npm - @clinebot/core - Versions diffs - 0.0.0 - Mend

@clinebot/core 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

package/README.md +88 -0
package/dist/account/cline-account-service.d.ts +34 -0
package/dist/account/index.d.ts +3 -0
package/dist/account/rpc.d.ts +38 -0
package/dist/account/types.d.ts +74 -0
package/dist/agents/agent-config-loader.d.ts +18 -0
package/dist/agents/agent-config-parser.d.ts +25 -0
package/dist/agents/hooks-config-loader.d.ts +23 -0
package/dist/agents/index.d.ts +11 -0
package/dist/agents/plugin-config-loader.d.ts +22 -0
package/dist/agents/plugin-loader.d.ts +9 -0
package/dist/agents/plugin-sandbox.d.ts +12 -0
package/dist/agents/unified-config-file-watcher.d.ts +77 -0
package/dist/agents/user-instruction-config-loader.d.ts +63 -0
package/dist/auth/client.d.ts +11 -0
package/dist/auth/cline.d.ts +41 -0
package/dist/auth/codex.d.ts +39 -0
package/dist/auth/oca.d.ts +22 -0
package/dist/auth/server.d.ts +22 -0
package/dist/auth/types.d.ts +72 -0
package/dist/auth/utils.d.ts +32 -0
package/dist/chat/chat-schema.d.ts +145 -0
package/dist/default-tools/constants.d.ts +23 -0
package/dist/default-tools/definitions.d.ts +96 -0
package/dist/default-tools/executors/apply-patch-parser.d.ts +68 -0
package/dist/default-tools/executors/apply-patch.d.ts +26 -0
package/dist/default-tools/executors/bash.d.ts +49 -0
package/dist/default-tools/executors/editor.d.ts +31 -0
package/dist/default-tools/executors/file-read.d.ts +40 -0
package/dist/default-tools/executors/index.d.ts +44 -0
package/dist/default-tools/executors/search.d.ts +50 -0
package/dist/default-tools/executors/web-fetch.d.ts +58 -0
package/dist/default-tools/index.d.ts +57 -0
package/dist/default-tools/presets.d.ts +124 -0
package/dist/default-tools/schemas.d.ts +121 -0
package/dist/default-tools/types.d.ts +237 -0
package/dist/index.d.ts +23 -0
package/dist/index.js +220 -0
package/dist/input/file-indexer.d.ts +5 -0
package/dist/input/index.d.ts +4 -0
package/dist/input/mention-enricher.d.ts +12 -0
package/dist/mcp/config-loader.d.ts +15 -0
package/dist/mcp/index.d.ts +4 -0
package/dist/mcp/manager.d.ts +24 -0
package/dist/mcp/types.d.ts +66 -0
package/dist/runtime/hook-file-hooks.d.ts +18 -0
package/dist/runtime/rules.d.ts +5 -0
package/dist/runtime/runtime-builder.d.ts +5 -0
package/dist/runtime/sandbox/subprocess-sandbox.d.ts +19 -0
package/dist/runtime/session-runtime.d.ts +36 -0
package/dist/runtime/tool-approval.d.ts +9 -0
package/dist/runtime/workflows.d.ts +13 -0
package/dist/server/index.d.ts +47 -0
package/dist/server/index.js +641 -0
package/dist/session/default-session-manager.d.ts +77 -0
package/dist/session/rpc-session-service.d.ts +12 -0
package/dist/session/runtime-oauth-token-manager.d.ts +28 -0
package/dist/session/session-artifacts.d.ts +19 -0
package/dist/session/session-graph.d.ts +15 -0
package/dist/session/session-host.d.ts +21 -0
package/dist/session/session-manager.d.ts +50 -0
package/dist/session/session-manifest.d.ts +30 -0
package/dist/session/session-service.d.ts +113 -0
package/dist/session/sqlite-rpc-session-backend.d.ts +30 -0
package/dist/session/unified-session-persistence-service.d.ts +93 -0
package/dist/session/workspace-manager.d.ts +28 -0
package/dist/session/workspace-manifest.d.ts +25 -0
package/dist/storage/provider-settings-legacy-migration.d.ts +13 -0
package/dist/storage/provider-settings-manager.d.ts +20 -0
package/dist/storage/sqlite-session-store.d.ts +29 -0
package/dist/storage/sqlite-team-store.d.ts +31 -0
package/dist/storage/team-store.d.ts +2 -0
package/dist/team/index.d.ts +1 -0
package/dist/team/projections.d.ts +8 -0
package/dist/types/common.d.ts +10 -0
package/dist/types/config.d.ts +37 -0
package/dist/types/events.d.ts +54 -0
package/dist/types/provider-settings.d.ts +20 -0
package/dist/types/sessions.d.ts +9 -0
package/dist/types/storage.d.ts +37 -0
package/dist/types/workspace.d.ts +7 -0
package/dist/types.d.ts +26 -0
package/package.json +63 -0
package/src/account/cline-account-service.test.ts +101 -0
package/src/account/cline-account-service.ts +267 -0
package/src/account/index.ts +20 -0
package/src/account/rpc.test.ts +62 -0
package/src/account/rpc.ts +172 -0
package/src/account/types.ts +80 -0
package/src/agents/agent-config-loader.test.ts +234 -0
package/src/agents/agent-config-loader.ts +107 -0
package/src/agents/agent-config-parser.ts +191 -0
package/src/agents/hooks-config-loader.ts +97 -0
package/src/agents/index.ts +84 -0
package/src/agents/plugin-config-loader.test.ts +91 -0
package/src/agents/plugin-config-loader.ts +160 -0
package/src/agents/plugin-loader.test.ts +102 -0
package/src/agents/plugin-loader.ts +105 -0
package/src/agents/plugin-sandbox.test.ts +120 -0
package/src/agents/plugin-sandbox.ts +471 -0
package/src/agents/unified-config-file-watcher.test.ts +196 -0
package/src/agents/unified-config-file-watcher.ts +483 -0
package/src/agents/user-instruction-config-loader.test.ts +158 -0
package/src/agents/user-instruction-config-loader.ts +438 -0
package/src/auth/client.test.ts +40 -0
package/src/auth/client.ts +25 -0
package/src/auth/cline.test.ts +130 -0
package/src/auth/cline.ts +414 -0
package/src/auth/codex.test.ts +170 -0
package/src/auth/codex.ts +466 -0
package/src/auth/oca.test.ts +215 -0
package/src/auth/oca.ts +546 -0
package/src/auth/server.ts +216 -0
package/src/auth/types.ts +78 -0
package/src/auth/utils.test.ts +128 -0
package/src/auth/utils.ts +247 -0
package/src/chat/chat-schema.ts +82 -0
package/src/default-tools/constants.ts +35 -0
package/src/default-tools/definitions.test.ts +233 -0
package/src/default-tools/definitions.ts +632 -0
package/src/default-tools/executors/apply-patch-parser.ts +520 -0
package/src/default-tools/executors/apply-patch.ts +359 -0
package/src/default-tools/executors/bash.ts +205 -0
package/src/default-tools/executors/editor.ts +231 -0
package/src/default-tools/executors/file-read.test.ts +25 -0
package/src/default-tools/executors/file-read.ts +94 -0
package/src/default-tools/executors/index.ts +75 -0
package/src/default-tools/executors/search.ts +278 -0
package/src/default-tools/executors/web-fetch.ts +259 -0
package/src/default-tools/index.ts +161 -0
package/src/default-tools/presets.test.ts +63 -0
package/src/default-tools/presets.ts +168 -0
package/src/default-tools/schemas.ts +228 -0
package/src/default-tools/types.ts +324 -0
package/src/index.ts +119 -0
package/src/input/file-indexer.d.ts +11 -0
package/src/input/file-indexer.test.ts +87 -0
package/src/input/file-indexer.ts +280 -0
package/src/input/index.ts +7 -0
package/src/input/mention-enricher.test.ts +82 -0
package/src/input/mention-enricher.ts +119 -0
package/src/mcp/config-loader.test.ts +238 -0
package/src/mcp/config-loader.ts +219 -0
package/src/mcp/index.ts +26 -0
package/src/mcp/manager.test.ts +106 -0
package/src/mcp/manager.ts +262 -0
package/src/mcp/types.ts +88 -0
package/src/runtime/hook-file-hooks.test.ts +106 -0
package/src/runtime/hook-file-hooks.ts +736 -0
package/src/runtime/index.ts +27 -0
package/src/runtime/rules.ts +34 -0
package/src/runtime/runtime-builder.team-persistence.test.ts +203 -0
package/src/runtime/runtime-builder.test.ts +215 -0
package/src/runtime/runtime-builder.ts +515 -0
package/src/runtime/runtime-parity.test.ts +132 -0
package/src/runtime/sandbox/subprocess-sandbox.ts +207 -0
package/src/runtime/session-runtime.ts +44 -0
package/src/runtime/tool-approval.ts +104 -0
package/src/runtime/workflows.test.ts +119 -0
package/src/runtime/workflows.ts +54 -0
package/src/server/index.ts +282 -0
package/src/session/default-session-manager.e2e.test.ts +354 -0
package/src/session/default-session-manager.test.ts +816 -0
package/src/session/default-session-manager.ts +1286 -0
package/src/session/index.ts +37 -0
package/src/session/rpc-session-service.ts +189 -0
package/src/session/runtime-oauth-token-manager.test.ts +137 -0
package/src/session/runtime-oauth-token-manager.ts +265 -0
package/src/session/session-artifacts.ts +106 -0
package/src/session/session-graph.ts +90 -0
package/src/session/session-host.ts +190 -0
package/src/session/session-manager.ts +56 -0
package/src/session/session-manifest.ts +29 -0
package/src/session/session-service.team-persistence.test.ts +48 -0
package/src/session/session-service.ts +610 -0
package/src/session/sqlite-rpc-session-backend.ts +303 -0
package/src/session/unified-session-persistence-service.ts +781 -0
package/src/session/workspace-manager.ts +98 -0
package/src/session/workspace-manifest.ts +100 -0
package/src/storage/artifact-store.ts +1 -0
package/src/storage/index.ts +11 -0
package/src/storage/provider-settings-legacy-migration.test.ts +175 -0
package/src/storage/provider-settings-legacy-migration.ts +637 -0
package/src/storage/provider-settings-manager.test.ts +111 -0
package/src/storage/provider-settings-manager.ts +129 -0
package/src/storage/session-store.ts +1 -0
package/src/storage/sqlite-session-store.ts +270 -0
package/src/storage/sqlite-team-store.ts +443 -0
package/src/storage/team-store.ts +5 -0
package/src/team/index.ts +4 -0
package/src/team/projections.ts +285 -0
package/src/types/common.ts +14 -0
package/src/types/config.ts +64 -0
package/src/types/events.ts +46 -0
package/src/types/index.ts +24 -0
package/src/types/provider-settings.ts +43 -0
package/src/types/sessions.ts +16 -0
package/src/types/storage.ts +64 -0
package/src/types/workspace.ts +7 -0
package/src/types.ts +127 -0

package/src/auth/server.ts ADDED Viewed

@@ -0,0 +1,216 @@
+export interface OAuthCallbackPayload {
+	url: URL;
+	code?: string;
+	state?: string;
+	provider?: string;
+	error?: string;
+}
+type Deferred<T> = {
+	promise: Promise<T>;
+	resolve: (value: T) => void;
+};
+function createDeferred<T>(): Deferred<T> {
+	let resolve!: (value: T) => void;
+	const promise = new Promise<T>((res) => {
+		resolve = res;
+	});
+	return { promise, resolve };
+}
+export interface LocalOAuthServerOptions {
+	host?: string;
+	ports: number[];
+	callbackPath: string;
+	timeoutMs?: number;
+	expectedState?: string;
+	successHtml?: string;
+}
+export interface LocalOAuthServer {
+	callbackUrl: string;
+	waitForCallback: () => Promise<OAuthCallbackPayload | null>;
+	cancelWait: () => void;
+	close: () => void;
+}
+export async function startLocalOAuthServer(
+	options: LocalOAuthServerOptions,
+): Promise<LocalOAuthServer> {
+	const http = await import("node:http");
+	const host = options.host ?? "127.0.0.1";
+	const timeoutMs = options.timeoutMs ?? 5 * 60 * 1000;
+	const successHtml = options.successHtml ?? HTML_CONTENT;
+	const deferred = createDeferred<OAuthCallbackPayload | null>();
+	let settled = false;
+	let timeout: ReturnType<typeof setTimeout> | null = null;
+	let activeServer: import("node:http").Server | null = null;
+	const settle = (value: OAuthCallbackPayload | null) => {
+		if (settled) return;
+		settled = true;
+		deferred.resolve(value);
+	};
+	const close = () => {
+		if (timeout) {
+			clearTimeout(timeout);
+			timeout = null;
+		}
+		if (activeServer) {
+			activeServer.close();
+			activeServer = null;
+		}
+	};
+	const waitForCallback = async () => {
+		timeout = setTimeout(() => {
+			close();
+			settle(null);
+		}, timeoutMs);
+		return deferred.promise;
+	};
+	for (const port of options.ports) {
+		const server = http.createServer((req, res) => {
+			try {
+				const requestUrl = new URL(req.url || "", `http://${host}:${port}`);
+				if (requestUrl.pathname !== options.callbackPath) {
+					res.statusCode = 404;
+					res.end("Not found");
+					return;
+				}
+				const payload: OAuthCallbackPayload = {
+					url: requestUrl,
+					code: requestUrl.searchParams.get("code") ?? undefined,
+					state: requestUrl.searchParams.get("state") ?? undefined,
+					provider: requestUrl.searchParams.get("provider") ?? undefined,
+					error: requestUrl.searchParams.get("error") ?? undefined,
+				};
+				if (payload.error) {
+					res.statusCode = 400;
+					res.end(`Authentication failed: ${payload.error}`);
+					close();
+					settle(payload);
+					return;
+				}
+				if (!payload.code) {
+					res.statusCode = 400;
+					res.end("Missing authorization code");
+					return;
+				}
+				if (options.expectedState && payload.state !== options.expectedState) {
+					res.statusCode = 400;
+					res.end("State mismatch");
+					return;
+				}
+				res.statusCode = 200;
+				res.setHeader("Content-Type", "text/html; charset=utf-8");
+				res.end(successHtml);
+				close();
+				settle(payload);
+			} catch {
+				res.statusCode = 500;
+				res.end("Internal error");
+			}
+		});
+		const bindResult = await new Promise<{
+			bound: boolean;
+			error?: NodeJS.ErrnoException;
+		}>((resolve) => {
+			const onError = (error: NodeJS.ErrnoException) => {
+				server.off("error", onError);
+				resolve({ bound: false, error });
+			};
+			server.once("error", onError);
+			server.listen(port, host, () => {
+				server.off("error", onError);
+				activeServer = server;
+				resolve({ bound: true });
+			});
+		});
+		if (bindResult.error) {
+			if (bindResult.error.code === "EADDRINUSE") {
+				continue;
+			}
+			close();
+			throw bindResult.error;
+		}
+		if (bindResult.bound) {
+			return {
+				callbackUrl: `http://${host}:${port}${options.callbackPath}`,
+				waitForCallback,
+				cancelWait: () => {
+					close();
+					settle(null);
+				},
+				close: () => {
+					close();
+					settle(null);
+				},
+			};
+		}
+	}
+	return {
+		callbackUrl: "",
+		waitForCallback: async () => null,
+		cancelWait: () => {},
+		close: () => {},
+	};
+}
+const HTML_CONTENT = `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Authentication Successful</title>
+<style>
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+    min-height: 100vh;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+    color: #fff;
+  }
+  .container { text-align: center; padding: 48px; max-width: 420px; }
+  .icon {
+    width: 72px; height: 72px; margin: 0 auto 24px;
+    background: linear-gradient(135deg, #10a37f 0%, #1a7f64 100%);
+    border-radius: 50%;
+    display: flex; align-items: center; justify-content: center;
+  }
+  .icon svg { width: 36px; height: 36px; stroke: #fff; stroke-width: 3; fill: none; }
+  h1 { font-size: 24px; font-weight: 600; margin-bottom: 12px; }
+  p { font-size: 15px; color: rgba(255,255,255,0.7); line-height: 1.5; }
+  .closing { margin-top: 32px; font-size: 13px; color: rgba(255,255,255,0.5); }
+</style>
+</head>
+<body>
+<div class="container">
+  <div class="icon">
+    <svg viewBox="0 0 24 24"><polyline points="20 6 9 17 4 12"></polyline></svg>
+  </div>
+  <h1>Authentication Successful</h1>
+  <p>You're now signed in. You can close this window.</p>
+  <p class="closing">This window will close automatically...</p>
+</div>
+<script>setTimeout(() => window.close(), 3000);</script>
+</body>
+</html>`;

package/src/auth/types.ts ADDED Viewed

@@ -0,0 +1,78 @@
+export interface OAuthPrompt {
+	message: string;
+	defaultValue?: string;
+}
+export interface OAuthCredentials {
+	access: string;
+	refresh: string;
+	/**
+	 * Expiration timestamp in milliseconds since epoch.
+	 */
+	expires: number;
+	/**
+	 * Optional provider-specific account identifier.
+	 */
+	accountId?: string;
+	/**
+	 * Optional email for display/telemetry.
+	 */
+	email?: string;
+	/**
+	 * Provider-specific metadata (user info, provider hint, etc).
+	 */
+	metadata?: Record<string, unknown>;
+}
+export interface OAuthLoginCallbacks {
+	onAuth: (info: { url: string; instructions?: string }) => void;
+	onPrompt: (prompt: OAuthPrompt) => Promise<string>;
+	onProgress?: (message: string) => void;
+	onManualCodeInput?: () => Promise<string>;
+}
+export interface OAuthProviderInterface {
+	id: string;
+	name: string;
+	usesCallbackServer: boolean;
+	login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
+	refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials>;
+	getApiKey(credentials: OAuthCredentials): string;
+}
+export type OcaMode = "internal" | "external";
+export interface OcaOAuthEnvironmentConfig {
+	clientId: string;
+	idcsUrl: string;
+	scopes: string;
+	baseUrl: string;
+}
+export interface OcaOAuthConfig {
+	internal: OcaOAuthEnvironmentConfig;
+	external: OcaOAuthEnvironmentConfig;
+}
+export interface OcaClientMetadata {
+	client?: string;
+	clientVersion?: string;
+	clientIde?: string;
+	clientIdeVersion?: string;
+}
+export interface OcaOAuthProviderOptions {
+	config?: Partial<OcaOAuthConfig>;
+	mode?: OcaMode | (() => OcaMode);
+	callbackPath?: string;
+	callbackPorts?: number[];
+	requestTimeoutMs?: number;
+	refreshBufferMs?: number;
+	retryableTokenGraceMs?: number;
+}
+export interface OcaTokenResolution {
+	forceRefresh?: boolean;
+	refreshBufferMs?: number;
+	retryableTokenGraceMs?: number;
+}

package/src/auth/utils.test.ts ADDED Viewed

@@ -0,0 +1,128 @@
+import { describe, expect, it, vi } from "vitest";
+import {
+	decodeJwtPayload,
+	isCredentialLikelyExpired,
+	parseAuthorizationInput,
+	parseOAuthError,
+	resolveAuthorizationCodeInput,
+	resolveUrl,
+} from "./utils.js";
+function toBase64Url(value: string): string {
+	return Buffer.from(value, "utf8").toString("base64url");
+}
+function createJwt(payload: Record<string, unknown>): string {
+	return `${toBase64Url(JSON.stringify({ alg: "none", typ: "JWT" }))}.${toBase64Url(JSON.stringify(payload))}.sig`;
+}
+describe("auth/utils", () => {
+	it("parses auth input from full URL with provider", () => {
+		const parsed = parseAuthorizationInput(
+			"http://localhost/callback?code=test-code&state=s1&provider=google",
+			{
+				includeProvider: true,
+			},
+		);
+		expect(parsed).toEqual({
+			code: "test-code",
+			state: "s1",
+			provider: "google",
+		});
+	});
+	it("parses auth input from hash format when enabled", () => {
+		const parsed = parseAuthorizationInput("abc123#state1", {
+			allowHashCodeState: true,
+		});
+		expect(parsed).toEqual({ code: "abc123", state: "state1" });
+	});
+	it("builds resolved URLs from base + path", () => {
+		expect(resolveUrl("https://example.com/", "/token")).toBe(
+			"https://example.com/token",
+		);
+	});
+	it("decodes JWT payload", () => {
+		const token = createJwt({ sub: "account-1", exp: 123 });
+		expect(decodeJwtPayload(token)).toMatchObject({
+			sub: "account-1",
+			exp: 123,
+		});
+		expect(decodeJwtPayload("invalid")).toBeNull();
+	});
+	it("parses OAuth error payloads from string and object forms", () => {
+		expect(
+			parseOAuthError(
+				JSON.stringify({
+					error: "invalid_grant",
+					error_description: "expired",
+				}),
+			),
+		).toEqual({
+			code: "invalid_grant",
+			message: "expired",
+		});
+		expect(
+			parseOAuthError(
+				JSON.stringify({ error: { type: "unauthorized", message: "denied" } }),
+			),
+		).toEqual({
+			code: "unauthorized",
+			message: "denied",
+		});
+	});
+	it("resolves code from callback result", async () => {
+		const result = await resolveAuthorizationCodeInput({
+			waitForCallback: async () => ({
+				url: new URL("http://localhost"),
+				code: "from-callback",
+				state: "s1",
+			}),
+			cancelWait: () => {},
+		});
+		expect(result).toEqual({
+			code: "from-callback",
+			state: "s1",
+			provider: undefined,
+			error: undefined,
+		});
+	});
+	it("resolves code from manual input when callback does not provide one", async () => {
+		const cancelWait = vi.fn();
+		const result = await resolveAuthorizationCodeInput({
+			waitForCallback: async () => null,
+			cancelWait,
+			onManualCodeInput: async () => "code=manual&state=manual-state",
+		});
+		expect(cancelWait).toHaveBeenCalled();
+		expect(result).toEqual({
+			code: "manual",
+			state: "manual-state",
+			provider: undefined,
+		});
+	});
+	it("throws when manual input rejects", async () => {
+		await expect(
+			resolveAuthorizationCodeInput({
+				waitForCallback: async () => null,
+				cancelWait: () => {},
+				onManualCodeInput: async () => {
+					throw new Error("cancelled");
+				},
+			}),
+		).rejects.toThrow("cancelled");
+	});
+	it("checks token expiry with configurable buffer", () => {
+		const nowSpy = vi.spyOn(Date, "now").mockReturnValue(1_000);
+		expect(isCredentialLikelyExpired({ expires: 1_500 }, 600)).toBe(true);
+		expect(isCredentialLikelyExpired({ expires: 3_000 }, 600)).toBe(false);
+		nowSpy.mockRestore();
+	});
+});

package/src/auth/utils.ts ADDED Viewed

@@ -0,0 +1,247 @@
+import type { OAuthCallbackPayload } from "./server.js";
+import type { OAuthCredentials } from "./types.js";
+function base64UrlEncode(input: Uint8Array): string {
+	let binary = "";
+	for (let i = 0; i < input.length; i += 1) {
+		binary += String.fromCharCode(input[i] ?? 0);
+	}
+	return btoa(binary)
+		.replace(/\+/g, "-")
+		.replace(/\//g, "_")
+		.replace(/=+$/g, "");
+}
+async function sha256(value: string): Promise<Uint8Array> {
+	const encoder = new TextEncoder();
+	const data = encoder.encode(value);
+	const digest = await crypto.subtle.digest("SHA-256", data);
+	return new Uint8Array(digest);
+}
+function createVerifier(byteLength = 32): string {
+	const randomBytes = new Uint8Array(byteLength);
+	crypto.getRandomValues(randomBytes);
+	return base64UrlEncode(randomBytes);
+}
+export async function getProofKey(): Promise<{
+	verifier: string;
+	challenge: string;
+}> {
+	const verifier = createVerifier();
+	const challenge = base64UrlEncode(await sha256(verifier));
+	return { verifier, challenge };
+}
+export function normalizeBaseUrl(value: string): string {
+	return value.endsWith("/") ? value.slice(0, -1) : value;
+}
+export function resolveUrl(baseUrl: string, path: string): string {
+	return new URL(path, `${normalizeBaseUrl(baseUrl)}/`).toString();
+}
+export type ParsedAuthorizationInput = {
+	code?: string;
+	state?: string;
+	provider?: string;
+};
+export type ParseAuthorizationInputOptions = {
+	includeProvider?: boolean;
+	allowHashCodeState?: boolean;
+};
+export function parseAuthorizationInput(
+	input: string,
+	options: ParseAuthorizationInputOptions = {},
+): ParsedAuthorizationInput {
+	const value = input.trim();
+	if (!value) {
+		return {};
+	}
+	try {
+		const url = new URL(value);
+		return {
+			code: url.searchParams.get("code") ?? undefined,
+			state: url.searchParams.get("state") ?? undefined,
+			provider: options.includeProvider
+				? (url.searchParams.get("provider") ?? undefined)
+				: undefined,
+		};
+	} catch {
+		// not a URL
+	}
+	if (options.allowHashCodeState && value.includes("#")) {
+		const [code, state] = value.split("#", 2);
+		return {
+			code: code || undefined,
+			state: state || undefined,
+		};
+	}
+	if (value.includes("code=")) {
+		const params = new URLSearchParams(value);
+		return {
+			code: params.get("code") ?? undefined,
+			state: params.get("state") ?? undefined,
+			provider: options.includeProvider
+				? (params.get("provider") ?? undefined)
+				: undefined,
+		};
+	}
+	return { code: value };
+}
+function decodeBase64(value: string): string | null {
+	if (typeof atob === "function") {
+		try {
+			return atob(value);
+		} catch {
+			return null;
+		}
+	}
+	if (typeof Buffer !== "undefined") {
+		try {
+			return Buffer.from(value, "base64").toString("utf8");
+		} catch {
+			return null;
+		}
+	}
+	return null;
+}
+export function decodeJwtPayload(
+	token?: string,
+): Record<string, unknown> | null {
+	if (!token) {
+		return null;
+	}
+	try {
+		const parts = token.split(".");
+		if (parts.length !== 3) {
+			return null;
+		}
+		const payload = parts[1];
+		if (!payload) {
+			return null;
+		}
+		const normalized = payload.replace(/-/g, "+").replace(/_/g, "/");
+		const padded = normalized.padEnd(
+			normalized.length + ((4 - (normalized.length % 4)) % 4),
+			"=",
+		);
+		const decoded = decodeBase64(padded);
+		if (!decoded) {
+			return null;
+		}
+		return JSON.parse(decoded) as Record<string, unknown>;
+	} catch {
+		return null;
+	}
+}
+export function parseOAuthError(text: string): {
+	code?: string;
+	message?: string;
+} {
+	try {
+		const json = JSON.parse(text) as Record<string, unknown>;
+		const error = json.error;
+		const code =
+			typeof error === "string"
+				? error
+				: error &&
+						typeof error === "object" &&
+						typeof (error as Record<string, unknown>).type === "string"
+					? ((error as Record<string, unknown>).type as string)
+					: undefined;
+		const message =
+			typeof json.error_description === "string"
+				? json.error_description
+				: typeof json.message === "string"
+					? json.message
+					: error &&
+							typeof error === "object" &&
+							typeof (error as Record<string, unknown>).message === "string"
+						? ((error as Record<string, unknown>).message as string)
+						: undefined;
+		return { code, message };
+	} catch {
+		return {};
+	}
+}
+export function isCredentialLikelyExpired(
+	credentials: Pick<OAuthCredentials, "expires">,
+	refreshBufferMs: number,
+): boolean {
+	return Date.now() >= credentials.expires - refreshBufferMs;
+}
+export async function resolveAuthorizationCodeInput(input: {
+	waitForCallback: () => Promise<OAuthCallbackPayload | null>;
+	cancelWait: () => void;
+	onManualCodeInput?: () => Promise<string>;
+	parseOptions?: ParseAuthorizationInputOptions;
+}): Promise<ParsedAuthorizationInput & { error?: string }> {
+	if (!input.onManualCodeInput) {
+		const callbackResult = await input.waitForCallback();
+		return {
+			code: callbackResult?.code,
+			state: callbackResult?.state,
+			provider: callbackResult?.provider,
+			error: callbackResult?.error,
+		};
+	}
+	let manualInput: string | undefined;
+	let manualError: Error | undefined;
+	const manualPromise = input
+		.onManualCodeInput()
+		.then((value) => {
+			manualInput = value;
+			input.cancelWait();
+		})
+		.catch((error: unknown) => {
+			manualError = error instanceof Error ? error : new Error(String(error));
+			input.cancelWait();
+		});
+	const callbackResult = await input.waitForCallback();
+	if (manualError) {
+		throw manualError;
+	}
+	if (callbackResult?.code || callbackResult?.error) {
+		return {
+			code: callbackResult.code,
+			state: callbackResult.state,
+			provider: callbackResult.provider,
+			error: callbackResult.error,
+		};
+	}
+	if (manualInput) {
+		return parseAuthorizationInput(manualInput, input.parseOptions);
+	}
+	await manualPromise;
+	if (manualError) {
+		throw manualError;
+	}
+	if (manualInput) {
+		return parseAuthorizationInput(manualInput, input.parseOptions);
+	}
+	return {};
+}