@bastani/atomic 0.8.31-alpha.4 → 0.9.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -1
- package/dist/builtin/cursor/CHANGELOG.md +4 -1
- package/dist/builtin/cursor/package.json +2 -2
- package/dist/builtin/cursor/src/proto/protobuf-codec-json.ts +44 -0
- package/dist/builtin/cursor/src/proto/protobuf-codec-request.ts +271 -0
- package/dist/builtin/cursor/src/proto/protobuf-codec-wire.ts +231 -0
- package/dist/builtin/cursor/src/proto/protobuf-codec.ts +5 -523
- package/dist/builtin/cursor/src/stream.ts +6 -70
- package/dist/builtin/cursor/src/transport-errors.ts +74 -0
- package/dist/builtin/cursor/src/transport-frame.ts +56 -0
- package/dist/builtin/cursor/src/transport-http2.ts +122 -0
- package/dist/builtin/cursor/src/transport-native-client.ts +161 -0
- package/dist/builtin/cursor/src/transport-run-stream.ts +188 -0
- package/dist/builtin/cursor/src/transport-timeouts.ts +87 -0
- package/dist/builtin/cursor/src/transport-types.ts +140 -0
- package/dist/builtin/cursor/src/transport.ts +24 -790
- package/dist/builtin/intercom/CHANGELOG.md +3 -0
- package/dist/builtin/intercom/broker/client.ts +0 -35
- package/dist/builtin/intercom/contact-supervisor-tool.ts +289 -0
- package/dist/builtin/intercom/index-heavy.ts +77 -1336
- package/dist/builtin/intercom/intercom-tool.ts +409 -0
- package/dist/builtin/intercom/intercom-utils.ts +401 -0
- package/dist/builtin/intercom/lifecycle.ts +133 -0
- package/dist/builtin/intercom/overlay.ts +96 -0
- package/dist/builtin/intercom/package.json +1 -1
- package/dist/builtin/intercom/subagent-relay.ts +137 -0
- package/dist/builtin/mcp/CHANGELOG.md +3 -0
- package/dist/builtin/mcp/config-write-utils.ts +104 -0
- package/dist/builtin/mcp/config.ts +4 -180
- package/dist/builtin/mcp/mcp-panel-renderer.ts +243 -0
- package/dist/builtin/mcp/mcp-panel-state.ts +227 -0
- package/dist/builtin/mcp/mcp-panel-types.ts +86 -0
- package/dist/builtin/mcp/mcp-panel.ts +145 -579
- package/dist/builtin/mcp/mcp-setup-panel.ts +4 -81
- package/dist/builtin/mcp/package.json +1 -1
- package/dist/builtin/mcp/proxy-auth.ts +61 -0
- package/dist/builtin/mcp/proxy-call.ts +373 -0
- package/dist/builtin/mcp/proxy-connect.ts +58 -0
- package/dist/builtin/mcp/proxy-info-modes.ts +326 -0
- package/dist/builtin/mcp/proxy-modes.ts +3 -805
- package/dist/builtin/mcp/proxy-types.ts +3 -0
- package/dist/builtin/mcp/ui-server-http.ts +81 -0
- package/dist/builtin/mcp/ui-server.ts +2 -127
- package/dist/builtin/subagents/CHANGELOG.md +3 -0
- package/dist/builtin/subagents/package.json +1 -1
- package/dist/builtin/subagents/src/agents/agent-discovery.ts +127 -0
- package/dist/builtin/subagents/src/agents/agent-loaders.ts +175 -0
- package/dist/builtin/subagents/src/agents/agent-management-helpers.ts +310 -0
- package/dist/builtin/subagents/src/agents/agent-management.ts +3 -309
- package/dist/builtin/subagents/src/agents/agent-overrides.ts +397 -0
- package/dist/builtin/subagents/src/agents/agent-paths.ts +88 -0
- package/dist/builtin/subagents/src/agents/agent-types.ts +136 -0
- package/dist/builtin/subagents/src/agents/agents.ts +22 -895
- package/dist/builtin/subagents/src/agents/skills-paths.ts +333 -0
- package/dist/builtin/subagents/src/agents/skills.ts +3 -326
- package/dist/builtin/subagents/src/extension/index.ts +4 -118
- package/dist/builtin/subagents/src/extension/prompt-guidance.ts +13 -0
- package/dist/builtin/subagents/src/runs/background/async-execution-chain.ts +401 -0
- package/dist/builtin/subagents/src/runs/background/async-execution-common.ts +131 -0
- package/dist/builtin/subagents/src/runs/background/async-execution-single.ts +213 -0
- package/dist/builtin/subagents/src/runs/background/async-execution-types.ts +84 -0
- package/dist/builtin/subagents/src/runs/background/async-execution.ts +13 -795
- package/dist/builtin/subagents/src/runs/background/subagent-runner-dynamic.ts +215 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-finalize.ts +136 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-output.ts +105 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-parallel-helpers.ts +112 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-parallel.ts +159 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-sequential.ts +127 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-state.ts +427 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-step.ts +273 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-streaming.ts +269 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-types.ts +196 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner-utils.ts +70 -0
- package/dist/builtin/subagents/src/runs/background/subagent-runner.ts +44 -2233
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-behavior.ts +75 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-component.ts +202 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-edit.ts +97 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-editor.ts +160 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-frame.ts +72 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-render-modes.ts +161 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-render-selectors.ts +203 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-selectors.ts +234 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-state.ts +103 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify-types.ts +29 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-clarify.ts +4 -1328
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-clarify.ts +117 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-details.ts +35 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-dynamic-step.ts +194 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-parallel-runner.ts +183 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-parallel-step.ts +185 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-sequential-step.ts +229 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution-types.ts +194 -0
- package/dist/builtin/subagents/src/runs/foreground/chain-execution.ts +94 -1043
- package/dist/builtin/subagents/src/runs/foreground/execution-attempt-control.ts +135 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-attempt-finalize.ts +107 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-attempt-types.ts +17 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-attempt.ts +454 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-run-sync.ts +219 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-structured-retries.ts +77 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-updates.ts +34 -0
- package/dist/builtin/subagents/src/runs/foreground/execution-utils.ts +56 -0
- package/dist/builtin/subagents/src/runs/foreground/execution.ts +6 -1082
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-async.ts +207 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-chain.ts +140 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-context.ts +266 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-input.ts +270 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-parallel-task.ts +157 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-parallel.ts +375 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-resume.ts +463 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-runtime.ts +17 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-single.ts +320 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-status.ts +207 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-types.ts +121 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor-worktree.ts +113 -0
- package/dist/builtin/subagents/src/runs/foreground/subagent-executor.ts +150 -2522
- package/dist/builtin/subagents/src/runs/shared/model-fallback.ts +0 -16
- package/dist/builtin/subagents/src/runs/shared/nested-events-control.ts +167 -0
- package/dist/builtin/subagents/src/runs/shared/nested-events-core.ts +219 -0
- package/dist/builtin/subagents/src/runs/shared/nested-events-projection.ts +121 -0
- package/dist/builtin/subagents/src/runs/shared/nested-events-registry.ts +289 -0
- package/dist/builtin/subagents/src/runs/shared/nested-events-sanitize.ts +201 -0
- package/dist/builtin/subagents/src/runs/shared/nested-events.ts +50 -935
- package/dist/builtin/subagents/src/runs/shared/worktree.ts +0 -78
- package/dist/builtin/subagents/src/shared/types-async.ts +265 -0
- package/dist/builtin/subagents/src/shared/types-config.ts +125 -0
- package/dist/builtin/subagents/src/shared/types-depth.ts +121 -0
- package/dist/builtin/subagents/src/shared/types-output.ts +63 -0
- package/dist/builtin/subagents/src/shared/types-results.ts +318 -0
- package/dist/builtin/subagents/src/shared/types-runtime.ts +136 -0
- package/dist/builtin/subagents/src/shared/types.ts +10 -975
- package/dist/builtin/subagents/src/slash/slash-commands.ts +0 -12
- package/dist/builtin/subagents/src/tui/render-chain-graph.ts +247 -0
- package/dist/builtin/subagents/src/tui/render-event-formatting.ts +259 -0
- package/dist/builtin/subagents/src/tui/render-layout.ts +120 -0
- package/dist/builtin/subagents/src/tui/render-result-animation.ts +56 -0
- package/dist/builtin/subagents/src/tui/render-result-compact.ts +154 -0
- package/dist/builtin/subagents/src/tui/render-result.ts +390 -0
- package/dist/builtin/subagents/src/tui/render-stable-output.ts +83 -0
- package/dist/builtin/subagents/src/tui/render-status-progress.ts +133 -0
- package/dist/builtin/subagents/src/tui/render-widget-graph.ts +166 -0
- package/dist/builtin/subagents/src/tui/render-widget.ts +273 -0
- package/dist/builtin/subagents/src/tui/render.ts +14 -1801
- package/dist/builtin/web-access/CHANGELOG.md +3 -0
- package/dist/builtin/web-access/content-tools.ts +348 -0
- package/dist/builtin/web-access/curator-page-assets/script-1.ts +400 -0
- package/dist/builtin/web-access/curator-page-assets/script-2.ts +400 -0
- package/dist/builtin/web-access/curator-page-assets/script-3.ts +400 -0
- package/dist/builtin/web-access/curator-page-assets/script-4.ts +400 -0
- package/dist/builtin/web-access/curator-page-assets/script-5.ts +398 -0
- package/dist/builtin/web-access/curator-page-assets/styles-1.ts +394 -0
- package/dist/builtin/web-access/curator-page-assets/styles-2.ts +394 -0
- package/dist/builtin/web-access/curator-page-assets/styles-3.ts +393 -0
- package/dist/builtin/web-access/curator-page.ts +17 -3180
- package/dist/builtin/web-access/curator-server-helpers.ts +115 -0
- package/dist/builtin/web-access/curator-server.ts +2 -113
- package/dist/builtin/web-access/exa-mcp.ts +218 -0
- package/dist/builtin/web-access/exa.ts +2 -207
- package/dist/builtin/web-access/extract-frames.ts +228 -0
- package/dist/builtin/web-access/extract.ts +13 -214
- package/dist/builtin/web-access/github-config.ts +156 -0
- package/dist/builtin/web-access/github-extract.ts +3 -154
- package/dist/builtin/web-access/index-heavy.ts +8 -1904
- package/dist/builtin/web-access/package.json +2 -1
- package/dist/builtin/web-access/web-search-activity.ts +102 -0
- package/dist/builtin/web-access/web-search-browser.ts +116 -0
- package/dist/builtin/web-access/web-search-command.ts +242 -0
- package/dist/builtin/web-access/web-search-config.ts +163 -0
- package/dist/builtin/web-access/web-search-curator.ts +214 -0
- package/dist/builtin/web-access/web-search-features.ts +165 -0
- package/dist/builtin/web-access/web-search-formatting.ts +117 -0
- package/dist/builtin/web-access/web-search-return.ts +136 -0
- package/dist/builtin/web-access/web-search-summary.ts +170 -0
- package/dist/builtin/web-access/web-search-tool.ts +290 -0
- package/dist/builtin/web-access/web-search-types.ts +50 -0
- package/dist/builtin/workflows/CHANGELOG.md +8 -1
- package/dist/builtin/workflows/builtin/deep-research-codebase-runner.ts +492 -0
- package/dist/builtin/workflows/builtin/deep-research-codebase-utils.ts +346 -0
- package/dist/builtin/workflows/builtin/deep-research-codebase.ts +6 -822
- package/dist/builtin/workflows/builtin/goal-artifacts.ts +43 -0
- package/dist/builtin/workflows/builtin/goal-ledger.ts +54 -0
- package/dist/builtin/workflows/builtin/goal-prompts.ts +360 -0
- package/dist/builtin/workflows/builtin/goal-reducer.ts +141 -0
- package/dist/builtin/workflows/builtin/goal-reports.ts +56 -0
- package/dist/builtin/workflows/builtin/goal-review.ts +84 -0
- package/dist/builtin/workflows/builtin/goal-runner.ts +343 -0
- package/dist/builtin/workflows/builtin/goal-schemas.ts +60 -0
- package/dist/builtin/workflows/builtin/goal-types.ts +132 -0
- package/dist/builtin/workflows/builtin/goal.ts +4 -1160
- package/dist/builtin/workflows/builtin/open-claude-design-phases.ts +432 -0
- package/dist/builtin/workflows/builtin/open-claude-design-runner.ts +477 -0
- package/dist/builtin/workflows/builtin/open-claude-design-utils.ts +312 -0
- package/dist/builtin/workflows/builtin/open-claude-design.ts +7 -1083
- package/dist/builtin/workflows/builtin/ralph-core.ts +408 -0
- package/dist/builtin/workflows/builtin/ralph-models.ts +123 -0
- package/dist/builtin/workflows/builtin/ralph-review-gate.ts +89 -0
- package/dist/builtin/workflows/builtin/ralph-runner.ts +499 -0
- package/dist/builtin/workflows/builtin/ralph.ts +7 -1015
- package/dist/builtin/workflows/package.json +1 -1
- package/dist/builtin/workflows/skills/impeccable/scripts/detector/detect-antipatterns-browser.js +2 -2
- package/dist/builtin/workflows/skills/impeccable/scripts/detector/engines/regex/detect-text.mjs +2 -2
- package/dist/builtin/workflows/skills/impeccable/scripts/detector/rules/checks.mjs +2 -2
- package/dist/builtin/workflows/skills/impeccable/scripts/detector/shared/page.mjs +8 -1
- package/dist/builtin/workflows/skills/impeccable/scripts/live-accept.mjs +13 -15
- package/dist/builtin/workflows/skills/impeccable/scripts/live-manual-edit-evidence.mjs +2 -2
- package/dist/builtin/workflows/skills/impeccable/scripts/live-server.mjs +9 -0
- package/dist/builtin/workflows/src/extension/atomic-stage-session.ts +186 -0
- package/dist/builtin/workflows/src/extension/config-file-loader.ts +152 -0
- package/dist/builtin/workflows/src/extension/config-loader.ts +2 -167
- package/dist/builtin/workflows/src/extension/discovery-loaders.ts +115 -0
- package/dist/builtin/workflows/src/extension/discovery.ts +3 -117
- package/dist/builtin/workflows/src/extension/dispatcher.ts +3 -0
- package/dist/builtin/workflows/src/extension/extension-factory.ts +120 -0
- package/dist/builtin/workflows/src/extension/extension-lifecycle.ts +109 -0
- package/dist/builtin/workflows/src/extension/extension-runtime-state.ts +270 -0
- package/dist/builtin/workflows/src/extension/index.ts +42 -4151
- package/dist/builtin/workflows/src/extension/public-types.ts +295 -0
- package/dist/builtin/workflows/src/extension/render-component.ts +14 -0
- package/dist/builtin/workflows/src/extension/runtime-direct.ts +96 -0
- package/dist/builtin/workflows/src/extension/runtime.ts +8 -92
- package/dist/builtin/workflows/src/extension/ui-surface.ts +286 -0
- package/dist/builtin/workflows/src/extension/wiring.ts +6 -475
- package/dist/builtin/workflows/src/extension/workflow-command-completions.ts +111 -0
- package/dist/builtin/workflows/src/extension/workflow-command-registration.ts +213 -0
- package/dist/builtin/workflows/src/extension/workflow-command-surfaces.ts +81 -0
- package/dist/builtin/workflows/src/extension/workflow-command-utils.ts +181 -0
- package/dist/builtin/workflows/src/extension/workflow-policy.ts +15 -0
- package/dist/builtin/workflows/src/extension/workflow-ports.ts +41 -0
- package/dist/builtin/workflows/src/extension/workflow-prompts.ts +23 -0
- package/dist/builtin/workflows/src/extension/workflow-run-control-command.ts +286 -0
- package/dist/builtin/workflows/src/extension/workflow-schema.ts +1 -1
- package/dist/builtin/workflows/src/extension/workflow-stage-results.ts +264 -0
- package/dist/builtin/workflows/src/extension/workflow-targets.ts +181 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-content.ts +175 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-control.ts +205 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-helpers.ts +66 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-inspection.ts +164 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-registration.ts +54 -0
- package/dist/builtin/workflows/src/extension/workflow-tool-send.ts +164 -0
- package/dist/builtin/workflows/src/extension/workflow-tool.ts +102 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-abort.ts +431 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-child-boundary.ts +232 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-child-helpers.ts +74 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-child-workflow.ts +158 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-continuation.ts +167 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-direct-helpers.ts +450 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-direct.ts +233 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-exit-manager.ts +195 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-hil.ts +368 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-inputs.ts +83 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-lifecycle.ts +441 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-outputs.ts +160 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-prompt-nodes.ts +274 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-run-finalizers.ts +122 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-run.ts +359 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-scheduler.ts +204 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-call.ts +197 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-context.ts +120 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-control.ts +126 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-factory.ts +351 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-replay.ts +134 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-stage-types.ts +54 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-task-context.ts +132 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-task-prompts.ts +293 -0
- package/dist/builtin/workflows/src/runs/foreground/executor-types.ts +109 -0
- package/dist/builtin/workflows/src/runs/foreground/executor.ts +19 -5258
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-context.ts +219 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-controller.ts +500 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-messages.ts +129 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-options.ts +53 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-output.ts +146 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-session.ts +55 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-structured-output.ts +82 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner-types.ts +141 -0
- package/dist/builtin/workflows/src/runs/foreground/stage-runner.ts +13 -1342
- package/dist/builtin/workflows/src/runs/shared/model-fallback-candidates.ts +453 -0
- package/dist/builtin/workflows/src/runs/shared/model-fallback-failures.ts +442 -0
- package/dist/builtin/workflows/src/runs/shared/model-fallback.ts +2 -836
- package/dist/builtin/workflows/src/runs/shared/worktree-diff.ts +165 -0
- package/dist/builtin/workflows/src/runs/shared/worktree-git.ts +220 -0
- package/dist/builtin/workflows/src/runs/shared/worktree-setup.ts +335 -0
- package/dist/builtin/workflows/src/runs/shared/worktree-types.ts +92 -0
- package/dist/builtin/workflows/src/runs/shared/worktree.ts +18 -791
- package/dist/builtin/workflows/src/shared/authoring-contract-stage.d.ts +365 -0
- package/dist/builtin/workflows/src/shared/authoring-contract-stage.ts +425 -0
- package/dist/builtin/workflows/src/shared/authoring-contract-ui.d.ts +236 -0
- package/dist/builtin/workflows/src/shared/authoring-contract-ui.ts +354 -0
- package/dist/builtin/workflows/src/shared/authoring-contract.d.ts +5 -598
- package/dist/builtin/workflows/src/shared/persistence-restore-helpers.ts +428 -0
- package/dist/builtin/workflows/src/shared/persistence-restore.ts +11 -431
- package/dist/builtin/workflows/src/shared/store-factory.ts +16 -0
- package/dist/builtin/workflows/src/shared/store-internal.ts +219 -0
- package/dist/builtin/workflows/src/shared/store-prompt-methods.ts +219 -0
- package/dist/builtin/workflows/src/shared/store-public-types.ts +215 -0
- package/dist/builtin/workflows/src/shared/store-run-methods.ts +223 -0
- package/dist/builtin/workflows/src/shared/store-stage-methods.ts +305 -0
- package/dist/builtin/workflows/src/shared/store.ts +11 -1138
- package/dist/builtin/workflows/src/shared/workflow-failures-classifier.ts +266 -0
- package/dist/builtin/workflows/src/shared/workflow-failures-contract.ts +75 -0
- package/dist/builtin/workflows/src/shared/workflow-failures-decisions.ts +477 -0
- package/dist/builtin/workflows/src/shared/workflow-failures-signals.ts +248 -0
- package/dist/builtin/workflows/src/shared/workflow-failures.ts +13 -1001
- package/dist/builtin/workflows/src/tui/chat-surface.ts +0 -66
- package/dist/builtin/workflows/src/tui/graph-view-constants.ts +45 -0
- package/dist/builtin/workflows/src/tui/graph-view-graph-render.ts +161 -0
- package/dist/builtin/workflows/src/tui/graph-view-input.ts +333 -0
- package/dist/builtin/workflows/src/tui/graph-view-render-helpers.ts +336 -0
- package/dist/builtin/workflows/src/tui/graph-view-render.ts +194 -0
- package/dist/builtin/workflows/src/tui/graph-view-state.ts +306 -0
- package/dist/builtin/workflows/src/tui/graph-view-types.ts +70 -0
- package/dist/builtin/workflows/src/tui/graph-view.ts +4 -1386
- package/dist/builtin/workflows/src/tui/inline-form-editor-text.ts +121 -0
- package/dist/builtin/workflows/src/tui/inline-form-editor.ts +11 -223
- package/dist/builtin/workflows/src/tui/inputs-picker-editing.ts +151 -0
- package/dist/builtin/workflows/src/tui/inputs-picker-input.ts +305 -0
- package/dist/builtin/workflows/src/tui/inputs-picker-render.ts +300 -0
- package/dist/builtin/workflows/src/tui/inputs-picker-types.ts +190 -0
- package/dist/builtin/workflows/src/tui/inputs-picker.ts +19 -997
- package/dist/builtin/workflows/src/tui/prompt-card-input.ts +226 -0
- package/dist/builtin/workflows/src/tui/prompt-card-render.ts +373 -0
- package/dist/builtin/workflows/src/tui/prompt-card-select.ts +116 -0
- package/dist/builtin/workflows/src/tui/prompt-card-state.ts +61 -0
- package/dist/builtin/workflows/src/tui/prompt-card-text.ts +129 -0
- package/dist/builtin/workflows/src/tui/prompt-card.ts +8 -910
- package/dist/builtin/workflows/src/tui/stage-chat-view-archive-history.ts +315 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-custom-ui.ts +127 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-footer-status.ts +187 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-input.ts +222 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-render-helpers.ts +152 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-state.ts +464 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-transcript.ts +242 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view-types.ts +151 -0
- package/dist/builtin/workflows/src/tui/stage-chat-view.ts +141 -1777
- package/dist/builtin/workflows/src/tui/workflow-attach-pane-types.ts +85 -0
- package/dist/builtin/workflows/src/tui/workflow-attach-pane.ts +1 -129
- package/dist/config-self-update.d.ts +21 -0
- package/dist/config-self-update.d.ts.map +1 -0
- package/dist/config-self-update.js +265 -0
- package/dist/config-self-update.js.map +1 -0
- package/dist/config.d.ts +3 -12
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +15 -252
- package/dist/config.js.map +1 -1
- package/dist/core/agent-session-accessors.d.ts +3 -0
- package/dist/core/agent-session-accessors.d.ts.map +1 -0
- package/dist/core/agent-session-accessors.js +36 -0
- package/dist/core/agent-session-accessors.js.map +1 -0
- package/dist/core/agent-session-auto-compaction.d.ts +32 -0
- package/dist/core/agent-session-auto-compaction.d.ts.map +1 -0
- package/dist/core/agent-session-auto-compaction.js +214 -0
- package/dist/core/agent-session-auto-compaction.js.map +1 -0
- package/dist/core/agent-session-bash.d.ts +30 -0
- package/dist/core/agent-session-bash.d.ts.map +1 -0
- package/dist/core/agent-session-bash.js +84 -0
- package/dist/core/agent-session-bash.js.map +1 -0
- package/dist/core/agent-session-compaction.d.ts +44 -0
- package/dist/core/agent-session-compaction.d.ts.map +1 -0
- package/dist/core/agent-session-compaction.js +282 -0
- package/dist/core/agent-session-compaction.js.map +1 -0
- package/dist/core/agent-session-events.d.ts +65 -0
- package/dist/core/agent-session-events.d.ts.map +1 -0
- package/dist/core/agent-session-events.js +373 -0
- package/dist/core/agent-session-events.js.map +1 -0
- package/dist/core/agent-session-export.d.ts +42 -0
- package/dist/core/agent-session-export.d.ts.map +1 -0
- package/dist/core/agent-session-export.js +199 -0
- package/dist/core/agent-session-export.js.map +1 -0
- package/dist/core/agent-session-extension-bindings.d.ts +37 -0
- package/dist/core/agent-session-extension-bindings.d.ts.map +1 -0
- package/dist/core/agent-session-extension-bindings.js +231 -0
- package/dist/core/agent-session-extension-bindings.js.map +1 -0
- package/dist/core/agent-session-message-queue.d.ts +85 -0
- package/dist/core/agent-session-message-queue.d.ts.map +1 -0
- package/dist/core/agent-session-message-queue.js +264 -0
- package/dist/core/agent-session-message-queue.js.map +1 -0
- package/dist/core/agent-session-methods.d.ts +302 -0
- package/dist/core/agent-session-methods.d.ts.map +1 -0
- package/dist/core/agent-session-methods.js +2 -0
- package/dist/core/agent-session-methods.js.map +1 -0
- package/dist/core/agent-session-models.d.ts +111 -0
- package/dist/core/agent-session-models.d.ts.map +1 -0
- package/dist/core/agent-session-models.js +368 -0
- package/dist/core/agent-session-models.js.map +1 -0
- package/dist/core/agent-session-prompt.d.ts +61 -0
- package/dist/core/agent-session-prompt.d.ts.map +1 -0
- package/dist/core/agent-session-prompt.js +330 -0
- package/dist/core/agent-session-prompt.js.map +1 -0
- package/dist/core/agent-session-retry.d.ts +62 -0
- package/dist/core/agent-session-retry.d.ts.map +1 -0
- package/dist/core/agent-session-retry.js +202 -0
- package/dist/core/agent-session-retry.js.map +1 -0
- package/dist/core/agent-session-skill-block.d.ts +13 -0
- package/dist/core/agent-session-skill-block.d.ts.map +1 -0
- package/dist/core/agent-session-skill-block.js +37 -0
- package/dist/core/agent-session-skill-block.js.map +1 -0
- package/dist/core/agent-session-state.d.ts +48 -0
- package/dist/core/agent-session-state.d.ts.map +1 -0
- package/dist/core/agent-session-state.js +129 -0
- package/dist/core/agent-session-state.js.map +1 -0
- package/dist/core/agent-session-tool-hooks.d.ts +7 -0
- package/dist/core/agent-session-tool-hooks.d.ts.map +1 -0
- package/dist/core/agent-session-tool-hooks.js +72 -0
- package/dist/core/agent-session-tool-hooks.js.map +1 -0
- package/dist/core/agent-session-tool-registry.d.ts +15 -0
- package/dist/core/agent-session-tool-registry.d.ts.map +1 -0
- package/dist/core/agent-session-tool-registry.js +151 -0
- package/dist/core/agent-session-tool-registry.js.map +1 -0
- package/dist/core/agent-session-tree.d.ts +46 -0
- package/dist/core/agent-session-tree.d.ts.map +1 -0
- package/dist/core/agent-session-tree.js +217 -0
- package/dist/core/agent-session-tree.js.map +1 -0
- package/dist/core/agent-session-types.d.ts +159 -0
- package/dist/core/agent-session-types.d.ts.map +1 -0
- package/dist/core/agent-session-types.js +41 -0
- package/dist/core/agent-session-types.js.map +1 -0
- package/dist/core/agent-session.d.ts +68 -688
- package/dist/core/agent-session.d.ts.map +1 -1
- package/dist/core/agent-session.js +26 -3152
- package/dist/core/agent-session.js.map +1 -1
- package/dist/core/auth-storage-backends.d.ts +49 -0
- package/dist/core/auth-storage-backends.d.ts.map +1 -0
- package/dist/core/auth-storage-backends.js +185 -0
- package/dist/core/auth-storage-backends.js.map +1 -0
- package/dist/core/auth-storage.d.ts +2 -49
- package/dist/core/auth-storage.d.ts.map +1 -1
- package/dist/core/auth-storage.js +3 -183
- package/dist/core/auth-storage.js.map +1 -1
- package/dist/core/compaction/context-compaction-metrics.d.ts +16 -0
- package/dist/core/compaction/context-compaction-metrics.d.ts.map +1 -0
- package/dist/core/compaction/context-compaction-metrics.js +58 -0
- package/dist/core/compaction/context-compaction-metrics.js.map +1 -0
- package/dist/core/compaction/context-compaction-prompt.d.ts +9 -0
- package/dist/core/compaction/context-compaction-prompt.d.ts.map +1 -0
- package/dist/core/compaction/context-compaction-prompt.js +161 -0
- package/dist/core/compaction/context-compaction-prompt.js.map +1 -0
- package/dist/core/compaction/context-compaction-runner.d.ts +5 -0
- package/dist/core/compaction/context-compaction-runner.d.ts.map +1 -0
- package/dist/core/compaction/context-compaction-runner.js +181 -0
- package/dist/core/compaction/context-compaction-runner.js.map +1 -0
- package/dist/core/compaction/context-compaction-strategy.d.ts +5 -0
- package/dist/core/compaction/context-compaction-strategy.d.ts.map +1 -0
- package/dist/core/compaction/context-compaction-strategy.js +27 -0
- package/dist/core/compaction/context-compaction-strategy.js.map +1 -0
- package/dist/core/compaction/context-compaction-types.d.ts +73 -0
- package/dist/core/compaction/context-compaction-types.d.ts.map +1 -0
- package/dist/core/compaction/context-compaction-types.js +6 -0
- package/dist/core/compaction/context-compaction-types.js.map +1 -0
- package/dist/core/compaction/context-compaction.d.ts +9 -200
- package/dist/core/compaction/context-compaction.d.ts.map +1 -1
- package/dist/core/compaction/context-compaction.js +7 -1943
- package/dist/core/compaction/context-compaction.js.map +1 -1
- package/dist/core/compaction/context-deletion-application.d.ts +13 -0
- package/dist/core/compaction/context-deletion-application.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-application.js +259 -0
- package/dist/core/compaction/context-deletion-application.js.map +1 -0
- package/dist/core/compaction/context-deletion-store.d.ts +78 -0
- package/dist/core/compaction/context-deletion-store.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-store.js +162 -0
- package/dist/core/compaction/context-deletion-store.js.map +1 -0
- package/dist/core/compaction/context-deletion-targets.d.ts +40 -0
- package/dist/core/compaction/context-deletion-targets.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-targets.js +267 -0
- package/dist/core/compaction/context-deletion-targets.js.map +1 -0
- package/dist/core/compaction/context-deletion-tool-definitions.d.ts +187 -0
- package/dist/core/compaction/context-deletion-tool-definitions.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-tool-definitions.js +98 -0
- package/dist/core/compaction/context-deletion-tool-definitions.js.map +1 -0
- package/dist/core/compaction/context-deletion-tool-helpers.d.ts +19 -0
- package/dist/core/compaction/context-deletion-tool-helpers.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-tool-helpers.js +137 -0
- package/dist/core/compaction/context-deletion-tool-helpers.js.map +1 -0
- package/dist/core/compaction/context-deletion-tools.d.ts +4 -0
- package/dist/core/compaction/context-deletion-tools.d.ts.map +1 -0
- package/dist/core/compaction/context-deletion-tools.js +395 -0
- package/dist/core/compaction/context-deletion-tools.js.map +1 -0
- package/dist/core/compaction/context-transcript-analysis.d.ts +9 -0
- package/dist/core/compaction/context-transcript-analysis.d.ts.map +1 -0
- package/dist/core/compaction/context-transcript-analysis.js +234 -0
- package/dist/core/compaction/context-transcript-analysis.js.map +1 -0
- package/dist/core/export-html/index.d.ts.map +1 -1
- package/dist/core/export-html/index.js +2 -1
- package/dist/core/export-html/index.js.map +1 -1
- package/dist/core/export-html/template-js/data-tree.js +287 -0
- package/dist/core/export-html/template-js/entries-navigation.js +424 -0
- package/dist/core/export-html/template-js/initialization.js +312 -0
- package/dist/core/export-html/template-js/message-tools.js +415 -0
- package/dist/core/export-html/template-js/tree-filter-render.js +421 -0
- package/dist/core/export-html/template-script.d.ts +3 -0
- package/dist/core/export-html/template-script.d.ts.map +1 -0
- package/dist/core/export-html/template-script.js +13 -0
- package/dist/core/export-html/template-script.js.map +1 -0
- package/dist/core/export-html/template.js +3 -1
- package/dist/core/extensions/agent-events.d.ts +159 -0
- package/dist/core/extensions/agent-events.d.ts.map +1 -0
- package/dist/core/extensions/agent-events.js +2 -0
- package/dist/core/extensions/agent-events.js.map +1 -0
- package/dist/core/extensions/api-types.d.ts +189 -0
- package/dist/core/extensions/api-types.d.ts.map +1 -0
- package/dist/core/extensions/api-types.js +2 -0
- package/dist/core/extensions/api-types.js.map +1 -0
- package/dist/core/extensions/command-types.d.ts +14 -0
- package/dist/core/extensions/command-types.d.ts.map +1 -0
- package/dist/core/extensions/command-types.js +2 -0
- package/dist/core/extensions/command-types.js.map +1 -0
- package/dist/core/extensions/context-types.d.ts +130 -0
- package/dist/core/extensions/context-types.d.ts.map +1 -0
- package/dist/core/extensions/context-types.js +2 -0
- package/dist/core/extensions/context-types.js.map +1 -0
- package/dist/core/extensions/event-results.d.ts +61 -0
- package/dist/core/extensions/event-results.d.ts.map +1 -0
- package/dist/core/extensions/event-results.js +2 -0
- package/dist/core/extensions/event-results.js.map +1 -0
- package/dist/core/extensions/event-types.d.ts +6 -0
- package/dist/core/extensions/event-types.d.ts.map +1 -0
- package/dist/core/extensions/event-types.js +2 -0
- package/dist/core/extensions/event-types.js.map +1 -0
- package/dist/core/extensions/loader-api.d.ts +10 -0
- package/dist/core/extensions/loader-api.d.ts.map +1 -0
- package/dist/core/extensions/loader-api.js +143 -0
- package/dist/core/extensions/loader-api.js.map +1 -0
- package/dist/core/extensions/loader-core.d.ts +12 -0
- package/dist/core/extensions/loader-core.d.ts.map +1 -0
- package/dist/core/extensions/loader-core.js +91 -0
- package/dist/core/extensions/loader-core.js.map +1 -0
- package/dist/core/extensions/loader-discovery.d.ts +7 -0
- package/dist/core/extensions/loader-discovery.d.ts.map +1 -0
- package/dist/core/extensions/loader-discovery.js +139 -0
- package/dist/core/extensions/loader-discovery.js.map +1 -0
- package/dist/core/extensions/loader-resources.d.ts +11 -0
- package/dist/core/extensions/loader-resources.d.ts.map +1 -0
- package/dist/core/extensions/loader-resources.js +10 -0
- package/dist/core/extensions/loader-resources.js.map +1 -0
- package/dist/core/extensions/loader-runtime.d.ts +7 -0
- package/dist/core/extensions/loader-runtime.d.ts.map +1 -0
- package/dist/core/extensions/loader-runtime.js +51 -0
- package/dist/core/extensions/loader-runtime.js.map +1 -0
- package/dist/core/extensions/loader-virtual-modules.d.ts +3 -0
- package/dist/core/extensions/loader-virtual-modules.d.ts.map +1 -0
- package/dist/core/extensions/loader-virtual-modules.js +92 -0
- package/dist/core/extensions/loader-virtual-modules.js.map +1 -0
- package/dist/core/extensions/loader.d.ts +4 -28
- package/dist/core/extensions/loader.d.ts.map +1 -1
- package/dist/core/extensions/loader.js +3 -542
- package/dist/core/extensions/loader.js.map +1 -1
- package/dist/core/extensions/message-types.d.ts +34 -0
- package/dist/core/extensions/message-types.d.ts.map +1 -0
- package/dist/core/extensions/message-types.js +2 -0
- package/dist/core/extensions/message-types.js.map +1 -0
- package/dist/core/extensions/provider-types.d.ts +71 -0
- package/dist/core/extensions/provider-types.d.ts.map +1 -0
- package/dist/core/extensions/provider-types.js +2 -0
- package/dist/core/extensions/provider-types.js.map +1 -0
- package/dist/core/extensions/runner-context.d.ts +42 -0
- package/dist/core/extensions/runner-context.d.ts.map +1 -0
- package/dist/core/extensions/runner-context.js +112 -0
- package/dist/core/extensions/runner-context.js.map +1 -0
- package/dist/core/extensions/runner-events.d.ts +47 -0
- package/dist/core/extensions/runner-events.d.ts.map +1 -0
- package/dist/core/extensions/runner-events.js +280 -0
- package/dist/core/extensions/runner-events.js.map +1 -0
- package/dist/core/extensions/runner-handlers.d.ts +32 -0
- package/dist/core/extensions/runner-handlers.d.ts.map +1 -0
- package/dist/core/extensions/runner-handlers.js +2 -0
- package/dist/core/extensions/runner-handlers.js.map +1 -0
- package/dist/core/extensions/runner-project-trust.d.ts +6 -0
- package/dist/core/extensions/runner-project-trust.d.ts.map +1 -0
- package/dist/core/extensions/runner-project-trust.js +27 -0
- package/dist/core/extensions/runner-project-trust.js.map +1 -0
- package/dist/core/extensions/runner-registries.d.ts +8 -0
- package/dist/core/extensions/runner-registries.d.ts.map +1 -0
- package/dist/core/extensions/runner-registries.js +76 -0
- package/dist/core/extensions/runner-registries.js.map +1 -0
- package/dist/core/extensions/runner-shortcuts.d.ts +10 -0
- package/dist/core/extensions/runner-shortcuts.d.ts.map +1 -0
- package/dist/core/extensions/runner-shortcuts.js +71 -0
- package/dist/core/extensions/runner-shortcuts.js.map +1 -0
- package/dist/core/extensions/runner-ui.d.ts +3 -0
- package/dist/core/extensions/runner-ui.d.ts.map +1 -0
- package/dist/core/extensions/runner-ui.js +50 -0
- package/dist/core/extensions/runner-ui.js.map +1 -0
- package/dist/core/extensions/runner.d.ts +7 -74
- package/dist/core/extensions/runner.d.ts.map +1 -1
- package/dist/core/extensions/runner.js +67 -673
- package/dist/core/extensions/runner.js.map +1 -1
- package/dist/core/extensions/runtime-types.d.ts +179 -0
- package/dist/core/extensions/runtime-types.d.ts.map +1 -0
- package/dist/core/extensions/runtime-types.js +2 -0
- package/dist/core/extensions/runtime-types.js.map +1 -0
- package/dist/core/extensions/session-events.d.ts +89 -0
- package/dist/core/extensions/session-events.d.ts.map +1 -0
- package/dist/core/extensions/session-events.js +2 -0
- package/dist/core/extensions/session-events.js.map +1 -0
- package/dist/core/extensions/tool-events.d.ts +127 -0
- package/dist/core/extensions/tool-events.d.ts.map +1 -0
- package/dist/core/extensions/tool-events.js +26 -0
- package/dist/core/extensions/tool-events.js.map +1 -0
- package/dist/core/extensions/tool-types.d.ts +100 -0
- package/dist/core/extensions/tool-types.d.ts.map +1 -0
- package/dist/core/extensions/tool-types.js +11 -0
- package/dist/core/extensions/tool-types.js.map +1 -0
- package/dist/core/extensions/types.d.ts +20 -1288
- package/dist/core/extensions/types.d.ts.map +1 -1
- package/dist/core/extensions/types.js +4 -34
- package/dist/core/extensions/types.js.map +1 -1
- package/dist/core/extensions/ui-types.d.ts +200 -0
- package/dist/core/extensions/ui-types.d.ts.map +1 -0
- package/dist/core/extensions/ui-types.js +2 -0
- package/dist/core/extensions/ui-types.js.map +1 -0
- package/dist/core/model-registry-auth.d.ts +7 -0
- package/dist/core/model-registry-auth.d.ts.map +1 -0
- package/dist/core/model-registry-auth.js +64 -0
- package/dist/core/model-registry-auth.js.map +1 -0
- package/dist/core/model-registry-builtins.d.ts +9 -0
- package/dist/core/model-registry-builtins.d.ts.map +1 -0
- package/dist/core/model-registry-builtins.js +120 -0
- package/dist/core/model-registry-builtins.js.map +1 -0
- package/dist/core/model-registry-custom-loader.d.ts +3 -0
- package/dist/core/model-registry-custom-loader.d.ts.map +1 -0
- package/dist/core/model-registry-custom-loader.js +213 -0
- package/dist/core/model-registry-custom-loader.js.map +1 -0
- package/dist/core/model-registry-dynamic.d.ts +6 -0
- package/dist/core/model-registry-dynamic.d.ts.map +1 -0
- package/dist/core/model-registry-dynamic.js +155 -0
- package/dist/core/model-registry-dynamic.js.map +1 -0
- package/dist/core/model-registry-loader.d.ts +4 -0
- package/dist/core/model-registry-loader.d.ts.map +1 -0
- package/dist/core/model-registry-loader.js +20 -0
- package/dist/core/model-registry-loader.js.map +1 -0
- package/dist/core/model-registry-schemas.d.ts +1084 -0
- package/dist/core/model-registry-schemas.d.ts.map +1 -0
- package/dist/core/model-registry-schemas.js +161 -0
- package/dist/core/model-registry-schemas.js.map +1 -0
- package/dist/core/model-registry-types.d.ts +74 -0
- package/dist/core/model-registry-types.d.ts.map +1 -0
- package/dist/core/model-registry-types.js +2 -0
- package/dist/core/model-registry-types.js.map +1 -0
- package/dist/core/model-registry.d.ts +3 -76
- package/dist/core/model-registry.d.ts.map +1 -1
- package/dist/core/model-registry.js +24 -733
- package/dist/core/model-registry.js.map +1 -1
- package/dist/core/model-resolver-cli.d.ts +19 -0
- package/dist/core/model-resolver-cli.d.ts.map +1 -0
- package/dist/core/model-resolver-cli.js +118 -0
- package/dist/core/model-resolver-cli.js.map +1 -0
- package/dist/core/model-resolver-defaults.d.ts +5 -0
- package/dist/core/model-resolver-defaults.d.ts.map +1 -0
- package/dist/core/model-resolver-defaults.js +47 -0
- package/dist/core/model-resolver-defaults.js.map +1 -0
- package/dist/core/model-resolver-initial.d.ts +31 -0
- package/dist/core/model-resolver-initial.d.ts.map +1 -0
- package/dist/core/model-resolver-initial.js +116 -0
- package/dist/core/model-resolver-initial.js.map +1 -0
- package/dist/core/model-resolver-patterns.d.ts +26 -0
- package/dist/core/model-resolver-patterns.d.ts.map +1 -0
- package/dist/core/model-resolver-patterns.js +139 -0
- package/dist/core/model-resolver-patterns.js.map +1 -0
- package/dist/core/model-resolver-scope.d.ts +15 -0
- package/dist/core/model-resolver-scope.d.ts.map +1 -0
- package/dist/core/model-resolver-scope.js +66 -0
- package/dist/core/model-resolver-scope.js.map +1 -0
- package/dist/core/model-resolver-types.d.ts +29 -0
- package/dist/core/model-resolver-types.d.ts.map +1 -0
- package/dist/core/model-resolver-types.js +2 -0
- package/dist/core/model-resolver-types.js.map +1 -0
- package/dist/core/model-resolver.d.ts +6 -107
- package/dist/core/model-resolver.d.ts.map +1 -1
- package/dist/core/model-resolver.js +5 -549
- package/dist/core/model-resolver.js.map +1 -1
- package/dist/core/package-manager-auto-resources.d.ts +5 -0
- package/dist/core/package-manager-auto-resources.d.ts.map +1 -0
- package/dist/core/package-manager-auto-resources.js +109 -0
- package/dist/core/package-manager-auto-resources.js.map +1 -0
- package/dist/core/package-manager-command.d.ts +11 -0
- package/dist/core/package-manager-command.d.ts.map +1 -0
- package/dist/core/package-manager-command.js +102 -0
- package/dist/core/package-manager-command.js.map +1 -0
- package/dist/core/package-manager-constants.d.ts +4 -0
- package/dist/core/package-manager-constants.d.ts.map +1 -0
- package/dist/core/package-manager-constants.js +4 -0
- package/dist/core/package-manager-constants.js.map +1 -0
- package/dist/core/package-manager-env.d.ts +4 -0
- package/dist/core/package-manager-env.d.ts.map +1 -0
- package/dist/core/package-manager-env.js +40 -0
- package/dist/core/package-manager-env.js.map +1 -0
- package/dist/core/package-manager-git.d.ts +10 -0
- package/dist/core/package-manager-git.d.ts.map +1 -0
- package/dist/core/package-manager-git.js +271 -0
- package/dist/core/package-manager-git.js.map +1 -0
- package/dist/core/package-manager-manifest.d.ts +7 -0
- package/dist/core/package-manager-manifest.d.ts.map +1 -0
- package/dist/core/package-manager-manifest.js +45 -0
- package/dist/core/package-manager-manifest.js.map +1 -0
- package/dist/core/package-manager-npm.d.ts +25 -0
- package/dist/core/package-manager-npm.d.ts.map +1 -0
- package/dist/core/package-manager-npm.js +252 -0
- package/dist/core/package-manager-npm.js.map +1 -0
- package/dist/core/package-manager-operations.d.ts +11 -0
- package/dist/core/package-manager-operations.d.ts.map +1 -0
- package/dist/core/package-manager-operations.js +196 -0
- package/dist/core/package-manager-operations.js.map +1 -0
- package/dist/core/package-manager-paths.d.ts +14 -0
- package/dist/core/package-manager-paths.d.ts.map +1 -0
- package/dist/core/package-manager-paths.js +61 -0
- package/dist/core/package-manager-paths.js.map +1 -0
- package/dist/core/package-manager-progress.d.ts +4 -0
- package/dist/core/package-manager-progress.d.ts.map +1 -0
- package/dist/core/package-manager-progress.js +16 -0
- package/dist/core/package-manager-progress.js.map +1 -0
- package/dist/core/package-manager-resolver.d.ts +5 -0
- package/dist/core/package-manager-resolver.d.ts.map +1 -0
- package/dist/core/package-manager-resolver.js +149 -0
- package/dist/core/package-manager-resolver.js.map +1 -0
- package/dist/core/package-manager-resource-accumulator.d.ts +6 -0
- package/dist/core/package-manager-resource-accumulator.d.ts.map +1 -0
- package/dist/core/package-manager-resource-accumulator.js +67 -0
- package/dist/core/package-manager-resource-accumulator.js.map +1 -0
- package/dist/core/package-manager-resource-collector.d.ts +5 -0
- package/dist/core/package-manager-resource-collector.d.ts.map +1 -0
- package/dist/core/package-manager-resource-collector.js +148 -0
- package/dist/core/package-manager-resource-collector.js.map +1 -0
- package/dist/core/package-manager-resource-files.d.ts +14 -0
- package/dist/core/package-manager-resource-files.d.ts.map +1 -0
- package/dist/core/package-manager-resource-files.js +265 -0
- package/dist/core/package-manager-resource-files.js.map +1 -0
- package/dist/core/package-manager-resource-patterns.d.ts +12 -0
- package/dist/core/package-manager-resource-patterns.d.ts.map +1 -0
- package/dist/core/package-manager-resource-patterns.js +136 -0
- package/dist/core/package-manager-resource-patterns.js.map +1 -0
- package/dist/core/package-manager-settings.d.ts +10 -0
- package/dist/core/package-manager-settings.d.ts.map +1 -0
- package/dist/core/package-manager-settings.js +91 -0
- package/dist/core/package-manager-settings.js.map +1 -0
- package/dist/core/package-manager-source.d.ts +21 -0
- package/dist/core/package-manager-source.d.ts.map +1 -0
- package/dist/core/package-manager-source.js +146 -0
- package/dist/core/package-manager-source.js.map +1 -0
- package/dist/core/package-manager-types.d.ts +169 -0
- package/dist/core/package-manager-types.d.ts.map +1 -0
- package/dist/core/package-manager-types.js +9 -0
- package/dist/core/package-manager-types.js.map +1 -0
- package/dist/core/package-manager.d.ts +9 -174
- package/dist/core/package-manager.d.ts.map +1 -1
- package/dist/core/package-manager.js +56 -2100
- package/dist/core/package-manager.js.map +1 -1
- package/dist/core/resource-loader-assets.d.ts +6 -0
- package/dist/core/resource-loader-assets.d.ts.map +1 -0
- package/dist/core/resource-loader-assets.js +209 -0
- package/dist/core/resource-loader-assets.js.map +1 -0
- package/dist/core/resource-loader-context-files.d.ts +10 -0
- package/dist/core/resource-loader-context-files.d.ts.map +1 -0
- package/dist/core/resource-loader-context-files.js +74 -0
- package/dist/core/resource-loader-context-files.js.map +1 -0
- package/dist/core/resource-loader-core.d.ts +82 -0
- package/dist/core/resource-loader-core.d.ts.map +1 -0
- package/dist/core/resource-loader-core.js +168 -0
- package/dist/core/resource-loader-core.js.map +1 -0
- package/dist/core/resource-loader-discovery.d.ts +4 -0
- package/dist/core/resource-loader-discovery.d.ts.map +1 -0
- package/dist/core/resource-loader-discovery.js +28 -0
- package/dist/core/resource-loader-discovery.js.map +1 -0
- package/dist/core/resource-loader-extensions.d.ts +13 -0
- package/dist/core/resource-loader-extensions.d.ts.map +1 -0
- package/dist/core/resource-loader-extensions.js +110 -0
- package/dist/core/resource-loader-extensions.js.map +1 -0
- package/dist/core/resource-loader-helpers.d.ts +4 -0
- package/dist/core/resource-loader-helpers.d.ts.map +1 -0
- package/dist/core/resource-loader-helpers.js +23 -0
- package/dist/core/resource-loader-helpers.js.map +1 -0
- package/dist/core/resource-loader-internals.d.ts +96 -0
- package/dist/core/resource-loader-internals.d.ts.map +1 -0
- package/dist/core/resource-loader-internals.js +4 -0
- package/dist/core/resource-loader-internals.js.map +1 -0
- package/dist/core/resource-loader-package-resources.d.ts +31 -0
- package/dist/core/resource-loader-package-resources.d.ts.map +1 -0
- package/dist/core/resource-loader-package-resources.js +112 -0
- package/dist/core/resource-loader-package-resources.js.map +1 -0
- package/dist/core/resource-loader-paths.d.ts +4 -0
- package/dist/core/resource-loader-paths.d.ts.map +1 -0
- package/dist/core/resource-loader-paths.js +22 -0
- package/dist/core/resource-loader-paths.js.map +1 -0
- package/dist/core/resource-loader-reload.d.ts +6 -0
- package/dist/core/resource-loader-reload.d.ts.map +1 -0
- package/dist/core/resource-loader-reload.js +226 -0
- package/dist/core/resource-loader-reload.js.map +1 -0
- package/dist/core/resource-loader-source-info.d.ts +9 -0
- package/dist/core/resource-loader-source-info.d.ts.map +1 -0
- package/dist/core/resource-loader-source-info.js +101 -0
- package/dist/core/resource-loader-source-info.js.map +1 -0
- package/dist/core/resource-loader-types.d.ts +130 -0
- package/dist/core/resource-loader-types.d.ts.map +1 -0
- package/dist/core/resource-loader-types.js +2 -0
- package/dist/core/resource-loader-types.js.map +1 -0
- package/dist/core/resource-loader.d.ts +3 -242
- package/dist/core/resource-loader.d.ts.map +1 -1
- package/dist/core/resource-loader.js +2 -976
- package/dist/core/resource-loader.js.map +1 -1
- package/dist/core/sdk-exports.d.ts +7 -0
- package/dist/core/sdk-exports.d.ts.map +1 -0
- package/dist/core/sdk-exports.js +5 -0
- package/dist/core/sdk-exports.js.map +1 -0
- package/dist/core/sdk-types.d.ts +86 -0
- package/dist/core/sdk-types.d.ts.map +1 -0
- package/dist/core/sdk-types.js +2 -0
- package/dist/core/sdk-types.js.map +1 -0
- package/dist/core/sdk.d.ts +3 -91
- package/dist/core/sdk.d.ts.map +1 -1
- package/dist/core/sdk.js +2 -6
- package/dist/core/sdk.js.map +1 -1
- package/dist/core/session-manager-archive.d.ts +27 -0
- package/dist/core/session-manager-archive.d.ts.map +1 -0
- package/dist/core/session-manager-archive.js +114 -0
- package/dist/core/session-manager-archive.js.map +1 -0
- package/dist/core/session-manager-core.d.ts +104 -0
- package/dist/core/session-manager-core.d.ts.map +1 -0
- package/dist/core/session-manager-core.js +346 -0
- package/dist/core/session-manager-core.js.map +1 -0
- package/dist/core/session-manager-entries.d.ts +38 -0
- package/dist/core/session-manager-entries.d.ts.map +1 -0
- package/dist/core/session-manager-entries.js +124 -0
- package/dist/core/session-manager-entries.js.map +1 -0
- package/dist/core/session-manager-history.d.ts +38 -0
- package/dist/core/session-manager-history.d.ts.map +1 -0
- package/dist/core/session-manager-history.js +378 -0
- package/dist/core/session-manager-history.js.map +1 -0
- package/dist/core/session-manager-list.d.ts +5 -0
- package/dist/core/session-manager-list.d.ts.map +1 -0
- package/dist/core/session-manager-list.js +196 -0
- package/dist/core/session-manager-list.js.map +1 -0
- package/dist/core/session-manager-migrations.d.ts +11 -0
- package/dist/core/session-manager-migrations.d.ts.map +1 -0
- package/dist/core/session-manager-migrations.js +80 -0
- package/dist/core/session-manager-migrations.js.map +1 -0
- package/dist/core/session-manager-paths.d.ts +7 -0
- package/dist/core/session-manager-paths.d.ts.map +1 -0
- package/dist/core/session-manager-paths.js +22 -0
- package/dist/core/session-manager-paths.js.map +1 -0
- package/dist/core/session-manager-storage.d.ts +15 -0
- package/dist/core/session-manager-storage.d.ts.map +1 -0
- package/dist/core/session-manager-storage.js +127 -0
- package/dist/core/session-manager-storage.js.map +1 -0
- package/dist/core/session-manager-types.d.ts +172 -0
- package/dist/core/session-manager-types.d.ts.map +1 -0
- package/dist/core/session-manager-types.js +2 -0
- package/dist/core/session-manager-types.js.map +1 -0
- package/dist/core/session-manager-validation.d.ts +7 -0
- package/dist/core/session-manager-validation.d.ts.map +1 -0
- package/dist/core/session-manager-validation.js +34 -0
- package/dist/core/session-manager-validation.js.map +1 -0
- package/dist/core/session-manager.d.ts +8 -390
- package/dist/core/session-manager.d.ts.map +1 -1
- package/dist/core/session-manager.js +7 -1418
- package/dist/core/session-manager.js.map +1 -1
- package/dist/core/settings-manager-basic-accessors.d.ts +65 -0
- package/dist/core/settings-manager-basic-accessors.d.ts.map +1 -0
- package/dist/core/settings-manager-basic-accessors.js +253 -0
- package/dist/core/settings-manager-basic-accessors.js.map +1 -0
- package/dist/core/settings-manager-core.d.ts +57 -0
- package/dist/core/settings-manager-core.d.ts.map +1 -0
- package/dist/core/settings-manager-core.js +387 -0
- package/dist/core/settings-manager-core.js.map +1 -0
- package/dist/core/settings-manager-internals.d.ts +13 -0
- package/dist/core/settings-manager-internals.d.ts.map +1 -0
- package/dist/core/settings-manager-internals.js +4 -0
- package/dist/core/settings-manager-internals.js.map +1 -0
- package/dist/core/settings-manager-resource-accessors.d.ts +43 -0
- package/dist/core/settings-manager-resource-accessors.d.ts.map +1 -0
- package/dist/core/settings-manager-resource-accessors.js +172 -0
- package/dist/core/settings-manager-resource-accessors.js.map +1 -0
- package/dist/core/settings-manager-ui-accessors.d.ts +44 -0
- package/dist/core/settings-manager-ui-accessors.d.ts.map +1 -0
- package/dist/core/settings-manager-ui-accessors.js +208 -0
- package/dist/core/settings-manager-ui-accessors.js.map +1 -0
- package/dist/core/settings-manager.d.ts +6 -321
- package/dist/core/settings-manager.d.ts.map +1 -1
- package/dist/core/settings-manager.js +5 -1060
- package/dist/core/settings-manager.js.map +1 -1
- package/dist/core/settings-merge.d.ts +4 -0
- package/dist/core/settings-merge.d.ts.map +1 -0
- package/dist/core/settings-merge.js +26 -0
- package/dist/core/settings-merge.js.map +1 -0
- package/dist/core/settings-storage.d.ts +20 -0
- package/dist/core/settings-storage.d.ts.map +1 -0
- package/dist/core/settings-storage.js +100 -0
- package/dist/core/settings-storage.js.map +1 -0
- package/dist/core/settings-types.d.ts +123 -0
- package/dist/core/settings-types.d.ts.map +1 -0
- package/dist/core/settings-types.js +2 -0
- package/dist/core/settings-types.js.map +1 -0
- package/dist/core/system-prompt.d.ts.map +1 -1
- package/dist/core/system-prompt.js +7 -0
- package/dist/core/system-prompt.js.map +1 -1
- package/dist/core/tools/bash-policy-compile.d.ts +5 -0
- package/dist/core/tools/bash-policy-compile.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-compile.js +241 -0
- package/dist/core/tools/bash-policy-compile.js.map +1 -0
- package/dist/core/tools/bash-policy-evaluate.d.ts +3 -0
- package/dist/core/tools/bash-policy-evaluate.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-evaluate.js +92 -0
- package/dist/core/tools/bash-policy-evaluate.js.map +1 -0
- package/dist/core/tools/bash-policy-format.d.ts +5 -0
- package/dist/core/tools/bash-policy-format.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-format.js +49 -0
- package/dist/core/tools/bash-policy-format.js.map +1 -0
- package/dist/core/tools/bash-policy-parser.d.ts +4 -0
- package/dist/core/tools/bash-policy-parser.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-parser.js +155 -0
- package/dist/core/tools/bash-policy-parser.js.map +1 -0
- package/dist/core/tools/bash-policy-segment.d.ts +3 -0
- package/dist/core/tools/bash-policy-segment.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-segment.js +275 -0
- package/dist/core/tools/bash-policy-segment.js.map +1 -0
- package/dist/core/tools/bash-policy-shell.d.ts +11 -0
- package/dist/core/tools/bash-policy-shell.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-shell.js +267 -0
- package/dist/core/tools/bash-policy-shell.js.map +1 -0
- package/dist/core/tools/bash-policy-types.d.ts +146 -0
- package/dist/core/tools/bash-policy-types.d.ts.map +1 -0
- package/dist/core/tools/bash-policy-types.js +2 -0
- package/dist/core/tools/bash-policy-types.js.map +1 -0
- package/dist/core/tools/bash-policy.d.ts +5 -61
- package/dist/core/tools/bash-policy.d.ts.map +1 -1
- package/dist/core/tools/bash-policy.js +4 -1068
- package/dist/core/tools/bash-policy.js.map +1 -1
- package/dist/core/tools/todos-execute.d.ts +5 -0
- package/dist/core/tools/todos-execute.d.ts.map +1 -0
- package/dist/core/tools/todos-execute.js +200 -0
- package/dist/core/tools/todos-execute.js.map +1 -0
- package/dist/core/tools/todos-locks.d.ts +4 -0
- package/dist/core/tools/todos-locks.d.ts.map +1 -0
- package/dist/core/tools/todos-locks.js +80 -0
- package/dist/core/tools/todos-locks.js.map +1 -0
- package/dist/core/tools/todos-model.d.ts +21 -0
- package/dist/core/tools/todos-model.d.ts.map +1 -0
- package/dist/core/tools/todos-model.js +71 -0
- package/dist/core/tools/todos-model.js.map +1 -0
- package/dist/core/tools/todos-mutations.d.ts +6 -0
- package/dist/core/tools/todos-mutations.d.ts.map +1 -0
- package/dist/core/tools/todos-mutations.js +85 -0
- package/dist/core/tools/todos-mutations.js.map +1 -0
- package/dist/core/tools/todos-paths.d.ts +5 -0
- package/dist/core/tools/todos-paths.d.ts.map +1 -0
- package/dist/core/tools/todos-paths.js +25 -0
- package/dist/core/tools/todos-paths.js.map +1 -0
- package/dist/core/tools/todos-render.d.ts +10 -0
- package/dist/core/tools/todos-render.d.ts.map +1 -0
- package/dist/core/tools/todos-render.js +159 -0
- package/dist/core/tools/todos-render.js.map +1 -0
- package/dist/core/tools/todos-storage.d.ts +9 -0
- package/dist/core/tools/todos-storage.d.ts.map +1 -0
- package/dist/core/tools/todos-storage.js +183 -0
- package/dist/core/tools/todos-storage.js.map +1 -0
- package/dist/core/tools/todos-types.d.ts +46 -0
- package/dist/core/tools/todos-types.d.ts.map +1 -0
- package/dist/core/tools/todos-types.js +27 -0
- package/dist/core/tools/todos-types.js.map +1 -0
- package/dist/core/tools/todos.d.ts +12 -32
- package/dist/core/tools/todos.d.ts.map +1 -1
- package/dist/core/tools/todos.js +7 -893
- package/dist/core/tools/todos.js.map +1 -1
- package/dist/index-extensions.d.ts +3 -0
- package/dist/index-extensions.d.ts.map +1 -0
- package/dist/index-extensions.js +2 -0
- package/dist/index-extensions.js.map +1 -0
- package/dist/index.d.ts +1 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/main-app-mode.d.ts +15 -0
- package/dist/main-app-mode.d.ts.map +1 -0
- package/dist/main-app-mode.js +51 -0
- package/dist/main-app-mode.js.map +1 -0
- package/dist/main-session-options.d.ts +12 -0
- package/dist/main-session-options.d.ts.map +1 -0
- package/dist/main-session-options.js +87 -0
- package/dist/main-session-options.js.map +1 -0
- package/dist/main-session.d.ts +9 -0
- package/dist/main-session.d.ts.map +1 -0
- package/dist/main-session.js +188 -0
- package/dist/main-session.js.map +1 -0
- package/dist/main-stdio.d.ts +12 -0
- package/dist/main-stdio.d.ts.map +1 -0
- package/dist/main-stdio.js +68 -0
- package/dist/main-stdio.js.map +1 -0
- package/dist/main.d.ts +2 -3
- package/dist/main.d.ts.map +1 -1
- package/dist/main.js +11 -388
- package/dist/main.js.map +1 -1
- package/dist/migrations-config-values.d.ts +9 -0
- package/dist/migrations-config-values.d.ts.map +1 -0
- package/dist/migrations-config-values.js +298 -0
- package/dist/migrations-config-values.js.map +1 -0
- package/dist/migrations.d.ts.map +1 -1
- package/dist/migrations.js +2 -296
- package/dist/migrations.js.map +1 -1
- package/dist/modes/interactive/components/chat-message-renderer.d.ts.map +1 -1
- package/dist/modes/interactive/components/chat-message-renderer.js +0 -7
- package/dist/modes/interactive/components/chat-message-renderer.js.map +1 -1
- package/dist/modes/interactive/components/chat-session-host-actions.d.ts +9 -0
- package/dist/modes/interactive/components/chat-session-host-actions.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-actions.js +244 -0
- package/dist/modes/interactive/components/chat-session-host-actions.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-editor.d.ts +18 -0
- package/dist/modes/interactive/components/chat-session-host-editor.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-editor.js +165 -0
- package/dist/modes/interactive/components/chat-session-host-editor.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-events.d.ts +5 -0
- package/dist/modes/interactive/components/chat-session-host-events.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-events.js +200 -0
- package/dist/modes/interactive/components/chat-session-host-events.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-rendering.d.ts +13 -0
- package/dist/modes/interactive/components/chat-session-host-rendering.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-rendering.js +185 -0
- package/dist/modes/interactive/components/chat-session-host-rendering.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-runtime.d.ts +13 -0
- package/dist/modes/interactive/components/chat-session-host-runtime.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-runtime.js +101 -0
- package/dist/modes/interactive/components/chat-session-host-runtime.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-state.d.ts +53 -0
- package/dist/modes/interactive/components/chat-session-host-state.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-state.js +42 -0
- package/dist/modes/interactive/components/chat-session-host-state.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-types.d.ts +63 -0
- package/dist/modes/interactive/components/chat-session-host-types.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-types.js +2 -0
- package/dist/modes/interactive/components/chat-session-host-types.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-utils.d.ts +28 -0
- package/dist/modes/interactive/components/chat-session-host-utils.d.ts.map +1 -0
- package/dist/modes/interactive/components/chat-session-host-utils.js +103 -0
- package/dist/modes/interactive/components/chat-session-host-utils.js.map +1 -0
- package/dist/modes/interactive/components/chat-session-host.d.ts +6 -129
- package/dist/modes/interactive/components/chat-session-host.d.ts.map +1 -1
- package/dist/modes/interactive/components/chat-session-host.js +50 -1022
- package/dist/modes/interactive/components/chat-session-host.js.map +1 -1
- package/dist/modes/interactive/components/config-selector-list.d.ts +65 -0
- package/dist/modes/interactive/components/config-selector-list.d.ts.map +1 -0
- package/dist/modes/interactive/components/config-selector-list.js +458 -0
- package/dist/modes/interactive/components/config-selector-list.js.map +1 -0
- package/dist/modes/interactive/components/config-selector.d.ts +3 -58
- package/dist/modes/interactive/components/config-selector.d.ts.map +1 -1
- package/dist/modes/interactive/components/config-selector.js +2 -457
- package/dist/modes/interactive/components/config-selector.js.map +1 -1
- package/dist/modes/interactive/components/session-selector-delete.d.ts +10 -0
- package/dist/modes/interactive/components/session-selector-delete.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-delete.js +40 -0
- package/dist/modes/interactive/components/session-selector-delete.js.map +1 -0
- package/dist/modes/interactive/components/session-selector-header.d.ts +33 -0
- package/dist/modes/interactive/components/session-selector-header.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-header.js +117 -0
- package/dist/modes/interactive/components/session-selector-header.js.map +1 -0
- package/dist/modes/interactive/components/session-selector-list.d.ts +49 -0
- package/dist/modes/interactive/components/session-selector-list.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-list.js +307 -0
- package/dist/modes/interactive/components/session-selector-list.js.map +1 -0
- package/dist/modes/interactive/components/session-selector-tree.d.ts +25 -0
- package/dist/modes/interactive/components/session-selector-tree.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-tree.js +53 -0
- package/dist/modes/interactive/components/session-selector-tree.js.map +1 -0
- package/dist/modes/interactive/components/session-selector-types.d.ts +4 -0
- package/dist/modes/interactive/components/session-selector-types.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-types.js +2 -0
- package/dist/modes/interactive/components/session-selector-types.js.map +1 -0
- package/dist/modes/interactive/components/session-selector-utils.d.ts +4 -0
- package/dist/modes/interactive/components/session-selector-utils.d.ts.map +1 -0
- package/dist/modes/interactive/components/session-selector-utils.js +37 -0
- package/dist/modes/interactive/components/session-selector-utils.js.map +1 -0
- package/dist/modes/interactive/components/session-selector.d.ts +3 -49
- package/dist/modes/interactive/components/session-selector.d.ts.map +1 -1
- package/dist/modes/interactive/components/session-selector.js +5 -542
- package/dist/modes/interactive/components/session-selector.js.map +1 -1
- package/dist/modes/interactive/components/settings-selector-handlers.d.ts +3 -0
- package/dist/modes/interactive/components/settings-selector-handlers.d.ts.map +1 -0
- package/dist/modes/interactive/components/settings-selector-handlers.js +84 -0
- package/dist/modes/interactive/components/settings-selector-handlers.js.map +1 -0
- package/dist/modes/interactive/components/settings-selector-items.d.ts +4 -0
- package/dist/modes/interactive/components/settings-selector-items.d.ts.map +1 -0
- package/dist/modes/interactive/components/settings-selector-items.js +211 -0
- package/dist/modes/interactive/components/settings-selector-items.js.map +1 -0
- package/dist/modes/interactive/components/settings-selector-options.d.ts +6 -0
- package/dist/modes/interactive/components/settings-selector-options.d.ts.map +1 -0
- package/dist/modes/interactive/components/settings-selector-options.js +14 -0
- package/dist/modes/interactive/components/settings-selector-options.js.map +1 -0
- package/dist/modes/interactive/components/settings-selector-submenus.d.ts +44 -0
- package/dist/modes/interactive/components/settings-selector-submenus.d.ts.map +1 -0
- package/dist/modes/interactive/components/settings-selector-submenus.js +228 -0
- package/dist/modes/interactive/components/settings-selector-submenus.js.map +1 -0
- package/dist/modes/interactive/components/settings-selector-types.d.ts +67 -0
- package/dist/modes/interactive/components/settings-selector-types.d.ts.map +1 -0
- package/dist/modes/interactive/components/settings-selector-types.js +2 -0
- package/dist/modes/interactive/components/settings-selector-types.js.map +1 -0
- package/dist/modes/interactive/components/settings-selector.d.ts +2 -63
- package/dist/modes/interactive/components/settings-selector.d.ts.map +1 -1
- package/dist/modes/interactive/components/settings-selector.js +5 -538
- package/dist/modes/interactive/components/settings-selector.js.map +1 -1
- package/dist/modes/interactive/components/tree-selector-component.d.ts +21 -0
- package/dist/modes/interactive/components/tree-selector-component.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-component.js +80 -0
- package/dist/modes/interactive/components/tree-selector-component.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-content.d.ts +8 -0
- package/dist/modes/interactive/components/tree-selector-content.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-content.js +263 -0
- package/dist/modes/interactive/components/tree-selector-content.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-help.d.ts +16 -0
- package/dist/modes/interactive/components/tree-selector-help.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-help.js +103 -0
- package/dist/modes/interactive/components/tree-selector-help.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-label-input.d.ts +16 -0
- package/dist/modes/interactive/components/tree-selector-label-input.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-label-input.js +46 -0
- package/dist/modes/interactive/components/tree-selector-label-input.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-list.d.ts +33 -0
- package/dist/modes/interactive/components/tree-selector-list.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-list.js +336 -0
- package/dist/modes/interactive/components/tree-selector-list.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-model.d.ts +7 -0
- package/dist/modes/interactive/components/tree-selector-model.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-model.js +358 -0
- package/dist/modes/interactive/components/tree-selector-model.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-types.d.ts +57 -0
- package/dist/modes/interactive/components/tree-selector-types.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-types.js +6 -0
- package/dist/modes/interactive/components/tree-selector-types.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector-viewport.d.ts +10 -0
- package/dist/modes/interactive/components/tree-selector-viewport.d.ts.map +1 -0
- package/dist/modes/interactive/components/tree-selector-viewport.js +32 -0
- package/dist/modes/interactive/components/tree-selector-viewport.js.map +1 -0
- package/dist/modes/interactive/components/tree-selector.d.ts +2 -88
- package/dist/modes/interactive/components/tree-selector.d.ts.map +1 -1
- package/dist/modes/interactive/components/tree-selector.js +1 -1200
- package/dist/modes/interactive/components/tree-selector.js.map +1 -1
- package/dist/modes/interactive/interactive-agent-events.d.ts +2 -0
- package/dist/modes/interactive/interactive-agent-events.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-agent-events.js +370 -0
- package/dist/modes/interactive/interactive-agent-events.js.map +1 -0
- package/dist/modes/interactive/interactive-auth-login.d.ts +2 -0
- package/dist/modes/interactive/interactive-auth-login.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-auth-login.js +214 -0
- package/dist/modes/interactive/interactive-auth-login.js.map +1 -0
- package/dist/modes/interactive/interactive-auth-routing.d.ts +2 -0
- package/dist/modes/interactive/interactive-auth-routing.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-auth-routing.js +128 -0
- package/dist/modes/interactive/interactive-auth-routing.js.map +1 -0
- package/dist/modes/interactive/interactive-autocomplete.d.ts +2 -0
- package/dist/modes/interactive/interactive-autocomplete.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-autocomplete.js +140 -0
- package/dist/modes/interactive/interactive-autocomplete.js.map +1 -0
- package/dist/modes/interactive/interactive-bash-compact.d.ts +2 -0
- package/dist/modes/interactive/interactive-bash-compact.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-bash-compact.js +112 -0
- package/dist/modes/interactive/interactive-bash-compact.js.map +1 -0
- package/dist/modes/interactive/interactive-editor-actions.d.ts +2 -0
- package/dist/modes/interactive/interactive-editor-actions.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-editor-actions.js +131 -0
- package/dist/modes/interactive/interactive-editor-actions.js.map +1 -0
- package/dist/modes/interactive/interactive-extension-context.d.ts +2 -0
- package/dist/modes/interactive/interactive-extension-context.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-extension-context.js +159 -0
- package/dist/modes/interactive/interactive-extension-context.js.map +1 -0
- package/dist/modes/interactive/interactive-extension-custom-ui.d.ts +2 -0
- package/dist/modes/interactive/interactive-extension-custom-ui.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-extension-custom-ui.js +208 -0
- package/dist/modes/interactive/interactive-extension-custom-ui.js.map +1 -0
- package/dist/modes/interactive/interactive-extension-dialogs.d.ts +2 -0
- package/dist/modes/interactive/interactive-extension-dialogs.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-extension-dialogs.js +162 -0
- package/dist/modes/interactive/interactive-extension-dialogs.js.map +1 -0
- package/dist/modes/interactive/interactive-extension-runtime.d.ts +2 -0
- package/dist/modes/interactive/interactive-extension-runtime.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-extension-runtime.js +179 -0
- package/dist/modes/interactive/interactive-extension-runtime.js.map +1 -0
- package/dist/modes/interactive/interactive-extension-widgets.d.ts +2 -0
- package/dist/modes/interactive/interactive-extension-widgets.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-extension-widgets.js +113 -0
- package/dist/modes/interactive/interactive-extension-widgets.js.map +1 -0
- package/dist/modes/interactive/interactive-hotkeys-debug.d.ts +2 -0
- package/dist/modes/interactive/interactive-hotkeys-debug.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-hotkeys-debug.js +186 -0
- package/dist/modes/interactive/interactive-hotkeys-debug.js.map +1 -0
- package/dist/modes/interactive/interactive-input-handling.d.ts +2 -0
- package/dist/modes/interactive/interactive-input-handling.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-input-handling.js +275 -0
- package/dist/modes/interactive/interactive-input-handling.js.map +1 -0
- package/dist/modes/interactive/interactive-mode-base.d.ts +103 -0
- package/dist/modes/interactive/interactive-mode-base.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-mode-base.js +130 -0
- package/dist/modes/interactive/interactive-mode-base.js.map +1 -0
- package/dist/modes/interactive/interactive-mode-deps.d.ts +81 -0
- package/dist/modes/interactive/interactive-mode-deps.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-mode-deps.js +74 -0
- package/dist/modes/interactive/interactive-mode-deps.js.map +1 -0
- package/dist/modes/interactive/interactive-mode-helpers.d.ts +21 -0
- package/dist/modes/interactive/interactive-mode-helpers.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-mode-helpers.js +77 -0
- package/dist/modes/interactive/interactive-mode-helpers.js.map +1 -0
- package/dist/modes/interactive/interactive-mode-surface.d.ts +313 -0
- package/dist/modes/interactive/interactive-mode-surface.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-mode-surface.js +2 -0
- package/dist/modes/interactive/interactive-mode-surface.js.map +1 -0
- package/dist/modes/interactive/interactive-mode-types.d.ts +29 -0
- package/dist/modes/interactive/interactive-mode-types.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-mode-types.js +2 -0
- package/dist/modes/interactive/interactive-mode-types.js.map +1 -0
- package/dist/modes/interactive/interactive-mode.d.ts +30 -404
- package/dist/modes/interactive/interactive-mode.d.ts.map +1 -1
- package/dist/modes/interactive/interactive-mode.js +29 -5260
- package/dist/modes/interactive/interactive-mode.js.map +1 -1
- package/dist/modes/interactive/interactive-model-routing.d.ts +2 -0
- package/dist/modes/interactive/interactive-model-routing.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-model-routing.js +269 -0
- package/dist/modes/interactive/interactive-model-routing.js.map +1 -0
- package/dist/modes/interactive/interactive-process-lifecycle.d.ts +2 -0
- package/dist/modes/interactive/interactive-process-lifecycle.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-process-lifecycle.js +189 -0
- package/dist/modes/interactive/interactive-process-lifecycle.js.map +1 -0
- package/dist/modes/interactive/interactive-queueing.d.ts +2 -0
- package/dist/modes/interactive/interactive-queueing.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-queueing.js +163 -0
- package/dist/modes/interactive/interactive-queueing.js.map +1 -0
- package/dist/modes/interactive/interactive-render-chat.d.ts +2 -0
- package/dist/modes/interactive/interactive-render-chat.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-render-chat.js +170 -0
- package/dist/modes/interactive/interactive-render-chat.js.map +1 -0
- package/dist/modes/interactive/interactive-resource-disclosure.d.ts +2 -0
- package/dist/modes/interactive/interactive-resource-disclosure.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-resource-disclosure.js +101 -0
- package/dist/modes/interactive/interactive-resource-disclosure.js.map +1 -0
- package/dist/modes/interactive/interactive-resource-paths.d.ts +2 -0
- package/dist/modes/interactive/interactive-resource-paths.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-resource-paths.js +228 -0
- package/dist/modes/interactive/interactive-resource-paths.js.map +1 -0
- package/dist/modes/interactive/interactive-resource-rendering.d.ts +2 -0
- package/dist/modes/interactive/interactive-resource-rendering.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-resource-rendering.js +181 -0
- package/dist/modes/interactive/interactive-resource-rendering.js.map +1 -0
- package/dist/modes/interactive/interactive-selectors.d.ts +2 -0
- package/dist/modes/interactive/interactive-selectors.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-selectors.js +198 -0
- package/dist/modes/interactive/interactive-selectors.js.map +1 -0
- package/dist/modes/interactive/interactive-session-routing.d.ts +2 -0
- package/dist/modes/interactive/interactive-session-routing.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-session-routing.js +232 -0
- package/dist/modes/interactive/interactive-session-routing.js.map +1 -0
- package/dist/modes/interactive/interactive-session-runtime.d.ts +2 -0
- package/dist/modes/interactive/interactive-session-runtime.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-session-runtime.js +131 -0
- package/dist/modes/interactive/interactive-session-runtime.js.map +1 -0
- package/dist/modes/interactive/interactive-slash-commands.d.ts +2 -0
- package/dist/modes/interactive/interactive-slash-commands.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-slash-commands.js +338 -0
- package/dist/modes/interactive/interactive-slash-commands.js.map +1 -0
- package/dist/modes/interactive/interactive-startup.d.ts +2 -0
- package/dist/modes/interactive/interactive-startup.d.ts.map +1 -0
- package/dist/modes/interactive/interactive-startup.js +348 -0
- package/dist/modes/interactive/interactive-startup.js.map +1 -0
- package/dist/modes/interactive/theme/color-utils.d.ts +20 -0
- package/dist/modes/interactive/theme/color-utils.d.ts.map +1 -0
- package/dist/modes/interactive/theme/color-utils.js +204 -0
- package/dist/modes/interactive/theme/color-utils.js.map +1 -0
- package/dist/modes/interactive/theme/export-colors.d.ts +19 -0
- package/dist/modes/interactive/theme/export-colors.d.ts.map +1 -0
- package/dist/modes/interactive/theme/export-colors.js +69 -0
- package/dist/modes/interactive/theme/export-colors.js.map +1 -0
- package/dist/modes/interactive/theme/global-theme.d.ts +12 -0
- package/dist/modes/interactive/theme/global-theme.d.ts.map +1 -0
- package/dist/modes/interactive/theme/global-theme.js +150 -0
- package/dist/modes/interactive/theme/global-theme.js.map +1 -0
- package/dist/modes/interactive/theme/terminal-detection.d.ts +30 -0
- package/dist/modes/interactive/theme/terminal-detection.d.ts.map +1 -0
- package/dist/modes/interactive/theme/terminal-detection.js +89 -0
- package/dist/modes/interactive/theme/terminal-detection.js.map +1 -0
- package/dist/modes/interactive/theme/theme-class.d.ts +30 -0
- package/dist/modes/interactive/theme/theme-class.d.ts.map +1 -0
- package/dist/modes/interactive/theme/theme-class.js +83 -0
- package/dist/modes/interactive/theme/theme-class.js.map +1 -0
- package/dist/modes/interactive/theme/theme-loading.d.ts +17 -0
- package/dist/modes/interactive/theme/theme-loading.d.ts.map +1 -0
- package/dist/modes/interactive/theme/theme-loading.js +155 -0
- package/dist/modes/interactive/theme/theme-loading.js.map +1 -0
- package/dist/modes/interactive/theme/theme-parse.d.ts +5 -0
- package/dist/modes/interactive/theme/theme-parse.d.ts.map +1 -0
- package/dist/modes/interactive/theme/theme-parse.js +52 -0
- package/dist/modes/interactive/theme/theme-parse.js.map +1 -0
- package/dist/modes/interactive/theme/theme-schema.d.ts +255 -0
- package/dist/modes/interactive/theme/theme-schema.d.ts.map +1 -0
- package/dist/modes/interactive/theme/theme-schema.js +78 -0
- package/dist/modes/interactive/theme/theme-schema.js.map +1 -0
- package/dist/modes/interactive/theme/theme.d.ts +6 -108
- package/dist/modes/interactive/theme/theme.d.ts.map +1 -1
- package/dist/modes/interactive/theme/theme.js +6 -1065
- package/dist/modes/interactive/theme/theme.js.map +1 -1
- package/dist/modes/interactive/theme/tui-theme.d.ts +15 -0
- package/dist/modes/interactive/theme/tui-theme.d.ts.map +1 -0
- package/dist/modes/interactive/theme/tui-theme.js +199 -0
- package/dist/modes/interactive/theme/tui-theme.js.map +1 -0
- package/dist/modes/rpc/rpc-client.d.ts +1 -61
- package/dist/modes/rpc/rpc-client.d.ts.map +1 -1
- package/dist/modes/rpc/rpc-client.js +1 -72
- package/dist/modes/rpc/rpc-client.js.map +1 -1
- package/dist/modes/rpc/rpc-command-handler.d.ts +14 -0
- package/dist/modes/rpc/rpc-command-handler.d.ts.map +1 -0
- package/dist/modes/rpc/rpc-command-handler.js +226 -0
- package/dist/modes/rpc/rpc-command-handler.js.map +1 -0
- package/dist/modes/rpc/rpc-extension-ui.d.ts +15 -0
- package/dist/modes/rpc/rpc-extension-ui.d.ts.map +1 -0
- package/dist/modes/rpc/rpc-extension-ui.js +196 -0
- package/dist/modes/rpc/rpc-extension-ui.js.map +1 -0
- package/dist/modes/rpc/rpc-input.d.ts +12 -0
- package/dist/modes/rpc/rpc-input.d.ts.map +1 -0
- package/dist/modes/rpc/rpc-input.js +54 -0
- package/dist/modes/rpc/rpc-input.js.map +1 -0
- package/dist/modes/rpc/rpc-mode.d.ts.map +1 -1
- package/dist/modes/rpc/rpc-mode.js +43 -607
- package/dist/modes/rpc/rpc-mode.js.map +1 -1
- package/dist/modes/rpc/rpc-responses.d.ts +8 -0
- package/dist/modes/rpc/rpc-responses.d.ts.map +1 -0
- package/dist/modes/rpc/rpc-responses.js +27 -0
- package/dist/modes/rpc/rpc-responses.js.map +1 -0
- package/dist/modes/rpc/rpc-session-binding.d.ts +25 -0
- package/dist/modes/rpc/rpc-session-binding.d.ts.map +1 -0
- package/dist/modes/rpc/rpc-session-binding.js +70 -0
- package/dist/modes/rpc/rpc-session-binding.js.map +1 -0
- package/dist/package-manager-cli-parser.d.ts +28 -0
- package/dist/package-manager-cli-parser.d.ts.map +1 -0
- package/dist/package-manager-cli-parser.js +269 -0
- package/dist/package-manager-cli-parser.js.map +1 -0
- package/dist/package-manager-cli.d.ts +0 -1
- package/dist/package-manager-cli.d.ts.map +1 -1
- package/dist/package-manager-cli.js +2 -267
- package/dist/package-manager-cli.js.map +1 -1
- package/dist/utils/git.d.ts.map +1 -1
- package/dist/utils/git.js +10 -0
- package/dist/utils/git.js.map +1 -1
- package/dist/utils/version-check.d.ts +1 -0
- package/dist/utils/version-check.d.ts.map +1 -1
- package/dist/utils/version-check.js +17 -0
- package/dist/utils/version-check.js.map +1 -1
- package/docs/development.md +4 -0
- package/docs/sessions.md +4 -0
- package/docs/workflows.md +13 -7
- package/examples/extensions/custom-provider-anthropic/index.ts +1 -106
- package/examples/extensions/gondolin/index.ts +0 -23
- package/examples/extensions/gondolin/package-lock.json +183 -183
- package/examples/extensions/overlay-qa-animation-components.ts +255 -0
- package/examples/extensions/overlay-qa-focus-components.ts +222 -0
- package/examples/extensions/overlay-qa-position-components.ts +433 -0
- package/examples/extensions/overlay-qa-shared.ts +37 -0
- package/examples/extensions/overlay-qa-streaming-input-components.ts +205 -0
- package/examples/extensions/overlay-qa-tests.ts +17 -1156
- package/examples/extensions/overlay-qa-toggle-passive-components.ts +169 -0
- package/examples/extensions/space-invaders.ts +0 -60
- package/examples/extensions/subagent/display.ts +148 -0
- package/examples/extensions/subagent/index.ts +11 -858
- package/examples/extensions/subagent/render.ts +383 -0
- package/examples/extensions/subagent/runner.ts +252 -0
- package/examples/extensions/subagent/schemas.ts +59 -0
- package/examples/extensions/subagent/types.ts +36 -0
- package/examples/extensions/tic-tac-toe-instructions.ts +65 -0
- package/examples/extensions/tic-tac-toe-rendering.ts +414 -0
- package/examples/extensions/tic-tac-toe-state.ts +158 -0
- package/examples/extensions/tic-tac-toe.ts +92 -754
- package/examples/rpc-extension-ui-components.ts +189 -0
- package/examples/rpc-extension-ui.ts +2 -179
- package/package.json +4 -4
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
export type LockResult<T> = {
|
|
2
|
+
result: T;
|
|
3
|
+
next?: string;
|
|
4
|
+
};
|
|
5
|
+
export interface AuthStorageBackend {
|
|
6
|
+
/**
|
|
7
|
+
* Read the current credential snapshot WITHOUT acquiring the exclusive write
|
|
8
|
+
* lock. Pure reads do not need cross-process write-exclusion: writers replace
|
|
9
|
+
* the file atomically (temp file + rename), so a lock-free reader always
|
|
10
|
+
* observes a complete previous-or-next snapshot, never a torn one. Keeping
|
|
11
|
+
* reads lock-free is what prevents many concurrent sessions from starving each
|
|
12
|
+
* other on `auth.json` and misreporting configured providers as unreadable
|
|
13
|
+
* under contention (issue #1431).
|
|
14
|
+
*
|
|
15
|
+
* Optional for backward compatibility with custom backends that predate this
|
|
16
|
+
* method (the released `AuthStorageBackend` interface): when absent,
|
|
17
|
+
* `AuthStorage.reload()` falls back to a `withLock`-based read.
|
|
18
|
+
*/
|
|
19
|
+
read?(): string | undefined;
|
|
20
|
+
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
21
|
+
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
22
|
+
}
|
|
23
|
+
export declare class FileAuthStorageBackend implements AuthStorageBackend {
|
|
24
|
+
private authPath;
|
|
25
|
+
private readPaths;
|
|
26
|
+
constructor(authPath?: string, readPaths?: string[]);
|
|
27
|
+
private ensureParentDir;
|
|
28
|
+
private ensureFileExists;
|
|
29
|
+
private acquireLockSyncWithRetry;
|
|
30
|
+
private readMergedAuth;
|
|
31
|
+
/**
|
|
32
|
+
* Atomically replace `auth.json` with `content`: write a sibling temp file
|
|
33
|
+
* (same directory, so `rename` is a same-filesystem atomic swap), fix its
|
|
34
|
+
* permissions, then `rename` it over the target. Lock-free readers therefore
|
|
35
|
+
* never observe a half-written file. The temp file is best-effort cleaned up
|
|
36
|
+
* if the rename fails.
|
|
37
|
+
*/
|
|
38
|
+
private writeAtomic;
|
|
39
|
+
read(): string | undefined;
|
|
40
|
+
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
41
|
+
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
42
|
+
}
|
|
43
|
+
export declare class InMemoryAuthStorageBackend implements AuthStorageBackend {
|
|
44
|
+
private value;
|
|
45
|
+
read(): string | undefined;
|
|
46
|
+
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
47
|
+
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=auth-storage-backends.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-storage-backends.d.ts","sourceRoot":"","sources":["../../src/core/auth-storage-backends.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,UAAU,CAAC,CAAC,IAAI;IAC3B,MAAM,EAAE,CAAC,CAAC;IACV,IAAI,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAIF,MAAM,WAAW,kBAAkB;IAClC;;;;;;;;;;;;OAYG;IACH,IAAI,CAAC,IAAI,MAAM,GAAG,SAAS,CAAC;IAC5B,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;CAC1F;AAED,qBAAa,sBAAuB,YAAW,kBAAkB;IAChE,QAAgB,QAAQ,CAAS;IACjC,QAAgB,SAAS,CAAW;IAEpC,YACC,QAAQ,GAAE,MAAyC,EACnD,SAAS,GAAE,MAAM,EAAe,EAIhC;IAED,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,gBAAgB;IAOxB,OAAO,CAAC,wBAAwB;IA2BhC,OAAO,CAAC,cAAc;IAatB;;;;;;OAMG;IACH,OAAO,CAAC,WAAW;IAoBnB,IAAI,IAAI,MAAM,GAAG,SAAS,CAEzB;IAED,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAyBjE;IAEK,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAiD9F;CACD;AAED,qBAAa,0BAA2B,YAAW,kBAAkB;IACpE,OAAO,CAAC,KAAK,CAAqB;IAElC,IAAI,IAAI,MAAM,GAAG,SAAS,CAEzB;IAED,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAMjE;IAEK,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAM9F;CACD","sourcesContent":["import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from \"fs\";\nimport { dirname, join } from \"path\";\nimport lockfile from \"proper-lockfile\";\nimport { getAgentDir } from \"../config.ts\";\nimport { normalizePath } from \"../utils/paths.ts\";\nimport type { AuthStorageData } from \"./auth-storage.ts\";\n\nexport type LockResult<T> = {\n\tresult: T;\n\tnext?: string;\n};\n\nconst AUTH_FILE_WRITE_OPTIONS = { encoding: \"utf-8\", mode: 0o600 } as const;\n\nexport interface AuthStorageBackend {\n\t/**\n\t * Read the current credential snapshot WITHOUT acquiring the exclusive write\n\t * lock. Pure reads do not need cross-process write-exclusion: writers replace\n\t * the file atomically (temp file + rename), so a lock-free reader always\n\t * observes a complete previous-or-next snapshot, never a torn one. Keeping\n\t * reads lock-free is what prevents many concurrent sessions from starving each\n\t * other on `auth.json` and misreporting configured providers as unreadable\n\t * under contention (issue #1431).\n\t *\n\t * Optional for backward compatibility with custom backends that predate this\n\t * method (the released `AuthStorageBackend` interface): when absent,\n\t * `AuthStorage.reload()` falls back to a `withLock`-based read.\n\t */\n\tread?(): string | undefined;\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T;\n\twithLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;\n}\n\nexport class FileAuthStorageBackend implements AuthStorageBackend {\n\tdeclare private authPath: string;\n\tdeclare private readPaths: string[];\n\n\tconstructor(\n\t\tauthPath: string = join(getAgentDir(), \"auth.json\"),\n\t\treadPaths: string[] = [authPath],\n\t) {\n\t\tthis.authPath = normalizePath(authPath);\n\t\tthis.readPaths = readPaths.map((readPath) => normalizePath(readPath));\n\t}\n\n\tprivate ensureParentDir(): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tif (!existsSync(dir)) {\n\t\t\tmkdirSync(dir, { recursive: true, mode: 0o700 });\n\t\t}\n\t}\n\n\tprivate ensureFileExists(): void {\n\t\tif (!existsSync(this.authPath)) {\n\t\t\twriteFileSync(this.authPath, \"{}\", AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(this.authPath, 0o600);\n\t\t}\n\t}\n\n\tprivate acquireLockSyncWithRetry(path: string): () => void {\n\t\tconst maxAttempts = 10;\n\t\tconst delayMs = 20;\n\t\tlet lastError: unknown;\n\n\t\tfor (let attempt = 1; attempt <= maxAttempts; attempt++) {\n\t\t\ttry {\n\t\t\t\treturn lockfile.lockSync(path, { realpath: false });\n\t\t\t} catch (error) {\n\t\t\t\tconst code =\n\t\t\t\t\ttypeof error === \"object\" && error !== null && \"code\" in error\n\t\t\t\t\t\t? String((error as { code?: unknown }).code)\n\t\t\t\t\t\t: undefined;\n\t\t\t\tif (code !== \"ELOCKED\" || attempt === maxAttempts) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\tlastError = error;\n\t\t\t\tconst start = Date.now();\n\t\t\t\twhile (Date.now() - start < delayMs) {\n\t\t\t\t\t// Sleep synchronously to avoid changing callers to async.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tthrow (lastError as Error) ?? new Error(\"Failed to acquire auth storage lock\");\n\t}\n\n\tprivate readMergedAuth(): string | undefined {\n\t\tlet merged: AuthStorageData = {};\n\t\tlet found = false;\n\t\tfor (let i = this.readPaths.length - 1; i >= 0; i--) {\n\t\t\tconst readPath = this.readPaths[i]!;\n\t\t\tif (!existsSync(readPath)) continue;\n\t\t\tconst parsed = JSON.parse(readFileSync(readPath, \"utf-8\")) as AuthStorageData;\n\t\t\tmerged = { ...merged, ...parsed };\n\t\t\tfound = true;\n\t\t}\n\t\treturn found ? JSON.stringify(merged, null, 2) : undefined;\n\t}\n\n\t/**\n\t * Atomically replace `auth.json` with `content`: write a sibling temp file\n\t * (same directory, so `rename` is a same-filesystem atomic swap), fix its\n\t * permissions, then `rename` it over the target. Lock-free readers therefore\n\t * never observe a half-written file. The temp file is best-effort cleaned up\n\t * if the rename fails.\n\t */\n\tprivate writeAtomic(content: string): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tconst tempPath = join(\n\t\t\tdir,\n\t\t\t`.${`auth.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`}.tmp`,\n\t\t);\n\t\ttry {\n\t\t\twriteFileSync(tempPath, content, AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(tempPath, 0o600);\n\t\t\trenameSync(tempPath, this.authPath);\n\t\t} catch (error) {\n\t\t\ttry {\n\t\t\t\tif (existsSync(tempPath)) rmSync(tempPath, { force: true });\n\t\t\t} catch {\n\t\t\t\t// Best-effort cleanup; ignore.\n\t\t\t}\n\t\t\tthrow error;\n\t\t}\n\t}\n\n\tread(): string | undefined {\n\t\treturn this.readMergedAuth();\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => void) | undefined;\n\t\ttry {\n\t\t\tif (existsSync(this.authPath)) {\n\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t}\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = fn(current);\n\t\t\tif (next !== undefined) {\n\t\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\t\tthis.ensureFileExists();\n\t\t\t\t}\n\t\t\t\tif (!release) {\n\t\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t\t}\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\trelease();\n\t\t\t}\n\t\t}\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => Promise<void>) | undefined;\n\t\tlet lockCompromised = false;\n\t\tlet lockCompromisedError: Error | undefined;\n\t\tconst throwIfCompromised = () => {\n\t\t\tif (lockCompromised) {\n\t\t\t\tthrow lockCompromisedError ?? new Error(\"Auth storage lock was compromised\");\n\t\t\t}\n\t\t};\n\n\t\ttry {\n\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\tthis.ensureFileExists();\n\t\t\t}\n\t\t\trelease = await lockfile.lock(this.authPath, {\n\t\t\t\tretries: {\n\t\t\t\t\tretries: 10,\n\t\t\t\t\tfactor: 2,\n\t\t\t\t\tminTimeout: 100,\n\t\t\t\t\tmaxTimeout: 10000,\n\t\t\t\t\trandomize: true,\n\t\t\t\t},\n\t\t\t\tstale: 30000,\n\t\t\t\tonCompromised: (err) => {\n\t\t\t\t\tlockCompromised = true;\n\t\t\t\t\tlockCompromisedError = err;\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tthrowIfCompromised();\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = await fn(current);\n\t\t\tthrowIfCompromised();\n\t\t\tif (next !== undefined) {\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\tthrowIfCompromised();\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\ttry {\n\t\t\t\t\tawait release();\n\t\t\t\t} catch {\n\t\t\t\t\t// Ignore unlock errors when lock is compromised.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n\nexport class InMemoryAuthStorageBackend implements AuthStorageBackend {\n\tprivate value: string | undefined;\n\n\tread(): string | undefined {\n\t\treturn this.value;\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tconst { result, next } = fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tconst { result, next } = await fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n}\n\n"]}
|
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "fs";
|
|
2
|
+
import { dirname, join } from "path";
|
|
3
|
+
import lockfile from "proper-lockfile";
|
|
4
|
+
import { getAgentDir } from "../config.js";
|
|
5
|
+
import { normalizePath } from "../utils/paths.js";
|
|
6
|
+
const AUTH_FILE_WRITE_OPTIONS = { encoding: "utf-8", mode: 0o600 };
|
|
7
|
+
export class FileAuthStorageBackend {
|
|
8
|
+
constructor(authPath = join(getAgentDir(), "auth.json"), readPaths = [authPath]) {
|
|
9
|
+
this.authPath = normalizePath(authPath);
|
|
10
|
+
this.readPaths = readPaths.map((readPath) => normalizePath(readPath));
|
|
11
|
+
}
|
|
12
|
+
ensureParentDir() {
|
|
13
|
+
const dir = dirname(this.authPath);
|
|
14
|
+
if (!existsSync(dir)) {
|
|
15
|
+
mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
ensureFileExists() {
|
|
19
|
+
if (!existsSync(this.authPath)) {
|
|
20
|
+
writeFileSync(this.authPath, "{}", AUTH_FILE_WRITE_OPTIONS);
|
|
21
|
+
chmodSync(this.authPath, 0o600);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
acquireLockSyncWithRetry(path) {
|
|
25
|
+
const maxAttempts = 10;
|
|
26
|
+
const delayMs = 20;
|
|
27
|
+
let lastError;
|
|
28
|
+
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
|
|
29
|
+
try {
|
|
30
|
+
return lockfile.lockSync(path, { realpath: false });
|
|
31
|
+
}
|
|
32
|
+
catch (error) {
|
|
33
|
+
const code = typeof error === "object" && error !== null && "code" in error
|
|
34
|
+
? String(error.code)
|
|
35
|
+
: undefined;
|
|
36
|
+
if (code !== "ELOCKED" || attempt === maxAttempts) {
|
|
37
|
+
throw error;
|
|
38
|
+
}
|
|
39
|
+
lastError = error;
|
|
40
|
+
const start = Date.now();
|
|
41
|
+
while (Date.now() - start < delayMs) {
|
|
42
|
+
// Sleep synchronously to avoid changing callers to async.
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
throw lastError ?? new Error("Failed to acquire auth storage lock");
|
|
47
|
+
}
|
|
48
|
+
readMergedAuth() {
|
|
49
|
+
let merged = {};
|
|
50
|
+
let found = false;
|
|
51
|
+
for (let i = this.readPaths.length - 1; i >= 0; i--) {
|
|
52
|
+
const readPath = this.readPaths[i];
|
|
53
|
+
if (!existsSync(readPath))
|
|
54
|
+
continue;
|
|
55
|
+
const parsed = JSON.parse(readFileSync(readPath, "utf-8"));
|
|
56
|
+
merged = { ...merged, ...parsed };
|
|
57
|
+
found = true;
|
|
58
|
+
}
|
|
59
|
+
return found ? JSON.stringify(merged, null, 2) : undefined;
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Atomically replace `auth.json` with `content`: write a sibling temp file
|
|
63
|
+
* (same directory, so `rename` is a same-filesystem atomic swap), fix its
|
|
64
|
+
* permissions, then `rename` it over the target. Lock-free readers therefore
|
|
65
|
+
* never observe a half-written file. The temp file is best-effort cleaned up
|
|
66
|
+
* if the rename fails.
|
|
67
|
+
*/
|
|
68
|
+
writeAtomic(content) {
|
|
69
|
+
const dir = dirname(this.authPath);
|
|
70
|
+
const tempPath = join(dir, `.${`auth.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`}.tmp`);
|
|
71
|
+
try {
|
|
72
|
+
writeFileSync(tempPath, content, AUTH_FILE_WRITE_OPTIONS);
|
|
73
|
+
chmodSync(tempPath, 0o600);
|
|
74
|
+
renameSync(tempPath, this.authPath);
|
|
75
|
+
}
|
|
76
|
+
catch (error) {
|
|
77
|
+
try {
|
|
78
|
+
if (existsSync(tempPath))
|
|
79
|
+
rmSync(tempPath, { force: true });
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
// Best-effort cleanup; ignore.
|
|
83
|
+
}
|
|
84
|
+
throw error;
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
read() {
|
|
88
|
+
return this.readMergedAuth();
|
|
89
|
+
}
|
|
90
|
+
withLock(fn) {
|
|
91
|
+
this.ensureParentDir();
|
|
92
|
+
let release;
|
|
93
|
+
try {
|
|
94
|
+
if (existsSync(this.authPath)) {
|
|
95
|
+
release = this.acquireLockSyncWithRetry(this.authPath);
|
|
96
|
+
}
|
|
97
|
+
const current = this.readMergedAuth();
|
|
98
|
+
const { result, next } = fn(current);
|
|
99
|
+
if (next !== undefined) {
|
|
100
|
+
if (!existsSync(this.authPath)) {
|
|
101
|
+
this.ensureFileExists();
|
|
102
|
+
}
|
|
103
|
+
if (!release) {
|
|
104
|
+
release = this.acquireLockSyncWithRetry(this.authPath);
|
|
105
|
+
}
|
|
106
|
+
this.writeAtomic(next);
|
|
107
|
+
}
|
|
108
|
+
return result;
|
|
109
|
+
}
|
|
110
|
+
finally {
|
|
111
|
+
if (release) {
|
|
112
|
+
release();
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
async withLockAsync(fn) {
|
|
117
|
+
this.ensureParentDir();
|
|
118
|
+
let release;
|
|
119
|
+
let lockCompromised = false;
|
|
120
|
+
let lockCompromisedError;
|
|
121
|
+
const throwIfCompromised = () => {
|
|
122
|
+
if (lockCompromised) {
|
|
123
|
+
throw lockCompromisedError ?? new Error("Auth storage lock was compromised");
|
|
124
|
+
}
|
|
125
|
+
};
|
|
126
|
+
try {
|
|
127
|
+
if (!existsSync(this.authPath)) {
|
|
128
|
+
this.ensureFileExists();
|
|
129
|
+
}
|
|
130
|
+
release = await lockfile.lock(this.authPath, {
|
|
131
|
+
retries: {
|
|
132
|
+
retries: 10,
|
|
133
|
+
factor: 2,
|
|
134
|
+
minTimeout: 100,
|
|
135
|
+
maxTimeout: 10000,
|
|
136
|
+
randomize: true,
|
|
137
|
+
},
|
|
138
|
+
stale: 30000,
|
|
139
|
+
onCompromised: (err) => {
|
|
140
|
+
lockCompromised = true;
|
|
141
|
+
lockCompromisedError = err;
|
|
142
|
+
},
|
|
143
|
+
});
|
|
144
|
+
throwIfCompromised();
|
|
145
|
+
const current = this.readMergedAuth();
|
|
146
|
+
const { result, next } = await fn(current);
|
|
147
|
+
throwIfCompromised();
|
|
148
|
+
if (next !== undefined) {
|
|
149
|
+
this.writeAtomic(next);
|
|
150
|
+
}
|
|
151
|
+
throwIfCompromised();
|
|
152
|
+
return result;
|
|
153
|
+
}
|
|
154
|
+
finally {
|
|
155
|
+
if (release) {
|
|
156
|
+
try {
|
|
157
|
+
await release();
|
|
158
|
+
}
|
|
159
|
+
catch {
|
|
160
|
+
// Ignore unlock errors when lock is compromised.
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
export class InMemoryAuthStorageBackend {
|
|
167
|
+
read() {
|
|
168
|
+
return this.value;
|
|
169
|
+
}
|
|
170
|
+
withLock(fn) {
|
|
171
|
+
const { result, next } = fn(this.value);
|
|
172
|
+
if (next !== undefined) {
|
|
173
|
+
this.value = next;
|
|
174
|
+
}
|
|
175
|
+
return result;
|
|
176
|
+
}
|
|
177
|
+
async withLockAsync(fn) {
|
|
178
|
+
const { result, next } = await fn(this.value);
|
|
179
|
+
if (next !== undefined) {
|
|
180
|
+
this.value = next;
|
|
181
|
+
}
|
|
182
|
+
return result;
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
//# sourceMappingURL=auth-storage-backends.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-storage-backends.js","sourceRoot":"","sources":["../../src/core/auth-storage-backends.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACvG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,QAAQ,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAQlD,MAAM,uBAAuB,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAW,CAAC;AAqB5E,MAAM,OAAO,sBAAsB;IAIlC,YACC,QAAQ,GAAW,IAAI,CAAC,WAAW,EAAE,EAAE,WAAW,CAAC,EACnD,SAAS,GAAa,CAAC,QAAQ,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvE,CAAC;IAEO,eAAe;QACtB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC;IACF,CAAC;IAEO,gBAAgB;QACvB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,uBAAuB,CAAC,CAAC;YAC5D,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;IACF,CAAC;IAEO,wBAAwB,CAAC,IAAY;QAC5C,MAAM,WAAW,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,EAAE,CAAC;QACnB,IAAI,SAAkB,CAAC;QAEvB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;YACzD,IAAI,CAAC;gBACJ,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,MAAM,IAAI,GACT,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,MAAM,IAAI,KAAK;oBAC7D,CAAC,CAAC,MAAM,CAAE,KAA4B,CAAC,IAAI,CAAC;oBAC5C,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI,IAAI,KAAK,SAAS,IAAI,OAAO,KAAK,WAAW,EAAE,CAAC;oBACnD,MAAM,KAAK,CAAC;gBACb,CAAC;gBACD,SAAS,GAAG,KAAK,CAAC;gBAClB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,OAAO,EAAE,CAAC;oBACrC,0DAA0D;gBAC3D,CAAC;YACF,CAAC;QACF,CAAC;QAED,MAAO,SAAmB,IAAI,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAChF,CAAC;IAEO,cAAc;QACrB,IAAI,MAAM,GAAoB,EAAE,CAAC;QACjC,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAE,CAAC;YACpC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAS;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAoB,CAAC;YAC9E,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAClC,KAAK,GAAG,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,CAAC;IAED;;;;;;OAMG;IACK,WAAW,CAAC,OAAe;QAClC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CACpB,GAAG,EACH,IAAI,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CACpF,CAAC;QACF,IAAI,CAAC;YACJ,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;YAC1D,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC3B,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC;gBACJ,IAAI,UAAU,CAAC,QAAQ,CAAC;oBAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,CAAC;YAAC,MAAM,CAAC;gBACR,+BAA+B;YAChC,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;IAED,IAAI;QACH,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC;IAC9B,CAAC;IAED,QAAQ,CAAI,EAAkD;QAC7D,IAAI,CAAC,eAAe,EAAE,CAAC;QAEvB,IAAI,OAAiC,CAAC;QACtC,IAAI,CAAC;YACJ,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/B,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAChC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACzB,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACd,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACxD,CAAC;gBACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YACD,OAAO,MAAM,CAAC;QACf,CAAC;gBAAS,CAAC;YACV,IAAI,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC;YACX,CAAC;QACF,CAAC;IACF,CAAC;IAED,KAAK,CAAC,aAAa,CAAI,EAA2D;QACjF,IAAI,CAAC,eAAe,EAAE,CAAC;QAEvB,IAAI,OAA0C,CAAC;QAC/C,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,oBAAuC,CAAC;QAC5C,MAAM,kBAAkB,GAAG,GAAG,EAAE;YAC/B,IAAI,eAAe,EAAE,CAAC;gBACrB,MAAM,oBAAoB,IAAI,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAC9E,CAAC;QACF,CAAC,CAAC;QAEF,IAAI,CAAC;YACJ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACzB,CAAC;YACD,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC5C,OAAO,EAAE;oBACR,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,CAAC;oBACT,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,KAAK;oBACjB,SAAS,EAAE,IAAI;iBACf;gBACD,KAAK,EAAE,KAAK;gBACZ,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE;oBACtB,eAAe,GAAG,IAAI,CAAC;oBACvB,oBAAoB,GAAG,GAAG,CAAC;gBAC5B,CAAC;aACD,CAAC,CAAC;YAEH,kBAAkB,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC;YAC3C,kBAAkB,EAAE,CAAC;YACrB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YACD,kBAAkB,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC;QACf,CAAC;gBAAS,CAAC;YACV,IAAI,OAAO,EAAE,CAAC;gBACb,IAAI,CAAC;oBACJ,MAAM,OAAO,EAAE,CAAC;gBACjB,CAAC;gBAAC,MAAM,CAAC;oBACR,iDAAiD;gBAClD,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;CACD;AAED,MAAM,OAAO,0BAA0B;IAGtC,IAAI;QACH,OAAO,IAAI,CAAC,KAAK,CAAC;IACnB,CAAC;IAED,QAAQ,CAAI,EAAkD;QAC7D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;IAED,KAAK,CAAC,aAAa,CAAI,EAA2D;QACjF,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;CACD","sourcesContent":["import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from \"fs\";\nimport { dirname, join } from \"path\";\nimport lockfile from \"proper-lockfile\";\nimport { getAgentDir } from \"../config.ts\";\nimport { normalizePath } from \"../utils/paths.ts\";\nimport type { AuthStorageData } from \"./auth-storage.ts\";\n\nexport type LockResult<T> = {\n\tresult: T;\n\tnext?: string;\n};\n\nconst AUTH_FILE_WRITE_OPTIONS = { encoding: \"utf-8\", mode: 0o600 } as const;\n\nexport interface AuthStorageBackend {\n\t/**\n\t * Read the current credential snapshot WITHOUT acquiring the exclusive write\n\t * lock. Pure reads do not need cross-process write-exclusion: writers replace\n\t * the file atomically (temp file + rename), so a lock-free reader always\n\t * observes a complete previous-or-next snapshot, never a torn one. Keeping\n\t * reads lock-free is what prevents many concurrent sessions from starving each\n\t * other on `auth.json` and misreporting configured providers as unreadable\n\t * under contention (issue #1431).\n\t *\n\t * Optional for backward compatibility with custom backends that predate this\n\t * method (the released `AuthStorageBackend` interface): when absent,\n\t * `AuthStorage.reload()` falls back to a `withLock`-based read.\n\t */\n\tread?(): string | undefined;\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T;\n\twithLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;\n}\n\nexport class FileAuthStorageBackend implements AuthStorageBackend {\n\tdeclare private authPath: string;\n\tdeclare private readPaths: string[];\n\n\tconstructor(\n\t\tauthPath: string = join(getAgentDir(), \"auth.json\"),\n\t\treadPaths: string[] = [authPath],\n\t) {\n\t\tthis.authPath = normalizePath(authPath);\n\t\tthis.readPaths = readPaths.map((readPath) => normalizePath(readPath));\n\t}\n\n\tprivate ensureParentDir(): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tif (!existsSync(dir)) {\n\t\t\tmkdirSync(dir, { recursive: true, mode: 0o700 });\n\t\t}\n\t}\n\n\tprivate ensureFileExists(): void {\n\t\tif (!existsSync(this.authPath)) {\n\t\t\twriteFileSync(this.authPath, \"{}\", AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(this.authPath, 0o600);\n\t\t}\n\t}\n\n\tprivate acquireLockSyncWithRetry(path: string): () => void {\n\t\tconst maxAttempts = 10;\n\t\tconst delayMs = 20;\n\t\tlet lastError: unknown;\n\n\t\tfor (let attempt = 1; attempt <= maxAttempts; attempt++) {\n\t\t\ttry {\n\t\t\t\treturn lockfile.lockSync(path, { realpath: false });\n\t\t\t} catch (error) {\n\t\t\t\tconst code =\n\t\t\t\t\ttypeof error === \"object\" && error !== null && \"code\" in error\n\t\t\t\t\t\t? String((error as { code?: unknown }).code)\n\t\t\t\t\t\t: undefined;\n\t\t\t\tif (code !== \"ELOCKED\" || attempt === maxAttempts) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\tlastError = error;\n\t\t\t\tconst start = Date.now();\n\t\t\t\twhile (Date.now() - start < delayMs) {\n\t\t\t\t\t// Sleep synchronously to avoid changing callers to async.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tthrow (lastError as Error) ?? new Error(\"Failed to acquire auth storage lock\");\n\t}\n\n\tprivate readMergedAuth(): string | undefined {\n\t\tlet merged: AuthStorageData = {};\n\t\tlet found = false;\n\t\tfor (let i = this.readPaths.length - 1; i >= 0; i--) {\n\t\t\tconst readPath = this.readPaths[i]!;\n\t\t\tif (!existsSync(readPath)) continue;\n\t\t\tconst parsed = JSON.parse(readFileSync(readPath, \"utf-8\")) as AuthStorageData;\n\t\t\tmerged = { ...merged, ...parsed };\n\t\t\tfound = true;\n\t\t}\n\t\treturn found ? JSON.stringify(merged, null, 2) : undefined;\n\t}\n\n\t/**\n\t * Atomically replace `auth.json` with `content`: write a sibling temp file\n\t * (same directory, so `rename` is a same-filesystem atomic swap), fix its\n\t * permissions, then `rename` it over the target. Lock-free readers therefore\n\t * never observe a half-written file. The temp file is best-effort cleaned up\n\t * if the rename fails.\n\t */\n\tprivate writeAtomic(content: string): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tconst tempPath = join(\n\t\t\tdir,\n\t\t\t`.${`auth.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`}.tmp`,\n\t\t);\n\t\ttry {\n\t\t\twriteFileSync(tempPath, content, AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(tempPath, 0o600);\n\t\t\trenameSync(tempPath, this.authPath);\n\t\t} catch (error) {\n\t\t\ttry {\n\t\t\t\tif (existsSync(tempPath)) rmSync(tempPath, { force: true });\n\t\t\t} catch {\n\t\t\t\t// Best-effort cleanup; ignore.\n\t\t\t}\n\t\t\tthrow error;\n\t\t}\n\t}\n\n\tread(): string | undefined {\n\t\treturn this.readMergedAuth();\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => void) | undefined;\n\t\ttry {\n\t\t\tif (existsSync(this.authPath)) {\n\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t}\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = fn(current);\n\t\t\tif (next !== undefined) {\n\t\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\t\tthis.ensureFileExists();\n\t\t\t\t}\n\t\t\t\tif (!release) {\n\t\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t\t}\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\trelease();\n\t\t\t}\n\t\t}\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => Promise<void>) | undefined;\n\t\tlet lockCompromised = false;\n\t\tlet lockCompromisedError: Error | undefined;\n\t\tconst throwIfCompromised = () => {\n\t\t\tif (lockCompromised) {\n\t\t\t\tthrow lockCompromisedError ?? new Error(\"Auth storage lock was compromised\");\n\t\t\t}\n\t\t};\n\n\t\ttry {\n\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\tthis.ensureFileExists();\n\t\t\t}\n\t\t\trelease = await lockfile.lock(this.authPath, {\n\t\t\t\tretries: {\n\t\t\t\t\tretries: 10,\n\t\t\t\t\tfactor: 2,\n\t\t\t\t\tminTimeout: 100,\n\t\t\t\t\tmaxTimeout: 10000,\n\t\t\t\t\trandomize: true,\n\t\t\t\t},\n\t\t\t\tstale: 30000,\n\t\t\t\tonCompromised: (err) => {\n\t\t\t\t\tlockCompromised = true;\n\t\t\t\t\tlockCompromisedError = err;\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tthrowIfCompromised();\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = await fn(current);\n\t\t\tthrowIfCompromised();\n\t\t\tif (next !== undefined) {\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\tthrowIfCompromised();\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\ttry {\n\t\t\t\t\tawait release();\n\t\t\t\t} catch {\n\t\t\t\t\t// Ignore unlock errors when lock is compromised.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n\nexport class InMemoryAuthStorageBackend implements AuthStorageBackend {\n\tprivate value: string | undefined;\n\n\tread(): string | undefined {\n\t\treturn this.value;\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tconst { result, next } = fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tconst { result, next } = await fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n}\n\n"]}
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
* try to refresh tokens simultaneously.
|
|
7
7
|
*/
|
|
8
8
|
import { type OAuthCredentials, type OAuthLoginCallbacks, type OAuthProviderId } from "@earendil-works/pi-ai";
|
|
9
|
+
import { type AuthStorageBackend } from "./auth-storage-backends.ts";
|
|
9
10
|
export type ApiKeyCredential = {
|
|
10
11
|
type: "api_key";
|
|
11
12
|
key: string;
|
|
@@ -20,54 +21,7 @@ export type AuthStatus = {
|
|
|
20
21
|
source?: "stored" | "runtime" | "environment" | "fallback" | "models_json_key" | "models_json_command";
|
|
21
22
|
label?: string;
|
|
22
23
|
};
|
|
23
|
-
type
|
|
24
|
-
result: T;
|
|
25
|
-
next?: string;
|
|
26
|
-
};
|
|
27
|
-
export interface AuthStorageBackend {
|
|
28
|
-
/**
|
|
29
|
-
* Read the current credential snapshot WITHOUT acquiring the exclusive write
|
|
30
|
-
* lock. Pure reads do not need cross-process write-exclusion: writers replace
|
|
31
|
-
* the file atomically (temp file + rename), so a lock-free reader always
|
|
32
|
-
* observes a complete previous-or-next snapshot, never a torn one. Keeping
|
|
33
|
-
* reads lock-free is what prevents many concurrent sessions from starving each
|
|
34
|
-
* other on `auth.json` and misreporting configured providers as unreadable
|
|
35
|
-
* under contention (issue #1431).
|
|
36
|
-
*
|
|
37
|
-
* Optional for backward compatibility with custom backends that predate this
|
|
38
|
-
* method (the released `AuthStorageBackend` interface): when absent,
|
|
39
|
-
* `AuthStorage.reload()` falls back to a `withLock`-based read.
|
|
40
|
-
*/
|
|
41
|
-
read?(): string | undefined;
|
|
42
|
-
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
43
|
-
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
44
|
-
}
|
|
45
|
-
export declare class FileAuthStorageBackend implements AuthStorageBackend {
|
|
46
|
-
private authPath;
|
|
47
|
-
private readPaths;
|
|
48
|
-
constructor(authPath?: string, readPaths?: string[]);
|
|
49
|
-
private ensureParentDir;
|
|
50
|
-
private ensureFileExists;
|
|
51
|
-
private acquireLockSyncWithRetry;
|
|
52
|
-
private readMergedAuth;
|
|
53
|
-
/**
|
|
54
|
-
* Atomically replace `auth.json` with `content`: write a sibling temp file
|
|
55
|
-
* (same directory, so `rename` is a same-filesystem atomic swap), fix its
|
|
56
|
-
* permissions, then `rename` it over the target. Lock-free readers therefore
|
|
57
|
-
* never observe a half-written file. The temp file is best-effort cleaned up
|
|
58
|
-
* if the rename fails.
|
|
59
|
-
*/
|
|
60
|
-
private writeAtomic;
|
|
61
|
-
read(): string | undefined;
|
|
62
|
-
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
63
|
-
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
64
|
-
}
|
|
65
|
-
export declare class InMemoryAuthStorageBackend implements AuthStorageBackend {
|
|
66
|
-
private value;
|
|
67
|
-
read(): string | undefined;
|
|
68
|
-
withLock<T>(fn: (current: string | undefined) => LockResult<T>): T;
|
|
69
|
-
withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;
|
|
70
|
-
}
|
|
24
|
+
export { FileAuthStorageBackend, InMemoryAuthStorageBackend, type AuthStorageBackend } from "./auth-storage-backends.ts";
|
|
71
25
|
/**
|
|
72
26
|
* Credential storage backed by a JSON file.
|
|
73
27
|
*/
|
|
@@ -181,5 +135,4 @@ export declare class AuthStorage {
|
|
|
181
135
|
*/
|
|
182
136
|
getOAuthProviders(): import("@earendil-works/pi-ai").OAuthProviderInterface[];
|
|
183
137
|
}
|
|
184
|
-
export {};
|
|
185
138
|
//# sourceMappingURL=auth-storage.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-storage.d.ts","sourceRoot":"","sources":["../../src/core/auth-storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAGN,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,MAAM,uBAAuB,CAAC;AAS/B,MAAM,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,SAAS,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,OAAO,CAAC;CACd,GAAG,gBAAgB,CAAC;AAErB,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAEhE,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAE7D,MAAM,MAAM,UAAU,GAAG;IACxB,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,GAAG,iBAAiB,GAAG,qBAAqB,CAAC;IACvG,KAAK,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,UAAU,CAAC,CAAC,IAAI;IACpB,MAAM,EAAE,CAAC,CAAC;IACV,IAAI,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAIF,MAAM,WAAW,kBAAkB;IAClC;;;;;;;;;;;;OAYG;IACH,IAAI,CAAC,IAAI,MAAM,GAAG,SAAS,CAAC;IAC5B,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;CAC1F;AAED,qBAAa,sBAAuB,YAAW,kBAAkB;IAChE,QAAgB,QAAQ,CAAS;IACjC,QAAgB,SAAS,CAAW;IAEpC,YACC,QAAQ,GAAE,MAAyC,EACnD,SAAS,GAAE,MAAM,EAAe,EAIhC;IAED,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,gBAAgB;IAOxB,OAAO,CAAC,wBAAwB;IA2BhC,OAAO,CAAC,cAAc;IAatB;;;;;;OAMG;IACH,OAAO,CAAC,WAAW;IAoBnB,IAAI,IAAI,MAAM,GAAG,SAAS,CAEzB;IAED,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAyBjE;IAEK,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAiD9F;CACD;AAED,qBAAa,0BAA2B,YAAW,kBAAkB;IACpE,OAAO,CAAC,KAAK,CAAqB;IAElC,IAAI,IAAI,MAAM,GAAG,SAAS,CAEzB;IAED,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAMjE;IAEK,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAM9F;CACD;AAED;;GAEG;AACH,qBAAa,WAAW;IACvB,OAAO,CAAC,IAAI,CAAuB;IACnC,OAAO,CAAC,gBAAgB,CAAkC;IAC1D,OAAO,CAAC,gBAAgB,CAAC,CAA2C;IACpE,OAAO,CAAC,SAAS,CAAsB;IACvC,OAAO,CAAC,MAAM,CAAe;IAE7B,QAAgB,OAAO,CAAqB;IAE7C,OAAO,eAGL;IAED,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,CAO5C;IAED,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,WAAW,CAE3D;IAED,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAE,eAAoB,GAAG,WAAW,CAIvD;IAED;;;OAGG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAEvD;IAED;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE1C;IAED;;;OAGG;IACH,mBAAmB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAE5E;IAED,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,MAAM,IAAI,IAAI,CAcb;IAED;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAYpB,OAAO,CAAC,qBAAqB;IAqB7B;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAEhD;IAED;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,GAAG,IAAI,CAGtD;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAG7B;IAED;;OAEG;IACH,IAAI,IAAI,MAAM,EAAE,CAEf;IAED;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE7B;IAED;;;OAGG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMjC;IAED;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAmB1C;IAED;;OAEG;IACH,MAAM,IAAI,eAAe,CAExB;IAED,WAAW,IAAI,KAAK,EAAE,CAIrB;IAED;;;;;;;;;;OAUG;IACH,YAAY,IAAI,KAAK,GAAG,IAAI,CAE3B;IAED;;OAEG;IACG,KAAK,CAAC,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAQtF;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE7B;YAMa,yBAAyB;IA8CvC;;;;;;;;OAQG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA6DxG;IAED;;OAEG;IACH,iBAAiB,6DAEhB;CACD","sourcesContent":["/**\n * Credential storage for API keys and OAuth tokens.\n * Handles loading, saving, and refreshing credentials from auth.json.\n *\n * Uses file locking to prevent race conditions when multiple pi instances\n * try to refresh tokens simultaneously.\n */\n\nimport {\n\tfindEnvKeys,\n\tgetEnvApiKey,\n\ttype OAuthCredentials,\n\ttype OAuthLoginCallbacks,\n\ttype OAuthProviderId,\n} from \"@earendil-works/pi-ai\";\nimport { getOAuthApiKey, getOAuthProvider, getOAuthProviders } from \"@earendil-works/pi-ai/oauth\";\nimport { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from \"fs\";\nimport { dirname, join } from \"path\";\nimport lockfile from \"proper-lockfile\";\nimport { getAgentConfigPaths, getAgentDir } from \"../config.ts\";\nimport { normalizePath } from \"../utils/paths.ts\";\nimport { resolveConfigValue } from \"./resolve-config-value.ts\";\n\nexport type ApiKeyCredential = {\n\ttype: \"api_key\";\n\tkey: string;\n};\n\nexport type OAuthCredential = {\n\ttype: \"oauth\";\n} & OAuthCredentials;\n\nexport type AuthCredential = ApiKeyCredential | OAuthCredential;\n\nexport type AuthStorageData = Record<string, AuthCredential>;\n\nexport type AuthStatus = {\n\tconfigured: boolean;\n\tsource?: \"stored\" | \"runtime\" | \"environment\" | \"fallback\" | \"models_json_key\" | \"models_json_command\";\n\tlabel?: string;\n};\n\ntype LockResult<T> = {\n\tresult: T;\n\tnext?: string;\n};\n\nconst AUTH_FILE_WRITE_OPTIONS = { encoding: \"utf-8\", mode: 0o600 } as const;\n\nexport interface AuthStorageBackend {\n\t/**\n\t * Read the current credential snapshot WITHOUT acquiring the exclusive write\n\t * lock. Pure reads do not need cross-process write-exclusion: writers replace\n\t * the file atomically (temp file + rename), so a lock-free reader always\n\t * observes a complete previous-or-next snapshot, never a torn one. Keeping\n\t * reads lock-free is what prevents many concurrent sessions from starving each\n\t * other on `auth.json` and misreporting configured providers as unreadable\n\t * under contention (issue #1431).\n\t *\n\t * Optional for backward compatibility with custom backends that predate this\n\t * method (the released `AuthStorageBackend` interface): when absent,\n\t * `AuthStorage.reload()` falls back to a `withLock`-based read.\n\t */\n\tread?(): string | undefined;\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T;\n\twithLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T>;\n}\n\nexport class FileAuthStorageBackend implements AuthStorageBackend {\n\tdeclare private authPath: string;\n\tdeclare private readPaths: string[];\n\n\tconstructor(\n\t\tauthPath: string = join(getAgentDir(), \"auth.json\"),\n\t\treadPaths: string[] = [authPath],\n\t) {\n\t\tthis.authPath = normalizePath(authPath);\n\t\tthis.readPaths = readPaths.map((readPath) => normalizePath(readPath));\n\t}\n\n\tprivate ensureParentDir(): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tif (!existsSync(dir)) {\n\t\t\tmkdirSync(dir, { recursive: true, mode: 0o700 });\n\t\t}\n\t}\n\n\tprivate ensureFileExists(): void {\n\t\tif (!existsSync(this.authPath)) {\n\t\t\twriteFileSync(this.authPath, \"{}\", AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(this.authPath, 0o600);\n\t\t}\n\t}\n\n\tprivate acquireLockSyncWithRetry(path: string): () => void {\n\t\tconst maxAttempts = 10;\n\t\tconst delayMs = 20;\n\t\tlet lastError: unknown;\n\n\t\tfor (let attempt = 1; attempt <= maxAttempts; attempt++) {\n\t\t\ttry {\n\t\t\t\treturn lockfile.lockSync(path, { realpath: false });\n\t\t\t} catch (error) {\n\t\t\t\tconst code =\n\t\t\t\t\ttypeof error === \"object\" && error !== null && \"code\" in error\n\t\t\t\t\t\t? String((error as { code?: unknown }).code)\n\t\t\t\t\t\t: undefined;\n\t\t\t\tif (code !== \"ELOCKED\" || attempt === maxAttempts) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\tlastError = error;\n\t\t\t\tconst start = Date.now();\n\t\t\t\twhile (Date.now() - start < delayMs) {\n\t\t\t\t\t// Sleep synchronously to avoid changing callers to async.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tthrow (lastError as Error) ?? new Error(\"Failed to acquire auth storage lock\");\n\t}\n\n\tprivate readMergedAuth(): string | undefined {\n\t\tlet merged: AuthStorageData = {};\n\t\tlet found = false;\n\t\tfor (let i = this.readPaths.length - 1; i >= 0; i--) {\n\t\t\tconst readPath = this.readPaths[i]!;\n\t\t\tif (!existsSync(readPath)) continue;\n\t\t\tconst parsed = JSON.parse(readFileSync(readPath, \"utf-8\")) as AuthStorageData;\n\t\t\tmerged = { ...merged, ...parsed };\n\t\t\tfound = true;\n\t\t}\n\t\treturn found ? JSON.stringify(merged, null, 2) : undefined;\n\t}\n\n\t/**\n\t * Atomically replace `auth.json` with `content`: write a sibling temp file\n\t * (same directory, so `rename` is a same-filesystem atomic swap), fix its\n\t * permissions, then `rename` it over the target. Lock-free readers therefore\n\t * never observe a half-written file. The temp file is best-effort cleaned up\n\t * if the rename fails.\n\t */\n\tprivate writeAtomic(content: string): void {\n\t\tconst dir = dirname(this.authPath);\n\t\tconst tempPath = join(\n\t\t\tdir,\n\t\t\t`.${`auth.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`}.tmp`,\n\t\t);\n\t\ttry {\n\t\t\twriteFileSync(tempPath, content, AUTH_FILE_WRITE_OPTIONS);\n\t\t\tchmodSync(tempPath, 0o600);\n\t\t\trenameSync(tempPath, this.authPath);\n\t\t} catch (error) {\n\t\t\ttry {\n\t\t\t\tif (existsSync(tempPath)) rmSync(tempPath, { force: true });\n\t\t\t} catch {\n\t\t\t\t// Best-effort cleanup; ignore.\n\t\t\t}\n\t\t\tthrow error;\n\t\t}\n\t}\n\n\tread(): string | undefined {\n\t\treturn this.readMergedAuth();\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => void) | undefined;\n\t\ttry {\n\t\t\tif (existsSync(this.authPath)) {\n\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t}\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = fn(current);\n\t\t\tif (next !== undefined) {\n\t\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\t\tthis.ensureFileExists();\n\t\t\t\t}\n\t\t\t\tif (!release) {\n\t\t\t\t\trelease = this.acquireLockSyncWithRetry(this.authPath);\n\t\t\t\t}\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\trelease();\n\t\t\t}\n\t\t}\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tthis.ensureParentDir();\n\n\t\tlet release: (() => Promise<void>) | undefined;\n\t\tlet lockCompromised = false;\n\t\tlet lockCompromisedError: Error | undefined;\n\t\tconst throwIfCompromised = () => {\n\t\t\tif (lockCompromised) {\n\t\t\t\tthrow lockCompromisedError ?? new Error(\"Auth storage lock was compromised\");\n\t\t\t}\n\t\t};\n\n\t\ttry {\n\t\t\tif (!existsSync(this.authPath)) {\n\t\t\t\tthis.ensureFileExists();\n\t\t\t}\n\t\t\trelease = await lockfile.lock(this.authPath, {\n\t\t\t\tretries: {\n\t\t\t\t\tretries: 10,\n\t\t\t\t\tfactor: 2,\n\t\t\t\t\tminTimeout: 100,\n\t\t\t\t\tmaxTimeout: 10000,\n\t\t\t\t\trandomize: true,\n\t\t\t\t},\n\t\t\t\tstale: 30000,\n\t\t\t\tonCompromised: (err) => {\n\t\t\t\t\tlockCompromised = true;\n\t\t\t\t\tlockCompromisedError = err;\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tthrowIfCompromised();\n\t\t\tconst current = this.readMergedAuth();\n\t\t\tconst { result, next } = await fn(current);\n\t\t\tthrowIfCompromised();\n\t\t\tif (next !== undefined) {\n\t\t\t\tthis.writeAtomic(next);\n\t\t\t}\n\t\t\tthrowIfCompromised();\n\t\t\treturn result;\n\t\t} finally {\n\t\t\tif (release) {\n\t\t\t\ttry {\n\t\t\t\t\tawait release();\n\t\t\t\t} catch {\n\t\t\t\t\t// Ignore unlock errors when lock is compromised.\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n\nexport class InMemoryAuthStorageBackend implements AuthStorageBackend {\n\tprivate value: string | undefined;\n\n\tread(): string | undefined {\n\t\treturn this.value;\n\t}\n\n\twithLock<T>(fn: (current: string | undefined) => LockResult<T>): T {\n\t\tconst { result, next } = fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n\n\tasync withLockAsync<T>(fn: (current: string | undefined) => Promise<LockResult<T>>): Promise<T> {\n\t\tconst { result, next } = await fn(this.value);\n\t\tif (next !== undefined) {\n\t\t\tthis.value = next;\n\t\t}\n\t\treturn result;\n\t}\n}\n\n/**\n * Credential storage backed by a JSON file.\n */\nexport class AuthStorage {\n\tprivate data: AuthStorageData = {};\n\tprivate runtimeOverrides: Map<string, string> = new Map();\n\tprivate fallbackResolver?: (provider: string) => string | undefined;\n\tprivate loadError: Error | null = null;\n\tprivate errors: Error[] = [];\n\n\tdeclare private storage: AuthStorageBackend;\n\nprivate constructor(storage: AuthStorageBackend) {\n\t\tthis.storage = storage;\n\t\tthis.reload();\n\t}\n\n\tstatic create(authPath?: string): AuthStorage {\n\t\treturn new AuthStorage(\n\t\t\tnew FileAuthStorageBackend(\n\t\t\t\tauthPath ?? join(getAgentDir(), \"auth.json\"),\n\t\t\t\tauthPath ? [authPath] : getAgentConfigPaths(\"auth.json\"),\n\t\t\t),\n\t\t);\n\t}\n\n\tstatic fromStorage(storage: AuthStorageBackend): AuthStorage {\n\t\treturn new AuthStorage(storage);\n\t}\n\n\tstatic inMemory(data: AuthStorageData = {}): AuthStorage {\n\t\tconst storage = new InMemoryAuthStorageBackend();\n\t\tstorage.withLock(() => ({ result: undefined, next: JSON.stringify(data, null, 2) }));\n\t\treturn AuthStorage.fromStorage(storage);\n\t}\n\n\t/**\n\t * Set a runtime API key override (not persisted to disk).\n\t * Used for CLI --api-key flag.\n\t */\n\tsetRuntimeApiKey(provider: string, apiKey: string): void {\n\t\tthis.runtimeOverrides.set(provider, apiKey);\n\t}\n\n\t/**\n\t * Remove a runtime API key override.\n\t */\n\tremoveRuntimeApiKey(provider: string): void {\n\t\tthis.runtimeOverrides.delete(provider);\n\t}\n\n\t/**\n\t * Set a fallback resolver for API keys not found in auth.json or env vars.\n\t * Used for custom provider keys from models.json.\n\t */\n\tsetFallbackResolver(resolver: (provider: string) => string | undefined): void {\n\t\tthis.fallbackResolver = resolver;\n\t}\n\n\tprivate recordError(error: unknown): void {\n\t\tconst normalizedError = error instanceof Error ? error : new Error(String(error));\n\t\tthis.errors.push(normalizedError);\n\t}\n\n\tprivate parseStorageData(content: string | undefined): AuthStorageData {\n\t\tif (!content) {\n\t\t\treturn {};\n\t\t}\n\t\treturn JSON.parse(content) as AuthStorageData;\n\t}\n\n\t/**\n\t * Reload credentials from storage.\n\t */\n\treload(): void {\n\t\ttry {\n\t\t\t// Pure read: never take the exclusive write lock. Writers replace\n\t\t\t// auth.json atomically, so a lock-free read always sees a complete\n\t\t\t// snapshot. This keeps many concurrent sessions from starving each other\n\t\t\t// on the lock and misreporting configured providers as unreadable under\n\t\t\t// contention (issue #1431).\n\t\t\tconst content = this.readSnapshot();\n\t\t\tthis.data = this.parseStorageData(content);\n\t\t\tthis.loadError = null;\n\t\t} catch (error) {\n\t\t\tthis.loadError = error as Error;\n\t\t\tthis.recordError(error);\n\t\t}\n\t}\n\n\t/**\n\t * Read the credential snapshot, preferring the backend's lock-free `read()`.\n\t * Falls back to a `withLock`-based read for custom backends that predate\n\t * `read()` so the released `AuthStorageBackend` interface stays compatible.\n\t */\n\tprivate readSnapshot(): string | undefined {\n\t\tif (this.storage.read) {\n\t\t\treturn this.storage.read();\n\t\t}\n\t\tlet content: string | undefined;\n\t\tthis.storage.withLock((current) => {\n\t\t\tcontent = current;\n\t\t\treturn { result: undefined };\n\t\t});\n\t\treturn content;\n\t}\n\n\tprivate persistProviderChange(provider: string, credential: AuthCredential | undefined): void {\n\t\tif (this.loadError) {\n\t\t\treturn;\n\t\t}\n\n\t\ttry {\n\t\t\tthis.storage.withLock((current) => {\n\t\t\t\tconst currentData = this.parseStorageData(current);\n\t\t\t\tconst merged: AuthStorageData = { ...currentData };\n\t\t\t\tif (credential) {\n\t\t\t\t\tmerged[provider] = credential;\n\t\t\t\t} else {\n\t\t\t\t\tdelete merged[provider];\n\t\t\t\t}\n\t\t\t\treturn { result: undefined, next: JSON.stringify(merged, null, 2) };\n\t\t\t});\n\t\t} catch (error) {\n\t\t\tthis.recordError(error);\n\t\t}\n\t}\n\n\t/**\n\t * Get credential for a provider.\n\t */\n\tget(provider: string): AuthCredential | undefined {\n\t\treturn this.data[provider] ?? undefined;\n\t}\n\n\t/**\n\t * Set credential for a provider.\n\t */\n\tset(provider: string, credential: AuthCredential): void {\n\t\tthis.data[provider] = credential;\n\t\tthis.persistProviderChange(provider, credential);\n\t}\n\n\t/**\n\t * Remove credential for a provider.\n\t */\n\tremove(provider: string): void {\n\t\tdelete this.data[provider];\n\t\tthis.persistProviderChange(provider, undefined);\n\t}\n\n\t/**\n\t * List all providers with credentials.\n\t */\n\tlist(): string[] {\n\t\treturn Object.keys(this.data);\n\t}\n\n\t/**\n\t * Check if credentials exist for a provider in auth.json.\n\t */\n\thas(provider: string): boolean {\n\t\treturn provider in this.data;\n\t}\n\n\t/**\n\t * Check if any form of auth is configured for a provider.\n\t * Unlike getApiKey(), this doesn't refresh OAuth tokens.\n\t */\n\thasAuth(provider: string): boolean {\n\t\tif (this.runtimeOverrides.has(provider)) return true;\n\t\tif (this.data[provider]) return true;\n\t\tif (getEnvApiKey(provider)) return true;\n\t\tif (this.fallbackResolver?.(provider)) return true;\n\t\treturn false;\n\t}\n\n\t/**\n\t * Return auth status without exposing credential values or refreshing tokens.\n\t */\n\tgetAuthStatus(provider: string): AuthStatus {\n\t\tif (this.data[provider]) {\n\t\t\treturn { configured: true, source: \"stored\" };\n\t\t}\n\n\t\tif (this.runtimeOverrides.has(provider)) {\n\t\t\treturn { configured: false, source: \"runtime\", label: \"--api-key\" };\n\t\t}\n\n\t\tconst envKeys = findEnvKeys(provider);\n\t\tif (envKeys?.[0]) {\n\t\t\treturn { configured: false, source: \"environment\", label: envKeys[0] };\n\t\t}\n\n\t\tif (this.fallbackResolver?.(provider)) {\n\t\t\treturn { configured: false, source: \"fallback\", label: \"custom provider config\" };\n\t\t}\n\n\t\treturn { configured: false };\n\t}\n\n\t/**\n\t * Get all credentials (for passing to getOAuthApiKey).\n\t */\n\tgetAll(): AuthStorageData {\n\t\treturn { ...this.data };\n\t}\n\n\tdrainErrors(): Error[] {\n\t\tconst drained = [...this.errors];\n\t\tthis.errors = [];\n\t\treturn drained;\n\t}\n\n\t/**\n\t * Returns the error from the most recent failed credential load, or null when\n\t * the last reload succeeded.\n\t *\n\t * A non-null value means stored credentials could NOT be read — e.g. the auth\n\t * file was temporarily locked by another process (ELOCKED) or contained\n\t * invalid JSON — so an empty/absent credential set is NOT authoritative.\n\t * Callers that would otherwise report \"No API key found\" should surface this\n\t * load failure instead of treating the provider as unauthenticated\n\t * (issue #1431).\n\t */\n\tgetLoadError(): Error | null {\n\t\treturn this.loadError;\n\t}\n\n\t/**\n\t * Login to an OAuth provider.\n\t */\n\tasync login(providerId: OAuthProviderId, callbacks: OAuthLoginCallbacks): Promise<void> {\n\t\tconst provider = getOAuthProvider(providerId);\n\t\tif (!provider) {\n\t\t\tthrow new Error(`Unknown OAuth provider: ${providerId}`);\n\t\t}\n\n\t\tconst credentials = await provider.login(callbacks);\n\t\tthis.set(providerId, { type: \"oauth\", ...credentials });\n\t}\n\n\t/**\n\t * Logout from a provider.\n\t */\n\tlogout(provider: string): void {\n\t\tthis.remove(provider);\n\t}\n\n\t/**\n\t * Refresh OAuth token with backend locking to prevent race conditions.\n\t * Multiple pi instances may try to refresh simultaneously when tokens expire.\n\t */\n\tprivate async refreshOAuthTokenWithLock(\n\t\tproviderId: OAuthProviderId,\n\t): Promise<{ apiKey: string; newCredentials: OAuthCredentials } | null> {\n\t\tconst provider = getOAuthProvider(providerId);\n\t\tif (!provider) {\n\t\t\treturn null;\n\t\t}\n\n\t\tconst result = await this.storage.withLockAsync(async (current) => {\n\t\t\tconst currentData = this.parseStorageData(current);\n\t\t\tthis.data = currentData;\n\t\t\tthis.loadError = null;\n\n\t\t\tconst cred = currentData[providerId];\n\t\t\tif (cred?.type !== \"oauth\") {\n\t\t\t\treturn { result: null };\n\t\t\t}\n\n\t\t\tif (Date.now() < cred.expires) {\n\t\t\t\treturn { result: { apiKey: provider.getApiKey(cred), newCredentials: cred } };\n\t\t\t}\n\n\t\t\tconst oauthCreds: Record<string, OAuthCredentials> = {};\n\t\t\tfor (const [key, value] of Object.entries(currentData)) {\n\t\t\t\tif (value.type === \"oauth\") {\n\t\t\t\t\toauthCreds[key] = value;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst refreshed = await getOAuthApiKey(providerId, oauthCreds);\n\t\t\tif (!refreshed) {\n\t\t\t\treturn { result: null };\n\t\t\t}\n\n\t\t\tconst merged: AuthStorageData = {\n\t\t\t\t...currentData,\n\t\t\t\t[providerId]: { type: \"oauth\", ...refreshed.newCredentials },\n\t\t\t};\n\t\t\tthis.data = merged;\n\t\t\tthis.loadError = null;\n\t\t\treturn { result: refreshed, next: JSON.stringify(merged, null, 2) };\n\t\t});\n\n\t\treturn result;\n\t}\n\n\t/**\n\t * Get API key for a provider.\n\t * Priority:\n\t * 1. Runtime override (CLI --api-key)\n\t * 2. API key from auth.json\n\t * 3. OAuth token from auth.json (auto-refreshed with locking)\n\t * 4. Environment variable\n\t * 5. Fallback resolver (models.json custom providers)\n\t */\n\tasync getApiKey(providerId: string, options?: { includeFallback?: boolean }): Promise<string | undefined> {\n\t\t// Runtime override takes highest priority\n\t\tconst runtimeKey = this.runtimeOverrides.get(providerId);\n\t\tif (runtimeKey) {\n\t\t\treturn runtimeKey;\n\t\t}\n\n\t\tconst cred = this.data[providerId];\n\n\t\tif (cred?.type === \"api_key\") {\n\t\t\treturn resolveConfigValue(cred.key);\n\t\t}\n\n\t\tif (cred?.type === \"oauth\") {\n\t\t\tconst provider = getOAuthProvider(providerId);\n\t\t\tif (!provider) {\n\t\t\t\t// Unknown OAuth provider, can't get API key\n\t\t\t\treturn undefined;\n\t\t\t}\n\n\t\t\t// Check if token needs refresh\n\t\t\tconst needsRefresh = Date.now() >= cred.expires;\n\n\t\t\tif (needsRefresh) {\n\t\t\t\t// Use locked refresh to prevent race conditions\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await this.refreshOAuthTokenWithLock(providerId);\n\t\t\t\t\tif (result) {\n\t\t\t\t\t\treturn result.apiKey;\n\t\t\t\t\t}\n\t\t\t\t} catch (error) {\n\t\t\t\t\tthis.recordError(error);\n\t\t\t\t\t// Refresh failed - re-read file to check if another instance succeeded\n\t\t\t\t\tthis.reload();\n\t\t\t\t\tconst updatedCred = this.data[providerId];\n\n\t\t\t\t\tif (updatedCred?.type === \"oauth\" && Date.now() < updatedCred.expires) {\n\t\t\t\t\t\t// Another instance refreshed successfully, use those credentials\n\t\t\t\t\t\treturn provider.getApiKey(updatedCred);\n\t\t\t\t\t}\n\n\t\t\t\t\t// Refresh truly failed - return undefined so model discovery skips this provider\n\t\t\t\t\t// User can /login to re-authenticate (credentials preserved for retry)\n\t\t\t\t\treturn undefined;\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// Token not expired, use current access token\n\t\t\t\treturn provider.getApiKey(cred);\n\t\t\t}\n\t\t}\n\n\t\t// Fall back to environment variable\n\t\tconst envKey = getEnvApiKey(providerId);\n\t\tif (envKey) return envKey;\n\n\t\t// Fall back to custom resolver (e.g., models.json custom providers)\n\t\tif (options?.includeFallback !== false) {\n\t\t\treturn this.fallbackResolver?.(providerId) ?? undefined;\n\t\t}\n\n\t\treturn undefined;\n\t}\n\n\t/**\n\t * Get all registered OAuth providers\n\t */\n\tgetOAuthProviders() {\n\t\treturn getOAuthProviders();\n\t}\n}\n"]}
|
|
1
|
+
{"version":3,"file":"auth-storage.d.ts","sourceRoot":"","sources":["../../src/core/auth-storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAGN,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAAsD,KAAK,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGzH,MAAM,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,SAAS,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,OAAO,CAAC;CACd,GAAG,gBAAgB,CAAC;AAErB,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAEhE,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAE7D,MAAM,MAAM,UAAU,GAAG;IACxB,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,GAAG,iBAAiB,GAAG,qBAAqB,CAAC;IACvG,KAAK,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,KAAK,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAEzH;;GAEG;AACH,qBAAa,WAAW;IACvB,OAAO,CAAC,IAAI,CAAuB;IACnC,OAAO,CAAC,gBAAgB,CAAkC;IAC1D,OAAO,CAAC,gBAAgB,CAAC,CAA2C;IACpE,OAAO,CAAC,SAAS,CAAsB;IACvC,OAAO,CAAC,MAAM,CAAe;IAE7B,QAAgB,OAAO,CAAqB;IAE5C,OAAO,eAGN;IAED,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,CAO5C;IAED,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,WAAW,CAE3D;IAED,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAE,eAAoB,GAAG,WAAW,CAIvD;IAED;;;OAGG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAEvD;IAED;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE1C;IAED;;;OAGG;IACH,mBAAmB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAE5E;IAED,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,MAAM,IAAI,IAAI,CAcb;IAED;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAYpB,OAAO,CAAC,qBAAqB;IAqB7B;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAEhD;IAED;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,GAAG,IAAI,CAGtD;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAG7B;IAED;;OAEG;IACH,IAAI,IAAI,MAAM,EAAE,CAEf;IAED;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE7B;IAED;;;OAGG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMjC;IAED;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAmB1C;IAED;;OAEG;IACH,MAAM,IAAI,eAAe,CAExB;IAED,WAAW,IAAI,KAAK,EAAE,CAIrB;IAED;;;;;;;;;;OAUG;IACH,YAAY,IAAI,KAAK,GAAG,IAAI,CAE3B;IAED;;OAEG;IACG,KAAK,CAAC,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAQtF;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE7B;YAMa,yBAAyB;IA8CvC;;;;;;;;OAQG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA6DxG;IAED;;OAEG;IACH,iBAAiB,6DAEhB;CACD","sourcesContent":["/**\n * Credential storage for API keys and OAuth tokens.\n * Handles loading, saving, and refreshing credentials from auth.json.\n *\n * Uses file locking to prevent race conditions when multiple pi instances\n * try to refresh tokens simultaneously.\n */\n\nimport {\n\tfindEnvKeys,\n\tgetEnvApiKey,\n\ttype OAuthCredentials,\n\ttype OAuthLoginCallbacks,\n\ttype OAuthProviderId,\n} from \"@earendil-works/pi-ai\";\nimport { getOAuthApiKey, getOAuthProvider, getOAuthProviders } from \"@earendil-works/pi-ai/oauth\";\nimport { join } from \"path\";\nimport { getAgentConfigPaths, getAgentDir } from \"../config.ts\";\nimport { FileAuthStorageBackend, InMemoryAuthStorageBackend, type AuthStorageBackend } from \"./auth-storage-backends.ts\";\nimport { resolveConfigValue } from \"./resolve-config-value.ts\";\n\nexport type ApiKeyCredential = {\n\ttype: \"api_key\";\n\tkey: string;\n};\n\nexport type OAuthCredential = {\n\ttype: \"oauth\";\n} & OAuthCredentials;\n\nexport type AuthCredential = ApiKeyCredential | OAuthCredential;\n\nexport type AuthStorageData = Record<string, AuthCredential>;\n\nexport type AuthStatus = {\n\tconfigured: boolean;\n\tsource?: \"stored\" | \"runtime\" | \"environment\" | \"fallback\" | \"models_json_key\" | \"models_json_command\";\n\tlabel?: string;\n};\n\nexport { FileAuthStorageBackend, InMemoryAuthStorageBackend, type AuthStorageBackend } from \"./auth-storage-backends.ts\";\n\n/**\n * Credential storage backed by a JSON file.\n */\nexport class AuthStorage {\n\tprivate data: AuthStorageData = {};\n\tprivate runtimeOverrides: Map<string, string> = new Map();\n\tprivate fallbackResolver?: (provider: string) => string | undefined;\n\tprivate loadError: Error | null = null;\n\tprivate errors: Error[] = [];\n\n\tdeclare private storage: AuthStorageBackend;\n\n\tprivate constructor(storage: AuthStorageBackend) {\n\t\tthis.storage = storage;\n\t\tthis.reload();\n\t}\n\n\tstatic create(authPath?: string): AuthStorage {\n\t\treturn new AuthStorage(\n\t\t\tnew FileAuthStorageBackend(\n\t\t\t\tauthPath ?? join(getAgentDir(), \"auth.json\"),\n\t\t\t\tauthPath ? [authPath] : getAgentConfigPaths(\"auth.json\"),\n\t\t\t),\n\t\t);\n\t}\n\n\tstatic fromStorage(storage: AuthStorageBackend): AuthStorage {\n\t\treturn new AuthStorage(storage);\n\t}\n\n\tstatic inMemory(data: AuthStorageData = {}): AuthStorage {\n\t\tconst storage = new InMemoryAuthStorageBackend();\n\t\tstorage.withLock(() => ({ result: undefined, next: JSON.stringify(data, null, 2) }));\n\t\treturn AuthStorage.fromStorage(storage);\n\t}\n\n\t/**\n\t * Set a runtime API key override (not persisted to disk).\n\t * Used for CLI --api-key flag.\n\t */\n\tsetRuntimeApiKey(provider: string, apiKey: string): void {\n\t\tthis.runtimeOverrides.set(provider, apiKey);\n\t}\n\n\t/**\n\t * Remove a runtime API key override.\n\t */\n\tremoveRuntimeApiKey(provider: string): void {\n\t\tthis.runtimeOverrides.delete(provider);\n\t}\n\n\t/**\n\t * Set a fallback resolver for API keys not found in auth.json or env vars.\n\t * Used for custom provider keys from models.json.\n\t */\n\tsetFallbackResolver(resolver: (provider: string) => string | undefined): void {\n\t\tthis.fallbackResolver = resolver;\n\t}\n\n\tprivate recordError(error: unknown): void {\n\t\tconst normalizedError = error instanceof Error ? error : new Error(String(error));\n\t\tthis.errors.push(normalizedError);\n\t}\n\n\tprivate parseStorageData(content: string | undefined): AuthStorageData {\n\t\tif (!content) {\n\t\t\treturn {};\n\t\t}\n\t\treturn JSON.parse(content) as AuthStorageData;\n\t}\n\n\t/**\n\t * Reload credentials from storage.\n\t */\n\treload(): void {\n\t\ttry {\n\t\t\t// Pure read: never take the exclusive write lock. Writers replace\n\t\t\t// auth.json atomically, so a lock-free read always sees a complete\n\t\t\t// snapshot. This keeps many concurrent sessions from starving each other\n\t\t\t// on the lock and misreporting configured providers as unreadable under\n\t\t\t// contention (issue #1431).\n\t\t\tconst content = this.readSnapshot();\n\t\t\tthis.data = this.parseStorageData(content);\n\t\t\tthis.loadError = null;\n\t\t} catch (error) {\n\t\t\tthis.loadError = error as Error;\n\t\t\tthis.recordError(error);\n\t\t}\n\t}\n\n\t/**\n\t * Read the credential snapshot, preferring the backend's lock-free `read()`.\n\t * Falls back to a `withLock`-based read for custom backends that predate\n\t * `read()` so the released `AuthStorageBackend` interface stays compatible.\n\t */\n\tprivate readSnapshot(): string | undefined {\n\t\tif (this.storage.read) {\n\t\t\treturn this.storage.read();\n\t\t}\n\t\tlet content: string | undefined;\n\t\tthis.storage.withLock((current) => {\n\t\t\tcontent = current;\n\t\t\treturn { result: undefined };\n\t\t});\n\t\treturn content;\n\t}\n\n\tprivate persistProviderChange(provider: string, credential: AuthCredential | undefined): void {\n\t\tif (this.loadError) {\n\t\t\treturn;\n\t\t}\n\n\t\ttry {\n\t\t\tthis.storage.withLock((current) => {\n\t\t\t\tconst currentData = this.parseStorageData(current);\n\t\t\t\tconst merged: AuthStorageData = { ...currentData };\n\t\t\t\tif (credential) {\n\t\t\t\t\tmerged[provider] = credential;\n\t\t\t\t} else {\n\t\t\t\t\tdelete merged[provider];\n\t\t\t\t}\n\t\t\t\treturn { result: undefined, next: JSON.stringify(merged, null, 2) };\n\t\t\t});\n\t\t} catch (error) {\n\t\t\tthis.recordError(error);\n\t\t}\n\t}\n\n\t/**\n\t * Get credential for a provider.\n\t */\n\tget(provider: string): AuthCredential | undefined {\n\t\treturn this.data[provider] ?? undefined;\n\t}\n\n\t/**\n\t * Set credential for a provider.\n\t */\n\tset(provider: string, credential: AuthCredential): void {\n\t\tthis.data[provider] = credential;\n\t\tthis.persistProviderChange(provider, credential);\n\t}\n\n\t/**\n\t * Remove credential for a provider.\n\t */\n\tremove(provider: string): void {\n\t\tdelete this.data[provider];\n\t\tthis.persistProviderChange(provider, undefined);\n\t}\n\n\t/**\n\t * List all providers with credentials.\n\t */\n\tlist(): string[] {\n\t\treturn Object.keys(this.data);\n\t}\n\n\t/**\n\t * Check if credentials exist for a provider in auth.json.\n\t */\n\thas(provider: string): boolean {\n\t\treturn provider in this.data;\n\t}\n\n\t/**\n\t * Check if any form of auth is configured for a provider.\n\t * Unlike getApiKey(), this doesn't refresh OAuth tokens.\n\t */\n\thasAuth(provider: string): boolean {\n\t\tif (this.runtimeOverrides.has(provider)) return true;\n\t\tif (this.data[provider]) return true;\n\t\tif (getEnvApiKey(provider)) return true;\n\t\tif (this.fallbackResolver?.(provider)) return true;\n\t\treturn false;\n\t}\n\n\t/**\n\t * Return auth status without exposing credential values or refreshing tokens.\n\t */\n\tgetAuthStatus(provider: string): AuthStatus {\n\t\tif (this.data[provider]) {\n\t\t\treturn { configured: true, source: \"stored\" };\n\t\t}\n\n\t\tif (this.runtimeOverrides.has(provider)) {\n\t\t\treturn { configured: false, source: \"runtime\", label: \"--api-key\" };\n\t\t}\n\n\t\tconst envKeys = findEnvKeys(provider);\n\t\tif (envKeys?.[0]) {\n\t\t\treturn { configured: false, source: \"environment\", label: envKeys[0] };\n\t\t}\n\n\t\tif (this.fallbackResolver?.(provider)) {\n\t\t\treturn { configured: false, source: \"fallback\", label: \"custom provider config\" };\n\t\t}\n\n\t\treturn { configured: false };\n\t}\n\n\t/**\n\t * Get all credentials (for passing to getOAuthApiKey).\n\t */\n\tgetAll(): AuthStorageData {\n\t\treturn { ...this.data };\n\t}\n\n\tdrainErrors(): Error[] {\n\t\tconst drained = [...this.errors];\n\t\tthis.errors = [];\n\t\treturn drained;\n\t}\n\n\t/**\n\t * Returns the error from the most recent failed credential load, or null when\n\t * the last reload succeeded.\n\t *\n\t * A non-null value means stored credentials could NOT be read — e.g. the auth\n\t * file was temporarily locked by another process (ELOCKED) or contained\n\t * invalid JSON — so an empty/absent credential set is NOT authoritative.\n\t * Callers that would otherwise report \"No API key found\" should surface this\n\t * load failure instead of treating the provider as unauthenticated\n\t * (issue #1431).\n\t */\n\tgetLoadError(): Error | null {\n\t\treturn this.loadError;\n\t}\n\n\t/**\n\t * Login to an OAuth provider.\n\t */\n\tasync login(providerId: OAuthProviderId, callbacks: OAuthLoginCallbacks): Promise<void> {\n\t\tconst provider = getOAuthProvider(providerId);\n\t\tif (!provider) {\n\t\t\tthrow new Error(`Unknown OAuth provider: ${providerId}`);\n\t\t}\n\n\t\tconst credentials = await provider.login(callbacks);\n\t\tthis.set(providerId, { type: \"oauth\", ...credentials });\n\t}\n\n\t/**\n\t * Logout from a provider.\n\t */\n\tlogout(provider: string): void {\n\t\tthis.remove(provider);\n\t}\n\n\t/**\n\t * Refresh OAuth token with backend locking to prevent race conditions.\n\t * Multiple pi instances may try to refresh simultaneously when tokens expire.\n\t */\n\tprivate async refreshOAuthTokenWithLock(\n\t\tproviderId: OAuthProviderId,\n\t): Promise<{ apiKey: string; newCredentials: OAuthCredentials } | null> {\n\t\tconst provider = getOAuthProvider(providerId);\n\t\tif (!provider) {\n\t\t\treturn null;\n\t\t}\n\n\t\tconst result = await this.storage.withLockAsync(async (current) => {\n\t\t\tconst currentData = this.parseStorageData(current);\n\t\t\tthis.data = currentData;\n\t\t\tthis.loadError = null;\n\n\t\t\tconst cred = currentData[providerId];\n\t\t\tif (cred?.type !== \"oauth\") {\n\t\t\t\treturn { result: null };\n\t\t\t}\n\n\t\t\tif (Date.now() < cred.expires) {\n\t\t\t\treturn { result: { apiKey: provider.getApiKey(cred), newCredentials: cred } };\n\t\t\t}\n\n\t\t\tconst oauthCreds: Record<string, OAuthCredentials> = {};\n\t\t\tfor (const [key, value] of Object.entries(currentData)) {\n\t\t\t\tif (value.type === \"oauth\") {\n\t\t\t\t\toauthCreds[key] = value;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst refreshed = await getOAuthApiKey(providerId, oauthCreds);\n\t\t\tif (!refreshed) {\n\t\t\t\treturn { result: null };\n\t\t\t}\n\n\t\t\tconst merged: AuthStorageData = {\n\t\t\t\t...currentData,\n\t\t\t\t[providerId]: { type: \"oauth\", ...refreshed.newCredentials },\n\t\t\t};\n\t\t\tthis.data = merged;\n\t\t\tthis.loadError = null;\n\t\t\treturn { result: refreshed, next: JSON.stringify(merged, null, 2) };\n\t\t});\n\n\t\treturn result;\n\t}\n\n\t/**\n\t * Get API key for a provider.\n\t * Priority:\n\t * 1. Runtime override (CLI --api-key)\n\t * 2. API key from auth.json\n\t * 3. OAuth token from auth.json (auto-refreshed with locking)\n\t * 4. Environment variable\n\t * 5. Fallback resolver (models.json custom providers)\n\t */\n\tasync getApiKey(providerId: string, options?: { includeFallback?: boolean }): Promise<string | undefined> {\n\t\t// Runtime override takes highest priority\n\t\tconst runtimeKey = this.runtimeOverrides.get(providerId);\n\t\tif (runtimeKey) {\n\t\t\treturn runtimeKey;\n\t\t}\n\n\t\tconst cred = this.data[providerId];\n\n\t\tif (cred?.type === \"api_key\") {\n\t\t\treturn resolveConfigValue(cred.key);\n\t\t}\n\n\t\tif (cred?.type === \"oauth\") {\n\t\t\tconst provider = getOAuthProvider(providerId);\n\t\t\tif (!provider) {\n\t\t\t\t// Unknown OAuth provider, can't get API key\n\t\t\t\treturn undefined;\n\t\t\t}\n\n\t\t\t// Check if token needs refresh\n\t\t\tconst needsRefresh = Date.now() >= cred.expires;\n\n\t\t\tif (needsRefresh) {\n\t\t\t\t// Use locked refresh to prevent race conditions\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await this.refreshOAuthTokenWithLock(providerId);\n\t\t\t\t\tif (result) {\n\t\t\t\t\t\treturn result.apiKey;\n\t\t\t\t\t}\n\t\t\t\t} catch (error) {\n\t\t\t\t\tthis.recordError(error);\n\t\t\t\t\t// Refresh failed - re-read file to check if another instance succeeded\n\t\t\t\t\tthis.reload();\n\t\t\t\t\tconst updatedCred = this.data[providerId];\n\n\t\t\t\t\tif (updatedCred?.type === \"oauth\" && Date.now() < updatedCred.expires) {\n\t\t\t\t\t\t// Another instance refreshed successfully, use those credentials\n\t\t\t\t\t\treturn provider.getApiKey(updatedCred);\n\t\t\t\t\t}\n\n\t\t\t\t\t// Refresh truly failed - return undefined so model discovery skips this provider\n\t\t\t\t\t// User can /login to re-authenticate (credentials preserved for retry)\n\t\t\t\t\treturn undefined;\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// Token not expired, use current access token\n\t\t\t\treturn provider.getApiKey(cred);\n\t\t\t}\n\t\t}\n\n\t\t// Fall back to environment variable\n\t\tconst envKey = getEnvApiKey(providerId);\n\t\tif (envKey) return envKey;\n\n\t\t// Fall back to custom resolver (e.g., models.json custom providers)\n\t\tif (options?.includeFallback !== false) {\n\t\t\treturn this.fallbackResolver?.(providerId) ?? undefined;\n\t\t}\n\n\t\treturn undefined;\n\t}\n\n\t/**\n\t * Get all registered OAuth providers\n\t */\n\tgetOAuthProviders() {\n\t\treturn getOAuthProviders();\n\t}\n}\n"]}
|
|
@@ -7,191 +7,11 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import { findEnvKeys, getEnvApiKey, } from "@earendil-works/pi-ai";
|
|
9
9
|
import { getOAuthApiKey, getOAuthProvider, getOAuthProviders } from "@earendil-works/pi-ai/oauth";
|
|
10
|
-
import {
|
|
11
|
-
import { dirname, join } from "path";
|
|
12
|
-
import lockfile from "proper-lockfile";
|
|
10
|
+
import { join } from "path";
|
|
13
11
|
import { getAgentConfigPaths, getAgentDir } from "../config.js";
|
|
14
|
-
import {
|
|
12
|
+
import { FileAuthStorageBackend, InMemoryAuthStorageBackend } from "./auth-storage-backends.js";
|
|
15
13
|
import { resolveConfigValue } from "./resolve-config-value.js";
|
|
16
|
-
|
|
17
|
-
export class FileAuthStorageBackend {
|
|
18
|
-
constructor(authPath = join(getAgentDir(), "auth.json"), readPaths = [authPath]) {
|
|
19
|
-
this.authPath = normalizePath(authPath);
|
|
20
|
-
this.readPaths = readPaths.map((readPath) => normalizePath(readPath));
|
|
21
|
-
}
|
|
22
|
-
ensureParentDir() {
|
|
23
|
-
const dir = dirname(this.authPath);
|
|
24
|
-
if (!existsSync(dir)) {
|
|
25
|
-
mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
ensureFileExists() {
|
|
29
|
-
if (!existsSync(this.authPath)) {
|
|
30
|
-
writeFileSync(this.authPath, "{}", AUTH_FILE_WRITE_OPTIONS);
|
|
31
|
-
chmodSync(this.authPath, 0o600);
|
|
32
|
-
}
|
|
33
|
-
}
|
|
34
|
-
acquireLockSyncWithRetry(path) {
|
|
35
|
-
const maxAttempts = 10;
|
|
36
|
-
const delayMs = 20;
|
|
37
|
-
let lastError;
|
|
38
|
-
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
|
|
39
|
-
try {
|
|
40
|
-
return lockfile.lockSync(path, { realpath: false });
|
|
41
|
-
}
|
|
42
|
-
catch (error) {
|
|
43
|
-
const code = typeof error === "object" && error !== null && "code" in error
|
|
44
|
-
? String(error.code)
|
|
45
|
-
: undefined;
|
|
46
|
-
if (code !== "ELOCKED" || attempt === maxAttempts) {
|
|
47
|
-
throw error;
|
|
48
|
-
}
|
|
49
|
-
lastError = error;
|
|
50
|
-
const start = Date.now();
|
|
51
|
-
while (Date.now() - start < delayMs) {
|
|
52
|
-
// Sleep synchronously to avoid changing callers to async.
|
|
53
|
-
}
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
throw lastError ?? new Error("Failed to acquire auth storage lock");
|
|
57
|
-
}
|
|
58
|
-
readMergedAuth() {
|
|
59
|
-
let merged = {};
|
|
60
|
-
let found = false;
|
|
61
|
-
for (let i = this.readPaths.length - 1; i >= 0; i--) {
|
|
62
|
-
const readPath = this.readPaths[i];
|
|
63
|
-
if (!existsSync(readPath))
|
|
64
|
-
continue;
|
|
65
|
-
const parsed = JSON.parse(readFileSync(readPath, "utf-8"));
|
|
66
|
-
merged = { ...merged, ...parsed };
|
|
67
|
-
found = true;
|
|
68
|
-
}
|
|
69
|
-
return found ? JSON.stringify(merged, null, 2) : undefined;
|
|
70
|
-
}
|
|
71
|
-
/**
|
|
72
|
-
* Atomically replace `auth.json` with `content`: write a sibling temp file
|
|
73
|
-
* (same directory, so `rename` is a same-filesystem atomic swap), fix its
|
|
74
|
-
* permissions, then `rename` it over the target. Lock-free readers therefore
|
|
75
|
-
* never observe a half-written file. The temp file is best-effort cleaned up
|
|
76
|
-
* if the rename fails.
|
|
77
|
-
*/
|
|
78
|
-
writeAtomic(content) {
|
|
79
|
-
const dir = dirname(this.authPath);
|
|
80
|
-
const tempPath = join(dir, `.${`auth.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`}.tmp`);
|
|
81
|
-
try {
|
|
82
|
-
writeFileSync(tempPath, content, AUTH_FILE_WRITE_OPTIONS);
|
|
83
|
-
chmodSync(tempPath, 0o600);
|
|
84
|
-
renameSync(tempPath, this.authPath);
|
|
85
|
-
}
|
|
86
|
-
catch (error) {
|
|
87
|
-
try {
|
|
88
|
-
if (existsSync(tempPath))
|
|
89
|
-
rmSync(tempPath, { force: true });
|
|
90
|
-
}
|
|
91
|
-
catch {
|
|
92
|
-
// Best-effort cleanup; ignore.
|
|
93
|
-
}
|
|
94
|
-
throw error;
|
|
95
|
-
}
|
|
96
|
-
}
|
|
97
|
-
read() {
|
|
98
|
-
return this.readMergedAuth();
|
|
99
|
-
}
|
|
100
|
-
withLock(fn) {
|
|
101
|
-
this.ensureParentDir();
|
|
102
|
-
let release;
|
|
103
|
-
try {
|
|
104
|
-
if (existsSync(this.authPath)) {
|
|
105
|
-
release = this.acquireLockSyncWithRetry(this.authPath);
|
|
106
|
-
}
|
|
107
|
-
const current = this.readMergedAuth();
|
|
108
|
-
const { result, next } = fn(current);
|
|
109
|
-
if (next !== undefined) {
|
|
110
|
-
if (!existsSync(this.authPath)) {
|
|
111
|
-
this.ensureFileExists();
|
|
112
|
-
}
|
|
113
|
-
if (!release) {
|
|
114
|
-
release = this.acquireLockSyncWithRetry(this.authPath);
|
|
115
|
-
}
|
|
116
|
-
this.writeAtomic(next);
|
|
117
|
-
}
|
|
118
|
-
return result;
|
|
119
|
-
}
|
|
120
|
-
finally {
|
|
121
|
-
if (release) {
|
|
122
|
-
release();
|
|
123
|
-
}
|
|
124
|
-
}
|
|
125
|
-
}
|
|
126
|
-
async withLockAsync(fn) {
|
|
127
|
-
this.ensureParentDir();
|
|
128
|
-
let release;
|
|
129
|
-
let lockCompromised = false;
|
|
130
|
-
let lockCompromisedError;
|
|
131
|
-
const throwIfCompromised = () => {
|
|
132
|
-
if (lockCompromised) {
|
|
133
|
-
throw lockCompromisedError ?? new Error("Auth storage lock was compromised");
|
|
134
|
-
}
|
|
135
|
-
};
|
|
136
|
-
try {
|
|
137
|
-
if (!existsSync(this.authPath)) {
|
|
138
|
-
this.ensureFileExists();
|
|
139
|
-
}
|
|
140
|
-
release = await lockfile.lock(this.authPath, {
|
|
141
|
-
retries: {
|
|
142
|
-
retries: 10,
|
|
143
|
-
factor: 2,
|
|
144
|
-
minTimeout: 100,
|
|
145
|
-
maxTimeout: 10000,
|
|
146
|
-
randomize: true,
|
|
147
|
-
},
|
|
148
|
-
stale: 30000,
|
|
149
|
-
onCompromised: (err) => {
|
|
150
|
-
lockCompromised = true;
|
|
151
|
-
lockCompromisedError = err;
|
|
152
|
-
},
|
|
153
|
-
});
|
|
154
|
-
throwIfCompromised();
|
|
155
|
-
const current = this.readMergedAuth();
|
|
156
|
-
const { result, next } = await fn(current);
|
|
157
|
-
throwIfCompromised();
|
|
158
|
-
if (next !== undefined) {
|
|
159
|
-
this.writeAtomic(next);
|
|
160
|
-
}
|
|
161
|
-
throwIfCompromised();
|
|
162
|
-
return result;
|
|
163
|
-
}
|
|
164
|
-
finally {
|
|
165
|
-
if (release) {
|
|
166
|
-
try {
|
|
167
|
-
await release();
|
|
168
|
-
}
|
|
169
|
-
catch {
|
|
170
|
-
// Ignore unlock errors when lock is compromised.
|
|
171
|
-
}
|
|
172
|
-
}
|
|
173
|
-
}
|
|
174
|
-
}
|
|
175
|
-
}
|
|
176
|
-
export class InMemoryAuthStorageBackend {
|
|
177
|
-
read() {
|
|
178
|
-
return this.value;
|
|
179
|
-
}
|
|
180
|
-
withLock(fn) {
|
|
181
|
-
const { result, next } = fn(this.value);
|
|
182
|
-
if (next !== undefined) {
|
|
183
|
-
this.value = next;
|
|
184
|
-
}
|
|
185
|
-
return result;
|
|
186
|
-
}
|
|
187
|
-
async withLockAsync(fn) {
|
|
188
|
-
const { result, next } = await fn(this.value);
|
|
189
|
-
if (next !== undefined) {
|
|
190
|
-
this.value = next;
|
|
191
|
-
}
|
|
192
|
-
return result;
|
|
193
|
-
}
|
|
194
|
-
}
|
|
14
|
+
export { FileAuthStorageBackend, InMemoryAuthStorageBackend } from "./auth-storage-backends.js";
|
|
195
15
|
/**
|
|
196
16
|
* Credential storage backed by a JSON file.
|
|
197
17
|
*/
|