@geminixiang/mikan 0.2.0

package/dist/log.js

@@ -0,0 +1,206 @@
+import chalk from "chalk";
+function timestamp() {
+    const now = new Date();
+    const hh = String(now.getHours()).padStart(2, "0");
+    const mm = String(now.getMinutes()).padStart(2, "0");
+    const ss = String(now.getSeconds()).padStart(2, "0");
+    return `[${hh}:${mm}:${ss}]`;
+}
+function formatContext(ctx) {
+    const session = ctx.sessionId ? `:${ctx.sessionId}` : "";
+    if (ctx.conversationId.startsWith("D")) {
+        return `[DM:${ctx.userName || ctx.conversationId}${session}]`;
+    }
+    const conversation = ctx.conversationName || ctx.conversationId;
+    const user = ctx.userName || "unknown";
+    return `[${conversation.startsWith("#") ? conversation : `#${conversation}`}:${user}${session}]`;
+}
+// Keep stdout/stderr lines manageable when echoing tool/agent output. Long bodies
+// flow through Sentry and session storage; the console stream just needs a preview.
+const LOG_PREVIEW_MAX = 1000;
+function truncate(text, maxLen) {
+    if (text.length <= maxLen)
+        return text;
+    return `${text.substring(0, maxLen)}\n(truncated at ${maxLen} chars)`;
+}
+function formatToolArgs(args) {
+    const lines = [];
+    for (const [key, value] of Object.entries(args)) {
+        // Skip the label - it's already shown in the tool name
+        if (key === "label")
+            continue;
+        // For read tool, format path with offset/limit
+        if (key === "path" && typeof value === "string") {
+            const offset = args.offset;
+            const limit = args.limit;
+            if (offset !== undefined && limit !== undefined) {
+                lines.push(`${value}:${offset}-${offset + limit}`);
+            }
+            else {
+                lines.push(value);
+            }
+            continue;
+        }
+        // Skip offset/limit since we already handled them
+        if (key === "offset" || key === "limit")
+            continue;
+        // For other values, format them
+        if (typeof value === "string") {
+            // Multi-line strings get indented
+            if (value.includes("\n")) {
+                lines.push(value);
+            }
+            else {
+                lines.push(value);
+            }
+        }
+        else {
+            lines.push(JSON.stringify(value));
+        }
+    }
+    return lines.join("\n");
+}
+// User messages
+export function logUserMessage(ctx, text) {
+    console.log(chalk.green(`${timestamp()} ${formatContext(ctx)} ${text}`));
+}
+// Tool execution
+export function logToolStart(ctx, toolName, label, args) {
+    const formattedArgs = formatToolArgs(args);
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ↳ ${toolName}: ${label}`));
+    if (formattedArgs) {
+        // Indent the args
+        const indented = formattedArgs
+            .split("\n")
+            .map((line) => `           ${line}`)
+            .join("\n");
+        console.log(chalk.dim(indented));
+    }
+}
+export function logToolSuccess(ctx, toolName, durationMs, result) {
+    const duration = (durationMs / 1000).toFixed(1);
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✓ ${toolName} (${duration}s)`));
+    const truncated = truncate(result, LOG_PREVIEW_MAX);
+    if (truncated) {
+        const indented = truncated
+            .split("\n")
+            .map((line) => `           ${line}`)
+            .join("\n");
+        console.log(chalk.dim(indented));
+    }
+}
+export function logToolError(ctx, toolName, durationMs, error) {
+    const duration = (durationMs / 1000).toFixed(1);
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✗ ${toolName} (${duration}s)`));
+    const truncated = truncate(error, LOG_PREVIEW_MAX);
+    const indented = truncated
+        .split("\n")
+        .map((line) => `           ${line}`)
+        .join("\n");
+    console.log(chalk.dim(indented));
+}
+// Response streaming
+export function logResponseStart(ctx) {
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} → Streaming response...`));
+}
+export function logThinking(ctx, thinking) {
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💭 Thinking`));
+    const truncated = truncate(thinking, LOG_PREVIEW_MAX);
+    const indented = truncated
+        .split("\n")
+        .map((line) => `           ${line}`)
+        .join("\n");
+    console.log(chalk.dim(indented));
+}
+export function logResponse(ctx, text) {
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💬 Response`));
+    const truncated = truncate(text, LOG_PREVIEW_MAX);
+    const indented = truncated
+        .split("\n")
+        .map((line) => `           ${line}`)
+        .join("\n");
+    console.log(chalk.dim(indented));
+}
+// System
+export function logInfo(message) {
+    console.log(chalk.blue(`${timestamp()} [system] ${message}`));
+}
+export function logWarning(message, details) {
+    console.log(chalk.yellow(`${timestamp()} [system] ⚠ ${message}`));
+    if (details) {
+        const indented = details
+            .split("\n")
+            .map((line) => `           ${line}`)
+            .join("\n");
+        console.log(chalk.dim(indented));
+    }
+}
+export function logAgentError(ctx, error) {
+    const context = ctx === "system" ? "[system]" : formatContext(ctx);
+    console.log(chalk.yellow(`${timestamp()} ${context} ✗ Agent error`));
+    const indented = error
+        .split("\n")
+        .map((line) => `           ${line}`)
+        .join("\n");
+    console.log(chalk.dim(indented));
+}
+function formatTokenCount(count) {
+    if (count < 1000)
+        return count.toString();
+    if (count < 10000)
+        return `${(count / 1000).toFixed(1)}k`;
+    if (count < 1000000)
+        return `${Math.round(count / 1000)}k`;
+    return `${(count / 1000000).toFixed(1)}M`;
+}
+// Usage summary
+export function logUsageSummary(ctx, usage, contextTokens, contextWindow) {
+    const lines = [];
+    lines.push("_Usage Summary_");
+    lines.push(`Tokens: ${usage.input.toLocaleString()} in, ${usage.output.toLocaleString()} out`);
+    if (usage.cacheRead > 0 || usage.cacheWrite > 0) {
+        lines.push(`Cache: ${usage.cacheRead.toLocaleString()} read, ${usage.cacheWrite.toLocaleString()} write`);
+    }
+    if (contextTokens && contextWindow) {
+        const contextPercent = ((contextTokens / contextWindow) * 100).toFixed(1);
+        lines.push(`Context: ${formatTokenCount(contextTokens)} / ${formatTokenCount(contextWindow)} (${contextPercent}%)`);
+    }
+    lines.push(`Cost: $${usage.cost.input.toFixed(4)} in, $${usage.cost.output.toFixed(4)} out` +
+        (usage.cacheRead > 0 || usage.cacheWrite > 0
+            ? `, $${usage.cost.cacheRead.toFixed(4)} cache read, $${usage.cost.cacheWrite.toFixed(4)} cache write`
+            : ""));
+    lines.push(`*Total: $${usage.cost.total.toFixed(4)}*`);
+    const summary = lines.join("\n");
+    console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💰 Usage`));
+    console.log(chalk.dim(`           ${usage.input.toLocaleString()} in + ${usage.output.toLocaleString()} out` +
+        (usage.cacheRead > 0 || usage.cacheWrite > 0
+            ? ` (${usage.cacheRead.toLocaleString()} cache read, ${usage.cacheWrite.toLocaleString()} cache write)`
+            : "") +
+        ` = $${usage.cost.total.toFixed(4)}`));
+    return summary;
+}
+// Startup (no context needed)
+export function logStartup(workingDir, sandbox) {
+    console.log("Starting mikan...");
+    console.log(`  Working directory: ${workingDir}`);
+    console.log(`  Sandbox: ${sandbox}`);
+}
+export function logConnected(platform) {
+    console.log(`⚡️ Mikan connected to ${platform} and listening!`);
+    console.log("");
+}
+export function logDisconnected() {
+    console.log("Mikan disconnected.");
+}
+// Backfill
+export function logBackfillStart(channelCount) {
+    console.log(chalk.blue(`${timestamp()} [system] Backfilling ${channelCount} channels...`));
+}
+export function logBackfillChannel(channelName, messageCount) {
+    console.log(chalk.blue(`${timestamp()} [system]   #${channelName}: ${messageCount} messages`));
+}
+export function logBackfillComplete(totalMessages, durationMs) {
+    const duration = (durationMs / 1000).toFixed(1);
+    console.log(chalk.blue(`${timestamp()} [system] Backfill complete: ${totalMessages} messages in ${duration}s`));
+}
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAS1B,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC;AAC/B,CAAC;AAED,SAAS,aAAa,CAAC,GAAe;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,IAAI,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,OAAO,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,cAAc,GAAG,OAAO,GAAG,CAAC;IAChE,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,cAAc,CAAC;IAChE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,SAAS,CAAC;IACvC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,IAAI,IAAI,GAAG,OAAO,GAAG,CAAC;AACnG,CAAC;AAED,kFAAkF;AAClF,oFAAoF;AACpF,MAAM,eAAe,GAAG,IAAI,CAAC;AAE7B,SAAS,QAAQ,CAAC,IAAY,EAAE,MAAc;IAC5C,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,mBAAmB,MAAM,SAAS,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,IAA6B;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,uDAAuD;QACvD,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAE9B,+CAA+C;QAC/C,IAAI,GAAG,KAAK,MAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA4B,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,KAA2B,CAAC;YAC/C,IAAI,MAAM,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,MAAM,IAAI,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;YACD,SAAS;QACX,CAAC;QAED,kDAAkD;QAClD,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAElD,gCAAgC;QAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kCAAkC;YAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,cAAc,CAAC,GAAe,EAAE,IAAY;IAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,iBAAiB;AACjB,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,KAAa,EACb,IAA6B;IAE7B,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,EAAE,CAAC;QAClB,kBAAkB;QAClB,MAAM,QAAQ,GAAG,aAAa;aAC3B,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,MAAc;IAEd,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,QAAQ,GAAG,SAAS;aACvB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,KAAa;IAEb,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,qBAAqB;AACrB,MAAM,UAAU,gBAAgB,CAAC,GAAe;IAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,QAAgB;IAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,IAAY;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS;AACT,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,aAAa,OAAO,EAAE,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,OAAgB;IAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,eAAe,OAAO,EAAE,CAAC,CAAC,CAAC;IAClE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,OAAO;aACrB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAA0B,EAAE,KAAa;IACrE,MAAM,OAAO,GAAG,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,OAAO,gBAAgB,CAAC,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,KAAK;SACnB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1C,IAAI,KAAK,GAAG,KAAK;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1D,IAAI,KAAK,GAAG,OAAO;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC;IAC3D,OAAO,GAAG,CAAC,KAAK,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AAC5C,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,eAAe,CAC7B,GAAe,EACf,KAMC,EACD,aAAsB,EACtB,aAAsB;IAEtB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,QAAQ,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC/F,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,UAAU,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,QAAQ,CAC9F,CAAC;IACJ,CAAC;IACD,IAAI,aAAa,IAAI,aAAa,EAAE,CAAC;QACnC,MAAM,cAAc,GAAG,CAAC,CAAC,aAAa,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CACR,YAAY,gBAAgB,CAAC,aAAa,CAAC,MAAM,gBAAgB,CAAC,aAAa,CAAC,KAAK,cAAc,IAAI,CACxG,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QAC9E,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc;YACtG,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,cAAc,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,SAAS,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM;QACpF,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,KAAK,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,eAAe;YACvG,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACvC,CACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,UAAU,CAAC,UAAkB,EAAE,OAAe;IAC5D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,iBAAiB,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;AACrC,CAAC;AAED,WAAW;AACX,MAAM,UAAU,gBAAgB,CAAC,YAAoB;IACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,yBAAyB,YAAY,cAAc,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,WAAmB,EAAE,YAAoB;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,gBAAgB,WAAW,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,aAAqB,EAAE,UAAkB;IAC3E,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,IAAI,CACR,GAAG,SAAS,EAAE,gCAAgC,aAAa,gBAAgB,QAAQ,GAAG,CACvF,CACF,CAAC;AACJ,CAAC","sourcesContent":["import chalk from \"chalk\";\n\nexport interface LogContext {\n  conversationId: string;\n  userName?: string;\n  conversationName?: string; // For display like #dev-team vs C16HET4EQ\n  sessionId?: string;\n}\n\nfunction timestamp(): string {\n  const now = new Date();\n  const hh = String(now.getHours()).padStart(2, \"0\");\n  const mm = String(now.getMinutes()).padStart(2, \"0\");\n  const ss = String(now.getSeconds()).padStart(2, \"0\");\n  return `[${hh}:${mm}:${ss}]`;\n}\n\nfunction formatContext(ctx: LogContext): string {\n  const session = ctx.sessionId ? `:${ctx.sessionId}` : \"\";\n  if (ctx.conversationId.startsWith(\"D\")) {\n    return `[DM:${ctx.userName || ctx.conversationId}${session}]`;\n  }\n  const conversation = ctx.conversationName || ctx.conversationId;\n  const user = ctx.userName || \"unknown\";\n  return `[${conversation.startsWith(\"#\") ? conversation : `#${conversation}`}:${user}${session}]`;\n}\n\n// Keep stdout/stderr lines manageable when echoing tool/agent output. Long bodies\n// flow through Sentry and session storage; the console stream just needs a preview.\nconst LOG_PREVIEW_MAX = 1000;\n\nfunction truncate(text: string, maxLen: number): string {\n  if (text.length <= maxLen) return text;\n  return `${text.substring(0, maxLen)}\\n(truncated at ${maxLen} chars)`;\n}\n\nfunction formatToolArgs(args: Record<string, unknown>): string {\n  const lines: string[] = [];\n\n  for (const [key, value] of Object.entries(args)) {\n    // Skip the label - it's already shown in the tool name\n    if (key === \"label\") continue;\n\n    // For read tool, format path with offset/limit\n    if (key === \"path\" && typeof value === \"string\") {\n      const offset = args.offset as number | undefined;\n      const limit = args.limit as number | undefined;\n      if (offset !== undefined && limit !== undefined) {\n        lines.push(`${value}:${offset}-${offset + limit}`);\n      } else {\n        lines.push(value);\n      }\n      continue;\n    }\n\n    // Skip offset/limit since we already handled them\n    if (key === \"offset\" || key === \"limit\") continue;\n\n    // For other values, format them\n    if (typeof value === \"string\") {\n      // Multi-line strings get indented\n      if (value.includes(\"\\n\")) {\n        lines.push(value);\n      } else {\n        lines.push(value);\n      }\n    } else {\n      lines.push(JSON.stringify(value));\n    }\n  }\n\n  return lines.join(\"\\n\");\n}\n\n// User messages\nexport function logUserMessage(ctx: LogContext, text: string): void {\n  console.log(chalk.green(`${timestamp()} ${formatContext(ctx)} ${text}`));\n}\n\n// Tool execution\nexport function logToolStart(\n  ctx: LogContext,\n  toolName: string,\n  label: string,\n  args: Record<string, unknown>,\n): void {\n  const formattedArgs = formatToolArgs(args);\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ↳ ${toolName}: ${label}`));\n  if (formattedArgs) {\n    // Indent the args\n    const indented = formattedArgs\n      .split(\"\\n\")\n      .map((line) => `           ${line}`)\n      .join(\"\\n\");\n    console.log(chalk.dim(indented));\n  }\n}\n\nexport function logToolSuccess(\n  ctx: LogContext,\n  toolName: string,\n  durationMs: number,\n  result: string,\n): void {\n  const duration = (durationMs / 1000).toFixed(1);\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✓ ${toolName} (${duration}s)`));\n\n  const truncated = truncate(result, LOG_PREVIEW_MAX);\n  if (truncated) {\n    const indented = truncated\n      .split(\"\\n\")\n      .map((line) => `           ${line}`)\n      .join(\"\\n\");\n    console.log(chalk.dim(indented));\n  }\n}\n\nexport function logToolError(\n  ctx: LogContext,\n  toolName: string,\n  durationMs: number,\n  error: string,\n): void {\n  const duration = (durationMs / 1000).toFixed(1);\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✗ ${toolName} (${duration}s)`));\n\n  const truncated = truncate(error, LOG_PREVIEW_MAX);\n  const indented = truncated\n    .split(\"\\n\")\n    .map((line) => `           ${line}`)\n    .join(\"\\n\");\n  console.log(chalk.dim(indented));\n}\n\n// Response streaming\nexport function logResponseStart(ctx: LogContext): void {\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} → Streaming response...`));\n}\n\nexport function logThinking(ctx: LogContext, thinking: string): void {\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💭 Thinking`));\n  const truncated = truncate(thinking, LOG_PREVIEW_MAX);\n  const indented = truncated\n    .split(\"\\n\")\n    .map((line) => `           ${line}`)\n    .join(\"\\n\");\n  console.log(chalk.dim(indented));\n}\n\nexport function logResponse(ctx: LogContext, text: string): void {\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💬 Response`));\n  const truncated = truncate(text, LOG_PREVIEW_MAX);\n  const indented = truncated\n    .split(\"\\n\")\n    .map((line) => `           ${line}`)\n    .join(\"\\n\");\n  console.log(chalk.dim(indented));\n}\n\n// System\nexport function logInfo(message: string): void {\n  console.log(chalk.blue(`${timestamp()} [system] ${message}`));\n}\n\nexport function logWarning(message: string, details?: string): void {\n  console.log(chalk.yellow(`${timestamp()} [system] ⚠ ${message}`));\n  if (details) {\n    const indented = details\n      .split(\"\\n\")\n      .map((line) => `           ${line}`)\n      .join(\"\\n\");\n    console.log(chalk.dim(indented));\n  }\n}\n\nexport function logAgentError(ctx: LogContext | \"system\", error: string): void {\n  const context = ctx === \"system\" ? \"[system]\" : formatContext(ctx);\n  console.log(chalk.yellow(`${timestamp()} ${context} ✗ Agent error`));\n  const indented = error\n    .split(\"\\n\")\n    .map((line) => `           ${line}`)\n    .join(\"\\n\");\n  console.log(chalk.dim(indented));\n}\n\nfunction formatTokenCount(count: number): string {\n  if (count < 1000) return count.toString();\n  if (count < 10000) return `${(count / 1000).toFixed(1)}k`;\n  if (count < 1000000) return `${Math.round(count / 1000)}k`;\n  return `${(count / 1000000).toFixed(1)}M`;\n}\n\n// Usage summary\nexport function logUsageSummary(\n  ctx: LogContext,\n  usage: {\n    input: number;\n    output: number;\n    cacheRead: number;\n    cacheWrite: number;\n    cost: { input: number; output: number; cacheRead: number; cacheWrite: number; total: number };\n  },\n  contextTokens?: number,\n  contextWindow?: number,\n): string {\n  const lines: string[] = [];\n  lines.push(\"_Usage Summary_\");\n  lines.push(`Tokens: ${usage.input.toLocaleString()} in, ${usage.output.toLocaleString()} out`);\n  if (usage.cacheRead > 0 || usage.cacheWrite > 0) {\n    lines.push(\n      `Cache: ${usage.cacheRead.toLocaleString()} read, ${usage.cacheWrite.toLocaleString()} write`,\n    );\n  }\n  if (contextTokens && contextWindow) {\n    const contextPercent = ((contextTokens / contextWindow) * 100).toFixed(1);\n    lines.push(\n      `Context: ${formatTokenCount(contextTokens)} / ${formatTokenCount(contextWindow)} (${contextPercent}%)`,\n    );\n  }\n  lines.push(\n    `Cost: $${usage.cost.input.toFixed(4)} in, $${usage.cost.output.toFixed(4)} out` +\n      (usage.cacheRead > 0 || usage.cacheWrite > 0\n        ? `, $${usage.cost.cacheRead.toFixed(4)} cache read, $${usage.cost.cacheWrite.toFixed(4)} cache write`\n        : \"\"),\n  );\n  lines.push(`*Total: $${usage.cost.total.toFixed(4)}*`);\n\n  const summary = lines.join(\"\\n\");\n\n  console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💰 Usage`));\n  console.log(\n    chalk.dim(\n      `           ${usage.input.toLocaleString()} in + ${usage.output.toLocaleString()} out` +\n        (usage.cacheRead > 0 || usage.cacheWrite > 0\n          ? ` (${usage.cacheRead.toLocaleString()} cache read, ${usage.cacheWrite.toLocaleString()} cache write)`\n          : \"\") +\n        ` = $${usage.cost.total.toFixed(4)}`,\n    ),\n  );\n\n  return summary;\n}\n\n// Startup (no context needed)\nexport function logStartup(workingDir: string, sandbox: string): void {\n  console.log(\"Starting mikan...\");\n  console.log(`  Working directory: ${workingDir}`);\n  console.log(`  Sandbox: ${sandbox}`);\n}\n\nexport function logConnected(platform: string): void {\n  console.log(`⚡️ Mikan connected to ${platform} and listening!`);\n  console.log(\"\");\n}\n\nexport function logDisconnected(): void {\n  console.log(\"Mikan disconnected.\");\n}\n\n// Backfill\nexport function logBackfillStart(channelCount: number): void {\n  console.log(chalk.blue(`${timestamp()} [system] Backfilling ${channelCount} channels...`));\n}\n\nexport function logBackfillChannel(channelName: string, messageCount: number): void {\n  console.log(chalk.blue(`${timestamp()} [system]   #${channelName}: ${messageCount} messages`));\n}\n\nexport function logBackfillComplete(totalMessages: number, durationMs: number): void {\n  const duration = (durationMs / 1000).toFixed(1);\n  console.log(\n    chalk.blue(\n      `${timestamp()} [system] Backfill complete: ${totalMessages} messages in ${duration}s`,\n    ),\n  );\n}\n"]}

package/dist/login/index.d.ts

@@ -0,0 +1,42 @@
+export type LoginCredentialKind = "api_key" | "oauth";
+export interface OAuthAuthorizedUserFileOutput {
+    type: "authorized_user";
+    relativePath: string;
+    targetPath?: string;
+    envKey?: string;
+    additionalEnvKeys?: string[];
+}
+export interface OAuthService {
+    id: string;
+    label: string;
+    aliases: string[];
+    authorizationUrl: string;
+    tokenUrl: string;
+    scopes: string[];
+    clientIdEnvKey: string;
+    clientSecretEnvKey: string;
+    accessTokenEnvKey?: string;
+    additionalAccessTokenEnvKeys?: string[];
+    refreshTokenEnvKey?: string;
+    authorizationParams?: Record<string, string>;
+    fileOutput?: OAuthAuthorizedUserFileOutput;
+}
+export type ParsedLoginCommand = {
+    command: "login" | "/login" | "/pi-login";
+    action: "setup";
+} | {
+    command: "login" | "/login" | "/pi-login";
+    action: "shared_create" | "shared_update" | "shared_delete";
+    name: string;
+} | {
+    command: "login" | "/login" | "/pi-login";
+    action: "shared_list";
+} | {
+    command: "login" | "/login" | "/pi-login";
+    action: "copy_shared";
+    name: string;
+};
+export declare function getOAuthServices(): OAuthService[];
+export declare function resolveOAuthService(input: string): OAuthService | undefined;
+export declare function parseLoginCommand(text: string): ParsedLoginCommand | null;
+//# sourceMappingURL=index.d.ts.map

package/dist/login/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/login/index.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,mBAAmB,GAAG,SAAS,GAAG,OAAO,CAAC;AAEtD,MAAM,WAAW,6BAA6B;IAC5C,IAAI,EAAE,iBAAiB,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,4BAA4B,CAAC,EAAE,MAAM,EAAE,CAAC;IACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,UAAU,CAAC,EAAE,6BAA6B,CAAC;CAC5C;AAED,MAAM,MAAM,kBAAkB,GAC1B;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GAC9D;IACE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC1C,MAAM,EAAE,eAAe,GAAG,eAAe,GAAG,eAAe,CAAC;IAC5D,IAAI,EAAE,MAAM,CAAC;CACd,GACD;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,aAAa,CAAA;CAAE,GACpE;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AA+GvF,wBAAgB,gBAAgB,IAAI,YAAY,EAAE,CAwHjD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAM3E;AAID,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CAgCzE","sourcesContent":["import { matchCommand } from \"../commands/parse.js\";\nimport { readEnv } from \"../env.js\";\nimport { isRecord, parseJsonValue } from \"../file-guards.js\";\nimport * as log from \"../log.js\";\n\nexport type LoginCredentialKind = \"api_key\" | \"oauth\";\n\nexport interface OAuthAuthorizedUserFileOutput {\n  type: \"authorized_user\";\n  relativePath: string;\n  targetPath?: string;\n  envKey?: string;\n  additionalEnvKeys?: string[];\n}\n\nexport interface OAuthService {\n  id: string;\n  label: string;\n  aliases: string[];\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n  clientIdEnvKey: string;\n  clientSecretEnvKey: string;\n  accessTokenEnvKey?: string;\n  additionalAccessTokenEnvKeys?: string[];\n  refreshTokenEnvKey?: string;\n  authorizationParams?: Record<string, string>;\n  fileOutput?: OAuthAuthorizedUserFileOutput;\n}\n\nexport type ParsedLoginCommand =\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"setup\" }\n  | {\n      command: \"login\" | \"/login\" | \"/pi-login\";\n      action: \"shared_create\" | \"shared_update\" | \"shared_delete\";\n      name: string;\n    }\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"shared_list\" }\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"copy_shared\"; name: string };\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n  \"https://www.googleapis.com/auth/drive\",\n  \"https://mail.google.com/\",\n  \"https://www.googleapis.com/auth/calendar\",\n  \"https://www.googleapis.com/auth/spreadsheets\",\n  \"https://www.googleapis.com/auth/documents\",\n  \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n  \"openid\",\n  \"https://www.googleapis.com/auth/userinfo.email\",\n  \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n  const raw = readEnv(envKey);\n  if (!raw) return fallback;\n\n  const scopes = raw\n    .split(/[\\s,]+/)\n    .map((scope) => scope.trim())\n    .filter(Boolean);\n\n  return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction resolveGoogleWorkspaceCliScopes(): string[] {\n  return resolveScopesFromEnv(\n    \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n    DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n  );\n}\n\nfunction resolveGoogleCloudSdkScopes(): string[] {\n  return resolveScopesFromEnv(\"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\", DEFAULT_GOOGLE_CLOUD_SDK_SCOPES);\n}\n\nfunction resolveGitHubOAuthScopes(): string[] {\n  return resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES);\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n  return [\n    {\n      id: \"github\",\n      label: \"GitHub\",\n      aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n      authorizationUrl: \"https://github.com/login/oauth/authorize\",\n      tokenUrl: \"https://github.com/login/oauth/access_token\",\n      scopes: resolveGitHubOAuthScopes(),\n      clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n      clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n      accessTokenEnvKey: \"GITHUB_OAUTH_ACCESS_TOKEN\",\n      additionalAccessTokenEnvKeys: [\"GH_TOKEN\"],\n      refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n    },\n    {\n      id: \"google_workspace_cli\",\n      label: \"Google Workspace CLI\",\n      aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n      authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n      tokenUrl: \"https://oauth2.googleapis.com/token\",\n      scopes: resolveGoogleWorkspaceCliScopes(),\n      clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n      clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n      authorizationParams: {\n        access_type: \"offline\",\n        include_granted_scopes: \"true\",\n        prompt: \"consent\",\n      },\n      fileOutput: {\n        type: \"authorized_user\",\n        relativePath: \"gws.json\",\n        targetPath: \"/root/.config/gws/credentials.json\",\n      },\n    },\n    {\n      id: \"google_cloud_sdk\",\n      label: \"Google Cloud SDK (gcloud)\",\n      aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n      authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n      tokenUrl: \"https://oauth2.googleapis.com/token\",\n      scopes: resolveGoogleCloudSdkScopes(),\n      clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n      clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n      authorizationParams: {\n        access_type: \"offline\",\n        include_granted_scopes: \"true\",\n        prompt: \"consent\",\n      },\n      fileOutput: {\n        type: \"authorized_user\",\n        relativePath: \"gcloud-adc.json\",\n        targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n        envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n        additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n      },\n    },\n  ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n  const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n  const builtins = getBuiltinOAuthServices();\n  if (!raw) return builtins;\n\n  let parsed: unknown[];\n  try {\n    parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n      detail === \"unexpected JSON shape\"\n        ? \"expected a JSON array of OAuth service definitions\"\n        : detail,\n    );\n  } catch (err) {\n    const detail = err instanceof Error ? err.message : String(err);\n    log.logWarning(\n      detail === \"expected a JSON array of OAuth service definitions\"\n        ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n        : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n      detail,\n    );\n    return builtins;\n  }\n  try {\n    const custom = parsed\n      .map((serviceValue): OAuthService | null => {\n        if (!isRecord(serviceValue)) return null;\n        const obj = serviceValue;\n        const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n        const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n        const authorizationUrl =\n          typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n        const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n        const clientIdEnvKey =\n          typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n        const clientSecretEnvKey =\n          typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n        const accessTokenEnvKey =\n          typeof obj.accessTokenEnvKey === \"string\" ? obj.accessTokenEnvKey.trim() : undefined;\n        if (\n          !id ||\n          !label ||\n          !authorizationUrl ||\n          !tokenUrl ||\n          !clientIdEnvKey ||\n          !clientSecretEnvKey\n        ) {\n          return null;\n        }\n\n        let fileOutput: OAuthService[\"fileOutput\"];\n        if (isRecord(obj.fileOutput)) {\n          const fileOutputObj = obj.fileOutput;\n          const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n          const relativePath =\n            typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n          const targetPath =\n            typeof fileOutputObj.targetPath === \"string\"\n              ? fileOutputObj.targetPath.trim()\n              : undefined;\n          const envKey =\n            typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n          const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n            ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n            : undefined;\n          if (type === \"authorized_user\" && relativePath) {\n            fileOutput = {\n              type: \"authorized_user\",\n              relativePath,\n              targetPath,\n              envKey,\n              additionalEnvKeys,\n            };\n          }\n        }\n\n        return {\n          id: id.toLowerCase(),\n          label,\n          aliases: Array.isArray(obj.aliases)\n            ? obj.aliases\n                .filter((v): v is string => typeof v === \"string\")\n                .map((v) => v.toLowerCase())\n            : [id.toLowerCase()],\n          authorizationUrl,\n          tokenUrl,\n          scopes: Array.isArray(obj.scopes)\n            ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n            : [],\n          clientIdEnvKey,\n          clientSecretEnvKey,\n          accessTokenEnvKey,\n          additionalAccessTokenEnvKeys: Array.isArray(obj.additionalAccessTokenEnvKeys)\n            ? obj.additionalAccessTokenEnvKeys.filter((v): v is string => typeof v === \"string\")\n            : undefined,\n          refreshTokenEnvKey:\n            typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n          authorizationParams: isRecord(obj.authorizationParams)\n            ? Object.fromEntries(\n                Object.entries(obj.authorizationParams).filter(\n                  (authorizationEntry): authorizationEntry is [string, string] =>\n                    typeof authorizationEntry[1] === \"string\",\n                ),\n              )\n            : undefined,\n          fileOutput,\n        };\n      })\n      .filter((service): service is OAuthService => service !== null);\n\n    const byId = new Map<string, OAuthService>();\n    for (const service of builtins) byId.set(service.id, service);\n    for (const service of custom) byId.set(service.id, service);\n    return [...byId.values()];\n  } catch (err) {\n    log.logWarning(\n      \"Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n      err instanceof Error ? err.message : String(err),\n    );\n    return builtins;\n  }\n}\n\nexport function resolveOAuthService(input: string): OAuthService | undefined {\n  const normalized = input.trim().toLowerCase();\n  if (!normalized) return undefined;\n  return getOAuthServices().find(\n    (service) => service.id === normalized || service.aliases.includes(normalized),\n  );\n}\n\nconst LOGIN_COMMANDS = [\"login\", \"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand | null {\n  const matched = matchCommand(text, LOGIN_COMMANDS);\n  if (!matched) return null;\n\n  const [subcommand, operation, name, ...extra] = matched.args;\n\n  if (!subcommand) return { command: matched.command, action: \"setup\" };\n\n  if (subcommand.toLowerCase() === \"shared\") {\n    const op = operation?.toLowerCase();\n    if (op === \"list\" && !name && extra.length === 0) {\n      return { command: matched.command, action: \"shared_list\" };\n    }\n    if ((op === \"create\" || op === \"update\" || op === \"delete\") && !!name && extra.length === 0) {\n      return {\n        command: matched.command,\n        action: `shared_${op}` as \"shared_create\" | \"shared_update\" | \"shared_delete\",\n        name,\n      };\n    }\n    return null;\n  }\n\n  if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n    return { command: matched.command, action: \"copy_shared\", name: operation };\n  }\n\n  // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n  // generic login page and let the portal handle provider choice.\n  if (!operation && extra.length === 0) return { command: matched.command, action: \"setup\" };\n\n  return null;\n}\n"]}

package/dist/login/index.js

@@ -0,0 +1,239 @@
+import { matchCommand } from "../commands/parse.js";
+import { readEnv } from "../env.js";
+import { isRecord, parseJsonValue } from "../file-guards.js";
+import * as log from "../log.js";
+const DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [
+    "https://www.googleapis.com/auth/drive",
+    "https://mail.google.com/",
+    "https://www.googleapis.com/auth/calendar",
+    "https://www.googleapis.com/auth/spreadsheets",
+    "https://www.googleapis.com/auth/documents",
+    "https://www.googleapis.com/auth/chat.messages.create",
+];
+const DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [
+    "openid",
+    "https://www.googleapis.com/auth/userinfo.email",
+    "https://www.googleapis.com/auth/cloud-platform",
+];
+// Conservative default: enough for `gh` CLI repo/user/org operations, but
+// without `workflow` (can dispatch CI), `write:packages` (can publish
+// packages), or `project`. Operators who need those can opt in via
+// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius
+// of a compromised agent host explicit and configurable.
+const DEFAULT_GITHUB_OAUTH_SCOPES = ["repo", "read:user", "user:email", "read:org", "gist"];
+function resolveScopesFromEnv(envKey, fallback) {
+    const raw = readEnv(envKey);
+    if (!raw)
+        return fallback;
+    const scopes = raw
+        .split(/[\s,]+/)
+        .map((scope) => scope.trim())
+        .filter(Boolean);
+    return scopes.length > 0 ? scopes : fallback;
+}
+function resolveGoogleWorkspaceCliScopes() {
+    return resolveScopesFromEnv("GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES", DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES);
+}
+function resolveGoogleCloudSdkScopes() {
+    return resolveScopesFromEnv("GOOGLE_CLOUD_SDK_OAUTH_SCOPES", DEFAULT_GOOGLE_CLOUD_SDK_SCOPES);
+}
+function resolveGitHubOAuthScopes() {
+    return resolveScopesFromEnv("GITHUB_OAUTH_SCOPES", DEFAULT_GITHUB_OAUTH_SCOPES);
+}
+function getBuiltinOAuthServices() {
+    return [
+        {
+            id: "github",
+            label: "GitHub",
+            aliases: ["github", "github_oauth", "gh_oauth"],
+            authorizationUrl: "https://github.com/login/oauth/authorize",
+            tokenUrl: "https://github.com/login/oauth/access_token",
+            scopes: resolveGitHubOAuthScopes(),
+            clientIdEnvKey: "GITHUB_OAUTH_CLIENT_ID",
+            clientSecretEnvKey: "GITHUB_OAUTH_CLIENT_SECRET",
+            accessTokenEnvKey: "GITHUB_OAUTH_ACCESS_TOKEN",
+            additionalAccessTokenEnvKeys: ["GH_TOKEN"],
+            refreshTokenEnvKey: "GITHUB_OAUTH_REFRESH_TOKEN",
+        },
+        {
+            id: "google_workspace_cli",
+            label: "Google Workspace CLI",
+            aliases: ["google_workspace_cli", "gws", "googleworkspace", "google-workspace-cli"],
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            scopes: resolveGoogleWorkspaceCliScopes(),
+            clientIdEnvKey: "GOOGLE_WORKSPACE_CLI_CLIENT_ID",
+            clientSecretEnvKey: "GOOGLE_WORKSPACE_CLI_CLIENT_SECRET",
+            authorizationParams: {
+                access_type: "offline",
+                include_granted_scopes: "true",
+                prompt: "consent",
+            },
+            fileOutput: {
+                type: "authorized_user",
+                relativePath: "gws.json",
+                targetPath: "/root/.config/gws/credentials.json",
+            },
+        },
+        {
+            id: "google_cloud_sdk",
+            label: "Google Cloud SDK (gcloud)",
+            aliases: ["google_cloud_sdk", "gcloud", "google-cloud-sdk", "google_cloud", "gcp"],
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            scopes: resolveGoogleCloudSdkScopes(),
+            clientIdEnvKey: "GOOGLE_CLOUD_SDK_CLIENT_ID",
+            clientSecretEnvKey: "GOOGLE_CLOUD_SDK_CLIENT_SECRET",
+            authorizationParams: {
+                access_type: "offline",
+                include_granted_scopes: "true",
+                prompt: "consent",
+            },
+            fileOutput: {
+                type: "authorized_user",
+                relativePath: "gcloud-adc.json",
+                targetPath: "/root/.config/gcloud/application_default_credentials.json",
+                envKey: "GOOGLE_APPLICATION_CREDENTIALS",
+                additionalEnvKeys: ["CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE"],
+            },
+        },
+    ];
+}
+export function getOAuthServices() {
+    const raw = readEnv("OAUTH_SERVICES_JSON");
+    const builtins = getBuiltinOAuthServices();
+    if (!raw)
+        return builtins;
+    let parsed;
+    try {
+        parsed = parseJsonValue(raw, Array.isArray, (detail) => detail === "unexpected JSON shape"
+            ? "expected a JSON array of OAuth service definitions"
+            : detail);
+    }
+    catch (err) {
+        const detail = err instanceof Error ? err.message : String(err);
+        log.logWarning(detail === "expected a JSON array of OAuth service definitions"
+            ? "Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions"
+            : "Ignoring OAUTH_SERVICES_JSON: invalid JSON", detail);
+        return builtins;
+    }
+    try {
+        const custom = parsed
+            .map((serviceValue) => {
+            if (!isRecord(serviceValue))
+                return null;
+            const obj = serviceValue;
+            const id = typeof obj.id === "string" ? obj.id.trim() : "";
+            const label = typeof obj.label === "string" ? obj.label.trim() : "";
+            const authorizationUrl = typeof obj.authorizationUrl === "string" ? obj.authorizationUrl.trim() : "";
+            const tokenUrl = typeof obj.tokenUrl === "string" ? obj.tokenUrl.trim() : "";
+            const clientIdEnvKey = typeof obj.clientIdEnvKey === "string" ? obj.clientIdEnvKey.trim() : "";
+            const clientSecretEnvKey = typeof obj.clientSecretEnvKey === "string" ? obj.clientSecretEnvKey.trim() : "";
+            const accessTokenEnvKey = typeof obj.accessTokenEnvKey === "string" ? obj.accessTokenEnvKey.trim() : undefined;
+            if (!id ||
+                !label ||
+                !authorizationUrl ||
+                !tokenUrl ||
+                !clientIdEnvKey ||
+                !clientSecretEnvKey) {
+                return null;
+            }
+            let fileOutput;
+            if (isRecord(obj.fileOutput)) {
+                const fileOutputObj = obj.fileOutput;
+                const type = typeof fileOutputObj.type === "string" ? fileOutputObj.type.trim() : "";
+                const relativePath = typeof fileOutputObj.relativePath === "string" ? fileOutputObj.relativePath.trim() : "";
+                const targetPath = typeof fileOutputObj.targetPath === "string"
+                    ? fileOutputObj.targetPath.trim()
+                    : undefined;
+                const envKey = typeof fileOutputObj.envKey === "string" ? fileOutputObj.envKey.trim() : undefined;
+                const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)
+                    ? fileOutputObj.additionalEnvKeys.filter((v) => typeof v === "string")
+                    : undefined;
+                if (type === "authorized_user" && relativePath) {
+                    fileOutput = {
+                        type: "authorized_user",
+                        relativePath,
+                        targetPath,
+                        envKey,
+                        additionalEnvKeys,
+                    };
+                }
+            }
+            return {
+                id: id.toLowerCase(),
+                label,
+                aliases: Array.isArray(obj.aliases)
+                    ? obj.aliases
+                        .filter((v) => typeof v === "string")
+                        .map((v) => v.toLowerCase())
+                    : [id.toLowerCase()],
+                authorizationUrl,
+                tokenUrl,
+                scopes: Array.isArray(obj.scopes)
+                    ? obj.scopes.filter((v) => typeof v === "string")
+                    : [],
+                clientIdEnvKey,
+                clientSecretEnvKey,
+                accessTokenEnvKey,
+                additionalAccessTokenEnvKeys: Array.isArray(obj.additionalAccessTokenEnvKeys)
+                    ? obj.additionalAccessTokenEnvKeys.filter((v) => typeof v === "string")
+                    : undefined,
+                refreshTokenEnvKey: typeof obj.refreshTokenEnvKey === "string" ? obj.refreshTokenEnvKey.trim() : undefined,
+                authorizationParams: isRecord(obj.authorizationParams)
+                    ? Object.fromEntries(Object.entries(obj.authorizationParams).filter((authorizationEntry) => typeof authorizationEntry[1] === "string"))
+                    : undefined,
+                fileOutput,
+            };
+        })
+            .filter((service) => service !== null);
+        const byId = new Map();
+        for (const service of builtins)
+            byId.set(service.id, service);
+        for (const service of custom)
+            byId.set(service.id, service);
+        return [...byId.values()];
+    }
+    catch (err) {
+        log.logWarning("Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services", err instanceof Error ? err.message : String(err));
+        return builtins;
+    }
+}
+export function resolveOAuthService(input) {
+    const normalized = input.trim().toLowerCase();
+    if (!normalized)
+        return undefined;
+    return getOAuthServices().find((service) => service.id === normalized || service.aliases.includes(normalized));
+}
+const LOGIN_COMMANDS = ["login", "/login", "/pi-login"];
+export function parseLoginCommand(text) {
+    const matched = matchCommand(text, LOGIN_COMMANDS);
+    if (!matched)
+        return null;
+    const [subcommand, operation, name, ...extra] = matched.args;
+    if (!subcommand)
+        return { command: matched.command, action: "setup" };
+    if (subcommand.toLowerCase() === "shared") {
+        const op = operation?.toLowerCase();
+        if (op === "list" && !name && extra.length === 0) {
+            return { command: matched.command, action: "shared_list" };
+        }
+        if ((op === "create" || op === "update" || op === "delete") && !!name && extra.length === 0) {
+            return {
+                command: matched.command,
+                action: `shared_${op}`,
+                name,
+            };
+        }
+        return null;
+    }
+    if (subcommand.toLowerCase() === "copy" && operation && !name && extra.length === 0) {
+        return { command: matched.command, action: "copy_shared", name: operation };
+    }
+    // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the
+    // generic login page and let the portal handle provider choice.
+    if (!operation && extra.length === 0)
+        return { command: matched.command, action: "setup" };
+    return null;
+}
+//# sourceMappingURL=index.js.map

package/dist/login/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/login/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,GAAG,MAAM,WAAW,CAAC;AAsCjC,MAAM,mCAAmC,GAAG;IAC1C,uCAAuC;IACvC,0BAA0B;IAC1B,0CAA0C;IAC1C,8CAA8C;IAC9C,2CAA2C;IAC3C,sDAAsD;CACvD,CAAC;AAEF,MAAM,+BAA+B,GAAG;IACtC,QAAQ;IACR,gDAAgD;IAChD,gDAAgD;CACjD,CAAC;AAEF,0EAA0E;AAC1E,sEAAsE;AACtE,mEAAmE;AACnE,8EAA8E;AAC9E,yDAAyD;AACzD,MAAM,2BAA2B,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAE5F,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAkB;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,MAAM,MAAM,GAAG,GAAG;SACf,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,+BAA+B;IACtC,OAAO,oBAAoB,CACzB,mCAAmC,EACnC,mCAAmC,CACpC,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B;IAClC,OAAO,oBAAoB,CAAC,+BAA+B,EAAE,+BAA+B,CAAC,CAAC;AAChG,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO,oBAAoB,CAAC,qBAAqB,EAAE,2BAA2B,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO;QACL;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC;YAC/C,gBAAgB,EAAE,0CAA0C;YAC5D,QAAQ,EAAE,6CAA6C;YACvD,MAAM,EAAE,wBAAwB,EAAE;YAClC,cAAc,EAAE,wBAAwB;YACxC,kBAAkB,EAAE,4BAA4B;YAChD,iBAAiB,EAAE,2BAA2B;YAC9C,4BAA4B,EAAE,CAAC,UAAU,CAAC;YAC1C,kBAAkB,EAAE,4BAA4B;SACjD;QACD;YACE,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,CAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,CAAC;YACnF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,+BAA+B,EAAE;YACzC,cAAc,EAAE,gCAAgC;YAChD,kBAAkB,EAAE,oCAAoC;YACxD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,oCAAoC;aACjD;SACF;QACD;YACE,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,2BAA2B;YAClC,OAAO,EAAE,CAAC,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,cAAc,EAAE,KAAK,CAAC;YAClF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,2BAA2B,EAAE;YACrC,cAAc,EAAE,4BAA4B;YAC5C,kBAAkB,EAAE,gCAAgC;YACpD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,iBAAiB;gBAC/B,UAAU,EAAE,2DAA2D;gBACvE,MAAM,EAAE,gCAAgC;gBACxC,iBAAiB,EAAE,CAAC,wCAAwC,CAAC;aAC9D;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,uBAAuB,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CACrD,MAAM,KAAK,uBAAuB;YAChC,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,GAAG,CAAC,UAAU,CACZ,MAAM,KAAK,oDAAoD;YAC7D,CAAC,CAAC,kFAAkF;YACpF,CAAC,CAAC,4CAA4C,EAChD,MAAM,CACP,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM;aAClB,GAAG,CAAC,CAAC,YAAY,EAAuB,EAAE;YACzC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC;YACzB,MAAM,EAAE,GAAG,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,MAAM,gBAAgB,GACpB,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,kBAAkB,GACtB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,iBAAiB,GACrB,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YACvF,IACE,CAAC,EAAE;gBACH,CAAC,KAAK;gBACN,CAAC,gBAAgB;gBACjB,CAAC,QAAQ;gBACT,CAAC,cAAc;gBACf,CAAC,kBAAkB,EACnB,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,UAAsC,CAAC;YAC3C,IAAI,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC;gBACrC,MAAM,IAAI,GAAG,OAAO,aAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,MAAM,YAAY,GAChB,OAAO,aAAa,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1F,MAAM,UAAU,GACd,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBAChB,MAAM,MAAM,GACV,OAAO,aAAa,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBACrF,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtE,CAAC,CAAC,aAAa,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBACnF,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI,IAAI,KAAK,iBAAiB,IAAI,YAAY,EAAE,CAAC;oBAC/C,UAAU,GAAG;wBACX,IAAI,EAAE,iBAAiB;wBACvB,YAAY;wBACZ,UAAU;wBACV,MAAM;wBACN,iBAAiB;qBAClB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO;gBACL,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE;gBACpB,KAAK;gBACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;oBACjC,CAAC,CAAC,GAAG,CAAC,OAAO;yBACR,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;yBACjD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;oBAChC,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;gBACtB,gBAAgB;gBAChB,QAAQ;gBACR,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBAC9D,CAAC,CAAC,EAAE;gBACN,cAAc;gBACd,kBAAkB;gBAClB,iBAAiB;gBACjB,4BAA4B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;oBAC3E,CAAC,CAAC,GAAG,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBACpF,CAAC,CAAC,SAAS;gBACb,kBAAkB,EAChB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;gBACxF,mBAAmB,EAAE,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;oBACpD,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAC5C,CAAC,kBAAkB,EAA0C,EAAE,CAC7D,OAAO,kBAAkB,CAAC,CAAC,CAAC,KAAK,QAAQ,CAC5C,CACF;oBACH,CAAC,CAAC,SAAS;gBACb,UAAU;aACX,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,OAAO,EAA2B,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QAElE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;QAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9D,KAAK,MAAM,OAAO,IAAI,MAAM;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,UAAU,CACZ,6EAA6E,EAC7E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,gBAAgB,EAAE,CAAC,IAAI,CAC5B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,WAAW,CAAU,CAAC;AAEjE,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAEtE,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,EAAE,WAAW,EAAE,CAAC;QACpC,IAAI,EAAE,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5F,OAAO;gBACL,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,UAAU,EAAE,EAAyD;gBAC7E,IAAI;aACL,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,SAAS,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IAC9E,CAAC;IAED,+EAA+E;IAC/E,gEAAgE;IAChE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAE3F,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { matchCommand } from \"../commands/parse.js\";\nimport { readEnv } from \"../env.js\";\nimport { isRecord, parseJsonValue } from \"../file-guards.js\";\nimport * as log from \"../log.js\";\n\nexport type LoginCredentialKind = \"api_key\" | \"oauth\";\n\nexport interface OAuthAuthorizedUserFileOutput {\n  type: \"authorized_user\";\n  relativePath: string;\n  targetPath?: string;\n  envKey?: string;\n  additionalEnvKeys?: string[];\n}\n\nexport interface OAuthService {\n  id: string;\n  label: string;\n  aliases: string[];\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n  clientIdEnvKey: string;\n  clientSecretEnvKey: string;\n  accessTokenEnvKey?: string;\n  additionalAccessTokenEnvKeys?: string[];\n  refreshTokenEnvKey?: string;\n  authorizationParams?: Record<string, string>;\n  fileOutput?: OAuthAuthorizedUserFileOutput;\n}\n\nexport type ParsedLoginCommand =\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"setup\" }\n  | {\n      command: \"login\" | \"/login\" | \"/pi-login\";\n      action: \"shared_create\" | \"shared_update\" | \"shared_delete\";\n      name: string;\n    }\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"shared_list\" }\n  | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"copy_shared\"; name: string };\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n  \"https://www.googleapis.com/auth/drive\",\n  \"https://mail.google.com/\",\n  \"https://www.googleapis.com/auth/calendar\",\n  \"https://www.googleapis.com/auth/spreadsheets\",\n  \"https://www.googleapis.com/auth/documents\",\n  \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n  \"openid\",\n  \"https://www.googleapis.com/auth/userinfo.email\",\n  \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n  const raw = readEnv(envKey);\n  if (!raw) return fallback;\n\n  const scopes = raw\n    .split(/[\\s,]+/)\n    .map((scope) => scope.trim())\n    .filter(Boolean);\n\n  return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction resolveGoogleWorkspaceCliScopes(): string[] {\n  return resolveScopesFromEnv(\n    \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n    DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n  );\n}\n\nfunction resolveGoogleCloudSdkScopes(): string[] {\n  return resolveScopesFromEnv(\"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\", DEFAULT_GOOGLE_CLOUD_SDK_SCOPES);\n}\n\nfunction resolveGitHubOAuthScopes(): string[] {\n  return resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES);\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n  return [\n    {\n      id: \"github\",\n      label: \"GitHub\",\n      aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n      authorizationUrl: \"https://github.com/login/oauth/authorize\",\n      tokenUrl: \"https://github.com/login/oauth/access_token\",\n      scopes: resolveGitHubOAuthScopes(),\n      clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n      clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n      accessTokenEnvKey: \"GITHUB_OAUTH_ACCESS_TOKEN\",\n      additionalAccessTokenEnvKeys: [\"GH_TOKEN\"],\n      refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n    },\n    {\n      id: \"google_workspace_cli\",\n      label: \"Google Workspace CLI\",\n      aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n      authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n      tokenUrl: \"https://oauth2.googleapis.com/token\",\n      scopes: resolveGoogleWorkspaceCliScopes(),\n      clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n      clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n      authorizationParams: {\n        access_type: \"offline\",\n        include_granted_scopes: \"true\",\n        prompt: \"consent\",\n      },\n      fileOutput: {\n        type: \"authorized_user\",\n        relativePath: \"gws.json\",\n        targetPath: \"/root/.config/gws/credentials.json\",\n      },\n    },\n    {\n      id: \"google_cloud_sdk\",\n      label: \"Google Cloud SDK (gcloud)\",\n      aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n      authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n      tokenUrl: \"https://oauth2.googleapis.com/token\",\n      scopes: resolveGoogleCloudSdkScopes(),\n      clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n      clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n      authorizationParams: {\n        access_type: \"offline\",\n        include_granted_scopes: \"true\",\n        prompt: \"consent\",\n      },\n      fileOutput: {\n        type: \"authorized_user\",\n        relativePath: \"gcloud-adc.json\",\n        targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n        envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n        additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n      },\n    },\n  ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n  const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n  const builtins = getBuiltinOAuthServices();\n  if (!raw) return builtins;\n\n  let parsed: unknown[];\n  try {\n    parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n      detail === \"unexpected JSON shape\"\n        ? \"expected a JSON array of OAuth service definitions\"\n        : detail,\n    );\n  } catch (err) {\n    const detail = err instanceof Error ? err.message : String(err);\n    log.logWarning(\n      detail === \"expected a JSON array of OAuth service definitions\"\n        ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n        : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n      detail,\n    );\n    return builtins;\n  }\n  try {\n    const custom = parsed\n      .map((serviceValue): OAuthService | null => {\n        if (!isRecord(serviceValue)) return null;\n        const obj = serviceValue;\n        const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n        const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n        const authorizationUrl =\n          typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n        const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n        const clientIdEnvKey =\n          typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n        const clientSecretEnvKey =\n          typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n        const accessTokenEnvKey =\n          typeof obj.accessTokenEnvKey === \"string\" ? obj.accessTokenEnvKey.trim() : undefined;\n        if (\n          !id ||\n          !label ||\n          !authorizationUrl ||\n          !tokenUrl ||\n          !clientIdEnvKey ||\n          !clientSecretEnvKey\n        ) {\n          return null;\n        }\n\n        let fileOutput: OAuthService[\"fileOutput\"];\n        if (isRecord(obj.fileOutput)) {\n          const fileOutputObj = obj.fileOutput;\n          const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n          const relativePath =\n            typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n          const targetPath =\n            typeof fileOutputObj.targetPath === \"string\"\n              ? fileOutputObj.targetPath.trim()\n              : undefined;\n          const envKey =\n            typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n          const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n            ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n            : undefined;\n          if (type === \"authorized_user\" && relativePath) {\n            fileOutput = {\n              type: \"authorized_user\",\n              relativePath,\n              targetPath,\n              envKey,\n              additionalEnvKeys,\n            };\n          }\n        }\n\n        return {\n          id: id.toLowerCase(),\n          label,\n          aliases: Array.isArray(obj.aliases)\n            ? obj.aliases\n                .filter((v): v is string => typeof v === \"string\")\n                .map((v) => v.toLowerCase())\n            : [id.toLowerCase()],\n          authorizationUrl,\n          tokenUrl,\n          scopes: Array.isArray(obj.scopes)\n            ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n            : [],\n          clientIdEnvKey,\n          clientSecretEnvKey,\n          accessTokenEnvKey,\n          additionalAccessTokenEnvKeys: Array.isArray(obj.additionalAccessTokenEnvKeys)\n            ? obj.additionalAccessTokenEnvKeys.filter((v): v is string => typeof v === \"string\")\n            : undefined,\n          refreshTokenEnvKey:\n            typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n          authorizationParams: isRecord(obj.authorizationParams)\n            ? Object.fromEntries(\n                Object.entries(obj.authorizationParams).filter(\n                  (authorizationEntry): authorizationEntry is [string, string] =>\n                    typeof authorizationEntry[1] === \"string\",\n                ),\n              )\n            : undefined,\n          fileOutput,\n        };\n      })\n      .filter((service): service is OAuthService => service !== null);\n\n    const byId = new Map<string, OAuthService>();\n    for (const service of builtins) byId.set(service.id, service);\n    for (const service of custom) byId.set(service.id, service);\n    return [...byId.values()];\n  } catch (err) {\n    log.logWarning(\n      \"Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n      err instanceof Error ? err.message : String(err),\n    );\n    return builtins;\n  }\n}\n\nexport function resolveOAuthService(input: string): OAuthService | undefined {\n  const normalized = input.trim().toLowerCase();\n  if (!normalized) return undefined;\n  return getOAuthServices().find(\n    (service) => service.id === normalized || service.aliases.includes(normalized),\n  );\n}\n\nconst LOGIN_COMMANDS = [\"login\", \"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand | null {\n  const matched = matchCommand(text, LOGIN_COMMANDS);\n  if (!matched) return null;\n\n  const [subcommand, operation, name, ...extra] = matched.args;\n\n  if (!subcommand) return { command: matched.command, action: \"setup\" };\n\n  if (subcommand.toLowerCase() === \"shared\") {\n    const op = operation?.toLowerCase();\n    if (op === \"list\" && !name && extra.length === 0) {\n      return { command: matched.command, action: \"shared_list\" };\n    }\n    if ((op === \"create\" || op === \"update\" || op === \"delete\") && !!name && extra.length === 0) {\n      return {\n        command: matched.command,\n        action: `shared_${op}` as \"shared_create\" | \"shared_update\" | \"shared_delete\",\n        name,\n      };\n    }\n    return null;\n  }\n\n  if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n    return { command: matched.command, action: \"copy_shared\", name: operation };\n  }\n\n  // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n  // generic login page and let the portal handle provider choice.\n  if (!operation && extra.length === 0) return { command: matched.command, action: \"setup\" };\n\n  return null;\n}\n"]}

package/dist/login/portal.d.ts

@@ -0,0 +1,19 @@
+import { type Server } from "http";
+import { type SessionViewInteractiveOptions } from "../session-view/portal.js";
+import type { InMemorySessionViewTokenStore } from "../session-view/store.js";
+import type { InMemoryLinkTokenStore } from "./session.js";
+import { type VaultManager } from "../vault.js";
+/** Called after a binding is written, to notify the user in chat */
+export type NotifyFn = (platform: string, conversationId: string, message: string) => Promise<void>;
+/**
+ * Start a small HTTP server that receives credential onboarding callbacks from the web portal.
+ *
+ * Routes:
+ *   GET  /health              — health check
+ *   GET  /link?token=xxx      — credential onboarding page
+ *   POST /api/link/complete   — API key completion endpoint
+ *   POST /api/oauth/start     — creates provider OAuth redirect URL
+ *   GET  /oauth/callback      — OAuth callback endpoint
+ */
+export declare function startLinkServer(port: number, linkTokenStore: InMemoryLinkTokenStore, vaultManager: VaultManager, notify: NotifyFn, sessionViewTokenStore?: InMemorySessionViewTokenStore, sessionViewInteractive?: SessionViewInteractiveOptions): Server;
+//# sourceMappingURL=portal.d.ts.map