@doist/twist-cli 2.38.0 → 2.40.0

package/dist/lib/auth-provider.js

@@ -1,8 +1,12 @@
-import { deriveChallenge, generateVerifier, SecureStoreUnavailableError, } from '@doist/cli-core/auth';
+import { createKeyringTokenStore, createSecureStore, deriveChallenge, generateVerifier, } from '@doist/cli-core/auth';
 import { createWrappedTwistClient } from './api.js';
-import { clearApiToken, NoTokenError, probeApiToken, saveApiToken, } from './auth.js';
+import { LEGACY_KEYRING_ACCOUNT, SECURE_STORE_SERVICE } from './auth-constants.js';
+import { getConfig, getConfigPath, updateConfig } from './config.js';
 import { CliError } from './errors.js';
+import { runMigrateLegacyAuth } from './migrate-auth.js';
 import { parseRef } from './refs.js';
+import { makeTwistAccount, toTwistAccount } from './twist-account.js';
+import { createTwistUserRecordStore, getDefaultUserRecord } from './user-records.js';
 export const AUTHORIZATION_URL = 'https://twist.com/oauth/authorize';
 export const TOKEN_URL = 'https://twist.com/oauth/access_token';
 export const REGISTRATION_URL = 'https://twist.com/oauth/register';
@@ -170,129 +174,168 @@ export function createTwistAuthProvider() {
             const hs = asHandshake(handshake);
             const client = createWrappedTwistClient(token);
             const user = await client.users.getSessionUser();
-            return {
-                id: String(user.id),
-                label: user.name,
-                authMode: hs.authMode ?? 'unknown',
-                authScope: hs.authScope ?? '',
-            };
+            return toTwistAccount(user, { authMode: hs.authMode, authScope: hs.authScope });
         },
     };
 }
-export function createTwistTokenStore() {
-    let lastStorageResult;
-    let lastClearResult;
-    /**
-     * Read the stored credential. By default `NoTokenError` collapses to
-     * `null` (i.e. "nothing stored" is not an exception), while
-     * `SecureStoreUnavailableError` propagates so callers see a keyring
-     * outage as distinct from "no account". The legacy `active()` no-ref
-     * path opts in to also tolerate the outage so headless / keyring-less
-     * hosts keep falling through to the standard `NoTokenError` envelope
-     * (matching the historical `getApiToken` → `showStatus()` behaviour).
-     */
-    async function loadStoredSnapshot(options = {}) {
-        try {
-            const { token, metadata } = await probeApiToken();
-            return {
-                token,
-                account: {
-                    id: metadata.authUserId !== undefined ? String(metadata.authUserId) : '',
-                    label: metadata.authUserName ?? '',
-                    authMode: metadata.authMode,
-                    authScope: metadata.authScope ?? '',
-                },
-            };
-        }
-        catch (error) {
-            if (error instanceof NoTokenError)
-                return null;
-            if (error instanceof SecureStoreUnavailableError) {
-                if (options.tolerateOutage)
-                    return null;
-                throw error;
-            }
-            throw error;
-        }
-    }
-    /**
-     * Match the stored account against the user-supplied `--user <ref>`,
-     * normalising through `parseRef` so `id:42`, `42`, and a case-insensitive
-     * label all resolve consistently with the rest of the CLI. URL refs
-     * never apply to accounts — fall through to "no match" instead of
-     * silently accepting one.
-     */
-    function matchesRef(account, ref) {
-        const parsed = parseRef(ref);
-        if (parsed.type === 'id')
-            return Number(account.id) === parsed.id;
-        if (parsed.type === 'name') {
-            return account.label.toLowerCase() === parsed.name.toLowerCase();
-        }
-        return false;
+/**
+ * Accepts `42`, `id:42`, and case-insensitive labels — `parseRef` normalises
+ * the numeric forms. Broader than cli-core's default strict-equality matcher.
+ */
+export function matchTwistAccount(account, ref) {
+    const parsed = parseRef(ref);
+    if (parsed.type === 'id')
+        return Number(account.id) === parsed.id;
+    if (parsed.type === 'name')
+        return account.label.toLowerCase() === parsed.name.toLowerCase();
+    return false;
+}
+const TOKEN_ENV_VAR = 'TWIST_API_TOKEN';
+/** True when the v2 store is the authoritative source. */
+function migrationIsConclusive(result) {
+    return (result.status === 'migrated' ||
+        result.status === 'already-migrated' ||
+        result.status === 'no-legacy-state');
+}
+/**
+ * Synthesise a snapshot from v1 state still on disk (legacy keyring slot,
+ * then plaintext `config.token`). Fallback for when migration can't complete.
+ * Token-only users with no `authUserId` get `account.id = ''`.
+ */
+async function readLegacyTokenSnapshot() {
+    const fromKeyring = await createSecureStore({
+        serviceName: SECURE_STORE_SERVICE,
+        account: LEGACY_KEYRING_ACCOUNT,
+    })
+        .getSecret()
+        .catch(() => null);
+    const config = await getConfig();
+    const token = fromKeyring || config.token?.trim() || null;
+    if (!token)
+        return null;
+    return {
+        token,
+        account: makeTwistAccount({
+            id: config.authUserId !== undefined ? String(config.authUserId) : '',
+            label: config.authUserName ?? '',
+            authMode: config.authMode,
+            authScope: config.authScope,
+        }),
+    };
+}
+/**
+ * Clear the legacy keyring slot + v1 flat config fields. Runs before a
+ * write/clear when migration is inconclusive so v2 writes aren't shadowed
+ * by a stale legacy token. Best-effort — failures leave legacy in place.
+ */
+async function dischargeLegacyState() {
+    await Promise.allSettled([
+        createSecureStore({
+            serviceName: SECURE_STORE_SERVICE,
+            account: LEGACY_KEYRING_ACCOUNT,
+        }).deleteSecret(),
+        updateConfig({
+            token: undefined,
+            authMode: undefined,
+            authScope: undefined,
+            authUserId: undefined,
+            authUserName: undefined,
+            pendingSecureStoreClear: undefined,
+        }),
+    ]);
+}
+/**
+ * Memoised one-shot migration trigger. Resolves with `null` on rejection
+ * so the CLI never fails to start because of a migration error — the
+ * legacy snapshot fallback below handles that case. Tests reset the memo
+ * with `vi.resetModules()` + a dynamic re-import.
+ */
+let migrationPromise;
+function ensureMigrated() {
+    if (!migrationPromise) {
+        migrationPromise = runMigrateLegacyAuth({ silent: true }).catch(() => null);
     }
-    /**
-     * Single source of truth for ref-aware lookups. Returns the snapshot
-     * when `ref` matches the stored account, throws `ACCOUNT_NOT_FOUND`
-     * otherwise (including when nothing is stored). Storage outages
-     * propagate so the caller sees the underlying failure rather than
-     * a misleading "account not found".
-     */
-    async function resolveByRef(ref) {
-        const snapshot = await loadStoredSnapshot();
-        if (!snapshot || !matchesRef(snapshot.account, ref)) {
-            throw new CliError('ACCOUNT_NOT_FOUND', `No stored account matches "${ref}".`);
+    return migrationPromise;
+}
+/**
+ * `TWIST_API_TOKEN` short-circuits `active()` only when no explicit ref is
+ * supplied — cli-core's `KeyringTokenStore` doesn't know about the env var,
+ * and an explicit ref means the caller targets a specific stored account.
+ *
+ * `ensureMigrated()` runs on every stored-state op so `--ignore-scripts`
+ * installs still migrate on first command. When migration isn't conclusive:
+ *  - `active()` falls back to the legacy snapshot, honouring `ref` so it
+ *    can't resolve to a different account than the caller asked for.
+ *  - `set()` / `clear()` discharge legacy state on disk first so v2 writes
+ *    aren't shadowed by a stale v1 token on the next read.
+ */
+export function createTwistTokenStore() {
+    const inner = createKeyringTokenStore({
+        serviceName: SECURE_STORE_SERVICE,
+        userRecords: createTwistUserRecordStore(),
+        recordsLocation: getConfigPath(),
+        matchAccount: matchTwistAccount,
+    });
+    async function maybeDischargeLegacy() {
+        const result = await ensureMigrated();
+        if (result === null || !migrationIsConclusive(result)) {
+            await dischargeLegacyState();
         }
-        return snapshot;
     }
-    return {
+    return Object.assign(Object.create(inner), {
         async active(ref) {
-            // No-ref legacy path — tolerate missing keyring / no token and
-            // return null so downstream callers (status's `fetchLive`,
-            // login's pre-flight, etc.) keep falling through to their own
-            // `NoTokenError` envelope rather than seeing a raw keyring
-            // error. Returning a snapshot whenever a token resolves — even
-            // when the persisted identity is empty (env var, manual
-            // `tw auth token`, pre-upgrade config) — also avoids a second
-            // credential read downstream.
             if (ref === undefined) {
-                return loadStoredSnapshot({ tolerateOutage: true });
+                const envToken = process.env[TOKEN_ENV_VAR];
+                if (envToken) {
+                    return {
+                        token: envToken,
+                        account: { id: '', label: '', authMode: 'unknown', authScope: '' },
+                    };
+                }
+            }
+            const result = await ensureMigrated();
+            if (result === null || !migrationIsConclusive(result)) {
+                const legacy = await readLegacyTokenSnapshot();
+                if (legacy && (ref === undefined || matchTwistAccount(legacy.account, ref))) {
+                    return legacy;
+                }
             }
-            return resolveByRef(ref);
+            return inner.active(ref);
         },
         async set(account, token) {
-            const userId = Number(account.id);
-            lastStorageResult = await saveApiToken(token, {
-                authMode: account.authMode,
-                authScope: account.authScope,
-                authUserId: Number.isFinite(userId) ? userId : undefined,
-                authUserName: account.label,
-            });
+            await maybeDischargeLegacy();
+            return inner.set(account, token);
         },
         async clear(ref) {
-            // With `ref`, validate before touching storage so a mismatch is
-            // an `ACCOUNT_NOT_FOUND` error rather than a silent
-            // ✓ Logged out — the upstream `attachLogoutCommand` treats any
-            // non-throwing `clear()` as success.
-            if (ref !== undefined) {
-                await resolveByRef(ref);
-            }
-            lastClearResult = await clearApiToken();
+            await maybeDischargeLegacy();
+            return inner.clear(ref);
         },
         async list() {
-            const snapshot = await loadStoredSnapshot();
-            return snapshot ? [{ account: snapshot.account, isDefault: true }] : [];
+            await ensureMigrated();
+            return inner.list();
         },
         async setDefault(ref) {
-            await resolveByRef(ref);
-            // Single-user store — already the default once `ref` matches.
-        },
-        getLastStorageResult() {
-            return lastStorageResult;
+            await ensureMigrated();
+            return inner.setDefault(ref);
         },
-        getLastClearResult() {
-            return lastClearResult;
-        },
-    };
+    });
+}
+/**
+ * Where the currently-active token lives. Returns `'config-file'` whenever
+ * a plaintext token is on disk — including the legacy `config.token` slot —
+ * so doctor/config-view reports the security-relevant state accurately.
+ */
+export async function getActiveTokenSource() {
+    if (process.env[TOKEN_ENV_VAR])
+        return 'env';
+    const config = await getConfig();
+    const record = getDefaultUserRecord(config);
+    if (record?.fallbackToken)
+        return 'config-file';
+    if (record)
+        return 'secure-store';
+    if (config.token?.trim())
+        return 'config-file';
+    return 'secure-store';
 }
 //# sourceMappingURL=auth-provider.js.map

package/dist/lib/auth-provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-provider.js","sourceRoot":"","sources":["../../src/lib/auth-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAIH,eAAe,EACf,gBAAgB,EAChB,2BAA2B,GAE9B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACnD,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,YAAY,GAEf,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAEpC,MAAM,CAAC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AACpE,MAAM,CAAC,MAAM,SAAS,GAAG,sCAAsC,CAAA;AAC/D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kCAAkC,CAAA;AAElE,MAAM,QAAQ,GACV,gHAAgH,CAAA;AAEpH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC7B,WAAW;IACX,YAAY;IACZ,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,aAAa;IACb,cAAc;IACd,eAAe;IACf,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC5B,WAAW;IACX,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,UAAU,GAAG,CAAC,0BAA0B,EAAE,6CAA6C,CAAC,CAAA;AAwB9F,SAAS,WAAW,CAAC,KAA8B;IAC/C,OAAO,KAAuB,CAAA;AAClC,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,KAAe;IAChD,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAClF,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,GAAG,OAAO,GAAG,MAAM,EAAE,EAAE,UAAU,CAAC,CAAA;AACzE,CAAC;AAED,KAAK,UAAU,qBAAqB,CAChC,WAAmB;IAEnB,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACD,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;YAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,WAAW,EAAE,WAAW;gBACxB,UAAU,EAAE,oCAAoC;gBAChD,aAAa,EAAE,CAAC,WAAW,CAAC;gBAC5B,WAAW,EAAE,CAAC,oBAAoB,CAAC;gBACnC,cAAc,EAAE,CAAC,MAAM,CAAC;gBACxB,0BAA0B,EAAE,qBAAqB;gBACjD,gBAAgB,EAAE,QAAQ;gBAC1B,QAAQ,EAAE,QAAQ;aACrB,CAAC;SACL,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,QAAQ;YAAE,MAAM,KAAK,CAAA;QAC1C,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;QACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACtF,UAAU,CACb,CAAA;IACL,CAAC;IAED,IAAI,MAAsD,CAAA;IAC1D,IAAI,CAAC;QACD,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmD,CAAA;IACtF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0EAA0E,EAC1E,UAAU,CACb,CAAA;IACL,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,CAAA;AAC7E,CAAC;AAED,MAAM,UAAU,uBAAuB;IACnC,OAAO;QACH,KAAK,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE;YACzB,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,CAAA;YAC3E,MAAM,SAAS,GAAmB,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAA;YAC5D,OAAO,EAAE,SAAS,EAAE,CAAA;QACxB,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;YAC/D,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAA;YACvC,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,CAAC,CAAA;YACnD,MAAM,QAAQ,GAAa,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,CAAA;YAChE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAElC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBAC/B,SAAS,EAAE,EAAE,CAAC,QAAQ;gBACtB,aAAa,EAAE,MAAM;gBACrB,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,SAAS;gBAChB,KAAK;gBACL,cAAc,EAAE,aAAa;gBAC7B,qBAAqB,EAAE,MAAM;aAChC,CAAC,CAAA;YAEF,MAAM,aAAa,GAAmB;gBAClC,GAAG,EAAE;gBACL,YAAY;gBACZ,QAAQ;gBACR,SAAS;aACZ,CAAA;YACD,OAAO;gBACH,YAAY,EAAE,GAAG,iBAAiB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACzD,SAAS,EAAE,aAAa;aAC3B,CAAA;QACL,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE;YAC/C,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;gBACnB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gDAAgD,EAChD,UAAU,CACb,CAAA;YACL,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;gBAC7B,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,aAAa,EAAE,EAAE,CAAC,YAAY;aACjC,CAAC,CAAA;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC,CAAA;YAE7D,IAAI,QAAkB,CAAA;YACtB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBAC9B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACL,cAAc,EAAE,mCAAmC;wBACnD,MAAM,EAAE,kBAAkB;wBAC1B,aAAa,EAAE,SAAS,WAAW,EAAE;qBACxC;oBACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;iBACxB,CAAC,CAAA;YACN,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,YAAY,QAAQ;oBAAE,MAAM,KAAK,CAAA;gBAC1C,MAAM,UAAU,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;gBACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACjF,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,IAIH,CAAA;YACD,IAAI,CAAC;gBACD,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAA;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YAC9D,CAAC;YAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gBAAgB,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,iBAAiB,IAAI,eAAe,EAAE,EAC3E,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,4CAA4C,EAC5C,UAAU,CACb,CAAA;YACL,CAAC;YAED,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAA;QAC7C,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE;YACpC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,CAAA;YAChD,OAAO;gBACH,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,QAAQ,EAAE,EAAE,CAAC,QAAQ,IAAI,SAAS;gBAClC,SAAS,EAAE,EAAE,CAAC,SAAS,IAAI,EAAE;aAChC,CAAA;QACL,CAAC;KACJ,CAAA;AACL,CAAC;AAOD,MAAM,UAAU,qBAAqB;IACjC,IAAI,iBAAiD,CAAA;IACrD,IAAI,eAA+C,CAAA;IAEnD;;;;;;;;OAQG;IACH,KAAK,UAAU,kBAAkB,CAC7B,UAAwC,EAAE;QAE1C,IAAI,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,aAAa,EAAE,CAAA;YACjD,OAAO;gBACH,KAAK;gBACL,OAAO,EAAE;oBACL,EAAE,EAAE,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE;oBACxE,KAAK,EAAE,QAAQ,CAAC,YAAY,IAAI,EAAE;oBAClC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,EAAE;iBACtC;aACJ,CAAA;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,YAAY;gBAAE,OAAO,IAAI,CAAA;YAC9C,IAAI,KAAK,YAAY,2BAA2B,EAAE,CAAC;gBAC/C,IAAI,OAAO,CAAC,cAAc;oBAAE,OAAO,IAAI,CAAA;gBACvC,MAAM,KAAK,CAAA;YACf,CAAC;YACD,MAAM,KAAK,CAAA;QACf,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,SAAS,UAAU,CAAC,OAAqB,EAAE,GAAe;QACtD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC,EAAE,CAAA;QACjE,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;QACpE,CAAC;QACD,OAAO,KAAK,CAAA;IAChB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,UAAU,YAAY,CACvB,GAAe;QAEf,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAA;QAC3C,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,QAAQ,CAAC,mBAAmB,EAAE,8BAA8B,GAAG,IAAI,CAAC,CAAA;QAClF,CAAC;QACD,OAAO,QAAQ,CAAA;IACnB,CAAC;IAED,OAAO;QACH,KAAK,CAAC,MAAM,CAAC,GAAgB;YACzB,+DAA+D;YAC/D,2DAA2D;YAC3D,8DAA8D;YAC9D,2DAA2D;YAC3D,+DAA+D;YAC/D,wDAAwD;YACxD,8DAA8D;YAC9D,8BAA8B;YAC9B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACpB,OAAO,kBAAkB,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAA;YACvD,CAAC;YACD,OAAO,YAAY,CAAC,GAAG,CAAC,CAAA;QAC5B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YACjC,iBAAiB,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE;gBAC1C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACxD,YAAY,EAAE,OAAO,CAAC,KAAK;aAC9B,CAAC,CAAA;QACN,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,GAAgB;YACxB,gEAAgE;YAChE,oDAAoD;YACpD,+DAA+D;YAC/D,qCAAqC;YACrC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACpB,MAAM,YAAY,CAAC,GAAG,CAAC,CAAA;YAC3B,CAAC;YACD,eAAe,GAAG,MAAM,aAAa,EAAE,CAAA;QAC3C,CAAC;QACD,KAAK,CAAC,IAAI;YACN,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAA;YAC3C,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAC3E,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,GAAe;YAC5B,MAAM,YAAY,CAAC,GAAG,CAAC,CAAA;YACvB,8DAA8D;QAClE,CAAC;QACD,oBAAoB;YAChB,OAAO,iBAAiB,CAAA;QAC5B,CAAC;QACD,kBAAkB;YACd,OAAO,eAAe,CAAA;QAC1B,CAAC;KACJ,CAAA;AACL,CAAC"}
+{"version":3,"file":"auth-provider.js","sourceRoot":"","sources":["../../src/lib/auth-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAIH,uBAAuB,EACvB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,GAGnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAClF,OAAO,EAAiB,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AACnF,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AACpC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACrE,OAAO,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAEpF,MAAM,CAAC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AACpE,MAAM,CAAC,MAAM,SAAS,GAAG,sCAAsC,CAAA;AAC/D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kCAAkC,CAAA;AAElE,MAAM,QAAQ,GACV,gHAAgH,CAAA;AAEpH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC7B,WAAW;IACX,YAAY;IACZ,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,aAAa;IACb,cAAc;IACd,eAAe;IACf,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC5B,WAAW;IACX,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,oBAAoB;CACvB,CAAA;AAED,MAAM,UAAU,GAAG,CAAC,0BAA0B,EAAE,6CAA6C,CAAC,CAAA;AA0B9F,SAAS,WAAW,CAAC,KAA8B;IAC/C,OAAO,KAAuB,CAAA;AAClC,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,KAAe;IAChD,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAClF,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,GAAG,OAAO,GAAG,MAAM,EAAE,EAAE,UAAU,CAAC,CAAA;AACzE,CAAC;AAED,KAAK,UAAU,qBAAqB,CAChC,WAAmB;IAEnB,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACD,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;YAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,WAAW,EAAE,WAAW;gBACxB,UAAU,EAAE,oCAAoC;gBAChD,aAAa,EAAE,CAAC,WAAW,CAAC;gBAC5B,WAAW,EAAE,CAAC,oBAAoB,CAAC;gBACnC,cAAc,EAAE,CAAC,MAAM,CAAC;gBACxB,0BAA0B,EAAE,qBAAqB;gBACjD,gBAAgB,EAAE,QAAQ;gBAC1B,QAAQ,EAAE,QAAQ;aACrB,CAAC;SACL,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,QAAQ;YAAE,MAAM,KAAK,CAAA;QAC1C,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;QACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACtF,UAAU,CACb,CAAA;IACL,CAAC;IAED,IAAI,MAAsD,CAAA;IAC1D,IAAI,CAAC;QACD,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmD,CAAA;IACtF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0EAA0E,EAC1E,UAAU,CACb,CAAA;IACL,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,CAAA;AAC7E,CAAC;AAED,MAAM,UAAU,uBAAuB;IACnC,OAAO;QACH,KAAK,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE;YACzB,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,CAAA;YAC3E,MAAM,SAAS,GAAmB,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAA;YAC5D,OAAO,EAAE,SAAS,EAAE,CAAA;QACxB,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;YAC/D,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAA;YACvC,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,CAAC,CAAA;YACnD,MAAM,QAAQ,GAAa,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,CAAA;YAChE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAElC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBAC/B,SAAS,EAAE,EAAE,CAAC,QAAQ;gBACtB,aAAa,EAAE,MAAM;gBACrB,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,SAAS;gBAChB,KAAK;gBACL,cAAc,EAAE,aAAa;gBAC7B,qBAAqB,EAAE,MAAM;aAChC,CAAC,CAAA;YAEF,MAAM,aAAa,GAAmB;gBAClC,GAAG,EAAE;gBACL,YAAY;gBACZ,QAAQ;gBACR,SAAS;aACZ,CAAA;YACD,OAAO;gBACH,YAAY,EAAE,GAAG,iBAAiB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;gBACzD,SAAS,EAAE,aAAa;aAC3B,CAAA;QACL,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE;YAC/C,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;gBACnB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gDAAgD,EAChD,UAAU,CACb,CAAA;YACL,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;gBAC7B,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,aAAa,EAAE,EAAE,CAAC,YAAY;aACjC,CAAC,CAAA;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC,CAAA;YAE7D,IAAI,QAAkB,CAAA;YACtB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBAC9B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACL,cAAc,EAAE,mCAAmC;wBACnD,MAAM,EAAE,kBAAkB;wBAC1B,aAAa,EAAE,SAAS,WAAW,EAAE;qBACxC;oBACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;iBACxB,CAAC,CAAA;YACN,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,YAAY,QAAQ;oBAAE,MAAM,KAAK,CAAA;gBAC1C,MAAM,UAAU,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;gBACvD,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,EACjF,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,IAIH,CAAA;YACD,IAAI,CAAC;gBACD,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAA;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,MAAM,UAAU,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YAC9D,CAAC;YAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,gBAAgB,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,iBAAiB,IAAI,eAAe,EAAE,EAC3E,UAAU,CACb,CAAA;YACL,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrB,MAAM,IAAI,QAAQ,CACd,aAAa,EACb,4CAA4C,EAC5C,UAAU,CACb,CAAA;YACL,CAAC;YAED,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAA;QAC7C,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE;YACpC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;YACjC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,CAAA;YAChD,OAAO,cAAc,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC,CAAA;QACnF,CAAC;KACJ,CAAA;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAqB,EAAE,GAAe;IACpE,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;IAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC,EAAE,CAAA;IACjE,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;IAC5F,OAAO,KAAK,CAAA;AAChB,CAAC;AAED,MAAM,aAAa,GAAG,iBAAiB,CAAA;AAEvC,0DAA0D;AAC1D,SAAS,qBAAqB,CAAC,MAAuC;IAClE,OAAO,CACH,MAAM,CAAC,MAAM,KAAK,UAAU;QAC5B,MAAM,CAAC,MAAM,KAAK,kBAAkB;QACpC,MAAM,CAAC,MAAM,KAAK,iBAAiB,CACtC,CAAA;AACL,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,uBAAuB;IAIlC,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC;QACxC,WAAW,EAAE,oBAAoB;QACjC,OAAO,EAAE,sBAAsB;KAClC,CAAC;SACG,SAAS,EAAE;SACX,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACtB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,KAAK,GAAG,WAAW,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,CAAA;IACzD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO;QACH,KAAK;QACL,OAAO,EAAE,gBAAgB,CAAC;YACtB,EAAE,EAAE,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE;YACpE,KAAK,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;YAChC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC9B,CAAC;KACL,CAAA;AACL,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB;IAC/B,MAAM,OAAO,CAAC,UAAU,CAAC;QACrB,iBAAiB,CAAC;YACd,WAAW,EAAE,oBAAoB;YACjC,OAAO,EAAE,sBAAsB;SAClC,CAAC,CAAC,YAAY,EAAE;QACjB,YAAY,CAAC;YACT,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,SAAS;YACpB,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,SAAS;YACvB,uBAAuB,EAAE,SAAS;SACrC,CAAC;KACL,CAAC,CAAA;AACN,CAAC;AAED;;;;;GAKG;AACH,IAAI,gBAA6E,CAAA;AACjF,SAAS,cAAc;IACnB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACpB,gBAAgB,GAAG,oBAAoB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IAC/E,CAAC;IACD,OAAO,gBAAgB,CAAA;AAC3B,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB;IACjC,MAAM,KAAK,GAAG,uBAAuB,CAAe;QAChD,WAAW,EAAE,oBAAoB;QACjC,WAAW,EAAE,0BAA0B,EAAE;QACzC,eAAe,EAAE,aAAa,EAAE;QAChC,YAAY,EAAE,iBAAiB;KAClC,CAAC,CAAA;IACF,KAAK,UAAU,oBAAoB;QAC/B,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAA;QACrC,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,MAAM,oBAAoB,EAAE,CAAA;QAChC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAoB,EAAE;QAC1D,KAAK,CAAC,MAAM,CAAC,GAAgB;YACzB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACpB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;gBAC3C,IAAI,QAAQ,EAAE,CAAC;oBACX,OAAO;wBACH,KAAK,EAAE,QAAQ;wBACf,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE;qBACrE,CAAA;gBACL,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAA;YACrC,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpD,MAAM,MAAM,GAAG,MAAM,uBAAuB,EAAE,CAAA;gBAC9C,IAAI,MAAM,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC1E,OAAO,MAAM,CAAA;gBACjB,CAAC;YACL,CAAC;YACD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAC5B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,OAAqB,EAAE,KAAa;YAC1C,MAAM,oBAAoB,EAAE,CAAA;YAC5B,OAAO,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACpC,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,GAAgB;YACxB,MAAM,oBAAoB,EAAE,CAAA;YAC5B,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3B,CAAC;QACD,KAAK,CAAC,IAAI;YACN,MAAM,cAAc,EAAE,CAAA;YACtB,OAAO,KAAK,CAAC,IAAI,EAAE,CAAA;QACvB,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,GAAe;YAC5B,MAAM,cAAc,EAAE,CAAA;YACtB,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAChC,CAAC;KACJ,CAAC,CAAA;AACN,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACtC,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;IAC3C,IAAI,MAAM,EAAE,aAAa;QAAE,OAAO,aAAa,CAAA;IAC/C,IAAI,MAAM;QAAE,OAAO,cAAc,CAAA;IACjC,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE;QAAE,OAAO,aAAa,CAAA;IAC9C,OAAO,cAAc,CAAA;AACzB,CAAC"}

package/dist/lib/auth.d.ts

@@ -1,21 +1,14 @@
+import { SecureStoreUnavailableError } from '@doist/cli-core/auth';
 import { type AuthMode } from './config.js';
 import { CliError } from './errors.js';
-export declare const SECURE_STORE_DESCRIPTION = "system credential manager";
-export declare class NoTokenError extends CliError {
-    constructor();
-}
+export { SecureStoreUnavailableError };
 export declare const TOKEN_ENV_VAR = "TWIST_API_TOKEN";
+export declare const SECURE_STORE_DESCRIPTION = "system credential manager";
 export type TokenStorageLocation = 'secure-store' | 'config-file';
 export type TokenStorageResult = {
     storage: TokenStorageLocation;
     warning?: string;
 };
-export type SaveApiTokenOptions = {
-    authMode?: AuthMode;
-    authScope?: string;
-    authUserId?: number;
-    authUserName?: string;
-};
 export type AuthMetadata = {
     authMode: AuthMode;
     authScope?: string;
@@ -34,9 +27,17 @@ export type AuthProbeResult = {
     token: string;
     metadata: AuthProbeMetadata;
 };
+export declare class NoTokenError extends CliError {
+    constructor();
+}
+/** Read the active token. The store wraps env-var precedence internally. */
 export declare function getApiToken(): Promise<string>;
+/** Token + metadata in one round-trip for `tw config view` / `tw doctor`. */
 export declare function probeApiToken(): Promise<AuthProbeResult>;
+/**
+ * Auth metadata for `tw auth status` and `ensureWriteAllowed`. Falls back
+ * to v1 flat fields when no v2 record exists so a legacy `read-only` token
+ * isn't reported as `'unknown'` — that would skip the local READ_ONLY guard.
+ */
 export declare function getAuthMetadata(): Promise<AuthMetadata>;
-export declare function saveApiToken(token: string, options?: SaveApiTokenOptions): Promise<TokenStorageResult>;
-export declare function clearApiToken(): Promise<TokenStorageResult>;
 //# sourceMappingURL=auth.d.ts.map

package/dist/lib/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,QAAQ,EAAoD,MAAM,aAAa,CAAA;AAC7F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAKtC,eAAO,MAAM,wBAAwB,8BAA8B,CAAA;AAMnE,qBAAa,YAAa,SAAQ,QAAQ;;CAUzC;AAED,eAAO,MAAM,aAAa,oBAAoB,CAAA;AAC9C,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAA;AAEjE,MAAM,MAAM,kBAAkB,GAAG;IAC7B,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACvB,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC5B,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,aAAa,GAAG,cAAc,CAAA;CACjD,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,iBAAiB,CAAA;CAC9B,CAAA;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CA6DnD;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CAmD9D;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CAc7D;AAED,wBAAsB,YAAY,CAC9B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,mBAAwB,GAClC,OAAO,CAAC,kBAAkB,CAAC,CA6C7B;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,kBAAkB,CAAC,CA2BjE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAA;AAGlE,OAAO,EAAE,KAAK,QAAQ,EAAa,MAAM,aAAa,CAAA;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAGtC,OAAO,EAAE,2BAA2B,EAAE,CAAA;AAEtC,eAAO,MAAM,aAAa,oBAAoB,CAAA;AAE9C,eAAO,MAAM,wBAAwB,8BAA8B,CAAA;AAEnE,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAA;AAEjE,MAAM,MAAM,kBAAkB,GAAG;IAC7B,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACvB,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC5B,QAAQ,EAAE,QAAQ,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,KAAK,GAAG,aAAa,GAAG,cAAc,CAAA;CACjD,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,iBAAiB,CAAA;CAC9B,CAAA;AAED,qBAAa,YAAa,SAAQ,QAAQ;;CAUzC;AAED,4EAA4E;AAC5E,wBAAsB,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAInD;AAED,6EAA6E;AAC7E,wBAAsB,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CAW9D;AAED;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CAe7D"}