@juspay/neurolink 9.13.0 → 9.15.0

package/dist/auth/index.d.ts

@@ -0,0 +1,20 @@
+/**
+ * NeuroLink Authentication Module
+ *
+ * Provides OAuth 2.0 authentication support for Claude Pro/Max subscriptions
+ * and secure token storage.
+ *
+ * Key components:
+ * - AnthropicOAuth: OAuth 2.0 flow implementation with PKCE support
+ * - TokenStore: Secure local storage for OAuth tokens
+ * - Callback Server: Local HTTP server for OAuth redirects
+ */
+export { ANTHROPIC_OAUTH_BASE_URL, DEFAULT_SCOPES, DEFAULT_REDIRECT_URI, DEFAULT_CALLBACK_PORT, } from "./anthropicOAuth.js";
+export { AnthropicOAuth } from "./anthropicOAuth.js";
+export { OAuthError, OAuthConfigurationError, OAuthTokenExchangeError, OAuthTokenRefreshError, OAuthTokenValidationError, OAuthTokenRevocationError, OAuthCallbackServerError, } from "./anthropicOAuth.js";
+export { createAnthropicOAuth, createAnthropicOAuthConfig, hasAnthropicOAuthCredentials, startCallbackServer, stopCallbackServer, performOAuthFlow, } from "./anthropicOAuth.js";
+export type { OAuthTokenResponse, OAuthFlowTokens, OAuthFlowTokens as OAuthTokens, TokenValidationResult, AnthropicOAuthConfig, PKCEParams, CallbackResult, } from "./anthropicOAuth.js";
+export { TokenStore, tokenStore, defaultTokenStore } from "./tokenStore.js";
+export { TokenStoreError } from "./tokenStore.js";
+export type { StoredOAuthTokens, OAuthTokens as StoredOAuthTokensLegacy, TokenRefresher, } from "./tokenStore.js";
+export type { NeuroLinkAuthOptions, AuthStatus, } from "../types/subscriptionTypes.js";

package/dist/auth/index.js

@@ -0,0 +1,29 @@
+/**
+ * NeuroLink Authentication Module
+ *
+ * Provides OAuth 2.0 authentication support for Claude Pro/Max subscriptions
+ * and secure token storage.
+ *
+ * Key components:
+ * - AnthropicOAuth: OAuth 2.0 flow implementation with PKCE support
+ * - TokenStore: Secure local storage for OAuth tokens
+ * - Callback Server: Local HTTP server for OAuth redirects
+ */
+// =============================================================================
+// ANTHROPIC OAUTH - OAuth 2.0 Authentication
+// =============================================================================
+// OAuth Constants
+export { ANTHROPIC_OAUTH_BASE_URL, DEFAULT_SCOPES, DEFAULT_REDIRECT_URI, DEFAULT_CALLBACK_PORT, } from "./anthropicOAuth.js";
+// Main OAuth class
+export { AnthropicOAuth } from "./anthropicOAuth.js";
+// OAuth error classes (canonical definitions in types/errors.ts)
+export { OAuthError, OAuthConfigurationError, OAuthTokenExchangeError, OAuthTokenRefreshError, OAuthTokenValidationError, OAuthTokenRevocationError, OAuthCallbackServerError, } from "./anthropicOAuth.js";
+// OAuth helper functions
+export { createAnthropicOAuth, createAnthropicOAuthConfig, hasAnthropicOAuthCredentials, startCallbackServer, stopCallbackServer, performOAuthFlow, } from "./anthropicOAuth.js";
+// =============================================================================
+// TOKEN STORE - Secure Token Storage
+// =============================================================================
+// Main TokenStore class and instances
+export { TokenStore, tokenStore, defaultTokenStore } from "./tokenStore.js";
+// Token store error class (canonical definition in types/errors.ts)
+export { TokenStoreError } from "./tokenStore.js";

package/dist/auth/tokenStore.d.ts

@@ -0,0 +1,225 @@
+/**
+ * NeuroLink OAuth Token Store
+ *
+ * Secure storage for OAuth tokens with encoding support and multi-provider capability.
+ * Stores tokens in the user's home directory with restrictive permissions.
+ *
+ * Features:
+ * - Multi-provider token storage in a single tokens.json file
+ * - Secure file storage with 0o600 permissions
+ * - Token expiration checking with configurable buffer
+ * - Simple XOR-based obfuscation (not encryption, but not plaintext)
+ * - Automatic token refresh via configurable refresher functions
+ * - Cross-platform support (Unix/macOS/Windows)
+ */
+export { TokenStoreError } from "../types/errors.js";
+/**
+ * OAuth tokens structure for storage.
+ * Stricter version of OAuthTokens from subscriptionTypes with required fields.
+ */
+export interface StoredOAuthTokens {
+    /** The access token for API authentication */
+    accessToken: string;
+    /** The refresh token for obtaining new access tokens (optional for some OAuth flows) */
+    refreshToken?: string;
+    /** Unix timestamp (ms) when the access token expires */
+    expiresAt: number;
+    /** Token type, typically "Bearer" */
+    tokenType: string;
+    /** Optional OAuth scopes granted */
+    scope?: string;
+}
+/**
+ * @deprecated Use StoredOAuthTokens instead
+ */
+export type OAuthTokens = StoredOAuthTokens;
+/**
+ * Token refresher function type
+ * Takes a refresh token and returns new tokens
+ */
+export type TokenRefresher = (refreshToken: string) => Promise<StoredOAuthTokens>;
+/**
+ * Secure token storage for OAuth tokens with multi-provider support
+ *
+ * Provides persistent storage for OAuth tokens with:
+ * - Multi-provider support in a single file
+ * - Secure file permissions (0o600)
+ * - Optional obfuscation/encoding
+ * - Token expiration checking with buffer
+ * - Automatic token refresh via configurable refreshers
+ *
+ * @example
+ * ```typescript
+ * const store = new TokenStore();
+ *
+ * // Save tokens for a provider
+ * await store.saveTokens("anthropic", {
+ *   accessToken: "sk-...",
+ *   refreshToken: "rt-...",
+ *   expiresAt: Date.now() + 3600000,
+ *   tokenType: "Bearer",
+ * });
+ *
+ * // Set up automatic refresh
+ * store.setTokenRefresher("anthropic", async (refreshToken) => {
+ *   // Call OAuth refresh endpoint
+ *   return newTokens;
+ * });
+ *
+ * // Get a valid token (auto-refreshes if needed)
+ * const token = await store.getValidToken("anthropic");
+ * ```
+ */
+export declare class TokenStore {
+    private static readonly STORAGE_VERSION;
+    private static readonly NEUROLINK_DIR;
+    private static readonly TOKEN_FILE;
+    private static readonly FILE_PERMISSIONS;
+    private static readonly DIR_PERMISSIONS;
+    /** Default expiration buffer: 5 minutes */
+    private static readonly DEFAULT_EXPIRY_BUFFER_MS;
+    private readonly storagePath;
+    private readonly encryptionEnabled;
+    private readonly encryptionKey;
+    private readonly tokenRefreshers;
+    /**
+     * Creates a new TokenStore instance
+     *
+     * @param options - Configuration options
+     * @param options.encryptionEnabled - Whether to enable token obfuscation (default: true)
+     * @param options.customStoragePath - Override the default storage path
+     */
+    constructor(options?: {
+        encryptionEnabled?: boolean;
+        customStoragePath?: string;
+    });
+    /**
+     * Gets the path where tokens are stored
+     *
+     * @returns The absolute path to the token storage file
+     */
+    getStoragePath(): string;
+    /**
+     * Saves OAuth tokens for a specific provider
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @param tokens - The OAuth tokens to save
+     * @throws TokenStoreError if storage fails
+     */
+    saveTokens(provider: string, tokens: StoredOAuthTokens): Promise<void>;
+    /**
+     * Loads stored OAuth tokens for a specific provider
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @returns The stored tokens, or null if not found
+     * @throws TokenStoreError if reading fails (other than file not found)
+     */
+    loadTokens(provider: string): Promise<StoredOAuthTokens | null>;
+    /**
+     * Clears stored tokens for a specific provider
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @throws TokenStoreError if deletion fails
+     */
+    clearTokens(provider: string): Promise<void>;
+    /**
+     * Checks if the given tokens are expired
+     *
+     * @param tokens - The OAuth tokens to check
+     * @param bufferMs - Buffer time in milliseconds before actual expiration (default: 5 minutes)
+     * @returns true if token is expired or will expire within buffer time
+     */
+    isTokenExpired(tokens: StoredOAuthTokens, bufferMs?: number): boolean;
+    /**
+     * Gets a valid access token for a provider, refreshing if needed
+     *
+     * If the stored token is expired or about to expire, and a refresher
+     * function has been set, it will automatically refresh the token.
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @returns The valid access token, or null if not available
+     * @throws TokenStoreError if refresh fails
+     */
+    getValidToken(provider: string): Promise<string | null>;
+    /**
+     * Sets the token refresher function for a provider
+     *
+     * The refresher function will be called automatically when getValidToken
+     * detects that the stored token is expired or about to expire.
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @param refresher - Function that takes a refresh token and returns new tokens
+     */
+    setTokenRefresher(provider: string, refresher: TokenRefresher): void;
+    /**
+     * Removes the token refresher function for a provider
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     */
+    clearTokenRefresher(provider: string): void;
+    /**
+     * Checks if tokens exist for a specific provider
+     *
+     * @param provider - The provider name (e.g., "anthropic", "openai")
+     * @returns true if tokens are stored for the provider
+     */
+    hasTokens(provider: string): Promise<boolean>;
+    /**
+     * Lists all providers that have stored tokens
+     *
+     * @returns Array of provider names
+     */
+    listProviders(): Promise<string[]>;
+    /**
+     * Clears all stored tokens for all providers
+     *
+     * @throws TokenStoreError if deletion fails
+     */
+    clearAllTokens(): Promise<void>;
+    /**
+     * Loads the storage data from file
+     */
+    private loadStorageData;
+    /**
+     * Saves storage data to file
+     */
+    private saveStorageData;
+    /**
+     * Deletes the storage file
+     */
+    private deleteStorageFile;
+    /**
+     * Validates token structure
+     */
+    private validateTokens;
+    /**
+     * Ensures the storage directory exists with proper permissions
+     */
+    private ensureDirectory;
+    /**
+     * Derives an encoding key from machine-specific information
+     * This provides basic obfuscation - for production use, consider
+     * using proper encryption with a user-provided key or system keychain
+     */
+    private deriveEncryptionKey;
+    /**
+     * Simple XOR-based obfuscation
+     * Note: This is NOT cryptographically secure, just basic obfuscation
+     * For production use, consider using node:crypto with proper encryption
+     */
+    private obfuscate;
+    /**
+     * Reverses the XOR obfuscation
+     */
+    private deobfuscate;
+}
+/**
+ * Default token store singleton instance
+ * Uses default configuration with encryption enabled
+ */
+export declare const tokenStore: TokenStore;
+/**
+ * Alias for backward compatibility
+ * @deprecated Use tokenStore instead
+ */
+export declare const defaultTokenStore: TokenStore;