@myclaude-cli/cli 0.3.0-alpha

package/dist/commands/uninstall.d.ts

@@ -0,0 +1,14 @@
+import { Command } from '@oclif/core';
+export default class Uninstall extends Command {
+    static args: {
+        slug: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        yes: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+    private confirm;
+}

package/dist/commands/uninstall.js

@@ -0,0 +1,98 @@
+import { Args, Command, Flags } from '@oclif/core';
+import { createInterface } from 'node:readline';
+import { existsSync, rmSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { homedir } from 'node:os';
+import { isInstalled, removeEntry } from '../core/lockfile.js';
+import { EXIT, color, icon } from '../ui/index.js';
+/** Verify uninstall path is within expected roots before rmSync */
+function isSafePath(location) {
+    const resolved = resolve(location);
+    const cwd = resolve('.');
+    const home = homedir();
+    const safePrefixes = [
+        resolve(cwd, '.claude'),
+        resolve(cwd, 'myclaude-products'),
+        resolve(home, '.claude'),
+        resolve(home, 'myclaude-products'),
+    ];
+    return safePrefixes.some((prefix) => resolved.startsWith(prefix));
+}
+export default class Uninstall extends Command {
+    static args = {
+        slug: Args.string({ description: 'Product slug to uninstall', required: true }),
+    };
+    static description = 'Remove an installed product';
+    static examples = [
+        '<%= config.bin %> uninstall auth-guard-skill',
+    ];
+    static flags = {
+        json: Flags.boolean({ description: 'Output as JSON' }),
+        yes: Flags.boolean({ char: 'y', default: false, description: 'Skip confirmation' }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(Uninstall);
+        const entry = isInstalled(args.slug);
+        if (!entry) {
+            if (flags.json) {
+                this.log(JSON.stringify({ error: 'Not installed', uninstalled: false }));
+            }
+            else {
+                this.log(`  ${icon.info} ${args.slug} is not installed`);
+            }
+            return;
+        }
+        if (!flags.yes && !flags.json) {
+            const confirmed = await this.confirm(`Remove ${args.slug} from ${entry.location}?`);
+            if (!confirmed) {
+                this.log('Aborted.');
+                return;
+            }
+        }
+        // Security: validate path before deletion
+        if (!isSafePath(entry.location)) {
+            const msg = `Refusing to delete unsafe path: ${entry.location}`;
+            if (flags.json) {
+                this.log(JSON.stringify({ error: msg, uninstalled: false }));
+                this.exit(EXIT.ERROR);
+            }
+            else {
+                this.error(msg);
+            }
+            return;
+        }
+        try {
+            if (existsSync(entry.location)) {
+                rmSync(entry.location, { force: true, recursive: true });
+            }
+        }
+        catch (error) {
+            const msg = error.message;
+            if (flags.json) {
+                this.log(JSON.stringify({ error: `Failed to remove files: ${msg}`, uninstalled: false }));
+                this.exit(EXIT.ERROR);
+            }
+            else {
+                this.error(`Failed to remove files: ${msg}`);
+            }
+            return;
+        }
+        removeEntry(args.slug);
+        if (flags.json) {
+            this.log(JSON.stringify({ slug: args.slug, uninstalled: true }));
+        }
+        else {
+            this.log(`  ${icon.success} ${color.success(args.slug)} uninstalled`);
+        }
+    }
+    async confirm(question) {
+        const rl = createInterface({ input: process.stdin, output: process.stderr });
+        return new Promise((resolve) => {
+            rl.question(`  ${question} (y/N) `, (answer) => {
+                rl.close();
+                resolve(answer.trim().toLowerCase() === 'y');
+            });
+        });
+    }
+}
+//# sourceMappingURL=uninstall.js.map

package/dist/commands/uninstall.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uninstall.js","sourceRoot":"","sources":["../../src/commands/uninstall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AAChD,OAAO,EAAC,eAAe,EAAC,MAAM,eAAe,CAAA;AAC7C,OAAO,EAAC,UAAU,EAAE,MAAM,EAAC,MAAM,SAAS,CAAA;AAC1C,OAAO,EAAC,OAAO,EAAC,MAAM,WAAW,CAAA;AACjC,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAA;AAE/B,OAAO,EAAC,WAAW,EAAE,WAAW,EAAC,MAAM,qBAAqB,CAAA;AAC5D,OAAO,EAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,gBAAgB,CAAA;AAEhD,mEAAmE;AACnE,SAAS,UAAU,CAAC,QAAgB;IAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IAClC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAA;IACtB,MAAM,YAAY,GAAG;QACnB,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC;QACvB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC;QACjC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC;QACxB,OAAO,CAAC,IAAI,EAAE,mBAAmB,CAAC;KACnC,CAAA;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;AACnE,CAAC;AAED,MAAM,CAAC,OAAO,OAAO,SAAU,SAAQ,OAAO;IAC5C,MAAM,CAAU,IAAI,GAAG;QACrB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EAAC,WAAW,EAAE,2BAA2B,EAAE,QAAQ,EAAE,IAAI,EAAC,CAAC;KAC9E,CAAA;IAED,MAAM,CAAU,WAAW,GAAG,6BAA6B,CAAA;IAE3D,MAAM,CAAU,QAAQ,GAAG;QACzB,8CAA8C;KAC/C,CAAA;IAED,MAAM,CAAU,KAAK,GAAG;QACtB,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,EAAC,WAAW,EAAE,gBAAgB,EAAC,CAAC;QACpD,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,EAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,mBAAmB,EAAC,CAAC;KAClF,CAAA;IAED,KAAK,CAAC,GAAG;QACP,MAAM,EAAC,IAAI,EAAE,KAAK,EAAC,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAEjD,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;YACxE,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,mBAAmB,CAAC,CAAA;YAC1D,CAAC;YAED,OAAM;QACR,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,IAAI,SAAS,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAA;YACnF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACpB,OAAM;YACR,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,mCAAmC,KAAK,CAAC,QAAQ,EAAE,CAAA;YAC/D,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;gBAC1D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACjB,CAAC;YAED,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAC,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAI,KAAe,CAAC,OAAO,CAAA;YACpC,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,KAAK,EAAE,2BAA2B,GAAG,EAAE,EAAE,WAAW,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;gBACvF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAA;YAC9C,CAAC;YAED,OAAM;QACR,CAAC;QAED,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAEtB,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAC,CAAC,CAAC,CAAA;QAChE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,QAAgB;QACpC,MAAM,EAAE,GAAG,eAAe,CAAC,EAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAC,CAAC,CAAA;QAC1E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,EAAE,CAAC,QAAQ,CAAC,KAAK,QAAQ,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC7C,EAAE,CAAC,KAAK,EAAE,CAAA;gBACV,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,CAAA;YAC9C,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC"}

package/dist/commands/validate.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class Validate extends Command {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/validate.js

@@ -0,0 +1,144 @@
+import { readFileSync, statSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { Command, Flags } from '@oclif/core';
+import { readManifest } from '../core/manifest.js';
+import { collectFiles, formatBytes } from '../core/packer.js';
+import { isEnvFile, scanForSecrets } from '../core/secret-scan.js';
+import { EXIT, color, icon } from '../ui/index.js';
+export default class Validate extends Command {
+    static description = 'Validate a product before publishing';
+    static examples = [
+        '<%= config.bin %> validate',
+        '<%= config.bin %> validate --json',
+    ];
+    static flags = {
+        json: Flags.boolean({ description: 'Output as JSON' }),
+    };
+    async run() {
+        const { flags } = await this.parse(Validate);
+        const results = [];
+        let hasBlocker = false;
+        // 1. Parse vault.yaml
+        const { manifest, issues: manifestIssues } = readManifest();
+        if (!manifest) {
+            for (const issue of manifestIssues) {
+                results.push({ check: issue.field, message: issue.message, pass: false });
+            }
+            hasBlocker = true;
+        }
+        else {
+            results.push({ check: 'vault.yaml', message: 'valid', pass: true });
+            // Add non-blocker warnings from manifest
+            for (const issue of manifestIssues) {
+                results.push({ check: issue.field, message: issue.message, pass: !issue.blocker });
+                if (issue.blocker)
+                    hasBlocker = true;
+            }
+            // 2. Collect files
+            const { files, issues: packIssues } = collectFiles(process.cwd());
+            for (const issue of packIssues) {
+                results.push({ check: 'file size', message: `${issue.file}: ${issue.message}`, pass: false });
+                if (issue.blocker)
+                    hasBlocker = true;
+            }
+            // Check for .env files in file list
+            const envFiles = files.filter(f => isEnvFile(f));
+            if (envFiles.length > 0) {
+                results.push({ check: '.env files', message: `Found ${envFiles.length} .env file(s) — excluded by default`, pass: true });
+            }
+            // Total size
+            let totalSize = 0;
+            for (const f of files) {
+                try {
+                    totalSize += statSync(f).size;
+                }
+                catch { /* skip */ }
+            }
+            results.push({ check: 'files', message: `${files.length} files (${formatBytes(totalSize)})`, pass: true });
+            // 3. Secret scan
+            const findings = scanForSecrets(files, process.cwd());
+            if (findings.length > 0) {
+                hasBlocker = true;
+                for (const f of findings) {
+                    results.push({
+                        check: 'secret scan',
+                        message: `${f.pattern} in ${f.file}:${f.line}`,
+                        pass: false,
+                    });
+                }
+            }
+            else {
+                results.push({ check: 'secret scan', message: 'no secrets detected', pass: true });
+            }
+            // 4. License
+            const KNOWN_SPDX = [
+                'MIT', 'Apache-2.0', 'GPL-3.0', 'GPL-2.0', 'BSD-3-Clause', 'BSD-2-Clause',
+                'ISC', 'CC-BY-4.0', 'CC-BY-SA-4.0', 'CC0-1.0', 'MPL-2.0', 'LGPL-3.0',
+                'AGPL-3.0', 'Unlicense', 'Proprietary', 'Custom',
+            ];
+            if (KNOWN_SPDX.includes(manifest.license)) {
+                results.push({ check: 'license', message: `${manifest.license} (valid)`, pass: true });
+            }
+            else {
+                results.push({ check: 'license', message: `${manifest.license} (unknown SPDX identifier)`, pass: true }); // warning, not blocker
+            }
+            // 5. Entry file type-specific checks
+            if (['skill', 'agent', 'squad'].includes(manifest.type)) {
+                const entryContent = await readEntryFile(manifest.entry);
+                if (entryContent && !entryContent.includes('---')) {
+                    results.push({ check: 'frontmatter', message: `${manifest.entry} missing YAML frontmatter (---)`, pass: false });
+                    hasBlocker = true;
+                }
+                else if (entryContent) {
+                    results.push({ check: 'frontmatter', message: `${manifest.entry} has valid frontmatter`, pass: true });
+                }
+            }
+        }
+        // Output
+        if (flags.json) {
+            this.log(JSON.stringify({
+                checks: results,
+                manifest: manifest ? {
+                    category: manifest.category,
+                    description: manifest.description,
+                    license: manifest.license,
+                    name: manifest.name,
+                    price: manifest.price,
+                    tags: manifest.tags,
+                    type: manifest.type,
+                    version: manifest.version,
+                } : null,
+                valid: !hasBlocker,
+            }));
+        }
+        else {
+            const title = manifest?.name ?? 'unknown';
+            this.log(`\n  Validating ${color.bold(title)}...\n`);
+            for (const r of results) {
+                const mark = r.pass ? icon.success : icon.error;
+                const msg = r.pass ? color.muted(r.message) : color.error(r.message);
+                this.log(`    ${mark} ${color.muted(r.check + ':')}  ${msg}`);
+            }
+            this.log('');
+            if (hasBlocker) {
+                this.log(`  ${icon.error} ${color.error('Validation failed. Fix blockers above.')}`);
+                this.exit(EXIT.VALIDATION);
+            }
+            else {
+                this.log(`  ${icon.success} ${color.success('All checks passed.')} Run: ${color.bold('myclaude publish')}`);
+            }
+        }
+        if (hasBlocker) {
+            this.exit(EXIT.VALIDATION);
+        }
+    }
+}
+function readEntryFile(entry) {
+    try {
+        return readFileSync(resolve(process.cwd(), entry), 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=validate.js.map

package/dist/commands/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/commands/validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAE,QAAQ,EAAC,MAAM,SAAS,CAAA;AAC9C,OAAO,EAAC,OAAO,EAAC,MAAM,WAAW,CAAA;AAEjC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AAE1C,OAAO,EAAC,YAAY,EAAC,MAAM,qBAAqB,CAAA;AAChD,OAAO,EAAC,YAAY,EAAE,WAAW,EAAC,MAAM,mBAAmB,CAAA;AAC3D,OAAO,EAAC,SAAS,EAAE,cAAc,EAAC,MAAM,wBAAwB,CAAA;AAChE,OAAO,EAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,gBAAgB,CAAA;AAEhD,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,OAAO;IAC3C,MAAM,CAAU,WAAW,GAAG,sCAAsC,CAAA;IAEpE,MAAM,CAAU,QAAQ,GAAG;QACzB,4BAA4B;QAC5B,mCAAmC;KACpC,CAAA;IAED,MAAM,CAAU,KAAK,GAAG;QACtB,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,EAAC,WAAW,EAAE,gBAAgB,EAAC,CAAC;KACrD,CAAA;IAED,KAAK,CAAC,GAAG;QACP,MAAM,EAAC,KAAK,EAAC,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAE1C,MAAM,OAAO,GAA2D,EAAE,CAAA;QAC1E,IAAI,UAAU,GAAG,KAAK,CAAA;QAEtB,sBAAsB;QACtB,MAAM,EAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAC,GAAG,YAAY,EAAE,CAAA;QAEzD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;gBACnC,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC,CAAA;YACzE,CAAC;YAED,UAAU,GAAG,IAAI,CAAA;QACnB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;YAEjE,yCAAyC;YACzC,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;gBACnC,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAC,CAAC,CAAA;gBAChF,IAAI,KAAK,CAAC,OAAO;oBAAE,UAAU,GAAG,IAAI,CAAA;YACtC,CAAC;YAED,mBAAmB;YACnB,MAAM,EAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAC,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;YAE/D,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC,CAAA;gBAC3F,IAAI,KAAK,CAAC,OAAO;oBAAE,UAAU,GAAG,IAAI,CAAA;YACtC,CAAC;YAED,oCAAoC;YACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;YAChD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,QAAQ,CAAC,MAAM,qCAAqC,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;YACzH,CAAC;YAED,aAAa;YACb,IAAI,SAAS,GAAG,CAAC,CAAA;YACjB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC;oBACH,SAAS,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;gBAC/B,CAAC;gBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YACxB,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,MAAM,WAAW,WAAW,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;YAExG,iBAAiB;YACjB,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;YACrD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,GAAG,IAAI,CAAA;gBACjB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,OAAO,CAAC,IAAI,CAAC;wBACX,KAAK,EAAE,aAAa;wBACpB,OAAO,EAAE,GAAG,CAAC,CAAC,OAAO,OAAO,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE;wBAC9C,IAAI,EAAE,KAAK;qBACZ,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;YAClF,CAAC;YAED,aAAa;YACb,MAAM,UAAU,GAAG;gBACjB,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc;gBACzE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU;gBACpE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ;aACjD,CAAA;YAED,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC,OAAO,UAAU,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;YACtF,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC,OAAO,4BAA4B,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA,CAAC,uBAAuB;YAChI,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxD,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;gBACxD,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAClD,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC,KAAK,iCAAiC,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC,CAAA;oBAC9G,UAAU,GAAG,IAAI,CAAA;gBACnB,CAAC;qBAAM,IAAI,YAAY,EAAE,CAAC;oBACxB,OAAO,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC,KAAK,wBAAwB,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAA;gBACtG,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS;QACT,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACtB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;iBAC1B,CAAC,CAAC,CAAC,IAAI;gBACR,KAAK,EAAE,CAAC,UAAU;aACnB,CAAC,CAAC,CAAA;QACL,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,QAAQ,EAAE,IAAI,IAAI,SAAS,CAAA;YACzC,IAAI,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;YAEpD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAA;gBAC/C,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;gBACpE,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAA;YAC/D,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACZ,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,wCAAwC,CAAC,EAAE,CAAC,CAAA;gBACpF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAC5B,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;YAC7G,CAAC;QACH,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;;AAGH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,EAAE,OAAO,CAAC,CAAA;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class Whoami extends Command {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/whoami.js

@@ -0,0 +1,52 @@
+import { Command, Flags } from '@oclif/core';
+import { getValidToken } from '../core/auth.js';
+import { readConfig } from '../utils/config.js';
+import { action, color, icon } from '../ui/index.js';
+export default class Whoami extends Command {
+    static description = 'Show current authenticated user';
+    static examples = [
+        '<%= config.bin %> whoami',
+        '<%= config.bin %> whoami --json',
+    ];
+    static flags = {
+        json: Flags.boolean({ description: 'Output as JSON' }),
+    };
+    async run() {
+        const { flags } = await this.parse(Whoami);
+        const config = readConfig();
+        if (!config) {
+            if (flags.json) {
+                this.log(JSON.stringify({ loggedIn: false }));
+            }
+            else {
+                this.log(`  ${icon.warning} not logged in`);
+                this.log(action('myclaude login'));
+            }
+            return;
+        }
+        const token = await getValidToken(config.email);
+        if (!token) {
+            if (flags.json) {
+                this.log(JSON.stringify({ expired: true, loggedIn: false }));
+            }
+            else {
+                this.log(`  ${icon.warning} session expired`);
+                this.log(action('myclaude login'));
+            }
+            return;
+        }
+        if (flags.json) {
+            this.log(JSON.stringify({
+                displayName: config.displayName,
+                email: config.email,
+                loggedIn: true,
+                uid: config.uid,
+                username: config.username,
+            }));
+        }
+        else {
+            this.log(`  ${color.primary('@' + config.username)} ${color.muted(`(${config.email})`)}`);
+        }
+    }
+}
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,OAAO,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AAE1C,OAAO,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAA;AAC7C,OAAO,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,gBAAgB,CAAA;AAElD,MAAM,CAAC,OAAO,OAAO,MAAO,SAAQ,OAAO;IACzC,MAAM,CAAU,WAAW,GAAG,iCAAiC,CAAA;IAE/D,MAAM,CAAU,QAAQ,GAAG;QACzB,0BAA0B;QAC1B,iCAAiC;KAClC,CAAA;IAED,MAAM,CAAU,KAAK,GAAG;QACtB,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,EAAC,WAAW,EAAE,gBAAgB,EAAC,CAAC;KACrD,CAAA;IAED,KAAK,CAAC,GAAG;QACP,MAAM,EAAC,KAAK,EAAC,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAExC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,QAAQ,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;YAC7C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAA;gBAC3C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;YACpC,CAAC;YAED,OAAM;QACR,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;YAC5D,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,kBAAkB,CAAC,CAAA;gBAC7C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;YACpC,CAAC;YAED,OAAM;QACR,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACtB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,QAAQ,EAAE,IAAI;gBACd,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAAC,CAAC,CAAA;QACL,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC,CAAA;QAC3F,CAAC;IACH,CAAC"}

package/dist/constants.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Production constants for MyClaude CLI.
+ *
+ * The CLI talks ONLY to myclaude.sh — no Firebase API keys,
+ * no Google endpoints. All auth is proxied through the backend.
+ */
+export declare const MYCLAUDE_API_URL: string;
+/** CLI version — injected from package.json at build time */
+export declare const CLI_VERSION = "0.3.0-alpha";

package/dist/constants.js

@@ -0,0 +1,10 @@
+/**
+ * Production constants for MyClaude CLI.
+ *
+ * The CLI talks ONLY to myclaude.sh — no Firebase API keys,
+ * no Google endpoints. All auth is proxied through the backend.
+ */
+export const MYCLAUDE_API_URL = process.env.NEXT_PUBLIC_APP_URL || 'https://myclaude.sh';
+/** CLI version — injected from package.json at build time */
+export const CLI_VERSION = '0.3.0-alpha';
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,qBAAqB,CAAA;AAExF,6DAA6D;AAC7D,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAA"}

package/dist/core/api.d.ts

@@ -0,0 +1,18 @@
+/**
+ * HTTP client for myClaude API routes.
+ * Auto-attaches auth token when available.
+ * Uses native fetch (Node.js >= 20) with timeout and safe error handling.
+ */
+declare const DEFAULT_TIMEOUT_MS = 15000;
+declare const MAX_TIMEOUT_MS = 60000;
+export declare function getBaseUrl(): string;
+export declare function apiGet(path: string, params?: Record<string, string>, options?: {
+    auth?: boolean;
+    timeout?: number;
+}): Promise<Response>;
+export declare function apiPost(path: string, body?: Record<string, unknown>, options?: {
+    auth?: boolean;
+    timeout?: number;
+}): Promise<Response>;
+export declare function requireAuth(): Promise<string>;
+export { DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS };

package/dist/core/api.js

@@ -0,0 +1,135 @@
+import { MYCLAUDE_API_URL } from '../constants.js';
+import { readConfig } from '../utils/config.js';
+import { getValidToken } from './auth.js';
+/**
+ * HTTP client for myClaude API routes.
+ * Auto-attaches auth token when available.
+ * Uses native fetch (Node.js >= 20) with timeout and safe error handling.
+ */
+const DEFAULT_TIMEOUT_MS = 15_000; // 15 seconds
+const MAX_TIMEOUT_MS = 60_000; // 60 seconds for downloads
+let httpsWarningShown = false;
+export function getBaseUrl() {
+    const url = MYCLAUDE_API_URL;
+    if (!httpsWarningShown && !url.startsWith('https://') && !url.includes('localhost') && !url.includes('127.0.0.1')) {
+        httpsWarningShown = true;
+        process.stderr.write(`\x1b[33mWarning: API URL is not HTTPS: ${url}. Auth tokens may be exposed.\x1b[0m\n`);
+    }
+    return url;
+}
+/** Build a safe URL — validates base URL to prevent SSRF */
+function buildUrl(path, params) {
+    const base = getBaseUrl();
+    const url = new URL(path, base);
+    // Ensure we're not being redirected to an unexpected host
+    const baseHost = new URL(base).host;
+    if (url.host !== baseHost) {
+        throw new Error('API URL host mismatch — possible redirect attack');
+    }
+    if (params) {
+        for (const [key, value] of Object.entries(params)) {
+            if (value !== undefined && value !== '') {
+                url.searchParams.set(key, value);
+            }
+        }
+    }
+    return url;
+}
+export async function apiGet(path, params, options) {
+    const url = buildUrl(path, params);
+    const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeout);
+    const headers = {
+        'Accept': 'application/json',
+        'X-Source': 'cli',
+    };
+    if (options?.auth !== false) {
+        const token = await getAuthToken();
+        if (token)
+            headers['Authorization'] = `Bearer ${token}`;
+    }
+    try {
+        const res = await fetch(url.toString(), {
+            headers,
+            signal: controller.signal,
+        });
+        return res;
+    }
+    catch (error) {
+        if (error.name === 'AbortError') {
+            throw new Error(`Request timed out after ${timeout / 1000}s — check your connection`);
+        }
+        throw wrapNetworkError(error);
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export async function apiPost(path, body, options) {
+    const url = buildUrl(path);
+    const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeout);
+    const headers = {
+        'Accept': 'application/json',
+        'Content-Type': 'application/json',
+        'X-Source': 'cli',
+    };
+    if (options?.auth !== false) {
+        const token = await getAuthToken();
+        if (token) {
+            headers['Authorization'] = `Bearer ${token}`;
+        }
+        else if (options?.auth === true) {
+            throw new Error('Authentication required. Run: myclaude login');
+        }
+    }
+    try {
+        const res = await fetch(url.toString(), {
+            body: body ? JSON.stringify(body) : undefined,
+            headers,
+            method: 'POST',
+            signal: controller.signal,
+        });
+        return res;
+    }
+    catch (error) {
+        if (error.name === 'AbortError') {
+            throw new Error(`Request timed out after ${timeout / 1000}s — check your connection`);
+        }
+        throw wrapNetworkError(error);
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+/** Convert raw network errors into human-readable messages */
+function wrapNetworkError(error) {
+    const msg = error.message || '';
+    if (msg.includes('ECONNREFUSED')) {
+        return new Error('Cannot reach myClaude API — is the server running?');
+    }
+    if (msg.includes('ENOTFOUND') || msg.includes('getaddrinfo')) {
+        return new Error('DNS resolution failed — check your internet connection');
+    }
+    if (msg.includes('CERT') || msg.includes('SSL')) {
+        return new Error('SSL/TLS error — certificate verification failed');
+    }
+    return new Error(`Network error: ${msg}`);
+}
+async function getAuthToken() {
+    const config = readConfig();
+    if (!config?.email)
+        return null;
+    return getValidToken(config.email);
+}
+export async function requireAuth() {
+    const token = await getAuthToken();
+    if (!token) {
+        throw new Error('Authentication required. Run: myclaude login');
+    }
+    return token;
+}
+export { DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS };
+//# sourceMappingURL=api.js.map

package/dist/core/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/core/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAC,aAAa,EAAC,MAAM,WAAW,CAAA;AAEvC;;;;GAIG;AAEH,MAAM,kBAAkB,GAAG,MAAM,CAAA,CAAC,aAAa;AAC/C,MAAM,cAAc,GAAG,MAAM,CAAA,CAAK,2BAA2B;AAE7D,IAAI,iBAAiB,GAAG,KAAK,CAAA;AAE7B,MAAM,UAAU,UAAU;IACxB,MAAM,GAAG,GAAG,gBAAgB,CAAA;IAC5B,IAAI,CAAC,iBAAiB,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClH,iBAAiB,GAAG,IAAI,CAAA;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0CAA0C,GAAG,wCAAwC,CACtF,CAAA;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,4DAA4D;AAC5D,SAAS,QAAQ,CAAC,IAAY,EAAE,MAA+B;IAC7D,MAAM,IAAI,GAAG,UAAU,EAAE,CAAA;IACzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IAE/B,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAA;IACnC,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACrE,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;gBACxC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,IAAY,EACZ,MAA+B,EAC/B,OAA4C;IAE5C,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAClC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,kBAAkB,CAAA;IACtD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAA;IACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAA;IAE3D,MAAM,OAAO,GAA2B;QACtC,QAAQ,EAAE,kBAAkB;QAC5B,UAAU,EAAE,KAAK;KAClB,CAAA;IAED,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAA;QAClC,IAAI,KAAK;YAAE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAA;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,OAAO;YACP,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAA;QACF,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAAe,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,2BAA2B,OAAO,GAAG,IAAI,2BAA2B,CAAC,CAAA;QACvF,CAAC;QACD,MAAM,gBAAgB,CAAC,KAAc,CAAC,CAAA;IACxC,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,IAAY,EACZ,IAA8B,EAC9B,OAA4C;IAE5C,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC1B,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,kBAAkB,CAAA;IACtD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAA;IACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAA;IAE3D,MAAM,OAAO,GAA2B;QACtC,QAAQ,EAAE,kBAAkB;QAC5B,cAAc,EAAE,kBAAkB;QAClC,UAAU,EAAE,KAAK;KAClB,CAAA;IAED,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAA;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAA;QAC9C,CAAC;aAAM,IAAI,OAAO,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;QACjE,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YAC7C,OAAO;YACP,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAA;QACF,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAAe,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,2BAA2B,OAAO,GAAG,IAAI,2BAA2B,CAAC,CAAA;QACvF,CAAC;QACD,MAAM,gBAAgB,CAAC,KAAc,CAAC,CAAA;IACxC,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;AACH,CAAC;AAED,8DAA8D;AAC9D,SAAS,gBAAgB,CAAC,KAAY;IACpC,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,IAAI,EAAE,CAAA;IAC/B,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAA;IACxE,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7D,OAAO,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAChD,OAAO,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;IACrE,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,kBAAkB,GAAG,EAAE,CAAC,CAAA;AAC3C,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,IAAI,CAAC,MAAM,EAAE,KAAK;QAAE,OAAO,IAAI,CAAA;IAC/B,OAAO,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;IACjE,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,CAAA"}

package/dist/core/auth.d.ts

@@ -0,0 +1,30 @@
+/**
+ * CLI authentication via myClaude backend.
+ *
+ * Token refresh goes through myclaude.sh/api/cli/auth/refresh
+ * so the Firebase API key NEVER leaves the server.
+ *
+ * The idToken is NEVER stored on disk (DC20) — only the
+ * refreshToken is persisted in the keychain/credentials file.
+ */
+export interface AuthResult {
+    idToken: string;
+    refreshToken: string;
+    uid: string;
+    email: string;
+}
+export interface TokenRefreshResult {
+    idToken: string;
+    refreshToken: string;
+}
+export declare function refreshToken(refreshTkn: string): Promise<TokenRefreshResult>;
+/**
+ * Get a valid idToken for API calls.
+ * Uses in-memory cache first, then refreshes from keychain.
+ * Returns null if not logged in.
+ */
+export declare function getValidToken(email: string): Promise<string | null>;
+export declare function logout(): Promise<void>;
+export declare class AuthError extends Error {
+    constructor(message: string);
+}

package/dist/core/auth.js

@@ -0,0 +1,71 @@
+import { deleteToken, getToken, storeToken } from '../utils/keychain.js';
+import { getBaseUrl } from './api.js';
+// FIX H1: In-memory token cache to avoid multiple refreshes per process
+let cachedIdToken = null;
+let cachedTokenExpiry = 0;
+export async function refreshToken(refreshTkn) {
+    const baseUrl = getBaseUrl();
+    let response;
+    try {
+        response = await fetch(`${baseUrl}/api/cli/auth/refresh`, {
+            body: JSON.stringify({ refreshToken: refreshTkn }),
+            headers: {
+                'Content-Type': 'application/json',
+                'X-Source': 'cli',
+            },
+            method: 'POST',
+        });
+    }
+    catch {
+        // FIX M3: distinguish network errors from auth errors
+        throw new AuthError('Cannot reach myClaude servers. Check your internet connection.');
+    }
+    if (!response.ok) {
+        throw new AuthError('Session expired. Run: myclaude login');
+    }
+    const data = await response.json();
+    return {
+        idToken: data.idToken,
+        refreshToken: data.refreshToken,
+    };
+}
+/**
+ * Get a valid idToken for API calls.
+ * Uses in-memory cache first, then refreshes from keychain.
+ * Returns null if not logged in.
+ */
+export async function getValidToken(email) {
+    // FIX H1: return cached token if still valid
+    if (cachedIdToken && Date.now() < cachedTokenExpiry) {
+        return cachedIdToken;
+    }
+    const stored = await getToken(email);
+    if (!stored)
+        return null;
+    try {
+        const result = await refreshToken(stored);
+        // Update the stored refresh token (rotation)
+        await storeToken(email, result.refreshToken);
+        // Cache the new token
+        cachedIdToken = result.idToken;
+        cachedTokenExpiry = Date.now() + 55 * 60 * 1000;
+        return result.idToken;
+    }
+    catch {
+        cachedIdToken = null;
+        cachedTokenExpiry = 0;
+        return null;
+    }
+}
+export async function logout() {
+    cachedIdToken = null;
+    cachedTokenExpiry = 0;
+    await deleteToken();
+}
+export class AuthError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'AuthError';
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/core/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAC,MAAM,sBAAsB,CAAA;AACtE,OAAO,EAAC,UAAU,EAAC,MAAM,UAAU,CAAA;AAwBnC,wEAAwE;AACxE,IAAI,aAAa,GAAkB,IAAI,CAAA;AACvC,IAAI,iBAAiB,GAAG,CAAC,CAAA;AAEzB,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkB;IACnD,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;IAE5B,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,uBAAuB,EAAE;YACxD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAC,YAAY,EAAE,UAAU,EAAC,CAAC;YAChD,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,UAAU,EAAE,KAAK;aAClB;YACD,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,sDAAsD;QACtD,MAAM,IAAI,SAAS,CACjB,gEAAgE,CACjE,CAAA;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA4B,CAAA;IAC5D,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,IAAI,CAAC,YAAY;KAChC,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAa;IAC/C,6CAA6C;IAC7C,IAAI,aAAa,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,EAAE,CAAC;QACpD,OAAO,aAAa,CAAA;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAA;IACpC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAA;IAExB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;QACzC,6CAA6C;QAC7C,MAAM,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QAC5C,sBAAsB;QACtB,aAAa,GAAG,MAAM,CAAC,OAAO,CAAA;QAC9B,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QAC/C,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,IAAI,CAAA;QACpB,iBAAiB,GAAG,CAAC,CAAA;QACrB,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,aAAa,GAAG,IAAI,CAAA;IACpB,iBAAiB,GAAG,CAAC,CAAA;IACrB,MAAM,WAAW,EAAE,CAAA;AACrB,CAAC;AAED,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,WAAW,CAAA;IACzB,CAAC;CACF"}