npm - @humanlayer/agentlayer-provider-auth - Versions diffs - 0.0.7 - Mend

@humanlayer/agentlayer-provider-auth 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/auth.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+export interface OAuthAuthInfo {
+    kind: 'oauth';
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    idToken?: string;
+    scope?: string;
+    tokenType?: string;
+    accountId?: string;
+    enterpriseUrl?: string;
+}
+export interface ApiAuthInfo {
+    kind: 'api';
+    apiKey: string;
+    metadata?: Record<string, string>;
+}
+export type AuthInfo = OAuthAuthInfo | ApiAuthInfo;
+export type AuthKind = AuthInfo['kind'];
+export type CanonicalAuthProviderId = 'codex' | 'copilot' | 'copilot-enterprise';
+export declare const AUTH_PROVIDER_IDS: {
+    readonly codex: "codex";
+    readonly copilot: "copilot";
+    readonly copilotEnterprise: "copilot-enterprise";
+};
+export declare const AUTH_PROVIDER_ALIASES: Record<string, CanonicalAuthProviderId>;
+export interface AuthStore {
+    get(providerId: string): Promise<AuthInfo | undefined>;
+    set(providerId: string, auth: AuthInfo): Promise<void>;
+    delete(providerId: string): Promise<void>;
+    getAll(): Promise<Record<string, AuthInfo>>;
+}
+export interface FileAuthStoreOptions {
+    filePath?: string;
+    agentSdkAuthFilePath?: string;
+    openCodeAuthFilePath?: string;
+    enableOpenCodeFallback?: boolean;
+}
+export declare function createMemoryAuthStore(initialAuth?: Record<string, AuthInfo>): AuthStore;
+export declare function createFileAuthStore(options?: FileAuthStoreOptions): AuthStore;
+export declare function ensureFileAuthStore(options?: FileAuthStoreOptions): Promise<AuthStore>;
+export declare function getDefaultAgentLayerAuthPath(): string;
+export declare function getDefaultAgentSdkAuthPath(): string;
+export declare function getDefaultOpenCodeAuthPath(): string;
+export declare function readAuth(providerId: string, options?: FileAuthStoreOptions): Promise<AuthInfo | undefined>;
+export declare function writeAuth(providerId: string, auth: AuthInfo, options?: FileAuthStoreOptions): Promise<void>;
+export declare function removeAuth(providerId: string, options?: FileAuthStoreOptions): Promise<void>;
+export declare function readAllAuth(options?: FileAuthStoreOptions): Promise<Record<string, AuthInfo>>;
+export declare function requireAuth(store: AuthStore, providerId: string): Promise<AuthInfo>;
+export declare function requireAuth<TKind extends AuthKind>(store: AuthStore, providerId: string, expectedKind: TKind): Promise<Extract<AuthInfo, {
+    kind: TKind;
+}>>;
+export declare function normalizeProviderId(providerId: string): string;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC7B,IAAI,EAAE,OAAO,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;CACtB;AAED,MAAM,WAAW,WAAW;IAC3B,IAAI,EAAE,KAAK,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC;AAED,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,WAAW,CAAA;AAClD,MAAM,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAA;AACvC,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,SAAS,GAAG,oBAAoB,CAAA;AAEhF,eAAO,MAAM,iBAAiB;;;;CAI8B,CAAA;AAE5D,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAQzE,CAAA;AAED,MAAM,WAAW,SAAS;IACzB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAAA;IACtD,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACtD,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;CAC3C;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAC7B,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAC7B,sBAAsB,CAAC,EAAE,OAAO,CAAA;CAChC;AASD,wBAAgB,qBAAqB,CAAC,WAAW,GAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAM,GAAG,SAAS,CAsB3F;AAED,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,oBAAyB,GAAG,SAAS,CAiDjF;AAED,wBAAsB,mBAAmB,CAAC,OAAO,GAAE,oBAAyB,GAAG,OAAO,CAAC,SAAS,CAAC,CAShG;AAED,wBAAgB,4BAA4B,IAAI,MAAM,CAGrD;AAED,wBAAgB,0BAA0B,IAAI,MAAM,CAGnD;AAED,wBAAgB,0BAA0B,IAAI,MAAM,CAGnD;AAED,wBAAsB,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAEhH;AAED,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAEjH;AAED,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAElG;AAED,wBAAsB,WAAW,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAEnG;AAED,wBAAsB,WAAW,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAC1F,wBAAsB,WAAW,CAAC,KAAK,SAAS,QAAQ,EACvD,KAAK,EAAE,SAAS,EAChB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,KAAK,GACjB,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE;IAAE,IAAI,EAAE,KAAK,CAAA;CAAE,CAAC,CAAC,CAAA;AAY9C,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAG9D"}

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './auth';
2	+ //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,287 @@
+// src/auth.ts
+import * as fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+var AUTH_PROVIDER_IDS = {
+  codex: "codex",
+  copilot: "copilot",
+  copilotEnterprise: "copilot-enterprise"
+};
+var AUTH_PROVIDER_ALIASES = {
+  openai: AUTH_PROVIDER_IDS.codex,
+  "openai.codex": AUTH_PROVIDER_IDS.codex,
+  codex: AUTH_PROVIDER_IDS.codex,
+  "github-copilot": AUTH_PROVIDER_IDS.copilot,
+  copilot: AUTH_PROVIDER_IDS.copilot,
+  "github-copilot-enterprise": AUTH_PROVIDER_IDS.copilotEnterprise,
+  "copilot-enterprise": AUTH_PROVIDER_IDS.copilotEnterprise
+};
+function createMemoryAuthStore(initialAuth = {}) {
+  const store = new Map;
+  for (const [providerId, auth] of Object.entries(initialAuth)) {
+    store.set(normalizeProviderId(providerId), cloneAuth(auth));
+  }
+  return {
+    async get(providerId) {
+      const auth = store.get(normalizeProviderId(providerId));
+      return auth ? cloneAuth(auth) : undefined;
+    },
+    async set(providerId, auth) {
+      store.set(normalizeProviderId(providerId), cloneAuth(auth));
+    },
+    async delete(providerId) {
+      store.delete(normalizeProviderId(providerId));
+    },
+    async getAll() {
+      return cloneAuthRecord(Object.fromEntries(store.entries()));
+    }
+  };
+}
+function createFileAuthStore(options = {}) {
+  const resolved = resolveFileAuthStoreOptions(options);
+  return {
+    async get(providerId) {
+      const key = normalizeProviderId(providerId);
+      const auth = (await readAuthFile(resolved.filePath))[key];
+      if (auth)
+        return cloneAuth(auth);
+      if (!resolved.enableOpenCodeFallback)
+        return;
+      const fallbackAuth = (await readAuthFile(resolved.openCodeAuthFilePath))[key];
+      if (!fallbackAuth)
+        return;
+      const allAuth = await readAuthFile(resolved.filePath);
+      await writeAuthFile(resolved.filePath, { ...allAuth, [key]: fallbackAuth });
+      return cloneAuth(fallbackAuth);
+    },
+    async set(providerId, auth) {
+      const key = normalizeProviderId(providerId);
+      const allAuth = await readAuthFile(resolved.filePath);
+      await writeAuthFile(resolved.filePath, { ...allAuth, [key]: auth });
+    },
+    async delete(providerId) {
+      const key = normalizeProviderId(providerId);
+      const allAuth = await readAuthFile(resolved.filePath);
+      delete allAuth[key];
+      await writeAuthFile(resolved.filePath, allAuth);
+    },
+    async getAll() {
+      const allAuth = await readAuthFile(resolved.filePath);
+      if (!resolved.enableOpenCodeFallback)
+        return cloneAuthRecord(allAuth);
+      const fallbackAuth = await readAuthFile(resolved.openCodeAuthFilePath);
+      let imported = false;
+      const merged = { ...allAuth };
+      for (const [providerId, auth] of Object.entries(fallbackAuth)) {
+        if (merged[providerId])
+          continue;
+        merged[providerId] = auth;
+        imported = true;
+      }
+      if (imported) {
+        await writeAuthFile(resolved.filePath, merged);
+      }
+      return cloneAuthRecord(merged);
+    }
+  };
+}
+async function ensureFileAuthStore(options = {}) {
+  const resolved = resolveFileAuthStoreOptions(options);
+  if (!await fileExists(resolved.filePath)) {
+    const agentSdkAuth = await readAuthFile(resolved.agentSdkAuthFilePath);
+    if (Object.keys(agentSdkAuth).length > 0) {
+      await writeAuthFile(resolved.filePath, agentSdkAuth);
+    }
+  }
+  return createFileAuthStore(options);
+}
+function getDefaultAgentLayerAuthPath() {
+  if (process.env.AGENTLAYER_AUTH_PATH)
+    return process.env.AGENTLAYER_AUTH_PATH;
+  return path.join(getXdgDataHome(), "agentlayer", "auth.json");
+}
+function getDefaultAgentSdkAuthPath() {
+  if (process.env.AGENT_SDK_AUTH_PATH)
+    return process.env.AGENT_SDK_AUTH_PATH;
+  return path.join(os.homedir(), ".humanlayer", "agent-sdk", "auth.json");
+}
+function getDefaultOpenCodeAuthPath() {
+  if (process.env.OPENCODE_AUTH_PATH)
+    return process.env.OPENCODE_AUTH_PATH;
+  return path.join(getXdgDataHome(), "opencode", "auth.json");
+}
+async function readAuth(providerId, options) {
+  return createFileAuthStore(options).get(providerId);
+}
+async function writeAuth(providerId, auth, options) {
+  return createFileAuthStore(options).set(providerId, auth);
+}
+async function removeAuth(providerId, options) {
+  return createFileAuthStore(options).delete(providerId);
+}
+async function readAllAuth(options) {
+  return createFileAuthStore(options).getAll();
+}
+async function requireAuth(store, providerId, expectedKind) {
+  const auth = await store.get(providerId);
+  if (!auth) {
+    throw new Error(`Missing auth for provider: ${providerId}`);
+  }
+  if (expectedKind && auth.kind !== expectedKind) {
+    throw new Error(`Expected ${expectedKind} auth for provider: ${providerId}, got ${auth.kind}`);
+  }
+  return auth;
+}
+function normalizeProviderId(providerId) {
+  const normalized = providerId.trim().replace(/\/+$/, "");
+  return AUTH_PROVIDER_ALIASES[normalized] ?? normalized;
+}
+function resolveFileAuthStoreOptions(options) {
+  return {
+    filePath: options.filePath ?? getDefaultAgentLayerAuthPath(),
+    agentSdkAuthFilePath: options.agentSdkAuthFilePath ?? getDefaultAgentSdkAuthPath(),
+    openCodeAuthFilePath: options.openCodeAuthFilePath ?? getDefaultOpenCodeAuthPath(),
+    enableOpenCodeFallback: options.enableOpenCodeFallback ?? options.openCodeAuthFilePath != null
+  };
+}
+async function fileExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch (error) {
+    if (isNotFoundError(error))
+      return false;
+    throw error;
+  }
+}
+function getXdgDataHome() {
+  return process.env.XDG_DATA_HOME ?? path.join(os.homedir(), ".local", "share");
+}
+async function readAuthFile(filePath) {
+  let text;
+  try {
+    text = await fs.readFile(filePath, "utf8");
+  } catch (error) {
+    if (isNotFoundError(error))
+      return {};
+    throw error;
+  }
+  const parsed = JSON.parse(text);
+  if (!isRecord(parsed))
+    return {};
+  const allAuth = {};
+  for (const [providerId, value] of Object.entries(parsed)) {
+    const auth = decodeAuthInfo(value);
+    if (!auth)
+      continue;
+    allAuth[normalizeProviderId(providerId)] = auth;
+  }
+  return allAuth;
+}
+async function writeAuthFile(filePath, auth) {
+  const normalizedAuth = Object.fromEntries(Object.entries(auth).map(([providerId, value]) => [normalizeProviderId(providerId), cloneAuth(value)]));
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  await fs.writeFile(filePath, `${JSON.stringify(normalizedAuth, null, "\t")}
+`, { mode: 384 });
+  await fs.chmod(filePath, 384);
+}
+function decodeAuthInfo(value) {
+  if (!isRecord(value))
+    return;
+  if (value.kind === "oauth")
+    return decodeOAuthAuthInfo(value);
+  if (value.kind === "api")
+    return decodeApiAuthInfo(value);
+  if (value.type === "oauth")
+    return decodeOpenCodeOAuthAuthInfo(value);
+  if (value.type === "api")
+    return decodeOpenCodeApiAuthInfo(value);
+  return;
+}
+function decodeOAuthAuthInfo(value) {
+  if (typeof value.accessToken !== "string")
+    return;
+  return {
+    kind: "oauth",
+    accessToken: value.accessToken,
+    ...optionalString("refreshToken", value.refreshToken),
+    ...optionalNumber("expiresAt", value.expiresAt),
+    ...optionalString("idToken", value.idToken),
+    ...optionalString("scope", value.scope),
+    ...optionalString("tokenType", value.tokenType),
+    ...optionalString("accountId", value.accountId),
+    ...optionalString("enterpriseUrl", value.enterpriseUrl)
+  };
+}
+function decodeApiAuthInfo(value) {
+  if (typeof value.apiKey !== "string")
+    return;
+  return {
+    kind: "api",
+    apiKey: value.apiKey,
+    ...optionalStringRecord("metadata", value.metadata)
+  };
+}
+function decodeOpenCodeOAuthAuthInfo(value) {
+  if (typeof value.access !== "string")
+    return;
+  return {
+    kind: "oauth",
+    accessToken: value.access,
+    ...optionalString("refreshToken", value.refresh),
+    ...optionalNumber("expiresAt", value.expires),
+    ...optionalString("accountId", value.accountId),
+    ...optionalString("enterpriseUrl", value.enterpriseUrl)
+  };
+}
+function decodeOpenCodeApiAuthInfo(value) {
+  if (typeof value.key !== "string")
+    return;
+  return {
+    kind: "api",
+    apiKey: value.key,
+    ...optionalStringRecord("metadata", value.metadata)
+  };
+}
+function optionalString(key, value) {
+  return typeof value === "string" ? { [key]: value } : {};
+}
+function optionalNumber(key, value) {
+  return typeof value === "number" ? { [key]: value } : {};
+}
+function optionalStringRecord(key, value) {
+  if (!isRecord(value))
+    return {};
+  const entries = Object.entries(value).filter((entry) => typeof entry[1] === "string");
+  return entries.length > 0 ? { [key]: Object.fromEntries(entries) } : {};
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isNotFoundError(error) {
+  return isRecord(error) && error.code === "ENOENT";
+}
+function cloneAuth(auth) {
+  return structuredClone(auth);
+}
+function cloneAuthRecord(auth) {
+  return Object.fromEntries(Object.entries(auth).map(([providerId, value]) => [providerId, cloneAuth(value)]));
+}
+export {
+  writeAuth,
+  requireAuth,
+  removeAuth,
+  readAuth,
+  readAllAuth,
+  normalizeProviderId,
+  getDefaultOpenCodeAuthPath,
+  getDefaultAgentSdkAuthPath,
+  getDefaultAgentLayerAuthPath,
+  ensureFileAuthStore,
+  createMemoryAuthStore,
+  createFileAuthStore,
+  AUTH_PROVIDER_IDS,
+  AUTH_PROVIDER_ALIASES
+};
+//# debugId=D9DD89FCBCE34B6B64756E2164756E21

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/auth.ts"],
+  "sourcesContent": [
+    "import * as fs from 'node:fs/promises'\nimport os from 'node:os'\nimport path from 'node:path'\n\nexport interface OAuthAuthInfo {\n\tkind: 'oauth'\n\taccessToken: string\n\trefreshToken?: string\n\texpiresAt?: number\n\tidToken?: string\n\tscope?: string\n\ttokenType?: string\n\taccountId?: string\n\tenterpriseUrl?: string\n}\n\nexport interface ApiAuthInfo {\n\tkind: 'api'\n\tapiKey: string\n\tmetadata?: Record<string, string>\n}\n\nexport type AuthInfo = OAuthAuthInfo | ApiAuthInfo\nexport type AuthKind = AuthInfo['kind']\nexport type CanonicalAuthProviderId = 'codex' | 'copilot' | 'copilot-enterprise'\n\nexport const AUTH_PROVIDER_IDS = {\n\tcodex: 'codex',\n\tcopilot: 'copilot',\n\tcopilotEnterprise: 'copilot-enterprise',\n} as const satisfies Record<string, CanonicalAuthProviderId>\n\nexport const AUTH_PROVIDER_ALIASES: Record<string, CanonicalAuthProviderId> = {\n\topenai: AUTH_PROVIDER_IDS.codex,\n\t'openai.codex': AUTH_PROVIDER_IDS.codex,\n\tcodex: AUTH_PROVIDER_IDS.codex,\n\t'github-copilot': AUTH_PROVIDER_IDS.copilot,\n\tcopilot: AUTH_PROVIDER_IDS.copilot,\n\t'github-copilot-enterprise': AUTH_PROVIDER_IDS.copilotEnterprise,\n\t'copilot-enterprise': AUTH_PROVIDER_IDS.copilotEnterprise,\n}\n\nexport interface AuthStore {\n\tget(providerId: string): Promise<AuthInfo | undefined>\n\tset(providerId: string, auth: AuthInfo): Promise<void>\n\tdelete(providerId: string): Promise<void>\n\tgetAll(): Promise<Record<string, AuthInfo>>\n}\n\nexport interface FileAuthStoreOptions {\n\tfilePath?: string\n\tagentSdkAuthFilePath?: string\n\topenCodeAuthFilePath?: string\n\tenableOpenCodeFallback?: boolean\n}\n\ninterface ResolvedFileAuthStoreOptions {\n\tfilePath: string\n\tagentSdkAuthFilePath: string\n\topenCodeAuthFilePath: string\n\tenableOpenCodeFallback: boolean\n}\n\nexport function createMemoryAuthStore(initialAuth: Record<string, AuthInfo> = {}): AuthStore {\n\tconst store = new Map<string, AuthInfo>()\n\n\tfor (const [providerId, auth] of Object.entries(initialAuth)) {\n\t\tstore.set(normalizeProviderId(providerId), cloneAuth(auth))\n\t}\n\n\treturn {\n\t\tasync get(providerId) {\n\t\t\tconst auth = store.get(normalizeProviderId(providerId))\n\t\t\treturn auth ? cloneAuth(auth) : undefined\n\t\t},\n\t\tasync set(providerId, auth) {\n\t\t\tstore.set(normalizeProviderId(providerId), cloneAuth(auth))\n\t\t},\n\t\tasync delete(providerId) {\n\t\t\tstore.delete(normalizeProviderId(providerId))\n\t\t},\n\t\tasync getAll() {\n\t\t\treturn cloneAuthRecord(Object.fromEntries(store.entries()))\n\t\t},\n\t}\n}\n\nexport function createFileAuthStore(options: FileAuthStoreOptions = {}): AuthStore {\n\tconst resolved = resolveFileAuthStoreOptions(options)\n\n\treturn {\n\t\tasync get(providerId) {\n\t\t\tconst key = normalizeProviderId(providerId)\n\t\t\tconst auth = (await readAuthFile(resolved.filePath))[key]\n\t\t\tif (auth) return cloneAuth(auth)\n\n\t\t\tif (!resolved.enableOpenCodeFallback) return undefined\n\n\t\t\tconst fallbackAuth = (await readAuthFile(resolved.openCodeAuthFilePath))[key]\n\t\t\tif (!fallbackAuth) return undefined\n\n\t\t\tconst allAuth = await readAuthFile(resolved.filePath)\n\t\t\tawait writeAuthFile(resolved.filePath, { ...allAuth, [key]: fallbackAuth })\n\t\t\treturn cloneAuth(fallbackAuth)\n\t\t},\n\t\tasync set(providerId, auth) {\n\t\t\tconst key = normalizeProviderId(providerId)\n\t\t\tconst allAuth = await readAuthFile(resolved.filePath)\n\t\t\tawait writeAuthFile(resolved.filePath, { ...allAuth, [key]: auth })\n\t\t},\n\t\tasync delete(providerId) {\n\t\t\tconst key = normalizeProviderId(providerId)\n\t\t\tconst allAuth = await readAuthFile(resolved.filePath)\n\t\t\tdelete allAuth[key]\n\t\t\tawait writeAuthFile(resolved.filePath, allAuth)\n\t\t},\n\t\tasync getAll() {\n\t\t\tconst allAuth = await readAuthFile(resolved.filePath)\n\t\t\tif (!resolved.enableOpenCodeFallback) return cloneAuthRecord(allAuth)\n\n\t\t\tconst fallbackAuth = await readAuthFile(resolved.openCodeAuthFilePath)\n\t\t\tlet imported = false\n\t\t\tconst merged = { ...allAuth }\n\t\t\tfor (const [providerId, auth] of Object.entries(fallbackAuth)) {\n\t\t\t\tif (merged[providerId]) continue\n\t\t\t\tmerged[providerId] = auth\n\t\t\t\timported = true\n\t\t\t}\n\n\t\t\tif (imported) {\n\t\t\t\tawait writeAuthFile(resolved.filePath, merged)\n\t\t\t}\n\n\t\t\treturn cloneAuthRecord(merged)\n\t\t},\n\t}\n}\n\nexport async function ensureFileAuthStore(options: FileAuthStoreOptions = {}): Promise<AuthStore> {\n\tconst resolved = resolveFileAuthStoreOptions(options)\n\tif (!(await fileExists(resolved.filePath))) {\n\t\tconst agentSdkAuth = await readAuthFile(resolved.agentSdkAuthFilePath)\n\t\tif (Object.keys(agentSdkAuth).length > 0) {\n\t\t\tawait writeAuthFile(resolved.filePath, agentSdkAuth)\n\t\t}\n\t}\n\treturn createFileAuthStore(options)\n}\n\nexport function getDefaultAgentLayerAuthPath(): string {\n\tif (process.env.AGENTLAYER_AUTH_PATH) return process.env.AGENTLAYER_AUTH_PATH\n\treturn path.join(getXdgDataHome(), 'agentlayer', 'auth.json')\n}\n\nexport function getDefaultAgentSdkAuthPath(): string {\n\tif (process.env.AGENT_SDK_AUTH_PATH) return process.env.AGENT_SDK_AUTH_PATH\n\treturn path.join(os.homedir(), '.humanlayer', 'agent-sdk', 'auth.json')\n}\n\nexport function getDefaultOpenCodeAuthPath(): string {\n\tif (process.env.OPENCODE_AUTH_PATH) return process.env.OPENCODE_AUTH_PATH\n\treturn path.join(getXdgDataHome(), 'opencode', 'auth.json')\n}\n\nexport async function readAuth(providerId: string, options?: FileAuthStoreOptions): Promise<AuthInfo | undefined> {\n\treturn createFileAuthStore(options).get(providerId)\n}\n\nexport async function writeAuth(providerId: string, auth: AuthInfo, options?: FileAuthStoreOptions): Promise<void> {\n\treturn createFileAuthStore(options).set(providerId, auth)\n}\n\nexport async function removeAuth(providerId: string, options?: FileAuthStoreOptions): Promise<void> {\n\treturn createFileAuthStore(options).delete(providerId)\n}\n\nexport async function readAllAuth(options?: FileAuthStoreOptions): Promise<Record<string, AuthInfo>> {\n\treturn createFileAuthStore(options).getAll()\n}\n\nexport async function requireAuth(store: AuthStore, providerId: string): Promise<AuthInfo>\nexport async function requireAuth<TKind extends AuthKind>(\n\tstore: AuthStore,\n\tproviderId: string,\n\texpectedKind: TKind,\n): Promise<Extract<AuthInfo, { kind: TKind }>>\nexport async function requireAuth(store: AuthStore, providerId: string, expectedKind?: AuthKind): Promise<AuthInfo> {\n\tconst auth = await store.get(providerId)\n\tif (!auth) {\n\t\tthrow new Error(`Missing auth for provider: ${providerId}`)\n\t}\n\tif (expectedKind && auth.kind !== expectedKind) {\n\t\tthrow new Error(`Expected ${expectedKind} auth for provider: ${providerId}, got ${auth.kind}`)\n\t}\n\treturn auth\n}\n\nexport function normalizeProviderId(providerId: string): string {\n\tconst normalized = providerId.trim().replace(/\\/+$/, '')\n\treturn AUTH_PROVIDER_ALIASES[normalized] ?? normalized\n}\n\nfunction resolveFileAuthStoreOptions(options: FileAuthStoreOptions): ResolvedFileAuthStoreOptions {\n\treturn {\n\t\tfilePath: options.filePath ?? getDefaultAgentLayerAuthPath(),\n\t\tagentSdkAuthFilePath: options.agentSdkAuthFilePath ?? getDefaultAgentSdkAuthPath(),\n\t\topenCodeAuthFilePath: options.openCodeAuthFilePath ?? getDefaultOpenCodeAuthPath(),\n\t\tenableOpenCodeFallback: options.enableOpenCodeFallback ?? options.openCodeAuthFilePath != null,\n\t}\n}\n\nasync function fileExists(filePath: string): Promise<boolean> {\n\ttry {\n\t\tawait fs.access(filePath)\n\t\treturn true\n\t} catch (error) {\n\t\tif (isNotFoundError(error)) return false\n\t\tthrow error\n\t}\n}\n\nfunction getXdgDataHome(): string {\n\treturn process.env.XDG_DATA_HOME ?? path.join(os.homedir(), '.local', 'share')\n}\n\nasync function readAuthFile(filePath: string): Promise<Record<string, AuthInfo>> {\n\tlet text: string\n\ttry {\n\t\ttext = await fs.readFile(filePath, 'utf8')\n\t} catch (error) {\n\t\tif (isNotFoundError(error)) return {}\n\t\tthrow error\n\t}\n\n\tconst parsed = JSON.parse(text) as unknown\n\tif (!isRecord(parsed)) return {}\n\n\tconst allAuth: Record<string, AuthInfo> = {}\n\tfor (const [providerId, value] of Object.entries(parsed)) {\n\t\tconst auth = decodeAuthInfo(value)\n\t\tif (!auth) continue\n\t\tallAuth[normalizeProviderId(providerId)] = auth\n\t}\n\treturn allAuth\n}\n\nasync function writeAuthFile(filePath: string, auth: Record<string, AuthInfo>): Promise<void> {\n\tconst normalizedAuth = Object.fromEntries(\n\t\tObject.entries(auth).map(([providerId, value]) => [normalizeProviderId(providerId), cloneAuth(value)]),\n\t)\n\tawait fs.mkdir(path.dirname(filePath), { recursive: true })\n\tawait fs.writeFile(filePath, `${JSON.stringify(normalizedAuth, null, '\\t')}\\n`, { mode: 0o600 })\n\tawait fs.chmod(filePath, 0o600)\n}\n\nfunction decodeAuthInfo(value: unknown): AuthInfo | undefined {\n\tif (!isRecord(value)) return undefined\n\n\tif (value.kind === 'oauth') return decodeOAuthAuthInfo(value)\n\tif (value.kind === 'api') return decodeApiAuthInfo(value)\n\tif (value.type === 'oauth') return decodeOpenCodeOAuthAuthInfo(value)\n\tif (value.type === 'api') return decodeOpenCodeApiAuthInfo(value)\n\n\treturn undefined\n}\n\nfunction decodeOAuthAuthInfo(value: Record<string, unknown>): OAuthAuthInfo | undefined {\n\tif (typeof value.accessToken !== 'string') return undefined\n\treturn {\n\t\tkind: 'oauth',\n\t\taccessToken: value.accessToken,\n\t\t...optionalString('refreshToken', value.refreshToken),\n\t\t...optionalNumber('expiresAt', value.expiresAt),\n\t\t...optionalString('idToken', value.idToken),\n\t\t...optionalString('scope', value.scope),\n\t\t...optionalString('tokenType', value.tokenType),\n\t\t...optionalString('accountId', value.accountId),\n\t\t...optionalString('enterpriseUrl', value.enterpriseUrl),\n\t}\n}\n\nfunction decodeApiAuthInfo(value: Record<string, unknown>): ApiAuthInfo | undefined {\n\tif (typeof value.apiKey !== 'string') return undefined\n\treturn {\n\t\tkind: 'api',\n\t\tapiKey: value.apiKey,\n\t\t...optionalStringRecord('metadata', value.metadata),\n\t}\n}\n\nfunction decodeOpenCodeOAuthAuthInfo(value: Record<string, unknown>): OAuthAuthInfo | undefined {\n\tif (typeof value.access !== 'string') return undefined\n\treturn {\n\t\tkind: 'oauth',\n\t\taccessToken: value.access,\n\t\t...optionalString('refreshToken', value.refresh),\n\t\t...optionalNumber('expiresAt', value.expires),\n\t\t...optionalString('accountId', value.accountId),\n\t\t...optionalString('enterpriseUrl', value.enterpriseUrl),\n\t}\n}\n\nfunction decodeOpenCodeApiAuthInfo(value: Record<string, unknown>): ApiAuthInfo | undefined {\n\tif (typeof value.key !== 'string') return undefined\n\treturn {\n\t\tkind: 'api',\n\t\tapiKey: value.key,\n\t\t...optionalStringRecord('metadata', value.metadata),\n\t}\n}\n\nfunction optionalString(key: string, value: unknown): Record<string, string> {\n\treturn typeof value === 'string' ? { [key]: value } : {}\n}\n\nfunction optionalNumber(key: string, value: unknown): Record<string, number> {\n\treturn typeof value === 'number' ? { [key]: value } : {}\n}\n\nfunction optionalStringRecord(key: string, value: unknown): Record<string, Record<string, string>> {\n\tif (!isRecord(value)) return {}\n\tconst entries = Object.entries(value).filter((entry): entry is [string, string] => typeof entry[1] === 'string')\n\treturn entries.length > 0 ? { [key]: Object.fromEntries(entries) } : {}\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value)\n}\n\nfunction isNotFoundError(error: unknown): boolean {\n\treturn isRecord(error) && error.code === 'ENOENT'\n}\n\nfunction cloneAuth<T extends AuthInfo>(auth: T): T {\n\treturn structuredClone(auth)\n}\n\nfunction cloneAuthRecord(auth: Record<string, AuthInfo>): Record<string, AuthInfo> {\n\treturn Object.fromEntries(Object.entries(auth).map(([providerId, value]) => [providerId, cloneAuth(value)]))\n}\n"
+  ],
+  "mappings": ";AAAA;AACA;AACA;AAwBO,IAAM,oBAAoB;AAAA,EAChC,OAAO;AAAA,EACP,SAAS;AAAA,EACT,mBAAmB;AACpB;AAEO,IAAM,wBAAiE;AAAA,EAC7E,QAAQ,kBAAkB;AAAA,EAC1B,gBAAgB,kBAAkB;AAAA,EAClC,OAAO,kBAAkB;AAAA,EACzB,kBAAkB,kBAAkB;AAAA,EACpC,SAAS,kBAAkB;AAAA,EAC3B,6BAA6B,kBAAkB;AAAA,EAC/C,sBAAsB,kBAAkB;AACzC;AAuBO,SAAS,qBAAqB,CAAC,cAAwC,CAAC,GAAc;AAAA,EAC5F,MAAM,QAAQ,IAAI;AAAA,EAElB,YAAY,YAAY,SAAS,OAAO,QAAQ,WAAW,GAAG;AAAA,IAC7D,MAAM,IAAI,oBAAoB,UAAU,GAAG,UAAU,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,OAAO;AAAA,SACA,IAAG,CAAC,YAAY;AAAA,MACrB,MAAM,OAAO,MAAM,IAAI,oBAAoB,UAAU,CAAC;AAAA,MACtD,OAAO,OAAO,UAAU,IAAI,IAAI;AAAA;AAAA,SAE3B,IAAG,CAAC,YAAY,MAAM;AAAA,MAC3B,MAAM,IAAI,oBAAoB,UAAU,GAAG,UAAU,IAAI,CAAC;AAAA;AAAA,SAErD,OAAM,CAAC,YAAY;AAAA,MACxB,MAAM,OAAO,oBAAoB,UAAU,CAAC;AAAA;AAAA,SAEvC,OAAM,GAAG;AAAA,MACd,OAAO,gBAAgB,OAAO,YAAY,MAAM,QAAQ,CAAC,CAAC;AAAA;AAAA,EAE5D;AAAA;AAGM,SAAS,mBAAmB,CAAC,UAAgC,CAAC,GAAc;AAAA,EAClF,MAAM,WAAW,4BAA4B,OAAO;AAAA,EAEpD,OAAO;AAAA,SACA,IAAG,CAAC,YAAY;AAAA,MACrB,MAAM,MAAM,oBAAoB,UAAU;AAAA,MAC1C,MAAM,QAAQ,MAAM,aAAa,SAAS,QAAQ,GAAG;AAAA,MACrD,IAAI;AAAA,QAAM,OAAO,UAAU,IAAI;AAAA,MAE/B,IAAI,CAAC,SAAS;AAAA,QAAwB;AAAA,MAEtC,MAAM,gBAAgB,MAAM,aAAa,SAAS,oBAAoB,GAAG;AAAA,MACzE,IAAI,CAAC;AAAA,QAAc;AAAA,MAEnB,MAAM,UAAU,MAAM,aAAa,SAAS,QAAQ;AAAA,MACpD,MAAM,cAAc,SAAS,UAAU,KAAK,UAAU,MAAM,aAAa,CAAC;AAAA,MAC1E,OAAO,UAAU,YAAY;AAAA;AAAA,SAExB,IAAG,CAAC,YAAY,MAAM;AAAA,MAC3B,MAAM,MAAM,oBAAoB,UAAU;AAAA,MAC1C,MAAM,UAAU,MAAM,aAAa,SAAS,QAAQ;AAAA,MACpD,MAAM,cAAc,SAAS,UAAU,KAAK,UAAU,MAAM,KAAK,CAAC;AAAA;AAAA,SAE7D,OAAM,CAAC,YAAY;AAAA,MACxB,MAAM,MAAM,oBAAoB,UAAU;AAAA,MAC1C,MAAM,UAAU,MAAM,aAAa,SAAS,QAAQ;AAAA,MACpD,OAAO,QAAQ;AAAA,MACf,MAAM,cAAc,SAAS,UAAU,OAAO;AAAA;AAAA,SAEzC,OAAM,GAAG;AAAA,MACd,MAAM,UAAU,MAAM,aAAa,SAAS,QAAQ;AAAA,MACpD,IAAI,CAAC,SAAS;AAAA,QAAwB,OAAO,gBAAgB,OAAO;AAAA,MAEpE,MAAM,eAAe,MAAM,aAAa,SAAS,oBAAoB;AAAA,MACrE,IAAI,WAAW;AAAA,MACf,MAAM,SAAS,KAAK,QAAQ;AAAA,MAC5B,YAAY,YAAY,SAAS,OAAO,QAAQ,YAAY,GAAG;AAAA,QAC9D,IAAI,OAAO;AAAA,UAAa;AAAA,QACxB,OAAO,cAAc;AAAA,QACrB,WAAW;AAAA,MACZ;AAAA,MAEA,IAAI,UAAU;AAAA,QACb,MAAM,cAAc,SAAS,UAAU,MAAM;AAAA,MAC9C;AAAA,MAEA,OAAO,gBAAgB,MAAM;AAAA;AAAA,EAE/B;AAAA;AAGD,eAAsB,mBAAmB,CAAC,UAAgC,CAAC,GAAuB;AAAA,EACjG,MAAM,WAAW,4BAA4B,OAAO;AAAA,EACpD,IAAI,CAAE,MAAM,WAAW,SAAS,QAAQ,GAAI;AAAA,IAC3C,MAAM,eAAe,MAAM,aAAa,SAAS,oBAAoB;AAAA,IACrE,IAAI,OAAO,KAAK,YAAY,EAAE,SAAS,GAAG;AAAA,MACzC,MAAM,cAAc,SAAS,UAAU,YAAY;AAAA,IACpD;AAAA,EACD;AAAA,EACA,OAAO,oBAAoB,OAAO;AAAA;AAG5B,SAAS,4BAA4B,GAAW;AAAA,EACtD,IAAI,QAAQ,IAAI;AAAA,IAAsB,OAAO,QAAQ,IAAI;AAAA,EACzD,OAAO,KAAK,KAAK,eAAe,GAAG,cAAc,WAAW;AAAA;AAGtD,SAAS,0BAA0B,GAAW;AAAA,EACpD,IAAI,QAAQ,IAAI;AAAA,IAAqB,OAAO,QAAQ,IAAI;AAAA,EACxD,OAAO,KAAK,KAAK,GAAG,QAAQ,GAAG,eAAe,aAAa,WAAW;AAAA;AAGhE,SAAS,0BAA0B,GAAW;AAAA,EACpD,IAAI,QAAQ,IAAI;AAAA,IAAoB,OAAO,QAAQ,IAAI;AAAA,EACvD,OAAO,KAAK,KAAK,eAAe,GAAG,YAAY,WAAW;AAAA;AAG3D,eAAsB,QAAQ,CAAC,YAAoB,SAA+D;AAAA,EACjH,OAAO,oBAAoB,OAAO,EAAE,IAAI,UAAU;AAAA;AAGnD,eAAsB,SAAS,CAAC,YAAoB,MAAgB,SAA+C;AAAA,EAClH,OAAO,oBAAoB,OAAO,EAAE,IAAI,YAAY,IAAI;AAAA;AAGzD,eAAsB,UAAU,CAAC,YAAoB,SAA+C;AAAA,EACnG,OAAO,oBAAoB,OAAO,EAAE,OAAO,UAAU;AAAA;AAGtD,eAAsB,WAAW,CAAC,SAAmE;AAAA,EACpG,OAAO,oBAAoB,OAAO,EAAE,OAAO;AAAA;AAS5C,eAAsB,WAAW,CAAC,OAAkB,YAAoB,cAA4C;AAAA,EACnH,MAAM,OAAO,MAAM,MAAM,IAAI,UAAU;AAAA,EACvC,IAAI,CAAC,MAAM;AAAA,IACV,MAAM,IAAI,MAAM,8BAA8B,YAAY;AAAA,EAC3D;AAAA,EACA,IAAI,gBAAgB,KAAK,SAAS,cAAc;AAAA,IAC/C,MAAM,IAAI,MAAM,YAAY,mCAAmC,mBAAmB,KAAK,MAAM;AAAA,EAC9F;AAAA,EACA,OAAO;AAAA;AAGD,SAAS,mBAAmB,CAAC,YAA4B;AAAA,EAC/D,MAAM,aAAa,WAAW,KAAK,EAAE,QAAQ,QAAQ,EAAE;AAAA,EACvD,OAAO,sBAAsB,eAAe;AAAA;AAG7C,SAAS,2BAA2B,CAAC,SAA6D;AAAA,EACjG,OAAO;AAAA,IACN,UAAU,QAAQ,YAAY,6BAA6B;AAAA,IAC3D,sBAAsB,QAAQ,wBAAwB,2BAA2B;AAAA,IACjF,sBAAsB,QAAQ,wBAAwB,2BAA2B;AAAA,IACjF,wBAAwB,QAAQ,0BAA0B,QAAQ,wBAAwB;AAAA,EAC3F;AAAA;AAGD,eAAe,UAAU,CAAC,UAAoC;AAAA,EAC7D,IAAI;AAAA,IACH,MAAS,UAAO,QAAQ;AAAA,IACxB,OAAO;AAAA,IACN,OAAO,OAAO;AAAA,IACf,IAAI,gBAAgB,KAAK;AAAA,MAAG,OAAO;AAAA,IACnC,MAAM;AAAA;AAAA;AAIR,SAAS,cAAc,GAAW;AAAA,EACjC,OAAO,QAAQ,IAAI,iBAAiB,KAAK,KAAK,GAAG,QAAQ,GAAG,UAAU,OAAO;AAAA;AAG9E,eAAe,YAAY,CAAC,UAAqD;AAAA,EAChF,IAAI;AAAA,EACJ,IAAI;AAAA,IACH,OAAO,MAAS,YAAS,UAAU,MAAM;AAAA,IACxC,OAAO,OAAO;AAAA,IACf,IAAI,gBAAgB,KAAK;AAAA,MAAG,OAAO,CAAC;AAAA,IACpC,MAAM;AAAA;AAAA,EAGP,MAAM,SAAS,KAAK,MAAM,IAAI;AAAA,EAC9B,IAAI,CAAC,SAAS,MAAM;AAAA,IAAG,OAAO,CAAC;AAAA,EAE/B,MAAM,UAAoC,CAAC;AAAA,EAC3C,YAAY,YAAY,UAAU,OAAO,QAAQ,MAAM,GAAG;AAAA,IACzD,MAAM,OAAO,eAAe,KAAK;AAAA,IACjC,IAAI,CAAC;AAAA,MAAM;AAAA,IACX,QAAQ,oBAAoB,UAAU,KAAK;AAAA,EAC5C;AAAA,EACA,OAAO;AAAA;AAGR,eAAe,aAAa,CAAC,UAAkB,MAA+C;AAAA,EAC7F,MAAM,iBAAiB,OAAO,YAC7B,OAAO,QAAQ,IAAI,EAAE,IAAI,EAAE,YAAY,WAAW,CAAC,oBAAoB,UAAU,GAAG,UAAU,KAAK,CAAC,CAAC,CACtG;AAAA,EACA,MAAS,SAAM,KAAK,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAAA,EAC1D,MAAS,aAAU,UAAU,GAAG,KAAK,UAAU,gBAAgB,MAAM,IAAI;AAAA,GAAO,EAAE,MAAM,IAAM,CAAC;AAAA,EAC/F,MAAS,SAAM,UAAU,GAAK;AAAA;AAG/B,SAAS,cAAc,CAAC,OAAsC;AAAA,EAC7D,IAAI,CAAC,SAAS,KAAK;AAAA,IAAG;AAAA,EAEtB,IAAI,MAAM,SAAS;AAAA,IAAS,OAAO,oBAAoB,KAAK;AAAA,EAC5D,IAAI,MAAM,SAAS;AAAA,IAAO,OAAO,kBAAkB,KAAK;AAAA,EACxD,IAAI,MAAM,SAAS;AAAA,IAAS,OAAO,4BAA4B,KAAK;AAAA,EACpE,IAAI,MAAM,SAAS;AAAA,IAAO,OAAO,0BAA0B,KAAK;AAAA,EAEhE;AAAA;AAGD,SAAS,mBAAmB,CAAC,OAA2D;AAAA,EACvF,IAAI,OAAO,MAAM,gBAAgB;AAAA,IAAU;AAAA,EAC3C,OAAO;AAAA,IACN,MAAM;AAAA,IACN,aAAa,MAAM;AAAA,OAChB,eAAe,gBAAgB,MAAM,YAAY;AAAA,OACjD,eAAe,aAAa,MAAM,SAAS;AAAA,OAC3C,eAAe,WAAW,MAAM,OAAO;AAAA,OACvC,eAAe,SAAS,MAAM,KAAK;AAAA,OACnC,eAAe,aAAa,MAAM,SAAS;AAAA,OAC3C,eAAe,aAAa,MAAM,SAAS;AAAA,OAC3C,eAAe,iBAAiB,MAAM,aAAa;AAAA,EACvD;AAAA;AAGD,SAAS,iBAAiB,CAAC,OAAyD;AAAA,EACnF,IAAI,OAAO,MAAM,WAAW;AAAA,IAAU;AAAA,EACtC,OAAO;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,MAAM;AAAA,OACX,qBAAqB,YAAY,MAAM,QAAQ;AAAA,EACnD;AAAA;AAGD,SAAS,2BAA2B,CAAC,OAA2D;AAAA,EAC/F,IAAI,OAAO,MAAM,WAAW;AAAA,IAAU;AAAA,EACtC,OAAO;AAAA,IACN,MAAM;AAAA,IACN,aAAa,MAAM;AAAA,OAChB,eAAe,gBAAgB,MAAM,OAAO;AAAA,OAC5C,eAAe,aAAa,MAAM,OAAO;AAAA,OACzC,eAAe,aAAa,MAAM,SAAS;AAAA,OAC3C,eAAe,iBAAiB,MAAM,aAAa;AAAA,EACvD;AAAA;AAGD,SAAS,yBAAyB,CAAC,OAAyD;AAAA,EAC3F,IAAI,OAAO,MAAM,QAAQ;AAAA,IAAU;AAAA,EACnC,OAAO;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,MAAM;AAAA,OACX,qBAAqB,YAAY,MAAM,QAAQ;AAAA,EACnD;AAAA;AAGD,SAAS,cAAc,CAAC,KAAa,OAAwC;AAAA,EAC5E,OAAO,OAAO,UAAU,WAAW,GAAG,MAAM,MAAM,IAAI,CAAC;AAAA;AAGxD,SAAS,cAAc,CAAC,KAAa,OAAwC;AAAA,EAC5E,OAAO,OAAO,UAAU,WAAW,GAAG,MAAM,MAAM,IAAI,CAAC;AAAA;AAGxD,SAAS,oBAAoB,CAAC,KAAa,OAAwD;AAAA,EAClG,IAAI,CAAC,SAAS,KAAK;AAAA,IAAG,OAAO,CAAC;AAAA,EAC9B,MAAM,UAAU,OAAO,QAAQ,KAAK,EAAE,OAAO,CAAC,UAAqC,OAAO,MAAM,OAAO,QAAQ;AAAA,EAC/G,OAAO,QAAQ,SAAS,IAAI,GAAG,MAAM,OAAO,YAAY,OAAO,EAAE,IAAI,CAAC;AAAA;AAGvE,SAAS,QAAQ,CAAC,OAAkD;AAAA,EACnE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAAA;AAG3E,SAAS,eAAe,CAAC,OAAyB;AAAA,EACjD,OAAO,SAAS,KAAK,KAAK,MAAM,SAAS;AAAA;AAG1C,SAAS,SAA6B,CAAC,MAAY;AAAA,EAClD,OAAO,gBAAgB,IAAI;AAAA;AAG5B,SAAS,eAAe,CAAC,MAA0D;AAAA,EAClF,OAAO,OAAO,YAAY,OAAO,QAAQ,IAAI,EAAE,IAAI,EAAE,YAAY,WAAW,CAAC,YAAY,UAAU,KAAK,CAAC,CAAC,CAAC;AAAA;",
+  "debugId": "D9DD89FCBCE34B6B64756E2164756E21",
+  "names": []
+}

package/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@humanlayer/agentlayer-provider-auth",
+  "source": "./src/index.ts",
+  "type": "module",
+  "version": "0.0.7",
+  "private": false,
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "src",
+    "dist"
+  ],
+  "scripts": {
+    "typecheck": "tsgo --noEmit",
+    "build": "bun run build:js && bunx tsc -p tsconfig.build.json",
+    "build:js": "bun run build.ts",
+    "build:types": "bunx tsc -p tsconfig.build.json"
+  },
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "exports": {
+    ".": {
+      "source": "./src/index.ts",
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "dependencies": {}
+}

package/src/auth.ts ADDED Viewed

@@ -0,0 +1,340 @@
+import * as fs from 'node:fs/promises'
+import os from 'node:os'
+import path from 'node:path'
+export interface OAuthAuthInfo {
+	kind: 'oauth'
+	accessToken: string
+	refreshToken?: string
+	expiresAt?: number
+	idToken?: string
+	scope?: string
+	tokenType?: string
+	accountId?: string
+	enterpriseUrl?: string
+}
+export interface ApiAuthInfo {
+	kind: 'api'
+	apiKey: string
+	metadata?: Record<string, string>
+}
+export type AuthInfo = OAuthAuthInfo | ApiAuthInfo
+export type AuthKind = AuthInfo['kind']
+export type CanonicalAuthProviderId = 'codex' | 'copilot' | 'copilot-enterprise'
+export const AUTH_PROVIDER_IDS = {
+	codex: 'codex',
+	copilot: 'copilot',
+	copilotEnterprise: 'copilot-enterprise',
+} as const satisfies Record<string, CanonicalAuthProviderId>
+export const AUTH_PROVIDER_ALIASES: Record<string, CanonicalAuthProviderId> = {
+	openai: AUTH_PROVIDER_IDS.codex,
+	'openai.codex': AUTH_PROVIDER_IDS.codex,
+	codex: AUTH_PROVIDER_IDS.codex,
+	'github-copilot': AUTH_PROVIDER_IDS.copilot,
+	copilot: AUTH_PROVIDER_IDS.copilot,
+	'github-copilot-enterprise': AUTH_PROVIDER_IDS.copilotEnterprise,
+	'copilot-enterprise': AUTH_PROVIDER_IDS.copilotEnterprise,
+}
+export interface AuthStore {
+	get(providerId: string): Promise<AuthInfo | undefined>
+	set(providerId: string, auth: AuthInfo): Promise<void>
+	delete(providerId: string): Promise<void>
+	getAll(): Promise<Record<string, AuthInfo>>
+}
+export interface FileAuthStoreOptions {
+	filePath?: string
+	agentSdkAuthFilePath?: string
+	openCodeAuthFilePath?: string
+	enableOpenCodeFallback?: boolean
+}
+interface ResolvedFileAuthStoreOptions {
+	filePath: string
+	agentSdkAuthFilePath: string
+	openCodeAuthFilePath: string
+	enableOpenCodeFallback: boolean
+}
+export function createMemoryAuthStore(initialAuth: Record<string, AuthInfo> = {}): AuthStore {
+	const store = new Map<string, AuthInfo>()
+	for (const [providerId, auth] of Object.entries(initialAuth)) {
+		store.set(normalizeProviderId(providerId), cloneAuth(auth))
+	}
+	return {
+		async get(providerId) {
+			const auth = store.get(normalizeProviderId(providerId))
+			return auth ? cloneAuth(auth) : undefined
+		},
+		async set(providerId, auth) {
+			store.set(normalizeProviderId(providerId), cloneAuth(auth))
+		},
+		async delete(providerId) {
+			store.delete(normalizeProviderId(providerId))
+		},
+		async getAll() {
+			return cloneAuthRecord(Object.fromEntries(store.entries()))
+		},
+	}
+}
+export function createFileAuthStore(options: FileAuthStoreOptions = {}): AuthStore {
+	const resolved = resolveFileAuthStoreOptions(options)
+	return {
+		async get(providerId) {
+			const key = normalizeProviderId(providerId)
+			const auth = (await readAuthFile(resolved.filePath))[key]
+			if (auth) return cloneAuth(auth)
+			if (!resolved.enableOpenCodeFallback) return undefined
+			const fallbackAuth = (await readAuthFile(resolved.openCodeAuthFilePath))[key]
+			if (!fallbackAuth) return undefined
+			const allAuth = await readAuthFile(resolved.filePath)
+			await writeAuthFile(resolved.filePath, { ...allAuth, [key]: fallbackAuth })
+			return cloneAuth(fallbackAuth)
+		},
+		async set(providerId, auth) {
+			const key = normalizeProviderId(providerId)
+			const allAuth = await readAuthFile(resolved.filePath)
+			await writeAuthFile(resolved.filePath, { ...allAuth, [key]: auth })
+		},
+		async delete(providerId) {
+			const key = normalizeProviderId(providerId)
+			const allAuth = await readAuthFile(resolved.filePath)
+			delete allAuth[key]
+			await writeAuthFile(resolved.filePath, allAuth)
+		},
+		async getAll() {
+			const allAuth = await readAuthFile(resolved.filePath)
+			if (!resolved.enableOpenCodeFallback) return cloneAuthRecord(allAuth)
+			const fallbackAuth = await readAuthFile(resolved.openCodeAuthFilePath)
+			let imported = false
+			const merged = { ...allAuth }
+			for (const [providerId, auth] of Object.entries(fallbackAuth)) {
+				if (merged[providerId]) continue
+				merged[providerId] = auth
+				imported = true
+			}
+			if (imported) {
+				await writeAuthFile(resolved.filePath, merged)
+			}
+			return cloneAuthRecord(merged)
+		},
+	}
+}
+export async function ensureFileAuthStore(options: FileAuthStoreOptions = {}): Promise<AuthStore> {
+	const resolved = resolveFileAuthStoreOptions(options)
+	if (!(await fileExists(resolved.filePath))) {
+		const agentSdkAuth = await readAuthFile(resolved.agentSdkAuthFilePath)
+		if (Object.keys(agentSdkAuth).length > 0) {
+			await writeAuthFile(resolved.filePath, agentSdkAuth)
+		}
+	}
+	return createFileAuthStore(options)
+}
+export function getDefaultAgentLayerAuthPath(): string {
+	if (process.env.AGENTLAYER_AUTH_PATH) return process.env.AGENTLAYER_AUTH_PATH
+	return path.join(getXdgDataHome(), 'agentlayer', 'auth.json')
+}
+export function getDefaultAgentSdkAuthPath(): string {
+	if (process.env.AGENT_SDK_AUTH_PATH) return process.env.AGENT_SDK_AUTH_PATH
+	return path.join(os.homedir(), '.humanlayer', 'agent-sdk', 'auth.json')
+}
+export function getDefaultOpenCodeAuthPath(): string {
+	if (process.env.OPENCODE_AUTH_PATH) return process.env.OPENCODE_AUTH_PATH
+	return path.join(getXdgDataHome(), 'opencode', 'auth.json')
+}
+export async function readAuth(providerId: string, options?: FileAuthStoreOptions): Promise<AuthInfo | undefined> {
+	return createFileAuthStore(options).get(providerId)
+}
+export async function writeAuth(providerId: string, auth: AuthInfo, options?: FileAuthStoreOptions): Promise<void> {
+	return createFileAuthStore(options).set(providerId, auth)
+}
+export async function removeAuth(providerId: string, options?: FileAuthStoreOptions): Promise<void> {
+	return createFileAuthStore(options).delete(providerId)
+}
+export async function readAllAuth(options?: FileAuthStoreOptions): Promise<Record<string, AuthInfo>> {
+	return createFileAuthStore(options).getAll()
+}
+export async function requireAuth(store: AuthStore, providerId: string): Promise<AuthInfo>
+export async function requireAuth<TKind extends AuthKind>(
+	store: AuthStore,
+	providerId: string,
+	expectedKind: TKind,
+): Promise<Extract<AuthInfo, { kind: TKind }>>
+export async function requireAuth(store: AuthStore, providerId: string, expectedKind?: AuthKind): Promise<AuthInfo> {
+	const auth = await store.get(providerId)
+	if (!auth) {
+		throw new Error(`Missing auth for provider: ${providerId}`)
+	}
+	if (expectedKind && auth.kind !== expectedKind) {
+		throw new Error(`Expected ${expectedKind} auth for provider: ${providerId}, got ${auth.kind}`)
+	}
+	return auth
+}
+export function normalizeProviderId(providerId: string): string {
+	const normalized = providerId.trim().replace(/\/+$/, '')
+	return AUTH_PROVIDER_ALIASES[normalized] ?? normalized
+}
+function resolveFileAuthStoreOptions(options: FileAuthStoreOptions): ResolvedFileAuthStoreOptions {
+	return {
+		filePath: options.filePath ?? getDefaultAgentLayerAuthPath(),
+		agentSdkAuthFilePath: options.agentSdkAuthFilePath ?? getDefaultAgentSdkAuthPath(),
+		openCodeAuthFilePath: options.openCodeAuthFilePath ?? getDefaultOpenCodeAuthPath(),
+		enableOpenCodeFallback: options.enableOpenCodeFallback ?? options.openCodeAuthFilePath != null,
+	}
+}
+async function fileExists(filePath: string): Promise<boolean> {
+	try {
+		await fs.access(filePath)
+		return true
+	} catch (error) {
+		if (isNotFoundError(error)) return false
+		throw error
+	}
+}
+function getXdgDataHome(): string {
+	return process.env.XDG_DATA_HOME ?? path.join(os.homedir(), '.local', 'share')
+}
+async function readAuthFile(filePath: string): Promise<Record<string, AuthInfo>> {
+	let text: string
+	try {
+		text = await fs.readFile(filePath, 'utf8')
+	} catch (error) {
+		if (isNotFoundError(error)) return {}
+		throw error
+	}
+	const parsed = JSON.parse(text) as unknown
+	if (!isRecord(parsed)) return {}
+	const allAuth: Record<string, AuthInfo> = {}
+	for (const [providerId, value] of Object.entries(parsed)) {
+		const auth = decodeAuthInfo(value)
+		if (!auth) continue
+		allAuth[normalizeProviderId(providerId)] = auth
+	}
+	return allAuth
+}
+async function writeAuthFile(filePath: string, auth: Record<string, AuthInfo>): Promise<void> {
+	const normalizedAuth = Object.fromEntries(
+		Object.entries(auth).map(([providerId, value]) => [normalizeProviderId(providerId), cloneAuth(value)]),
+	)
+	await fs.mkdir(path.dirname(filePath), { recursive: true })
+	await fs.writeFile(filePath, `${JSON.stringify(normalizedAuth, null, '\t')}\n`, { mode: 0o600 })
+	await fs.chmod(filePath, 0o600)
+}
+function decodeAuthInfo(value: unknown): AuthInfo | undefined {
+	if (!isRecord(value)) return undefined
+	if (value.kind === 'oauth') return decodeOAuthAuthInfo(value)
+	if (value.kind === 'api') return decodeApiAuthInfo(value)
+	if (value.type === 'oauth') return decodeOpenCodeOAuthAuthInfo(value)
+	if (value.type === 'api') return decodeOpenCodeApiAuthInfo(value)
+	return undefined
+}
+function decodeOAuthAuthInfo(value: Record<string, unknown>): OAuthAuthInfo | undefined {
+	if (typeof value.accessToken !== 'string') return undefined
+	return {
+		kind: 'oauth',
+		accessToken: value.accessToken,
+		...optionalString('refreshToken', value.refreshToken),
+		...optionalNumber('expiresAt', value.expiresAt),
+		...optionalString('idToken', value.idToken),
+		...optionalString('scope', value.scope),
+		...optionalString('tokenType', value.tokenType),
+		...optionalString('accountId', value.accountId),
+		...optionalString('enterpriseUrl', value.enterpriseUrl),
+	}
+}
+function decodeApiAuthInfo(value: Record<string, unknown>): ApiAuthInfo | undefined {
+	if (typeof value.apiKey !== 'string') return undefined
+	return {
+		kind: 'api',
+		apiKey: value.apiKey,
+		...optionalStringRecord('metadata', value.metadata),
+	}
+}
+function decodeOpenCodeOAuthAuthInfo(value: Record<string, unknown>): OAuthAuthInfo | undefined {
+	if (typeof value.access !== 'string') return undefined
+	return {
+		kind: 'oauth',
+		accessToken: value.access,
+		...optionalString('refreshToken', value.refresh),
+		...optionalNumber('expiresAt', value.expires),
+		...optionalString('accountId', value.accountId),
+		...optionalString('enterpriseUrl', value.enterpriseUrl),
+	}
+}
+function decodeOpenCodeApiAuthInfo(value: Record<string, unknown>): ApiAuthInfo | undefined {
+	if (typeof value.key !== 'string') return undefined
+	return {
+		kind: 'api',
+		apiKey: value.key,
+		...optionalStringRecord('metadata', value.metadata),
+	}
+}
+function optionalString(key: string, value: unknown): Record<string, string> {
+	return typeof value === 'string' ? { [key]: value } : {}
+}
+function optionalNumber(key: string, value: unknown): Record<string, number> {
+	return typeof value === 'number' ? { [key]: value } : {}
+}
+function optionalStringRecord(key: string, value: unknown): Record<string, Record<string, string>> {
+	if (!isRecord(value)) return {}
+	const entries = Object.entries(value).filter((entry): entry is [string, string] => typeof entry[1] === 'string')
+	return entries.length > 0 ? { [key]: Object.fromEntries(entries) } : {}
+}
+function isRecord(value: unknown): value is Record<string, unknown> {
+	return typeof value === 'object' && value !== null && !Array.isArray(value)
+}
+function isNotFoundError(error: unknown): boolean {
+	return isRecord(error) && error.code === 'ENOENT'
+}
+function cloneAuth<T extends AuthInfo>(auth: T): T {
+	return structuredClone(auth)
+}
+function cloneAuthRecord(auth: Record<string, AuthInfo>): Record<string, AuthInfo> {
+	return Object.fromEntries(Object.entries(auth).map(([providerId, value]) => [providerId, cloneAuth(value)]))
+}

package/src/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './auth'