@lnar/cli 0.0.1-dev.1da013d

package/dist/commands/sync.d.ts

@@ -0,0 +1,4 @@
+export type SyncCommandOptions = {
+    dryRun?: boolean;
+};
+export declare const runSync: (options?: SyncCommandOptions) => Promise<void>;

package/dist/commands/sync.js

@@ -0,0 +1,96 @@
+import { hostname } from 'node:os';
+import { ApiError, postSnapshot } from '../api-client.js';
+import { DEFAULT_CLIENT_ID, loadConfig, saveConfig } from '../config.js';
+import { OAuthError, refreshAccessToken } from '../oauth-client.js';
+import { runAllScanners } from '../scanners/index.js';
+const ACCESS_TOKEN_REFRESH_SKEW_SECONDS = 60;
+const isAccessTokenExpired = (config) => {
+    if (!config.accessTokenExpiresAt)
+        return false;
+    const expires = Date.parse(config.accessTokenExpiresAt);
+    if (Number.isNaN(expires))
+        return true;
+    return expires - Date.now() < ACCESS_TOKEN_REFRESH_SKEW_SECONDS * 1000;
+};
+const refreshIfNeeded = async (config) => {
+    if (!config.accessToken)
+        return config;
+    if (!isAccessTokenExpired(config))
+        return config;
+    if (!config.refreshToken) {
+        process.stderr.write('lnar: access token expired and no refresh token available. Run `lnar login`.\n');
+        process.exit(1);
+    }
+    const clientId = config.clientId ?? DEFAULT_CLIENT_ID;
+    let token;
+    try {
+        token = await refreshAccessToken(config.apiBaseUrl, clientId, config.refreshToken);
+    }
+    catch (err) {
+        if (err instanceof OAuthError && err.errorCode === 'invalid_grant') {
+            process.stderr.write('lnar: refresh token expired or revoked. Run `lnar login`.\n');
+            process.exit(1);
+        }
+        throw err;
+    }
+    const accessTokenExpiresAt = new Date(Date.now() + token.expires_in * 1000).toISOString();
+    const next = {
+        apiBaseUrl: config.apiBaseUrl,
+        accessToken: token.access_token,
+        refreshToken: token.refresh_token ?? config.refreshToken,
+        accessTokenExpiresAt,
+        scopes: token.scope ? token.scope.split(' ') : config.scopes,
+        clientId,
+    };
+    await saveConfig(next);
+    return { ...next, savedAt: new Date().toISOString() };
+};
+const bearerFor = (config) => {
+    if (config.accessToken)
+        return config.accessToken;
+    if (config.apiKey)
+        return config.apiKey;
+    throw new Error('No credentials available');
+};
+export const runSync = async (options = {}) => {
+    const initial = await loadConfig();
+    if (initial == null) {
+        process.stderr.write('lnar: not logged in. Run `lnar login` first.\n');
+        process.exit(1);
+    }
+    const config = await refreshIfNeeded(initial);
+    const agents = await runAllScanners();
+    const scan = {
+        hostname: hostname(),
+        scannedAt: new Date().toISOString(),
+        agents,
+    };
+    if (agents.length === 0) {
+        process.stdout.write('No AI agents with MCP servers detected. Nothing to sync.\n');
+        return;
+    }
+    if (options.dryRun) {
+        process.stdout.write(`${JSON.stringify(scan, null, 2)}\n`);
+        process.stdout.write('(dry-run: not uploaded)\n');
+        return;
+    }
+    try {
+        const result = await postSnapshot(config.apiBaseUrl, bearerFor(config), scan);
+        process.stdout.write(`Synced ${result.agents.length} agent${result.agents.length === 1 ? '' : 's'} to ${config.apiBaseUrl}\n`);
+        for (const a of result.agents) {
+            process.stdout.write(`  - ${a.agent_kind.padEnd(16)} ${a.mcp_server_count} MCP server${a.mcp_server_count === 1 ? '' : 's'}\n`);
+        }
+    }
+    catch (err) {
+        if (err instanceof ApiError) {
+            if (err.status === 401) {
+                process.stderr.write('lnar: not authorized (token may be expired). Run `lnar login`.\n');
+                process.exit(1);
+            }
+            process.stderr.write(`lnar: ${err.message}\n`);
+            process.exit(1);
+        }
+        throw err;
+    }
+};
+//# sourceMappingURL=sync.js.map

package/dist/commands/sync.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.js","sourceRoot":"","sources":["../../src/commands/sync.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAClC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AACzD,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,UAAU,EAAqB,MAAM,cAAc,CAAA;AAC3F,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAOrD,MAAM,iCAAiC,GAAG,EAAE,CAAA;AAE5C,MAAM,oBAAoB,GAAG,CAAC,MAAoB,EAAW,EAAE;IAC7D,IAAI,CAAC,MAAM,CAAC,oBAAoB;QAAE,OAAO,KAAK,CAAA;IAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;IACvD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAA;IACtC,OAAO,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iCAAiC,GAAG,IAAI,CAAA;AACxE,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,KAAK,EAAE,MAAoB,EAAyB,EAAE;IAC5E,IAAI,CAAC,MAAM,CAAC,WAAW;QAAE,OAAO,MAAM,CAAA;IACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAA;IAChD,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gFAAgF,CACjF,CAAA;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,iBAAiB,CAAA;IACrD,IAAI,KAAK,CAAA;IACT,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;IACpF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,UAAU,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;YACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6DAA6D,CAC9D,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;IACD,MAAM,oBAAoB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAA;IACzF,MAAM,IAAI,GAAkC;QAC1C,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,WAAW,EAAE,KAAK,CAAC,YAAY;QAC/B,YAAY,EAAE,KAAK,CAAC,aAAa,IAAI,MAAM,CAAC,YAAY;QACxD,oBAAoB;QACpB,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM;QAC5D,QAAQ;KACT,CAAA;IACD,MAAM,UAAU,CAAC,IAAI,CAAC,CAAA;IACtB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAA;AACvD,CAAC,CAAA;AAED,MAAM,SAAS,GAAG,CAAC,MAAoB,EAAU,EAAE;IACjD,IAAI,MAAM,CAAC,WAAW;QAAE,OAAO,MAAM,CAAC,WAAW,CAAA;IACjD,IAAI,MAAM,CAAC,MAAM;QAAE,OAAO,MAAM,CAAC,MAAM,CAAA;IACvC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;AAC7C,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,KAAK,EAAE,UAA8B,EAAE,EAAiB,EAAE;IAC/E,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAA;IAClC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAA;QACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;IAE7C,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAA;IACrC,MAAM,IAAI,GAAe;QACvB,QAAQ,EAAE,QAAQ,EAAE;QACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM;KACP,CAAA;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAClF,OAAM;IACR,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAA;QACjD,OAAM;IACR,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAA;QAC7E,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,MAAM,CAAC,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,MAAM,CAAC,UAAU,IAAI,CACzG,CAAA;QACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,OAAO,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,gBAAgB,cAAc,CAAC,CAAC,gBAAgB,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAC1G,CAAA;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;YAC5B,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kEAAkE,CACnE,CAAA;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,OAAO,IAAI,CAAC,CAAA;YAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA"}

package/dist/commands/up.d.ts

@@ -0,0 +1,3 @@
+import { type LoginOptions } from './login.js';
+export type UpOptions = LoginOptions;
+export declare const runUp: (options?: UpOptions) => Promise<void>;

package/dist/commands/up.js

@@ -0,0 +1,27 @@
+/**
+ * `lnar up` — Tailscale 風の "全部入り" 導線。
+ *
+ * 1. `~/.config/lnar/auth.json` を読んで、認証済みでなければ device flow を起動する
+ * 2. OS の常駐サービスとして登録 (macOS=launchd / Linux=systemd / Windows=Task Scheduler)
+ *
+ * 認証済みかどうかは「資格情報ファイルが存在し、accessToken or apiKey が入っているか」で
+ * 判断する。トークンの有効期限は daemon 側の API クライアントが refresh するので、
+ * ここでは「あれば良し」とする (Tailscale も同様で、`tailscale up` は token が
+ * 失効していてもまずは upload を試み、失敗時に re-auth プロンプトを出す)。
+ */
+import { loadConfig } from '../config.js';
+import { runDaemonInstall } from '../service/install.js';
+import { runLogin } from './login.js';
+export const runUp = async (options = {}) => {
+    const config = await loadConfig();
+    if (config == null) {
+        process.stdout.write('No credentials found — starting device authorization first.\n\n');
+        await runLogin(options);
+        process.stdout.write('\n');
+    }
+    else {
+        process.stdout.write(`Using existing credentials (${config.apiBaseUrl}).\n\n`);
+    }
+    await runDaemonInstall();
+};
+//# sourceMappingURL=up.js.map

package/dist/commands/up.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"up.js","sourceRoot":"","sources":["../../src/commands/up.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAqB,QAAQ,EAAE,MAAM,YAAY,CAAC;AAIzD,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,UAAqB,EAAE,EAAiB,EAAE;IACpE,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACxF,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,MAAM,CAAC,UAAU,QAAQ,CAAC,CAAC;IACjF,CAAC;IACD,MAAM,gBAAgB,EAAE,CAAC;AAC3B,CAAC,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,25 @@
+import { z } from 'zod';
+/**
+ * 永続化される CLI 認証情報。
+ *
+ * `apiKey` (legacy, lnar_pat_xxx) と `accessToken` (OAuth, lnar_oat_xxx) の
+ * 両方を許容する。`accessToken` がある場合は `refreshToken` で更新可能。
+ * 期限切れ・refresh 失敗時は再ログインを案内する。
+ */
+declare const StoredConfig: z.ZodObject<{
+    apiBaseUrl: z.ZodString;
+    savedAt: z.ZodString;
+    apiKey: z.ZodOptional<z.ZodString>;
+    accessToken: z.ZodOptional<z.ZodString>;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    accessTokenExpiresAt: z.ZodOptional<z.ZodString>;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    clientId: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type StoredConfig = z.infer<typeof StoredConfig>;
+export declare const DEFAULT_API_BASE_URL: string;
+export declare const DEFAULT_CLIENT_ID = "lnar-cli";
+export declare const configPath: (home?: string) => string;
+export declare const loadConfig: (home?: string) => Promise<StoredConfig | null>;
+export declare const saveConfig: (config: Omit<StoredConfig, "savedAt">, home?: string) => Promise<string>;
+export {};

package/dist/config.js

@@ -0,0 +1,82 @@
+import { readFileSync } from 'node:fs';
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { z } from 'zod';
+/**
+ * 永続化される CLI 認証情報。
+ *
+ * `apiKey` (legacy, lnar_pat_xxx) と `accessToken` (OAuth, lnar_oat_xxx) の
+ * 両方を許容する。`accessToken` がある場合は `refreshToken` で更新可能。
+ * 期限切れ・refresh 失敗時は再ログインを案内する。
+ */
+const StoredConfig = z
+    .object({
+    apiBaseUrl: z.string().url(),
+    savedAt: z.string(),
+    apiKey: z.string().optional(),
+    accessToken: z.string().optional(),
+    refreshToken: z.string().optional(),
+    accessTokenExpiresAt: z.string().optional(),
+    scopes: z.array(z.string()).optional(),
+    clientId: z.string().optional(),
+})
+    .refine((c) => c.apiKey != null || c.accessToken != null, {
+    message: 'config must have either apiKey or accessToken',
+});
+/**
+ * デフォルト API base URL の優先順位:
+ *   1. 環境変数 `LNAR_API_BASE_URL` (一時的に切り替えたい開発者向け)
+ *   2. package.json の `lnar:defaultApiBaseUrl` (npm dist-tag ごとに CI が書き換える)
+ *      - `@lnar/cli@latest`  → "https://api.lnar.ai"
+ *      - `@lnar/cli@dev`     → "https://api-dev.lnar.ai"
+ *   3. ハードコード fallback "https://api.lnar.ai" (公開直前の安全装置)
+ *
+ * これにより `npx @lnar/cli login` と `npx @lnar/cli@dev login` がそれぞれ
+ * 自然と本番/dev を向く。
+ */
+const readPackagedDefaultUrl = () => {
+    try {
+        const here = dirname(fileURLToPath(import.meta.url));
+        // dist/config.js → ../package.json
+        const pkgPath = join(here, '..', 'package.json');
+        const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+        return pkg['lnar:defaultApiBaseUrl'];
+    }
+    catch {
+        return undefined;
+    }
+};
+export const DEFAULT_API_BASE_URL = process.env.LNAR_API_BASE_URL ?? readPackagedDefaultUrl() ?? 'https://api.lnar.ai';
+export const DEFAULT_CLIENT_ID = 'lnar-cli';
+export const configPath = (home = homedir()) => join(home, '.config', 'lnar', 'auth.json');
+// 旧ファイル名: CLI ディレクトリ rename (monitor → cli) に合わせて auth.json に移行した。
+// 既存開発者の手元にある旧ファイルを読み込んで自然に移行できるよう fallback を残す。
+const legacyConfigPath = (home) => join(home, '.config', 'lnar', 'monitor.json');
+export const loadConfig = async (home = homedir()) => {
+    const tryRead = async (path) => {
+        try {
+            const text = await readFile(path, 'utf-8');
+            return StoredConfig.parse(JSON.parse(text));
+        }
+        catch (err) {
+            const code = err.code;
+            if (code === 'ENOENT')
+                return null;
+            throw err;
+        }
+    };
+    const fromNew = await tryRead(configPath(home));
+    if (fromNew != null)
+        return fromNew;
+    return tryRead(legacyConfigPath(home));
+};
+export const saveConfig = async (config, home = homedir()) => {
+    const path = configPath(home);
+    await mkdir(dirname(path), { recursive: true, mode: 0o700 });
+    const next = { ...config, savedAt: new Date().toISOString() };
+    await writeFile(path, JSON.stringify(next, null, 2), { mode: 0o600 });
+    return path;
+};
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;GAMG;AACH,MAAM,YAAY,GAAG,CAAC;KACnB,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,IAAI,IAAI,CAAC,CAAC,WAAW,IAAI,IAAI,EAAE;IACxD,OAAO,EAAE,+CAA+C;CACzD,CAAC,CAAC;AAGL;;;;;;;;;;GAUG;AACH,MAAM,sBAAsB,GAAG,GAAuB,EAAE;IACtD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,mCAAmC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAEpD,CAAC;QACF,OAAO,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAC/B,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,sBAAsB,EAAE,IAAI,qBAAqB,CAAC;AAErF,MAAM,CAAC,MAAM,iBAAiB,GAAG,UAAU,CAAC;AAE5C,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAAe,OAAO,EAAE,EAAU,EAAE,CAC7D,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AAE7C,mEAAmE;AACnE,iDAAiD;AACjD,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAU,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AAEjG,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,OAAe,OAAO,EAAE,EAAgC,EAAE;IACzF,MAAM,OAAO,GAAG,KAAK,EAAE,IAAY,EAAgC,EAAE;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;YACjD,IAAI,IAAI,KAAK,QAAQ;gBAAE,OAAO,IAAI,CAAC;YACnC,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAChD,IAAI,OAAO,IAAI,IAAI;QAAE,OAAO,OAAO,CAAC;IACpC,OAAO,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,MAAqC,EACrC,OAAe,OAAO,EAAE,EACP,EAAE;IACnB,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,MAAM,IAAI,GAAiB,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC5E,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC,CAAC"}

package/dist/hash.d.ts

@@ -0,0 +1,7 @@
+export declare const hashConfig: (parts: {
+    transport: string;
+    command?: string;
+    args?: ReadonlyArray<string>;
+    url?: string;
+    envKeys?: ReadonlyArray<string>;
+}) => string;

package/dist/hash.js

@@ -0,0 +1,12 @@
+import { createHash } from 'node:crypto';
+export const hashConfig = (parts) => {
+    const canonical = JSON.stringify({
+        transport: parts.transport,
+        command: parts.command ?? null,
+        args: parts.args ?? [],
+        url: parts.url ?? null,
+        envKeys: [...(parts.envKeys ?? [])].sort(),
+    });
+    return createHash('sha256').update(canonical).digest('hex').slice(0, 16);
+};
+//# sourceMappingURL=hash.js.map

package/dist/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../src/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,KAM1B,EAAU,EAAE;IACX,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;QAC9B,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE;QACtB,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,IAAI;QACtB,OAAO,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE;KAC3C,CAAC,CAAC;IACH,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3E,CAAC,CAAC"}

package/dist/oauth-client.d.ts

@@ -0,0 +1,32 @@
+/**
+ * OAuth 2.0 Device Authorization Grant (RFC 8628) クライアント実装。
+ *
+ * @lnar/cli は public client (`client_id=lnar-cli`) としてサーバーに
+ * 登録されている。secret は持たず、ブラウザでユーザーが user_code を承認すると
+ * access_token + refresh_token を取得する。
+ */
+export declare const DEVICE_CODE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+export interface DeviceAuthorizationResponse {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+}
+export interface TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    scope: string;
+}
+export declare class OAuthError extends Error {
+    status: number;
+    errorCode: string;
+    constructor(status: number, errorCode: string, description: string);
+}
+export declare const requestDeviceAuthorization: (apiBaseUrl: string, clientId: string, scopes: ReadonlyArray<string>) => Promise<DeviceAuthorizationResponse>;
+export declare const pollForToken: (apiBaseUrl: string, clientId: string, deviceCode: string) => Promise<TokenResponse>;
+export declare const refreshAccessToken: (apiBaseUrl: string, clientId: string, refreshToken: string) => Promise<TokenResponse>;
+export declare const sleep: (ms: number) => Promise<void>;

package/dist/oauth-client.js

@@ -0,0 +1,62 @@
+/**
+ * OAuth 2.0 Device Authorization Grant (RFC 8628) クライアント実装。
+ *
+ * @lnar/cli は public client (`client_id=lnar-cli`) としてサーバーに
+ * 登録されている。secret は持たず、ブラウザでユーザーが user_code を承認すると
+ * access_token + refresh_token を取得する。
+ */
+export const DEVICE_CODE_GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
+export class OAuthError extends Error {
+    status;
+    errorCode;
+    constructor(status, errorCode, description) {
+        super(`${errorCode}: ${description}`);
+        this.status = status;
+        this.errorCode = errorCode;
+    }
+}
+async function postForm(baseUrl, path, body) {
+    const url = new URL(path, baseUrl).toString();
+    const response = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams(body).toString(),
+    });
+    const text = await response.text();
+    let parsed;
+    try {
+        parsed = text ? JSON.parse(text) : {};
+    }
+    catch {
+        parsed = { error: 'invalid_response', error_description: text };
+    }
+    if (!response.ok) {
+        const errBody = parsed;
+        throw new OAuthError(response.status, errBody.error ?? 'unknown_error', errBody.error_description ?? response.statusText);
+    }
+    return parsed;
+}
+export const requestDeviceAuthorization = async (apiBaseUrl, clientId, scopes) => {
+    return postForm(apiBaseUrl, '/oauth/device/authorize', {
+        client_id: clientId,
+        scope: scopes.join(' '),
+    });
+};
+export const pollForToken = async (apiBaseUrl, clientId, deviceCode) => {
+    return postForm(apiBaseUrl, '/oauth/token', {
+        grant_type: DEVICE_CODE_GRANT_TYPE,
+        client_id: clientId,
+        device_code: deviceCode,
+    });
+};
+export const refreshAccessToken = async (apiBaseUrl, clientId, refreshToken) => {
+    return postForm(apiBaseUrl, '/oauth/token', {
+        grant_type: 'refresh_token',
+        client_id: clientId,
+        refresh_token: refreshToken,
+    });
+};
+export const sleep = (ms) => new Promise((resolve) => {
+    setTimeout(resolve, ms);
+});
+//# sourceMappingURL=oauth-client.js.map

package/dist/oauth-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,8CAA8C,CAAC;AAmBrF,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,MAAM,CAAS;IACf,SAAS,CAAS;IAClB,YAAY,MAAc,EAAE,SAAiB,EAAE,WAAmB;QAChE,KAAK,CAAC,GAAG,SAAS,KAAK,WAAW,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CACrB,OAAe,EACf,IAAY,EACZ,IAA4B;IAE5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;KAC3C,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC;IAClE,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAwD,CAAC;QACzE,MAAM,IAAI,UAAU,CAClB,QAAQ,CAAC,MAAM,EACf,OAAO,CAAC,KAAK,IAAI,eAAe,EAChC,OAAO,CAAC,iBAAiB,IAAI,QAAQ,CAAC,UAAU,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,MAAW,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,EAC7C,UAAkB,EAClB,QAAgB,EAChB,MAA6B,EACS,EAAE;IACxC,OAAO,QAAQ,CAA8B,UAAU,EAAE,yBAAyB,EAAE;QAClF,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KACxB,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,UAAkB,EAClB,QAAgB,EAChB,UAAkB,EACM,EAAE;IAC1B,OAAO,QAAQ,CAAgB,UAAU,EAAE,cAAc,EAAE;QACzD,UAAU,EAAE,sBAAsB;QAClC,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,UAAU;KACxB,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,UAAkB,EAClB,QAAgB,EAChB,YAAoB,EACI,EAAE;IAC1B,OAAO,QAAQ,CAAgB,UAAU,EAAE,cAAc,EAAE;QACzD,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,EAAU,EAAiB,EAAE,CACjD,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;IACtB,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC1B,CAAC,CAAC,CAAC"}

package/dist/pending-client.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Bidirectional control: lnar API の pending_changes との RPC クライアント。
+ *
+ * - `GET /v1/monitoring/pending?hostname=...&status=pending` で取りに行く
+ * - `POST /v1/monitoring/pending/{id}/applied` で適用完了報告
+ * - `POST /v1/monitoring/pending/{id}/failed` で失敗報告
+ *
+ * 認証は OAuth access token (`Bearer lnar_oat_...`)。env 値は一切扱わない。
+ */
+export type PendingAction = 'add_server' | 'remove_server' | 'install_plugin' | 'uninstall_plugin' | 'enable_plugin' | 'disable_plugin';
+export type PendingStatus = 'pending' | 'applied' | 'failed' | 'cancelled';
+export type AgentKind = 'claude_code' | 'codex' | 'cursor' | 'gemini_cli' | 'chatgpt';
+export type SourceScope = 'global' | 'project' | 'local' | 'remote';
+export type PluginScope = 'user' | 'local' | 'project';
+export interface PendingSpec {
+    transport: 'stdio' | 'http' | 'sse';
+    command?: string | null;
+    args?: string[] | null;
+    url?: string | null;
+    envKeys?: string[] | null;
+}
+export interface PendingChange {
+    id: string;
+    agent_id: string;
+    action: PendingAction;
+    target_name: string;
+    spec: PendingSpec | null;
+    requested_by: string;
+    requested_at: string;
+    status: PendingStatus;
+    applied_at: string | null;
+    error: string | null;
+    agent_kind: AgentKind;
+    hostname: string;
+    source_scope: SourceScope | PluginScope | null;
+    project_path: string | null;
+}
+export declare const listPendingForHost: (baseUrl: string, token: string, hostname: string) => Promise<PendingChange[]>;
+export declare const reportApplied: (baseUrl: string, token: string, changeId: string) => Promise<void>;
+export declare const reportFailed: (baseUrl: string, token: string, changeId: string, error: string) => Promise<void>;

package/dist/pending-client.js

@@ -0,0 +1,48 @@
+/**
+ * Bidirectional control: lnar API の pending_changes との RPC クライアント。
+ *
+ * - `GET /v1/monitoring/pending?hostname=...&status=pending` で取りに行く
+ * - `POST /v1/monitoring/pending/{id}/applied` で適用完了報告
+ * - `POST /v1/monitoring/pending/{id}/failed` で失敗報告
+ *
+ * 認証は OAuth access token (`Bearer lnar_oat_...`)。env 値は一切扱わない。
+ */
+import { ApiError } from './api-client.js';
+async function jsonOrError(response) {
+    if (!response.ok) {
+        const text = await response.text().catch(() => '');
+        throw new ApiError(response.status, text);
+    }
+    if (response.status === 204)
+        return undefined;
+    return (await response.json());
+}
+const auth = (token) => ({
+    Authorization: `Bearer ${token}`,
+    'Content-Type': 'application/json',
+});
+export const listPendingForHost = async (baseUrl, token, hostname) => {
+    const url = new URL('/v1/monitoring/pending', baseUrl);
+    url.searchParams.set('hostname', hostname);
+    url.searchParams.set('status', 'pending');
+    const response = await fetch(url.toString(), { headers: auth(token) });
+    return jsonOrError(response);
+};
+export const reportApplied = async (baseUrl, token, changeId) => {
+    const url = new URL(`/v1/monitoring/pending/${encodeURIComponent(changeId)}/applied`, baseUrl);
+    const response = await fetch(url.toString(), {
+        method: 'POST',
+        headers: auth(token),
+    });
+    await jsonOrError(response);
+};
+export const reportFailed = async (baseUrl, token, changeId, error) => {
+    const url = new URL(`/v1/monitoring/pending/${encodeURIComponent(changeId)}/failed`, baseUrl);
+    const response = await fetch(url.toString(), {
+        method: 'POST',
+        headers: auth(token),
+        body: JSON.stringify({ error }),
+    });
+    await jsonOrError(response);
+};
+//# sourceMappingURL=pending-client.js.map

package/dist/pending-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pending-client.js","sourceRoot":"","sources":["../src/pending-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AA2C3C,KAAK,UAAU,WAAW,CAAI,QAAkB;IAC9C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,SAAyB,CAAC;IAC9D,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;AACtC,CAAC;AAED,MAAM,IAAI,GAAG,CAAC,KAAa,EAA0B,EAAE,CAAC,CAAC;IACvD,aAAa,EAAE,UAAU,KAAK,EAAE;IAChC,cAAc,EAAE,kBAAkB;CACnC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,OAAe,EACf,KAAa,EACb,QAAgB,EACU,EAAE;IAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC3C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,OAAO,WAAW,CAAkB,QAAQ,CAAC,CAAC;AAChD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,OAAe,EACf,KAAa,EACb,QAAgB,EACD,EAAE;IACjB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,0BAA0B,kBAAkB,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;QAC3C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC;KACrB,CAAC,CAAC;IACH,MAAM,WAAW,CAAU,QAAQ,CAAC,CAAC;AACvC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,OAAe,EACf,KAAa,EACb,QAAgB,EAChB,KAAa,EACE,EAAE;IACjB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,0BAA0B,kBAAkB,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;QAC3C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC;QACpB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,WAAW,CAAU,QAAQ,CAAC,CAAC;AACvC,CAAC,CAAC"}

package/dist/scanners/_normalize.d.ts

@@ -0,0 +1,13 @@
+import type { McpServerEntry, SourceScope } from '../types.js';
+export type RawMcpEntry = {
+    command?: unknown;
+    args?: unknown;
+    url?: unknown;
+    type?: unknown;
+    transport?: unknown;
+    env?: unknown;
+};
+export declare const normalizeEntry: (name: string, raw: RawMcpEntry, sourceScope: SourceScope, sourcePath: string) => McpServerEntry;
+export declare const extractFromMcpServersField: (data: unknown, field: string, sourceScope: SourceScope, sourcePath: string) => McpServerEntry[];
+export declare const readJsonIfExists: (path: string) => Promise<unknown | null>;
+export declare const readTextIfExists: (path: string) => Promise<string | null>;

package/dist/scanners/_normalize.js

@@ -0,0 +1,76 @@
+import { readFile } from 'node:fs/promises';
+import { hashConfig } from '../hash.js';
+const isStringArray = (v) => Array.isArray(v) && v.every((x) => typeof x === 'string');
+const inferTransport = (raw) => {
+    const t = raw.type ?? raw.transport;
+    const s = typeof t === 'string' ? t.toLowerCase() : undefined;
+    if (s === 'sse')
+        return 'sse';
+    if (s === 'http' || s === 'streamable-http' || s === 'streamable_http')
+        return 'http';
+    if (s === 'stdio')
+        return 'stdio';
+    if (typeof raw.url === 'string')
+        return 'http';
+    if (typeof raw.command === 'string')
+        return 'stdio';
+    return 'stdio';
+};
+const envKeysOf = (env) => {
+    if (env && typeof env === 'object' && !Array.isArray(env)) {
+        return Object.keys(env).sort();
+    }
+    return undefined;
+};
+export const normalizeEntry = (name, raw, sourceScope, sourcePath) => {
+    const transport = inferTransport(raw);
+    const command = typeof raw.command === 'string' ? raw.command : undefined;
+    const args = isStringArray(raw.args) ? raw.args : undefined;
+    const url = typeof raw.url === 'string' ? raw.url : undefined;
+    const envKeys = envKeysOf(raw.env);
+    return {
+        name,
+        transport,
+        command,
+        args,
+        url,
+        envKeys,
+        configHash: hashConfig({ transport, command, args, url, envKeys }),
+        sourceScope,
+        sourcePath,
+    };
+};
+export const extractFromMcpServersField = (data, field, sourceScope, sourcePath) => {
+    if (!data || typeof data !== 'object')
+        return [];
+    const mcp = data[field];
+    if (!mcp || typeof mcp !== 'object' || Array.isArray(mcp))
+        return [];
+    return Object.entries(mcp)
+        .filter(([, v]) => v && typeof v === 'object')
+        .map(([name, raw]) => normalizeEntry(name, raw, sourceScope, sourcePath));
+};
+export const readJsonIfExists = async (path) => {
+    try {
+        const text = await readFile(path, 'utf-8');
+        return JSON.parse(text);
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === 'ENOENT')
+            return null;
+        throw err;
+    }
+};
+export const readTextIfExists = async (path) => {
+    try {
+        return await readFile(path, 'utf-8');
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === 'ENOENT')
+            return null;
+        throw err;
+    }
+};
+//# sourceMappingURL=_normalize.js.map

package/dist/scanners/_normalize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_normalize.js","sourceRoot":"","sources":["../../src/scanners/_normalize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAYxC,MAAM,aAAa,GAAG,CAAC,CAAU,EAAiB,EAAE,CAClD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AAE5D,MAAM,cAAc,GAAG,CAAC,GAAgB,EAAgB,EAAE;IACxD,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,SAAS,CAAC;IACpC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,iBAAiB,IAAI,CAAC,KAAK,iBAAiB;QAAE,OAAO,MAAM,CAAC;IACtF,IAAI,CAAC,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IAClC,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC/C,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IACpD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,GAAY,EAAwB,EAAE;IACvD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1D,OAAO,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,IAAY,EACZ,GAAgB,EAChB,WAAwB,EACxB,UAAkB,EACF,EAAE;IAClB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1E,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,GAAG,GAAG,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO;QACL,IAAI;QACJ,SAAS;QACT,OAAO;QACP,IAAI;QACJ,GAAG;QACH,OAAO;QACP,UAAU,EAAE,UAAU,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QAClE,WAAW;QACX,UAAU;KACX,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,0BAA0B,GAAG,CACxC,IAAa,EACb,KAAa,EACb,WAAwB,EACxB,UAAkB,EACA,EAAE;IACpB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACjD,MAAM,GAAG,GAAI,IAAgC,CAAC,KAAK,CAAC,CAAC;IACrD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IACrE,OAAO,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC;SAClD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,CAAC;SAC7C,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,GAAkB,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;AAC7F,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EAAE,IAAY,EAA2B,EAAE;IAC9E,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EAAE,IAAY,EAA0B,EAAE;IAC7E,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC"}

package/dist/scanners/chatgpt.d.ts

@@ -0,0 +1,20 @@
+import type { AgentSnapshot } from '../types.js';
+/**
+ * ChatGPT Desktop / ChatGPT connectors のスキャナー (placeholder)。
+ *
+ * 現状の制限:
+ *   ChatGPT Desktop (macOS) の connector 一覧は
+ *   `~/Library/Application Support/com.openai.chat/connector-apps-<uuid>/apps.data` に
+ *   **暗号化されたバイナリ** で保存されており、平文の MCP 設定として読めない。
+ *   暗号鍵は OS Keychain (`com.openai.chat`) に格納されている可能性が高く、
+ *   ユーザー同意なくアクセスするのは不適切。
+ *
+ *   したがって本スキャナーは「ChatGPT Desktop が **インストールされている**」ことだけを
+ *   検出し、agent_kind='chatgpt' の空 snapshot を返す。MCP リストの取得は将来 OpenAI 側で
+ *   公開 API が用意されるか、ユーザー操作で明示的に export してもらう必要がある。
+ */
+export declare const chatgptDataDir: (home?: string, os?: NodeJS.Platform) => string | null;
+export declare const scanChatgpt: (options?: {
+    home?: string;
+    platform?: NodeJS.Platform;
+}) => Promise<AgentSnapshot | null>;