@kaiz11/stack-client 0.0.14

package/dist/auth/user/user.d.ts

@@ -0,0 +1,64 @@
+import type { HttpClient } from "../../lib/http.js";
+import type { TokenManager } from "../token-manager.js";
+import type { User, UpdateUserOptions, Session } from "../types.js";
+/**
+ * User management methods
+ */
+export declare class UserMethods {
+    private readonly http;
+    private readonly tokenManager;
+    private readonly tenantId;
+    constructor(http: HttpClient, tokenManager: TokenManager, tenantId: string);
+    /**
+     * Get the current user (from local session)
+     *
+     * Returns the cached user from the current session.
+     * For a fresh user from the server, use `getUser()`.
+     *
+     * @example
+     * ```typescript
+     * const user = client.auth.user.getCurrent();
+     * if (user) {
+     *   console.log("Logged in as:", user.email);
+     * }
+     * ```
+     */
+    getCurrent(): User | null;
+    /**
+     * Get the current user (fresh from server)
+     *
+     * Fetches the latest user data from the server, including
+     * any changes made elsewhere.
+     *
+     * @example
+     * ```typescript
+     * const user = await client.auth.user.get();
+     * console.log("Email verified:", !!user.emailConfirmedAt);
+     * console.log("Identities:", user.identities);
+     * ```
+     */
+    get(): Promise<User>;
+    /**
+     * Update the current user
+     *
+     * Can update email, phone, password, or user metadata.
+     * Some changes (email, phone, password) may require reauthentication.
+     *
+     * @example
+     * ```typescript
+     * // Update metadata
+     * const session = await client.auth.user.update({
+     *   data: { name: "New Name", avatar: "https://..." },
+     * });
+     *
+     * // Update email (requires reauthentication)
+     * const { nonce } = await client.auth.reauthenticate();
+     * const session = await client.auth.user.update({
+     *   email: "newemail@example.com",
+     *   nonce,
+     * });
+     * ```
+     */
+    update(options: UpdateUserOptions): Promise<Session>;
+}
+//# sourceMappingURL=user.d.ts.map

package/dist/auth/user/user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../src/auth/user/user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAGpD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EACV,IAAI,EACJ,iBAAiB,EACjB,OAAO,EAGR,MAAM,aAAa,CAAC;AAGrB;;GAEG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAFR,IAAI,EAAE,UAAU,EAChB,YAAY,EAAE,YAAY,EAC1B,QAAQ,EAAE,MAAM;IAGnC;;;;;;;;;;;;;OAaG;IACH,UAAU,IAAI,IAAI,GAAG,IAAI;IAKzB;;;;;;;;;;;;OAYG;IACG,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAM1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC;CAiC3D"}

package/dist/auth/user/user.js

@@ -0,0 +1,105 @@
+import { authPath } from "../../lib/paths.js";
+import { AuthError } from "../../lib/errors.js";
+import { normalizeUser, normalizeSession } from "../types.js";
+/**
+ * User management methods
+ */
+export class UserMethods {
+    http;
+    tokenManager;
+    tenantId;
+    constructor(http, tokenManager, tenantId) {
+        this.http = http;
+        this.tokenManager = tokenManager;
+        this.tenantId = tenantId;
+    }
+    /**
+     * Get the current user (from local session)
+     *
+     * Returns the cached user from the current session.
+     * For a fresh user from the server, use `getUser()`.
+     *
+     * @example
+     * ```typescript
+     * const user = client.auth.user.getCurrent();
+     * if (user) {
+     *   console.log("Logged in as:", user.email);
+     * }
+     * ```
+     */
+    getCurrent() {
+        const session = this.tokenManager.getSession();
+        return session?.user ?? null;
+    }
+    /**
+     * Get the current user (fresh from server)
+     *
+     * Fetches the latest user data from the server, including
+     * any changes made elsewhere.
+     *
+     * @example
+     * ```typescript
+     * const user = await client.auth.user.get();
+     * console.log("Email verified:", !!user.emailConfirmedAt);
+     * console.log("Identities:", user.identities);
+     * ```
+     */
+    async get() {
+        const path = authPath(this.tenantId, "/user");
+        const response = await this.http.get(path);
+        return normalizeUser(response);
+    }
+    /**
+     * Update the current user
+     *
+     * Can update email, phone, password, or user metadata.
+     * Some changes (email, phone, password) may require reauthentication.
+     *
+     * @example
+     * ```typescript
+     * // Update metadata
+     * const session = await client.auth.user.update({
+     *   data: { name: "New Name", avatar: "https://..." },
+     * });
+     *
+     * // Update email (requires reauthentication)
+     * const { nonce } = await client.auth.reauthenticate();
+     * const session = await client.auth.user.update({
+     *   email: "newemail@example.com",
+     *   nonce,
+     * });
+     * ```
+     */
+    async update(options) {
+        const path = authPath(this.tenantId, "/user");
+        const body = {};
+        if (options.email)
+            body.email = options.email;
+        if (options.phone)
+            body.phone = options.phone;
+        if (options.password)
+            body.password = options.password;
+        if (options.data)
+            body.data = options.data;
+        if (options.nonce)
+            body.nonce = options.nonce;
+        const response = await this.http.put(path, body);
+        let session;
+        if ("user" in response && response.user) {
+            session = normalizeSession(response);
+        }
+        else {
+            const currentSession = this.tokenManager.getSession();
+            if (!currentSession) {
+                throw AuthError.notAuthenticated();
+            }
+            session = {
+                ...currentSession,
+                user: normalizeUser(response),
+            };
+        }
+        this.tokenManager.setSession(session, "USER_UPDATED");
+        return session;
+    }
+}
+//# sourceMappingURL=user.js.map

package/dist/auth/user/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../../../src/auth/user/user.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAShD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE9D;;GAEG;AACH,MAAM,OAAO,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,IAAgB,EAChB,YAA0B,EAC1B,QAAgB;QAFhB,SAAI,GAAJ,IAAI,CAAY;QAChB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,aAAQ,GAAR,QAAQ,CAAQ;IAChC,CAAC;IAEJ;;;;;;;;;;;;;OAaG;IACH,UAAU;QACR,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;QAC/C,OAAO,OAAO,EAAE,IAAI,IAAI,IAAI,CAAC;IAC/B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAa,IAAI,CAAC,CAAC;QACvD,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE9C,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC9C,IAAI,OAAO,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC9C,IAAI,OAAO,CAAC,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACvD,IAAI,OAAO,CAAC,IAAI;YAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC3C,IAAI,OAAO,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAClC,IAAI,EACJ,IAAI,CACL,CAAC;QAEF,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAM,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,OAAO,GAAG,gBAAgB,CAAC,QAA+B,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;YACtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;YACrC,CAAC;YAED,OAAO,GAAG;gBACR,GAAG,cAAc;gBACjB,IAAI,EAAE,aAAa,CAAC,QAAsB,CAAC;aAC5C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACtD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/auth/user/verification.d.ts

@@ -0,0 +1,49 @@
+import type { HttpClient } from "../../lib/http.js";
+import type { TokenManager } from "../token-manager.js";
+import type { VerifyOptions, ResendVerificationOptions, Session } from "../types.js";
+/**
+ * Email/phone verification methods
+ */
+export declare class VerificationMethods {
+    private readonly http;
+    private readonly tokenManager;
+    private readonly tenantId;
+    constructor(http: HttpClient, tokenManager: TokenManager, tenantId: string);
+    /**
+     * Verify email or phone with a verification token
+     *
+     * Called when user clicks a verification link or enters a code.
+     *
+     * @example
+     * ```typescript
+     * // Handle verification link callback
+     * const params = new URLSearchParams(window.location.search);
+     * const session = await client.auth.verification.verify({
+     *   token: params.get("token")!,
+     *   type: "signup",
+     *   email: params.get("email")!,
+     * });
+     * ```
+     */
+    verify(options: VerifyOptions): Promise<Session>;
+    /**
+     * Resend a verification email or SMS
+     *
+     * @example
+     * ```typescript
+     * // Resend signup verification email
+     * await client.auth.verification.resend({
+     *   email: "user@example.com",
+     *   type: "signup",
+     * });
+     *
+     * // Resend email change verification
+     * await client.auth.verification.resend({
+     *   email: "newemail@example.com",
+     *   type: "email_change",
+     * });
+     * ```
+     */
+    resend(options: ResendVerificationOptions): Promise<void>;
+}
+//# sourceMappingURL=verification.d.ts.map

package/dist/auth/user/verification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification.d.ts","sourceRoot":"","sources":["../../../src/auth/user/verification.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EACV,aAAa,EACb,yBAAyB,EACzB,OAAO,EAER,MAAM,aAAa,CAAC;AAUrB;;GAEG;AACH,qBAAa,mBAAmB;IAE5B,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAFR,IAAI,EAAE,UAAU,EAChB,YAAY,EAAE,YAAY,EAC1B,QAAQ,EAAE,MAAM;IAGnC;;;;;;;;;;;;;;;OAeG;IACG,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAmBtD;;;;;;;;;;;;;;;;;OAiBG;IACG,MAAM,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC;CAchE"}

package/dist/auth/user/verification.js

@@ -0,0 +1,71 @@
+import { authPath } from "../../lib/paths.js";
+import { normalizeSession } from "../types.js";
+/**
+ * Email/phone verification methods
+ */
+export class VerificationMethods {
+    http;
+    tokenManager;
+    tenantId;
+    constructor(http, tokenManager, tenantId) {
+        this.http = http;
+        this.tokenManager = tokenManager;
+        this.tenantId = tenantId;
+    }
+    /**
+     * Verify email or phone with a verification token
+     *
+     * Called when user clicks a verification link or enters a code.
+     *
+     * @example
+     * ```typescript
+     * // Handle verification link callback
+     * const params = new URLSearchParams(window.location.search);
+     * const session = await client.auth.verification.verify({
+     *   token: params.get("token")!,
+     *   type: "signup",
+     *   email: params.get("email")!,
+     * });
+     * ```
+     */
+    async verify(options) {
+        const path = authPath(this.tenantId, "/verify");
+        const response = await this.http.post(path, {
+            token: options.token,
+            type: options.type,
+            email: options.email,
+            phone: options.phone,
+        }, { noAuth: true });
+        const session = normalizeSession(response);
+        this.tokenManager.setSession(session);
+        return session;
+    }
+    /**
+     * Resend a verification email or SMS
+     *
+     * @example
+     * ```typescript
+     * // Resend signup verification email
+     * await client.auth.verification.resend({
+     *   email: "user@example.com",
+     *   type: "signup",
+     * });
+     *
+     * // Resend email change verification
+     * await client.auth.verification.resend({
+     *   email: "newemail@example.com",
+     *   type: "email_change",
+     * });
+     * ```
+     */
+    async resend(options) {
+        const path = authPath(this.tenantId, "/resend");
+        await this.http.post(path, {
+            email: options.email,
+            phone: options.phone,
+            type: options.type,
+            redirect_to: options.redirectTo,
+        }, { noAuth: true });
+    }
+}
+//# sourceMappingURL=verification.js.map

package/dist/auth/user/verification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification.js","sourceRoot":"","sources":["../../../src/auth/user/verification.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAQ9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAS/C;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAEX;IACA;IACA;IAHnB,YACmB,IAAgB,EAChB,YAA0B,EAC1B,QAAgB;QAFhB,SAAI,GAAJ,IAAI,CAAY;QAChB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,aAAQ,GAAR,QAAQ,CAAQ;IAChC,CAAC;IAEJ;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,MAAM,CAAC,OAAsB;QACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,IAAI,EACJ;YACE,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,EACD,EAAE,MAAM,EAAE,IAAI,EAAE,CACjB,CAAC;QAEF,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,MAAM,CAAC,OAAkC;QAC7C,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEhD,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,IAAI,EACJ;YACE,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,WAAW,EAAE,OAAO,CAAC,UAAU;SAChC,EACD,EAAE,MAAM,EAAE,IAAI,EAAE,CACjB,CAAC;IACJ,CAAC;CACF"}

package/dist/cli/browser.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Cross-platform browser opener for CLI OAuth flows.
+ */
+/**
+ * Open a URL in the default browser.
+ *
+ * @param url - The URL to open
+ * @returns Promise that resolves when the browser command is executed
+ */
+export declare function openBrowser(url: string): Promise<void>;
+//# sourceMappingURL=browser.d.ts.map

package/dist/cli/browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/cli/browser.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBtD"}

package/dist/cli/browser.js

@@ -0,0 +1,35 @@
+/**
+ * Cross-platform browser opener for CLI OAuth flows.
+ */
+import { exec } from "node:child_process";
+/**
+ * Open a URL in the default browser.
+ *
+ * @param url - The URL to open
+ * @returns Promise that resolves when the browser command is executed
+ */
+export function openBrowser(url) {
+    return new Promise((resolve, reject) => {
+        const platform = process.platform;
+        let command;
+        if (platform === "darwin") {
+            command = `open "${url}"`;
+        }
+        else if (platform === "win32") {
+            command = `start "" "${url}"`;
+        }
+        else {
+            // Linux and others
+            command = `xdg-open "${url}"`;
+        }
+        exec(command, (error) => {
+            if (error) {
+                reject(error);
+            }
+            else {
+                resolve();
+            }
+        });
+    });
+}
+//# sourceMappingURL=browser.js.map

package/dist/cli/browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/cli/browser.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE1C;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,IAAI,OAAe,CAAC;QACpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;QAC5B,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,mBAAmB;YACnB,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;QAChC,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACtB,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cli/callback-server.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Local HTTP server for OAuth callback handling.
+ */
+/**
+ * Result from the OAuth callback
+ */
+export interface CallbackResult {
+    /** Authorization code from OAuth provider */
+    code: string;
+}
+/**
+ * Options for the callback server
+ */
+export interface CallbackServerOptions {
+    /** Port to listen on (default: 14550) */
+    port?: number;
+    /** Timeout in milliseconds (default: 120000 = 2 minutes) */
+    timeout?: number;
+}
+/**
+ * Start a local HTTP server to receive OAuth callback.
+ *
+ * The server listens for a single request with ?code=xxx query parameter,
+ * then automatically shuts down.
+ *
+ * @param options - Server options
+ * @returns Promise that resolves with the authorization code
+ */
+export declare function startCallbackServer(options?: CallbackServerOptions): Promise<CallbackResult>;
+//# sourceMappingURL=callback-server.d.ts.map

package/dist/cli/callback-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback-server.d.ts","sourceRoot":"","sources":["../../src/cli/callback-server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4DAA4D;IAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,cAAc,CAAC,CAkGzB"}

package/dist/cli/callback-server.js

@@ -0,0 +1,100 @@
+/**
+ * Local HTTP server for OAuth callback handling.
+ */
+import { createServer } from "node:http";
+/**
+ * Start a local HTTP server to receive OAuth callback.
+ *
+ * The server listens for a single request with ?code=xxx query parameter,
+ * then automatically shuts down.
+ *
+ * @param options - Server options
+ * @returns Promise that resolves with the authorization code
+ */
+export function startCallbackServer(options = {}) {
+    const { port = 14550, timeout = 120000 } = options;
+    return new Promise((resolve, reject) => {
+        let server = null;
+        let timeoutId = null;
+        const cleanup = () => {
+            if (timeoutId) {
+                clearTimeout(timeoutId);
+                timeoutId = null;
+            }
+            if (server) {
+                server.close();
+                server = null;
+            }
+        };
+        // Set timeout
+        timeoutId = setTimeout(() => {
+            cleanup();
+            reject(new Error("OAuth callback timeout - no response received"));
+        }, timeout);
+        server = createServer((req, res) => {
+            const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+            // Handle callback path
+            if (url.pathname === "/callback") {
+                const code = url.searchParams.get("code");
+                const error = url.searchParams.get("error");
+                const errorDescription = url.searchParams.get("error_description");
+                // Send response to browser
+                res.writeHead(200, { "Content-Type": "text/html" });
+                if (error) {
+                    res.end(`
+            <!DOCTYPE html>
+            <html>
+              <head><title>Authentication Failed</title></head>
+              <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                <h1>Authentication Failed</h1>
+                <p>${errorDescription || error}</p>
+                <p>You can close this window.</p>
+              </body>
+            </html>
+          `);
+                    cleanup();
+                    reject(new Error(errorDescription || error));
+                    return;
+                }
+                if (!code) {
+                    res.end(`
+            <!DOCTYPE html>
+            <html>
+              <head><title>Authentication Failed</title></head>
+              <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                <h1>Authentication Failed</h1>
+                <p>No authorization code received.</p>
+                <p>You can close this window.</p>
+              </body>
+            </html>
+          `);
+                    cleanup();
+                    reject(new Error("No authorization code received"));
+                    return;
+                }
+                res.end(`
+          <!DOCTYPE html>
+          <html>
+            <head><title>Authentication Successful</title></head>
+            <body style="font-family: system-ui; padding: 40px; text-align: center;">
+              <h1>Authentication Successful</h1>
+              <p>You can close this window and return to your terminal.</p>
+            </body>
+          </html>
+        `);
+                cleanup();
+                resolve({ code });
+                return;
+            }
+            // Unknown path
+            res.writeHead(404);
+            res.end("Not found");
+        });
+        server.on("error", (err) => {
+            cleanup();
+            reject(err);
+        });
+        server.listen(port, "127.0.0.1");
+    });
+}
+//# sourceMappingURL=callback-server.js.map

package/dist/cli/callback-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback-server.js","sourceRoot":"","sources":["../../src/cli/callback-server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAqC,MAAM,WAAW,CAAC;AAoB5E;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAiC,EAAE;IAEnC,MAAM,EAAE,IAAI,GAAG,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;IAEnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,GAAkB,IAAI,CAAC;QACjC,IAAI,SAAS,GAAyC,IAAI,CAAC;QAE3D,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,CAAC,SAAS,CAAC,CAAC;gBACxB,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;QACH,CAAC,CAAC;QAEF,cAAc;QACd,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC1B,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAG,EAAE,EAAE;YAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAEhE,uBAAuB;YACvB,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;gBAEnE,2BAA2B;gBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBAEpD,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,GAAG,CAAC;;;;;;qBAMG,gBAAgB,IAAI,KAAK;;;;WAInC,CAAC,CAAC;oBACH,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC,CAAC;oBAC7C,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;WAUP,CAAC,CAAC;oBACH,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;oBACpD,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,GAAG,CAAC;;;;;;;;;SASP,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClB,OAAO;YACT,CAAC;YAED,eAAe;YACf,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cli/file-token-store.d.ts

@@ -0,0 +1,79 @@
+/**
+ * File-based token storage (for Node.js CLI applications)
+ *
+ * This module is intentionally separate from the main token-store.ts
+ * to avoid bundlers trying to resolve Node.js modules in browser builds.
+ */
+import type { TokenStore } from "../lib/token-store.js";
+/**
+ * Data structure stored in the token file.
+ */
+export interface FileTokenData {
+    accessToken: string;
+    refreshToken: string;
+    /** Additional metadata (expiresAt, user info, etc.) */
+    [key: string]: unknown;
+}
+/**
+ * File-based token storage for CLI applications.
+ *
+ * Stores tokens in a JSON file with restricted permissions (0600).
+ * Only available from the /cli entry point to avoid breaking browser builds.
+ *
+ * Supports storing additional metadata alongside tokens via `setTokensWithData`.
+ *
+ * @example
+ * ```typescript
+ * import { FileTokenStore } from "@kaiz11/stack-client/cli";
+ *
+ * const store = new FileTokenStore("~/.myapp/tokens.json");
+ *
+ * // Basic usage
+ * store.setTokens(accessToken, refreshToken);
+ *
+ * // With metadata
+ * store.setTokensWithData(accessToken, refreshToken, {
+ *   expiresAt: 1234567890,
+ *   user: { id: "123", email: "user@example.com" }
+ * });
+ *
+ * // Retrieve full data
+ * const data = store.getData();
+ * console.log(data?.expiresAt, data?.user);
+ * ```
+ */
+export declare class FileTokenStore implements TokenStore {
+    private data;
+    private loaded;
+    /** File path - protected so subclasses can access it */
+    protected readonly filePath: string;
+    /**
+     * @param filePath - Absolute path to the token file
+     */
+    constructor(filePath: string);
+    /**
+     * Load data from file if not already loaded.
+     */
+    protected ensureLoaded(): void;
+    /**
+     * Persist data to file.
+     */
+    protected persist(): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    /**
+     * Get all stored data including metadata.
+     */
+    getData(): FileTokenData | null;
+    setTokens(accessToken: string, refreshToken: string): void;
+    /**
+     * Set tokens with additional metadata.
+     *
+     * @param accessToken - The access token
+     * @param refreshToken - The refresh token
+     * @param metadata - Additional data to store (expiresAt, user, etc.)
+     */
+    setTokensWithData(accessToken: string, refreshToken: string, metadata: Record<string, unknown>): void;
+    clearTokens(): void;
+}
+//# sourceMappingURL=file-token-store.d.ts.map

package/dist/cli/file-token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-token-store.d.ts","sourceRoot":"","sources":["../../src/cli/file-token-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,MAAM,CAAS;IAEvB,wDAAwD;IACxD,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAEpC;;OAEG;gBACS,QAAQ,EAAE,MAAM;IAI5B;;OAEG;IACH,SAAS,CAAC,YAAY,IAAI,IAAI;IAsB9B;;OAEG;IACH,SAAS,CAAC,OAAO,IAAI,IAAI;IAmBzB,cAAc,IAAI,MAAM,GAAG,IAAI;IAK/B,eAAe,IAAI,MAAM,GAAG,IAAI;IAKhC;;OAEG;IACH,OAAO,IAAI,aAAa,GAAG,IAAI;IAK/B,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAI1D;;;;;;OAMG;IACH,iBAAiB,CACf,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAUP,WAAW,IAAI,IAAI;CAYpB"}