@aigne/afs-cli 1.11.0-beta.10 → 1.11.0-beta.11

package/dist/credential/mcp-auth-context.cjs

@@ -64,7 +64,13 @@ function createMCPAuthContext(options) {
 				if (result.action === "decline") return "declined";
 				return "cancelled";
 			} catch {
-				return "cancelled";
+				try {
+					console.error(`\n${message}\n${url}`);
+					await (openURLFn ?? openURL)(url);
+					return "accepted";
+				} catch {
+					return "cancelled";
+				}
 			}
 		}
 	};

package/dist/credential/mcp-auth-context.mjs

@@ -63,7 +63,13 @@ function createMCPAuthContext(options) {
 				if (result.action === "decline") return "declined";
 				return "cancelled";
 			} catch {
-				return "cancelled";
+				try {
+					console.error(`\n${message}\n${url}`);
+					await (openURLFn ?? openURL)(url);
+					return "accepted";
+				} catch {
+					return "cancelled";
+				}
 			}
 		}
 	};

package/dist/credential/mcp-auth-context.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-auth-context.mjs","names":[],"sources":["../../src/credential/mcp-auth-context.ts"],"sourcesContent":["/**\n * MCP AuthContext implementation.\n *\n * Uses MCP elicitation protocol to collect credentials:\n * - Non-sensitive fields: form mode (Client renders UI)\n * - Sensitive fields: URL mode (local HTTP server, data never passes through Client/LLM)\n *\n * Requires an MCP Server instance that supports elicitation.\n */\n\nimport { execFile } from \"node:child_process\";\nimport { randomBytes } from \"node:crypto\";\nimport type { AuthContext, CallbackServer, JSONSchema7 } from \"@aigne/afs\";\nimport { getSensitiveFields } from \"@aigne/afs/utils/schema\";\nimport type { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { createAuthServer } from \"./auth-server.js\";\n\nexport interface MCPAuthContextOptions {\n  /** The MCP Server instance (for sending elicitation requests) */\n  server: Server;\n  /** Pre-resolved fields from Step 2 (env/store/config) */\n  resolved?: Record<string, unknown>;\n  /** Override browser URL opener (for testing). Falls back to platform-default open. */\n  openURL?: (url: string) => Promise<void>;\n}\n\n/**\n * Create an MCP AuthContext for MCP-based credential collection.\n */\nexport function createMCPAuthContext(options: MCPAuthContextOptions): AuthContext {\n  const { server } = options;\n  const resolved = options.resolved ?? {};\n  const openURLFn = options.openURL;\n\n  return {\n    get resolved() {\n      return { ...resolved };\n    },\n\n    async collect(schema: JSONSchema7): Promise<Record<string, unknown> | null> {\n      const properties = (schema as any).properties;\n      if (!properties || typeof properties !== \"object\") return {};\n\n      const sensitiveFields = new Set(getSensitiveFields(schema));\n      const hasSensitive = sensitiveFields.size > 0;\n\n      // Strategy: try elicitation first, fall back to browser if client doesn't support it.\n      // ElicitationUnsupportedError means \"not supported\" → try next mode.\n      // null means \"user declined/cancelled\" → stop and return null.\n\n      if (hasSensitive) {\n        // Sensitive fields: try URL mode (data stays local, never through Client/LLM)\n        try {\n          return await collectViaURLMode(server, schema);\n        } catch (err) {\n          if (!(err instanceof ElicitationUnsupportedError)) throw err;\n        }\n        // URL mode not supported — browser fallback (also keeps data local)\n        return collectViaBrowser(schema, openURLFn);\n      }\n\n      // Non-sensitive only: try form mode (Client renders UI)\n      try {\n        return await collectViaFormMode(server, schema);\n      } catch (err) {\n        if (!(err instanceof ElicitationUnsupportedError)) throw err;\n      }\n\n      // Form mode not supported — browser fallback\n      return collectViaBrowser(schema, openURLFn);\n    },\n\n    async createCallbackServer(): Promise<CallbackServer> {\n      const authServer = await createAuthServer();\n      return {\n        callbackURL: authServer.callbackURL,\n        waitForCallback: authServer.waitForCallback.bind(authServer),\n        close: authServer.close.bind(authServer),\n      };\n    },\n\n    async requestOpenURL(\n      url: string,\n      message: string,\n    ): Promise<\"accepted\" | \"declined\" | \"cancelled\"> {\n      try {\n        const elicitationId = randomBytes(16).toString(\"hex\");\n        const result = await server.elicitInput({\n          mode: \"url\",\n          message,\n          url,\n          elicitationId,\n        });\n\n        if (result.action === \"accept\") return \"accepted\";\n        if (result.action === \"decline\") return \"declined\";\n        return \"cancelled\";\n      } catch {\n        // Client doesn't support elicitation — try direct open\n        return \"cancelled\";\n      }\n    },\n  };\n}\n\n/** Sentinel error: elicitation mode not supported by client */\nclass ElicitationUnsupportedError extends Error {\n  constructor(mode: string) {\n    super(`Client does not support ${mode} elicitation`);\n  }\n}\n\n/**\n * Collect non-sensitive fields via MCP form mode elicitation.\n *\n * @throws ElicitationUnsupportedError if client doesn't support form mode\n * @returns collected values, or null if user declined/cancelled\n */\nasync function collectViaFormMode(\n  server: Server,\n  schema: JSONSchema7,\n): Promise<Record<string, unknown> | null> {\n  const properties = (schema as any).properties || {};\n  const required = (schema as any).required || [];\n\n  // Build elicitation form schema (simplified for MCP form mode)\n  const formProperties: Record<string, any> = {};\n  for (const [key, prop] of Object.entries(properties) as [string, any][]) {\n    formProperties[key] = {\n      type: \"string\",\n      ...(prop.description ? { description: prop.description } : {}),\n      ...(prop.title ? { title: prop.title } : {}),\n      ...(prop.default != null ? { default: prop.default } : {}),\n    };\n  }\n\n  try {\n    const result = await server.elicitInput({\n      mode: \"form\",\n      message: \"Please provide the required configuration:\",\n      requestedSchema: {\n        type: \"object\" as const,\n        properties: formProperties,\n        required,\n      },\n    });\n\n    if (result.action === \"accept\" && result.content) {\n      return result.content as Record<string, unknown>;\n    }\n\n    // User declined or cancelled\n    return null;\n  } catch {\n    // Client doesn't support form elicitation\n    throw new ElicitationUnsupportedError(\"form\");\n  }\n}\n\n/**\n * Collect fields containing sensitive data via URL mode.\n * Starts a local HTTP server, sends URL mode elicitation so Client opens the browser.\n * Form data goes directly from browser to local server (never through Client/LLM).\n *\n * @throws ElicitationUnsupportedError if client doesn't support URL mode\n * @returns collected values, or null if user declined/cancelled\n */\nasync function collectViaURLMode(\n  server: Server,\n  schema: JSONSchema7,\n): Promise<Record<string, unknown> | null> {\n  const authServer = await createAuthServer();\n\n  try {\n    const elicitationId = randomBytes(16).toString(\"hex\");\n    const formURL = `${authServer.baseURL}/auth?nonce=${authServer.nonce}`;\n\n    // Send URL mode elicitation to client — let errors propagate\n    let elicitResult: { action: string };\n    try {\n      elicitResult = await server.elicitInput({\n        mode: \"url\",\n        message: \"Please fill in the credential form in your browser:\",\n        url: formURL,\n        elicitationId,\n      });\n    } catch {\n      // Client doesn't support URL elicitation\n      throw new ElicitationUnsupportedError(\"url\");\n    }\n\n    if (elicitResult.action !== \"accept\") {\n      // User declined or cancelled\n      return null;\n    }\n\n    // Client accepted — wait for form submission with timeout\n    const result = await authServer.waitForForm(schema as Record<string, any>, {\n      title: \"AFS Credential Collection\",\n      timeout: 120_000, // 2-minute safety timeout\n    });\n\n    // Notify client that elicitation is complete\n    try {\n      const notifyComplete = server.createElicitationCompletionNotifier(elicitationId);\n      await notifyComplete();\n    } catch {\n      // Notification failure is non-critical\n    }\n\n    return result;\n  } finally {\n    authServer.close();\n  }\n}\n\n/**\n * Fallback: collect credentials by opening a browser directly.\n * Used when MCP client doesn't support elicitation protocol.\n */\nasync function collectViaBrowser(\n  schema: JSONSchema7,\n  openURLFn?: (url: string) => Promise<void>,\n): Promise<Record<string, unknown> | null> {\n  const properties = (schema as any).properties || {};\n  if (Object.keys(properties).length === 0) return {};\n\n  const authServer = await createAuthServer();\n  const formURL = `${authServer.baseURL}/auth?nonce=${authServer.nonce}`;\n\n  console.error(`\\nPlease fill in credentials in your browser:\\n${formURL}`);\n\n  try {\n    await (openURLFn ?? openURL)(formURL);\n  } catch {\n    // Browser failed to open; URL is already printed above\n  }\n\n  try {\n    const result = await authServer.waitForForm(schema as Record<string, any>, {\n      title: \"AFS Credential Collection\",\n    });\n    return result;\n  } finally {\n    authServer.close();\n  }\n}\n\n/**\n * Open a URL in the default browser.\n */\nfunction openURL(url: string): Promise<void> {\n  const cmd =\n    process.platform === \"darwin\" ? \"open\" : process.platform === \"win32\" ? \"cmd\" : \"xdg-open\";\n\n  const args = process.platform === \"win32\" ? [\"/c\", \"start\", \"\", url] : [url];\n\n  return new Promise((resolve, reject) => {\n    execFile(cmd, args, (err) => {\n      if (err) reject(err);\n      else resolve();\n    });\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AA6BA,SAAgB,qBAAqB,SAA6C;CAChF,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,QAAQ,YAAY,EAAE;CACvC,MAAM,YAAY,QAAQ;AAE1B,QAAO;EACL,IAAI,WAAW;AACb,UAAO,EAAE,GAAG,UAAU;;EAGxB,MAAM,QAAQ,QAA8D;GAC1E,MAAM,aAAc,OAAe;AACnC,OAAI,CAAC,cAAc,OAAO,eAAe,SAAU,QAAO,EAAE;AAS5D,OAPwB,IAAI,IAAI,mBAAmB,OAAO,CAAC,CACtB,OAAO,GAM1B;AAEhB,QAAI;AACF,YAAO,MAAM,kBAAkB,QAAQ,OAAO;aACvC,KAAK;AACZ,SAAI,EAAE,eAAe,6BAA8B,OAAM;;AAG3D,WAAO,kBAAkB,QAAQ,UAAU;;AAI7C,OAAI;AACF,WAAO,MAAM,mBAAmB,QAAQ,OAAO;YACxC,KAAK;AACZ,QAAI,EAAE,eAAe,6BAA8B,OAAM;;AAI3D,UAAO,kBAAkB,QAAQ,UAAU;;EAG7C,MAAM,uBAAgD;GACpD,MAAM,aAAa,MAAM,kBAAkB;AAC3C,UAAO;IACL,aAAa,WAAW;IACxB,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;IAC5D,OAAO,WAAW,MAAM,KAAK,WAAW;IACzC;;EAGH,MAAM,eACJ,KACA,SACgD;AAChD,OAAI;IACF,MAAM,gBAAgB,YAAY,GAAG,CAAC,SAAS,MAAM;IACrD,MAAM,SAAS,MAAM,OAAO,YAAY;KACtC,MAAM;KACN;KACA;KACA;KACD,CAAC;AAEF,QAAI,OAAO,WAAW,SAAU,QAAO;AACvC,QAAI,OAAO,WAAW,UAAW,QAAO;AACxC,WAAO;WACD;AAEN,WAAO;;;EAGZ;;;AAIH,IAAM,8BAAN,cAA0C,MAAM;CAC9C,YAAY,MAAc;AACxB,QAAM,2BAA2B,KAAK,cAAc;;;;;;;;;AAUxD,eAAe,mBACb,QACA,QACyC;CACzC,MAAM,aAAc,OAAe,cAAc,EAAE;CACnD,MAAM,WAAY,OAAe,YAAY,EAAE;CAG/C,MAAM,iBAAsC,EAAE;AAC9C,MAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,WAAW,CAClD,gBAAe,OAAO;EACpB,MAAM;EACN,GAAI,KAAK,cAAc,EAAE,aAAa,KAAK,aAAa,GAAG,EAAE;EAC7D,GAAI,KAAK,QAAQ,EAAE,OAAO,KAAK,OAAO,GAAG,EAAE;EAC3C,GAAI,KAAK,WAAW,OAAO,EAAE,SAAS,KAAK,SAAS,GAAG,EAAE;EAC1D;AAGH,KAAI;EACF,MAAM,SAAS,MAAM,OAAO,YAAY;GACtC,MAAM;GACN,SAAS;GACT,iBAAiB;IACf,MAAM;IACN,YAAY;IACZ;IACD;GACF,CAAC;AAEF,MAAI,OAAO,WAAW,YAAY,OAAO,QACvC,QAAO,OAAO;AAIhB,SAAO;SACD;AAEN,QAAM,IAAI,4BAA4B,OAAO;;;;;;;;;;;AAYjD,eAAe,kBACb,QACA,QACyC;CACzC,MAAM,aAAa,MAAM,kBAAkB;AAE3C,KAAI;EACF,MAAM,gBAAgB,YAAY,GAAG,CAAC,SAAS,MAAM;EACrD,MAAM,UAAU,GAAG,WAAW,QAAQ,cAAc,WAAW;EAG/D,IAAI;AACJ,MAAI;AACF,kBAAe,MAAM,OAAO,YAAY;IACtC,MAAM;IACN,SAAS;IACT,KAAK;IACL;IACD,CAAC;UACI;AAEN,SAAM,IAAI,4BAA4B,MAAM;;AAG9C,MAAI,aAAa,WAAW,SAE1B,QAAO;EAIT,MAAM,SAAS,MAAM,WAAW,YAAY,QAA+B;GACzE,OAAO;GACP,SAAS;GACV,CAAC;AAGF,MAAI;AAEF,SADuB,OAAO,oCAAoC,cAAc,EAC1D;UAChB;AAIR,SAAO;WACC;AACR,aAAW,OAAO;;;;;;;AAQtB,eAAe,kBACb,QACA,WACyC;CACzC,MAAM,aAAc,OAAe,cAAc,EAAE;AACnD,KAAI,OAAO,KAAK,WAAW,CAAC,WAAW,EAAG,QAAO,EAAE;CAEnD,MAAM,aAAa,MAAM,kBAAkB;CAC3C,MAAM,UAAU,GAAG,WAAW,QAAQ,cAAc,WAAW;AAE/D,SAAQ,MAAM,kDAAkD,UAAU;AAE1E,KAAI;AACF,SAAO,aAAa,SAAS,QAAQ;SAC/B;AAIR,KAAI;AAIF,SAHe,MAAM,WAAW,YAAY,QAA+B,EACzE,OAAO,6BACR,CAAC;WAEM;AACR,aAAW,OAAO;;;;;;AAOtB,SAAS,QAAQ,KAA4B;CAC3C,MAAM,MACJ,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,QAAQ;CAElF,MAAM,OAAO,QAAQ,aAAa,UAAU;EAAC;EAAM;EAAS;EAAI;EAAI,GAAG,CAAC,IAAI;AAE5E,QAAO,IAAI,SAAS,SAAS,WAAW;AACtC,WAAS,KAAK,OAAO,QAAQ;AAC3B,OAAI,IAAK,QAAO,IAAI;OACf,UAAS;IACd;GACF"}
+{"version":3,"file":"mcp-auth-context.mjs","names":[],"sources":["../../src/credential/mcp-auth-context.ts"],"sourcesContent":["/**\n * MCP AuthContext implementation.\n *\n * Uses MCP elicitation protocol to collect credentials:\n * - Non-sensitive fields: form mode (Client renders UI)\n * - Sensitive fields: URL mode (local HTTP server, data never passes through Client/LLM)\n *\n * Requires an MCP Server instance that supports elicitation.\n */\n\nimport { execFile } from \"node:child_process\";\nimport { randomBytes } from \"node:crypto\";\nimport type { AuthContext, CallbackServer, JSONSchema7 } from \"@aigne/afs\";\nimport { getSensitiveFields } from \"@aigne/afs/utils/schema\";\nimport type { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { createAuthServer } from \"./auth-server.js\";\n\nexport interface MCPAuthContextOptions {\n  /** The MCP Server instance (for sending elicitation requests) */\n  server: Server;\n  /** Pre-resolved fields from Step 2 (env/store/config) */\n  resolved?: Record<string, unknown>;\n  /** Override browser URL opener (for testing). Falls back to platform-default open. */\n  openURL?: (url: string) => Promise<void>;\n}\n\n/**\n * Create an MCP AuthContext for MCP-based credential collection.\n */\nexport function createMCPAuthContext(options: MCPAuthContextOptions): AuthContext {\n  const { server } = options;\n  const resolved = options.resolved ?? {};\n  const openURLFn = options.openURL;\n\n  return {\n    get resolved() {\n      return { ...resolved };\n    },\n\n    async collect(schema: JSONSchema7): Promise<Record<string, unknown> | null> {\n      const properties = (schema as any).properties;\n      if (!properties || typeof properties !== \"object\") return {};\n\n      const sensitiveFields = new Set(getSensitiveFields(schema));\n      const hasSensitive = sensitiveFields.size > 0;\n\n      // Strategy: try elicitation first, fall back to browser if client doesn't support it.\n      // ElicitationUnsupportedError means \"not supported\" → try next mode.\n      // null means \"user declined/cancelled\" → stop and return null.\n\n      if (hasSensitive) {\n        // Sensitive fields: try URL mode (data stays local, never through Client/LLM)\n        try {\n          return await collectViaURLMode(server, schema);\n        } catch (err) {\n          if (!(err instanceof ElicitationUnsupportedError)) throw err;\n        }\n        // URL mode not supported — browser fallback (also keeps data local)\n        return collectViaBrowser(schema, openURLFn);\n      }\n\n      // Non-sensitive only: try form mode (Client renders UI)\n      try {\n        return await collectViaFormMode(server, schema);\n      } catch (err) {\n        if (!(err instanceof ElicitationUnsupportedError)) throw err;\n      }\n\n      // Form mode not supported — browser fallback\n      return collectViaBrowser(schema, openURLFn);\n    },\n\n    async createCallbackServer(): Promise<CallbackServer> {\n      const authServer = await createAuthServer();\n      return {\n        callbackURL: authServer.callbackURL,\n        waitForCallback: authServer.waitForCallback.bind(authServer),\n        close: authServer.close.bind(authServer),\n      };\n    },\n\n    async requestOpenURL(\n      url: string,\n      message: string,\n    ): Promise<\"accepted\" | \"declined\" | \"cancelled\"> {\n      try {\n        const elicitationId = randomBytes(16).toString(\"hex\");\n        const result = await server.elicitInput({\n          mode: \"url\",\n          message,\n          url,\n          elicitationId,\n        });\n\n        if (result.action === \"accept\") return \"accepted\";\n        if (result.action === \"decline\") return \"declined\";\n        return \"cancelled\";\n      } catch {\n        // Client doesn't support elicitation — open browser directly\n        try {\n          console.error(`\\n${message}\\n${url}`);\n          await (openURLFn ?? openURL)(url);\n          return \"accepted\";\n        } catch {\n          return \"cancelled\";\n        }\n      }\n    },\n  };\n}\n\n/** Sentinel error: elicitation mode not supported by client */\nclass ElicitationUnsupportedError extends Error {\n  constructor(mode: string) {\n    super(`Client does not support ${mode} elicitation`);\n  }\n}\n\n/**\n * Collect non-sensitive fields via MCP form mode elicitation.\n *\n * @throws ElicitationUnsupportedError if client doesn't support form mode\n * @returns collected values, or null if user declined/cancelled\n */\nasync function collectViaFormMode(\n  server: Server,\n  schema: JSONSchema7,\n): Promise<Record<string, unknown> | null> {\n  const properties = (schema as any).properties || {};\n  const required = (schema as any).required || [];\n\n  // Build elicitation form schema (simplified for MCP form mode)\n  const formProperties: Record<string, any> = {};\n  for (const [key, prop] of Object.entries(properties) as [string, any][]) {\n    formProperties[key] = {\n      type: \"string\",\n      ...(prop.description ? { description: prop.description } : {}),\n      ...(prop.title ? { title: prop.title } : {}),\n      ...(prop.default != null ? { default: prop.default } : {}),\n    };\n  }\n\n  try {\n    const result = await server.elicitInput({\n      mode: \"form\",\n      message: \"Please provide the required configuration:\",\n      requestedSchema: {\n        type: \"object\" as const,\n        properties: formProperties,\n        required,\n      },\n    });\n\n    if (result.action === \"accept\" && result.content) {\n      return result.content as Record<string, unknown>;\n    }\n\n    // User declined or cancelled\n    return null;\n  } catch {\n    // Client doesn't support form elicitation\n    throw new ElicitationUnsupportedError(\"form\");\n  }\n}\n\n/**\n * Collect fields containing sensitive data via URL mode.\n * Starts a local HTTP server, sends URL mode elicitation so Client opens the browser.\n * Form data goes directly from browser to local server (never through Client/LLM).\n *\n * @throws ElicitationUnsupportedError if client doesn't support URL mode\n * @returns collected values, or null if user declined/cancelled\n */\nasync function collectViaURLMode(\n  server: Server,\n  schema: JSONSchema7,\n): Promise<Record<string, unknown> | null> {\n  const authServer = await createAuthServer();\n\n  try {\n    const elicitationId = randomBytes(16).toString(\"hex\");\n    const formURL = `${authServer.baseURL}/auth?nonce=${authServer.nonce}`;\n\n    // Send URL mode elicitation to client — let errors propagate\n    let elicitResult: { action: string };\n    try {\n      elicitResult = await server.elicitInput({\n        mode: \"url\",\n        message: \"Please fill in the credential form in your browser:\",\n        url: formURL,\n        elicitationId,\n      });\n    } catch {\n      // Client doesn't support URL elicitation\n      throw new ElicitationUnsupportedError(\"url\");\n    }\n\n    if (elicitResult.action !== \"accept\") {\n      // User declined or cancelled\n      return null;\n    }\n\n    // Client accepted — wait for form submission with timeout\n    const result = await authServer.waitForForm(schema as Record<string, any>, {\n      title: \"AFS Credential Collection\",\n      timeout: 120_000, // 2-minute safety timeout\n    });\n\n    // Notify client that elicitation is complete\n    try {\n      const notifyComplete = server.createElicitationCompletionNotifier(elicitationId);\n      await notifyComplete();\n    } catch {\n      // Notification failure is non-critical\n    }\n\n    return result;\n  } finally {\n    authServer.close();\n  }\n}\n\n/**\n * Fallback: collect credentials by opening a browser directly.\n * Used when MCP client doesn't support elicitation protocol.\n */\nasync function collectViaBrowser(\n  schema: JSONSchema7,\n  openURLFn?: (url: string) => Promise<void>,\n): Promise<Record<string, unknown> | null> {\n  const properties = (schema as any).properties || {};\n  if (Object.keys(properties).length === 0) return {};\n\n  const authServer = await createAuthServer();\n  const formURL = `${authServer.baseURL}/auth?nonce=${authServer.nonce}`;\n\n  console.error(`\\nPlease fill in credentials in your browser:\\n${formURL}`);\n\n  try {\n    await (openURLFn ?? openURL)(formURL);\n  } catch {\n    // Browser failed to open; URL is already printed above\n  }\n\n  try {\n    const result = await authServer.waitForForm(schema as Record<string, any>, {\n      title: \"AFS Credential Collection\",\n    });\n    return result;\n  } finally {\n    authServer.close();\n  }\n}\n\n/**\n * Open a URL in the default browser.\n */\nfunction openURL(url: string): Promise<void> {\n  const cmd =\n    process.platform === \"darwin\" ? \"open\" : process.platform === \"win32\" ? \"cmd\" : \"xdg-open\";\n\n  const args = process.platform === \"win32\" ? [\"/c\", \"start\", \"\", url] : [url];\n\n  return new Promise((resolve, reject) => {\n    execFile(cmd, args, (err) => {\n      if (err) reject(err);\n      else resolve();\n    });\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AA6BA,SAAgB,qBAAqB,SAA6C;CAChF,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,QAAQ,YAAY,EAAE;CACvC,MAAM,YAAY,QAAQ;AAE1B,QAAO;EACL,IAAI,WAAW;AACb,UAAO,EAAE,GAAG,UAAU;;EAGxB,MAAM,QAAQ,QAA8D;GAC1E,MAAM,aAAc,OAAe;AACnC,OAAI,CAAC,cAAc,OAAO,eAAe,SAAU,QAAO,EAAE;AAS5D,OAPwB,IAAI,IAAI,mBAAmB,OAAO,CAAC,CACtB,OAAO,GAM1B;AAEhB,QAAI;AACF,YAAO,MAAM,kBAAkB,QAAQ,OAAO;aACvC,KAAK;AACZ,SAAI,EAAE,eAAe,6BAA8B,OAAM;;AAG3D,WAAO,kBAAkB,QAAQ,UAAU;;AAI7C,OAAI;AACF,WAAO,MAAM,mBAAmB,QAAQ,OAAO;YACxC,KAAK;AACZ,QAAI,EAAE,eAAe,6BAA8B,OAAM;;AAI3D,UAAO,kBAAkB,QAAQ,UAAU;;EAG7C,MAAM,uBAAgD;GACpD,MAAM,aAAa,MAAM,kBAAkB;AAC3C,UAAO;IACL,aAAa,WAAW;IACxB,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;IAC5D,OAAO,WAAW,MAAM,KAAK,WAAW;IACzC;;EAGH,MAAM,eACJ,KACA,SACgD;AAChD,OAAI;IACF,MAAM,gBAAgB,YAAY,GAAG,CAAC,SAAS,MAAM;IACrD,MAAM,SAAS,MAAM,OAAO,YAAY;KACtC,MAAM;KACN;KACA;KACA;KACD,CAAC;AAEF,QAAI,OAAO,WAAW,SAAU,QAAO;AACvC,QAAI,OAAO,WAAW,UAAW,QAAO;AACxC,WAAO;WACD;AAEN,QAAI;AACF,aAAQ,MAAM,KAAK,QAAQ,IAAI,MAAM;AACrC,YAAO,aAAa,SAAS,IAAI;AACjC,YAAO;YACD;AACN,YAAO;;;;EAId;;;AAIH,IAAM,8BAAN,cAA0C,MAAM;CAC9C,YAAY,MAAc;AACxB,QAAM,2BAA2B,KAAK,cAAc;;;;;;;;;AAUxD,eAAe,mBACb,QACA,QACyC;CACzC,MAAM,aAAc,OAAe,cAAc,EAAE;CACnD,MAAM,WAAY,OAAe,YAAY,EAAE;CAG/C,MAAM,iBAAsC,EAAE;AAC9C,MAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,WAAW,CAClD,gBAAe,OAAO;EACpB,MAAM;EACN,GAAI,KAAK,cAAc,EAAE,aAAa,KAAK,aAAa,GAAG,EAAE;EAC7D,GAAI,KAAK,QAAQ,EAAE,OAAO,KAAK,OAAO,GAAG,EAAE;EAC3C,GAAI,KAAK,WAAW,OAAO,EAAE,SAAS,KAAK,SAAS,GAAG,EAAE;EAC1D;AAGH,KAAI;EACF,MAAM,SAAS,MAAM,OAAO,YAAY;GACtC,MAAM;GACN,SAAS;GACT,iBAAiB;IACf,MAAM;IACN,YAAY;IACZ;IACD;GACF,CAAC;AAEF,MAAI,OAAO,WAAW,YAAY,OAAO,QACvC,QAAO,OAAO;AAIhB,SAAO;SACD;AAEN,QAAM,IAAI,4BAA4B,OAAO;;;;;;;;;;;AAYjD,eAAe,kBACb,QACA,QACyC;CACzC,MAAM,aAAa,MAAM,kBAAkB;AAE3C,KAAI;EACF,MAAM,gBAAgB,YAAY,GAAG,CAAC,SAAS,MAAM;EACrD,MAAM,UAAU,GAAG,WAAW,QAAQ,cAAc,WAAW;EAG/D,IAAI;AACJ,MAAI;AACF,kBAAe,MAAM,OAAO,YAAY;IACtC,MAAM;IACN,SAAS;IACT,KAAK;IACL;IACD,CAAC;UACI;AAEN,SAAM,IAAI,4BAA4B,MAAM;;AAG9C,MAAI,aAAa,WAAW,SAE1B,QAAO;EAIT,MAAM,SAAS,MAAM,WAAW,YAAY,QAA+B;GACzE,OAAO;GACP,SAAS;GACV,CAAC;AAGF,MAAI;AAEF,SADuB,OAAO,oCAAoC,cAAc,EAC1D;UAChB;AAIR,SAAO;WACC;AACR,aAAW,OAAO;;;;;;;AAQtB,eAAe,kBACb,QACA,WACyC;CACzC,MAAM,aAAc,OAAe,cAAc,EAAE;AACnD,KAAI,OAAO,KAAK,WAAW,CAAC,WAAW,EAAG,QAAO,EAAE;CAEnD,MAAM,aAAa,MAAM,kBAAkB;CAC3C,MAAM,UAAU,GAAG,WAAW,QAAQ,cAAc,WAAW;AAE/D,SAAQ,MAAM,kDAAkD,UAAU;AAE1E,KAAI;AACF,SAAO,aAAa,SAAS,QAAQ;SAC/B;AAIR,KAAI;AAIF,SAHe,MAAM,WAAW,YAAY,QAA+B,EACzE,OAAO,6BACR,CAAC;WAEM;AACR,aAAW,OAAO;;;;;;AAOtB,SAAS,QAAQ,KAA4B;CAC3C,MAAM,MACJ,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,QAAQ;CAElF,MAAM,OAAO,QAAQ,aAAa,UAAU;EAAC;EAAM;EAAS;EAAI;EAAI,GAAG,CAAC,IAAI;AAE5E,QAAO,IAAI,SAAS,SAAS,WAAW;AACtC,WAAS,KAAK,OAAO,QAAQ;AAC3B,OAAI,IAAK,QAAO,IAAI;OACf,UAAS;IACd;GACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aigne/afs-cli",
-  "version": "1.11.0-beta.10",
+  "version": "1.11.0-beta.11",
   "description": "AFS Command Line Interface",
   "license": "UNLICENSED",
   "publishConfig": {
@@ -53,24 +53,24 @@
     "yargs": "^17.7.2",
     "yargs-parser": "^22.0.0",
     "zod": "^4.0.0",
-    "@aigne/afs-cloudflare": "1.11.0-beta.10",
-    "@aigne/afs-dns": "1.11.0-beta.10",
-    "@aigne/afs-ec2": "1.11.0-beta.10",
-    "@aigne/afs-fs": "1.11.0-beta.10",
-    "@aigne/afs-gce": "1.11.0-beta.10",
-    "@aigne/afs-gcs": "1.11.0-beta.10",
-    "@aigne/afs-git": "1.11.0-beta.10",
-    "@aigne/afs-github": "1.11.0-beta.10",
-    "@aigne/afs-http": "1.11.0-beta.10",
-    "@aigne/afs-json": "1.11.0-beta.10",
-    "@aigne/afs-mcp": "1.11.0-beta.10",
-    "@aigne/afs-sandbox": "1.11.0-beta.10",
-    "@aigne/afs-sqlite": "1.11.0-beta.10",
-    "@aigne/afs-toml": "1.11.0-beta.10",
-    "@aigne/afs-workspace": "1.11.0-beta.10",
-    "@aigne/afs-s3": "1.11.0-beta.10",
-    "@aigne/afs-registry": "1.11.0-beta.10",
-    "@aigne/afs": "1.11.0-beta.10"
+    "@aigne/afs-cloudflare": "1.11.0-beta.11",
+    "@aigne/afs": "1.11.0-beta.11",
+    "@aigne/afs-dns": "1.11.0-beta.11",
+    "@aigne/afs-ec2": "1.11.0-beta.11",
+    "@aigne/afs-gce": "1.11.0-beta.11",
+    "@aigne/afs-fs": "1.11.0-beta.11",
+    "@aigne/afs-gcs": "1.11.0-beta.11",
+    "@aigne/afs-git": "1.11.0-beta.11",
+    "@aigne/afs-github": "1.11.0-beta.11",
+    "@aigne/afs-http": "1.11.0-beta.11",
+    "@aigne/afs-json": "1.11.0-beta.11",
+    "@aigne/afs-mcp": "1.11.0-beta.11",
+    "@aigne/afs-registry": "1.11.0-beta.11",
+    "@aigne/afs-s3": "1.11.0-beta.11",
+    "@aigne/afs-sandbox": "1.11.0-beta.11",
+    "@aigne/afs-toml": "1.11.0-beta.11",
+    "@aigne/afs-sqlite": "1.11.0-beta.11",
+    "@aigne/afs-workspace": "1.11.0-beta.11"
   },
   "devDependencies": {
     "@modelcontextprotocol/server-everything": "^2026.1.26",