl);
-          apiKey = config.getApiKey();
-          // Validate the stored key
-          await api.get('/api/v1/users/privileges/');
+          // Validate the just-stored key against the explicit backend if one
+          // was just persisted; otherwise fall back to the env-var-aware
+          // getter. api.get reads the stored key from config internally.
+          await api.get('/api/v1/users/privileges/', { baseUrl: explicitBaseUrl });
         }
 
         const cfg = config.readConfig();

package/src/commands/onboard.js

@@ -52,21 +52,29 @@ Examples:
       let setupSucceeded = false;
       let discoveryDomain;
       try {
-        // Persist explicitly-passed URL flags BEFORE login so tenant URLs land
-        // in config before any backend call (whoami, setup completion ping) uses
-        // them. setUrls is atomic — a malformed URL throws before any disk write,
-        // so the three URLs never end up out of sync.
-        config.setUrls({
+        // Persist URLs first, then login, then setup — order matters so the
+        // login validates against the new backend and setup wires tools at the
+        // new gateway. setUrls is atomic; a malformed URL throws before any
+        // disk write so the three URLs never end up out of sync.
+        const written = config.setUrls({
           backend: opts.backendUrl,
           frontend: opts.frontendUrl,
           gateway: opts.gatewayUrl,
         });
-        const backendUrl = config.getBaseUrl();
-        const frontendUrl = config.getFrontendUrl();
-        const gatewayUrl = config.getGatewayUrl();
+        // Prefer the values we JUST persisted over the env-var-aware getters —
+        // a stale UNBOUND_*_URL from a prior shell session could otherwise
+        // silently shadow the user's explicit --*-url flag and route login or
+        // setup at the wrong tenant.
+        const backendUrl = written.base_url || config.getBaseUrl();
+        const frontendUrl = written.frontend_url || config.getFrontendUrl();
+        const gatewayUrl = written.gateway_url || config.getGatewayUrl();
         discoveryDomain = opts.domain || backendUrl;
 
-        await ensureLoggedIn({ apiKey: opts.apiKey });
+        await ensureLoggedIn({
+          apiKey: opts.apiKey,
+          baseUrl: written.base_url,
+          frontendUrl: written.frontend_url,
+        });
         const apiKey = config.getApiKey();
 
         console.log('');
@@ -124,15 +132,16 @@ Examples:
       let setupSucceeded = false;
       let discoveryDomain;
       try {
-        // Persist explicitly-passed URL flags so subsequent commands on this
-        // device (e.g. unbound discover, unbound setup) hit the same tenant.
-        // setUrls is atomic — a malformed URL throws before any disk write.
-        config.setUrls({
+        // Persist URLs first, then login, then setup — order matters so this
+        // MDM run wires tools at the new tenant. Prefer just-written values
+        // over env-var-aware getters so a stale UNBOUND_*_URL can't shadow the
+        // user's explicit --*-url flag.
+        const written = config.setUrls({
           backend: opts.backendUrl,
           gateway: opts.gatewayUrl,
         });
-        const backendUrl = config.getBaseUrl();
-        const gatewayUrl = config.getGatewayUrl();
+        const backendUrl = written.base_url || config.getBaseUrl();
+        const gatewayUrl = written.gateway_url || config.getGatewayUrl();
         discoveryDomain = opts.domain || backendUrl;
 
         checkRoot('onboard-mdm');

package/src/commands/setup.js

@@ -367,21 +367,26 @@ automatically to authenticate before proceeding.
 `)
     .action(async (tools, opts) => {
       try {
-        // Persist explicitly-passed URL flags BEFORE ensureLoggedIn runs so a
-        // tenant-onboarding `unbound setup --gateway-url ... --api-key ...` lands
-        // tenant URLs in config before any backend call uses them. setUrls is
-        // atomic — no partial writes if any value is malformed.
-        config.setUrls({
+        // Persist URLs first, login, then setup. setUrls is atomic; a malformed
+        // URL throws before any disk write.
+        const written = config.setUrls({
           backend: opts.backendUrl,
           frontend: opts.frontendUrl,
           gateway: opts.gatewayUrl,
         });
-
-        await ensureLoggedIn({ apiKey: opts.apiKey });
+        // Prefer just-persisted values over env-var-aware getters so a stale
+        // UNBOUND_*_URL from a prior shell session can't silently shadow the
+        // user's explicit --*-url flag and route login/setup at the wrong tenant.
+        const backendUrl = written.base_url || config.getBaseUrl();
+        const frontendUrl = written.frontend_url || config.getFrontendUrl();
+        const gatewayUrl = written.gateway_url || config.getGatewayUrl();
+
+        await ensureLoggedIn({
+          apiKey: opts.apiKey,
+          baseUrl: written.base_url,
+          frontendUrl: written.frontend_url,
+        });
         const apiKey = config.getApiKey();
-        const backendUrl = config.getBaseUrl();
-        const frontendUrl = config.getFrontendUrl();
-        const gatewayUrl = config.getGatewayUrl();
         const urlOpts = { backendUrl, frontendUrl, gatewayUrl };
 
         // --all expands to the default bundle. Cannot be combined with explicit tool names.
@@ -593,15 +598,16 @@ Examples:
         // --backend-url, --frontend-url, --gateway-url are defined only on the parent `setup` command.
         // Use optsWithGlobals() so they all work regardless of position relative to `mdm`.
         const globalOpts = command.optsWithGlobals();
-        // Persist explicitly-passed URL flags so this MDM run also configures
-        // the CLI for any subsequent non-MDM commands on the same machine.
-        // setUrls is atomic — no partial writes if any value is malformed.
-        config.setUrls({
+        // Persist URLs first so this MDM run wires tools at the new tenant
+        // and any subsequent non-MDM command on the same machine inherits.
+        // Prefer just-persisted values over env-var-aware getters so a stale
+        // UNBOUND_*_URL can't shadow the explicit --*-url flag.
+        const written = config.setUrls({
           backend: globalOpts.backendUrl,
           gateway: globalOpts.gatewayUrl,
         });
-        const backendUrl = config.getBaseUrl();
-        const gatewayUrl = config.getGatewayUrl();
+        const backendUrl = written.base_url || config.getBaseUrl();
+        const gatewayUrl = written.gateway_url || config.getGatewayUrl();
 
         if (globalOpts.all && tools.length > 0) {
           output.error('Cannot combine --all with specific tool names. Use one or the other.');

package/test/config-normalize-url.test.js

@@ -151,6 +151,49 @@ test('setUrls is atomic — partial failure leaves config unchanged', () => {
   }
 });
 
+// WEB-4107: setUrls returns the just-written values so callers can use them
+// directly instead of going back through getBaseUrl/etc. (which give env-var
+// precedence over config). A stale UNBOUND_*_URL from a prior shell session
+// would otherwise silently shadow the user's explicit --*-url flag.
+test('setUrls return value reflects what was persisted, bypassing env-var shadowing', () => {
+  const fs = require('node:fs');
+  const os = require('node:os');
+  const path = require('node:path');
+  const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'unbound-cli-test-'));
+  const origHome = process.env.HOME;
+  const origGw = process.env.UNBOUND_GATEWAY_URL;
+  const origBe = process.env.UNBOUND_API_URL;
+  process.env.HOME = tmp;
+  // Stale env vars from a prior tenant — these would otherwise win in getXxxUrl().
+  process.env.UNBOUND_GATEWAY_URL = 'https://gw.STALE.com';
+  process.env.UNBOUND_API_URL     = 'https://be.STALE.com';
+  delete require.cache[require.resolve('../src/config')];
+  const c = require('../src/config');
+  try {
+    const written = c.setUrls({
+      backend: 'be.NEW.com',
+      frontend: 'fe.NEW.com',
+      gateway: 'gw.NEW.com',
+    });
+    // The return value reflects WHAT WAS WRITTEN — the user's explicit input.
+    assert.equal(written.base_url, 'https://be.new.com');
+    assert.equal(written.frontend_url, 'https://fe.new.com');
+    assert.equal(written.gateway_url, 'https://gw.new.com');
+    // The getters would still respect the env vars (existing convention).
+    // Callers that need the user's intent must use the setUrls return value.
+    assert.equal(c.getGatewayUrl(), 'https://gw.STALE.com');
+    assert.equal(c.getBaseUrl(),    'https://be.STALE.com');
+  } finally {
+    process.env.HOME = origHome;
+    if (origGw === undefined) delete process.env.UNBOUND_GATEWAY_URL;
+    else process.env.UNBOUND_GATEWAY_URL = origGw;
+    if (origBe === undefined) delete process.env.UNBOUND_API_URL;
+    else process.env.UNBOUND_API_URL = origBe;
+    delete require.cache[require.resolve('../src/config')];
+    fs.rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
 // WEB-4103: backfillUserInfo must refresh email/org_name when the API returns
 // a different value (e.g. user switched tenants), not just fill if missing.
 // Defensive: must NOT blank the cached value on a partial/empty API response.