npm - @geminixiang/mikan - Versions diffs - 0.4.0-beta.0 → 0.4.0 - Mend

@geminixiang/mikan 0.4.0-beta.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/CHANGELOG.md +19 -0
package/dist/agent.d.ts.map +1 -1
package/dist/agent.js +7 -1
package/dist/agent.js.map +1 -1
package/dist/events.d.ts +1 -0
package/dist/events.d.ts.map +1 -1
package/dist/events.js +22 -34
package/dist/events.js.map +1 -1
package/dist/observability/sentry.d.ts +10 -2
package/dist/observability/sentry.d.ts.map +1 -1
package/dist/observability/sentry.js +70 -6
package/dist/observability/sentry.js.map +1 -1
package/dist/observability/types.d.ts +16 -0
package/dist/observability/types.d.ts.map +1 -1
package/dist/observability/types.js.map +1 -1
package/dist/runtime/conversation-orchestrator.d.ts.map +1 -1
package/dist/runtime/conversation-orchestrator.js +15 -6
package/dist/runtime/conversation-orchestrator.js.map +1 -1
package/dist/web/login/oauth.d.ts.map +1 -1
package/dist/web/login/oauth.js +93 -95
package/dist/web/login/oauth.js.map +1 -1
package/package.json +1 -1

package/dist/runtime/conversation-orchestrator.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"conversation-orchestrator.d.ts","sourceRoot":"","sources":["../../src/runtime/conversation-orchestrator.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAY5E,YAAY,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE9E,UAAU,+BAA+B;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,SAAS,cAAc,EAAE,CAAC;IAC3C,eAAe,EAAE,eAAe,CAAC;IACjC,cAAc,EAAE,MAAM,OAAO,CAAC;IAC9B,QAAQ,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,wBAAwB,GAAG,SAAS,CAAC;IACvE,gBAAgB,EAAE,CAAC,OAAO,EAAE;QAC1B,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,KAAK,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACxC,sBAAsB,EAAE,CAAC,OAAO,EAAE;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC;IAC9F,gBAAgB,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACtD,eAAe,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACrD,aAAa,EAAE,MAAM,IAAI,CAAC;CAC3B;AAED,qBAAa,wBAAwB;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAApC,YAA6B,OAAO,EAAE,+BAA+B,EAAI;IAEnE,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8G3E;YAEa,sBAAsB;CAyFrC","sourcesContent":["import type { BotAdapters, PlatformName } from \"../adapter.js\";\nimport { waitForThreadSessionBootstrap } from \"../sessions/chat-session-manager.js\";\nimport { dispatchCommand } from \"../commands/registry.js\";\nimport type { CommandHandler, CommandServices } from \"../commands/types.js\";\nimport { isPrivateConversation } from \"../commands/utils.js\";\nimport * as log from \"../log.js\";\nimport {\n addLifecycleBreadcrumb,\n applyRunScope,\n reportUserFacingError,\n} from \"../observability/sentry.js\";\nimport { formatStopped } from \"../platform-messages.js\";\nimport * as Sentry from \"@sentry/node\";\nimport { join } from \"path\";\n\nexport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\nimport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\n\ninterface ConversationOrchestratorOptions {\n workingDir: string;\n commandHandlers: readonly CommandHandler[];\n commandServices: CommandServices;\n isShuttingDown: () => boolean;\n getState: (sessionKey: string) => ConversationRuntimeState \| undefined;\n getOrCreateState: (options: {\n conversationId: string;\n sessionKey: string;\n currentMessageId?: string;\n }) => Promise<ConversationRuntimeState>;\n hasMaterializedSession: (options: { conversationDir: string; sessionKey: string }) => boolean;\n beforeRunTracked: (runPromise: Promise<void>) => void;\n afterRunTracked: (runPromise: Promise<void>) => void;\n onRunFinished: () => void;\n}\n\nexport class ConversationOrchestrator {\n constructor(private readonly options: ConversationOrchestratorOptions) {}\n\n async runSession({ event, bot, adapters }: RunSessionOptions): Promise<void> {\n const conversationId = event.conversationId;\n if (this.options.isShuttingDown()) {\n log.logInfo(\n `[${conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`,\n );\n return;\n }\n\n const sessionKey = event.sessionKey ?? `${conversationId}:${event.thread_ts ?? event.ts}`;\n const privateConversation = isPrivateConversation(event);\n const handledCommand = await dispatchCommand(this.options.commandHandlers, {\n bot,\n responseCtx: adapters.responseCtx,\n platform: adapters.platform.name as PlatformName,\n platformUserId: event.user,\n conversationId,\n vaultConversationId: event.vaultConversationId,\n sessionKey,\n commandText: event.text,\n privateConversation,\n services: this.options.commandServices,\n });\n if (handledCommand) return;\n\n const conversationDir = join(this.options.workingDir, conversationId);\n const waitedForParent = await waitForThreadSessionBootstrap({\n parentSessionKey: conversationId,\n sessionKey,\n hasThreadSession: () => this.options.hasMaterializedSession({ conversationDir, sessionKey }),\n isParentRunning: () => this.options.getState(conversationId)?.running === true,\n });\n if (waitedForParent) {\n log.logInfo(\n `[${conversationId}] Delayed thread bootstrap until parent session sealed: ${sessionKey}`,\n );\n }\n\n let state: ConversationRuntimeState;\n try {\n state = await this.options.getOrCreateState({\n conversationId,\n sessionKey,\n currentMessageId: event.ts,\n });\n state.runner.syncChatHistory(event.ts);\n } catch (err) {\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"session_setup\",\n operation: \"get_or_create_state\",\n severity: \"error\",\n platform: adapters.platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: adapters.message.id,\n threadTs: adapters.message.threadTs,\n attachmentCount: adapters.message.attachments?.length ?? 0,\n },\n });\n throw err;\n }\n\n state.running = true;\n state.stopRequested = false;\n state.startedAt = Date.now();\n state.lastActivityAt = Date.now();\n\n log.logInfo(`[${conversationId}] Starting run: ${event.text.substring(0, 50)}`);\n\n const runPromise = (async () => {\n try {\n const result = await this.runWithInstrumentation(\n adapters,\n { conversationId, sessionKey, startedAt: state.startedAt },\n async () => {\n await adapters.responseCtx.setTyping(true);\n await adapters.responseCtx.setWorking(true);\n const runnerResult = await state.runner.run(\n adapters.message,\n adapters.responseCtx,\n adapters.platform,\n );\n await adapters.responseCtx.setWorking(false);\n return runnerResult;\n },\n );\n\n if (result?.stopReason === \"aborted\" && state.stopRequested) {\n if (state.stopMessageTs) {\n await bot.updateMessage(conversationId, state.stopMessageTs, formatStopped(bot));\n state.stopMessageTs = undefined;\n } else {\n await bot.postMessage(conversationId, formatStopped(bot));\n }\n }\n } finally {\n state.running = false;\n state.lastAccessedAt = Date.now();\n this.options.onRunFinished();\n }\n })();\n\n this.options.beforeRunTracked(runPromise);\n try {\n await runPromise;\n } finally {\n this.options.afterRunTracked(runPromise);\n }\n }\n\n private async runWithInstrumentation(\n adapters: BotAdapters,\n meta: {\n conversationId: string;\n sessionKey: string;\n startedAt: number;\n },\n body: () => Promise<{ stopReason: string; errorMessage?: string }>,\n ): Promise<{ stopReason: string; errorMessage?: string } \| undefined> {\n const { conversationId, sessionKey, startedAt } = meta;\n const { message, platform } = adapters;\n\n Sentry.metrics.count(\"agent.run.started\", 1, {\n attributes: { channel: conversationId },\n });\n\n return Sentry.startSpan(\n { name: \"agent.run\", op: \"agent\", attributes: { conversationId, sessionKey } },\n async () =>\n Sentry.withScope(async (scope) => {\n applyRunScope(scope, {\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n addLifecycleBreadcrumb(\"agent.run.started\", {\n channel_id: conversationId,\n platform: platform.name,\n has_attachments: (message.attachments?.length ?? 0) > 0,\n });\n\n try {\n const result = await body();\n const durationMs = Date.now() - startedAt;\n const completionAttrs = {\n channel: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n };\n Sentry.metrics.distribution(\"agent.run.duration\", durationMs, {\n unit: \"millisecond\",\n attributes: completionAttrs,\n });\n Sentry.metrics.count(\"agent.run.completed\", 1, { attributes: completionAttrs });\n addLifecycleBreadcrumb(\"agent.run.completed\", {\n channel_id: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n duration_ms: durationMs,\n });\n return result;\n } catch (err) {\n scope.setContext(\"agent_run_error\", {\n conversationId,\n sessionKey,\n platform: platform.name,\n messageId: message.id,\n threadTs: message.threadTs,\n });\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"agent_run\",\n operation: \"run\",\n severity: \"error\",\n platform: platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: message.id,\n threadTs: message.threadTs,\n attachmentCount: message.attachments?.length ?? 0,\n },\n });\n Sentry.metrics.count(\"agent.run.errors\", 1, {\n attributes: { channel: conversationId, platform: platform.name },\n });\n log.logWarning(\n `[${conversationId}] Run error`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }),\n );\n }\n}\n"]}
1	+ {"version":3,"file":"conversation-orchestrator.d.ts","sourceRoot":"","sources":["../../src/runtime/conversation-orchestrator.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAc5E,YAAY,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE9E,UAAU,+BAA+B;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,SAAS,cAAc,EAAE,CAAC;IAC3C,eAAe,EAAE,eAAe,CAAC;IACjC,cAAc,EAAE,MAAM,OAAO,CAAC;IAC9B,QAAQ,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,wBAAwB,GAAG,SAAS,CAAC;IACvE,gBAAgB,EAAE,CAAC,OAAO,EAAE;QAC1B,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,KAAK,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACxC,sBAAsB,EAAE,CAAC,OAAO,EAAE;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC;IAC9F,gBAAgB,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACtD,eAAe,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACrD,aAAa,EAAE,MAAM,IAAI,CAAC;CAC3B;AAED,qBAAa,wBAAwB;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAApC,YAA6B,OAAO,EAAE,+BAA+B,EAAI;IAEnE,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8G3E;YAEa,sBAAsB;CAmGrC","sourcesContent":["import type { BotAdapters, PlatformName } from \"../adapter.js\";\nimport { waitForThreadSessionBootstrap } from \"../sessions/chat-session-manager.js\";\nimport { dispatchCommand } from \"../commands/registry.js\";\nimport type { CommandHandler, CommandServices } from \"../commands/types.js\";\nimport { isPrivateConversation } from \"../commands/utils.js\";\nimport * as log from \"../log.js\";\nimport {\n addLifecycleBreadcrumb,\n applyRunScope,\n createRunAttributionAttributes,\n registerTraceAttribution,\n reportUserFacingError,\n} from \"../observability/sentry.js\";\nimport { formatStopped } from \"../platform-messages.js\";\nimport * as Sentry from \"@sentry/node\";\nimport { join } from \"path\";\n\nexport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\nimport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\n\ninterface ConversationOrchestratorOptions {\n workingDir: string;\n commandHandlers: readonly CommandHandler[];\n commandServices: CommandServices;\n isShuttingDown: () => boolean;\n getState: (sessionKey: string) => ConversationRuntimeState \| undefined;\n getOrCreateState: (options: {\n conversationId: string;\n sessionKey: string;\n currentMessageId?: string;\n }) => Promise<ConversationRuntimeState>;\n hasMaterializedSession: (options: { conversationDir: string; sessionKey: string }) => boolean;\n beforeRunTracked: (runPromise: Promise<void>) => void;\n afterRunTracked: (runPromise: Promise<void>) => void;\n onRunFinished: () => void;\n}\n\nexport class ConversationOrchestrator {\n constructor(private readonly options: ConversationOrchestratorOptions) {}\n\n async runSession({ event, bot, adapters }: RunSessionOptions): Promise<void> {\n const conversationId = event.conversationId;\n if (this.options.isShuttingDown()) {\n log.logInfo(\n `[${conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`,\n );\n return;\n }\n\n const sessionKey = event.sessionKey ?? `${conversationId}:${event.thread_ts ?? event.ts}`;\n const privateConversation = isPrivateConversation(event);\n const handledCommand = await dispatchCommand(this.options.commandHandlers, {\n bot,\n responseCtx: adapters.responseCtx,\n platform: adapters.platform.name as PlatformName,\n platformUserId: event.user,\n conversationId,\n vaultConversationId: event.vaultConversationId,\n sessionKey,\n commandText: event.text,\n privateConversation,\n services: this.options.commandServices,\n });\n if (handledCommand) return;\n\n const conversationDir = join(this.options.workingDir, conversationId);\n const waitedForParent = await waitForThreadSessionBootstrap({\n parentSessionKey: conversationId,\n sessionKey,\n hasThreadSession: () => this.options.hasMaterializedSession({ conversationDir, sessionKey }),\n isParentRunning: () => this.options.getState(conversationId)?.running === true,\n });\n if (waitedForParent) {\n log.logInfo(\n `[${conversationId}] Delayed thread bootstrap until parent session sealed: ${sessionKey}`,\n );\n }\n\n let state: ConversationRuntimeState;\n try {\n state = await this.options.getOrCreateState({\n conversationId,\n sessionKey,\n currentMessageId: event.ts,\n });\n state.runner.syncChatHistory(event.ts);\n } catch (err) {\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"session_setup\",\n operation: \"get_or_create_state\",\n severity: \"error\",\n platform: adapters.platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: adapters.message.id,\n threadTs: adapters.message.threadTs,\n attachmentCount: adapters.message.attachments?.length ?? 0,\n },\n });\n throw err;\n }\n\n state.running = true;\n state.stopRequested = false;\n state.startedAt = Date.now();\n state.lastActivityAt = Date.now();\n\n log.logInfo(`[${conversationId}] Starting run: ${event.text.substring(0, 50)}`);\n\n const runPromise = (async () => {\n try {\n const result = await this.runWithInstrumentation(\n adapters,\n { conversationId, sessionKey, startedAt: state.startedAt },\n async () => {\n await adapters.responseCtx.setTyping(true);\n await adapters.responseCtx.setWorking(true);\n const runnerResult = await state.runner.run(\n adapters.message,\n adapters.responseCtx,\n adapters.platform,\n );\n await adapters.responseCtx.setWorking(false);\n return runnerResult;\n },\n );\n\n if (result?.stopReason === \"aborted\" && state.stopRequested) {\n if (state.stopMessageTs) {\n await bot.updateMessage(conversationId, state.stopMessageTs, formatStopped(bot));\n state.stopMessageTs = undefined;\n } else {\n await bot.postMessage(conversationId, formatStopped(bot));\n }\n }\n } finally {\n state.running = false;\n state.lastAccessedAt = Date.now();\n this.options.onRunFinished();\n }\n })();\n\n this.options.beforeRunTracked(runPromise);\n try {\n await runPromise;\n } finally {\n this.options.afterRunTracked(runPromise);\n }\n }\n\n private async runWithInstrumentation(\n adapters: BotAdapters,\n meta: {\n conversationId: string;\n sessionKey: string;\n startedAt: number;\n },\n body: () => Promise<{ stopReason: string; errorMessage?: string }>,\n ): Promise<{ stopReason: string; errorMessage?: string } \| undefined> {\n const { conversationId, sessionKey, startedAt } = meta;\n const { message, platform } = adapters;\n\n const attribution = createRunAttributionAttributes({\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n\n Sentry.metrics.count(\"agent.run.started\", 1, {\n attributes: attribution,\n });\n\n return Sentry.startSpan(\n { name: \"agent.run\", op: \"agent\", attributes: attribution },\n async (span) =>\n Sentry.withScope(async (scope) => {\n registerTraceAttribution(span, attribution);\n applyRunScope(scope, {\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n addLifecycleBreadcrumb(\"agent.run.started\", {\n channel_id: conversationId,\n platform: platform.name,\n has_attachments: (message.attachments?.length ?? 0) > 0,\n });\n\n try {\n const result = await body();\n const durationMs = Date.now() - startedAt;\n const completionAttrs = {\n ...attribution,\n stop_reason: result.stopReason,\n };\n Sentry.metrics.distribution(\"agent.run.duration\", durationMs, {\n unit: \"millisecond\",\n attributes: completionAttrs,\n });\n Sentry.metrics.count(\"agent.run.completed\", 1, { attributes: completionAttrs });\n addLifecycleBreadcrumb(\"agent.run.completed\", {\n channel_id: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n duration_ms: durationMs,\n });\n return result;\n } catch (err) {\n scope.setContext(\"agent_run_error\", {\n conversationId,\n sessionKey,\n platform: platform.name,\n messageId: message.id,\n threadTs: message.threadTs,\n });\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"agent_run\",\n operation: \"run\",\n severity: \"error\",\n platform: platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: message.id,\n threadTs: message.threadTs,\n attachmentCount: message.attachments?.length ?? 0,\n },\n });\n Sentry.metrics.count(\"agent.run.errors\", 1, {\n attributes: attribution,\n });\n log.logWarning(\n `[${conversationId}] Run error`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }),\n );\n }\n}\n"]}

package/dist/runtime/conversation-orchestrator.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { waitForThreadSessionBootstrap } from "../sessions/chat-session-manager.
 import { dispatchCommand } from "../commands/registry.js";
 import { isPrivateConversation } from "../commands/utils.js";
 import * as log from "../log.js";
-import { addLifecycleBreadcrumb, applyRunScope, reportUserFacingError, } from "../observability/sentry.js";
+import { addLifecycleBreadcrumb, applyRunScope, createRunAttributionAttributes, registerTraceAttribution, reportUserFacingError, } from "../observability/sentry.js";
 import { formatStopped } from "../platform-messages.js";
 import * as Sentry from "@sentry/node";
 import { join } from "path";
@@ -109,10 +109,20 @@ export class ConversationOrchestrator {
     async runWithInstrumentation(adapters, meta, body) {
         const { conversationId, sessionKey, startedAt } = meta;
         const { message, platform } = adapters;
+        const attribution = createRunAttributionAttributes({
+            conversationId,
+            sessionKey,
+            messageId: message.id,
+            platform: platform.name,
+            userId: message.userId,
+            userName: message.userName,
+            threadTs: message.threadTs,
+        });
         Sentry.metrics.count("agent.run.started", 1, {
-            attributes: { channel: conversationId },
+            attributes: attribution,
         });
-        return Sentry.startSpan({ name: "agent.run", op: "agent", attributes: { conversationId, sessionKey } }, async () => Sentry.withScope(async (scope) => {
+        return Sentry.startSpan({ name: "agent.run", op: "agent", attributes: attribution }, async (span) => Sentry.withScope(async (scope) => {
+            registerTraceAttribution(span, attribution);
             applyRunScope(scope, {
                 conversationId,
                 sessionKey,
@@ -131,8 +141,7 @@ export class ConversationOrchestrator {
                 const result = await body();
                 const durationMs = Date.now() - startedAt;
                 const completionAttrs = {
-                    channel: conversationId,
-                    platform: platform.name,
+                    ...attribution,
                     stop_reason: result.stopReason,
                 };
                 Sentry.metrics.distribution("agent.run.duration", durationMs, {
@@ -171,7 +180,7 @@ export class ConversationOrchestrator {
                     },
                 });
                 Sentry.metrics.count("agent.run.errors", 1, {
-                    attributes: { channel: conversationId, platform: platform.name },
+                    attributes: attribution,
                 });
                 log.logWarning(`[${conversationId}] Run error`, err instanceof Error ? err.message : String(err));
                 return undefined;

package/dist/runtime/conversation-orchestrator.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"conversation-orchestrator.js","sourceRoot":"","sources":["../../src/runtime/conversation-orchestrator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AACpF,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,GAAG,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,aAAa,EACb,qBAAqB,GACtB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,MAAM,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAsB5B,MAAM,OAAO,wBAAwB;IACnC,YAA6B,OAAwC;uBAAxC,OAAO;IAAoC,CAAC;IAEzE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAqB;QAC1D,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;QAC5C,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;YAClC,GAAG,CAAC,OAAO,CACT,IAAI,cAAc,qCAAqC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CACrF,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG,cAAc,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QAC1F,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE;YACzE,GAAG;YACH,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAoB;YAChD,cAAc,EAAE,KAAK,CAAC,IAAI;YAC1B,cAAc;YACd,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;YAC9C,UAAU;YACV,WAAW,EAAE,KAAK,CAAC,IAAI;YACvB,mBAAmB;YACnB,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;SACvC,CAAC,CAAC;QACH,IAAI,cAAc;YAAE,OAAO;QAE3B,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACtE,MAAM,eAAe,GAAG,MAAM,6BAA6B,CAAC;YAC1D,gBAAgB,EAAE,cAAc;YAChC,UAAU;YACV,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC;YAC5F,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,KAAK,IAAI;SAC/E,CAAC,CAAC;QACH,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,OAAO,CACT,IAAI,cAAc,2DAA2D,UAAU,EAAE,CAC1F,CAAC;QACJ,CAAC;QAED,IAAI,KAA+B,CAAC;QACpC,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAC1C,cAAc;gBACd,UAAU;gBACV,gBAAgB,EAAE,KAAK,CAAC,EAAE;aAC3B,CAAC,CAAC;YACH,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,CAAC,GAAG,EAAE;gBACzB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,eAAe;gBACxB,SAAS,EAAE,qBAAqB;gBAChC,QAAQ,EAAE,OAAO;gBACjB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI;gBAChC,OAAO,EAAE;oBACP,cAAc;oBACd,UAAU;oBACV,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE;oBAC9B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ;oBACnC,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC;iBAC3D;aACF,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;QACrB,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC;QAC5B,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAElC,GAAG,CAAC,OAAO,CAAC,IAAI,cAAc,mBAAmB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAEhF,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC9C,QAAQ,EACR,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC1D,KAAK,IAAI,EAAE;oBACT,MAAM,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC3C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;oBAC5C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,CACzC,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,QAAQ,CAClB,CAAC;oBACF,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAC7C,OAAO,YAAY,CAAC;gBACtB,CAAC,CACF,CAAC;gBAEF,IAAI,MAAM,EAAE,UAAU,KAAK,SAAS,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;oBAC5D,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,aAAa,CAAC,cAAc,EAAE,KAAK,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;wBACjF,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC;oBAClC,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC;gBACtB,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAClC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,UAAU,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAClC,QAAqB,EACrB,IAIC,EACD,IAAkE;QAElE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAEvC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC,EAAE;YAC3C,UAAU,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE;SACxC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,SAAS,CACrB,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,EAAE,EAC9E,KAAK,IAAI,EAAE,CACT,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YAC/B,aAAa,CAAC,KAAK,EAAE;gBACnB,cAAc;gBACd,UAAU;gBACV,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;YACH,sBAAsB,CAAC,mBAAmB,EAAE;gBAC1C,UAAU,EAAE,cAAc;gBAC1B,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,eAAe,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAC1C,MAAM,eAAe,GAAG;oBACtB,OAAO,EAAE,cAAc;oBACvB,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,WAAW,EAAE,MAAM,CAAC,UAAU;iBAC/B,CAAC;gBACF,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,oBAAoB,EAAE,UAAU,EAAE;oBAC5D,IAAI,EAAE,aAAa;oBACnB,UAAU,EAAE,eAAe;iBAC5B,CAAC,CAAC;gBACH,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAC;gBAChF,sBAAsB,CAAC,qBAAqB,EAAE;oBAC5C,UAAU,EAAE,cAAc;oBAC1B,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,WAAW,EAAE,MAAM,CAAC,UAAU;oBAC9B,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAC;gBACH,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,KAAK,CAAC,UAAU,CAAC,iBAAiB,EAAE;oBAClC,cAAc;oBACd,UAAU;oBACV,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAC;gBACH,qBAAqB,CAAC,GAAG,EAAE;oBACzB,MAAM,EAAE,OAAO;oBACf,OAAO,EAAE,WAAW;oBACpB,SAAS,EAAE,KAAK;oBAChB,QAAQ,EAAE,OAAO;oBACjB,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,OAAO,EAAE;wBACP,cAAc;wBACd,UAAU;wBACV,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,eAAe,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC;qBAClD;iBACF,CAAC,CAAC;gBACH,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,EAAE;oBAC1C,UAAU,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE;iBACjE,CAAC,CAAC;gBACH,GAAG,CAAC,UAAU,CACZ,IAAI,cAAc,aAAa,EAC/B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;gBACF,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CACL,CAAC;IACJ,CAAC;CACF","sourcesContent":["import type { BotAdapters, PlatformName } from \"../adapter.js\";\nimport { waitForThreadSessionBootstrap } from \"../sessions/chat-session-manager.js\";\nimport { dispatchCommand } from \"../commands/registry.js\";\nimport type { CommandHandler, CommandServices } from \"../commands/types.js\";\nimport { isPrivateConversation } from \"../commands/utils.js\";\nimport * as log from \"../log.js\";\nimport {\n addLifecycleBreadcrumb,\n applyRunScope,\n reportUserFacingError,\n} from \"../observability/sentry.js\";\nimport { formatStopped } from \"../platform-messages.js\";\nimport * as Sentry from \"@sentry/node\";\nimport { join } from \"path\";\n\nexport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\nimport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\n\ninterface ConversationOrchestratorOptions {\n workingDir: string;\n commandHandlers: readonly CommandHandler[];\n commandServices: CommandServices;\n isShuttingDown: () => boolean;\n getState: (sessionKey: string) => ConversationRuntimeState \| undefined;\n getOrCreateState: (options: {\n conversationId: string;\n sessionKey: string;\n currentMessageId?: string;\n }) => Promise<ConversationRuntimeState>;\n hasMaterializedSession: (options: { conversationDir: string; sessionKey: string }) => boolean;\n beforeRunTracked: (runPromise: Promise<void>) => void;\n afterRunTracked: (runPromise: Promise<void>) => void;\n onRunFinished: () => void;\n}\n\nexport class ConversationOrchestrator {\n constructor(private readonly options: ConversationOrchestratorOptions) {}\n\n async runSession({ event, bot, adapters }: RunSessionOptions): Promise<void> {\n const conversationId = event.conversationId;\n if (this.options.isShuttingDown()) {\n log.logInfo(\n `[${conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`,\n );\n return;\n }\n\n const sessionKey = event.sessionKey ?? `${conversationId}:${event.thread_ts ?? event.ts}`;\n const privateConversation = isPrivateConversation(event);\n const handledCommand = await dispatchCommand(this.options.commandHandlers, {\n bot,\n responseCtx: adapters.responseCtx,\n platform: adapters.platform.name as PlatformName,\n platformUserId: event.user,\n conversationId,\n vaultConversationId: event.vaultConversationId,\n sessionKey,\n commandText: event.text,\n privateConversation,\n services: this.options.commandServices,\n });\n if (handledCommand) return;\n\n const conversationDir = join(this.options.workingDir, conversationId);\n const waitedForParent = await waitForThreadSessionBootstrap({\n parentSessionKey: conversationId,\n sessionKey,\n hasThreadSession: () => this.options.hasMaterializedSession({ conversationDir, sessionKey }),\n isParentRunning: () => this.options.getState(conversationId)?.running === true,\n });\n if (waitedForParent) {\n log.logInfo(\n `[${conversationId}] Delayed thread bootstrap until parent session sealed: ${sessionKey}`,\n );\n }\n\n let state: ConversationRuntimeState;\n try {\n state = await this.options.getOrCreateState({\n conversationId,\n sessionKey,\n currentMessageId: event.ts,\n });\n state.runner.syncChatHistory(event.ts);\n } catch (err) {\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"session_setup\",\n operation: \"get_or_create_state\",\n severity: \"error\",\n platform: adapters.platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: adapters.message.id,\n threadTs: adapters.message.threadTs,\n attachmentCount: adapters.message.attachments?.length ?? 0,\n },\n });\n throw err;\n }\n\n state.running = true;\n state.stopRequested = false;\n state.startedAt = Date.now();\n state.lastActivityAt = Date.now();\n\n log.logInfo(`[${conversationId}] Starting run: ${event.text.substring(0, 50)}`);\n\n const runPromise = (async () => {\n try {\n const result = await this.runWithInstrumentation(\n adapters,\n { conversationId, sessionKey, startedAt: state.startedAt },\n async () => {\n await adapters.responseCtx.setTyping(true);\n await adapters.responseCtx.setWorking(true);\n const runnerResult = await state.runner.run(\n adapters.message,\n adapters.responseCtx,\n adapters.platform,\n );\n await adapters.responseCtx.setWorking(false);\n return runnerResult;\n },\n );\n\n if (result?.stopReason === \"aborted\" && state.stopRequested) {\n if (state.stopMessageTs) {\n await bot.updateMessage(conversationId, state.stopMessageTs, formatStopped(bot));\n state.stopMessageTs = undefined;\n } else {\n await bot.postMessage(conversationId, formatStopped(bot));\n }\n }\n } finally {\n state.running = false;\n state.lastAccessedAt = Date.now();\n this.options.onRunFinished();\n }\n })();\n\n this.options.beforeRunTracked(runPromise);\n try {\n await runPromise;\n } finally {\n this.options.afterRunTracked(runPromise);\n }\n }\n\n private async runWithInstrumentation(\n adapters: BotAdapters,\n meta: {\n conversationId: string;\n sessionKey: string;\n startedAt: number;\n },\n body: () => Promise<{ stopReason: string; errorMessage?: string }>,\n ): Promise<{ stopReason: string; errorMessage?: string } \| undefined> {\n const { conversationId, sessionKey, startedAt } = meta;\n const { message, platform } = adapters;\n\n Sentry.metrics.count(\"agent.run.started\", 1, {\n attributes: { channel: conversationId },\n });\n\n return Sentry.startSpan(\n { name: \"agent.run\", op: \"agent\", attributes: { conversationId, sessionKey } },\n async () =>\n Sentry.withScope(async (scope) => {\n applyRunScope(scope, {\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n addLifecycleBreadcrumb(\"agent.run.started\", {\n channel_id: conversationId,\n platform: platform.name,\n has_attachments: (message.attachments?.length ?? 0) > 0,\n });\n\n try {\n const result = await body();\n const durationMs = Date.now() - startedAt;\n const completionAttrs = {\n channel: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n };\n Sentry.metrics.distribution(\"agent.run.duration\", durationMs, {\n unit: \"millisecond\",\n attributes: completionAttrs,\n });\n Sentry.metrics.count(\"agent.run.completed\", 1, { attributes: completionAttrs });\n addLifecycleBreadcrumb(\"agent.run.completed\", {\n channel_id: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n duration_ms: durationMs,\n });\n return result;\n } catch (err) {\n scope.setContext(\"agent_run_error\", {\n conversationId,\n sessionKey,\n platform: platform.name,\n messageId: message.id,\n threadTs: message.threadTs,\n });\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"agent_run\",\n operation: \"run\",\n severity: \"error\",\n platform: platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: message.id,\n threadTs: message.threadTs,\n attachmentCount: message.attachments?.length ?? 0,\n },\n });\n Sentry.metrics.count(\"agent.run.errors\", 1, {\n attributes: { channel: conversationId, platform: platform.name },\n });\n log.logWarning(\n `[${conversationId}] Run error`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }),\n );\n }\n}\n"]}
1	+ {"version":3,"file":"conversation-orchestrator.js","sourceRoot":"","sources":["../../src/runtime/conversation-orchestrator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AACpF,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,GAAG,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,aAAa,EACb,8BAA8B,EAC9B,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,MAAM,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAsB5B,MAAM,OAAO,wBAAwB;IACnC,YAA6B,OAAwC;uBAAxC,OAAO;IAAoC,CAAC;IAEzE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAqB;QAC1D,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;QAC5C,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;YAClC,GAAG,CAAC,OAAO,CACT,IAAI,cAAc,qCAAqC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CACrF,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG,cAAc,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QAC1F,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE;YACzE,GAAG;YACH,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAoB;YAChD,cAAc,EAAE,KAAK,CAAC,IAAI;YAC1B,cAAc;YACd,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;YAC9C,UAAU;YACV,WAAW,EAAE,KAAK,CAAC,IAAI;YACvB,mBAAmB;YACnB,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;SACvC,CAAC,CAAC;QACH,IAAI,cAAc;YAAE,OAAO;QAE3B,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACtE,MAAM,eAAe,GAAG,MAAM,6BAA6B,CAAC;YAC1D,gBAAgB,EAAE,cAAc;YAChC,UAAU;YACV,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC;YAC5F,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,KAAK,IAAI;SAC/E,CAAC,CAAC;QACH,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,OAAO,CACT,IAAI,cAAc,2DAA2D,UAAU,EAAE,CAC1F,CAAC;QACJ,CAAC;QAED,IAAI,KAA+B,CAAC;QACpC,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAC1C,cAAc;gBACd,UAAU;gBACV,gBAAgB,EAAE,KAAK,CAAC,EAAE;aAC3B,CAAC,CAAC;YACH,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,CAAC,GAAG,EAAE;gBACzB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,eAAe;gBACxB,SAAS,EAAE,qBAAqB;gBAChC,QAAQ,EAAE,OAAO;gBACjB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI;gBAChC,OAAO,EAAE;oBACP,cAAc;oBACd,UAAU;oBACV,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE;oBAC9B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ;oBACnC,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC;iBAC3D;aACF,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;QACrB,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC;QAC5B,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAElC,GAAG,CAAC,OAAO,CAAC,IAAI,cAAc,mBAAmB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAEhF,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC9C,QAAQ,EACR,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC1D,KAAK,IAAI,EAAE;oBACT,MAAM,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC3C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;oBAC5C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,CACzC,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,QAAQ,CAClB,CAAC;oBACF,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAC7C,OAAO,YAAY,CAAC;gBACtB,CAAC,CACF,CAAC;gBAEF,IAAI,MAAM,EAAE,UAAU,KAAK,SAAS,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;oBAC5D,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,aAAa,CAAC,cAAc,EAAE,KAAK,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;wBACjF,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC;oBAClC,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC;gBACtB,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAClC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,UAAU,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAClC,QAAqB,EACrB,IAIC,EACD,IAAkE;QAElE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAEvC,MAAM,WAAW,GAAG,8BAA8B,CAAC;YACjD,cAAc;YACd,UAAU;YACV,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC,CAAC;QAEH,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC,EAAE;YAC3C,UAAU,EAAE,WAAW;SACxB,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,SAAS,CACrB,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,EAC3D,KAAK,EAAE,IAAI,EAAE,EAAE,CACb,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YAC/B,wBAAwB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC5C,aAAa,CAAC,KAAK,EAAE;gBACnB,cAAc;gBACd,UAAU;gBACV,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;YACH,sBAAsB,CAAC,mBAAmB,EAAE;gBAC1C,UAAU,EAAE,cAAc;gBAC1B,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,eAAe,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAC1C,MAAM,eAAe,GAAG;oBACtB,GAAG,WAAW;oBACd,WAAW,EAAE,MAAM,CAAC,UAAU;iBAC/B,CAAC;gBACF,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,oBAAoB,EAAE,UAAU,EAAE;oBAC5D,IAAI,EAAE,aAAa;oBACnB,UAAU,EAAE,eAAe;iBAC5B,CAAC,CAAC;gBACH,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAC;gBAChF,sBAAsB,CAAC,qBAAqB,EAAE;oBAC5C,UAAU,EAAE,cAAc;oBAC1B,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,WAAW,EAAE,MAAM,CAAC,UAAU;oBAC9B,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAC;gBACH,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,KAAK,CAAC,UAAU,CAAC,iBAAiB,EAAE;oBAClC,cAAc;oBACd,UAAU;oBACV,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAC;gBACH,qBAAqB,CAAC,GAAG,EAAE;oBACzB,MAAM,EAAE,OAAO;oBACf,OAAO,EAAE,WAAW;oBACpB,SAAS,EAAE,KAAK;oBAChB,QAAQ,EAAE,OAAO;oBACjB,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,OAAO,EAAE;wBACP,cAAc;wBACd,UAAU;wBACV,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,eAAe,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC;qBAClD;iBACF,CAAC,CAAC;gBACH,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,EAAE;oBAC1C,UAAU,EAAE,WAAW;iBACxB,CAAC,CAAC;gBACH,GAAG,CAAC,UAAU,CACZ,IAAI,cAAc,aAAa,EAC/B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;gBACF,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CACL,CAAC;IACJ,CAAC;CACF","sourcesContent":["import type { BotAdapters, PlatformName } from \"../adapter.js\";\nimport { waitForThreadSessionBootstrap } from \"../sessions/chat-session-manager.js\";\nimport { dispatchCommand } from \"../commands/registry.js\";\nimport type { CommandHandler, CommandServices } from \"../commands/types.js\";\nimport { isPrivateConversation } from \"../commands/utils.js\";\nimport * as log from \"../log.js\";\nimport {\n addLifecycleBreadcrumb,\n applyRunScope,\n createRunAttributionAttributes,\n registerTraceAttribution,\n reportUserFacingError,\n} from \"../observability/sentry.js\";\nimport { formatStopped } from \"../platform-messages.js\";\nimport * as Sentry from \"@sentry/node\";\nimport { join } from \"path\";\n\nexport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\nimport type { ConversationRuntimeState, RunSessionOptions } from \"./types.js\";\n\ninterface ConversationOrchestratorOptions {\n workingDir: string;\n commandHandlers: readonly CommandHandler[];\n commandServices: CommandServices;\n isShuttingDown: () => boolean;\n getState: (sessionKey: string) => ConversationRuntimeState \| undefined;\n getOrCreateState: (options: {\n conversationId: string;\n sessionKey: string;\n currentMessageId?: string;\n }) => Promise<ConversationRuntimeState>;\n hasMaterializedSession: (options: { conversationDir: string; sessionKey: string }) => boolean;\n beforeRunTracked: (runPromise: Promise<void>) => void;\n afterRunTracked: (runPromise: Promise<void>) => void;\n onRunFinished: () => void;\n}\n\nexport class ConversationOrchestrator {\n constructor(private readonly options: ConversationOrchestratorOptions) {}\n\n async runSession({ event, bot, adapters }: RunSessionOptions): Promise<void> {\n const conversationId = event.conversationId;\n if (this.options.isShuttingDown()) {\n log.logInfo(\n `[${conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`,\n );\n return;\n }\n\n const sessionKey = event.sessionKey ?? `${conversationId}:${event.thread_ts ?? event.ts}`;\n const privateConversation = isPrivateConversation(event);\n const handledCommand = await dispatchCommand(this.options.commandHandlers, {\n bot,\n responseCtx: adapters.responseCtx,\n platform: adapters.platform.name as PlatformName,\n platformUserId: event.user,\n conversationId,\n vaultConversationId: event.vaultConversationId,\n sessionKey,\n commandText: event.text,\n privateConversation,\n services: this.options.commandServices,\n });\n if (handledCommand) return;\n\n const conversationDir = join(this.options.workingDir, conversationId);\n const waitedForParent = await waitForThreadSessionBootstrap({\n parentSessionKey: conversationId,\n sessionKey,\n hasThreadSession: () => this.options.hasMaterializedSession({ conversationDir, sessionKey }),\n isParentRunning: () => this.options.getState(conversationId)?.running === true,\n });\n if (waitedForParent) {\n log.logInfo(\n `[${conversationId}] Delayed thread bootstrap until parent session sealed: ${sessionKey}`,\n );\n }\n\n let state: ConversationRuntimeState;\n try {\n state = await this.options.getOrCreateState({\n conversationId,\n sessionKey,\n currentMessageId: event.ts,\n });\n state.runner.syncChatHistory(event.ts);\n } catch (err) {\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"session_setup\",\n operation: \"get_or_create_state\",\n severity: \"error\",\n platform: adapters.platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: adapters.message.id,\n threadTs: adapters.message.threadTs,\n attachmentCount: adapters.message.attachments?.length ?? 0,\n },\n });\n throw err;\n }\n\n state.running = true;\n state.stopRequested = false;\n state.startedAt = Date.now();\n state.lastActivityAt = Date.now();\n\n log.logInfo(`[${conversationId}] Starting run: ${event.text.substring(0, 50)}`);\n\n const runPromise = (async () => {\n try {\n const result = await this.runWithInstrumentation(\n adapters,\n { conversationId, sessionKey, startedAt: state.startedAt },\n async () => {\n await adapters.responseCtx.setTyping(true);\n await adapters.responseCtx.setWorking(true);\n const runnerResult = await state.runner.run(\n adapters.message,\n adapters.responseCtx,\n adapters.platform,\n );\n await adapters.responseCtx.setWorking(false);\n return runnerResult;\n },\n );\n\n if (result?.stopReason === \"aborted\" && state.stopRequested) {\n if (state.stopMessageTs) {\n await bot.updateMessage(conversationId, state.stopMessageTs, formatStopped(bot));\n state.stopMessageTs = undefined;\n } else {\n await bot.postMessage(conversationId, formatStopped(bot));\n }\n }\n } finally {\n state.running = false;\n state.lastAccessedAt = Date.now();\n this.options.onRunFinished();\n }\n })();\n\n this.options.beforeRunTracked(runPromise);\n try {\n await runPromise;\n } finally {\n this.options.afterRunTracked(runPromise);\n }\n }\n\n private async runWithInstrumentation(\n adapters: BotAdapters,\n meta: {\n conversationId: string;\n sessionKey: string;\n startedAt: number;\n },\n body: () => Promise<{ stopReason: string; errorMessage?: string }>,\n ): Promise<{ stopReason: string; errorMessage?: string } \| undefined> {\n const { conversationId, sessionKey, startedAt } = meta;\n const { message, platform } = adapters;\n\n const attribution = createRunAttributionAttributes({\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n\n Sentry.metrics.count(\"agent.run.started\", 1, {\n attributes: attribution,\n });\n\n return Sentry.startSpan(\n { name: \"agent.run\", op: \"agent\", attributes: attribution },\n async (span) =>\n Sentry.withScope(async (scope) => {\n registerTraceAttribution(span, attribution);\n applyRunScope(scope, {\n conversationId,\n sessionKey,\n messageId: message.id,\n platform: platform.name,\n userId: message.userId,\n userName: message.userName,\n threadTs: message.threadTs,\n });\n addLifecycleBreadcrumb(\"agent.run.started\", {\n channel_id: conversationId,\n platform: platform.name,\n has_attachments: (message.attachments?.length ?? 0) > 0,\n });\n\n try {\n const result = await body();\n const durationMs = Date.now() - startedAt;\n const completionAttrs = {\n ...attribution,\n stop_reason: result.stopReason,\n };\n Sentry.metrics.distribution(\"agent.run.duration\", durationMs, {\n unit: \"millisecond\",\n attributes: completionAttrs,\n });\n Sentry.metrics.count(\"agent.run.completed\", 1, { attributes: completionAttrs });\n addLifecycleBreadcrumb(\"agent.run.completed\", {\n channel_id: conversationId,\n platform: platform.name,\n stop_reason: result.stopReason,\n duration_ms: durationMs,\n });\n return result;\n } catch (err) {\n scope.setContext(\"agent_run_error\", {\n conversationId,\n sessionKey,\n platform: platform.name,\n messageId: message.id,\n threadTs: message.threadTs,\n });\n reportUserFacingError(err, {\n domain: \"mikan\",\n surface: \"agent_run\",\n operation: \"run\",\n severity: \"error\",\n platform: platform.name,\n context: {\n conversationId,\n sessionKey,\n messageId: message.id,\n threadTs: message.threadTs,\n attachmentCount: message.attachments?.length ?? 0,\n },\n });\n Sentry.metrics.count(\"agent.run.errors\", 1, {\n attributes: attribution,\n });\n log.logWarning(\n `[${conversationId}] Run error`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }),\n );\n }\n}\n"]}

package/dist/web/login/oauth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../src/web/login/oauth.ts"],"names":[],"mappings":"AAKA,YAAY,EAAE,mBAAmB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,KAAK,EAAuB,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAqGxF,wBAAgB,gBAAgB,IAAI,YAAY,EAAE,CAoIjD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAM3E;AAID,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CA+BzE","sourcesContent":["import { matchCommand } from \"../../commands/parse.js\";\nimport { readEnv } from \"../../utils/env.js\";\nimport { isRecord, parseJsonValue } from \"../../utils/file-guards.js\";\nimport * as log from \"../../log.js\";\n\nexport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\nimport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n \"openid\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = readEnv(envKey);\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKeys: [\"GITHUB_OAUTH_ACCESS_TOKEN\", \"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n {\n id: \"google_cloud_sdk\",\n label: \"Google Cloud SDK (gcloud)\",\n aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_CLOUD_SDK_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gcloud-adc.json\",\n targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n },\n },\n ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n try {\n const custom = parsed\n .map((serviceValue): OAuthService \| null => {\n if (!isRecord(serviceValue)) return null;\n const obj = serviceValue;\n const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n const authorizationUrl =\n typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n const accessTokenEnvKeys: string[] = [];\n if (typeof obj.accessTokenEnvKey === \"string\" && obj.accessTokenEnvKey.trim()) {\n accessTokenEnvKeys.push(obj.accessTokenEnvKey.trim());\n }\n if (Array.isArray(obj.additionalAccessTokenEnvKeys)) {\n for (const k of obj.additionalAccessTokenEnvKeys) {\n if (typeof k === \"string\" && k.trim()) accessTokenEnvKeys.push(k.trim());\n }\n }\n // New unified form\n if (Array.isArray(obj.accessTokenEnvKeys)) {\n for (const k of obj.accessTokenEnvKeys) {\n if (typeof k === \"string\" && k.trim() && !accessTokenEnvKeys.includes(k.trim())) {\n accessTokenEnvKeys.push(k.trim());\n }\n }\n }\n if (\n !id \|\|\n !label \|\|\n !authorizationUrl \|\|\n !tokenUrl \|\|\n !clientIdEnvKey \|\|\n !clientSecretEnvKey\n ) {\n return null;\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(obj.fileOutput)) {\n const fileOutputObj = obj.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\"\n ? fileOutputObj.targetPath.trim()\n : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = {\n type: \"authorized_user\",\n relativePath,\n targetPath,\n envKey,\n additionalEnvKeys,\n };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(obj.aliases)\n ? obj.aliases\n .filter((v): v is string => typeof v === \"string\")\n .map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(obj.scopes)\n ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,\n refreshTokenEnvKey:\n typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(obj.authorizationParams)\n ? Object.fromEntries(\n Object.entries(obj.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n })\n .filter((service): service is OAuthService => service !== null);\n\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n } catch (err) {\n log.logWarning(\n \"Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n err instanceof Error ? err.message : String(err),\n );\n return builtins;\n }\n}\n\nexport function resolveOAuthService(input: string): OAuthService \| undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized \|\| service.aliases.includes(normalized),\n );\n}\n\nconst LOGIN_COMMANDS = [\"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand \| null {\n const matched = matchCommand(text, LOGIN_COMMANDS);\n if (!matched) return null;\n\n const [subcommand, operation, name, ...extra] = matched.args;\n\n if (!subcommand) return { action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { action: \"shared_list\" };\n }\n if ((op === \"create\" \|\| op === \"update\" \|\| op === \"delete\") && !!name && extra.length === 0) {\n return {\n action: `shared_${op}` as \"shared_create\" \| \"shared_update\" \| \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { action: \"setup\" };\n\n return null;\n}\n"]}
1	+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../src/web/login/oauth.ts"],"names":[],"mappings":"AAKA,YAAY,EAAE,mBAAmB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,KAAK,EAAuB,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AA4MxF,wBAAgB,gBAAgB,IAAI,YAAY,EAAE,CA8BjD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAM3E;AAID,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CA+BzE","sourcesContent":["import { matchCommand } from \"../../commands/parse.js\";\nimport { readEnv } from \"../../utils/env.js\";\nimport { isRecord, parseJsonValue } from \"../../utils/file-guards.js\";\nimport * as log from \"../../log.js\";\n\nexport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\nimport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n \"openid\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = readEnv(envKey);\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKeys: [\"GITHUB_OAUTH_ACCESS_TOKEN\", \"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n {\n id: \"google_cloud_sdk\",\n label: \"Google Cloud SDK (gcloud)\",\n aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_CLOUD_SDK_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gcloud-adc.json\",\n targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n },\n },\n ];\n}\n\nfunction parseOAuthService(value: unknown, index: number): OAuthService \| null {\n if (!isRecord(value)) {\n log.logWarning(`Skipping OAUTH_SERVICES_JSON[${index}]: expected an object`);\n return null;\n }\n\n const id = typeof value.id === \"string\" ? value.id.trim() : \"\";\n const label = typeof value.label === \"string\" ? value.label.trim() : \"\";\n const authorizationUrl =\n typeof value.authorizationUrl === \"string\" ? value.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof value.tokenUrl === \"string\" ? value.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof value.clientIdEnvKey === \"string\" ? value.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof value.clientSecretEnvKey === \"string\" ? value.clientSecretEnvKey.trim() : \"\";\n const missing = [\n [\"id\", id],\n [\"label\", label],\n [\"authorizationUrl\", authorizationUrl],\n [\"tokenUrl\", tokenUrl],\n [\"clientIdEnvKey\", clientIdEnvKey],\n [\"clientSecretEnvKey\", clientSecretEnvKey],\n ]\n .filter((entry) => !entry[1])\n .map((entry) => entry[0]);\n\n if (missing.length > 0) {\n const labelForLog = id ? ` (${id})` : \"\";\n log.logWarning(\n `Skipping OAUTH_SERVICES_JSON[${index}]${labelForLog}: missing ${missing.join(\", \")}`,\n );\n return null;\n }\n\n const accessTokenEnvKeys: string[] = [];\n if (typeof value.accessTokenEnvKey === \"string\" && value.accessTokenEnvKey.trim()) {\n accessTokenEnvKeys.push(value.accessTokenEnvKey.trim());\n }\n if (Array.isArray(value.additionalAccessTokenEnvKeys)) {\n for (const key of value.additionalAccessTokenEnvKeys) {\n if (typeof key === \"string\" && key.trim()) accessTokenEnvKeys.push(key.trim());\n }\n }\n if (Array.isArray(value.accessTokenEnvKeys)) {\n for (const key of value.accessTokenEnvKeys) {\n if (typeof key === \"string\" && key.trim() && !accessTokenEnvKeys.includes(key.trim())) {\n accessTokenEnvKeys.push(key.trim());\n }\n }\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(value.fileOutput)) {\n const fileOutputObj = value.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\" ? fileOutputObj.targetPath.trim() : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = {\n type: \"authorized_user\",\n relativePath,\n targetPath,\n envKey,\n additionalEnvKeys,\n };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(value.aliases)\n ? value.aliases.filter((v): v is string => typeof v === \"string\").map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(value.scopes)\n ? value.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,\n refreshTokenEnvKey:\n typeof value.refreshTokenEnvKey === \"string\" ? value.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(value.authorizationParams)\n ? Object.fromEntries(\n Object.entries(value.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n\n const custom = parsed\n .map((serviceValue, index) => parseOAuthService(serviceValue, index))\n .filter((service): service is OAuthService => service !== null);\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n}\n\nexport function resolveOAuthService(input: string): OAuthService \| undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized \|\| service.aliases.includes(normalized),\n );\n}\n\nconst LOGIN_COMMANDS = [\"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand \| null {\n const matched = matchCommand(text, LOGIN_COMMANDS);\n if (!matched) return null;\n\n const [subcommand, operation, name, ...extra] = matched.args;\n\n if (!subcommand) return { action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { action: \"shared_list\" };\n }\n if ((op === \"create\" \|\| op === \"update\" \|\| op === \"delete\") && !!name && extra.length === 0) {\n return {\n action: `shared_${op}` as \"shared_create\" \| \"shared_update\" \| \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { action: \"setup\" };\n\n return null;\n}\n"]}

package/dist/web/login/oauth.js CHANGED Viewed

@@ -89,6 +89,90 @@ function getBuiltinOAuthServices() {
         },
     ];
 }
+function parseOAuthService(value, index) {
+    if (!isRecord(value)) {
+        log.logWarning(`Skipping OAUTH_SERVICES_JSON[${index}]: expected an object`);
+        return null;
+    }
+    const id = typeof value.id === "string" ? value.id.trim() : "";
+    const label = typeof value.label === "string" ? value.label.trim() : "";
+    const authorizationUrl = typeof value.authorizationUrl === "string" ? value.authorizationUrl.trim() : "";
+    const tokenUrl = typeof value.tokenUrl === "string" ? value.tokenUrl.trim() : "";
+    const clientIdEnvKey = typeof value.clientIdEnvKey === "string" ? value.clientIdEnvKey.trim() : "";
+    const clientSecretEnvKey = typeof value.clientSecretEnvKey === "string" ? value.clientSecretEnvKey.trim() : "";
+    const missing = [
+        ["id", id],
+        ["label", label],
+        ["authorizationUrl", authorizationUrl],
+        ["tokenUrl", tokenUrl],
+        ["clientIdEnvKey", clientIdEnvKey],
+        ["clientSecretEnvKey", clientSecretEnvKey],
+    ]
+        .filter((entry) => !entry[1])
+        .map((entry) => entry[0]);
+    if (missing.length > 0) {
+        const labelForLog = id ? ` (${id})` : "";
+        log.logWarning(`Skipping OAUTH_SERVICES_JSON[${index}]${labelForLog}: missing ${missing.join(", ")}`);
+        return null;
+    }
+    const accessTokenEnvKeys = [];
+    if (typeof value.accessTokenEnvKey === "string" && value.accessTokenEnvKey.trim()) {
+        accessTokenEnvKeys.push(value.accessTokenEnvKey.trim());
+    }
+    if (Array.isArray(value.additionalAccessTokenEnvKeys)) {
+        for (const key of value.additionalAccessTokenEnvKeys) {
+            if (typeof key === "string" && key.trim())
+                accessTokenEnvKeys.push(key.trim());
+        }
+    }
+    if (Array.isArray(value.accessTokenEnvKeys)) {
+        for (const key of value.accessTokenEnvKeys) {
+            if (typeof key === "string" && key.trim() && !accessTokenEnvKeys.includes(key.trim())) {
+                accessTokenEnvKeys.push(key.trim());
+            }
+        }
+    }
+    let fileOutput;
+    if (isRecord(value.fileOutput)) {
+        const fileOutputObj = value.fileOutput;
+        const type = typeof fileOutputObj.type === "string" ? fileOutputObj.type.trim() : "";
+        const relativePath = typeof fileOutputObj.relativePath === "string" ? fileOutputObj.relativePath.trim() : "";
+        const targetPath = typeof fileOutputObj.targetPath === "string" ? fileOutputObj.targetPath.trim() : undefined;
+        const envKey = typeof fileOutputObj.envKey === "string" ? fileOutputObj.envKey.trim() : undefined;
+        const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)
+            ? fileOutputObj.additionalEnvKeys.filter((v) => typeof v === "string")
+            : undefined;
+        if (type === "authorized_user" && relativePath) {
+            fileOutput = {
+                type: "authorized_user",
+                relativePath,
+                targetPath,
+                envKey,
+                additionalEnvKeys,
+            };
+        }
+    }
+    return {
+        id: id.toLowerCase(),
+        label,
+        aliases: Array.isArray(value.aliases)
+            ? value.aliases.filter((v) => typeof v === "string").map((v) => v.toLowerCase())
+            : [id.toLowerCase()],
+        authorizationUrl,
+        tokenUrl,
+        scopes: Array.isArray(value.scopes)
+            ? value.scopes.filter((v) => typeof v === "string")
+            : [],
+        clientIdEnvKey,
+        clientSecretEnvKey,
+        accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,
+        refreshTokenEnvKey: typeof value.refreshTokenEnvKey === "string" ? value.refreshTokenEnvKey.trim() : undefined,
+        authorizationParams: isRecord(value.authorizationParams)
+            ? Object.fromEntries(Object.entries(value.authorizationParams).filter((authorizationEntry) => typeof authorizationEntry[1] === "string"))
+            : undefined,
+        fileOutput,
+    };
+}
 export function getOAuthServices() {
     const raw = readEnv("OAUTH_SERVICES_JSON");
     const builtins = getBuiltinOAuthServices();
@@ -107,101 +191,15 @@ export function getOAuthServices() {
             : "Ignoring OAUTH_SERVICES_JSON: invalid JSON", detail);
         return builtins;
     }
-    try {
-        const custom = parsed
-            .map((serviceValue) => {
-            if (!isRecord(serviceValue))
-                return null;
-            const obj = serviceValue;
-            const id = typeof obj.id === "string" ? obj.id.trim() : "";
-            const label = typeof obj.label === "string" ? obj.label.trim() : "";
-            const authorizationUrl = typeof obj.authorizationUrl === "string" ? obj.authorizationUrl.trim() : "";
-            const tokenUrl = typeof obj.tokenUrl === "string" ? obj.tokenUrl.trim() : "";
-            const clientIdEnvKey = typeof obj.clientIdEnvKey === "string" ? obj.clientIdEnvKey.trim() : "";
-            const clientSecretEnvKey = typeof obj.clientSecretEnvKey === "string" ? obj.clientSecretEnvKey.trim() : "";
-            const accessTokenEnvKeys = [];
-            if (typeof obj.accessTokenEnvKey === "string" && obj.accessTokenEnvKey.trim()) {
-                accessTokenEnvKeys.push(obj.accessTokenEnvKey.trim());
-            }
-            if (Array.isArray(obj.additionalAccessTokenEnvKeys)) {
-                for (const k of obj.additionalAccessTokenEnvKeys) {
-                    if (typeof k === "string" && k.trim())
-                        accessTokenEnvKeys.push(k.trim());
-                }
-            }
-            // New unified form
-            if (Array.isArray(obj.accessTokenEnvKeys)) {
-                for (const k of obj.accessTokenEnvKeys) {
-                    if (typeof k === "string" && k.trim() && !accessTokenEnvKeys.includes(k.trim())) {
-                        accessTokenEnvKeys.push(k.trim());
-                    }
-                }
-            }
-            if (!id ||
-                !label ||
-                !authorizationUrl ||
-                !tokenUrl ||
-                !clientIdEnvKey ||
-                !clientSecretEnvKey) {
-                return null;
-            }
-            let fileOutput;
-            if (isRecord(obj.fileOutput)) {
-                const fileOutputObj = obj.fileOutput;
-                const type = typeof fileOutputObj.type === "string" ? fileOutputObj.type.trim() : "";
-                const relativePath = typeof fileOutputObj.relativePath === "string" ? fileOutputObj.relativePath.trim() : "";
-                const targetPath = typeof fileOutputObj.targetPath === "string"
-                    ? fileOutputObj.targetPath.trim()
-                    : undefined;
-                const envKey = typeof fileOutputObj.envKey === "string" ? fileOutputObj.envKey.trim() : undefined;
-                const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)
-                    ? fileOutputObj.additionalEnvKeys.filter((v) => typeof v === "string")
-                    : undefined;
-                if (type === "authorized_user" && relativePath) {
-                    fileOutput = {
-                        type: "authorized_user",
-                        relativePath,
-                        targetPath,
-                        envKey,
-                        additionalEnvKeys,
-                    };
-                }
-            }
-            return {
-                id: id.toLowerCase(),
-                label,
-                aliases: Array.isArray(obj.aliases)
-                    ? obj.aliases
-                        .filter((v) => typeof v === "string")
-                        .map((v) => v.toLowerCase())
-                    : [id.toLowerCase()],
-                authorizationUrl,
-                tokenUrl,
-                scopes: Array.isArray(obj.scopes)
-                    ? obj.scopes.filter((v) => typeof v === "string")
-                    : [],
-                clientIdEnvKey,
-                clientSecretEnvKey,
-                accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,
-                refreshTokenEnvKey: typeof obj.refreshTokenEnvKey === "string" ? obj.refreshTokenEnvKey.trim() : undefined,
-                authorizationParams: isRecord(obj.authorizationParams)
-                    ? Object.fromEntries(Object.entries(obj.authorizationParams).filter((authorizationEntry) => typeof authorizationEntry[1] === "string"))
-                    : undefined,
-                fileOutput,
-            };
-        })
-            .filter((service) => service !== null);
-        const byId = new Map();
-        for (const service of builtins)
-            byId.set(service.id, service);
-        for (const service of custom)
-            byId.set(service.id, service);
-        return [...byId.values()];
-    }
-    catch (err) {
-        log.logWarning("Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services", err instanceof Error ? err.message : String(err));
-        return builtins;
-    }
+    const custom = parsed
+        .map((serviceValue, index) => parseOAuthService(serviceValue, index))
+        .filter((service) => service !== null);
+    const byId = new Map();
+    for (const service of builtins)
+        byId.set(service.id, service);
+    for (const service of custom)
+        byId.set(service.id, service);
+    return [...byId.values()];
 }
 export function resolveOAuthService(input) {
     const normalized = input.trim().toLowerCase();

package/dist/web/login/oauth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/web/login/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AAKpC,MAAM,mCAAmC,GAAG;IAC1C,uCAAuC;IACvC,0BAA0B;IAC1B,0CAA0C;IAC1C,8CAA8C;IAC9C,2CAA2C;IAC3C,sDAAsD;CACvD,CAAC;AAEF,MAAM,+BAA+B,GAAG;IACtC,QAAQ;IACR,gDAAgD;IAChD,gDAAgD;CACjD,CAAC;AAEF,0EAA0E;AAC1E,sEAAsE;AACtE,mEAAmE;AACnE,8EAA8E;AAC9E,yDAAyD;AACzD,MAAM,2BAA2B,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAE5F,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAkB;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,MAAM,MAAM,GAAG,GAAG;SACf,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO;QACL;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC;YAC/C,gBAAgB,EAAE,0CAA0C;YAC5D,QAAQ,EAAE,6CAA6C;YACvD,MAAM,EAAE,oBAAoB,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;YAChF,cAAc,EAAE,wBAAwB;YACxC,kBAAkB,EAAE,4BAA4B;YAChD,kBAAkB,EAAE,CAAC,2BAA2B,EAAE,UAAU,CAAC;YAC7D,kBAAkB,EAAE,4BAA4B;SACjD;QACD;YACE,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,CAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,CAAC;YACnF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,oBAAoB,CAC1B,mCAAmC,EACnC,mCAAmC,CACpC;YACD,cAAc,EAAE,gCAAgC;YAChD,kBAAkB,EAAE,oCAAoC;YACxD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,oCAAoC;aACjD;SACF;QACD;YACE,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,2BAA2B;YAClC,OAAO,EAAE,CAAC,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,cAAc,EAAE,KAAK,CAAC;YAClF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,oBAAoB,CAC1B,+BAA+B,EAC/B,+BAA+B,CAChC;YACD,cAAc,EAAE,4BAA4B;YAC5C,kBAAkB,EAAE,gCAAgC;YACpD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,iBAAiB;gBAC/B,UAAU,EAAE,2DAA2D;gBACvE,MAAM,EAAE,gCAAgC;gBACxC,iBAAiB,EAAE,CAAC,wCAAwC,CAAC;aAC9D;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,uBAAuB,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CACrD,MAAM,KAAK,uBAAuB;YAChC,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,GAAG,CAAC,UAAU,CACZ,MAAM,KAAK,oDAAoD;YAC7D,CAAC,CAAC,kFAAkF;YACpF,CAAC,CAAC,4CAA4C,EAChD,MAAM,CACP,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM;aAClB,GAAG,CAAC,CAAC,YAAY,EAAuB,EAAE;YACzC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC;YACzB,MAAM,EAAE,GAAG,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,MAAM,gBAAgB,GACpB,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,kBAAkB,GACtB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,kBAAkB,GAAa,EAAE,CAAC;YACxC,IAAI,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ,IAAI,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC9E,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE,CAAC;gBACpD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,4BAA4B,EAAE,CAAC;oBACjD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE;wBAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;YACD,mBAAmB;YACnB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC1C,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,kBAAkB,EAAE,CAAC;oBACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;wBAChF,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;YACD,IACE,CAAC,EAAE;gBACH,CAAC,KAAK;gBACN,CAAC,gBAAgB;gBACjB,CAAC,QAAQ;gBACT,CAAC,cAAc;gBACf,CAAC,kBAAkB,EACnB,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,UAAsC,CAAC;YAC3C,IAAI,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC;gBACrC,MAAM,IAAI,GAAG,OAAO,aAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,MAAM,YAAY,GAChB,OAAO,aAAa,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1F,MAAM,UAAU,GACd,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBAChB,MAAM,MAAM,GACV,OAAO,aAAa,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBACrF,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtE,CAAC,CAAC,aAAa,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBACnF,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI,IAAI,KAAK,iBAAiB,IAAI,YAAY,EAAE,CAAC;oBAC/C,UAAU,GAAG;wBACX,IAAI,EAAE,iBAAiB;wBACvB,YAAY;wBACZ,UAAU;wBACV,MAAM;wBACN,iBAAiB;qBAClB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO;gBACL,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE;gBACpB,KAAK;gBACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;oBACjC,CAAC,CAAC,GAAG,CAAC,OAAO;yBACR,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;yBACjD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;oBAChC,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;gBACtB,gBAAgB;gBAChB,QAAQ;gBACR,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBAC9D,CAAC,CAAC,EAAE;gBACN,cAAc;gBACd,kBAAkB;gBAClB,kBAAkB,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;gBAClF,kBAAkB,EAChB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;gBACxF,mBAAmB,EAAE,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;oBACpD,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAC5C,CAAC,kBAAkB,EAA0C,EAAE,CAC7D,OAAO,kBAAkB,CAAC,CAAC,CAAC,KAAK,QAAQ,CAC5C,CACF;oBACH,CAAC,CAAC,SAAS;gBACb,UAAU;aACX,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,OAAO,EAA2B,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QAElE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;QAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9D,KAAK,MAAM,OAAO,IAAI,MAAM;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,UAAU,CACZ,6EAA6E,EAC7E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,gBAAgB,EAAE,CAAC,IAAI,CAC5B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAU,CAAC;AAExD,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAE5C,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,EAAE,WAAW,EAAE,CAAC;QACpC,IAAI,EAAE,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5F,OAAO;gBACL,MAAM,EAAE,UAAU,EAAE,EAAyD;gBAC7E,IAAI;aACL,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,SAAS,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IACpD,CAAC;IAED,+EAA+E;IAC/E,gEAAgE;IAChE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAEjE,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { matchCommand } from \"../../commands/parse.js\";\nimport { readEnv } from \"../../utils/env.js\";\nimport { isRecord, parseJsonValue } from \"../../utils/file-guards.js\";\nimport * as log from \"../../log.js\";\n\nexport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\nimport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n \"openid\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = readEnv(envKey);\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKeys: [\"GITHUB_OAUTH_ACCESS_TOKEN\", \"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n {\n id: \"google_cloud_sdk\",\n label: \"Google Cloud SDK (gcloud)\",\n aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_CLOUD_SDK_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gcloud-adc.json\",\n targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n },\n },\n ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n try {\n const custom = parsed\n .map((serviceValue): OAuthService \| null => {\n if (!isRecord(serviceValue)) return null;\n const obj = serviceValue;\n const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n const authorizationUrl =\n typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n const accessTokenEnvKeys: string[] = [];\n if (typeof obj.accessTokenEnvKey === \"string\" && obj.accessTokenEnvKey.trim()) {\n accessTokenEnvKeys.push(obj.accessTokenEnvKey.trim());\n }\n if (Array.isArray(obj.additionalAccessTokenEnvKeys)) {\n for (const k of obj.additionalAccessTokenEnvKeys) {\n if (typeof k === \"string\" && k.trim()) accessTokenEnvKeys.push(k.trim());\n }\n }\n // New unified form\n if (Array.isArray(obj.accessTokenEnvKeys)) {\n for (const k of obj.accessTokenEnvKeys) {\n if (typeof k === \"string\" && k.trim() && !accessTokenEnvKeys.includes(k.trim())) {\n accessTokenEnvKeys.push(k.trim());\n }\n }\n }\n if (\n !id \|\|\n !label \|\|\n !authorizationUrl \|\|\n !tokenUrl \|\|\n !clientIdEnvKey \|\|\n !clientSecretEnvKey\n ) {\n return null;\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(obj.fileOutput)) {\n const fileOutputObj = obj.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\"\n ? fileOutputObj.targetPath.trim()\n : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = {\n type: \"authorized_user\",\n relativePath,\n targetPath,\n envKey,\n additionalEnvKeys,\n };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(obj.aliases)\n ? obj.aliases\n .filter((v): v is string => typeof v === \"string\")\n .map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(obj.scopes)\n ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,\n refreshTokenEnvKey:\n typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(obj.authorizationParams)\n ? Object.fromEntries(\n Object.entries(obj.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n })\n .filter((service): service is OAuthService => service !== null);\n\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n } catch (err) {\n log.logWarning(\n \"Failed to apply OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n err instanceof Error ? err.message : String(err),\n );\n return builtins;\n }\n}\n\nexport function resolveOAuthService(input: string): OAuthService \| undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized \|\| service.aliases.includes(normalized),\n );\n}\n\nconst LOGIN_COMMANDS = [\"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand \| null {\n const matched = matchCommand(text, LOGIN_COMMANDS);\n if (!matched) return null;\n\n const [subcommand, operation, name, ...extra] = matched.args;\n\n if (!subcommand) return { action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { action: \"shared_list\" };\n }\n if ((op === \"create\" \|\| op === \"update\" \|\| op === \"delete\") && !!name && extra.length === 0) {\n return {\n action: `shared_${op}` as \"shared_create\" \| \"shared_update\" \| \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { action: \"setup\" };\n\n return null;\n}\n"]}
1	+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/web/login/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AAKpC,MAAM,mCAAmC,GAAG;IAC1C,uCAAuC;IACvC,0BAA0B;IAC1B,0CAA0C;IAC1C,8CAA8C;IAC9C,2CAA2C;IAC3C,sDAAsD;CACvD,CAAC;AAEF,MAAM,+BAA+B,GAAG;IACtC,QAAQ;IACR,gDAAgD;IAChD,gDAAgD;CACjD,CAAC;AAEF,0EAA0E;AAC1E,sEAAsE;AACtE,mEAAmE;AACnE,8EAA8E;AAC9E,yDAAyD;AACzD,MAAM,2BAA2B,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAE5F,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAkB;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,MAAM,MAAM,GAAG,GAAG;SACf,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO;QACL;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC;YAC/C,gBAAgB,EAAE,0CAA0C;YAC5D,QAAQ,EAAE,6CAA6C;YACvD,MAAM,EAAE,oBAAoB,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;YAChF,cAAc,EAAE,wBAAwB;YACxC,kBAAkB,EAAE,4BAA4B;YAChD,kBAAkB,EAAE,CAAC,2BAA2B,EAAE,UAAU,CAAC;YAC7D,kBAAkB,EAAE,4BAA4B;SACjD;QACD;YACE,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,CAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,CAAC;YACnF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,oBAAoB,CAC1B,mCAAmC,EACnC,mCAAmC,CACpC;YACD,cAAc,EAAE,gCAAgC;YAChD,kBAAkB,EAAE,oCAAoC;YACxD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,oCAAoC;aACjD;SACF;QACD;YACE,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,2BAA2B;YAClC,OAAO,EAAE,CAAC,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,cAAc,EAAE,KAAK,CAAC;YAClF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,oBAAoB,CAC1B,+BAA+B,EAC/B,+BAA+B,CAChC;YACD,cAAc,EAAE,4BAA4B;YAC5C,kBAAkB,EAAE,gCAAgC;YACpD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,iBAAiB;gBAC/B,UAAU,EAAE,2DAA2D;gBACvE,MAAM,EAAE,gCAAgC;gBACxC,iBAAiB,EAAE,CAAC,wCAAwC,CAAC;aAC9D;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc,EAAE,KAAa;IACtD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,GAAG,CAAC,UAAU,CAAC,gCAAgC,KAAK,uBAAuB,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,GAAG,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,MAAM,KAAK,GAAG,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,MAAM,gBAAgB,GACpB,OAAO,KAAK,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACjF,MAAM,cAAc,GAClB,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9E,MAAM,kBAAkB,GACtB,OAAO,KAAK,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,MAAM,OAAO,GAAG;QACd,CAAC,IAAI,EAAE,EAAE,CAAC;QACV,CAAC,OAAO,EAAE,KAAK,CAAC;QAChB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QACtC,CAAC,UAAU,EAAE,QAAQ,CAAC;QACtB,CAAC,gBAAgB,EAAE,cAAc,CAAC;QAClC,CAAC,oBAAoB,EAAE,kBAAkB,CAAC;KAC3C;SACE,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC5B,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,UAAU,CACZ,gCAAgC,KAAK,IAAI,WAAW,aAAa,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,IAAI,OAAO,KAAK,CAAC,iBAAiB,KAAK,QAAQ,IAAI,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC;QAClF,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,EAAE,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,4BAA4B,EAAE,CAAC;YACrD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE;gBAAE,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;YAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;gBACtF,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAsC,CAAC;IAC3C,IAAI,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,UAAU,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,aAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrF,MAAM,YAAY,GAChB,OAAO,aAAa,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1F,MAAM,UAAU,GACd,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QAC7F,MAAM,MAAM,GACV,OAAO,aAAa,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACrF,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,iBAAiB,CAAC;YACtE,CAAC,CAAC,aAAa,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YACnF,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,IAAI,KAAK,iBAAiB,IAAI,YAAY,EAAE,CAAC;YAC/C,UAAU,GAAG;gBACX,IAAI,EAAE,iBAAiB;gBACvB,YAAY;gBACZ,UAAU;gBACV,MAAM;gBACN,iBAAiB;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE;QACpB,KAAK;QACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;YACnC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7F,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QACtB,gBAAgB;QAChB,QAAQ;QACR,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YACjC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YAChE,CAAC,CAAC,EAAE;QACN,cAAc;QACd,kBAAkB;QAClB,kBAAkB,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;QAClF,kBAAkB,EAChB,OAAO,KAAK,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;QAC5F,mBAAmB,EAAE,QAAQ,CAAC,KAAK,CAAC,mBAAmB,CAAC;YACtD,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAC9C,CAAC,kBAAkB,EAA0C,EAAE,CAC7D,OAAO,kBAAkB,CAAC,CAAC,CAAC,KAAK,QAAQ,CAC5C,CACF;YACH,CAAC,CAAC,SAAS;QACb,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,uBAAuB,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CACrD,MAAM,KAAK,uBAAuB;YAChC,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,GAAG,CAAC,UAAU,CACZ,MAAM,KAAK,oDAAoD;YAC7D,CAAC,CAAC,kFAAkF;YACpF,CAAC,CAAC,4CAA4C,EAChD,MAAM,CACP,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,GAAG,CAAC,CAAC,YAAY,EAAE,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;SACpE,MAAM,CAAC,CAAC,OAAO,EAA2B,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ;QAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,KAAK,MAAM,OAAO,IAAI,MAAM;QAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,gBAAgB,EAAE,CAAC,IAAI,CAC5B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAU,CAAC;AAExD,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAE5C,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,EAAE,WAAW,EAAE,CAAC;QACpC,IAAI,EAAE,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5F,OAAO;gBACL,MAAM,EAAE,UAAU,EAAE,EAAyD;gBAC7E,IAAI;aACL,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,SAAS,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IACpD,CAAC;IAED,+EAA+E;IAC/E,gEAAgE;IAChE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAEjE,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { matchCommand } from \"../../commands/parse.js\";\nimport { readEnv } from \"../../utils/env.js\";\nimport { isRecord, parseJsonValue } from \"../../utils/file-guards.js\";\nimport * as log from \"../../log.js\";\n\nexport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\nimport type { LoginCredentialKind, OAuthService, ParsedLoginCommand } from \"./types.js\";\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\nconst DEFAULT_GOOGLE_CLOUD_SDK_SCOPES = [\n \"openid\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// GITHUB_OAUTH_SCOPES (or MIKAN_GITHUB_OAUTH_SCOPES) to keep the blast radius\n// of a compromised agent host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = readEnv(envKey);\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveScopesFromEnv(\"GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKeys: [\"GITHUB_OAUTH_ACCESS_TOKEN\", \"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n {\n id: \"google_cloud_sdk\",\n label: \"Google Cloud SDK (gcloud)\",\n aliases: [\"google_cloud_sdk\", \"gcloud\", \"google-cloud-sdk\", \"google_cloud\", \"gcp\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveScopesFromEnv(\n \"GOOGLE_CLOUD_SDK_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_CLOUD_SDK_SCOPES,\n ),\n clientIdEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_CLOUD_SDK_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gcloud-adc.json\",\n targetPath: \"/root/.config/gcloud/application_default_credentials.json\",\n envKey: \"GOOGLE_APPLICATION_CREDENTIALS\",\n additionalEnvKeys: [\"CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE\"],\n },\n },\n ];\n}\n\nfunction parseOAuthService(value: unknown, index: number): OAuthService \| null {\n if (!isRecord(value)) {\n log.logWarning(`Skipping OAUTH_SERVICES_JSON[${index}]: expected an object`);\n return null;\n }\n\n const id = typeof value.id === \"string\" ? value.id.trim() : \"\";\n const label = typeof value.label === \"string\" ? value.label.trim() : \"\";\n const authorizationUrl =\n typeof value.authorizationUrl === \"string\" ? value.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof value.tokenUrl === \"string\" ? value.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof value.clientIdEnvKey === \"string\" ? value.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof value.clientSecretEnvKey === \"string\" ? value.clientSecretEnvKey.trim() : \"\";\n const missing = [\n [\"id\", id],\n [\"label\", label],\n [\"authorizationUrl\", authorizationUrl],\n [\"tokenUrl\", tokenUrl],\n [\"clientIdEnvKey\", clientIdEnvKey],\n [\"clientSecretEnvKey\", clientSecretEnvKey],\n ]\n .filter((entry) => !entry[1])\n .map((entry) => entry[0]);\n\n if (missing.length > 0) {\n const labelForLog = id ? ` (${id})` : \"\";\n log.logWarning(\n `Skipping OAUTH_SERVICES_JSON[${index}]${labelForLog}: missing ${missing.join(\", \")}`,\n );\n return null;\n }\n\n const accessTokenEnvKeys: string[] = [];\n if (typeof value.accessTokenEnvKey === \"string\" && value.accessTokenEnvKey.trim()) {\n accessTokenEnvKeys.push(value.accessTokenEnvKey.trim());\n }\n if (Array.isArray(value.additionalAccessTokenEnvKeys)) {\n for (const key of value.additionalAccessTokenEnvKeys) {\n if (typeof key === \"string\" && key.trim()) accessTokenEnvKeys.push(key.trim());\n }\n }\n if (Array.isArray(value.accessTokenEnvKeys)) {\n for (const key of value.accessTokenEnvKeys) {\n if (typeof key === \"string\" && key.trim() && !accessTokenEnvKeys.includes(key.trim())) {\n accessTokenEnvKeys.push(key.trim());\n }\n }\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(value.fileOutput)) {\n const fileOutputObj = value.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\" ? fileOutputObj.targetPath.trim() : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n const additionalEnvKeys = Array.isArray(fileOutputObj.additionalEnvKeys)\n ? fileOutputObj.additionalEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = {\n type: \"authorized_user\",\n relativePath,\n targetPath,\n envKey,\n additionalEnvKeys,\n };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(value.aliases)\n ? value.aliases.filter((v): v is string => typeof v === \"string\").map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(value.scopes)\n ? value.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKeys: accessTokenEnvKeys.length > 0 ? accessTokenEnvKeys : undefined,\n refreshTokenEnvKey:\n typeof value.refreshTokenEnvKey === \"string\" ? value.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(value.authorizationParams)\n ? Object.fromEntries(\n Object.entries(value.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = readEnv(\"OAUTH_SERVICES_JSON\");\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n\n const custom = parsed\n .map((serviceValue, index) => parseOAuthService(serviceValue, index))\n .filter((service): service is OAuthService => service !== null);\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n}\n\nexport function resolveOAuthService(input: string): OAuthService \| undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized \|\| service.aliases.includes(normalized),\n );\n}\n\nconst LOGIN_COMMANDS = [\"/login\", \"/pi-login\"] as const;\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand \| null {\n const matched = matchCommand(text, LOGIN_COMMANDS);\n if (!matched) return null;\n\n const [subcommand, operation, name, ...extra] = matched.args;\n\n if (!subcommand) return { action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { action: \"shared_list\" };\n }\n if ((op === \"create\" \|\| op === \"update\" \|\| op === \"delete\") && !!name && extra.length === 0) {\n return {\n action: `shared_${op}` as \"shared_create\" \| \"shared_update\" \| \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { action: \"setup\" };\n\n return null;\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@geminixiang/mikan",
-  "version": "0.4.0-beta.0",
+  "version": "0.4.0",
   "description": "Multi-platform AI coding agent for Slack, Telegram, and Discord",
   "keywords": [
     "agent",