@undefineds.co/xpod 0.1.7 → 0.2.0

package/dist/cli/commands/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/cli/commands/auth.ts"],"names":[],"mappings":";;;;;;AACA,4CAAoB;AACpB,gDAAwB;AACxB,oDAO4B;AA8B5B,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;IACvE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED,MAAM,YAAY,GAAuC;IACvD,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,gCAAgC;IAC1C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAChG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;CACF,CAAC;AAEF,MAAM,wBAAwB,GAAmD;IAC/E,OAAO,EAAE,oBAAoB;IAC7B,QAAQ,EAAE,8CAA8C;IACxD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SAC3F,MAAM,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE,CAAC;SACjF,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SACnE,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iDAAiD,EAAE,CAAC;IAC5G,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAkB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,uDAAuD;QACvD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,oCAAoC;YACpC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;gBACpD,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;iBAC5C;aACF,CAAC,CAAC;YACH,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,WAAW,GAAG,CAAC,MAAM,UAAU,CAAC,IAAI,EAAE,CAAwC,CAAC;gBACrF,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;gBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;oBACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxC,IAAI,QAAQ;wBAAE,KAAK,GAAG,QAAQ,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAA,qCAAuB,EAAC,KAAK,EAAE,QAAQ,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAChG,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC;QAEzC,IAAI,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;YAC/D,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,OAAO,GAA2B;gBACtC,eAAe,EAAE,IAAI,CAAC,EAAE;gBACxB,mBAAmB,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;gBACtC,WAAW,EAAE,KAAK;gBAClB,iBAAiB,EAAE,OAAO;aAC3B,CAAC;YAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC;gBAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACxB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;gBACtD,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC;gBACjC,CAAC;YACH,CAAC;YAED,YAAE,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,WAAW,GAAsC;IACrD,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yBAAyB;IACnC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAChG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mCAAqB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,IAAI,CAAC,CAAC,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,aAAa,GAAwC;IACzD,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,4BAA4B;IACtC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SAC3F,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IACpG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,IAAA,oCAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3E,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF,CAAC;AAEW,QAAA,WAAW,GAAoC;IAC1D,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,0CAA0C;IACpD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iBAAiB;QAC9B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB;KAC7D,CAAC;SACD,OAAO,CAAC,YAAY,CAAC;SACrB,OAAO,CAAC,wBAAwB,CAAC;SACjC,OAAO,CAAC,WAAW,CAAC;SACpB,OAAO,CAAC,aAAa,CAAC;SACtB,aAAa,CAAC,CAAC,EAAE,mCAAmC,CAAC;IAC1D,OAAO,EAAE,GAAG,EAAE;QACZ,wBAAwB;IAC1B,CAAC;CACF,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\nimport fs from 'fs';\nimport path from 'path';\nimport {\n  checkServer,\n  login,\n  getAccountControls,\n  createClientCredentials,\n  listClientCredentials,\n  revokeClientCredential,\n} from '../lib/css-account';\n\ninterface AuthArgs {\n  url: string;\n}\n\ninterface LoginArgs extends AuthArgs {\n  email: string;\n  password: string;\n}\n\ninterface CreateCredentialsArgs extends AuthArgs {\n  email: string;\n  password: string;\n  'web-id'?: string;\n  name?: string;\n  'write-env'?: string;\n}\n\ninterface ListArgs extends AuthArgs {\n  email: string;\n  password: string;\n}\n\ninterface RevokeArgs extends AuthArgs {\n  email: string;\n  password: string;\n  'client-id': string;\n}\n\nfunction resolveUrl(url: string): string {\n  const raw = url || process.env.CSS_BASE_URL || 'http://localhost:3000';\n  return raw.endsWith('/') ? raw : `${raw}/`;\n}\n\nconst loginCommand: CommandModule<AuthArgs, LoginArgs> = {\n  command: 'login',\n  describe: 'Login and get an account token',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed. Check email/password.');\n      process.exit(1);\n    }\n\n    console.log('Login successful.');\n    console.log(`Token: ${token}`);\n  },\n};\n\nconst createCredentialsCommand: CommandModule<AuthArgs, CreateCredentialsArgs> = {\n  command: 'create-credentials',\n  describe: 'Create client credentials (client_id/secret)',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' })\n      .option('web-id', { type: 'string', description: 'WebID to bind credentials to' })\n      .option('name', { type: 'string', description: 'Credential label' })\n      .option('write-env', { type: 'string', description: 'Write credentials to env file (e.g. .env.local)' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const controls = await getAccountControls(token, baseUrl);\n    if (!controls?.clientCredentials) {\n      console.error('Cannot find client credentials endpoint.');\n      process.exit(1);\n    }\n\n    // Determine WebID: explicit flag > first pod's profile\n    let webId = argv['web-id'];\n    if (!webId) {\n      // Try to discover from account info\n      const accountRes = await fetch(`${baseUrl}.account/`, {\n        headers: {\n          Accept: 'application/json',\n          Authorization: `CSS-Account-Token ${token}`,\n        },\n      });\n      if (accountRes.ok) {\n        const accountData = (await accountRes.json()) as { webIds?: Record<string, string> };\n        const webIds = accountData.webIds;\n        if (webIds && typeof webIds === 'object') {\n          const firstUrl = Object.keys(webIds)[0];\n          if (firstUrl) webId = firstUrl;\n        }\n      }\n    }\n\n    if (!webId) {\n      console.error('No WebID found. Specify --web-id explicitly.');\n      process.exit(1);\n    }\n\n    const cred = await createClientCredentials(token, controls.clientCredentials, webId, argv.name);\n    if (!cred) {\n      console.error('Failed to create credentials.');\n      process.exit(1);\n    }\n\n    console.log('Credentials created:');\n    console.log(`  client_id:     ${cred.id}`);\n    console.log(`  client_secret: ${cred.secret}`);\n    console.log(`  webId:         ${webId}`);\n\n    if (argv['write-env']) {\n      const envPath = path.resolve(process.cwd(), argv['write-env']);\n      let content = '';\n      if (fs.existsSync(envPath)) {\n        content = fs.readFileSync(envPath, 'utf-8');\n      }\n\n      const updates: Record<string, string> = {\n        SOLID_CLIENT_ID: cred.id,\n        SOLID_CLIENT_SECRET: cred.secret ?? '',\n        SOLID_WEBID: webId,\n        SOLID_OIDC_ISSUER: baseUrl,\n      };\n\n      for (const [key, value] of Object.entries(updates)) {\n        const regex = new RegExp(`^${key}=.*$`, 'm');\n        if (regex.test(content)) {\n          content = content.replace(regex, `${key}=${value}`);\n        } else {\n          content += `\\n${key}=${value}`;\n        }\n      }\n\n      fs.writeFileSync(envPath, content.trim() + '\\n');\n      console.log(`\\nWritten to ${envPath}`);\n    }\n  },\n};\n\nconst listCommand: CommandModule<AuthArgs, ListArgs> = {\n  command: 'list',\n  describe: 'List client credentials',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const creds = await listClientCredentials(token, baseUrl);\n    if (creds.length === 0) {\n      console.log('No client credentials found.');\n      return;\n    }\n\n    console.log(`Found ${creds.length} credential(s):\\n`);\n    for (const c of creds) {\n      console.log(`  ${c.id}`);\n      if (c.webId) console.log(`    webId: ${c.webId}`);\n    }\n  },\n};\n\nconst revokeCommand: CommandModule<AuthArgs, RevokeArgs> = {\n  command: 'revoke',\n  describe: 'Revoke a client credential',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' })\n      .option('client-id', { type: 'string', demandOption: true, description: 'Client ID to revoke' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const ok = await revokeClientCredential(token, argv['client-id'], baseUrl);\n    if (ok) {\n      console.log(`Credential ${argv['client-id']} revoked.`);\n    } else {\n      console.error(`Failed to revoke credential ${argv['client-id']}.`);\n      process.exit(1);\n    }\n  },\n};\n\nexport const authCommand: CommandModule<object, AuthArgs> = {\n  command: 'auth',\n  describe: 'Authentication and credential management',\n  builder: (yargs) =>\n    yargs\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL',\n        default: process.env.CSS_BASE_URL || 'http://localhost:3000',\n      })\n      .command(loginCommand)\n      .command(createCredentialsCommand)\n      .command(listCommand)\n      .command(revokeCommand)\n      .demandCommand(1, 'Please specify an auth subcommand'),\n  handler: () => {\n    // parent command, no-op\n  },\n};\n"]}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/cli/commands/auth.ts"],"names":[],"mappings":";;;AACA,oDAO4B;AAC5B,gEAA4F;AA8B5F,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;IACvE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED,MAAM,YAAY,GAAuC;IACvD,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,gCAAgC;IAC1C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAChG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;CACF,CAAC;AAEF,MAAM,wBAAwB,GAAmD;IAC/E,OAAO,EAAE,oBAAoB;IAC7B,QAAQ,EAAE,8CAA8C;IACxD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SAC3F,MAAM,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE,CAAC;SACjF,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SACnE,MAAM,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,6DAA6D,EAAE,CAAC;IACtI,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAkB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,uDAAuD;QACvD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,oCAAoC;YACpC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;gBACpD,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;iBAC5C;aACF,CAAC,CAAC;YACH,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,WAAW,GAAG,CAAC,MAAM,UAAU,CAAC,IAAI,EAAE,CAAwC,CAAC;gBACrF,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;gBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;oBACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxC,IAAI,QAAQ;wBAAE,KAAK,GAAG,QAAQ,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAA,qCAAuB,EAAC,KAAK,EAAE,QAAQ,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAChG,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAA,mCAAe,EAAC;gBACd,GAAG,EAAE,OAAO;gBACZ,QAAQ,EAAE,IAAI,CAAC,EAAE;gBACjB,YAAY,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;gBAC/B,KAAK;aACN,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,cAAc,IAAA,iCAAa,GAAE,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,WAAW,GAAsC;IACrD,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yBAAyB;IACnC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAChG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mCAAqB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,IAAI,CAAC,CAAC,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,aAAa,GAAwC;IACzD,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,4BAA4B;IACtC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SAC3F,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IACpG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,IAAA,oCAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3E,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,aAAa,GAAsC;IACvD,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,yCAAyC;IACnD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK;IACzB,OAAO,EAAE,KAAK,IAAI,EAAE;QAClB,IAAA,oCAAgB,GAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACtC,CAAC;CACF,CAAC;AAEW,QAAA,WAAW,GAAoC;IAC1D,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,0CAA0C;IACpD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iBAAiB;QAC9B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB;KAC7D,CAAC;SACD,OAAO,CAAC,YAAY,CAAC;SACrB,OAAO,CAAC,wBAAwB,CAAC;SACjC,OAAO,CAAC,aAAa,CAAC;SACtB,OAAO,CAAC,WAAW,CAAC;SACpB,OAAO,CAAC,aAAa,CAAC;SACtB,aAAa,CAAC,CAAC,EAAE,mCAAmC,CAAC;IAC1D,OAAO,EAAE,GAAG,EAAE;QACZ,wBAAwB;IAC1B,CAAC;CACF,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\nimport {\n  checkServer,\n  login,\n  getAccountControls,\n  createClientCredentials,\n  listClientCredentials,\n  revokeClientCredential,\n} from '../lib/css-account';\nimport { saveCredentials, clearCredentials, getConfigPath } from '../lib/credentials-store';\n\ninterface AuthArgs {\n  url: string;\n}\n\ninterface LoginArgs extends AuthArgs {\n  email: string;\n  password: string;\n}\n\ninterface CreateCredentialsArgs extends AuthArgs {\n  email: string;\n  password: string;\n  'web-id'?: string;\n  name?: string;\n  output?: boolean;\n}\n\ninterface ListArgs extends AuthArgs {\n  email: string;\n  password: string;\n}\n\ninterface RevokeArgs extends AuthArgs {\n  email: string;\n  password: string;\n  'client-id': string;\n}\n\nfunction resolveUrl(url: string): string {\n  const raw = url || process.env.CSS_BASE_URL || 'http://localhost:3000';\n  return raw.endsWith('/') ? raw : `${raw}/`;\n}\n\nconst loginCommand: CommandModule<AuthArgs, LoginArgs> = {\n  command: 'login',\n  describe: 'Login and get an account token',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed. Check email/password.');\n      process.exit(1);\n    }\n\n    console.log('Login successful.');\n    console.log(`Token: ${token}`);\n  },\n};\n\nconst createCredentialsCommand: CommandModule<AuthArgs, CreateCredentialsArgs> = {\n  command: 'create-credentials',\n  describe: 'Create client credentials (client_id/secret)',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' })\n      .option('web-id', { type: 'string', description: 'WebID to bind credentials to' })\n      .option('name', { type: 'string', description: 'Credential label' })\n      .option('output', { type: 'boolean', default: false, description: 'Print credentials to terminal instead of saving to ~/.xpod/' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const controls = await getAccountControls(token, baseUrl);\n    if (!controls?.clientCredentials) {\n      console.error('Cannot find client credentials endpoint.');\n      process.exit(1);\n    }\n\n    // Determine WebID: explicit flag > first pod's profile\n    let webId = argv['web-id'];\n    if (!webId) {\n      // Try to discover from account info\n      const accountRes = await fetch(`${baseUrl}.account/`, {\n        headers: {\n          Accept: 'application/json',\n          Authorization: `CSS-Account-Token ${token}`,\n        },\n      });\n      if (accountRes.ok) {\n        const accountData = (await accountRes.json()) as { webIds?: Record<string, string> };\n        const webIds = accountData.webIds;\n        if (webIds && typeof webIds === 'object') {\n          const firstUrl = Object.keys(webIds)[0];\n          if (firstUrl) webId = firstUrl;\n        }\n      }\n    }\n\n    if (!webId) {\n      console.error('No WebID found. Specify --web-id explicitly.');\n      process.exit(1);\n    }\n\n    const cred = await createClientCredentials(token, controls.clientCredentials, webId, argv.name);\n    if (!cred) {\n      console.error('Failed to create credentials.');\n      process.exit(1);\n    }\n\n    console.log('Credentials created:');\n    console.log(`  client_id:     ${cred.id}`);\n    console.log(`  client_secret: ${cred.secret}`);\n    console.log(`  webId:         ${webId}`);\n\n    if (!argv.output) {\n      saveCredentials({\n        url: baseUrl,\n        clientId: cred.id,\n        clientSecret: cred.secret ?? '',\n        webId,\n      });\n      console.log(`\\nSaved to ${getConfigPath().replace('/config.json', '/')}`);\n    }\n  },\n};\n\nconst listCommand: CommandModule<AuthArgs, ListArgs> = {\n  command: 'list',\n  describe: 'List client credentials',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const creds = await listClientCredentials(token, baseUrl);\n    if (creds.length === 0) {\n      console.log('No client credentials found.');\n      return;\n    }\n\n    console.log(`Found ${creds.length} credential(s):\\n`);\n    for (const c of creds) {\n      console.log(`  ${c.id}`);\n      if (c.webId) console.log(`    webId: ${c.webId}`);\n    }\n  },\n};\n\nconst revokeCommand: CommandModule<AuthArgs, RevokeArgs> = {\n  command: 'revoke',\n  describe: 'Revoke a client credential',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' })\n      .option('client-id', { type: 'string', demandOption: true, description: 'Client ID to revoke' }),\n  handler: async (argv) => {\n    const baseUrl = resolveUrl(argv.url);\n\n    if (!(await checkServer(baseUrl))) {\n      console.error(`Cannot reach server at ${baseUrl}`);\n      process.exit(1);\n    }\n\n    const token = await login(argv.email, argv.password, baseUrl);\n    if (!token) {\n      console.error('Login failed.');\n      process.exit(1);\n    }\n\n    const ok = await revokeClientCredential(token, argv['client-id'], baseUrl);\n    if (ok) {\n      console.log(`Credential ${argv['client-id']} revoked.`);\n    } else {\n      console.error(`Failed to revoke credential ${argv['client-id']}.`);\n      process.exit(1);\n    }\n  },\n};\n\nconst logoutCommand: CommandModule<AuthArgs, AuthArgs> = {\n  command: 'logout',\n  describe: 'Remove stored credentials from ~/.xpod/',\n  builder: (yargs) => yargs,\n  handler: async () => {\n    clearCredentials();\n    console.log('Credentials removed.');\n  },\n};\n\nexport const authCommand: CommandModule<object, AuthArgs> = {\n  command: 'auth',\n  describe: 'Authentication and credential management',\n  builder: (yargs) =>\n    yargs\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL',\n        default: process.env.CSS_BASE_URL || 'http://localhost:3000',\n      })\n      .command(loginCommand)\n      .command(createCredentialsCommand)\n      .command(logoutCommand)\n      .command(listCommand)\n      .command(revokeCommand)\n      .demandCommand(1, 'Please specify an auth subcommand'),\n  handler: () => {\n    // parent command, no-op\n  },\n};\n"]}

package/dist/cli/commands/backup.d.ts

@@ -0,0 +1,15 @@
+import type { CommandModule } from 'yargs';
+interface BackupArgs {
+    url?: string;
+    email?: string;
+    password?: string;
+}
+interface BackupExportArgs extends BackupArgs {
+    output: string;
+}
+interface BackupImportArgs extends BackupArgs {
+    input: string;
+}
+declare const backupCommand: CommandModule<object, BackupExportArgs>;
+declare const restoreCommand: CommandModule<object, BackupImportArgs>;
+export { backupCommand, restoreCommand };

package/dist/cli/commands/backup.js

@@ -0,0 +1,286 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.restoreCommand = exports.backupCommand = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const css_account_1 = require("../lib/css-account");
+const credentials_store_1 = require("../lib/credentials-store");
+const solid_auth_1 = require("../lib/solid-auth");
+function resolveUrl(url, credUrl) {
+    const raw = url || credUrl || process.env.CSS_BASE_URL || 'http://localhost:3000';
+    return raw.endsWith('/') ? raw : `${raw}/`;
+}
+/**
+ * Resolve auth: prefer client credentials from ~/.xpod/, fall back to email/password.
+ * Returns { authHeader, podUrl }.
+ */
+async function resolveBackupAuth(argv) {
+    const creds = (0, credentials_store_1.loadCredentials)();
+    // Try client credentials first
+    if (creds) {
+        const baseUrl = resolveUrl(argv.url, creds.url);
+        const tokenResult = await (0, solid_auth_1.getAccessToken)(creds.clientId, creds.clientSecret, baseUrl);
+        if (tokenResult) {
+            // Derive pod URL from webId
+            const webIdUrl = new URL(creds.webId);
+            const pathParts = webIdUrl.pathname.split('/').filter(Boolean);
+            const podUrl = `${webIdUrl.origin}/${pathParts[0]}/`;
+            return { authHeader: `Bearer ${tokenResult.accessToken}`, podUrl };
+        }
+    }
+    // Fall back to email/password
+    if (!argv.email || !argv.password) {
+        console.error('No credentials found. Run `xpod auth create-credentials` or provide --email and --password.');
+        process.exit(1);
+    }
+    const baseUrl = resolveUrl(argv.url, creds?.url);
+    if (!(await (0, css_account_1.checkServer)(baseUrl))) {
+        console.error(`Cannot reach server at ${baseUrl}`);
+        process.exit(1);
+    }
+    const token = await (0, css_account_1.login)(argv.email, argv.password, baseUrl);
+    if (!token) {
+        console.error('Login failed. Check email/password.');
+        process.exit(1);
+    }
+    // Resolve pod URL via account API
+    const res = await fetch(`${baseUrl}.account/`, {
+        headers: {
+            Accept: 'application/json',
+            Authorization: `CSS-Account-Token ${token}`,
+        },
+    });
+    if (!res.ok) {
+        console.error('Failed to get account info.');
+        process.exit(1);
+    }
+    const data = (await res.json());
+    const podUrl = data.pods ? Object.values(data.pods)[0] : undefined;
+    if (!podUrl) {
+        console.error('No pod found for this account.');
+        process.exit(1);
+    }
+    return { authHeader: `CSS-Account-Token ${token}`, podUrl };
+}
+/**
+ * Parse ldp:contains links from a Turtle container listing.
+ */
+function parseContainedUrls(turtle, containerUrl) {
+    const urls = [];
+    const regex = /<([^>]+)>/g;
+    let match;
+    const lines = turtle.split('\n');
+    let inContains = false;
+    for (const line of lines) {
+        if (line.includes('ldp:contains') || line.includes('http://www.w3.org/ns/ldp#contains')) {
+            inContains = true;
+        }
+        if (inContains) {
+            while ((match = regex.exec(line)) !== null) {
+                const url = match[1];
+                if (url !== containerUrl && !url.startsWith('http://www.w3.org/') && !url.startsWith('http://purl.org/')) {
+                    urls.push(url);
+                }
+            }
+            if (line.includes('.'))
+                inContains = false;
+        }
+    }
+    return urls;
+}
+function isContainer(url) {
+    return url.endsWith('/');
+}
+async function fetchResource(url, authHeader) {
+    try {
+        const res = await fetch(url, {
+            headers: { Authorization: authHeader },
+        });
+        if (!res.ok) {
+            console.error(`  WARN: GET ${url} → ${res.status}`);
+            return null;
+        }
+        const contentType = res.headers.get('content-type') ?? 'application/octet-stream';
+        const body = Buffer.from(await res.arrayBuffer());
+        return { url, contentType, body };
+    }
+    catch (err) {
+        console.error(`  WARN: GET ${url} failed: ${err instanceof Error ? err.message : err}`);
+        return null;
+    }
+}
+async function fetchContainer(containerUrl, authHeader) {
+    try {
+        const res = await fetch(containerUrl, {
+            headers: {
+                Accept: 'text/turtle',
+                Authorization: authHeader,
+            },
+        });
+        if (!res.ok)
+            return null;
+        return await res.text();
+    }
+    catch {
+        return null;
+    }
+}
+async function crawlAndSave(containerUrl, authHeader, podUrl, outputDir, stats) {
+    const turtle = await fetchContainer(containerUrl, authHeader);
+    if (!turtle) {
+        console.error(`  WARN: Cannot read container ${containerUrl}`);
+        return;
+    }
+    const contained = parseContainedUrls(turtle, containerUrl);
+    for (const url of contained) {
+        const relativePath = url.startsWith(podUrl) ? url.slice(podUrl.length) : url;
+        if (isContainer(url)) {
+            const dirPath = (0, path_1.join)(outputDir, relativePath);
+            (0, fs_1.mkdirSync)(dirPath, { recursive: true });
+            await crawlAndSave(url, authHeader, podUrl, outputDir, stats);
+        }
+        else {
+            const resource = await fetchResource(url, authHeader);
+            if (resource) {
+                const filePath = (0, path_1.join)(outputDir, relativePath);
+                (0, fs_1.mkdirSync)((0, path_1.dirname)(filePath), { recursive: true });
+                (0, fs_1.writeFileSync)(filePath, resource.body);
+                stats.resources++;
+                stats.bytes += resource.body.length;
+                console.error(`  ${relativePath} (${resource.body.length} bytes)`);
+            }
+        }
+    }
+    const aclUrl = `${containerUrl}.acl`;
+    const aclResource = await fetchResource(aclUrl, authHeader);
+    if (aclResource) {
+        const aclRelative = aclUrl.startsWith(podUrl) ? aclUrl.slice(podUrl.length) : `${containerUrl.slice(podUrl.length)}.acl`;
+        const aclPath = (0, path_1.join)(outputDir, aclRelative);
+        (0, fs_1.mkdirSync)((0, path_1.dirname)(aclPath), { recursive: true });
+        (0, fs_1.writeFileSync)(aclPath, aclResource.body);
+        stats.resources++;
+        stats.bytes += aclResource.body.length;
+    }
+}
+async function restoreFromDir(dirPath, podUrl, authHeader, basePath, stats) {
+    const entries = (0, fs_1.readdirSync)(dirPath, { withFileTypes: true });
+    for (const entry of entries) {
+        if (entry.isDirectory()) {
+            const relativePath = (0, path_1.relative)(basePath, (0, path_1.join)(dirPath, entry.name));
+            const containerUrl = `${podUrl}${relativePath}/`;
+            try {
+                await fetch(containerUrl, {
+                    method: 'PUT',
+                    headers: {
+                        'Content-Type': 'text/turtle',
+                        Authorization: authHeader,
+                    },
+                    body: '',
+                });
+            }
+            catch {
+                // Container may already exist
+            }
+            await restoreFromDir((0, path_1.join)(dirPath, entry.name), podUrl, authHeader, basePath, stats);
+        }
+    }
+    for (const entry of entries) {
+        if (entry.isFile()) {
+            const filePath = (0, path_1.join)(dirPath, entry.name);
+            const relativePath = (0, path_1.relative)(basePath, filePath);
+            const resourceUrl = `${podUrl}${relativePath}`;
+            const body = (0, fs_1.readFileSync)(filePath);
+            let contentType = 'application/octet-stream';
+            if (entry.name.endsWith('.ttl'))
+                contentType = 'text/turtle';
+            else if (entry.name.endsWith('.json') || entry.name.endsWith('.jsonld'))
+                contentType = 'application/ld+json';
+            else if (entry.name.endsWith('.acl'))
+                contentType = 'text/turtle';
+            else if (entry.name.endsWith('.html'))
+                contentType = 'text/html';
+            else if (entry.name.endsWith('.txt'))
+                contentType = 'text/plain';
+            else if (entry.name.endsWith('.png'))
+                contentType = 'image/png';
+            else if (entry.name.endsWith('.jpg') || entry.name.endsWith('.jpeg'))
+                contentType = 'image/jpeg';
+            const res = await fetch(resourceUrl, {
+                method: 'PUT',
+                headers: {
+                    'Content-Type': contentType,
+                    Authorization: authHeader,
+                },
+                body,
+            });
+            if (res.ok) {
+                stats.resources++;
+                stats.bytes += body.length;
+                console.error(`  ${relativePath} (${body.length} bytes)`);
+            }
+            else {
+                console.error(`  WARN: PUT ${resourceUrl} → ${res.status}`);
+            }
+        }
+    }
+}
+const backupCommand = {
+    command: 'backup',
+    describe: 'Backup a Pod to a local directory',
+    builder: (yargs) => yargs
+        .option('email', { type: 'string', description: 'Account email (optional if credentials stored)' })
+        .option('password', { type: 'string', description: 'Account password (optional if credentials stored)' })
+        .option('url', {
+        alias: 'u',
+        type: 'string',
+        description: 'Server base URL',
+    })
+        .option('output', {
+        alias: 'o',
+        type: 'string',
+        demandOption: true,
+        description: 'Output directory path',
+    }),
+    handler: async (argv) => {
+        const { authHeader, podUrl } = await resolveBackupAuth(argv);
+        console.log(`Backing up pod: ${podUrl}`);
+        console.log(`Output: ${argv.output}\n`);
+        (0, fs_1.mkdirSync)(argv.output, { recursive: true });
+        const stats = { resources: 0, bytes: 0 };
+        await crawlAndSave(podUrl, authHeader, podUrl, argv.output, stats);
+        console.log(`\nBackup complete: ${stats.resources} resources, ${(stats.bytes / 1024).toFixed(1)} KB`);
+    },
+};
+exports.backupCommand = backupCommand;
+const restoreCommand = {
+    command: 'restore',
+    describe: 'Restore a Pod from a local backup directory',
+    builder: (yargs) => yargs
+        .option('email', { type: 'string', description: 'Account email (optional if credentials stored)' })
+        .option('password', { type: 'string', description: 'Account password (optional if credentials stored)' })
+        .option('url', {
+        alias: 'u',
+        type: 'string',
+        description: 'Server base URL',
+    })
+        .option('input', {
+        alias: 'i',
+        type: 'string',
+        demandOption: true,
+        description: 'Input directory path',
+    }),
+    handler: async (argv) => {
+        if (!(0, fs_1.existsSync)(argv.input) || !(0, fs_1.statSync)(argv.input).isDirectory()) {
+            console.error(`Input path is not a directory: ${argv.input}`);
+            process.exit(1);
+        }
+        const { authHeader, podUrl } = await resolveBackupAuth(argv);
+        console.log(`Restoring to pod: ${podUrl}`);
+        console.log(`Input: ${argv.input}\n`);
+        const stats = { resources: 0, bytes: 0 };
+        await restoreFromDir(argv.input, podUrl, authHeader, argv.input, stats);
+        console.log(`\nRestore complete: ${stats.resources} resources, ${(stats.bytes / 1024).toFixed(1)} KB`);
+    },
+};
+exports.restoreCommand = restoreCommand;
+//# sourceMappingURL=backup.js.map

package/dist/cli/commands/backup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup.js","sourceRoot":"","sources":["../../../src/cli/commands/backup.ts"],"names":[],"mappings":";;;AACA,2BAA+F;AAC/F,+BAA+C;AAC/C,oDAAwD;AACxD,gEAA2D;AAC3D,kDAAmD;AAgBnD,SAAS,UAAU,CAAC,GAAY,EAAE,OAAgB;IAChD,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;IAClF,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAC9B,IAAgB;IAEhB,MAAM,KAAK,GAAG,IAAA,mCAAe,GAAE,CAAC;IAEhC,+BAA+B;IAC/B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,IAAA,2BAAc,EAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACtF,IAAI,WAAW,EAAE,CAAC;YAChB,4BAA4B;YAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;YACrD,OAAO,EAAE,UAAU,EAAE,UAAU,WAAW,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;QACrE,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,6FAA6F,CAAC,CAAC;QAC7G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAK,EAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,kCAAkC;IAClC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;QAC7C,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;SAC5C;KACF,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsC,CAAC;IACrE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACnE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,qBAAqB,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAc,EAAE,YAAoB;IAC9D,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAG,YAAY,CAAC;IAC3B,IAAI,KAA6B,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;YACxF,UAAU,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrB,IAAI,GAAG,KAAK,YAAY,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACzG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,UAAU,GAAG,KAAK,CAAC;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAQD,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE;SACvC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,eAAe,GAAG,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0BAA0B,CAAC;QAClF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAClD,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,eAAe,GAAG,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACxF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,YAAoB,EACpB,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE;YACpC,OAAO,EAAE;gBACP,MAAM,EAAE,aAAa;gBACrB,aAAa,EAAE,UAAU;aAC1B;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,YAAoB,EACpB,UAAkB,EAClB,MAAc,EACd,SAAiB,EACjB,KAA2C;IAE3C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,iCAAiC,YAAY,EAAE,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAE3D,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAE7E,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YAC9C,IAAA,cAAS,EAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACxC,MAAM,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACtD,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAC/C,IAAA,cAAS,EAAC,IAAA,cAAO,EAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClD,IAAA,kBAAa,EAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACvC,KAAK,CAAC,SAAS,EAAE,CAAC;gBAClB,KAAK,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;gBACpC,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,QAAQ,CAAC,IAAI,CAAC,MAAM,SAAS,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,YAAY,MAAM,CAAC;IACrC,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC5D,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;QACzH,MAAM,OAAO,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC7C,IAAA,cAAS,EAAC,IAAA,cAAO,EAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,IAAA,kBAAa,EAAC,OAAO,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QACzC,KAAK,CAAC,SAAS,EAAE,CAAC;QAClB,KAAK,CAAC,KAAK,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IACzC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,OAAe,EACf,MAAc,EACd,UAAkB,EAClB,QAAgB,EAChB,KAA2C;IAE3C,MAAM,OAAO,GAAG,IAAA,gBAAW,EAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,YAAY,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,IAAA,WAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YACnE,MAAM,YAAY,GAAG,GAAG,MAAM,GAAG,YAAY,GAAG,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,YAAY,EAAE;oBACxB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE;wBACP,cAAc,EAAE,aAAa;wBAC7B,aAAa,EAAE,UAAU;qBAC1B;oBACD,IAAI,EAAE,EAAE;iBACT,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;YAChC,CAAC;YACD,MAAM,cAAc,CAAC,IAAA,WAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QACvF,CAAC;IACH,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,GAAG,MAAM,GAAG,YAAY,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,IAAA,iBAAY,EAAC,QAAQ,CAAC,CAAC;YAEpC,IAAI,WAAW,GAAG,0BAA0B,CAAC;YAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,WAAW,GAAG,aAAa,CAAC;iBACxD,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,WAAW,GAAG,qBAAqB,CAAC;iBACxG,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,WAAW,GAAG,aAAa,CAAC;iBAC7D,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,WAAW,GAAG,WAAW,CAAC;iBAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,WAAW,GAAG,YAAY,CAAC;iBAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,WAAW,GAAG,WAAW,CAAC;iBAC3D,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,WAAW,GAAG,YAAY,CAAC;YAEjG,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;gBACnC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,cAAc,EAAE,WAAW;oBAC3B,aAAa,EAAE,UAAU;iBAC1B;gBACD,IAAI;aACL,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,KAAK,CAAC,SAAS,EAAE,CAAC;gBAClB,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,IAAI,CAAC,MAAM,SAAS,CAAC,CAAC;YAC5D,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,eAAe,WAAW,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,aAAa,GAA4C;IAC7D,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,mCAAmC;IAC7C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE,CAAC;SAClG,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mDAAmD,EAAE,CAAC;SACxG,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iBAAiB;KAC/B,CAAC;SACD,MAAM,CAAC,QAAQ,EAAE;QAChB,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,uBAAuB;KACrC,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC;QAExC,IAAA,cAAS,EAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QAEzC,MAAM,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEnE,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,SAAS,eAAe,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACxG,CAAC;CACF,CAAC;AAsCO,sCAAa;AApCtB,MAAM,cAAc,GAA4C;IAC9D,OAAO,EAAE,SAAS;IAClB,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE,CAAC;SAClG,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mDAAmD,EAAE,CAAC;SACxG,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iBAAiB;KAC/B,CAAC;SACD,MAAM,CAAC,OAAO,EAAE;QACf,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,sBAAsB;KACpC,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,kCAAkC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;QAEtC,MAAM,KAAK,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACzC,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAExE,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,SAAS,eAAe,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACzG,CAAC;CACF,CAAC;AAEsB,wCAAc","sourcesContent":["import type { CommandModule } from 'yargs';\nimport { mkdirSync, writeFileSync, readFileSync, readdirSync, statSync, existsSync } from 'fs';\nimport { join, relative, dirname } from 'path';\nimport { login, checkServer } from '../lib/css-account';\nimport { loadCredentials } from '../lib/credentials-store';\nimport { getAccessToken } from '../lib/solid-auth';\n\ninterface BackupArgs {\n  url?: string;\n  email?: string;\n  password?: string;\n}\n\ninterface BackupExportArgs extends BackupArgs {\n  output: string;\n}\n\ninterface BackupImportArgs extends BackupArgs {\n  input: string;\n}\n\nfunction resolveUrl(url?: string, credUrl?: string): string {\n  const raw = url || credUrl || process.env.CSS_BASE_URL || 'http://localhost:3000';\n  return raw.endsWith('/') ? raw : `${raw}/`;\n}\n\n/**\n * Resolve auth: prefer client credentials from ~/.xpod/, fall back to email/password.\n * Returns { authHeader, podUrl }.\n */\nasync function resolveBackupAuth(\n  argv: BackupArgs,\n): Promise<{ authHeader: string; podUrl: string }> {\n  const creds = loadCredentials();\n\n  // Try client credentials first\n  if (creds) {\n    const baseUrl = resolveUrl(argv.url, creds.url);\n    const tokenResult = await getAccessToken(creds.clientId, creds.clientSecret, baseUrl);\n    if (tokenResult) {\n      // Derive pod URL from webId\n      const webIdUrl = new URL(creds.webId);\n      const pathParts = webIdUrl.pathname.split('/').filter(Boolean);\n      const podUrl = `${webIdUrl.origin}/${pathParts[0]}/`;\n      return { authHeader: `Bearer ${tokenResult.accessToken}`, podUrl };\n    }\n  }\n\n  // Fall back to email/password\n  if (!argv.email || !argv.password) {\n    console.error('No credentials found. Run `xpod auth create-credentials` or provide --email and --password.');\n    process.exit(1);\n  }\n\n  const baseUrl = resolveUrl(argv.url, creds?.url);\n  if (!(await checkServer(baseUrl))) {\n    console.error(`Cannot reach server at ${baseUrl}`);\n    process.exit(1);\n  }\n\n  const token = await login(argv.email, argv.password, baseUrl);\n  if (!token) {\n    console.error('Login failed. Check email/password.');\n    process.exit(1);\n  }\n\n  // Resolve pod URL via account API\n  const res = await fetch(`${baseUrl}.account/`, {\n    headers: {\n      Accept: 'application/json',\n      Authorization: `CSS-Account-Token ${token}`,\n    },\n  });\n  if (!res.ok) {\n    console.error('Failed to get account info.');\n    process.exit(1);\n  }\n  const data = (await res.json()) as { pods?: Record<string, string> };\n  const podUrl = data.pods ? Object.values(data.pods)[0] : undefined;\n  if (!podUrl) {\n    console.error('No pod found for this account.');\n    process.exit(1);\n  }\n\n  return { authHeader: `CSS-Account-Token ${token}`, podUrl };\n}\n\n/**\n * Parse ldp:contains links from a Turtle container listing.\n */\nfunction parseContainedUrls(turtle: string, containerUrl: string): string[] {\n  const urls: string[] = [];\n  const regex = /<([^>]+)>/g;\n  let match: RegExpExecArray | null;\n  const lines = turtle.split('\\n');\n  let inContains = false;\n  for (const line of lines) {\n    if (line.includes('ldp:contains') || line.includes('http://www.w3.org/ns/ldp#contains')) {\n      inContains = true;\n    }\n    if (inContains) {\n      while ((match = regex.exec(line)) !== null) {\n        const url = match[1];\n        if (url !== containerUrl && !url.startsWith('http://www.w3.org/') && !url.startsWith('http://purl.org/')) {\n          urls.push(url);\n        }\n      }\n      if (line.includes('.')) inContains = false;\n    }\n  }\n  return urls;\n}\n\nfunction isContainer(url: string): boolean {\n  return url.endsWith('/');\n}\n\ninterface FetchedResource {\n  url: string;\n  contentType: string;\n  body: Buffer;\n}\n\nasync function fetchResource(\n  url: string,\n  authHeader: string,\n): Promise<FetchedResource | null> {\n  try {\n    const res = await fetch(url, {\n      headers: { Authorization: authHeader },\n    });\n    if (!res.ok) {\n      console.error(`  WARN: GET ${url} → ${res.status}`);\n      return null;\n    }\n    const contentType = res.headers.get('content-type') ?? 'application/octet-stream';\n    const body = Buffer.from(await res.arrayBuffer());\n    return { url, contentType, body };\n  } catch (err) {\n    console.error(`  WARN: GET ${url} failed: ${err instanceof Error ? err.message : err}`);\n    return null;\n  }\n}\n\nasync function fetchContainer(\n  containerUrl: string,\n  authHeader: string,\n): Promise<string | null> {\n  try {\n    const res = await fetch(containerUrl, {\n      headers: {\n        Accept: 'text/turtle',\n        Authorization: authHeader,\n      },\n    });\n    if (!res.ok) return null;\n    return await res.text();\n  } catch {\n    return null;\n  }\n}\n\nasync function crawlAndSave(\n  containerUrl: string,\n  authHeader: string,\n  podUrl: string,\n  outputDir: string,\n  stats: { resources: number; bytes: number },\n): Promise<void> {\n  const turtle = await fetchContainer(containerUrl, authHeader);\n  if (!turtle) {\n    console.error(`  WARN: Cannot read container ${containerUrl}`);\n    return;\n  }\n\n  const contained = parseContainedUrls(turtle, containerUrl);\n\n  for (const url of contained) {\n    const relativePath = url.startsWith(podUrl) ? url.slice(podUrl.length) : url;\n\n    if (isContainer(url)) {\n      const dirPath = join(outputDir, relativePath);\n      mkdirSync(dirPath, { recursive: true });\n      await crawlAndSave(url, authHeader, podUrl, outputDir, stats);\n    } else {\n      const resource = await fetchResource(url, authHeader);\n      if (resource) {\n        const filePath = join(outputDir, relativePath);\n        mkdirSync(dirname(filePath), { recursive: true });\n        writeFileSync(filePath, resource.body);\n        stats.resources++;\n        stats.bytes += resource.body.length;\n        console.error(`  ${relativePath} (${resource.body.length} bytes)`);\n      }\n    }\n  }\n\n  const aclUrl = `${containerUrl}.acl`;\n  const aclResource = await fetchResource(aclUrl, authHeader);\n  if (aclResource) {\n    const aclRelative = aclUrl.startsWith(podUrl) ? aclUrl.slice(podUrl.length) : `${containerUrl.slice(podUrl.length)}.acl`;\n    const aclPath = join(outputDir, aclRelative);\n    mkdirSync(dirname(aclPath), { recursive: true });\n    writeFileSync(aclPath, aclResource.body);\n    stats.resources++;\n    stats.bytes += aclResource.body.length;\n  }\n}\n\nasync function restoreFromDir(\n  dirPath: string,\n  podUrl: string,\n  authHeader: string,\n  basePath: string,\n  stats: { resources: number; bytes: number },\n): Promise<void> {\n  const entries = readdirSync(dirPath, { withFileTypes: true });\n\n  for (const entry of entries) {\n    if (entry.isDirectory()) {\n      const relativePath = relative(basePath, join(dirPath, entry.name));\n      const containerUrl = `${podUrl}${relativePath}/`;\n      try {\n        await fetch(containerUrl, {\n          method: 'PUT',\n          headers: {\n            'Content-Type': 'text/turtle',\n            Authorization: authHeader,\n          },\n          body: '',\n        });\n      } catch {\n        // Container may already exist\n      }\n      await restoreFromDir(join(dirPath, entry.name), podUrl, authHeader, basePath, stats);\n    }\n  }\n\n  for (const entry of entries) {\n    if (entry.isFile()) {\n      const filePath = join(dirPath, entry.name);\n      const relativePath = relative(basePath, filePath);\n      const resourceUrl = `${podUrl}${relativePath}`;\n      const body = readFileSync(filePath);\n\n      let contentType = 'application/octet-stream';\n      if (entry.name.endsWith('.ttl')) contentType = 'text/turtle';\n      else if (entry.name.endsWith('.json') || entry.name.endsWith('.jsonld')) contentType = 'application/ld+json';\n      else if (entry.name.endsWith('.acl')) contentType = 'text/turtle';\n      else if (entry.name.endsWith('.html')) contentType = 'text/html';\n      else if (entry.name.endsWith('.txt')) contentType = 'text/plain';\n      else if (entry.name.endsWith('.png')) contentType = 'image/png';\n      else if (entry.name.endsWith('.jpg') || entry.name.endsWith('.jpeg')) contentType = 'image/jpeg';\n\n      const res = await fetch(resourceUrl, {\n        method: 'PUT',\n        headers: {\n          'Content-Type': contentType,\n          Authorization: authHeader,\n        },\n        body,\n      });\n\n      if (res.ok) {\n        stats.resources++;\n        stats.bytes += body.length;\n        console.error(`  ${relativePath} (${body.length} bytes)`);\n      } else {\n        console.error(`  WARN: PUT ${resourceUrl} → ${res.status}`);\n      }\n    }\n  }\n}\n\nconst backupCommand: CommandModule<object, BackupExportArgs> = {\n  command: 'backup',\n  describe: 'Backup a Pod to a local directory',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', description: 'Account email (optional if credentials stored)' })\n      .option('password', { type: 'string', description: 'Account password (optional if credentials stored)' })\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL',\n      })\n      .option('output', {\n        alias: 'o',\n        type: 'string',\n        demandOption: true,\n        description: 'Output directory path',\n      }),\n  handler: async (argv) => {\n    const { authHeader, podUrl } = await resolveBackupAuth(argv);\n\n    console.log(`Backing up pod: ${podUrl}`);\n    console.log(`Output: ${argv.output}\\n`);\n\n    mkdirSync(argv.output, { recursive: true });\n    const stats = { resources: 0, bytes: 0 };\n\n    await crawlAndSave(podUrl, authHeader, podUrl, argv.output, stats);\n\n    console.log(`\\nBackup complete: ${stats.resources} resources, ${(stats.bytes / 1024).toFixed(1)} KB`);\n  },\n};\n\nconst restoreCommand: CommandModule<object, BackupImportArgs> = {\n  command: 'restore',\n  describe: 'Restore a Pod from a local backup directory',\n  builder: (yargs) =>\n    yargs\n      .option('email', { type: 'string', description: 'Account email (optional if credentials stored)' })\n      .option('password', { type: 'string', description: 'Account password (optional if credentials stored)' })\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL',\n      })\n      .option('input', {\n        alias: 'i',\n        type: 'string',\n        demandOption: true,\n        description: 'Input directory path',\n      }),\n  handler: async (argv) => {\n    if (!existsSync(argv.input) || !statSync(argv.input).isDirectory()) {\n      console.error(`Input path is not a directory: ${argv.input}`);\n      process.exit(1);\n    }\n\n    const { authHeader, podUrl } = await resolveBackupAuth(argv);\n\n    console.log(`Restoring to pod: ${podUrl}`);\n    console.log(`Input: ${argv.input}\\n`);\n\n    const stats = { resources: 0, bytes: 0 };\n    await restoreFromDir(argv.input, podUrl, authHeader, argv.input, stats);\n\n    console.log(`\\nRestore complete: ${stats.resources} resources, ${(stats.bytes / 1024).toFixed(1)} KB`);\n  },\n};\n\nexport { backupCommand, restoreCommand };\n"]}

package/dist/cli/commands/config.d.ts

@@ -1,8 +1,39 @@
 import type { CommandModule } from 'yargs';
 interface ConfigArgs {
-    url: string;
-    email: string;
-    password: string;
+    url?: string;
 }
+/**
+ * Config 子命令：配置 SecretaryAI 使用的 AI 服务。
+ *
+ * 写入 Pod 的两个资源，与服务端 PodChatKitStore.getAiConfig() 对齐：
+ *   /settings/ai/providers.ttl#{provider}       — Provider (baseUrl, displayName)
+ *   /settings/credentials.ttl#cred-{provider}   — Credential (apiKey, service=ai, status=active, provider link)
+ *
+ * 用法:
+ *   xpod config set --provider openai --model gpt-4o --api-key sk-xxx
+ *   xpod config set --api-key sk-new-key          # 更新已有 provider 的 key
+ *   xpod config show
+ *   xpod config reset
+ */
+export declare const UDFS_NS = "https://undefineds.co/ns#";
+/** provider name → default baseUrl */
+export declare const PROVIDER_BASE_URLS: Record<string, string>;
+export declare function maskSecret(value: string): string;
+export declare function credentialId(provider: string): string;
+/**
+ * Build SPARQL UPDATE to upsert a Provider at /settings/ai/providers.ttl#{id}
+ */
+export declare function buildProviderSparql(resourceUrl: string, providerId: string): string;
+/**
+ * Build SPARQL UPDATE to upsert a Credential at /settings/credentials.ttl#cred-{provider}
+ */
+export declare function buildCredentialSparql(resourceUrl: string, podUrl: string, provider: string, fields: {
+    apiKey?: string;
+    model?: string;
+}): string;
+/**
+ * Build SPARQL UPDATE to delete a Credential
+ */
+export declare function buildResetSparql(resourceUrl: string, provider: string): string;
 export declare const configCommand: CommandModule<object, ConfigArgs>;
 export {};