npm - @quantiya/codevibe-claude-plugin - Versions diffs - 1.0.13 → 1.0.15 - Mend

@quantiya/codevibe-claude-plugin 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (439) hide show

package/node_modules/@quantiya/codevibe-core/dist/index.js ADDED Viewed

@@ -0,0 +1,220 @@
+"use strict";var Ze=Object.create;var Y=Object.defineProperty;var et=Object.getOwnPropertyDescriptor;var tt=Object.getOwnPropertyNames;var nt=Object.getPrototypeOf,rt=Object.prototype.hasOwnProperty;var E=(r,e)=>()=>(r&&(e=r(r=0)),e);var Te=(r,e)=>{for(var t in e)Y(r,t,{get:e[t],enumerable:!0})},xe=(r,e,t,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of tt(e))!rt.call(r,s)&&s!==t&&Y(r,s,{get:()=>e[s],enumerable:!(n=et(e,s))||n.enumerable});return r};var y=(r,e,t)=>(t=r!=null?Ze(nt(r)):{},xe(e||!r||!r.__esModule?Y(t,"default",{value:r,enumerable:!0}):t,r)),st=r=>xe(Y({},"__esModule",{value:!0}),r);function it(r,e){if(e instanceof Error){let t={name:e.name,message:e.message};e.stack&&(t.stack=e.stack);for(let n of Object.keys(e))n in t||(t[n]=e[n]);return t}return e}function se(r){return new P(r)}var R,G,Ce,Ae,P,c,Pe=E(()=>{"use strict";R=y(require("fs")),G=y(require("path")),Ce=y(require("os")),Ae={debug:0,info:1,warn:2,error:3};P=class{constructor(e){this.name=e.name,this.logFile=e.logFile,this.level=e.level||"info",this.enableConsole=e.console??!1,this.logFile&&this.ensureLogDir()}ensureLogDir(){if(this.logFile){let e=G.dirname(this.logFile);R.existsSync(e)||R.mkdirSync(e,{recursive:!0})}}shouldLog(e){return Ae[e]>=Ae[this.level]}formatMessage(e,t,n){let s=new Date().toISOString(),i=e.toUpperCase().padEnd(5),o=`[${s}] [${i}] [${this.name}] ${t}`;return n!==void 0&&(n instanceof Error?(o+=` ${n.name}: ${n.message}`,n.stack&&(o+=`
+${n.stack}`)):typeof n=="object"?o+=` ${JSON.stringify(n,it)}`:o+=` ${n}`),o}log(e,t,n){if(!this.shouldLog(e))return;let s=this.formatMessage(e,t,n);if(this.logFile)try{R.appendFileSync(this.logFile,s+`
+`)}catch{}if(this.enableConsole)switch(e){case"error":console.error(s);break;case"warn":console.warn(s);break;default:console.log(s)}}debug(e,t){this.log("debug",e,t)}info(e,t){this.log("info",e,t)}warn(e,t){this.log("warn",e,t)}error(e,t){this.log("error",e,t)}setLevel(e){this.level=e}};c=new P({name:"codevibe-core",logFile:G.join(Ce.tmpdir(),"codevibe-core.log"),level:"info"})});var L=E(()=>{"use strict";Pe()});function ot(r){for(let e of r)try{process.stderr.write(e+`
+`)}catch{}}function at(){if(D!==null||oe!==null)return;let keytarLoadError=null;try{let nodeRequire=eval("require");I=nodeRequire("keytar")}catch(r){keytarLoadError=r instanceof Error?r.message:String(r),I=null}if(I){D="keytar",c.info("[keychain-backend] Using keytar (OS-native keyring)");return}let optedIn=process.env.CODEVIBE_ALLOW_FILE_KEYCHAIN==="1";if(!optedIn){oe=new X(["CodeVibe could not load the OS-native keyring (keytar).",`Reason: ${keytarLoadError??"unknown"}`,"","Options to fix this:","  1. (Linux) Install libsecret and a keyring daemon:","       sudo apt install libsecret-1-0 gnome-keyring","     Then unlock the keyring for your user session.","","  2. (Headless / CI / Docker) Opt in to file-based credential","     storage at ~/.codevibe/ (0600 files). This is equivalent","     in trust to ~/.ssh/id_rsa \u2014 not the OS keyring:","       export CODEVIBE_ALLOW_FILE_KEYCHAIN=1"].join(`
+`));return}ot(["","\u26A0 CodeVibe: OS keyring unavailable. Using file-based credential storage.","\u26A0   Location: ~/.codevibe/ (directory 0700, files 0600)","\u26A0   Trust level: equivalent to ~/.ssh/id_rsa \u2014 weaker than OS keyring.",`\u26A0   Keytar load error: ${keytarLoadError??"unknown"}`,"\u26A0 To use the OS keyring instead, unset CODEVIBE_ALLOW_FILE_KEYCHAIN and","\u26A0 install libsecret-1-0 + a running keyring daemon.",""]),c.warn(`[keychain-backend] Using file-based fallback at ~/.codevibe (CODEVIBE_ALLOW_FILE_KEYCHAIN=1). Keytar load error: ${keytarLoadError??"unknown"}`),ie=ae.join(De.homedir(),".codevibe");try{A.mkdirSync(ie,{recursive:!0,mode:448})}catch{}D="file"}function ct(r){return r.replace(/[^a-zA-Z0-9._-]/g,"_")}function Ke(r){return ae.join(ie,`${ct(r)}.json`)}function ce(r){try{let e=A.readFileSync(Ke(r),"utf-8"),t=JSON.parse(e);return t&&typeof t=="object"?t:{}}catch{return{}}}function Oe(r,e){let t=Ke(r);A.writeFileSync(t,JSON.stringify(e,null,2),{mode:384});try{A.chmodSync(t,384)}catch{}}function de(){if(at(),D===null)throw oe??new X("Keychain backend not initialized")}async function le(r,e){return de(),D==="keytar"&&I?I.getPassword(r,e):ce(r)[e]??null}async function pe(r,e,t){if(de(),D==="keytar"&&I){await I.setPassword(r,e,t);return}let n=ce(r);n[e]=t,Oe(r,n)}async function ue(r,e){if(de(),D==="keytar"&&I)return I.deletePassword(r,e);let t=ce(r);return e in t?(delete t[e],Oe(r,t),!0):!1}var De,ae,A,X,D,I,ie,oe,$e=E(()=>{"use strict";De=y(require("os")),ae=y(require("path")),A=y(require("fs"));L();X=class extends Error{constructor(e){super(e),this.name="KeychainBackendUnavailableError"}},D=null,I=null,ie="",oe=null});var v,K,ge,lt,U,b,Ne=E(()=>{"use strict";v=y(require("crypto")),K=class extends Error{constructor(e){super(e),this.name="CryptoError"}},ge=1,lt="CodeVibe E2E v1",U=class r{constructor(){}static getInstance(){return r.instance||(r.instance=new r),r.instance}generateKeyPair(){let e=v.createECDH("prime256v1");e.generateKeys();let n=e.getPublicKey().subarray(1).toString("base64");return{privateKey:e.getPrivateKey().toString("base64"),publicKey:n}}generateSessionKey(){return v.randomBytes(32).toString("base64")}deriveSharedKey(e,t){try{let n=v.createECDH("prime256v1"),s=Buffer.from(e,"base64");n.setPrivateKey(s);let i=Buffer.concat([Buffer.from([4]),Buffer.from(t,"base64")]),o=n.computeSecret(i),a=v.hkdfSync("sha256",o,Buffer.alloc(0),Buffer.from(lt,"utf8"),32);return Buffer.from(a)}catch(n){throw new K(`Failed to derive shared key: ${n}`)}}encryptSessionKey(e,t){let n=this.generateKeyPair(),s=this.deriveSharedKey(n.privateKey,t),i=Buffer.from(e,"base64");return{encryptedKey:this.encrypt(i,s).toString("base64"),ephemeralPublicKey:n.publicKey}}decryptSessionKey(e,t){let n=this.deriveSharedKey(t,e.ephemeralPublicKey),s=Buffer.from(e.encryptedKey,"base64");return this.decrypt(s,n).toString("base64")}encryptContent(e,t){let n=Buffer.from(t,"base64"),s=Buffer.from(e,"utf8");return this.encrypt(s,n).toString("base64")}decryptContent(e,t){let n=Buffer.from(t,"base64"),s=Buffer.from(e,"base64");return this.decrypt(s,n).toString("utf8")}encryptMetadata(e,t){let n=JSON.stringify(e);return this.encryptContent(n,t)}decryptMetadata(e,t){let n=this.decryptContent(e,t);return JSON.parse(n)}encryptData(e,t){let n=Buffer.from(t,"base64");return this.encrypt(e,n)}decryptData(e,t){let n=Buffer.from(t,"base64");return this.decrypt(e,n)}encrypt(e,t){let n=v.randomBytes(12),s=v.createCipheriv("aes-256-gcm",t,n),i=Buffer.concat([s.update(e),s.final()]),o=s.getAuthTag();return Buffer.concat([n,i,o])}decrypt(e,t){let n=e.subarray(0,12),s=e.subarray(e.length-16),i=e.subarray(12,e.length-16),o=v.createDecipheriv("aes-256-gcm",t,n);o.setAuthTag(s);try{return Buffer.concat([o.update(i),o.final()])}catch{throw new K("Decryption failed: Invalid ciphertext or authentication tag")}}serializePrivateKey(e){return e}deserializePrivateKey(e){return e}},b=U.getInstance()});var Q=E(()=>{"use strict";Ne()});function h(){let r=process.env.ENVIRONMENT;return r==="development"||r==="production"?r:"production"}function ee(r){let e=r||h();return Z={...O[e],aws:{...O[e].aws,region:process.env.AWS_REGION||O[e].aws.region,appsyncUrl:process.env.APPSYNC_URL||O[e].aws.appsyncUrl,cognitoUserPoolId:process.env.COGNITO_USER_POOL_ID||O[e].aws.cognitoUserPoolId,cognitoClientId:process.env.COGNITO_CLIENT_ID||O[e].aws.cognitoClientId,cognitoDomain:process.env.COGNITO_DOMAIN||O[e].aws.cognitoDomain}},Re=!0,Z}function f(){return(!Re||!Z)&&ee(),Z}var V,W,O,Z,Re,Le=E(()=>{"use strict";V=y(require("os")),W=y(require("path")),O={development:{environment:"development",aws:{region:"us-east-1",appsyncUrl:"https://te6rjr37sbfpjc4fiunmb2tgy4.appsync-api.us-east-1.amazonaws.com/graphql",cognitoUserPoolId:"us-east-1_yVwWDPvvJ",cognitoClientId:"e9r5apv6v5uui3l928r2ris0r",cognitoDomain:"codevibe-development.auth.us-east-1.amazoncognito.com"},keychain:{serviceName:"ai.quantiya.app.codevibe"},server:{port:3456,host:"127.0.0.1",dynamicPort:!0},claude:{command:"claude",defaultTimeout:6e4},codex:{command:"codex",defaultTimeout:6e4,sessionsDir:W.default.join(V.default.homedir(),".codex","sessions"),approvalTimeoutMs:5e3},gemini:{command:"gemini",defaultTimeout:6e4,transcriptDir:W.default.join(V.default.homedir(),".gemini","tmp")}},production:{environment:"production",aws:{region:"us-east-1",appsyncUrl:"https://jwhyxq4sgrgcdosewp5k4ns5ca.appsync-api.us-east-1.amazonaws.com/graphql",cognitoUserPoolId:"us-east-1_mNRO0j5og",cognitoClientId:"5p04dbc9ojptc5r8n7605fg78f",cognitoDomain:"codevibe-production.auth.us-east-1.amazoncognito.com"},keychain:{serviceName:"ai.quantiya.app.codevibe"},server:{port:3456,host:"127.0.0.1",dynamicPort:!0},claude:{command:"claude",defaultTimeout:6e4},codex:{command:"codex",defaultTimeout:6e4,sessionsDir:W.default.join(V.default.homedir(),".codex","sessions"),approvalTimeoutMs:5e3},gemini:{command:"gemini",defaultTimeout:6e4,transcriptDir:W.default.join(V.default.homedir(),".gemini","tmp")}}},Z=null,Re=!1});var _=E(()=>{"use strict";Le()});var te,Ue,T,me,pt,$,g,_e=E(()=>{"use strict";te=y(require("os")),Ue=require("uuid");$e();Q();_();L();T=class extends Error{constructor(e){super(e),this.name="KeychainError"}},me="device-identity",pt="tokens-",$=class r{constructor(){this.deviceIdentity=null;this.sessionKeyCache=new Map;this.isRegistered=!1;this._serviceName=null}get serviceName(){return this._serviceName||(this._serviceName=f().keychain.serviceName),this._serviceName}static getInstance(){return r.instance||(r.instance=new r),r.instance}async getDeviceIdentity(){if(this.deviceIdentity)return this.deviceIdentity;let e=await le(this.serviceName,me);return e?(this.deviceIdentity=JSON.parse(e),c.info(`[KeychainManager] Loaded device identity: ${this.deviceIdentity.deviceId}`),this.deviceIdentity):null}async setDeviceIdentity(e){try{await pe(this.serviceName,me,JSON.stringify(e)),this.deviceIdentity=e,c.info(`[KeychainManager] Saved device identity: ${e.deviceId}`)}catch(t){throw c.error(`[KeychainManager] Failed to save device identity: ${t}`),new T(`Failed to save device identity: ${t}`)}}async getOrCreateDeviceIdentity(){let e=await this.getDeviceIdentity();if(e)return e;let t=b.generateKeyPair();return e={deviceId:(0,Ue.v4)().toUpperCase(),privateKey:t.privateKey,publicKey:t.publicKey,createdAt:new Date().toISOString()},await this.setDeviceIdentity(e),c.info(`[KeychainManager] Generated new device identity: ${e.deviceId}`),e}async getDeviceId(){return(await this.getOrCreateDeviceIdentity()).deviceId}async getDevicePublicKey(){return(await this.getOrCreateDeviceIdentity()).publicKey}async getDevicePrivateKey(){return(await this.getOrCreateDeviceIdentity()).privateKey}async hasDeviceIdentity(){return await this.getDeviceIdentity()!==null}async deleteDeviceIdentity(){try{await ue(this.serviceName,me),this.deviceIdentity=null,this.sessionKeyCache.clear(),this.isRegistered=!1,c.info("[KeychainManager] Deleted device identity")}catch(e){throw c.error(`[KeychainManager] Failed to delete device identity: ${e}`),new T(`Failed to delete device identity: ${e}`)}}getTokenAccount(e){return`${pt}${e}`}async getTokens(e="production"){let t=await le(this.serviceName,this.getTokenAccount(e));if(!t)return null;let n=JSON.parse(t);return c.debug(`[KeychainManager] Loaded tokens for ${e}`),n}async setTokens(e,t="production"){try{await pe(this.serviceName,this.getTokenAccount(t),JSON.stringify(e)),c.info(`[KeychainManager] Saved tokens for ${t}`,{userId:e.userId,email:e.email})}catch(n){throw c.error(`[KeychainManager] Failed to save tokens: ${n}`),new T(`Failed to save tokens: ${n}`)}}async deleteTokens(e="production"){try{let t=await ue(this.serviceName,this.getTokenAccount(e));return t&&c.info(`[KeychainManager] Deleted tokens for ${e}`),t}catch(t){return c.error(`[KeychainManager] Failed to delete tokens: ${t}`),!1}}isTokenExpired(e){return Date.now()>=e.expiresAt-3e5}async getSessionKey(e,t){let n=this.sessionKeyCache.get(e);if(n)return n;if(!t||t.length===0)return null;let s=await this.getDeviceId(),i=t.find(l=>l.deviceId===s);if(!i)return c.warn(`[KeychainManager] Device ${s} not found in encryptedKeys`),null;let o=await this.getDevicePrivateKey(),a=b.decryptSessionKey(i,o);return this.sessionKeyCache.set(e,a),c.info(`[KeychainManager] Decrypted and cached session key for ${e}`),a}createSessionKey(e){let t=b.generateSessionKey(),n=e.map(s=>{let i=b.encryptSessionKey(t,s.publicKey);return{deviceId:s.deviceId,encryptedKey:i.encryptedKey,ephemeralPublicKey:i.ephemeralPublicKey}});return c.info(`[KeychainManager] Created session key for ${e.length} devices`),{sessionKey:t,encryptedKeys:n}}cacheSessionKey(e,t){this.sessionKeyCache.set(e,t)}clearSessionKey(e){this.sessionKeyCache.delete(e)}clearAllSessionKeys(){this.sessionKeyCache.clear()}getIsRegistered(){return this.isRegistered}setIsRegistered(e){this.isRegistered=e}getDeviceName(){return te.hostname()||"CLI Client"}getDevicePlatform(){let e=te.platform();return e==="darwin"?"MACOS":e==="linux"?"LINUX":e==="win32"?"WINDOWS":"CLI"}async clearAllData(){await this.deleteDeviceIdentity(),await this.deleteTokens("development"),await this.deleteTokens("production"),this.sessionKeyCache.clear(),this.isRegistered=!1,c.info("[KeychainManager] Cleared all data")}},g=$.getInstance()});var Me={};Te(Me,{KeychainError:()=>T,KeychainManager:()=>$,keychainManager:()=>g});var M=E(()=>{"use strict";_e()});var At={};Te(At,{AgentType:()=>Ve,AppSyncClient:()=>J,AuthService:()=>q,CryptoError:()=>K,CryptoService:()=>U,DeliveryStatus:()=>He,ENCRYPTION_VERSION:()=>ge,EventSource:()=>ye,EventType:()=>qe,KeychainError:()=>T,KeychainManager:()=>$,Logger:()=>P,SessionStatus:()=>fe,authService:()=>x,createLogger:()=>se,cryptoService:()=>b,getConfig:()=>f,getEnvironment:()=>h,keychainManager:()=>g,loadConfig:()=>ee,logger:()=>c,mutations:()=>k,normalizeSnapshot:()=>Ee,parseInteractivePrompt:()=>Ye,prepareSessionEncryption:()=>re,queries:()=>N,resumeOrCreateSession:()=>Ie,runAuthCli:()=>ne,subscriptions:()=>j});module.exports=st(At);M();Q();var he=y(require("ws")),ve=require("uuid");_();L();M();var Be=y(require("dns")),Fe=y(require("fs"));if(ut())try{Be.setDefaultResultOrder("ipv4first")}catch{}function ut(){if(process.platform!=="linux")return!1;try{let r=Fe.readFileSync("/proc/sys/kernel/osrelease","utf8");return/microsoft|wsl/i.test(r)}catch{return!1}}async function B(r,e,t){try{return await fetch(r,e)}catch(n){let s=n?.cause?.code,i=n?.cause?.message,o=s||i||n?.message||"unknown",a=gt(s),l=t?`${t}: `:"",p=`Node ${process.version} on ${process.platform}`,m=[`${l}Cannot reach ${r}`,`  Underlying error: ${o}`];a&&m.push(`  Suggested fix: ${a}`),m.push(`  Platform: ${p}`);let u=new Error(m.join(`
+`));throw u.cause=n,u}}function gt(r){if(!r)return null;switch(r){case"ENOTFOUND":case"EAI_AGAIN":return'DNS resolution failed. On WSL Ubuntu, check /etc/resolv.conf, or try running with NODE_OPTIONS="--dns-result-order=ipv4first".';case"ETIMEDOUT":case"ECONNREFUSED":case"ECONNRESET":case"EHOSTUNREACH":case"ENETUNREACH":return`Network unreachable. On WSL Ubuntu, try NODE_OPTIONS="--dns-result-order=ipv4first" (WSL's IPv6 is often broken). If behind a corporate proxy, set HTTPS_PROXY.`;case"CERT_HAS_EXPIRED":case"CERT_NOT_YET_VALID":return"TLS certificate time error \u2014 likely system clock drift. On WSL, run `sudo hwclock -s`, or shut down WSL from PowerShell with `wsl --shutdown` and restart.";case"UNABLE_TO_GET_ISSUER_CERT_LOCALLY":case"SELF_SIGNED_CERT_IN_CHAIN":case"UNABLE_TO_VERIFY_LEAF_SIGNATURE":case"DEPTH_ZERO_SELF_SIGNED_CERT":return"Corporate HTTPS proxy detected \u2014 the TLS cert is not trusted by Node. Set NODE_EXTRA_CA_CERTS=/path/to/corporate-ca.pem, or configure HTTPS_PROXY if a proxy is required.";default:return null}}var N={getSession:`
+    query GetSession($sessionId: ID!) {
+      getSession(sessionId: $sessionId) {
+        sessionId
+        userId
+        agentType
+        projectPath
+        status
+        createdAt
+        updatedAt
+        metadata
+        isEncrypted
+        encryptedKeys {
+          deviceId
+          encryptedKey
+          ephemeralPublicKey
+        }
+        creatorDeviceId
+        encryptionVersion
+      }
+    }
+  `,listEvents:`
+    query ListEvents($sessionId: ID!, $source: EventSource, $limit: Int) {
+      listEvents(sessionId: $sessionId, source: $source, limit: $limit) {
+        items {
+          eventId
+          sessionId
+          type
+          source
+          content
+          timestamp
+          metadata
+          promptId
+          attachments {
+            id
+            type
+            filename
+            s3Key
+            size
+            width
+            height
+            isEncrypted
+          }
+          deliveryStatus
+          deliveredAt
+          executedAt
+          isEncrypted
+        }
+        nextToken
+      }
+    }
+  `,listUserDeviceKeys:`
+    query ListUserDeviceKeys {
+      listUserDeviceKeys {
+        userId
+        deviceId
+        publicKey
+        platform
+        deviceName
+        createdAt
+        lastUsedAt
+      }
+    }
+  `},k={createSession:`
+    mutation CreateSession($input: CreateSessionInput!) {
+      createSession(input: $input) {
+        sessionId
+        userId
+        agentType
+        projectPath
+        status
+        createdAt
+        updatedAt
+      }
+    }
+  `,updateSession:`
+    mutation UpdateSession($input: UpdateSessionInput!) {
+      updateSession(input: $input) {
+        sessionId
+        status
+        updatedAt
+        lastHeartbeatAt
+      }
+    }
+  `,createEvent:`
+    mutation CreateEvent($input: CreateEventInput!) {
+      createEvent(input: $input) {
+        eventId
+        sessionId
+        type
+        source
+        content
+        timestamp
+        metadata
+        promptId
+        deliveryStatus
+        deliveredAt
+        executedAt
+        isEncrypted
+      }
+    }
+  `,updateEventStatus:`
+    mutation UpdateEventStatus($input: UpdateEventStatusInput!) {
+      updateEventStatus(input: $input) {
+        eventId
+        sessionId
+        type
+        source
+        content
+        timestamp
+        metadata
+        promptId
+        deliveryStatus
+        deliveredAt
+        executedAt
+      }
+    }
+  `,registerDeviceKey:`
+    mutation RegisterDeviceKey($input: RegisterDeviceKeyInput!) {
+      registerDeviceKey(input: $input) {
+        userId
+        deviceId
+        publicKey
+        platform
+        deviceName
+        createdAt
+        lastUsedAt
+      }
+    }
+  `,getAttachmentDownloadUrl:`
+    mutation GetAttachmentDownloadUrl($s3Key: String!) {
+      getAttachmentDownloadUrl(s3Key: $s3Key) {
+        downloadUrl
+        expiresAt
+      }
+    }
+  `},j={onEventCreated:`
+    subscription OnEventCreated($sessionId: ID!) {
+      onEventCreated(sessionId: $sessionId) {
+        eventId
+        sessionId
+        type
+        source
+        content
+        timestamp
+        metadata
+        promptId
+        attachments {
+          id
+          type
+          filename
+          s3Key
+          size
+          width
+          height
+          isEncrypted
+        }
+        deliveryStatus
+        deliveredAt
+        executedAt
+        isEncrypted
+      }
+    }
+  `};var qe=(a=>(a.USER_PROMPT="USER_PROMPT",a.ASSISTANT_RESPONSE="ASSISTANT_RESPONSE",a.TOOL_USE="TOOL_USE",a.NOTIFICATION="NOTIFICATION",a.INTERACTIVE_PROMPT="INTERACTIVE_PROMPT",a.PROMPT_RESPONSE="PROMPT_RESPONSE",a.REASONING="REASONING",a))(qe||{}),ye=(t=>(t.DESKTOP="DESKTOP",t.MOBILE="MOBILE",t))(ye||{}),He=(n=>(n.SENT="SENT",n.DELIVERED="DELIVERED",n.EXECUTED="EXECUTED",n))(He||{});var fe=(n=>(n.ACTIVE="ACTIVE",n.INACTIVE="INACTIVE",n.PAUSED="PAUSED",n))(fe||{}),Ve=(n=>(n.CLAUDE="CLAUDE",n.GEMINI="GEMINI",n.CODEX="CODEX",n))(Ve||{});var F={urgentMaxAttempts:10,baseDelayMs:1e3,maxDelayMs:6e4,backoffMultiplier:2,persistentDelayMs:300*1e3},J=class{constructor(){this.authenticated=!1;this.currentUserId=null;this.currentEmail=null;this.tokens=null;this.activeSubscriptions=new Map;this.heartbeatTimers=new Map;this.environment=h(),c.info("[AppSyncClient] Initialized",{environment:this.environment})}getCurrentUserId(){if(!this.currentUserId)throw new Error("Not authenticated. Call authenticateWithStoredTokens() first.");return this.currentUserId}getCurrentUserEmail(){return this.currentEmail}async authenticateWithStoredTokens(){try{let e=await g.getTokens(this.environment);if(!e)return c.debug("[AppSyncClient] No stored tokens found"),!1;if(c.info("[AppSyncClient] Found stored OAuth tokens",{userId:e.userId,email:e.email,expired:g.isTokenExpired(e)}),g.isTokenExpired(e)){if(c.info("[AppSyncClient] Tokens expired, attempting refresh..."),!await this.refreshTokens(e))return c.warn("[AppSyncClient] Token refresh failed"),!1}else this.tokens=e;return this.currentUserId=this.tokens.userId,this.currentEmail=this.tokens.email,this.authenticated=!0,c.info("[AppSyncClient] Authenticated successfully",{userId:this.currentUserId,email:this.currentEmail}),!0}catch(e){return c.error("[AppSyncClient] Authentication failed:",e),!1}}async refreshTokens(e){try{let t=f(),n=`https://${t.aws.cognitoDomain}/oauth2/token`,s=new URLSearchParams({grant_type:"refresh_token",client_id:t.aws.cognitoClientId,refresh_token:e.refreshToken}),i=await B(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:s.toString()},"Token refresh");if(!i.ok)return c.error("[AppSyncClient] Token refresh failed",{status:i.status}),!1;let o=await i.json(),a={...e,accessToken:o.access_token,idToken:o.id_token,expiresAt:Date.now()+o.expires_in*1e3};return await g.setTokens(a,this.environment),this.tokens=a,c.info("[AppSyncClient] Tokens refreshed",{expiresAt:new Date(a.expiresAt).toISOString()}),!0}catch(t){return c.error("[AppSyncClient] Token refresh error:",t),!1}}isAuthenticated(){return this.authenticated}signOut(){this.authenticated=!1,this.tokens=null,this.currentUserId=null,this.currentEmail=null,this.cleanupSubscriptions(),c.info("[AppSyncClient] Signed out")}async graphqlRequest(e,t,n=!1){let s=f();if(!this.tokens?.idToken)throw new Error('Not authenticated. Run "codevibe login" first.');let i={"Content-Type":"application/json",Authorization:this.tokens.idToken},o=await B(s.aws.appsyncUrl,{method:"POST",headers:i,body:JSON.stringify({query:e,variables:t})},"AppSync GraphQL request"),a=await o.json();if(o.status===401&&!n&&this.tokens){if(c.info("[AppSyncClient] 401 Unauthorized, refreshing token..."),await this.refreshTokens(this.tokens))return this.graphqlRequest(e,t,!0);throw new Error("Token expired and refresh failed")}if(!o.ok)throw new Error(`GraphQL request failed: ${o.status}`);if(a.errors?.length)throw new Error(`GraphQL error: ${a.errors[0].message}`);return a}async createSession(e){let t={...e,metadata:e.metadata?JSON.stringify(e.metadata):void 0},n=await this.graphqlRequest(k.createSession,{input:t});return c.info("[AppSyncClient] Session created",{sessionId:n.data.createSession.sessionId}),n.data.createSession}async updateSession(e){let t={...e,metadata:e.metadata?JSON.stringify(e.metadata):void 0},n=await this.graphqlRequest(k.updateSession,{input:t});return c.debug("[AppSyncClient] Session updated",{sessionId:n.data.updateSession.sessionId}),n.data.updateSession}async getSession(e){return(await this.graphqlRequest(N.getSession,{sessionId:e})).data.getSession}async createEvent(e){let t={...e,metadata:e.metadata?JSON.stringify(e.metadata):void 0},n=await this.graphqlRequest(k.createEvent,{input:t});return c.debug("[AppSyncClient] Event created",{eventId:n.data.createEvent.eventId,type:n.data.createEvent.type}),n.data.createEvent}async updateEventStatus(e){return(await this.graphqlRequest(k.updateEventStatus,{input:e})).data.updateEventStatus}async listEvents(e,t,n){return(await this.graphqlRequest(N.listEvents,{sessionId:e,source:t,limit:n})).data.listEvents.items}async listUserDeviceKeys(){return(await this.graphqlRequest(N.listUserDeviceKeys,{})).data.listUserDeviceKeys||[]}async registerDeviceKey(e,t,n,s){let i={deviceId:e,publicKey:t,platform:n,deviceName:s};await this.graphqlRequest(k.registerDeviceKey,{input:i}),c.info("[AppSyncClient] Device key registered",{deviceId:e,platform:n})}async getAttachmentDownloadUrl(e){return(await this.graphqlRequest(k.getAttachmentDownloadUrl,{s3Key:e})).data.getAttachmentDownloadUrl}subscribeToEvents(e,t,n){c.info("[AppSyncClient] Subscribing to events",{sessionId:e});let s=this.activeSubscriptions.get(e);s&&(this.cleanupSubscriptionState(s),this.activeSubscriptions.delete(e));let i={ws:null,subscriptionId:(0,ve.v4)(),sessionId:e,onEvent:t,onError:n,reconnectAttempts:0,isReconnecting:!1};return this.activeSubscriptions.set(e,i),this.createSubscription(i),()=>{this.cleanupSubscriptionState(i),this.activeSubscriptions.delete(e)}}buildRealtimeUrl(){let e=f(),t=e.aws.appsyncUrl.replace("https://","wss://").replace("appsync-api","appsync-realtime-api"),n={host:new URL(e.aws.appsyncUrl).host};this.tokens?.idToken&&(n.Authorization=this.tokens.idToken);let s=Buffer.from(JSON.stringify(n)).toString("base64"),i=Buffer.from(JSON.stringify({})).toString("base64");return`${t}?header=${s}&payload=${i}`}createSubscription(e){let{sessionId:t,subscriptionId:n,onEvent:s,onError:i}=e;try{let o=this.buildRealtimeUrl(),a=new he.default(o,["graphql-ws"]);a.on("open",()=>{c.info("[AppSyncClient] WebSocket connected",{sessionId:t}),a.send(JSON.stringify({type:"connection_init"}))}),a.on("message",l=>{try{let p=JSON.parse(l.toString());switch(p.type){case"connection_ack":this.sendSubscriptionStart(a,e);break;case"start_ack":c.info("[AppSyncClient] Subscription started",{sessionId:t}),e.isReconnecting=!1,e.reconnectAttempts=0,this.startHeartbeat(t);break;case"data":this.resetKeepAliveTimer(e);let m=p.payload?.data?.onEventCreated;m&&m.source==="MOBILE"&&s(m);break;case"ka":this.resetKeepAliveTimer(e);break;case"error":let u=p.payload?.errors?.[0]?.message||"Unknown error";this.handleSubscriptionError(e,new Error(u));break}}catch(p){c.error("[AppSyncClient] Failed to parse message",{error:p})}}),a.on("error",l=>{c.error("[AppSyncClient] WebSocket error",{sessionId:t,error:l.message}),this.handleSubscriptionError(e,l)}),a.on("close",(l,p)=>{c.info("[AppSyncClient] WebSocket closed",{sessionId:t,code:l}),e.keepAliveTimer&&clearTimeout(e.keepAliveTimer),this.activeSubscriptions.has(t)&&this.handleSubscriptionError(e,new Error(`WebSocket closed: ${l}`))}),e.ws=a,this.resetKeepAliveTimer(e)}catch(o){this.handleSubscriptionError(e,o)}}sendSubscriptionStart(e,t){let n=f(),{sessionId:s,subscriptionId:i}=t,o={host:new URL(n.aws.appsyncUrl).host};this.tokens?.idToken&&(o.Authorization=this.tokens.idToken),e.send(JSON.stringify({id:i,type:"start",payload:{data:JSON.stringify({query:j.onEventCreated,variables:{sessionId:s}}),extensions:{authorization:o}}}))}resetKeepAliveTimer(e){e.keepAliveTimer&&clearTimeout(e.keepAliveTimer),e.keepAliveTimer=setTimeout(()=>{this.handleSubscriptionError(e,new Error("Keep-alive timeout"))},300*1e3)}handleSubscriptionError(e,t){let{sessionId:n,onError:s}=e;if(e.isReconnecting||!this.activeSubscriptions.has(n))return;e.isReconnecting=!0,e.reconnectAttempts++,this.stopHeartbeat(n);let i=e.reconnectAttempts<=F.urgentMaxAttempts,o;if(i?o=Math.min(F.baseDelayMs*Math.pow(F.backoffMultiplier,e.reconnectAttempts-1),F.maxDelayMs):(o=F.persistentDelayMs,e.reconnectAttempts===F.urgentMaxAttempts+1&&c.info("[AppSyncClient] Switching to persistent reconnect (every 5min)",{sessionId:n})),c.info("[AppSyncClient] Scheduling reconnect",{sessionId:n,attempt:e.reconnectAttempts,phase:i?"urgent":"persistent",delayMs:o}),e.ws){try{e.ws.close(1e3)}catch{}e.ws=null}e.keepAliveTimer&&clearTimeout(e.keepAliveTimer),e.reconnectTimer=setTimeout(async()=>{if(e.isReconnecting=!1,!!this.activeSubscriptions.has(n)){try{let a=await g.getTokens(this.environment);a&&(g.isTokenExpired(a)?await this.refreshTokens(a)&&c.info("[AppSyncClient] Tokens refreshed before reconnect",{sessionId:n}):this.tokens=a)}catch{c.warn("[AppSyncClient] Token refresh failed before reconnect, using existing tokens",{sessionId:n})}e.subscriptionId=(0,ve.v4)(),this.createSubscription(e)}},o)}cleanupSubscriptionState(e){if(e.reconnectTimer&&clearTimeout(e.reconnectTimer),e.keepAliveTimer&&clearTimeout(e.keepAliveTimer),e.ws){try{e.ws.readyState===he.default.OPEN&&(e.ws.send(JSON.stringify({id:e.subscriptionId,type:"stop"})),e.ws.close(1e3))}catch{}e.ws=null}}startHeartbeat(e,t=120*1e3){this.stopHeartbeat(e),this.sendHeartbeat(e);let n=setInterval(()=>{this.sendHeartbeat(e)},t);this.heartbeatTimers.set(e,n),c.info("[AppSyncClient] Heartbeat started",{sessionId:e,intervalMs:t})}stopHeartbeat(e){let t=this.heartbeatTimers.get(e);t&&(clearInterval(t),this.heartbeatTimers.delete(e),c.info("[AppSyncClient] Heartbeat stopped",{sessionId:e}))}async sendHeartbeat(e){try{await this.updateSession({sessionId:e,lastHeartbeatAt:new Date().toISOString()}),c.debug("[AppSyncClient] Heartbeat sent",{sessionId:e})}catch(t){c.warn("[AppSyncClient] Heartbeat failed",{sessionId:e,error:t})}}cleanupSubscriptions(){this.activeSubscriptions.forEach(e=>{this.cleanupSubscriptionState(e)}),this.activeSubscriptions.clear(),this.heartbeatTimers.forEach(e=>clearInterval(e)),this.heartbeatTimers.clear()}};var We=y(require("crypto")),je=y(require("fs")),be=y(require("http")),Je=require("child_process");_();M();L();var z=8080,ze="/callback",Se=`http://localhost:${z}${ze}`,q=class r{constructor(){}static getInstance(){return r.instance||(r.instance=new r),r.instance}openBrowser(e){console.log(""),console.log("Opening your browser for sign-in..."),console.log("If your browser does not open automatically, visit this URL manually:"),console.log(`  ${e}`),console.log("");let t=this.getBrowserCommands();this.tryBrowserCommand(t,e,0)}getBrowserCommands(){let e=process.platform;if(e==="darwin")return[{cmd:"open",fixedArgs:[]}];if(e==="win32")return[{cmd:"cmd",fixedArgs:["/c","start",""]}];let t=[];return this.isRunningInWSL()&&(t.push({cmd:"wslview",fixedArgs:[]}),t.push({cmd:"cmd.exe",fixedArgs:["/c","start",""]}),t.push({cmd:"powershell.exe",fixedArgs:["-NoProfile","-Command","Start-Process"]})),t.push({cmd:"xdg-open",fixedArgs:[]}),t}isRunningInWSL(){if(process.platform!=="linux")return!1;try{let e=je.readFileSync("/proc/sys/kernel/osrelease","utf8");return/microsoft|wsl/i.test(e)}catch{return!1}}tryBrowserCommand(e,t,n){if(n>=e.length){c.debug("[AuthService] No browser-opening command succeeded. User must open the sign-in URL manually (printed to stdout above).");return}let s=e[n],i=[...s.fixedArgs,t],o=!1,a=u=>{o||(o=!0,c.debug(`[AuthService] Browser command '${s.cmd}' ${u}; trying next fallback`),this.tryBrowserCommand(e,t,n+1))},l=u=>{o||(o=!0,c.debug(`[AuthService] Browser command '${s.cmd}' ${u}`))},p;try{p=(0,Je.spawn)(s.cmd,i,{detached:!0,stdio:"ignore"})}catch(u){a(`threw synchronously: ${u?.message||u}`);return}p.on("error",u=>{a(`failed to spawn: ${u?.message||u}`)}),p.on("exit",(u,C)=>{u===0?l("exited successfully"):a(C?`terminated by signal ${C}`:`exited with code ${u}`)}),setTimeout(()=>{l("still running after 3s, assuming success")},3e3).unref(),p.unref()}generateState(){return We.randomBytes(32).toString("hex")}buildAuthUrl(e){let t=f(),n=new URLSearchParams({client_id:t.aws.cognitoClientId,response_type:"code",scope:"email openid profile",redirect_uri:Se,state:e});return`https://${t.aws.cognitoDomain}/oauth2/authorize?${n.toString()}`}async exchangeCodeForTokens(e){let t=f(),n=`https://${t.aws.cognitoDomain}/oauth2/token`,s=new URLSearchParams({grant_type:"authorization_code",client_id:t.aws.cognitoClientId,code:e,redirect_uri:Se}),i=await B(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:s.toString()},"Token exchange");if(!i.ok){let a=await i.text();throw new Error(`Token exchange failed: ${i.status} ${a}`)}let o=await i.json();return{accessToken:o.access_token,idToken:o.id_token,refreshToken:o.refresh_token,expiresIn:o.expires_in}}decodeJwt(e){let t=e.split(".");if(t.length!==3)throw new Error("Invalid JWT");return JSON.parse(Buffer.from(t[1],"base64").toString("utf-8"))}async refreshTokens(e){let t=f(),n=`https://${t.aws.cognitoDomain}/oauth2/token`,s=new URLSearchParams({grant_type:"refresh_token",client_id:t.aws.cognitoClientId,refresh_token:e}),i=await B(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:s.toString()},"Token refresh");if(!i.ok)throw new Error(`Token refresh failed: ${i.status}`);let o=await i.json();return{accessToken:o.access_token,idToken:o.id_token,expiresIn:o.expires_in}}async login(){let e=await g.getTokens(h());if(e&&!g.isTokenExpired(e))return e;let t=this.generateState(),n=this.buildAuthUrl(t);return new Promise((s,i)=>{let o=be.createServer(async(a,l)=>{if(!a.url?.startsWith(ze)){l.writeHead(404),l.end("Not found");return}try{let p=new URL(a.url,`http://localhost:${z}`),m=p.searchParams.get("code"),u=p.searchParams.get("state"),C=p.searchParams.get("error");if(C)throw new Error(`OAuth error: ${C}`);if(u!==t)throw new Error("State mismatch");if(!m)throw new Error("No authorization code");let S=await this.exchangeCodeForTokens(m),H=this.decodeJwt(S.idToken),w={accessToken:S.accessToken,idToken:S.idToken,refreshToken:S.refreshToken,expiresAt:Date.now()+S.expiresIn*1e3,userId:H.sub,email:H.email||"unknown"};await g.setTokens(w,h()),l.writeHead(200,{"Content-Type":"text/html; charset=utf-8"}),l.end(`
+            <!DOCTYPE html>
+            <html>
+            <head><title>Success</title></head>
+            <body style="font-family: system-ui; max-width: 600px; margin: 50px auto; text-align: center;">
+              <h1 style="color: #22c55e;">&#10003; Authentication Successful</h1>
+              <p>You can close this window.</p>
+            </body>
+            </html>
+          `),setTimeout(()=>{o.close(()=>s(w))},500)}catch(p){let m=String(p?.message||p).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;");l.writeHead(400,{"Content-Type":"text/html; charset=utf-8"}),l.end(`
+            <!DOCTYPE html>
+            <html>
+            <head><title>Error</title></head>
+            <body style="font-family: system-ui; max-width: 720px; margin: 50px auto; padding: 0 16px;">
+              <h1 style="color: #ef4444; text-align: center;">&#10007; Authentication Failed</h1>
+              <pre style="background: #f4f4f5; padding: 16px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; font-size: 13px; line-height: 1.5;">${m}</pre>
+              <p style="text-align: center; color: #71717a; margin-top: 24px;">You can close this window and try again in your terminal.</p>
+            </body>
+            </html>
+          `),setTimeout(()=>{o.close(()=>i(p))},500)}});o.on("error",a=>{a.code==="EADDRINUSE"?i(new Error(`Port ${z} is in use`)):i(a)}),o.listen(z,"localhost",()=>{c.info("[AuthService] Callback server started"),this.openBrowser(n)}),setTimeout(()=>{o.close(()=>i(new Error("Login timeout")))},120*1e3)})}async logout(){let e=f(),t=await g.deleteTokens(h());return t&&new Promise(n=>{let s=be.createServer((i,o)=>{i.url?.startsWith("/signout")?(o.writeHead(200,{"Content-Type":"text/html; charset=utf-8"}),o.end(`
+              <!DOCTYPE html>
+              <html>
+              <head><title>Signed Out</title></head>
+              <body style="font-family: system-ui; max-width: 600px; margin: 50px auto; text-align: center;">
+                <h1 style="color: #22c55e;">&#10003; Signed Out</h1>
+                <p>You can close this window.</p>
+              </body>
+              </html>
+            `),setTimeout(()=>{s.close(()=>n(!0))},500)):(o.writeHead(404),o.end("Not found"))});s.on("error",()=>{n(!0)}),s.listen(z,"localhost",()=>{let i=`https://${e.aws.cognitoDomain}/logout?client_id=${e.aws.cognitoClientId}&logout_uri=${encodeURIComponent(Se.replace("/callback","/signout"))}`;this.openBrowser(i)}),setTimeout(()=>{s.close(()=>n(!0))},30*1e3)})}async getStatus(){let e=await g.getTokens(h());return e?{authenticated:!g.isTokenExpired(e),tokens:e}:{authenticated:!1}}},x=q.getInstance();_();var d={reset:"\x1B[0m",green:"\x1B[32m",red:"\x1B[31m",yellow:"\x1B[33m",cyan:"\x1B[36m",dim:"\x1B[2m"};async function mt(){console.log(`${d.cyan}CodeVibe Login${d.reset}
+`);try{let r=await x.getStatus();if(r.authenticated&&r.tokens){console.log(`${d.yellow}Already logged in as: ${r.tokens.email}${d.reset}`),console.log(`Token expires: ${new Date(r.tokens.expiresAt).toLocaleString()}`),console.log(`
+Run '${d.dim}codevibe logout${d.reset}' to sign out first.`),process.exit(0);return}console.log("Opening browser for authentication..."),console.log(`${d.dim}Waiting for callback...${d.reset}
+`);let e=await x.login();e&&(console.log(`
+${d.green}\u2713 Authentication successful!${d.reset}`),console.log(`  User: ${e.email}`),console.log(`  User ID: ${e.userId}`),console.log(`  Expires: ${new Date(e.expiresAt).toLocaleString()}`)),process.exit(0)}catch(r){console.log(`
+${d.red}\u2717 Authentication failed${d.reset}`),console.log(`  Error: ${r.message}`),process.exit(1)}}async function yt(){console.log(`${d.cyan}CodeVibe Logout${d.reset}
+`);try{let r=await x.getStatus();if(!r.authenticated){console.log(`${d.yellow}Not logged in.${d.reset}`),process.exit(0);return}let e=r.tokens?.email;await x.logout()?(console.log(`${d.green}\u2713 Logged out successfully.${d.reset}`),console.log(`  Previous user: ${e}`),console.log(`
+${d.dim}Clearing browser session...${d.reset}`)):console.log(`${d.red}\u2717 Failed to log out.${d.reset}`),process.exit(0)}catch(r){console.log(`${d.red}\u2717 Logout failed: ${r.message}${d.reset}`),process.exit(1)}}async function ft(){console.log(`${d.cyan}CodeVibe Auth Status${d.reset}
+`);try{let r=await x.getStatus();if(!r.tokens){console.log(`${d.yellow}Not authenticated.${d.reset}`),console.log(`
+Run '${d.dim}codevibe login${d.reset}' to sign in.`),process.exit(0);return}let e=!r.authenticated;console.log(e?`${d.yellow}\u26A0 Token expired${d.reset}`:`${d.green}\u2713 Authenticated${d.reset}`),console.log(`  User: ${r.tokens.email}`),console.log(`  User ID: ${r.tokens.userId}`),console.log(`  Expires: ${new Date(r.tokens.expiresAt).toLocaleString()}`),e&&console.log(`
+${d.dim}Token will be refreshed automatically.${d.reset}`),process.exit(0)}catch(r){console.log(`${d.red}\u2717 Status check failed: ${r.message}${d.reset}`),process.exit(1)}}async function ht(){console.log(`${d.cyan}CodeVibe Reset Device${d.reset}
+`),console.log(`${d.red}\u26A0 WARNING: This will delete your device identity.${d.reset}`),console.log(`${d.red}  Old encrypted sessions will become inaccessible.${d.reset}
+`);let{keychainManager:r}=await Promise.resolve().then(()=>(M(),Me));try{await r.clearAllData(),console.log(`${d.green}\u2713 Device reset complete.${d.reset}`),console.log(`  Run '${d.dim}codevibe login${d.reset}' to set up again.`),process.exit(0)}catch(e){console.log(`${d.red}\u2717 Reset failed: ${e.message}${d.reset}`),process.exit(1)}}function vt(){console.log(`CodeVibe Authentication
+`),console.log("Usage:"),console.log("  codevibe login        - Sign in via browser"),console.log("  codevibe logout       - Sign out"),console.log("  codevibe status       - Show auth status"),console.log("  codevibe reset-device - Reset device identity (destructive)"),console.log(`
+Environment:`),console.log('  Set ENVIRONMENT env var to "development" or "production" (default)'),console.log("  Example: ENVIRONMENT=development codevibe login")}async function ne(r){let e=h();console.log(`${d.dim}Environment: ${e}${d.reset}
+`);let n=r.slice(2).filter(s=>!s.startsWith("--"))[0];switch(n){case"login":await mt();break;case"logout":await yt();break;case"status":await ft();break;case"reset-device":await ht();break;default:vt(),process.exit(n?1:0)}}require.main===module&&ne(process.argv).catch(r=>{console.error("Error:",r),process.exit(1)});_();L();var St=/\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])/g;function Ye(r){let e=Ee(r);if(!e)return null;let t=bt(e);if(t)return t;let n=wt(e);return n||null}function Ee(r){return r.replace(/\r/g,`
+`).replace(St,"").replace(/[│┌┐└┘─├┤┬┴┼╌╎╭╮╯╰║═╔╗╚╝╠╣╦╩╬]/g," ").replace(/[ \t]+\n/g,`
+`).replace(/\n{3,}/g,`
+`).trim()}function bt(r){let e=r.split(`
+`).map(m=>m.trim()),t=kt(e,m=>/\[(?:y\/n|Y\/n|y\/N)\]/.test(m)),n=t>=0?e[t]:null;if(!n)return null;let s=Xe(e,t),i=s.length>0?s.join(`
+`):n,o=i.toLowerCase(),a=o.includes("what to change")||o.includes("what should")||o.includes("provide")||o.includes("instructions");return{kind:"yes_no",promptText:i,options:a?[{number:"1",text:"Yes"},{number:"2",text:"No, provide instructions"}]:[{number:"1",text:"Yes"},{number:"2",text:"No"}],submitMap:{1:"y",2:"n"},requiresFollowUpText:a}}function wt(r){let e=r.split(`
+`).map(l=>l.trim()),t=Et(e);if(t.length<2)return null;let n=t.map(({line:l})=>Ge(l)).filter(l=>!!l),s={};for(let l of n)s[l.number]=l.number;let i=t[0]?.index??-1,o=Xe(e,i-1);return{kind:"numbered",promptText:o.length>0?o.join(`
+`):"Select an option",options:n,submitMap:s}}function kt(r,e){for(let t=r.length-1;t>=0;t-=1)if(e(r[t]))return t;return-1}function Ge(r){let e=r.match(/^(?:[>›❯▸▶➜➤*●]\s*)?(\d+)\.\s+(.*)$/);return e?{number:e[1],text:e[2]}:null}function Et(r){let e=r.map((n,s)=>({index:s,line:n,parsed:Ge(n)})).filter(n=>!!n.parsed);if(e.length===0)return[];let t=[e[e.length-1]];for(let n=e.length-2;n>=0;n-=1){let s=e[n],i=t[0];if(s.index!==i.index-1)break;t.unshift(s)}return t.map(({index:n,line:s})=>({index:n,line:s}))}function Xe(r,e){if(e<0)return[];let t=we(r,e);if(t<0)return[];let{start:n,end:s}=ke(r,t),i=r.slice(n,s+1).filter(Boolean);if(Tt(i)){let u=It(r,n-1);return u.length>0?u:i}if(n<=1)return i;let o=n-1;if(o=we(r,o),o<0||o===n-1)return i;let{start:a,end:l}=ke(r,o),p=r.slice(a,l+1).filter(Boolean);return p.some(Qe)?[...p,...i]:i}function Qe(r){return/^(?:would you like to|do you want to|the model would like to|action required|confirm)\b/i.test(r)}function we(r,e){let t=e;for(;t>=0&&!r[t];)t-=1;return t}function ke(r,e){let t=e;for(;t>=0&&r[t];)t-=1;return{start:t+1,end:e}}function It(r,e){let t=[],n=e;for(;n>=0&&t.length<2&&(n=we(r,n),!(n<0));){let{start:i,end:o}=ke(r,n),a=r.slice(i,o+1).filter(Boolean);a.length>0&&t.unshift(a),n=i-1}if(t.length===0)return[];let s=t.findIndex(i=>i.some(Qe));return s>=0?t.slice(s).flat():t[t.length-1]}function Tt(r){return r.length===0?!1:r.filter(xt).length>=Math.max(2,Math.ceil(r.length/2))}function xt(r){return/^\d+\s/.test(r)}Q();M();async function re(r,e,t){try{let n=await e.listUserDeviceKeys();if(n.length===0)return t.info("No device keys found, session will not be encrypted"),null;t.info("Preparing session encryption",{sessionId:r,deviceCount:n.length});let{sessionKey:s,encryptedKeys:i}=g.createSessionKey(n);return t.info("Session encryption prepared",{sessionId:r,deviceCount:i.length}),{sessionKey:s,encryptedKeys:i}}catch(n){return t.warn("Failed to prepare session encryption:",n),null}}async function Ie(r,e,t){let{sessionId:n,userId:s,agentType:i,projectPath:o,metadata:a}=r,l=null;try{l=await e.getSession(n)}catch(S){t.warn("Failed to get session (will attempt to create new)",{sessionId:n,error:S})}if(l){t.info("Session exists in backend - reactivating",{sessionId:n,previousStatus:l.status});try{await e.updateSession({sessionId:n,status:"ACTIVE"})}catch(w){t.warn("Failed to reactivate existing session, will continue",{sessionId:n,error:w})}let S=null,H=l.encryptedKeys;if(l.isEncrypted&&H?.length)try{let w=await g.getSessionKey(n,H);w?(S=w,g.cacheSessionKey(n,w),t.info("Session key retrieved for resumed session",{sessionId:n})):t.warn("No encrypted key for this device; proceeding without decryption",{sessionId:n})}catch(w){t.warn("Failed to retrieve session key for resumed session",{sessionId:n,error:w})}return{resumed:!0,sessionKey:S}}let p=await re(n,e,t),m=o,u=a;p&&(m=b.encryptContent(o,p.sessionKey),u&&Object.keys(u).length>0&&(u={encrypted:b.encryptMetadata(u,p.sessionKey)}),t.info("Session data encrypted",{sessionId:n})),t.info("Creating new session in backend",{sessionId:n,userId:s,agentType:i,isEncrypted:!!p}),await e.createSession({sessionId:n,userId:s,agentType:i,projectPath:m,status:"ACTIVE",metadata:u,isEncrypted:p?!0:void 0,creatorDeviceId:p?await g.getDeviceId():void 0,encryptionVersion:p?1:void 0,encryptedKeys:p?.encryptedKeys});let C=p?.sessionKey||null;return p&&g.cacheSessionKey(n,p.sessionKey),t.info("Session created",{sessionId:n,userId:s,isEncrypted:!!p}),{resumed:!1,sessionKey:C}}0&&(module.exports={AgentType,AppSyncClient,AuthService,CryptoError,CryptoService,DeliveryStatus,ENCRYPTION_VERSION,EventSource,EventType,KeychainError,KeychainManager,Logger,SessionStatus,authService,createLogger,cryptoService,getConfig,getEnvironment,keychainManager,loadConfig,logger,mutations,normalizeSnapshot,parseInteractivePrompt,prepareSessionEncryption,queries,resumeOrCreateSession,runAuthCli,subscriptions});

package/node_modules/@quantiya/codevibe-core/dist/keychain/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { KeychainManager, keychainManager, KeychainError } from './keychain-manager';

package/node_modules/@quantiya/codevibe-core/dist/keychain/keychain-backend.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare function getPassword(service: string, account: string): Promise<string | null>;
+export declare function setPassword(service: string, account: string, password: string): Promise<void>;
+export declare function deletePassword(service: string, account: string): Promise<boolean>;

package/node_modules/@quantiya/codevibe-core/dist/keychain/keychain-manager.d.ts ADDED Viewed

@@ -0,0 +1,139 @@
+import { DeviceIdentity, TokenData, EncryptedSessionKey } from '../types';
+/**
+ * Error class for keychain operations
+ */
+export declare class KeychainError extends Error {
+    constructor(message: string);
+}
+/**
+ * Manages device identity and OAuth tokens using native keychain
+ */
+export declare class KeychainManager {
+    private static instance;
+    private deviceIdentity;
+    private sessionKeyCache;
+    private isRegistered;
+    private _serviceName;
+    private constructor();
+    /**
+     * Get the keychain service name (lazy-loaded from config)
+     */
+    private get serviceName();
+    static getInstance(): KeychainManager;
+    /**
+     * Get the device identity from keychain.
+     *
+     * Returns null ONLY when the backend read succeeded and no record exists
+     * (legitimate "not yet registered" state). Any other error — backend
+     * unavailable, corrupted payload, parse failure — propagates to the
+     * caller. Swallowing those errors here would let getOrCreateDeviceIdentity
+     * silently mint a new device ID and fork identity state, re-creating the
+     * exact bug the keychain-backend trust model is designed to prevent.
+     */
+    getDeviceIdentity(): Promise<DeviceIdentity | null>;
+    /**
+     * Set the device identity in keychain
+     */
+    setDeviceIdentity(identity: DeviceIdentity): Promise<void>;
+    /**
+     * Get or create device identity
+     */
+    getOrCreateDeviceIdentity(): Promise<DeviceIdentity>;
+    /**
+     * Get device ID (creates identity if needed)
+     */
+    getDeviceId(): Promise<string>;
+    /**
+     * Get device public key (creates identity if needed)
+     */
+    getDevicePublicKey(): Promise<string>;
+    /**
+     * Get device private key (creates identity if needed)
+     */
+    getDevicePrivateKey(): Promise<string>;
+    /**
+     * Check if device identity exists
+     */
+    hasDeviceIdentity(): Promise<boolean>;
+    /**
+     * Delete device identity (reset device)
+     */
+    deleteDeviceIdentity(): Promise<void>;
+    /**
+     * Get token account name for environment
+     */
+    private getTokenAccount;
+    /**
+     * Get OAuth tokens for environment.
+     *
+     * Returns null ONLY when the backend read succeeded and no tokens exist
+     * (legitimate "not yet logged in" state). Any other error — backend
+     * unavailable, corrupted payload, parse failure — propagates to the
+     * caller. Swallowing backend errors here would look like a silent logout
+     * when it is actually a hard configuration failure the user needs to see
+     * and fix.
+     */
+    getTokens(environment?: string): Promise<TokenData | null>;
+    /**
+     * Save OAuth tokens for environment
+     */
+    setTokens(tokens: TokenData, environment?: string): Promise<void>;
+    /**
+     * Delete OAuth tokens for environment
+     */
+    deleteTokens(environment?: string): Promise<boolean>;
+    /**
+     * Check if token is expired
+     */
+    isTokenExpired(tokens: TokenData): boolean;
+    /**
+     * Get session key for a session, decrypting from encryptedKeys if needed
+     */
+    getSessionKey(sessionId: string, encryptedKeys?: EncryptedSessionKey[]): Promise<string | null>;
+    /**
+     * Generate and encrypt a new session key for all devices
+     */
+    createSessionKey(devicePublicKeys: Array<{
+        deviceId: string;
+        publicKey: string;
+    }>): {
+        sessionKey: string;
+        encryptedKeys: EncryptedSessionKey[];
+    };
+    /**
+     * Cache a session key
+     */
+    cacheSessionKey(sessionId: string, sessionKey: string): void;
+    /**
+     * Clear cached session key
+     */
+    clearSessionKey(sessionId: string): void;
+    /**
+     * Clear all cached session keys
+     */
+    clearAllSessionKeys(): void;
+    /**
+     * Get registration status
+     */
+    getIsRegistered(): boolean;
+    /**
+     * Set registration status
+     */
+    setIsRegistered(registered: boolean): void;
+    /**
+     * Get device name for registration
+     */
+    getDeviceName(): string;
+    /**
+     * Get platform for registration
+     */
+    getDevicePlatform(): string;
+    /**
+     * Clear all data (device identity + all tokens)
+     */
+    clearAllData(): Promise<void>;
+}
+/**
+ * Export singleton instance
+ */
+export declare const keychainManager: KeychainManager;

package/node_modules/@quantiya/codevibe-core/dist/logger/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { Logger, logger, createLogger } from './logger';

package/node_modules/@quantiya/codevibe-core/dist/logger/logger.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
+interface LoggerOptions {
+    name: string;
+    logFile?: string;
+    level?: LogLevel;
+    console?: boolean;
+}
+/**
+ * Simple logger for CodeVibe plugins
+ */
+export declare class Logger {
+    private name;
+    private logFile?;
+    private level;
+    private enableConsole;
+    constructor(options: LoggerOptions);
+    private ensureLogDir;
+    private shouldLog;
+    private formatMessage;
+    private log;
+    debug(message: string, data?: any): void;
+    info(message: string, data?: any): void;
+    warn(message: string, data?: any): void;
+    error(message: string, data?: any): void;
+    setLevel(level: LogLevel): void;
+}
+/**
+ * Create a logger with custom options
+ */
+export declare function createLogger(options: LoggerOptions): Logger;
+/**
+ * Default shared logger instance
+ */
+export declare const logger: Logger;
+export {};

package/node_modules/@quantiya/codevibe-core/dist/prompt-parser.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Shared prompt parser for interactive terminal prompts.
+ *
+ * Parses terminal snapshots (from tmux capture-pane) to extract
+ * interactive prompt options displayed by CLI tools (Gemini, Codex, etc.).
+ *
+ * Used by multiple plugins to dynamically capture options instead of hardcoding.
+ */
+export type PromptKind = 'yes_no' | 'numbered' | 'text';
+export interface InteractivePromptOption {
+    number: string;
+    text: string;
+}
+export interface ParsedInteractivePrompt {
+    kind: PromptKind;
+    promptText: string;
+    options: InteractivePromptOption[];
+    submitMap: Record<string, string>;
+    requiresFollowUpText?: boolean;
+}
+/**
+ * Parse a terminal snapshot to extract interactive prompt options.
+ *
+ * Detects two prompt types:
+ * - Yes/No prompts: [y/n] patterns
+ * - Numbered prompts: "1. Allow once", "2. Allow for this session", etc.
+ *
+ * Returns null if no prompt is detected.
+ */
+export declare function parseInteractivePrompt(snapshot: string): ParsedInteractivePrompt | null;
+/**
+ * Strip ANSI escape codes, box-drawing characters, and normalize whitespace
+ * from terminal output.
+ *
+ * Box-drawing characters (│, ┌, ┐, └, ┘, ─, etc.) are used by TUI apps like
+ * Gemini CLI to render bordered panels. Stripping them exposes the text content
+ * so the parser can match option lines inside boxes.
+ */
+export declare function normalizeSnapshot(snapshot: string): string;

package/node_modules/@quantiya/codevibe-core/dist/session/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { resumeOrCreateSession, prepareSessionEncryption } from './session-resume';
2	+ export type { ResumeOrCreateSessionInput, ResumeOrCreateSessionResult } from './session-resume';

package/node_modules/@quantiya/codevibe-core/dist/session/session-resume.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Centralized session resume/create logic for all CodeVibe plugins.
+ *
+ * All three plugins (Claude, Codex, Gemini) need the same pattern:
+ * 1. Check if session exists in backend (getSession)
+ * 2. If exists: reactivate + restore E2E session key from encryptedKeys
+ * 3. If not exists: generate encryption keys + create session
+ *
+ * This module eliminates the duplication across plugins.
+ */
+import { AppSyncClient } from '../appsync';
+import { Logger } from '../logger';
+import { AgentType, EncryptedSessionKey } from '../types';
+export interface ResumeOrCreateSessionInput {
+    sessionId: string;
+    userId: string;
+    agentType: AgentType;
+    projectPath: string;
+    metadata?: Record<string, any>;
+}
+export interface ResumeOrCreateSessionResult {
+    /** Whether an existing session was found and reactivated */
+    resumed: boolean;
+    /** The E2E session key (for encrypting/decrypting events), or null if no encryption */
+    sessionKey: string | null;
+}
+/**
+ * Prepare E2E encryption for a new session.
+ *
+ * Generates a random session key and encrypts it for all registered devices.
+ * Does NOT cache the session key — callers should cache only after the session
+ * is successfully created in the backend.
+ *
+ * @returns Encryption data or null if no device keys found / error
+ */
+export declare function prepareSessionEncryption(sessionId: string, appSyncClient: AppSyncClient, logger: Logger): Promise<{
+    sessionKey: string;
+    encryptedKeys: EncryptedSessionKey[];
+} | null>;
+/**
+ * Resume an existing session or create a new one.
+ *
+ * Resume path (session exists in backend):
+ *   - Reactivates session (status → ACTIVE)
+ *   - Restores E2E session key from encryptedKeys
+ *
+ * Create path (session does not exist):
+ *   - Prepares E2E encryption (generates key, encrypts for all devices)
+ *   - Encrypts projectPath and metadata
+ *   - Creates session in backend
+ *   - Caches session key only after successful creation
+ *
+ * @throws Propagates createSession errors (e.g., SESSION_LIMIT_EXCEEDED)
+ */
+export declare function resumeOrCreateSession(input: ResumeOrCreateSessionInput, appSyncClient: AppSyncClient, logger: Logger): Promise<ResumeOrCreateSessionResult>;

package/node_modules/@quantiya/codevibe-core/dist/types/auth.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Stored OAuth tokens
+ */
+export interface TokenData {
+    accessToken: string;
+    idToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    userId: string;
+    email: string;
+}
+/**
+ * Environment configuration
+ */
+export type Environment = 'development' | 'production';

package/node_modules/@quantiya/codevibe-core/dist/types/encryption.d.ts ADDED Viewed

@@ -0,0 +1,54 @@
+/**
+ * Encrypted session key for E2E encryption
+ */
+export interface EncryptedSessionKey {
+    deviceId: string;
+    encryptedKey: string;
+    ephemeralPublicKey: string;
+}
+/**
+ * Device key stored with backend
+ */
+export interface DeviceKey {
+    userId: string;
+    deviceId: string;
+    publicKey: string;
+    platform: string;
+    deviceName?: string;
+    createdAt: string;
+    lastUsedAt?: string;
+}
+/**
+ * Key pair for ECDH
+ */
+export interface KeyPair {
+    privateKey: string;
+    publicKey: string;
+}
+/**
+ * Device identity stored in keychain
+ */
+export interface DeviceIdentity {
+    deviceId: string;
+    privateKey: string;
+    publicKey: string;
+    createdAt: string;
+}
+/**
+ * GraphQL input for registering device key
+ */
+export interface RegisterDeviceKeyInput {
+    deviceId: string;
+    publicKey: string;
+    platform: string;
+    deviceName?: string;
+}
+/**
+ * GraphQL input for granting session key
+ */
+export interface GrantSessionKeyInput {
+    sessionId: string;
+    deviceId: string;
+    encryptedKey: string;
+    ephemeralPublicKey: string;
+}