npm - @doow/cli - Versions diffs - 0.1.0 - Mend

@doow/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/README.md +75 -0
package/dist/cjs/auth/api-key.js +159 -0
package/dist/cjs/auth/api-key.js.map +1 -0
package/dist/cjs/auth/detect.js +173 -0
package/dist/cjs/auth/detect.js.map +1 -0
package/dist/cjs/auth/device-flow.js +135 -0
package/dist/cjs/auth/device-flow.js.map +1 -0
package/dist/cjs/auth/keyring.js +118 -0
package/dist/cjs/auth/keyring.js.map +1 -0
package/dist/cjs/auth/pkce.js +243 -0
package/dist/cjs/auth/pkce.js.map +1 -0
package/dist/cjs/auth/refresh.js +203 -0
package/dist/cjs/auth/refresh.js.map +1 -0
package/dist/cjs/config/env.js +44 -0
package/dist/cjs/config/env.js.map +1 -0
package/dist/cjs/config/store.js +178 -0
package/dist/cjs/config/store.js.map +1 -0
package/dist/cjs/index.js +48 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cli.cjs +34372 -0
package/dist/cli.cjs.map +1 -0
package/dist/esm/auth/api-key.js +154 -0
package/dist/esm/auth/api-key.js.map +1 -0
package/dist/esm/auth/detect.js +150 -0
package/dist/esm/auth/detect.js.map +1 -0
package/dist/esm/auth/device-flow.js +132 -0
package/dist/esm/auth/device-flow.js.map +1 -0
package/dist/esm/auth/keyring.js +116 -0
package/dist/esm/auth/keyring.js.map +1 -0
package/dist/esm/auth/pkce.js +220 -0
package/dist/esm/auth/pkce.js.map +1 -0
package/dist/esm/auth/refresh.js +198 -0
package/dist/esm/auth/refresh.js.map +1 -0
package/dist/esm/config/env.js +38 -0
package/dist/esm/config/env.js.map +1 -0
package/dist/esm/config/store.js +166 -0
package/dist/esm/config/store.js.map +1 -0
package/dist/esm/index.js +15 -0
package/dist/esm/index.js.map +1 -0
package/dist/mcp.cjs +8 -0
package/dist/mcp.cjs.map +1 -0
package/dist/types/index.d.ts +369 -0
package/package.json +62 -0

package/dist/esm/auth/pkce.js ADDED Viewed

@@ -0,0 +1,220 @@
+import * as http from 'node:http';
+import * as crypto from 'node:crypto';
+import { getApiUrl } from '../config/env.js';
+import { getActiveProfile } from '../config/store.js';
+import { createCredentialStore } from './keyring.js';
+/**
+ * pkce.ts
+ *
+ * OAuth 2.0 PKCE (RFC 7636) interactive login flow for the Doow CLI.
+ *
+ * Steps:
+ *  1. Generate PKCE code_verifier + code_challenge
+ *  2. Generate CSRF state token
+ *  3. Start a localhost HTTP server on a random port
+ *  4. Open browser to the authorize URL
+ *  5. Wait for the OAuth callback (120 s default timeout)
+ *  6. Exchange authorization code for tokens
+ *  7. Store tokens via CredentialStore
+ *  8. Close server and return result
+ */
+// ---------------------------------------------------------------------------
+// HTML responses
+// ---------------------------------------------------------------------------
+const SUCCESS_HTML = `<!DOCTYPE html><html><body style="font-family:system-ui;text-align:center;padding:40px">
+<h2>Logged in to Doow</h2><p>You can close this tab.</p>
+</body></html>`;
+const ERROR_HTML = `<!DOCTYPE html><html><body style="font-family:system-ui;text-align:center;padding:40px">
+<h2>Login failed</h2><p>CSRF state mismatch. Please try again.</p>
+</body></html>`;
+// ---------------------------------------------------------------------------
+// PKCE helpers
+// ---------------------------------------------------------------------------
+/**
+ * Generates a PKCE code_verifier and code_challenge pair.
+ * - code_verifier: 32 random bytes, base64url-encoded (43 chars)
+ * - code_challenge: SHA-256 of verifier, base64url-encoded
+ */
+function generatePkcePair() {
+    const verifierBytes = crypto.randomBytes(32);
+    const codeVerifier = verifierBytes
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+    const challengeBytes = crypto.createHash('sha256').update(codeVerifier).digest();
+    const codeChallenge = challengeBytes
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+    return { codeVerifier, codeChallenge };
+}
+/**
+ * Generates a random CSRF state token (32 bytes, base64url).
+ */
+function generateState() {
+    return crypto
+        .randomBytes(32)
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+/**
+ * Starts a localhost HTTP server on a random port and waits for the OAuth
+ * callback. Resolves with { code, state } on success.
+ * Rejects if the CSRF state doesn't match.
+ */
+function startCallbackServer(expectedState, timeoutMs) {
+    return new Promise((resolveServer, rejectServer) => {
+        const server = http.createServer();
+        const callbackPromise = new Promise((resolveCallback, rejectCallback) => {
+            let timeoutHandle;
+            // Set the timeout for the callback wait — server.close() is handled
+            // by the finally block in executePkceFlow, not here.
+            timeoutHandle = setTimeout(() => {
+                rejectCallback(new Error('Login timed out after 120 seconds. Try doow login --device for headless environments.'));
+            }, timeoutMs);
+            server.on('request', (req, res) => {
+                // Only handle /callback path
+                if (!req.url?.startsWith('/callback')) {
+                    res.writeHead(404);
+                    res.end('Not found');
+                    return;
+                }
+                const url = new URL(req.url, 'http://127.0.0.1');
+                const code = url.searchParams.get('code');
+                const state = url.searchParams.get('state');
+                const errorParam = url.searchParams.get('error');
+                // Handle OAuth error from server
+                if (errorParam) {
+                    clearTimeout(timeoutHandle);
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end(ERROR_HTML);
+                    rejectCallback(new Error(`Authorization failed: ${errorParam}`));
+                    return;
+                }
+                // Validate required params
+                if (!code || !state) {
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end(ERROR_HTML);
+                    return;
+                }
+                // CSRF state validation
+                if (state !== expectedState) {
+                    clearTimeout(timeoutHandle);
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end(ERROR_HTML);
+                    rejectCallback(new Error('CSRF state mismatch — possible attack. Try again.'));
+                    return;
+                }
+                // Success
+                clearTimeout(timeoutHandle);
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(SUCCESS_HTML);
+                resolveCallback({ code, state });
+            });
+        });
+        server.on('error', (err) => {
+            rejectServer(new Error(`Failed to start local callback server: ${err.message}. Try doow login --device for headless environments.`));
+        });
+        // Bind to port 0 — OS assigns a random available port
+        server.listen(0, '127.0.0.1', () => {
+            const addr = server.address();
+            if (!addr || typeof addr === 'string') {
+                server.close();
+                rejectServer(new Error('Failed to determine callback server port. Try doow login --device for headless environments.'));
+                return;
+            }
+            resolveServer({ server, port: addr.port, callbackPromise });
+        });
+    });
+}
+// ---------------------------------------------------------------------------
+// Token exchange
+// ---------------------------------------------------------------------------
+async function exchangeCodeForTokens(apiUrl, code, codeVerifier, state) {
+    const response = await fetch(`${apiUrl}/v1/auth/cli/token`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            grant_type: 'authorization_code',
+            code,
+            code_verifier: codeVerifier,
+            state,
+        }),
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => '(no body)');
+        throw new Error(`Token exchange failed: HTTP ${response.status} — ${body}`);
+    }
+    return response.json();
+}
+// ---------------------------------------------------------------------------
+// Main flow
+// ---------------------------------------------------------------------------
+/**
+ * Executes the full PKCE browser-based OAuth 2.0 login flow.
+ *
+ * Opens the system browser to the Doow authorize endpoint, waits for the
+ * localhost callback, exchanges the authorization code for tokens, and
+ * persists the tokens via the credential store.
+ */
+async function executePkceFlow(options = {}) {
+    // Resolve options
+    const profile = await getActiveProfile();
+    const apiUrl = options.apiUrl ?? getApiUrl(profile);
+    const profileName = options.profileName ?? profile.name;
+    const credentialStore = options.credentialStore ?? (await createCredentialStore());
+    const timeout = options.timeout ?? 120_000;
+    // Step 1 & 2: Generate PKCE pair and CSRF state
+    const { codeVerifier, codeChallenge } = generatePkcePair();
+    const state = generateState();
+    // Step 3: Start callback server
+    const { server, port, callbackPromise } = await startCallbackServer(state, timeout);
+    try {
+        // Step 4: Build authorize URL
+        const redirectUri = `http://127.0.0.1:${port}/callback`;
+        const authorizeUrl = `${apiUrl}/v1/auth/cli/authorize` +
+            `?response_type=code` +
+            `&code_challenge=${codeChallenge}` +
+            `&code_challenge_method=S256` +
+            `&state=${state}` +
+            `&redirect_uri=${encodeURIComponent(redirectUri)}`;
+        // Step 5: Open browser
+        try {
+            const { default: open } = await import('open');
+            await open(authorizeUrl);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to open browser: ${msg}. Try doow login --device for headless environments.`);
+        }
+        // Step 6: Wait for callback
+        const { code } = await callbackPromise;
+        // Step 7: Exchange code for tokens
+        const tokenResponse = await exchangeCodeForTokens(apiUrl, code, codeVerifier, state);
+        // Step 8: Store tokens
+        const expiresAt = new Date(Date.now() + tokenResponse.expires_in * 1000).toISOString();
+        const result = {
+            accessToken: tokenResponse.access_token,
+            refreshToken: tokenResponse.refresh_token,
+            expiresAt,
+        };
+        await credentialStore.set(profileName, {
+            accessToken: result.accessToken,
+            refreshToken: result.refreshToken,
+            expiresAt: result.expiresAt,
+        });
+        return result;
+    }
+    finally {
+        // Always close the server — success, error, or timeout
+        server.close();
+    }
+}
+export { executePkceFlow, generatePkcePair };
+//# sourceMappingURL=pkce.js.map

package/dist/esm/auth/pkce.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce.js","sources":["../../../../src/auth/pkce.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;;;;;;AAcG;AAiCH;AACA;AACA;AAEA,MAAM,YAAY,GAAG,CAAA;;eAEN;AAEf,MAAM,UAAU,GAAG,CAAA;;eAEJ;AAEf;AACA;AACA;AAEA;;;;AAIG;SACa,gBAAgB,GAAA;IAC9B,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG;SAClB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE;IAChF,MAAM,aAAa,GAAG;SACnB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE;AACxC;AAEA;;AAEG;AACH,SAAS,aAAa,GAAA;AACpB,IAAA,OAAO;SACJ,WAAW,CAAC,EAAE;SACd,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACtB;AAWA;;;;AAIG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,SAAiB,EAAA;IAEjB,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,YAAY,KAAI;AACjD,QAAA,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE;QAElC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAiB,CAAC,eAAe,EAAE,cAAc,KAAI;AACtF,YAAA,IAAI,aAAwD;;;AAI5D,YAAA,aAAa,GAAG,UAAU,CAAC,MAAK;AAC9B,gBAAA,cAAc,CACZ,IAAI,KAAK,CACP,uFAAuF,CACxF,CACF;YACH,CAAC,EAAE,SAAS,CAAC;YAEb,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAI;;gBAEhC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE;AACrC,oBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;AAClB,oBAAA,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;oBACpB;gBACF;gBAEA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC;gBAChD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;gBACzC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBAC3C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;;gBAGhD,IAAI,UAAU,EAAE;oBACd,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB,cAAc,CAAC,IAAI,KAAK,CAAC,yBAAyB,UAAU,CAAA,CAAE,CAAC,CAAC;oBAChE;gBACF;;AAGA,gBAAA,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB;gBACF;;AAGA,gBAAA,IAAI,KAAK,KAAK,aAAa,EAAE;oBAC3B,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;AACnB,oBAAA,cAAc,CAAC,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;oBAC9E;gBACF;;gBAGA,YAAY,CAAC,aAAa,CAAC;gBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,gBAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;AACrB,gBAAA,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,YAAA,CAAC,CAAC;AACJ,QAAA,CAAC,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,KAAI;YACzB,YAAY,CACV,IAAI,KAAK,CACP,CAAA,uCAAA,EAA0C,GAAG,CAAC,OAAO,CAAA,oDAAA,CAAsD,CAC5G,CACF;AACH,QAAA,CAAC,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,MAAK;AACjC,YAAA,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE;YAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;gBACrC,MAAM,CAAC,KAAK,EAAE;AACd,gBAAA,YAAY,CACV,IAAI,KAAK,CACP,8FAA8F,CAC/F,CACF;gBACD;YACF;AACA,YAAA,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC;AAC7D,QAAA,CAAC,CAAC;AACJ,IAAA,CAAC,CAAC;AACJ;AAEA;AACA;AACA;AAEA,eAAe,qBAAqB,CAClC,MAAc,EACd,IAAY,EACZ,YAAoB,EACpB,KAAa,EAAA;IAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,oBAAoB,EAAE;AAC1D,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,QAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,YAAA,UAAU,EAAE,oBAAoB;YAChC,IAAI;AACJ,YAAA,aAAa,EAAE,YAAY;YAC3B,KAAK;SACN,CAAC;AACH,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,CAAA,4BAAA,EAA+B,QAAQ,CAAC,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAC;IAC7E;AAEA,IAAA,OAAO,QAAQ,CAAC,IAAI,EAA4B;AAClD;AAEA;AACA;AACA;AAEA;;;;;;AAMG;AACI,eAAe,eAAe,CAAC,UAA2B,EAAE,EAAA;;AAEjE,IAAA,MAAM,OAAO,GAAG,MAAM,gBAAgB,EAAE;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC;IACnD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,KAAK,MAAM,qBAAqB,EAAE,CAAC;AAClF,IAAA,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO;;IAG1C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,gBAAgB,EAAE;AAC1D,IAAA,MAAM,KAAK,GAAG,aAAa,EAAE;;AAG7B,IAAA,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC;AAEnF,IAAA,IAAI;;AAEF,QAAA,MAAM,WAAW,GAAG,CAAA,iBAAA,EAAoB,IAAI,WAAW;AACvD,QAAA,MAAM,YAAY,GAChB,CAAA,EAAG,MAAM,CAAA,sBAAA,CAAwB;YACjC,CAAA,mBAAA,CAAqB;AACrB,YAAA,CAAA,gBAAA,EAAmB,aAAa,CAAA,CAAE;YAClC,CAAA,2BAAA,CAA6B;AAC7B,YAAA,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE;AACjB,YAAA,CAAA,cAAA,EAAiB,kBAAkB,CAAC,WAAW,CAAC,EAAE;;AAGpD,QAAA,IAAI;YACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C,YAAA,MAAM,IAAI,CAAC,YAAY,CAAC;QAC1B;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC;AAC5D,YAAA,MAAM,IAAI,KAAK,CACb,2BAA2B,GAAG,CAAA,oDAAA,CAAsD,CACrF;QACH;;AAGA,QAAA,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,eAAe;;AAGtC,QAAA,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,CAAC;;AAGpF,QAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;AACtF,QAAA,MAAM,MAAM,GAAmB;YAC7B,WAAW,EAAE,aAAa,CAAC,YAAY;YACvC,YAAY,EAAE,aAAa,CAAC,aAAa;YACzC,SAAS;SACV;AAED,QAAA,MAAM,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE;YACrC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;AAC5B,SAAA,CAAC;AAEF,QAAA,OAAO,MAAM;IACf;YAAU;;QAER,MAAM,CAAC,KAAK,EAAE;IAChB;AACF;;;;"}

package/dist/esm/auth/refresh.js ADDED Viewed

@@ -0,0 +1,198 @@
+import { writeFile, unlink, readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { getConfigDir } from '../config/store.js';
+import { getApiUrl } from '../config/env.js';
+import { createCredentialStore } from './keyring.js';
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const REFRESH_BUFFER_SECONDS = 60;
+const STALE_LOCK_THRESHOLD_MS = 60_000;
+const LOCK_RETRY_DELAY_MS = 500;
+const LOCK_MAX_RETRIES = 10;
+// ---------------------------------------------------------------------------
+// needsRefresh
+// ---------------------------------------------------------------------------
+/**
+ * Returns true when the credential token needs a refresh:
+ * - no expiresAt present, OR
+ * - token expires within the 60-second buffer window
+ *
+ * Pure function — no I/O.
+ */
+function needsRefresh(creds) {
+    if (!creds.expiresAt)
+        return true;
+    const expiresAt = new Date(creds.expiresAt).getTime();
+    if (isNaN(expiresAt))
+        return true;
+    const bufferMs = REFRESH_BUFFER_SECONDS * 1_000;
+    return Date.now() >= expiresAt - bufferMs;
+}
+// ---------------------------------------------------------------------------
+// Lockfile helpers
+// ---------------------------------------------------------------------------
+/**
+ * Returns true when the process identified by `pid` is still running.
+ * Uses kill(pid, 0) which sends no signal but checks for process existence.
+ */
+function isPidAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Acquires an exclusive per-profile lock file.
+ *
+ * Uses O_EXCL (writeFile flag:'wx') for atomic exclusive creation.
+ * If a lock exists, checks staleness (>60s or dead PID) and cleans up if stale.
+ * Retries up to 10 times with 500ms back-off before throwing.
+ */
+async function acquireLock(profileName) {
+    const configDir = await getConfigDir();
+    const lockPath = join(configDir, `.${profileName}.refresh.lock`);
+    for (let attempt = 0; attempt < LOCK_MAX_RETRIES; attempt++) {
+        try {
+            const content = { pid: process.pid, timestamp: Date.now() };
+            await writeFile(lockPath, JSON.stringify(content), { flag: 'wx', mode: 0o600 });
+            // Acquired — return handle with inline release
+            return {
+                lockPath,
+                async release() {
+                    await unlink(lockPath).catch(() => undefined);
+                },
+            };
+        }
+        catch (err) {
+            // Only handle EEXIST — lock file already exists
+            if (!isEexist(err))
+                throw err;
+            // Read existing lock and decide whether it's stale
+            const isStale = await checkAndCleanStaleLock(lockPath);
+            if (isStale) {
+                // Stale lock deleted — retry immediately (don't sleep)
+                continue;
+            }
+            // Live lock — wait before retrying
+            if (attempt < LOCK_MAX_RETRIES - 1) {
+                await sleep(LOCK_RETRY_DELAY_MS);
+            }
+        }
+    }
+    throw new Error('Could not acquire refresh lock. Another process may be refreshing.');
+}
+/**
+ * Reads the lock file at `lockPath`, checks whether it's stale, and
+ * if so deletes it. Returns true if the lock was stale (and deleted).
+ */
+async function checkAndCleanStaleLock(lockPath) {
+    let content;
+    try {
+        const raw = await readFile(lockPath, 'utf-8');
+        content = JSON.parse(raw);
+    }
+    catch {
+        // File vanished between our EEXIST and this read — treat as stale
+        return true;
+    }
+    const isOlderThanThreshold = Date.now() - content.timestamp > STALE_LOCK_THRESHOLD_MS;
+    const isProcDead = !isPidAlive(content.pid);
+    if (isOlderThanThreshold || isProcDead) {
+        await unlink(lockPath).catch(() => undefined);
+        return true;
+    }
+    return false;
+}
+/**
+ * Releases a previously acquired lock handle. Best-effort — never throws.
+ */
+async function releaseLock(handle) {
+    await handle.release();
+}
+// ---------------------------------------------------------------------------
+// refreshToken
+// ---------------------------------------------------------------------------
+/**
+ * Performs a transparent token refresh with double-checked locking.
+ *
+ * 1. Acquires a per-profile lockfile
+ * 2. Re-reads credentials — another process may have already refreshed
+ * 3. If tokens are still fresh, skips the network call (wasRefreshed: false)
+ * 4. Otherwise calls POST /v1/auth/refresh and stores the new tokens
+ * 5. Always releases the lock in a finally block
+ *
+ * Throws with a user-friendly message if the session has expired.
+ */
+async function refreshToken(options = {}) {
+    const profileName = options.profileName ?? 'default';
+    const store = options.credentialStore ?? (await createCredentialStore());
+    const apiUrl = options.apiUrl ?? getApiUrl();
+    const lock = await acquireLock(profileName);
+    try {
+        // Double-checked locking: re-read credentials now that we hold the lock.
+        // Another process may have already refreshed while we waited.
+        const latestCreds = await store.get(profileName);
+        if (latestCreds && !needsRefresh(latestCreds)) {
+            // Already refreshed by another process — return current tokens.
+            return {
+                accessToken: latestCreds.accessToken ?? '',
+                refreshToken: latestCreds.refreshToken ?? '',
+                expiresAt: latestCreds.expiresAt ?? '',
+                wasRefreshed: false,
+            };
+        }
+        // We need to refresh — verify we have a refresh token to use.
+        if (!latestCreds?.refreshToken) {
+            await store.clear(profileName);
+            throw new Error('Session expired. Run doow login to re-authenticate.');
+        }
+        // Call the refresh endpoint.
+        const response = await fetch(`${apiUrl}/v1/auth/refresh`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ refresh_token: latestCreds.refreshToken }),
+        });
+        if (!response.ok) {
+            // 401 or any non-2xx → session expired
+            await store.clear(profileName);
+            throw new Error('Session expired. Run doow login to re-authenticate.');
+        }
+        const data = (await response.json());
+        const expiresAt = new Date(Date.now() + data.expires_in * 1_000).toISOString();
+        const newCreds = {
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token,
+            expiresAt,
+        };
+        await store.set(profileName, newCreds);
+        return {
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token,
+            expiresAt,
+            wasRefreshed: true,
+        };
+    }
+    finally {
+        await lock.release();
+    }
+}
+// ---------------------------------------------------------------------------
+// Utilities
+// ---------------------------------------------------------------------------
+function isEexist(err) {
+    return (typeof err === 'object' &&
+        err !== null &&
+        'code' in err &&
+        err.code === 'EEXIST');
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+export { acquireLock, needsRefresh, refreshToken, releaseLock };
+//# sourceMappingURL=refresh.js.map

package/dist/esm/auth/refresh.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"refresh.js","sources":["../../../../src/auth/refresh.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAwCA;AACA;AACA;AAEA,MAAM,sBAAsB,GAAG,EAAE;AACjC,MAAM,uBAAuB,GAAG,MAAM;AACtC,MAAM,mBAAmB,GAAG,GAAG;AAC/B,MAAM,gBAAgB,GAAG,EAAE;AAE3B;AACA;AACA;AAEA;;;;;;AAMG;AACG,SAAU,YAAY,CAAC,KAAyB,EAAA;IACpD,IAAI,CAAC,KAAK,CAAC,SAAS;AAAE,QAAA,OAAO,IAAI;AACjC,IAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;IACrD,IAAI,KAAK,CAAC,SAAS,CAAC;AAAE,QAAA,OAAO,IAAI;AACjC,IAAA,MAAM,QAAQ,GAAG,sBAAsB,GAAG,KAAK;IAC/C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,GAAG,QAAQ;AAC3C;AAEA;AACA;AACA;AAEA;;;AAGG;AACH,SAAS,UAAU,CAAC,GAAW,EAAA;AAC7B,IAAA,IAAI;AACF,QAAA,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;AACpB,QAAA,OAAO,IAAI;IACb;AAAE,IAAA,MAAM;AACN,QAAA,OAAO,KAAK;IACd;AACF;AAEA;;;;;;AAMG;AACI,eAAe,WAAW,CAAC,WAAmB,EAAA;AACnD,IAAA,MAAM,SAAS,GAAG,MAAM,YAAY,EAAE;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAA,CAAA,EAAI,WAAW,CAAA,aAAA,CAAe,CAAC;AAEhE,IAAA,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,gBAAgB,EAAE,OAAO,EAAE,EAAE;AAC3D,QAAA,IAAI;AACF,YAAA,MAAM,OAAO,GAAoB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5E,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;;YAG/E,OAAO;gBACL,QAAQ;AACR,gBAAA,MAAM,OAAO,GAAA;AACX,oBAAA,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC;gBAC/C,CAAC;aACF;QACH;QAAE,OAAO,GAAY,EAAE;;AAErB,YAAA,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;AAAE,gBAAA,MAAM,GAAG;;AAG7B,YAAA,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC,QAAQ,CAAC;YACtD,IAAI,OAAO,EAAE;;gBAEX;YACF;;AAGA,YAAA,IAAI,OAAO,GAAG,gBAAgB,GAAG,CAAC,EAAE;AAClC,gBAAA,MAAM,KAAK,CAAC,mBAAmB,CAAC;YAClC;QACF;IACF;AAEA,IAAA,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC;AACvF;AAEA;;;AAGG;AACH,eAAe,sBAAsB,CAAC,QAAgB,EAAA;AACpD,IAAA,IAAI,OAAwB;AAC5B,IAAA,IAAI;QACF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;AAC7C,QAAA,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB;IAC9C;AAAE,IAAA,MAAM;;AAEN,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,GAAG,uBAAuB;IACrF,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;AAE3C,IAAA,IAAI,oBAAoB,IAAI,UAAU,EAAE;AACtC,QAAA,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC;AAC7C,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,OAAO,KAAK;AACd;AAEA;;AAEG;AACI,eAAe,WAAW,CAAC,MAAkB,EAAA;AAClD,IAAA,MAAM,MAAM,CAAC,OAAO,EAAE;AACxB;AAEA;AACA;AACA;AAEA;;;;;;;;;;AAUG;AACI,eAAe,YAAY,CAAC,UAA0B,EAAE,EAAA;AAC7D,IAAA,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,SAAS;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,eAAe,KAAK,MAAM,qBAAqB,EAAE,CAAC;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,SAAS,EAAE;AAE5C,IAAA,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC;AAE3C,IAAA,IAAI;;;QAGF,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC;QAEhD,IAAI,WAAW,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;;YAE7C,OAAO;AACL,gBAAA,WAAW,EAAE,WAAW,CAAC,WAAW,IAAI,EAAE;AAC1C,gBAAA,YAAY,EAAE,WAAW,CAAC,YAAY,IAAI,EAAE;AAC5C,gBAAA,SAAS,EAAE,WAAW,CAAC,SAAS,IAAI,EAAE;AACtC,gBAAA,YAAY,EAAE,KAAK;aACpB;QACH;;AAGA,QAAA,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE;AAC9B,YAAA,MAAM,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC;AAC9B,YAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;QACxE;;QAGA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,kBAAkB,EAAE;AACxD,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,YAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,YAAY,EAAE,CAAC;AAClE,SAAA,CAAC;AAEF,QAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;;AAEhB,YAAA,MAAM,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC;AAC9B,YAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;QACxE;QAEA,MAAM,IAAI,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC;AAED,QAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE;AAE9E,QAAA,MAAM,QAAQ,GAAuB;YACnC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS;SACV;QAED,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;QAEtC,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS;AACT,YAAA,YAAY,EAAE,IAAI;SACnB;IACH;YAAU;AACR,QAAA,MAAM,IAAI,CAAC,OAAO,EAAE;IACtB;AACF;AAEA;AACA;AACA;AAEA,SAAS,QAAQ,CAAC,GAAY,EAAA;AAC5B,IAAA,QACE,OAAO,GAAG,KAAK,QAAQ;AACvB,QAAA,GAAG,KAAK,IAAI;AACZ,QAAA,MAAM,IAAI,GAAG;AACZ,QAAA,GAA6B,CAAC,IAAI,KAAK,QAAQ;AAEpD;AAEA,SAAS,KAAK,CAAC,EAAU,EAAA;AACvB,IAAA,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC1D;;;;"}

package/dist/esm/config/env.js ADDED Viewed

@@ -0,0 +1,38 @@
+/** True when stdout is an interactive terminal. */
+function isTTY() {
+    return process.stdout.isTTY === true;
+}
+/** True when running inside a CI environment (any common CI sets $CI). */
+function isCI() {
+    return !!process.env['CI'];
+}
+/**
+ * True when the CLI is invoked by an automated agent rather than a human.
+ * Detected via $DOOW_AGENT_MODE env var or the --agent CLI flag (which
+ * Commander stores on the global options object as `process.env` is the
+ * canonical signal here — Commander integration is wired up in cli.ts).
+ */
+function isAgentMode() {
+    return !!process.env['DOOW_AGENT_MODE'];
+}
+/**
+ * True when interactive UI (spinners, prompts, color) should be shown.
+ * Requires a real TTY, no CI env, and not running in agent mode.
+ */
+function shouldShowUI() {
+    return isTTY() && !isCI() && !isAgentMode();
+}
+/**
+ * Resolve the API base URL.
+ * Precedence: profile.apiUrl → $DOOW_API_URL → hardcoded default.
+ */
+function getApiUrl(profile) {
+    if (profile?.apiUrl)
+        return profile.apiUrl;
+    if (process.env['DOOW_API_URL'])
+        return process.env['DOOW_API_URL'];
+    return 'https://api.doow.com';
+}
+export { getApiUrl, isAgentMode, isCI, isTTY, shouldShowUI };
+//# sourceMappingURL=env.js.map

package/dist/esm/config/env.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env.js","sources":["../../../../src/config/env.ts"],"sourcesContent":[null],"names":[],"mappings":"AAEA;SACgB,KAAK,GAAA;AACnB,IAAA,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI;AACtC;AAEA;SACgB,IAAI,GAAA;IAClB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC5B;AAEA;;;;;AAKG;SACa,WAAW,GAAA;IACzB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AACzC;AAEA;;;AAGG;SACa,YAAY,GAAA;IAC1B,OAAO,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;AAC7C;AAEA;;;AAGG;AACG,SAAU,SAAS,CAAC,OAAiB,EAAA;IACzC,IAAI,OAAO,EAAE,MAAM;QAAE,OAAO,OAAO,CAAC,MAAM;AAC1C,IAAA,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAAE,QAAA,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AACnE,IAAA,OAAO,sBAAsB;AAC/B;;;;"}

package/dist/esm/config/store.js ADDED Viewed

@@ -0,0 +1,166 @@
+import { mkdir, chmod, readFile, writeFile, rename, rm } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+// ---------------------------------------------------------------------------
+// Constants / defaults
+// ---------------------------------------------------------------------------
+const DEFAULT_PROFILE_NAME = 'default';
+const DEFAULT_CONFIG = {
+    activeProfile: DEFAULT_PROFILE_NAME,
+    profiles: {
+        [DEFAULT_PROFILE_NAME]: { name: DEFAULT_PROFILE_NAME },
+    },
+};
+const DEFAULT_CREDENTIALS = {
+    profiles: {},
+};
+// ---------------------------------------------------------------------------
+// Config directory
+// ---------------------------------------------------------------------------
+/**
+ * Returns the Doow config directory path.
+ * Prefers $DOOW_CONFIG_DIR when set; falls back to ~/.doow.
+ * Creates the directory (mode 0o700) if it does not yet exist.
+ */
+async function getConfigDir() {
+    const dir = process.env['DOOW_CONFIG_DIR'] ?? join(homedir(), '.doow');
+    await mkdir(dir, { recursive: true, mode: 0o700 });
+    await chmod(dir, 0o700);
+    return dir;
+}
+// ---------------------------------------------------------------------------
+// Atomic write helper
+// ---------------------------------------------------------------------------
+async function atomicWrite(filePath, data) {
+    const tmp = `${filePath}.tmp`;
+    try {
+        await writeFile(tmp, data, { encoding: 'utf-8', mode: 0o600 });
+        await rename(tmp, filePath);
+    }
+    catch (err) {
+        // Clean up temp file on failure, best-effort
+        await rm(tmp, { force: true }).catch(() => undefined);
+        throw err;
+    }
+}
+// ---------------------------------------------------------------------------
+// config.json
+// ---------------------------------------------------------------------------
+/** Reads ~/.doow/config.json. Returns the default config if the file is absent. */
+async function readConfig() {
+    const dir = await getConfigDir();
+    const filePath = join(dir, 'config.json');
+    try {
+        const raw = await readFile(filePath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        if (isEnoent(err))
+            return structuredClone(DEFAULT_CONFIG);
+        throw err;
+    }
+}
+/** Writes ~/.doow/config.json atomically with 0o600 perms. */
+async function writeConfig(config) {
+    const dir = await getConfigDir();
+    const filePath = join(dir, 'config.json');
+    await atomicWrite(filePath, JSON.stringify(config, null, 2));
+}
+// ---------------------------------------------------------------------------
+// credentials.json
+// ---------------------------------------------------------------------------
+/** Reads ~/.doow/credentials.json. Returns empty credentials if absent. */
+async function readCredentials() {
+    const dir = await getConfigDir();
+    const filePath = join(dir, 'credentials.json');
+    try {
+        const raw = await readFile(filePath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        if (isEnoent(err))
+            return structuredClone(DEFAULT_CREDENTIALS);
+        throw err;
+    }
+}
+/** Writes ~/.doow/credentials.json atomically with 0o600 perms. */
+async function writeCredentials(creds) {
+    const dir = await getConfigDir();
+    const filePath = join(dir, 'credentials.json');
+    await atomicWrite(filePath, JSON.stringify(creds, null, 2));
+}
+// ---------------------------------------------------------------------------
+// Active profile
+// ---------------------------------------------------------------------------
+/** Returns the currently active Profile object. */
+async function getActiveProfile() {
+    const config = await readConfig();
+    const profile = config.profiles[config.activeProfile];
+    if (!profile) {
+        // Graceful degradation: return synthetic default
+        return { name: config.activeProfile };
+    }
+    return profile;
+}
+/** Sets the active profile name and persists config. Throws if the profile doesn't exist. */
+async function setActiveProfile(name) {
+    const config = await readConfig();
+    if (!config.profiles[name]) {
+        throw new Error(`Profile "${name}" does not exist.`);
+    }
+    config.activeProfile = name;
+    await writeConfig(config);
+}
+// ---------------------------------------------------------------------------
+// Profile credentials
+// ---------------------------------------------------------------------------
+/**
+ * Returns credentials for the given profile name.
+ * Defaults to the currently active profile if name is omitted.
+ */
+async function getProfileCredentials(profileName) {
+    const name = profileName ?? (await readConfig()).activeProfile;
+    const creds = await readCredentials();
+    return creds.profiles[name];
+}
+/** Stores credentials for the given profile, merging with existing. */
+async function setProfileCredentials(profileName, creds) {
+    const existing = await readCredentials();
+    existing.profiles[profileName] = creds;
+    await writeCredentials(existing);
+}
+/** Removes all credentials for the given profile. */
+async function clearProfileCredentials(profileName) {
+    const creds = await readCredentials();
+    delete creds.profiles[profileName];
+    await writeCredentials(creds);
+}
+// ---------------------------------------------------------------------------
+// Profile lifecycle
+// ---------------------------------------------------------------------------
+/**
+ * Deletes a profile from config + credentials.
+ * Throws if the profile is currently active — caller must switch first.
+ */
+async function deleteProfile(name) {
+    const config = await readConfig();
+    if (config.activeProfile === name) {
+        throw new Error(`Cannot delete the active profile "${name}". Switch to another profile first.`);
+    }
+    delete config.profiles[name];
+    await writeConfig(config);
+    await clearProfileCredentials(name);
+}
+// ---------------------------------------------------------------------------
+// Utility
+// ---------------------------------------------------------------------------
+function isEnoent(err) {
+    return (typeof err === 'object' &&
+        err !== null &&
+        'code' in err &&
+        err.code === 'ENOENT');
+}
+export { clearProfileCredentials, deleteProfile, getActiveProfile, getConfigDir, getProfileCredentials, readConfig, readCredentials, setActiveProfile, setProfileCredentials, writeConfig, writeCredentials };
+//# sourceMappingURL=store.js.map

package/dist/esm/config/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sources":["../../../../src/config/store.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAKA;AACA;AACA;AAEA,MAAM,oBAAoB,GAAG,SAAS;AAEtC,MAAM,cAAc,GAAe;AACjC,IAAA,aAAa,EAAE,oBAAoB;AACnC,IAAA,QAAQ,EAAE;AACR,QAAA,CAAC,oBAAoB,GAAG,EAAE,IAAI,EAAE,oBAAoB,EAAE;AACvD,KAAA;CACF;AAED,MAAM,mBAAmB,GAAgB;AACvC,IAAA,QAAQ,EAAE,EAAE;CACb;AAED;AACA;AACA;AAEA;;;;AAIG;AACI,eAAe,YAAY,GAAA;AAChC,IAAA,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC;AACtE,IAAA,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClD,IAAA,MAAM,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC;AACvB,IAAA,OAAO,GAAG;AACZ;AAEA;AACA;AACA;AAEA,eAAe,WAAW,CAAC,QAAgB,EAAE,IAAY,EAAA;AACvD,IAAA,MAAM,GAAG,GAAG,CAAA,EAAG,QAAQ,MAAM;AAC7B,IAAA,IAAI;AACF,QAAA,MAAM,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAC9D,QAAA,MAAM,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC;IAC7B;IAAE,OAAO,GAAG,EAAE;;AAEZ,QAAA,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC;AACrD,QAAA,MAAM,GAAG;IACX;AACF;AAEA;AACA;AACA;AAEA;AACO,eAAe,UAAU,GAAA;AAC9B,IAAA,MAAM,GAAG,GAAG,MAAM,YAAY,EAAE;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC;AACzC,IAAA,IAAI;QACF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;AAC7C,QAAA,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAe;IACtC;IAAE,OAAO,GAAY,EAAE;QACrB,IAAI,QAAQ,CAAC,GAAG,CAAC;AAAE,YAAA,OAAO,eAAe,CAAC,cAAc,CAAC;AACzD,QAAA,MAAM,GAAG;IACX;AACF;AAEA;AACO,eAAe,WAAW,CAAC,MAAkB,EAAA;AAClD,IAAA,MAAM,GAAG,GAAG,MAAM,YAAY,EAAE;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC;AACzC,IAAA,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC9D;AAEA;AACA;AACA;AAEA;AACO,eAAe,eAAe,GAAA;AACnC,IAAA,MAAM,GAAG,GAAG,MAAM,YAAY,EAAE;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC;AAC9C,IAAA,IAAI;QACF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;AAC7C,QAAA,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB;IACvC;IAAE,OAAO,GAAY,EAAE;QACrB,IAAI,QAAQ,CAAC,GAAG,CAAC;AAAE,YAAA,OAAO,eAAe,CAAC,mBAAmB,CAAC;AAC9D,QAAA,MAAM,GAAG;IACX;AACF;AAEA;AACO,eAAe,gBAAgB,CAAC,KAAkB,EAAA;AACvD,IAAA,MAAM,GAAG,GAAG,MAAM,YAAY,EAAE;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC;AAC9C,IAAA,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC7D;AAEA;AACA;AACA;AAEA;AACO,eAAe,gBAAgB,GAAA;AACpC,IAAA,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;IACrD,IAAI,CAAC,OAAO,EAAE;;AAEZ,QAAA,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,aAAa,EAAE;IACvC;AACA,IAAA,OAAO,OAAO;AAChB;AAEA;AACO,eAAe,gBAAgB,CAAC,IAAY,EAAA;AACjD,IAAA,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE;IACjC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;AAC1B,QAAA,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,CAAA,iBAAA,CAAmB,CAAC;IACtD;AACA,IAAA,MAAM,CAAC,aAAa,GAAG,IAAI;AAC3B,IAAA,MAAM,WAAW,CAAC,MAAM,CAAC;AAC3B;AAEA;AACA;AACA;AAEA;;;AAGG;AACI,eAAe,qBAAqB,CACzC,WAAoB,EAAA;IAEpB,MAAM,IAAI,GAAG,WAAW,IAAI,CAAC,MAAM,UAAU,EAAE,EAAE,aAAa;AAC9D,IAAA,MAAM,KAAK,GAAG,MAAM,eAAe,EAAE;AACrC,IAAA,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;AAC7B;AAEA;AACO,eAAe,qBAAqB,CACzC,WAAmB,EACnB,KAAyB,EAAA;AAEzB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE;AACxC,IAAA,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,KAAK;AACtC,IAAA,MAAM,gBAAgB,CAAC,QAAQ,CAAC;AAClC;AAEA;AACO,eAAe,uBAAuB,CAAC,WAAmB,EAAA;AAC/D,IAAA,MAAM,KAAK,GAAG,MAAM,eAAe,EAAE;AACrC,IAAA,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;AAClC,IAAA,MAAM,gBAAgB,CAAC,KAAK,CAAC;AAC/B;AAEA;AACA;AACA;AAEA;;;AAGG;AACI,eAAe,aAAa,CAAC,IAAY,EAAA;AAC9C,IAAA,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE;AACjC,IAAA,IAAI,MAAM,CAAC,aAAa,KAAK,IAAI,EAAE;AACjC,QAAA,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,CAAA,mCAAA,CAAqC,CAC/E;IACH;AACA,IAAA,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAC5B,IAAA,MAAM,WAAW,CAAC,MAAM,CAAC;AACzB,IAAA,MAAM,uBAAuB,CAAC,IAAI,CAAC;AACrC;AAEA;AACA;AACA;AAEA,SAAS,QAAQ,CAAC,GAAY,EAAA;AAC5B,IAAA,QACE,OAAO,GAAG,KAAK,QAAQ;AACvB,QAAA,GAAG,KAAK,IAAI;AACZ,QAAA,MAAM,IAAI,GAAG;AACZ,QAAA,GAA6B,CAAC,IAAI,KAAK,QAAQ;AAEpD;;;;"}