@inharness-ai/claude4spec 1.0.6 → 1.0.8

package/dist/server/services/remote-http-client.js

@@ -0,0 +1,172 @@
+/**
+ * M24 — the single abstraction over `fetch` to the remote claude4spec-API.
+ * Owned by M24, consumed by future M25; no other module talks to the remote
+ * directly. Base URL = `config.remoteApiUrl ?? PROD_REMOTE_URL` (the override is
+ * dev/staging only — it is never persisted to `remote_session`, never logged,
+ * and is not a secret). The Bearer is injected into owner-only calls only;
+ * `/v1/auth/device/*` are unauthenticated.
+ *
+ * The remote wire contracts mirrored below are the claude4spec-api M02/M03 DTOs
+ * (`@c4s/types`), duplicated here as local interfaces because the two repos do
+ * not share a package.
+ */
+import { createReadStream } from 'node:fs';
+/** Hardcoded production remote. `config.remoteApiUrl` overrides for dev/staging. */
+export const PROD_REMOTE_URL = 'https://claude4spec.inharness.ai';
+/**
+ * Thrown when an owner-only remote call returns 401 — the caller must clear the
+ * local `remote_session` and force a fresh device flow.
+ */
+export class RemoteUnauthorizedError extends Error {
+    constructor(message = 'remote session expired') {
+        super(message);
+        this.name = 'RemoteUnauthorizedError';
+    }
+}
+/** Thrown for transport-level failures (connection refused / 5xx / unexpected shape). */
+export class RemoteRequestError extends Error {
+    status;
+    constructor(message, status) {
+        super(message);
+        this.status = status;
+        this.name = 'RemoteRequestError';
+    }
+}
+export class RemoteHttpClient {
+    baseUrl;
+    constructor(remoteApiUrl) {
+        this.baseUrl = (remoteApiUrl ?? PROD_REMOTE_URL).replace(/\/+$/, '');
+    }
+    get base() {
+        return this.baseUrl;
+    }
+    /** POST /v1/auth/device/code — unauthenticated. Initiates the device flow. */
+    async startDeviceFlow() {
+        const res = await this.fetchRemote('/v1/auth/device/code', { method: 'POST' });
+        if (!res.ok)
+            throw new RemoteRequestError(`device/code failed (HTTP ${res.status})`, res.status);
+        return (await res.json());
+    }
+    /**
+     * POST /v1/auth/device/token — unauthenticated, authorized by the device_code
+     * itself. 200 → token (issued once); 400 → polling-state envelope
+     * (authorization_pending / slow_down / terminal).
+     */
+    async pollDeviceToken(deviceCode) {
+        const res = await this.fetchRemote('/v1/auth/device/token', {
+            method: 'POST',
+            headers: { 'content-type': 'application/json' },
+            body: JSON.stringify({ device_code: deviceCode }),
+        });
+        if (res.ok) {
+            return { ok: true, token: (await res.json()) };
+        }
+        if (res.status === 400) {
+            const body = (await res.json().catch(() => null));
+            if (body?.error)
+                return { ok: false, error: body.error, description: body.error_description };
+        }
+        throw new RemoteRequestError(`device/token failed (HTTP ${res.status})`, res.status);
+    }
+    /** GET /v1/account — owner-only (Bearer). 401 → RemoteUnauthorizedError. */
+    async getAccount(accessToken) {
+        const res = await this.fetchRemote('/v1/account', {
+            method: 'GET',
+            headers: { authorization: `Bearer ${accessToken}` },
+        });
+        if (res.status === 401)
+            throw new RemoteUnauthorizedError();
+        if (!res.ok)
+            throw new RemoteRequestError(`GET /v1/account failed (HTTP ${res.status})`, res.status);
+        return (await res.json());
+    }
+    /**
+     * POST /v1/projects — first push. Streams the bundle as octet-stream and
+     * creates a new remote project named `projectName`. 401 → RemoteUnauthorizedError;
+     * any other non-2xx → RemoteRequestError (message from the remote error envelope).
+     */
+    async createProject(accessToken, payload, projectName) {
+        const res = await this.streamBundle('/v1/projects', accessToken, payload, {
+            'x-project-name': projectName,
+        });
+        if (res.status === 401)
+            throw new RemoteUnauthorizedError();
+        if (!res.ok) {
+            throw new RemoteRequestError(await this.errorMessageFrom(res, `POST /v1/projects failed (HTTP ${res.status})`), res.status);
+        }
+        return (await res.json());
+    }
+    /**
+     * POST /v1/projects/:remoteProjectId/releases — subsequent push (no
+     * X-Project-Name). 200 = deduplicated hit, 201 = fresh release; both carry the
+     * `deduplicated` flag. 401 → RemoteUnauthorizedError; other non-2xx → RemoteRequestError.
+     */
+    async pushRelease(accessToken, remoteProjectId, payload) {
+        const res = await this.streamBundle(`/v1/projects/${encodeURIComponent(remoteProjectId)}/releases`, accessToken, payload);
+        if (res.status === 401)
+            throw new RemoteUnauthorizedError();
+        if (!res.ok) {
+            throw new RemoteRequestError(await this.errorMessageFrom(res, `POST /v1/projects/:id/releases failed (HTTP ${res.status})`), res.status);
+        }
+        return (await res.json());
+    }
+    /** Streams `tarGzPath` as application/octet-stream with the integrity + auth headers. */
+    streamBundle(path, accessToken, payload, extraHeaders = {}) {
+        const headers = {
+            'content-type': 'application/octet-stream',
+            'content-length': String(payload.sizeBytes),
+            'x-content-sha256': payload.sha256,
+            authorization: `Bearer ${accessToken}`,
+            ...extraHeaders,
+        };
+        // `duplex: 'half'` is required by undici when the body is a stream; it is not
+        // yet in the DOM RequestInit type, hence the cast.
+        return this.fetchRemote(path, {
+            method: 'POST',
+            headers,
+            body: createReadStream(payload.tarGzPath),
+            duplex: 'half',
+        });
+    }
+    /** Best-effort human message from a remote error response (`{error:{message|code}}` or NestJS `{message}`). */
+    async errorMessageFrom(res, fallback) {
+        try {
+            const body = (await res.json());
+            if (body?.error?.message)
+                return body.error.message;
+            if (body?.error?.code)
+                return body.error.code;
+            if (typeof body?.message === 'string')
+                return body.message;
+        }
+        catch {
+            /* non-JSON body — fall through */
+        }
+        return fallback;
+    }
+    async fetchRemote(path, init) {
+        try {
+            return await fetch(`${this.baseUrl}${path}`, init);
+        }
+        catch (err) {
+            throw new RemoteRequestError(`request to remote ${path} failed: ${err.message}`);
+        }
+    }
+}
+/**
+ * Startup reachability check for an explicit `config.remoteApiUrl` override.
+ * "Reachable" = the host answers at all (any HTTP status); only a transport
+ * failure / timeout counts as unreachable. No fallback to PROD_REMOTE_URL — an
+ * explicit override must be honoured or reported (brief §1). Throws with the
+ * exact contract message.
+ */
+export async function assertRemoteApiReachable(remoteApiUrl, timeoutMs = 3000) {
+    const base = remoteApiUrl.replace(/\/+$/, '');
+    try {
+        await fetch(`${base}/v1/health`, { method: 'HEAD', signal: AbortSignal.timeout(timeoutMs) });
+    }
+    catch {
+        throw new Error(`config.json: field 'remoteApiUrl': invalid URL or unreachable host`);
+    }
+}
+//# sourceMappingURL=remote-http-client.js.map

package/dist/server/services/remote-http-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-http-client.js","sourceRoot":"","sources":["../../../src/server/services/remote-http-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,oFAAoF;AACpF,MAAM,CAAC,MAAM,eAAe,GAAG,kCAAkC,CAAC;AA4ElE;;;GAGG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAO,GAAG,wBAAwB;QAC5C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,yFAAyF;AACzF,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IACP;IAApC,YAAY,OAAe,EAAS,MAAe;QACjD,KAAK,CAAC,OAAO,CAAC,CAAC;QADmB,WAAM,GAAN,MAAM,CAAS;QAEjD,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IACV,OAAO,CAAS;IAEjC,YAAY,YAAuC;QACjD,IAAI,CAAC,OAAO,GAAG,CAAC,YAAY,IAAI,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,eAAe;QACnB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/E,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAkB,CAAC,4BAA4B,GAAG,CAAC,MAAM,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACjG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB;QACtC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;SAClD,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,EAAE,CAAC;QACxE,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAoC,CAAC;YACrF,IAAI,IAAI,EAAE,KAAK;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChG,CAAC;QACD,MAAM,IAAI,kBAAkB,CAAC,6BAA6B,GAAG,CAAC,MAAM,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvF,CAAC;IAED,4EAA4E;IAC5E,KAAK,CAAC,UAAU,CAAC,WAAmB;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE;YAChD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,uBAAuB,EAAE,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAkB,CAAC,gCAAgC,GAAG,CAAC,MAAM,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACrG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,WAAmB,EACnB,OAA0B,EAC1B,WAAmB;QAEnB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,WAAW,EAAE,OAAO,EAAE;YACxE,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,uBAAuB,EAAE,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,kCAAkC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9H,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAC;IACrD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CACf,WAAmB,EACnB,eAAuB,EACvB,OAA0B;QAE1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CACjC,gBAAgB,kBAAkB,CAAC,eAAe,CAAC,WAAW,EAC9D,WAAW,EACX,OAAO,CACR,CAAC;QACF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,uBAAuB,EAAE,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,+CAA+C,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3I,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAC;IACnD,CAAC;IAED,yFAAyF;IACjF,YAAY,CAClB,IAAY,EACZ,WAAmB,EACnB,OAA0B,EAC1B,eAAuC,EAAE;QAEzC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,0BAA0B;YAC1C,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;YAC3C,kBAAkB,EAAE,OAAO,CAAC,MAAM;YAClC,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,GAAG,YAAY;SAChB,CAAC;QACF,8EAA8E;QAC9E,mDAAmD;QACnD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAwB;YAChE,MAAM,EAAE,MAAM;SACA,CAAC,CAAC;IACpB,CAAC;IAED,+GAA+G;IACvG,KAAK,CAAC,gBAAgB,CAAC,GAAa,EAAE,QAAgB;QAC5D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAEtB,CAAC;YACT,IAAI,IAAI,EAAE,KAAK,EAAE,OAAO;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;YACpD,IAAI,IAAI,EAAE,KAAK,EAAE,IAAI;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;YAC9C,IAAI,OAAO,IAAI,EAAE,OAAO,KAAK,QAAQ;gBAAE,OAAO,IAAI,CAAC,OAAO,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,IAAiB;QACvD,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,kBAAkB,CAAC,qBAAqB,IAAI,YAAa,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,YAAoB,EAAE,SAAS,GAAG,IAAI;IACnF,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,GAAG,IAAI,YAAY,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC/F,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;AACH,CAAC"}

package/dist/shared/release-push.d.ts

@@ -0,0 +1,49 @@
+/**
+ * M25 Release Push — DTOs exposed by `/api/release-pushes/*` to the c4s client.
+ * These are M25's OWN surface, decoupled from the remote-API wire format
+ * (claude4spec-api). The backend (`release-push.ts`) maps a `release_push` row
+ * onto these camelCase shapes and joins `spec_release` for the nested release
+ * meta (so the UI does not need a second fetch).
+ */
+/** Body of `POST /api/release-pushes`. */
+export interface ReleasePushRequest {
+    /** FK to `spec_release.id` — the local release to push. */
+    releaseId: number;
+}
+/**
+ * Response of `POST /api/release-pushes` (success or dedup hit) and
+ * `GET /api/release-pushes/:id`. A full `release_push` row in camelCase plus a
+ * nested snapshot of the local release meta. GET endpoints return rows of both
+ * statuses; POST never returns a `status='error'` row (errors → 502 with a
+ * different envelope).
+ */
+export interface ReleasePushResponse {
+    id: number;
+    releaseId: number;
+    release: {
+        id: number;
+        name: string;
+    };
+    remoteProjectId: string;
+    /** NULL/undefined for status='error'. */
+    remoteReleaseId?: string;
+    /** NULL/undefined for status='error'. */
+    remoteReleaseSequence?: number;
+    /** lowercase hex64 — /^[0-9a-f]{64}$/. */
+    contentSha256: string;
+    contentSizeBytes: number;
+    deduplicated: boolean;
+    pushedByAccountId: string;
+    /** Cached identity — may be stale. */
+    pushedByAccountEmail?: string;
+    bundleSchemaVersion: number;
+    status: 'success' | 'error';
+    /** Only for status='error'. */
+    errorMessage?: string;
+    /** ISO 8601. */
+    pushedAt: string;
+}
+/** Response of `GET /api/release-pushes`. */
+export interface ReleasePushListResponse {
+    items: ReleasePushResponse[];
+}

package/dist/shared/release-push.js

@@ -0,0 +1,9 @@
+/**
+ * M25 Release Push — DTOs exposed by `/api/release-pushes/*` to the c4s client.
+ * These are M25's OWN surface, decoupled from the remote-API wire format
+ * (claude4spec-api). The backend (`release-push.ts`) maps a `release_push` row
+ * onto these camelCase shapes and joins `spec_release` for the nested release
+ * meta (so the UI does not need a second fetch).
+ */
+export {};
+//# sourceMappingURL=release-push.js.map

package/dist/shared/release-push.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"release-push.js","sourceRoot":"","sources":["../../src/shared/release-push.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/shared/remote-account.d.ts

@@ -0,0 +1,58 @@
+/**
+ * M24 Remote Account — DTOs exposed by `/api/remote-account/*` to the c4s
+ * client. These are M24's OWN surface, intentionally decoupled from the
+ * remote-API wire format (claude4spec-api `@c4s/types`). The backend
+ * (`remote-auth.ts`) maps the remote's device-flow contract onto these shapes.
+ */
+/**
+ * `POST /api/remote-account/login/start` — device flow initiated. The raw
+ * `device_code` is NOT exposed: the backend keeps it in memory (single flow per
+ * c4s instance) and supplies it itself when polling, so the secret never lands
+ * in the browser.
+ */
+export interface DeviceLoginStartResponse {
+    /** Short human-readable code (format `XXXX-XXXX`) typed on the verification page. */
+    user_code: string;
+    /** Verification page URL without the code (fallback). */
+    verification_uri: string;
+    /** Verification URL with the code prefilled — primary CTA (qr-code-ready). */
+    verification_uri_complete: string;
+    /** Seconds between polls; the client increases it when the remote says `slow_down`. */
+    interval: number;
+    /** Flow TTL in seconds; once exceeded the flow goes terminal `expired`. */
+    expires_in: number;
+}
+/**
+ * Status surfaced by `POST /api/remote-account/login/poll`. Non-terminal:
+ * `pending` / `slow_down` (keep polling). Terminal: `authorized` (session
+ * saved) and `expired` / `denied` / `invalid` (stop). Mapped from the remote
+ * device-token enum (`authorization_pending | slow_down | expired_token |
+ * access_denied | invalid_grant`).
+ */
+export type DeviceLoginStatus = 'pending' | 'slow_down' | 'authorized' | 'expired' | 'denied' | 'invalid';
+export interface DeviceLoginPollResponse {
+    status: DeviceLoginStatus;
+    /** Only for `slow_down` — new recommended interval (seconds). */
+    interval?: number;
+    /** User-facing message for terminal errors. */
+    message?: string;
+    /** Only for `authorized` — lets the UI jump straight to "connected as X" without a follow-up GET. */
+    account?: RemoteAccountResponse;
+}
+/**
+ * `GET /api/remote-account` — the sidebar's identity source. NEVER exposes
+ * `access_token`. Stable contract consumed by the sidebar (TanStack Query key
+ * `["remote-account"]`) and, later, by M25 publish.
+ */
+export interface RemoteAccountResponse {
+    /** `true` when a `remote_session` row exists. */
+    connected: boolean;
+    /** UUID of the remote account (`remote_session.remote_account_id`). */
+    remoteAccountId?: string;
+    /** UI label — the only "connected as X" identity the remote exposes. */
+    accountEmail?: string;
+    /** `deactivated` blocks publish (M25). */
+    accountStatus?: 'active' | 'deactivated';
+    /** ISO 8601 from `remote_session.connected_at`. */
+    connectedAt?: string;
+}

package/dist/shared/remote-account.js

@@ -0,0 +1,8 @@
+/**
+ * M24 Remote Account — DTOs exposed by `/api/remote-account/*` to the c4s
+ * client. These are M24's OWN surface, intentionally decoupled from the
+ * remote-API wire format (claude4spec-api `@c4s/types`). The backend
+ * (`remote-auth.ts`) maps the remote's device-flow contract onto these shapes.
+ */
+export {};
+//# sourceMappingURL=remote-account.js.map

package/dist/shared/remote-account.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-account.js","sourceRoot":"","sources":["../../src/shared/remote-account.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/shared/types.d.ts

@@ -67,6 +67,7 @@ export type WsEvent = {
 } | {
     kind: 'briefs:changed';
     path?: string;
+    origin?: 'server' | 'external';
 } | {
     kind: 'patches:changed';
     path?: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inharness-ai/claude4spec",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Plan the whole system before your agent writes a line of code. Local-first planning layer with structured entities and typed relations.",
   "license": "MIT",
   "author": "Michael Tomala <mi.tomala@gmail.com>",
@@ -87,6 +87,7 @@
     "react-markdown": "^9.1.0",
     "rehype-highlight": "^7.0.2",
     "remark-gfm": "^4.0.1",
+    "tar": "^7.5.15",
     "tiptap-markdown": "^0.8.10",
     "ws": "^8.18.0",
     "zod": "^4.3.6",

package/dist/client/assets/channel-mXCQ_joU.js

@@ -1 +0,0 @@
-import{ai as o,aj as n}from"./mermaid.core-Dwygsmt4.js";const t=(a,r)=>o.lang.round(n.parse(a)[r]);export{t as c};

package/dist/client/assets/classDiagram-4FO5ZUOK-CvLk0Sg1.js

@@ -1 +0,0 @@
-import{s as a,c as s,a as e,C as t}from"./chunk-727SXJPM-CvT-ppRD.js";import{_ as i}from"./mermaid.core-Dwygsmt4.js";import"./chunk-FMBD7UC4-DlnsCvyP.js";import"./chunk-ND2GUHAM-Cv4kIfqi.js";import"./chunk-55IACEB6-B513D_Oz.js";import"./chunk-2J33WTMH-Bwc9B4Id.js";import"./index-CUhhC6SY.js";var n={parser:e,get db(){return new t},renderer:s,styles:a,init:i(r=>{r.class||(r.class={}),r.class.arrowMarkerAbsolute=r.arrowMarkerAbsolute},"init")};export{n as diagram};

package/dist/client/assets/classDiagram-v2-Q7XG4LA2-CvLk0Sg1.js

@@ -1 +0,0 @@
-import{s as a,c as s,a as e,C as t}from"./chunk-727SXJPM-CvT-ppRD.js";import{_ as i}from"./mermaid.core-Dwygsmt4.js";import"./chunk-FMBD7UC4-DlnsCvyP.js";import"./chunk-ND2GUHAM-Cv4kIfqi.js";import"./chunk-55IACEB6-B513D_Oz.js";import"./chunk-2J33WTMH-Bwc9B4Id.js";import"./index-CUhhC6SY.js";var n={parser:e,get db(){return new t},renderer:s,styles:a,init:i(r=>{r.class||(r.class={}),r.class.arrowMarkerAbsolute=r.arrowMarkerAbsolute},"init")};export{n as diagram};