@pellux/goodvibes-sdk 0.18.49 → 0.18.51

package/dist/_internal/errors/index.d.ts

@@ -2,6 +2,20 @@ import type { DaemonErrorCategory, DaemonErrorSource, StructuredDaemonErrorBody
 export type { DaemonErrorCategory, DaemonErrorSource, StructuredDaemonErrorBody, } from './daemon-error-contract.js';
 export type ErrorCategory = DaemonErrorCategory | 'contract';
 export type ErrorSource = DaemonErrorSource | 'contract';
+/**
+ * Tagged union discriminant for all SDK errors. Use this for exhaustive
+ * switch/if-else handling instead of `instanceof` chains.
+ *
+ * @example
+ * if (error instanceof GoodVibesSdkError) {
+ *   if (error.kind === 'rate-limit') {
+ *     await delay(error.retryAfterMs ?? 1000);
+ *   } else if (error.kind === 'auth') {
+ *     // refresh credentials
+ *   }
+ * }
+ */
+export type SDKErrorKind = 'auth' | 'config' | 'contract' | 'network' | 'not-found' | 'rate-limit' | 'server' | 'validation' | 'unknown';
 export interface GoodVibesSdkErrorOptions {
     readonly code?: string;
     readonly category?: ErrorCategory;
@@ -45,6 +59,7 @@ export declare const RETRYABLE_STATUS_CODES: readonly number[];
  * ```
  */
 export declare class GoodVibesSdkError extends Error {
+    readonly kind: SDKErrorKind;
     readonly code?: string;
     readonly category: ErrorCategory;
     readonly source: ErrorSource;
@@ -68,7 +83,10 @@ export declare class GoodVibesSdkError extends Error {
  * implementation available, or calling a mutation on a read-only auth resolver).
  *
  * Always non-recoverable (`recoverable: false`).
- * Category: `'config'`.
+ * Category: `'config'`. Kind: `'config'`.
+ *
+ * @deprecated Use `error.kind === 'config'` instead of `instanceof ConfigurationError`.
+ * This class is preserved for backward compatibility and still throws normally.
  *
  * @example
  * import { ConfigurationError } from '@pellux/goodvibes-sdk';
@@ -89,7 +107,10 @@ export declare class ConfigurationError extends GoodVibesSdkError {
  * (unexpected shape, missing required fields, etc.).
  *
  * Always non-recoverable (`recoverable: false`).
- * Category: `'contract'`.
+ * Category: `'contract'`. Kind: `'contract'`.
+ *
+ * @deprecated Use `error.kind === 'contract'` instead of `instanceof ContractError`.
+ * This class is preserved for backward compatibility and still throws normally.
  *
  * @example
  * import { ContractError } from '@pellux/goodvibes-sdk';
@@ -117,6 +138,10 @@ export declare class ContractError extends GoodVibesSdkError {
  * Use `recoverable` to decide whether to retry, and `retryAfterMs` for
  * the backoff hint on rate-limit responses.
  *
+ * @deprecated Use `error.kind` instead of `instanceof HttpStatusError`.
+ * For example: `error.kind === 'rate-limit'`, `error.kind === 'auth'`, `error.kind === 'server'`.
+ * This class is preserved for backward compatibility and still throws normally.
+ *
  * @example
  * import { HttpStatusError } from '@pellux/goodvibes-sdk';
  *

package/dist/_internal/errors/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/_internal/errors/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EAC1B,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,4BAA4B,CAAC;AAEpC,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,UAAU,CAAC;AAE7D,MAAM,MAAM,WAAW,GAAG,iBAAiB,GAAG,UAAU,CAAC;AAEzD,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,eAAO,MAAM,sBAAsB,EAAE,SAAS,MAAM,EAAmC,CAAC;AAcxF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,QAAQ,EAAE,aAAa,CAAC;IACxC,SAAgB,MAAM,EAAE,WAAW,CAAC;IACpC,SAAgB,WAAW,EAAE,OAAO,CAAC;IACrC,SAAgB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChC,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAgB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChC,SAAgB,IAAI,CAAC,EAAE,OAAO,CAAC;IAC/B,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClC,SAAgB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnC,SAAgB,KAAK,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAgB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;gBAE1B,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CAoBpE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;gBAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CASpE;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,aAAc,SAAQ,iBAAiB;gBACtC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CASpE;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,eAAgB,SAAQ,iBAAiB;gBACxC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CAOpE;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,yBAAyB,CAE9F;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,OAAO,GACZ,eAAe,CAgCjB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/_internal/errors/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EAC1B,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,4BAA4B,CAAC;AAEpC,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,UAAU,CAAC;AAE7D,MAAM,MAAM,WAAW,GAAG,iBAAiB,GAAG,UAAU,CAAC;AAEzD;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,YAAY,GACpB,MAAM,GACN,QAAQ,GACR,UAAU,GACV,SAAS,GACT,WAAW,GACX,YAAY,GACZ,QAAQ,GACR,YAAY,GACZ,SAAS,CAAC;AAiCd,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,eAAO,MAAM,sBAAsB,EAAE,SAAS,MAAM,EAAmC,CAAC;AAcxF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,SAAgB,IAAI,EAAE,YAAY,CAAC;IACnC,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,QAAQ,EAAE,aAAa,CAAC;IACxC,SAAgB,MAAM,EAAE,WAAW,CAAC;IACpC,SAAgB,WAAW,EAAE,OAAO,CAAC;IACrC,SAAgB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChC,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAgB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChC,SAAgB,IAAI,CAAC,EAAE,OAAO,CAAC;IAC/B,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClC,SAAgB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnC,SAAgB,KAAK,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAgB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtC,SAAgB,YAAY,CAAC,EAAE,MAAM,CAAC;gBAE1B,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CAqBpE;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;gBAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CASpE;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,aAAc,SAAQ,iBAAiB;gBACtC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CASpE;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,qBAAa,eAAgB,SAAQ,iBAAiB;gBACxC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B;CAOpE;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,yBAAyB,CAE9F;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,OAAO,GACZ,eAAe,CAgCjB"}

package/dist/_internal/errors/index.js

@@ -1,3 +1,33 @@
+function inferKind(category) {
+    switch (category) {
+        case 'authentication':
+        case 'authorization':
+        case 'billing':
+        case 'permission':
+            return 'auth';
+        case 'config':
+            return 'config';
+        case 'contract':
+            return 'contract';
+        case 'network':
+        case 'timeout':
+            return 'network';
+        case 'not_found':
+            return 'not-found';
+        case 'rate_limit':
+            return 'rate-limit';
+        case 'protocol':
+        case 'service':
+        case 'internal':
+            return 'server';
+        case 'bad_request':
+            return 'validation';
+        case 'tool':
+        case 'unknown':
+        default:
+            return 'unknown';
+    }
+}
 export const RETRYABLE_STATUS_CODES = [408, 429, 500, 502, 503, 504];
 function inferCategory(status) {
     if (status === 400)
@@ -42,6 +72,7 @@ function inferCategory(status) {
  * ```
  */
 export class GoodVibesSdkError extends Error {
+    kind;
     code;
     category;
     source;
@@ -63,6 +94,7 @@ export class GoodVibesSdkError extends Error {
         this.name = this.constructor.name;
         this.code = options.code;
         this.category = options.category ?? inferCategory(options.status);
+        this.kind = inferKind(this.category);
         this.source = options.source ?? 'unknown';
         this.recoverable = options.recoverable ?? (options.status !== undefined && RETRYABLE_STATUS_CODES.includes(options.status));
         this.status = options.status;
@@ -84,7 +116,10 @@ export class GoodVibesSdkError extends Error {
  * implementation available, or calling a mutation on a read-only auth resolver).
  *
  * Always non-recoverable (`recoverable: false`).
- * Category: `'config'`.
+ * Category: `'config'`. Kind: `'config'`.
+ *
+ * @deprecated Use `error.kind === 'config'` instead of `instanceof ConfigurationError`.
+ * This class is preserved for backward compatibility and still throws normally.
  *
  * @example
  * import { ConfigurationError } from '@pellux/goodvibes-sdk';
@@ -113,7 +148,10 @@ export class ConfigurationError extends GoodVibesSdkError {
  * (unexpected shape, missing required fields, etc.).
  *
  * Always non-recoverable (`recoverable: false`).
- * Category: `'contract'`.
+ * Category: `'contract'`. Kind: `'contract'`.
+ *
+ * @deprecated Use `error.kind === 'contract'` instead of `instanceof ContractError`.
+ * This class is preserved for backward compatibility and still throws normally.
  *
  * @example
  * import { ContractError } from '@pellux/goodvibes-sdk';
@@ -149,6 +187,10 @@ export class ContractError extends GoodVibesSdkError {
  * Use `recoverable` to decide whether to retry, and `retryAfterMs` for
  * the backoff hint on rate-limit responses.
  *
+ * @deprecated Use `error.kind` instead of `instanceof HttpStatusError`.
+ * For example: `error.kind === 'rate-limit'`, `error.kind === 'auth'`, `error.kind === 'server'`.
+ * This class is preserved for backward compatibility and still throws normally.
+ *
  * @example
  * import { HttpStatusError } from '@pellux/goodvibes-sdk';
  *

package/dist/_internal/platform/auth/index.d.ts

@@ -0,0 +1,4 @@
+export { PermissionResolver } from './permission-resolver.js';
+export { SessionManager } from './session-manager.js';
+export { TokenStore } from './token-store.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/_internal/platform/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/_internal/platform/auth/index.js

@@ -0,0 +1,7 @@
+// OAuthClient is intentionally NOT re-exported from this barrel.
+// It depends on node:crypto (via oauth-core.ts) and must not enter the
+// React Native / browser module graph.
+// Consumers: import OAuthClient from @pellux/goodvibes-sdk/oauth (Node only).
+export { PermissionResolver } from './permission-resolver.js';
+export { SessionManager } from './session-manager.js';
+export { TokenStore } from './token-store.js';

package/dist/_internal/platform/auth/oauth-client.d.ts

@@ -0,0 +1,45 @@
+/**
+ * OAuthClient — Focused responsibility: OAuth 2.0 / PKCE flows.
+ *
+ * Wraps the pure functions in `oauth-core.ts` behind a class boundary so
+ * callers can inject config once and call methods, rather than threading
+ * `OAuthProviderConfig` through every call.
+ */
+import type { OAuthProviderConfig } from '../config/subscriptions.js';
+export type { OAuthStartState, OAuthTokenPayload } from './oauth-types.js';
+import type { OAuthStartState, OAuthTokenPayload } from './oauth-types.js';
+export declare class OAuthClient {
+    #private;
+    constructor(config: OAuthProviderConfig);
+    /**
+     * Build the authorization URL and PKCE state needed to start an OAuth flow.
+     * Redirect the user's browser to `result.authorizationUrl`.
+     */
+    beginAuthorization(input?: {
+        readonly state?: string;
+        readonly verifier?: string;
+        readonly redirectUri?: string;
+    }): Promise<OAuthStartState>;
+    /**
+     * Exchange an authorization code (returned via the redirect) for tokens.
+     * Use the `state` and `verifier` from the matching `beginAuthorization` call.
+     */
+    exchangeCode(input: {
+        readonly code: string;
+        readonly verifier: string;
+        readonly redirectUri: string;
+        readonly state?: string;
+    }): Promise<OAuthTokenPayload>;
+    /**
+     * Use a refresh token to obtain a new access token without user interaction.
+     */
+    refreshToken(refreshToken: string): Promise<OAuthTokenPayload>;
+    /**
+     * Decode a JWT access token's payload without verification.
+     * Returns null when the token is malformed.
+     */
+    decodeJwtPayload(token: string): Record<string, unknown> | null;
+    /** Expose the provider config this client was built from. */
+    get config(): OAuthProviderConfig;
+}
+//# sourceMappingURL=oauth-client.d.ts.map

package/dist/_internal/platform/auth/oauth-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/oauth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAOtE,YAAY,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC3E,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE3E,qBAAa,WAAW;;gBAGV,MAAM,EAAE,mBAAmB;IAIvC;;;OAGG;IACG,kBAAkB,CAAC,KAAK,CAAC,EAAE;QAC/B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;KAC/B,GAAG,OAAO,CAAC,eAAe,CAAC;IAI5B;;;OAGG;IACG,YAAY,CAAC,KAAK,EAAE;QACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAI9B;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIpE;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI/D,6DAA6D;IAC7D,IAAI,MAAM,IAAI,mBAAmB,CAEhC;CACF"}

package/dist/_internal/platform/auth/oauth-client.js

@@ -0,0 +1,45 @@
+/**
+ * OAuthClient — Focused responsibility: OAuth 2.0 / PKCE flows.
+ *
+ * Wraps the pure functions in `oauth-core.ts` behind a class boundary so
+ * callers can inject config once and call methods, rather than threading
+ * `OAuthProviderConfig` through every call.
+ */
+import { buildOAuthAuthorizationStart, decodeJwtPayload, exchangeOAuthAuthorizationCode, refreshOAuthAccessToken, } from '../runtime/auth/oauth-core.js';
+export class OAuthClient {
+    #config;
+    constructor(config) {
+        this.#config = config;
+    }
+    /**
+     * Build the authorization URL and PKCE state needed to start an OAuth flow.
+     * Redirect the user's browser to `result.authorizationUrl`.
+     */
+    async beginAuthorization(input) {
+        return buildOAuthAuthorizationStart(this.#config, input);
+    }
+    /**
+     * Exchange an authorization code (returned via the redirect) for tokens.
+     * Use the `state` and `verifier` from the matching `beginAuthorization` call.
+     */
+    async exchangeCode(input) {
+        return exchangeOAuthAuthorizationCode(this.#config, input);
+    }
+    /**
+     * Use a refresh token to obtain a new access token without user interaction.
+     */
+    async refreshToken(refreshToken) {
+        return refreshOAuthAccessToken(this.#config, refreshToken);
+    }
+    /**
+     * Decode a JWT access token's payload without verification.
+     * Returns null when the token is malformed.
+     */
+    decodeJwtPayload(token) {
+        return decodeJwtPayload(token);
+    }
+    /** Expose the provider config this client was built from. */
+    get config() {
+        return this.#config;
+    }
+}

package/dist/_internal/platform/auth/oauth-types.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Shared OAuth type definitions.
+ *
+ * Isolated from oauth-core.ts so that these types can be re-exported from
+ * runtime-neutral entry points (auth.ts, react-native.ts, browser.ts, etc.)
+ * without pulling in node:crypto.
+ */
+export interface OAuthStartState {
+    readonly authorizationUrl: string;
+    readonly state: string;
+    readonly verifier: string;
+    readonly redirectUri: string;
+}
+export interface OAuthTokenPayload {
+    readonly accessToken: string;
+    readonly refreshToken?: string;
+    readonly tokenType: string;
+    readonly expiresAt?: number;
+    readonly scopes?: readonly string[];
+}
+//# sourceMappingURL=oauth-types.d.ts.map

package/dist/_internal/platform/auth/oauth-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-types.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/oauth-types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC"}

package/dist/_internal/platform/auth/oauth-types.js

@@ -0,0 +1,8 @@
+/**
+ * Shared OAuth type definitions.
+ *
+ * Isolated from oauth-core.ts so that these types can be re-exported from
+ * runtime-neutral entry points (auth.ts, react-native.ts, browser.ts, etc.)
+ * without pulling in node:crypto.
+ */
+export {};

package/dist/_internal/platform/auth/permission-resolver.d.ts

@@ -0,0 +1,35 @@
+/**
+ * PermissionResolver — Focused responsibility: role and scope checks.
+ *
+ * Inspects a `ControlPlaneAuthSnapshot` to answer permission questions.
+ * Callers that only need access control checks can use this directly
+ * rather than traversing the full auth snapshot themselves.
+ */
+import type { ControlPlaneAuthSnapshot } from '../control-plane/auth-snapshot.js';
+export declare class PermissionResolver {
+    #private;
+    constructor(snapshot: ControlPlaneAuthSnapshot);
+    /** Whether the current principal is authenticated. */
+    get authenticated(): boolean;
+    /** Whether the current principal has admin privileges. */
+    get isAdmin(): boolean;
+    /** The principal identifier (user/bot/service id), or null when anonymous. */
+    get principalId(): string | null;
+    /** The kind of the current principal. */
+    get principalKind(): ControlPlaneAuthSnapshot['principalKind'];
+    /** Return true when the principal holds the given role. */
+    hasRole(role: string): boolean;
+    /** Return true when the principal holds ALL of the given roles. */
+    hasAllRoles(roles: readonly string[]): boolean;
+    /** Return true when the principal holds ANY of the given roles. */
+    hasAnyRole(roles: readonly string[]): boolean;
+    /** Return true when the principal holds the given scope. */
+    hasScope(scope: string): boolean;
+    /** Return true when the principal holds ALL of the given scopes. */
+    hasAllScopes(scopes: readonly string[]): boolean;
+    /** Return true when the principal holds ANY of the given scopes. */
+    hasAnyScope(scopes: readonly string[]): boolean;
+    /** Expose the raw snapshot for direct inspection. */
+    get snapshot(): ControlPlaneAuthSnapshot;
+}
+//# sourceMappingURL=permission-resolver.d.ts.map

package/dist/_internal/platform/auth/permission-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-resolver.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/permission-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAElF,qBAAa,kBAAkB;;gBAGjB,QAAQ,EAAE,wBAAwB;IAI9C,sDAAsD;IACtD,IAAI,aAAa,IAAI,OAAO,CAE3B;IAED,0DAA0D;IAC1D,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,8EAA8E;IAC9E,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,yCAAyC;IACzC,IAAI,aAAa,IAAI,wBAAwB,CAAC,eAAe,CAAC,CAE7D;IAED,2DAA2D;IAC3D,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B,mEAAmE;IACnE,WAAW,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO;IAI9C,mEAAmE;IACnE,UAAU,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO;IAI7C,4DAA4D;IAC5D,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhC,oEAAoE;IACpE,YAAY,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO;IAIhD,oEAAoE;IACpE,WAAW,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO;IAI/C,qDAAqD;IACrD,IAAI,QAAQ,IAAI,wBAAwB,CAEvC;CACF"}

package/dist/_internal/platform/auth/permission-resolver.js

@@ -0,0 +1,57 @@
+/**
+ * PermissionResolver — Focused responsibility: role and scope checks.
+ *
+ * Inspects a `ControlPlaneAuthSnapshot` to answer permission questions.
+ * Callers that only need access control checks can use this directly
+ * rather than traversing the full auth snapshot themselves.
+ */
+export class PermissionResolver {
+    #snapshot;
+    constructor(snapshot) {
+        this.#snapshot = snapshot;
+    }
+    /** Whether the current principal is authenticated. */
+    get authenticated() {
+        return this.#snapshot.authenticated;
+    }
+    /** Whether the current principal has admin privileges. */
+    get isAdmin() {
+        return this.#snapshot.admin;
+    }
+    /** The principal identifier (user/bot/service id), or null when anonymous. */
+    get principalId() {
+        return this.#snapshot.principalId;
+    }
+    /** The kind of the current principal. */
+    get principalKind() {
+        return this.#snapshot.principalKind;
+    }
+    /** Return true when the principal holds the given role. */
+    hasRole(role) {
+        return this.#snapshot.roles.includes(role);
+    }
+    /** Return true when the principal holds ALL of the given roles. */
+    hasAllRoles(roles) {
+        return roles.every((role) => this.#snapshot.roles.includes(role));
+    }
+    /** Return true when the principal holds ANY of the given roles. */
+    hasAnyRole(roles) {
+        return roles.some((role) => this.#snapshot.roles.includes(role));
+    }
+    /** Return true when the principal holds the given scope. */
+    hasScope(scope) {
+        return this.#snapshot.scopes.includes(scope);
+    }
+    /** Return true when the principal holds ALL of the given scopes. */
+    hasAllScopes(scopes) {
+        return scopes.every((scope) => this.#snapshot.scopes.includes(scope));
+    }
+    /** Return true when the principal holds ANY of the given scopes. */
+    hasAnyScope(scopes) {
+        return scopes.some((scope) => this.#snapshot.scopes.includes(scope));
+    }
+    /** Expose the raw snapshot for direct inspection. */
+    get snapshot() {
+        return this.#snapshot;
+    }
+}

package/dist/_internal/platform/auth/session-manager.d.ts

@@ -0,0 +1,31 @@
+/**
+ * SessionManager — Focused responsibility: session lifecycle.
+ *
+ * Manages the login/logout lifecycle and ties token persistence to login
+ * results. Decoupled from transport and token storage implementations.
+ */
+import type { OperatorSdk } from '../../operator/index.js';
+import type { GoodVibesAuthLoginOptions, GoodVibesCurrentAuth, GoodVibesLoginInput, GoodVibesLoginOutput } from '../../../auth.js';
+import { TokenStore } from './token-store.js';
+export declare class SessionManager {
+    #private;
+    constructor(operator: OperatorSdk, tokenStore: TokenStore | null);
+    /**
+     * Return the current auth state from the daemon control plane.
+     * Does not require a writable token store.
+     */
+    current(): Promise<GoodVibesCurrentAuth>;
+    /**
+     * Perform a login and, when `persistToken` is not false, automatically
+     * persist the returned token into the configured token store.
+     */
+    login(input: GoodVibesLoginInput, options?: GoodVibesAuthLoginOptions): Promise<GoodVibesLoginOutput>;
+    /**
+     * Whether this session manager has a writable token store.
+     * Read-only instances (using a raw `getAuthToken` resolver) return false.
+     */
+    get writable(): boolean;
+    /** Access the underlying TokenStore (null when using a read-only resolver). */
+    get tokenStore(): TokenStore | null;
+}
+//# sourceMappingURL=session-manager.d.ts.map

package/dist/_internal/platform/auth/session-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-manager.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/session-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,KAAK,EACV,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,qBAAa,cAAc;;gBAIb,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI;IAKhE;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAI9C;;;OAGG;IACG,KAAK,CACT,KAAK,EAAE,mBAAmB,EAC1B,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,oBAAoB,CAAC;IAQhC;;;OAGG;IACH,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,+EAA+E;IAC/E,IAAI,UAAU,IAAI,UAAU,GAAG,IAAI,CAElC;CACF"}

package/dist/_internal/platform/auth/session-manager.js

@@ -0,0 +1,44 @@
+/**
+ * SessionManager — Focused responsibility: session lifecycle.
+ *
+ * Manages the login/logout lifecycle and ties token persistence to login
+ * results. Decoupled from transport and token storage implementations.
+ */
+import { TokenStore } from './token-store.js';
+export class SessionManager {
+    #operator;
+    #tokenStore;
+    constructor(operator, tokenStore) {
+        this.#operator = operator;
+        this.#tokenStore = tokenStore;
+    }
+    /**
+     * Return the current auth state from the daemon control plane.
+     * Does not require a writable token store.
+     */
+    async current() {
+        return this.#operator.control.auth.current();
+    }
+    /**
+     * Perform a login and, when `persistToken` is not false, automatically
+     * persist the returned token into the configured token store.
+     */
+    async login(input, options = {}) {
+        const result = await this.#operator.control.auth.login(input);
+        if ((options.persistToken ?? true) && this.#tokenStore) {
+            await this.#tokenStore.setToken(result.token);
+        }
+        return result;
+    }
+    /**
+     * Whether this session manager has a writable token store.
+     * Read-only instances (using a raw `getAuthToken` resolver) return false.
+     */
+    get writable() {
+        return this.#tokenStore !== null;
+    }
+    /** Access the underlying TokenStore (null when using a read-only resolver). */
+    get tokenStore() {
+        return this.#tokenStore;
+    }
+}

package/dist/_internal/platform/auth/token-store.d.ts

@@ -0,0 +1,23 @@
+/**
+ * TokenStore — Focused responsibility: token persistence.
+ *
+ * Owns all read/write/clear operations on a `GoodVibesTokenStore`. Consumers
+ * that only need token storage can interact with this class directly rather
+ * than going through the full auth client.
+ */
+import type { GoodVibesTokenStore } from '../../../auth.js';
+export declare class TokenStore {
+    #private;
+    constructor(store: GoodVibesTokenStore);
+    /** Return the current token, or null if none is stored. */
+    getToken(): Promise<string | null>;
+    /** Persist a new token, or clear storage when null. */
+    setToken(token: string | null): Promise<void>;
+    /** Clear the stored token. */
+    clearToken(): Promise<void>;
+    /** Return true when a non-empty token is currently stored. */
+    hasToken(): Promise<boolean>;
+    /** Expose the underlying store for interop with existing consumers. */
+    get store(): GoodVibesTokenStore;
+}
+//# sourceMappingURL=token-store.d.ts.map

package/dist/_internal/platform/auth/token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/auth/token-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,qBAAa,UAAU;;gBAGT,KAAK,EAAE,mBAAmB;IAItC,2DAA2D;IACrD,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxC,uDAAuD;IACjD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,8BAA8B;IACxB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC,8DAA8D;IACxD,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC;IAKlC,uEAAuE;IACvE,IAAI,KAAK,IAAI,mBAAmB,CAE/B;CACF"}

package/dist/_internal/platform/auth/token-store.js

@@ -0,0 +1,34 @@
+/**
+ * TokenStore — Focused responsibility: token persistence.
+ *
+ * Owns all read/write/clear operations on a `GoodVibesTokenStore`. Consumers
+ * that only need token storage can interact with this class directly rather
+ * than going through the full auth client.
+ */
+export class TokenStore {
+    #store;
+    constructor(store) {
+        this.#store = store;
+    }
+    /** Return the current token, or null if none is stored. */
+    async getToken() {
+        return this.#store.getToken();
+    }
+    /** Persist a new token, or clear storage when null. */
+    async setToken(token) {
+        return this.#store.setToken(token);
+    }
+    /** Clear the stored token. */
+    async clearToken() {
+        return this.#store.clearToken();
+    }
+    /** Return true when a non-empty token is currently stored. */
+    async hasToken() {
+        const token = await this.#store.getToken();
+        return typeof token === 'string' && token.length > 0;
+    }
+    /** Expose the underlying store for interop with existing consumers. */
+    get store() {
+        return this.#store;
+    }
+}

package/dist/_internal/platform/config/openai-codex-auth.d.ts

@@ -15,7 +15,7 @@ export interface OpenAICodexTokenResult {
     readonly expiresAt: number;
     readonly scopes?: readonly string[];
 }
-export declare function beginOpenAICodexLogin(): OpenAICodexLoginStart;
+export declare function beginOpenAICodexLogin(): Promise<OpenAICodexLoginStart>;
 export declare function exchangeOpenAICodexCode(code: string, verifier: string): Promise<OpenAICodexTokenResult>;
 export declare function refreshOpenAICodexToken(refreshToken: string): Promise<OpenAICodexTokenResult>;
 //# sourceMappingURL=openai-codex-auth.d.ts.map

package/dist/_internal/platform/config/openai-codex-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"openai-codex-auth.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/config/openai-codex-auth.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,sBAAsB,iCAAiC,CAAC;AACrE,eAAO,MAAM,0BAA0B,4CAA4C,CAAC;AACpF,eAAO,MAAM,sBAAsB,wCAAwC,CAAC;AAC5E,eAAO,MAAM,yBAAyB,wCAAwC,CAAC;AAG/E,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC;AAED,wBAAgB,qBAAqB,IAAI,qBAAqB,CAsB7D;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAyB7G;AAED,wBAAsB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAqBnG"}
+{"version":3,"file":"openai-codex-auth.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/config/openai-codex-auth.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,sBAAsB,iCAAiC,CAAC;AACrE,eAAO,MAAM,0BAA0B,4CAA4C,CAAC;AACpF,eAAO,MAAM,sBAAsB,wCAAwC,CAAC;AAC5E,eAAO,MAAM,yBAAyB,wCAAwC,CAAC;AAG/E,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC;AAED,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAsB5E;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAyB7G;AAED,wBAAsB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAqBnG"}

package/dist/_internal/platform/config/openai-codex-auth.js

@@ -4,8 +4,8 @@ export const OPENAI_CODEX_AUTHORIZE_URL = 'https://auth.openai.com/oauth/authori
 export const OPENAI_CODEX_TOKEN_URL = 'https://auth.openai.com/oauth/token';
 export const OPENAI_CODEX_REDIRECT_URI = 'http://localhost:1455/auth/callback';
 const OPENAI_CODEX_SCOPE = 'openid profile email offline_access';
-export function beginOpenAICodexLogin() {
-    const started = buildOAuthAuthorizationStart({
+export async function beginOpenAICodexLogin() {
+    const started = await buildOAuthAuthorizationStart({
         authUrl: OPENAI_CODEX_AUTHORIZE_URL,
         tokenUrl: OPENAI_CODEX_TOKEN_URL,
         clientId: OPENAI_CODEX_CLIENT_ID,

package/dist/_internal/platform/config/subscriptions.d.ts

@@ -51,10 +51,10 @@ export declare class SubscriptionManager {
     get(provider: string): ProviderSubscription | null;
     getAccessToken(provider: string): string | null;
     resolveAccessToken(provider: string, config: OAuthProviderConfig): Promise<string | null>;
-    beginOAuthLogin(provider: string, config: OAuthProviderConfig): {
+    beginOAuthLogin(provider: string, config: OAuthProviderConfig): Promise<{
         authorizationUrl: string;
         pending: PendingSubscriptionLogin;
-    };
+    }>;
     completeOAuthLogin(provider: string, config: OAuthProviderConfig, code: string): Promise<ProviderSubscription>;
     refreshOAuthToken(provider: string, config: OAuthProviderConfig): Promise<ProviderSubscription>;
     logout(provider: string): boolean;

package/dist/_internal/platform/config/subscriptions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"subscriptions.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/config/subscriptions.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChD,QAAQ,CAAC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IAC9C,QAAQ,CAAC,kBAAkB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAClF,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAClD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IACpF,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAC1C,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;KACjC,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAaD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;gBAEX,IAAI,EAAE,MAAM;IAI/B,OAAO,CAAC,IAAI;IAaZ,OAAO,CAAC,KAAK;IAKN,IAAI,IAAI,oBAAoB,EAAE;IAI9B,WAAW,IAAI,wBAAwB,EAAE;IAIzC,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB,GAAG,IAAI;IAIlD,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAMzC,kBAAkB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASlB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,GAAG;QAAE,gBAAgB,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,wBAAwB,CAAA;KAAE;IAqBzH,kBAAkB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,EAC3B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,oBAAoB,CAAC;IAoCnB,iBAAiB,CAC5B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,oBAAoB,CAAC;IAkCzB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IASjC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,wBAAwB,GAAG,IAAI;IAI7D,WAAW,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI;IAMpD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAMpC,gBAAgB,CAAC,YAAY,EAAE,oBAAoB,GAAG,oBAAoB;CAOlF"}
+{"version":3,"file":"subscriptions.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/config/subscriptions.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChD,QAAQ,CAAC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IAC9C,QAAQ,CAAC,kBAAkB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAClF,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAClD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IACpF,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAC1C,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;KACjC,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAaD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;gBAEX,IAAI,EAAE,MAAM;IAI/B,OAAO,CAAC,IAAI;IAaZ,OAAO,CAAC,KAAK;IAKN,IAAI,IAAI,oBAAoB,EAAE;IAI9B,WAAW,IAAI,wBAAwB,EAAE;IAIzC,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB,GAAG,IAAI;IAIlD,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAMzC,kBAAkB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASZ,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAAE,gBAAgB,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,wBAAwB,CAAA;KAAE,CAAC;IAqBxI,kBAAkB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,EAC3B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,oBAAoB,CAAC;IAoCnB,iBAAiB,CAC5B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,oBAAoB,CAAC;IAkCzB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IASjC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,wBAAwB,GAAG,IAAI;IAI7D,WAAW,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI;IAMpD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAMpC,gBAAgB,CAAC,YAAY,EAAE,oBAAoB,GAAG,oBAAoB;CAOlF"}

package/dist/_internal/platform/config/subscriptions.js

@@ -52,7 +52,7 @@ export class SubscriptionManager {
             : subscription;
         return active.accessToken;
     }
-    beginOAuthLogin(provider, config) {
+    async beginOAuthLogin(provider, config) {
         const store = this.read();
         const state = createOAuthState();
         const verifier = createPkceVerifier();
@@ -64,7 +64,7 @@ export class SubscriptionManager {
             redirectUri,
             createdAt: Date.now(),
         };
-        const started = buildOAuthAuthorizationStart(config, { state, verifier, redirectUri });
+        const started = await buildOAuthAuthorizationStart(config, { state, verifier, redirectUri });
         store.pending[provider] = pending;
         this.write(store);
         return {