npm - vigthoria-cli - Versions diffs - 1.9.9 → 1.9.10 - Mend

vigthoria-cli 1.9.9 → 1.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -99,7 +99,7 @@ If you see `ENOTFOUND registry.npmjs.org`, try these solutions:
 4. **Direct tarball download:**
    ```bash
    # Download directly
-   npm install -g https://coder.vigthoria.io/releases/vigthoria-cli-1.9.9.tgz
+   npm install -g https://coder.vigthoria.io/releases/vigthoria-cli-1.9.10.tgz
    ```
 5. **Use Git clone method (no npm registry needed):**

package/dist/utils/api.js CHANGED Viewed

@@ -467,19 +467,20 @@ class APIClient {
     async validateToken(options = {}) {
         const allowNetworkFailOpen = options.allowNetworkFailOpen !== false;
         const enforceTokenShape = options.enforceTokenShape !== false;
+        const explicitEnvToken = Boolean(process.env.VIGTHORIA_TOKEN || process.env.VIGTHORIA_AUTH_TOKEN);
         const token = this.getAccessToken();
         if (!token) {
             return { valid: false, error: 'No auth token configured. Run: vigthoria login' };
         }
-        // Fast-fail obviously malformed tokens so invalid-token checks don't get
-        // masked by unrelated transport outages.
-        if (enforceTokenShape) {
+        // Fast-fail obviously malformed ENV override tokens so invalid-token checks
+        // don't get masked by unrelated transport outages. Persisted login tokens may
+        // be non-JWT in some deployments and must still be gateway-validated server-side.
+        if (enforceTokenShape && explicitEnvToken) {
             const looksLikeJwt = token.split('.').length === 3;
             if (!looksLikeJwt || token.length < 40) {
                 return { valid: false, error: 'Auth token expired or invalid. Run: vigthoria login' };
             }
         }
-        const explicitEnvToken = Boolean(process.env.VIGTHORIA_TOKEN || process.env.VIGTHORIA_AUTH_TOKEN);
         const headers = {
             Authorization: `Bearer ${token}`,
             Cookie: `vigthoria-auth-token=${token}`,
@@ -495,16 +496,30 @@ class APIClient {
             if (r.status === 'fulfilled')
                 return { valid: true };
         }
-        for (const r of results) {
-            if (r.status === 'rejected') {
-                const err = r.reason;
-                if (err.response?.status === 401 || err.response?.status === 403) {
-                    return { valid: false, error: 'Auth token expired or invalid. Run: vigthoria login' };
-                }
-                if (err instanceof CLIError && err.category === 'auth') {
-                    return { valid: false, error: 'Auth token expired or invalid. Run: vigthoria login' };
+        const sawUnauthorized = results.some((r) => r.status === 'rejected' && ((r.reason?.response?.status === 401) || (r.reason?.response?.status === 403) || (r.reason instanceof CLIError && r.reason.category === 'auth')));
+        if (sawUnauthorized) {
+            // For persisted CLI sessions, attempt one refresh before failing auth.
+            if (!explicitEnvToken) {
+                const refreshed = await this.refreshToken();
+                if (refreshed) {
+                    const retryToken = this.getAccessToken();
+                    if (retryToken) {
+                        const retryHeaders = {
+                            Authorization: `Bearer ${retryToken}`,
+                            Cookie: `vigthoria-auth-token=${retryToken}`,
+                        };
+                        const retryResults = await Promise.allSettled([
+                            axios_1.default.get(`${canonicalBaseUrl}/api/user/profile`, { timeout: 5000, headers: retryHeaders, httpsAgent: this._httpsAgent ?? undefined }),
+                            axios_1.default.get(`${canonicalBaseUrl}/api/user/subscription`, { timeout: 5000, headers: retryHeaders, httpsAgent: this._httpsAgent ?? undefined }),
+                        ]);
+                        for (const rr of retryResults) {
+                            if (rr.status === 'fulfilled')
+                                return { valid: true };
+                        }
+                    }
                 }
             }
+            return { valid: false, error: 'Auth token expired or invalid. Run: vigthoria login' };
         }
         if (explicitEnvToken || !allowNetworkFailOpen) {
             return { valid: false, error: 'Auth token expired or invalid. Run: vigthoria login' };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vigthoria-cli",
-  "version": "1.9.9",
+  "version": "1.9.10",
   "description": "Vigthoria Coder CLI - AI-powered terminal coding assistant",
   "main": "dist/index.js",
   "files": [