@openape/apes 0.6.1 → 0.7.1

package/dist/{chunk-G3Q2TMAI.js → chunk-B32ZQP5K.js}

@@ -1,116 +1,11 @@
 #!/usr/bin/env node
-
-// src/config.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
-import { homedir } from "os";
-import { join } from "path";
-var CONFIG_DIR = join(homedir(), ".config", "apes");
-var AUTH_FILE = join(CONFIG_DIR, "auth.json");
-var CONFIG_FILE = join(CONFIG_DIR, "config.toml");
-function ensureDir() {
-  if (!existsSync(CONFIG_DIR)) {
-    mkdirSync(CONFIG_DIR, { recursive: true });
-  }
-}
-function loadAuth() {
-  if (!existsSync(AUTH_FILE))
-    return null;
-  try {
-    return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
-  } catch {
-    return null;
-  }
-}
-function saveAuth(data) {
-  ensureDir();
-  writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 384 });
-}
-function clearAuth() {
-  if (existsSync(AUTH_FILE)) {
-    writeFileSync(AUTH_FILE, "", { mode: 384 });
-  }
-}
-function loadConfig() {
-  if (!existsSync(CONFIG_FILE))
-    return {};
-  try {
-    return parseTOML(readFileSync(CONFIG_FILE, "utf-8"));
-  } catch {
-    return {};
-  }
-}
-function parseTOML(content) {
-  const config = {};
-  let section = "";
-  for (const line of content.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith("#"))
-      continue;
-    const sectionMatch = trimmed.match(/^\[(.+)\]$/);
-    if (sectionMatch) {
-      section = sectionMatch[1];
-      continue;
-    }
-    const kvMatch = trimmed.match(/^(\w+)\s*=\s*"(.+)"$/);
-    if (kvMatch) {
-      const [, key, value] = kvMatch;
-      if (section === "defaults") {
-        config.defaults = config.defaults || {};
-        config.defaults[key] = value;
-      } else if (section === "agent") {
-        config.agent = config.agent || {};
-        config.agent[key] = value;
-      }
-    }
-  }
-  return config;
-}
-function saveConfig(config) {
-  ensureDir();
-  const lines = [];
-  if (config.defaults) {
-    lines.push("[defaults]");
-    for (const [key, value] of Object.entries(config.defaults)) {
-      if (value)
-        lines.push(`${key} = "${value}"`);
-    }
-    lines.push("");
-  }
-  if (config.agent) {
-    lines.push("[agent]");
-    for (const [key, value] of Object.entries(config.agent)) {
-      if (value)
-        lines.push(`${key} = "${value}"`);
-    }
-    lines.push("");
-  }
-  writeFileSync(CONFIG_FILE, lines.join("\n"), { mode: 384 });
-}
-function getIdpUrl(explicit) {
-  if (explicit)
-    return explicit;
-  if (process.env.APES_IDP)
-    return process.env.APES_IDP;
-  const auth = loadAuth();
-  if (auth?.idp)
-    return auth.idp;
-  const config = loadConfig();
-  if (config.defaults?.idp)
-    return config.defaults.idp;
-  return null;
-}
-function getAuthToken() {
-  const auth = loadAuth();
-  if (!auth)
-    return null;
-  if (auth.expires_at && Date.now() / 1e3 > auth.expires_at - 30) {
-    return null;
-  }
-  return auth.access_token;
-}
-function getRequesterIdentity() {
-  return loadAuth()?.email ?? null;
-}
+import {
+  getAuthToken,
+  getIdpUrl,
+  loadAuth,
+  loadConfig,
+  saveAuth
+} from "./chunk-TBYYREL6.js";
 
 // src/http.ts
 import consola from "consola";
@@ -165,12 +60,12 @@ async function refreshAgentToken() {
   if (!keyPath)
     return null;
   try {
-    const { readFileSync: readFileSync6 } = await import("fs");
+    const { readFileSync: readFileSync5 } = await import("fs");
     const { sign } = await import("crypto");
-    const { homedir: homedir7 } = await import("os");
-    const { loadEd25519PrivateKey } = await import("./ssh-key-Q7KG4K25.js");
-    const resolved = keyPath.replace(/^~/, homedir7());
-    const keyContent = readFileSync6(resolved, "utf-8");
+    const { homedir: homedir6 } = await import("os");
+    const { loadEd25519PrivateKey } = await import("./ssh-key-YBNNG5K5.js");
+    const resolved = keyPath.replace(/^~/, homedir6());
+    const keyContent = readFileSync5(resolved, "utf-8");
     const privateKey = loadEd25519PrivateKey(keyContent);
     const challengeUrl = await getAgentChallengeEndpoint(auth.idp);
     const challengeResp = await fetch(challengeUrl, {
@@ -205,10 +100,61 @@ async function refreshAgentToken() {
     return null;
   }
 }
+async function refreshOAuthToken() {
+  const auth = loadAuth();
+  if (!auth?.refresh_token)
+    return null;
+  const { acquireAuthLock, releaseAuthLock } = await import("./auth-lock-SRUFWJC3.js");
+  const lock = await acquireAuthLock({ timeoutMs: 5e3 });
+  if (!lock) {
+    return getAuthToken();
+  }
+  try {
+    const latest = loadAuth();
+    if (latest?.expires_at && Date.now() / 1e3 < latest.expires_at - 30)
+      return latest.access_token;
+    const activeRefreshToken = latest?.refresh_token ?? auth.refresh_token;
+    if (!activeRefreshToken)
+      return null;
+    const disco = await discoverEndpoints(auth.idp);
+    const tokenEndpoint = disco.token_endpoint || `${auth.idp}/token`;
+    const body = new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: activeRefreshToken
+    });
+    const resp = await fetch(tokenEndpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!resp.ok) {
+      if (resp.status === 400 || resp.status === 401) {
+        const base2 = latest ?? auth;
+        saveAuth({ ...base2, refresh_token: void 0 });
+      }
+      return null;
+    }
+    const tokens = await resp.json();
+    const base = latest ?? auth;
+    saveAuth({
+      ...base,
+      access_token: tokens.access_token,
+      refresh_token: tokens.refresh_token ?? base.refresh_token,
+      expires_at: Math.floor(Date.now() / 1e3) + (tokens.expires_in || 300)
+    });
+    if (debug)
+      consola.debug("Token refreshed via OAuth refresh_token");
+    return tokens.access_token;
+  } finally {
+    await releaseAuthLock(lock);
+  }
+}
 async function apiFetch(path, options = {}) {
   let token = options.token || getAuthToken();
   if (!token) {
     token = await refreshAgentToken();
+    if (!token)
+      token = await refreshOAuthToken();
   }
   if (!token) {
     throw new Error("Not authenticated (token expired). Run `apes login` first.");
@@ -260,9 +206,9 @@ async function apiFetch(path, options = {}) {
 
 // src/shapes/adapters.ts
 import { createHash } from "crypto";
-import { existsSync as existsSync2, readdirSync, readFileSync as readFileSync2 } from "fs";
-import { homedir as homedir2 } from "os";
-import { basename, join as join2 } from "path";
+import { existsSync, readdirSync, readFileSync } from "fs";
+import { homedir } from "os";
+import { basename, join } from "path";
 
 // src/shapes/toml.ts
 function parseKeyValue(line) {
@@ -382,20 +328,20 @@ function digest(content) {
 }
 function adapterDirs() {
   return [
-    join2(process.cwd(), ".openape", "shapes", "adapters"),
-    join2(homedir2(), ".openape", "shapes", "adapters"),
-    join2("/etc", "openape", "shapes", "adapters")
+    join(process.cwd(), ".openape", "shapes", "adapters"),
+    join(homedir(), ".openape", "shapes", "adapters"),
+    join("/etc", "openape", "shapes", "adapters")
   ];
 }
 function findByExecutable(executable) {
   for (const dir of adapterDirs()) {
-    if (!existsSync2(dir))
+    if (!existsSync(dir))
       continue;
     try {
       const files = readdirSync(dir).filter((f) => f.endsWith(".toml"));
       for (const file of files) {
-        const path = join2(dir, file);
-        const content = readFileSync2(path, "utf-8");
+        const path = join(dir, file);
+        const content = readFileSync(path, "utf-8");
         const match = content.match(/^\s*executable\s*=\s*"([^"]+)"/m);
         if (match && match[1] === executable)
           return path;
@@ -407,12 +353,12 @@ function findByExecutable(executable) {
 }
 function resolveAdapterPath(cliId, explicitPath) {
   if (explicitPath) {
-    if (existsSync2(explicitPath))
+    if (existsSync(explicitPath))
       return explicitPath;
     throw new Error(`Adapter file not found: ${explicitPath}`);
   }
-  const candidates = adapterDirs().map((dir) => join2(dir, `${cliId}.toml`));
-  const match = candidates.find((path) => existsSync2(path));
+  const candidates = adapterDirs().map((dir) => join(dir, `${cliId}.toml`));
+  const match = candidates.find((path) => existsSync(path));
   if (match)
     return match;
   const byExec = findByExecutable(cliId);
@@ -422,7 +368,7 @@ function resolveAdapterPath(cliId, explicitPath) {
 }
 function loadAdapter(cliId, explicitPath) {
   const source = resolveAdapterPath(cliId, explicitPath);
-  const content = readFileSync2(source, "utf-8");
+  const content = readFileSync(source, "utf-8");
   const adapter = parseAdapterToml(content);
   const idMatch = adapter.cli.id === cliId;
   const fileMatch = basename(source) === `${cliId}.toml`;
@@ -444,11 +390,11 @@ function tryLoadAdapter(cliId, explicitPath) {
 }
 
 // src/shapes/audit.ts
-import { appendFileSync, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
-import { homedir as homedir3 } from "os";
-import { dirname, join as join3 } from "path";
+import { appendFileSync, existsSync as existsSync2, mkdirSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { dirname, join as join2 } from "path";
 function auditPath() {
-  return join3(homedir3(), ".config", "apes", "audit.jsonl");
+  return join2(homedir2(), ".config", "apes", "audit.jsonl");
 }
 function appendAuditLog(entry) {
   const full = {
@@ -459,7 +405,7 @@ function appendAuditLog(entry) {
   const path = auditPath();
   const dir = dirname(path);
   try {
-    if (!existsSync3(dir)) mkdirSync2(dir, { recursive: true });
+    if (!existsSync2(dir)) mkdirSync(dir, { recursive: true });
     appendFileSync(path, `${JSON.stringify(full)}
 `);
   } catch {
@@ -468,15 +414,15 @@ function appendAuditLog(entry) {
 
 // src/shapes/installer.ts
 import { createHash as createHash2 } from "crypto";
-import { existsSync as existsSync4, mkdirSync as mkdirSync3, readdirSync as readdirSync2, readFileSync as readFileSync3, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
-import { homedir as homedir4 } from "os";
-import { join as join4 } from "path";
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readdirSync as readdirSync2, readFileSync as readFileSync2, unlinkSync, writeFileSync } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join3 } from "path";
 function adapterDir(local) {
-  const base = local ? process.cwd() : homedir4();
-  return join4(base, ".openape", "shapes", "adapters");
+  const base = local ? process.cwd() : homedir3();
+  return join3(base, ".openape", "shapes", "adapters");
 }
 function adapterPath(id, local) {
-  return join4(adapterDir(local), `${id}.toml`);
+  return join3(adapterDir(local), `${id}.toml`);
 }
 function sha256(content) {
   return `SHA-256:${createHash2("sha256").update(content).digest("hex")}`;
@@ -492,25 +438,25 @@ async function installAdapter(entry, options = {}) {
   const digest2 = sha256(content);
   if (digest2 !== entry.digest)
     throw new Error(`Digest mismatch for ${entry.id}: expected ${entry.digest}, got ${digest2}`);
-  const updated = existsSync4(dest);
-  if (!existsSync4(dir))
-    mkdirSync3(dir, { recursive: true });
-  writeFileSync2(dest, content);
+  const updated = existsSync3(dest);
+  if (!existsSync3(dir))
+    mkdirSync2(dir, { recursive: true });
+  writeFileSync(dest, content);
   return { id: entry.id, path: dest, digest: digest2, updated };
 }
 function getInstalledDigest(id, local) {
   const path = adapterPath(id, local);
-  if (!existsSync4(path))
+  if (!existsSync3(path))
     return null;
-  const content = readFileSync3(path, "utf-8");
+  const content = readFileSync2(path, "utf-8");
   return sha256(content);
 }
 function isInstalled(id, local) {
-  return existsSync4(adapterPath(id, local));
+  return existsSync3(adapterPath(id, local));
 }
 function removeAdapter(id, local) {
   const path = adapterPath(id, local);
-  if (!existsSync4(path))
+  if (!existsSync3(path))
     return false;
   unlinkSync(path);
   return true;
@@ -518,16 +464,16 @@ function removeAdapter(id, local) {
 function findConflictingAdapters(executable, excludeId) {
   const conflicts = [];
   const dirs = [
-    join4(process.cwd(), ".openape", "shapes", "adapters"),
-    join4(homedir4(), ".openape", "shapes", "adapters")
+    join3(process.cwd(), ".openape", "shapes", "adapters"),
+    join3(homedir3(), ".openape", "shapes", "adapters")
   ];
   for (const dir of dirs) {
-    if (!existsSync4(dir))
+    if (!existsSync3(dir))
       continue;
     try {
       for (const file of readdirSync2(dir).filter((f) => f.endsWith(".toml"))) {
-        const path = join4(dir, file);
-        const content = readFileSync3(path, "utf-8");
+        const path = join3(dir, file);
+        const content = readFileSync2(path, "utf-8");
         const execMatch = content.match(/^\s*executable\s*=\s*"([^"]+)"/m);
         const idMatch = content.match(/^\s*id\s*=\s*"([^"]+)"/m);
         if (execMatch?.[1] === executable && idMatch?.[1] !== excludeId) {
@@ -541,23 +487,23 @@ function findConflictingAdapters(executable, excludeId) {
 }
 
 // src/shapes/registry.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
-import { homedir as homedir5 } from "os";
-import { join as join5 } from "path";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
+import { homedir as homedir4 } from "os";
+import { join as join4 } from "path";
 var REGISTRY_URL = process.env.SHAPES_REGISTRY_URL ?? "https://raw.githubusercontent.com/openape-ai/shapes-registry/main/registry.json";
 var CACHE_TTL_MS = 60 * 60 * 1e3;
 function cacheDir() {
-  return join5(homedir5(), ".openape", "shapes", "cache");
+  return join4(homedir4(), ".openape", "shapes", "cache");
 }
 function cachePath() {
-  return join5(cacheDir(), "registry.json");
+  return join4(cacheDir(), "registry.json");
 }
 function readCache() {
   const path = cachePath();
-  if (!existsSync5(path))
+  if (!existsSync4(path))
     return null;
   try {
-    const raw = readFileSync4(path, "utf-8");
+    const raw = readFileSync3(path, "utf-8");
     const stat = JSON.parse(raw);
     if (stat._cached_at && Date.now() - stat._cached_at > CACHE_TTL_MS)
       return null;
@@ -568,9 +514,9 @@ function readCache() {
 }
 function writeCache(index) {
   const dir = cacheDir();
-  if (!existsSync5(dir))
-    mkdirSync4(dir, { recursive: true });
-  writeFileSync3(cachePath(), JSON.stringify({ ...index, _cached_at: Date.now() }, null, 2));
+  if (!existsSync4(dir))
+    mkdirSync3(dir, { recursive: true });
+  writeFileSync2(cachePath(), JSON.stringify({ ...index, _cached_at: Date.now() }, null, 2));
 }
 async function fetchRegistry(forceRefresh = false) {
   if (!forceRefresh) {
@@ -591,11 +537,14 @@ function searchAdapters(index, query) {
     (a) => a.id.includes(q) || a.name.toLowerCase().includes(q) || a.description.toLowerCase().includes(q) || a.tags.some((t) => t.includes(q)) || a.category.includes(q)
   );
 }
-function findAdapter(index, id) {
-  return index.adapters.find((a) => a.id === id);
+function findAdapter(index, idOrExecutable) {
+  return index.adapters.find(
+    (a) => a.id === idOrExecutable || a.executable === idOrExecutable
+  );
 }
 
 // src/shapes/shell-parser.ts
+import { basename as basename2 } from "path";
 import consola2 from "consola";
 import { parse as shellParse } from "shell-quote";
 var COMPOUND_OPERATORS = /* @__PURE__ */ new Set(["&&", "||", ";", "|", "&", ">", ">>", "<"]);
@@ -634,23 +583,24 @@ function extractShellCommandString(command) {
   return command.slice(2).join(" ");
 }
 async function loadOrInstallAdapter(cliId) {
-  const local = tryLoadAdapter(cliId);
+  const lookupId = basename2(cliId);
+  const local = tryLoadAdapter(lookupId);
   if (local) return local;
   try {
     const index = await fetchRegistry();
-    const entry = findAdapter(index, cliId);
+    const entry = findAdapter(index, lookupId);
     if (!entry) return null;
-    consola2.info(`Installing shapes adapter for ${cliId} from registry...`);
+    consola2.info(`Installing shapes adapter for ${entry.id} from registry...`);
     await installAdapter(entry, { local: false });
     appendAuditLog({
       action: "adapter-auto-install",
-      cli_id: cliId,
+      cli_id: entry.id,
       digest: entry.digest,
       source: "ape-shell"
     });
-    return tryLoadAdapter(cliId);
+    return tryLoadAdapter(entry.id);
   } catch (err) {
-    consola2.debug(`ape-shell adapter auto-install failed for ${cliId}:`, err);
+    consola2.debug(`ape-shell adapter auto-install failed for ${lookupId}:`, err);
     return null;
   }
 }
@@ -1026,15 +976,15 @@ import { hostname } from "os";
 import consola3 from "consola";
 
 // src/shapes/config.ts
-import { existsSync as existsSync6, readFileSync as readFileSync5 } from "fs";
-import { homedir as homedir6 } from "os";
-import { join as join6 } from "path";
-var AUTH_FILE2 = join6(homedir6(), ".config", "apes", "auth.json");
+import { existsSync as existsSync5, readFileSync as readFileSync4 } from "fs";
+import { homedir as homedir5 } from "os";
+import { join as join5 } from "path";
+var AUTH_FILE = join5(homedir5(), ".config", "apes", "auth.json");
 function loadAuth2() {
-  if (!existsSync6(AUTH_FILE2))
+  if (!existsSync5(AUTH_FILE))
     return null;
   try {
-    return JSON.parse(readFileSync5(AUTH_FILE2, "utf-8"));
+    return JSON.parse(readFileSync4(AUTH_FILE, "utf-8"));
   } catch {
     return null;
   }
@@ -1056,7 +1006,7 @@ function getAuthToken2() {
     return null;
   return auth.access_token;
 }
-function getRequesterIdentity2() {
+function getRequesterIdentity() {
   return loadAuth2()?.email ?? null;
 }
 
@@ -1103,7 +1053,7 @@ function decodePayload(token) {
 }
 async function createShapesGrant(resolved, params) {
   const grantsEndpoint = await getGrantsEndpoint2(params.idp);
-  const requester = getRequesterIdentity2();
+  const requester = getRequesterIdentity();
   if (!requester) {
     throw new Error("No requester identity available. Run `apes login` first.");
   }
@@ -1153,7 +1103,7 @@ function grantedCliDetails(claims) {
 function hasStructuredCliGrant(claims) {
   return grantedCliDetails(claims).length > 0;
 }
-async function verifyAndExecute(token, resolved) {
+async function verifyAndConsume(token, resolved) {
   const payload = decodePayload(token);
   const issuer = String(payload.iss ?? "");
   if (!issuer)
@@ -1215,9 +1165,15 @@ async function verifyAndExecute(token, resolved) {
   if (consumeResult.error) {
     throw new Error(`Grant rejected at consume step: ${consumeResult.error}`);
   }
+}
+function executeResolvedViaExec(resolved) {
   consola3.info(`Executing ${(resolved.executionContext.argv ?? [resolved.executable, ...resolved.commandArgv]).join(" ")}`);
   execFileSync(resolved.executable, resolved.commandArgv, { stdio: "inherit" });
 }
+async function verifyAndExecute(token, resolved) {
+  await verifyAndConsume(token, resolved);
+  executeResolvedViaExec(resolved);
+}
 async function findExistingGrant(resolved, idp) {
   const grantsEndpoint = await getGrantsEndpoint2(idp);
   const response = await apiFetch2(
@@ -1286,14 +1242,6 @@ async function buildStructuredCliGrantRequest(resolved, options) {
 }
 
 export {
-  loadAuth,
-  saveAuth,
-  clearAuth,
-  loadConfig,
-  saveConfig,
-  getIdpUrl,
-  getAuthToken,
-  getRequesterIdentity,
   ApiError,
   discoverEndpoints,
   getGrantsEndpoint,
@@ -1323,9 +1271,10 @@ export {
   createShapesGrant,
   waitForGrantStatus,
   fetchGrantToken,
+  verifyAndConsume,
   verifyAndExecute,
   findExistingGrant,
   buildExactCommandGrantRequest,
   buildStructuredCliGrantRequest
 };
-//# sourceMappingURL=chunk-G3Q2TMAI.js.map
+//# sourceMappingURL=chunk-B32ZQP5K.js.map