@1presence/bridge 0.40.0 → 0.43.0

package/dist/accumulator.js

@@ -1,8 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeBridgeAccumulator = makeBridgeAccumulator;
-exports.postSaveTurn = postSaveTurn;
-function makeBridgeAccumulator() {
+export function makeBridgeAccumulator() {
     const state = {
         assistantText: '',
         toolCalls: [],
@@ -105,7 +101,7 @@ function makeBridgeAccumulator() {
         },
     };
 }
-async function postSaveTurn(gatewayHttp, token, record) {
+export async function postSaveTurn(gatewayHttp, token, record) {
     let res;
     try {
         res = await fetch(`${gatewayHttp}/bridge/save-turn`, {

package/dist/auth.js

@@ -1,20 +1,14 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthCancelledError = void 0;
-exports.isTokenValid = isTokenValid;
-exports.ensureFreshToken = ensureFreshToken;
-exports.getValidAuth = getValidAuth;
-const http_1 = require("http");
-const fs_1 = require("fs");
-const os_1 = require("os");
-const path_1 = require("path");
-const child_process_1 = require("child_process");
-const crypto_1 = require("crypto");
+import { createServer } from 'http';
+import { rmSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+import { exec } from 'child_process';
+import { randomBytes, timingSafeEqual } from 'crypto';
 // Auth lives only in process memory. Earlier versions persisted tokens to
 // ~/.1presence/auth.json; remove any leftover file on startup so a stale,
 // permission-bearing token can't survive a bridge restart.
-const LEGACY_AUTH_FILE = (0, path_1.join)((0, os_1.homedir)(), '.1presence', 'auth.json');
-(0, fs_1.rmSync)(LEGACY_AUTH_FILE, { force: true });
+const LEGACY_AUTH_FILE = join(homedir(), '.1presence', 'auth.json');
+rmSync(LEGACY_AUTH_FILE, { force: true });
 // ─── JWT helpers ──────────────────────────────────────────────────────────────
 function parseJwt(token) {
     try {
@@ -26,7 +20,7 @@ function parseJwt(token) {
         return {};
     }
 }
-function isTokenValid(token) {
+export function isTokenValid(token) {
     const { exp } = parseJwt(token);
     if (!exp)
         return false;
@@ -45,15 +39,14 @@ function openBrowser(url) {
     const cmd = platform === 'darwin' ? `open "${url}"`
         : platform === 'win32' ? `start "" "${url}"`
             : `xdg-open "${url}"`;
-    (0, child_process_1.exec)(cmd, (err) => {
+    exec(cmd, (err) => {
         if (err)
             console.error('Could not open browser automatically. Please open this URL manually:\n' + url);
     });
 }
-class AuthCancelledError extends Error {
+export class AuthCancelledError extends Error {
     constructor() { super('Sign-in cancelled — the browser tab was closed.'); }
 }
-exports.AuthCancelledError = AuthCancelledError;
 function runBrowserAuthFlow(gatewayUrl, pwaUrl) {
     return new Promise((resolve, reject) => {
         let resolved = false;
@@ -61,7 +54,7 @@ function runBrowserAuthFlow(gatewayUrl, pwaUrl) {
         // required on every request to this localhost server. Without it, a
         // malicious page in the user's browser could scan ephemeral ports during
         // the auth window and POST a forged token to hijack the bridge.
-        const nonce = (0, crypto_1.randomBytes)(32).toString('base64url');
+        const nonce = randomBytes(32).toString('base64url');
         const nonceBuf = Buffer.from(nonce, 'utf-8');
         function checkNonce(provided) {
             if (!provided)
@@ -69,7 +62,7 @@ function runBrowserAuthFlow(gatewayUrl, pwaUrl) {
             const provBuf = Buffer.from(provided, 'utf-8');
             if (provBuf.length !== nonceBuf.length)
                 return false;
-            return (0, crypto_1.timingSafeEqual)(provBuf, nonceBuf);
+            return timingSafeEqual(provBuf, nonceBuf);
         }
         // CORS allowlist scoped to the legitimate PWA origin only.
         const pwaOrigin = (() => {
@@ -80,7 +73,7 @@ function runBrowserAuthFlow(gatewayUrl, pwaUrl) {
                 return null;
             }
         })();
-        const server = (0, http_1.createServer)((req, res) => {
+        const server = createServer((req, res) => {
             const reqOrigin = req.headers['origin'] ?? '';
             if (pwaOrigin && reqOrigin === pwaOrigin) {
                 res.setHeader('Access-Control-Allow-Origin', pwaOrigin);
@@ -187,7 +180,7 @@ async function refreshIdToken(refreshToken) {
     return data.id_token;
 }
 /** Returns auth with a fresh ID token. Refreshes in-memory if <10 minutes remain. */
-async function ensureFreshToken(auth) {
+export async function ensureFreshToken(auth) {
     const { exp } = parseJwt(auth.token);
     const tenMinutes = 10 * 60;
     if (exp && exp > Math.floor(Date.now() / 1000) + tenMinutes)
@@ -201,7 +194,7 @@ async function ensureFreshToken(auth) {
 // No cache — every bridge launch goes through the browser flow. This means
 // permission revocations take effect on the next restart, and the PWA's
 // CliAuthPage no-permission screen is what users see if access is denied.
-async function getValidAuth(gatewayUrl, pwaUrl) {
+export async function getValidAuth(gatewayUrl, pwaUrl) {
     console.log('Sign-in required.');
     return runBrowserAuthFlow(gatewayUrl, pwaUrl);
 }