@indigoai-us/hq-cloud 5.1.0

package/dist/vault-client.test.js

@@ -0,0 +1,257 @@
+/**
+ * VaultClient unit tests (VLT-7 US-001).
+ *
+ * Uses mocked fetch to assert retry behavior, error mapping, and auth header injection.
+ */
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { VaultClient, VaultAuthError, VaultPermissionDeniedError, VaultNotFoundError, VaultConflictError, VaultClientError, } from "./vault-client.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function jsonResponse(status, body) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { "Content-Type": "application/json" },
+    });
+}
+function textResponse(status, body) {
+    return new Response(body, { status });
+}
+const TEST_CONFIG = {
+    apiUrl: "https://vault.test.example.com",
+    authToken: "test-jwt-token-123",
+};
+let client;
+let fetchSpy;
+beforeEach(() => {
+    client = new VaultClient(TEST_CONFIG);
+    fetchSpy = vi.spyOn(globalThis, "fetch");
+});
+afterEach(() => {
+    vi.restoreAllMocks();
+});
+// ---------------------------------------------------------------------------
+// Auth header injection
+// ---------------------------------------------------------------------------
+describe("auth header injection", () => {
+    it("sends Bearer token on every request", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, { members: [] }));
+        await client.listMembersOfCompany("cmp_abc");
+        expect(fetchSpy).toHaveBeenCalledTimes(1);
+        const [, init] = fetchSpy.mock.calls[0];
+        const headers = init.headers;
+        expect(headers.Authorization).toBe("Bearer test-jwt-token-123");
+    });
+    it("sets Content-Type on POST requests", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, { membership: {}, inviteToken: "tok" }));
+        await client.createInvite({
+            companyUid: "cmp_abc",
+            role: "member",
+            invitedBy: "psn_xyz",
+        });
+        const [, init] = fetchSpy.mock.calls[0];
+        const headers = init.headers;
+        expect(headers["Content-Type"]).toBe("application/json");
+    });
+});
+// ---------------------------------------------------------------------------
+// Error mapping
+// ---------------------------------------------------------------------------
+describe("error mapping", () => {
+    it("maps 401 to VaultAuthError", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(401, { message: "Token expired" }));
+        await expect(client.listMembersOfCompany("cmp_abc")).rejects.toThrow(VaultAuthError);
+    });
+    it("maps 403 to VaultPermissionDeniedError", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(403, { message: "Admin required" }));
+        await expect(client.listMembersOfCompany("cmp_abc")).rejects.toThrow(VaultPermissionDeniedError);
+    });
+    it("maps 404 to VaultNotFoundError", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(404, { message: "Not found" }));
+        await expect(client.entity.get("cmp_missing")).rejects.toThrow(VaultNotFoundError);
+    });
+    it("maps 409 to VaultConflictError", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(409, { message: "Already accepted" }));
+        await expect(client.acceptInvite("tok", "psn_abc")).rejects.toThrow(VaultConflictError);
+    });
+    it("preserves error message from response body", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(403, { message: "Only admins can invite" }));
+        try {
+            await client.createInvite({
+                companyUid: "cmp_abc",
+                role: "member",
+                invitedBy: "psn_xyz",
+            });
+            expect.fail("Should have thrown");
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(VaultPermissionDeniedError);
+            expect(err.message).toBe("Only admins can invite");
+        }
+    });
+    it("handles non-JSON error bodies gracefully", async () => {
+        fetchSpy.mockResolvedValueOnce(textResponse(404, "Not Found"));
+        try {
+            await client.entity.findBySlug("company", "test");
+            expect.fail("Should have thrown");
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(VaultNotFoundError);
+            expect(err.message).toBe("Not Found");
+        }
+    });
+});
+// ---------------------------------------------------------------------------
+// Retry behavior
+// ---------------------------------------------------------------------------
+describe("retry behavior", () => {
+    it("retries on 429 and succeeds on second attempt", async () => {
+        fetchSpy
+            .mockResolvedValueOnce(jsonResponse(429, { message: "Rate limited" }))
+            .mockResolvedValueOnce(jsonResponse(200, { members: [{ personUid: "psn_1" }] }));
+        const result = await client.listMembersOfCompany("cmp_abc");
+        expect(result).toHaveLength(1);
+        expect(fetchSpy).toHaveBeenCalledTimes(2);
+    });
+    it("retries on 500 and succeeds on third attempt", async () => {
+        fetchSpy
+            .mockResolvedValueOnce(jsonResponse(500, { message: "Internal error" }))
+            .mockResolvedValueOnce(jsonResponse(502, { message: "Bad gateway" }))
+            .mockResolvedValueOnce(jsonResponse(200, { membership: { role: "admin" } }));
+        const result = await client.updateRole({
+            membershipKey: "psn_1#cmp_abc",
+            newRole: "admin",
+            updaterUid: "psn_owner",
+            companyUid: "cmp_abc",
+        });
+        expect(result.role).toBe("admin");
+        expect(fetchSpy).toHaveBeenCalledTimes(3);
+    });
+    it("throws after exhausting all retries on persistent 500", async () => {
+        fetchSpy.mockImplementation(() => Promise.resolve(jsonResponse(500, { message: "Down" })));
+        await expect(client.listMembersOfCompany("cmp_abc")).rejects.toThrow(VaultClientError);
+        // 1 initial + 3 retries = 4
+        expect(fetchSpy).toHaveBeenCalledTimes(4);
+    });
+    it("does not retry on 401 (non-transient)", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(401, { message: "Expired" }));
+        await expect(client.listMembersOfCompany("cmp_abc")).rejects.toThrow(VaultAuthError);
+        expect(fetchSpy).toHaveBeenCalledTimes(1);
+    });
+    it("does not retry on 403 (non-transient)", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(403, { message: "Forbidden" }));
+        await expect(client.createInvite({
+            companyUid: "cmp_abc",
+            role: "member",
+            invitedBy: "psn_xyz",
+        })).rejects.toThrow(VaultPermissionDeniedError);
+        expect(fetchSpy).toHaveBeenCalledTimes(1);
+    });
+    it("retries on network errors (fetch throws)", async () => {
+        fetchSpy
+            .mockRejectedValueOnce(new Error("ECONNRESET"))
+            .mockResolvedValueOnce(jsonResponse(200, { members: [] }));
+        const result = await client.listMembersOfCompany("cmp_abc");
+        expect(result).toEqual([]);
+        expect(fetchSpy).toHaveBeenCalledTimes(2);
+    });
+});
+// ---------------------------------------------------------------------------
+// API surface
+// ---------------------------------------------------------------------------
+describe("API surface", () => {
+    it("createInvite sends correct body and URL", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
+            membership: { membershipKey: "psn_1#cmp_abc", role: "member", status: "pending" },
+            inviteToken: "tok_secure_random",
+        }));
+        const result = await client.createInvite({
+            companyUid: "cmp_abc",
+            role: "member",
+            invitedBy: "psn_owner",
+            inviteeEmail: "alice@example.com",
+        });
+        expect(result.inviteToken).toBe("tok_secure_random");
+        const [url, init] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/membership/invite");
+        expect(JSON.parse(init.body)).toEqual({
+            companyUid: "cmp_abc",
+            role: "member",
+            invitedBy: "psn_owner",
+            inviteeEmail: "alice@example.com",
+        });
+    });
+    it("acceptInvite sends token and personUid", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
+            membership: { status: "active", role: "member" },
+        }));
+        const result = await client.acceptInvite("tok_abc", "psn_invitee");
+        expect(result.membership.status).toBe("active");
+        const [url, init] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/membership/accept");
+        expect(JSON.parse(init.body)).toEqual({
+            token: "tok_abc",
+            personUid: "psn_invitee",
+        });
+    });
+    it("updateRole sends correct payload", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
+            membership: { role: "guest", allowedPrefixes: ["docs/"] },
+        }));
+        const result = await client.updateRole({
+            membershipKey: "psn_1#cmp_abc",
+            newRole: "guest",
+            allowedPrefixes: ["docs/"],
+            updaterUid: "psn_admin",
+            companyUid: "cmp_abc",
+        });
+        expect(result.role).toBe("guest");
+        expect(result.allowedPrefixes).toEqual(["docs/"]);
+        const [url, init] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/membership/role");
+        expect(JSON.parse(init.body)).toEqual({
+            membershipKey: "psn_1#cmp_abc",
+            newRole: "guest",
+            allowedPrefixes: ["docs/"],
+            updaterUid: "psn_admin",
+            companyUid: "cmp_abc",
+        });
+    });
+    it("entity.get calls correct URL", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
+            entity: { uid: "cmp_abc", slug: "acme", type: "company", status: "active" },
+        }));
+        const entity = await client.entity.get("cmp_abc");
+        expect(entity.slug).toBe("acme");
+        const [url] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/entity/cmp_abc");
+    });
+    it("entity.findBySlug calls correct URL", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
+            entity: { uid: "cmp_abc", slug: "acme", type: "company", status: "active" },
+        }));
+        const entity = await client.entity.findBySlug("company", "acme");
+        expect(entity.uid).toBe("cmp_abc");
+        const [url] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/entity/by-slug/company/acme");
+    });
+    it("revokeMembership calls POST /membership/revoke with companyUid", async () => {
+        fetchSpy.mockResolvedValueOnce(new Response(null, { status: 204 }));
+        await client.revokeMembership("psn_1#cmp_abc", "cmp_abc");
+        const [url, init] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/membership/revoke");
+        expect(init.method).toBe("POST");
+        expect(JSON.parse(init.body)).toEqual({
+            membershipKey: "psn_1#cmp_abc",
+            companyUid: "cmp_abc",
+        });
+    });
+    it("listPendingInvites calls correct URL", async () => {
+        fetchSpy.mockResolvedValueOnce(jsonResponse(200, { invites: [{ status: "pending" }] }));
+        const invites = await client.listPendingInvites("cmp_abc");
+        expect(invites).toHaveLength(1);
+        const [url] = fetchSpy.mock.calls[0];
+        expect(url).toBe("https://vault.test.example.com/membership/company/cmp_abc/pending");
+    });
+});
+//# sourceMappingURL=vault-client.test.js.map

package/dist/vault-client.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-client.test.js","sourceRoot":"","sources":["../src/vault-client.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAqB,MAAM,QAAQ,CAAC;AAC5F,OAAO,EACL,WAAW,EACX,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,YAAY,CAAC,MAAc,EAAE,IAAa;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,IAAY;IAChD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,gCAAgC;IACxC,SAAS,EAAE,oBAAoB;CAChC,CAAC;AAEF,IAAI,MAAmB,CAAC;AACxB,IAAI,QAAoC,CAAC;AAEzC,UAAU,CAAC,GAAG,EAAE;IACd,MAAM,GAAG,IAAI,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,EAAE,CAAC,eAAe,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CACnC,CAAC;QAEF,MAAM,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAE7C,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACjE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAiC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAC1D,CAAC;QAEF,MAAM,MAAM,CAAC,YAAY,CAAC;YACxB,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACjE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAiC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAChD,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CACjD,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACnG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAC5C,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACrF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CACnD,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CACzD,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,YAAY,CAAC;gBACxB,UAAU,EAAE,SAAS;gBACrB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,SAAS;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC;YACvD,MAAM,CAAE,GAAkC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,WAAW,CAAC,CAC/B,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAC/C,MAAM,CAAE,GAA0B,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,QAAQ;aACL,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;aACrE,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAEnF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,QAAQ;aACL,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC;aACvE,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;aACpE,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAE/E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC;YACrC,aAAa,EAAE,eAAe;YAC9B,OAAO,EAAE,OAAO;YAChB,UAAU,EAAE,WAAW;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAC/B,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CACxD,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvF,4BAA4B;QAC5B,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,QAAQ,CAAC,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAE1E,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACrF,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,QAAQ,CAAC,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QAE5E,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC;YAC/B,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QAChD,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,QAAQ;aACL,qBAAqB,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;aAC9C,qBAAqB,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE;YAChB,UAAU,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE;YACjF,WAAW,EAAE,mBAAmB;SACjC,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;YACvC,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,WAAW;YACtB,YAAY,EAAE,mBAAmB;SAClC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAErD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,WAAW;YACtB,YAAY,EAAE,mBAAmB;SAClC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE;YAChB,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE;SACjD,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEhD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,KAAK,EAAE,SAAS;YAChB,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE;YAChB,UAAU,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,OAAO,CAAC,EAAE;SAC1D,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC;YACrC,aAAa,EAAE,eAAe;YAC9B,OAAO,EAAE,OAAO;YAChB,eAAe,EAAE,CAAC,OAAO,CAAC;YAC1B,UAAU,EAAE,WAAW;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAElD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACnE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,aAAa,EAAE,eAAe;YAC9B,OAAO,EAAE,OAAO;YAChB,eAAe,EAAE,CAAC,OAAO,CAAC;YAC1B,UAAU,EAAE,WAAW;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE;YAChB,MAAM,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;SAC5E,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEjC,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAa,CAAC;QACjD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE;YAChB,MAAM,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;SAC5E,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACjE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnC,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAa,CAAC;QACjD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,QAAQ,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,CAAC,gBAAgB,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAE1D,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,aAAa,EAAE,eAAe;YAC9B,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,QAAQ,CAAC,qBAAqB,CAC5B,YAAY,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CACxD,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEhC,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAa,CAAC;QACjD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/watcher.d.ts

@@ -0,0 +1,18 @@
+/**
+ * File watcher — monitors HQ directory for changes
+ * Uses chokidar with debounced batching
+ */
+export declare class SyncWatcher {
+    private watcher;
+    private hqRoot;
+    private shouldSync;
+    private pendingChanges;
+    private debounceTimer;
+    private processing;
+    constructor(hqRoot: string);
+    start(): void;
+    stop(): void;
+    private queueChange;
+    private flush;
+}
+//# sourceMappingURL=watcher.d.ts.map

package/dist/watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher.d.ts","sourceRoot":"","sources":["../src/watcher.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkBH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,aAAa,CAA8C;IACnE,OAAO,CAAC,UAAU,CAAS;gBAEf,MAAM,EAAE,MAAM;IAK1B,KAAK,IAAI,IAAI;IAoBb,IAAI,IAAI,IAAI;IAWZ,OAAO,CAAC,WAAW;YAqBL,KAAK;CA2CpB"}

package/dist/watcher.js

@@ -0,0 +1,106 @@
+/**
+ * File watcher — monitors HQ directory for changes
+ * Uses chokidar with debounced batching
+ */
+import * as fs from "fs";
+import * as path from "path";
+import { watch } from "chokidar";
+import { createIgnoreFilter, isWithinSizeLimit } from "./ignore.js";
+import { readJournal, writeJournal, hashFile, updateEntry } from "./journal.js";
+import { uploadFile, deleteRemoteFile } from "./s3.js";
+const DEBOUNCE_MS = 2000;
+export class SyncWatcher {
+    watcher = null;
+    hqRoot;
+    shouldSync;
+    pendingChanges = new Map();
+    debounceTimer = null;
+    processing = false;
+    constructor(hqRoot) {
+        this.hqRoot = hqRoot;
+        this.shouldSync = createIgnoreFilter(hqRoot);
+    }
+    start() {
+        if (this.watcher)
+            return;
+        this.watcher = watch(this.hqRoot, {
+            ignored: (filePath) => !this.shouldSync(filePath),
+            persistent: true,
+            ignoreInitial: true,
+            awaitWriteFinish: {
+                stabilityThreshold: 500,
+                pollInterval: 100,
+            },
+        });
+        this.watcher
+            .on("add", (p) => this.queueChange("add", p))
+            .on("change", (p) => this.queueChange("change", p))
+            .on("unlink", (p) => this.queueChange("unlink", p))
+            .on("error", (err) => console.error("Watcher error:", err));
+    }
+    stop() {
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+            this.debounceTimer = null;
+        }
+    }
+    queueChange(type, absolutePath) {
+        const relativePath = path.relative(this.hqRoot, absolutePath);
+        // Skip files that exceed size limit
+        if (type !== "unlink" && !isWithinSizeLimit(absolutePath)) {
+            return;
+        }
+        this.pendingChanges.set(relativePath, {
+            type,
+            absolutePath,
+            relativePath,
+        });
+        // Debounce: wait for DEBOUNCE_MS of quiet before processing
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+        }
+        this.debounceTimer = setTimeout(() => this.flush(), DEBOUNCE_MS);
+    }
+    async flush() {
+        if (this.processing || this.pendingChanges.size === 0)
+            return;
+        this.processing = true;
+        const batch = new Map(this.pendingChanges);
+        this.pendingChanges.clear();
+        const journal = readJournal(this.hqRoot);
+        for (const [relativePath, change] of batch) {
+            try {
+                if (change.type === "unlink") {
+                    await deleteRemoteFile(relativePath);
+                    delete journal.files[relativePath];
+                }
+                else {
+                    const hash = hashFile(change.absolutePath);
+                    const stat = fs.statSync(change.absolutePath);
+                    // Skip if unchanged from last sync
+                    const existing = journal.files[relativePath];
+                    if (existing && existing.hash === hash)
+                        continue;
+                    await uploadFile(change.absolutePath, relativePath);
+                    updateEntry(journal, relativePath, hash, stat.size, "up");
+                }
+            }
+            catch (err) {
+                console.error(`Sync error [${relativePath}]:`, err instanceof Error ? err.message : err);
+                // Re-queue failed changes
+                this.pendingChanges.set(relativePath, change);
+            }
+        }
+        writeJournal(this.hqRoot, journal);
+        this.processing = false;
+        // Process any changes that came in while we were flushing
+        if (this.pendingChanges.size > 0) {
+            this.debounceTimer = setTimeout(() => this.flush(), DEBOUNCE_MS);
+        }
+    }
+}
+//# sourceMappingURL=watcher.js.map

package/dist/watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher.js","sourceRoot":"","sources":["../src/watcher.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEjC,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEvD,MAAM,WAAW,GAAG,IAAI,CAAC;AAQzB,MAAM,OAAO,WAAW;IACd,OAAO,GAAqB,IAAI,CAAC;IACjC,MAAM,CAAS;IACf,UAAU,CAAgC;IAC1C,cAAc,GAAG,IAAI,GAAG,EAAyB,CAAC;IAClD,aAAa,GAAyC,IAAI,CAAC;IAC3D,UAAU,GAAG,KAAK,CAAC;IAE3B,YAAY,MAAc;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QAEzB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE;YAChC,OAAO,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YACzD,UAAU,EAAE,IAAI;YAChB,aAAa,EAAE,IAAI;YACnB,gBAAgB,EAAE;gBAChB,kBAAkB,EAAE,GAAG;gBACvB,YAAY,EAAE,GAAG;aAClB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO;aACT,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;aAC5C,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;aAClD,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;aAClD,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,IAAiC,EAAE,YAAoB;QACzE,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAE9D,oCAAoC;QACpC,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1D,OAAO;QACT,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE;YACpC,IAAI;YACJ,YAAY;YACZ,YAAY;SACb,CAAC,CAAC;QAEH,4DAA4D;QAC5D,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,WAAW,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,KAAK;QACjB,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO;QAC9D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3C,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAE5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEzC,KAAK,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YAC3C,IAAI,CAAC;gBACH,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7B,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;oBACrC,OAAO,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBACrC,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;oBAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;oBAE9C,mCAAmC;oBACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBAC7C,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;wBAAE,SAAS;oBAEjD,MAAM,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;oBACpD,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,eAAe,YAAY,IAAI,EAC/B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CACzC,CAAC;gBACF,0BAA0B;gBAC1B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAExB,0DAA0D;QAC1D,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,WAAW,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;CACF"}

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@indigoai-us/hq-cloud",
+  "version": "5.1.0",
+  "description": "HQ by Indigo cloud sync engine — bidirectional S3 sync for mobile access",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@aws-sdk/client-s3": "^3.700.0",
+    "@aws-sdk/client-cognito-identity": "^3.700.0",
+    "@aws-sdk/credential-providers": "^3.700.0",
+    "chokidar": "^4.0.0",
+    "ignore": "^6.0.0",
+    "open": "^10.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.7.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/indigoai-us/hq.git",
+    "directory": "packages/hq-cloud"
+  },
+  "keywords": ["hq", "sync", "s3", "cloud"],
+  "license": "MIT",
+  "type": "module"
+}

package/src/auth.ts

@@ -0,0 +1,146 @@
+/**
+ * Authentication — OAuth flow with IndigoAI
+ * Opens browser for sign-in, receives tokens via localhost callback
+ */
+
+import * as fs from "fs";
+import * as path from "path";
+import * as http from "http";
+import open from "open";
+import type { Credentials } from "./types.js";
+
+const AUTH_URL = "https://hq.indigoai.com/auth";
+const CALLBACK_PORT = 19847;
+const CREDS_DIR = path.join(
+  process.env.HOME || process.env.USERPROFILE || "~",
+  ".hq"
+);
+const CREDS_FILE = path.join(CREDS_DIR, "credentials.json");
+
+export function hasCredentials(): boolean {
+  return fs.existsSync(CREDS_FILE);
+}
+
+export function readCredentials(): Credentials | null {
+  if (!fs.existsSync(CREDS_FILE)) return null;
+  try {
+    const content = fs.readFileSync(CREDS_FILE, "utf-8");
+    return JSON.parse(content) as Credentials;
+  } catch {
+    return null;
+  }
+}
+
+export function writeCredentials(creds: Credentials): void {
+  if (!fs.existsSync(CREDS_DIR)) {
+    fs.mkdirSync(CREDS_DIR, { recursive: true });
+  }
+  fs.writeFileSync(CREDS_FILE, JSON.stringify(creds, null, 2), { mode: 0o600 });
+}
+
+export function clearCredentials(): void {
+  if (fs.existsSync(CREDS_FILE)) {
+    fs.unlinkSync(CREDS_FILE);
+  }
+}
+
+/**
+ * Start OAuth flow:
+ * 1. Open browser to AUTH_URL with callback port
+ * 2. Start localhost server to receive tokens
+ * 3. Store credentials
+ */
+export async function authenticate(): Promise<Credentials> {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url || "", `http://localhost:${CALLBACK_PORT}`);
+
+      if (url.pathname === "/callback") {
+        const token = url.searchParams.get("token");
+        const refreshToken = url.searchParams.get("refresh_token");
+        const userId = url.searchParams.get("user_id");
+        const bucket = url.searchParams.get("bucket");
+        const region = url.searchParams.get("region") || "us-east-1";
+        const teamId = url.searchParams.get("team_id");
+
+        if (!token || !refreshToken || !userId || !bucket) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end("<h1>Authentication failed</h1><p>Missing required parameters. Please try again.</p>");
+          server.close();
+          reject(new Error("Authentication failed: missing parameters"));
+          return;
+        }
+
+        const creds: Credentials = {
+          accessKeyId: "", // Will be populated via STS
+          secretAccessKey: "",
+          refreshToken,
+          userId,
+          bucket,
+          region,
+          ...(teamId ? { teamId } : {}),
+        };
+
+        writeCredentials(creds);
+
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<h1>Authenticated!</h1><p>You can close this window and return to your terminal.</p>"
+        );
+
+        server.close();
+        resolve(creds);
+      }
+    });
+
+    server.listen(CALLBACK_PORT, () => {
+      const authUrl = `${AUTH_URL}?callback=http://localhost:${CALLBACK_PORT}/callback`;
+      console.log(`  Opening browser for authentication...`);
+      console.log(`  If browser doesn't open, visit: ${authUrl}`);
+      open(authUrl).catch(() => {
+        // If open fails, user can manually visit the URL
+      });
+    });
+
+    // Timeout after 5 minutes
+    setTimeout(() => {
+      server.close();
+      reject(new Error("Authentication timed out after 5 minutes"));
+    }, 5 * 60 * 1000);
+  });
+}
+
+/**
+ * Refresh temporary AWS credentials using refresh token
+ */
+export async function refreshAwsCredentials(
+  creds: Credentials
+): Promise<Credentials> {
+  const response = await fetch("https://hq.indigoai.com/api/auth/refresh", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ refreshToken: creds.refreshToken }),
+  });
+
+  if (!response.ok) {
+    throw new Error(`Failed to refresh credentials: ${response.statusText}`);
+  }
+
+  const data = (await response.json()) as {
+    accessKeyId: string;
+    secretAccessKey: string;
+    sessionToken: string;
+    expiration: string;
+  };
+
+  const updated: Credentials = {
+    ...creds,
+    accessKeyId: data.accessKeyId,
+    secretAccessKey: data.secretAccessKey,
+    sessionToken: data.sessionToken,
+    expiration: data.expiration,
+  };
+
+  writeCredentials(updated);
+  return updated;
+}