@1claw/cli 0.32.2 → 0.34.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +77 -1
- package/dist/src/ai-clients.d.ts +19 -0
- package/dist/src/ai-clients.d.ts.map +1 -0
- package/dist/src/ai-clients.js +218 -0
- package/dist/src/ai-clients.js.map +1 -0
- package/dist/src/auth/dpop.d.ts +5 -0
- package/dist/src/auth/dpop.d.ts.map +1 -0
- package/dist/src/auth/dpop.js +81 -0
- package/dist/src/auth/dpop.js.map +1 -0
- package/dist/src/client.d.ts.map +1 -1
- package/dist/src/client.js +6 -1
- package/dist/src/client.js.map +1 -1
- package/dist/src/commands/env.d.ts.map +1 -1
- package/dist/src/commands/env.js +122 -19
- package/dist/src/commands/env.js.map +1 -1
- package/dist/src/commands/import.d.ts +3 -0
- package/dist/src/commands/import.d.ts.map +1 -0
- package/dist/src/commands/import.js +175 -0
- package/dist/src/commands/import.js.map +1 -0
- package/dist/src/commands/setup.d.ts +3 -0
- package/dist/src/commands/setup.d.ts.map +1 -0
- package/dist/src/commands/setup.js +217 -0
- package/dist/src/commands/setup.js.map +1 -0
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +5 -0
- package/dist/src/index.js.map +1 -1
- package/dist/src/local-cache.d.ts +19 -0
- package/dist/src/local-cache.d.ts.map +1 -0
- package/dist/src/local-cache.js +131 -0
- package/dist/src/local-cache.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# @1claw/cli (v0.
|
|
1
|
+
# @1claw/cli (v0.34.1)
|
|
2
2
|
|
|
3
3
|
Command-line interface for [1Claw](https://1claw.xyz) — HSM-backed secret management for AI agents and humans.
|
|
4
4
|
|
|
@@ -8,6 +8,14 @@ Designed for CI/CD pipelines, DevOps workflows, and server environments.
|
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
11
|
+
### Homebrew (macOS / Linux)
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
brew install 1clawAI/tap/1claw
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
### npm
|
|
18
|
+
|
|
11
19
|
```bash
|
|
12
20
|
npm install -g @1claw/cli
|
|
13
21
|
```
|
|
@@ -46,8 +54,45 @@ export ONECLAW_TOKEN="your-jwt"
|
|
|
46
54
|
export ONECLAW_API_KEY="1ck_..."
|
|
47
55
|
```
|
|
48
56
|
|
|
57
|
+
## Quick Start
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
1claw login # Authenticate via browser
|
|
61
|
+
1claw setup # Auto-configure Claude, Cursor, VS Code, etc.
|
|
62
|
+
1claw import .env # Import secrets from a .env file into your vault
|
|
63
|
+
```
|
|
64
|
+
|
|
49
65
|
## Commands
|
|
50
66
|
|
|
67
|
+
### Setup (AI Client Auto-Configuration)
|
|
68
|
+
|
|
69
|
+
Auto-detect and configure AI clients (Claude Desktop, Cursor, VS Code, Zed, Windsurf, Claude Code) to use the 1Claw MCP server for runtime secret access.
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
1claw setup # Interactive: detect clients, select, configure
|
|
73
|
+
1claw setup --client cursor # Configure only Cursor
|
|
74
|
+
1claw setup --agent-key ocv_... # Use a specific agent API key
|
|
75
|
+
1claw setup --project # Write MCP config to current project instead of global
|
|
76
|
+
1claw setup --skip-auth # Skip authentication check
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
The command detects installed AI clients, prompts you to select which ones to configure, and writes the appropriate MCP server entry to each client's config file. It uses `npx @1claw/mcp` by default, or a globally installed `1claw-mcp` binary if available.
|
|
80
|
+
|
|
81
|
+
### Import (.env File)
|
|
82
|
+
|
|
83
|
+
Import secrets from a local `.env` file into a 1Claw vault.
|
|
84
|
+
|
|
85
|
+
```bash
|
|
86
|
+
1claw import .env # Import all keys from .env
|
|
87
|
+
1claw import .env.production \
|
|
88
|
+
--prefix prod/ # Add a path prefix to all keys
|
|
89
|
+
1claw import .env --dry-run # Preview what would be imported
|
|
90
|
+
1claw import .env --force # Overwrite existing secrets
|
|
91
|
+
1claw import .env --vault <id> # Import to a specific vault
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
Handles standard `.env` syntax: `KEY=value`, single/double-quoted values, `export` prefix, comments, and multiline values.
|
|
95
|
+
|
|
51
96
|
### Auth
|
|
52
97
|
|
|
53
98
|
```bash
|
|
@@ -117,8 +162,22 @@ echo "sk_live_..." | 1claw secret set <path> --stdin # From stdin
|
|
|
117
162
|
1claw env push .env # Push .env file to vault
|
|
118
163
|
1claw env run -- npm start # Run with secrets injected
|
|
119
164
|
1claw env run --prefix config/ -- ./deploy.sh # Only inject matching secrets
|
|
165
|
+
1claw env run --no-cache -- npm start # Skip local cache, always fetch from API
|
|
120
166
|
```
|
|
121
167
|
|
|
168
|
+
### Environment Cache (Offline Mode)
|
|
169
|
+
|
|
170
|
+
Cache secrets locally in an AES-256-GCM encrypted file for offline `env run`. The encryption key is derived from your authentication token.
|
|
171
|
+
|
|
172
|
+
```bash
|
|
173
|
+
1claw env cache # Download and cache secrets locally
|
|
174
|
+
1claw env cache --ttl 3600 # Cache with 1-hour TTL (default: 300s)
|
|
175
|
+
1claw env cache-status # Show cache age, vault ID, secret count
|
|
176
|
+
1claw env cache-clear # Delete the local cache
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
When a valid cache exists, `env run` uses it automatically instead of calling the API. Use `--no-cache` on `env run` to bypass. Cache is stored at `~/.config/1claw/env-cache.enc` (mode `0600`).
|
|
180
|
+
|
|
122
181
|
### Agents
|
|
123
182
|
|
|
124
183
|
```bash
|
|
@@ -466,6 +525,23 @@ Config is stored in `~/.config/1claw/config.json`. Keys:
|
|
|
466
525
|
| `output-format` | `table` | Default output: `table`, `json`, or `plain` |
|
|
467
526
|
| `default-vault` | (none) | Default vault ID for commands |
|
|
468
527
|
|
|
528
|
+
## DPoP (Proof-of-Possession)
|
|
529
|
+
|
|
530
|
+
Enable [DPoP (RFC 9449)](https://datatracker.ietf.org/doc/html/rfc9449) to bind agent tokens to a persistent P-256 keypair. Stolen tokens are unusable without the matching private key.
|
|
531
|
+
|
|
532
|
+
```bash
|
|
533
|
+
export ONECLAW_DPOP=true
|
|
534
|
+
1claw agent token <id> # Token exchange includes DPoP proof + public JWK
|
|
535
|
+
```
|
|
536
|
+
|
|
537
|
+
When `ONECLAW_DPOP=true` is set, the CLI:
|
|
538
|
+
|
|
539
|
+
1. Generates a P-256 ECDSA keypair on first use and persists it at `~/.config/1claw/dpop-key.json` (mode `0600`).
|
|
540
|
+
2. Sends the public JWK during token exchange (`POST /v1/auth/agent-token`).
|
|
541
|
+
3. Attaches a `DPoP` proof JWT header to every API request.
|
|
542
|
+
|
|
543
|
+
The keypair is reused across sessions. To rotate it, delete `~/.config/1claw/dpop-key.json` — a new keypair is generated on the next request. Any tokens bound to the old key become invalid.
|
|
544
|
+
|
|
469
545
|
## CI/CD examples
|
|
470
546
|
|
|
471
547
|
### GitHub Actions
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export interface AiClient {
|
|
2
|
+
name: string;
|
|
3
|
+
slug: string;
|
|
4
|
+
configPath: string;
|
|
5
|
+
configFormat: "mcpServers" | "servers" | "zed" | "claude-code";
|
|
6
|
+
detected: boolean;
|
|
7
|
+
}
|
|
8
|
+
export declare function detectAiClients(): AiClient[];
|
|
9
|
+
export interface McpServerEntry {
|
|
10
|
+
command: string;
|
|
11
|
+
args: string[];
|
|
12
|
+
env: Record<string, string>;
|
|
13
|
+
}
|
|
14
|
+
export declare function buildMcpEntry(envVars: Record<string, string>): McpServerEntry;
|
|
15
|
+
export declare function configureClient(client: AiClient, entry: McpServerEntry): {
|
|
16
|
+
success: boolean;
|
|
17
|
+
message: string;
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=ai-clients.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-clients.d.ts","sourceRoot":"","sources":["../../src/ai-clients.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,QAAQ;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,YAAY,GAAG,SAAS,GAAG,KAAK,GAAG,aAAa,CAAC;IAC/D,QAAQ,EAAE,OAAO,CAAC;CACrB;AAkBD,wBAAgB,eAAe,IAAI,QAAQ,EAAE,CAqF5C;AAED,MAAM,WAAW,cAAc;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,cAAc,CAgB7E;AAED,wBAAgB,eAAe,CAC3B,MAAM,EAAE,QAAQ,EAChB,KAAK,EAAE,cAAc,GACtB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA4EvC"}
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
|
|
2
|
+
import { homedir, platform } from "node:os";
|
|
3
|
+
import { dirname } from "node:path";
|
|
4
|
+
import { execSync } from "node:child_process";
|
|
5
|
+
function expandHome(p) {
|
|
6
|
+
return p.replace(/^~/, homedir());
|
|
7
|
+
}
|
|
8
|
+
function resolveGlobalMcpBinary() {
|
|
9
|
+
try {
|
|
10
|
+
const resolved = execSync("which 1claw-mcp 2>/dev/null", {
|
|
11
|
+
encoding: "utf-8",
|
|
12
|
+
}).trim();
|
|
13
|
+
if (resolved)
|
|
14
|
+
return resolved;
|
|
15
|
+
}
|
|
16
|
+
catch {
|
|
17
|
+
// not found globally
|
|
18
|
+
}
|
|
19
|
+
return "";
|
|
20
|
+
}
|
|
21
|
+
export function detectAiClients() {
|
|
22
|
+
const isMac = platform() === "darwin";
|
|
23
|
+
const clients = [
|
|
24
|
+
{
|
|
25
|
+
name: "Claude Desktop",
|
|
26
|
+
slug: "claude-desktop",
|
|
27
|
+
configPath: isMac
|
|
28
|
+
? "~/Library/Application Support/Claude/claude_desktop_config.json"
|
|
29
|
+
: "~/.config/claude/claude_desktop_config.json",
|
|
30
|
+
configFormat: "mcpServers",
|
|
31
|
+
detected: false,
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
name: "Claude Code",
|
|
35
|
+
slug: "claude-code",
|
|
36
|
+
configPath: "",
|
|
37
|
+
configFormat: "claude-code",
|
|
38
|
+
detected: false,
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
name: "Cursor",
|
|
42
|
+
slug: "cursor",
|
|
43
|
+
configPath: "~/.cursor/mcp.json",
|
|
44
|
+
configFormat: "mcpServers",
|
|
45
|
+
detected: false,
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
name: "Windsurf",
|
|
49
|
+
slug: "windsurf",
|
|
50
|
+
configPath: "~/.codeium/windsurf/mcp_config.json",
|
|
51
|
+
configFormat: "mcpServers",
|
|
52
|
+
detected: false,
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
name: "VS Code",
|
|
56
|
+
slug: "vscode",
|
|
57
|
+
configPath: "~/.vscode/mcp.json",
|
|
58
|
+
configFormat: "servers",
|
|
59
|
+
detected: false,
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
name: "Zed",
|
|
63
|
+
slug: "zed",
|
|
64
|
+
configPath: "~/.config/zed/settings.json",
|
|
65
|
+
configFormat: "zed",
|
|
66
|
+
detected: false,
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: "Continue.dev",
|
|
70
|
+
slug: "continue",
|
|
71
|
+
configPath: "~/.continue/config.json",
|
|
72
|
+
configFormat: "mcpServers",
|
|
73
|
+
detected: false,
|
|
74
|
+
},
|
|
75
|
+
];
|
|
76
|
+
for (const client of clients) {
|
|
77
|
+
if (client.slug === "claude-code") {
|
|
78
|
+
try {
|
|
79
|
+
execSync("which claude 2>/dev/null", { encoding: "utf-8" });
|
|
80
|
+
client.detected = true;
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
client.detected = false;
|
|
84
|
+
}
|
|
85
|
+
continue;
|
|
86
|
+
}
|
|
87
|
+
const expanded = expandHome(client.configPath);
|
|
88
|
+
if (client.slug === "cursor") {
|
|
89
|
+
client.detected =
|
|
90
|
+
existsSync(expandHome("~/.cursor")) ||
|
|
91
|
+
existsSync(expanded);
|
|
92
|
+
}
|
|
93
|
+
else if (client.slug === "vscode") {
|
|
94
|
+
client.detected =
|
|
95
|
+
existsSync(expandHome("~/.vscode")) ||
|
|
96
|
+
existsSync(expanded);
|
|
97
|
+
}
|
|
98
|
+
else {
|
|
99
|
+
client.detected =
|
|
100
|
+
existsSync(expanded) ||
|
|
101
|
+
existsSync(dirname(expanded));
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return clients;
|
|
105
|
+
}
|
|
106
|
+
export function buildMcpEntry(envVars) {
|
|
107
|
+
const globalBin = resolveGlobalMcpBinary();
|
|
108
|
+
if (globalBin) {
|
|
109
|
+
return {
|
|
110
|
+
command: globalBin,
|
|
111
|
+
args: [],
|
|
112
|
+
env: envVars,
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
return {
|
|
116
|
+
command: "npx",
|
|
117
|
+
args: ["-y", "@1claw/mcp"],
|
|
118
|
+
env: envVars,
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
export function configureClient(client, entry) {
|
|
122
|
+
if (client.configFormat === "claude-code") {
|
|
123
|
+
return configureClaudeCode(entry);
|
|
124
|
+
}
|
|
125
|
+
const configPath = expandHome(client.configPath);
|
|
126
|
+
const dir = dirname(configPath);
|
|
127
|
+
if (!existsSync(dir)) {
|
|
128
|
+
mkdirSync(dir, { recursive: true });
|
|
129
|
+
}
|
|
130
|
+
let config = {};
|
|
131
|
+
if (existsSync(configPath)) {
|
|
132
|
+
try {
|
|
133
|
+
config = JSON.parse(readFileSync(configPath, "utf-8"));
|
|
134
|
+
}
|
|
135
|
+
catch {
|
|
136
|
+
return {
|
|
137
|
+
success: false,
|
|
138
|
+
message: `Failed to parse ${configPath}`,
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
const serverStanza = {
|
|
143
|
+
command: entry.command,
|
|
144
|
+
args: entry.args,
|
|
145
|
+
env: entry.env,
|
|
146
|
+
};
|
|
147
|
+
switch (client.configFormat) {
|
|
148
|
+
case "mcpServers": {
|
|
149
|
+
if (!config.mcpServers || typeof config.mcpServers !== "object") {
|
|
150
|
+
config.mcpServers = {};
|
|
151
|
+
}
|
|
152
|
+
config.mcpServers["1claw"] =
|
|
153
|
+
serverStanza;
|
|
154
|
+
break;
|
|
155
|
+
}
|
|
156
|
+
case "servers": {
|
|
157
|
+
if (!config.servers || typeof config.servers !== "object") {
|
|
158
|
+
config.servers = {};
|
|
159
|
+
}
|
|
160
|
+
config.servers["1claw"] =
|
|
161
|
+
serverStanza;
|
|
162
|
+
break;
|
|
163
|
+
}
|
|
164
|
+
case "zed": {
|
|
165
|
+
if (!config.context_servers ||
|
|
166
|
+
typeof config.context_servers !== "object") {
|
|
167
|
+
config.context_servers = {};
|
|
168
|
+
}
|
|
169
|
+
config.context_servers["1claw"] = {
|
|
170
|
+
command: {
|
|
171
|
+
path: entry.command,
|
|
172
|
+
args: entry.args,
|
|
173
|
+
env: entry.env,
|
|
174
|
+
},
|
|
175
|
+
settings: {},
|
|
176
|
+
};
|
|
177
|
+
break;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
const tmpPath = configPath + ".1claw-tmp";
|
|
181
|
+
writeFileSync(tmpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
|
|
182
|
+
const { renameSync } = require("node:fs");
|
|
183
|
+
renameSync(tmpPath, configPath);
|
|
184
|
+
return {
|
|
185
|
+
success: true,
|
|
186
|
+
message: `Configured ${client.name} at ${configPath}`,
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
function configureClaudeCode(entry) {
|
|
190
|
+
const envArgs = Object.entries(entry.env)
|
|
191
|
+
.flatMap(([k, v]) => ["-e", `${k}=${v}`]);
|
|
192
|
+
const cmdParts = [
|
|
193
|
+
"claude", "mcp", "add",
|
|
194
|
+
"-s", "user",
|
|
195
|
+
...envArgs,
|
|
196
|
+
"1claw",
|
|
197
|
+
"--",
|
|
198
|
+
entry.command,
|
|
199
|
+
...entry.args,
|
|
200
|
+
];
|
|
201
|
+
try {
|
|
202
|
+
execSync(cmdParts.join(" "), {
|
|
203
|
+
encoding: "utf-8",
|
|
204
|
+
stdio: "pipe",
|
|
205
|
+
});
|
|
206
|
+
return {
|
|
207
|
+
success: true,
|
|
208
|
+
message: "Configured Claude Code via `claude mcp add`",
|
|
209
|
+
};
|
|
210
|
+
}
|
|
211
|
+
catch (err) {
|
|
212
|
+
return {
|
|
213
|
+
success: false,
|
|
214
|
+
message: `Failed to configure Claude Code: ${err.message}`,
|
|
215
|
+
};
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
//# sourceMappingURL=ai-clients.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-clients.js","sourceRoot":"","sources":["../../src/ai-clients.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAQ,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAU9C,SAAS,UAAU,CAAC,CAAS;IACzB,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,sBAAsB;IAC3B,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,6BAA6B,EAAE;YACrD,QAAQ,EAAE,OAAO;SACpB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACL,qBAAqB;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAED,MAAM,UAAU,eAAe;IAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,KAAK,QAAQ,CAAC;IAEtC,MAAM,OAAO,GAAe;QACxB;YACI,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,KAAK;gBACb,CAAC,CAAC,iEAAiE;gBACnE,CAAC,CAAC,6CAA6C;YACnD,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,aAAa;YACnB,UAAU,EAAE,EAAE;YACd,YAAY,EAAE,aAAa;YAC3B,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,qCAAqC;YACjD,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,SAAS;YACvB,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,6BAA6B;YACzC,YAAY,EAAE,KAAK;YACnB,QAAQ,EAAE,KAAK;SAClB;QACD;YACI,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,yBAAyB;YACrC,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,KAAK;SAClB;KACJ,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC3B,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC;gBACD,QAAQ,CAAC,0BAA0B,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC5D,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACL,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;YAC5B,CAAC;YACD,SAAS;QACb,CAAC;QAED,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,CAAC,QAAQ;gBACX,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;oBACnC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,CAAC,QAAQ;gBACX,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;oBACnC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACJ,MAAM,CAAC,QAAQ;gBACX,UAAU,CAAC,QAAQ,CAAC;oBACpB,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAQD,MAAM,UAAU,aAAa,CAAC,OAA+B;IACzD,MAAM,SAAS,GAAG,sBAAsB,EAAE,CAAC;IAE3C,IAAI,SAAS,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,SAAS;YAClB,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,OAAO;SACf,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC;QAC1B,GAAG,EAAE,OAAO;KACf,CAAC;AACN,CAAC;AAED,MAAM,UAAU,eAAe,CAC3B,MAAgB,EAChB,KAAqB;IAErB,IAAI,MAAM,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;QACxC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEjD,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACD,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACL,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,mBAAmB,UAAU,EAAE;aAC3C,CAAC;QACN,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG;QACjB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,GAAG,EAAE,KAAK,CAAC,GAAG;KACjB,CAAC;IAEF,QAAQ,MAAM,CAAC,YAAY,EAAE,CAAC;QAC1B,KAAK,YAAY,CAAC,CAAC,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBAC9D,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;YAC3B,CAAC;YACA,MAAM,CAAC,UAAsC,CAAC,OAAO,CAAC;gBACnD,YAAY,CAAC;YACjB,MAAM;QACV,CAAC;QACD,KAAK,SAAS,CAAC,CAAC,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACxD,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC;YACxB,CAAC;YACA,MAAM,CAAC,OAAmC,CAAC,OAAO,CAAC;gBAChD,YAAY,CAAC;YACjB,MAAM;QACV,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACT,IACI,CAAC,MAAM,CAAC,eAAe;gBACvB,OAAO,MAAM,CAAC,eAAe,KAAK,QAAQ,EAC5C,CAAC;gBACC,MAAM,CAAC,eAAe,GAAG,EAAE,CAAC;YAChC,CAAC;YACA,MAAM,CAAC,eAA2C,CAAC,OAAO,CAAC,GAAG;gBAC3D,OAAO,EAAE;oBACL,IAAI,EAAE,KAAK,CAAC,OAAO;oBACnB,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;iBACjB;gBACD,QAAQ,EAAE,EAAE;aACf,CAAC;YACF,MAAM;QACV,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,GAAG,YAAY,CAAC;IAC1C,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAExE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC1C,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAEhC,OAAO;QACH,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,cAAc,MAAM,CAAC,IAAI,OAAO,UAAU,EAAE;KACxD,CAAC;AACN,CAAC;AAED,SAAS,mBAAmB,CACxB,KAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;SACpC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG;QACb,QAAQ,EAAE,KAAK,EAAE,KAAK;QACtB,IAAI,EAAE,MAAM;QACZ,GAAG,OAAO;QACV,OAAO;QACP,IAAI;QACJ,KAAK,CAAC,OAAO;QACb,GAAG,KAAK,CAAC,IAAI;KAChB,CAAC;IAEF,IAAI,CAAC;QACD,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACzB,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,MAAM;SAChB,CAAC,CAAC;QACH,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,6CAA6C;SACzD,CAAC;IACN,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,OAAO;YACH,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,oCAAqC,GAAa,CAAC,OAAO,EAAE;SACxE,CAAC;IACN,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export declare function getOrCreateDPoPKey(): Promise<CryptoKeyPair>;
|
|
2
|
+
export declare function getPublicJwk(): Promise<JsonWebKey>;
|
|
3
|
+
export declare function generateDPoPProof(method: string, url: string): Promise<string>;
|
|
4
|
+
export declare function isDPoPEnabled(): boolean;
|
|
5
|
+
//# sourceMappingURL=dpop.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../../src/auth/dpop.ts"],"names":[],"mappings":"AAgBA,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC,CAiDjE;AAED,wBAAsB,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC,CAKxD;AAED,wBAAsB,iBAAiB,CACnC,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,CAiCjB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { readFileSync, writeFileSync, mkdirSync } from "node:fs";
|
|
2
|
+
import { join } from "node:path";
|
|
3
|
+
import { homedir } from "node:os";
|
|
4
|
+
const configDir = process.env.ONECLAW_CONFIG_DIR || join(homedir(), ".config", "1claw");
|
|
5
|
+
const DPOP_KEY_PATH = join(configDir, "dpop-key.json");
|
|
6
|
+
let cachedKeyPair = null;
|
|
7
|
+
let cachedPublicJwk = null;
|
|
8
|
+
export async function getOrCreateDPoPKey() {
|
|
9
|
+
if (cachedKeyPair)
|
|
10
|
+
return cachedKeyPair;
|
|
11
|
+
try {
|
|
12
|
+
const stored = JSON.parse(readFileSync(DPOP_KEY_PATH, "utf8"));
|
|
13
|
+
const privateKey = await crypto.subtle.importKey("jwk", stored.private, { name: "ECDSA", namedCurve: "P-256" }, true, ["sign"]);
|
|
14
|
+
const publicKey = await crypto.subtle.importKey("jwk", stored.public, { name: "ECDSA", namedCurve: "P-256" }, true, ["verify"]);
|
|
15
|
+
cachedKeyPair = { privateKey, publicKey };
|
|
16
|
+
cachedPublicJwk = stored.public;
|
|
17
|
+
return cachedKeyPair;
|
|
18
|
+
}
|
|
19
|
+
catch {
|
|
20
|
+
// Generate new keypair
|
|
21
|
+
const keyPair = await crypto.subtle.generateKey({ name: "ECDSA", namedCurve: "P-256" }, true, ["sign", "verify"]);
|
|
22
|
+
const privateJwk = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
|
|
23
|
+
const publicJwk = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
|
|
24
|
+
mkdirSync(configDir, { recursive: true });
|
|
25
|
+
writeFileSync(DPOP_KEY_PATH, JSON.stringify({ private: privateJwk, public: publicJwk }), { mode: 0o600 });
|
|
26
|
+
cachedKeyPair = keyPair;
|
|
27
|
+
cachedPublicJwk = publicJwk;
|
|
28
|
+
return keyPair;
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
export async function getPublicJwk() {
|
|
32
|
+
if (cachedPublicJwk)
|
|
33
|
+
return cachedPublicJwk;
|
|
34
|
+
const kp = await getOrCreateDPoPKey();
|
|
35
|
+
cachedPublicJwk = await crypto.subtle.exportKey("jwk", kp.publicKey);
|
|
36
|
+
return cachedPublicJwk;
|
|
37
|
+
}
|
|
38
|
+
export async function generateDPoPProof(method, url) {
|
|
39
|
+
const keyPair = await getOrCreateDPoPKey();
|
|
40
|
+
const publicJwk = await getPublicJwk();
|
|
41
|
+
const header = {
|
|
42
|
+
typ: "dpop+jwt",
|
|
43
|
+
alg: "ES256",
|
|
44
|
+
jwk: {
|
|
45
|
+
kty: publicJwk.kty,
|
|
46
|
+
crv: publicJwk.crv,
|
|
47
|
+
x: publicJwk.x,
|
|
48
|
+
y: publicJwk.y,
|
|
49
|
+
},
|
|
50
|
+
};
|
|
51
|
+
const payload = {
|
|
52
|
+
jti: crypto.randomUUID(),
|
|
53
|
+
htm: method.toUpperCase(),
|
|
54
|
+
htu: stripQuery(url),
|
|
55
|
+
iat: Math.floor(Date.now() / 1000),
|
|
56
|
+
};
|
|
57
|
+
const headerB64 = base64url(JSON.stringify(header));
|
|
58
|
+
const payloadB64 = base64url(JSON.stringify(payload));
|
|
59
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
60
|
+
const signature = await crypto.subtle.sign({ name: "ECDSA", hash: "SHA-256" }, keyPair.privateKey, new TextEncoder().encode(signingInput));
|
|
61
|
+
return `${signingInput}.${base64urlFromBuffer(signature)}`;
|
|
62
|
+
}
|
|
63
|
+
export function isDPoPEnabled() {
|
|
64
|
+
return process.env.ONECLAW_DPOP === "true";
|
|
65
|
+
}
|
|
66
|
+
function stripQuery(url) {
|
|
67
|
+
try {
|
|
68
|
+
const u = new URL(url);
|
|
69
|
+
return `${u.protocol}//${u.host}${u.pathname}`;
|
|
70
|
+
}
|
|
71
|
+
catch {
|
|
72
|
+
return url.split("?")[0];
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
function base64url(str) {
|
|
76
|
+
return Buffer.from(str, "utf8").toString("base64url");
|
|
77
|
+
}
|
|
78
|
+
function base64urlFromBuffer(buf) {
|
|
79
|
+
return Buffer.from(new Uint8Array(buf)).toString("base64url");
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=dpop.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../../../src/auth/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,SAAS,GACX,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAC1E,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;AAOvD,IAAI,aAAa,GAAyB,IAAI,CAAC;AAC/C,IAAI,eAAe,GAAsB,IAAI,CAAC;AAE9C,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACpC,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,IAAI,CAAC;QACD,MAAM,MAAM,GAAkB,IAAI,CAAC,KAAK,CACpC,YAAY,CAAC,aAAa,EAAE,MAAM,CAAC,CACtC,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5C,KAAK,EACL,MAAM,CAAC,OAAO,EACd,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,IAAI,EACJ,CAAC,MAAM,CAAC,CACX,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,MAAM,CAAC,MAAM,EACb,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,IAAI,EACJ,CAAC,QAAQ,CAAC,CACb,CAAC;QACF,aAAa,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;QAC1C,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC;QAChC,OAAO,aAAa,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACL,uBAAuB;QACvB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC3C,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,IAAI,EACJ,CAAC,MAAM,EAAE,QAAQ,CAAC,CACrB,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5C,KAAK,EACL,OAAO,CAAC,UAAU,CACrB,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,OAAO,CAAC,SAAS,CACpB,CAAC;QACF,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,aAAa,CACT,aAAa,EACb,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,EAC1D,EAAE,IAAI,EAAE,KAAK,EAAE,CAClB,CAAC;QACF,aAAa,GAAG,OAAO,CAAC;QACxB,eAAe,GAAG,SAAS,CAAC;QAC5B,OAAO,OAAO,CAAC;IACnB,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAC9B,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAC5C,MAAM,EAAE,GAAG,MAAM,kBAAkB,EAAE,CAAC;IACtC,eAAe,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC;IACrE,OAAO,eAAe,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACnC,MAAc,EACd,GAAW;IAEX,MAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG;QACX,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE;YACD,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,CAAC,EAAE,SAAS,CAAC,CAAC;SACjB;KACJ,CAAC;IAEF,MAAM,OAAO,GAAG;QACZ,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;QACxB,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE;QACzB,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC;QACpB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KACrC,CAAC;IAEF,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACtC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAClC,OAAO,CAAC,UAAU,EAClB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACzC,CAAC;IAEF,OAAO,GAAG,YAAY,IAAI,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,aAAa;IACzB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC3B,IAAI,CAAC;QACD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAgB;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAClE,CAAC"}
|
package/dist/src/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAGA,qBAAa,QAAS,SAAQ,KAAK;IAEpB,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IACd,IAAI,CAAC,EAAE,MAAM;gBAFb,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,YAAA;CAK3B;AAgBD,wBAAsB,GAAG,CAAC,CAAC,GAAG,OAAO,EACjC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IACL,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,GACP,OAAO,CAAC,CAAC,CAAC,CAqCZ;AAED,wBAAsB,SAAS,CAAC,CAAC,GAAG,OAAO,EACvC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IACL,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;CAC5D,GACP,OAAO,CAAC,CAAC,CAAC,CAEZ"}
|
package/dist/src/client.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { getApiUrl, getToken } from "./config.js";
|
|
2
|
+
import { isDPoPEnabled, generateDPoPProof } from "./auth/dpop.js";
|
|
2
3
|
export class ApiError extends Error {
|
|
3
4
|
status;
|
|
4
5
|
detail;
|
|
@@ -33,6 +34,7 @@ export async function api(path, options = {}) {
|
|
|
33
34
|
url.searchParams.set(k, String(v));
|
|
34
35
|
}
|
|
35
36
|
}
|
|
37
|
+
const method = options.method ?? "GET";
|
|
36
38
|
const headers = {
|
|
37
39
|
"Content-Type": "application/json",
|
|
38
40
|
"User-Agent": "@1claw/cli",
|
|
@@ -40,8 +42,11 @@ export async function api(path, options = {}) {
|
|
|
40
42
|
};
|
|
41
43
|
if (token)
|
|
42
44
|
headers["Authorization"] = `Bearer ${token}`;
|
|
45
|
+
if (isDPoPEnabled()) {
|
|
46
|
+
headers["DPoP"] = await generateDPoPProof(method, url.toString());
|
|
47
|
+
}
|
|
43
48
|
const res = await fetch(url.toString(), {
|
|
44
|
-
method
|
|
49
|
+
method,
|
|
45
50
|
headers,
|
|
46
51
|
body: options.body ? JSON.stringify(options.body) : undefined,
|
|
47
52
|
});
|
package/dist/src/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAgB,MAAM,gBAAgB,CAAC;AAEhF,MAAM,OAAO,QAAS,SAAQ,KAAK;IAEpB;IACA;IACA;IAHX,YACW,MAAc,EACd,MAAc,EACd,IAAa;QAEpB,KAAK,CAAC,GAAG,MAAM,KAAK,MAAM,EAAE,CAAC,CAAC;QAJvB,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAS;QAGpB,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IAC3B,CAAC;CACJ;AAED,KAAK,UAAU,cAAc,CACzB,GAAa;IAEb,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC1D,OAAO;YACH,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,UAAU;YACnE,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC;IACtC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,GAAG,CACrB,IAAY,EACZ,UAMI,EAAE;IAEN,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;IAE3C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,IAAI,CAAC,KAAK,SAAS;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IACvC,MAAM,OAAO,GAA2B;QACpC,cAAc,EAAE,kBAAkB;QAClC,YAAY,EAAE,YAAY;QAC1B,GAAG,OAAO,CAAC,OAAO;KACrB,CAAC;IACF,IAAI,KAAK;QAAE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAExD,IAAI,aAAa,EAAE,EAAE,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;QACpC,MAAM;QACN,OAAO;QACP,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KAChE,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACV,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,SAAc,CAAC;IAE9C,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC3B,IAAY,EACZ,UAII,EAAE;IAEN,OAAO,GAAG,CAAI,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/commands/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/commands/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAwBpC,eAAO,MAAM,UAAU,SAEtB,CAAC"}
|