Currently when doing anything with users, with the exception of invites, we must specify their ID, e.g. auth0|abc123 in order to reference them. It would be far nicer from a UX point of view if we could also use their emails as an alternative.

There are cases where multiple users will have the same email address. In situations like these, we should warn the user and force them to input an ID instead.

Currently most errors are just created by throw new Error(). This means that we don't actually provide much information about errors in any structured form. A new system for handling errors should be created using custom errors and error codes in addition to have the program response codes mean something.

Commands to add and edit projects currently exist, however there isn't one for remove projects. Something like this could be implemented:

apimetrics projects delete or when passing project ID apimetrics project delete -p abc123

A couple of notes on implementation:

1. If a user is deleting a project set as their current working project, their current working project should be reset and they should be notified.
2. If accounts or roles are still attached to the project the deletion should fail (mimic web interface) so this should be handled elegantly.

We need to ensure that the user is actually logged in when trying to call the userinfo endpoint in the same way we validate for the ordinary API.

Command to get a list of organisations the current user is a member of.

A depreciation warning exists when running any command that calls an API. This was tracked to the whatwg-url module which is a dependency of node-fetch. The dependency was removed in v3.3.2 however this is an ESM module making upgrade complicated. However, this issue should be resolved by making the planned switch to http-call given in #87.

(node:15302) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
    at node:punycode:3:9
    at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:392:7)
    at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:328:10)
    at loadBuiltinModule (node:internal/modules/helpers:102:7)
    at Module._load (node:internal/modules/cjs/loader:995:17)
    at Module.require (node:internal/modules/cjs/loader:1229:19)
    at require (node:internal/modules/helpers:177:18)
    at Object.<anonymous> (/home/mnickson/source/APImetrics/APIm-CLI/node_modules/whatwg-url/lib/url-state-machine.js:2:18)
    at Module._compile (node:internal/modules/cjs/loader:1369:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1427:10)

When we pass the body flag when creating or editing a call, the user should set the Content-Type header however it is not required so may be omitted. If it is omitted, this will cause errors in the web UI when displaying the body. If the Content-Type header is not specified, it should default to application/json when the --body option is passed.

➜ apimetrics auth login 
Opening browser to https://auth.apimetrics.io/activate?user_code=VVGH-WGJX
Verification Code: VVGH-WGJX
Waiting for login... Logged in
? Select an organization APImetrics
 ›   Error: /Users/nick/.config/apimetrics/config.json: Unexpected end of JSON input

Seeing this in the publish v0.0.1 CLI

The --user flag on the org accounts edit command is currently not required when it should be. This should be made to be required and the example updated to reflect this.

Currently all authentication endpoints are hard coded and can be overridden by environment variables. Perhaps it would be better to use the .well-known endpoint to discover the correct endpoints to call.

Support for managing schedules and schedule downtimes.

Currently #9 adds support for listing schedules, however this should be expanded further to allow complete management of schedules.

Commands to add:

• Add schedule
• Remove schedule
• Modify schedule
• Add downtime to schedule
• Remove downtime from schedule

We should probably check that the refresh token is a truthy value before attempting to revoke it. This should prevent 400 responses from the revoke endpoint.

https://github.com/APImetrics/APIm-CLI/blob/main/src/base-command/auth.ts#L100

When a user runs config org set or config project set they can input any arbitrary value as the organisation/project ID. This is not validated and can result in a non-existent organisation/project being set for the user. This results in errors further down the line when the user tries to run commands.

When there is no pre-existing project in an organisation, the third step of the login workflow (running config:project:set) will fail as an empty array is passed to inquirer.

See SBoudrias/Inquirer.js#417 (comment) for more details.

Implement workflow management commands. Currently list workflows is available however no other commands have yet been implemented.

In some cases, the project ID flag is included when it isn't required because we are already passing the ID of an object (e.g. schedule, call). This affects at least the commands below:

• schedules:edit
• schedules:calls:add
• schedules:calls:remove

Further analysis is required to determine which other commands are affected.

Following test case:

1. Add the role TEST to a user
2. Delete the role TEST from the organisation
3. Attempt to remove the role TEST from the user

Step 3 will fail with the error Error: Unrecognized role TEST as we validate all roles passed against the list of roles valid for the organisation. To prevent this issue, we should instead validate the list of roles to remove against the list of roles assigned to the user.

Personal projects require special handling. Currently many commands work on the assumption that this is an org and make calls as such. Most commands check to see if the current org is set. When the user has selected personal projects, the current org is set to "", hence these checks fail and the user is asked to set their org.

Also need to improve error messages for features that are not available for personal projects.

Currently the projects accounts command only lists users with direct access to a given project and does not include any users who have access through a given role. This is at odds with the web interface which displays everyone who has access, including those with access as a result of roles.

CLI should be changed to reflect the web interface format.

Currently there is no retry mechanism for making API calls. This means that if the request encounters some form of network error, the call will fail without any attempt to retry. Perhaps the most obvious instance of this is when the interface being used has an IPv6 address assigned, but the destination host is unreachable. This will result in an error such as this one

./bin/run login
 ›   Error: request to https://auth.apimetrics.io/oauth/device/code failed, reason: connect EHOSTUNREACH 2606:4700::6810:d8f1:443

The requests should at least make an attempt to fall back to IPv4 for requests when needed.

Add support for setting environments and environment variables.

Add a command that tells the user their current logged in account, current working organisation and current working project.

Currently only the project ID is shown when the apimetrics info whoami. It would be nice from a user point of view to also be able to show the name of the project as well. This would probably involve an extra API call to get the name.