npm - @claude-auth-sdk/core - Versions diffs - 0.1.0 - Mend

@claude-auth-sdk/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Claude Auth SDK contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,17 @@
+# @claude-auth-sdk/core
+Core authentication SDK for Claude. Handles OAuth login, credential storage, and browser opening.
+See the [monorepo README](https://github.com/anthropics/claude-auth-sdk#readme) for full documentation.
+## Quick start
+```ts
+import { login } from '@claude-auth-sdk/core';
+const result = await login('claudeai');
+```
+## License
+MIT

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+type LoginErrorCode = 'timeout' | 'cancelled' | 'exchange_failed' | 'storage_failed';
+declare class LoginError extends Error {
+    readonly code: LoginErrorCode;
+    constructor(message: string, code: LoginErrorCode, cause?: unknown);
+}
+interface OAuthCredentialBundle {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    scopes: readonly string[];
+}
+type SubscriptionType = 'max' | 'pro' | 'team' | 'enterprise' | 'unknown';
+interface OfficialProviderTerminalState {
+    mode: 'official-provider';
+    credentials: OAuthCredentialBundle;
+    subscriptionType?: SubscriptionType;
+    rateLimitTier?: string;
+}
+interface CompatOAuthTerminalState {
+    mode: 'compat-oauth';
+    credentials: OAuthCredentialBundle;
+    providerKey: string;
+    providerLabel?: string;
+}
+interface ApiKeyTerminalState {
+    mode: 'api-key';
+    apiKey: string;
+    source: 'user-supplied' | 'derived-from-console-oauth';
+}
+type CredentialTerminalState = OfficialProviderTerminalState | CompatOAuthTerminalState | ApiKeyTerminalState;
+interface StoredCredentialEnvelope {
+    terminal: CredentialTerminalState;
+    updatedAt: number;
+}
+interface StorageAdapter {
+    read(): Promise<StoredCredentialEnvelope | null>;
+    write(envelope: StoredCredentialEnvelope): Promise<void>;
+    clear(): Promise<void>;
+}
+interface ClaudeAiOauthStorageRecord {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    scopes: readonly string[];
+    subscriptionType?: string | null;
+    rateLimitTier?: string | null;
+}
+interface SecureStorageAdapter {
+    readOAuth?(): Promise<ClaudeAiOauthStorageRecord | null>;
+    writeOAuth?(value: ClaudeAiOauthStorageRecord): Promise<void>;
+    clearOAuth?(): Promise<void>;
+    readApiKey?(): Promise<string | null>;
+    writeApiKey?(value: string): Promise<void>;
+    clearApiKey?(): Promise<void>;
+}
+interface NodeStorageAdapterOptions {
+    configDir?: string;
+    platform?: NodeJS.Platform;
+    secureStorage?: SecureStorageAdapter;
+}
+declare function createNodeDefaultStorageAdapter(options?: NodeStorageAdapterOptions): StorageAdapter;
+type LoginMode = 'claudeai' | 'console';
+interface LoginResult {
+    readonly mode: LoginMode;
+    readonly loggedIn: true;
+}
+interface LoginInternalOptions {
+    configDir?: string;
+    openBrowserFn?: (url: string) => Promise<boolean>;
+    fetchImpl?: typeof fetch;
+}
+declare function login(mode: LoginMode, internalOptions?: LoginInternalOptions): Promise<LoginResult>;
+type ExecFileFn = (cmd: string, args: string[], cb: (err: Error | null) => void) => void;
+interface OpenBrowserOptions {
+    platform?: NodeJS.Platform;
+    execFileFn?: ExecFileFn;
+}
+declare function openBrowser(url: string, options?: OpenBrowserOptions): Promise<boolean>;
+export { LoginError, type LoginErrorCode, type LoginInternalOptions, type LoginMode, type LoginResult, type OAuthCredentialBundle, type StoredCredentialEnvelope, createNodeDefaultStorageAdapter, login, openBrowser };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,707 @@
+// src/errors.ts
+var LoginError = class extends Error {
+  code;
+  constructor(message, code, cause) {
+    super(message, cause === void 0 ? void 0 : { cause });
+    this.name = "LoginError";
+    this.code = code;
+  }
+};
+// src/internal/storage/node.ts
+import { mkdir, readFile, stat, unlink, writeFile } from "fs/promises";
+import { homedir } from "os";
+import { dirname, join } from "path";
+// src/internal/core/errors.ts
+var ClaudeAuthError = class extends Error {
+  code;
+  constructor(message, code, cause) {
+    super(message, cause === void 0 ? void 0 : { cause });
+    this.name = new.target.name;
+    this.code = code;
+  }
+};
+var UnsupportedRuntimeError = class extends ClaudeAuthError {
+  runtime;
+  constructor(runtime, message) {
+    super(message ?? `Unsupported runtime: ${runtime}.`, "UNSUPPORTED_RUNTIME");
+    this.runtime = runtime;
+  }
+};
+var StorageFailureError = class extends ClaudeAuthError {
+  constructor(message = "Failed to access credential storage.", cause) {
+    super(message, "STORAGE_FAILURE", cause);
+  }
+};
+// src/internal/storage/normalize.ts
+function normalizeStringArray(value) {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  return value.filter((entry) => typeof entry === "string");
+}
+function normalizeExpiresAt(value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value;
+  }
+  if (typeof value === "string") {
+    const parsed = Number(value);
+    if (Number.isFinite(parsed)) {
+      return parsed;
+    }
+  }
+  return 0;
+}
+function normalizeOAuthRecord(record) {
+  return {
+    accessToken: typeof record.accessToken === "string" ? record.accessToken : "",
+    refreshToken: typeof record.refreshToken === "string" ? record.refreshToken : "",
+    expiresAt: normalizeExpiresAt(record.expiresAt),
+    scopes: normalizeStringArray(record.scopes),
+    subscriptionType: typeof record.subscriptionType === "string" ? record.subscriptionType : null,
+    rateLimitTier: typeof record.rateLimitTier === "string" ? record.rateLimitTier : null
+  };
+}
+function normalizeStoredOauthEnvelope(record) {
+  const normalized = normalizeOAuthRecord(record);
+  return {
+    mode: "compat-oauth",
+    credentials: {
+      accessToken: normalized.accessToken,
+      refreshToken: normalized.refreshToken,
+      expiresAt: normalized.expiresAt,
+      scopes: normalized.scopes
+    },
+    metadata: {
+      subscriptionType: normalized.subscriptionType === null ? void 0 : normalized.subscriptionType,
+      rateLimitTier: normalized.rateLimitTier === null ? void 0 : normalized.rateLimitTier
+    }
+  };
+}
+function serializeOAuthTerminalState(terminal) {
+  return {
+    accessToken: terminal.credentials.accessToken,
+    refreshToken: terminal.credentials.refreshToken,
+    expiresAt: terminal.credentials.expiresAt,
+    scopes: [...terminal.credentials.scopes],
+    subscriptionType: terminal.mode === "official-provider" ? terminal.subscriptionType ?? null : null,
+    rateLimitTier: terminal.mode === "official-provider" ? terminal.rateLimitTier ?? null : null
+  };
+}
+function normalizeApiKeyTerminalState(config) {
+  if (typeof config.primaryApiKey !== "string" || config.primaryApiKey.length === 0) {
+    return null;
+  }
+  const state = {
+    mode: "api-key",
+    apiKey: config.primaryApiKey,
+    source: config.customApiKeyResponses?.approved ? "derived-from-console-oauth" : "user-supplied"
+  };
+  return {
+    mode: "api-key",
+    state
+  };
+}
+function toStoredEnvelopeFromNativeShapes(params) {
+  const oauthRecord = params.credentialsFile.claudeAiOauth;
+  if (oauthRecord !== void 0) {
+    const normalized = normalizeStoredOauthEnvelope(oauthRecord);
+    const terminal = {
+      mode: normalized.mode,
+      credentials: normalized.credentials,
+      providerKey: "claudeai",
+      providerLabel: "Claude.ai compatibility lane"
+    };
+    return {
+      terminal,
+      updatedAt: params.updatedAt
+    };
+  }
+  const normalizedApiKey = normalizeApiKeyTerminalState(params.configFile);
+  if (normalizedApiKey === null) {
+    return null;
+  }
+  return {
+    terminal: normalizedApiKey.state,
+    updatedAt: params.updatedAt
+  };
+}
+function updateConfigWithApiKey(params) {
+  const nextApproved = params.terminal.source === "derived-from-console-oauth";
+  return {
+    ...params.configFile,
+    primaryApiKey: params.terminal.apiKey,
+    customApiKeyResponses: {
+      ...params.configFile.customApiKeyResponses,
+      approved: nextApproved
+    }
+  };
+}
+// src/internal/storage/node.ts
+var CREDENTIALS_FILE_NAME = ".credentials.json";
+var CONFIG_FILE_NAME = "config.json";
+function isErrnoCode(error, code) {
+  return error !== null && typeof error === "object" && "code" in error && error.code === code;
+}
+async function readJsonOrDefault(filePath, defaultValue) {
+  try {
+    const content = await readFile(filePath, "utf8");
+    const parsed = JSON.parse(content);
+    return parsed ?? defaultValue;
+  } catch (error) {
+    if (isErrnoCode(error, "ENOENT")) {
+      return defaultValue;
+    }
+    throw new StorageFailureError(`Failed to read storage file: ${filePath}`, error);
+  }
+}
+async function writeJson(filePath, value) {
+  try {
+    await mkdir(dirname(filePath), { recursive: true });
+    await writeFile(filePath, JSON.stringify(value, null, 2), { mode: 384, encoding: "utf8" });
+  } catch (error) {
+    throw new StorageFailureError(`Failed to write storage file: ${filePath}`, error);
+  }
+}
+async function safeUnlink(filePath) {
+  try {
+    await unlink(filePath);
+  } catch (error) {
+    if (isErrnoCode(error, "ENOENT")) {
+      return;
+    }
+    throw new StorageFailureError(`Failed to remove storage file: ${filePath}`, error);
+  }
+}
+async function getUpdatedAt(paths) {
+  const mtimes = [];
+  for (const filePath of [paths.credentialsFilePath, paths.configFilePath]) {
+    try {
+      const metadata = await stat(filePath);
+      mtimes.push(metadata.mtimeMs);
+    } catch (error) {
+      if (!isErrnoCode(error, "ENOENT")) {
+        throw new StorageFailureError(`Failed to stat storage file: ${filePath}`, error);
+      }
+    }
+  }
+  if (mtimes.length === 0) {
+    return Date.now();
+  }
+  return Math.max(...mtimes);
+}
+async function readNativeShapes(paths) {
+  const [credentialsFile, configFile] = await Promise.all([
+    readJsonOrDefault(paths.credentialsFilePath, {}),
+    readJsonOrDefault(paths.configFilePath, {})
+  ]);
+  return {
+    credentialsFile,
+    configFile
+  };
+}
+function isMacOS(platform) {
+  return platform === "darwin";
+}
+function resolveNodeCredentialPaths(configDir) {
+  const resolvedConfigDir = configDir ?? process.env.CLAUDE_CONFIG_DIR ?? join(homedir(), ".claude");
+  return {
+    configDir: resolvedConfigDir,
+    credentialsFilePath: join(resolvedConfigDir, CREDENTIALS_FILE_NAME),
+    configFilePath: join(resolvedConfigDir, CONFIG_FILE_NAME)
+  };
+}
+function createNodeDefaultStorageAdapter(options = {}) {
+  const paths = resolveNodeCredentialPaths(options.configDir);
+  const platform = options.platform ?? process.platform;
+  const secureStorage = options.secureStorage;
+  const secureFirst = isMacOS(platform) && secureStorage !== void 0;
+  const readSecureFirst = async () => {
+    if (!secureFirst) {
+      return null;
+    }
+    const oauthRecord = await secureStorage.readOAuth?.();
+    if (oauthRecord !== null && oauthRecord !== void 0) {
+      return {
+        terminal: {
+          mode: "compat-oauth",
+          credentials: {
+            accessToken: oauthRecord.accessToken,
+            refreshToken: oauthRecord.refreshToken,
+            expiresAt: oauthRecord.expiresAt,
+            scopes: oauthRecord.scopes
+          },
+          providerKey: "claudeai",
+          providerLabel: "Claude.ai compatibility lane"
+        },
+        updatedAt: Date.now()
+      };
+    }
+    const apiKey = await secureStorage.readApiKey?.();
+    if (typeof apiKey === "string" && apiKey.length > 0) {
+      return {
+        terminal: {
+          mode: "api-key",
+          apiKey,
+          source: "derived-from-console-oauth"
+        },
+        updatedAt: Date.now()
+      };
+    }
+    return null;
+  };
+  return {
+    async read() {
+      if (secureFirst) {
+        const secureValue = await readSecureFirst();
+        if (secureValue !== null) {
+          return secureValue;
+        }
+      }
+      const nativeShapes = await readNativeShapes(paths);
+      const updatedAt = await getUpdatedAt(paths);
+      return toStoredEnvelopeFromNativeShapes({
+        ...nativeShapes,
+        updatedAt
+      });
+    },
+    async write(envelope) {
+      if (envelope.terminal.mode === "api-key") {
+        if (secureFirst && secureStorage.writeApiKey !== void 0) {
+          await secureStorage.writeApiKey(envelope.terminal.apiKey);
+        }
+        const configFile = await readJsonOrDefault(paths.configFilePath, {});
+        const nextConfigFile = updateConfigWithApiKey({
+          configFile,
+          terminal: envelope.terminal
+        });
+        await writeJson(paths.configFilePath, nextConfigFile);
+        const credentialsFile2 = await readJsonOrDefault(
+          paths.credentialsFilePath,
+          {}
+        );
+        if (credentialsFile2.claudeAiOauth !== void 0) {
+          const { claudeAiOauth: _omit, ...rest } = credentialsFile2;
+          await writeJson(paths.credentialsFilePath, rest);
+        }
+        return;
+      }
+      const oauthRecord = serializeOAuthTerminalState(envelope.terminal);
+      if (secureFirst && secureStorage.writeOAuth !== void 0) {
+        await secureStorage.writeOAuth(oauthRecord);
+      }
+      const credentialsFile = await readJsonOrDefault(
+        paths.credentialsFilePath,
+        {}
+      );
+      const nextCredentialsFile = {
+        ...credentialsFile,
+        claudeAiOauth: oauthRecord
+      };
+      await writeJson(paths.credentialsFilePath, nextCredentialsFile);
+    },
+    async clear() {
+      if (secureFirst) {
+        await Promise.all([secureStorage.clearOAuth?.(), secureStorage.clearApiKey?.()]);
+      }
+      await Promise.all([safeUnlink(paths.credentialsFilePath), safeUnlink(paths.configFilePath)]);
+    }
+  };
+}
+// src/internal/browser/constants.ts
+var DEFAULT_OAUTH_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+var DEFAULT_OAUTH_SCOPE = [
+  "org:create_api_key",
+  "user:profile",
+  "user:inference",
+  "user:sessions:claude_code",
+  "user:mcp_servers",
+  "user:file_upload"
+];
+var COMPAT_AUTHORIZE_ENDPOINTS = {
+  claudeai: "https://claude.com/cai/oauth/authorize",
+  console: "https://platform.claude.com/oauth/authorize"
+};
+// src/internal/browser/pkce.ts
+var PKCE_VERIFIER_LENGTH_BYTES = 64;
+var STATE_LENGTH_BYTES = 32;
+function requireWebCrypto() {
+  if (typeof globalThis.crypto === "undefined") {
+    throw new UnsupportedRuntimeError(
+      "browser",
+      "Web Crypto API is required for browser auth initiation."
+    );
+  }
+  if (typeof globalThis.crypto.getRandomValues !== "function") {
+    throw new UnsupportedRuntimeError(
+      "browser",
+      "crypto.getRandomValues is unavailable in this runtime."
+    );
+  }
+  if (typeof globalThis.crypto.subtle === "undefined") {
+    throw new UnsupportedRuntimeError("browser", "crypto.subtle is unavailable in this runtime.");
+  }
+  return globalThis.crypto;
+}
+function bytesToBase64Url(bytes) {
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  const base64 = typeof globalThis.btoa === "function" ? globalThis.btoa(binary) : Buffer.from(binary, "binary").toString("base64");
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+function createRandomBase64Url(byteLength) {
+  const crypto = requireWebCrypto();
+  const bytes = new Uint8Array(byteLength);
+  crypto.getRandomValues(bytes);
+  return bytesToBase64Url(bytes);
+}
+function createState() {
+  return createRandomBase64Url(STATE_LENGTH_BYTES);
+}
+function createPkceVerifier() {
+  return createRandomBase64Url(PKCE_VERIFIER_LENGTH_BYTES);
+}
+async function createPkceChallenge(verifier) {
+  const crypto = requireWebCrypto();
+  const source = new TextEncoder().encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", source);
+  return bytesToBase64Url(new Uint8Array(digest));
+}
+// src/internal/server/callback/exchange.ts
+var DEFAULT_COMPAT_OAUTH_ENDPOINTS = {
+  claudeai: {
+    authorizeEndpoint: "https://claude.com/cai/oauth/authorize",
+    tokenEndpoint: "https://platform.claude.com/v1/oauth/token"
+  },
+  console: {
+    authorizeEndpoint: "https://platform.claude.com/oauth/authorize",
+    tokenEndpoint: "https://platform.claude.com/v1/oauth/token"
+  }
+};
+var COMPAT_PROVIDER_LABELS = {
+  claudeai: "Claude.ai",
+  console: "Anthropic Console"
+};
+function resolveCompatOAuthEndpointConfig(modeId, override) {
+  const defaults = DEFAULT_COMPAT_OAUTH_ENDPOINTS[modeId];
+  return {
+    authorizeEndpoint: override?.authorizeEndpoint ?? defaults.authorizeEndpoint,
+    tokenEndpoint: override?.tokenEndpoint ?? defaults.tokenEndpoint
+  };
+}
+async function exchangeCompatOAuthCodeForCredentials(request, options = {}) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const now = options.now ?? Date.now;
+  const endpointConfig = resolveCompatOAuthEndpointConfig(request.modeId, request.endpointConfig);
+  const response = await fetchImpl(endpointConfig.tokenEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      grant_type: "authorization_code",
+      code: request.code,
+      redirect_uri: request.redirectUri,
+      client_id: request.clientId,
+      code_verifier: request.codeVerifier,
+      state: request.state,
+      scope: request.scope
+    })
+  });
+  const responseData = await tryReadTokenResponse(response);
+  if (!response.ok) {
+    const rawMessage = responseData.error_description ?? responseData.error ?? `Token exchange failed with HTTP ${response.status}.`;
+    const message = typeof rawMessage === "string" ? rawMessage : JSON.stringify(rawMessage);
+    throw new Error(message);
+  }
+  const accessToken = responseData.access_token;
+  if (!accessToken) {
+    throw new Error("Token exchange succeeded without access_token.");
+  }
+  const expiresIn = coerceExpiresInSeconds(responseData.expires_in);
+  const scope = responseData.scope ?? request.scope ?? "";
+  const scopes = scope.trim() === "" ? [] : scope.trim().split(/\s+/);
+  return {
+    ok: true,
+    terminal: {
+      mode: "compat-oauth",
+      providerKey: request.modeId,
+      providerLabel: COMPAT_PROVIDER_LABELS[request.modeId],
+      credentials: {
+        accessToken,
+        refreshToken: responseData.refresh_token ?? "",
+        expiresAt: now() + expiresIn * 1e3,
+        scopes
+      }
+    }
+  };
+}
+async function tryReadTokenResponse(response) {
+  try {
+    const payload = await response.json();
+    return payload;
+  } catch {
+    return {};
+  }
+}
+function coerceExpiresInSeconds(value) {
+  if (typeof value === "number" && Number.isFinite(value) && value >= 0) {
+    return value;
+  }
+  if (typeof value === "string" && value.trim() !== "") {
+    const parsed = Number(value);
+    if (Number.isFinite(parsed) && parsed >= 0) {
+      return parsed;
+    }
+  }
+  return 0;
+}
+// src/runtime/callback-server.ts
+import { createServer } from "http";
+var DEFAULT_TIMEOUT_MS = 12e4;
+var SUCCESS_HTML = `<!DOCTYPE html>
+<html><body style="font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0">
+<div style="text-align:center">
+<h2>login successful</h2>
+<p id="msg">This tab will close in <span id="count">3</span> seconds...</p>
+</div>
+<script>
+let n=3;
+const c=document.getElementById("count");
+const m=document.getElementById("msg");
+const t=setInterval(()=>{n--;if(n>0){c.textContent=n}else{clearInterval(t);window.close();m.textContent="You can close this tab."}},1000);
+</script>
+</body></html>`;
+async function startCallbackServer() {
+  let pendingCallback;
+  let resolveCallback;
+  let timeoutHandle;
+  function clearPendingWait() {
+    if (timeoutHandle !== void 0) {
+      clearTimeout(timeoutHandle);
+      timeoutHandle = void 0;
+    }
+    resolveCallback = void 0;
+  }
+  const server = createServer((req, res) => {
+    const url = new URL(req.url ?? "/", "http://localhost");
+    if (url.pathname !== "/callback") {
+      res.writeHead(404);
+      res.end();
+      return;
+    }
+    const params = {
+      code: url.searchParams.get("code") ?? void 0,
+      state: url.searchParams.get("state") ?? void 0,
+      error: url.searchParams.get("error") ?? void 0,
+      errorDescription: url.searchParams.get("error_description") ?? void 0
+    };
+    res.shouldKeepAlive = false;
+    res.writeHead(200, { "Content-Type": "text/html", Connection: "close" });
+    res.end(SUCCESS_HTML);
+    if (resolveCallback !== void 0) {
+      const resolve = resolveCallback;
+      clearPendingWait();
+      resolve(params);
+      return;
+    }
+    pendingCallback = params;
+  });
+  const port = await new Promise((resolve, reject) => {
+    server.listen(0, "localhost", () => {
+      const addr = server.address();
+      if (addr === null || typeof addr === "string") {
+        reject(new Error("Failed to bind callback server"));
+        return;
+      }
+      resolve(addr.port);
+    });
+  });
+  return {
+    port,
+    waitForCallback(timeoutMs = DEFAULT_TIMEOUT_MS) {
+      if (pendingCallback !== void 0) {
+        const buffered = pendingCallback;
+        pendingCallback = void 0;
+        return Promise.resolve(buffered);
+      }
+      return new Promise((resolve, reject) => {
+        resolveCallback = resolve;
+        timeoutHandle = setTimeout(() => {
+          clearPendingWait();
+          reject(new Error("Login timeout: no callback received"));
+        }, timeoutMs);
+        timeoutHandle.unref();
+      });
+    },
+    close() {
+      return new Promise((resolve) => {
+        server.closeIdleConnections?.();
+        server.close(() => {
+          resolve();
+        });
+      });
+    }
+  };
+}
+// src/runtime/open-browser.ts
+import { execFile as defaultExecFile } from "child_process";
+async function openBrowser(url, options = {}) {
+  const platform = options.platform ?? process.platform;
+  const execFileFn = options.execFileFn ?? defaultExecFile;
+  const { cmd, args } = getOpenCommand(platform, url);
+  return new Promise((resolve) => {
+    execFileFn(cmd, args, (err) => {
+      resolve(err === null);
+    });
+  });
+}
+function getOpenCommand(platform, url) {
+  switch (platform) {
+    case "darwin":
+      return { cmd: "open", args: [url] };
+    case "win32":
+      return { cmd: "cmd", args: ["/c", "start", "", url] };
+    default:
+      return { cmd: "xdg-open", args: [url] };
+  }
+}
+// src/login.ts
+var CREATE_API_KEY_URL = "https://api.anthropic.com/api/oauth/claude_cli/create_api_key";
+async function createApiKeyFromAccessToken(accessToken, fetchImpl) {
+  const doFetch = fetchImpl ?? fetch;
+  const response = await doFetch(CREATE_API_KEY_URL, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${accessToken}`
+    }
+  });
+  if (!response.ok) {
+    throw new LoginError(`API key creation failed with HTTP ${response.status}`, "exchange_failed");
+  }
+  const data = await response.json();
+  if (!data.raw_key) {
+    throw new LoginError("API key creation succeeded but no key returned", "exchange_failed");
+  }
+  return data.raw_key;
+}
+async function login(mode, internalOptions) {
+  const server = await startCallbackServer();
+  try {
+    const state = createState();
+    const verifier = createPkceVerifier();
+    const challenge = await createPkceChallenge(verifier);
+    const redirectUri = `http://localhost:${server.port}/callback`;
+    const scope = DEFAULT_OAUTH_SCOPE.join(" ");
+    const params = new URLSearchParams({
+      code: "true",
+      client_id: DEFAULT_OAUTH_CLIENT_ID,
+      response_type: "code",
+      scope,
+      code_challenge: challenge,
+      code_challenge_method: "S256",
+      state,
+      redirect_uri: redirectUri
+    });
+    const authorizeUrl = `${COMPAT_AUTHORIZE_ENDPOINTS[mode]}?${params.toString()}`;
+    const openFn = internalOptions?.openBrowserFn ?? openBrowser;
+    const opened = await openFn(authorizeUrl);
+    if (!opened) {
+      process.stdout.write(`
+Open this URL in your browser to log in:
+${authorizeUrl}
+`);
+    }
+    const callbackParams = await server.waitForCallback();
+    if (callbackParams.error) {
+      throw new LoginError(callbackParams.errorDescription ?? callbackParams.error, "cancelled");
+    }
+    if (!callbackParams.code || !callbackParams.state) {
+      throw new LoginError("Missing authorization code in callback", "cancelled");
+    }
+    if (callbackParams.state !== state) {
+      throw new LoginError("OAuth state mismatch", "cancelled");
+    }
+    const credentialResult = await exchangeCompatOAuthCodeForCredentials(
+      {
+        modeId: mode,
+        code: callbackParams.code,
+        state: callbackParams.state,
+        codeVerifier: verifier,
+        redirectUri,
+        clientId: DEFAULT_OAUTH_CLIENT_ID,
+        scope
+      },
+      {
+        fetchImpl: internalOptions?.fetchImpl
+      }
+    );
+    if (!credentialResult.ok) {
+      throw new LoginError(credentialResult.message, "exchange_failed");
+    }
+    const storage = createNodeDefaultStorageAdapter({
+      configDir: internalOptions?.configDir
+    });
+    if (mode === "console") {
+      if (credentialResult.terminal.mode !== "compat-oauth") {
+        throw new LoginError("Unexpected terminal state for console mode", "exchange_failed");
+      }
+      const apiKey = await createApiKeyFromAccessToken(
+        credentialResult.terminal.credentials.accessToken,
+        internalOptions?.fetchImpl
+      );
+      try {
+        await storage.write({
+          terminal: {
+            mode: "api-key",
+            apiKey,
+            source: "derived-from-console-oauth"
+          },
+          updatedAt: Date.now()
+        });
+      } catch (cause) {
+        throw new LoginError("Failed to save credentials", "storage_failed", cause);
+      }
+    } else {
+      try {
+        await storage.write({
+          terminal: credentialResult.terminal,
+          updatedAt: Date.now()
+        });
+      } catch (cause) {
+        throw new LoginError("Failed to save credentials", "storage_failed", cause);
+      }
+    }
+    return { mode, loggedIn: true };
+  } catch (error) {
+    if (error instanceof LoginError) {
+      throw error;
+    }
+    throw new LoginError(
+      error instanceof Error ? error.message : "Login failed",
+      "exchange_failed",
+      error
+    );
+  } finally {
+    await server.close();
+  }
+}
+export {
+  LoginError,
+  createNodeDefaultStorageAdapter,
+  login,
+  openBrowser
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/errors.ts","../src/internal/storage/node.ts","../src/internal/core/errors.ts","../src/internal/storage/normalize.ts","../src/internal/browser/constants.ts","../src/internal/browser/pkce.ts","../src/internal/server/callback/exchange.ts","../src/runtime/callback-server.ts","../src/runtime/open-browser.ts","../src/login.ts"],"sourcesContent":["export type LoginErrorCode = 'timeout' | 'cancelled' | 'exchange_failed' | 'storage_failed';\n\nexport class LoginError extends Error {\n public readonly code: LoginErrorCode;\n\n public constructor(message: string, code: LoginErrorCode, cause?: unknown) {\n super(message, cause === undefined ? undefined : { cause });\n this.name = 'LoginError';\n this.code = code;\n }\n}\n","import { mkdir, readFile, stat, unlink, writeFile } from 'node:fs/promises';\nimport { homedir } from 'node:os';\nimport { dirname, join } from 'node:path';\n\nimport type { StorageAdapter, StoredCredentialEnvelope } from '../core/contracts.js';\nimport { StorageFailureError } from '../core/errors.js';\nimport {\n serializeOAuthTerminalState,\n toStoredEnvelopeFromNativeShapes,\n updateConfigWithApiKey,\n} from './normalize.js';\nimport type {\n ConfigFileShape,\n CredentialsFileShape,\n NodeCredentialPaths,\n NodeStorageAdapterOptions,\n} from './types.js';\n\nconst CREDENTIALS_FILE_NAME = '.credentials.json';\nconst CONFIG_FILE_NAME = 'config.json';\n\nfunction isErrnoCode(error: unknown, code: string): boolean {\n return (\n error !== null &&\n typeof error === 'object' &&\n 'code' in error &&\n (error as NodeJS.ErrnoException).code === code\n );\n}\n\nasync function readJsonOrDefault<T>(filePath: string, defaultValue: T): Promise<T> {\n try {\n const content = await readFile(filePath, 'utf8');\n const parsed = JSON.parse(content) as unknown;\n return (parsed as T) ?? defaultValue;\n } catch (error) {\n if (isErrnoCode(error, 'ENOENT')) {\n return defaultValue;\n }\n\n throw new StorageFailureError(`Failed to read storage file: ${filePath}`, error);\n }\n}\n\nasync function writeJson(filePath: string, value: unknown): Promise<void> {\n try {\n await mkdir(dirname(filePath), { recursive: true });\n await writeFile(filePath, JSON.stringify(value, null, 2), { mode: 0o600, encoding: 'utf8' });\n } catch (error) {\n throw new StorageFailureError(`Failed to write storage file: ${filePath}`, error);\n }\n}\n\nasync function safeUnlink(filePath: string): Promise<void> {\n try {\n await unlink(filePath);\n } catch (error) {\n if (isErrnoCode(error, 'ENOENT')) {\n return;\n }\n\n throw new StorageFailureError(`Failed to remove storage file: ${filePath}`, error);\n }\n}\n\nasync function getUpdatedAt(paths: NodeCredentialPaths): Promise<number> {\n const mtimes: number[] = [];\n for (const filePath of [paths.credentialsFilePath, paths.configFilePath]) {\n try {\n const metadata = await stat(filePath);\n mtimes.push(metadata.mtimeMs);\n } catch (error) {\n if (!isErrnoCode(error, 'ENOENT')) {\n throw new StorageFailureError(`Failed to stat storage file: ${filePath}`, error);\n }\n }\n }\n\n if (mtimes.length === 0) {\n return Date.now();\n }\n\n return Math.max(...mtimes);\n}\n\nasync function readNativeShapes(paths: NodeCredentialPaths): Promise<{\n credentialsFile: CredentialsFileShape;\n configFile: ConfigFileShape;\n}> {\n const [credentialsFile, configFile] = await Promise.all([\n readJsonOrDefault<CredentialsFileShape>(paths.credentialsFilePath, {}),\n readJsonOrDefault<ConfigFileShape>(paths.configFilePath, {}),\n ]);\n\n return {\n credentialsFile,\n configFile,\n };\n}\n\nfunction isMacOS(platform: NodeJS.Platform): boolean {\n return platform === 'darwin';\n}\n\nexport function resolveNodeCredentialPaths(configDir?: string): NodeCredentialPaths {\n const resolvedConfigDir =\n configDir ?? process.env.CLAUDE_CONFIG_DIR ?? join(homedir(), '.claude');\n\n return {\n configDir: resolvedConfigDir,\n credentialsFilePath: join(resolvedConfigDir, CREDENTIALS_FILE_NAME),\n configFilePath: join(resolvedConfigDir, CONFIG_FILE_NAME),\n };\n}\n\nexport function createNodeDefaultStorageAdapter(\n options: NodeStorageAdapterOptions = {},\n): StorageAdapter {\n const paths = resolveNodeCredentialPaths(options.configDir);\n const platform = options.platform ?? process.platform;\n const secureStorage = options.secureStorage;\n const secureFirst = isMacOS(platform) && secureStorage !== undefined;\n\n const readSecureFirst = async (): Promise<StoredCredentialEnvelope | null> => {\n if (!secureFirst) {\n return null;\n }\n\n const oauthRecord = await secureStorage.readOAuth?.();\n if (oauthRecord !== null && oauthRecord !== undefined) {\n return {\n terminal: {\n mode: 'compat-oauth',\n credentials: {\n accessToken: oauthRecord.accessToken,\n refreshToken: oauthRecord.refreshToken,\n expiresAt: oauthRecord.expiresAt,\n scopes: oauthRecord.scopes,\n },\n providerKey: 'claudeai',\n providerLabel: 'Claude.ai compatibility lane',\n },\n updatedAt: Date.now(),\n };\n }\n\n const apiKey = await secureStorage.readApiKey?.();\n if (typeof apiKey === 'string' && apiKey.length > 0) {\n return {\n terminal: {\n mode: 'api-key',\n apiKey,\n source: 'derived-from-console-oauth',\n },\n updatedAt: Date.now(),\n };\n }\n\n return null;\n };\n\n return {\n async read(): Promise<StoredCredentialEnvelope | null> {\n if (secureFirst) {\n const secureValue = await readSecureFirst();\n if (secureValue !== null) {\n return secureValue;\n }\n }\n\n const nativeShapes = await readNativeShapes(paths);\n const updatedAt = await getUpdatedAt(paths);\n return toStoredEnvelopeFromNativeShapes({\n ...nativeShapes,\n updatedAt,\n });\n },\n\n async write(envelope: StoredCredentialEnvelope): Promise<void> {\n if (envelope.terminal.mode === 'api-key') {\n if (secureFirst && secureStorage.writeApiKey !== undefined) {\n await secureStorage.writeApiKey(envelope.terminal.apiKey);\n }\n\n const configFile = await readJsonOrDefault<ConfigFileShape>(paths.configFilePath, {});\n const nextConfigFile = updateConfigWithApiKey({\n configFile,\n terminal: envelope.terminal,\n });\n\n await writeJson(paths.configFilePath, nextConfigFile);\n\n const credentialsFile = await readJsonOrDefault<CredentialsFileShape>(\n paths.credentialsFilePath,\n {},\n );\n if (credentialsFile.claudeAiOauth !== undefined) {\n const { claudeAiOauth: _omit, ...rest } = credentialsFile;\n await writeJson(paths.credentialsFilePath, rest);\n }\n\n return;\n }\n\n const oauthRecord = serializeOAuthTerminalState(envelope.terminal);\n if (secureFirst && secureStorage.writeOAuth !== undefined) {\n await secureStorage.writeOAuth(oauthRecord);\n }\n\n const credentialsFile = await readJsonOrDefault<CredentialsFileShape>(\n paths.credentialsFilePath,\n {},\n );\n const nextCredentialsFile: CredentialsFileShape = {\n ...credentialsFile,\n claudeAiOauth: oauthRecord,\n };\n\n await writeJson(paths.credentialsFilePath, nextCredentialsFile);\n },\n\n async clear(): Promise<void> {\n if (secureFirst) {\n await Promise.all([secureStorage.clearOAuth?.(), secureStorage.clearApiKey?.()]);\n }\n\n await Promise.all([safeUnlink(paths.credentialsFilePath), safeUnlink(paths.configFilePath)]);\n },\n };\n}\n","import type { AuthMode } from './types.js';\n\nexport type ClaudeAuthErrorCode =\n | 'INVALID_STATE'\n | 'MISSING_CODE'\n | 'UNSUPPORTED_RUNTIME'\n | 'POLICY_GATED_MODE'\n | 'REFRESH_FAILURE'\n | 'STORAGE_FAILURE';\n\nexport class ClaudeAuthError extends Error {\n public readonly code: ClaudeAuthErrorCode;\n\n public constructor(message: string, code: ClaudeAuthErrorCode, cause?: unknown) {\n super(message, cause === undefined ? undefined : { cause });\n this.name = new.target.name;\n this.code = code;\n }\n}\n\nexport class InvalidStateError extends ClaudeAuthError {\n public readonly expectedState: string;\n public readonly receivedState: string | undefined;\n\n public constructor(params: { expectedState: string; receivedState?: string }) {\n const { expectedState, receivedState } = params;\n super(\n `OAuth state validation failed (expected \"${expectedState}\", received \"${receivedState ?? 'undefined'}\").`,\n 'INVALID_STATE',\n );\n this.expectedState = expectedState;\n this.receivedState = receivedState;\n }\n}\n\nexport class MissingAuthorizationCodeError extends ClaudeAuthError {\n public constructor(message = 'Missing authorization code in callback payload.') {\n super(message, 'MISSING_CODE');\n }\n}\n\nexport class UnsupportedRuntimeError extends ClaudeAuthError {\n public readonly runtime: string;\n\n public constructor(runtime: string, message?: string) {\n super(message ?? `Unsupported runtime: ${runtime}.`, 'UNSUPPORTED_RUNTIME');\n this.runtime = runtime;\n }\n}\n\nexport class PolicyGatedModeError extends ClaudeAuthError {\n public readonly mode: AuthMode;\n\n public constructor(mode: AuthMode, reason?: string) {\n super(\n reason === undefined\n ? `Authentication mode \"${mode}\" is disabled by policy.`\n : `Authentication mode \"${mode}\" is disabled by policy: ${reason}`,\n 'POLICY_GATED_MODE',\n );\n this.mode = mode;\n }\n}\n\nexport class RefreshFailureError extends ClaudeAuthError {\n public constructor(message = 'Failed to refresh authentication credentials.', cause?: unknown) {\n super(message, 'REFRESH_FAILURE', cause);\n }\n}\n\nexport class StorageFailureError extends ClaudeAuthError {\n public constructor(message = 'Failed to access credential storage.', cause?: unknown) {\n super(message, 'STORAGE_FAILURE', cause);\n }\n}\n","import type { StoredCredentialEnvelope } from '../core/contracts.js';\nimport type {\n ApiKeyTerminalState,\n CompatOAuthTerminalState,\n CredentialTerminalState,\n OfficialProviderTerminalState,\n} from '../core/types.js';\nimport type {\n ClaudeAiOauthStorageRecord,\n ConfigFileShape,\n CredentialsFileShape,\n NormalizedApiKeyEnvelope,\n NormalizedOauthEnvelope,\n} from './types.js';\n\nfunction normalizeStringArray(value: unknown): string[] {\n if (!Array.isArray(value)) {\n return [];\n }\n\n return value.filter((entry): entry is string => typeof entry === 'string');\n}\n\nfunction normalizeExpiresAt(value: unknown): number {\n if (typeof value === 'number' && Number.isFinite(value)) {\n return value;\n }\n\n if (typeof value === 'string') {\n const parsed = Number(value);\n if (Number.isFinite(parsed)) {\n return parsed;\n }\n }\n\n return 0;\n}\n\nexport function normalizeOAuthRecord(\n record: Partial<ClaudeAiOauthStorageRecord>,\n): ClaudeAiOauthStorageRecord {\n return {\n accessToken: typeof record.accessToken === 'string' ? record.accessToken : '',\n refreshToken: typeof record.refreshToken === 'string' ? record.refreshToken : '',\n expiresAt: normalizeExpiresAt(record.expiresAt),\n scopes: normalizeStringArray(record.scopes),\n subscriptionType: typeof record.subscriptionType === 'string' ? record.subscriptionType : null,\n rateLimitTier: typeof record.rateLimitTier === 'string' ? record.rateLimitTier : null,\n };\n}\n\nexport function normalizeStoredOauthEnvelope(\n record: Partial<ClaudeAiOauthStorageRecord>,\n): NormalizedOauthEnvelope {\n const normalized = normalizeOAuthRecord(record);\n\n return {\n mode: 'compat-oauth',\n credentials: {\n accessToken: normalized.accessToken,\n refreshToken: normalized.refreshToken,\n expiresAt: normalized.expiresAt,\n scopes: normalized.scopes,\n },\n metadata: {\n subscriptionType:\n normalized.subscriptionType === null ? undefined : normalized.subscriptionType,\n rateLimitTier: normalized.rateLimitTier === null ? undefined : normalized.rateLimitTier,\n },\n };\n}\n\nexport function serializeOAuthTerminalState(\n terminal: OfficialProviderTerminalState | CompatOAuthTerminalState,\n): ClaudeAiOauthStorageRecord {\n return {\n accessToken: terminal.credentials.accessToken,\n refreshToken: terminal.credentials.refreshToken,\n expiresAt: terminal.credentials.expiresAt,\n scopes: [...terminal.credentials.scopes],\n subscriptionType:\n terminal.mode === 'official-provider' ? (terminal.subscriptionType ?? null) : null,\n rateLimitTier: terminal.mode === 'official-provider' ? (terminal.rateLimitTier ?? null) : null,\n };\n}\n\nexport function normalizeApiKeyTerminalState(\n config: ConfigFileShape,\n): NormalizedApiKeyEnvelope | null {\n if (typeof config.primaryApiKey !== 'string' || config.primaryApiKey.length === 0) {\n return null;\n }\n\n const state: ApiKeyTerminalState = {\n mode: 'api-key',\n apiKey: config.primaryApiKey,\n source: config.customApiKeyResponses?.approved ? 'derived-from-console-oauth' : 'user-supplied',\n };\n\n return {\n mode: 'api-key',\n state,\n };\n}\n\nexport function toStoredEnvelopeFromNativeShapes(params: {\n credentialsFile: CredentialsFileShape;\n configFile: ConfigFileShape;\n updatedAt: number;\n}): StoredCredentialEnvelope | null {\n const oauthRecord = params.credentialsFile.claudeAiOauth;\n if (oauthRecord !== undefined) {\n const normalized = normalizeStoredOauthEnvelope(oauthRecord);\n const terminal: CredentialTerminalState = {\n mode: normalized.mode,\n credentials: normalized.credentials,\n providerKey: 'claudeai',\n providerLabel: 'Claude.ai compatibility lane',\n };\n\n return {\n terminal,\n updatedAt: params.updatedAt,\n };\n }\n\n const normalizedApiKey = normalizeApiKeyTerminalState(params.configFile);\n if (normalizedApiKey === null) {\n return null;\n }\n\n return {\n terminal: normalizedApiKey.state,\n updatedAt: params.updatedAt,\n };\n}\n\nexport function updateConfigWithApiKey(params: {\n configFile: ConfigFileShape;\n terminal: ApiKeyTerminalState;\n}): ConfigFileShape {\n const nextApproved = params.terminal.source === 'derived-from-console-oauth';\n\n return {\n ...params.configFile,\n primaryApiKey: params.terminal.apiKey,\n customApiKeyResponses: {\n ...params.configFile.customApiKeyResponses,\n approved: nextApproved,\n },\n };\n}\n","import type { CompatModeId, OfficialProviderModeId } from './types.js';\n\nexport const DEFAULT_OAUTH_CLIENT_ID = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';\n\nexport const DEFAULT_OAUTH_SCOPE = [\n 'org:create_api_key',\n 'user:profile',\n 'user:inference',\n 'user:sessions:claude_code',\n 'user:mcp_servers',\n 'user:file_upload',\n] as const;\n\nexport const MANUAL_REDIRECT_URI = 'https://platform.claude.com/oauth/code/callback';\n\nexport const COMPAT_AUTHORIZE_ENDPOINTS: Readonly<Record<CompatModeId, string>> = {\n claudeai: 'https://claude.com/cai/oauth/authorize',\n console: 'https://platform.claude.com/oauth/authorize',\n};\n\nexport const PROVIDER_DOCS_URLS: Readonly<Record<OfficialProviderModeId, string>> = {\n bedrock: 'https://docs.anthropic.com/en/api/claude-on-amazon-bedrock',\n vertex: 'https://docs.anthropic.com/en/api/claude-on-vertex-ai',\n foundry: 'https://learn.microsoft.com/en-us/azure/ai-foundry/',\n};\n\nexport const PROVIDER_CREDENTIAL_HINTS: Readonly<Record<OfficialProviderModeId, string>> = {\n bedrock:\n 'Configure AWS credentials and region, then pass a Bedrock credential adapter on the server.',\n vertex:\n 'Configure Google Cloud credentials and project/location settings, then pass a Vertex credential adapter on the server.',\n foundry:\n 'Configure Azure AI Foundry credentials and endpoint deployment settings, then pass a Foundry credential adapter on the server.',\n};\n","import { UnsupportedRuntimeError } from '../core/errors.js';\n\nconst PKCE_VERIFIER_LENGTH_BYTES = 64;\nconst STATE_LENGTH_BYTES = 32;\n\nfunction requireWebCrypto(): Crypto {\n if (typeof globalThis.crypto === 'undefined') {\n throw new UnsupportedRuntimeError(\n 'browser',\n 'Web Crypto API is required for browser auth initiation.',\n );\n }\n\n if (typeof globalThis.crypto.getRandomValues !== 'function') {\n throw new UnsupportedRuntimeError(\n 'browser',\n 'crypto.getRandomValues is unavailable in this runtime.',\n );\n }\n\n if (typeof globalThis.crypto.subtle === 'undefined') {\n throw new UnsupportedRuntimeError('browser', 'crypto.subtle is unavailable in this runtime.');\n }\n\n return globalThis.crypto;\n}\n\nfunction bytesToBase64Url(bytes: Uint8Array): string {\n let binary = '';\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n\n const base64 =\n typeof globalThis.btoa === 'function'\n ? globalThis.btoa(binary)\n : Buffer.from(binary, 'binary').toString('base64');\n\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '');\n}\n\nexport function createRandomBase64Url(byteLength: number): string {\n const crypto = requireWebCrypto();\n const bytes = new Uint8Array(byteLength);\n crypto.getRandomValues(bytes);\n return bytesToBase64Url(bytes);\n}\n\nexport function createState(): string {\n return createRandomBase64Url(STATE_LENGTH_BYTES);\n}\n\nexport function createPkceVerifier(): string {\n return createRandomBase64Url(PKCE_VERIFIER_LENGTH_BYTES);\n}\n\nexport async function createPkceChallenge(verifier: string): Promise<string> {\n const crypto = requireWebCrypto();\n const source = new TextEncoder().encode(verifier);\n const digest = await crypto.subtle.digest('SHA-256', source);\n return bytesToBase64Url(new Uint8Array(digest));\n}\n","import type { CredentialResult } from '../../core/types.js';\nimport type {\n CompatOAuthEndpointConfig,\n CompatOAuthSupportModeId,\n CompatOAuthTokenExchangeOptions,\n CompatOAuthTokenExchangeRequest,\n CompatOAuthTokenResponse,\n} from './types.js';\n\nconst DEFAULT_COMPAT_OAUTH_ENDPOINTS: Readonly<\n Record<CompatOAuthSupportModeId, CompatOAuthEndpointConfig>\n> = {\n claudeai: {\n authorizeEndpoint: 'https://claude.com/cai/oauth/authorize',\n tokenEndpoint: 'https://platform.claude.com/v1/oauth/token',\n },\n console: {\n authorizeEndpoint: 'https://platform.claude.com/oauth/authorize',\n tokenEndpoint: 'https://platform.claude.com/v1/oauth/token',\n },\n};\n\nconst COMPAT_PROVIDER_LABELS: Readonly<Record<CompatOAuthSupportModeId, string>> = {\n claudeai: 'Claude.ai',\n console: 'Anthropic Console',\n};\n\nexport function resolveCompatOAuthEndpointConfig(\n modeId: CompatOAuthSupportModeId,\n override?: Partial<CompatOAuthEndpointConfig>,\n): CompatOAuthEndpointConfig {\n const defaults = DEFAULT_COMPAT_OAUTH_ENDPOINTS[modeId];\n\n return {\n authorizeEndpoint: override?.authorizeEndpoint ?? defaults.authorizeEndpoint,\n tokenEndpoint: override?.tokenEndpoint ?? defaults.tokenEndpoint,\n };\n}\n\nexport async function exchangeCompatOAuthCodeForCredentials(\n request: CompatOAuthTokenExchangeRequest,\n options: CompatOAuthTokenExchangeOptions = {},\n): Promise<CredentialResult> {\n const fetchImpl = options.fetchImpl ?? fetch;\n const now = options.now ?? Date.now;\n const endpointConfig = resolveCompatOAuthEndpointConfig(request.modeId, request.endpointConfig);\n\n const response = await fetchImpl(endpointConfig.tokenEndpoint, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n grant_type: 'authorization_code',\n code: request.code,\n redirect_uri: request.redirectUri,\n client_id: request.clientId,\n code_verifier: request.codeVerifier,\n state: request.state,\n scope: request.scope,\n }),\n });\n\n const responseData = await tryReadTokenResponse(response);\n\n if (!response.ok) {\n const rawMessage =\n responseData.error_description ??\n responseData.error ??\n `Token exchange failed with HTTP ${response.status}.`;\n const message = typeof rawMessage === 'string' ? rawMessage : JSON.stringify(rawMessage);\n throw new Error(message);\n }\n\n const accessToken = responseData.access_token;\n if (!accessToken) {\n throw new Error('Token exchange succeeded without access_token.');\n }\n\n const expiresIn = coerceExpiresInSeconds(responseData.expires_in);\n const scope = responseData.scope ?? request.scope ?? '';\n const scopes = scope.trim() === '' ? [] : scope.trim().split(/\\s+/);\n\n return {\n ok: true,\n terminal: {\n mode: 'compat-oauth',\n providerKey: request.modeId,\n providerLabel: COMPAT_PROVIDER_LABELS[request.modeId],\n credentials: {\n accessToken,\n refreshToken: responseData.refresh_token ?? '',\n expiresAt: now() + expiresIn * 1000,\n scopes,\n },\n },\n };\n}\n\nasync function tryReadTokenResponse(response: Response): Promise<CompatOAuthTokenResponse> {\n try {\n const payload = (await response.json()) as CompatOAuthTokenResponse;\n return payload;\n } catch {\n return {};\n }\n}\n\nfunction coerceExpiresInSeconds(value: number | string | undefined): number {\n if (typeof value === 'number' && Number.isFinite(value) && value >= 0) {\n return value;\n }\n\n if (typeof value === 'string' && value.trim() !== '') {\n const parsed = Number(value);\n if (Number.isFinite(parsed) && parsed >= 0) {\n return parsed;\n }\n }\n\n return 0;\n}\n","import { createServer } from 'node:http';\n\nexport interface CallbackParams {\n code?: string;\n state?: string;\n error?: string;\n errorDescription?: string;\n}\n\nexport interface CallbackServerHandle {\n port: number;\n waitForCallback: (timeoutMs?: number) => Promise<CallbackParams>;\n close: () => Promise<void>;\n}\n\nconst DEFAULT_TIMEOUT_MS = 120_000;\n\nconst SUCCESS_HTML = `<!DOCTYPE html>\n<html><body style=\"font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0\">\n<div style=\"text-align:center\">\n<h2>login successful</h2>\n<p id=\"msg\">This tab will close in <span id=\"count\">3</span> seconds...</p>\n</div>\n<script>\nlet n=3;\nconst c=document.getElementById(\"count\");\nconst m=document.getElementById(\"msg\");\nconst t=setInterval(()=>{n--;if(n>0){c.textContent=n}else{clearInterval(t);window.close();m.textContent=\"You can close this tab.\"}},1000);\n</script>\n</body></html>`;\n\nexport async function startCallbackServer(): Promise<CallbackServerHandle> {\n let pendingCallback: CallbackParams | undefined;\n let resolveCallback: ((params: CallbackParams) => void) | undefined;\n let timeoutHandle: NodeJS.Timeout | undefined;\n\n function clearPendingWait(): void {\n if (timeoutHandle !== undefined) {\n clearTimeout(timeoutHandle);\n timeoutHandle = undefined;\n }\n resolveCallback = undefined;\n }\n\n const server = createServer((req, res) => {\n const url = new URL(req.url ?? '/', 'http://localhost');\n\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n const params: CallbackParams = {\n code: url.searchParams.get('code') ?? undefined,\n state: url.searchParams.get('state') ?? undefined,\n error: url.searchParams.get('error') ?? undefined,\n errorDescription: url.searchParams.get('error_description') ?? undefined,\n };\n\n res.shouldKeepAlive = false;\n res.writeHead(200, { 'Content-Type': 'text/html', Connection: 'close' });\n res.end(SUCCESS_HTML);\n\n if (resolveCallback !== undefined) {\n const resolve = resolveCallback;\n clearPendingWait();\n resolve(params);\n return;\n }\n\n pendingCallback = params;\n });\n\n const port = await new Promise<number>((resolve, reject) => {\n server.listen(0, 'localhost', () => {\n const addr = server.address();\n if (addr === null || typeof addr === 'string') {\n reject(new Error('Failed to bind callback server'));\n return;\n }\n resolve(addr.port);\n });\n });\n\n return {\n port,\n\n waitForCallback(timeoutMs = DEFAULT_TIMEOUT_MS): Promise<CallbackParams> {\n if (pendingCallback !== undefined) {\n const buffered = pendingCallback;\n pendingCallback = undefined;\n return Promise.resolve(buffered);\n }\n\n return new Promise<CallbackParams>((resolve, reject) => {\n resolveCallback = resolve;\n\n timeoutHandle = setTimeout(() => {\n clearPendingWait();\n reject(new Error('Login timeout: no callback received'));\n }, timeoutMs);\n\n timeoutHandle.unref();\n });\n },\n\n close(): Promise<void> {\n return new Promise<void>((resolve) => {\n server.closeIdleConnections?.();\n server.close(() => {\n resolve();\n });\n });\n },\n };\n}\n","import { execFile as defaultExecFile } from 'node:child_process';\n\ntype ExecFileFn = (cmd: string, args: string[], cb: (err: Error | null) => void) => void;\n\nexport interface OpenBrowserOptions {\n platform?: NodeJS.Platform;\n execFileFn?: ExecFileFn;\n}\n\nexport async function openBrowser(url: string, options: OpenBrowserOptions = {}): Promise<boolean> {\n const platform = options.platform ?? process.platform;\n const execFileFn: ExecFileFn = options.execFileFn ?? defaultExecFile;\n\n const { cmd, args } = getOpenCommand(platform, url);\n\n return new Promise<boolean>((resolve) => {\n execFileFn(cmd, args, (err) => {\n resolve(err === null);\n });\n });\n}\n\nfunction getOpenCommand(platform: NodeJS.Platform, url: string): { cmd: string; args: string[] } {\n switch (platform) {\n case 'darwin':\n return { cmd: 'open', args: [url] };\n case 'win32':\n return { cmd: 'cmd', args: ['/c', 'start', '', url] };\n default:\n return { cmd: 'xdg-open', args: [url] };\n }\n}\n","import { LoginError } from './errors.js';\nimport {\n COMPAT_AUTHORIZE_ENDPOINTS,\n DEFAULT_OAUTH_CLIENT_ID,\n DEFAULT_OAUTH_SCOPE,\n} from './internal/browser/constants.js';\nimport { createPkceChallenge, createPkceVerifier, createState } from './internal/browser/pkce.js';\nimport { exchangeCompatOAuthCodeForCredentials } from './internal/server/callback/exchange.js';\nimport { createNodeDefaultStorageAdapter } from './internal/storage/node.js';\nimport { startCallbackServer } from './runtime/callback-server.js';\nimport { openBrowser } from './runtime/open-browser.js';\nimport type { LoginMode, LoginResult } from './types.js';\n\nconst CREATE_API_KEY_URL = 'https://api.anthropic.com/api/oauth/claude_cli/create_api_key';\n\nasync function createApiKeyFromAccessToken(\n accessToken: string,\n fetchImpl?: typeof fetch,\n): Promise<string> {\n const doFetch = fetchImpl ?? fetch;\n const response = await doFetch(CREATE_API_KEY_URL, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n throw new LoginError(`API key creation failed with HTTP ${response.status}`, 'exchange_failed');\n }\n\n const data = (await response.json()) as { raw_key?: string };\n if (!data.raw_key) {\n throw new LoginError('API key creation succeeded but no key returned', 'exchange_failed');\n }\n\n return data.raw_key;\n}\n\nexport interface LoginInternalOptions {\n configDir?: string;\n openBrowserFn?: (url: string) => Promise<boolean>;\n fetchImpl?: typeof fetch;\n}\n\nexport async function login(\n mode: LoginMode,\n internalOptions?: LoginInternalOptions,\n): Promise<LoginResult> {\n const server = await startCallbackServer();\n\n try {\n const state = createState();\n const verifier = createPkceVerifier();\n const challenge = await createPkceChallenge(verifier);\n\n const redirectUri = `http://localhost:${server.port}/callback`;\n const scope = DEFAULT_OAUTH_SCOPE.join(' ');\n\n const params = new URLSearchParams({\n code: 'true',\n client_id: DEFAULT_OAUTH_CLIENT_ID,\n response_type: 'code',\n scope,\n code_challenge: challenge,\n code_challenge_method: 'S256',\n state,\n redirect_uri: redirectUri,\n });\n\n const authorizeUrl = `${COMPAT_AUTHORIZE_ENDPOINTS[mode]}?${params.toString()}`;\n\n const openFn = internalOptions?.openBrowserFn ?? openBrowser;\n const opened = await openFn(authorizeUrl);\n\n if (!opened) {\n process.stdout.write(`\\nOpen this URL in your browser to log in:\\n${authorizeUrl}\\n\\n`);\n }\n\n const callbackParams = await server.waitForCallback();\n\n if (callbackParams.error) {\n throw new LoginError(callbackParams.errorDescription ?? callbackParams.error, 'cancelled');\n }\n\n if (!callbackParams.code || !callbackParams.state) {\n throw new LoginError('Missing authorization code in callback', 'cancelled');\n }\n\n if (callbackParams.state !== state) {\n throw new LoginError('OAuth state mismatch', 'cancelled');\n }\n\n const credentialResult = await exchangeCompatOAuthCodeForCredentials(\n {\n modeId: mode,\n code: callbackParams.code,\n state: callbackParams.state,\n codeVerifier: verifier,\n redirectUri,\n clientId: DEFAULT_OAUTH_CLIENT_ID,\n scope,\n },\n {\n fetchImpl: internalOptions?.fetchImpl,\n },\n );\n\n if (!credentialResult.ok) {\n throw new LoginError(credentialResult.message, 'exchange_failed');\n }\n\n const storage = createNodeDefaultStorageAdapter({\n configDir: internalOptions?.configDir,\n });\n\n if (mode === 'console') {\n // Console mode: use the OAuth access token to create an API key, then discard OAuth tokens\n if (credentialResult.terminal.mode !== 'compat-oauth') {\n throw new LoginError('Unexpected terminal state for console mode', 'exchange_failed');\n }\n\n const apiKey = await createApiKeyFromAccessToken(\n credentialResult.terminal.credentials.accessToken,\n internalOptions?.fetchImpl,\n );\n\n try {\n await storage.write({\n terminal: {\n mode: 'api-key',\n apiKey,\n source: 'derived-from-console-oauth',\n },\n updatedAt: Date.now(),\n });\n } catch (cause) {\n throw new LoginError('Failed to save credentials', 'storage_failed', cause);\n }\n } else {\n // claudeai mode: store OAuth tokens directly\n try {\n await storage.write({\n terminal: credentialResult.terminal,\n updatedAt: Date.now(),\n });\n } catch (cause) {\n throw new LoginError('Failed to save credentials', 'storage_failed', cause);\n }\n }\n\n return { mode, loggedIn: true };\n } catch (error) {\n if (error instanceof LoginError) {\n throw error;\n }\n throw new LoginError(\n error instanceof Error ? error.message : 'Login failed',\n 'exchange_failed',\n error,\n );\n } finally {\n await server.close();\n }\n}\n"],"mappings":";AAEO,IAAM,aAAN,cAAyB,MAAM;AAAA,EACpB;AAAA,EAET,YAAY,SAAiB,MAAsB,OAAiB;AACzE,UAAM,SAAS,UAAU,SAAY,SAAY,EAAE,MAAM,CAAC;AAC1D,SAAK,OAAO;AACZ,SAAK,OAAO;AAAA,EACd;AACF;;;ACVA,SAAS,OAAO,UAAU,MAAM,QAAQ,iBAAiB;AACzD,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY;;;ACQvB,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzB;AAAA,EAET,YAAY,SAAiB,MAA2B,OAAiB;AAC9E,UAAM,SAAS,UAAU,SAAY,SAAY,EAAE,MAAM,CAAC;AAC1D,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAuBO,IAAM,0BAAN,cAAsC,gBAAgB;AAAA,EAC3C;AAAA,EAET,YAAY,SAAiB,SAAkB;AACpD,UAAM,WAAW,wBAAwB,OAAO,KAAK,qBAAqB;AAC1E,SAAK,UAAU;AAAA,EACjB;AACF;AAsBO,IAAM,sBAAN,cAAkC,gBAAgB;AAAA,EAChD,YAAY,UAAU,wCAAwC,OAAiB;AACpF,UAAM,SAAS,mBAAmB,KAAK;AAAA,EACzC;AACF;;;AC3DA,SAAS,qBAAqB,OAA0B;AACtD,MAAI,CAAC,MAAM,QAAQ,KAAK,GAAG;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,SAAO,MAAM,OAAO,CAAC,UAA2B,OAAO,UAAU,QAAQ;AAC3E;AAEA,SAAS,mBAAmB,OAAwB;AAClD,MAAI,OAAO,UAAU,YAAY,OAAO,SAAS,KAAK,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,SAAS,OAAO,KAAK;AAC3B,QAAI,OAAO,SAAS,MAAM,GAAG;AAC3B,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,qBACd,QAC4B;AAC5B,SAAO;AAAA,IACL,aAAa,OAAO,OAAO,gBAAgB,WAAW,OAAO,cAAc;AAAA,IAC3E,cAAc,OAAO,OAAO,iBAAiB,WAAW,OAAO,eAAe;AAAA,IAC9E,WAAW,mBAAmB,OAAO,SAAS;AAAA,IAC9C,QAAQ,qBAAqB,OAAO,MAAM;AAAA,IAC1C,kBAAkB,OAAO,OAAO,qBAAqB,WAAW,OAAO,mBAAmB;AAAA,IAC1F,eAAe,OAAO,OAAO,kBAAkB,WAAW,OAAO,gBAAgB;AAAA,EACnF;AACF;AAEO,SAAS,6BACd,QACyB;AACzB,QAAM,aAAa,qBAAqB,MAAM;AAE9C,SAAO;AAAA,IACL,MAAM;AAAA,IACN,aAAa;AAAA,MACX,aAAa,WAAW;AAAA,MACxB,cAAc,WAAW;AAAA,MACzB,WAAW,WAAW;AAAA,MACtB,QAAQ,WAAW;AAAA,IACrB;AAAA,IACA,UAAU;AAAA,MACR,kBACE,WAAW,qBAAqB,OAAO,SAAY,WAAW;AAAA,MAChE,eAAe,WAAW,kBAAkB,OAAO,SAAY,WAAW;AAAA,IAC5E;AAAA,EACF;AACF;AAEO,SAAS,4BACd,UAC4B;AAC5B,SAAO;AAAA,IACL,aAAa,SAAS,YAAY;AAAA,IAClC,cAAc,SAAS,YAAY;AAAA,IACnC,WAAW,SAAS,YAAY;AAAA,IAChC,QAAQ,CAAC,GAAG,SAAS,YAAY,MAAM;AAAA,IACvC,kBACE,SAAS,SAAS,sBAAuB,SAAS,oBAAoB,OAAQ;AAAA,IAChF,eAAe,SAAS,SAAS,sBAAuB,SAAS,iBAAiB,OAAQ;AAAA,EAC5F;AACF;AAEO,SAAS,6BACd,QACiC;AACjC,MAAI,OAAO,OAAO,kBAAkB,YAAY,OAAO,cAAc,WAAW,GAAG;AACjF,WAAO;AAAA,EACT;AAEA,QAAM,QAA6B;AAAA,IACjC,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,IACf,QAAQ,OAAO,uBAAuB,WAAW,+BAA+B;AAAA,EAClF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN;AAAA,EACF;AACF;AAEO,SAAS,iCAAiC,QAIb;AAClC,QAAM,cAAc,OAAO,gBAAgB;AAC3C,MAAI,gBAAgB,QAAW;AAC7B,UAAM,aAAa,6BAA6B,WAAW;AAC3D,UAAM,WAAoC;AAAA,MACxC,MAAM,WAAW;AAAA,MACjB,aAAa,WAAW;AAAA,MACxB,aAAa;AAAA,MACb,eAAe;AAAA,IACjB;AAEA,WAAO;AAAA,MACL;AAAA,MACA,WAAW,OAAO;AAAA,IACpB;AAAA,EACF;AAEA,QAAM,mBAAmB,6BAA6B,OAAO,UAAU;AACvE,MAAI,qBAAqB,MAAM;AAC7B,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,UAAU,iBAAiB;AAAA,IAC3B,WAAW,OAAO;AAAA,EACpB;AACF;AAEO,SAAS,uBAAuB,QAGnB;AAClB,QAAM,eAAe,OAAO,SAAS,WAAW;AAEhD,SAAO;AAAA,IACL,GAAG,OAAO;AAAA,IACV,eAAe,OAAO,SAAS;AAAA,IAC/B,uBAAuB;AAAA,MACrB,GAAG,OAAO,WAAW;AAAA,MACrB,UAAU;AAAA,IACZ;AAAA,EACF;AACF;;;AFrIA,IAAM,wBAAwB;AAC9B,IAAM,mBAAmB;AAEzB,SAAS,YAAY,OAAgB,MAAuB;AAC1D,SACE,UAAU,QACV,OAAO,UAAU,YACjB,UAAU,SACT,MAAgC,SAAS;AAE9C;AAEA,eAAe,kBAAqB,UAAkB,cAA6B;AACjF,MAAI;AACF,UAAM,UAAU,MAAM,SAAS,UAAU,MAAM;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,WAAQ,UAAgB;AAAA,EAC1B,SAAS,OAAO;AACd,QAAI,YAAY,OAAO,QAAQ,GAAG;AAChC,aAAO;AAAA,IACT;AAEA,UAAM,IAAI,oBAAoB,gCAAgC,QAAQ,IAAI,KAAK;AAAA,EACjF;AACF;AAEA,eAAe,UAAU,UAAkB,OAA+B;AACxE,MAAI;AACF,UAAM,MAAM,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAClD,UAAM,UAAU,UAAU,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,EAAE,MAAM,KAAO,UAAU,OAAO,CAAC;AAAA,EAC7F,SAAS,OAAO;AACd,UAAM,IAAI,oBAAoB,iCAAiC,QAAQ,IAAI,KAAK;AAAA,EAClF;AACF;AAEA,eAAe,WAAW,UAAiC;AACzD,MAAI;AACF,UAAM,OAAO,QAAQ;AAAA,EACvB,SAAS,OAAO;AACd,QAAI,YAAY,OAAO,QAAQ,GAAG;AAChC;AAAA,IACF;AAEA,UAAM,IAAI,oBAAoB,kCAAkC,QAAQ,IAAI,KAAK;AAAA,EACnF;AACF;AAEA,eAAe,aAAa,OAA6C;AACvE,QAAM,SAAmB,CAAC;AAC1B,aAAW,YAAY,CAAC,MAAM,qBAAqB,MAAM,cAAc,GAAG;AACxE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,aAAO,KAAK,SAAS,OAAO;AAAA,IAC9B,SAAS,OAAO;AACd,UAAI,CAAC,YAAY,OAAO,QAAQ,GAAG;AACjC,cAAM,IAAI,oBAAoB,gCAAgC,QAAQ,IAAI,KAAK;AAAA,MACjF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,IAAI;AAAA,EAClB;AAEA,SAAO,KAAK,IAAI,GAAG,MAAM;AAC3B;AAEA,eAAe,iBAAiB,OAG7B;AACD,QAAM,CAAC,iBAAiB,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,kBAAwC,MAAM,qBAAqB,CAAC,CAAC;AAAA,IACrE,kBAAmC,MAAM,gBAAgB,CAAC,CAAC;AAAA,EAC7D,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AAEA,SAAS,QAAQ,UAAoC;AACnD,SAAO,aAAa;AACtB;AAEO,SAAS,2BAA2B,WAAyC;AAClF,QAAM,oBACJ,aAAa,QAAQ,IAAI,qBAAqB,KAAK,QAAQ,GAAG,SAAS;AAEzE,SAAO;AAAA,IACL,WAAW;AAAA,IACX,qBAAqB,KAAK,mBAAmB,qBAAqB;AAAA,IAClE,gBAAgB,KAAK,mBAAmB,gBAAgB;AAAA,EAC1D;AACF;AAEO,SAAS,gCACd,UAAqC,CAAC,GACtB;AAChB,QAAM,QAAQ,2BAA2B,QAAQ,SAAS;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ;AAC7C,QAAM,gBAAgB,QAAQ;AAC9B,QAAM,cAAc,QAAQ,QAAQ,KAAK,kBAAkB;AAE3D,QAAM,kBAAkB,YAAsD;AAC5E,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,MAAM,cAAc,YAAY;AACpD,QAAI,gBAAgB,QAAQ,gBAAgB,QAAW;AACrD,aAAO;AAAA,QACL,UAAU;AAAA,UACR,MAAM;AAAA,UACN,aAAa;AAAA,YACX,aAAa,YAAY;AAAA,YACzB,cAAc,YAAY;AAAA,YAC1B,WAAW,YAAY;AAAA,YACvB,QAAQ,YAAY;AAAA,UACtB;AAAA,UACA,aAAa;AAAA,UACb,eAAe;AAAA,QACjB;AAAA,QACA,WAAW,KAAK,IAAI;AAAA,MACtB;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,cAAc,aAAa;AAChD,QAAI,OAAO,WAAW,YAAY,OAAO,SAAS,GAAG;AACnD,aAAO;AAAA,QACL,UAAU;AAAA,UACR,MAAM;AAAA,UACN;AAAA,UACA,QAAQ;AAAA,QACV;AAAA,QACA,WAAW,KAAK,IAAI;AAAA,MACtB;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,MAAM,OAAiD;AACrD,UAAI,aAAa;AACf,cAAM,cAAc,MAAM,gBAAgB;AAC1C,YAAI,gBAAgB,MAAM;AACxB,iBAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,eAAe,MAAM,iBAAiB,KAAK;AACjD,YAAM,YAAY,MAAM,aAAa,KAAK;AAC1C,aAAO,iCAAiC;AAAA,QACtC,GAAG;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,MAAM,UAAmD;AAC7D,UAAI,SAAS,SAAS,SAAS,WAAW;AACxC,YAAI,eAAe,cAAc,gBAAgB,QAAW;AAC1D,gBAAM,cAAc,YAAY,SAAS,SAAS,MAAM;AAAA,QAC1D;AAEA,cAAM,aAAa,MAAM,kBAAmC,MAAM,gBAAgB,CAAC,CAAC;AACpF,cAAM,iBAAiB,uBAAuB;AAAA,UAC5C;AAAA,UACA,UAAU,SAAS;AAAA,QACrB,CAAC;AAED,cAAM,UAAU,MAAM,gBAAgB,cAAc;AAEpD,cAAMA,mBAAkB,MAAM;AAAA,UAC5B,MAAM;AAAA,UACN,CAAC;AAAA,QACH;AACA,YAAIA,iBAAgB,kBAAkB,QAAW;AAC/C,gBAAM,EAAE,eAAe,OAAO,GAAG,KAAK,IAAIA;AAC1C,gBAAM,UAAU,MAAM,qBAAqB,IAAI;AAAA,QACjD;AAEA;AAAA,MACF;AAEA,YAAM,cAAc,4BAA4B,SAAS,QAAQ;AACjE,UAAI,eAAe,cAAc,eAAe,QAAW;AACzD,cAAM,cAAc,WAAW,WAAW;AAAA,MAC5C;AAEA,YAAM,kBAAkB,MAAM;AAAA,QAC5B,MAAM;AAAA,QACN,CAAC;AAAA,MACH;AACA,YAAM,sBAA4C;AAAA,QAChD,GAAG;AAAA,QACH,eAAe;AAAA,MACjB;AAEA,YAAM,UAAU,MAAM,qBAAqB,mBAAmB;AAAA,IAChE;AAAA,IAEA,MAAM,QAAuB;AAC3B,UAAI,aAAa;AACf,cAAM,QAAQ,IAAI,CAAC,cAAc,aAAa,GAAG,cAAc,cAAc,CAAC,CAAC;AAAA,MACjF;AAEA,YAAM,QAAQ,IAAI,CAAC,WAAW,MAAM,mBAAmB,GAAG,WAAW,MAAM,cAAc,CAAC,CAAC;AAAA,IAC7F;AAAA,EACF;AACF;;;AGnOO,IAAM,0BAA0B;AAEhC,IAAM,sBAAsB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIO,IAAM,6BAAqE;AAAA,EAChF,UAAU;AAAA,EACV,SAAS;AACX;;;AChBA,IAAM,6BAA6B;AACnC,IAAM,qBAAqB;AAE3B,SAAS,mBAA2B;AAClC,MAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,OAAO,oBAAoB,YAAY;AAC3D,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,OAAO,WAAW,aAAa;AACnD,UAAM,IAAI,wBAAwB,WAAW,+CAA+C;AAAA,EAC9F;AAEA,SAAO,WAAW;AACpB;AAEA,SAAS,iBAAiB,OAA2B;AACnD,MAAI,SAAS;AACb,aAAW,QAAQ,OAAO;AACxB,cAAU,OAAO,aAAa,IAAI;AAAA,EACpC;AAEA,QAAM,SACJ,OAAO,WAAW,SAAS,aACvB,WAAW,KAAK,MAAM,IACtB,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AAErD,SAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,QAAQ,EAAE;AAC1E;AAEO,SAAS,sBAAsB,YAA4B;AAChE,QAAM,SAAS,iBAAiB;AAChC,QAAM,QAAQ,IAAI,WAAW,UAAU;AACvC,SAAO,gBAAgB,KAAK;AAC5B,SAAO,iBAAiB,KAAK;AAC/B;AAEO,SAAS,cAAsB;AACpC,SAAO,sBAAsB,kBAAkB;AACjD;AAEO,SAAS,qBAA6B;AAC3C,SAAO,sBAAsB,0BAA0B;AACzD;AAEA,eAAsB,oBAAoB,UAAmC;AAC3E,QAAM,SAAS,iBAAiB;AAChC,QAAM,SAAS,IAAI,YAAY,EAAE,OAAO,QAAQ;AAChD,QAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,MAAM;AAC3D,SAAO,iBAAiB,IAAI,WAAW,MAAM,CAAC;AAChD;;;ACpDA,IAAM,iCAEF;AAAA,EACF,UAAU;AAAA,IACR,mBAAmB;AAAA,IACnB,eAAe;AAAA,EACjB;AAAA,EACA,SAAS;AAAA,IACP,mBAAmB;AAAA,IACnB,eAAe;AAAA,EACjB;AACF;AAEA,IAAM,yBAA6E;AAAA,EACjF,UAAU;AAAA,EACV,SAAS;AACX;AAEO,SAAS,iCACd,QACA,UAC2B;AAC3B,QAAM,WAAW,+BAA+B,MAAM;AAEtD,SAAO;AAAA,IACL,mBAAmB,UAAU,qBAAqB,SAAS;AAAA,IAC3D,eAAe,UAAU,iBAAiB,SAAS;AAAA,EACrD;AACF;AAEA,eAAsB,sCACpB,SACA,UAA2C,CAAC,GACjB;AAC3B,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,MAAM,QAAQ,OAAO,KAAK;AAChC,QAAM,iBAAiB,iCAAiC,QAAQ,QAAQ,QAAQ,cAAc;AAE9F,QAAM,WAAW,MAAM,UAAU,eAAe,eAAe;AAAA,IAC7D,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,KAAK,UAAU;AAAA,MACnB,YAAY;AAAA,MACZ,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,WAAW,QAAQ;AAAA,MACnB,eAAe,QAAQ;AAAA,MACvB,OAAO,QAAQ;AAAA,MACf,OAAO,QAAQ;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AAED,QAAM,eAAe,MAAM,qBAAqB,QAAQ;AAExD,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,aACJ,aAAa,qBACb,aAAa,SACb,mCAAmC,SAAS,MAAM;AACpD,UAAM,UAAU,OAAO,eAAe,WAAW,aAAa,KAAK,UAAU,UAAU;AACvF,UAAM,IAAI,MAAM,OAAO;AAAA,EACzB;AAEA,QAAM,cAAc,aAAa;AACjC,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,MAAM,gDAAgD;AAAA,EAClE;AAEA,QAAM,YAAY,uBAAuB,aAAa,UAAU;AAChE,QAAM,QAAQ,aAAa,SAAS,QAAQ,SAAS;AACrD,QAAM,SAAS,MAAM,KAAK,MAAM,KAAK,CAAC,IAAI,MAAM,KAAK,EAAE,MAAM,KAAK;AAElE,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa,QAAQ;AAAA,MACrB,eAAe,uBAAuB,QAAQ,MAAM;AAAA,MACpD,aAAa;AAAA,QACX;AAAA,QACA,cAAc,aAAa,iBAAiB;AAAA,QAC5C,WAAW,IAAI,IAAI,YAAY;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAe,qBAAqB,UAAuD;AACzF,MAAI;AACF,UAAM,UAAW,MAAM,SAAS,KAAK;AACrC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,uBAAuB,OAA4C;AAC1E,MAAI,OAAO,UAAU,YAAY,OAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACrE,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,UAAM,SAAS,OAAO,KAAK;AAC3B,QAAI,OAAO,SAAS,MAAM,KAAK,UAAU,GAAG;AAC1C,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;ACzHA,SAAS,oBAAoB;AAe7B,IAAM,qBAAqB;AAE3B,IAAM,eAAe;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcrB,eAAsB,sBAAqD;AACzE,MAAI;AACJ,MAAI;AACJ,MAAI;AAEJ,WAAS,mBAAyB;AAChC,QAAI,kBAAkB,QAAW;AAC/B,mBAAa,aAAa;AAC1B,sBAAgB;AAAA,IAClB;AACA,sBAAkB;AAAA,EACpB;AAEA,QAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AAEtD,QAAI,IAAI,aAAa,aAAa;AAChC,UAAI,UAAU,GAAG;AACjB,UAAI,IAAI;AACR;AAAA,IACF;AAEA,UAAM,SAAyB;AAAA,MAC7B,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,MACtC,OAAO,IAAI,aAAa,IAAI,OAAO,KAAK;AAAA,MACxC,OAAO,IAAI,aAAa,IAAI,OAAO,KAAK;AAAA,MACxC,kBAAkB,IAAI,aAAa,IAAI,mBAAmB,KAAK;AAAA,IACjE;AAEA,QAAI,kBAAkB;AACtB,QAAI,UAAU,KAAK,EAAE,gBAAgB,aAAa,YAAY,QAAQ,CAAC;AACvE,QAAI,IAAI,YAAY;AAEpB,QAAI,oBAAoB,QAAW;AACjC,YAAM,UAAU;AAChB,uBAAiB;AACjB,cAAQ,MAAM;AACd;AAAA,IACF;AAEA,sBAAkB;AAAA,EACpB,CAAC;AAED,QAAM,OAAO,MAAM,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC1D,WAAO,OAAO,GAAG,aAAa,MAAM;AAClC,YAAM,OAAO,OAAO,QAAQ;AAC5B,UAAI,SAAS,QAAQ,OAAO,SAAS,UAAU;AAC7C,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AACA,cAAQ,KAAK,IAAI;AAAA,IACnB,CAAC;AAAA,EACH,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IAEA,gBAAgB,YAAY,oBAA6C;AACvE,UAAI,oBAAoB,QAAW;AACjC,cAAM,WAAW;AACjB,0BAAkB;AAClB,eAAO,QAAQ,QAAQ,QAAQ;AAAA,MACjC;AAEA,aAAO,IAAI,QAAwB,CAAC,SAAS,WAAW;AACtD,0BAAkB;AAElB,wBAAgB,WAAW,MAAM;AAC/B,2BAAiB;AACjB,iBAAO,IAAI,MAAM,qCAAqC,CAAC;AAAA,QACzD,GAAG,SAAS;AAEZ,sBAAc,MAAM;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,IAEA,QAAuB;AACrB,aAAO,IAAI,QAAc,CAAC,YAAY;AACpC,eAAO,uBAAuB;AAC9B,eAAO,MAAM,MAAM;AACjB,kBAAQ;AAAA,QACV,CAAC;AAAA,MACH,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;ACpHA,SAAS,YAAY,uBAAuB;AAS5C,eAAsB,YAAY,KAAa,UAA8B,CAAC,GAAqB;AACjG,QAAM,WAAW,QAAQ,YAAY,QAAQ;AAC7C,QAAM,aAAyB,QAAQ,cAAc;AAErD,QAAM,EAAE,KAAK,KAAK,IAAI,eAAe,UAAU,GAAG;AAElD,SAAO,IAAI,QAAiB,CAAC,YAAY;AACvC,eAAW,KAAK,MAAM,CAAC,QAAQ;AAC7B,cAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,eAAe,UAA2B,KAA8C;AAC/F,UAAQ,UAAU;AAAA,IAChB,KAAK;AACH,aAAO,EAAE,KAAK,QAAQ,MAAM,CAAC,GAAG,EAAE;AAAA,IACpC,KAAK;AACH,aAAO,EAAE,KAAK,OAAO,MAAM,CAAC,MAAM,SAAS,IAAI,GAAG,EAAE;AAAA,IACtD;AACE,aAAO,EAAE,KAAK,YAAY,MAAM,CAAC,GAAG,EAAE;AAAA,EAC1C;AACF;;;AClBA,IAAM,qBAAqB;AAE3B,eAAe,4BACb,aACA,WACiB;AACjB,QAAM,UAAU,aAAa;AAC7B,QAAM,WAAW,MAAM,QAAQ,oBAAoB;AAAA,IACjD,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,WAAW,qCAAqC,SAAS,MAAM,IAAI,iBAAiB;AAAA,EAChG;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,MAAI,CAAC,KAAK,SAAS;AACjB,UAAM,IAAI,WAAW,kDAAkD,iBAAiB;AAAA,EAC1F;AAEA,SAAO,KAAK;AACd;AAQA,eAAsB,MACpB,MACA,iBACsB;AACtB,QAAM,SAAS,MAAM,oBAAoB;AAEzC,MAAI;AACF,UAAM,QAAQ,YAAY;AAC1B,UAAM,WAAW,mBAAmB;AACpC,UAAM,YAAY,MAAM,oBAAoB,QAAQ;AAEpD,UAAM,cAAc,oBAAoB,OAAO,IAAI;AACnD,UAAM,QAAQ,oBAAoB,KAAK,GAAG;AAE1C,UAAM,SAAS,IAAI,gBAAgB;AAAA,MACjC,MAAM;AAAA,MACN,WAAW;AAAA,MACX,eAAe;AAAA,MACf;AAAA,MACA,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,cAAc;AAAA,IAChB,CAAC;AAED,UAAM,eAAe,GAAG,2BAA2B,IAAI,CAAC,IAAI,OAAO,SAAS,CAAC;AAE7E,UAAM,SAAS,iBAAiB,iBAAiB;AACjD,UAAM,SAAS,MAAM,OAAO,YAAY;AAExC,QAAI,CAAC,QAAQ;AACX,cAAQ,OAAO,MAAM;AAAA;AAAA,EAA+C,YAAY;AAAA;AAAA,CAAM;AAAA,IACxF;AAEA,UAAM,iBAAiB,MAAM,OAAO,gBAAgB;AAEpD,QAAI,eAAe,OAAO;AACxB,YAAM,IAAI,WAAW,eAAe,oBAAoB,eAAe,OAAO,WAAW;AAAA,IAC3F;AAEA,QAAI,CAAC,eAAe,QAAQ,CAAC,eAAe,OAAO;AACjD,YAAM,IAAI,WAAW,0CAA0C,WAAW;AAAA,IAC5E;AAEA,QAAI,eAAe,UAAU,OAAO;AAClC,YAAM,IAAI,WAAW,wBAAwB,WAAW;AAAA,IAC1D;AAEA,UAAM,mBAAmB,MAAM;AAAA,MAC7B;AAAA,QACE,QAAQ;AAAA,QACR,MAAM,eAAe;AAAA,QACrB,OAAO,eAAe;AAAA,QACtB,cAAc;AAAA,QACd;AAAA,QACA,UAAU;AAAA,QACV;AAAA,MACF;AAAA,MACA;AAAA,QACE,WAAW,iBAAiB;AAAA,MAC9B;AAAA,IACF;AAEA,QAAI,CAAC,iBAAiB,IAAI;AACxB,YAAM,IAAI,WAAW,iBAAiB,SAAS,iBAAiB;AAAA,IAClE;AAEA,UAAM,UAAU,gCAAgC;AAAA,MAC9C,WAAW,iBAAiB;AAAA,IAC9B,CAAC;AAED,QAAI,SAAS,WAAW;AAEtB,UAAI,iBAAiB,SAAS,SAAS,gBAAgB;AACrD,cAAM,IAAI,WAAW,8CAA8C,iBAAiB;AAAA,MACtF;AAEA,YAAM,SAAS,MAAM;AAAA,QACnB,iBAAiB,SAAS,YAAY;AAAA,QACtC,iBAAiB;AAAA,MACnB;AAEA,UAAI;AACF,cAAM,QAAQ,MAAM;AAAA,UAClB,UAAU;AAAA,YACR,MAAM;AAAA,YACN;AAAA,YACA,QAAQ;AAAA,UACV;AAAA,UACA,WAAW,KAAK,IAAI;AAAA,QACtB,CAAC;AAAA,MACH,SAAS,OAAO;AACd,cAAM,IAAI,WAAW,8BAA8B,kBAAkB,KAAK;AAAA,MAC5E;AAAA,IACF,OAAO;AAEL,UAAI;AACF,cAAM,QAAQ,MAAM;AAAA,UAClB,UAAU,iBAAiB;AAAA,UAC3B,WAAW,KAAK,IAAI;AAAA,QACtB,CAAC;AAAA,MACH,SAAS,OAAO;AACd,cAAM,IAAI,WAAW,8BAA8B,kBAAkB,KAAK;AAAA,MAC5E;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,UAAU,KAAK;AAAA,EAChC,SAAS,OAAO;AACd,QAAI,iBAAiB,YAAY;AAC/B,YAAM;AAAA,IACR;AACA,UAAM,IAAI;AAAA,MACR,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,MACA;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAM,OAAO,MAAM;AAAA,EACrB;AACF;","names":["credentialsFile"]}

package/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@claude-auth-sdk/core",
+  "version": "0.1.0",
+  "description": "Core authentication SDK for Claude — OAuth login, credential storage, browser opener",
+  "license": "MIT",
+  "type": "module",
+  "sideEffects": false,
+  "files": ["dist", "LICENSE", "README.md"],
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/anthropics/claude-auth-sdk.git",
+    "directory": "packages/core"
+  },
+  "keywords": ["claude", "anthropic", "auth", "oauth", "sdk"],
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "devDependencies": {
+    "@types/node": "^22.14.1",
+    "tsup": "^8.4.0",
+    "typescript": "^5.8.3",
+    "vitest": "^3.0.7"
+  }
+}