workos 0.13.2 → 0.13.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/commands/env.js +9 -1
- package/dist/commands/env.js.map +1 -1
- package/dist/commands/login.js +44 -117
- package/dist/commands/login.js.map +1 -1
- package/dist/emulate/workos/routes/authorization-org-roles.js.map +1 -1
- package/dist/emulate/workos/routes/authorization-roles.js.map +1 -1
- package/dist/lib/api-key.d.ts +2 -2
- package/dist/lib/api-key.js +4 -4
- package/dist/lib/api-key.js.map +1 -1
- package/dist/lib/device-auth.d.ts +3 -0
- package/dist/lib/device-auth.js +31 -9
- package/dist/lib/device-auth.js.map +1 -1
- package/dist/utils/output.d.ts +6 -1
- package/dist/utils/output.js +12 -2
- package/dist/utils/output.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -367,7 +367,7 @@ API keys are stored in the system keychain via `@napi-rs/keyring`, with a JSON f
|
|
|
367
367
|
|
|
368
368
|
### Resource Management
|
|
369
369
|
|
|
370
|
-
All resource commands follow the same pattern: `workos <resource> <action> [args] [--options]`. API keys resolve via: `WORKOS_API_KEY` env var →
|
|
370
|
+
All resource commands follow the same pattern: `workos <resource> <action> [args] [--options]`. API keys resolve via: `--api-key` flag → `WORKOS_API_KEY` env var → active environment's stored key.
|
|
371
371
|
|
|
372
372
|
#### organization
|
|
373
373
|
|
package/dist/commands/env.js
CHANGED
|
@@ -151,7 +151,15 @@ export async function runEnvSwitch(name) {
|
|
|
151
151
|
config.activeEnvironment = name;
|
|
152
152
|
saveConfig(config);
|
|
153
153
|
const env = config.environments[name];
|
|
154
|
-
|
|
154
|
+
const warnings = process.env.WORKOS_API_KEY
|
|
155
|
+
? [
|
|
156
|
+
{
|
|
157
|
+
code: 'env_var_override',
|
|
158
|
+
message: "WORKOS_API_KEY is set in your shell. It will override this environment's stored key unless you pass --api-key.",
|
|
159
|
+
},
|
|
160
|
+
]
|
|
161
|
+
: undefined;
|
|
162
|
+
outputSuccess('Switched environment', { name, type: env.type }, { warnings });
|
|
155
163
|
}
|
|
156
164
|
export async function runEnvList() {
|
|
157
165
|
const config = getConfig();
|
package/dist/commands/env.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/commands/env.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEvF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEtE,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAExC,SAAS,eAAe,CAAC,IAAwB;IAC/C,IAAI,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,OAAO,6EAA6E,CAAC;IACvF,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAK/B;IACC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,IAAI,IAAI,MAAM,EAAE,CAAC;QACnB,uBAAuB;QACvB,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,SAAS,EAAE,CAAC;YACd,aAAa,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;SAAM,IAAI,2BAA2B,EAAE,EAAE,CAAC;QACzC,aAAa,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC,CAAC;IACxG,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC;YAClC,OAAO,EAAE,qEAAqE;YAC9E,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC;SAC5C,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChD,IAAI,GAAG,UAAU,CAAC;QAElB,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YACpC,OAAO,EAAE,6BAA6B;YACtC,OAAO,EAAE;gBACP,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE;gBAC5C,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE;aACvC;SACF,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEhD,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC;YACxC,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClB,IAAI,CAAC,KAAK;oBAAE,OAAO,qBAAqB,CAAC;gBACzC,OAAO,SAAS,CAAC;YACnB,CAAC;SACF,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,GAAG,YAAY,CAAC;QAEtB,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;YAC1B,IAAI;YACJ,IAAI,EAAE,UAAsC;YAC5C,MAAM;YACN,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC7B,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;SAC9B,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO;IACT,CAAC;IAED,uBAAuB;IACvB,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAE9D,MAAM,IAAI,GAA6B,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAEhG,MAAM,CAAC,YAAY,CAAC,IAAK,CAAC,GAAG;QAC3B,IAAI,EAAE,IAAK;QACX,IAAI;QACJ,MAAM;QACN,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;KAC9B,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,aAAa,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,aAAa,CAAC;YACZ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,aAAa,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAEjC,IAAI,MAAM,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,IAAI,MAAM,CAAC,iBAAiB,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,kCAAkC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,aAAa,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAa;IAC9C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,aAAa,CAAC;YACZ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,aAAa,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,SAAS,EAAE,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;SAAM,CAAC;QACN,gEAAgE;QAChE,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACrE,IAAI,KAAK,GAAG,GAAG,CAAC;YAChB,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;gBAAE,KAAK,IAAI,YAAY,CAAC;YAClD,IAAI,GAAG,CAAC,QAAQ;gBAAE,KAAK,IAAI,KAAK,GAAG,CAAC,QAAQ,GAAG,CAAC;YAChD,IAAI,GAAG,KAAK,MAAM,CAAC,iBAAiB;gBAAE,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACxE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YAClC,OAAO,EAAE,uBAAuB;YAChC,OAAO;SACR,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,GAAG,QAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAChC,UAAU,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,aAAa,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,IAAI,UAAU,EAAE,EAAE,CAAC;YACjB,UAAU,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QACrF,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpD,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,GAAG;YACT,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,GAAG,KAAK,MAAM,CAAC,iBAAiB;YACxC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;YACvB,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ;SAC5B,CAAC,CAAC,CAAC;QACJ,UAAU,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,mBAAmB;IACnB,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GACT,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtH,MAAM,KAAK,GAAG,EAAE,CAAC;IAEjB,MAAM,MAAM,GAAG;QACb,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;QAClB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC;KACzB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAEvD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,MAAM,CAAC,iBAAiB,CAAC;QAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnD,MAAM,SAAS,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAC9E,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3F,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;QACzF,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEtD,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC","sourcesContent":["import chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { getConfig, saveConfig, isUnclaimedEnvironment } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\nimport { outputSuccess, outputJson, exitWithError, isJsonMode } from '../utils/output.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\n\nconst ENV_NAME_REGEX = /^[a-z0-9\\-_]+$/;\n\nfunction validateEnvName(name: string | undefined): string | undefined {\n if (!name || !ENV_NAME_REGEX.test(name)) {\n return 'Name must contain only lowercase letters, numbers, hyphens, and underscores';\n }\n return undefined;\n}\n\nfunction getOrCreateConfig(): CliConfig {\n return getConfig() ?? { environments: {} };\n}\n\nexport async function runEnvAdd(options: {\n name?: string;\n apiKey?: string;\n clientId?: string;\n endpoint?: string;\n}): Promise<void> {\n let { name, apiKey, endpoint } = options;\n const { clientId } = options;\n\n if (name && apiKey) {\n // Non-interactive mode\n const nameError = validateEnvName(name);\n if (nameError) {\n exitWithError({ code: 'invalid_args', message: nameError });\n }\n } else if (isNonInteractiveEnvironment()) {\n exitWithError({ code: 'missing_args', message: 'Name and API key required in non-interactive mode' });\n } else {\n // Interactive mode\n const nameResult = await clack.text({\n message: 'Enter a name for the environment (e.g., production, sandbox, local)',\n validate: (value) => validateEnvName(value),\n });\n if (clack.isCancel(nameResult)) process.exit(0);\n name = nameResult;\n\n const typeResult = await clack.select({\n message: 'Select the environment type',\n options: [\n { value: 'production', label: 'Production' },\n { value: 'sandbox', label: 'Sandbox' },\n ],\n });\n if (clack.isCancel(typeResult)) process.exit(0);\n\n const apiKeyResult = await clack.password({\n message: 'Enter the API key for this environment',\n validate: (value) => {\n if (!value) return 'API key is required';\n return undefined;\n },\n });\n if (clack.isCancel(apiKeyResult)) process.exit(0);\n apiKey = apiKeyResult;\n\n const config = getOrCreateConfig();\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments[name] = {\n name,\n type: typeResult as 'production' | 'sandbox',\n apiKey,\n ...(clientId && { clientId }),\n ...(endpoint && { endpoint }),\n };\n\n if (isFirst) {\n config.activeEnvironment = name;\n }\n\n saveConfig(config);\n clack.log.success(`Environment ${chalk.bold(name)} added`);\n if (isFirst) {\n clack.log.info(`Set as active environment`);\n }\n return;\n }\n\n // Non-interactive path\n const config = getOrCreateConfig();\n const isFirst = Object.keys(config.environments).length === 0;\n\n const type: 'production' | 'sandbox' = apiKey.startsWith('sk_test_') ? 'sandbox' : 'production';\n\n config.environments[name!] = {\n name: name!,\n type,\n apiKey,\n ...(clientId && { clientId }),\n ...(endpoint && { endpoint }),\n };\n\n if (isFirst) {\n config.activeEnvironment = name;\n }\n\n saveConfig(config);\n outputSuccess('Environment added', { name: name!, type, active: isFirst });\n}\n\nexport async function runEnvRemove(name: string): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n exitWithError({\n code: 'no_environments',\n message: 'No environments configured. Run `workos env add` to get started.',\n });\n }\n\n if (!config.environments[name]) {\n const available = Object.keys(config.environments).join(', ');\n exitWithError({ code: 'not_found', message: `Environment \"${name}\" not found. Available: ${available}` });\n }\n\n delete config.environments[name];\n\n if (config.activeEnvironment === name) {\n const remaining = Object.keys(config.environments);\n config.activeEnvironment = remaining.length > 0 ? remaining[0] : undefined;\n if (config.activeEnvironment && !isJsonMode()) {\n clack.log.info(`Active environment switched to ${chalk.bold(config.activeEnvironment)}`);\n }\n }\n\n saveConfig(config);\n outputSuccess('Environment removed', { name, newActive: config.activeEnvironment ?? null });\n}\n\nexport async function runEnvSwitch(name?: string): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n exitWithError({\n code: 'no_environments',\n message: 'No environments configured. Run `workos env add` to get started.',\n });\n }\n\n if (name) {\n if (!config.environments[name]) {\n const available = Object.keys(config.environments).join(', ');\n exitWithError({ code: 'not_found', message: `Environment \"${name}\" not found. Available: ${available}` });\n }\n } else {\n // Interactive selection (TTY only — non-TTY guard is in bin.ts)\n const options = Object.entries(config.environments).map(([key, env]) => {\n let label = key;\n if (env.type === 'sandbox') label += ` [Sandbox]`;\n if (env.endpoint) label += ` [${env.endpoint}]`;\n if (key === config.activeEnvironment) label += chalk.green(' (active)');\n return { value: key, label };\n });\n\n const selected = await clack.select({\n message: 'Select an environment',\n options,\n });\n if (clack.isCancel(selected)) process.exit(0);\n name = selected as string;\n }\n\n config.activeEnvironment = name;\n saveConfig(config);\n\n const env = config.environments[name];\n outputSuccess('Switched environment', { name, type: env.type });\n}\n\nexport async function runEnvList(): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n if (isJsonMode()) {\n outputJson({ data: [] });\n } else {\n clack.log.info('No environments configured. Run `workos env add` to get started.');\n }\n return;\n }\n\n const entries = Object.entries(config.environments);\n\n if (isJsonMode()) {\n const data = entries.map(([key, env]) => ({\n name: key,\n type: env.type,\n active: key === config.activeEnvironment,\n endpoint: env.endpoint ?? null,\n hasApiKey: !!env.apiKey,\n hasClientId: !!env.clientId,\n }));\n outputJson({ data });\n return;\n }\n\n // Human-mode table\n const hasUnclaimed = entries.some(([, env]) => isUnclaimedEnvironment(env));\n const nameW =\n Math.max(6, ...entries.map(([k, env]) => k.length + (isUnclaimedEnvironment(env) ? ' (unclaimed)'.length : 0))) + 2;\n const typeW = 12;\n\n const header = [\n chalk.yellow(' '),\n chalk.yellow('Name'.padEnd(nameW)),\n chalk.yellow('Type'.padEnd(typeW)),\n chalk.yellow('Endpoint'),\n ].join(' ');\n\n const separator = chalk.dim('─'.repeat(header.length));\n\n console.log(header);\n console.log(separator);\n\n for (const [key, env] of entries) {\n const isActive = key === config.activeEnvironment;\n const marker = isActive ? chalk.green('▸ ') : ' ';\n const unclaimed = isUnclaimedEnvironment(env);\n const displayName = unclaimed ? `${key} ${chalk.yellow('(unclaimed)')}` : key;\n const name = isActive ? chalk.green(displayName.padEnd(nameW)) : displayName.padEnd(nameW);\n const type = unclaimed ? 'Unclaimed' : env.type === 'sandbox' ? 'Sandbox' : 'Production';\n const endpoint = env.endpoint || chalk.dim('default');\n\n console.log([marker, name, type.padEnd(typeW), endpoint].join(' '));\n }\n\n if (hasUnclaimed) {\n console.log('');\n console.log(chalk.dim(' Run `workos env claim` to keep this environment.'));\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/commands/env.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEvF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEtE,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAExC,SAAS,eAAe,CAAC,IAAwB;IAC/C,IAAI,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,OAAO,6EAA6E,CAAC;IACvF,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAK/B;IACC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,IAAI,IAAI,MAAM,EAAE,CAAC;QACnB,uBAAuB;QACvB,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,SAAS,EAAE,CAAC;YACd,aAAa,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;SAAM,IAAI,2BAA2B,EAAE,EAAE,CAAC;QACzC,aAAa,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC,CAAC;IACxG,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC;YAClC,OAAO,EAAE,qEAAqE;YAC9E,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC;SAC5C,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChD,IAAI,GAAG,UAAU,CAAC;QAElB,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YACpC,OAAO,EAAE,6BAA6B;YACtC,OAAO,EAAE;gBACP,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE;gBAC5C,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE;aACvC;SACF,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEhD,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC;YACxC,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClB,IAAI,CAAC,KAAK;oBAAE,OAAO,qBAAqB,CAAC;gBACzC,OAAO,SAAS,CAAC;YACnB,CAAC;SACF,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,GAAG,YAAY,CAAC;QAEtB,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;YAC1B,IAAI;YACJ,IAAI,EAAE,UAAsC;YAC5C,MAAM;YACN,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC7B,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;SAC9B,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO;IACT,CAAC;IAED,uBAAuB;IACvB,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAE9D,MAAM,IAAI,GAA6B,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAEhG,MAAM,CAAC,YAAY,CAAC,IAAK,CAAC,GAAG;QAC3B,IAAI,EAAE,IAAK;QACX,IAAI;QACJ,MAAM;QACN,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;KAC9B,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,aAAa,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,aAAa,CAAC;YACZ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,aAAa,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAEjC,IAAI,MAAM,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,IAAI,MAAM,CAAC,iBAAiB,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,kCAAkC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,aAAa,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAa;IAC9C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,aAAa,CAAC;YACZ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,aAAa,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,SAAS,EAAE,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;SAAM,CAAC;QACN,gEAAgE;QAChE,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACrE,IAAI,KAAK,GAAG,GAAG,CAAC;YAChB,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;gBAAE,KAAK,IAAI,YAAY,CAAC;YAClD,IAAI,GAAG,CAAC,QAAQ;gBAAE,KAAK,IAAI,KAAK,GAAG,CAAC,QAAQ,GAAG,CAAC;YAChD,IAAI,GAAG,KAAK,MAAM,CAAC,iBAAiB;gBAAE,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACxE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YAClC,OAAO,EAAE,uBAAuB;YAChC,OAAO;SACR,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,GAAG,QAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAChC,UAAU,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc;QACzC,CAAC,CAAC;YACE;gBACE,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EACL,gHAAgH;aACnH;SACF;QACH,CAAC,CAAC,SAAS,CAAC;IACd,aAAa,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;AAChF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,IAAI,UAAU,EAAE,EAAE,CAAC;YACjB,UAAU,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QACrF,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpD,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,GAAG;YACT,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,GAAG,KAAK,MAAM,CAAC,iBAAiB;YACxC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;YACvB,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ;SAC5B,CAAC,CAAC,CAAC;QACJ,UAAU,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,mBAAmB;IACnB,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GACT,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtH,MAAM,KAAK,GAAG,EAAE,CAAC;IAEjB,MAAM,MAAM,GAAG;QACb,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;QAClB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC;KACzB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAEvD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,MAAM,CAAC,iBAAiB,CAAC;QAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnD,MAAM,SAAS,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAC9E,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3F,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;QACzF,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEtD,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC","sourcesContent":["import chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { getConfig, saveConfig, isUnclaimedEnvironment } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\nimport { outputSuccess, outputJson, exitWithError, isJsonMode } from '../utils/output.js';\nimport { isNonInteractiveEnvironment } from '../utils/environment.js';\n\nconst ENV_NAME_REGEX = /^[a-z0-9\\-_]+$/;\n\nfunction validateEnvName(name: string | undefined): string | undefined {\n if (!name || !ENV_NAME_REGEX.test(name)) {\n return 'Name must contain only lowercase letters, numbers, hyphens, and underscores';\n }\n return undefined;\n}\n\nfunction getOrCreateConfig(): CliConfig {\n return getConfig() ?? { environments: {} };\n}\n\nexport async function runEnvAdd(options: {\n name?: string;\n apiKey?: string;\n clientId?: string;\n endpoint?: string;\n}): Promise<void> {\n let { name, apiKey, endpoint } = options;\n const { clientId } = options;\n\n if (name && apiKey) {\n // Non-interactive mode\n const nameError = validateEnvName(name);\n if (nameError) {\n exitWithError({ code: 'invalid_args', message: nameError });\n }\n } else if (isNonInteractiveEnvironment()) {\n exitWithError({ code: 'missing_args', message: 'Name and API key required in non-interactive mode' });\n } else {\n // Interactive mode\n const nameResult = await clack.text({\n message: 'Enter a name for the environment (e.g., production, sandbox, local)',\n validate: (value) => validateEnvName(value),\n });\n if (clack.isCancel(nameResult)) process.exit(0);\n name = nameResult;\n\n const typeResult = await clack.select({\n message: 'Select the environment type',\n options: [\n { value: 'production', label: 'Production' },\n { value: 'sandbox', label: 'Sandbox' },\n ],\n });\n if (clack.isCancel(typeResult)) process.exit(0);\n\n const apiKeyResult = await clack.password({\n message: 'Enter the API key for this environment',\n validate: (value) => {\n if (!value) return 'API key is required';\n return undefined;\n },\n });\n if (clack.isCancel(apiKeyResult)) process.exit(0);\n apiKey = apiKeyResult;\n\n const config = getOrCreateConfig();\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments[name] = {\n name,\n type: typeResult as 'production' | 'sandbox',\n apiKey,\n ...(clientId && { clientId }),\n ...(endpoint && { endpoint }),\n };\n\n if (isFirst) {\n config.activeEnvironment = name;\n }\n\n saveConfig(config);\n clack.log.success(`Environment ${chalk.bold(name)} added`);\n if (isFirst) {\n clack.log.info(`Set as active environment`);\n }\n return;\n }\n\n // Non-interactive path\n const config = getOrCreateConfig();\n const isFirst = Object.keys(config.environments).length === 0;\n\n const type: 'production' | 'sandbox' = apiKey.startsWith('sk_test_') ? 'sandbox' : 'production';\n\n config.environments[name!] = {\n name: name!,\n type,\n apiKey,\n ...(clientId && { clientId }),\n ...(endpoint && { endpoint }),\n };\n\n if (isFirst) {\n config.activeEnvironment = name;\n }\n\n saveConfig(config);\n outputSuccess('Environment added', { name: name!, type, active: isFirst });\n}\n\nexport async function runEnvRemove(name: string): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n exitWithError({\n code: 'no_environments',\n message: 'No environments configured. Run `workos env add` to get started.',\n });\n }\n\n if (!config.environments[name]) {\n const available = Object.keys(config.environments).join(', ');\n exitWithError({ code: 'not_found', message: `Environment \"${name}\" not found. Available: ${available}` });\n }\n\n delete config.environments[name];\n\n if (config.activeEnvironment === name) {\n const remaining = Object.keys(config.environments);\n config.activeEnvironment = remaining.length > 0 ? remaining[0] : undefined;\n if (config.activeEnvironment && !isJsonMode()) {\n clack.log.info(`Active environment switched to ${chalk.bold(config.activeEnvironment)}`);\n }\n }\n\n saveConfig(config);\n outputSuccess('Environment removed', { name, newActive: config.activeEnvironment ?? null });\n}\n\nexport async function runEnvSwitch(name?: string): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n exitWithError({\n code: 'no_environments',\n message: 'No environments configured. Run `workos env add` to get started.',\n });\n }\n\n if (name) {\n if (!config.environments[name]) {\n const available = Object.keys(config.environments).join(', ');\n exitWithError({ code: 'not_found', message: `Environment \"${name}\" not found. Available: ${available}` });\n }\n } else {\n // Interactive selection (TTY only — non-TTY guard is in bin.ts)\n const options = Object.entries(config.environments).map(([key, env]) => {\n let label = key;\n if (env.type === 'sandbox') label += ` [Sandbox]`;\n if (env.endpoint) label += ` [${env.endpoint}]`;\n if (key === config.activeEnvironment) label += chalk.green(' (active)');\n return { value: key, label };\n });\n\n const selected = await clack.select({\n message: 'Select an environment',\n options,\n });\n if (clack.isCancel(selected)) process.exit(0);\n name = selected as string;\n }\n\n config.activeEnvironment = name;\n saveConfig(config);\n\n const env = config.environments[name];\n const warnings = process.env.WORKOS_API_KEY\n ? [\n {\n code: 'env_var_override',\n message:\n \"WORKOS_API_KEY is set in your shell. It will override this environment's stored key unless you pass --api-key.\",\n },\n ]\n : undefined;\n outputSuccess('Switched environment', { name, type: env.type }, { warnings });\n}\n\nexport async function runEnvList(): Promise<void> {\n const config = getConfig();\n if (!config || Object.keys(config.environments).length === 0) {\n if (isJsonMode()) {\n outputJson({ data: [] });\n } else {\n clack.log.info('No environments configured. Run `workos env add` to get started.');\n }\n return;\n }\n\n const entries = Object.entries(config.environments);\n\n if (isJsonMode()) {\n const data = entries.map(([key, env]) => ({\n name: key,\n type: env.type,\n active: key === config.activeEnvironment,\n endpoint: env.endpoint ?? null,\n hasApiKey: !!env.apiKey,\n hasClientId: !!env.clientId,\n }));\n outputJson({ data });\n return;\n }\n\n // Human-mode table\n const hasUnclaimed = entries.some(([, env]) => isUnclaimedEnvironment(env));\n const nameW =\n Math.max(6, ...entries.map(([k, env]) => k.length + (isUnclaimedEnvironment(env) ? ' (unclaimed)'.length : 0))) + 2;\n const typeW = 12;\n\n const header = [\n chalk.yellow(' '),\n chalk.yellow('Name'.padEnd(nameW)),\n chalk.yellow('Type'.padEnd(typeW)),\n chalk.yellow('Endpoint'),\n ].join(' ');\n\n const separator = chalk.dim('─'.repeat(header.length));\n\n console.log(header);\n console.log(separator);\n\n for (const [key, env] of entries) {\n const isActive = key === config.activeEnvironment;\n const marker = isActive ? chalk.green('▸ ') : ' ';\n const unclaimed = isUnclaimedEnvironment(env);\n const displayName = unclaimed ? `${key} ${chalk.yellow('(unclaimed)')}` : key;\n const name = isActive ? chalk.green(displayName.padEnd(nameW)) : displayName.padEnd(nameW);\n const type = unclaimed ? 'Unclaimed' : env.type === 'sandbox' ? 'Sandbox' : 'Production';\n const endpoint = env.endpoint || chalk.dim('default');\n\n console.log([marker, name, type.padEnd(typeW), endpoint].join(' '));\n }\n\n if (hasUnclaimed) {\n console.log('');\n console.log(chalk.dim(' Run `workos env claim` to keep this environment.'));\n }\n}\n"]}
|
package/dist/commands/login.js
CHANGED
|
@@ -10,43 +10,7 @@ import { getConfig, saveConfig } from '../lib/config-store.js';
|
|
|
10
10
|
import { formatWorkOSCommand } from '../utils/command-invocation.js';
|
|
11
11
|
import { autoInstallSkills } from './install-skill.js';
|
|
12
12
|
import { isJsonMode } from '../utils/output.js';
|
|
13
|
-
|
|
14
|
-
* Parse JWT payload
|
|
15
|
-
*/
|
|
16
|
-
function parseJwt(token) {
|
|
17
|
-
try {
|
|
18
|
-
const parts = token.split('.');
|
|
19
|
-
if (parts.length !== 3)
|
|
20
|
-
return null;
|
|
21
|
-
return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));
|
|
22
|
-
}
|
|
23
|
-
catch {
|
|
24
|
-
return null;
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
/**
|
|
28
|
-
* Extract expiry time from JWT token
|
|
29
|
-
*/
|
|
30
|
-
function getJwtExpiry(token) {
|
|
31
|
-
const payload = parseJwt(token);
|
|
32
|
-
if (!payload || typeof payload.exp !== 'number')
|
|
33
|
-
return null;
|
|
34
|
-
return payload.exp * 1000;
|
|
35
|
-
}
|
|
36
|
-
const POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
|
|
37
|
-
/**
|
|
38
|
-
* Get Connect OAuth endpoints from AuthKit domain
|
|
39
|
-
*/
|
|
40
|
-
function getConnectEndpoints() {
|
|
41
|
-
const domain = getAuthkitDomain();
|
|
42
|
-
return {
|
|
43
|
-
deviceAuthorization: `${domain}/oauth2/device_authorization`,
|
|
44
|
-
token: `${domain}/oauth2/token`,
|
|
45
|
-
};
|
|
46
|
-
}
|
|
47
|
-
function sleep(ms) {
|
|
48
|
-
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
49
|
-
}
|
|
13
|
+
import { requestDeviceCode, pollForToken, DeviceAuthTimeoutError } from '../lib/device-auth.js';
|
|
50
14
|
/**
|
|
51
15
|
* Best-effort skill install after a successful auth-login.
|
|
52
16
|
*
|
|
@@ -139,24 +103,17 @@ export async function runLogin() {
|
|
|
139
103
|
// Refresh failed, proceed with fresh login
|
|
140
104
|
}
|
|
141
105
|
}
|
|
106
|
+
const authkitDomain = getAuthkitDomain();
|
|
142
107
|
clack.log.step('Starting authentication...');
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
client_id: clientId,
|
|
151
|
-
scope: 'openid email staging-environment:credentials:read offline_access',
|
|
152
|
-
}),
|
|
153
|
-
});
|
|
154
|
-
if (!authResponse.ok) {
|
|
155
|
-
clack.log.error(`Failed to start authentication: ${authResponse.status}`);
|
|
108
|
+
let deviceAuth;
|
|
109
|
+
try {
|
|
110
|
+
deviceAuth = await requestDeviceCode({ clientId, authkitDomain });
|
|
111
|
+
}
|
|
112
|
+
catch (error) {
|
|
113
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
114
|
+
clack.log.error(`Failed to start authentication: ${msg}`);
|
|
156
115
|
process.exit(1);
|
|
157
116
|
}
|
|
158
|
-
const deviceAuth = (await authResponse.json());
|
|
159
|
-
const pollIntervalMs = (deviceAuth.interval || 5) * 1000;
|
|
160
117
|
clack.log.info(`\nOpen this URL in your browser:\n`);
|
|
161
118
|
console.log(` ${deviceAuth.verification_uri}`);
|
|
162
119
|
console.log(`\nEnter code: ${deviceAuth.user_code}\n`);
|
|
@@ -169,73 +126,43 @@ export async function runLogin() {
|
|
|
169
126
|
}
|
|
170
127
|
const spinner = clack.spinner();
|
|
171
128
|
spinner.start('Waiting for authentication...');
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
const idTokenPayload = parseJwt(result.id_token);
|
|
193
|
-
const userId = idTokenPayload?.sub || 'unknown';
|
|
194
|
-
const email = idTokenPayload?.email || undefined;
|
|
195
|
-
// Extract actual expiry from access token JWT, fallback to response or 15 min
|
|
196
|
-
const jwtExpiry = getJwtExpiry(result.access_token);
|
|
197
|
-
const expiresAt = jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);
|
|
198
|
-
const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);
|
|
199
|
-
saveCredentials({
|
|
200
|
-
accessToken: result.access_token,
|
|
201
|
-
expiresAt,
|
|
202
|
-
userId,
|
|
203
|
-
email,
|
|
204
|
-
refreshToken: result.refresh_token,
|
|
205
|
-
});
|
|
206
|
-
spinner.stop('Authentication successful!');
|
|
207
|
-
clack.log.success(`Logged in as ${email || userId}`);
|
|
208
|
-
clack.log.info(`Token expires in ${expiresInSec} seconds`);
|
|
209
|
-
// Auto-provision staging environment
|
|
210
|
-
const provisioned = await provisionStagingEnvironment(result.access_token);
|
|
211
|
-
if (provisioned) {
|
|
212
|
-
clack.log.success('Staging environment configured automatically');
|
|
213
|
-
}
|
|
214
|
-
else {
|
|
215
|
-
clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));
|
|
216
|
-
}
|
|
217
|
-
// Best-effort skill install. Wrapped helper guarantees login never
|
|
218
|
-
// fails on skill errors.
|
|
219
|
-
await installSkillsAfterLogin();
|
|
220
|
-
return;
|
|
221
|
-
}
|
|
222
|
-
const errorData = data;
|
|
223
|
-
if (errorData.error === 'authorization_pending')
|
|
224
|
-
continue;
|
|
225
|
-
if (errorData.error === 'slow_down') {
|
|
226
|
-
currentInterval += 5000;
|
|
227
|
-
continue;
|
|
228
|
-
}
|
|
229
|
-
spinner.stop('Authentication failed');
|
|
230
|
-
clack.log.error(`Authentication error: ${errorData.error}`);
|
|
231
|
-
process.exit(1);
|
|
129
|
+
try {
|
|
130
|
+
const result = await pollForToken(deviceAuth.device_code, {
|
|
131
|
+
clientId,
|
|
132
|
+
authkitDomain,
|
|
133
|
+
interval: deviceAuth.interval,
|
|
134
|
+
});
|
|
135
|
+
const expiresInSec = Math.round((result.expiresAt - Date.now()) / 1000);
|
|
136
|
+
saveCredentials({
|
|
137
|
+
accessToken: result.accessToken,
|
|
138
|
+
expiresAt: result.expiresAt,
|
|
139
|
+
userId: result.userId,
|
|
140
|
+
email: result.email,
|
|
141
|
+
refreshToken: result.refreshToken,
|
|
142
|
+
});
|
|
143
|
+
spinner.stop('Authentication successful!');
|
|
144
|
+
clack.log.success(`Logged in as ${result.email || result.userId}`);
|
|
145
|
+
clack.log.info(`Token expires in ${expiresInSec} seconds`);
|
|
146
|
+
const provisioned = await provisionStagingEnvironment(result.accessToken);
|
|
147
|
+
if (provisioned) {
|
|
148
|
+
clack.log.success('Staging environment configured automatically');
|
|
232
149
|
}
|
|
233
|
-
|
|
234
|
-
|
|
150
|
+
else {
|
|
151
|
+
clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));
|
|
152
|
+
}
|
|
153
|
+
await installSkillsAfterLogin();
|
|
154
|
+
}
|
|
155
|
+
catch (error) {
|
|
156
|
+
if (error instanceof DeviceAuthTimeoutError) {
|
|
157
|
+
spinner.stop('Authentication timed out');
|
|
158
|
+
clack.log.error('Authentication timed out. Please try again.');
|
|
159
|
+
}
|
|
160
|
+
else {
|
|
161
|
+
spinner.stop('Authentication failed');
|
|
162
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
163
|
+
clack.log.error(`Authentication error: ${msg}`);
|
|
235
164
|
}
|
|
165
|
+
process.exit(1);
|
|
236
166
|
}
|
|
237
|
-
spinner.stop('Authentication timed out');
|
|
238
|
-
clack.log.error('Authentication timed out. Please try again.');
|
|
239
|
-
process.exit(1);
|
|
240
167
|
}
|
|
241
168
|
//# sourceMappingURL=login.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAEnD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,OAAO;QACL,mBAAmB,EAAE,GAAG,MAAM,8BAA8B;QAC5D,KAAK,EAAE,GAAG,MAAM,eAAe;KAChC,CAAC;AACJ,CAAC;AAuBD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,EAAE,GAAG,IAAI,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,aAAwD,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAC5C,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,wBAAwB,CAAC,CAAC;YAC1E,sEAAsE;YACtE,+CAA+C;YAC/C,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QAClE,IAAI,MAAM,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;YAClE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,CAAC,MAAM,WAAW,SAAS,QAAQ,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;YAAS,CAAC;QACT,IAAI,aAAa;YAAE,YAAY,CAAC,aAAa,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,mBAAmB,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;QACnF,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,mBAAmB,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;gBACnF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,mBAAmB,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,kEAAkE;SAC1E,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,cAAc,CAAC;IAErC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,EAAE;gBACjD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAExC,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,IAA4B,CAAC;gBAE5C,oCAAoC;gBACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAI,cAAc,EAAE,GAAc,IAAI,SAAS,CAAC;gBAC5D,MAAM,KAAK,GAAI,cAAc,EAAE,KAAgB,IAAI,SAAS,CAAC;gBAE7D,8EAA8E;gBAC9E,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpD,MAAM,SAAS,GACb,SAAS,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEzG,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAEjE,eAAe,CAAC;oBACd,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,SAAS;oBACT,MAAM;oBACN,KAAK;oBACL,YAAY,EAAE,MAAM,CAAC,aAAa;iBACnC,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;gBACrD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;gBAE3D,qCAAqC;gBACrC,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC3E,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;gBACpE,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;gBACzF,CAAC;gBAED,mEAAmE;gBACnE,yBAAyB;gBACzB,MAAM,uBAAuB,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAyB,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACpC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\nimport { formatWorkOSCommand } from '../utils/command-invocation.js';\nimport { autoInstallSkills } from './install-skill.js';\nimport { isJsonMode } from '../utils/output.js';\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n/**\n * Get Connect OAuth endpoints from AuthKit domain\n */\nfunction getConnectEndpoints() {\n const domain = getAuthkitDomain();\n return {\n deviceAuthorization: `${domain}/oauth2/device_authorization`,\n token: `${domain}/oauth2/token`,\n };\n}\n\ninterface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\ninterface ConnectTokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Best-effort skill install after a successful auth-login.\n *\n * Mirrors the install.ts hook copy, but wraps `autoInstallSkills` in its own\n * try/catch AND a 30s timeout so a skill install hang (e.g. blocked filesystem\n * call) never blocks login completion. Login already succeeded by the time\n * this runs — the user having a working session is the contract that must hold.\n *\n * Extracted from runLogin so it can be unit-tested without standing up the\n * device-auth polling loop.\n */\nexport const SKILL_INSTALL_TIMEOUT_MS = 30 * 1000;\n\nexport async function installSkillsAfterLogin(): Promise<void> {\n let timeoutHandle: ReturnType<typeof setTimeout> | undefined;\n try {\n const timeout = new Promise<null>((resolve) => {\n timeoutHandle = setTimeout(() => resolve(null), SKILL_INSTALL_TIMEOUT_MS);\n // Don't keep the event loop alive on this timer — process should exit\n // immediately if everything else has resolved.\n timeoutHandle.unref?.();\n });\n const result = await Promise.race([autoInstallSkills(), timeout]);\n if (result && !isJsonMode()) {\n const skillWord = result.skills.length === 1 ? 'skill' : 'skills';\n clack.log.info(`Installed ${result.skills.length} WorkOS ${skillWord} for ${result.agents.join(', ')}.`);\n }\n } catch {\n // Skill install must never fail login.\n } finally {\n if (timeoutHandle) clearTimeout(timeoutHandle);\n }\n}\n\n/**\n * Auto-provision a staging environment after login.\n *\n * Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n */\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst || !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim(`Run \\`${formatWorkOSCommand('auth logout')}\\` to log out`));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim(`Run \\`${formatWorkOSCommand('auth logout')}\\` to log out`));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n clack.log.step('Starting authentication...');\n\n const endpoints = getConnectEndpoints();\n\n const authResponse = await fetch(endpoints.deviceAuthorization, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: clientId,\n scope: 'openid email staging-environment:credentials:read offline_access',\n }),\n });\n\n if (!authResponse.ok) {\n clack.log.error(`Failed to start authentication: ${authResponse.status}`);\n process.exit(1);\n }\n\n const deviceAuth = (await authResponse.json()) as DeviceAuthResponse;\n const pollIntervalMs = (deviceAuth.interval || 5) * 1000;\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n const startTime = Date.now();\n let currentInterval = pollIntervalMs;\n\n while (Date.now() - startTime < POLL_TIMEOUT_MS) {\n await sleep(currentInterval);\n\n try {\n const tokenResponse = await fetch(endpoints.token, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceAuth.device_code,\n client_id: clientId,\n }),\n });\n\n const data = await tokenResponse.json();\n\n if (tokenResponse.ok) {\n const result = data as ConnectTokenResponse;\n\n // Parse user info from id_token JWT\n const idTokenPayload = parseJwt(result.id_token);\n const userId = (idTokenPayload?.sub as string) || 'unknown';\n const email = (idTokenPayload?.email as string) || undefined;\n\n // Extract actual expiry from access token JWT, fallback to response or 15 min\n const jwtExpiry = getJwtExpiry(result.access_token);\n const expiresAt =\n jwtExpiry ?? (result.expires_in ? Date.now() + result.expires_in * 1000 : Date.now() + 15 * 60 * 1000);\n\n const expiresInSec = Math.round((expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.access_token,\n expiresAt,\n userId,\n email,\n refreshToken: result.refresh_token,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${email || userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n // Auto-provision staging environment\n const provisioned = await provisionStagingEnvironment(result.access_token);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n\n // Best-effort skill install. Wrapped helper guarantees login never\n // fails on skill errors.\n await installSkillsAfterLogin();\n return;\n }\n\n const errorData = data as AuthErrorResponse;\n if (errorData.error === 'authorization_pending') continue;\n if (errorData.error === 'slow_down') {\n currentInterval += 5000;\n continue;\n }\n\n spinner.stop('Authentication failed');\n clack.log.error(`Authentication error: ${errorData.error}`);\n process.exit(1);\n } catch {\n continue;\n }\n }\n\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n process.exit(1);\n}\n"]}
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,KAAK,CAAC;AACvB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAEhG;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,EAAE,GAAG,IAAI,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,aAAwD,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAC5C,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,wBAAwB,CAAC,CAAC;YAC1E,sEAAsE;YACtE,+CAA+C;YAC/C,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QAClE,IAAI,MAAM,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;YAClE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,CAAC,MAAM,WAAW,SAAS,QAAQ,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;YAAS,CAAC;QACT,IAAI,aAAa;YAAE,YAAY,CAAC,aAAa,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IACnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAc,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;QAE9D,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;YAC/B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,GAAG,SAAS,CAAC;QACvC,CAAC;QAED,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,uDAAuD,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,mBAAmB,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;QACnF,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IACvC,IAAI,aAAa,EAAE,YAAY,IAAI,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACjE,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBACxE,OAAO,CAAC,6CAA6C,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,aAAa,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,mBAAmB,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;gBACnF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IAEzC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAE7C,IAAI,UAAU,CAAC;IACf,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,iBAAiB,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,WAAW,EAAE;YACxD,QAAQ;YACR,aAAa;YACb,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAExE,eAAe,CAAC;YACd,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,CAAC,CAAC;QAEH,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC3C,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACnE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,UAAU,CAAC,CAAC;QAE3D,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1E,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,uBAAuB,EAAE,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACzC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC","sourcesContent":["import open from 'opn';\nimport chalk from 'chalk';\nimport clack from '../utils/clack.js';\nimport { saveCredentials, getCredentials, getAccessToken, isTokenExpired, updateTokens } from '../lib/credentials.js';\nimport { getCliAuthClientId, getAuthkitDomain } from '../lib/settings.js';\nimport { refreshAccessToken } from '../lib/token-refresh-client.js';\nimport { logInfo, logError } from '../utils/debug.js';\nimport { fetchStagingCredentials } from '../lib/staging-api.js';\nimport { getConfig, saveConfig } from '../lib/config-store.js';\nimport type { CliConfig } from '../lib/config-store.js';\nimport { formatWorkOSCommand } from '../utils/command-invocation.js';\nimport { autoInstallSkills } from './install-skill.js';\nimport { isJsonMode } from '../utils/output.js';\nimport { requestDeviceCode, pollForToken, DeviceAuthTimeoutError } from '../lib/device-auth.js';\n\n/**\n * Best-effort skill install after a successful auth-login.\n *\n * Mirrors the install.ts hook copy, but wraps `autoInstallSkills` in its own\n * try/catch AND a 30s timeout so a skill install hang (e.g. blocked filesystem\n * call) never blocks login completion. Login already succeeded by the time\n * this runs — the user having a working session is the contract that must hold.\n *\n * Extracted from runLogin so it can be unit-tested without standing up the\n * device-auth polling loop.\n */\nexport const SKILL_INSTALL_TIMEOUT_MS = 30 * 1000;\n\nexport async function installSkillsAfterLogin(): Promise<void> {\n let timeoutHandle: ReturnType<typeof setTimeout> | undefined;\n try {\n const timeout = new Promise<null>((resolve) => {\n timeoutHandle = setTimeout(() => resolve(null), SKILL_INSTALL_TIMEOUT_MS);\n // Don't keep the event loop alive on this timer — process should exit\n // immediately if everything else has resolved.\n timeoutHandle.unref?.();\n });\n const result = await Promise.race([autoInstallSkills(), timeout]);\n if (result && !isJsonMode()) {\n const skillWord = result.skills.length === 1 ? 'skill' : 'skills';\n clack.log.info(`Installed ${result.skills.length} WorkOS ${skillWord} for ${result.agents.join(', ')}.`);\n }\n } catch {\n // Skill install must never fail login.\n } finally {\n if (timeoutHandle) clearTimeout(timeoutHandle);\n }\n}\n\n/**\n * Auto-provision a staging environment after login.\n *\n * Fetches staging credentials using the access token, then saves them\n * as a \"staging\" environment in the config store. Non-fatal — logs a\n * hint on failure instead of throwing.\n */\nexport async function provisionStagingEnvironment(accessToken: string): Promise<boolean> {\n try {\n const staging = await fetchStagingCredentials(accessToken);\n\n const config: CliConfig = getConfig() ?? { environments: {} };\n const isFirst = Object.keys(config.environments).length === 0;\n\n config.environments['staging'] = {\n name: 'staging',\n type: 'sandbox',\n apiKey: staging.apiKey,\n clientId: staging.clientId,\n };\n\n if (isFirst || !config.activeEnvironment) {\n config.activeEnvironment = 'staging';\n }\n\n saveConfig(config);\n logInfo('[login] Staging environment auto-provisioned');\n return true;\n } catch (error) {\n logError('[login] Failed to auto-provision staging environment:', error instanceof Error ? error.message : error);\n return false;\n }\n}\n\nexport async function runLogin(): Promise<void> {\n const clientId = getCliAuthClientId();\n\n // Check if already logged in with valid token\n if (getAccessToken()) {\n const creds = getCredentials();\n console.log(chalk.green(`Already logged in as ${creds?.email ?? 'unknown'}`));\n console.log(chalk.dim(`Run \\`${formatWorkOSCommand('auth logout')}\\` to log out`));\n return;\n }\n\n // Try to refresh if we have expired credentials with a refresh token\n const existingCreds = getCredentials();\n if (existingCreds?.refreshToken && isTokenExpired(existingCreds)) {\n try {\n const authkitDomain = getAuthkitDomain();\n const result = await refreshAccessToken(authkitDomain, clientId);\n if (result.accessToken && result.expiresAt) {\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n logInfo('[login] Session refreshed via refresh token');\n console.log(chalk.green(`Already logged in as ${existingCreds.email ?? 'unknown'}`));\n console.log(chalk.dim(`Run \\`${formatWorkOSCommand('auth logout')}\\` to log out`));\n return;\n }\n } catch {\n // Refresh failed, proceed with fresh login\n }\n }\n\n const authkitDomain = getAuthkitDomain();\n\n clack.log.step('Starting authentication...');\n\n let deviceAuth;\n try {\n deviceAuth = await requestDeviceCode({ clientId, authkitDomain });\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n clack.log.error(`Failed to start authentication: ${msg}`);\n process.exit(1);\n }\n\n clack.log.info(`\\nOpen this URL in your browser:\\n`);\n console.log(` ${deviceAuth.verification_uri}`);\n console.log(`\\nEnter code: ${deviceAuth.user_code}\\n`);\n\n try {\n open(deviceAuth.verification_uri_complete);\n clack.log.info('Browser opened automatically');\n } catch {\n // User can open manually\n }\n\n const spinner = clack.spinner();\n spinner.start('Waiting for authentication...');\n\n try {\n const result = await pollForToken(deviceAuth.device_code, {\n clientId,\n authkitDomain,\n interval: deviceAuth.interval,\n });\n\n const expiresInSec = Math.round((result.expiresAt - Date.now()) / 1000);\n\n saveCredentials({\n accessToken: result.accessToken,\n expiresAt: result.expiresAt,\n userId: result.userId,\n email: result.email,\n refreshToken: result.refreshToken,\n });\n\n spinner.stop('Authentication successful!');\n clack.log.success(`Logged in as ${result.email || result.userId}`);\n clack.log.info(`Token expires in ${expiresInSec} seconds`);\n\n const provisioned = await provisionStagingEnvironment(result.accessToken);\n if (provisioned) {\n clack.log.success('Staging environment configured automatically');\n } else {\n clack.log.info(chalk.dim('Run `workos env add` to configure an environment manually'));\n }\n\n await installSkillsAfterLogin();\n } catch (error) {\n if (error instanceof DeviceAuthTimeoutError) {\n spinner.stop('Authentication timed out');\n clack.log.error('Authentication timed out. Please try again.');\n } else {\n spinner.stop('Authentication failed');\n const msg = error instanceof Error ? error.message : String(error);\n clack.log.error(`Authentication error: ${msg}`);\n }\n process.exit(1);\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-org-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-org-roles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,0BAA0B,CAAC,GAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAE3D,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAiB,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI;gBAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK;aACrB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YAC7B,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization-org-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-org-roles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,0BAA0B,CAAC,GAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAE3D,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAiB,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI;gBAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK;aACrB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YAC7B,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAE,CAAC;QACvF,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,EAAE,IAAI,CAAC;QACvE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB;QACtG,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,EAAE,CAAC;QACnE,gBAAgB,EAAE,yDAAyD;QAC3E,oBAAoB,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YAC9B,MAAM,GAAG,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,CAAC;YACxD,IAAI,CAAC,GAAG;gBAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC3C,CAAC;KACF,CAAC,CAAC;IAEH,mDAAmD;IACnD,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,oCAAoC,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QAE3E,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAExC,MAAM,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;QACpG,IAAI,CAAC,EAAE;YAAE,MAAM,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QAE1C,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRole } from '../helpers.js';\nimport { findOrgRole, requireOrgRole, registerRoleRoutes } from '../role-helpers.js';\n\nexport function authorizationOrgRoleRoutes(ctx: RouteContext): void {\n const { app, store } = ctx;\n const ws = getWorkOSStore(store);\n const prefix = '/authorization/organizations/:orgId/roles';\n\n // Priority ordering — must be registered before :slug routes\n app.put(`${prefix}/priority`, async (c) => {\n const orgId = c.req.param('orgId');\n const body = await parseJsonBody(c);\n const slugs = body.slugs as string[];\n\n if (!Array.isArray(slugs)) {\n throw validationError('slugs must be an array', [{ field: 'slugs', code: 'invalid' }]);\n }\n\n // Fetch once, build slug map for O(1) lookups\n const orgRoles = ws.roles.findBy('organization_id', orgId).filter((r) => r.type === 'OrganizationRole');\n const rolesBySlug = new Map(orgRoles.map((r) => [r.slug, r]));\n\n for (let i = 0; i < slugs.length; i++) {\n const role = rolesBySlug.get(slugs[i]!);\n if (!role) throw notFound('Role');\n ws.roles.update(role.id, { priority: i });\n }\n\n // Re-fetch for updated priority values\n const updated = ws.roles\n .findBy('organization_id', orgId)\n .filter((r) => r.type === 'OrganizationRole')\n .sort((a, b) => a.priority - b.priority);\n\n return c.json({\n object: 'list',\n data: updated.map(formatRole),\n list_metadata: { before: null, after: null },\n });\n });\n\n registerRoleRoutes(ctx, {\n pathPrefix: prefix,\n roleType: 'OrganizationRole',\n requireRole: (ws, c) => requireOrgRole(ws, c.req.param('orgId')!, c.req.param('slug')!),\n findRole: (ws, c, slug) => findOrgRole(ws, c.req.param('orgId')!, slug),\n listFilter: (c) => (r) => r.organization_id === c.req.param('orgId')! && r.type === 'OrganizationRole',\n insertDefaults: (c) => ({ organization_id: c.req.param('orgId')! }),\n duplicateMessage: 'Role with this slug already exists in this organization',\n validateBeforeCreate: (ws, c) => {\n const org = ws.organizations.get(c.req.param('orgId')!);\n if (!org) throw notFound('Organization');\n },\n });\n\n // Org-specific: delete single permission from role\n app.delete(`${prefix}/:slug/permissions/:permissionSlug`, (c) => {\n const role = requireOrgRole(ws, c.req.param('orgId'), c.req.param('slug'));\n\n const perm = ws.permissions.findOneBy('slug', c.req.param('permissionSlug'));\n if (!perm) throw notFound('Permission');\n\n const rp = ws.rolePermissions.findBy('role_id', role.id).find((rp) => rp.permission_id === perm.id);\n if (!rp) throw notFound('RolePermission');\n\n ws.rolePermissions.delete(rp.id);\n return c.body(null, 204);\n });\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-roles.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,uBAAuB,CAAC,GAAiB;IACvD,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,sBAAsB;QAClC,QAAQ,EAAE,iBAAiB;QAC3B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,
|
|
1
|
+
{"version":3,"file":"authorization-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-roles.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,uBAAuB,CAAC,GAAiB;IACvD,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,sBAAsB;QAClC,QAAQ,EAAE,iBAAiB;QAC3B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAE,CAAC;QAChE,QAAQ,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC;QACjD,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB;QACrD,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QACjD,gBAAgB,EAAE,oCAAoC;KACvD,CAAC,CAAC;AACL,CAAC","sourcesContent":["import type { RouteContext } from '../../core/index.js';\nimport { findEnvRole, requireEnvRole, registerRoleRoutes } from '../role-helpers.js';\n\nexport function authorizationRoleRoutes(ctx: RouteContext): void {\n registerRoleRoutes(ctx, {\n pathPrefix: '/authorization/roles',\n roleType: 'EnvironmentRole',\n requireRole: (ws, c) => requireEnvRole(ws, c.req.param('slug')!),\n findRole: (ws, _c, slug) => findEnvRole(ws, slug),\n listFilter: () => (r) => r.type === 'EnvironmentRole',\n insertDefaults: () => ({ organization_id: null }),\n duplicateMessage: 'Role with this slug already exists',\n });\n}\n"]}
|
package/dist/lib/api-key.d.ts
CHANGED
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
* API key resolution for management commands.
|
|
3
3
|
*
|
|
4
4
|
* Priority chain:
|
|
5
|
-
* 1.
|
|
6
|
-
* 2.
|
|
5
|
+
* 1. --api-key flag
|
|
6
|
+
* 2. WORKOS_API_KEY environment variable
|
|
7
7
|
* 3. Active environment's stored API key
|
|
8
8
|
*/
|
|
9
9
|
export interface ApiKeyOptions {
|
package/dist/lib/api-key.js
CHANGED
|
@@ -2,19 +2,19 @@
|
|
|
2
2
|
* API key resolution for management commands.
|
|
3
3
|
*
|
|
4
4
|
* Priority chain:
|
|
5
|
-
* 1.
|
|
6
|
-
* 2.
|
|
5
|
+
* 1. --api-key flag
|
|
6
|
+
* 2. WORKOS_API_KEY environment variable
|
|
7
7
|
* 3. Active environment's stored API key
|
|
8
8
|
*/
|
|
9
9
|
import { getActiveEnvironment } from './config-store.js';
|
|
10
10
|
import { exitWithError } from '../utils/output.js';
|
|
11
11
|
const DEFAULT_BASE_URL = 'https://api.workos.com';
|
|
12
12
|
export function resolveApiKey(options) {
|
|
13
|
+
if (options?.apiKey)
|
|
14
|
+
return options.apiKey;
|
|
13
15
|
const envVar = process.env.WORKOS_API_KEY;
|
|
14
16
|
if (envVar)
|
|
15
17
|
return envVar;
|
|
16
|
-
if (options?.apiKey)
|
|
17
|
-
return options.apiKey;
|
|
18
18
|
const activeEnv = getActiveEnvironment();
|
|
19
19
|
if (activeEnv?.apiKey)
|
|
20
20
|
return activeEnv.apiKey;
|
package/dist/lib/api-key.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../src/lib/api-key.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAMlD,MAAM,UAAU,aAAa,CAAC,OAAuB;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,
|
|
1
|
+
{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../src/lib/api-key.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAMlD,MAAM,UAAU,aAAa,CAAC,OAAuB;IACnD,IAAI,OAAO,EAAE,MAAM;QAAE,OAAO,OAAO,CAAC,MAAM,CAAC;IAE3C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;IACzC,IAAI,SAAS,EAAE,MAAM;QAAE,OAAO,SAAS,CAAC,MAAM,CAAC;IAE/C,aAAa,CAAC;QACZ,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,iGAAiG;KAC3G,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;IACzC,OAAO,SAAS,EAAE,QAAQ,IAAI,gBAAgB,CAAC;AACjD,CAAC","sourcesContent":["/**\n * API key resolution for management commands.\n *\n * Priority chain:\n * 1. --api-key flag\n * 2. WORKOS_API_KEY environment variable\n * 3. Active environment's stored API key\n */\n\nimport { getActiveEnvironment } from './config-store.js';\nimport { exitWithError } from '../utils/output.js';\n\nconst DEFAULT_BASE_URL = 'https://api.workos.com';\n\nexport interface ApiKeyOptions {\n apiKey?: string;\n}\n\nexport function resolveApiKey(options?: ApiKeyOptions): string {\n if (options?.apiKey) return options.apiKey;\n\n const envVar = process.env.WORKOS_API_KEY;\n if (envVar) return envVar;\n\n const activeEnv = getActiveEnvironment();\n if (activeEnv?.apiKey) return activeEnv.apiKey;\n\n exitWithError({\n code: 'no_api_key',\n message: 'No API key configured. Run `workos env add` to configure an environment, or set WORKOS_API_KEY.',\n });\n}\n\nexport function resolveApiBaseUrl(): string {\n const activeEnv = getActiveEnvironment();\n return activeEnv?.endpoint || DEFAULT_BASE_URL;\n}\n"]}
|
|
@@ -31,6 +31,9 @@ export interface DeviceAuthResult {
|
|
|
31
31
|
export declare class DeviceAuthError extends Error {
|
|
32
32
|
constructor(message: string);
|
|
33
33
|
}
|
|
34
|
+
export declare class DeviceAuthTimeoutError extends DeviceAuthError {
|
|
35
|
+
constructor(message: string);
|
|
36
|
+
}
|
|
34
37
|
/**
|
|
35
38
|
* Request a device code from the OAuth authorization server.
|
|
36
39
|
* Returns the device code, user code, and verification URIs.
|
package/dist/lib/device-auth.js
CHANGED
|
@@ -11,6 +11,12 @@ export class DeviceAuthError extends Error {
|
|
|
11
11
|
this.name = 'DeviceAuthError';
|
|
12
12
|
}
|
|
13
13
|
}
|
|
14
|
+
export class DeviceAuthTimeoutError extends DeviceAuthError {
|
|
15
|
+
constructor(message) {
|
|
16
|
+
super(message);
|
|
17
|
+
this.name = 'DeviceAuthTimeoutError';
|
|
18
|
+
}
|
|
19
|
+
}
|
|
14
20
|
const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
|
|
15
21
|
const DEFAULT_POLL_INTERVAL_SECONDS = 5;
|
|
16
22
|
const POLL_REQUEST_TIMEOUT_MS = 30_000;
|
|
@@ -49,14 +55,30 @@ export async function requestDeviceCode(options) {
|
|
|
49
55
|
const scopes = options.scopes ?? DEFAULT_SCOPES;
|
|
50
56
|
const url = `${options.authkitDomain}/oauth2/device_authorization`;
|
|
51
57
|
logInfo('[device-auth] Requesting device code from:', url);
|
|
52
|
-
const
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
const controller = new AbortController();
|
|
59
|
+
const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);
|
|
60
|
+
let res;
|
|
61
|
+
try {
|
|
62
|
+
res = await fetch(url, {
|
|
63
|
+
method: 'POST',
|
|
64
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
65
|
+
body: new URLSearchParams({
|
|
66
|
+
client_id: options.clientId,
|
|
67
|
+
scope: scopes.join(' '),
|
|
68
|
+
}),
|
|
69
|
+
signal: controller.signal,
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
catch (error) {
|
|
73
|
+
clearTimeout(timeout);
|
|
74
|
+
if (error instanceof DOMException && error.name === 'AbortError') {
|
|
75
|
+
throw new DeviceAuthTimeoutError('Device authorization request timed out');
|
|
76
|
+
}
|
|
77
|
+
throw new DeviceAuthError(`Device authorization request failed: ${error instanceof Error ? error.message : String(error)}`);
|
|
78
|
+
}
|
|
79
|
+
finally {
|
|
80
|
+
clearTimeout(timeout);
|
|
81
|
+
}
|
|
60
82
|
logInfo('[device-auth] Device code response status:', res.status);
|
|
61
83
|
if (!res.ok) {
|
|
62
84
|
const text = await res.text();
|
|
@@ -137,7 +159,7 @@ export async function pollForToken(deviceCode, options) {
|
|
|
137
159
|
throw new DeviceAuthError(`Token error: ${errorData.error}`);
|
|
138
160
|
}
|
|
139
161
|
logError('[device-auth] Authentication timed out, last poll:', lastPollSummary);
|
|
140
|
-
throw new
|
|
162
|
+
throw new DeviceAuthTimeoutError(`Authentication timed out after ${Math.round(timeoutMs / 1000)} seconds (last token response: ${lastPollSummary})`);
|
|
141
163
|
}
|
|
142
164
|
function parseTokenResponse(data) {
|
|
143
165
|
const idPayload = parseJwt(data.id_token);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device-auth.js","sourceRoot":"","sources":["../../src/lib/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AA0CtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AACtD,MAAM,6BAA6B,GAAG,CAAC,CAAC;AACxC,MAAM,uBAAuB,GAAG,MAAM,CAAC;AACvC,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,sCAAsC,EAAE,gBAAgB,CAAC,CAAC;AAErG,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC;IAChD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,aAAa,8BAA8B,CAAC;IAEnE,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,QAAQ,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,eAAe,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IACtD,OAAO,CAAC,gDAAgD,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,6BAA6B,CAAC,GAAG,IAAI,CAAC;IAC9E,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,aAAa,eAAe,CAAC;IACzD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,eAAe,GAAG,4BAA4B,CAAC;IAEnD,OAAO,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1B,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAEnB,IAAI,GAAa,CAAC;QAClB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC9E,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU;oBACvB,SAAS,EAAE,OAAO,CAAC,QAAQ;iBAC5B,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CACL,mDAAmD,EACnD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAC;YACF,SAAS;QACX,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,QAAQ,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;YAC3E,MAAM,IAAI,eAAe,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,SAAS,GAAG,IAAyB,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACzC,eAAe,GAAG,GAAG,CAAC,EAAE;YACtB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,UAAU;YACzB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,IAAI,eAAe,GAAG,SAAS,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACnI,OAAO,CAAC,oCAAoC,EAAE,WAAW,SAAS,EAAE,EAAE,aAAa,SAAS,EAAE,EAAE,eAAe,CAAC,CAAC;QACjH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACrD,OAAO,kBAAkB,CAAC,IAAqB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAChD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACpC,YAAY,IAAI,IAAI,CAAC;YACrB,OAAO,CAAC,2CAA2C,EAAE,YAAY,CAAC,CAAC;YACnE,OAAO,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;YACnC,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,IAAI,eAAe,CAAC,gBAAgB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,oDAAoD,EAAE,eAAe,CAAC,CAAC;IAChF,MAAM,IAAI,eAAe,CACvB,kCAAkC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,kCAAkC,eAAe,GAAG,CACnH,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAElD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7G,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,IAAI,SAAS,CAAC;QAC3C,KAAK,EAAE,SAAS,EAAE,KAA2B;QAC7C,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Device Authorization Flow\n *\n * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.\n * Extracted from login.ts for reuse in wizard credential gathering.\n */\n\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceAuthOptions {\n clientId: string;\n authkitDomain: string;\n scopes?: string[];\n timeoutMs?: number;\n onPoll?: () => void;\n onSlowDown?: (newIntervalMs: number) => void;\n}\n\nexport interface DeviceAuthResult {\n accessToken: string;\n idToken: string;\n expiresAt: number;\n userId: string;\n email?: string;\n refreshToken?: string;\n}\n\ninterface TokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n error_description?: string;\n}\n\nexport class DeviceAuthError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'DeviceAuthError';\n }\n}\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_POLL_INTERVAL_SECONDS = 5;\nconst POLL_REQUEST_TIMEOUT_MS = 30_000;\nconst DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read', 'offline_access'];\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\n/**\n * Request a device code from the OAuth authorization server.\n * Returns the device code, user code, and verification URIs.\n */\nexport async function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse> {\n const scopes = options.scopes ?? DEFAULT_SCOPES;\n const url = `${options.authkitDomain}/oauth2/device_authorization`;\n\n logInfo('[device-auth] Requesting device code from:', url);\n const res = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n client_id: options.clientId,\n scope: scopes.join(' '),\n }),\n });\n\n logInfo('[device-auth] Device code response status:', res.status);\n if (!res.ok) {\n const text = await res.text();\n logError('[device-auth] Device authorization failed:', res.status, text);\n throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);\n }\n\n const data = (await res.json()) as DeviceAuthResponse;\n logInfo('[device-auth] Device code received, user_code:', data.user_code);\n return data;\n}\n\n/**\n * Poll for token after user has authorized in the browser.\n * Handles authorization_pending and slow_down responses per RFC 8628.\n */\nexport async function pollForToken(\n deviceCode: string,\n options: DeviceAuthOptions & { interval: number },\n): Promise<DeviceAuthResult> {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const startTime = Date.now();\n let pollInterval = (options.interval || DEFAULT_POLL_INTERVAL_SECONDS) * 1000;\n const tokenUrl = `${options.authkitDomain}/oauth2/token`;\n let pollCount = 0;\n let lastPollSummary = 'no token response received';\n\n logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);\n while (Date.now() - startTime < timeoutMs) {\n await sleep(pollInterval);\n pollCount++;\n options.onPoll?.();\n\n let res: Response;\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);\n try {\n res = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: options.clientId,\n }),\n signal: controller.signal,\n });\n } catch (error) {\n logInfo(\n '[device-auth] Token poll network error, retrying:',\n error instanceof Error ? error.message : String(error),\n );\n continue;\n } finally {\n clearTimeout(timeout);\n }\n\n let data;\n try {\n data = await res.json();\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n logError('[device-auth] Invalid JSON response from auth server:', message);\n throw new DeviceAuthError(`Invalid response from auth server: ${message}`);\n }\n\n const errorData = data as AuthErrorResponse;\n const elapsedMs = Date.now() - startTime;\n lastPollSummary = res.ok\n ? `${res.status} success`\n : `${res.status} ${errorData.error ?? 'unknown_error'}${errorData.error_description ? ` (${errorData.error_description})` : ''}`;\n logInfo('[device-auth] Token poll response:', `attempt=${pollCount}`, `elapsedMs=${elapsedMs}`, lastPollSummary);\n if (res.ok) {\n logInfo('[device-auth] Token received successfully');\n return parseTokenResponse(data as TokenResponse);\n }\n\n if (errorData.error === 'authorization_pending') {\n continue;\n }\n\n if (errorData.error === 'slow_down') {\n pollInterval += 5000;\n logInfo('[device-auth] Slowing down, new interval:', pollInterval);\n options.onSlowDown?.(pollInterval);\n continue;\n }\n\n logError('[device-auth] Token error:', errorData.error);\n throw new DeviceAuthError(`Token error: ${errorData.error}`);\n }\n\n logError('[device-auth] Authentication timed out, last poll:', lastPollSummary);\n throw new DeviceAuthError(\n `Authentication timed out after ${Math.round(timeoutMs / 1000)} seconds (last token response: ${lastPollSummary})`,\n );\n}\n\nfunction parseTokenResponse(data: TokenResponse): DeviceAuthResult {\n const idPayload = parseJwt(data.id_token);\n const jwtExpiry = getJwtExpiry(data.access_token);\n\n return {\n accessToken: data.access_token,\n idToken: data.id_token,\n expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),\n userId: String(idPayload?.sub ?? 'unknown'),\n email: idPayload?.email as string | undefined,\n refreshToken: data.refresh_token,\n };\n}\n"]}
|
|
1
|
+
{"version":3,"file":"device-auth.js","sourceRoot":"","sources":["../../src/lib/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AA0CtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IACzD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AACtD,MAAM,6BAA6B,GAAG,CAAC,CAAC;AACxC,MAAM,uBAAuB,GAAG,MAAM,CAAC;AACvC,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,sCAAsC,EAAE,gBAAgB,CAAC,CAAC;AAErG,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC;IAChD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,aAAa,8BAA8B,CAAC;IAEnE,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;IAC9E,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,OAAO,CAAC,QAAQ;gBAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aACxB,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,IAAI,KAAK,YAAY,YAAY,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACjE,MAAM,IAAI,sBAAsB,CAAC,wCAAwC,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,IAAI,eAAe,CACvB,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,QAAQ,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,eAAe,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IACtD,OAAO,CAAC,gDAAgD,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,6BAA6B,CAAC,GAAG,IAAI,CAAC;IAC9E,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,aAAa,eAAe,CAAC;IACzD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,eAAe,GAAG,4BAA4B,CAAC;IAEnD,OAAO,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1B,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAEnB,IAAI,GAAa,CAAC;QAClB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC9E,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU;oBACvB,SAAS,EAAE,OAAO,CAAC,QAAQ;iBAC5B,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CACL,mDAAmD,EACnD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAC;YACF,SAAS;QACX,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,QAAQ,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;YAC3E,MAAM,IAAI,eAAe,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,SAAS,GAAG,IAAyB,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACzC,eAAe,GAAG,GAAG,CAAC,EAAE;YACtB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,UAAU;YACzB,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,IAAI,eAAe,GAAG,SAAS,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACnI,OAAO,CAAC,oCAAoC,EAAE,WAAW,SAAS,EAAE,EAAE,aAAa,SAAS,EAAE,EAAE,eAAe,CAAC,CAAC;QACjH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACrD,OAAO,kBAAkB,CAAC,IAAqB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAChD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACpC,YAAY,IAAI,IAAI,CAAC;YACrB,OAAO,CAAC,2CAA2C,EAAE,YAAY,CAAC,CAAC;YACnE,OAAO,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;YACnC,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,IAAI,eAAe,CAAC,gBAAgB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,oDAAoD,EAAE,eAAe,CAAC,CAAC;IAChF,MAAM,IAAI,sBAAsB,CAC9B,kCAAkC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,kCAAkC,eAAe,GAAG,CACnH,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAElD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7G,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,IAAI,SAAS,CAAC;QAC3C,KAAK,EAAE,SAAS,EAAE,KAA2B;QAC7C,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Device Authorization Flow\n *\n * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.\n * Extracted from login.ts for reuse in wizard credential gathering.\n */\n\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface DeviceAuthResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceAuthOptions {\n clientId: string;\n authkitDomain: string;\n scopes?: string[];\n timeoutMs?: number;\n onPoll?: () => void;\n onSlowDown?: (newIntervalMs: number) => void;\n}\n\nexport interface DeviceAuthResult {\n accessToken: string;\n idToken: string;\n expiresAt: number;\n userId: string;\n email?: string;\n refreshToken?: string;\n}\n\ninterface TokenResponse {\n access_token: string;\n id_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n error: string;\n error_description?: string;\n}\n\nexport class DeviceAuthError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'DeviceAuthError';\n }\n}\n\nexport class DeviceAuthTimeoutError extends DeviceAuthError {\n constructor(message: string) {\n super(message);\n this.name = 'DeviceAuthTimeoutError';\n }\n}\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_POLL_INTERVAL_SECONDS = 5;\nconst POLL_REQUEST_TIMEOUT_MS = 30_000;\nconst DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read', 'offline_access'];\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n } catch {\n return null;\n }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n const payload = parseJwt(token);\n if (!payload || typeof payload.exp !== 'number') return null;\n return payload.exp * 1000;\n}\n\n/**\n * Request a device code from the OAuth authorization server.\n * Returns the device code, user code, and verification URIs.\n */\nexport async function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse> {\n const scopes = options.scopes ?? DEFAULT_SCOPES;\n const url = `${options.authkitDomain}/oauth2/device_authorization`;\n\n logInfo('[device-auth] Requesting device code from:', url);\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);\n let res: Response;\n try {\n res = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n client_id: options.clientId,\n scope: scopes.join(' '),\n }),\n signal: controller.signal,\n });\n } catch (error) {\n clearTimeout(timeout);\n if (error instanceof DOMException && error.name === 'AbortError') {\n throw new DeviceAuthTimeoutError('Device authorization request timed out');\n }\n throw new DeviceAuthError(\n `Device authorization request failed: ${error instanceof Error ? error.message : String(error)}`,\n );\n } finally {\n clearTimeout(timeout);\n }\n\n logInfo('[device-auth] Device code response status:', res.status);\n if (!res.ok) {\n const text = await res.text();\n logError('[device-auth] Device authorization failed:', res.status, text);\n throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);\n }\n\n const data = (await res.json()) as DeviceAuthResponse;\n logInfo('[device-auth] Device code received, user_code:', data.user_code);\n return data;\n}\n\n/**\n * Poll for token after user has authorized in the browser.\n * Handles authorization_pending and slow_down responses per RFC 8628.\n */\nexport async function pollForToken(\n deviceCode: string,\n options: DeviceAuthOptions & { interval: number },\n): Promise<DeviceAuthResult> {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const startTime = Date.now();\n let pollInterval = (options.interval || DEFAULT_POLL_INTERVAL_SECONDS) * 1000;\n const tokenUrl = `${options.authkitDomain}/oauth2/token`;\n let pollCount = 0;\n let lastPollSummary = 'no token response received';\n\n logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);\n while (Date.now() - startTime < timeoutMs) {\n await sleep(pollInterval);\n pollCount++;\n options.onPoll?.();\n\n let res: Response;\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), POLL_REQUEST_TIMEOUT_MS);\n try {\n res = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: options.clientId,\n }),\n signal: controller.signal,\n });\n } catch (error) {\n logInfo(\n '[device-auth] Token poll network error, retrying:',\n error instanceof Error ? error.message : String(error),\n );\n continue;\n } finally {\n clearTimeout(timeout);\n }\n\n let data;\n try {\n data = await res.json();\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n logError('[device-auth] Invalid JSON response from auth server:', message);\n throw new DeviceAuthError(`Invalid response from auth server: ${message}`);\n }\n\n const errorData = data as AuthErrorResponse;\n const elapsedMs = Date.now() - startTime;\n lastPollSummary = res.ok\n ? `${res.status} success`\n : `${res.status} ${errorData.error ?? 'unknown_error'}${errorData.error_description ? ` (${errorData.error_description})` : ''}`;\n logInfo('[device-auth] Token poll response:', `attempt=${pollCount}`, `elapsedMs=${elapsedMs}`, lastPollSummary);\n if (res.ok) {\n logInfo('[device-auth] Token received successfully');\n return parseTokenResponse(data as TokenResponse);\n }\n\n if (errorData.error === 'authorization_pending') {\n continue;\n }\n\n if (errorData.error === 'slow_down') {\n pollInterval += 5000;\n logInfo('[device-auth] Slowing down, new interval:', pollInterval);\n options.onSlowDown?.(pollInterval);\n continue;\n }\n\n logError('[device-auth] Token error:', errorData.error);\n throw new DeviceAuthError(`Token error: ${errorData.error}`);\n }\n\n logError('[device-auth] Authentication timed out, last poll:', lastPollSummary);\n throw new DeviceAuthTimeoutError(\n `Authentication timed out after ${Math.round(timeoutMs / 1000)} seconds (last token response: ${lastPollSummary})`,\n );\n}\n\nfunction parseTokenResponse(data: TokenResponse): DeviceAuthResult {\n const idPayload = parseJwt(data.id_token);\n const jwtExpiry = getJwtExpiry(data.access_token);\n\n return {\n accessToken: data.access_token,\n idToken: data.id_token,\n expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),\n userId: String(idPayload?.sub ?? 'unknown'),\n email: idPayload?.email as string | undefined,\n refreshToken: data.refresh_token,\n };\n}\n"]}
|
package/dist/utils/output.d.ts
CHANGED
|
@@ -23,7 +23,12 @@ export declare function isJsonMode(): boolean;
|
|
|
23
23
|
/** Write structured JSON to stdout (one line, no pretty-print). */
|
|
24
24
|
export declare function outputJson(data: unknown): void;
|
|
25
25
|
/** Write a success result — chalk in human mode, JSON in json mode. */
|
|
26
|
-
export declare function outputSuccess(message: string, data?: object
|
|
26
|
+
export declare function outputSuccess(message: string, data?: object, options?: {
|
|
27
|
+
warnings?: Array<{
|
|
28
|
+
code: string;
|
|
29
|
+
message: string;
|
|
30
|
+
}>;
|
|
31
|
+
}): void;
|
|
27
32
|
/** Write a structured error to stderr. */
|
|
28
33
|
export declare function outputError(error: {
|
|
29
34
|
code: string;
|
package/dist/utils/output.js
CHANGED
|
@@ -45,15 +45,25 @@ export function outputJson(data) {
|
|
|
45
45
|
console.log(JSON.stringify(data));
|
|
46
46
|
}
|
|
47
47
|
/** Write a success result — chalk in human mode, JSON in json mode. */
|
|
48
|
-
export function outputSuccess(message, data) {
|
|
48
|
+
export function outputSuccess(message, data, options) {
|
|
49
49
|
if (currentMode === 'json') {
|
|
50
|
-
|
|
50
|
+
const result = { status: 'ok', message };
|
|
51
|
+
if (data)
|
|
52
|
+
result.data = data;
|
|
53
|
+
if (options?.warnings?.length)
|
|
54
|
+
result.warnings = options.warnings;
|
|
55
|
+
console.log(JSON.stringify(result));
|
|
51
56
|
}
|
|
52
57
|
else {
|
|
53
58
|
console.log(chalk.green(message));
|
|
54
59
|
if (data) {
|
|
55
60
|
console.log(JSON.stringify(data, null, 2));
|
|
56
61
|
}
|
|
62
|
+
if (options?.warnings?.length) {
|
|
63
|
+
for (const w of options.warnings) {
|
|
64
|
+
console.error(chalk.yellow(w.message));
|
|
65
|
+
}
|
|
66
|
+
}
|
|
57
67
|
}
|
|
58
68
|
}
|
|
59
69
|
/** Write a structured error to stderr. */
|
package/dist/utils/output.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"output.js","sourceRoot":"","sources":["../../src/utils/output.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAoB,MAAM,YAAY,CAAC;AAI3D,IAAI,WAAW,GAAe,OAAO,CAAC;AAEtC;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAkB;IAClD,IAAI,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IACnG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC;IACzC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAgB;IAC5C,WAAW,GAAG,IAAI,CAAC;IACnB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,WAAW,KAAK,MAAM,CAAC;AAChC,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,aAAa,
|
|
1
|
+
{"version":3,"file":"output.js","sourceRoot":"","sources":["../../src/utils/output.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAoB,MAAM,YAAY,CAAC;AAI3D,IAAI,WAAW,GAAe,OAAO,CAAC;AAEtC;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAkB;IAClD,IAAI,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IACnG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC;IACzC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAgB;IAC5C,WAAW,GAAG,IAAI,CAAC;IACnB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,WAAW,KAAK,MAAM,CAAC;AAChC,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,aAAa,CAC3B,OAAe,EACf,IAAa,EACb,OAAiE;IAEjE,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAClE,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7B,IAAI,OAAO,EAAE,QAAQ,EAAE,MAAM;YAAE,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,WAAW,CAAC,KAA2D;IACrF,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,WAAW,CAAC,OAAsB,EAAE,IAAgB,EAAE,OAAmB;IACvF,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;gBAChC,MAAM,GAAG,GAA2B,EAAE,CAAC;gBACvC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;oBACvB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACxB,CAAC,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,aAAa,CAAC,KAA2D;IACvF,WAAW,CAAC,KAAK,CAAC,CAAC;IACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC","sourcesContent":["/**\n * Output mode system for non-TTY / JSON support.\n *\n * Resolves once at startup, drives all output formatting.\n * In JSON mode: structured JSON to stdout, structured errors to stderr.\n * In human mode: chalk-formatted output (existing behavior).\n */\n\nimport chalk from 'chalk';\nimport { formatTable, type TableColumn } from './table.js';\n\nexport type OutputMode = 'human' | 'json';\n\nlet currentMode: OutputMode = 'human';\n\n/**\n * Resolve the output mode based on flags and environment.\n *\n * Priority:\n * 1. Explicit --json flag\n * 2. WORKOS_FORCE_TTY env var → human\n * 3. Non-TTY auto-detection → json\n * 4. Default → human\n */\nexport function resolveOutputMode(jsonFlag?: boolean): OutputMode {\n if (jsonFlag) return 'json';\n if (process.env.WORKOS_FORCE_TTY === '1' || process.env.WORKOS_FORCE_TTY === 'true') return 'human';\n if (process.env.WORKOS_NO_PROMPT === '1' || process.env.WORKOS_NO_PROMPT === 'true') return 'json';\n if (!process.stdout.isTTY) return 'json';\n return 'human';\n}\n\nexport function setOutputMode(mode: OutputMode): void {\n currentMode = mode;\n if (mode === 'json') {\n chalk.level = 0;\n }\n}\n\nexport function getOutputMode(): OutputMode {\n return currentMode;\n}\n\nexport function isJsonMode(): boolean {\n return currentMode === 'json';\n}\n\n/** Write structured JSON to stdout (one line, no pretty-print). */\nexport function outputJson(data: unknown): void {\n console.log(JSON.stringify(data));\n}\n\n/** Write a success result — chalk in human mode, JSON in json mode. */\nexport function outputSuccess(\n message: string,\n data?: object,\n options?: { warnings?: Array<{ code: string; message: string }> },\n): void {\n if (currentMode === 'json') {\n const result: Record<string, unknown> = { status: 'ok', message };\n if (data) result.data = data;\n if (options?.warnings?.length) result.warnings = options.warnings;\n console.log(JSON.stringify(result));\n } else {\n console.log(chalk.green(message));\n if (data) {\n console.log(JSON.stringify(data, null, 2));\n }\n if (options?.warnings?.length) {\n for (const w of options.warnings) {\n console.error(chalk.yellow(w.message));\n }\n }\n }\n}\n\n/** Write a structured error to stderr. */\nexport function outputError(error: { code: string; message: string; details?: unknown }): void {\n if (currentMode === 'json') {\n console.error(JSON.stringify({ error }));\n } else {\n console.error(chalk.red(error.message));\n }\n}\n\n/** Write tabular data — chalk table in human mode, JSON array in json mode. */\nexport function outputTable(columns: TableColumn[], rows: string[][], rawData?: unknown[]): void {\n if (currentMode === 'json') {\n if (rawData) {\n console.log(JSON.stringify(rawData));\n } else {\n const headers = columns.map((c) => c.header);\n const jsonRows = rows.map((row) => {\n const obj: Record<string, string> = {};\n headers.forEach((h, i) => {\n obj[h] = row[i] ?? '';\n });\n return obj;\n });\n console.log(JSON.stringify(jsonRows));\n }\n } else {\n console.log(formatTable(columns, rows));\n }\n}\n\n/** Exit with a structured error. Writes error then exits with code 1. */\nexport function exitWithError(error: { code: string; message: string; details?: unknown }): never {\n outputError(error);\n process.exit(1);\n}\n"]}
|