@rulemetric/cli 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (145) hide show
  1. package/dist/base-command.js +4 -4
  2. package/dist/{chunk-DUQGKWHJ.js → chunk-346TGPVR.js} +3 -3
  3. package/dist/{chunk-2AM54TUK.js → chunk-4UJATBTG.js} +2 -2
  4. package/dist/{chunk-RYMK7FQL.js → chunk-5ZOLDIZQ.js} +2 -2
  5. package/dist/{chunk-BD7CY42U.js → chunk-7DRLX3DN.js} +3 -3
  6. package/dist/{chunk-I4GHR6CY.js → chunk-7XDWLJJP.js} +2 -2
  7. package/dist/{chunk-E32IADV3.js → chunk-AOIY5RT6.js} +11 -11
  8. package/dist/{chunk-JX5UI6RW.js → chunk-AUUHXCJU.js} +2 -2
  9. package/dist/{chunk-7DIWBTB5.js → chunk-CB43W53J.js} +4 -4
  10. package/dist/{chunk-EHABPBGH.js → chunk-CCSR73HF.js} +2 -2
  11. package/dist/{chunk-EHZJ6OXD.js → chunk-CGUV6TUA.js} +2 -2
  12. package/dist/{chunk-EJOI2ZGU.js → chunk-CWFVBGX2.js} +8 -12
  13. package/dist/chunk-CWFVBGX2.js.map +7 -0
  14. package/dist/{chunk-VBOTWXJW.js → chunk-DUR54APY.js} +2 -2
  15. package/dist/{chunk-XMWHTOCC.js → chunk-IKEI4KNV.js} +2 -2
  16. package/dist/{chunk-OWUS3HMA.js → chunk-IVOCDHWA.js} +2 -2
  17. package/dist/{chunk-UF73WX2J.js → chunk-OAQG5WBV.js} +2 -2
  18. package/dist/{chunk-QJXAULRC.js → chunk-OKCFYPIQ.js} +2 -2
  19. package/dist/{chunk-YBNW7ARH.js → chunk-PHIAFGQ2.js} +2 -2
  20. package/dist/{chunk-IWYCRLEK.js → chunk-TDTHAOXO.js} +2 -2
  21. package/dist/{chunk-PQU7GZ7A.js → chunk-TJ2M5QVL.js} +2 -2
  22. package/dist/{chunk-KZRFUXGF.js → chunk-W2YERO7E.js} +27 -2
  23. package/dist/chunk-W2YERO7E.js.map +7 -0
  24. package/dist/{chunk-F5DPTXRC.js → chunk-YQFCUKNI.js} +31 -5
  25. package/dist/{chunk-F5DPTXRC.js.map → chunk-YQFCUKNI.js.map} +2 -2
  26. package/dist/commands/antigravity/backfill.js +5 -5
  27. package/dist/commands/auth/create-key.js +4 -4
  28. package/dist/commands/auth/login.js +4 -4
  29. package/dist/commands/auth/logout.js +4 -4
  30. package/dist/commands/auth/revoke-key.js +4 -4
  31. package/dist/commands/auth/status.js +4 -4
  32. package/dist/commands/catalog/index.js +4 -4
  33. package/dist/commands/catalog/recommend.js +4 -4
  34. package/dist/commands/convert.js +4 -4
  35. package/dist/commands/converters.js +4 -4
  36. package/dist/commands/crons/list.js +4 -4
  37. package/dist/commands/crons/run.js +4 -4
  38. package/dist/commands/dashboard.js +4 -4
  39. package/dist/commands/eval-targets/create.js +4 -4
  40. package/dist/commands/eval-targets/list.js +4 -4
  41. package/dist/commands/evals/agent.js +16 -16
  42. package/dist/commands/evals/benchmark.js +5 -5
  43. package/dist/commands/evals/compare.js +4 -4
  44. package/dist/commands/evals/create.js +4 -4
  45. package/dist/commands/evals/optimize-description.js +4 -4
  46. package/dist/commands/evals/optimize.js +4 -4
  47. package/dist/commands/evals/run.js +4 -4
  48. package/dist/commands/gateway/ensure.js +4 -4
  49. package/dist/commands/hooks/install.js +4 -4
  50. package/dist/commands/hooks/run.js +4 -4
  51. package/dist/commands/hooks/uninstall.js +4 -4
  52. package/dist/commands/import.js +4 -4
  53. package/dist/commands/instructions/create.js +4 -4
  54. package/dist/commands/instructions/delete.js +4 -4
  55. package/dist/commands/instructions/fork.js +4 -4
  56. package/dist/commands/instructions/get.js +4 -4
  57. package/dist/commands/instructions/list.js +4 -4
  58. package/dist/commands/instructions/promote.js +4 -4
  59. package/dist/commands/instructions/pull.js +4 -4
  60. package/dist/commands/instructions/upstream.js +4 -4
  61. package/dist/commands/instructions/versions.js +4 -4
  62. package/dist/commands/launcher.js +4 -4
  63. package/dist/commands/org/current.js +4 -4
  64. package/dist/commands/org/list.js +4 -4
  65. package/dist/commands/org/switch.js +4 -4
  66. package/dist/commands/packs/add-instruction.js +4 -4
  67. package/dist/commands/packs/apply.js +4 -4
  68. package/dist/commands/packs/create.js +4 -4
  69. package/dist/commands/packs/fork.js +4 -4
  70. package/dist/commands/packs/get.js +4 -4
  71. package/dist/commands/packs/list.js +4 -4
  72. package/dist/commands/packs/remove-instruction.js +4 -4
  73. package/dist/commands/proxy/env.js +4 -4
  74. package/dist/commands/proxy/logs.js +4 -4
  75. package/dist/commands/proxy/restart.js +4 -4
  76. package/dist/commands/proxy/setup.js +4 -4
  77. package/dist/commands/proxy/start.js +4 -4
  78. package/dist/commands/proxy/status.js +4 -4
  79. package/dist/commands/proxy/stop.js +4 -4
  80. package/dist/commands/research/backfill.js +5 -5
  81. package/dist/commands/research/tail-transcript.js +5 -5
  82. package/dist/commands/service/install.js +4 -4
  83. package/dist/commands/service/status.js +4 -4
  84. package/dist/commands/service/uninstall.js +4 -4
  85. package/dist/commands/sessions/analyze.js +4 -4
  86. package/dist/commands/sessions/end.js +4 -4
  87. package/dist/commands/sessions/import.js +4 -4
  88. package/dist/commands/sessions/list.js +4 -4
  89. package/dist/commands/sessions/start.js +4 -4
  90. package/dist/commands/setup.js +5 -5
  91. package/dist/commands/signals/report.js +4 -4
  92. package/dist/commands/skills/export-approved.js +4 -4
  93. package/dist/commands/skills/install.js +4 -4
  94. package/dist/commands/skills/list.js +4 -4
  95. package/dist/commands/skills/publish.js +4 -4
  96. package/dist/commands/skills/search.js +4 -4
  97. package/dist/commands/skills/update.js +4 -4
  98. package/dist/commands/suggestions/accept.js +4 -4
  99. package/dist/commands/suggestions/dismiss.js +4 -4
  100. package/dist/commands/suggestions/list.js +4 -4
  101. package/dist/commands/suggestions/refresh.js +4 -4
  102. package/dist/lib/active-org-refresh.js +3 -3
  103. package/dist/lib/agent-loop.js +14 -14
  104. package/dist/lib/antigravity-transcript.js +3 -3
  105. package/dist/lib/api-client.js +2 -2
  106. package/dist/lib/auth.js +5 -1
  107. package/dist/lib/eval-benchmark.js +3 -3
  108. package/dist/lib/eval-conversation-handler.js +3 -3
  109. package/dist/lib/handlers/cron-close-stale-sessions.js +2 -2
  110. package/dist/lib/handlers/cron-data-integrity-audit.js +2 -2
  111. package/dist/lib/handlers/cron-suggest-instructions.js +3 -3
  112. package/dist/lib/handlers/process-announcement.js +2 -2
  113. package/dist/lib/handlers/process-changelog.js +2 -2
  114. package/dist/lib/handlers/process-conversation.js +4 -4
  115. package/dist/lib/handlers/process-eval.js +3 -3
  116. package/dist/lib/handlers/process-insights.js +3 -3
  117. package/dist/lib/handlers/process-launch.js +3 -3
  118. package/dist/lib/handlers/process-run-cleanup.js +2 -2
  119. package/dist/lib/handlers/process-session-goal.js +2 -2
  120. package/dist/lib/manual-tasks.js +5 -5
  121. package/dist/lib/research-client.js +3 -3
  122. package/dist/lib/setup-steps.js +3 -3
  123. package/dist/lib/terminal-target-heartbeat.js +3 -3
  124. package/oclif.manifest.json +116 -116
  125. package/package.json +6 -6
  126. package/dist/chunk-EJOI2ZGU.js.map +0 -7
  127. package/dist/chunk-KZRFUXGF.js.map +0 -7
  128. /package/dist/{chunk-DUQGKWHJ.js.map → chunk-346TGPVR.js.map} +0 -0
  129. /package/dist/{chunk-2AM54TUK.js.map → chunk-4UJATBTG.js.map} +0 -0
  130. /package/dist/{chunk-RYMK7FQL.js.map → chunk-5ZOLDIZQ.js.map} +0 -0
  131. /package/dist/{chunk-BD7CY42U.js.map → chunk-7DRLX3DN.js.map} +0 -0
  132. /package/dist/{chunk-I4GHR6CY.js.map → chunk-7XDWLJJP.js.map} +0 -0
  133. /package/dist/{chunk-E32IADV3.js.map → chunk-AOIY5RT6.js.map} +0 -0
  134. /package/dist/{chunk-JX5UI6RW.js.map → chunk-AUUHXCJU.js.map} +0 -0
  135. /package/dist/{chunk-7DIWBTB5.js.map → chunk-CB43W53J.js.map} +0 -0
  136. /package/dist/{chunk-EHABPBGH.js.map → chunk-CCSR73HF.js.map} +0 -0
  137. /package/dist/{chunk-EHZJ6OXD.js.map → chunk-CGUV6TUA.js.map} +0 -0
  138. /package/dist/{chunk-VBOTWXJW.js.map → chunk-DUR54APY.js.map} +0 -0
  139. /package/dist/{chunk-XMWHTOCC.js.map → chunk-IKEI4KNV.js.map} +0 -0
  140. /package/dist/{chunk-OWUS3HMA.js.map → chunk-IVOCDHWA.js.map} +0 -0
  141. /package/dist/{chunk-UF73WX2J.js.map → chunk-OAQG5WBV.js.map} +0 -0
  142. /package/dist/{chunk-QJXAULRC.js.map → chunk-OKCFYPIQ.js.map} +0 -0
  143. /package/dist/{chunk-YBNW7ARH.js.map → chunk-PHIAFGQ2.js.map} +0 -0
  144. /package/dist/{chunk-IWYCRLEK.js.map → chunk-TDTHAOXO.js.map} +0 -0
  145. /package/dist/{chunk-PQU7GZ7A.js.map → chunk-TJ2M5QVL.js.map} +0 -0
@@ -1,10 +1,10 @@
1
1
  import {
2
2
  BaseCommand
3
- } from "./chunk-7DIWBTB5.js";
3
+ } from "./chunk-CB43W53J.js";
4
4
  import "./chunk-R56PH7YE.js";
5
- import "./chunk-2AM54TUK.js";
6
- import "./chunk-EJOI2ZGU.js";
7
- import "./chunk-KZRFUXGF.js";
5
+ import "./chunk-4UJATBTG.js";
6
+ import "./chunk-CWFVBGX2.js";
7
+ import "./chunk-W2YERO7E.js";
8
8
  import "./chunk-EKJ2CABV.js";
9
9
  import "./chunk-NSBPE2FW.js";
10
10
  export {
@@ -6,11 +6,11 @@ import {
6
6
  } from "./chunk-FTJRMUID.js";
7
7
  import {
8
8
  apiGet
9
- } from "./chunk-EJOI2ZGU.js";
9
+ } from "./chunk-CWFVBGX2.js";
10
10
  import {
11
11
  getDefaultConfigDir,
12
12
  isAuthenticated
13
- } from "./chunk-KZRFUXGF.js";
13
+ } from "./chunk-W2YERO7E.js";
14
14
 
15
15
  // src/lib/setup-steps.ts
16
16
  import { execSync } from "node:child_process";
@@ -306,4 +306,4 @@ export {
306
306
  isStepId,
307
307
  computeStatus
308
308
  };
309
- //# sourceMappingURL=chunk-DUQGKWHJ.js.map
309
+ //# sourceMappingURL=chunk-346TGPVR.js.map
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  apiGet
3
- } from "./chunk-EJOI2ZGU.js";
3
+ } from "./chunk-CWFVBGX2.js";
4
4
  import {
5
5
  clearActiveOrg,
6
6
  isStale,
@@ -56,4 +56,4 @@ export {
56
56
  bootstrapActiveOrg,
57
57
  _resetRefreshAttempt
58
58
  };
59
- //# sourceMappingURL=chunk-2AM54TUK.js.map
59
+ //# sourceMappingURL=chunk-4UJATBTG.js.map
@@ -10,7 +10,7 @@ import {
10
10
  getDb,
11
11
  notificationPreferences,
12
12
  profiles
13
- } from "./chunk-F5DPTXRC.js";
13
+ } from "./chunk-YQFCUKNI.js";
14
14
 
15
15
  // src/lib/handlers/process-announcement.ts
16
16
  import { and, asc, eq, gt, isNotNull } from "drizzle-orm";
@@ -154,4 +154,4 @@ async function sendOne(args) {
154
154
  export {
155
155
  processAnnouncement
156
156
  };
157
- //# sourceMappingURL=chunk-RYMK7FQL.js.map
157
+ //# sourceMappingURL=chunk-5ZOLDIZQ.js.map
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  processConversationJob
3
- } from "./chunk-IWYCRLEK.js";
3
+ } from "./chunk-TDTHAOXO.js";
4
4
  import {
5
5
  apiPatch
6
- } from "./chunk-EJOI2ZGU.js";
6
+ } from "./chunk-CWFVBGX2.js";
7
7
 
8
8
  // src/lib/handlers/process-conversation.ts
9
9
  async function processConversation(payload, helpers) {
@@ -20,4 +20,4 @@ async function processConversation(payload, helpers) {
20
20
  export {
21
21
  processConversation
22
22
  };
23
- //# sourceMappingURL=chunk-BD7CY42U.js.map
23
+ //# sourceMappingURL=chunk-7DRLX3DN.js.map
@@ -5,7 +5,7 @@ import {
5
5
  getDb,
6
6
  sessionEvents,
7
7
  sessions
8
- } from "./chunk-F5DPTXRC.js";
8
+ } from "./chunk-YQFCUKNI.js";
9
9
 
10
10
  // src/lib/handlers/process-session-goal.ts
11
11
  import { eq, asc, sql } from "drizzle-orm";
@@ -52,4 +52,4 @@ async function processSessionGoal(payload, deps = {}) {
52
52
  export {
53
53
  processSessionGoal
54
54
  };
55
- //# sourceMappingURL=chunk-I4GHR6CY.js.map
55
+ //# sourceMappingURL=chunk-7XDWLJJP.js.map
@@ -1,36 +1,36 @@
1
1
  import {
2
2
  startTerminalTargetHeartbeat
3
- } from "./chunk-JX5UI6RW.js";
3
+ } from "./chunk-AUUHXCJU.js";
4
4
  import {
5
5
  processConversation
6
- } from "./chunk-BD7CY42U.js";
6
+ } from "./chunk-7DRLX3DN.js";
7
7
  import {
8
8
  processEval
9
- } from "./chunk-QJXAULRC.js";
9
+ } from "./chunk-OKCFYPIQ.js";
10
10
  import {
11
11
  processInsights
12
- } from "./chunk-EHABPBGH.js";
12
+ } from "./chunk-CCSR73HF.js";
13
13
  import {
14
14
  processLaunch
15
- } from "./chunk-XMWHTOCC.js";
15
+ } from "./chunk-IKEI4KNV.js";
16
16
  import {
17
17
  processRunCleanup
18
- } from "./chunk-VBOTWXJW.js";
18
+ } from "./chunk-DUR54APY.js";
19
19
  import {
20
20
  processSendMessage
21
21
  } from "./chunk-W53GKIZQ.js";
22
22
  import {
23
23
  processSessionGoal
24
- } from "./chunk-I4GHR6CY.js";
24
+ } from "./chunk-7XDWLJJP.js";
25
25
  import {
26
26
  cronRefreshSkills
27
27
  } from "./chunk-RQ2TMLKG.js";
28
28
  import {
29
29
  cronSuggestInstructions
30
- } from "./chunk-YBNW7ARH.js";
30
+ } from "./chunk-PHIAFGQ2.js";
31
31
  import {
32
32
  processAnnouncement
33
- } from "./chunk-RYMK7FQL.js";
33
+ } from "./chunk-5ZOLDIZQ.js";
34
34
  import {
35
35
  isPermanentJobError
36
36
  } from "./chunk-DGHWRQXL.js";
@@ -38,7 +38,7 @@ import {
38
38
  ApiError,
39
39
  apiGet,
40
40
  apiPost
41
- } from "./chunk-EJOI2ZGU.js";
41
+ } from "./chunk-CWFVBGX2.js";
42
42
 
43
43
  // src/lib/agent-loop.ts
44
44
  var HANDLERS = {
@@ -267,4 +267,4 @@ export {
267
267
  pollForWork,
268
268
  runAgentLoop
269
269
  };
270
- //# sourceMappingURL=chunk-E32IADV3.js.map
270
+ //# sourceMappingURL=chunk-AOIY5RT6.js.map
@@ -5,7 +5,7 @@ import {
5
5
  import {
6
6
  apiGet,
7
7
  apiPatch
8
- } from "./chunk-EJOI2ZGU.js";
8
+ } from "./chunk-CWFVBGX2.js";
9
9
 
10
10
  // src/lib/terminal-target-heartbeat.ts
11
11
  var DEFAULT_INTERVAL_MS = 6e4;
@@ -96,4 +96,4 @@ export {
96
96
  runOneHeartbeatCycle,
97
97
  startTerminalTargetHeartbeat
98
98
  };
99
- //# sourceMappingURL=chunk-JX5UI6RW.js.map
99
+ //# sourceMappingURL=chunk-AUUHXCJU.js.map
@@ -4,13 +4,13 @@ import {
4
4
  } from "./chunk-R56PH7YE.js";
5
5
  import {
6
6
  maybeRefreshActiveOrg
7
- } from "./chunk-2AM54TUK.js";
7
+ } from "./chunk-4UJATBTG.js";
8
8
  import {
9
9
  ApiError
10
- } from "./chunk-EJOI2ZGU.js";
10
+ } from "./chunk-CWFVBGX2.js";
11
11
  import {
12
12
  isAuthenticated
13
- } from "./chunk-KZRFUXGF.js";
13
+ } from "./chunk-W2YERO7E.js";
14
14
 
15
15
  // src/base-command.ts
16
16
  import { Command, Flags } from "@oclif/core";
@@ -60,4 +60,4 @@ ${banner}
60
60
  export {
61
61
  BaseCommand
62
62
  };
63
- //# sourceMappingURL=chunk-7DIWBTB5.js.map
63
+ //# sourceMappingURL=chunk-CB43W53J.js.map
@@ -15,7 +15,7 @@ import {
15
15
  apiGet,
16
16
  apiPatch,
17
17
  apiPost
18
- } from "./chunk-EJOI2ZGU.js";
18
+ } from "./chunk-CWFVBGX2.js";
19
19
 
20
20
  // src/lib/handlers/process-insights.ts
21
21
  async function processInsights(payload, helpers) {
@@ -240,4 +240,4 @@ async function buildDataSummaryFromApi(projectPath, projectId) {
240
240
  export {
241
241
  processInsights
242
242
  };
243
- //# sourceMappingURL=chunk-EHABPBGH.js.map
243
+ //# sourceMappingURL=chunk-CCSR73HF.js.map
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  ApiError,
3
3
  api
4
- } from "./chunk-EJOI2ZGU.js";
4
+ } from "./chunk-CWFVBGX2.js";
5
5
 
6
6
  // src/lib/antigravity-transcript.ts
7
7
  import { existsSync, mkdirSync, readFileSync, renameSync, rmdirSync, writeFileSync } from "node:fs";
@@ -304,4 +304,4 @@ export {
304
304
  tailAntigravityTranscript,
305
305
  stateApi
306
306
  };
307
- //# sourceMappingURL=chunk-EHZJ6OXD.js.map
307
+ //# sourceMappingURL=chunk-CGUV6TUA.js.map
@@ -1,6 +1,7 @@
1
1
  import {
2
+ loadEnvFileAuth,
2
3
  loadToken
3
- } from "./chunk-KZRFUXGF.js";
4
+ } from "./chunk-W2YERO7E.js";
4
5
 
5
6
  // src/lib/api-client.ts
6
7
  import { fileURLToPath } from "node:url";
@@ -32,7 +33,7 @@ var ApiError = class extends Error {
32
33
  }
33
34
  };
34
35
  function getBaseUrl() {
35
- const url = process.env.RULEMETRIC_API_URL ?? "http://localhost:3000";
36
+ const url = process.env.RULEMETRIC_API_URL ?? loadEnvFileAuth().apiUrl ?? "http://localhost:3000";
36
37
  const parsed = new URL(url);
37
38
  if (parsed.protocol === "http:" && parsed.hostname !== "localhost" && parsed.hostname !== "127.0.0.1") {
38
39
  throw new Error(`API URL must use HTTPS for non-localhost hosts: ${url}`);
@@ -47,15 +48,10 @@ async function api(path, options = {}) {
47
48
  "User-Agent": `rulemetric-cli/${version}`,
48
49
  ...options.headers
49
50
  };
50
- const apiKey = process.env.RULEMETRIC_API_KEY;
51
- if (apiKey) {
52
- headers["Authorization"] = `Bearer ${apiKey}`;
53
- }
54
- if (!apiKey) {
55
- const token = loadToken();
56
- if (token) {
57
- headers["Authorization"] = `Bearer ${token.accessToken}`;
58
- }
51
+ const envAuth = loadEnvFileAuth();
52
+ const bearer = process.env.RULEMETRIC_API_KEY || envAuth.apiKey || loadToken()?.accessToken || envAuth.accessToken;
53
+ if (bearer) {
54
+ headers["Authorization"] = `Bearer ${bearer}`;
59
55
  }
60
56
  const parsed = new URL(url);
61
57
  const isLocalhost = parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1";
@@ -106,4 +102,4 @@ export {
106
102
  apiPatch,
107
103
  apiDelete
108
104
  };
109
- //# sourceMappingURL=chunk-EJOI2ZGU.js.map
105
+ //# sourceMappingURL=chunk-CWFVBGX2.js.map
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../src/lib/api-client.ts"],
4
+ "sourcesContent": ["import { fileURLToPath } from 'node:url';\nimport { existsSync, readFileSync } from 'node:fs';\nimport { dirname, join } from 'node:path';\nimport { loadToken, loadEnvFileAuth } from './auth.js';\n\n/**\n * Read the CLI's own version. Walks up from this module's location to find\n * `@rulemetric/cli`'s package.json \u2014 robust whether running unbundled from\n * `src/lib/` (dev) or from a bundled chunk at a different `dist/` depth (prod),\n * where a fixed relative `../../package.json` would resolve to the wrong file.\n */\nfunction readCliVersion(): string {\n let dir = dirname(fileURLToPath(import.meta.url));\n for (let i = 0; i < 8; i++) {\n const pj = join(dir, 'package.json');\n if (existsSync(pj)) {\n try {\n const parsed = JSON.parse(readFileSync(pj, 'utf8')) as { name?: string; version?: string };\n if (parsed.name === '@rulemetric/cli' && parsed.version) return parsed.version;\n } catch {\n /* unreadable/parse error \u2014 keep walking up */\n }\n }\n const parent = dirname(dir);\n if (parent === dir) break;\n dir = parent;\n }\n return '0.0.0';\n}\n\nconst version = readCliVersion();\n\nexport class ApiError extends Error {\n constructor(\n public statusCode: number,\n message: string,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n}\n\ninterface ApiOptions {\n method?: string;\n body?: unknown;\n headers?: Record<string, string>;\n}\n\nfunction getBaseUrl(): string {\n // Additive fallback to the env file's URL so a key/token read from that same\n // file (see the auth header below) is sent to the SERVER it belongs to,\n // not the localhost default.\n const url = process.env.RULEMETRIC_API_URL ?? loadEnvFileAuth().apiUrl ?? 'http://localhost:3000';\n\n // Enforce HTTPS for non-localhost URLs\n const parsed = new URL(url);\n if (parsed.protocol === 'http:' && parsed.hostname !== 'localhost' && parsed.hostname !== '127.0.0.1') {\n throw new Error(`API URL must use HTTPS for non-localhost hosts: ${url}`);\n }\n\n return url;\n}\n\nexport async function api<T>(path: string, options: ApiOptions = {}): Promise<T> {\n const baseUrl = getBaseUrl();\n const url = `${baseUrl}${path}`;\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'User-Agent': `rulemetric-cli/${version}`,\n ...options.headers,\n };\n\n // Auth header resolution, first match wins:\n // 1. process.env.RULEMETRIC_API_KEY \u2014 exported long-lived key\n // 2. env-file RULEMETRIC_API_KEY \u2014 long-lived key on disk (create-key)\n // 3. auth.json OAuth accessToken \u2014 fresh right after `auth login`\n // 4. env-file RULEMETRIC_ACCESS_TOKEN \u2014 token persisted by login\n // The long-lived API key is preferred over the OAuth token because the latter\n // EXPIRES \u2014 auth.json can hold a stale token, so trying it first would 401\n // (\"Session expired\") even when a valid key sits right there in the env file.\n const envAuth = loadEnvFileAuth();\n const bearer =\n process.env.RULEMETRIC_API_KEY ||\n envAuth.apiKey ||\n loadToken()?.accessToken ||\n envAuth.accessToken;\n if (bearer) {\n headers['Authorization'] = `Bearer ${bearer}`;\n }\n\n // Bypass proxy for localhost API calls \u2014 HTTPS_PROXY is for Claude Code \u2192 Anthropic,\n // not for CLI \u2192 local API. Node.js fetch doesn't respect NO_PROXY reliably, so we\n // temporarily unset the proxy env vars for localhost calls.\n const parsed = new URL(url);\n const isLocalhost = parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1';\n const savedProxy = process.env.HTTPS_PROXY;\n const savedHttpProxy = process.env.HTTP_PROXY;\n if (isLocalhost) {\n delete process.env.HTTPS_PROXY;\n delete process.env.HTTP_PROXY;\n }\n\n let response: Response;\n try {\n response = await fetch(url, {\n method: options.method ?? 'GET',\n headers,\n body: options.body ? JSON.stringify(options.body) : undefined,\n });\n } finally {\n // Restore proxy vars so claude -p calls still route through the proxy\n if (isLocalhost) {\n if (savedProxy !== undefined) process.env.HTTPS_PROXY = savedProxy;\n if (savedHttpProxy !== undefined) process.env.HTTP_PROXY = savedHttpProxy;\n }\n }\n\n let responseBody: unknown;\n const contentType = response.headers.get('content-type');\n if (contentType?.includes('application/json')) {\n responseBody = await response.json();\n } else {\n responseBody = await response.text();\n }\n\n if (!response.ok) {\n // Extract only the error message, not the full response body\n const message =\n responseBody && typeof responseBody === 'object' && 'error' in responseBody\n ? String((responseBody as { error: string }).error)\n : `HTTP ${response.status}`;\n throw new ApiError(response.status, message);\n }\n\n return responseBody as T;\n}\n\nexport const apiGet = <T>(path: string): Promise<T> => api<T>(path);\nexport const apiPost = <T>(path: string, body: unknown): Promise<T> => api<T>(path, { method: 'POST', body });\nexport const apiPut = <T>(path: string, body: unknown): Promise<T> => api<T>(path, { method: 'PUT', body });\nexport const apiPatch = <T>(path: string, body: unknown): Promise<T> => api<T>(path, { method: 'PATCH', body });\nexport const apiDelete = <T>(path: string): Promise<T> => api<T>(path, { method: 'DELETE' });\n"],
5
+ "mappings": ";;;;;;AAAA,SAAS,qBAAqB;AAC9B,SAAS,YAAY,oBAAoB;AACzC,SAAS,SAAS,YAAY;AAS9B,SAAS,iBAAyB;AAChC,MAAI,MAAM,QAAQ,cAAc,YAAY,GAAG,CAAC;AAChD,WAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAC1B,UAAM,KAAK,KAAK,KAAK,cAAc;AACnC,QAAI,WAAW,EAAE,GAAG;AAClB,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC;AAClD,YAAI,OAAO,SAAS,qBAAqB,OAAO,QAAS,QAAO,OAAO;AAAA,MACzE,QAAQ;AAAA,MAER;AAAA,IACF;AACA,UAAM,SAAS,QAAQ,GAAG;AAC1B,QAAI,WAAW,IAAK;AACpB,UAAM;AAAA,EACR;AACA,SAAO;AACT;AAEA,IAAM,UAAU,eAAe;AAExB,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YACS,YACP,SACA;AACA,UAAM,OAAO;AAHN;AAIP,SAAK,OAAO;AAAA,EACd;AACF;AAQA,SAAS,aAAqB;AAI5B,QAAM,MAAM,QAAQ,IAAI,sBAAsB,gBAAgB,EAAE,UAAU;AAG1E,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,WAAW,OAAO,aAAa,eAAe,OAAO,aAAa,aAAa;AACrG,UAAM,IAAI,MAAM,mDAAmD,GAAG,EAAE;AAAA,EAC1E;AAEA,SAAO;AACT;AAEA,eAAsB,IAAO,MAAc,UAAsB,CAAC,GAAe;AAC/E,QAAM,UAAU,WAAW;AAC3B,QAAM,MAAM,GAAG,OAAO,GAAG,IAAI;AAE7B,QAAM,UAAkC;AAAA,IACtC,gBAAgB;AAAA,IAChB,cAAc,kBAAkB,OAAO;AAAA,IACvC,GAAG,QAAQ;AAAA,EACb;AAUA,QAAM,UAAU,gBAAgB;AAChC,QAAM,SACJ,QAAQ,IAAI,sBACZ,QAAQ,UACR,UAAU,GAAG,eACb,QAAQ;AACV,MAAI,QAAQ;AACV,YAAQ,eAAe,IAAI,UAAU,MAAM;AAAA,EAC7C;AAKA,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,QAAM,cAAc,OAAO,aAAa,eAAe,OAAO,aAAa;AAC3E,QAAM,aAAa,QAAQ,IAAI;AAC/B,QAAM,iBAAiB,QAAQ,IAAI;AACnC,MAAI,aAAa;AACf,WAAO,QAAQ,IAAI;AACnB,WAAO,QAAQ,IAAI;AAAA,EACrB;AAEA,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,MAAM,KAAK;AAAA,MAC1B,QAAQ,QAAQ,UAAU;AAAA,MAC1B;AAAA,MACA,MAAM,QAAQ,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,IACtD,CAAC;AAAA,EACH,UAAE;AAEA,QAAI,aAAa;AACf,UAAI,eAAe,OAAW,SAAQ,IAAI,cAAc;AACxD,UAAI,mBAAmB,OAAW,SAAQ,IAAI,aAAa;AAAA,IAC7D;AAAA,EACF;AAEA,MAAI;AACJ,QAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,MAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,mBAAe,MAAM,SAAS,KAAK;AAAA,EACrC,OAAO;AACL,mBAAe,MAAM,SAAS,KAAK;AAAA,EACrC;AAEA,MAAI,CAAC,SAAS,IAAI;AAEhB,UAAM,UACJ,gBAAgB,OAAO,iBAAiB,YAAY,WAAW,eAC3D,OAAQ,aAAmC,KAAK,IAChD,QAAQ,SAAS,MAAM;AAC7B,UAAM,IAAI,SAAS,SAAS,QAAQ,OAAO;AAAA,EAC7C;AAEA,SAAO;AACT;AAEO,IAAM,SAAS,CAAI,SAA6B,IAAO,IAAI;AAC3D,IAAM,UAAU,CAAI,MAAc,SAA8B,IAAO,MAAM,EAAE,QAAQ,QAAQ,KAAK,CAAC;AACrG,IAAM,SAAS,CAAI,MAAc,SAA8B,IAAO,MAAM,EAAE,QAAQ,OAAO,KAAK,CAAC;AACnG,IAAM,WAAW,CAAI,MAAc,SAA8B,IAAO,MAAM,EAAE,QAAQ,SAAS,KAAK,CAAC;AACvG,IAAM,YAAY,CAAI,SAA6B,IAAO,MAAM,EAAE,QAAQ,SAAS,CAAC;",
6
+ "names": []
7
+ }
@@ -8,7 +8,7 @@ import {
8
8
  agentRuns,
9
9
  getDb,
10
10
  sessions
11
- } from "./chunk-F5DPTXRC.js";
11
+ } from "./chunk-YQFCUKNI.js";
12
12
 
13
13
  // src/lib/handlers/process-run-cleanup.ts
14
14
  import { and, eq, isNotNull } from "drizzle-orm";
@@ -96,4 +96,4 @@ async function processRunCleanup(payload, deps = {}) {
96
96
  export {
97
97
  processRunCleanup
98
98
  };
99
- //# sourceMappingURL=chunk-VBOTWXJW.js.map
99
+ //# sourceMappingURL=chunk-DUR54APY.js.map
@@ -6,7 +6,7 @@ import {
6
6
  } from "./chunk-DGHWRQXL.js";
7
7
  import {
8
8
  apiPatch
9
- } from "./chunk-EJOI2ZGU.js";
9
+ } from "./chunk-CWFVBGX2.js";
10
10
 
11
11
  // src/lib/handlers/process-launch.ts
12
12
  async function resolveWorktreeForLaunch(config) {
@@ -58,4 +58,4 @@ export {
58
58
  resolveWorktreeForLaunch,
59
59
  processLaunch
60
60
  };
61
- //# sourceMappingURL=chunk-XMWHTOCC.js.map
61
+ //# sourceMappingURL=chunk-IKEI4KNV.js.map
@@ -8,7 +8,7 @@ import {
8
8
  import {
9
9
  announcements,
10
10
  getDb
11
- } from "./chunk-F5DPTXRC.js";
11
+ } from "./chunk-YQFCUKNI.js";
12
12
 
13
13
  // src/lib/handlers/process-changelog.ts
14
14
  import * as fs from "node:fs/promises";
@@ -119,4 +119,4 @@ async function processChangelog(deps = {}) {
119
119
  export {
120
120
  processChangelog
121
121
  };
122
- //# sourceMappingURL=chunk-OWUS3HMA.js.map
122
+ //# sourceMappingURL=chunk-IVOCDHWA.js.map
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  ApiError,
3
3
  apiPost
4
- } from "./chunk-EJOI2ZGU.js";
4
+ } from "./chunk-CWFVBGX2.js";
5
5
 
6
6
  // src/lib/research-client.ts
7
7
  function serializeDate(v) {
@@ -46,4 +46,4 @@ export {
46
46
  postObservation,
47
47
  postObservations
48
48
  };
49
- //# sourceMappingURL=chunk-UF73WX2J.js.map
49
+ //# sourceMappingURL=chunk-OAQG5WBV.js.map
@@ -17,7 +17,7 @@ import {
17
17
  apiGet,
18
18
  apiPatch,
19
19
  apiPost
20
- } from "./chunk-EJOI2ZGU.js";
20
+ } from "./chunk-CWFVBGX2.js";
21
21
 
22
22
  // src/lib/handlers/process-eval.ts
23
23
  async function processEval(payload, helpers) {
@@ -188,4 +188,4 @@ function buildSummary(results) {
188
188
  export {
189
189
  processEval
190
190
  };
191
- //# sourceMappingURL=chunk-QJXAULRC.js.map
191
+ //# sourceMappingURL=chunk-OKCFYPIQ.js.map
@@ -14,7 +14,7 @@ import {
14
14
  import {
15
15
  apiGet,
16
16
  apiPost
17
- } from "./chunk-EJOI2ZGU.js";
17
+ } from "./chunk-CWFVBGX2.js";
18
18
 
19
19
  // src/lib/handlers/cron-suggest-instructions.ts
20
20
  import { readFileSync } from "node:fs";
@@ -164,4 +164,4 @@ var cronSuggestInstructions = async (_payload, helpers) => {
164
164
  export {
165
165
  cronSuggestInstructions
166
166
  };
167
- //# sourceMappingURL=chunk-YBNW7ARH.js.map
167
+ //# sourceMappingURL=chunk-PHIAFGQ2.js.map
@@ -10,7 +10,7 @@ import {
10
10
  import {
11
11
  apiGet,
12
12
  apiPost
13
- } from "./chunk-EJOI2ZGU.js";
13
+ } from "./chunk-CWFVBGX2.js";
14
14
 
15
15
  // src/lib/eval-conversation-handler.ts
16
16
  async function processConversationJob(jobConfig, evalTargetId, logger) {
@@ -217,4 +217,4 @@ async function handleAnalyzeAndPropose(target, evalCases, messages, userFeedback
217
217
  export {
218
218
  processConversationJob
219
219
  };
220
- //# sourceMappingURL=chunk-IWYCRLEK.js.map
220
+ //# sourceMappingURL=chunk-TDTHAOXO.js.map
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  apiGet,
3
3
  apiPost
4
- } from "./chunk-EJOI2ZGU.js";
4
+ } from "./chunk-CWFVBGX2.js";
5
5
 
6
6
  // src/lib/eval-benchmark.ts
7
7
  function computeStats(values) {
@@ -89,4 +89,4 @@ export {
89
89
  aggregateBenchmark,
90
90
  postBenchmark
91
91
  };
92
- //# sourceMappingURL=chunk-PQU7GZ7A.js.map
92
+ //# sourceMappingURL=chunk-TJ2M5QVL.js.map
@@ -5,6 +5,27 @@ import * as os from "node:os";
5
5
  function getConfigDir() {
6
6
  return process.env.RULEMETRIC_CONFIG_DIR || path.join(os.homedir(), ".config", "rulemetric");
7
7
  }
8
+ var _envFileAuthCache;
9
+ function loadEnvFileAuth() {
10
+ if (_envFileAuthCache !== void 0) return _envFileAuthCache;
11
+ try {
12
+ const envPath = path.join(getConfigDir(), "env");
13
+ if (!fs.existsSync(envPath)) return _envFileAuthCache = {};
14
+ const content = fs.readFileSync(envPath, "utf-8");
15
+ const read = (key) => content.match(new RegExp(`^${key}=(.+)$`, "m"))?.[1]?.trim();
16
+ _envFileAuthCache = {
17
+ apiKey: read("RULEMETRIC_API_KEY"),
18
+ accessToken: read("RULEMETRIC_ACCESS_TOKEN"),
19
+ apiUrl: read("RULEMETRIC_API_URL")
20
+ };
21
+ return _envFileAuthCache;
22
+ } catch {
23
+ return _envFileAuthCache = {};
24
+ }
25
+ }
26
+ function __resetEnvFileAuthCache() {
27
+ _envFileAuthCache = void 0;
28
+ }
8
29
  function createAuthStore(configDir = getConfigDir()) {
9
30
  const authFile = path.join(configDir, "auth.json");
10
31
  function saveToken2(token) {
@@ -114,7 +135,9 @@ function clearToken() {
114
135
  }
115
136
  function isAuthenticated() {
116
137
  if (process.env.RULEMETRIC_API_KEY) return true;
117
- return getStore().isAuthenticated();
138
+ if (getStore().isAuthenticated()) return true;
139
+ const envAuth = loadEnvFileAuth();
140
+ return Boolean(envAuth.apiKey || envAuth.accessToken);
118
141
  }
119
142
  function saveEnvFile(accessToken, apiUrl) {
120
143
  getStore().saveEnvFile(accessToken, apiUrl);
@@ -131,6 +154,8 @@ function getDefaultConfigDir() {
131
154
  var CONFIG_DIR = getConfigDir();
132
155
 
133
156
  export {
157
+ loadEnvFileAuth,
158
+ __resetEnvFileAuthCache,
134
159
  createAuthStore,
135
160
  saveToken,
136
161
  loadToken,
@@ -142,4 +167,4 @@ export {
142
167
  getDefaultConfigDir,
143
168
  CONFIG_DIR
144
169
  };
145
- //# sourceMappingURL=chunk-KZRFUXGF.js.map
170
+ //# sourceMappingURL=chunk-W2YERO7E.js.map
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../src/lib/auth.ts"],
4
+ "sourcesContent": ["import * as fs from 'node:fs';\nimport * as path from 'node:path';\nimport * as os from 'node:os';\n\nexport interface AuthToken {\n accessToken: string;\n refreshToken: string;\n expiresAt: string;\n email: string;\n}\n\nfunction getConfigDir(): string {\n return process.env.RULEMETRIC_CONFIG_DIR || path.join(os.homedir(), '.config', 'rulemetric');\n}\n\nexport interface EnvFileAuth {\n apiKey?: string;\n accessToken?: string;\n apiUrl?: string;\n}\n\n// Read credentials persisted in ~/.config/rulemetric/env (written by `auth login`\n// / `auth create-key`). The interactive Node CLI does NOT source this file into\n// process.env the way the bash hooks do, so WITHOUT this the CLI reports \"Not\n// logged in\" from any shell that hasn't exported the vars \u2014 even though valid\n// long-lived creds are on disk (this is the documented #2 credential source in\n// CLAUDE.md). Consulted ONLY as an additive fallback, after process.env +\n// auth.json, so it can never regress an already-working auth path. Cached per\n// process (config is read once; a login within the same process is rare and can\n// re-read via the explicit save paths).\nlet _envFileAuthCache: EnvFileAuth | undefined;\nexport function loadEnvFileAuth(): EnvFileAuth {\n if (_envFileAuthCache !== undefined) return _envFileAuthCache;\n try {\n const envPath = path.join(getConfigDir(), 'env');\n if (!fs.existsSync(envPath)) return (_envFileAuthCache = {});\n const content = fs.readFileSync(envPath, 'utf-8');\n const read = (key: string): string | undefined =>\n content.match(new RegExp(`^${key}=(.+)$`, 'm'))?.[1]?.trim();\n _envFileAuthCache = {\n apiKey: read('RULEMETRIC_API_KEY'),\n accessToken: read('RULEMETRIC_ACCESS_TOKEN'),\n apiUrl: read('RULEMETRIC_API_URL'),\n };\n return _envFileAuthCache;\n } catch {\n return (_envFileAuthCache = {});\n }\n}\n\n/** Test-only: drop the env-file auth cache so a test can change the file. */\nexport function __resetEnvFileAuthCache(): void {\n _envFileAuthCache = undefined;\n}\n\nexport function createAuthStore(configDir: string = getConfigDir()) {\n const authFile = path.join(configDir, 'auth.json');\n\n function saveToken(token: AuthToken): void {\n fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });\n fs.writeFileSync(authFile, JSON.stringify(token, null, 2), {\n encoding: 'utf-8',\n mode: 0o600,\n });\n }\n\n function loadToken(): AuthToken | null {\n try {\n const data = fs.readFileSync(authFile, 'utf-8');\n const parsed: unknown = JSON.parse(data);\n if (\n parsed &&\n typeof parsed === 'object' &&\n 'accessToken' in parsed &&\n 'expiresAt' in parsed &&\n 'email' in parsed &&\n typeof (parsed as AuthToken).accessToken === 'string' &&\n typeof (parsed as AuthToken).expiresAt === 'string'\n ) {\n return parsed as AuthToken;\n }\n return null;\n } catch {\n return null;\n }\n }\n\n function clearToken(): void {\n try {\n fs.unlinkSync(authFile);\n } catch {\n // File doesn't exist, nothing to clear\n }\n }\n\n function isAuthenticated(): boolean {\n const token = loadToken();\n if (!token) return false;\n const expiresAt = new Date(token.expiresAt).getTime();\n if (Number.isNaN(expiresAt)) return false;\n return Date.now() < expiresAt;\n }\n\n function saveEnvFile(accessToken: string, apiUrl?: string): void {\n fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });\n const envPath = path.join(configDir, 'env');\n\n // Preserve existing RULEMETRIC_API_KEY if present\n let existingApiKey = '';\n try {\n const existing = fs.readFileSync(envPath, 'utf-8');\n const match = existing.match(/^RULEMETRIC_API_KEY=(.+)$/m);\n if (match) existingApiKey = match[1];\n } catch { /* file doesn't exist */ }\n\n const lines = [\n `RULEMETRIC_ACCESS_TOKEN=${accessToken}`,\n ];\n if (existingApiKey) {\n lines.push(`RULEMETRIC_API_KEY=${existingApiKey}`);\n }\n if (apiUrl) {\n lines.push(`RULEMETRIC_API_URL=${apiUrl}`);\n }\n\n fs.writeFileSync(envPath, lines.join('\\n') + '\\n', {\n encoding: 'utf-8',\n mode: 0o600,\n });\n }\n\n function saveApiKeyToEnv(apiKey: string, apiUrl?: string): void {\n fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });\n const envPath = path.join(configDir, 'env');\n\n // Preserve existing ACCESS_TOKEN if present\n let existingToken = '';\n let existingUrl = '';\n try {\n const existing = fs.readFileSync(envPath, 'utf-8');\n const tokenMatch = existing.match(/^RULEMETRIC_ACCESS_TOKEN=(.+)$/m);\n if (tokenMatch) existingToken = tokenMatch[1];\n const urlMatch = existing.match(/^RULEMETRIC_API_URL=(.+)$/m);\n if (urlMatch) existingUrl = urlMatch[1];\n } catch { /* file doesn't exist */ }\n\n const lines = [\n `RULEMETRIC_API_KEY=${apiKey}`,\n ];\n if (existingToken) {\n lines.push(`RULEMETRIC_ACCESS_TOKEN=${existingToken}`);\n }\n const url = apiUrl ?? existingUrl;\n if (url) {\n lines.push(`RULEMETRIC_API_URL=${url}`);\n }\n\n fs.writeFileSync(envPath, lines.join('\\n') + '\\n', {\n encoding: 'utf-8',\n mode: 0o600,\n });\n }\n\n function clearEnvFile(): void {\n const envPath = path.join(configDir, 'env');\n try { fs.unlinkSync(envPath); } catch { /* noop */ }\n }\n\n return { saveToken, loadToken, clearToken, isAuthenticated, saveEnvFile, saveApiKeyToEnv, clearEnvFile, configDir, authFile };\n}\n\n// Lazy accessors \u2014 re-evaluate config dir from env on each call\nfunction getStore() {\n return createAuthStore();\n}\n\nexport function saveToken(token: AuthToken): void { getStore().saveToken(token); }\nexport function loadToken(): AuthToken | null { return getStore().loadToken(); }\nexport function clearToken(): void { getStore().clearToken(); }\nexport function isAuthenticated(): boolean {\n // API key counts as authenticated\n if (process.env.RULEMETRIC_API_KEY) return true;\n if (getStore().isAuthenticated()) return true;\n // Additive fallback: creds persisted in the env file by `auth login` /\n // `create-key` (not exported to process.env in a plain interactive shell,\n // and the OAuth auth.json may be expired, but the API key is long-lived).\n const envAuth = loadEnvFileAuth();\n return Boolean(envAuth.apiKey || envAuth.accessToken);\n}\nexport function saveEnvFile(accessToken: string, apiUrl?: string): void { getStore().saveEnvFile(accessToken, apiUrl); }\nexport function saveApiKey(apiKey: string, apiUrl?: string): void { getStore().saveApiKeyToEnv(apiKey, apiUrl); }\nexport function clearEnvFile(): void { getStore().clearEnvFile(); }\nexport function getDefaultConfigDir(): string { return getConfigDir(); }\n// Re-exported for backward compat (evaluated at import time; prefer getDefaultConfigDir() for dynamic usage)\nexport const CONFIG_DIR = getConfigDir();\n"],
5
+ "mappings": ";AAAA,YAAY,QAAQ;AACpB,YAAY,UAAU;AACtB,YAAY,QAAQ;AASpB,SAAS,eAAuB;AAC9B,SAAO,QAAQ,IAAI,yBAA8B,UAAQ,WAAQ,GAAG,WAAW,YAAY;AAC7F;AAiBA,IAAI;AACG,SAAS,kBAA+B;AAC7C,MAAI,sBAAsB,OAAW,QAAO;AAC5C,MAAI;AACF,UAAM,UAAe,UAAK,aAAa,GAAG,KAAK;AAC/C,QAAI,CAAI,cAAW,OAAO,EAAG,QAAQ,oBAAoB,CAAC;AAC1D,UAAM,UAAa,gBAAa,SAAS,OAAO;AAChD,UAAM,OAAO,CAAC,QACZ,QAAQ,MAAM,IAAI,OAAO,IAAI,GAAG,UAAU,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK;AAC7D,wBAAoB;AAAA,MAClB,QAAQ,KAAK,oBAAoB;AAAA,MACjC,aAAa,KAAK,yBAAyB;AAAA,MAC3C,QAAQ,KAAK,oBAAoB;AAAA,IACnC;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAQ,oBAAoB,CAAC;AAAA,EAC/B;AACF;AAGO,SAAS,0BAAgC;AAC9C,sBAAoB;AACtB;AAEO,SAAS,gBAAgB,YAAoB,aAAa,GAAG;AAClE,QAAM,WAAgB,UAAK,WAAW,WAAW;AAEjD,WAASA,WAAU,OAAwB;AACzC,IAAG,aAAU,WAAW,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACxD,IAAG,iBAAc,UAAU,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG;AAAA,MACzD,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,WAASC,aAA8B;AACrC,QAAI;AACF,YAAM,OAAU,gBAAa,UAAU,OAAO;AAC9C,YAAM,SAAkB,KAAK,MAAM,IAAI;AACvC,UACE,UACA,OAAO,WAAW,YAClB,iBAAiB,UACjB,eAAe,UACf,WAAW,UACX,OAAQ,OAAqB,gBAAgB,YAC7C,OAAQ,OAAqB,cAAc,UAC3C;AACA,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,WAASC,cAAmB;AAC1B,QAAI;AACF,MAAG,cAAW,QAAQ;AAAA,IACxB,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,WAASC,mBAA2B;AAClC,UAAM,QAAQF,WAAU;AACxB,QAAI,CAAC,MAAO,QAAO;AACnB,UAAM,YAAY,IAAI,KAAK,MAAM,SAAS,EAAE,QAAQ;AACpD,QAAI,OAAO,MAAM,SAAS,EAAG,QAAO;AACpC,WAAO,KAAK,IAAI,IAAI;AAAA,EACtB;AAEA,WAASG,aAAY,aAAqB,QAAuB;AAC/D,IAAG,aAAU,WAAW,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACxD,UAAM,UAAe,UAAK,WAAW,KAAK;AAG1C,QAAI,iBAAiB;AACrB,QAAI;AACF,YAAM,WAAc,gBAAa,SAAS,OAAO;AACjD,YAAM,QAAQ,SAAS,MAAM,4BAA4B;AACzD,UAAI,MAAO,kBAAiB,MAAM,CAAC;AAAA,IACrC,QAAQ;AAAA,IAA2B;AAEnC,UAAM,QAAQ;AAAA,MACZ,2BAA2B,WAAW;AAAA,IACxC;AACA,QAAI,gBAAgB;AAClB,YAAM,KAAK,sBAAsB,cAAc,EAAE;AAAA,IACnD;AACA,QAAI,QAAQ;AACV,YAAM,KAAK,sBAAsB,MAAM,EAAE;AAAA,IAC3C;AAEA,IAAG,iBAAc,SAAS,MAAM,KAAK,IAAI,IAAI,MAAM;AAAA,MACjD,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,WAAS,gBAAgB,QAAgB,QAAuB;AAC9D,IAAG,aAAU,WAAW,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACxD,UAAM,UAAe,UAAK,WAAW,KAAK;AAG1C,QAAI,gBAAgB;AACpB,QAAI,cAAc;AAClB,QAAI;AACF,YAAM,WAAc,gBAAa,SAAS,OAAO;AACjD,YAAM,aAAa,SAAS,MAAM,iCAAiC;AACnE,UAAI,WAAY,iBAAgB,WAAW,CAAC;AAC5C,YAAM,WAAW,SAAS,MAAM,4BAA4B;AAC5D,UAAI,SAAU,eAAc,SAAS,CAAC;AAAA,IACxC,QAAQ;AAAA,IAA2B;AAEnC,UAAM,QAAQ;AAAA,MACZ,sBAAsB,MAAM;AAAA,IAC9B;AACA,QAAI,eAAe;AACjB,YAAM,KAAK,2BAA2B,aAAa,EAAE;AAAA,IACvD;AACA,UAAM,MAAM,UAAU;AACtB,QAAI,KAAK;AACP,YAAM,KAAK,sBAAsB,GAAG,EAAE;AAAA,IACxC;AAEA,IAAG,iBAAc,SAAS,MAAM,KAAK,IAAI,IAAI,MAAM;AAAA,MACjD,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,WAASC,gBAAqB;AAC5B,UAAM,UAAe,UAAK,WAAW,KAAK;AAC1C,QAAI;AAAE,MAAG,cAAW,OAAO;AAAA,IAAG,QAAQ;AAAA,IAAa;AAAA,EACrD;AAEA,SAAO,EAAE,WAAAL,YAAW,WAAAC,YAAW,YAAAC,aAAY,iBAAAC,kBAAiB,aAAAC,cAAa,iBAAiB,cAAAC,eAAc,WAAW,SAAS;AAC9H;AAGA,SAAS,WAAW;AAClB,SAAO,gBAAgB;AACzB;AAEO,SAAS,UAAU,OAAwB;AAAE,WAAS,EAAE,UAAU,KAAK;AAAG;AAC1E,SAAS,YAA8B;AAAE,SAAO,SAAS,EAAE,UAAU;AAAG;AACxE,SAAS,aAAmB;AAAE,WAAS,EAAE,WAAW;AAAG;AACvD,SAAS,kBAA2B;AAEzC,MAAI,QAAQ,IAAI,mBAAoB,QAAO;AAC3C,MAAI,SAAS,EAAE,gBAAgB,EAAG,QAAO;AAIzC,QAAM,UAAU,gBAAgB;AAChC,SAAO,QAAQ,QAAQ,UAAU,QAAQ,WAAW;AACtD;AACO,SAAS,YAAY,aAAqB,QAAuB;AAAE,WAAS,EAAE,YAAY,aAAa,MAAM;AAAG;AAChH,SAAS,WAAW,QAAgB,QAAuB;AAAE,WAAS,EAAE,gBAAgB,QAAQ,MAAM;AAAG;AACzG,SAAS,eAAqB;AAAE,WAAS,EAAE,aAAa;AAAG;AAC3D,SAAS,sBAA8B;AAAE,SAAO,aAAa;AAAG;AAEhE,IAAM,aAAa,aAAa;",
6
+ "names": ["saveToken", "loadToken", "clearToken", "isAuthenticated", "saveEnvFile", "clearEnvFile"]
7
+ }
@@ -1524,6 +1524,29 @@ async function withDbRetry(fn, opts = {}) {
1524
1524
  }
1525
1525
  throw lastErr;
1526
1526
  }
1527
+ var QueryDeadlineError = class extends Error {
1528
+ code = "QUERY_DEADLINE";
1529
+ constructor(ms) {
1530
+ super(`Query exceeded the client-side deadline of ${ms}ms \u2014 the DB pool is likely saturated (acquire-wait) or holding a dead socket; failing fast to avoid pinning the caller. See client.ts.`);
1531
+ this.name = "QueryDeadlineError";
1532
+ }
1533
+ };
1534
+ function queryDeadlineMs() {
1535
+ const explicit = Number(process.env.PG_QUERY_DEADLINE_MS);
1536
+ if (Number.isFinite(explicit) && explicit >= 0)
1537
+ return explicit;
1538
+ return 2e4;
1539
+ }
1540
+ function raceWithDeadline(p, ms) {
1541
+ let timer;
1542
+ const deadline = new Promise((_, reject) => {
1543
+ timer = setTimeout(() => reject(new QueryDeadlineError(ms)), ms);
1544
+ const t = timer;
1545
+ if (typeof t.unref === "function")
1546
+ t.unref();
1547
+ });
1548
+ return Promise.race([p, deadline]).finally(() => clearTimeout(timer));
1549
+ }
1527
1550
  var RETRY_ENTRY_METHODS = /* @__PURE__ */ new Set([
1528
1551
  "select",
1529
1552
  "selectDistinct",
@@ -1542,7 +1565,7 @@ var READ_ONLY_ENTRY_METHODS = /* @__PURE__ */ new Set([
1542
1565
  "selectDistinctOn",
1543
1566
  "$count"
1544
1567
  ]);
1545
- function wrapBuilder(value, readSafe = false) {
1568
+ function wrapBuilder(value, readSafe = false, deadlineMs = 0) {
1546
1569
  if (value === null || typeof value !== "object" && typeof value !== "function") {
1547
1570
  return value;
1548
1571
  }
@@ -1554,12 +1577,14 @@ function wrapBuilder(value, readSafe = false) {
1554
1577
  return then;
1555
1578
  return (onFulfilled, onRejected) => {
1556
1579
  trackDbOpStart();
1557
- return withDbRetry(() => new Promise((resolve, reject) => then.call(target, resolve, reject)), { retryResets: readSafe }).finally(trackDbOpEnd).then(onFulfilled, onRejected);
1580
+ const exec = withDbRetry(() => new Promise((resolve, reject) => then.call(target, resolve, reject)), { retryResets: readSafe });
1581
+ const guarded = deadlineMs > 0 ? raceWithDeadline(exec, deadlineMs) : exec;
1582
+ return guarded.finally(trackDbOpEnd).then(onFulfilled, onRejected);
1558
1583
  };
1559
1584
  }
1560
1585
  const v = Reflect.get(target, prop, receiver);
1561
1586
  if (typeof v === "function") {
1562
- return (...args) => wrapBuilder(v.apply(target, args), readSafe);
1587
+ return (...args) => wrapBuilder(v.apply(target, args), readSafe, deadlineMs);
1563
1588
  }
1564
1589
  return v;
1565
1590
  }
@@ -1580,7 +1605,8 @@ var db = new Proxy({}, {
1580
1605
  const value = real4[prop];
1581
1606
  if (typeof prop === "string" && RETRY_ENTRY_METHODS.has(prop) && typeof value === "function") {
1582
1607
  const readSafe = READ_ONLY_ENTRY_METHODS.has(prop);
1583
- return (...args) => wrapBuilder(value.apply(real4, args), readSafe);
1608
+ const deadlineMs = queryDeadlineMs();
1609
+ return (...args) => wrapBuilder(value.apply(real4, args), readSafe, deadlineMs);
1584
1610
  }
1585
1611
  if (prop === "transaction" && typeof value === "function") {
1586
1612
  return (...args) => gaugeTransaction(() => value.apply(real4, args));
@@ -1621,4 +1647,4 @@ export {
1621
1647
  getDb,
1622
1648
  closeDb
1623
1649
  };
1624
- //# sourceMappingURL=chunk-F5DPTXRC.js.map
1650
+ //# sourceMappingURL=chunk-YQFCUKNI.js.map