@iaforged/context-code 2.3.1 → 2.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (103) hide show
  1. package/context-bootstrap.js +7 -5
  2. package/dist/src/QueryEngine.js +1 -1
  3. package/dist/src/cli/handlers/auth.js +1 -1
  4. package/dist/src/cli/handlers/modelList.js +1 -1
  5. package/dist/src/cli/structuredIO.js +1 -1
  6. package/dist/src/commands/branch/index.js +1 -1
  7. package/dist/src/commands/login/login.js +1 -1
  8. package/dist/src/commands/profile/index.js +1 -1
  9. package/dist/src/commands/profile/profile.js +1 -1
  10. package/dist/src/commands/provider/index.js +1 -1
  11. package/dist/src/commands/provider/provider.js +1 -1
  12. package/dist/src/components/BaseTextInput.js +1 -1
  13. package/dist/src/components/ConsoleOAuthFlow.js +1 -1
  14. package/dist/src/components/LogoV2/AnimatedClawd.js +1 -1
  15. package/dist/src/components/LogoV2/Clawd.js +1 -1
  16. package/dist/src/components/LogoV2/LogoV2.js +1 -1
  17. package/dist/src/components/LogoV2/Opus1mMergeNotice.js +1 -1
  18. package/dist/src/components/LogoV2/WelcomeV2.js +1 -1
  19. package/dist/src/components/ModelPicker.js +1 -1
  20. package/dist/src/components/PromptInput/PromptInputFooterLeftSide.js +1 -1
  21. package/dist/src/components/SessionTokenFooter.js +1 -0
  22. package/dist/src/components/Spinner.js +1 -1
  23. package/dist/src/components/Stats.js +1 -1
  24. package/dist/src/components/TeleportProgress.js +1 -1
  25. package/dist/src/components/TextInput.js +1 -1
  26. package/dist/src/components/design-system/ThemeProvider.js +1 -1
  27. package/dist/src/components/permissions/AskUserQuestionPermissionRequest/AskUserQuestionPermissionRequest.js +1 -1
  28. package/dist/src/constants/oauth.js +1 -1
  29. package/dist/src/core/providers/providerCore.js +1 -1
  30. package/dist/src/hooks/useTypeahead.js +1 -1
  31. package/dist/src/main.js +1 -1
  32. package/dist/src/query/stopHooks.js +1 -1
  33. package/dist/src/screens/REPL.js +1 -1
  34. package/dist/src/services/PromptSuggestion/promptSuggestion.js +1 -1
  35. package/dist/src/services/analytics/config.js +1 -1
  36. package/dist/src/services/analytics/datadog.js +1 -1
  37. package/dist/src/services/api/openai.js +1 -1
  38. package/dist/src/services/mcp/config.js +1 -1
  39. package/dist/src/services/oauth/auth-code-listener.js +1 -1
  40. package/dist/src/services/oauth/client.js +1 -1
  41. package/dist/src/services/oauth/geminiCli.js +1 -1
  42. package/dist/src/services/tips/tipRegistry.js +1 -1
  43. package/dist/src/services/toolUseSummary/toolUseSummaryGenerator.js +1 -1
  44. package/dist/src/tools/BriefTool/UI.js +1 -1
  45. package/dist/src/utils/auth.js +1 -1
  46. package/dist/src/utils/claudeInChrome/setup.js +1 -1
  47. package/dist/src/utils/computerControlMcp/mcpServer.js +1 -1
  48. package/dist/src/utils/computerControlMcp/server/.gitattributes +18 -0
  49. package/dist/src/utils/computerControlMcp/server/Dockerfile +25 -0
  50. package/dist/src/utils/computerControlMcp/server/LICENSE +21 -0
  51. package/dist/src/utils/computerControlMcp/server/MANIFEST.in +10 -0
  52. package/dist/src/utils/computerControlMcp/server/README.md +193 -0
  53. package/dist/src/utils/computerControlMcp/server/demonstration.gif +0 -0
  54. package/dist/src/utils/computerControlMcp/server/icon.png +0 -0
  55. package/dist/src/utils/computerControlMcp/server/pyproject.toml +52 -0
  56. package/dist/src/utils/computerControlMcp/server/smithery.yaml +13 -0
  57. package/dist/src/utils/computerControlMcp/server/src/README.md +12 -0
  58. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/FZYTK.TTF +0 -0
  59. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/__init__.py +11 -0
  60. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/__main__.py +21 -0
  61. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/cli.py +128 -0
  62. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/core.py +1008 -0
  63. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/gui.py +126 -0
  64. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/server.py +15 -0
  65. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/test.py +346 -0
  66. package/dist/src/utils/computerControlMcp/server/src/computer_control_mcp/test_image.png +0 -0
  67. package/dist/src/utils/computerControlMcp/server/tests/README.md +22 -0
  68. package/dist/src/utils/computerControlMcp/server/tests/conftest.py +10 -0
  69. package/dist/src/utils/computerControlMcp/server/tests/rapidocr_test.py +21 -0
  70. package/dist/src/utils/computerControlMcp/server/tests/run_cli.py +9 -0
  71. package/dist/src/utils/computerControlMcp/server/tests/run_server.py +15 -0
  72. package/dist/src/utils/computerControlMcp/server/tests/setup.py +16 -0
  73. package/dist/src/utils/computerControlMcp/server/tests/test_computer_control.py +161 -0
  74. package/dist/src/utils/computerControlMcp/server/tests/test_screenshot.py +14 -0
  75. package/dist/src/utils/computerControlMcp/server/tests/test_wgc_env_var.py +42 -0
  76. package/dist/src/utils/computerControlMcp/server/tests/test_wgc_screenshot.py +67 -0
  77. package/dist/src/utils/computerControlMcp/server/uv.lock +4986 -0
  78. package/dist/src/utils/computerControlMcp/setup.js +1 -1
  79. package/dist/src/utils/envUtils.js +1 -1
  80. package/dist/src/utils/git.js +1 -1
  81. package/dist/src/utils/localInstaller.js +1 -1
  82. package/dist/src/utils/logoV2Utils.js +1 -1
  83. package/dist/src/utils/model/configs.js +1 -1
  84. package/dist/src/utils/model/model.js +1 -1
  85. package/dist/src/utils/model/modelAllowlist.js +1 -1
  86. package/dist/src/utils/model/modelOptions.js +1 -1
  87. package/dist/src/utils/model/providerBaseUrls.js +1 -1
  88. package/dist/src/utils/model/providerCatalog.js +1 -1
  89. package/dist/src/utils/model/providerModels.js +1 -1
  90. package/dist/src/utils/model/providerProfiles.js +1 -1
  91. package/dist/src/utils/model/providerProfilesDb.js +1 -1
  92. package/dist/src/utils/model/providers.js +1 -1
  93. package/dist/src/utils/model/validateModel.js +1 -1
  94. package/dist/src/utils/ripgrep.js +1 -1
  95. package/dist/src/utils/sembleMcp/setup.js +1 -1
  96. package/dist/src/utils/theme.js +1 -1
  97. package/dist/src/utils/themes/bootstrap.js +1 -1
  98. package/dist/src/utils/themes/opencodeMapper.js +1 -1
  99. package/dist/webapp/chunk-VAB2VXFI.js +1 -1
  100. package/dist/webapp/main-MTQLKGXD.js +1 -1
  101. package/dist/webapp/ngsw.json +1 -1
  102. package/dist/webapp/polyfills-7R4CRVNH.js +1 -1
  103. package/package.json +1 -1
@@ -1 +1 @@
1
- import{MACRO as e}from"../recovery/bunBundleShim.js";import r from"chalk";import{exec as t}from"child_process";import{execa as n}from"execa";import{mkdir as o,stat as s}from"fs/promises";import i from"lodash-es/memoize.js";import{CLAUDE_AI_PROFILE_SCOPE as c}from"../constants/oauth.js";import{logEvent as a}from"../services/analytics/index.js";import{GEMINI_CLI_OAUTH_CLIENT_ID as u,GEMINI_CLI_OAUTH_CLIENT_SECRET as p,GEMINI_CLI_OAUTH_SCOPES as l,GEMINI_CLI_OAUTH_TOKEN_URL as A}from"../constants/geminiOAuth.js";import{getModelStrings as d}from"./model/modelStrings.js";import{getAPIProvider as f,isOpenAICompatibleProvider as h}from"./model/providers.js";import{getResolvedProviderProfileId as _,ensureProviderProfile as g,isDefaultProfileId as O,isProfiledProvider as T,resolveProviderProfile as E}from"./model/providerProfiles.js";import{getIsNonInteractiveSession as m,preferThirdPartyAuthentication as y}from"../bootstrap/state.js";import{getMockSubscriptionType as k,shouldUseMockSubscription as C}from"../services/mockRateLimits.js";import{isOAuthTokenExpired as v,refreshOpenAIOAuthToken as I,refreshOAuthToken as K,shouldUseClaudeAIAuth as S}from"../services/oauth/client.js";import{getOauthProfileFromOauthToken as x}from"../services/oauth/getOauthProfile.js";import{getApiKeyFromFileDescriptor as P,getOAuthTokenFromFileDescriptor as w}from"./authFileDescriptor.js";import{maybeRemoveApiKeyFromMacOSKeychainThrows as N,normalizeApiKeyForConfig as R}from"./authPortable.js";import{checkStsCallerIdentity as D,clearAwsIniCache as H,isValidAwsStsOutput as U}from"./aws.js";import{AwsAuthStatusManager as b}from"./awsAuthStatusManager.js";import{clearBetasCaches as L}from"./betas.js";import{checkHasTrustDialogAccepted as G,getGlobalConfig as j,saveGlobalConfig as F}from"./config.js";import{logAntError as M,logForDebugging as $}from"./debug.js";import{getClaudeConfigHomeDir as Y,isBareMode as B,isEnvTruthy as X,isRunningOnHomespace as W}from"./envUtils.js";import{errorMessage as z}from"./errors.js";import{execSyncWithDefaults_DEPRECATED as q}from"./execFileNoThrow.js";import*as V from"./lockfile.js";import{logError as J}from"./log.js";import{memoizeWithTTLAsync as Z}from"./memoize.js";import{getSecureStorage as Q}from"./secureStorage/index.js";import{clearLegacyApiKeyPrefetch as ee,getLegacyApiKeyPrefetchResult as re}from"./secureStorage/keychainPrefetch.js";import{clearKeychainCache as te,getMacOsKeychainStorageServiceName as ne,getUsername as oe}from"./secureStorage/macOsKeychainHelpers.js";import{getLegacyCredentialsFilePath as se,getSecureStorageDbPath as ie}from"./secureStorage/sqliteStorage.js";import{getSettings_DEPRECATED as ce,getSettingsForSource as ae}from"./settings/settings.js";import{sleep as ue}from"./sleep.js";import{jsonParse as pe}from"./slowOperations.js";import{clearToolSchemaCache as le}from"./toolSchemaCache.js";function isManagedOAuthContext(){return X(process.env.CONTEXT_CODE_REMOTE)||X(process.env.CLAUDE_CODE_REMOTE)||"claude-desktop"===process.env.CLAUDE_CODE_ENTRYPOINT}export function isAnthropicAuthEnabled(){if(B())return!1;if(process.env.ANTHROPIC_UNIX_SOCKET)return!(!process.env.CONTEXT_CODE_OAUTH_TOKEN&&!process.env.CLAUDE_CODE_OAUTH_TOKEN);const e=f(),r=X(process.env.CONTEXT_CODE_USE_BEDROCK)||X(process.env.CLAUDE_CODE_USE_BEDROCK)||X(process.env.CONTEXT_CODE_USE_VERTEX)||X(process.env.CLAUDE_CODE_USE_VERTEX)||X(process.env.CONTEXT_CODE_USE_FOUNDRY)||X(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(e),t=(ce()||{}).apiKeyHelper,n=process.env.ANTHROPIC_AUTH_TOKEN||t||process.env.CONTEXT_CODE_API_KEY_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_API_KEY_FILE_DESCRIPTOR,{source:o}=getAnthropicApiKeyWithSource({skipRetrievingKeyFromApiKeyHelper:!0}),s="ANTHROPIC_API_KEY"===o||"apiKeyHelper"===o;return!(r||n&&!isManagedOAuthContext()||s&&!isManagedOAuthContext())}export function getAuthTokenSource(){const e=f();if(h(e))return{source:e,hasToken:Boolean(getOpenAICompatibleAccessToken(e))};if(B())return getConfiguredApiKeyHelper()?{source:"apiKeyHelper",hasToken:!0}:{source:"none",hasToken:!1};if(process.env.ANTHROPIC_AUTH_TOKEN&&!isManagedOAuthContext())return{source:"ANTHROPIC_AUTH_TOKEN",hasToken:!0};if(isManagedOAuthContext()&&(process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN))return{source:"CLAUDE_CODE_OAUTH_TOKEN",hasToken:!0};if(isManagedOAuthContext()?w():null)return process.env.CONTEXT_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR?{source:"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR",hasToken:!0}:{source:"CCR_OAUTH_TOKEN_FILE",hasToken:!0};if(getConfiguredApiKeyHelper()&&!isManagedOAuthContext())return{source:"apiKeyHelper",hasToken:!0};const r=getClaudeAIOAuthTokens();return S(r?.scopes)&&r?.accessToken?{source:"claude.ai",hasToken:!0}:{source:"none",hasToken:!1}}function getProviderOauthStorageKey(e){return"claude"===e?"claudeAiOauth":"openAiOauth"}function shouldUseLegacyProviderOauthFallback(e){return"claude"!==e}export function getStoredProviderOAuthTokens(e,r){try{const t=Q().read();if(r){const n=t?.providerProfileOauth?.[r];if(n?.accessToken)return n;if(!O(e,r))return null}if("gemini-google"===e)return null;if(!shouldUseLegacyProviderOauthFallback(e))return null;const n=t?.[getProviderOauthStorageKey(e)];return n?.accessToken?n:null}catch{return null}}export function hasStoredProviderOAuthTokens(e,r){if(r)return Boolean(getStoredProviderOAuthTokens(e,r));try{const r=Q().read(),t=Object.entries(r?.providerProfileOauth??{}).some(([r,t])=>r.startsWith(`${e}/`)&&"object"==typeof t&&null!==t&&"string"==typeof t.accessToken&&t.accessToken.trim());return shouldUseLegacyProviderOauthFallback(e)?Boolean(t||r?.[getProviderOauthStorageKey(e)]?.accessToken):Boolean(t)}catch{return!1}}export async function renameProviderScopedCredentials(e,r){if(!e||!r||e===r)return;const t=Q(),n=t.read()||{},o={...n.providerProfileApiKeys??{}},s={...n.providerProfileOauth??{}};e in o&&(o[r]=o[e],delete o[e]),e in s&&(s[r]=s[e],delete s[e]);if(!t.update({...n,providerProfileApiKeys:o,providerProfileOauth:s}).success)throw new Error("No se pudieron mover las credenciales del perfil.")}export async function removeProviderScopedCredentials(e){if(!e)return;const r=Q(),t=r.read()||{},n={...t.providerProfileApiKeys??{}},o={...t.providerProfileOauth??{}};delete n[e],delete o[e];if(!r.update({...t,providerProfileApiKeys:n,providerProfileOauth:o}).success)throw new Error("No se pudieron eliminar las credenciales del perfil.")}export async function removeAllProviderScopedCredentials(){const e=Q(),r=e.read()||{};if(!e.update({...r,providerProfileApiKeys:{},providerProfileOauth:{}}).success)throw new Error("No se pudieron eliminar las credenciales scoped de perfiles.")}export function getAnthropicApiKey(){const{key:e}=getAnthropicApiKeyWithSource();return e}export function hasAnthropicApiKeyAuth(){const{key:e,source:r}=getAnthropicApiKeyWithSource({skipRetrievingKeyFromApiKeyHelper:!0});return null!==e&&"none"!==r}export function getAnthropicApiKeyWithSource(e={}){if(h(f()))return{key:null,source:"none"};if(B())return process.env.ANTHROPIC_API_KEY?{key:process.env.ANTHROPIC_API_KEY,source:"ANTHROPIC_API_KEY"}:getConfiguredApiKeyHelper()?{key:e.skipRetrievingKeyFromApiKeyHelper?null:getApiKeyFromApiKeyHelperCached(),source:"apiKeyHelper"}:{key:null,source:"none"};const r=W()?void 0:process.env.ANTHROPIC_API_KEY;if(y()&&r)return{key:r,source:"ANTHROPIC_API_KEY"};if(X(process.env.CI)||"test"===process.env.NODE_ENV){const e=P();if(e)return{key:e,source:"ANTHROPIC_API_KEY"};if(!(r||process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN||process.env.CONTEXT_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR))throw new Error("ANTHROPIC_API_KEY or CONTEXT_CODE_OAUTH_TOKEN (legacy: CLAUDE_CODE_OAUTH_TOKEN) env var is required");return r?{key:r,source:"ANTHROPIC_API_KEY"}:{key:null,source:"none"}}if(r&&j().customApiKeyResponses?.approved?.includes(R(r)))return{key:r,source:"ANTHROPIC_API_KEY"};const t=P();if(t)return{key:t,source:"ANTHROPIC_API_KEY"};if(getConfiguredApiKeyHelper())return e.skipRetrievingKeyFromApiKeyHelper?{key:null,source:"apiKeyHelper"}:{key:getApiKeyFromApiKeyHelperCached(),source:"apiKeyHelper"};const n=getApiKeyFromConfigOrMacOSKeychain();return n||{key:null,source:"none"}}export function getConfiguredApiKeyHelper(){if(B())return ae("flagSettings")?.apiKeyHelper;return(ce()||{}).apiKeyHelper}function isApiKeyHelperFromProjectOrLocalSettings(){const e=getConfiguredApiKeyHelper();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.apiKeyHelper===e||t?.apiKeyHelper===e}function getConfiguredAwsAuthRefresh(){return(ce()||{}).awsAuthRefresh}export function isAwsAuthRefreshFromProjectSettings(){const e=getConfiguredAwsAuthRefresh();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.awsAuthRefresh===e||t?.awsAuthRefresh===e}function getConfiguredAwsCredentialExport(){return(ce()||{}).awsCredentialExport}export function isAwsCredentialExportFromProjectSettings(){const e=getConfiguredAwsCredentialExport();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.awsCredentialExport===e||t?.awsCredentialExport===e}export function calculateApiKeyHelperTTL(){const e=process.env.CONTEXT_CODE_API_KEY_HELPER_TTL_MS??process.env.CLAUDE_CODE_API_KEY_HELPER_TTL_MS;if(e){const r=parseInt(e,10);if(!Number.isNaN(r)&&r>=0)return r;$(`Found CLAUDE_CODE_API_KEY_HELPER_TTL_MS env var, but it was not a valid number. Got ${e}`,{level:"error"})}return 3e5}let Ae=null,de=null,fe=0;export function getApiKeyHelperElapsedMs(){const e=de?.startedAt;return e?Date.now()-e:0}export async function getApiKeyFromApiKeyHelper(e){if(!getConfiguredApiKeyHelper())return null;const r=calculateApiKeyHelperTTL();return Ae?(Date.now()-Ae.timestamp<r||de||(de={promise:_runAndCache(e,!1,fe),startedAt:null}),Ae.value):(de||(de={promise:_runAndCache(e,!0,fe),startedAt:Date.now()}),de.promise)}async function _runAndCache(t,o,s){try{const r=await async function(r){const t=getConfiguredApiKeyHelper();if(!t)return null;if(isApiKeyHelperFromProjectOrLocalSettings()){if(!G()&&!r){const r=new Error(`Security: apiKeyHelper executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("apiKeyHelper invoked before trust check",r),a("tengu_apiKeyHelper_missing_trust11",{}),null}}const o=await n(t,{shell:!0,timeout:6e5,reject:!1});if(o.failed){const e=o.timedOut?"timed out":`exited ${o.exitCode}`,r=o.stderr?.trim();throw new Error(r?`${e}: ${r}`:e)}const s=o.stdout?.trim();if(!s)throw new Error("did not return a value");return s}(t);return s!==fe||null!==r&&(Ae={value:r,timestamp:Date.now()}),r}catch(e){if(s!==fe)return" ";const t=e instanceof Error?e.message:String(e);return console.error(r.red(`apiKeyHelper failed: ${t}`)),$(`Error getting API key from apiKeyHelper: ${t}`,{level:"error"}),!o&&Ae&&" "!==Ae.value?(Ae={...Ae,timestamp:Date.now()},Ae.value):(Ae={value:" ",timestamp:Date.now()}," ")}finally{s===fe&&(de=null)}}export function getApiKeyFromApiKeyHelperCached(){return Ae?.value??null}export function clearApiKeyHelperCache(){fe++,Ae=null,de=null}export function prefetchApiKeyFromApiKeyHelperIfSafe(e){isApiKeyHelperFromProjectOrLocalSettings()&&!G()||getApiKeyFromApiKeyHelper(e)}const he=18e4;export function refreshAwsAuth(e){$("Running AWS auth refresh command");const n=b.getInstance();return n.startAuthentication(),new Promise(o=>{const s=t(e,{timeout:he});s.stdout.on("data",e=>{const r=e.toString().trim();r&&(n.addOutput(r),$(r,{level:"debug"}))}),s.stderr.on("data",e=>{const r=e.toString().trim();r&&(n.setError(r),$(r,{level:"error"}))}),s.on("close",(e,t)=>{if(0===e)$("AWS auth refresh completed successfully"),n.endAuthentication(!0),o(!0);else{const e="SIGTERM"===t?r.red("AWS auth refresh timed out after 3 minutes. Run your auth command manually in a separate terminal."):r.red("Error running awsAuthRefresh (in settings or ~/.context.json):");console.error(e),n.endAuthentication(!1),o(!1)}})})}export const refreshAndGetAwsCredentials=Z(async()=>{const t=await async function(){const r=getConfiguredAwsAuthRefresh();if(!r)return!1;if(isAwsAuthRefreshFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: awsAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("awsAuthRefresh invoked before trust check",r),a("tengu_awsAuthRefresh_missing_trust",{}),!1}try{return $("Fetching AWS caller identity for AWS auth refresh command"),await D(),$("Fetched AWS caller identity, skipping AWS auth refresh command"),!1}catch{return refreshAwsAuth(r)}}(),o=await async function(){const t=getConfiguredAwsCredentialExport();if(!t)return null;if(isAwsCredentialExportFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: awsCredentialExport executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("awsCredentialExport invoked before trust check",r),a("tengu_awsCredentialExport_missing_trust",{}),null}try{return $("Fetching AWS caller identity for credential export command"),await D(),$("Fetched AWS caller identity, skipping AWS credential export command"),null}catch{try{$("Running AWS credential export command");const e=await n(t,{shell:!0,reject:!1});if(0!==e.exitCode||!e.stdout)throw new Error("awsCredentialExport did not return a valid value");const r=pe(e.stdout.trim());if(!U(r))throw new Error("awsCredentialExport did not return valid AWS STS output structure");return $("AWS credentials retrieved from awsCredentialExport"),{accessKeyId:r.Credentials.AccessKeyId,secretAccessKey:r.Credentials.SecretAccessKey,sessionToken:r.Credentials.SessionToken}}catch(e){const t=r.red("Error getting AWS credentials from awsCredentialExport (in settings or ~/.context.json):");return e instanceof Error?console.error(t,e.message):console.error(t,e),null}}}();return(t||o)&&await H(),o},36e5);export function clearAwsCredentialsCache(){refreshAndGetAwsCredentials.cache.clear()}function getConfiguredGcpAuthRefresh(){return(ce()||{}).gcpAuthRefresh}export function isGcpAuthRefreshFromProjectSettings(){const e=getConfiguredGcpAuthRefresh();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.gcpAuthRefresh===e||t?.gcpAuthRefresh===e}const _e=l;export async function checkGcpCredentialsValid(){try{const{GoogleAuth:e}=await import("google-auth-library"),r=new e({scopes:["https://www.googleapis.com/auth/cloud-platform"]}),t=(async()=>{const e=await r.getClient();await e.getAccessToken()})(),n=ue(5e3).then(()=>{throw new GcpCredentialsTimeoutError("GCP credentials check timed out")});return await Promise.race([t,n]),!0}catch{return!1}}const ge=18e4;export function refreshGcpAuth(e){$("Running GCP auth refresh command");const n=b.getInstance();return n.startAuthentication(),new Promise(o=>{const s=t(e,{timeout:ge});s.stdout.on("data",e=>{const r=e.toString().trim();r&&(n.addOutput(r),$(r,{level:"debug"}))}),s.stderr.on("data",e=>{const r=e.toString().trim();r&&(n.setError(r),$(r,{level:"error"}))}),s.on("close",(e,t)=>{if(0===e)$("GCP auth refresh completed successfully"),n.endAuthentication(!0),o(!0);else{const e="SIGTERM"===t?r.red("GCP auth refresh timed out after 3 minutes. Run your auth command manually in a separate terminal."):r.red("Error running gcpAuthRefresh (in settings or ~/.context.json):");console.error(e),n.endAuthentication(!1),o(!1)}})})}export const refreshGcpCredentialsIfNeeded=Z(async()=>await async function(){const r=getConfiguredGcpAuthRefresh();if(!r)return!1;if(isGcpAuthRefreshFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: gcpAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("gcpAuthRefresh invoked before trust check",r),a("tengu_gcpAuthRefresh_missing_trust",{}),!1}try{if($("Checking GCP credentials validity for auth refresh"),await checkGcpCredentialsValid())return $("GCP credentials are valid, skipping auth refresh command"),!1}catch{}return refreshGcpAuth(r)}(),36e5);export function clearGcpCredentialsCache(){refreshGcpCredentialsIfNeeded.cache.clear()}export function prefetchGcpCredentialsIfSafe(){if(getConfiguredGcpAuthRefresh()){if(isGcpAuthRefreshFromProjectSettings()){if(!G()&&!m())return}refreshGcpCredentialsIfNeeded()}}export function prefetchAwsCredentialsAndBedRockInfoIfSafe(){const e=getConfiguredAwsAuthRefresh(),r=getConfiguredAwsCredentialExport();if(e||r){if(isAwsAuthRefreshFromProjectSettings()||isAwsCredentialExportFromProjectSettings()){if(!G()&&!m())return}refreshAndGetAwsCredentials(),d()}}export const getApiKeyFromConfigOrMacOSKeychain=i(()=>{if("darwin"===process.platform){const e=re();if(e){if(e.stdout)return{key:e.stdout,source:"/login managed key"}}else{const e=ne();try{const r=q(`security find-generic-password -a $USER -w -s "${e}"`);if(r)return{key:r,source:"/login managed key"}}catch(e){J(e)}}}const e=j();return e.primaryApiKey?{key:e.primaryApiKey,source:"/login managed key"}:null});function isValidApiKey(e){return/^[a-zA-Z0-9-_\.]+$/.test(e)}function getStoredProviderApiKey(e,r){try{const t=Q().read();if(r){const n=t?.providerProfileApiKeys?.[r];if("string"==typeof n&&n.trim())return n;if(!O(e,r))return null}return t?.providerApiKeys?.[e]??null}catch{return null}}export function hasStoredProviderApiKey(e,r){return Boolean(getStoredProviderApiKey(e,r))}export async function saveProviderApiKey(e,r){if(!isValidApiKey(r))throw new Error("Formato de clave API inválido. La clave API solo debe contener caracteres alfanuméricos, guiones, guiones bajos y puntos.");const t=Q(),n=t.read()||{},o=T(e)?E(e,{createIfMissing:!0})?.id??null:null;if(!t.update({...n,providerApiKeys:{...n.providerApiKeys??{},[e]:r},...o?{providerProfileApiKeys:{...n.providerProfileApiKeys??{},[o]:r}}:{}}).success)throw new Error(`Failed to save ${e} API key`)}export async function removeProviderApiKey(e){const r=Q(),t=r.read()||{},n={...t.providerApiKeys??{}};delete n[e];const o={...t.providerProfileApiKeys??{}};if(T(e)){const r=_(e);r&&delete o[r]}if(!r.update({...t,providerApiKeys:n,providerProfileApiKeys:o}).success)throw new Error(`Failed to remove ${e} API key`)}export async function saveApiKey(e){if(!isValidApiKey(e))throw new Error("Formato de clave API inválido. La clave API solo debe contener caracteres alfanuméricos, guiones, guiones bajos y puntos.");await maybeRemoveApiKeyFromMacOSKeychain();let r=!1;if("darwin"===process.platform)try{const t=ne(),o=oe(),s=`add-generic-password -U -a "${o}" -s "${t}" -X "${Buffer.from(e,"utf-8").toString("hex")}"\n`;await n("security",["-i"],{input:s,reject:!1}),a("tengu_api_key_saved_to_keychain",{}),r=!0}catch(e){J(e),a("tengu_api_key_keychain_error",{error:z(e)}),a("tengu_api_key_saved_to_config",{})}else a("tengu_api_key_saved_to_config",{});const t=R(e);F(n=>{const o=n.customApiKeyResponses?.approved??[];return{...n,primaryApiKey:r?n.primaryApiKey:e,customApiKeyResponses:{...n.customApiKeyResponses,approved:o.includes(t)?o:[...o,t],rejected:n.customApiKeyResponses?.rejected??[]}}}),getApiKeyFromConfigOrMacOSKeychain.cache.clear?.(),ee()}export function isCustomApiKeyApproved(e){const r=j(),t=R(e);return r.customApiKeyResponses?.approved?.includes(t)??!1}export async function removeApiKey(){await maybeRemoveApiKeyFromMacOSKeychain(),F(e=>({...e,primaryApiKey:void 0})),getApiKeyFromConfigOrMacOSKeychain.cache.clear?.(),ee()}async function maybeRemoveApiKeyFromMacOSKeychain(){try{await N()}catch(e){J(e)}}export function saveOAuthTokensIfNeeded(e,r){if(!S(e.scopes))return a("tengu_oauth_tokens_not_claude_ai",{}),{success:!0};if(!e.refreshToken||!e.expiresAt)return a("tengu_oauth_tokens_inference_only",{}),{success:!0};const t=Q(),n=t.name;try{const o=t.read()||{},s=o.claudeAiOauth,i=r??_("claude"),c={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:e.subscriptionType??s?.subscriptionType??null,rateLimitTier:e.rateLimitTier??s?.rateLimitTier??null};i&&(o.providerProfileOauth={...o.providerProfileOauth??{},[i]:c});const u=t.update(o);return u.success?a("tengu_oauth_tokens_saved",{storageBackend:n}):a("tengu_oauth_tokens_save_failed",{storageBackend:n}),getClaudeAIOAuthTokens.cache?.clear?.(),L(),le(),u}catch(e){return J(e),a("tengu_oauth_tokens_save_exception",{storageBackend:n,error:z(e)}),{success:!1,warning:"Failed to save OAuth tokens"}}}export function saveOpenAIOAuthTokens(e,r){const t=Q(),n=t.name;try{const o=t.read()||{},s=r??_("openai"),i={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:e.subscriptionType??null,rateLimitTier:e.rateLimitTier??null};o.openAiOauth=i,s&&(o.providerProfileOauth={...o.providerProfileOauth??{},[s]:i});const c=t.update(o);return c.success?a("tengu_openai_oauth_tokens_saved",{storageBackend:n}):a("tengu_openai_oauth_tokens_save_failed",{storageBackend:n}),getOpenAIOAuthTokens.cache?.clear?.(),L(),le(),c}catch(e){return J(e),a("tengu_openai_oauth_tokens_save_exception",{storageBackend:n,error:z(e)}),{success:!1,warning:"Failed to save OpenAI OAuth tokens"}}}export function getClaudeAIOAuthTokens(){if(B())return null;const e=process.env.CONTEXT_CODE_OAUTH_TOKEN??process.env.CLAUDE_CODE_OAUTH_TOKEN;if(isManagedOAuthContext()&&e)return{accessToken:e,refreshToken:null,expiresAt:null,scopes:["user:inference"],subscriptionType:null,rateLimitTier:null};const r=isManagedOAuthContext()?w():null;if(r)return{accessToken:r,refreshToken:null,expiresAt:null,scopes:["user:inference"],subscriptionType:null,rateLimitTier:null};try{const e=getStoredProviderOAuthTokens("claude",_("claude"));return e?.accessToken?e:null}catch(e){return J(e),null}}export function getOpenAIOAuthTokens(){if(B())return null;if(process.env.OPENAI_OAUTH_TOKEN)return{accessToken:process.env.OPENAI_OAUTH_TOKEN,refreshToken:null,expiresAt:null,scopes:["responses:inference"],subscriptionType:null,rateLimitTier:null};try{const e=getStoredProviderOAuthTokens("openai",_("openai"));return e?.accessToken?e:null}catch(e){return J(e),null}}export function getOpenAIAccessToken(){return process.env.OPENAI_API_KEY||process.env.OPENAI_API_TOKEN||getOpenAIOAuthTokens()?.accessToken||null}export function getOpenRouterAccessToken(){return process.env.OPENROUTER_API_KEY||process.env.OPENROUTER_API_TOKEN||getStoredProviderApiKey("openrouter",_("openrouter"))||null}export async function checkGeminiGoogleCredentialsValid(){try{const e=await getGeminiGoogleAuthHeaders(),r=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim()||void 0,t=fetch("https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist",{method:"POST",headers:e,body:JSON.stringify({cloudaicompanionProject:r,metadata:{ideType:"IDE_UNSPECIFIED",platform:"PLATFORM_UNSPECIFIED",pluginType:"GEMINI",duetProject:r},mode:"HEALTH_CHECK"})}).then(e=>{if(!e.ok)throw new Error(`Gemini credentials check failed: ${e.status}`)}),n=ue(5e3).then(()=>{throw new GcpCredentialsTimeoutError("Gemini credentials check timed out")});return await Promise.race([t,n]),!0}catch{return!1}}export function getGeminiGoogleOAuthTokens(){try{const e=_("gemini-google"),r=Q().read(),t=e?r?.providerProfileOauth?.[e]:null;if(t?.accessToken)return t;const n=Object.entries(r?.providerProfileOauth??{}).find(([e,r])=>e.startsWith("gemini-google/")&&"object"==typeof r&&null!==r&&"string"==typeof r.accessToken&&r.accessToken.trim())?.[1];return n?.accessToken?n:null}catch{return null}}export function saveGeminiGoogleOAuthTokens(e){const r=Q(),t=r.name;try{const n=r.read()||{},o=_("gemini-google")??g("gemini-google").id,s={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:null,rateLimitTier:null,projectId:e.projectId};o&&(n.providerProfileOauth={...n.providerProfileOauth??{},[o]:s});const i=r.update(n);return a(i.success?"tengu_gemini_google_oauth_tokens_saved":"tengu_gemini_google_oauth_tokens_save_failed",{storageBackend:t}),i}catch(e){return J(e),a("tengu_gemini_google_oauth_tokens_save_exception",{storageBackend:t,error:z(e)}),{success:!1,warning:"Failed to save Gemini OAuth tokens"}}}function quoteShellArg(e){return`"${e.replace(/"/g,'\\"')}"`}export function getGeminiGoogleAuthCommand(){const e=process.env.GEMINI_OAUTH_CLIENT_SECRET_FILE||process.env.GOOGLE_OAUTH_CLIENT_SECRET_FILE,r=_e.join(",");return`gcloud auth application-default login${e?` --client-id-file=${quoteShellArg(e)}`:""} --scopes=${quoteShellArg(r)}`}export async function refreshGeminiGoogleAuth(){return refreshGcpAuth(getGeminiGoogleAuthCommand())}export function getGeminiApiAccessToken(){return process.env.GEMINI_API_KEY||process.env.GOOGLE_API_KEY||getStoredProviderApiKey("gemini-api",_("gemini-api"))||null}export async function getGeminiGoogleAuthHeaders(){const e=process.env.GEMINI_OAUTH_TOKEN||process.env.GOOGLE_OAUTH_ACCESS_TOKEN,r={"Content-Type":"application/json"};if(e)r.Authorization=`Bearer ${e}`;else{const e=await async function(){const e=getGeminiGoogleOAuthTokens();if(!e?.refreshToken)return e;if(e.expiresAt&&e.expiresAt>Date.now()+6e4)return e;const r=await fetch(A,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e.refreshToken,client_id:u,client_secret:p})});if(!r.ok)return e;const t=await r.json(),n={...e,accessToken:t.access_token,expiresAt:t.expires_in?Date.now()+1e3*t.expires_in:e.expiresAt,scopes:t.scope?.split(/\s+/).filter(Boolean)??e.scopes};return saveGeminiGoogleOAuthTokens(n),n}();if(e?.accessToken){r.Authorization=`Bearer ${e.accessToken}`;const t=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim();t&&(r["x-goog-user-project"]=t)}else{const{GoogleAuth:e}=await import("google-auth-library"),t=new e({scopes:_e}),n=await t.getClient(),o=await n.getRequestHeaders();if("function"==typeof o.forEach)o.forEach((e,t)=>{r[t]=e});else for(const[e,t]of Object.entries(o))Array.isArray(t)?r[e]=t.map(String).join(", "):null!=t&&(r[e]=String(t))}}const t=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim()||void 0;return t&&(r["x-goog-user-project"]=t),r}export function getZAIAccessToken(){return process.env.ZAI_API_KEY||getStoredProviderApiKey("zai",_("zai"))||null}export function getMiniMaxAccessToken(){return process.env.MINIMAX_API_KEY||getStoredProviderApiKey("minimax",_("minimax"))||null}export function getNvidiaAccessToken(){return process.env.NVIDIA_API_KEY||getStoredProviderApiKey("nvidia",_("nvidia"))||null}export function getDeepSeekAccessToken(){return process.env.DEEPSEEK_API_KEY||getStoredProviderApiKey("deepseek",_("deepseek"))||null}export function getOllamaAccessToken(){return"ollama"}export function getOllamaCloudAccessToken(){return process.env.OLLAMA_API_KEY||getStoredProviderApiKey("ollama-cloud",_("ollama-cloud"))||null}export function getOpenAICompatibleAccessToken(e=f()){switch(e){case"openrouter":return getOpenRouterAccessToken();case"gemini-api":return getGeminiApiAccessToken();case"gemini-google":return process.env.GEMINI_OAUTH_TOKEN||process.env.GOOGLE_OAUTH_ACCESS_TOKEN||null;case"zai":return getZAIAccessToken();case"minimax":return getMiniMaxAccessToken();case"nvidia":return getNvidiaAccessToken();case"deepseek":return getDeepSeekAccessToken();case"ollama":return getOllamaAccessToken();case"ollama-cloud":return getOllamaCloudAccessToken();case"custom-openai":return getStoredProviderApiKey("custom-openai");default:return getOpenAIAccessToken()}}export async function getOpenAIOAuthTokensAsync(){if(B())return null;if(process.env.OPENAI_OAUTH_TOKEN)return getOpenAIOAuthTokens();try{const e=Q(),r=await e.readAsync(),t=_("openai"),n=t&&r?.providerProfileOauth?.[t]||(t&&!O("openai",t)?null:r?.openAiOauth);return n?.accessToken?n:null}catch(e){return J(e),null}}export function clearOAuthTokenCache(){getClaudeAIOAuthTokens.cache?.clear?.(),getOpenAIOAuthTokens.cache?.clear?.(),te()}let Oe=0;async function invalidateOAuthCacheIfDiskChanged(){try{const e="sqlite"===Q().name?ie():se(),{mtimeMs:r}=await s(e);r!==Oe&&(Oe=r,clearOAuthTokenCache())}catch{getClaudeAIOAuthTokens.cache?.clear?.(),getOpenAIOAuthTokens.cache?.clear?.()}}const Te=new Map;export function handleOAuth401Error(e){const r=Te.get(e);if(r)return r;const t=async function(e){clearOAuthTokenCache();const r=await getClaudeAIOAuthTokensAsync();if(!r?.refreshToken)return!1;if(r.accessToken!==e)return a("tengu_oauth_401_recovered_from_keychain",{}),!0;return checkAndRefreshOAuthTokenIfNeeded(0,!0)}(e).finally(()=>{Te.delete(e)});return Te.set(e,t),t}export async function handleOpenAIOAuth401Error(e){clearOAuthTokenCache();const r=await getOpenAIOAuthTokensAsync();return!!r?.refreshToken&&(r.accessToken!==e?(a("tengu_openai_oauth_401_recovered_from_keychain",{}),!0):checkAndRefreshOpenAIOAuthTokenIfNeeded(0,!0))}export async function getClaudeAIOAuthTokensAsync(){if(B())return null;if(isManagedOAuthContext()&&(process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN||w()))return getClaudeAIOAuthTokens();try{const e=Q(),r=await e.readAsync(),t=_("claude"),n=t&&r?.providerProfileOauth?.[t]||(t&&!O("claude",t)?null:r?.claudeAiOauth);return n?.accessToken?n:null}catch(e){return J(e),null}}let Ee=null,me=null;export function checkAndRefreshOAuthTokenIfNeeded(e=0,r=!1){if(0===e&&!r){if(Ee)return Ee;const t=checkAndRefreshOAuthTokenIfNeededImpl(e,r);return Ee=t.finally(()=>{Ee=null}),Ee}return checkAndRefreshOAuthTokenIfNeededImpl(e,r)}export function checkAndRefreshOpenAIOAuthTokenIfNeeded(e=0,r=!1){if(0===e&&!r){if(me)return me;const t=checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r);return me=t.finally(()=>{me=null}),me}return checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r)}async function checkAndRefreshOAuthTokenIfNeededImpl(e,r){await invalidateOAuthCacheIfDiskChanged();const t=getClaudeAIOAuthTokens();if(!(r||t?.refreshToken&&v(t.expiresAt)))return!1;if(!t?.refreshToken)return!1;if(!S(t.scopes))return!1;getClaudeAIOAuthTokens.cache?.clear?.(),te();const n=await getClaudeAIOAuthTokensAsync();if(!n?.refreshToken||!v(n.expiresAt))return!1;const s=Y();let i;await o(s,{recursive:!0});try{a("tengu_oauth_token_refresh_lock_acquiring",{}),i=await V.lock(s),a("tengu_oauth_token_refresh_lock_acquired",{})}catch(t){return"ELOCKED"===t.code?e<5?(a("tengu_oauth_token_refresh_lock_retry",{retryCount:e+1}),await ue(1e3+1e3*Math.random()),checkAndRefreshOAuthTokenIfNeededImpl(e+1,r)):(a("tengu_oauth_token_refresh_lock_retry_limit_reached",{maxRetries:5}),!1):(J(t),a("tengu_oauth_token_refresh_lock_error",{error:z(t)}),!1)}try{getClaudeAIOAuthTokens.cache?.clear?.(),te();const e=await getClaudeAIOAuthTokensAsync();if(!e?.refreshToken||!v(e.expiresAt))return a("tengu_oauth_token_refresh_race_resolved",{}),!1;a("tengu_oauth_token_refresh_starting",{});return saveOAuthTokensIfNeeded(await K(e.refreshToken,{scopes:S(e.scopes)?void 0:e.scopes})),getClaudeAIOAuthTokens.cache?.clear?.(),te(),!0}catch(e){J(e),getClaudeAIOAuthTokens.cache?.clear?.(),te();const r=await getClaudeAIOAuthTokensAsync();return!(!r||v(r.expiresAt))&&(a("tengu_oauth_token_refresh_race_recovered",{}),!0)}finally{a("tengu_oauth_token_refresh_lock_releasing",{}),await i(),a("tengu_oauth_token_refresh_lock_released",{})}}async function checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r){await invalidateOAuthCacheIfDiskChanged();const t=getOpenAIOAuthTokens();if(!(r||t?.refreshToken&&v(t.expiresAt)))return!1;if(!t?.refreshToken)return!1;getOpenAIOAuthTokens.cache?.clear?.(),te();const n=await getOpenAIOAuthTokensAsync();if(!n?.refreshToken||!v(n.expiresAt))return!1;const s=Y();let i;await o(s,{recursive:!0});try{a("tengu_openai_oauth_token_refresh_lock_acquiring",{}),i=await V.lock(s),a("tengu_openai_oauth_token_refresh_lock_acquired",{})}catch(t){return"ELOCKED"===t.code?e<5?(a("tengu_openai_oauth_token_refresh_lock_retry",{retryCount:e+1}),await ue(1e3+1e3*Math.random()),checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e+1,r)):(a("tengu_openai_oauth_token_refresh_lock_retry_limit_reached",{maxRetries:5}),!1):(J(t),!1)}try{getOpenAIOAuthTokens.cache?.clear?.(),te();const e=await getOpenAIOAuthTokensAsync();if(!e?.refreshToken||!v(e.expiresAt))return a("tengu_openai_oauth_token_refresh_race_resolved",{}),!1;a("tengu_openai_oauth_token_refresh_starting",{});return saveOpenAIOAuthTokens(await I(e.refreshToken,{scopes:e.scopes})),getOpenAIOAuthTokens.cache?.clear?.(),te(),!0}catch(e){J(e),getOpenAIOAuthTokens.cache?.clear?.(),te();const r=await getOpenAIOAuthTokensAsync();return!(!r||v(r.expiresAt))&&(a("tengu_openai_oauth_token_refresh_race_recovered",{}),!0)}finally{a("tengu_openai_oauth_token_refresh_lock_releasing",{}),await i(),a("tengu_openai_oauth_token_refresh_lock_released",{})}}export function isClaudeAISubscriber(){return!!isAnthropicAuthEnabled()&&S(getClaudeAIOAuthTokens()?.scopes)}export function hasProfileScope(){return getClaudeAIOAuthTokens()?.scopes?.includes(c)??!1}export function is1PApiCustomer(){return!(X(process.env.CONTEXT_CODE_USE_BEDROCK)||X(process.env.CLAUDE_CODE_USE_BEDROCK)||X(process.env.CONTEXT_CODE_USE_VERTEX)||X(process.env.CLAUDE_CODE_USE_VERTEX)||X(process.env.CONTEXT_CODE_USE_FOUNDRY)||X(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(f()))&&!isClaudeAISubscriber()}export function getOauthAccountInfo(){return isAnthropicAuthEnabled()?j().oauthAccount:void 0}export function isOverageProvisioningAllowed(){const e=getOauthAccountInfo(),r=e?.billingType;return!(!isClaudeAISubscriber()||!r)&&("stripe_subscription"===r||"stripe_subscription_contracted"===r||"apple_subscription"===r||"google_play_subscription"===r)}export function hasOpusAccess(){const e=getSubscriptionType();return"max"===e||"enterprise"===e||"team"===e||"pro"===e||null===e}export function getSubscriptionType(){if(C())return k();if(!isAnthropicAuthEnabled())return null;const e=getClaudeAIOAuthTokens();return e?e.subscriptionType??null:null}export function isMaxSubscriber(){return"max"===getSubscriptionType()}export function isTeamSubscriber(){return"team"===getSubscriptionType()}export function isTeamPremiumSubscriber(){return"team"===getSubscriptionType()&&"default_claude_max_5x"===getRateLimitTier()}export function isEnterpriseSubscriber(){return"enterprise"===getSubscriptionType()}export function isProSubscriber(){return"pro"===getSubscriptionType()}export function getRateLimitTier(){if(!isAnthropicAuthEnabled())return null;const e=getClaudeAIOAuthTokens();return e?e.rateLimitTier??null:null}export function getSubscriptionName(){switch(getSubscriptionType()){case"enterprise":return"Context Empresarial";case"team":return"Context Equipo";case"max":return"Context Max";case"pro":return"Context Pro";default:return"Context API"}}export function isUsing3PServices(){return!!(X(process.env.CONTEXT_CODE_USE_BEDROCK)||X(process.env.CLAUDE_CODE_USE_BEDROCK)||X(process.env.CONTEXT_CODE_USE_VERTEX)||X(process.env.CLAUDE_CODE_USE_VERTEX)||X(process.env.CONTEXT_CODE_USE_FOUNDRY)||X(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(f()))}function getConfiguredOtelHeadersHelper(){return(ce()||{}).otelHeadersHelper}export function isOtelHeadersHelperFromProjectOrLocalSettings(){const e=getConfiguredOtelHeadersHelper();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.otelHeadersHelper===e||t?.otelHeadersHelper===e}let ye=null,ke=0;const Ce=174e4;export function getOtelHeadersFromHelper(){const e=getConfiguredOtelHeadersHelper();if(!e)return{};const r=parseInt(process.env.CONTEXT_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS||process.env.CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS||Ce.toString());if(ye&&Date.now()-ke<r)return ye;if(isOtelHeadersHelperFromProjectOrLocalSettings()){if(!G())return{}}try{const r=q(e,{timeout:3e4})?.toString().trim();if(!r)throw new Error("otelHeadersHelper did not return a valid value");const t=pe(r);if("object"!=typeof t||null===t||Array.isArray(t))throw new Error("otelHeadersHelper must return a JSON object with string key-value pairs");for(const[e,r]of Object.entries(t))if("string"!=typeof r)throw new Error(`otelHeadersHelper returned non-string value for key "${e}": ${typeof r}`);return ye=t,ke=Date.now(),ye}catch(e){throw J(new Error(`Error getting OpenTelemetry headers from otelHeadersHelper (in settings): ${z(e)}`)),e}}export function isConsumerSubscriber(){const e=getSubscriptionType();return isClaudeAISubscriber()&&null!==e&&("max"===(r=e)||"pro"===r);var r}export function getAccountInformation(){if("firstParty"!==f())return;const{source:e}=getAuthTokenSource(),r={};"CLAUDE_CODE_OAUTH_TOKEN"===e||"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"===e?r.tokenSource=e:isClaudeAISubscriber()?r.subscription=getSubscriptionName():r.tokenSource=e;const{key:t,source:n}=getAnthropicApiKeyWithSource();if(t&&(r.apiKeySource=n),"claude.ai"===e||"/login managed key"===n){const e=getOauthAccountInfo()?.organizationName;e&&(r.organization=e)}const o=getOauthAccountInfo()?.emailAddress;return"claude.ai"!==e&&"/login managed key"!==n||!o||(r.email=o),r}export async function validateForceLoginOrg(){if(process.env.ANTHROPIC_UNIX_SOCKET)return{valid:!0};if(!isAnthropicAuthEnabled())return{valid:!0};const e=ae("policySettings")?.forceLoginOrgUUID;if(!e)return{valid:!0};await checkAndRefreshOAuthTokenIfNeeded();const r=getClaudeAIOAuthTokens();if(!r)return{valid:!0};const{source:t}=getAuthTokenSource(),n="CLAUDE_CODE_OAUTH_TOKEN"===t||"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"===t,o=await x(r.accessToken);if(!o)return{valid:!1,message:`Unable to verify organization for the current authentication token.\nThis machine requires organization ${e} but the profile could not be fetched.\nThis may be a network error, or the token may lack the user:profile scope required for\nverification (tokens from 'context setup-token' do not include this scope).\nTry again, or obtain a full-scope token via 'context auth login'.`};const s=o.organization.uuid;if(s===e)return{valid:!0};if(n){return{valid:!1,message:`The ${"CLAUDE_CODE_OAUTH_TOKEN"===t?"CLAUDE_CODE_OAUTH_TOKEN":"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"} environment variable provides a token for a\ndifferent organization than required by this machine's managed settings.\n\nRequired organization: ${e}\nToken organization: ${s}\n\nRemove the environment variable or obtain a token for the correct organization.`}}return{valid:!1,message:`Your authentication token belongs to organization ${s},\nbut this machine requires organization ${e}.\n\nPlease log in with the correct organization: context auth login`}}class GcpCredentialsTimeoutError extends Error{}
1
+ import{MACRO as e}from"../recovery/bunBundleShim.js";import r from"chalk";import{exec as t}from"child_process";import{execa as n}from"execa";import{mkdir as o,stat as s}from"fs/promises";import i from"lodash-es/memoize.js";import{CLAUDE_AI_PROFILE_SCOPE as c}from"../constants/oauth.js";import{logEvent as a}from"../services/analytics/index.js";import{GEMINI_CLI_OAUTH_CLIENT_ID as u,GEMINI_CLI_OAUTH_CLIENT_SECRET as p,GEMINI_CLI_OAUTH_SCOPES as l,GEMINI_CLI_OAUTH_TOKEN_URL as A}from"../constants/geminiOAuth.js";import{getModelStrings as d}from"./model/modelStrings.js";import{getAPIProvider as f,isOpenAICompatibleProvider as h}from"./model/providers.js";import{getResolvedProviderProfileId as _,ensureProviderProfile as g,isDefaultProfileId as O,isProfiledProvider as E,resolveProviderProfile as T}from"./model/providerProfiles.js";import{getIsNonInteractiveSession as m,preferThirdPartyAuthentication as y}from"../bootstrap/state.js";import{getMockSubscriptionType as k,shouldUseMockSubscription as C}from"../services/mockRateLimits.js";import{isOAuthTokenExpired as v,refreshOpenAIOAuthToken as I,refreshOAuthToken as K,shouldUseClaudeAIAuth as S}from"../services/oauth/client.js";import{getOauthProfileFromOauthToken as P}from"../services/oauth/getOauthProfile.js";import{getApiKeyFromFileDescriptor as x,getOAuthTokenFromFileDescriptor as w}from"./authFileDescriptor.js";import{maybeRemoveApiKeyFromMacOSKeychainThrows as N,normalizeApiKeyForConfig as R}from"./authPortable.js";import{checkStsCallerIdentity as D,clearAwsIniCache as H,isValidAwsStsOutput as U}from"./aws.js";import{AwsAuthStatusManager as b}from"./awsAuthStatusManager.js";import{clearBetasCaches as L}from"./betas.js";import{checkHasTrustDialogAccepted as G,getGlobalConfig as j,saveGlobalConfig as F}from"./config.js";import{logAntError as M,logForDebugging as Y}from"./debug.js";import{getClaudeConfigHomeDir as $,isBareMode as X,isEnvTruthy as B,isRunningOnHomespace as z}from"./envUtils.js";import{errorMessage as W}from"./errors.js";import{execSyncWithDefaults_DEPRECATED as q}from"./execFileNoThrow.js";import*as V from"./lockfile.js";import{logError as J}from"./log.js";import{memoizeWithTTLAsync as Z}from"./memoize.js";import{getSecureStorage as Q}from"./secureStorage/index.js";import{clearLegacyApiKeyPrefetch as ee,getLegacyApiKeyPrefetchResult as re}from"./secureStorage/keychainPrefetch.js";import{clearKeychainCache as te,getMacOsKeychainStorageServiceName as ne,getUsername as oe}from"./secureStorage/macOsKeychainHelpers.js";import{getLegacyCredentialsFilePath as se,getSecureStorageDbPath as ie}from"./secureStorage/sqliteStorage.js";import{getSettings_DEPRECATED as ce,getSettingsForSource as ae}from"./settings/settings.js";import{sleep as ue}from"./sleep.js";import{jsonParse as pe}from"./slowOperations.js";import{clearToolSchemaCache as le}from"./toolSchemaCache.js";function isManagedOAuthContext(){return B(process.env.CONTEXT_CODE_REMOTE)||B(process.env.CLAUDE_CODE_REMOTE)||"claude-desktop"===process.env.CLAUDE_CODE_ENTRYPOINT}export function isAnthropicAuthEnabled(){if(X())return!1;if(process.env.ANTHROPIC_UNIX_SOCKET)return!(!process.env.CONTEXT_CODE_OAUTH_TOKEN&&!process.env.CLAUDE_CODE_OAUTH_TOKEN);const e=f(),r=B(process.env.CONTEXT_CODE_USE_BEDROCK)||B(process.env.CLAUDE_CODE_USE_BEDROCK)||B(process.env.CONTEXT_CODE_USE_VERTEX)||B(process.env.CLAUDE_CODE_USE_VERTEX)||B(process.env.CONTEXT_CODE_USE_FOUNDRY)||B(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(e)||"custom-anthropic"===e,t=(ce()||{}).apiKeyHelper,n=process.env.ANTHROPIC_AUTH_TOKEN||t||process.env.CONTEXT_CODE_API_KEY_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_API_KEY_FILE_DESCRIPTOR,{source:o}=getAnthropicApiKeyWithSource({skipRetrievingKeyFromApiKeyHelper:!0}),s="ANTHROPIC_API_KEY"===o||"apiKeyHelper"===o;return!(r||n&&!isManagedOAuthContext()||s&&!isManagedOAuthContext())}export function getAuthTokenSource(){const e=f();if(h(e))return{source:e,hasToken:Boolean(getOpenAICompatibleAccessToken(e))};if(X())return getConfiguredApiKeyHelper()?{source:"apiKeyHelper",hasToken:!0}:{source:"none",hasToken:!1};if(process.env.ANTHROPIC_AUTH_TOKEN&&!isManagedOAuthContext())return{source:"ANTHROPIC_AUTH_TOKEN",hasToken:!0};if(isManagedOAuthContext()&&(process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN))return{source:"CLAUDE_CODE_OAUTH_TOKEN",hasToken:!0};if(isManagedOAuthContext()?w():null)return process.env.CONTEXT_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR?{source:"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR",hasToken:!0}:{source:"CCR_OAUTH_TOKEN_FILE",hasToken:!0};if(getConfiguredApiKeyHelper()&&!isManagedOAuthContext())return{source:"apiKeyHelper",hasToken:!0};const r=getClaudeAIOAuthTokens();return S(r?.scopes)&&r?.accessToken?{source:"claude.ai",hasToken:!0}:{source:"none",hasToken:!1}}const Ae={gmi:"GMI_API_KEY",novita:"NOVITA_API_KEY",stepfun:"STEPFUN_API_KEY",huggingface:"HF_TOKEN","opencode-zen":"OPENCODE_ZEN_API_KEY",arcee:"ARCEEAI_API_KEY",alibaba:"DASHSCOPE_API_KEY",kimi:"KIMI_API_KEY"};function getProviderOauthStorageKey(e){return"claude"===e?"claudeAiOauth":"openAiOauth"}function shouldUseLegacyProviderOauthFallback(e){return"claude"!==e}export function getStoredProviderOAuthTokens(e,r){try{const t=Q().read();if(r){const n=t?.providerProfileOauth?.[r];if(n?.accessToken)return n;if(!O(e,r)&&!shouldUseLegacyProviderOauthFallback(e))return null}if("gemini-google"===e)return null;if(!shouldUseLegacyProviderOauthFallback(e))return null;const n=t?.[getProviderOauthStorageKey(e)];return n?.accessToken?n:null}catch{return null}}export function hasStoredProviderOAuthTokens(e,r){if(r)return Boolean(getStoredProviderOAuthTokens(e,r));try{const r=Q().read(),t=Object.entries(r?.providerProfileOauth??{}).some(([r,t])=>r.startsWith(`${e}/`)&&"object"==typeof t&&null!==t&&"string"==typeof t.accessToken&&t.accessToken.trim());return shouldUseLegacyProviderOauthFallback(e)?Boolean(t||r?.[getProviderOauthStorageKey(e)]?.accessToken):Boolean(t)}catch{return!1}}export async function renameProviderScopedCredentials(e,r){if(!e||!r||e===r)return;const t=Q(),n=t.read()||{},o={...n.providerProfileApiKeys??{}},s={...n.providerProfileOauth??{}};e in o&&(o[r]=o[e],delete o[e]),e in s&&(s[r]=s[e],delete s[e]);if(!t.update({...n,providerProfileApiKeys:o,providerProfileOauth:s}).success)throw new Error("No se pudieron mover las credenciales del perfil.")}export async function removeProviderScopedCredentials(e){if(!e)return;const r=Q(),t=r.read()||{},n={...t.providerProfileApiKeys??{}},o={...t.providerProfileOauth??{}};delete n[e],delete o[e];if(!r.update({...t,providerProfileApiKeys:n,providerProfileOauth:o}).success)throw new Error("No se pudieron eliminar las credenciales del perfil.")}export async function removeAllProviderScopedCredentials(){const e=Q(),r=e.read()||{};if(!e.update({...r,providerProfileApiKeys:{},providerProfileOauth:{}}).success)throw new Error("No se pudieron eliminar las credenciales scoped de perfiles.")}export function getAnthropicApiKey(){const{key:e}=getAnthropicApiKeyWithSource();return e}export function hasAnthropicApiKeyAuth(){const{key:e,source:r}=getAnthropicApiKeyWithSource({skipRetrievingKeyFromApiKeyHelper:!0});return null!==e&&"none"!==r}export function getAnthropicApiKeyWithSource(e={}){if(h(f()))return{key:null,source:"none"};if(X())return process.env.ANTHROPIC_API_KEY?{key:process.env.ANTHROPIC_API_KEY,source:"ANTHROPIC_API_KEY"}:getConfiguredApiKeyHelper()?{key:e.skipRetrievingKeyFromApiKeyHelper?null:getApiKeyFromApiKeyHelperCached(),source:"apiKeyHelper"}:{key:null,source:"none"};const r=z()?void 0:process.env.ANTHROPIC_API_KEY;if(y()&&r)return{key:r,source:"ANTHROPIC_API_KEY"};if(B(process.env.CI)||"test"===process.env.NODE_ENV){const e=x();if(e)return{key:e,source:"ANTHROPIC_API_KEY"};if(!(r||process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN||process.env.CONTEXT_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR||process.env.CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR))throw new Error("ANTHROPIC_API_KEY or CONTEXT_CODE_OAUTH_TOKEN (legacy: CLAUDE_CODE_OAUTH_TOKEN) env var is required");return r?{key:r,source:"ANTHROPIC_API_KEY"}:{key:null,source:"none"}}if(r&&j().customApiKeyResponses?.approved?.includes(R(r)))return{key:r,source:"ANTHROPIC_API_KEY"};const t=x();if(t)return{key:t,source:"ANTHROPIC_API_KEY"};if(getConfiguredApiKeyHelper())return e.skipRetrievingKeyFromApiKeyHelper?{key:null,source:"apiKeyHelper"}:{key:getApiKeyFromApiKeyHelperCached(),source:"apiKeyHelper"};const n=getApiKeyFromConfigOrMacOSKeychain();return n||{key:null,source:"none"}}export function getConfiguredApiKeyHelper(){if(X())return ae("flagSettings")?.apiKeyHelper;return(ce()||{}).apiKeyHelper}function isApiKeyHelperFromProjectOrLocalSettings(){const e=getConfiguredApiKeyHelper();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.apiKeyHelper===e||t?.apiKeyHelper===e}function getConfiguredAwsAuthRefresh(){return(ce()||{}).awsAuthRefresh}export function isAwsAuthRefreshFromProjectSettings(){const e=getConfiguredAwsAuthRefresh();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.awsAuthRefresh===e||t?.awsAuthRefresh===e}function getConfiguredAwsCredentialExport(){return(ce()||{}).awsCredentialExport}export function isAwsCredentialExportFromProjectSettings(){const e=getConfiguredAwsCredentialExport();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.awsCredentialExport===e||t?.awsCredentialExport===e}export function calculateApiKeyHelperTTL(){const e=process.env.CONTEXT_CODE_API_KEY_HELPER_TTL_MS??process.env.CLAUDE_CODE_API_KEY_HELPER_TTL_MS;if(e){const r=parseInt(e,10);if(!Number.isNaN(r)&&r>=0)return r;Y(`Found CLAUDE_CODE_API_KEY_HELPER_TTL_MS env var, but it was not a valid number. Got ${e}`,{level:"error"})}return 3e5}let de=null,fe=null,he=0;export function getApiKeyHelperElapsedMs(){const e=fe?.startedAt;return e?Date.now()-e:0}export async function getApiKeyFromApiKeyHelper(e){if(!getConfiguredApiKeyHelper())return null;const r=calculateApiKeyHelperTTL();return de?(Date.now()-de.timestamp<r||fe||(fe={promise:_runAndCache(e,!1,he),startedAt:null}),de.value):(fe||(fe={promise:_runAndCache(e,!0,he),startedAt:Date.now()}),fe.promise)}async function _runAndCache(t,o,s){try{const r=await async function(r){const t=getConfiguredApiKeyHelper();if(!t)return null;if(isApiKeyHelperFromProjectOrLocalSettings()){if(!G()&&!r){const r=new Error(`Security: apiKeyHelper executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("apiKeyHelper invoked before trust check",r),a("tengu_apiKeyHelper_missing_trust11",{}),null}}const o=await n(t,{shell:!0,timeout:6e5,reject:!1});if(o.failed){const e=o.timedOut?"timed out":`exited ${o.exitCode}`,r=o.stderr?.trim();throw new Error(r?`${e}: ${r}`:e)}const s=o.stdout?.trim();if(!s)throw new Error("did not return a value");return s}(t);return s!==he||null!==r&&(de={value:r,timestamp:Date.now()}),r}catch(e){if(s!==he)return" ";const t=e instanceof Error?e.message:String(e);return console.error(r.red(`apiKeyHelper failed: ${t}`)),Y(`Error getting API key from apiKeyHelper: ${t}`,{level:"error"}),!o&&de&&" "!==de.value?(de={...de,timestamp:Date.now()},de.value):(de={value:" ",timestamp:Date.now()}," ")}finally{s===he&&(fe=null)}}export function getApiKeyFromApiKeyHelperCached(){return de?.value??null}export function clearApiKeyHelperCache(){he++,de=null,fe=null}export function prefetchApiKeyFromApiKeyHelperIfSafe(e){isApiKeyHelperFromProjectOrLocalSettings()&&!G()||getApiKeyFromApiKeyHelper(e)}const _e=18e4;export function refreshAwsAuth(e){Y("Running AWS auth refresh command");const n=b.getInstance();return n.startAuthentication(),new Promise(o=>{const s=t(e,{timeout:_e});s.stdout.on("data",e=>{const r=e.toString().trim();r&&(n.addOutput(r),Y(r,{level:"debug"}))}),s.stderr.on("data",e=>{const r=e.toString().trim();r&&(n.setError(r),Y(r,{level:"error"}))}),s.on("close",(e,t)=>{if(0===e)Y("AWS auth refresh completed successfully"),n.endAuthentication(!0),o(!0);else{const e="SIGTERM"===t?r.red("AWS auth refresh timed out after 3 minutes. Run your auth command manually in a separate terminal."):r.red("Error running awsAuthRefresh (in settings or ~/.context.json):");console.error(e),n.endAuthentication(!1),o(!1)}})})}export const refreshAndGetAwsCredentials=Z(async()=>{const t=await async function(){const r=getConfiguredAwsAuthRefresh();if(!r)return!1;if(isAwsAuthRefreshFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: awsAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("awsAuthRefresh invoked before trust check",r),a("tengu_awsAuthRefresh_missing_trust",{}),!1}try{return Y("Fetching AWS caller identity for AWS auth refresh command"),await D(),Y("Fetched AWS caller identity, skipping AWS auth refresh command"),!1}catch{return refreshAwsAuth(r)}}(),o=await async function(){const t=getConfiguredAwsCredentialExport();if(!t)return null;if(isAwsCredentialExportFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: awsCredentialExport executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("awsCredentialExport invoked before trust check",r),a("tengu_awsCredentialExport_missing_trust",{}),null}try{return Y("Fetching AWS caller identity for credential export command"),await D(),Y("Fetched AWS caller identity, skipping AWS credential export command"),null}catch{try{Y("Running AWS credential export command");const e=await n(t,{shell:!0,reject:!1});if(0!==e.exitCode||!e.stdout)throw new Error("awsCredentialExport did not return a valid value");const r=pe(e.stdout.trim());if(!U(r))throw new Error("awsCredentialExport did not return valid AWS STS output structure");return Y("AWS credentials retrieved from awsCredentialExport"),{accessKeyId:r.Credentials.AccessKeyId,secretAccessKey:r.Credentials.SecretAccessKey,sessionToken:r.Credentials.SessionToken}}catch(e){const t=r.red("Error getting AWS credentials from awsCredentialExport (in settings or ~/.context.json):");return e instanceof Error?console.error(t,e.message):console.error(t,e),null}}}();return(t||o)&&await H(),o},36e5);export function clearAwsCredentialsCache(){refreshAndGetAwsCredentials.cache.clear()}function getConfiguredGcpAuthRefresh(){return(ce()||{}).gcpAuthRefresh}export function isGcpAuthRefreshFromProjectSettings(){const e=getConfiguredGcpAuthRefresh();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.gcpAuthRefresh===e||t?.gcpAuthRefresh===e}const ge=l;export async function checkGcpCredentialsValid(){try{const{GoogleAuth:e}=await import("google-auth-library"),r=new e({scopes:["https://www.googleapis.com/auth/cloud-platform"]}),t=(async()=>{const e=await r.getClient();await e.getAccessToken()})(),n=ue(5e3).then(()=>{throw new GcpCredentialsTimeoutError("GCP credentials check timed out")});return await Promise.race([t,n]),!0}catch{return!1}}const Oe=18e4;export function refreshGcpAuth(e){Y("Running GCP auth refresh command");const n=b.getInstance();return n.startAuthentication(),new Promise(o=>{const s=t(e,{timeout:Oe});s.stdout.on("data",e=>{const r=e.toString().trim();r&&(n.addOutput(r),Y(r,{level:"debug"}))}),s.stderr.on("data",e=>{const r=e.toString().trim();r&&(n.setError(r),Y(r,{level:"error"}))}),s.on("close",(e,t)=>{if(0===e)Y("GCP auth refresh completed successfully"),n.endAuthentication(!0),o(!0);else{const e="SIGTERM"===t?r.red("GCP auth refresh timed out after 3 minutes. Run your auth command manually in a separate terminal."):r.red("Error running gcpAuthRefresh (in settings or ~/.context.json):");console.error(e),n.endAuthentication(!1),o(!1)}})})}export const refreshGcpCredentialsIfNeeded=Z(async()=>await async function(){const r=getConfiguredGcpAuthRefresh();if(!r)return!1;if(isGcpAuthRefreshFromProjectSettings()&&!G()&&!m()){const r=new Error(`Security: gcpAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${e.FEEDBACK_CHANNEL}.`);return M("gcpAuthRefresh invoked before trust check",r),a("tengu_gcpAuthRefresh_missing_trust",{}),!1}try{if(Y("Checking GCP credentials validity for auth refresh"),await checkGcpCredentialsValid())return Y("GCP credentials are valid, skipping auth refresh command"),!1}catch{}return refreshGcpAuth(r)}(),36e5);export function clearGcpCredentialsCache(){refreshGcpCredentialsIfNeeded.cache.clear()}export function prefetchGcpCredentialsIfSafe(){if(getConfiguredGcpAuthRefresh()){if(isGcpAuthRefreshFromProjectSettings()){if(!G()&&!m())return}refreshGcpCredentialsIfNeeded()}}export function prefetchAwsCredentialsAndBedRockInfoIfSafe(){const e=getConfiguredAwsAuthRefresh(),r=getConfiguredAwsCredentialExport();if(e||r){if(isAwsAuthRefreshFromProjectSettings()||isAwsCredentialExportFromProjectSettings()){if(!G()&&!m())return}refreshAndGetAwsCredentials(),d()}}export const getApiKeyFromConfigOrMacOSKeychain=i(()=>{if("darwin"===process.platform){const e=re();if(e){if(e.stdout)return{key:e.stdout,source:"/login managed key"}}else{const e=ne();try{const r=q(`security find-generic-password -a $USER -w -s "${e}"`);if(r)return{key:r,source:"/login managed key"}}catch(e){J(e)}}}const e=j();return e.primaryApiKey?{key:e.primaryApiKey,source:"/login managed key"}:null});function isValidApiKey(e){return/^[a-zA-Z0-9-_\.]+$/.test(e)}function getStoredProviderApiKey(e,r){try{const t=Q().read();if(r){const n=t?.providerProfileApiKeys?.[r];if("string"==typeof n&&n.trim())return n;if(!O(e,r))return null}return t?.providerApiKeys?.[e]??null}catch{return null}}export function hasStoredProviderApiKey(e,r){return Boolean(getStoredProviderApiKey(e,r))}export async function saveProviderApiKey(e,r){if(!isValidApiKey(r))throw new Error("Formato de clave API inválido. La clave API solo debe contener caracteres alfanuméricos, guiones, guiones bajos y puntos.");const t=Q(),n=t.read()||{},o=E(e)?T(e,{createIfMissing:!0})?.id??null:null;if(!t.update({...n,providerApiKeys:{...n.providerApiKeys??{},[e]:r},...o?{providerProfileApiKeys:{...n.providerProfileApiKeys??{},[o]:r}}:{}}).success)throw new Error(`Failed to save ${e} API key`)}export async function removeProviderApiKey(e){const r=Q(),t=r.read()||{},n={...t.providerApiKeys??{}};delete n[e];const o={...t.providerProfileApiKeys??{}};if(E(e)){const r=_(e);r&&delete o[r]}if(!r.update({...t,providerApiKeys:n,providerProfileApiKeys:o}).success)throw new Error(`Failed to remove ${e} API key`)}export async function saveApiKey(e){if(!isValidApiKey(e))throw new Error("Formato de clave API inválido. La clave API solo debe contener caracteres alfanuméricos, guiones, guiones bajos y puntos.");await maybeRemoveApiKeyFromMacOSKeychain();let r=!1;if("darwin"===process.platform)try{const t=ne(),o=oe(),s=`add-generic-password -U -a "${o}" -s "${t}" -X "${Buffer.from(e,"utf-8").toString("hex")}"\n`;await n("security",["-i"],{input:s,reject:!1}),a("tengu_api_key_saved_to_keychain",{}),r=!0}catch(e){J(e),a("tengu_api_key_keychain_error",{error:W(e)}),a("tengu_api_key_saved_to_config",{})}else a("tengu_api_key_saved_to_config",{});const t=R(e);F(n=>{const o=n.customApiKeyResponses?.approved??[];return{...n,primaryApiKey:r?n.primaryApiKey:e,customApiKeyResponses:{...n.customApiKeyResponses,approved:o.includes(t)?o:[...o,t],rejected:n.customApiKeyResponses?.rejected??[]}}}),getApiKeyFromConfigOrMacOSKeychain.cache.clear?.(),ee()}export function isCustomApiKeyApproved(e){const r=j(),t=R(e);return r.customApiKeyResponses?.approved?.includes(t)??!1}export async function removeApiKey(){await maybeRemoveApiKeyFromMacOSKeychain(),F(e=>({...e,primaryApiKey:void 0})),getApiKeyFromConfigOrMacOSKeychain.cache.clear?.(),ee()}async function maybeRemoveApiKeyFromMacOSKeychain(){try{await N()}catch(e){J(e)}}export function saveOAuthTokensIfNeeded(e,r){if(!S(e.scopes))return a("tengu_oauth_tokens_not_claude_ai",{}),{success:!0};if(!e.refreshToken||!e.expiresAt)return a("tengu_oauth_tokens_inference_only",{}),{success:!0};const t=Q(),n=t.name;try{const o=t.read()||{},s=o.claudeAiOauth,i=r??_("claude"),c={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:e.subscriptionType??s?.subscriptionType??null,rateLimitTier:e.rateLimitTier??s?.rateLimitTier??null};i&&(o.providerProfileOauth={...o.providerProfileOauth??{},[i]:c});const u=t.update(o);return u.success?a("tengu_oauth_tokens_saved",{storageBackend:n}):a("tengu_oauth_tokens_save_failed",{storageBackend:n}),getClaudeAIOAuthTokens.cache?.clear?.(),L(),le(),u}catch(e){return J(e),a("tengu_oauth_tokens_save_exception",{storageBackend:n,error:W(e)}),{success:!1,warning:"Failed to save OAuth tokens"}}}export function saveOpenAIOAuthTokens(e,r){const t=Q(),n=t.name;try{const o=t.read()||{},s=r??_("openai"),i={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:e.subscriptionType??null,rateLimitTier:e.rateLimitTier??null};o.openAiOauth=i,s&&(o.providerProfileOauth={...o.providerProfileOauth??{},[s]:i});const c=t.update(o);return c.success?a("tengu_openai_oauth_tokens_saved",{storageBackend:n}):a("tengu_openai_oauth_tokens_save_failed",{storageBackend:n}),getOpenAIOAuthTokens.cache?.clear?.(),L(),le(),c}catch(e){return J(e),a("tengu_openai_oauth_tokens_save_exception",{storageBackend:n,error:W(e)}),{success:!1,warning:"Failed to save OpenAI OAuth tokens"}}}export function getClaudeAIOAuthTokens(){if(X())return null;const e=process.env.CONTEXT_CODE_OAUTH_TOKEN??process.env.CLAUDE_CODE_OAUTH_TOKEN;if(isManagedOAuthContext()&&e)return{accessToken:e,refreshToken:null,expiresAt:null,scopes:["user:inference"],subscriptionType:null,rateLimitTier:null};const r=isManagedOAuthContext()?w():null;if(r)return{accessToken:r,refreshToken:null,expiresAt:null,scopes:["user:inference"],subscriptionType:null,rateLimitTier:null};try{const e=getStoredProviderOAuthTokens("claude",_("claude"));return e?.accessToken?e:null}catch(e){return J(e),null}}export function getOpenAIOAuthTokens(){if(X())return null;if(process.env.OPENAI_OAUTH_TOKEN)return{accessToken:process.env.OPENAI_OAUTH_TOKEN,refreshToken:null,expiresAt:null,scopes:["responses:inference"],subscriptionType:null,rateLimitTier:null};try{const e=getStoredProviderOAuthTokens("openai",_("openai"));return e?.accessToken?e:null}catch(e){return J(e),null}}export function getOpenAIAccessToken(){return process.env.OPENAI_API_KEY||process.env.OPENAI_API_TOKEN||getStoredProviderApiKey("openai",_("openai"))||getOpenAIOAuthTokens()?.accessToken||null}export function getOpenRouterAccessToken(){return process.env.OPENROUTER_API_KEY||process.env.OPENROUTER_API_TOKEN||getStoredProviderApiKey("openrouter",_("openrouter"))||null}export async function checkGeminiGoogleCredentialsValid(){try{const e=await getGeminiGoogleAuthHeaders(),r=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim()||void 0,t=fetch("https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist",{method:"POST",headers:e,body:JSON.stringify({cloudaicompanionProject:r,metadata:{ideType:"IDE_UNSPECIFIED",platform:"PLATFORM_UNSPECIFIED",pluginType:"GEMINI",duetProject:r},mode:"HEALTH_CHECK"})}).then(e=>{if(!e.ok)throw new Error(`Gemini credentials check failed: ${e.status}`)}),n=ue(5e3).then(()=>{throw new GcpCredentialsTimeoutError("Gemini credentials check timed out")});return await Promise.race([t,n]),!0}catch{return!1}}export function getGeminiGoogleOAuthTokens(){try{const e=_("gemini-google"),r=Q().read(),t=e?r?.providerProfileOauth?.[e]:null;if(t?.accessToken)return t;const n=Object.entries(r?.providerProfileOauth??{}).find(([e,r])=>e.startsWith("gemini-google/")&&"object"==typeof r&&null!==r&&"string"==typeof r.accessToken&&r.accessToken.trim())?.[1];return n?.accessToken?n:null}catch{return null}}export function saveGeminiGoogleOAuthTokens(e){const r=Q(),t=r.name;try{const n=r.read()||{},o=_("gemini-google")??g("gemini-google").id,s={accessToken:e.accessToken,refreshToken:e.refreshToken,expiresAt:e.expiresAt,scopes:e.scopes,subscriptionType:null,rateLimitTier:null,projectId:e.projectId};o&&(n.providerProfileOauth={...n.providerProfileOauth??{},[o]:s});const i=r.update(n);return a(i.success?"tengu_gemini_google_oauth_tokens_saved":"tengu_gemini_google_oauth_tokens_save_failed",{storageBackend:t}),i}catch(e){return J(e),a("tengu_gemini_google_oauth_tokens_save_exception",{storageBackend:t,error:W(e)}),{success:!1,warning:"Failed to save Gemini OAuth tokens"}}}function quoteShellArg(e){return`"${e.replace(/"/g,'\\"')}"`}export function getGeminiGoogleAuthCommand(){const e=process.env.GEMINI_OAUTH_CLIENT_SECRET_FILE||process.env.GOOGLE_OAUTH_CLIENT_SECRET_FILE,r=ge.join(",");return`gcloud auth application-default login${e?` --client-id-file=${quoteShellArg(e)}`:""} --scopes=${quoteShellArg(r)}`}export async function refreshGeminiGoogleAuth(){return refreshGcpAuth(getGeminiGoogleAuthCommand())}export function getGeminiApiAccessToken(){return process.env.GEMINI_API_KEY||process.env.GOOGLE_API_KEY||getStoredProviderApiKey("gemini-api",_("gemini-api"))||null}export async function getGeminiGoogleAuthHeaders(){const e=process.env.GEMINI_OAUTH_TOKEN||process.env.GOOGLE_OAUTH_ACCESS_TOKEN,r={"Content-Type":"application/json"};if(e)r.Authorization=`Bearer ${e}`;else{const e=await async function(){const e=getGeminiGoogleOAuthTokens();if(!e?.refreshToken)return e;if(e.expiresAt&&e.expiresAt>Date.now()+6e4)return e;const r=await fetch(A,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e.refreshToken,client_id:u,client_secret:p})});if(!r.ok)return e;const t=await r.json(),n={...e,accessToken:t.access_token,expiresAt:t.expires_in?Date.now()+1e3*t.expires_in:e.expiresAt,scopes:t.scope?.split(/\s+/).filter(Boolean)??e.scopes};return saveGeminiGoogleOAuthTokens(n),n}();if(e?.accessToken){r.Authorization=`Bearer ${e.accessToken}`;const t=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim();t&&(r["x-goog-user-project"]=t)}else{const{GoogleAuth:e}=await import("google-auth-library"),t=new e({scopes:ge}),n=await t.getClient(),o=await n.getRequestHeaders();if("function"==typeof o.forEach)o.forEach((e,t)=>{r[t]=e});else for(const[e,t]of Object.entries(o))Array.isArray(t)?r[e]=t.map(String).join(", "):null!=t&&(r[e]=String(t))}}const t=process.env.GEMINI_GOOGLE_PROJECT_ID?.trim()||void 0;return t&&(r["x-goog-user-project"]=t),r}export function getZAIAccessToken(){return process.env.ZAI_API_KEY||getStoredProviderApiKey("zai",_("zai"))||null}export function getMiniMaxAccessToken(){return process.env.MINIMAX_API_KEY||getStoredProviderApiKey("minimax",_("minimax"))||null}export function getNvidiaAccessToken(){return process.env.NVIDIA_API_KEY||getStoredProviderApiKey("nvidia",_("nvidia"))||null}export function getDeepSeekAccessToken(){return process.env.DEEPSEEK_API_KEY||getStoredProviderApiKey("deepseek",_("deepseek"))||null}export function getXaiAccessToken(){return process.env.XAI_API_KEY||getStoredProviderApiKey("xai",_("xai"))||null}export function getOllamaAccessToken(){return"ollama"}export function getOllamaCloudAccessToken(){return process.env.OLLAMA_API_KEY||getStoredProviderApiKey("ollama-cloud",_("ollama-cloud"))||null}export function getOpenAICompatibleAccessToken(e=f()){switch(e){case"openrouter":return getOpenRouterAccessToken();case"gemini-api":return getGeminiApiAccessToken();case"gemini-google":return process.env.GEMINI_OAUTH_TOKEN||process.env.GOOGLE_OAUTH_ACCESS_TOKEN||null;case"zai":return getZAIAccessToken();case"minimax":return getMiniMaxAccessToken();case"nvidia":return getNvidiaAccessToken();case"deepseek":return getDeepSeekAccessToken();case"xai":return getXaiAccessToken();case"gmi":case"novita":case"stepfun":case"huggingface":case"opencode-zen":case"arcee":case"alibaba":case"kimi":{const r=Ae[e];return(r?process.env[r]:void 0)||getStoredProviderApiKey(e,_(e))||null}case"ollama":return getOllamaAccessToken();case"ollama-cloud":return getOllamaCloudAccessToken();case"custom-openai":return process.env.CUSTOM_OPENAI_API_KEY||getStoredProviderApiKey("custom-openai",_("custom-openai"))||null;case"custom-anthropic":return process.env.CUSTOM_ANTHROPIC_API_KEY||getStoredProviderApiKey("custom-anthropic",_("custom-anthropic"))||null;default:return getOpenAIAccessToken()}}export async function getOpenAIOAuthTokensAsync(){if(X())return null;if(process.env.OPENAI_OAUTH_TOKEN)return getOpenAIOAuthTokens();try{const e=Q(),r=await e.readAsync(),t=_("openai"),n=t&&r?.providerProfileOauth?.[t]||(t&&!O("openai",t)?null:r?.openAiOauth);return n?.accessToken?n:null}catch(e){return J(e),null}}export function clearOAuthTokenCache(){getClaudeAIOAuthTokens.cache?.clear?.(),getOpenAIOAuthTokens.cache?.clear?.(),te()}let Ee=0;async function invalidateOAuthCacheIfDiskChanged(){try{const e="sqlite"===Q().name?ie():se(),{mtimeMs:r}=await s(e);r!==Ee&&(Ee=r,clearOAuthTokenCache())}catch{getClaudeAIOAuthTokens.cache?.clear?.(),getOpenAIOAuthTokens.cache?.clear?.()}}const Te=new Map;export function handleOAuth401Error(e){const r=Te.get(e);if(r)return r;const t=async function(e){clearOAuthTokenCache();const r=await getClaudeAIOAuthTokensAsync();if(!r?.refreshToken)return!1;if(r.accessToken!==e)return a("tengu_oauth_401_recovered_from_keychain",{}),!0;return checkAndRefreshOAuthTokenIfNeeded(0,!0)}(e).finally(()=>{Te.delete(e)});return Te.set(e,t),t}export async function handleOpenAIOAuth401Error(e){clearOAuthTokenCache();const r=await getOpenAIOAuthTokensAsync();return!!r?.refreshToken&&(r.accessToken!==e?(a("tengu_openai_oauth_401_recovered_from_keychain",{}),!0):checkAndRefreshOpenAIOAuthTokenIfNeeded(0,!0))}export async function getClaudeAIOAuthTokensAsync(){if(X())return null;if(isManagedOAuthContext()&&(process.env.CONTEXT_CODE_OAUTH_TOKEN||process.env.CLAUDE_CODE_OAUTH_TOKEN||w()))return getClaudeAIOAuthTokens();try{const e=Q(),r=await e.readAsync(),t=_("claude"),n=t&&r?.providerProfileOauth?.[t]||(t&&!O("claude",t)?null:r?.claudeAiOauth);return n?.accessToken?n:null}catch(e){return J(e),null}}let me=null,ye=null;export function checkAndRefreshOAuthTokenIfNeeded(e=0,r=!1){if(0===e&&!r){if(me)return me;const t=checkAndRefreshOAuthTokenIfNeededImpl(e,r);return me=t.finally(()=>{me=null}),me}return checkAndRefreshOAuthTokenIfNeededImpl(e,r)}export function checkAndRefreshOpenAIOAuthTokenIfNeeded(e=0,r=!1){if(0===e&&!r){if(ye)return ye;const t=checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r);return ye=t.finally(()=>{ye=null}),ye}return checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r)}async function checkAndRefreshOAuthTokenIfNeededImpl(e,r){await invalidateOAuthCacheIfDiskChanged();const t=getClaudeAIOAuthTokens();if(!(r||t?.refreshToken&&v(t.expiresAt)))return!1;if(!t?.refreshToken)return!1;if(!S(t.scopes))return!1;getClaudeAIOAuthTokens.cache?.clear?.(),te();const n=await getClaudeAIOAuthTokensAsync();if(!n?.refreshToken||!v(n.expiresAt))return!1;const s=$();let i;await o(s,{recursive:!0});try{a("tengu_oauth_token_refresh_lock_acquiring",{}),i=await V.lock(s),a("tengu_oauth_token_refresh_lock_acquired",{})}catch(t){return"ELOCKED"===t.code?e<5?(a("tengu_oauth_token_refresh_lock_retry",{retryCount:e+1}),await ue(1e3+1e3*Math.random()),checkAndRefreshOAuthTokenIfNeededImpl(e+1,r)):(a("tengu_oauth_token_refresh_lock_retry_limit_reached",{maxRetries:5}),!1):(J(t),a("tengu_oauth_token_refresh_lock_error",{error:W(t)}),!1)}try{getClaudeAIOAuthTokens.cache?.clear?.(),te();const e=await getClaudeAIOAuthTokensAsync();if(!e?.refreshToken||!v(e.expiresAt))return a("tengu_oauth_token_refresh_race_resolved",{}),!1;a("tengu_oauth_token_refresh_starting",{});return saveOAuthTokensIfNeeded(await K(e.refreshToken,{scopes:S(e.scopes)?void 0:e.scopes})),getClaudeAIOAuthTokens.cache?.clear?.(),te(),!0}catch(e){J(e),getClaudeAIOAuthTokens.cache?.clear?.(),te();const r=await getClaudeAIOAuthTokensAsync();return!(!r||v(r.expiresAt))&&(a("tengu_oauth_token_refresh_race_recovered",{}),!0)}finally{a("tengu_oauth_token_refresh_lock_releasing",{}),await i(),a("tengu_oauth_token_refresh_lock_released",{})}}async function checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e,r){await invalidateOAuthCacheIfDiskChanged();const t=getOpenAIOAuthTokens();if(!(r||t?.refreshToken&&v(t.expiresAt)))return!1;if(!t?.refreshToken)return!1;getOpenAIOAuthTokens.cache?.clear?.(),te();const n=await getOpenAIOAuthTokensAsync();if(!n?.refreshToken||!v(n.expiresAt))return!1;const s=$();let i;await o(s,{recursive:!0});try{a("tengu_openai_oauth_token_refresh_lock_acquiring",{}),i=await V.lock(s),a("tengu_openai_oauth_token_refresh_lock_acquired",{})}catch(t){return"ELOCKED"===t.code?e<5?(a("tengu_openai_oauth_token_refresh_lock_retry",{retryCount:e+1}),await ue(1e3+1e3*Math.random()),checkAndRefreshOpenAIOAuthTokenIfNeededImpl(e+1,r)):(a("tengu_openai_oauth_token_refresh_lock_retry_limit_reached",{maxRetries:5}),!1):(J(t),!1)}try{getOpenAIOAuthTokens.cache?.clear?.(),te();const e=await getOpenAIOAuthTokensAsync();if(!e?.refreshToken||!v(e.expiresAt))return a("tengu_openai_oauth_token_refresh_race_resolved",{}),!1;a("tengu_openai_oauth_token_refresh_starting",{});return saveOpenAIOAuthTokens(await I(e.refreshToken,{scopes:e.scopes})),getOpenAIOAuthTokens.cache?.clear?.(),te(),!0}catch(e){J(e),getOpenAIOAuthTokens.cache?.clear?.(),te();const r=await getOpenAIOAuthTokensAsync();return!(!r||v(r.expiresAt))&&(a("tengu_openai_oauth_token_refresh_race_recovered",{}),!0)}finally{a("tengu_openai_oauth_token_refresh_lock_releasing",{}),await i(),a("tengu_openai_oauth_token_refresh_lock_released",{})}}export function isClaudeAISubscriber(){return!!isAnthropicAuthEnabled()&&S(getClaudeAIOAuthTokens()?.scopes)}export function hasProfileScope(){return getClaudeAIOAuthTokens()?.scopes?.includes(c)??!1}export function is1PApiCustomer(){return!(B(process.env.CONTEXT_CODE_USE_BEDROCK)||B(process.env.CLAUDE_CODE_USE_BEDROCK)||B(process.env.CONTEXT_CODE_USE_VERTEX)||B(process.env.CLAUDE_CODE_USE_VERTEX)||B(process.env.CONTEXT_CODE_USE_FOUNDRY)||B(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(f()))&&!isClaudeAISubscriber()}export function getOauthAccountInfo(){return isAnthropicAuthEnabled()?j().oauthAccount:void 0}export function isOverageProvisioningAllowed(){const e=getOauthAccountInfo(),r=e?.billingType;return!(!isClaudeAISubscriber()||!r)&&("stripe_subscription"===r||"stripe_subscription_contracted"===r||"apple_subscription"===r||"google_play_subscription"===r)}export function hasOpusAccess(){const e=getSubscriptionType();return"max"===e||"enterprise"===e||"team"===e||"pro"===e||null===e}export function getSubscriptionType(){if(C())return k();if(!isAnthropicAuthEnabled())return null;const e=getClaudeAIOAuthTokens();return e?e.subscriptionType??null:null}export function isMaxSubscriber(){return"max"===getSubscriptionType()}export function isTeamSubscriber(){return"team"===getSubscriptionType()}export function isTeamPremiumSubscriber(){return"team"===getSubscriptionType()&&"default_claude_max_5x"===getRateLimitTier()}export function isEnterpriseSubscriber(){return"enterprise"===getSubscriptionType()}export function isProSubscriber(){return"pro"===getSubscriptionType()}export function getRateLimitTier(){if(!isAnthropicAuthEnabled())return null;const e=getClaudeAIOAuthTokens();return e?e.rateLimitTier??null:null}export function getSubscriptionName(){switch(getSubscriptionType()){case"enterprise":return"Context Empresarial";case"team":return"Context Equipo";case"max":return"Context Max";case"pro":return"Context Pro";default:return"Context API"}}export function isUsing3PServices(){return!!(B(process.env.CONTEXT_CODE_USE_BEDROCK)||B(process.env.CLAUDE_CODE_USE_BEDROCK)||B(process.env.CONTEXT_CODE_USE_VERTEX)||B(process.env.CLAUDE_CODE_USE_VERTEX)||B(process.env.CONTEXT_CODE_USE_FOUNDRY)||B(process.env.CLAUDE_CODE_USE_FOUNDRY)||h(f()))}function getConfiguredOtelHeadersHelper(){return(ce()||{}).otelHeadersHelper}export function isOtelHeadersHelperFromProjectOrLocalSettings(){const e=getConfiguredOtelHeadersHelper();if(!e)return!1;const r=ae("projectSettings"),t=ae("localSettings");return r?.otelHeadersHelper===e||t?.otelHeadersHelper===e}let ke=null,Ce=0;const ve=174e4;export function getOtelHeadersFromHelper(){const e=getConfiguredOtelHeadersHelper();if(!e)return{};const r=parseInt(process.env.CONTEXT_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS||process.env.CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS||ve.toString());if(ke&&Date.now()-Ce<r)return ke;if(isOtelHeadersHelperFromProjectOrLocalSettings()){if(!G())return{}}try{const r=q(e,{timeout:3e4})?.toString().trim();if(!r)throw new Error("otelHeadersHelper did not return a valid value");const t=pe(r);if("object"!=typeof t||null===t||Array.isArray(t))throw new Error("otelHeadersHelper must return a JSON object with string key-value pairs");for(const[e,r]of Object.entries(t))if("string"!=typeof r)throw new Error(`otelHeadersHelper returned non-string value for key "${e}": ${typeof r}`);return ke=t,Ce=Date.now(),ke}catch(e){throw J(new Error(`Error getting OpenTelemetry headers from otelHeadersHelper (in settings): ${W(e)}`)),e}}export function isConsumerSubscriber(){const e=getSubscriptionType();return isClaudeAISubscriber()&&null!==e&&("max"===(r=e)||"pro"===r);var r}export function getAccountInformation(){if("firstParty"!==f())return;const{source:e}=getAuthTokenSource(),r={};"CLAUDE_CODE_OAUTH_TOKEN"===e||"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"===e?r.tokenSource=e:isClaudeAISubscriber()?r.subscription=getSubscriptionName():r.tokenSource=e;const{key:t,source:n}=getAnthropicApiKeyWithSource();if(t&&(r.apiKeySource=n),"claude.ai"===e||"/login managed key"===n){const e=getOauthAccountInfo()?.organizationName;e&&(r.organization=e)}const o=getOauthAccountInfo()?.emailAddress;return"claude.ai"!==e&&"/login managed key"!==n||!o||(r.email=o),r}export async function validateForceLoginOrg(){if(process.env.ANTHROPIC_UNIX_SOCKET)return{valid:!0};if(!isAnthropicAuthEnabled())return{valid:!0};const e=ae("policySettings")?.forceLoginOrgUUID;if(!e)return{valid:!0};await checkAndRefreshOAuthTokenIfNeeded();const r=getClaudeAIOAuthTokens();if(!r)return{valid:!0};const{source:t}=getAuthTokenSource(),n="CLAUDE_CODE_OAUTH_TOKEN"===t||"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"===t,o=await P(r.accessToken);if(!o)return{valid:!1,message:`Unable to verify organization for the current authentication token.\nThis machine requires organization ${e} but the profile could not be fetched.\nThis may be a network error, or the token may lack the user:profile scope required for\nverification (tokens from 'context setup-token' do not include this scope).\nTry again, or obtain a full-scope token via 'context auth login'.`};const s=o.organization.uuid;if(s===e)return{valid:!0};if(n){return{valid:!1,message:`The ${"CLAUDE_CODE_OAUTH_TOKEN"===t?"CLAUDE_CODE_OAUTH_TOKEN":"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR"} environment variable provides a token for a\ndifferent organization than required by this machine's managed settings.\n\nRequired organization: ${e}\nToken organization: ${s}\n\nRemove the environment variable or obtain a token for the correct organization.`}}return{valid:!1,message:`Your authentication token belongs to organization ${s},\nbut this machine requires organization ${e}.\n\nPlease log in with the correct organization: context auth login`}}class GcpCredentialsTimeoutError extends Error{}
@@ -1 +1 @@
1
- import{chmod as e,mkdir as o,readFile as t,writeFile as n}from"fs/promises";import{homedir as r}from"os";import{join as i}from"path";import{fileURLToPath as s}from"url";import{getIsInteractive as a,getIsNonInteractiveSession as c,getSessionBypassPermissionsMode as m}from"../../bootstrap/state.js";import{isInBundledMode as l}from"../bundledMode.js";import{getGlobalConfig as d,saveGlobalConfig as p}from"../config.js";import{logForDebugging as h}from"../debug.js";import{getClaudeConfigHomeDir as C,isEnvDefinedFalsy as f,isEnvTruthy as u}from"../envUtils.js";import{execFileNoThrowWithCwd as E}from"../execFileNoThrow.js";import{getPlatform as _}from"../platform.js";import{jsonStringify as x}from"../slowOperations.js";import{CLAUDE_IN_CHROME_MCP_SERVER_NAME as v,getAllBrowserDataPaths as g,getAllNativeMessagingHostsDirs as w,getAllWindowsRegistryKeys as b,openInChrome as $}from"./common.js";import{getChromeSystemPrompt as j}from"./prompt.js";import{isChromeExtensionInstalledPortable as y}from"./setupPortable.js";import{CONTEXT_BROWSER_TOOLS as A}from"./tools.js";let I;const D="com.contextcompany.browser_extension",N=`${D}.json`,O=process.env.CONTEXT_CODE_CHROME_EXTENSION_ID||"aonominmpekbkdilbgbgeijfoooamfho";export function shouldEnableClaudeInChrome(e){if(c()&&!0!==e)return!1;if(!0===e)return!0;if(!1===e)return!1;if(u(process.env.CONTEXT_CODE_ENABLE_CFC)||u(process.env.CLAUDE_CODE_ENABLE_CFC))return!0;if(f(process.env.CONTEXT_CODE_ENABLE_CFC)||f(process.env.CLAUDE_CODE_ENABLE_CFC))return!1;const o=d();return void 0!==o.claudeInChromeDefaultEnabled?o.claudeInChromeDefaultEnabled:a()&&isChromeExtensionInstalled_CACHED_MAY_BE_STALE()}let T;export function shouldAutoEnableClaudeInChrome(){return void 0!==T||(T=a()&&isChromeExtensionInstalled_CACHED_MAY_BE_STALE()),T}export function setupClaudeInChrome(){const e=l(),o=(I||(I=[...A]),I).map(e=>`mcp__${v}__${e.name}`),t={};m()&&(t.CLAUDE_CHROME_PERMISSION_MODE="skip_all_permission_checks");const n=Object.keys(t).length>0;if(e){return createWrapperScript(`"${process.execPath}" --chrome-native-host`).then(e=>installChromeNativeHostManifest(e)).catch(e=>h(`[Claude in Chrome] Failed to install native host: ${e}`,{level:"error"})),{mcpConfig:{[v]:{type:"stdio",command:process.execPath,args:["--claude-in-chrome-mcp"],scope:"dynamic",...n&&{env:t}}},allowedTools:o,systemPrompt:j()}}{const e=s(import.meta.url),r=i(e,".."),a=i(r,"..","..","entrypoints","cli.js");createWrapperScript(`"${process.execPath}" "${a}" --chrome-native-host`).then(e=>installChromeNativeHostManifest(e)).catch(e=>h(`[Claude in Chrome] Failed to install native host: ${e}`,{level:"error"}));return{mcpConfig:{[v]:{type:"stdio",command:process.execPath,args:[`${a}`,"--claude-in-chrome-mcp"],scope:"dynamic",...n&&{env:t}}},allowedTools:o,systemPrompt:j()}}}export async function installChromeNativeHostManifest(e){const s=function(){if("windows"===_()){const e=r(),o=process.env.APPDATA||i(e,"AppData","Local");return[i(o,"Context Code","ChromeNativeHost")]}return w().map(({path:e})=>e)}();if(0===s.length)throw Error("Claude in Chrome Native Host not supported on this platform");const a={name:D,description:"Context Code Browser Extension Native Host",path:e,type:"stdio",allowed_origins:[`chrome-extension://${O}/`,"chrome-extension://aonominmpekbkdilbgbgeijfoooamfho/","chrome-extension://my_context_code_extension_id/","chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/",..."ant"===process.env.USER_TYPE?["chrome-extension://dihbgbndebgnbjfmelmegjepbnkhlgni/","chrome-extension://dngcpimnedloihjnnfngkgjoidhnaolf/"]:[]]},c=x(a,null,2);let m=!1;for(const e of s){const r=i(e,N);if(await t(r,"utf-8").catch(()=>null)!==c)try{await o(e,{recursive:!0}),await n(r,c),h(`[Claude in Chrome] Installed native host manifest at: ${r}`),m=!0}catch(e){h(`[Claude in Chrome] Failed to install manifest at ${r}: ${e}`)}}if("windows"===_()){!function(e){const o=b();for(const{browser:t,key:n}of o){const o=`${n}\\${D}`;E("reg",["add",o,"/ve","/t","REG_SZ","/d",e,"/f"]).then(e=>{0===e.code?h(`[Claude in Chrome] Registered native host for ${t} in Windows registry: ${o}`):h(`[Claude in Chrome] Failed to register native host for ${t} in Windows registry: ${e.stderr}`)})}}(i(s[0],N))}m&&isChromeExtensionInstalled().then(e=>{e?(h("[Claude in Chrome] First-time install detected, opening reconnect page in browser"),$("https://clau.de/chrome/reconnect")):h("[Claude in Chrome] First-time install detected, but extension not installed, skipping reconnect")})}async function createWrapperScript(r){const s=_(),a=i(C(),"chrome"),c=i(a,"windows"===s?"chrome-native-host.bat":"chrome-native-host"),m="windows"===s?`@echo off\nREM Chrome native host wrapper script\nREM Generated by Context Code - do not edit manually\n${r}\n`:`#!/bin/sh\n# Chrome native host wrapper script\n# Generated by Context Code - do not edit manually\nexec ${r}\n`;return await t(c,"utf-8").catch(()=>null)===m||(await o(a,{recursive:!0}),await n(c,m),"windows"!==s&&await e(c,493),h(`[Claude in Chrome] Created Chrome native host wrapper script: ${c}`)),c}function isChromeExtensionInstalled_CACHED_MAY_BE_STALE(){isChromeExtensionInstalled().then(e=>{if(!e)return;d().cachedChromeExtensionInstalled!==e&&p(o=>({...o,cachedChromeExtensionInstalled:e}))});return d().cachedChromeExtensionInstalled??!1}export async function isChromeExtensionInstalled(){const e=g();return 0===e.length?(h(`[Claude in Chrome] Unsupported platform for extension detection: ${_()}`),!1):y(e,h)}
1
+ import{chmod as e,mkdir as o,readFile as t,writeFile as n}from"fs/promises";import{homedir as r}from"os";import{join as i}from"path";import{fileURLToPath as s}from"url";import{getIsNonInteractiveSession as a,getSessionBypassPermissionsMode as c}from"../../bootstrap/state.js";import{isInBundledMode as m}from"../bundledMode.js";import{getGlobalConfig as l,saveGlobalConfig as p}from"../config.js";import{logForDebugging as d}from"../debug.js";import{getClaudeConfigHomeDir as h,isEnvDefinedFalsy as f,isEnvTruthy as C}from"../envUtils.js";import{execFileNoThrowWithCwd as u}from"../execFileNoThrow.js";import{getPlatform as E}from"../platform.js";import{jsonStringify as v}from"../slowOperations.js";import{CLAUDE_IN_CHROME_MCP_SERVER_NAME as _,getAllBrowserDataPaths as g,getAllNativeMessagingHostsDirs as w,getAllWindowsRegistryKeys as b,openInChrome as x}from"./common.js";import{getChromeSystemPrompt as $}from"./prompt.js";import{isChromeExtensionInstalledPortable as j}from"./setupPortable.js";import{CONTEXT_BROWSER_TOOLS as y}from"./tools.js";let N;const O="com.contextcompany.browser_extension",k=`${O}.json`,D=process.env.CONTEXT_CODE_CHROME_EXTENSION_ID||"aonominmpekbkdilbgbgeijfoooamfho";export function shouldEnableClaudeInChrome(e){if(a()&&!0!==e)return!1;if(!0===e)return!0;if(!1===e)return!1;if(C(process.env.CONTEXT_CODE_ENABLE_CFC)||C(process.env.CLAUDE_CODE_ENABLE_CFC))return!0;if(f(process.env.CONTEXT_CODE_ENABLE_CFC)||f(process.env.CLAUDE_CODE_ENABLE_CFC))return!1;const o=l();return void 0!==o.claudeInChromeDefaultEnabled&&o.claudeInChromeDefaultEnabled}export function shouldAutoEnableClaudeInChrome(){return!1}export function setupClaudeInChrome(){const e=m(),o=(N||(N=[...y]),N).map(e=>`mcp__${_}__${e.name}`),t={};c()&&(t.CLAUDE_CHROME_PERMISSION_MODE="skip_all_permission_checks");const n=Object.keys(t).length>0;if(e){return createWrapperScript(`"${process.execPath}" --chrome-native-host`).then(e=>installChromeNativeHostManifest(e)).catch(e=>d(`[Claude in Chrome] Failed to install native host: ${e}`,{level:"error"})),{mcpConfig:{[_]:{type:"stdio",command:process.execPath,args:["--claude-in-chrome-mcp"],scope:"dynamic",...n&&{env:t}}},allowedTools:o,systemPrompt:$()}}{const e=s(import.meta.url),r=i(e,".."),a=i(r,"..","..","entrypoints","cli.js");createWrapperScript(`"${process.execPath}" "${a}" --chrome-native-host`).then(e=>installChromeNativeHostManifest(e)).catch(e=>d(`[Claude in Chrome] Failed to install native host: ${e}`,{level:"error"}));return{mcpConfig:{[_]:{type:"stdio",command:process.execPath,args:[`${a}`,"--claude-in-chrome-mcp"],scope:"dynamic",...n&&{env:t}}},allowedTools:o,systemPrompt:$()}}}export async function installChromeNativeHostManifest(e){const s=function(){if("windows"===E()){const e=r(),o=process.env.APPDATA||i(e,"AppData","Local");return[i(o,"Context Code","ChromeNativeHost")]}return w().map(({path:e})=>e)}();if(0===s.length)throw Error("Claude in Chrome Native Host not supported on this platform");const a={name:O,description:"Context Code Browser Extension Native Host",path:e,type:"stdio",allowed_origins:[`chrome-extension://${D}/`,"chrome-extension://aonominmpekbkdilbgbgeijfoooamfho/","chrome-extension://my_context_code_extension_id/","chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/",..."ant"===process.env.USER_TYPE?["chrome-extension://dihbgbndebgnbjfmelmegjepbnkhlgni/","chrome-extension://dngcpimnedloihjnnfngkgjoidhnaolf/"]:[]]},c=v(a,null,2);let m=!1;for(const e of s){const r=i(e,k);if(await t(r,"utf-8").catch(()=>null)!==c)try{await o(e,{recursive:!0}),await n(r,c),d(`[Claude in Chrome] Installed native host manifest at: ${r}`),m=!0}catch(e){d(`[Claude in Chrome] Failed to install manifest at ${r}: ${e}`)}}if("windows"===E()){!function(e){const o=b();for(const{browser:t,key:n}of o){const o=`${n}\\${O}`;u("reg",["add",o,"/ve","/t","REG_SZ","/d",e,"/f"]).then(e=>{0===e.code?d(`[Claude in Chrome] Registered native host for ${t} in Windows registry: ${o}`):d(`[Claude in Chrome] Failed to register native host for ${t} in Windows registry: ${e.stderr}`)})}}(i(s[0],k))}m&&isChromeExtensionInstalled().then(e=>{e?(d("[Claude in Chrome] First-time install detected, opening reconnect page in browser"),x("https://clau.de/chrome/reconnect")):d("[Claude in Chrome] First-time install detected, but extension not installed, skipping reconnect")})}async function createWrapperScript(r){const s=E(),a=i(h(),"chrome"),c=i(a,"windows"===s?"chrome-native-host.bat":"chrome-native-host"),m="windows"===s?`@echo off\nREM Chrome native host wrapper script\nREM Generated by Context Code - do not edit manually\n${r}\n`:`#!/bin/sh\n# Chrome native host wrapper script\n# Generated by Context Code - do not edit manually\nexec ${r}\n`;return await t(c,"utf-8").catch(()=>null)===m||(await o(a,{recursive:!0}),await n(c,m),"windows"!==s&&await e(c,493),d(`[Claude in Chrome] Created Chrome native host wrapper script: ${c}`)),c}export async function isChromeExtensionInstalled(){const e=g();return 0===e.length?(d(`[Claude in Chrome] Unsupported platform for extension detection: ${E()}`),!1):j(e,d)}
@@ -1 +1 @@
1
- import{spawn as r}from"child_process";import{join as o}from"path";import{getCwd as e}from"../cwd.js";import{COMPUTER_CONTROL_MCP_SERVER_NAME as t}from"./common.js";export function runComputerControlMcpServer(){const c=o(e(),"CLI","src","utils","computerControlMcp","server"),p="win32"===process.platform?"py":"python3",s=r(p,["-m","computer_control_mcp.server"],{cwd:c,stdio:"inherit",env:{...process.env,PYTHONPATH:o(c,"src")}});return s.on("error",r=>{console.error(`Failed to start ${t} server:`,r)}),s}
1
+ import{spawn as r}from"child_process";import{join as o,dirname as e}from"path";import{fileURLToPath as t}from"url";import{COMPUTER_CONTROL_MCP_SERVER_NAME as m}from"./common.js";import{ensureUvAvailable as p}from"../sembleMcp/setup.js";export function runComputerControlMcpServer(){const s=e(t(import.meta.url)),c=o(s,"server"),n=p(),i=r(n,["run","--project",c,"-m","computer_control_mcp.server"],{cwd:c,stdio:"inherit",env:{...process.env,PYTHONPATH:o(c,"src"),UV_SKIP_WHEEL_FILENAME_CHECK:"1"}});return i.on("error",r=>{console.error(`Failed to start ${m} server:`,r)}),i}
@@ -0,0 +1,18 @@
1
+ # Auto detect text files and perform LF normalization
2
+ * text=auto
3
+
4
+ # Python files
5
+ *.py text diff=python
6
+
7
+ # Documentation
8
+ *.md text
9
+ *.rst text
10
+ *.txt text
11
+
12
+ # Exclude files from exporting
13
+ .gitattributes export-ignore
14
+ .gitignore export-ignore
15
+ .github export-ignore
16
+ .pytest_cache export-ignore
17
+ __pycache__ export-ignore
18
+ *.pyc export-ignore
@@ -0,0 +1,25 @@
1
+ # Use a lightweight Python base image
2
+ FROM python:3.12-slim
3
+
4
+ # Set environment variables for Python
5
+ ENV PYTHONDONTWRITEBYTECODE=1 \
6
+ PYTHONUNBUFFERED=1
7
+
8
+ # Set working directory
9
+ WORKDIR /app
10
+
11
+ # Copy dependency file(s)
12
+ COPY pyproject.toml .
13
+ COPY src/ src/
14
+ COPY README.md README.md
15
+
16
+ # Install build backend (Hatchling)
17
+ RUN pip install --upgrade pip && \
18
+ pip install hatchling && \
19
+ pip install -e .
20
+
21
+ # Copy any additional files (e.g. configs, CLI, entrypoints)
22
+ COPY . .
23
+
24
+ # Default command (can be overridden)
25
+ CMD ["python", "-m", "computer_control_mcp"]
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2025 AB498 <abcd49800@gmail.com>
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,10 @@
1
+ include README.md
2
+ include LICENSE
3
+ include pyproject.toml
4
+ recursive-include src *
5
+ recursive-include tests *
6
+ recursive-include docs *
7
+ global-exclude *.pyc
8
+ global-exclude __pycache__
9
+ global-exclude *.so
10
+ global-exclude .DS_Store
@@ -0,0 +1,193 @@
1
+ # Computer Control MCP
2
+
3
+ ### MCP server that provides computer control capabilities, like mouse, keyboard, OCR, etc. using PyAutoGUI, RapidOCR, ONNXRuntime. Similar to 'computer-use' by Anthropic. With Zero External Dependencies.
4
+
5
+ <div align="center" style="text-align:center;font-family: monospace; display: flex; align-items: center; justify-content: center; width: 100%; gap: 10px">
6
+ <a href="https://nextjs-boilerplate-ashy-nine-64.vercel.app/demo-computer-control"><img
7
+ src="https://komarev.com/ghpvc/?username=AB498&label=DEMO&style=for-the-badge&color=CC0000" /></a>
8
+ <a href="https://discord.gg/ZeeqSBpjU2"><img
9
+ src="https://img.shields.io/discord/1095854826786668545?style=for-the-badge&color=0000CC" alt="Discord"></a>
10
+ <a href="https://img.shields.io/badge/License-MIT-yellow.svg"><img
11
+ src="https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge&color=00CC00" alt="License: MIT"></a>
12
+ <a href="https://pypi.org/project/computer-control-mcp"><img
13
+ src="https://img.shields.io/pypi/v/computer-control-mcp?style=for-the-badge" alt="PyPi"></a>
14
+ </div>
15
+
16
+ ---
17
+
18
+ ![MCP Computer Control Demo](https://github.com/AB498/computer-control-mcp/blob/main/demonstration.gif?raw=true)
19
+
20
+ ## Quick Usage (MCP Setup Using `uvx`)
21
+
22
+ ***Note:** Running `uvx computer-control-mcp@latest` for the first time will download python dependencies (around 70MB) which may take some time. Recommended to run this in a terminal before using it as MCP. Subsequent runs will be instant.*
23
+
24
+ ```json
25
+ {
26
+ "mcpServers": {
27
+ "computer-control-mcp": {
28
+ "command": "uvx",
29
+ "args": ["computer-control-mcp@latest"]
30
+ }
31
+ }
32
+ }
33
+ ```
34
+
35
+ OR install globally with `pip`:
36
+ ```bash
37
+ pip install computer-control-mcp
38
+ ```
39
+ Then run the server with:
40
+ ```bash
41
+ computer-control-mcp # instead of uvx computer-control-mcp, so you can use the latest version, also you can `uv cache clean` to clear the cache and `uvx` again to use latest version.
42
+ ```
43
+
44
+ ## Features
45
+
46
+ - Control mouse movements and clicks
47
+ - Type text at the current cursor position
48
+ - Take screenshots of the entire screen or specific windows with optional saving to downloads directory
49
+ - Extract text from screenshots using OCR (Optical Character Recognition)
50
+ - List and activate windows
51
+ - Press keyboard keys
52
+ - Drag and drop operations
53
+ - Enhanced screenshot capture for GPU-accelerated windows (Windows only)
54
+
55
+ ## Note on GPU-accelerated Windows
56
+
57
+ Traditional screenshot methods like GDI/PrintWindow fail to capture GPU-accelerated windows, resulting in black screens. This impacts games, media players, Electron apps, browsers with GPU acceleration, streaming software, and CAD tools. Use WGC through `take_screenshot` tool's flag or `ENV` variable
58
+
59
+ ## Configuration
60
+
61
+ ### Custom Screenshot Directory
62
+
63
+ By default, screenshots are saved to the OS downloads directory. You can customize this by setting the `COMPUTER_CONTROL_MCP_SCREENSHOT_DIR` environment variable:
64
+
65
+ ```json
66
+ {
67
+ "mcpServers": {
68
+ "computer-control-mcp": {
69
+ "command": "uvx",
70
+ "args": ["computer-control-mcp@latest"],
71
+ "env": {
72
+ "COMPUTER_CONTROL_MCP_SCREENSHOT_DIR": "C:\\Users\\YourName\\Pictures\\Screenshots"
73
+ }
74
+ }
75
+ }
76
+ }
77
+ ```
78
+
79
+ Or set it system-wide:
80
+ ```bash
81
+ # Windows (PowerShell)
82
+ $env:COMPUTER_CONTROL_MCP_SCREENSHOT_DIR = "C:\Users\YourName\Pictures\Screenshots"
83
+
84
+ # macOS/Linux
85
+ export COMPUTER_CONTROL_MCP_SCREENSHOT_DIR="/home/yourname/Pictures/Screenshots"
86
+ ```
87
+
88
+ If the specified directory doesn't exist, the server will fall back to the default downloads directory.
89
+
90
+ ### Automatic WGC for Specific Windows
91
+
92
+ You can configure the system to automatically use Windows Graphics Capture (WGC) for specific windows by setting the `COMPUTER_CONTROL_MCP_WGC_PATTERNS` environment variable. This variable should contain comma-separated patterns that match window titles:
93
+
94
+ ```json
95
+ {
96
+ "mcpServers": {
97
+ "computer-control-mcp": {
98
+ "command": "uvx",
99
+ "args": ["computer-control-mcp@latest"],
100
+ "env": {
101
+ "COMPUTER_CONTROL_MCP_WGC_PATTERNS": "obs, discord, game, steam"
102
+ }
103
+ }
104
+ }
105
+ }
106
+ ```
107
+
108
+ Or set it system-wide:
109
+ ```bash
110
+ # Windows (PowerShell)
111
+ $env:COMPUTER_CONTROL_MCP_WGC_PATTERNS = "obs, discord, game, steam"
112
+
113
+ # macOS/Linux
114
+ export COMPUTER_CONTROL_MCP_WGC_PATTERNS="obs, discord, game, steam"
115
+ ```
116
+
117
+ When this variable is set, any window whose title contains any of the specified patterns will automatically use WGC for screenshot capture, eliminating black screens for GPU-accelerated applications.
118
+
119
+ ## Available Tools
120
+
121
+ ### Mouse Control
122
+ - `click_screen(x: int, y: int)`: Click at specified screen coordinates
123
+ - `move_mouse(x: int, y: int)`: Move mouse cursor to specified coordinates
124
+ - `drag_mouse(from_x: int, from_y: int, to_x: int, to_y: int, duration: float = 0.5)`: Drag mouse from one position to another
125
+ - `mouse_down(button: str = "left")`: Hold down a mouse button ('left', 'right', 'middle')
126
+ - `mouse_up(button: str = "left")`: Release a mouse button ('left', 'right', 'middle')
127
+
128
+ ### Keyboard Control
129
+ - `type_text(text: str)`: Type the specified text at current cursor position
130
+ - `press_key(key: str)`: Press a specified keyboard key
131
+ - `key_down(key: str)`: Hold down a specific keyboard key until released
132
+ - `key_up(key: str)`: Release a specific keyboard key
133
+ - `press_keys(keys: Union[str, List[Union[str, List[str]]]])`: Press keyboard keys (supports single keys, sequences, and combinations)
134
+
135
+ ### Screen and Window Management
136
+ - `take_screenshot(title_pattern: str = None, use_regex: bool = False, threshold: int = 60, scale_percent_for_ocr: int = None, save_to_downloads: bool = False, use_wgc: bool = False)`: Capture screen or window
137
+ - `take_screenshot_with_ocr(title_pattern: str = None, use_regex: bool = False, threshold: int = 10, scale_percent_for_ocr: int = None, save_to_downloads: bool = False)`: Extract adn return text with coordinates using OCR from screen or window
138
+ - `get_screen_size()`: Get current screen resolution
139
+ - `list_windows()`: List all open windows
140
+ - `activate_window(title_pattern: str, use_regex: bool = False, threshold: int = 60)`: Bring specified window to foreground
141
+ - `wait_milliseconds(milliseconds: int)`: Wait for a specified number of milliseconds
142
+
143
+ ## Development
144
+
145
+ ### Setting up the Development Environment
146
+
147
+ ```bash
148
+ # Clone the repository
149
+ git clone https://github.com/AB498/computer-control-mcp.git
150
+ cd computer-control-mcp
151
+
152
+ # Build/Run:
153
+
154
+ # 1. Install in development mode | Meaning that your edits to source code will be reflected in the installed package.
155
+ pip install -e .
156
+
157
+ # Then Start server | This is equivalent to `uvx computer-control-mcp@latest` just the local code is used
158
+ computer-control-mcp
159
+
160
+ # -- OR --
161
+
162
+ # 2. Build after `pip install hatch` | This needs version increment in orer to reflect code changes
163
+ hatch build
164
+
165
+ # Windows
166
+ $latest = Get-ChildItem .\dist\*.whl | Sort-Object LastWriteTime -Descending | Select-Object -First 1
167
+ pip install $latest.FullName --upgrade
168
+
169
+ # Non-windows
170
+ pip install dist/*.whl --upgrade
171
+
172
+ # Run
173
+ computer-control-mcp
174
+ ```
175
+
176
+ ### Running Tests
177
+
178
+ ```bash
179
+ python -m pytest
180
+ ```
181
+
182
+ ## API Reference
183
+
184
+ See the [API Reference](docs/api.md) for detailed information about the available functions and classes.
185
+
186
+ ## License
187
+
188
+ MIT
189
+
190
+ ## For more information or help
191
+
192
+ - [Email (abcd49800@gmail.com)](mailto:abcd49800@gmail.com)
193
+ - [Discord (CodePlayground)](https://discord.gg/ZeeqSBpjU2)
@@ -0,0 +1,52 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "computer-control-mcp"
7
+ version = "0.3.10"
8
+ description = "MCP server that provides computer control capabilities, like mouse, keyboard, OCR, etc. using PyAutoGUI, RapidOCR, ONNXRuntime. Similar to 'computer-use' by Anthropic. With Zero External Dependencies."
9
+ readme = "README.md"
10
+ requires-python = ">=3.10"
11
+ license = {text = "MIT"}
12
+ authors = [{name = "AB498", email = "abcd49800@gmail.com"}]
13
+ classifiers = [
14
+ "Development Status :: 4 - Beta",
15
+ "Intended Audience :: Developers",
16
+ "License :: OSI Approved :: MIT License",
17
+ "Programming Language :: Python :: 3",
18
+ "Programming Language :: Python :: 3.12",
19
+ "Topic :: Software Development :: Libraries",
20
+ "Topic :: Utilities"
21
+ ]
22
+ dependencies = [
23
+ "pyautogui==0.9.54",
24
+ "mcp[cli]==1.13.0",
25
+ "pillow==11.3.0",
26
+ "pygetwindow==0.0.9; sys_platform=='win32'",
27
+ "pywinctl==0.4.1",
28
+ "fuzzywuzzy==0.18.0",
29
+ "rapidocr==3.3.1",
30
+ "onnxruntime==1.22.0",
31
+ "rapidocr_onnxruntime==1.2.3",
32
+ "opencv-python==4.12.0.88",
33
+ "python-Levenshtein>=0.20.9",
34
+ "mss>=7.0.0",
35
+ "windows-capture>=1.0.0; sys_platform=='win32'"
36
+ ]
37
+
38
+ [project.urls]
39
+ Homepage = "https://github.com/AB498/computer-control-mcp"
40
+ Issues = "https://github.com/AB498/computer-control-mcp/issues"
41
+ Documentation = "https://github.com/AB498/computer-control-mcp#readme"
42
+
43
+ [project.scripts]
44
+ computer-control-mcp = "computer_control_mcp.cli:main"
45
+ computer-control-mcp-server = "computer_control_mcp.server:main"
46
+
47
+ [tool.hatch.build]
48
+ sources = ["src"]
49
+ packages = ["src/computer_control_mcp"]
50
+
51
+ [tool.hatch.build.targets.wheel]
52
+ packages = ["src/computer_control_mcp"]
@@ -0,0 +1,13 @@
1
+ # Smithery configuration file: https://smithery.ai/docs/config#smitheryyaml
2
+
3
+ startCommand:
4
+ type: stdio
5
+ configSchema:
6
+ # JSON Schema defining the configuration options for the MCP.
7
+ type: object
8
+ description: Empty config
9
+ commandFunction:
10
+ # A JS function that produces the CLI command based on the given config to start the MCP on stdio.
11
+ |-
12
+ (config) => ({ command: 'python', args: ['src/computer_control_mcp/core.py'] })
13
+ exampleConfig: {}
@@ -0,0 +1,12 @@
1
+ # Computer Control MCP Source Code
2
+
3
+ This directory contains the source code for the Computer Control MCP package.
4
+
5
+ ## Structure
6
+
7
+ - `computer_control_mcp/`: Main package directory
8
+ - `__init__.py`: Package initialization
9
+ - `__main__.py`: Entry point for running as a module
10
+ - `core.py`: Core functionality
11
+ - `cli.py`: Command-line interface
12
+ - `gui.py`: Graphical user interface for testing
@@ -0,0 +1,11 @@
1
+ """
2
+ Computer Control MCP - Python package for computer control via MCP.
3
+
4
+ This package provides computer control capabilities using PyAutoGUI through a
5
+ Model Context Protocol (MCP) server.
6
+ """
7
+
8
+ from computer_control_mcp.core import mcp, main
9
+
10
+ __version__ = "0.1.2"
11
+ __all__ = ["mcp", "main"]
@@ -0,0 +1,21 @@
1
+ """
2
+ Entry point for running the Computer Control MCP as a module.
3
+
4
+ This module serves as the main entry point for the package.
5
+ When executed directly (e.g., with `python -m computer_control_mcp`),
6
+ it will run the CLI interface.
7
+
8
+ For CLI functionality, use:
9
+ computer-control-mcp <command>
10
+ python -m computer_control_mcp <command>
11
+ """
12
+
13
+ from computer_control_mcp.cli import main as cli_main
14
+
15
+ def main():
16
+ """Main entry point for the package."""
17
+ # Run the CLI when the module is executed directly
18
+ cli_main()
19
+
20
+ if __name__ == "__main__":
21
+ main()