@learning-with-court/cli 0.0.1

package/README.md

@@ -0,0 +1,30 @@
+# @learning-with-court/cli
+
+CLI for the learning-with-court platform. Two modes:
+
+1. **Stdio MCP proxy** (default): forwards tool calls from a local agent to
+   the hosted MCP server at `mcp.workshop.institute`. Auth resolves via env
+   var (`LWC_TOKEN`) → cached `~/.lwc/token.json` → browser OAuth (PKCE).
+2. **Subcommands** for one-shot operations:
+   - `setup <workshop-id>` — clone a workshop project repo into the
+     current directory after Clerk sign-in.
+   - `refresh <workshop-id>` — refresh the clone token and `git pull`.
+   - `auth login` / `auth logout` — manual control of the cached token.
+
+Modeled on `mixcraft-app/packages/mcp-proxy`.
+
+## Usage
+
+```sh
+# Bootstrap a workshop project (any agent, any OS)
+npx -y @learning-with-court/cli@latest setup mcp-workshop
+
+# Run as MCP proxy (configured by an agent's .mcp.json)
+npx -y @learning-with-court/cli@latest
+```
+
+## Token storage
+
+`~/.lwc/token.json`, mode `0600`. Contains the Clerk OAuth access token,
+refresh token, and expiry. Delete the file or run `lwc auth logout` to
+revoke locally.

package/dist/auth/oauth-login.d.ts

@@ -0,0 +1,27 @@
+import type { CachedToken } from './token-cache.js';
+export interface OAuthConfig {
+    authorizeUrl: string;
+    tokenUrl: string;
+    clientId: string;
+}
+export declare function discoverOAuthConfig(): Promise<OAuthConfig>;
+export declare function generateCodeVerifier(): string;
+export declare function buildAuthorizationUrl(params: {
+    authorizeUrl: string;
+    clientId: string;
+    redirectUri: string;
+    codeVerifier: string;
+}): string;
+export declare function exchangeCodeForToken(params: {
+    tokenUrl: string;
+    clientId: string;
+    code: string;
+    redirectUri: string;
+    codeVerifier: string;
+}): Promise<CachedToken>;
+export declare function refreshAccessToken(params: {
+    tokenUrl: string;
+    clientId: string;
+    refreshToken: string;
+}): Promise<CachedToken>;
+export declare function loginViaBrowser(params: OAuthConfig): Promise<CachedToken>;

package/dist/auth/oauth-login.js

@@ -0,0 +1,164 @@
+import { createHash, randomBytes } from 'node:crypto';
+import { createServer } from 'node:http';
+import { spawn } from 'node:child_process';
+import { metadataUrl, apiUrl } from '../config.js';
+// Matches the callbackPort already registered with the workshop's Clerk
+// OAuth clients (prod and dev). Don't change without updating Clerk first.
+const REDIRECT_PORT = 8080;
+const REDIRECT_URI = `http://localhost:${REDIRECT_PORT}/callback`;
+export async function discoverOAuthConfig() {
+    // Fetch in parallel: RFC 8414 metadata for the endpoints, RFC 7591
+    // registration shim for the client_id. Honors LWC_OAUTH_CLIENT_ID for
+    // CI/local override.
+    const [metaResp, regResp] = await Promise.all([
+        fetch(metadataUrl()),
+        fetch(`${apiUrl()}/register`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: '{}',
+        }),
+    ]);
+    if (!metaResp.ok) {
+        throw new Error(`Failed to fetch OAuth metadata (${metaResp.status})`);
+    }
+    if (!regResp.ok) {
+        throw new Error(`Failed to fetch OAuth client registration (${regResp.status})`);
+    }
+    const metadata = (await metaResp.json());
+    const registration = (await regResp.json());
+    const clientId = process.env.LWC_OAUTH_CLIENT_ID ?? registration.client_id;
+    if (!clientId) {
+        throw new Error('No OAuth client_id available from /register endpoint.');
+    }
+    return {
+        authorizeUrl: metadata.authorization_endpoint,
+        tokenUrl: metadata.token_endpoint,
+        clientId,
+    };
+}
+export function generateCodeVerifier() {
+    return randomBytes(32).toString('base64url');
+}
+function computeCodeChallenge(verifier) {
+    return createHash('sha256').update(verifier).digest('base64url');
+}
+export function buildAuthorizationUrl(params) {
+    const challenge = computeCodeChallenge(params.codeVerifier);
+    const url = new URL(params.authorizeUrl);
+    url.searchParams.set('client_id', params.clientId);
+    url.searchParams.set('redirect_uri', params.redirectUri);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('code_challenge', challenge);
+    url.searchParams.set('code_challenge_method', 'S256');
+    url.searchParams.set('scope', 'openid profile offline_access');
+    return url.toString();
+}
+export async function exchangeCodeForToken(params) {
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        client_id: params.clientId,
+        code: params.code,
+        redirect_uri: params.redirectUri,
+        code_verifier: params.codeVerifier,
+    });
+    const response = await fetch(params.tokenUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        throw new Error(`Token exchange failed (${response.status}): ${await response.text()}`);
+    }
+    const data = (await response.json());
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+    };
+}
+export async function refreshAccessToken(params) {
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: params.clientId,
+        refresh_token: params.refreshToken,
+    });
+    const response = await fetch(params.tokenUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        throw new Error(`Token refresh failed (${response.status}): ${await response.text()}`);
+    }
+    const data = (await response.json());
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+    };
+}
+function openBrowser(url) {
+    const cmd = process.platform === 'darwin'
+        ? 'open'
+        : process.platform === 'win32'
+            ? 'start'
+            : 'xdg-open';
+    const child = spawn(cmd, [url], { stdio: 'ignore', detached: true });
+    child.unref();
+}
+export async function loginViaBrowser(params) {
+    const codeVerifier = generateCodeVerifier();
+    const url = buildAuthorizationUrl({
+        authorizeUrl: params.authorizeUrl,
+        clientId: params.clientId,
+        redirectUri: REDIRECT_URI,
+        codeVerifier,
+    });
+    return new Promise((resolve, reject) => {
+        const server = createServer(async (req, res) => {
+            const reqUrl = new URL(req.url ?? '/', `http://localhost:${REDIRECT_PORT}`);
+            if (reqUrl.pathname !== '/callback') {
+                res.writeHead(404);
+                res.end('Not found');
+                return;
+            }
+            const code = reqUrl.searchParams.get('code');
+            const error = reqUrl.searchParams.get('error');
+            if (error || !code) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end('<h1>Sign-in failed</h1><p>You can close this tab.</p>');
+                server.close();
+                reject(new Error(`OAuth error: ${error ?? 'no code received'}`));
+                return;
+            }
+            try {
+                const token = await exchangeCodeForToken({
+                    tokenUrl: params.tokenUrl,
+                    clientId: params.clientId,
+                    code,
+                    redirectUri: REDIRECT_URI,
+                    codeVerifier,
+                });
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end('<h1>Signed in</h1><p>You can close this tab and return to your terminal.</p>');
+                server.close();
+                resolve(token);
+            }
+            catch (err) {
+                res.writeHead(500, { 'Content-Type': 'text/html' });
+                res.end('<h1>Token exchange failed</h1><p>Please try again.</p>');
+                server.close();
+                reject(err);
+            }
+        });
+        server.listen(REDIRECT_PORT, () => {
+            console.error('Opening browser to sign in...');
+            openBrowser(url);
+        });
+        setTimeout(() => {
+            server.close();
+            reject(new Error('Sign-in timed out. Please try again.'));
+        }, 120_000);
+    });
+}
+//# sourceMappingURL=oauth-login.js.map

package/dist/auth/oauth-login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-login.js","sourceRoot":"","sources":["../../src/auth/oauth-login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGnD,wEAAwE;AACxE,2EAA2E;AAC3E,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,YAAY,GAAG,oBAAoB,aAAa,WAAW,CAAC;AAQlE,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,mEAAmE;IACnE,sEAAsE;IACtE,qBAAqB;IACrB,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,KAAK,CAAC,WAAW,EAAE,CAAC;QACpB,KAAK,CAAC,GAAG,MAAM,EAAE,WAAW,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI;SACX,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,8CAA8C,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGtC,CAAC;IACF,MAAM,YAAY,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAA0B,CAAC;IAErE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,YAAY,CAAC,SAAS,CAAC;IAC3E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO;QACL,YAAY,EAAE,QAAQ,CAAC,sBAAsB;QAC7C,QAAQ,EAAE,QAAQ,CAAC,cAAc;QACjC,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,MAKrC;IACC,MAAM,SAAS,GAAG,oBAAoB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IACzD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,+BAA+B,CAAC,CAAC;IAC/D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,MAM1C;IACC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,aAAa,EAAE,MAAM,CAAC,YAAY;KACnC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;QAC5C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,MAAM,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAIxC;IACC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;KACnC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;QAC5C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,MAAM,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC/C,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ;QACvC,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC5B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,UAAU,CAAC;IACjB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAmB;IACvD,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAC5C,MAAM,GAAG,GAAG,qBAAqB,CAAC;QAChC,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,YAAY;QACzB,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,aAAa,EAAE,CAAC,CAAC;YAE5E,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE/C,IAAI,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBACjE,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,IAAI,kBAAkB,EAAE,CAAC,CAAC,CAAC;gBACjE,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC;oBACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI;oBACJ,WAAW,EAAE,YAAY;oBACzB,YAAY;iBACb,CAAC,CAAC;gBACH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL,8EAA8E,CAC/E,CAAC;gBACF,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAClE,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,EAAE;YAChC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAC5D,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/auth/resolve-token.d.ts

@@ -0,0 +1 @@
+export declare function resolveBearerToken(): Promise<string>;

package/dist/auth/resolve-token.js

@@ -0,0 +1,33 @@
+import { loadCachedToken, saveCachedToken, isTokenExpired, } from './token-cache.js';
+import { discoverOAuthConfig, loginViaBrowser, refreshAccessToken, } from './oauth-login.js';
+export async function resolveBearerToken() {
+    const envToken = process.env.LWC_TOKEN;
+    if (envToken)
+        return envToken;
+    const config = await discoverOAuthConfig();
+    return resolveOAuthToken(config);
+}
+async function resolveOAuthToken(config) {
+    const cached = loadCachedToken();
+    if (cached) {
+        if (!isTokenExpired(cached))
+            return cached.accessToken;
+        try {
+            console.error('Refreshing access token...');
+            const refreshed = await refreshAccessToken({
+                tokenUrl: config.tokenUrl,
+                clientId: config.clientId,
+                refreshToken: cached.refreshToken,
+            });
+            saveCachedToken(refreshed);
+            return refreshed.accessToken;
+        }
+        catch {
+            console.error('Token refresh failed. Re-authenticating...');
+        }
+    }
+    const fresh = await loginViaBrowser(config);
+    saveCachedToken(fresh);
+    return fresh.accessToken;
+}
+//# sourceMappingURL=resolve-token.js.map

package/dist/auth/resolve-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-token.js","sourceRoot":"","sources":["../../src/auth/resolve-token.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,eAAe,EACf,cAAc,GACf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,kBAAkB,GAEnB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;IACvC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,MAAM,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAC3C,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAmB;IAClD,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC,WAAW,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC;gBACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,YAAY,EAAE,MAAM,CAAC,YAAY;aAClC,CAAC,CAAC;YACH,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,OAAO,SAAS,CAAC,WAAW,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;IAC5C,eAAe,CAAC,KAAK,CAAC,CAAC;IACvB,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC"}

package/dist/auth/token-cache.d.ts

@@ -0,0 +1,10 @@
+export interface CachedToken {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+export declare function tokenPath(): string;
+export declare function loadCachedToken(): CachedToken | null;
+export declare function saveCachedToken(token: CachedToken): void;
+export declare function clearCachedToken(): void;
+export declare function isTokenExpired(token: CachedToken): boolean;

package/dist/auth/token-cache.js

@@ -0,0 +1,33 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+const TOKEN_DIR = path.join(os.homedir(), '.lwc');
+const TOKEN_PATH = path.join(TOKEN_DIR, 'token.json');
+export function tokenPath() {
+    return TOKEN_PATH;
+}
+export function loadCachedToken() {
+    if (!fs.existsSync(TOKEN_PATH)) {
+        return null;
+    }
+    try {
+        const raw = fs.readFileSync(TOKEN_PATH, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export function saveCachedToken(token) {
+    fs.mkdirSync(TOKEN_DIR, { recursive: true, mode: 0o700 });
+    fs.writeFileSync(TOKEN_PATH, JSON.stringify(token, null, 2), { mode: 0o600 });
+}
+export function clearCachedToken() {
+    if (fs.existsSync(TOKEN_PATH)) {
+        fs.unlinkSync(TOKEN_PATH);
+    }
+}
+export function isTokenExpired(token) {
+    return Date.now() >= token.expiresAt - 60_000;
+}
+//# sourceMappingURL=token-cache.js.map

package/dist/auth/token-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-cache.js","sourceRoot":"","sources":["../../src/auth/token-cache.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAQ9B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;AAClD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AAEtD,MAAM,UAAU,SAAS;IACvB,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAkB;IAChD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAkB;IAC/C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC;AAChD,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,117 @@
+#!/usr/bin/env node
+import { realpathSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { runStdioProxy } from './proxy/stdio-server.js';
+import { runSetup } from './commands/setup.js';
+import { runUpdate } from './commands/update.js';
+import { runList } from './commands/list.js';
+import { runSwitch } from './commands/switch.js';
+import { runRemove } from './commands/remove.js';
+import { authLogin, authLogout, authStatus } from './commands/auth.js';
+const HELP = `learning-with-court CLI
+
+Usage:
+  lwc                                Run as stdio MCP proxy (used by agents).
+  lwc setup <workshop-id> [--dir <path>]
+                                     Install a workshop (default
+                                     ~/learning-with-court/<workshop-id>).
+  lwc list                           Show installed workshops.
+  lwc switch <workshop-id>           Print 'cd <path>' for the workshop.
+                                     (eval \\\`lwc switch <id>\\\` to cd in shell.)
+  lwc update [<workshop-id>] [--token-only]
+                                     Refresh + git pull. Updates all installed
+                                     workshops if no id is given.
+  lwc remove <workshop-id> [--delete-files]
+                                     Drop from registry; --delete-files also
+                                     removes the on-disk clone.
+  lwc auth login | logout | status   Manage cached Clerk token.
+  lwc help                           Show this help.
+
+Environment:
+  LWC_TOKEN            Bypass cached/OAuth flow with a Bearer token (CI use).
+  LWC_API_URL          Override the platform base URL
+                       (default https://mcp.workshop.institute).
+  LWC_OAUTH_CLIENT_ID  Override the OAuth client_id discovered from /register.
+`;
+function flagValue(args, flag) {
+    const idx = args.indexOf(flag);
+    return idx >= 0 ? args[idx + 1] : undefined;
+}
+async function main(argv) {
+    const [cmd, ...rest] = argv;
+    if (!cmd) {
+        await runStdioProxy();
+        return;
+    }
+    switch (cmd) {
+        case 'setup': {
+            const workshopId = rest[0];
+            if (!workshopId)
+                throw new Error('Usage: lwc setup <workshop-id> [--dir <path>]');
+            // Backward-compat: positional second arg as dest.
+            const dirFlag = flagValue(rest, '--dir');
+            const positional = rest[1] && !rest[1].startsWith('--') ? rest[1] : undefined;
+            await runSetup({ workshopId, dest: dirFlag ?? positional });
+            return;
+        }
+        case 'update':
+        case 'refresh': {
+            const tokenOnly = rest.includes('--token-only') || rest.includes('--no-pull');
+            const workshopId = rest.find((a) => !a.startsWith('--'));
+            await runUpdate({ workshopId, tokenOnly });
+            return;
+        }
+        case 'list':
+        case 'ls':
+            runList();
+            return;
+        case 'switch': {
+            const workshopId = rest[0];
+            if (!workshopId)
+                throw new Error('Usage: lwc switch <workshop-id>');
+            runSwitch(workshopId);
+            return;
+        }
+        case 'remove':
+        case 'rm': {
+            const workshopId = rest[0];
+            if (!workshopId)
+                throw new Error('Usage: lwc remove <workshop-id> [--delete-files]');
+            const deleteFiles = rest.includes('--delete-files');
+            runRemove({ workshopId, deleteFiles });
+            return;
+        }
+        case 'auth': {
+            const sub = rest[0];
+            if (sub === 'login')
+                return authLogin();
+            if (sub === 'logout')
+                return authLogout();
+            if (sub === 'status')
+                return authStatus();
+            throw new Error('Usage: lwc auth <login|logout|status>');
+        }
+        case 'help':
+        case '--help':
+        case '-h':
+            console.error(HELP);
+            return;
+        default:
+            throw new Error(`Unknown command: ${cmd}\n\n${HELP}`);
+    }
+}
+const isMain = process.argv[1] != null && (() => {
+    try {
+        return realpathSync(process.argv[1]) === fileURLToPath(import.meta.url);
+    }
+    catch {
+        return false;
+    }
+})();
+if (isMain) {
+    main(process.argv.slice(2)).catch((err) => {
+        console.error('Error:', err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEvE,MAAM,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;CAwBZ,CAAC;AAEF,SAAS,SAAS,CAAC,IAAc,EAAE,IAAY;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,IAAI,CAAC,IAAc;IAChC,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAE5B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,aAAa,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YAClF,kDAAkD;YAClD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACzC,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,MAAM,QAAQ,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,IAAI,UAAU,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;YACzD,MAAM,SAAS,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC;QACZ,KAAK,IAAI;YACP,OAAO,EAAE,CAAC;YACV,OAAO;QACT,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACpE,SAAS,CAAC,UAAU,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QACD,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACrF,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YACpD,SAAS,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC;YACvC,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,GAAG,KAAK,OAAO;gBAAE,OAAO,SAAS,EAAE,CAAC;YACxC,IAAI,GAAG,KAAK,QAAQ;gBAAE,OAAO,UAAU,EAAE,CAAC;YAC1C,IAAI,GAAG,KAAK,QAAQ;gBAAE,OAAO,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO;QACT;YACE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,OAAO,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE;IAC9C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AAEL,IAAI,MAAM,EAAE,CAAC;IACX,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACxC,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/auth.d.ts

@@ -0,0 +1,3 @@
+export declare function authLogin(): Promise<void>;
+export declare function authLogout(): void;
+export declare function authStatus(): void;

package/dist/commands/auth.js

@@ -0,0 +1,26 @@
+import { clearCachedToken, loadCachedToken, saveCachedToken, tokenPath, } from '../auth/token-cache.js';
+import { discoverOAuthConfig, loginViaBrowser, } from '../auth/oauth-login.js';
+export async function authLogin() {
+    const config = await discoverOAuthConfig();
+    const token = await loginViaBrowser(config);
+    saveCachedToken(token);
+    console.error(`Signed in. Token cached at ${tokenPath()}.`);
+}
+export function authLogout() {
+    const existed = loadCachedToken() !== null;
+    clearCachedToken();
+    console.error(existed
+        ? `Cleared cached token at ${tokenPath()}.`
+        : 'No cached token to clear.');
+}
+export function authStatus() {
+    const cached = loadCachedToken();
+    if (!cached) {
+        console.error('Not signed in.');
+        process.exit(1);
+    }
+    const remainingMs = cached.expiresAt - Date.now();
+    const minutes = Math.max(0, Math.round(remainingMs / 60_000));
+    console.error(`Signed in. Token expires in ~${minutes} min (${tokenPath()}).`);
+}
+//# sourceMappingURL=auth.js.map

package/dist/commands/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,SAAS,GACV,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAEhC,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,MAAM,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;IAC5C,eAAe,CAAC,KAAK,CAAC,CAAC;IACvB,OAAO,CAAC,KAAK,CAAC,8BAA8B,SAAS,EAAE,GAAG,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,OAAO,GAAG,eAAe,EAAE,KAAK,IAAI,CAAC;IAC3C,gBAAgB,EAAE,CAAC;IACnB,OAAO,CAAC,KAAK,CACX,OAAO;QACL,CAAC,CAAC,2BAA2B,SAAS,EAAE,GAAG;QAC3C,CAAC,CAAC,2BAA2B,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC;IAC9D,OAAO,CAAC,KAAK,CAAC,gCAAgC,OAAO,SAAS,SAAS,EAAE,IAAI,CAAC,CAAC;AACjF,CAAC"}

package/dist/commands/list.d.ts

@@ -0,0 +1 @@
+export declare function runList(): void;

package/dist/commands/list.js

@@ -0,0 +1,22 @@
+import * as fs from 'node:fs';
+import { listInstalls, registryPath } from '../registry.js';
+export function runList() {
+    const installs = listInstalls();
+    if (installs.length === 0) {
+        console.error('No workshops installed.');
+        console.error('');
+        console.error('Run: lwc setup <workshop-id>');
+        console.error(`(Registry: ${registryPath()})`);
+        return;
+    }
+    for (const e of installs) {
+        const exists = fs.existsSync(e.path);
+        const status = exists ? 'ok' : 'MISSING (path no longer exists)';
+        const installed = e.installedAt.split('T')[0];
+        const refreshed = e.lastRefreshedAt
+            ? `last refresh ${e.lastRefreshedAt.split('T')[0]}`
+            : 'never refreshed';
+        console.log(`${e.workshopId}\t${e.path}\t[${status}, ${refreshed}, installed ${installed}]`);
+    }
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE5D,MAAM,UAAU,OAAO;IACrB,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,cAAc,YAAY,EAAE,GAAG,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,iCAAiC,CAAC;QACjE,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,eAAe;YACjC,CAAC,CAAC,gBAAgB,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACnD,CAAC,CAAC,iBAAiB,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,IAAI,MAAM,MAAM,KAAK,SAAS,eAAe,SAAS,GAAG,CAAC,CAAC;IAC/F,CAAC;AACH,CAAC"}

package/dist/commands/refresh.d.ts

@@ -0,0 +1,8 @@
+export interface RefreshOptions {
+    workshopId: string;
+    /** Working directory of the cloned workshop. Defaults to cwd. */
+    cwd?: string;
+    /** Run `git pull` after refreshing the remote URL. */
+    pull?: boolean;
+}
+export declare function runRefresh(opts: RefreshOptions): Promise<void>;

package/dist/commands/refresh.js

@@ -0,0 +1,69 @@
+import { resolveBearerToken } from '../auth/resolve-token.js';
+import { callRemoteTool, parseStructured } from '../proxy/call-tool.js';
+import { ensureGitInstalled, git, cleanRemoteUrl } from '../git.js';
+export async function runRefresh(opts) {
+    ensureGitInstalled();
+    const cwd = opts.cwd ?? process.cwd();
+    // Safety: only operate on a working tree that is a clone of the workshop's
+    // repo. Mismatched origin URLs (or non-git dirs) are almost always the
+    // user being in the wrong directory. Require an explicit --cwd if the
+    // caller knows what they're doing.
+    ensureWorkshopRepo(cwd, opts.workshopId);
+    const bearerToken = await resolveBearerToken();
+    const result = await callRemoteTool({
+        bearerToken,
+        name: 'refresh_workshop_repo',
+        args: { workshop_id: opts.workshopId },
+    });
+    if (result.isError) {
+        throw new Error(`Refresh failed: ${formatToolError(result)}`);
+    }
+    const data = parseStructured(result);
+    if (!data?.clone_url) {
+        throw new Error('Refresh returned no clone URL.');
+    }
+    const cleanUrl = cleanRemoteUrl(data.clone_url);
+    const setUrl = git(['remote', 'set-url', 'origin', data.clone_url], { cwd });
+    if (setUrl.status !== 0) {
+        throw new Error(`git remote set-url failed: ${setUrl.stderr.trim()}`);
+    }
+    try {
+        if (opts.pull) {
+            const pull = git(['pull', '--ff-only'], { cwd });
+            if (pull.status !== 0) {
+                throw new Error(`git pull failed: ${pull.stderr.trim()}`);
+            }
+            console.error(pull.stdout.trim());
+        }
+    }
+    finally {
+        git(['remote', 'set-url', 'origin', cleanUrl], { cwd });
+    }
+}
+function ensureWorkshopRepo(cwd, workshopId) {
+    const inGit = git(['rev-parse', '--is-inside-work-tree'], { cwd });
+    if (inGit.status !== 0 || inGit.stdout.trim() !== 'true') {
+        throw new Error(`Not inside a git working tree: ${cwd}`);
+    }
+    const remote = git(['remote', 'get-url', 'origin'], { cwd });
+    if (remote.status !== 0) {
+        throw new Error(`No origin remote in ${cwd}.`);
+    }
+    const url = remote.stdout.trim();
+    // Match either schuettc/<repo>.git or <org>/<repo>.git, with or without
+    // an embedded x-access-token. Any URL containing the workshop's slug
+    // suffix is acceptable — we don't pin the org so users can move repos.
+    const expectedSlugSuffix = `learning-with-court-${workshopId}`;
+    if (!url.includes(expectedSlugSuffix)) {
+        throw new Error(`Refusing to refresh: cwd's origin (${url}) is not a clone of workshop "${workshopId}".\n` +
+            `Run from inside the cloned workshop dir, or pass --cwd <path>.`);
+    }
+}
+function formatToolError(result) {
+    return result.content
+        .map((c) => c.text ?? '')
+        .filter(Boolean)
+        .join(' ')
+        .trim() || 'unknown error';
+}
+//# sourceMappingURL=refresh.js.map

package/dist/commands/refresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../src/commands/refresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAgBpE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAoB;IACnD,kBAAkB,EAAE,CAAC;IACrB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAEtC,2EAA2E;IAC3E,uEAAuE;IACvE,sEAAsE;IACtE,mCAAmC;IACnC,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAEzC,MAAM,WAAW,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;QAClC,WAAW;QACX,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE;KACvC,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,mBAAmB,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAkB,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YACjD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,UAAkB;IACzD,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,uBAAuB,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IACnE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,GAAG,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACjC,wEAAwE;IACxE,qEAAqE;IACrE,uEAAuE;IACvE,MAAM,kBAAkB,GAAG,uBAAuB,UAAU,EAAE,CAAC;IAC/D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,sCAAsC,GAAG,iCAAiC,UAAU,MAAM;YACxF,gEAAgE,CACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,MAA2D;IAClF,OAAO,MAAM,CAAC,OAAO;SAClB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC;SACT,IAAI,EAAE,IAAI,eAAe,CAAC;AAC/B,CAAC"}

package/dist/commands/remove.d.ts

@@ -0,0 +1,5 @@
+export interface RemoveOptions {
+    workshopId: string;
+    deleteFiles: boolean;
+}
+export declare function runRemove(opts: RemoveOptions): void;

package/dist/commands/remove.js

@@ -0,0 +1,19 @@
+import * as fs from 'node:fs';
+import { getInstall, removeFromRegistry } from '../registry.js';
+export function runRemove(opts) {
+    const entry = getInstall(opts.workshopId);
+    if (!entry) {
+        console.error(`No workshop "${opts.workshopId}" registered.`);
+        process.exit(1);
+    }
+    if (opts.deleteFiles && fs.existsSync(entry.path)) {
+        console.error(`Deleting ${entry.path}...`);
+        fs.rmSync(entry.path, { recursive: true, force: true });
+    }
+    else if (fs.existsSync(entry.path)) {
+        console.error(`Note: ${entry.path} still exists on disk (pass --delete-files to remove it too).`);
+    }
+    removeFromRegistry(opts.workshopId);
+    console.error(`Removed "${opts.workshopId}" from the registry.`);
+}
+//# sourceMappingURL=remove.js.map

package/dist/commands/remove.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove.js","sourceRoot":"","sources":["../../src/commands/remove.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAOhE,MAAM,UAAU,SAAS,CAAC,IAAmB;IAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,UAAU,eAAe,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,KAAK,CAAC,YAAY,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC;QAC3C,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;SAAM,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CACX,SAAS,KAAK,CAAC,IAAI,+DAA+D,CACnF,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpC,OAAO,CAAC,KAAK,CAAC,YAAY,IAAI,CAAC,UAAU,sBAAsB,CAAC,CAAC;AACnE,CAAC"}