@trops/dash-core 0.1.349 → 0.1.351

package/dist/electron/index.js

@@ -26706,6 +26706,334 @@ function parsePackageId(id) {
 
 var packageId = { toPackageId: toPackageId$1, parsePackageId };
 
+/**
+ * registryAuthController.js
+ *
+ * Manages authentication with the Dash registry service.
+ * Uses OAuth device code flow for desktop app authentication.
+ *
+ * Flow:
+ * 1. App calls initiateDeviceFlow() — gets device code + verification URL
+ * 2. User opens verification URL in browser, signs in, enters code
+ * 3. App polls pollForToken() until authorized
+ * 4. Token stored securely via electron-store (encrypted)
+ */
+
+const REGISTRY_BASE_URL$1 =
+  process.env.DASH_REGISTRY_API_URL ||
+  "https://main.d919rwhuzp7rj.amplifyapp.com";
+
+// Lazy-load electron-store to avoid issues when not installed
+let store$3 = null;
+function getStore$1() {
+  if (!store$3) {
+    const Store = require$$1$1;
+    store$3 = new Store({
+      name: "dash-registry-auth",
+      encryptionKey: "dash-registry-v1",
+    });
+  }
+  return store$3;
+}
+
+/**
+ * Initiate the OAuth device code flow.
+ * Returns the device code, user code, and verification URL.
+ *
+ * @returns {Promise<Object>} { deviceCode, userCode, verificationUrl, verificationUrlComplete, expiresIn, interval }
+ */
+async function initiateDeviceFlow$1() {
+  const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/device`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Device flow initiation failed: ${response.status}`);
+  }
+
+  const data = await response.json();
+
+  return {
+    deviceCode: data.device_code,
+    userCode: data.user_code,
+    verificationUrl: data.verification_uri,
+    verificationUrlComplete: data.verification_uri_complete,
+    expiresIn: data.expires_in,
+    interval: data.interval,
+  };
+}
+
+/**
+ * Poll the registry for token after user completes browser auth.
+ *
+ * @param {string} deviceCode - The device code from initiateDeviceFlow()
+ * @returns {Promise<Object>} { status: 'pending' | 'authorized' | 'expired', token?, userId? }
+ */
+async function pollForToken$1(deviceCode) {
+  const response = await fetch(
+    `${REGISTRY_BASE_URL$1}/api/auth/device?device_code=${encodeURIComponent(deviceCode)}`,
+  );
+
+  if (response.status === 428) {
+    return { status: "pending" };
+  }
+
+  if (response.status === 400) {
+    const data = await response.json();
+    if (data.error === "expired_token") {
+      return { status: "expired" };
+    }
+    return { status: "pending" };
+  }
+
+  if (response.ok) {
+    const data = await response.json();
+
+    // Store the token securely
+    const s = getStore$1();
+    s.set("accessToken", data.access_token);
+    s.set("userId", data.user_id);
+    s.set("tokenType", data.token_type);
+    s.set("authenticatedAt", new Date().toISOString());
+
+    return {
+      status: "authorized",
+      token: data.access_token,
+      userId: data.user_id,
+    };
+  }
+
+  throw new Error(`Unexpected response: ${response.status}`);
+}
+
+/**
+ * Get the stored auth token.
+ *
+ * @returns {Object|null} { token, userId, authenticatedAt } or null if not authenticated
+ */
+function getStoredToken$4() {
+  try {
+    const s = getStore$1();
+    const token = s.get("accessToken");
+    if (!token) return null;
+
+    return {
+      token,
+      userId: s.get("userId"),
+      authenticatedAt: s.get("authenticatedAt"),
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Check if the user is authenticated with the registry.
+ *
+ * @returns {Object} { authenticated: boolean, userId?: string }
+ */
+function getAuthStatus$1() {
+  const stored = getStoredToken$4();
+  if (!stored) {
+    return { authenticated: false };
+  }
+
+  return {
+    authenticated: true,
+    userId: stored.userId,
+    authenticatedAt: stored.authenticatedAt,
+  };
+}
+
+/**
+ * Get the user's registry profile.
+ *
+ * @returns {Promise<Object|null>} User profile or null
+ */
+async function getRegistryProfile$2() {
+  const stored = getStoredToken$4();
+  if (!stored) return null;
+
+  try {
+    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me`, {
+      headers: {
+        Authorization: `Bearer ${stored.token}`,
+      },
+    });
+
+    if (response.status === 401) {
+      // Token expired or invalid — clear stored credentials
+      clearToken$2();
+      return null;
+    }
+    if (!response.ok) return null;
+
+    const data = await response.json();
+    return data.user || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Clear stored auth token (logout).
+ */
+function clearToken$2() {
+  try {
+    const s = getStore$1();
+    s.clear();
+    console.log("[RegistryAuthController] Token cleared");
+  } catch (err) {
+    console.error("[RegistryAuthController] Error clearing token:", err);
+  }
+}
+
+/**
+ * Update the authenticated user's registry profile.
+ *
+ * @param {Object} updates - Fields to update (e.g. { displayName })
+ * @returns {Promise<Object|null>} Updated user or null on 401
+ */
+async function updateRegistryProfile$1(updates) {
+  const stored = getStoredToken$4();
+  if (!stored) return null;
+
+  try {
+    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me`, {
+      method: "PATCH",
+      headers: {
+        Authorization: `Bearer ${stored.token}`,
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify(updates),
+    });
+
+    if (response.status === 401) {
+      clearToken$2();
+      return null;
+    }
+    if (!response.ok) return null;
+
+    const data = await response.json();
+    return data.user || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Get the authenticated user's published packages.
+ *
+ * @returns {Promise<Object|null>} { packages: [...] } or null
+ */
+async function getRegistryPackages$1() {
+  const stored = getStoredToken$4();
+  if (!stored) return null;
+
+  try {
+    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me/packages`, {
+      headers: {
+        Authorization: `Bearer ${stored.token}`,
+      },
+    });
+
+    if (response.status === 401) {
+      clearToken$2();
+      return null;
+    }
+    if (!response.ok) return null;
+
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Update a published package's metadata.
+ *
+ * @param {string} scope - Package scope (e.g. "@trops")
+ * @param {string} name - Package name
+ * @param {Object} updates - Fields to update (displayName, description, category, tags, visibility)
+ * @returns {Promise<Object|null>} Updated package or null
+ */
+async function updateRegistryPackage$1(scope, name, updates) {
+  const stored = getStoredToken$4();
+  if (!stored) return null;
+
+  try {
+    const response = await fetch(
+      `${REGISTRY_BASE_URL$1}/api/packages/${encodeURIComponent(scope)}/${encodeURIComponent(name)}`,
+      {
+        method: "PATCH",
+        headers: {
+          Authorization: `Bearer ${stored.token}`,
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(updates),
+      },
+    );
+
+    if (response.status === 401) {
+      clearToken$2();
+      return null;
+    }
+    if (!response.ok) return null;
+
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Delete a published package from the registry.
+ *
+ * @param {string} scope - Package scope (e.g. "@trops")
+ * @param {string} name - Package name
+ * @returns {Promise<Object|null>} Response or null
+ */
+async function deleteRegistryPackage(scope, name) {
+  const stored = getStoredToken$4();
+  if (!stored) return null;
+
+  try {
+    const response = await fetch(
+      `${REGISTRY_BASE_URL$1}/api/packages/${encodeURIComponent(scope)}/${encodeURIComponent(name)}`,
+      {
+        method: "DELETE",
+        headers: {
+          Authorization: `Bearer ${stored.token}`,
+        },
+      },
+    );
+
+    if (response.status === 401) {
+      clearToken$2();
+      return null;
+    }
+    if (!response.ok) return null;
+
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+
+var registryAuthController$2 = {
+  initiateDeviceFlow: initiateDeviceFlow$1,
+  pollForToken: pollForToken$1,
+  getStoredToken: getStoredToken$4,
+  getAuthStatus: getAuthStatus$1,
+  getRegistryProfile: getRegistryProfile$2,
+  updateRegistryProfile: updateRegistryProfile$1,
+  getRegistryPackages: getRegistryPackages$1,
+  updateRegistryPackage: updateRegistryPackage$1,
+  deleteRegistryPackage,
+  clearToken: clearToken$2,
+};
+
 /**
  * registryController.js
  *
@@ -26721,6 +27049,18 @@ var packageId = { toPackageId: toPackageId$1, parsePackageId };
 const path$a = require$$1$2;
 const fs$6 = require$$0$2;
 const { toPackageId } = packageId;
+const { getStoredToken: getStoredToken$3 } = registryAuthController$2;
+
+/**
+ * Build request headers for the registry. When the user is signed in, we
+ * include the Bearer token so the server returns private packages that
+ * the user owns or has been granted entitlements for. Anonymous fetches
+ * still work and simply return only public packages.
+ */
+function buildAuthHeaders() {
+  const stored = getStoredToken$3();
+  return stored?.token ? { Authorization: `Bearer ${stored.token}` } : {};
+}
 
 // Default registry API base URL
 const DEFAULT_REGISTRY_API_URL = "https://main.d919rwhuzp7rj.amplifyapp.com";
@@ -26728,8 +27068,15 @@ const DEFAULT_REGISTRY_API_URL = "https://main.d919rwhuzp7rj.amplifyapp.com";
 // Cache TTL: 5 minutes
 const CACHE_TTL_MS = 5 * 60 * 1000;
 
-let cachedIndex = null;
-let cacheTimestamp = 0;
+// Cache is keyed by userId so anonymous + authenticated results don't mix.
+// When a user signs in, their cache entry is empty and gets populated with
+// their owned/entitled private packages alongside the public set.
+const caches = new Map(); // userId | "anon" -> { data, timestamp }
+
+function getCacheKey() {
+  const stored = getStoredToken$3();
+  return stored?.userId || "anon";
+}
 
 /**
  * Get the local test registry path for dev mode
@@ -26758,11 +27105,15 @@ function isDev() {
  */
 async function fetchRegistryIndex(forceRefresh = false) {
   const now = Date.now();
+  const cacheKey = getCacheKey();
+  const cached = caches.get(cacheKey);
 
   // Return cached data if still valid
-  if (!forceRefresh && cachedIndex && now - cacheTimestamp < CACHE_TTL_MS) {
-    console.log("[RegistryController] Returning cached registry index");
-    return cachedIndex;
+  if (!forceRefresh && cached && now - cached.timestamp < CACHE_TTL_MS) {
+    console.log(
+      `[RegistryController] Returning cached registry index (key=${cacheKey})`,
+    );
+    return cached.data;
   }
 
   try {
@@ -26787,7 +27138,9 @@ async function fetchRegistryIndex(forceRefresh = false) {
           "[RegistryController] Fetching registry from:",
           registryUrl,
         );
-        const response = await fetch(registryUrl);
+        const response = await fetch(registryUrl, {
+          headers: buildAuthHeaders(),
+        });
         if (!response.ok) {
           throw new Error(
             `Failed to fetch registry: ${response.status} ${response.statusText}`,
@@ -26802,7 +27155,9 @@ async function fetchRegistryIndex(forceRefresh = false) {
         `${process.env.DASH_REGISTRY_API_URL || DEFAULT_REGISTRY_API_URL}/api/packages`;
       console.log("[RegistryController] Fetching registry from:", registryUrl);
 
-      const response = await fetch(registryUrl);
+      const response = await fetch(registryUrl, {
+        headers: buildAuthHeaders(),
+      });
       if (!response.ok) {
         throw new Error(
           `Failed to fetch registry: ${response.status} ${response.statusText}`,
@@ -26820,22 +27175,22 @@ async function fetchRegistryIndex(forceRefresh = false) {
     }
 
     // Cache the result
-    cachedIndex = indexData;
-    cacheTimestamp = now;
+    caches.set(cacheKey, { data: indexData, timestamp: now });
 
     console.log(
-      `[RegistryController] Loaded ${indexData.packages?.length || 0} packages`,
+      `[RegistryController] Loaded ${indexData.packages?.length || 0} packages (key=${cacheKey})`,
     );
     return indexData;
   } catch (error) {
     console.error("[RegistryController] Error fetching registry:", error);
 
     // Return stale cache if available
-    if (cachedIndex) {
+    const stale = caches.get(cacheKey);
+    if (stale) {
       console.log(
         "[RegistryController] Returning stale cache after fetch error",
       );
-      return cachedIndex;
+      return stale.data;
     }
 
     throw error;
@@ -49316,334 +49671,6 @@ const mcpDashServerController$4 = {
 
 var mcpDashServerController_1 = mcpDashServerController$4;
 
-/**
- * registryAuthController.js
- *
- * Manages authentication with the Dash registry service.
- * Uses OAuth device code flow for desktop app authentication.
- *
- * Flow:
- * 1. App calls initiateDeviceFlow() — gets device code + verification URL
- * 2. User opens verification URL in browser, signs in, enters code
- * 3. App polls pollForToken() until authorized
- * 4. Token stored securely via electron-store (encrypted)
- */
-
-const REGISTRY_BASE_URL$1 =
-  process.env.DASH_REGISTRY_API_URL ||
-  "https://main.d919rwhuzp7rj.amplifyapp.com";
-
-// Lazy-load electron-store to avoid issues when not installed
-let store$3 = null;
-function getStore$1() {
-  if (!store$3) {
-    const Store = require$$1$1;
-    store$3 = new Store({
-      name: "dash-registry-auth",
-      encryptionKey: "dash-registry-v1",
-    });
-  }
-  return store$3;
-}
-
-/**
- * Initiate the OAuth device code flow.
- * Returns the device code, user code, and verification URL.
- *
- * @returns {Promise<Object>} { deviceCode, userCode, verificationUrl, verificationUrlComplete, expiresIn, interval }
- */
-async function initiateDeviceFlow$1() {
-  const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/device`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-  });
-
-  if (!response.ok) {
-    throw new Error(`Device flow initiation failed: ${response.status}`);
-  }
-
-  const data = await response.json();
-
-  return {
-    deviceCode: data.device_code,
-    userCode: data.user_code,
-    verificationUrl: data.verification_uri,
-    verificationUrlComplete: data.verification_uri_complete,
-    expiresIn: data.expires_in,
-    interval: data.interval,
-  };
-}
-
-/**
- * Poll the registry for token after user completes browser auth.
- *
- * @param {string} deviceCode - The device code from initiateDeviceFlow()
- * @returns {Promise<Object>} { status: 'pending' | 'authorized' | 'expired', token?, userId? }
- */
-async function pollForToken$1(deviceCode) {
-  const response = await fetch(
-    `${REGISTRY_BASE_URL$1}/api/auth/device?device_code=${encodeURIComponent(deviceCode)}`,
-  );
-
-  if (response.status === 428) {
-    return { status: "pending" };
-  }
-
-  if (response.status === 400) {
-    const data = await response.json();
-    if (data.error === "expired_token") {
-      return { status: "expired" };
-    }
-    return { status: "pending" };
-  }
-
-  if (response.ok) {
-    const data = await response.json();
-
-    // Store the token securely
-    const s = getStore$1();
-    s.set("accessToken", data.access_token);
-    s.set("userId", data.user_id);
-    s.set("tokenType", data.token_type);
-    s.set("authenticatedAt", new Date().toISOString());
-
-    return {
-      status: "authorized",
-      token: data.access_token,
-      userId: data.user_id,
-    };
-  }
-
-  throw new Error(`Unexpected response: ${response.status}`);
-}
-
-/**
- * Get the stored auth token.
- *
- * @returns {Object|null} { token, userId, authenticatedAt } or null if not authenticated
- */
-function getStoredToken$3() {
-  try {
-    const s = getStore$1();
-    const token = s.get("accessToken");
-    if (!token) return null;
-
-    return {
-      token,
-      userId: s.get("userId"),
-      authenticatedAt: s.get("authenticatedAt"),
-    };
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Check if the user is authenticated with the registry.
- *
- * @returns {Object} { authenticated: boolean, userId?: string }
- */
-function getAuthStatus$1() {
-  const stored = getStoredToken$3();
-  if (!stored) {
-    return { authenticated: false };
-  }
-
-  return {
-    authenticated: true,
-    userId: stored.userId,
-    authenticatedAt: stored.authenticatedAt,
-  };
-}
-
-/**
- * Get the user's registry profile.
- *
- * @returns {Promise<Object|null>} User profile or null
- */
-async function getRegistryProfile$2() {
-  const stored = getStoredToken$3();
-  if (!stored) return null;
-
-  try {
-    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me`, {
-      headers: {
-        Authorization: `Bearer ${stored.token}`,
-      },
-    });
-
-    if (response.status === 401) {
-      // Token expired or invalid — clear stored credentials
-      clearToken$2();
-      return null;
-    }
-    if (!response.ok) return null;
-
-    const data = await response.json();
-    return data.user || null;
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Clear stored auth token (logout).
- */
-function clearToken$2() {
-  try {
-    const s = getStore$1();
-    s.clear();
-    console.log("[RegistryAuthController] Token cleared");
-  } catch (err) {
-    console.error("[RegistryAuthController] Error clearing token:", err);
-  }
-}
-
-/**
- * Update the authenticated user's registry profile.
- *
- * @param {Object} updates - Fields to update (e.g. { displayName })
- * @returns {Promise<Object|null>} Updated user or null on 401
- */
-async function updateRegistryProfile$1(updates) {
-  const stored = getStoredToken$3();
-  if (!stored) return null;
-
-  try {
-    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me`, {
-      method: "PATCH",
-      headers: {
-        Authorization: `Bearer ${stored.token}`,
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify(updates),
-    });
-
-    if (response.status === 401) {
-      clearToken$2();
-      return null;
-    }
-    if (!response.ok) return null;
-
-    const data = await response.json();
-    return data.user || null;
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Get the authenticated user's published packages.
- *
- * @returns {Promise<Object|null>} { packages: [...] } or null
- */
-async function getRegistryPackages$1() {
-  const stored = getStoredToken$3();
-  if (!stored) return null;
-
-  try {
-    const response = await fetch(`${REGISTRY_BASE_URL$1}/api/auth/me/packages`, {
-      headers: {
-        Authorization: `Bearer ${stored.token}`,
-      },
-    });
-
-    if (response.status === 401) {
-      clearToken$2();
-      return null;
-    }
-    if (!response.ok) return null;
-
-    return await response.json();
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Update a published package's metadata.
- *
- * @param {string} scope - Package scope (e.g. "@trops")
- * @param {string} name - Package name
- * @param {Object} updates - Fields to update (displayName, description, category, tags, visibility)
- * @returns {Promise<Object|null>} Updated package or null
- */
-async function updateRegistryPackage$1(scope, name, updates) {
-  const stored = getStoredToken$3();
-  if (!stored) return null;
-
-  try {
-    const response = await fetch(
-      `${REGISTRY_BASE_URL$1}/api/packages/${encodeURIComponent(scope)}/${encodeURIComponent(name)}`,
-      {
-        method: "PATCH",
-        headers: {
-          Authorization: `Bearer ${stored.token}`,
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify(updates),
-      },
-    );
-
-    if (response.status === 401) {
-      clearToken$2();
-      return null;
-    }
-    if (!response.ok) return null;
-
-    return await response.json();
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Delete a published package from the registry.
- *
- * @param {string} scope - Package scope (e.g. "@trops")
- * @param {string} name - Package name
- * @returns {Promise<Object|null>} Response or null
- */
-async function deleteRegistryPackage(scope, name) {
-  const stored = getStoredToken$3();
-  if (!stored) return null;
-
-  try {
-    const response = await fetch(
-      `${REGISTRY_BASE_URL$1}/api/packages/${encodeURIComponent(scope)}/${encodeURIComponent(name)}`,
-      {
-        method: "DELETE",
-        headers: {
-          Authorization: `Bearer ${stored.token}`,
-        },
-      },
-    );
-
-    if (response.status === 401) {
-      clearToken$2();
-      return null;
-    }
-    if (!response.ok) return null;
-
-    return await response.json();
-  } catch {
-    return null;
-  }
-}
-
-var registryAuthController$2 = {
-  initiateDeviceFlow: initiateDeviceFlow$1,
-  pollForToken: pollForToken$1,
-  getStoredToken: getStoredToken$3,
-  getAuthStatus: getAuthStatus$1,
-  getRegistryProfile: getRegistryProfile$2,
-  updateRegistryProfile: updateRegistryProfile$1,
-  getRegistryPackages: getRegistryPackages$1,
-  updateRegistryPackage: updateRegistryPackage$1,
-  deleteRegistryPackage,
-  clearToken: clearToken$2,
-};
-
 var widgetRegistry$1 = {exports: {}};
 
 var dynamicWidgetLoader$2 = {exports: {}};
@@ -62711,6 +62738,7 @@ const { toDisplayColor: toDisplayColor$1 } = require$$8;
  * @param {string} options.category - Registry category (default: "general")
  * @param {string} options.repository - Repository URL (optional)
  * @param {string} options.appOrigin - Originating app package name (optional)
+ * @param {"public"|"private"} options.visibility - Initial visibility (default: "public")
  * @returns {Object} Registry manifest object
  */
 function generateRegistryManifest(dashboardConfig, options = {}) {
@@ -62721,6 +62749,7 @@ function generateRegistryManifest(dashboardConfig, options = {}) {
 
   const githubUser = options.githubUser || "";
   const version = "1.0.0";
+  const visibility = options.visibility === "private" ? "private" : "public";
 
   const manifest = {
     githubUser,
@@ -62729,6 +62758,7 @@ function generateRegistryManifest(dashboardConfig, options = {}) {
     author: dashboardConfig.author?.name || "",
     description: dashboardConfig.description || "",
     version,
+    visibility,
     type: "dashboard",
     category: options.category || "general",
     tags: dashboardConfig.tags || [],
@@ -63117,13 +63147,14 @@ function sanitizeName(name) {
  *
  * @param {Object} themeData - The raw theme object
  * @param {string} themeKey - The theme key/name
- * @param {Object} options - Publish options { authorName, description, tags, scope }
+ * @param {Object} options - Publish options { authorName, description, tags, scope, visibility }
  * @returns {Object} Registry manifest
  */
 function generateThemeRegistryManifest(themeData, themeKey, options = {}) {
   const humanName = themeData.name || themeKey;
   const sanitizedName = sanitizeName(humanName);
   const colors = extractColors(themeData);
+  const visibility = options.visibility === "private" ? "private" : "public";
 
   return {
     scope: options.scope || "",
@@ -63132,6 +63163,7 @@ function generateThemeRegistryManifest(themeData, themeKey, options = {}) {
     author: options.authorName || "",
     description: options.description || "",
     version: "1.0.0",
+    visibility,
     type: "theme",
     category: "general",
     tags: options.tags || [],
@@ -64888,6 +64920,7 @@ async function prepareDashboardForPublish$1(
       category: options.category || "general",
       repository: options.repository || "",
       appOrigin: appId,
+      visibility: options.visibility || "public",
     });
 
     // 9. Show save dialog for the publish package