workos 0.12.0-beta.1 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/README.md +6 -4
  2. package/dist/bin.js +4 -2
  3. package/dist/bin.js.map +1 -1
  4. package/dist/commands/debug.js +0 -1
  5. package/dist/commands/debug.js.map +1 -1
  6. package/dist/commands/login.js +0 -4
  7. package/dist/commands/login.js.map +1 -1
  8. package/dist/emulate/core/id.d.ts +16 -1
  9. package/dist/emulate/core/id.js +16 -1
  10. package/dist/emulate/core/id.js.map +1 -1
  11. package/dist/emulate/core/index.d.ts +1 -1
  12. package/dist/emulate/core/index.js +1 -1
  13. package/dist/emulate/core/index.js.map +1 -1
  14. package/dist/emulate/core/middleware/auth.d.ts +1 -4
  15. package/dist/emulate/core/middleware/auth.js +7 -18
  16. package/dist/emulate/core/middleware/auth.js.map +1 -1
  17. package/dist/emulate/core/pagination.d.ts +6 -0
  18. package/dist/emulate/core/pagination.js +9 -1
  19. package/dist/emulate/core/pagination.js.map +1 -1
  20. package/dist/emulate/core/server.js +20 -46
  21. package/dist/emulate/core/server.js.map +1 -1
  22. package/dist/emulate/core/store.d.ts +2 -0
  23. package/dist/emulate/core/store.js +22 -1
  24. package/dist/emulate/core/store.js.map +1 -1
  25. package/dist/emulate/workos/constants.d.ts +56 -0
  26. package/dist/emulate/workos/constants.js +56 -0
  27. package/dist/emulate/workos/constants.js.map +1 -0
  28. package/dist/emulate/workos/entities.js.map +1 -1
  29. package/dist/emulate/workos/event-bus.d.ts +6 -1
  30. package/dist/emulate/workos/event-bus.js +33 -8
  31. package/dist/emulate/workos/event-bus.js.map +1 -1
  32. package/dist/emulate/workos/helpers.d.ts +17 -8
  33. package/dist/emulate/workos/helpers.js +61 -368
  34. package/dist/emulate/workos/helpers.js.map +1 -1
  35. package/dist/emulate/workos/index.js +42 -39
  36. package/dist/emulate/workos/index.js.map +1 -1
  37. package/dist/emulate/workos/role-helpers.d.ts +21 -0
  38. package/dist/emulate/workos/role-helpers.js +130 -0
  39. package/dist/emulate/workos/role-helpers.js.map +1 -0
  40. package/dist/emulate/workos/routes/api-keys.js +5 -8
  41. package/dist/emulate/workos/routes/api-keys.js.map +1 -1
  42. package/dist/emulate/workos/routes/audit-logs.js +6 -9
  43. package/dist/emulate/workos/routes/audit-logs.js.map +1 -1
  44. package/dist/emulate/workos/routes/auth.js +7 -6
  45. package/dist/emulate/workos/routes/auth.js.map +1 -1
  46. package/dist/emulate/workos/routes/authorization-checks.js +5 -17
  47. package/dist/emulate/workos/routes/authorization-checks.js.map +1 -1
  48. package/dist/emulate/workos/routes/authorization-org-roles.js +29 -171
  49. package/dist/emulate/workos/routes/authorization-org-roles.js.map +1 -1
  50. package/dist/emulate/workos/routes/authorization-permissions.js +5 -16
  51. package/dist/emulate/workos/routes/authorization-permissions.js.map +1 -1
  52. package/dist/emulate/workos/routes/authorization-resources.js +4 -15
  53. package/dist/emulate/workos/routes/authorization-resources.js.map +1 -1
  54. package/dist/emulate/workos/routes/authorization-roles.d.ts +1 -1
  55. package/dist/emulate/workos/routes/authorization-roles.js +9 -132
  56. package/dist/emulate/workos/routes/authorization-roles.js.map +1 -1
  57. package/dist/emulate/workos/routes/config.js +3 -2
  58. package/dist/emulate/workos/routes/config.js.map +1 -1
  59. package/dist/emulate/workos/routes/connect.js +3 -7
  60. package/dist/emulate/workos/routes/connect.js.map +1 -1
  61. package/dist/emulate/workos/routes/connections.js +3 -7
  62. package/dist/emulate/workos/routes/connections.js.map +1 -1
  63. package/dist/emulate/workos/routes/directories.js +7 -23
  64. package/dist/emulate/workos/routes/directories.js.map +1 -1
  65. package/dist/emulate/workos/routes/events.js +3 -6
  66. package/dist/emulate/workos/routes/events.js.map +1 -1
  67. package/dist/emulate/workos/routes/feature-flags.js +20 -48
  68. package/dist/emulate/workos/routes/feature-flags.js.map +1 -1
  69. package/dist/emulate/workos/routes/invitations.js +10 -13
  70. package/dist/emulate/workos/routes/invitations.js.map +1 -1
  71. package/dist/emulate/workos/routes/memberships.js +3 -7
  72. package/dist/emulate/workos/routes/memberships.js.map +1 -1
  73. package/dist/emulate/workos/routes/organizations.js +13 -15
  74. package/dist/emulate/workos/routes/organizations.js.map +1 -1
  75. package/dist/emulate/workos/routes/pipes.js +3 -7
  76. package/dist/emulate/workos/routes/pipes.js.map +1 -1
  77. package/dist/emulate/workos/routes/radar.js +3 -7
  78. package/dist/emulate/workos/routes/radar.js.map +1 -1
  79. package/dist/emulate/workos/routes/sso.js +7 -6
  80. package/dist/emulate/workos/routes/sso.js.map +1 -1
  81. package/dist/emulate/workos/routes/users.js +3 -7
  82. package/dist/emulate/workos/routes/users.js.map +1 -1
  83. package/dist/emulate/workos/routes/webhook-endpoints.js +3 -7
  84. package/dist/emulate/workos/routes/webhook-endpoints.js.map +1 -1
  85. package/dist/emulate/workos/store.js +68 -59
  86. package/dist/emulate/workos/store.js.map +1 -1
  87. package/dist/lib/run-with-core.js +0 -3
  88. package/dist/lib/run-with-core.js.map +1 -1
  89. package/dist/lib/settings.js +1 -1
  90. package/dist/lib/settings.js.map +1 -1
  91. package/dist/utils/help-json.js +1 -23
  92. package/dist/utils/help-json.js.map +1 -1
  93. package/dist/utils/register-subcommand.d.ts +5 -2
  94. package/dist/utils/register-subcommand.js +16 -19
  95. package/dist/utils/register-subcommand.js.map +1 -1
  96. package/package.json +2 -2
package/dist/commands/debug.js CHANGED
@@ -255,7 +255,6 @@ export async function runDebugSimulate({ expiredToken, noKeyring, unclaimed, noA
255
255
  }
256
256
  const ENV_VAR_CATALOG = [
257
257
  { name: 'WORKOS_API_KEY', effect: 'Bypasses credential resolution — used directly for API calls' },
258
- { name: 'WORKOS_CLIENT_ID', effect: 'Overrides client ID from settings' },
259
258
  { name: 'WORKOS_FORCE_TTY', effect: 'Forces human (non-JSON) output mode, even when piped' },
260
259
  { name: 'WORKOS_NO_PROMPT', effect: 'Forces non-interactive/JSON mode' },
261
260
  { name: 'WORKOS_TELEMETRY', effect: 'Set to "false" to disable telemetry' },
package/dist/commands/debug.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"debug.js","sourceRoot":"","sources":["../../src/commands/debug.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EACL,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,SAAS,EACT,UAAU,EACV,WAAW,EACX,aAAa,EACb,wBAAwB,EACxB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEtE,SAAS,UAAU,CAAC,KAAyB;IAC3C,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,mBAAmB,CAAC,EAAU;IACrC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,GAAG,KAAK,KAAK,OAAO,GAAG,EAAE,GAAG,CAAC;IACnD,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,GAAG,OAAO,KAAK,OAAO,GAAG,EAAE,GAAG,CAAC;IACvD,OAAO,GAAG,OAAO,GAAG,CAAC;AACvB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAAC,WAAqB;IACtD,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC3E,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAE/E,IAAI,UAAU;QAAE,OAAO,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,IAAI,UAAU;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,OAAO;QAAE,OAAO,MAAM,CAAC;IAC3B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAE,WAAW,EAA4B;IAC3E,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;IAC1C,MAAM,UAAU,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAE5E,MAAM,iBAAiB,GAA4B,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAE5F,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;YAC1B,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC3C,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;YACvD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,OAAO;gBAChB,CAAC,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM;gBACtD,CAAC,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE;YAC9C,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,iBAAiB,CAAC,OAAO,GAAG;gBAC1B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;gBAChC,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBACzC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAA4B,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IAEpE,IAAI,MAAM,EAAE,CAAC;QACX,YAAY,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC;QAClE,YAAY,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAC5C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;YACtD,GAAG;YACH;gBACE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC;gBAC/B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;gBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;gBAC9B,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;aAC7E;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,iBAAiB,GAAG,cAAc,EAAE,CAAC;IAC3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,iBAAiB,CAAC,CAAC;IAClE,YAAY,CAAC,MAAM,GAAG,YAAY,CAAC;IAEnC,MAAM,MAAM,GAAG;QACb,WAAW,EAAE,iBAAiB;QAC9B,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE;YACP,eAAe,EAAE,kBAAkB,EAAE;YACrC,UAAU,EAAE,aAAa,EAAE;YAC3B,qBAAqB,EAAE,WAAW;YAClC,iBAAiB;SAClB;KACF,CAAC;IAEF,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;IACxC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,OAAO,CAAC,QAAQ,WAAW,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,iBAAiB,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,WAAW,GAAG,CAAC,IAAI,WAAW,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjF,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,WAAW,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC/C,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,aAAa,EAAE,EAAE,CAAC,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAClC,KAAK,EACL,eAAe,EACf,UAAU,GAKX;IACC,4CAA4C;IAC5C,MAAM,UAAU,GAAG,CAAC,UAAU,IAAI,eAAe,CAAC;IAClD,MAAM,SAAS,GAAG,CAAC,eAAe,IAAI,UAAU,CAAC;IAEjD,MAAM,OAAO,GAAG,CAAC,UAAU,IAAI,aAAa,EAAE,SAAS,IAAI,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnG,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,2BAA2B,EAAE,EAAE,CAAC;YAClC,aAAa,CAAC;gBACZ,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,8CAA8C;aACxD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC;YACpC,OAAO,EAAE,aAAa,OAAO,0BAA0B;SACxD,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,IAAI,UAAU,EAAE,EAAE,CAAC;gBACjB,UAAU,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACpC,CAAC;YACD,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,UAAU;QAAE,gBAAgB,EAAE,CAAC;IACnC,IAAI,SAAS;QAAE,WAAW,EAAE,CAAC;IAE7B,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,OAAO,EAAE,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,yBAAyB;AAEzB,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,EACrC,YAAY,EACZ,SAAS,EACT,SAAS,EACT,MAAM,GAMP;IACC,8BAA8B;IAC9B,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;QACzD,aAAa,CAAC;YACZ,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,6FAA6F;SACvG,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;QAC3B,aAAa,CAAC;YACZ,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,6EAA6E;SACvF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,uFAAuF;IAEvF,IAAI,SAAS,EAAE,CAAC;QACd,wCAAwC;QACxC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,wBAAwB,CAAC,IAAI,CAAC,CAAC;QAE/B,IAAI,KAAK;YAAE,eAAe,CAAC,KAAK,CAAC,CAAC;QAClC,IAAI,MAAM;YAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAE/B,OAAO,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,aAAa,CAAC;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,qEAAqE;aAC/E,CAAC,CAAC;QACL,CAAC;QACD,eAAe,CAAC,EAAE,GAAG,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,gBAAgB,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,qBAAqB,CAAC;QACtC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG;YAC7B,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,0CAA0C;YAClD,QAAQ,EAAE,kBAAkB;YAC5B,UAAU,EAAE,oCAAoC;SACjD,CAAC;QACF,MAAM,CAAC,iBAAiB,GAAG,OAAO,CAAC;QACnC,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,kCAAkC,OAAO,qBAAqB,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC;AAUD,MAAM,eAAe,GAAuC;IAC1D,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,8DAA8D,EAAE;IAClG,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACzE,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,sDAAsD,EAAE;IAC5F,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACxE,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,qCAAqC,EAAE;IAC3E,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,0DAA0D,EAAE;IAC9F,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,iEAAiE,EAAE;IAC3G,EAAE,IAAI,EAAE,uBAAuB,EAAE,MAAM,EAAE,wCAAwC,EAAE;IACnF,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,yCAAyC,EAAE;IACrF,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,gDAAgD,EAAE;IACnF,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,EAAE,gDAAgD,EAAE;CAC9F,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,IAAI,GAAiB,eAAe,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QACpE,IAAI;QACJ,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;QACxB,MAAM;KACP,CAAC,CAAC,CAAC;IAEJ,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IAE5D,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC;YACT,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtG,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/B,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACpC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;IAC9E,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAE/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,UAAU,EAAE,EAAE,CAAC;YACjB,UAAU,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEnD,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC;YACT,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;YACjC,OAAO;YACP,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,OAAO;gBAChB,CAAC,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM;gBACtD,CAAC,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE;YAC9C,MAAM,EAAE,MAAM,IAAI,IAAI;YACtB,YAAY,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE;SAChD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;QACF,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAE,KAAgB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,KAAK,KAAK,IAAI,GAAG,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC1G,CAAC","sourcesContent":["import chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport {\n getCredentials,\n saveCredentials,\n clearCredentials,\n isTokenExpired,\n diagnoseCredentials,\n getCredentialsPath,\n setInsecureStorage,\n} from '../lib/credentials.js';\nimport {\n getConfig,\n saveConfig,\n clearConfig,\n getConfigPath,\n setInsecureConfigStorage,\n diagnoseConfig,\n} from '../lib/config-store.js';\nimport { isJsonMode, outputJson, exitWithError } from '../utils/output.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\n\nfunction maskSecret(value: string | undefined): string | undefined {\n if (!value) return undefined;\n if (value.length <= 8) return '****';\n return value.slice(0, 4) + '****' + value.slice(-4);\n}\n\nfunction formatTimeRemaining(ms: number): string {\n if (ms <= 0) return 'expired';\n const seconds = Math.floor(ms / 1000);\n const minutes = Math.floor(seconds / 60);\n const hours = Math.floor(minutes / 60);\n if (hours > 0) return `${hours}h ${minutes % 60}m`;\n if (minutes > 0) return `${minutes}m ${seconds % 60}s`;\n return `${seconds}s`;\n}\n\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\nfunction determineCredentialSource(diagnostics: string[]): 'keyring' | 'file' | 'none' {\n const hasKeyring = diagnostics.some((l) => l.startsWith('keyring: found'));\n const hasFile = diagnostics.some((l) => l.includes('exists=true'));\n const isInsecure = diagnostics.some((l) => l.includes('insecureStorage=true'));\n\n if (isInsecure) return hasFile ? 'file' : 'none';\n if (hasKeyring) return 'keyring';\n if (hasFile) return 'file';\n return 'none';\n}\n\n// --- debug state ---\n\nexport async function runDebugState({ showSecrets }: { showSecrets: boolean }): Promise<void> {\n const creds = getCredentials();\n const config = getConfig();\n const diagnostics = diagnoseCredentials();\n const credSource = determineCredentialSource(diagnostics);\n const maybeRedact = showSecrets ? (v: string | undefined) => v : maskSecret;\n\n const credentialsOutput: Record<string, unknown> = { present: !!creds, source: credSource };\n\n if (creds) {\n const timeRemaining = creds.expiresAt - Date.now();\n const expired = isTokenExpired(creds);\n Object.assign(credentialsOutput, {\n userId: creds.userId,\n email: creds.email ?? null,\n accessToken: maybeRedact(creds.accessToken),\n refreshToken: creds.refreshToken ? 'present' : 'absent',\n expiresAt: creds.expiresAt,\n expiresIn: expired\n ? `expired ${formatTimeRemaining(-timeRemaining)} ago`\n : `in ${formatTimeRemaining(timeRemaining)}`,\n isExpired: expired,\n });\n if (creds.staging) {\n credentialsOutput.staging = {\n clientId: creds.staging.clientId,\n apiKey: maybeRedact(creds.staging.apiKey),\n fetchedAt: creds.staging.fetchedAt,\n };\n }\n }\n\n const configOutput: Record<string, unknown> = { present: !!config };\n\n if (config) {\n configOutput.activeEnvironment = config.activeEnvironment ?? null;\n configOutput.environments = Object.fromEntries(\n Object.entries(config.environments).map(([key, env]) => [\n key,\n {\n name: env.name,\n type: env.type,\n apiKey: maybeRedact(env.apiKey),\n clientId: env.clientId ?? null,\n endpoint: env.endpoint ?? null,\n ...(env.type === 'unclaimed' && { claimToken: maybeRedact(env.claimToken) }),\n },\n ]),\n );\n }\n\n const configDiagnostics = diagnoseConfig();\n const configSource = determineCredentialSource(configDiagnostics);\n configOutput.source = configSource;\n\n const result = {\n credentials: credentialsOutput,\n config: configOutput,\n storage: {\n credentialsPath: getCredentialsPath(),\n configPath: getConfigPath(),\n credentialDiagnostics: diagnostics,\n configDiagnostics,\n },\n };\n\n if (isJsonMode()) {\n outputJson(result);\n return;\n }\n\n console.log(chalk.bold('Credentials'));\n console.log(` present: ${creds ? chalk.green('true') : chalk.yellow('false')}`);\n console.log(` source: ${credSource}`);\n if (creds) {\n console.log(` userId: ${creds.userId}`);\n console.log(` email: ${creds.email ?? chalk.dim('none')}`);\n console.log(` token: ${maybeRedact(creds.accessToken)}`);\n console.log(` refresh: ${creds.refreshToken ? 'present' : 'absent'}`);\n const expired = isTokenExpired(creds);\n const timeRemaining = creds.expiresAt - Date.now();\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n if (creds.staging) {\n console.log(` staging: clientId=${creds.staging.clientId} apiKey=${maybeRedact(creds.staging.apiKey)}`);\n }\n }\n\n console.log();\n console.log(chalk.bold('Config'));\n console.log(` present: ${config ? chalk.green('true') : chalk.yellow('false')}`);\n console.log(` source: ${configSource}`);\n if (config) {\n console.log(` active: ${config.activeEnvironment ?? chalk.dim('none')}`);\n for (const [key, env] of Object.entries(config.environments)) {\n console.log(` env[${key}]: type=${env.type} apiKey=${maybeRedact(env.apiKey)}`);\n if (env.type === 'unclaimed') console.log(` claimToken=${maybeRedact(env.claimToken)}`);\n }\n }\n\n console.log();\n console.log(chalk.bold('Storage — Credentials'));\n console.log(` path: ${getCredentialsPath()}`);\n for (const line of diagnostics) {\n console.log(` ${chalk.dim(line)}`);\n }\n\n console.log();\n console.log(chalk.bold('Storage — Config'));\n console.log(` path: ${getConfigPath()}`);\n for (const line of configDiagnostics) {\n console.log(` ${chalk.dim(line)}`);\n }\n}\n\n// --- debug reset ---\n\nexport async function runDebugReset({\n force,\n credentialsOnly,\n configOnly,\n}: {\n force: boolean;\n credentialsOnly: boolean;\n configOnly: boolean;\n}): Promise<void> {\n // Both flags = clear both (same as neither)\n const clearCreds = !configOnly || credentialsOnly;\n const clearConf = !credentialsOnly || configOnly;\n\n const targets = [clearCreds && 'credentials', clearConf && 'config'].filter(Boolean).join(' and ');\n\n if (!force) {\n if (isNonInteractiveEnvironment()) {\n exitWithError({\n code: 'non_interactive_reset',\n message: 'Use --force to reset in non-interactive mode',\n });\n }\n\n const confirmed = await clack.confirm({\n message: `Clear all ${targets}? This cannot be undone.`,\n });\n\n if (clack.isCancel(confirmed) || !confirmed) {\n if (isJsonMode()) {\n outputJson({ cleared: false, cancelled: true });\n } else {\n clack.log.info('Reset cancelled');\n }\n return;\n }\n }\n\n if (clearCreds) clearCredentials();\n if (clearConf) clearConfig();\n\n if (isJsonMode()) {\n outputJson({ cleared: true, credentials: clearCreds, config: clearConf });\n } else {\n clack.log.success(`Cleared ${targets}`);\n }\n}\n\n// --- debug simulate ---\n\nexport async function runDebugSimulate({\n expiredToken,\n noKeyring,\n unclaimed,\n noAuth,\n}: {\n expiredToken: boolean;\n noKeyring: boolean;\n unclaimed: boolean;\n noAuth: boolean;\n}): Promise<void> {\n // Validate: at least one flag\n if (!expiredToken && !noKeyring && !unclaimed && !noAuth) {\n exitWithError({\n code: 'no_simulation_flags',\n message: 'Specify at least one simulation flag: --expired-token, --no-keyring, --unclaimed, --no-auth',\n });\n }\n\n // Validate: contradictory\n if (expiredToken && noAuth) {\n exitWithError({\n code: 'contradictory_flags',\n message: \"Cannot combine --expired-token and --no-auth (can't expire a cleared token)\",\n });\n }\n\n const actions: string[] = [];\n\n // Apply in order: storage tier first, then credential mutations, then config mutations\n\n if (noKeyring) {\n // Migrate current state to file storage\n const creds = getCredentials();\n const config = getConfig();\n\n setInsecureStorage(true);\n setInsecureConfigStorage(true);\n\n if (creds) saveCredentials(creds);\n if (config) saveConfig(config);\n\n actions.push('Forced file-only storage (keyring bypassed)');\n }\n\n if (expiredToken) {\n const creds = getCredentials();\n if (!creds) {\n exitWithError({\n code: 'no_credentials',\n message: 'Cannot simulate expired token — no credentials found. Log in first.',\n });\n }\n saveCredentials({ ...creds, expiresAt: Date.now() - 60_000 });\n actions.push('Set token expiresAt to 1 minute ago');\n }\n\n if (noAuth) {\n clearCredentials();\n actions.push('Cleared credentials (config preserved)');\n }\n\n if (unclaimed) {\n const config = getConfig() ?? { environments: {} };\n const envName = 'simulated-unclaimed';\n config.environments[envName] = {\n name: envName,\n type: 'unclaimed',\n apiKey: 'sk_test_simulated_unclaimed_000000000000',\n clientId: 'client_simulated',\n claimToken: 'claim_simulated_token_000000000000',\n };\n config.activeEnvironment = envName;\n saveConfig(config);\n actions.push(`Created unclaimed environment \"${envName}\" and set as active`);\n }\n\n if (isJsonMode()) {\n outputJson({ simulated: true, actions });\n } else {\n for (const action of actions) {\n clack.log.success(action);\n }\n }\n}\n\n// --- debug env ---\n\ninterface EnvVarInfo {\n name: string;\n value: string | undefined;\n effect: string;\n}\n\nconst ENV_VAR_CATALOG: { name: string; effect: string }[] = [\n { name: 'WORKOS_API_KEY', effect: 'Bypasses credential resolution — used directly for API calls' },\n { name: 'WORKOS_CLIENT_ID', effect: 'Overrides client ID from settings' },\n { name: 'WORKOS_FORCE_TTY', effect: 'Forces human (non-JSON) output mode, even when piped' },\n { name: 'WORKOS_NO_PROMPT', effect: 'Forces non-interactive/JSON mode' },\n { name: 'WORKOS_TELEMETRY', effect: 'Set to \"false\" to disable telemetry' },\n { name: 'WORKOS_API_URL', effect: 'Overrides API base URL (default: https://api.workos.com)' },\n { name: 'WORKOS_DASHBOARD_URL', effect: 'Overrides dashboard URL (default: https://dashboard.workos.com)' },\n { name: 'WORKOS_AUTHKIT_DOMAIN', effect: 'Overrides AuthKit domain from settings' },\n { name: 'WORKOS_LLM_GATEWAY_URL', effect: 'Overrides LLM gateway URL from settings' },\n { name: 'INSTALLER_DEV', effect: 'Enables dev mode — loads .env.local at startup' },\n { name: 'INSTALLER_DISABLE_PROXY', effect: 'Disables the credential proxy for gateway auth' },\n];\n\nexport async function runDebugEnv(): Promise<void> {\n const vars: EnvVarInfo[] = ENV_VAR_CATALOG.map(({ name, effect }) => ({\n name,\n value: process.env[name],\n effect,\n }));\n\n const setVars = vars.filter((v) => v.value !== undefined);\n const unsetVars = vars.filter((v) => v.value === undefined);\n\n if (isJsonMode()) {\n outputJson({\n variables: Object.fromEntries(vars.map((v) => [v.name, { value: v.value ?? null, effect: v.effect }])),\n set: setVars.map((v) => v.name),\n unset: unsetVars.map((v) => v.name),\n });\n return;\n }\n\n if (setVars.length > 0) {\n console.log(chalk.bold('Set'));\n for (const v of setVars) {\n console.log(` ${chalk.green(v.name)}=${v.value}`);\n console.log(` ${chalk.dim(v.effect)}`);\n }\n console.log();\n }\n\n console.log(chalk.bold(`Unset${setVars.length > 0 ? '' : ' (none active)'}`));\n for (const v of unsetVars) {\n console.log(` ${chalk.dim(v.name)} — ${chalk.dim(v.effect)}`);\n }\n}\n\n// --- debug token ---\n\nexport async function runDebugToken(): Promise<void> {\n const creds = getCredentials();\n\n if (!creds) {\n if (isJsonMode()) {\n outputJson({ present: false });\n } else {\n console.log(chalk.yellow('No credentials found'));\n }\n return;\n }\n\n const claims = parseJwt(creds.accessToken);\n const expired = isTokenExpired(creds);\n const timeRemaining = creds.expiresAt - Date.now();\n\n if (isJsonMode()) {\n outputJson({\n present: true,\n format: claims ? 'jwt' : 'opaque',\n expired,\n expiresAt: creds.expiresAt,\n expiresIn: expired\n ? `expired ${formatTimeRemaining(-timeRemaining)} ago`\n : `in ${formatTimeRemaining(timeRemaining)}`,\n claims: claims ?? null,\n refreshToken: { present: !!creds.refreshToken },\n });\n return;\n }\n\n if (claims) {\n console.log(chalk.bold('JWT Token'));\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n console.log();\n console.log(chalk.bold('Claims'));\n for (const [key, value] of Object.entries(claims)) {\n if (key === 'exp' || key === 'iat' || key === 'nbf') {\n const date = new Date((value as number) * 1000).toISOString();\n console.log(` ${key}: ${value} (${date})`);\n } else {\n console.log(` ${key}: ${JSON.stringify(value)}`);\n }\n }\n } else {\n console.log(chalk.bold('Opaque Token'));\n console.log(chalk.dim(' Token is not a JWT — cannot decode claims'));\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n }\n\n console.log();\n console.log(` refresh token: ${creds.refreshToken ? chalk.green('present') : chalk.yellow('absent')}`);\n}\n"]}
1
+ {"version":3,"file":"debug.js","sourceRoot":"","sources":["../../src/commands/debug.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EACL,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,SAAS,EACT,UAAU,EACV,WAAW,EACX,aAAa,EACb,wBAAwB,EACxB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEtE,SAAS,UAAU,CAAC,KAAyB;IAC3C,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,mBAAmB,CAAC,EAAU;IACrC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,GAAG,KAAK,KAAK,OAAO,GAAG,EAAE,GAAG,CAAC;IACnD,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,GAAG,OAAO,KAAK,OAAO,GAAG,EAAE,GAAG,CAAC;IACvD,OAAO,GAAG,OAAO,GAAG,CAAC;AACvB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAAC,WAAqB;IACtD,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC3E,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAE/E,IAAI,UAAU;QAAE,OAAO,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,IAAI,UAAU;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,OAAO;QAAE,OAAO,MAAM,CAAC;IAC3B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAE,WAAW,EAA4B;IAC3E,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;IAC1C,MAAM,UAAU,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAE5E,MAAM,iBAAiB,GAA4B,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAE5F,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;YAC1B,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC3C,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;YACvD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,OAAO;gBAChB,CAAC,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM;gBACtD,CAAC,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE;YAC9C,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,iBAAiB,CAAC,OAAO,GAAG;gBAC1B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;gBAChC,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBACzC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAA4B,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IAEpE,IAAI,MAAM,EAAE,CAAC;QACX,YAAY,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC;QAClE,YAAY,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAC5C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;YACtD,GAAG;YACH;gBACE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC;gBAC/B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;gBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;gBAC9B,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;aAC7E;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,iBAAiB,GAAG,cAAc,EAAE,CAAC;IAC3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,iBAAiB,CAAC,CAAC;IAClE,YAAY,CAAC,MAAM,GAAG,YAAY,CAAC;IAEnC,MAAM,MAAM,GAAG;QACb,WAAW,EAAE,iBAAiB;QAC9B,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE;YACP,eAAe,EAAE,kBAAkB,EAAE;YACrC,UAAU,EAAE,aAAa,EAAE;YAC3B,qBAAqB,EAAE,WAAW;YAClC,iBAAiB;SAClB;KACF,CAAC;IAEF,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;IACxC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,OAAO,CAAC,QAAQ,WAAW,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,iBAAiB,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,WAAW,GAAG,CAAC,IAAI,WAAW,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjF,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,WAAW,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC/C,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,aAAa,EAAE,EAAE,CAAC,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAClC,KAAK,EACL,eAAe,EACf,UAAU,GAKX;IACC,4CAA4C;IAC5C,MAAM,UAAU,GAAG,CAAC,UAAU,IAAI,eAAe,CAAC;IAClD,MAAM,SAAS,GAAG,CAAC,eAAe,IAAI,UAAU,CAAC;IAEjD,MAAM,OAAO,GAAG,CAAC,UAAU,IAAI,aAAa,EAAE,SAAS,IAAI,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnG,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,2BAA2B,EAAE,EAAE,CAAC;YAClC,aAAa,CAAC;gBACZ,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,8CAA8C;aACxD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC;YACpC,OAAO,EAAE,aAAa,OAAO,0BAA0B;SACxD,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,IAAI,UAAU,EAAE,EAAE,CAAC;gBACjB,UAAU,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACpC,CAAC;YACD,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,UAAU;QAAE,gBAAgB,EAAE,CAAC;IACnC,IAAI,SAAS;QAAE,WAAW,EAAE,CAAC;IAE7B,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,OAAO,EAAE,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,yBAAyB;AAEzB,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,EACrC,YAAY,EACZ,SAAS,EACT,SAAS,EACT,MAAM,GAMP;IACC,8BAA8B;IAC9B,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;QACzD,aAAa,CAAC;YACZ,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,6FAA6F;SACvG,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;QAC3B,aAAa,CAAC;YACZ,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,6EAA6E;SACvF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,uFAAuF;IAEvF,IAAI,SAAS,EAAE,CAAC;QACd,wCAAwC;QACxC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,wBAAwB,CAAC,IAAI,CAAC,CAAC;QAE/B,IAAI,KAAK;YAAE,eAAe,CAAC,KAAK,CAAC,CAAC;QAClC,IAAI,MAAM;YAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAE/B,OAAO,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,aAAa,CAAC;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,qEAAqE;aAC/E,CAAC,CAAC;QACL,CAAC;QACD,eAAe,CAAC,EAAE,GAAG,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,gBAAgB,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,qBAAqB,CAAC;QACtC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG;YAC7B,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,0CAA0C;YAClD,QAAQ,EAAE,kBAAkB;YAC5B,UAAU,EAAE,oCAAoC;SACjD,CAAC;QACF,MAAM,CAAC,iBAAiB,GAAG,OAAO,CAAC;QACnC,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,kCAAkC,OAAO,qBAAqB,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC;AAUD,MAAM,eAAe,GAAuC;IAC1D,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,8DAA8D,EAAE;IAClG,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,sDAAsD,EAAE;IAC5F,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACxE,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,qCAAqC,EAAE;IAC3E,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,0DAA0D,EAAE;IAC9F,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,iEAAiE,EAAE;IAC3G,EAAE,IAAI,EAAE,uBAAuB,EAAE,MAAM,EAAE,wCAAwC,EAAE;IACnF,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,yCAAyC,EAAE;IACrF,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,gDAAgD,EAAE;IACnF,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,EAAE,gDAAgD,EAAE;CAC9F,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,IAAI,GAAiB,eAAe,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QACpE,IAAI;QACJ,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;QACxB,MAAM;KACP,CAAC,CAAC,CAAC;IAEJ,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IAE5D,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC;YACT,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtG,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/B,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACpC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;IAC9E,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,sBAAsB;AAEtB,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAE/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,UAAU,EAAE,EAAE,CAAC;YACjB,UAAU,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEnD,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,UAAU,CAAC;YACT,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;YACjC,OAAO;YACP,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,OAAO;gBAChB,CAAC,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM;gBACtD,CAAC,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE;YAC9C,MAAM,EAAE,MAAM,IAAI,IAAI;YACtB,YAAY,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE;SAChD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;QACF,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAE,KAAgB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,KAAK,KAAK,IAAI,GAAG,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CACT,cAAc,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,mBAAmB,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CACpJ,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC1G,CAAC","sourcesContent":["import chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport {\n getCredentials,\n saveCredentials,\n clearCredentials,\n isTokenExpired,\n diagnoseCredentials,\n getCredentialsPath,\n setInsecureStorage,\n} from '../lib/credentials.js';\nimport {\n getConfig,\n saveConfig,\n clearConfig,\n getConfigPath,\n setInsecureConfigStorage,\n diagnoseConfig,\n} from '../lib/config-store.js';\nimport { isJsonMode, outputJson, exitWithError } from '../utils/output.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\n\nfunction maskSecret(value: string | undefined): string | undefined {\n if (!value) return undefined;\n if (value.length <= 8) return '****';\n return value.slice(0, 4) + '****' + value.slice(-4);\n}\n\nfunction formatTimeRemaining(ms: number): string {\n if (ms <= 0) return 'expired';\n const seconds = Math.floor(ms / 1000);\n const minutes = Math.floor(seconds / 60);\n const hours = Math.floor(minutes / 60);\n if (hours > 0) return `${hours}h ${minutes % 60}m`;\n if (minutes > 0) return `${minutes}m ${seconds % 60}s`;\n return `${seconds}s`;\n}\n\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\nfunction determineCredentialSource(diagnostics: string[]): 'keyring' | 'file' | 'none' {\n const hasKeyring = diagnostics.some((l) => l.startsWith('keyring: found'));\n const hasFile = diagnostics.some((l) => l.includes('exists=true'));\n const isInsecure = diagnostics.some((l) => l.includes('insecureStorage=true'));\n\n if (isInsecure) return hasFile ? 'file' : 'none';\n if (hasKeyring) return 'keyring';\n if (hasFile) return 'file';\n return 'none';\n}\n\n// --- debug state ---\n\nexport async function runDebugState({ showSecrets }: { showSecrets: boolean }): Promise<void> {\n const creds = getCredentials();\n const config = getConfig();\n const diagnostics = diagnoseCredentials();\n const credSource = determineCredentialSource(diagnostics);\n const maybeRedact = showSecrets ? (v: string | undefined) => v : maskSecret;\n\n const credentialsOutput: Record<string, unknown> = { present: !!creds, source: credSource };\n\n if (creds) {\n const timeRemaining = creds.expiresAt - Date.now();\n const expired = isTokenExpired(creds);\n Object.assign(credentialsOutput, {\n userId: creds.userId,\n email: creds.email ?? null,\n accessToken: maybeRedact(creds.accessToken),\n refreshToken: creds.refreshToken ? 'present' : 'absent',\n expiresAt: creds.expiresAt,\n expiresIn: expired\n ? `expired ${formatTimeRemaining(-timeRemaining)} ago`\n : `in ${formatTimeRemaining(timeRemaining)}`,\n isExpired: expired,\n });\n if (creds.staging) {\n credentialsOutput.staging = {\n clientId: creds.staging.clientId,\n apiKey: maybeRedact(creds.staging.apiKey),\n fetchedAt: creds.staging.fetchedAt,\n };\n }\n }\n\n const configOutput: Record<string, unknown> = { present: !!config };\n\n if (config) {\n configOutput.activeEnvironment = config.activeEnvironment ?? null;\n configOutput.environments = Object.fromEntries(\n Object.entries(config.environments).map(([key, env]) => [\n key,\n {\n name: env.name,\n type: env.type,\n apiKey: maybeRedact(env.apiKey),\n clientId: env.clientId ?? null,\n endpoint: env.endpoint ?? null,\n ...(env.type === 'unclaimed' && { claimToken: maybeRedact(env.claimToken) }),\n },\n ]),\n );\n }\n\n const configDiagnostics = diagnoseConfig();\n const configSource = determineCredentialSource(configDiagnostics);\n configOutput.source = configSource;\n\n const result = {\n credentials: credentialsOutput,\n config: configOutput,\n storage: {\n credentialsPath: getCredentialsPath(),\n configPath: getConfigPath(),\n credentialDiagnostics: diagnostics,\n configDiagnostics,\n },\n };\n\n if (isJsonMode()) {\n outputJson(result);\n return;\n }\n\n console.log(chalk.bold('Credentials'));\n console.log(` present: ${creds ? chalk.green('true') : chalk.yellow('false')}`);\n console.log(` source: ${credSource}`);\n if (creds) {\n console.log(` userId: ${creds.userId}`);\n console.log(` email: ${creds.email ?? chalk.dim('none')}`);\n console.log(` token: ${maybeRedact(creds.accessToken)}`);\n console.log(` refresh: ${creds.refreshToken ? 'present' : 'absent'}`);\n const expired = isTokenExpired(creds);\n const timeRemaining = creds.expiresAt - Date.now();\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n if (creds.staging) {\n console.log(` staging: clientId=${creds.staging.clientId} apiKey=${maybeRedact(creds.staging.apiKey)}`);\n }\n }\n\n console.log();\n console.log(chalk.bold('Config'));\n console.log(` present: ${config ? chalk.green('true') : chalk.yellow('false')}`);\n console.log(` source: ${configSource}`);\n if (config) {\n console.log(` active: ${config.activeEnvironment ?? chalk.dim('none')}`);\n for (const [key, env] of Object.entries(config.environments)) {\n console.log(` env[${key}]: type=${env.type} apiKey=${maybeRedact(env.apiKey)}`);\n if (env.type === 'unclaimed') console.log(` claimToken=${maybeRedact(env.claimToken)}`);\n }\n }\n\n console.log();\n console.log(chalk.bold('Storage — Credentials'));\n console.log(` path: ${getCredentialsPath()}`);\n for (const line of diagnostics) {\n console.log(` ${chalk.dim(line)}`);\n }\n\n console.log();\n console.log(chalk.bold('Storage — Config'));\n console.log(` path: ${getConfigPath()}`);\n for (const line of configDiagnostics) {\n console.log(` ${chalk.dim(line)}`);\n }\n}\n\n// --- debug reset ---\n\nexport async function runDebugReset({\n force,\n credentialsOnly,\n configOnly,\n}: {\n force: boolean;\n credentialsOnly: boolean;\n configOnly: boolean;\n}): Promise<void> {\n // Both flags = clear both (same as neither)\n const clearCreds = !configOnly || credentialsOnly;\n const clearConf = !credentialsOnly || configOnly;\n\n const targets = [clearCreds && 'credentials', clearConf && 'config'].filter(Boolean).join(' and ');\n\n if (!force) {\n if (isNonInteractiveEnvironment()) {\n exitWithError({\n code: 'non_interactive_reset',\n message: 'Use --force to reset in non-interactive mode',\n });\n }\n\n const confirmed = await clack.confirm({\n message: `Clear all ${targets}? This cannot be undone.`,\n });\n\n if (clack.isCancel(confirmed) || !confirmed) {\n if (isJsonMode()) {\n outputJson({ cleared: false, cancelled: true });\n } else {\n clack.log.info('Reset cancelled');\n }\n return;\n }\n }\n\n if (clearCreds) clearCredentials();\n if (clearConf) clearConfig();\n\n if (isJsonMode()) {\n outputJson({ cleared: true, credentials: clearCreds, config: clearConf });\n } else {\n clack.log.success(`Cleared ${targets}`);\n }\n}\n\n// --- debug simulate ---\n\nexport async function runDebugSimulate({\n expiredToken,\n noKeyring,\n unclaimed,\n noAuth,\n}: {\n expiredToken: boolean;\n noKeyring: boolean;\n unclaimed: boolean;\n noAuth: boolean;\n}): Promise<void> {\n // Validate: at least one flag\n if (!expiredToken && !noKeyring && !unclaimed && !noAuth) {\n exitWithError({\n code: 'no_simulation_flags',\n message: 'Specify at least one simulation flag: --expired-token, --no-keyring, --unclaimed, --no-auth',\n });\n }\n\n // Validate: contradictory\n if (expiredToken && noAuth) {\n exitWithError({\n code: 'contradictory_flags',\n message: \"Cannot combine --expired-token and --no-auth (can't expire a cleared token)\",\n });\n }\n\n const actions: string[] = [];\n\n // Apply in order: storage tier first, then credential mutations, then config mutations\n\n if (noKeyring) {\n // Migrate current state to file storage\n const creds = getCredentials();\n const config = getConfig();\n\n setInsecureStorage(true);\n setInsecureConfigStorage(true);\n\n if (creds) saveCredentials(creds);\n if (config) saveConfig(config);\n\n actions.push('Forced file-only storage (keyring bypassed)');\n }\n\n if (expiredToken) {\n const creds = getCredentials();\n if (!creds) {\n exitWithError({\n code: 'no_credentials',\n message: 'Cannot simulate expired token — no credentials found. Log in first.',\n });\n }\n saveCredentials({ ...creds, expiresAt: Date.now() - 60_000 });\n actions.push('Set token expiresAt to 1 minute ago');\n }\n\n if (noAuth) {\n clearCredentials();\n actions.push('Cleared credentials (config preserved)');\n }\n\n if (unclaimed) {\n const config = getConfig() ?? { environments: {} };\n const envName = 'simulated-unclaimed';\n config.environments[envName] = {\n name: envName,\n type: 'unclaimed',\n apiKey: 'sk_test_simulated_unclaimed_000000000000',\n clientId: 'client_simulated',\n claimToken: 'claim_simulated_token_000000000000',\n };\n config.activeEnvironment = envName;\n saveConfig(config);\n actions.push(`Created unclaimed environment \"${envName}\" and set as active`);\n }\n\n if (isJsonMode()) {\n outputJson({ simulated: true, actions });\n } else {\n for (const action of actions) {\n clack.log.success(action);\n }\n }\n}\n\n// --- debug env ---\n\ninterface EnvVarInfo {\n name: string;\n value: string | undefined;\n effect: string;\n}\n\nconst ENV_VAR_CATALOG: { name: string; effect: string }[] = [\n { name: 'WORKOS_API_KEY', effect: 'Bypasses credential resolution — used directly for API calls' },\n { name: 'WORKOS_FORCE_TTY', effect: 'Forces human (non-JSON) output mode, even when piped' },\n { name: 'WORKOS_NO_PROMPT', effect: 'Forces non-interactive/JSON mode' },\n { name: 'WORKOS_TELEMETRY', effect: 'Set to \"false\" to disable telemetry' },\n { name: 'WORKOS_API_URL', effect: 'Overrides API base URL (default: https://api.workos.com)' },\n { name: 'WORKOS_DASHBOARD_URL', effect: 'Overrides dashboard URL (default: https://dashboard.workos.com)' },\n { name: 'WORKOS_AUTHKIT_DOMAIN', effect: 'Overrides AuthKit domain from settings' },\n { name: 'WORKOS_LLM_GATEWAY_URL', effect: 'Overrides LLM gateway URL from settings' },\n { name: 'INSTALLER_DEV', effect: 'Enables dev mode — loads .env.local at startup' },\n { name: 'INSTALLER_DISABLE_PROXY', effect: 'Disables the credential proxy for gateway auth' },\n];\n\nexport async function runDebugEnv(): Promise<void> {\n const vars: EnvVarInfo[] = ENV_VAR_CATALOG.map(({ name, effect }) => ({\n name,\n value: process.env[name],\n effect,\n }));\n\n const setVars = vars.filter((v) => v.value !== undefined);\n const unsetVars = vars.filter((v) => v.value === undefined);\n\n if (isJsonMode()) {\n outputJson({\n variables: Object.fromEntries(vars.map((v) => [v.name, { value: v.value ?? null, effect: v.effect }])),\n set: setVars.map((v) => v.name),\n unset: unsetVars.map((v) => v.name),\n });\n return;\n }\n\n if (setVars.length > 0) {\n console.log(chalk.bold('Set'));\n for (const v of setVars) {\n console.log(` ${chalk.green(v.name)}=${v.value}`);\n console.log(` ${chalk.dim(v.effect)}`);\n }\n console.log();\n }\n\n console.log(chalk.bold(`Unset${setVars.length > 0 ? '' : ' (none active)'}`));\n for (const v of unsetVars) {\n console.log(` ${chalk.dim(v.name)} — ${chalk.dim(v.effect)}`);\n }\n}\n\n// --- debug token ---\n\nexport async function runDebugToken(): Promise<void> {\n const creds = getCredentials();\n\n if (!creds) {\n if (isJsonMode()) {\n outputJson({ present: false });\n } else {\n console.log(chalk.yellow('No credentials found'));\n }\n return;\n }\n\n const claims = parseJwt(creds.accessToken);\n const expired = isTokenExpired(creds);\n const timeRemaining = creds.expiresAt - Date.now();\n\n if (isJsonMode()) {\n outputJson({\n present: true,\n format: claims ? 'jwt' : 'opaque',\n expired,\n expiresAt: creds.expiresAt,\n expiresIn: expired\n ? `expired ${formatTimeRemaining(-timeRemaining)} ago`\n : `in ${formatTimeRemaining(timeRemaining)}`,\n claims: claims ?? null,\n refreshToken: { present: !!creds.refreshToken },\n });\n return;\n }\n\n if (claims) {\n console.log(chalk.bold('JWT Token'));\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n console.log();\n console.log(chalk.bold('Claims'));\n for (const [key, value] of Object.entries(claims)) {\n if (key === 'exp' || key === 'iat' || key === 'nbf') {\n const date = new Date((value as number) * 1000).toISOString();\n console.log(` ${key}: ${value} (${date})`);\n } else {\n console.log(` ${key}: ${JSON.stringify(value)}`);\n }\n }\n } else {\n console.log(chalk.bold('Opaque Token'));\n console.log(chalk.dim(' Token is not a JWT — cannot decode claims'));\n console.log(\n ` expires: ${expired ? chalk.red(`expired ${formatTimeRemaining(-timeRemaining)} ago`) : chalk.green(`in ${formatTimeRemaining(timeRemaining)}`)}`,\n );\n }\n\n console.log();\n console.log(` refresh token: ${creds.refreshToken ? chalk.green('present') : chalk.yellow('absent')}`);\n}\n"]}
package/dist/commands/login.js CHANGED
@@ -76,10 +76,6 @@ export async function provisionStagingEnvironment(accessToken) {
76
76
  }
77
77
  export async function runLogin() {
78
78
  const clientId = getCliAuthClientId();
79
- if (!clientId) {
80
- clack.log.error('CLI auth not configured. Set WORKOS_CLI_CLIENT_ID environment variable.');
81
- process.exit(1);
82
- }
83
79
  // Check if already logged in with valid token
84
80
  if (getAccessToken()) {
85
81
  const creds = getCredentials();
package/dist/commands/login.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAG/D;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAEnD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,OAAO;QACL,mBAAmB,EAAE,GAAG,MAAM,8BAA8B;QAC5D,KAAK,EAAE,GAAG,MAAM,eAAe;KAChC,CAAC;AACJ,CAAC;AAuBD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,mBAAmB,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,kEAAkE;SAC1E,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,cAAc,CAAC;IAErC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,EAAE;gBACjD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAExC,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,IAA4B,CAAC;gBAE5C,oCAAoC;gBACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAI,cAAc,EAAE,GAAc,IAAI,SAAS,CAAC;gBAC5D,MAAM,KAAK,GAAI,cAAc,EAAE,KAAgB,IAAI,SAAS,CAAC;gBAE7D,8EAA8E;gBAC9E,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpD,MAAM,SAAS,GACb,SAAS,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEzG,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAEjE,eAAe,CAAC;oBACd,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,SAAS;oBACT,MAAM;oBACN,KAAK;oBACL,YAAY,EAAE,MAAM,CAAC,aAAa;iBACnC,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;gBACrD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;gBAE3D,qCAAqC;gBACrC,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC3E,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;gBACpE,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;gBACzF,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAyB,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACpC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n/**\n * Get Connect OAuth endpoints from AuthKit domain\n */\nfunction getConnectEndpoints() {\n const domain = getAuthkitDomain();\n return {\n deviceAuthorization: `${domain}/oauth2/device_authorization`,\n token: `${domain}/oauth2/token`,\n };\n}\n\ninterface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\ninterface ConnectTokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Auto-provision a staging environment after login.\n *\n * Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n */\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst || !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n if (!clientId) {\n clack.log.error('CLI auth not configured. Set WORKOS_CLI_CLIENT_ID environment variable.');\n process.exit(1);\n }\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n clack.log.step('Starting authentication...');\n\n const endpoints = getConnectEndpoints();\n\n const authResponse = await fetch(endpoints.deviceAuthorization, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: clientId,\n scope: 'openid email staging-environment:credentials:read offline_access',\n }),\n });\n\n if (!authResponse.ok) {\n clack.log.error(`Failed to start authentication: ${authResponse.status}`);\n process.exit(1);\n }\n\n const deviceAuth = (await authResponse.json()) as DeviceAuthResponse;\n const pollIntervalMs = (deviceAuth.interval || 5) * 1000;\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n const startTime = Date.now();\n let currentInterval = pollIntervalMs;\n\n while (Date.now() - startTime < POLL_TIMEOUT_MS) {\n await sleep(currentInterval);\n\n try {\n const tokenResponse = await fetch(endpoints.token, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceAuth.device_code,\n client_id: clientId,\n }),\n });\n\n const data = await tokenResponse.json();\n\n if (tokenResponse.ok) {\n const result = data as ConnectTokenResponse;\n\n // Parse user info from id_token JWT\n const idTokenPayload = parseJwt(result.id_token);\n const userId = (idTokenPayload?.sub as string) || 'unknown';\n const email = (idTokenPayload?.email as string) || undefined;\n\n // Extract actual expiry from access token JWT, fallback to response or 15 min\n const jwtExpiry = getJwtExpiry(result.access_token);\n const expiresAt =\n jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);\n\n const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.access_token,\n expiresAt,\n userId,\n email,\n refreshToken: result.refresh_token,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${email || userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n // Auto-provision staging environment\n const provisioned = await provisionStagingEnvironment(result.access_token);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n return;\n }\n\n const errorData = data as AuthErrorResponse;\n if (errorData.error === 'authorization_pending') continue;\n if (errorData.error === 'slow_down') {\n currentInterval += 5000;\n continue;\n }\n\n spinner.stop('Authentication failed');\n clack.log.error(`Authentication error: ${errorData.error}`);\n process.exit(1);\n } catch {\n continue;\n }\n }\n\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n process.exit(1);\n}\n"]}
1
+ {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAG/D;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAEnD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,OAAO;QACL,mBAAmB,EAAE,GAAG,MAAM,8BAA8B;QAC5D,KAAK,EAAE,GAAG,MAAM,eAAe;KAChC,CAAC;AACJ,CAAC;AAuBD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,mBAAmB,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,kEAAkE;SAC1E,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,cAAc,CAAC;IAErC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,EAAE;gBACjD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAExC,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,IAA4B,CAAC;gBAE5C,oCAAoC;gBACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAI,cAAc,EAAE,GAAc,IAAI,SAAS,CAAC;gBAC5D,MAAM,KAAK,GAAI,cAAc,EAAE,KAAgB,IAAI,SAAS,CAAC;gBAE7D,8EAA8E;gBAC9E,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpD,MAAM,SAAS,GACb,SAAS,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEzG,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAEjE,eAAe,CAAC;oBACd,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,SAAS;oBACT,MAAM;oBACN,KAAK;oBACL,YAAY,EAAE,MAAM,CAAC,aAAa;iBACnC,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;gBACrD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;gBAE3D,qCAAqC;gBACrC,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC3E,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;gBACpE,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;gBACzF,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAyB,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACpC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n/**\n * Get Connect OAuth endpoints from AuthKit domain\n */\nfunction getConnectEndpoints() {\n const domain = getAuthkitDomain();\n return {\n deviceAuthorization: `${domain}/oauth2/device_authorization`,\n token: `${domain}/oauth2/token`,\n };\n}\n\ninterface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\ninterface ConnectTokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Auto-provision a staging environment after login.\n *\n * Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n */\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst || !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim('Run `workos auth logout` to log out'));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n clack.log.step('Starting authentication...');\n\n const endpoints = getConnectEndpoints();\n\n const authResponse = await fetch(endpoints.deviceAuthorization, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: clientId,\n scope: 'openid email staging-environment:credentials:read offline_access',\n }),\n });\n\n if (!authResponse.ok) {\n clack.log.error(`Failed to start authentication: ${authResponse.status}`);\n process.exit(1);\n }\n\n const deviceAuth = (await authResponse.json()) as DeviceAuthResponse;\n const pollIntervalMs = (deviceAuth.interval || 5) * 1000;\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n const startTime = Date.now();\n let currentInterval = pollIntervalMs;\n\n while (Date.now() - startTime < POLL_TIMEOUT_MS) {\n await sleep(currentInterval);\n\n try {\n const tokenResponse = await fetch(endpoints.token, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceAuth.device_code,\n client_id: clientId,\n }),\n });\n\n const data = await tokenResponse.json();\n\n if (tokenResponse.ok) {\n const result = data as ConnectTokenResponse;\n\n // Parse user info from id_token JWT\n const idTokenPayload = parseJwt(result.id_token);\n const userId = (idTokenPayload?.sub as string) || 'unknown';\n const email = (idTokenPayload?.email as string) || undefined;\n\n // Extract actual expiry from access token JWT, fallback to response or 15 min\n const jwtExpiry = getJwtExpiry(result.access_token);\n const expiresAt =\n jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);\n\n const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.access_token,\n expiresAt,\n userId,\n email,\n refreshToken: result.refresh_token,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${email || userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n // Auto-provision staging environment\n const provisioned = await provisionStagingEnvironment(result.access_token);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n return;\n }\n\n const errorData = data as AuthErrorResponse;\n if (errorData.error === 'authorization_pending') continue;\n if (errorData.error === 'slow_down') {\n currentInterval += 5000;\n continue;\n }\n\n spinner.stop('Authentication failed');\n clack.log.error(`Authentication error: ${errorData.error}`);\n process.exit(1);\n } catch {\n continue;\n }\n }\n\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n process.exit(1);\n}\n"]}
package/dist/emulate/core/id.d.ts CHANGED
@@ -10,7 +10,7 @@ export declare const ID_PREFIXES: {
10
10
  readonly directory: "directory";
11
11
  readonly directory_user: "directory_user";
12
12
  readonly directory_group: "directory_grp";
13
- readonly event: "event";
13
+ readonly event: "evt";
14
14
  readonly invitation: "inv";
15
15
  readonly session: "session";
16
16
  readonly email_verification: "email_verification";
@@ -18,9 +18,23 @@ export declare const ID_PREFIXES: {
18
18
  readonly magic_auth: "magic_auth";
19
19
  readonly authentication_factor: "auth_factor";
20
20
  readonly authentication_challenge: "auth_challenge";
21
+ readonly authorization_code: "auth_code";
22
+ readonly identity: "identity";
23
+ readonly sso_authorization: "sso_auth";
24
+ readonly refresh_token: "ref";
25
+ readonly device_authorization: "dev_auth";
21
26
  readonly api_key: "api_key";
22
27
  readonly profile: "prof";
23
28
  readonly pipe_connection: "pipe_conn";
29
+ readonly redirect_uri: "redir";
30
+ readonly cors_origin: "cors";
31
+ readonly authorized_application: "auth_app";
32
+ readonly connected_account: "conn_acct";
33
+ readonly role: "role";
34
+ readonly permission: "perm";
35
+ readonly role_permission: "rp";
36
+ readonly authorization_resource: "auth_res";
37
+ readonly role_assignment: "ra";
24
38
  readonly audit_log_action: "audit_action";
25
39
  readonly audit_log_event: "audit_event";
26
40
  readonly audit_log_export: "audit_export";
@@ -30,4 +44,5 @@ export declare const ID_PREFIXES: {
30
44
  readonly client_secret: "client_secret";
31
45
  readonly data_integration_auth: "di_auth";
32
46
  readonly radar_attempt: "radar_attempt";
47
+ readonly webhook_endpoint: "we";
33
48
  };
package/dist/emulate/core/id.js CHANGED
@@ -34,7 +34,7 @@ export const ID_PREFIXES = {
34
34
  directory: 'directory',
35
35
  directory_user: 'directory_user',
36
36
  directory_group: 'directory_grp',
37
- event: 'event',
37
+ event: 'evt',
38
38
  invitation: 'inv',
39
39
  session: 'session',
40
40
  email_verification: 'email_verification',
@@ -42,9 +42,23 @@ export const ID_PREFIXES = {
42
42
  magic_auth: 'magic_auth',
43
43
  authentication_factor: 'auth_factor',
44
44
  authentication_challenge: 'auth_challenge',
45
+ authorization_code: 'auth_code',
46
+ identity: 'identity',
47
+ sso_authorization: 'sso_auth',
48
+ refresh_token: 'ref',
49
+ device_authorization: 'dev_auth',
45
50
  api_key: 'api_key',
46
51
  profile: 'prof',
47
52
  pipe_connection: 'pipe_conn',
53
+ redirect_uri: 'redir',
54
+ cors_origin: 'cors',
55
+ authorized_application: 'auth_app',
56
+ connected_account: 'conn_acct',
57
+ role: 'role',
58
+ permission: 'perm',
59
+ role_permission: 'rp',
60
+ authorization_resource: 'auth_res',
61
+ role_assignment: 'ra',
48
62
  audit_log_action: 'audit_action',
49
63
  audit_log_event: 'audit_event',
50
64
  audit_log_export: 'audit_export',
@@ -54,5 +68,6 @@ export const ID_PREFIXES = {
54
68
  client_secret: 'client_secret',
55
69
  data_integration_auth: 'di_auth',
56
70
  radar_attempt: 'radar_attempt',
71
+ webhook_endpoint: 'we',
57
72
  };
58
73
  //# sourceMappingURL=id.js.map
package/dist/emulate/core/id.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"id.js","sourceRoot":"","sources":["../../../src/emulate/core/id.ts"],"names":[],"mappings":"AAAA,MAAM,QAAQ,GAAG,kCAAkC,CAAC,CAAC,qBAAqB;AAC1E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK;AAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,uCAAuC;AAC5D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,yBAAyB;AAEhD,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEjB,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACrB,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;QACpB,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,QAAQ,GAAG,GAAG,CAAC;IAEf,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,OAAO,GAAG,QAAQ,CAAC,CAAC,GAAG,YAAY,CAAC,GAAG,OAAO,CAAC;QAC/C,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,QAAQ,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,IAAI,EAAE,MAAM;IACZ,YAAY,EAAE,KAAK;IACnB,uBAAuB,EAAE,IAAI;IAC7B,mBAAmB,EAAE,YAAY;IACjC,UAAU,EAAE,MAAM;IAClB,iBAAiB,EAAE,aAAa;IAChC,SAAS,EAAE,WAAW;IACtB,cAAc,EAAE,gBAAgB;IAChC,eAAe,EAAE,eAAe;IAChC,KAAK,EAAE,OAAO;IACd,UAAU,EAAE,KAAK;IACjB,OAAO,EAAE,SAAS;IAClB,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,UAAU,EAAE,YAAY;IACxB,qBAAqB,EAAE,aAAa;IACpC,wBAAwB,EAAE,gBAAgB;IAC1C,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,MAAM;IACf,eAAe,EAAE,WAAW;IAC5B,gBAAgB,EAAE,cAAc;IAChC,eAAe,EAAE,aAAa;IAC9B,gBAAgB,EAAE,cAAc;IAChC,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,WAAW;IACxB,mBAAmB,EAAE,aAAa;IAClC,aAAa,EAAE,eAAe;IAC9B,qBAAqB,EAAE,SAAS;IAChC,aAAa,EAAE,eAAe;CACtB,CAAC","sourcesContent":["const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; // Crockford's Base32\nconst ENCODING_LEN = ENCODING.length; // 32\nconst TIME_LEN = 10; // 10 chars encodes 48-bit ms timestamp\nconst RANDOM_LEN = 16; // 16 chars of randomness\n\nlet lastTime = 0;\n\nexport function generateId(prefix: string): string {\n let now = Date.now();\n if (now <= lastTime) {\n now = lastTime + 1;\n }\n lastTime = now;\n\n let timeStr = '';\n let t = now;\n for (let i = TIME_LEN - 1; i >= 0; i--) {\n timeStr = ENCODING[t % ENCODING_LEN] + timeStr;\n t = Math.floor(t / ENCODING_LEN);\n }\n\n let randStr = '';\n for (let i = 0; i < RANDOM_LEN; i++) {\n randStr += ENCODING[Math.floor(Math.random() * ENCODING_LEN)];\n }\n\n return `${prefix}_${timeStr}${randStr}`;\n}\n\nexport function resetIdState(): void {\n lastTime = 0;\n}\n\nexport const ID_PREFIXES = {\n user: 'user',\n organization: 'org',\n organization_membership: 'om',\n organization_domain: 'org_domain',\n connection: 'conn',\n connection_domain: 'conn_domain',\n directory: 'directory',\n directory_user: 'directory_user',\n directory_group: 'directory_grp',\n event: 'event',\n invitation: 'inv',\n session: 'session',\n email_verification: 'email_verification',\n password_reset: 'password_reset',\n magic_auth: 'magic_auth',\n authentication_factor: 'auth_factor',\n authentication_challenge: 'auth_challenge',\n api_key: 'api_key',\n profile: 'prof',\n pipe_connection: 'pipe_conn',\n audit_log_action: 'audit_action',\n audit_log_event: 'audit_event',\n audit_log_export: 'audit_export',\n feature_flag: 'ff',\n flag_target: 'ff_target',\n connect_application: 'connect_app',\n client_secret: 'client_secret',\n data_integration_auth: 'di_auth',\n radar_attempt: 'radar_attempt',\n} as const;\n"]}
1
+ {"version":3,"file":"id.js","sourceRoot":"","sources":["../../../src/emulate/core/id.ts"],"names":[],"mappings":"AAAA,MAAM,QAAQ,GAAG,kCAAkC,CAAC,CAAC,qBAAqB;AAC1E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK;AAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,uCAAuC;AAC5D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,yBAAyB;AAEhD,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEjB,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACrB,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;QACpB,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,QAAQ,GAAG,GAAG,CAAC;IAEf,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,OAAO,GAAG,QAAQ,CAAC,CAAC,GAAG,YAAY,CAAC,GAAG,OAAO,CAAC;QAC/C,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,QAAQ,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,IAAI,EAAE,MAAM;IACZ,YAAY,EAAE,KAAK;IACnB,uBAAuB,EAAE,IAAI;IAC7B,mBAAmB,EAAE,YAAY;IACjC,UAAU,EAAE,MAAM;IAClB,iBAAiB,EAAE,aAAa;IAChC,SAAS,EAAE,WAAW;IACtB,cAAc,EAAE,gBAAgB;IAChC,eAAe,EAAE,eAAe;IAChC,KAAK,EAAE,KAAK;IACZ,UAAU,EAAE,KAAK;IACjB,OAAO,EAAE,SAAS;IAClB,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,UAAU,EAAE,YAAY;IACxB,qBAAqB,EAAE,aAAa;IACpC,wBAAwB,EAAE,gBAAgB;IAC1C,kBAAkB,EAAE,WAAW;IAC/B,QAAQ,EAAE,UAAU;IACpB,iBAAiB,EAAE,UAAU;IAC7B,aAAa,EAAE,KAAK;IACpB,oBAAoB,EAAE,UAAU;IAChC,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,MAAM;IACf,eAAe,EAAE,WAAW;IAC5B,YAAY,EAAE,OAAO;IACrB,WAAW,EAAE,MAAM;IACnB,sBAAsB,EAAE,UAAU;IAClC,iBAAiB,EAAE,WAAW;IAC9B,IAAI,EAAE,MAAM;IACZ,UAAU,EAAE,MAAM;IAClB,eAAe,EAAE,IAAI;IACrB,sBAAsB,EAAE,UAAU;IAClC,eAAe,EAAE,IAAI;IACrB,gBAAgB,EAAE,cAAc;IAChC,eAAe,EAAE,aAAa;IAC9B,gBAAgB,EAAE,cAAc;IAChC,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,WAAW;IACxB,mBAAmB,EAAE,aAAa;IAClC,aAAa,EAAE,eAAe;IAC9B,qBAAqB,EAAE,SAAS;IAChC,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,IAAI;CACd,CAAC","sourcesContent":["const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; // Crockford's Base32\nconst ENCODING_LEN = ENCODING.length; // 32\nconst TIME_LEN = 10; // 10 chars encodes 48-bit ms timestamp\nconst RANDOM_LEN = 16; // 16 chars of randomness\n\nlet lastTime = 0;\n\nexport function generateId(prefix: string): string {\n let now = Date.now();\n if (now <= lastTime) {\n now = lastTime + 1;\n }\n lastTime = now;\n\n let timeStr = '';\n let t = now;\n for (let i = TIME_LEN - 1; i >= 0; i--) {\n timeStr = ENCODING[t % ENCODING_LEN] + timeStr;\n t = Math.floor(t / ENCODING_LEN);\n }\n\n let randStr = '';\n for (let i = 0; i < RANDOM_LEN; i++) {\n randStr += ENCODING[Math.floor(Math.random() * ENCODING_LEN)];\n }\n\n return `${prefix}_${timeStr}${randStr}`;\n}\n\nexport function resetIdState(): void {\n lastTime = 0;\n}\n\nexport const ID_PREFIXES = {\n user: 'user',\n organization: 'org',\n organization_membership: 'om',\n organization_domain: 'org_domain',\n connection: 'conn',\n connection_domain: 'conn_domain',\n directory: 'directory',\n directory_user: 'directory_user',\n directory_group: 'directory_grp',\n event: 'evt',\n invitation: 'inv',\n session: 'session',\n email_verification: 'email_verification',\n password_reset: 'password_reset',\n magic_auth: 'magic_auth',\n authentication_factor: 'auth_factor',\n authentication_challenge: 'auth_challenge',\n authorization_code: 'auth_code',\n identity: 'identity',\n sso_authorization: 'sso_auth',\n refresh_token: 'ref',\n device_authorization: 'dev_auth',\n api_key: 'api_key',\n profile: 'prof',\n pipe_connection: 'pipe_conn',\n redirect_uri: 'redir',\n cors_origin: 'cors',\n authorized_application: 'auth_app',\n connected_account: 'conn_acct',\n role: 'role',\n permission: 'perm',\n role_permission: 'rp',\n authorization_resource: 'auth_res',\n role_assignment: 'ra',\n audit_log_action: 'audit_action',\n audit_log_event: 'audit_event',\n audit_log_export: 'audit_export',\n feature_flag: 'ff',\n flag_target: 'ff_target',\n connect_application: 'connect_app',\n client_secret: 'client_secret',\n data_integration_auth: 'di_auth',\n radar_attempt: 'radar_attempt',\n webhook_endpoint: 'we',\n} as const;\n"]}
package/dist/emulate/core/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export { Store, Collection, type Entity, type InsertInput, type FilterFn, type SortFn, type CollectionHooks, } from './store.js';
2
2
  export { generateId, resetIdState, ID_PREFIXES } from './id.js';
3
- export { cursorPaginate, type CursorPaginationOptions, type CursorPaginatedResult } from './pagination.js';
3
+ export { parseListParams, cursorPaginate, type CursorPaginationOptions, type CursorPaginatedResult, } from './pagination.js';
4
4
  export { JWTManager, type JWTPayload } from './jwt.js';
5
5
  export { createServer, type ServerOptions } from './server.js';
6
6
  export { type ServicePlugin, type RouteContext } from './plugin.js';
package/dist/emulate/core/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export { Store, Collection, } from './store.js';
2
2
  export { generateId, resetIdState, ID_PREFIXES } from './id.js';
3
- export { cursorPaginate } from './pagination.js';
3
+ export { parseListParams, cursorPaginate, } from './pagination.js';
4
4
  export { JWTManager } from './jwt.js';
5
5
  export { createServer } from './server.js';
6
6
  export { WorkOSApiError, createApiErrorHandler, requestIdMiddleware, notFound, validationError, unauthorized, forbidden, parseJsonBody, } from './middleware/error-handler.js';
package/dist/emulate/core/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/emulate/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,UAAU,GAMX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,cAAc,EAA4D,MAAM,iBAAiB,CAAC;AAC3G,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AACvD,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;AAE/D,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,mBAAmB,EACnB,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAA6D,MAAM,sBAAsB,CAAC","sourcesContent":["export {\n Store,\n Collection,\n type Entity,\n type InsertInput,\n type FilterFn,\n type SortFn,\n type CollectionHooks,\n} from './store.js';\nexport { generateId, resetIdState, ID_PREFIXES } from './id.js';\nexport { cursorPaginate, type CursorPaginationOptions, type CursorPaginatedResult } from './pagination.js';\nexport { JWTManager, type JWTPayload } from './jwt.js';\nexport { createServer, type ServerOptions } from './server.js';\nexport { type ServicePlugin, type RouteContext } from './plugin.js';\nexport {\n WorkOSApiError,\n createApiErrorHandler,\n requestIdMiddleware,\n notFound,\n validationError,\n unauthorized,\n forbidden,\n parseJsonBody,\n} from './middleware/error-handler.js';\nexport { authMiddleware, type WorkOSAppEnv, type WorkOSAuthContext, type ApiKeyMap } from './middleware/auth.js';\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/emulate/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,UAAU,GAMX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EACL,eAAe,EACf,cAAc,GAGf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AACvD,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;AAE/D,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,mBAAmB,EACnB,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAA6D,MAAM,sBAAsB,CAAC","sourcesContent":["export {\n Store,\n Collection,\n type Entity,\n type InsertInput,\n type FilterFn,\n type SortFn,\n type CollectionHooks,\n} from './store.js';\nexport { generateId, resetIdState, ID_PREFIXES } from './id.js';\nexport {\n parseListParams,\n cursorPaginate,\n type CursorPaginationOptions,\n type CursorPaginatedResult,\n} from './pagination.js';\nexport { JWTManager, type JWTPayload } from './jwt.js';\nexport { createServer, type ServerOptions } from './server.js';\nexport { type ServicePlugin, type RouteContext } from './plugin.js';\nexport {\n WorkOSApiError,\n createApiErrorHandler,\n requestIdMiddleware,\n notFound,\n validationError,\n unauthorized,\n forbidden,\n parseJsonBody,\n} from './middleware/error-handler.js';\nexport { authMiddleware, type WorkOSAppEnv, type WorkOSAuthContext, type ApiKeyMap } from './middleware/auth.js';\n"]}
package/dist/emulate/core/middleware/auth.d.ts CHANGED
@@ -12,7 +12,4 @@ export type WorkOSAppEnv = {
12
12
  export type ApiKeyMap = Record<string, {
13
13
  environment: string;
14
14
  }>;
15
- export declare function authMiddleware(apiKeys: ApiKeyMap): (c: Context, next: Next) => Promise<(Response & import("hono").TypedResponse<{
16
- message: string;
17
- code: string;
18
- }, 401, "json">) | undefined>;
15
+ export declare function authMiddleware(apiKeys: ApiKeyMap): (c: Context, next: Next) => Promise<void>;
package/dist/emulate/core/middleware/auth.js CHANGED
@@ -1,26 +1,15 @@
1
+ import { unauthorized } from './error-handler.js';
1
2
  export function authMiddleware(apiKeys) {
2
3
  return async (c, next) => {
3
4
  const authHeader = c.req.header('Authorization');
4
- if (!authHeader) {
5
- return c.json({
6
- message: 'Unauthorized',
7
- code: 'unauthorized',
8
- }, 401);
9
- }
5
+ if (!authHeader)
6
+ throw unauthorized();
10
7
  const token = authHeader.replace(/^Bearer\s+/i, '').trim();
11
- if (!token.startsWith('sk_')) {
12
- return c.json({
13
- message: 'Unauthorized',
14
- code: 'unauthorized',
15
- }, 401);
16
- }
8
+ if (!token.startsWith('sk_'))
9
+ throw unauthorized();
17
10
  const keyInfo = apiKeys[token];
18
- if (!keyInfo) {
19
- return c.json({
20
- message: 'Unauthorized',
21
- code: 'unauthorized',
22
- }, 401);
23
- }
11
+ if (!keyInfo)
12
+ throw unauthorized();
24
13
  c.set('auth', { environment: keyInfo.environment, apiKey: token });
25
14
  await next();
26
15
  };
package/dist/emulate/core/middleware/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/emulate/core/middleware/auth.ts"],"names":[],"mappings":"AAgBA,MAAM,UAAU,cAAc,CAAC,OAAkB;IAC/C,OAAO,KAAK,EAAE,CAAU,EAAE,IAAU,EAAE,EAAE;QACtC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,cAAc;gBACvB,IAAI,EAAE,cAAc;aACrB,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAE3D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,cAAc;gBACvB,IAAI,EAAE,cAAc;aACrB,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,cAAc;gBACvB,IAAI,EAAE,cAAc;aACrB,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAA8B,CAAC,CAAC;QAC/F,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { Context, Next } from 'hono';\n\nexport interface WorkOSAuthContext {\n environment: string;\n apiKey: string;\n}\n\nexport type WorkOSAppEnv = {\n Variables: {\n auth?: WorkOSAuthContext;\n requestId?: string;\n };\n};\n\nexport type ApiKeyMap = Record<string, { environment: string }>;\n\nexport function authMiddleware(apiKeys: ApiKeyMap) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header('Authorization');\n if (!authHeader) {\n return c.json(\n {\n message: 'Unauthorized',\n code: 'unauthorized',\n },\n 401,\n );\n }\n\n const token = authHeader.replace(/^Bearer\\s+/i, '').trim();\n\n if (!token.startsWith('sk_')) {\n return c.json(\n {\n message: 'Unauthorized',\n code: 'unauthorized',\n },\n 401,\n );\n }\n\n const keyInfo = apiKeys[token];\n if (!keyInfo) {\n return c.json(\n {\n message: 'Unauthorized',\n code: 'unauthorized',\n },\n 401,\n );\n }\n\n c.set('auth', { environment: keyInfo.environment, apiKey: token } satisfies WorkOSAuthContext);\n await next();\n };\n}\n"]}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/emulate/core/middleware/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAgBlD,MAAM,UAAU,cAAc,CAAC,OAAkB;IAC/C,OAAO,KAAK,EAAE,CAAU,EAAE,IAAU,EAAE,EAAE;QACtC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU;YAAE,MAAM,YAAY,EAAE,CAAC;QAEtC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,MAAM,YAAY,EAAE,CAAC;QAEnD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO;YAAE,MAAM,YAAY,EAAE,CAAC;QAEnC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAA8B,CAAC,CAAC;QAC/F,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { Context, Next } from 'hono';\nimport { unauthorized } from './error-handler.js';\n\nexport interface WorkOSAuthContext {\n environment: string;\n apiKey: string;\n}\n\nexport type WorkOSAppEnv = {\n Variables: {\n auth?: WorkOSAuthContext;\n requestId?: string;\n };\n};\n\nexport type ApiKeyMap = Record<string, { environment: string }>;\n\nexport function authMiddleware(apiKeys: ApiKeyMap) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header('Authorization');\n if (!authHeader) throw unauthorized();\n\n const token = authHeader.replace(/^Bearer\\s+/i, '').trim();\n if (!token.startsWith('sk_')) throw unauthorized();\n\n const keyInfo = apiKeys[token];\n if (!keyInfo) throw unauthorized();\n\n c.set('auth', { environment: keyInfo.environment, apiKey: token } satisfies WorkOSAuthContext);\n await next();\n };\n}\n"]}
package/dist/emulate/core/pagination.d.ts CHANGED
@@ -18,4 +18,10 @@ export interface CursorPaginatedResult<T> {
18
18
  after: string | null;
19
19
  };
20
20
  }
21
+ export declare function parseListParams(url: URL): {
22
+ limit: number;
23
+ order: "asc" | "desc";
24
+ before: string | undefined;
25
+ after: string | undefined;
26
+ };
21
27
  export declare function cursorPaginate<T extends Entity>(items: T[], options?: CursorPaginationOptions<T>): CursorPaginatedResult<T>;
package/dist/emulate/core/pagination.js CHANGED
@@ -1,5 +1,13 @@
1
+ export function parseListParams(url) {
2
+ const limit = parseInt(url.searchParams.get('limit') ?? '10') || 10;
3
+ const order = url.searchParams.get('order') ?? 'desc';
4
+ const before = url.searchParams.get('before') ?? undefined;
5
+ const after = url.searchParams.get('after') ?? undefined;
6
+ return { limit, order, before, after };
7
+ }
1
8
  export function cursorPaginate(items, options = {}) {
2
- let filtered = options.filter ? items.filter(options.filter) : [...items];
9
+ // Callers must pass a fresh array (e.g. Collection.all()) sort mutates in-place
10
+ let filtered = options.filter ? items.filter(options.filter) : items;
3
11
  const order = options.order ?? 'desc';
4
12
  const defaultSort = (a, b) => order === 'desc'
5
13
  ? b.created_at.localeCompare(a.created_at) || b.id.localeCompare(a.id)
package/dist/emulate/core/pagination.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"pagination.js","sourceRoot":"","sources":["../../../src/emulate/core/pagination.ts"],"names":[],"mappings":"AAuBA,MAAM,UAAU,cAAc,CAC5B,KAAU,EACV,UAAsC,EAAE;IAExC,IAAI,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAE1E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,MAAM,WAAW,GAAG,CAAC,CAAI,EAAE,CAAI,EAAE,EAAE,CACjC,KAAK,KAAK,MAAM;QACd,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC,CAAC;IAE3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IAE9D,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE/B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3E,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACtB,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7E,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;YACvB,QAAQ,GAAG,WAAW,CAAC;QACzB,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC;IACtC,MAAM,OAAO,GAAG,UAAU,GAAG,CAAC,CAAC;IAE/B,OAAO;QACL,IAAI,EAAE,IAAI;QACV,aAAa,EAAE;YACb,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;YACtD,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;SACpE;KACF,CAAC;AACJ,CAAC","sourcesContent":["export interface Entity {\n id: string;\n created_at: string;\n updated_at: string;\n}\n\nexport interface CursorPaginationOptions<T> {\n filter?: (item: T) => boolean;\n sort?: (a: T, b: T) => number;\n limit?: number;\n order?: 'asc' | 'desc';\n before?: string;\n after?: string;\n}\n\nexport interface CursorPaginatedResult<T> {\n data: T[];\n list_metadata: {\n before: string | null;\n after: string | null;\n };\n}\n\nexport function cursorPaginate<T extends Entity>(\n items: T[],\n options: CursorPaginationOptions<T> = {},\n): CursorPaginatedResult<T> {\n let filtered = options.filter ? items.filter(options.filter) : [...items];\n\n const order = options.order ?? 'desc';\n const defaultSort = (a: T, b: T) =>\n order === 'desc'\n ? b.created_at.localeCompare(a.created_at) || b.id.localeCompare(a.id)\n : a.created_at.localeCompare(b.created_at) || a.id.localeCompare(b.id);\n\n filtered.sort(options.sort ?? defaultSort);\n\n const limit = Math.max(1, Math.min(options.limit ?? 10, 100));\n\n let startIndex = 0;\n let endIndex = filtered.length;\n\n if (options.after) {\n const afterIndex = filtered.findIndex((item) => item.id === options.after);\n if (afterIndex !== -1) {\n startIndex = afterIndex + 1;\n }\n }\n\n if (options.before) {\n const beforeIndex = filtered.findIndex((item) => item.id === options.before);\n if (beforeIndex !== -1) {\n endIndex = beforeIndex;\n }\n }\n\n const window = filtered.slice(startIndex, endIndex);\n const page = window.slice(0, limit);\n\n const hasMore = window.length > limit;\n const hasPrev = startIndex > 0;\n\n return {\n data: page,\n list_metadata: {\n before: page.length > 0 && hasPrev ? page[0].id : null,\n after: page.length > 0 && hasMore ? page[page.length - 1].id : null,\n },\n };\n}\n"]}
1
+ {"version":3,"file":"pagination.js","sourceRoot":"","sources":["../../../src/emulate/core/pagination.ts"],"names":[],"mappings":"AAuBA,MAAM,UAAU,eAAe,CAAC,GAAQ;IACtC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;IACpE,MAAM,KAAK,GAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAoB,IAAI,MAAM,CAAC;IAC1E,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACzD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,KAAU,EACV,UAAsC,EAAE;IAExC,kFAAkF;IAClF,IAAI,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAErE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,MAAM,WAAW,GAAG,CAAC,CAAI,EAAE,CAAI,EAAE,EAAE,CACjC,KAAK,KAAK,MAAM;QACd,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC,CAAC;IAE3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IAE9D,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE/B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3E,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACtB,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7E,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;YACvB,QAAQ,GAAG,WAAW,CAAC;QACzB,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC;IACtC,MAAM,OAAO,GAAG,UAAU,GAAG,CAAC,CAAC;IAE/B,OAAO;QACL,IAAI,EAAE,IAAI;QACV,aAAa,EAAE;YACb,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;YACtD,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;SACpE;KACF,CAAC;AACJ,CAAC","sourcesContent":["export interface Entity {\n id: string;\n created_at: string;\n updated_at: string;\n}\n\nexport interface CursorPaginationOptions<T> {\n filter?: (item: T) => boolean;\n sort?: (a: T, b: T) => number;\n limit?: number;\n order?: 'asc' | 'desc';\n before?: string;\n after?: string;\n}\n\nexport interface CursorPaginatedResult<T> {\n data: T[];\n list_metadata: {\n before: string | null;\n after: string | null;\n };\n}\n\nexport function parseListParams(url: URL) {\n const limit = parseInt(url.searchParams.get('limit') ?? '10') || 10;\n const order = (url.searchParams.get('order') as 'asc' | 'desc') ?? 'desc';\n const before = url.searchParams.get('before') ?? undefined;\n const after = url.searchParams.get('after') ?? undefined;\n return { limit, order, before, after };\n}\n\nexport function cursorPaginate<T extends Entity>(\n items: T[],\n options: CursorPaginationOptions<T> = {},\n): CursorPaginatedResult<T> {\n // Callers must pass a fresh array (e.g. Collection.all()) — sort mutates in-place\n let filtered = options.filter ? items.filter(options.filter) : items;\n\n const order = options.order ?? 'desc';\n const defaultSort = (a: T, b: T) =>\n order === 'desc'\n ? b.created_at.localeCompare(a.created_at) || b.id.localeCompare(a.id)\n : a.created_at.localeCompare(b.created_at) || a.id.localeCompare(b.id);\n\n filtered.sort(options.sort ?? defaultSort);\n\n const limit = Math.max(1, Math.min(options.limit ?? 10, 100));\n\n let startIndex = 0;\n let endIndex = filtered.length;\n\n if (options.after) {\n const afterIndex = filtered.findIndex((item) => item.id === options.after);\n if (afterIndex !== -1) {\n startIndex = afterIndex + 1;\n }\n }\n\n if (options.before) {\n const beforeIndex = filtered.findIndex((item) => item.id === options.before);\n if (beforeIndex !== -1) {\n endIndex = beforeIndex;\n }\n }\n\n const window = filtered.slice(startIndex, endIndex);\n const page = window.slice(0, limit);\n\n const hasMore = window.length > limit;\n const hasPrev = startIndex > 0;\n\n return {\n data: page,\n list_metadata: {\n before: page.length > 0 && hasPrev ? page[0].id : null,\n after: page.length > 0 && hasMore ? page[page.length - 1].id : null,\n },\n };\n}\n"]}
package/dist/emulate/core/server.js CHANGED
@@ -20,56 +20,30 @@ export function createServer(plugin, options = {}) {
20
20
  app.get('/sso/jwks/:client_id', (c) => {
21
21
  return c.json(jwt.getJWKS());
22
22
  });
23
- // Auth middleware for API routes
24
- app.use('/api/*', authMiddleware(apiKeys));
25
- app.use('/user_management/*', async (c, next) => {
23
+ // Auth middleware single catch-all instance
24
+ const auth = authMiddleware(apiKeys);
25
+ const PUBLIC_PATHS = new Set([
26
+ '/health',
27
+ '/user_management/authorize',
28
+ '/user_management/authenticate',
29
+ '/user_management/sessions/logout',
30
+ ]);
31
+ const PUBLIC_PATH_PREFIXES = ['/sso/', '/user_management/sessions/jwks/', '/data-integrations/'];
32
+ app.use('*', async (c, next) => {
26
33
  const path = new URL(c.req.url).pathname;
27
- // Public endpoints (no auth required)
28
- if (path === '/user_management/authorize' ||
29
- path === '/user_management/authenticate' ||
30
- path === '/user_management/sessions/logout' ||
31
- path.startsWith('/user_management/sessions/jwks/')) {
34
+ // Skip auth for public paths
35
+ if (PUBLIC_PATHS.has(path))
32
36
  return next();
37
+ for (const prefix of PUBLIC_PATH_PREFIXES) {
38
+ if (path.startsWith(prefix)) {
39
+ // data-integrations: only /authorize subpath is public
40
+ if (prefix === '/data-integrations/' && !path.endsWith('/authorize'))
41
+ break;
42
+ return next();
43
+ }
33
44
  }
34
- return authMiddleware(apiKeys)(c, next);
35
- });
36
- app.use('/x/authkit/*', authMiddleware(apiKeys));
37
- app.use('/organizations', authMiddleware(apiKeys));
38
- app.use('/organizations/*', authMiddleware(apiKeys));
39
- app.use('/organization_memberships', authMiddleware(apiKeys));
40
- app.use('/organization_memberships/*', authMiddleware(apiKeys));
41
- app.use('/organization_domains', authMiddleware(apiKeys));
42
- app.use('/organization_domains/*', authMiddleware(apiKeys));
43
- app.use('/connections', authMiddleware(apiKeys));
44
- app.use('/connections/*', authMiddleware(apiKeys));
45
- app.use('/directories', authMiddleware(apiKeys));
46
- app.use('/directories/*', authMiddleware(apiKeys));
47
- app.use('/directory_groups', authMiddleware(apiKeys));
48
- app.use('/directory_groups/*', authMiddleware(apiKeys));
49
- app.use('/directory_users', authMiddleware(apiKeys));
50
- app.use('/directory_users/*', authMiddleware(apiKeys));
51
- app.use('/events', authMiddleware(apiKeys));
52
- app.use('/events/*', authMiddleware(apiKeys));
53
- app.use('/pipes/*', authMiddleware(apiKeys));
54
- app.use('/audit_logs/*', authMiddleware(apiKeys));
55
- app.use('/feature-flags', authMiddleware(apiKeys));
56
- app.use('/feature-flags/*', authMiddleware(apiKeys));
57
- app.use('/connect/*', authMiddleware(apiKeys));
58
- app.use('/data-integrations/*', async (c, next) => {
59
- const path = new URL(c.req.url).pathname;
60
- if (path.endsWith('/authorize'))
61
- return next();
62
- return authMiddleware(apiKeys)(c, next);
45
+ return auth(c, next);
63
46
  });
64
- app.use('/radar/*', authMiddleware(apiKeys));
65
- app.use('/api_keys', authMiddleware(apiKeys));
66
- app.use('/api_keys/*', authMiddleware(apiKeys));
67
- app.use('/portal/*', authMiddleware(apiKeys));
68
- app.use('/webhook_endpoints', authMiddleware(apiKeys));
69
- app.use('/webhook_endpoints/*', authMiddleware(apiKeys));
70
- app.use('/auth/factors', authMiddleware(apiKeys));
71
- app.use('/auth/factors/*', authMiddleware(apiKeys));
72
- app.use('/auth/challenges/*', authMiddleware(apiKeys));
73
47
  // Rate limiting
74
48
  const rateLimitCounters = new Map();
75
49
  let lastPruneAt = Math.floor(Date.now() / 1000);
package/dist/emulate/core/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/emulate/core/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAC3F,OAAO,EAAE,cAAc,EAAqC,MAAM,sBAAsB,CAAC;AASzF,MAAM,UAAU,YAAY,CAAC,MAAqB,EAAE,UAAyB,EAAE;IAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;IAClC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,oBAAoB,IAAI,EAAE,CAAC;IAE9D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAgB,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAc,OAAO,CAAC,OAAO,IAAI;QAC5C,eAAe,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE;KACzC,CAAC;IAEF,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACrC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAEpC,kCAAkC;IAClC,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;QACpC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,iCAAiC;IACjC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACzC,sCAAsC;QACtC,IACE,IAAI,KAAK,4BAA4B;YACrC,IAAI,KAAK,+BAA+B;YACxC,IAAI,KAAK,kCAAkC;YAC3C,IAAI,CAAC,UAAU,CAAC,iCAAiC,CAAC,EAClD,CAAC;YACD,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACnD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,CAAC,2BAA2B,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,6BAA6B,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAChE,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1D,GAAG,CAAC,GAAG,CAAC,yBAAyB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5D,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACnD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACnD,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACvD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5C,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9C,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACnD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAChD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC/C,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7C,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9C,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9C,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACvD,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACpD,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAEvD,gBAAgB;IAChB,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkD,CAAC;IACpF,IAAI,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAEhD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,IAAI,eAAe,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,IAAI,GAAG,GAAG,WAAW,GAAG,IAAI,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC;gBACzC,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG;oBAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACtD,CAAC;YACD,WAAW,GAAG,GAAG,CAAC;QACpB,CAAC;QAED,IAAI,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,IAAI,GAAG,EAAE,CAAC;YACvC,OAAO,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,EAAE,EAAE,CAAC;YACjD,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QAEvD,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvD,IAAI,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAC5B,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,mBAAmB;gBAC5B,IAAI,EAAE,qBAAqB;aAC5B,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,qCAAqC;IACrC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAEpC,yBAAyB;IACzB,MAAM,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9C,oBAAoB;IACpB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CACjB,CAAC,CAAC,IAAI,CACJ;QACE,OAAO,EAAE,WAAW;QACpB,IAAI,EAAE,WAAW;KAClB,EACD,GAAG,CACJ,CACF,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC","sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { Store } from './store.js';\nimport { JWTManager } from './jwt.js';\nimport { createApiErrorHandler, requestIdMiddleware } from './middleware/error-handler.js';\nimport { authMiddleware, type ApiKeyMap, type WorkOSAppEnv } from './middleware/auth.js';\nimport type { ServicePlugin } from './plugin.js';\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n apiKeys?: ApiKeyMap;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4100;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<WorkOSAppEnv>();\n const store = new Store();\n const jwt = new JWTManager(baseUrl);\n\n const apiKeys: ApiKeyMap = options.apiKeys ?? {\n sk_test_default: { environment: 'test' },\n };\n\n app.onError(createApiErrorHandler());\n app.use('*', cors());\n app.use('*', requestIdMiddleware());\n\n // JWKS endpoint (public, no auth)\n app.get('/sso/jwks/:client_id', (c) => {\n return c.json(jwt.getJWKS());\n });\n\n // Auth middleware for API routes\n app.use('/api/*', authMiddleware(apiKeys));\n app.use('/user_management/*', async (c, next) => {\n const path = new URL(c.req.url).pathname;\n // Public endpoints (no auth required)\n if (\n path === '/user_management/authorize' ||\n path === '/user_management/authenticate' ||\n path === '/user_management/sessions/logout' ||\n path.startsWith('/user_management/sessions/jwks/')\n ) {\n return next();\n }\n return authMiddleware(apiKeys)(c, next);\n });\n app.use('/x/authkit/*', authMiddleware(apiKeys));\n app.use('/organizations', authMiddleware(apiKeys));\n app.use('/organizations/*', authMiddleware(apiKeys));\n app.use('/organization_memberships', authMiddleware(apiKeys));\n app.use('/organization_memberships/*', authMiddleware(apiKeys));\n app.use('/organization_domains', authMiddleware(apiKeys));\n app.use('/organization_domains/*', authMiddleware(apiKeys));\n app.use('/connections', authMiddleware(apiKeys));\n app.use('/connections/*', authMiddleware(apiKeys));\n app.use('/directories', authMiddleware(apiKeys));\n app.use('/directories/*', authMiddleware(apiKeys));\n app.use('/directory_groups', authMiddleware(apiKeys));\n app.use('/directory_groups/*', authMiddleware(apiKeys));\n app.use('/directory_users', authMiddleware(apiKeys));\n app.use('/directory_users/*', authMiddleware(apiKeys));\n app.use('/events', authMiddleware(apiKeys));\n app.use('/events/*', authMiddleware(apiKeys));\n app.use('/pipes/*', authMiddleware(apiKeys));\n app.use('/audit_logs/*', authMiddleware(apiKeys));\n app.use('/feature-flags', authMiddleware(apiKeys));\n app.use('/feature-flags/*', authMiddleware(apiKeys));\n app.use('/connect/*', authMiddleware(apiKeys));\n app.use('/data-integrations/*', async (c, next) => {\n const path = new URL(c.req.url).pathname;\n if (path.endsWith('/authorize')) return next();\n return authMiddleware(apiKeys)(c, next);\n });\n app.use('/radar/*', authMiddleware(apiKeys));\n app.use('/api_keys', authMiddleware(apiKeys));\n app.use('/api_keys/*', authMiddleware(apiKeys));\n app.use('/portal/*', authMiddleware(apiKeys));\n app.use('/webhook_endpoints', authMiddleware(apiKeys));\n app.use('/webhook_endpoints/*', authMiddleware(apiKeys));\n app.use('/auth/factors', authMiddleware(apiKeys));\n app.use('/auth/factors/*', authMiddleware(apiKeys));\n app.use('/auth/challenges/*', authMiddleware(apiKeys));\n\n // Rate limiting\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use('*', async (c, next) => {\n const auth = c.get('auth');\n const key = auth?.apiKey ?? '__anonymous__';\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [k, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(k);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(key);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 1000, resetAt: now + 60 };\n rateLimitCounters.set(key, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header('X-RateLimit-Limit', '1000');\n c.header('X-RateLimit-Remaining', String(counter.remaining));\n c.header('X-RateLimit-Reset', String(counter.resetAt));\n\n if (counter.remaining === 0) {\n c.header('Retry-After', String(counter.resetAt - now));\n return c.json(\n {\n message: 'Too Many Requests',\n code: 'rate_limit_exceeded',\n },\n 429,\n );\n }\n\n await next();\n });\n\n // Store API key map for route access\n store.setData('apiKeyMap', apiKeys);\n\n // Register plugin routes\n plugin.register({ app, store, jwt, baseUrl });\n\n // Not found handler\n app.notFound((c) =>\n c.json(\n {\n message: 'Not Found',\n code: 'not_found',\n },\n 404,\n ),\n );\n\n return { app, store, jwt, port, baseUrl };\n}\n"]}
1
+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/emulate/core/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAC3F,OAAO,EAAE,cAAc,EAAqC,MAAM,sBAAsB,CAAC;AASzF,MAAM,UAAU,YAAY,CAAC,MAAqB,EAAE,UAAyB,EAAE;IAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;IAClC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,oBAAoB,IAAI,EAAE,CAAC;IAE9D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAgB,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAc,OAAO,CAAC,OAAO,IAAI;QAC5C,eAAe,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE;KACzC,CAAC;IAEF,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACrC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAEpC,kCAAkC;IAClC,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;QACpC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,SAAS;QACT,4BAA4B;QAC5B,+BAA+B;QAC/B,kCAAkC;KACnC,CAAC,CAAC;IAEH,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,iCAAiC,EAAE,qBAAqB,CAAC,CAAC;IAEjG,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QAEzC,6BAA6B;QAC7B,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,oBAAoB,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5B,uDAAuD;gBACvD,IAAI,MAAM,KAAK,qBAAqB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAAE,MAAM;gBAC5E,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,gBAAgB;IAChB,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkD,CAAC;IACpF,IAAI,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAEhD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,IAAI,eAAe,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,IAAI,GAAG,GAAG,WAAW,GAAG,IAAI,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC;gBACzC,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG;oBAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACtD,CAAC;YACD,WAAW,GAAG,GAAG,CAAC;QACpB,CAAC;QAED,IAAI,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,IAAI,GAAG,EAAE,CAAC;YACvC,OAAO,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,EAAE,EAAE,CAAC;YACjD,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QAEvD,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvD,IAAI,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAC5B,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,mBAAmB;gBAC5B,IAAI,EAAE,qBAAqB;aAC5B,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,qCAAqC;IACrC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAEpC,yBAAyB;IACzB,MAAM,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9C,oBAAoB;IACpB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CACjB,CAAC,CAAC,IAAI,CACJ;QACE,OAAO,EAAE,WAAW;QACpB,IAAI,EAAE,WAAW;KAClB,EACD,GAAG,CACJ,CACF,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC","sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { Store } from './store.js';\nimport { JWTManager } from './jwt.js';\nimport { createApiErrorHandler, requestIdMiddleware } from './middleware/error-handler.js';\nimport { authMiddleware, type ApiKeyMap, type WorkOSAppEnv } from './middleware/auth.js';\nimport type { ServicePlugin } from './plugin.js';\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n apiKeys?: ApiKeyMap;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4100;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<WorkOSAppEnv>();\n const store = new Store();\n const jwt = new JWTManager(baseUrl);\n\n const apiKeys: ApiKeyMap = options.apiKeys ?? {\n sk_test_default: { environment: 'test' },\n };\n\n app.onError(createApiErrorHandler());\n app.use('*', cors());\n app.use('*', requestIdMiddleware());\n\n // JWKS endpoint (public, no auth)\n app.get('/sso/jwks/:client_id', (c) => {\n return c.json(jwt.getJWKS());\n });\n\n // Auth middleware — single catch-all instance\n const auth = authMiddleware(apiKeys);\n\n const PUBLIC_PATHS = new Set([\n '/health',\n '/user_management/authorize',\n '/user_management/authenticate',\n '/user_management/sessions/logout',\n ]);\n\n const PUBLIC_PATH_PREFIXES = ['/sso/', '/user_management/sessions/jwks/', '/data-integrations/'];\n\n app.use('*', async (c, next) => {\n const path = new URL(c.req.url).pathname;\n\n // Skip auth for public paths\n if (PUBLIC_PATHS.has(path)) return next();\n for (const prefix of PUBLIC_PATH_PREFIXES) {\n if (path.startsWith(prefix)) {\n // data-integrations: only /authorize subpath is public\n if (prefix === '/data-integrations/' && !path.endsWith('/authorize')) break;\n return next();\n }\n }\n\n return auth(c, next);\n });\n\n // Rate limiting\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use('*', async (c, next) => {\n const auth = c.get('auth');\n const key = auth?.apiKey ?? '__anonymous__';\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [k, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(k);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(key);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 1000, resetAt: now + 60 };\n rateLimitCounters.set(key, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header('X-RateLimit-Limit', '1000');\n c.header('X-RateLimit-Remaining', String(counter.remaining));\n c.header('X-RateLimit-Reset', String(counter.resetAt));\n\n if (counter.remaining === 0) {\n c.header('Retry-After', String(counter.resetAt - now));\n return c.json(\n {\n message: 'Too Many Requests',\n code: 'rate_limit_exceeded',\n },\n 429,\n );\n }\n\n await next();\n });\n\n // Store API key map for route access\n store.setData('apiKeyMap', apiKeys);\n\n // Register plugin routes\n plugin.register({ app, store, jwt, baseUrl });\n\n // Not found handler\n app.notFound((c) =>\n c.json(\n {\n message: 'Not Found',\n code: 'not_found',\n },\n 404,\n ),\n );\n\n return { app, store, jwt, port, baseUrl };\n}\n"]}