@scheduler-systems/gal-run 0.0.453 → 0.0.455

package/dist/index.cjs

@@ -3970,7 +3970,7 @@ var cliVersion, defaultApiUrl, BUILD_CONSTANTS, constants_default;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
-    cliVersion = true ? "0.0.453" : "0.0.0-dev";
+    cliVersion = true ? "0.0.455" : "0.0.0-dev";
     defaultApiUrl = true ? "https://api.gal.run" : "http://localhost:3000";
     BUILD_CONSTANTS = Object.freeze([cliVersion, defaultApiUrl]);
     constants_default = BUILD_CONSTANTS;
@@ -4880,7 +4880,7 @@ function detectEnvironment() {
     return "dev";
   }
   try {
-    const version2 = true ? "0.0.453" : void 0;
+    const version2 = true ? "0.0.455" : void 0;
     if (version2 && version2.includes("-local")) {
       return "dev";
     }
@@ -5249,7 +5249,7 @@ function getId() {
 }
 function getCliVersion() {
   try {
-    return true ? "0.0.453" : "0.0.0-dev";
+    return true ? "0.0.455" : "0.0.0-dev";
   } catch {
     return "0.0.0-dev";
   }
@@ -5693,7 +5693,8 @@ var init_feature_flags = __esm({
       "enforcement-security",
       "enforcement-tools",
       "enforcement-system",
-      "browser-profiles"
+      "browser-profiles",
+      "governance-playground"
     ];
   }
 });
@@ -6079,7 +6080,7 @@ var CREDENTIAL_PROVIDERS, CREDENTIAL_PROVIDER_CONFIGS;
 var init_credentials = __esm({
   "../../packages/types/dist/credentials.js"() {
     "use strict";
-    CREDENTIAL_PROVIDERS = ["claude", "codex", "gemini", "cursor", "oss"];
+    CREDENTIAL_PROVIDERS = ["claude", "codex", "gemini", "cursor", "oss", "firebase"];
     CREDENTIAL_PROVIDER_CONFIGS = [
       {
         id: "claude",
@@ -6111,6 +6112,16 @@ var init_credentials = __esm({
         // Google OAuth access tokens start with ya29.
         accessTokenPattern: /^ya29\./
       },
+      {
+        id: "firebase",
+        displayName: "Firebase CLI",
+        icon: "\u{1F525}",
+        instructions: "Run `gal auth firebase` after authenticating with Firebase CLI (`firebase login`)",
+        tokenHint: "Google OAuth refresh token starting with 1//...",
+        refreshTokenRequired: true,
+        accessTokenPattern: /^ya29\./,
+        refreshTokenPattern: /^1\/\//
+      },
       {
         id: "cursor",
         displayName: "Cursor",
@@ -6202,7 +6213,7 @@ function calculateUsagePercent(currentUsage, limit) {
     return null;
   return Math.min(100, currentUsage / limit * 100);
 }
-var DEFAULT_USAGE_THRESHOLDS;
+var DEFAULT_USAGE_THRESHOLDS, DEFAULT_USAGE_THRESHOLD_PERCENT;
 var init_provider_usage = __esm({
   "../../packages/types/dist/provider-usage.js"() {
     "use strict";
@@ -6210,6 +6221,7 @@ var init_provider_usage = __esm({
       warningThreshold: 70,
       criticalThreshold: 90
     };
+    DEFAULT_USAGE_THRESHOLD_PERCENT = 70;
   }
 });
 
@@ -6235,7 +6247,8 @@ function mapProviderToAgent(provider) {
     claude: "claude",
     codex: "codex",
     gemini: "gemini",
-    oss: "oss"
+    oss: "oss",
+    firebase: "claude"
   };
   return mapping[provider];
 }
@@ -6773,6 +6786,7 @@ __export(dist_exports, {
   DEFAULT_SESSION_AGENT: () => DEFAULT_SESSION_AGENT,
   DEFAULT_TEAM_ASSIGNMENT_CONFIG: () => DEFAULT_TEAM_ASSIGNMENT_CONFIG,
   DEFAULT_USAGE_THRESHOLDS: () => DEFAULT_USAGE_THRESHOLDS,
+  DEFAULT_USAGE_THRESHOLD_PERCENT: () => DEFAULT_USAGE_THRESHOLD_PERCENT,
   ERROR_CODE_CATEGORIES: () => ERROR_CODE_CATEGORIES,
   ErrorCategory: () => ErrorCategory,
   FAILURE_REMEDIATIONS: () => FAILURE_REMEDIATIONS,
@@ -52880,6 +52894,108 @@ Source: ${credentialSource2}`));
       process.exit(1);
     }
   });
+  auth.command("firebase").description("Sync Firebase CLI credentials to GAL for background agent sessions").option("-v, --verbose", "Show detailed credential discovery information").action(async (options) => {
+    const verbose = options.verbose || false;
+    console.log(source_default.yellow("\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550"));
+    console.log(source_default.yellow("  GAL CLI - Firebase Credentials Sync"));
+    console.log(source_default.yellow("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n"));
+    const config2 = ConfigManager.load();
+    if (!config2.authToken) {
+      console.log(source_default.red("Not authenticated with GAL."));
+      console.log(source_default.dim("Run: gal auth login\n"));
+      process.exit(1);
+    }
+    const spinner = ora("Reading Firebase credentials...").start();
+    let credentialSource2 = "";
+    try {
+      let accessToken;
+      let refreshToken;
+      let idToken;
+      let scope;
+      const firebaseAuthPath = (0, import_path24.join)((0, import_os19.homedir)(), ".config", "configstore", "firebase-tools.json");
+      if (verbose) {
+        spinner.info(source_default.dim(`  Trying ${firebaseAuthPath}...`));
+      }
+      if ((0, import_fs25.existsSync)(firebaseAuthPath)) {
+        try {
+          const content = (0, import_fs25.readFileSync)(firebaseAuthPath, "utf-8");
+          const data = JSON.parse(content);
+          if (verbose) {
+            spinner.info(source_default.dim(`  Found firebase-tools.json, checking tokens...`));
+          }
+          if (data.tokens?.refresh_token) {
+            accessToken = data.tokens?.access_token;
+            refreshToken = data.tokens?.refresh_token;
+            idToken = data.tokens?.id_token;
+            scope = data.tokens?.scope;
+            credentialSource2 = "~/.config/configstore/firebase-tools.json";
+            if (verbose) {
+              const email2 = data.user?.email || "unknown";
+              spinner.succeed(source_default.dim(`  Found OAuth tokens in firebase-tools.json (user: ${email2})`));
+            }
+          }
+        } catch (parseError) {
+          if (verbose) {
+            const err = parseError instanceof Error ? parseError : new Error(String(parseError));
+            spinner.warn(source_default.dim(`  Failed to parse firebase-tools.json: ${err.message}`));
+          }
+        }
+      } else if (verbose) {
+        spinner.warn(source_default.dim(`  ${firebaseAuthPath} not found`));
+      }
+      if (!refreshToken) {
+        spinner.fail(source_default.red("No Firebase credentials found"));
+        console.log(source_default.dim("\nTo authenticate with Firebase:"));
+        console.log(source_default.dim("  1. Run: firebase login"));
+        console.log(source_default.dim("  2. Complete the OAuth login flow"));
+        console.log(source_default.dim("  3. Then run: gal auth firebase\n"));
+        process.exit(1);
+      }
+      spinner.text = "Syncing to GAL...";
+      const credProvider = new CoreServiceProvider({ apiUrl: config2.apiUrl || "", authToken: config2.authToken });
+      const response = await credProvider.getAuthRepository().syncCredentials("firebase", {
+        accessToken: accessToken || refreshToken,
+        // access_token may be expired; refresh_token is the key credential
+        refreshToken,
+        idToken,
+        scope
+      });
+      if (!response.success) {
+        throw new Error(response.error || "Failed to store credentials");
+      }
+      spinner.succeed(source_default.green("Firebase credentials synced to GAL!"));
+      trackAuthProvider({
+        provider: "firebase",
+        success: true,
+        tokenType: "oauth-session",
+        credentialSource: credentialSource2
+      });
+      if (credentialSource2) {
+        console.log(source_default.dim(`
+Source: ${credentialSource2}`));
+      }
+      await validateAfterSync(config2, "firebase");
+      console.log(source_default.green("\n\u2713 Background agent sessions can now use Firebase.\n"));
+      process.exit(0);
+    } catch (error3) {
+      const err = error3 instanceof Error ? error3 : new Error(String(error3));
+      trackAuthProvider({
+        provider: "firebase",
+        success: false,
+        tokenType: "oauth-session",
+        credentialSource: credentialSource2 || "unknown",
+        error: err.message
+      });
+      if (err.message.includes("401") || err.message.includes("unauthorized")) {
+        spinner.fail(source_default.red("GAL authentication expired"));
+        console.log(source_default.dim("Run: gal auth login\n"));
+      } else {
+        spinner.fail(source_default.red("Failed to sync credentials"));
+        console.log(source_default.red(err.message));
+      }
+      process.exit(1);
+    }
+  });
   auth.command("cursor").description("Sync Cursor credentials to GAL for background agent sessions").option("-v, --verbose", "Show detailed credential discovery information").option("--access-token <token>", "Use provided access token instead of reading from Cursor auth file").action(async (options) => {
     const verbose = options.verbose || false;
     console.log(source_default.cyan("\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550"));
@@ -73167,7 +73283,7 @@ var init_index = __esm({
 });
 
 // src/bootstrap.ts
-var cliVersion10 = true ? "0.0.453" : "0.0.0-dev";
+var cliVersion10 = true ? "0.0.455" : "0.0.0-dev";
 var args = process.argv.slice(2);
 var requestedGlobalHelp = args.length === 1 && (args[0] === "--help" || args[0] === "-h");
 var requestedVersion = args.length === 1 && (args[0] === "--version" || args[0] === "-V");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scheduler-systems/gal-run",
-  "version": "0.0.453",
+  "version": "0.0.455",
   "description": "GAL CLI - Command-line tool for managing AI agent configurations across your organization",
   "license": "Elastic-2.0",
   "private": false,