@openape/apes 0.16.0 → 0.18.0

package/dist/{auth-lock-NYI376IM.js → auth-lock-GPLHRXOM.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   CONFIG_DIR
-} from "./chunk-6GPSKAMU.js";
+} from "./chunk-IDPV5SNB.js";
 
 // src/auth-lock.ts
 import { open, rm, stat } from "fs/promises";
@@ -38,4 +38,4 @@ export {
   acquireAuthLock,
   releaseAuthLock
 };
-//# sourceMappingURL=auth-lock-NYI376IM.js.map
+//# sourceMappingURL=auth-lock-GPLHRXOM.js.map

package/dist/chunk-7NUT2PFT.js

@@ -0,0 +1,220 @@
+#!/usr/bin/env node
+import {
+  getAuthToken,
+  getIdpUrl,
+  loadAuth,
+  loadConfig,
+  saveAuth
+} from "./chunk-IDPV5SNB.js";
+
+// src/http.ts
+import consola from "consola";
+var debug = process.argv.includes("--debug");
+var ApiError = class extends Error {
+  constructor(statusCode, message, problemDetails) {
+    super(message);
+    this.statusCode = statusCode;
+    this.problemDetails = problemDetails;
+    this.name = "ApiError";
+  }
+};
+var _discoveryCache = {};
+async function discoverEndpoints(idpUrl) {
+  if (_discoveryCache[idpUrl]) {
+    return _discoveryCache[idpUrl];
+  }
+  try {
+    const response = await fetch(`${idpUrl}/.well-known/openid-configuration`);
+    if (response.ok) {
+      const data = await response.json();
+      _discoveryCache[idpUrl] = data;
+      return data;
+    }
+  } catch {
+  }
+  _discoveryCache[idpUrl] = {};
+  return {};
+}
+async function getGrantsEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.openape_grants_endpoint || `${idpUrl}/api/grants`;
+}
+async function getAgentChallengeEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.ddisa_agent_challenge_endpoint || `${idpUrl}/api/agent/challenge`;
+}
+async function getAgentAuthenticateEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.ddisa_agent_authenticate_endpoint || `${idpUrl}/api/agent/authenticate`;
+}
+async function getDelegationsEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.openape_delegations_endpoint || `${idpUrl}/api/delegations`;
+}
+async function refreshAgentToken() {
+  const auth = loadAuth();
+  if (!auth)
+    return null;
+  const config = loadConfig();
+  const keyPath = config.agent?.key;
+  if (!keyPath)
+    return null;
+  try {
+    const { readFileSync } = await import("fs");
+    const { sign } = await import("crypto");
+    const { homedir } = await import("os");
+    const { loadEd25519PrivateKey } = await import("./ssh-key-YBNNG5K5.js");
+    const resolved = keyPath.replace(/^~/, homedir());
+    const keyContent = readFileSync(resolved, "utf-8");
+    const privateKey = loadEd25519PrivateKey(keyContent);
+    const challengeUrl = await getAgentChallengeEndpoint(auth.idp);
+    const challengeResp = await fetch(challengeUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ agent_id: auth.email })
+    });
+    if (!challengeResp.ok)
+      return null;
+    const { challenge } = await challengeResp.json();
+    const { Buffer } = await import("buffer");
+    const signature = sign(null, Buffer.from(challenge), privateKey).toString("base64");
+    const authenticateUrl = await getAgentAuthenticateEndpoint(auth.idp);
+    const authResp = await fetch(authenticateUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ agent_id: auth.email, challenge, signature })
+    });
+    if (!authResp.ok)
+      return null;
+    const { token, expires_in } = await authResp.json();
+    saveAuth({
+      ...auth,
+      access_token: token,
+      expires_at: Math.floor(Date.now() / 1e3) + (expires_in || 3600)
+    });
+    if (debug) {
+      consola.debug("Token refreshed via Ed25519 challenge-response");
+    }
+    return token;
+  } catch {
+    return null;
+  }
+}
+async function refreshOAuthToken() {
+  const auth = loadAuth();
+  if (!auth?.refresh_token)
+    return null;
+  const { acquireAuthLock, releaseAuthLock } = await import("./auth-lock-GPLHRXOM.js");
+  const lock = await acquireAuthLock({ timeoutMs: 5e3 });
+  if (!lock) {
+    return getAuthToken();
+  }
+  try {
+    const latest = loadAuth();
+    if (latest?.expires_at && Date.now() / 1e3 < latest.expires_at - 30)
+      return latest.access_token;
+    const activeRefreshToken = latest?.refresh_token ?? auth.refresh_token;
+    if (!activeRefreshToken)
+      return null;
+    const disco = await discoverEndpoints(auth.idp);
+    const tokenEndpoint = disco.token_endpoint || `${auth.idp}/token`;
+    const body = new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: activeRefreshToken
+    });
+    const resp = await fetch(tokenEndpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!resp.ok) {
+      if (resp.status === 400 || resp.status === 401) {
+        const base2 = latest ?? auth;
+        saveAuth({ ...base2, refresh_token: void 0 });
+      }
+      return null;
+    }
+    const tokens = await resp.json();
+    const base = latest ?? auth;
+    saveAuth({
+      ...base,
+      access_token: tokens.access_token,
+      refresh_token: tokens.refresh_token ?? base.refresh_token,
+      expires_at: Math.floor(Date.now() / 1e3) + (tokens.expires_in || 300)
+    });
+    if (debug)
+      consola.debug("Token refreshed via OAuth refresh_token");
+    return tokens.access_token;
+  } finally {
+    await releaseAuthLock(lock);
+  }
+}
+async function ensureFreshToken() {
+  const cached = getAuthToken();
+  if (cached) return cached;
+  const agentToken = await refreshAgentToken();
+  if (agentToken) return agentToken;
+  const oauthToken = await refreshOAuthToken();
+  return oauthToken ?? null;
+}
+async function apiFetch(path, options = {}) {
+  const token = options.token ?? await ensureFreshToken();
+  if (!token) {
+    throw new Error("Not authenticated (token expired). Run `apes login` first.");
+  }
+  let url;
+  if (path.startsWith("http")) {
+    url = path;
+  } else {
+    const idp = options.idp || getIdpUrl();
+    if (!idp) {
+      throw new Error("No IdP URL configured. Run `apes login` first or pass --idp.");
+    }
+    url = `${idp}${path}`;
+  }
+  const method = options.method || "GET";
+  const headers = {
+    "Authorization": `Bearer ${token}`,
+    "Content-Type": "application/json"
+  };
+  if (debug) {
+    consola.debug(`${method} ${url}`);
+    consola.debug(`Token: ${token.substring(0, 20)}...${token.substring(token.length - 10)}`);
+  }
+  const response = await fetch(url, {
+    method,
+    headers,
+    body: options.body ? JSON.stringify(options.body) : void 0
+  });
+  if (debug) {
+    consola.debug(`Response: ${response.status} ${response.statusText}`);
+  }
+  if (!response.ok) {
+    const contentType = response.headers.get("content-type") || "";
+    if (contentType.includes("application/problem+json") || contentType.includes("application/json")) {
+      try {
+        const problem = await response.json();
+        const message = problem.detail || problem.title || problem.statusMessage || problem.message || `${response.status} ${response.statusText}`;
+        throw new ApiError(response.status, message, problem);
+      } catch (e) {
+        if (e instanceof ApiError)
+          throw e;
+      }
+    }
+    const text = await response.text();
+    throw new ApiError(response.status, text || `${response.status} ${response.statusText}`);
+  }
+  return response.json();
+}
+
+export {
+  ApiError,
+  discoverEndpoints,
+  getGrantsEndpoint,
+  getAgentChallengeEndpoint,
+  getAgentAuthenticateEndpoint,
+  getDelegationsEndpoint,
+  ensureFreshToken,
+  apiFetch
+};
+//# sourceMappingURL=chunk-7NUT2PFT.js.map

package/dist/chunk-7NUT2PFT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/http.ts"],"sourcesContent":["import consola from 'consola'\nimport { getAuthToken, getIdpUrl, loadAuth, loadConfig, saveAuth } from './config'\n\nconst debug = process.argv.includes('--debug')\n\nexport class ApiError extends Error {\n  constructor(public statusCode: number, message: string, public problemDetails?: Record<string, unknown>) {\n    super(message)\n    this.name = 'ApiError'\n  }\n}\n\n// OIDC Discovery cache (one-time per CLI invocation)\nconst _discoveryCache: Record<string, Record<string, unknown>> = {}\n\nexport async function discoverEndpoints(idpUrl: string): Promise<Record<string, unknown>> {\n  if (_discoveryCache[idpUrl]) {\n    return _discoveryCache[idpUrl]\n  }\n\n  try {\n    const response = await fetch(`${idpUrl}/.well-known/openid-configuration`)\n    if (response.ok) {\n      const data = await response.json() as Record<string, unknown>\n      _discoveryCache[idpUrl] = data\n      return data\n    }\n  }\n  catch {}\n\n  // Return empty if discovery fails (graceful degradation)\n  _discoveryCache[idpUrl] = {}\n  return {}\n}\n\nexport async function getGrantsEndpoint(idpUrl: string): Promise<string> {\n  const disco = await discoverEndpoints(idpUrl)\n  return (disco.openape_grants_endpoint as string) || `${idpUrl}/api/grants`\n}\n\nexport async function getAgentChallengeEndpoint(idpUrl: string): Promise<string> {\n  const disco = await discoverEndpoints(idpUrl)\n  return (disco.ddisa_agent_challenge_endpoint as string) || `${idpUrl}/api/agent/challenge`\n}\n\nexport async function getAgentAuthenticateEndpoint(idpUrl: string): Promise<string> {\n  const disco = await discoverEndpoints(idpUrl)\n  return (disco.ddisa_agent_authenticate_endpoint as string) || `${idpUrl}/api/agent/authenticate`\n}\n\nexport async function getDelegationsEndpoint(idpUrl: string): Promise<string> {\n  const disco = await discoverEndpoints(idpUrl)\n  return (disco.openape_delegations_endpoint as string) || `${idpUrl}/api/delegations`\n}\n\n/**\n * Re-authenticate an agent using Ed25519 challenge-response.\n * Called automatically when the token is expired.\n */\nasync function refreshAgentToken(): Promise<string | null> {\n  const auth = loadAuth()\n  if (!auth)\n    return null\n\n  const config = loadConfig()\n  const keyPath = config.agent?.key\n  if (!keyPath)\n    return null\n\n  try {\n    const { readFileSync } = await import('node:fs')\n    const { sign } = await import('node:crypto')\n    const { homedir } = await import('node:os')\n    const { loadEd25519PrivateKey } = await import('./ssh-key.js')\n\n    const resolved = keyPath.replace(/^~/, homedir())\n    const keyContent = readFileSync(resolved, 'utf-8')\n    const privateKey = loadEd25519PrivateKey(keyContent)\n\n    const challengeUrl = await getAgentChallengeEndpoint(auth.idp)\n    const challengeResp = await fetch(challengeUrl, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({ agent_id: auth.email }),\n    })\n\n    if (!challengeResp.ok)\n      return null\n\n    const { challenge } = await challengeResp.json() as { challenge: string }\n    const { Buffer } = await import('node:buffer')\n    const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n    const authenticateUrl = await getAgentAuthenticateEndpoint(auth.idp)\n    const authResp = await fetch(authenticateUrl, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({ agent_id: auth.email, challenge, signature }),\n    })\n\n    if (!authResp.ok)\n      return null\n\n    const { token, expires_in } = await authResp.json() as { token: string, expires_in: number }\n\n    saveAuth({\n      ...auth,\n      access_token: token,\n      expires_at: Math.floor(Date.now() / 1000) + (expires_in || 3600),\n    })\n\n    if (debug) {\n      consola.debug('Token refreshed via Ed25519 challenge-response')\n    }\n\n    return token\n  }\n  catch {\n    return null\n  }\n}\n\n/**\n * Refresh an OAuth2 access token using a stored refresh_token. Used for\n * PKCE/browser login sessions where no Ed25519 agent key is configured.\n *\n * Serialized via a file lock so concurrent apes/ape-shell invocations don't\n * both consume the same rotating refresh token (which would revoke the\n * entire family server-side).\n */\nasync function refreshOAuthToken(): Promise<string | null> {\n  const auth = loadAuth()\n  if (!auth?.refresh_token)\n    return null\n\n  const { acquireAuthLock, releaseAuthLock } = await import('./auth-lock.js')\n  const lock = await acquireAuthLock({ timeoutMs: 5000 })\n  if (!lock) {\n    // Another process is refreshing. It should have updated auth.json by now;\n    // re-read and return whatever fresh token is there (may still be null).\n    return getAuthToken()\n  }\n\n  try {\n    // Re-read auth.json inside the lock — another holder may already have\n    // refreshed while we were waiting, in which case we reuse the new token.\n    const latest = loadAuth()\n    if (latest?.expires_at && Date.now() / 1000 < latest.expires_at - 30)\n      return latest.access_token\n\n    const activeRefreshToken = latest?.refresh_token ?? auth.refresh_token\n    if (!activeRefreshToken)\n      return null\n\n    const disco = await discoverEndpoints(auth.idp)\n    const tokenEndpoint = (disco.token_endpoint as string) || `${auth.idp}/token`\n\n    const body = new URLSearchParams({\n      grant_type: 'refresh_token',\n      refresh_token: activeRefreshToken,\n    })\n\n    const resp = await fetch(tokenEndpoint, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n      body: body.toString(),\n    })\n\n    if (!resp.ok) {\n      // Family may have been revoked server-side — clear refresh_token to\n      // prevent an infinite retry loop on every subsequent apes invocation.\n      if (resp.status === 400 || resp.status === 401) {\n        const base = latest ?? auth\n        saveAuth({ ...base, refresh_token: undefined })\n      }\n      return null\n    }\n\n    const tokens = await resp.json() as {\n      access_token: string\n      refresh_token?: string\n      expires_in?: number\n    }\n\n    const base = latest ?? auth\n    saveAuth({\n      ...base,\n      access_token: tokens.access_token,\n      refresh_token: tokens.refresh_token ?? base.refresh_token,\n      expires_at: Math.floor(Date.now() / 1000) + (tokens.expires_in || 300),\n    })\n\n    if (debug)\n      consola.debug('Token refreshed via OAuth refresh_token')\n\n    return tokens.access_token\n  }\n  finally {\n    await releaseAuthLock(lock)\n  }\n}\n\n/**\n * Refresh the local IdP token if it has expired. Used by every code path\n * that needs an access token — `apiFetch` for IdP-bound HTTP calls, plus\n * any pure-introspection command (`apes whoami`, `apes config get …`)\n * that previously only read local auth state and surfaced a stale\n * \"expired\" without attempting renewal.\n *\n * Returns the fresh access token on success, or null when no refresh\n * path is available (no agent key AND no refresh_token, or both refresh\n * attempts failed). Callers decide what to do with null — `apiFetch`\n * throws \"Not authenticated\", `whoami` falls back to the on-disk state.\n */\nexport async function ensureFreshToken(): Promise<string | null> {\n  const cached = getAuthToken()\n  if (cached) return cached\n\n  // Auto-refresh: priority (1) ed25519 agent key, (2) OAuth refresh_token.\n  // Agent-key first because it is concurrency-safe — every challenge is\n  // independent server-side, so parallel ape-shell spawns don't race.\n  const agentToken = await refreshAgentToken()\n  if (agentToken) return agentToken\n  const oauthToken = await refreshOAuthToken()\n  return oauthToken ?? null\n}\n\nexport async function apiFetch<T = unknown>(\n  path: string,\n  options: {\n    method?: string\n    body?: unknown\n    idp?: string\n    token?: string\n  } = {},\n): Promise<T> {\n  const token = options.token ?? await ensureFreshToken()\n\n  if (!token) {\n    throw new Error('Not authenticated (token expired). Run `apes login` first.')\n  }\n\n  let url: string\n  if (path.startsWith('http')) {\n    url = path\n  }\n  else {\n    const idp = options.idp || getIdpUrl()\n    if (!idp) {\n      throw new Error('No IdP URL configured. Run `apes login` first or pass --idp.')\n    }\n    url = `${idp}${path}`\n  }\n  const method = options.method || 'GET'\n  const headers: Record<string, string> = {\n    'Authorization': `Bearer ${token}`,\n    'Content-Type': 'application/json',\n  }\n\n  if (debug) {\n    consola.debug(`${method} ${url}`)\n    consola.debug(`Token: ${token.substring(0, 20)}...${token.substring(token.length - 10)}`)\n  }\n\n  const response = await fetch(url, {\n    method,\n    headers,\n    body: options.body ? JSON.stringify(options.body) : undefined,\n  })\n\n  if (debug) {\n    consola.debug(`Response: ${response.status} ${response.statusText}`)\n  }\n\n  if (!response.ok) {\n    const contentType = response.headers.get('content-type') || ''\n\n    // Parse RFC 7807 Problem Details\n    if (contentType.includes('application/problem+json') || contentType.includes('application/json')) {\n      try {\n        const problem = await response.json() as Record<string, unknown>\n        const message = (problem.detail as string) || (problem.title as string) || (problem.statusMessage as string) || (problem.message as string) || `${response.status} ${response.statusText}`\n        throw new ApiError(response.status, message, problem)\n      }\n      catch (e) {\n        if (e instanceof ApiError)\n          throw e\n      }\n    }\n\n    const text = await response.text()\n    throw new ApiError(response.status, text || `${response.status} ${response.statusText}`)\n  }\n\n  return response.json() as Promise<T>\n}\n"],"mappings":";;;;;;;;;;AAAA,OAAO,aAAa;AAGpB,IAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS;AAEtC,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YAAmB,YAAoB,SAAwB,gBAA0C;AACvG,UAAM,OAAO;AADI;AAA4C;AAE7D,SAAK,OAAO;AAAA,EACd;AACF;AAGA,IAAM,kBAA2D,CAAC;AAElE,eAAsB,kBAAkB,QAAkD;AACxF,MAAI,gBAAgB,MAAM,GAAG;AAC3B,WAAO,gBAAgB,MAAM;AAAA,EAC/B;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,mCAAmC;AACzE,QAAI,SAAS,IAAI;AACf,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,sBAAgB,MAAM,IAAI;AAC1B,aAAO;AAAA,IACT;AAAA,EACF,QACM;AAAA,EAAC;AAGP,kBAAgB,MAAM,IAAI,CAAC;AAC3B,SAAO,CAAC;AACV;AAEA,eAAsB,kBAAkB,QAAiC;AACvE,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,2BAAsC,GAAG,MAAM;AAC/D;AAEA,eAAsB,0BAA0B,QAAiC;AAC/E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,kCAA6C,GAAG,MAAM;AACtE;AAEA,eAAsB,6BAA6B,QAAiC;AAClF,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,qCAAgD,GAAG,MAAM;AACzE;AAEA,eAAsB,uBAAuB,QAAiC;AAC5E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,gCAA2C,GAAG,MAAM;AACpE;AAMA,eAAe,oBAA4C;AACzD,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC;AACH,WAAO;AAET,QAAM,SAAS,WAAW;AAC1B,QAAM,UAAU,OAAO,OAAO;AAC9B,MAAI,CAAC;AACH,WAAO;AAET,MAAI;AACF,UAAM,EAAE,aAAa,IAAI,MAAM,OAAO,IAAS;AAC/C,UAAM,EAAE,KAAK,IAAI,MAAM,OAAO,QAAa;AAC3C,UAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,IAAS;AAC1C,UAAM,EAAE,sBAAsB,IAAI,MAAM,OAAO,uBAAc;AAE7D,UAAM,WAAW,QAAQ,QAAQ,MAAM,QAAQ,CAAC;AAChD,UAAM,aAAa,aAAa,UAAU,OAAO;AACjD,UAAM,aAAa,sBAAsB,UAAU;AAEnD,UAAM,eAAe,MAAM,0BAA0B,KAAK,GAAG;AAC7D,UAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,MAC9C,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,KAAK,MAAM,CAAC;AAAA,IAC/C,CAAC;AAED,QAAI,CAAC,cAAc;AACjB,aAAO;AAET,UAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAC/C,UAAM,EAAE,OAAO,IAAI,MAAM,OAAO,QAAa;AAC7C,UAAM,YAAY,KAAK,MAAM,OAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAElF,UAAM,kBAAkB,MAAM,6BAA6B,KAAK,GAAG;AACnE,UAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,MAC5C,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,KAAK,OAAO,WAAW,UAAU,CAAC;AAAA,IACrE,CAAC;AAED,QAAI,CAAC,SAAS;AACZ,aAAO;AAET,UAAM,EAAE,OAAO,WAAW,IAAI,MAAM,SAAS,KAAK;AAElD,aAAS;AAAA,MACP,GAAG;AAAA,MACH,cAAc;AAAA,MACd,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,cAAc;AAAA,IAC7D,CAAC;AAED,QAAI,OAAO;AACT,cAAQ,MAAM,gDAAgD;AAAA,IAChE;AAEA,WAAO;AAAA,EACT,QACM;AACJ,WAAO;AAAA,EACT;AACF;AAUA,eAAe,oBAA4C;AACzD,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC,MAAM;AACT,WAAO;AAET,QAAM,EAAE,iBAAiB,gBAAgB,IAAI,MAAM,OAAO,yBAAgB;AAC1E,QAAM,OAAO,MAAM,gBAAgB,EAAE,WAAW,IAAK,CAAC;AACtD,MAAI,CAAC,MAAM;AAGT,WAAO,aAAa;AAAA,EACtB;AAEA,MAAI;AAGF,UAAM,SAAS,SAAS;AACxB,QAAI,QAAQ,cAAc,KAAK,IAAI,IAAI,MAAO,OAAO,aAAa;AAChE,aAAO,OAAO;AAEhB,UAAM,qBAAqB,QAAQ,iBAAiB,KAAK;AACzD,QAAI,CAAC;AACH,aAAO;AAET,UAAM,QAAQ,MAAM,kBAAkB,KAAK,GAAG;AAC9C,UAAM,gBAAiB,MAAM,kBAA6B,GAAG,KAAK,GAAG;AAErE,UAAM,OAAO,IAAI,gBAAgB;AAAA,MAC/B,YAAY;AAAA,MACZ,eAAe;AAAA,IACjB,CAAC;AAED,UAAM,OAAO,MAAM,MAAM,eAAe;AAAA,MACtC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,MAC/D,MAAM,KAAK,SAAS;AAAA,IACtB,CAAC;AAED,QAAI,CAAC,KAAK,IAAI;AAGZ,UAAI,KAAK,WAAW,OAAO,KAAK,WAAW,KAAK;AAC9C,cAAMA,QAAO,UAAU;AACvB,iBAAS,EAAE,GAAGA,OAAM,eAAe,OAAU,CAAC;AAAA,MAChD;AACA,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,MAAM,KAAK,KAAK;AAM/B,UAAM,OAAO,UAAU;AACvB,aAAS;AAAA,MACP,GAAG;AAAA,MACH,cAAc,OAAO;AAAA,MACrB,eAAe,OAAO,iBAAiB,KAAK;AAAA,MAC5C,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,IACpE,CAAC;AAED,QAAI;AACF,cAAQ,MAAM,yCAAyC;AAEzD,WAAO,OAAO;AAAA,EAChB,UACA;AACE,UAAM,gBAAgB,IAAI;AAAA,EAC5B;AACF;AAcA,eAAsB,mBAA2C;AAC/D,QAAM,SAAS,aAAa;AAC5B,MAAI,OAAQ,QAAO;AAKnB,QAAM,aAAa,MAAM,kBAAkB;AAC3C,MAAI,WAAY,QAAO;AACvB,QAAM,aAAa,MAAM,kBAAkB;AAC3C,SAAO,cAAc;AACvB;AAEA,eAAsB,SACpB,MACA,UAKI,CAAC,GACO;AACZ,QAAM,QAAQ,QAAQ,SAAS,MAAM,iBAAiB;AAEtD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,4DAA4D;AAAA,EAC9E;AAEA,MAAI;AACJ,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,UAAM;AAAA,EACR,OACK;AACH,UAAM,MAAM,QAAQ,OAAO,UAAU;AACrC,QAAI,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,8DAA8D;AAAA,IAChF;AACA,UAAM,GAAG,GAAG,GAAG,IAAI;AAAA,EACrB;AACA,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,UAAkC;AAAA,IACtC,iBAAiB,UAAU,KAAK;AAAA,IAChC,gBAAgB;AAAA,EAClB;AAEA,MAAI,OAAO;AACT,YAAQ,MAAM,GAAG,MAAM,IAAI,GAAG,EAAE;AAChC,YAAQ,MAAM,UAAU,MAAM,UAAU,GAAG,EAAE,CAAC,MAAM,MAAM,UAAU,MAAM,SAAS,EAAE,CAAC,EAAE;AAAA,EAC1F;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC;AAAA,IACA;AAAA,IACA,MAAM,QAAQ,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,EACtD,CAAC;AAED,MAAI,OAAO;AACT,YAAQ,MAAM,aAAa,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,EACrE;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc,KAAK;AAG5D,QAAI,YAAY,SAAS,0BAA0B,KAAK,YAAY,SAAS,kBAAkB,GAAG;AAChG,UAAI;AACF,cAAM,UAAU,MAAM,SAAS,KAAK;AACpC,cAAM,UAAW,QAAQ,UAAsB,QAAQ,SAAqB,QAAQ,iBAA6B,QAAQ,WAAsB,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU;AACxL,cAAM,IAAI,SAAS,SAAS,QAAQ,SAAS,OAAO;AAAA,MACtD,SACO,GAAG;AACR,YAAI,aAAa;AACf,gBAAM;AAAA,MACV;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,SAAS,SAAS,QAAQ,QAAQ,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,EACzF;AAEA,SAAO,SAAS,KAAK;AACvB;","names":["base"]}

package/dist/{chunk-OFIVF6NH.js → chunk-EDYICCBC.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   loadConfig
-} from "./chunk-6GPSKAMU.js";
+} from "./chunk-IDPV5SNB.js";
 
 // src/notifications.ts
 import { spawn } from "child_process";
@@ -77,4 +77,4 @@ export {
   isApesSelfDispatch,
   checkSudoRejection
 };
-//# sourceMappingURL=chunk-OFIVF6NH.js.map
+//# sourceMappingURL=chunk-EDYICCBC.js.map

package/dist/{chunk-6GPSKAMU.js → chunk-IDPV5SNB.js}

@@ -169,4 +169,4 @@ export {
   getAuthToken,
   getRequesterIdentity
 };
-//# sourceMappingURL=chunk-6GPSKAMU.js.map
+//# sourceMappingURL=chunk-IDPV5SNB.js.map