@quantiya/codevibe-core 1.0.4 → 1.0.5

package/dist/appsync/appsync-client.d.ts

@@ -0,0 +1,132 @@
+import { CreateEventInput, CreateSessionInput, UpdateSessionInput, UpdateEventStatusInput, Event, Session, EventSource, DeviceKey } from '../types';
+/**
+ * Download URL response
+ */
+export interface DownloadUrlResponse {
+    downloadUrl: string;
+    expiresAt: string;
+}
+/**
+ * AppSync GraphQL client with WebSocket subscriptions
+ */
+export declare class AppSyncClient {
+    private authenticated;
+    private currentUserId;
+    private currentEmail;
+    private tokens;
+    private activeSubscriptions;
+    private environment;
+    constructor();
+    /**
+     * Get the current authenticated user ID
+     */
+    getCurrentUserId(): string;
+    /**
+     * Get the current authenticated user email
+     */
+    getCurrentUserEmail(): string | null;
+    /**
+     * Authenticate using stored OAuth tokens from keychain
+     */
+    authenticateWithStoredTokens(): Promise<boolean>;
+    /**
+     * Refresh expired tokens
+     */
+    private refreshTokens;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Sign out
+     */
+    signOut(): void;
+    /**
+     * Make a GraphQL request
+     */
+    private graphqlRequest;
+    /**
+     * Create a session
+     */
+    createSession(input: CreateSessionInput): Promise<Session>;
+    /**
+     * Update a session
+     */
+    updateSession(input: UpdateSessionInput): Promise<Session>;
+    /**
+     * Get a session
+     */
+    getSession(sessionId: string): Promise<Session | null>;
+    /**
+     * Create an event
+     */
+    createEvent(input: CreateEventInput): Promise<Event>;
+    /**
+     * Update event status
+     */
+    updateEventStatus(input: UpdateEventStatusInput): Promise<Event>;
+    /**
+     * List events for a session
+     */
+    listEvents(sessionId: string, source?: EventSource, limit?: number): Promise<Event[]>;
+    /**
+     * List user device keys
+     */
+    listUserDeviceKeys(): Promise<DeviceKey[]>;
+    /**
+     * Register device key
+     */
+    registerDeviceKey(deviceId: string, publicKey: string, platform: string, deviceName: string): Promise<void>;
+    /**
+     * Get attachment download URL
+     */
+    getAttachmentDownloadUrl(s3Key: string): Promise<DownloadUrlResponse>;
+    /**
+     * Subscribe to events for a session
+     */
+    subscribeToEvents(sessionId: string, onEvent: (event: Event) => void, onError?: (error: Error) => void): () => void;
+    /**
+     * Build WebSocket URL
+     */
+    private buildRealtimeUrl;
+    /**
+     * Create WebSocket subscription
+     */
+    private createSubscription;
+    /**
+     * Send subscription start message
+     */
+    private sendSubscriptionStart;
+    /**
+     * Reset keep-alive timer
+     */
+    private resetKeepAliveTimer;
+    /**
+     * Handle subscription error with two-phase reconnection:
+     * Phase 1 (urgent): Exponential backoff for first N attempts
+     * Phase 2 (persistent): Fixed interval retry indefinitely
+     */
+    private handleSubscriptionError;
+    /**
+     * Cleanup subscription state
+     */
+    private cleanupSubscriptionState;
+    private heartbeatTimers;
+    /**
+     * Start periodic heartbeat for a session.
+     * Updates lastHeartbeatAt on the session every intervalMs (default 2 minutes).
+     */
+    startHeartbeat(sessionId: string, intervalMs?: number): void;
+    /**
+     * Stop heartbeat for a session.
+     */
+    stopHeartbeat(sessionId: string): void;
+    /**
+     * Send a single heartbeat update.
+     */
+    private sendHeartbeat;
+    /**
+     * Cleanup all subscriptions and heartbeats
+     */
+    cleanupSubscriptions(): void;
+}

package/dist/appsync/index.d.ts

@@ -0,0 +1,2 @@
+export { AppSyncClient, DownloadUrlResponse } from './appsync-client';
+export { queries, mutations, subscriptions } from './queries';

package/dist/appsync/queries.d.ts

@@ -0,0 +1,16 @@
+export declare const queries: {
+    getSession: string;
+    listEvents: string;
+    listUserDeviceKeys: string;
+};
+export declare const mutations: {
+    createSession: string;
+    updateSession: string;
+    createEvent: string;
+    updateEventStatus: string;
+    registerDeviceKey: string;
+    getAttachmentDownloadUrl: string;
+};
+export declare const subscriptions: {
+    onEventCreated: string;
+};

package/dist/auth/auth-cli.d.ts

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+/**
+ * Main CLI entry point
+ */
+export declare function runAuthCli(argv: string[]): Promise<void>;

package/dist/auth/auth-service.d.ts

@@ -0,0 +1,87 @@
+import { TokenData } from '../types';
+/**
+ * Authentication service for OAuth flows
+ */
+export declare class AuthService {
+    private static instance;
+    private constructor();
+    static getInstance(): AuthService;
+    /**
+     * Open URL in the user's default browser. Cross-platform: macOS, Linux,
+     * WSL, Windows. Always prints the URL to stdout first as a fallback —
+     * if no browser-opening command is available, the user can copy-paste.
+     *
+     * On WSL, prefers opening the Windows host browser via WSL interop
+     * (wslview → cmd.exe → powershell.exe) before falling back to xdg-open.
+     */
+    private openBrowser;
+    /**
+     * Returns the list of browser-opening commands to try in order, based on
+     * the current platform. On WSL, returns WSL interop commands first so the
+     * Windows browser opens (which is what users actually want on WSL).
+     */
+    private getBrowserCommands;
+    /**
+     * Detect whether we're running inside WSL (1 or 2). Returns false on
+     * any non-Linux platform or if /proc/sys/kernel/osrelease is not readable.
+     */
+    private isRunningInWSL;
+    /**
+     * Try each browser-opening command in order. Advances to the next fallback on:
+     *   - Spawn failure (ENOENT / the command not being installed)
+     *   - Synchronous throw from spawn()
+     *   - Runtime failure where the command spawns but exits with a non-zero
+     *     code (e.g. wslview when WSL interop is disabled, xdg-open when no
+     *     default browser is registered, cmd.exe failing to launch start)
+     *   - Process terminated by signal
+     *
+     * Stays on the current command when:
+     *   - Process exits with code 0 (success)
+     *   - Process is still running after 3 seconds (assumed success — opener
+     *     is doing real work like launching a slow app, not hung)
+     *
+     * If all attempts exhaust, logs at debug level — the user still has the
+     * sign-in URL printed to stdout as a copy-paste fallback.
+     */
+    private tryBrowserCommand;
+    /**
+     * Generate state for CSRF protection
+     */
+    private generateState;
+    /**
+     * Build authorization URL
+     */
+    private buildAuthUrl;
+    /**
+     * Exchange authorization code for tokens
+     */
+    private exchangeCodeForTokens;
+    /**
+     * Decode JWT payload
+     */
+    private decodeJwt;
+    /**
+     * Refresh tokens
+     */
+    refreshTokens(refreshToken: string): Promise<{
+        accessToken: string;
+        idToken: string;
+        expiresIn: number;
+    }>;
+    /**
+     * Login via OAuth browser flow
+     */
+    login(): Promise<TokenData | null>;
+    /**
+     * Logout
+     */
+    logout(): Promise<boolean>;
+    /**
+     * Get current auth status
+     */
+    getStatus(): Promise<{
+        authenticated: boolean;
+        tokens?: TokenData;
+    }>;
+}
+export declare const authService: AuthService;

package/dist/auth/fetch-helpers.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Wraps fetch() and rewrites "fetch failed" errors to include the underlying
+ * cause and a user-actionable diagnostic tip when possible. Non-network errors
+ * and HTTP error responses (non-2xx) are not affected — the caller still
+ * handles response.ok checks themselves.
+ *
+ * @param url The URL to fetch
+ * @param init Standard fetch init options
+ * @param context Optional short label (e.g. "token exchange") for the error message
+ */
+export declare function fetchWithDiagnostics(url: string, init?: any, context?: string): Promise<Response>;

package/dist/auth/index.d.ts

@@ -0,0 +1,2 @@
+export { AuthService, authService } from './auth-service';
+export { runAuthCli } from './auth-cli';

package/dist/config/config.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Environment type
+ */
+export type Environment = 'development' | 'production';
+/**
+ * Configuration interface
+ */
+export interface Config {
+    environment: Environment;
+    aws: {
+        region: string;
+        appsyncUrl: string;
+        cognitoUserPoolId: string;
+        cognitoClientId: string;
+        cognitoDomain: string;
+    };
+    keychain: {
+        serviceName: string;
+    };
+    server: {
+        port: number;
+        host: string;
+        dynamicPort: boolean;
+    };
+    claude: {
+        command: string;
+        defaultTimeout: number;
+    };
+    codex: {
+        command: string;
+        defaultTimeout: number;
+        sessionsDir: string;
+        approvalTimeoutMs: number;
+    };
+    gemini: {
+        command: string;
+        defaultTimeout: number;
+        transcriptDir: string;
+    };
+}
+/**
+ * Get environment from process.env.ENVIRONMENT, defaults to 'production'
+ */
+export declare function getEnvironment(): Environment;
+/**
+ * Load configuration for specific environment
+ * If no environment specified, uses process.env.ENVIRONMENT or defaults to 'production'
+ */
+export declare function loadConfig(environment?: Environment): Config;
+/**
+ * Get current configuration (auto-initializes if not already loaded)
+ */
+export declare function getConfig(): Config;

package/dist/config/index.d.ts

@@ -0,0 +1,2 @@
+export { loadConfig, getConfig, getEnvironment } from './config';
+export type { Config, Environment } from './config';

package/dist/crypto/crypto-service.d.ts

@@ -0,0 +1,118 @@
+import { EncryptedSessionKey, KeyPair } from '../types';
+/**
+ * Error class for cryptographic operations
+ */
+export declare class CryptoError extends Error {
+    constructor(message: string);
+}
+/**
+ * Current encryption version for future algorithm upgrades
+ */
+export declare const ENCRYPTION_VERSION = 1;
+/**
+ * Service for end-to-end encryption operations
+ */
+export declare class CryptoService {
+    private static instance;
+    private constructor();
+    static getInstance(): CryptoService;
+    /**
+     * Generate a new ECDH P-256 key pair
+     * @returns Object with privateKey (base64), publicKey (base64 raw)
+     */
+    generateKeyPair(): KeyPair;
+    /**
+     * Generate a random 256-bit session key
+     * @returns Base64-encoded session key
+     */
+    generateSessionKey(): string;
+    /**
+     * Derive a shared secret using ECDH and HKDF
+     * @param privateKeyBase64 Our private key (base64)
+     * @param publicKeyBase64 Other party's public key (base64)
+     * @returns 256-bit derived key as Buffer
+     */
+    deriveSharedKey(privateKeyBase64: string, publicKeyBase64: string): Buffer;
+    /**
+     * Encrypt a session key for a target device using ECDH
+     * @param sessionKeyBase64 The session key to encrypt (base64)
+     * @param targetPublicKeyBase64 Target device's public key (base64)
+     * @returns EncryptedSessionKey containing encrypted key and ephemeral public key
+     */
+    encryptSessionKey(sessionKeyBase64: string, targetPublicKeyBase64: string): Omit<EncryptedSessionKey, 'deviceId'>;
+    /**
+     * Decrypt a session key using our private key
+     * @param encryptedSessionKey The encrypted session key data
+     * @param privateKeyBase64 Our device's private key (base64)
+     * @returns Decrypted session key (base64)
+     */
+    decryptSessionKey(encryptedSessionKey: EncryptedSessionKey, privateKeyBase64: string): string;
+    /**
+     * Encrypt content using AES-256-GCM
+     * @param content String content to encrypt
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Base64-encoded ciphertext (nonce + ciphertext + tag)
+     */
+    encryptContent(content: string, sessionKeyBase64: string): string;
+    /**
+     * Decrypt content using AES-256-GCM
+     * @param encryptedContent Base64-encoded ciphertext
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted string content
+     */
+    decryptContent(encryptedContent: string, sessionKeyBase64: string): string;
+    /**
+     * Encrypt JSON-serializable metadata
+     * @param metadata Object to encrypt
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Base64-encoded encrypted JSON
+     */
+    encryptMetadata(metadata: Record<string, any>, sessionKeyBase64: string): string;
+    /**
+     * Decrypt encrypted metadata
+     * @param encryptedMetadata Base64-encoded encrypted JSON
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted object
+     */
+    decryptMetadata(encryptedMetadata: string, sessionKeyBase64: string): Record<string, any>;
+    /**
+     * Encrypt binary data using AES-256-GCM
+     * @param data Binary data to encrypt (Buffer)
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Encrypted data (Buffer containing nonce + ciphertext + tag)
+     */
+    encryptData(data: Buffer, sessionKeyBase64: string): Buffer;
+    /**
+     * Decrypt binary data using AES-256-GCM
+     * @param encryptedData Encrypted data (Buffer containing nonce + ciphertext + tag)
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted binary data (Buffer)
+     */
+    decryptData(encryptedData: Buffer, sessionKeyBase64: string): Buffer;
+    /**
+     * Encrypt data using AES-256-GCM
+     * @param data Data to encrypt
+     * @param key Symmetric key (32 bytes)
+     * @returns Combined nonce + ciphertext + tag
+     */
+    private encrypt;
+    /**
+     * Decrypt data using AES-256-GCM
+     * @param data Combined nonce + ciphertext + tag
+     * @param key Symmetric key (32 bytes)
+     * @returns Decrypted data
+     */
+    private decrypt;
+    /**
+     * Serialize a private key for storage
+     */
+    serializePrivateKey(privateKeyBase64: string): string;
+    /**
+     * Deserialize a private key from storage
+     */
+    deserializePrivateKey(base64: string): string;
+}
+/**
+ * Export singleton instance
+ */
+export declare const cryptoService: CryptoService;

package/dist/crypto/index.d.ts

@@ -0,0 +1 @@
+export { CryptoService, cryptoService, CryptoError, ENCRYPTION_VERSION } from './crypto-service';

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { KeychainManager, keychainManager, KeychainError } from './keychain';
+export { CryptoService, cryptoService, CryptoError, ENCRYPTION_VERSION } from './crypto';
+export { AppSyncClient, DownloadUrlResponse } from './appsync';
+export { queries, mutations, subscriptions } from './appsync';
+export { AuthService, authService } from './auth';
+export { runAuthCli } from './auth';
+export { loadConfig, getConfig, getEnvironment } from './config';
+export type { Config, Environment } from './config';
+export { Logger, logger, createLogger } from './logger';
+export { parseInteractivePrompt, normalizeSnapshot, } from './prompt-parser';
+export type { ParsedInteractivePrompt, PromptKind, InteractivePromptOption, } from './prompt-parser';
+export { resumeOrCreateSession, prepareSessionEncryption } from './session';
+export type { ResumeOrCreateSessionInput, ResumeOrCreateSessionResult } from './session';
+export * from './types';

package/dist/keychain/index.d.ts

@@ -0,0 +1 @@
+export { KeychainManager, keychainManager, KeychainError } from './keychain-manager';

package/dist/keychain/keychain-manager.d.ts

@@ -0,0 +1,125 @@
+import { DeviceIdentity, TokenData, EncryptedSessionKey } from '../types';
+/**
+ * Error class for keychain operations
+ */
+export declare class KeychainError extends Error {
+    constructor(message: string);
+}
+/**
+ * Manages device identity and OAuth tokens using native keychain
+ */
+export declare class KeychainManager {
+    private static instance;
+    private deviceIdentity;
+    private sessionKeyCache;
+    private isRegistered;
+    private _serviceName;
+    private constructor();
+    /**
+     * Get the keychain service name (lazy-loaded from config)
+     */
+    private get serviceName();
+    static getInstance(): KeychainManager;
+    /**
+     * Get the device identity from keychain
+     */
+    getDeviceIdentity(): Promise<DeviceIdentity | null>;
+    /**
+     * Set the device identity in keychain
+     */
+    setDeviceIdentity(identity: DeviceIdentity): Promise<void>;
+    /**
+     * Get or create device identity
+     */
+    getOrCreateDeviceIdentity(): Promise<DeviceIdentity>;
+    /**
+     * Get device ID (creates identity if needed)
+     */
+    getDeviceId(): Promise<string>;
+    /**
+     * Get device public key (creates identity if needed)
+     */
+    getDevicePublicKey(): Promise<string>;
+    /**
+     * Get device private key (creates identity if needed)
+     */
+    getDevicePrivateKey(): Promise<string>;
+    /**
+     * Check if device identity exists
+     */
+    hasDeviceIdentity(): Promise<boolean>;
+    /**
+     * Delete device identity (reset device)
+     */
+    deleteDeviceIdentity(): Promise<void>;
+    /**
+     * Get token account name for environment
+     */
+    private getTokenAccount;
+    /**
+     * Get OAuth tokens for environment
+     */
+    getTokens(environment?: string): Promise<TokenData | null>;
+    /**
+     * Save OAuth tokens for environment
+     */
+    setTokens(tokens: TokenData, environment?: string): Promise<void>;
+    /**
+     * Delete OAuth tokens for environment
+     */
+    deleteTokens(environment?: string): Promise<boolean>;
+    /**
+     * Check if token is expired
+     */
+    isTokenExpired(tokens: TokenData): boolean;
+    /**
+     * Get session key for a session, decrypting from encryptedKeys if needed
+     */
+    getSessionKey(sessionId: string, encryptedKeys?: EncryptedSessionKey[]): Promise<string | null>;
+    /**
+     * Generate and encrypt a new session key for all devices
+     */
+    createSessionKey(devicePublicKeys: Array<{
+        deviceId: string;
+        publicKey: string;
+    }>): {
+        sessionKey: string;
+        encryptedKeys: EncryptedSessionKey[];
+    };
+    /**
+     * Cache a session key
+     */
+    cacheSessionKey(sessionId: string, sessionKey: string): void;
+    /**
+     * Clear cached session key
+     */
+    clearSessionKey(sessionId: string): void;
+    /**
+     * Clear all cached session keys
+     */
+    clearAllSessionKeys(): void;
+    /**
+     * Get registration status
+     */
+    getIsRegistered(): boolean;
+    /**
+     * Set registration status
+     */
+    setIsRegistered(registered: boolean): void;
+    /**
+     * Get device name for registration
+     */
+    getDeviceName(): string;
+    /**
+     * Get platform for registration
+     */
+    getDevicePlatform(): string;
+    /**
+     * Clear all data (device identity + all tokens)
+     */
+    clearAllData(): Promise<void>;
+}
+/**
+ * Export singleton instance
+ */
+export declare const keychainManager: KeychainManager;

package/dist/logger/index.d.ts

@@ -0,0 +1 @@
+export { Logger, logger, createLogger } from './logger';

package/dist/logger/logger.d.ts

@@ -0,0 +1,35 @@
+export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
+interface LoggerOptions {
+    name: string;
+    logFile?: string;
+    level?: LogLevel;
+    console?: boolean;
+}
+/**
+ * Simple logger for CodeVibe plugins
+ */
+export declare class Logger {
+    private name;
+    private logFile?;
+    private level;
+    private enableConsole;
+    constructor(options: LoggerOptions);
+    private ensureLogDir;
+    private shouldLog;
+    private formatMessage;
+    private log;
+    debug(message: string, data?: any): void;
+    info(message: string, data?: any): void;
+    warn(message: string, data?: any): void;
+    error(message: string, data?: any): void;
+    setLevel(level: LogLevel): void;
+}
+/**
+ * Create a logger with custom options
+ */
+export declare function createLogger(options: LoggerOptions): Logger;
+/**
+ * Default shared logger instance
+ */
+export declare const logger: Logger;
+export {};

package/dist/prompt-parser.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Shared prompt parser for interactive terminal prompts.
+ *
+ * Parses terminal snapshots (from tmux capture-pane) to extract
+ * interactive prompt options displayed by CLI tools (Gemini, Codex, etc.).
+ *
+ * Used by multiple plugins to dynamically capture options instead of hardcoding.
+ */
+export type PromptKind = 'yes_no' | 'numbered' | 'text';
+export interface InteractivePromptOption {
+    number: string;
+    text: string;
+}
+export interface ParsedInteractivePrompt {
+    kind: PromptKind;
+    promptText: string;
+    options: InteractivePromptOption[];
+    submitMap: Record<string, string>;
+    requiresFollowUpText?: boolean;
+}
+/**
+ * Parse a terminal snapshot to extract interactive prompt options.
+ *
+ * Detects two prompt types:
+ * - Yes/No prompts: [y/n] patterns
+ * - Numbered prompts: "1. Allow once", "2. Allow for this session", etc.
+ *
+ * Returns null if no prompt is detected.
+ */
+export declare function parseInteractivePrompt(snapshot: string): ParsedInteractivePrompt | null;
+/**
+ * Strip ANSI escape codes, box-drawing characters, and normalize whitespace
+ * from terminal output.
+ *
+ * Box-drawing characters (│, ┌, ┐, └, ┘, ─, etc.) are used by TUI apps like
+ * Gemini CLI to render bordered panels. Stripping them exposes the text content
+ * so the parser can match option lines inside boxes.
+ */
+export declare function normalizeSnapshot(snapshot: string): string;

package/dist/session/index.d.ts

@@ -0,0 +1,2 @@
+export { resumeOrCreateSession, prepareSessionEncryption } from './session-resume';
+export type { ResumeOrCreateSessionInput, ResumeOrCreateSessionResult } from './session-resume';

package/dist/session/session-resume.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Centralized session resume/create logic for all CodeVibe plugins.
+ *
+ * All three plugins (Claude, Codex, Gemini) need the same pattern:
+ * 1. Check if session exists in backend (getSession)
+ * 2. If exists: reactivate + restore E2E session key from encryptedKeys
+ * 3. If not exists: generate encryption keys + create session
+ *
+ * This module eliminates the duplication across plugins.
+ */
+import { AppSyncClient } from '../appsync';
+import { Logger } from '../logger';
+import { AgentType, EncryptedSessionKey } from '../types';
+export interface ResumeOrCreateSessionInput {
+    sessionId: string;
+    userId: string;
+    agentType: AgentType;
+    projectPath: string;
+    metadata?: Record<string, any>;
+}
+export interface ResumeOrCreateSessionResult {
+    /** Whether an existing session was found and reactivated */
+    resumed: boolean;
+    /** The E2E session key (for encrypting/decrypting events), or null if no encryption */
+    sessionKey: string | null;
+}
+/**
+ * Prepare E2E encryption for a new session.
+ *
+ * Generates a random session key and encrypts it for all registered devices.
+ * Does NOT cache the session key — callers should cache only after the session
+ * is successfully created in the backend.
+ *
+ * @returns Encryption data or null if no device keys found / error
+ */
+export declare function prepareSessionEncryption(sessionId: string, appSyncClient: AppSyncClient, logger: Logger): Promise<{
+    sessionKey: string;
+    encryptedKeys: EncryptedSessionKey[];
+} | null>;
+/**
+ * Resume an existing session or create a new one.
+ *
+ * Resume path (session exists in backend):
+ *   - Reactivates session (status → ACTIVE)
+ *   - Restores E2E session key from encryptedKeys
+ *
+ * Create path (session does not exist):
+ *   - Prepares E2E encryption (generates key, encrypts for all devices)
+ *   - Encrypts projectPath and metadata
+ *   - Creates session in backend
+ *   - Caches session key only after successful creation
+ *
+ * @throws Propagates createSession errors (e.g., SESSION_LIMIT_EXCEEDED)
+ */
+export declare function resumeOrCreateSession(input: ResumeOrCreateSessionInput, appSyncClient: AppSyncClient, logger: Logger): Promise<ResumeOrCreateSessionResult>;

package/dist/types/auth.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Stored OAuth tokens
+ */
+export interface TokenData {
+    accessToken: string;
+    idToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    userId: string;
+    email: string;
+}
+/**
+ * Environment configuration
+ */
+export type Environment = 'development' | 'production';

package/dist/types/encryption.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Encrypted session key for E2E encryption
+ */
+export interface EncryptedSessionKey {
+    deviceId: string;
+    encryptedKey: string;
+    ephemeralPublicKey: string;
+}
+/**
+ * Device key stored with backend
+ */
+export interface DeviceKey {
+    userId: string;
+    deviceId: string;
+    publicKey: string;
+    platform: string;
+    deviceName?: string;
+    createdAt: string;
+    lastUsedAt?: string;
+}
+/**
+ * Key pair for ECDH
+ */
+export interface KeyPair {
+    privateKey: string;
+    publicKey: string;
+}
+/**
+ * Device identity stored in keychain
+ */
+export interface DeviceIdentity {
+    deviceId: string;
+    privateKey: string;
+    publicKey: string;
+    createdAt: string;
+}
+/**
+ * GraphQL input for registering device key
+ */
+export interface RegisterDeviceKeyInput {
+    deviceId: string;
+    publicKey: string;
+    platform: string;
+    deviceName?: string;
+}
+/**
+ * GraphQL input for granting session key
+ */
+export interface GrantSessionKeyInput {
+    sessionId: string;
+    deviceId: string;
+    encryptedKey: string;
+    ephemeralPublicKey: string;
+}

package/dist/types/events.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Event types matching GraphQL schema
+ */
+export declare enum EventType {
+    USER_PROMPT = "USER_PROMPT",
+    ASSISTANT_RESPONSE = "ASSISTANT_RESPONSE",
+    TOOL_USE = "TOOL_USE",
+    NOTIFICATION = "NOTIFICATION",
+    INTERACTIVE_PROMPT = "INTERACTIVE_PROMPT",
+    PROMPT_RESPONSE = "PROMPT_RESPONSE",
+    REASONING = "REASONING"
+}
+export declare enum EventSource {
+    DESKTOP = "DESKTOP",
+    MOBILE = "MOBILE"
+}
+export declare enum DeliveryStatus {
+    SENT = "SENT",
+    DELIVERED = "DELIVERED",
+    EXECUTED = "EXECUTED"
+}
+/**
+ * Attachment type (for images/files attached to messages)
+ */
+export interface Attachment {
+    id: string;
+    type: string;
+    filename?: string;
+    s3Key: string;
+    size?: number;
+    width?: number;
+    height?: number;
+    isEncrypted?: boolean;
+}
+/**
+ * Event type
+ */
+export interface Event {
+    eventId: string;
+    sessionId: string;
+    type: EventType;
+    source: EventSource;
+    content: string;
+    timestamp: string;
+    metadata?: Record<string, any>;
+    promptId?: string;
+    attachments?: Attachment[];
+    deliveryStatus?: DeliveryStatus;
+    deliveredAt?: string;
+    executedAt?: string;
+    isEncrypted?: boolean;
+}
+/**
+ * GraphQL input for creating events
+ */
+export interface CreateEventInput {
+    sessionId: string;
+    type: EventType;
+    source: EventSource;
+    content: string;
+    metadata?: Record<string, any>;
+    promptId?: string;
+    timestamp?: string;
+    isEncrypted?: boolean;
+}
+/**
+ * GraphQL input for updating event status
+ */
+export interface UpdateEventStatusInput {
+    eventId: string;
+    sessionId: string;
+    timestamp: string;
+    deliveryStatus: DeliveryStatus;
+}

package/dist/types/index.d.ts

@@ -0,0 +1,4 @@
+export * from './events';
+export * from './session';
+export * from './encryption';
+export * from './auth';

package/dist/types/session.d.ts

@@ -0,0 +1,59 @@
+import { EncryptedSessionKey } from './encryption';
+/**
+ * Session status enum
+ */
+export declare enum SessionStatus {
+    ACTIVE = "ACTIVE",
+    INACTIVE = "INACTIVE",
+    PAUSED = "PAUSED"
+}
+/**
+ * Agent type for multi-agent support
+ */
+export declare enum AgentType {
+    CLAUDE = "CLAUDE",
+    GEMINI = "GEMINI",
+    CODEX = "CODEX"
+}
+/**
+ * Session type
+ */
+export interface Session {
+    sessionId: string;
+    userId: string;
+    agentType: AgentType;
+    projectPath: string;
+    status: SessionStatus;
+    createdAt: string;
+    updatedAt: string;
+    metadata?: Record<string, any>;
+    isEncrypted?: boolean;
+    encryptedKeys?: EncryptedSessionKey[];
+    creatorDeviceId?: string;
+    encryptionVersion?: number;
+    lastHeartbeatAt?: string;
+}
+/**
+ * GraphQL input for creating sessions
+ */
+export interface CreateSessionInput {
+    sessionId?: string;
+    userId: string;
+    agentType?: AgentType;
+    projectPath: string;
+    status?: SessionStatus;
+    metadata?: Record<string, any>;
+    encryptedKeys?: EncryptedSessionKey[];
+    creatorDeviceId?: string;
+    isEncrypted?: boolean;
+    encryptionVersion?: number;
+}
+/**
+ * GraphQL input for updating sessions
+ */
+export interface UpdateSessionInput {
+    sessionId: string;
+    status?: SessionStatus;
+    metadata?: Record<string, any>;
+    lastHeartbeatAt?: string;
+}

package/package.json

@@ -1,18 +1,21 @@
 {
   "name": "@quantiya/codevibe-core",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Core library for CodeVibe plugins - shared keychain, crypto, AppSync, and auth functionality",
   "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "bin": {
     "codevibe": "./bin/codevibe.js"
   },
   "files": [
+    "dist/**/*.d.ts",
     "dist/index.js",
     "bin"
   ],
   "scripts": {
     "typecheck": "tsc --noEmit",
-    "build": "rm -rf dist && npm run typecheck && esbuild src/index.ts --bundle --platform=node --target=node18 --minify --packages=external --outfile=dist/index.js",
+    "emit-types": "tsc --emitDeclarationOnly",
+    "build": "rm -rf dist && npm run emit-types && esbuild src/index.ts --bundle --platform=node --target=node18 --minify --packages=external --outfile=dist/index.js",
     "clean": "rm -rf dist",
     "prepublishOnly": "npm run build",
     "test": "echo \"No tests yet\" && exit 0"