@overlordai/server 1.0.52 → 1.0.54

package/dist/auth/auth.service.js

@@ -1,43 +1,10 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
@@ -46,28 +13,31 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthService = void 0;
 const common_1 = require("@nestjs/common");
 const jwt_1 = require("@nestjs/jwt");
-const bcrypt = __importStar(require("bcrypt"));
-const otplib_1 = require("otplib");
 const uuid_1 = require("uuid");
 const developer_repository_1 = require("../database/repositories/developer.repository");
 const redis_service_1 = require("../redis/redis.service");
+const crypto_service_1 = require("../common/crypto.service");
+const protocol_1 = require("@overlordai/protocol");
+const config_1 = require("../common/config");
 let AuthService = AuthService_1 = class AuthService {
     jwtService;
     developerRepo;
     redis;
+    crypto;
     logger = new common_1.Logger(AuthService_1.name);
-    constructor(jwtService, developerRepo, redis) {
+    constructor(jwtService, developerRepo, redis, crypto) {
         this.jwtService = jwtService;
         this.developerRepo = developerRepo;
         this.redis = redis;
+        this.crypto = crypto;
     }
     onModuleInit() {
         const defaultSecrets = ['default-jwt-secret', 'default-worker-jwt-secret'];
-        const jwtSecret = process.env.JWT_SECRET;
-        const workerJwtSecret = process.env.WORKER_JWT_SECRET;
+        const jwtSecret = (0, config_1.getJwtSecret)();
+        const workerJwtSecret = (0, config_1.getWorkerJwtSecret)();
         const isProduction = process.env.NODE_ENV === 'production';
-        const jwtSecretIsDefault = !jwtSecret || defaultSecrets.includes(jwtSecret);
-        const workerSecretIsDefault = !workerJwtSecret || defaultSecrets.includes(workerJwtSecret);
+        const jwtSecretIsDefault = defaultSecrets.includes(jwtSecret);
+        const workerSecretIsDefault = defaultSecrets.includes(workerJwtSecret);
         if (isProduction) {
             if (jwtSecretIsDefault) {
                 throw new Error('JWT_SECRET must be set to a non-default value in production');
@@ -92,14 +62,14 @@ let AuthService = AuthService_1 = class AuthService {
         if (!developer) {
             throw new common_1.UnauthorizedException('Invalid credentials');
         }
-        if (developer.status !== 'active') {
+        if (developer.status !== protocol_1.DeveloperStatus.ACTIVE) {
             throw new common_1.UnauthorizedException('Account is inactive');
         }
         if (!developer.passwordHash) {
             throw new common_1.UnauthorizedException('Invalid credentials');
         }
-        // 3. bcrypt.compare password
-        const passwordValid = await bcrypt.compare(password, developer.passwordHash);
+        // 3. Compare password
+        const passwordValid = await this.crypto.comparePassword(password, developer.passwordHash);
         if (!passwordValid) {
             throw new common_1.UnauthorizedException('Invalid credentials');
         }
@@ -113,7 +83,7 @@ let AuthService = AuthService_1 = class AuthService {
                 scope: 'totp_setup',
             };
             const accessToken = this.jwtService.sign(payload, {
-                secret: process.env.JWT_SECRET || 'default-jwt-secret',
+                secret: (0, config_1.getJwtSecret)(),
                 expiresIn: '15m',
             });
             return { accessToken, totpSetup: true };
@@ -123,10 +93,7 @@ let AuthService = AuthService_1 = class AuthService {
             throw new common_1.UnauthorizedException('TOTP_REQUIRED');
         }
         // 6. Verify TOTP code
-        const totpValid = otplib_1.authenticator.verify({
-            token: totpCode,
-            secret: developer.totpSecret,
-        });
+        const totpValid = this.crypto.verifyTotp(developer.totpSecret, totpCode);
         if (!totpValid) {
             throw new common_1.UnauthorizedException('Invalid TOTP code');
         }
@@ -140,7 +107,7 @@ let AuthService = AuthService_1 = class AuthService {
         let payload;
         try {
             payload = this.jwtService.verify(refreshToken, {
-                secret: process.env.JWT_SECRET || 'default-jwt-secret',
+                secret: (0, config_1.getJwtSecret)(),
             });
         }
         catch {
@@ -151,20 +118,13 @@ let AuthService = AuthService_1 = class AuthService {
         }
         // 2. Atomically blacklist the old refresh token (SET NX).
         //    If SET NX returns null, the token was already used — reject.
-        const nowSeconds = Math.floor(Date.now() / 1000);
-        const remainingTtl = payload.exp - nowSeconds;
-        if (remainingTtl > 0) {
-            const result = await this.redis.getClient().set(`rt:${payload.jti}`, '1', 'EX', remainingTtl, 'NX');
-            if (result === null) {
-                throw new common_1.UnauthorizedException('Token has been revoked');
-            }
-        }
-        else {
+        const blacklisted = await this.blacklistRefreshToken(payload.jti, payload.exp);
+        if (!blacklisted) {
             throw new common_1.UnauthorizedException('Token has been revoked');
         }
         // 3. Check developer still active
         const developer = this.developerRepo.findById(payload.sub);
-        if (!developer || developer.status !== 'active') {
+        if (!developer || developer.status !== protocol_1.DeveloperStatus.ACTIVE) {
             throw new common_1.UnauthorizedException('Account is inactive');
         }
         // 5. Sign new access token and refresh token
@@ -177,22 +137,20 @@ let AuthService = AuthService_1 = class AuthService {
         let payload;
         try {
             payload = this.jwtService.verify(refreshToken, {
-                secret: process.env.JWT_SECRET || 'default-jwt-secret',
+                secret: (0, config_1.getJwtSecret)(),
             });
         }
         catch {
             // If token is already expired or invalid, nothing to blacklist
             return;
         }
-        const nowSeconds = Math.floor(Date.now() / 1000);
-        const remainingTtl = payload.exp - nowSeconds;
-        if (remainingTtl > 0) {
-            // 2. Blacklist the refresh token
-            await this.redis.getClient().set(`rt:${payload.jti}`, '1', 'EX', remainingTtl, 'NX');
-            // 3. Set a per-user logout timestamp so PTY revalidation can detect
+        const blacklisted = await this.blacklistRefreshToken(payload.jti, payload.exp);
+        if (blacklisted) {
+            // Set a per-user logout timestamp so PTY revalidation can detect
             // that the user logged out after their access token was issued.
             // TTL matches access token lifetime (15 min) — after that the access
             // token would expire naturally and PTY revalidation closes the socket.
+            const nowSeconds = Math.floor(Date.now() / 1000);
             await this.redis.getClient().set(`logout:${payload.sub}`, String(nowSeconds), 'EX', 900);
         }
     }
@@ -204,7 +162,7 @@ let AuthService = AuthService_1 = class AuthService {
             jti: (0, uuid_1.v4)(),
         };
         return this.jwtService.sign(payload, {
-            secret: process.env.JWT_SECRET || 'default-jwt-secret',
+            secret: (0, config_1.getJwtSecret)(),
             expiresIn: '15m',
         });
     }
@@ -215,17 +173,17 @@ let AuthService = AuthService_1 = class AuthService {
             type: 'refresh',
         };
         return this.jwtService.sign(payload, {
-            secret: process.env.JWT_SECRET || 'default-jwt-secret',
+            secret: (0, config_1.getJwtSecret)(),
             expiresIn: '7d',
         });
     }
-    signWorkerJwt(machineId, tokenId) {
+    signWorkerJwt(workerId, tokenId) {
         const payload = {
-            sub: machineId,
+            sub: workerId,
             tokenId,
         };
         return this.jwtService.sign(payload, {
-            secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
+            secret: (0, config_1.getWorkerJwtSecret)(),
             expiresIn: '7d',
         });
     }
@@ -236,19 +194,19 @@ let AuthService = AuthService_1 = class AuthService {
             jti: (0, uuid_1.v4)(),
         };
         return this.jwtService.sign(payload, {
-            secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
-            expiresIn: 30,
+            secret: (0, config_1.getWorkerJwtSecret)(),
+            expiresIn: protocol_1.CHANNEL_TOKEN_EXPIRY_SEC,
         });
     }
     async validateChannelToken(token, expectedAud) {
         let payload;
         try {
             payload = this.jwtService.verify(token, {
-                secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
+                secret: (0, config_1.getWorkerJwtSecret)(),
             });
         }
-        catch {
-            throw new common_1.UnauthorizedException('Invalid channel token');
+        catch (err) {
+            throw new common_1.UnauthorizedException(`Invalid channel token: ${(0, protocol_1.getErrorMessage)(err)}`);
         }
         if (payload.aud !== expectedAud) {
             throw new common_1.UnauthorizedException(`Channel token audience mismatch: expected ${expectedAud}`);
@@ -275,7 +233,7 @@ let AuthService = AuthService_1 = class AuthService {
     verifyWorkerJwt(token) {
         try {
             return this.jwtService.verify(token, {
-                secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
+                secret: (0, config_1.getWorkerJwtSecret)(),
             });
         }
         catch {
@@ -289,19 +247,32 @@ let AuthService = AuthService_1 = class AuthService {
     verifyUserJwt(token) {
         try {
             return this.jwtService.verify(token, {
-                secret: process.env.JWT_SECRET || 'default-jwt-secret',
+                secret: (0, config_1.getJwtSecret)(),
             });
         }
         catch {
             throw new common_1.UnauthorizedException('Invalid user JWT');
         }
     }
+    /**
+     * Atomically blacklist a refresh token via Redis SET NX.
+     * Returns true if successfully blacklisted, false if already expired or used.
+     */
+    async blacklistRefreshToken(jti, exp) {
+        const nowSeconds = Math.floor(Date.now() / 1000);
+        const remainingTtl = exp - nowSeconds;
+        if (remainingTtl <= 0)
+            return false;
+        const result = await this.redis.getClient().set(`rt:${jti}`, '1', 'EX', remainingTtl, 'NX');
+        return result !== null;
+    }
 };
 exports.AuthService = AuthService;
 exports.AuthService = AuthService = AuthService_1 = __decorate([
     (0, common_1.Injectable)(),
     __metadata("design:paramtypes", [jwt_1.JwtService,
         developer_repository_1.DeveloperRepository,
-        redis_service_1.RedisService])
+        redis_service_1.RedisService,
+        crypto_service_1.CryptoService])
 ], AuthService);
 //# sourceMappingURL=auth.service.js.map

package/dist/auth/auth.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/auth/auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAKwB;AACxB,qCAAyC;AACzC,+CAAiC;AACjC,mCAAuC;AACvC,+BAAoC;AACpC,wFAAoF;AACpF,0DAAsD;AA6B/C,IAAM,WAAW,mBAAjB,MAAM,WAAW;IAIH;IACA;IACA;IALF,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IAEvD,YACmB,UAAsB,EACtB,aAAkC,EAClC,KAAmB;QAFnB,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAqB;QAClC,UAAK,GAAL,KAAK,CAAc;IACnC,CAAC;IAEJ,YAAY;QACV,MAAM,cAAc,GAAG,CAAC,oBAAoB,EAAE,2BAA2B,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QACzC,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D,MAAM,kBAAkB,GAAG,CAAC,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5E,MAAM,qBAAqB,GACzB,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2HAA2H,CAC5H,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CACT,QAAgB,EAChB,QAAgB,EAChB,QAAiB;QAKjB,4BAA4B;QAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1D,qCAAqC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,OAAO,CACxC,QAAQ,EACR,SAAS,CAAC,YAAY,CACvB,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAwB;gBACnC,GAAG,EAAE,SAAS,CAAC,EAAE;gBACjB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,GAAG,EAAE,IAAA,SAAM,GAAE;gBACb,KAAK,EAAE,YAAY;aACpB,CAAC;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;gBAChD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;gBACtD,SAAS,EAAE,KAAK;aACjB,CAAC,CAAC;YAEH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,oEAAoE;QACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;QACnD,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,sBAAa,CAAC,MAAM,CAAC;YACrC,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,SAAS,CAAC,UAAU;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEtD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,sBAAsB;QACtB,IAAI,OAAgE,CAAC;QACrE,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;QAED,0DAA0D;QAC1D,kEAAkE;QAClE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC;QAC9C,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC7C,MAAM,OAAO,CAAC,GAAG,EAAE,EACnB,GAAG,EACH,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YACF,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;QAED,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,6CAA6C;QAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEzD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC/B,2CAA2C;QAC3C,IAAI,OAAkD,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC;QAE9C,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,iCAAiC;YACjC,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC9B,MAAM,OAAO,CAAC,GAAG,EAAE,EACnB,GAAG,EACH,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YAEF,oEAAoE;YACpE,gEAAgE;YAChE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC9B,UAAU,OAAO,CAAC,GAAG,EAAE,EACvB,MAAM,CAAC,UAAU,CAAC,EAClB,IAAI,EACJ,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,WAAW,CAAC,SAIX;QACC,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;YACtD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,SAAyB;QACxC,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,GAAG,EAAE,IAAA,SAAM,GAAE;YACb,IAAI,EAAE,SAAS;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;YACtD,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,SAAiB,EAAE,OAAe;QAC9C,MAAM,OAAO,GAAqB;YAChC,GAAG,EAAE,SAAS;YACd,OAAO;SACR,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;YACpE,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,MAAc,EAAE,GAAqB;QACpD,MAAM,OAAO,GAAwB;YACnC,MAAM;YACN,GAAG;YACH,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;YACpE,SAAS,EAAE,EAAE;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAa,EACb,WAA6B;QAE7B,IAAI,OAA+C,CAAC;QACpD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAyC,KAAK,EAAE;gBAC9E,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;aACrE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,8BAAqB,CAC7B,6CAA6C,WAAW,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,MAAM,MAAM,GAAG,iBAAiB,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAEjE,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,8BAAqB,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK;aAC5B,SAAS,EAAE;aACX,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;QAEjD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,8BAAqB,CAAC,qCAAqC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,KAAa;QAC3B,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAmB,KAAK,EAAE;gBACrD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;aACrE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAiB,KAAK,EAAE;gBACnD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,kBAAkB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;CACF,CAAA;AArUY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAKoB,gBAAU;QACP,0CAAmB;QAC3B,4BAAY;GAN3B,WAAW,CAqUvB"}
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/auth/auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAKwB;AACxB,qCAAyC;AACzC,+BAAoC;AACpC,wFAAoF;AACpF,0DAAsD;AACtD,6DAAyD;AACzD,mDAI8B;AAC9B,6CAAoE;AA6B7D,IAAM,WAAW,mBAAjB,MAAM,WAAW;IAIH;IACA;IACA;IACA;IANF,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IAEvD,YACmB,UAAsB,EACtB,aAAkC,EAClC,KAAmB,EACnB,MAAqB;QAHrB,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAqB;QAClC,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAAe;IACrC,CAAC;IAEJ,YAAY;QACV,MAAM,cAAc,GAAG,CAAC,oBAAoB,EAAE,2BAA2B,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAA,qBAAY,GAAE,CAAC;QACjC,MAAM,eAAe,GAAG,IAAA,2BAAkB,GAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D,MAAM,kBAAkB,GAAG,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,qBAAqB,GAAG,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAEvE,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2HAA2H,CAC5H,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CACT,QAAgB,EAChB,QAAgB,EAChB,QAAiB;QAKjB,4BAA4B;QAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1D,qCAAqC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,0BAAe,CAAC,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CACrD,QAAQ,EACR,SAAS,CAAC,YAAY,CACvB,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAwB;gBACnC,GAAG,EAAE,SAAS,CAAC,EAAE;gBACjB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,GAAG,EAAE,IAAA,SAAM,GAAE;gBACb,KAAK,EAAE,YAAY;aACpB,CAAC;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;gBAChD,MAAM,EAAE,IAAA,qBAAY,GAAE;gBACtB,SAAS,EAAE,KAAK;aACjB,CAAC,CAAC;YAEH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,oEAAoE;QACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;QACnD,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEzE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEtD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,sBAAsB;QACtB,IAAI,OAAgE,CAAC;QACrE,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,IAAA,qBAAY,GAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;QAED,0DAA0D;QAC1D,kEAAkE;QAClE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;QAED,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,0BAAe,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,6CAA6C;QAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEzD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC/B,2CAA2C;QAC3C,IAAI,OAAkD,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,IAAA,qBAAY,GAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAE/E,IAAI,WAAW,EAAE,CAAC;YAChB,iEAAiE;YACjE,gEAAgE;YAChE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACjD,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC9B,UAAU,OAAO,CAAC,GAAG,EAAE,EACvB,MAAM,CAAC,UAAU,CAAC,EAClB,IAAI,EACJ,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,WAAW,CAAC,SAIX;QACC,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAA,qBAAY,GAAE;YACtB,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,SAAyB;QACxC,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,GAAG,EAAE,IAAA,SAAM,GAAE;YACb,IAAI,EAAE,SAAS;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAA,qBAAY,GAAE;YACtB,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,QAAgB,EAAE,OAAe;QAC7C,MAAM,OAAO,GAAqB;YAChC,GAAG,EAAE,QAAQ;YACb,OAAO;SACR,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAA,2BAAkB,GAAE;YAC5B,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,MAAc,EAAE,GAAqB;QACpD,MAAM,OAAO,GAAwB;YACnC,MAAM;YACN,GAAG;YACH,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAA,2BAAkB,GAAE;YAC5B,SAAS,EAAE,mCAAwB;SACpC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAa,EACb,WAA6B;QAE7B,IAAI,OAA+C,CAAC;QACpD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAyC,KAAK,EAAE;gBAC9E,MAAM,EAAE,IAAA,2BAAkB,GAAE;aAC7B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,IAAA,0BAAe,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,8BAAqB,CAC7B,6CAA6C,WAAW,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,MAAM,MAAM,GAAG,iBAAiB,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAEjE,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,8BAAqB,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK;aAC5B,SAAS,EAAE;aACX,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;QAEjD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,8BAAqB,CAAC,qCAAqC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,KAAa;QAC3B,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAmB,KAAK,EAAE;gBACrD,MAAM,EAAE,IAAA,2BAAkB,GAAE;aAC7B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAiB,KAAK,EAAE;gBACnD,MAAM,EAAE,IAAA,qBAAY,GAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,kBAAkB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,qBAAqB,CAAC,GAAW,EAAE,GAAW;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,GAAG,GAAG,UAAU,CAAC;QACtC,IAAI,YAAY,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC7C,MAAM,GAAG,EAAE,EACX,GAAG,EACH,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;QACF,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;CACF,CAAA;AA/TY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAKoB,gBAAU;QACP,0CAAmB;QAC3B,4BAAY;QACX,8BAAa;GAP7B,WAAW,CA+TvB"}

package/dist/auth/authenticated-request.d.ts

@@ -0,0 +1,10 @@
+import type { Request } from 'express';
+import type { DeveloperRole } from '@overlordai/protocol';
+export interface AuthenticatedRequest extends Request {
+    user: {
+        sub: number;
+        name: string;
+        role: DeveloperRole;
+    };
+}
+//# sourceMappingURL=authenticated-request.d.ts.map

package/dist/auth/authenticated-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticated-request.d.ts","sourceRoot":"","sources":["../../src/auth/authenticated-request.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,aAAa,CAAA;KAAE,CAAC;CAC1D"}

package/dist/auth/authenticated-request.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authenticated-request.js.map

package/dist/auth/authenticated-request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticated-request.js","sourceRoot":"","sources":["../../src/auth/authenticated-request.ts"],"names":[],"mappings":""}

package/dist/auth/extract-user.middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extract-user.middleware.d.ts","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;;;;;;;;GAWG;AACH,qBACa,qBAAsB,YAAW,cAAc;IAC9C,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAEnD,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;CAkB5D"}
+{"version":3,"file":"extract-user.middleware.d.ts","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC;;;;;;;;;;;GAWG;AACH,qBACa,qBAAsB,YAAW,cAAc;IAC9C,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAEnD,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;CAkB5D"}

package/dist/auth/extract-user.middleware.js

@@ -12,6 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExtractUserMiddleware = void 0;
 const common_1 = require("@nestjs/common");
 const jwt_1 = require("@nestjs/jwt");
+const config_1 = require("../common/config");
 /**
  * Middleware that attempts to extract the authenticated user from the JWT
  * in the Authorization header and attach it to `request.user`.
@@ -37,7 +38,7 @@ let ExtractUserMiddleware = class ExtractUserMiddleware {
             if (token.includes('.')) {
                 try {
                     const payload = this.jwtService.verify(token, {
-                        secret: process.env.JWT_SECRET || 'default-jwt-secret',
+                        secret: (0, config_1.getJwtSecret)(),
                     });
                     req.user = payload;
                 }

package/dist/auth/extract-user.middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"extract-user.middleware.js","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4D;AAE5D,qCAAyC;AAEzC;;;;;;;;;;;GAWG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACH;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,GAAG,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;QAClD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC;QAC9C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAClC,+DAA+D;YAC/D,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE;wBAC5C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;qBACvD,CAAC,CAAC;oBACF,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,sEAAsE;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC;CACF,CAAA;AArBY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;qCAE8B,gBAAU;GADxC,qBAAqB,CAqBjC"}
+{"version":3,"file":"extract-user.middleware.js","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4D;AAE5D,qCAAyC;AACzC,6CAAgD;AAEhD;;;;;;;;;;;GAWG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACH;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,GAAG,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;QAClD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC;QAC9C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAClC,+DAA+D;YAC/D,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE;wBAC5C,MAAM,EAAE,IAAA,qBAAY,GAAE;qBACvB,CAAC,CAAC;oBACF,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,sEAAsE;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC;CACF,CAAA;AArBY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;qCAE8B,gBAAU;GADxC,qBAAqB,CAqBjC"}

package/dist/auth/guards/jwt-auth.guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAyB,MAAM,gBAAgB,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,wDAAwD,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,MAAM,kDAAkD,CAAC;;AAGvF,qBACa,YAAa,SAAQ,iBAAgB;IAE9C,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,kBAAkB,EAAE,wBAAwB,EAC5C,aAAa,EAAE,mBAAmB,EAClC,SAAS,EAAE,SAAS;IAKjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAmF/D"}
+{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAyB,MAAM,gBAAgB,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,wDAAwD,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,MAAM,kDAAkD,CAAC;;AAIvF,qBACa,YAAa,SAAQ,iBAAgB;IAE9C,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,kBAAkB,EAAE,wBAAwB,EAC5C,aAAa,EAAE,mBAAmB,EAClC,SAAS,EAAE,SAAS;IAKjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAsF/D"}

package/dist/auth/guards/jwt-auth.guard.js

@@ -49,6 +49,7 @@ const passport_1 = require("@nestjs/passport");
 const crypto = __importStar(require("node:crypto"));
 const developer_token_repository_1 = require("../../database/repositories/developer-token.repository");
 const developer_repository_1 = require("../../database/repositories/developer.repository");
+const protocol_1 = require("@overlordai/protocol");
 const allow_totp_setup_decorator_1 = require("../decorators/allow-totp-setup.decorator");
 let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
     developerTokenRepo;
@@ -101,7 +102,7 @@ let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
             .update(rawToken)
             .digest('hex');
         const tokenRecord = this.developerTokenRepo.findByTokenHash(tokenHash);
-        if (!tokenRecord || tokenRecord.status !== 'active') {
+        if (!tokenRecord || tokenRecord.status !== protocol_1.TokenStatus.ACTIVE) {
             throw new common_1.UnauthorizedException();
         }
         // Check expiration — reject tokens with unparseable expiresAt values
@@ -116,7 +117,7 @@ let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
         }
         // Load the developer
         const developer = this.developerRepo.findById(tokenRecord.developerId);
-        if (!developer || developer.status !== 'active') {
+        if (!developer || developer.status !== protocol_1.DeveloperStatus.ACTIVE) {
             throw new common_1.UnauthorizedException();
         }
         // Attach user to request (same shape as JWT payload)
@@ -126,6 +127,8 @@ let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
             role: developer.role,
             jti: `pat-${tokenRecord.id}`,
         };
+        // Update last used timestamp for the PAT
+        this.developerTokenRepo.updateLastUsed(tokenRecord.id);
         return true;
     }
 };

package/dist/auth/guards/jwt-auth.guard.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAqF;AACrF,uCAAyC;AACzC,+CAA6C;AAC7C,oDAAsC;AACtC,uGAAkG;AAClG,2FAAuF;AACvF,yFAAgF;AAGzE,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,KAAK,CAAC;IAE7B;IACA;IACA;IAHnB,YACmB,kBAA4C,EAC5C,aAAkC,EAClC,SAAoB;QAErC,KAAK,EAAE,CAAC;QAJS,uBAAkB,GAAlB,kBAAkB,CAA0B;QAC5C,kBAAa,GAAb,aAAa,CAAqB;QAClC,cAAS,GAAT,SAAS,CAAW;IAGvC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,gBAAgB;QAChB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAO,KAAK,CAAC,WAAW,CAAC,OAAO,CAAsB,CAAC;YACtE,IAAI,MAAM,EAAE,CAAC;gBACX,4CAA4C;gBAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,IAAI,IAAI,EAAE,KAAK,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACrD,iDAAoB,EACpB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;oBACF,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,8BAAqB,CAC7B,4CAA4C,CAC7C,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IACE,GAAG,YAAY,8BAAqB;gBACpC,CAAC,GAAG,CAAC,OAAO,KAAK,4CAA4C,CAAC,EAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,6BAA6B;QAC/B,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QAClD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAErC,4EAA4E;QAC5E,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACpD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,8BAAqB,CAAC,8BAA8B,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QACvE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qDAAqD;QACrD,OAAO,CAAC,IAAI,GAAG;YACb,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,OAAO,WAAW,CAAC,EAAE,EAAE;SAC7B,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA5FY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAG4B,qDAAwB;QAC7B,0CAAmB;QACvB,gBAAS;GAJ5B,YAAY,CA4FxB"}
+{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAqF;AACrF,uCAAyC;AACzC,+CAA6C;AAC7C,oDAAsC;AACtC,uGAAkG;AAClG,2FAAuF;AACvF,mDAAoE;AACpE,yFAAgF;AAGzE,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,KAAK,CAAC;IAE7B;IACA;IACA;IAHnB,YACmB,kBAA4C,EAC5C,aAAkC,EAClC,SAAoB;QAErC,KAAK,EAAE,CAAC;QAJS,uBAAkB,GAAlB,kBAAkB,CAA0B;QAC5C,kBAAa,GAAb,aAAa,CAAqB;QAClC,cAAS,GAAT,SAAS,CAAW;IAGvC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,gBAAgB;QAChB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAO,KAAK,CAAC,WAAW,CAAC,OAAO,CAAsB,CAAC;YACtE,IAAI,MAAM,EAAE,CAAC;gBACX,4CAA4C;gBAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,IAAI,IAAI,EAAE,KAAK,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACrD,iDAAoB,EACpB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;oBACF,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,8BAAqB,CAC7B,4CAA4C,CAC7C,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IACE,GAAG,YAAY,8BAAqB;gBACpC,CAAC,GAAG,CAAC,OAAO,KAAK,4CAA4C,CAAC,EAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,6BAA6B;QAC/B,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QAClD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAErC,4EAA4E;QAC5E,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,sBAAW,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,8BAAqB,CAAC,8BAA8B,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QACvE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,0BAAe,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qDAAqD;QACrD,OAAO,CAAC,IAAI,GAAG;YACb,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,OAAO,WAAW,CAAC,EAAE,EAAE;SAC7B,CAAC;QAEF,yCAAyC;QACzC,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAEvD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA/FY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAG4B,qDAAwB;QAC7B,0CAAmB;QACvB,gBAAS;GAJ5B,YAAY,CA+FxB"}

package/dist/auth/guards/project-role.guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"project-role.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/project-role.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,gBAAgB,EAGjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAWlE,qBACa,gBAAiB,YAAW,WAAW;IAEhD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBADR,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,eAAe;IAG5C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO;CA2DhD"}
+{"version":3,"file":"project-role.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/project-role.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,gBAAgB,EAGjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAgBlE,qBACa,gBAAiB,YAAW,WAAW;IAEhD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBADR,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,eAAe;IAG5C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO;CAoDhD"}

package/dist/auth/guards/project-role.guard.js

@@ -15,6 +15,10 @@ const core_1 = require("@nestjs/core");
 const protocol_1 = require("@overlordai/protocol");
 const database_service_1 = require("../../database/database.service");
 const project_roles_decorator_1 = require("../decorators/project-roles.decorator");
+const PROJECT_ROLE_HIERARCHY = {
+    [protocol_1.ProjectRole.MEMBER]: 0,
+    [protocol_1.ProjectRole.MAINTAINER]: 1,
+};
 let ProjectRoleGuard = class ProjectRoleGuard {
     reflector;
     database;
@@ -49,14 +53,8 @@ let ProjectRoleGuard = class ProjectRoleGuard {
         if (!membership) {
             throw new common_1.ForbiddenException('Not a member of this project');
         }
-        // Check if the member's project role satisfies the requirement
-        // maintainer > member (maintainer satisfies member requirement)
-        const roleHierarchy = {
-            [protocol_1.ProjectRole.MEMBER]: 0,
-            [protocol_1.ProjectRole.MAINTAINER]: 1,
-        };
-        const memberLevel = roleHierarchy[membership.role] ?? -1;
-        const minRequired = Math.min(...requiredRoles.map((r) => roleHierarchy[r] ?? Infinity));
+        const memberLevel = PROJECT_ROLE_HIERARCHY[membership.role] ?? -1;
+        const minRequired = Math.min(...requiredRoles.map((r) => PROJECT_ROLE_HIERARCHY[r] ?? Infinity));
         if (memberLevel < minRequired) {
             throw new common_1.ForbiddenException('Insufficient project role');
         }

package/dist/auth/guards/project-role.guard.js.map

@@ -1 +1 @@
-{"version":3,"file":"project-role.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/project-role.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAKwB;AACxB,uCAAyC;AACzC,mDAAkE;AAClE,sEAAkE;AAClE,mFAA0E;AAWnE,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAER;IACA;IAFnB,YACmB,SAAoB,EACpB,QAAyB;QADzB,cAAS,GAAT,SAAS,CAAW;QACpB,aAAQ,GAAR,QAAQ,CAAiB;IACzC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAEpD,2CAAiB,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEjE,kEAAkE;QAClE,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,2BAAkB,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,IAAI,KAAK,wBAAa,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GACd,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC;QAE5D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,2BAAkB,CAAC,uCAAuC,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ;aAC7B,KAAK,EAAE;aACP,OAAO,CACN,0EAA0E,CAC3E;aACA,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAiC,CAAC;QAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,2BAAkB,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC;QAED,+DAA+D;QAC/D,gEAAgE;QAChE,MAAM,aAAa,GAA2B;YAC5C,CAAC,sBAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,CAAC,sBAAW,CAAC,UAAU,CAAC,EAAE,CAAC;SAC5B,CAAC;QAEF,MAAM,WAAW,GAAG,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAC1B,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAC1D,CAAC;QAEF,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,2BAAkB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAjEY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;qCAGmB,gBAAS;QACV,kCAAe;GAHjC,gBAAgB,CAiE5B"}
+{"version":3,"file":"project-role.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/project-role.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAKwB;AACxB,uCAAyC;AACzC,mDAAkE;AAClE,sEAAkE;AAClE,mFAA0E;AAE1E,MAAM,sBAAsB,GAA2B;IACrD,CAAC,sBAAW,CAAC,MAAM,CAAC,EAAE,CAAC;IACvB,CAAC,sBAAW,CAAC,UAAU,CAAC,EAAE,CAAC;CAC5B,CAAC;AAWK,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAER;IACA;IAFnB,YACmB,SAAoB,EACpB,QAAyB;QADzB,cAAS,GAAT,SAAS,CAAW;QACpB,aAAQ,GAAR,QAAQ,CAAiB;IACzC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAEpD,2CAAiB,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEjE,kEAAkE;QAClE,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,2BAAkB,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,IAAI,KAAK,wBAAa,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GACd,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC;QAE5D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,2BAAkB,CAAC,uCAAuC,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ;aAC7B,KAAK,EAAE;aACP,OAAO,CACN,0EAA0E,CAC3E;aACA,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAiC,CAAC;QAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,2BAAkB,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAC1B,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CACnE,CAAC;QAEF,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,2BAAkB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA1DY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;qCAGmB,gBAAS;QACV,kCAAe;GAHjC,gBAAgB,CA0D5B"}

package/dist/auth/jwt.strategy.d.ts

@@ -1,23 +1,26 @@
 import { Strategy } from 'passport-jwt';
 import { DeveloperRepository } from '../database/repositories/developer.repository';
+import { RedisService } from '../redis/redis.service';
 interface JwtPayload {
     sub: number;
     name: string;
     role: string;
     jti: string;
+    iat?: number;
     scope?: string;
 }
 declare const JwtStrategy_base: new (...args: any[]) => Strategy;
 export declare class JwtStrategy extends JwtStrategy_base {
     private readonly developerRepo;
-    constructor(developerRepo: DeveloperRepository);
-    validate(payload: JwtPayload): {
+    private readonly redis;
+    constructor(developerRepo: DeveloperRepository, redis: RedisService);
+    validate(payload: JwtPayload): Promise<{
         sub: number;
         name: string;
         role: string;
         jti: string;
         scope?: string;
-    };
+    }>;
 }
 export {};
 //# sourceMappingURL=jwt.strategy.d.ts.map

package/dist/auth/jwt.strategy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.strategy.d.ts","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAc,QAAQ,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AAEpF,UAAU,UAAU;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;AAED,qBACa,WAAY,SAAQ,gBAA0B;IAC7C,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAAb,aAAa,EAAE,mBAAmB;IAQ/D,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG;QAC7B,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB;CAmBF"}
+{"version":3,"file":"jwt.strategy.d.ts","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAc,QAAQ,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGtD,UAAU,UAAU;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;AAED,qBACa,WAAY,SAAQ,gBAA0B;IAEvD,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,KAAK;gBADL,aAAa,EAAE,mBAAmB,EAClC,KAAK,EAAE,YAAY;IAShC,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC;QAC3C,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CAwBH"}

package/dist/auth/jwt.strategy.js

@@ -13,23 +13,32 @@ exports.JwtStrategy = void 0;
 const common_1 = require("@nestjs/common");
 const passport_1 = require("@nestjs/passport");
 const passport_jwt_1 = require("passport-jwt");
+const protocol_1 = require("@overlordai/protocol");
 const developer_repository_1 = require("../database/repositories/developer.repository");
+const redis_service_1 = require("../redis/redis.service");
+const config_1 = require("../common/config");
 let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy) {
     developerRepo;
-    constructor(developerRepo) {
+    redis;
+    constructor(developerRepo, redis) {
         super({
             jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
             ignoreExpiration: false,
-            secretOrKey: process.env.JWT_SECRET || 'default-jwt-secret',
+            secretOrKey: (0, config_1.getJwtSecret)(),
         });
         this.developerRepo = developerRepo;
+        this.redis = redis;
     }
-    validate(payload) {
+    async validate(payload) {
+        const logoutTs = await this.redis.get(`logout:${payload.sub}`);
+        if (logoutTs && payload.iat && payload.iat <= Number(logoutTs)) {
+            throw new common_1.UnauthorizedException('Session invalidated by logout');
+        }
         const developer = this.developerRepo.findById(payload.sub);
         if (!developer) {
             throw new common_1.UnauthorizedException('Developer not found');
         }
-        if (developer.status !== 'active') {
+        if (developer.status !== protocol_1.DeveloperStatus.ACTIVE) {
             throw new common_1.UnauthorizedException('Developer account is inactive');
         }
         return {
@@ -44,6 +53,7 @@ let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(pas
 exports.JwtStrategy = JwtStrategy;
 exports.JwtStrategy = JwtStrategy = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [developer_repository_1.DeveloperRepository])
+    __metadata("design:paramtypes", [developer_repository_1.DeveloperRepository,
+        redis_service_1.RedisService])
 ], JwtStrategy);
 //# sourceMappingURL=jwt.strategy.js.map

package/dist/auth/jwt.strategy.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,+CAAoD;AACpD,+CAAoD;AACpD,wFAAoF;AAW7E,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAC5B;IAA7B,YAA6B,aAAkC;QAC7D,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;SAC5D,CAAC,CAAC;QALwB,kBAAa,GAAb,aAAa,CAAqB;IAM/D,CAAC;IAED,QAAQ,CAAC,OAAmB;QAO1B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE3D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC;QACnE,CAAC;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC;IACJ,CAAC;CACF,CAAA;AAlCY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAEiC,0CAAmB;GADpD,WAAW,CAkCvB"}
+{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/auth/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,+CAAoD;AACpD,+CAAoD;AACpD,mDAAuD;AACvD,wFAAoF;AACpF,0DAAsD;AACtD,6CAAgD;AAYzC,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAEtC;IACA;IAFnB,YACmB,aAAkC,EAClC,KAAmB;QAEpC,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,IAAA,qBAAY,GAAE;SAC5B,CAAC,CAAC;QAPc,kBAAa,GAAb,aAAa,CAAqB;QAClC,UAAK,GAAL,KAAK,CAAc;IAOtC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAmB;QAOhC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/D,IAAI,QAAQ,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE3D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,0BAAe,CAAC,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC;QACnE,CAAC;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC;IACJ,CAAC;CACF,CAAA;AA1CY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAGuB,0CAAmB;QAC3B,4BAAY;GAH3B,WAAW,CA0CvB"}

package/dist/common/command-parser.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Shared command parser for all bot adapters (Lark, Slack, etc.).
+ *
+ * Extracts a structured ParsedCommand from raw user text.
+ */
+export interface ParsedCommand {
+    type: 'DEVELOP' | 'CANCEL' | 'RETRY';
+    description?: string;
+    project?: string;
+    worker?: string;
+    reviewers?: string[];
+    taskId?: number;
+}
+export declare class CommandParser {
+    /**
+     * Parse raw text into a structured command.
+     * Returns null if the text is empty or the command is unrecognised.
+     */
+    static parse(text: string): ParsedCommand | null;
+    private static parseDevelop;
+    private static parseCancelOrRetry;
+    private static extractTaskId;
+    /**
+     * Tokenize input text, respecting single and double-quoted strings.
+     * Quotes are stripped from the resulting tokens.
+     */
+    private static tokenize;
+}
+//# sourceMappingURL=command-parser.d.ts.map

package/dist/common/command-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-parser.d.ts","sourceRoot":"","sources":["../../src/common/command-parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAUD,qBAAa,aAAa;IACxB;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IA2BhD,OAAO,CAAC,MAAM,CAAC,YAAY;IA0D3B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAajC,OAAO,CAAC,MAAM,CAAC,aAAa;IAU5B;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ;CAcxB"}