({
email,
sso,
console: useConsole,
claudeai,
}: {
email?: string
sso?: boolean
console?: boolean
claudeai?: boolean
})
| 110 | } |
| 111 | |
| 112 | export async function authLogin({ |
| 113 | email, |
| 114 | sso, |
| 115 | console: useConsole, |
| 116 | claudeai, |
| 117 | }: { |
| 118 | email?: string |
| 119 | sso?: boolean |
| 120 | console?: boolean |
| 121 | claudeai?: boolean |
| 122 | }): Promise<void> { |
| 123 | if (useConsole && claudeai) { |
| 124 | process.stderr.write( |
| 125 | 'Error: --console and --claudeai cannot be used together.\n', |
| 126 | ) |
| 127 | process.exit(1) |
| 128 | } |
| 129 | |
| 130 | const settings = getInitialSettings() |
| 131 | // forceLoginMethod is a hard constraint (enterprise setting) — matches ConsoleOAuthFlow behavior. |
| 132 | // Without it, --console selects Console; --claudeai (or no flag) selects claude.ai. |
| 133 | const loginWithClaudeAi = settings.forceLoginMethod |
| 134 | ? settings.forceLoginMethod === 'claudeai' |
| 135 | : !useConsole |
| 136 | const orgUUID = settings.forceLoginOrgUUID |
| 137 | |
| 138 | // Fast path: if a refresh token is provided via env var, skip the browser |
| 139 | // OAuth flow and exchange it directly for tokens. |
| 140 | const envRefreshToken = process.env.CLAUDE_CODE_OAUTH_REFRESH_TOKEN |
| 141 | if (envRefreshToken) { |
| 142 | const envScopes = process.env.CLAUDE_CODE_OAUTH_SCOPES |
| 143 | if (!envScopes) { |
| 144 | process.stderr.write( |
| 145 | 'CLAUDE_CODE_OAUTH_SCOPES is required when using CLAUDE_CODE_OAUTH_REFRESH_TOKEN.\n' + |
| 146 | 'Set it to the space-separated scopes the refresh token was issued with\n' + |
| 147 | '(e.g. "user:inference" or "user:profile user:inference user:sessions:claude_code user:mcp_servers").\n', |
| 148 | ) |
| 149 | process.exit(1) |
| 150 | } |
| 151 | |
| 152 | const scopes = envScopes.split(/\s+/).filter(Boolean) |
| 153 | |
| 154 | try { |
| 155 | logEvent('tengu_login_from_refresh_token', {}) |
| 156 | |
| 157 | const tokens = await refreshOAuthToken(envRefreshToken, { scopes }) |
| 158 | await installOAuthTokens(tokens) |
| 159 | |
| 160 | const orgResult = await validateForceLoginOrg() |
| 161 | if (!orgResult.valid) { |
| 162 | process.stderr.write(orgResult.message + '\n') |
| 163 | process.exit(1) |
| 164 | } |
| 165 | |
| 166 | // Mark onboarding complete — interactive paths handle this via |
| 167 | // the Onboarding component, but the env var path skips it. |
| 168 | saveGlobalConfig(current => { |
| 169 | if (current.hasCompletedOnboarding) return current |
no test coverage detected