@aspruyt/xfg 3.1.2 → 3.1.4

package/dist/authenticated-git-ops.d.ts

@@ -0,0 +1,112 @@
+import { GitOps } from "./git-ops.js";
+/**
+ * Options for authenticated git operations.
+ */
+export interface GitAuthOptions {
+    /** Access token for authentication */
+    token: string;
+    /** Git host (e.g., "github.com", "github.mycompany.com") */
+    host: string;
+    /** Repository owner */
+    owner: string;
+    /** Repository name */
+    repo: string;
+}
+/**
+ * Interface for authenticated git operations.
+ * Enables proper mocking in tests without relying on class inheritance.
+ */
+export interface IAuthenticatedGitOps {
+    clone(gitUrl: string): Promise<void>;
+    fetch(options?: {
+        prune?: boolean;
+    }): Promise<void>;
+    push(branchName: string, options?: {
+        force?: boolean;
+    }): Promise<void>;
+    getDefaultBranch(): Promise<{
+        branch: string;
+        method: string;
+    }>;
+    lsRemote(branchName: string): Promise<string>;
+    pushRefspec(refspec: string, options?: {
+        delete?: boolean;
+    }): Promise<void>;
+    fetchBranch(branchName: string): Promise<void>;
+    cleanWorkspace(): void;
+    createBranch(branchName: string): Promise<void>;
+    writeFile(fileName: string, content: string): void;
+    setExecutable(fileName: string): Promise<void>;
+    getFileContent(fileName: string): string | null;
+    wouldChange(fileName: string, content: string): boolean;
+    hasChanges(): Promise<boolean>;
+    getChangedFiles(): Promise<string[]>;
+    hasStagedChanges(): Promise<boolean>;
+    fileExistsOnBranch(fileName: string, branch: string): Promise<boolean>;
+    fileExists(fileName: string): boolean;
+    deleteFile(fileName: string): void;
+    commit(message: string): Promise<boolean>;
+}
+/**
+ * Wrapper around GitOps that adds authentication to network operations.
+ *
+ * When auth options are provided, network operations (clone, fetch, push,
+ * getDefaultBranch) use `-c url.insteadOf` to override credentials per-command.
+ * This allows different tokens for different repos without global git config.
+ *
+ * Local operations (commit, writeFile, etc.) pass through unchanged.
+ */
+export declare class AuthenticatedGitOps implements IAuthenticatedGitOps {
+    private gitOps;
+    private auth?;
+    private executor;
+    private workDir;
+    private retries;
+    constructor(gitOps: GitOps, auth?: GitAuthOptions);
+    private execWithRetry;
+    /**
+     * Build the authenticated remote URL.
+     */
+    private getAuthenticatedUrl;
+    clone(gitUrl: string): Promise<void>;
+    fetch(options?: {
+        prune?: boolean;
+    }): Promise<void>;
+    push(branchName: string, options?: {
+        force?: boolean;
+    }): Promise<void>;
+    getDefaultBranch(): Promise<{
+        branch: string;
+        method: string;
+    }>;
+    /**
+     * Execute ls-remote with authentication.
+     * Used by GraphQLCommitStrategy to check if branch exists on remote.
+     */
+    lsRemote(branchName: string): Promise<string>;
+    /**
+     * Execute push with custom refspec (e.g., HEAD:branchName).
+     * Used by GraphQLCommitStrategy for creating/deleting remote branches.
+     */
+    pushRefspec(refspec: string, options?: {
+        delete?: boolean;
+    }): Promise<void>;
+    /**
+     * Fetch a specific branch from remote.
+     * Used by GraphQLCommitStrategy to update local refs.
+     */
+    fetchBranch(branchName: string): Promise<void>;
+    cleanWorkspace(): void;
+    createBranch(branchName: string): Promise<void>;
+    writeFile(fileName: string, content: string): void;
+    setExecutable(fileName: string): Promise<void>;
+    getFileContent(fileName: string): string | null;
+    wouldChange(fileName: string, content: string): boolean;
+    hasChanges(): Promise<boolean>;
+    getChangedFiles(): Promise<string[]>;
+    hasStagedChanges(): Promise<boolean>;
+    fileExistsOnBranch(fileName: string, branch: string): Promise<boolean>;
+    fileExists(fileName: string): boolean;
+    deleteFile(fileName: string): void;
+    commit(message: string): Promise<boolean>;
+}

package/dist/authenticated-git-ops.js

@@ -0,0 +1,170 @@
+import { escapeShellArg } from "./shell-utils.js";
+import { defaultExecutor } from "./command-executor.js";
+import { withRetry } from "./retry-utils.js";
+/**
+ * Wrapper around GitOps that adds authentication to network operations.
+ *
+ * When auth options are provided, network operations (clone, fetch, push,
+ * getDefaultBranch) use `-c url.insteadOf` to override credentials per-command.
+ * This allows different tokens for different repos without global git config.
+ *
+ * Local operations (commit, writeFile, etc.) pass through unchanged.
+ */
+export class AuthenticatedGitOps {
+    gitOps;
+    auth;
+    executor;
+    workDir;
+    retries;
+    constructor(gitOps, auth) {
+        this.gitOps = gitOps;
+        this.auth = auth;
+        // Extract executor and workDir from gitOps via reflection
+        const internal = gitOps;
+        this.executor = internal.executor ?? defaultExecutor;
+        this.workDir = internal.workDir ?? ".";
+        this.retries = internal.retries ?? 3;
+    }
+    async execWithRetry(command) {
+        return withRetry(() => this.executor.exec(command, this.workDir), {
+            retries: this.retries,
+        });
+    }
+    // ============================================================
+    // Network operations - use authenticated command when token provided
+    // ============================================================
+    /**
+     * Build the authenticated remote URL.
+     */
+    getAuthenticatedUrl() {
+        const { token, host, owner, repo } = this.auth;
+        return `https://x-access-token:${token}@${host}/${owner}/${repo}`;
+    }
+    async clone(gitUrl) {
+        if (!this.auth) {
+            return this.gitOps.clone(gitUrl);
+        }
+        // Clone using authenticated URL directly - no insteadOf needed
+        const authUrl = escapeShellArg(this.getAuthenticatedUrl());
+        await this.execWithRetry(`git clone ${authUrl} .`);
+    }
+    async fetch(options) {
+        if (!this.auth) {
+            return this.gitOps.fetch(options);
+        }
+        // Remote URL already has auth from clone, just fetch
+        const pruneFlag = options?.prune ? " --prune" : "";
+        await this.execWithRetry(`git fetch origin${pruneFlag}`);
+    }
+    async push(branchName, options) {
+        if (!this.auth) {
+            return this.gitOps.push(branchName, options);
+        }
+        // Remote URL already has auth from clone, just push
+        const forceFlag = options?.force ? "--force-with-lease " : "";
+        const safeBranch = escapeShellArg(branchName);
+        await this.execWithRetry(`git push ${forceFlag}-u origin ${safeBranch}`);
+    }
+    async getDefaultBranch() {
+        if (!this.auth) {
+            return this.gitOps.getDefaultBranch();
+        }
+        // Network operation - remote URL already has auth from clone
+        try {
+            const remoteInfo = await this.execWithRetry(`git remote show origin`);
+            const match = remoteInfo.match(/HEAD branch: (\S+)/);
+            if (match) {
+                return { branch: match[1], method: "remote HEAD" };
+            }
+        }
+        catch {
+            // Fall through to local checks
+        }
+        // Local operations don't need auth
+        try {
+            await this.executor.exec("git rev-parse --verify origin/main", this.workDir);
+            return { branch: "main", method: "origin/main exists" };
+        }
+        catch {
+            // Continue
+        }
+        try {
+            await this.executor.exec("git rev-parse --verify origin/master", this.workDir);
+            return { branch: "master", method: "origin/master exists" };
+        }
+        catch {
+            // Continue
+        }
+        return { branch: "main", method: "fallback default" };
+    }
+    /**
+     * Execute ls-remote with authentication.
+     * Used by GraphQLCommitStrategy to check if branch exists on remote.
+     */
+    async lsRemote(branchName) {
+        // Remote URL already has auth from clone
+        const safeBranch = escapeShellArg(branchName);
+        return this.execWithRetry(`git ls-remote --exit-code --heads origin ${safeBranch}`);
+    }
+    /**
+     * Execute push with custom refspec (e.g., HEAD:branchName).
+     * Used by GraphQLCommitStrategy for creating/deleting remote branches.
+     */
+    async pushRefspec(refspec, options) {
+        // Remote URL already has auth from clone
+        const deleteFlag = options?.delete ? "--delete " : "";
+        const safeRefspec = escapeShellArg(refspec);
+        await this.execWithRetry(`git push ${deleteFlag}-u origin ${safeRefspec}`);
+    }
+    /**
+     * Fetch a specific branch from remote.
+     * Used by GraphQLCommitStrategy to update local refs.
+     */
+    async fetchBranch(branchName) {
+        // Remote URL already has auth from clone
+        const safeBranch = escapeShellArg(branchName);
+        await this.execWithRetry(`git fetch origin ${safeBranch}:refs/remotes/origin/${safeBranch}`);
+    }
+    // ============================================================
+    // Local operations - delegate directly to GitOps
+    // ============================================================
+    cleanWorkspace() {
+        return this.gitOps.cleanWorkspace();
+    }
+    async createBranch(branchName) {
+        return this.gitOps.createBranch(branchName);
+    }
+    writeFile(fileName, content) {
+        return this.gitOps.writeFile(fileName, content);
+    }
+    async setExecutable(fileName) {
+        return this.gitOps.setExecutable(fileName);
+    }
+    getFileContent(fileName) {
+        return this.gitOps.getFileContent(fileName);
+    }
+    wouldChange(fileName, content) {
+        return this.gitOps.wouldChange(fileName, content);
+    }
+    async hasChanges() {
+        return this.gitOps.hasChanges();
+    }
+    async getChangedFiles() {
+        return this.gitOps.getChangedFiles();
+    }
+    async hasStagedChanges() {
+        return this.gitOps.hasStagedChanges();
+    }
+    async fileExistsOnBranch(fileName, branch) {
+        return this.gitOps.fileExistsOnBranch(fileName, branch);
+    }
+    fileExists(fileName) {
+        return this.gitOps.fileExists(fileName);
+    }
+    deleteFile(fileName) {
+        return this.gitOps.deleteFile(fileName);
+    }
+    async commit(message) {
+        return this.gitOps.commit(message);
+    }
+}

package/dist/repository-processor.d.ts

@@ -1,6 +1,7 @@
 import { RepoConfig } from "./config.js";
 import { RepoInfo } from "./repo-detector.js";
-import { GitOps, GitOpsOptions } from "./git-ops.js";
+import { GitOpsOptions } from "./git-ops.js";
+import { IAuthenticatedGitOps, GitAuthOptions } from "./authenticated-git-ops.js";
 import { ILogger } from "./logger.js";
 import { CommandExecutor } from "./command-executor.js";
 import { DiffStats } from "./diff-utils.js";
@@ -20,10 +21,10 @@ export interface ProcessorOptions {
     noDelete?: boolean;
 }
 /**
- * Factory function type for creating GitOps instances.
+ * Factory function type for creating IAuthenticatedGitOps instances.
  * Allows dependency injection for testing.
  */
-export type GitOpsFactory = (options: GitOpsOptions) => GitOps;
+export type GitOpsFactory = (options: GitOpsOptions, auth?: GitAuthOptions) => IAuthenticatedGitOps;
 export interface ProcessorResult {
     success: boolean;
     repoName: string;
@@ -46,7 +47,7 @@ export declare class RepositoryProcessor {
     private readonly tokenManager;
     /**
      * Creates a new RepositoryProcessor.
-     * @param gitOpsFactory - Optional factory for creating GitOps instances (for testing)
+     * @param gitOpsFactory - Optional factory for creating AuthenticatedGitOps instances (for testing)
      * @param log - Optional logger instance (for testing)
      */
     constructor(gitOpsFactory?: GitOpsFactory, log?: ILogger);

package/dist/repository-processor.js

@@ -4,6 +4,7 @@ import { convertContentToString, } from "./config.js";
 import { getRepoDisplayName, isGitHubRepo, } from "./repo-detector.js";
 import { interpolateXfgContent } from "./xfg-template.js";
 import { GitOps } from "./git-ops.js";
+import { AuthenticatedGitOps, } from "./authenticated-git-ops.js";
 import { createPR, mergePR } from "./pr-creator.js";
 import { logger } from "./logger.js";
 import { getPRStrategy, getCommitStrategy, hasGitHubAppCredentials, } from "./strategies/index.js";
@@ -34,11 +35,13 @@ export class RepositoryProcessor {
     tokenManager;
     /**
      * Creates a new RepositoryProcessor.
-     * @param gitOpsFactory - Optional factory for creating GitOps instances (for testing)
+     * @param gitOpsFactory - Optional factory for creating AuthenticatedGitOps instances (for testing)
      * @param log - Optional logger instance (for testing)
      */
     constructor(gitOpsFactory, log) {
-        this.gitOpsFactory = gitOpsFactory ?? ((opts) => new GitOps(opts));
+        this.gitOpsFactory =
+            gitOpsFactory ??
+                ((opts, auth) => new AuthenticatedGitOps(new GitOps(opts), auth));
         this.log = log ?? logger;
         // Initialize GitHub App token manager if credentials are configured
         if (hasGitHubAppCredentials()) {
@@ -63,11 +66,23 @@ export class RepositoryProcessor {
                 skipped: true,
             };
         }
+        // Build auth options - use installation token OR fall back to GH_TOKEN for PAT flow
+        const effectiveToken = token ?? (isGitHubRepo(repoInfo) ? process.env.GH_TOKEN : undefined);
+        const authOptions = effectiveToken
+            ? {
+                token: effectiveToken,
+                host: isGitHubRepo(repoInfo)
+                    ? repoInfo.host
+                    : "github.com",
+                owner: repoInfo.owner,
+                repo: repoInfo.repo,
+            }
+            : undefined;
         this.gitOps = this.gitOpsFactory({
             workDir,
             dryRun,
             retries: this.retries,
-        });
+        }, authOptions);
         // Determine merge mode early - affects workflow steps
         const mergeMode = repoConfig.prOptions?.merge ?? "auto";
         const isDirectMode = mergeMode === "direct";
@@ -320,6 +335,7 @@ export class RepositoryProcessor {
                         // Use force push (--force-with-lease) for PR branches, not for direct mode
                         force: !isDirectMode,
                         token,
+                        gitOps: this.gitOps,
                     });
                     this.log.info(`Committed: ${commitResult.sha} (verified: ${commitResult.verified})`);
                 }
@@ -454,11 +470,23 @@ export class RepositoryProcessor {
                 skipped: true,
             };
         }
+        // Build auth options - use installation token OR fall back to GH_TOKEN for PAT flow
+        const effectiveToken = token ?? (isGitHubRepo(repoInfo) ? process.env.GH_TOKEN : undefined);
+        const authOptions = effectiveToken
+            ? {
+                token: effectiveToken,
+                host: isGitHubRepo(repoInfo)
+                    ? repoInfo.host
+                    : "github.com",
+                owner: repoInfo.owner,
+                repo: repoInfo.repo,
+            }
+            : undefined;
         this.gitOps = this.gitOpsFactory({
             workDir,
             dryRun,
             retries: this.retries,
-        });
+        }, authOptions);
         const mergeMode = repoConfig.prOptions?.merge ?? "auto";
         const isDirectMode = mergeMode === "direct";
         try {
@@ -534,6 +562,7 @@ export class RepositoryProcessor {
                     retries: this.retries,
                     force: !isDirectMode,
                     token,
+                    gitOps: this.gitOps,
                 });
             }
             catch (error) {

package/dist/strategies/commit-strategy.d.ts

@@ -1,4 +1,5 @@
 import { RepoInfo } from "../repo-detector.js";
+import { IAuthenticatedGitOps } from "../authenticated-git-ops.js";
 export interface FileChange {
     path: string;
     content: string | null;
@@ -14,6 +15,8 @@ export interface CommitOptions {
     force?: boolean;
     /** GitHub App installation token for authentication (used by GraphQLCommitStrategy) */
     token?: string;
+    /** Authenticated git operations wrapper (used by GraphQLCommitStrategy for network ops) */
+    gitOps?: IAuthenticatedGitOps;
 }
 export interface CommitResult {
     sha: string;

package/dist/strategies/git-commit-strategy.js

@@ -18,18 +18,23 @@ export class GitCommitStrategy {
      * @returns Commit result with SHA and verified: false (no signature)
      */
     async commit(options) {
-        const { branchName, message, workDir, retries = 3, force = true } = options;
+        const { branchName, message, workDir, retries = 3, force = true, gitOps, } = options;
         // Stage all changes
         await this.executor.exec("git add -A", workDir);
         // Commit with the message (--no-verify to skip pre-commit hooks)
         await this.executor.exec(`git commit --no-verify -m ${escapeShellArg(message)}`, workDir);
-        // Build push command - use --force-with-lease for PR branches, regular push for direct mode
-        const forceFlag = force ? "--force-with-lease " : "";
-        const pushCommand = `git push ${forceFlag}-u origin ${escapeShellArg(branchName)}`;
-        // Push with retry for transient network failures
-        await withRetry(() => this.executor.exec(pushCommand, workDir), {
-            retries,
-        });
+        // Push with authentication via gitOps if available
+        if (gitOps) {
+            await gitOps.push(branchName, { force });
+        }
+        else {
+            // Fallback for non-authenticated scenarios (shouldn't happen in practice)
+            const forceFlag = force ? "--force-with-lease " : "";
+            const pushCommand = `git push ${forceFlag}-u origin ${escapeShellArg(branchName)}`;
+            await withRetry(() => this.executor.exec(pushCommand, workDir), {
+                retries,
+            });
+        }
         // Get the commit SHA
         const sha = await this.executor.exec("git rev-parse HEAD", workDir);
         return {

package/dist/strategies/graphql-commit-strategy.d.ts

@@ -44,20 +44,6 @@ export declare class GraphQLCommitStrategy implements CommitStrategy {
      * Execute the createCommitOnBranch GraphQL mutation.
      */
     private executeGraphQLMutation;
-    /**
-     * Build a git command with optional token authentication override.
-     * When a token is provided, uses -c url.insteadOf to override the global
-     * git config and authenticate with the provided token instead.
-     *
-     * This is critical for GitHub App authentication where the global git config
-     * may have a PAT token embedded, but we need to use the GitHub App installation token.
-     *
-     * Uses a repo-specific URL pattern (including owner/repo) so it has a LONGER
-     * prefix match than the global config and takes precedence.
-     *
-     * Applies to all remote operations: push, fetch, ls-remote, etc.
-     */
-    private buildAuthenticatedGitCommand;
     /**
      * Ensure the branch exists on the remote and matches local HEAD.
      * createCommitOnBranch requires the branch to already exist.

package/dist/strategies/graphql-commit-strategy.js

@@ -69,10 +69,12 @@ export class GraphQLCommitStrategy {
             throw new Error(`GraphQL payload exceeds 50 MB limit (${Math.round(totalSize / (1024 * 1024))} MB). ` +
                 `Consider using smaller files or the git commit strategy.`);
         }
+        // Get gitOps for authenticated network operations
+        const gitOps = options.gitOps;
         // Ensure the branch exists on remote and is up-to-date with local HEAD
         // createCommitOnBranch requires the branch to already exist
         // For PR branches (force=true), we force-update to ensure fresh start from main
-        await this.ensureBranchExistsOnRemote(branchName, workDir, options.force, token, githubInfo.host, githubInfo.owner, githubInfo.repo);
+        await this.ensureBranchExistsOnRemote(branchName, workDir, options.force, gitOps);
         // Retry loop for expectedHeadOid mismatch
         let lastError = null;
         for (let attempt = 0; attempt <= retries; attempt++) {
@@ -80,7 +82,12 @@ export class GraphQLCommitStrategy {
                 // Fetch from remote to ensure we have the latest HEAD
                 // This is critical for expectedHeadOid to match
                 const safeBranch = escapeShellArg(branchName);
-                await this.executor.exec(this.buildAuthenticatedGitCommand(`fetch origin ${safeBranch}:refs/remotes/origin/${safeBranch}`, token, githubInfo.host, githubInfo.owner, githubInfo.repo), workDir);
+                if (gitOps) {
+                    await gitOps.fetchBranch(branchName);
+                }
+                else {
+                    await this.executor.exec(`git fetch origin ${safeBranch}:refs/remotes/origin/${safeBranch}`, workDir);
+                }
                 // Get the remote HEAD SHA for this branch (not local HEAD)
                 const headSha = await this.executor.exec(`git rev-parse origin/${safeBranch}`, workDir);
                 // Build and execute the GraphQL mutation
@@ -171,31 +178,6 @@ export class GraphQLCommitStrategy {
             pushed: true, // GraphQL commits are pushed directly
         };
     }
-    /**
-     * Build a git command with optional token authentication override.
-     * When a token is provided, uses -c url.insteadOf to override the global
-     * git config and authenticate with the provided token instead.
-     *
-     * This is critical for GitHub App authentication where the global git config
-     * may have a PAT token embedded, but we need to use the GitHub App installation token.
-     *
-     * Uses a repo-specific URL pattern (including owner/repo) so it has a LONGER
-     * prefix match than the global config and takes precedence.
-     *
-     * Applies to all remote operations: push, fetch, ls-remote, etc.
-     */
-    buildAuthenticatedGitCommand(gitArgs, token, host = "github.com", owner, repo) {
-        if (!token) {
-            return `git ${gitArgs}`;
-        }
-        // Use repo-specific URL pattern for LONGER prefix match to override global config
-        // Global config: url."https://x-access-token:PAT@github.com/".insteadOf = "https://github.com/"
-        // Our config:    url."https://x-access-token:APP@github.com/owner/repo".insteadOf = "https://github.com/owner/repo"
-        // The longer prefix (owner/repo) takes precedence in git's URL matching
-        const repoPath = owner && repo ? `${owner}/${repo}` : "";
-        const urlOverride = `url."https://x-access-token:${token}@${host}/${repoPath}".insteadOf="https://${host}/${repoPath}"`;
-        return `git -c ${escapeShellArg(urlOverride)} ${gitArgs}`;
-    }
     /**
      * Ensure the branch exists on the remote and matches local HEAD.
      * createCommitOnBranch requires the branch to already exist.
@@ -205,23 +187,40 @@ export class GraphQLCommitStrategy {
      *
      * For direct mode (force=false): just ensure branch exists.
      */
-    async ensureBranchExistsOnRemote(branchName, workDir, force, token, host, owner, repo) {
+    async ensureBranchExistsOnRemote(branchName, workDir, force, gitOps) {
         // Branch name was validated in commit(), safe for shell use
         try {
             // Check if the branch exists on remote
-            await this.executor.exec(this.buildAuthenticatedGitCommand(`ls-remote --exit-code --heads origin ${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
+            if (gitOps) {
+                await gitOps.lsRemote(branchName);
+            }
+            else {
+                await this.executor.exec(`git ls-remote --exit-code --heads origin ${escapeShellArg(branchName)}`, workDir);
+            }
             // Branch exists - for PR branches, delete and recreate to ensure fresh from main
             if (force) {
-                await this.executor.exec(this.buildAuthenticatedGitCommand(`push origin --delete ${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
-                // Now push fresh branch from local HEAD
-                await this.executor.exec(this.buildAuthenticatedGitCommand(`push -u origin HEAD:${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
+                if (gitOps) {
+                    await gitOps.pushRefspec(branchName, { delete: true });
+                    // Now push fresh branch from local HEAD
+                    await gitOps.pushRefspec(`HEAD:${branchName}`);
+                }
+                else {
+                    await this.executor.exec(`git push origin --delete ${escapeShellArg(branchName)}`, workDir);
+                    // Now push fresh branch from local HEAD
+                    await this.executor.exec(`git push -u origin HEAD:${escapeShellArg(branchName)}`, workDir);
+                }
             }
             // For direct mode (force=false), leave existing branch as-is
         }
         catch {
             // Branch doesn't exist on remote, push it
             // This pushes the current local branch to create it on remote
-            await this.executor.exec(this.buildAuthenticatedGitCommand(`push -u origin HEAD:${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
+            if (gitOps) {
+                await gitOps.pushRefspec(`HEAD:${branchName}`);
+            }
+            else {
+                await this.executor.exec(`git push -u origin HEAD:${escapeShellArg(branchName)}`, workDir);
+            }
         }
     }
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aspruyt/xfg",
-  "version": "3.1.2",
+  "version": "3.1.4",
   "description": "CLI tool for repository-as-code",
   "type": "module",
   "main": "dist/index.js",