@aigne/afs-tesla 1.11.0-beta.12

package/LICENSE.md

@@ -0,0 +1,26 @@
+# Proprietary License
+
+Copyright (c) 2024-2025 ArcBlock, Inc. All Rights Reserved.
+
+This software and associated documentation files (the "Software") are proprietary
+and confidential. Unauthorized copying, modification, distribution, or use of
+this Software, via any medium, is strictly prohibited.
+
+The Software is provided for internal use only within ArcBlock, Inc. and its
+authorized affiliates.
+
+## No License Granted
+
+No license, express or implied, is granted to any party for any purpose.
+All rights are reserved by ArcBlock, Inc.
+
+## Public Artifact Distribution
+
+Portions of this Software may be released publicly under separate open-source
+licenses (such as MIT License) through designated public repositories. Such
+public releases are governed by their respective licenses and do not affect
+the proprietary nature of this repository.
+
+## Contact
+
+For licensing inquiries, contact: legal@arcblock.io

package/dist/_virtual/_@oxc-project_runtime@0.108.0/helpers/decorate.cjs

@@ -0,0 +1,11 @@
+
+//#region \0@oxc-project+runtime@0.108.0/helpers/decorate.js
+function __decorate(decorators, target, key, desc) {
+	var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+	if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+	else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+	return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+
+//#endregion
+exports.__decorate = __decorate;

package/dist/_virtual/_@oxc-project_runtime@0.108.0/helpers/decorate.mjs

@@ -0,0 +1,10 @@
+//#region \0@oxc-project+runtime@0.108.0/helpers/decorate.js
+function __decorate(decorators, target, key, desc) {
+	var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+	if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+	else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+	return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+
+//#endregion
+export { __decorate };

package/dist/auth.cjs

@@ -0,0 +1,146 @@
+let _aigne_afs = require("@aigne/afs");
+
+//#region src/auth.ts
+/**
+* Tesla OAuth2 Authorization Code Flow
+*
+* Implements Tesla Fleet API authentication using standard OAuth2
+* Authorization Code flow (NOT PKCE).
+*
+* Auth domain: https://fleet-auth.prd.vn.cloud.tesla.com
+* Scopes: openid offline_access vehicle_device_data vehicle_cmds
+*         vehicle_charging_cmds energy_device_data energy_cmds vehicle_location
+*/
+const TESLA_AUTH_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize";
+const TESLA_TOKEN_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token";
+const TESLA_SCOPES = [
+	"openid",
+	"offline_access",
+	"vehicle_device_data",
+	"vehicle_cmds",
+	"vehicle_charging_cmds",
+	"energy_device_data",
+	"energy_cmds",
+	"vehicle_location"
+];
+const REGION_BASE_URLS = {
+	na: "https://fleet-api.prd.na.vn.cloud.tesla.com",
+	eu: "https://fleet-api.prd.eu.vn.cloud.tesla.com",
+	cn: "https://fleet-api.prd.cn.vn.cloud.tesla.com"
+};
+const DEFAULT_REDIRECT_URI = "https://localhost:8443/callback";
+/**
+* Generate the OAuth2 authorization URL for user consent.
+*
+* The user should be redirected to this URL to grant access.
+* After granting, Tesla redirects to the redirectUri with an authorization code.
+*/
+function getAuthorizationUrl(options) {
+	const { clientId, redirectUri = DEFAULT_REDIRECT_URI, scopes = [...TESLA_SCOPES] } = options;
+	const state = options.state ?? generateState();
+	return {
+		url: `${TESLA_AUTH_URL}?${new URLSearchParams({
+			response_type: "code",
+			client_id: clientId,
+			redirect_uri: redirectUri,
+			scope: scopes.join(" "),
+			state
+		}).toString()}`,
+		state
+	};
+}
+/**
+* Exchange an authorization code for access and refresh tokens.
+*
+* This should be called after the user has been redirected back
+* from Tesla's authorization page with an authorization code.
+*/
+async function exchangeCode(options) {
+	const { code, clientId, clientSecret, redirectUri = DEFAULT_REDIRECT_URI, _testAuthBaseUrl } = options;
+	const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;
+	const body = new URLSearchParams({
+		grant_type: "authorization_code",
+		code,
+		client_id: clientId,
+		client_secret: clientSecret,
+		redirect_uri: redirectUri
+	});
+	let response;
+	try {
+		response = await fetch(tokenUrl, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: body.toString()
+		});
+	} catch {
+		throw new _aigne_afs.AFSError("Failed to connect to Tesla auth server", "AFS_TIMEOUT");
+	}
+	if (!response.ok) throw new _aigne_afs.AFSError(`Tesla auth error: ${(await response.json().catch(() => ({}))).error_description || "Token exchange failed"}`, "AFS_AUTH_ERROR");
+	const data = await response.json();
+	return {
+		accessToken: data.access_token,
+		refreshToken: data.refresh_token,
+		expiresIn: data.expires_in,
+		tokenType: data.token_type || "Bearer"
+	};
+}
+/**
+* Refresh an expired access token using a refresh token.
+*/
+async function refreshToken(options) {
+	const { refreshToken: refreshTokenValue, clientId, clientSecret, _testAuthBaseUrl } = options;
+	const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: refreshTokenValue,
+		client_id: clientId,
+		client_secret: clientSecret
+	});
+	let response;
+	try {
+		response = await fetch(tokenUrl, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: body.toString()
+		});
+	} catch {
+		throw new _aigne_afs.AFSError("Failed to connect to Tesla auth server", "AFS_TIMEOUT");
+	}
+	if (!response.ok) throw new _aigne_afs.AFSError(`Tesla auth error: ${(await response.json().catch(() => ({}))).error_description || "Token refresh failed"}`, "AFS_AUTH_ERROR");
+	const data = await response.json();
+	return {
+		accessToken: data.access_token,
+		refreshToken: data.refresh_token,
+		expiresIn: data.expires_in,
+		tokenType: data.token_type || "Bearer"
+	};
+}
+/**
+* Get the Fleet API base URL for a given region.
+*/
+function getBaseUrl(region) {
+	return REGION_BASE_URLS[region] || REGION_BASE_URLS.na;
+}
+/**
+* Tesla OAuth2 utilities — authorization URL, token exchange, token refresh, region URLs.
+*/
+const TeslaAuth = {
+	getAuthorizationUrl,
+	exchangeCode,
+	refreshToken,
+	getBaseUrl
+};
+/**
+* Generate a random state parameter for CSRF protection.
+*/
+function generateState() {
+	const array = new Uint8Array(32);
+	crypto.getRandomValues(array);
+	return Array.from(array, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+//#endregion
+exports.TESLA_AUTH_URL = TESLA_AUTH_URL;
+exports.TESLA_SCOPES = TESLA_SCOPES;
+exports.TESLA_TOKEN_URL = TESLA_TOKEN_URL;
+exports.TeslaAuth = TeslaAuth;

package/dist/auth.d.cts

@@ -0,0 +1,79 @@
+//#region src/auth.d.ts
+/**
+ * Tesla OAuth2 Authorization Code Flow
+ *
+ * Implements Tesla Fleet API authentication using standard OAuth2
+ * Authorization Code flow (NOT PKCE).
+ *
+ * Auth domain: https://fleet-auth.prd.vn.cloud.tesla.com
+ * Scopes: openid offline_access vehicle_device_data vehicle_cmds
+ *         vehicle_charging_cmds energy_device_data energy_cmds vehicle_location
+ */
+declare const TESLA_AUTH_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize";
+declare const TESLA_TOKEN_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token";
+declare const TESLA_SCOPES: readonly ["openid", "offline_access", "vehicle_device_data", "vehicle_cmds", "vehicle_charging_cmds", "energy_device_data", "energy_cmds", "vehicle_location"];
+interface AuthorizationUrlOptions {
+  clientId: string;
+  redirectUri?: string;
+  state?: string;
+  scopes?: string[];
+}
+interface AuthorizationUrlResult {
+  url: string;
+  state: string;
+}
+interface ExchangeCodeOptions {
+  code: string;
+  clientId: string;
+  clientSecret: string;
+  redirectUri?: string;
+  /** Test-only: override auth base URL */
+  _testAuthBaseUrl?: string;
+}
+interface RefreshTokenOptions {
+  refreshToken: string;
+  clientId: string;
+  clientSecret: string;
+  /** Test-only: override auth base URL */
+  _testAuthBaseUrl?: string;
+}
+interface TokenResult {
+  accessToken: string;
+  refreshToken?: string;
+  expiresIn: number;
+  tokenType: string;
+}
+/**
+ * Generate the OAuth2 authorization URL for user consent.
+ *
+ * The user should be redirected to this URL to grant access.
+ * After granting, Tesla redirects to the redirectUri with an authorization code.
+ */
+declare function getAuthorizationUrl(options: AuthorizationUrlOptions): AuthorizationUrlResult;
+/**
+ * Exchange an authorization code for access and refresh tokens.
+ *
+ * This should be called after the user has been redirected back
+ * from Tesla's authorization page with an authorization code.
+ */
+declare function exchangeCode(options: ExchangeCodeOptions): Promise<TokenResult>;
+/**
+ * Refresh an expired access token using a refresh token.
+ */
+declare function refreshToken(options: RefreshTokenOptions): Promise<TokenResult>;
+/**
+ * Get the Fleet API base URL for a given region.
+ */
+declare function getBaseUrl(region: string): string;
+/**
+ * Tesla OAuth2 utilities — authorization URL, token exchange, token refresh, region URLs.
+ */
+declare const TeslaAuth: {
+  getAuthorizationUrl: typeof getAuthorizationUrl;
+  exchangeCode: typeof exchangeCode;
+  refreshToken: typeof refreshToken;
+  getBaseUrl: typeof getBaseUrl;
+};
+//#endregion
+export { AuthorizationUrlOptions, AuthorizationUrlResult, ExchangeCodeOptions, RefreshTokenOptions, TESLA_AUTH_URL, TESLA_SCOPES, TESLA_TOKEN_URL, TeslaAuth, TokenResult };
+//# sourceMappingURL=auth.d.cts.map

package/dist/auth.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.cts","names":[],"sources":["../src/auth.ts"],"mappings":";;AAiBA;;;;;AACA;;;;cADa,cAAA;AAAA,cACA,eAAA;AAAA,cAEA,YAAA;AAAA,UAuBI,uBAAA;EACf,QAAA;EACA,WAAA;EACA,KAAA;EACA,MAAA;AAAA;AAAA,UAGe,sBAAA;EACf,GAAA;EACA,KAAA;AAAA;AAAA,UAGe,mBAAA;EACf,IAAA;EACA,QAAA;EACA,YAAA;EACA,WAAA;;EAEA,gBAAA;AAAA;AAAA,UAGe,mBAAA;EACf,YAAA;EACA,QAAA;EACA,YAAA;EAXA;EAaA,gBAAA;AAAA;AAAA,UAGe,WAAA;EACf,WAAA;EACA,YAAA;EACA,SAAA;EACA,SAAA;AAAA;;;;;;;iBAaO,mBAAA,CAAoB,OAAA,EAAS,uBAAA,GAA0B,sBAAA;;AAjBhE;;;;;iBA2Ce,YAAA,CAAa,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,WAAA;;;;iBAiDpD,YAAA,CAAa,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,WAAA;AAvFlE;;;AAAA,iBAiIQ,UAAA,CAAW,MAAA;;;;cAOP,SAAA"}

package/dist/auth.d.mts

@@ -0,0 +1,79 @@
+//#region src/auth.d.ts
+/**
+ * Tesla OAuth2 Authorization Code Flow
+ *
+ * Implements Tesla Fleet API authentication using standard OAuth2
+ * Authorization Code flow (NOT PKCE).
+ *
+ * Auth domain: https://fleet-auth.prd.vn.cloud.tesla.com
+ * Scopes: openid offline_access vehicle_device_data vehicle_cmds
+ *         vehicle_charging_cmds energy_device_data energy_cmds vehicle_location
+ */
+declare const TESLA_AUTH_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize";
+declare const TESLA_TOKEN_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token";
+declare const TESLA_SCOPES: readonly ["openid", "offline_access", "vehicle_device_data", "vehicle_cmds", "vehicle_charging_cmds", "energy_device_data", "energy_cmds", "vehicle_location"];
+interface AuthorizationUrlOptions {
+  clientId: string;
+  redirectUri?: string;
+  state?: string;
+  scopes?: string[];
+}
+interface AuthorizationUrlResult {
+  url: string;
+  state: string;
+}
+interface ExchangeCodeOptions {
+  code: string;
+  clientId: string;
+  clientSecret: string;
+  redirectUri?: string;
+  /** Test-only: override auth base URL */
+  _testAuthBaseUrl?: string;
+}
+interface RefreshTokenOptions {
+  refreshToken: string;
+  clientId: string;
+  clientSecret: string;
+  /** Test-only: override auth base URL */
+  _testAuthBaseUrl?: string;
+}
+interface TokenResult {
+  accessToken: string;
+  refreshToken?: string;
+  expiresIn: number;
+  tokenType: string;
+}
+/**
+ * Generate the OAuth2 authorization URL for user consent.
+ *
+ * The user should be redirected to this URL to grant access.
+ * After granting, Tesla redirects to the redirectUri with an authorization code.
+ */
+declare function getAuthorizationUrl(options: AuthorizationUrlOptions): AuthorizationUrlResult;
+/**
+ * Exchange an authorization code for access and refresh tokens.
+ *
+ * This should be called after the user has been redirected back
+ * from Tesla's authorization page with an authorization code.
+ */
+declare function exchangeCode(options: ExchangeCodeOptions): Promise<TokenResult>;
+/**
+ * Refresh an expired access token using a refresh token.
+ */
+declare function refreshToken(options: RefreshTokenOptions): Promise<TokenResult>;
+/**
+ * Get the Fleet API base URL for a given region.
+ */
+declare function getBaseUrl(region: string): string;
+/**
+ * Tesla OAuth2 utilities — authorization URL, token exchange, token refresh, region URLs.
+ */
+declare const TeslaAuth: {
+  getAuthorizationUrl: typeof getAuthorizationUrl;
+  exchangeCode: typeof exchangeCode;
+  refreshToken: typeof refreshToken;
+  getBaseUrl: typeof getBaseUrl;
+};
+//#endregion
+export { AuthorizationUrlOptions, AuthorizationUrlResult, ExchangeCodeOptions, RefreshTokenOptions, TESLA_AUTH_URL, TESLA_SCOPES, TESLA_TOKEN_URL, TeslaAuth, TokenResult };
+//# sourceMappingURL=auth.d.mts.map

package/dist/auth.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.mts","names":[],"sources":["../src/auth.ts"],"mappings":";;AAiBA;;;;;AACA;;;;cADa,cAAA;AAAA,cACA,eAAA;AAAA,cAEA,YAAA;AAAA,UAuBI,uBAAA;EACf,QAAA;EACA,WAAA;EACA,KAAA;EACA,MAAA;AAAA;AAAA,UAGe,sBAAA;EACf,GAAA;EACA,KAAA;AAAA;AAAA,UAGe,mBAAA;EACf,IAAA;EACA,QAAA;EACA,YAAA;EACA,WAAA;;EAEA,gBAAA;AAAA;AAAA,UAGe,mBAAA;EACf,YAAA;EACA,QAAA;EACA,YAAA;EAXA;EAaA,gBAAA;AAAA;AAAA,UAGe,WAAA;EACf,WAAA;EACA,YAAA;EACA,SAAA;EACA,SAAA;AAAA;;;;;;;iBAaO,mBAAA,CAAoB,OAAA,EAAS,uBAAA,GAA0B,sBAAA;;AAjBhE;;;;;iBA2Ce,YAAA,CAAa,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,WAAA;;;;iBAiDpD,YAAA,CAAa,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,WAAA;AAvFlE;;;AAAA,iBAiIQ,UAAA,CAAW,MAAA;;;;cAOP,SAAA"}

package/dist/auth.mjs

@@ -0,0 +1,144 @@
+import { AFSError } from "@aigne/afs";
+
+//#region src/auth.ts
+/**
+* Tesla OAuth2 Authorization Code Flow
+*
+* Implements Tesla Fleet API authentication using standard OAuth2
+* Authorization Code flow (NOT PKCE).
+*
+* Auth domain: https://fleet-auth.prd.vn.cloud.tesla.com
+* Scopes: openid offline_access vehicle_device_data vehicle_cmds
+*         vehicle_charging_cmds energy_device_data energy_cmds vehicle_location
+*/
+const TESLA_AUTH_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize";
+const TESLA_TOKEN_URL = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token";
+const TESLA_SCOPES = [
+	"openid",
+	"offline_access",
+	"vehicle_device_data",
+	"vehicle_cmds",
+	"vehicle_charging_cmds",
+	"energy_device_data",
+	"energy_cmds",
+	"vehicle_location"
+];
+const REGION_BASE_URLS = {
+	na: "https://fleet-api.prd.na.vn.cloud.tesla.com",
+	eu: "https://fleet-api.prd.eu.vn.cloud.tesla.com",
+	cn: "https://fleet-api.prd.cn.vn.cloud.tesla.com"
+};
+const DEFAULT_REDIRECT_URI = "https://localhost:8443/callback";
+/**
+* Generate the OAuth2 authorization URL for user consent.
+*
+* The user should be redirected to this URL to grant access.
+* After granting, Tesla redirects to the redirectUri with an authorization code.
+*/
+function getAuthorizationUrl(options) {
+	const { clientId, redirectUri = DEFAULT_REDIRECT_URI, scopes = [...TESLA_SCOPES] } = options;
+	const state = options.state ?? generateState();
+	return {
+		url: `${TESLA_AUTH_URL}?${new URLSearchParams({
+			response_type: "code",
+			client_id: clientId,
+			redirect_uri: redirectUri,
+			scope: scopes.join(" "),
+			state
+		}).toString()}`,
+		state
+	};
+}
+/**
+* Exchange an authorization code for access and refresh tokens.
+*
+* This should be called after the user has been redirected back
+* from Tesla's authorization page with an authorization code.
+*/
+async function exchangeCode(options) {
+	const { code, clientId, clientSecret, redirectUri = DEFAULT_REDIRECT_URI, _testAuthBaseUrl } = options;
+	const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;
+	const body = new URLSearchParams({
+		grant_type: "authorization_code",
+		code,
+		client_id: clientId,
+		client_secret: clientSecret,
+		redirect_uri: redirectUri
+	});
+	let response;
+	try {
+		response = await fetch(tokenUrl, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: body.toString()
+		});
+	} catch {
+		throw new AFSError("Failed to connect to Tesla auth server", "AFS_TIMEOUT");
+	}
+	if (!response.ok) throw new AFSError(`Tesla auth error: ${(await response.json().catch(() => ({}))).error_description || "Token exchange failed"}`, "AFS_AUTH_ERROR");
+	const data = await response.json();
+	return {
+		accessToken: data.access_token,
+		refreshToken: data.refresh_token,
+		expiresIn: data.expires_in,
+		tokenType: data.token_type || "Bearer"
+	};
+}
+/**
+* Refresh an expired access token using a refresh token.
+*/
+async function refreshToken(options) {
+	const { refreshToken: refreshTokenValue, clientId, clientSecret, _testAuthBaseUrl } = options;
+	const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: refreshTokenValue,
+		client_id: clientId,
+		client_secret: clientSecret
+	});
+	let response;
+	try {
+		response = await fetch(tokenUrl, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: body.toString()
+		});
+	} catch {
+		throw new AFSError("Failed to connect to Tesla auth server", "AFS_TIMEOUT");
+	}
+	if (!response.ok) throw new AFSError(`Tesla auth error: ${(await response.json().catch(() => ({}))).error_description || "Token refresh failed"}`, "AFS_AUTH_ERROR");
+	const data = await response.json();
+	return {
+		accessToken: data.access_token,
+		refreshToken: data.refresh_token,
+		expiresIn: data.expires_in,
+		tokenType: data.token_type || "Bearer"
+	};
+}
+/**
+* Get the Fleet API base URL for a given region.
+*/
+function getBaseUrl(region) {
+	return REGION_BASE_URLS[region] || REGION_BASE_URLS.na;
+}
+/**
+* Tesla OAuth2 utilities — authorization URL, token exchange, token refresh, region URLs.
+*/
+const TeslaAuth = {
+	getAuthorizationUrl,
+	exchangeCode,
+	refreshToken,
+	getBaseUrl
+};
+/**
+* Generate a random state parameter for CSRF protection.
+*/
+function generateState() {
+	const array = new Uint8Array(32);
+	crypto.getRandomValues(array);
+	return Array.from(array, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+//#endregion
+export { TESLA_AUTH_URL, TESLA_SCOPES, TESLA_TOKEN_URL, TeslaAuth };
+//# sourceMappingURL=auth.mjs.map

package/dist/auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.mjs","names":[],"sources":["../src/auth.ts"],"sourcesContent":["/**\n * Tesla OAuth2 Authorization Code Flow\n *\n * Implements Tesla Fleet API authentication using standard OAuth2\n * Authorization Code flow (NOT PKCE).\n *\n * Auth domain: https://fleet-auth.prd.vn.cloud.tesla.com\n * Scopes: openid offline_access vehicle_device_data vehicle_cmds\n *         vehicle_charging_cmds energy_device_data energy_cmds vehicle_location\n */\n\nimport { AFSError } from \"@aigne/afs\";\n\n// ============================================================================\n// Constants\n// ============================================================================\n\nexport const TESLA_AUTH_URL = \"https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize\";\nexport const TESLA_TOKEN_URL = \"https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token\";\n\nexport const TESLA_SCOPES = [\n  \"openid\",\n  \"offline_access\",\n  \"vehicle_device_data\",\n  \"vehicle_cmds\",\n  \"vehicle_charging_cmds\",\n  \"energy_device_data\",\n  \"energy_cmds\",\n  \"vehicle_location\",\n] as const;\n\nconst REGION_BASE_URLS: Record<string, string> = {\n  na: \"https://fleet-api.prd.na.vn.cloud.tesla.com\",\n  eu: \"https://fleet-api.prd.eu.vn.cloud.tesla.com\",\n  cn: \"https://fleet-api.prd.cn.vn.cloud.tesla.com\",\n};\n\nconst DEFAULT_REDIRECT_URI = \"https://localhost:8443/callback\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport interface AuthorizationUrlOptions {\n  clientId: string;\n  redirectUri?: string;\n  state?: string;\n  scopes?: string[];\n}\n\nexport interface AuthorizationUrlResult {\n  url: string;\n  state: string;\n}\n\nexport interface ExchangeCodeOptions {\n  code: string;\n  clientId: string;\n  clientSecret: string;\n  redirectUri?: string;\n  /** Test-only: override auth base URL */\n  _testAuthBaseUrl?: string;\n}\n\nexport interface RefreshTokenOptions {\n  refreshToken: string;\n  clientId: string;\n  clientSecret: string;\n  /** Test-only: override auth base URL */\n  _testAuthBaseUrl?: string;\n}\n\nexport interface TokenResult {\n  accessToken: string;\n  refreshToken?: string;\n  expiresIn: number;\n  tokenType: string;\n}\n\n// ============================================================================\n// Auth Functions\n// ============================================================================\n\n/**\n * Generate the OAuth2 authorization URL for user consent.\n *\n * The user should be redirected to this URL to grant access.\n * After granting, Tesla redirects to the redirectUri with an authorization code.\n */\nfunction getAuthorizationUrl(options: AuthorizationUrlOptions): AuthorizationUrlResult {\n  const { clientId, redirectUri = DEFAULT_REDIRECT_URI, scopes = [...TESLA_SCOPES] } = options;\n\n  // Auto-generate state for CSRF protection if not provided\n  const state = options.state ?? generateState();\n\n  const params = new URLSearchParams({\n    response_type: \"code\",\n    client_id: clientId,\n    redirect_uri: redirectUri,\n    scope: scopes.join(\" \"),\n    state,\n  });\n\n  return {\n    url: `${TESLA_AUTH_URL}?${params.toString()}`,\n    state,\n  };\n}\n\n/**\n * Exchange an authorization code for access and refresh tokens.\n *\n * This should be called after the user has been redirected back\n * from Tesla's authorization page with an authorization code.\n */\nasync function exchangeCode(options: ExchangeCodeOptions): Promise<TokenResult> {\n  const {\n    code,\n    clientId,\n    clientSecret,\n    redirectUri = DEFAULT_REDIRECT_URI,\n    _testAuthBaseUrl,\n  } = options;\n\n  const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;\n\n  const body = new URLSearchParams({\n    grant_type: \"authorization_code\",\n    code,\n    client_id: clientId,\n    client_secret: clientSecret,\n    redirect_uri: redirectUri,\n  });\n\n  let response: Response;\n  try {\n    response = await fetch(tokenUrl, {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n      body: body.toString(),\n    });\n  } catch {\n    throw new AFSError(\"Failed to connect to Tesla auth server\", \"AFS_TIMEOUT\");\n  }\n\n  if (!response.ok) {\n    const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>;\n    const description = (errorBody.error_description as string) || \"Token exchange failed\";\n    throw new AFSError(`Tesla auth error: ${description}`, \"AFS_AUTH_ERROR\");\n  }\n\n  const data = (await response.json()) as Record<string, unknown>;\n\n  return {\n    accessToken: data.access_token as string,\n    refreshToken: data.refresh_token as string | undefined,\n    expiresIn: data.expires_in as number,\n    tokenType: (data.token_type as string) || \"Bearer\",\n  };\n}\n\n/**\n * Refresh an expired access token using a refresh token.\n */\nasync function refreshToken(options: RefreshTokenOptions): Promise<TokenResult> {\n  const { refreshToken: refreshTokenValue, clientId, clientSecret, _testAuthBaseUrl } = options;\n\n  const tokenUrl = _testAuthBaseUrl ? `${_testAuthBaseUrl}/oauth2/v3/token` : TESLA_TOKEN_URL;\n\n  const body = new URLSearchParams({\n    grant_type: \"refresh_token\",\n    refresh_token: refreshTokenValue,\n    client_id: clientId,\n    client_secret: clientSecret,\n  });\n\n  let response: Response;\n  try {\n    response = await fetch(tokenUrl, {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n      body: body.toString(),\n    });\n  } catch {\n    throw new AFSError(\"Failed to connect to Tesla auth server\", \"AFS_TIMEOUT\");\n  }\n\n  if (!response.ok) {\n    const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>;\n    const description = (errorBody.error_description as string) || \"Token refresh failed\";\n    throw new AFSError(`Tesla auth error: ${description}`, \"AFS_AUTH_ERROR\");\n  }\n\n  const data = (await response.json()) as Record<string, unknown>;\n\n  return {\n    accessToken: data.access_token as string,\n    refreshToken: data.refresh_token as string | undefined,\n    expiresIn: data.expires_in as number,\n    tokenType: (data.token_type as string) || \"Bearer\",\n  };\n}\n\n/**\n * Get the Fleet API base URL for a given region.\n */\nfunction getBaseUrl(region: string): string {\n  return REGION_BASE_URLS[region] || REGION_BASE_URLS.na!;\n}\n\n/**\n * Tesla OAuth2 utilities — authorization URL, token exchange, token refresh, region URLs.\n */\nexport const TeslaAuth = {\n  getAuthorizationUrl,\n  exchangeCode,\n  refreshToken,\n  getBaseUrl,\n};\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\n/**\n * Generate a random state parameter for CSRF protection.\n */\nfunction generateState(): string {\n  const array = new Uint8Array(32);\n  crypto.getRandomValues(array);\n  return Array.from(array, (b) => b.toString(16).padStart(2, \"0\")).join(\"\");\n}\n"],"mappings":";;;;;;;;;;;;;AAiBA,MAAa,iBAAiB;AAC9B,MAAa,kBAAkB;AAE/B,MAAa,eAAe;CAC1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAED,MAAM,mBAA2C;CAC/C,IAAI;CACJ,IAAI;CACJ,IAAI;CACL;AAED,MAAM,uBAAuB;;;;;;;AAoD7B,SAAS,oBAAoB,SAA0D;CACrF,MAAM,EAAE,UAAU,cAAc,sBAAsB,SAAS,CAAC,GAAG,aAAa,KAAK;CAGrF,MAAM,QAAQ,QAAQ,SAAS,eAAe;AAU9C,QAAO;EACL,KAAK,GAAG,eAAe,GATV,IAAI,gBAAgB;GACjC,eAAe;GACf,WAAW;GACX,cAAc;GACd,OAAO,OAAO,KAAK,IAAI;GACvB;GACD,CAAC,CAGiC,UAAU;EAC3C;EACD;;;;;;;;AASH,eAAe,aAAa,SAAoD;CAC9E,MAAM,EACJ,MACA,UACA,cACA,cAAc,sBACd,qBACE;CAEJ,MAAM,WAAW,mBAAmB,GAAG,iBAAiB,oBAAoB;CAE5E,MAAM,OAAO,IAAI,gBAAgB;EAC/B,YAAY;EACZ;EACA,WAAW;EACX,eAAe;EACf,cAAc;EACf,CAAC;CAEF,IAAI;AACJ,KAAI;AACF,aAAW,MAAM,MAAM,UAAU;GAC/B,QAAQ;GACR,SAAS,EAAE,gBAAgB,qCAAqC;GAChE,MAAM,KAAK,UAAU;GACtB,CAAC;SACI;AACN,QAAM,IAAI,SAAS,0CAA0C,cAAc;;AAG7E,KAAI,CAAC,SAAS,GAGZ,OAAM,IAAI,SAAS,sBAFA,MAAM,SAAS,MAAM,CAAC,aAAa,EAAE,EAAE,EAC3B,qBAAgC,2BACR,iBAAiB;CAG1E,MAAM,OAAQ,MAAM,SAAS,MAAM;AAEnC,QAAO;EACL,aAAa,KAAK;EAClB,cAAc,KAAK;EACnB,WAAW,KAAK;EAChB,WAAY,KAAK,cAAyB;EAC3C;;;;;AAMH,eAAe,aAAa,SAAoD;CAC9E,MAAM,EAAE,cAAc,mBAAmB,UAAU,cAAc,qBAAqB;CAEtF,MAAM,WAAW,mBAAmB,GAAG,iBAAiB,oBAAoB;CAE5E,MAAM,OAAO,IAAI,gBAAgB;EAC/B,YAAY;EACZ,eAAe;EACf,WAAW;EACX,eAAe;EAChB,CAAC;CAEF,IAAI;AACJ,KAAI;AACF,aAAW,MAAM,MAAM,UAAU;GAC/B,QAAQ;GACR,SAAS,EAAE,gBAAgB,qCAAqC;GAChE,MAAM,KAAK,UAAU;GACtB,CAAC;SACI;AACN,QAAM,IAAI,SAAS,0CAA0C,cAAc;;AAG7E,KAAI,CAAC,SAAS,GAGZ,OAAM,IAAI,SAAS,sBAFA,MAAM,SAAS,MAAM,CAAC,aAAa,EAAE,EAAE,EAC3B,qBAAgC,0BACR,iBAAiB;CAG1E,MAAM,OAAQ,MAAM,SAAS,MAAM;AAEnC,QAAO;EACL,aAAa,KAAK;EAClB,cAAc,KAAK;EACnB,WAAW,KAAK;EAChB,WAAY,KAAK,cAAyB;EAC3C;;;;;AAMH,SAAS,WAAW,QAAwB;AAC1C,QAAO,iBAAiB,WAAW,iBAAiB;;;;;AAMtD,MAAa,YAAY;CACvB;CACA;CACA;CACA;CACD;;;;AASD,SAAS,gBAAwB;CAC/B,MAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,QAAO,gBAAgB,MAAM;AAC7B,QAAO,MAAM,KAAK,QAAQ,MAAM,EAAE,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,KAAK,GAAG"}