npm - workos - Versions diffs - 0.11.2 → 0.12.0 - Mend

workos 0.11.2 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +165 -6
package/dist/bin.js +22 -1
package/dist/bin.js.map +1 -1
package/dist/check-coverage.ts +237 -0
package/dist/commands/debug.js +0 -1
package/dist/commands/debug.js.map +1 -1
package/dist/commands/dev.d.ts +23 -0
package/dist/commands/dev.js +139 -0
package/dist/commands/dev.js.map +1 -0
package/dist/commands/emulate.d.ts +6 -0
package/dist/commands/emulate.js +64 -0
package/dist/commands/emulate.js.map +1 -0
package/dist/commands/login.js +0 -4
package/dist/commands/login.js.map +1 -1
package/dist/emulate/core/id.d.ts +48 -0
package/dist/emulate/core/id.js +73 -0
package/dist/emulate/core/id.js.map +1 -0
package/dist/emulate/core/index.d.ts +8 -0
package/dist/emulate/core/index.js +8 -0
package/dist/emulate/core/index.js.map +1 -0
package/dist/emulate/core/jwt.d.ts +28 -0
package/dist/emulate/core/jwt.js +78 -0
package/dist/emulate/core/jwt.js.map +1 -0
package/dist/emulate/core/middleware/auth.d.ts +15 -0
package/dist/emulate/core/middleware/auth.js +17 -0
package/dist/emulate/core/middleware/auth.js.map +1 -0
package/dist/emulate/core/middleware/error-handler.d.ts +22 -0
package/dist/emulate/core/middleware/error-handler.js +72 -0
package/dist/emulate/core/middleware/error-handler.js.map +1 -0
package/dist/emulate/core/pagination.d.ts +27 -0
package/dist/emulate/core/pagination.js +43 -0
package/dist/emulate/core/pagination.js.map +1 -0
package/dist/emulate/core/plugin.d.ts +15 -0
package/dist/emulate/core/plugin.js +2 -0
package/dist/emulate/core/plugin.js.map +1 -0
package/dist/emulate/core/server.d.ts +17 -0
package/dist/emulate/core/server.js +90 -0
package/dist/emulate/core/server.js.map +1 -0
package/dist/emulate/core/store.d.ts +44 -0
package/dist/emulate/core/store.js +169 -0
package/dist/emulate/core/store.js.map +1 -0
package/dist/emulate/index.d.ts +25 -0
package/dist/emulate/index.js +47 -0
package/dist/emulate/index.js.map +1 -0
package/dist/emulate/workos/constants.d.ts +56 -0
package/dist/emulate/workos/constants.js +56 -0
package/dist/emulate/workos/constants.js.map +1 -0
package/dist/emulate/workos/entities.d.ts +360 -0
package/dist/emulate/workos/entities.js +2 -0
package/dist/emulate/workos/entities.js.map +1 -0
package/dist/emulate/workos/event-bus.d.ts +17 -0
package/dist/emulate/workos/event-bus.js +70 -0
package/dist/emulate/workos/event-bus.js.map +1 -0
package/dist/emulate/workos/helpers.d.ts +72 -0
package/dist/emulate/workos/helpers.js +211 -0
package/dist/emulate/workos/helpers.js.map +1 -0
package/dist/emulate/workos/index.d.ts +91 -0
package/dist/emulate/workos/index.js +322 -0
package/dist/emulate/workos/index.js.map +1 -0
package/dist/emulate/workos/role-helpers.d.ts +21 -0
package/dist/emulate/workos/role-helpers.js +130 -0
package/dist/emulate/workos/role-helpers.js.map +1 -0
package/dist/emulate/workos/routes/api-keys.d.ts +2 -0
package/dist/emulate/workos/routes/api-keys.js +32 -0
package/dist/emulate/workos/routes/api-keys.js.map +1 -0
package/dist/emulate/workos/routes/audit-logs.d.ts +2 -0
package/dist/emulate/workos/routes/audit-logs.js +104 -0
package/dist/emulate/workos/routes/audit-logs.js.map +1 -0
package/dist/emulate/workos/routes/auth-challenges.d.ts +2 -0
package/dist/emulate/workos/routes/auth-challenges.js +51 -0
package/dist/emulate/workos/routes/auth-challenges.js.map +1 -0
package/dist/emulate/workos/routes/auth-factors.d.ts +2 -0
package/dist/emulate/workos/routes/auth-factors.js +51 -0
package/dist/emulate/workos/routes/auth-factors.js.map +1 -0
package/dist/emulate/workos/routes/auth.d.ts +2 -0
package/dist/emulate/workos/routes/auth.js +350 -0
package/dist/emulate/workos/routes/auth.js.map +1 -0
package/dist/emulate/workos/routes/authorization-checks.d.ts +10 -0
package/dist/emulate/workos/routes/authorization-checks.js +123 -0
package/dist/emulate/workos/routes/authorization-checks.js.map +1 -0
package/dist/emulate/workos/routes/authorization-org-roles.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-org-roles.js +64 -0
package/dist/emulate/workos/routes/authorization-org-roles.js.map +1 -0
package/dist/emulate/workos/routes/authorization-permissions.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-permissions.js +67 -0
package/dist/emulate/workos/routes/authorization-permissions.js.map +1 -0
package/dist/emulate/workos/routes/authorization-resources.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-resources.js +117 -0
package/dist/emulate/workos/routes/authorization-resources.js.map +1 -0
package/dist/emulate/workos/routes/authorization-roles.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-roles.js +13 -0
package/dist/emulate/workos/routes/authorization-roles.js.map +1 -0
package/dist/emulate/workos/routes/config.d.ts +2 -0
package/dist/emulate/workos/routes/config.js +57 -0
package/dist/emulate/workos/routes/config.js.map +1 -0
package/dist/emulate/workos/routes/connect.d.ts +2 -0
package/dist/emulate/workos/routes/connect.js +65 -0
package/dist/emulate/workos/routes/connect.js.map +1 -0
package/dist/emulate/workos/routes/connections.d.ts +2 -0
package/dist/emulate/workos/routes/connections.js +73 -0
package/dist/emulate/workos/routes/connections.js.map +1 -0
package/dist/emulate/workos/routes/data-integrations.d.ts +2 -0
package/dist/emulate/workos/routes/data-integrations.js +55 -0
package/dist/emulate/workos/routes/data-integrations.js.map +1 -0
package/dist/emulate/workos/routes/directories.d.ts +2 -0
package/dist/emulate/workos/routes/directories.js +90 -0
package/dist/emulate/workos/routes/directories.js.map +1 -0
package/dist/emulate/workos/routes/email-verification.d.ts +2 -0
package/dist/emulate/workos/routes/email-verification.js +49 -0
package/dist/emulate/workos/routes/email-verification.js.map +1 -0
package/dist/emulate/workos/routes/events.d.ts +2 -0
package/dist/emulate/workos/routes/events.js +18 -0
package/dist/emulate/workos/routes/events.js.map +1 -0
package/dist/emulate/workos/routes/feature-flags.d.ts +2 -0
package/dist/emulate/workos/routes/feature-flags.js +103 -0
package/dist/emulate/workos/routes/feature-flags.js.map +1 -0
package/dist/emulate/workos/routes/invitations.d.ts +2 -0
package/dist/emulate/workos/routes/invitations.js +122 -0
package/dist/emulate/workos/routes/invitations.js.map +1 -0
package/dist/emulate/workos/routes/legacy-mfa.d.ts +2 -0
package/dist/emulate/workos/routes/legacy-mfa.js +75 -0
package/dist/emulate/workos/routes/legacy-mfa.js.map +1 -0
package/dist/emulate/workos/routes/magic-auth.d.ts +2 -0
package/dist/emulate/workos/routes/magic-auth.js +32 -0
package/dist/emulate/workos/routes/magic-auth.js.map +1 -0
package/dist/emulate/workos/routes/memberships.d.ts +2 -0
package/dist/emulate/workos/routes/memberships.js +114 -0
package/dist/emulate/workos/routes/memberships.js.map +1 -0
package/dist/emulate/workos/routes/organization-domains.d.ts +2 -0
package/dist/emulate/workos/routes/organization-domains.js +58 -0
package/dist/emulate/workos/routes/organization-domains.js.map +1 -0
package/dist/emulate/workos/routes/organizations.d.ts +2 -0
package/dist/emulate/workos/routes/organizations.js +131 -0
package/dist/emulate/workos/routes/organizations.js.map +1 -0
package/dist/emulate/workos/routes/password-reset.d.ts +2 -0
package/dist/emulate/workos/routes/password-reset.js +61 -0
package/dist/emulate/workos/routes/password-reset.js.map +1 -0
package/dist/emulate/workos/routes/pipes.d.ts +2 -0
package/dist/emulate/workos/routes/pipes.js +82 -0
package/dist/emulate/workos/routes/pipes.js.map +1 -0
package/dist/emulate/workos/routes/portal.d.ts +2 -0
package/dist/emulate/workos/routes/portal.js +18 -0
package/dist/emulate/workos/routes/portal.js.map +1 -0
package/dist/emulate/workos/routes/radar.d.ts +2 -0
package/dist/emulate/workos/routes/radar.js +41 -0
package/dist/emulate/workos/routes/radar.js.map +1 -0
package/dist/emulate/workos/routes/sessions.d.ts +2 -0
package/dist/emulate/workos/routes/sessions.js +51 -0
package/dist/emulate/workos/routes/sessions.js.map +1 -0
package/dist/emulate/workos/routes/sso.d.ts +2 -0
package/dist/emulate/workos/routes/sso.js +161 -0
package/dist/emulate/workos/routes/sso.js.map +1 -0
package/dist/emulate/workos/routes/user-features.d.ts +2 -0
package/dist/emulate/workos/routes/user-features.js +50 -0
package/dist/emulate/workos/routes/user-features.js.map +1 -0
package/dist/emulate/workos/routes/users.d.ts +2 -0
package/dist/emulate/workos/routes/users.js +129 -0
package/dist/emulate/workos/routes/users.js.map +1 -0
package/dist/emulate/workos/routes/webhook-endpoints.d.ts +2 -0
package/dist/emulate/workos/routes/webhook-endpoints.js +66 -0
package/dist/emulate/workos/routes/webhook-endpoints.js.map +1 -0
package/dist/emulate/workos/routes/widgets.d.ts +2 -0
package/dist/emulate/workos/routes/widgets.js +27 -0
package/dist/emulate/workos/routes/widgets.js.map +1 -0
package/dist/emulate/workos/store.d.ts +48 -0
package/dist/emulate/workos/store.js +102 -0
package/dist/emulate/workos/store.js.map +1 -0
package/dist/emulate/workos/webhook-signer.d.ts +1 -0
package/dist/emulate/workos/webhook-signer.js +8 -0
package/dist/emulate/workos/webhook-signer.js.map +1 -0
package/dist/gen-routes-lib.spec.ts +659 -0
package/dist/gen-routes-lib.ts +647 -0
package/dist/gen-routes.ts +96 -0
package/dist/lib/dev-command.d.ts +26 -0
package/dist/lib/dev-command.js +122 -0
package/dist/lib/dev-command.js.map +1 -0
package/dist/lib/run-with-core.js +0 -3
package/dist/lib/run-with-core.js.map +1 -1
package/dist/lib/settings.js +1 -1
package/dist/lib/settings.js.map +1 -1
package/dist/utils/help-json.js +1 -0
package/dist/utils/help-json.js.map +1 -1
package/dist/utils/register-subcommand.d.ts +5 -2
package/dist/utils/register-subcommand.js +16 -19
package/dist/utils/register-subcommand.js.map +1 -1
package/package.json +21 -8

package/dist/commands/login.js CHANGED Viewed

@@ -76,10 +76,6 @@ export async function provisionStagingEnvironment(accessToken) {
 }
 export async function runLogin() {
     const clientId = getCliAuthClientId();
-    if (!clientId) {
-        clack.log.error('CLI auth not configured. Set WORKOS_CLI_CLIENT_ID environment variable.');
-        process.exit(1);
-    }
     // Check if already logged in with valid token
     if (getAccessToken()) {
         const creds = getCredentials();

package/dist/commands/login.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAG/D;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAEnD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,OAAO;QACL,mBAAmB,EAAE,GAAG,MAAM,8BAA8B;QAC5D,KAAK,EAAE,GAAG,MAAM,eAAe;KAChC,CAAC;AACJ,CAAC;AAuBD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,mBAAmB,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,kEAAkE;SAC1E,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,cAAc,CAAC;IAErC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,EAAE;gBACjD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAExC,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,IAA4B,CAAC;gBAE5C,oCAAoC;gBACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAI,cAAc,EAAE,GAAc,IAAI,SAAS,CAAC;gBAC5D,MAAM,KAAK,GAAI,cAAc,EAAE,KAAgB,IAAI,SAAS,CAAC;gBAE7D,8EAA8E;gBAC9E,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpD,MAAM,SAAS,GACb,SAAS,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEzG,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAEjE,eAAe,CAAC;oBACd,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,SAAS;oBACT,MAAM;oBACN,KAAK;oBACL,YAAY,EAAE,MAAM,CAAC,aAAa;iBACnC,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;gBACrD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;gBAE3D,qCAAqC;gBACrC,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC3E,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;gBACpE,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;gBACzF,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAyB,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACpC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\n\n/*\n Parse JWT payload\n /\nfunction parseJwt(token: string): Record<string, unknown> \| null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/\n Extract expiry time from JWT token\n /\nfunction getJwtExpiry(token: string): number \| null {\n const payload = parseJwt(token);\n if (!payload \|\| typeof payload.exp !== 'number') return null;\n return payload.exp 1000;\n}\n\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n/*\n Get Connect OAuth endpoints from AuthKit domain\n /\nfunction getConnectEndpoints() {\n const domain = getAuthkitDomain();\n return {\n deviceAuthorization: `${domain}/oauth2/device_authorization`,\n token: `${domain}/oauth2/token`,\n };\n}\n\ninterface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\ninterface ConnectTokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/\n Auto-provision a staging environment after login.\n \n Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n /\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst \|\| !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n if (!clientId) {\n clack.log.error('CLI auth not configured. Set WORKOS_CLI_CLIENT_ID environment variable.');\n process.exit(1);\n }\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n clack.log.step('Starting authentication...');\n\n const endpoints = getConnectEndpoints();\n\n const authResponse = await fetch(endpoints.deviceAuthorization, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: clientId,\n scope: 'openid email staging-environment:credentials:read offline_access',\n }),\n });\n\n if (!authResponse.ok) {\n clack.log.error(`Failed to start authentication: ${authResponse.status}`);\n process.exit(1);\n }\n\n const deviceAuth = (await authResponse.json()) as DeviceAuthResponse;\n const pollIntervalMs = (deviceAuth.interval \|\| 5) 1000;\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n const startTime = Date.now();\n let currentInterval = pollIntervalMs;\n\n while (Date.now() - startTime < POLL_TIMEOUT_MS) {\n await sleep(currentInterval);\n\n try {\n const tokenResponse = await fetch(endpoints.token, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceAuth.device_code,\n client_id: clientId,\n }),\n });\n\n const data = await tokenResponse.json();\n\n if (tokenResponse.ok) {\n const result = data as ConnectTokenResponse;\n\n // Parse user info from id_token JWT\n const idTokenPayload = parseJwt(result.id_token);\n const userId = (idTokenPayload?.sub as string) \|\| 'unknown';\n const email = (idTokenPayload?.email as string) \|\| undefined;\n\n // Extract actual expiry from access token JWT, fallback to response or 15 min\n const jwtExpiry = getJwtExpiry(result.access_token);\n const expiresAt =\n jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);\n\n const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.access_token,\n expiresAt,\n userId,\n email,\n refreshToken: result.refresh_token,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${email \|\| userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n // Auto-provision staging environment\n const provisioned = await provisionStagingEnvironment(result.access_token);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n return;\n }\n\n const errorData = data as AuthErrorResponse;\n if (errorData.error === 'authorization_pending') continue;\n if (errorData.error === 'slow_down') {\n currentInterval += 5000;\n continue;\n }\n\n spinner.stop('Authentication failed');\n clack.log.error(`Authentication error: ${errorData.error}`);\n process.exit(1);\n } catch {\n continue;\n }\n }\n\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n process.exit(1);\n}\n"]}
1	+ {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAG/D;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAEnD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,OAAO;QACL,mBAAmB,EAAE,GAAG,MAAM,8BAA8B;QAC5D,KAAK,EAAE,GAAG,MAAM,eAAe;KAChC,CAAC;AACJ,CAAC;AAuBD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,mBAAmB,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,kEAAkE;SAC1E,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,cAAc,CAAC;IAErC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,EAAE;gBACjD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAExC,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,IAA4B,CAAC;gBAE5C,oCAAoC;gBACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAI,cAAc,EAAE,GAAc,IAAI,SAAS,CAAC;gBAC5D,MAAM,KAAK,GAAI,cAAc,EAAE,KAAgB,IAAI,SAAS,CAAC;gBAE7D,8EAA8E;gBAC9E,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpD,MAAM,SAAS,GACb,SAAS,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEzG,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAEjE,eAAe,CAAC;oBACd,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,SAAS;oBACT,MAAM;oBACN,KAAK;oBACL,YAAY,EAAE,MAAM,CAAC,aAAa;iBACnC,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;gBACrD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;gBAE3D,qCAAqC;gBACrC,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC3E,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;gBACpE,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;gBACzF,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAyB,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACpC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\n\n/*\n Parse JWT payload\n /\nfunction parseJwt(token: string): Record<string, unknown> \| null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/\n Extract expiry time from JWT token\n /\nfunction getJwtExpiry(token: string): number \| null {\n const payload = parseJwt(token);\n if (!payload \|\| typeof payload.exp !== 'number') return null;\n return payload.exp 1000;\n}\n\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n/*\n Get Connect OAuth endpoints from AuthKit domain\n /\nfunction getConnectEndpoints() {\n const domain = getAuthkitDomain();\n return {\n deviceAuthorization: `${domain}/oauth2/device_authorization`,\n token: `${domain}/oauth2/token`,\n };\n}\n\ninterface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\ninterface ConnectTokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/\n Auto-provision a staging environment after login.\n \n Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n /\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst \|\| !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n clack.log.step('Starting authentication...');\n\n const endpoints = getConnectEndpoints();\n\n const authResponse = await fetch(endpoints.deviceAuthorization, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: clientId,\n scope: 'openid email staging-environment:credentials:read offline_access',\n }),\n });\n\n if (!authResponse.ok) {\n clack.log.error(`Failed to start authentication: ${authResponse.status}`);\n process.exit(1);\n }\n\n const deviceAuth = (await authResponse.json()) as DeviceAuthResponse;\n const pollIntervalMs = (deviceAuth.interval \|\| 5) 1000;\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n const startTime = Date.now();\n let currentInterval = pollIntervalMs;\n\n while (Date.now() - startTime < POLL_TIMEOUT_MS) {\n await sleep(currentInterval);\n\n try {\n const tokenResponse = await fetch(endpoints.token, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceAuth.device_code,\n client_id: clientId,\n }),\n });\n\n const data = await tokenResponse.json();\n\n if (tokenResponse.ok) {\n const result = data as ConnectTokenResponse;\n\n // Parse user info from id_token JWT\n const idTokenPayload = parseJwt(result.id_token);\n const userId = (idTokenPayload?.sub as string) \|\| 'unknown';\n const email = (idTokenPayload?.email as string) \|\| undefined;\n\n // Extract actual expiry from access token JWT, fallback to response or 15 min\n const jwtExpiry = getJwtExpiry(result.access_token);\n const expiresAt =\n jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);\n\n const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.access_token,\n expiresAt,\n userId,\n email,\n refreshToken: result.refresh_token,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${email \|\| userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n // Auto-provision staging environment\n const provisioned = await provisionStagingEnvironment(result.access_token);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n return;\n }\n\n const errorData = data as AuthErrorResponse;\n if (errorData.error === 'authorization_pending') continue;\n if (errorData.error === 'slow_down') {\n currentInterval += 5000;\n continue;\n }\n\n spinner.stop('Authentication failed');\n clack.log.error(`Authentication error: ${errorData.error}`);\n process.exit(1);\n } catch {\n continue;\n }\n }\n\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n process.exit(1);\n}\n"]}

package/dist/emulate/core/id.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+export declare function generateId(prefix: string): string;
+export declare function resetIdState(): void;
+export declare const ID_PREFIXES: {
+    readonly user: "user";
+    readonly organization: "org";
+    readonly organization_membership: "om";
+    readonly organization_domain: "org_domain";
+    readonly connection: "conn";
+    readonly connection_domain: "conn_domain";
+    readonly directory: "directory";
+    readonly directory_user: "directory_user";
+    readonly directory_group: "directory_grp";
+    readonly event: "evt";
+    readonly invitation: "inv";
+    readonly session: "session";
+    readonly email_verification: "email_verification";
+    readonly password_reset: "password_reset";
+    readonly magic_auth: "magic_auth";
+    readonly authentication_factor: "auth_factor";
+    readonly authentication_challenge: "auth_challenge";
+    readonly authorization_code: "auth_code";
+    readonly identity: "identity";
+    readonly sso_authorization: "sso_auth";
+    readonly refresh_token: "ref";
+    readonly device_authorization: "dev_auth";
+    readonly api_key: "api_key";
+    readonly profile: "prof";
+    readonly pipe_connection: "pipe_conn";
+    readonly redirect_uri: "redir";
+    readonly cors_origin: "cors";
+    readonly authorized_application: "auth_app";
+    readonly connected_account: "conn_acct";
+    readonly role: "role";
+    readonly permission: "perm";
+    readonly role_permission: "rp";
+    readonly authorization_resource: "auth_res";
+    readonly role_assignment: "ra";
+    readonly audit_log_action: "audit_action";
+    readonly audit_log_event: "audit_event";
+    readonly audit_log_export: "audit_export";
+    readonly feature_flag: "ff";
+    readonly flag_target: "ff_target";
+    readonly connect_application: "connect_app";
+    readonly client_secret: "client_secret";
+    readonly data_integration_auth: "di_auth";
+    readonly radar_attempt: "radar_attempt";
+    readonly webhook_endpoint: "we";
+};

package/dist/emulate/core/id.js ADDED Viewed

@@ -0,0 +1,73 @@
+const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; // Crockford's Base32
+const ENCODING_LEN = ENCODING.length; // 32
+const TIME_LEN = 10; // 10 chars encodes 48-bit ms timestamp
+const RANDOM_LEN = 16; // 16 chars of randomness
+let lastTime = 0;
+export function generateId(prefix) {
+    let now = Date.now();
+    if (now <= lastTime) {
+        now = lastTime + 1;
+    }
+    lastTime = now;
+    let timeStr = '';
+    let t = now;
+    for (let i = TIME_LEN - 1; i >= 0; i--) {
+        timeStr = ENCODING[t % ENCODING_LEN] + timeStr;
+        t = Math.floor(t / ENCODING_LEN);
+    }
+    let randStr = '';
+    for (let i = 0; i < RANDOM_LEN; i++) {
+        randStr += ENCODING[Math.floor(Math.random() * ENCODING_LEN)];
+    }
+    return `${prefix}_${timeStr}${randStr}`;
+}
+export function resetIdState() {
+    lastTime = 0;
+}
+export const ID_PREFIXES = {
+    user: 'user',
+    organization: 'org',
+    organization_membership: 'om',
+    organization_domain: 'org_domain',
+    connection: 'conn',
+    connection_domain: 'conn_domain',
+    directory: 'directory',
+    directory_user: 'directory_user',
+    directory_group: 'directory_grp',
+    event: 'evt',
+    invitation: 'inv',
+    session: 'session',
+    email_verification: 'email_verification',
+    password_reset: 'password_reset',
+    magic_auth: 'magic_auth',
+    authentication_factor: 'auth_factor',
+    authentication_challenge: 'auth_challenge',
+    authorization_code: 'auth_code',
+    identity: 'identity',
+    sso_authorization: 'sso_auth',
+    refresh_token: 'ref',
+    device_authorization: 'dev_auth',
+    api_key: 'api_key',
+    profile: 'prof',
+    pipe_connection: 'pipe_conn',
+    redirect_uri: 'redir',
+    cors_origin: 'cors',
+    authorized_application: 'auth_app',
+    connected_account: 'conn_acct',
+    role: 'role',
+    permission: 'perm',
+    role_permission: 'rp',
+    authorization_resource: 'auth_res',
+    role_assignment: 'ra',
+    audit_log_action: 'audit_action',
+    audit_log_event: 'audit_event',
+    audit_log_export: 'audit_export',
+    feature_flag: 'ff',
+    flag_target: 'ff_target',
+    connect_application: 'connect_app',
+    client_secret: 'client_secret',
+    data_integration_auth: 'di_auth',
+    radar_attempt: 'radar_attempt',
+    webhook_endpoint: 'we',
+};
+//# sourceMappingURL=id.js.map

package/dist/emulate/core/id.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"id.js","sourceRoot":"","sources":["../../../src/emulate/core/id.ts"],"names":[],"mappings":"AAAA,MAAM,QAAQ,GAAG,kCAAkC,CAAC,CAAC,qBAAqB;AAC1E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK;AAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,uCAAuC;AAC5D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,yBAAyB;AAEhD,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEjB,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACrB,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;QACpB,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,QAAQ,GAAG,GAAG,CAAC;IAEf,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,OAAO,GAAG,QAAQ,CAAC,CAAC,GAAG,YAAY,CAAC,GAAG,OAAO,CAAC;QAC/C,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,QAAQ,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,IAAI,EAAE,MAAM;IACZ,YAAY,EAAE,KAAK;IACnB,uBAAuB,EAAE,IAAI;IAC7B,mBAAmB,EAAE,YAAY;IACjC,UAAU,EAAE,MAAM;IAClB,iBAAiB,EAAE,aAAa;IAChC,SAAS,EAAE,WAAW;IACtB,cAAc,EAAE,gBAAgB;IAChC,eAAe,EAAE,eAAe;IAChC,KAAK,EAAE,KAAK;IACZ,UAAU,EAAE,KAAK;IACjB,OAAO,EAAE,SAAS;IAClB,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,UAAU,EAAE,YAAY;IACxB,qBAAqB,EAAE,aAAa;IACpC,wBAAwB,EAAE,gBAAgB;IAC1C,kBAAkB,EAAE,WAAW;IAC/B,QAAQ,EAAE,UAAU;IACpB,iBAAiB,EAAE,UAAU;IAC7B,aAAa,EAAE,KAAK;IACpB,oBAAoB,EAAE,UAAU;IAChC,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,MAAM;IACf,eAAe,EAAE,WAAW;IAC5B,YAAY,EAAE,OAAO;IACrB,WAAW,EAAE,MAAM;IACnB,sBAAsB,EAAE,UAAU;IAClC,iBAAiB,EAAE,WAAW;IAC9B,IAAI,EAAE,MAAM;IACZ,UAAU,EAAE,MAAM;IAClB,eAAe,EAAE,IAAI;IACrB,sBAAsB,EAAE,UAAU;IAClC,eAAe,EAAE,IAAI;IACrB,gBAAgB,EAAE,cAAc;IAChC,eAAe,EAAE,aAAa;IAC9B,gBAAgB,EAAE,cAAc;IAChC,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,WAAW;IACxB,mBAAmB,EAAE,aAAa;IAClC,aAAa,EAAE,eAAe;IAC9B,qBAAqB,EAAE,SAAS;IAChC,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,IAAI;CACd,CAAC","sourcesContent":["const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; // Crockford's Base32\nconst ENCODING_LEN = ENCODING.length; // 32\nconst TIME_LEN = 10; // 10 chars encodes 48-bit ms timestamp\nconst RANDOM_LEN = 16; // 16 chars of randomness\n\nlet lastTime = 0;\n\nexport function generateId(prefix: string): string {\n let now = Date.now();\n if (now <= lastTime) {\n now = lastTime + 1;\n }\n lastTime = now;\n\n let timeStr = '';\n let t = now;\n for (let i = TIME_LEN - 1; i >= 0; i--) {\n timeStr = ENCODING[t % ENCODING_LEN] + timeStr;\n t = Math.floor(t / ENCODING_LEN);\n }\n\n let randStr = '';\n for (let i = 0; i < RANDOM_LEN; i++) {\n randStr += ENCODING[Math.floor(Math.random() * ENCODING_LEN)];\n }\n\n return `${prefix}_${timeStr}${randStr}`;\n}\n\nexport function resetIdState(): void {\n lastTime = 0;\n}\n\nexport const ID_PREFIXES = {\n user: 'user',\n organization: 'org',\n organization_membership: 'om',\n organization_domain: 'org_domain',\n connection: 'conn',\n connection_domain: 'conn_domain',\n directory: 'directory',\n directory_user: 'directory_user',\n directory_group: 'directory_grp',\n event: 'evt',\n invitation: 'inv',\n session: 'session',\n email_verification: 'email_verification',\n password_reset: 'password_reset',\n magic_auth: 'magic_auth',\n authentication_factor: 'auth_factor',\n authentication_challenge: 'auth_challenge',\n authorization_code: 'auth_code',\n identity: 'identity',\n sso_authorization: 'sso_auth',\n refresh_token: 'ref',\n device_authorization: 'dev_auth',\n api_key: 'api_key',\n profile: 'prof',\n pipe_connection: 'pipe_conn',\n redirect_uri: 'redir',\n cors_origin: 'cors',\n authorized_application: 'auth_app',\n connected_account: 'conn_acct',\n role: 'role',\n permission: 'perm',\n role_permission: 'rp',\n authorization_resource: 'auth_res',\n role_assignment: 'ra',\n audit_log_action: 'audit_action',\n audit_log_event: 'audit_event',\n audit_log_export: 'audit_export',\n feature_flag: 'ff',\n flag_target: 'ff_target',\n connect_application: 'connect_app',\n client_secret: 'client_secret',\n data_integration_auth: 'di_auth',\n radar_attempt: 'radar_attempt',\n webhook_endpoint: 'we',\n} as const;\n"]}

package/dist/emulate/core/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export { Store, Collection, type Entity, type InsertInput, type FilterFn, type SortFn, type CollectionHooks, } from './store.js';
+export { generateId, resetIdState, ID_PREFIXES } from './id.js';
+export { parseListParams, cursorPaginate, type CursorPaginationOptions, type CursorPaginatedResult, } from './pagination.js';
+export { JWTManager, type JWTPayload } from './jwt.js';
+export { createServer, type ServerOptions } from './server.js';
+export { type ServicePlugin, type RouteContext } from './plugin.js';
+export { WorkOSApiError, createApiErrorHandler, requestIdMiddleware, notFound, validationError, unauthorized, forbidden, parseJsonBody, } from './middleware/error-handler.js';
+export { authMiddleware, type WorkOSAppEnv, type WorkOSAuthContext, type ApiKeyMap } from './middleware/auth.js';

package/dist/emulate/core/index.js ADDED Viewed

@@ -0,0 +1,8 @@
+export { Store, Collection, } from './store.js';
+export { generateId, resetIdState, ID_PREFIXES } from './id.js';
+export { parseListParams, cursorPaginate, } from './pagination.js';
+export { JWTManager } from './jwt.js';
+export { createServer } from './server.js';
+export { WorkOSApiError, createApiErrorHandler, requestIdMiddleware, notFound, validationError, unauthorized, forbidden, parseJsonBody, } from './middleware/error-handler.js';
+export { authMiddleware } from './middleware/auth.js';
+//# sourceMappingURL=index.js.map

package/dist/emulate/core/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/emulate/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,UAAU,GAMX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EACL,eAAe,EACf,cAAc,GAGf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AACvD,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;AAE/D,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,mBAAmB,EACnB,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAA6D,MAAM,sBAAsB,CAAC","sourcesContent":["export {\n Store,\n Collection,\n type Entity,\n type InsertInput,\n type FilterFn,\n type SortFn,\n type CollectionHooks,\n} from './store.js';\nexport { generateId, resetIdState, ID_PREFIXES } from './id.js';\nexport {\n parseListParams,\n cursorPaginate,\n type CursorPaginationOptions,\n type CursorPaginatedResult,\n} from './pagination.js';\nexport { JWTManager, type JWTPayload } from './jwt.js';\nexport { createServer, type ServerOptions } from './server.js';\nexport { type ServicePlugin, type RouteContext } from './plugin.js';\nexport {\n WorkOSApiError,\n createApiErrorHandler,\n requestIdMiddleware,\n notFound,\n validationError,\n unauthorized,\n forbidden,\n parseJsonBody,\n} from './middleware/error-handler.js';\nexport { authMiddleware, type WorkOSAppEnv, type WorkOSAuthContext, type ApiKeyMap } from './middleware/auth.js';\n"]}

package/dist/emulate/core/jwt.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export interface JWTPayload {
+    sub: string;
+    sid?: string;
+    org_id?: string;
+    role?: string;
+    permissions?: string[];
+    iss: string;
+    aud: string;
+    exp: number;
+    iat: number;
+}
+interface SignOptions {
+    expiresIn?: number;
+}
+export declare class JWTManager {
+    private privateKey;
+    private publicKey;
+    private kid;
+    issuer: string;
+    constructor(issuer?: string);
+    sign(payload: Omit<JWTPayload, 'iss' | 'iat' | 'exp'>, options?: SignOptions): string;
+    verify(token: string): JWTPayload;
+    getJWKS(): {
+        keys: Record<string, unknown>[];
+    };
+    getPublicKeyPem(): string;
+}
+export {};

package/dist/emulate/core/jwt.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { createSign, createVerify, generateKeyPairSync } from 'node:crypto';
+function base64url(input) {
+    const buf = typeof input === 'string' ? Buffer.from(input) : input;
+    return buf.toString('base64url');
+}
+function base64urlDecode(input) {
+    return Buffer.from(input, 'base64url');
+}
+export class JWTManager {
+    privateKey;
+    publicKey;
+    kid;
+    issuer;
+    constructor(issuer = 'https://api.workos.com') {
+        this.issuer = issuer;
+        const { privateKey, publicKey } = generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+        });
+        this.privateKey = privateKey;
+        this.publicKey = publicKey;
+        this.kid = `workos_emulate_${Date.now()}`;
+    }
+    sign(payload, options) {
+        const now = Math.floor(Date.now() / 1000);
+        const expiresIn = options?.expiresIn ?? 3600;
+        const fullPayload = {
+            ...payload,
+            iss: this.issuer,
+            iat: now,
+            exp: now + expiresIn,
+        };
+        const header = { alg: 'RS256', typ: 'JWT', kid: this.kid };
+        const headerB64 = base64url(JSON.stringify(header));
+        const payloadB64 = base64url(JSON.stringify(fullPayload));
+        const signingInput = `${headerB64}.${payloadB64}`;
+        const signer = createSign('RSA-SHA256');
+        signer.update(signingInput);
+        const signature = signer.sign(this.privateKey, 'base64url');
+        return `${signingInput}.${signature}`;
+    }
+    verify(token) {
+        const parts = token.split('.');
+        if (parts.length !== 3) {
+            throw new Error('Invalid token format');
+        }
+        const [headerB64, payloadB64, signature] = parts;
+        const signingInput = `${headerB64}.${payloadB64}`;
+        const verifier = createVerify('RSA-SHA256');
+        verifier.update(signingInput);
+        const valid = verifier.verify(this.publicKey, signature, 'base64url');
+        if (!valid) {
+            throw new Error('Invalid token signature');
+        }
+        const payload = JSON.parse(base64urlDecode(payloadB64).toString('utf-8'));
+        const now = Math.floor(Date.now() / 1000);
+        if (payload.exp && payload.exp < now) {
+            throw new Error('Token has expired');
+        }
+        return payload;
+    }
+    getJWKS() {
+        const jwk = this.publicKey.export({ format: 'jwk' });
+        return {
+            keys: [
+                {
+                    ...jwk,
+                    kid: this.kid,
+                    alg: 'RS256',
+                    use: 'sig',
+                },
+            ],
+        };
+    }
+    getPublicKeyPem() {
+        return this.publicKey.export({ type: 'spki', format: 'pem' });
+    }
+}
+//# sourceMappingURL=jwt.js.map

package/dist/emulate/core/jwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/emulate/core/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,mBAAmB,EAAkB,MAAM,aAAa,CAAC;AAkB5F,SAAS,SAAS,CAAC,KAAsB;IACvC,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACnE,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,OAAO,UAAU;IACb,UAAU,CAAY;IACtB,SAAS,CAAY;IACrB,GAAG,CAAS;IACpB,MAAM,CAAS;IAEf,YAAY,MAAM,GAAG,wBAAwB;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;YAC3D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,kBAAkB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,CAAC,OAAgD,EAAE,OAAqB;QAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC;QAE7C,MAAM,WAAW,GAAe;YAC9B,GAAG,OAAO;YACV,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,SAAS;SACrB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3D,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAElD,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE5D,OAAO,GAAG,YAAY,IAAI,SAAS,EAAE,CAAC;IACxC,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QACjD,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAElD,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAC5C,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QAEtE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAe,CAAC;QAExF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,OAAO;YACL,IAAI,EAAE;gBACJ;oBACE,GAAG,GAAG;oBACN,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,KAAK;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IAC1E,CAAC;CACF","sourcesContent":["import { createSign, createVerify, generateKeyPairSync, type KeyObject } from 'node:crypto';\n\nexport interface JWTPayload {\n sub: string;\n sid?: string;\n org_id?: string;\n role?: string;\n permissions?: string[];\n iss: string;\n aud: string;\n exp: number;\n iat: number;\n}\n\ninterface SignOptions {\n expiresIn?: number;\n}\n\nfunction base64url(input: Buffer | string): string {\n const buf = typeof input === 'string' ? Buffer.from(input) : input;\n return buf.toString('base64url');\n}\n\nfunction base64urlDecode(input: string): Buffer {\n return Buffer.from(input, 'base64url');\n}\n\nexport class JWTManager {\n private privateKey: KeyObject;\n private publicKey: KeyObject;\n private kid: string;\n issuer: string;\n\n constructor(issuer = 'https://api.workos.com') {\n this.issuer = issuer;\n const { privateKey, publicKey } = generateKeyPairSync('rsa', {\n modulusLength: 2048,\n });\n this.privateKey = privateKey;\n this.publicKey = publicKey;\n this.kid = `workos_emulate_${Date.now()}`;\n }\n\n sign(payload: Omit<JWTPayload, 'iss' | 'iat' | 'exp'>, options?: SignOptions): string {\n const now = Math.floor(Date.now() / 1000);\n const expiresIn = options?.expiresIn ?? 3600;\n\n const fullPayload: JWTPayload = {\n ...payload,\n iss: this.issuer,\n iat: now,\n exp: now + expiresIn,\n };\n\n const header = { alg: 'RS256', typ: 'JWT', kid: this.kid };\n const headerB64 = base64url(JSON.stringify(header));\n const payloadB64 = base64url(JSON.stringify(fullPayload));\n const signingInput = `${headerB64}.${payloadB64}`;\n\n const signer = createSign('RSA-SHA256');\n signer.update(signingInput);\n const signature = signer.sign(this.privateKey, 'base64url');\n\n return `${signingInput}.${signature}`;\n }\n\n verify(token: string): JWTPayload {\n const parts = token.split('.');\n if (parts.length !== 3) {\n throw new Error('Invalid token format');\n }\n\n const [headerB64, payloadB64, signature] = parts;\n const signingInput = `${headerB64}.${payloadB64}`;\n\n const verifier = createVerify('RSA-SHA256');\n verifier.update(signingInput);\n const valid = verifier.verify(this.publicKey, signature, 'base64url');\n\n if (!valid) {\n throw new Error('Invalid token signature');\n }\n\n const payload = JSON.parse(base64urlDecode(payloadB64).toString('utf-8')) as JWTPayload;\n\n const now = Math.floor(Date.now() / 1000);\n if (payload.exp && payload.exp < now) {\n throw new Error('Token has expired');\n }\n\n return payload;\n }\n\n getJWKS(): { keys: Record<string, unknown>[] } {\n const jwk = this.publicKey.export({ format: 'jwk' });\n return {\n keys: [\n {\n ...jwk,\n kid: this.kid,\n alg: 'RS256',\n use: 'sig',\n },\n ],\n };\n }\n\n getPublicKeyPem(): string {\n return this.publicKey.export({ type: 'spki', format: 'pem' }) as string;\n }\n}\n"]}

package/dist/emulate/core/middleware/auth.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { Context, Next } from 'hono';
+export interface WorkOSAuthContext {
+    environment: string;
+    apiKey: string;
+}
+export type WorkOSAppEnv = {
+    Variables: {
+        auth?: WorkOSAuthContext;
+        requestId?: string;
+    };
+};
+export type ApiKeyMap = Record<string, {
+    environment: string;
+}>;
+export declare function authMiddleware(apiKeys: ApiKeyMap): (c: Context, next: Next) => Promise<void>;

package/dist/emulate/core/middleware/auth.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { unauthorized } from './error-handler.js';
+export function authMiddleware(apiKeys) {
+    return async (c, next) => {
+        const authHeader = c.req.header('Authorization');
+        if (!authHeader)
+            throw unauthorized();
+        const token = authHeader.replace(/^Bearer\s+/i, '').trim();
+        if (!token.startsWith('sk_'))
+            throw unauthorized();
+        const keyInfo = apiKeys[token];
+        if (!keyInfo)
+            throw unauthorized();
+        c.set('auth', { environment: keyInfo.environment, apiKey: token });
+        await next();
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/emulate/core/middleware/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/emulate/core/middleware/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAgBlD,MAAM,UAAU,cAAc,CAAC,OAAkB;IAC/C,OAAO,KAAK,EAAE,CAAU,EAAE,IAAU,EAAE,EAAE;QACtC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU;YAAE,MAAM,YAAY,EAAE,CAAC;QAEtC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,MAAM,YAAY,EAAE,CAAC;QAEnD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO;YAAE,MAAM,YAAY,EAAE,CAAC;QAEnC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAA8B,CAAC,CAAC;QAC/F,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { Context, Next } from 'hono';\nimport { unauthorized } from './error-handler.js';\n\nexport interface WorkOSAuthContext {\n environment: string;\n apiKey: string;\n}\n\nexport type WorkOSAppEnv = {\n Variables: {\n auth?: WorkOSAuthContext;\n requestId?: string;\n };\n};\n\nexport type ApiKeyMap = Record<string, { environment: string }>;\n\nexport function authMiddleware(apiKeys: ApiKeyMap) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header('Authorization');\n if (!authHeader) throw unauthorized();\n\n const token = authHeader.replace(/^Bearer\\s+/i, '').trim();\n if (!token.startsWith('sk_')) throw unauthorized();\n\n const keyInfo = apiKeys[token];\n if (!keyInfo) throw unauthorized();\n\n c.set('auth', { environment: keyInfo.environment, apiKey: token } satisfies WorkOSAuthContext);\n await next();\n };\n}\n"]}

package/dist/emulate/core/middleware/error-handler.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { Context, ErrorHandler, MiddlewareHandler } from 'hono';
+export declare class WorkOSApiError extends Error {
+    status: number;
+    code: string;
+    errors?: Array<{
+        field: string;
+        code: string;
+        message?: string;
+    }> | undefined;
+    constructor(status: number, message: string, code: string, errors?: Array<{
+        field: string;
+        code: string;
+        message?: string;
+    }> | undefined);
+}
+export declare function createApiErrorHandler(): ErrorHandler;
+export declare function requestIdMiddleware(): MiddlewareHandler;
+export declare function notFound(resource?: string): WorkOSApiError;
+export declare function validationError(message: string, errors?: WorkOSApiError['errors']): WorkOSApiError;
+export declare function unauthorized(): WorkOSApiError;
+export declare function forbidden(): WorkOSApiError;
+export declare function parseJsonBody(c: Context): Promise<Record<string, unknown>>;

package/dist/emulate/core/middleware/error-handler.js ADDED Viewed

@@ -0,0 +1,72 @@
+export class WorkOSApiError extends Error {
+    status;
+    code;
+    errors;
+    constructor(status, message, code, errors) {
+        super(message);
+        this.status = status;
+        this.code = code;
+        this.errors = errors;
+        this.name = 'WorkOSApiError';
+    }
+}
+export function createApiErrorHandler() {
+    return (err, c) => {
+        if (err instanceof WorkOSApiError) {
+            const body = {
+                message: err.message,
+                code: err.code,
+            };
+            if (err.errors) {
+                body.errors = err.errors;
+            }
+            return c.json(body, err.status);
+        }
+        const status = errorStatus(err);
+        return c.json({
+            message: 'Internal Server Error',
+            code: 'server_error',
+        }, status);
+    };
+}
+export function requestIdMiddleware() {
+    return async (c, next) => {
+        const requestId = c.req.header('X-Request-ID') ?? `req_${crypto.randomUUID()}`;
+        c.set('requestId', requestId);
+        c.header('X-Request-ID', requestId);
+        await next();
+    };
+}
+export function notFound(resource) {
+    return new WorkOSApiError(404, resource ? `${resource} not found` : 'Not Found', 'not_found');
+}
+export function validationError(message, errors) {
+    return new WorkOSApiError(422, message, 'unprocessable_entity', errors);
+}
+export function unauthorized() {
+    return new WorkOSApiError(401, 'Unauthorized', 'unauthorized');
+}
+export function forbidden() {
+    return new WorkOSApiError(403, 'Forbidden', 'forbidden');
+}
+export async function parseJsonBody(c) {
+    try {
+        const body = await c.req.json();
+        if (body && typeof body === 'object' && !Array.isArray(body)) {
+            return body;
+        }
+        return {};
+    }
+    catch {
+        throw new WorkOSApiError(400, 'Problems parsing JSON', 'invalid_request_body');
+    }
+}
+function errorStatus(err) {
+    if (err && typeof err === 'object' && 'status' in err) {
+        const s = err.status;
+        if (typeof s === 'number' && Number.isFinite(s))
+            return s;
+    }
+    return 500;
+}
+//# sourceMappingURL=error-handler.js.map

package/dist/emulate/core/middleware/error-handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../../../src/emulate/core/middleware/error-handler.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,cAAe,SAAQ,KAAK;IAE9B;IAEA;IACA;IAJT,YACS,MAAc,EACrB,OAAe,EACR,IAAY,EACZ,MAAiE;QAExE,KAAK,CAAC,OAAO,CAAC,CAAC;QALR,WAAM,GAAN,MAAM,CAAQ;QAEd,SAAI,GAAJ,IAAI,CAAQ;QACZ,WAAM,GAAN,MAAM,CAA2D;QAGxE,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAChB,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;YAClC,MAAM,IAAI,GAA4B;gBACpC,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC;YACF,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC3B,CAAC;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,MAA8B,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,OAAO,EAAE,uBAAuB;YAChC,IAAI,EAAE,cAAc;SACrB,EACD,MAA8B,CAC/B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC/E,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAC9B,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACpC,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAiB;IACxC,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,YAAY,CAAC,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe,EAAE,MAAiC;IAChF,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,CAAU;IAC5C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAChC,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7D,OAAO,IAA+B,CAAC;QACzC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,uBAAuB,EAAE,sBAAsB,CAAC,CAAC;IACjF,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;IAC/B,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;QACtD,MAAM,CAAC,GAAI,GAA2B,CAAC,MAAM,CAAC;QAC9C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["import type { Context, ErrorHandler, MiddlewareHandler } from 'hono';\nimport type { ContentfulStatusCode } from 'hono/utils/http-status';\n\nexport class WorkOSApiError extends Error {\n constructor(\n public status: number,\n message: string,\n public code: string,\n public errors?: Array<{ field: string; code: string; message?: string }>,\n ) {\n super(message);\n this.name = 'WorkOSApiError';\n }\n}\n\nexport function createApiErrorHandler(): ErrorHandler {\n return (err, c) => {\n if (err instanceof WorkOSApiError) {\n const body: Record<string, unknown> = {\n message: err.message,\n code: err.code,\n };\n if (err.errors) {\n body.errors = err.errors;\n }\n return c.json(body, err.status as ContentfulStatusCode);\n }\n\n const status = errorStatus(err);\n return c.json(\n {\n message: 'Internal Server Error',\n code: 'server_error',\n },\n status as ContentfulStatusCode,\n );\n };\n}\n\nexport function requestIdMiddleware(): MiddlewareHandler {\n return async (c, next) => {\n const requestId = c.req.header('X-Request-ID') ?? `req_${crypto.randomUUID()}`;\n c.set('requestId', requestId);\n c.header('X-Request-ID', requestId);\n await next();\n };\n}\n\nexport function notFound(resource?: string): WorkOSApiError {\n return new WorkOSApiError(404, resource ? `${resource} not found` : 'Not Found', 'not_found');\n}\n\nexport function validationError(message: string, errors?: WorkOSApiError['errors']): WorkOSApiError {\n return new WorkOSApiError(422, message, 'unprocessable_entity', errors);\n}\n\nexport function unauthorized(): WorkOSApiError {\n return new WorkOSApiError(401, 'Unauthorized', 'unauthorized');\n}\n\nexport function forbidden(): WorkOSApiError {\n return new WorkOSApiError(403, 'Forbidden', 'forbidden');\n}\n\nexport async function parseJsonBody(c: Context): Promise<Record<string, unknown>> {\n try {\n const body = await c.req.json();\n if (body && typeof body === 'object' && !Array.isArray(body)) {\n return body as Record<string, unknown>;\n }\n return {};\n } catch {\n throw new WorkOSApiError(400, 'Problems parsing JSON', 'invalid_request_body');\n }\n}\n\nfunction errorStatus(err: unknown): number {\n if (err && typeof err === 'object' && 'status' in err) {\n const s = (err as { status: unknown }).status;\n if (typeof s === 'number' && Number.isFinite(s)) return s;\n }\n return 500;\n}\n"]}

package/dist/emulate/core/pagination.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+export interface Entity {
+    id: string;
+    created_at: string;
+    updated_at: string;
+}
+export interface CursorPaginationOptions<T> {
+    filter?: (item: T) => boolean;
+    sort?: (a: T, b: T) => number;
+    limit?: number;
+    order?: 'asc' | 'desc';
+    before?: string;
+    after?: string;
+}
+export interface CursorPaginatedResult<T> {
+    data: T[];
+    list_metadata: {
+        before: string | null;
+        after: string | null;
+    };
+}
+export declare function parseListParams(url: URL): {
+    limit: number;
+    order: "asc" | "desc";
+    before: string | undefined;
+    after: string | undefined;
+};
+export declare function cursorPaginate<T extends Entity>(items: T[], options?: CursorPaginationOptions<T>): CursorPaginatedResult<T>;

package/dist/emulate/core/pagination.js ADDED Viewed

@@ -0,0 +1,43 @@
+export function parseListParams(url) {
+    const limit = parseInt(url.searchParams.get('limit') ?? '10') || 10;
+    const order = url.searchParams.get('order') ?? 'desc';
+    const before = url.searchParams.get('before') ?? undefined;
+    const after = url.searchParams.get('after') ?? undefined;
+    return { limit, order, before, after };
+}
+export function cursorPaginate(items, options = {}) {
+    // Callers must pass a fresh array (e.g. Collection.all()) — sort mutates in-place
+    let filtered = options.filter ? items.filter(options.filter) : items;
+    const order = options.order ?? 'desc';
+    const defaultSort = (a, b) => order === 'desc'
+        ? b.created_at.localeCompare(a.created_at) || b.id.localeCompare(a.id)
+        : a.created_at.localeCompare(b.created_at) || a.id.localeCompare(b.id);
+    filtered.sort(options.sort ?? defaultSort);
+    const limit = Math.max(1, Math.min(options.limit ?? 10, 100));
+    let startIndex = 0;
+    let endIndex = filtered.length;
+    if (options.after) {
+        const afterIndex = filtered.findIndex((item) => item.id === options.after);
+        if (afterIndex !== -1) {
+            startIndex = afterIndex + 1;
+        }
+    }
+    if (options.before) {
+        const beforeIndex = filtered.findIndex((item) => item.id === options.before);
+        if (beforeIndex !== -1) {
+            endIndex = beforeIndex;
+        }
+    }
+    const window = filtered.slice(startIndex, endIndex);
+    const page = window.slice(0, limit);
+    const hasMore = window.length > limit;
+    const hasPrev = startIndex > 0;
+    return {
+        data: page,
+        list_metadata: {
+            before: page.length > 0 && hasPrev ? page[0].id : null,
+            after: page.length > 0 && hasMore ? page[page.length - 1].id : null,
+        },
+    };
+}
+//# sourceMappingURL=pagination.js.map

package/dist/emulate/core/pagination.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pagination.js","sourceRoot":"","sources":["../../../src/emulate/core/pagination.ts"],"names":[],"mappings":"AAuBA,MAAM,UAAU,eAAe,CAAC,GAAQ;IACtC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;IACpE,MAAM,KAAK,GAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAoB,IAAI,MAAM,CAAC;IAC1E,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACzD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,KAAU,EACV,UAAsC,EAAE;IAExC,kFAAkF;IAClF,IAAI,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAErE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,MAAM,WAAW,GAAG,CAAC,CAAI,EAAE,CAAI,EAAE,EAAE,CACjC,KAAK,KAAK,MAAM;QACd,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC,CAAC;IAE3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IAE9D,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE/B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3E,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACtB,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7E,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;YACvB,QAAQ,GAAG,WAAW,CAAC;QACzB,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC;IACtC,MAAM,OAAO,GAAG,UAAU,GAAG,CAAC,CAAC;IAE/B,OAAO;QACL,IAAI,EAAE,IAAI;QACV,aAAa,EAAE;YACb,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;YACtD,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;SACpE;KACF,CAAC;AACJ,CAAC","sourcesContent":["export interface Entity {\n id: string;\n created_at: string;\n updated_at: string;\n}\n\nexport interface CursorPaginationOptions<T> {\n filter?: (item: T) => boolean;\n sort?: (a: T, b: T) => number;\n limit?: number;\n order?: 'asc' | 'desc';\n before?: string;\n after?: string;\n}\n\nexport interface CursorPaginatedResult<T> {\n data: T[];\n list_metadata: {\n before: string | null;\n after: string | null;\n };\n}\n\nexport function parseListParams(url: URL) {\n const limit = parseInt(url.searchParams.get('limit') ?? '10') || 10;\n const order = (url.searchParams.get('order') as 'asc' | 'desc') ?? 'desc';\n const before = url.searchParams.get('before') ?? undefined;\n const after = url.searchParams.get('after') ?? undefined;\n return { limit, order, before, after };\n}\n\nexport function cursorPaginate<T extends Entity>(\n items: T[],\n options: CursorPaginationOptions<T> = {},\n): CursorPaginatedResult<T> {\n // Callers must pass a fresh array (e.g. Collection.all()) — sort mutates in-place\n let filtered = options.filter ? items.filter(options.filter) : items;\n\n const order = options.order ?? 'desc';\n const defaultSort = (a: T, b: T) =>\n order === 'desc'\n ? b.created_at.localeCompare(a.created_at) || b.id.localeCompare(a.id)\n : a.created_at.localeCompare(b.created_at) || a.id.localeCompare(b.id);\n\n filtered.sort(options.sort ?? defaultSort);\n\n const limit = Math.max(1, Math.min(options.limit ?? 10, 100));\n\n let startIndex = 0;\n let endIndex = filtered.length;\n\n if (options.after) {\n const afterIndex = filtered.findIndex((item) => item.id === options.after);\n if (afterIndex !== -1) {\n startIndex = afterIndex + 1;\n }\n }\n\n if (options.before) {\n const beforeIndex = filtered.findIndex((item) => item.id === options.before);\n if (beforeIndex !== -1) {\n endIndex = beforeIndex;\n }\n }\n\n const window = filtered.slice(startIndex, endIndex);\n const page = window.slice(0, limit);\n\n const hasMore = window.length > limit;\n const hasPrev = startIndex > 0;\n\n return {\n data: page,\n list_metadata: {\n before: page.length > 0 && hasPrev ? page[0].id : null,\n after: page.length > 0 && hasMore ? page[page.length - 1].id : null,\n },\n };\n}\n"]}

package/dist/emulate/core/plugin.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { Hono } from 'hono';
+import type { Store } from './store.js';
+import type { JWTManager } from './jwt.js';
+import type { WorkOSAppEnv } from './middleware/auth.js';
+export interface RouteContext {
+    app: Hono<WorkOSAppEnv>;
+    store: Store;
+    jwt: JWTManager;
+    baseUrl: string;
+}
+export interface ServicePlugin {
+    name: string;
+    register(ctx: RouteContext): void;
+    seed?(store: Store, baseUrl: string): void;
+}

package/dist/emulate/core/plugin.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=plugin.js.map

package/dist/emulate/core/plugin.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../../src/emulate/core/plugin.ts"],"names":[],"mappings":"","sourcesContent":["import type { Hono } from 'hono';\nimport type { Store } from './store.js';\nimport type { JWTManager } from './jwt.js';\nimport type { WorkOSAppEnv } from './middleware/auth.js';\n\nexport interface RouteContext {\n app: Hono<WorkOSAppEnv>;\n store: Store;\n jwt: JWTManager;\n baseUrl: string;\n}\n\nexport interface ServicePlugin {\n name: string;\n register(ctx: RouteContext): void;\n seed?(store: Store, baseUrl: string): void;\n}\n"]}