@shin1ohno/sage 0.7.9 → 0.8.6

package/dist/oauth/google-oauth-handler.js

@@ -0,0 +1,365 @@
+/**
+ * Google OAuth Handler
+ * Requirements: 1 (Google Calendar OAuth Authentication)
+ *
+ * Handles OAuth 2.0 flow for Google Calendar API integration.
+ * Uses PKCE (Proof Key for Code Exchange) with S256 method.
+ */
+import { google } from 'googleapis';
+import { generateCodeVerifier, generateCodeChallenge } from './pkce.js';
+import { createCipheriv, createDecipheriv, randomBytes, scrypt } from 'crypto';
+import { promisify } from 'util';
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { join } from 'path';
+import { homedir } from 'os';
+const scryptAsync = promisify(scrypt);
+/**
+ * Google Calendar API Scopes
+ */
+export const GOOGLE_CALENDAR_SCOPES = [
+    'https://www.googleapis.com/auth/calendar',
+    'https://www.googleapis.com/auth/calendar.readonly',
+];
+/**
+ * Google OAuth Handler Class
+ *
+ * Manages OAuth 2.0 authentication flow with Google Calendar API.
+ * Implements PKCE for enhanced security.
+ */
+export class GoogleOAuthHandler {
+    codeVerifier = null;
+    config;
+    encryptionKey;
+    tokensStoragePath;
+    constructor(config, encryptionKey, userId) {
+        this.config = config;
+        // Use provided encryption key or generate from environment
+        this.encryptionKey = encryptionKey || process.env.SAGE_ENCRYPTION_KEY || 'sage-default-encryption-key-change-me';
+        // Store tokens at ~/.sage/google_oauth_tokens_{userId}.enc
+        const sageDir = join(homedir(), '.sage');
+        const userIdSuffix = userId ? `_${userId}` : '';
+        this.tokensStoragePath = join(sageDir, `google_oauth_tokens${userIdSuffix}.enc`);
+    }
+    /**
+     * Create OAuth2Client instance
+     */
+    createOAuth2Client(redirectUri) {
+        return new google.auth.OAuth2(this.config.clientId, this.config.clientSecret, redirectUri || this.config.redirectUri);
+    }
+    /**
+     * Encrypt data using AES-256-GCM
+     */
+    async encrypt(data) {
+        // Derive key from encryption key using scrypt
+        const salt = randomBytes(16);
+        const key = (await scryptAsync(this.encryptionKey, salt, 32));
+        // Generate IV
+        const iv = randomBytes(16);
+        // Create cipher
+        const cipher = createCipheriv('aes-256-gcm', key, iv);
+        // Encrypt data
+        let encrypted = cipher.update(data, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        // Get auth tag
+        const authTag = cipher.getAuthTag();
+        // Combine: salt:iv:authTag:encrypted
+        return `${salt.toString('hex')}:${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+    }
+    /**
+     * Decrypt data using AES-256-GCM
+     */
+    async decrypt(encryptedData) {
+        // Split encrypted data
+        const parts = encryptedData.split(':');
+        if (parts.length !== 4) {
+            throw new Error('Invalid encrypted data format');
+        }
+        const [saltHex, ivHex, authTagHex, encrypted] = parts;
+        // Convert from hex
+        const salt = Buffer.from(saltHex, 'hex');
+        const iv = Buffer.from(ivHex, 'hex');
+        const authTag = Buffer.from(authTagHex, 'hex');
+        // Derive key from encryption key using scrypt
+        const key = (await scryptAsync(this.encryptionKey, salt, 32));
+        // Create decipher
+        const decipher = createDecipheriv('aes-256-gcm', key, iv);
+        decipher.setAuthTag(authTag);
+        // Decrypt data
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    /**
+     * Generate authorization URL with PKCE code_challenge
+     *
+     * Generates a code_verifier and code_challenge (S256), stores the verifier
+     * for later token exchange, and returns the authorization URL.
+     *
+     * @param redirectUri - Redirect URI for OAuth callback
+     * @returns Authorization URL for user to visit
+     */
+    async getAuthorizationUrl(redirectUri) {
+        // Generate PKCE parameters
+        this.codeVerifier = generateCodeVerifier();
+        const codeChallenge = generateCodeChallenge(this.codeVerifier);
+        // Create OAuth2 client with redirect URI
+        const oauth2Client = this.createOAuth2Client(redirectUri);
+        // Generate authorization URL with PKCE
+        const authUrl = oauth2Client.generateAuthUrl({
+            access_type: 'offline', // Request refresh token
+            scope: GOOGLE_CALENDAR_SCOPES,
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            prompt: 'consent', // Force consent screen to get refresh token
+        });
+        return authUrl;
+    }
+    /**
+     * Exchange authorization code for tokens
+     *
+     * Exchanges the authorization code received from OAuth callback
+     * for access and refresh tokens. Uses the stored code_verifier
+     * for PKCE verification.
+     *
+     * @param code - Authorization code from OAuth callback
+     * @param redirectUri - Redirect URI (must match authorization request)
+     * @returns Google OAuth tokens
+     * @throws Error if code_verifier is not found or token exchange fails
+     */
+    async exchangeCodeForTokens(code, redirectUri) {
+        if (!this.codeVerifier) {
+            throw new Error('code_verifier not found. Call getAuthorizationUrl() first.');
+        }
+        // Create OAuth2 client with redirect URI
+        const oauth2Client = this.createOAuth2Client(redirectUri);
+        try {
+            // Exchange code for tokens with PKCE verifier
+            const { tokens } = await oauth2Client.getToken({
+                code,
+                codeVerifier: this.codeVerifier,
+            });
+            // Clear stored code_verifier
+            this.codeVerifier = null;
+            if (!tokens.access_token || !tokens.refresh_token) {
+                throw new Error('Failed to retrieve access_token or refresh_token');
+            }
+            return {
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+                expiresAt: tokens.expiry_date || Date.now() + 3600 * 1000,
+                scope: tokens.scope ? tokens.scope.split(' ') : GOOGLE_CALENDAR_SCOPES,
+            };
+        }
+        catch (error) {
+            // Clear code_verifier on error
+            this.codeVerifier = null;
+            throw new Error(`Failed to exchange code for tokens: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Refresh access token using refresh token
+     *
+     * @param refreshToken - Refresh token
+     * @returns Updated Google OAuth tokens
+     * @throws Error if token refresh fails
+     */
+    async refreshAccessToken(refreshToken) {
+        const oauth2Client = this.createOAuth2Client();
+        try {
+            // Set refresh token
+            oauth2Client.setCredentials({
+                refresh_token: refreshToken,
+            });
+            // Refresh access token
+            const { credentials } = await oauth2Client.refreshAccessToken();
+            if (!credentials.access_token) {
+                throw new Error('Failed to refresh access_token');
+            }
+            return {
+                accessToken: credentials.access_token,
+                refreshToken: credentials.refresh_token || refreshToken,
+                expiresAt: credentials.expiry_date || Date.now() + 3600 * 1000,
+                scope: credentials.scope ? credentials.scope.split(' ') : GOOGLE_CALENDAR_SCOPES,
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to refresh access token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Revoke access token
+     *
+     * @param accessToken - Access token to revoke
+     * @throws Error if token revocation fails
+     */
+    async revokeToken(accessToken) {
+        const oauth2Client = this.createOAuth2Client();
+        try {
+            await oauth2Client.revokeToken(accessToken);
+        }
+        catch (error) {
+            throw new Error(`Failed to revoke token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Store tokens securely with encryption
+     *
+     * Encrypts tokens using AES-256-GCM and stores them in ~/.sage/google_oauth_tokens_{userId}.enc
+     *
+     * @param tokens - Google OAuth tokens to store
+     * @throws Error if token storage fails
+     */
+    async storeTokens(tokens) {
+        try {
+            // Convert to stored format
+            const storedTokens = {
+                accessToken: tokens.accessToken,
+                refreshToken: tokens.refreshToken,
+                expiresAt: new Date(tokens.expiresAt).toISOString(),
+                scope: tokens.scope,
+            };
+            // Encrypt tokens
+            const tokensJson = JSON.stringify(storedTokens);
+            const encrypted = await this.encrypt(tokensJson);
+            // Ensure ~/.sage directory exists
+            const sageDir = join(homedir(), '.sage');
+            await mkdir(sageDir, { recursive: true });
+            // Write encrypted tokens to file
+            await writeFile(this.tokensStoragePath, encrypted, 'utf8');
+        }
+        catch (error) {
+            throw new Error(`Failed to store tokens: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Get stored tokens with decryption
+     *
+     * Reads and decrypts tokens from ~/.sage/google_oauth_tokens_{userId}.enc
+     *
+     * @returns Google OAuth tokens or null if not found
+     * @throws Error if token retrieval or decryption fails
+     */
+    async getTokens() {
+        try {
+            // Read encrypted tokens from file
+            const encrypted = await readFile(this.tokensStoragePath, 'utf8');
+            // Decrypt tokens
+            const tokensJson = await this.decrypt(encrypted);
+            const storedTokens = JSON.parse(tokensJson);
+            // Convert to GoogleOAuthTokens format
+            return {
+                accessToken: storedTokens.accessToken,
+                refreshToken: storedTokens.refreshToken,
+                expiresAt: new Date(storedTokens.expiresAt).getTime(),
+                scope: storedTokens.scope,
+            };
+        }
+        catch (error) {
+            // Return null if file not found (user hasn't authenticated yet)
+            if (error.code === 'ENOENT') {
+                return null;
+            }
+            throw new Error(`Failed to get tokens: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Revoke tokens and clear local storage
+     *
+     * Calls Google's token revocation endpoint AND removes locally stored tokens
+     *
+     * @throws Error if token revocation fails
+     */
+    async revokeTokens() {
+        try {
+            // Get current tokens
+            const tokens = await this.getTokens();
+            if (tokens) {
+                // Revoke token at Google
+                await this.revokeToken(tokens.accessToken);
+            }
+            // Clear local storage (remove file)
+            const fs = await import('fs/promises');
+            try {
+                await fs.unlink(this.tokensStoragePath);
+            }
+            catch (error) {
+                // Ignore if file doesn't exist
+                if (error.code !== 'ENOENT') {
+                    throw error;
+                }
+            }
+        }
+        catch (error) {
+            throw new Error(`Failed to revoke tokens: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Validate access token
+     *
+     * Checks if the access token is valid and not expired (or expiring soon).
+     * Token is considered expiring if it expires within 5 minutes.
+     *
+     * @param tokens - Google OAuth tokens to validate
+     * @returns True if token is valid and not expiring soon
+     */
+    async validateToken(tokens) {
+        // Check if expiresAt timestamp is in the future
+        const now = Date.now();
+        const fiveMinutesInMs = 5 * 60 * 1000;
+        // Token is valid if it expires more than 5 minutes from now
+        return tokens.expiresAt > now + fiveMinutesInMs;
+    }
+    /**
+     * Ensure valid token
+     *
+     * Gets stored tokens, validates expiry, refreshes if needed,
+     * stores updated tokens, and returns valid access token.
+     * This method should be called before each Google Calendar API call.
+     *
+     * @returns Valid access token
+     * @throws Error if no tokens found or refresh fails
+     */
+    async ensureValidToken() {
+        // 1. Get stored tokens
+        const tokens = await this.getTokens();
+        if (!tokens) {
+            throw new Error('No stored tokens found. Please authenticate with Google Calendar first.');
+        }
+        // 2. Validate expiry
+        const isValid = await this.validateToken(tokens);
+        // 3. Refresh if needed
+        if (!isValid) {
+            try {
+                const refreshedTokens = await this.refreshAccessToken(tokens.refreshToken);
+                // 4. Store updated tokens
+                await this.storeTokens(refreshedTokens);
+                // 5. Return valid access token
+                return refreshedTokens.accessToken;
+            }
+            catch (error) {
+                throw new Error(`Failed to refresh expired token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            }
+        }
+        // 5. Return valid access token (no refresh needed)
+        return tokens.accessToken;
+    }
+    /**
+     * Get OAuth2 client instance
+     *
+     * Returns the configured OAuth2Client for use in Google API calls.
+     *
+     * @param tokens - Google OAuth tokens
+     * @returns Configured OAuth2Client
+     */
+    getOAuth2Client(tokens) {
+        const client = new google.auth.OAuth2(this.config.clientId, this.config.clientSecret, this.config.redirectUri);
+        client.setCredentials({
+            access_token: tokens.accessToken,
+            refresh_token: tokens.refreshToken,
+            expiry_date: tokens.expiresAt,
+            scope: tokens.scope.join(' '),
+        });
+        return client;
+    }
+}
+//# sourceMappingURL=google-oauth-handler.js.map

package/dist/oauth/google-oauth-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-oauth-handler.js","sourceRoot":"","sources":["../../src/oauth/google-oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEpC,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAE7B,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AA+BtC;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,0CAA0C;IAC1C,mDAAmD;CACpD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IACrB,YAAY,GAAkB,IAAI,CAAC;IACnC,MAAM,CAAoB;IACjB,aAAa,CAAS;IACtB,iBAAiB,CAAS;IAE3C,YAAY,MAAyB,EAAE,aAAsB,EAAE,MAAe;QAC5E,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,2DAA2D;QAC3D,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,uCAAuC,CAAC;QACjH,2DAA2D;QAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,sBAAsB,YAAY,MAAM,CAAC,CAAC;IACnF,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,WAAoB;QAC7C,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAC3B,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,MAAM,CAAC,YAAY,EACxB,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CACvC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,8CAA8C;QAC9C,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,GAAG,GAAG,CAAC,MAAM,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC,CAAW,CAAC;QAExE,cAAc;QACd,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAE3B,gBAAgB;QAChB,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAEtD,eAAe;QACf,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,eAAe;QACf,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,qCAAqC;QACrC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;IACjG,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO,CAAC,aAAqB;QACzC,uBAAuB;QACvB,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QAEtD,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAE/C,8CAA8C;QAC9C,MAAM,GAAG,GAAG,CAAC,MAAM,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC,CAAW,CAAC;QAExE,kBAAkB;QAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,eAAe;QACf,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,mBAAmB,CAAC,WAAoB;QAC5C,2BAA2B;QAC3B,IAAI,CAAC,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/D,yCAAyC;QACzC,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAE1D,uCAAuC;QACvC,MAAM,OAAO,GAAG,YAAY,CAAC,eAAe,CAAC;YAC3C,WAAW,EAAE,SAAS,EAAE,wBAAwB;YAChD,KAAK,EAAE,sBAAsB;YAC7B,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;YAC7B,MAAM,EAAE,SAAS,EAAE,4CAA4C;SACzD,CAAC,CAAC;QAEV,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,qBAAqB,CACzB,IAAY,EACZ,WAAoB;QAEpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,yCAAyC;QACzC,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,8CAA8C;YAC9C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC;gBAC7C,IAAI;gBACJ,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,6BAA6B;YAC7B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YAEzB,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAClD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACtE,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;gBACzD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB;aACvE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,+BAA+B;YAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,uCAAuC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAClG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE/C,IAAI,CAAC;YACH,oBAAoB;YACpB,YAAY,CAAC,cAAc,CAAC;gBAC1B,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;YAEH,uBAAuB;YACvB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,YAAY,CAAC,kBAAkB,EAAE,CAAC;YAEhE,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,WAAW,CAAC,YAAY;gBACrC,YAAY,EAAE,WAAW,CAAC,aAAa,IAAI,YAAY;gBACvD,SAAS,EAAE,WAAW,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;gBAC9D,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB;aACjF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,mCAAmC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,WAAW,CAAC,MAAyB;QACzC,IAAI,CAAC;YACH,2BAA2B;YAC3B,MAAM,YAAY,GAAiB;gBACjC,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;gBACnD,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;YAEF,iBAAiB;YACjB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAEjD,kCAAkC;YAClC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE1C,iCAAiC;YACjC,MAAM,SAAS,CAAC,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;YAEjE,iBAAiB;YACjB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACjD,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAE1D,sCAAsC;YACtC,OAAO;gBACL,WAAW,EAAE,YAAY,CAAC,WAAW;gBACrC,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,SAAS,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;gBACrD,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gEAAgE;YAChE,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,IAAI,KAAK,CACb,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC;YACH,qBAAqB;YACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YAEtC,IAAI,MAAM,EAAE,CAAC;gBACX,yBAAyB;gBACzB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC7C,CAAC;YAED,oCAAoC;YACpC,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;YACvC,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,+BAA+B;gBAC/B,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACvD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,4BAA4B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,aAAa,CAAC,MAAyB;QAC3C,gDAAgD;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAEtC,4DAA4D;QAC5D,OAAO,MAAM,CAAC,SAAS,GAAG,GAAG,GAAG,eAAe,CAAC;IAClD,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,gBAAgB;QACpB,uBAAuB;QACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAEtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC7F,CAAC;QAED,qBAAqB;QACrB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAEjD,uBAAuB;QACvB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAE3E,0BAA0B;gBAC1B,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;gBAExC,+BAA+B;gBAC/B,OAAO,eAAe,CAAC,WAAW,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,oCAAoC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC/F,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,OAAO,MAAM,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED;;;;;;;OAOG;IACH,eAAe,CAAC,MAAyB;QACvC,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,MAAM,CAAC,YAAY,EACxB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,MAAM,CAAC,cAAc,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,aAAa,EAAE,MAAM,CAAC,YAAY;YAClC,WAAW,EAAE,MAAM,CAAC,SAAS;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9B,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/services/container.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Service Container
+ *
+ * Manages service lifecycle and provides type-safe access to services.
+ * Services are lazily initialized on first access after config is loaded.
+ */
+import type { UserConfig } from '../types/index.js';
+/**
+ * Service initialization status
+ */
+export type ServiceStatus = 'uninitialized' | 'initializing' | 'ready' | 'error';
+/**
+ * Service container state
+ *
+ * Tracks which services have been initialized and their current status.
+ */
+export interface ServiceContainerState {
+    status: ServiceStatus;
+    config: UserConfig | null;
+    error?: Error;
+}
+/**
+ * Creates a service getter that lazily initializes the service
+ *
+ * @param initializer - Function that creates the service instance
+ * @returns Getter function that returns the service or null if not initialized
+ *
+ * @example
+ * const getCalendarService = createLazyService(() => new CalendarService());
+ * // Later, when needed:
+ * const service = getCalendarService();
+ */
+export declare function createLazyService<T>(initializer: () => T): () => T | null;
+/**
+ * Creates a service getter that requires config
+ *
+ * @param initializer - Function that creates the service with config
+ * @returns Getter function that accepts config and returns the service
+ *
+ * @example
+ * const getReminderManager = createConfiguredService(
+ *   (config) => new ReminderManager({ ... })
+ * );
+ * // Later, when config is available:
+ * const manager = getReminderManager(userConfig);
+ */
+export declare function createConfiguredService<T>(initializer: (config: UserConfig) => T): (config: UserConfig) => T | null;
+/**
+ * Resets a lazy service to uninitialized state
+ *
+ * Useful for testing or when config changes require service re-initialization.
+ *
+ * @param resetter - Function that resets the service state
+ */
+export declare function resetLazyService(resetter: () => void): void;
+//# sourceMappingURL=container.d.ts.map

package/dist/services/container.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"container.d.ts","sourceRoot":"","sources":["../../src/services/container.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,eAAe,GAAG,cAAc,GAAG,OAAO,GAAG,OAAO,CAAC;AAEjF;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EACjC,WAAW,EAAE,MAAM,CAAC,GACnB,MAAM,CAAC,GAAG,IAAI,CAgBhB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,EACvC,WAAW,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,CAAC,GACrC,CAAC,MAAM,EAAE,UAAU,KAAK,CAAC,GAAG,IAAI,CAiBlC;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAE3D"}

package/dist/services/container.js

@@ -0,0 +1,76 @@
+/**
+ * Service Container
+ *
+ * Manages service lifecycle and provides type-safe access to services.
+ * Services are lazily initialized on first access after config is loaded.
+ */
+/**
+ * Creates a service getter that lazily initializes the service
+ *
+ * @param initializer - Function that creates the service instance
+ * @returns Getter function that returns the service or null if not initialized
+ *
+ * @example
+ * const getCalendarService = createLazyService(() => new CalendarService());
+ * // Later, when needed:
+ * const service = getCalendarService();
+ */
+export function createLazyService(initializer) {
+    let instance = null;
+    let initialized = false;
+    return () => {
+        if (!initialized) {
+            try {
+                instance = initializer();
+                initialized = true;
+            }
+            catch (error) {
+                console.error('Failed to initialize service:', error);
+                return null;
+            }
+        }
+        return instance;
+    };
+}
+/**
+ * Creates a service getter that requires config
+ *
+ * @param initializer - Function that creates the service with config
+ * @returns Getter function that accepts config and returns the service
+ *
+ * @example
+ * const getReminderManager = createConfiguredService(
+ *   (config) => new ReminderManager({ ... })
+ * );
+ * // Later, when config is available:
+ * const manager = getReminderManager(userConfig);
+ */
+export function createConfiguredService(initializer) {
+    let instance = null;
+    let initializedWithConfig = null;
+    return (config) => {
+        // Re-initialize if config changed
+        if (!instance || initializedWithConfig !== config) {
+            try {
+                instance = initializer(config);
+                initializedWithConfig = config;
+            }
+            catch (error) {
+                console.error('Failed to initialize configured service:', error);
+                return null;
+            }
+        }
+        return instance;
+    };
+}
+/**
+ * Resets a lazy service to uninitialized state
+ *
+ * Useful for testing or when config changes require service re-initialization.
+ *
+ * @param resetter - Function that resets the service state
+ */
+export function resetLazyService(resetter) {
+    resetter();
+}
+//# sourceMappingURL=container.js.map

package/dist/services/container.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"container.js","sourceRoot":"","sources":["../../src/services/container.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoBH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAoB;IAEpB,IAAI,QAAQ,GAAa,IAAI,CAAC;IAC9B,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,OAAO,GAAG,EAAE;QACV,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,QAAQ,GAAG,WAAW,EAAE,CAAC;gBACzB,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAAsC;IAEtC,IAAI,QAAQ,GAAa,IAAI,CAAC;IAC9B,IAAI,qBAAqB,GAAsB,IAAI,CAAC;IAEpD,OAAO,CAAC,MAAkB,EAAE,EAAE;QAC5B,kCAAkC;QAClC,IAAI,CAAC,QAAQ,IAAI,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC/B,qBAAqB,GAAG,MAAM,CAAC;YACjC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;gBACjE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAoB;IACnD,QAAQ,EAAE,CAAC;AACb,CAAC"}