@dotta/xc 0.1.0

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,MAAM,WAAW,GAAG;IAClB,YAAY;IACZ,aAAa;IACb,gBAAgB;IAChB,UAAU;IACV,UAAU;IACV,KAAK;IACL,mBAAmB;CACpB,CAAC;AAEF,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,6BAA6B,CAAC;SAC1C,MAAM,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;SAC9C,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC;SACnC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC;YAErE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,UAAU,CAAC,MAAM,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACzB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,MAAM,CAAC,GAAG,IAAI,CAAC,aAAmD,CAAC;YAEnE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,CAAC,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC3D,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxD,IAAI,IAAI,CAAC,GAAG;gBAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAC9C,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC/C,IAAI,CAAC,EAAE,CAAC;gBACN,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,QAAQ,CAClK,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CACT,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/lib/api.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Creates authenticated SDK Client instances from stored credentials.
+ * Handles token refresh for OAuth2 accounts.
+ * Wraps the client with a Proxy that logs API calls and enforces budgets.
+ */
+import { Client } from "@xdevplatform/xdk";
+/**
+ * Create an authenticated XDK Client from stored account credentials.
+ * Automatically refreshes OAuth2 tokens if expired.
+ * Returns a proxy-wrapped client that logs usage and enforces budgets.
+ */
+export declare function getClient(accountName?: string): Promise<Client>;

package/dist/lib/api.js

@@ -0,0 +1,91 @@
+/**
+ * Creates authenticated SDK Client instances from stored credentials.
+ * Handles token refresh for OAuth2 accounts.
+ * Wraps the client with a Proxy that logs API calls and enforces budgets.
+ */
+import { Client } from "@xdevplatform/xdk";
+import { getAccount, setAccount, } from "./config.js";
+import { refreshAccessToken } from "./oauth.js";
+import { logApiCall } from "./cost.js";
+import { checkBudget } from "./budget.js";
+/**
+ * Wrap an SDK Client so every namespace method call (e.g. client.posts.searchRecent)
+ * is intercepted to check budget limits and log usage before forwarding.
+ */
+function wrapClient(client) {
+    return new Proxy(client, {
+        get(target, prop) {
+            const value = target[prop];
+            // Only proxy object namespaces (posts, users, usage, etc.)
+            if (value && typeof value === "object" && typeof prop === "string") {
+                return new Proxy(value, {
+                    get(nsTarget, nsProp) {
+                        const nsValue = nsTarget[nsProp];
+                        // Wrap functions to add budget check + logging
+                        if (typeof nsValue === "function" && typeof nsProp === "string") {
+                            return async (...args) => {
+                                const endpoint = `${prop}.${nsProp}`;
+                                await checkBudget(endpoint);
+                                logApiCall(endpoint);
+                                return nsValue.apply(nsTarget, args);
+                            };
+                        }
+                        return nsValue;
+                    },
+                });
+            }
+            return value;
+        },
+    });
+}
+/**
+ * Create an authenticated XDK Client from stored account credentials.
+ * Automatically refreshes OAuth2 tokens if expired.
+ * Returns a proxy-wrapped client that logs usage and enforces budgets.
+ */
+export async function getClient(accountName) {
+    const account = getAccount(accountName);
+    if (!account) {
+        throw new Error(`No account configured${accountName ? ` (${accountName})` : ""}. Run: xc auth login`);
+    }
+    const { auth } = account;
+    // Bearer token — straightforward
+    if (auth.type === "bearer") {
+        if (!auth.bearerToken) {
+            throw new Error("Bearer token is empty. Run: xc auth token <TOKEN>");
+        }
+        return wrapClient(new Client({ bearerToken: auth.bearerToken }));
+    }
+    // OAuth 2.0 — check expiry, refresh if needed
+    if (auth.type === "oauth2") {
+        if (!auth.accessToken) {
+            throw new Error("No access token. Run: xc auth login");
+        }
+        // Refresh if token is expired or within 60s of expiry
+        const expiresAt = auth.expiresAt ?? 0;
+        if (Date.now() >= expiresAt - 60_000) {
+            if (!auth.refreshToken || !auth.clientId) {
+                throw new Error("Token expired and no refresh token available. Run: xc auth login");
+            }
+            console.error("Refreshing access token...");
+            const result = await refreshAccessToken({
+                clientId: auth.clientId,
+                clientSecret: auth.clientSecret,
+                refreshToken: auth.refreshToken,
+            });
+            // Persist refreshed credentials
+            const updatedAuth = {
+                ...auth,
+                accessToken: result.accessToken,
+                refreshToken: result.refreshToken ?? auth.refreshToken,
+                expiresAt: result.expiresAt,
+            };
+            const name = accountName ?? "default";
+            setAccount(name, { ...account, auth: updatedAuth });
+            return wrapClient(new Client({ accessToken: result.accessToken }));
+        }
+        return wrapClient(new Client({ accessToken: auth.accessToken }));
+    }
+    throw new Error(`Unknown auth type: ${auth.type}`);
+}
+//# sourceMappingURL=api.js.map

package/dist/lib/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,UAAU,EACV,UAAU,GAEX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;GAGG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;QACvB,GAAG,CAAC,MAAM,EAAE,IAAI;YACd,MAAM,KAAK,GAAI,MAAsD,CAAC,IAAI,CAAC,CAAC;YAE5E,2DAA2D;YAC3D,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACnE,OAAO,IAAI,KAAK,CAAC,KAAyC,EAAE;oBAC1D,GAAG,CAAC,QAAQ,EAAE,MAAM;wBAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;wBAEjC,+CAA+C;wBAC/C,IAAI,OAAO,OAAO,KAAK,UAAU,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;4BAChE,OAAO,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE;gCAClC,MAAM,QAAQ,GAAG,GAAG,IAAI,IAAI,MAAM,EAAE,CAAC;gCACrC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;gCAC5B,UAAU,CAAC,QAAQ,CAAC,CAAC;gCACrB,OAAQ,OAAwC,CAAC,KAAK,CACpD,QAAQ,EACR,IAAI,CACL,CAAC;4BACJ,CAAC,CAAC;wBACJ,CAAC;wBACD,OAAO,OAAO,CAAC;oBACjB,CAAC;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAW,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,WAAoB;IAClD,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,wBAAwB,WAAW,CAAC,CAAC,CAAC,KAAK,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,sBAAsB,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,iCAAiC;IACjC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,UAAU,CAAC,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,sDAAsD;QACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,GAAG,MAAM,EAAE,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;gBACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,gCAAgC;YAChC,MAAM,WAAW,GAAmB;gBAClC,GAAG,IAAI;gBACP,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY;gBACtD,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC;YACF,MAAM,IAAI,GAAG,WAAW,IAAI,SAAS,CAAC;YACtC,UAAU,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;YAEpD,OAAO,UAAU,CAAC,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,UAAU,CAAC,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;AACrD,CAAC"}

package/dist/lib/budget.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Budget enforcement for API cost tracking.
+ * Stores budget config in ~/.xc/budget.json.
+ * Checks daily spend against configured limits before each API call.
+ * Supports optional password protection via scrypt hashing.
+ */
+export type BudgetAction = "block" | "warn" | "confirm";
+export interface BudgetConfig {
+    daily?: number;
+    action: BudgetAction;
+    /** scrypt hash of the lock password (hex). */
+    passwordHash?: string;
+    /** Salt used for scrypt hashing (hex). */
+    passwordSalt?: string;
+}
+/** Path to budget configuration file. */
+export declare function getBudgetPath(): string;
+/** Load budget config, returning defaults if none exists. */
+export declare function loadBudget(): BudgetConfig;
+/** Save budget config to disk. */
+export declare function saveBudget(config: BudgetConfig): void;
+/** Remove budget configuration entirely. */
+export declare function resetBudget(): void;
+/** Hash a password with scrypt using the given salt. Returns hex string. */
+export declare function hashPassword(password: string, salt: string): string;
+/** Check if the budget is password-locked. */
+export declare function isLocked(): boolean;
+/** Verify a password against the stored hash. Returns true if correct. */
+export declare function verifyPassword(password: string): boolean;
+/**
+ * Lock the budget with a password.
+ * Generates a random salt and stores the scrypt hash.
+ */
+export declare function lockBudget(password: string): void;
+/** Remove the password lock from the budget. */
+export declare function unlockBudget(): void;
+/**
+ * Check whether an API call would exceed the daily budget.
+ * Behavior depends on the configured action:
+ *   block   — throw, refusing the call
+ *   warn    — print warning to stderr, proceed
+ *   confirm — prompt user, throw if declined
+ */
+export declare function checkBudget(endpoint: string): Promise<void>;

package/dist/lib/budget.js

@@ -0,0 +1,119 @@
+/**
+ * Budget enforcement for API cost tracking.
+ * Stores budget config in ~/.xc/budget.json.
+ * Checks daily spend against configured limits before each API call.
+ * Supports optional password protection via scrypt hashing.
+ */
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import readline from "node:readline";
+import { getConfigDir, ensureConfigDir } from "./config.js";
+import { loadUsageLog, computeTodaySpend, estimateCost } from "./cost.js";
+/** Path to budget configuration file. */
+export function getBudgetPath() {
+    return path.join(getConfigDir(), "budget.json");
+}
+/** Load budget config, returning defaults if none exists. */
+export function loadBudget() {
+    const budgetPath = getBudgetPath();
+    if (!fs.existsSync(budgetPath)) {
+        return { action: "warn" };
+    }
+    const raw = fs.readFileSync(budgetPath, "utf-8");
+    return JSON.parse(raw);
+}
+/** Save budget config to disk. */
+export function saveBudget(config) {
+    ensureConfigDir();
+    fs.writeFileSync(getBudgetPath(), JSON.stringify(config, null, 2) + "\n");
+}
+/** Remove budget configuration entirely. */
+export function resetBudget() {
+    const budgetPath = getBudgetPath();
+    if (fs.existsSync(budgetPath)) {
+        fs.unlinkSync(budgetPath);
+    }
+}
+/** Hash a password with scrypt using the given salt. Returns hex string. */
+export function hashPassword(password, salt) {
+    return crypto.scryptSync(password, salt, 64).toString("hex");
+}
+/** Check if the budget is password-locked. */
+export function isLocked() {
+    const budget = loadBudget();
+    return !!(budget.passwordHash && budget.passwordSalt);
+}
+/** Verify a password against the stored hash. Returns true if correct. */
+export function verifyPassword(password) {
+    const budget = loadBudget();
+    if (!budget.passwordHash || !budget.passwordSalt)
+        return true;
+    const hash = hashPassword(password, budget.passwordSalt);
+    return hash === budget.passwordHash;
+}
+/**
+ * Lock the budget with a password.
+ * Generates a random salt and stores the scrypt hash.
+ */
+export function lockBudget(password) {
+    const budget = loadBudget();
+    const salt = crypto.randomBytes(32).toString("hex");
+    budget.passwordSalt = salt;
+    budget.passwordHash = hashPassword(password, salt);
+    saveBudget(budget);
+}
+/** Remove the password lock from the budget. */
+export function unlockBudget() {
+    const budget = loadBudget();
+    delete budget.passwordHash;
+    delete budget.passwordSalt;
+    saveBudget(budget);
+}
+/** Prompt the user for y/N confirmation on stderr. */
+async function confirmPrompt(message) {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stderr,
+    });
+    return new Promise((resolve) => {
+        rl.question(`${message} [y/N] `, (answer) => {
+            rl.close();
+            resolve(answer.toLowerCase() === "y");
+        });
+    });
+}
+/**
+ * Check whether an API call would exceed the daily budget.
+ * Behavior depends on the configured action:
+ *   block   — throw, refusing the call
+ *   warn    — print warning to stderr, proceed
+ *   confirm — prompt user, throw if declined
+ */
+export async function checkBudget(endpoint) {
+    const budget = loadBudget();
+    if (!budget.daily)
+        return;
+    const entries = loadUsageLog();
+    const todaySpend = computeTodaySpend(entries);
+    const callCost = estimateCost(endpoint);
+    if (todaySpend + callCost <= budget.daily)
+        return;
+    const msg = `Daily budget $${budget.daily.toFixed(2)} exceeded ` +
+        `(today: $${todaySpend.toFixed(2)} + $${callCost.toFixed(2)})`;
+    switch (budget.action) {
+        case "block":
+            throw new Error(`${msg}. Use 'xc budget reset' or increase your budget.`);
+        case "warn":
+            console.error(`Warning: ${msg}`);
+            break;
+        case "confirm": {
+            const proceed = await confirmPrompt(`${msg}. Continue?`);
+            if (!proceed) {
+                throw new Error("Cancelled by user.");
+            }
+            break;
+        }
+    }
+}
+//# sourceMappingURL=budget.js.map

package/dist/lib/budget.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"budget.js","sourceRoot":"","sources":["../../src/lib/budget.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAAQ,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAa1E,yCAAyC;AACzC,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;AACzC,CAAC;AAED,kCAAkC;AAClC,MAAM,UAAU,UAAU,CAAC,MAAoB;IAC7C,eAAe,EAAE,CAAC;IAClB,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC5E,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,WAAW;IACzB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAY;IACzD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/D,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,QAAQ;IACtB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;AACxD,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,OAAO,IAAI,KAAK,MAAM,CAAC,YAAY,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACnD,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,MAAM,CAAC,YAAY,CAAC;IAC3B,OAAO,MAAM,CAAC,YAAY,CAAC;IAC3B,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,sDAAsD;AACtD,KAAK,UAAU,aAAa,CAAC,OAAe;IAC1C,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IACH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,GAAG,OAAO,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE;YAC1C,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO;IAE1B,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAExC,IAAI,UAAU,GAAG,QAAQ,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO;IAElD,MAAM,GAAG,GACP,iBAAiB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;QACpD,YAAY,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAEjE,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,OAAO;YACV,MAAM,IAAI,KAAK,CACb,GAAG,GAAG,kDAAkD,CACzD,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC;YACjC,MAAM;QAER,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,GAAG,aAAa,CAAC,CAAC;YACzD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACxC,CAAC;YACD,MAAM;QACR,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/lib/config.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Configuration management for xc CLI.
+ * All state lives under ~/.xc/ (or $XC_CONFIG_DIR).
+ * Automatically migrates from legacy ~/.config/xc/ location.
+ */
+export interface AuthCredential {
+    type: "oauth2" | "bearer";
+    /** OAuth 2.0 access token */
+    accessToken?: string;
+    /** OAuth 2.0 refresh token */
+    refreshToken?: string;
+    /** Token expiry (epoch ms) */
+    expiresAt?: number;
+    /** App-only bearer token */
+    bearerToken?: string;
+    /** OAuth 2.0 client ID */
+    clientId?: string;
+    /** OAuth 2.0 client secret (confidential clients) */
+    clientSecret?: string;
+}
+export interface AccountConfig {
+    name: string;
+    auth: AuthCredential;
+    userId?: string;
+    username?: string;
+}
+export interface XcConfig {
+    defaultAccount: string;
+    accounts: Record<string, AccountConfig>;
+}
+/** Return the xc data/config directory (~/.xc/). */
+export declare function getConfigDir(): string;
+export declare function getConfigPath(): string;
+export declare function ensureConfigDir(): void;
+export declare function loadConfig(): XcConfig;
+export declare function saveConfig(config: XcConfig): void;
+export declare function getAccount(name?: string): AccountConfig | undefined;
+export declare function setAccount(name: string, account: AccountConfig): void;
+export declare function setDefaultAccount(name: string): void;

package/dist/lib/config.js

@@ -0,0 +1,63 @@
+/**
+ * Configuration management for xc CLI.
+ * All state lives under ~/.xc/ (or $XC_CONFIG_DIR).
+ * Automatically migrates from legacy ~/.config/xc/ location.
+ */
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+/** Primary config/data directory: ~/.xc/ */
+const CONFIG_DIR = process.env.XC_CONFIG_DIR ?? path.join(os.homedir(), ".xc");
+/** Legacy config location for migration */
+const LEGACY_CONFIG_DIR = path.join(process.env.XDG_CONFIG_HOME ?? path.join(os.homedir(), ".config"), "xc");
+const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
+const LEGACY_CONFIG_FILE = path.join(LEGACY_CONFIG_DIR, "config.json");
+/** Return the xc data/config directory (~/.xc/). */
+export function getConfigDir() {
+    return CONFIG_DIR;
+}
+export function getConfigPath() {
+    return CONFIG_FILE;
+}
+export function ensureConfigDir() {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+}
+/**
+ * Migrate config.json from ~/.config/xc/ to ~/.xc/ if the new location
+ * doesn't exist yet but the legacy one does.
+ */
+function migrateConfigIfNeeded() {
+    if (!fs.existsSync(CONFIG_FILE) && fs.existsSync(LEGACY_CONFIG_FILE)) {
+        ensureConfigDir();
+        fs.copyFileSync(LEGACY_CONFIG_FILE, CONFIG_FILE);
+        console.error(`Migrated config: ${LEGACY_CONFIG_DIR} -> ${CONFIG_DIR}`);
+    }
+}
+export function loadConfig() {
+    migrateConfigIfNeeded();
+    if (!fs.existsSync(CONFIG_FILE)) {
+        return { defaultAccount: "default", accounts: {} };
+    }
+    const raw = fs.readFileSync(CONFIG_FILE, "utf-8");
+    return JSON.parse(raw);
+}
+export function saveConfig(config) {
+    ensureConfigDir();
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + "\n");
+}
+export function getAccount(name) {
+    const config = loadConfig();
+    const accountName = name ?? config.defaultAccount;
+    return config.accounts[accountName];
+}
+export function setAccount(name, account) {
+    const config = loadConfig();
+    config.accounts[name] = account;
+    saveConfig(config);
+}
+export function setDefaultAccount(name) {
+    const config = loadConfig();
+    config.defaultAccount = name;
+    saveConfig(config);
+}
+//# sourceMappingURL=config.js.map

package/dist/lib/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AA8BzB,4CAA4C;AAC5C,MAAM,UAAU,GACd,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AAE9D,2CAA2C;AAC3C,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CACjC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,EACjE,IAAI,CACL,CAAC;AAEF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACzD,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;AAEvE,oDAAoD;AACpD,MAAM,UAAU,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB;IAC5B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACrE,eAAe,EAAE,CAAC;QAClB,EAAE,CAAC,YAAY,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;QACjD,OAAO,CAAC,KAAK,CAAC,oBAAoB,iBAAiB,OAAO,UAAU,EAAE,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,qBAAqB,EAAE,CAAC;IAExB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACrD,CAAC;IACD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAgB;IACzC,eAAe,EAAE,CAAC;IAClB,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,WAAW,GAAG,IAAI,IAAI,MAAM,CAAC,cAAc,CAAC;IAClD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,OAAsB;IAC7D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;IAChC,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC"}

package/dist/lib/cost.d.ts

@@ -0,0 +1,43 @@
+/**
+ * API request cost tracking.
+ * Logs every API call to ~/.xc/usage.jsonl with timestamp,
+ * endpoint, HTTP method, and estimated dollar cost.
+ */
+/** Single usage log entry written to usage.jsonl. */
+export interface UsageEntry {
+    timestamp: string;
+    endpoint: string;
+    method: string;
+    estimatedCost: number;
+}
+/** Get estimated dollar cost for an endpoint. */
+export declare function estimateCost(endpoint: string): number;
+/** Infer the HTTP method for an endpoint. */
+export declare function inferMethod(endpoint: string): string;
+/** Path to the usage log file. */
+export declare function getUsageLogPath(): string;
+/** Append a usage entry to the JSONL log and track in-memory. */
+export declare function logApiCall(endpoint: string): void;
+/** Get cost summary for API calls made in this session. */
+export declare function getSessionCost(): {
+    endpoints: string[];
+    total: number;
+};
+/** Print data as JSON with session cost included in the object. */
+export declare function outputJson(data: unknown): void;
+/** Read all usage entries from the log file. */
+export declare function loadUsageLog(): UsageEntry[];
+/** Sum estimated costs for entries within a time window (ms from now). */
+export declare function computeSpend(entries: UsageEntry[], windowMs: number): number;
+/** Sum estimated costs for entries from midnight today. */
+export declare function computeTodaySpend(entries: UsageEntry[]): number;
+/** Time window constants (milliseconds). */
+export declare const HOUR = 3600000;
+export declare const DAY = 86400000;
+export declare const WEEK: number;
+export declare const MONTH: number;
+/**
+ * Build the compact cost footer line.
+ * Returns empty string if no usage has been recorded.
+ */
+export declare function formatCostFooter(): string;

package/dist/lib/cost.js

@@ -0,0 +1,224 @@
+/**
+ * API request cost tracking.
+ * Logs every API call to ~/.xc/usage.jsonl with timestamp,
+ * endpoint, HTTP method, and estimated dollar cost.
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { getConfigDir, ensureConfigDir } from "./config.js";
+/**
+ * Estimated cost per SDK endpoint (in dollars).
+ * These are rough estimates based on X API pricing tiers.
+ */
+const COST_MAP = {
+    "posts.searchRecent": 0.01,
+    "posts.searchAll": 0.02,
+    "posts.create": 0.01,
+    "posts.delete": 0.005,
+    "users.getMe": 0.005,
+    "users.getByUsername": 0.005,
+    "users.getPosts": 0.005,
+    "users.getTimeline": 0.005,
+    "users.likePost": 0.005,
+    "users.unlikePost": 0.005,
+    "users.getBookmarks": 0.005,
+    "users.createBookmark": 0.005,
+    "users.deleteBookmark": 0.005,
+    "users.getFollowers": 0.005,
+    "users.getFollowing": 0.005,
+    "users.followUser": 0.005,
+    "users.unfollowUser": 0.005,
+    "users.getOwnedLists": 0.005,
+    "lists.getPosts": 0.005,
+    "directMessages.createByParticipantId": 0.01,
+    "directMessages.getEvents": 0.005,
+    "directMessages.getEventsByParticipantId": 0.005,
+    "media.upload": 0.01,
+    "media.initializeUpload": 0.005,
+    "media.appendUpload": 0.0,
+    "media.finalizeUpload": 0.005,
+    "media.getUploadStatus": 0.0,
+    "usage.get": 0.0,
+    "stream.getRules": 0.0,
+    "stream.updateRules": 0.005,
+    "stream.posts": 0.0,
+    // Reposts
+    "users.repostPost": 0.005,
+    "users.unrepostPost": 0.005,
+    // Mentions
+    "users.getMentions": 0.005,
+    // Engagement lookups
+    "posts.getQuoteTweets": 0.005,
+    "posts.getLikingUsers": 0.005,
+    "posts.getRetweetedBy": 0.005,
+    "users.getLikedPosts": 0.005,
+    // Hide replies
+    "posts.hideReply": 0.005,
+    "posts.unhideReply": 0.005,
+    // Mute
+    "users.muteUser": 0.005,
+    "users.unmuteUser": 0.005,
+    "users.getMuting": 0.005,
+    // Block
+    "users.blockUser": 0.005,
+    "users.unblockUser": 0.005,
+    "users.getBlocking": 0.005,
+    // User search
+    "users.search": 0.01,
+    // List management
+    "lists.create": 0.005,
+    "lists.update": 0.005,
+    "lists.delete": 0.005,
+    "lists.getMembers": 0.005,
+    "lists.addMember": 0.005,
+    "lists.removeMember": 0.005,
+    "users.followList": 0.005,
+    "users.unfollowList": 0.005,
+    "users.pinList": 0.005,
+    "users.unpinList": 0.005,
+    // Trends
+    "trends.getPersonalized": 0.005,
+    "trends.getByWoeid": 0.005,
+};
+const DEFAULT_COST = 0.005;
+/** In-memory log of API calls made during this process. */
+const sessionCalls = [];
+/** Inferred HTTP method per endpoint. Defaults to GET. */
+const METHOD_MAP = {
+    "posts.create": "POST",
+    "posts.delete": "DELETE",
+    "users.likePost": "POST",
+    "users.unlikePost": "DELETE",
+    "users.createBookmark": "POST",
+    "users.deleteBookmark": "DELETE",
+    "users.followUser": "POST",
+    "users.unfollowUser": "DELETE",
+    "directMessages.createByParticipantId": "POST",
+    "media.upload": "POST",
+    "media.initializeUpload": "POST",
+    "media.appendUpload": "POST",
+    "media.finalizeUpload": "POST",
+    "stream.updateRules": "POST",
+    "users.repostPost": "POST",
+    "users.unrepostPost": "DELETE",
+    "posts.hideReply": "PUT",
+    "posts.unhideReply": "PUT",
+    "users.muteUser": "POST",
+    "users.unmuteUser": "DELETE",
+    "users.blockUser": "POST",
+    "users.unblockUser": "DELETE",
+    "lists.create": "POST",
+    "lists.update": "PUT",
+    "lists.delete": "DELETE",
+    "lists.addMember": "POST",
+    "lists.removeMember": "DELETE",
+    "users.followList": "POST",
+    "users.unfollowList": "DELETE",
+    "users.pinList": "POST",
+    "users.unpinList": "DELETE",
+};
+/** Get estimated dollar cost for an endpoint. */
+export function estimateCost(endpoint) {
+    return COST_MAP[endpoint] ?? DEFAULT_COST;
+}
+/** Infer the HTTP method for an endpoint. */
+export function inferMethod(endpoint) {
+    return METHOD_MAP[endpoint] ?? "GET";
+}
+/** Path to the usage log file. */
+export function getUsageLogPath() {
+    return path.join(getConfigDir(), "usage.jsonl");
+}
+/** Append a usage entry to the JSONL log and track in-memory. */
+export function logApiCall(endpoint) {
+    ensureConfigDir();
+    const cost = estimateCost(endpoint);
+    sessionCalls.push({ endpoint, cost });
+    const entry = {
+        timestamp: new Date().toISOString(),
+        endpoint,
+        method: inferMethod(endpoint),
+        estimatedCost: cost,
+    };
+    fs.appendFileSync(getUsageLogPath(), JSON.stringify(entry) + "\n");
+}
+/** Get cost summary for API calls made in this session. */
+export function getSessionCost() {
+    const total = sessionCalls.reduce((sum, c) => sum + c.cost, 0);
+    return { endpoints: sessionCalls.map((c) => c.endpoint), total };
+}
+/** Print data as JSON with session cost included in the object. */
+export function outputJson(data) {
+    const cost = getSessionCost();
+    const wrapped = typeof data === "object" && data !== null && !Array.isArray(data)
+        ? { ...data, _cost: cost }
+        : { data, _cost: cost };
+    console.log(JSON.stringify(wrapped, null, 2));
+}
+/** Read all usage entries from the log file. */
+export function loadUsageLog() {
+    const logPath = getUsageLogPath();
+    if (!fs.existsSync(logPath))
+        return [];
+    const raw = fs.readFileSync(logPath, "utf-8").trim();
+    if (!raw)
+        return [];
+    const entries = [];
+    for (const line of raw.split("\n")) {
+        try {
+            entries.push(JSON.parse(line));
+        }
+        catch {
+            // Skip malformed lines
+        }
+    }
+    return entries;
+}
+/** Sum estimated costs for entries within a time window (ms from now). */
+export function computeSpend(entries, windowMs) {
+    const cutoff = Date.now() - windowMs;
+    let total = 0;
+    for (const entry of entries) {
+        if (new Date(entry.timestamp).getTime() >= cutoff) {
+            total += entry.estimatedCost;
+        }
+    }
+    return total;
+}
+/** Sum estimated costs for entries from midnight today. */
+export function computeTodaySpend(entries) {
+    const midnight = new Date();
+    midnight.setHours(0, 0, 0, 0);
+    const cutoff = midnight.getTime();
+    let total = 0;
+    for (const entry of entries) {
+        if (new Date(entry.timestamp).getTime() >= cutoff) {
+            total += entry.estimatedCost;
+        }
+    }
+    return total;
+}
+/** Time window constants (milliseconds). */
+export const HOUR = 3_600_000;
+export const DAY = 86_400_000;
+export const WEEK = 7 * DAY;
+export const MONTH = 30 * DAY;
+/** Format a dollar amount as $X.XX. */
+function fmt(amount) {
+    return `$${amount.toFixed(2)}`;
+}
+/**
+ * Build the compact cost footer line.
+ * Returns empty string if no usage has been recorded.
+ */
+export function formatCostFooter() {
+    const entries = loadUsageLog();
+    if (entries.length === 0)
+        return "";
+    const h1 = computeSpend(entries, HOUR);
+    const h24 = computeSpend(entries, DAY);
+    const d7 = computeSpend(entries, WEEK);
+    const d30 = computeSpend(entries, MONTH);
+    return `Cost: ${fmt(h1)} (1h) \u00b7 ${fmt(h24)} (24h) \u00b7 ${fmt(d7)} (7d) \u00b7 ${fmt(d30)} (30d)`;
+}
+//# sourceMappingURL=cost.js.map