@corigin/cli 0.1.0

package/dist/main.js

@@ -0,0 +1,1551 @@
+#!/usr/bin/env node
+
+// src/main.ts
+import { spawnSync } from "node:child_process";
+import { realpathSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { Command, CommanderError, InvalidArgumentError } from "commander";
+import { z as z3 } from "zod/v4";
+
+// src/lib/config.ts
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import path from "node:path";
+import { parse, stringify } from "smol-toml";
+import { z } from "zod/v4";
+var defaultProfileName = "default";
+var defaultConfigDir = path.join(homedir(), ".config", "corigin");
+var defaultProfileConfig = {
+  api_url: "https://api.corigin.dev",
+  web_url: "https://corigin.dev"
+};
+var profileNameSchema = z.string().min(1).regex(/^[A-Za-z0-9_.-]+$/u);
+var profileConfigSchema = z.object({
+  api_url: z.url(),
+  web_url: z.url()
+}).strict();
+var coriginConfigSchema = z.object({
+  profile: profileNameSchema.optional(),
+  profiles: z.record(profileNameSchema, profileConfigSchema).optional()
+}).strict();
+function configFilePath(configDir) {
+  return path.join(configDir, "config.toml");
+}
+async function readConfig(configDir) {
+  const source = await readFile(configFilePath(configDir), "utf8").catch((error) => {
+    if (isNotFoundError(error)) return null;
+    throw error;
+  });
+  if (source === null) return {};
+  return coriginConfigSchema.parse(parse(source));
+}
+async function writeConfig(configDir, config) {
+  await mkdir(configDir, { recursive: true, mode: 448 });
+  await writeFile(configFilePath(configDir), stringify(coriginConfigSchema.parse(config)), {
+    mode: 384
+  });
+}
+function resolveProfileName(config, explicitProfile) {
+  if (explicitProfile !== void 0) return profileNameSchema.parse(explicitProfile);
+  return config.profile ?? defaultProfileName;
+}
+function setProfileConfig(config, profileName, profileConfig) {
+  profileNameSchema.parse(profileName);
+  return {
+    ...config,
+    profile: profileName,
+    profiles: {
+      ...config.profiles,
+      [profileName]: profileConfigSchema.parse(profileConfig)
+    }
+  };
+}
+function isNotFoundError(error) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
+
+// src/lib/credentials.ts
+import { chmod, mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "node:fs/promises";
+import path2 from "node:path";
+import { parse as parse2, stringify as stringify2 } from "smol-toml";
+import { z as z2 } from "zod/v4";
+var profileCredentialSchema = z2.object({
+  credential: z2.string().min(1)
+}).strict();
+var coriginCredentialsSchema = z2.object({
+  profiles: z2.record(profileNameSchema, profileCredentialSchema).optional()
+}).strict();
+function credentialsFilePath(configDir) {
+  return path2.join(configDir, "credentials.toml");
+}
+function legacyCredentialsFilePath(configDir) {
+  return path2.join(configDir, "credentials.json");
+}
+async function readCredentials(configDir) {
+  const source = await readFile2(credentialsFilePath(configDir), "utf8").catch((error) => {
+    if (isNotFoundError2(error)) return null;
+    throw error;
+  });
+  if (source === null) return {};
+  return coriginCredentialsSchema.parse(parse2(source));
+}
+async function writeCredentials(configDir, credentials) {
+  await mkdir2(configDir, { recursive: true, mode: 448 });
+  const filePath = credentialsFilePath(configDir);
+  await writeFile2(filePath, stringify2(coriginCredentialsSchema.parse(credentials)), {
+    mode: 384
+  });
+  await chmod(filePath, 384).catch(() => void 0);
+}
+async function writeProfileCredential(configDir, profileName, credential) {
+  profileNameSchema.parse(profileName);
+  const existing = await readCredentials(configDir);
+  await writeCredentials(configDir, {
+    ...existing,
+    profiles: {
+      ...existing.profiles,
+      [profileName]: profileCredentialSchema.parse({ credential })
+    }
+  });
+}
+async function readProfileCredential(configDir, profileName) {
+  profileNameSchema.parse(profileName);
+  return (await readCredentials(configDir)).profiles?.[profileName];
+}
+async function migrateLegacyCredential(configDir) {
+  const source = await readFile2(legacyCredentialsFilePath(configDir), "utf8").catch(
+    (error) => {
+      if (isNotFoundError2(error)) return null;
+      throw error;
+    }
+  );
+  if (source === null) return void 0;
+  const parsed = legacyCredentialsSchema.parse(JSON.parse(source));
+  const productionCredentials = parsed.credentials.filter(
+    (credential) => credential.apiUrl === "https://api.corigin.dev"
+  );
+  if (productionCredentials.length === 0) return void 0;
+  if (productionCredentials.length > 1) {
+    throw new Error("Legacy credentials are ambiguous. Run corigin login --profile <name>.");
+  }
+  return { credential: productionCredentials[0].credential };
+}
+var legacyCredentialsSchema = z2.object({
+  credentials: z2.array(
+    z2.object({
+      apiUrl: z2.string(),
+      workspaceId: z2.string(),
+      workspaceName: z2.string(),
+      credential: z2.string().min(1)
+    })
+  ).default([])
+});
+function isNotFoundError2(error) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
+
+// src/lib/generated/repo-api-client/core/serverSentEvents.gen.ts
+function createSseClient({
+  onRequest,
+  onSseError,
+  onSseEvent,
+  responseTransformer,
+  responseValidator,
+  sseDefaultRetryDelay,
+  sseMaxRetryAttempts,
+  sseMaxRetryDelay,
+  sseSleepFn,
+  url,
+  ...options
+}) {
+  let lastEventId;
+  const sleep2 = sseSleepFn ?? ((ms) => new Promise((resolve) => setTimeout(resolve, ms)));
+  const createStream = async function* () {
+    let retryDelay = sseDefaultRetryDelay ?? 3e3;
+    let attempt = 0;
+    const signal = options.signal ?? new AbortController().signal;
+    while (true) {
+      if (signal.aborted) break;
+      attempt++;
+      const headers = options.headers instanceof Headers ? options.headers : new Headers(options.headers);
+      if (lastEventId !== void 0) {
+        headers.set("Last-Event-ID", lastEventId);
+      }
+      try {
+        const requestInit = {
+          redirect: "follow",
+          ...options,
+          body: options.serializedBody,
+          headers,
+          signal
+        };
+        let request = new Request(url, requestInit);
+        if (onRequest) {
+          request = await onRequest(url, requestInit);
+        }
+        const _fetch = options.fetch ?? globalThis.fetch;
+        const response = await _fetch(request);
+        if (!response.ok) throw new Error(`SSE failed: ${response.status} ${response.statusText}`);
+        if (!response.body) throw new Error("No body in SSE response");
+        const reader = response.body.pipeThrough(new TextDecoderStream()).getReader();
+        let buffer = "";
+        const abortHandler = () => {
+          try {
+            reader.cancel();
+          } catch {
+          }
+        };
+        signal.addEventListener("abort", abortHandler);
+        try {
+          while (true) {
+            const { done, value } = await reader.read();
+            if (done) break;
+            buffer += value;
+            buffer = buffer.replace(/\r\n?/g, "\n");
+            const chunks = buffer.split("\n\n");
+            buffer = chunks.pop() ?? "";
+            for (const chunk of chunks) {
+              const lines = chunk.split("\n");
+              const dataLines = [];
+              let eventName;
+              for (const line of lines) {
+                if (line.startsWith("data:")) {
+                  dataLines.push(line.replace(/^data:\s*/, ""));
+                } else if (line.startsWith("event:")) {
+                  eventName = line.replace(/^event:\s*/, "");
+                } else if (line.startsWith("id:")) {
+                  lastEventId = line.replace(/^id:\s*/, "");
+                } else if (line.startsWith("retry:")) {
+                  const parsed = Number.parseInt(line.replace(/^retry:\s*/, ""), 10);
+                  if (!Number.isNaN(parsed)) {
+                    retryDelay = parsed;
+                  }
+                }
+              }
+              let data;
+              let parsedJson = false;
+              if (dataLines.length) {
+                const rawData = dataLines.join("\n");
+                try {
+                  data = JSON.parse(rawData);
+                  parsedJson = true;
+                } catch {
+                  data = rawData;
+                }
+              }
+              if (parsedJson) {
+                if (responseValidator) {
+                  await responseValidator(data);
+                }
+                if (responseTransformer) {
+                  data = await responseTransformer(data);
+                }
+              }
+              onSseEvent?.({
+                data,
+                event: eventName,
+                id: lastEventId,
+                retry: retryDelay
+              });
+              if (dataLines.length) {
+                yield data;
+              }
+            }
+          }
+        } finally {
+          signal.removeEventListener("abort", abortHandler);
+          reader.releaseLock();
+        }
+        break;
+      } catch (error) {
+        onSseError?.(error);
+        if (sseMaxRetryAttempts !== void 0 && attempt >= sseMaxRetryAttempts) {
+          break;
+        }
+        const backoff = Math.min(retryDelay * 2 ** (attempt - 1), sseMaxRetryDelay ?? 3e4);
+        await sleep2(backoff);
+      }
+    }
+  };
+  const stream = createStream();
+  return { stream };
+}
+
+// src/lib/generated/repo-api-client/core/pathSerializer.gen.ts
+var separatorArrayExplode = (style) => {
+  switch (style) {
+    case "label":
+      return ".";
+    case "matrix":
+      return ";";
+    case "simple":
+      return ",";
+    default:
+      return "&";
+  }
+};
+var separatorArrayNoExplode = (style) => {
+  switch (style) {
+    case "form":
+      return ",";
+    case "pipeDelimited":
+      return "|";
+    case "spaceDelimited":
+      return "%20";
+    default:
+      return ",";
+  }
+};
+var separatorObjectExplode = (style) => {
+  switch (style) {
+    case "label":
+      return ".";
+    case "matrix":
+      return ";";
+    case "simple":
+      return ",";
+    default:
+      return "&";
+  }
+};
+var serializeArrayParam = ({
+  allowReserved,
+  explode,
+  name,
+  style,
+  value
+}) => {
+  if (!explode) {
+    const joinedValues2 = (allowReserved ? value : value.map((v) => encodeURIComponent(v))).join(separatorArrayNoExplode(style));
+    switch (style) {
+      case "label":
+        return `.${joinedValues2}`;
+      case "matrix":
+        return `;${name}=${joinedValues2}`;
+      case "simple":
+        return joinedValues2;
+      default:
+        return `${name}=${joinedValues2}`;
+    }
+  }
+  const separator = separatorArrayExplode(style);
+  const joinedValues = value.map((v) => {
+    if (style === "label" || style === "simple") {
+      return allowReserved ? v : encodeURIComponent(v);
+    }
+    return serializePrimitiveParam({
+      allowReserved,
+      name,
+      value: v
+    });
+  }).join(separator);
+  return style === "label" || style === "matrix" ? separator + joinedValues : joinedValues;
+};
+var serializePrimitiveParam = ({
+  allowReserved,
+  name,
+  value
+}) => {
+  if (value === void 0 || value === null) {
+    return "";
+  }
+  if (typeof value === "object") {
+    throw new Error(
+      "Deeply-nested arrays/objects aren\u2019t supported. Provide your own `querySerializer()` to handle these."
+    );
+  }
+  return `${name}=${allowReserved ? value : encodeURIComponent(value)}`;
+};
+var serializeObjectParam = ({
+  allowReserved,
+  explode,
+  name,
+  style,
+  value,
+  valueOnly
+}) => {
+  if (value instanceof Date) {
+    return valueOnly ? value.toISOString() : `${name}=${value.toISOString()}`;
+  }
+  if (style !== "deepObject" && !explode) {
+    let values = [];
+    Object.entries(value).forEach(([key, v]) => {
+      values = [...values, key, allowReserved ? v : encodeURIComponent(v)];
+    });
+    const joinedValues2 = values.join(",");
+    switch (style) {
+      case "form":
+        return `${name}=${joinedValues2}`;
+      case "label":
+        return `.${joinedValues2}`;
+      case "matrix":
+        return `;${name}=${joinedValues2}`;
+      default:
+        return joinedValues2;
+    }
+  }
+  const separator = separatorObjectExplode(style);
+  const joinedValues = Object.entries(value).map(
+    ([key, v]) => serializePrimitiveParam({
+      allowReserved,
+      name: style === "deepObject" ? `${name}[${key}]` : key,
+      value: v
+    })
+  ).join(separator);
+  return style === "label" || style === "matrix" ? separator + joinedValues : joinedValues;
+};
+
+// src/lib/generated/repo-api-client/core/utils.gen.ts
+var PATH_PARAM_RE = /\{[^{}]+\}/g;
+var defaultPathSerializer = ({ path: path3, url: _url }) => {
+  let url = _url;
+  const matches = _url.match(PATH_PARAM_RE);
+  if (matches) {
+    for (const match of matches) {
+      let explode = false;
+      let name = match.substring(1, match.length - 1);
+      let style = "simple";
+      if (name.endsWith("*")) {
+        explode = true;
+        name = name.substring(0, name.length - 1);
+      }
+      if (name.startsWith(".")) {
+        name = name.substring(1);
+        style = "label";
+      } else if (name.startsWith(";")) {
+        name = name.substring(1);
+        style = "matrix";
+      }
+      const value = path3[name];
+      if (value === void 0 || value === null) {
+        continue;
+      }
+      if (Array.isArray(value)) {
+        url = url.replace(match, serializeArrayParam({ explode, name, style, value }));
+        continue;
+      }
+      if (typeof value === "object") {
+        url = url.replace(
+          match,
+          serializeObjectParam({
+            explode,
+            name,
+            style,
+            value,
+            valueOnly: true
+          })
+        );
+        continue;
+      }
+      if (style === "matrix") {
+        url = url.replace(
+          match,
+          `;${serializePrimitiveParam({
+            name,
+            value
+          })}`
+        );
+        continue;
+      }
+      const replaceValue = encodeURIComponent(
+        style === "label" ? `.${value}` : value
+      );
+      url = url.replace(match, replaceValue);
+    }
+  }
+  return url;
+};
+var getUrl = ({
+  baseUrl,
+  path: path3,
+  query,
+  querySerializer,
+  url: _url
+}) => {
+  const pathUrl = _url.startsWith("/") ? _url : `/${_url}`;
+  let url = (baseUrl ?? "") + pathUrl;
+  if (path3) {
+    url = defaultPathSerializer({ path: path3, url });
+  }
+  let search = query ? querySerializer(query) : "";
+  if (search.startsWith("?")) {
+    search = search.substring(1);
+  }
+  if (search) {
+    url += `?${search}`;
+  }
+  return url;
+};
+function getValidRequestBody(options) {
+  const hasBody = options.body !== void 0;
+  const isSerializedBody = hasBody && options.bodySerializer;
+  if (isSerializedBody) {
+    if ("serializedBody" in options) {
+      const hasSerializedBody = options.serializedBody !== void 0 && options.serializedBody !== "";
+      return hasSerializedBody ? options.serializedBody : null;
+    }
+    return options.body !== "" ? options.body : null;
+  }
+  if (hasBody) {
+    return options.body;
+  }
+  return void 0;
+}
+
+// src/lib/generated/repo-api-client/core/auth.gen.ts
+var getAuthToken = async (auth, callback) => {
+  const token = typeof callback === "function" ? await callback(auth) : callback;
+  if (!token) {
+    return;
+  }
+  if (auth.scheme === "bearer") {
+    return `Bearer ${token}`;
+  }
+  if (auth.scheme === "basic") {
+    return `Basic ${btoa(token)}`;
+  }
+  return token;
+};
+
+// src/lib/generated/repo-api-client/core/bodySerializer.gen.ts
+var jsonBodySerializer = {
+  bodySerializer: (body) => JSON.stringify(body, (_key, value) => typeof value === "bigint" ? value.toString() : value)
+};
+
+// src/lib/generated/repo-api-client/client/utils.gen.ts
+var createQuerySerializer = ({
+  parameters = {},
+  ...args
+} = {}) => {
+  const querySerializer = (queryParams) => {
+    const search = [];
+    if (queryParams && typeof queryParams === "object") {
+      for (const name in queryParams) {
+        const value = queryParams[name];
+        if (value === void 0 || value === null) {
+          continue;
+        }
+        const options = parameters[name] || args;
+        if (Array.isArray(value)) {
+          const serializedArray = serializeArrayParam({
+            allowReserved: options.allowReserved,
+            explode: true,
+            name,
+            style: "form",
+            value,
+            ...options.array
+          });
+          if (serializedArray) search.push(serializedArray);
+        } else if (typeof value === "object") {
+          const serializedObject = serializeObjectParam({
+            allowReserved: options.allowReserved,
+            explode: true,
+            name,
+            style: "deepObject",
+            value,
+            ...options.object
+          });
+          if (serializedObject) search.push(serializedObject);
+        } else {
+          const serializedPrimitive = serializePrimitiveParam({
+            allowReserved: options.allowReserved,
+            name,
+            value
+          });
+          if (serializedPrimitive) search.push(serializedPrimitive);
+        }
+      }
+    }
+    return search.join("&");
+  };
+  return querySerializer;
+};
+var getParseAs = (contentType) => {
+  if (!contentType) {
+    return "stream";
+  }
+  const cleanContent = contentType.split(";")[0]?.trim();
+  if (!cleanContent) {
+    return;
+  }
+  if (cleanContent.startsWith("application/json") || cleanContent.endsWith("+json")) {
+    return "json";
+  }
+  if (cleanContent === "multipart/form-data") {
+    return "formData";
+  }
+  if (["application/", "audio/", "image/", "video/"].some((type) => cleanContent.startsWith(type))) {
+    return "blob";
+  }
+  if (cleanContent.startsWith("text/")) {
+    return "text";
+  }
+  return;
+};
+var checkForExistence = (options, name) => {
+  if (!name) {
+    return false;
+  }
+  if (options.headers.has(name) || options.query?.[name] || options.headers.get("Cookie")?.includes(`${name}=`)) {
+    return true;
+  }
+  return false;
+};
+var setAuthParams = async ({
+  security,
+  ...options
+}) => {
+  for (const auth of security) {
+    if (checkForExistence(options, auth.name)) {
+      continue;
+    }
+    const token = await getAuthToken(auth, options.auth);
+    if (!token) {
+      continue;
+    }
+    const name = auth.name ?? "Authorization";
+    switch (auth.in) {
+      case "query":
+        if (!options.query) {
+          options.query = {};
+        }
+        options.query[name] = token;
+        break;
+      case "cookie":
+        options.headers.append("Cookie", `${name}=${token}`);
+        break;
+      case "header":
+      default:
+        options.headers.set(name, token);
+        break;
+    }
+  }
+};
+var buildUrl = (options) => getUrl({
+  baseUrl: options.baseUrl,
+  path: options.path,
+  query: options.query,
+  querySerializer: typeof options.querySerializer === "function" ? options.querySerializer : createQuerySerializer(options.querySerializer),
+  url: options.url
+});
+var mergeConfigs = (a, b) => {
+  const config = { ...a, ...b };
+  if (config.baseUrl?.endsWith("/")) {
+    config.baseUrl = config.baseUrl.substring(0, config.baseUrl.length - 1);
+  }
+  config.headers = mergeHeaders(a.headers, b.headers);
+  return config;
+};
+var headersEntries = (headers) => {
+  const entries = [];
+  headers.forEach((value, key) => {
+    entries.push([key, value]);
+  });
+  return entries;
+};
+var mergeHeaders = (...headers) => {
+  const mergedHeaders = new Headers();
+  for (const header of headers) {
+    if (!header) {
+      continue;
+    }
+    const iterator = header instanceof Headers ? headersEntries(header) : Object.entries(header);
+    for (const [key, value] of iterator) {
+      if (value === null) {
+        mergedHeaders.delete(key);
+      } else if (Array.isArray(value)) {
+        for (const v of value) {
+          mergedHeaders.append(key, v);
+        }
+      } else if (value !== void 0) {
+        mergedHeaders.set(
+          key,
+          typeof value === "object" ? JSON.stringify(value) : value
+        );
+      }
+    }
+  }
+  return mergedHeaders;
+};
+var Interceptors = class {
+  fns = [];
+  clear() {
+    this.fns = [];
+  }
+  eject(id) {
+    const index = this.getInterceptorIndex(id);
+    if (this.fns[index]) {
+      this.fns[index] = null;
+    }
+  }
+  exists(id) {
+    const index = this.getInterceptorIndex(id);
+    return Boolean(this.fns[index]);
+  }
+  getInterceptorIndex(id) {
+    if (typeof id === "number") {
+      return this.fns[id] ? id : -1;
+    }
+    return this.fns.indexOf(id);
+  }
+  update(id, fn) {
+    const index = this.getInterceptorIndex(id);
+    if (this.fns[index]) {
+      this.fns[index] = fn;
+      return id;
+    }
+    return false;
+  }
+  use(fn) {
+    this.fns.push(fn);
+    return this.fns.length - 1;
+  }
+};
+var createInterceptors = () => ({
+  error: new Interceptors(),
+  request: new Interceptors(),
+  response: new Interceptors()
+});
+var defaultQuerySerializer = createQuerySerializer({
+  allowReserved: false,
+  array: {
+    explode: true,
+    style: "form"
+  },
+  object: {
+    explode: true,
+    style: "deepObject"
+  }
+});
+var defaultHeaders = {
+  "Content-Type": "application/json"
+};
+var createConfig = (override = {}) => ({
+  ...jsonBodySerializer,
+  headers: defaultHeaders,
+  parseAs: "auto",
+  querySerializer: defaultQuerySerializer,
+  ...override
+});
+
+// src/lib/generated/repo-api-client/client/client.gen.ts
+var createClient = (config = {}) => {
+  let _config = mergeConfigs(createConfig(), config);
+  const getConfig = () => ({ ..._config });
+  const setConfig = (config2) => {
+    _config = mergeConfigs(_config, config2);
+    return getConfig();
+  };
+  const interceptors = createInterceptors();
+  const beforeRequest = async (options) => {
+    const opts = {
+      ..._config,
+      ...options,
+      fetch: options.fetch ?? _config.fetch ?? globalThis.fetch,
+      headers: mergeHeaders(_config.headers, options.headers),
+      serializedBody: void 0
+    };
+    if (opts.security) {
+      await setAuthParams({
+        ...opts,
+        security: opts.security
+      });
+    }
+    if (opts.requestValidator) {
+      await opts.requestValidator(opts);
+    }
+    if (opts.body !== void 0 && opts.bodySerializer) {
+      opts.serializedBody = opts.bodySerializer(opts.body);
+    }
+    if (opts.body === void 0 || opts.serializedBody === "") {
+      opts.headers.delete("Content-Type");
+    }
+    const resolvedOpts = opts;
+    const url = buildUrl(resolvedOpts);
+    return { opts: resolvedOpts, url };
+  };
+  const request = async (options) => {
+    const throwOnError = options.throwOnError ?? _config.throwOnError;
+    const responseStyle = options.responseStyle ?? _config.responseStyle;
+    let request2;
+    let response;
+    try {
+      const { opts, url } = await beforeRequest(options);
+      const requestInit = {
+        redirect: "follow",
+        ...opts,
+        body: getValidRequestBody(opts)
+      };
+      request2 = new Request(url, requestInit);
+      for (const fn of interceptors.request.fns) {
+        if (fn) {
+          request2 = await fn(request2, opts);
+        }
+      }
+      const _fetch = opts.fetch;
+      response = await _fetch(request2);
+      for (const fn of interceptors.response.fns) {
+        if (fn) {
+          response = await fn(response, request2, opts);
+        }
+      }
+      const result = {
+        request: request2,
+        response
+      };
+      if (response.ok) {
+        const parseAs = (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json";
+        if (response.status === 204 || response.headers.get("Content-Length") === "0") {
+          let emptyData;
+          switch (parseAs) {
+            case "arrayBuffer":
+            case "blob":
+            case "text":
+              emptyData = await response[parseAs]();
+              break;
+            case "formData":
+              emptyData = new FormData();
+              break;
+            case "stream":
+              emptyData = response.body;
+              break;
+            case "json":
+            default:
+              emptyData = {};
+              break;
+          }
+          return opts.responseStyle === "data" ? emptyData : {
+            data: emptyData,
+            ...result
+          };
+        }
+        let data;
+        switch (parseAs) {
+          case "arrayBuffer":
+          case "blob":
+          case "formData":
+          case "text":
+            data = await response[parseAs]();
+            break;
+          case "json": {
+            const text = await response.text();
+            data = text ? JSON.parse(text) : {};
+            break;
+          }
+          case "stream":
+            return opts.responseStyle === "data" ? response.body : {
+              data: response.body,
+              ...result
+            };
+        }
+        if (parseAs === "json") {
+          if (opts.responseValidator) {
+            await opts.responseValidator(data);
+          }
+          if (opts.responseTransformer) {
+            data = await opts.responseTransformer(data);
+          }
+        }
+        return opts.responseStyle === "data" ? data : {
+          data,
+          ...result
+        };
+      }
+      const textError = await response.text();
+      let jsonError;
+      try {
+        jsonError = JSON.parse(textError);
+      } catch {
+      }
+      throw jsonError ?? textError;
+    } catch (error) {
+      let finalError = error;
+      for (const fn of interceptors.error.fns) {
+        if (fn) {
+          finalError = await fn(finalError, response, request2, options);
+        }
+      }
+      finalError = finalError || {};
+      if (throwOnError) {
+        throw finalError;
+      }
+      return responseStyle === "data" ? void 0 : {
+        error: finalError,
+        request: request2,
+        response
+      };
+    }
+  };
+  const makeMethodFn = (method) => (options) => request({ ...options, method });
+  const makeSseFn = (method) => async (options) => {
+    const { opts, url } = await beforeRequest(options);
+    return createSseClient({
+      ...opts,
+      body: opts.body,
+      method,
+      onRequest: async (url2, init) => {
+        let request2 = new Request(url2, init);
+        for (const fn of interceptors.request.fns) {
+          if (fn) {
+            request2 = await fn(request2, opts);
+          }
+        }
+        return request2;
+      },
+      serializedBody: getValidRequestBody(opts),
+      url
+    });
+  };
+  const _buildUrl = (options) => buildUrl({ ..._config, ...options });
+  return {
+    buildUrl: _buildUrl,
+    connect: makeMethodFn("CONNECT"),
+    delete: makeMethodFn("DELETE"),
+    get: makeMethodFn("GET"),
+    getConfig,
+    head: makeMethodFn("HEAD"),
+    interceptors,
+    options: makeMethodFn("OPTIONS"),
+    patch: makeMethodFn("PATCH"),
+    post: makeMethodFn("POST"),
+    put: makeMethodFn("PUT"),
+    request,
+    setConfig,
+    sse: {
+      connect: makeSseFn("CONNECT"),
+      delete: makeSseFn("DELETE"),
+      get: makeSseFn("GET"),
+      head: makeSseFn("HEAD"),
+      options: makeSseFn("OPTIONS"),
+      patch: makeSseFn("PATCH"),
+      post: makeSseFn("POST"),
+      put: makeSseFn("PUT"),
+      trace: makeSseFn("TRACE")
+    },
+    trace: makeMethodFn("TRACE")
+  };
+};
+
+// src/lib/generated/repo-api-client/core/params.gen.ts
+var extraPrefixesMap = {
+  $body_: "body",
+  $headers_: "headers",
+  $path_: "path",
+  $query_: "query"
+};
+var extraPrefixes = Object.entries(extraPrefixesMap);
+
+// src/lib/generated/repo-api-client/client.gen.ts
+var client = createClient(createConfig());
+
+// src/lib/generated/repo-api-client/sdk.gen.ts
+var listRepos = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/v1/repos",
+  ...options
+});
+var createRepo = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/v1/repos",
+  ...options,
+  headers: {
+    "Content-Type": "application/json",
+    ...options.headers
+  }
+});
+var deleteRepo = (options) => (options.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/v1/repos/{repo_id}",
+  ...options
+});
+var createGitToken = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/v1/repos/{repo_id}/git-token",
+  ...options,
+  headers: {
+    "Content-Type": "application/json",
+    ...options.headers
+  }
+});
+
+// src/main.ts
+var defaultGitHost = "git.corigin.dev";
+var CliError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+  }
+};
+function formatJsonSuccess(command, data) {
+  return `${JSON.stringify({ ok: true, command, data })}
+`;
+}
+function formatJsonError(command, code, message) {
+  return `${JSON.stringify({ ok: false, command, error: { code, message } })}
+`;
+}
+function redactSecrets(text, secrets) {
+  return secrets.reduce(
+    (current, secret) => secret ? current.split(secret).join("[redacted]") : current,
+    text
+  );
+}
+async function writeCredential(configDir, profileName, credential) {
+  await writeProfileCredential(configDir, profileName, credential.credential);
+}
+async function readCredential(configDir, profileName) {
+  const credential = await readProfileCredential(configDir, profileName);
+  return credential === void 0 ? void 0 : { credential: credential.credential };
+}
+function parseGitCredentialInput(input) {
+  const fields = Object.fromEntries(
+    input.split(/\r?\n/).filter((line) => line.length > 0).map((line) => {
+      const separator = line.indexOf("=");
+      if (separator < 1)
+        throw new CliError("invalid_git_credential_input", "Git credential input is malformed.");
+      return [line.slice(0, separator), line.slice(separator + 1)];
+    })
+  );
+  if (fields.protocol !== "https")
+    throw new CliError("invalid_git_credential_input", "Git credential protocol must be https.");
+  if (!fields.host)
+    throw new CliError("invalid_git_credential_input", "Git credential host is required.");
+  if (!fields.path)
+    throw new CliError("invalid_git_credential_input", "Git credential path is required.");
+  return { protocol: fields.protocol, host: fields.host, path: fields.path };
+}
+function resolveGitCredentialRepo(input) {
+  const normalizedPath = input.path.replace(/^\/+/, "").replace(/\.git$/, "");
+  const parts = normalizedPath.split("/");
+  if (parts.length !== 4 || parts[0] !== "w" || parts[2] !== "r" || !parts[1] || !parts[3]) {
+    throw new CliError(
+      "invalid_git_credential_path",
+      "Git credential path must identify a Corigin repository."
+    );
+  }
+  return { workspaceId: parts[1], repoId: parts[3] };
+}
+function createCoriginProgram(deps = {}) {
+  const program = addCliGlobalOptions(
+    new Command().name("corigin").description("Corigin command-line interface").version("0.1.0")
+  );
+  if (deps.exitOverride !== false) program.exitOverride();
+  addCliGlobalOptions(program.command("login")).option("--no-open", "Print the verification URL without opening a browser").option(
+    "--timeout-ms <milliseconds>",
+    "Local login timeout in milliseconds",
+    parsePositiveInteger,
+    12e4
+  ).action(
+    async (options, command) => runCommand("login", command, deps, () => login(command, options, deps))
+  );
+  const repos = program.command("repos").description("Create, list, and delete hosted repos");
+  addCliGlobalOptions(repos.command("list")).action(
+    async (_options, command) => runCommand("repos list", command, deps, () => reposList(command, deps))
+  );
+  addCliGlobalOptions(repos.command("create")).requiredOption("--name <name>", "Name for the hosted repository").action(
+    async (options, command) => runCommand("repos create", command, deps, () => reposCreate(command, options, deps))
+  );
+  addCliGlobalOptions(repos.command("delete")).requiredOption("--repo <repo-id>", "Repository id to delete").requiredOption("--yes", "Confirm deletion without an interactive prompt").action(
+    async (options, command) => runCommand("repos delete", command, deps, () => reposDelete(command, options, deps))
+  );
+  const gitToken = program.command("git-token").description("Mint scoped Git credentials for a repo");
+  addCliGlobalOptions(gitToken.command("create")).requiredOption("--repo <repo-id>", "Repository id for the Git token").requiredOption("--actor-subject <label>", "Runtime or sandbox actor label").requiredOption("--access <read|write>", "Git operation scope", parseGitAccess).option("--ttl-seconds <seconds>", "Requested token lifetime in seconds", parsePositiveInteger).action(
+    async (options, command) => runCommand("git-token create", command, deps, () => gitTokenCreate(command, options, deps))
+  );
+  const gitCredentials = program.command("git-credentials").description("Install and inspect the Git credential helper");
+  addCliGlobalOptions(gitCredentials.command("install")).option("--git-host <host>", "Git remote host for credential-helper config", defaultGitHost).option("--scope <global|local>", "Git config scope", "global").option("--force", "Replace existing Corigin credential-helper config").action(
+    async (options, command) => runCommand(
+      "git-credentials install",
+      command,
+      deps,
+      async () => gitCredentialsInstall(options)
+    )
+  );
+  addCliGlobalOptions(gitCredentials.command("status")).option("--git-host <host>", "Git remote host for credential-helper config", defaultGitHost).option("--scope <global|local>", "Git config scope", "global").action(
+    async (options, command) => runCommand(
+      "git-credentials status",
+      command,
+      deps,
+      async () => gitCredentialsStatus(options)
+    )
+  );
+  addCliGlobalOptions(gitCredentials.command("uninstall")).option("--git-host <host>", "Git remote host for credential-helper config", defaultGitHost).option("--scope <global|local>", "Git config scope", "global").action(
+    async (options, command) => runCommand(
+      "git-credentials uninstall",
+      command,
+      deps,
+      async () => gitCredentialsUninstall(options)
+    )
+  );
+  addCliGlobalOptions(
+    program.command("git-credential-helper <operation>", { hidden: true })
+  ).action(
+    async (operation, _options, command) => runCommand(
+      "git-credential-helper",
+      command,
+      deps,
+      () => gitCredentialHelper(command, operation, deps)
+    )
+  );
+  return program;
+}
+function addCliGlobalOptions(command) {
+  return command.option("--json", "Emit one JSON object on stdout").option("--profile <name>", "Select the local CLI profile for this command").option("--config-dir <path>", "Directory containing config.toml and credentials.toml");
+}
+async function runCommand(commandName, command, deps, action) {
+  const commandOptions = command.optsWithGlobals();
+  const stdout = deps.stdout ?? process.stdout;
+  const stderr = deps.stderr ?? process.stderr;
+  await action().then((data) => {
+    if (commandName === "git-credential-helper") return;
+    if (data === void 0) {
+      throw new CliError("command_failed", "Corigin command did not return output data.");
+    }
+    stdout.write(
+      commandOptions.json ? formatJsonSuccess(commandName, data) : formatHumanSuccess(commandName, data)
+    );
+  }).catch((error) => {
+    const cliError = error instanceof CliError ? error : new CliError("command_failed", "Corigin command failed.");
+    if (commandName === "git-credential-helper") {
+      stderr.write(`${cliError.message}
+`);
+    } else if (commandOptions.json) {
+      stdout.write(formatJsonError(commandName, cliError.code, cliError.message));
+    } else {
+      stderr.write(`${cliError.code}: ${cliError.message}
+`);
+    }
+    process.exitCode = 1;
+  });
+}
+async function login(command, options, deps) {
+  const rootOptions = await rootCliOptions(command, { allowMissingProfile: true });
+  const startResponse = await authFetch(
+    rootOptions.webUrl,
+    "/api/auth/device/code",
+    { client_id: "corigin-cli" },
+    deps.fetch
+  );
+  const verificationUrl = requireString(startResponse, "verification_uri_complete");
+  const userCode = requireString(startResponse, "user_code");
+  const deviceCode = requireString(startResponse, "device_code");
+  let intervalMs = Math.max(1, Number(startResponse.interval ?? 1) * 1e3);
+  const deadline = Date.now() + options.timeoutMs;
+  let forceVerificationOutput = options.open === false;
+  if (options.open !== false) {
+    await (deps.openBrowser ?? openBrowser)(verificationUrl).catch(async () => {
+      forceVerificationOutput = true;
+      await progress(command, deps, "Could not open the browser automatically.", { force: true });
+    });
+  }
+  await progress(command, deps, `Open ${verificationUrl} and enter code ${userCode}.`, {
+    force: forceVerificationOutput
+  });
+  while (Date.now() < deadline) {
+    const pollResponse = await authFetch(
+      rootOptions.webUrl,
+      "/api/auth/device/token",
+      {
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        device_code: deviceCode,
+        client_id: "corigin-cli"
+      },
+      deps.fetch
+    );
+    if ("access_token" in pollResponse) {
+      const accessToken = requireString(pollResponse, "access_token");
+      const apiKeyResponse = await authFetch(
+        rootOptions.webUrl,
+        "/api/v1/api-keys",
+        { name: "Corigin CLI" },
+        deps.fetch,
+        { authorization: `Bearer ${accessToken}` }
+      );
+      const apiKey = requireObject(apiKeyResponse, "apiKey");
+      const workspaceId = requireString(apiKey, "workspaceId");
+      const workspaceName = optionalString(apiKeyResponse, "workspaceName") ?? optionalString(apiKey, "workspaceName") ?? workspaceId;
+      await writeConfig(
+        rootOptions.configDir,
+        setProfileConfig(await readConfig(rootOptions.configDir), rootOptions.profileName, {
+          api_url: rootOptions.apiUrl,
+          web_url: rootOptions.webUrl
+        })
+      );
+      await writeCredential(rootOptions.configDir, rootOptions.profileName, {
+        credential: requireString(apiKeyResponse, "secret")
+      });
+      return { workspace_id: workspaceId, workspace_name: workspaceName };
+    }
+    const status = requireString(pollResponse, "status");
+    if (status === "access_denied" || status === "authorization_denied" || status === "denied") {
+      throw new CliError("authorization_denied", "Device authorization was denied.");
+    }
+    if (status === "expired_token" || status === "authorization_expired" || status === "expired") {
+      throw new CliError("authorization_expired", "Device authorization expired.");
+    }
+    if (status === "slow_down")
+      intervalMs = Math.max(intervalMs, Number(pollResponse.interval ?? intervalMs / 1e3) * 1e3);
+    else if (status !== "authorization_pending") {
+      throw new CliError(
+        "provider_error",
+        "Device authorization provider returned an unsupported status."
+      );
+    }
+    await (deps.sleep ?? sleep)(intervalMs);
+  }
+  throw new CliError("authorization_timeout", "Device authorization timed out.");
+}
+async function reposList(command, deps) {
+  const { credential, client: client2 } = await authenticatedRepoClient(command, deps);
+  return apiData("repos list", credential, await listRepos({ client: client2 }));
+}
+async function reposCreate(command, options, deps) {
+  const { credential, client: client2 } = await authenticatedRepoClient(command, deps);
+  return apiData(
+    "repos create",
+    credential,
+    await createRepo({ client: client2, body: { name: options.name } })
+  );
+}
+async function reposDelete(command, options, deps) {
+  const { credential, client: client2 } = await authenticatedRepoClient(command, deps);
+  return apiData(
+    "repos delete",
+    credential,
+    await deleteRepo({ client: client2, path: { repo_id: options.repo } })
+  );
+}
+async function gitTokenCreate(command, options, deps) {
+  const { credential, client: client2 } = await authenticatedRepoClient(command, deps);
+  return apiData(
+    "git-token create",
+    credential,
+    await createGitToken({
+      client: client2,
+      path: { repo_id: options.repo },
+      body: {
+        actor_subject: options.actorSubject,
+        access: options.access,
+        ttl_seconds: options.ttlSeconds
+      }
+    })
+  );
+}
+async function gitCredentialHelper(command, operation, deps) {
+  if (!["get", "store", "erase"].includes(operation))
+    throw new CliError("invalid_git_credential_operation", "Git helper operation is unsupported.");
+  const stdin = await readStdin(deps.stdin ?? process.stdin);
+  if (operation !== "get") return;
+  const parsed = parseGitCredentialInput(stdin);
+  const { repoId } = resolveGitCredentialRepo(parsed);
+  const rootOptions = await rootCliOptions(command);
+  const credential = await requireCredential(rootOptions.configDir, rootOptions.profileName);
+  const client2 = repoClient(rootOptions.apiUrl, credential.credential, deps.fetch);
+  const response = await apiData(
+    "git-credential-helper",
+    credential,
+    await createGitToken({
+      client: client2,
+      path: { repo_id: repoId },
+      body: { actor_subject: "corigin git-credential-helper", access: "write" }
+    })
+  );
+  const token = objectData(response) === null ? "" : stringField(objectData(response), "token");
+  if (!token) throw new CliError("repo_api_error", "Repo API did not return a Git token.");
+  (deps.stdout ?? process.stdout).write(`username=agent
+password=${token}
+
+`);
+}
+function gitCredentialsInstall(options) {
+  assertGitScope(options.scope);
+  const helperKey = `credential.https://${options.gitHost}.helper`;
+  const useHttpPathKey = `credential.https://${options.gitHost}.useHttpPath`;
+  if (!options.force && (gitConfigGet(options.scope, helperKey) || gitConfigGet(options.scope, useHttpPathKey))) {
+    throw new CliError(
+      "git_credentials_already_configured",
+      "Corigin Git credential helper config already exists; rerun with --force to replace it."
+    );
+  }
+  gitConfigUnset(options.scope, helperKey);
+  gitConfigAdd(options.scope, [helperKey, ""]);
+  gitConfigAdd(options.scope, [helperKey, "!corigin git-credential-helper"]);
+  gitConfig(options.scope, [useHttpPathKey, "true"]);
+  return { git_host: options.gitHost, installed: true };
+}
+function gitCredentialsStatus(options) {
+  assertGitScope(options.scope);
+  const helpers = gitConfigGetAll(options.scope, `credential.https://${options.gitHost}.helper`);
+  const useHttpPath = gitConfigGet(
+    options.scope,
+    `credential.https://${options.gitHost}.useHttpPath`
+  );
+  return {
+    git_host: options.gitHost,
+    installed: helpers.includes("") && helpers.includes("!corigin git-credential-helper") && useHttpPath === "true"
+  };
+}
+function gitCredentialsUninstall(options) {
+  assertGitScope(options.scope);
+  gitConfigUnset(options.scope, `credential.https://${options.gitHost}.helper`);
+  gitConfigUnset(options.scope, `credential.https://${options.gitHost}.useHttpPath`);
+  return { git_host: options.gitHost, installed: false };
+}
+async function authenticatedRepoClient(command, deps) {
+  const options = await rootCliOptions(command);
+  const credential = await requireCredential(options.configDir, options.profileName);
+  return { credential, client: repoClient(options.apiUrl, credential.credential, deps.fetch) };
+}
+function repoClient(apiUrl, credential, fetchImpl) {
+  return createClient({ baseUrl: apiUrl, auth: credential, fetch: fetchImpl });
+}
+async function apiData(command, credential, result) {
+  if (result.error) {
+    const errorCode = stringField(objectData(result.error), "code");
+    if (result.response?.status === 401 || errorCode === "workspace_api_key_invalid") {
+      throw new CliError("not_logged_in", "Run corigin login before using this command.");
+    }
+    const message = stringField(objectData(result.error), "message") || "Repo API request failed.";
+    throw new CliError("repo_api_error", redactSecrets(message, [credential.credential]));
+  }
+  if (result.data === void 0) {
+    throw new CliError("repo_api_error", "Repo API response did not include data.");
+  }
+  return result.data;
+}
+async function requireCredential(configDir, profileName) {
+  const credential = await readCredential(configDir, profileName);
+  if (credential) return credential;
+  if (profileName === "default") {
+    const migrated = await migrateLegacyCredential(configDir).catch((error) => {
+      if (error.message === "Legacy credentials are ambiguous. Run corigin login --profile <name>.") {
+        throw new CliError("legacy_credentials_ambiguous", error.message);
+      }
+      throw error;
+    });
+    if (migrated !== void 0) {
+      await writeCredential(configDir, profileName, migrated);
+      return migrated;
+    }
+  }
+  throw new CliError("not_logged_in", "Run corigin login before using this command.");
+}
+async function authFetch(webUrl, route, body, fetchImpl = fetch, headers = {}) {
+  const response = await fetchImpl(new URL(route, webUrl), {
+    method: "POST",
+    headers: { ...headers, "content-type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  const parsed = z3.record(z3.string(), z3.json()).parse(await response.json());
+  if (!response.ok) {
+    if (typeof parsed.error === "string") {
+      return { status: parsed.error, message: parsed.error_description };
+    }
+    throw new CliError(
+      stringField(parsed, "code") || "authorization_failed",
+      stringField(parsed, "message") || "Device authorization failed."
+    );
+  }
+  return parsed;
+}
+async function rootCliOptions(command, profileOptions = {}) {
+  const commandOptions = command.optsWithGlobals();
+  const configDir = commandOptions.configDir ?? defaultConfigDir;
+  const config = await readConfig(configDir);
+  const profileName = resolveProfileName(config, commandOptions.profile);
+  const profileConfig = profileOptions.allowMissingProfile && config.profiles?.[profileName] === void 0 ? defaultProfileConfig : config.profiles?.[profileName] ?? (profileName === "default" ? defaultProfileConfig : new CliError(
+    "profile_not_configured",
+    `Profile '${profileName}' is not configured. Run corigin login --profile ${profileName}.`
+  ));
+  if (profileConfig instanceof CliError) {
+    throw new CliError("profile_not_configured", profileConfig.message);
+  }
+  return {
+    configDir,
+    profileName,
+    apiUrl: profileConfig.api_url,
+    webUrl: profileConfig.web_url,
+    json: commandOptions.json
+  };
+}
+function formatHumanSuccess(command, data) {
+  const value = objectData(data);
+  if (command === "repos list" && Array.isArray(value?.repos)) {
+    if (value.repos.length === 0) return "No repos found.\n";
+    return `${value.repos.map((repo) => {
+      const repoValue = objectData(repo);
+      return `${stringField(repoValue, "name")}	${stringField(repoValue, "repo_id")}	${stringField(repoValue, "git_url")}`;
+    }).join("\n")}
+`;
+  }
+  if (command === "repos create" && value && "repo" in value) {
+    const repo = objectData(value.repo);
+    return `Created repo ${stringField(repo, "name")}.
+Repo ID: ${stringField(repo, "repo_id")}
+Git URL: ${stringField(repo, "git_url")}
+`;
+  }
+  if (command === "repos delete" && value && "repo" in value) {
+    const repo = objectData(value.repo);
+    return `Deleted repo ${stringField(repo, "name")}.
+Repo ID: ${stringField(repo, "repo_id")}
+`;
+  }
+  if (command === "git-token create" && value) {
+    return `Git URL: ${stringField(value, "git_url")}
+Token: ${stringField(value, "token")}
+`;
+  }
+  if (command === "git-credentials install") {
+    return "Corigin Git credential helper installed.\n";
+  }
+  if (command === "git-credentials status" && value && "installed" in value) {
+    return value.installed ? "Corigin Git credential helper is installed.\n" : "Corigin Git credential helper is not installed.\n";
+  }
+  if (command === "git-credentials uninstall") {
+    return "Corigin Git credential helper uninstalled.\n";
+  }
+  if (command === "login" && value && "workspace_name" in value) {
+    return `Logged in to ${stringField(value, "workspace_name")}.
+`;
+  }
+  return "Done.\n";
+}
+function objectData(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return null;
+  }
+  const objectValue = value;
+  return objectValue;
+}
+function stringField(value, key) {
+  const field = value?.[key];
+  return typeof field === "string" ? field : "";
+}
+function requireString(value, key) {
+  const result = value[key];
+  if (typeof result !== "string" || result.length === 0)
+    throw new CliError("invalid_response", `Device authorization response is missing ${key}.`);
+  return result;
+}
+function requireObject(value, key) {
+  const result = value[key];
+  if (!result || typeof result !== "object" || Array.isArray(result)) {
+    throw new CliError("invalid_response", `Device authorization response is missing ${key}.`);
+  }
+  const objectResult = result;
+  return objectResult;
+}
+function optionalString(value, key) {
+  const result = value[key];
+  return typeof result === "string" && result.length > 0 ? result : null;
+}
+async function progress(command, deps, message, options = {}) {
+  const commandOptions = command.optsWithGlobals();
+  const stderr = deps.stderr ?? process.stderr;
+  if (options.force || commandOptions.json || stderrIsTty(stderr)) stderr.write(`${message}
+`);
+}
+function stderrIsTty(stderr) {
+  return "isTTY" in stderr && stderr.isTTY === true;
+}
+function parsePositiveInteger(value) {
+  const parsed = z3.coerce.number().int().positive().safeParse(value);
+  if (!parsed.success) {
+    throw new InvalidArgumentError("must be a positive integer");
+  }
+  return parsed.data;
+}
+function parseGitAccess(value) {
+  if (value !== "read" && value !== "write")
+    throw new InvalidArgumentError("must be read or write");
+  return value;
+}
+function assertGitScope(scope) {
+  if (scope !== "global" && scope !== "local")
+    throw new CliError("invalid_git_config_scope", "Git config scope must be global or local.");
+}
+function gitConfig(scope, args) {
+  const result = spawnSync("git", ["config", `--${scope}`, ...args], { encoding: "utf8" });
+  if (result.status !== 0)
+    throw new CliError("git_config_failed", "Git credential-helper config failed.");
+}
+function gitConfigAdd(scope, args) {
+  const result = spawnSync("git", ["config", `--${scope}`, "--add", ...args], {
+    encoding: "utf8"
+  });
+  if (result.status !== 0)
+    throw new CliError("git_config_failed", "Git credential-helper config failed.");
+}
+function gitConfigGet(scope, key) {
+  const result = spawnSync("git", ["config", `--${scope}`, "--get", key], { encoding: "utf8" });
+  return result.status === 0 ? result.stdout.trim() : void 0;
+}
+function gitConfigGetAll(scope, key) {
+  const result = spawnSync("git", ["config", `--${scope}`, "--get-all", key], {
+    encoding: "utf8"
+  });
+  return result.status === 0 ? result.stdout.split(/\r?\n/).slice(0, -1) : [];
+}
+function gitConfigUnset(scope, key) {
+  spawnSync("git", ["config", `--${scope}`, "--unset-all", key], { encoding: "utf8" });
+}
+function sleep(milliseconds) {
+  return new Promise((resolve) => setTimeout(resolve, milliseconds));
+}
+async function openBrowser(url) {
+  const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open";
+  const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
+  const result = spawnSync(command, args, { stdio: "ignore" });
+  if (result.error || result.status !== null && result.status !== 0) {
+    throw new CliError(
+      "browser_open_failed",
+      "Could not open the browser."
+    );
+  }
+}
+function readStdin(stdin) {
+  return new Promise((resolve, reject) => {
+    let result = "";
+    stdin.setEncoding("utf8");
+    stdin.on("data", (chunk) => {
+      result += chunk;
+    });
+    stdin.on("error", reject);
+    stdin.on("end", () => resolve(result));
+  });
+}
+async function runCli(argv = process.argv, deps = {}) {
+  await createCoriginProgram(deps).parseAsync(argv);
+}
+if (isCliEntrypoint()) {
+  runCli().catch((error) => {
+    const exitCode = error instanceof CommanderError ? commanderExitCode(error) : 1;
+    if (exitCode !== 0 && !(error instanceof CommanderError)) {
+      process.stderr.write(
+        `${error instanceof Error ? error.message : "Corigin command failed."}
+`
+      );
+    }
+    process.exitCode = exitCode;
+  });
+}
+function isCliEntrypoint() {
+  const invokedPath = process.argv[1];
+  return realpathSync(fileURLToPath(import.meta.url)) === realpathSync(invokedPath);
+}
+function commanderExitCode(error) {
+  return error.code.startsWith("commander.") && error.exitCode !== 0 ? 2 : error.exitCode;
+}
+export {
+  createCoriginProgram,
+  formatJsonError,
+  formatJsonSuccess,
+  parseGitCredentialInput,
+  readCredential,
+  redactSecrets,
+  resolveGitCredentialRepo,
+  runCli,
+  writeCredential
+};