@dreamboard-games/cli 0.1.30-alpha.5 → 0.1.30-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/dist/agent-verifier/agent-workspace-verifier.mjs +13 -13
  2. package/dist/agent-verifier/{chunk-JO5AMVZU.mjs → chunk-7CNBKWWE.mjs} +4 -4
  3. package/dist/agent-verifier/{chunk-ON62IGWK.mjs → chunk-DN2JHUGM.mjs} +5 -5
  4. package/dist/agent-verifier/{chunk-IDVQXGAO.mjs → chunk-GD3FL755.mjs} +2 -2
  5. package/dist/agent-verifier/{chunk-27EEIZCI.mjs → chunk-M2MHRWSP.mjs} +3 -3
  6. package/dist/agent-verifier/{chunk-H76MT5UR.mjs → chunk-M7UVBANQ.mjs} +2 -1
  7. package/dist/agent-verifier/chunk-M7UVBANQ.mjs.map +1 -0
  8. package/dist/agent-verifier/{chunk-UIOLGH4A.mjs → chunk-POBFNXD4.mjs} +2 -2
  9. package/dist/agent-verifier/{chunk-776W3UGV.mjs → chunk-RHGGFAMQ.mjs} +2 -2
  10. package/dist/agent-verifier/{chunk-XQXDOBYB.mjs → chunk-RHI6S4SU.mjs} +2 -2
  11. package/dist/agent-verifier/{chunk-5NYBTZB4.mjs → chunk-W2MDP5ZN.mjs} +3 -3
  12. package/dist/agent-verifier/{chunk-C3VW3DTA.mjs → chunk-XIFLZGDQ.mjs} +2 -2
  13. package/dist/agent-verifier/{chunk-MW2QIWWA.mjs → chunk-YORARAJQ.mjs} +4 -4
  14. package/dist/agent-verifier/{chunk-QZH6IEZS.mjs → chunk-ZETW43TX.mjs} +3 -3
  15. package/dist/agent-verifier/{chunk-KDBSVLCF.mjs → chunk-ZNZ4RJBK.mjs} +3 -3
  16. package/dist/agent-verifier/{compile-576O7TYP.mjs → compile-NPMXBOAZ.mjs} +12 -12
  17. package/dist/agent-verifier/{global-config-NYCSCAUI.mjs → global-config-XHL7BCKN.mjs} +3 -3
  18. package/dist/agent-verifier/{local-files-QVJ2H3MH.mjs → local-files-45DUJUEH.mjs} +4 -4
  19. package/dist/agent-verifier/local-typecheck-3JXL2NMG.mjs +10 -0
  20. package/dist/agent-verifier/{materialize-workspace-OZKOQCSQ.mjs → materialize-workspace-WI3JO5Q2.mjs} +7 -7
  21. package/dist/agent-verifier/{reducer-native-test-harness-QC7HZUK4.mjs → reducer-native-test-harness-LNZI3G73.mjs} +6 -6
  22. package/dist/agent-verifier/{static-scaffold-JBUE3ROP.mjs → static-scaffold-VVMGLDVS.mjs} +5 -5
  23. package/dist/agent-verifier/{sync-C6S3OGCD.mjs → sync-42WWJFA4.mjs} +13 -13
  24. package/dist/agent-verifier/{test-Y5UGQV7J.mjs → test-RCFDQBEQ.mjs} +10 -10
  25. package/dist/agent-verifier/{workspace-dependencies-B6A2ZX55.mjs → workspace-dependencies-ULZZZPNX.mjs} +3 -3
  26. package/dist/{chunk-TBA3T4TX.js → chunk-4PTP2HOX.js} +2 -2
  27. package/dist/{chunk-3NRROR4P.js → chunk-GXM7RRZJ.js} +3 -2
  28. package/dist/chunk-GXM7RRZJ.js.map +1 -0
  29. package/dist/{global-config-YBFEGJQG.js → global-config-WPJRXVDO.js} +2 -2
  30. package/dist/index.js +2 -2
  31. package/dist/internal.js +2 -2
  32. package/package.json +1 -1
  33. package/dist/agent-verifier/chunk-H76MT5UR.mjs.map +0 -1
  34. package/dist/agent-verifier/local-typecheck-2JWG5IGL.mjs +0 -10
  35. package/dist/chunk-3NRROR4P.js.map +0 -1
  36. /package/dist/agent-verifier/{chunk-JO5AMVZU.mjs.map → chunk-7CNBKWWE.mjs.map} +0 -0
  37. /package/dist/agent-verifier/{chunk-ON62IGWK.mjs.map → chunk-DN2JHUGM.mjs.map} +0 -0
  38. /package/dist/agent-verifier/{chunk-IDVQXGAO.mjs.map → chunk-GD3FL755.mjs.map} +0 -0
  39. /package/dist/agent-verifier/{chunk-27EEIZCI.mjs.map → chunk-M2MHRWSP.mjs.map} +0 -0
  40. /package/dist/agent-verifier/{chunk-UIOLGH4A.mjs.map → chunk-POBFNXD4.mjs.map} +0 -0
  41. /package/dist/agent-verifier/{chunk-776W3UGV.mjs.map → chunk-RHGGFAMQ.mjs.map} +0 -0
  42. /package/dist/agent-verifier/{chunk-XQXDOBYB.mjs.map → chunk-RHI6S4SU.mjs.map} +0 -0
  43. /package/dist/agent-verifier/{chunk-5NYBTZB4.mjs.map → chunk-W2MDP5ZN.mjs.map} +0 -0
  44. /package/dist/agent-verifier/{chunk-C3VW3DTA.mjs.map → chunk-XIFLZGDQ.mjs.map} +0 -0
  45. /package/dist/agent-verifier/{chunk-MW2QIWWA.mjs.map → chunk-YORARAJQ.mjs.map} +0 -0
  46. /package/dist/agent-verifier/{chunk-QZH6IEZS.mjs.map → chunk-ZETW43TX.mjs.map} +0 -0
  47. /package/dist/agent-verifier/{chunk-KDBSVLCF.mjs.map → chunk-ZNZ4RJBK.mjs.map} +0 -0
  48. /package/dist/agent-verifier/{compile-576O7TYP.mjs.map → compile-NPMXBOAZ.mjs.map} +0 -0
  49. /package/dist/agent-verifier/{global-config-NYCSCAUI.mjs.map → global-config-XHL7BCKN.mjs.map} +0 -0
  50. /package/dist/agent-verifier/{local-files-QVJ2H3MH.mjs.map → local-files-45DUJUEH.mjs.map} +0 -0
  51. /package/dist/agent-verifier/{local-typecheck-2JWG5IGL.mjs.map → local-typecheck-3JXL2NMG.mjs.map} +0 -0
  52. /package/dist/agent-verifier/{materialize-workspace-OZKOQCSQ.mjs.map → materialize-workspace-WI3JO5Q2.mjs.map} +0 -0
  53. /package/dist/agent-verifier/{reducer-native-test-harness-QC7HZUK4.mjs.map → reducer-native-test-harness-LNZI3G73.mjs.map} +0 -0
  54. /package/dist/agent-verifier/{static-scaffold-JBUE3ROP.mjs.map → static-scaffold-VVMGLDVS.mjs.map} +0 -0
  55. /package/dist/agent-verifier/{sync-C6S3OGCD.mjs.map → sync-42WWJFA4.mjs.map} +0 -0
  56. /package/dist/agent-verifier/{test-Y5UGQV7J.mjs.map → test-RCFDQBEQ.mjs.map} +0 -0
  57. /package/dist/agent-verifier/{workspace-dependencies-B6A2ZX55.mjs.map → workspace-dependencies-ULZZZPNX.mjs.map} +0 -0
  58. /package/dist/{chunk-TBA3T4TX.js.map → chunk-4PTP2HOX.js.map} +0 -0
  59. /package/dist/{global-config-YBFEGJQG.js.map → global-config-WPJRXVDO.js.map} +0 -0
package/dist/agent-verifier/agent-workspace-verifier.mjs CHANGED
@@ -3,13 +3,13 @@ import {
3
3
  assertCompilerPortableDependencies,
4
4
  consola,
5
5
  resolveProjectContext
6
- } from "./chunk-JO5AMVZU.mjs";
7
- import "./chunk-5NYBTZB4.mjs";
8
- import "./chunk-776W3UGV.mjs";
6
+ } from "./chunk-7CNBKWWE.mjs";
7
+ import "./chunk-W2MDP5ZN.mjs";
8
+ import "./chunk-RHGGFAMQ.mjs";
9
9
  import "./chunk-NAK77WXW.mjs";
10
10
  import "./chunk-TAEQKBJB.mjs";
11
11
  import "./chunk-IAYRNVUC.mjs";
12
- import "./chunk-H76MT5UR.mjs";
12
+ import "./chunk-M7UVBANQ.mjs";
13
13
  import "./chunk-H6XDQJ3N.mjs";
14
14
 
15
15
  // src/agent-verifier/agent-workspace-verifier.ts
@@ -46,7 +46,7 @@ Usage:
46
46
  }
47
47
  async function materializePreparedWorkspace(args) {
48
48
  const inputPath = readRequiredOption(args, "--input");
49
- const { materializeWorkspaceProject } = await import("./materialize-workspace-OZKOQCSQ.mjs");
49
+ const { materializeWorkspaceProject } = await import("./materialize-workspace-WI3JO5Q2.mjs");
50
50
  const input = JSON.parse(
51
51
  await readFile(inputPath, "utf8")
52
52
  );
@@ -82,9 +82,9 @@ async function verifyAgentWorkspace(rawMode, args) {
82
82
  }
83
83
  async function runFullBackendConnectedVerification(parsedFlags) {
84
84
  const [{ default: cmdSync }, { default: cmdCompile }, { default: cmdTest }] = await Promise.all([
85
- import("./sync-C6S3OGCD.mjs"),
86
- import("./compile-576O7TYP.mjs"),
87
- import("./test-Y5UGQV7J.mjs")
85
+ import("./sync-42WWJFA4.mjs"),
86
+ import("./compile-NPMXBOAZ.mjs"),
87
+ import("./test-RCFDQBEQ.mjs")
88
88
  ]);
89
89
  await runCommandDefinition(cmdSync, { ...parsedFlags, force: true });
90
90
  await runCommandDefinition(cmdCompile, parsedFlags);
@@ -148,10 +148,10 @@ async function runCloudLocalVerification(projectRoot, projectConfig, config) {
148
148
  { assertReducerContractPreflight },
149
149
  { getProjectLocalMaintainerRegistry }
150
150
  ] = await Promise.all([
151
- import("./static-scaffold-JBUE3ROP.mjs"),
152
- import("./local-files-QVJ2H3MH.mjs"),
151
+ import("./static-scaffold-VVMGLDVS.mjs"),
152
+ import("./local-files-45DUJUEH.mjs"),
153
153
  import("./workspace-codegen-WPZHMATU.mjs"),
154
- import("./workspace-dependencies-B6A2ZX55.mjs"),
154
+ import("./workspace-dependencies-ULZZZPNX.mjs"),
155
155
  import("./reducer-contract-preflight-COD2CO22.mjs"),
156
156
  import("./project-state-XKUSCFSV.mjs")
157
157
  ]);
@@ -167,7 +167,7 @@ async function runCloudLocalVerification(projectRoot, projectConfig, config) {
167
167
  consola.start("Validating reducer contract...");
168
168
  await assertReducerContractPreflight(projectRoot);
169
169
  const [{ runLocalTypecheck }, { assertReducerBundleSmoke }] = await Promise.all([
170
- import("./local-typecheck-2JWG5IGL.mjs"),
170
+ import("./local-typecheck-3JXL2NMG.mjs"),
171
171
  import("./reducer-bundle-preflight-7NYZF5ZT.mjs")
172
172
  ]);
173
173
  consola.start("Running local typecheck...");
@@ -186,7 +186,7 @@ async function runCloudLocalVerification(projectRoot, projectConfig, config) {
186
186
  generateReducerNativeArtifacts,
187
187
  isReducerNativeTestingWorkspace,
188
188
  runReducerNativeScenarios
189
- } = await import("./reducer-native-test-harness-QC7HZUK4.mjs");
189
+ } = await import("./reducer-native-test-harness-LNZI3G73.mjs");
190
190
  if (await isReducerNativeTestingWorkspace(projectRoot)) {
191
191
  const { bases } = await generateReducerNativeArtifacts({
192
192
  projectRoot,
package/dist/agent-verifier/{chunk-JO5AMVZU.mjs → chunk-7CNBKWWE.mjs} RENAMED
@@ -3,13 +3,13 @@ import {
3
3
  getStoredSession,
4
4
  loadGlobalConfig,
5
5
  setCredentials
6
- } from "./chunk-5NYBTZB4.mjs";
6
+ } from "./chunk-W2MDP5ZN.mjs";
7
7
  import {
8
8
  IS_PUBLISHED_BUILD,
9
9
  PUBLISHED_ENVIRONMENT,
10
10
  findProjectRoot,
11
11
  loadProjectConfig
12
- } from "./chunk-776W3UGV.mjs";
12
+ } from "./chunk-RHGGFAMQ.mjs";
13
13
  import {
14
14
  client
15
15
  } from "./chunk-NAK77WXW.mjs";
@@ -21,7 +21,7 @@ import {
21
21
  DEFAULT_API_BASE_URL,
22
22
  DEFAULT_WEB_BASE_URL,
23
23
  ENVIRONMENT_CONFIGS
24
- } from "./chunk-H76MT5UR.mjs";
24
+ } from "./chunk-M7UVBANQ.mjs";
25
25
 
26
26
  // ../../node_modules/.pnpm/consola@3.4.2/node_modules/consola/dist/core.mjs
27
27
  var LogLevels = {
@@ -1741,4 +1741,4 @@ export {
1741
1741
  assertCompilerPortableDependencies,
1742
1742
  assertReleaseEnvironmentPortableDependencies
1743
1743
  };
1744
- //# sourceMappingURL=chunk-JO5AMVZU.mjs.map
1744
+ //# sourceMappingURL=chunk-7CNBKWWE.mjs.map
package/dist/agent-verifier/{chunk-ON62IGWK.mjs → chunk-DN2JHUGM.mjs} RENAMED
@@ -7,10 +7,10 @@ import {
7
7
  STALE_CONTRACT_ARTIFACT_CODE,
8
8
  isStaleContractArtifactError,
9
9
  toDreamboardApiError
10
- } from "./chunk-IDVQXGAO.mjs";
10
+ } from "./chunk-GD3FL755.mjs";
11
11
  import {
12
12
  loadManifest
13
- } from "./chunk-27EEIZCI.mjs";
13
+ } from "./chunk-M2MHRWSP.mjs";
14
14
  import {
15
15
  REDUCER_TESTING_TYPES_WRAPPER_CONTENT,
16
16
  buildReducerTestingContractContent
@@ -22,7 +22,7 @@ import {
22
22
  getSessionSnapshot,
23
23
  hashContent,
24
24
  startGame
25
- } from "./chunk-C3VW3DTA.mjs";
25
+ } from "./chunk-XIFLZGDQ.mjs";
26
26
  import {
27
27
  external_exports
28
28
  } from "./chunk-JZTH3EMV.mjs";
@@ -35,7 +35,7 @@ import {
35
35
  } from "./chunk-IAYRNVUC.mjs";
36
36
  import {
37
37
  PROJECT_DIR_NAME
38
- } from "./chunk-H76MT5UR.mjs";
38
+ } from "./chunk-M7UVBANQ.mjs";
39
39
 
40
40
  // src/services/testing/reducer-native-test-harness.ts
41
41
  import path2 from "path";
@@ -3134,4 +3134,4 @@ export {
3134
3134
  generateReducerNativeArtifacts,
3135
3135
  runReducerNativeScenarios
3136
3136
  };
3137
- //# sourceMappingURL=chunk-ON62IGWK.mjs.map
3137
+ //# sourceMappingURL=chunk-DN2JHUGM.mjs.map
package/dist/agent-verifier/{chunk-IDVQXGAO.mjs → chunk-GD3FL755.mjs} RENAMED
@@ -3,7 +3,7 @@ import {
3
3
  CLIENT_PROBLEM_TYPES,
4
4
  SERVER_PROBLEM_TYPES,
5
5
  zProblemDetails
6
- } from "./chunk-C3VW3DTA.mjs";
6
+ } from "./chunk-XIFLZGDQ.mjs";
7
7
 
8
8
  // src/utils/problem-types.ts
9
9
  var CLI_PROBLEM_TYPES = {
@@ -219,4 +219,4 @@ export {
219
219
  isStaleContractArtifactError,
220
220
  formatCliError
221
221
  };
222
- //# sourceMappingURL=chunk-IDVQXGAO.mjs.map
222
+ //# sourceMappingURL=chunk-GD3FL755.mjs.map
package/dist/agent-verifier/{chunk-27EEIZCI.mjs → chunk-M2MHRWSP.mjs} RENAMED
@@ -6,7 +6,7 @@ import {
6
6
  isLibraryPath,
7
7
  materializeManifest,
8
8
  writeManifestSource
9
- } from "./chunk-C3VW3DTA.mjs";
9
+ } from "./chunk-XIFLZGDQ.mjs";
10
10
  import {
11
11
  atomicWriteFile
12
12
  } from "./chunk-TAEQKBJB.mjs";
@@ -22,7 +22,7 @@ import {
22
22
  PROJECT_DIR_NAME,
23
23
  RULE_FILE,
24
24
  SNAPSHOT_FILE
25
- } from "./chunk-H76MT5UR.mjs";
25
+ } from "./chunk-M7UVBANQ.mjs";
26
26
 
27
27
  // src/services/project/local-files.ts
28
28
  import { readdir, unlink } from "fs/promises";
@@ -182,4 +182,4 @@ export {
182
182
  writeSnapshotFromFiles,
183
183
  getLocalDiff
184
184
  };
185
- //# sourceMappingURL=chunk-27EEIZCI.mjs.map
185
+ //# sourceMappingURL=chunk-M2MHRWSP.mjs.map
package/dist/agent-verifier/{chunk-H76MT5UR.mjs → chunk-M7UVBANQ.mjs} RENAMED
@@ -15,6 +15,7 @@ var ENVIRONMENT_CONFIGS = {
15
15
  apiBaseUrl: "https://api-staging.dreamboard.games",
16
16
  webBaseUrl: "https://staging.dreamboard.games",
17
17
  clerkOAuthIssuer: "https://happy-caribou-19.clerk.accounts.dev",
18
+ clerkOAuthClientId: "wkjMF92OFsKbSaGI",
18
19
  clerkOAuthTokenUrl: "https://happy-caribou-19.clerk.accounts.dev/oauth/token",
19
20
  clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE
20
21
  },
@@ -54,4 +55,4 @@ export {
54
55
  RULE_FILE,
55
56
  LOCAL_IGNORE_DIRS
56
57
  };
57
- //# sourceMappingURL=chunk-H76MT5UR.mjs.map
58
+ //# sourceMappingURL=chunk-M7UVBANQ.mjs.map
package/dist/agent-verifier/chunk-M7UVBANQ.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/constants.ts"],"sourcesContent":["import type { EnvironmentConfig } from \"./types.js\";\n\nexport const DEFAULT_API_BASE_URL = \"https://api.dreamboard.games\";\nexport const DEFAULT_WEB_BASE_URL = \"https://dreamboard.games\";\n\nexport const PROJECT_DIR_NAME = \".dreamboard\";\nexport const DEFAULT_CLERK_OAUTH_SCOPE =\n \"openid profile email offline_access\";\n\n// Predefined environment configurations. These are intentionally static:\n// process/env overrides are applied in config resolution so the CLI does not\n// depend on a shell-sourced env file just to know first-party environments.\nexport const ENVIRONMENT_CONFIGS: Record<string, EnvironmentConfig> = {\n local: {\n apiBaseUrl: \"http://localhost:8080\",\n webBaseUrl: \"http://localhost:5173\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n staging: {\n apiBaseUrl: \"https://api-staging.dreamboard.games\",\n webBaseUrl: \"https://staging.dreamboard.games\",\n clerkOAuthIssuer: \"https://happy-caribou-19.clerk.accounts.dev\",\n clerkOAuthClientId: \"wkjMF92OFsKbSaGI\",\n clerkOAuthTokenUrl:\n \"https://happy-caribou-19.clerk.accounts.dev/oauth/token\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n prod: {\n apiBaseUrl: \"https://api.dreamboard.games\",\n webBaseUrl: \"https://dreamboard.games\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n};\nexport const PROJECT_CONFIG_FILE = \"project.json\";\nexport const PROJECT_STATE_FILE = \"state.json\";\nexport const SNAPSHOT_FILE = \"snapshot.json\";\nexport const MANIFEST_FILE = \"manifest.ts\";\nexport const GENERATED_DIR_NAME = \"generated\";\nexport const MATERIALIZED_MANIFEST_FILE = `${PROJECT_DIR_NAME}/${GENERATED_DIR_NAME}/manifest.json`;\nexport const MANIFEST_TYPECHECK_CONFIG_FILE = \"manifest.tsconfig.json\";\nexport const RULE_FILE = \"rule.md\";\nexport const DEFAULT_LOGIN_TIMEOUT_MS = 5 * 60 * 1000;\nexport const DEFAULT_TURN_DELAY_MS = 250;\n\nexport const LOCAL_IGNORE_DIRS = new Set([\n \".dreamboard\",\n \".git\",\n \"node_modules\",\n \"dist\",\n]);\n"],"mappings":";;;AAEO,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAE7B,IAAM,mBAAmB;AACzB,IAAM,4BACX;AAKK,IAAM,sBAAyD;AAAA,EACpE,OAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,kBAAkB;AAAA,IAClB,oBAAoB;AAAA,IACpB,oBACE;AAAA,IACF,iBAAiB;AAAA,EACnB;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AACF;AACO,IAAM,sBAAsB;AAC5B,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B,GAAG,gBAAgB,IAAI,kBAAkB;AAC5E,IAAM,iCAAiC;AACvC,IAAM,YAAY;AAClB,IAAM,2BAA2B,IAAI,KAAK;AAG1C,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;","names":[]}
package/dist/agent-verifier/{chunk-UIOLGH4A.mjs → chunk-POBFNXD4.mjs} RENAMED
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  MANIFEST_TYPECHECK_CONFIG_FILE
4
- } from "./chunk-H76MT5UR.mjs";
4
+ } from "./chunk-M7UVBANQ.mjs";
5
5
 
6
6
  // src/services/project/local-typecheck.ts
7
7
  import { spawn } from "child_process";
@@ -147,4 +147,4 @@ async function runLocalTypecheck(projectRoot) {
147
147
  export {
148
148
  runLocalTypecheck
149
149
  };
150
- //# sourceMappingURL=chunk-UIOLGH4A.mjs.map
150
+ //# sourceMappingURL=chunk-POBFNXD4.mjs.map
package/dist/agent-verifier/{chunk-776W3UGV.mjs → chunk-RHGGFAMQ.mjs} RENAMED
@@ -11,7 +11,7 @@ import {
11
11
  PROJECT_CONFIG_FILE,
12
12
  PROJECT_DIR_NAME,
13
13
  PROJECT_STATE_FILE
14
- } from "./chunk-H76MT5UR.mjs";
14
+ } from "./chunk-M7UVBANQ.mjs";
15
15
 
16
16
  // src/build-target.ts
17
17
  var injectedBuildChannel = true ? "development" : void 0;
@@ -164,4 +164,4 @@ export {
164
164
  updateProjectState,
165
165
  findProjectRoot
166
166
  };
167
- //# sourceMappingURL=chunk-776W3UGV.mjs.map
167
+ //# sourceMappingURL=chunk-RHGGFAMQ.mjs.map
package/dist/agent-verifier/{chunk-XQXDOBYB.mjs → chunk-RHI6S4SU.mjs} RENAMED
@@ -4,7 +4,7 @@ import {
4
4
  } from "./chunk-ZEELHSY3.mjs";
5
5
  import {
6
6
  DEFAULT_WEB_BASE_URL
7
- } from "./chunk-H76MT5UR.mjs";
7
+ } from "./chunk-M7UVBANQ.mjs";
8
8
 
9
9
  // src/services/project/workspace-dependencies.ts
10
10
  import crypto from "crypto";
@@ -379,4 +379,4 @@ export {
379
379
  installWorkspaceDependencies,
380
380
  reconcileWorkspaceDependencies
381
381
  };
382
- //# sourceMappingURL=chunk-XQXDOBYB.mjs.map
382
+ //# sourceMappingURL=chunk-RHI6S4SU.mjs.map
package/dist/agent-verifier/{chunk-5NYBTZB4.mjs → chunk-W2MDP5ZN.mjs} RENAMED
@@ -9,7 +9,7 @@ import {
9
9
  } from "./chunk-IAYRNVUC.mjs";
10
10
  import {
11
11
  PROJECT_DIR_NAME
12
- } from "./chunk-H76MT5UR.mjs";
12
+ } from "./chunk-M7UVBANQ.mjs";
13
13
 
14
14
  // src/config/global-config.ts
15
15
  import os2 from "os";
@@ -127,7 +127,7 @@ async function defaultBackendResolver() {
127
127
  }
128
128
  async function readCredentialBackendPreference() {
129
129
  try {
130
- const { loadGlobalConfig: loadGlobalConfig2 } = await import("./global-config-NYCSCAUI.mjs");
130
+ const { loadGlobalConfig: loadGlobalConfig2 } = await import("./global-config-XHL7BCKN.mjs");
131
131
  const config = await loadGlobalConfig2();
132
132
  return config.credentialBackend === "keychain";
133
133
  } catch {
@@ -223,4 +223,4 @@ export {
223
223
  loadGlobalConfig,
224
224
  saveGlobalConfig
225
225
  };
226
- //# sourceMappingURL=chunk-5NYBTZB4.mjs.map
226
+ //# sourceMappingURL=chunk-W2MDP5ZN.mjs.map
package/dist/agent-verifier/{chunk-C3VW3DTA.mjs → chunk-XIFLZGDQ.mjs} RENAMED
@@ -16,7 +16,7 @@ import {
16
16
  import {
17
17
  MANIFEST_FILE,
18
18
  MATERIALIZED_MANIFEST_FILE
19
- } from "./chunk-H76MT5UR.mjs";
19
+ } from "./chunk-M7UVBANQ.mjs";
20
20
 
21
21
  // src/utils/crypto.ts
22
22
  import crypto from "crypto";
@@ -2906,4 +2906,4 @@ export {
2906
2906
  isDynamicSeedPath,
2907
2907
  isLibraryPath
2908
2908
  };
2909
- //# sourceMappingURL=chunk-C3VW3DTA.mjs.map
2909
+ //# sourceMappingURL=chunk-XIFLZGDQ.mjs.map
package/dist/agent-verifier/{chunk-MW2QIWWA.mjs → chunk-YORARAJQ.mjs} RENAMED
@@ -5,11 +5,11 @@ import {
5
5
  import {
6
6
  IS_PUBLISHED_BUILD,
7
7
  loadProjectConfig
8
- } from "./chunk-776W3UGV.mjs";
8
+ } from "./chunk-RHGGFAMQ.mjs";
9
9
  import {
10
10
  isDynamicSeedPath,
11
11
  materializeManifest
12
- } from "./chunk-C3VW3DTA.mjs";
12
+ } from "./chunk-XIFLZGDQ.mjs";
13
13
  import {
14
14
  resolveCliRepoRoot
15
15
  } from "./chunk-QBAF7EYR.mjs";
@@ -30,7 +30,7 @@ import {
30
30
  MANIFEST_TYPECHECK_CONFIG_FILE,
31
31
  PROJECT_CONFIG_FILE,
32
32
  PROJECT_DIR_NAME
33
- } from "./chunk-H76MT5UR.mjs";
33
+ } from "./chunk-M7UVBANQ.mjs";
34
34
 
35
35
  // src/services/project/static-scaffold.ts
36
36
  import { existsSync, readFileSync } from "fs";
@@ -726,4 +726,4 @@ export {
726
726
  resolveStaticAssetRoot,
727
727
  resolveSdkDependencyRange
728
728
  };
729
- //# sourceMappingURL=chunk-MW2QIWWA.mjs.map
729
+ //# sourceMappingURL=chunk-YORARAJQ.mjs.map
package/dist/agent-verifier/{chunk-QZH6IEZS.mjs → chunk-ZETW43TX.mjs} RENAMED
@@ -2,10 +2,10 @@
2
2
  import {
3
3
  ensureProjectSdk,
4
4
  loadRemoteProjectIdentity
5
- } from "./chunk-KDBSVLCF.mjs";
5
+ } from "./chunk-ZNZ4RJBK.mjs";
6
6
  import {
7
7
  updateProjectState
8
- } from "./chunk-776W3UGV.mjs";
8
+ } from "./chunk-RHGGFAMQ.mjs";
9
9
 
10
10
  // src/services/project/remote-project.ts
11
11
  async function resolveRemoteProject(options) {
@@ -36,4 +36,4 @@ async function resolveRemoteProject(options) {
36
36
  export {
37
37
  resolveRemoteProject
38
38
  };
39
- //# sourceMappingURL=chunk-QZH6IEZS.mjs.map
39
+ //# sourceMappingURL=chunk-ZETW43TX.mjs.map
package/dist/agent-verifier/{chunk-KDBSVLCF.mjs → chunk-ZNZ4RJBK.mjs} RENAMED
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  toDreamboardApiError
4
- } from "./chunk-IDVQXGAO.mjs";
4
+ } from "./chunk-GD3FL755.mjs";
5
5
  import {
6
6
  createGameRevision,
7
7
  createProjectSourceBlobUploadSession,
@@ -15,7 +15,7 @@ import {
15
15
  listProjectCompiledResults,
16
16
  queueProjectRevisionCompile,
17
17
  uploadInitialProjection
18
- } from "./chunk-C3VW3DTA.mjs";
18
+ } from "./chunk-XIFLZGDQ.mjs";
19
19
  import {
20
20
  external_exports
21
21
  } from "./chunk-JZTH3EMV.mjs";
@@ -621,4 +621,4 @@ export {
621
621
  uploadInitialProjectionSdk,
622
622
  uploadProjectSourceBlobsSdk
623
623
  };
624
- //# sourceMappingURL=chunk-KDBSVLCF.mjs.map
624
+ //# sourceMappingURL=chunk-ZNZ4RJBK.mjs.map
package/dist/agent-verifier/{compile-576O7TYP.mjs → compile-NPMXBOAZ.mjs} RENAMED
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  resolveRemoteProject
4
- } from "./chunk-QZH6IEZS.mjs";
4
+ } from "./chunk-ZETW43TX.mjs";
5
5
  import {
6
6
  CONFIG_FLAG_ARGS,
7
7
  defineCommand,
@@ -9,7 +9,7 @@ import {
9
9
  parseCompileCommandArgs,
10
10
  queueProjectRevisionCompileSdk,
11
11
  waitForCompiledResultJobSdk
12
- } from "./chunk-KDBSVLCF.mjs";
12
+ } from "./chunk-ZNZ4RJBK.mjs";
13
13
  import {
14
14
  getProjectAuthoringState,
15
15
  getProjectPendingAuthoringSync,
@@ -17,35 +17,35 @@ import {
17
17
  } from "./chunk-YE7UAO3T.mjs";
18
18
  import {
19
19
  runLocalTypecheck
20
- } from "./chunk-UIOLGH4A.mjs";
20
+ } from "./chunk-POBFNXD4.mjs";
21
21
  import {
22
22
  formatCliError
23
- } from "./chunk-IDVQXGAO.mjs";
23
+ } from "./chunk-GD3FL755.mjs";
24
24
  import {
25
25
  assertCompilerPortableDependencies,
26
26
  assertReleaseEnvironmentPortableDependencies,
27
27
  consola,
28
28
  resolveProjectContext
29
- } from "./chunk-JO5AMVZU.mjs";
30
- import "./chunk-5NYBTZB4.mjs";
29
+ } from "./chunk-7CNBKWWE.mjs";
30
+ import "./chunk-W2MDP5ZN.mjs";
31
31
  import {
32
32
  getLocalDiff
33
- } from "./chunk-27EEIZCI.mjs";
33
+ } from "./chunk-M2MHRWSP.mjs";
34
34
  import {
35
35
  assertCliStaticScaffoldComplete
36
- } from "./chunk-MW2QIWWA.mjs";
36
+ } from "./chunk-YORARAJQ.mjs";
37
37
  import "./chunk-F2DIOJJZ.mjs";
38
38
  import {
39
39
  updateProjectState
40
- } from "./chunk-776W3UGV.mjs";
41
- import "./chunk-C3VW3DTA.mjs";
40
+ } from "./chunk-RHGGFAMQ.mjs";
41
+ import "./chunk-XIFLZGDQ.mjs";
42
42
  import "./chunk-JZTH3EMV.mjs";
43
43
  import "./chunk-QBAF7EYR.mjs";
44
44
  import "./chunk-NAK77WXW.mjs";
45
45
  import "./chunk-TAEQKBJB.mjs";
46
46
  import "./chunk-IAYRNVUC.mjs";
47
47
  import "./chunk-ZEELHSY3.mjs";
48
- import "./chunk-H76MT5UR.mjs";
48
+ import "./chunk-M7UVBANQ.mjs";
49
49
  import "./chunk-H6XDQJ3N.mjs";
50
50
 
51
51
  // src/commands/compile.ts
@@ -309,4 +309,4 @@ var compile_default = defineCommand({
309
309
  export {
310
310
  compile_default as default
311
311
  };
312
- //# sourceMappingURL=compile-576O7TYP.mjs.map
312
+ //# sourceMappingURL=compile-NPMXBOAZ.mjs.map
package/dist/agent-verifier/{global-config-NYCSCAUI.mjs → global-config-XHL7BCKN.mjs} RENAMED
@@ -4,10 +4,10 @@ import {
4
4
  getGlobalConfigPath,
5
5
  loadGlobalConfig,
6
6
  saveGlobalConfig
7
- } from "./chunk-5NYBTZB4.mjs";
7
+ } from "./chunk-W2MDP5ZN.mjs";
8
8
  import "./chunk-TAEQKBJB.mjs";
9
9
  import "./chunk-IAYRNVUC.mjs";
10
- import "./chunk-H76MT5UR.mjs";
10
+ import "./chunk-M7UVBANQ.mjs";
11
11
  import "./chunk-H6XDQJ3N.mjs";
12
12
  export {
13
13
  getGlobalAuthPath,
@@ -15,4 +15,4 @@ export {
15
15
  loadGlobalConfig,
16
16
  saveGlobalConfig
17
17
  };
18
- //# sourceMappingURL=global-config-NYCSCAUI.mjs.map
18
+ //# sourceMappingURL=global-config-XHL7BCKN.mjs.map
package/dist/agent-verifier/{local-files-QVJ2H3MH.mjs → local-files-45DUJUEH.mjs} RENAMED
@@ -14,16 +14,16 @@ import {
14
14
  writeSnapshot,
15
15
  writeSnapshotFromFiles,
16
16
  writeSourceFiles
17
- } from "./chunk-27EEIZCI.mjs";
17
+ } from "./chunk-M2MHRWSP.mjs";
18
18
  import {
19
19
  computeManifestHash
20
- } from "./chunk-C3VW3DTA.mjs";
20
+ } from "./chunk-XIFLZGDQ.mjs";
21
21
  import "./chunk-JZTH3EMV.mjs";
22
22
  import "./chunk-QBAF7EYR.mjs";
23
23
  import "./chunk-NAK77WXW.mjs";
24
24
  import "./chunk-TAEQKBJB.mjs";
25
25
  import "./chunk-IAYRNVUC.mjs";
26
- import "./chunk-H76MT5UR.mjs";
26
+ import "./chunk-M7UVBANQ.mjs";
27
27
  import "./chunk-H6XDQJ3N.mjs";
28
28
  export {
29
29
  collectLocalFiles,
@@ -42,4 +42,4 @@ export {
42
42
  writeSnapshotFromFiles,
43
43
  writeSourceFiles
44
44
  };
45
- //# sourceMappingURL=local-files-QVJ2H3MH.mjs.map
45
+ //# sourceMappingURL=local-files-45DUJUEH.mjs.map
package/dist/agent-verifier/local-typecheck-3JXL2NMG.mjs ADDED
@@ -0,0 +1,10 @@
1
+ #!/usr/bin/env node
2
+ import {
3
+ runLocalTypecheck
4
+ } from "./chunk-POBFNXD4.mjs";
5
+ import "./chunk-M7UVBANQ.mjs";
6
+ import "./chunk-H6XDQJ3N.mjs";
7
+ export {
8
+ runLocalTypecheck
9
+ };
10
+ //# sourceMappingURL=local-typecheck-3JXL2NMG.mjs.map
package/dist/agent-verifier/{materialize-workspace-OZKOQCSQ.mjs → materialize-workspace-WI3JO5Q2.mjs} RENAMED
@@ -7,15 +7,15 @@ import {
7
7
  writeManifest,
8
8
  writeRule,
9
9
  writeSnapshot
10
- } from "./chunk-27EEIZCI.mjs";
10
+ } from "./chunk-M2MHRWSP.mjs";
11
11
  import {
12
12
  scaffoldStaticWorkspace
13
- } from "./chunk-MW2QIWWA.mjs";
13
+ } from "./chunk-YORARAJQ.mjs";
14
14
  import "./chunk-F2DIOJJZ.mjs";
15
15
  import {
16
16
  updateProjectState
17
- } from "./chunk-776W3UGV.mjs";
18
- import "./chunk-C3VW3DTA.mjs";
17
+ } from "./chunk-RHGGFAMQ.mjs";
18
+ import "./chunk-XIFLZGDQ.mjs";
19
19
  import "./chunk-JZTH3EMV.mjs";
20
20
  import "./chunk-QBAF7EYR.mjs";
21
21
  import "./chunk-NAK77WXW.mjs";
@@ -28,9 +28,9 @@ import {
28
28
  } from "./chunk-IAYRNVUC.mjs";
29
29
  import {
30
30
  installWorkspaceDependencies
31
- } from "./chunk-XQXDOBYB.mjs";
31
+ } from "./chunk-RHI6S4SU.mjs";
32
32
  import "./chunk-ZEELHSY3.mjs";
33
- import "./chunk-H76MT5UR.mjs";
33
+ import "./chunk-M7UVBANQ.mjs";
34
34
  import "./chunk-H6XDQJ3N.mjs";
35
35
 
36
36
  // src/services/project/materialize-workspace.ts
@@ -86,4 +86,4 @@ function baseProjectConfig(input) {
86
86
  export {
87
87
  materializeWorkspaceProject
88
88
  };
89
- //# sourceMappingURL=materialize-workspace-OZKOQCSQ.mjs.map
89
+ //# sourceMappingURL=materialize-workspace-WI3JO5Q2.mjs.map
package/dist/agent-verifier/{reducer-native-test-harness-QC7HZUK4.mjs → reducer-native-test-harness-LNZI3G73.mjs} RENAMED
@@ -16,18 +16,18 @@ import {
16
16
  replayScenarioThroughBackend,
17
17
  runReducerNativeScenarios,
18
18
  writeReducerNativeGeneratedFiles
19
- } from "./chunk-ON62IGWK.mjs";
19
+ } from "./chunk-DN2JHUGM.mjs";
20
20
  import "./chunk-XKCJBIRY.mjs";
21
- import "./chunk-IDVQXGAO.mjs";
22
- import "./chunk-27EEIZCI.mjs";
21
+ import "./chunk-GD3FL755.mjs";
22
+ import "./chunk-M2MHRWSP.mjs";
23
23
  import "./chunk-F2DIOJJZ.mjs";
24
- import "./chunk-C3VW3DTA.mjs";
24
+ import "./chunk-XIFLZGDQ.mjs";
25
25
  import "./chunk-JZTH3EMV.mjs";
26
26
  import "./chunk-QBAF7EYR.mjs";
27
27
  import "./chunk-NAK77WXW.mjs";
28
28
  import "./chunk-TAEQKBJB.mjs";
29
29
  import "./chunk-IAYRNVUC.mjs";
30
- import "./chunk-H76MT5UR.mjs";
30
+ import "./chunk-M7UVBANQ.mjs";
31
31
  import "./chunk-H6XDQJ3N.mjs";
32
32
  export {
33
33
  assertDispatchResultWireContract,
@@ -47,4 +47,4 @@ export {
47
47
  runReducerNativeScenarios,
48
48
  writeReducerNativeGeneratedFiles
49
49
  };
50
- //# sourceMappingURL=reducer-native-test-harness-QC7HZUK4.mjs.map
50
+ //# sourceMappingURL=reducer-native-test-harness-LNZI3G73.mjs.map
package/dist/agent-verifier/{static-scaffold-JBUE3ROP.mjs → static-scaffold-VVMGLDVS.mjs} RENAMED
@@ -5,17 +5,17 @@ import {
5
5
  resolveSdkDependencyRange,
6
6
  resolveStaticAssetRoot,
7
7
  scaffoldStaticWorkspace
8
- } from "./chunk-MW2QIWWA.mjs";
8
+ } from "./chunk-YORARAJQ.mjs";
9
9
  import "./chunk-F2DIOJJZ.mjs";
10
- import "./chunk-776W3UGV.mjs";
11
- import "./chunk-C3VW3DTA.mjs";
10
+ import "./chunk-RHGGFAMQ.mjs";
11
+ import "./chunk-XIFLZGDQ.mjs";
12
12
  import "./chunk-JZTH3EMV.mjs";
13
13
  import "./chunk-QBAF7EYR.mjs";
14
14
  import "./chunk-NAK77WXW.mjs";
15
15
  import "./chunk-TAEQKBJB.mjs";
16
16
  import "./chunk-IAYRNVUC.mjs";
17
17
  import "./chunk-ZEELHSY3.mjs";
18
- import "./chunk-H76MT5UR.mjs";
18
+ import "./chunk-M7UVBANQ.mjs";
19
19
  import "./chunk-H6XDQJ3N.mjs";
20
20
  export {
21
21
  assertCliStaticScaffoldComplete,
@@ -24,4 +24,4 @@ export {
24
24
  resolveStaticAssetRoot,
25
25
  scaffoldStaticWorkspace
26
26
  };
27
- //# sourceMappingURL=static-scaffold-JBUE3ROP.mjs.map
27
+ //# sourceMappingURL=static-scaffold-VVMGLDVS.mjs.map
package/dist/agent-verifier/{sync-C6S3OGCD.mjs → sync-42WWJFA4.mjs} RENAMED
@@ -7,7 +7,7 @@ import {
7
7
  } from "./chunk-Z6OZWUIZ.mjs";
8
8
  import {
9
9
  resolveRemoteProject
10
- } from "./chunk-QZH6IEZS.mjs";
10
+ } from "./chunk-ZETW43TX.mjs";
11
11
  import {
12
12
  CONFIG_FLAG_ARGS,
13
13
  createGameRevisionSdk,
@@ -16,7 +16,7 @@ import {
16
16
  materializeSourceChangeOperations,
17
17
  parseSyncCommandArgs,
18
18
  uploadProjectSourceBlobsSdk
19
- } from "./chunk-KDBSVLCF.mjs";
19
+ } from "./chunk-ZNZ4RJBK.mjs";
20
20
  import {
21
21
  getProjectAuthoringState,
22
22
  getProjectLocalMaintainerRegistry,
@@ -26,37 +26,37 @@ import {
26
26
  } from "./chunk-YE7UAO3T.mjs";
27
27
  import {
28
28
  runLocalTypecheck
29
- } from "./chunk-UIOLGH4A.mjs";
29
+ } from "./chunk-POBFNXD4.mjs";
30
30
  import "./chunk-XKCJBIRY.mjs";
31
- import "./chunk-IDVQXGAO.mjs";
31
+ import "./chunk-GD3FL755.mjs";
32
32
  import {
33
33
  assertReleaseEnvironmentPortableDependencies,
34
34
  consola,
35
35
  resolveProjectContext
36
- } from "./chunk-JO5AMVZU.mjs";
37
- import "./chunk-5NYBTZB4.mjs";
36
+ } from "./chunk-7CNBKWWE.mjs";
37
+ import "./chunk-W2MDP5ZN.mjs";
38
38
  import {
39
39
  collectLocalFiles,
40
40
  getLocalDiff,
41
41
  loadManifest,
42
42
  loadRule,
43
43
  writeSnapshot
44
- } from "./chunk-27EEIZCI.mjs";
44
+ } from "./chunk-M2MHRWSP.mjs";
45
45
  import {
46
46
  assertCliStaticScaffoldComplete,
47
47
  scaffoldStaticWorkspace
48
- } from "./chunk-MW2QIWWA.mjs";
48
+ } from "./chunk-YORARAJQ.mjs";
49
49
  import "./chunk-F2DIOJJZ.mjs";
50
50
  import {
51
51
  BUILD_CHANNEL,
52
52
  IS_PUBLISHED_BUILD,
53
53
  updateProjectState
54
- } from "./chunk-776W3UGV.mjs";
54
+ } from "./chunk-RHGGFAMQ.mjs";
55
55
  import {
56
56
  computeManifestHash,
57
57
  isAllowedGamePath,
58
58
  isDynamicGeneratedPath
59
- } from "./chunk-C3VW3DTA.mjs";
59
+ } from "./chunk-XIFLZGDQ.mjs";
60
60
  import "./chunk-JZTH3EMV.mjs";
61
61
  import {
62
62
  resolveCliRepoRoot
@@ -69,12 +69,12 @@ import {
69
69
  import "./chunk-IAYRNVUC.mjs";
70
70
  import {
71
71
  reconcileWorkspaceDependencies
72
- } from "./chunk-XQXDOBYB.mjs";
72
+ } from "./chunk-RHI6S4SU.mjs";
73
73
  import "./chunk-ZEELHSY3.mjs";
74
74
  import {
75
75
  ENVIRONMENT_CONFIGS,
76
76
  RULE_FILE
77
- } from "./chunk-H76MT5UR.mjs";
77
+ } from "./chunk-M7UVBANQ.mjs";
78
78
  import "./chunk-H6XDQJ3N.mjs";
79
79
 
80
80
  // src/services/project/source-revision-paths.ts
@@ -585,4 +585,4 @@ var sync_default = defineCommand({
585
585
  export {
586
586
  sync_default as default
587
587
  };
588
- //# sourceMappingURL=sync-C6S3OGCD.mjs.map
588
+ //# sourceMappingURL=sync-42WWJFA4.mjs.map
package/dist/agent-verifier/{test-Y5UGQV7J.mjs → test-RCFDQBEQ.mjs} RENAMED
@@ -6,7 +6,7 @@ import {
6
6
  getProjectCompiledResultSdk,
7
7
  parseConfigFlags,
8
8
  uploadInitialProjectionSdk
9
- } from "./chunk-KDBSVLCF.mjs";
9
+ } from "./chunk-ZNZ4RJBK.mjs";
10
10
  import {
11
11
  getProjectAuthoringState,
12
12
  getProjectCompileState,
@@ -16,33 +16,33 @@ import {
16
16
  generateReducerNativeArtifacts,
17
17
  isReducerNativeTestingWorkspace,
18
18
  runReducerNativeScenarios
19
- } from "./chunk-ON62IGWK.mjs";
19
+ } from "./chunk-DN2JHUGM.mjs";
20
20
  import "./chunk-XKCJBIRY.mjs";
21
21
  import {
22
22
  STALE_CONTRACT_ARTIFACT_CODE,
23
23
  STALE_CONTRACT_ARTIFACT_EXIT_CODE,
24
24
  isDreamboardApiError,
25
25
  isStaleContractArtifactMessage
26
- } from "./chunk-IDVQXGAO.mjs";
26
+ } from "./chunk-GD3FL755.mjs";
27
27
  import {
28
28
  assertReleaseEnvironmentPortableDependencies,
29
29
  configureClient,
30
30
  consola,
31
31
  resolveProjectContext
32
- } from "./chunk-JO5AMVZU.mjs";
33
- import "./chunk-5NYBTZB4.mjs";
34
- import "./chunk-27EEIZCI.mjs";
32
+ } from "./chunk-7CNBKWWE.mjs";
33
+ import "./chunk-W2MDP5ZN.mjs";
34
+ import "./chunk-M2MHRWSP.mjs";
35
35
  import "./chunk-F2DIOJJZ.mjs";
36
36
  import {
37
37
  IS_PUBLISHED_BUILD
38
- } from "./chunk-776W3UGV.mjs";
39
- import "./chunk-C3VW3DTA.mjs";
38
+ } from "./chunk-RHGGFAMQ.mjs";
39
+ import "./chunk-XIFLZGDQ.mjs";
40
40
  import "./chunk-JZTH3EMV.mjs";
41
41
  import "./chunk-QBAF7EYR.mjs";
42
42
  import "./chunk-NAK77WXW.mjs";
43
43
  import "./chunk-TAEQKBJB.mjs";
44
44
  import "./chunk-IAYRNVUC.mjs";
45
- import "./chunk-H76MT5UR.mjs";
45
+ import "./chunk-M7UVBANQ.mjs";
46
46
  import "./chunk-H6XDQJ3N.mjs";
47
47
 
48
48
  // src/commands/test.ts
@@ -350,4 +350,4 @@ export {
350
350
  resolveRequestedRunner,
351
351
  resolveTestRunExitCode
352
352
  };
353
- //# sourceMappingURL=test-Y5UGQV7J.mjs.map
353
+ //# sourceMappingURL=test-RCFDQBEQ.mjs.map
package/dist/agent-verifier/{workspace-dependencies-B6A2ZX55.mjs → workspace-dependencies-ULZZZPNX.mjs} RENAMED
@@ -3,13 +3,13 @@ import {
3
3
  generatePnpmLockfile,
4
4
  installWorkspaceDependencies,
5
5
  reconcileWorkspaceDependencies
6
- } from "./chunk-XQXDOBYB.mjs";
6
+ } from "./chunk-RHI6S4SU.mjs";
7
7
  import "./chunk-ZEELHSY3.mjs";
8
- import "./chunk-H76MT5UR.mjs";
8
+ import "./chunk-M7UVBANQ.mjs";
9
9
  import "./chunk-H6XDQJ3N.mjs";
10
10
  export {
11
11
  generatePnpmLockfile,
12
12
  installWorkspaceDependencies,
13
13
  reconcileWorkspaceDependencies
14
14
  };
15
- //# sourceMappingURL=workspace-dependencies-B6A2ZX55.mjs.map
15
+ //# sourceMappingURL=workspace-dependencies-ULZZZPNX.mjs.map
package/dist/{chunk-TBA3T4TX.js → chunk-4PTP2HOX.js} RENAMED
@@ -22,7 +22,7 @@ import {
22
22
  setCredentials,
23
23
  writeJsonFile,
24
24
  writeTextFile
25
- } from "./chunk-3NRROR4P.js";
25
+ } from "./chunk-GXM7RRZJ.js";
26
26
  import {
27
27
  __export
28
28
  } from "./chunk-2H7UOFLK.js";
@@ -23024,4 +23024,4 @@ export {
23024
23024
  generateReducerNativeArtifacts,
23025
23025
  runReducerNativeScenarios
23026
23026
  };
23027
- //# sourceMappingURL=chunk-TBA3T4TX.js.map
23027
+ //# sourceMappingURL=chunk-4PTP2HOX.js.map
package/dist/{chunk-3NRROR4P.js → chunk-GXM7RRZJ.js} RENAMED
@@ -19,6 +19,7 @@ var ENVIRONMENT_CONFIGS = {
19
19
  apiBaseUrl: "https://api-staging.dreamboard.games",
20
20
  webBaseUrl: "https://staging.dreamboard.games",
21
21
  clerkOAuthIssuer: "https://happy-caribou-19.clerk.accounts.dev",
22
+ clerkOAuthClientId: "wkjMF92OFsKbSaGI",
22
23
  clerkOAuthTokenUrl: "https://happy-caribou-19.clerk.accounts.dev/oauth/token",
23
24
  clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE
24
25
  },
@@ -293,7 +294,7 @@ async function defaultBackendResolver() {
293
294
  }
294
295
  async function readCredentialBackendPreference() {
295
296
  try {
296
- const { loadGlobalConfig: loadGlobalConfig2 } = await import("./global-config-YBFEGJQG.js");
297
+ const { loadGlobalConfig: loadGlobalConfig2 } = await import("./global-config-WPJRXVDO.js");
297
298
  const config = await loadGlobalConfig2();
298
299
  return config.credentialBackend === "keychain";
299
300
  } catch {
@@ -429,4 +430,4 @@ export {
429
430
  loadGlobalConfig,
430
431
  saveGlobalConfig
431
432
  };
432
- //# sourceMappingURL=chunk-3NRROR4P.js.map
433
+ //# sourceMappingURL=chunk-GXM7RRZJ.js.map
package/dist/chunk-GXM7RRZJ.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/config/global-config.ts","../src/constants.ts","../src/utils/fs.ts","../src/utils/atomic-file.ts","../src/config/credential-store.ts"],"sourcesContent":["import os from \"node:os\";\nimport path from \"node:path\";\nimport type { CredentialBackendPreference, GlobalConfig } from \"../types.js\";\nimport { PROJECT_DIR_NAME } from \"../constants.js\";\nimport { ensureDir, readJsonFile } from \"../utils/fs.js\";\nimport { atomicWriteFile } from \"../utils/atomic-file.js\";\nimport { getCredentialFilePath } from \"./credential-store.js\";\n\nfunction normalizeCredentialBackend(\n value: unknown,\n): CredentialBackendPreference | undefined {\n if (value === \"file\" || value === \"keychain\") return value;\n // Tolerate unknown / malformed values rather than refusing to load the\n // whole config - an unrecognised backend name should degrade to \"use\n // the default\" instead of locking the user out of their CLI.\n return undefined;\n}\n\nexport function getGlobalConfigPath(): string {\n return path.join(os.homedir(), PROJECT_DIR_NAME, \"config.json\");\n}\n\n/**\n * Path to the on-disk credential file used by the file backend of\n * `CredentialStore`. Re-exported here to avoid circular / ad-hoc imports\n * in UI surface (`auth status`, `config show`, etc).\n */\nexport function getGlobalAuthPath(): string {\n return getCredentialFilePath();\n}\n\n/**\n * Load non-credential CLI configuration.\n *\n * Note: this function used to also load `authToken` / `refreshToken`\n * from `auth.json` and flatten them onto `GlobalConfig`. That shape\n * enabled the refresh-token-wipe bug: `saveGlobalConfig({ ...config })`\n * without explicit auth fields erased the stored refresh token.\n *\n * Credentials are now owned exclusively by `CredentialStore`. Callers\n * that need them must import `getCredentials()` directly.\n */\nexport async function loadGlobalConfig(): Promise<GlobalConfig> {\n const config = await readJsonFile<GlobalConfig>(getGlobalConfigPath()).catch(\n () => ({}) as GlobalConfig,\n );\n return {\n environment: config.environment,\n credentialBackend: normalizeCredentialBackend(config.credentialBackend),\n };\n}\n\n/**\n * Persist non-credential CLI configuration.\n *\n * This function cannot write credentials, by construction: the\n * `GlobalConfig` type has no credential fields. Credentials must be\n * persisted through `setCredentials` / `clearCredentials` from\n * `credential-store.ts`.\n */\nexport async function saveGlobalConfig(config: GlobalConfig): Promise<void> {\n const configDir = path.join(os.homedir(), PROJECT_DIR_NAME);\n await ensureDir(configDir);\n const normalized: GlobalConfig = {\n environment: config.environment,\n credentialBackend: normalizeCredentialBackend(config.credentialBackend),\n };\n await atomicWriteFile(\n getGlobalConfigPath(),\n `${JSON.stringify(normalized, null, 2)}\\n`,\n { mode: 0o600 },\n );\n}\n","import type { EnvironmentConfig } from \"./types.js\";\n\nexport const DEFAULT_API_BASE_URL = \"https://api.dreamboard.games\";\nexport const DEFAULT_WEB_BASE_URL = \"https://dreamboard.games\";\n\nexport const PROJECT_DIR_NAME = \".dreamboard\";\nexport const DEFAULT_CLERK_OAUTH_SCOPE =\n \"openid profile email offline_access\";\n\n// Predefined environment configurations. These are intentionally static:\n// process/env overrides are applied in config resolution so the CLI does not\n// depend on a shell-sourced env file just to know first-party environments.\nexport const ENVIRONMENT_CONFIGS: Record<string, EnvironmentConfig> = {\n local: {\n apiBaseUrl: \"http://localhost:8080\",\n webBaseUrl: \"http://localhost:5173\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n staging: {\n apiBaseUrl: \"https://api-staging.dreamboard.games\",\n webBaseUrl: \"https://staging.dreamboard.games\",\n clerkOAuthIssuer: \"https://happy-caribou-19.clerk.accounts.dev\",\n clerkOAuthClientId: \"wkjMF92OFsKbSaGI\",\n clerkOAuthTokenUrl:\n \"https://happy-caribou-19.clerk.accounts.dev/oauth/token\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n prod: {\n apiBaseUrl: \"https://api.dreamboard.games\",\n webBaseUrl: \"https://dreamboard.games\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n};\nexport const PROJECT_CONFIG_FILE = \"project.json\";\nexport const PROJECT_STATE_FILE = \"state.json\";\nexport const SNAPSHOT_FILE = \"snapshot.json\";\nexport const MANIFEST_FILE = \"manifest.ts\";\nexport const GENERATED_DIR_NAME = \"generated\";\nexport const MATERIALIZED_MANIFEST_FILE = `${PROJECT_DIR_NAME}/${GENERATED_DIR_NAME}/manifest.json`;\nexport const MANIFEST_TYPECHECK_CONFIG_FILE = \"manifest.tsconfig.json\";\nexport const RULE_FILE = \"rule.md\";\nexport const DEFAULT_LOGIN_TIMEOUT_MS = 5 * 60 * 1000;\nexport const DEFAULT_TURN_DELAY_MS = 250;\n\nexport const LOCAL_IGNORE_DIRS = new Set([\n \".dreamboard\",\n \".git\",\n \"node_modules\",\n \"dist\",\n]);\n","import { mkdir, readFile, stat, writeFile } from \"node:fs/promises\";\nimport path from \"node:path\";\n\nexport async function ensureDir(dirPath: string): Promise<void> {\n await mkdir(dirPath, { recursive: true });\n}\n\nexport async function exists(filePath: string): Promise<boolean> {\n try {\n await stat(filePath);\n return true;\n } catch {\n return false;\n }\n}\n\nexport async function readTextFile(filePath: string): Promise<string> {\n return readFile(filePath, \"utf8\");\n}\n\nexport async function readTextFileIfExists(\n filePath: string,\n): Promise<string | null> {\n try {\n return await readFile(filePath, \"utf8\");\n } catch {\n return null;\n }\n}\n\nexport async function writeTextFile(\n filePath: string,\n content: string,\n): Promise<void> {\n await ensureDir(path.dirname(filePath));\n await writeFile(filePath, content, \"utf8\");\n}\n\nexport async function readJsonFile<T>(filePath: string): Promise<T> {\n const data = await readTextFile(filePath);\n return JSON.parse(data) as T;\n}\n\nexport async function writeJsonFile(\n filePath: string,\n data: unknown,\n): Promise<void> {\n await writeTextFile(filePath, `${JSON.stringify(data, null, 2)}\\n`);\n}\n","/**\n * Primitives for safely mutating local state files owned by the CLI.\n *\n * Two guarantees:\n * - Writes are atomic-ish: we stage the payload in a sibling temp file with\n * the target permissions, fsync the contents, then `rename` over the target.\n * On POSIX `rename` within the same directory is atomic; on Windows it is\n * atomic within the same volume which is always the case for files we write\n * inside `~/.dreamboard`.\n * - We refuse to clobber a file with an empty payload. The original bug that\n * wiped refresh tokens on a failing `sync`/`compile` hinged on `undefined`\n * JSON values being persisted and reloaded as `{}`. Forbidding empty\n * writes here removes that entire failure mode at the primitive level.\n *\n * Additionally, `withFileLock` provides a cross-process advisory lock built on\n * `O_CREAT | O_EXCL` so that parallel CLI invocations (e.g. `dreamboard sync`\n * running while `dreamboard compile` is in flight) serialize around mutations\n * of the same credential state.\n */\n\nimport { constants as fsConstants, promises as fs, type Stats } from \"node:fs\";\nimport path from \"node:path\";\nimport crypto from \"node:crypto\";\n\nexport type AtomicWriteOptions = {\n /** File mode applied to the written file (default: 0o600). */\n mode?: number;\n /** Call `fsync` on the temp file before renaming. Default: true. */\n fsync?: boolean;\n};\n\nexport async function atomicWriteFile(\n targetPath: string,\n contents: string,\n options: AtomicWriteOptions = {},\n): Promise<void> {\n if (contents.length === 0) {\n throw new Error(\n `Refusing to atomicWriteFile an empty payload to ${targetPath}`,\n );\n }\n const mode = options.mode ?? 0o600;\n const shouldFsync = options.fsync ?? true;\n const dir = path.dirname(targetPath);\n await fs.mkdir(dir, { recursive: true });\n\n const suffix = crypto.randomBytes(6).toString(\"hex\");\n const tmpPath = `${targetPath}.tmp-${process.pid}-${suffix}`;\n\n const fh = await fs.open(\n tmpPath,\n fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL,\n mode,\n );\n try {\n await fh.writeFile(contents, \"utf8\");\n try {\n await fh.chmod(mode);\n } catch {\n // Some filesystems (e.g. network volumes, Windows) refuse chmod.\n // Ignoring here is safe: the `open` call above already created the\n // file with the requested mode on systems that honor it.\n }\n if (shouldFsync) {\n try {\n await fh.sync();\n } catch {\n // Best-effort. Not all backends (tmpfs on some platforms) support fsync.\n }\n }\n } finally {\n await fh.close();\n }\n\n try {\n await fs.rename(tmpPath, targetPath);\n } catch (err) {\n await fs.unlink(tmpPath).catch(() => undefined);\n throw err;\n }\n}\n\nexport type FileLockOptions = {\n /** Max number of acquisition attempts before giving up. Default: 100. */\n retries?: number;\n /** Minimum backoff between retries in ms. Default: 20. */\n minDelayMs?: number;\n /** Maximum backoff between retries in ms. Default: 200. */\n maxDelayMs?: number;\n /**\n * A lockfile older than this is considered stale and forcibly removed.\n * Guards against crashed processes leaving a permanent lock. Default: 30s.\n */\n staleMs?: number;\n};\n\nexport async function withFileLock<T>(\n lockPath: string,\n fn: () => Promise<T>,\n options: FileLockOptions = {},\n): Promise<T> {\n const retries = options.retries ?? 100;\n const minDelayMs = options.minDelayMs ?? 20;\n const maxDelayMs = options.maxDelayMs ?? 200;\n const staleMs = options.staleMs ?? 30_000;\n\n await fs.mkdir(path.dirname(lockPath), { recursive: true });\n\n let attempt = 0;\n let acquired = false;\n while (!acquired) {\n try {\n const fh = await fs.open(\n lockPath,\n fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL,\n 0o600,\n );\n await fh.writeFile(`${process.pid}\\n`, \"utf8\");\n await fh.close();\n acquired = true;\n break;\n } catch (err) {\n const code = (err as NodeJS.ErrnoException).code;\n if (code !== \"EEXIST\") {\n throw err;\n }\n }\n\n let stat: Stats | null = null;\n try {\n stat = await fs.stat(lockPath);\n } catch {\n continue;\n }\n if (stat !== null) {\n const ageMs = Date.now() - stat.mtimeMs;\n if (ageMs > staleMs) {\n await fs.unlink(lockPath).catch(() => undefined);\n continue;\n }\n }\n\n attempt += 1;\n if (attempt >= retries) {\n throw new Error(\n `Timed out acquiring file lock at ${lockPath} after ${retries} attempts.`,\n );\n }\n const jitter = Math.floor(\n Math.random() * Math.max(1, maxDelayMs - minDelayMs),\n );\n await new Promise((resolve) => setTimeout(resolve, minDelayMs + jitter));\n }\n\n try {\n return await fn();\n } finally {\n await fs.unlink(lockPath).catch(() => undefined);\n }\n}\n","/**\n * Single writer for the long-lived Dreamboard session credentials.\n *\n * Design invariants (enforced at the type level and tested in\n * `credential-store.test.ts`):\n *\n * 1. This module is the ONLY place in the CLI that writes credentials to\n * disk or the OS keychain. `global-config.ts` used to own both the\n * config and the credentials via `saveGlobalConfig`, which made it\n * trivial to wipe a refresh token by accident. The `GlobalConfig` type\n * no longer carries credentials, so attempting to persist one through\n * the config path is a type error.\n *\n * 2. The mutating surface is intentionally narrow:\n * - `setCredentials(c)` for refreshable sessions (both tokens present)\n * - `setAccessOnlySession(accessToken)` for the `auth set` / `config set\n * --token` power-user path, which has no refresh token by\n * construction\n * - `clearCredentials()` wipes the file entirely\n * There is no \"partial update\" API. `Credentials` requires both\n * `accessToken` and `refreshToken`, so it is impossible to persist a\n * half-populated refreshable session.\n *\n * 3. Writes go through `atomicWriteFile` + `withFileLock`, so a crash or\n * interrupt during `dreamboard sync`/`compile` cannot leave `auth.json`\n * truncated, and parallel CLI invocations cannot clobber each other's\n * rotated refresh tokens.\n *\n * 4. The on-disk JSON shape for the file backend is kept backward\n * compatible: we continue to read/write `authToken` + `refreshToken`\n * so existing users are not forced to log in again after this change.\n * A newer `accessToken` key is also accepted for read to ease any\n * future format bump.\n *\n * 5. The file backend is the default. The OS keychain is opt-in via\n * `credentialBackend: \"keychain\"` in `~/.dreamboard/config.json`\n * because on macOS the first keychain write triggers a login-password\n * prompt, and re-prompts whenever the executing Node binary's code\n * signature changes (e.g. after an `nvm`/`volta` upgrade). Users who\n * want encrypted-at-rest storage can opt in explicitly; everyone else\n * gets a zero-prompt experience.\n */\n\nimport os from \"node:os\";\nimport path from \"node:path\";\nimport { promises as fs } from \"node:fs\";\nimport { PROJECT_DIR_NAME } from \"../constants.js\";\nimport {\n atomicWriteFile,\n withFileLock,\n type FileLockOptions,\n} from \"../utils/atomic-file.js\";\n\n/** Fully refreshable session: both tokens required. */\nexport type Credentials = {\n readonly accessToken: string;\n readonly refreshToken: string;\n readonly tokenExpiresAt?: string;\n readonly clerkOAuthIssuer?: string;\n readonly clerkOAuthClientId?: string;\n readonly clerkOAuthTokenUrl?: string;\n readonly environment?: string;\n};\n\n/**\n * Raw on-disk snapshot. Either or both fields may be present. The refresh\n * coordinator only acts on snapshots that have both tokens populated.\n */\nexport type StoredSessionSnapshot = {\n readonly accessToken?: string;\n readonly refreshToken?: string;\n readonly tokenExpiresAt?: string;\n readonly clerkOAuthIssuer?: string;\n readonly clerkOAuthClientId?: string;\n readonly clerkOAuthTokenUrl?: string;\n readonly environment?: string;\n};\n\nexport type CredentialBackendName = \"file\" | \"keychain\";\n\nexport type CredentialBackend = {\n readonly name: CredentialBackendName;\n read(): Promise<StoredSessionSnapshot | null>;\n writeFull(creds: Credentials): Promise<void>;\n writeAccessOnly(accessToken: string): Promise<void>;\n clear(): Promise<void>;\n};\n\nexport type CredentialLockOps = {\n readonly backendName: CredentialBackendName;\n read(): Promise<StoredSessionSnapshot | null>;\n writeFull(creds: Credentials): Promise<void>;\n writeAccessOnly(accessToken: string): Promise<void>;\n clear(): Promise<void>;\n};\n\ntype DiskShape = Partial<{\n accessToken: string;\n authToken: string;\n refreshToken: string;\n tokenExpiresAt: string;\n clerkOAuthIssuer: string;\n clerkOAuthClientId: string;\n clerkOAuthTokenUrl: string;\n environment: string;\n}>;\n\nexport function getCredentialFilePath(): string {\n return path.join(os.homedir(), PROJECT_DIR_NAME, \"auth.json\");\n}\n\nfunction getCredentialLockPath(): string {\n return `${getCredentialFilePath()}.lock`;\n}\n\nasync function fileRead(): Promise<StoredSessionSnapshot | null> {\n const filePath = getCredentialFilePath();\n let data: string;\n try {\n data = await fs.readFile(filePath, \"utf8\");\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return null;\n throw err;\n }\n if (data.trim().length === 0) {\n return null;\n }\n let parsed: DiskShape;\n try {\n parsed = JSON.parse(data) as DiskShape;\n } catch {\n return null;\n }\n const accessToken = parsed.accessToken ?? parsed.authToken;\n const refreshToken = parsed.refreshToken;\n if (!accessToken && !refreshToken) return null;\n return {\n accessToken: accessToken || undefined,\n refreshToken: refreshToken || undefined,\n tokenExpiresAt: parsed.tokenExpiresAt || undefined,\n clerkOAuthIssuer: parsed.clerkOAuthIssuer || undefined,\n clerkOAuthClientId: parsed.clerkOAuthClientId || undefined,\n clerkOAuthTokenUrl: parsed.clerkOAuthTokenUrl || undefined,\n environment: parsed.environment || undefined,\n };\n}\n\nasync function writeFilePayload(payload: DiskShape): Promise<void> {\n await atomicWriteFile(\n getCredentialFilePath(),\n `${JSON.stringify(payload, null, 2)}\\n`,\n { mode: 0o600 },\n );\n}\n\nasync function fileWriteFull(creds: Credentials): Promise<void> {\n if (!creds.accessToken || !creds.refreshToken) {\n throw new Error(\n \"Refusing to persist credentials with an empty accessToken or refreshToken.\",\n );\n }\n await writeFilePayload({\n authToken: creds.accessToken,\n refreshToken: creds.refreshToken,\n tokenExpiresAt: creds.tokenExpiresAt,\n clerkOAuthIssuer: creds.clerkOAuthIssuer,\n clerkOAuthClientId: creds.clerkOAuthClientId,\n clerkOAuthTokenUrl: creds.clerkOAuthTokenUrl,\n environment: creds.environment,\n });\n}\n\nasync function fileWriteAccessOnly(accessToken: string): Promise<void> {\n if (!accessToken) {\n throw new Error(\"Refusing to persist an empty access token.\");\n }\n await writeFilePayload({ authToken: accessToken });\n}\n\nasync function fileClear(): Promise<void> {\n const filePath = getCredentialFilePath();\n try {\n await fs.unlink(filePath);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\nexport const fileCredentialBackend: CredentialBackend = {\n name: \"file\",\n read: fileRead,\n writeFull: fileWriteFull,\n writeAccessOnly: fileWriteAccessOnly,\n clear: fileClear,\n};\n\nexport type BackendResolver = () =>\n | CredentialBackend\n | Promise<CredentialBackend>;\n\nlet cachedBackend: CredentialBackend | null = null;\nlet migrationCompleted = false;\nlet backendResolver: BackendResolver = defaultBackendResolver;\n\n/**\n * Default resolver precedence:\n *\n * 1. `DREAMBOARD_CREDENTIAL_BACKEND` env var (debugging / CI override).\n * - \"file\" -> force file\n * - \"keychain\" -> force keychain (falls back to file if the native\n * module or the OS keyring is unavailable)\n * - \"auto\" -> same as unset (use config)\n * - unknown -> throw so typos fail loud\n * 2. `credentialBackend` in `~/.dreamboard/config.json`.\n * - \"keychain\" -> opt in to the OS keychain (with file fallback)\n * - \"file\" / unset / malformed -> file\n * 3. Default: file backend.\n *\n * Keychain is opt-in because on macOS the OS login-keychain prompts for\n * the user's password the first time a new binary tries to write to an\n * item, and re-prompts whenever the Node binary signature changes. We\n * would rather ship a zero-prompt default and let users who care about\n * encrypted-at-rest storage enable it.\n *\n * The resolver is async because the keychain probe requires a dynamic\n * `@napi-rs/keyring` import.\n */\nasync function defaultBackendResolver(): Promise<CredentialBackend> {\n const override = (process.env.DREAMBOARD_CREDENTIAL_BACKEND ?? \"\")\n .trim()\n .toLowerCase();\n if (override === \"file\") {\n return fileCredentialBackend;\n }\n if (override && override !== \"keychain\" && override !== \"auto\") {\n // Fail loud on typos rather than silently falling back: this env\n // var exists specifically for users who are debugging auth issues\n // and need to know their override took effect.\n throw new Error(\n `Unknown DREAMBOARD_CREDENTIAL_BACKEND value \"${override}\" (expected \"file\", \"keychain\", or \"auto\").`,\n );\n }\n\n const useKeychain =\n override === \"keychain\" || (await readCredentialBackendPreference());\n if (!useKeychain) {\n return fileCredentialBackend;\n }\n\n const { tryKeychainBackend } = await import(\"./keychain-backend.js\");\n const keychain = await tryKeychainBackend();\n if (keychain.available) {\n return keychain.backend;\n }\n // The user explicitly asked for keychain but the platform can't\n // provide one (no libsecret on Linux, missing native module, etc).\n // Silently degrade to the file backend so the CLI stays usable; the\n // active backend is still visible through `dreamboard auth status`.\n return fileCredentialBackend;\n}\n\nasync function readCredentialBackendPreference(): Promise<boolean> {\n try {\n // Dynamic import to avoid a top-level cycle with `global-config.ts`\n // (which imports `getCredentialFilePath` from this module). Using\n // the async path keeps the cycle purely lazy.\n const { loadGlobalConfig } = await import(\"./global-config.js\");\n const config = await loadGlobalConfig();\n return config.credentialBackend === \"keychain\";\n } catch {\n // If the config file is unreadable or the dynamic import fails\n // (e.g. during early bootstrap), fall back to the file-backed\n // default rather than crashing credential lookups.\n return false;\n }\n}\n\n/**\n * Override which backend is used. Tests use this to inject in-memory\n * backends; production code uses the default keychain-first resolver.\n */\nexport function setCredentialBackendResolver(resolver: BackendResolver): void {\n backendResolver = resolver;\n cachedBackend = null;\n migrationCompleted = false;\n}\n\nexport async function getCredentialBackend(): Promise<CredentialBackend> {\n if (cachedBackend === null) {\n cachedBackend = await backendResolver();\n // One-time migration: if we resolved to a non-file backend and\n // `auth.json` still has credentials from the old layout, copy them\n // over and remove the file. We only do this when the new backend is\n // empty, so repeated migrations cannot stomp a newer keychain\n // session with a stale file session.\n if (!migrationCompleted && cachedBackend.name !== \"file\") {\n await migrateFromFileBackendIfNeeded(cachedBackend);\n }\n migrationCompleted = true;\n }\n return cachedBackend;\n}\n\nasync function migrateFromFileBackendIfNeeded(\n target: CredentialBackend,\n): Promise<void> {\n try {\n const [onDisk, onTarget] = await Promise.all([\n fileCredentialBackend.read(),\n target.read(),\n ]);\n if (!onDisk) return;\n if (onTarget) {\n // Target already has a session - the user has already migrated.\n // Remove the file so it cannot get re-used accidentally.\n await fileCredentialBackend.clear();\n return;\n }\n if (onDisk.accessToken && onDisk.refreshToken) {\n await target.writeFull({\n accessToken: onDisk.accessToken,\n refreshToken: onDisk.refreshToken,\n });\n } else if (onDisk.accessToken) {\n await target.writeAccessOnly(onDisk.accessToken);\n } else {\n return;\n }\n await fileCredentialBackend.clear();\n } catch {\n // Migration is best-effort. A failure here should not block CLI\n // operation; on next run the file backend is still consulted\n // directly because the keychain backend's `read` returns null and\n // callers fall through to \"missing session\" → login prompt.\n }\n}\n\nexport async function getActiveCredentialBackendName(): Promise<CredentialBackendName> {\n const backend = await getCredentialBackend();\n return backend.name;\n}\n\n/** Loose read: returns whatever is on disk, including access-only sessions. */\nexport async function getStoredSession(): Promise<StoredSessionSnapshot | null> {\n const backend = await getCredentialBackend();\n return backend.read();\n}\n\n/** Strict read: returns a refreshable pair, or null if either token is missing. */\nexport async function getCredentials(): Promise<Credentials | null> {\n const snapshot = await getStoredSession();\n if (!snapshot) return null;\n const { accessToken, refreshToken } = snapshot;\n if (!accessToken || !refreshToken) return null;\n return { accessToken, refreshToken };\n}\n\nexport async function setCredentials(creds: Credentials): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.writeFull(creds);\n });\n}\n\nexport async function setAccessOnlySession(accessToken: string): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.writeAccessOnly(accessToken);\n });\n}\n\nexport async function clearCredentials(): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.clear();\n });\n}\n\n/**\n * Run `fn` while holding the cross-process credential lock. `fn` receives\n * an ops handle that reads/writes the active backend without re-acquiring\n * the lock (avoiding deadlock).\n *\n * This is the only correct way to perform a read-modify-write on stored\n * credentials (e.g. CLI refresh rotation) in the presence of\n * concurrent CLI invocations.\n */\nexport async function withCredentialLock<T>(\n fn: (ops: CredentialLockOps) => Promise<T>,\n options?: FileLockOptions,\n): Promise<T> {\n return withFileLock(\n getCredentialLockPath(),\n async () => {\n const backend = await getCredentialBackend();\n const ops: CredentialLockOps = {\n backendName: backend.name,\n read: () => backend.read(),\n writeFull: (creds) => backend.writeFull(creds),\n writeAccessOnly: (accessToken) => backend.writeAccessOnly(accessToken),\n clear: () => backend.clear(),\n };\n return fn(ops);\n },\n options,\n );\n}\n\n/** Test-only reset of module state. Not exported through the barrel. */\nexport function _resetCredentialStoreForTests(): void {\n cachedBackend = null;\n migrationCompleted = false;\n backendResolver = defaultBackendResolver;\n}\n"],"mappings":";;;AAAA,OAAOA,SAAQ;AACf,OAAOC,WAAU;;;ACCV,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAE7B,IAAM,mBAAmB;AACzB,IAAM,4BACX;AAKK,IAAM,sBAAyD;AAAA,EACpE,OAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,kBAAkB;AAAA,IAClB,oBAAoB;AAAA,IACpB,oBACE;AAAA,IACF,iBAAiB;AAAA,EACnB;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AACF;AACO,IAAM,sBAAsB;AAC5B,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B,GAAG,gBAAgB,IAAI,kBAAkB;AAC5E,IAAM,iCAAiC;AACvC,IAAM,YAAY;AAClB,IAAM,2BAA2B,IAAI,KAAK;AAG1C,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;;;ACjDD,SAAS,OAAO,UAAU,MAAM,iBAAiB;AACjD,OAAO,UAAU;AAEjB,eAAsB,UAAU,SAAgC;AAC9D,QAAM,MAAM,SAAS,EAAE,WAAW,KAAK,CAAC;AAC1C;AAEA,eAAsB,OAAO,UAAoC;AAC/D,MAAI;AACF,UAAM,KAAK,QAAQ;AACnB,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,aAAa,UAAmC;AACpE,SAAO,SAAS,UAAU,MAAM;AAClC;AAEA,eAAsB,qBACpB,UACwB;AACxB,MAAI;AACF,WAAO,MAAM,SAAS,UAAU,MAAM;AAAA,EACxC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,cACpB,UACA,SACe;AACf,QAAM,UAAU,KAAK,QAAQ,QAAQ,CAAC;AACtC,QAAM,UAAU,UAAU,SAAS,MAAM;AAC3C;AAEA,eAAsB,aAAgB,UAA8B;AAClE,QAAM,OAAO,MAAM,aAAa,QAAQ;AACxC,SAAO,KAAK,MAAM,IAAI;AACxB;AAEA,eAAsB,cACpB,UACA,MACe;AACf,QAAM,cAAc,UAAU,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,CAAI;AACpE;;;AC5BA,SAAS,aAAa,aAAa,YAAY,UAAsB;AACrE,OAAOC,WAAU;AACjB,OAAO,YAAY;AASnB,eAAsB,gBACpB,YACA,UACA,UAA8B,CAAC,GAChB;AACf,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI;AAAA,MACR,mDAAmD,UAAU;AAAA,IAC/D;AAAA,EACF;AACA,QAAM,OAAO,QAAQ,QAAQ;AAC7B,QAAM,cAAc,QAAQ,SAAS;AACrC,QAAM,MAAMA,MAAK,QAAQ,UAAU;AACnC,QAAM,GAAG,MAAM,KAAK,EAAE,WAAW,KAAK,CAAC;AAEvC,QAAM,SAAS,OAAO,YAAY,CAAC,EAAE,SAAS,KAAK;AACnD,QAAM,UAAU,GAAG,UAAU,QAAQ,QAAQ,GAAG,IAAI,MAAM;AAE1D,QAAM,KAAK,MAAM,GAAG;AAAA,IAClB;AAAA,IACA,YAAY,WAAW,YAAY,UAAU,YAAY;AAAA,IACzD;AAAA,EACF;AACA,MAAI;AACF,UAAM,GAAG,UAAU,UAAU,MAAM;AACnC,QAAI;AACF,YAAM,GAAG,MAAM,IAAI;AAAA,IACrB,QAAQ;AAAA,IAIR;AACA,QAAI,aAAa;AACf,UAAI;AACF,cAAM,GAAG,KAAK;AAAA,MAChB,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAM,GAAG,MAAM;AAAA,EACjB;AAEA,MAAI;AACF,UAAM,GAAG,OAAO,SAAS,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,UAAM,GAAG,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAC9C,UAAM;AAAA,EACR;AACF;AAgBA,eAAsB,aACpB,UACA,IACA,UAA2B,CAAC,GAChB;AACZ,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,UAAU,QAAQ,WAAW;AAEnC,QAAM,GAAG,MAAMA,MAAK,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAE1D,MAAI,UAAU;AACd,MAAI,WAAW;AACf,SAAO,CAAC,UAAU;AAChB,QAAI;AACF,YAAM,KAAK,MAAM,GAAG;AAAA,QAClB;AAAA,QACA,YAAY,WAAW,YAAY,UAAU,YAAY;AAAA,QACzD;AAAA,MACF;AACA,YAAM,GAAG,UAAU,GAAG,QAAQ,GAAG;AAAA,GAAM,MAAM;AAC7C,YAAM,GAAG,MAAM;AACf,iBAAW;AACX;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,OAAQ,IAA8B;AAC5C,UAAI,SAAS,UAAU;AACrB,cAAM;AAAA,MACR;AAAA,IACF;AAEA,QAAIC,QAAqB;AACzB,QAAI;AACF,MAAAA,QAAO,MAAM,GAAG,KAAK,QAAQ;AAAA,IAC/B,QAAQ;AACN;AAAA,IACF;AACA,QAAIA,UAAS,MAAM;AACjB,YAAM,QAAQ,KAAK,IAAI,IAAIA,MAAK;AAChC,UAAI,QAAQ,SAAS;AACnB,cAAM,GAAG,OAAO,QAAQ,EAAE,MAAM,MAAM,MAAS;AAC/C;AAAA,MACF;AAAA,IACF;AAEA,eAAW;AACX,QAAI,WAAW,SAAS;AACtB,YAAM,IAAI;AAAA,QACR,oCAAoC,QAAQ,UAAU,OAAO;AAAA,MAC/D;AAAA,IACF;AACA,UAAM,SAAS,KAAK;AAAA,MAClB,KAAK,OAAO,IAAI,KAAK,IAAI,GAAG,aAAa,UAAU;AAAA,IACrD;AACA,UAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,aAAa,MAAM,CAAC;AAAA,EACzE;AAEA,MAAI;AACF,WAAO,MAAM,GAAG;AAAA,EAClB,UAAE;AACA,UAAM,GAAG,OAAO,QAAQ,EAAE,MAAM,MAAM,MAAS;AAAA,EACjD;AACF;;;ACpHA,OAAO,QAAQ;AACf,OAAOC,WAAU;AACjB,SAAS,YAAYC,WAAU;AA8DxB,SAAS,wBAAgC;AAC9C,SAAOC,MAAK,KAAK,GAAG,QAAQ,GAAG,kBAAkB,WAAW;AAC9D;AAEA,SAAS,wBAAgC;AACvC,SAAO,GAAG,sBAAsB,CAAC;AACnC;AAEA,eAAe,WAAkD;AAC/D,QAAM,WAAW,sBAAsB;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAMC,IAAG,SAAS,UAAU,MAAM;AAAA,EAC3C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACA,MAAI,KAAK,KAAK,EAAE,WAAW,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,QAAM,cAAc,OAAO,eAAe,OAAO;AACjD,QAAM,eAAe,OAAO;AAC5B,MAAI,CAAC,eAAe,CAAC,aAAc,QAAO;AAC1C,SAAO;AAAA,IACL,aAAa,eAAe;AAAA,IAC5B,cAAc,gBAAgB;AAAA,IAC9B,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,kBAAkB,OAAO,oBAAoB;AAAA,IAC7C,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,aAAa,OAAO,eAAe;AAAA,EACrC;AACF;AAEA,eAAe,iBAAiB,SAAmC;AACjE,QAAM;AAAA,IACJ,sBAAsB;AAAA,IACtB,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA;AAAA,IACnC,EAAE,MAAM,IAAM;AAAA,EAChB;AACF;AAEA,eAAe,cAAc,OAAmC;AAC9D,MAAI,CAAC,MAAM,eAAe,CAAC,MAAM,cAAc;AAC7C,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,iBAAiB;AAAA,IACrB,WAAW,MAAM;AAAA,IACjB,cAAc,MAAM;AAAA,IACpB,gBAAgB,MAAM;AAAA,IACtB,kBAAkB,MAAM;AAAA,IACxB,oBAAoB,MAAM;AAAA,IAC1B,oBAAoB,MAAM;AAAA,IAC1B,aAAa,MAAM;AAAA,EACrB,CAAC;AACH;AAEA,eAAe,oBAAoB,aAAoC;AACrE,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACA,QAAM,iBAAiB,EAAE,WAAW,YAAY,CAAC;AACnD;AAEA,eAAe,YAA2B;AACxC,QAAM,WAAW,sBAAsB;AACvC,MAAI;AACF,UAAMA,IAAG,OAAO,QAAQ;AAAA,EAC1B,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAEO,IAAM,wBAA2C;AAAA,EACtD,MAAM;AAAA,EACN,MAAM;AAAA,EACN,WAAW;AAAA,EACX,iBAAiB;AAAA,EACjB,OAAO;AACT;AAMA,IAAI,gBAA0C;AAC9C,IAAI,qBAAqB;AACzB,IAAI,kBAAmC;AAyBvC,eAAe,yBAAqD;AAClE,QAAM,YAAY,QAAQ,IAAI,iCAAiC,IAC5D,KAAK,EACL,YAAY;AACf,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,EACT;AACA,MAAI,YAAY,aAAa,cAAc,aAAa,QAAQ;AAI9D,UAAM,IAAI;AAAA,MACR,gDAAgD,QAAQ;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,cACJ,aAAa,cAAe,MAAM,gCAAgC;AACpE,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,gCAAuB;AACnE,QAAM,WAAW,MAAM,mBAAmB;AAC1C,MAAI,SAAS,WAAW;AACtB,WAAO,SAAS;AAAA,EAClB;AAKA,SAAO;AACT;AAEA,eAAe,kCAAoD;AACjE,MAAI;AAIF,UAAM,EAAE,kBAAAC,kBAAiB,IAAI,MAAM,OAAO,6BAAoB;AAC9D,UAAM,SAAS,MAAMA,kBAAiB;AACtC,WAAO,OAAO,sBAAsB;AAAA,EACtC,QAAQ;AAIN,WAAO;AAAA,EACT;AACF;AAYA,eAAsB,uBAAmD;AACvE,MAAI,kBAAkB,MAAM;AAC1B,oBAAgB,MAAM,gBAAgB;AAMtC,QAAI,CAAC,sBAAsB,cAAc,SAAS,QAAQ;AACxD,YAAM,+BAA+B,aAAa;AAAA,IACpD;AACA,yBAAqB;AAAA,EACvB;AACA,SAAO;AACT;AAEA,eAAe,+BACb,QACe;AACf,MAAI;AACF,UAAM,CAAC,QAAQ,QAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC3C,sBAAsB,KAAK;AAAA,MAC3B,OAAO,KAAK;AAAA,IACd,CAAC;AACD,QAAI,CAAC,OAAQ;AACb,QAAI,UAAU;AAGZ,YAAM,sBAAsB,MAAM;AAClC;AAAA,IACF;AACA,QAAI,OAAO,eAAe,OAAO,cAAc;AAC7C,YAAM,OAAO,UAAU;AAAA,QACrB,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,MACvB,CAAC;AAAA,IACH,WAAW,OAAO,aAAa;AAC7B,YAAM,OAAO,gBAAgB,OAAO,WAAW;AAAA,IACjD,OAAO;AACL;AAAA,IACF;AACA,UAAM,sBAAsB,MAAM;AAAA,EACpC,QAAQ;AAAA,EAKR;AACF;AAEA,eAAsB,iCAAiE;AACrF,QAAM,UAAU,MAAM,qBAAqB;AAC3C,SAAO,QAAQ;AACjB;AAGA,eAAsB,mBAA0D;AAC9E,QAAM,UAAU,MAAM,qBAAqB;AAC3C,SAAO,QAAQ,KAAK;AACtB;AAWA,eAAsB,eAAe,OAAmC;AACtE,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,UAAU,KAAK;AAAA,EAC/B,CAAC;AACH;AAEA,eAAsB,qBAAqB,aAAoC;AAC7E,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,gBAAgB,WAAW;AAAA,EAC3C,CAAC;AACH;AAEA,eAAsB,mBAAkC;AACtD,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,MAAM;AAAA,EACtB,CAAC;AACH;;;AJhXA,SAAS,2BACP,OACyC;AACzC,MAAI,UAAU,UAAU,UAAU,WAAY,QAAO;AAIrD,SAAO;AACT;AAEO,SAAS,sBAA8B;AAC5C,SAAOC,MAAK,KAAKC,IAAG,QAAQ,GAAG,kBAAkB,aAAa;AAChE;AAOO,SAAS,oBAA4B;AAC1C,SAAO,sBAAsB;AAC/B;AAaA,eAAsB,mBAA0C;AAC9D,QAAM,SAAS,MAAM,aAA2B,oBAAoB,CAAC,EAAE;AAAA,IACrE,OAAO,CAAC;AAAA,EACV;AACA,SAAO;AAAA,IACL,aAAa,OAAO;AAAA,IACpB,mBAAmB,2BAA2B,OAAO,iBAAiB;AAAA,EACxE;AACF;AAUA,eAAsB,iBAAiB,QAAqC;AAC1E,QAAM,YAAYD,MAAK,KAAKC,IAAG,QAAQ,GAAG,gBAAgB;AAC1D,QAAM,UAAU,SAAS;AACzB,QAAM,aAA2B;AAAA,IAC/B,aAAa,OAAO;AAAA,IACpB,mBAAmB,2BAA2B,OAAO,iBAAiB;AAAA,EACxE;AACA,QAAM;AAAA,IACJ,oBAAoB;AAAA,IACpB,GAAG,KAAK,UAAU,YAAY,MAAM,CAAC,CAAC;AAAA;AAAA,IACtC,EAAE,MAAM,IAAM;AAAA,EAChB;AACF;","names":["os","path","path","stat","path","fs","path","fs","loadGlobalConfig","path","os"]}
package/dist/{global-config-YBFEGJQG.js → global-config-WPJRXVDO.js} RENAMED
@@ -4,7 +4,7 @@ import {
4
4
  getGlobalConfigPath,
5
5
  loadGlobalConfig,
6
6
  saveGlobalConfig
7
- } from "./chunk-3NRROR4P.js";
7
+ } from "./chunk-GXM7RRZJ.js";
8
8
  import "./chunk-2H7UOFLK.js";
9
9
  export {
10
10
  getGlobalAuthPath,
@@ -12,4 +12,4 @@ export {
12
12
  loadGlobalConfig,
13
13
  saveGlobalConfig
14
14
  };
15
- //# sourceMappingURL=global-config-YBFEGJQG.js.map
15
+ //# sourceMappingURL=global-config-WPJRXVDO.js.map
package/dist/index.js CHANGED
@@ -101,7 +101,7 @@ import {
101
101
  writeSnapshot,
102
102
  writeSnapshotFromFiles,
103
103
  writeSourceFiles
104
- } from "./chunk-TBA3T4TX.js";
104
+ } from "./chunk-4PTP2HOX.js";
105
105
  import {
106
106
  DEFAULT_LOGIN_TIMEOUT_MS,
107
107
  DEFAULT_WEB_BASE_URL,
@@ -126,7 +126,7 @@ import {
126
126
  setCredentials,
127
127
  writeJsonFile,
128
128
  writeTextFile
129
- } from "./chunk-3NRROR4P.js";
129
+ } from "./chunk-GXM7RRZJ.js";
130
130
  import "./chunk-2H7UOFLK.js";
131
131
 
132
132
  // src/commands/auth.ts
package/dist/internal.js CHANGED
@@ -16,14 +16,14 @@ import {
16
16
  shortHash,
17
17
  updateProjectState,
18
18
  writeSnapshot
19
- } from "./chunk-TBA3T4TX.js";
19
+ } from "./chunk-4PTP2HOX.js";
20
20
  import {
21
21
  ENVIRONMENT_CONFIGS,
22
22
  getStoredSession,
23
23
  loadGlobalConfig,
24
24
  readJsonFile,
25
25
  writeJsonFile
26
- } from "./chunk-3NRROR4P.js";
26
+ } from "./chunk-GXM7RRZJ.js";
27
27
  import "./chunk-2H7UOFLK.js";
28
28
  export {
29
29
  CONFIG_FLAG_ARGS,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dreamboard-games/cli",
3
- "version": "0.1.30-alpha.5",
3
+ "version": "0.1.30-alpha.6",
4
4
  "description": "Design board games with AI and turn ideas into playable digital prototypes.",
5
5
  "type": "module",
6
6
  "bin": {
package/dist/agent-verifier/chunk-H76MT5UR.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../src/constants.ts"],"sourcesContent":["import type { EnvironmentConfig } from \"./types.js\";\n\nexport const DEFAULT_API_BASE_URL = \"https://api.dreamboard.games\";\nexport const DEFAULT_WEB_BASE_URL = \"https://dreamboard.games\";\n\nexport const PROJECT_DIR_NAME = \".dreamboard\";\nexport const DEFAULT_CLERK_OAUTH_SCOPE =\n \"openid profile email offline_access\";\n\n// Predefined environment configurations. These are intentionally static:\n// process/env overrides are applied in config resolution so the CLI does not\n// depend on a shell-sourced env file just to know first-party environments.\nexport const ENVIRONMENT_CONFIGS: Record<string, EnvironmentConfig> = {\n local: {\n apiBaseUrl: \"http://localhost:8080\",\n webBaseUrl: \"http://localhost:5173\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n staging: {\n apiBaseUrl: \"https://api-staging.dreamboard.games\",\n webBaseUrl: \"https://staging.dreamboard.games\",\n clerkOAuthIssuer: \"https://happy-caribou-19.clerk.accounts.dev\",\n clerkOAuthTokenUrl:\n \"https://happy-caribou-19.clerk.accounts.dev/oauth/token\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n prod: {\n apiBaseUrl: \"https://api.dreamboard.games\",\n webBaseUrl: \"https://dreamboard.games\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n};\nexport const PROJECT_CONFIG_FILE = \"project.json\";\nexport const PROJECT_STATE_FILE = \"state.json\";\nexport const SNAPSHOT_FILE = \"snapshot.json\";\nexport const MANIFEST_FILE = \"manifest.ts\";\nexport const GENERATED_DIR_NAME = \"generated\";\nexport const MATERIALIZED_MANIFEST_FILE = `${PROJECT_DIR_NAME}/${GENERATED_DIR_NAME}/manifest.json`;\nexport const MANIFEST_TYPECHECK_CONFIG_FILE = \"manifest.tsconfig.json\";\nexport const RULE_FILE = \"rule.md\";\nexport const DEFAULT_LOGIN_TIMEOUT_MS = 5 * 60 * 1000;\nexport const DEFAULT_TURN_DELAY_MS = 250;\n\nexport const LOCAL_IGNORE_DIRS = new Set([\n \".dreamboard\",\n \".git\",\n \"node_modules\",\n \"dist\",\n]);\n"],"mappings":";;;AAEO,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAE7B,IAAM,mBAAmB;AACzB,IAAM,4BACX;AAKK,IAAM,sBAAyD;AAAA,EACpE,OAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,kBAAkB;AAAA,IAClB,oBACE;AAAA,IACF,iBAAiB;AAAA,EACnB;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AACF;AACO,IAAM,sBAAsB;AAC5B,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B,GAAG,gBAAgB,IAAI,kBAAkB;AAC5E,IAAM,iCAAiC;AACvC,IAAM,YAAY;AAClB,IAAM,2BAA2B,IAAI,KAAK;AAG1C,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;","names":[]}
package/dist/agent-verifier/local-typecheck-2JWG5IGL.mjs DELETED
@@ -1,10 +0,0 @@
1
- #!/usr/bin/env node
2
- import {
3
- runLocalTypecheck
4
- } from "./chunk-UIOLGH4A.mjs";
5
- import "./chunk-H76MT5UR.mjs";
6
- import "./chunk-H6XDQJ3N.mjs";
7
- export {
8
- runLocalTypecheck
9
- };
10
- //# sourceMappingURL=local-typecheck-2JWG5IGL.mjs.map
package/dist/chunk-3NRROR4P.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/config/global-config.ts","../src/constants.ts","../src/utils/fs.ts","../src/utils/atomic-file.ts","../src/config/credential-store.ts"],"sourcesContent":["import os from \"node:os\";\nimport path from \"node:path\";\nimport type { CredentialBackendPreference, GlobalConfig } from \"../types.js\";\nimport { PROJECT_DIR_NAME } from \"../constants.js\";\nimport { ensureDir, readJsonFile } from \"../utils/fs.js\";\nimport { atomicWriteFile } from \"../utils/atomic-file.js\";\nimport { getCredentialFilePath } from \"./credential-store.js\";\n\nfunction normalizeCredentialBackend(\n value: unknown,\n): CredentialBackendPreference | undefined {\n if (value === \"file\" || value === \"keychain\") return value;\n // Tolerate unknown / malformed values rather than refusing to load the\n // whole config - an unrecognised backend name should degrade to \"use\n // the default\" instead of locking the user out of their CLI.\n return undefined;\n}\n\nexport function getGlobalConfigPath(): string {\n return path.join(os.homedir(), PROJECT_DIR_NAME, \"config.json\");\n}\n\n/**\n * Path to the on-disk credential file used by the file backend of\n * `CredentialStore`. Re-exported here to avoid circular / ad-hoc imports\n * in UI surface (`auth status`, `config show`, etc).\n */\nexport function getGlobalAuthPath(): string {\n return getCredentialFilePath();\n}\n\n/**\n * Load non-credential CLI configuration.\n *\n * Note: this function used to also load `authToken` / `refreshToken`\n * from `auth.json` and flatten them onto `GlobalConfig`. That shape\n * enabled the refresh-token-wipe bug: `saveGlobalConfig({ ...config })`\n * without explicit auth fields erased the stored refresh token.\n *\n * Credentials are now owned exclusively by `CredentialStore`. Callers\n * that need them must import `getCredentials()` directly.\n */\nexport async function loadGlobalConfig(): Promise<GlobalConfig> {\n const config = await readJsonFile<GlobalConfig>(getGlobalConfigPath()).catch(\n () => ({}) as GlobalConfig,\n );\n return {\n environment: config.environment,\n credentialBackend: normalizeCredentialBackend(config.credentialBackend),\n };\n}\n\n/**\n * Persist non-credential CLI configuration.\n *\n * This function cannot write credentials, by construction: the\n * `GlobalConfig` type has no credential fields. Credentials must be\n * persisted through `setCredentials` / `clearCredentials` from\n * `credential-store.ts`.\n */\nexport async function saveGlobalConfig(config: GlobalConfig): Promise<void> {\n const configDir = path.join(os.homedir(), PROJECT_DIR_NAME);\n await ensureDir(configDir);\n const normalized: GlobalConfig = {\n environment: config.environment,\n credentialBackend: normalizeCredentialBackend(config.credentialBackend),\n };\n await atomicWriteFile(\n getGlobalConfigPath(),\n `${JSON.stringify(normalized, null, 2)}\\n`,\n { mode: 0o600 },\n );\n}\n","import type { EnvironmentConfig } from \"./types.js\";\n\nexport const DEFAULT_API_BASE_URL = \"https://api.dreamboard.games\";\nexport const DEFAULT_WEB_BASE_URL = \"https://dreamboard.games\";\n\nexport const PROJECT_DIR_NAME = \".dreamboard\";\nexport const DEFAULT_CLERK_OAUTH_SCOPE =\n \"openid profile email offline_access\";\n\n// Predefined environment configurations. These are intentionally static:\n// process/env overrides are applied in config resolution so the CLI does not\n// depend on a shell-sourced env file just to know first-party environments.\nexport const ENVIRONMENT_CONFIGS: Record<string, EnvironmentConfig> = {\n local: {\n apiBaseUrl: \"http://localhost:8080\",\n webBaseUrl: \"http://localhost:5173\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n staging: {\n apiBaseUrl: \"https://api-staging.dreamboard.games\",\n webBaseUrl: \"https://staging.dreamboard.games\",\n clerkOAuthIssuer: \"https://happy-caribou-19.clerk.accounts.dev\",\n clerkOAuthTokenUrl:\n \"https://happy-caribou-19.clerk.accounts.dev/oauth/token\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n prod: {\n apiBaseUrl: \"https://api.dreamboard.games\",\n webBaseUrl: \"https://dreamboard.games\",\n clerkOAuthScope: DEFAULT_CLERK_OAUTH_SCOPE,\n },\n};\nexport const PROJECT_CONFIG_FILE = \"project.json\";\nexport const PROJECT_STATE_FILE = \"state.json\";\nexport const SNAPSHOT_FILE = \"snapshot.json\";\nexport const MANIFEST_FILE = \"manifest.ts\";\nexport const GENERATED_DIR_NAME = \"generated\";\nexport const MATERIALIZED_MANIFEST_FILE = `${PROJECT_DIR_NAME}/${GENERATED_DIR_NAME}/manifest.json`;\nexport const MANIFEST_TYPECHECK_CONFIG_FILE = \"manifest.tsconfig.json\";\nexport const RULE_FILE = \"rule.md\";\nexport const DEFAULT_LOGIN_TIMEOUT_MS = 5 * 60 * 1000;\nexport const DEFAULT_TURN_DELAY_MS = 250;\n\nexport const LOCAL_IGNORE_DIRS = new Set([\n \".dreamboard\",\n \".git\",\n \"node_modules\",\n \"dist\",\n]);\n","import { mkdir, readFile, stat, writeFile } from \"node:fs/promises\";\nimport path from \"node:path\";\n\nexport async function ensureDir(dirPath: string): Promise<void> {\n await mkdir(dirPath, { recursive: true });\n}\n\nexport async function exists(filePath: string): Promise<boolean> {\n try {\n await stat(filePath);\n return true;\n } catch {\n return false;\n }\n}\n\nexport async function readTextFile(filePath: string): Promise<string> {\n return readFile(filePath, \"utf8\");\n}\n\nexport async function readTextFileIfExists(\n filePath: string,\n): Promise<string | null> {\n try {\n return await readFile(filePath, \"utf8\");\n } catch {\n return null;\n }\n}\n\nexport async function writeTextFile(\n filePath: string,\n content: string,\n): Promise<void> {\n await ensureDir(path.dirname(filePath));\n await writeFile(filePath, content, \"utf8\");\n}\n\nexport async function readJsonFile<T>(filePath: string): Promise<T> {\n const data = await readTextFile(filePath);\n return JSON.parse(data) as T;\n}\n\nexport async function writeJsonFile(\n filePath: string,\n data: unknown,\n): Promise<void> {\n await writeTextFile(filePath, `${JSON.stringify(data, null, 2)}\\n`);\n}\n","/**\n * Primitives for safely mutating local state files owned by the CLI.\n *\n * Two guarantees:\n * - Writes are atomic-ish: we stage the payload in a sibling temp file with\n * the target permissions, fsync the contents, then `rename` over the target.\n * On POSIX `rename` within the same directory is atomic; on Windows it is\n * atomic within the same volume which is always the case for files we write\n * inside `~/.dreamboard`.\n * - We refuse to clobber a file with an empty payload. The original bug that\n * wiped refresh tokens on a failing `sync`/`compile` hinged on `undefined`\n * JSON values being persisted and reloaded as `{}`. Forbidding empty\n * writes here removes that entire failure mode at the primitive level.\n *\n * Additionally, `withFileLock` provides a cross-process advisory lock built on\n * `O_CREAT | O_EXCL` so that parallel CLI invocations (e.g. `dreamboard sync`\n * running while `dreamboard compile` is in flight) serialize around mutations\n * of the same credential state.\n */\n\nimport { constants as fsConstants, promises as fs, type Stats } from \"node:fs\";\nimport path from \"node:path\";\nimport crypto from \"node:crypto\";\n\nexport type AtomicWriteOptions = {\n /** File mode applied to the written file (default: 0o600). */\n mode?: number;\n /** Call `fsync` on the temp file before renaming. Default: true. */\n fsync?: boolean;\n};\n\nexport async function atomicWriteFile(\n targetPath: string,\n contents: string,\n options: AtomicWriteOptions = {},\n): Promise<void> {\n if (contents.length === 0) {\n throw new Error(\n `Refusing to atomicWriteFile an empty payload to ${targetPath}`,\n );\n }\n const mode = options.mode ?? 0o600;\n const shouldFsync = options.fsync ?? true;\n const dir = path.dirname(targetPath);\n await fs.mkdir(dir, { recursive: true });\n\n const suffix = crypto.randomBytes(6).toString(\"hex\");\n const tmpPath = `${targetPath}.tmp-${process.pid}-${suffix}`;\n\n const fh = await fs.open(\n tmpPath,\n fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL,\n mode,\n );\n try {\n await fh.writeFile(contents, \"utf8\");\n try {\n await fh.chmod(mode);\n } catch {\n // Some filesystems (e.g. network volumes, Windows) refuse chmod.\n // Ignoring here is safe: the `open` call above already created the\n // file with the requested mode on systems that honor it.\n }\n if (shouldFsync) {\n try {\n await fh.sync();\n } catch {\n // Best-effort. Not all backends (tmpfs on some platforms) support fsync.\n }\n }\n } finally {\n await fh.close();\n }\n\n try {\n await fs.rename(tmpPath, targetPath);\n } catch (err) {\n await fs.unlink(tmpPath).catch(() => undefined);\n throw err;\n }\n}\n\nexport type FileLockOptions = {\n /** Max number of acquisition attempts before giving up. Default: 100. */\n retries?: number;\n /** Minimum backoff between retries in ms. Default: 20. */\n minDelayMs?: number;\n /** Maximum backoff between retries in ms. Default: 200. */\n maxDelayMs?: number;\n /**\n * A lockfile older than this is considered stale and forcibly removed.\n * Guards against crashed processes leaving a permanent lock. Default: 30s.\n */\n staleMs?: number;\n};\n\nexport async function withFileLock<T>(\n lockPath: string,\n fn: () => Promise<T>,\n options: FileLockOptions = {},\n): Promise<T> {\n const retries = options.retries ?? 100;\n const minDelayMs = options.minDelayMs ?? 20;\n const maxDelayMs = options.maxDelayMs ?? 200;\n const staleMs = options.staleMs ?? 30_000;\n\n await fs.mkdir(path.dirname(lockPath), { recursive: true });\n\n let attempt = 0;\n let acquired = false;\n while (!acquired) {\n try {\n const fh = await fs.open(\n lockPath,\n fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL,\n 0o600,\n );\n await fh.writeFile(`${process.pid}\\n`, \"utf8\");\n await fh.close();\n acquired = true;\n break;\n } catch (err) {\n const code = (err as NodeJS.ErrnoException).code;\n if (code !== \"EEXIST\") {\n throw err;\n }\n }\n\n let stat: Stats | null = null;\n try {\n stat = await fs.stat(lockPath);\n } catch {\n continue;\n }\n if (stat !== null) {\n const ageMs = Date.now() - stat.mtimeMs;\n if (ageMs > staleMs) {\n await fs.unlink(lockPath).catch(() => undefined);\n continue;\n }\n }\n\n attempt += 1;\n if (attempt >= retries) {\n throw new Error(\n `Timed out acquiring file lock at ${lockPath} after ${retries} attempts.`,\n );\n }\n const jitter = Math.floor(\n Math.random() * Math.max(1, maxDelayMs - minDelayMs),\n );\n await new Promise((resolve) => setTimeout(resolve, minDelayMs + jitter));\n }\n\n try {\n return await fn();\n } finally {\n await fs.unlink(lockPath).catch(() => undefined);\n }\n}\n","/**\n * Single writer for the long-lived Dreamboard session credentials.\n *\n * Design invariants (enforced at the type level and tested in\n * `credential-store.test.ts`):\n *\n * 1. This module is the ONLY place in the CLI that writes credentials to\n * disk or the OS keychain. `global-config.ts` used to own both the\n * config and the credentials via `saveGlobalConfig`, which made it\n * trivial to wipe a refresh token by accident. The `GlobalConfig` type\n * no longer carries credentials, so attempting to persist one through\n * the config path is a type error.\n *\n * 2. The mutating surface is intentionally narrow:\n * - `setCredentials(c)` for refreshable sessions (both tokens present)\n * - `setAccessOnlySession(accessToken)` for the `auth set` / `config set\n * --token` power-user path, which has no refresh token by\n * construction\n * - `clearCredentials()` wipes the file entirely\n * There is no \"partial update\" API. `Credentials` requires both\n * `accessToken` and `refreshToken`, so it is impossible to persist a\n * half-populated refreshable session.\n *\n * 3. Writes go through `atomicWriteFile` + `withFileLock`, so a crash or\n * interrupt during `dreamboard sync`/`compile` cannot leave `auth.json`\n * truncated, and parallel CLI invocations cannot clobber each other's\n * rotated refresh tokens.\n *\n * 4. The on-disk JSON shape for the file backend is kept backward\n * compatible: we continue to read/write `authToken` + `refreshToken`\n * so existing users are not forced to log in again after this change.\n * A newer `accessToken` key is also accepted for read to ease any\n * future format bump.\n *\n * 5. The file backend is the default. The OS keychain is opt-in via\n * `credentialBackend: \"keychain\"` in `~/.dreamboard/config.json`\n * because on macOS the first keychain write triggers a login-password\n * prompt, and re-prompts whenever the executing Node binary's code\n * signature changes (e.g. after an `nvm`/`volta` upgrade). Users who\n * want encrypted-at-rest storage can opt in explicitly; everyone else\n * gets a zero-prompt experience.\n */\n\nimport os from \"node:os\";\nimport path from \"node:path\";\nimport { promises as fs } from \"node:fs\";\nimport { PROJECT_DIR_NAME } from \"../constants.js\";\nimport {\n atomicWriteFile,\n withFileLock,\n type FileLockOptions,\n} from \"../utils/atomic-file.js\";\n\n/** Fully refreshable session: both tokens required. */\nexport type Credentials = {\n readonly accessToken: string;\n readonly refreshToken: string;\n readonly tokenExpiresAt?: string;\n readonly clerkOAuthIssuer?: string;\n readonly clerkOAuthClientId?: string;\n readonly clerkOAuthTokenUrl?: string;\n readonly environment?: string;\n};\n\n/**\n * Raw on-disk snapshot. Either or both fields may be present. The refresh\n * coordinator only acts on snapshots that have both tokens populated.\n */\nexport type StoredSessionSnapshot = {\n readonly accessToken?: string;\n readonly refreshToken?: string;\n readonly tokenExpiresAt?: string;\n readonly clerkOAuthIssuer?: string;\n readonly clerkOAuthClientId?: string;\n readonly clerkOAuthTokenUrl?: string;\n readonly environment?: string;\n};\n\nexport type CredentialBackendName = \"file\" | \"keychain\";\n\nexport type CredentialBackend = {\n readonly name: CredentialBackendName;\n read(): Promise<StoredSessionSnapshot | null>;\n writeFull(creds: Credentials): Promise<void>;\n writeAccessOnly(accessToken: string): Promise<void>;\n clear(): Promise<void>;\n};\n\nexport type CredentialLockOps = {\n readonly backendName: CredentialBackendName;\n read(): Promise<StoredSessionSnapshot | null>;\n writeFull(creds: Credentials): Promise<void>;\n writeAccessOnly(accessToken: string): Promise<void>;\n clear(): Promise<void>;\n};\n\ntype DiskShape = Partial<{\n accessToken: string;\n authToken: string;\n refreshToken: string;\n tokenExpiresAt: string;\n clerkOAuthIssuer: string;\n clerkOAuthClientId: string;\n clerkOAuthTokenUrl: string;\n environment: string;\n}>;\n\nexport function getCredentialFilePath(): string {\n return path.join(os.homedir(), PROJECT_DIR_NAME, \"auth.json\");\n}\n\nfunction getCredentialLockPath(): string {\n return `${getCredentialFilePath()}.lock`;\n}\n\nasync function fileRead(): Promise<StoredSessionSnapshot | null> {\n const filePath = getCredentialFilePath();\n let data: string;\n try {\n data = await fs.readFile(filePath, \"utf8\");\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return null;\n throw err;\n }\n if (data.trim().length === 0) {\n return null;\n }\n let parsed: DiskShape;\n try {\n parsed = JSON.parse(data) as DiskShape;\n } catch {\n return null;\n }\n const accessToken = parsed.accessToken ?? parsed.authToken;\n const refreshToken = parsed.refreshToken;\n if (!accessToken && !refreshToken) return null;\n return {\n accessToken: accessToken || undefined,\n refreshToken: refreshToken || undefined,\n tokenExpiresAt: parsed.tokenExpiresAt || undefined,\n clerkOAuthIssuer: parsed.clerkOAuthIssuer || undefined,\n clerkOAuthClientId: parsed.clerkOAuthClientId || undefined,\n clerkOAuthTokenUrl: parsed.clerkOAuthTokenUrl || undefined,\n environment: parsed.environment || undefined,\n };\n}\n\nasync function writeFilePayload(payload: DiskShape): Promise<void> {\n await atomicWriteFile(\n getCredentialFilePath(),\n `${JSON.stringify(payload, null, 2)}\\n`,\n { mode: 0o600 },\n );\n}\n\nasync function fileWriteFull(creds: Credentials): Promise<void> {\n if (!creds.accessToken || !creds.refreshToken) {\n throw new Error(\n \"Refusing to persist credentials with an empty accessToken or refreshToken.\",\n );\n }\n await writeFilePayload({\n authToken: creds.accessToken,\n refreshToken: creds.refreshToken,\n tokenExpiresAt: creds.tokenExpiresAt,\n clerkOAuthIssuer: creds.clerkOAuthIssuer,\n clerkOAuthClientId: creds.clerkOAuthClientId,\n clerkOAuthTokenUrl: creds.clerkOAuthTokenUrl,\n environment: creds.environment,\n });\n}\n\nasync function fileWriteAccessOnly(accessToken: string): Promise<void> {\n if (!accessToken) {\n throw new Error(\"Refusing to persist an empty access token.\");\n }\n await writeFilePayload({ authToken: accessToken });\n}\n\nasync function fileClear(): Promise<void> {\n const filePath = getCredentialFilePath();\n try {\n await fs.unlink(filePath);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\nexport const fileCredentialBackend: CredentialBackend = {\n name: \"file\",\n read: fileRead,\n writeFull: fileWriteFull,\n writeAccessOnly: fileWriteAccessOnly,\n clear: fileClear,\n};\n\nexport type BackendResolver = () =>\n | CredentialBackend\n | Promise<CredentialBackend>;\n\nlet cachedBackend: CredentialBackend | null = null;\nlet migrationCompleted = false;\nlet backendResolver: BackendResolver = defaultBackendResolver;\n\n/**\n * Default resolver precedence:\n *\n * 1. `DREAMBOARD_CREDENTIAL_BACKEND` env var (debugging / CI override).\n * - \"file\" -> force file\n * - \"keychain\" -> force keychain (falls back to file if the native\n * module or the OS keyring is unavailable)\n * - \"auto\" -> same as unset (use config)\n * - unknown -> throw so typos fail loud\n * 2. `credentialBackend` in `~/.dreamboard/config.json`.\n * - \"keychain\" -> opt in to the OS keychain (with file fallback)\n * - \"file\" / unset / malformed -> file\n * 3. Default: file backend.\n *\n * Keychain is opt-in because on macOS the OS login-keychain prompts for\n * the user's password the first time a new binary tries to write to an\n * item, and re-prompts whenever the Node binary signature changes. We\n * would rather ship a zero-prompt default and let users who care about\n * encrypted-at-rest storage enable it.\n *\n * The resolver is async because the keychain probe requires a dynamic\n * `@napi-rs/keyring` import.\n */\nasync function defaultBackendResolver(): Promise<CredentialBackend> {\n const override = (process.env.DREAMBOARD_CREDENTIAL_BACKEND ?? \"\")\n .trim()\n .toLowerCase();\n if (override === \"file\") {\n return fileCredentialBackend;\n }\n if (override && override !== \"keychain\" && override !== \"auto\") {\n // Fail loud on typos rather than silently falling back: this env\n // var exists specifically for users who are debugging auth issues\n // and need to know their override took effect.\n throw new Error(\n `Unknown DREAMBOARD_CREDENTIAL_BACKEND value \"${override}\" (expected \"file\", \"keychain\", or \"auto\").`,\n );\n }\n\n const useKeychain =\n override === \"keychain\" || (await readCredentialBackendPreference());\n if (!useKeychain) {\n return fileCredentialBackend;\n }\n\n const { tryKeychainBackend } = await import(\"./keychain-backend.js\");\n const keychain = await tryKeychainBackend();\n if (keychain.available) {\n return keychain.backend;\n }\n // The user explicitly asked for keychain but the platform can't\n // provide one (no libsecret on Linux, missing native module, etc).\n // Silently degrade to the file backend so the CLI stays usable; the\n // active backend is still visible through `dreamboard auth status`.\n return fileCredentialBackend;\n}\n\nasync function readCredentialBackendPreference(): Promise<boolean> {\n try {\n // Dynamic import to avoid a top-level cycle with `global-config.ts`\n // (which imports `getCredentialFilePath` from this module). Using\n // the async path keeps the cycle purely lazy.\n const { loadGlobalConfig } = await import(\"./global-config.js\");\n const config = await loadGlobalConfig();\n return config.credentialBackend === \"keychain\";\n } catch {\n // If the config file is unreadable or the dynamic import fails\n // (e.g. during early bootstrap), fall back to the file-backed\n // default rather than crashing credential lookups.\n return false;\n }\n}\n\n/**\n * Override which backend is used. Tests use this to inject in-memory\n * backends; production code uses the default keychain-first resolver.\n */\nexport function setCredentialBackendResolver(resolver: BackendResolver): void {\n backendResolver = resolver;\n cachedBackend = null;\n migrationCompleted = false;\n}\n\nexport async function getCredentialBackend(): Promise<CredentialBackend> {\n if (cachedBackend === null) {\n cachedBackend = await backendResolver();\n // One-time migration: if we resolved to a non-file backend and\n // `auth.json` still has credentials from the old layout, copy them\n // over and remove the file. We only do this when the new backend is\n // empty, so repeated migrations cannot stomp a newer keychain\n // session with a stale file session.\n if (!migrationCompleted && cachedBackend.name !== \"file\") {\n await migrateFromFileBackendIfNeeded(cachedBackend);\n }\n migrationCompleted = true;\n }\n return cachedBackend;\n}\n\nasync function migrateFromFileBackendIfNeeded(\n target: CredentialBackend,\n): Promise<void> {\n try {\n const [onDisk, onTarget] = await Promise.all([\n fileCredentialBackend.read(),\n target.read(),\n ]);\n if (!onDisk) return;\n if (onTarget) {\n // Target already has a session - the user has already migrated.\n // Remove the file so it cannot get re-used accidentally.\n await fileCredentialBackend.clear();\n return;\n }\n if (onDisk.accessToken && onDisk.refreshToken) {\n await target.writeFull({\n accessToken: onDisk.accessToken,\n refreshToken: onDisk.refreshToken,\n });\n } else if (onDisk.accessToken) {\n await target.writeAccessOnly(onDisk.accessToken);\n } else {\n return;\n }\n await fileCredentialBackend.clear();\n } catch {\n // Migration is best-effort. A failure here should not block CLI\n // operation; on next run the file backend is still consulted\n // directly because the keychain backend's `read` returns null and\n // callers fall through to \"missing session\" → login prompt.\n }\n}\n\nexport async function getActiveCredentialBackendName(): Promise<CredentialBackendName> {\n const backend = await getCredentialBackend();\n return backend.name;\n}\n\n/** Loose read: returns whatever is on disk, including access-only sessions. */\nexport async function getStoredSession(): Promise<StoredSessionSnapshot | null> {\n const backend = await getCredentialBackend();\n return backend.read();\n}\n\n/** Strict read: returns a refreshable pair, or null if either token is missing. */\nexport async function getCredentials(): Promise<Credentials | null> {\n const snapshot = await getStoredSession();\n if (!snapshot) return null;\n const { accessToken, refreshToken } = snapshot;\n if (!accessToken || !refreshToken) return null;\n return { accessToken, refreshToken };\n}\n\nexport async function setCredentials(creds: Credentials): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.writeFull(creds);\n });\n}\n\nexport async function setAccessOnlySession(accessToken: string): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.writeAccessOnly(accessToken);\n });\n}\n\nexport async function clearCredentials(): Promise<void> {\n await withFileLock(getCredentialLockPath(), async () => {\n const backend = await getCredentialBackend();\n await backend.clear();\n });\n}\n\n/**\n * Run `fn` while holding the cross-process credential lock. `fn` receives\n * an ops handle that reads/writes the active backend without re-acquiring\n * the lock (avoiding deadlock).\n *\n * This is the only correct way to perform a read-modify-write on stored\n * credentials (e.g. CLI refresh rotation) in the presence of\n * concurrent CLI invocations.\n */\nexport async function withCredentialLock<T>(\n fn: (ops: CredentialLockOps) => Promise<T>,\n options?: FileLockOptions,\n): Promise<T> {\n return withFileLock(\n getCredentialLockPath(),\n async () => {\n const backend = await getCredentialBackend();\n const ops: CredentialLockOps = {\n backendName: backend.name,\n read: () => backend.read(),\n writeFull: (creds) => backend.writeFull(creds),\n writeAccessOnly: (accessToken) => backend.writeAccessOnly(accessToken),\n clear: () => backend.clear(),\n };\n return fn(ops);\n },\n options,\n );\n}\n\n/** Test-only reset of module state. Not exported through the barrel. */\nexport function _resetCredentialStoreForTests(): void {\n cachedBackend = null;\n migrationCompleted = false;\n backendResolver = defaultBackendResolver;\n}\n"],"mappings":";;;AAAA,OAAOA,SAAQ;AACf,OAAOC,WAAU;;;ACCV,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAE7B,IAAM,mBAAmB;AACzB,IAAM,4BACX;AAKK,IAAM,sBAAyD;AAAA,EACpE,OAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,kBAAkB;AAAA,IAClB,oBACE;AAAA,IACF,iBAAiB;AAAA,EACnB;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,EACnB;AACF;AACO,IAAM,sBAAsB;AAC5B,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B,GAAG,gBAAgB,IAAI,kBAAkB;AAC5E,IAAM,iCAAiC;AACvC,IAAM,YAAY;AAClB,IAAM,2BAA2B,IAAI,KAAK;AAG1C,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;;;AChDD,SAAS,OAAO,UAAU,MAAM,iBAAiB;AACjD,OAAO,UAAU;AAEjB,eAAsB,UAAU,SAAgC;AAC9D,QAAM,MAAM,SAAS,EAAE,WAAW,KAAK,CAAC;AAC1C;AAEA,eAAsB,OAAO,UAAoC;AAC/D,MAAI;AACF,UAAM,KAAK,QAAQ;AACnB,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,aAAa,UAAmC;AACpE,SAAO,SAAS,UAAU,MAAM;AAClC;AAEA,eAAsB,qBACpB,UACwB;AACxB,MAAI;AACF,WAAO,MAAM,SAAS,UAAU,MAAM;AAAA,EACxC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,cACpB,UACA,SACe;AACf,QAAM,UAAU,KAAK,QAAQ,QAAQ,CAAC;AACtC,QAAM,UAAU,UAAU,SAAS,MAAM;AAC3C;AAEA,eAAsB,aAAgB,UAA8B;AAClE,QAAM,OAAO,MAAM,aAAa,QAAQ;AACxC,SAAO,KAAK,MAAM,IAAI;AACxB;AAEA,eAAsB,cACpB,UACA,MACe;AACf,QAAM,cAAc,UAAU,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,CAAI;AACpE;;;AC5BA,SAAS,aAAa,aAAa,YAAY,UAAsB;AACrE,OAAOC,WAAU;AACjB,OAAO,YAAY;AASnB,eAAsB,gBACpB,YACA,UACA,UAA8B,CAAC,GAChB;AACf,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI;AAAA,MACR,mDAAmD,UAAU;AAAA,IAC/D;AAAA,EACF;AACA,QAAM,OAAO,QAAQ,QAAQ;AAC7B,QAAM,cAAc,QAAQ,SAAS;AACrC,QAAM,MAAMA,MAAK,QAAQ,UAAU;AACnC,QAAM,GAAG,MAAM,KAAK,EAAE,WAAW,KAAK,CAAC;AAEvC,QAAM,SAAS,OAAO,YAAY,CAAC,EAAE,SAAS,KAAK;AACnD,QAAM,UAAU,GAAG,UAAU,QAAQ,QAAQ,GAAG,IAAI,MAAM;AAE1D,QAAM,KAAK,MAAM,GAAG;AAAA,IAClB;AAAA,IACA,YAAY,WAAW,YAAY,UAAU,YAAY;AAAA,IACzD;AAAA,EACF;AACA,MAAI;AACF,UAAM,GAAG,UAAU,UAAU,MAAM;AACnC,QAAI;AACF,YAAM,GAAG,MAAM,IAAI;AAAA,IACrB,QAAQ;AAAA,IAIR;AACA,QAAI,aAAa;AACf,UAAI;AACF,cAAM,GAAG,KAAK;AAAA,MAChB,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAM,GAAG,MAAM;AAAA,EACjB;AAEA,MAAI;AACF,UAAM,GAAG,OAAO,SAAS,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,UAAM,GAAG,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAC9C,UAAM;AAAA,EACR;AACF;AAgBA,eAAsB,aACpB,UACA,IACA,UAA2B,CAAC,GAChB;AACZ,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,UAAU,QAAQ,WAAW;AAEnC,QAAM,GAAG,MAAMA,MAAK,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAE1D,MAAI,UAAU;AACd,MAAI,WAAW;AACf,SAAO,CAAC,UAAU;AAChB,QAAI;AACF,YAAM,KAAK,MAAM,GAAG;AAAA,QAClB;AAAA,QACA,YAAY,WAAW,YAAY,UAAU,YAAY;AAAA,QACzD;AAAA,MACF;AACA,YAAM,GAAG,UAAU,GAAG,QAAQ,GAAG;AAAA,GAAM,MAAM;AAC7C,YAAM,GAAG,MAAM;AACf,iBAAW;AACX;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,OAAQ,IAA8B;AAC5C,UAAI,SAAS,UAAU;AACrB,cAAM;AAAA,MACR;AAAA,IACF;AAEA,QAAIC,QAAqB;AACzB,QAAI;AACF,MAAAA,QAAO,MAAM,GAAG,KAAK,QAAQ;AAAA,IAC/B,QAAQ;AACN;AAAA,IACF;AACA,QAAIA,UAAS,MAAM;AACjB,YAAM,QAAQ,KAAK,IAAI,IAAIA,MAAK;AAChC,UAAI,QAAQ,SAAS;AACnB,cAAM,GAAG,OAAO,QAAQ,EAAE,MAAM,MAAM,MAAS;AAC/C;AAAA,MACF;AAAA,IACF;AAEA,eAAW;AACX,QAAI,WAAW,SAAS;AACtB,YAAM,IAAI;AAAA,QACR,oCAAoC,QAAQ,UAAU,OAAO;AAAA,MAC/D;AAAA,IACF;AACA,UAAM,SAAS,KAAK;AAAA,MAClB,KAAK,OAAO,IAAI,KAAK,IAAI,GAAG,aAAa,UAAU;AAAA,IACrD;AACA,UAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,aAAa,MAAM,CAAC;AAAA,EACzE;AAEA,MAAI;AACF,WAAO,MAAM,GAAG;AAAA,EAClB,UAAE;AACA,UAAM,GAAG,OAAO,QAAQ,EAAE,MAAM,MAAM,MAAS;AAAA,EACjD;AACF;;;ACpHA,OAAO,QAAQ;AACf,OAAOC,WAAU;AACjB,SAAS,YAAYC,WAAU;AA8DxB,SAAS,wBAAgC;AAC9C,SAAOC,MAAK,KAAK,GAAG,QAAQ,GAAG,kBAAkB,WAAW;AAC9D;AAEA,SAAS,wBAAgC;AACvC,SAAO,GAAG,sBAAsB,CAAC;AACnC;AAEA,eAAe,WAAkD;AAC/D,QAAM,WAAW,sBAAsB;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAMC,IAAG,SAAS,UAAU,MAAM;AAAA,EAC3C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACA,MAAI,KAAK,KAAK,EAAE,WAAW,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,QAAM,cAAc,OAAO,eAAe,OAAO;AACjD,QAAM,eAAe,OAAO;AAC5B,MAAI,CAAC,eAAe,CAAC,aAAc,QAAO;AAC1C,SAAO;AAAA,IACL,aAAa,eAAe;AAAA,IAC5B,cAAc,gBAAgB;AAAA,IAC9B,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,kBAAkB,OAAO,oBAAoB;AAAA,IAC7C,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,aAAa,OAAO,eAAe;AAAA,EACrC;AACF;AAEA,eAAe,iBAAiB,SAAmC;AACjE,QAAM;AAAA,IACJ,sBAAsB;AAAA,IACtB,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA;AAAA,IACnC,EAAE,MAAM,IAAM;AAAA,EAChB;AACF;AAEA,eAAe,cAAc,OAAmC;AAC9D,MAAI,CAAC,MAAM,eAAe,CAAC,MAAM,cAAc;AAC7C,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,iBAAiB;AAAA,IACrB,WAAW,MAAM;AAAA,IACjB,cAAc,MAAM;AAAA,IACpB,gBAAgB,MAAM;AAAA,IACtB,kBAAkB,MAAM;AAAA,IACxB,oBAAoB,MAAM;AAAA,IAC1B,oBAAoB,MAAM;AAAA,IAC1B,aAAa,MAAM;AAAA,EACrB,CAAC;AACH;AAEA,eAAe,oBAAoB,aAAoC;AACrE,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACA,QAAM,iBAAiB,EAAE,WAAW,YAAY,CAAC;AACnD;AAEA,eAAe,YAA2B;AACxC,QAAM,WAAW,sBAAsB;AACvC,MAAI;AACF,UAAMA,IAAG,OAAO,QAAQ;AAAA,EAC1B,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAEO,IAAM,wBAA2C;AAAA,EACtD,MAAM;AAAA,EACN,MAAM;AAAA,EACN,WAAW;AAAA,EACX,iBAAiB;AAAA,EACjB,OAAO;AACT;AAMA,IAAI,gBAA0C;AAC9C,IAAI,qBAAqB;AACzB,IAAI,kBAAmC;AAyBvC,eAAe,yBAAqD;AAClE,QAAM,YAAY,QAAQ,IAAI,iCAAiC,IAC5D,KAAK,EACL,YAAY;AACf,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,EACT;AACA,MAAI,YAAY,aAAa,cAAc,aAAa,QAAQ;AAI9D,UAAM,IAAI;AAAA,MACR,gDAAgD,QAAQ;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,cACJ,aAAa,cAAe,MAAM,gCAAgC;AACpE,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,gCAAuB;AACnE,QAAM,WAAW,MAAM,mBAAmB;AAC1C,MAAI,SAAS,WAAW;AACtB,WAAO,SAAS;AAAA,EAClB;AAKA,SAAO;AACT;AAEA,eAAe,kCAAoD;AACjE,MAAI;AAIF,UAAM,EAAE,kBAAAC,kBAAiB,IAAI,MAAM,OAAO,6BAAoB;AAC9D,UAAM,SAAS,MAAMA,kBAAiB;AACtC,WAAO,OAAO,sBAAsB;AAAA,EACtC,QAAQ;AAIN,WAAO;AAAA,EACT;AACF;AAYA,eAAsB,uBAAmD;AACvE,MAAI,kBAAkB,MAAM;AAC1B,oBAAgB,MAAM,gBAAgB;AAMtC,QAAI,CAAC,sBAAsB,cAAc,SAAS,QAAQ;AACxD,YAAM,+BAA+B,aAAa;AAAA,IACpD;AACA,yBAAqB;AAAA,EACvB;AACA,SAAO;AACT;AAEA,eAAe,+BACb,QACe;AACf,MAAI;AACF,UAAM,CAAC,QAAQ,QAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC3C,sBAAsB,KAAK;AAAA,MAC3B,OAAO,KAAK;AAAA,IACd,CAAC;AACD,QAAI,CAAC,OAAQ;AACb,QAAI,UAAU;AAGZ,YAAM,sBAAsB,MAAM;AAClC;AAAA,IACF;AACA,QAAI,OAAO,eAAe,OAAO,cAAc;AAC7C,YAAM,OAAO,UAAU;AAAA,QACrB,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,MACvB,CAAC;AAAA,IACH,WAAW,OAAO,aAAa;AAC7B,YAAM,OAAO,gBAAgB,OAAO,WAAW;AAAA,IACjD,OAAO;AACL;AAAA,IACF;AACA,UAAM,sBAAsB,MAAM;AAAA,EACpC,QAAQ;AAAA,EAKR;AACF;AAEA,eAAsB,iCAAiE;AACrF,QAAM,UAAU,MAAM,qBAAqB;AAC3C,SAAO,QAAQ;AACjB;AAGA,eAAsB,mBAA0D;AAC9E,QAAM,UAAU,MAAM,qBAAqB;AAC3C,SAAO,QAAQ,KAAK;AACtB;AAWA,eAAsB,eAAe,OAAmC;AACtE,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,UAAU,KAAK;AAAA,EAC/B,CAAC;AACH;AAEA,eAAsB,qBAAqB,aAAoC;AAC7E,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,gBAAgB,WAAW;AAAA,EAC3C,CAAC;AACH;AAEA,eAAsB,mBAAkC;AACtD,QAAM,aAAa,sBAAsB,GAAG,YAAY;AACtD,UAAM,UAAU,MAAM,qBAAqB;AAC3C,UAAM,QAAQ,MAAM;AAAA,EACtB,CAAC;AACH;;;AJhXA,SAAS,2BACP,OACyC;AACzC,MAAI,UAAU,UAAU,UAAU,WAAY,QAAO;AAIrD,SAAO;AACT;AAEO,SAAS,sBAA8B;AAC5C,SAAOC,MAAK,KAAKC,IAAG,QAAQ,GAAG,kBAAkB,aAAa;AAChE;AAOO,SAAS,oBAA4B;AAC1C,SAAO,sBAAsB;AAC/B;AAaA,eAAsB,mBAA0C;AAC9D,QAAM,SAAS,MAAM,aAA2B,oBAAoB,CAAC,EAAE;AAAA,IACrE,OAAO,CAAC;AAAA,EACV;AACA,SAAO;AAAA,IACL,aAAa,OAAO;AAAA,IACpB,mBAAmB,2BAA2B,OAAO,iBAAiB;AAAA,EACxE;AACF;AAUA,eAAsB,iBAAiB,QAAqC;AAC1E,QAAM,YAAYD,MAAK,KAAKC,IAAG,QAAQ,GAAG,gBAAgB;AAC1D,QAAM,UAAU,SAAS;AACzB,QAAM,aAA2B;AAAA,IAC/B,aAAa,OAAO;AAAA,IACpB,mBAAmB,2BAA2B,OAAO,iBAAiB;AAAA,EACxE;AACA,QAAM;AAAA,IACJ,oBAAoB;AAAA,IACpB,GAAG,KAAK,UAAU,YAAY,MAAM,CAAC,CAAC;AAAA;AAAA,IACtC,EAAE,MAAM,IAAM;AAAA,EAChB;AACF;","names":["os","path","path","stat","path","fs","path","fs","loadGlobalConfig","path","os"]}