@arcanea/auth 1.0.3

package/README.md

@@ -0,0 +1,43 @@
+# @arcanea/auth
+
+> **Universal AI provider authentication for the Arcanea ecosystem.**
+
+Manages API keys and credentials across AI providers — Anthropic, OpenAI, Google, GitHub Copilot, and more.
+
+## Features
+
+- Secure keystore with platform-native credential storage
+- Provider adapters for Claude, ChatGPT, Gemini, Copilot, OpenCode
+- Key validation before storage
+- Unified authentication interface for `@arcanea/cli`
+
+## Usage
+
+```typescript
+import { AuthManager, validateKey } from '@arcanea/auth';
+
+const auth = new AuthManager();
+
+// Store a key
+await auth.set('anthropic', process.env.ANTHROPIC_API_KEY);
+
+// Retrieve a key
+const key = await auth.get('anthropic');
+
+// Validate before storing
+const valid = await validateKey('anthropic', key);
+```
+
+## Supported Providers
+
+| Provider | Adapter | Key Format |
+|----------|---------|------------|
+| Anthropic (Claude) | `anthropic` | `sk-ant-*` |
+| OpenAI (ChatGPT) | `openai` | `sk-*` |
+| Google (Gemini) | `google` | API key |
+| GitHub (Copilot) | `github` | `gho_*` / `ghp_*` |
+| OpenCode | `opencode` | Various |
+
+## License
+
+MIT

package/dist/adapters/claude.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Claude/Anthropic Auth Adapter
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class ClaudeAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=claude.d.ts.map

package/dist/adapters/claude.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude.d.ts","sourceRoot":"","sources":["../../src/adapters/claude.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG1E,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,EAAE,YAAY,CAAY;IAClC,WAAW,SAAwB;IAE7B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqBlD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAMlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/claude.js

@@ -0,0 +1,38 @@
+/**
+ * Claude/Anthropic Auth Adapter
+ */
+import { httpValidate } from '../validate.js';
+export class ClaudeAuthAdapter {
+    provider = 'claude';
+    displayName = 'Claude (Anthropic)';
+    async validate(credential) {
+        const result = await httpValidate('https://api.anthropic.com/v1/models', {
+            'x-api-key': credential,
+            'anthropic-version': '2023-06-01',
+        });
+        if (!result.ok) {
+            return { provider: 'claude', validated: false, models: [], capabilities: [] };
+        }
+        const data = result.body;
+        const models = data?.data?.map((m) => m.id) || [];
+        return {
+            provider: 'claude',
+            validated: true,
+            models,
+            capabilities: ['chat', 'vision', 'tools', 'computer-use'],
+        };
+    }
+    async detectFromEnv() {
+        const key = process.env.ANTHROPIC_API_KEY;
+        if (!key)
+            return null;
+        return this.validate(key);
+    }
+    envVarNames() {
+        return ['ANTHROPIC_API_KEY'];
+    }
+    getSetupUrl() {
+        return 'https://console.anthropic.com/settings/keys';
+    }
+}
+//# sourceMappingURL=claude.js.map

package/dist/adapters/claude.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude.js","sourceRoot":"","sources":["../../src/adapters/claude.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,OAAO,iBAAiB;IAC5B,QAAQ,GAAiB,QAAQ,CAAC;IAClC,WAAW,GAAG,oBAAoB,CAAC;IAEnC,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,qCAAqC,EAAE;YACvE,WAAW,EAAE,UAAU;YACvB,mBAAmB,EAAE,YAAY;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAwC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QAElD,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;YACf,MAAM;YACN,YAAY,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,CAAC;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC1C,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED,WAAW;QACT,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC/B,CAAC;IAED,WAAW;QACT,OAAO,6CAA6C,CAAC;IACvD,CAAC;CACF"}

package/dist/adapters/copilot.d.ts

@@ -0,0 +1,13 @@
+/**
+ * GitHub Copilot Auth Adapter
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class CopilotAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(_credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=copilot.d.ts.map

package/dist/adapters/copilot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"copilot.d.ts","sourceRoot":"","sources":["../../src/adapters/copilot.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG1E,qBAAa,kBAAmB,YAAW,WAAW;IACpD,QAAQ,EAAE,YAAY,CAAa;IACnC,WAAW,SAAoB;IAEzB,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAMnD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAuBlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/copilot.js

@@ -0,0 +1,41 @@
+/**
+ * GitHub Copilot Auth Adapter
+ */
+import { execSync } from 'node:child_process';
+export class CopilotAuthAdapter {
+    provider = 'copilot';
+    displayName = 'GitHub Copilot';
+    async validate(_credential) {
+        // Copilot auth is via gh CLI, not API key
+        const session = await this.detectFromEnv();
+        return session ?? { provider: 'copilot', validated: false, models: [], capabilities: [] };
+    }
+    async detectFromEnv() {
+        try {
+            const output = execSync('gh auth status 2>&1', { encoding: 'utf-8', stdio: 'pipe' });
+            const isLoggedIn = output.includes('Logged in');
+            if (!isLoggedIn)
+                return null;
+            // Extract account info
+            const accountMatch = output.match(/account\s+(\S+)/);
+            const accountName = accountMatch?.[1];
+            return {
+                provider: 'copilot',
+                validated: true,
+                accountName,
+                models: ['copilot'],
+                capabilities: ['code-completion', 'chat', 'workspace-context'],
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    envVarNames() {
+        return ['GITHUB_TOKEN'];
+    }
+    getSetupUrl() {
+        return 'https://github.com/features/copilot';
+    }
+}
+//# sourceMappingURL=copilot.js.map

package/dist/adapters/copilot.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"copilot.js","sourceRoot":"","sources":["../../src/adapters/copilot.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,MAAM,OAAO,kBAAkB;IAC7B,QAAQ,GAAiB,SAAS,CAAC;IACnC,WAAW,GAAG,gBAAgB,CAAC;IAE/B,KAAK,CAAC,QAAQ,CAAC,WAAmB;QAChC,0CAA0C;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3C,OAAO,OAAO,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAC5F,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACrF,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEhD,IAAI,CAAC,UAAU;gBAAE,OAAO,IAAI,CAAC;YAE7B,uBAAuB;YACvB,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACrD,MAAM,WAAW,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC;YAEtC,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,IAAI;gBACf,WAAW;gBACX,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,YAAY,EAAE,CAAC,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,CAAC;aAC/D,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,WAAW;QACT,OAAO,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC;IAED,WAAW;QACT,OAAO,qCAAqC,CAAC;IAC/C,CAAC;CACF"}

package/dist/adapters/cursor.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Cursor IDE Auth Adapter
+ * Cursor is local-first — no authentication required.
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class CursorAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(_credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=cursor.d.ts.map

package/dist/adapters/cursor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cursor.d.ts","sourceRoot":"","sources":["../../src/adapters/cursor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE1E,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,EAAE,YAAY,CAAY;IAClC,WAAW,SAAgB;IAErB,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IASnD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAUlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/cursor.js

@@ -0,0 +1,32 @@
+/**
+ * Cursor IDE Auth Adapter
+ * Cursor is local-first — no authentication required.
+ */
+export class CursorAuthAdapter {
+    provider = 'cursor';
+    displayName = 'Cursor IDE';
+    async validate(_credential) {
+        return {
+            provider: 'cursor',
+            validated: true,
+            models: ['local'],
+            capabilities: ['chat', 'plugins', 'hooks'],
+        };
+    }
+    async detectFromEnv() {
+        // Always valid — no auth needed
+        return {
+            provider: 'cursor',
+            validated: true,
+            models: ['local'],
+            capabilities: ['chat', 'plugins', 'hooks'],
+        };
+    }
+    envVarNames() {
+        return [];
+    }
+    getSetupUrl() {
+        return 'https://cursor.com';
+    }
+}
+//# sourceMappingURL=cursor.js.map

package/dist/adapters/cursor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cursor.js","sourceRoot":"","sources":["../../src/adapters/cursor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,OAAO,iBAAiB;IAC5B,QAAQ,GAAiB,QAAQ,CAAC;IAClC,WAAW,GAAG,YAAY,CAAC;IAE3B,KAAK,CAAC,QAAQ,CAAC,WAAmB;QAChC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,OAAO,CAAC;YACjB,YAAY,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,gCAAgC;QAChC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,OAAO,CAAC;YACjB,YAAY,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,WAAW;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,WAAW;QACT,OAAO,oBAAoB,CAAC;IAC9B,CAAC;CACF"}

package/dist/adapters/gemini.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Google Gemini Auth Adapter
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class GeminiAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=gemini.d.ts.map

package/dist/adapters/gemini.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gemini.d.ts","sourceRoot":"","sources":["../../src/adapters/gemini.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG1E,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,EAAE,YAAY,CAAY;IAClC,WAAW,SAAqB;IAE1B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqBlD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAMlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/gemini.js

@@ -0,0 +1,35 @@
+/**
+ * Google Gemini Auth Adapter
+ */
+import { httpValidate } from '../validate.js';
+export class GeminiAuthAdapter {
+    provider = 'gemini';
+    displayName = 'Gemini (Google)';
+    async validate(credential) {
+        const result = await httpValidate(`https://generativelanguage.googleapis.com/v1beta/models?key=${credential}`, {});
+        if (!result.ok) {
+            return { provider: 'gemini', validated: false, models: [], capabilities: [] };
+        }
+        const data = result.body;
+        const models = data?.models?.map((m) => m.name.replace('models/', '')).slice(0, 10) || [];
+        return {
+            provider: 'gemini',
+            validated: true,
+            models,
+            capabilities: ['chat', 'vision', 'image-generation', 'grounding'],
+        };
+    }
+    async detectFromEnv() {
+        const key = process.env.GEMINI_API_KEY || process.env.GOOGLE_GENERATIVE_AI_API_KEY;
+        if (!key)
+            return null;
+        return this.validate(key);
+    }
+    envVarNames() {
+        return ['GEMINI_API_KEY', 'GOOGLE_GENERATIVE_AI_API_KEY'];
+    }
+    getSetupUrl() {
+        return 'https://aistudio.google.com/app/apikey';
+    }
+}
+//# sourceMappingURL=gemini.js.map

package/dist/adapters/gemini.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gemini.js","sourceRoot":"","sources":["../../src/adapters/gemini.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,OAAO,iBAAiB;IAC5B,QAAQ,GAAiB,QAAQ,CAAC;IAClC,WAAW,GAAG,iBAAiB,CAAC;IAEhC,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,+DAA+D,UAAU,EAAE,EAC3E,EAAE,CACH,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAA4C,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAE1F,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;YACf,MAAM;YACN,YAAY,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,CAAC;SAClE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;QACnF,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED,WAAW;QACT,OAAO,CAAC,gBAAgB,EAAE,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IAED,WAAW;QACT,OAAO,wCAAwC,CAAC;IAClD,CAAC;CACF"}

package/dist/adapters/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Auth Adapter Registry
+ */
+import type { AuthAdapter, ProviderType } from '@arcanea/os';
+export declare function getAuthAdapter(provider: ProviderType): AuthAdapter;
+export declare function getAllAdapters(): AuthAdapter[];
+export declare function getAdapterByEnvVar(envVar: string): AuthAdapter | undefined;
+export { ClaudeAuthAdapter } from './claude.js';
+export { OpenAIAuthAdapter } from './openai.js';
+export { GeminiAuthAdapter } from './gemini.js';
+export { CopilotAuthAdapter } from './copilot.js';
+export { CursorAuthAdapter } from './cursor.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAe7D,wBAAgB,cAAc,CAAC,QAAQ,EAAE,YAAY,GAAG,WAAW,CAElE;AAED,wBAAgB,cAAc,IAAI,WAAW,EAAE,CAE9C;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAE1E;AAED,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC"}

package/dist/adapters/index.js

@@ -0,0 +1,30 @@
+/**
+ * Auth Adapter Registry
+ */
+import { ClaudeAuthAdapter } from './claude.js';
+import { OpenAIAuthAdapter } from './openai.js';
+import { GeminiAuthAdapter } from './gemini.js';
+import { CopilotAuthAdapter } from './copilot.js';
+import { CursorAuthAdapter } from './cursor.js';
+const adapters = {
+    claude: new ClaudeAuthAdapter(),
+    openai: new OpenAIAuthAdapter(),
+    gemini: new GeminiAuthAdapter(),
+    copilot: new CopilotAuthAdapter(),
+    cursor: new CursorAuthAdapter(),
+};
+export function getAuthAdapter(provider) {
+    return adapters[provider];
+}
+export function getAllAdapters() {
+    return Object.values(adapters);
+}
+export function getAdapterByEnvVar(envVar) {
+    return Object.values(adapters).find((a) => a.envVarNames().includes(envVar));
+}
+export { ClaudeAuthAdapter } from './claude.js';
+export { OpenAIAuthAdapter } from './openai.js';
+export { GeminiAuthAdapter } from './gemini.js';
+export { CopilotAuthAdapter } from './copilot.js';
+export { CursorAuthAdapter } from './cursor.js';
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,QAAQ,GAAsC;IAClD,MAAM,EAAE,IAAI,iBAAiB,EAAE;IAC/B,MAAM,EAAE,IAAI,iBAAiB,EAAE;IAC/B,MAAM,EAAE,IAAI,iBAAiB,EAAE;IAC/B,OAAO,EAAE,IAAI,kBAAkB,EAAE;IACjC,MAAM,EAAE,IAAI,iBAAiB,EAAE;CAChC,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,QAAsB;IACnD,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC"}

package/dist/adapters/openai.d.ts

@@ -0,0 +1,13 @@
+/**
+ * OpenAI/ChatGPT Auth Adapter
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class OpenAIAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=openai.d.ts.map

package/dist/adapters/openai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.d.ts","sourceRoot":"","sources":["../../src/adapters/openai.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG1E,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,EAAE,YAAY,CAAY;IAClC,WAAW,SAAsB;IAE3B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAoBlD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAMlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/openai.js

@@ -0,0 +1,37 @@
+/**
+ * OpenAI/ChatGPT Auth Adapter
+ */
+import { httpValidate } from '../validate.js';
+export class OpenAIAuthAdapter {
+    provider = 'openai';
+    displayName = 'ChatGPT (OpenAI)';
+    async validate(credential) {
+        const result = await httpValidate('https://api.openai.com/v1/models', {
+            Authorization: `Bearer ${credential}`,
+        });
+        if (!result.ok) {
+            return { provider: 'openai', validated: false, models: [], capabilities: [] };
+        }
+        const data = result.body;
+        const models = data?.data?.map((m) => m.id).filter((id) => id.startsWith('gpt')).slice(0, 10) || [];
+        return {
+            provider: 'openai',
+            validated: true,
+            models,
+            capabilities: ['chat', 'vision', 'tools', 'assistants', 'custom-gpt'],
+        };
+    }
+    async detectFromEnv() {
+        const key = process.env.OPENAI_API_KEY;
+        if (!key)
+            return null;
+        return this.validate(key);
+    }
+    envVarNames() {
+        return ['OPENAI_API_KEY'];
+    }
+    getSetupUrl() {
+        return 'https://platform.openai.com/api-keys';
+    }
+}
+//# sourceMappingURL=openai.js.map

package/dist/adapters/openai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.js","sourceRoot":"","sources":["../../src/adapters/openai.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,OAAO,iBAAiB;IAC5B,QAAQ,GAAiB,QAAQ,CAAC;IAClC,WAAW,GAAG,kBAAkB,CAAC;IAEjC,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,kCAAkC,EAAE;YACpE,aAAa,EAAE,UAAU,UAAU,EAAE;SACtC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAwC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAEpG,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;YACf,MAAM;YACN,YAAY,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,CAAC;SACtE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED,WAAW;QACT,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC5B,CAAC;IAED,WAAW;QACT,OAAO,sCAAsC,CAAC;IAChD,CAAC;CACF"}

package/dist/adapters/opencode.d.ts

@@ -0,0 +1,14 @@
+/**
+ * OpenCode Auth Adapter
+ * OpenCode is open-source — no authentication required.
+ */
+import type { AuthSession, AuthAdapter, ProviderType } from '@arcanea/os';
+export declare class OpenCodeAuthAdapter implements AuthAdapter {
+    provider: ProviderType;
+    displayName: string;
+    validate(_credential: string): Promise<AuthSession>;
+    detectFromEnv(): Promise<AuthSession | null>;
+    envVarNames(): string[];
+    getSetupUrl(): string;
+}
+//# sourceMappingURL=opencode.d.ts.map

package/dist/adapters/opencode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"opencode.d.ts","sourceRoot":"","sources":["../../src/adapters/opencode.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE1E,qBAAa,mBAAoB,YAAW,WAAW;IACrD,QAAQ,EAAE,YAAY,CAAc;IACpC,WAAW,SAAgB;IAErB,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IASnD,aAAa,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAUlD,WAAW,IAAI,MAAM,EAAE;IAIvB,WAAW,IAAI,MAAM;CAGtB"}

package/dist/adapters/opencode.js

@@ -0,0 +1,32 @@
+/**
+ * OpenCode Auth Adapter
+ * OpenCode is open-source — no authentication required.
+ */
+export class OpenCodeAuthAdapter {
+    provider = 'opencode';
+    displayName = 'Cursor IDE';
+    async validate(_credential) {
+        return {
+            provider: 'opencode',
+            validated: true,
+            models: ['local'],
+            capabilities: ['chat', 'plugins', 'hooks'],
+        };
+    }
+    async detectFromEnv() {
+        // Always valid — no auth needed
+        return {
+            provider: 'opencode',
+            validated: true,
+            models: ['local'],
+            capabilities: ['chat', 'plugins', 'hooks'],
+        };
+    }
+    envVarNames() {
+        return [];
+    }
+    getSetupUrl() {
+        return 'https://opencode.ai';
+    }
+}
+//# sourceMappingURL=opencode.js.map

package/dist/adapters/opencode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"opencode.js","sourceRoot":"","sources":["../../src/adapters/opencode.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,OAAO,mBAAmB;IAC9B,QAAQ,GAAiB,UAAU,CAAC;IACpC,WAAW,GAAG,YAAY,CAAC;IAE3B,KAAK,CAAC,QAAQ,CAAC,WAAmB;QAChC,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,OAAO,CAAC;YACjB,YAAY,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,gCAAgC;QAChC,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,OAAO,CAAC;YACjB,YAAY,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,WAAW;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,WAAW;QACT,OAAO,qBAAqB,CAAC;IAC/B,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @arcanea/auth
+ * Universal AI provider authentication for the Arcanea ecosystem.
+ */
+export { getAuthAdapter, getAllAdapters, getAdapterByEnvVar, ClaudeAuthAdapter, OpenAIAuthAdapter, GeminiAuthAdapter, CopilotAuthAdapter, CursorAuthAdapter, } from './adapters/index.js';
+export { createKeystore, CascadingKeystore, EncryptedFileKeystore, EnvKeystore, } from './keystore/index.js';
+export type { KeystoreBackend } from './keystore/index.js';
+export type { AuthConfig, ValidationResult, KeystoreEntry } from './types.js';
+export { httpValidate, maskCredential } from './validate.js';
+export type { AuthSession, AuthAdapter, Keystore, ProviderType } from '@arcanea/os';
+export declare const VERSION = "1.0.0";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EACL,cAAc,EACd,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAG3D,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG9E,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAG7D,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGpF,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/index.js

@@ -0,0 +1,13 @@
+/**
+ * @arcanea/auth
+ * Universal AI provider authentication for the Arcanea ecosystem.
+ */
+// Adapters
+export { getAuthAdapter, getAllAdapters, getAdapterByEnvVar, ClaudeAuthAdapter, OpenAIAuthAdapter, GeminiAuthAdapter, CopilotAuthAdapter, CursorAuthAdapter, } from './adapters/index.js';
+// Keystore
+export { createKeystore, CascadingKeystore, EncryptedFileKeystore, EnvKeystore, } from './keystore/index.js';
+// Utilities
+export { httpValidate, maskCredential } from './validate.js';
+// Version
+export const VERSION = '1.0.0';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,WAAW;AACX,OAAO,EACL,cAAc,EACd,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAE7B,WAAW;AACX,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAM7B,YAAY;AACZ,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAK7D,UAAU;AACV,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC"}

package/dist/keystore/encrypted-file.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Encrypted File Keystore
+ * Stores credentials in an encrypted JSON file at ~/.arcanea/credentials.enc
+ */
+import type { Keystore, ProviderType } from '@arcanea/os';
+export declare class EncryptedFileKeystore implements Keystore {
+    save(provider: ProviderType, credential: string): Promise<void>;
+    load(provider: ProviderType): Promise<string | null>;
+    delete(provider: ProviderType): Promise<void>;
+    list(): Promise<ProviderType[]>;
+}
+//# sourceMappingURL=encrypted-file.d.ts.map

package/dist/keystore/encrypted-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-file.d.ts","sourceRoot":"","sources":["../../src/keystore/encrypted-file.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAqD1D,qBAAa,qBAAsB,YAAW,QAAQ;IAC9C,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM/D,IAAI,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKpD,MAAM,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7C,IAAI,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;CAItC"}

package/dist/keystore/encrypted-file.js

@@ -0,0 +1,74 @@
+/**
+ * Encrypted File Keystore
+ * Stores credentials in an encrypted JSON file at ~/.arcanea/credentials.enc
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { createCipheriv, createDecipheriv, randomBytes, createHash } from 'node:crypto';
+const ARCANEA_DIR = join(homedir(), '.arcanea');
+const CREDS_FILE = join(ARCANEA_DIR, 'credentials.enc');
+const ALGORITHM = 'aes-256-gcm';
+function getMachineKey() {
+    // Derive key from machine-specific data (hostname + homedir)
+    const seed = `arcanea-${homedir()}-${process.env.USER || process.env.USERNAME || 'default'}`;
+    return createHash('sha256').update(seed).digest();
+}
+function encrypt(plaintext) {
+    const key = getMachineKey();
+    const iv = randomBytes(16);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag().toString('hex');
+    return `${iv.toString('hex')}:${authTag}:${encrypted}`;
+}
+function decrypt(ciphertext) {
+    const [ivHex, authTagHex, encrypted] = ciphertext.split(':');
+    const key = getMachineKey();
+    const iv = Buffer.from(ivHex, 'hex');
+    const authTag = Buffer.from(authTagHex, 'hex');
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+function readStore() {
+    if (!existsSync(CREDS_FILE))
+        return {};
+    try {
+        const raw = readFileSync(CREDS_FILE, 'utf-8');
+        return JSON.parse(decrypt(raw));
+    }
+    catch {
+        return {};
+    }
+}
+function writeStore(store) {
+    if (!existsSync(ARCANEA_DIR)) {
+        mkdirSync(ARCANEA_DIR, { recursive: true, mode: 0o700 });
+    }
+    writeFileSync(CREDS_FILE, encrypt(JSON.stringify(store)), { mode: 0o600 });
+}
+export class EncryptedFileKeystore {
+    async save(provider, credential) {
+        const store = readStore();
+        store[provider] = { credential, savedAt: new Date().toISOString() };
+        writeStore(store);
+    }
+    async load(provider) {
+        const store = readStore();
+        return store[provider]?.credential || null;
+    }
+    async delete(provider) {
+        const store = readStore();
+        delete store[provider];
+        writeStore(store);
+    }
+    async list() {
+        const store = readStore();
+        return Object.keys(store);
+    }
+}
+//# sourceMappingURL=encrypted-file.js.map

package/dist/keystore/encrypted-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-file.js","sourceRoot":"","sources":["../../src/keystore/encrypted-file.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGxF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAChD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;AACxD,MAAM,SAAS,GAAG,aAAa,CAAC;AAEhC,SAAS,aAAa;IACpB,6DAA6D;IAC7D,MAAM,IAAI,GAAG,WAAW,OAAO,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;IAC7F,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,OAAO,CAAC,SAAiB;IAChC,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,SAAS,CAAC;AACnB,CAAC;AAID,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAc,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,OAAO,qBAAqB;IAChC,KAAK,CAAC,IAAI,CAAC,QAAsB,EAAE,UAAkB;QACnD,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACpE,UAAU,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAsB;QAC/B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,QAAQ,CAAC,EAAE,UAAU,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAsB;QACjC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvB,UAAU,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAmB,CAAC;IAC9C,CAAC;CACF"}

package/dist/keystore/env.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Environment Variable Keystore
+ * Reads credentials from environment variables.
+ */
+import type { Keystore, ProviderType } from '@arcanea/os';
+export declare class EnvKeystore implements Keystore {
+    save(_provider: ProviderType, _credential: string): Promise<void>;
+    load(provider: ProviderType): Promise<string | null>;
+    delete(_provider: ProviderType): Promise<void>;
+    list(): Promise<ProviderType[]>;
+}
+//# sourceMappingURL=env.d.ts.map

package/dist/keystore/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/keystore/env.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG1D,qBAAa,WAAY,YAAW,QAAQ;IACpC,IAAI,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjE,IAAI,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASpD,MAAM,CAAC,SAAS,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,IAAI,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;CAQtC"}

package/dist/keystore/env.js

@@ -0,0 +1,32 @@
+/**
+ * Environment Variable Keystore
+ * Reads credentials from environment variables.
+ */
+import { getAuthAdapter } from '../adapters/index.js';
+export class EnvKeystore {
+    async save(_provider, _credential) {
+        throw new Error('Cannot save to environment variables. Set them in your shell profile.');
+    }
+    async load(provider) {
+        const adapter = getAuthAdapter(provider);
+        for (const envVar of adapter.envVarNames()) {
+            const value = process.env[envVar];
+            if (value)
+                return value;
+        }
+        return null;
+    }
+    async delete(_provider) {
+        throw new Error('Cannot delete environment variables from here.');
+    }
+    async list() {
+        const providers = ['claude', 'openai', 'gemini', 'copilot', 'cursor'];
+        const found = [];
+        for (const p of providers) {
+            if (await this.load(p))
+                found.push(p);
+        }
+        return found;
+    }
+}
+//# sourceMappingURL=env.js.map

package/dist/keystore/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/keystore/env.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,MAAM,OAAO,WAAW;IACtB,KAAK,CAAC,IAAI,CAAC,SAAuB,EAAE,WAAmB;QACrD,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC3F,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAsB;QAC/B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QACzC,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAClC,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAuB;QAClC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,SAAS,GAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QACtF,MAAM,KAAK,GAAmB,EAAE,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/keystore/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Keystore Factory
+ * Creates the appropriate keystore based on platform capabilities.
+ */
+import type { Keystore, ProviderType } from '@arcanea/os';
+export type KeystoreBackend = 'encrypted-file' | 'env-only';
+/**
+ * Cascading keystore that checks multiple backends in order:
+ * 1. Environment variables (always checked first)
+ * 2. Encrypted file store (for saved credentials)
+ */
+export declare class CascadingKeystore implements Keystore {
+    private envStore;
+    private fileStore;
+    save(provider: ProviderType, credential: string): Promise<void>;
+    load(provider: ProviderType): Promise<string | null>;
+    delete(provider: ProviderType): Promise<void>;
+    list(): Promise<ProviderType[]>;
+}
+export declare function createKeystore(backend?: KeystoreBackend): Keystore;
+export { EncryptedFileKeystore } from './encrypted-file.js';
+export { EnvKeystore } from './env.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/keystore/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI1D,MAAM,MAAM,eAAe,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAE5D;;;;GAIG;AACH,qBAAa,iBAAkB,YAAW,QAAQ;IAChD,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,SAAS,CAA+B;IAE1C,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,IAAI,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASpD,MAAM,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,IAAI,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;CAKtC;AAED,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,QAAQ,CASlE;AAED,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC"}

package/dist/keystore/index.js

@@ -0,0 +1,47 @@
+/**
+ * Keystore Factory
+ * Creates the appropriate keystore based on platform capabilities.
+ */
+import { EncryptedFileKeystore } from './encrypted-file.js';
+import { EnvKeystore } from './env.js';
+/**
+ * Cascading keystore that checks multiple backends in order:
+ * 1. Environment variables (always checked first)
+ * 2. Encrypted file store (for saved credentials)
+ */
+export class CascadingKeystore {
+    envStore = new EnvKeystore();
+    fileStore = new EncryptedFileKeystore();
+    async save(provider, credential) {
+        return this.fileStore.save(provider, credential);
+    }
+    async load(provider) {
+        // Env vars take priority
+        const envCred = await this.envStore.load(provider);
+        if (envCred)
+            return envCred;
+        // Fall back to encrypted file
+        return this.fileStore.load(provider);
+    }
+    async delete(provider) {
+        return this.fileStore.delete(provider);
+    }
+    async list() {
+        const envProviders = await this.envStore.list();
+        const fileProviders = await this.fileStore.list();
+        return [...new Set([...envProviders, ...fileProviders])];
+    }
+}
+export function createKeystore(backend) {
+    switch (backend) {
+        case 'env-only':
+            return new EnvKeystore();
+        case 'encrypted-file':
+            return new EncryptedFileKeystore();
+        default:
+            return new CascadingKeystore();
+    }
+}
+export { EncryptedFileKeystore } from './encrypted-file.js';
+export { EnvKeystore } from './env.js';
+//# sourceMappingURL=index.js.map

package/dist/keystore/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAIvC;;;;GAIG;AACH,MAAM,OAAO,iBAAiB;IACpB,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;IAC7B,SAAS,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAEhD,KAAK,CAAC,IAAI,CAAC,QAAsB,EAAE,UAAkB;QACnD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAsB;QAC/B,yBAAyB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,OAAO;YAAE,OAAO,OAAO,CAAC;QAE5B,8BAA8B;QAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAsB;QACjC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;CACF;AAED,MAAM,UAAU,cAAc,CAAC,OAAyB;IACtD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,UAAU;YACb,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB;YACnB,OAAO,IAAI,qBAAqB,EAAE,CAAC;QACrC;YACE,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACnC,CAAC;AACH,CAAC;AAED,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,23 @@
+/**
+ * @arcanea/auth - Types
+ * Re-exports core overlay types + auth-specific types.
+ */
+import type { ProviderType, AuthSession } from '@arcanea/os';
+export type { ProviderType, AuthSession, AuthAdapter, Keystore, } from '@arcanea/os';
+export interface AuthConfig {
+    providers: ProviderType[];
+    keystoreBackend?: 'system' | 'encrypted-file' | 'env-only';
+    encryptionKey?: string;
+}
+export interface ValidationResult {
+    valid: boolean;
+    session?: AuthSession;
+    error?: string;
+}
+export interface KeystoreEntry {
+    provider: ProviderType;
+    credential: string;
+    savedAt: string;
+    lastValidated?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE7D,YAAY,EACV,YAAY,EACZ,WAAW,EACX,WAAW,EACX,QAAQ,GACT,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,QAAQ,GAAG,gBAAgB,GAAG,UAAU,CAAC;IAC3D,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,YAAY,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB"}

package/dist/types.js

@@ -0,0 +1,6 @@
+/**
+ * @arcanea/auth - Types
+ * Re-exports core overlay types + auth-specific types.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/validate.d.ts

@@ -0,0 +1,10 @@
+/**
+ * HTTP validation helpers for provider API keys.
+ */
+export declare function httpValidate(url: string, headers: Record<string, string>): Promise<{
+    ok: boolean;
+    status: number;
+    body: unknown;
+}>;
+export declare function maskCredential(credential: string): string;
+//# sourceMappingURL=validate.d.ts.map

package/dist/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../src/validate.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC9B,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAsBzD;AAED,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAKzD"}

package/dist/validate.js

@@ -0,0 +1,34 @@
+/**
+ * HTTP validation helpers for provider API keys.
+ */
+export async function httpValidate(url, headers) {
+    try {
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+                ...headers,
+                'User-Agent': 'Arcanea-Auth/1.0',
+            },
+            signal: AbortSignal.timeout(10000),
+        });
+        let body;
+        try {
+            body = await response.json();
+        }
+        catch {
+            body = await response.text();
+        }
+        return { ok: response.ok, status: response.status, body };
+    }
+    catch (error) {
+        return { ok: false, status: 0, body: String(error) };
+    }
+}
+export function maskCredential(credential) {
+    if (credential.length <= 8)
+        return '••••••••';
+    const prefix = credential.slice(0, 7);
+    const suffix = credential.slice(-4);
+    return `${prefix}•••${suffix}`;
+}
+//# sourceMappingURL=validate.js.map

package/dist/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../src/validate.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,OAA+B;IAE/B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,GAAG,OAAO;gBACV,YAAY,EAAE,kBAAkB;aACjC;YACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,IAAa,CAAC;QAClB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,OAAO,GAAG,MAAM,MAAM,MAAM,EAAE,CAAC;AACjC,CAAC"}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@arcanea/auth",
+  "version": "1.0.3",
+  "description": "Universal AI provider authentication for the Arcanea ecosystem",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./adapters": {
+      "types": "./dist/adapters/index.d.ts",
+      "import": "./dist/adapters/index.js"
+    },
+    "./keystore": {
+      "types": "./dist/keystore/index.d.ts",
+      "import": "./dist/keystore/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build",
+    "test": "node --test tests/*.test.mjs",
+    "type-check": "tsc --noEmit"
+  },
+  "keywords": [
+    "arcanea",
+    "auth",
+    "ai",
+    "claude",
+    "openai",
+    "gemini",
+    "copilot"
+  ],
+  "author": "FrankX <frank@frankx.ai>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/frankxai/arcanea.git",
+    "directory": "packages/auth"
+  },
+  "dependencies": {
+    "@arcanea/os": "workspace:*"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}