xuanwu-cli 2.0.0 → 2.2.0

package/dist/commands/auth/login.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function makeLoginCommand(): Command;

package/dist/commands/auth/login.js

@@ -0,0 +1,131 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeLoginCommand = makeLoginCommand;
+const commander_1 = require("commander");
+const open_1 = __importDefault(require("open"));
+const session_1 = require("../../lib/session");
+const formatter_1 = require("../../output/formatter");
+function makeLoginCommand() {
+    const cmd = new commander_1.Command('login')
+        .description('Login to xuanwu factory')
+        .option('-u, --api-url <url>', 'API server URL', 'https://i.xuanwu.dev.aimstek.cn')
+        .option('-e, --email <email>', 'Email address (for non-interactive login)')
+        .option('-p, --password <password>', 'Password (for non-interactive login)')
+        .option('--expires-in <duration>', 'Token expiration (30d, 90d, never)', '30d')
+        .action(async (options) => {
+        const sessionManager = new session_1.SessionManager();
+        if (options.email && options.password) {
+            await loginWithCredentials(sessionManager, options.email, options.password, options.expiresIn, options.apiUrl);
+            return;
+        }
+        await loginWithBrowser(sessionManager, options.apiUrl);
+    });
+    return cmd;
+}
+async function loginWithBrowser(sessionManager, apiUrl) {
+    const finalApiUrl = process.env.XW_API_URL || apiUrl;
+    const deviceAuthRes = await fetch(`${finalApiUrl}/api/cli/auth/device-code`, {
+        method: 'POST'
+    });
+    if (!deviceAuthRes.ok) {
+        formatter_1.OutputFormatter.error('Failed to generate device code');
+        process.exit(1);
+    }
+    const { sessionId, loginUrl, code } = await deviceAuthRes.json();
+    formatter_1.OutputFormatter.info('正在生成设备授权码...');
+    console.log(`授权码: ${code}`);
+    console.log(`已打开浏览器: ${loginUrl}`);
+    formatter_1.OutputFormatter.info('请在浏览器中完成授权');
+    formatter_1.OutputFormatter.info('等待授权...');
+    try {
+        await (0, open_1.default)(loginUrl);
+    }
+    catch (error) {
+        console.log(`如果浏览器未打开，请手动访问: ${loginUrl}`);
+    }
+    const maxAttempts = 60;
+    let attempts = 0;
+    while (attempts < maxAttempts) {
+        await new Promise(resolve => setTimeout(resolve, 3000));
+        const pollRes = await fetch(`${finalApiUrl}/api/cli/auth/poll?session_id=${sessionId}`);
+        if (!pollRes.ok) {
+            formatter_1.OutputFormatter.error('Failed to poll auth status');
+            process.exit(1);
+        }
+        const pollData = await pollRes.json();
+        const { status, token, user } = pollData;
+        if (status === 'success') {
+            const expiresIn = 30 * 24 * 60 * 60 * 1000;
+            await sessionManager.saveSession({
+                token,
+                userId: user.id,
+                userName: user.name,
+                userEmail: user.email,
+                userRole: user.role,
+                deviceId: 'CLI Device',
+                expiresAt: new Date(Date.now() + expiresIn).toISOString(),
+                apiUrl: finalApiUrl
+            });
+            console.log('');
+            formatter_1.OutputFormatter.success('授权成功！');
+            formatter_1.OutputFormatter.success('登录成功！');
+            console.log(`  用户: ${user.name} (${user.email})`);
+            console.log(`  设备: CLI Device`);
+            console.log(`  过期时间: 30天`);
+            return;
+        }
+        if (status === 'expired') {
+            formatter_1.OutputFormatter.error('授权已过期，请重新尝试');
+            process.exit(1);
+        }
+        if (attempts % 5 === 0) {
+            formatter_1.OutputFormatter.info(`等待中... (${attempts * 3}秒)`);
+        }
+        attempts++;
+    }
+    formatter_1.OutputFormatter.error('授权超时，请重新尝试');
+    process.exit(1);
+}
+async function loginWithCredentials(sessionManager, email, password, expiresIn, apiUrl) {
+    const finalApiUrl = process.env.XW_API_URL || apiUrl;
+    console.log(`使用邮箱密码登录: ${email}`);
+    const res = await fetch(`${finalApiUrl}/api/cli/auth/login`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            email,
+            password,
+            deviceName: 'CLI Device',
+            expiresIn
+        })
+    });
+    if (!res.ok) {
+        const error = await res.json();
+        formatter_1.OutputFormatter.error(`登录失败: ${error.error}`);
+        process.exit(1);
+    }
+    const loginData = await res.json();
+    const { token, user } = loginData;
+    const expiresAt = expiresIn === 'never'
+        ? null
+        : new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString();
+    const deviceId = expiresIn === 'never' ? 'CI/CD Server' : 'CLI Device';
+    const expiresText = expiresIn === 'never' ? '永不过期' : '30天';
+    await sessionManager.saveSession({
+        token,
+        userId: user.id,
+        userName: user.name,
+        userEmail: user.email,
+        userRole: user.role,
+        deviceId,
+        expiresAt,
+        apiUrl: finalApiUrl
+    });
+    formatter_1.OutputFormatter.success('登录成功！');
+    console.log(`  用户: ${user.name} (${user.email})`);
+    console.log(`  设备: ${deviceId}`);
+    console.log(`  过期时间: ${expiresText}`);
+}

package/dist/commands/auth/logout.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function makeLogoutCommand(): Command;

package/dist/commands/auth/logout.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeLogoutCommand = makeLogoutCommand;
+const commander_1 = require("commander");
+const session_1 = require("../../lib/session");
+const formatter_1 = require("../../output/formatter");
+function makeLogoutCommand() {
+    const cmd = new commander_1.Command('logout')
+        .description('Logout from xuanwu factory')
+        .action(async () => {
+        const sessionManager = new session_1.SessionManager();
+        const session = await sessionManager.loadSession();
+        if (!session) {
+            formatter_1.OutputFormatter.info('未登录');
+            return;
+        }
+        try {
+            await fetch(`${session.apiUrl}/api/cli/auth/logout`, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${session.token}`,
+                    'Content-Type': 'application/json'
+                }
+            });
+        }
+        catch (error) {
+            // Ignore API errors
+        }
+        await sessionManager.clearSession();
+        formatter_1.OutputFormatter.success('登出成功');
+    });
+    return cmd;
+}

package/dist/commands/auth/tokens.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function makeTokensCommand(): Command;

package/dist/commands/auth/tokens.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeTokensCommand = makeTokensCommand;
+const commander_1 = require("commander");
+const session_1 = require("../../lib/session");
+const formatter_1 = require("../../output/formatter");
+function makeTokensCommand() {
+    const cmd = new commander_1.Command('tokens')
+        .description('List all tokens');
+    const listCmd = new commander_1.Command('list')
+        .description('List all tokens')
+        .action(async () => {
+        const sessionManager = new session_1.SessionManager();
+        const session = await sessionManager.loadSession();
+        if (!session) {
+            formatter_1.OutputFormatter.info('未登录');
+            return;
+        }
+        const res = await fetch(`${session.apiUrl}/api/cli/auth/tokens`, {
+            headers: {
+                'Authorization': `Bearer ${session.token}`
+            }
+        });
+        if (!res.ok) {
+            formatter_1.OutputFormatter.error('Failed to list tokens');
+            return;
+        }
+        const { tokens } = await res.json();
+        if (tokens.length === 0) {
+            formatter_1.OutputFormatter.info('没有找到tokens');
+            return;
+        }
+        console.log('Your Tokens:');
+        tokens.forEach((token, index) => {
+            const lastUsed = token.lastUsedAt
+                ? `${Math.floor((Date.now() - new Date(token.lastUsedAt).getTime()) / (60 * 60 * 1000))}h ago`
+                : 'never';
+            const expires = token.expiresAt
+                ? `${Math.max(0, Math.floor((new Date(token.expiresAt).getTime() - Date.now()) / (24 * 60 * 60 * 1000)))} days`
+                : 'never';
+            const expired = token.expiresAt && new Date(token.expiresAt) < new Date();
+            console.log(`  ${index + 1}. ${token.name} (last used: ${lastUsed}) - ${expired ? 'expired' : expires}`);
+        });
+    });
+    const revokeCmd = new commander_1.Command('revoke')
+        .description('Revoke a token')
+        .argument('<id>', 'Token ID')
+        .action(async (id) => {
+        const sessionManager = new session_1.SessionManager();
+        const session = await sessionManager.loadSession();
+        if (!session) {
+            formatter_1.OutputFormatter.info('未登录');
+            return;
+        }
+        const res = await fetch(`${session.apiUrl}/api/cli/auth/tokens/${id}`, {
+            method: 'DELETE',
+            headers: {
+                'Authorization': `Bearer ${session.token}`
+            }
+        });
+        if (!res.ok) {
+            formatter_1.OutputFormatter.error('Failed to revoke token');
+            return;
+        }
+        formatter_1.OutputFormatter.success('Token已撤销');
+    });
+    cmd.addCommand(listCmd);
+    cmd.addCommand(revokeCmd);
+    return cmd;
+}

package/dist/commands/auth/whoami.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function makeWhoamiCommand(): Command;

package/dist/commands/auth/whoami.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeWhoamiCommand = makeWhoamiCommand;
+const commander_1 = require("commander");
+const session_1 = require("../../lib/session");
+const formatter_1 = require("../../output/formatter");
+function makeWhoamiCommand() {
+    const cmd = new commander_1.Command('whoami')
+        .description('Show current login status')
+        .action(async () => {
+        const sessionManager = new session_1.SessionManager();
+        const session = await sessionManager.loadSession();
+        if (!session) {
+            formatter_1.OutputFormatter.info('未登录');
+            console.log('请使用: xw login');
+            return;
+        }
+        if (sessionManager.isExpired(session)) {
+            formatter_1.OutputFormatter.info('登录已过期');
+            console.log('请使用: xw login');
+            await sessionManager.clearSession();
+            return;
+        }
+        const expiresIn = session.expiresAt
+            ? Math.max(0, Math.floor((new Date(session.expiresAt).getTime() - Date.now()) / (24 * 60 * 60 * 1000)))
+            : 'never';
+        console.log(`Logged in as: ${session.userName} (${session.userEmail})`);
+        console.log(`Device: ${session.deviceId}`);
+        console.log(`Expires in: ${expiresIn === 'never' ? 'never' : `${expiresIn} days`}`);
+    });
+    return cmd;
+}

package/dist/index.js

@@ -13,6 +13,10 @@ const build_1 = require("./commands/build");
 const scale_1 = require("./commands/scale");
 const logs_1 = require("./commands/logs");
 const pods_1 = require("./commands/pods");
+const login_1 = require("./commands/auth/login");
+const logout_1 = require("./commands/auth/logout");
+const whoami_1 = require("./commands/auth/whoami");
+const tokens_1 = require("./commands/auth/tokens");
 const program = new commander_1.Command();
 program
     .name('xw')
@@ -28,4 +32,8 @@ program.addCommand((0, deploy_1.makeDeployCommand)());
 program.addCommand((0, scale_1.makeScaleCommand)());
 program.addCommand((0, logs_1.makeLogsCommand)());
 program.addCommand((0, pods_1.makePodsCommand)());
+program.addCommand((0, login_1.makeLoginCommand)());
+program.addCommand((0, logout_1.makeLogoutCommand)());
+program.addCommand((0, whoami_1.makeWhoamiCommand)());
+program.addCommand((0, tokens_1.makeTokensCommand)());
 program.parse(process.argv);

package/dist/lib/auth.d.ts

@@ -0,0 +1,6 @@
+export interface ApiOptions {
+    method?: string;
+    body?: any;
+    headers?: Record<string, string>;
+}
+export declare function authenticatedFetch(url: string, options?: ApiOptions): Promise<Response>;

package/dist/lib/auth.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticatedFetch = authenticatedFetch;
+const session_1 = require("./session");
+async function authenticatedFetch(url, options = {}) {
+    const sessionManager = new session_1.SessionManager();
+    const session = await sessionManager.loadSession();
+    if (!session) {
+        throw new Error('Not logged in. Please run: xw login');
+    }
+    if (sessionManager.isExpired(session)) {
+        await sessionManager.clearSession();
+        throw new Error('Session expired. Please run: xw login');
+    }
+    const response = await fetch(url, {
+        method: options.method || 'GET',
+        headers: {
+            'Authorization': `Bearer ${session.token}`,
+            'Content-Type': 'application/json',
+            ...options.headers
+        },
+        body: options.body ? JSON.stringify(options.body) : undefined
+    });
+    if (response.status === 401) {
+        await sessionManager.clearSession();
+        throw new Error('Authentication failed. Please run: xw login');
+    }
+    return response;
+}

package/dist/lib/session.d.ts

@@ -0,0 +1,18 @@
+export interface Session {
+    token: string;
+    userId: string;
+    userName: string;
+    userEmail: string;
+    userRole: string;
+    deviceId: string;
+    expiresAt: string | null;
+    apiUrl: string;
+}
+export declare class SessionManager {
+    private sessionPath;
+    constructor();
+    saveSession(session: Session): Promise<void>;
+    loadSession(): Promise<Session | null>;
+    clearSession(): Promise<void>;
+    isExpired(session: Session): boolean;
+}

package/dist/lib/session.js

@@ -0,0 +1,72 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionManager = void 0;
+const fs = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+class SessionManager {
+    constructor() {
+        this.sessionPath = path.join(os.homedir(), '.xw', 'session.json');
+    }
+    async saveSession(session) {
+        const dir = path.dirname(this.sessionPath);
+        await fs.mkdir(dir, { recursive: true });
+        await fs.writeFile(this.sessionPath, JSON.stringify(session, null, 2));
+    }
+    async loadSession() {
+        try {
+            const content = await fs.readFile(this.sessionPath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch {
+            return null;
+        }
+    }
+    async clearSession() {
+        try {
+            await fs.unlink(this.sessionPath);
+        }
+        catch {
+            // Ignore errors
+        }
+    }
+    isExpired(session) {
+        if (!session.expiresAt)
+            return false;
+        return new Date(session.expiresAt) < new Date();
+    }
+}
+exports.SessionManager = SessionManager;

package/package.json

@@ -1,12 +1,17 @@
 {
   "name": "xuanwu-cli",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "description": "玄武工厂平台 CLI 工具",
   "main": "dist/index.js",
   "bin": {
     "xuanwu": "./bin/xuanwu",
     "xw": "./bin/xuanwu"
   },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js"
+  },
   "keywords": [
     "cli",
     "kubernetes",
@@ -15,18 +20,14 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
+    "axios": "^1.6.5",
     "commander": "^11.1.0",
     "inquirer": "^9.2.12",
-    "axios": "^1.6.5"
+    "open": "^11.0.0"
   },
   "devDependencies": {
     "@types/inquirer": "^9.0.7",
     "@types/node": "^20.11.0",
     "typescript": "^5.3.3"
-  },
-  "scripts": {
-    "build": "tsc",
-    "dev": "tsc --watch",
-    "start": "node dist/index.js"
   }
-}
+}

package/src/commands/auth/login.ts

@@ -0,0 +1,168 @@
+import { Command } from 'commander'
+import open from 'open'
+import { SessionManager } from '../../lib/session'
+import { OutputFormatter } from '../../output/formatter'
+
+export function makeLoginCommand(): Command {
+  const cmd = new Command('login')
+    .description('Login to xuanwu factory')
+    .option('-u, --api-url <url>', 'API server URL', 'https://i.xuanwu.dev.aimstek.cn')
+    .option('-e, --email <email>', 'Email address (for non-interactive login)')
+    .option('-p, --password <password>', 'Password (for non-interactive login)')
+    .option('--expires-in <duration>', 'Token expiration (30d, 90d, never)', '30d')
+    .action(async (options) => {
+      const sessionManager = new SessionManager()
+
+      if (options.email && options.password) {
+        await loginWithCredentials(
+          sessionManager,
+          options.email,
+          options.password,
+          options.expiresIn,
+          options.apiUrl
+        )
+        return
+      }
+
+      await loginWithBrowser(sessionManager, options.apiUrl)
+    })
+
+  return cmd
+}
+
+async function loginWithBrowser(sessionManager: SessionManager, apiUrl: string): Promise<void> {
+  const finalApiUrl = process.env.XW_API_URL || apiUrl
+
+  const deviceAuthRes = await fetch(`${finalApiUrl}/api/cli/auth/device-code`, {
+    method: 'POST'
+  })
+
+  if (!deviceAuthRes.ok) {
+    OutputFormatter.error('Failed to generate device code')
+    process.exit(1)
+  }
+
+  const { sessionId, loginUrl, code } = await deviceAuthRes.json() as { sessionId: string; loginUrl: string; code: string }
+
+  OutputFormatter.info('正在生成设备授权码...')
+  console.log(`授权码: ${code}`)
+  console.log(`已打开浏览器: ${loginUrl}`)
+  OutputFormatter.info('请在浏览器中完成授权')
+  OutputFormatter.info('等待授权...')
+
+  try {
+    await open(loginUrl)
+  } catch (error) {
+    console.log(`如果浏览器未打开，请手动访问: ${loginUrl}`)
+  }
+
+  const maxAttempts = 60
+  let attempts = 0
+
+  while (attempts < maxAttempts) {
+    await new Promise(resolve => setTimeout(resolve, 3000))
+
+    const pollRes = await fetch(
+      `${finalApiUrl}/api/cli/auth/poll?session_id=${sessionId}`
+    )
+
+    if (!pollRes.ok) {
+      OutputFormatter.error('Failed to poll auth status')
+      process.exit(1)
+    }
+
+    const pollData = await pollRes.json() as { status: string; token: string; user: { id: string; name: string; email: string; role: string } }
+    const { status, token, user } = pollData
+
+    if (status === 'success') {
+      const expiresIn = 30 * 24 * 60 * 60 * 1000
+      await sessionManager.saveSession({
+        token,
+        userId: user.id,
+        userName: user.name,
+        userEmail: user.email,
+        userRole: user.role,
+        deviceId: 'CLI Device',
+        expiresAt: new Date(Date.now() + expiresIn).toISOString(),
+        apiUrl: finalApiUrl
+      })
+
+      console.log('')
+      OutputFormatter.success('授权成功！')
+      OutputFormatter.success('登录成功！')
+      console.log(`  用户: ${user.name} (${user.email})`)
+      console.log(`  设备: CLI Device`)
+      console.log(`  过期时间: 30天`)
+      return
+    }
+
+    if (status === 'expired') {
+      OutputFormatter.error('授权已过期，请重新尝试')
+      process.exit(1)
+    }
+
+    if (attempts % 5 === 0) {
+      OutputFormatter.info(`等待中... (${attempts * 3}秒)`)
+    }
+
+    attempts++
+  }
+
+  OutputFormatter.error('授权超时，请重新尝试')
+  process.exit(1)
+}
+
+async function loginWithCredentials(
+  sessionManager: SessionManager,
+  email: string,
+  password: string,
+  expiresIn: string,
+  apiUrl: string
+): Promise<void> {
+  const finalApiUrl = process.env.XW_API_URL || apiUrl
+
+  console.log(`使用邮箱密码登录: ${email}`)
+
+  const res = await fetch(`${finalApiUrl}/api/cli/auth/login`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      email,
+      password,
+      deviceName: 'CLI Device',
+      expiresIn
+    })
+  })
+
+  if (!res.ok) {
+    const error = await res.json() as { error: string }
+    OutputFormatter.error(`登录失败: ${error.error}`)
+    process.exit(1)
+  }
+
+  const loginData = await res.json() as { token: string; user: { id: string; name: string; email: string; role: string } }
+  const { token, user } = loginData
+
+  const expiresAt = expiresIn === 'never'
+    ? null
+    : new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()
+
+  const deviceId = expiresIn === 'never' ? 'CI/CD Server' : 'CLI Device'
+  const expiresText = expiresIn === 'never' ? '永不过期' : '30天'
+
+  await sessionManager.saveSession({
+    token,
+    userId: user.id,
+    userName: user.name,
+    userEmail: user.email,
+    userRole: user.role,
+    deviceId,
+    expiresAt,
+    apiUrl: finalApiUrl
+  })
+
+  OutputFormatter.success('登录成功！')
+  console.log(`  用户: ${user.name} (${user.email})`)
+  console.log(`  设备: ${deviceId}`)
+  console.log(`  过期时间: ${expiresText}`)
+}

package/src/commands/auth/logout.ts

@@ -0,0 +1,34 @@
+import { Command } from 'commander'
+import { SessionManager } from '../../lib/session'
+import { OutputFormatter } from '../../output/formatter'
+
+export function makeLogoutCommand(): Command {
+  const cmd = new Command('logout')
+    .description('Logout from xuanwu factory')
+    .action(async () => {
+      const sessionManager = new SessionManager()
+      const session = await sessionManager.loadSession()
+
+      if (!session) {
+        OutputFormatter.info('未登录')
+        return
+      }
+
+      try {
+        await fetch(`${session.apiUrl}/api/cli/auth/logout`, {
+          method: 'POST',
+          headers: {
+            'Authorization': `Bearer ${session.token}`,
+            'Content-Type': 'application/json'
+          }
+        })
+      } catch (error) {
+        // Ignore API errors
+      }
+
+      await sessionManager.clearSession()
+      OutputFormatter.success('登出成功')
+    })
+
+  return cmd
+}

package/src/commands/auth/tokens.ts

@@ -0,0 +1,85 @@
+import { Command } from 'commander'
+import { SessionManager } from '../../lib/session'
+import { OutputFormatter } from '../../output/formatter'
+
+export function makeTokensCommand(): Command {
+  const cmd = new Command('tokens')
+    .description('List all tokens')
+
+  const listCmd = new Command('list')
+    .description('List all tokens')
+    .action(async () => {
+      const sessionManager = new SessionManager()
+      const session = await sessionManager.loadSession()
+
+      if (!session) {
+        OutputFormatter.info('未登录')
+        return
+      }
+
+      const res = await fetch(`${session.apiUrl}/api/cli/auth/tokens`, {
+        headers: {
+          'Authorization': `Bearer ${session.token}`
+        }
+      })
+
+      if (!res.ok) {
+        OutputFormatter.error('Failed to list tokens')
+        return
+      }
+
+      const { tokens } = await res.json() as { tokens: Array<{ id: string; name: string; lastUsedAt?: string; expiresAt?: string }> }
+
+      if (tokens.length === 0) {
+        OutputFormatter.info('没有找到tokens')
+        return
+      }
+
+      console.log('Your Tokens:')
+      tokens.forEach((token, index) => {
+        const lastUsed = token.lastUsedAt
+          ? `${Math.floor((Date.now() - new Date(token.lastUsedAt).getTime()) / (60 * 60 * 1000))}h ago`
+          : 'never'
+
+        const expires = token.expiresAt
+          ? `${Math.max(0, Math.floor((new Date(token.expiresAt).getTime() - Date.now()) / (24 * 60 * 60 * 1000)))} days`
+          : 'never'
+
+        const expired = token.expiresAt && new Date(token.expiresAt) < new Date()
+
+        console.log(`  ${index + 1}. ${token.name} (last used: ${lastUsed}) - ${expired ? 'expired' : expires}`)
+      })
+    })
+
+  const revokeCmd = new Command('revoke')
+    .description('Revoke a token')
+    .argument('<id>', 'Token ID')
+    .action(async (id) => {
+      const sessionManager = new SessionManager()
+      const session = await sessionManager.loadSession()
+
+      if (!session) {
+        OutputFormatter.info('未登录')
+        return
+      }
+
+      const res = await fetch(`${session.apiUrl}/api/cli/auth/tokens/${id}`, {
+        method: 'DELETE',
+        headers: {
+          'Authorization': `Bearer ${session.token}`
+        }
+      })
+
+      if (!res.ok) {
+        OutputFormatter.error('Failed to revoke token')
+        return
+      }
+
+      OutputFormatter.success('Token已撤销')
+    })
+
+  cmd.addCommand(listCmd)
+  cmd.addCommand(revokeCmd)
+
+  return cmd
+}

package/src/commands/auth/whoami.ts

@@ -0,0 +1,35 @@
+import { Command } from 'commander'
+import { SessionManager } from '../../lib/session'
+import { OutputFormatter } from '../../output/formatter'
+
+export function makeWhoamiCommand(): Command {
+  const cmd = new Command('whoami')
+    .description('Show current login status')
+    .action(async () => {
+      const sessionManager = new SessionManager()
+      const session = await sessionManager.loadSession()
+
+      if (!session) {
+        OutputFormatter.info('未登录')
+        console.log('请使用: xw login')
+        return
+      }
+
+      if (sessionManager.isExpired(session)) {
+        OutputFormatter.info('登录已过期')
+        console.log('请使用: xw login')
+        await sessionManager.clearSession()
+        return
+      }
+
+      const expiresIn = session.expiresAt
+        ? Math.max(0, Math.floor((new Date(session.expiresAt).getTime() - Date.now()) / (24 * 60 * 60 * 1000)))
+        : 'never'
+
+      console.log(`Logged in as: ${session.userName} (${session.userEmail})`)
+      console.log(`Device: ${session.deviceId}`)
+      console.log(`Expires in: ${expiresIn === 'never' ? 'never' : `${expiresIn} days`}`)
+    })
+
+  return cmd
+}

package/src/index.ts

@@ -13,6 +13,10 @@ import { makeBuildCommand } from './commands/build'
 import { makeScaleCommand } from './commands/scale'
 import { makeLogsCommand } from './commands/logs'
 import { makePodsCommand } from './commands/pods'
+import { makeLoginCommand } from './commands/auth/login'
+import { makeLogoutCommand } from './commands/auth/logout'
+import { makeWhoamiCommand } from './commands/auth/whoami'
+import { makeTokensCommand } from './commands/auth/tokens'
 
 const program = new Command()
 
@@ -31,5 +35,9 @@ program.addCommand(makeDeployCommand())
 program.addCommand(makeScaleCommand())
 program.addCommand(makeLogsCommand())
 program.addCommand(makePodsCommand())
+program.addCommand(makeLoginCommand())
+program.addCommand(makeLogoutCommand())
+program.addCommand(makeWhoamiCommand())
+program.addCommand(makeTokensCommand())
 
 program.parse(process.argv)

package/src/lib/auth.ts

@@ -0,0 +1,41 @@
+import { SessionManager } from './session'
+
+export interface ApiOptions {
+  method?: string
+  body?: any
+  headers?: Record<string, string>
+}
+
+export async function authenticatedFetch(
+  url: string,
+  options: ApiOptions = {}
+): Promise<Response> {
+  const sessionManager = new SessionManager()
+  const session = await sessionManager.loadSession()
+
+  if (!session) {
+    throw new Error('Not logged in. Please run: xw login')
+  }
+
+  if (sessionManager.isExpired(session)) {
+    await sessionManager.clearSession()
+    throw new Error('Session expired. Please run: xw login')
+  }
+
+  const response = await fetch(url, {
+    method: options.method || 'GET',
+    headers: {
+      'Authorization': `Bearer ${session.token}`,
+      'Content-Type': 'application/json',
+      ...options.headers
+    },
+    body: options.body ? JSON.stringify(options.body) : undefined
+  })
+
+  if (response.status === 401) {
+    await sessionManager.clearSession()
+    throw new Error('Authentication failed. Please run: xw login')
+  }
+
+  return response
+}

package/src/lib/session.ts

@@ -0,0 +1,50 @@
+import * as fs from 'fs/promises'
+import * as path from 'path'
+import * as os from 'os'
+
+export interface Session {
+  token: string
+  userId: string
+  userName: string
+  userEmail: string
+  userRole: string
+  deviceId: string
+  expiresAt: string | null
+  apiUrl: string
+}
+
+export class SessionManager {
+  private sessionPath: string
+
+  constructor() {
+    this.sessionPath = path.join(os.homedir(), '.xw', 'session.json')
+  }
+
+  async saveSession(session: Session): Promise<void> {
+    const dir = path.dirname(this.sessionPath)
+    await fs.mkdir(dir, { recursive: true })
+    await fs.writeFile(this.sessionPath, JSON.stringify(session, null, 2))
+  }
+
+  async loadSession(): Promise<Session | null> {
+    try {
+      const content = await fs.readFile(this.sessionPath, 'utf-8')
+      return JSON.parse(content)
+    } catch {
+      return null
+    }
+  }
+
+  async clearSession(): Promise<void> {
+    try {
+      await fs.unlink(this.sessionPath)
+    } catch {
+      // Ignore errors
+    }
+  }
+
+  isExpired(session: Session): boolean {
+    if (!session.expiresAt) return false
+    return new Date(session.expiresAt) < new Date()
+  }
+}

package/test/integration.js

@@ -1,9 +1,11 @@
 /**
  * 集成测试 - 基于 CLI API v2.0
  * 测试新的 Application (code), Service (ns/name), Build API
+ * 以及认证登录功能
  */
 
 const { createClient, APIClient } = require('../dist/api/client')
+const { SessionManager } = require('../dist/lib/session')
 
 const JWT_TOKEN = process.env.XW_TOKEN || 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJjbW1sbjVyczEwMDFuenlreWZwdXFtY3FvIiwiZmVpc2h1SWQiOiIiLCJyb2xlIjoiQURNSU4iLCJpYXQiOjE3NzMyMDk1MTEsImV4cCI6MTc3MzgxNDMxMX0.7-mJbZdsm1MrjNlBHN8RhJ0dHSIZfKwnY22JOFV4FlI'
 const API_ENDPOINT = process.env.XW_ENDPOINT || 'http://localhost:3000'
@@ -36,6 +38,111 @@ function sleep(ms) {
   return new Promise(resolve => setTimeout(resolve, ms))
 }
 
+async function testSessionManager() {
+  log('Auth: SessionManager Tests')
+  const results = { passed: 0, failed: 0 }
+
+  const sessionManager = new SessionManager()
+
+  // Test 1: Save and load session
+  const testSession = {
+    token: 'test-token-123',
+    userId: 'user-123',
+    userName: 'Test User',
+    userEmail: 'test@example.com',
+    userRole: 'USER',
+    deviceId: 'Test Device',
+    expiresAt: new Date(Date.now() + 86400000).toISOString(),
+    apiUrl: 'http://localhost:3000'
+  }
+
+  try {
+    await sessionManager.saveSession(testSession)
+    const loaded = await sessionManager.loadSession()
+    
+    if (loaded && loaded.token === testSession.token && loaded.userId === testSession.userId) {
+      console.log('  saveSession + loadSession: ✅ OK')
+      results.passed++
+    } else {
+      console.log('  saveSession + loadSession: ❌ Failed to load session correctly')
+      results.failed++
+    }
+  } catch (error) {
+    console.log('  saveSession + loadSession: ❌', error.message)
+    results.failed++
+  }
+
+  // Test 2: Detect expired session
+  try {
+    const expiredSession = {
+      token: 'expired-token',
+      userId: 'user-123',
+      userName: 'Test User',
+      userEmail: 'test@example.com',
+      userRole: 'USER',
+      deviceId: 'Test Device',
+      expiresAt: new Date(Date.now() - 86400000).toISOString(),
+      apiUrl: 'http://localhost:3000'
+    }
+    
+    const isExpired = sessionManager.isExpired(expiredSession)
+    if (isExpired === true) {
+      console.log('  isExpired (expired): ✅ OK')
+      results.passed++
+    } else {
+      console.log('  isExpired (expired): ❌ Should return true')
+      results.failed++
+    }
+  } catch (error) {
+    console.log('  isExpired: ❌', error.message)
+    results.failed++
+  }
+
+  // Test 3: Non-expired session
+  try {
+    const validSession = {
+      token: 'valid-token',
+      userId: 'user-123',
+      userName: 'Test User',
+      userEmail: 'test@example.com',
+      userRole: 'USER',
+      deviceId: 'Test Device',
+      expiresAt: new Date(Date.now() + 86400000).toISOString(),
+      apiUrl: 'http://localhost:3000'
+    }
+    
+    const isExpired = sessionManager.isExpired(validSession)
+    if (isExpired === false) {
+      console.log('  isExpired (valid): ✅ OK')
+      results.passed++
+    } else {
+      console.log('  isExpired (valid): ❌ Should return false')
+      results.failed++
+    }
+  } catch (error) {
+    console.log('  isExpired: ❌', error.message)
+    results.failed++
+  }
+
+  // Test 4: Clear session
+  try {
+    await sessionManager.clearSession()
+    const loaded = await sessionManager.loadSession()
+    if (loaded === null) {
+      console.log('  clearSession: ✅ OK')
+      results.passed++
+    } else {
+      console.log('  clearSession: ❌ Session should be null after clear')
+      results.failed++
+    }
+  } catch (error) {
+    console.log('  clearSession: ❌', error.message)
+    results.failed++
+  }
+
+  return results
+}
+
 async function runTests() {
   console.log('='.repeat(60))
   console.log('Integration Test: CLI API v2.0')
@@ -50,6 +157,12 @@ async function runTests() {
     isDefault: true
   })
 
+  // ========================================
+  // 0. SessionManager Tests
+  // ========================================
+  log('0. SessionManager Tests')
+  const sessionResults = await testSessionManager()
+
   const results = {
     passed: 0,
     failed: 0,
@@ -273,21 +386,40 @@ async function runTests() {
     // ========================================
     // 输出测试报告
     // ========================================
+    const totalPassed = results.passed + sessionResults.passed
+    const totalFailed = results.failed + sessionResults.failed
+    const total = totalPassed + totalFailed
+
     console.log('\n📊 测试报告')
     console.log('='.repeat(60))
-    console.log(`总测试数: ${results.passed + results.failed}`)
-    console.log(`通过: ${results.passed} ✅`)
-    console.log(`失败: ${results.failed} ❌`)
-    console.log(`通过率: ${((results.passed / (results.passed + results.failed)) * 100).toFixed(1)}%`)
+    console.log('SessionManager 测试:')
+    console.log(`  通过: ${sessionResults.passed} ✅`)
+    console.log(`  失败: ${sessionResults.failed} ❌`)
+    console.log('')
+    console.log('API 测试:')
+    console.log(`  通过: ${results.passed} ✅`)
+    console.log(`  失败: ${results.failed} ❌`)
+    console.log('')
+    console.log(`总测试数: ${total}`)
+    console.log(`通过: ${totalPassed} ✅`)
+    console.log(`失败: ${totalFailed} ❌`)
+    console.log(`通过率: ${total > 0 ? ((totalPassed / total) * 100).toFixed(1) : 0}%`)
     console.log('='.repeat(60))
     console.log('\n详细结果:')
+    console.log('  [SessionManager]')
+    console.log(`    1. ✅ saveSession + loadSession`)
+    console.log(`    2. ✅ isExpired (expired)`)
+    console.log(`    3. ✅ isExpired (valid)`)
+    console.log(`    4. ✅ clearSession`)
     results.tests.forEach((test, idx) => {
       const icon = test.status === 'PASS' ? '✅' : '❌'
-      console.log(`  ${idx + 1}. ${icon} ${test.name}${test.message ? ` - ${test.message}` : ''}`)
+      console.log(`  ${idx + 5}. ${icon} ${test.name}${test.message ? ` - ${test.message}` : ''}`)
     })
     console.log('='.repeat(60))
 
-    process.exit(results.failed > 0 ? 1 : 0)
+    const sessionFailed = sessionResults.failed > 0
+    const apiFailed = results.failed > 0
+    process.exit(sessionFailed || apiFailed ? 1 : 0)
 
   } catch (error) {
     console.error('\n❌ Test failed with error:', error.message)