@shin1ohno/sage 0.8.8 → 0.9.3

package/dist/oauth/persistent-refresh-token-store.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Persistent Refresh Token Store
+ * Requirements: 21.6, 26.3, 26.8
+ *
+ * Extends InMemoryRefreshTokenStore with encrypted filesystem persistence.
+ * Maintains same interface but survives server restarts.
+ */
+import { RefreshTokenStore, RefreshTokenStoreConfig, GenerateRefreshTokenOptions, RefreshTokenValidationResult } from './refresh-token-store.js';
+import { EncryptionService } from './encryption-service.js';
+/**
+ * Persistent Refresh Token Store Implementation
+ *
+ * Provides encrypted filesystem persistence for refresh tokens
+ * while maintaining in-memory cache for fast access.
+ */
+export declare class PersistentRefreshTokenStore implements RefreshTokenStore {
+    private tokens;
+    private config;
+    private encryptionService;
+    private storagePath;
+    private saveDebounceTimer;
+    private saveDebounceMs;
+    constructor(config: RefreshTokenStoreConfig, encryptionService: EncryptionService, storagePath?: string);
+    /**
+     * Load tokens from encrypted file
+     */
+    loadFromStorage(): Promise<void>;
+    /**
+     * Save tokens to encrypted file immediately
+     */
+    saveToStorage(): Promise<void>;
+    /**
+     * Schedule save operation with debouncing
+     *
+     * Batches multiple writes within 1 second to reduce I/O operations.
+     */
+    private scheduleSave;
+    /**
+     * Generate new refresh token
+     */
+    generateToken(options: GenerateRefreshTokenOptions): Promise<string>;
+    /**
+     * Validate refresh token
+     */
+    validateToken(token: string, clientId: string): Promise<RefreshTokenValidationResult>;
+    /**
+     * Rotate refresh token
+     */
+    rotateToken(token: string, clientId: string): Promise<string | null>;
+    /**
+     * Revoke refresh token
+     */
+    revokeToken(token: string): Promise<void>;
+    /**
+     * Revoke all tokens for client
+     */
+    revokeAllForClient(clientId: string): Promise<void>;
+    /**
+     * Clean up expired and rotated tokens
+     */
+    cleanup(): Promise<number>;
+    /**
+     * Flush pending saves (call on server shutdown)
+     *
+     * Ensures all pending changes are written to disk before server shutdown.
+     */
+    flush(): Promise<void>;
+    /**
+     * Get metrics for monitoring
+     */
+    getMetrics(): {
+        count: number;
+        expiredCount: number;
+        rotatedCount: number;
+    };
+}
+//# sourceMappingURL=persistent-refresh-token-store.d.ts.map

package/dist/oauth/persistent-refresh-token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistent-refresh-token-store.d.ts","sourceRoot":"","sources":["../../src/oauth/persistent-refresh-token-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,2BAA2B,EAC3B,4BAA4B,EAC7B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAW5D;;;;;GAKG;AACH,qBAAa,2BAA4B,YAAW,iBAAiB;IACnE,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,cAAc,CAAQ;gBAG5B,MAAM,EAAE,uBAAuB,EAC/B,iBAAiB,EAAE,iBAAiB,EACpC,WAAW,CAAC,EAAE,MAAM;IAOtB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IA8BtC;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAUpC;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAgBpB;;OAEG;IACG,aAAa,CAAC,OAAO,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC;IAyB1E;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,4BAA4B,CAAC;IA2B3F;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAsB1E;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASzD;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC;IAkBhC;;;;OAIG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ5B;;OAEG;IACH,UAAU,IAAI;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;KACtB;CAoBF"}

package/dist/oauth/persistent-refresh-token-store.js

@@ -0,0 +1,226 @@
+/**
+ * Persistent Refresh Token Store
+ * Requirements: 21.6, 26.3, 26.8
+ *
+ * Extends InMemoryRefreshTokenStore with encrypted filesystem persistence.
+ * Maintains same interface but survives server restarts.
+ */
+import { join } from 'path';
+import { homedir } from 'os';
+import { randomBytes } from 'crypto';
+import { oauthLogger } from '../utils/logger.js';
+/**
+ * Persistent Refresh Token Store Implementation
+ *
+ * Provides encrypted filesystem persistence for refresh tokens
+ * while maintaining in-memory cache for fast access.
+ */
+export class PersistentRefreshTokenStore {
+    tokens = new Map();
+    config;
+    encryptionService;
+    storagePath;
+    saveDebounceTimer = null;
+    saveDebounceMs = 1000; // Batch saves within 1 second
+    constructor(config, encryptionService, storagePath) {
+        this.config = config;
+        this.encryptionService = encryptionService;
+        this.storagePath = storagePath || join(homedir(), '.sage', 'oauth_refresh_tokens.enc');
+    }
+    /**
+     * Load tokens from encrypted file
+     */
+    async loadFromStorage() {
+        const data = await this.encryptionService.decryptFromFile(this.storagePath);
+        if (!data) {
+            oauthLogger.info('No existing refresh tokens found, starting fresh');
+            return;
+        }
+        try {
+            const storage = JSON.parse(data);
+            // Load tokens and filter expired ones
+            const now = Date.now();
+            let loadedCount = 0;
+            let expiredCount = 0;
+            for (const token of storage.tokens) {
+                if (now < token.expires_at) {
+                    this.tokens.set(token.token, token);
+                    loadedCount++;
+                }
+                else {
+                    expiredCount++;
+                }
+            }
+            oauthLogger.info({ loadedCount, expiredCount }, 'Loaded refresh tokens');
+        }
+        catch (error) {
+            oauthLogger.error({ err: error }, 'Failed to parse refresh token storage, starting fresh');
+        }
+    }
+    /**
+     * Save tokens to encrypted file immediately
+     */
+    async saveToStorage() {
+        const storage = {
+            version: 1,
+            tokens: Array.from(this.tokens.values()),
+        };
+        const data = JSON.stringify(storage, null, 2);
+        await this.encryptionService.encryptToFile(data, this.storagePath);
+    }
+    /**
+     * Schedule save operation with debouncing
+     *
+     * Batches multiple writes within 1 second to reduce I/O operations.
+     */
+    scheduleSave() {
+        // Clear existing timer
+        if (this.saveDebounceTimer) {
+            clearTimeout(this.saveDebounceTimer);
+        }
+        // Schedule save after debounce period
+        this.saveDebounceTimer = setTimeout(async () => {
+            try {
+                await this.saveToStorage();
+            }
+            catch (error) {
+                oauthLogger.error({ err: error }, 'Failed to save refresh tokens');
+            }
+        }, this.saveDebounceMs);
+    }
+    /**
+     * Generate new refresh token
+     */
+    async generateToken(options) {
+        // Generate secure random token
+        const token = randomBytes(32).toString('base64url');
+        const now = Date.now();
+        const expiresAt = now + this.config.expirySeconds * 1000;
+        const tokenData = {
+            token,
+            client_id: options.clientId,
+            user_id: options.userId,
+            scope: options.scope,
+            created_at: now,
+            expires_at: expiresAt,
+            rotated: false,
+        };
+        this.tokens.set(token, tokenData);
+        // Schedule debounced save
+        this.scheduleSave();
+        return token;
+    }
+    /**
+     * Validate refresh token
+     */
+    async validateToken(token, clientId) {
+        const tokenData = this.tokens.get(token);
+        if (!tokenData) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Check if token has been rotated
+        if (tokenData.rotated) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Check if token has expired
+        if (Date.now() > tokenData.expires_at) {
+            this.tokens.delete(token);
+            this.scheduleSave();
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Verify client_id matches
+        if (tokenData.client_id !== clientId) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        return { valid: true, tokenData };
+    }
+    /**
+     * Rotate refresh token
+     */
+    async rotateToken(token, clientId) {
+        const validationResult = await this.validateToken(token, clientId);
+        if (!validationResult.valid || !validationResult.tokenData) {
+            return null;
+        }
+        // Mark old token as rotated (Requirement 26.8)
+        const oldTokenData = this.tokens.get(token);
+        oldTokenData.rotated = true;
+        // Generate new token with same scope
+        const newToken = await this.generateToken({
+            clientId: validationResult.tokenData.client_id,
+            userId: validationResult.tokenData.user_id,
+            scope: validationResult.tokenData.scope,
+        });
+        // scheduleSave is already called in generateToken
+        return newToken;
+    }
+    /**
+     * Revoke refresh token
+     */
+    async revokeToken(token) {
+        this.tokens.delete(token);
+        this.scheduleSave();
+    }
+    /**
+     * Revoke all tokens for client
+     */
+    async revokeAllForClient(clientId) {
+        for (const [token, data] of this.tokens.entries()) {
+            if (data.client_id === clientId) {
+                this.tokens.delete(token);
+            }
+        }
+        this.scheduleSave();
+    }
+    /**
+     * Clean up expired and rotated tokens
+     */
+    async cleanup() {
+        const now = Date.now();
+        let cleanedCount = 0;
+        for (const [token, data] of this.tokens.entries()) {
+            if (data.expires_at < now || data.rotated) {
+                this.tokens.delete(token);
+                cleanedCount++;
+            }
+        }
+        if (cleanedCount > 0) {
+            this.scheduleSave();
+        }
+        return cleanedCount;
+    }
+    /**
+     * Flush pending saves (call on server shutdown)
+     *
+     * Ensures all pending changes are written to disk before server shutdown.
+     */
+    async flush() {
+        if (this.saveDebounceTimer) {
+            clearTimeout(this.saveDebounceTimer);
+            this.saveDebounceTimer = null;
+        }
+        await this.saveToStorage();
+    }
+    /**
+     * Get metrics for monitoring
+     */
+    getMetrics() {
+        const now = Date.now();
+        let expiredCount = 0;
+        let rotatedCount = 0;
+        for (const token of this.tokens.values()) {
+            if (token.expires_at < now) {
+                expiredCount++;
+            }
+            if (token.rotated) {
+                rotatedCount++;
+            }
+        }
+        return {
+            count: this.tokens.size,
+            expiredCount,
+            rotatedCount,
+        };
+    }
+}
+//# sourceMappingURL=persistent-refresh-token-store.js.map

package/dist/oauth/persistent-refresh-token-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistent-refresh-token-store.js","sourceRoot":"","sources":["../../src/oauth/persistent-refresh-token-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AASrC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAUjD;;;;;GAKG;AACH,MAAM,OAAO,2BAA2B;IAC9B,MAAM,GAA8B,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,CAA0B;IAChC,iBAAiB,CAAoB;IACrC,WAAW,CAAS;IACpB,iBAAiB,GAA0B,IAAI,CAAC;IAChD,cAAc,GAAG,IAAI,CAAC,CAAC,8BAA8B;IAE7D,YACE,MAA+B,EAC/B,iBAAoC,EACpC,WAAoB;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACzF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,WAAW,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAwB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEtD,sCAAsC;YACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,WAAW,GAAG,CAAC,CAAC;YACpB,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnC,IAAI,GAAG,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;oBACpC,WAAW,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,YAAY,EAAE,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,uDAAuD,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,OAAO,GAAwB;YACnC,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;SACzC,CAAC;QAEF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACK,YAAY;QAClB,uBAAuB;QACvB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,YAAY,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACvC,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,iBAAiB,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YAC7C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC7B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,+BAA+B,CAAC,CAAC;YACrE,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,OAAoC;QACtD,+BAA+B;QAC/B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;QAEzD,MAAM,SAAS,GAAiB;YAC9B,KAAK;YACL,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,OAAO,EAAE,OAAO,CAAC,MAAM;YACvB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE,KAAK;SACf,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAElC,0BAA0B;QAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,QAAgB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEzC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,kCAAkC;QAClC,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,2BAA2B;QAC3B,IAAI,SAAS,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,QAAgB;QAC/C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEnE,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+CAA+C;QAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;QAC7C,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC;QAE5B,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;YACxC,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,SAAS;YAC9C,MAAM,EAAE,gBAAgB,CAAC,SAAS,CAAC,OAAO;YAC1C,KAAK,EAAE,gBAAgB,CAAC,SAAS,CAAC,KAAK;SACxC,CAAC,CAAC;QAEH,kDAAkD;QAClD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QACvC,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC1C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1B,YAAY,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,YAAY,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACrC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAChC,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,UAAU;QAKR,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,IAAI,KAAK,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;gBAC3B,YAAY,EAAE,CAAC;YACjB,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,YAAY,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YACvB,YAAY;YACZ,YAAY;SACb,CAAC;IACJ,CAAC;CACF"}

package/dist/oauth/persistent-session-store.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Persistent Session Store
+ * Requirements: 26 (Session Management)
+ *
+ * Stores user sessions with encrypted filesystem persistence.
+ * Implements automatic cleanup of expired sessions and session limits.
+ */
+import { UserSession } from './types.js';
+import { EncryptionService } from './encryption-service.js';
+import { SessionStore } from './session-store.js';
+/**
+ * Persistent Session Store Implementation
+ *
+ * Extends SessionStore interface with encrypted filesystem persistence.
+ * Maintains in-memory cache for fast access while persisting to disk.
+ */
+export declare class PersistentSessionStore implements SessionStore {
+    private sessions;
+    private sessionExpiryMs;
+    private maxSessions;
+    private encryptionService;
+    private storagePath;
+    constructor(encryptionService: EncryptionService, storagePath?: string);
+    /**
+     * Load sessions from encrypted file
+     *
+     * Filters out expired sessions during load.
+     * Logs loaded and expired session counts.
+     */
+    loadFromStorage(): Promise<void>;
+    /**
+     * Save sessions to encrypted file
+     *
+     * Enforces session limit by keeping only most recent 100 sessions.
+     */
+    private saveToStorage;
+    /**
+     * Create new session
+     *
+     * Saves asynchronously (fire and forget) to avoid blocking.
+     */
+    createSession(userId: string): UserSession;
+    /**
+     * Get session by ID
+     *
+     * Checks expiry and removes expired sessions automatically.
+     */
+    getSession(sessionId: string): UserSession | null;
+    /**
+     * Delete session
+     *
+     * Saves asynchronously after deletion.
+     */
+    deleteSession(sessionId: string): void;
+    /**
+     * Flush pending saves
+     *
+     * Call on server shutdown to ensure all data is persisted.
+     */
+    flush(): Promise<void>;
+    /**
+     * Get metrics for monitoring
+     */
+    getMetrics(): {
+        count: number;
+        expiredCount: number;
+    };
+}
+//# sourceMappingURL=persistent-session-store.d.ts.map

package/dist/oauth/persistent-session-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistent-session-store.d.ts","sourceRoot":"","sources":["../../src/oauth/persistent-session-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAWlD;;;;;GAKG;AACH,qBAAa,sBAAuB,YAAW,YAAY;IACzD,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,WAAW,CAAO;IAC1B,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,WAAW,CAAS;gBAEhB,iBAAiB,EAAE,iBAAiB,EAAE,WAAW,CAAC,EAAE,MAAM;IAKtE;;;;;OAKG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IA8BtC;;;;OAIG;YACW,aAAa;IAuB3B;;;;OAIG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW;IAmB1C;;;;OAIG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAgBjD;;;;OAIG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAOtC;;;;OAIG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACH,UAAU,IAAI;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;KACtB;CAeF"}

package/dist/oauth/persistent-session-store.js

@@ -0,0 +1,155 @@
+/**
+ * Persistent Session Store
+ * Requirements: 26 (Session Management)
+ *
+ * Stores user sessions with encrypted filesystem persistence.
+ * Implements automatic cleanup of expired sessions and session limits.
+ */
+import { join } from 'path';
+import { homedir } from 'os';
+import { randomBytes } from 'crypto';
+import { oauthLogger } from '../utils/logger.js';
+/**
+ * Persistent Session Store Implementation
+ *
+ * Extends SessionStore interface with encrypted filesystem persistence.
+ * Maintains in-memory cache for fast access while persisting to disk.
+ */
+export class PersistentSessionStore {
+    sessions = new Map();
+    sessionExpiryMs = 24 * 60 * 60 * 1000; // 24 hours
+    maxSessions = 100; // Limit to prevent unbounded growth
+    encryptionService;
+    storagePath;
+    constructor(encryptionService, storagePath) {
+        this.encryptionService = encryptionService;
+        this.storagePath = storagePath || join(homedir(), '.sage', 'oauth_sessions.enc');
+    }
+    /**
+     * Load sessions from encrypted file
+     *
+     * Filters out expired sessions during load.
+     * Logs loaded and expired session counts.
+     */
+    async loadFromStorage() {
+        const data = await this.encryptionService.decryptFromFile(this.storagePath);
+        if (!data) {
+            oauthLogger.info('No existing sessions found, starting fresh');
+            return;
+        }
+        try {
+            const storage = JSON.parse(data);
+            // Load sessions and filter expired ones
+            const now = Date.now();
+            let loadedCount = 0;
+            let expiredCount = 0;
+            for (const session of storage.sessions) {
+                if (now < session.expiresAt) {
+                    this.sessions.set(session.sessionId, session);
+                    loadedCount++;
+                }
+                else {
+                    expiredCount++;
+                }
+            }
+            oauthLogger.info({ loadedCount, expiredCount }, 'Loaded sessions');
+        }
+        catch (error) {
+            oauthLogger.error({ err: error }, 'Failed to parse session storage, starting fresh');
+        }
+    }
+    /**
+     * Save sessions to encrypted file
+     *
+     * Enforces session limit by keeping only most recent 100 sessions.
+     */
+    async saveToStorage() {
+        // Enforce session limit by keeping only most recent sessions
+        let sessions = Array.from(this.sessions.values());
+        if (sessions.length > this.maxSessions) {
+            sessions.sort((a, b) => b.createdAt - a.createdAt);
+            sessions = sessions.slice(0, this.maxSessions);
+            // Update map to reflect limit
+            this.sessions.clear();
+            for (const session of sessions) {
+                this.sessions.set(session.sessionId, session);
+            }
+        }
+        const storage = {
+            version: 1,
+            sessions,
+        };
+        const data = JSON.stringify(storage, null, 2);
+        await this.encryptionService.encryptToFile(data, this.storagePath);
+    }
+    /**
+     * Create new session
+     *
+     * Saves asynchronously (fire and forget) to avoid blocking.
+     */
+    createSession(userId) {
+        const sessionId = randomBytes(32).toString('hex');
+        const now = Date.now();
+        const session = {
+            sessionId,
+            userId,
+            createdAt: now,
+            expiresAt: now + this.sessionExpiryMs,
+        };
+        this.sessions.set(sessionId, session);
+        // Save asynchronously (don't wait)
+        this.saveToStorage().catch((err) => oauthLogger.error({ err }, 'Failed to save session'));
+        return session;
+    }
+    /**
+     * Get session by ID
+     *
+     * Checks expiry and removes expired sessions automatically.
+     */
+    getSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return null;
+        // Check expiry
+        if (Date.now() > session.expiresAt) {
+            this.sessions.delete(sessionId);
+            this.saveToStorage().catch((err) => oauthLogger.error({ err }, 'Failed to save after session expiry'));
+            return null;
+        }
+        return session;
+    }
+    /**
+     * Delete session
+     *
+     * Saves asynchronously after deletion.
+     */
+    deleteSession(sessionId) {
+        this.sessions.delete(sessionId);
+        this.saveToStorage().catch((err) => oauthLogger.error({ err }, 'Failed to save after session deletion'));
+    }
+    /**
+     * Flush pending saves
+     *
+     * Call on server shutdown to ensure all data is persisted.
+     */
+    async flush() {
+        await this.saveToStorage();
+    }
+    /**
+     * Get metrics for monitoring
+     */
+    getMetrics() {
+        const now = Date.now();
+        let expiredCount = 0;
+        for (const session of this.sessions.values()) {
+            if (session.expiresAt < now) {
+                expiredCount++;
+            }
+        }
+        return {
+            count: this.sessions.size,
+            expiredCount,
+        };
+    }
+}
+//# sourceMappingURL=persistent-session-store.js.map

package/dist/oauth/persistent-session-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistent-session-store.js","sourceRoot":"","sources":["../../src/oauth/persistent-session-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAIrC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAUjD;;;;;GAKG;AACH,MAAM,OAAO,sBAAsB;IACzB,QAAQ,GAA6B,IAAI,GAAG,EAAE,CAAC;IAC/C,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAClD,WAAW,GAAG,GAAG,CAAC,CAAC,oCAAoC;IACvD,iBAAiB,CAAoB;IACrC,WAAW,CAAS;IAE5B,YAAY,iBAAoC,EAAE,WAAoB;QACpE,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACnF,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,WAAW,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAmB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEjD,wCAAwC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,WAAW,GAAG,CAAC,CAAC;YACpB,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACvC,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;oBAC5B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;oBAC9C,WAAW,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,YAAY,EAAE,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,EAAE,iBAAiB,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,iDAAiD,CAAC,CAAC;QACvF,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,aAAa;QACzB,6DAA6D;QAC7D,IAAI,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAClD,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;YACnD,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAE/C,8BAA8B;YAC9B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAmB;YAC9B,OAAO,EAAE,CAAC;YACV,QAAQ;SACT,CAAC;QAEF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,MAAc;QAC1B,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAgB;YAC3B,SAAS;YACT,MAAM;YACN,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,eAAe;SACtC,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEtC,mCAAmC;QACnC,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACjC,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,wBAAwB,CAAC,CACrD,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,SAAiB;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,eAAe;QACf,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACjC,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,qCAAqC,CAAC,CAClE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,SAAiB;QAC7B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACjC,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uCAAuC,CAAC,CACpE,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,UAAU;QAIR,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,IAAI,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBAC5B,YAAY,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACzB,YAAY;SACb,CAAC;IACJ,CAAC;CACF"}

package/dist/oauth/session-store.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Session Store
+ * Requirements: 26 (Session Management)
+ *
+ * Manages user sessions for OAuth authentication flow.
+ * Sessions track authenticated users during the consent process.
+ */
+import { UserSession } from './types.js';
+/**
+ * Session Store Interface
+ */
+export interface SessionStore {
+    createSession(userId: string): UserSession;
+    getSession(sessionId: string): UserSession | null;
+    deleteSession(sessionId: string): void;
+}
+/**
+ * In-memory Session Store Implementation
+ */
+export declare class InMemorySessionStore implements SessionStore {
+    private sessions;
+    private sessionExpiryMs;
+    createSession(userId: string): UserSession;
+    getSession(sessionId: string): UserSession | null;
+    deleteSession(sessionId: string): void;
+}
+/**
+ * Create a Session Store instance
+ */
+export declare function createSessionStore(): SessionStore;
+//# sourceMappingURL=session-store.d.ts.map

package/dist/oauth/session-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-store.d.ts","sourceRoot":"","sources":["../../src/oauth/session-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3C,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAAC;IAClD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAED;;GAEG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,eAAe,CAAuB;IAE9C,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW;IAa1C,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAUjD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;CAGvC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,YAAY,CAEjD"}

package/dist/oauth/session-store.js

@@ -0,0 +1,47 @@
+/**
+ * Session Store
+ * Requirements: 26 (Session Management)
+ *
+ * Manages user sessions for OAuth authentication flow.
+ * Sessions track authenticated users during the consent process.
+ */
+import { randomBytes } from 'crypto';
+/**
+ * In-memory Session Store Implementation
+ */
+export class InMemorySessionStore {
+    sessions = new Map();
+    sessionExpiryMs = 24 * 60 * 60 * 1000; // 24 hours
+    createSession(userId) {
+        const sessionId = randomBytes(32).toString('hex');
+        const now = Date.now();
+        const session = {
+            sessionId,
+            userId,
+            createdAt: now,
+            expiresAt: now + this.sessionExpiryMs,
+        };
+        this.sessions.set(sessionId, session);
+        return session;
+    }
+    getSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return null;
+        if (Date.now() > session.expiresAt) {
+            this.sessions.delete(sessionId);
+            return null;
+        }
+        return session;
+    }
+    deleteSession(sessionId) {
+        this.sessions.delete(sessionId);
+    }
+}
+/**
+ * Create a Session Store instance
+ */
+export function createSessionStore() {
+    return new InMemorySessionStore();
+}
+//# sourceMappingURL=session-store.js.map

package/dist/oauth/session-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-store.js","sourceRoot":"","sources":["../../src/oauth/session-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAYrC;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,QAAQ,GAA6B,IAAI,GAAG,EAAE,CAAC;IAC/C,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAE1D,aAAa,CAAC,MAAc;QAC1B,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAgB;YAC3B,SAAS;YACT,MAAM;YACN,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,eAAe;SACtC,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,UAAU,CAAC,SAAiB;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC1B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,aAAa,CAAC,SAAiB;QAC7B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,IAAI,oBAAoB,EAAE,CAAC;AACpC,CAAC"}

package/dist/remote/cloud-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cloud-config.d.ts","sourceRoot":"","sources":["../../src/remote/cloud-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,iBAAiB,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAa;IACjC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,YAAY,CAAoB;gBAE5B,OAAO,EAAE,kBAAkB;IAKvC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe;IAqB/D;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAelE;;OAEG;IACH,OAAO,CAAC,SAAS;IAMjB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAM/D;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,GAAG,YAAY;IAoB7E;;OAEG;IACH,aAAa,IAAI,gBAAgB;IAQjC;;OAEG;IACH,WAAW,IAAI,MAAM;IAIrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;OAEG;IACH,eAAe,IAAI,UAAU,EAAE;IAI/B;;OAEG;IACH,YAAY,CACV,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAK1B;;OAEG;IACH,OAAO,CAAC,SAAS;IA2BjB;;OAEG;IACH,eAAe,CACb,KAAK,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAC7C,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAC9C,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,aAAa,GAAG,OAAO,GAC9D,gBAAgB;IAkBnB;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAkC9C;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAc/D"}
+{"version":3,"file":"cloud-config.d.ts","sourceRoot":"","sources":["../../src/remote/cloud-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,iBAAiB,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAa;IACjC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,YAAY,CAAoB;gBAE5B,OAAO,EAAE,kBAAkB;IAKvC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe;IAqB/D;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAelE;;OAEG;IACH,OAAO,CAAC,SAAS;IAMjB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAM/D;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,GAAG,YAAY;IAoB7E;;OAEG;IACH,aAAa,IAAI,gBAAgB;IAQjC;;OAEG;IACH,WAAW,IAAI,MAAM;IAIrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;OAEG;IACH,eAAe,IAAI,UAAU,EAAE;IAI/B;;OAEG;IACH,YAAY,CACV,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAK1B;;OAEG;IACH,OAAO,CAAC,SAAS;IA2BjB;;OAEG;IACH,eAAe,CACb,KAAK,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAC7C,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAC9C,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,aAAa,GAAG,OAAO,GAC9D,gBAAgB;IAkBnB;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAkC9C;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAc/D"}

package/dist/remote/cloud-config.js

@@ -4,6 +4,7 @@
  * Requirements: 12.3, 12.6
  */
 import { createCipheriv, createDecipheriv, randomBytes, createHash } from 'crypto';
+import { logger } from '../utils/logger.js';
 /**
  * Cloud Configuration Manager
  * Handles encrypted cloud sync of configurations
@@ -221,7 +222,7 @@ export class CloudConfigManager {
             return this.localConfig;
         }
         catch (error) {
-            console.error('Failed to sync from cloud:', error);
+            logger.error({ err: error }, 'Failed to sync from cloud');
             return null;
         }
     }