@andocorp/cli 0.2.0 → 0.3.0

package/dist/cli-login.js

@@ -0,0 +1,335 @@
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { sleep } from "./cli-login-browser.js";
+import { CliLoginRequestError } from "./cli-login-errors.js";
+import { getPendingCliLoginPath, getPendingCliLoginPaths } from "./cli-login-paths.js";
+import { DEFAULT_CLI_REQUEST_TIMEOUT_MS } from "./timeouts.js";
+const CREATE_CLI_LOGIN_SESSION_PATH = "/auth/cli-login/session";
+const REDEEM_CLI_LOGIN_SESSION_PATH = "/auth/cli-login/redeem";
+const DEFAULT_CLI_LOGIN_POLL_INTERVAL_MS = 2_000;
+const terminalCliLoginErrorCodes = new Set([
+    "cli_login_already_approved",
+    "cli_login_expired",
+    "cli_login_invalid_poll_token",
+    "cli_login_membership_inactive",
+    "cli_login_session_consumed",
+    "cli_login_session_not_found",
+    "invalid_request",
+    "invalid_api_key",
+    "unsupported_api_key_type",
+]);
+const terminalCliLoginErrorMessages = {
+    cli_login_already_approved: "CLI login was already approved. Run `ando login` again to start a new session.",
+    cli_login_expired: "CLI login session expired. Run `ando login` again.",
+    cli_login_invalid_poll_token: "CLI login session is invalid. Run `ando login` again.",
+    cli_login_membership_inactive: "Your Ando workspace membership is inactive, so CLI login cannot continue.",
+    cli_login_rate_limited: "CLI login is rate-limited. Try again later.",
+    cli_login_session_consumed: "CLI login session was already consumed. Run `ando login` again.",
+    cli_login_session_not_found: "CLI login session was not found. Run `ando login` again.",
+    invalid_api_key: "CLI credential is no longer valid.",
+    invalid_request: "CLI login request was invalid. Run `ando login` again.",
+    unsupported_api_key_type: "This API key cannot be revoked by the CLI.",
+};
+export { openBrowser, sleep } from "./cli-login-browser.js";
+export { CliLoginRequestError } from "./cli-login-errors.js";
+export async function savePendingCliLoginSession(session) {
+    const pendingPath = getPendingCliLoginPath();
+    await mkdir(path.dirname(pendingPath), { recursive: true });
+    const payload = {
+        ...session,
+        savedAt: new Date().toISOString(),
+    };
+    await writeFile(pendingPath, JSON.stringify(payload, null, 2), {
+        mode: 0o600,
+    });
+}
+export async function readPendingCliLoginSession() {
+    try {
+        const raw = await readFile(getPendingCliLoginPath(), "utf8");
+        const parsed = JSON.parse(raw);
+        return parsePendingCliLoginSession(parsed);
+    }
+    catch (error) {
+        const errorCode = error instanceof Error && "code" in error ? error.code : undefined;
+        if (errorCode === "ENOENT") {
+            return null;
+        }
+        throw error;
+    }
+}
+export async function clearPendingCliLoginSession() {
+    await Promise.all(getPendingCliLoginPaths().map((pendingPath) => rm(pendingPath, { force: true })));
+}
+export async function createCliLoginSession(params) {
+    const response = await postCliLoginJson({
+        baseUrl: params.baseUrl,
+        fetchFn: params.fetchFn,
+        path: CREATE_CLI_LOGIN_SESSION_PATH,
+    });
+    if (response.status !== 201) {
+        throwCliLoginResponseError(response.body);
+    }
+    return parseCreateCliLoginSessionResponse(response.body);
+}
+export async function redeemCliLoginSession(params) {
+    const response = await postCliLoginJson({
+        baseUrl: params.baseUrl,
+        body: {
+            cli_auth_session_id: params.cliAuthSessionId,
+            poll_token: params.pollToken,
+        },
+        fetchFn: params.fetchFn,
+        path: REDEEM_CLI_LOGIN_SESSION_PATH,
+    });
+    if (response.status === 202) {
+        return parseRedeemCliLoginSessionPendingResponse(response, params.now);
+    }
+    if (response.status === 200) {
+        return parseRedeemCliLoginSessionSuccessResponse(response.body);
+    }
+    throwCliLoginResponseError(response.body);
+}
+export async function pollCliLoginSession(params) {
+    const redeemSession = params.redeemSession ?? redeemCliLoginSession;
+    const sleepFn = params.sleep ?? sleep;
+    const now = params.now ?? Date.now;
+    let expiresAt = params.expiresAt;
+    while (now() < parseCliLoginExpirationMs(expiresAt)) {
+        const result = await redeemSession({
+            baseUrl: params.baseUrl,
+            cliAuthSessionId: params.cliAuthSessionId,
+            fetchFn: params.fetchFn,
+            now,
+            pollToken: params.pollToken,
+        });
+        if (result.status === "approved") {
+            return result;
+        }
+        expiresAt = result.expiresAt;
+        const remainingMs = parseCliLoginExpirationMs(expiresAt) - now();
+        if (remainingMs <= 0) {
+            break;
+        }
+        await sleepFn(Math.min(result.retryAfterMs, remainingMs));
+    }
+    throw new CliLoginRequestError("CLI login session expired. Run `ando login` again.", {
+        errorCode: "cli_login_expired",
+        terminal: true,
+    });
+}
+function buildCliLoginUrl(baseUrl, apiPath) {
+    return `${baseUrl.replace(/\/+$/, "")}${apiPath}`;
+}
+async function postCliLoginJson(params) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => {
+        controller.abort();
+    }, DEFAULT_CLI_REQUEST_TIMEOUT_MS);
+    try {
+        const init = {
+            headers: {
+                Accept: "application/json",
+                ...(params.body == null ? {} : { "Content-Type": "application/json" }),
+            },
+            method: "POST",
+            signal: controller.signal,
+        };
+        if (params.body != null) {
+            init.body = JSON.stringify(params.body);
+        }
+        const fetchFn = params.fetchFn ?? globalThis.fetch.bind(globalThis);
+        const response = await fetchFn(buildCliLoginUrl(params.baseUrl, params.path), init);
+        const bodyText = await response.text();
+        return {
+            body: bodyText.trim() === "" ? null : parseCliLoginJson(bodyText),
+            headers: response.headers,
+            status: response.status,
+        };
+    }
+    catch (error) {
+        if (error instanceof Error && error.name === "AbortError") {
+            throw new Error(`[ando-cli] login request timed out after ${DEFAULT_CLI_REQUEST_TIMEOUT_MS}ms`, { cause: error });
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+function parseCliLoginJson(bodyText) {
+    try {
+        return JSON.parse(bodyText);
+    }
+    catch {
+        throw new CliLoginRequestError("Malformed CLI login response: invalid JSON.", {
+            terminal: true,
+        });
+    }
+}
+function parseCreateCliLoginSessionResponse(body) {
+    const response = getRecord(body);
+    const data = getRecord(response["data"]);
+    if (response["success"] !== true) {
+        throwMalformedCliLoginResponse("create session response missing data");
+    }
+    const browserUrl = getNonEmptyString(data, "browser_url");
+    const cliAuthSessionId = getNonEmptyString(data, "cli_auth_session_id");
+    const expiresAt = getCliLoginExpiresAt(data, "expires_at");
+    const pollToken = getNonEmptyString(data, "poll_token");
+    const verificationCode = getNonEmptyString(data, "verification_code");
+    if (browserUrl == null ||
+        cliAuthSessionId == null ||
+        expiresAt == null ||
+        pollToken == null ||
+        verificationCode == null) {
+        throwMalformedCliLoginResponse("create session response missing required fields");
+    }
+    parseCliLoginExpirationMs(expiresAt);
+    return {
+        browserUrl,
+        cliAuthSessionId,
+        expiresAt,
+        pollToken,
+        verificationCode,
+    };
+}
+function parseRedeemCliLoginSessionPendingResponse(response, now) {
+    const body = getRecord(response.body);
+    const expiresAt = getCliLoginExpiresAt(body, "expires_at");
+    const status = getNonEmptyString(body, "status");
+    const errorCode = getNonEmptyString(body, "error_code");
+    if (expiresAt == null ||
+        status !== "pending" ||
+        errorCode !== "authorization_pending") {
+        throwMalformedCliLoginResponse("pending redeem response missing required fields");
+    }
+    parseCliLoginExpirationMs(expiresAt);
+    return {
+        status: "pending",
+        expiresAt,
+        retryAfterMs: parseRetryAfterMs(response.headers.get("Retry-After"), now) ??
+            DEFAULT_CLI_LOGIN_POLL_INTERVAL_MS,
+    };
+}
+function parseRedeemCliLoginSessionSuccessResponse(body) {
+    const response = getRecord(body);
+    const data = getRecord(response["data"]);
+    if (response["success"] !== true) {
+        throwMalformedCliLoginResponse("success redeem response missing data");
+    }
+    const status = getNonEmptyString(data, "status");
+    const apiKey = getNonEmptyString(data, "api_key");
+    if (status !== "approved" || apiKey == null) {
+        throwMalformedCliLoginResponse("success redeem response missing approval data");
+    }
+    const workspaceId = getNonEmptyString(data, "workspace_id");
+    const workspaceMembershipId = getNonEmptyString(data, "workspace_membership_id");
+    return {
+        status: "approved",
+        apiKey,
+        workspaceId: workspaceId ?? undefined,
+        workspaceMembershipId: workspaceMembershipId ?? undefined,
+    };
+}
+function parsePendingCliLoginSession(parsed) {
+    const apiHost = getRequiredPendingString(parsed, "apiHost");
+    const baseUrl = getRequiredPendingString(parsed, "baseUrl");
+    const browserUrl = getRequiredPendingString(parsed, "browserUrl");
+    const cliAuthSessionId = getRequiredPendingString(parsed, "cliAuthSessionId");
+    const expiresAt = getRequiredPendingExpiresAt(parsed, "expiresAt");
+    const pollToken = getRequiredPendingString(parsed, "pollToken");
+    const realtimeHost = typeof parsed.realtimeHost === "string" ? parsed.realtimeHost : undefined;
+    const verificationCode = getRequiredPendingString(parsed, "verificationCode");
+    parseCliLoginExpirationMs(expiresAt);
+    return {
+        apiHost,
+        baseUrl,
+        browserUrl,
+        cliAuthSessionId,
+        expiresAt,
+        pollToken,
+        realtimeHost,
+        verificationCode,
+    };
+}
+function getRequiredPendingString(parsed, key) {
+    const value = parsed[key];
+    if (typeof value === "string" && value.trim() !== "") {
+        return value;
+    }
+    throw new CliLoginRequestError("Pending CLI login session is malformed. Run `ando login --no-browser` again.", {
+        terminal: true,
+    });
+}
+function getRequiredPendingExpiresAt(parsed, key) {
+    const value = parsed[key];
+    if ((typeof value === "string" && value.trim() !== "") ||
+        (typeof value === "number" && Number.isFinite(value))) {
+        return value;
+    }
+    throw new CliLoginRequestError("Pending CLI login session is malformed. Run `ando login --no-browser` again.", {
+        terminal: true,
+    });
+}
+function parseRetryAfterMs(value, now) {
+    if (value == null || value.trim() === "") {
+        return undefined;
+    }
+    const numericSeconds = Number(value);
+    if (Number.isFinite(numericSeconds) && numericSeconds >= 0) {
+        return numericSeconds * 1_000;
+    }
+    const retryAtMs = Date.parse(value);
+    if (Number.isFinite(retryAtMs)) {
+        return Math.max(0, retryAtMs - (now ?? Date.now)());
+    }
+    return undefined;
+}
+function parseCliLoginExpirationMs(expiresAt) {
+    const expiresAtMs = typeof expiresAt === "number" ? expiresAt : Date.parse(expiresAt);
+    if (!Number.isFinite(expiresAtMs)) {
+        throwMalformedCliLoginResponse("expires_at is not a valid timestamp");
+    }
+    return expiresAtMs;
+}
+function throwCliLoginResponseError(body) {
+    const response = getRecord(body);
+    const errorCode = getNonEmptyString(response, "error_code");
+    const errorMessage = getNonEmptyString(response, "error_message");
+    if (errorCode == null) {
+        throwMalformedCliLoginResponse("error response missing error_code");
+    }
+    throw new CliLoginRequestError(formatCliLoginError(errorCode, errorMessage), {
+        errorCode,
+        terminal: terminalCliLoginErrorCodes.has(errorCode),
+    });
+}
+function formatCliLoginError(errorCode, errorMessage) {
+    const knownMessage = terminalCliLoginErrorMessages[errorCode];
+    const message = knownMessage ?? errorMessage ?? "CLI login failed.";
+    return `${message} (${errorCode})`;
+}
+function throwMalformedCliLoginResponse(reason) {
+    throw new CliLoginRequestError(`Malformed CLI login response: ${reason}.`, {
+        terminal: true,
+    });
+}
+function getRecord(value) {
+    return value != null && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : {};
+}
+function getNonEmptyString(record, key) {
+    const value = record[key];
+    return typeof value === "string" && value.trim() !== "" ? value : null;
+}
+function getCliLoginExpiresAt(record, key) {
+    const value = record[key];
+    if (typeof value === "string" && value.trim() !== "") {
+        return value;
+    }
+    if (typeof value === "number" && Number.isFinite(value)) {
+        return value;
+    }
+    return null;
+}

package/dist/client.js

@@ -0,0 +1,104 @@
+import { AndoClient, } from "@andocorp/sdk";
+import { DEFAULT_CLI_REQUEST_TIMEOUT_MS } from "./timeouts.js";
+function adaptConversationPage(response) {
+    return {
+        items: response.items,
+        cursor: response.pageInfo.hasPreviousPage
+            ? (response.pageInfo.startCursor ?? null)
+            : null,
+        hasMore: response.pageInfo.hasPreviousPage,
+    };
+}
+function formatDiagnosticError(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+export function createCliDiagnosticsSink() {
+    const debug = process.env["ANDO_DEBUG"];
+    if (debug !== "1" && debug !== "true") {
+        return undefined;
+    }
+    return (event) => {
+        if (event.type === "http") {
+            const status = event.status == null ? "failed" : String(event.status);
+            const suffix = event.ok ? "" : ` ${formatDiagnosticError(event.error)}`;
+            process.stderr.write(`[ando-debug] ${event.method} ${event.path} ${status} ${event.durationMs}ms${suffix}\n`);
+            return;
+        }
+        const suffix = event.error == null ? "" : ` ${formatDiagnosticError(event.error)}`;
+        process.stderr.write(`[ando-debug] realtime ${event.operation} ${event.reason ?? ""} ${event.durationMs ?? 0}ms${suffix}\n`);
+    };
+}
+export function createAndoCliClient(config) {
+    const client = new AndoClient({
+        auth: {
+            apiKey: config.apiKey,
+        },
+        baseUrl: config.baseUrl,
+        diagnostics: createCliDiagnosticsSink(),
+        realtimeHost: config.realtimeHost,
+        requestTimeoutMs: DEFAULT_CLI_REQUEST_TIMEOUT_MS,
+    });
+    async function getAllMemberships() {
+        const memberships = [];
+        let cursor;
+        do {
+            const response = await client.getMyMemberships({
+                cursor,
+                limit: 200,
+            });
+            memberships.push(...response.items);
+            cursor = response.pageInfo.hasNextPage ? response.pageInfo.nextCursor : undefined;
+        } while (cursor != null);
+        return memberships;
+    }
+    async function getConversationMessagesPage(params) {
+        const query = {
+            ...(params.cursor != null ? { before: params.cursor } : {}),
+            limit: params.limit ?? 25,
+        };
+        return adaptConversationPage(await client.getConversationMessages(params.conversationId, query));
+    }
+    async function getMessage(messageId) {
+        try {
+            return await client.getConversationMessage(messageId);
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes("404")) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    return {
+        addReaction(messageId, emoji) {
+            return client.addReaction(messageId, emoji);
+        },
+        async close() { },
+        getAllMemberships,
+        getConversationMessages(conversationId, limit = 25) {
+            return getConversationMessagesPage({
+                conversationId,
+                limit,
+            });
+        },
+        getConversationMessagesPage,
+        getMe() {
+            return client.getMe();
+        },
+        getMessage,
+        async getThreadReplies(messageId) {
+            const response = await client.getThreadReplies(messageId, {
+                limit: 100,
+            });
+            return response.items;
+        },
+        postMessage(params) {
+            return client.postMessage({
+                conversationId: params.conversationId,
+                markdownContent: params.markdownContent,
+                threadRootId: params.threadRootId,
+            });
+        },
+        realtime: client.realtime,
+    };
+}

package/dist/commands.js

@@ -0,0 +1,155 @@
+import { DEFAULT_ANDO_BASE_URL } from "@andocorp/sdk";
+import { getStringFlag, hasFlag } from "./args.js";
+import { CliLoginRequestError, clearPendingCliLoginSession, createCliLoginSession, openBrowser, pollCliLoginSession, readPendingCliLoginSession, savePendingCliLoginSession, } from "./cli-login.js";
+import { getConfigPath, readSavedConfigMetadata, saveConfig } from "./config.js";
+import { getConfiguredApiHost, getConfiguredBaseUrl, getConfiguredRealtimeHost, } from "./session.js";
+export async function runLogin(parsedArgs, dependencies = {}) {
+    const loginSubcommand = parsedArgs.positionals[1];
+    if (loginSubcommand === "poll") {
+        await runLoginPoll(dependencies);
+        return;
+    }
+    if (loginSubcommand != null) {
+        throw new Error(`Unknown login command: ${loginSubcommand}`);
+    }
+    const stdout = dependencies.stdout ?? process.stdout;
+    const savedConfig = await (dependencies.readSavedConfig ?? readSavedConfigMetadata)();
+    const hosts = getConfiguredLoginHosts(parsedArgs, savedConfig);
+    const apiKey = getLoginApiKey(parsedArgs);
+    if (apiKey != null) {
+        await saveApiKeyLogin({
+            apiKey,
+            hosts,
+            saveConfig: dependencies.saveConfig ?? saveConfig,
+            stdout,
+        });
+        return;
+    }
+    await runBrowserLogin(parsedArgs, dependencies, { hosts, stdout });
+}
+async function runBrowserLogin(parsedArgs, dependencies, context) {
+    const session = await (dependencies.createCliLoginSession ?? createCliLoginSession)({
+        baseUrl: context.hosts.baseUrl,
+    });
+    if (hasFlag(parsedArgs, "no-browser")) {
+        await (dependencies.savePendingCliLoginSession ?? savePendingCliLoginSession)({
+            ...session,
+            ...context.hosts,
+        });
+        writeNoBrowserLoginInstructions(context.stdout, session);
+        return;
+    }
+    context.stdout.write(`Opening browser to log in. Confirm that this verification code matches what you see in the browser:\n\n  ${session.verificationCode}\n\n`);
+    try {
+        await (dependencies.openBrowser ?? openBrowser)(session.browserUrl);
+    }
+    catch {
+        await (dependencies.savePendingCliLoginSession ?? savePendingCliLoginSession)({
+            ...session,
+            ...context.hosts,
+        });
+        context.stdout.write("Could not open the browser automatically.\n\n");
+        writeNoBrowserLoginInstructions(context.stdout, session);
+        return;
+    }
+    context.stdout.write("Waiting for confirmation...");
+    const approvedSession = await (dependencies.pollCliLoginSession ?? pollCliLoginSession)({
+        baseUrl: context.hosts.baseUrl,
+        cliAuthSessionId: session.cliAuthSessionId,
+        expiresAt: session.expiresAt,
+        now: dependencies.now,
+        pollToken: session.pollToken,
+        redeemSession: dependencies.redeemCliLoginSession,
+        sleep: dependencies.sleep,
+    });
+    await (dependencies.saveConfig ?? saveConfig)({
+        apiKey: approvedSession.apiKey,
+        credentialSource: "browser_login",
+        ...context.hosts,
+        ...getApprovedSessionWorkspaceConfig(approvedSession),
+    });
+    context.stdout.write("\r✓ Authenticated!          \n");
+}
+async function runLoginPoll(dependencies) {
+    const stdout = dependencies.stdout ?? process.stdout;
+    const pendingSession = await (dependencies.readPendingCliLoginSession ?? readPendingCliLoginSession)();
+    if (pendingSession == null) {
+        throw new Error("No pending CLI login session. Run `ando login --no-browser` first.");
+    }
+    stdout.write("Waiting for confirmation...");
+    try {
+        const approvedSession = await (dependencies.pollCliLoginSession ?? pollCliLoginSession)({
+            baseUrl: pendingSession.baseUrl,
+            cliAuthSessionId: pendingSession.cliAuthSessionId,
+            expiresAt: pendingSession.expiresAt,
+            now: dependencies.now,
+            pollToken: pendingSession.pollToken,
+            redeemSession: dependencies.redeemCliLoginSession,
+            sleep: dependencies.sleep,
+        });
+        await (dependencies.saveConfig ?? saveConfig)({
+            apiKey: approvedSession.apiKey,
+            apiHost: pendingSession.apiHost,
+            baseUrl: pendingSession.baseUrl,
+            credentialSource: "browser_login",
+            ...getApprovedSessionWorkspaceConfig(approvedSession),
+            realtimeHost: pendingSession.realtimeHost,
+        });
+        await (dependencies.clearPendingCliLoginSession ?? clearPendingCliLoginSession)();
+    }
+    catch (error) {
+        if (error instanceof CliLoginRequestError && error.terminal) {
+            await (dependencies.clearPendingCliLoginSession ?? clearPendingCliLoginSession)();
+        }
+        throw error;
+    }
+    stdout.write("\r✓ Authenticated!          \n");
+}
+function getLoginApiKey(parsedArgs) {
+    const explicitApiKey = getStringFlag(parsedArgs, "api-key");
+    if (explicitApiKey != null) {
+        if (hasFlag(parsedArgs, "no-browser")) {
+            throw new Error("Use either --api-key or --no-browser, not both.");
+        }
+        return explicitApiKey.trim();
+    }
+    if (hasFlag(parsedArgs, "no-browser")) {
+        return null;
+    }
+    const apiKey = process.env["ANDO_API_KEY"];
+    return apiKey == null ? null : apiKey.trim();
+}
+function getConfiguredLoginHosts(parsedArgs, savedConfig) {
+    return {
+        baseUrl: getConfiguredBaseUrl(parsedArgs, savedConfig?.baseUrl ?? null) ??
+            DEFAULT_ANDO_BASE_URL,
+        apiHost: getConfiguredApiHost(parsedArgs, savedConfig?.apiHost ?? null),
+        realtimeHost: getConfiguredRealtimeHost(parsedArgs, savedConfig?.realtimeHost ?? null),
+    };
+}
+async function saveApiKeyLogin(params) {
+    if (params.apiKey === "") {
+        throw new Error("login requires a non-empty --api-key or ANDO_API_KEY.");
+    }
+    await params.saveConfig({
+        apiKey: params.apiKey,
+        credentialSource: "api_key",
+        ...params.hosts,
+    });
+    params.stdout.write(`Saved CLI session to ${getConfigPath()}\n`);
+    params.stdout.write("Configured API key authentication.\n");
+}
+function getApprovedSessionWorkspaceConfig(session) {
+    return {
+        ...(session.workspaceId != null ? { defaultWorkspaceId: session.workspaceId } : {}),
+        ...(session.workspaceMembershipId != null
+            ? { defaultWorkspaceMembershipId: session.workspaceMembershipId }
+            : {}),
+    };
+}
+function writeNoBrowserLoginInstructions(stdout, session) {
+    stdout.write(`Open this URL in your browser to log in:\n\n  ${session.browserUrl}\n\n`);
+    stdout.write(`Confirm that this verification code matches what you see in the browser:\n\n  ${session.verificationCode}\n\n`);
+    stdout.write("Then run this command to complete login:\n\n  ando login poll\n\n");
+    stdout.write("  hint: For agents: You must show the URL above to the user to click, then run `ando login poll`. The poll command will wait for the user to confirm in the browser and exit once login is complete. Do not ask the user before polling -- they have already requested to log in.\n");
+}

package/dist/config-credential-metadata.js

@@ -0,0 +1,68 @@
+function isRecord(value) {
+    return value != null && typeof value === "object" && !Array.isArray(value);
+}
+function getNonEmptyString(source, key) {
+    const value = isRecord(source) ? source[key] : null;
+    return typeof value === "string" && value.trim() !== "" ? value.trim() : null;
+}
+export function readCredentialSource(source) {
+    const credentialSource = getNonEmptyString(source, "source");
+    return credentialSource === "api_key" || credentialSource === "browser_login"
+        ? credentialSource
+        : undefined;
+}
+export function getCredentialMetadataKey(storage, account) {
+    return `${storage}:${account}`;
+}
+function readConfigCredentialSource(parsed) {
+    if (!isRecord(parsed) || !isRecord(parsed["credential"])) {
+        return undefined;
+    }
+    const account = getNonEmptyString(parsed["credential"], "account");
+    const storage = getNonEmptyString(parsed["credential"], "storage");
+    return account != null && (storage === "keyring" || storage === "file")
+        ? readCredentialSource(parsed["credential"])
+        : undefined;
+}
+function readCredentialMetadata(source) {
+    return {
+        apiHost: getNonEmptyString(source, "apiHost") ?? undefined,
+        baseUrl: getNonEmptyString(source, "baseUrl") ?? undefined,
+        defaultWorkspaceId: getNonEmptyString(source, "defaultWorkspaceId") ?? undefined,
+        defaultWorkspaceMembershipId: getNonEmptyString(source, "defaultWorkspaceMembershipId") ?? undefined,
+        realtimeHost: getNonEmptyString(source, "realtimeHost") ?? undefined,
+        source: readCredentialSource(source),
+    };
+}
+export function buildSavedConfigMetadata(parsed) {
+    return {
+        apiHost: getNonEmptyString(parsed, "apiHost") ?? undefined,
+        baseUrl: getNonEmptyString(parsed, "baseUrl") ?? undefined,
+        credentialSource: readConfigCredentialSource(parsed),
+        defaultWorkspaceId: getNonEmptyString(parsed, "defaultWorkspaceId") ?? undefined,
+        defaultWorkspaceMembershipId: getNonEmptyString(parsed, "defaultWorkspaceMembershipId") ?? undefined,
+        realtimeHost: getNonEmptyString(parsed, "realtimeHost") ?? undefined,
+    };
+}
+export function readCredentialMetadataMap(source) {
+    const metadata = new Map();
+    if (!isRecord(source) || !isRecord(source["credentialMetadata"])) {
+        return metadata;
+    }
+    for (const [account, value] of Object.entries(source["credentialMetadata"])) {
+        if (account.trim() !== "" && isRecord(value)) {
+            metadata.set(account, readCredentialMetadata(value));
+        }
+    }
+    return metadata;
+}
+export function getSaveCredentialMetadata(config) {
+    return {
+        apiHost: config.apiHost,
+        baseUrl: config.baseUrl,
+        defaultWorkspaceId: config.defaultWorkspaceId,
+        defaultWorkspaceMembershipId: config.defaultWorkspaceMembershipId,
+        realtimeHost: config.realtimeHost,
+        source: config.credentialSource,
+    };
+}