@doist/twist-cli 2.36.3 → 2.36.5

package/dist/lib/auth-provider.js

@@ -0,0 +1,241 @@
+import { deriveChallenge, generateVerifier, } from '@doist/cli-core/auth';
+import { createWrappedTwistClient } from './api.js';
+import { clearApiToken, NoTokenError, probeApiToken, saveApiToken, } from './auth.js';
+import { CliError } from './errors.js';
+import { SecureStoreUnavailableError } from './secure-store.js';
+export const AUTHORIZATION_URL = 'https://twist.com/oauth/authorize';
+export const TOKEN_URL = 'https://twist.com/oauth/access_token';
+export const REGISTRATION_URL = 'https://twist.com/oauth/register';
+const LOGO_URI = 'https://raw.githubusercontent.com/Doist/twist-cli/d65c447ff453eb36af585044c2f5f2f602bcdb34/icons/twist-cli.png';
+export const READ_WRITE_SCOPES = [
+    'user:read',
+    'user:write',
+    'workspaces:read',
+    'channels:read',
+    'threads:read',
+    'threads:write',
+    'comments:read',
+    'comments:write',
+    'messages:read',
+    'messages:write',
+    'reactions:read',
+    'reactions:write',
+    'groups:read',
+    'groups:write',
+    'groups:remove',
+    'search:read',
+    'notifications:read',
+];
+export const READ_ONLY_SCOPES = [
+    'user:read',
+    'workspaces:read',
+    'channels:read',
+    'threads:read',
+    'comments:read',
+    'messages:read',
+    'reactions:read',
+    'groups:read',
+    'search:read',
+    'notifications:read',
+];
+const AUTH_HINTS = ['Try again: tw auth login', 'Or set TWIST_API_TOKEN environment variable'];
+function asHandshake(value) {
+    return value;
+}
+function authFailed(message, cause) {
+    const detail = cause instanceof Error && cause.message ? `: ${cause.message}` : '';
+    return new CliError('AUTH_FAILED', `${message}${detail}`, AUTH_HINTS);
+}
+async function registerDynamicClient(redirectUri) {
+    let response;
+    try {
+        response = await fetch(REGISTRATION_URL, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+            body: JSON.stringify({
+                client_name: 'Twist CLI',
+                client_uri: 'https://github.com/doist/twist-cli',
+                redirect_uris: [redirectUri],
+                grant_types: ['authorization_code'],
+                response_types: ['code'],
+                token_endpoint_auth_method: 'client_secret_basic',
+                application_type: 'native',
+                logo_uri: LOGO_URI,
+            }),
+        });
+    }
+    catch (error) {
+        if (error instanceof CliError)
+            throw error;
+        throw authFailed('Failed to register OAuth client', error);
+    }
+    if (!response.ok) {
+        const errorText = await response.text().catch(() => '');
+        throw new CliError('AUTH_FAILED', `Client registration failed: ${response.status} ${response.statusText} - ${errorText}`, AUTH_HINTS);
+    }
+    let result;
+    try {
+        result = (await response.json());
+    }
+    catch (error) {
+        throw authFailed('Invalid client registration response', error);
+    }
+    if (!result.client_id || !result.client_secret) {
+        throw new CliError('AUTH_FAILED', 'Invalid client registration response: missing client_id or client_secret', AUTH_HINTS);
+    }
+    return { clientId: result.client_id, clientSecret: result.client_secret };
+}
+export function createTwistAuthProvider() {
+    return {
+        async prepare({ redirectUri }) {
+            const { clientId, clientSecret } = await registerDynamicClient(redirectUri);
+            const handshake = { clientId, clientSecret };
+            return { handshake };
+        },
+        async authorize({ redirectUri, state, scopes, readOnly, handshake }) {
+            const hs = asHandshake(handshake);
+            const codeVerifier = generateVerifier();
+            const codeChallenge = deriveChallenge(codeVerifier);
+            const authMode = readOnly ? 'read-only' : 'read-write';
+            const authScope = scopes.join(' ');
+            const params = new URLSearchParams({
+                client_id: hs.clientId,
+                response_type: 'code',
+                redirect_uri: redirectUri,
+                scope: authScope,
+                state,
+                code_challenge: codeChallenge,
+                code_challenge_method: 'S256',
+            });
+            const nextHandshake = {
+                ...hs,
+                codeVerifier,
+                authMode,
+                authScope,
+            };
+            return {
+                authorizeUrl: `${AUTHORIZATION_URL}?${params.toString()}`,
+                handshake: nextHandshake,
+            };
+        },
+        async exchangeCode({ code, redirectUri, handshake }) {
+            const hs = asHandshake(handshake);
+            if (!hs.codeVerifier) {
+                throw new CliError('AUTH_FAILED', 'Missing PKCE code verifier from authorize step', AUTH_HINTS);
+            }
+            const body = new URLSearchParams({
+                grant_type: 'authorization_code',
+                code,
+                redirect_uri: redirectUri,
+                code_verifier: hs.codeVerifier,
+            });
+            const credentials = btoa(`${hs.clientId}:${hs.clientSecret}`);
+            let response;
+            try {
+                response = await fetch(TOKEN_URL, {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/x-www-form-urlencoded',
+                        Accept: 'application/json',
+                        Authorization: `Basic ${credentials}`,
+                    },
+                    body: body.toString(),
+                });
+            }
+            catch (error) {
+                if (error instanceof CliError)
+                    throw error;
+                throw authFailed('Failed to exchange code for token', error);
+            }
+            if (!response.ok) {
+                const errorText = await response.text().catch(() => '');
+                throw new CliError('AUTH_FAILED', `Token exchange failed: ${response.status} ${response.statusText} - ${errorText}`, AUTH_HINTS);
+            }
+            let data;
+            try {
+                data = (await response.json());
+            }
+            catch (error) {
+                throw authFailed('Invalid token exchange response', error);
+            }
+            if (data.error) {
+                throw new CliError('AUTH_FAILED', `OAuth error: ${data.error} - ${data.error_description ?? 'Unknown error'}`, AUTH_HINTS);
+            }
+            if (!data.access_token) {
+                throw new CliError('AUTH_FAILED', 'No access token received from OAuth server', AUTH_HINTS);
+            }
+            return { accessToken: data.access_token };
+        },
+        async validateToken({ token, handshake }) {
+            const hs = asHandshake(handshake);
+            const client = createWrappedTwistClient(token);
+            const user = await client.users.getSessionUser();
+            return {
+                id: String(user.id),
+                label: user.name,
+                authMode: hs.authMode ?? 'unknown',
+                authScope: hs.authScope ?? '',
+            };
+        },
+    };
+}
+export function createTwistTokenStore() {
+    let lastStorageResult;
+    let lastClearResult;
+    return {
+        async active() {
+            // Return a snapshot whenever a token resolves — even if the
+            // persisted identity is missing (env var, manual `tw auth token`,
+            // pre-upgrade config). Callers downstream (e.g. status's
+            // `fetchLive`) will re-derive the canonical account from the live
+            // API, so the placeholder fields below are intentionally empty.
+            // Returning a snapshot here also avoids a second credential read
+            // in those code paths — the token discovered during `probeApiToken`
+            // is reused rather than re-resolved through `getApiToken`.
+            //
+            // `SecureStoreUnavailableError` is downgraded to `null` (no
+            // snapshot) so headless / keyring-less environments fall back to
+            // the standard `NoTokenError` envelope instead of leaking the raw
+            // secure-store error — matching the legacy `getApiToken`
+            // behaviour the prior `showStatus()` relied on.
+            try {
+                const { token, metadata } = await probeApiToken();
+                return {
+                    token,
+                    account: {
+                        id: metadata.authUserId !== undefined ? String(metadata.authUserId) : '',
+                        label: metadata.authUserName ?? '',
+                        authMode: metadata.authMode,
+                        authScope: metadata.authScope ?? '',
+                    },
+                };
+            }
+            catch (error) {
+                if (error instanceof NoTokenError)
+                    return null;
+                if (error instanceof SecureStoreUnavailableError)
+                    return null;
+                throw error;
+            }
+        },
+        async set(account, token) {
+            const userId = Number(account.id);
+            lastStorageResult = await saveApiToken(token, {
+                authMode: account.authMode,
+                authScope: account.authScope,
+                authUserId: Number.isFinite(userId) ? userId : undefined,
+                authUserName: account.label,
+            });
+        },
+        async clear() {
+            lastClearResult = await clearApiToken();
+        },
+        getLastStorageResult() {
+            return lastStorageResult;
+        },
+        getLastClearResult() {
+            return lastClearResult;
+        },
+    };
+}
+//# sourceMappingURL=auth-provider.js.map

package/dist/lib/auth-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-provider.js","sourceRoot":"","sources":["../../src/lib/auth-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAGH,eAAe,EACf,gBAAgB,GAEnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACnD,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,YAAY,GAEf,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAA;AAE/D,MAAM,CAAC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AACpE,MAAM,CAAC,MAAM,SAAS,GAAG,sCAAsC,CAAA;AAC/D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kCAAkC,CAAA;AAElE,MAAM,QAAQ,GACV,gHAAgH,CAAA;AAEpH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC7B,WAAW;IACX,YAAY;IACZ,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,aAAa;IACb,cAAc;IACd,eAAe;IACf,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC5B,WAAW;IACX,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,UAAU,GAAG,CAAC,0BAA0B,EAAE,6CAA6C,CAAC,CAAA;AAwB9F,SAAS,WAAW,CAAC,KAA8B;IAC/C,OAAO,KAAuB,CAAA;AAClC,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,KAAe;IAChD,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAClF,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,GAAG,OAAO,GAAG,MAAM,EAAE,EAAE,UAAU,CAAC,CAAA;AACzE,CAAC;AAED,KAAK,UAAU,qBAAqB,CAChC,WAAmB;IAEnB,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACD,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;YAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,WAAW,EAAE,WAAW;gBACxB,UAAU,EAAE,oCAAoC;gBAChD,aAAa,EAAE,CAAC,WAAW,CAAC;gBAC5B,WAAW,EAAE,CAAC,oBAAoB,CAAC;gBACnC,cAAc,EAAE,CAAC,MAAM,CAAC;gBACxB,0BAA0B,EAAE,qBAAqB;gBACjD,gBAAgB,EAAE,QAAQ;gBAC1B,QAAQ,EAAE,QAAQ;aACrB,CAAC;SACL,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,QAAQ;YAAE,MAAM,KAAK,CAAA;QAC1C,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;QACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACtF,UAAU,CACb,CAAA;IACL,CAAC;IAED,IAAI,MAAsD,CAAA;IAC1D,IAAI,CAAC;QACD,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmD,CAAA;IACtF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0EAA0E,EAC1E,UAAU,CACb,CAAA;IACL,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,CAAA;AAC7E,CAAC;AAED,MAAM,UAAU,uBAAuB;IACnC,OAAO;QACH,KAAK,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE;YACzB,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,CAAA;YAC3E,MAAM,SAAS,GAAmB,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAA;YAC5D,OAAO,EAAE,SAAS,EAAE,CAAA;QACxB,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;YAC/D,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAA;YACvC,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,CAAC,CAAA;YACnD,MAAM,QAAQ,GAAa,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,CAAA;YAChE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAElC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBAC/B,SAAS,EAAE,EAAE,CAAC,QAAQ;gBACtB,aAAa,EAAE,MAAM;gBACrB,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,SAAS;gBAChB,KAAK;gBACL,cAAc,EAAE,aAAa;gBAC7B,qBAAqB,EAAE,MAAM;aAChC,CAAC,CAAA;YAEF,MAAM,aAAa,GAAmB;gBAClC,GAAG,EAAE;gBACL,YAAY;gBACZ,QAAQ;gBACR,SAAS;aACZ,CAAA;YACD,OAAO;gBACH,YAAY,EAAE,GAAG,iBAAiB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACzD,SAAS,EAAE,aAAa;aAC3B,CAAA;QACL,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE;YAC/C,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;gBACnB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gDAAgD,EAChD,UAAU,CACb,CAAA;YACL,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;gBAC7B,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,aAAa,EAAE,EAAE,CAAC,YAAY;aACjC,CAAC,CAAA;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC,CAAA;YAE7D,IAAI,QAAkB,CAAA;YACtB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBAC9B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACL,cAAc,EAAE,mCAAmC;wBACnD,MAAM,EAAE,kBAAkB;wBAC1B,aAAa,EAAE,SAAS,WAAW,EAAE;qBACxC;oBACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;iBACxB,CAAC,CAAA;YACN,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,YAAY,QAAQ;oBAAE,MAAM,KAAK,CAAA;gBAC1C,MAAM,UAAU,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;gBACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACjF,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,IAIH,CAAA;YACD,IAAI,CAAC;gBACD,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAA;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YAC9D,CAAC;YAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gBAAgB,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,iBAAiB,IAAI,eAAe,EAAE,EAC3E,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,4CAA4C,EAC5C,UAAU,CACb,CAAA;YACL,CAAC;YAED,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAA;QAC7C,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE;YACpC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,CAAA;YAChD,OAAO;gBACH,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,QAAQ,EAAE,EAAE,CAAC,QAAQ,IAAI,SAAS;gBAClC,SAAS,EAAE,EAAE,CAAC,SAAS,IAAI,EAAE;aAChC,CAAA;QACL,CAAC;KACJ,CAAA;AACL,CAAC;AAOD,MAAM,UAAU,qBAAqB;IACjC,IAAI,iBAAiD,CAAA;IACrD,IAAI,eAA+C,CAAA;IACnD,OAAO;QACH,KAAK,CAAC,MAAM;YACR,4DAA4D;YAC5D,kEAAkE;YAClE,yDAAyD;YACzD,kEAAkE;YAClE,gEAAgE;YAChE,iEAAiE;YACjE,oEAAoE;YACpE,2DAA2D;YAC3D,EAAE;YACF,4DAA4D;YAC5D,iEAAiE;YACjE,kEAAkE;YAClE,yDAAyD;YACzD,gDAAgD;YAChD,IAAI,CAAC;gBACD,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,aAAa,EAAE,CAAA;gBACjD,OAAO;oBACH,KAAK;oBACL,OAAO,EAAE;wBACL,EAAE,EAAE,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE;wBACxE,KAAK,EAAE,QAAQ,CAAC,YAAY,IAAI,EAAE;wBAClC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,EAAE;qBACtC;iBACJ,CAAA;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,YAAY,YAAY;oBAAE,OAAO,IAAI,CAAA;gBAC9C,IAAI,KAAK,YAAY,2BAA2B;oBAAE,OAAO,IAAI,CAAA;gBAC7D,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YACjC,iBAAiB,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE;gBAC1C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACxD,YAAY,EAAE,OAAO,CAAC,KAAK;aAC9B,CAAC,CAAA;QACN,CAAC;QACD,KAAK,CAAC,KAAK;YACP,eAAe,GAAG,MAAM,aAAa,EAAE,CAAA;QAC3C,CAAC;QACD,oBAAoB;YAChB,OAAO,iBAAiB,CAAA;QAC5B,CAAC;QACD,kBAAkB;YACd,OAAO,eAAe,CAAA;QAC1B,CAAC;KACJ,CAAA;AACL,CAAC"}

package/dist/lib/auth.d.ts

@@ -5,28 +5,34 @@ export declare class NoTokenError extends CliError {
 }
 export declare const TOKEN_ENV_VAR = "TWIST_API_TOKEN";
 export type TokenStorageLocation = 'secure-store' | 'config-file';
-export interface TokenStorageResult {
+export type TokenStorageResult = {
     storage: TokenStorageLocation;
     warning?: string;
-}
-export interface SaveApiTokenOptions {
+};
+export type SaveApiTokenOptions = {
     authMode?: AuthMode;
     authScope?: string;
-}
-export interface AuthMetadata {
+    authUserId?: number;
+    authUserName?: string;
+};
+export type AuthMetadata = {
     authMode: AuthMode;
     authScope?: string;
+    authUserId?: number;
+    authUserName?: string;
     source: 'env' | 'config';
-}
-export interface AuthProbeMetadata {
+};
+export type AuthProbeMetadata = {
     authMode: AuthMode;
     authScope?: string;
+    authUserId?: number;
+    authUserName?: string;
     source: 'env' | 'config-file' | 'secure-store';
-}
-export interface AuthProbeResult {
+};
+export type AuthProbeResult = {
     token: string;
     metadata: AuthProbeMetadata;
-}
+};
 export declare function getApiToken(): Promise<string>;
 export declare function probeApiToken(): Promise<AuthProbeResult>;
 export declare function getAuthMetadata(): Promise<AuthMetadata>;

package/dist/lib/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,QAAQ,EAAoD,MAAM,aAAa,CAAA;AAC7F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAOtC,qBAAa,YAAa,SAAQ,QAAQ;;CAUzC;AAED,eAAO,MAAM,aAAa,oBAAoB,CAAA;AAC9C,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAA;AAEjE,MAAM,WAAW,kBAAkB;IAC/B,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,YAAY;IACzB,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAC9B,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,KAAK,GAAG,aAAa,GAAG,cAAc,CAAA;CACjD;AAED,MAAM,WAAW,eAAe;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,iBAAiB,CAAA;CAC9B;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CA6DnD;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CA+C9D;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CAY7D;AAED,wBAAsB,YAAY,CAC9B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,mBAAwB,GAClC,OAAO,CAAC,kBAAkB,CAAC,CA2C7B;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAyBjE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,QAAQ,EAAoD,MAAM,aAAa,CAAA;AAC7F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAOtC,qBAAa,YAAa,SAAQ,QAAQ;;CAUzC;AAED,eAAO,MAAM,aAAa,oBAAoB,CAAA;AAC9C,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAA;AAEjE,MAAM,MAAM,kBAAkB,GAAG;IAC7B,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACvB,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC5B,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,aAAa,GAAG,cAAc,CAAA;CACjD,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,iBAAiB,CAAA;CAC9B,CAAA;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CA6DnD;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CAmD9D;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CAc7D;AAED,wBAAsB,YAAY,CAC9B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,mBAAwB,GAClC,OAAO,CAAC,kBAAkB,CAAC,CA6C7B;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,kBAAkB,CAAC,CA2BjE"}

package/dist/lib/auth.js

@@ -77,6 +77,8 @@ export async function probeApiToken() {
             metadata: {
                 authMode: config.authMode ?? 'unknown',
                 authScope: config.authScope,
+                authUserId: config.authUserId,
+                authUserName: config.authUserName,
                 source: 'config-file',
             },
         };
@@ -93,6 +95,8 @@ export async function probeApiToken() {
                 metadata: {
                     authMode: config.authMode ?? 'unknown',
                     authScope: config.authScope,
+                    authUserId: config.authUserId,
+                    authUserName: config.authUserName,
                     source: 'secure-store',
                 },
             };
@@ -115,6 +119,8 @@ export async function getAuthMetadata() {
     return {
         authMode: config.authMode ?? 'unknown',
         authScope: config.authScope,
+        authUserId: config.authUserId,
+        authUserName: config.authUserName,
         source: 'config',
     };
 }
@@ -153,6 +159,8 @@ export async function saveApiToken(token, options = {}) {
     delete config.pendingSecureStoreClear;
     config.authMode = options.authMode ?? 'unknown';
     config.authScope = options.authScope;
+    config.authUserId = options.authUserId;
+    config.authUserName = options.authUserName;
     await writeConfig(config);
     return {
         storage: 'config-file',
@@ -167,6 +175,8 @@ export async function clearApiToken() {
     // the removal atomically alongside other state changes.
     delete config.authMode;
     delete config.authScope;
+    delete config.authUserId;
+    delete config.authUserName;
     try {
         await secureStore.deleteSecret();
         const warning = await cleanupAuthFallbackState(config, 'Secure-store token was removed,');
@@ -187,8 +197,16 @@ async function saveAuthMetadata(options) {
     const config = await getConfig();
     config.authMode = options.authMode ?? 'unknown';
     config.authScope = options.authScope;
+    config.authUserId = options.authUserId;
+    config.authUserName = options.authUserName;
     await setConfig(config);
 }
+/**
+ * Auth-local cousin of `setConfig` that deletes the file when the resulting
+ * config has no own keys. The public `setConfig` always serializes (even
+ * `{}`) — this wrapper exists for the auth flows that strip the legacy
+ * plaintext token and want to leave nothing behind.
+ */
 async function writeConfig(config) {
     if (Object.keys(config).length === 0) {
         try {

package/dist/lib/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAA8B,SAAS,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAC7F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EACH,iBAAiB,EACjB,wBAAwB,EACxB,2BAA2B,GAC9B,MAAM,mBAAmB,CAAA;AAE1B,MAAM,OAAO,YAAa,SAAQ,QAAQ;IACtC;QACI,KAAK,CACD,UAAU,EACV,2BAA2B,aAAa,yDAAyD,EACjG,CAAC,2CAA2C,CAAC,EAC7C,MAAM,CACT,CAAA;QACD,IAAI,CAAC,IAAI,GAAG,cAAc,CAAA;IAC9B,CAAC;CACJ;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAA;AA8B9C,MAAM,CAAC,KAAK,UAAU,WAAW;IAC7B,mCAAmC;IACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,QAAQ,CAAA;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,IAAI,WAAW,EAAE,CAAC;QACd,IAAI,CAAC;YACD,MAAM,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;YACxC,MAAM,cAAc,GAAG,MAAM,wBAAwB,CACjD,MAAM,EACN,uCAAuC,CAC1C,CAAA;YACD,IAAI,cAAc,EAAE,CAAC;gBACjB,IAAI,CAAC,cAAc,CAAC,CAAA;YACxB,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;gBAClD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAA;IACtB,CAAC;IAED,IAAI,MAAM,CAAC,uBAAuB,EAAE,CAAC;QACjC,IAAI,CAAC;YACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;YAChC,MAAM,cAAc,GAAG,MAAM,wBAAwB,CACjD,MAAM,EACN,iCAAiC,CACpC,CAAA;YACD,IAAI,cAAc,EAAE,CAAC;gBACjB,IAAI,CAAC,cAAc,CAAC,CAAA;YACxB,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;gBAClD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QAED,MAAM,IAAI,YAAY,EAAE,CAAA;IAC5B,CAAC;IAED,IAAI,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QACjD,IAAI,WAAW,EAAE,IAAI,EAAE,EAAE,CAAC;YACtB,OAAO,WAAW,CAAA;QACtB,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,IAAI,YAAY,EAAE,CAAA;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa;IAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO;YACH,KAAK,EAAE,QAAQ;YACf,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE;SACnD,CAAA;IACL,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,IAAI,WAAW,EAAE,CAAC;QACd,OAAO;YACH,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;gBACtC,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,aAAa;aACxB;SACJ,CAAA;IACL,CAAC;IAED,IAAI,MAAM,CAAC,uBAAuB,EAAE,CAAC;QACjC,MAAM,IAAI,YAAY,EAAE,CAAA;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IACvC,IAAI,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QACjD,IAAI,WAAW,EAAE,IAAI,EAAE,EAAE,CAAC;YACtB,OAAO;gBACH,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE;gBACzB,QAAQ,EAAE;oBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;oBACtC,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,MAAM,EAAE,cAAc;iBACzB;aACJ,CAAA;QACL,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;QACD,MAAM,KAAK,CAAA;IACf,CAAC;IAED,MAAM,IAAI,YAAY,EAAE,CAAA;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACjD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,OAAO;QACH,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;QACtC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM,EAAE,QAAQ;KACnB,CAAA;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,KAAa,EACb,UAA+B,EAAE;IAEjC,gDAAgD;IAChD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,qDAAqD,EAAE;YACvF,oBAAoB;YACpB,6CAA6C;SAChD,CAAC,CAAA;IACN,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IACjC,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QACzC,MAAM,cAAc,GAAG,MAAM,SAAS,EAAE,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,cAAc,EAAE,4BAA4B,CAAC,CAAA;QAC5F,gFAAgF;QAChF,IAAI,CAAC;YACD,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,MAAM,CAAC;YACL,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACrD,IAAI,CACA,gCAAgC,OAAO,CAAC,QAAQ,yEAAyE,CAC5H,CAAA;YACL,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,CAAC,KAAK,GAAG,YAAY,CAAA;IAC3B,OAAO,MAAM,CAAC,uBAAuB,CAAA;IACrC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAA;IAC/C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACpC,MAAM,WAAW,CAAC,MAAM,CAAC,CAAA;IACzB,OAAO;QACH,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC;KAC/D,CAAA;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa;IAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,yEAAyE;IACzE,yEAAyE;IACzE,wDAAwD;IACxD,OAAO,MAAM,CAAC,QAAQ,CAAA;IACtB,OAAO,MAAM,CAAC,SAAS,CAAA;IAEvB,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;QAChC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,iCAAiC,CAAC,CAAA;QACzF,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,WAAW,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC,CAAA;IACtD,OAAO;QACH,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC;KAC/D,CAAA;AACL,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,OAA4B;IACxD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAA;IAC/C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACpC,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;AAC3B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAc;IACrC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC;YACD,MAAM,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QACD,OAAM;IACV,CAAC;IAED,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;AAC3B,CAAC;AAED,KAAK,UAAU,wBAAwB,CACnC,MAAc,EACd,aAAqB;IAErB,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAA;QACnD,OAAO,SAAS,CAAA;IACpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,yBAAyB,CAAC,aAAa,EAAE,KAAK,CAAC,CAAA;IAC1D,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IAClC,OAAO,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;AAC/F,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAc;IAC5C,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAA;IAC5E,OAAO,IAAI,CAAA;AACf,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IAC/C,OAAO,EAAE,GAAG,wBAAwB,CAAC,MAAM,CAAC,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAAA;AACjF,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IACxC,OAAO,GAAG,wBAAwB,iBAAiB,MAAM,IAAI,aAAa,EAAE,EAAE,CAAA;AAClF,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAc,EAAE,KAAc;IAC7D,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;IACnF,OAAO,GAAG,MAAM,qDAAqD,aAAa,EAAE,GAAG,MAAM,EAAE,CAAA;AACnG,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACtC,OAAO,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAA;AAC/E,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IACzB,OAAO,CAAC,KAAK,CAAC,YAAY,OAAO,EAAE,CAAC,CAAA;AACxC,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAA8B,SAAS,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAC7F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EACH,iBAAiB,EACjB,wBAAwB,EACxB,2BAA2B,GAC9B,MAAM,mBAAmB,CAAA;AAE1B,MAAM,OAAO,YAAa,SAAQ,QAAQ;IACtC;QACI,KAAK,CACD,UAAU,EACV,2BAA2B,aAAa,yDAAyD,EACjG,CAAC,2CAA2C,CAAC,EAC7C,MAAM,CACT,CAAA;QACD,IAAI,CAAC,IAAI,GAAG,cAAc,CAAA;IAC9B,CAAC;CACJ;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAA;AAoC9C,MAAM,CAAC,KAAK,UAAU,WAAW;IAC7B,mCAAmC;IACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,QAAQ,CAAA;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,IAAI,WAAW,EAAE,CAAC;QACd,IAAI,CAAC;YACD,MAAM,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;YACxC,MAAM,cAAc,GAAG,MAAM,wBAAwB,CACjD,MAAM,EACN,uCAAuC,CAC1C,CAAA;YACD,IAAI,cAAc,EAAE,CAAC;gBACjB,IAAI,CAAC,cAAc,CAAC,CAAA;YACxB,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;gBAClD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAA;IACtB,CAAC;IAED,IAAI,MAAM,CAAC,uBAAuB,EAAE,CAAC;QACjC,IAAI,CAAC;YACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;YAChC,MAAM,cAAc,GAAG,MAAM,wBAAwB,CACjD,MAAM,EACN,iCAAiC,CACpC,CAAA;YACD,IAAI,cAAc,EAAE,CAAC;gBACjB,IAAI,CAAC,cAAc,CAAC,CAAA;YACxB,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;gBAClD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QAED,MAAM,IAAI,YAAY,EAAE,CAAA;IAC5B,CAAC;IAED,IAAI,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QACjD,IAAI,WAAW,EAAE,IAAI,EAAE,EAAE,CAAC;YACtB,OAAO,WAAW,CAAA;QACtB,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,IAAI,YAAY,EAAE,CAAA;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa;IAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO;YACH,KAAK,EAAE,QAAQ;YACf,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE;SACnD,CAAA;IACL,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,IAAI,WAAW,EAAE,CAAC;QACd,OAAO;YACH,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;gBACtC,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,MAAM,EAAE,aAAa;aACxB;SACJ,CAAA;IACL,CAAC;IAED,IAAI,MAAM,CAAC,uBAAuB,EAAE,CAAC;QACjC,MAAM,IAAI,YAAY,EAAE,CAAA;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IACvC,IAAI,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QACjD,IAAI,WAAW,EAAE,IAAI,EAAE,EAAE,CAAC;YACtB,OAAO;gBACH,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE;gBACzB,QAAQ,EAAE;oBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;oBACtC,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,MAAM,EAAE,cAAc;iBACzB;aACJ,CAAA;QACL,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;QACD,MAAM,KAAK,CAAA;IACf,CAAC;IAED,MAAM,IAAI,YAAY,EAAE,CAAA;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACjD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,OAAO;QACH,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;QACtC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,MAAM,EAAE,QAAQ;KACnB,CAAA;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,KAAa,EACb,UAA+B,EAAE;IAEjC,gDAAgD;IAChD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,qDAAqD,EAAE;YACvF,oBAAoB;YACpB,6CAA6C;SAChD,CAAC,CAAA;IACN,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IACjC,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QACzC,MAAM,cAAc,GAAG,MAAM,SAAS,EAAE,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,cAAc,EAAE,4BAA4B,CAAC,CAAA;QAC5F,gFAAgF;QAChF,IAAI,CAAC;YACD,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,MAAM,CAAC;YACL,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACrD,IAAI,CACA,gCAAgC,OAAO,CAAC,QAAQ,yEAAyE,CAC5H,CAAA;YACL,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,CAAC,KAAK,GAAG,YAAY,CAAA;IAC3B,OAAO,MAAM,CAAC,uBAAuB,CAAA;IACrC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAA;IAC/C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACpC,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAA;IACtC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAA;IAC1C,MAAM,WAAW,CAAC,MAAM,CAAC,CAAA;IACzB,OAAO;QACH,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC;KAC/D,CAAA;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa;IAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAA;IAEvC,yEAAyE;IACzE,yEAAyE;IACzE,wDAAwD;IACxD,OAAO,MAAM,CAAC,QAAQ,CAAA;IACtB,OAAO,MAAM,CAAC,SAAS,CAAA;IACvB,OAAO,MAAM,CAAC,UAAU,CAAA;IACxB,OAAO,MAAM,CAAC,YAAY,CAAA;IAE1B,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;QAChC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,iCAAiC,CAAC,CAAA;QACzF,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED,MAAM,WAAW,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC,CAAA;IACtD,OAAO;QACH,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC;KAC/D,CAAA;AACL,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,OAA4B;IACxD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAA;IAC/C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACpC,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAA;IACtC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAA;IAC1C,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;AAC3B,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,WAAW,CAAC,MAAc;IACrC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC;YACD,MAAM,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;QACD,OAAM;IACV,CAAC;IAED,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;AAC3B,CAAC;AAED,KAAK,UAAU,wBAAwB,CACnC,MAAc,EACd,aAAqB;IAErB,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAA;QACnD,OAAO,SAAS,CAAA;IACpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,yBAAyB,CAAC,aAAa,EAAE,KAAK,CAAC,CAAA;IAC1D,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IAClC,OAAO,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;AAC/F,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAc;IAC5C,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAA;IAC5E,OAAO,IAAI,CAAA;AACf,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IAC/C,OAAO,EAAE,GAAG,wBAAwB,CAAC,MAAM,CAAC,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAAA;AACjF,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IACxC,OAAO,GAAG,wBAAwB,iBAAiB,MAAM,IAAI,aAAa,EAAE,EAAE,CAAA;AAClF,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAc,EAAE,KAAc;IAC7D,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;IACnF,OAAO,GAAG,MAAM,qDAAqD,aAAa,EAAE,GAAG,MAAM,EAAE,CAAA;AACnG,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACtC,OAAO,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAA;AAC/E,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IACzB,OAAO,CAAC,KAAK,CAAC,YAAY,OAAO,EAAE,CAAC,CAAA;AACxC,CAAC"}

package/dist/lib/config.d.ts

@@ -1,6 +1,13 @@
-export declare const CONFIG_PATH: string;
+/**
+ * Resolve the canonical config path lazily. Computing on each call (instead of
+ * caching at module load) keeps the path responsive to vitest's `vi.doMock`
+ * for `node:os` — which only reliably reaches cli-core's compiled `homedir()`
+ * call after the mock has been set up by the test, not at import time.
+ */
+export declare function getConfigPath(): string;
 export type AuthMode = 'read-only' | 'read-write' | 'unknown';
 export type UpdateChannel = 'stable' | 'pre-release';
+export declare const UPDATE_CHANNELS: ReadonlySet<UpdateChannel>;
 export interface UserSettings {
     unarchiveNewThreads?: boolean;
 }
@@ -10,9 +17,17 @@ export interface Config {
     currentWorkspace?: number;
     authMode?: AuthMode;
     authScope?: string;
+    authUserId?: number;
+    authUserName?: string;
     updateChannel?: UpdateChannel;
     userSettings?: UserSettings;
 }
+/**
+ * Thin wrapper around cli-core's lenient `readConfig`. Returns `{}` when the
+ * file is missing, unreadable, or invalid — runtime code paths treat "no
+ * config" and "empty config" the same. Use `readConfigStrict` for inspection
+ * commands that need to distinguish failure modes.
+ */
 export declare function getConfig(): Promise<Config>;
 export type StrictReadResult = {
     state: 'missing';
@@ -26,8 +41,14 @@ export type StrictReadResult = {
  * swallows errors for runtime code paths; this one surfaces them.
  */
 export declare function readConfigStrict(): Promise<StrictReadResult>;
+/** Thin wrapper around cli-core's `writeConfig`. Dual-writes the channel field. */
 export declare function setConfig(config: Config): Promise<void>;
+/**
+ * Atomic partial-write wrapper around cli-core's `updateConfig`. Preserves
+ * cli-core's read-merge-write atomicity so two concurrent `tw` processes
+ * can't lose each other's updates. Channel field is translated to disk
+ * shape (dual-written) before the merge.
+ */
 export declare function updateConfig(updates: Partial<Config>): Promise<void>;
 export declare function validateConfigForDoctor(config: Record<string, unknown>): string[];
-export declare function getConfigPath(): string;
 //# sourceMappingURL=config.d.ts.map

package/dist/lib/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,WAAW,QAAyD,CAAA;AAEjF,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,SAAS,CAAA;AAC7D,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,aAAa,CAAA;AAiBpD,MAAM,WAAW,YAAY;IACzB,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAChC;AAED,MAAM,WAAW,MAAM;IAEnB,KAAK,CAAC,EAAE,MAAM,CAAA;IAEd,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAEzB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,YAAY,CAAC,EAAE,YAAY,CAAA;CAC9B;AAED,wBAAsB,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,CAOjD;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,KAAK,EAAE,SAAS,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAE1F;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAoClE;AAMD,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQ7D;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAG1E;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,EAAE,CAuEjF;AAED,wBAAgB,aAAa,IAAI,MAAM,CAEtC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAWA;;;;;GAKG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,SAAS,CAAA;AAC7D,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,aAAa,CAAA;AAqBpD,eAAO,MAAM,eAAe,EAAE,WAAW,CAAC,aAAa,CAAsC,CAAA;AAE7F,MAAM,WAAW,YAAY;IACzB,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAChC;AAED,MAAM,WAAW,MAAM;IAEnB,KAAK,CAAC,EAAE,MAAM,CAAA;IAEd,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAEzB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAIlB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,YAAY,CAAC,EAAE,YAAY,CAAA;CAC9B;AAuCD;;;;;GAKG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,CAGjD;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,KAAK,EAAE,SAAS,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAE1F;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAkClE;AAED,mFAAmF;AACnF,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAE1E;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,EAAE,CA+EjF"}

package/dist/lib/config.js

@@ -1,28 +1,79 @@
-import { chmod, mkdir, readFile, writeFile } from 'node:fs/promises';
-import { homedir } from 'node:os';
-import { dirname, join } from 'node:path';
+import { getConfigPath as getConfigPathCore, readConfig as readConfigCore, readConfigStrict as readConfigStrictCore, updateConfig as updateConfigCore, writeConfig as writeConfigCore, } from '@doist/cli-core';
 import { CliError } from './errors.js';
-export const CONFIG_PATH = join(homedir(), '.config', 'twist-cli', 'config.json');
+const APP_NAME = 'twist-cli';
+/**
+ * Resolve the canonical config path lazily. Computing on each call (instead of
+ * caching at module load) keeps the path responsive to vitest's `vi.doMock`
+ * for `node:os` — which only reliably reaches cli-core's compiled `homedir()`
+ * call after the mock has been set up by the test, not at import time.
+ */
+export function getConfigPath() {
+    return getConfigPathCore(APP_NAME);
+}
 const KNOWN_CONFIG_KEYS = new Set([
     'token',
     'pendingSecureStoreClear',
     'currentWorkspace',
     'authMode',
     'authScope',
+    'authUserId',
+    'authUserName',
     'updateChannel',
+    // Snake_case alias persisted on disk so cli-core's update command can read
+    // it directly. The in-memory `Config` type only exposes `updateChannel` —
+    // see `fromDiskShape` / `toDiskShape` for the persistence-seam translation.
+    'update_channel',
     'userSettings',
 ]);
 const KNOWN_USER_SETTINGS_KEYS = new Set(['unarchiveNewThreads']);
 const AUTH_MODES = new Set(['read-only', 'read-write', 'unknown']);
-const UPDATE_CHANNELS = new Set(['stable', 'pre-release']);
-export async function getConfig() {
-    try {
-        const content = await readFile(CONFIG_PATH, 'utf-8');
-        return JSON.parse(content);
-    }
-    catch {
+export const UPDATE_CHANNELS = new Set(['stable', 'pre-release']);
+/**
+ * Read-seam translation: normalise the persisted shape to the in-memory
+ * `Config` shape. cli-core's update command writes the channel under
+ * `update_channel`; older twist builds wrote it under `updateChannel`.
+ * We accept both and expose only `updateChannel` to twist callers.
+ *
+ * `update_channel` wins if both are present (cli-core just wrote, so the
+ * snake_case value is freshest). Non-object inputs (a manually-edited
+ * config containing `null` or a primitive) are returned untouched so the
+ * downstream `Record<string, unknown>` cast doesn't blow up on `in`.
+ */
+function fromDiskShape(raw) {
+    if (!raw || typeof raw !== 'object' || Array.isArray(raw)) {
         return {};
     }
+    const record = raw;
+    const hasCanonical = 'update_channel' in record;
+    const hasLegacy = 'updateChannel' in record;
+    if (!hasCanonical && !hasLegacy)
+        return record;
+    const { update_channel, updateChannel, ...rest } = record;
+    const channel = hasCanonical ? update_channel : updateChannel;
+    return channel === undefined ? rest : { ...rest, updateChannel: channel };
+}
+/**
+ * Write-seam translation: dual-write `updateChannel` and `update_channel`
+ * to disk when a channel is set, so older twist builds keep reading the
+ * camelCase key while cli-core's update command reads the snake_case key.
+ * Once all deployed twist versions read `update_channel`, drop the
+ * camelCase write (likely a release or two after this lands).
+ */
+function toDiskShape(config) {
+    const { updateChannel, ...rest } = config;
+    if (updateChannel === undefined)
+        return rest;
+    return { ...rest, updateChannel, update_channel: updateChannel };
+}
+/**
+ * Thin wrapper around cli-core's lenient `readConfig`. Returns `{}` when the
+ * file is missing, unreadable, or invalid — runtime code paths treat "no
+ * config" and "empty config" the same. Use `readConfigStrict` for inspection
+ * commands that need to distinguish failure modes.
+ */
+export async function getConfig() {
+    const raw = await readConfigCore(getConfigPath());
+    return fromDiskShape(raw);
 }
 /**
  * Read and parse the config file strictly — for inspection commands that need
@@ -30,45 +81,40 @@ export async function getConfig() {
  * swallows errors for runtime code paths; this one surfaces them.
  */
 export async function readConfigStrict() {
-    let content;
-    try {
-        content = await readFile(CONFIG_PATH, 'utf-8');
-    }
-    catch (error) {
-        if (isMissingFileError(error))
+    const path = getConfigPath();
+    const result = await readConfigStrictCore(path);
+    switch (result.state) {
+        case 'missing':
             return { state: 'missing' };
-        const detail = error instanceof Error ? error.message : String(error);
-        throw new CliError('CONFIG_READ_FAILED', `Could not read config file ${CONFIG_PATH}: ${detail}`, ['Check file permissions, or run `tw doctor` to diagnose']);
-    }
-    let parsed;
-    try {
-        parsed = JSON.parse(content);
-    }
-    catch (error) {
-        const detail = error instanceof Error ? error.message : String(error);
-        throw new CliError('CONFIG_INVALID_JSON', `Config file at ${CONFIG_PATH} is not valid JSON: ${detail}`, ['Fix the JSON by hand, or delete the file and re-authenticate with `tw auth login`']);
-    }
-    if (parsed === null || typeof parsed !== 'object' || Array.isArray(parsed)) {
-        const actual = Array.isArray(parsed) ? 'array' : parsed === null ? 'null' : typeof parsed;
-        throw new CliError('CONFIG_INVALID_SHAPE', `Config file at ${CONFIG_PATH} must contain a JSON object (got ${actual})`, ['Fix the JSON by hand, or delete the file and re-authenticate with `tw auth login`']);
+        case 'present':
+            return {
+                state: 'present',
+                config: fromDiskShape(result.config),
+            };
+        case 'read-failed':
+            throw new CliError('CONFIG_READ_FAILED', `Could not read config file ${path}: ${result.error.message}`, ['Check file permissions, or run `tw doctor` to diagnose']);
+        case 'invalid-json':
+            throw new CliError('CONFIG_INVALID_JSON', `Config file at ${path} is not valid JSON: ${result.error.message}`, [
+                'Fix the JSON by hand, or delete the file and re-authenticate with `tw auth login`',
+            ]);
+        case 'invalid-shape':
+            throw new CliError('CONFIG_INVALID_SHAPE', `Config file at ${path} must contain a JSON object (got ${result.actual})`, [
+                'Fix the JSON by hand, or delete the file and re-authenticate with `tw auth login`',
+            ]);
     }
-    return { state: 'present', config: parsed };
-}
-function isMissingFileError(error) {
-    return error instanceof Error && 'code' in error && error.code === 'ENOENT';
 }
+/** Thin wrapper around cli-core's `writeConfig`. Dual-writes the channel field. */
 export async function setConfig(config) {
-    const dir = dirname(CONFIG_PATH);
-    await mkdir(dir, { recursive: true, mode: 0o700 });
-    await writeFile(CONFIG_PATH, JSON.stringify(config, null, 2), {
-        encoding: 'utf-8',
-        mode: 0o600,
-    });
-    await chmod(CONFIG_PATH, 0o600);
+    await writeConfigCore(getConfigPath(), toDiskShape(config));
 }
+/**
+ * Atomic partial-write wrapper around cli-core's `updateConfig`. Preserves
+ * cli-core's read-merge-write atomicity so two concurrent `tw` processes
+ * can't lose each other's updates. Channel field is translated to disk
+ * shape (dual-written) before the merge.
+ */
 export async function updateConfig(updates) {
-    const config = await getConfig();
-    await setConfig({ ...config, ...updates });
+    await updateConfigCore(getConfigPath(), toDiskShape(updates));
 }
 export function validateConfigForDoctor(config) {
     const issues = [];
@@ -100,6 +146,11 @@ export function validateConfigForDoctor(config) {
             !UPDATE_CHANNELS.has(config.updateChannel))) {
         issues.push('updateChannel must be one of: stable, pre-release');
     }
+    if (config.update_channel !== undefined &&
+        (typeof config.update_channel !== 'string' ||
+            !UPDATE_CHANNELS.has(config.update_channel))) {
+        issues.push('update_channel must be one of: stable, pre-release');
+    }
     if (config.userSettings !== undefined) {
         const userSettings = config.userSettings;
         if (userSettings === null ||
@@ -122,7 +173,4 @@ export function validateConfigForDoctor(config) {
     }
     return issues;
 }
-export function getConfigPath() {
-    return CONFIG_PATH;
-}
 //# sourceMappingURL=config.js.map