npm - vigthoria-cli - Versions diffs - 1.9.2 → 1.9.5 - Mend

vigthoria-cli 1.9.2 → 1.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +15 -5
package/dist/commands/auth.d.ts +28 -38
package/dist/commands/auth.js +389 -320
package/dist/commands/chat.d.ts +3 -0
package/dist/commands/chat.js +66 -15
package/dist/commands/index.js +1 -1
package/dist/commands/legion.d.ts +22 -19
package/dist/commands/legion.js +550 -132
package/dist/commands/preview.js +32 -7
package/dist/commands/repo.js +19 -13
package/dist/commands/update.d.ts +9 -0
package/dist/commands/update.js +235 -0
package/dist/index.d.ts +2 -1
package/dist/index.js +114 -33
package/dist/utils/api.d.ts +25 -70
package/dist/utils/api.js +784 -695
package/dist/utils/tools.d.ts +11 -0
package/dist/utils/tools.js +222 -0
package/package.json +7 -1

package/dist/commands/auth.js CHANGED Viewed

@@ -3,407 +3,476 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.authCommand = void 0;
-exports.readAuthSession = readAuthSession;
-exports.clearAuthSession = clearAuthSession;
-exports.refreshJwtIfNeeded = refreshJwtIfNeeded;
-exports.loginWithToken = loginWithToken;
-exports.loginWithCredentials = loginWithCredentials;
-exports.loginWithDeviceCode = loginWithDeviceCode;
-exports.getValidAuthSession = getValidAuthSession;
-exports.loginAction = loginAction;
-exports.logoutAction = logoutAction;
+exports.loadAuthConfig = loadAuthConfig;
+exports.saveAuthConfig = saveAuthConfig;
+exports.clearAuthConfig = clearAuthConfig;
+exports.getAuthToken = getAuthToken;
+exports.login = login;
+exports.logout = logout;
+exports.whoami = whoami;
+exports.doctor = doctor;
 exports.handleLogin = handleLogin;
 exports.handleLogout = handleLogout;
 exports.statusAction = statusAction;
-exports.createAuthCommand = createAuthCommand;
-exports.registerAuthCommand = registerAuthCommand;
-const commander_1 = require("commander");
-const fs_1 = __importDefault(require("fs"));
-const os_1 = __importDefault(require("os"));
+exports.registerAuthCommands = registerAuthCommands;
+const chalk_1 = __importDefault(require("chalk"));
+const fs_1 = require("fs");
+const os_1 = require("os");
 const path_1 = __importDefault(require("path"));
-const promises_1 = require("timers/promises");
+const readline_1 = __importDefault(require("readline"));
 const DEFAULT_API_URL = 'https://coder.vigthoria.io';
-const CONFIG_DIR = path_1.default.join(os_1.default.homedir(), '.vigthoria');
-const AUTH_FILE = path_1.default.join(CONFIG_DIR, 'auth.json');
-const REFRESH_SKEW_MS = 30_000;
-const refreshRequests = new Map();
-function getApiUrl(explicit) {
-    return (explicit || process.env.VIGTHORIA_API_URL || DEFAULT_API_URL).replace(/\/$/, '');
+const CONFIG_DIR = path_1.default.join((0, os_1.homedir)(), '.vigthoria');
+const CONFIG_FILE = path_1.default.join(CONFIG_DIR, 'config.json');
+const KNOWN_AUTH_BASE_URLS = ['https://coder.vigthoria.io', 'https://api.vigthoria.io'];
+class HttpError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.status = status;
+    }
 }
-function ensureConfigDir() {
-    fs_1.default.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+function trimTrailingSlash(value) {
+    return value.replace(/\/+$/, '');
 }
-function writeAuthSession(session) {
-    ensureConfigDir();
-    fs_1.default.writeFileSync(AUTH_FILE, `${JSON.stringify(session, null, 2)}\n`, { mode: 0o600 });
+function uniqueStrings(values) {
+    return [...new Set(values.filter(Boolean))];
 }
-function asErrorMessage(error) {
-    if (error instanceof TypeError && /fetch|network|failed|ECONN|ENOTFOUND|ETIMEDOUT/i.test(error.message)) {
-        return 'Network error while contacting Vigthoria. Check your connection and API URL.';
-    }
-    return error instanceof Error ? error.message : String(error);
+function getApiUrl() {
+    return trimTrailingSlash(process.env.VIGTHORIA_API_URL || DEFAULT_API_URL);
 }
-async function parseResponseBody(response) {
-    const text = await response.text();
-    if (!text)
-        return {};
-    try {
-        const parsed = JSON.parse(text);
-        return parsed && typeof parsed === 'object' ? parsed : {};
+function derivePeerHost(baseUrl) {
+    if (baseUrl.includes('://api.vigthoria.io')) {
+        return baseUrl.replace('://api.vigthoria.io', '://coder.vigthoria.io');
     }
-    catch {
-        return { message: text.slice(0, 300) };
+    if (baseUrl.includes('://coder.vigthoria.io')) {
+        return baseUrl.replace('://coder.vigthoria.io', '://api.vigthoria.io');
     }
+    return undefined;
 }
-function responseErrorMessage(response, data) {
-    const serverMessage = typeof data.error === 'string'
-        ? data.error
-        : typeof data.message === 'string'
-            ? data.message
-            : undefined;
-    if (response.status === 400 || response.status === 401 || response.status === 403) {
-        return serverMessage || 'Invalid credentials. Check your email, password, or token and try again.';
-    }
-    if (response.status === 404)
-        return serverMessage || 'Authentication endpoint was not found for the configured API URL.';
-    if (response.status >= 500)
-        return serverMessage || 'Vigthoria authentication service is temporarily unavailable. Try again later.';
-    return serverMessage || `Request failed with HTTP ${response.status}`;
+function getAuthBaseCandidates(seedBaseUrl) {
+    const seed = trimTrailingSlash(seedBaseUrl || getApiUrl());
+    const peer = derivePeerHost(seed);
+    return uniqueStrings([seed, ...(peer ? [peer] : []), ...KNOWN_AUTH_BASE_URLS]).map(trimTrailingSlash);
 }
-function readAuthSession() {
+function ensureConfigDir() {
+    if (!(0, fs_1.existsSync)(CONFIG_DIR)) {
+        (0, fs_1.mkdirSync)(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
     try {
-        if (!fs_1.default.existsSync(AUTH_FILE))
-            return null;
-        const parsed = JSON.parse(fs_1.default.readFileSync(AUTH_FILE, 'utf8'));
-        if (!parsed || typeof parsed.accessToken !== 'string' || !parsed.accessToken)
-            return null;
-        return parsed;
+        (0, fs_1.chmodSync)(CONFIG_DIR, 0o700);
     }
-    catch (error) {
-        console.error('Failed to read saved authentication session:', asErrorMessage(error));
-        return null;
+    catch {
+        // Best-effort on non-POSIX filesystems.
     }
 }
-function clearBrowserStorage() {
-    const storage = globalThis.localStorage;
-    if (!storage)
-        return;
-    try {
-        if (typeof storage.removeItem === 'function') {
-            storage.removeItem('vigthoria.auth');
-            storage.removeItem('vigthoria.jwt');
-            storage.removeItem('auth');
-            storage.removeItem('jwt');
-        }
-        if (typeof storage.clear === 'function')
-            storage.clear();
-    }
-    catch (error) {
-        console.warn('Failed to clear local auth storage:', asErrorMessage(error));
+function humanMessage(error) {
+    const raw = error instanceof Error ? error.message : String(error);
+    if (/^\s*</.test(raw) || /<!doctype html/i.test(raw)) {
+        return 'The Vigthoria service returned an unexpected HTML response. This usually means auth routes are misconfigured server-side.';
     }
+    return raw || 'Unknown authentication error.';
 }
-function resetJwtState(state) {
-    if (!state)
-        return;
-    state.token = null;
-    state.expiresAt = null;
-    state.refreshToken = null;
+function extractAuthToken(payload) {
+    if (!payload || typeof payload !== 'object') {
+        return undefined;
+    }
+    const body = payload;
+    return body.token || body.accessToken || body.tokens?.access_token;
 }
-function clearAuthSession(state) {
-    let ok = true;
-    try {
-        if (fs_1.default.existsSync(AUTH_FILE))
-            fs_1.default.rmSync(AUTH_FILE, { force: true });
+function extractAuthUser(payload, fallbackEmail) {
+    if (!payload || typeof payload !== 'object') {
+        return fallbackEmail ? { email: fallbackEmail } : undefined;
     }
-    catch (error) {
-        ok = false;
-        console.error('Failed to remove saved authentication session:', asErrorMessage(error));
+    const body = payload;
+    const user = body.user;
+    if (user && typeof user === 'object') {
+        const typed = user;
+        return {
+            id: typed.id ? String(typed.id) : undefined,
+            email: typed.email ? String(typed.email) : fallbackEmail,
+            name: typed.name ? String(typed.name) : typed.username ? String(typed.username) : undefined,
+        };
+    }
+    if (body.email || body.id || body.username) {
+        return {
+            id: body.id ? String(body.id) : undefined,
+            email: body.email ? String(body.email) : fallbackEmail,
+            name: body.username ? String(body.username) : body.name ? String(body.name) : undefined,
+        };
     }
-    clearBrowserStorage();
-    resetJwtState(state);
-    refreshRequests.clear();
-    return ok;
+    return fallbackEmail ? { email: fallbackEmail } : undefined;
 }
-async function postJson(url, body, token) {
-    let response;
+function loadAuthConfig() {
+    if (!(0, fs_1.existsSync)(CONFIG_FILE)) {
+        return { apiUrl: getApiUrl() };
+    }
     try {
-        response = await fetch(url, {
-            method: 'POST',
-            headers: {
-                'content-type': 'application/json',
-                ...(token ? { authorization: `Bearer ${token}` } : {}),
-            },
-            body: JSON.stringify(body),
-        });
+        const parsed = JSON.parse((0, fs_1.readFileSync)(CONFIG_FILE, 'utf8'));
+        return {
+            apiUrl: trimTrailingSlash(parsed.apiUrl || getApiUrl()),
+            token: parsed.token || parsed.authToken,
+            user: parsed.user,
+        };
     }
     catch (error) {
-        throw new Error(asErrorMessage(error));
+        console.warn(chalk_1.default.yellow(`Warning: could not read auth config: ${humanMessage(error)}`));
+        return { apiUrl: getApiUrl() };
     }
-    const data = await parseResponseBody(response);
-    if (!response.ok)
-        throw new Error(responseErrorMessage(response, data));
-    return data;
 }
-async function getJson(url, token) {
-    let response;
+function saveAuthConfig(config) {
+    ensureConfigDir();
+    (0, fs_1.writeFileSync)(CONFIG_FILE, `${JSON.stringify(config, null, 2)}\n`, 'utf8');
     try {
-        response = await fetch(url, {
-            headers: token ? { authorization: `Bearer ${token}` } : undefined,
-        });
+        (0, fs_1.chmodSync)(CONFIG_FILE, 0o600);
     }
-    catch (error) {
-        throw new Error(asErrorMessage(error));
+    catch {
+        // Best-effort on non-POSIX filesystems.
     }
-    const data = await parseResponseBody(response);
-    if (!response.ok)
-        throw new Error(responseErrorMessage(response, data));
-    return data;
-}
-function normalizeSession(data, apiUrl) {
-    const accessToken = data.accessToken || data.token;
-    if (!accessToken)
-        throw new Error('Authentication response did not include an access token.');
-    const now = new Date().toISOString();
-    const expiresAt = typeof data.expiresAt === 'number'
-        ? data.expiresAt
-        : typeof data.expiresIn === 'number'
-            ? Date.now() + data.expiresIn * 1000
-            : undefined;
-    return {
-        accessToken,
-        refreshToken: data.refreshToken,
-        user: data.user,
-        expiresAt,
-        apiUrl,
-        createdAt: now,
-        updatedAt: now,
-    };
 }
-function isExpired(session) {
-    return typeof session.expiresAt === 'number' && Date.now() >= session.expiresAt - REFRESH_SKEW_MS;
+function clearAuthConfig() {
+    if ((0, fs_1.existsSync)(CONFIG_FILE)) {
+        (0, fs_1.rmSync)(CONFIG_FILE, { force: true });
+    }
 }
-function jwtNeedsRefresh(state) {
-    if (!state.token)
-        return false;
-    if (typeof state.isExpired === 'function')
-        return state.isExpired();
-    return typeof state.expiresAt === 'number' && Date.now() >= state.expiresAt - REFRESH_SKEW_MS;
+function getAuthToken() {
+    return process.env.VIGTHORIA_TOKEN || loadAuthConfig().token;
 }
-function refreshKey(state, session) {
-    const apiUrl = getApiUrl(state.apiUrl || session?.apiUrl);
-    const refreshToken = state.refreshToken || session?.refreshToken || 'no-refresh-token';
-    return `${apiUrl}:${refreshToken}`;
+async function requestJson(url, init) {
+    const response = await fetch(url, {
+        ...init,
+        headers: {
+            accept: 'application/json',
+            'content-type': 'application/json',
+            ...(init.headers || {}),
+        },
+    });
+    const text = await response.text();
+    let body = {};
+    if (text.trim()) {
+        try {
+            body = JSON.parse(text);
+        }
+        catch {
+            if (/^\s*</.test(text) || /<!doctype html/i.test(text)) {
+                throw new HttpError(response.status, 'The Vigthoria service returned an unexpected HTML response. Please verify auth routes.');
+            }
+            throw new HttpError(response.status, text.slice(0, 240));
+        }
+    }
+    if (!response.ok) {
+        const message = typeof body === 'object' && body && 'error' in body
+            ? String(body.error)
+            : typeof body === 'object' && body && 'message' in body
+                ? String(body.message)
+                : `Request failed with status ${response.status}`;
+        throw new HttpError(response.status, message);
+    }
+    return body;
 }
-async function performRefresh(state, session) {
-    if (!session.refreshToken) {
-        resetJwtState(state);
-        return null;
+async function ask(question, hidden = false) {
+    const rl = readline_1.default.createInterface({ input: process.stdin, output: process.stdout });
+    if (!hidden) {
+        try {
+            return await new Promise((resolve) => rl.question(question, resolve));
+        }
+        finally {
+            rl.close();
+        }
     }
+    const output = process.stdout;
+    const mutableRl = rl;
+    const originalWrite = mutableRl._writeToOutput;
+    mutableRl._writeToOutput = function writeMasked(value) {
+        if (value.includes('\n') || value.includes('\r')) {
+            output.write(value);
+        }
+        else {
+            output.write('*');
+        }
+    };
     try {
-        const data = await postJson(`${session.apiUrl}/api/auth/refresh`, { refreshToken: session.refreshToken, client: 'vigthoria-cli' });
-        const refreshed = normalizeSession({ ...data, refreshToken: data.refreshToken || session.refreshToken }, session.apiUrl);
-        refreshed.createdAt = session.createdAt;
-        refreshed.updatedAt = new Date().toISOString();
-        writeAuthSession(refreshed);
-        state.token = refreshed.accessToken;
-        state.expiresAt = refreshed.expiresAt ?? null;
-        state.refreshToken = refreshed.refreshToken ?? session.refreshToken;
-        state.apiUrl = refreshed.apiUrl;
-        return refreshed.accessToken;
+        return await new Promise((resolve) => rl.question(question, resolve));
     }
-    catch (error) {
-        console.error('Failed to refresh authentication session:', asErrorMessage(error));
-        clearAuthSession(state);
-        return null;
+    finally {
+        if (originalWrite) {
+            mutableRl._writeToOutput = originalWrite;
+        }
+        output.write('\n');
+        rl.close();
     }
 }
-async function refreshJwtIfNeeded(state) {
-    if (!state || typeof state !== 'object')
-        throw new Error('JWT state is required.');
-    if (!jwtNeedsRefresh(state))
-        return state.token;
-    const session = readAuthSession();
-    if (!session) {
-        resetJwtState(state);
-        return null;
-    }
-    const key = refreshKey(state, session);
-    const existing = refreshRequests.get(key);
-    if (existing)
-        return existing;
-    const request = performRefresh(state, session).finally(() => {
-        refreshRequests.delete(key);
-    });
-    refreshRequests.set(key, request);
-    return request;
+function markSuccessExit() {
+    process.exitCode = 0;
 }
-async function loginWithToken(token, options = {}) {
-    if (!token || typeof token !== 'string')
-        throw new Error('A token is required.');
-    const apiUrl = getApiUrl(options.apiUrl);
-    let user;
+function markErrorExit() {
+    process.exitCode = 1;
+}
+async function login(email, password) {
     try {
-        const profile = await getJson(`${apiUrl}/api/auth/me`, token);
-        user = profile.data || profile.user;
+        const resolvedEmail = (email || '').trim();
+        const resolvedPassword = password || '';
+        if (!resolvedEmail || !resolvedPassword) {
+            throw new Error('Email and password are required. Pass --email and --password or run login interactively.');
+        }
+        const authBases = getAuthBaseCandidates(getApiUrl());
+        const endpointVariants = [
+            { path: '/auth/login', body: { email: resolvedEmail, password: resolvedPassword } },
+            { path: '/api/auth/login', body: { email: resolvedEmail, password: resolvedPassword } },
+            { path: '/api/login-json', body: { identifier: resolvedEmail, password: resolvedPassword } },
+            { path: '/api/login', body: { email: resolvedEmail, password: resolvedPassword } },
+        ];
+        const attempted = [];
+        const failures = [];
+        for (const base of authBases) {
+            for (const variant of endpointVariants) {
+                const endpoint = `${trimTrailingSlash(base)}${variant.path}`;
+                attempted.push(endpoint);
+                try {
+                    const result = await requestJson(endpoint, {
+                        method: 'POST',
+                        body: JSON.stringify(variant.body),
+                    });
+                    const token = extractAuthToken(result);
+                    if (!token) {
+                        failures.push(`${endpoint} -> success without token`);
+                        continue;
+                    }
+                    const config = {
+                        apiUrl: trimTrailingSlash(base),
+                        token,
+                        user: extractAuthUser(result, resolvedEmail),
+                        success: true,
+                    };
+                    saveAuthConfig(config);
+                    markSuccessExit();
+                    return config;
+                }
+                catch (error) {
+                    const message = humanMessage(error);
+                    failures.push(`${endpoint} -> ${message}`);
+                }
+            }
+        }
+        throw new Error([
+            'Login failed on all known auth endpoints.',
+            `Tried: ${attempted.join(', ')}`,
+            `Last errors: ${failures.slice(-4).join(' | ')}`,
+        ].join(' '));
     }
     catch (error) {
-        throw new Error(`Token validation failed: ${asErrorMessage(error)}`);
+        const message = humanMessage(error);
+        markErrorExit();
+        throw new Error(message);
     }
-    const now = new Date().toISOString();
-    const session = { accessToken: token, user, apiUrl, createdAt: now, updatedAt: now };
-    writeAuthSession(session);
-    return session;
 }
-async function loginWithCredentials(email, password, options = {}) {
-    if (!email || !password)
-        throw new Error('Email and password are required.');
-    const apiUrl = getApiUrl(options.apiUrl);
-    const data = await postJson(`${apiUrl}/api/auth/login`, { email, password, client: 'vigthoria-cli' });
-    const session = normalizeSession(data, apiUrl);
-    writeAuthSession(session);
-    return session;
+async function logout() {
+    const config = loadAuthConfig();
+    if (config.token) {
+        const bases = getAuthBaseCandidates(config.apiUrl || getApiUrl());
+        const logoutPaths = ['/auth/logout', '/api/auth/logout', '/api/logout'];
+        let remoteLogoutDone = false;
+        for (const base of bases) {
+            for (const route of logoutPaths) {
+                try {
+                    await requestJson(`${trimTrailingSlash(base)}${route}`, {
+                        method: 'POST',
+                        headers: { authorization: `Bearer ${config.token}` },
+                    });
+                    remoteLogoutDone = true;
+                    break;
+                }
+                catch {
+                    // Continue trying known routes.
+                }
+            }
+            if (remoteLogoutDone) {
+                break;
+            }
+        }
+        if (!remoteLogoutDone) {
+            console.warn(chalk_1.default.yellow('Remote logout endpoint not reachable; local credentials were still cleared.'));
+        }
+    }
+    clearAuthConfig();
+    process.exitCode = 0;
 }
-async function loginWithDeviceCode(options = {}) {
-    const apiUrl = getApiUrl(options.apiUrl);
-    const start = await postJson(`${apiUrl}/api/auth/device`, { client: 'vigthoria-cli' });
-    const verificationUri = start.verificationUri || start.verification_uri;
-    const userCode = start.userCode || start.user_code;
-    const deviceCode = start.deviceCode || start.device_code;
-    if (!verificationUri || !userCode || !deviceCode)
-        throw new Error('Device authorization endpoint returned an incomplete response.');
-    console.log(`Open this URL to authenticate: ${verificationUri}`);
-    console.log(`Enter code: ${userCode}`);
-    const timeoutAt = Date.now() + (options.pollTimeoutMs ?? 10 * 60 * 1000);
-    const intervalMs = Math.max(1000, (start.interval ?? 5) * 1000);
-    while (Date.now() < timeoutAt) {
-        await (0, promises_1.setTimeout)(intervalMs);
+async function whoami() {
+    const config = loadAuthConfig();
+    if (!config.token) {
+        return undefined;
+    }
+    const bases = getAuthBaseCandidates(config.apiUrl || getApiUrl());
+    const attempted = [];
+    for (const base of bases) {
+        const normalizedBase = trimTrailingSlash(base);
+        const getRoutes = ['/auth/me', '/api/auth/me', '/api/user/info', '/api/profile'];
+        for (const route of getRoutes) {
+            const endpoint = `${normalizedBase}${route}`;
+            attempted.push(endpoint);
+            try {
+                const result = await requestJson(endpoint, {
+                    method: 'GET',
+                    headers: { authorization: `Bearer ${config.token}` },
+                });
+                const user = extractAuthUser(result) || extractAuthUser(result.user);
+                if (user) {
+                    saveAuthConfig({ ...config, apiUrl: normalizedBase, user });
+                    return user;
+                }
+            }
+            catch {
+                // continue fallback route probing
+            }
+        }
+        const verifyEndpoint = `${normalizedBase}/api/auth/verify`;
+        attempted.push(verifyEndpoint);
         try {
-            const result = await postJson(`${apiUrl}/api/auth/device/complete`, { deviceCode, device_code: deviceCode, client: 'vigthoria-cli' });
-            if (result.accessToken || result.token) {
-                const session = normalizeSession(result, apiUrl);
-                writeAuthSession(session);
-                return session;
+            const result = await requestJson(verifyEndpoint, {
+                method: 'POST',
+                headers: { authorization: `Bearer ${config.token}` },
+                body: JSON.stringify({ token: config.token }),
+            });
+            const user = extractAuthUser(result) || extractAuthUser(result.user);
+            if (user) {
+                saveAuthConfig({ ...config, apiUrl: normalizedBase, user });
+                return user;
             }
         }
-        catch (error) {
-            const message = asErrorMessage(error);
-            if (!/pending|authorization_pending|slow_down/i.test(message))
-                throw new Error(message);
+        catch {
+            // continue fallback route probing
         }
     }
-    throw new Error('Timed out waiting for device authentication.');
+    throw new Error(`Unable to verify account on known auth endpoints. Tried ${attempted.join(', ')}`);
 }
-async function getValidAuthSession() {
-    const session = readAuthSession();
-    if (!session)
-        return null;
-    if (!isExpired(session))
-        return session;
-    if (!session.refreshToken) {
-        clearAuthSession();
-        return null;
-    }
-    const state = {
-        token: session.accessToken,
-        expiresAt: session.expiresAt ?? null,
-        refreshToken: session.refreshToken,
-        apiUrl: session.apiUrl,
-        isExpired: () => true,
+async function doctor() {
+    const config = loadAuthConfig();
+    const report = {
+        nodeVersion: process.version,
+        platform: process.platform,
+        arch: process.arch,
+        configFile: CONFIG_FILE,
+        loggedIn: Boolean(config.token),
+        apiUrl: config.apiUrl,
     };
-    const token = await refreshJwtIfNeeded(state);
-    return token ? readAuthSession() : null;
+    process.exitCode = 0;
+    return report;
 }
-function printSession(session) {
-    const user = session.user?.email || session.user?.name || session.user?.id || 'authenticated user';
-    console.log(`Authenticated as ${user}`);
-    console.log(`API: ${session.apiUrl}`);
-    if (session.expiresAt)
-        console.log(`Expires: ${new Date(session.expiresAt).toLocaleString()}`);
-}
-async function loginAction(options = {}) {
+async function handleLogin(options = {}) {
     try {
-        const session = options.token
-            ? await loginWithToken(options.token, options)
-            : options.email && options.password
-                ? await loginWithCredentials(options.email, options.password, options)
-                : await loginWithDeviceCode(options);
-        console.log('Login successful.');
-        printSession(session);
-    }
-    catch (error) {
-        clearAuthSession();
-        throw new Error(asErrorMessage(error));
-    }
-}
-async function logoutAction(state) {
-    const session = readAuthSession();
-    if (session) {
-        try {
-            await postJson(`${session.apiUrl}/api/auth/logout`, { client: 'vigthoria-cli' }, session.accessToken);
+        if (options.token) {
+            const config = {
+                apiUrl: getApiUrl(),
+                token: options.token,
+                success: true,
+            };
+            saveAuthConfig(config);
+            console.log(chalk_1.default.green('Logged in successfully with API token.'));
+            process.exitCode = 0;
+            return config;
         }
-        catch (error) {
-            console.warn('Remote logout failed; local session will still be cleared:', asErrorMessage(error));
+        let email = options.email?.trim();
+        let password = options.password;
+        if (options.device) {
+            console.log(chalk_1.default.yellow('Device-code login is not enabled by this Vigthoria service. Falling back to email and password authentication.'));
         }
+        if (!email) {
+            email = (await ask('Email: ')).trim();
+        }
+        if (!password) {
+            password = await ask('Password: ', true);
+        }
+        if (!email || !password) {
+            throw new Error('Email and password are required. Use --email and --password, or run vigthoria login interactively.');
+        }
+        const config = await login(email, password);
+        console.log(chalk_1.default.green('Logged in successfully.'));
+        if (config.user?.email) {
+            console.log(`Account: ${config.user.email}`);
+        }
+        console.log(`API: ${config.apiUrl}`);
+        process.exitCode = 0;
+        return config;
     }
-    if (!clearAuthSession(state))
+    catch (error) {
+        console.error(chalk_1.default.red(`Login failed: ${humanMessage(error)}`));
         process.exitCode = 1;
-    else
-        console.log('Logged out.');
+        return undefined;
+    }
 }
-async function handleLogin(config) {
+async function handleLogout(_options) {
     try {
-        await loginAction(config || {});
+        await logout();
+        console.log(chalk_1.default.green('Logged out successfully.'));
+        process.exitCode = 0;
     }
     catch (error) {
-        console.error('Login failed:', asErrorMessage(error));
+        console.error(chalk_1.default.red(`Logout failed: ${humanMessage(error)}`));
         process.exitCode = 1;
     }
 }
-async function handleLogout(config) {
-    await logoutAction(config && typeof config === 'object' ? config : null);
-}
 async function statusAction() {
-    const session = await getValidAuthSession();
-    if (!session) {
-        console.log('Not authenticated. Run `vigthoria auth login` to sign in.');
+    try {
+        const config = loadAuthConfig();
+        if (!config.token) {
+            console.log(chalk_1.default.yellow('Not logged in.'));
+            process.exitCode = 0;
+            return;
+        }
+        let user = config.user;
+        try {
+            user = await whoami();
+        }
+        catch {
+            // Keep local status available even if remote whoami endpoint is down.
+        }
+        console.log(chalk_1.default.green('Logged in.'));
+        if (user?.email) {
+            console.log(`Account: ${user.email}`);
+        }
+        console.log(`API: ${config.apiUrl}`);
+        process.exitCode = 0;
+    }
+    catch (error) {
+        console.error(chalk_1.default.red(`Unable to read status: ${humanMessage(error)}`));
         process.exitCode = 1;
-        return;
     }
-    printSession(session);
 }
-function createAuthCommand() {
-    const auth = new commander_1.Command('auth').description('Manage Vigthoria CLI authentication');
+function registerAuthCommands(program) {
+    const auth = program.command('auth').description('Manage Vigthoria CLI authentication');
     auth
         .command('login')
-        .description('Sign in to Vigthoria')
-        .option('--token <token>', 'use an existing access token')
-        .option('--email <email>', 'account email for password login')
-        .option('--password <password>', 'account password for password login')
-        .option('--api-url <url>', 'Vigthoria API URL')
-        .option('--device', 'force browser/device-code login')
+        .description('Sign in with your Vigthoria account')
+        .option('-t, --token <token>', 'API token for token-based authentication')
+        .option('-e, --email <email>', 'Account email address')
+        .option('-p, --password <password>', 'Account password')
+        .option('--device', 'Use OAuth device flow (requires server support)')
         .action(async (options) => {
         await handleLogin(options);
     });
     auth
         .command('logout')
-        .description('Clear the saved Vigthoria session')
+        .description('Sign out and remove saved credentials')
         .action(async () => {
-        await handleLogout(null);
+        await handleLogout();
     });
     auth
-        .command('status')
-        .description('Show current authentication status')
+        .command('whoami')
+        .description('Show the authenticated Vigthoria account')
         .action(async () => {
-        await statusAction();
+        try {
+            const user = await whoami();
+            if (!user) {
+                console.log(chalk_1.default.yellow('Not logged in.'));
+                process.exitCode = 0;
+                return;
+            }
+            console.log(chalk_1.default.green('Logged in.'));
+            console.log(user.email || user.name || user.id || 'Authenticated user');
+            process.exitCode = 0;
+        }
+        catch (error) {
+            console.error(chalk_1.default.red(`Unable to fetch account: ${humanMessage(error)}`));
+            process.exitCode = 1;
+        }
     });
-    auth.action(() => auth.help());
-    return auth;
-}
-function registerAuthCommand(program) {
-    const command = createAuthCommand();
-    program.addCommand(command);
-    return command;
 }
-exports.authCommand = createAuthCommand();
-exports.default = exports.authCommand;