npm - @namzu/cli - Versions diffs - 0.0.2 → 0.1.0 - Mend

@namzu/cli 0.0.2 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (365) hide show

package/LICENSE.md +110 -0
package/dist/bin.js +4 -32
package/dist/bin.js.map +1 -1
package/dist/cli.d.ts +14 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +124 -0
package/dist/cli.js.map +1 -0
package/dist/cli.test.d.ts +2 -0
package/dist/cli.test.d.ts.map +1 -0
package/dist/cli.test.js +94 -0
package/dist/cli.test.js.map +1 -0
package/dist/commands/doctor.d.ts +6 -0
package/dist/commands/doctor.d.ts.map +1 -1
package/dist/commands/doctor.js +10 -0
package/dist/commands/doctor.js.map +1 -1
package/dist/commands/providers.d.ts +17 -0
package/dist/commands/providers.d.ts.map +1 -0
package/dist/commands/providers.js +274 -0
package/dist/commands/providers.js.map +1 -0
package/dist/commands/registry.d.ts +11 -0
package/dist/commands/registry.d.ts.map +1 -0
package/dist/commands/registry.js +28 -0
package/dist/commands/registry.js.map +1 -0
package/dist/commands/run.d.ts +14 -0
package/dist/commands/run.d.ts.map +1 -0
package/dist/commands/run.js +73 -0
package/dist/commands/run.js.map +1 -0
package/dist/commands/stubs.d.ts +12 -0
package/dist/commands/stubs.d.ts.map +1 -0
package/dist/commands/stubs.js +32 -0
package/dist/commands/stubs.js.map +1 -0
package/dist/commands/tools.d.ts +16 -0
package/dist/commands/tools.d.ts.map +1 -0
package/dist/commands/tools.js +161 -0
package/dist/commands/tools.js.map +1 -0
package/dist/commands/types.d.ts +25 -0
package/dist/commands/types.d.ts.map +1 -0
package/dist/commands/types.js +2 -0
package/dist/commands/types.js.map +1 -0
package/dist/config/load.d.ts +25 -0
package/dist/config/load.d.ts.map +1 -0
package/dist/config/load.js +92 -0
package/dist/config/load.js.map +1 -0
package/dist/config/load.test.d.ts +2 -0
package/dist/config/load.test.d.ts.map +1 -0
package/dist/config/load.test.js +57 -0
package/dist/config/load.test.js.map +1 -0
package/dist/config/schema.d.ts +29 -0
package/dist/config/schema.d.ts.map +1 -0
package/dist/config/schema.js +13 -0
package/dist/config/schema.js.map +1 -0
package/dist/doctor/registry.d.ts.map +1 -1
package/dist/doctor/registry.js +3 -1
package/dist/doctor/registry.js.map +1 -1
package/dist/doctor/registry.test.js +4 -1
package/dist/doctor/registry.test.js.map +1 -1
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +7 -0
package/dist/index.js.map +1 -1
package/dist/integrations/clawtool/agents.d.ts +31 -0
package/dist/integrations/clawtool/agents.d.ts.map +1 -0
package/dist/integrations/clawtool/agents.js +30 -0
package/dist/integrations/clawtool/agents.js.map +1 -0
package/dist/integrations/clawtool/agents.test.d.ts +2 -0
package/dist/integrations/clawtool/agents.test.d.ts.map +1 -0
package/dist/integrations/clawtool/agents.test.js +79 -0
package/dist/integrations/clawtool/agents.test.js.map +1 -0
package/dist/integrations/clawtool/auth.d.ts +26 -0
package/dist/integrations/clawtool/auth.d.ts.map +1 -0
package/dist/integrations/clawtool/auth.js +56 -0
package/dist/integrations/clawtool/auth.js.map +1 -0
package/dist/integrations/clawtool/auth.test.d.ts +2 -0
package/dist/integrations/clawtool/auth.test.d.ts.map +1 -0
package/dist/integrations/clawtool/auth.test.js +40 -0
package/dist/integrations/clawtool/auth.test.js.map +1 -0
package/dist/integrations/clawtool/binary.d.ts +25 -0
package/dist/integrations/clawtool/binary.d.ts.map +1 -0
package/dist/integrations/clawtool/binary.js +50 -0
package/dist/integrations/clawtool/binary.js.map +1 -0
package/dist/integrations/clawtool/binary.test.d.ts +2 -0
package/dist/integrations/clawtool/binary.test.d.ts.map +1 -0
package/dist/integrations/clawtool/binary.test.js +42 -0
package/dist/integrations/clawtool/binary.test.js.map +1 -0
package/dist/integrations/clawtool/daemon.d.ts +37 -0
package/dist/integrations/clawtool/daemon.d.ts.map +1 -0
package/dist/integrations/clawtool/daemon.js +109 -0
package/dist/integrations/clawtool/daemon.js.map +1 -0
package/dist/integrations/clawtool/daemon.test.d.ts +11 -0
package/dist/integrations/clawtool/daemon.test.d.ts.map +1 -0
package/dist/integrations/clawtool/daemon.test.js +118 -0
package/dist/integrations/clawtool/daemon.test.js.map +1 -0
package/dist/integrations/clawtool/dispatch.d.ts +33 -0
package/dist/integrations/clawtool/dispatch.d.ts.map +1 -0
package/dist/integrations/clawtool/dispatch.js +155 -0
package/dist/integrations/clawtool/dispatch.js.map +1 -0
package/dist/integrations/clawtool/dispatch.test.d.ts +2 -0
package/dist/integrations/clawtool/dispatch.test.d.ts.map +1 -0
package/dist/integrations/clawtool/dispatch.test.js +138 -0
package/dist/integrations/clawtool/dispatch.test.js.map +1 -0
package/dist/integrations/clawtool/index.d.ts +11 -0
package/dist/integrations/clawtool/index.d.ts.map +1 -0
package/dist/integrations/clawtool/index.js +10 -0
package/dist/integrations/clawtool/index.js.map +1 -0
package/dist/integrations/clawtool/mcp.d.ts +51 -0
package/dist/integrations/clawtool/mcp.d.ts.map +1 -0
package/dist/integrations/clawtool/mcp.js +156 -0
package/dist/integrations/clawtool/mcp.js.map +1 -0
package/dist/integrations/clawtool/mcp.test.d.ts +2 -0
package/dist/integrations/clawtool/mcp.test.d.ts.map +1 -0
package/dist/integrations/clawtool/mcp.test.js +126 -0
package/dist/integrations/clawtool/mcp.test.js.map +1 -0
package/dist/integrations/clawtool/paths.d.ts +8 -0
package/dist/integrations/clawtool/paths.d.ts.map +1 -0
package/dist/integrations/clawtool/paths.js +19 -0
package/dist/integrations/clawtool/paths.js.map +1 -0
package/dist/integrations/clawtool/peers.d.ts +67 -0
package/dist/integrations/clawtool/peers.d.ts.map +1 -0
package/dist/integrations/clawtool/peers.js +150 -0
package/dist/integrations/clawtool/peers.js.map +1 -0
package/dist/integrations/clawtool/plugin.d.ts +42 -0
package/dist/integrations/clawtool/plugin.d.ts.map +1 -0
package/dist/integrations/clawtool/plugin.js +38 -0
package/dist/integrations/clawtool/plugin.js.map +1 -0
package/dist/integrations/clawtool/state.d.ts +11 -0
package/dist/integrations/clawtool/state.d.ts.map +1 -0
package/dist/integrations/clawtool/state.js +41 -0
package/dist/integrations/clawtool/state.js.map +1 -0
package/dist/integrations/clawtool/state.test.d.ts +2 -0
package/dist/integrations/clawtool/state.test.d.ts.map +1 -0
package/dist/integrations/clawtool/state.test.js +38 -0
package/dist/integrations/clawtool/state.test.js.map +1 -0
package/dist/integrations/clawtool/tooling.d.ts +50 -0
package/dist/integrations/clawtool/tooling.d.ts.map +1 -0
package/dist/integrations/clawtool/tooling.js +89 -0
package/dist/integrations/clawtool/tooling.js.map +1 -0
package/dist/integrations/clawtool/tooling.test.d.ts +2 -0
package/dist/integrations/clawtool/tooling.test.d.ts.map +1 -0
package/dist/integrations/clawtool/tooling.test.js +58 -0
package/dist/integrations/clawtool/tooling.test.js.map +1 -0
package/dist/integrations/clawtool/types.d.ts +41 -0
package/dist/integrations/clawtool/types.d.ts.map +1 -0
package/dist/integrations/clawtool/types.js +9 -0
package/dist/integrations/clawtool/types.js.map +1 -0
package/dist/integrations/clipboard/image.d.ts +18 -0
package/dist/integrations/clipboard/image.d.ts.map +1 -0
package/dist/integrations/clipboard/image.js +88 -0
package/dist/integrations/clipboard/image.js.map +1 -0
package/dist/integrations/providers/discover.d.ts +68 -0
package/dist/integrations/providers/discover.d.ts.map +1 -0
package/dist/integrations/providers/discover.js +108 -0
package/dist/integrations/providers/discover.js.map +1 -0
package/dist/integrations/providers/discover.test.d.ts +2 -0
package/dist/integrations/providers/discover.test.d.ts.map +1 -0
package/dist/integrations/providers/discover.test.js +120 -0
package/dist/integrations/providers/discover.test.js.map +1 -0
package/dist/integrations/providers/index.d.ts +10 -0
package/dist/integrations/providers/index.d.ts.map +1 -0
package/dist/integrations/providers/index.js +12 -0
package/dist/integrations/providers/index.js.map +1 -0
package/dist/integrations/providers/keychain.d.ts +44 -0
package/dist/integrations/providers/keychain.d.ts.map +1 -0
package/dist/integrations/providers/keychain.js +154 -0
package/dist/integrations/providers/keychain.js.map +1 -0
package/dist/integrations/providers/keychain.test.d.ts +2 -0
package/dist/integrations/providers/keychain.test.d.ts.map +1 -0
package/dist/integrations/providers/keychain.test.js +21 -0
package/dist/integrations/providers/keychain.test.js.map +1 -0
package/dist/integrations/providers/mask.d.ts +7 -0
package/dist/integrations/providers/mask.d.ts.map +1 -0
package/dist/integrations/providers/mask.js +14 -0
package/dist/integrations/providers/mask.js.map +1 -0
package/dist/integrations/providers/mask.test.d.ts +2 -0
package/dist/integrations/providers/mask.test.d.ts.map +1 -0
package/dist/integrations/providers/mask.test.js +20 -0
package/dist/integrations/providers/mask.test.js.map +1 -0
package/dist/integrations/providers/oauth.d.ts +28 -0
package/dist/integrations/providers/oauth.d.ts.map +1 -0
package/dist/integrations/providers/oauth.js +65 -0
package/dist/integrations/providers/oauth.js.map +1 -0
package/dist/integrations/providers/oauth.test.d.ts +2 -0
package/dist/integrations/providers/oauth.test.d.ts.map +1 -0
package/dist/integrations/providers/oauth.test.js +86 -0
package/dist/integrations/providers/oauth.test.js.map +1 -0
package/dist/integrations/providers/preferences.d.ts +43 -0
package/dist/integrations/providers/preferences.d.ts.map +1 -0
package/dist/integrations/providers/preferences.js +111 -0
package/dist/integrations/providers/preferences.js.map +1 -0
package/dist/integrations/providers/preferences.test.d.ts +2 -0
package/dist/integrations/providers/preferences.test.d.ts.map +1 -0
package/dist/integrations/providers/preferences.test.js +68 -0
package/dist/integrations/providers/preferences.test.js.map +1 -0
package/dist/integrations/providers/registry.d.ts +31 -0
package/dist/integrations/providers/registry.d.ts.map +1 -0
package/dist/integrations/providers/registry.js +79 -0
package/dist/integrations/providers/registry.js.map +1 -0
package/dist/integrations/providers/schema.d.ts +73 -0
package/dist/integrations/providers/schema.d.ts.map +1 -0
package/dist/integrations/providers/schema.js +70 -0
package/dist/integrations/providers/schema.js.map +1 -0
package/dist/integrations/providers/schema.test.d.ts +2 -0
package/dist/integrations/providers/schema.test.d.ts.map +1 -0
package/dist/integrations/providers/schema.test.js +43 -0
package/dist/integrations/providers/schema.test.js.map +1 -0
package/dist/integrations/providers/secrets.d.ts +37 -0
package/dist/integrations/providers/secrets.d.ts.map +1 -0
package/dist/integrations/providers/secrets.js +69 -0
package/dist/integrations/providers/secrets.js.map +1 -0
package/dist/integrations/providers/store.d.ts +32 -0
package/dist/integrations/providers/store.d.ts.map +1 -0
package/dist/integrations/providers/store.js +133 -0
package/dist/integrations/providers/store.js.map +1 -0
package/dist/integrations/providers/store.test.d.ts +2 -0
package/dist/integrations/providers/store.test.d.ts.map +1 -0
package/dist/integrations/providers/store.test.js +127 -0
package/dist/integrations/providers/store.test.js.map +1 -0
package/dist/integrations/sessions/store.d.ts +40 -0
package/dist/integrations/sessions/store.d.ts.map +1 -0
package/dist/integrations/sessions/store.js +90 -0
package/dist/integrations/sessions/store.js.map +1 -0
package/dist/integrations/subagents/runtime.d.ts +37 -0
package/dist/integrations/subagents/runtime.d.ts.map +1 -0
package/dist/integrations/subagents/runtime.js +183 -0
package/dist/integrations/subagents/runtime.js.map +1 -0
package/dist/integrations/trust/store.d.ts +16 -0
package/dist/integrations/trust/store.d.ts.map +1 -0
package/dist/integrations/trust/store.js +59 -0
package/dist/integrations/trust/store.js.map +1 -0
package/dist/integrations/trust/store.test.d.ts +2 -0
package/dist/integrations/trust/store.test.d.ts.map +1 -0
package/dist/integrations/trust/store.test.js +50 -0
package/dist/integrations/trust/store.test.js.map +1 -0
package/dist/integrations/updates.d.ts +27 -0
package/dist/integrations/updates.d.ts.map +1 -0
package/dist/integrations/updates.js +99 -0
package/dist/integrations/updates.js.map +1 -0
package/dist/memory/store.d.ts +29 -0
package/dist/memory/store.d.ts.map +1 -0
package/dist/memory/store.js +74 -0
package/dist/memory/store.js.map +1 -0
package/dist/memory/store.test.d.ts +2 -0
package/dist/memory/store.test.d.ts.map +1 -0
package/dist/memory/store.test.js +63 -0
package/dist/memory/store.test.js.map +1 -0
package/dist/output/formatter.d.ts +30 -0
package/dist/output/formatter.d.ts.map +1 -0
package/dist/output/formatter.js +16 -0
package/dist/output/formatter.js.map +1 -0
package/dist/output/formatter.test.d.ts +2 -0
package/dist/output/formatter.test.d.ts.map +1 -0
package/dist/output/formatter.test.js +88 -0
package/dist/output/formatter.test.js.map +1 -0
package/dist/output/index.d.ts +5 -0
package/dist/output/index.d.ts.map +1 -0
package/dist/output/index.js +22 -0
package/dist/output/index.js.map +1 -0
package/dist/output/json.d.ts +13 -0
package/dist/output/json.d.ts.map +1 -0
package/dist/output/json.js +51 -0
package/dist/output/json.js.map +1 -0
package/dist/output/text.d.ts +13 -0
package/dist/output/text.d.ts.map +1 -0
package/dist/output/text.js +36 -0
package/dist/output/text.js.map +1 -0
package/dist/output/yaml.d.ts +13 -0
package/dist/output/yaml.d.ts.map +1 -0
package/dist/output/yaml.js +26 -0
package/dist/output/yaml.js.map +1 -0
package/dist/skills/store.d.ts +49 -0
package/dist/skills/store.d.ts.map +1 -0
package/dist/skills/store.js +109 -0
package/dist/skills/store.js.map +1 -0
package/dist/skills/store.test.d.ts +2 -0
package/dist/skills/store.test.d.ts.map +1 -0
package/dist/skills/store.test.js +80 -0
package/dist/skills/store.test.js.map +1 -0
package/dist/tui/App.d.ts +18 -0
package/dist/tui/App.d.ts.map +1 -0
package/dist/tui/App.js +742 -0
package/dist/tui/App.js.map +1 -0
package/dist/tui/Composer.d.ts +17 -0
package/dist/tui/Composer.d.ts.map +1 -0
package/dist/tui/Composer.js +123 -0
package/dist/tui/Composer.js.map +1 -0
package/dist/tui/LiveActivity.d.ts +22 -0
package/dist/tui/LiveActivity.d.ts.map +1 -0
package/dist/tui/LiveActivity.js +46 -0
package/dist/tui/LiveActivity.js.map +1 -0
package/dist/tui/Markdown.d.ts +18 -0
package/dist/tui/Markdown.d.ts.map +1 -0
package/dist/tui/Markdown.js +68 -0
package/dist/tui/Markdown.js.map +1 -0
package/dist/tui/PermissionOverlay.d.ts +14 -0
package/dist/tui/PermissionOverlay.d.ts.map +1 -0
package/dist/tui/PermissionOverlay.js +22 -0
package/dist/tui/PermissionOverlay.js.map +1 -0
package/dist/tui/Picker.d.ts +20 -0
package/dist/tui/Picker.d.ts.map +1 -0
package/dist/tui/Picker.js +72 -0
package/dist/tui/Picker.js.map +1 -0
package/dist/tui/ResumePicker.d.ts +12 -0
package/dist/tui/ResumePicker.d.ts.map +1 -0
package/dist/tui/ResumePicker.js +26 -0
package/dist/tui/ResumePicker.js.map +1 -0
package/dist/tui/StatusBar.d.ts +22 -0
package/dist/tui/StatusBar.d.ts.map +1 -0
package/dist/tui/StatusBar.js +73 -0
package/dist/tui/StatusBar.js.map +1 -0
package/dist/tui/Transcript.d.ts +29 -0
package/dist/tui/Transcript.d.ts.map +1 -0
package/dist/tui/Transcript.js +105 -0
package/dist/tui/Transcript.js.map +1 -0
package/dist/tui/TrustPrompt.d.ts +11 -0
package/dist/tui/TrustPrompt.d.ts.map +1 -0
package/dist/tui/TrustPrompt.js +13 -0
package/dist/tui/TrustPrompt.js.map +1 -0
package/dist/tui/agent.d.ts +163 -0
package/dist/tui/agent.d.ts.map +1 -0
package/dist/tui/agent.js +684 -0
package/dist/tui/agent.js.map +1 -0
package/dist/tui/agent.test.d.ts +2 -0
package/dist/tui/agent.test.d.ts.map +1 -0
package/dist/tui/agent.test.js +225 -0
package/dist/tui/agent.test.js.map +1 -0
package/dist/tui/index.d.ts +7 -0
package/dist/tui/index.d.ts.map +1 -0
package/dist/tui/index.js +29 -0
package/dist/tui/index.js.map +1 -0
package/dist/tui/logo.d.ts +23 -0
package/dist/tui/logo.d.ts.map +1 -0
package/dist/tui/logo.js +35 -0
package/dist/tui/logo.js.map +1 -0
package/dist/tui/markdownParser.d.ts +45 -0
package/dist/tui/markdownParser.d.ts.map +1 -0
package/dist/tui/markdownParser.js +127 -0
package/dist/tui/markdownParser.js.map +1 -0
package/dist/tui/markdownParser.test.d.ts +2 -0
package/dist/tui/markdownParser.test.d.ts.map +1 -0
package/dist/tui/markdownParser.test.js +90 -0
package/dist/tui/markdownParser.test.js.map +1 -0
package/dist/tui/mentions.d.ts +22 -0
package/dist/tui/mentions.d.ts.map +1 -0
package/dist/tui/mentions.js +59 -0
package/dist/tui/mentions.js.map +1 -0
package/dist/tui/mentions.test.d.ts +2 -0
package/dist/tui/mentions.test.d.ts.map +1 -0
package/dist/tui/mentions.test.js +35 -0
package/dist/tui/mentions.test.js.map +1 -0
package/dist/tui/slashCommands.d.ts +64 -0
package/dist/tui/slashCommands.d.ts.map +1 -0
package/dist/tui/slashCommands.js +153 -0
package/dist/tui/slashCommands.js.map +1 -0
package/dist/tui/slashCommands.test.d.ts +2 -0
package/dist/tui/slashCommands.test.d.ts.map +1 -0
package/dist/tui/slashCommands.test.js +114 -0
package/dist/tui/slashCommands.test.js.map +1 -0
package/dist/tui/theme.d.ts +34 -0
package/dist/tui/theme.d.ts.map +1 -0
package/dist/tui/theme.js +32 -0
package/dist/tui/theme.js.map +1 -0
package/dist/tui/types.d.ts +27 -0
package/dist/tui/types.d.ts.map +1 -0
package/dist/tui/types.js +7 -0
package/dist/tui/types.js.map +1 -0
package/package.json +67 -57

package/dist/integrations/providers/discover.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Credential discoverer for LLM provider clients.
+ *
+ * For each entry in `PROVIDER_REGISTRY`, ask three questions in order:
+ *   1. Is one of its env vars set in `process.env`?
+ *   2. Does clawtool's secrets.toml carry one of its env vars?
+ *   3. Is the probe URL (if any) reachable right now?
+ *
+ * The first positive answer per provider wins; subsequent sources are
+ * recorded as "also available from" so the picker can show alternatives
+ * (e.g. anthropic via env, also available in `[secrets.personal]`).
+ *
+ * Discovery is non-throwing. Network probes have short timeouts. The
+ * picker can render immediately and refine if discovery completes later.
+ */
+import { type ProviderId, type ProviderRegistryEntry } from './registry.js';
+export type DetectionSource = {
+    readonly kind: 'env';
+    readonly envName: string;
+} | {
+    readonly kind: 'secrets-toml';
+    readonly envName: string;
+    readonly scope: string;
+} | {
+    readonly kind: 'probe';
+    readonly url: string;
+} | {
+    readonly kind: 'keychain';
+    readonly service: string;
+};
+export interface DetectedProvider {
+    readonly entry: ProviderRegistryEntry;
+    /** First positive source (used by default). */
+    readonly source: DetectionSource;
+    /** Resolved API key, if the source carried one. */
+    readonly apiKey?: string;
+    /** Resolved base URL (overrides the registry default if set). */
+    readonly baseUrl?: string;
+    /**
+     * OAuth refresh metadata, present only when `apiKey` is an OAuth access
+     * token carrying a refresh token + expiry (the Claude Code Keychain). Lets
+     * the session layer renew a lapsed token instead of failing with a 401.
+     */
+    readonly oauth?: {
+        readonly refreshToken?: string;
+        readonly expiresAt?: number;
+    };
+    /** Other sources that also satisfy this provider — informational. */
+    readonly alternatives: readonly DetectionSource[];
+}
+export interface DiscoverOptions {
+    /** Override `process.env` for tests. */
+    readonly env?: NodeJS.ProcessEnv;
+    /** Override `homedir()` for tests (read clawtool secrets from a fixture). */
+    readonly home?: string;
+    /** Override the fetch impl for probe URLs (tests inject a mock). */
+    readonly fetch?: typeof fetch;
+    /** Probe deadline in ms (default 500). */
+    readonly probeTimeoutMs?: number;
+    /** Skip network probes entirely (tests, offline mode). */
+    readonly skipProbes?: boolean;
+    /** Skip the macOS Keychain read (tests, non-darwin runs). */
+    readonly skipKeychain?: boolean;
+}
+export declare function discoverProviders(opts?: DiscoverOptions): Promise<readonly DetectedProvider[]>;
+/** Resolve a single detected provider by id from the discovered list. */
+export declare function findDetected(list: readonly DetectedProvider[], id: ProviderId): DetectedProvider | null;
+//# sourceMappingURL=discover.d.ts.map

package/dist/integrations/providers/discover.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discover.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/discover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAqB,KAAK,UAAU,EAAE,KAAK,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAG9F,MAAM,MAAM,eAAe,GACxB;IAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAClD;IAAE,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACnF;IAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAChD;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAA;AAE1D,MAAM,WAAW,gBAAgB;IAChC,QAAQ,CAAC,KAAK,EAAE,qBAAqB,CAAA;IACrC,+CAA+C;IAC/C,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAA;IAChC,mDAAmD;IACnD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,iEAAiE;IACjE,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;IAChF,qEAAqE;IACrE,QAAQ,CAAC,YAAY,EAAE,SAAS,eAAe,EAAE,CAAA;CACjD;AAED,MAAM,WAAW,eAAe;IAC/B,wCAAwC;IACxC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IAChC,6EAA6E;IAC7E,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,oEAAoE;IACpE,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAA;IAC7B,0CAA0C;IAC1C,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAA;IAChC,0DAA0D;IAC1D,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;IAC7B,6DAA6D;IAC7D,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAA;CAC/B;AAID,wBAAsB,iBAAiB,CACtC,IAAI,GAAE,eAAoB,GACxB,OAAO,CAAC,SAAS,gBAAgB,EAAE,CAAC,CAmEtC;AAmBD,yEAAyE;AACzE,wBAAgB,YAAY,CAC3B,IAAI,EAAE,SAAS,gBAAgB,EAAE,EACjC,EAAE,EAAE,UAAU,GACZ,gBAAgB,GAAG,IAAI,CAEzB"}

package/dist/integrations/providers/discover.js ADDED Viewed

@@ -0,0 +1,108 @@
+/**
+ * Credential discoverer for LLM provider clients.
+ *
+ * For each entry in `PROVIDER_REGISTRY`, ask three questions in order:
+ *   1. Is one of its env vars set in `process.env`?
+ *   2. Does clawtool's secrets.toml carry one of its env vars?
+ *   3. Is the probe URL (if any) reachable right now?
+ *
+ * The first positive answer per provider wins; subsequent sources are
+ * recorded as "also available from" so the picker can show alternatives
+ * (e.g. anthropic via env, also available in `[secrets.personal]`).
+ *
+ * Discovery is non-throwing. Network probes have short timeouts. The
+ * picker can render immediately and refine if discovery completes later.
+ */
+import { readClaudeCodeKeychainCredential } from './keychain.js';
+import { PROVIDER_REGISTRY } from './registry.js';
+import { readClawtoolSecrets } from './secrets.js';
+const DEFAULT_PROBE_TIMEOUT_MS = 500;
+export async function discoverProviders(opts = {}) {
+    const env = opts.env ?? process.env;
+    const secrets = readClawtoolSecrets(opts.home);
+    const detected = [];
+    // macOS-only: read Claude Code's OAuth credential from the login
+    // Keychain once. Only anthropic consumes it, but we scan up front so
+    // the loop body stays uniform.
+    const claudeKeychain = opts.skipKeychain ? null : readClaudeCodeKeychainCredential();
+    for (const id of Object.keys(PROVIDER_REGISTRY)) {
+        const entry = PROVIDER_REGISTRY[id];
+        const sources = [];
+        let apiKey;
+        let oauth;
+        for (const envName of entry.envVars) {
+            const v = env[envName];
+            if (v && v.length > 0) {
+                if (apiKey === undefined)
+                    apiKey = v;
+                sources.push({ kind: 'env', envName });
+            }
+        }
+        for (const cand of secrets) {
+            if (entry.envVars.includes(cand.envName)) {
+                if (apiKey === undefined)
+                    apiKey = cand.value;
+                sources.push({ kind: 'secrets-toml', envName: cand.envName, scope: cand.scope });
+            }
+        }
+        if (id === 'anthropic' && claudeKeychain) {
+            if (apiKey === undefined)
+                apiKey = claudeKeychain.accessToken;
+            sources.push({ kind: 'keychain', service: 'Claude Code-credentials' });
+            // Only carry refresh metadata when the Keychain token is the one we'll
+            // actually use (an env/secrets token has no refresh path).
+            if (apiKey === claudeKeychain.accessToken) {
+                oauth = {
+                    refreshToken: claudeKeychain.refreshToken,
+                    expiresAt: claudeKeychain.expiresAt,
+                };
+            }
+        }
+        if (sources.length === 0 && entry.probeUrl && !opts.skipProbes) {
+            const reachable = await probe(entry.probeUrl, opts);
+            if (reachable) {
+                sources.push({ kind: 'probe', url: entry.probeUrl });
+            }
+        }
+        if (sources.length > 0) {
+            detected.push({
+                entry,
+                source: sources[0],
+                apiKey,
+                baseUrl: entry.defaultBaseUrl,
+                ...(oauth ? { oauth } : {}),
+                alternatives: sources.slice(1),
+            });
+            continue;
+        }
+        // Probe-only providers (Ollama, LM Studio): include even when probe
+        // fails so the picker can show "(not running)" and the user knows
+        // they could start the server. Local providers with no apiKey need
+        // only the URL to be addressable.
+        if (!entry.requiresApiKey && entry.probeUrl && !opts.skipProbes === false) {
+            // `skipProbes === true` reaches this branch; surface as not-detected,
+            // no row in the picker, so user isn't confused by phantom entries.
+        }
+    }
+    return detected;
+}
+async function probe(url, opts) {
+    const fetchFn = opts.fetch ?? globalThis.fetch;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), opts.probeTimeoutMs ?? DEFAULT_PROBE_TIMEOUT_MS);
+    try {
+        const res = await fetchFn(url, { method: 'GET', signal: controller.signal });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+/** Resolve a single detected provider by id from the discovered list. */
+export function findDetected(list, id) {
+    return list.find((d) => d.entry.id === id) ?? null;
+}
+//# sourceMappingURL=discover.js.map

package/dist/integrations/providers/discover.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discover.js","sourceRoot":"","sources":["../../../src/integrations/providers/discover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,gCAAgC,EAAE,MAAM,eAAe,CAAA;AAChE,OAAO,EAAE,iBAAiB,EAA+C,MAAM,eAAe,CAAA;AAC9F,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AAyClD,MAAM,wBAAwB,GAAG,GAAG,CAAA;AAEpC,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACtC,OAAwB,EAAE;IAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,MAAM,QAAQ,GAAuB,EAAE,CAAA;IAEvC,iEAAiE;IACjE,qEAAqE;IACrE,+BAA+B;IAC/B,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,gCAAgC,EAAE,CAAA;IAEpF,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAA0B,EAAE,CAAC;QAC1E,MAAM,KAAK,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;QACnC,MAAM,OAAO,GAAsB,EAAE,CAAA;QACrC,IAAI,MAA0B,CAAA;QAC9B,IAAI,KAAgC,CAAA;QACpC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAA;YACtB,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,IAAI,MAAM,KAAK,SAAS;oBAAE,MAAM,GAAG,CAAC,CAAA;gBACpC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACvC,CAAC;QACF,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,IAAI,MAAM,KAAK,SAAS;oBAAE,MAAM,GAAG,IAAI,CAAC,KAAK,CAAA;gBAC7C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YACjF,CAAC;QACF,CAAC;QACD,IAAI,EAAE,KAAK,WAAW,IAAI,cAAc,EAAE,CAAC;YAC1C,IAAI,MAAM,KAAK,SAAS;gBAAE,MAAM,GAAG,cAAc,CAAC,WAAW,CAAA;YAC7D,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAA;YACtE,uEAAuE;YACvE,2DAA2D;YAC3D,IAAI,MAAM,KAAK,cAAc,CAAC,WAAW,EAAE,CAAC;gBAC3C,KAAK,GAAG;oBACP,YAAY,EAAE,cAAc,CAAC,YAAY;oBACzC,SAAS,EAAE,cAAc,CAAC,SAAS;iBACnC,CAAA;YACF,CAAC;QACF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChE,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YACnD,IAAI,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;YACrD,CAAC;QACF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC;gBACb,KAAK;gBACL,MAAM,EAAE,OAAO,CAAC,CAAC,CAAoB;gBACrC,MAAM;gBACN,OAAO,EAAE,KAAK,CAAC,cAAc;gBAC7B,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3B,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;aAC9B,CAAC,CAAA;YACF,SAAQ;QACT,CAAC;QACD,oEAAoE;QACpE,kEAAkE;QAClE,mEAAmE;QACnE,kCAAkC;QAClC,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YAC3E,sEAAsE;YACtE,mEAAmE;QACpE,CAAC;IACF,CAAC;IACD,OAAO,QAAQ,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,KAAK,CAAC,GAAW,EAAE,IAAqB;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAA;IACxC,MAAM,KAAK,GAAG,UAAU,CACvB,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,CAAC,cAAc,IAAI,wBAAwB,CAC/C,CAAA;IACD,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,OAAO,GAAG,CAAC,EAAE,CAAA;IACd,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAA;IACb,CAAC;YAAS,CAAC;QACV,YAAY,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACF,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,YAAY,CAC3B,IAAiC,EACjC,EAAc;IAEd,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,IAAI,CAAA;AACnD,CAAC"}

package/dist/integrations/providers/discover.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=discover.test.d.ts.map

package/dist/integrations/providers/discover.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"discover.test.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/discover.test.ts"],"names":[],"mappings":""}

package/dist/integrations/providers/discover.test.js ADDED Viewed

@@ -0,0 +1,120 @@
+import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { describe, expect, it, vi } from 'vitest';
+import { discoverProviders, findDetected } from './discover.js';
+function tmpHome() {
+    const home = mkdtempSync(join(tmpdir(), 'namzu-discover-'));
+    mkdirSync(join(home, '.config', 'clawtool'), { recursive: true });
+    return home;
+}
+// Every test must opt out of host-ambient sources (Keychain, network
+// probes) so the suite stays hermetic regardless of who runs it. The
+// keychain code path is covered by a focused unit test below.
+const HERMETIC = { skipProbes: true, skipKeychain: true };
+describe('discoverProviders — env-var scan', () => {
+    it('picks anthropic from ANTHROPIC_API_KEY', async () => {
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: { ANTHROPIC_API_KEY: 'sk-ant-test' },
+            home: tmpHome(),
+        });
+        const anthropic = findDetected(list, 'anthropic');
+        expect(anthropic).not.toBeNull();
+        expect(anthropic?.apiKey).toBe('sk-ant-test');
+        expect(anthropic?.source.kind).toBe('env');
+        if (anthropic?.source.kind === 'env') {
+            expect(anthropic.source.envName).toBe('ANTHROPIC_API_KEY');
+        }
+    });
+    it('falls back to CLAUDE_CODE_OAUTH_TOKEN if no anthropic key set', async () => {
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: { CLAUDE_CODE_OAUTH_TOKEN: 'oauth-tok' },
+            home: tmpHome(),
+        });
+        const anthropic = findDetected(list, 'anthropic');
+        expect(anthropic?.apiKey).toBe('oauth-tok');
+        if (anthropic?.source.kind === 'env') {
+            expect(anthropic.source.envName).toBe('CLAUDE_CODE_OAUTH_TOKEN');
+        }
+    });
+    it('returns empty list when no env + no secrets + no probes + no keychain', async () => {
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: {},
+            home: tmpHome(),
+        });
+        expect(list).toHaveLength(0);
+    });
+    it('detects multiple providers in one scan', async () => {
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: { ANTHROPIC_API_KEY: 'a', OPENAI_API_KEY: 'o' },
+            home: tmpHome(),
+        });
+        expect(findDetected(list, 'anthropic')).not.toBeNull();
+        expect(findDetected(list, 'openai')).not.toBeNull();
+    });
+});
+describe('discoverProviders — clawtool secrets.toml', () => {
+    it('reads anthropic key from clawtool secrets', async () => {
+        const home = tmpHome();
+        writeFileSync(join(home, '.config', 'clawtool', 'secrets.toml'), '[secrets.work]\nANTHROPIC_API_KEY = "sk-from-toml"\n');
+        const list = await discoverProviders({ ...HERMETIC, env: {}, home });
+        const anthropic = findDetected(list, 'anthropic');
+        expect(anthropic?.apiKey).toBe('sk-from-toml');
+        if (anthropic?.source.kind === 'secrets-toml') {
+            expect(anthropic.source.scope).toBe('work');
+            expect(anthropic.source.envName).toBe('ANTHROPIC_API_KEY');
+        }
+    });
+    it('env var wins over secrets.toml when both present', async () => {
+        const home = tmpHome();
+        writeFileSync(join(home, '.config', 'clawtool', 'secrets.toml'), '[secrets.work]\nANTHROPIC_API_KEY = "from-toml"\n');
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: { ANTHROPIC_API_KEY: 'from-env' },
+            home,
+        });
+        const anthropic = findDetected(list, 'anthropic');
+        expect(anthropic?.apiKey).toBe('from-env');
+        expect(anthropic?.source.kind).toBe('env');
+        expect(anthropic?.alternatives.length).toBeGreaterThan(0);
+    });
+});
+describe('discoverProviders — local probes', () => {
+    it('detects ollama when its probe URL is reachable', async () => {
+        const fetchMock = vi.fn().mockResolvedValue(new Response('', { status: 200 }));
+        const list = await discoverProviders({
+            skipKeychain: true,
+            env: {},
+            home: tmpHome(),
+            fetch: fetchMock,
+        });
+        const ollama = findDetected(list, 'ollama');
+        expect(ollama).not.toBeNull();
+        expect(ollama?.source.kind).toBe('probe');
+    });
+    it('does not include ollama when its probe fails', async () => {
+        const fetchMock = vi.fn().mockRejectedValue(new Error('ECONNREFUSED'));
+        const list = await discoverProviders({
+            skipKeychain: true,
+            env: {},
+            home: tmpHome(),
+            fetch: fetchMock,
+        });
+        expect(findDetected(list, 'ollama')).toBeNull();
+    });
+});
+describe('discoverProviders — http provider', () => {
+    it('is never auto-discovered (no envVars, no probe)', async () => {
+        const list = await discoverProviders({
+            ...HERMETIC,
+            env: {},
+            home: tmpHome(),
+        });
+        expect(findDetected(list, 'http')).toBeNull();
+    });
+});
+//# sourceMappingURL=discover.test.js.map

package/dist/integrations/providers/discover.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discover.test.js","sourceRoot":"","sources":["../../../src/integrations/providers/discover.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAC/D,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAChC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAEjD,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAE/D,SAAS,OAAO;IACf,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAA;IAC3D,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACjE,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,qEAAqE;AACrE,qEAAqE;AACrE,8DAA8D;AAC9D,MAAM,QAAQ,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAW,CAAA;AAElE,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IACjD,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE,iBAAiB,EAAE,aAAa,EAAE;YACzC,IAAI,EAAE,OAAO,EAAE;SACf,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACjD,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAA;QAChC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC1C,IAAI,SAAS,EAAE,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACtC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAC3D,CAAC;IACF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE,uBAAuB,EAAE,WAAW,EAAE;YAC7C,IAAI,EAAE,OAAO,EAAE;SACf,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACjD,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3C,IAAI,SAAS,EAAE,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACtC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;QACjE,CAAC;IACF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE;YACP,IAAI,EAAE,OAAO,EAAE;SACf,CAAC,CAAA;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAC7B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE;YACpD,IAAI,EAAE,OAAO,EAAE;SACf,CAAC,CAAA;QACF,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAA;QACtD,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAA;IACpD,CAAC,CAAC,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;IAC1D,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,IAAI,GAAG,OAAO,EAAE,CAAA;QACtB,aAAa,CACZ,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,EACjD,sDAAsD,CACtD,CAAA;QACD,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,GAAG,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;QACpE,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACjD,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAC9C,IAAI,SAAS,EAAE,MAAM,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC/C,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAC3C,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAC3D,CAAC;IACF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,IAAI,GAAG,OAAO,EAAE,CAAA;QACtB,aAAa,CACZ,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,EACjD,mDAAmD,CACnD,CAAA;QACD,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE,iBAAiB,EAAE,UAAU,EAAE;YACtC,IAAI;SACJ,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACjD,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAC1C,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC1C,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;IAC1D,CAAC,CAAC,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IACjD,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAgB,CAAC,iBAAiB,CAAC,IAAI,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;QAC5F,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,YAAY,EAAE,IAAI;YAClB,GAAG,EAAE,EAAE;YACP,IAAI,EAAE,OAAO,EAAE;YACf,KAAK,EAAE,SAAS;SAChB,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAA;QAC7B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAgB,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;QACpF,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,YAAY,EAAE,IAAI;YAClB,GAAG,EAAE,EAAE;YACP,IAAI,EAAE,OAAO,EAAE;YACf,KAAK,EAAE,SAAS;SAChB,CAAC,CAAA;QACF,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAChD,CAAC,CAAC,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;IAClD,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC;YACpC,GAAG,QAAQ;YACX,GAAG,EAAE,EAAE;YACP,IAAI,EAAE,OAAO,EAAE;SACf,CAAC,CAAA;QACF,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAC9C,CAAC,CAAC,CAAA;AACH,CAAC,CAAC,CAAA"}

package/dist/integrations/providers/index.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export { type DetectedProvider, type DetectionSource, type DiscoverOptions, discoverProviders, findDetected, } from './discover.js';
+export { type ClaudeCodeOAuthCredential, isAnthropicOAuthToken, readClaudeCodeKeychainCredential, } from './keychain.js';
+export { maskSecret } from './mask.js';
+export { ensureFreshAnthropicToken, type OAuthMetadata, refreshClaudeCodeToken, } from './oauth.js';
+export { type Preferences, PREFERENCES_FILE_VERSION, PreferencesError, preferencesPath, type ReadResult, readPreferences, writePreferences, } from './preferences.js';
+export { ALL_PROVIDER_IDS, PROVIDER_REGISTRY, type ProviderId, type ProviderRegistryEntry, type SdkProviderType, } from './registry.js';
+export { clawtoolSecretsPath, readClawtoolSecrets, type SecretCandidate } from './secrets.js';
+export { type AnthropicProfile, type BaseProfile, type BedrockProfile, type HttpProfile, type LMStudioProfile, type OllamaProfile, type OpenAIProfile, type OpenRouterProfile, PROVIDER_TYPES, type ProviderProfile, type ProviderType, type ProvidersFile, PROVIDERS_FILE_VERSION, ProfileValidationError, TYPE_ENV_FALLBACK, isProviderType, validateProfile, } from './schema.js';
+export { ProvidersStoreError, assertInvariants, findDefault, providersPath, readProfiles, resolveApiKey, writeProfiles, } from './store.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/integrations/providers/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,iBAAiB,EACjB,YAAY,GACZ,MAAM,eAAe,CAAA;AACtB,OAAO,EACN,KAAK,yBAAyB,EAC9B,qBAAqB,EACrB,gCAAgC,GAChC,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AACtC,OAAO,EACN,yBAAyB,EACzB,KAAK,aAAa,EAClB,sBAAsB,GACtB,MAAM,YAAY,CAAA;AACnB,OAAO,EACN,KAAK,WAAW,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,eAAe,EACf,KAAK,UAAU,EACf,eAAe,EACf,gBAAgB,GAChB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACN,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,eAAe,GACpB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAA;AAG7F,OAAO,EACN,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,cAAc,EACd,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,eAAe,GACf,MAAM,aAAa,CAAA;AACpB,OAAO,EACN,mBAAmB,EACnB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,YAAY,EACZ,aAAa,EACb,aAAa,GACb,MAAM,YAAY,CAAA"}

package/dist/integrations/providers/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+export { discoverProviders, findDetected, } from './discover.js';
+export { isAnthropicOAuthToken, readClaudeCodeKeychainCredential, } from './keychain.js';
+export { maskSecret } from './mask.js';
+export { ensureFreshAnthropicToken, refreshClaudeCodeToken, } from './oauth.js';
+export { PREFERENCES_FILE_VERSION, PreferencesError, preferencesPath, readPreferences, writePreferences, } from './preferences.js';
+export { ALL_PROVIDER_IDS, PROVIDER_REGISTRY, } from './registry.js';
+export { clawtoolSecretsPath, readClawtoolSecrets } from './secrets.js';
+// Manual-profile escape hatch — kept for users who configure providers
+// by API key directly without going through the auto-discovery picker.
+export { PROVIDER_TYPES, PROVIDERS_FILE_VERSION, ProfileValidationError, TYPE_ENV_FALLBACK, isProviderType, validateProfile, } from './schema.js';
+export { ProvidersStoreError, assertInvariants, findDefault, providersPath, readProfiles, resolveApiKey, writeProfiles, } from './store.js';
+//# sourceMappingURL=index.js.map

package/dist/integrations/providers/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/integrations/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAIN,iBAAiB,EACjB,YAAY,GACZ,MAAM,eAAe,CAAA;AACtB,OAAO,EAEN,qBAAqB,EACrB,gCAAgC,GAChC,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AACtC,OAAO,EACN,yBAAyB,EAEzB,sBAAsB,GACtB,MAAM,YAAY,CAAA;AACnB,OAAO,EAEN,wBAAwB,EACxB,gBAAgB,EAChB,eAAe,EAEf,eAAe,EACf,gBAAgB,GAChB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACN,gBAAgB,EAChB,iBAAiB,GAIjB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAwB,MAAM,cAAc,CAAA;AAC7F,uEAAuE;AACvE,uEAAuE;AACvE,OAAO,EASN,cAAc,EAId,sBAAsB,EACtB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,eAAe,GACf,MAAM,aAAa,CAAA;AACpB,OAAO,EACN,mBAAmB,EACnB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,YAAY,EACZ,aAAa,EACb,aAAa,GACb,MAAM,YAAY,CAAA"}

package/dist/integrations/providers/keychain.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * macOS Keychain reader for Claude Code OAuth credentials.
+ *
+ * Claude Code stores its OAuth credentials in the macOS login Keychain
+ * under the generic-password service name "Claude Code-credentials",
+ * not in a flat file. The password value is a JSON envelope:
+ *
+ *   { "claudeAiOauth": { "accessToken": "...", "refreshToken": "...",
+ *                         "expiresAt": ..., "scopes": [...] } }
+ *
+ * Pattern ported from NousResearch's hermes-agent
+ * (`agent/anthropic_adapter.py:_read_claude_code_credentials_from_keychain`).
+ * Non-throwing — every failure (not-darwin, security not installed,
+ * entry missing, payload malformed) returns `null` so discovery treats
+ * the source as "not available" rather than crashing.
+ */
+export interface ClaudeCodeOAuthCredential {
+    readonly accessToken: string;
+    readonly refreshToken?: string;
+    readonly expiresAt?: number;
+    readonly scopes?: readonly string[];
+}
+export declare function readClaudeCodeKeychainCredential(): ClaudeCodeOAuthCredential | null;
+/**
+ * Persist a refreshed OAuth credential back into the same Keychain entry so
+ * the new access token survives across launches and Claude Code itself stays
+ * in sync. The full envelope is re-read and merged (only the OAuth sub-fields
+ * change) so any extra keys Claude Code stores are preserved. Non-throwing:
+ * returns `false` (not-darwin, no entry, missing account, write denied) and
+ * the caller falls back to using the refreshed token only in memory.
+ *
+ * Note: `security` takes the secret as an argv (`-w`), so it is briefly
+ * visible to `ps` — acceptable for a local dev CLI updating a credential that
+ * already lives on this machine.
+ */
+export declare function writeClaudeCodeKeychainCredential(cred: ClaudeCodeOAuthCredential): boolean;
+/**
+ * Detect whether a credential value is an Anthropic OAuth-style token
+ * (must be sent via `Authorization: Bearer`) vs a console API key (sent
+ * via `x-api-key`). Ported from hermes's `_is_oauth_token` —
+ * positively identifies by prefix; defaults to API-key when unsure.
+ */
+export declare function isAnthropicOAuthToken(value: string): boolean;
+//# sourceMappingURL=keychain.d.ts.map

package/dist/integrations/providers/keychain.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/keychain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAOH,MAAM,WAAW,yBAAyB;IACzC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACnC;AAED,wBAAgB,gCAAgC,IAAI,yBAAyB,GAAG,IAAI,CAmCnF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iCAAiC,CAAC,IAAI,EAAE,yBAAyB,GAAG,OAAO,CAiD1F;AAiBD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAM5D"}

package/dist/integrations/providers/keychain.js ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * macOS Keychain reader for Claude Code OAuth credentials.
+ *
+ * Claude Code stores its OAuth credentials in the macOS login Keychain
+ * under the generic-password service name "Claude Code-credentials",
+ * not in a flat file. The password value is a JSON envelope:
+ *
+ *   { "claudeAiOauth": { "accessToken": "...", "refreshToken": "...",
+ *                         "expiresAt": ..., "scopes": [...] } }
+ *
+ * Pattern ported from NousResearch's hermes-agent
+ * (`agent/anthropic_adapter.py:_read_claude_code_credentials_from_keychain`).
+ * Non-throwing — every failure (not-darwin, security not installed,
+ * entry missing, payload malformed) returns `null` so discovery treats
+ * the source as "not available" rather than crashing.
+ */
+import { execFileSync } from 'node:child_process';
+import { platform } from 'node:os';
+const KEYCHAIN_SERVICE = 'Claude Code-credentials';
+export function readClaudeCodeKeychainCredential() {
+    if (platform() !== 'darwin')
+        return null;
+    let raw;
+    try {
+        raw = execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-w'], {
+            encoding: 'utf8',
+            timeout: 5_000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        }).trim();
+    }
+    catch {
+        return null;
+    }
+    if (raw.length === 0)
+        return null;
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    if (typeof parsed !== 'object' || parsed === null)
+        return null;
+    const env = parsed.claudeAiOauth;
+    if (typeof env !== 'object' || env === null)
+        return null;
+    const oauth = env;
+    const accessToken = oauth.accessToken;
+    if (typeof accessToken !== 'string' || accessToken.length === 0)
+        return null;
+    return {
+        accessToken,
+        refreshToken: typeof oauth.refreshToken === 'string' ? oauth.refreshToken : undefined,
+        expiresAt: typeof oauth.expiresAt === 'number' ? oauth.expiresAt : undefined,
+        scopes: Array.isArray(oauth.scopes)
+            ? oauth.scopes.filter((s) => typeof s === 'string')
+            : undefined,
+    };
+}
+/**
+ * Persist a refreshed OAuth credential back into the same Keychain entry so
+ * the new access token survives across launches and Claude Code itself stays
+ * in sync. The full envelope is re-read and merged (only the OAuth sub-fields
+ * change) so any extra keys Claude Code stores are preserved. Non-throwing:
+ * returns `false` (not-darwin, no entry, missing account, write denied) and
+ * the caller falls back to using the refreshed token only in memory.
+ *
+ * Note: `security` takes the secret as an argv (`-w`), so it is briefly
+ * visible to `ps` — acceptable for a local dev CLI updating a credential that
+ * already lives on this machine.
+ */
+export function writeClaudeCodeKeychainCredential(cred) {
+    if (platform() !== 'darwin')
+        return false;
+    // `add-generic-password -U` matches an existing item by service + account,
+    // so we must reuse the original account or we'd create a duplicate entry.
+    const account = readKeychainAccount();
+    if (!account)
+        return false;
+    let envelope = {};
+    try {
+        const raw = execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-w'], {
+            encoding: 'utf8',
+            timeout: 5_000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        }).trim();
+        const parsed = JSON.parse(raw);
+        if (typeof parsed === 'object' && parsed !== null)
+            envelope = parsed;
+    }
+    catch {
+        // Fall back to a fresh envelope below.
+    }
+    const prev = typeof envelope.claudeAiOauth === 'object' && envelope.claudeAiOauth !== null
+        ? envelope.claudeAiOauth
+        : {};
+    envelope.claudeAiOauth = {
+        ...prev,
+        accessToken: cred.accessToken,
+        ...(cred.refreshToken ? { refreshToken: cred.refreshToken } : {}),
+        ...(cred.expiresAt ? { expiresAt: cred.expiresAt } : {}),
+        ...(cred.scopes ? { scopes: cred.scopes } : {}),
+    };
+    try {
+        execFileSync('security', [
+            'add-generic-password',
+            '-U',
+            '-s',
+            KEYCHAIN_SERVICE,
+            '-a',
+            account,
+            '-w',
+            JSON.stringify(envelope),
+        ], { timeout: 5_000, stdio: ['ignore', 'ignore', 'ignore'] });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Read the account (`acct`) of the Claude Code Keychain entry, for updates. */
+function readKeychainAccount() {
+    try {
+        const out = execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE], {
+            encoding: 'utf8',
+            timeout: 5_000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        const m = out.match(/"acct"<blob>="((?:[^"\\]|\\.)*)"/);
+        return m?.[1] ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Detect whether a credential value is an Anthropic OAuth-style token
+ * (must be sent via `Authorization: Bearer`) vs a console API key (sent
+ * via `x-api-key`). Ported from hermes's `_is_oauth_token` —
+ * positively identifies by prefix; defaults to API-key when unsure.
+ */
+export function isAnthropicOAuthToken(value) {
+    if (value.startsWith('sk-ant-api'))
+        return false; // console API key
+    if (value.startsWith('sk-ant-oat'))
+        return true; // Anthropic OAuth setup token
+    if (value.startsWith('eyJ'))
+        return true; // JWT
+    if (value.startsWith('cc-'))
+        return true; // Claude Code OAuth access token
+    return false;
+}
+//# sourceMappingURL=keychain.js.map

package/dist/integrations/providers/keychain.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../../src/integrations/providers/keychain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAElC,MAAM,gBAAgB,GAAG,yBAAyB,CAAA;AASlD,MAAM,UAAU,gCAAgC;IAC/C,IAAI,QAAQ,EAAE,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAExC,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACJ,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,CAAC,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,CAAC,EAAE;YACvF,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACnC,CAAC,CAAC,IAAI,EAAE,CAAA;IACV,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAA;IACZ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjC,IAAI,MAAe,CAAA;IACnB,IAAI,CAAC;QACJ,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAA;IACZ,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAA;IAC9D,MAAM,GAAG,GAAI,MAAsC,CAAC,aAAa,CAAA;IACjE,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAA;IACxD,MAAM,KAAK,GAAG,GAA8B,CAAA;IAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,CAAA;IACrC,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC5E,OAAO;QACN,WAAW;QACX,YAAY,EAAE,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QACrF,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YAClC,CAAC,CAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAc;YACjE,CAAC,CAAC,SAAS;KACZ,CAAA;AACF,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iCAAiC,CAAC,IAA+B;IAChF,IAAI,QAAQ,EAAE,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IACzC,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,OAAO,GAAG,mBAAmB,EAAE,CAAA;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAE1B,IAAI,QAAQ,GAA4B,EAAE,CAAA;IAC1C,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,CAAC,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,CAAC,EAAE;YAC7F,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACnC,CAAC,CAAC,IAAI,EAAE,CAAA;QACT,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACvC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;YAAE,QAAQ,GAAG,MAAiC,CAAA;IAChG,CAAC;IAAC,MAAM,CAAC;QACR,uCAAuC;IACxC,CAAC;IACD,MAAM,IAAI,GACT,OAAO,QAAQ,CAAC,aAAa,KAAK,QAAQ,IAAI,QAAQ,CAAC,aAAa,KAAK,IAAI;QAC5E,CAAC,CAAE,QAAQ,CAAC,aAAyC;QACrD,CAAC,CAAC,EAAE,CAAA;IACN,QAAQ,CAAC,aAAa,GAAG;QACxB,GAAG,IAAI;QACP,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/C,CAAA;IACD,IAAI,CAAC;QACJ,YAAY,CACX,UAAU,EACV;YACC,sBAAsB;YACtB,IAAI;YACJ,IAAI;YACJ,gBAAgB;YAChB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;SACxB,EACD,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,CACzD,CAAA;QACD,OAAO,IAAI,CAAA;IACZ,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAA;IACb,CAAC;AACF,CAAC;AAED,gFAAgF;AAChF,SAAS,mBAAmB;IAC3B,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,CAAC,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,CAAC,EAAE;YACvF,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACnC,CAAC,CAAA;QACF,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;QACvD,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;IACtB,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAA;IACZ,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IAClD,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAA,CAAC,kBAAkB;IACnE,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAA,CAAC,8BAA8B;IAC9E,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA,CAAC,MAAM;IAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA,CAAC,iCAAiC;IAC1E,OAAO,KAAK,CAAA;AACb,CAAC"}

package/dist/integrations/providers/keychain.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=keychain.test.d.ts.map

package/dist/integrations/providers/keychain.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"keychain.test.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/keychain.test.ts"],"names":[],"mappings":""}

package/dist/integrations/providers/keychain.test.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { describe, expect, it } from 'vitest';
+import { isAnthropicOAuthToken } from './keychain.js';
+describe('isAnthropicOAuthToken', () => {
+    it('detects Claude Code OAuth tokens (cc- prefix)', () => {
+        expect(isAnthropicOAuthToken('cc-some-opaque-id')).toBe(true);
+    });
+    it('detects Anthropic setup OAuth tokens (sk-ant-oat- prefix)', () => {
+        expect(isAnthropicOAuthToken('sk-ant-oat01-...')).toBe(true);
+    });
+    it('detects JWT-shaped tokens (eyJ prefix)', () => {
+        expect(isAnthropicOAuthToken('eyJhbGciOiJIUzI1NiIs...')).toBe(true);
+    });
+    it('rejects console API keys (sk-ant-api*)', () => {
+        expect(isAnthropicOAuthToken('sk-ant-api03-deadbeef')).toBe(false);
+    });
+    it('defaults to false (API-key path) for unknown shapes', () => {
+        expect(isAnthropicOAuthToken('arbitrary-string')).toBe(false);
+        expect(isAnthropicOAuthToken('')).toBe(false);
+    });
+});
+//# sourceMappingURL=keychain.test.js.map

package/dist/integrations/providers/keychain.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"keychain.test.js","sourceRoot":"","sources":["../../../src/integrations/providers/keychain.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAE7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAErD,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACpE,MAAM,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,qBAAqB,CAAC,yBAAyB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,qBAAqB,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACnE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7D,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC9C,CAAC,CAAC,CAAA;AACH,CAAC,CAAC,CAAA"}

package/dist/integrations/providers/mask.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Mask a secret for terminal display. Default keeps the last 4 chars
+ * (familiar from `aws configure list-profiles` / `gh auth status`).
+ * Returns `null` for null/empty inputs (so callers can render "—").
+ */
+export declare function maskSecret(secret: string | null | undefined, keep?: number): string | null;
+//# sourceMappingURL=mask.d.ts.map

package/dist/integrations/providers/mask.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mask.d.ts","sourceRoot":"","sources":["../../../src/integrations/providers/mask.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAAE,IAAI,SAAI,GAAG,MAAM,GAAG,IAAI,CAKrF"}

package/dist/integrations/providers/mask.js ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Mask a secret for terminal display. Default keeps the last 4 chars
+ * (familiar from `aws configure list-profiles` / `gh auth status`).
+ * Returns `null` for null/empty inputs (so callers can render "—").
+ */
+export function maskSecret(secret, keep = 4) {
+    if (!secret)
+        return null;
+    if (secret.length <= keep)
+        return '***';
+    const tail = secret.slice(-keep);
+    return `***${tail}`;
+}
+//# sourceMappingURL=mask.js.map