npm - @01.software/init - Versions diffs - 0.9.1 → 0.10.0 - Mend

@01.software/init 0.9.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (119) hide show

package/dist/ai-docs.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+interface TenantContext {
+    tenantName: string;
+    features?: string[];
+    collections?: string[];
+}
+declare function generateClaudeMd(ctx: TenantContext): string;
+declare function getSkillFiles(): Array<{
+    dirName: string;
+    content: string;
+}>;
+declare function fetchTenantContext(publishableKey: string, secretKey: string): Promise<TenantContext | null>;
+export { type TenantContext, fetchTenantContext, generateClaudeMd, getSkillFiles };

package/dist/ai-docs.js CHANGED Viewed

@@ -3,7 +3,7 @@ import {
   fetchTenantContext,
   generateClaudeMd,
   getSkillFiles
-} from "./chunk-5K2CB2Y5.js";
+} from "./chunk-Q6MSORYN.js";
 export {
   fetchTenantContext,
   generateClaudeMd,

package/dist/browser-auth-CJDrpp5T.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+declare function startBrowserAuth(options?: {
+    webUrl?: string;
+    tenantId?: string;
+}): Promise<{
+    publishableKey: string;
+    secretKey: string;
+    tenantName: string;
+    tenantId?: string;
+}>;
+export { startBrowserAuth as s };

package/dist/{chunk-UA7WNT2F.js → chunk-4LHYICUL.js} RENAMED Viewed

@@ -115,4 +115,4 @@ export {
   setEnvValue,
   replaceTomlMcpSection
 };
-//# sourceMappingURL=chunk-UA7WNT2F.js.map
+//# sourceMappingURL=chunk-4LHYICUL.js.map

package/dist/chunk-4LHYICUL.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/file-ops.ts"],"sourcesContent":["// Helpers for `.env*` / Codex TOML / secret-bearing global config writes.\n// The pure string utilities (`readEnvValue`, `setEnvValue`,\n// `replaceTomlMcpSection`) are unit-tested without filesystem access; the\n// secret-write helpers (`writeEnvFile`, `chmodSecretFile`,\n// `writeSecretGlobalConfig`) are tested against an isolated tmpdir.\n\nimport fs from 'node:fs'\nimport path from 'node:path'\nimport { randomBytes } from 'node:crypto'\n\n// ── Secret-bearing writes ────────────────────────────────────────────\n\n/** POSIX file mode for secret-bearing files (`.env*`, global auth config). */\nexport const SECRET_FILE_MODE = 0o600\n/** POSIX directory mode for parents of global auth-bearing config. */\nexport const SECRET_DIR_MODE = 0o700\n\nconst isWin32 = process.platform === 'win32'\n\nfunction writeFileWithSecretMode(target: string, content: string): void {\n fs.writeFileSync(target, content, isWin32 ? undefined : { mode: SECRET_FILE_MODE })\n}\n\nfunction mkdirWithSecretMode(dir: string): void {\n fs.mkdirSync(\n dir,\n isWin32 ? { recursive: true } : { recursive: true, mode: SECRET_DIR_MODE },\n )\n}\n\n/** Write a `.env*` file with mode `0o600` on POSIX. Skips mode on Windows\n * (secret-handling caveats in `packages/init/AGENTS.md`). */\nexport function writeEnvFile(target: string, content: string): void {\n writeFileWithSecretMode(target, content)\n}\n\n/** Apply secret-file mode to an existing file (no-op on Windows). Useful\n * after merging an `.env*` file that already existed. */\nexport function chmodSecretFile(target: string): void {\n if (isWin32) return\n try {\n fs.chmodSync(target, SECRET_FILE_MODE)\n } catch {\n // Mode tightening is best-effort; the spec waives the requirement on\n // platforms that reject the chmod.\n }\n}\n\n/** Write a global auth-bearing config (e.g. `~/.codex/config.toml`) using\n * symlink-safe atomic rename. Throws when the existing target is a symlink,\n * has multiple hard links, or is not a regular file. */\nexport function writeSecretGlobalConfig(target: string, content: string): void {\n mkdirWithSecretMode(path.dirname(target))\n\n // Reject symlinks / non-regular files / multi-hardlink targets before any write.\n if (fs.existsSync(target)) {\n const stat = fs.lstatSync(target)\n if (stat.isSymbolicLink()) {\n throw new Error(\n `Refusing to write secret-bearing config through a symlink: ${target}. ` +\n `Remove the symlink and re-run init.`,\n )\n }\n if (!stat.isFile()) {\n throw new Error(\n `Refusing to write secret-bearing config to non-regular file: ${target}.`,\n )\n }\n if (!isWin32 && stat.nlink > 1) {\n throw new Error(\n `Refusing to write secret-bearing config to file with multiple hard links: ${target}.`,\n )\n }\n }\n\n // Atomic temp-file replacement: write tmp with 0o600, then rename to target.\n const tmp = `${target}.${randomBytes(6).toString('hex')}.tmp`\n writeFileWithSecretMode(tmp, content)\n try {\n fs.renameSync(tmp, target)\n } catch (err) {\n // Best-effort cleanup of the tmp file if rename failed (e.g. EXDEV).\n try {\n fs.unlinkSync(tmp)\n } catch {\n // ignore\n }\n throw err\n }\n}\n\n// ── .env merge ───────────────────────────────────────────────────────\n\nconst envLineRegexCache = new Map<string, RegExp>()\n\nfunction envLineRegex(name: string): RegExp {\n let re = envLineRegexCache.get(name)\n if (!re) {\n const escaped = name.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&')\n re = new RegExp(`^${escaped}=(.*)$`, 'm')\n envLineRegexCache.set(name, re)\n }\n return re\n}\n\nexport function readEnvValue(content: string, name: string): string | null {\n const m = content.match(envLineRegex(name))\n return m ? m[1] : null\n}\n\nexport function setEnvValue(content: string, name: string, value: string): string {\n const re = envLineRegex(name)\n if (re.test(content)) return content.replace(re, `${name}=${value}`)\n const sep = content.length === 0 || content.endsWith('\\n') ? '' : '\\n'\n return content + sep + `${name}=${value}\\n`\n}\n\n// ── Codex TOML manipulation ──────────────────────────────────────────\n\nconst OWNED_MCP_TOML_SECTION = 'mcp_servers.01software'\n\nfunction tomlSectionName(line: string): string | null {\n const match = line.trim().match(/^\\[([^\\]]+)\\]$/)\n return match ? match[1] : null\n}\n\nfunction isOwnedMcpTomlSection(sectionName: string): boolean {\n return (\n sectionName === OWNED_MCP_TOML_SECTION ||\n sectionName.startsWith(`${OWNED_MCP_TOML_SECTION}.`)\n )\n}\n\n/** Removes the existing `[mcp_servers.01software]` block and sub-blocks from a\n * TOML document, then appends the provided section. */\nexport function replaceTomlMcpSection(content: string, newSection: string): string {\n const lines = content.split('\\n')\n const kept: string[] = []\n let inOurSection = false\n for (const line of lines) {\n const sectionName = tomlSectionName(line)\n if (sectionName) {\n inOurSection = isOwnedMcpTomlSection(sectionName)\n if (inOurSection) continue\n }\n if (!inOurSection) kept.push(line)\n }\n let result = kept.join('\\n').replace(/\\n+$/, '')\n if (result.length > 0) result += '\\n'\n // newSection already starts with a blank line; keep it that way\n result += newSection.startsWith('\\n') ? newSection : '\\n' + newSection\n return result\n}\n"],"mappings":";;;AAMA,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,mBAAmB;AAKrB,IAAM,mBAAmB;AAEzB,IAAM,kBAAkB;AAE/B,IAAM,UAAU,QAAQ,aAAa;AAErC,SAAS,wBAAwB,QAAgB,SAAuB;AACtE,KAAG,cAAc,QAAQ,SAAS,UAAU,SAAY,EAAE,MAAM,iBAAiB,CAAC;AACpF;AAEA,SAAS,oBAAoB,KAAmB;AAC9C,KAAG;AAAA,IACD;AAAA,IACA,UAAU,EAAE,WAAW,KAAK,IAAI,EAAE,WAAW,MAAM,MAAM,gBAAgB;AAAA,EAC3E;AACF;AAIO,SAAS,aAAa,QAAgB,SAAuB;AAClE,0BAAwB,QAAQ,OAAO;AACzC;AAIO,SAAS,gBAAgB,QAAsB;AACpD,MAAI,QAAS;AACb,MAAI;AACF,OAAG,UAAU,QAAQ,gBAAgB;AAAA,EACvC,QAAQ;AAAA,EAGR;AACF;AAKO,SAAS,wBAAwB,QAAgB,SAAuB;AAC7E,sBAAoB,KAAK,QAAQ,MAAM,CAAC;AAGxC,MAAI,GAAG,WAAW,MAAM,GAAG;AACzB,UAAM,OAAO,GAAG,UAAU,MAAM;AAChC,QAAI,KAAK,eAAe,GAAG;AACzB,YAAM,IAAI;AAAA,QACR,8DAA8D,MAAM;AAAA,MAEtE;AAAA,IACF;AACA,QAAI,CAAC,KAAK,OAAO,GAAG;AAClB,YAAM,IAAI;AAAA,QACR,gEAAgE,MAAM;AAAA,MACxE;AAAA,IACF;AACA,QAAI,CAAC,WAAW,KAAK,QAAQ,GAAG;AAC9B,YAAM,IAAI;AAAA,QACR,6EAA6E,MAAM;AAAA,MACrF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,MAAM,GAAG,MAAM,IAAI,YAAY,CAAC,EAAE,SAAS,KAAK,CAAC;AACvD,0BAAwB,KAAK,OAAO;AACpC,MAAI;AACF,OAAG,WAAW,KAAK,MAAM;AAAA,EAC3B,SAAS,KAAK;AAEZ,QAAI;AACF,SAAG,WAAW,GAAG;AAAA,IACnB,QAAQ;AAAA,IAER;AACA,UAAM;AAAA,EACR;AACF;AAIA,IAAM,oBAAoB,oBAAI,IAAoB;AAElD,SAAS,aAAa,MAAsB;AAC1C,MAAI,KAAK,kBAAkB,IAAI,IAAI;AACnC,MAAI,CAAC,IAAI;AACP,UAAM,UAAU,KAAK,QAAQ,uBAAuB,MAAM;AAC1D,SAAK,IAAI,OAAO,IAAI,OAAO,UAAU,GAAG;AACxC,sBAAkB,IAAI,MAAM,EAAE;AAAA,EAChC;AACA,SAAO;AACT;AAEO,SAAS,aAAa,SAAiB,MAA6B;AACzE,QAAM,IAAI,QAAQ,MAAM,aAAa,IAAI,CAAC;AAC1C,SAAO,IAAI,EAAE,CAAC,IAAI;AACpB;AAEO,SAAS,YAAY,SAAiB,MAAc,OAAuB;AAChF,QAAM,KAAK,aAAa,IAAI;AAC5B,MAAI,GAAG,KAAK,OAAO,EAAG,QAAO,QAAQ,QAAQ,IAAI,GAAG,IAAI,IAAI,KAAK,EAAE;AACnE,QAAM,MAAM,QAAQ,WAAW,KAAK,QAAQ,SAAS,IAAI,IAAI,KAAK;AAClE,SAAO,UAAU,MAAM,GAAG,IAAI,IAAI,KAAK;AAAA;AACzC;AAIA,IAAM,yBAAyB;AAE/B,SAAS,gBAAgB,MAA6B;AACpD,QAAM,QAAQ,KAAK,KAAK,EAAE,MAAM,gBAAgB;AAChD,SAAO,QAAQ,MAAM,CAAC,IAAI;AAC5B;AAEA,SAAS,sBAAsB,aAA8B;AAC3D,SACE,gBAAgB,0BAChB,YAAY,WAAW,GAAG,sBAAsB,GAAG;AAEvD;AAIO,SAAS,sBAAsB,SAAiB,YAA4B;AACjF,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,QAAM,OAAiB,CAAC;AACxB,MAAI,eAAe;AACnB,aAAW,QAAQ,OAAO;AACxB,UAAM,cAAc,gBAAgB,IAAI;AACxC,QAAI,aAAa;AACf,qBAAe,sBAAsB,WAAW;AAChD,UAAI,aAAc;AAAA,IACpB;AACA,QAAI,CAAC,aAAc,MAAK,KAAK,IAAI;AAAA,EACnC;AACA,MAAI,SAAS,KAAK,KAAK,IAAI,EAAE,QAAQ,QAAQ,EAAE;AAC/C,MAAI,OAAO,SAAS,EAAG,WAAU;AAEjC,YAAU,WAAW,WAAW,IAAI,IAAI,aAAa,OAAO;AAC5D,SAAO;AACT;","names":[]}

package/dist/{chunk-TBGKXE3Q.js → chunk-NJ4X7VNK.js} RENAMED Viewed

@@ -56,11 +56,11 @@ export const analytics = createAnalytics({
 function getQueryProviderTemplate(env) {
   const useClientDirective = env === "nextjs" ? "'use client'\n\n" : "";
   return `${useClientDirective}import { QueryClientProvider } from '@tanstack/react-query'
-import { client } from './client'
+import { getQueryClient } from '@01.software/sdk/query'
 export function QueryProvider({ children }: { children: React.ReactNode }) {
   return (
-    <QueryClientProvider client={client.queryClient}>
+    <QueryClientProvider client={getQueryClient()}>
       {children}
     </QueryClientProvider>
   )
@@ -69,7 +69,7 @@ export function QueryProvider({ children }: { children: React.ReactNode }) {
 }
 function getServerTemplate(env, publishableKeyEnvVar, secretKeyEnvVar) {
   if (env === "edge") {
-    return `import { createServerClient } from '@01.software/sdk'
+    return `import { createServerClient } from '@01.software/sdk/server'
 // Edge runtime: pass your env bindings here
 // e.g. Cloudflare Workers: use env.SOFTWARE_PUBLISHABLE_KEY from the handler context
@@ -79,7 +79,7 @@ export function createEdgeClient(publishableKey: string, secretKey: string) {
 }
 `;
   }
-  return `import { createServerClient } from '@01.software/sdk'
+  return `import { createServerClient } from '@01.software/sdk/server'
 /**
  * Runtime guard: this module contains secret keys and must never be
@@ -180,4 +180,4 @@ export {
   getCodexMcpTomlSection,
   CODEX_MCP_SECTION_MARKER
 };
-//# sourceMappingURL=chunk-TBGKXE3Q.js.map
+//# sourceMappingURL=chunk-NJ4X7VNK.js.map

package/dist/chunk-NJ4X7VNK.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/templates.ts"],"sourcesContent":["import type { ProjectEnv } from './detect'\n\nconst MCP_RESOURCE_AUDIENCE = 'https://mcp.01.software/mcp'\n\n// ── Client template (browser) ────────────────────────────────────────\n\nexport function getClientTemplate(env: ProjectEnv, publishableKeyEnvVar: string): string {\n if (env === 'nextjs') {\n return `import { createClient } from '@01.software/sdk'\n\nexport const client = createClient({\n publishableKey: process.env.${publishableKeyEnvVar}!,\n})\n`\n }\n\n if (env === 'react-cra') {\n return `import { createClient } from '@01.software/sdk'\n\nexport const client = createClient({\n publishableKey: process.env.${publishableKeyEnvVar}!,\n})\n`\n }\n\n if (env === 'vanilla') {\n return `import { createClient } from '@01.software/sdk'\n\n// Replace 'YOUR_PUBLISHABLE_KEY' with your actual publishable key from the 01.software console\nexport const client = createClient({\n publishableKey: 'YOUR_PUBLISHABLE_KEY',\n})\n`\n }\n\n // react-vite (import.meta.env)\n return `import { createClient } from '@01.software/sdk'\n\nexport const client = createClient({\n publishableKey: import.meta.env.${publishableKeyEnvVar},\n})\n`\n}\n\n// ── Analytics template (browser) ─────────────────────────────────────\n\nexport function getAnalyticsTemplate(\n env: ProjectEnv,\n publishableKeyEnvVar: string,\n): string {\n if (env === 'vanilla') {\n return `import { createAnalytics } from '@01.software/sdk/analytics'\n\n// Replace 'YOUR_PUBLISHABLE_KEY' with your actual publishable key from the 01.software console\nexport const analytics = createAnalytics({\n publishableKey: 'YOUR_PUBLISHABLE_KEY',\n})\n`\n }\n\n const publishableKeyExpression =\n env === 'react-vite'\n ? `import.meta.env.${publishableKeyEnvVar}`\n : `process.env.${publishableKeyEnvVar}!`\n\n return `import { createAnalytics } from '@01.software/sdk/analytics'\n\nexport const analytics = createAnalytics({\n publishableKey: ${publishableKeyExpression},\n})\n`\n}\n\n// ── Query Provider template ──────────────────────────────────────────\n\nexport function getQueryProviderTemplate(env: ProjectEnv): string {\n const useClientDirective = env === 'nextjs' ? \"'use client'\\n\\n\" : ''\n\n return `${useClientDirective}import { QueryClientProvider } from '@tanstack/react-query'\nimport { getQueryClient } from '@01.software/sdk/query'\n\nexport function QueryProvider({ children }: { children: React.ReactNode }) {\n return (\n <QueryClientProvider client={getQueryClient()}>\n {children}\n </QueryClientProvider>\n )\n}\n`\n}\n\n// ── Server template ──────────────────────────────────────────────────\n\nexport function getServerTemplate(\n env: ProjectEnv,\n publishableKeyEnvVar: string,\n secretKeyEnvVar: string,\n): string {\n if (env === 'edge') {\n return `import { createServerClient } from '@01.software/sdk/server'\n\n// Edge runtime: pass your env bindings here\n// e.g. Cloudflare Workers: use env.SOFTWARE_PUBLISHABLE_KEY from the handler context\n// e.g. Vercel Edge: use process.env.${publishableKeyEnvVar}\nexport function createEdgeClient(publishableKey: string, secretKey: string) {\n return createServerClient({ publishableKey, secretKey })\n}\n`\n }\n\n return `import { createServerClient } from '@01.software/sdk/server'\n\n/**\n * Runtime guard: this module contains secret keys and must never be\n * imported from client-side (browser) code. If the bundler accidentally\n * includes it in a client bundle, this throws at module-evaluation time.\n */\nif (typeof window !== 'undefined') {\n throw new Error(\n 'lib/software/server.ts must not be imported in client-side code — it contains secret keys.',\n )\n}\n\ntype ServerClient = ReturnType<typeof createServerClient>\n\nlet cachedClient: ServerClient | null = null\n\nfunction createConfiguredClient(): ServerClient {\n const publishableKey = process.env.${publishableKeyEnvVar}\n const secretKey = process.env.${secretKeyEnvVar}\n\n if (!publishableKey || !secretKey) {\n throw new Error(\n 'Server client requires ${publishableKeyEnvVar} and ${secretKeyEnvVar}.',\n )\n }\n\n return createServerClient({ publishableKey, secretKey })\n}\n\nexport function getServerClient(): ServerClient {\n cachedClient ??= createConfiguredClient()\n return cachedClient\n}\n\n/**\n * Lazy Proxy: the underlying client is created only on first property access,\n * so importing this file has no side effects until you actually call it.\n */\nexport const serverClient = new Proxy({} as ServerClient, {\n get(_target, prop, receiver) {\n const target = getServerClient()\n const value = Reflect.get(target as object, prop, receiver)\n return typeof value === 'function' ? value.bind(target) : value\n },\n})\n`\n}\n\n// ── Env file content ─────────────────────────────────────────────────\n\nexport function getEnvContent(\n publishableKey: string,\n secretKey: string,\n publishableKeyEnvVar: string,\n secretKeyEnvVar: string | null,\n): string {\n let content = `\\n# 01.software\\n${publishableKeyEnvVar}=${publishableKey}\\n`\n if (secretKeyEnvVar) {\n content += `${secretKeyEnvVar}=${secretKey}\\n`\n }\n return content\n}\n\n// ── MCP config (JSON) ────────────────────────────────────────────────\n\nexport type McpJsonClient = 'generic' | 'windsurf' | 'vscode'\n\n/** VS Code's MCP config root key is `servers`; all other JSON clients use\n * `mcpServers` (MCP config caveats in `packages/init/AGENTS.md`). */\nexport function getMcpRootKey(client: McpJsonClient = 'generic'): 'servers' | 'mcpServers' {\n return client === 'vscode' ? 'servers' : 'mcpServers'\n}\n\nexport function getMcpServerEntry(client: McpJsonClient = 'generic') {\n if (client === 'windsurf') {\n return {\n serverUrl: MCP_RESOURCE_AUDIENCE,\n }\n }\n\n return {\n type: 'http' as const,\n url: MCP_RESOURCE_AUDIENCE,\n }\n}\n\nexport function getMcpConfigTemplate(client: McpJsonClient = 'generic'): string {\n const rootKey = getMcpRootKey(client)\n return (\n JSON.stringify(\n { [rootKey]: { '01software': getMcpServerEntry(client) } },\n null,\n 2,\n ) + '\\n'\n )\n}\n\n// ── MCP config (TOML — Codex CLI) ────────────────────────────────────\n\n/** Codex CLI `[mcp_servers.01software]` block. Idempotent marker: the header\n * line. Intended to be appended to `~/.codex/config.toml`. */\nexport function getCodexMcpTomlSection(): string {\n return `\n[mcp_servers.01software]\nurl = \"${MCP_RESOURCE_AUDIENCE}\"\n`\n}\n\nexport const CODEX_MCP_SECTION_MARKER = '[mcp_servers.01software]'\n"],"mappings":";;;AAEA,IAAM,wBAAwB;AAIvB,SAAS,kBAAkB,KAAiB,sBAAsC;AACvF,MAAI,QAAQ,UAAU;AACpB,WAAO;AAAA;AAAA;AAAA,gCAGqB,oBAAoB;AAAA;AAAA;AAAA,EAGlD;AAEA,MAAI,QAAQ,aAAa;AACvB,WAAO;AAAA;AAAA;AAAA,gCAGqB,oBAAoB;AAAA;AAAA;AAAA,EAGlD;AAEA,MAAI,QAAQ,WAAW;AACrB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT;AAGA,SAAO;AAAA;AAAA;AAAA,oCAG2B,oBAAoB;AAAA;AAAA;AAGxD;AAIO,SAAS,qBACd,KACA,sBACQ;AACR,MAAI,QAAQ,WAAW;AACrB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT;AAEA,QAAM,2BACJ,QAAQ,eACJ,mBAAmB,oBAAoB,KACvC,eAAe,oBAAoB;AAEzC,SAAO;AAAA;AAAA;AAAA,oBAGW,wBAAwB;AAAA;AAAA;AAG5C;AAIO,SAAS,yBAAyB,KAAyB;AAChE,QAAM,qBAAqB,QAAQ,WAAW,qBAAqB;AAEnE,SAAO,GAAG,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAW9B;AAIO,SAAS,kBACd,KACA,sBACA,iBACQ;AACR,MAAI,QAAQ,QAAQ;AAClB,WAAO;AAAA;AAAA;AAAA;AAAA,8CAImC,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKhE;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uCAkB8B,oBAAoB;AAAA,kCACzB,eAAe;AAAA;AAAA;AAAA;AAAA,gCAIjB,oBAAoB,QAAQ,eAAe;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAwB3E;AAIO,SAAS,cACd,gBACA,WACA,sBACA,iBACQ;AACR,MAAI,UAAU;AAAA;AAAA,EAAoB,oBAAoB,IAAI,cAAc;AAAA;AACxE,MAAI,iBAAiB;AACnB,eAAW,GAAG,eAAe,IAAI,SAAS;AAAA;AAAA,EAC5C;AACA,SAAO;AACT;AAQO,SAAS,cAAc,SAAwB,WAAqC;AACzF,SAAO,WAAW,WAAW,YAAY;AAC3C;AAEO,SAAS,kBAAkB,SAAwB,WAAW;AACnE,MAAI,WAAW,YAAY;AACzB,WAAO;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,KAAK;AAAA,EACP;AACF;AAEO,SAAS,qBAAqB,SAAwB,WAAmB;AAC9E,QAAM,UAAU,cAAc,MAAM;AACpC,SACE,KAAK;AAAA,IACH,EAAE,CAAC,OAAO,GAAG,EAAE,cAAc,kBAAkB,MAAM,EAAE,EAAE;AAAA,IACzD;AAAA,IACA;AAAA,EACF,IAAI;AAER;AAMO,SAAS,yBAAiC;AAC/C,SAAO;AAAA;AAAA,SAEA,qBAAqB;AAAA;AAE9B;AAEO,IAAM,2BAA2B;","names":[]}

package/dist/{chunk-5K2CB2Y5.js → chunk-Q6MSORYN.js} RENAMED Viewed

@@ -8,12 +8,7 @@ function normalizeActiveCollections(collections) {
 var HTTP_MCP_TOOLS = [
   "get-collection-schema",
   "get-tenant-context",
-  "list-configurable-fields",
-  "update-field-config",
-  "sdk-get-recipe",
-  "sdk-search-docs",
-  "sdk-get-auth-setup",
-  "sdk-get-collection-pattern"
+  "check-feature-progress"
 ];
 function generateClaudeMd(ctx) {
   const featuresSection = ctx.features && ctx.features.length > 0 ? ctx.features.map((f) => `- ${f}`).join("\n") : "- See console";
@@ -35,47 +30,28 @@ ${featuresSection}
 ${collectionsSection}
 ## Hosted HTTP MCP Quick Reference
-The hosted OAuth MCP server exposes these 8 tools:
+The hosted OAuth MCP server exposes these ${HTTP_MCP_TOOLS.length} tools:
 ${HTTP_MCP_TOOLS.map((tool) => `- \`${tool}\``).join("\n")}
 Use \`get-collection-schema\` for live field introspection before generating code.
-Use SDK/server code or local CLI stdio for collection reads, order workflows, and cart workflows.
+Use the SDK/server client, API, or the \`01\` CLI for collection reads/writes,
+cart workflows, and order/fulfillment/transaction operations that are not
+exposed on hosted MCP.
 ## CLI
 - \`01 query <collection>\` \u2014 query data
 - \`01 schema show <collection>\` \u2014 inspect fields
 - \`01 schema list\` \u2014 list all collections
-- \`npx @01.software/cli mcp\` \u2014 start trusted local stdio MCP for full server-key workflows
+- \`01 order\`, \`01 cart\`, \`01 transaction\`, \`01 product\` \u2014 commerce workflows
 ## Initial Setup
-Run \`/01software-field-config\` in Claude Code to configure field visibility for your use case.
+Configure field visibility (hide unused collections/fields) from the Console admin panel.
 Use \`get-collection-schema\` or \`01 schema show <collection>\` for live field introspection instead of relying on this document as a schema snapshot.
 `;
 }
 function getSkillFiles() {
   return [
-    {
-      dirName: "01software-field-config",
-      content: `---
-name: 01software-field-config
-description: Configure field visibility for this tenant \u2014 hide unused collections and fields via MCP
-disable-model-invocation: true
----
-Steps:
-1. Use \`list-configurable-fields\` to see current visibility settings
-2. Identify fields/collections not needed for your use case
-3. Use \`update-field-config\` to hide them
-Common setups:
-- Blog only: hide \`ecommerce\`, \`customers\`, \`videos\` collections
-- Store: hide \`articles\`, \`documents\`, \`galleries\`, \`canvas\` collections
-- Minimal: hide all except the collections you actively use
-Ask me: "Show current field config" or "Hide ecommerce fields"
-`
-    },
     {
       dirName: "01software-query",
       content: `---
@@ -83,11 +59,12 @@ name: 01software-query
 description: Query 01.software collections via SDK or CLI with filter, sort, and pagination examples
 ---
-Hosted HTTP MCP does not expose collection query tools. Use the SDK/server client or CLI for collection queries.
+Hosted HTTP MCP exposes live schema and tenant context tools. Use the
+SDK/server client or CLI for collection reads, filtering, and pagination.
 HTTP MCP:
 - Use \`get-collection-schema\` before assuming fields.
-- Use \`sdk-get-collection-pattern\` for collection-specific code patterns.
+- Use \`get-tenant-context\` to see active collections and hidden fields.
 CLI examples:
 - \`01 query products --limit 10\`
@@ -122,9 +99,9 @@ States: pending \u2192 paid \u2192 preparing \u2192 shipped \u2192 delivered \u2
 Free orders: omit paymentId, totalAmount=0 \u2192 auto-transitions to paid
-Hosted HTTP MCP is for schema, tenant context, field config, and SDK guidance.
-For trusted local stdio MCP workflows, run \`npx @01.software/cli mcp\`.
-CLI: \`01 order create --help\` for full options
+Hosted HTTP MCP does not expose SDK-backed order mutations. Checkout, returns,
+and granular order/fulfillment/transaction steps run through the SDK/server
+client, API, or the \`01\` CLI (\`01 order create --help\` for full options).
 `
     },
     {
@@ -174,4 +151,4 @@ export {
   getSkillFiles,
   fetchTenantContext
 };
-//# sourceMappingURL=chunk-5K2CB2Y5.js.map
+//# sourceMappingURL=chunk-Q6MSORYN.js.map

package/dist/chunk-Q6MSORYN.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/ai-docs.ts"],"sourcesContent":["export interface TenantContext {\n tenantName: string\n features?: string[]\n collections?: string[]\n}\n\ninterface TenantContextApiResponse {\n tenant?: { name?: string }\n features?: string[]\n collections?: { active?: string[]; inactive?: string[] }\n}\n\nfunction normalizeActiveCollections(\n collections: TenantContextApiResponse['collections'],\n): string[] {\n if (Array.isArray(collections?.active)) return collections.active\n return []\n}\n\n// Hosted HTTP MCP is the single thin surface for shell-less AI clients\n// (ADR 0009 + ADR 0031): only Console-service tools that execute under OAuth\n// request context are advertised. SDK-backed collection/commerce workflows,\n// SDK guidance, and field-config admin tooling live in the 01 CLI, API/SDK, and\n// Console, not on hosted MCP.\n// Keep this list in sync with MCP_TOOL_CONTRACT in @01.software/contracts.\nconst HTTP_MCP_TOOLS = [\n 'get-collection-schema',\n 'get-tenant-context',\n 'check-feature-progress',\n] as const\n\n// ── CLAUDE.md ────────────────────────────────────────────────────────\n\nexport function generateClaudeMd(ctx: TenantContext): string {\n const featuresSection =\n ctx.features && ctx.features.length > 0\n ? ctx.features.map((f) => `- ${f}`).join('\\n')\n : '- See console'\n\n const collectionsSection =\n ctx.collections && ctx.collections.length > 0\n ? ctx.collections.join(', ')\n : 'Run `01 schema list`'\n\n return `# 01.software SDK — ${ctx.tenantName}\n\n## Connection\n- Publishable Key: \\`NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY\\` (env)\n- Secret Key: \\`SOFTWARE_SECRET_KEY\\` (env)\n- MCP: \\`.mcp.json\\`\n- Agent discovery: \\`https://01.software/llms.txt\\`\n- Agent skill: \\`https://docs.01.software/skill.md\\`\n- OpenAPI: \\`https://docs.01.software/api/openapi\\`\n\n## Active Features\n${featuresSection}\n\n## Active Collections\n${collectionsSection}\n\n## Hosted HTTP MCP Quick Reference\nThe hosted OAuth MCP server exposes these ${HTTP_MCP_TOOLS.length} tools:\n\n${HTTP_MCP_TOOLS.map((tool) => `- \\`${tool}\\``).join('\\n')}\n\nUse \\`get-collection-schema\\` for live field introspection before generating code.\nUse the SDK/server client, API, or the \\`01\\` CLI for collection reads/writes,\ncart workflows, and order/fulfillment/transaction operations that are not\nexposed on hosted MCP.\n\n## CLI\n- \\`01 query <collection>\\` — query data\n- \\`01 schema show <collection>\\` — inspect fields\n- \\`01 schema list\\` — list all collections\n- \\`01 order\\`, \\`01 cart\\`, \\`01 transaction\\`, \\`01 product\\` — commerce workflows\n\n## Initial Setup\nConfigure field visibility (hide unused collections/fields) from the Console admin panel.\nUse \\`get-collection-schema\\` or \\`01 schema show <collection>\\` for live field introspection instead of relying on this document as a schema snapshot.\n`\n}\n\n// ── Skill files ──────────────────────────────────────────────────────\n\nexport function getSkillFiles(): Array<{ dirName: string; content: string }> {\n return [\n {\n dirName: '01software-query',\n content: `---\nname: 01software-query\ndescription: Query 01.software collections via SDK or CLI with filter, sort, and pagination examples\n---\n\nHosted HTTP MCP exposes live schema and tenant context tools. Use the\nSDK/server client or CLI for collection reads, filtering, and pagination.\n\nHTTP MCP:\n- Use \\`get-collection-schema\\` before assuming fields.\n- Use \\`get-tenant-context\\` to see active collections and hidden fields.\n\nCLI examples:\n- \\`01 query products --limit 10\\`\n- \\`01 query orders --where '{\"status\":{\"equals\":\"paid\"}}'\\`\n- \\`01 schema show products\\` — inspect available fields\n\nSDK (server):\n\\`\\`\\`typescript\nconst { docs } = await serverClient.collections.from('products').find({\n where: { status: { equals: 'published' } },\n sort: '-createdAt',\n limit: 10,\n})\n\\`\\`\\`\n`,\n },\n {\n dirName: '01software-order-flow',\n content: `---\nname: 01software-order-flow\ndescription: Order lifecycle reference — create, pay, fulfill, and return flows for 01.software\n---\n\nComplete order flow from creation to fulfillment.\n\nStates: pending → paid → preparing → shipped → delivered → confirmed\n\n1. Create the order from server code with the SDK/server client or Order API.\n2. Mark paid only after the payment gateway confirms.\n3. Create fulfillment with items and carrier/trackingNumber from a trusted server path.\n4. Handle returns and refunds from a trusted server path.\n\nFree orders: omit paymentId, totalAmount=0 → auto-transitions to paid\n\nHosted HTTP MCP does not expose SDK-backed order mutations. Checkout, returns,\nand granular order/fulfillment/transaction steps run through the SDK/server\nclient, API, or the \\`01\\` CLI (\\`01 order create --help\\` for full options).\n`,\n },\n {\n dirName: '01software-schema',\n content: `---\nname: 01software-schema\ndescription: Inspect 01.software collection schemas and available fields via MCP or CLI\n---\n\nInspect collection schemas to understand available fields.\n\nMCP: use \\`get-collection-schema\\` with collection\n\nCLI:\n- \\`01 schema list\\` — all available collections\n- \\`01 schema show <collection>\\` — field names, types, required status\n\nCommon collections: products, orders, customers, articles, documents, images\nUse \\`get-tenant-context\\` to see which collections are active for this tenant.\n`,\n },\n ]\n}\n\n// ── Tenant context fetch ─────────────────────────────────────────────\n\nexport async function fetchTenantContext(\n publishableKey: string,\n secretKey: string,\n): Promise<TenantContext | null> {\n try {\n const apiUrl = process.env.SOFTWARE_API_URL || 'https://api.01.software'\n // secretKey is now an opaque sk01_/pat01_ bearer token — send it directly.\n const res = await fetch(`${apiUrl}/api/tenants/context`, {\n headers: {\n 'X-Publishable-Key': publishableKey,\n Authorization: `Bearer ${secretKey}`,\n },\n })\n if (!res.ok) return null\n const data = (await res.json()) as TenantContextApiResponse\n return {\n tenantName: data.tenant?.name || '',\n features: data.features || [],\n collections: normalizeActiveCollections(data.collections),\n }\n } catch {\n return null\n }\n}\n"],"mappings":";;;AAYA,SAAS,2BACP,aACU;AACV,MAAI,MAAM,QAAQ,aAAa,MAAM,EAAG,QAAO,YAAY;AAC3D,SAAO,CAAC;AACV;AAQA,IAAM,iBAAiB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF;AAIO,SAAS,iBAAiB,KAA4B;AAC3D,QAAM,kBACJ,IAAI,YAAY,IAAI,SAAS,SAAS,IAClC,IAAI,SAAS,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,EAAE,KAAK,IAAI,IAC3C;AAEN,QAAM,qBACJ,IAAI,eAAe,IAAI,YAAY,SAAS,IACxC,IAAI,YAAY,KAAK,IAAI,IACzB;AAEN,SAAO,4BAAuB,IAAI,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW5C,eAAe;AAAA;AAAA;AAAA,EAGf,kBAAkB;AAAA;AAAA;AAAA,4CAGwB,eAAe,MAAM;AAAA;AAAA,EAE/D,eAAe,IAAI,CAAC,SAAS,OAAO,IAAI,IAAI,EAAE,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiB1D;AAIO,SAAS,gBAA6D;AAC3E,SAAO;AAAA,IACL;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IA0BX;AAAA,IACA;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAoBX;AAAA,IACA;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAgBX;AAAA,EACF;AACF;AAIA,eAAsB,mBACpB,gBACA,WAC+B;AAC/B,MAAI;AACF,UAAM,SAAS,QAAQ,IAAI,oBAAoB;AAE/C,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,wBAAwB;AAAA,MACvD,SAAS;AAAA,QACP,qBAAqB;AAAA,QACrB,eAAe,UAAU,SAAS;AAAA,MACpC;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,WAAO;AAAA,MACL,YAAY,KAAK,QAAQ,QAAQ;AAAA,MACjC,UAAU,KAAK,YAAY,CAAC;AAAA,MAC5B,aAAa,2BAA2B,KAAK,WAAW;AAAA,IAC1D;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/chunk-STM4DKVZ.js ADDED Viewed

@@ -0,0 +1,183 @@
+#!/usr/bin/env node
+// src/browser-auth.ts
+import { randomBytes } from "crypto";
+import { createServer } from "http";
+import { execFile, exec } from "child_process";
+import { platform } from "os";
+import { URL } from "url";
+import pc from "picocolors";
+var DEFAULT_WEB_URL = process.env.SOFTWARE_WEB_URL || "https://01.software";
+var TIMEOUT_MS = 5 * 60 * 1e3;
+function escapeHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function openBrowser(url) {
+  const os = platform();
+  const onError = () => {
+    console.log(
+      pc.yellow(
+        `Could not open browser automatically. Open this URL manually:
+${url}`
+      )
+    );
+  };
+  if (os === "win32") {
+    exec(`start "" "${url}"`, (err) => {
+      if (err) onError();
+    });
+  } else {
+    const cmd = os === "darwin" ? "open" : "xdg-open";
+    execFile(cmd, [url], (err) => {
+      if (err) onError();
+    });
+  }
+}
+var PAGE_STYLE = `*{margin:0;box-sizing:border-box}
+body{font-family:system-ui,-apple-system,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;background:#fff;color:#252525}
+@media(prefers-color-scheme:dark){body{background:#252525;color:#f5f5f5}}
+.card{text-align:center;padding:2rem 2.5rem;border-radius:10px;max-width:380px;width:100%}
+.icon{width:40px;height:40px;margin:0 auto 1rem;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:1.25rem}
+.icon.ok{background:rgba(0,0,0,.05);color:#252525}
+.icon.err{background:rgba(220,38,38,.08);color:#dc2626}
+@media(prefers-color-scheme:dark){.icon.ok{background:rgba(255,255,255,.08);color:#f5f5f5}}
+h1{font-size:.875rem;font-weight:600;margin-bottom:.375rem}
+p{font-size:.75rem;color:#737373;line-height:1.5}`;
+var SUCCESS_HTML = `<!DOCTYPE html>
+<html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width"><title>Login</title>
+<style>${PAGE_STYLE}</style>
+</head><body><div class="card"><div class="icon ok">\u2713</div><h1>Authenticated</h1><p>You can close this tab and return to the terminal.</p></div></body></html>`;
+var ERROR_HTML = (msg) => `<!DOCTYPE html>
+<html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width"><title>Login Error</title>
+<style>${PAGE_STYLE}</style>
+</head><body><div class="card"><div class="icon err">!</div><h1>Authentication failed</h1><p>${escapeHtml(msg)}</p></div></body></html>`;
+async function exchangeCode(webUrl, code) {
+  const url = `${webUrl}/api/cli/exchange`;
+  try {
+    const res = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ code })
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      console.error(
+        pc.red(
+          `Exchange failed: HTTP ${res.status} from ${url}${body ? ` \u2014 ${body.slice(0, 200)}` : ""}`
+        )
+      );
+      return null;
+    }
+    const data = await res.json();
+    if (typeof data.publishableKey !== "string" || typeof data.secretKey !== "string" || typeof data.tenantName !== "string" || typeof data.tenantId !== "string") {
+      console.error(pc.red(`Exchange failed: malformed response from ${url}`));
+      return null;
+    }
+    return {
+      publishableKey: data.publishableKey,
+      secretKey: data.secretKey,
+      tenantName: data.tenantName,
+      tenantId: data.tenantId
+    };
+  } catch (err) {
+    console.error(
+      pc.red(
+        `Exchange request to ${url} failed: ${err instanceof Error ? err.message : String(err)}`
+      )
+    );
+    return null;
+  }
+}
+async function startBrowserAuth(options) {
+  const state = randomBytes(32).toString("hex");
+  const webUrl = options?.webUrl ?? DEFAULT_WEB_URL;
+  return new Promise((resolve, reject) => {
+    const server = createServer((req, res) => {
+      if (!req.url) {
+        res.writeHead(400).end();
+        return;
+      }
+      const url = new URL(req.url, `http://localhost`);
+      if (url.pathname !== "/callback" || req.method !== "GET") {
+        res.writeHead(404).end();
+        return;
+      }
+      const error = url.searchParams.get("error");
+      if (error) {
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML(error));
+        console.error(pc.red(`Login failed: ${error}`));
+        cleanup(new Error(`Login failed: ${error}`));
+        return;
+      }
+      const code = url.searchParams.get("code");
+      const receivedState = url.searchParams.get("state");
+      if (!code || !receivedState) {
+        res.writeHead(400, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML("Missing code or state."));
+        cleanup(new Error("Login failed: missing code or state."));
+        return;
+      }
+      if (receivedState !== state) {
+        res.writeHead(403, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML("State mismatch."));
+        console.error(pc.red("Login failed: state mismatch."));
+        cleanup(new Error("Login failed: state mismatch."));
+        return;
+      }
+      exchangeCode(webUrl, code).then((creds) => {
+        if (!creds) {
+          res.writeHead(400, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML("Invalid or expired code."));
+          cleanup(new Error("Login failed: code exchange failed."));
+          return;
+        }
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(SUCCESS_HTML);
+        console.log(pc.green(`
+Logged in successfully!`));
+        console.log(pc.dim(`Tenant: ${creds.tenantName}`));
+        cleanup(null, creds);
+      });
+    });
+    let timeout;
+    let completed = false;
+    function cleanup(err, result) {
+      if (completed) return;
+      completed = true;
+      clearTimeout(timeout);
+      server.closeAllConnections?.();
+      server.close(() => {
+        if (err) {
+          reject(err);
+        } else {
+          resolve(result);
+        }
+      });
+    }
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        reject(new Error("Failed to start local server."));
+        return;
+      }
+      const port = addr.port;
+      timeout = setTimeout(() => {
+        console.error(pc.red("\nLogin timed out (5 minutes). Please try again."));
+        cleanup(new Error("Login timed out"));
+      }, TIMEOUT_MS);
+      const params = new URLSearchParams({ port: String(port), state });
+      if (options?.tenantId) {
+        params.set("tenantId", options.tenantId);
+      }
+      const loginUrl = `${webUrl}/cli-auth?${params.toString()}`;
+      console.log(pc.dim("Opening browser for login..."));
+      console.log(pc.dim(`If the browser does not open, visit:
+${loginUrl}`));
+      openBrowser(loginUrl);
+    });
+    server.on("error", (err) => {
+      reject(err);
+    });
+  });
+}
+export {
+  startBrowserAuth
+};
+//# sourceMappingURL=chunk-STM4DKVZ.js.map

package/dist/chunk-STM4DKVZ.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/browser-auth.ts"],"sourcesContent":["import { randomBytes } from 'node:crypto'\nimport { createServer } from 'node:http'\nimport { execFile, exec } from 'node:child_process'\nimport { platform } from 'node:os'\nimport { URL } from 'node:url'\nimport pc from 'picocolors'\n\nconst DEFAULT_WEB_URL = process.env.SOFTWARE_WEB_URL || 'https://01.software'\nconst TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes\n\nfunction escapeHtml(s: string): string {\n return s\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n}\n\nfunction openBrowser(url: string): void {\n const os = platform()\n\n const onError = () => {\n console.log(\n pc.yellow(\n `Could not open browser automatically. Open this URL manually:\\n${url}`,\n ),\n )\n }\n\n if (os === 'win32') {\n exec(`start \"\" \"${url}\"`, (err) => {\n if (err) onError()\n })\n } else {\n const cmd = os === 'darwin' ? 'open' : 'xdg-open'\n execFile(cmd, [url], (err) => {\n if (err) onError()\n })\n }\n}\n\nconst PAGE_STYLE = `*{margin:0;box-sizing:border-box}\nbody{font-family:system-ui,-apple-system,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;background:#fff;color:#252525}\n@media(prefers-color-scheme:dark){body{background:#252525;color:#f5f5f5}}\n.card{text-align:center;padding:2rem 2.5rem;border-radius:10px;max-width:380px;width:100%}\n.icon{width:40px;height:40px;margin:0 auto 1rem;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:1.25rem}\n.icon.ok{background:rgba(0,0,0,.05);color:#252525}\n.icon.err{background:rgba(220,38,38,.08);color:#dc2626}\n@media(prefers-color-scheme:dark){.icon.ok{background:rgba(255,255,255,.08);color:#f5f5f5}}\nh1{font-size:.875rem;font-weight:600;margin-bottom:.375rem}\np{font-size:.75rem;color:#737373;line-height:1.5}`\n\nconst SUCCESS_HTML = `<!DOCTYPE html>\n<html lang=\"en\"><head><meta charset=\"utf-8\"><meta name=\"viewport\" content=\"width=device-width\"><title>Login</title>\n<style>${PAGE_STYLE}</style>\n</head><body><div class=\"card\"><div class=\"icon ok\">\\u2713</div><h1>Authenticated</h1><p>You can close this tab and return to the terminal.</p></div></body></html>`\n\nconst ERROR_HTML = (msg: string) => `<!DOCTYPE html>\n<html lang=\"en\"><head><meta charset=\"utf-8\"><meta name=\"viewport\" content=\"width=device-width\"><title>Login Error</title>\n<style>${PAGE_STYLE}</style>\n</head><body><div class=\"card\"><div class=\"icon err\">!</div><h1>Authentication failed</h1><p>${escapeHtml(msg)}</p></div></body></html>`\n\ninterface ExchangeResponse {\n publishableKey: string\n secretKey: string\n tenantName: string\n tenantId: string\n}\n\nasync function exchangeCode(\n webUrl: string,\n code: string,\n): Promise<ExchangeResponse | null> {\n const url = `${webUrl}/api/cli/exchange`\n try {\n const res = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ code }),\n })\n if (!res.ok) {\n const body = await res.text().catch(() => '')\n console.error(\n pc.red(\n `Exchange failed: HTTP ${res.status} from ${url}${body ? ` — ${body.slice(0, 200)}` : ''}`,\n ),\n )\n return null\n }\n const data = (await res.json()) as Partial<ExchangeResponse>\n if (\n typeof data.publishableKey !== 'string' ||\n typeof data.secretKey !== 'string' ||\n typeof data.tenantName !== 'string' ||\n typeof data.tenantId !== 'string'\n ) {\n console.error(pc.red(`Exchange failed: malformed response from ${url}`))\n return null\n }\n return {\n publishableKey: data.publishableKey,\n secretKey: data.secretKey,\n tenantName: data.tenantName,\n tenantId: data.tenantId,\n }\n } catch (err) {\n console.error(\n pc.red(\n `Exchange request to ${url} failed: ${err instanceof Error ? err.message : String(err)}`,\n ),\n )\n return null\n }\n}\n\nexport async function startBrowserAuth(options?: {\n webUrl?: string\n tenantId?: string\n}): Promise<{\n publishableKey: string\n secretKey: string\n tenantName: string\n tenantId?: string\n}> {\n const state = randomBytes(32).toString('hex')\n const webUrl = options?.webUrl ?? DEFAULT_WEB_URL\n\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n if (!req.url) {\n res.writeHead(400).end()\n return\n }\n\n const url = new URL(req.url, `http://localhost`)\n\n if (url.pathname !== '/callback' || req.method !== 'GET') {\n res.writeHead(404).end()\n return\n }\n\n const error = url.searchParams.get('error')\n if (error) {\n res\n .writeHead(200, { 'Content-Type': 'text/html; charset=utf-8', Connection: 'close' })\n .end(ERROR_HTML(error))\n console.error(pc.red(`Login failed: ${error}`))\n cleanup(new Error(`Login failed: ${error}`))\n return\n }\n\n const code = url.searchParams.get('code')\n const receivedState = url.searchParams.get('state')\n\n if (!code || !receivedState) {\n res\n .writeHead(400, { 'Content-Type': 'text/html; charset=utf-8', Connection: 'close' })\n .end(ERROR_HTML('Missing code or state.'))\n cleanup(new Error('Login failed: missing code or state.'))\n return\n }\n\n if (receivedState !== state) {\n res\n .writeHead(403, { 'Content-Type': 'text/html; charset=utf-8', Connection: 'close' })\n .end(ERROR_HTML('State mismatch.'))\n console.error(pc.red('Login failed: state mismatch.'))\n cleanup(new Error('Login failed: state mismatch.'))\n return\n }\n\n exchangeCode(webUrl, code).then((creds) => {\n if (!creds) {\n res\n .writeHead(400, { 'Content-Type': 'text/html; charset=utf-8', Connection: 'close' })\n .end(ERROR_HTML('Invalid or expired code.'))\n cleanup(new Error('Login failed: code exchange failed.'))\n return\n }\n\n res\n .writeHead(200, { 'Content-Type': 'text/html; charset=utf-8', Connection: 'close' })\n .end(SUCCESS_HTML)\n\n console.log(pc.green(`\\nLogged in successfully!`))\n console.log(pc.dim(`Tenant: ${creds.tenantName}`))\n\n cleanup(null, creds)\n })\n })\n\n let timeout: ReturnType<typeof setTimeout>\n let completed = false\n\n function cleanup(err: Error | null, result?: ExchangeResponse) {\n if (completed) return\n completed = true\n clearTimeout(timeout)\n server.closeAllConnections?.()\n server.close(() => {\n if (err) {\n reject(err)\n } else {\n resolve(result!)\n }\n })\n }\n\n server.listen(0, '127.0.0.1', () => {\n const addr = server.address()\n if (!addr || typeof addr === 'string') {\n reject(new Error('Failed to start local server.'))\n return\n }\n\n const port = addr.port\n\n timeout = setTimeout(() => {\n console.error(pc.red('\\nLogin timed out (5 minutes). Please try again.'))\n cleanup(new Error('Login timed out'))\n }, TIMEOUT_MS)\n\n const params = new URLSearchParams({ port: String(port), state })\n if (options?.tenantId) {\n params.set('tenantId', options.tenantId)\n }\n const loginUrl = `${webUrl}/cli-auth?${params.toString()}`\n\n console.log(pc.dim('Opening browser for login...'))\n console.log(pc.dim(`If the browser does not open, visit:\\n${loginUrl}`))\n openBrowser(loginUrl)\n })\n\n server.on('error', (err) => {\n reject(err)\n })\n })\n}\n"],"mappings":";;;AAAA,SAAS,mBAAmB;AAC5B,SAAS,oBAAoB;AAC7B,SAAS,UAAU,YAAY;AAC/B,SAAS,gBAAgB;AACzB,SAAS,WAAW;AACpB,OAAO,QAAQ;AAEf,IAAM,kBAAkB,QAAQ,IAAI,oBAAoB;AACxD,IAAM,aAAa,IAAI,KAAK;AAE5B,SAAS,WAAW,GAAmB;AACrC,SAAO,EACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ;AAC3B;AAEA,SAAS,YAAY,KAAmB;AACtC,QAAM,KAAK,SAAS;AAEpB,QAAM,UAAU,MAAM;AACpB,YAAQ;AAAA,MACN,GAAG;AAAA,QACD;AAAA,EAAkE,GAAG;AAAA,MACvE;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,SAAS;AAClB,SAAK,aAAa,GAAG,KAAK,CAAC,QAAQ;AACjC,UAAI,IAAK,SAAQ;AAAA,IACnB,CAAC;AAAA,EACH,OAAO;AACL,UAAM,MAAM,OAAO,WAAW,SAAS;AACvC,aAAS,KAAK,CAAC,GAAG,GAAG,CAAC,QAAQ;AAC5B,UAAI,IAAK,SAAQ;AAAA,IACnB,CAAC;AAAA,EACH;AACF;AAEA,IAAM,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWnB,IAAM,eAAe;AAAA;AAAA,SAEZ,UAAU;AAAA;AAGnB,IAAM,aAAa,CAAC,QAAgB;AAAA;AAAA,SAE3B,UAAU;AAAA,+FAC4E,WAAW,GAAG,CAAC;AAS9G,eAAe,aACb,QACA,MACkC;AAClC,QAAM,MAAM,GAAG,MAAM;AACrB,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,KAAK,CAAC;AAAA,IAC/B,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,cAAQ;AAAA,QACN,GAAG;AAAA,UACD,yBAAyB,IAAI,MAAM,SAAS,GAAG,GAAG,OAAO,WAAM,KAAK,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE;AAAA,QAC1F;AAAA,MACF;AACA,aAAO;AAAA,IACT;AACA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,QACE,OAAO,KAAK,mBAAmB,YAC/B,OAAO,KAAK,cAAc,YAC1B,OAAO,KAAK,eAAe,YAC3B,OAAO,KAAK,aAAa,UACzB;AACA,cAAQ,MAAM,GAAG,IAAI,4CAA4C,GAAG,EAAE,CAAC;AACvE,aAAO;AAAA,IACT;AACA,WAAO;AAAA,MACL,gBAAgB,KAAK;AAAA,MACrB,WAAW,KAAK;AAAA,MAChB,YAAY,KAAK;AAAA,MACjB,UAAU,KAAK;AAAA,IACjB;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ;AAAA,MACN,GAAG;AAAA,QACD,uBAAuB,GAAG,YAAY,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,MACxF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,iBAAiB,SAQpC;AACD,QAAM,QAAQ,YAAY,EAAE,EAAE,SAAS,KAAK;AAC5C,QAAM,SAAS,SAAS,UAAU;AAElC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,UAAI,CAAC,IAAI,KAAK;AACZ,YAAI,UAAU,GAAG,EAAE,IAAI;AACvB;AAAA,MACF;AAEA,YAAM,MAAM,IAAI,IAAI,IAAI,KAAK,kBAAkB;AAE/C,UAAI,IAAI,aAAa,eAAe,IAAI,WAAW,OAAO;AACxD,YAAI,UAAU,GAAG,EAAE,IAAI;AACvB;AAAA,MACF;AAEA,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAI,OAAO;AACT,YACG,UAAU,KAAK,EAAE,gBAAgB,4BAA4B,YAAY,QAAQ,CAAC,EAClF,IAAI,WAAW,KAAK,CAAC;AACxB,gBAAQ,MAAM,GAAG,IAAI,iBAAiB,KAAK,EAAE,CAAC;AAC9C,gBAAQ,IAAI,MAAM,iBAAiB,KAAK,EAAE,CAAC;AAC3C;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,gBAAgB,IAAI,aAAa,IAAI,OAAO;AAElD,UAAI,CAAC,QAAQ,CAAC,eAAe;AAC3B,YACG,UAAU,KAAK,EAAE,gBAAgB,4BAA4B,YAAY,QAAQ,CAAC,EAClF,IAAI,WAAW,wBAAwB,CAAC;AAC3C,gBAAQ,IAAI,MAAM,sCAAsC,CAAC;AACzD;AAAA,MACF;AAEA,UAAI,kBAAkB,OAAO;AAC3B,YACG,UAAU,KAAK,EAAE,gBAAgB,4BAA4B,YAAY,QAAQ,CAAC,EAClF,IAAI,WAAW,iBAAiB,CAAC;AACpC,gBAAQ,MAAM,GAAG,IAAI,+BAA+B,CAAC;AACrD,gBAAQ,IAAI,MAAM,+BAA+B,CAAC;AAClD;AAAA,MACF;AAEA,mBAAa,QAAQ,IAAI,EAAE,KAAK,CAAC,UAAU;AACzC,YAAI,CAAC,OAAO;AACV,cACG,UAAU,KAAK,EAAE,gBAAgB,4BAA4B,YAAY,QAAQ,CAAC,EAClF,IAAI,WAAW,0BAA0B,CAAC;AAC7C,kBAAQ,IAAI,MAAM,qCAAqC,CAAC;AACxD;AAAA,QACF;AAEA,YACG,UAAU,KAAK,EAAE,gBAAgB,4BAA4B,YAAY,QAAQ,CAAC,EAClF,IAAI,YAAY;AAEnB,gBAAQ,IAAI,GAAG,MAAM;AAAA,wBAA2B,CAAC;AACjD,gBAAQ,IAAI,GAAG,IAAI,WAAW,MAAM,UAAU,EAAE,CAAC;AAEjD,gBAAQ,MAAM,KAAK;AAAA,MACrB,CAAC;AAAA,IACH,CAAC;AAED,QAAI;AACJ,QAAI,YAAY;AAEhB,aAAS,QAAQ,KAAmB,QAA2B;AAC7D,UAAI,UAAW;AACf,kBAAY;AACZ,mBAAa,OAAO;AACpB,aAAO,sBAAsB;AAC7B,aAAO,MAAM,MAAM;AACjB,YAAI,KAAK;AACP,iBAAO,GAAG;AAAA,QACZ,OAAO;AACL,kBAAQ,MAAO;AAAA,QACjB;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO,OAAO,GAAG,aAAa,MAAM;AAClC,YAAM,OAAO,OAAO,QAAQ;AAC5B,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,eAAO,IAAI,MAAM,+BAA+B,CAAC;AACjD;AAAA,MACF;AAEA,YAAM,OAAO,KAAK;AAElB,gBAAU,WAAW,MAAM;AACzB,gBAAQ,MAAM,GAAG,IAAI,kDAAkD,CAAC;AACxE,gBAAQ,IAAI,MAAM,iBAAiB,CAAC;AAAA,MACtC,GAAG,UAAU;AAEb,YAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,OAAO,IAAI,GAAG,MAAM,CAAC;AAChE,UAAI,SAAS,UAAU;AACrB,eAAO,IAAI,YAAY,QAAQ,QAAQ;AAAA,MACzC;AACA,YAAM,WAAW,GAAG,MAAM,aAAa,OAAO,SAAS,CAAC;AAExD,cAAQ,IAAI,GAAG,IAAI,8BAA8B,CAAC;AAClD,cAAQ,IAAI,GAAG,IAAI;AAAA,EAAyC,QAAQ,EAAE,CAAC;AACvE,kBAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO,GAAG,SAAS,CAAC,QAAQ;AAC1B,aAAO,GAAG;AAAA,IACZ,CAAC;AAAA,EACH,CAAC;AACH;","names":[]}