chore: fix merge conflicts

Author: v3nant

README.md

@@ -68,11 +68,11 @@ Maven and Gradle projects should run an install and build before scanning
 ## Usage
 <!-- usage -->
 ```sh-session
-$ npm install -g @herodevs/cli
+$ npm install -g @herodevs/cli@beta
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/2.0.0-beta.14 darwin-arm64 node-v20.19.5
+@herodevs/cli/2.0.0-beta.14 darwin-arm64 node-v24.10.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -314,7 +314,7 @@ EXAMPLES
   $ hd tracker run -d tracker -f settings.json
 ```
 
-_See code: [src/commands/tracker/run.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.14/src/commands/tracker/run.ts)_
+_See code: [src/commands/tracker/run.ts](https://github.com/herodevs/cli/blob/main/src/commands/tracker/run.ts)_
 
 ## `hd update [CHANNEL]`
 

src/api/user-setup.client.ts

@@ -10,6 +10,8 @@ import { getGraphQLErrors } from './graphql-errors.ts';
 
 const USER_SETUP_MAX_ATTEMPTS = 3;
 const USER_SETUP_RETRY_DELAY_MS = 500;
+const USER_FACING_SERVER_ERROR = 'Please contact your administrator.';
+const SERVER_ERROR_CODES = ['INTERNAL_SERVER_ERROR', 'SERVER_ERROR', 'SERVICE_UNAVAILABLE'];
 
 type UserSetupStatusResponse = {
   eol?: {
@@ -39,6 +41,10 @@ export async function getUserSetupStatus(): Promise<boolean> {
   if (res?.error || errors?.length) {
     debugLogger('Error returned from userSetupStatus query: %o', res.error || errors);
     if (errors?.length) {
+      const rawCode = (errors[0]?.extensions as { code?: string })?.code;
+      if (rawCode && SERVER_ERROR_CODES.includes(rawCode)) {
+        throw new Error(USER_FACING_SERVER_ERROR);
+      }
       const code = extractErrorCode(errors);
       const message = errors[0].message ?? 'Failed to check user setup status';
       if (code) {
@@ -66,6 +72,10 @@ export async function completeUserSetup(): Promise<boolean> {
   if (res?.error || errors?.length) {
     debugLogger('Error returned from completeUserSetup mutation: %o', res.error || errors);
     if (errors?.length) {
+      const rawCode = (errors[0]?.extensions as { code?: string })?.code;
+      if (rawCode && SERVER_ERROR_CODES.includes(rawCode)) {
+        throw new Error(USER_FACING_SERVER_ERROR);
+      }
       const code = extractErrorCode(errors);
       const message = errors[0].message ?? 'Failed to complete user setup';
       if (code) {

src/commands/auth-ci/provision.ts

@@ -0,0 +1,42 @@
+import { Command, Flags } from '@oclif/core';
+import { provisionCIToken } from '../../api/ci-token.client.ts';
+import { requireAccessToken } from '../../service/auth.svc.ts';
+import { saveCIOrgId, saveCIToken } from '../../service/ci-token.svc.ts';
+import { getErrorMessage } from '../../service/log.svc.ts';
+
+export default class AuthCiProvision extends Command {
+  static override description = 'Provision a CI/CD long-lived refresh token for headless auth';
+
+  static override flags = {
+    orgId: Flags.integer({
+      description: 'Organization ID for the CI token (required)',
+      required: true,
+      aliases: ['org-id'],
+    }),
+  };
+
+  async run() {
+    const { flags } = await this.parse(AuthCiProvision);
+    const orgId = flags.orgId;
+    if (orgId === undefined) {
+      this.error('--org-id is required');
+    }
+
+    try {
+      await requireAccessToken();
+    } catch (error) {
+      this.error(`Must be logged in to provision CI token. Run 'hd auth login' first. ${getErrorMessage(error)}`);
+    }
+
+    try {
+      const result = await provisionCIToken({ orgId });
+      const refreshToken = result.refresh_token;
+      saveCIToken(refreshToken);
+      saveCIOrgId(orgId);
+      this.log('CI token provisioned and saved locally.');
+      this.log(refreshToken);
+    } catch (error) {
+      this.error(`CI token provisioning failed. ${getErrorMessage(error)}`);
+    }
+  }
+}

src/config/constants.ts

@@ -15,18 +15,6 @@ export const DEFAULT_DATE_COMMIT_MONTH_FORMAT = 'MMMM yyyy';
 export const ENABLE_AUTH = false;
 export const ENABLE_USER_SETUP = false;
 
-const toBoolean = (value: string | undefined): boolean | undefined => {
-  if (value === 'true') return true;
-  if (value === 'false') return false;
-  return undefined;
-};
-
-const toPositiveInt = (value: string | undefined): number | undefined => {
-  if (value === undefined || value === '') return undefined;
-  const n = Number.parseInt(value, 10);
-  return Number.isInteger(n) && n >= 1 ? n : undefined;
-};
-
 // Trackers - Constants
 export const DEFAULT_TRACKER_RUN_DATA_FILE = 'data.json';
 export const TRACKER_GIT_OUTPUT_FORMAT = `"${['%H', '%an', '%ad'].join('|')}"`;
@@ -43,6 +31,15 @@ if (parsedPageSize > 0) {
   pageSize = parsedPageSize;
 }
 
+const enableAuthEnv = process.env.ENABLE_AUTH;
+const enableAuth = enableAuthEnv === 'true' ? true : enableAuthEnv === 'false' ? false : ENABLE_AUTH;
+const enableUserSetupEnv = process.env.ENABLE_USER_SETUP;
+const enableUserSetup =
+  enableUserSetupEnv === 'true' ? true : enableUserSetupEnv === 'false' ? false : ENABLE_USER_SETUP;
+const orgIdEnv = process.env.HD_ORG_ID?.trim();
+const orgIdParsed = orgIdEnv ? Number.parseInt(orgIdEnv, 10) : NaN;
+const orgIdFromEnv = Number.isInteger(orgIdParsed) && orgIdParsed >= 1 ? orgIdParsed : undefined;
+
 export const config = {
   eolReportUrl: process.env.EOL_REPORT_URL || EOL_REPORT_URL,
   graphqlHost: process.env.GRAPHQL_HOST || GRAPHQL_HOST,
@@ -52,10 +49,10 @@ export const config = {
   analyticsUrl: process.env.ANALYTICS_URL || ANALYTICS_URL,
   concurrentPageRequests,
   pageSize,
-  enableAuth: toBoolean(process.env.ENABLE_AUTH) ?? ENABLE_AUTH,
-  enableUserSetup: toBoolean(process.env.ENABLE_USER_SETUP) ?? ENABLE_USER_SETUP,
+  enableAuth,
+  enableUserSetup,
   ciTokenFromEnv: process.env.HD_AUTH_TOKEN?.trim() || undefined,
-  orgIdFromEnv: toPositiveInt(process.env.HD_ORG_ID),
+  orgIdFromEnv,
   accessTokenFromEnv: process.env.HD_ACCESS_TOKEN?.trim() || undefined,
 };
 

test/api/nes.client.test.ts

@@ -1,5 +1,6 @@
 import type { CreateEolReportInput } from '@herodevs/eol-shared';
 import { vi } from 'vitest';
+
 vi.mock('../../src/config/constants.ts', async (importOriginal) => {
   const actual = await importOriginal<typeof import('../../src/config/constants.ts')>();
   return {

test/api/user-setup.client.test.ts

@@ -58,7 +58,7 @@ describe('user-setup.client', () => {
         { message: 'Internal server error', extensions: { code: 'INTERNAL_SERVER_ERROR' } },
       ]);
 
-    await expect(ensureUserSetup()).rejects.toThrow('Internal server error');
+    await expect(ensureUserSetup()).rejects.toThrow('Please contact your administrator.');
     expect(fetchMock.getCalls()).toHaveLength(3);
   });
 });

test/commands/auth-ci/login.test.ts

@@ -3,7 +3,6 @@ import { type Mock, vi } from 'vitest';
 const { mockConfig } = vi.hoisted(() => ({
   mockConfig: {
     orgIdFromEnv: undefined as number | undefined,
-    accessTokenFromEnv: undefined as string | undefined,
     ciTokenFromEnv: undefined as string | undefined,
   },
 }));
@@ -17,29 +16,20 @@ vi.mock('../../../src/api/ci-token.client.ts', () => ({
   exchangeCITokenForAccess: vi.fn(),
 }));
 
-vi.mock('../../../src/service/auth-token.svc.ts', () => ({
-  __esModule: true,
-  getStoredTokens: vi.fn(),
-  isAccessTokenExpired: vi.fn(),
-}));
-
 vi.mock('../../../src/service/ci-token.svc.ts', () => ({
   __esModule: true,
   getCIToken: vi.fn(),
   getCIOrgId: vi.fn(),
-  saveCIToken: vi.fn(),
 }));
 
 import { exchangeCITokenForAccess } from '../../../src/api/ci-token.client.ts';
 import AuthCiLogin from '../../../src/commands/auth-ci/login.ts';
-import { isAccessTokenExpired } from '../../../src/service/auth-token.svc.ts';
-import { getCIOrgId, getCIToken, saveCIToken } from '../../../src/service/ci-token.svc.ts';
+import { getCIOrgId, getCIToken } from '../../../src/service/ci-token.svc.ts';
 
 describe('AuthCiLogin command', () => {
   beforeEach(() => {
     vi.resetAllMocks();
     mockConfig.orgIdFromEnv = undefined;
-    mockConfig.accessTokenFromEnv = undefined;
     mockConfig.ciTokenFromEnv = undefined;
   });
 
@@ -60,7 +50,6 @@ describe('AuthCiLogin command', () => {
     expect(exchangeCITokenForAccess).toHaveBeenCalledWith({
       refreshToken: 'ci-refresh-token',
       orgId: 42,
-      optionalAccessToken: undefined,
     });
   });
 
@@ -79,7 +68,6 @@ describe('AuthCiLogin command', () => {
 
     expect(logSpy).toHaveBeenCalledWith('export HD_ACCESS_TOKEN="new-access-token"');
     expect(logSpy).toHaveBeenCalledWith('export HD_AUTH_TOKEN="rotated-refresh-token"');
-    expect(saveCIToken).toHaveBeenCalledWith('rotated-refresh-token');
   });
 
   it('uses orgIdFromEnv when set', async () => {
@@ -99,28 +87,6 @@ describe('AuthCiLogin command', () => {
     expect(getCIOrgId).not.toHaveBeenCalled();
   });
 
-  it('passes optionalAccessToken from HD_ACCESS_TOKEN when valid', async () => {
-    mockConfig.accessTokenFromEnv = 'valid-access-token';
-    mockConfig.orgIdFromEnv = 42;
-    (getCIToken as Mock).mockReturnValue('ci-refresh-token');
-    (isAccessTokenExpired as Mock).mockReturnValue(false);
-    (exchangeCITokenForAccess as Mock).mockResolvedValue({
-      accessToken: 'new-access',
-      refreshToken: 'refresh',
-    });
-    const command = new AuthCiLogin([], {} as Record<string, unknown>);
-    vi.spyOn(command, 'parse').mockResolvedValue({ flags: {}, args: {} } as never);
-    vi.spyOn(command, 'log').mockImplementation(() => {});
-
-    await command.run();
-
-    expect(exchangeCITokenForAccess).toHaveBeenCalledWith({
-      refreshToken: 'ci-refresh-token',
-      orgId: 42,
-      optionalAccessToken: 'valid-access-token',
-    });
-  });
-
   it('errors when orgId is missing', async () => {
     (getCIOrgId as Mock).mockReturnValue(undefined);
     (getCIToken as Mock).mockReturnValue('ci-refresh-token');

test/commands/auth-ci/provision.test.ts

@@ -63,32 +63,25 @@ describe('AuthCiProvision command', () => {
     await command.run();
 
     expect(requireAccessToken).toHaveBeenCalled();
-    expect(provisionCIToken).toHaveBeenCalledWith({
-      orgId: 123,
-      previousToken: null,
-    });
+    expect(provisionCIToken).toHaveBeenCalledWith({ orgId: 123 });
     expect(saveCIToken).toHaveBeenCalledWith('new-ci-refresh-token');
     expect(saveCIOrgId).toHaveBeenCalledWith(123);
     expect(logSpy).toHaveBeenCalledWith('CI token provisioned and saved locally.');
     expect(logSpy).toHaveBeenCalledWith('new-ci-refresh-token');
   });
 
-  it('passes existing CI token as previousToken when rotating', async () => {
-    (getCIToken as Mock).mockReturnValue('existing-refresh-token');
+  it('provisions for different org when logged in', async () => {
     (requireAccessToken as Mock).mockResolvedValue('access-token');
     (provisionCIToken as Mock).mockResolvedValue({
-      refresh_token: 'rotated-ci-refresh-token',
+      refresh_token: 'new-ci-refresh-token',
     });
     const command = new AuthCiProvision([], {} as Record<string, unknown>);
     vi.spyOn(command, 'parse').mockResolvedValue({ flags: { orgId: 456 }, args: {} } as never);
     vi.spyOn(command, 'log').mockImplementation(() => {});
 
     await command.run();
 
-    expect(provisionCIToken).toHaveBeenCalledWith({
-      orgId: 456,
-      previousToken: 'existing-refresh-token',
-    });
+    expect(provisionCIToken).toHaveBeenCalledWith({ orgId: 456 });
     expect(saveCIOrgId).toHaveBeenCalledWith(456);
   });