@g-abhishek/gitx 0.1.1 → 0.1.4

package/dist/providers/gitlab.js

@@ -0,0 +1,186 @@
+import axios, { isAxiosError } from "axios";
+import { withRetry } from "../utils/retry.js";
+import { GitxError } from "../utils/errors.js";
+// ─── GitLab Provider ──────────────────────────────────────────────────────────
+export class GitLabProvider {
+    http;
+    constructor(token) {
+        this.http = axios.create({
+            baseURL: "https://gitlab.com/api/v4",
+            headers: {
+                "PRIVATE-TOKEN": token,
+                "Content-Type": "application/json",
+            },
+            timeout: 20_000,
+        });
+    }
+    /** GitLab requires URL-encoded namespace/project slugs */
+    enc(slug) {
+        return encodeURIComponent(slug);
+    }
+    async listPRs(repoSlug) {
+        try {
+            const { data } = await withRetry(() => this.http.get(`/projects/${this.enc(repoSlug)}/merge_requests`, { params: { state: "opened", per_page: 50 } }));
+            return data.map(mapGlMr);
+        }
+        catch (err) {
+            throw wrapGlError(err, "list MRs");
+        }
+    }
+    async getPR(repoSlug, prNumber) {
+        try {
+            const { data } = await this.http.get(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}`);
+            return mapGlMr(data);
+        }
+        catch (err) {
+            throw wrapGlError(err, `get MR !${prNumber}`);
+        }
+    }
+    async createPR(repoSlug, opts) {
+        try {
+            const { data } = await this.http.post(`/projects/${this.enc(repoSlug)}/merge_requests`, {
+                title: opts.title,
+                description: opts.body,
+                source_branch: opts.head,
+                target_branch: opts.base,
+                draft: opts.draft ?? false,
+            });
+            return mapGlMr(data);
+        }
+        catch (err) {
+            throw wrapGlError(err, "create MR");
+        }
+    }
+    async getPRComments(repoSlug, prNumber) {
+        try {
+            const { data } = await this.http.get(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`, { params: { per_page: 100 } });
+            return data
+                .filter((n) => !n.system)
+                .map((n) => ({
+                id: n.id,
+                body: n.body,
+                author: n.author.username,
+                createdAt: n.created_at,
+            }));
+        }
+        catch (err) {
+            throw wrapGlError(err, `get MR !${prNumber} notes`);
+        }
+    }
+    async addPRComment(repoSlug, prNumber, body) {
+        try {
+            await this.http.post(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`, { body });
+        }
+        catch (err) {
+            throw wrapGlError(err, `comment on MR !${prNumber}`);
+        }
+    }
+    async getPRDiff(repoSlug, prNumber) {
+        try {
+            const { data } = await this.http.get(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/diffs`);
+            return data.map((d) => `--- a/${d.old_path}\n+++ b/${d.new_path}\n${d.diff}`).join("\n\n");
+        }
+        catch {
+            return "";
+        }
+    }
+    async mergePR(repoSlug, prNumber, opts) {
+        try {
+            await this.http.put(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/merge`, {
+                squash: opts.method === "squash",
+                merge_commit_message: opts.commitTitle ?? undefined,
+                should_remove_source_branch: opts.deleteSourceBranch ?? false,
+            });
+        }
+        catch (err) {
+            throw wrapGlError(err, `merge MR !${prNumber}`);
+        }
+    }
+    async closePR(repoSlug, prNumber) {
+        try {
+            await this.http.put(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}`, { state_event: "close" });
+        }
+        catch (err) {
+            throw wrapGlError(err, `close MR !${prNumber}`);
+        }
+    }
+    async submitPRReview(repoSlug, prNumber, opts) {
+        // Build the overall review note with verdict prefix
+        const verdictPrefix = opts.event === "approve" ? "✅ **APPROVED**" :
+            opts.event === "request_changes" ? "🔴 **CHANGES REQUESTED**" : "💬 **REVIEW COMMENT**";
+        const overallBody = `${verdictPrefix}\n\n${opts.body}`;
+        try {
+            // Post the summary as a plain MR note
+            await this.http.post(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`, { body: overallBody });
+            // Post inline comments as MR notes with file+line context embedded in the body
+            // (GitLab discussion positions require SHAs; use enriched body as fallback)
+            for (const c of opts.comments ?? []) {
+                const inlineBody = `**\`${c.path}:${c.line}\`**\n\n${c.body}`;
+                await this.http.post(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`, { body: inlineBody }).catch(() => { });
+            }
+        }
+        catch (err) {
+            throw wrapGlError(err, `submit review on MR !${prNumber}`);
+        }
+    }
+    async replyToComment(repoSlug, prNumber, commentId, body) {
+        try {
+            // GitLab: add a note to the MR (thread replies require discussion IDs which we don't store)
+            const replyBody = `*(in reply to comment #${commentId})*\n\n${body}`;
+            await this.http.post(`/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`, { body: replyBody });
+        }
+        catch (err) {
+            throw wrapGlError(err, `reply to comment #${commentId}`);
+        }
+    }
+    async getDefaultBranch(repoSlug) {
+        try {
+            const { data } = await withRetry(() => this.http.get(`/projects/${this.enc(repoSlug)}`));
+            return data.default_branch ?? "main";
+        }
+        catch (err) {
+            throw wrapGlError(err, "get default branch");
+        }
+    }
+}
+// ─── Mappers ──────────────────────────────────────────────────────────────────
+function mapGlMr(d) {
+    let state;
+    if (d.state === "merged")
+        state = "merged";
+    else if (d.state === "opened")
+        state = "open";
+    else
+        state = "closed";
+    return {
+        id: d.id,
+        number: d.iid,
+        title: d.title,
+        body: d.description ?? "",
+        state,
+        head: d.source_branch,
+        base: d.target_branch,
+        url: d.web_url,
+        author: d.author?.username ?? "unknown",
+        createdAt: d.created_at,
+        updatedAt: d.updated_at,
+    };
+}
+function wrapGlError(err, action) {
+    if (isAxiosError(err)) {
+        const status = err.response?.status;
+        const msg = err.response?.data?.message ?? err.message;
+        if (status === 401) {
+            return new GitxError(`GitLab authentication failed while trying to ${action}. Check your token with \`gitx config set-provider gitlab\`.`, { exitCode: 1, cause: err });
+        }
+        if (status === 404) {
+            return new GitxError(`GitLab resource not found while trying to ${action}. Verify the repo slug and token scopes.`, { exitCode: 1, cause: err });
+        }
+        return new GitxError(`GitLab API error (${status ?? "network"}) while trying to ${action}: ${String(msg)}`, { exitCode: 1, cause: err });
+    }
+    return new GitxError(`Unexpected error while trying to ${action}: ${String(err)}`, {
+        exitCode: 1,
+        cause: err,
+    });
+}
+//# sourceMappingURL=gitlab.js.map

package/dist/providers/gitlab.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitlab.js","sourceRoot":"","sources":["../../src/providers/gitlab.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAsB,YAAY,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAqC/C,iFAAiF;AACjF,MAAM,OAAO,cAAc;IACR,IAAI,CAAgB;IAErC,YAAY,KAAa;QACvB,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC;YACvB,OAAO,EAAE,2BAA2B;YACpC,OAAO,EAAE;gBACP,eAAe,EAAE,KAAK;gBACtB,cAAc,EAAE,kBAAkB;aACnC;YACD,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAClD,GAAG,CAAC,IAAY;QACtB,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB;QAC5B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAClD,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,EAChD,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,CAC9C,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,QAAgB,EAAE,QAAgB;QAC5C,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAClC,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,EAAE,CAC7D,CAAC;YACF,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAAgB,EAAE,IAAqB;QACpD,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,EAChD;gBACE,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,WAAW,EAAE,IAAI,CAAC,IAAI;gBACtB,aAAa,EAAE,IAAI,CAAC,IAAI;gBACxB,aAAa,EAAE,IAAI,CAAC,IAAI;gBACxB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK;aAC3B,CACF,CAAC;YACF,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,QAAgB;QACpD,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAClC,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,CAC9B,CAAC;YACF,OAAO,IAAI;iBACR,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;iBACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACX,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ;gBACzB,SAAS,EAAE,CAAC,CAAC,UAAU;aACxB,CAAC,CAAC,CAAC;QACR,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,QAAQ,QAAQ,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,QAAgB,EAAE,IAAY;QACjE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE,EAAE,IAAI,EAAE,CACT,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,kBAAkB,QAAQ,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,QAAgB;QAChD,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAClC,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,CACnE,CAAC;YACF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,QAAQ,WAAW,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,QAAgB,EAAE,IAAoB;QACpE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CACjB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE;gBACE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,QAAQ;gBAChC,oBAAoB,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS;gBACnD,2BAA2B,EAAE,IAAI,CAAC,kBAAkB,IAAI,KAAK;aAC9D,CACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,aAAa,QAAQ,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,QAAgB;QAC9C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CACjB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,EAAE,EAC5D,EAAE,WAAW,EAAE,OAAO,EAAE,CACzB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,aAAa,QAAQ,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB,EAAE,IAAyB;QAChF,oDAAoD;QACpD,MAAM,aAAa,GACjB,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAE1F,MAAM,WAAW,GAAG,GAAG,aAAa,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;QAEvD,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE,EAAE,IAAI,EAAE,WAAW,EAAE,CACtB,CAAC;YAEF,+EAA+E;YAC/E,4EAA4E;YAC5E,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;gBACpC,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC9D,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE,EAAE,IAAI,EAAE,UAAU,EAAE,CACrB,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB,EAAE,SAAiB,EAAE,IAAY;QACtF,IAAI,CAAC;YACH,4FAA4F;YAC5F,MAAM,SAAS,GAAG,0BAA0B,SAAS,SAAS,IAAI,EAAE,CAAC;YACrE,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,QAAQ,QAAQ,EAClE,EAAE,IAAI,EAAE,SAAS,EAAE,CACpB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,qBAAqB,SAAS,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACrC,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,CACpC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAY,aAAa,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAC5D,CAAC;YACF,OAAO,IAAI,CAAC,cAAc,IAAI,MAAM,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;CACF;AAED,iFAAiF;AACjF,SAAS,OAAO,CAAC,CAAO;IACtB,IAAI,KAAmC,CAAC;IACxC,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ;QAAE,KAAK,GAAG,QAAQ,CAAC;SACtC,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ;QAAE,KAAK,GAAG,MAAM,CAAC;;QACzC,KAAK,GAAG,QAAQ,CAAC;IAEtB,OAAO;QACL,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,MAAM,EAAE,CAAC,CAAC,GAAG;QACb,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE;QACzB,KAAK;QACL,IAAI,EAAE,CAAC,CAAC,aAAa;QACrB,IAAI,EAAE,CAAC,CAAC,aAAa;QACrB,GAAG,EAAE,CAAC,CAAC,OAAO;QACd,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,IAAI,SAAS;QACvC,SAAS,EAAE,CAAC,CAAC,UAAU;QACvB,SAAS,EAAE,CAAC,CAAC,UAAU;KACxB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY,EAAE,MAAc;IAC/C,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC;QACpC,MAAM,GAAG,GAAI,GAAG,CAAC,QAAQ,EAAE,IAA4C,EAAE,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC;QAChG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,IAAI,SAAS,CAClB,gDAAgD,MAAM,8DAA8D,EACpH,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAC5B,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,IAAI,SAAS,CAClB,6CAA6C,MAAM,0CAA0C,EAC7F,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAC5B,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,SAAS,CAClB,qBAAqB,MAAM,IAAI,SAAS,qBAAqB,MAAM,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAC5B,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,SAAS,CAAC,oCAAoC,MAAM,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE;QACjF,QAAQ,EAAE,CAAC;QACX,KAAK,EAAE,GAAG;KACX,CAAC,CAAC;AACL,CAAC","sourcesContent":["import axios, { type AxiosInstance, isAxiosError } from \"axios\";\nimport { withRetry } from \"../utils/retry.js\";\nimport { GitxError } from \"../utils/errors.js\";\nimport type {\n  CreatePrOptions,\n  GitProvider,\n  MergePrOptions,\n  PullRequest,\n  PullRequestComment,\n  SubmitReviewOptions,\n} from \"./base.js\";\n\n// ─── Raw GitLab API shapes ────────────────────────────────────────────────────\ninterface GlMr {\n  id: number;\n  iid: number;\n  title: string;\n  description: string | null;\n  state: string; // \"opened\" | \"closed\" | \"merged\" | \"locked\"\n  source_branch: string;\n  target_branch: string;\n  web_url: string;\n  author: { username: string } | null;\n  created_at: string;\n  updated_at: string;\n}\n\ninterface GlNote {\n  id: number;\n  body: string;\n  author: { username: string };\n  created_at: string;\n  system: boolean;\n}\n\ninterface GlProject {\n  default_branch: string;\n}\n\n// ─── GitLab Provider ──────────────────────────────────────────────────────────\nexport class GitLabProvider implements GitProvider {\n  private readonly http: AxiosInstance;\n\n  constructor(token: string) {\n    this.http = axios.create({\n      baseURL: \"https://gitlab.com/api/v4\",\n      headers: {\n        \"PRIVATE-TOKEN\": token,\n        \"Content-Type\": \"application/json\",\n      },\n      timeout: 20_000,\n    });\n  }\n\n  /** GitLab requires URL-encoded namespace/project slugs */\n  private enc(slug: string): string {\n    return encodeURIComponent(slug);\n  }\n\n  async listPRs(repoSlug: string): Promise<PullRequest[]> {\n    try {\n      const { data } = await withRetry(() => this.http.get<GlMr[]>(\n        `/projects/${this.enc(repoSlug)}/merge_requests`,\n        { params: { state: \"opened\", per_page: 50 } }\n      ));\n      return data.map(mapGlMr);\n    } catch (err) {\n      throw wrapGlError(err, \"list MRs\");\n    }\n  }\n\n  async getPR(repoSlug: string, prNumber: number): Promise<PullRequest> {\n    try {\n      const { data } = await this.http.get<GlMr>(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}`\n      );\n      return mapGlMr(data);\n    } catch (err) {\n      throw wrapGlError(err, `get MR !${prNumber}`);\n    }\n  }\n\n  async createPR(repoSlug: string, opts: CreatePrOptions): Promise<PullRequest> {\n    try {\n      const { data } = await this.http.post<GlMr>(\n        `/projects/${this.enc(repoSlug)}/merge_requests`,\n        {\n          title: opts.title,\n          description: opts.body,\n          source_branch: opts.head,\n          target_branch: opts.base,\n          draft: opts.draft ?? false,\n        }\n      );\n      return mapGlMr(data);\n    } catch (err) {\n      throw wrapGlError(err, \"create MR\");\n    }\n  }\n\n  async getPRComments(repoSlug: string, prNumber: number): Promise<PullRequestComment[]> {\n    try {\n      const { data } = await this.http.get<GlNote[]>(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`,\n        { params: { per_page: 100 } }\n      );\n      return data\n        .filter((n) => !n.system)\n        .map((n) => ({\n          id: n.id,\n          body: n.body,\n          author: n.author.username,\n          createdAt: n.created_at,\n        }));\n    } catch (err) {\n      throw wrapGlError(err, `get MR !${prNumber} notes`);\n    }\n  }\n\n  async addPRComment(repoSlug: string, prNumber: number, body: string): Promise<void> {\n    try {\n      await this.http.post(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`,\n        { body }\n      );\n    } catch (err) {\n      throw wrapGlError(err, `comment on MR !${prNumber}`);\n    }\n  }\n\n\n  async getPRDiff(repoSlug: string, prNumber: number): Promise<string> {\n    try {\n      const { data } = await this.http.get<Array<{ diff: string; new_path: string; old_path: string }>>(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/diffs`\n      );\n      return data.map((d) => `--- a/${d.old_path}\\n+++ b/${d.new_path}\\n${d.diff}`).join(\"\\n\\n\");\n    } catch {\n      return \"\";\n    }\n  }\n\n  async mergePR(repoSlug: string, prNumber: number, opts: MergePrOptions): Promise<void> {\n    try {\n      await this.http.put(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/merge`,\n        {\n          squash: opts.method === \"squash\",\n          merge_commit_message: opts.commitTitle ?? undefined,\n          should_remove_source_branch: opts.deleteSourceBranch ?? false,\n        }\n      );\n    } catch (err) {\n      throw wrapGlError(err, `merge MR !${prNumber}`);\n    }\n  }\n\n  async closePR(repoSlug: string, prNumber: number): Promise<void> {\n    try {\n      await this.http.put(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}`,\n        { state_event: \"close\" }\n      );\n    } catch (err) {\n      throw wrapGlError(err, `close MR !${prNumber}`);\n    }\n  }\n\n  async submitPRReview(repoSlug: string, prNumber: number, opts: SubmitReviewOptions): Promise<void> {\n    // Build the overall review note with verdict prefix\n    const verdictPrefix =\n      opts.event === \"approve\" ? \"✅ **APPROVED**\" :\n      opts.event === \"request_changes\" ? \"🔴 **CHANGES REQUESTED**\" : \"💬 **REVIEW COMMENT**\";\n\n    const overallBody = `${verdictPrefix}\\n\\n${opts.body}`;\n\n    try {\n      // Post the summary as a plain MR note\n      await this.http.post(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`,\n        { body: overallBody }\n      );\n\n      // Post inline comments as MR notes with file+line context embedded in the body\n      // (GitLab discussion positions require SHAs; use enriched body as fallback)\n      for (const c of opts.comments ?? []) {\n        const inlineBody = `**\\`${c.path}:${c.line}\\`**\\n\\n${c.body}`;\n        await this.http.post(\n          `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`,\n          { body: inlineBody }\n        ).catch(() => {});\n      }\n    } catch (err) {\n      throw wrapGlError(err, `submit review on MR !${prNumber}`);\n    }\n  }\n\n  async replyToComment(repoSlug: string, prNumber: number, commentId: number, body: string): Promise<void> {\n    try {\n      // GitLab: add a note to the MR (thread replies require discussion IDs which we don't store)\n      const replyBody = `*(in reply to comment #${commentId})*\\n\\n${body}`;\n      await this.http.post(\n        `/projects/${this.enc(repoSlug)}/merge_requests/${prNumber}/notes`,\n        { body: replyBody }\n      );\n    } catch (err) {\n      throw wrapGlError(err, `reply to comment #${commentId}`);\n    }\n  }\n\n  async getDefaultBranch(repoSlug: string): Promise<string> {\n    try {\n      const { data } = await withRetry(() =>\n        this.http.get<GlProject>(`/projects/${this.enc(repoSlug)}`)\n      );\n      return data.default_branch ?? \"main\";\n    } catch (err) {\n      throw wrapGlError(err, \"get default branch\");\n    }\n  }\n}\n\n// ─── Mappers ──────────────────────────────────────────────────────────────────\nfunction mapGlMr(d: GlMr): PullRequest {\n  let state: \"open\" | \"closed\" | \"merged\";\n  if (d.state === \"merged\") state = \"merged\";\n  else if (d.state === \"opened\") state = \"open\";\n  else state = \"closed\";\n\n  return {\n    id: d.id,\n    number: d.iid,\n    title: d.title,\n    body: d.description ?? \"\",\n    state,\n    head: d.source_branch,\n    base: d.target_branch,\n    url: d.web_url,\n    author: d.author?.username ?? \"unknown\",\n    createdAt: d.created_at,\n    updatedAt: d.updated_at,\n  };\n}\n\nfunction wrapGlError(err: unknown, action: string): GitxError {\n  if (isAxiosError(err)) {\n    const status = err.response?.status;\n    const msg = (err.response?.data as Record<string, unknown> | undefined)?.message ?? err.message;\n    if (status === 401) {\n      return new GitxError(\n        `GitLab authentication failed while trying to ${action}. Check your token with \\`gitx config set-provider gitlab\\`.`,\n        { exitCode: 1, cause: err }\n      );\n    }\n    if (status === 404) {\n      return new GitxError(\n        `GitLab resource not found while trying to ${action}. Verify the repo slug and token scopes.`,\n        { exitCode: 1, cause: err }\n      );\n    }\n    return new GitxError(\n      `GitLab API error (${status ?? \"network\"}) while trying to ${action}: ${String(msg)}`,\n      { exitCode: 1, cause: err }\n    );\n  }\n  return new GitxError(`Unexpected error while trying to ${action}: ${String(err)}`, {\n    exitCode: 1,\n    cause: err,\n  });\n}\n"]}

package/dist/types/config.d.ts

@@ -1,14 +1,58 @@
-import type { ProviderKind } from "./provider.js";
+export type AiProviderKind = "claude" | "openai" | "claude-cli";
+export interface AiProviderEntry {
+    /** Not needed for "claude-cli" */
+    apiKey?: string;
+    /** Optional model override */
+    model?: string;
+}
+/**
+ * Credential entry for a git hosting provider.
+ *
+ * - PAT (default): supply a `token` string.
+ * - GCM (Azure only): set `authMethod: "gcm"` and omit `token`.
+ *   gitx will call `git credential fill` via Git Credential Manager at
+ *   runtime to obtain a short-lived OAuth Bearer token.
+ */
+export interface ProviderEntry {
+    /** Personal Access Token. Required when authMethod is "pat" (default). */
+    token?: string;
+    /**
+     * Authentication method.
+     * - "pat"  (default) — PAT stored in the gitx config.
+     * - "gcm"  — OAuth via Git Credential Manager (Azure DevOps only).
+     */
+    authMethod?: "pat" | "gcm";
+}
 export interface GitxConfig {
-    provider: ProviderKind;
-    token: string;
     /**
-     * Optional: when omitted, `gitx` will infer it from the current working directory's
-     * `remote.origin.url` (where possible).
-     *
-     * Format: owner/name (or provider-specific slug).
+     * Git hosting provider credentials.
+     * gitx auto-detects which one to use from the repo's remote.origin.url.
+     */
+    providers: Partial<Record<"github" | "gitlab" | "azure", ProviderEntry>>;
+    /**
+     * All configured AI providers.
+     * - "claude"      → Anthropic API key required
+     * - "openai"      → OpenAI API key required
+     * - "claude-cli"→ uses locally installed `claude` CLI (no key needed)
+     */
+    aiProviders?: Partial<Record<AiProviderKind, AiProviderEntry>>;
+    /**
+     * Which AI provider to use by default.
+     * If omitted, gitx checks env vars then auto-detects claude-cli.
+     */
+    defaultAiProvider?: AiProviderKind;
+    /**
+     * Default base branch when it can't be inferred from the remote.
+     */
+    defaultBranch?: string;
+    /**
+     * @deprecated Use aiProviders + defaultAiProvider.
+     * Kept for backward-compat; migrated automatically on first load.
      */
-    repo?: string;
-    defaultBranch: string;
+    ai?: {
+        provider: AiProviderKind;
+        apiKey?: string;
+        model?: string;
+    };
 }
 //# sourceMappingURL=config.d.ts.map

package/dist/types/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAElD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd;;;;;OAKG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;CACvB"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,QAAQ,GAAG,YAAY,CAAC;AAEhE,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC5B,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;CAC5B;AAED,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,GAAG,QAAQ,GAAG,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IAEzE;;;;;OAKG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;IAE/D;;;OAGG;IACH,iBAAiB,CAAC,EAAE,cAAc,CAAC;IAEnC;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,EAAE,CAAC,EAAE;QACH,QAAQ,EAAE,cAAc,CAAC;QACzB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH"}

package/dist/types/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"","sourcesContent":["import type { ProviderKind } from \"./provider.js\";\n\nexport interface GitxConfig {\n  provider: ProviderKind;\n  token: string;\n  /**\n   * Optional: when omitted, `gitx` will infer it from the current working directory's\n   * `remote.origin.url` (where possible).\n   *\n   * Format: owner/name (or provider-specific slug).\n   */\n  repo?: string;\n  defaultBranch: string;\n}\n"]}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"","sourcesContent":["export type AiProviderKind = \"claude\" | \"openai\" | \"claude-cli\";\n\nexport interface AiProviderEntry {\n  /** Not needed for \"claude-cli\" */\n  apiKey?: string;\n  /** Optional model override */\n  model?: string;\n}\n\n/**\n * Credential entry for a git hosting provider.\n *\n * - PAT (default): supply a `token` string.\n * - GCM (Azure only): set `authMethod: \"gcm\"` and omit `token`.\n *   gitx will call `git credential fill` via Git Credential Manager at\n *   runtime to obtain a short-lived OAuth Bearer token.\n */\nexport interface ProviderEntry {\n  /** Personal Access Token. Required when authMethod is \"pat\" (default). */\n  token?: string;\n  /**\n   * Authentication method.\n   * - \"pat\"  (default) — PAT stored in the gitx config.\n   * - \"gcm\"  — OAuth via Git Credential Manager (Azure DevOps only).\n   */\n  authMethod?: \"pat\" | \"gcm\";\n}\n\nexport interface GitxConfig {\n  /**\n   * Git hosting provider credentials.\n   * gitx auto-detects which one to use from the repo's remote.origin.url.\n   */\n  providers: Partial<Record<\"github\" | \"gitlab\" | \"azure\", ProviderEntry>>;\n\n  /**\n   * All configured AI providers.\n   * - \"claude\"      → Anthropic API key required\n   * - \"openai\"      → OpenAI API key required\n   * - \"claude-cli\"→ uses locally installed `claude` CLI (no key needed)\n   */\n  aiProviders?: Partial<Record<AiProviderKind, AiProviderEntry>>;\n\n  /**\n   * Which AI provider to use by default.\n   * If omitted, gitx checks env vars then auto-detects claude-cli.\n   */\n  defaultAiProvider?: AiProviderKind;\n\n  /**\n   * Default base branch when it can't be inferred from the remote.\n   */\n  defaultBranch?: string;\n\n  /**\n   * @deprecated Use aiProviders + defaultAiProvider.\n   * Kept for backward-compat; migrated automatically on first load.\n   */\n  ai?: {\n    provider: AiProviderKind;\n    apiKey?: string;\n    model?: string;\n  };\n}\n"]}

package/dist/utils/azureAuth.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Azure DevOps GCM (Git Credential Manager) authentication helpers.
+ *
+ * Instead of a PAT token, this module uses `git credential fill` to obtain a
+ * short-lived OAuth Bearer token managed by GCM. No token is ever stored in
+ * the gitx config file — GCM is the secure, OS-level credential store.
+ *
+ * Prerequisites (run once):
+ *   git config --global credential.azreposCredentialType oauth
+ *   git config --global credential.https://dev.azure.com.useHttpPath true
+ */
+export interface GcmVerifyResult {
+    ok: boolean;
+    issues: string[];
+    fixes: string[];
+}
+/**
+ * Fetch an OAuth Bearer token for the given Azure DevOps org via GCM.
+ *
+ * Uses `git credential fill` which reads from the OS credential store
+ * (Windows Credential Manager / macOS Keychain / GNOME Keyring).
+ * Caches the result in-memory so repeated calls within the same process are
+ * instant (< 1 ms vs ~5 ms for the subprocess round-trip).
+ *
+ * @param org  Azure DevOps org name, e.g. "GoFynd" or "mycompany"
+ */
+export declare function getTokenViaGcm(org: string): Promise<string>;
+/**
+ * Clear the in-memory token cache for the given org (or all orgs).
+ * Useful after a 401 response — forces a fresh fetch on the next call.
+ */
+export declare function invalidateGcmCache(org?: string): void;
+/**
+ * Decode a JWT token (without verifying its signature) and return the
+ * expiry Unix timestamp from the `exp` claim, or `null` if not present.
+ *
+ * Azure DevOps OAuth access tokens typically expire in ~1 hour.
+ * GCM handles refresh silently before the token expires.
+ */
+export declare function decodeJwtExpiry(token: string): number | null;
+/**
+ * Verify that GCM is correctly configured for Azure DevOps and that a token
+ * can actually be fetched for the given org.
+ *
+ * Returns `{ ok: true }` when everything is fine, or `{ ok: false }` with a
+ * list of `issues` (human-readable) and `fixes` (shell commands to run).
+ *
+ * @param org  Azure DevOps org name, e.g. "GoFynd"
+ */
+export declare function verifyGcmSetup(org: string): Promise<GcmVerifyResult>;
+//# sourceMappingURL=azureAuth.d.ts.map

package/dist/utils/azureAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azureAuth.d.ts","sourceRoot":"","sources":["../../src/utils/azureAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsCH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AASD;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgCjE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAMrD;AAID;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAW5D;AAID;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CA6C1E"}

package/dist/utils/azureAuth.js

@@ -0,0 +1,172 @@
+/**
+ * Azure DevOps GCM (Git Credential Manager) authentication helpers.
+ *
+ * Instead of a PAT token, this module uses `git credential fill` to obtain a
+ * short-lived OAuth Bearer token managed by GCM. No token is ever stored in
+ * the gitx config file — GCM is the secure, OS-level credential store.
+ *
+ * Prerequisites (run once):
+ *   git config --global credential.azreposCredentialType oauth
+ *   git config --global credential.https://dev.azure.com.useHttpPath true
+ */
+import { execFile, spawn } from "node:child_process";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+/**
+ * Run `git <args>` and return stdout as a string.
+ * Uses spawn so we can write to stdin (needed for `git credential fill`).
+ */
+function spawnGit(args, stdinData) {
+    return new Promise((resolve, reject) => {
+        const child = spawn("git", args, { stdio: ["pipe", "pipe", "pipe"] });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.on("data", (chunk) => { stdout += chunk.toString(); });
+        child.stderr.on("data", (chunk) => { stderr += chunk.toString(); });
+        child.on("error", (err) => reject(err));
+        child.on("close", (code) => {
+            if (code !== 0) {
+                reject(new Error(`git ${args[0] ?? ""} exited ${code}: ${stderr.trim() || stdout.trim()}`));
+            }
+            else {
+                resolve(stdout);
+            }
+        });
+        if (stdinData !== undefined) {
+            child.stdin.write(stdinData);
+        }
+        child.stdin.end();
+    });
+}
+// ─── In-memory token cache ────────────────────────────────────────────────────
+// Tokens are cached for the lifetime of the current process. GCM handles
+// background refresh; gitx just re-reads on the next process invocation.
+const tokenCache = new Map();
+// ─── Token fetch ──────────────────────────────────────────────────────────────
+/**
+ * Fetch an OAuth Bearer token for the given Azure DevOps org via GCM.
+ *
+ * Uses `git credential fill` which reads from the OS credential store
+ * (Windows Credential Manager / macOS Keychain / GNOME Keyring).
+ * Caches the result in-memory so repeated calls within the same process are
+ * instant (< 1 ms vs ~5 ms for the subprocess round-trip).
+ *
+ * @param org  Azure DevOps org name, e.g. "GoFynd" or "mycompany"
+ */
+export async function getTokenViaGcm(org) {
+    const cached = tokenCache.get(org);
+    if (cached)
+        return cached;
+    const input = `protocol=https\nhost=dev.azure.com\npath=${org}\n\n`;
+    let stdout;
+    try {
+        stdout = await spawnGit(["credential", "fill"], input);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`GCM token fetch failed for org "${org}": ${msg}\n` +
+            `Make sure Git Credential Manager is installed and the following git config is set:\n` +
+            `  git config --global credential.azreposCredentialType oauth\n` +
+            `  git config --global credential.https://dev.azure.com.useHttpPath true\n` +
+            `Then trigger a login by running any authenticated git command against the repo.`);
+    }
+    // Parse "password=<token>" line from git credential output
+    const match = stdout.match(/^password=(.+)$/m);
+    if (!match?.[1]) {
+        throw new Error(`GCM returned no token for org "${org}".\n` +
+            `Try running:  git pull  (to trigger a fresh Azure DevOps login via browser)`);
+    }
+    const token = match[1].trim();
+    tokenCache.set(org, token);
+    return token;
+}
+/**
+ * Clear the in-memory token cache for the given org (or all orgs).
+ * Useful after a 401 response — forces a fresh fetch on the next call.
+ */
+export function invalidateGcmCache(org) {
+    if (org) {
+        tokenCache.delete(org);
+    }
+    else {
+        tokenCache.clear();
+    }
+}
+// ─── JWT helpers ──────────────────────────────────────────────────────────────
+/**
+ * Decode a JWT token (without verifying its signature) and return the
+ * expiry Unix timestamp from the `exp` claim, or `null` if not present.
+ *
+ * Azure DevOps OAuth access tokens typically expire in ~1 hour.
+ * GCM handles refresh silently before the token expires.
+ */
+export function decodeJwtExpiry(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3 || !parts[1])
+        return null;
+    try {
+        const padded = parts[1].padEnd(parts[1].length + ((4 - (parts[1].length % 4)) % 4), "=");
+        const payload = Buffer.from(padded, "base64").toString("utf8");
+        const json = JSON.parse(payload);
+        return typeof json.exp === "number" ? json.exp : null;
+    }
+    catch {
+        return null;
+    }
+}
+// ─── GCM setup verification ───────────────────────────────────────────────────
+/**
+ * Verify that GCM is correctly configured for Azure DevOps and that a token
+ * can actually be fetched for the given org.
+ *
+ * Returns `{ ok: true }` when everything is fine, or `{ ok: false }` with a
+ * list of `issues` (human-readable) and `fixes` (shell commands to run).
+ *
+ * @param org  Azure DevOps org name, e.g. "GoFynd"
+ */
+export async function verifyGcmSetup(org) {
+    const issues = [];
+    const fixes = [];
+    // 1. Check: credential.https://dev.azure.com.useHttpPath = true
+    try {
+        const { stdout } = await execFileAsync("git", [
+            "config", "--global", "credential.https://dev.azure.com.useHttpPath",
+        ]);
+        if (stdout.trim() !== "true") {
+            issues.push("`credential.https://dev.azure.com.useHttpPath` is not set to `true`");
+            fixes.push("git config --global credential.https://dev.azure.com.useHttpPath true");
+        }
+    }
+    catch {
+        issues.push("`credential.https://dev.azure.com.useHttpPath` is not configured");
+        fixes.push("git config --global credential.https://dev.azure.com.useHttpPath true");
+    }
+    // 2. Check: credential.azreposCredentialType = oauth
+    try {
+        const { stdout } = await execFileAsync("git", [
+            "config", "--global", "credential.azreposCredentialType",
+        ]);
+        if (stdout.trim() !== "oauth") {
+            issues.push("`credential.azreposCredentialType` is not set to `oauth`");
+            fixes.push("git config --global credential.azreposCredentialType oauth");
+        }
+    }
+    catch {
+        issues.push("`credential.azreposCredentialType` is not configured");
+        fixes.push("git config --global credential.azreposCredentialType oauth");
+    }
+    // 3. If git config looks good, do a live token fetch
+    if (issues.length === 0) {
+        try {
+            invalidateGcmCache(org); // always do a fresh fetch during verification
+            await getTokenViaGcm(org);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message.split("\n")[0] : String(err);
+            issues.push(`Token fetch failed: ${msg}`);
+            fixes.push("git pull  (to trigger a fresh Azure DevOps login via browser)");
+        }
+    }
+    return { ok: issues.length === 0, issues, fixes };
+}
+//# sourceMappingURL=azureAuth.js.map

package/dist/utils/azureAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azureAuth.js","sourceRoot":"","sources":["../../src/utils/azureAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAc,EAAE,SAAkB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACtE,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAE5E,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACxC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,WAAW,IAAI,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC9F,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC;AAUD,iFAAiF;AACjF,yEAAyE;AACzE,yEAAyE;AACzE,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;AAE7C,iFAAiF;AAEjF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,KAAK,GAAG,4CAA4C,GAAG,MAAM,CAAC;IAEpE,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,QAAQ,CAAC,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CACb,mCAAmC,GAAG,MAAM,GAAG,IAAI;YACnD,sFAAsF;YACtF,gEAAgE;YAChE,2EAA2E;YAC3E,iFAAiF,CAClF,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC/C,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,kCAAkC,GAAG,MAAM;YAC3C,6EAA6E,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC3B,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAY;IAC7C,IAAI,GAAG,EAAE,CAAC;QACR,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,UAAU,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACzF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;QACrD,OAAO,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE;YAC5C,QAAQ,EAAE,UAAU,EAAE,8CAA8C;SACrE,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;YACnF,KAAK,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,KAAK,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IACtF,CAAC;IAED,qDAAqD;IACrD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE;YAC5C,QAAQ,EAAE,UAAU,EAAE,kCAAkC;SACzD,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;YACxE,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAC3E,CAAC;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,8CAA8C;YACvE,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5E,MAAM,CAAC,IAAI,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACpD,CAAC","sourcesContent":["/**\n * Azure DevOps GCM (Git Credential Manager) authentication helpers.\n *\n * Instead of a PAT token, this module uses `git credential fill` to obtain a\n * short-lived OAuth Bearer token managed by GCM. No token is ever stored in\n * the gitx config file — GCM is the secure, OS-level credential store.\n *\n * Prerequisites (run once):\n *   git config --global credential.azreposCredentialType oauth\n *   git config --global credential.https://dev.azure.com.useHttpPath true\n */\n\nimport { execFile, spawn } from \"node:child_process\";\nimport { promisify } from \"node:util\";\n\nconst execFileAsync = promisify(execFile);\n\n/**\n * Run `git <args>` and return stdout as a string.\n * Uses spawn so we can write to stdin (needed for `git credential fill`).\n */\nfunction spawnGit(args: string[], stdinData?: string): Promise<string> {\n  return new Promise((resolve, reject) => {\n    const child = spawn(\"git\", args, { stdio: [\"pipe\", \"pipe\", \"pipe\"] });\n    let stdout = \"\";\n    let stderr = \"\";\n\n    child.stdout.on(\"data\", (chunk: Buffer) => { stdout += chunk.toString(); });\n    child.stderr.on(\"data\", (chunk: Buffer) => { stderr += chunk.toString(); });\n\n    child.on(\"error\", (err) => reject(err));\n    child.on(\"close\", (code) => {\n      if (code !== 0) {\n        reject(new Error(`git ${args[0] ?? \"\"} exited ${code}: ${stderr.trim() || stdout.trim()}`));\n      } else {\n        resolve(stdout);\n      }\n    });\n\n    if (stdinData !== undefined) {\n      child.stdin.write(stdinData);\n    }\n    child.stdin.end();\n  });\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────────\n\nexport interface GcmVerifyResult {\n  ok: boolean;\n  issues: string[];\n  fixes: string[];\n}\n\n// ─── In-memory token cache ────────────────────────────────────────────────────\n// Tokens are cached for the lifetime of the current process. GCM handles\n// background refresh; gitx just re-reads on the next process invocation.\nconst tokenCache = new Map<string, string>();\n\n// ─── Token fetch ──────────────────────────────────────────────────────────────\n\n/**\n * Fetch an OAuth Bearer token for the given Azure DevOps org via GCM.\n *\n * Uses `git credential fill` which reads from the OS credential store\n * (Windows Credential Manager / macOS Keychain / GNOME Keyring).\n * Caches the result in-memory so repeated calls within the same process are\n * instant (< 1 ms vs ~5 ms for the subprocess round-trip).\n *\n * @param org  Azure DevOps org name, e.g. \"GoFynd\" or \"mycompany\"\n */\nexport async function getTokenViaGcm(org: string): Promise<string> {\n  const cached = tokenCache.get(org);\n  if (cached) return cached;\n\n  const input = `protocol=https\\nhost=dev.azure.com\\npath=${org}\\n\\n`;\n\n  let stdout: string;\n  try {\n    stdout = await spawnGit([\"credential\", \"fill\"], input);\n  } catch (err: unknown) {\n    const msg = err instanceof Error ? err.message : String(err);\n    throw new Error(\n      `GCM token fetch failed for org \"${org}\": ${msg}\\n` +\n      `Make sure Git Credential Manager is installed and the following git config is set:\\n` +\n      `  git config --global credential.azreposCredentialType oauth\\n` +\n      `  git config --global credential.https://dev.azure.com.useHttpPath true\\n` +\n      `Then trigger a login by running any authenticated git command against the repo.`\n    );\n  }\n\n  // Parse \"password=<token>\" line from git credential output\n  const match = stdout.match(/^password=(.+)$/m);\n  if (!match?.[1]) {\n    throw new Error(\n      `GCM returned no token for org \"${org}\".\\n` +\n      `Try running:  git pull  (to trigger a fresh Azure DevOps login via browser)`\n    );\n  }\n\n  const token = match[1].trim();\n  tokenCache.set(org, token);\n  return token;\n}\n\n/**\n * Clear the in-memory token cache for the given org (or all orgs).\n * Useful after a 401 response — forces a fresh fetch on the next call.\n */\nexport function invalidateGcmCache(org?: string): void {\n  if (org) {\n    tokenCache.delete(org);\n  } else {\n    tokenCache.clear();\n  }\n}\n\n// ─── JWT helpers ──────────────────────────────────────────────────────────────\n\n/**\n * Decode a JWT token (without verifying its signature) and return the\n * expiry Unix timestamp from the `exp` claim, or `null` if not present.\n *\n * Azure DevOps OAuth access tokens typically expire in ~1 hour.\n * GCM handles refresh silently before the token expires.\n */\nexport function decodeJwtExpiry(token: string): number | null {\n  const parts = token.split(\".\");\n  if (parts.length !== 3 || !parts[1]) return null;\n  try {\n    const padded = parts[1].padEnd(parts[1].length + ((4 - (parts[1].length % 4)) % 4), \"=\");\n    const payload = Buffer.from(padded, \"base64\").toString(\"utf8\");\n    const json = JSON.parse(payload) as { exp?: number };\n    return typeof json.exp === \"number\" ? json.exp : null;\n  } catch {\n    return null;\n  }\n}\n\n// ─── GCM setup verification ───────────────────────────────────────────────────\n\n/**\n * Verify that GCM is correctly configured for Azure DevOps and that a token\n * can actually be fetched for the given org.\n *\n * Returns `{ ok: true }` when everything is fine, or `{ ok: false }` with a\n * list of `issues` (human-readable) and `fixes` (shell commands to run).\n *\n * @param org  Azure DevOps org name, e.g. \"GoFynd\"\n */\nexport async function verifyGcmSetup(org: string): Promise<GcmVerifyResult> {\n  const issues: string[] = [];\n  const fixes: string[] = [];\n\n  // 1. Check: credential.https://dev.azure.com.useHttpPath = true\n  try {\n    const { stdout } = await execFileAsync(\"git\", [\n      \"config\", \"--global\", \"credential.https://dev.azure.com.useHttpPath\",\n    ]);\n    if (stdout.trim() !== \"true\") {\n      issues.push(\"`credential.https://dev.azure.com.useHttpPath` is not set to `true`\");\n      fixes.push(\"git config --global credential.https://dev.azure.com.useHttpPath true\");\n    }\n  } catch {\n    issues.push(\"`credential.https://dev.azure.com.useHttpPath` is not configured\");\n    fixes.push(\"git config --global credential.https://dev.azure.com.useHttpPath true\");\n  }\n\n  // 2. Check: credential.azreposCredentialType = oauth\n  try {\n    const { stdout } = await execFileAsync(\"git\", [\n      \"config\", \"--global\", \"credential.azreposCredentialType\",\n    ]);\n    if (stdout.trim() !== \"oauth\") {\n      issues.push(\"`credential.azreposCredentialType` is not set to `oauth`\");\n      fixes.push(\"git config --global credential.azreposCredentialType oauth\");\n    }\n  } catch {\n    issues.push(\"`credential.azreposCredentialType` is not configured\");\n    fixes.push(\"git config --global credential.azreposCredentialType oauth\");\n  }\n\n  // 3. If git config looks good, do a live token fetch\n  if (issues.length === 0) {\n    try {\n      invalidateGcmCache(org); // always do a fresh fetch during verification\n      await getTokenViaGcm(org);\n    } catch (err: unknown) {\n      const msg = err instanceof Error ? err.message.split(\"\\n\")[0] : String(err);\n      issues.push(`Token fetch failed: ${msg}`);\n      fixes.push(\"git pull  (to trigger a fresh Azure DevOps login via browser)\");\n    }\n  }\n\n  return { ok: issues.length === 0, issues, fixes };\n}\n"]}

package/dist/utils/git.d.ts

@@ -1,4 +1,26 @@
+import type { ProviderKind } from "../types/provider.js";
 export declare function getGitRemoteOriginUrl(cwd?: string): Promise<string | undefined>;
+export declare function isInsideGitRepo(cwd?: string): Promise<boolean>;
+/**
+ * Infer a "owner/repo" slug from a git remote URL.
+ *
+ * Handles:
+ *   GitHub / GitLab:
+ *     git@github.com:owner/repo.git
+ *     https://github.com/owner/repo(.git)
+ *     ssh://git@github.com/owner/repo(.git)
+ *
+ *   Azure DevOps:
+ *     https://dev.azure.com/org/project/_git/repo
+ *     https://org.visualstudio.com/project/_git/repo
+ *     git@ssh.dev.azure.com:v3/org/project/repo        (new SSH format)
+ *     org@vs-ssh.visualstudio.com:v3/org/project/repo  (legacy SSH format)
+ *
+ * Returns:
+ *   GitHub/GitLab: "owner/repo"
+ *   Azure:         "org/project/repo"
+ */
 export declare function inferRepoSlugFromRemote(url: string): string | undefined;
 export declare function resolveRepoSlugFromCwd(cwd?: string): Promise<string | undefined>;
+export declare function detectProviderFromRemote(url: string): ProviderKind | undefined;
 //# sourceMappingURL=git.d.ts.map

package/dist/utils/git.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"git.d.ts","sourceRoot":"","sources":["../../src/utils/git.ts"],"names":[],"mappings":"AAKA,wBAAsB,qBAAqB,CAAC,GAAG,SAAgB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAQ5F;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAqBvE;AAED,wBAAsB,sBAAsB,CAAC,GAAG,SAAgB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAI7F"}
+{"version":3,"file":"git.d.ts","sourceRoot":"","sources":["../../src/utils/git.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAIzD,wBAAsB,qBAAqB,CAAC,GAAG,SAAgB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAQ5F;AAED,wBAAsB,eAAe,CAAC,GAAG,SAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAO3E;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAoCvE;AAED,wBAAsB,sBAAsB,CAAC,GAAG,SAAgB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAI7F;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAW9E"}