workos 0.12.1 → 0.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +15 -11
  2. package/dist/cli.config.d.ts +32 -0
  3. package/dist/cli.config.js +32 -0
  4. package/dist/cli.config.js.map +1 -1
  5. package/dist/commands/auth-status.js +2 -1
  6. package/dist/commands/auth-status.js.map +1 -1
  7. package/dist/commands/claim.js +4 -3
  8. package/dist/commands/claim.js.map +1 -1
  9. package/dist/commands/login.js +3 -2
  10. package/dist/commands/login.js.map +1 -1
  11. package/dist/doctor/checks/ai-analysis.js +4 -3
  12. package/dist/doctor/checks/ai-analysis.js.map +1 -1
  13. package/dist/integrations/dotnet/index.js +13 -1
  14. package/dist/integrations/dotnet/index.js.map +1 -1
  15. package/dist/integrations/elixir/index.js +1 -1
  16. package/dist/integrations/elixir/index.js.map +1 -1
  17. package/dist/integrations/go/index.js +1 -1
  18. package/dist/integrations/go/index.js.map +1 -1
  19. package/dist/integrations/kotlin/index.js +25 -0
  20. package/dist/integrations/kotlin/index.js.map +1 -1
  21. package/dist/integrations/python/index.js +1 -0
  22. package/dist/integrations/python/index.js.map +1 -1
  23. package/dist/integrations/ruby/index.js +1 -1
  24. package/dist/integrations/ruby/index.js.map +1 -1
  25. package/dist/lib/adapters/cli-adapter.js +26 -2
  26. package/dist/lib/adapters/cli-adapter.js.map +1 -1
  27. package/dist/lib/adapters/headless-adapter.js +23 -1
  28. package/dist/lib/adapters/headless-adapter.js.map +1 -1
  29. package/dist/lib/agent-interface.d.ts +3 -1
  30. package/dist/lib/agent-interface.js +87 -14
  31. package/dist/lib/agent-interface.js.map +1 -1
  32. package/dist/lib/agent-runner.js +3 -1
  33. package/dist/lib/agent-runner.js.map +1 -1
  34. package/dist/lib/credential-proxy.js +2 -1
  35. package/dist/lib/credential-proxy.js.map +1 -1
  36. package/dist/lib/device-auth.js +26 -10
  37. package/dist/lib/device-auth.js.map +1 -1
  38. package/dist/lib/ensure-auth.js +4 -3
  39. package/dist/lib/ensure-auth.js.map +1 -1
  40. package/dist/lib/env-writer.d.ts +10 -0
  41. package/dist/lib/env-writer.js +36 -6
  42. package/dist/lib/env-writer.js.map +1 -1
  43. package/dist/lib/framework-config.d.ts +11 -1
  44. package/dist/lib/framework-config.js.map +1 -1
  45. package/dist/lib/installer-core.d.ts +3 -3
  46. package/dist/lib/port-detection.js +124 -0
  47. package/dist/lib/port-detection.js.map +1 -1
  48. package/dist/lib/registry.d.ts +1 -2
  49. package/dist/lib/registry.js.map +1 -1
  50. package/dist/lib/resolve-install-credentials.js +4 -4
  51. package/dist/lib/resolve-install-credentials.js.map +1 -1
  52. package/dist/lib/run-with-core.d.ts +5 -0
  53. package/dist/lib/run-with-core.js +24 -3
  54. package/dist/lib/run-with-core.js.map +1 -1
  55. package/dist/lib/token-refresh-client.js +2 -1
  56. package/dist/lib/token-refresh-client.js.map +1 -1
  57. package/dist/lib/token-refresh.d.ts +1 -1
  58. package/dist/lib/token-refresh.js +3 -2
  59. package/dist/lib/token-refresh.js.map +1 -1
  60. package/dist/lib/unclaimed-env-provision.js +2 -2
  61. package/dist/lib/unclaimed-env-provision.js.map +1 -1
  62. package/dist/utils/command-invocation.d.ts +8 -0
  63. package/dist/utils/command-invocation.js +17 -0
  64. package/dist/utils/command-invocation.js.map +1 -0
  65. package/dist/utils/exit-codes.js +3 -1
  66. package/dist/utils/exit-codes.js.map +1 -1
  67. package/package.json +1 -1
  68. package/dist/lib/language-detection.d.ts +0 -20
  69. package/dist/lib/language-detection.js +0 -96
  70. package/dist/lib/language-detection.js.map +0 -1
package/dist/lib/device-auth.js CHANGED
@@ -12,6 +12,8 @@ export class DeviceAuthError extends Error {
12
12
  }
13
13
  }
14
14
  const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
15
+ const DEFAULT_POLL_INTERVAL_SECONDS = 5;
16
+ const POLL_REQUEST_TIMEOUT_MS = 30_000;
15
17
  const DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read', 'offline_access'];
16
18
  function sleep(ms) {
17
19
  return new Promise((resolve) => setTimeout(resolve, ms));
@@ -72,13 +74,18 @@ export async function requestDeviceCode(options) {
72
74
  export async function pollForToken(deviceCode, options) {
73
75
  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
74
76
  const startTime = Date.now();
75
- let pollInterval = options.interval * 1000;
77
+ let pollInterval = (options.interval || DEFAULT_POLL_INTERVAL_SECONDS) * 1000;
76
78
  const tokenUrl = `${options.authkitDomain}/oauth2/token`;
79
+ let pollCount = 0;
80
+ let lastPollSummary = 'no token response received';
77
81
  logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);
78
82
  while (Date.now() - startTime < timeoutMs) {
79
83
  await sleep(pollInterval);
84
+ pollCount++;
80
85
  options.onPoll?.();
81
86
  let res;
87
+ const controller = new AbortController();
88
+ const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);
82
89
  try {
83
90
  res = await fetch(tokenUrl, {
84
91
  method: 'POST',
@@ -88,26 +95,35 @@ export async function pollForToken(deviceCode, options) {
88
95
  device_code: deviceCode,
89
96
  client_id: options.clientId,
90
97
  }),
98
+ signal: controller.signal,
91
99
  });
92
100
  }
93
- catch {
94
- logInfo('[device-auth] Token poll network error, retrying');
101
+ catch (error) {
102
+ logInfo('[device-auth] Token poll network error, retrying:', error instanceof Error ? error.message : String(error));
95
103
  continue;
96
104
  }
105
+ finally {
106
+ clearTimeout(timeout);
107
+ }
97
108
  let data;
98
109
  try {
99
110
  data = await res.json();
100
111
  }
101
- catch {
102
- logError('[device-auth] Invalid JSON response from auth server');
103
- throw new DeviceAuthError('Invalid response from auth server');
112
+ catch (error) {
113
+ const message = error instanceof Error ? error.message : String(error);
114
+ logError('[device-auth] Invalid JSON response from auth server:', message);
115
+ throw new DeviceAuthError(`Invalid response from auth server: ${message}`);
104
116
  }
105
- logInfo('[device-auth] Token poll response:', res.status, data?.error ?? 'success');
117
+ const errorData = data;
118
+ const elapsedMs = Date.now() - startTime;
119
+ lastPollSummary = res.ok
120
+ ? `${res.status} success`
121
+ : `${res.status} ${errorData.error ?? 'unknown_error'}${errorData.error_description ? ` (${errorData.error_description})` : ''}`;
122
+ logInfo('[device-auth] Token poll response:', `attempt=${pollCount}`, `elapsedMs=${elapsedMs}`, lastPollSummary);
106
123
  if (res.ok) {
107
124
  logInfo('[device-auth] Token received successfully');
108
125
  return parseTokenResponse(data);
109
126
  }
110
- const errorData = data;
111
127
  if (errorData.error === 'authorization_pending') {
112
128
  continue;
113
129
  }
@@ -120,8 +136,8 @@ export async function pollForToken(deviceCode, options) {
120
136
  logError('[device-auth] Token error:', errorData.error);
121
137
  throw new DeviceAuthError(`Token error: ${errorData.error}`);
122
138
  }
123
- logError('[device-auth] Authentication timed out');
124
- throw new DeviceAuthError('Authentication timed out after 5 minutes');
139
+ logError('[device-auth] Authentication timed out, last poll:', lastPollSummary);
140
+ throw new DeviceAuthError(`Authentication timed out after ${Math.round(timeoutMs / 1000)} seconds (last token response: ${lastPollSummary})`);
125
141
  }
126
142
  function parseTokenResponse(data) {
127
143
  const idPayload = parseJwt(data.id_token);
package/dist/lib/device-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-auth.js","sourceRoot":"","sources":["../../src/lib/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAyCtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AACtD,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,sCAAsC,EAAE,gBAAgB,CAAC,CAAC;AAErG,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC;IAChD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,aAAa,8BAA8B,CAAC;IAEnE,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,QAAQ,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,eAAe,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IACtD,OAAO,CAAC,gDAAgD,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,aAAa,eAAe,CAAC;IAEzD,OAAO,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAEnB,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU;oBACvB,SAAS,EAAE,OAAO,CAAC,QAAQ;iBAC5B,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,kDAAkD,CAAC,CAAC;YAC5D,SAAS;QACX,CAAC;QAED,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,sDAAsD,CAAC,CAAC;YACjE,MAAM,IAAI,eAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,oCAAoC,EAAE,GAAG,CAAC,MAAM,EAAG,IAA0B,EAAE,KAAK,IAAI,SAAS,CAAC,CAAC;QAC3G,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACrD,OAAO,kBAAkB,CAAC,IAAqB,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,SAAS,GAAG,IAAyB,CAAC;QAE5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAChD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACpC,YAAY,IAAI,IAAI,CAAC;YACrB,OAAO,CAAC,2CAA2C,EAAE,YAAY,CAAC,CAAC;YACnE,OAAO,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;YACnC,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,IAAI,eAAe,CAAC,gBAAgB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,wCAAwC,CAAC,CAAC;IACnD,MAAM,IAAI,eAAe,CAAC,0CAA0C,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAElD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7G,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,IAAI,SAAS,CAAC;QAC3C,KAAK,EAAE,SAAS,EAAE,KAA2B;QAC7C,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Device Authorization Flow\n *\n * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.\n * Extracted from login.ts for reuse in wizard credential gathering.\n */\n\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceAuthOptions {\n clientId: string;\n authkitDomain: string;\n scopes?: string[];\n timeoutMs?: number;\n onPoll?: () => void;\n onSlowDown?: (newIntervalMs: number) => void;\n}\n\nexport interface DeviceAuthResult {\n accessToken: string;\n idToken: string;\n expiresAt: number;\n userId: string;\n email?: string;\n refreshToken?: string;\n}\n\ninterface TokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nexport class DeviceAuthError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'DeviceAuthError';\n }\n}\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read', 'offline_access'];\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\n/**\n * Request a device code from the OAuth authorization server.\n * Returns the device code, user code, and verification URIs.\n */\nexport async function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse> {\n const scopes = options.scopes ?? DEFAULT_SCOPES;\n const url = `${options.authkitDomain}/oauth2/device_authorization`;\n\n logInfo('[device-auth] Requesting device code from:', url);\n const res = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n client_id: options.clientId,\n scope: scopes.join(' '),\n }),\n });\n\n logInfo('[device-auth] Device code response status:', res.status);\n if (!res.ok) {\n const text = await res.text();\n logError('[device-auth] Device authorization failed:', res.status, text);\n throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);\n }\n\n const data = (await res.json()) as DeviceAuthResponse;\n logInfo('[device-auth] Device code received, user_code:', data.user_code);\n return data;\n}\n\n/**\n * Poll for token after user has authorized in the browser.\n * Handles authorization_pending and slow_down responses per RFC 8628.\n */\nexport async function pollForToken(\n deviceCode: string,\n options: DeviceAuthOptions & { interval: number },\n): Promise<DeviceAuthResult> {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const startTime = Date.now();\n let pollInterval = options.interval * 1000;\n const tokenUrl = `${options.authkitDomain}/oauth2/token`;\n\n logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);\n while (Date.now() - startTime < timeoutMs) {\n await sleep(pollInterval);\n options.onPoll?.();\n\n let res: Response;\n try {\n res = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: options.clientId,\n }),\n });\n } catch {\n logInfo('[device-auth] Token poll network error, retrying');\n continue;\n }\n\n let data;\n try {\n data = await res.json();\n } catch {\n logError('[device-auth] Invalid JSON response from auth server');\n throw new DeviceAuthError('Invalid response from auth server');\n }\n\n logInfo('[device-auth] Token poll response:', res.status, (data as AuthErrorResponse)?.error ?? 'success');\n if (res.ok) {\n logInfo('[device-auth] Token received successfully');\n return parseTokenResponse(data as TokenResponse);\n }\n\n const errorData = data as AuthErrorResponse;\n\n if (errorData.error === 'authorization_pending') {\n continue;\n }\n\n if (errorData.error === 'slow_down') {\n pollInterval += 5000;\n logInfo('[device-auth] Slowing down, new interval:', pollInterval);\n options.onSlowDown?.(pollInterval);\n continue;\n }\n\n logError('[device-auth] Token error:', errorData.error);\n throw new DeviceAuthError(`Token error: ${errorData.error}`);\n }\n\n logError('[device-auth] Authentication timed out');\n throw new DeviceAuthError('Authentication timed out after 5 minutes');\n}\n\nfunction parseTokenResponse(data: TokenResponse): DeviceAuthResult {\n const idPayload = parseJwt(data.id_token);\n const jwtExpiry = getJwtExpiry(data.access_token);\n\n return {\n accessToken: data.access_token,\n idToken: data.id_token,\n expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),\n userId: String(idPayload?.sub ?? 'unknown'),\n email: idPayload?.email as string | undefined,\n refreshToken: data.refresh_token,\n };\n}\n"]}
1
+ {"version":3,"file":"device-auth.js","sourceRoot":"","sources":["../../src/lib/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AA0CtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AACtD,MAAM,6BAA6B,GAAG,CAAC,CAAC;AACxC,MAAM,uBAAuB,GAAG,MAAM,CAAC;AACvC,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,sCAAsC,EAAE,gBAAgB,CAAC,CAAC;AAErG,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC;IAChD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,aAAa,8BAA8B,CAAC;IAEnE,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,QAAQ,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,eAAe,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IACtD,OAAO,CAAC,gDAAgD,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,6BAA6B,CAAC,GAAG,IAAI,CAAC;IAC9E,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,aAAa,eAAe,CAAC;IACzD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,eAAe,GAAG,4BAA4B,CAAC;IAEnD,OAAO,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1B,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAEnB,IAAI,GAAa,CAAC;QAClB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC9E,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU;oBACvB,SAAS,EAAE,OAAO,CAAC,QAAQ;iBAC5B,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CACL,mDAAmD,EACnD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAC;YACF,SAAS;QACX,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,QAAQ,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;YAC3E,MAAM,IAAI,eAAe,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,SAAS,GAAG,IAAyB,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACzC,eAAe,GAAG,GAAG,CAAC,EAAE;YACtB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,UAAU;YACzB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,IAAI,eAAe,GAAG,SAAS,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACnI,OAAO,CAAC,oCAAoC,EAAE,WAAW,SAAS,EAAE,EAAE,aAAa,SAAS,EAAE,EAAE,eAAe,CAAC,CAAC;QACjH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACrD,OAAO,kBAAkB,CAAC,IAAqB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAChD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACpC,YAAY,IAAI,IAAI,CAAC;YACrB,OAAO,CAAC,2CAA2C,EAAE,YAAY,CAAC,CAAC;YACnE,OAAO,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;YACnC,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,IAAI,eAAe,CAAC,gBAAgB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,oDAAoD,EAAE,eAAe,CAAC,CAAC;IAChF,MAAM,IAAI,eAAe,CACvB,kCAAkC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,kCAAkC,eAAe,GAAG,CACnH,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAElD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7G,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,IAAI,SAAS,CAAC;QAC3C,KAAK,EAAE,SAAS,EAAE,KAA2B;QAC7C,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Device Authorization Flow\n *\n * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.\n * Extracted from login.ts for reuse in wizard credential gathering.\n */\n\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceAuthOptions {\n clientId: string;\n authkitDomain: string;\n scopes?: string[];\n timeoutMs?: number;\n onPoll?: () => void;\n onSlowDown?: (newIntervalMs: number) => void;\n}\n\nexport interface DeviceAuthResult {\n accessToken: string;\n idToken: string;\n expiresAt: number;\n userId: string;\n email?: string;\n refreshToken?: string;\n}\n\ninterface TokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n error_description?: string;\n}\n\nexport class DeviceAuthError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'DeviceAuthError';\n }\n}\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_POLL_INTERVAL_SECONDS = 5;\nconst POLL_REQUEST_TIMEOUT_MS = 30_000;\nconst DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read', 'offline_access'];\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\n/**\n * Request a device code from the OAuth authorization server.\n * Returns the device code, user code, and verification URIs.\n */\nexport async function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse> {\n const scopes = options.scopes ?? DEFAULT_SCOPES;\n const url = `${options.authkitDomain}/oauth2/device_authorization`;\n\n logInfo('[device-auth] Requesting device code from:', url);\n const res = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n client_id: options.clientId,\n scope: scopes.join(' '),\n }),\n });\n\n logInfo('[device-auth] Device code response status:', res.status);\n if (!res.ok) {\n const text = await res.text();\n logError('[device-auth] Device authorization failed:', res.status, text);\n throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);\n }\n\n const data = (await res.json()) as DeviceAuthResponse;\n logInfo('[device-auth] Device code received, user_code:', data.user_code);\n return data;\n}\n\n/**\n * Poll for token after user has authorized in the browser.\n * Handles authorization_pending and slow_down responses per RFC 8628.\n */\nexport async function pollForToken(\n deviceCode: string,\n options: DeviceAuthOptions & { interval: number },\n): Promise<DeviceAuthResult> {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const startTime = Date.now();\n let pollInterval = (options.interval || DEFAULT_POLL_INTERVAL_SECONDS) * 1000;\n const tokenUrl = `${options.authkitDomain}/oauth2/token`;\n let pollCount = 0;\n let lastPollSummary = 'no token response received';\n\n logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);\n while (Date.now() - startTime < timeoutMs) {\n await sleep(pollInterval);\n pollCount++;\n options.onPoll?.();\n\n let res: Response;\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);\n try {\n res = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: options.clientId,\n }),\n signal: controller.signal,\n });\n } catch (error) {\n logInfo(\n '[device-auth] Token poll network error, retrying:',\n error instanceof Error ? error.message : String(error),\n );\n continue;\n } finally {\n clearTimeout(timeout);\n }\n\n let data;\n try {\n data = await res.json();\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n logError('[device-auth] Invalid JSON response from auth server:', message);\n throw new DeviceAuthError(`Invalid response from auth server: ${message}`);\n }\n\n const errorData = data as AuthErrorResponse;\n const elapsedMs = Date.now() - startTime;\n lastPollSummary = res.ok\n ? `${res.status} success`\n : `${res.status} ${errorData.error ?? 'unknown_error'}${errorData.error_description ? ` (${errorData.error_description})` : ''}`;\n logInfo('[device-auth] Token poll response:', `attempt=${pollCount}`, `elapsedMs=${elapsedMs}`, lastPollSummary);\n if (res.ok) {\n logInfo('[device-auth] Token received successfully');\n return parseTokenResponse(data as TokenResponse);\n }\n\n if (errorData.error === 'authorization_pending') {\n continue;\n }\n\n if (errorData.error === 'slow_down') {\n pollInterval += 5000;\n logInfo('[device-auth] Slowing down, new interval:', pollInterval);\n options.onSlowDown?.(pollInterval);\n continue;\n }\n\n logError('[device-auth] Token error:', errorData.error);\n throw new DeviceAuthError(`Token error: ${errorData.error}`);\n }\n\n logError('[device-auth] Authentication timed out, last poll:', lastPollSummary);\n throw new DeviceAuthError(\n `Authentication timed out after ${Math.round(timeoutMs / 1000)} seconds (last token response: ${lastPollSummary})`,\n );\n}\n\nfunction parseTokenResponse(data: TokenResponse): DeviceAuthResult {\n const idPayload = parseJwt(data.id_token);\n const jwtExpiry = getJwtExpiry(data.access_token);\n\n return {\n accessToken: data.access_token,\n idToken: data.id_token,\n expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),\n userId: String(idPayload?.sub ?? 'unknown'),\n email: idPayload?.email as string | undefined,\n refreshToken: data.refresh_token,\n };\n}\n"]}
package/dist/lib/ensure-auth.js CHANGED
@@ -8,6 +8,7 @@ import { runLogin } from '../commands/login.js';
8
8
  import { logInfo } from '../utils/debug.js';
9
9
  import { isNonInteractiveEnvironment } from '../utils/environment.js';
10
10
  import { exitWithAuthRequired } from '../utils/exit-codes.js';
11
+ import { formatWorkOSCommand } from '../utils/command-invocation.js';
11
12
  /**
12
13
  * Ensure valid authentication before command execution.
13
14
  *
@@ -59,7 +60,7 @@ export async function ensureAuthenticated() {
59
60
  if (refreshResult.errorType === 'invalid_grant') {
60
61
  clearCredentials();
61
62
  if (isNonInteractiveEnvironment()) {
62
- exitWithAuthRequired('Session expired. Run `workos auth login` in an interactive terminal to re-authenticate.');
63
+ exitWithAuthRequired(`Session expired. Run \`${formatWorkOSCommand('auth login')}\` in an interactive terminal to re-authenticate.`);
63
64
  }
64
65
  logInfo('[ensure-auth] Refresh token expired, triggering login');
65
66
  await runLogin();
@@ -69,7 +70,7 @@ export async function ensureAuthenticated() {
69
70
  }
70
71
  // Network or server error - keep credentials intact for retry
71
72
  if (isNonInteractiveEnvironment()) {
72
- exitWithAuthRequired(`Authentication refresh failed (${refreshResult.errorType}). Run \`workos auth login\` in an interactive terminal.`);
73
+ exitWithAuthRequired(`Authentication refresh failed (${refreshResult.errorType}). Run \`${formatWorkOSCommand('auth login')}\` in an interactive terminal.`);
73
74
  }
74
75
  logInfo(`[ensure-auth] Refresh failed (${refreshResult.errorType}), triggering login`);
75
76
  await runLogin();
@@ -81,7 +82,7 @@ export async function ensureAuthenticated() {
81
82
  // Case 4: No refresh token available — clear stale creds, must login
82
83
  clearCredentials();
83
84
  if (isNonInteractiveEnvironment()) {
84
- exitWithAuthRequired('Session expired. Run `workos auth login` in an interactive terminal to re-authenticate.');
85
+ exitWithAuthRequired(`Session expired. Run \`${formatWorkOSCommand('auth login')}\` in an interactive terminal to re-authenticate.`);
85
86
  }
86
87
  logInfo('[ensure-auth] No refresh token, triggering login');
87
88
  await runLogin();
package/dist/lib/ensure-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ensure-auth.js","sourceRoot":"","sources":["../../src/lib/ensure-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAW9D;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,MAAM,GAAqB;QAC/B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;KACtB,CAAC;IAEF,gDAAgD;IAChD,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,gBAAgB,EAAE,CAAC,CAAC,mCAAmC;QACvD,IAAI,2BAA2B,EAAE,EAAE,CAAC;YAClC,oBAAoB,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,CAAC,4DAA4D,CAAC,CAAC;QACtE,MAAM,QAAQ,EAAE,CAAC;QACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;QACjD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mCAAmC;IACnC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,wDAAwD,CAAC,CAAC;QAElE,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;QAEzC,IAAI,QAAQ,IAAI,aAAa,EAAE,CAAC;YAC9B,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YAExE,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAClF,YAAY,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;gBAC7F,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;gBAC5B,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,6CAA6C;YAC7C,IAAI,aAAa,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;gBAChD,gBAAgB,EAAE,CAAC;gBACnB,IAAI,2BAA2B,EAAE,EAAE,CAAC;oBAClC,oBAAoB,CAClB,yFAAyF,CAC1F,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,uDAAuD,CAAC,CAAC;gBACjE,MAAM,QAAQ,EAAE,CAAC;gBACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;gBACjD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,8DAA8D;YAC9D,IAAI,2BAA2B,EAAE,EAAE,CAAC;gBAClC,oBAAoB,CAClB,kCAAkC,aAAa,CAAC,SAAS,0DAA0D,CACpH,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,iCAAiC,aAAa,CAAC,SAAS,qBAAqB,CAAC,CAAC;YACvF,MAAM,QAAQ,EAAE,CAAC;YACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;YAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;YACjD,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,gBAAgB,EAAE,CAAC;IACnB,IAAI,2BAA2B,EAAE,EAAE,CAAC;QAClC,oBAAoB,CAAC,yFAAyF,CAAC,CAAC;IAClH,CAAC;IACD,OAAO,CAAC,kDAAkD,CAAC,CAAC;IAC5D,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;IACjD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Startup auth guard - ensures valid authentication before command execution.\n */\n\nimport { getCredentials, updateTokens, isTokenExpired, clearCredentials } from './credentials.js';\nimport { refreshAccessToken } from './token-refresh-client.js';\nimport { getCliAuthClientId, getAuthkitDomain } from './settings.js';\nimport { runLogin } from '../commands/login.js';\nimport { logInfo } from '../utils/debug.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\nimport { exitWithAuthRequired } from '../utils/exit-codes.js';\n\nexport interface EnsureAuthResult {\n /** Whether auth is now valid */\n authenticated: boolean;\n /** Whether login flow was triggered */\n loginTriggered: boolean;\n /** Whether token was refreshed */\n tokenRefreshed: boolean;\n}\n\n/**\n * Ensure valid authentication before command execution.\n *\n * - No credentials: triggers login flow\n * - Expired access token (valid refresh): silently refreshes\n * - Expired refresh token: triggers login flow\n *\n * @returns Result indicating what actions were taken\n * @throws Error if login fails or refresh fails unexpectedly\n */\nexport async function ensureAuthenticated(): Promise<EnsureAuthResult> {\n const result: EnsureAuthResult = {\n authenticated: false,\n loginTriggered: false,\n tokenRefreshed: false,\n };\n\n // Case 1: No credentials or invalid credentials\n const creds = getCredentials();\n if (!creds) {\n clearCredentials(); // Clean up any corrupt/empty files\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired();\n }\n logInfo('[ensure-auth] No valid credentials found, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n\n // Case 2: Access token still valid\n if (!isTokenExpired(creds)) {\n result.authenticated = true;\n return result;\n }\n\n // Case 3: Access token expired, try refresh\n if (creds.refreshToken) {\n logInfo('[ensure-auth] Access token expired, attempting refresh');\n\n const clientId = getCliAuthClientId();\n const authkitDomain = getAuthkitDomain();\n\n if (clientId && authkitDomain) {\n const refreshResult = await refreshAccessToken(authkitDomain, clientId);\n\n if (refreshResult.success && refreshResult.accessToken && refreshResult.expiresAt) {\n updateTokens(refreshResult.accessToken, refreshResult.expiresAt, refreshResult.refreshToken);\n result.tokenRefreshed = true;\n result.authenticated = true;\n return result;\n }\n\n // Refresh failed - check if it's recoverable\n if (refreshResult.errorType === 'invalid_grant') {\n clearCredentials();\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired(\n 'Session expired. Run `workos auth login` in an interactive terminal to re-authenticate.',\n );\n }\n logInfo('[ensure-auth] Refresh token expired, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n\n // Network or server error - keep credentials intact for retry\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired(\n `Authentication refresh failed (${refreshResult.errorType}). Run \\`workos auth login\\` in an interactive terminal.`,\n );\n }\n logInfo(`[ensure-auth] Refresh failed (${refreshResult.errorType}), triggering login`);\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n }\n\n // Case 4: No refresh token available — clear stale creds, must login\n clearCredentials();\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired('Session expired. Run `workos auth login` in an interactive terminal to re-authenticate.');\n }\n logInfo('[ensure-auth] No refresh token, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n}\n"]}
1
+ {"version":3,"file":"ensure-auth.js","sourceRoot":"","sources":["../../src/lib/ensure-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAWrE;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,MAAM,GAAqB;QAC/B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;KACtB,CAAC;IAEF,gDAAgD;IAChD,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,gBAAgB,EAAE,CAAC,CAAC,mCAAmC;QACvD,IAAI,2BAA2B,EAAE,EAAE,CAAC;YAClC,oBAAoB,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,CAAC,4DAA4D,CAAC,CAAC;QACtE,MAAM,QAAQ,EAAE,CAAC;QACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;QACjD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mCAAmC;IACnC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,wDAAwD,CAAC,CAAC;QAElE,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;QAEzC,IAAI,QAAQ,IAAI,aAAa,EAAE,CAAC;YAC9B,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YAExE,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAClF,YAAY,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;gBAC7F,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;gBAC5B,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,6CAA6C;YAC7C,IAAI,aAAa,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;gBAChD,gBAAgB,EAAE,CAAC;gBACnB,IAAI,2BAA2B,EAAE,EAAE,CAAC;oBAClC,oBAAoB,CAClB,0BAA0B,mBAAmB,CAAC,YAAY,CAAC,mDAAmD,CAC/G,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,uDAAuD,CAAC,CAAC;gBACjE,MAAM,QAAQ,EAAE,CAAC;gBACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;gBACjD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,8DAA8D;YAC9D,IAAI,2BAA2B,EAAE,EAAE,CAAC;gBAClC,oBAAoB,CAClB,kCAAkC,aAAa,CAAC,SAAS,YAAY,mBAAmB,CAAC,YAAY,CAAC,gCAAgC,CACvI,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,iCAAiC,aAAa,CAAC,SAAS,qBAAqB,CAAC,CAAC;YACvF,MAAM,QAAQ,EAAE,CAAC;YACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;YAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;YACjD,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,gBAAgB,EAAE,CAAC;IACnB,IAAI,2BAA2B,EAAE,EAAE,CAAC;QAClC,oBAAoB,CAClB,0BAA0B,mBAAmB,CAAC,YAAY,CAAC,mDAAmD,CAC/G,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,kDAAkD,CAAC,CAAC;IAC5D,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,MAAM,CAAC,aAAa,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC;IACjD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Startup auth guard - ensures valid authentication before command execution.\n */\n\nimport { getCredentials, updateTokens, isTokenExpired, clearCredentials } from './credentials.js';\nimport { refreshAccessToken } from './token-refresh-client.js';\nimport { getCliAuthClientId, getAuthkitDomain } from './settings.js';\nimport { runLogin } from '../commands/login.js';\nimport { logInfo } from '../utils/debug.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\nimport { exitWithAuthRequired } from '../utils/exit-codes.js';\nimport { formatWorkOSCommand } from '../utils/command-invocation.js';\n\nexport interface EnsureAuthResult {\n /** Whether auth is now valid */\n authenticated: boolean;\n /** Whether login flow was triggered */\n loginTriggered: boolean;\n /** Whether token was refreshed */\n tokenRefreshed: boolean;\n}\n\n/**\n * Ensure valid authentication before command execution.\n *\n * - No credentials: triggers login flow\n * - Expired access token (valid refresh): silently refreshes\n * - Expired refresh token: triggers login flow\n *\n * @returns Result indicating what actions were taken\n * @throws Error if login fails or refresh fails unexpectedly\n */\nexport async function ensureAuthenticated(): Promise<EnsureAuthResult> {\n const result: EnsureAuthResult = {\n authenticated: false,\n loginTriggered: false,\n tokenRefreshed: false,\n };\n\n // Case 1: No credentials or invalid credentials\n const creds = getCredentials();\n if (!creds) {\n clearCredentials(); // Clean up any corrupt/empty files\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired();\n }\n logInfo('[ensure-auth] No valid credentials found, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n\n // Case 2: Access token still valid\n if (!isTokenExpired(creds)) {\n result.authenticated = true;\n return result;\n }\n\n // Case 3: Access token expired, try refresh\n if (creds.refreshToken) {\n logInfo('[ensure-auth] Access token expired, attempting refresh');\n\n const clientId = getCliAuthClientId();\n const authkitDomain = getAuthkitDomain();\n\n if (clientId && authkitDomain) {\n const refreshResult = await refreshAccessToken(authkitDomain, clientId);\n\n if (refreshResult.success && refreshResult.accessToken && refreshResult.expiresAt) {\n updateTokens(refreshResult.accessToken, refreshResult.expiresAt, refreshResult.refreshToken);\n result.tokenRefreshed = true;\n result.authenticated = true;\n return result;\n }\n\n // Refresh failed - check if it's recoverable\n if (refreshResult.errorType === 'invalid_grant') {\n clearCredentials();\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired(\n `Session expired. Run \\`${formatWorkOSCommand('auth login')}\\` in an interactive terminal to re-authenticate.`,\n );\n }\n logInfo('[ensure-auth] Refresh token expired, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n\n // Network or server error - keep credentials intact for retry\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired(\n `Authentication refresh failed (${refreshResult.errorType}). Run \\`${formatWorkOSCommand('auth login')}\\` in an interactive terminal.`,\n );\n }\n logInfo(`[ensure-auth] Refresh failed (${refreshResult.errorType}), triggering login`);\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n }\n }\n\n // Case 4: No refresh token available — clear stale creds, must login\n clearCredentials();\n if (isNonInteractiveEnvironment()) {\n exitWithAuthRequired(\n `Session expired. Run \\`${formatWorkOSCommand('auth login')}\\` in an interactive terminal to re-authenticate.`,\n );\n }\n logInfo('[ensure-auth] No refresh token, triggering login');\n await runLogin();\n result.loginTriggered = true;\n result.authenticated = getCredentials() !== null;\n return result;\n}\n"]}
package/dist/lib/env-writer.d.ts CHANGED
@@ -12,4 +12,14 @@ interface EnvVars {
12
12
  * Auto-generates WORKOS_COOKIE_PASSWORD if not provided.
13
13
  */
14
14
  export declare function writeEnvLocal(installDir: string, envVars: Partial<EnvVars>): void;
15
+ /**
16
+ * Write WorkOS credentials to the appropriate env file for the project.
17
+ * Picks `.env.local` for JS projects (package.json present) or `.env` for
18
+ * everything else (Python/Django, Ruby/Rails, Go, ...). Skips cookie password
19
+ * generation outside the JS branch — non-JS SDKs don't use it.
20
+ *
21
+ * Used by pre-detection flows that write credentials before the framework
22
+ * integration is known (unclaimed env provisioning).
23
+ */
24
+ export declare function writeCredentialsEnv(installDir: string, envVars: Partial<EnvVars>): void;
15
25
  export {};
package/dist/lib/env-writer.js CHANGED
@@ -2,24 +2,26 @@ import { existsSync, readFileSync, writeFileSync } from 'fs';
2
2
  import { join } from 'path';
3
3
  import { parseEnvFile } from '../utils/env-parser.js';
4
4
  const ENV_LOCAL_COVERING_PATTERNS = ['.env.local', '.env*.local', '.env*'];
5
+ const ENV_COVERING_PATTERNS = ['.env', '.env*'];
5
6
  /**
6
- * Ensure .env.local is in .gitignore.
7
+ * Ensure the given env filename is in .gitignore.
7
8
  * Creates .gitignore if it doesn't exist.
8
9
  * No-ops if a covering pattern is already present.
9
10
  */
10
- function ensureGitignore(installDir) {
11
+ function ensureGitignore(installDir, filename) {
11
12
  const gitignorePath = join(installDir, '.gitignore');
13
+ const coveringPatterns = filename === '.env' ? ENV_COVERING_PATTERNS : ENV_LOCAL_COVERING_PATTERNS;
12
14
  if (!existsSync(gitignorePath)) {
13
- writeFileSync(gitignorePath, '.env.local\n');
15
+ writeFileSync(gitignorePath, `${filename}\n`);
14
16
  return;
15
17
  }
16
18
  const content = readFileSync(gitignorePath, 'utf-8');
17
19
  const lines = content.split('\n').map((line) => line.trim());
18
- if (lines.some((line) => ENV_LOCAL_COVERING_PATTERNS.includes(line))) {
20
+ if (lines.some((line) => coveringPatterns.includes(line))) {
19
21
  return;
20
22
  }
21
23
  const separator = content.endsWith('\n') ? '' : '\n';
22
- writeFileSync(gitignorePath, `${content}${separator}.env.local\n`);
24
+ writeFileSync(gitignorePath, `${content}${separator}${filename}\n`);
23
25
  }
24
26
  /**
25
27
  * Generate a cryptographically secure cookie password.
@@ -54,7 +56,35 @@ export function writeEnvLocal(installDir, envVars) {
54
56
  const content = Object.entries(merged)
55
57
  .map(([key, value]) => `${key}=${value}`)
56
58
  .join('\n');
57
- ensureGitignore(installDir);
59
+ ensureGitignore(installDir, '.env.local');
60
+ writeFileSync(envPath, content + '\n');
61
+ }
62
+ /**
63
+ * Write WorkOS credentials to the appropriate env file for the project.
64
+ * Picks `.env.local` for JS projects (package.json present) or `.env` for
65
+ * everything else (Python/Django, Ruby/Rails, Go, ...). Skips cookie password
66
+ * generation outside the JS branch — non-JS SDKs don't use it.
67
+ *
68
+ * Used by pre-detection flows that write credentials before the framework
69
+ * integration is known (unclaimed env provisioning).
70
+ */
71
+ export function writeCredentialsEnv(installDir, envVars) {
72
+ const hasPackageJson = existsSync(join(installDir, 'package.json'));
73
+ if (hasPackageJson) {
74
+ writeEnvLocal(installDir, envVars);
75
+ return;
76
+ }
77
+ const envPath = join(installDir, '.env');
78
+ let existingEnv = {};
79
+ if (existsSync(envPath)) {
80
+ const content = readFileSync(envPath, 'utf-8');
81
+ existingEnv = parseEnvFile(content);
82
+ }
83
+ const merged = { ...existingEnv, ...envVars };
84
+ const content = Object.entries(merged)
85
+ .map(([key, value]) => `${key}=${value}`)
86
+ .join('\n');
87
+ ensureGitignore(installDir, '.env');
58
88
  writeFileSync(envPath, content + '\n');
59
89
  }
60
90
  //# sourceMappingURL=env-writer.js.map
package/dist/lib/env-writer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"env-writer.js","sourceRoot":"","sources":["../../src/lib/env-writer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,MAAM,2BAA2B,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;AAE3E;;;;GAIG;AACH,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAErD,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,aAAa,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE7D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,2BAA2B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACrE,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACrD,aAAa,CAAC,aAAa,EAAE,GAAG,OAAO,GAAG,SAAS,cAAc,CAAC,CAAC;AACrE,CAAC;AAWD;;;;GAIG;AACH,SAAS,sBAAsB;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAClF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,UAAkB,EAAE,OAAyB;IACzE,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAE/C,+BAA+B;IAC/B,IAAI,WAAW,GAA2B,EAAE,CAAC;IAC7C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,iDAAiD;IACjD,MAAM,MAAM,GAAG,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,EAAE,CAAC;IAE9C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,MAAM,CAAC,sBAAsB,GAAG,sBAAsB,EAAE,CAAC;IAC3D,CAAC;IAED,aAAa;IACb,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,eAAe,CAAC,UAAU,CAAC,CAAC;IAE5B,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC","sourcesContent":["import { existsSync, readFileSync, writeFileSync } from 'fs';\nimport { join } from 'path';\nimport { parseEnvFile } from '../utils/env-parser.js';\n\nconst ENV_LOCAL_COVERING_PATTERNS = ['.env.local', '.env*.local', '.env*'];\n\n/**\n * Ensure .env.local is in .gitignore.\n * Creates .gitignore if it doesn't exist.\n * No-ops if a covering pattern is already present.\n */\nfunction ensureGitignore(installDir: string): void {\n const gitignorePath = join(installDir, '.gitignore');\n\n if (!existsSync(gitignorePath)) {\n writeFileSync(gitignorePath, '.env.local\\n');\n return;\n }\n\n const content = readFileSync(gitignorePath, 'utf-8');\n const lines = content.split('\\n').map((line) => line.trim());\n\n if (lines.some((line) => ENV_LOCAL_COVERING_PATTERNS.includes(line))) {\n return;\n }\n\n const separator = content.endsWith('\\n') ? '' : '\\n';\n writeFileSync(gitignorePath, `${content}${separator}.env.local\\n`);\n}\n\ninterface EnvVars {\n WORKOS_API_KEY?: string;\n WORKOS_CLIENT_ID: string;\n WORKOS_REDIRECT_URI?: string;\n NEXT_PUBLIC_WORKOS_REDIRECT_URI?: string;\n WORKOS_COOKIE_PASSWORD?: string;\n WORKOS_CLAIM_TOKEN?: string;\n}\n\n/**\n * Generate a cryptographically secure cookie password.\n * Returns 32-char hex string (16 random bytes).\n * Uses Web Crypto API available in Node.js 20+\n */\nfunction generateCookiePassword(): string {\n const array = new Uint8Array(16);\n crypto.getRandomValues(array);\n return Array.from(array, (byte) => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/**\n * Write environment variables to .env.local before agent runs.\n * Merges with existing .env.local if present (new vars take precedence).\n * Auto-generates WORKOS_COOKIE_PASSWORD if not provided.\n */\nexport function writeEnvLocal(installDir: string, envVars: Partial<EnvVars>): void {\n const envPath = join(installDir, '.env.local');\n\n // Read existing env if present\n let existingEnv: Record<string, string> = {};\n if (existsSync(envPath)) {\n const content = readFileSync(envPath, 'utf-8');\n existingEnv = parseEnvFile(content);\n }\n\n // Merge with new vars (new vars take precedence)\n const merged = { ...existingEnv, ...envVars };\n\n // Generate cookie password if not provided\n if (!merged.WORKOS_COOKIE_PASSWORD) {\n merged.WORKOS_COOKIE_PASSWORD = generateCookiePassword();\n }\n\n // Write back\n const content = Object.entries(merged)\n .map(([key, value]) => `${key}=${value}`)\n .join('\\n');\n\n ensureGitignore(installDir);\n\n writeFileSync(envPath, content + '\\n');\n}\n"]}
1
+ {"version":3,"file":"env-writer.js","sourceRoot":"","sources":["../../src/lib/env-writer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,MAAM,2BAA2B,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;AAC3E,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEhD;;;;GAIG;AACH,SAAS,eAAe,CAAC,UAAkB,EAAE,QAA+B;IAC1E,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACrD,MAAM,gBAAgB,GAAG,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,2BAA2B,CAAC;IAEnG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,aAAa,CAAC,aAAa,EAAE,GAAG,QAAQ,IAAI,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE7D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACrD,aAAa,CAAC,aAAa,EAAE,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,IAAI,CAAC,CAAC;AACtE,CAAC;AAWD;;;;GAIG;AACH,SAAS,sBAAsB;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAClF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,UAAkB,EAAE,OAAyB;IACzE,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAE/C,+BAA+B;IAC/B,IAAI,WAAW,GAA2B,EAAE,CAAC;IAC7C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,iDAAiD;IACjD,MAAM,MAAM,GAAG,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,EAAE,CAAC;IAE9C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,MAAM,CAAC,sBAAsB,GAAG,sBAAsB,EAAE,CAAC;IAC3D,CAAC;IAED,aAAa;IACb,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAE1C,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAkB,EAAE,OAAyB;IAC/E,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;IACpE,IAAI,cAAc,EAAE,CAAC;QACnB,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACzC,IAAI,WAAW,GAA2B,EAAE,CAAC;IAC7C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,MAAM,GAAG,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEpC,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC","sourcesContent":["import { existsSync, readFileSync, writeFileSync } from 'fs';\nimport { join } from 'path';\nimport { parseEnvFile } from '../utils/env-parser.js';\n\nconst ENV_LOCAL_COVERING_PATTERNS = ['.env.local', '.env*.local', '.env*'];\nconst ENV_COVERING_PATTERNS = ['.env', '.env*'];\n\n/**\n * Ensure the given env filename is in .gitignore.\n * Creates .gitignore if it doesn't exist.\n * No-ops if a covering pattern is already present.\n */\nfunction ensureGitignore(installDir: string, filename: '.env' | '.env.local'): void {\n const gitignorePath = join(installDir, '.gitignore');\n const coveringPatterns = filename === '.env' ? ENV_COVERING_PATTERNS : ENV_LOCAL_COVERING_PATTERNS;\n\n if (!existsSync(gitignorePath)) {\n writeFileSync(gitignorePath, `${filename}\\n`);\n return;\n }\n\n const content = readFileSync(gitignorePath, 'utf-8');\n const lines = content.split('\\n').map((line) => line.trim());\n\n if (lines.some((line) => coveringPatterns.includes(line))) {\n return;\n }\n\n const separator = content.endsWith('\\n') ? '' : '\\n';\n writeFileSync(gitignorePath, `${content}${separator}${filename}\\n`);\n}\n\ninterface EnvVars {\n WORKOS_API_KEY?: string;\n WORKOS_CLIENT_ID: string;\n WORKOS_REDIRECT_URI?: string;\n NEXT_PUBLIC_WORKOS_REDIRECT_URI?: string;\n WORKOS_COOKIE_PASSWORD?: string;\n WORKOS_CLAIM_TOKEN?: string;\n}\n\n/**\n * Generate a cryptographically secure cookie password.\n * Returns 32-char hex string (16 random bytes).\n * Uses Web Crypto API available in Node.js 20+\n */\nfunction generateCookiePassword(): string {\n const array = new Uint8Array(16);\n crypto.getRandomValues(array);\n return Array.from(array, (byte) => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/**\n * Write environment variables to .env.local before agent runs.\n * Merges with existing .env.local if present (new vars take precedence).\n * Auto-generates WORKOS_COOKIE_PASSWORD if not provided.\n */\nexport function writeEnvLocal(installDir: string, envVars: Partial<EnvVars>): void {\n const envPath = join(installDir, '.env.local');\n\n // Read existing env if present\n let existingEnv: Record<string, string> = {};\n if (existsSync(envPath)) {\n const content = readFileSync(envPath, 'utf-8');\n existingEnv = parseEnvFile(content);\n }\n\n // Merge with new vars (new vars take precedence)\n const merged = { ...existingEnv, ...envVars };\n\n // Generate cookie password if not provided\n if (!merged.WORKOS_COOKIE_PASSWORD) {\n merged.WORKOS_COOKIE_PASSWORD = generateCookiePassword();\n }\n\n // Write back\n const content = Object.entries(merged)\n .map(([key, value]) => `${key}=${value}`)\n .join('\\n');\n\n ensureGitignore(installDir, '.env.local');\n\n writeFileSync(envPath, content + '\\n');\n}\n\n/**\n * Write WorkOS credentials to the appropriate env file for the project.\n * Picks `.env.local` for JS projects (package.json present) or `.env` for\n * everything else (Python/Django, Ruby/Rails, Go, ...). Skips cookie password\n * generation outside the JS branch — non-JS SDKs don't use it.\n *\n * Used by pre-detection flows that write credentials before the framework\n * integration is known (unclaimed env provisioning).\n */\nexport function writeCredentialsEnv(installDir: string, envVars: Partial<EnvVars>): void {\n const hasPackageJson = existsSync(join(installDir, 'package.json'));\n if (hasPackageJson) {\n writeEnvLocal(installDir, envVars);\n return;\n }\n\n const envPath = join(installDir, '.env');\n let existingEnv: Record<string, string> = {};\n if (existsSync(envPath)) {\n const content = readFileSync(envPath, 'utf-8');\n existingEnv = parseEnvFile(content);\n }\n\n const merged = { ...existingEnv, ...envVars };\n const content = Object.entries(merged)\n .map(([key, value]) => `${key}=${value}`)\n .join('\\n');\n\n ensureGitignore(installDir, '.env');\n\n writeFileSync(envPath, content + '\\n');\n}\n"]}
package/dist/lib/framework-config.d.ts CHANGED
@@ -1,5 +1,8 @@
1
1
  import type { InstallerOptions } from '../utils/types.js';
2
- import type { Language } from './language-detection.js';
2
+ /**
3
+ * Supported programming languages for framework integrations.
4
+ */
5
+ export type Language = 'javascript' | 'python' | 'ruby' | 'php' | 'go' | 'kotlin' | 'dotnet' | 'elixir';
3
6
  /**
4
7
  * Configuration interface for framework-specific agent integrations.
5
8
  * Each framework exports a FrameworkConfig that the universal runner uses.
@@ -48,6 +51,13 @@ export interface FrameworkMetadata {
48
51
  packageManager?: string;
49
52
  /** Primary manifest file (e.g., 'pyproject.toml', 'Gemfile'). Optional for JS integrations. */
50
53
  manifestFile?: string;
54
+ /**
55
+ * Optional custom detection override for non-JS integrations. When present,
56
+ * the registry calls this instead of falling back to `manifestFile` existence.
57
+ * Use when a single manifest file isn't enough (e.g., Django projects may
58
+ * use `manage.py` + `requirements.txt` without a `pyproject.toml`).
59
+ */
60
+ detect?: (options: Pick<InstallerOptions, 'installDir'>) => boolean | Promise<boolean>;
51
61
  }
52
62
  /**
53
63
  * Framework detection and version handling
package/dist/lib/framework-config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"framework-config.js","sourceRoot":"","sources":["../../src/lib/framework-config.ts"],"names":[],"mappings":"AAuIA;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,aAAqB;IACrD,OAAO,kBAAkB,aAAa,4BAA4B,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,iFAAiF,CAAC","sourcesContent":["import type { InstallerOptions } from '../utils/types.js';\nimport type { Language } from './language-detection.js';\n\n/**\n * Configuration interface for framework-specific agent integrations.\n * Each framework exports a FrameworkConfig that the universal runner uses.\n */\nexport interface FrameworkConfig {\n metadata: FrameworkMetadata;\n detection: FrameworkDetection;\n environment: EnvironmentConfig;\n analytics: AnalyticsConfig;\n prompts: PromptConfig;\n ui: UIConfig;\n}\n\n/**\n * Basic framework information and documentation\n */\nexport interface FrameworkMetadata {\n /** Display name (e.g., \"Next.js\", \"React\") */\n name: string;\n\n /** Integration identifier (e.g., 'nextjs', 'python'). String, not enum — auto-discovered from registry. */\n integration: string;\n\n /** URL to framework-specific WorkOS AuthKit docs */\n docsUrl: string;\n\n /**\n * Optional URL to docs for users with unsupported framework versions.\n * If not provided, defaults to docsUrl.\n */\n unsupportedVersionDocsUrl?: string;\n\n /**\n * Optional function to gather framework-specific context before agent runs.\n * For Next.js: detects router type\n * For React Native: detects Expo vs bare\n */\n gatherContext?: (options: InstallerOptions) => Promise<Record<string, any>>;\n\n /**\n * Name of the framework-specific skill for agent integration.\n * Skills are located in .claude/skills/{skillName}/SKILL.md\n */\n skillName?: string;\n\n /** Language ecosystem this integration belongs to */\n language: Language;\n\n /** Stability tier: 'stable' for tested integrations, 'experimental' for new ones */\n stability: 'stable' | 'experimental';\n\n /** Detection priority — higher numbers are checked first */\n priority: number;\n\n /** Default package manager command (e.g., 'pip', 'gem', 'go'). Optional for JS integrations. */\n packageManager?: string;\n\n /** Primary manifest file (e.g., 'pyproject.toml', 'Gemfile'). Optional for JS integrations. */\n manifestFile?: string;\n}\n\n/**\n * Framework detection and version handling\n */\nexport interface FrameworkDetection {\n /** Package name to check in package.json (e.g., \"next\", \"react\") */\n packageName: string;\n\n /** Human-readable name for error messages (e.g., \"Next.js\") */\n packageDisplayName: string;\n\n /** Extract version from package.json */\n getVersion: (packageJson: any) => string | undefined;\n\n /** Optional: Convert version to analytics bucket (e.g., \"15.x\") */\n getVersionBucket?: (version: string) => string;\n}\n\n/**\n * Environment variable configuration\n */\nexport interface EnvironmentConfig {\n /** Whether to upload env vars to hosting providers post-agent */\n uploadToHosting: boolean;\n\n /** Whether this framework requires API key (false for client-only SDKs) */\n requiresApiKey: boolean;\n\n /**\n * Build the environment variables object for this framework.\n * Returns the exact variable names and values to upload to hosting providers.\n */\n getEnvVars: (apiKey: string, clientId: string) => Record<string, string>;\n}\n\n/**\n * Analytics configuration\n */\nexport interface AnalyticsConfig {\n /** Generate tags from context (e.g., { 'nextjs-version': '15.x', 'router': 'app' }) */\n getTags: (context: any) => Record<string, any>;\n\n /** Optional: Additional event properties */\n getEventProperties?: (context: any) => Record<string, any>;\n}\n\n/**\n * Prompt configuration\n */\nexport interface PromptConfig {\n /**\n * Optional: Additional context lines to append to base prompt\n * For Next.js: \"- Router: app\"\n * For React Native: \"- Platform: Expo\"\n */\n getAdditionalContextLines?: (context: any) => string[];\n}\n\n/**\n * UI messaging configuration\n */\nexport interface UIConfig {\n /** Success message when agent completes */\n successMessage: string;\n\n /** Generate \"What the agent did\" bullets from context */\n getOutroChanges: (context: any) => string[];\n\n /** Generate \"Next steps\" bullets from context */\n getOutroNextSteps: (context: any) => string[];\n}\n\n/**\n * Generate welcome message from framework name\n */\nexport function getWelcomeMessage(frameworkName: string): string {\n return `WorkOS AuthKit ${frameworkName} installer (agent-powered)`;\n}\n\n/**\n * Shared spinner message for all frameworks\n */\nexport const SPINNER_MESSAGE = 'Setting up WorkOS AuthKit with login, authentication, and session management...';\n"]}
1
+ {"version":3,"file":"framework-config.js","sourceRoot":"","sources":["../../src/lib/framework-config.ts"],"names":[],"mappings":"AAmJA;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,aAAqB;IACrD,OAAO,kBAAkB,aAAa,4BAA4B,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,iFAAiF,CAAC","sourcesContent":["import type { InstallerOptions } from '../utils/types.js';\n\n/**\n * Supported programming languages for framework integrations.\n */\nexport type Language = 'javascript' | 'python' | 'ruby' | 'php' | 'go' | 'kotlin' | 'dotnet' | 'elixir';\n\n/**\n * Configuration interface for framework-specific agent integrations.\n * Each framework exports a FrameworkConfig that the universal runner uses.\n */\nexport interface FrameworkConfig {\n metadata: FrameworkMetadata;\n detection: FrameworkDetection;\n environment: EnvironmentConfig;\n analytics: AnalyticsConfig;\n prompts: PromptConfig;\n ui: UIConfig;\n}\n\n/**\n * Basic framework information and documentation\n */\nexport interface FrameworkMetadata {\n /** Display name (e.g., \"Next.js\", \"React\") */\n name: string;\n\n /** Integration identifier (e.g., 'nextjs', 'python'). String, not enum — auto-discovered from registry. */\n integration: string;\n\n /** URL to framework-specific WorkOS AuthKit docs */\n docsUrl: string;\n\n /**\n * Optional URL to docs for users with unsupported framework versions.\n * If not provided, defaults to docsUrl.\n */\n unsupportedVersionDocsUrl?: string;\n\n /**\n * Optional function to gather framework-specific context before agent runs.\n * For Next.js: detects router type\n * For React Native: detects Expo vs bare\n */\n gatherContext?: (options: InstallerOptions) => Promise<Record<string, any>>;\n\n /**\n * Name of the framework-specific skill for agent integration.\n * Skills are located in .claude/skills/{skillName}/SKILL.md\n */\n skillName?: string;\n\n /** Language ecosystem this integration belongs to */\n language: Language;\n\n /** Stability tier: 'stable' for tested integrations, 'experimental' for new ones */\n stability: 'stable' | 'experimental';\n\n /** Detection priority — higher numbers are checked first */\n priority: number;\n\n /** Default package manager command (e.g., 'pip', 'gem', 'go'). Optional for JS integrations. */\n packageManager?: string;\n\n /** Primary manifest file (e.g., 'pyproject.toml', 'Gemfile'). Optional for JS integrations. */\n manifestFile?: string;\n\n /**\n * Optional custom detection override for non-JS integrations. When present,\n * the registry calls this instead of falling back to `manifestFile` existence.\n * Use when a single manifest file isn't enough (e.g., Django projects may\n * use `manage.py` + `requirements.txt` without a `pyproject.toml`).\n */\n detect?: (options: Pick<InstallerOptions, 'installDir'>) => boolean | Promise<boolean>;\n}\n\n/**\n * Framework detection and version handling\n */\nexport interface FrameworkDetection {\n /** Package name to check in package.json (e.g., \"next\", \"react\") */\n packageName: string;\n\n /** Human-readable name for error messages (e.g., \"Next.js\") */\n packageDisplayName: string;\n\n /** Extract version from package.json */\n getVersion: (packageJson: any) => string | undefined;\n\n /** Optional: Convert version to analytics bucket (e.g., \"15.x\") */\n getVersionBucket?: (version: string) => string;\n}\n\n/**\n * Environment variable configuration\n */\nexport interface EnvironmentConfig {\n /** Whether to upload env vars to hosting providers post-agent */\n uploadToHosting: boolean;\n\n /** Whether this framework requires API key (false for client-only SDKs) */\n requiresApiKey: boolean;\n\n /**\n * Build the environment variables object for this framework.\n * Returns the exact variable names and values to upload to hosting providers.\n */\n getEnvVars: (apiKey: string, clientId: string) => Record<string, string>;\n}\n\n/**\n * Analytics configuration\n */\nexport interface AnalyticsConfig {\n /** Generate tags from context (e.g., { 'nextjs-version': '15.x', 'router': 'app' }) */\n getTags: (context: any) => Record<string, any>;\n\n /** Optional: Additional event properties */\n getEventProperties?: (context: any) => Record<string, any>;\n}\n\n/**\n * Prompt configuration\n */\nexport interface PromptConfig {\n /**\n * Optional: Additional context lines to append to base prompt\n * For Next.js: \"- Router: app\"\n * For React Native: \"- Platform: Expo\"\n */\n getAdditionalContextLines?: (context: any) => string[];\n}\n\n/**\n * UI messaging configuration\n */\nexport interface UIConfig {\n /** Success message when agent completes */\n successMessage: string;\n\n /** Generate \"What the agent did\" bullets from context */\n getOutroChanges: (context: any) => string[];\n\n /** Generate \"Next steps\" bullets from context */\n getOutroNextSteps: (context: any) => string[];\n}\n\n/**\n * Generate welcome message from framework name\n */\nexport function getWelcomeMessage(frameworkName: string): string {\n return `WorkOS AuthKit ${frameworkName} installer (agent-powered)`;\n}\n\n/**\n * Shared spinner message for all frameworks\n */\nexport const SPINNER_MESSAGE = 'Setting up WorkOS AuthKit with login, authentication, and session management...';\n"]}
package/dist/lib/installer-core.d.ts CHANGED
@@ -399,14 +399,14 @@ export declare const installerMachine: import("xstate").StateMachine<InstallerMa
399
399
  type: "emitComplete";
400
400
  params: unknown;
401
401
  }, {
402
- type: "hasCredentials";
403
- params: unknown;
404
- } | {
405
402
  type: "shouldSkipAuth";
406
403
  params: unknown;
407
404
  } | {
408
405
  type: "gitIsClean";
409
406
  params: unknown;
407
+ } | {
408
+ type: "hasCredentials";
409
+ params: unknown;
410
410
  } | {
411
411
  type: "hasIntegration";
412
412
  params: unknown;
package/dist/lib/port-detection.js CHANGED
@@ -8,6 +8,14 @@ const INTEGRATION_TO_SETTINGS_KEY = {
8
8
  'tanstack-start': 'tanstackStart',
9
9
  'react-router': 'reactRouter',
10
10
  'vanilla-js': 'vanillaJs',
11
+ python: 'python',
12
+ ruby: 'ruby',
13
+ php: 'php',
14
+ 'php-laravel': 'phpLaravel',
15
+ go: 'go',
16
+ dotnet: 'dotnet',
17
+ elixir: 'elixir',
18
+ kotlin: 'kotlin',
11
19
  };
12
20
  const DEFAULT_PORT = 3000;
13
21
  const DEFAULT_CALLBACK_PATH = '/auth/callback';
@@ -79,6 +87,110 @@ function parseTanStackPort(installDir) {
79
87
  }
80
88
  return null;
81
89
  }
90
+ /**
91
+ * Parse port from .NET Properties/launchSettings.json.
92
+ * VS/Rider scaffold: profiles[*].applicationUrl = "http://localhost:5000;https://localhost:5001"
93
+ */
94
+ function parseDotnetPort(installDir) {
95
+ try {
96
+ const configPath = join(installDir, 'Properties', 'launchSettings.json');
97
+ const content = fs.readFileSync(configPath, 'utf-8');
98
+ const parsed = JSON.parse(content);
99
+ for (const profile of Object.values(parsed.profiles ?? {})) {
100
+ const match = profile.applicationUrl?.match(/http:\/\/[^:/]+:(\d+)/);
101
+ if (match)
102
+ return parseInt(match[1], 10);
103
+ }
104
+ }
105
+ catch {
106
+ // File doesn't exist or can't parse
107
+ }
108
+ return null;
109
+ }
110
+ /**
111
+ * Parse port from Phoenix config/dev.exs or config/runtime.exs.
112
+ * Looks for `port: NNNN` — typically inside `http: [...]` but a bare regex is fine.
113
+ */
114
+ function parseElixirPort(installDir) {
115
+ for (const relPath of ['config/dev.exs', 'config/runtime.exs']) {
116
+ try {
117
+ const content = fs.readFileSync(join(installDir, relPath), 'utf-8');
118
+ const match = content.match(/port:\s*(\d+)/);
119
+ if (match)
120
+ return parseInt(match[1], 10);
121
+ }
122
+ catch {
123
+ // skip
124
+ }
125
+ }
126
+ return null;
127
+ }
128
+ /**
129
+ * Parse port from Spring Boot application.properties or application.yml.
130
+ * Both the default `src/main/resources/` location and a top-level file are checked.
131
+ */
132
+ function parseKotlinPort(installDir) {
133
+ const propsPaths = [
134
+ join(installDir, 'src', 'main', 'resources', 'application.properties'),
135
+ join(installDir, 'application.properties'),
136
+ ];
137
+ for (const propsPath of propsPaths) {
138
+ try {
139
+ const content = fs.readFileSync(propsPath, 'utf-8');
140
+ const match = content.match(/^server\.port\s*=\s*(\d+)/m);
141
+ if (match)
142
+ return parseInt(match[1], 10);
143
+ }
144
+ catch {
145
+ // skip
146
+ }
147
+ }
148
+ const ymlPaths = [
149
+ join(installDir, 'src', 'main', 'resources', 'application.yml'),
150
+ join(installDir, 'src', 'main', 'resources', 'application.yaml'),
151
+ join(installDir, 'application.yml'),
152
+ join(installDir, 'application.yaml'),
153
+ ];
154
+ for (const ymlPath of ymlPaths) {
155
+ try {
156
+ const content = fs.readFileSync(ymlPath, 'utf-8');
157
+ // `server:\n port: 8080` — shallow YAML parse via regex
158
+ const match = content.match(/server\s*:\s*\n[^\S\n]+port\s*:\s*(\d+)/);
159
+ if (match)
160
+ return parseInt(match[1], 10);
161
+ }
162
+ catch {
163
+ // skip
164
+ }
165
+ }
166
+ return null;
167
+ }
168
+ /**
169
+ * Parse port from Rails config/puma.rb.
170
+ * Common forms:
171
+ * port ENV.fetch("PORT") { 3000 }
172
+ * port ENV.fetch("PORT", 3000)
173
+ * port 3000
174
+ */
175
+ function parseRubyPort(installDir) {
176
+ try {
177
+ const configPath = join(installDir, 'config', 'puma.rb');
178
+ const content = fs.readFileSync(configPath, 'utf-8');
179
+ const blockFetch = content.match(/port\s+ENV\.fetch\([^)]*\)\s*\{\s*(\d+)\s*\}/);
180
+ if (blockFetch)
181
+ return parseInt(blockFetch[1], 10);
182
+ const argFetch = content.match(/port\s+ENV\.fetch\([^,]+,\s*(\d+)\)/);
183
+ if (argFetch)
184
+ return parseInt(argFetch[1], 10);
185
+ const literal = content.match(/^\s*port\s+(\d+)/m);
186
+ if (literal)
187
+ return parseInt(literal[1], 10);
188
+ }
189
+ catch {
190
+ // skip
191
+ }
192
+ return null;
193
+ }
82
194
  /**
83
195
  * Detect the dev server port for a framework.
84
196
  * Checks config files first, falls back to framework default.
@@ -108,6 +220,18 @@ export function detectPort(integration, installDir) {
108
220
  }
109
221
  break;
110
222
  }
223
+ case 'dotnet':
224
+ detectedPort = parseDotnetPort(installDir);
225
+ break;
226
+ case 'elixir':
227
+ detectedPort = parseElixirPort(installDir);
228
+ break;
229
+ case 'kotlin':
230
+ detectedPort = parseKotlinPort(installDir);
231
+ break;
232
+ case 'ruby':
233
+ detectedPort = parseRubyPort(installDir);
234
+ break;
111
235
  }
112
236
  return detectedPort ?? getDefaultPort(integration);
113
237
  }
package/dist/lib/port-detection.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"port-detection.js","sourceRoot":"","sources":["../../src/lib/port-detection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7B,MAAM,2BAA2B,GAAgC;IAC/D,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,gBAAgB,EAAE,eAAe;IACjC,cAAc,EAAE,aAAa;IAC7B,YAAY,EAAE,WAAW;CAC1B,CAAC;AAEF,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AAE/C,SAAS,cAAc,CAAC,WAAwB;IAC9C,MAAM,WAAW,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,OAAO,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,IAAI,YAAY,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAwB;IACtD,MAAM,WAAW,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,OAAO,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,YAAY,IAAI,qBAAqB,CAAC;AACjF,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,oDAAoD;QACpD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QACjD,2CAA2C;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClE,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;IAE3F,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACrD,gCAAgC;YAChC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACxE,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4BAA4B;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,WAAwB,EAAE,UAAkB;IACrE,IAAI,YAAY,GAAkB,IAAI,CAAC;IAEvC,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,QAAQ;YACX,YAAY,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM;QAER,KAAK,gBAAgB;YACnB,YAAY,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM;QAER,KAAK,OAAO,CAAC;QACb,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,wBAAwB;YACxB,MAAM,WAAW,GAAG;gBAClB,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC;gBAClC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC;gBAClC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC;aACpC,CAAC;YACF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,YAAY,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAC/C,IAAI,YAAY;oBAAE,MAAM;YAC1B,CAAC;YACD,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,YAAY,IAAI,cAAc,CAAC,WAAW,CAAC,CAAC;AACrD,CAAC","sourcesContent":["import * as fs from 'node:fs';\nimport { join } from 'node:path';\nimport type { Integration } from './constants.js';\nimport { getConfig } from './settings.js';\n\nconst settings = getConfig();\n\nconst INTEGRATION_TO_SETTINGS_KEY: Record<Integration, string> = {\n nextjs: 'nextjs',\n react: 'react',\n 'tanstack-start': 'tanstackStart',\n 'react-router': 'reactRouter',\n 'vanilla-js': 'vanillaJs',\n};\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_CALLBACK_PATH = '/auth/callback';\n\nfunction getDefaultPort(integration: Integration): number {\n const settingsKey = INTEGRATION_TO_SETTINGS_KEY[integration];\n return settings.frameworks[settingsKey]?.port ?? DEFAULT_PORT;\n}\n\nexport function getCallbackPath(integration: Integration): string {\n const settingsKey = INTEGRATION_TO_SETTINGS_KEY[integration];\n return settings.frameworks[settingsKey]?.callbackPath ?? DEFAULT_CALLBACK_PATH;\n}\n\n/**\n * Parse port from Vite config file.\n * Looks for server.port in vite.config.{ts,js,mjs}\n */\nfunction parseViteConfigPort(configPath: string): number | null {\n try {\n const content = fs.readFileSync(configPath, 'utf-8');\n // Match: port: 3000 or port: \"3000\" or port: '3000'\n const portMatch = content.match(/port\\s*:\\s*['\"]?(\\d+)['\"]?/);\n if (portMatch) {\n return parseInt(portMatch[1], 10);\n }\n } catch {\n // File doesn't exist or can't be read\n }\n return null;\n}\n\n/**\n * Parse port from Next.js package.json scripts.\n * Next.js uses: \"dev\": \"next dev -p 4000\" or --port 4000\n */\nfunction parseNextConfigPort(installDir: string): number | null {\n try {\n const packageJsonPath = join(installDir, 'package.json');\n const content = fs.readFileSync(packageJsonPath, 'utf-8');\n const packageJson = JSON.parse(content);\n\n const devScript = packageJson.scripts?.dev || '';\n // Match: -p 4000, --port 4000, --port=4000\n const portMatch = devScript.match(/-p\\s+(\\d+)|--port[=\\s]+(\\d+)/);\n if (portMatch) {\n return parseInt(portMatch[1] || portMatch[2], 10);\n }\n } catch {\n // Can't read package.json\n }\n return null;\n}\n\n/**\n * Parse port from TanStack Start app.config.ts.\n * Uses Vinxi: server: { port: N }\n */\nfunction parseTanStackPort(installDir: string): number | null {\n const configPaths = [join(installDir, 'app.config.ts'), join(installDir, 'app.config.js')];\n\n for (const configPath of configPaths) {\n try {\n const content = fs.readFileSync(configPath, 'utf-8');\n // Match server config with port\n const portMatch = content.match(/server\\s*:\\s*\\{[^}]*port\\s*:\\s*(\\d+)/);\n if (portMatch) {\n return parseInt(portMatch[1], 10);\n }\n } catch {\n // Config file doesn't exist\n }\n }\n return null;\n}\n\n/**\n * Detect the dev server port for a framework.\n * Checks config files first, falls back to framework default.\n */\nexport function detectPort(integration: Integration, installDir: string): number {\n let detectedPort: number | null = null;\n\n switch (integration) {\n case 'nextjs':\n detectedPort = parseNextConfigPort(installDir);\n break;\n\n case 'tanstack-start':\n detectedPort = parseTanStackPort(installDir);\n break;\n\n case 'react':\n case 'react-router':\n case 'vanilla-js': {\n // Vite-based frameworks\n const viteConfigs = [\n join(installDir, 'vite.config.ts'),\n join(installDir, 'vite.config.js'),\n join(installDir, 'vite.config.mjs'),\n ];\n for (const configPath of viteConfigs) {\n detectedPort = parseViteConfigPort(configPath);\n if (detectedPort) break;\n }\n break;\n }\n }\n\n return detectedPort ?? getDefaultPort(integration);\n}\n"]}
1
+ {"version":3,"file":"port-detection.js","sourceRoot":"","sources":["../../src/lib/port-detection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7B,MAAM,2BAA2B,GAA2B;IAC1D,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,gBAAgB,EAAE,eAAe;IACjC,cAAc,EAAE,aAAa;IAC7B,YAAY,EAAE,WAAW;IACzB,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,MAAM;IACZ,GAAG,EAAE,KAAK;IACV,aAAa,EAAE,YAAY;IAC3B,EAAE,EAAE,IAAI;IACR,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AAE/C,SAAS,cAAc,CAAC,WAAwB;IAC9C,MAAM,WAAW,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,OAAO,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,IAAI,YAAY,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAwB;IACtD,MAAM,WAAW,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,OAAO,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,YAAY,IAAI,qBAAqB,CAAC;AACjF,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,oDAAoD;QACpD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QACjD,2CAA2C;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClE,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;IAE3F,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACrD,gCAAgC;YAChC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACxE,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4BAA4B;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,UAAkB;IACzC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA+D,CAAC;QACjG,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACrE,IAAI,KAAK;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,UAAkB;IACzC,KAAK,MAAM,OAAO,IAAI,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YACpE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC7C,IAAI,KAAK;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,wBAAwB,CAAC;QACtE,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC;KAC3C,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC1D,IAAI,KAAK;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG;QACf,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC;QAC/D,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,CAAC;QAChE,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC;QACnC,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC;KACrC,CAAC;IACF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,yDAAyD;YACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;YACvE,IAAI,KAAK;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,UAAkB;IACvC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACjF,IAAI,UAAU;YAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACtE,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACnD,IAAI,OAAO;YAAE,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,WAAwB,EAAE,UAAkB;IACrE,IAAI,YAAY,GAAkB,IAAI,CAAC;IAEvC,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,QAAQ;YACX,YAAY,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM;QAER,KAAK,gBAAgB;YACnB,YAAY,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM;QAER,KAAK,OAAO,CAAC;QACb,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,wBAAwB;YACxB,MAAM,WAAW,GAAG;gBAClB,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC;gBAClC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC;gBAClC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC;aACpC,CAAC;YACF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,YAAY,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAC/C,IAAI,YAAY;oBAAE,MAAM;YAC1B,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ;YACX,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM;QAER,KAAK,QAAQ;YACX,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM;QAER,KAAK,QAAQ;YACX,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM;QAER,KAAK,MAAM;YACT,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM;IACV,CAAC;IAED,OAAO,YAAY,IAAI,cAAc,CAAC,WAAW,CAAC,CAAC;AACrD,CAAC","sourcesContent":["import * as fs from 'node:fs';\nimport { join } from 'node:path';\nimport type { Integration } from './constants.js';\nimport { getConfig } from './settings.js';\n\nconst settings = getConfig();\n\nconst INTEGRATION_TO_SETTINGS_KEY: Record<string, string> = {\n nextjs: 'nextjs',\n react: 'react',\n 'tanstack-start': 'tanstackStart',\n 'react-router': 'reactRouter',\n 'vanilla-js': 'vanillaJs',\n python: 'python',\n ruby: 'ruby',\n php: 'php',\n 'php-laravel': 'phpLaravel',\n go: 'go',\n dotnet: 'dotnet',\n elixir: 'elixir',\n kotlin: 'kotlin',\n};\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_CALLBACK_PATH = '/auth/callback';\n\nfunction getDefaultPort(integration: Integration): number {\n const settingsKey = INTEGRATION_TO_SETTINGS_KEY[integration];\n return settings.frameworks[settingsKey]?.port ?? DEFAULT_PORT;\n}\n\nexport function getCallbackPath(integration: Integration): string {\n const settingsKey = INTEGRATION_TO_SETTINGS_KEY[integration];\n return settings.frameworks[settingsKey]?.callbackPath ?? DEFAULT_CALLBACK_PATH;\n}\n\n/**\n * Parse port from Vite config file.\n * Looks for server.port in vite.config.{ts,js,mjs}\n */\nfunction parseViteConfigPort(configPath: string): number | null {\n try {\n const content = fs.readFileSync(configPath, 'utf-8');\n // Match: port: 3000 or port: \"3000\" or port: '3000'\n const portMatch = content.match(/port\\s*:\\s*['\"]?(\\d+)['\"]?/);\n if (portMatch) {\n return parseInt(portMatch[1], 10);\n }\n } catch {\n // File doesn't exist or can't be read\n }\n return null;\n}\n\n/**\n * Parse port from Next.js package.json scripts.\n * Next.js uses: \"dev\": \"next dev -p 4000\" or --port 4000\n */\nfunction parseNextConfigPort(installDir: string): number | null {\n try {\n const packageJsonPath = join(installDir, 'package.json');\n const content = fs.readFileSync(packageJsonPath, 'utf-8');\n const packageJson = JSON.parse(content);\n\n const devScript = packageJson.scripts?.dev || '';\n // Match: -p 4000, --port 4000, --port=4000\n const portMatch = devScript.match(/-p\\s+(\\d+)|--port[=\\s]+(\\d+)/);\n if (portMatch) {\n return parseInt(portMatch[1] || portMatch[2], 10);\n }\n } catch {\n // Can't read package.json\n }\n return null;\n}\n\n/**\n * Parse port from TanStack Start app.config.ts.\n * Uses Vinxi: server: { port: N }\n */\nfunction parseTanStackPort(installDir: string): number | null {\n const configPaths = [join(installDir, 'app.config.ts'), join(installDir, 'app.config.js')];\n\n for (const configPath of configPaths) {\n try {\n const content = fs.readFileSync(configPath, 'utf-8');\n // Match server config with port\n const portMatch = content.match(/server\\s*:\\s*\\{[^}]*port\\s*:\\s*(\\d+)/);\n if (portMatch) {\n return parseInt(portMatch[1], 10);\n }\n } catch {\n // Config file doesn't exist\n }\n }\n return null;\n}\n\n/**\n * Parse port from .NET Properties/launchSettings.json.\n * VS/Rider scaffold: profiles[*].applicationUrl = \"http://localhost:5000;https://localhost:5001\"\n */\nfunction parseDotnetPort(installDir: string): number | null {\n try {\n const configPath = join(installDir, 'Properties', 'launchSettings.json');\n const content = fs.readFileSync(configPath, 'utf-8');\n const parsed = JSON.parse(content) as { profiles?: Record<string, { applicationUrl?: string }> };\n for (const profile of Object.values(parsed.profiles ?? {})) {\n const match = profile.applicationUrl?.match(/http:\\/\\/[^:/]+:(\\d+)/);\n if (match) return parseInt(match[1], 10);\n }\n } catch {\n // File doesn't exist or can't parse\n }\n return null;\n}\n\n/**\n * Parse port from Phoenix config/dev.exs or config/runtime.exs.\n * Looks for `port: NNNN` — typically inside `http: [...]` but a bare regex is fine.\n */\nfunction parseElixirPort(installDir: string): number | null {\n for (const relPath of ['config/dev.exs', 'config/runtime.exs']) {\n try {\n const content = fs.readFileSync(join(installDir, relPath), 'utf-8');\n const match = content.match(/port:\\s*(\\d+)/);\n if (match) return parseInt(match[1], 10);\n } catch {\n // skip\n }\n }\n return null;\n}\n\n/**\n * Parse port from Spring Boot application.properties or application.yml.\n * Both the default `src/main/resources/` location and a top-level file are checked.\n */\nfunction parseKotlinPort(installDir: string): number | null {\n const propsPaths = [\n join(installDir, 'src', 'main', 'resources', 'application.properties'),\n join(installDir, 'application.properties'),\n ];\n for (const propsPath of propsPaths) {\n try {\n const content = fs.readFileSync(propsPath, 'utf-8');\n const match = content.match(/^server\\.port\\s*=\\s*(\\d+)/m);\n if (match) return parseInt(match[1], 10);\n } catch {\n // skip\n }\n }\n\n const ymlPaths = [\n join(installDir, 'src', 'main', 'resources', 'application.yml'),\n join(installDir, 'src', 'main', 'resources', 'application.yaml'),\n join(installDir, 'application.yml'),\n join(installDir, 'application.yaml'),\n ];\n for (const ymlPath of ymlPaths) {\n try {\n const content = fs.readFileSync(ymlPath, 'utf-8');\n // `server:\\n port: 8080` — shallow YAML parse via regex\n const match = content.match(/server\\s*:\\s*\\n[^\\S\\n]+port\\s*:\\s*(\\d+)/);\n if (match) return parseInt(match[1], 10);\n } catch {\n // skip\n }\n }\n return null;\n}\n\n/**\n * Parse port from Rails config/puma.rb.\n * Common forms:\n * port ENV.fetch(\"PORT\") { 3000 }\n * port ENV.fetch(\"PORT\", 3000)\n * port 3000\n */\nfunction parseRubyPort(installDir: string): number | null {\n try {\n const configPath = join(installDir, 'config', 'puma.rb');\n const content = fs.readFileSync(configPath, 'utf-8');\n const blockFetch = content.match(/port\\s+ENV\\.fetch\\([^)]*\\)\\s*\\{\\s*(\\d+)\\s*\\}/);\n if (blockFetch) return parseInt(blockFetch[1], 10);\n const argFetch = content.match(/port\\s+ENV\\.fetch\\([^,]+,\\s*(\\d+)\\)/);\n if (argFetch) return parseInt(argFetch[1], 10);\n const literal = content.match(/^\\s*port\\s+(\\d+)/m);\n if (literal) return parseInt(literal[1], 10);\n } catch {\n // skip\n }\n return null;\n}\n\n/**\n * Detect the dev server port for a framework.\n * Checks config files first, falls back to framework default.\n */\nexport function detectPort(integration: Integration, installDir: string): number {\n let detectedPort: number | null = null;\n\n switch (integration) {\n case 'nextjs':\n detectedPort = parseNextConfigPort(installDir);\n break;\n\n case 'tanstack-start':\n detectedPort = parseTanStackPort(installDir);\n break;\n\n case 'react':\n case 'react-router':\n case 'vanilla-js': {\n // Vite-based frameworks\n const viteConfigs = [\n join(installDir, 'vite.config.ts'),\n join(installDir, 'vite.config.js'),\n join(installDir, 'vite.config.mjs'),\n ];\n for (const configPath of viteConfigs) {\n detectedPort = parseViteConfigPort(configPath);\n if (detectedPort) break;\n }\n break;\n }\n\n case 'dotnet':\n detectedPort = parseDotnetPort(installDir);\n break;\n\n case 'elixir':\n detectedPort = parseElixirPort(installDir);\n break;\n\n case 'kotlin':\n detectedPort = parseKotlinPort(installDir);\n break;\n\n case 'ruby':\n detectedPort = parseRubyPort(installDir);\n break;\n }\n\n return detectedPort ?? getDefaultPort(integration);\n}\n"]}
package/dist/lib/registry.d.ts CHANGED
@@ -1,5 +1,4 @@
1
- import type { FrameworkConfig } from './framework-config.js';
2
- import type { Language } from './language-detection.js';
1
+ import type { FrameworkConfig, Language } from './framework-config.js';
3
2
  import type { InstallerOptions } from '../utils/types.js';
4
3
  /**
5
4
  * Standard exports from an integration module.