@rynfar/meridian 1.41.0 → 1.42.0

package/dist/cli.js

@@ -1,13 +1,13 @@
 #!/usr/bin/env node
 import {
   startProxyServer
-} from "./cli-swjr844z.js";
-import"./cli-vdp9s10c.js";
+} from "./cli-kvwnarfk.js";
+import"./cli-cx463q74.js";
 import"./cli-sry5aqdj.js";
 import"./cli-4rqtm83g.js";
 import"./cli-340h1chz.js";
 import"./cli-rtab0qa6.js";
-import"./cli-0eky480v.js";
+import"./cli-7k1fcprd.js";
 import {
   __require
 } from "./cli-p9swy5t3.js";
@@ -50,12 +50,18 @@ See https://github.com/rynfar/meridian for full documentation.`);
   process.exit(0);
 }
 if (args[0] === "profile") {
-  const { profileAdd, profileList, profileRemove, profileSwitch, profileLogin, profileHelp } = await import("./profileCli-5f15dx7k.js");
+  const { profileAdd, profileAddOauthToken, profileList, profileRemove, profileSwitch, profileLogin, profileHelp } = await import("./profileCli-wpb4qbjn.js");
   const subcommand = args[1];
   const profileId = args[2];
-  if (subcommand === "add" && profileId)
-    profileAdd(profileId);
-  else if (subcommand === "list" || subcommand === "ls")
+  if (subcommand === "add" && profileId) {
+    const oauthFlagIdx = args.indexOf("--oauth-token", 3);
+    if (oauthFlagIdx >= 0) {
+      const tokenArg = args[oauthFlagIdx + 1];
+      await profileAddOauthToken(profileId, tokenArg);
+    } else {
+      profileAdd(profileId);
+    }
+  } else if (subcommand === "list" || subcommand === "ls")
     profileList();
   else if (subcommand === "remove" && profileId)
     profileRemove(profileId);
@@ -89,7 +95,7 @@ Restart OpenCode for the plugin to take effect.`);
   process.exit(0);
 }
 if (args[0] === "refresh-token") {
-  const { refreshOAuthToken } = await import("./tokenRefresh-3kh1e8q8.js");
+  const { refreshOAuthToken } = await import("./tokenRefresh-swetnf89.js");
   const success = await refreshOAuthToken();
   if (success) {
     console.log("Token refreshed successfully");
@@ -147,7 +153,7 @@ async function runCli(start = startProxyServer, runExec = exec) {
     console.error("\x1B[33m⚠ Could not verify Claude auth status. If requests fail, run: claude login\x1B[0m");
   }
   if (!profiles) {
-    const { enableDiskProfileDiscovery } = await import("./profiles-edzz1ffd.js");
+    const { enableDiskProfileDiscovery } = await import("./profiles-rdd84b45.js");
     enableDiskProfileDiscovery();
   }
   const proxy = await start({ port, host, idleTimeoutSeconds, profiles, defaultProfile, version });

package/dist/{profileCli-5f15dx7k.js → profileCli-wpb4qbjn.js}

@@ -116,6 +116,33 @@ function profileAdd(id) {
   saveProfileConfig(profiles);
   printEnvHint(profiles);
 }
+async function profileAddOauthToken(id, tokenArg) {
+  if (!id || /[^a-zA-Z0-9_-]/.test(id)) {
+    console.error("\x1B[31m✗ Invalid profile ID.\x1B[0m Use only letters, numbers, hyphens, underscores.");
+    process.exit(1);
+  }
+  const profiles = loadProfileConfig();
+  if (profiles.find((p) => p.id === id)) {
+    console.error(`\x1B[31m✗ Profile "${id}" already exists.\x1B[0m`);
+    console.error(`  Run: meridian profile list`);
+    process.exit(1);
+  }
+  let token = tokenArg?.trim() ?? "";
+  if (!token) {
+    console.log(`\x1B[36mAdding profile: ${id} (OAuth token)\x1B[0m`);
+    console.log(`  Generate a token with: \x1B[1mclaude setup-token\x1B[0m`);
+    console.log();
+    token = promptToken(`Paste OAuth token for "${id}" (input hidden):`);
+  }
+  if (!token) {
+    console.error("\x1B[31m✗ Empty token. Aborted.\x1B[0m");
+    process.exit(1);
+  }
+  profiles.push({ id, type: "oauth-token", oauthToken: token });
+  saveProfileConfig(profiles);
+  console.log(`\x1B[32m✓ Profile "${id}" added (OAuth token).\x1B[0m`);
+  printEnvHint(profiles);
+}
 function profileList() {
   const profiles = loadProfileConfig();
   if (profiles.length === 0) {
@@ -126,6 +153,10 @@ function profileList() {
   console.log(`Profiles:
 `);
   for (const p of profiles) {
+    if (p.oauthToken || p.type === "oauth-token") {
+      console.log(`  ${p.id.padEnd(20)} \x1B[32m✓ OAuth token\x1B[0m`);
+      continue;
+    }
     const auth = getAuthStatus(p.claudeConfigDir ?? "");
     const status = auth.loggedIn ? `\x1B[32m✓ ${auth.email} (${auth.subscriptionType || "unknown"})\x1B[0m` : "\x1B[31m✗ not logged in\x1B[0m";
     console.log(`  ${p.id.padEnd(20)} ${status}`);
@@ -133,6 +164,18 @@ function profileList() {
   console.log();
   printEnvHint(profiles);
 }
+function dirsToRemoveOnProfileRemove(profile, profilesDir) {
+  const dirs = [];
+  if (profile.claudeConfigDir && profile.claudeConfigDir.startsWith(profilesDir)) {
+    dirs.push(profile.claudeConfigDir);
+  }
+  if (profile.oauthToken || profile.type === "oauth-token") {
+    const isolationDir = join(profilesDir, profile.id);
+    if (!dirs.includes(isolationDir))
+      dirs.push(isolationDir);
+  }
+  return dirs;
+}
 function profileRemove(id) {
   const profiles = loadProfileConfig();
   const idx = profiles.findIndex((p) => p.id === id);
@@ -140,11 +183,13 @@ function profileRemove(id) {
     console.error(`\x1B[31m✗ Profile "${id}" not found.\x1B[0m`);
     process.exit(1);
   }
-  const configDir = profiles[idx].claudeConfigDir ?? "";
+  const removed = profiles[idx];
+  const dirsToRemove = dirsToRemoveOnProfileRemove(removed, PROFILES_DIR);
   profiles.splice(idx, 1);
   saveProfileConfig(profiles);
-  if (configDir && existsSync(configDir) && configDir.startsWith(PROFILES_DIR)) {
-    rmSync(configDir, { recursive: true, force: true });
+  for (const dir of dirsToRemove) {
+    if (existsSync(dir))
+      rmSync(dir, { recursive: true, force: true });
   }
   console.log(`\x1B[32m✓ Profile "${id}" removed.\x1B[0m`);
   if (profiles.length > 0) {
@@ -181,6 +226,11 @@ function profileLogin(id) {
     console.error(`\x1B[31m✗ Profile "${id}" not found.\x1B[0m Run: meridian profile add ${id}`);
     process.exit(1);
   }
+  if (profile.oauthToken || profile.type === "oauth-token") {
+    console.error(`\x1B[31m✗ Profile "${id}" uses an OAuth token; \`claude auth login\` does not apply.\x1B[0m`);
+    console.error(`  To replace the token: meridian profile remove ${id} && meridian profile add ${id} --oauth-token`);
+    process.exit(1);
+  }
   console.log(`\x1B[36mRe-authenticating profile: ${id}\x1B[0m`);
   console.log();
   console.log("\x1B[33m⚠ Make sure you're signed into the correct Claude account in your browser.\x1B[0m");
@@ -209,6 +259,41 @@ function promptYesNo(question) {
   const answer = (result.stdout?.toString().trim() ?? "").toLowerCase();
   return answer !== "n" && answer !== "no";
 }
+function promptToken(question) {
+  process.stderr.write(`${question}
+> `);
+  const script = [
+    `const stdin = process.stdin;`,
+    `if (!stdin.isTTY) {`,
+    `  let buf = "";`,
+    `  stdin.setEncoding("utf8");`,
+    `  stdin.on("data", (c) => { buf += c; });`,
+    `  stdin.on("end", () => { process.stdout.write(buf.split(/\\r?\\n/)[0] || ""); process.exit(0); });`,
+    `} else {`,
+    `  stdin.setRawMode(true); stdin.resume(); stdin.setEncoding("utf8");`,
+    `  let input = "";`,
+    `  stdin.on("data", (key) => {`,
+    `    if (key === "\\u0003") { process.stderr.write("\\n"); process.exit(1); }`,
+    `    else if (key === "\\r" || key === "\\n") {`,
+    `      stdin.setRawMode(false); process.stderr.write("\\n");`,
+    `      process.stdout.write(input); process.exit(0);`,
+    `    }`,
+    `    else if (key === "\\u007f" || key === "\\b") {`,
+    `      if (input.length > 0) input = input.slice(0, -1);`,
+    `    }`,
+    `    else { input += key; }`,
+    `  });`,
+    `}`
+  ].join(`
+`);
+  const result = spawnSync("node", ["-e", script], { stdio: ["inherit", "pipe", "inherit"] });
+  if (result.status !== 0) {
+    process.stderr.write(`
+`);
+    process.exit(1);
+  }
+  return (result.stdout?.toString() ?? "").trim();
+}
 function printEnvHint(_profiles) {
   console.log(`\x1B[90mConfig: ${CONFIG_FILE}\x1B[0m`);
   console.log("\x1B[90mProfiles are picked up automatically — no restart needed.\x1B[0m");
@@ -217,17 +302,22 @@ function profileHelp() {
   console.log(`meridian profile — manage Claude account profiles
 
 Commands:
-  meridian profile add <name>       Add a profile and authenticate
-  meridian profile list             List profiles and auth status
-  meridian profile remove <name>    Remove a profile
-  meridian profile switch <name>    Switch the active profile (requires running proxy)
-  meridian profile login <name>     Re-authenticate an existing profile
+  meridian profile add <name>                       Add a profile via browser login
+  meridian profile add <name> --oauth-token [TOKEN] Add a profile from a \`claude setup-token\` value
+                                                    (if TOKEN is omitted, you will be prompted; input is hidden)
+  meridian profile list                             List profiles and auth status
+  meridian profile remove <name>                    Remove a profile
+  meridian profile switch <name>                    Switch the active profile (requires running proxy)
+  meridian profile login <name>                     Re-authenticate an existing profile (claude-max only)
 
 Examples:
-  meridian profile add personal     # Add personal account
-  meridian profile add work         # Add work account
-  meridian profile switch work      # Switch to work account
-  meridian profile list             # Show all profiles`);
+  meridian profile add personal                     # Add personal account (browser login)
+  meridian profile add work                         # Add work account
+  meridian profile add ci --oauth-token             # Add headless CI profile (prompted, no echo)
+  meridian profile add ci --oauth-token sk-ant-oat01-...
+                                                    # Add headless CI profile (token from CLI argument)
+  meridian profile switch work                      # Switch to work account
+  meridian profile list                             # Show all profiles`);
 }
 export {
   profileSwitch,
@@ -235,5 +325,7 @@ export {
   profileLogin,
   profileList,
   profileHelp,
-  profileAdd
+  profileAddOauthToken,
+  profileAdd,
+  dirsToRemoveOnProfileRemove
 };

package/dist/{profiles-edzz1ffd.js → profiles-rdd84b45.js}

@@ -9,7 +9,7 @@ import {
   resolveProfile,
   restoreActiveProfile,
   setActiveProfile
-} from "./cli-vdp9s10c.js";
+} from "./cli-cx463q74.js";
 import"./cli-340h1chz.js";
 import"./cli-p9swy5t3.js";
 export {

package/dist/proxy/adapters/droid.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"droid.d.ts","sourceRoot":"","sources":["../../../src/proxy/adapters/droid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAwC9C,eAAO,MAAM,YAAY,EAAE,YA8E1B,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,OAAO,EAAE,eAAe,EAAE,CAAA"}
+{"version":3,"file":"droid.d.ts","sourceRoot":"","sources":["../../../src/proxy/adapters/droid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAwC9C,eAAO,MAAM,YAAY,EAAE,YAmF1B,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,OAAO,EAAE,eAAe,EAAE,CAAA"}

package/dist/proxy/cwd.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Resolve the SDK subprocess `cwd:` option, falling back to a known-valid
+ * path on the proxy host when the resolved working directory doesn't exist.
+ *
+ * Background — issue #381:
+ *   When meridian runs on a remote machine (e.g. accessed over Tailscale)
+ *   and the client (OpenCode/Crush/etc.) runs on a different machine, the
+ *   adapter extracts the client's reported working directory and passes it
+ *   to the SDK as `cwd:`. That path doesn't exist on the proxy host, so
+ *   `child_process.spawn(claude, { cwd })` fails with ENOENT — which the
+ *   SDK then reports as the misleading "Claude Code native binary not
+ *   found at ..." error.
+ *
+ *   Falling back to the proxy's own `process.cwd()` lets the SDK spawn
+ *   succeed; `clientWorkingDirectory` is tracked separately (and emitted
+ *   into the model's context via buildCwdNote) so the model still hears
+ *   about the user's real working directory.
+ */
+export interface CwdResolution {
+    /** Path passed to the SDK as `cwd:`. Always exists on the proxy host. */
+    workingDirectory: string;
+    /**
+     * The originally-resolved path before existence validation. May not
+     * exist on the proxy host. Used as `clientWorkingDirectory` for
+     * fingerprint bucketing and the system-prompt cwdNote.
+     */
+    claimedWorkingDirectory: string;
+    /** True if `workingDirectory` differs from `claimedWorkingDirectory`. */
+    fellBack: boolean;
+}
+export interface ResolveCwdOpts {
+    /** MERIDIAN_WORKDIR / CLAUDE_PROXY_WORKDIR (highest precedence). */
+    envOverride: string | undefined;
+    /** Adapter's extracted client working directory. */
+    adapterCwd: string | undefined;
+    /** Last-resort fallback. Must exist; typically `process.cwd()`. */
+    fallback: string;
+    /** Injection point for tests. Defaults to `node:fs`'s existsSync. */
+    exists?: (path: string) => boolean;
+}
+export declare function resolveSdkWorkingDirectory(opts: ResolveCwdOpts): CwdResolution;
+//# sourceMappingURL=cwd.d.ts.map

package/dist/proxy/cwd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cwd.d.ts","sourceRoot":"","sources":["../../src/proxy/cwd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,MAAM,WAAW,aAAa;IAC5B,yEAAyE;IACzE,gBAAgB,EAAE,MAAM,CAAA;IACxB;;;;OAIG;IACH,uBAAuB,EAAE,MAAM,CAAA;IAC/B,yEAAyE;IACzE,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,oEAAoE;IACpE,WAAW,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,oDAAoD;IACpD,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,mEAAmE;IACnE,QAAQ,EAAE,MAAM,CAAA;IAChB,qEAAqE;IACrE,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAA;CACnC;AAED,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,cAAc,GAAG,aAAa,CAO9E"}

package/dist/proxy/errors.d.ts

@@ -15,10 +15,20 @@ export declare function classifyError(errMsg: string): ClassifiedError;
  * Detect errors caused by an expired or missing OAuth access token.
  * Triggers an inline token refresh + retry in server.ts.
  *
- * Two distinct messages from the Claude Code CLI:
- *   - "OAuth token has expired" — CLI sent the token, Anthropic API rejected it
- *   - "Not logged in"           — CLI checked expiresAt locally and refused to try
- * Both are resolved by refreshing the token.
+ * Patterns, in order of specificity:
+ *   - "OAuth token has expired" / "Not logged in" — CLI-emitted (subprocess
+ *     either got 401 with this wording from Anthropic or detected expiry
+ *     locally before sending).
+ *   - "invalid_token" / "token_expired" — RFC 6750 resource-server errors that
+ *     can appear in the API response body.
+ *   - "401" + ("authentication" | "unauthorized" | "invalid") — generic 401
+ *     wrapping. Anthropic's API does not always echo the CLI-specific wording,
+ *     so without this branch a stale access token returns a generic 401 to the
+ *     proxy and refresh-and-retry never fires (caller sees the 401).
+ *
+ * False positives only cost one OAuth round-trip — the refresh is single-shot
+ * per request (gated by `tokenRefreshed` in server.ts) and surfaces the
+ * original error if it doesn't help.
  */
 export declare function isExpiredTokenError(errMsg: string): boolean;
 /**

package/dist/proxy/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/proxy/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CA+G7D;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAO3D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAGxD;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAGjE;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,WAAW,GAAG,cAAc,GAAG,SAAS,GAAG,SAAS,CAAA;IAC5D,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;wCAEoC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAuBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,CAuCpE;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,cAAc,EACjB,GAAG,EAAE;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GACA,MAAM,CAYR"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/proxy/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CA+G7D;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAM3D;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAO3D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAGxD;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAGjE;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,WAAW,GAAG,cAAc,GAAG,SAAS,GAAG,SAAS,CAAA;IAC5D,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;wCAEoC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAuBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,CAuCpE;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,cAAc,EACjB,GAAG,EAAE;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GACA,MAAM,CAYR"}

package/dist/proxy/models.d.ts

@@ -25,8 +25,12 @@ export declare const CANONICAL_HAIKU_MODEL = "claude-haiku-4-5";
  * Build the ANTHROPIC_DEFAULT_{TYPE}_MODEL env record to apply before the
  * inherited process env, so user-set shell values still win but unset
  * variables get Meridian's canonical pins.
+ *
+ * Accepts an optional `env` arg so unit tests can pass a synthetic env
+ * map instead of mutating process.env (which leaks between parallel
+ * test files).
  */
-export declare function resolveSdkModelDefaults(): Record<string, string>;
+export declare function resolveSdkModelDefaults(env?: NodeJS.ProcessEnv): Record<string, string>;
 export interface ClaudeAuthStatus {
     loggedIn?: boolean;
     subscriptionType?: string;
@@ -71,6 +75,18 @@ export declare function getAuthCacheInfo(profileId?: string): {
  * @param envOverrides - Optional env vars for per-profile auth (e.g. CLAUDE_CONFIG_DIR).
  */
 export declare function getClaudeAuthStatusAsync(profileId?: string, envOverrides?: Record<string, string>): Promise<ClaudeAuthStatus | null>;
+/**
+ * Tag identifying which resolver step produced the path. Surfaced at startup
+ * and in `/health` so users can self-diagnose "wrong claude got picked"
+ * without having to inspect their PATH manually (closes the diagnostic gap
+ * from #478, where a Bun-shimmed `claude` on PATH led to silent failures
+ * that looked indistinguishable from any other SDK error).
+ */
+export type ClaudeExecutableSource = "env" | "bundled" | "platform-package" | "path-lookup" | "legacy-cli-js";
+export interface ClaudeExecutableInfo {
+    path: string;
+    source: ClaudeExecutableSource;
+}
 /**
  * Resolve the Claude executable path asynchronously (non-blocking).
  *
@@ -82,6 +98,49 @@ export declare function getClaudeAuthStatusAsync(profileId?: string, envOverride
  * The promise is cleared in `finally` to allow retry on failure while
  * cachedClaudePath prevents re-resolution on success.
  */
+/**
+ * Resolver step contract — each tries one source, returns a path on success
+ * or null on miss. Failures (thrown errors) are caught by the caller and
+ * treated as misses so unresolved sources never block subsequent steps.
+ */
+type ResolverDeps = {
+    existsSync: (p: string) => boolean;
+    statSync: (p: string) => {
+        size: number;
+    };
+    exec: (cmd: string) => Promise<{
+        stdout: string;
+    }>;
+    resolvePackage: (specifier: string) => string;
+    envGet: (name: string) => string | undefined;
+    platform: NodeJS.Platform;
+    arch: string;
+    isBun: boolean;
+};
+/**
+ * Pure resolver, source-aware variant — runs each step and returns the
+ * first hit (path + source tag), or null when all steps miss.
+ *
+ * Order matters: `env` wins unconditionally (operator escape hatch), then
+ * `bundled` (the path the SDK expects), then `platform-package` (postinstall
+ * fallback), then `path-lookup` (system PATH — most likely to surface
+ * unintended shims, see #478), then `legacy-cli-js` (only matters on stale
+ * Bun installs of SDK < 0.2.98).
+ */
+export declare function resolveClaudeExecutableWithSource(deps?: ResolverDeps): Promise<ClaudeExecutableInfo | null>;
+/**
+ * Pure resolver — returns the path string only. Kept for callers that
+ * don't need the source tag (existing behavior; preserves the existing
+ * test surface in claude-executable-resolver.test.ts).
+ */
+export declare function resolveClaudeExecutable(deps?: ResolverDeps): Promise<string | null>;
+/**
+ * Returns the cached resolved-executable info — `null` if
+ * `resolveClaudeExecutableAsync` hasn't run yet. Used by `/health` and the
+ * startup log so the resolver only runs once and both surfaces see the
+ * same answer.
+ */
+export declare function getResolvedClaudeExecutableInfo(): ClaudeExecutableInfo | null;
 export declare function resolveClaudeExecutableAsync(): Promise<string>;
 /** Reset cached path — for testing only */
 export declare function resetCachedClaudePath(): void;
@@ -96,4 +155,5 @@ export declare function expireAuthStatusCache(): void;
  * This happens when the client disconnects mid-stream.
  */
 export declare function isClosedControllerError(error: unknown): boolean;
+export {};
 //# sourceMappingURL=models.d.ts.map

package/dist/proxy/models.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/proxy/models.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,YAAY,GAAG,MAAM,GAAG,UAAU,GAAG,OAAO,CAAA;AAEjF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,oBAAoB,oBAAoB,CAAA;AACrD,eAAO,MAAM,sBAAsB,sBAAsB,CAAA;AACzD,eAAO,MAAM,qBAAqB,qBAAqB,CAAA;AAEvD;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAMhE;AACD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AA0BD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,WAAW,CA8B7H;AAWD;;;;;;GAMG;AACH,wBAAgB,gCAAgC,IAAI,IAAI,CAEvD;AAED;;;;GAIG;AACH,wBAAgB,iCAAiC,IAAI,OAAO,CAG3D;AAED,0EAA0E;AAC1E,wBAAgB,+BAA+B,IAAI,IAAI,CAEtD;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,WAAW,GAAG,WAAW,CAIpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAE9D;AAaD;gFACgF;AAChF,wBAAgB,gBAAgB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAOzH;AAWD;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAuD1I;AAOD;;;;;;;;;;GAUG;AACH,wBAAsB,4BAA4B,IAAI,OAAO,CAAC,MAAM,CAAC,CAyDpE;AAED,2CAA2C;AAC3C,wBAAgB,qBAAqB,IAAI,IAAI,CAG5C;AAED,kDAAkD;AAClD,wBAAgB,2BAA2B,IAAI,IAAI,CAOlD;AAED;;6DAE6D;AAC7D,wBAAgB,qBAAqB,IAAI,IAAI,CAO5C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAG/D"}
+{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/proxy/models.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoBH,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,YAAY,GAAG,MAAM,GAAG,UAAU,GAAG,OAAO,CAAA;AAEjF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,oBAAoB,oBAAoB,CAAA;AACrD,eAAO,MAAM,sBAAsB,sBAAsB,CAAA;AACzD,eAAO,MAAM,qBAAqB,qBAAqB,CAAA;AAEvD;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAMxB;AACD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AA0BD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,WAAW,CA8B7H;AAWD;;;;;;GAMG;AACH,wBAAgB,gCAAgC,IAAI,IAAI,CAEvD;AAED;;;;GAIG;AACH,wBAAgB,iCAAiC,IAAI,OAAO,CAG3D;AAED,0EAA0E;AAC1E,wBAAgB,+BAA+B,IAAI,IAAI,CAEtD;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,WAAW,GAAG,WAAW,CAIpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAE9D;AAaD;gFACgF;AAChF,wBAAgB,gBAAgB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAOzH;AAWD;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAuD1I;AAID;;;;;;GAMG;AACH,MAAM,MAAM,sBAAsB,GAC9B,KAAK,GACL,SAAS,GACT,kBAAkB,GAClB,aAAa,GACb,eAAe,CAAA;AAEnB,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,sBAAsB,CAAA;CAC/B;AAKD;;;;;;;;;;GAUG;AACH;;;;GAIG;AACH,KAAK,YAAY,GAAG;IAClB,UAAU,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAA;IAClC,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;IACzC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAClD,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,CAAA;IAC7C,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAA;IAC5C,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAA;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,OAAO,CAAA;CACf,CAAA;AA4HD;;;;;;;;;GASG;AACH,wBAAsB,iCAAiC,CACrD,IAAI,GAAE,YAA2B,GAChC,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAYtC;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,IAAI,GAAE,YAA2B,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAGvG;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,IAAI,oBAAoB,GAAG,IAAI,CAE7E;AAED,wBAAsB,4BAA4B,IAAI,OAAO,CAAC,MAAM,CAAC,CAqBpE;AAED,2CAA2C;AAC3C,wBAAgB,qBAAqB,IAAI,IAAI,CAG5C;AAED,kDAAkD;AAClD,wBAAgB,2BAA2B,IAAI,IAAI,CAOlD;AAED;;6DAE6D;AAC7D,wBAAgB,qBAAqB,IAAI,IAAI,CAO5C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAG/D"}

package/dist/proxy/oauthUsage.d.ts

@@ -37,6 +37,19 @@ export interface OAuthUsageSnapshot {
     extraUsage: OAuthExtraUsageInfo | null;
     fetchedAt: number;
 }
+/** Minimal fetch shape used by callAnthropic. Avoids `typeof fetch`'s
+ *  `preconnect` property, which makes test casts unwieldy. */
+type FetchLike = (input: string, init?: RequestInit) => Promise<Response>;
+export interface FetchOAuthUsageOpts {
+    ttlMs?: number;
+    force?: boolean;
+    store?: CredentialStore;
+    profileId?: string | null;
+    claudeConfigDir?: string;
+    fetchImpl?: FetchLike;
+}
+/** Test-only setter. Pass `null` to clear. */
+export declare function __setFetchOAuthUsageOverride(fn: ((opts?: FetchOAuthUsageOpts) => Promise<OAuthUsageSnapshot | null>) | null): void;
 /**
  * Fetch latest OAuth usage for a specific profile (or the default OAuth
  * account if none specified). Returns null if no OAuth token is available
@@ -54,14 +67,11 @@ export interface OAuthUsageSnapshot {
  * @param claudeConfigDir When provided, reads credentials from this dir's
  *                        keychain entry (macOS) or `.credentials.json`
  *                        (Linux) instead of the platform default.
+ * @param fetchImpl       Override the fetch implementation (for testing).
+ *                        Defaults to globalThis.fetch.
  */
-export declare function fetchOAuthUsage(opts?: {
-    ttlMs?: number;
-    force?: boolean;
-    store?: CredentialStore;
-    profileId?: string | null;
-    claudeConfigDir?: string;
-}): Promise<OAuthUsageSnapshot | null>;
+export declare function fetchOAuthUsage(opts?: FetchOAuthUsageOpts): Promise<OAuthUsageSnapshot | null>;
 /** Test-only / shutdown helper — clears all cached snapshots and pending fetches. */
 export declare function resetOAuthUsageCache(): void;
+export {};
 //# sourceMappingURL=oauthUsage.d.ts.map

package/dist/proxy/oauthUsage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauthUsage.d.ts","sourceRoot":"","sources":["../../src/proxy/oauthUsage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAAoD,KAAK,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAgCvG,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,OAAO,CAAA;IAClB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAA;IAC3B,UAAU,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACtC,SAAS,EAAE,MAAM,CAAA;CAClB;AA0ED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,eAAe,CAAC,IAAI,CAAC,EAAE;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,KAAK,CAAC,EAAE,eAAe,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAgDrC;AAED,qFAAqF;AACrF,wBAAgB,oBAAoB,IAAI,IAAI,CAG3C"}
+{"version":3,"file":"oauthUsage.d.ts","sourceRoot":"","sources":["../../src/proxy/oauthUsage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAAoD,KAAK,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAgCvG,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,OAAO,CAAA;IAClB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAA;IAC3B,UAAU,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACtC,SAAS,EAAE,MAAM,CAAA;CAClB;AA6DD;8DAC8D;AAC9D,KAAK,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAmBzE,MAAM,WAAW,mBAAmB;IAClC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,KAAK,CAAC,EAAE,eAAe,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,SAAS,CAAC,EAAE,SAAS,CAAA;CACtB;AAcD,8CAA8C;AAC9C,wBAAgB,4BAA4B,CAC1C,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,mBAAmB,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,GAC9E,IAAI,CAEN;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,eAAe,CAAC,IAAI,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAOpG;AAqDD,qFAAqF;AACrF,wBAAgB,oBAAoB,IAAI,IAAI,CAG3C"}

package/dist/proxy/plugins/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../../src/proxy/plugins/loader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,WAAW,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAA;AAStE,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,EAAE,CASnE;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,YAAY,EAAE,CAAC,CAiIzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,SAAS,EAAE,CAIxE"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../../src/proxy/plugins/loader.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,WAAW,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAA;AAStE,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,EAAE,CASnE;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,YAAY,EAAE,CAAC,CA+IzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,SAAS,EAAE,CAIxE"}

package/dist/proxy/profiles.d.ts

@@ -2,8 +2,9 @@
  * Multi-profile support.
  *
  * Allows a single Meridian instance to route requests to different Claude
- * accounts. Each profile is a named auth context (a CLAUDE_CONFIG_DIR for
- * Max subscriptions, or an API key for direct API access).
+ * accounts. Each profile is a named auth context — a CLAUDE_CONFIG_DIR for
+ * Max subscriptions, an Anthropic API key for direct API access, or a
+ * long-lived OAuth token minted by `claude setup-token`.
  *
  * Profile selection priority:
  *   1. x-meridian-profile request header (per-request override)
@@ -18,11 +19,16 @@
  * while avoiding synchronous disk I/O on every request.
  */
 export declare function loadProfilesFromDisk(): ProfileConfig[];
-export type ProfileType = "claude-max" | "api";
+export type ProfileType = "claude-max" | "api" | "oauth-token";
 export interface ProfileConfig {
     /** Unique profile identifier (e.g. "personal", "work") */
     id: string;
-    /** Auth type — "claude-max" uses CLAUDE_CONFIG_DIR, "api" uses ANTHROPIC_API_KEY */
+    /**
+     * Auth type. Inferred from the populated credential field when omitted:
+     *   - `oauthToken`        → "oauth-token" (CLAUDE_CODE_OAUTH_TOKEN)
+     *   - `apiKey`/`baseUrl`  → must be combined with explicit `type: "api"`
+     *   - `claudeConfigDir`   → "claude-max" (CLAUDE_CONFIG_DIR)
+     */
     type?: ProfileType;
     /** Path to .claude config directory (claude-max profiles) */
     claudeConfigDir?: string;
@@ -30,6 +36,8 @@ export interface ProfileConfig {
     apiKey?: string;
     /** Anthropic base URL override (api profiles) */
     baseUrl?: string;
+    /** Long-lived OAuth token from `claude setup-token` (oauth-token profiles) */
+    oauthToken?: string;
 }
 export interface ResolvedProfile {
     id: string;

package/dist/proxy/profiles.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"profiles.d.ts","sourceRoot":"","sources":["../../src/proxy/profiles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAcH;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAkBtD;AAED,MAAM,MAAM,WAAW,GAAG,YAAY,GAAG,KAAK,CAAA;AAE9C,MAAM,WAAW,aAAa;IAC5B,0DAA0D;IAC1D,EAAE,EAAE,MAAM,CAAA;IACV,oFAAoF;IACpF,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,6DAA6D;IAC7D,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,WAAW,CAAA;IACjB,4DAA4D;IAC5D,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC5B;AAOD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAGxD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,SAAS,CAEvD;AAED,+CAA+C;AAC/C,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,cAAc,CAAC,EAAE,aAAa,EAAE,GAAG,IAAI,CAY3E;AAUD;;kEAEkE;AAClE,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD;AAED,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,aAAa,EAAE,GAAG,SAAS,GAAG,aAAa,EAAE,CAOjG;AAED,0DAA0D;AAC1D,wBAAgB,WAAW,CAAC,cAAc,EAAE,aAAa,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,aAAa,EAAE,GAAG,SAAS,EACrC,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,WAAW,CAAC,EAAE,MAAM,GACnB,eAAe,CAkBjB;AAqBD;;GAEG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,aAAa,EAAE,GAAG,SAAS,EACrC,cAAc,EAAE,MAAM,GAAG,SAAS,GACjC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,WAAW,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAAC,CAU7D"}
+{"version":3,"file":"profiles.d.ts","sourceRoot":"","sources":["../../src/proxy/profiles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAcH;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAkBtD;AAED,MAAM,MAAM,WAAW,GAAG,YAAY,GAAG,KAAK,GAAG,aAAa,CAAA;AAE9D,MAAM,WAAW,aAAa;IAC5B,0DAA0D;IAC1D,EAAE,EAAE,MAAM,CAAA;IACV;;;;;OAKG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,6DAA6D;IAC7D,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,WAAW,CAAA;IACjB,4DAA4D;IAC5D,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC5B;AAOD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAGxD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,SAAS,CAEvD;AAED,+CAA+C;AAC/C,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,cAAc,CAAC,EAAE,aAAa,EAAE,GAAG,IAAI,CAY3E;AAUD;;kEAEkE;AAClE,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD;AAED,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,aAAa,EAAE,GAAG,SAAS,GAAG,aAAa,EAAE,CAOjG;AAED,0DAA0D;AAC1D,wBAAgB,WAAW,CAAC,cAAc,EAAE,aAAa,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,aAAa,EAAE,GAAG,SAAS,EACrC,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,WAAW,CAAC,EAAE,MAAM,GACnB,eAAe,CAkBjB;AAkCD;;GAEG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,aAAa,EAAE,GAAG,SAAS,EACrC,cAAc,EAAE,MAAM,GAAG,SAAS,GACjC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,WAAW,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAAC,CAU7D"}

package/dist/proxy/query.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../src/proxy/query.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAW,aAAa,EAAE,MAAM,gCAAgC,CAAA;AAErF,OAAO,EAAE,0BAA0B,EAAwB,MAAM,oBAAoB,CAAA;AAErF,MAAM,WAAW,YAAY;IAC3B,iEAAiE;IACjE,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IACnC,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAA;IACb,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAA;IACxB;;;;;OAKG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAA;IAC/B,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAA;IACrB,gCAAgC;IAChC,gBAAgB,EAAE,MAAM,CAAA;IACxB,0CAA0C;IAC1C,WAAW,EAAE,OAAO,CAAA;IACpB,0CAA0C;IAC1C,MAAM,EAAE,OAAO,CAAA;IACf,6DAA6D;IAC7D,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC9B,mEAAmE;IACnE,cAAc,CAAC,EAAE,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAA;IAC9D,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC5C,yDAAyD;IACzD,gBAAgB,EAAE,OAAO,CAAA;IACzB,0DAA0D;IAC1D,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,wCAAwC;IACxC,MAAM,EAAE,OAAO,CAAA;IACf,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,GAAG,CAAA;IACd,iDAAiD;IACjD,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;IAC/B,+CAA+C;IAC/C,iBAAiB,EAAE,SAAS,MAAM,EAAE,CAAA;IACpC,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAA;IACrB,wCAAwC;IACxC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAA;IAClC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAA;IACjC,mEAAmE;IACnE,MAAM,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAA;IAC1C,0EAA0E;IAC1E,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,SAAS,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,CAAA;IACnG,8EAA8E;IAC9E,UAAU,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAA;IAC9B,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,yEAAyE;IACzE,cAAc,CAAC,EAAE,aAAa,EAAE,CAAA;IAChC,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,+CAA+C;IAC/C,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,wDAAwD;IACxD,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,0DAA0D;IAC1D,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,+CAA+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAChC,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;IAC9B,OAAO,EAAE,OAAO,CAAA;CACjB;AA+BD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAkBvE;AAyBD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY,GAAG,gBAAgB,CAgFrE"}
+{"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../src/proxy/query.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAW,aAAa,EAAE,MAAM,gCAAgC,CAAA;AAErF,OAAO,EAAE,0BAA0B,EAAwB,MAAM,oBAAoB,CAAA;AAsBrF,MAAM,WAAW,YAAY;IAC3B,iEAAiE;IACjE,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IACnC,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAA;IACb,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAA;IACxB;;;;;OAKG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAA;IAC/B,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAA;IACrB,gCAAgC;IAChC,gBAAgB,EAAE,MAAM,CAAA;IACxB,0CAA0C;IAC1C,WAAW,EAAE,OAAO,CAAA;IACpB,0CAA0C;IAC1C,MAAM,EAAE,OAAO,CAAA;IACf,6DAA6D;IAC7D,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC9B,mEAAmE;IACnE,cAAc,CAAC,EAAE,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAA;IAC9D,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC5C,yDAAyD;IACzD,gBAAgB,EAAE,OAAO,CAAA;IACzB,0DAA0D;IAC1D,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,wCAAwC;IACxC,MAAM,EAAE,OAAO,CAAA;IACf,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,GAAG,CAAA;IACd,iDAAiD;IACjD,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;IAC/B,+CAA+C;IAC/C,iBAAiB,EAAE,SAAS,MAAM,EAAE,CAAA;IACpC,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAA;IACrB,wCAAwC;IACxC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAA;IAClC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAA;IACjC,mEAAmE;IACnE,MAAM,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAA;IAC1C,0EAA0E;IAC1E,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,SAAS,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,CAAA;IACnG,8EAA8E;IAC9E,UAAU,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAA;IAC9B,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,yEAAyE;IACzE,cAAc,CAAC,EAAE,aAAa,EAAE,CAAA;IAChC,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,+CAA+C;IAC/C,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,wDAAwD;IACxD,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,0DAA0D;IAC1D,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,+CAA+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAChC,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;IAC9B,OAAO,EAAE,OAAO,CAAA;CACjB;AA+BD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAkBvE;AAyBD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY,GAAG,gBAAgB,CAuFrE"}

package/dist/proxy/sdkFeatures.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sdkFeatures.d.ts","sourceRoot":"","sources":["../../src/proxy/sdkFeatures.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,eAAe;IAC9B,iFAAiF;IACjF,gBAAgB,EAAE,OAAO,CAAA;IACzB,kFAAkF;IAClF,kBAAkB,EAAE,OAAO,CAAA;IAC3B,4DAA4D;IAC5D,QAAQ,EAAE,KAAK,GAAG,SAAS,GAAG,MAAM,CAAA;IACpC,wDAAwD;IACxD,MAAM,EAAE,OAAO,CAAA;IACf,6CAA6C;IAC7C,QAAQ,EAAE,OAAO,CAAA;IACjB,0DAA0D;IAC1D,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;IAC7C,4CAA4C;IAC5C,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iFAAiF;IACjF,YAAY,EAAE,OAAO,CAAA;IACrB,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAA;IACpB,2DAA2D;IAC3D,aAAa,EAAE,MAAM,CAAA;IACrB,+CAA+C;IAC/C,QAAQ,EAAE,OAAO,CAAA;IACjB,uEAAuE;IACvE,qBAAqB,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;AA6DpE;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,CAU1E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAOtE;AAKD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAgC5E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAInG;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAI9D"}
+{"version":3,"file":"sdkFeatures.d.ts","sourceRoot":"","sources":["../../src/proxy/sdkFeatures.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,eAAe;IAC9B,iFAAiF;IACjF,gBAAgB,EAAE,OAAO,CAAA;IACzB,kFAAkF;IAClF,kBAAkB,EAAE,OAAO,CAAA;IAC3B,4DAA4D;IAC5D,QAAQ,EAAE,KAAK,GAAG,SAAS,GAAG,MAAM,CAAA;IACpC,wDAAwD;IACxD,MAAM,EAAE,OAAO,CAAA;IACf,6CAA6C;IAC7C,QAAQ,EAAE,OAAO,CAAA;IACjB,0DAA0D;IAC1D,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;IAC7C,4CAA4C;IAC5C,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iFAAiF;IACjF,YAAY,EAAE,OAAO,CAAA;IACrB,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAA;IACpB,2DAA2D;IAC3D,aAAa,EAAE,MAAM,CAAA;IACrB,+CAA+C;IAC/C,QAAQ,EAAE,OAAO,CAAA;IACjB,uEAAuE;IACvE,qBAAqB,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;AA6EpE;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,CAU1E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAOtE;AAKD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAgC5E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAInG;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAI9D"}

package/dist/proxy/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AACtE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAA;AAGvD,YAAY,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,GACZ,MAAM,aAAa,CAAA;AAKpB,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAgCnG,OAAO,EACL,kBAAkB,EAClB,WAAW,EACX,oBAAoB,EAEpB,KAAK,aAAa,EAGnB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAA+B,iBAAiB,EAAE,mBAAmB,EAAsC,MAAM,iBAAiB,CAAA;AAGzI,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAA;AAChE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,CAAA;AACjD,YAAY,EAAE,aAAa,EAAE,CAAA;AA+N7B,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,WAAW,CAAM,GAAG,WAAW,CA+9EhF;AAED,wBAAsB,gBAAgB,CAAC,MAAM,GAAE,OAAO,CAAC,WAAW,CAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAoEhG"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AACtE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAA;AAGvD,YAAY,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,GACZ,MAAM,aAAa,CAAA;AAKpB,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAgCnG,OAAO,EACL,kBAAkB,EAClB,WAAW,EACX,oBAAoB,EAEpB,KAAK,aAAa,EAGnB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAA+B,iBAAiB,EAAE,mBAAmB,EAAsC,MAAM,iBAAiB,CAAA;AAGzI,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAA;AAChE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,CAAA;AACjD,YAAY,EAAE,aAAa,EAAE,CAAA;AA+N7B,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,WAAW,CAAM,GAAG,WAAW,CA6jFhF;AAED,wBAAsB,gBAAgB,CAAC,MAAM,GAAE,OAAO,CAAC,WAAW,CAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmFhG"}

package/dist/proxy/tokenRefresh.d.ts

@@ -41,6 +41,17 @@ export interface CredentialStore {
     read(): Promise<CredentialsFile | null>;
     write(credentials: CredentialsFile): Promise<boolean>;
 }
+/**
+ * Serialize a credentials object to the on-disk / Keychain format Claude Code
+ * expects.
+ *
+ * MUST be compact (no whitespace) — Claude Code's credential parser cannot
+ * read pretty-printed JSON and treats the user as logged out when it
+ * encounters one. See issue #452.
+ *
+ * Exported so the regression test can pin the output format directly.
+ */
+export declare function serializeCredentials(credentials: CredentialsFile): string;
 /**
  * Returns the appropriate credential store for the current platform.
  *
@@ -66,6 +77,47 @@ export declare function credentialsFilePathForProfile(claudeConfigDir?: string):
  * @param store  Override the credential store (for testing).
  */
 export declare function refreshOAuthToken(store?: CredentialStore): Promise<boolean>;
+/**
+ * Refresh the access token if it is within `bufferMs` of expiry.
+ *
+ * Cheap to call before every SDK request: when the token isn't due yet this
+ * is just one credential-store read. When it is due, the underlying
+ * `refreshOAuthToken()` call is in-flight-deduplicated so concurrent callers
+ * share one network round-trip.
+ *
+ * Returns true when the token is fresh after the call (already valid OR
+ * successfully refreshed), false on any failure (no credentials, no
+ * expiresAt, refresh request failed). False is non-fatal — the caller
+ * proceeds with whatever token is on disk and falls back to the reactive
+ * refresh-on-401 path if Anthropic rejects it.
+ */
+export declare function ensureFreshToken(store?: CredentialStore, bufferMs?: number): Promise<boolean>;
+/**
+ * Start a self-rescheduling timer that refreshes the access token shortly
+ * before each expiry — regardless of incoming traffic.
+ *
+ * Idempotent: a second call while one is already running is a no-op. Safe to
+ * call from any code path; returns synchronously and schedules in the
+ * background.
+ *
+ * Why traffic-independent matters: without this, an idle proxy never fires
+ * either the proactive (`ensureFreshToken`) or reactive (401-retry) refresh
+ * path. Anthropic's OAuth refresh tokens appear to be invalidated server-side
+ * after sitting unused for an extended period (observed 2026-05-03: two NAS
+ * instances idle past expiry both got `400 invalid_grant` on a manual refresh
+ * attempt; only fix was OAuth-flow re-login). Running a refresh every ~8h
+ * keeps the refresh chain warm.
+ *
+ * On `refreshOAuthToken()` failure (network, transient API error, refresh
+ * token rejected) we retry every `failureRetryMs` — gives operators a window
+ * to `claude login` and have the new tokens picked up automatically on the
+ * next tick.
+ */
+export declare function startBackgroundRefresh(store?: CredentialStore, bufferMs?: number, failureRetryMs?: number): void;
+/** Stop the background scheduler. Idempotent. */
+export declare function stopBackgroundRefresh(): void;
+/** For testing only. */
+export declare function isBackgroundRefreshActive(): boolean;
 /** Reset in-flight state — for testing only. */
 export declare function resetInflightRefresh(): void;
 export {};

package/dist/proxy/tokenRefresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenRefresh.d.ts","sourceRoot":"","sources":["../../src/proxy/tokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAkBH;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAK1E;AAED,gEAAgE;AAChE,wBAAgB,0BAA0B,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAE1E;AAED,UAAU,gBAAgB;IACxB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,UAAU,eAAe;IACvB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAMD,MAAM,WAAW,eAAe;IAC9B,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACvC,KAAK,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACtD;AAuGD;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,eAAe,CAQlG;AAED,uGAAuG;AACvG,wBAAgB,6BAA6B,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAE9E;AASD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAQjF;AAiED,gDAAgD;AAChD,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C"}
+{"version":3,"file":"tokenRefresh.d.ts","sourceRoot":"","sources":["../../src/proxy/tokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAkBH;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAK1E;AAED,gEAAgE;AAChE,wBAAgB,0BAA0B,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAE1E;AAED,UAAU,gBAAgB;IACxB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,UAAU,eAAe;IACvB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAMD,MAAM,WAAW,eAAe;IAC9B,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACvC,KAAK,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,eAAe,GAAG,MAAM,CAEzE;AAuGD;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,eAAe,CAQlG;AAED,uGAAuG;AACvG,wBAAgB,6BAA6B,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAE9E;AASD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAQjF;AAiED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,CAAC,EAAE,eAAe,EACvB,QAAQ,SAAgB,GACvB,OAAO,CAAC,OAAO,CAAC,CAOlB;AAiBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,CAAC,EAAE,eAAe,EACvB,QAAQ,SAAgB,EACxB,cAAc,SAAgB,GAC7B,IAAI,CAKN;AAED,iDAAiD;AACjD,wBAAgB,qBAAqB,IAAI,IAAI,CAK5C;AA0DD,wBAAwB;AACxB,wBAAgB,yBAAyB,IAAI,OAAO,CAEnD;AAED,gDAAgD;AAChD,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C"}