@digitalpresence/cliclaw-auth 0.1.0

package/dist/gslides-auth.js

@@ -0,0 +1,18 @@
+import { readFileSync } from "fs";
+import { google } from "googleapis";
+export function createGSlidesOAuthClient(clientSecretPath, redirectUri) {
+    const secret = JSON.parse(readFileSync(clientSecretPath, "utf-8"));
+    const { client_id, client_secret } = secret.installed ?? secret.web;
+    return new google.auth.OAuth2(client_id, client_secret, redirectUri);
+}
+export function getGSlidesAuthUrl(client) {
+    return client.generateAuthUrl({
+        access_type: "offline",
+        scope: [
+            "https://www.googleapis.com/auth/presentations",
+            "https://www.googleapis.com/auth/drive.file",
+        ],
+        prompt: "consent",
+    });
+}
+//# sourceMappingURL=gslides-auth.js.map

package/dist/gslides-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gslides-auth.js","sourceRoot":"","sources":["../src/gslides-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAIpC,MAAM,UAAU,wBAAwB,CAAC,gBAAwB,EAAE,WAAmB;IACpF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;IACnE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC;IACpE,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAoB;IACpD,OAAO,MAAM,CAAC,eAAe,CAAC;QAC5B,WAAW,EAAE,SAAS;QACtB,KAAK,EAAE;YACL,+CAA+C;YAC/C,4CAA4C;SAC7C;QACD,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;AACL,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,20 @@
+export { TokenStore } from "./token-store.js";
+export { OAuthClientManager } from "./oauth-client-manager.js";
+export { AgentStore } from "./agent-store.js";
+export type { AgentConfig, AgentPermission, CronJobConfig } from "./agent-store.js";
+export { ScopedClientManager, PermissionDeniedError } from "./scoped-client-manager.js";
+export { createOAuthClient, getAuthUrl } from "./gmail-auth.js";
+export { createGDriveOAuthClient, getGDriveAuthUrl } from "./gdrive-auth.js";
+export { createGSlidesOAuthClient, getGSlidesAuthUrl } from "./gslides-auth.js";
+export { createGSheetsOAuthClient, getGSheetsAuthUrl } from "./gsheets-auth.js";
+export { createCalendarOAuthClient, getCalendarAuthUrl } from "./calendar-auth.js";
+export { createFormsOAuthClient, getFormsAuthUrl } from "./forms-auth.js";
+export { waitForOAuthCallback } from "./oauth-server.js";
+export { loadConfig, getConfigDir, getTokensPath, getAgentsDir } from "./config.js";
+export { INTEGRATIONS } from "./integration-registry.js";
+export type { IntegrationDef } from "./integration-registry.js";
+export type { CliclawConfig } from "./config.js";
+export { generateClaudeMd } from "./claude-md-generator.js";
+export { MemoryStore } from "./memory-store.js";
+export type { MemoryEntry } from "./memory-store.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACxF,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnF,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,YAAY,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -0,0 +1,16 @@
+export { TokenStore } from "./token-store.js";
+export { OAuthClientManager } from "./oauth-client-manager.js";
+export { AgentStore } from "./agent-store.js";
+export { ScopedClientManager, PermissionDeniedError } from "./scoped-client-manager.js";
+export { createOAuthClient, getAuthUrl } from "./gmail-auth.js";
+export { createGDriveOAuthClient, getGDriveAuthUrl } from "./gdrive-auth.js";
+export { createGSlidesOAuthClient, getGSlidesAuthUrl } from "./gslides-auth.js";
+export { createGSheetsOAuthClient, getGSheetsAuthUrl } from "./gsheets-auth.js";
+export { createCalendarOAuthClient, getCalendarAuthUrl } from "./calendar-auth.js";
+export { createFormsOAuthClient, getFormsAuthUrl } from "./forms-auth.js";
+export { waitForOAuthCallback } from "./oauth-server.js";
+export { loadConfig, getConfigDir, getTokensPath, getAgentsDir } from "./config.js";
+export { INTEGRATIONS } from "./integration-registry.js";
+export { generateClaudeMd } from "./claude-md-generator.js";
+export { MemoryStore } from "./memory-store.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACxF,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnF,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/integration-registry.d.ts

@@ -0,0 +1,7 @@
+export interface IntegrationDef {
+    id: string;
+    displayName: string;
+    scopes: string[];
+}
+export declare const INTEGRATIONS: Record<string, IntegrationDef>;
+//# sourceMappingURL=integration-registry.d.ts.map

package/dist/integration-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-registry.d.ts","sourceRoot":"","sources":["../src/integration-registry.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAyCvD,CAAC"}

package/dist/integration-registry.js

@@ -0,0 +1,43 @@
+export const INTEGRATIONS = {
+    gmail: {
+        id: "gmail",
+        displayName: "Gmail",
+        scopes: ["https://www.googleapis.com/auth/gmail.modify"],
+    },
+    gdrive: {
+        id: "gdrive",
+        displayName: "Google Drive",
+        scopes: ["https://www.googleapis.com/auth/drive"],
+    },
+    gsheets: {
+        id: "gsheets",
+        displayName: "Google Sheets",
+        scopes: [
+            "https://www.googleapis.com/auth/spreadsheets",
+            "https://www.googleapis.com/auth/drive",
+        ],
+    },
+    gslides: {
+        id: "gslides",
+        displayName: "Google Slides",
+        scopes: [
+            "https://www.googleapis.com/auth/presentations",
+            "https://www.googleapis.com/auth/drive.file",
+        ],
+    },
+    calendar: {
+        id: "calendar",
+        displayName: "Google Calendar",
+        scopes: ["https://www.googleapis.com/auth/calendar"],
+    },
+    forms: {
+        id: "forms",
+        displayName: "Google Forms",
+        scopes: [
+            "https://www.googleapis.com/auth/forms.body",
+            "https://www.googleapis.com/auth/forms.responses.readonly",
+            "https://www.googleapis.com/auth/drive.metadata.readonly",
+        ],
+    },
+};
+//# sourceMappingURL=integration-registry.js.map

package/dist/integration-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-registry.js","sourceRoot":"","sources":["../src/integration-registry.ts"],"names":[],"mappings":"AAMA,MAAM,CAAC,MAAM,YAAY,GAAmC;IAC1D,KAAK,EAAE;QACL,EAAE,EAAE,OAAO;QACX,WAAW,EAAE,OAAO;QACpB,MAAM,EAAE,CAAC,8CAA8C,CAAC;KACzD;IACD,MAAM,EAAE;QACN,EAAE,EAAE,QAAQ;QACZ,WAAW,EAAE,cAAc;QAC3B,MAAM,EAAE,CAAC,uCAAuC,CAAC;KAClD;IACD,OAAO,EAAE;QACP,EAAE,EAAE,SAAS;QACb,WAAW,EAAE,eAAe;QAC5B,MAAM,EAAE;YACN,8CAA8C;YAC9C,uCAAuC;SACxC;KACF;IACD,OAAO,EAAE;QACP,EAAE,EAAE,SAAS;QACb,WAAW,EAAE,eAAe;QAC5B,MAAM,EAAE;YACN,+CAA+C;YAC/C,4CAA4C;SAC7C;KACF;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,UAAU;QACd,WAAW,EAAE,iBAAiB;QAC9B,MAAM,EAAE,CAAC,0CAA0C,CAAC;KACrD;IACD,KAAK,EAAE;QACL,EAAE,EAAE,OAAO;QACX,WAAW,EAAE,cAAc;QAC3B,MAAM,EAAE;YACN,4CAA4C;YAC5C,0DAA0D;YAC1D,yDAAyD;SAC1D;KACF;CACF,CAAC"}

package/dist/memory-store.d.ts

@@ -0,0 +1,33 @@
+export interface MemoryEntry {
+    id: string;
+    fact: string;
+    tags: string[];
+    source: "user" | "agent" | "system";
+    importance: 1 | 2 | 3;
+    createdAt: string;
+}
+export declare class MemoryStore {
+    private memoryDir;
+    private filePath;
+    constructor(memoryDir: string);
+    private ensureDir;
+    private readAll;
+    private writeAll;
+    list(opts?: {
+        tag?: string;
+        source?: string;
+        limit?: number;
+    }): MemoryEntry[];
+    get(id: string): MemoryEntry | null;
+    add(fact: string, opts?: {
+        tags?: string[];
+        source?: "user" | "agent" | "system";
+        importance?: 1 | 2 | 3;
+    }): MemoryEntry;
+    remove(id: string): boolean;
+    removeByTag(tag: string): number;
+    search(query: string): MemoryEntry[];
+    clear(): number;
+    migrate(legacyMemory: string[]): void;
+}
+//# sourceMappingURL=memory-store.d.ts.map

package/dist/memory-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-store.d.ts","sourceRoot":"","sources":["../src/memory-store.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IACpC,UAAU,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,WAAW;IAGV,OAAO,CAAC,SAAS;IAF7B,OAAO,CAAC,QAAQ,CAAS;gBAEL,SAAS,EAAE,MAAM;IAIrC,OAAO,CAAC,SAAS;IAMjB,OAAO,CAAC,OAAO;IAgBf,OAAO,CAAC,QAAQ;IAMhB,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,WAAW,EAAE;IAc7E,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAInC,GAAG,CACD,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;QAAC,UAAU,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;KAAE,GACvF,WAAW;IAcd,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAQ3B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAQhC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,EAAE;IASpC,KAAK,IAAI,MAAM;IAOf,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;CAKtC"}

package/dist/memory-store.js

@@ -0,0 +1,102 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, appendFileSync, } from "fs";
+import { join } from "path";
+import { randomBytes } from "crypto";
+export class MemoryStore {
+    memoryDir;
+    filePath;
+    constructor(memoryDir) {
+        this.memoryDir = memoryDir;
+        this.filePath = join(memoryDir, "memories.jsonl");
+    }
+    ensureDir() {
+        if (!existsSync(this.memoryDir)) {
+            mkdirSync(this.memoryDir, { recursive: true });
+        }
+    }
+    readAll() {
+        if (!existsSync(this.filePath))
+            return [];
+        const content = readFileSync(this.filePath, "utf-8").trim();
+        if (!content)
+            return [];
+        return content
+            .split("\n")
+            .map((line) => {
+            try {
+                return JSON.parse(line);
+            }
+            catch {
+                return null;
+            }
+        })
+            .filter((e) => e !== null);
+    }
+    writeAll(entries) {
+        this.ensureDir();
+        const content = entries.map((e) => JSON.stringify(e)).join("\n");
+        writeFileSync(this.filePath, content ? content + "\n" : "", "utf-8");
+    }
+    list(opts) {
+        let entries = this.readAll();
+        if (opts?.tag) {
+            entries = entries.filter((e) => e.tags.includes(opts.tag));
+        }
+        if (opts?.source) {
+            entries = entries.filter((e) => e.source === opts.source);
+        }
+        if (opts?.limit && opts.limit > 0) {
+            entries = entries.slice(-opts.limit);
+        }
+        return entries;
+    }
+    get(id) {
+        return this.readAll().find((e) => e.id === id) ?? null;
+    }
+    add(fact, opts) {
+        this.ensureDir();
+        const entry = {
+            id: randomBytes(4).toString("hex"),
+            fact,
+            tags: opts?.tags ?? [],
+            source: opts?.source ?? "user",
+            importance: opts?.importance ?? 2,
+            createdAt: new Date().toISOString(),
+        };
+        appendFileSync(this.filePath, JSON.stringify(entry) + "\n", "utf-8");
+        return entry;
+    }
+    remove(id) {
+        const entries = this.readAll();
+        const filtered = entries.filter((e) => e.id !== id);
+        if (filtered.length === entries.length)
+            return false;
+        this.writeAll(filtered);
+        return true;
+    }
+    removeByTag(tag) {
+        const entries = this.readAll();
+        const filtered = entries.filter((e) => !e.tags.includes(tag));
+        const removed = entries.length - filtered.length;
+        if (removed > 0)
+            this.writeAll(filtered);
+        return removed;
+    }
+    search(query) {
+        const lower = query.toLowerCase();
+        return this.readAll().filter((e) => e.fact.toLowerCase().includes(lower) ||
+            e.tags.some((t) => t.toLowerCase().includes(lower)));
+    }
+    clear() {
+        const entries = this.readAll();
+        const count = entries.length;
+        if (count > 0)
+            this.writeAll([]);
+        return count;
+    }
+    migrate(legacyMemory) {
+        for (const fact of legacyMemory) {
+            this.add(fact, { source: "system", importance: 2 });
+        }
+    }
+}
+//# sourceMappingURL=memory-store.js.map

package/dist/memory-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-store.js","sourceRoot":"","sources":["../src/memory-store.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,cAAc,GACf,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAWrC,MAAM,OAAO,WAAW;IAGF;IAFZ,QAAQ,CAAS;IAEzB,YAAoB,SAAiB;QAAjB,cAAS,GAAT,SAAS,CAAQ;QACnC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACpD,CAAC;IAEO,SAAS;QACf,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAEO,OAAO;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5D,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QACxB,OAAO,OAAO;aACX,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;YACzC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,CAAC,EAAoB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IACjD,CAAC;IAEO,QAAQ,CAAC,OAAsB;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,CAAC,IAAwD;QAC3D,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,IAAI,EAAE,GAAG,EAAE,CAAC;YACd,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAI,CAAC,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,GAAG,CAAC,EAAU;QACZ,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,IAAI,CAAC;IACzD,CAAC;IAED,GAAG,CACD,IAAY,EACZ,IAAwF;QAExF,IAAI,CAAC,SAAS,EAAE,CAAC;QACjB,MAAM,KAAK,GAAgB;YACzB,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YAClC,IAAI;YACJ,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE;YACtB,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,MAAM;YAC9B,UAAU,EAAE,IAAI,EAAE,UAAU,IAAI,CAAC;YACjC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,EAAU;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,GAAW;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QACjD,IAAI,OAAO,GAAG,CAAC;YAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,MAAM,CAC1B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACpC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,KAAK;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,KAAK,GAAG,CAAC;YAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CAAC,YAAsB;QAC5B,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;CACF"}

package/dist/oauth-client-manager.d.ts

@@ -0,0 +1,17 @@
+import { google } from "googleapis";
+import { TokenStore } from "./token-store.js";
+type OAuth2Client = InstanceType<typeof google.auth.OAuth2>;
+export declare class OAuthClientManager {
+    private clientSecretPath;
+    private redirectUri;
+    private tokenStore;
+    private clients;
+    constructor(clientSecretPath: string, redirectUri: string, tokenStore: TokenStore);
+    getClient(account: string): OAuth2Client;
+    getRawClient(): OAuth2Client;
+    setCredentials(account: string, tokens: Parameters<OAuth2Client["setCredentials"]>[0]): OAuth2Client;
+    getTokenStore(): TokenStore;
+    listAccounts(): string[];
+}
+export {};
+//# sourceMappingURL=oauth-client-manager.d.ts.map

package/dist/oauth-client-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-manager.d.ts","sourceRoot":"","sources":["../src/oauth-client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEpC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,KAAK,YAAY,GAAG,YAAY,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAE5D,qBAAa,kBAAkB;IAI3B,OAAO,CAAC,gBAAgB;IACxB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,UAAU;IALpB,OAAO,CAAC,OAAO,CAAmC;gBAGxC,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,UAAU;IAGhC,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY;IAmBxC,YAAY,IAAI,YAAY;IAI5B,cAAc,CACZ,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,UAAU,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,GACpD,YAAY;IAcf,aAAa,IAAI,UAAU;IAI3B,YAAY,IAAI,MAAM,EAAE;CAGzB"}

package/dist/oauth-client-manager.js

@@ -0,0 +1,49 @@
+import { createOAuthClient } from "./gmail-auth.js";
+export class OAuthClientManager {
+    clientSecretPath;
+    redirectUri;
+    tokenStore;
+    clients = new Map();
+    constructor(clientSecretPath, redirectUri, tokenStore) {
+        this.clientSecretPath = clientSecretPath;
+        this.redirectUri = redirectUri;
+        this.tokenStore = tokenStore;
+    }
+    getClient(account) {
+        const existing = this.clients.get(account);
+        if (existing)
+            return existing;
+        const client = createOAuthClient(this.clientSecretPath, this.redirectUri);
+        const tokens = this.tokenStore.get(account);
+        if (tokens) {
+            client.setCredentials(tokens);
+        }
+        client.on("tokens", (refreshed) => {
+            const current = this.tokenStore.get(account) ?? {};
+            this.tokenStore.set(account, { ...current, ...refreshed });
+        });
+        this.clients.set(account, client);
+        return client;
+    }
+    getRawClient() {
+        return createOAuthClient(this.clientSecretPath, this.redirectUri);
+    }
+    setCredentials(account, tokens) {
+        const client = createOAuthClient(this.clientSecretPath, this.redirectUri);
+        client.setCredentials(tokens);
+        client.on("tokens", (refreshed) => {
+            const current = this.tokenStore.get(account) ?? {};
+            this.tokenStore.set(account, { ...current, ...refreshed });
+        });
+        this.tokenStore.set(account, tokens);
+        this.clients.set(account, client);
+        return client;
+    }
+    getTokenStore() {
+        return this.tokenStore;
+    }
+    listAccounts() {
+        return this.tokenStore.list();
+    }
+}
+//# sourceMappingURL=oauth-client-manager.js.map

package/dist/oauth-client-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-manager.js","sourceRoot":"","sources":["../src/oauth-client-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAKpD,MAAM,OAAO,kBAAkB;IAInB;IACA;IACA;IALF,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;IAElD,YACU,gBAAwB,EACxB,WAAmB,EACnB,UAAsB;QAFtB,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,gBAAW,GAAX,WAAW,CAAQ;QACnB,eAAU,GAAV,UAAU,CAAY;IAC7B,CAAC;IAEJ,SAAS,CAAC,OAAe;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,YAAY;QACV,OAAO,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,cAAc,CACZ,OAAe,EACf,MAAqD;QAErD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1E,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAE9B,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;CACF"}

package/dist/oauth-server.d.ts

@@ -0,0 +1,7 @@
+import type { Credentials } from "google-auth-library";
+import { google } from "googleapis";
+type OAuth2Client = InstanceType<typeof google.auth.OAuth2>;
+type AuthUrlFn = (client: OAuth2Client) => string;
+export declare function waitForOAuthCallback(client: OAuth2Client, port: number, onUrl: (url: string) => void, authUrlFn?: AuthUrlFn): Promise<Credentials>;
+export {};
+//# sourceMappingURL=oauth-server.d.ts.map

package/dist/oauth-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-server.d.ts","sourceRoot":"","sources":["../src/oauth-server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAGpC,KAAK,YAAY,GAAG,YAAY,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5D,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,YAAY,KAAK,MAAM,CAAC;AAoBlD,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,EAC5B,SAAS,GAAE,SAAsB,GAChC,OAAO,CAAC,WAAW,CAAC,CAqDtB"}

package/dist/oauth-server.js

@@ -0,0 +1,69 @@
+import * as http from "http";
+import { URL } from "url";
+import { getAuthUrl } from "./gmail-auth.js";
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<head><title>cliclaw — Authenticated</title></head>
+<body style="font-family:sans-serif;text-align:center;padding:60px">
+  <h1>✅ Authenticated successfully!</h1>
+  <p>You can close this tab and return to your terminal.</p>
+</body>
+</html>`;
+const ERROR_HTML = (msg) => `<!DOCTYPE html>
+<html>
+<head><title>cliclaw — Error</title></head>
+<body style="font-family:sans-serif;text-align:center;padding:60px">
+  <h1>❌ Authentication failed</h1>
+  <p>${msg}</p>
+</body>
+</html>`;
+export async function waitForOAuthCallback(client, port, onUrl, authUrlFn = getAuthUrl) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer(async (req, res) => {
+            if (!req.url?.startsWith("/oauth/callback")) {
+                res.writeHead(404);
+                res.end("Not found");
+                return;
+            }
+            const parsed = new URL(req.url, `http://localhost:${port}`);
+            const code = parsed.searchParams.get("code");
+            const error = parsed.searchParams.get("error");
+            if (error) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(ERROR_HTML(error));
+                server.close();
+                reject(new Error(`OAuth error: ${error}`));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(ERROR_HTML("No authorization code received."));
+                server.close();
+                reject(new Error("No authorization code in callback"));
+                return;
+            }
+            try {
+                const { tokens } = await client.getToken(code);
+                client.setCredentials(tokens);
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(SUCCESS_HTML);
+                server.close();
+                resolve(tokens);
+            }
+            catch (err) {
+                res.writeHead(500, { "Content-Type": "text/html" });
+                res.end(ERROR_HTML("Token exchange failed."));
+                server.close();
+                reject(err);
+            }
+        });
+        server.listen(port, () => {
+            const url = authUrlFn(client);
+            onUrl(url);
+        });
+        server.on("error", (err) => {
+            reject(new Error(`OAuth server failed to start: ${err.message}`));
+        });
+    });
+}
+//# sourceMappingURL=oauth-server.js.map

package/dist/oauth-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-server.js","sourceRoot":"","sources":["../src/oauth-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAG1B,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAK7C,MAAM,YAAY,GAAG;;;;;;;QAOb,CAAC;AAET,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC;;;;;OAK7B,GAAG;;QAEF,CAAC;AAET,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAoB,EACpB,IAAY,EACZ,KAA4B,EAC5B,YAAuB,UAAU;IAEjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAClD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE/C,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3B,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC3C,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,CAAC;gBACvD,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC9B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtB,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC9C,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAC9B,KAAK,CAAC,GAAG,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,MAAM,CAAC,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/scoped-client-manager.d.ts

@@ -0,0 +1,21 @@
+import { google } from "googleapis";
+import { OAuthClientManager } from "./oauth-client-manager.js";
+import { TokenStore } from "./token-store.js";
+import type { AgentPermission } from "./agent-store.js";
+type OAuth2Client = InstanceType<typeof google.auth.OAuth2>;
+export declare class PermissionDeniedError extends Error {
+    constructor(integration: string, account: string);
+}
+export declare class ScopedClientManager {
+    private inner;
+    private permissions;
+    constructor(inner: OAuthClientManager, permissions: AgentPermission[]);
+    private hasPermission;
+    getClient(accountKey: string): OAuth2Client;
+    listAccounts(): string[];
+    getTokenStore(): TokenStore;
+    getRawClient(): OAuth2Client;
+    setCredentials(account: string, tokens: Parameters<OAuth2Client["setCredentials"]>[0]): OAuth2Client;
+}
+export {};
+//# sourceMappingURL=scoped-client-manager.d.ts.map

package/dist/scoped-client-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoped-client-manager.d.ts","sourceRoot":"","sources":["../src/scoped-client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,KAAK,YAAY,GAAG,YAAY,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAE5D,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAIjD;AAUD,qBAAa,mBAAmB;IAE5B,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,WAAW;gBADX,KAAK,EAAE,kBAAkB,EACzB,WAAW,EAAE,eAAe,EAAE;IAGxC,OAAO,CAAC,aAAa;IAMrB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,YAAY;IAQ3C,YAAY,IAAI,MAAM,EAAE;IAOxB,aAAa,IAAI,UAAU;IAI3B,YAAY,IAAI,YAAY;IAI5B,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,YAAY;CAOrG"}

package/dist/scoped-client-manager.js

@@ -0,0 +1,51 @@
+export class PermissionDeniedError extends Error {
+    constructor(integration, account) {
+        super(`Agent does not have permission for ${integration}:${account}`);
+        this.name = "PermissionDeniedError";
+    }
+}
+function parseAccountKey(key) {
+    const colonIdx = key.indexOf(":");
+    if (colonIdx === -1) {
+        return { integration: "gmail", account: key };
+    }
+    return { integration: key.slice(0, colonIdx), account: key.slice(colonIdx + 1) };
+}
+export class ScopedClientManager {
+    inner;
+    permissions;
+    constructor(inner, permissions) {
+        this.inner = inner;
+        this.permissions = permissions;
+    }
+    hasPermission(integration, account) {
+        return this.permissions.some((p) => p.integration === integration && p.account === account);
+    }
+    getClient(accountKey) {
+        const { integration, account } = parseAccountKey(accountKey);
+        if (!this.hasPermission(integration, account)) {
+            throw new PermissionDeniedError(integration, account);
+        }
+        return this.inner.getClient(accountKey);
+    }
+    listAccounts() {
+        return this.inner.listAccounts().filter((key) => {
+            const { integration, account } = parseAccountKey(key);
+            return this.hasPermission(integration, account);
+        });
+    }
+    getTokenStore() {
+        return this.inner.getTokenStore();
+    }
+    getRawClient() {
+        return this.inner.getRawClient();
+    }
+    setCredentials(account, tokens) {
+        const { integration, account: acct } = parseAccountKey(account);
+        if (!this.hasPermission(integration, acct)) {
+            throw new PermissionDeniedError(integration, acct);
+        }
+        return this.inner.setCredentials(account, tokens);
+    }
+}
+//# sourceMappingURL=scoped-client-manager.js.map

package/dist/scoped-client-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoped-client-manager.js","sourceRoot":"","sources":["../src/scoped-client-manager.ts"],"names":[],"mappings":"AAOA,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,WAAmB,EAAE,OAAe;QAC9C,KAAK,CAAC,sCAAsC,WAAW,IAAI,OAAO,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAChD,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,CAAC;AACnF,CAAC;AAED,MAAM,OAAO,mBAAmB;IAEpB;IACA;IAFV,YACU,KAAyB,EACzB,WAA8B;QAD9B,UAAK,GAAL,KAAK,CAAoB;QACzB,gBAAW,GAAX,WAAW,CAAmB;IACrC,CAAC;IAEI,aAAa,CAAC,WAAmB,EAAE,OAAe;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,KAAK,OAAO,CAC9D,CAAC;IACJ,CAAC;IAED,SAAS,CAAC,UAAkB;QAC1B,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,qBAAqB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;YAC9C,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;IACpC,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAED,cAAc,CAAC,OAAe,EAAE,MAAqD;QACnF,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,qBAAqB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/token-store.d.ts

@@ -0,0 +1,13 @@
+import type { Credentials } from "google-auth-library";
+export declare class TokenStore {
+    private tokensPath;
+    constructor(tokensPath: string);
+    private load;
+    private save;
+    get(account: string): Credentials | null;
+    set(account: string, tokens: Credentials): void;
+    has(account: string): boolean;
+    delete(account: string): boolean;
+    list(): string[];
+}
+//# sourceMappingURL=token-store.d.ts.map

package/dist/token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../src/token-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,UAAU;IACT,OAAO,CAAC,UAAU;gBAAV,UAAU,EAAE,MAAM;IAEtC,OAAO,CAAC,IAAI;IAWZ,OAAO,CAAC,IAAI;IAQZ,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAKxC,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI;IAM/C,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAI7B,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAQhC,IAAI,IAAI,MAAM,EAAE;CAGjB"}

package/dist/token-store.js

@@ -0,0 +1,50 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname } from "path";
+export class TokenStore {
+    tokensPath;
+    constructor(tokensPath) {
+        this.tokensPath = tokensPath;
+    }
+    load() {
+        if (!existsSync(this.tokensPath)) {
+            return {};
+        }
+        try {
+            return JSON.parse(readFileSync(this.tokensPath, "utf-8"));
+        }
+        catch {
+            return {};
+        }
+    }
+    save(data) {
+        const dir = dirname(this.tokensPath);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        writeFileSync(this.tokensPath, JSON.stringify(data, null, 2), "utf-8");
+    }
+    get(account) {
+        const data = this.load();
+        return data[account] ?? null;
+    }
+    set(account, tokens) {
+        const data = this.load();
+        data[account] = tokens;
+        this.save(data);
+    }
+    has(account) {
+        return this.get(account) !== null;
+    }
+    delete(account) {
+        const data = this.load();
+        if (!(account in data))
+            return false;
+        delete data[account];
+        this.save(data);
+        return true;
+    }
+    list() {
+        return Object.keys(this.load());
+    }
+}
+//# sourceMappingURL=token-store.js.map

package/dist/token-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../src/token-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAO/B,MAAM,OAAO,UAAU;IACD;IAApB,YAAoB,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;IAAG,CAAC;IAElC,IAAI;QACV,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAc,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,IAAe;QAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC/B,CAAC;IAED,GAAG,CAAC,OAAe,EAAE,MAAmB;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,OAAe;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;CACF"}

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@digitalpresence/cliclaw-auth",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "google-auth-library": "^10.5.0",
+    "googleapis": "^144.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.8.0"
+  }
+}