Skip to content

feat: SDK update for version 22.2.0#330

Merged
ChiragAgg5k merged 4 commits into
masterfrom
dev
Jun 24, 2026
Merged

feat: SDK update for version 22.2.0#330
ChiragAgg5k merged 4 commits into
masterfrom
dev

Conversation

@ChiragAgg5k

@ChiragAgg5k ChiragAgg5k commented Jun 23, 2026

Copy link
Copy Markdown
Member

This PR contains updates to the SDK for version 22.2.0.

What's Changed

  • Added: OAuth refresh tokens now stored in the OS keychain via @napi-rs/keyring, falling back to config
  • Added: --type option to functions list-specifications and sites list-specifications
  • Updated: Bumped @appwrite.io/console dependency to ^15.1.1
  • Updated: Cleaner account selection prompt for logout with a (current) marker
  • Fixed: OAuth login now clears the stale legacy session cookie
  • Fixed: Browser launch on Windows now uses rundll32 for OAuth flows

@ChiragAgg5k ChiragAgg5k changed the title feat: Command Line SDK update for version 22.2.0 feat: SDK update for version 22.2.0 Jun 23, 2026
@greptile-apps

greptile-apps Bot commented Jun 23, 2026

Copy link
Copy Markdown

Greptile Summary

This PR updates the CLI SDK to v22.2.0, adding OS keychain storage for OAuth refresh tokens (via @napi-rs/keyring with a config-file fallback), a --type filter for list-specifications, a cleaner logout prompt, and two bug fixes (stale cookie clearing and Windows rundll32 browser launch).

  • Keychain storage: lib/auth/refresh-token.ts is a new module that abstracts token storage; all session-removal paths in session.ts and client.ts correctly pair deleteStoredRefreshToken with globalConfig.removeSession, except for one error path in loginWithOAuthDevice (see inline comment).
  • Windows browser launch: switches from cmd /c start to rundll32 url.dll,FileProtocolHandler, avoiding cmd's shell interpretation of & in OAuth redirect URLs.
  • Logout UX: removes the fragile longestEmail reduce (which threw on empty session arrays) and replaces it with a simpler, chalk-highlighted (current) marker.

Confidence Score: 4/5

Safe to merge with one fix: the error path after account verification fails in the OAuth login flow must call deleteStoredRefreshToken before removing the session from config, otherwise a keyring entry for the revoked session is silently orphaned.

The keychain integration is careful and the happy path is correct. Every other session-removal site in this PR properly cleans up keyring storage before removing the config entry. The one exception is the catch block in loginWithOAuthDevice that fires when getCurrentAccount() fails after a successful token exchange — at that point setStoredRefreshToken has already written to the keychain, but the subsequent cleanup skips deleteStoredRefreshToken, leaving an orphaned (though revoked and harmless) keychain entry.

lib/auth/login.ts — the catch block after getCurrentAccount() needs a deleteStoredRefreshToken(id) call before globalConfig.removeSession(id).

Important Files Changed

Filename Overview
lib/auth/refresh-token.ts New module centralising refresh-token storage, reading from OS keychain (via @napi-rs/keyring) with a prefs fallback. Logic is sound, error handling and migration paths are present; factory injection for tests is well-structured.
lib/auth/login.ts OAuth device login now uses setStoredRefreshToken and removeCookie. The error path after getCurrentAccount() fails is missing a deleteStoredRefreshToken(id) call, leaving an orphaned keyring entry for the revoked session.
lib/auth/session.ts All session-removal paths (logoutSessions, removeLegacySessionsExcept, removeCurrentSession) correctly call deleteStoredRefreshToken before globalConfig.removeSession.
lib/sdks.ts getValidAccessToken migrated to getStoredRefreshToken/setStoredRefreshToken; currentSession guard ensures sessionId is never empty when storing a newly-issued refresh token.
lib/config.ts Added removeCookie() and the underlying deleteFrom() helper; implementation correctly mirrors the existing setTo() pattern and handles missing current session gracefully.
lib/utils.ts Windows browser-open changed from cmd /c start to rundll32 url.dll,FileProtocolHandler; arguments are passed via spawn array so no shell-interpretation issues.
lib/client.ts MFA-error cleanup path correctly calls deleteStoredRefreshToken before removeSession.
lib/questions.ts Logout prompt simplified; removes the crash-prone longestEmail reduce call on potentially-empty arrays and adds a cleaner (current) marker with a short field.
lib/commands/services/functions.ts Adds --type option to list-specifications, passed directly to the SDK client.
lib/commands/services/sites.ts Adds --type option to list-specifications, mirroring the functions change.

Reviews (2): Last reviewed commit: "chore: update Command Line SDK to 22.2.0" | Re-trigger Greptile

Comment thread lib/auth/login.ts
@ChiragAgg5k ChiragAgg5k changed the title feat: SDK update for version 22.2.0 feat: Command Line SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k changed the title feat: Command Line SDK update for version 22.2.0 feat: SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k changed the title feat: SDK update for version 22.2.0 feat: Command Line SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k changed the title feat: Command Line SDK update for version 22.2.0 feat: SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k changed the title feat: SDK update for version 22.2.0 feat: Command Line SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k changed the title feat: Command Line SDK update for version 22.2.0 feat: SDK update for version 22.2.0 Jun 24, 2026
@ChiragAgg5k ChiragAgg5k merged commit 9775720 into master Jun 24, 2026
2 checks passed
@ChiragAgg5k ChiragAgg5k deleted the dev branch June 24, 2026 03:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants