@mesrai/cli 0.4.21

package/dist/services/api/sessions.api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.api.d.ts","sourceRoot":"","sources":["../../../src/services/api/sessions.api.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA0GvD,qBAAa,eAAgB,YAAW,YAAY;IAC1C,SAAS,CAAC,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA0C3E"}

package/dist/services/api/sessions.api.js

@@ -0,0 +1,129 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { request } from './api.real.js';
+import { ApiError } from '../../types/errors.js';
+const PENDING_FILE = '.mesrai/pending-events.jsonl';
+const MAX_BUFFER_LINES = 1000;
+const ENDPOINT = '/cli/sessions/events';
+async function getAuthToken() {
+    try {
+        const { authService } = await import('../auth.service.js');
+        return await authService.getValidToken();
+    }
+    catch {
+        return null;
+    }
+}
+function buildHeaders(token) {
+    const isTeamKey = token.startsWith('mesrai_');
+    return isTeamKey
+        ? { 'X-Team-Key': token }
+        : { Authorization: `Bearer ${token}` };
+}
+async function pendingPath(repoRoot) {
+    return path.join(repoRoot, PENDING_FILE);
+}
+async function readPending(repoRoot) {
+    const filePath = await pendingPath(repoRoot);
+    try {
+        const content = await fs.readFile(filePath, 'utf-8');
+        return content.split('\n').filter(Boolean);
+    }
+    catch {
+        return [];
+    }
+}
+async function writePending(repoRoot, lines) {
+    const filePath = await pendingPath(repoRoot);
+    const dir = path.dirname(filePath);
+    await fs.mkdir(dir, { recursive: true });
+    // Truncate old events if buffer exceeds limit
+    const truncated = lines.length > MAX_BUFFER_LINES
+        ? lines.slice(lines.length - MAX_BUFFER_LINES)
+        : lines;
+    await fs.writeFile(filePath, truncated.join('\n') + '\n', 'utf-8');
+}
+async function appendPending(repoRoot, event) {
+    const filePath = await pendingPath(repoRoot);
+    const dir = path.dirname(filePath);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.appendFile(filePath, `${JSON.stringify(event)}\n`, 'utf-8');
+}
+async function postEvent(event, token) {
+    await request(ENDPOINT, {
+        method: 'POST',
+        headers: buildHeaders(token),
+        body: JSON.stringify(event),
+    });
+}
+async function flushPending(repoRoot, token) {
+    const lines = await readPending(repoRoot);
+    if (lines.length === 0) {
+        return;
+    }
+    const failed = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        try {
+            const event = JSON.parse(line);
+            await postEvent(event, token);
+        }
+        catch (error) {
+            if (error instanceof ApiError &&
+                error.statusCode < 500 &&
+                error.statusCode !== 429) {
+                // 4xx (except 429) — discard, retry won't help
+                continue;
+            }
+            // Network or 5xx/429 — API likely unreachable. Bail out and
+            // keep this line plus all remaining for the next flush, so we
+            // don't sit here for hours hitting the same dead endpoint.
+            failed.push(...lines.slice(i));
+            break;
+        }
+    }
+    if (failed.length > 0) {
+        await writePending(repoRoot, failed);
+    }
+    else {
+        // Clean up file
+        const filePath = await pendingPath(repoRoot);
+        await fs.unlink(filePath).catch(() => { });
+    }
+}
+export class RealSessionsApi {
+    async sendEvent(event, repoRoot) {
+        const token = await getAuthToken();
+        if (!token) {
+            if (process.env.MESRAI_VERBOSE) {
+                console.log('[sessions] No auth token, skipping event:', event.type);
+            }
+            return;
+        }
+        // Try to flush pending events first
+        try {
+            await flushPending(repoRoot, token);
+        }
+        catch {
+            // Non-blocking — continue with current event
+        }
+        // Send current event
+        try {
+            await postEvent(event, token);
+        }
+        catch (error) {
+            if (error instanceof ApiError &&
+                error.statusCode < 500 &&
+                error.statusCode !== 429) {
+                // 4xx — discard
+                if (process.env.MESRAI_VERBOSE) {
+                    console.error('[sessions] Discarding event due to client error:', error.statusCode);
+                }
+                return;
+            }
+            // Network or retryable — buffer locally
+            await appendPending(repoRoot, event).catch(() => { });
+        }
+    }
+}
+//# sourceMappingURL=sessions.api.js.map

package/dist/services/api/sessions.api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.api.js","sourceRoot":"","sources":["../../../src/services/api/sessions.api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,aAAa,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAIjD,MAAM,YAAY,GAAG,8BAA8B,CAAC;AACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,QAAQ,GAAG,sBAAsB,CAAC;AAExC,KAAK,UAAU,YAAY;IACvB,IAAI,CAAC;QACD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC3D,OAAO,MAAM,WAAW,CAAC,aAAa,EAAE,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IAC/B,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC9C,OAAO,SAAS;QACZ,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE;QACzB,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;AAC/C,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACvC,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACvC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrD,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,EAAE,CAAC;IACd,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,QAAgB,EAAE,KAAe;IACzD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,8CAA8C;IAC9C,MAAM,SAAS,GACX,KAAK,CAAC,MAAM,GAAG,gBAAgB;QAC3B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,gBAAgB,CAAC;QAC9C,CAAC,CAAC,KAAK,CAAC;IAEhB,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,aAAa,CACxB,QAAgB,EAChB,KAAsB;IAEtB,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,KAAsB,EAAE,KAAa;IAC1D,MAAM,OAAO,CAAO,QAAQ,EAAE;QAC1B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,YAAY,CAAC,KAAK,CAAC;QAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;KAC9B,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,QAAgB,EAAE,KAAa;IACvD,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO;IACX,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;YAClD,MAAM,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IACI,KAAK,YAAY,QAAQ;gBACzB,KAAK,CAAC,UAAU,GAAG,GAAG;gBACtB,KAAK,CAAC,UAAU,KAAK,GAAG,EAC1B,CAAC;gBACC,+CAA+C;gBAC/C,SAAS;YACb,CAAC;YACD,4DAA4D;YAC5D,8DAA8D;YAC9D,2DAA2D;YAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM;QACV,CAAC;IACL,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC;SAAM,CAAC;QACJ,gBAAgB;QAChB,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;AACL,CAAC;AAED,MAAM,OAAO,eAAe;IACxB,KAAK,CAAC,SAAS,CAAC,KAAsB,EAAE,QAAgB;QACpD,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAC;QAEnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CACP,2CAA2C,EAC3C,KAAK,CAAC,IAAI,CACb,CAAC;YACN,CAAC;YACD,OAAO;QACX,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC;YACD,MAAM,YAAY,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACL,6CAA6C;QACjD,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC;YACD,MAAM,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IACI,KAAK,YAAY,QAAQ;gBACzB,KAAK,CAAC,UAAU,GAAG,GAAG;gBACtB,KAAK,CAAC,UAAU,KAAK,GAAG,EAC1B,CAAC;gBACC,gBAAgB;gBAChB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;oBAC7B,OAAO,CAAC,KAAK,CACT,kDAAkD,EAClD,KAAK,CAAC,UAAU,CACnB,CAAC;gBACN,CAAC;gBACD,OAAO;YACX,CAAC;YACD,wCAAwC;YACxC,MAAM,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACzD,CAAC;IACL,CAAC;CACJ"}

package/dist/services/api/trial.api.d.ts

@@ -0,0 +1,10 @@
+import type { TrialStatus } from '../../types/trial.js';
+import type { ITrialApi } from './api.interface.js';
+type RequestWithRetry = <T>(endpoint: string, options?: RequestInit) => Promise<T>;
+export declare class RealTrialApi implements ITrialApi {
+    private readonly requester;
+    constructor(requester?: RequestWithRetry);
+    getStatus(fingerprint: string): Promise<TrialStatus>;
+}
+export {};
+//# sourceMappingURL=trial.api.d.ts.map

package/dist/services/api/trial.api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trial.api.d.ts","sourceRoot":"","sources":["../../../src/services/api/trial.api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAGpD,KAAK,gBAAgB,GAAG,CAAC,CAAC,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,WAAW,KACpB,OAAO,CAAC,CAAC,CAAC,CAAC;AAEhB,qBAAa,YAAa,YAAW,SAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,GAAE,gBAAmC;IAErE,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;CAK7D"}

package/dist/services/api/trial.api.js

@@ -0,0 +1,11 @@
+import { requestWithRetry } from './api-core.js';
+export class RealTrialApi {
+    requester;
+    constructor(requester = requestWithRetry) {
+        this.requester = requester;
+    }
+    async getStatus(fingerprint) {
+        return this.requester(`/cli/trial/status?fingerprint=${fingerprint}`);
+    }
+}
+//# sourceMappingURL=trial.api.js.map

package/dist/services/api/trial.api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trial.api.js","sourceRoot":"","sources":["../../../src/services/api/trial.api.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAOjD,MAAM,OAAO,YAAY;IACQ;IAA7B,YAA6B,YAA8B,gBAAgB;QAA9C,cAAS,GAAT,SAAS,CAAqC;IAAG,CAAC;IAE/E,KAAK,CAAC,SAAS,CAAC,WAAmB;QAC/B,OAAO,IAAI,CAAC,SAAS,CACjB,iCAAiC,WAAW,EAAE,CACjD,CAAC;IACN,CAAC;CACJ"}

package/dist/services/auth.service.d.ts

@@ -0,0 +1,29 @@
+import type { StoredCredentials, UserInfo } from '../types/auth.js';
+import { type DeviceLoginPrompt } from './device-login.service.js';
+declare class AuthService {
+    private cachedCredentials;
+    private refreshInFlight;
+    private getEnvAuthToken;
+    login(email: string, password: string): Promise<void>;
+    loginViaBrowser({ onOpenUrl, }?: {
+        onOpenUrl?: (url: string) => void;
+    }): Promise<UserInfo>;
+    loginViaDeviceCode({ onPrompt, }: {
+        onPrompt: (prompt: DeviceLoginPrompt) => void | Promise<void>;
+    }): Promise<UserInfo>;
+    private buildAuthResponse;
+    logout(): Promise<void>;
+    isAuthenticated(): Promise<boolean>;
+    getCredentials(): Promise<StoredCredentials | null>;
+    getValidToken(): Promise<string>;
+    generateCIToken(): Promise<string>;
+    verifyToken(): Promise<{
+        valid: boolean;
+        user?: any;
+    }>;
+    private storeAuthResponse;
+    private refreshTokenOrFallback;
+}
+export { AuthService };
+export declare const authService: AuthService;
+//# sourceMappingURL=auth.service.d.ts.map

package/dist/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,iBAAiB,EAAgB,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGlF,OAAO,EAEH,KAAK,iBAAiB,EACzB,MAAM,2BAA2B,CAAC;AAInC,cAAM,WAAW;IACb,OAAO,CAAC,iBAAiB,CAAkC;IAC3D,OAAO,CAAC,eAAe,CAAgC;IAEvD,OAAO,CAAC,eAAe;IAcjB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWrD,eAAe,CAAC,EAClB,SAAS,GACZ,GAAE;QACC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;KAChC,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYpB,kBAAkB,CAAC,EACrB,QAAQ,GACX,EAAE;QACC,QAAQ,EAAE,CAAC,MAAM,EAAE,iBAAiB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KACjE,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYrB,OAAO,CAAC,iBAAiB;IAkBnB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAevB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAcnC,cAAc,IAAI,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IASnD,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IA6BhC,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAKlC,WAAW,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;YAU9C,iBAAiB;YAYjB,sBAAsB;CA+BvC;AAED,OAAO,EAAE,WAAW,EAAE,CAAC;AACvB,eAAO,MAAM,WAAW,aAAoB,CAAC"}

package/dist/services/auth.service.js

@@ -0,0 +1,190 @@
+import { api } from './api/index.js';
+import { loadCredentials, saveCredentials, clearCredentials, } from '../utils/credentials.js';
+import { loadConfig, clearConfig } from '../utils/config.js';
+import { AuthError } from '../types/errors.js';
+import { loginViaBrowser } from './browser-login.service.js';
+import { loginViaDeviceCode, } from './device-login.service.js';
+const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000;
+class AuthService {
+    cachedCredentials = null;
+    refreshInFlight = null;
+    getEnvAuthToken() {
+        const token = process.env.MESRAI_TOKEN?.trim();
+        if (token) {
+            return token;
+        }
+        const teamKey = process.env.MESRAI_TEAM_KEY?.trim();
+        if (teamKey) {
+            return teamKey;
+        }
+        return null;
+    }
+    async login(email, password) {
+        const response = await api.auth.login(email, password);
+        await this.storeAuthResponse(response);
+        // Successful login switches auth mode to user credentials.
+        try {
+            await clearConfig();
+        }
+        catch {
+            // Best effort cleanup.
+        }
+    }
+    async loginViaBrowser({ onOpenUrl, } = {}) {
+        const result = await loginViaBrowser({ onOpenUrl });
+        const response = this.buildAuthResponse(result);
+        await this.storeAuthResponse(response);
+        try {
+            await clearConfig();
+        }
+        catch {
+            // Best effort cleanup.
+        }
+        return response.user;
+    }
+    async loginViaDeviceCode({ onPrompt, }) {
+        const result = await loginViaDeviceCode({ onPrompt });
+        const response = this.buildAuthResponse(result);
+        await this.storeAuthResponse(response);
+        try {
+            await clearConfig();
+        }
+        catch {
+            // Best effort cleanup.
+        }
+        return response.user;
+    }
+    buildAuthResponse(input) {
+        const decoded = decodeJwtClaims(input.accessToken);
+        return {
+            accessToken: input.accessToken,
+            refreshToken: input.refreshToken,
+            expiresIn: decoded.expiresIn ?? 3600,
+            user: {
+                id: decoded.sub ?? 'unknown',
+                email: input.userEmail ?? decoded.email ?? 'unknown',
+                orgs: decoded.organizationId ? [decoded.organizationId] : [],
+            },
+        };
+    }
+    async logout() {
+        const credentials = await this.getCredentials();
+        if (credentials) {
+            try {
+                await api.auth.logout(credentials.accessToken);
+            }
+            catch {
+                // Ignore logout errors
+            }
+        }
+        await Promise.all([clearCredentials(), clearConfig()]);
+        this.cachedCredentials = null;
+    }
+    async isAuthenticated() {
+        if (this.getEnvAuthToken()) {
+            return true;
+        }
+        const credentials = await this.getCredentials();
+        if (credentials !== null) {
+            return true;
+        }
+        const config = await loadConfig();
+        return !!config?.teamKey;
+    }
+    async getCredentials() {
+        if (this.cachedCredentials) {
+            return this.cachedCredentials;
+        }
+        this.cachedCredentials = await loadCredentials();
+        return this.cachedCredentials;
+    }
+    async getValidToken() {
+        const envToken = this.getEnvAuthToken();
+        if (envToken) {
+            return envToken;
+        }
+        const credentials = await this.getCredentials();
+        if (credentials) {
+            const isExpired = Date.now() > credentials.expiresAt - TOKEN_REFRESH_BUFFER_MS;
+            if (isExpired) {
+                return this.refreshTokenOrFallback(credentials.refreshToken);
+            }
+            return credentials.accessToken;
+        }
+        const config = await loadConfig();
+        if (config?.teamKey) {
+            return config.teamKey;
+        }
+        throw new AuthError('Not authenticated. Run: mesrai auth login or mesrai auth team-key --key <your-key>');
+    }
+    async generateCIToken() {
+        const token = await this.getValidToken();
+        return api.auth.generateCIToken(token);
+    }
+    async verifyToken() {
+        const credentials = await this.getCredentials();
+        if (!credentials) {
+            return { valid: false };
+        }
+        return api.auth.verify(credentials.accessToken);
+    }
+    async storeAuthResponse(response) {
+        const credentials = {
+            accessToken: response.accessToken,
+            refreshToken: response.refreshToken,
+            expiresAt: Date.now() + response.expiresIn * 1000,
+            user: response.user,
+        };
+        await saveCredentials(credentials);
+        this.cachedCredentials = credentials;
+    }
+    async refreshTokenOrFallback(refreshToken) {
+        if (!this.refreshInFlight) {
+            this.refreshInFlight = (async () => {
+                try {
+                    const response = await api.auth.refresh(refreshToken);
+                    await this.storeAuthResponse(response);
+                    return response.accessToken;
+                }
+                catch {
+                    await clearCredentials();
+                    this.cachedCredentials = null;
+                    const config = await loadConfig();
+                    if (config?.teamKey) {
+                        return config.teamKey;
+                    }
+                    throw new AuthError('Session expired. Run: mesrai auth login');
+                }
+            })();
+        }
+        try {
+            return await this.refreshInFlight;
+        }
+        finally {
+            this.refreshInFlight = null;
+        }
+    }
+}
+export { AuthService };
+export const authService = new AuthService();
+function decodeJwtClaims(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return {};
+        const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+        const expiresIn = typeof payload.exp === 'number'
+            ? Math.max(0, payload.exp - Math.floor(Date.now() / 1000))
+            : undefined;
+        return {
+            sub: payload.sub,
+            email: payload.email,
+            organizationId: payload.organizationId,
+            expiresIn,
+        };
+    }
+    catch {
+        return {};
+    }
+}
+//# sourceMappingURL=auth.service.js.map

package/dist/services/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACH,eAAe,EACf,eAAe,EACf,gBAAgB,GACnB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAE7D,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACH,kBAAkB,GAErB,MAAM,2BAA2B,CAAC;AAEnC,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAE9C,MAAM,WAAW;IACL,iBAAiB,GAA6B,IAAI,CAAC;IACnD,eAAe,GAA2B,IAAI,CAAC;IAE/C,eAAe;QACnB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;QACpD,IAAI,OAAO,EAAE,CAAC;YACV,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,QAAgB;QACvC,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACvC,2DAA2D;QAC3D,IAAI,CAAC;YACD,MAAM,WAAW,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACL,uBAAuB;QAC3B,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,EAClB,SAAS,MAGT,EAAE;QACF,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC;YACD,MAAM,WAAW,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACL,uBAAuB;QAC3B,CAAC;QACD,OAAO,QAAQ,CAAC,IAAI,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACrB,QAAQ,GAGX;QACG,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC;YACD,MAAM,WAAW,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACL,uBAAuB;QAC3B,CAAC;QACD,OAAO,QAAQ,CAAC,IAAI,CAAC;IACzB,CAAC;IAEO,iBAAiB,CAAC,KAIzB;QACG,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACnD,OAAO;YACH,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,IAAI,EAAE;gBACF,EAAE,EAAE,OAAO,CAAC,GAAG,IAAI,SAAS;gBAC5B,KAAK,EAAE,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,IAAI,SAAS;gBACpD,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE;aAC/D;SACJ,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM;QACR,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,WAAW,EAAE,CAAC;YACd,IAAI,CAAC;gBACD,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACL,uBAAuB;YAC3B,CAAC;QACL,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,eAAe;QACjB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;QAClC,OAAO,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,cAAc;QAChB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,iBAAiB,GAAG,MAAM,eAAe,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,aAAa;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,IAAI,QAAQ,EAAE,CAAC;YACX,OAAO,QAAQ,CAAC;QACpB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,SAAS,GACX,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,SAAS,GAAG,uBAAuB,CAAC;YAEjE,IAAI,SAAS,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YACjE,CAAC;YAED,OAAO,WAAW,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;QAClC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YAClB,OAAO,MAAM,CAAC,OAAO,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,SAAS,CACf,oFAAoF,CACvF,CAAC;IACN,CAAC;IAED,KAAK,CAAC,eAAe;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QACzC,OAAO,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,WAAW;QACb,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,QAAsB;QAClD,MAAM,WAAW,GAAsB;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,GAAG,IAAI;YACjD,IAAI,EAAE,QAAQ,CAAC,IAAI;SACtB,CAAC;QAEF,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;IACzC,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAChC,YAAoB;QAEpB,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACxB,IAAI,CAAC,eAAe,GAAG,CAAC,KAAK,IAAI,EAAE;gBAC/B,IAAI,CAAC;oBACD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBACtD,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;oBACvC,OAAO,QAAQ,CAAC,WAAW,CAAC;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACL,MAAM,gBAAgB,EAAE,CAAC;oBACzB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;oBAE9B,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;oBAClC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;wBAClB,OAAO,MAAM,CAAC,OAAO,CAAC;oBAC1B,CAAC;oBAED,MAAM,IAAI,SAAS,CACf,yCAAyC,CAC5C,CAAC;gBACN,CAAC;YACL,CAAC,CAAC,EAAE,CAAC;QACT,CAAC;QAED,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC;QACtC,CAAC;gBAAS,CAAC;YACP,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAChC,CAAC;IACL,CAAC;CACJ;AAED,OAAO,EAAE,WAAW,EAAE,CAAC;AACvB,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAS7C,SAAS,eAAe,CAAC,KAAa;IAClC,IAAI,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GACX,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC3B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC;QACpB,OAAO;YACH,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,SAAS;SACZ,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,EAAE,CAAC;IACd,CAAC;AACL,CAAC"}

package/dist/services/browser-login.service.d.ts

@@ -0,0 +1,23 @@
+export interface BrowserLoginResult {
+    accessToken: string;
+    refreshToken: string;
+    userEmail?: string;
+}
+/**
+ * Loopback OAuth-style login (RFC 8252).
+ *
+ * Flow:
+ *   1. Spin up an HTTP server on a random localhost port.
+ *   2. POST /cli/auth/login-init with that port — backend returns the
+ *      verification URI (already composed from API_FRONTEND_URL on the
+ *      server side, so self-hosted just works).
+ *   3. Open the verification URI in the user's browser.
+ *   4. After the user clicks "Authorize" on the web, the backend redirects
+ *      the browser to http://127.0.0.1:<port>/callback?state=<state>.
+ *   5. Server resolves the callback, then we GET /cli/auth/login-poll?state=
+ *      over HTTPS to fetch the JWT. The token never traverses the browser.
+ */
+export declare function loginViaBrowser({ onOpenUrl, }?: {
+    onOpenUrl?: (url: string) => void;
+}): Promise<BrowserLoginResult>;
+//# sourceMappingURL=browser-login.service.d.ts.map

package/dist/services/browser-login.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-login.service.d.ts","sourceRoot":"","sources":["../../src/services/browser-login.service.ts"],"names":[],"mappings":"AA0BA,MAAM,WAAW,kBAAkB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CAAC,EAClC,SAAS,GACZ,GAAE;IACC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAChC,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA4CnC"}

package/dist/services/browser-login.service.js

@@ -0,0 +1,187 @@
+import http from 'node:http';
+import open from 'open';
+import { cliAuthApi } from './api/cli-auth.api.js';
+const POLL_INTERVAL_MS = 1_000;
+const POLL_MAX_DELAY_MS = 5_000;
+const TOTAL_TIMEOUT_MS = 10 * 60 * 1000;
+const CALLBACK_HTML = `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<title>Mesrai CLI authorized</title>
+<style>
+  body { font: 14px system-ui, sans-serif; padding: 4rem; text-align: center; color: #1f2937; }
+  h1 { font-size: 1.25rem; }
+  p { color: #6b7280; }
+</style>
+</head>
+<body>
+  <h1>You're all set</h1>
+  <p>The Mesrai CLI received your authorization. You can close this tab.</p>
+</body>
+</html>`;
+/**
+ * Loopback OAuth-style login (RFC 8252).
+ *
+ * Flow:
+ *   1. Spin up an HTTP server on a random localhost port.
+ *   2. POST /cli/auth/login-init with that port — backend returns the
+ *      verification URI (already composed from API_FRONTEND_URL on the
+ *      server side, so self-hosted just works).
+ *   3. Open the verification URI in the user's browser.
+ *   4. After the user clicks "Authorize" on the web, the backend redirects
+ *      the browser to http://127.0.0.1:<port>/callback?state=<state>.
+ *   5. Server resolves the callback, then we GET /cli/auth/login-poll?state=
+ *      over HTTPS to fetch the JWT. The token never traverses the browser.
+ */
+export async function loginViaBrowser({ onOpenUrl, } = {}) {
+    const { server, port, callbackPromise } = await startCallbackServer();
+    try {
+        const init = await cliAuthApi.initLoopback(port);
+        if (onOpenUrl) {
+            onOpenUrl(init.verificationUri);
+        }
+        try {
+            await open(init.verificationUri);
+        }
+        catch {
+            // Browser may not be available; user can still copy the URL
+            // manually. The callback server keeps waiting either way.
+        }
+        // Race the callback against an expiry timeout. We MUST cancel the
+        // timer once the callback wins — without `cancel()` the underlying
+        // `setTimeout` keeps the Node event loop alive for the full
+        // `expiresIn` window (10 min by default), so the CLI hangs after a
+        // successful login until the timer naturally fires.
+        const expiry = timeout(init.expiresIn * 1000, 'Authorization timed out. Run `mesrai auth login` again.');
+        let callback;
+        try {
+            callback = await Promise.race([callbackPromise, expiry.promise]);
+        }
+        finally {
+            expiry.cancel();
+        }
+        if (callback.state !== init.state) {
+            throw new Error('Authorization state mismatch. The callback did not match the initial request — refusing to use the response for security reasons.');
+        }
+        const tokens = await pollUntilTerminal(init.state);
+        return tokens;
+    }
+    finally {
+        await closeServer(server);
+    }
+}
+async function startCallbackServer() {
+    let resolveCallback;
+    let rejectCallback;
+    const callbackPromise = new Promise((resolve, reject) => {
+        resolveCallback = resolve;
+        rejectCallback = reject;
+    });
+    const server = http.createServer((req, res) => {
+        if (!req.url) {
+            res.writeHead(400).end();
+            return;
+        }
+        const url = new URL(req.url, 'http://127.0.0.1');
+        if (url.pathname !== '/callback') {
+            res.writeHead(404, { Connection: 'close' }).end();
+            return;
+        }
+        const state = url.searchParams.get('state');
+        const error = url.searchParams.get('error');
+        // Connection: close — keep-alive sockets would block the Node event
+        // loop after server.close(), leaving the CLI hanging when the user
+        // tries to run another command in the same shell.
+        res.writeHead(error ? 400 : 200, {
+            'Content-Type': 'text/html; charset=utf-8',
+            Connection: 'close',
+        });
+        res.end(CALLBACK_HTML);
+        if (error) {
+            rejectCallback(new Error(`Authorization denied: ${error}`));
+            return;
+        }
+        if (!state) {
+            rejectCallback(new Error('Callback missing state parameter'));
+            return;
+        }
+        resolveCallback({ state });
+    });
+    // Don't keep keep-alive sockets idle — the browser will sometimes hold
+    // the connection open after the response, which would prevent the
+    // process from exiting after the login finishes.
+    server.keepAliveTimeout = 0;
+    // Bind only to loopback — never expose this server to other hosts.
+    await new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(0, '127.0.0.1', () => resolve());
+    });
+    const address = server.address();
+    return { server, port: address.port, callbackPromise };
+}
+function closeServer(server) {
+    return new Promise((resolve) => {
+        // closeAllConnections is available on Node 18.2+. Force any
+        // lingering keep-alive sockets to drop so the process can exit.
+        const anyServer = server;
+        try {
+            anyServer.closeIdleConnections?.();
+            anyServer.closeAllConnections?.();
+        }
+        catch {
+            // ignore — best effort
+        }
+        server.close(() => resolve());
+    });
+}
+async function pollUntilTerminal(state) {
+    const startedAt = Date.now();
+    let delay = POLL_INTERVAL_MS;
+    while (Date.now() - startedAt < TOTAL_TIMEOUT_MS) {
+        const response = await cliAuthApi.poll({ state });
+        if (response.status === 'completed') {
+            if (!response.accessToken || !response.refreshToken) {
+                throw new Error('Authorization completed but the server returned no tokens');
+            }
+            return {
+                accessToken: response.accessToken,
+                refreshToken: response.refreshToken,
+                userEmail: response.userEmail,
+            };
+        }
+        if (response.status === 'expired' ||
+            response.status === 'denied' ||
+            response.status === 'consumed' ||
+            response.status === 'not_found') {
+            throw new Error(`Authorization ${response.status}. Run \`mesrai auth login\` again.`);
+        }
+        await sleep(delay);
+        delay = Math.min(delay * 2, POLL_MAX_DELAY_MS);
+    }
+    throw new Error('Authorization timed out while polling for tokens');
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Cancellable timeout: returns a promise that rejects after `ms`, plus a
+ * `cancel()` to clear the underlying timer when the caller no longer
+ * needs it (e.g. when racing against another promise that won). Without
+ * `cancel()`, the unref'd timer would keep the event loop alive for the
+ * full duration even after the race resolved.
+ */
+function timeout(ms, message) {
+    let timer;
+    const promise = new Promise((_, reject) => {
+        timer = setTimeout(() => reject(new Error(message)), ms);
+    });
+    return {
+        promise,
+        cancel: () => {
+            if (timer)
+                clearTimeout(timer);
+        },
+    };
+}
+//# sourceMappingURL=browser-login.service.js.map

package/dist/services/browser-login.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-login.service.js","sourceRoot":"","sources":["../../src/services/browser-login.service.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,UAAU,EAA6B,MAAM,uBAAuB,CAAC;AAE9E,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAChC,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACxC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;QAed,CAAC;AAYT;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAClC,SAAS,MAGT,EAAE;IACF,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAEtE,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEjD,IAAI,SAAS,EAAE,CAAC;YACZ,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACL,4DAA4D;YAC5D,0DAA0D;QAC9D,CAAC;QAED,kEAAkE;QAClE,mEAAmE;QACnE,4DAA4D;QAC5D,mEAAmE;QACnE,oDAAoD;QACpD,MAAM,MAAM,GAAG,OAAO,CAClB,IAAI,CAAC,SAAS,GAAG,IAAI,EACrB,yDAAyD,CAC5D,CAAC;QACF,IAAI,QAAwB,CAAC;QAC7B,IAAI,CAAC;YACD,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACrE,CAAC;gBAAS,CAAC;YACP,MAAM,CAAC,MAAM,EAAE,CAAC;QACpB,CAAC;QAED,IAAI,QAAQ,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACX,mIAAmI,CACtI,CAAC;QACN,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;YAAS,CAAC;QACP,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB;IAK9B,IAAI,eAAiD,CAAC;IACtD,IAAI,cAAoC,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACpE,eAAe,GAAG,OAAO,CAAC;QAC1B,cAAc,GAAG,MAAM,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1C,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACzB,OAAO;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QACjD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;YAClD,OAAO;QACX,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE5C,oEAAoE;QACpE,mEAAmE;QACnE,kDAAkD;QAClD,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;YAC7B,cAAc,EAAE,0BAA0B;YAC1C,UAAU,EAAE,OAAO;SACtB,CAAC,CAAC;QACH,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEvB,IAAI,KAAK,EAAE,CAAC;YACR,cAAc,CAAC,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5D,OAAO;QACX,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,cAAc,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;YAC9D,OAAO;QACX,CAAC;QACD,eAAe,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,uEAAuE;IACvE,kEAAkE;IAClE,iDAAiD;IACjD,MAAM,CAAC,gBAAgB,GAAG,CAAC,CAAC;IAE5B,mEAAmE;IACnE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAiB,CAAC;IAChD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC;AAC3D,CAAC;AAED,SAAS,WAAW,CAAC,MAAmB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,4DAA4D;QAC5D,gEAAgE;QAChE,MAAM,SAAS,GAAG,MAGjB,CAAC;QACF,IAAI,CAAC;YACD,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACnC,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACL,uBAAuB;QAC3B,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,KAAa;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,KAAK,GAAG,gBAAgB,CAAC;IAE7B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,gBAAgB,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAyB,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAExE,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,IAAI,CAAC,QAAQ,CAAC,WAAW,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;gBAClD,MAAM,IAAI,KAAK,CACX,2DAA2D,CAC9D,CAAC;YACN,CAAC;YACD,OAAO;gBACH,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,YAAY,EAAE,QAAQ,CAAC,YAAY;gBACnC,SAAS,EAAE,QAAQ,CAAC,SAAS;aAChC,CAAC;QACN,CAAC;QAED,IACI,QAAQ,CAAC,MAAM,KAAK,SAAS;YAC7B,QAAQ,CAAC,MAAM,KAAK,QAAQ;YAC5B,QAAQ,CAAC,MAAM,KAAK,UAAU;YAC9B,QAAQ,CAAC,MAAM,KAAK,WAAW,EACjC,CAAC;YACC,MAAM,IAAI,KAAK,CACX,iBAAiB,QAAQ,CAAC,MAAM,oCAAoC,CACvE,CAAC;QACN,CAAC;QAED,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC;QACnB,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,iBAAiB,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACrB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,SAAS,OAAO,CACZ,EAAU,EACV,OAAe;IAEf,IAAI,KAAiC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;QACzC,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,OAAO;QACH,OAAO;QACP,MAAM,EAAE,GAAG,EAAE;YACT,IAAI,KAAK;gBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;KACJ,CAAC;AACN,CAAC"}

package/dist/services/centralized-config.service.d.ts

@@ -0,0 +1,24 @@
+import type { CentralizedConfigActionResponse, CentralizedConfigStatus, ConfigRepository } from '../types/config.js';
+type InitOptions = {
+    repository?: string;
+    syncOption: 'pr' | 'manual';
+};
+declare class CentralizedConfigService {
+    getStatus(): Promise<CentralizedConfigStatus>;
+    init(options: InitOptions): Promise<CentralizedConfigActionResponse & {
+        repository: ConfigRepository;
+    }>;
+    sync(): Promise<CentralizedConfigActionResponse>;
+    disable(): Promise<CentralizedConfigActionResponse>;
+    download(outPath: string): Promise<{
+        outputPath: string;
+        bytes: number;
+    }>;
+    private resolveRepositoryForInit;
+    private resolveCurrentRepositoryReference;
+    private toRepositoryFullName;
+    private requireTeamKey;
+}
+export declare const centralizedConfigService: CentralizedConfigService;
+export {};
+//# sourceMappingURL=centralized-config.service.d.ts.map