@sift-wiki/conductor 0.0.0 → 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (207) hide show
  1. package/README.md +105 -1
  2. package/THIRD_PARTY_NOTICES.md +38 -0
  3. package/dist/adapters/claudeAgent.d.ts +23 -0
  4. package/dist/adapters/claudeAgent.js +164 -0
  5. package/dist/adapters/claudeAgent.js.map +1 -0
  6. package/dist/adapters/claudeParser.d.ts +5 -0
  7. package/dist/adapters/claudeParser.js +120 -0
  8. package/dist/adapters/claudeParser.js.map +1 -0
  9. package/dist/adapters/codexAgent.d.ts +28 -0
  10. package/dist/adapters/codexAgent.js +152 -0
  11. package/dist/adapters/codexAgent.js.map +1 -0
  12. package/dist/adapters/codexParser.d.ts +5 -0
  13. package/dist/adapters/codexParser.js +106 -0
  14. package/dist/adapters/codexParser.js.map +1 -0
  15. package/dist/adapters/config.d.ts +29 -0
  16. package/dist/adapters/config.js +286 -0
  17. package/dist/adapters/config.js.map +1 -0
  18. package/dist/adapters/doctor.d.ts +12 -0
  19. package/dist/adapters/doctor.js +20 -0
  20. package/dist/adapters/doctor.js.map +1 -0
  21. package/dist/adapters/errors.d.ts +7 -0
  22. package/dist/adapters/errors.js +19 -0
  23. package/dist/adapters/errors.js.map +1 -0
  24. package/dist/adapters/fakeAgent.d.ts +11 -0
  25. package/dist/adapters/fakeAgent.js +149 -0
  26. package/dist/adapters/fakeAgent.js.map +1 -0
  27. package/dist/adapters/httpAgent.d.ts +19 -0
  28. package/dist/adapters/httpAgent.js +164 -0
  29. package/dist/adapters/httpAgent.js.map +1 -0
  30. package/dist/adapters/output.d.ts +16 -0
  31. package/dist/adapters/output.js +48 -0
  32. package/dist/adapters/output.js.map +1 -0
  33. package/dist/adapters/processAgent.d.ts +21 -0
  34. package/dist/adapters/processAgent.js +166 -0
  35. package/dist/adapters/processAgent.js.map +1 -0
  36. package/dist/adapters/provider/discovery.d.ts +31 -0
  37. package/dist/adapters/provider/discovery.js +102 -0
  38. package/dist/adapters/provider/discovery.js.map +1 -0
  39. package/dist/adapters/provider/json.d.ts +4 -0
  40. package/dist/adapters/provider/json.js +21 -0
  41. package/dist/adapters/provider/json.js.map +1 -0
  42. package/dist/adapters/provider/lineStream.d.ts +8 -0
  43. package/dist/adapters/provider/lineStream.js +28 -0
  44. package/dist/adapters/provider/lineStream.js.map +1 -0
  45. package/dist/adapters/provider/outputSchemaFile.d.ts +5 -0
  46. package/dist/adapters/provider/outputSchemaFile.js +16 -0
  47. package/dist/adapters/provider/outputSchemaFile.js.map +1 -0
  48. package/dist/adapters/provider/prompt.d.ts +2 -0
  49. package/dist/adapters/provider/prompt.js +52 -0
  50. package/dist/adapters/provider/prompt.js.map +1 -0
  51. package/dist/adapters/provider/result.d.ts +23 -0
  52. package/dist/adapters/provider/result.js +116 -0
  53. package/dist/adapters/provider/result.js.map +1 -0
  54. package/dist/adapters/provider/runProvider.d.ts +16 -0
  55. package/dist/adapters/provider/runProvider.js +110 -0
  56. package/dist/adapters/provider/runProvider.js.map +1 -0
  57. package/dist/adapters/provider/setup.d.ts +50 -0
  58. package/dist/adapters/provider/setup.js +180 -0
  59. package/dist/adapters/provider/setup.js.map +1 -0
  60. package/dist/adapters/provider/store.d.ts +19 -0
  61. package/dist/adapters/provider/store.js +92 -0
  62. package/dist/adapters/provider/store.js.map +1 -0
  63. package/dist/adapters/provider/types.d.ts +58 -0
  64. package/dist/adapters/provider/types.js +2 -0
  65. package/dist/adapters/provider/types.js.map +1 -0
  66. package/dist/adapters/provider/version.d.ts +2 -0
  67. package/dist/adapters/provider/version.js +25 -0
  68. package/dist/adapters/provider/version.js.map +1 -0
  69. package/dist/adapters/types.d.ts +40 -0
  70. package/dist/adapters/types.js +2 -0
  71. package/dist/adapters/types.js.map +1 -0
  72. package/dist/bridge/handler.d.ts +15 -0
  73. package/dist/bridge/handler.js +125 -0
  74. package/dist/bridge/handler.js.map +1 -0
  75. package/dist/bridge/localBridge.d.ts +49 -0
  76. package/dist/bridge/localBridge.js +157 -0
  77. package/dist/bridge/localBridge.js.map +1 -0
  78. package/dist/bridge/server.d.ts +11 -0
  79. package/dist/bridge/server.js +86 -0
  80. package/dist/bridge/server.js.map +1 -0
  81. package/dist/bridge/sessionRegistry.d.ts +23 -0
  82. package/dist/bridge/sessionRegistry.js +65 -0
  83. package/dist/bridge/sessionRegistry.js.map +1 -0
  84. package/dist/cli.d.ts +23 -0
  85. package/dist/cli.js +245 -0
  86. package/dist/cli.js.map +1 -0
  87. package/dist/conductorClient.d.ts +443 -0
  88. package/dist/conductorClient.js +281 -0
  89. package/dist/conductorClient.js.map +1 -0
  90. package/dist/config.d.ts +9 -0
  91. package/dist/config.js +54 -0
  92. package/dist/config.js.map +1 -0
  93. package/dist/daemon.d.ts +52 -0
  94. package/dist/daemon.js +324 -0
  95. package/dist/daemon.js.map +1 -0
  96. package/dist/desktop/adapterSetupView.d.ts +16 -0
  97. package/dist/desktop/adapterSetupView.js +13 -0
  98. package/dist/desktop/adapterSetupView.js.map +1 -0
  99. package/dist/desktop/app/contracts.d.ts +71 -0
  100. package/dist/desktop/app/contracts.js +19 -0
  101. package/dist/desktop/app/contracts.js.map +1 -0
  102. package/dist/desktop/app/controller.d.ts +58 -0
  103. package/dist/desktop/app/controller.js +161 -0
  104. package/dist/desktop/app/controller.js.map +1 -0
  105. package/dist/desktop/app/runtimeController.d.ts +22 -0
  106. package/dist/desktop/app/runtimeController.js +44 -0
  107. package/dist/desktop/app/runtimeController.js.map +1 -0
  108. package/dist/desktop/manifest.d.ts +17 -0
  109. package/dist/desktop/manifest.js +24 -0
  110. package/dist/desktop/manifest.js.map +1 -0
  111. package/dist/desktop/pairing.d.ts +13 -0
  112. package/dist/desktop/pairing.js +20 -0
  113. package/dist/desktop/pairing.js.map +1 -0
  114. package/dist/desktop/recovery.d.ts +33 -0
  115. package/dist/desktop/recovery.js +71 -0
  116. package/dist/desktop/recovery.js.map +1 -0
  117. package/dist/desktop/workBoardView.d.ts +41 -0
  118. package/dist/desktop/workBoardView.js +133 -0
  119. package/dist/desktop/workBoardView.js.map +1 -0
  120. package/dist/desktop/workGovernanceView.d.ts +70 -0
  121. package/dist/desktop/workGovernanceView.js +159 -0
  122. package/dist/desktop/workGovernanceView.js.map +1 -0
  123. package/dist/localApi/authorizedPairing.d.ts +12 -0
  124. package/dist/localApi/authorizedPairing.js +18 -0
  125. package/dist/localApi/authorizedPairing.js.map +1 -0
  126. package/dist/localApi/contracts.d.ts +253 -0
  127. package/dist/localApi/contracts.js +173 -0
  128. package/dist/localApi/contracts.js.map +1 -0
  129. package/dist/localApi/server.d.ts +20 -0
  130. package/dist/localApi/server.js +412 -0
  131. package/dist/localApi/server.js.map +1 -0
  132. package/dist/localApi/workConsole.d.ts +74 -0
  133. package/dist/localApi/workConsole.js +342 -0
  134. package/dist/localApi/workConsole.js.map +1 -0
  135. package/dist/localApi/workContracts.d.ts +213 -0
  136. package/dist/localApi/workContracts.js +130 -0
  137. package/dist/localApi/workContracts.js.map +1 -0
  138. package/dist/localApp/platform.d.ts +2 -0
  139. package/dist/localApp/platform.js +57 -0
  140. package/dist/localApp/platform.js.map +1 -0
  141. package/dist/localApp/service.d.ts +25 -0
  142. package/dist/localApp/service.js +114 -0
  143. package/dist/localApp/service.js.map +1 -0
  144. package/dist/pairing.d.ts +27 -0
  145. package/dist/pairing.js +45 -0
  146. package/dist/pairing.js.map +1 -0
  147. package/dist/redaction.d.ts +2 -0
  148. package/dist/redaction.js +34 -0
  149. package/dist/redaction.js.map +1 -0
  150. package/dist/release/validateDistribution.d.ts +51 -0
  151. package/dist/release/validateDistribution.js +54 -0
  152. package/dist/release/validateDistribution.js.map +1 -0
  153. package/dist/runtime/localLogSpool.d.ts +47 -0
  154. package/dist/runtime/localLogSpool.js +105 -0
  155. package/dist/runtime/localLogSpool.js.map +1 -0
  156. package/dist/runtime/localRunQueue.d.ts +31 -0
  157. package/dist/runtime/localRunQueue.js +76 -0
  158. package/dist/runtime/localRunQueue.js.map +1 -0
  159. package/dist/runtime/localSessionCache.d.ts +26 -0
  160. package/dist/runtime/localSessionCache.js +35 -0
  161. package/dist/runtime/localSessionCache.js.map +1 -0
  162. package/dist/runtime/process.d.ts +27 -0
  163. package/dist/runtime/process.js +128 -0
  164. package/dist/runtime/process.js.map +1 -0
  165. package/dist/runtime/runEnvironment.d.ts +12 -0
  166. package/dist/runtime/runEnvironment.js +59 -0
  167. package/dist/runtime/runEnvironment.js.map +1 -0
  168. package/dist/runtime/runEventRetryBuffer.d.ts +42 -0
  169. package/dist/runtime/runEventRetryBuffer.js +118 -0
  170. package/dist/runtime/runEventRetryBuffer.js.map +1 -0
  171. package/dist/runtime/runtimeService.d.ts +27 -0
  172. package/dist/runtime/runtimeService.js +112 -0
  173. package/dist/runtime/runtimeService.js.map +1 -0
  174. package/dist/runtime/sleep.d.ts +2 -0
  175. package/dist/runtime/sleep.js +21 -0
  176. package/dist/runtime/sleep.js.map +1 -0
  177. package/dist/runtime/taskExecution.d.ts +16 -0
  178. package/dist/runtime/taskExecution.js +74 -0
  179. package/dist/runtime/taskExecution.js.map +1 -0
  180. package/dist/runtime/wakeEnvelope.d.ts +76 -0
  181. package/dist/runtime/wakeEnvelope.js +60 -0
  182. package/dist/runtime/wakeEnvelope.js.map +1 -0
  183. package/dist/types.d.ts +121 -0
  184. package/dist/types.js +2 -0
  185. package/dist/types.js.map +1 -0
  186. package/dist/userAuth/service.d.ts +26 -0
  187. package/dist/userAuth/service.js +170 -0
  188. package/dist/userAuth/service.js.map +1 -0
  189. package/dist/userAuth/store.d.ts +42 -0
  190. package/dist/userAuth/store.js +160 -0
  191. package/dist/userAuth/store.js.map +1 -0
  192. package/dist/userAuth/types.d.ts +63 -0
  193. package/dist/userAuth/types.js +29 -0
  194. package/dist/userAuth/types.js.map +1 -0
  195. package/dist/version.d.ts +2 -0
  196. package/dist/version.js +3 -0
  197. package/dist/version.js.map +1 -0
  198. package/dist/workTypes.d.ts +313 -0
  199. package/dist/workTypes.js +106 -0
  200. package/dist/workTypes.js.map +1 -0
  201. package/dist-web/assets/index-CWfnzdLn.css +1 -0
  202. package/dist-web/assets/index-D5X9InfE.js +72 -0
  203. package/dist-web/index.html +15 -0
  204. package/docs/provider-setup.md +81 -0
  205. package/docs/quickstart.md +62 -0
  206. package/docs/troubleshooting.md +63 -0
  207. package/package.json +75 -6
@@ -0,0 +1 @@
1
+ {"version":3,"file":"wakeEnvelope.js","sourceRoot":"","sources":["../../src/runtime/wakeEnvelope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,+BAA+B,GAAG,mBAAmB,CAAC;AAEnE,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AAC3D,MAAM,gBAAgB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC9B,SAAS;IACT,MAAM;IACN,aAAa;IACb,WAAW;IACX,SAAS;IACT,MAAM;IACN,WAAW;CACZ,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC;IACzD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACb,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACnC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,MAAM,EAAE,gBAAgB;QACxB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;KACxD,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACb,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QACpF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;KACrC,CAAC;IACF,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACf,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QACzB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACf,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC;QACxB,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,OAAO,EAAE,gBAAgB;KAC1B,CAAC,CAAC,QAAQ,EAAE;IACb,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5C,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;QAC/C,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1C,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;KACtB,CAAC;CACH,CAAC,CAAC;AAIH,MAAM,UAAU,qBAAqB,CAAC,GAAY;IAChD,OAAO,sBAAsB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC"}
@@ -0,0 +1,121 @@
1
+ import type { SiftWakeEnvelope } from "./runtime/wakeEnvelope.js";
2
+ import type { WorkApproval, WorkArtifact, WorkArtifactInput, WorkChildTaskInput, WorkDisposition, WorkDispositionResponse, WorkTask, WorkTaskComment, WorkUsageDecision } from "./workTypes.js";
3
+ export type JsonObject = Record<string, unknown>;
4
+ export type ConductorConfig = {
5
+ apiBaseUrl: string;
6
+ credential: string;
7
+ conductorId?: string | undefined;
8
+ displayName: string;
9
+ protocolVersion: string;
10
+ };
11
+ export type ConfigStore = {
12
+ read(): Promise<ConductorConfig | undefined>;
13
+ write(config: ConductorConfig): Promise<void>;
14
+ delete(): Promise<void>;
15
+ };
16
+ export type PairConductorRequest = {
17
+ code: string;
18
+ displayName?: string;
19
+ version?: string;
20
+ protocolVersion?: string;
21
+ capabilities?: JsonObject;
22
+ };
23
+ export type PairConductorResponse = {
24
+ conductor: {
25
+ id: string;
26
+ displayName: string;
27
+ };
28
+ credential: string;
29
+ };
30
+ export type PairConductorClient = {
31
+ pair(request: PairConductorRequest): Promise<PairConductorResponse>;
32
+ };
33
+ export type ConductorAgentAdvertisement = {
34
+ localKey: string;
35
+ displayName: string;
36
+ adapterType: string;
37
+ status?: "active" | "inactive";
38
+ capabilities?: JsonObject;
39
+ };
40
+ export type ConductorAgent = {
41
+ id: string;
42
+ agentPrincipalId: string;
43
+ localKey: string;
44
+ displayName: string;
45
+ adapterType: string;
46
+ status: "active" | "inactive";
47
+ capabilities: JsonObject;
48
+ };
49
+ export type ClaimedJob = {
50
+ id: string;
51
+ runId: string;
52
+ conductorAgentId: string;
53
+ localKey: string;
54
+ adapterType: string;
55
+ objective: string;
56
+ taskRecordId?: string | undefined;
57
+ wakeRequestId?: string | undefined;
58
+ contextRefs: string[];
59
+ limits: JsonObject;
60
+ status: string;
61
+ attempts: number;
62
+ leaseExpiresAt?: string | undefined;
63
+ wakeEnvelope?: SiftWakeEnvelope | undefined;
64
+ };
65
+ export type LeaseRefresh = {
66
+ job: {
67
+ id: string;
68
+ runId: string;
69
+ status: string;
70
+ leaseExpiresAt?: string | undefined;
71
+ };
72
+ cancelRequested: boolean;
73
+ };
74
+ export type RunEventType = "health" | "progress" | "log" | "artifact" | "approval_requested" | "completed" | "failed" | "cancelled";
75
+ export type RunEventInput = {
76
+ eventType: RunEventType;
77
+ payload?: JsonObject;
78
+ occurredAt?: string;
79
+ };
80
+ export type RunEvent = {
81
+ id: string;
82
+ runId: string;
83
+ sequence: number;
84
+ eventType: RunEventType;
85
+ payload: JsonObject;
86
+ occurredAt: string;
87
+ };
88
+ export type ConductorClient = PairConductorClient & {
89
+ heartbeat(credential: string, request: {
90
+ version?: string;
91
+ protocolVersion?: string;
92
+ capabilities?: JsonObject;
93
+ }): Promise<unknown>;
94
+ advertiseAgents(credential: string, agents: ConductorAgentAdvertisement[]): Promise<ConductorAgent[]>;
95
+ claimJob(credential: string): Promise<ClaimedJob | undefined>;
96
+ refreshLease(credential: string, jobId: string): Promise<LeaseRefresh>;
97
+ appendRunEvent(credential: string, runId: string, event: RunEventInput): Promise<RunEvent>;
98
+ completeRun(credential: string, runId: string, resultSummary: JsonObject): Promise<unknown>;
99
+ failRun(credential: string, runId: string, errorSummary: JsonObject): Promise<unknown>;
100
+ acknowledgeCancellation(credential: string, runId: string, resultSummary: JsonObject): Promise<unknown>;
101
+ };
102
+ export type ConductorWorkClient = {
103
+ readWorkContext(credential: string, runId: string, taskId: string): Promise<SiftWakeEnvelope>;
104
+ checkoutTask(credential: string, runId: string, taskId: string): Promise<WorkTask>;
105
+ createChildTasks(credential: string, runId: string, taskId: string, children: WorkChildTaskInput[]): Promise<WorkTask[]>;
106
+ addTaskComment(credential: string, runId: string, taskId: string, bodyMarkdown: string): Promise<WorkTaskComment>;
107
+ registerArtifact(credential: string, runId: string, taskId: string, artifact: WorkArtifactInput): Promise<WorkArtifact>;
108
+ requestApproval(credential: string, runId: string, taskId: string, request: {
109
+ type: string;
110
+ payload?: JsonObject;
111
+ idempotencyKey?: string;
112
+ }): Promise<WorkApproval>;
113
+ reportUsage(credential: string, runId: string, taskId: string, usage: {
114
+ eventKey: string;
115
+ costMicros: number;
116
+ durationMs: number;
117
+ }): Promise<WorkUsageDecision>;
118
+ setTaskDisposition(credential: string, runId: string, taskId: string, disposition: WorkDisposition, resultSummary?: JsonObject): Promise<WorkDispositionResponse>;
119
+ listTasks(userCredential: string, projectId?: string): Promise<WorkTask[]>;
120
+ listRuns(userCredential: string, taskId?: string): Promise<ClaimedJob[]>;
121
+ };
package/dist/types.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
@@ -0,0 +1,26 @@
1
+ import type { ConfigStore } from "../types.js";
2
+ import type { UserAuthorizationStatus, UserCredentialStore } from "./types.js";
3
+ export declare class ConductorUserAuthorizationService {
4
+ private readonly input;
5
+ private pending;
6
+ private pendingTask;
7
+ private lastMessage;
8
+ constructor(input: {
9
+ configStore: ConfigStore;
10
+ credentialStore: UserCredentialStore;
11
+ fetch?: typeof fetch | undefined;
12
+ openBrowser(url: string): Promise<void>;
13
+ sleep?: ((ms: number) => Promise<void>) | undefined;
14
+ now?: (() => Date) | undefined;
15
+ });
16
+ status(): Promise<UserAuthorizationStatus>;
17
+ begin(beginInput?: {
18
+ apiBaseUrl?: string | undefined;
19
+ deviceLabel?: string | undefined;
20
+ }): Promise<UserAuthorizationStatus>;
21
+ signOut(): Promise<UserAuthorizationStatus>;
22
+ credential(): Promise<string>;
23
+ private poll;
24
+ private request;
25
+ private now;
26
+ }
@@ -0,0 +1,170 @@
1
+ import { hostname } from "node:os";
2
+ import { z } from "zod";
3
+ import { storedUserAuthorizationSchema } from "./types.js";
4
+ const DEFAULT_CAPABILITIES = ["record:read", "record:write", "event:audit:read"];
5
+ const deviceResponseSchema = z.object({
6
+ requestId: z.string(),
7
+ userCode: z.string(),
8
+ verificationUri: z.url(),
9
+ verificationUriComplete: z.url(),
10
+ expiresAt: z.iso.datetime(),
11
+ intervalSeconds: z.number().positive(),
12
+ }).strict();
13
+ const pendingResponseSchema = z.object({
14
+ status: z.enum(["authorization_pending", "slow_down"]),
15
+ intervalSeconds: z.number().positive(),
16
+ expiresAt: z.iso.datetime(),
17
+ }).strict();
18
+ const terminalStatusSchema = z.object({ status: z.enum(["access_denied", "expired_token"]) }).strict();
19
+ export class ConductorUserAuthorizationService {
20
+ input;
21
+ pending;
22
+ pendingTask;
23
+ lastMessage;
24
+ constructor(input) {
25
+ this.input = input;
26
+ }
27
+ async status() {
28
+ if (this.pending !== undefined) {
29
+ return {
30
+ state: "pending",
31
+ storageKind: this.input.credentialStore.storageKind,
32
+ verificationUri: this.pending.verificationUri,
33
+ userCode: this.pending.userCode,
34
+ expiresAt: this.pending.expiresAt,
35
+ };
36
+ }
37
+ const stored = await this.input.credentialStore.read();
38
+ if (stored === undefined || Date.parse(stored.tokenExpiresAt) <= this.now().getTime()) {
39
+ return {
40
+ state: "signed_out",
41
+ storageKind: this.input.credentialStore.storageKind,
42
+ ...(this.lastMessage === undefined ? {} : { message: this.lastMessage }),
43
+ };
44
+ }
45
+ return {
46
+ state: "authorized",
47
+ storageKind: this.input.credentialStore.storageKind,
48
+ apiBaseUrl: stored.apiBaseUrl,
49
+ appBaseUrl: stored.appBaseUrl,
50
+ workspaceId: stored.workspaceId,
51
+ brainId: stored.brainId,
52
+ principalId: stored.principalId,
53
+ tokenLabel: stored.tokenLabel,
54
+ tokenExpiresAt: stored.tokenExpiresAt,
55
+ capabilities: stored.capabilities,
56
+ };
57
+ }
58
+ async begin(beginInput = {}) {
59
+ if (this.pending !== undefined)
60
+ return this.status();
61
+ const config = await this.input.configStore.read();
62
+ const apiBaseUrl = resolveApiBaseUrl(beginInput.apiBaseUrl ?? config?.apiBaseUrl);
63
+ const response = await this.request(apiBaseUrl, "/cli-auth/device", {
64
+ deviceLabel: clean(beginInput.deviceLabel) ?? config?.displayName ?? hostname(),
65
+ requestedCapabilities: DEFAULT_CAPABILITIES,
66
+ });
67
+ this.pending = deviceResponseSchema.parse(response);
68
+ this.lastMessage = undefined;
69
+ await this.input.openBrowser(this.pending.verificationUriComplete);
70
+ const pending = this.pending;
71
+ this.pendingTask = this.poll(apiBaseUrl, pending).finally(() => {
72
+ if (this.pending === pending)
73
+ this.pending = undefined;
74
+ this.pendingTask = undefined;
75
+ });
76
+ void this.pendingTask;
77
+ return this.status();
78
+ }
79
+ async signOut() {
80
+ this.pending = undefined;
81
+ this.lastMessage = undefined;
82
+ await this.input.credentialStore.delete();
83
+ return this.status();
84
+ }
85
+ async credential() {
86
+ const stored = await this.input.credentialStore.read();
87
+ if (stored === undefined || Date.parse(stored.tokenExpiresAt) <= this.now().getTime()) {
88
+ throw new Error("Sign in to Sift before managing shared work.");
89
+ }
90
+ return stored.token;
91
+ }
92
+ async poll(apiBaseUrl, pending) {
93
+ let intervalSeconds = pending.intervalSeconds;
94
+ while (this.now().getTime() < Date.parse(pending.expiresAt) && this.pending === pending) {
95
+ await (this.input.sleep ?? defaultSleep)(intervalSeconds * 1_000);
96
+ let body;
97
+ try {
98
+ body = await this.request(apiBaseUrl, "/cli-auth/device/token", {
99
+ requestId: pending.requestId,
100
+ userCode: pending.userCode,
101
+ });
102
+ }
103
+ catch {
104
+ continue;
105
+ }
106
+ const waiting = pendingResponseSchema.safeParse(body);
107
+ if (waiting.success) {
108
+ intervalSeconds = waiting.data.intervalSeconds;
109
+ continue;
110
+ }
111
+ const terminal = terminalStatusSchema.safeParse(body);
112
+ if (terminal.success) {
113
+ this.lastMessage = terminal.data.status === "access_denied" ? "Sift sign-in was denied." : "Sift sign-in expired.";
114
+ return;
115
+ }
116
+ await this.input.credentialStore.write(storedUserAuthorizationSchema.parse(body));
117
+ this.lastMessage = undefined;
118
+ return;
119
+ }
120
+ this.lastMessage = "Sift sign-in expired.";
121
+ }
122
+ async request(apiBaseUrl, route, body) {
123
+ const response = await (this.input.fetch ?? globalThis.fetch)(new URL(route, withTrailingSlash(apiBaseUrl)), {
124
+ method: "POST",
125
+ headers: { "content-type": "application/json" },
126
+ body: JSON.stringify(body),
127
+ });
128
+ const parsed = await response.json();
129
+ if (!response.ok)
130
+ throw new Error(apiErrorMessage(parsed, response.status));
131
+ return parsed;
132
+ }
133
+ now() {
134
+ return (this.input.now ?? (() => new Date()))();
135
+ }
136
+ }
137
+ function resolveApiBaseUrl(value) {
138
+ if (value === undefined) {
139
+ throw new Error("A Sift API address is required before this computer is paired.");
140
+ }
141
+ const parsed = z.url().parse(value.trim());
142
+ const url = new URL(parsed);
143
+ if (url.protocol !== "https:" && !(url.protocol === "http:" && isLoopback(url.hostname))) {
144
+ throw new Error("The Sift API address must use HTTPS or a loopback HTTP URL.");
145
+ }
146
+ return url.toString().replace(/\/+$/u, "");
147
+ }
148
+ function clean(value) {
149
+ const trimmed = value?.trim();
150
+ return trimmed === undefined || trimmed.length === 0 ? undefined : trimmed;
151
+ }
152
+ function isLoopback(hostname) {
153
+ return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "[::1]" || hostname === "::1";
154
+ }
155
+ function withTrailingSlash(value) {
156
+ return value.endsWith("/") ? value : `${value}/`;
157
+ }
158
+ function defaultSleep(ms) {
159
+ return new Promise((resolve) => setTimeout(resolve, ms));
160
+ }
161
+ function apiErrorMessage(body, status) {
162
+ if (typeof body === "object" && body !== null && "error" in body) {
163
+ const error = body.error;
164
+ if (typeof error === "object" && error !== null && "message" in error && typeof error.message === "string") {
165
+ return error.message;
166
+ }
167
+ }
168
+ return `Sift authorization failed (${String(status)}).`;
169
+ }
170
+ //# sourceMappingURL=service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"service.js","sourceRoot":"","sources":["../../src/userAuth/service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAE3D,MAAM,oBAAoB,GAAqB,CAAC,aAAa,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;AAEnG,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,eAAe,EAAE,CAAC,CAAC,GAAG,EAAE;IACxB,uBAAuB,EAAE,CAAC,CAAC,GAAG,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC3B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC,MAAM,EAAE,CAAC;AAEZ,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAC;IACtD,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC,MAAM,EAAE,CAAC;AAEZ,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;AAIvG,MAAM,OAAO,iCAAiC;IAKf;IAJrB,OAAO,CAAmC;IAC1C,WAAW,CAA4B;IACvC,WAAW,CAAqB;IAExC,YAA6B,KAO5B;QAP4B,UAAK,GAAL,KAAK,CAOjC;IAAG,CAAC;IAEL,KAAK,CAAC,MAAM;QACV,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW;gBACnD,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;gBAC7C,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ;gBAC/B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;aAClC,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC;YACtF,OAAO;gBACL,KAAK,EAAE,YAAY;gBACnB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW;gBACnD,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;aACzE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,YAAY;YACnB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW;YACnD,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,aAAoF,EAAE;QAChG,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,CAAC,UAAU,IAAI,MAAM,EAAE,UAAU,CAAC,CAAC;QAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,kBAAkB,EAAE;YAClE,WAAW,EAAE,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,MAAM,EAAE,WAAW,IAAI,QAAQ,EAAE;YAC/E,qBAAqB,EAAE,oBAAoB;SAC5C,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;YAC7D,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO;gBAAE,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;YACvD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC,CAAC,CAAC;QACH,KAAK,IAAI,CAAC,WAAW,CAAC;QACtB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC;YACtF,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,UAAkB,EAAE,OAA6B;QAClE,IAAI,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC9C,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;YACxF,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,YAAY,CAAC,CAAC,eAAe,GAAG,KAAK,CAAC,CAAC;YAClE,IAAI,IAAa,CAAC;YAClB,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,wBAAwB,EAAE;oBAC9D,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC;gBAC/C,SAAS;YACX,CAAC;YACD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,uBAAuB,CAAC;gBACnH,OAAO;YACT,CAAC;YACD,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,6BAA6B,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAClF,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;YAC7B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,uBAAuB,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,KAAa,EAAE,IAAa;QACpE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,EAAE;YAC3G,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAa,CAAC;QAChD,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5E,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,GAAG;QACT,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IAClD,CAAC;CACF;AAED,SAAS,iBAAiB,CAAC,KAAyB;IAClD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QACzF,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,KAAK,CAAC,KAAyB;IACtC,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,OAAO,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;AAC7E,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,KAAK,CAAC;AAC5G,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC;AACnD,CAAC;AAED,SAAS,YAAY,CAAC,EAAU;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,eAAe,CAAC,IAAa,EAAE,MAAc;IACpD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,SAAS,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC3G,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,8BAA8B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;AAC1D,CAAC"}
@@ -0,0 +1,42 @@
1
+ import { type StoredUserAuthorization, type UserCredentialStore } from "./types.js";
2
+ type CommandResult = {
3
+ stdout: string;
4
+ stderr: string;
5
+ };
6
+ type CommandRunner = (file: string, args: string[]) => Promise<CommandResult>;
7
+ type DpapiRunner = (operation: "protect" | "unprotect", value: string) => Promise<string>;
8
+ export declare function createUserCredentialStore(input?: {
9
+ platform?: NodeJS.Platform | undefined;
10
+ metadataPath?: string | undefined;
11
+ secretPath?: string | undefined;
12
+ }): UserCredentialStore;
13
+ export declare class RestrictedFileUserCredentialStore implements UserCredentialStore {
14
+ readonly path: string;
15
+ readonly storageKind: "restricted-file";
16
+ constructor(path?: string);
17
+ read(): Promise<StoredUserAuthorization | undefined>;
18
+ write(value: StoredUserAuthorization): Promise<void>;
19
+ delete(): Promise<void>;
20
+ }
21
+ export declare class MacKeychainUserCredentialStore implements UserCredentialStore {
22
+ readonly metadataPath: string;
23
+ private readonly runCommand;
24
+ readonly storageKind: "macos-keychain";
25
+ constructor(metadataPath?: string, runCommand?: CommandRunner);
26
+ read(): Promise<StoredUserAuthorization | undefined>;
27
+ write(value: StoredUserAuthorization): Promise<void>;
28
+ delete(): Promise<void>;
29
+ }
30
+ export declare class WindowsDpapiUserCredentialStore implements UserCredentialStore {
31
+ readonly metadataPath: string;
32
+ readonly secretPath: string;
33
+ private readonly dpapi;
34
+ readonly storageKind: "windows-dpapi";
35
+ constructor(metadataPath?: string, secretPath?: string, dpapi?: DpapiRunner);
36
+ read(): Promise<StoredUserAuthorization | undefined>;
37
+ write(value: StoredUserAuthorization): Promise<void>;
38
+ delete(): Promise<void>;
39
+ }
40
+ export declare function defaultUserMetadataPath(env?: NodeJS.ProcessEnv): string;
41
+ export declare function defaultUserSecretPath(env?: NodeJS.ProcessEnv): string;
42
+ export {};
@@ -0,0 +1,160 @@
1
+ import { execFile } from "node:child_process";
2
+ import { chmod, mkdir, readFile, rename, rm, writeFile } from "node:fs/promises";
3
+ import path from "node:path";
4
+ import { promisify } from "node:util";
5
+ import { defaultConfigPath } from "../config.js";
6
+ import { storedUserAuthorizationSchema } from "./types.js";
7
+ const execFileAsync = promisify(execFile);
8
+ const KEYCHAIN_SERVICE = "wiki.sift.conductor.user";
9
+ const KEYCHAIN_ACCOUNT = "default";
10
+ const storedUserMetadataSchema = storedUserAuthorizationSchema.omit({ token: true });
11
+ export function createUserCredentialStore(input = {}) {
12
+ const platform = input.platform ?? process.platform;
13
+ const metadataPath = input.metadataPath ?? defaultUserMetadataPath();
14
+ if (platform === "darwin")
15
+ return new MacKeychainUserCredentialStore(metadataPath);
16
+ if (platform === "win32") {
17
+ return new WindowsDpapiUserCredentialStore(metadataPath, input.secretPath ?? defaultUserSecretPath());
18
+ }
19
+ return new RestrictedFileUserCredentialStore(metadataPath);
20
+ }
21
+ export class RestrictedFileUserCredentialStore {
22
+ path;
23
+ storageKind = "restricted-file";
24
+ constructor(path = defaultUserMetadataPath()) {
25
+ this.path = path;
26
+ }
27
+ async read() {
28
+ const value = await readJsonIfPresent(this.path);
29
+ return value === undefined ? undefined : storedUserAuthorizationSchema.parse(value);
30
+ }
31
+ async write(value) {
32
+ await atomicPrivateJsonWrite(this.path, storedUserAuthorizationSchema.parse(value));
33
+ }
34
+ delete() {
35
+ return rm(this.path, { force: true });
36
+ }
37
+ }
38
+ export class MacKeychainUserCredentialStore {
39
+ metadataPath;
40
+ runCommand;
41
+ storageKind = "macos-keychain";
42
+ constructor(metadataPath = defaultUserMetadataPath(), runCommand = runExecFile) {
43
+ this.metadataPath = metadataPath;
44
+ this.runCommand = runCommand;
45
+ }
46
+ async read() {
47
+ const metadata = await readMetadata(this.metadataPath);
48
+ if (metadata === undefined)
49
+ return undefined;
50
+ let token;
51
+ try {
52
+ token = (await this.runCommand("security", ["find-generic-password", "-a", KEYCHAIN_ACCOUNT, "-s", KEYCHAIN_SERVICE, "-w"])).stdout.trim();
53
+ }
54
+ catch {
55
+ throw new Error("Sift Conductor user authorization is missing from macOS Keychain. Sign in again.");
56
+ }
57
+ return storedUserAuthorizationSchema.parse({ ...metadata, token });
58
+ }
59
+ async write(value) {
60
+ const parsed = storedUserAuthorizationSchema.parse(value);
61
+ const metadata = withoutToken(parsed);
62
+ await this.runCommand("security", ["add-generic-password", "-U", "-a", KEYCHAIN_ACCOUNT, "-s", KEYCHAIN_SERVICE, "-w", parsed.token]);
63
+ await atomicPrivateJsonWrite(this.metadataPath, metadata);
64
+ }
65
+ async delete() {
66
+ await this.runCommand("security", ["delete-generic-password", "-a", KEYCHAIN_ACCOUNT, "-s", KEYCHAIN_SERVICE]).catch(() => undefined);
67
+ await rm(this.metadataPath, { force: true });
68
+ }
69
+ }
70
+ export class WindowsDpapiUserCredentialStore {
71
+ metadataPath;
72
+ secretPath;
73
+ dpapi;
74
+ storageKind = "windows-dpapi";
75
+ constructor(metadataPath = defaultUserMetadataPath(), secretPath = defaultUserSecretPath(), dpapi = runDpapi) {
76
+ this.metadataPath = metadataPath;
77
+ this.secretPath = secretPath;
78
+ this.dpapi = dpapi;
79
+ }
80
+ async read() {
81
+ const metadata = await readMetadata(this.metadataPath);
82
+ if (metadata === undefined)
83
+ return undefined;
84
+ const encrypted = await readFile(this.secretPath, "utf8").catch(() => undefined);
85
+ if (encrypted === undefined)
86
+ throw new Error("Sift Conductor user authorization is missing from Windows credential storage. Sign in again.");
87
+ const token = await this.dpapi("unprotect", encrypted.trim());
88
+ return storedUserAuthorizationSchema.parse({ ...metadata, token });
89
+ }
90
+ async write(value) {
91
+ const parsed = storedUserAuthorizationSchema.parse(value);
92
+ const metadata = withoutToken(parsed);
93
+ const encrypted = await this.dpapi("protect", parsed.token);
94
+ await atomicPrivateTextWrite(this.secretPath, `${encrypted}\n`);
95
+ await atomicPrivateJsonWrite(this.metadataPath, metadata);
96
+ }
97
+ async delete() {
98
+ await Promise.all([rm(this.metadataPath, { force: true }), rm(this.secretPath, { force: true })]);
99
+ }
100
+ }
101
+ export function defaultUserMetadataPath(env = process.env) {
102
+ return path.join(path.dirname(defaultConfigPath(env)), "user-authorization.json");
103
+ }
104
+ export function defaultUserSecretPath(env = process.env) {
105
+ return path.join(path.dirname(defaultConfigPath(env)), "user-authorization.dpapi");
106
+ }
107
+ async function runDpapi(operation, value) {
108
+ const script = operation === "protect"
109
+ ? "$b=[Text.Encoding]::UTF8.GetBytes($env:SIFT_CONDUCTOR_SECRET);$e=[Security.Cryptography.ProtectedData]::Protect($b,$null,[Security.Cryptography.DataProtectionScope]::CurrentUser);[Convert]::ToBase64String($e)"
110
+ : "$e=[Convert]::FromBase64String($env:SIFT_CONDUCTOR_SECRET);$b=[Security.Cryptography.ProtectedData]::Unprotect($e,$null,[Security.Cryptography.DataProtectionScope]::CurrentUser);[Text.Encoding]::UTF8.GetString($b)";
111
+ const result = await execFileAsync("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", script], {
112
+ windowsHide: true,
113
+ env: { ...process.env, SIFT_CONDUCTOR_SECRET: value },
114
+ });
115
+ const output = result.stdout.trim();
116
+ if (output.length === 0)
117
+ throw new Error("Windows credential protection returned no data.");
118
+ return output;
119
+ }
120
+ async function readMetadata(filePath) {
121
+ const value = await readJsonIfPresent(filePath);
122
+ if (value === undefined)
123
+ return undefined;
124
+ return storedUserMetadataSchema.parse(value);
125
+ }
126
+ async function runExecFile(file, args) {
127
+ const result = await execFileAsync(file, args);
128
+ return { stdout: result.stdout, stderr: result.stderr };
129
+ }
130
+ async function readJsonIfPresent(filePath) {
131
+ try {
132
+ return JSON.parse(await readFile(filePath, "utf8"));
133
+ }
134
+ catch (error) {
135
+ if (isNodeError(error) && error.code === "ENOENT")
136
+ return undefined;
137
+ throw error;
138
+ }
139
+ }
140
+ async function atomicPrivateJsonWrite(filePath, value) {
141
+ await atomicPrivateTextWrite(filePath, `${JSON.stringify(value, null, 2)}\n`);
142
+ }
143
+ async function atomicPrivateTextWrite(filePath, value) {
144
+ await mkdir(path.dirname(filePath), { recursive: true });
145
+ const temporary = `${filePath}.${String(process.pid)}.tmp`;
146
+ await writeFile(temporary, value, { mode: 0o600 });
147
+ await chmod(temporary, 0o600);
148
+ await rename(temporary, filePath);
149
+ await chmod(filePath, 0o600);
150
+ }
151
+ function withoutToken(value) {
152
+ const { token, ...metadata } = storedUserAuthorizationSchema.parse(value);
153
+ if (token.length === 0)
154
+ throw new Error("Stored Sift user token is empty.");
155
+ return storedUserMetadataSchema.parse(metadata);
156
+ }
157
+ function isNodeError(error) {
158
+ return error instanceof Error && "code" in error;
159
+ }
160
+ //# sourceMappingURL=store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/userAuth/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,6BAA6B,EAA0D,MAAM,YAAY,CAAC;AAEnH,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AACpD,MAAM,gBAAgB,GAAG,SAAS,CAAC;AACnC,MAAM,wBAAwB,GAAG,6BAA6B,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAOrF,MAAM,UAAU,yBAAyB,CAAC,QAItC,EAAE;IACJ,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;IACpD,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,IAAI,uBAAuB,EAAE,CAAC;IACrE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,8BAA8B,CAAC,YAAY,CAAC,CAAC;IACnF,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,+BAA+B,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,qBAAqB,EAAE,CAAC,CAAC;IACxG,CAAC;IACD,OAAO,IAAI,iCAAiC,CAAC,YAAY,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,OAAO,iCAAiC;IAGvB;IAFZ,WAAW,GAAG,iBAA0B,CAAC;IAElD,YAAqB,OAAO,uBAAuB,EAAE;QAAhC,SAAI,GAAJ,IAAI,CAA4B;IAAG,CAAC;IAEzD,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,6BAA6B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAA8B;QACxC,MAAM,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,6BAA6B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,MAAM;QACJ,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,8BAA8B;IAI9B;IACQ;IAJV,WAAW,GAAG,gBAAyB,CAAC;IAEjD,YACW,eAAe,uBAAuB,EAAE,EAChC,aAA4B,WAAW;QAD/C,iBAAY,GAAZ,YAAY,CAA4B;QAChC,eAAU,GAAV,UAAU,CAA6B;IACvD,CAAC;IAEJ,KAAK,CAAC,IAAI;QACR,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC7C,IAAI,KAAa,CAAC;QAClB,IAAI,CAAC;YACH,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC7I,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;QACtG,CAAC;QACD,OAAO,6BAA6B,CAAC,KAAK,CAAC,EAAE,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAA8B;QACxC,MAAM,MAAM,GAAG,6BAA6B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,sBAAsB,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACtI,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,yBAAyB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACtI,MAAM,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;CACF;AAED,MAAM,OAAO,+BAA+B;IAI/B;IACA;IACQ;IALV,WAAW,GAAG,eAAwB,CAAC;IAEhD,YACW,eAAe,uBAAuB,EAAE,EACxC,aAAa,qBAAqB,EAAE,EAC5B,QAAqB,QAAQ;QAFrC,iBAAY,GAAZ,YAAY,CAA4B;QACxC,eAAU,GAAV,UAAU,CAA0B;QAC5B,UAAK,GAAL,KAAK,CAAwB;IAC7C,CAAC;IAEJ,KAAK,CAAC,IAAI;QACR,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC7C,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACjF,IAAI,SAAS,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;QAC7I,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,6BAA6B,CAAC,KAAK,CAAC,EAAE,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAA8B;QACxC,MAAM,MAAM,GAAG,6BAA6B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5D,MAAM,sBAAsB,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC;QAChE,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpG,CAAC;CACF;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC1E,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,MAAyB,OAAO,CAAC,GAAG;IACxE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;AACrF,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,SAAkC,EAAE,KAAa;IACvE,MAAM,MAAM,GAAG,SAAS,KAAK,SAAS;QACpC,CAAC,CAAC,kNAAkN;QACpN,CAAC,CAAC,uNAAuN,CAAC;IAC5N,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,gBAAgB,EAAE,CAAC,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE;QAC1G,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE;KACtD,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAC5F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC1C,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,OAAO,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,IAAc;IACrD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AAC1D,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IAC/C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAY,CAAC;IACjE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACpE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,QAAgB,EAAE,KAAc;IACpE,MAAM,sBAAsB,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AAChF,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,QAAgB,EAAE,KAAa;IACnE,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,GAAG,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;IAC3D,MAAM,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnD,MAAM,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC9B,MAAM,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAClC,MAAM,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,YAAY,CAAC,KAA8B;IAClD,MAAM,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,GAAG,6BAA6B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1E,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC5E,OAAO,wBAAwB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,CAAC;AACnD,CAAC"}
@@ -0,0 +1,63 @@
1
+ import { z } from "zod";
2
+ export declare const userCapabilitySchema: z.ZodEnum<{
3
+ "source:write": "source:write";
4
+ "source:manage": "source:manage";
5
+ "record:read": "record:read";
6
+ "record:write": "record:write";
7
+ "skill:update": "skill:update";
8
+ "event:audit:read": "event:audit:read";
9
+ "workspace:govern": "workspace:govern";
10
+ "workspace:own": "workspace:own";
11
+ }>;
12
+ export type UserCapability = z.infer<typeof userCapabilitySchema>;
13
+ export declare const storedUserAuthorizationSchema: z.ZodObject<{
14
+ apiBaseUrl: z.ZodURL;
15
+ appBaseUrl: z.ZodURL;
16
+ token: z.ZodString;
17
+ tokenId: z.ZodString;
18
+ tokenLabel: z.ZodString;
19
+ tokenExpiresAt: z.ZodISODateTime;
20
+ workspaceId: z.ZodString;
21
+ brainId: z.ZodString;
22
+ principalId: z.ZodString;
23
+ capabilities: z.ZodArray<z.ZodEnum<{
24
+ "source:write": "source:write";
25
+ "source:manage": "source:manage";
26
+ "record:read": "record:read";
27
+ "record:write": "record:write";
28
+ "skill:update": "skill:update";
29
+ "event:audit:read": "event:audit:read";
30
+ "workspace:govern": "workspace:govern";
31
+ "workspace:own": "workspace:own";
32
+ }>>;
33
+ }, z.core.$strict>;
34
+ export type StoredUserAuthorization = z.infer<typeof storedUserAuthorizationSchema>;
35
+ export type UserCredentialStore = {
36
+ readonly storageKind: "macos-keychain" | "windows-dpapi" | "restricted-file" | "memory";
37
+ read(): Promise<StoredUserAuthorization | undefined>;
38
+ write(value: StoredUserAuthorization): Promise<void>;
39
+ delete(): Promise<void>;
40
+ };
41
+ export type UserAuthorizationStatus = {
42
+ state: "signed_out";
43
+ storageKind: UserCredentialStore["storageKind"];
44
+ message?: string | undefined;
45
+ } | {
46
+ state: "pending";
47
+ storageKind: UserCredentialStore["storageKind"];
48
+ verificationUri: string;
49
+ userCode: string;
50
+ expiresAt: string;
51
+ } | {
52
+ state: "authorized";
53
+ storageKind: UserCredentialStore["storageKind"];
54
+ apiBaseUrl: string;
55
+ appBaseUrl: string;
56
+ workspaceId: string;
57
+ brainId: string;
58
+ principalId: string;
59
+ tokenLabel: string;
60
+ tokenExpiresAt: string;
61
+ capabilities: UserCapability[];
62
+ };
63
+ export declare const userAuthorizationStatusSchema: z.ZodType<UserAuthorizationStatus>;
@@ -0,0 +1,29 @@
1
+ import { z } from "zod";
2
+ export const userCapabilitySchema = z.enum([
3
+ "source:write",
4
+ "source:manage",
5
+ "record:read",
6
+ "record:write",
7
+ "skill:update",
8
+ "event:audit:read",
9
+ "workspace:govern",
10
+ "workspace:own",
11
+ ]);
12
+ export const storedUserAuthorizationSchema = z.object({
13
+ apiBaseUrl: z.url(),
14
+ appBaseUrl: z.url(),
15
+ token: z.string().min(1),
16
+ tokenId: z.string().min(1),
17
+ tokenLabel: z.string().min(1),
18
+ tokenExpiresAt: z.iso.datetime(),
19
+ workspaceId: z.string().min(1),
20
+ brainId: z.string().min(1),
21
+ principalId: z.string().min(1),
22
+ capabilities: z.array(userCapabilitySchema),
23
+ }).strict();
24
+ export const userAuthorizationStatusSchema = z.discriminatedUnion("state", [
25
+ z.object({ state: z.literal("signed_out"), storageKind: z.enum(["macos-keychain", "windows-dpapi", "restricted-file", "memory"]), message: z.string().optional() }).strict(),
26
+ z.object({ state: z.literal("pending"), storageKind: z.enum(["macos-keychain", "windows-dpapi", "restricted-file", "memory"]), verificationUri: z.url(), userCode: z.string(), expiresAt: z.iso.datetime() }).strict(),
27
+ z.object({ state: z.literal("authorized"), storageKind: z.enum(["macos-keychain", "windows-dpapi", "restricted-file", "memory"]), apiBaseUrl: z.url(), appBaseUrl: z.url(), workspaceId: z.string(), brainId: z.string(), principalId: z.string(), tokenLabel: z.string(), tokenExpiresAt: z.iso.datetime(), capabilities: z.array(userCapabilitySchema) }).strict(),
28
+ ]);
29
+ //# sourceMappingURL=types.js.map