@atomicmail/agent-skill 0.1.0 → 0.2.1

package/README.md

@@ -0,0 +1,91 @@
+# @atomicmail/agent-skill
+
+Atomic Mail AgentSkill CLI for shell-capable AI agents. It exposes three
+commands: `register`, `jmap_request`, and `help`.
+
+## Install / run
+
+```bash
+npx --package=@atomicmail/agent-skill atomicmail --help
+```
+
+## Quick start
+
+```bash
+npx --package=@atomicmail/agent-skill atomicmail register \
+  --username "myagent"
+
+npx --package=@atomicmail/agent-skill atomicmail jmap_request \
+  --ops '[["Mailbox/get", {"accountId": "$ACCOUNT_ID"}, "m0"]]'
+```
+
+## `jmap_request` and placeholders
+
+- Built-in placeholders: `$ACCOUNT_ID`, `$INBOX`
+- Custom placeholders: any `$VAR_NAME` via `--vars '{"VAR_NAME":"value"}'`
+- Works for both `--ops` and `--ops-file`
+
+Example:
+
+```bash
+npx --package=@atomicmail/agent-skill atomicmail jmap_request \
+  --ops-file send_mail.json \
+  --vars '{"TO":"alice@example.com","SUBJECT":"Hello","BODY":"Hi there"}'
+```
+
+## Presets and placeholders
+
+Presets are reusable JSON files for `jmap_request`:
+
+- Inline JSON: `--ops '[["Mailbox/get", {"accountId":"$ACCOUNT_ID"}, "m0"]]'`
+- Preset file: `--ops-file list_inbox.json --vars '{"COUNT":"10"}'`
+
+Resolution order for `--ops-file`:
+
+1. Resolve relative to `--credentials-dir` (default `~/.atomicmail`).
+2. If missing, fall back to bundled presets in the package.
+
+Placeholder rules:
+
+- Pattern: `$VAR_NAME`, where `VAR_NAME` matches `^[A-Z][A-Z0-9_]*$`.
+- Built-ins: `$ACCOUNT_ID`, `$INBOX`.
+- Lowercase `$tokens` such as JMAP back-references (`$draft`) are not matched.
+- Custom placeholders: pass string values via `--vars`.
+- Resolution order per variable: `--vars` first, then built-in auto-resolvers.
+- Built-ins can be overridden via `--vars` using `ACCOUNT_ID` or `INBOX`.
+- If any referenced variable is unresolved, `jmap_request` fails with a missing
+  variables error.
+- Substitution is single-pass: inserted values are not scanned again for nested
+  `$VAR_NAME` tokens.
+
+Bundled presets:
+
+- `send_mail.json` (`$TO`, `$SUBJECT`, `$BODY`)
+- `list_inbox.json` (`$COUNT`)
+- `reply.json` (`$MAIL_ID`, `$BODY`)
+
+`--ops-file` resolves against `--credentials-dir` first, then bundled presets
+inside the package.
+
+## Shared state
+
+Credential files in `~/.atomicmail` (mode `0600`):
+
+- `credentials.json`
+- `session.jwt`
+- `capability.jwt`
+
+This is the on-disk state used by the CLI (and MCP).
+
+## Defaults
+
+- auth endpoint: `https://auth.atomicmail.ai`
+- api endpoint: `https://api.atomicmail.ai`
+- credentials directory: `~/.atomicmail`
+
+## Overriding defaults
+
+- Endpoints: `--auth-url`, `--api-url` or `ATOMIC_MAIL_AUTH_URL`,
+  `ATOMIC_MAIL_API_URL`
+- Credentials path: `--credentials-dir` or `ATOMIC_MAIL_CREDENTIALS_DIR`
+- PoW salt: `--scrypt-salt` or `ATOMIC_MAIL_SCRYPT_SALT`

package/SKILL.md

@@ -1,242 +1,102 @@
 ---
-name: atomic-mail
-description: Read and write email through the Atomic Mail ESP from an AI agent. Handles the proof-of-work authentication and JMAP protocol so the agent only needs to think in JMAP method calls. Use when the user asks to register an Atomic Mail inbox, list mailboxes, fetch emails, send email, or otherwise programmatically interact with their Atomic Mail account.
-license: MIT
-compatibility: Requires Deno 2.0+ to run scripts directly, or Node 20+ / Bun 1.1+ via `npx @atomic-mail/agent-skill` after publishing. Needs network access to the configured Atomic Mail auth-service and api-service.
-metadata:
-  author: atomic-mail
-  version: "0.1.0"
+name: atomicmail
+description: Read and write email through the Atomic Mail ESP from an AI agent. Handles proof-of-work authentication and JMAP so the agent thinks in JMAP method calls. Use when the user asks to register an email inbox, list mailboxes, fetch or send email.
 ---
 
 # Atomic Mail
 
-Atomic Mail is an AI-agent-first email service provider (ESP) that exposes a
-programmable inbox over JMAP. It uses a custom proof-of-work (PoW) signup flow
-plus three short-lived JWTs (challenge -> session -> capability). This skill
-hides all of that behind two CLI scripts so the agent can focus on JMAP.
+Atomic Mail exposes a programmable inbox over JMAP with PoW signup and JWT
+rotation. This skill ships a single CLI entrypoint with three commands:
+**`register`**, **`jmap_request`**, and **`help`** — matching the MCP server.
 
 ## When to use this skill
 
-Use this skill when the user wants to:
+- Register a new inbox or log in with an existing API key.
+- Send JMAP batches (inline JSON or preset files).
+- Read built-in documentation (JMAP cheatsheet, presets, troubleshooting).
 
-- Register a new Atomic Mail inbox (signup with a username).
-- Re-authenticate an existing Atomic Mail account using its API key.
-- Read, search, or modify email via JMAP (`Mailbox/get`, `Email/query`,
-  `Email/get`, `Email/set`, etc.).
-- Send email via JMAP (`EmailSubmission/set` with the
-  `urn:ietf:params:jmap:submission` capability).
-- Discover the JMAP session object (`/.well-known/jmap`) to find the `accountId`
-  before issuing other JMAP method calls.
-
-## Available scripts
-
-- **`scripts/signup.ts`** — One-time setup: performs PoW signup or login and
-  writes credentials to disk. Run once per agent session/inbox.
-- **`scripts/jmap_request.ts`** — Sends JMAP requests using the saved
-  credentials. Auto-rotates the session and capability JWTs as they expire.
-
-Both scripts are invokable three ways. Pick the one that matches the runtime the
-user has installed:
+## Commands
 
 ```bash
-# Deno (preferred — runs source directly)
-deno run -A scripts/signup.ts ...
-deno run -A scripts/jmap_request.ts ...
+npx --package=@atomicmail/agent-skill atomicmail register --username "myagent"
 
-# Node (after the npm package is installed/published)
-npx -y @atomic-mail/agent-skill atomic-mail-signup ...
-npx -y @atomic-mail/agent-skill atomic-mail-jmap ...
-
-# Bun
-bunx -y @atomic-mail/agent-skill atomic-mail-signup ...
-bunx -y @atomic-mail/agent-skill atomic-mail-jmap ...
+npx --package=@atomicmail/agent-skill atomicmail jmap_request --ops-file list_inbox.json --vars '{"COUNT":"10"}'
 ```
 
-> The agent should always pass `--help` first if it is unsure of the exact flag
-> spelling. Both scripts print full usage to stdout and exit `0`.
-
-## Required configuration
+Run **`atomicmail --help`** or **`atomicmail <command> --help`** for flags.
 
-The auth and API base URLs come from the Atomic Mail deployment. Pass them as
-flags or set them in the environment:
+## Defaults
 
-| Flag            | Env var                   | Description                                             |
-| --------------- | ------------------------- | ------------------------------------------------------- |
-| `--auth-url`    | `ATOMIC_MAIL_AUTH_URL`    | Base URL of `auth-service` (PoW + JWT minting).         |
-| `--api-url`     | `ATOMIC_MAIL_API_URL`     | Base URL of `api-service` (JMAP).                       |
-| `--scrypt-salt` | `ATOMIC_MAIL_SCRYPT_SALT` | Optional PoW salt override (defaults match `auth-service`). |
-
-If the user does not know the URLs, ask them — they are deployment-specific.
+- `authUrl`: `https://auth.atomicmail.ai`
+- `apiUrl`: `https://api.atomicmail.ai`
+- credentials directory: `~/.atomicmail`
 
 ## Workflow
 
-### 1. First-time signup (new account)
+### 1. Register (new account)
 
 ```bash
-deno run -A scripts/signup.ts \
-  --auth-url   "$ATOMIC_MAIL_AUTH_URL" \
-  --api-url    "$ATOMIC_MAIL_API_URL" \
-  --username   "alice" \
-  --out-dir    "./.atomic-mail"
+npx --package=@atomicmail/agent-skill atomicmail register \
+  --username "alice"
 ```
 
-This writes three files into `--out-dir`:
-
-- `credentials.json` — `{ apiKey, inboxId, authUrl, apiUrl, scryptSalt }`. The
-  agent should store the `apiKey` securely; it is the long-lived secret.
-- `session.jwt` — 4-hour session token.
-- `capability.jwt` — 2-minute capability token used as the JMAP bearer.
-
-The script prints a JSON summary to stdout that includes `inboxId` and `apiKey`.
-Save these in the agent's persistent memory (or echo them back to the user) —
-they are the only durable identifiers.
+Writes `credentials.json`, `session.jwt`, `capability.jwt`. Prints JSON
+including `inbox` and `accountId`.
 
-### 2. Re-authenticate (existing API key)
-
-If `credentials.json` already exists, this is normally not needed —
-`jmap_request.ts` will auto-renew session/capability tokens via the stored API
-key. Use `signup.ts --api-key` only if the user wants to start a fresh
-credentials directory from a known API key.
+### 2. Register (existing API key, in case losing the credentials file)
 
 ```bash
-deno run -A scripts/signup.ts \
-  --auth-url    "$ATOMIC_MAIL_AUTH_URL" \
-  --api-url     "$ATOMIC_MAIL_API_URL" \
-  --api-key     "11111111-2222-3333-4444-555555555555" \
-  --out-dir     "./.atomic-mail"
+npx --package=@atomicmail/agent-skill atomicmail register \
+  --api-key "..."
 ```
 
-### 3. Discover the JMAP session
-
-Run this **once** before any other JMAP call to learn the `accountId` and
-mailbox structure.
+### 3. JMAP request
 
 ```bash
-deno run -A scripts/jmap_request.ts \
-  --credentials-dir "./.atomic-mail" \
-  --session
+npx --package=@atomicmail/agent-skill atomicmail jmap_request \
+  --ops '[["Mailbox/get", {"accountId": "$ACCOUNT_ID"}, "m0"]]'
 ```
 
-The response JSON contains `primaryAccounts`, `accounts`, `capabilities`, etc.
-Extract the `accountId` for the user's primary mail account from
-`primaryAccounts["urn:ietf:params:jmap:mail"]`.
+`$ACCOUNT_ID` and `$INBOX` resolve from the session/credentials. Other
+placeholders such as `$TO` or `$SUBJECT` require `--vars` with a JSON object of
+strings (same substitution applies to `--ops` and `--ops-file`).
 
-### 4. Send a JMAP request (inline ops)
+Preset file:
 
 ```bash
-deno run -A scripts/jmap_request.ts \
-  --credentials-dir "./.atomic-mail" \
-  --ops '[["Mailbox/get", {"accountId": "ACCOUNT_ID"}, "m0"]]'
-```
-
-For multiple method calls or capabilities, pass a full envelope:
-
-```bash
-deno run -A scripts/jmap_request.ts \
-  --credentials-dir "./.atomic-mail" \
-  --ops '{
-    "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
-    "methodCalls": [
-      ["Mailbox/get", {"accountId": "ACCOUNT_ID"}, "m0"],
-      ["Email/query", {"accountId": "ACCOUNT_ID", "limit": 10}, "q0"]
-    ]
-  }'
+npx --package=@atomicmail/agent-skill atomicmail jmap_request \
+  --ops-file fetch_last_100.json
 ```
 
-### 5. Send a JMAP request (preset file)
-
-For repeated tasks, save the JMAP body to a file and reuse it. The file may
-contain either a `methodCalls` array or a full `{ using, methodCalls }`
-envelope.
+With custom placeholders:
 
 ```bash
-cat > fetch_last_100.json <<'EOF'
-[
-  ["Email/query", {
-    "accountId": "ACCOUNT_ID",
-    "limit": 100,
-    "sort": [{ "property": "receivedAt", "isAscending": false }]
-  }, "q0"],
-  ["Email/get", {
-    "accountId": "ACCOUNT_ID",
-    "#ids": { "resultOf": "q0", "name": "Email/query", "path": "/ids" },
-    "properties": ["id","threadId","subject","from","receivedAt","preview"]
-  }, "g0"]
-]
-EOF
-
-deno run -A scripts/jmap_request.ts \
-  --credentials-dir "./.atomic-mail" \
-  --ops-file fetch_last_100.json
+npx --package=@atomicmail/agent-skill atomicmail jmap_request \
+  --ops-file send_mail.json \
+  --vars '{"TO":"alice@example.com","SUBJECT":"Hello","BODY":"Hi there"}'
 ```
 
-The agent can build a small library of these preset files (`send_email.json`,
-`mark_read.json`, etc.) and reuse them across runs.
+Bundled presets (no local file creation required):
 
-### 6. Send email
+- `send_mail.json` (`$TO`, `$SUBJECT`, `$BODY`)
+- `list_inbox.json` (`$COUNT`)
+- `reply.json` (`$MAIL_ID`, `$BODY`)
 
-Send is a JMAP `EmailSubmission/set` plus an optional `Email/set` to upload the
-draft. Remember to add the submission capability to `using`:
+### 4. Help
 
 ```bash
-deno run -A scripts/jmap_request.ts \
-  --credentials-dir "./.atomic-mail" \
-  --using "urn:ietf:params:jmap:core,urn:ietf:params:jmap:mail,urn:ietf:params:jmap:submission" \
-  --ops-file send_email.json
+npx --package=@atomicmail/agent-skill atomicmail help
+npx --package=@atomicmail/agent-skill atomicmail help --topic jmap_cheatsheet
 ```
 
-## Token rotation (handled automatically)
-
-`jmap_request.ts` checks both JWTs before every request:
-
-- If `capability.jwt` is within 20 s of expiry, it calls
-  `POST /api/v1/capability` with the existing session JWT and rewrites
-  `capability.jwt`.
-- If `session.jwt` is within 60 s of expiry (or missing), it re-runs the full
-  PoW handshake using the API key from `credentials.json`, then rewrites both
-  `session.jwt` and `capability.jwt`.
-
-The agent does not need to call `signup.ts` again to refresh tokens — it only
-needs to call `signup.ts` for the very first registration of an account.
-
-## Troubleshooting
-
-- **`Could not read credentials file ... Did you run signup first?`** — Run
-  `signup.ts` once with `--username` (new account) or `--api-key` (existing
-  account) to create the file set.
-- **`auth-service /api/v1/session returned 409`** — The challenge was consumed
-  (likely a duplicate request or a clock skew). Just rerun `signup.ts` or the
-  failing `jmap_request.ts` once; a fresh challenge will be issued.
-- **`auth-service /api/v1/session returned 401`** — The `apiKey` in
-  `credentials.json` is unknown or suspended. Re-register with `--username` or
-  get a new API key from the operator.
-- **PoW takes a long time on first run** — Difficulty is fixed at 6 leading zero
-  bits, which averages ~64 scrypt iterations. Each scrypt is ~16 MB and ~200-500
-  ms, so the whole solve typically completes in under 30 seconds on a modern
-  laptop.
-- **`Capability JWT did not contain an inboxId claim`** — Almost certainly a
-  server/version mismatch. Verify `--auth-url` points to a current
-  `auth-service` deployment.
-
-## Security notes
-
-- `credentials.json` contains the long-lived API key. The script writes it with
-  mode `0600`, but the agent must not echo the file's contents into shared logs
-  or commit it to source control.
-- Pick a credentials directory that is private to the agent's runtime user (e.g.
-  `~/.config/atomic-mail/` or a per-task working dir).
-- `session.jwt` and `capability.jwt` are short-lived but should be treated as
-  bearer credentials too — never log them.
-
-## Building an npm package
-
-Scripts can be published as an npm package so Node and Bun environments can use
-them through `npx` / `bunx`. From the skill directory:
+## Security
 
-```bash
-deno task build:npm           # writes ./npm
-cd npm && npm publish --access public
-```
+- `credentials.json` holds the API key (mode `0600`). Do not commit it.
+- JWT files are bearer secrets — do not log them.
+
+## Overriding defaults
 
-After publishing, `npx @atomic-mail/agent-skill atomic-mail-signup` and
-`npx @atomic-mail/agent-skill atomic-mail-jmap` work without Deno installed.
+- Endpoints: `--auth-url`, `--api-url` or `ATOMIC_MAIL_AUTH_URL`,
+  `ATOMIC_MAIL_API_URL`
+- Credentials path: `--credentials-dir` or `ATOMIC_MAIL_CREDENTIALS_DIR`
+- PoW salt: `--scrypt-salt` or `ATOMIC_MAIL_SCRYPT_SALT`

package/esm/_dnt.polyfills.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Based on [import-meta-ponyfill](https://github.com/gaubee/import-meta-ponyfill),
+ * but instead of using npm to install additional dependencies,
+ * this approach manually consolidates cjs/mjs/d.ts into a single file.
+ *
+ * Note that this code might be imported multiple times
+ * (for example, both dnt.test.polyfills.ts and dnt.polyfills.ts contain this code;
+ *  or Node.js might dynamically clear the cache and then force a require).
+ * Therefore, it's important to avoid redundant writes to global objects.
+ * Additionally, consider that commonjs is used alongside esm,
+ * so the two ponyfill functions are stored independently in two separate global objects.
+ */
+import { createRequire } from "node:module";
+import { type URL } from "node:url";
+declare global {
+    interface ImportMeta {
+        /** A string representation of the fully qualified module URL. When the
+         * module is loaded locally, the value will be a file URL (e.g.
+         * `file:///path/module.ts`).
+         *
+         * You can also parse the string as a URL to determine more information about
+         * how the current module was loaded. For example to determine if a module was
+         * local or not:
+         *
+         * ```ts
+         * const url = new URL(import.meta.url);
+         * if (url.protocol === "file:") {
+         *   console.log("this module was loaded locally");
+         * }
+         * ```
+         */
+        url: string;
+        /**
+         * A function that returns resolved specifier as if it would be imported
+         * using `import(specifier)`.
+         *
+         * ```ts
+         * console.log(import.meta.resolve("./foo.js"));
+         * // file:///dev/foo.js
+         * ```
+         *
+         * @param specifier The module specifier to resolve relative to `parent`.
+         * @param parent The absolute parent module URL to resolve from.
+         * @returns The absolute (`file:`) URL string for the resolved module.
+         */
+        resolve(specifier: string, parent?: string | URL | undefined): string;
+        /** A flag that indicates if the current module is the main module that was
+         * called when starting the program under Deno.
+         *
+         * ```ts
+         * if (import.meta.main) {
+         *   // this was loaded as the main module, maybe do some bootstrapping
+         * }
+         * ```
+         */
+        main: boolean;
+        /** The absolute path of the current module.
+         *
+         * This property is only provided for local modules (ie. using `file://` URLs).
+         *
+         * Example:
+         * ```
+         * // Unix
+         * console.log(import.meta.filename); // /home/alice/my_module.ts
+         *
+         * // Windows
+         * console.log(import.meta.filename); // C:\alice\my_module.ts
+         * ```
+         */
+        filename: string;
+        /** The absolute path of the directory containing the current module.
+         *
+         * This property is only provided for local modules (ie. using `file://` URLs).
+         *
+         * * Example:
+         * ```
+         * // Unix
+         * console.log(import.meta.dirname); // /home/alice
+         *
+         * // Windows
+         * console.log(import.meta.dirname); // C:\alice
+         * ```
+         */
+        dirname: string;
+    }
+}
+type NodeRequest = ReturnType<typeof createRequire>;
+type NodeModule = NonNullable<NodeRequest["main"]>;
+interface ImportMetaPonyfillCommonjs {
+    (require: NodeRequest, module: NodeModule): ImportMeta;
+}
+interface ImportMetaPonyfillEsmodule {
+    (importMeta: ImportMeta): ImportMeta;
+}
+interface ImportMetaPonyfill extends ImportMetaPonyfillCommonjs, ImportMetaPonyfillEsmodule {
+}
+export declare let import_meta_ponyfill_commonjs: ImportMetaPonyfillCommonjs;
+export declare let import_meta_ponyfill_esmodule: ImportMetaPonyfillEsmodule;
+export declare let import_meta_ponyfill: ImportMetaPonyfill;
+export {};
+//# sourceMappingURL=_dnt.polyfills.d.ts.map

package/esm/_dnt.polyfills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_dnt.polyfills.d.ts","sourceRoot":"","sources":["../src/_dnt.polyfills.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,EAAgC,KAAK,GAAG,EAAE,MAAM,UAAU,CAAC;AAGlE,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,UAAU;QAClB;;;;;;;;;;;;;;WAcG;QACH,GAAG,EAAE,MAAM,CAAC;QACZ;;;;;;;;;;;;WAYG;QACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,MAAM,CAAC;QACtE;;;;;;;;WAQG;QACH,IAAI,EAAE,OAAO,CAAC;QAEd;;;;;;;;;;;;WAYG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;;;;;;;WAYG;QACH,OAAO,EAAE,MAAM,CAAC;KACjB;CACF;AAED,KAAK,WAAW,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,KAAK,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AACnD,UAAU,0BAA0B;IAClC,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;CACxD;AACD,UAAU,0BAA0B;IAClC,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAAC;CACtC;AACD,UAAU,kBACR,SAAQ,0BAA0B,EAAE,0BAA0B;CAC/D;AAiBD,eAAO,IAAI,6BAA6B,EA2BnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,6BAA6B,EA4DnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,oBAAoB,EAoB1B,kBAAkB,CAAC"}

package/esm/_dnt.polyfills.js

@@ -0,0 +1,127 @@
+/**
+ * Based on [import-meta-ponyfill](https://github.com/gaubee/import-meta-ponyfill),
+ * but instead of using npm to install additional dependencies,
+ * this approach manually consolidates cjs/mjs/d.ts into a single file.
+ *
+ * Note that this code might be imported multiple times
+ * (for example, both dnt.test.polyfills.ts and dnt.polyfills.ts contain this code;
+ *  or Node.js might dynamically clear the cache and then force a require).
+ * Therefore, it's important to avoid redundant writes to global objects.
+ * Additionally, consider that commonjs is used alongside esm,
+ * so the two ponyfill functions are stored independently in two separate global objects.
+ */
+//@ts-ignore
+import { createRequire } from "node:module";
+//@ts-ignore
+import { fileURLToPath, pathToFileURL } from "node:url";
+//@ts-ignore
+import { dirname } from "node:path";
+const defineGlobalPonyfill = (symbolFor, fn) => {
+    if (!Reflect.has(globalThis, Symbol.for(symbolFor))) {
+        Object.defineProperty(globalThis, Symbol.for(symbolFor), {
+            configurable: true,
+            get() {
+                return fn;
+            },
+        });
+    }
+};
+export let import_meta_ponyfill_commonjs = (Reflect.get(globalThis, Symbol.for("import-meta-ponyfill-commonjs")) ??
+    (() => {
+        const moduleImportMetaWM = new WeakMap();
+        return (require, module) => {
+            let importMetaCache = moduleImportMetaWM.get(module);
+            if (importMetaCache == null) {
+                const importMeta = Object.assign(Object.create(null), {
+                    url: pathToFileURL(module.filename).href,
+                    main: require.main == module,
+                    resolve: (specifier, parentURL = importMeta.url) => {
+                        return pathToFileURL((importMeta.url === parentURL
+                            ? require
+                            : createRequire(parentURL))
+                            .resolve(specifier)).href;
+                    },
+                    filename: module.filename,
+                    dirname: module.path,
+                });
+                moduleImportMetaWM.set(module, importMeta);
+                importMetaCache = importMeta;
+            }
+            return importMetaCache;
+        };
+    })());
+defineGlobalPonyfill("import-meta-ponyfill-commonjs", import_meta_ponyfill_commonjs);
+export let import_meta_ponyfill_esmodule = (Reflect.get(globalThis, Symbol.for("import-meta-ponyfill-esmodule")) ??
+    ((importMeta) => {
+        const resolveFunStr = String(importMeta.resolve);
+        const shimWs = new WeakSet();
+        //@ts-ignore
+        const mainUrl = ("file:///" + process.argv[1].replace(/\\/g, "/"))
+            .replace(/\/{3,}/, "///");
+        const commonShim = (importMeta) => {
+            if (typeof importMeta.main !== "boolean") {
+                importMeta.main = importMeta.url === mainUrl;
+            }
+            if (typeof importMeta.filename !== "string") {
+                importMeta.filename = fileURLToPath(importMeta.url);
+                importMeta.dirname = dirname(importMeta.filename);
+            }
+        };
+        if (
+        // v16.2.0+, v14.18.0+: Add support for WHATWG URL object to parentURL parameter.
+        resolveFunStr === "undefined" ||
+            // v20.0.0+, v18.19.0+"" This API now returns a string synchronously instead of a Promise.
+            resolveFunStr.startsWith("async")
+        // enable by --experimental-import-meta-resolve flag
+        ) {
+            import_meta_ponyfill_esmodule = (importMeta) => {
+                if (!shimWs.has(importMeta)) {
+                    shimWs.add(importMeta);
+                    const importMetaUrlRequire = {
+                        url: importMeta.url,
+                        require: createRequire(importMeta.url),
+                    };
+                    importMeta.resolve = function resolve(specifier, parentURL = importMeta.url) {
+                        return pathToFileURL((importMetaUrlRequire.url === parentURL
+                            ? importMetaUrlRequire.require
+                            : createRequire(parentURL)).resolve(specifier)).href;
+                    };
+                    commonShim(importMeta);
+                }
+                return importMeta;
+            };
+        }
+        else {
+            /// native support
+            import_meta_ponyfill_esmodule = (importMeta) => {
+                if (!shimWs.has(importMeta)) {
+                    shimWs.add(importMeta);
+                    commonShim(importMeta);
+                }
+                return importMeta;
+            };
+        }
+        return import_meta_ponyfill_esmodule(importMeta);
+    }));
+defineGlobalPonyfill("import-meta-ponyfill-esmodule", import_meta_ponyfill_esmodule);
+export let import_meta_ponyfill = ((...args) => {
+    const _MODULE = (() => {
+        if (typeof require === "function" && typeof module === "object") {
+            return "commonjs";
+        }
+        else {
+            // eval("typeof import.meta");
+            return "esmodule";
+        }
+    })();
+    if (_MODULE === "commonjs") {
+        //@ts-ignore
+        import_meta_ponyfill = (r, m) => import_meta_ponyfill_commonjs(r, m);
+    }
+    else {
+        //@ts-ignore
+        import_meta_ponyfill = (im) => import_meta_ponyfill_esmodule(im);
+    }
+    //@ts-ignore
+    return import_meta_ponyfill(...args);
+});

package/esm/{skill/scripts/lib/auth.d.ts → lib/agent/auth/agent-auth-http.d.ts}

@@ -1,19 +1,3 @@
-export declare const SESSION_TTL_MS: number;
-export declare const CAPABILITY_TTL_MS: number;
-export declare const CAPABILITY_SAFETY_MARGIN_MS = 20000;
-export declare const SESSION_SAFETY_MARGIN_MS = 60000;
-export interface JwtPayload {
-    exp?: number;
-    iat?: number;
-    jti?: string;
-    [key: string]: unknown;
-}
-export declare function decodeJwtPayload<T = JwtPayload>(jwt: string): T;
-export declare function isJwtExpired(jwt: string, marginMs: number): boolean;
-export declare function solvePow(challenge: string, difficulty: number, salt: string, onProgress?: (nonce: bigint) => void): Promise<{
-    powHex: string;
-    nonce: string;
-}>;
 export declare function fetchChallenge(authUrl: string): Promise<{
     challengeJWT: string;
     challenge: string;
@@ -39,4 +23,4 @@ export interface PerformPoWInput {
     onPowProgress?: (nonce: bigint) => void;
 }
 export declare function performPoWAndSession(input: PerformPoWInput): Promise<SessionResponse>;
-//# sourceMappingURL=auth.d.ts.map
+//# sourceMappingURL=agent-auth-http.d.ts.map

package/esm/lib/agent/auth/agent-auth-http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-auth-http.d.ts","sourceRoot":"","sources":["../../../../src/lib/agent/auth/agent-auth-http.ts"],"names":[],"mappings":"AAoCA,wBAAsB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7D,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAqBD;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;IACJ,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,OAAO,CAAC,eAAe,CAAC,CAS1B;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,eAAe,GACrB,OAAO,CAAC,eAAe,CAAC,CAgB1B"}