@undefineds.co/xpod 0.1.7 → 0.2.0

package/dist/cli/commands/config.js

@@ -1,320 +1,257 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.configCommand = void 0;
+exports.configCommand = exports.PROVIDER_BASE_URLS = exports.UDFS_NS = void 0;
+exports.maskSecret = maskSecret;
+exports.credentialId = credentialId;
+exports.buildProviderSparql = buildProviderSparql;
+exports.buildCredentialSparql = buildCredentialSparql;
+exports.buildResetSparql = buildResetSparql;
+const credentials_store_1 = require("../lib/credentials-store");
+const solid_auth_1 = require("../lib/solid-auth");
 /**
- * Config 子命令通过 Solid 协议读写 Pod 内的配置。
+ * Config 子命令：配置 SecretaryAI 使用的 AI 服务。
  *
- * 当前实现使用 CSS Account Token + 内部 API 代理来操作 Pod 数据。
- * 后续 PR 可切换为 DPoP token + 直接 Solid 协议访问。
+ * 写入 Pod 的两个资源，与服务端 PodChatKitStore.getAiConfig() 对齐：
+ *   /settings/ai/providers.ttl#{provider}       — Provider (baseUrl, displayName)
+ *   /settings/credentials.ttl#cred-{provider}   — Credential (apiKey, service=ai, status=active, provider link)
  *
- * 配置路径映射:
- *   ai.openai.api-key  → /settings/credentials.ttl 中 service=ai, provider 含 openai 的 apiKey 字段
- *   ai.openai.base-url → 同上的 baseUrl 字段
+ * 用法:
+ *   xpod config set --provider openai --model gpt-4o --api-key sk-xxx
+ *   xpod config set --api-key sk-new-key          # 更新已有 provider 的 key
+ *   xpod config show
+ *   xpod config reset
  */
-// Key path → credential field mapping
-const FIELD_MAP = {
-    'api-key': 'apiKey',
-    'base-url': 'baseUrl',
-    'proxy-url': 'proxyUrl',
-    'project-id': 'projectId',
-    'organization-id': 'organizationId',
-    'label': 'label',
+exports.UDFS_NS = 'https://undefineds.co/ns#';
+/** provider name → default baseUrl */
+exports.PROVIDER_BASE_URLS = {
+    openai: 'https://api.openai.com/v1',
+    google: 'https://generativelanguage.googleapis.com/v1beta/openai',
+    anthropic: 'https://api.anthropic.com/v1',
+    deepseek: 'https://api.deepseek.com/v1',
+    openrouter: 'https://openrouter.ai/api/v1',
+    ollama: 'http://localhost:11434/v1',
+    mistral: 'https://api.mistral.ai/v1',
+    cohere: 'https://api.cohere.ai/v1',
+    zhipu: 'https://open.bigmodel.cn/api/paas/v4',
 };
-function parseConfigKey(key) {
-    // e.g. ai.openai.api-key → service=ai, provider=openai, field=apiKey
-    const parts = key.split('.');
-    if (parts.length < 3)
-        return null;
-    const [service, provider, ...rest] = parts;
-    const fieldKey = rest.join('.');
-    const field = FIELD_MAP[fieldKey];
-    if (!field)
-        return null;
-    return { service, provider, field };
-}
 function maskSecret(value) {
     if (value.length <= 8)
         return '****';
     return value.slice(0, 4) + '****' + value.slice(-4);
 }
-async function getAuthToken(email, password, baseUrl) {
-    const { login } = await Promise.resolve().then(() => __importStar(require('../lib/css-account')));
-    const { checkServer } = await Promise.resolve().then(() => __importStar(require('../lib/css-account')));
-    if (!(await checkServer(baseUrl))) {
-        console.error(`Cannot reach server at ${baseUrl}`);
+function credentialId(provider) {
+    return `cred-${provider.toLowerCase()}`;
+}
+async function resolveAuth(argv) {
+    const creds = (0, credentials_store_1.loadCredentials)();
+    if (!creds) {
+        console.error('No credentials found. Run `xpod auth create-credentials` first.');
         process.exit(1);
     }
-    const token = await login(email, password, baseUrl);
-    if (!token) {
-        console.error('Login failed. Check email/password.');
+    const baseUrl = (argv.url ?? creds.url).replace(/\/?$/, '/');
+    const tokenResult = await (0, solid_auth_1.getAccessToken)(creds.clientId, creds.clientSecret, baseUrl);
+    if (!tokenResult) {
+        console.error('Failed to obtain access token. Credentials may be expired — run `xpod auth create-credentials` again.');
         process.exit(1);
     }
-    return token;
+    const webIdUrl = new URL(creds.webId);
+    const pathParts = webIdUrl.pathname.split('/').filter(Boolean);
+    const podUrl = `${webIdUrl.origin}/${pathParts[0]}/`;
+    return { accessToken: tokenResult.accessToken, podUrl };
 }
 /**
- * Read credentials from Pod via SPARQL through the API server.
- * Uses the /v1/pod/sparql endpoint which proxies SPARQL queries to the Pod.
+ * Build SPARQL UPDATE to upsert a Provider at /settings/ai/providers.ttl#{id}
  */
-async function readCredentials(baseUrl, token) {
-    // Use the CSS account token to read the credentials resource directly
-    const credUrl = `${baseUrl}.account/`;
-    const accountRes = await fetch(credUrl, {
-        headers: {
-            Accept: 'application/json',
-            Authorization: `CSS-Account-Token ${token}`,
-        },
-    });
-    if (!accountRes.ok)
-        return [];
-    const accountData = (await accountRes.json());
-    const pods = accountData.pods;
-    if (!pods || typeof pods !== 'object')
-        return [];
-    // Get the first pod URL
-    const podUrl = Object.values(pods)[0];
-    if (!podUrl)
-        return [];
-    // Read the credentials.ttl resource from the pod
-    const settingsUrl = `${podUrl}settings/credentials.ttl`;
-    const res = await fetch(settingsUrl, {
-        headers: {
-            Accept: 'application/json',
-            Authorization: `CSS-Account-Token ${token}`,
-        },
-    });
-    if (!res.ok)
-        return [];
-    try {
-        const data = await res.json();
-        if (Array.isArray(data))
-            return data;
-        return [];
+function buildProviderSparql(resourceUrl, providerId) {
+    const baseUrl = exports.PROVIDER_BASE_URLS[providerId.toLowerCase()];
+    const displayName = providerId.charAt(0).toUpperCase() + providerId.slice(1);
+    const subject = `<${resourceUrl}#${providerId}>`;
+    return `PREFIX udfs: <${exports.UDFS_NS}>
+DELETE { ${subject} udfs:baseUrl ?oldBase . ${subject} udfs:displayName ?oldName }
+INSERT { ${subject} a udfs:Provider ; udfs:displayName "${displayName}"${baseUrl ? ` ; udfs:baseUrl "${baseUrl}"` : ''} }
+WHERE { OPTIONAL { ${subject} udfs:baseUrl ?oldBase } OPTIONAL { ${subject} udfs:displayName ?oldName } }`;
+}
+/**
+ * Build SPARQL UPDATE to upsert a Credential at /settings/credentials.ttl#cred-{provider}
+ */
+function buildCredentialSparql(resourceUrl, podUrl, provider, fields) {
+    const credId = credentialId(provider);
+    const subject = `<${resourceUrl}#${credId}>`;
+    const providerUri = `<${podUrl}settings/ai/providers.ttl#${provider}>`;
+    const deletes = [];
+    const inserts = [
+        `${subject} a udfs:Credential`,
+        `udfs:service "ai"`,
+        `udfs:status "active"`,
+        `udfs:provider ${providerUri}`,
+    ];
+    const optionals = [];
+    // Always delete+reinsert provider link
+    deletes.push(`${subject} udfs:provider ?oldProv .`);
+    optionals.push(`OPTIONAL { ${subject} udfs:provider ?oldProv }`);
+    if (fields.apiKey) {
+        deletes.push(`${subject} udfs:apiKey ?oldKey .`);
+        optionals.push(`OPTIONAL { ${subject} udfs:apiKey ?oldKey }`);
+        inserts.push(`udfs:apiKey "${fields.apiKey}"`);
     }
-    catch {
-        return [];
+    if (fields.model) {
+        deletes.push(`${subject} udfs:defaultModel ?oldModel .`);
+        optionals.push(`OPTIONAL { ${subject} udfs:defaultModel ?oldModel }`);
+        inserts.push(`udfs:defaultModel "${fields.model}"`);
     }
+    return `PREFIX udfs: <${exports.UDFS_NS}>
+DELETE { ${deletes.join(' ')} }
+INSERT { ${inserts.join(' ;\n  ')} }
+WHERE { ${optionals.join(' ')} }`;
+}
+/**
+ * Build SPARQL UPDATE to delete a Credential
+ */
+function buildResetSparql(resourceUrl, provider) {
+    const credId = credentialId(provider);
+    const subject = `<${resourceUrl}#${credId}>`;
+    return `PREFIX udfs: <${exports.UDFS_NS}>\nDELETE WHERE { ${subject} ?p ?o }`;
+}
+async function writeProvider(podUrl, accessToken, providerId) {
+    const resource = `${podUrl}settings/ai/providers.ttl`;
+    const sparql = buildProviderSparql(resource, providerId);
+    const res = await (0, solid_auth_1.authenticatedFetch)(resource, accessToken, {
+        method: 'PATCH',
+        headers: { 'Content-Type': 'application/sparql-update' },
+        body: sparql,
+    });
+    return res.ok;
+}
+async function writeCredential(podUrl, accessToken, provider, fields) {
+    const resource = `${podUrl}settings/credentials.ttl`;
+    const sparql = buildCredentialSparql(resource, podUrl, provider, fields);
+    const res = await (0, solid_auth_1.authenticatedFetch)(resource, accessToken, {
+        method: 'PATCH',
+        headers: { 'Content-Type': 'application/sparql-update' },
+        body: sparql,
+    });
+    return res.ok;
 }
 const setCommand = {
-    command: 'set <key> <value>',
-    describe: 'Set a Pod configuration value',
+    command: 'set',
+    describe: 'Configure SecretaryAI (provider, model, api-key — one or more)',
     builder: (yargs) => yargs
-        .positional('key', { type: 'string', demandOption: true, description: 'Config key (e.g. ai.openai.api-key)' })
-        .positional('value', { type: 'string', demandOption: true, description: 'Config value' }),
-    handler: async (argv) => {
-        const parsed = parseConfigKey(argv.key);
-        if (!parsed) {
-            console.error(`Invalid config key: ${argv.key}`);
-            console.error('Format: <service>.<provider>.<field>');
-            console.error('Fields: api-key, base-url, proxy-url, project-id, organization-id, label');
-            process.exit(1);
+        .option('provider', { type: 'string', description: `AI provider (${Object.keys(exports.PROVIDER_BASE_URLS).join(', ')})` })
+        .option('model', { type: 'string', description: 'Default model name' })
+        .option('api-key', { type: 'string', description: 'API key' })
+        .check((argv) => {
+        if (!argv.provider && !argv.model && !argv['api-key']) {
+            throw new Error('Specify at least one of --provider, --model, or --api-key');
         }
-        const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;
-        const token = await getAuthToken(argv.email, argv.password, baseUrl);
-        // Get account info to find pod URL
-        const accountRes = await fetch(`${baseUrl}.account/`, {
-            headers: {
-                Accept: 'application/json',
-                Authorization: `CSS-Account-Token ${token}`,
-            },
-        });
-        if (!accountRes.ok) {
-            console.error('Failed to get account info.');
-            process.exit(1);
+        if ((argv.model || argv['api-key']) && !argv.provider) {
+            throw new Error('--provider is required when setting --model or --api-key');
         }
-        const accountData = (await accountRes.json());
-        const pods = accountData.pods;
-        const podUrl = pods ? Object.values(pods)[0] : undefined;
-        if (!podUrl) {
-            console.error('No pod found for this account.');
+        return true;
+    }),
+    handler: async (argv) => {
+        const { accessToken, podUrl } = await resolveAuth(argv);
+        const provider = argv.provider;
+        // Write provider
+        const provOk = await writeProvider(podUrl, accessToken, provider);
+        if (!provOk) {
+            console.error('Failed to write provider config.');
             process.exit(1);
         }
-        // Build SPARQL UPDATE to insert/update the credential
-        const credId = `cred-${parsed.provider}`;
-        const ns = 'http://undefineds.co/ns/';
-        const subject = `<${podUrl}settings/credentials.ttl#${credId}>`;
-        const sparql = `
-PREFIX udfs: <${ns}>
-DELETE { ${subject} udfs:${parsed.field} ?old }
-INSERT { ${subject} a udfs:Credential ;
-  udfs:service "${parsed.service}" ;
-  udfs:${parsed.field} "${argv.value}" }
-WHERE { OPTIONAL { ${subject} udfs:${parsed.field} ?old } }
-    `.trim();
-        const patchUrl = `${podUrl}settings/credentials.ttl`;
-        const patchRes = await fetch(patchUrl, {
-            method: 'PATCH',
-            headers: {
-                'Content-Type': 'application/sparql-update',
-                Authorization: `CSS-Account-Token ${token}`,
-            },
-            body: sparql,
+        // Write credential
+        const credOk = await writeCredential(podUrl, accessToken, provider, {
+            apiKey: argv['api-key'],
+            model: argv.model,
         });
-        if (patchRes.ok) {
-            const isSensitive = parsed.field === 'apiKey';
-            const display = isSensitive ? maskSecret(argv.value) : argv.value;
-            console.log(`Set ${argv.key} = ${display}`);
-        }
-        else {
-            const text = await patchRes.text();
-            console.error(`Failed to set config: ${patchRes.status} ${text.slice(0, 200)}`);
+        if (!credOk) {
+            console.error('Failed to write credential config.');
             process.exit(1);
         }
+        console.log(`  provider: ${provider}`);
+        if (argv.model)
+            console.log(`  model:    ${argv.model}`);
+        if (argv['api-key'])
+            console.log(`  api-key:  ${maskSecret(argv['api-key'])}`);
+        console.log('SecretaryAI config saved.');
     },
 };
-const getCommand = {
-    command: 'get <key>',
-    describe: 'Get Pod configuration (masked for secrets)',
-    builder: (yargs) => yargs
-        .positional('key', { type: 'string', demandOption: true, description: 'Config key prefix (e.g. ai)' }),
+const showCommand = {
+    command: 'show',
+    describe: 'Show current SecretaryAI config',
+    builder: (yargs) => yargs,
     handler: async (argv) => {
-        const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;
-        const token = await getAuthToken(argv.email, argv.password, baseUrl);
-        const creds = await readCredentials(baseUrl, token);
-        if (creds.length === 0) {
-            console.log('No credentials configured.');
-            return;
-        }
-        // Filter by key prefix
-        const prefix = argv.key.toLowerCase();
-        const filtered = creds.filter((c) => {
-            const service = (c.service ?? '').toLowerCase();
-            return service.startsWith(prefix) || prefix === 'all';
+        const { accessToken, podUrl } = await resolveAuth(argv);
+        const resource = `${podUrl}settings/credentials.ttl`;
+        const res = await (0, solid_auth_1.authenticatedFetch)(resource, accessToken, {
+            headers: { Accept: 'text/turtle' },
         });
-        if (filtered.length === 0) {
-            console.log(`No credentials matching "${argv.key}".`);
+        if (!res.ok) {
+            console.log('No SecretaryAI config found. Use `xpod config set --provider openai --api-key sk-xxx` to configure.');
             return;
         }
-        for (const c of filtered) {
-            console.log(`[${c.service ?? 'unknown'}] ${c.label ?? c.id ?? 'unnamed'}`);
-            if (c.apiKey)
-                console.log(`  api-key:  ${maskSecret(c.apiKey)}`);
-            if (c.baseUrl)
-                console.log(`  base-url: ${c.baseUrl}`);
-            if (c.proxyUrl)
-                console.log(`  proxy:    ${c.proxyUrl}`);
-        }
-    },
-};
-const listConfigCommand = {
-    command: 'list',
-    describe: 'List all Pod configurations',
-    builder: (yargs) => yargs,
-    handler: async (argv) => {
-        const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;
-        const token = await getAuthToken(argv.email, argv.password, baseUrl);
-        const creds = await readCredentials(baseUrl, token);
-        if (creds.length === 0) {
-            console.log('No credentials configured.');
-            return;
+        const turtle = await res.text();
+        // Parse simple triples from turtle to find AI credentials
+        const credBlocks = turtle.split(/(?=<[^>]*#cred-)/);
+        let found = false;
+        for (const block of credBlocks) {
+            if (!block.includes('service') || !block.includes('"ai"'))
+                continue;
+            found = true;
+            const providerMatch = block.match(/providers\.ttl#(\w+)/);
+            const apiKeyMatch = block.match(/apiKey\s+"([^"]+)"/);
+            const modelMatch = block.match(/defaultModel\s+"([^"]+)"/);
+            if (providerMatch)
+                console.log(`  provider: ${providerMatch[1]}`);
+            if (modelMatch)
+                console.log(`  model:    ${modelMatch[1]}`);
+            if (apiKeyMatch)
+                console.log(`  api-key:  ${maskSecret(apiKeyMatch[1])}`);
         }
-        for (const c of creds) {
-            console.log(`[${c.service ?? 'unknown'}] ${c.label ?? c.id ?? 'unnamed'}`);
-            if (c.apiKey)
-                console.log(`  api-key:  ${maskSecret(c.apiKey)}`);
-            if (c.baseUrl)
-                console.log(`  base-url: ${c.baseUrl}`);
-            if (c.proxyUrl)
-                console.log(`  proxy:    ${c.proxyUrl}`);
-            console.log();
+        if (!found) {
+            console.log('No SecretaryAI config found. Use `xpod config set --provider openai --api-key sk-xxx` to configure.');
         }
     },
 };
-const unsetCommand = {
-    command: 'unset <key>',
-    describe: 'Remove a Pod configuration',
-    builder: (yargs) => yargs
-        .positional('key', { type: 'string', demandOption: true, description: 'Config key prefix to remove (e.g. ai.openai)' }),
+const resetCommand = {
+    command: 'reset',
+    describe: 'Remove SecretaryAI config',
+    builder: (yargs) => yargs.option('provider', {
+        type: 'string',
+        description: 'Provider to remove',
+        demandOption: true,
+    }),
     handler: async (argv) => {
-        const parts = argv.key.split('.');
-        if (parts.length < 2) {
-            console.error('Format: <service>.<provider>');
-            process.exit(1);
-        }
-        const [, provider] = parts;
-        const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;
-        const token = await getAuthToken(argv.email, argv.password, baseUrl);
-        // Get pod URL
-        const accountRes = await fetch(`${baseUrl}.account/`, {
-            headers: {
-                Accept: 'application/json',
-                Authorization: `CSS-Account-Token ${token}`,
-            },
-        });
-        if (!accountRes.ok) {
-            console.error('Failed to get account info.');
-            process.exit(1);
-        }
-        const accountData = (await accountRes.json());
-        const pods = accountData.pods;
-        const podUrl = pods ? Object.values(pods)[0] : undefined;
-        if (!podUrl) {
-            console.error('No pod found for this account.');
-            process.exit(1);
-        }
-        const credId = `cred-${provider}`;
-        const subject = `<${podUrl}settings/credentials.ttl#${credId}>`;
-        const sparql = `DELETE WHERE { ${subject} ?p ?o }`;
-        const patchUrl = `${podUrl}settings/credentials.ttl`;
-        const patchRes = await fetch(patchUrl, {
+        const { accessToken, podUrl } = await resolveAuth(argv);
+        const provider = argv.provider;
+        const resource = `${podUrl}settings/credentials.ttl`;
+        const sparql = buildResetSparql(resource, provider);
+        const res = await (0, solid_auth_1.authenticatedFetch)(resource, accessToken, {
             method: 'PATCH',
-            headers: {
-                'Content-Type': 'application/sparql-update',
-                Authorization: `CSS-Account-Token ${token}`,
-            },
+            headers: { 'Content-Type': 'application/sparql-update' },
             body: sparql,
         });
-        if (patchRes.ok) {
-            console.log(`Removed config for ${argv.key}`);
+        if (res.ok) {
+            console.log(`SecretaryAI config for ${provider} removed.`);
         }
         else {
-            const text = await patchRes.text();
-            console.error(`Failed to unset config: ${patchRes.status} ${text.slice(0, 200)}`);
+            const text = await res.text();
+            console.error(`Failed to reset config: ${res.status} ${text.slice(0, 200)}`);
             process.exit(1);
         }
     },
 };
 exports.configCommand = {
     command: 'config',
-    describe: 'Pod configuration management',
+    describe: 'SecretaryAI configuration (provider, model, api-key)',
     builder: (yargs) => yargs
         .option('url', {
         alias: 'u',
         type: 'string',
-        description: 'Server base URL',
-        default: process.env.CSS_BASE_URL || 'http://localhost:3000',
+        description: 'Server base URL (default: from ~/.xpod/)',
     })
-        .option('email', { type: 'string', demandOption: true, description: 'Account email' })
-        .option('password', { type: 'string', demandOption: true, description: 'Account password' })
         .command(setCommand)
-        .command(getCommand)
-        .command(listConfigCommand)
-        .command(unsetCommand)
+        .command(showCommand)
+        .command(resetCommand)
         .demandCommand(1, 'Please specify a config subcommand'),
-    handler: () => {
-        // parent command, no-op
-    },
+    handler: () => { },
 };
 //# sourceMappingURL=config.js.map

package/dist/cli/commands/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/cli/commands/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA;;;;;;;;;GASG;AAEH,sCAAsC;AACtC,MAAM,SAAS,GAA2B;IACxC,SAAS,EAAE,QAAQ;IACnB,UAAU,EAAE,SAAS;IACrB,WAAW,EAAE,UAAU;IACvB,YAAY,EAAE,WAAW;IACzB,iBAAiB,EAAE,gBAAgB;IACnC,OAAO,EAAE,OAAO;CACjB,CAAC;AAEF,SAAS,cAAc,CAAC,GAAW;IACjC,qEAAqE;IACrE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAa,EAAE,QAAgB,EAAE,OAAe;IAC1E,MAAM,EAAE,KAAK,EAAE,GAAG,wDAAa,oBAAoB,GAAC,CAAC;IACrD,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,oBAAoB,GAAC,CAAC;IAE3D,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAe,EACf,KAAa;IAEb,sEAAsE;IACtE,MAAM,OAAO,GAAG,GAAG,OAAO,WAAW,CAAC;IACtC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;QACtC,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;SAC5C;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,UAAU,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IAE9B,MAAM,WAAW,GAAG,CAAC,MAAM,UAAU,CAAC,IAAI,EAAE,CAAuE,CAAC;IACpH,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;IAC9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEjD,wBAAwB;IACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAEvB,iDAAiD;IACjD,MAAM,WAAW,GAAG,GAAG,MAAM,0BAA0B,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;SAC5C;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IAEvB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAqC,CAAC;QACtE,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,GAAuC;IACrD,OAAO,EAAE,mBAAmB;IAC5B,QAAQ,EAAE,+BAA+B;IACzC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,qCAAqC,EAAE,CAAC;SAC7G,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;IAC7F,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,uBAAuB,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,0EAA0E,CAAC,CAAC;YAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;QACnE,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAErE,mCAAmC;QACnC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;YACpD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,MAAM,UAAU,CAAC,IAAI,EAAE,CAAsC,CAAC;QACnF,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,sDAAsD;QACtD,MAAM,MAAM,GAAG,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,0BAA0B,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,MAAM,4BAA4B,MAAM,GAAG,CAAC;QAEhE,MAAM,MAAM,GAAG;gBACH,EAAE;WACP,OAAO,SAAS,MAAM,CAAC,KAAK;WAC5B,OAAO;kBACA,MAAM,CAAC,OAAO;SACvB,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK;qBACf,OAAO,SAAS,MAAM,CAAC,KAAK;KAC5C,CAAC,IAAI,EAAE,CAAC;QAET,MAAM,QAAQ,GAAG,GAAG,MAAM,0BAA0B,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,OAAO;YACf,OAAO,EAAE;gBACP,cAAc,EAAE,2BAA2B;gBAC3C,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;YACD,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC;YAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;YAClE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,MAAM,OAAO,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,UAAU,GAAuC;IACrD,OAAO,EAAE,WAAW;IACpB,QAAQ,EAAE,4CAA4C;IACtD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,6BAA6B,EAAE,CAAC;IAC1G,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;QACnE,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,uBAAuB;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAClC,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAChD,OAAO,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,MAAM,KAAK,KAAK,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,IAAI,SAAS,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,IAAI,SAAS,EAAE,CAAC,CAAC;YAC3E,IAAI,CAAC,CAAC,MAAM;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjE,IAAI,CAAC,CAAC,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,IAAI,CAAC,CAAC,QAAQ;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAA0C;IAC/D,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,6BAA6B;IACvC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK;IACzB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;QACnE,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,IAAI,SAAS,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,IAAI,SAAS,EAAE,CAAC,CAAC;YAC3E,IAAI,CAAC,CAAC,MAAM;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjE,IAAI,CAAC,CAAC,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,IAAI,CAAC,CAAC,QAAQ;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,YAAY,GAAyC;IACzD,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,4BAA4B;IACtC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,8CAA8C,EAAE,CAAC;IAC3H,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;QACnE,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAErE,cAAc;QACd,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;YACpD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,MAAM,UAAU,CAAC,IAAI,EAAE,CAAsC,CAAC;QACnF,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,QAAQ,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,MAAM,4BAA4B,MAAM,GAAG,CAAC;QAEhE,MAAM,MAAM,GAAG,kBAAkB,OAAO,UAAU,CAAC;QAEnD,MAAM,QAAQ,GAAG,GAAG,MAAM,0BAA0B,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,OAAO;YACf,OAAO,EAAE;gBACP,cAAc,EAAE,2BAA2B;gBAC3C,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;YACD,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF,CAAC;AAEW,QAAA,aAAa,GAAsC;IAC9D,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,8BAA8B;IACxC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iBAAiB;QAC9B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB;KAC7D,CAAC;SACD,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SACrF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;SAC3F,OAAO,CAAC,UAAU,CAAC;SACnB,OAAO,CAAC,UAAU,CAAC;SACnB,OAAO,CAAC,iBAAiB,CAAC;SAC1B,OAAO,CAAC,YAAY,CAAC;SACrB,aAAa,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAC3D,OAAO,EAAE,GAAG,EAAE;QACZ,wBAAwB;IAC1B,CAAC;CACF,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\n\ninterface ConfigArgs {\n  url: string;\n  email: string;\n  password: string;\n}\n\ninterface SetArgs extends ConfigArgs {\n  key: string;\n  value: string;\n}\n\ninterface GetArgs extends ConfigArgs {\n  key: string;\n}\n\ninterface UnsetArgs extends ConfigArgs {\n  key: string;\n}\n\n/**\n * Config 子命令通过 Solid 协议读写 Pod 内的配置。\n *\n * 当前实现使用 CSS Account Token + 内部 API 代理来操作 Pod 数据。\n * 后续 PR 可切换为 DPoP token + 直接 Solid 协议访问。\n *\n * 配置路径映射:\n *   ai.openai.api-key  → /settings/credentials.ttl 中 service=ai, provider 含 openai 的 apiKey 字段\n *   ai.openai.base-url → 同上的 baseUrl 字段\n */\n\n// Key path → credential field mapping\nconst FIELD_MAP: Record<string, string> = {\n  'api-key': 'apiKey',\n  'base-url': 'baseUrl',\n  'proxy-url': 'proxyUrl',\n  'project-id': 'projectId',\n  'organization-id': 'organizationId',\n  'label': 'label',\n};\n\nfunction parseConfigKey(key: string): { service: string; provider: string; field: string } | null {\n  // e.g. ai.openai.api-key → service=ai, provider=openai, field=apiKey\n  const parts = key.split('.');\n  if (parts.length < 3) return null;\n  const [service, provider, ...rest] = parts;\n  const fieldKey = rest.join('.');\n  const field = FIELD_MAP[fieldKey];\n  if (!field) return null;\n  return { service, provider, field };\n}\n\nfunction maskSecret(value: string): string {\n  if (value.length <= 8) return '****';\n  return value.slice(0, 4) + '****' + value.slice(-4);\n}\n\nasync function getAuthToken(email: string, password: string, baseUrl: string): Promise<string> {\n  const { login } = await import('../lib/css-account');\n  const { checkServer } = await import('../lib/css-account');\n\n  if (!(await checkServer(baseUrl))) {\n    console.error(`Cannot reach server at ${baseUrl}`);\n    process.exit(1);\n  }\n\n  const token = await login(email, password, baseUrl);\n  if (!token) {\n    console.error('Login failed. Check email/password.');\n    process.exit(1);\n  }\n  return token;\n}\n\n/**\n * Read credentials from Pod via SPARQL through the API server.\n * Uses the /v1/pod/sparql endpoint which proxies SPARQL queries to the Pod.\n */\nasync function readCredentials(\n  baseUrl: string,\n  token: string,\n): Promise<Array<Record<string, string>>> {\n  // Use the CSS account token to read the credentials resource directly\n  const credUrl = `${baseUrl}.account/`;\n  const accountRes = await fetch(credUrl, {\n    headers: {\n      Accept: 'application/json',\n      Authorization: `CSS-Account-Token ${token}`,\n    },\n  });\n\n  if (!accountRes.ok) return [];\n\n  const accountData = (await accountRes.json()) as { webIds?: Record<string, string>; pods?: Record<string, string> };\n  const pods = accountData.pods;\n  if (!pods || typeof pods !== 'object') return [];\n\n  // Get the first pod URL\n  const podUrl = Object.values(pods)[0];\n  if (!podUrl) return [];\n\n  // Read the credentials.ttl resource from the pod\n  const settingsUrl = `${podUrl}settings/credentials.ttl`;\n  const res = await fetch(settingsUrl, {\n    headers: {\n      Accept: 'application/json',\n      Authorization: `CSS-Account-Token ${token}`,\n    },\n  });\n\n  if (!res.ok) return [];\n\n  try {\n    const data = await res.json();\n    if (Array.isArray(data)) return data as Array<Record<string, string>>;\n    return [];\n  } catch {\n    return [];\n  }\n}\n\nconst setCommand: CommandModule<ConfigArgs, SetArgs> = {\n  command: 'set <key> <value>',\n  describe: 'Set a Pod configuration value',\n  builder: (yargs) =>\n    yargs\n      .positional('key', { type: 'string', demandOption: true, description: 'Config key (e.g. ai.openai.api-key)' })\n      .positional('value', { type: 'string', demandOption: true, description: 'Config value' }),\n  handler: async (argv) => {\n    const parsed = parseConfigKey(argv.key);\n    if (!parsed) {\n      console.error(`Invalid config key: ${argv.key}`);\n      console.error('Format: <service>.<provider>.<field>');\n      console.error('Fields: api-key, base-url, proxy-url, project-id, organization-id, label');\n      process.exit(1);\n    }\n\n    const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;\n    const token = await getAuthToken(argv.email, argv.password, baseUrl);\n\n    // Get account info to find pod URL\n    const accountRes = await fetch(`${baseUrl}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n\n    if (!accountRes.ok) {\n      console.error('Failed to get account info.');\n      process.exit(1);\n    }\n\n    const accountData = (await accountRes.json()) as { pods?: Record<string, string> };\n    const pods = accountData.pods;\n    const podUrl = pods ? Object.values(pods)[0] : undefined;\n\n    if (!podUrl) {\n      console.error('No pod found for this account.');\n      process.exit(1);\n    }\n\n    // Build SPARQL UPDATE to insert/update the credential\n    const credId = `cred-${parsed.provider}`;\n    const ns = 'http://undefineds.co/ns/';\n    const subject = `<${podUrl}settings/credentials.ttl#${credId}>`;\n\n    const sparql = `\nPREFIX udfs: <${ns}>\nDELETE { ${subject} udfs:${parsed.field} ?old }\nINSERT { ${subject} a udfs:Credential ;\n  udfs:service \"${parsed.service}\" ;\n  udfs:${parsed.field} \"${argv.value}\" }\nWHERE { OPTIONAL { ${subject} udfs:${parsed.field} ?old } }\n    `.trim();\n\n    const patchUrl = `${podUrl}settings/credentials.ttl`;\n    const patchRes = await fetch(patchUrl, {\n      method: 'PATCH',\n      headers: {\n        'Content-Type': 'application/sparql-update',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n      body: sparql,\n    });\n\n    if (patchRes.ok) {\n      const isSensitive = parsed.field === 'apiKey';\n      const display = isSensitive ? maskSecret(argv.value) : argv.value;\n      console.log(`Set ${argv.key} = ${display}`);\n    } else {\n      const text = await patchRes.text();\n      console.error(`Failed to set config: ${patchRes.status} ${text.slice(0, 200)}`);\n      process.exit(1);\n    }\n  },\n};\n\nconst getCommand: CommandModule<ConfigArgs, GetArgs> = {\n  command: 'get <key>',\n  describe: 'Get Pod configuration (masked for secrets)',\n  builder: (yargs) =>\n    yargs\n      .positional('key', { type: 'string', demandOption: true, description: 'Config key prefix (e.g. ai)' }),\n  handler: async (argv) => {\n    const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;\n    const token = await getAuthToken(argv.email, argv.password, baseUrl);\n    const creds = await readCredentials(baseUrl, token);\n\n    if (creds.length === 0) {\n      console.log('No credentials configured.');\n      return;\n    }\n\n    // Filter by key prefix\n    const prefix = argv.key.toLowerCase();\n    const filtered = creds.filter((c) => {\n      const service = (c.service ?? '').toLowerCase();\n      return service.startsWith(prefix) || prefix === 'all';\n    });\n\n    if (filtered.length === 0) {\n      console.log(`No credentials matching \"${argv.key}\".`);\n      return;\n    }\n\n    for (const c of filtered) {\n      console.log(`[${c.service ?? 'unknown'}] ${c.label ?? c.id ?? 'unnamed'}`);\n      if (c.apiKey) console.log(`  api-key:  ${maskSecret(c.apiKey)}`);\n      if (c.baseUrl) console.log(`  base-url: ${c.baseUrl}`);\n      if (c.proxyUrl) console.log(`  proxy:    ${c.proxyUrl}`);\n    }\n  },\n};\n\nconst listConfigCommand: CommandModule<ConfigArgs, ConfigArgs> = {\n  command: 'list',\n  describe: 'List all Pod configurations',\n  builder: (yargs) => yargs,\n  handler: async (argv) => {\n    const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;\n    const token = await getAuthToken(argv.email, argv.password, baseUrl);\n    const creds = await readCredentials(baseUrl, token);\n\n    if (creds.length === 0) {\n      console.log('No credentials configured.');\n      return;\n    }\n\n    for (const c of creds) {\n      console.log(`[${c.service ?? 'unknown'}] ${c.label ?? c.id ?? 'unnamed'}`);\n      if (c.apiKey) console.log(`  api-key:  ${maskSecret(c.apiKey)}`);\n      if (c.baseUrl) console.log(`  base-url: ${c.baseUrl}`);\n      if (c.proxyUrl) console.log(`  proxy:    ${c.proxyUrl}`);\n      console.log();\n    }\n  },\n};\n\nconst unsetCommand: CommandModule<ConfigArgs, UnsetArgs> = {\n  command: 'unset <key>',\n  describe: 'Remove a Pod configuration',\n  builder: (yargs) =>\n    yargs\n      .positional('key', { type: 'string', demandOption: true, description: 'Config key prefix to remove (e.g. ai.openai)' }),\n  handler: async (argv) => {\n    const parts = argv.key.split('.');\n    if (parts.length < 2) {\n      console.error('Format: <service>.<provider>');\n      process.exit(1);\n    }\n\n    const [, provider] = parts;\n    const baseUrl = argv.url.endsWith('/') ? argv.url : `${argv.url}/`;\n    const token = await getAuthToken(argv.email, argv.password, baseUrl);\n\n    // Get pod URL\n    const accountRes = await fetch(`${baseUrl}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n\n    if (!accountRes.ok) {\n      console.error('Failed to get account info.');\n      process.exit(1);\n    }\n\n    const accountData = (await accountRes.json()) as { pods?: Record<string, string> };\n    const pods = accountData.pods;\n    const podUrl = pods ? Object.values(pods)[0] : undefined;\n\n    if (!podUrl) {\n      console.error('No pod found for this account.');\n      process.exit(1);\n    }\n\n    const credId = `cred-${provider}`;\n    const subject = `<${podUrl}settings/credentials.ttl#${credId}>`;\n\n    const sparql = `DELETE WHERE { ${subject} ?p ?o }`;\n\n    const patchUrl = `${podUrl}settings/credentials.ttl`;\n    const patchRes = await fetch(patchUrl, {\n      method: 'PATCH',\n      headers: {\n        'Content-Type': 'application/sparql-update',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n      body: sparql,\n    });\n\n    if (patchRes.ok) {\n      console.log(`Removed config for ${argv.key}`);\n    } else {\n      const text = await patchRes.text();\n      console.error(`Failed to unset config: ${patchRes.status} ${text.slice(0, 200)}`);\n      process.exit(1);\n    }\n  },\n};\n\nexport const configCommand: CommandModule<object, ConfigArgs> = {\n  command: 'config',\n  describe: 'Pod configuration management',\n  builder: (yargs) =>\n    yargs\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL',\n        default: process.env.CSS_BASE_URL || 'http://localhost:3000',\n      })\n      .option('email', { type: 'string', demandOption: true, description: 'Account email' })\n      .option('password', { type: 'string', demandOption: true, description: 'Account password' })\n      .command(setCommand)\n      .command(getCommand)\n      .command(listConfigCommand)\n      .command(unsetCommand)\n      .demandCommand(1, 'Please specify a config subcommand'),\n  handler: () => {\n    // parent command, no-op\n  },\n};\n"]}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/cli/commands/config.ts"],"names":[],"mappings":";;;AA2CA,gCAGC;AAED,oCAEC;AA2BD,kDASC;AAKD,sDAsCC;AAKD,4CAIC;AAzID,gEAA2D;AAC3D,kDAAuE;AAYvE;;;;;;;;;;;;GAYG;AAEU,QAAA,OAAO,GAAG,2BAA2B,CAAC;AAEnD,sCAAsC;AACzB,QAAA,kBAAkB,GAA2B;IACxD,MAAM,EAAE,2BAA2B;IACnC,MAAM,EAAE,yDAAyD;IACjE,SAAS,EAAE,8BAA8B;IACzC,QAAQ,EAAE,6BAA6B;IACvC,UAAU,EAAE,8BAA8B;IAC1C,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,2BAA2B;IACpC,MAAM,EAAE,0BAA0B;IAClC,KAAK,EAAE,sCAAsC;CAC9C,CAAC;AAEF,SAAgB,UAAU,CAAC,KAAa;IACtC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAgB;IACzC,MAAM,KAAK,GAAG,IAAA,mCAAe,GAAE,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACjF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7D,MAAM,WAAW,GAAG,MAAM,IAAA,2BAAc,EAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACtF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,uGAAuG,CAAC,CAAC;QACvH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;IAErD,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,WAAmB,EAAE,UAAkB;IACzE,MAAM,OAAO,GAAG,0BAAkB,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,IAAI,WAAW,IAAI,UAAU,GAAG,CAAC;IAEjD,OAAO,iBAAiB,eAAO;WACtB,OAAO,4BAA4B,OAAO;WAC1C,OAAO,wCAAwC,WAAW,IAAI,OAAO,CAAC,CAAC,CAAC,oBAAoB,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE;qBACjG,OAAO,uCAAuC,OAAO,gCAAgC,CAAC;AAC3G,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,WAAmB,EACnB,MAAc,EACd,QAAgB,EAChB,MAA2C;IAE3C,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,IAAI,MAAM,GAAG,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,MAAM,6BAA6B,QAAQ,GAAG,CAAC;IAEvE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAa;QACxB,GAAG,OAAO,oBAAoB;QAC9B,mBAAmB;QACnB,sBAAsB;QACtB,iBAAiB,WAAW,EAAE;KAC/B,CAAC;IACF,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,uCAAuC;IACvC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,2BAA2B,CAAC,CAAC;IACpD,SAAS,CAAC,IAAI,CAAC,cAAc,OAAO,2BAA2B,CAAC,CAAC;IAEjE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,wBAAwB,CAAC,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,cAAc,OAAO,wBAAwB,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,gCAAgC,CAAC,CAAC;QACzD,SAAS,CAAC,IAAI,CAAC,cAAc,OAAO,gCAAgC,CAAC,CAAC;QACtE,OAAO,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,iBAAiB,eAAO;WACtB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;WACjB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;UACvB,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,WAAmB,EAAE,QAAgB;IACpE,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,IAAI,MAAM,GAAG,CAAC;IAC7C,OAAO,iBAAiB,eAAO,qBAAqB,OAAO,UAAU,CAAC;AACxE,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,WAAmB,EAAE,UAAkB;IAClF,MAAM,QAAQ,GAAG,GAAG,MAAM,2BAA2B,CAAC;IACtD,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE;QAC1D,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;QACxD,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,WAAmB,EACnB,QAAgB,EAChB,MAA2C;IAE3C,MAAM,QAAQ,GAAG,GAAG,MAAM,0BAA0B,CAAC;IACrD,MAAM,MAAM,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE;QAC1D,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;QACxD,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,GAAuC;IACrD,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,gEAAgE;IAC1E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,MAAM,CAAC,IAAI,CAAC,0BAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;SAClH,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAC;SACtE,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;SAC7D,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;QACd,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAS,CAAC;QAEhC,iBAAiB;QACjB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,mBAAmB;QACnB,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;YAClE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,EAAE,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACzD,IAAI,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;CACF,CAAC;AAEF,MAAM,WAAW,GAA0C;IACzD,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,iCAAiC;IAC3C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK;IACzB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,GAAG,MAAM,0BAA0B,CAAC;QACrD,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE;YAC1D,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,qGAAqG,CAAC,CAAC;YACnH,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAChC,0DAA0D;QAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACpD,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,SAAS;YACpE,KAAK,GAAG,IAAI,CAAC;YAEb,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACtD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAE3D,IAAI,aAAa;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAClE,IAAI,UAAU;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5D,IAAI,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,qGAAqG,CAAC,CAAC;QACrH,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,YAAY,GAAuC;IACvD,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,2BAA2B;IACrC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE;QACvB,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,oBAAoB;QACjC,YAAY,EAAE,IAAI;KACnB,CAAC;IACJ,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAS,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,MAAM,0BAA0B,CAAC;QACrD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEpD,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE;YAC1D,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;YACxD,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,0BAA0B,QAAQ,WAAW,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,2BAA2B,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF,CAAC;AAEW,QAAA,aAAa,GAAsC;IAC9D,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,sDAAsD;IAChE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,0CAA0C;KACxD,CAAC;SACD,OAAO,CAAC,UAAU,CAAC;SACnB,OAAO,CAAC,WAAW,CAAC;SACpB,OAAO,CAAC,YAAY,CAAC;SACrB,aAAa,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAC3D,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;CAClB,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\nimport { loadCredentials } from '../lib/credentials-store';\nimport { getAccessToken, authenticatedFetch } from '../lib/solid-auth';\n\ninterface ConfigArgs {\n  url?: string;\n}\n\ninterface SetArgs extends ConfigArgs {\n  provider?: string;\n  model?: string;\n  'api-key'?: string;\n}\n\n/**\n * Config 子命令：配置 SecretaryAI 使用的 AI 服务。\n *\n * 写入 Pod 的两个资源，与服务端 PodChatKitStore.getAiConfig() 对齐：\n *   /settings/ai/providers.ttl#{provider}       — Provider (baseUrl, displayName)\n *   /settings/credentials.ttl#cred-{provider}   — Credential (apiKey, service=ai, status=active, provider link)\n *\n * 用法:\n *   xpod config set --provider openai --model gpt-4o --api-key sk-xxx\n *   xpod config set --api-key sk-new-key          # 更新已有 provider 的 key\n *   xpod config show\n *   xpod config reset\n */\n\nexport const UDFS_NS = 'https://undefineds.co/ns#';\n\n/** provider name → default baseUrl */\nexport const PROVIDER_BASE_URLS: Record<string, string> = {\n  openai: 'https://api.openai.com/v1',\n  google: 'https://generativelanguage.googleapis.com/v1beta/openai',\n  anthropic: 'https://api.anthropic.com/v1',\n  deepseek: 'https://api.deepseek.com/v1',\n  openrouter: 'https://openrouter.ai/api/v1',\n  ollama: 'http://localhost:11434/v1',\n  mistral: 'https://api.mistral.ai/v1',\n  cohere: 'https://api.cohere.ai/v1',\n  zhipu: 'https://open.bigmodel.cn/api/paas/v4',\n};\n\nexport function maskSecret(value: string): string {\n  if (value.length <= 8) return '****';\n  return value.slice(0, 4) + '****' + value.slice(-4);\n}\n\nexport function credentialId(provider: string): string {\n  return `cred-${provider.toLowerCase()}`;\n}\n\nasync function resolveAuth(argv: ConfigArgs): Promise<{ accessToken: string; podUrl: string }> {\n  const creds = loadCredentials();\n  if (!creds) {\n    console.error('No credentials found. Run `xpod auth create-credentials` first.');\n    process.exit(1);\n  }\n\n  const baseUrl = (argv.url ?? creds.url).replace(/\\/?$/, '/');\n\n  const tokenResult = await getAccessToken(creds.clientId, creds.clientSecret, baseUrl);\n  if (!tokenResult) {\n    console.error('Failed to obtain access token. Credentials may be expired — run `xpod auth create-credentials` again.');\n    process.exit(1);\n  }\n\n  const webIdUrl = new URL(creds.webId);\n  const pathParts = webIdUrl.pathname.split('/').filter(Boolean);\n  const podUrl = `${webIdUrl.origin}/${pathParts[0]}/`;\n\n  return { accessToken: tokenResult.accessToken, podUrl };\n}\n\n/**\n * Build SPARQL UPDATE to upsert a Provider at /settings/ai/providers.ttl#{id}\n */\nexport function buildProviderSparql(resourceUrl: string, providerId: string): string {\n  const baseUrl = PROVIDER_BASE_URLS[providerId.toLowerCase()];\n  const displayName = providerId.charAt(0).toUpperCase() + providerId.slice(1);\n  const subject = `<${resourceUrl}#${providerId}>`;\n\n  return `PREFIX udfs: <${UDFS_NS}>\nDELETE { ${subject} udfs:baseUrl ?oldBase . ${subject} udfs:displayName ?oldName }\nINSERT { ${subject} a udfs:Provider ; udfs:displayName \"${displayName}\"${baseUrl ? ` ; udfs:baseUrl \"${baseUrl}\"` : ''} }\nWHERE { OPTIONAL { ${subject} udfs:baseUrl ?oldBase } OPTIONAL { ${subject} udfs:displayName ?oldName } }`;\n}\n\n/**\n * Build SPARQL UPDATE to upsert a Credential at /settings/credentials.ttl#cred-{provider}\n */\nexport function buildCredentialSparql(\n  resourceUrl: string,\n  podUrl: string,\n  provider: string,\n  fields: { apiKey?: string; model?: string },\n): string {\n  const credId = credentialId(provider);\n  const subject = `<${resourceUrl}#${credId}>`;\n  const providerUri = `<${podUrl}settings/ai/providers.ttl#${provider}>`;\n\n  const deletes: string[] = [];\n  const inserts: string[] = [\n    `${subject} a udfs:Credential`,\n    `udfs:service \"ai\"`,\n    `udfs:status \"active\"`,\n    `udfs:provider ${providerUri}`,\n  ];\n  const optionals: string[] = [];\n\n  // Always delete+reinsert provider link\n  deletes.push(`${subject} udfs:provider ?oldProv .`);\n  optionals.push(`OPTIONAL { ${subject} udfs:provider ?oldProv }`);\n\n  if (fields.apiKey) {\n    deletes.push(`${subject} udfs:apiKey ?oldKey .`);\n    optionals.push(`OPTIONAL { ${subject} udfs:apiKey ?oldKey }`);\n    inserts.push(`udfs:apiKey \"${fields.apiKey}\"`);\n  }\n  if (fields.model) {\n    deletes.push(`${subject} udfs:defaultModel ?oldModel .`);\n    optionals.push(`OPTIONAL { ${subject} udfs:defaultModel ?oldModel }`);\n    inserts.push(`udfs:defaultModel \"${fields.model}\"`);\n  }\n\n  return `PREFIX udfs: <${UDFS_NS}>\nDELETE { ${deletes.join(' ')} }\nINSERT { ${inserts.join(' ;\\n  ')} }\nWHERE { ${optionals.join(' ')} }`;\n}\n\n/**\n * Build SPARQL UPDATE to delete a Credential\n */\nexport function buildResetSparql(resourceUrl: string, provider: string): string {\n  const credId = credentialId(provider);\n  const subject = `<${resourceUrl}#${credId}>`;\n  return `PREFIX udfs: <${UDFS_NS}>\\nDELETE WHERE { ${subject} ?p ?o }`;\n}\n\nasync function writeProvider(podUrl: string, accessToken: string, providerId: string): Promise<boolean> {\n  const resource = `${podUrl}settings/ai/providers.ttl`;\n  const sparql = buildProviderSparql(resource, providerId);\n  const res = await authenticatedFetch(resource, accessToken, {\n    method: 'PATCH',\n    headers: { 'Content-Type': 'application/sparql-update' },\n    body: sparql,\n  });\n  return res.ok;\n}\n\nasync function writeCredential(\n  podUrl: string,\n  accessToken: string,\n  provider: string,\n  fields: { apiKey?: string; model?: string },\n): Promise<boolean> {\n  const resource = `${podUrl}settings/credentials.ttl`;\n  const sparql = buildCredentialSparql(resource, podUrl, provider, fields);\n  const res = await authenticatedFetch(resource, accessToken, {\n    method: 'PATCH',\n    headers: { 'Content-Type': 'application/sparql-update' },\n    body: sparql,\n  });\n  return res.ok;\n}\n\nconst setCommand: CommandModule<ConfigArgs, SetArgs> = {\n  command: 'set',\n  describe: 'Configure SecretaryAI (provider, model, api-key — one or more)',\n  builder: (yargs) =>\n    yargs\n      .option('provider', { type: 'string', description: `AI provider (${Object.keys(PROVIDER_BASE_URLS).join(', ')})` })\n      .option('model', { type: 'string', description: 'Default model name' })\n      .option('api-key', { type: 'string', description: 'API key' })\n      .check((argv) => {\n        if (!argv.provider && !argv.model && !argv['api-key']) {\n          throw new Error('Specify at least one of --provider, --model, or --api-key');\n        }\n        if ((argv.model || argv['api-key']) && !argv.provider) {\n          throw new Error('--provider is required when setting --model or --api-key');\n        }\n        return true;\n      }),\n  handler: async (argv) => {\n    const { accessToken, podUrl } = await resolveAuth(argv);\n    const provider = argv.provider!;\n\n    // Write provider\n    const provOk = await writeProvider(podUrl, accessToken, provider);\n    if (!provOk) {\n      console.error('Failed to write provider config.');\n      process.exit(1);\n    }\n\n    // Write credential\n    const credOk = await writeCredential(podUrl, accessToken, provider, {\n      apiKey: argv['api-key'],\n      model: argv.model,\n    });\n    if (!credOk) {\n      console.error('Failed to write credential config.');\n      process.exit(1);\n    }\n\n    console.log(`  provider: ${provider}`);\n    if (argv.model) console.log(`  model:    ${argv.model}`);\n    if (argv['api-key']) console.log(`  api-key:  ${maskSecret(argv['api-key'])}`);\n    console.log('SecretaryAI config saved.');\n  },\n};\n\nconst showCommand: CommandModule<ConfigArgs, ConfigArgs> = {\n  command: 'show',\n  describe: 'Show current SecretaryAI config',\n  builder: (yargs) => yargs,\n  handler: async (argv) => {\n    const { accessToken, podUrl } = await resolveAuth(argv);\n    const resource = `${podUrl}settings/credentials.ttl`;\n    const res = await authenticatedFetch(resource, accessToken, {\n      headers: { Accept: 'text/turtle' },\n    });\n\n    if (!res.ok) {\n      console.log('No SecretaryAI config found. Use `xpod config set --provider openai --api-key sk-xxx` to configure.');\n      return;\n    }\n\n    const turtle = await res.text();\n    // Parse simple triples from turtle to find AI credentials\n    const credBlocks = turtle.split(/(?=<[^>]*#cred-)/);\n    let found = false;\n    for (const block of credBlocks) {\n      if (!block.includes('service') || !block.includes('\"ai\"')) continue;\n      found = true;\n\n      const providerMatch = block.match(/providers\\.ttl#(\\w+)/);\n      const apiKeyMatch = block.match(/apiKey\\s+\"([^\"]+)\"/);\n      const modelMatch = block.match(/defaultModel\\s+\"([^\"]+)\"/);\n\n      if (providerMatch) console.log(`  provider: ${providerMatch[1]}`);\n      if (modelMatch) console.log(`  model:    ${modelMatch[1]}`);\n      if (apiKeyMatch) console.log(`  api-key:  ${maskSecret(apiKeyMatch[1])}`);\n    }\n\n    if (!found) {\n      console.log('No SecretaryAI config found. Use `xpod config set --provider openai --api-key sk-xxx` to configure.');\n    }\n  },\n};\n\nconst resetCommand: CommandModule<ConfigArgs, SetArgs> = {\n  command: 'reset',\n  describe: 'Remove SecretaryAI config',\n  builder: (yargs) =>\n    yargs.option('provider', {\n      type: 'string',\n      description: 'Provider to remove',\n      demandOption: true,\n    }),\n  handler: async (argv) => {\n    const { accessToken, podUrl } = await resolveAuth(argv);\n    const provider = argv.provider!;\n    const resource = `${podUrl}settings/credentials.ttl`;\n    const sparql = buildResetSparql(resource, provider);\n\n    const res = await authenticatedFetch(resource, accessToken, {\n      method: 'PATCH',\n      headers: { 'Content-Type': 'application/sparql-update' },\n      body: sparql,\n    });\n\n    if (res.ok) {\n      console.log(`SecretaryAI config for ${provider} removed.`);\n    } else {\n      const text = await res.text();\n      console.error(`Failed to reset config: ${res.status} ${text.slice(0, 200)}`);\n      process.exit(1);\n    }\n  },\n};\n\nexport const configCommand: CommandModule<object, ConfigArgs> = {\n  command: 'config',\n  describe: 'SecretaryAI configuration (provider, model, api-key)',\n  builder: (yargs) =>\n    yargs\n      .option('url', {\n        alias: 'u',\n        type: 'string',\n        description: 'Server base URL (default: from ~/.xpod/)',\n      })\n      .command(setCommand)\n      .command(showCommand)\n      .command(resetCommand)\n      .demandCommand(1, 'Please specify a config subcommand'),\n  handler: () => {},\n};\n"]}

package/dist/cli/commands/doctor.d.ts

@@ -0,0 +1,6 @@
+import type { CommandModule } from 'yargs';
+interface DoctorArgs {
+    url?: string;
+}
+export declare const doctorCommand: CommandModule<object, DoctorArgs>;
+export {};