@nepopsx/cli 0.0.22 → 0.0.24

package/dist/licensing/license-manager.js

@@ -1,132 +1,54 @@
 /**
- * License manager — handles license activation, validation,
- * online refresh, and tier-based feature gating.
+ * Auth/session helpers. Post-migration the CLI has ONE credential: the opaque
+ * device token from `nepopsx login`, stored in `.nepopsx/config.json`. The
+ * `License` shape is kept as a thin compatibility view — `.key` IS the device
+ * token — so existing commands send the right Bearer credential unchanged. Auth
+ * and entitlement are server-authoritative now (the backend 401/402s); there is
+ * no license.json, no machine binding, and no online validate/refresh.
  */
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { TIER_LIMITS, generateMachineId, generateFingerprint, checkExpiry, } from '@nepopsx/core';
-import { resolveApiBase } from '../config/api-config.js';
-import { fetchWithTimeout } from '../utils/fetch.js';
-import { API_TIMEOUT_MS } from '../constants.js';
+import { TIER_LIMITS, generateMachineId, generateFingerprint, } from '@nepopsx/core';
+import { readLocalConfig } from '../config/api-config.js';
+import { fetchPlanManifest } from '../utils/fetch-plan-manifest.js';
 import { readWorkspaceNameFromDisk } from './workspace-name.js';
-const LICENSE_DIR = '.nepopsx';
-const LICENSE_FILE = 'license.json';
-// ─── License file operations ────────────────────────────────
+import { getCachedEntitlement } from './entitlement-cache.js';
+// ─── Session (device token) ─────────────────────────────────
 /**
- * Read the local license file. Returns null if not found or invalid.
+ * Build a `License`-shaped view from the stored device token. `.key` IS the opaque
+ * `opsx_dvc_…` token sent as a Bearer credential; `org`/`tier` come from the plan
+ * captured at login; `workspace` is the live local name. Returns null if not
+ * logged in. (No license.json — the device token in config.json is the credential.)
  */
 export function readLicense(rootDir) {
-    const licensePath = join(rootDir, LICENSE_DIR, LICENSE_FILE);
-    if (!existsSync(licensePath))
+    const auth = readLocalConfig(rootDir).auth;
+    if (!auth?.token)
         return null;
-    try {
-        const raw = readFileSync(licensePath, 'utf-8');
-        const data = JSON.parse(raw);
-        // Basic shape validation
-        if (!data.key || !data.org || !data.tier || !data.valid_until || !data.machine_id) {
-            return null;
-        }
-        return data;
-    }
-    catch {
-        return null;
-    }
+    return {
+        key: auth.token,
+        org: auth.org ?? '',
+        tier: auth.plan ?? 'free',
+        valid_until: '',
+        refresh_token: '',
+        machine_id: generateMachineId(),
+        workspace: readWorkspaceNameFromDisk(rootDir) ?? 'unknown',
+        activated_at: '',
+        last_refreshed: '',
+    };
 }
-/**
- * Write license to disk. Creates .nepopsx/ if needed.
- */
-export function writeLicense(rootDir, license) {
-    const dir = join(rootDir, LICENSE_DIR);
-    if (!existsSync(dir)) {
-        mkdirSync(dir, { recursive: true });
-    }
-    writeFileSync(join(dir, LICENSE_FILE), JSON.stringify(license, null, 2) + '\n', 'utf-8');
+/** No-op: the workspace is sourced live from disk in `readLicense` now. */
+export function reconcileLicenseWorkspace(_rootDir, license) {
+    return license;
 }
-/**
- * Heal the license's `workspace` field against the live `workspace.yaml`.
- *
- * The license is activated before `workspace.yaml` exists, so it is born with
- * `workspace: "unknown"`. Once the real config exists, reconcile the in-memory
- * license (and persist it) so every downstream `license.workspace` read — and
- * every backend call derived from it — uses the live workspace name instead of
- * the stale snapshot. Best-effort: returns the license unchanged when the config
- * is absent or already matches. Accepts/returns `null` for the no-license path.
- */
-export function reconcileLicenseWorkspace(rootDir, license) {
-    if (!license)
-        return license;
-    const liveName = readWorkspaceNameFromDisk(rootDir);
-    if (!liveName || liveName === license.workspace)
-        return license;
-    const reconciled = { ...license, workspace: liveName };
-    try {
-        writeLicense(rootDir, reconciled);
-    }
-    catch {
-        // Persisting is best-effort — the in-memory heal is what callers rely on.
-    }
-    return reconciled;
+/** No-op kept for callers: there is no license.json to write any more. */
+export function writeLicense(_rootDir, _license) {
+    /* the device token is written to config.json by `nepopsx login` */
 }
+// ─── Validation (local, advisory) ───────────────────────────
 /**
- * Activate a license key for this machine + workspace.
- * Calls the remote API to validate the key and bind it.
+ * Confirm a device token is present. Auth + entitlement are enforced by the
+ * backend (401/402) — this no longer calls the server.
  */
-export async function activateLicense(rootDir, licenseKey, workspaceName) {
-    const machineId = generateMachineId();
-    const apiBase = resolveApiBase(rootDir);
-    try {
-        const response = await fetchWithTimeout(`${apiBase}/license/activate`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                key: licenseKey,
-                machine_id: machineId,
-                workspace: workspaceName,
-            }),
-        }, API_TIMEOUT_MS);
-        if (!response.ok) {
-            const body = await response.text();
-            return {
-                success: false,
-                error: `Activation failed (${response.status}): ${body}`,
-            };
-        }
-        const data = await response.json();
-        const license = {
-            key: licenseKey,
-            org: data.org,
-            tier: data.tier,
-            valid_until: data.valid_until,
-            refresh_token: data.refresh_token,
-            machine_id: machineId,
-            workspace: workspaceName,
-            activated_at: new Date().toISOString(),
-            last_refreshed: new Date().toISOString(),
-        };
-        writeLicense(rootDir, license);
-        return { success: true, license };
-    }
-    catch (err) {
-        // Network failure — might be offline
-        return {
-            success: false,
-            error: `Cannot reach NEPOPSX API: ${err instanceof Error ? err.message : String(err)}. Check your internet connection.`,
-        };
-    }
-}
-// ─── Validation ─────────────────────────────────────────────
-/**
- * Validate the current license. Attempts online refresh if expired.
- * Returns detailed status.
- */
-export async function validateLicense(rootDir, config) {
-    // Heal a stale `workspace: "unknown"` against the live config before any
-    // backend call uses it. validateLicense always runs with a loaded config, so
-    // this self-heals license.json and every later readLicense() returns the
-    // correct workspace.
-    const license = reconcileLicenseWorkspace(rootDir, readLicense(rootDir));
-    const apiBase = resolveApiBase(rootDir);
-    // No license file
+export async function validateLicense(rootDir, _config) {
+    const license = readLicense(rootDir);
     if (!license) {
         return {
             valid: false,
@@ -135,156 +57,48 @@ export async function validateLicense(rootDir, config) {
             tier: 'free',
             org: '',
             fingerprint: '',
-            message: 'No license found. Run `nepopsx activate <key>` to activate.',
-        };
-    }
-    // Machine binding check
-    const currentMachineId = generateMachineId();
-    if (license.machine_id !== currentMachineId) {
-        return {
-            valid: false,
-            expired: false,
-            days_remaining: 0,
-            tier: license.tier,
-            org: license.org,
-            fingerprint: '',
-            message: 'License is bound to a different machine. Run `nepopsx activate <key>` to re-activate.',
-        };
-    }
-    const { expired, daysRemaining } = checkExpiry(license.valid_until);
-    const fingerprint = generateFingerprint(license.org, license.key, license.workspace);
-    // Still valid — return immediately
-    if (!expired) {
-        try {
-            const response = await fetchWithTimeout(`${apiBase}/license/validate`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                    key: license.key,
-                    machine_id: license.machine_id,
-                    workspace: license.workspace,
-                }),
-            }, API_TIMEOUT_MS);
-            if (response.ok) {
-                const data = await response.json();
-                if (data.valid) {
-                    const updatedLicense = {
-                        ...license,
-                        org: data.org,
-                        tier: data.tier,
-                        valid_until: data.valid_until,
-                        last_refreshed: new Date().toISOString(),
-                    };
-                    writeLicense(rootDir, updatedLicense);
-                    const onlineExpiry = checkExpiry(updatedLicense.valid_until);
-                    return {
-                        valid: true,
-                        expired: false,
-                        days_remaining: onlineExpiry.daysRemaining,
-                        tier: updatedLicense.tier,
-                        org: updatedLicense.org,
-                        fingerprint,
-                        message: data.message,
-                    };
-                }
-                return {
-                    valid: false,
-                    expired: false,
-                    days_remaining: daysRemaining,
-                    tier: license.tier,
-                    org: license.org,
-                    fingerprint,
-                    message: data.message,
-                };
-            }
-        }
-        catch {
-            // Fall back to local validation when offline or backend is unavailable.
-        }
-        return {
-            valid: true,
-            expired: false,
-            days_remaining: daysRemaining,
-            tier: license.tier,
-            org: license.org,
-            fingerprint,
-            message: daysRemaining <= 7
-                ? `License expires in ${daysRemaining} day(s). Renew at nepopsx.dev.`
-                : `Licensed to ${license.org} (${license.tier}).`,
+            message: 'Not logged in. Run `nepopsx login` to authorize this machine.',
         };
     }
-    // Expired — attempt online refresh
-    const refreshed = await refreshLicense(rootDir, license);
-    if (refreshed) {
-        const newExpiry = checkExpiry(refreshed.valid_until);
-        return {
-            valid: true,
-            expired: false,
-            days_remaining: newExpiry.daysRemaining,
-            tier: refreshed.tier,
-            org: refreshed.org,
-            fingerprint,
-            message: `License refreshed. Valid until ${refreshed.valid_until}.`,
-        };
-    }
-    // Refresh failed — license is truly expired
     return {
-        valid: false,
-        expired: true,
-        days_remaining: daysRemaining,
+        valid: true,
+        expired: false,
+        days_remaining: 365,
         tier: license.tier,
         org: license.org,
-        fingerprint,
-        message: `License expired on ${license.valid_until}. Renew at nepopsx.dev or run \`nepopsx activate <key>\`.`,
+        fingerprint: generateFingerprint(license.org, license.key, license.workspace),
+        message: `Logged in to ${license.org || 'your org'} (${license.tier}).`,
     };
 }
-// ─── Refresh ────────────────────────────────────────────────
+// ─── Resolved entitlement (display / advisory) ──────────────
 /**
- * Attempt to refresh the license via the remote API.
- * Returns updated license on success, null on failure.
+ * Resolve the org's entitlement for DISPLAY: cache → synthesized from the plan
+ * manifest + the session's plan. Advisory only — the backend's 402s are the hard
+ * authority. Never throws.
  */
-async function refreshLicense(rootDir, license) {
-    const apiBase = resolveApiBase(rootDir);
-    try {
-        const response = await fetchWithTimeout(`${apiBase}/license/refresh`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                refresh_token: license.refresh_token,
-                machine_id: license.machine_id,
-            }),
-        }, API_TIMEOUT_MS);
-        if (!response.ok)
-            return null;
-        const data = await response.json();
-        const updated = {
-            ...license,
-            tier: data.tier,
-            valid_until: data.valid_until,
-            refresh_token: data.refresh_token,
-            last_refreshed: new Date().toISOString(),
-        };
-        writeLicense(rootDir, updated);
-        return updated;
-    }
-    catch {
-        // Network failure — can't refresh
-        return null;
-    }
+export async function resolveEntitlement(rootDir, license) {
+    const cached = getCachedEntitlement(rootDir, license.key);
+    if (cached)
+        return cached;
+    const manifest = await fetchPlanManifest(rootDir);
+    const spec = manifest.plans.find((p) => p.id === license.tier) ?? manifest.plans[0];
+    return {
+        tier: license.tier,
+        status: license.tier === 'free' ? 'free' : 'active',
+        limits: spec.limits,
+        features: spec.features,
+        validUntil: null,
+        trialEndsAt: null,
+    };
 }
 /**
-/**
- * Check if the workspace config exceeds the license tier's limits.
- *
- * Only scale limits are enforced here — agent quality (customs, philosophy,
- * prompts) is identical across all tiers. The differentiators are:
- *   - how many services / agent packages are allowed
- *   - access to LLM-powered scan (team+)
+ * Check whether the workspace config exceeds the tier's scale limits.
+ * **Advisory only** — the server is the enforcement authority (402). Surface as a
+ * warning + upgrade hint and proceed; never hard-block on this result.
  */
 export function enforceTierLimits(config, tier) {
     const limits = TIER_LIMITS[tier];
     const violations = [];
-    // Service count
     if (config.services.length > limits.max_services) {
         violations.push({
             feature: 'services',
@@ -293,7 +107,6 @@ export function enforceTierLimits(config, tier) {
             required_tier: tier === 'free' ? 'team' : 'enterprise',
         });
     }
-    // Agent count
     if (config.agents) {
         const enabledAgents = Object.values(config.agents).filter((a) => a.enabled).length;
         if (enabledAgents > limits.max_agents) {
@@ -308,10 +121,7 @@ export function enforceTierLimits(config, tier) {
     return violations;
 }
 // ─── Dev mode bypass ────────────────────────────────────────
-/**
- * Check if the CLI is running in dev mode (for NEPOPSX agent developers).
- * Set NEPOPSX_DEV=1 to bypass license checks.
- */
+/** Set NEPOPSX_DEV=1 to bypass auth checks (for NEPOPSX agent developers). */
 export function isDevMode() {
     return process.env.NEPOPSX_DEV === '1';
 }

package/dist/licensing/license-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"license-manager.js","sourceRoot":"","sources":["../../src/licensing/license-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAW,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAEL,WAAW,EACX,iBAAiB,EAAE,mBAAmB,EAAE,WAAW,GACpD,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,YAAY,GAAG,cAAc,CAAC;AAEpC,+DAA+D;AAE/D;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;IAC7D,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE7B,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YAClF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAe,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe,EAAE,OAAgB;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,aAAa,CACX,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,EACvB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EACvC,OAAO,CACR,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,yBAAyB,CACvC,OAAe,EACf,OAAU;IAEV,IAAI,CAAC,OAAO;QAAE,OAAO,OAAO,CAAC;IAC7B,MAAM,QAAQ,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,OAAO,CAAC,SAAS;QAAE,OAAO,OAAO,CAAC;IAChE,MAAM,UAAU,GAAG,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IACvD,IAAI,CAAC;QACH,YAAY,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;IACD,OAAO,UAAe,CAAC;AACzB,CAAC;AAUD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,UAAkB,EAClB,aAAqB;IAErB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,OAAO,mBAAmB,EAAE;YACrE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,EAAE,UAAU;gBACf,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,aAAa;aACzB,CAAC;SACH,EAAE,cAAc,CAAC,CAAC;QAEnB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sBAAsB,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE;aACzD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAK/B,CAAC;QAEF,MAAM,OAAO,GAAY;YACvB,GAAG,EAAE,UAAU;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,aAAa;YACxB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACzC,CAAC;QAEF,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACpC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,qCAAqC;QACrC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,6BAA6B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,mCAAmC;SACxH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,+DAA+D;AAE/D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,MAAuB;IAEvB,yEAAyE;IACzE,6EAA6E;IAC7E,yEAAyE;IACzE,qBAAqB;IACrB,MAAM,OAAO,GAAG,yBAAyB,CAAC,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;IACzE,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,kBAAkB;IAClB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,IAAI;YACb,cAAc,EAAE,CAAC;YACjB,IAAI,EAAE,MAAM;YACZ,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,EAAE;YACf,OAAO,EAAE,6DAA6D;SACvE,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,MAAM,gBAAgB,GAAG,iBAAiB,EAAE,CAAC;IAC7C,IAAI,OAAO,CAAC,UAAU,KAAK,gBAAgB,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,CAAC;YACjB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW,EAAE,EAAE;YACf,OAAO,EAAE,uFAAuF;SACjG,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAErF,mCAAmC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,OAAO,mBAAmB,EAAE;gBACrE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;iBAC7B,CAAC;aACH,EAAE,cAAc,CAAC,CAAC;YAEnB,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;gBAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,cAAc,GAAY;wBAC9B,GAAG,OAAO;wBACV,GAAG,EAAE,IAAI,CAAC,GAAG;wBACb,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;qBACzC,CAAC;oBACF,YAAY,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;oBAEtC,MAAM,YAAY,GAAG,WAAW,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;oBAC7D,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,OAAO,EAAE,KAAK;wBACd,cAAc,EAAE,YAAY,CAAC,aAAa;wBAC1C,IAAI,EAAE,cAAc,CAAC,IAAI;wBACzB,GAAG,EAAE,cAAc,CAAC,GAAG;wBACvB,WAAW;wBACX,OAAO,EAAE,IAAI,CAAC,OAAO;qBACtB,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,KAAK;oBACd,cAAc,EAAE,aAAa;oBAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,WAAW;oBACX,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wEAAwE;QAC1E,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,aAAa;YAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW;YACX,OAAO,EAAE,aAAa,IAAI,CAAC;gBACzB,CAAC,CAAC,sBAAsB,aAAa,gCAAgC;gBACrE,CAAC,CAAC,eAAe,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,IAAI,IAAI;SACpD,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACrD,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,SAAS,CAAC,aAAa;YACvC,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,WAAW;YACX,OAAO,EAAE,kCAAkC,SAAS,CAAC,WAAW,GAAG;SACpE,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,aAAa;QAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,WAAW;QACX,OAAO,EAAE,sBAAsB,OAAO,CAAC,WAAW,2DAA2D;KAC9G,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D;;;GAGG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe,EAAE,OAAgB;IAC7D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,OAAO,kBAAkB,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,EAAE,cAAc,CAAC,CAAC;QAEnB,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAI/B,CAAC;QAEF,MAAM,OAAO,GAAY;YACvB,GAAG,OAAO;YACV,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACzC,CAAC;QAEF,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,kCAAkC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAWD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAuB,EAAE,IAAiB;IAC1E,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,gBAAgB;IAChB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,GAAG,MAAM,CAAC,YAAY,EAAE;YAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;YACnC,aAAa,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY;SACvD,CAAC,CAAC;IACL,CAAC;IAED,cAAc;IACd,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACnF,IAAI,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE;gBAC7B,MAAM,EAAE,GAAG,aAAa,EAAE;gBAC1B,aAAa,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,+DAA+D;AAE/D;;;GAGG;AACH,MAAM,UAAU,SAAS;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC;AACzC,CAAC"}
+{"version":3,"file":"license-manager.js","sourceRoot":"","sources":["../../src/licensing/license-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAML,WAAW,EACX,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE9D,+DAA+D;AAE/D;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,IAAI,EAAE,KAAK;QAAE,OAAO,IAAI,CAAC;IAC9B,OAAO;QACL,GAAG,EAAE,IAAI,CAAC,KAAK;QACf,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE;QACnB,IAAI,EAAG,IAAI,CAAC,IAAoB,IAAI,MAAM;QAC1C,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,iBAAiB,EAAE;QAC/B,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC,IAAI,SAAS;QAC1D,YAAY,EAAE,EAAE;QAChB,cAAc,EAAE,EAAE;KACnB,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,OAAU;IAEV,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAiB;IAC9D,mEAAmE;AACrE,CAAC;AAED,+DAA+D;AAE/D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,OAAwB;IAExB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,IAAI;YACb,cAAc,EAAE,CAAC;YACjB,IAAI,EAAE,MAAM;YACZ,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,EAAE;YACf,OAAO,EAAE,+DAA+D;SACzE,CAAC;IACJ,CAAC;IACD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,KAAK;QACd,cAAc,EAAE,GAAG;QACnB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,WAAW,EAAE,mBAAmB,CAC9B,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,SAAS,CAClB;QACD,OAAO,EAAE,gBAAgB,OAAO,CAAC,GAAG,IAAI,UAAU,KAAK,OAAO,CAAC,IAAI,IAAI;KACxE,CAAC;AACJ,CAAC;AAED,+DAA+D;AAE/D;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,OAAgB;IAEhB,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpF,OAAO;QACL,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,MAAM,EAAE,OAAO,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACnD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,IAAI;KAClB,CAAC;AACJ,CAAC;AAWD;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAuB,EACvB,IAAiB;IAEjB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,GAAG,MAAM,CAAC,YAAY,EAAE;YAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;YACnC,aAAa,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY;SACvD,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CACvD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC,MAAM,CAAC;QACT,IAAI,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE;gBAC7B,MAAM,EAAE,GAAG,aAAa,EAAE;gBAC1B,aAAa,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,+DAA+D;AAE/D,8EAA8E;AAC9E,MAAM,UAAU,SAAS;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC;AACzC,CAAC"}

package/dist/licensing/template-fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"template-fetch.d.ts","sourceRoot":"","sources":["../../src/licensing/template-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAM7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAIhE,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,sDAAsD;IACtD,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC5B;AAMD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,kBAAkB,GAAE,iBAAiB,EAAO,EAC5C,SAAS,GAAE,cAAc,EAAO,GAC/B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAyChC"}
+{"version":3,"file":"template-fetch.d.ts","sourceRoot":"","sources":["../../src/licensing/template-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAO7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAIhE,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,sDAAsD;IACtD,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC5B;AAMD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,kBAAkB,GAAE,iBAAiB,EAAO,EAC5C,SAAS,GAAE,cAAc,EAAO,GAC/B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CA4ChC"}

package/dist/licensing/template-fetch.js

@@ -14,6 +14,7 @@ import { resolveApiBase } from '../config/api-config.js';
 import { fetchWithTimeout } from '../utils/fetch.js';
 import { decryptBundle as decryptBundleRaw } from './installer.js';
 import { DOWNLOAD_TIMEOUT_MS } from '../constants.js';
+import { reportIfPaymentRequired } from '../utils/handle-402.js';
 import { resolveWorkspaceName } from './workspace-name.js';
 // EncryptedBundle is imported from installer.ts
 // ─── Public API ─────────────────────────────────────────────
@@ -42,6 +43,9 @@ export async function fetchRemoteTemplates(rootDir, license, agentName, agentVer
             }),
         }, DOWNLOAD_TIMEOUT_MS);
         if (!response.ok) {
+            // Surface a plan gate (402) as an upgrade prompt instead of silently using local
+            // fallback; any other error falls through to the local-template path.
+            await reportIfPaymentRequired(response);
             return null;
         }
         const encrypted = await response.json();

package/dist/licensing/template-fetch.js.map

@@ -1 +1 @@
-{"version":3,"file":"template-fetch.js","sourceRoot":"","sources":["../../src/licensing/template-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAwB,MAAM,gBAAgB,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAgB3D,gDAAgD;AAEhD,+DAA+D;AAE/D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAe,EACf,OAAgB,EAChB,SAAiB,EACjB,YAAoB,EACpB,qBAA0C,EAAE,EAC5C,YAA8B,EAAE;IAEhC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,GAAG,OAAO,cAAc,SAAS,IAAI,YAAY,EAAE,EACnD;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,OAAO,CAAC,GAAG,EAAE;aACzC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;gBACjD,mBAAmB,EAAE,kBAAkB;gBACvC,wEAAwE;gBACxE,+DAA+D;gBAC/D,SAAS;aACV,CAAC;SACH,EACD,mBAAmB,CACpB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAqB,CAAC;QAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAA2B,CAAC;QAEjG,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,YAAY;YACrB,SAAS;YACT,MAAM,EAAE,QAAQ;SACjB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+DAA+D;AAE/D,8CAA8C;AAE9C,+DAA+D;AAE/D,0DAA0D"}
+{"version":3,"file":"template-fetch.js","sourceRoot":"","sources":["../../src/licensing/template-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAwB,MAAM,gBAAgB,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAgB3D,gDAAgD;AAEhD,+DAA+D;AAE/D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAe,EACf,OAAgB,EAChB,SAAiB,EACjB,YAAoB,EACpB,qBAA0C,EAAE,EAC5C,YAA8B,EAAE;IAEhC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,GAAG,OAAO,cAAc,SAAS,IAAI,YAAY,EAAE,EACnD;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,OAAO,CAAC,GAAG,EAAE;aACzC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;gBACjD,mBAAmB,EAAE,kBAAkB;gBACvC,wEAAwE;gBACxE,+DAA+D;gBAC/D,SAAS;aACV,CAAC;SACH,EACD,mBAAmB,CACpB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,iFAAiF;YACjF,sEAAsE;YACtE,MAAM,uBAAuB,CAAC,QAAQ,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAqB,CAAC;QAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAA2B,CAAC;QAEjG,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,YAAY;YACrB,SAAS;YACT,MAAM,EAAE,QAAQ;SACjB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+DAA+D;AAE/D,8CAA8C;AAE9C,+DAA+D;AAE/D,0DAA0D"}

package/dist/mcp/config-generator.d.ts

@@ -4,12 +4,12 @@
  * `learning_search` / `learning_store` for governed team recall.
  *
  * Claude Code's remote HTTP MCP form is `{ type: "http", url, headers }`, and it
- * expands `${VAR}` in the config — so we embed the license key as an env
- * placeholder (`${NEPOPSX_LICENSE_KEY}`) rather than the raw secret, keeping the
- * committed `.mcp.json` shareable across the team without leaking the key.
+ * expands `${VAR}` in the config — so we embed the device token as an env
+ * placeholder (`${NEPOPSX_DEVICE_TOKEN}`) rather than the raw secret, keeping the
+ * committed `.mcp.json` shareable across the team without leaking the token.
  */
 export declare const MEMORY_SERVER_NAME = "nepopsx-memory";
-export declare const LICENSE_ENV_VAR = "NEPOPSX_LICENSE_KEY";
+export declare const LICENSE_ENV_VAR = "NEPOPSX_DEVICE_TOKEN";
 export interface McpHttpServer {
     type: 'http';
     url: string;
@@ -23,9 +23,9 @@ export interface McpSetupOptions {
     rootDir: string;
     /** Backend API base, including `/v1` (e.g. http://localhost:3100/v1). */
     apiUrl: string;
-    /** Raw license key — only embedded when `inlineKey` is true (dev convenience). */
+    /** Raw device token — only embedded when `inlineKey` is true (dev convenience). */
     licenseKey?: string;
-    /** Embed the raw key instead of the `${NEPOPSX_LICENSE_KEY}` placeholder. */
+    /** Embed the raw token instead of the `${NEPOPSX_DEVICE_TOKEN}` placeholder. */
     inlineKey?: boolean;
 }
 /** Build the `nepopsx-memory` HTTP server entry for `.mcp.json`. */

package/dist/mcp/config-generator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config-generator.d.ts","sourceRoot":"","sources":["../../src/mcp/config-generator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AAEH,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,eAAe,wBAAwB,CAAC;AAErD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,EAAE,MAAM,CAAC;IACf,kFAAkF;IAClF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,oEAAoE;AACpE,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAAO,GACtD,aAAa,CAWf;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,eAAe,GAAG,MAAM,EAAE,CA4BpE"}
+{"version":3,"file":"config-generator.d.ts","sourceRoot":"","sources":["../../src/mcp/config-generator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AAEH,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,eAAe,yBAAyB,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,oEAAoE;AACpE,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAAO,GACtD,aAAa,CAWf;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,eAAe,GAAG,MAAM,EAAE,CA4BpE"}

package/dist/mcp/config-generator.js

@@ -6,12 +6,12 @@ import { join } from 'node:path';
  * `learning_search` / `learning_store` for governed team recall.
  *
  * Claude Code's remote HTTP MCP form is `{ type: "http", url, headers }`, and it
- * expands `${VAR}` in the config — so we embed the license key as an env
- * placeholder (`${NEPOPSX_LICENSE_KEY}`) rather than the raw secret, keeping the
- * committed `.mcp.json` shareable across the team without leaking the key.
+ * expands `${VAR}` in the config — so we embed the device token as an env
+ * placeholder (`${NEPOPSX_DEVICE_TOKEN}`) rather than the raw secret, keeping the
+ * committed `.mcp.json` shareable across the team without leaking the token.
  */
 export const MEMORY_SERVER_NAME = 'nepopsx-memory';
-export const LICENSE_ENV_VAR = 'NEPOPSX_LICENSE_KEY';
+export const LICENSE_ENV_VAR = 'NEPOPSX_DEVICE_TOKEN';
 /** Build the `nepopsx-memory` HTTP server entry for `.mcp.json`. */
 export function buildMemoryServerEntry(apiUrl, opts = {}) {
     const base = apiUrl.replace(/\/+$/, '');

package/dist/mcp/config-generator.js.map

@@ -1 +1 @@
-{"version":3,"file":"config-generator.js","sourceRoot":"","sources":["../../src/mcp/config-generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;;;;;;GASG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;AACnD,MAAM,CAAC,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAuBrD,oEAAoE;AACpE,MAAM,UAAU,sBAAsB,CACpC,MAAc,EACd,OAAqD,EAAE;IAEvD,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,KAAK,GACT,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,UAAU;QAC/B,CAAC,CAAC,IAAI,CAAC,UAAU;QACjB,CAAC,CAAC,IAAI,GAAG,eAAe,GAAG,GAAG,CAAC;IACnC,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,GAAG,IAAI,MAAM;QAClB,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;KAC9C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAwB;IACxD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEtD,IAAI,QAAQ,GAAkB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IACjD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAY,CAAC;YACrE,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnC,MAAM,GAAG,GAAG,GAA8B,CAAC;gBAC3C,MAAM,OAAO,GACX,GAAG,CAAC,UAAU,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;oBAClD,CAAC,CAAE,GAAG,CAAC,UAA4C;oBACnD,CAAC,CAAC,EAAE,CAAC;gBACT,QAAQ,GAAG,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;YACnE,QAAQ,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAChC,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,GAAG,sBAAsB,CAC9D,OAAO,CAAC,MAAM,EACd,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CACjE,CAAC;IAEF,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7E,OAAO,CAAC,WAAW,CAAC,CAAC;AACvB,CAAC"}
+{"version":3,"file":"config-generator.js","sourceRoot":"","sources":["../../src/mcp/config-generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;;;;;;GASG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;AACnD,MAAM,CAAC,MAAM,eAAe,GAAG,sBAAsB,CAAC;AAuBtD,oEAAoE;AACpE,MAAM,UAAU,sBAAsB,CACpC,MAAc,EACd,OAAqD,EAAE;IAEvD,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,KAAK,GACT,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,UAAU;QAC/B,CAAC,CAAC,IAAI,CAAC,UAAU;QACjB,CAAC,CAAC,IAAI,GAAG,eAAe,GAAG,GAAG,CAAC;IACnC,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,GAAG,IAAI,MAAM;QAClB,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;KAC9C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAwB;IACxD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEtD,IAAI,QAAQ,GAAkB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IACjD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAY,CAAC;YACrE,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnC,MAAM,GAAG,GAAG,GAA8B,CAAC;gBAC3C,MAAM,OAAO,GACX,GAAG,CAAC,UAAU,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;oBAClD,CAAC,CAAE,GAAG,CAAC,UAA4C;oBACnD,CAAC,CAAC,EAAE,CAAC;gBACT,QAAQ,GAAG,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;YACnE,QAAQ,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAChC,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,GAAG,sBAAsB,CAC9D,OAAO,CAAC,MAAM,EACd,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CACjE,CAAC;IAEF,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7E,OAAO,CAAC,WAAW,CAAC,CAAC;AACvB,CAAC"}

package/dist/utils/disk-cache.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Minimal TTL JSON disk cache under `.nepopsx/cache/`.
+ *
+ * Used for read-only, advisory data the CLI displays (the plan manifest and the org's
+ * resolved entitlement). Every read self-expires; every write is best-effort. Nothing
+ * here is an enforcement authority — a miss simply means "ask the server / fall back".
+ */
+/** Read a cached value, or `null` if absent, unreadable, malformed, or expired. */
+export declare function readDiskCache<T>(rootDir: string, file: string): T | null;
+/** Write a value with a TTL. Best-effort: a write failure is swallowed (cache is optional). */
+export declare function writeDiskCache<T>(rootDir: string, file: string, value: T, ttlMs: number): void;
+/** Delete a cache entry (used to bust on org/key change). */
+export declare function clearDiskCache(rootDir: string, file: string): void;
+//# sourceMappingURL=disk-cache.d.ts.map

package/dist/utils/disk-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"disk-cache.d.ts","sourceRoot":"","sources":["../../src/utils/disk-cache.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAiBH,mFAAmF;AACnF,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC,GAAG,IAAI,CAWxE;AAED,+FAA+F;AAC/F,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAS9F;AAED,6DAA6D;AAC7D,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAMlE"}

package/dist/utils/disk-cache.js

@@ -0,0 +1,53 @@
+/**
+ * Minimal TTL JSON disk cache under `.nepopsx/cache/`.
+ *
+ * Used for read-only, advisory data the CLI displays (the plan manifest and the org's
+ * resolved entitlement). Every read self-expires; every write is best-effort. Nothing
+ * here is an enforcement authority — a miss simply means "ask the server / fall back".
+ */
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+const CACHE_SUBDIR = join('.nepopsx', 'cache');
+function cachePath(rootDir, file) {
+    return join(rootDir, CACHE_SUBDIR, file);
+}
+/** Read a cached value, or `null` if absent, unreadable, malformed, or expired. */
+export function readDiskCache(rootDir, file) {
+    try {
+        const path = cachePath(rootDir, file);
+        if (!existsSync(path))
+            return null;
+        const env = JSON.parse(readFileSync(path, 'utf-8'));
+        if (typeof env?.savedAt !== 'number' || typeof env?.ttlMs !== 'number')
+            return null;
+        if (Date.now() - env.savedAt > env.ttlMs)
+            return null;
+        return env.value;
+    }
+    catch {
+        return null;
+    }
+}
+/** Write a value with a TTL. Best-effort: a write failure is swallowed (cache is optional). */
+export function writeDiskCache(rootDir, file, value, ttlMs) {
+    try {
+        const dir = join(rootDir, CACHE_SUBDIR);
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        const env = { savedAt: Date.now(), ttlMs, value };
+        writeFileSync(cachePath(rootDir, file), JSON.stringify(env), 'utf-8');
+    }
+    catch {
+        // best-effort cache; ignore
+    }
+}
+/** Delete a cache entry (used to bust on org/key change). */
+export function clearDiskCache(rootDir, file) {
+    try {
+        rmSync(cachePath(rootDir, file), { force: true });
+    }
+    catch {
+        // ignore
+    }
+}
+//# sourceMappingURL=disk-cache.js.map

package/dist/utils/disk-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"disk-cache.js","sourceRoot":"","sources":["../../src/utils/disk-cache.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAQ/C,SAAS,SAAS,CAAC,OAAe,EAAE,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,aAAa,CAAI,OAAe,EAAE,IAAY;IAC5D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAqB,CAAC;QACxE,IAAI,OAAO,GAAG,EAAE,OAAO,KAAK,QAAQ,IAAI,OAAO,GAAG,EAAE,KAAK,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACpF,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO,GAAG,CAAC,KAAK,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+FAA+F;AAC/F,MAAM,UAAU,cAAc,CAAI,OAAe,EAAE,IAAY,EAAE,KAAQ,EAAE,KAAa;IACtF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAqB,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QACpE,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,4BAA4B;IAC9B,CAAC;AACH,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,IAAY;IAC1D,IAAI,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC"}

package/dist/utils/fetch-plan-manifest.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Fetch + cache the plan manifest from the public, read-only `GET /v1/plans` endpoint.
+ *
+ * The manifest is the backend's source of truth for plan limits/features (ADR 0002). The
+ * CLI consumes it for DISPLAY only. When the endpoint is unreachable or the backend predates
+ * it (404), we synthesize a manifest from core's `TIER_LIMITS` so the CLI never hard-fails —
+ * this keeps Phase 1 a no-op against the current backend (rollout step 1).
+ */
+import { type PlanManifest } from '@nepopsx/core';
+/** A manifest derived from core `TIER_LIMITS` — used when the API is unreachable/old. */
+export declare function fallbackManifest(): PlanManifest;
+export interface FetchManifestOptions {
+    /** Bypass the disk cache and hit the API. */
+    force?: boolean;
+}
+/**
+ * Return the plan manifest: cache → API → `TIER_LIMITS` fallback. Never throws.
+ */
+export declare function fetchPlanManifest(rootDir: string, opts?: FetchManifestOptions): Promise<PlanManifest>;
+//# sourceMappingURL=fetch-plan-manifest.d.ts.map

package/dist/utils/fetch-plan-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch-plan-manifest.d.ts","sourceRoot":"","sources":["../../src/utils/fetch-plan-manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,KAAK,YAAY,EAOlB,MAAM,eAAe,CAAC;AAqDvB,yFAAyF;AACzF,wBAAgB,gBAAgB,IAAI,YAAY,CAQ/C;AAED,MAAM,WAAW,oBAAoB;IACnC,6CAA6C;IAC7C,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,oBAAyB,GAC9B,OAAO,CAAC,YAAY,CAAC,CAyBvB"}