@askthew/mcp-plugin 0.4.10 → 0.4.12

package/dist/lib/paths.d.ts

@@ -2,9 +2,9 @@ export declare function askTheWDataDir(env?: NodeJS.ProcessEnv): string;
 export declare function askTheWStateDir(env?: NodeJS.ProcessEnv): string;
 export declare function ensureAskTheWDataDir(env?: NodeJS.ProcessEnv): string;
 export declare function localStorePath(env?: NodeJS.ProcessEnv): string;
-export declare function identityPath(env?: NodeJS.ProcessEnv): string;
+export declare function cloudTokenPath(env?: NodeJS.ProcessEnv): string;
+export declare function installMetadataPath(env?: NodeJS.ProcessEnv): string;
 export declare function configPath(env?: NodeJS.ProcessEnv): string;
-export declare function jsonFallbackStorePath(env?: NodeJS.ProcessEnv): string;
 export declare function installReceiptsPath(env?: NodeJS.ProcessEnv): string;
 export declare function writePrivateJson(filePath: string, value: unknown): void;
 export declare function readJsonFile<T>(filePath: string): T | null;

package/dist/lib/paths.js

@@ -29,17 +29,17 @@ export function ensureAskTheWDataDir(env = process.env) {
     return dir;
 }
 export function localStorePath(env = process.env) {
-    return path.join(askTheWDataDir(env), "store.sqlite");
+    return path.join(askTheWDataDir(env), "outbox.sqlite");
 }
-export function identityPath(env = process.env) {
-    return path.join(askTheWDataDir(env), "identity.json");
+export function cloudTokenPath(env = process.env) {
+    return path.join(askTheWDataDir(env), "cloud-token.json");
+}
+export function installMetadataPath(env = process.env) {
+    return path.join(askTheWDataDir(env), "install.json");
 }
 export function configPath(env = process.env) {
     return path.join(askTheWDataDir(env), "config.json");
 }
-export function jsonFallbackStorePath(env = process.env) {
-    return path.join(askTheWDataDir(env), "store.json");
-}
 export function installReceiptsPath(env = process.env) {
     return path.join(askTheWStateDir(env), "install-receipts.json");
 }

package/dist/outbox.d.ts

@@ -0,0 +1,32 @@
+import type { AskTheWCloudClient } from "./cloud-client.js";
+export type OutboxStatus = "pending" | "sent" | "failed";
+export declare class Outbox {
+    private db;
+    constructor(path?: string);
+    append(payload: Record<string, unknown>): number;
+    pendingCount(): number;
+    markSent(id: number): void;
+    markFailed(id: number, code: string, message: string): void;
+    backoff(id: number, attempts: number, retryAfterSeconds?: number): number;
+    dueRows(limit?: number): Array<{
+        id: number;
+        payload_json: string;
+        attempts: number;
+    }>;
+    flush(client: AskTheWCloudClient): Promise<{
+        sent: number;
+        attempted: number;
+    }>;
+}
+export declare function isTransientStatus(status: number): boolean;
+export declare function sendOutboxPayload(client: AskTheWCloudClient, payload: Record<string, unknown>, attempts?: number): Promise<{
+    kind: "sent";
+    body: unknown;
+} | {
+    kind: "queued";
+    retryAfterSeconds?: number;
+} | {
+    kind: "failed";
+    code: string;
+    message: string;
+}>;

package/dist/outbox.js

@@ -0,0 +1,101 @@
+import Database from "better-sqlite3";
+import { localStorePath } from "./lib/paths.js";
+const BACKOFF_SECONDS = [5, 15, 60, 300];
+export class Outbox {
+    db;
+    constructor(path = localStorePath()) {
+        this.db = new Database(path);
+        this.db.pragma("journal_mode = WAL");
+        this.db.exec(`
+      create table if not exists outbox (
+        id integer primary key autoincrement,
+        scope_key text not null,
+        session_id text not null,
+        sequence integer not null,
+        payload_json text not null,
+        status text not null default 'pending',
+        attempts integer not null default 0,
+        next_attempt_at integer not null default 0,
+        error_code text,
+        error_message text,
+        created_at integer not null default (unixepoch())
+      );
+      create index if not exists outbox_pending_idx
+        on outbox(status, next_attempt_at, scope_key, session_id, sequence);
+    `);
+    }
+    append(payload) {
+        const result = this.db.prepare(`
+      insert into outbox(scope_key, session_id, sequence, payload_json, status, next_attempt_at)
+      values (?, ?, ?, ?, 'pending', 0)
+    `).run(String(payload.scopeKey ?? "global"), String(payload.sessionId ?? "session"), Number(payload.sequence ?? 0), JSON.stringify(payload));
+        return Number(result.lastInsertRowid);
+    }
+    pendingCount() {
+        return Number(this.db.prepare("select count(*) as count from outbox where status = 'pending'").get()?.count ?? 0);
+    }
+    markSent(id) {
+        this.db.prepare("update outbox set status = 'sent', error_code = null, error_message = null where id = ?").run(id);
+    }
+    markFailed(id, code, message) {
+        this.db.prepare("update outbox set status = 'failed', error_code = ?, error_message = ? where id = ?").run(code, message, id);
+    }
+    backoff(id, attempts, retryAfterSeconds) {
+        const backoff = Math.min(retryAfterSeconds ?? BACKOFF_SECONDS[Math.min(attempts, BACKOFF_SECONDS.length - 1)] ?? 300, 600);
+        const nextAttemptAt = Math.floor(Date.now() / 1000) + backoff;
+        this.db.prepare("update outbox set attempts = ?, next_attempt_at = ? where id = ?").run(attempts + 1, nextAttemptAt, id);
+        return backoff;
+    }
+    dueRows(limit = 25) {
+        const now = Math.floor(Date.now() / 1000);
+        return this.db.prepare(`
+      select id, payload_json, attempts from outbox
+      where status = 'pending' and next_attempt_at <= ?
+      order by scope_key asc, session_id asc, sequence asc, id asc
+      limit ?
+    `).all(now, limit);
+    }
+    async flush(client) {
+        const rows = this.dueRows();
+        let sent = 0;
+        for (const row of rows) {
+            const payload = JSON.parse(row.payload_json);
+            const result = await sendOutboxPayload(client, payload, row.attempts);
+            if (result.kind === "sent") {
+                this.markSent(row.id);
+                sent += 1;
+            }
+            else if (result.kind === "failed") {
+                this.markFailed(row.id, result.code, result.message);
+            }
+            else {
+                this.backoff(row.id, row.attempts, result.retryAfterSeconds);
+            }
+        }
+        return { sent, attempted: rows.length };
+    }
+}
+export function isTransientStatus(status) {
+    return status === 408 || status === 429 || status >= 500;
+}
+export async function sendOutboxPayload(client, payload, attempts = 0) {
+    try {
+        const response = await client.captureSignal(payload);
+        const body = response.body;
+        if (response.ok && body?.ok === true) {
+            return { kind: "sent", body };
+        }
+        if (isTransientStatus(response.status)) {
+            const retryAfter = Number((body?.retry_after_seconds ?? body?.retryAfterSeconds));
+            return { kind: "queued", retryAfterSeconds: Number.isFinite(retryAfter) ? retryAfter : undefined };
+        }
+        return {
+            kind: "failed",
+            code: String(body?.code ?? "hard_failure"),
+            message: String(body?.message ?? "Ask The W rejected the capture."),
+        };
+    }
+    catch {
+        return { kind: "queued", retryAfterSeconds: BACKOFF_SECONDS[Math.min(attempts, BACKOFF_SECONDS.length - 1)] };
+    }
+}

package/dist/redaction.d.ts

@@ -0,0 +1,11 @@
+export type RedactableSignalPayload = {
+    summary: string;
+    evidence?: Array<{
+        role: string;
+        excerpt: string;
+    }>;
+    filesTouched?: string[];
+    commandsRun?: string[];
+    metadata?: Record<string, unknown>;
+};
+export declare function redactSignalPayload<T extends RedactableSignalPayload>(payload: T): T;

package/dist/redaction.js

@@ -0,0 +1,52 @@
+const REDACTION_PATTERNS = [
+    /\bxox[baprs]-[0-9A-Za-z-]{10,}\b/g,
+    /\bBearer\s+[A-Za-z0-9._-]+\b/g,
+    /\bghs_[A-Za-z0-9]{20,}\b/g,
+    /\bghp_[A-Za-z0-9]{20,}\b/g,
+    /\bsk-[A-Za-z0-9_-]{20,}\b/g,
+    /\bsk-ant-[A-Za-z0-9_-]{20,}\b/g,
+    /\batw_(?:agent|agent_install)_[0-9a-f-]{36}_[A-Za-z0-9_-]{16,}\b/gi,
+    /\b\w{2,20}_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}(?:_[A-Za-z0-9]{8,})?\b/g,
+];
+function redactText(value) {
+    return REDACTION_PATTERNS.reduce((text, pattern) => {
+        pattern.lastIndex = 0;
+        return text.replace(pattern, "[REDACTED]");
+    }, value);
+}
+function redactMetadata(value) {
+    if (typeof value === "string")
+        return redactText(value);
+    if (Array.isArray(value))
+        return value.map(redactMetadata);
+    if (typeof value === "object" && value !== null) {
+        return Object.fromEntries(Object.entries(value).map(([key, entry]) => [key, redactMetadata(entry)]));
+    }
+    return value;
+}
+export function redactSignalPayload(payload) {
+    let redacted = false;
+    const redact = (value) => {
+        const next = redactText(value);
+        if (next !== value)
+            redacted = true;
+        return next;
+    };
+    const metadata = redactMetadata(payload.metadata ?? {});
+    if (JSON.stringify(metadata) !== JSON.stringify(payload.metadata ?? {}))
+        redacted = true;
+    return {
+        ...payload,
+        summary: redact(payload.summary),
+        evidence: (payload.evidence ?? []).map((entry) => ({
+            ...entry,
+            excerpt: redact(entry.excerpt),
+        })),
+        filesTouched: (payload.filesTouched ?? []).map(redact),
+        commandsRun: (payload.commandsRun ?? []).map(redact),
+        metadata: {
+            ...metadata,
+            ...(redacted ? { redacted: true } : {}),
+        },
+    };
+}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@askthew/mcp-plugin",
-  "version": "0.4.10",
+  "version": "0.4.12",
   "private": false,
-  "description": "Ask The W plugin connector for local-first coding-agent decisions, signals, and review.",
+  "description": "Ask The W cloud-shim MCP plugin for coding-agent decisions and signals.",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/dist/lib/cli-actions.d.ts

@@ -1,28 +0,0 @@
-import type { LocalStore } from "./local-store.js";
-export declare function localScopeKey(cwd?: string): string;
-export declare function installPreCommitHook(input?: {
-    cwd?: string;
-}): string;
-export declare function stagedFiles(input?: {
-    cwd?: string;
-}): string[];
-export declare function preCommitDecisionGap(input: {
-    store: LocalStore;
-    stagedFiles: string[];
-    now?: Date;
-    scopeKey?: string | null;
-}): {
-    missing: boolean;
-    matchedSignals: number[];
-};
-export declare function isoWeek(date: Date): string;
-export declare function buildWeeklyDigest(input: {
-    store: LocalStore;
-    now?: Date;
-    scopeKey?: string | null;
-}): string;
-export declare function writeWeeklyDigest(input: {
-    store: LocalStore;
-    now?: Date;
-    outputDir?: string;
-}): string;

package/dist/lib/cli-actions.js

@@ -1,104 +0,0 @@
-import { execFileSync } from "node:child_process";
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { configPath, readJsonFile } from "./paths.js";
-import { resolvePluginScope } from "../scope.js";
-function readConfig() {
-    return readJsonFile(configPath()) ?? {};
-}
-export function localScopeKey(cwd = process.cwd()) {
-    const scope = resolvePluginScope(cwd);
-    return [scope.repoRoot || scope.repoName || cwd, scope.appPath ?? "", scope.serviceName ?? ""]
-        .filter(Boolean)
-        .join("::")
-        .replace(/\s+/g, " ")
-        .slice(0, 500);
-}
-export function installPreCommitHook(input = {}) {
-    const cwd = path.resolve(input.cwd ?? process.cwd());
-    const gitDir = execFileSync("git", ["rev-parse", "--git-dir"], { cwd, encoding: "utf8" }).trim();
-    const hookPath = path.resolve(cwd, gitDir, "hooks", "pre-commit");
-    const hook = [
-        "#!/bin/sh",
-        "# Ask The W pre-commit decision prompt",
-        "npx -y --prefer-online --package @askthew/mcp-plugin@latest askthew-mcp hook-check --pre-commit",
-        "",
-    ].join("\n");
-    fs.mkdirSync(path.dirname(hookPath), { recursive: true });
-    fs.writeFileSync(hookPath, hook, { encoding: "utf8", mode: 0o755 });
-    fs.chmodSync(hookPath, 0o755);
-    return hookPath;
-}
-export function stagedFiles(input = {}) {
-    const cwd = path.resolve(input.cwd ?? process.cwd());
-    return execFileSync("git", ["diff", "--cached", "--name-only"], { cwd, encoding: "utf8" })
-        .split("\n")
-        .map((line) => line.trim())
-        .filter(Boolean);
-}
-export function preCommitDecisionGap(input) {
-    const staged = new Set(input.stagedFiles);
-    if (staged.size === 0) {
-        return { missing: false, matchedSignals: [] };
-    }
-    const nowMs = (input.now ?? new Date()).getTime();
-    const scopeKey = input.scopeKey;
-    const recentImplementationSignals = input.store
-        .listSignals({ scopeKey, limit: 100000 })
-        .filter((signal) => signal.kind === "implementation_update")
-        .filter((signal) => nowMs - new Date(signal.capturedAt).getTime() <= 14 * 24 * 60 * 60 * 1000)
-        .filter((signal) => signal.filesTouched.some((file) => staged.has(file)));
-    if (recentImplementationSignals.length === 0) {
-        return { missing: false, matchedSignals: [] };
-    }
-    const matchedSignalIds = new Set(recentImplementationSignals.map((signal) => signal.id));
-    const linkedDecision = input.store.listDecisions({ scopeKey, limit: 100000 }).some((decision) => {
-        if (decision.sourceSignalIds.some((id) => matchedSignalIds.has(id)))
-            return true;
-        return decision.files.some((file) => staged.has(file));
-    });
-    return {
-        missing: !linkedDecision,
-        matchedSignals: Array.from(matchedSignalIds),
-    };
-}
-export function isoWeek(date) {
-    const utcDate = new Date(Date.UTC(date.getFullYear(), date.getMonth(), date.getDate()));
-    const day = utcDate.getUTCDay() || 7;
-    utcDate.setUTCDate(utcDate.getUTCDate() + 4 - day);
-    const yearStart = new Date(Date.UTC(utcDate.getUTCFullYear(), 0, 1));
-    const week = Math.ceil(((utcDate.getTime() - yearStart.getTime()) / 86400000 + 1) / 7);
-    return `${utcDate.getUTCFullYear()}-${String(week).padStart(2, "0")}`;
-}
-export function buildWeeklyDigest(input) {
-    const now = input.now ?? new Date();
-    const since = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000).toISOString();
-    const scopeKey = input.scopeKey;
-    const decisions = input.store.listDecisions({ scopeKey, since, limit: 100000 });
-    const signals = input.store.listSignals({ scopeKey, limit: 100000 }).filter((signal) => signal.capturedAt >= since);
-    const lines = [
-        `# Ask The W Weekly Decision Digest ${isoWeek(now)}`,
-        "",
-        `Signals captured: ${signals.length}`,
-        `Decisions captured: ${decisions.length}`,
-        "",
-        "## Decisions",
-        ...(decisions.length
-            ? decisions.map((decision) => `- ${decision.headline} (${decision.status})${decision.why ? ` - ${decision.why}` : ""}`)
-            : ["- No decisions captured this week."]),
-    ];
-    if (readConfig().digest?.footer !== false) {
-        lines.push("", "_Captured by Ask The W._");
-    }
-    return lines.join("\n");
-}
-export function writeWeeklyDigest(input) {
-    const now = input.now ?? new Date();
-    const configuredOutputDir = input.outputDir ?? process.env.ASKTHEW_DIGEST_DIR?.trim();
-    const outputDir = configuredOutputDir || path.join(os.homedir(), "Documents");
-    fs.mkdirSync(outputDir, { recursive: true });
-    const filePath = path.join(outputDir, `askthew-digest-${isoWeek(now)}.md`);
-    fs.writeFileSync(filePath, `${buildWeeklyDigest({ store: input.store, now, scopeKey: localScopeKey() })}\n`, "utf8");
-    return filePath;
-}

package/dist/lib/free-install-registration.d.ts

@@ -1,27 +0,0 @@
-import { type LocalInstallIdentity, type PublicInstallIdentity } from "./local-identity.js";
-export interface FreeInstallRegistrationOptions {
-    apiUrl?: string;
-    fetchImpl?: typeof fetch;
-}
-export declare function registerFreeInstall(input: {
-    identity: LocalInstallIdentity;
-    deviceLabel?: string;
-    repo?: Record<string, unknown>;
-    options?: FreeInstallRegistrationOptions;
-}): Promise<{
-    ok: boolean;
-    registeredAt: string;
-}>;
-export declare function tryRegisterFreeInstall(input: {
-    identity: LocalInstallIdentity;
-    deviceLabel?: string;
-    repo?: Record<string, unknown>;
-    options?: FreeInstallRegistrationOptions;
-}): Promise<{
-    ok: boolean;
-    registeredAt: string;
-} | {
-    ok: boolean;
-    error: string;
-}>;
-export declare function describeFreeIdentity(identity: PublicInstallIdentity): string;

package/dist/lib/free-install-registration.js

@@ -1,52 +0,0 @@
-import crypto from "node:crypto";
-import { markLocalIdentityRegistered, } from "./local-identity.js";
-function baseUrl(apiUrl) {
-    return (apiUrl?.trim() || process.env.ASKTHEW_API_URL?.trim() || "https://app.askthew.com").replace(/\/$/, "");
-}
-function hashClaimCode(code) {
-    return crypto.createHash("sha256").update(code.trim()).digest("hex");
-}
-function safeMessage(error) {
-    return error instanceof Error ? error.message : "Registration failed.";
-}
-export async function registerFreeInstall(input) {
-    const fetcher = input.options?.fetchImpl ?? fetch;
-    const response = await fetcher(`${baseUrl(input.options?.apiUrl ?? input.identity.apiUrl)}/api/cli/v1/free-installs/register`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-            installId: input.identity.installId,
-            publicKey: input.identity.publicKey,
-            claimCodeHash: hashClaimCode(input.identity.claimCode),
-            emailClaim: input.identity.emailClaim,
-            deviceLabel: input.deviceLabel,
-            repo: input.repo ?? {},
-        }),
-    });
-    const payload = await response.json().catch(() => null);
-    if (!response.ok) {
-        throw new Error(payload?.error ? String(payload.error) : "Free install registration failed.");
-    }
-    const registeredAt = payload && typeof payload === "object" && typeof payload.registeredAt === "string"
-        ? payload.registeredAt
-        : new Date().toISOString();
-    markLocalIdentityRegistered({ registeredAt });
-    return { ok: true, registeredAt };
-}
-export async function tryRegisterFreeInstall(input) {
-    try {
-        return await registerFreeInstall(input);
-    }
-    catch (error) {
-        markLocalIdentityRegistered({ registrationError: safeMessage(error) });
-        return { ok: false, error: safeMessage(error) };
-    }
-}
-export function describeFreeIdentity(identity) {
-    return [
-        `Install ID: ${identity.installId}`,
-        identity.emailClaim ? `Email claim: ${identity.emailClaim} (unverified)` : "Email claim: none",
-        `Claim code: ${identity.claimCode}`,
-        identity.registeredAt ? `Registered: ${identity.registeredAt}` : "Registered: pending",
-    ].join("\n");
-}

package/dist/lib/free-tier-policy.d.ts

@@ -1,22 +0,0 @@
-import { type LocalInstallIdentity } from "./local-identity.js";
-export type McpMode = "paid" | "free" | "free_pending_auth" | "unauthenticated";
-export interface CliCredentials {
-    email?: string;
-    userId: string;
-    cliToken: string;
-    cliTokenId: string;
-    apiUrl?: string;
-    telemetryOptOut?: boolean;
-    identityKind: "local_install";
-    installId?: string;
-    localIdentity?: LocalInstallIdentity;
-}
-export interface ModeResolution {
-    mode: McpMode;
-    installToken?: string;
-    cliCredentials?: CliCredentials;
-    reason: string;
-}
-export declare function loadCliCredentials(env?: NodeJS.ProcessEnv): CliCredentials | null;
-export declare function resolveMcpMode(env?: NodeJS.ProcessEnv): ModeResolution;
-export declare function isTelemetryOptedOut(env?: NodeJS.ProcessEnv, credentials?: CliCredentials | null): boolean;

package/dist/lib/free-tier-policy.js

@@ -1,52 +0,0 @@
-import { loadLocalIdentity } from "./local-identity.js";
-function clean(value) {
-    return String(value ?? "").trim().replace(/^['"]/, "").replace(/['"]$/, "");
-}
-export function loadCliCredentials(env = process.env) {
-    const localIdentity = loadLocalIdentity(env);
-    if (localIdentity) {
-        return {
-            email: localIdentity.emailClaim,
-            userId: localIdentity.installId,
-            cliToken: localIdentity.installId,
-            cliTokenId: localIdentity.installId,
-            apiUrl: localIdentity.apiUrl,
-            telemetryOptOut: localIdentity.telemetryOptOut,
-            identityKind: "local_install",
-            installId: localIdentity.installId,
-            localIdentity,
-        };
-    }
-    return null;
-}
-export function resolveMcpMode(env = process.env) {
-    const installToken = clean(env.ASKTHEW_INSTALL_TOKEN);
-    if (installToken) {
-        return {
-            mode: "paid",
-            installToken,
-            reason: "workspace_install_token",
-        };
-    }
-    const credentials = loadCliCredentials(env);
-    if (credentials?.cliToken) {
-        return {
-            mode: "free",
-            cliCredentials: credentials,
-            reason: "local_install_identity",
-        };
-    }
-    if (clean(env.ASKTHEW_FREE_MODE) === "1" || clean(env.ASKTHEW_FREE_MODE).toLowerCase() === "true") {
-        return {
-            mode: "free_pending_auth",
-            reason: "free_mode_no_identity",
-        };
-    }
-    return {
-        mode: "unauthenticated",
-        reason: "no_identity",
-    };
-}
-export function isTelemetryOptedOut(env = process.env, credentials = loadCliCredentials(env)) {
-    return env.ASKTHEW_TELEMETRY === "off" || credentials?.telemetryOptOut === true;
-}

package/dist/lib/local-identity.d.ts

@@ -1,44 +0,0 @@
-export interface LocalInstallIdentity {
-    installId: string;
-    privateKey: string;
-    publicKey: string;
-    claimCode: string;
-    emailClaim?: string;
-    createdAt: string;
-    registeredAt?: string;
-    registrationError?: string;
-    apiUrl?: string;
-    telemetryOptOut?: boolean;
-}
-export interface PublicInstallIdentity {
-    installId: string;
-    publicKey: string;
-    claimCode: string;
-    emailClaim?: string;
-    createdAt: string;
-    registeredAt?: string;
-    registrationError?: string;
-    apiUrl?: string;
-    telemetryOptOut?: boolean;
-}
-export declare function loadLocalIdentity(env?: NodeJS.ProcessEnv): LocalInstallIdentity | null;
-export declare function publicIdentity(identity: LocalInstallIdentity): PublicInstallIdentity;
-export declare function ensureLocalIdentity(input?: {
-    emailClaim?: string | null;
-    apiUrl?: string;
-    telemetryOptOut?: boolean;
-    env?: NodeJS.ProcessEnv;
-}): LocalInstallIdentity;
-export declare function markLocalIdentityRegistered(input: {
-    registeredAt?: string;
-    registrationError?: string;
-    env?: NodeJS.ProcessEnv;
-}): LocalInstallIdentity | null;
-export declare function signLocalIdentityPayload(input: {
-    identity: LocalInstallIdentity;
-    body: string;
-    timestamp?: string;
-}): {
-    timestamp: string;
-    signature: string;
-};

package/dist/lib/local-identity.js

@@ -1,81 +0,0 @@
-import crypto from "node:crypto";
-import { identityPath, readJsonFile, writePrivateJson } from "./paths.js";
-function normalizeEmail(email) {
-    const value = String(email ?? "").trim().toLowerCase();
-    return /^[^@\s]+@[^@\s]+\.[^@\s]+$/.test(value) ? value : undefined;
-}
-function generateClaimCode() {
-    return crypto.randomBytes(6).toString("base64url").toUpperCase();
-}
-export function loadLocalIdentity(env = process.env) {
-    const identity = readJsonFile(identityPath(env));
-    if (!identity?.installId || !identity.privateKey || !identity.publicKey || !identity.claimCode) {
-        return null;
-    }
-    return identity;
-}
-export function publicIdentity(identity) {
-    return {
-        installId: identity.installId,
-        publicKey: identity.publicKey,
-        claimCode: identity.claimCode,
-        emailClaim: identity.emailClaim,
-        createdAt: identity.createdAt,
-        registeredAt: identity.registeredAt,
-        registrationError: identity.registrationError,
-        apiUrl: identity.apiUrl,
-        telemetryOptOut: identity.telemetryOptOut,
-    };
-}
-export function ensureLocalIdentity(input = {}) {
-    const env = input.env ?? process.env;
-    const existing = loadLocalIdentity(env);
-    const emailClaim = normalizeEmail(input.emailClaim);
-    if (existing) {
-        const next = {
-            ...existing,
-            ...(emailClaim ? { emailClaim } : {}),
-            ...(input.apiUrl ? { apiUrl: input.apiUrl } : {}),
-            ...(typeof input.telemetryOptOut === "boolean" ? { telemetryOptOut: input.telemetryOptOut } : {}),
-        };
-        writePrivateJson(identityPath(env), next);
-        return next;
-    }
-    const keyPair = crypto.generateKeyPairSync("ed25519", {
-        privateKeyEncoding: { type: "pkcs8", format: "pem" },
-        publicKeyEncoding: { type: "spki", format: "pem" },
-    });
-    const identity = {
-        installId: crypto.randomUUID(),
-        privateKey: keyPair.privateKey,
-        publicKey: keyPair.publicKey,
-        claimCode: generateClaimCode(),
-        ...(emailClaim ? { emailClaim } : {}),
-        ...(input.apiUrl ? { apiUrl: input.apiUrl } : {}),
-        ...(typeof input.telemetryOptOut === "boolean" ? { telemetryOptOut: input.telemetryOptOut } : {}),
-        createdAt: new Date().toISOString(),
-    };
-    writePrivateJson(identityPath(env), identity);
-    return identity;
-}
-export function markLocalIdentityRegistered(input) {
-    const env = input.env ?? process.env;
-    const identity = loadLocalIdentity(env);
-    if (!identity)
-        return null;
-    const next = {
-        ...identity,
-        registeredAt: input.registrationError ? identity.registeredAt : (input.registeredAt ?? new Date().toISOString()),
-        registrationError: input.registrationError,
-    };
-    writePrivateJson(identityPath(env), next);
-    return next;
-}
-export function signLocalIdentityPayload(input) {
-    const timestamp = input.timestamp ?? new Date().toISOString();
-    const signature = crypto.sign(null, Buffer.from(`${timestamp}.${input.body}`), input.identity.privateKey).toString("base64url");
-    return {
-        timestamp,
-        signature,
-    };
-}