@aigne/afs-cli 1.11.0-beta.7 → 1.11.0-beta.9

package/dist/_virtual/rolldown_runtime.mjs

@@ -0,0 +1,7 @@
+import { createRequire } from "node:module";
+
+//#region rolldown:runtime
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+//#endregion
+export { __require };

package/dist/config/afs-loader.cjs

@@ -1,16 +1,32 @@
 const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
 const require_loader = require('./loader.cjs');
+const require_mount_commands = require('./mount-commands.cjs');
 let _aigne_afs = require("@aigne/afs");
-let _aigne_afs_provider_registry = require("@aigne/afs-provider-registry");
+let _aigne_afs_utils_uri = require("@aigne/afs/utils/uri");
 
 //#region src/config/afs-loader.ts
 /**
-* AFS Loader - Lazy loading with parallel tolerant mount
+* Register the workspace:// scheme on a ProviderRegistry.
 *
-* Provides loadAFS() for on-demand AFS creation with caching.
-* createAFS() uses Promise.allSettled for parallel provider creation + mount,
-* tolerating individual failures while reporting them to stderr.
+* Extracted so that both createAFS() and verifyMount() can support
+* workspace URIs. createAFS() overrides this with a richer variant
+* that includes credential resolution.
 */
+function registerWorkspaceFactory(registry) {
+	registry.register("workspace", async (mount, parsed) => {
+		const mod = await import("@aigne/afs-workspace");
+		const AFSWorkspace = mod.AFSWorkspace ?? mod.default;
+		if (!AFSWorkspace) throw new Error("workspace:// scheme requires @aigne/afs-workspace package. Install it with: pnpm add @aigne/afs-workspace");
+		return new AFSWorkspace({
+			workspacePath: parsed.body,
+			registry,
+			name: mount.path.slice(1).replace(/\//g, "-") || "workspace",
+			description: mount.description,
+			accessMode: mount.access_mode,
+			...mount.options
+		});
+	});
+}
 let cached;
 /**
 * Load AFS with caching - first call creates, subsequent calls return cached instance
@@ -33,40 +49,132 @@ async function loadAFS(cwd, options) {
 * - If no mounts configured, returns empty AFS (no error)
 */
 async function createAFS(cwd, options) {
-	const config = await new require_loader.ConfigLoader().load(cwd);
+	const { config, mountSources } = await new require_loader.ConfigLoader().loadWithSources(cwd);
 	const afs = new _aigne_afs.AFS();
-	if (config.mounts.length === 0) return {
-		afs,
-		failures: []
-	};
-	const registry = (0, _aigne_afs_provider_registry.createProviderRegistry)();
+	const authContext = options?.authContext;
+	const credentialStore = options?.credentialStore;
+	const registry = new _aigne_afs.ProviderRegistry();
 	registry.register("workspace", async (mount, parsed) => {
 		const mod = await import("@aigne/afs-workspace");
 		const AFSWorkspace = mod.AFSWorkspace ?? mod.default;
 		if (!AFSWorkspace) throw new Error("workspace:// scheme requires @aigne/afs-workspace package. Install it with: pnpm add @aigne/afs-workspace");
+		const { resolve } = await import("node:path");
+		resolve(parsed.body);
 		return new AFSWorkspace({
-			workspacePath: parsed.path,
+			workspacePath: parsed.body,
 			registry,
+			createProvider: async (subMount) => {
+				const credResult = await resolveAndMergeCredentials(subMount, authContext, credentialStore, registry);
+				const provider = await registry.createProvider(subMount);
+				if (credResult) {
+					await persistCredentialResult(subMount, credResult);
+					const opts = subMount.options ?? {};
+					for (const key of Object.keys(credResult.sensitive)) delete opts[key];
+					subMount.options = Object.keys(opts).length > 0 ? opts : void 0;
+					if (Object.keys(credResult.nonSensitive).length > 0) subMount.options = {
+						...subMount.options ?? {},
+						...credResult.nonSensitive
+					};
+				}
+				return provider;
+			},
 			name: mount.path.slice(1).replace(/\//g, "-") || "workspace",
 			description: mount.description,
 			accessMode: mount.access_mode,
 			...mount.options
 		});
 	});
-	afs.loadProvider = async (uri, mountPath) => {
-		const { parseURI } = await import("@aigne/afs-provider-registry");
-		parseURI(uri);
-		const provider = await registry.createProvider({
+	afs.loadProvider = async (uri, mountPath, options$1) => {
+		(0, _aigne_afs_utils_uri.parseURI)(uri);
+		const { cleanUri: loadConfigUri, envRecord: loadEnvRecord } = extractEnvFromURI(uri);
+		const hasLoadEnv = Object.keys(loadEnvRecord).length > 0;
+		const { accessMode, auth, description, scope, ...providerOptions } = options$1 ?? {};
+		if (hasLoadEnv) providerOptions.env = {
+			...providerOptions.env ?? {},
+			...loadEnvRecord
+		};
+		const mount = {
 			uri,
-			path: mountPath
-		});
-		await afs.mount(provider, mountPath);
+			path: mountPath,
+			access_mode: accessMode ?? void 0,
+			auth: auth ?? void 0,
+			description: description ?? void 0,
+			options: Object.keys(providerOptions).length > 0 ? providerOptions : void 0
+		};
+		const persistScope = scope || "cwd";
+		let credResult = await resolveAndMergeCredentials(mount, authContext, credentialStore, registry);
+		try {
+			const provider = await registry.createProvider(mount);
+			await afs.mount(provider, mountPath);
+		} catch (mountError) {
+			if (credResult === null && authContext) {
+				const retryProviderOptions = { ...providerOptions };
+				const retryMount = {
+					uri,
+					path: mountPath,
+					access_mode: accessMode ?? void 0,
+					auth: auth ?? void 0,
+					description: description ?? void 0,
+					options: Object.keys(retryProviderOptions).length > 0 ? retryProviderOptions : void 0
+				};
+				credResult = await resolveAndMergeCredentials(retryMount, authContext, credentialStore, registry, { forceCollect: true });
+				const retryProvider = await registry.createProvider(retryMount);
+				await afs.mount(retryProvider, mountPath);
+				Object.assign(mount, retryMount);
+			} else throw mountError;
+		}
+		if (credResult) await persistCredentialResult(mount, credResult);
+		if (hasLoadEnv && credentialStore) try {
+			const envCreds = {};
+			for (const [k, v] of Object.entries(loadEnvRecord)) envCreds[`env:${k}`] = v;
+			const existing = credResult ? { ...credResult.sensitive } : {};
+			await credentialStore.set(loadConfigUri, {
+				...existing,
+				...envCreds
+			});
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.warn(`[mount] env credential persistence failed: ${msg}`);
+		}
+		try {
+			const entry = {
+				path: mountPath,
+				uri: hasLoadEnv ? loadConfigUri : mount.uri
+			};
+			if (description) entry.description = description;
+			if (accessMode) entry.access_mode = accessMode;
+			if (auth) entry.auth = auth;
+			const mergedOptions = {
+				...providerOptions,
+				...credResult?.nonSensitive
+			};
+			if (hasLoadEnv) delete mergedOptions.env;
+			if (Object.keys(mergedOptions).length > 0) entry.options = mergedOptions;
+			await require_mount_commands.persistMount(cwd, entry, persistScope);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.warn(`[mount] config persistence failed: ${msg}`);
+		}
+	};
+	afs.unloadProvider = async (mountPath, options$1) => {
+		try {
+			await require_mount_commands.unpersistMount(cwd, mountPath, options$1?.scope || void 0);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.warn(`[unmount] config removal failed: ${msg}`);
+		}
 	};
 	if (config.registry?.enabled !== false) try {
 		const { AFSRegistry } = await import("@aigne/afs-registry");
-		const registryProvider = new AFSRegistry({ providers: config.registry?.providers ?? [] });
-		await afs.mount(registryProvider, "/registry/official");
+		const officialRegistry = new AFSRegistry(config.registry?.providers?.length ? { providers: config.registry.providers } : { url: "https://raw.githubusercontent.com/ArcBlock/afs-registry/refs/heads/main/providers.json" });
+		await afs.mount(officialRegistry, "/registry/official");
+		const internalRegistry = new AFSRegistry();
+		await afs.mount(internalRegistry, "/registry/internal");
 	} catch {}
+	if (config.mounts.length === 0) return {
+		afs,
+		failures: []
+	};
 	const total = config.mounts.length;
 	let completed = 0;
 	let failedCount = 0;
@@ -75,6 +183,7 @@ async function createAFS(cwd, options) {
 		completed: 0,
 		failed: 0
 	});
+	if (credentialStore && mountSources.size > 0) await mergeStoredCredentials(config.mounts, mountSources, credentialStore);
 	const results = await Promise.allSettled(config.mounts.map(async (mount) => {
 		const provider = await registry.createProvider(mount);
 		await afs.mount(provider, mount.path, { namespace: mount.namespace ?? null });
@@ -117,7 +226,342 @@ async function createAFS(cwd, options) {
 		failures
 	};
 }
+/**
+* Extract env query params from MCP URIs for secure credential storage.
+*
+* MCP servers receive secrets via env vars (e.g., `mcp+stdio://npx?env=API_KEY=sk-xxx`).
+* This function extracts env params from the URI so they can be stored in credentials.toml
+* instead of being persisted in plaintext in config.toml.
+*
+* Only applies to MCP schemes (mcp://, mcp+stdio://, mcp+sse://).
+* Non-MCP URIs are returned unchanged.
+*/
+function extractEnvFromURI(uri) {
+	const parsed = (0, _aigne_afs_utils_uri.parseURI)(uri);
+	const envRecord = {};
+	if (!parsed.scheme.startsWith("mcp")) return {
+		cleanUri: uri,
+		envRecord
+	};
+	const envValues = parsed.query.env;
+	if (!envValues) return {
+		cleanUri: uri,
+		envRecord
+	};
+	const envList = Array.isArray(envValues) ? envValues : [envValues];
+	for (const entry of envList) {
+		const eqIdx = entry.indexOf("=");
+		if (eqIdx > 0) envRecord[entry.slice(0, eqIdx)] = entry.slice(eqIdx + 1);
+	}
+	const queryIndex = uri.indexOf("?");
+	if (queryIndex < 0) return {
+		cleanUri: uri,
+		envRecord
+	};
+	const rawQuery = uri.slice(queryIndex + 1);
+	const params = new URLSearchParams(rawQuery);
+	params.delete("env");
+	const newQuery = params.toString();
+	const base = uri.slice(0, queryIndex);
+	return {
+		cleanUri: newQuery ? `${base}?${newQuery}` : base,
+		envRecord
+	};
+}
+/**
+* Extract template variables from mount.uri using the manifest's uriTemplate
+* and merge them into mount.options so the credential resolver sees them as "known".
+*
+* Example: cloudflare://d9e5fca3... + template "cloudflare://{accountId}"
+*        → mount.options.accountId = "d9e5fca3..."
+*/
+function mergeTemplateVarsIntoMount(mount, manifest) {
+	if (!manifest?.uriTemplate) return;
+	const { parseTemplate } = require("@aigne/afs/utils/uri-template");
+	const parsed = (0, _aigne_afs_utils_uri.parseURI)(mount.uri);
+	let templateVars;
+	try {
+		templateVars = parseTemplate(manifest.uriTemplate, parsed.body);
+	} catch {
+		return;
+	}
+	for (const [key, value] of Object.entries(templateVars)) if (value !== void 0) {
+		if (!mount.options) mount.options = {};
+		if (mount.options[key] === void 0) mount.options[key] = value;
+	}
+}
+/**
+* After credential resolution, rebuild mount.uri from the template if the
+* current URI body is empty/incomplete and resolved options can fill template vars.
+*
+* Example: mount.uri = "cloudflare://" (empty body), mount.options.accountId = "abc"
+*        → mount.uri = "cloudflare://abc"
+*/
+function rebuildURIFromTemplate(mount, manifest) {
+	if (!manifest?.uriTemplate) return;
+	const { buildURI, getTemplateVariableNames } = require("@aigne/afs/utils/uri-template");
+	const varNames = getTemplateVariableNames(manifest.uriTemplate);
+	if (varNames.length === 0) return;
+	const parsed = (0, _aigne_afs_utils_uri.parseURI)(mount.uri);
+	const { parseTemplate } = require("@aigne/afs/utils/uri-template");
+	let existingVars;
+	try {
+		existingVars = parseTemplate(manifest.uriTemplate, parsed.body);
+	} catch {
+		existingVars = {};
+	}
+	const allVars = { ...existingVars };
+	for (const name of varNames) if (!allVars[name] && mount.options?.[name] != null) allVars[name] = String(mount.options[name]);
+	try {
+		const newURI = buildURI(manifest.uriTemplate, allVars);
+		if (newURI !== mount.uri) mount.uri = newURI;
+	} catch {}
+}
+/**
+* Attempt credential resolution for a mount, merging resolved values into mount.options.
+*
+* Returns the credential result if any fields were collected interactively,
+* or null if no interactive collection was needed (or no schema/authContext).
+*
+* This function mutates mount.options and mount.auth/mount.token when credentials
+* are resolved, so the subsequent registry.createProvider(mount) receives complete values.
+*/
+async function resolveAndMergeCredentials(mount, authContext, credentialStore, registry, opts) {
+	const info = await registry.getProviderInfo(mount.uri);
+	const schema = info?.schema ?? null;
+	const providerAuth = info?.auth;
+	if (!schema) return null;
+	mergeTemplateVarsIntoMount(mount, info?.manifest);
+	const { getSensitiveFields } = await import("@aigne/afs/utils/schema");
+	const sensitiveFieldsInSchema = getSensitiveFields(schema);
+	const schemaProps = schema.properties ?? {};
+	const hasEnvFields = Object.values(schemaProps).some((p) => Array.isArray(p?.env));
+	if (sensitiveFieldsInSchema.length === 0 && !hasEnvFields && !providerAuth) return null;
+	const { resolveCredentials } = await Promise.resolve().then(() => require("../credential/resolver.cjs"));
+	const result = await resolveCredentials({
+		mount,
+		schema,
+		authContext,
+		credentialStore,
+		providerAuth,
+		forceCollect: opts?.forceCollect
+	});
+	if (!result) {
+		const fieldNames = Object.keys(schema.properties ?? {});
+		const known = /* @__PURE__ */ new Set();
+		if (mount.auth !== void 0) known.add("auth");
+		if (mount.token !== void 0) known.add("token");
+		if (mount.options) for (const k of Object.keys(mount.options)) known.add(k);
+		const missing = fieldNames.filter((f) => !known.has(f));
+		const fieldList = missing.length > 0 ? missing.join(", ") : fieldNames.join(", ");
+		throw new Error(`Missing credentials: ${fieldList}. Retry with them as args, e.g. { "uri": "${mount.uri}", "path": "${mount.path}", ${missing.map((f) => `"${f}": "..."`).join(", ")} }`);
+	}
+	if (Object.keys(result.values).length > 0) {
+		if (result.values.token !== void 0 && mount.token === void 0) mount.token = String(result.values.token);
+		if (result.values.auth !== void 0 && mount.auth === void 0) mount.auth = String(result.values.auth);
+		const opts$1 = mount.options ?? {};
+		for (const [key, value] of Object.entries(result.values)) if (key !== "token" && key !== "auth" && opts$1[key] === void 0) opts$1[key] = value;
+		if (Object.keys(opts$1).length > 0) mount.options = opts$1;
+	}
+	rebuildURIFromTemplate(mount, info?.manifest);
+	return result.collected ? result : null;
+}
+/**
+* Persist credential resolution result (sensitive → credentials.toml, non-sensitive → config).
+*/
+async function persistCredentialResult(mount, result) {
+	if (Object.keys(result.sensitive).length > 0) try {
+		const { createCredentialStore } = await Promise.resolve().then(() => require("../credential/store.cjs"));
+		await createCredentialStore().set(mount.uri, result.sensitive);
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		console.warn(`[mount] credential persistence failed: ${msg}`);
+	}
+}
+/**
+* Load stored credentials and merge into mount options during startup.
+*
+* Credentials are keyed by URI (the resource identity), not mount path.
+*/
+async function mergeStoredCredentials(mounts, _mountSources, store) {
+	for (const mount of mounts) try {
+		const stored = await store.get(mount.uri);
+		if (stored) {
+			const opts = mount.options ?? {};
+			for (const [key, value] of Object.entries(stored)) if (key.startsWith("env:")) {
+				if (!opts.env) opts.env = {};
+				opts.env[key.slice(4)] = value;
+			} else if (opts[key] === void 0) opts[key] = value;
+			if (Object.keys(opts).length > 0) mount.options = opts;
+		}
+	} catch {}
+}
+/**
+* Resolve and persist credentials for a mount configuration.
+*
+* Used by `mount add` CLI command to trigger credential collection
+* at add-time rather than deferring to AFS creation.
+*
+* - Gets provider schema via registry
+* - Runs 4-step credential resolution
+* - Persists sensitive values to credentials.toml
+* - Returns non-sensitive values for caller to update config
+*
+* Returns null if no schema found or no credentials needed.
+* Throws if user cancels collection when credentials are required.
+*/
+async function resolveCredentialsForMount(options) {
+	const { uri, mountPath, authContext, credentialStore, extraOptions, sensitiveArgs } = options;
+	const { cleanUri: configUri, envRecord } = extractEnvFromURI(uri);
+	const hasExtractedEnv = Object.keys(envRecord).length > 0;
+	const info = await (options.registry ?? new _aigne_afs.ProviderRegistry()).getProviderInfo(uri);
+	let schema = info?.schema ?? null;
+	const providerAuth = info?.auth;
+	if (!schema && extraOptions && Object.keys(extraOptions).length > 0) {
+		const { buildAdHocSchema } = await import("@aigne/afs/utils/schema");
+		schema = buildAdHocSchema(extraOptions, sensitiveArgs ?? []);
+	}
+	const envOnlyResult = () => {
+		if (!hasExtractedEnv) return null;
+		return {
+			collected: false,
+			nonSensitive: {},
+			allValues: {},
+			persistCredentials: async () => {
+				const toStore = {};
+				for (const [key, val] of Object.entries(envRecord)) toStore[`env:${key}`] = val;
+				if (credentialStore) try {
+					await credentialStore.set(configUri, toStore);
+				} catch (err) {
+					const msg = err instanceof Error ? err.message : String(err);
+					console.warn(`[mount add] credential persistence failed: ${msg}`);
+				}
+			},
+			sensitiveFields: [],
+			configUri
+		};
+	};
+	if (!schema) return envOnlyResult();
+	const properties = schema.properties;
+	if (!properties || Object.keys(properties).length === 0) return envOnlyResult();
+	if (sensitiveArgs && sensitiveArgs.length > 0) {
+		const mergedProps = { ...properties };
+		let changed = false;
+		for (const field of sensitiveArgs) if (mergedProps[field]) {
+			mergedProps[field] = {
+				...mergedProps[field],
+				sensitive: true
+			};
+			changed = true;
+		} else if (extraOptions?.[field] !== void 0) {
+			const value = extraOptions[field];
+			mergedProps[field] = {
+				type: typeof value === "number" ? "number" : typeof value === "boolean" ? "boolean" : "string",
+				sensitive: true
+			};
+			changed = true;
+		}
+		if (changed) schema = {
+			...schema,
+			properties: mergedProps
+		};
+	}
+	const { getSensitiveFields } = await import("@aigne/afs/utils/schema");
+	const sensitiveFieldsInSchema = getSensitiveFields(schema);
+	const schemaProps = schema.properties;
+	const hasEnvFields = Object.values(schemaProps).some((p) => Array.isArray(p?.env));
+	if (sensitiveFieldsInSchema.length === 0 && !hasEnvFields && !extraOptions) return envOnlyResult();
+	const mount = {
+		uri,
+		path: mountPath
+	};
+	if (extraOptions && Object.keys(extraOptions).length > 0) mount.options = {
+		...mount.options ?? {},
+		...extraOptions
+	};
+	mergeTemplateVarsIntoMount(mount, info?.manifest);
+	const { resolveCredentials } = await Promise.resolve().then(() => require("../credential/resolver.cjs"));
+	const result = await resolveCredentials({
+		mount,
+		schema,
+		authContext,
+		credentialStore,
+		providerAuth,
+		forceCollect: options.forceCollect
+	});
+	if (!result) {
+		const fieldNames = Object.keys(properties);
+		throw new Error(`Missing credentials: ${fieldNames.join(", ")}. Retry with them as args, e.g. { "uri": "${uri}", "path": "${mountPath}", ${fieldNames.map((f) => `"${f}": "..."`).join(", ")} }`);
+	}
+	const sensitiveFieldSet = new Set(sensitiveFieldsInSchema);
+	const flatSensitive = {};
+	for (const field of sensitiveFieldsInSchema) {
+		const val = result.values[field];
+		if (val === void 0) continue;
+		if (field === "env" && typeof val === "object" && val !== null) for (const [envKey, envVal] of Object.entries(val)) flatSensitive[`env:${envKey}`] = String(envVal);
+		else flatSensitive[field] = String(val);
+	}
+	const nonSensitive = result.collected ? result.nonSensitive : extraOptions ? Object.fromEntries(Object.entries(extraOptions).filter(([k]) => !sensitiveFieldSet.has(k))) : {};
+	const persistCredentials = async () => {
+		const toStore = { ...flatSensitive };
+		for (const [key, val] of Object.entries(envRecord)) toStore[`env:${key}`] = val;
+		if (Object.keys(toStore).length > 0 && credentialStore) try {
+			await credentialStore.set(configUri, toStore);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.warn(`[mount add] credential persistence failed: ${msg}`);
+		}
+	};
+	return {
+		collected: result.collected,
+		nonSensitive,
+		allValues: result.values,
+		persistCredentials,
+		sensitiveFields: sensitiveFieldsInSchema,
+		configUri: hasExtractedEnv ? configUri : void 0
+	};
+}
+/**
+* Verify that a mount configuration produces a working provider.
+*
+* Creates the provider and mounts it on a temporary AFS instance,
+* which triggers the built-in checkProviderOnMount (stat + data validation + list).
+* Throws if the mount check fails.
+*
+* @param uri - Provider URI
+* @param mountPath - Mount path
+* @param options - Merged options (non-sensitive + sensitive) for provider creation
+*/
+async function verifyMount(uri, mountPath, options) {
+	const mount = {
+		uri,
+		path: mountPath,
+		options: options && Object.keys(options).length > 0 ? options : void 0
+	};
+	const registry = new _aigne_afs.ProviderRegistry();
+	registerWorkspaceFactory(registry);
+	let provider;
+	try {
+		provider = await registry.createProvider(mount);
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		throw new Error(`Mount verification failed (provider creation): ${msg}`);
+	}
+	try {
+		const { AFS } = await import("@aigne/afs");
+		await new AFS().mount(provider, mountPath);
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		throw new Error(`Mount verification failed: could not reach provider at ${uri}. Error: ${msg}. Check your URI and credentials.`);
+	} finally {
+		if (typeof provider.close === "function") try {
+			await provider.close();
+		} catch {}
+	}
+}
 
 //#endregion
 exports.createAFS = createAFS;
-exports.loadAFS = loadAFS;
+exports.loadAFS = loadAFS;
+exports.resolveCredentialsForMount = resolveCredentialsForMount;
+exports.verifyMount = verifyMount;

package/dist/config/afs-loader.d.cts

@@ -1,4 +1,5 @@
-import { AFS } from "@aigne/afs";
+import { CredentialStore } from "../credential/store.cjs";
+import { AFS, AuthContext } from "@aigne/afs";
 
 //#region src/config/afs-loader.d.ts
 interface MountProgressEvent {
@@ -8,6 +9,10 @@ interface MountProgressEvent {
 }
 interface CreateAFSOptions {
   onProgress?: (event: MountProgressEvent) => void;
+  /** Auth context for interactive credential collection (CLI or MCP) */
+  authContext?: AuthContext;
+  /** Credential store for reading/writing credentials */
+  credentialStore?: CredentialStore;
 }
 //#endregion
 export { CreateAFSOptions };

package/dist/config/afs-loader.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"afs-loader.d.cts","names":[],"sources":["../../src/config/afs-loader.ts"],"mappings":";;;UAciB,kBAAA;EACf,KAAA;EACA,SAAA;EACA,MAAA;AAAA;AAAA,UAae,gBAAA;EACf,UAAA,IAAc,KAAA,EAAO,kBAAA;AAAA"}
+{"version":3,"file":"afs-loader.d.cts","names":[],"sources":["../../src/config/afs-loader.ts"],"mappings":";;;;UAyDiB,kBAAA;EACf,KAAA;EACA,SAAA;EACA,MAAA;AAAA;AAAA,UAae,gBAAA;EACf,UAAA,IAAc,KAAA,EAAO,kBAAA;;EAErB,WAAA,GAAc,WAAA;;EAEd,eAAA,GAAkB,eAAA;AAAA"}

package/dist/config/afs-loader.d.mts

@@ -1,4 +1,5 @@
-import { AFS } from "@aigne/afs";
+import { CredentialStore } from "../credential/store.mjs";
+import { AFS, AuthContext, ProviderRegistry } from "@aigne/afs";
 
 //#region src/config/afs-loader.d.ts
 interface MountProgressEvent {
@@ -8,6 +9,10 @@ interface MountProgressEvent {
 }
 interface CreateAFSOptions {
   onProgress?: (event: MountProgressEvent) => void;
+  /** Auth context for interactive credential collection (CLI or MCP) */
+  authContext?: AuthContext;
+  /** Credential store for reading/writing credentials */
+  credentialStore?: CredentialStore;
 }
 //#endregion
 export { CreateAFSOptions };

package/dist/config/afs-loader.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"afs-loader.d.mts","names":[],"sources":["../../src/config/afs-loader.ts"],"mappings":";;;UAciB,kBAAA;EACf,KAAA;EACA,SAAA;EACA,MAAA;AAAA;AAAA,UAae,gBAAA;EACf,UAAA,IAAc,KAAA,EAAO,kBAAA;AAAA"}
+{"version":3,"file":"afs-loader.d.mts","names":[],"sources":["../../src/config/afs-loader.ts"],"mappings":";;;;UAyDiB,kBAAA;EACf,KAAA;EACA,SAAA;EACA,MAAA;AAAA;AAAA,UAae,gBAAA;EACf,UAAA,IAAc,KAAA,EAAO,kBAAA;;EAErB,WAAA,GAAc,WAAA;;EAEd,eAAA,GAAkB,eAAA;AAAA"}