0pflow 0.1.0-dev.4fd2ac2 → 0.1.0-dev.582d64d

package/dist/connections/cloud-auth.js

@@ -0,0 +1,243 @@
+/**
+ * CLI authentication for the 0pflow cloud server.
+ *
+ * Adapted from the Pencil MCP auth pattern:
+ *   /Users/cevian/Development/pencil/packages/mcp-server/src/auth.ts
+ *
+ * Flow:
+ *   1. MCP/CLI calls authenticate()
+ *   2. Creates session on server → gets {code, secret}
+ *   3. Opens browser to /auth/cli?cli_code=X
+ *   4. User signs in (GitHub OAuth) and approves
+ *   5. Polls server until approved → saves token to ~/.0pflow/credentials
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { exec } from "node:child_process";
+const CREDENTIALS_DIR = join(homedir(), ".0pflow");
+const CREDENTIALS_FILE = join(CREDENTIALS_DIR, "credentials");
+const PENDING_AUTH_FILE = join(CREDENTIALS_DIR, "pending_auth");
+const DEFAULT_SERVER_URL = process.env.OPFLOW_SERVER_URL ?? "https://auth-server-vert.vercel.app";
+const POLL_INTERVAL_MS = 2000;
+const QUICK_POLL_ATTEMPTS = 8; // ~16 seconds
+function ensureDir() {
+    if (!existsSync(CREDENTIALS_DIR)) {
+        mkdirSync(CREDENTIALS_DIR, { recursive: true });
+    }
+}
+function readCredentials() {
+    try {
+        if (!existsSync(CREDENTIALS_FILE)) {
+            return null;
+        }
+        const raw = readFileSync(CREDENTIALS_FILE, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed.token) {
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+function readPendingAuth() {
+    try {
+        if (!existsSync(PENDING_AUTH_FILE)) {
+            return null;
+        }
+        const raw = readFileSync(PENDING_AUTH_FILE, "utf-8");
+        const parsed = JSON.parse(raw);
+        // Expire after 5 minutes
+        if (Date.now() - parsed.createdAt > 5 * 60 * 1000) {
+            unlinkSync(PENDING_AUTH_FILE);
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+function savePendingAuth(pending) {
+    ensureDir();
+    writeFileSync(PENDING_AUTH_FILE, JSON.stringify(pending, null, 2), "utf-8");
+}
+function clearPendingAuth() {
+    try {
+        if (existsSync(PENDING_AUTH_FILE)) {
+            unlinkSync(PENDING_AUTH_FILE);
+        }
+    }
+    catch {
+        // ignore
+    }
+}
+/**
+ * Get the stored API token, or null if not authenticated.
+ */
+export function getToken() {
+    // Environment variable takes precedence (for cloud deployments)
+    if (process.env.OPFLOW_TOKEN) {
+        return process.env.OPFLOW_TOKEN;
+    }
+    const creds = readCredentials();
+    return creds?.token ?? null;
+}
+/**
+ * Save an API token and server URL to ~/.0pflow/credentials.
+ */
+export function saveToken(token, serverUrl) {
+    ensureDir();
+    const credentials = {
+        token,
+        serverUrl: serverUrl ?? DEFAULT_SERVER_URL,
+    };
+    writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), "utf-8");
+}
+/**
+ * Check if the user is authenticated (has a stored token).
+ */
+export function isAuthenticated() {
+    return getToken() !== null;
+}
+/**
+ * Get the server URL from stored credentials, or the default.
+ */
+export function getServerUrl() {
+    const creds = readCredentials();
+    return creds?.serverUrl ?? DEFAULT_SERVER_URL;
+}
+/**
+ * Open a URL in the user's default browser.
+ */
+export function openBrowser(url) {
+    const platform = process.platform;
+    let command;
+    if (platform === "darwin") {
+        command = `open "${url}"`;
+    }
+    else if (platform === "win32") {
+        command = `start "" "${url}"`;
+    }
+    else {
+        command = `xdg-open "${url}"`;
+    }
+    exec(command, (error) => {
+        if (error) {
+            process.stderr.write(`Failed to open browser: ${error.message}\n`);
+        }
+    });
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Check a pending auth session's status.
+ */
+async function checkPendingSession(serverUrl, code, secret) {
+    try {
+        const checkResponse = await fetch(`${serverUrl}/api/auth/cli/check?code=${encodeURIComponent(code)}&secret=${encodeURIComponent(secret)}`);
+        if (!checkResponse.ok)
+            return null;
+        const checkData = (await checkResponse.json());
+        if (checkData.data.status === "approved" && checkData.data.token) {
+            return { token: checkData.data.token };
+        }
+        if (checkData.data.status === "expired") {
+            clearPendingAuth();
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Error indicating the user needs to approve the auth session in their browser.
+ */
+export class AuthRequiredError extends Error {
+    authUrl;
+    constructor(authUrl) {
+        super(`Authentication required. I've opened your browser to authorize access.\n\n` +
+            `If the browser didn't open, visit this URL:\n${authUrl}\n\n` +
+            `After you approve access in the browser, retry this command.`);
+        this.name = "AuthRequiredError";
+        this.authUrl = authUrl;
+    }
+}
+/**
+ * Perform browser-based CLI authentication (two-phase, non-blocking).
+ *
+ * Phase 1 (no pending session):
+ *   - Creates a session, opens browser, polls briefly (~16s)
+ *   - If approved quickly: saves token, returns
+ *   - If not: saves pending session, throws AuthRequiredError with URL
+ *
+ * Phase 2 (pending session exists):
+ *   - Checks if the pending session was approved
+ *   - If approved: saves token, clears pending, returns
+ *   - If not: throws AuthRequiredError with URL again
+ */
+export async function authenticate() {
+    const serverUrl = DEFAULT_SERVER_URL;
+    // Phase 2: Check if a pending session was approved
+    const pending = readPendingAuth();
+    if (pending) {
+        const result = await checkPendingSession(pending.serverUrl, pending.code, pending.secret);
+        if (result) {
+            saveToken(result.token, pending.serverUrl);
+            clearPendingAuth();
+            process.stderr.write("Authentication successful! Token saved.\n");
+            return;
+        }
+        // Still pending — tell user to approve
+        throw new AuthRequiredError(pending.authUrl);
+    }
+    // Phase 1: Create a new session
+    const createResponse = await fetch(`${serverUrl}/api/auth/cli/session`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+    });
+    if (!createResponse.ok) {
+        const errorText = await createResponse.text();
+        throw new Error(`Failed to create auth session: ${errorText}`);
+    }
+    const createData = (await createResponse.json());
+    const { code, secret } = createData.data;
+    const authUrl = `${serverUrl}/auth/cli?cli_code=${code}`;
+    // Save pending session so Phase 2 can pick it up
+    savePendingAuth({ code, secret, authUrl, serverUrl, createdAt: Date.now() });
+    // Open browser and print URL
+    process.stderr.write(`\nOpen this URL to authenticate:\n  ${authUrl}\n\n`);
+    openBrowser(authUrl);
+    // Quick poll: give the user ~16 seconds to approve
+    for (let attempt = 0; attempt < QUICK_POLL_ATTEMPTS; attempt++) {
+        await sleep(POLL_INTERVAL_MS);
+        const result = await checkPendingSession(serverUrl, code, secret);
+        if (result) {
+            saveToken(result.token, serverUrl);
+            clearPendingAuth();
+            process.stderr.write("Authentication successful! Token saved.\n");
+            return;
+        }
+    }
+    // Not approved yet — throw with helpful message
+    throw new AuthRequiredError(authUrl);
+}
+/**
+ * Clear stored credentials (logout).
+ */
+export function logout() {
+    try {
+        if (existsSync(CREDENTIALS_FILE)) {
+            unlinkSync(CREDENTIALS_FILE);
+        }
+    }
+    catch {
+        // ignore
+    }
+    clearPendingAuth();
+}
+//# sourceMappingURL=cloud-auth.js.map

package/dist/connections/cloud-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-auth.js","sourceRoot":"","sources":["../../src/connections/cloud-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE1C,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;AAC9D,MAAM,iBAAiB,GAAG,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AAChE,MAAM,kBAAkB,GACtB,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,qCAAqC,CAAC;AAEzE,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,mBAAmB,GAAG,CAAC,CAAC,CAAC,cAAc;AAe7C,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,SAAS,eAAe;IACtB,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe;IACtB,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,YAAY,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;QAC9C,yBAAyB;QACzB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YAClD,UAAU,CAAC,iBAAiB,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAAoB;IAC3C,SAAS,EAAE,CAAC;IACZ,aAAa,CAAC,iBAAiB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAClC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ;IACtB,gEAAgE;IAChE,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAClC,CAAC;IACD,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,OAAO,KAAK,EAAE,KAAK,IAAI,IAAI,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,SAAkB;IACzD,SAAS,EAAE,CAAC;IACZ,MAAM,WAAW,GAAgB;QAC/B,KAAK;QACL,SAAS,EAAE,SAAS,IAAI,kBAAkB;KAC3C,CAAC;IACF,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACjF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,QAAQ,EAAE,KAAK,IAAI,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,OAAO,KAAK,EAAE,SAAS,IAAI,kBAAkB,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;IAC5B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,SAAiB,EACjB,IAAY,EACZ,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAC/B,GAAG,SAAS,4BAA4B,kBAAkB,CAAC,IAAI,CAAC,WAAW,kBAAkB,CAAC,MAAM,CAAC,EAAE,CACxG,CAAC;QAEF,IAAI,CAAC,aAAa,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAK5C,CAAC;QAEF,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACxC,gBAAgB,EAAE,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1B,OAAO,CAAS;IAEhC,YAAY,OAAe;QACzB,KAAK,CACH,4EAA4E;YAC1E,gDAAgD,OAAO,MAAM;YAC7D,8DAA8D,CACjE,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,SAAS,GAAG,kBAAkB,CAAC;IAErC,mDAAmD;IACnD,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;QACF,IAAI,MAAM,EAAE,CAAC;YACX,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3C,gBAAgB,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,IAAI,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,gCAAgC;IAChC,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,uBAAuB,EAAE;QACtE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;IAEH,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,kCAAkC,SAAS,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAE9C,CAAC;IACF,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC;IAEzC,MAAM,OAAO,GAAG,GAAG,SAAS,sBAAsB,IAAI,EAAE,CAAC;IAEzD,iDAAiD;IACjD,eAAe,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAE7E,6BAA6B;IAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,OAAO,MAAM,CAAC,CAAC;IAC3E,WAAW,CAAC,OAAO,CAAC,CAAC;IAErB,mDAAmD;IACnD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,mBAAmB,EAAE,OAAO,EAAE,EAAE,CAAC;QAC/D,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAClE,IAAI,MAAM,EAAE,CAAC;YACX,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YACnC,gBAAgB,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,MAAM,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM;IACpB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACjC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,gBAAgB,EAAE,CAAC;AACrB,CAAC"}

package/dist/connections/cloud-client.d.ts

@@ -0,0 +1,25 @@
+/**
+ * HTTP client for the 0pflow cloud server.
+ *
+ * Adapted from the Pencil MCP client pattern:
+ *   /Users/cevian/Development/pencil/packages/mcp-server/src/client.ts
+ *
+ * Makes authenticated API calls using the token from cloud-auth.ts.
+ * Auto-triggers authenticate() when not authenticated.
+ */
+import { AuthRequiredError } from "./cloud-auth.js";
+export declare class AuthError extends Error {
+    constructor(message?: string);
+}
+export declare class ApiError extends Error {
+    readonly status: number;
+    constructor(status: number, message: string);
+}
+/**
+ * Make an authenticated HTTP call to the 0pflow cloud server.
+ * Returns the parsed response data (the `data` field from the response).
+ * Throws AuthError if not authenticated, ApiError if the request fails.
+ */
+export declare function apiCall(method: string, path: string, body?: Record<string, unknown>): Promise<unknown>;
+export { AuthRequiredError };
+//# sourceMappingURL=cloud-client.d.ts.map

package/dist/connections/cloud-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-client.d.ts","sourceRoot":"","sources":["../../src/connections/cloud-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAKL,iBAAiB,EAClB,MAAM,iBAAiB,CAAC;AAEzB,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,CAAC,EAAE,MAAM;CAO7B;AAED,qBAAa,QAAS,SAAQ,KAAK;IACjC,SAAgB,MAAM,EAAE,MAAM,CAAC;gBAEnB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK5C;AAED;;;;GAIG;AACH,wBAAsB,OAAO,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,OAAO,CAAC,CAkClB;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/connections/cloud-client.js

@@ -0,0 +1,59 @@
+/**
+ * HTTP client for the 0pflow cloud server.
+ *
+ * Adapted from the Pencil MCP client pattern:
+ *   /Users/cevian/Development/pencil/packages/mcp-server/src/client.ts
+ *
+ * Makes authenticated API calls using the token from cloud-auth.ts.
+ * Auto-triggers authenticate() when not authenticated.
+ */
+import { getToken, getServerUrl, isAuthenticated, authenticate, AuthRequiredError, } from "./cloud-auth.js";
+export class AuthError extends Error {
+    constructor(message) {
+        super(message ??
+            "Not authenticated with 0pflow cloud. Run `0pflow login` or set OPFLOW_TOKEN.");
+        this.name = "AuthError";
+    }
+}
+export class ApiError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.name = "ApiError";
+        this.status = status;
+    }
+}
+/**
+ * Make an authenticated HTTP call to the 0pflow cloud server.
+ * Returns the parsed response data (the `data` field from the response).
+ * Throws AuthError if not authenticated, ApiError if the request fails.
+ */
+export async function apiCall(method, path, body) {
+    if (!isAuthenticated()) {
+        // Attempt browser-based authentication (non-blocking, ~16s max)
+        await authenticate();
+        if (!isAuthenticated()) {
+            throw new AuthError();
+        }
+    }
+    const token = getToken();
+    const serverUrl = getServerUrl();
+    const headers = {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+    };
+    const response = await fetch(`${serverUrl}${path}`, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    const responseData = (await response.json());
+    if (!response.ok) {
+        const errorMessage = responseData.error ??
+            `HTTP ${response.status}: ${response.statusText}`;
+        throw new ApiError(response.status, errorMessage);
+    }
+    return responseData.data;
+}
+export { AuthRequiredError };
+//# sourceMappingURL=cloud-client.js.map

package/dist/connections/cloud-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-client.js","sourceRoot":"","sources":["../../src/connections/cloud-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAgB;QAC1B,KAAK,CACH,OAAO;YACL,8EAA8E,CACjF,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjB,MAAM,CAAS;IAE/B,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,IAAY,EACZ,IAA8B;IAE9B,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;QACvB,gEAAgE;QAChE,MAAM,YAAY,EAAE,CAAC;QAErB,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,SAAS,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,EAAG,CAAC;IAC1B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,MAAM,OAAO,GAA2B;QACtC,aAAa,EAAE,UAAU,KAAK,EAAE;QAChC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,EAAE,EAAE;QAClD,MAAM;QACN,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KAC9C,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;IAExE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,YAAY,GACf,YAAY,CAAC,KAAgB;YAC9B,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;AAC3B,CAAC;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/connections/cloud-integration-provider.d.ts

@@ -0,0 +1,21 @@
+import type { IntegrationProvider } from "./integration-provider.js";
+import type { ConnectionCredentials } from "../types.js";
+/**
+ * IntegrationProvider backed by the 0pflow cloud server (hosted mode).
+ * All Nango operations are proxied through the server — no NANGO_SECRET_KEY needed locally.
+ */
+export declare class CloudIntegrationProvider implements IntegrationProvider {
+    fetchCredentials(integrationId: string, connectionId: string): Promise<ConnectionCredentials>;
+    listIntegrations(): Promise<Array<{
+        id: string;
+        provider: string;
+    }>>;
+    listConnections(integrationId: string): Promise<Array<{
+        connection_id: string;
+        provider_config_key: string;
+    }>>;
+    createConnectSession(integrationId: string): Promise<{
+        token: string;
+    }>;
+}
+//# sourceMappingURL=cloud-integration-provider.d.ts.map

package/dist/connections/cloud-integration-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-integration-provider.d.ts","sourceRoot":"","sources":["../../src/connections/cloud-integration-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGzD;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,mBAAmB;IAC5D,gBAAgB,CACpB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,CAAC;IAS3B,gBAAgB,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAQpE,eAAe,CACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,KAAK,CAAC;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAQnE,oBAAoB,CACxB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAM9B"}

package/dist/connections/cloud-integration-provider.js

@@ -0,0 +1,26 @@
+import { apiCall } from "./cloud-client.js";
+/**
+ * IntegrationProvider backed by the 0pflow cloud server (hosted mode).
+ * All Nango operations are proxied through the server — no NANGO_SECRET_KEY needed locally.
+ */
+export class CloudIntegrationProvider {
+    async fetchCredentials(integrationId, connectionId) {
+        const data = (await apiCall("GET", `/api/credentials/${encodeURIComponent(integrationId)}?connection_id=${encodeURIComponent(connectionId)}`));
+        return data;
+    }
+    async listIntegrations() {
+        const data = (await apiCall("GET", "/api/integrations"));
+        return data;
+    }
+    async listConnections(integrationId) {
+        const data = (await apiCall("GET", `/api/integrations/${encodeURIComponent(integrationId)}/connections`));
+        return data;
+    }
+    async createConnectSession(integrationId) {
+        const data = (await apiCall("POST", "/api/nango/connect-session", {
+            integration_id: integrationId,
+        }));
+        return data;
+    }
+}
+//# sourceMappingURL=cloud-integration-provider.js.map

package/dist/connections/cloud-integration-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-integration-provider.js","sourceRoot":"","sources":["../../src/connections/cloud-integration-provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAE5C;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IACnC,KAAK,CAAC,gBAAgB,CACpB,aAAqB,EACrB,YAAoB;QAEpB,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CACzB,KAAK,EACL,oBAAoB,kBAAkB,CAAC,aAAa,CAAC,kBAAkB,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAC1G,CAA0B,CAAC;QAE5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAGrD,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,aAAqB;QAErB,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CACzB,KAAK,EACL,qBAAqB,kBAAkB,CAAC,aAAa,CAAC,cAAc,CACrE,CAAkE,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,aAAqB;QAErB,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,EAAE,4BAA4B,EAAE;YAChE,cAAc,EAAE,aAAa;SAC9B,CAAC,CAAsB,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/connections/index.d.ts

@@ -0,0 +1,11 @@
+export { ensureConnectionsTable } from "./schema.js";
+export { resolveConnectionId, upsertConnection, listConnections, deleteConnection, } from "./resolver.js";
+export type { ConnectionMapping } from "./resolver.js";
+export { initNango, getNango, fetchCredentials } from "./nango-client.js";
+export type { IntegrationProvider } from "./integration-provider.js";
+export { createIntegrationProvider } from "./integration-provider.js";
+export { LocalIntegrationProvider, createLocalIntegrationProvider } from "./local-integration-provider.js";
+export { CloudIntegrationProvider } from "./cloud-integration-provider.js";
+export { getToken as getCloudToken, isAuthenticated as isCloudAuthenticated, authenticate as cloudAuthenticate, logout as cloudLogout, } from "./cloud-auth.js";
+export { apiCall as cloudApiCall } from "./cloud-client.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/connections/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/connections/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,GACjB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC1E,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,iCAAiC,CAAC;AAC3G,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EACL,QAAQ,IAAI,aAAa,EACzB,eAAe,IAAI,oBAAoB,EACvC,YAAY,IAAI,iBAAiB,EACjC,MAAM,IAAI,WAAW,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/connections/index.js

@@ -0,0 +1,9 @@
+export { ensureConnectionsTable } from "./schema.js";
+export { resolveConnectionId, upsertConnection, listConnections, deleteConnection, } from "./resolver.js";
+export { initNango, getNango, fetchCredentials } from "./nango-client.js";
+export { createIntegrationProvider } from "./integration-provider.js";
+export { LocalIntegrationProvider, createLocalIntegrationProvider } from "./local-integration-provider.js";
+export { CloudIntegrationProvider } from "./cloud-integration-provider.js";
+export { getToken as getCloudToken, isAuthenticated as isCloudAuthenticated, authenticate as cloudAuthenticate, logout as cloudLogout, } from "./cloud-auth.js";
+export { apiCall as cloudApiCall } from "./cloud-client.js";
+//# sourceMappingURL=index.js.map

package/dist/connections/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/connections/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,iCAAiC,CAAC;AAC3G,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EACL,QAAQ,IAAI,aAAa,EACzB,eAAe,IAAI,oBAAoB,EACvC,YAAY,IAAI,iBAAiB,EACjC,MAAM,IAAI,WAAW,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/connections/integration-provider.d.ts

@@ -0,0 +1,38 @@
+import type { ConnectionCredentials } from "../types.js";
+/**
+ * Abstraction over integration/credential operations.
+ *
+ * LocalIntegrationProvider calls Nango directly (self-hosted mode).
+ * CloudIntegrationProvider calls the 0pflow cloud server (hosted mode).
+ *
+ * Connection *mapping* (workflow/node → connection_id) is NOT part of this
+ * interface — that stays in the user's local app DB via resolver.ts.
+ */
+export interface IntegrationProvider {
+    /** Fetch actual credentials for a connection */
+    fetchCredentials(integrationId: string, connectionId: string): Promise<ConnectionCredentials>;
+    /** List available integrations */
+    listIntegrations(): Promise<Array<{
+        id: string;
+        provider: string;
+    }>>;
+    /** List connections for an integration */
+    listConnections(integrationId: string): Promise<Array<{
+        connection_id: string;
+        provider_config_key: string;
+    }>>;
+    /** Create a Connect session for OAuth setup */
+    createConnectSession(integrationId: string, endUserId?: string): Promise<{
+        token: string;
+    }>;
+}
+/**
+ * Auto-detect and create the appropriate IntegrationProvider.
+ *
+ * - NANGO_SECRET_KEY set → LocalIntegrationProvider (direct Nango)
+ * - Otherwise → CloudIntegrationProvider (proxies through 0pflow cloud)
+ *
+ * Optionally pass a nangoSecretKey to override env detection.
+ */
+export declare function createIntegrationProvider(nangoSecretKey?: string): Promise<IntegrationProvider>;
+//# sourceMappingURL=integration-provider.d.ts.map

package/dist/connections/integration-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-provider.d.ts","sourceRoot":"","sources":["../../src/connections/integration-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,gDAAgD;IAChD,gBAAgB,CACd,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAElC,kCAAkC;IAClC,gBAAgB,IAAI,OAAO,CACzB,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CACxC,CAAC;IAEF,0CAA0C;IAC1C,eAAe,CACb,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,KAAK,CAAC;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,CAAC;IAE1E,+CAA+C;IAC/C,oBAAoB,CAClB,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/B;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,mBAAmB,CAAC,CAU9B"}

package/dist/connections/integration-provider.js

@@ -0,0 +1,20 @@
+/**
+ * Auto-detect and create the appropriate IntegrationProvider.
+ *
+ * - NANGO_SECRET_KEY set → LocalIntegrationProvider (direct Nango)
+ * - Otherwise → CloudIntegrationProvider (proxies through 0pflow cloud)
+ *
+ * Optionally pass a nangoSecretKey to override env detection.
+ */
+export async function createIntegrationProvider(nangoSecretKey) {
+    const key = nangoSecretKey ?? process.env.NANGO_SECRET_KEY;
+    if (key) {
+        const { createLocalIntegrationProvider } = await import("./local-integration-provider.js");
+        return createLocalIntegrationProvider(key);
+    }
+    else {
+        const { CloudIntegrationProvider } = await import("./cloud-integration-provider.js");
+        return new CloudIntegrationProvider();
+    }
+}
+//# sourceMappingURL=integration-provider.js.map

package/dist/connections/integration-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-provider.js","sourceRoot":"","sources":["../../src/connections/integration-provider.ts"],"names":[],"mappings":"AAmCA;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,cAAuB;IAEvB,MAAM,GAAG,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAE3D,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAC3F,OAAO,8BAA8B,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QACrF,OAAO,IAAI,wBAAwB,EAAE,CAAC;IACxC,CAAC;AACH,CAAC"}

package/dist/connections/local-integration-provider.d.ts

@@ -0,0 +1,28 @@
+import type { IntegrationProvider } from "./integration-provider.js";
+import type { ConnectionCredentials } from "../types.js";
+/**
+ * IntegrationProvider backed by a direct Nango connection (self-hosted mode).
+ * Requires NANGO_SECRET_KEY.
+ */
+export declare class LocalIntegrationProvider implements IntegrationProvider {
+    private nango;
+    constructor(nangoInstance: any);
+    fetchCredentials(integrationId: string, connectionId: string): Promise<ConnectionCredentials>;
+    listIntegrations(): Promise<Array<{
+        id: string;
+        provider: string;
+    }>>;
+    listConnections(integrationId: string): Promise<Array<{
+        connection_id: string;
+        provider_config_key: string;
+    }>>;
+    createConnectSession(integrationId: string, endUserId?: string): Promise<{
+        token: string;
+    }>;
+}
+/**
+ * Create a LocalIntegrationProvider from a Nango secret key.
+ * Uses dynamic import to avoid hard dependency on @nangohq/node.
+ */
+export declare function createLocalIntegrationProvider(secretKey: string): Promise<LocalIntegrationProvider>;
+//# sourceMappingURL=local-integration-provider.d.ts.map

package/dist/connections/local-integration-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-integration-provider.d.ts","sourceRoot":"","sources":["../../src/connections/local-integration-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,mBAAmB;IAElE,OAAO,CAAC,KAAK,CAAM;gBAGP,aAAa,EAAE,GAAG;IAIxB,gBAAgB,CACpB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,CAAC;IAkB3B,gBAAgB,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAUpE,eAAe,CACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,KAAK,CAAC;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAQnE,oBAAoB,CACxB,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAO9B;AAED;;;GAGG;AACH,wBAAsB,8BAA8B,CAClD,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,wBAAwB,CAAC,CAInC"}

package/dist/connections/local-integration-provider.js

@@ -0,0 +1,54 @@
+/**
+ * IntegrationProvider backed by a direct Nango connection (self-hosted mode).
+ * Requires NANGO_SECRET_KEY.
+ */
+export class LocalIntegrationProvider {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    nango;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    constructor(nangoInstance) {
+        this.nango = nangoInstance;
+    }
+    async fetchCredentials(integrationId, connectionId) {
+        const connection = await this.nango.getConnection(integrationId, connectionId);
+        const creds = connection.credentials ?? {};
+        const token = creds.access_token ??
+            creds.api_key ??
+            creds.apiKey ??
+            creds.token ??
+            "";
+        return {
+            token,
+            connectionConfig: connection.connection_config ?? {},
+            raw: creds,
+        };
+    }
+    async listIntegrations() {
+        const result = await this.nango.listIntegrations();
+        return (result.configs ?? []).map((c) => ({
+            id: c.unique_key,
+            provider: c.provider,
+        }));
+    }
+    async listConnections(integrationId) {
+        const result = await this.nango.listConnections();
+        return (result.connections ?? []).filter((c) => c.provider_config_key === integrationId);
+    }
+    async createConnectSession(integrationId, endUserId) {
+        const session = await this.nango.createConnectSession({
+            end_user: { id: endUserId ?? "dev-ui-user" },
+            allowed_integrations: [integrationId],
+        });
+        return { token: session.data.token };
+    }
+}
+/**
+ * Create a LocalIntegrationProvider from a Nango secret key.
+ * Uses dynamic import to avoid hard dependency on @nangohq/node.
+ */
+export async function createLocalIntegrationProvider(secretKey) {
+    const { Nango } = await import("@nangohq/node");
+    const nango = new Nango({ secretKey });
+    return new LocalIntegrationProvider(nango);
+}
+//# sourceMappingURL=local-integration-provider.js.map

package/dist/connections/local-integration-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-integration-provider.js","sourceRoot":"","sources":["../../src/connections/local-integration-provider.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IACnC,8DAA8D;IACtD,KAAK,CAAM;IAEnB,8DAA8D;IAC9D,YAAY,aAAkB;QAC5B,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,aAAqB,EACrB,YAAoB;QAEpB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAE/E,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,IAAI,EAAE,CAAC;QAC3C,MAAM,KAAK,GACT,KAAK,CAAC,YAAY;YAClB,KAAK,CAAC,OAAO;YACb,KAAK,CAAC,MAAM;YACZ,KAAK,CAAC,KAAK;YACX,EAAE,CAAC;QAEL,OAAO;YACL,KAAK;YACL,gBAAgB,EAAE,UAAU,CAAC,iBAAiB,IAAI,EAAE;YACpD,GAAG,EAAE,KAAK;SACX,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACnD,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAC/B,CAAC,CAA2C,EAAE,EAAE,CAAC,CAAC;YAChD,EAAE,EAAE,CAAC,CAAC,UAAU;YAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,aAAqB;QAErB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAClD,OAAO,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,MAAM,CACtC,CAAC,CAAkC,EAAE,EAAE,CACrC,CAAC,CAAC,mBAAmB,KAAK,aAAa,CAC1C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,aAAqB,EACrB,SAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC;YACpD,QAAQ,EAAE,EAAE,EAAE,EAAE,SAAS,IAAI,aAAa,EAAE;YAC5C,oBAAoB,EAAE,CAAC,aAAa,CAAC;SACtC,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IACvC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,SAAiB;IAEjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACvC,OAAO,IAAI,wBAAwB,CAAC,KAAK,CAAC,CAAC;AAC7C,CAAC"}

package/dist/connections/nango-client.d.ts

@@ -0,0 +1,14 @@
+import type { ConnectionCredentials } from "../types.js";
+/**
+ * Initialize the Nango client singleton.
+ */
+export declare function initNango(secretKey: string): Promise<void>;
+/**
+ * Get the Nango client instance, or null if not initialized.
+ */
+export declare function getNango(): any | null;
+/**
+ * Fetch credentials for an integration connection from Nango.
+ */
+export declare function fetchCredentials(integrationId: string, connectionId: string): Promise<ConnectionCredentials>;
+//# sourceMappingURL=nango-client.d.ts.map

package/dist/connections/nango-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nango-client.d.ts","sourceRoot":"","sources":["../../src/connections/nango-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAkBzD;;GAEG;AACH,wBAAsB,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAGhE;AAED;;GAEG;AAEH,wBAAgB,QAAQ,IAAI,GAAG,GAAG,IAAI,CAErC;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,CAAC,CAwBhC"}