@codeguide/core 0.0.20 → 0.0.22

package/codeguide.ts

@@ -16,6 +16,7 @@ import {
   SubscriptionService,
   CancellationFunnelService,
   CodespaceService,
+  ExternalTokenService,
 } from './services'
 import { APIServiceConfig, CodeGuideOptions } from './types'
 
@@ -29,6 +30,7 @@ export class CodeGuide {
   public subscription: SubscriptionService
   public cancellationFunnel: CancellationFunnelService
   public codespace: CodespaceService
+  public externalTokens: ExternalTokenService
   private options: CodeGuideOptions
 
   constructor(config: APIServiceConfig, options: CodeGuideOptions = {}) {
@@ -44,6 +46,7 @@ export class CodeGuide {
     this.subscription = new SubscriptionService(config)
     this.cancellationFunnel = new CancellationFunnelService(config)
     this.codespace = new CodespaceService(config)
+    this.externalTokens = new ExternalTokenService(config)
   }
 
   // Convenience method for backward compatibility

package/dist/codeguide.d.ts

@@ -1,4 +1,4 @@
-import { GenerationService, ProjectService, UsageService, RepositoryAnalysisService, TaskService, ApiKeyEnhancedService, SubscriptionService, CancellationFunnelService, CodespaceService } from './services';
+import { GenerationService, ProjectService, UsageService, RepositoryAnalysisService, TaskService, ApiKeyEnhancedService, SubscriptionService, CancellationFunnelService, CodespaceService, ExternalTokenService } from './services';
 import { APIServiceConfig, CodeGuideOptions } from './types';
 export declare class CodeGuide {
     generation: GenerationService;
@@ -10,6 +10,7 @@ export declare class CodeGuide {
     subscription: SubscriptionService;
     cancellationFunnel: CancellationFunnelService;
     codespace: CodespaceService;
+    externalTokens: ExternalTokenService;
     private options;
     constructor(config: APIServiceConfig, options?: CodeGuideOptions);
     getGuidance(prompt: string): Promise<any>;

package/dist/codeguide.js

@@ -25,6 +25,7 @@ class CodeGuide {
         this.subscription = new services_1.SubscriptionService(config);
         this.cancellationFunnel = new services_1.CancellationFunnelService(config);
         this.codespace = new services_1.CodespaceService(config);
+        this.externalTokens = new services_1.ExternalTokenService(config);
     }
     // Convenience method for backward compatibility
     async getGuidance(prompt) {

package/dist/index.d.ts

@@ -3,3 +3,4 @@ export * from './services';
 export * from './types';
 export type { ConnectRepositoryRequest, ConnectRepositoryResponse } from './services/projects/project-types';
 export type { CreateCodespaceTaskRequestV2 as CreateCodespaceTaskRequest, CreateCodespaceTaskResponseV2 as CreateCodespaceTaskResponse, CreateBackgroundCodespaceTaskRequest, CreateBackgroundCodespaceTaskResponse, ModelApiKey, GetCodespaceTaskResponse, CodespaceTaskData, TechnicalDocument, GetProjectTasksByCodespaceResponse } from './services/codespace/codespace-types';
+export type { StoreExternalTokenRequest, StoreExternalTokenResponse, ListTokensQuery, ListTokensResponse, ValidateTokenRequest, ValidateTokenResponse, FindBestMatchRequest, FindBestMatchResponse, Platform, TokenType } from './services/external-tokens/external-tokens-types';

package/dist/services/external-tokens/external-tokens-service.d.ts

@@ -0,0 +1,19 @@
+import { BaseService } from '../base/base-service';
+import { StoreExternalTokenRequest, StoreExternalTokenResponse, StoreWithDetectionRequest, StoreWithDetectionResponse, ListTokensQuery, ListTokensResponse, ValidateTokenRequest, ValidateTokenResponse, FindBestMatchRequest, FindBestMatchResponse, TestStoredTokenRequest, TestStoredTokenResponse, GetTokenResponse, UpdateTokenRequest, UpdateTokenResponse, RevokeTokenResponse, SupportedPlatformsResponse, StoreGitHubTokenRequest, StoreGitLabTokenRequest } from './external-tokens-types';
+export declare class ExternalTokenService extends BaseService {
+    storeExternalToken(request: StoreExternalTokenRequest): Promise<StoreExternalTokenResponse>;
+    storeWithDetection(request: StoreWithDetectionRequest): Promise<StoreWithDetectionResponse>;
+    storeGitHubToken(request: StoreGitHubTokenRequest): Promise<StoreExternalTokenResponse>;
+    storeGitLabToken(request: StoreGitLabTokenRequest): Promise<StoreExternalTokenResponse>;
+    listTokens(query?: ListTokensQuery): Promise<ListTokensResponse>;
+    getToken(tokenId: string): Promise<GetTokenResponse>;
+    validateToken(request: ValidateTokenRequest): Promise<ValidateTokenResponse>;
+    findBestMatch(request: FindBestMatchRequest): Promise<FindBestMatchResponse>;
+    testStoredToken(tokenId: string, request: TestStoredTokenRequest): Promise<TestStoredTokenResponse>;
+    updateToken(tokenId: string, request: UpdateTokenRequest): Promise<UpdateTokenResponse>;
+    revokeToken(tokenId: string): Promise<RevokeTokenResponse>;
+    getSupportedPlatforms(): Promise<SupportedPlatformsResponse>;
+    private validateStoreRequest;
+    private validateTokenFormat;
+    private validateRepositoryUrlPattern;
+}

package/dist/services/external-tokens/external-tokens-service.js

@@ -0,0 +1,177 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExternalTokenService = void 0;
+const base_service_1 = require("../base/base-service");
+class ExternalTokenService extends base_service_1.BaseService {
+    // Core Storage Endpoints
+    async storeExternalToken(request) {
+        this.validateStoreRequest(request);
+        return this.post('/external-tokens/store', request);
+    }
+    async storeWithDetection(request) {
+        if (!request.token) {
+            throw new Error('token is required');
+        }
+        if (!request.token_name) {
+            throw new Error('token_name is required');
+        }
+        return this.post('/external-tokens/store-with-detection', request);
+    }
+    // Platform-Specific Endpoints (Backward Compatible)
+    async storeGitHubToken(request) {
+        if (!request.token) {
+            throw new Error('token is required');
+        }
+        if (!request.token_name) {
+            throw new Error('token_name is required');
+        }
+        return this.post('/external-tokens/store/github', request);
+    }
+    async storeGitLabToken(request) {
+        if (!request.token) {
+            throw new Error('token is required');
+        }
+        if (!request.token_name) {
+            throw new Error('token_name is required');
+        }
+        return this.post('/external-tokens/store/gitlab', request);
+    }
+    // Retrieval Endpoints
+    async listTokens(query) {
+        const params = new URLSearchParams();
+        if (query?.platform) {
+            params.append('platform', query.platform);
+        }
+        if (query?.include_inactive !== undefined) {
+            params.append('include_inactive', query.include_inactive.toString());
+        }
+        if (query?.page) {
+            params.append('page', query.page.toString());
+        }
+        if (query?.per_page) {
+            params.append('per_page', query.per_page.toString());
+        }
+        const queryString = params.toString();
+        const url = queryString ? `/external-tokens/?${queryString}` : '/external-tokens/';
+        return this.get(url);
+    }
+    async getToken(tokenId) {
+        if (!tokenId) {
+            throw new Error('token_id is required');
+        }
+        return this.get(`/external-tokens/${tokenId}`);
+    }
+    // Validation and Testing Endpoints
+    async validateToken(request) {
+        if (!request.token) {
+            throw new Error('token is required');
+        }
+        return this.post('/external-tokens/validate', request);
+    }
+    async findBestMatch(request) {
+        if (!request.repository_url) {
+            throw new Error('repository_url is required');
+        }
+        return this.post('/external-tokens/find-best-match', request);
+    }
+    async testStoredToken(tokenId, request) {
+        if (!tokenId) {
+            throw new Error('token_id is required');
+        }
+        if (!request.repository_url) {
+            throw new Error('repository_url is required');
+        }
+        return this.post(`/external-tokens/${tokenId}/test`, request);
+    }
+    // Management Endpoints
+    async updateToken(tokenId, request) {
+        if (!tokenId) {
+            throw new Error('token_id is required');
+        }
+        return this.put(`/external-tokens/${tokenId}`, request);
+    }
+    async revokeToken(tokenId) {
+        if (!tokenId) {
+            throw new Error('token_id is required');
+        }
+        return this.delete(`/external-tokens/${tokenId}`);
+    }
+    // Platform Discovery Endpoint
+    async getSupportedPlatforms() {
+        return this.get('/external-tokens/platforms');
+    }
+    // Private validation methods
+    validateStoreRequest(request) {
+        if (!request.platform) {
+            throw new Error('platform is required');
+        }
+        if (!request.token) {
+            throw new Error('token is required');
+        }
+        if (!request.token_name) {
+            throw new Error('token_name is required');
+        }
+        if (!request.token_type) {
+            throw new Error('token_type is required');
+        }
+        // Validate platform
+        const validPlatforms = ['github', 'gitlab', 'bitbucket'];
+        if (!validPlatforms.includes(request.platform)) {
+            throw new Error(`platform must be one of: ${validPlatforms.join(', ')}`);
+        }
+        // Validate token format based on platform
+        this.validateTokenFormat(request.token, request.platform);
+        // Validate repository URL pattern if provided
+        if (request.repository_url_pattern) {
+            this.validateRepositoryUrlPattern(request.repository_url_pattern, request.platform);
+        }
+        // Validate expires_at if provided
+        if (request.expires_at) {
+            const expiresDate = new Date(request.expires_at);
+            if (isNaN(expiresDate.getTime())) {
+                throw new Error('expires_at must be a valid ISO 8601 date string');
+            }
+            if (expiresDate <= new Date()) {
+                throw new Error('expires_at must be in the future');
+            }
+        }
+    }
+    validateTokenFormat(token, platform) {
+        switch (platform) {
+            case 'github':
+                if (!token.startsWith('ghp_') && !token.startsWith('gho_') && !token.startsWith('ghu_') && !token.startsWith('ghs_') && !token.startsWith('ghr_')) {
+                    throw new Error('Invalid GitHub token format. GitHub tokens should start with ghp_, gho_, ghu_, ghs_, or ghr_');
+                }
+                break;
+            case 'gitlab':
+                if (!token.startsWith('glpat-') && !token.startsWith('grlpat-') && !token.startsWith('gldt-')) {
+                    throw new Error('Invalid GitLab token format. GitLab tokens should start with glpat-, grlpat-, or gldt-');
+                }
+                break;
+            case 'bitbucket':
+                if (!token.startsWith('ATBB')) {
+                    throw new Error('Invalid Bitbucket token format. Bitbucket tokens should start with ATBB');
+                }
+                break;
+        }
+    }
+    validateRepositoryUrlPattern(pattern, platform) {
+        try {
+            new URL(pattern.replace('*', 'test'));
+        }
+        catch {
+            throw new Error('Invalid repository URL pattern');
+        }
+        // Check if pattern contains platform-specific domain
+        const platformDomains = {
+            github: ['github.com'],
+            gitlab: ['gitlab.com'],
+            bitbucket: ['bitbucket.org']
+        };
+        const hasValidDomain = platformDomains[platform].some(domain => pattern.includes(domain));
+        if (!hasValidDomain) {
+            throw new Error(`Repository URL pattern should contain ${platformDomains[platform].join(' or ')} for ${platform}`);
+        }
+    }
+}
+exports.ExternalTokenService = ExternalTokenService;

package/dist/services/external-tokens/external-tokens-types.d.ts

@@ -0,0 +1,168 @@
+export type Platform = 'github' | 'gitlab' | 'bitbucket';
+export type TokenType = 'personal_access_token' | 'deploy_token' | 'github_app' | 'oauth' | 'project_token' | 'group_token' | 'workspace_token' | 'repository_token';
+export interface StoreExternalTokenRequest {
+    platform: Platform;
+    token: string;
+    token_name: string;
+    token_type: TokenType;
+    repository_url_pattern?: string;
+    scopes?: string[];
+    expires_at?: string;
+    metadata?: Record<string, any>;
+}
+export interface StoreExternalTokenResponse {
+    id: string;
+    user_id: string;
+    platform: Platform;
+    token_name: string;
+    token_type: TokenType;
+    repository_url_pattern?: string;
+    scopes: string[];
+    is_active: boolean;
+    last_used_at: string | null;
+    expires_at: string | null;
+    created_at: string;
+    updated_at: string;
+    metadata?: Record<string, any>;
+    token_preview: string;
+}
+export interface StoreWithDetectionRequest {
+    token: string;
+    token_name: string;
+    repository_url_pattern?: string;
+    scopes?: string[];
+    platform: Platform | null;
+    expires_at?: string;
+    metadata?: Record<string, any>;
+}
+export interface StoreWithDetectionResponse extends StoreExternalTokenResponse {
+}
+export interface ListTokensQuery {
+    platform?: Platform;
+    include_inactive?: boolean;
+    page?: number;
+    per_page?: number;
+}
+export interface ListTokensResponse {
+    tokens: Array<{
+        id: string;
+        platform: Platform;
+        token_name: string;
+        token_preview: string;
+        is_active: boolean;
+        created_at: string;
+        last_used_at?: string | null;
+        expires_at?: string | null;
+    }>;
+    total: number;
+    page: number;
+    per_page: number;
+}
+export interface ValidateTokenRequest {
+    token: string;
+    platform?: Platform | null;
+}
+export interface TokenUserInfo {
+    username: string;
+    id: number;
+    name?: string;
+    email?: string;
+}
+export interface ValidateTokenResponse {
+    valid: boolean;
+    platform: Platform | null;
+    token_type: TokenType | null;
+    scopes: string[];
+    user_info?: TokenUserInfo;
+    error_message: string | null;
+}
+export interface FindBestMatchRequest {
+    repository_url: string;
+    required_scopes?: string[];
+    preferred_platform?: Platform;
+}
+export interface AlternativeToken {
+    id: string;
+    platform: Platform;
+    token_name: string;
+    token_preview: string;
+    match_reason: string;
+}
+export interface FindBestMatchResponse {
+    token_found: boolean;
+    token?: {
+        id: string;
+        platform: Platform;
+        token_name: string;
+        token_preview: string;
+    };
+    match_reason?: string;
+    alternative_tokens: AlternativeToken[];
+}
+export interface TestStoredTokenRequest {
+    repository_url: string;
+    operation?: string;
+}
+export interface TestDetails {
+    platform: Platform;
+    token_id: string;
+    operation: string;
+    test_timestamp: string;
+}
+export interface TestStoredTokenResponse {
+    success: boolean;
+    message: string;
+    test_details: TestDetails;
+    recommendations?: string[];
+}
+export interface GetTokenResponse extends StoreExternalTokenResponse {
+}
+export interface UpdateTokenRequest {
+    token_name?: string;
+    repository_url_pattern?: string;
+    scopes?: string[];
+    is_active?: boolean;
+    expires_at?: string;
+    metadata?: Record<string, any>;
+}
+export interface UpdateTokenResponse extends StoreExternalTokenResponse {
+}
+export interface RevokeTokenResponse {
+    success: boolean;
+    message: string;
+    revoked_at: string;
+}
+export interface PlatformScopes {
+    [key: string]: string[];
+}
+export interface PlatformInfo {
+    name: string;
+    token_types: TokenType[];
+    api_base_url: string;
+    supported_scopes: PlatformScopes;
+}
+export interface SupportedPlatformsResponse {
+    platforms: {
+        github: PlatformInfo;
+        gitlab: PlatformInfo;
+        bitbucket: PlatformInfo;
+    };
+    total_count: number;
+    features: string[];
+}
+export interface StoreGitHubTokenRequest {
+    token: string;
+    token_name: string;
+    repository_url_pattern?: string;
+    scopes?: string[];
+    expires_at?: string;
+    metadata?: Record<string, any>;
+}
+export interface StoreGitLabTokenRequest {
+    token: string;
+    token_name: string;
+    repository_url_pattern?: string;
+    scopes?: string[];
+    expires_at?: string;
+    metadata?: Record<string, any>;
+}

package/dist/services/external-tokens/external-tokens-types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/external-tokens/index.d.ts

@@ -0,0 +1,2 @@
+export { ExternalTokenService } from './external-tokens-service';
+export * from './external-tokens-types';

package/dist/services/external-tokens/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExternalTokenService = void 0;
+var external_tokens_service_1 = require("./external-tokens-service");
+Object.defineProperty(exports, "ExternalTokenService", { enumerable: true, get: function () { return external_tokens_service_1.ExternalTokenService; } });
+__exportStar(require("./external-tokens-types"), exports);

package/dist/services/index.d.ts

@@ -8,6 +8,7 @@ export { ApiKeyEnhancedService } from './api-key-enhanced';
 export { SubscriptionService } from './subscriptions';
 export { CancellationFunnelService } from './cancellation-funnel';
 export { CodespaceService } from './codespace';
+export { ExternalTokenService } from './external-tokens';
 export * from './generation';
 export * from './projects';
 export * from './usage';
@@ -17,3 +18,4 @@ export * from './api-key-enhanced';
 export * from './subscriptions';
 export * from './cancellation-funnel';
 export * from './codespace';
+export * from './external-tokens';

package/dist/services/index.js

@@ -17,7 +17,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CodespaceService = exports.CancellationFunnelService = exports.SubscriptionService = exports.ApiKeyEnhancedService = exports.TaskService = exports.RepositoryAnalysisService = exports.UsageService = exports.ProjectService = exports.GenerationService = exports.BaseService = void 0;
+exports.ExternalTokenService = exports.CodespaceService = exports.CancellationFunnelService = exports.SubscriptionService = exports.ApiKeyEnhancedService = exports.TaskService = exports.RepositoryAnalysisService = exports.UsageService = exports.ProjectService = exports.GenerationService = exports.BaseService = void 0;
 const dotenv_1 = __importDefault(require("dotenv"));
 const path_1 = __importDefault(require("path"));
 // Load environment variables from project root
@@ -45,6 +45,8 @@ var cancellation_funnel_1 = require("./cancellation-funnel");
 Object.defineProperty(exports, "CancellationFunnelService", { enumerable: true, get: function () { return cancellation_funnel_1.CancellationFunnelService; } });
 var codespace_1 = require("./codespace");
 Object.defineProperty(exports, "CodespaceService", { enumerable: true, get: function () { return codespace_1.CodespaceService; } });
+var external_tokens_1 = require("./external-tokens");
+Object.defineProperty(exports, "ExternalTokenService", { enumerable: true, get: function () { return external_tokens_1.ExternalTokenService; } });
 // Re-export all types for convenience
 __exportStar(require("./generation"), exports);
 __exportStar(require("./projects"), exports);
@@ -55,3 +57,4 @@ __exportStar(require("./api-key-enhanced"), exports);
 __exportStar(require("./subscriptions"), exports);
 __exportStar(require("./cancellation-funnel"), exports);
 __exportStar(require("./codespace"), exports);
+__exportStar(require("./external-tokens"), exports);

package/index.ts

@@ -24,3 +24,17 @@ export type {
   TechnicalDocument,
   GetProjectTasksByCodespaceResponse
 } from './services/codespace/codespace-types'
+
+// Export commonly used external tokens types for convenience
+export type {
+  StoreExternalTokenRequest,
+  StoreExternalTokenResponse,
+  ListTokensQuery,
+  ListTokensResponse,
+  ValidateTokenRequest,
+  ValidateTokenResponse,
+  FindBestMatchRequest,
+  FindBestMatchResponse,
+  Platform,
+  TokenType
+} from './services/external-tokens/external-tokens-types'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codeguide/core",
-  "version": "0.0.20",
+  "version": "0.0.22",
   "description": "Core package for code guidance with programmatic API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/services/external-tokens/external-tokens-service.ts

@@ -0,0 +1,231 @@
+import { BaseService } from '../base/base-service'
+import {
+  StoreExternalTokenRequest,
+  StoreExternalTokenResponse,
+  StoreWithDetectionRequest,
+  StoreWithDetectionResponse,
+  ListTokensQuery,
+  ListTokensResponse,
+  ValidateTokenRequest,
+  ValidateTokenResponse,
+  FindBestMatchRequest,
+  FindBestMatchResponse,
+  TestStoredTokenRequest,
+  TestStoredTokenResponse,
+  GetTokenResponse,
+  UpdateTokenRequest,
+  UpdateTokenResponse,
+  RevokeTokenResponse,
+  SupportedPlatformsResponse,
+  StoreGitHubTokenRequest,
+  StoreGitLabTokenRequest,
+  Platform,
+} from './external-tokens-types'
+
+export class ExternalTokenService extends BaseService {
+  // Core Storage Endpoints
+
+  async storeExternalToken(request: StoreExternalTokenRequest): Promise<StoreExternalTokenResponse> {
+    this.validateStoreRequest(request)
+    return this.post<StoreExternalTokenResponse>('/external-tokens/store', request)
+  }
+
+  async storeWithDetection(request: StoreWithDetectionRequest): Promise<StoreWithDetectionResponse> {
+    if (!request.token) {
+      throw new Error('token is required')
+    }
+    if (!request.token_name) {
+      throw new Error('token_name is required')
+    }
+    return this.post<StoreWithDetectionResponse>('/external-tokens/store-with-detection', request)
+  }
+
+  // Platform-Specific Endpoints (Backward Compatible)
+
+  async storeGitHubToken(request: StoreGitHubTokenRequest): Promise<StoreExternalTokenResponse> {
+    if (!request.token) {
+      throw new Error('token is required')
+    }
+    if (!request.token_name) {
+      throw new Error('token_name is required')
+    }
+    return this.post<StoreExternalTokenResponse>('/external-tokens/store/github', request)
+  }
+
+  async storeGitLabToken(request: StoreGitLabTokenRequest): Promise<StoreExternalTokenResponse> {
+    if (!request.token) {
+      throw new Error('token is required')
+    }
+    if (!request.token_name) {
+      throw new Error('token_name is required')
+    }
+    return this.post<StoreExternalTokenResponse>('/external-tokens/store/gitlab', request)
+  }
+
+  // Retrieval Endpoints
+
+  async listTokens(query?: ListTokensQuery): Promise<ListTokensResponse> {
+    const params = new URLSearchParams()
+
+    if (query?.platform) {
+      params.append('platform', query.platform)
+    }
+    if (query?.include_inactive !== undefined) {
+      params.append('include_inactive', query.include_inactive.toString())
+    }
+    if (query?.page) {
+      params.append('page', query.page.toString())
+    }
+    if (query?.per_page) {
+      params.append('per_page', query.per_page.toString())
+    }
+
+    const queryString = params.toString()
+    const url = queryString ? `/external-tokens/?${queryString}` : '/external-tokens/'
+
+    return this.get<ListTokensResponse>(url)
+  }
+
+  async getToken(tokenId: string): Promise<GetTokenResponse> {
+    if (!tokenId) {
+      throw new Error('token_id is required')
+    }
+    return this.get<GetTokenResponse>(`/external-tokens/${tokenId}`)
+  }
+
+  // Validation and Testing Endpoints
+
+  async validateToken(request: ValidateTokenRequest): Promise<ValidateTokenResponse> {
+    if (!request.token) {
+      throw new Error('token is required')
+    }
+    return this.post<ValidateTokenResponse>('/external-tokens/validate', request)
+  }
+
+  async findBestMatch(request: FindBestMatchRequest): Promise<FindBestMatchResponse> {
+    if (!request.repository_url) {
+      throw new Error('repository_url is required')
+    }
+    return this.post<FindBestMatchResponse>('/external-tokens/find-best-match', request)
+  }
+
+  async testStoredToken(tokenId: string, request: TestStoredTokenRequest): Promise<TestStoredTokenResponse> {
+    if (!tokenId) {
+      throw new Error('token_id is required')
+    }
+    if (!request.repository_url) {
+      throw new Error('repository_url is required')
+    }
+    return this.post<TestStoredTokenResponse>(`/external-tokens/${tokenId}/test`, request)
+  }
+
+  // Management Endpoints
+
+  async updateToken(tokenId: string, request: UpdateTokenRequest): Promise<UpdateTokenResponse> {
+    if (!tokenId) {
+      throw new Error('token_id is required')
+    }
+    return this.put<UpdateTokenResponse>(`/external-tokens/${tokenId}`, request)
+  }
+
+  async revokeToken(tokenId: string): Promise<RevokeTokenResponse> {
+    if (!tokenId) {
+      throw new Error('token_id is required')
+    }
+    return this.delete<RevokeTokenResponse>(`/external-tokens/${tokenId}`)
+  }
+
+  // Platform Discovery Endpoint
+
+  async getSupportedPlatforms(): Promise<SupportedPlatformsResponse> {
+    return this.get<SupportedPlatformsResponse>('/external-tokens/platforms')
+  }
+
+  // Private validation methods
+
+  private validateStoreRequest(request: StoreExternalTokenRequest): void {
+    if (!request.platform) {
+      throw new Error('platform is required')
+    }
+
+    if (!request.token) {
+      throw new Error('token is required')
+    }
+
+    if (!request.token_name) {
+      throw new Error('token_name is required')
+    }
+
+    if (!request.token_type) {
+      throw new Error('token_type is required')
+    }
+
+    // Validate platform
+    const validPlatforms: Platform[] = ['github', 'gitlab', 'bitbucket']
+    if (!validPlatforms.includes(request.platform)) {
+      throw new Error(`platform must be one of: ${validPlatforms.join(', ')}`)
+    }
+
+    // Validate token format based on platform
+    this.validateTokenFormat(request.token, request.platform)
+
+    // Validate repository URL pattern if provided
+    if (request.repository_url_pattern) {
+      this.validateRepositoryUrlPattern(request.repository_url_pattern, request.platform)
+    }
+
+    // Validate expires_at if provided
+    if (request.expires_at) {
+      const expiresDate = new Date(request.expires_at)
+      if (isNaN(expiresDate.getTime())) {
+        throw new Error('expires_at must be a valid ISO 8601 date string')
+      }
+      if (expiresDate <= new Date()) {
+        throw new Error('expires_at must be in the future')
+      }
+    }
+  }
+
+  private validateTokenFormat(token: string, platform: Platform): void {
+    switch (platform) {
+      case 'github':
+        if (!token.startsWith('ghp_') && !token.startsWith('gho_') && !token.startsWith('ghu_') && !token.startsWith('ghs_') && !token.startsWith('ghr_')) {
+          throw new Error('Invalid GitHub token format. GitHub tokens should start with ghp_, gho_, ghu_, ghs_, or ghr_')
+        }
+        break
+      case 'gitlab':
+        if (!token.startsWith('glpat-') && !token.startsWith('grlpat-') && !token.startsWith('gldt-')) {
+          throw new Error('Invalid GitLab token format. GitLab tokens should start with glpat-, grlpat-, or gldt-')
+        }
+        break
+      case 'bitbucket':
+        if (!token.startsWith('ATBB')) {
+          throw new Error('Invalid Bitbucket token format. Bitbucket tokens should start with ATBB')
+        }
+        break
+    }
+  }
+
+  private validateRepositoryUrlPattern(pattern: string, platform: Platform): void {
+    try {
+      new URL(pattern.replace('*', 'test'))
+    } catch {
+      throw new Error('Invalid repository URL pattern')
+    }
+
+    // Check if pattern contains platform-specific domain
+    const platformDomains = {
+      github: ['github.com'],
+      gitlab: ['gitlab.com'],
+      bitbucket: ['bitbucket.org']
+    }
+
+    const hasValidDomain = platformDomains[platform].some(domain =>
+      pattern.includes(domain)
+    )
+
+    if (!hasValidDomain) {
+      throw new Error(`Repository URL pattern should contain ${platformDomains[platform].join(' or ')} for ${platform}`)
+    }
+  }
+}

package/services/external-tokens/external-tokens-types.ts

@@ -0,0 +1,190 @@
+export type Platform = 'github' | 'gitlab' | 'bitbucket'
+export type TokenType = 'personal_access_token' | 'deploy_token' | 'github_app' | 'oauth' | 'project_token' | 'group_token' | 'workspace_token' | 'repository_token'
+
+export interface StoreExternalTokenRequest {
+  platform: Platform
+  token: string
+  token_name: string
+  token_type: TokenType
+  repository_url_pattern?: string
+  scopes?: string[]
+  expires_at?: string
+  metadata?: Record<string, any>
+}
+
+export interface StoreExternalTokenResponse {
+  id: string
+  user_id: string
+  platform: Platform
+  token_name: string
+  token_type: TokenType
+  repository_url_pattern?: string
+  scopes: string[]
+  is_active: boolean
+  last_used_at: string | null
+  expires_at: string | null
+  created_at: string
+  updated_at: string
+  metadata?: Record<string, any>
+  token_preview: string
+}
+
+export interface StoreWithDetectionRequest {
+  token: string
+  token_name: string
+  repository_url_pattern?: string
+  scopes?: string[]
+  platform: Platform | null
+  expires_at?: string
+  metadata?: Record<string, any>
+}
+
+export interface StoreWithDetectionResponse extends StoreExternalTokenResponse {}
+
+export interface ListTokensQuery {
+  platform?: Platform
+  include_inactive?: boolean
+  page?: number
+  per_page?: number
+}
+
+export interface ListTokensResponse {
+  tokens: Array<{
+    id: string
+    platform: Platform
+    token_name: string
+    token_preview: string
+    is_active: boolean
+    created_at: string
+    last_used_at?: string | null
+    expires_at?: string | null
+  }>
+  total: number
+  page: number
+  per_page: number
+}
+
+export interface ValidateTokenRequest {
+  token: string
+  platform?: Platform | null
+}
+
+export interface TokenUserInfo {
+  username: string
+  id: number
+  name?: string
+  email?: string
+}
+
+export interface ValidateTokenResponse {
+  valid: boolean
+  platform: Platform | null
+  token_type: TokenType | null
+  scopes: string[]
+  user_info?: TokenUserInfo
+  error_message: string | null
+}
+
+export interface FindBestMatchRequest {
+  repository_url: string
+  required_scopes?: string[]
+  preferred_platform?: Platform
+}
+
+export interface AlternativeToken {
+  id: string
+  platform: Platform
+  token_name: string
+  token_preview: string
+  match_reason: string
+}
+
+export interface FindBestMatchResponse {
+  token_found: boolean
+  token?: {
+    id: string
+    platform: Platform
+    token_name: string
+    token_preview: string
+  }
+  match_reason?: string
+  alternative_tokens: AlternativeToken[]
+}
+
+export interface TestStoredTokenRequest {
+  repository_url: string
+  operation?: string
+}
+
+export interface TestDetails {
+  platform: Platform
+  token_id: string
+  operation: string
+  test_timestamp: string
+}
+
+export interface TestStoredTokenResponse {
+  success: boolean
+  message: string
+  test_details: TestDetails
+  recommendations?: string[]
+}
+
+export interface GetTokenResponse extends StoreExternalTokenResponse {}
+
+export interface UpdateTokenRequest {
+  token_name?: string
+  repository_url_pattern?: string
+  scopes?: string[]
+  is_active?: boolean
+  expires_at?: string
+  metadata?: Record<string, any>
+}
+
+export interface UpdateTokenResponse extends StoreExternalTokenResponse {}
+
+export interface RevokeTokenResponse {
+  success: boolean
+  message: string
+  revoked_at: string
+}
+
+export interface PlatformScopes {
+  [key: string]: string[]
+}
+
+export interface PlatformInfo {
+  name: string
+  token_types: TokenType[]
+  api_base_url: string
+  supported_scopes: PlatformScopes
+}
+
+export interface SupportedPlatformsResponse {
+  platforms: {
+    github: PlatformInfo
+    gitlab: PlatformInfo
+    bitbucket: PlatformInfo
+  }
+  total_count: number
+  features: string[]
+}
+
+// Platform-specific store requests for backward compatibility
+export interface StoreGitHubTokenRequest {
+  token: string
+  token_name: string
+  repository_url_pattern?: string
+  scopes?: string[]
+  expires_at?: string
+  metadata?: Record<string, any>
+}
+
+export interface StoreGitLabTokenRequest {
+  token: string
+  token_name: string
+  repository_url_pattern?: string
+  scopes?: string[]
+  expires_at?: string
+  metadata?: Record<string, any>
+}

package/services/external-tokens/index.ts

@@ -0,0 +1,2 @@
+export { ExternalTokenService } from './external-tokens-service'
+export * from './external-tokens-types'

package/services/index.ts

@@ -17,6 +17,7 @@ export { ApiKeyEnhancedService } from './api-key-enhanced'
 export { SubscriptionService } from './subscriptions'
 export { CancellationFunnelService } from './cancellation-funnel'
 export { CodespaceService } from './codespace'
+export { ExternalTokenService } from './external-tokens'
 
 // Re-export all types for convenience
 export * from './generation'
@@ -28,3 +29,4 @@ export * from './api-key-enhanced'
 export * from './subscriptions'
 export * from './cancellation-funnel'
 export * from './codespace'
+export * from './external-tokens'