@openparachute/hub 0.5.14-rc.2 → 0.5.14-rc.21

package/web/ui/dist/index.html

@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Parachute Hub</title>
     <meta name="description" content="Manage vaults registered with this Parachute hub." />
-    <script type="module" crossorigin src="/admin/assets/index-tRmPbbC7.js"></script>
-    <link rel="stylesheet" crossorigin href="/admin/assets/index-7DtAXz7y.css">
+    <script type="module" crossorigin src="/admin/assets/index-CIN3mnmf.js"></script>
+    <link rel="stylesheet" crossorigin href="/admin/assets/index-BiBlvEaj.css">
   </head>
   <body>
     <div id="root"></div>

package/src/__tests__/vault-tokens-create-interactive.test.ts

@@ -1,183 +0,0 @@
-import { describe, expect, test } from "bun:test";
-import { runVaultTokensCreateInteractive } from "../commands/vault-tokens-create-interactive.ts";
-
-interface Harness {
-  logs: string[];
-  prompts: string[];
-  promptAnswers: string[];
-  commands: string[][];
-  exitCode: number;
-}
-
-function makeHarness(
-  answers: string[],
-  opts: { exitCode?: number } = {},
-): {
-  harness: Harness;
-  wire: {
-    log: (l: string) => void;
-    prompt: (q: string) => Promise<string>;
-    interactiveRunner: (cmd: readonly string[]) => Promise<number>;
-  };
-} {
-  const harness: Harness = {
-    logs: [],
-    prompts: [],
-    promptAnswers: [...answers],
-    commands: [],
-    exitCode: opts.exitCode ?? 0,
-  };
-  let i = 0;
-  return {
-    harness,
-    wire: {
-      log: (line) => harness.logs.push(line),
-      prompt: async (q) => {
-        harness.prompts.push(q);
-        const a = harness.promptAnswers[i++];
-        if (a === undefined) throw new Error(`prompt exhausted at: ${q}`);
-        return a;
-      },
-      interactiveRunner: async (cmd) => {
-        harness.commands.push([...cmd]);
-        return harness.exitCode;
-      },
-    },
-  };
-}
-
-describe("runVaultTokensCreateInteractive — scope picker", () => {
-  test("Enter defaults to read (safer choice)", async () => {
-    const { harness, wire } = makeHarness(["", ""]); // scope=default, label=skip
-    const code = await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(code).toBe(0);
-    expect(harness.commands).toHaveLength(1);
-    const cmd = harness.commands[0]!;
-    expect(cmd).toEqual(["parachute-vault", "tokens", "create", "--read"]);
-  });
-
-  test("'1' also selects read", async () => {
-    const { harness, wire } = makeHarness(["1", ""]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(harness.commands[0]).toContain("--read");
-  });
-
-  test("'2' selects write (vault:write scope)", async () => {
-    const { harness, wire } = makeHarness(["2", ""]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    const cmd = harness.commands[0]!;
-    expect(cmd).toEqual(["parachute-vault", "tokens", "create", "--scope", "vault:write"]);
-  });
-
-  test("'3' selects admin (vault:admin scope)", async () => {
-    const { harness, wire } = makeHarness(["3", ""]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    const cmd = harness.commands[0]!;
-    expect(cmd).toEqual(["parachute-vault", "tokens", "create", "--scope", "vault:admin"]);
-  });
-
-  test("'4' cancels with exit 0 and no subprocess", async () => {
-    const { harness, wire } = makeHarness(["4"]);
-    const code = await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(code).toBe(0);
-    expect(harness.commands).toHaveLength(0);
-    expect(harness.logs.join("\n")).toContain("Cancelled");
-  });
-
-  test("'q' also cancels", async () => {
-    const { harness, wire } = makeHarness(["q"]);
-    const code = await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(code).toBe(0);
-    expect(harness.commands).toHaveLength(0);
-  });
-
-  test("word aliases accepted case-insensitively", async () => {
-    for (const [answer, expected] of [
-      ["READ", "--read"],
-      ["Write", "vault:write"],
-      ["admin", "vault:admin"],
-    ] as const) {
-      const { harness, wire } = makeHarness([answer, ""]);
-      await runVaultTokensCreateInteractive({ args: [], ...wire });
-      expect(harness.commands[0]!.join(" ")).toContain(expected);
-    }
-  });
-
-  test("garbage input reprompts, keeping the scope picker tight", async () => {
-    const { harness, wire } = makeHarness(["bogus", "5", "2", ""]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(harness.commands).toHaveLength(1);
-    expect(harness.commands[0]).toContain("vault:write");
-    // Three scope prompts were asked (bogus, 5, then the valid 2); one label.
-    expect(harness.prompts.filter((p) => p.startsWith("Choice"))).toHaveLength(3);
-  });
-});
-
-describe("runVaultTokensCreateInteractive — label prompt", () => {
-  test("blank label = no --label flag forwarded", async () => {
-    const { harness, wire } = makeHarness(["1", ""]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(harness.commands[0]!.includes("--label")).toBe(false);
-  });
-
-  test("non-blank label is appended verbatim", async () => {
-    const { harness, wire } = makeHarness(["1", "n8n-sync"]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    const cmd = harness.commands[0]!;
-    expect(cmd).toContain("--label");
-    expect(cmd[cmd.indexOf("--label") + 1]).toBe("n8n-sync");
-  });
-
-  test("label with spaces is passed as a single arg (not re-split)", async () => {
-    const { harness, wire } = makeHarness(["1", "pendant prototype"]);
-    await runVaultTokensCreateInteractive({ args: [], ...wire });
-    const cmd = harness.commands[0]!;
-    expect(cmd[cmd.indexOf("--label") + 1]).toBe("pendant prototype");
-  });
-
-  test("pre-supplied --label skips the label prompt entirely", async () => {
-    const { harness, wire } = makeHarness(["1"]); // ONLY the scope prompt
-    await runVaultTokensCreateInteractive({
-      args: ["--label", "existing"],
-      ...wire,
-    });
-    // Prompts only include the scope picker, not a label prompt.
-    expect(harness.prompts.some((p) => p.toLowerCase().includes("label"))).toBe(false);
-    // The user-supplied --label stays in place; we didn't double-append.
-    const cmd = harness.commands[0]!;
-    const labelIdxs: number[] = [];
-    cmd.forEach((a, idx) => {
-      if (a === "--label") labelIdxs.push(idx);
-    });
-    expect(labelIdxs).toHaveLength(1);
-    expect(cmd[labelIdxs[0]! + 1]).toBe("existing");
-  });
-});
-
-describe("runVaultTokensCreateInteractive — passthrough of pre-supplied args", () => {
-  test("--vault / --expires forwarded verbatim, scope appended", async () => {
-    const { harness, wire } = makeHarness(["1", ""]);
-    await runVaultTokensCreateInteractive({
-      args: ["--vault", "work", "--expires", "30d"],
-      ...wire,
-    });
-    const cmd = harness.commands[0]!;
-    // Original argv stays in order, scope flag appended after.
-    expect(cmd).toEqual([
-      "parachute-vault",
-      "tokens",
-      "create",
-      "--vault",
-      "work",
-      "--expires",
-      "30d",
-      "--read",
-    ]);
-  });
-
-  test("subprocess exit code is returned to the caller", async () => {
-    const { wire } = makeHarness(["1", ""], { exitCode: 5 });
-    const code = await runVaultTokensCreateInteractive({ args: [], ...wire });
-    expect(code).toBe(5);
-  });
-});

package/src/commands/vault-tokens-create-interactive.ts

@@ -1,143 +0,0 @@
-/**
- * `parachute vault tokens create` (no narrowing flags, in a TTY) — guided
- * token creation. Same command with any of `--scope` / `--read` /
- * `--permission`, or running under a non-TTY, bypasses this module and passes
- * through to `parachute-vault tokens create` unchanged.
- *
- * Two prompts:
- *
- *   1. Scope — read / write / admin / cancel. Default is `read` on Enter:
- *      the two-factor reasoning is (a) a read-only token is the least
- *      dangerous thing to mint by mistake, and (b) most callers of this
- *      command interactively are plumbing in a new read-only consumer
- *      (hooks, dashboards, n8n triggers). Users who actually want admin can
- *      type "3" in ~1 second.
- *
- *   2. Label — free-form string, blank skips the prompt entirely (vault's
- *      own `--label` default of "default" then applies). Skipped outright
- *      if the user already supplied `--label …` on the command line.
- *
- * The resolved flags are appended to the original argv and forwarded to
- * `parachute-vault tokens create` via an inherit-stdio subprocess so the
- * generated token and its usage block print directly to the user's terminal.
- *
- * Shape mirrors `expose-interactive.ts`: every side-effectful edge is an
- * injectable seam so the full prompt tree is testable without spawning.
- */
-
-import { createInterface } from "node:readline/promises";
-
-export type InteractiveRunner = (cmd: readonly string[]) => Promise<number>;
-
-const defaultInteractiveRunner: InteractiveRunner = async (cmd) => {
-  // Inherit env so the child (parachute-vault subprocess) sees PATH, HOME,
-  // PARACHUTE_HOME, etc. Bun.spawn defaults to empty env — see
-  // api-modules-ops.ts:defaultRun.
-  const proc = Bun.spawn([...cmd], {
-    stdio: ["inherit", "inherit", "inherit"],
-    env: process.env,
-  });
-  return await proc.exited;
-};
-
-async function defaultPrompt(question: string): Promise<string> {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  try {
-    return await rl.question(question);
-  } finally {
-    rl.close();
-  }
-}
-
-export interface VaultTokensCreateInteractiveOpts {
-  /**
-   * Original argv after `vault tokens create`. Flags the user already
-   * supplied (`--vault <name>`, `--expires <dur>`, `--label <x>`) are
-   * forwarded verbatim to `parachute-vault`; only the scope dimension is
-   * resolved interactively.
-   */
-  args: readonly string[];
-  prompt?: (question: string) => Promise<string>;
-  interactiveRunner?: InteractiveRunner;
-  log?: (line: string) => void;
-}
-
-interface Resolved {
-  args: readonly string[];
-  prompt: (question: string) => Promise<string>;
-  interactiveRunner: InteractiveRunner;
-  log: (line: string) => void;
-}
-
-function resolve(opts: VaultTokensCreateInteractiveOpts): Resolved {
-  return {
-    args: opts.args,
-    prompt: opts.prompt ?? defaultPrompt,
-    interactiveRunner: opts.interactiveRunner ?? defaultInteractiveRunner,
-    log: opts.log ?? ((line) => console.log(line)),
-  };
-}
-
-type ScopeChoice = "read" | "write" | "admin" | "cancel";
-
-async function promptScope(r: Resolved): Promise<ScopeChoice> {
-  r.log("Scope for this token?");
-  r.log("  [1] read   — query-only (safer default)");
-  r.log("  [2] write  — read + create/update");
-  r.log("  [3] admin  — full access (token + config management)");
-  r.log("  [4] cancel");
-  while (true) {
-    const raw = (await r.prompt("Choice [1]: ")).trim().toLowerCase();
-    if (raw === "" || raw === "1" || raw === "read") return "read";
-    if (raw === "2" || raw === "write") return "write";
-    if (raw === "3" || raw === "admin") return "admin";
-    if (raw === "4" || raw === "cancel" || raw === "q") return "cancel";
-    r.log(`(didn't understand "${raw}" — please pick 1, 2, 3, or 4)`);
-  }
-}
-
-async function promptLabel(r: Resolved): Promise<string | undefined> {
-  r.log("");
-  const raw = (await r.prompt('Label for this token (e.g. "n8n-sync", blank to skip): ')).trim();
-  return raw === "" ? undefined : raw;
-}
-
-/**
- * Map the scope choice to the CLI flag sequence vault expects. We pass the
- * canonical form for each level so anyone inspecting the spawned argv can
- * see exactly what got minted — `--read` reads clearer than `--scope
- * vault:read` for the common case, and `vault:write`/`vault:admin` are the
- * canonical OAuth-style scope names for the other two.
- */
-function scopeFlagsFor(choice: "read" | "write" | "admin"): string[] {
-  if (choice === "read") return ["--read"];
-  if (choice === "write") return ["--scope", "vault:write"];
-  return ["--scope", "vault:admin"];
-}
-
-export async function runVaultTokensCreateInteractive(
-  opts: VaultTokensCreateInteractiveOpts,
-): Promise<number> {
-  const r = resolve(opts);
-
-  const scope = await promptScope(r);
-  if (scope === "cancel") {
-    r.log("Cancelled — no token created.");
-    return 0;
-  }
-
-  const hasLabelFlag = r.args.includes("--label");
-  const label = hasLabelFlag ? undefined : await promptLabel(r);
-
-  const forwarded: string[] = [
-    "parachute-vault",
-    "tokens",
-    "create",
-    ...r.args,
-    ...scopeFlagsFor(scope),
-  ];
-  if (label !== undefined) forwarded.push("--label", label);
-
-  r.log("");
-  return await r.interactiveRunner(forwarded);
-}

package/web/ui/dist/assets/index-7DtAXz7y.css

@@ -1 +0,0 @@
-:root{--bg: #faf8f4;--bg-soft: #f3f0ea;--fg: #2c2a26;--fg-muted: #6b6860;--fg-dim: #9a9690;--accent: #4a7c59;--accent-soft: rgba(74, 124, 89, .08);--accent-hover: #3d6849;--border: #e4e0d8;--border-light: #ece9e2;--card-bg: #ffffff;--error: #a3392b;--error-soft: rgba(163, 57, 43, .08);--warn: #b08023;--warn-soft: rgba(176, 128, 35, .08);--success: #3d6849;--success-soft: rgba(61, 104, 73, .08);--font-serif: Georgia, "Times New Roman", serif;--font-sans: -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif;--font-mono: ui-monospace, "SF Mono", Menlo, Monaco, "Cascadia Mono", monospace;font-family:var(--font-sans)}*{box-sizing:border-box}html,body{margin:0;padding:0;background:var(--bg);color:var(--fg)}a{color:var(--accent);text-decoration:none}a:hover{text-decoration:underline}button{font:inherit;background:var(--accent);color:#fff;border:0;border-radius:6px;padding:.55rem 1.1rem;cursor:pointer;transition:background .15s ease}button:hover{background:var(--accent-hover)}button:disabled{opacity:.5;cursor:not-allowed}button.secondary{background:#fff;color:var(--fg);border:1px solid var(--border)}button.secondary:hover{background:var(--bg-soft)}input,select,textarea{font:inherit;background:#fff;border:1px solid var(--border);border-radius:6px;padding:.55rem .75rem;color:var(--fg)}input:focus,select:focus,textarea:focus{outline:none;border-color:var(--accent)}code{font-family:var(--font-mono);font-size:.85em;background:var(--bg-soft);padding:.1em .3em;border-radius:3px}.page{max-width:880px;margin:0 auto;padding:1.5rem 1.5rem 6rem}.nav{display:flex;flex-wrap:wrap;gap:.6rem 1rem;align-items:center;padding-bottom:1rem;border-bottom:1px solid var(--border);margin-bottom:2rem}.nav .brand{font-weight:600;font-family:var(--font-serif);font-size:1.15rem;margin-right:auto;display:inline-flex;align-items:center;gap:.45rem;color:var(--accent);text-decoration:none}.nav .brand:hover{color:var(--accent-hover);text-decoration:none}.nav .brand-mark-icon{flex-shrink:0;line-height:0}.nav .brand-wordmark{color:var(--fg);letter-spacing:-.005em}.nav .brand .sub{color:var(--fg-dim);font-size:.78rem;font-weight:400;margin-left:.4rem;font-family:var(--font-sans)}.nav a{color:var(--fg-muted);font-size:.95rem}.nav a:hover{text-decoration:none;color:var(--fg)}.nav .nav-divider{display:inline-block;width:1px;height:1.1em;background:var(--border);align-self:center}.nav .nav-dropdown{position:relative}.nav .nav-dropdown-summary{list-style:none;cursor:pointer;color:var(--fg-muted);font-size:.95rem;-webkit-user-select:none;user-select:none}.nav .nav-dropdown-summary::-webkit-details-marker{display:none}.nav .nav-dropdown-summary:hover{color:var(--fg)}.nav .nav-dropdown[open]>.nav-dropdown-summary{color:var(--fg)}.nav .nav-dropdown-summary:after{content:" ▾";font-size:.7em;color:var(--fg-dim)}.nav .nav-dropdown-panel{position:absolute;top:calc(100% + .4rem);left:0;z-index:10;min-width:12rem;background:var(--card-bg);border:1px solid var(--border);border-radius:8px;box-shadow:0 4px 12px #00000014;padding:.4rem 0;display:flex;flex-direction:column}.nav .nav-dropdown-item{padding:.4rem .85rem;color:var(--fg);font-size:.9rem;text-decoration:none}.nav .nav-dropdown-item:hover{background:var(--bg-soft);color:var(--fg);text-decoration:none}.nav .nav-dropdown-item-disabled{color:var(--fg-dim);cursor:not-allowed}.nav .nav-dropdown-item-disabled:hover{background:transparent;color:var(--fg-dim)}.nav .auth-spa{font-size:.85rem;color:var(--fg-muted)}.nav .auth-spa strong{font-weight:600;color:var(--fg)}.nav .auth-spa-signout{background:none;border:none;padding:0;color:var(--accent);font:inherit;cursor:pointer;text-decoration:underline;text-decoration-thickness:1px;text-underline-offset:2px}.nav .auth-spa-signout:hover:not(:disabled){color:var(--accent-hover)}.nav .auth-spa-signout:disabled{color:var(--fg-dim);cursor:not-allowed}h1{margin:0 0 .5rem;font-family:var(--font-serif);font-size:1.85rem;font-weight:400;letter-spacing:-.01em;line-height:1.2;color:var(--fg)}h2{margin:0 0 1rem;font-size:1.4rem;font-weight:500}.muted{color:var(--fg-muted);font-size:.92rem}.dim{color:var(--fg-dim);font-size:.85rem}.error-banner{background:var(--error-soft);border:1px solid var(--error);color:var(--error);padding:.75rem 1rem;border-radius:8px;margin-bottom:1rem;font-size:.9rem}.warn-banner{background:var(--warn-soft);border:1px solid var(--warn);color:var(--warn);padding:.75rem 1rem;border-radius:8px;margin-bottom:1rem;font-size:.9rem}.empty{padding:3rem 1.5rem;text-align:center;color:var(--fg-muted);background:var(--bg-soft);border-radius:10px}@keyframes pc-loading-pulse{0%,to{opacity:.55}50%{opacity:1}}[data-loading=true]{animation:pc-loading-pulse 1.4s ease-in-out infinite}.user-table tbody tr,.tokens-table tbody tr{transition:background-color .12s ease}.user-table tbody tr:hover,.tokens-table tbody tr:hover{background:var(--bg-soft)}@keyframes pc-route-fade-up{0%{opacity:0;transform:translateY(6px)}to{opacity:1;transform:translateY(0)}}[data-route-content]{animation:pc-route-fade-up .32s ease forwards}@media(prefers-reduced-motion:reduce){[data-loading=true],[data-route-content]{animation:none}}.table-scroll{overflow-x:auto;-webkit-overflow-scrolling:touch;background:linear-gradient(to right,var(--card-bg),var(--card-bg)) left center / 20px 100% no-repeat,linear-gradient(to right,#2c2a2614,#2c2a2600) left center / 8px 100% no-repeat,linear-gradient(to left,var(--card-bg),var(--card-bg)) right center / 20px 100% no-repeat,linear-gradient(to left,#2c2a2614,#2c2a2600) right center / 8px 100% no-repeat;background-attachment:local,scroll,local,scroll}.table-scroll>table{min-width:100%}.empty-rich{text-align:left;padding:2rem 1.75rem;background:#fff;border:1px solid var(--border)}.empty-rich .empty-headline{font-size:1.05rem;color:var(--fg);margin:0 0 .5rem;font-weight:500}.list-header{display:flex;align-items:baseline;justify-content:space-between;gap:1rem;margin-bottom:1rem}.list-header h1,.list-header h2{margin:0}.tag{display:inline-block;padding:.1em .55em;background:var(--accent-soft);color:var(--accent);border-radius:4px;font-size:.78rem;font-weight:500}.tag.muted{background:var(--bg-soft);color:var(--fg-muted)}.tag.source-oauth{background:#4a7cc61f;color:#3b6aa6}.tag.source-operator{background:#c6984a24;color:#8a5e1f}.tag.source-cli{background:#4a7c5924;color:#2f5a3f}.tag.source-unknown{background:var(--bg-soft);color:var(--fg-muted)}@media(prefers-color-scheme:dark){.tag.source-oauth{background:#7a9cdc24;color:#9bb6d8}.tag.source-operator{background:#dcb46e24;color:#d4b27a}.tag.source-cli{background:#7ab08a24;color:#8fc49e}.tag.source-unknown{background:#e8e4dc0f;color:#a8a49a}}.vault-row{display:flex;align-items:center;gap:1rem;padding:.85rem 1rem;background:#fff;border:1px solid var(--border);border-radius:8px;margin-bottom:.5rem;text-decoration:none;color:inherit;transition:border-color .15s ease}.vault-row:hover{border-color:var(--accent);text-decoration:none}.vault-row .body{flex:1;min-width:0}.vault-row .name{display:flex;align-items:center;gap:.5rem;flex-wrap:wrap}.vault-row .name code{font-size:.95em}.vault-row .url{margin-top:.25rem;word-break:break-all}.vault-row .chev{color:var(--fg-dim);font-size:1.2rem}form .row{margin-bottom:1rem}form label{display:block;font-size:.9rem;color:var(--fg-muted);margin-bottom:.3rem;font-weight:500}form input[type=text]{width:100%}form .actions{display:flex;gap:.6rem;align-items:center;margin-top:1rem}form .field-hint{margin-top:.35rem;font-size:.82rem;color:var(--fg-dim)}form .field-error{margin-top:.35rem;font-size:.85rem;color:var(--error)}.section{background:#fff;border:1px solid var(--border);border-radius:10px;padding:1.25rem 1.5rem;margin-bottom:1.5rem}.mint-banner{background:var(--success-soft);border:1px solid var(--success);border-radius:10px;padding:1.25rem 1.5rem;margin-bottom:1.5rem}.mint-banner h3{margin:0 0 .5rem;font-size:1rem;color:var(--success)}.mint-banner .token-box{display:flex;align-items:center;gap:.5rem;margin:.85rem 0 .5rem}.mint-banner code{flex:1;font-size:.9rem;padding:.6rem .75rem;background:#fff;border:1px solid var(--border);word-break:break-all;-webkit-user-select:all;user-select:all}.mint-banner .warn{margin:.75rem 0 0;font-size:.85rem;color:var(--warn)}.mint-banner .actions{margin-top:1rem;display:flex;gap:.5rem}.kv{display:grid;grid-template-columns:8.5rem 1fr;gap:.5rem 1rem;font-size:.92rem}.kv>div:nth-child(odd){color:var(--fg-muted)}.kv code{word-break:break-all}.channel-toggle{margin:1.25rem 0 1.5rem;padding:.75rem 1rem;border:1px solid var(--border, #ddd);border-radius:6px;background:var(--bg-soft, #fafafa)}.channel-toggle legend{padding:0 .25rem;font-weight:600;font-size:.95rem}.channel-toggle label{display:inline-flex;align-items:center;gap:.4rem;margin-right:1.5rem;cursor:pointer;font-size:.95rem}.channel-toggle label input[type=radio]:disabled+*{opacity:.5}.channel-toggle code{font-size:.85em}.channel-toggle p.muted{margin:.4rem 0 0;font-size:.85rem}.module-config{display:flex;flex-direction:column;gap:1.25rem}.module-config-header h1{margin-bottom:.35rem}.module-config-form fieldset{border:0;padding:0;margin:0;display:flex;flex-direction:column;gap:1rem}.module-config-form .field{display:flex;flex-direction:column;gap:.25rem}.module-config-form .field input,.module-config-form .field select,.module-config-form .field textarea{width:100%}.module-config-form .field-inline{flex-direction:row;align-items:center;flex-wrap:wrap;gap:.5rem}.module-config-form .field-inline label{display:inline-flex;align-items:center;gap:.5rem}.module-config-form .field-inline .field-hint{flex-basis:100%;margin-left:1.6rem}.module-config-form .field-invalid input,.module-config-form .field-invalid select,.module-config-form .field-invalid textarea{border-color:var(--error)}.module-config-form .actions{display:flex;gap:.6rem;align-items:center;margin-top:.5rem}.module-config-form .actions button.destructive{background:#fff;color:var(--fg);border:1px solid var(--border)}.module-config-form .actions button.destructive:hover{background:var(--bg-soft)}.module-config-form .banner{margin:0;padding:.75rem 1rem;border-radius:6px;border:1px solid transparent;font-size:.9rem}.module-config-form .banner-success{background:var(--success-soft);border-color:var(--success);color:var(--success)}.module-config-form .banner-success p,.module-config-form .banner-success ul{margin:.4rem 0 0}.module-config-form .banner-error{background:var(--error-soft, rgba(163, 57, 43, .08));border-color:var(--error);color:var(--error)}.modules-installed,.modules-installable{margin-top:1.75rem}.modules-installed>h2,.modules-installable>h2{font-size:1.15rem;font-weight:600;margin:0 0 .75rem;color:var(--fg)}.modules-installed>p.muted,.modules-installable>p.muted{margin:0 0 .5rem}.install-list{list-style:none;padding:0;margin:0;display:flex;flex-direction:column;gap:.6rem}.install-card{display:flex;flex-direction:row;align-items:center;gap:1rem;flex-wrap:wrap;padding:.85rem 1rem;background:#fff;border:1px solid var(--border);border-radius:8px;transition:border-color .15s ease}.install-card:hover{border-color:var(--accent)}.install-card-body{flex:1 1 0;min-width:0}.install-card-body h3{margin:0 0 .2rem;font-size:1rem;font-weight:600;color:var(--fg)}.install-card-body .tagline{margin:0 0 .35rem;color:var(--fg-muted);font-size:.92rem}.install-card-meta{margin:0;font-size:.82rem}.install-card-actions{flex:0 0 auto}.install-card .error{flex-basis:100%;margin-top:.5rem;color:var(--error);font-size:.85rem}.module-row .actions .btn,a.btn{display:inline-block;font:inherit;background:var(--accent);color:#fff;border:0;border-radius:6px;padding:.55rem 1.1rem;cursor:pointer;transition:background .15s ease;text-decoration:none}.module-row .actions .btn:hover,a.btn:hover{background:var(--accent-hover);text-decoration:none}.module-uis{margin:.5rem 0 0;padding:.5rem 0 0;border-top:1px solid var(--border-light)}.module-uis>summary{cursor:pointer;font-size:.88rem;color:var(--fg-muted);font-weight:500;padding:.15rem 0;list-style:revert}.module-uis>summary:hover{color:var(--fg)}.ui-sub-units{list-style:none;padding:0;margin:.5rem 0 0 1.1rem;display:flex;flex-direction:column;gap:.35rem}.ui-sub-unit{display:flex;flex-direction:row;align-items:center;gap:.65rem;padding:.5rem .75rem;background:var(--bg-soft);border:1px solid var(--border-light);border-radius:6px;transition:border-color .15s ease,background .15s ease}.ui-sub-unit:hover{border-color:var(--accent);background:#fff}.ui-icon{flex:0 0 auto;width:20px;height:20px;border-radius:4px;object-fit:contain}.ui-sub-unit-body{flex:1 1 0;min-width:0}.ui-sub-unit-link{color:var(--fg);font-size:.95rem;text-decoration:none}.ui-sub-unit-link:hover{color:var(--accent);text-decoration:underline}.ui-sub-unit-link strong{font-weight:600}.ui-sub-unit .tagline{margin:.2rem 0 0;font-size:.82rem;color:var(--fg-muted)}.status{flex:0 0 auto;display:inline-block;padding:.1em .55em;background:var(--bg-soft);color:var(--fg-muted);border-radius:4px;font-size:.78rem;font-weight:500;white-space:nowrap}.status-active{background:var(--success-soft);color:var(--success)}.status-pending{background:var(--warn-soft);color:var(--warn)}.status-inactive{background:var(--bg-soft);color:var(--fg-dim)}.status-failing{background:var(--error-soft);color:var(--error)}.status-absent{background:var(--bg-soft);color:var(--fg-dim)}.status-pending-oauth{background:var(--warn-soft);color:var(--warn)}.status-disabled{background:var(--bg-soft);color:var(--fg-dim)}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border:0}.hub-version-badge{margin-top:3rem;padding-top:1rem;border-top:1px solid var(--border-light);display:flex;flex-direction:column;align-items:flex-start;gap:.75rem;color:var(--fg-muted);font-size:.8rem}.hub-version-badge-summary{background:transparent;border:0;padding:0;margin:0;color:var(--fg-muted);font:inherit;cursor:pointer;text-align:left;border-radius:4px}.hub-version-badge-summary:hover{color:var(--fg);background:transparent}.hub-version-badge-summary strong{color:var(--fg);font-weight:600}.hub-version-badge-source{font-variant:small-caps;letter-spacing:.04em}.hub-version-badge-panel{background:var(--card-bg);border:1px solid var(--border);border-radius:8px;padding:.85rem 1rem;font-size:.85rem;color:var(--fg);width:100%;max-width:28rem}.hub-version-badge-panel dl{margin:0 0 .75rem;display:grid;grid-template-columns:max-content 1fr;gap:.3rem .85rem}.hub-version-badge-panel dt{color:var(--fg-muted);font-size:.78rem;text-transform:uppercase;letter-spacing:.06em;padding-top:.1rem}.hub-version-badge-panel dd{margin:0;color:var(--fg);word-break:break-all}.hub-version-badge-refresh{font-size:.8rem;padding:.35rem .85rem}