@undefineds.co/xpod 0.1.7 → 0.2.0

package/dist/cli/lib/css-account.js.map

@@ -1 +1 @@
-{"version":3,"file":"css-account.js","sourceRoot":"","sources":["../../../src/cli/lib/css-account.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAuBH,kCASC;AAKD,sBAqBC;AAKD,gDA6BC;AAKD,0DAwBC;AAKD,sDAkCC;AAKD,wDAkBC;AAxKD,SAAS,cAAc,CAAC,GAAY;IAClC,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;IACvE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAAC,OAAgB;IAChD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE;YAC7D,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,KAAK,CACzB,KAAa,EACb,QAAgB,EAChB,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,0BAA0B,EAAE;YACzD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA+B,CAAC;QAC9D,OAAO,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,WAAW,EAAE;YAC1C,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAQ7B,CAAC;QACF,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG;YAChC,iBAAiB,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,iBAAiB;SAC7D,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB,CAC3C,KAAa,EACb,cAAsB,EACtB,KAAa,EACb,IAAa;IAEb,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,IAAI,IAAI,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE;gBACtC,KAAK;aACN,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAqB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,WAAW,EAAE;YAC1C,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAO7B,CAAC;QAEF,8DAA8D;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC;QACrC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAEnD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YAChD,qDAAqD;YACrD,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC;YACvD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,sBAAsB,CAC1C,KAAa,EACb,YAAoB,EACpB,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,IAAI,+BAA+B,YAAY,GAAG,CAAC;QAClE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["/**\n * CSS Account API helpers for CLI commands.\n *\n * Wraps the CSS .account/* endpoints used by login, credential management, etc.\n */\n\nexport interface AccountControls {\n  pod?: string;\n  clientCredentials?: string;\n  webId?: string[];\n}\n\nexport interface ClientCredential {\n  id: string;\n  secret?: string;\n  label?: string;\n  webId?: string;\n}\n\nfunction resolveBaseUrl(url?: string): string {\n  const raw = url ?? process.env.CSS_BASE_URL ?? 'http://localhost:3000';\n  return raw.endsWith('/') ? raw : `${raw}/`;\n}\n\n/**\n * Check if the CSS server is reachable.\n */\nexport async function checkServer(baseUrl?: string): Promise<boolean> {\n  try {\n    const res = await fetch(`${resolveBaseUrl(baseUrl)}.account/`, {\n      headers: { Accept: 'application/json' },\n    });\n    return res.ok;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Login with email/password, returns a CSS account token.\n */\nexport async function login(\n  email: string,\n  password: string,\n  baseUrl?: string,\n): Promise<string | null> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/login/password/`, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        Accept: 'application/json',\n      },\n      body: JSON.stringify({ email, password }),\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as { authorization?: string };\n    return data.authorization ?? null;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Fetch account controls (endpoints for pod/credential management).\n */\nexport async function getAccountControls(\n  token: string,\n  baseUrl?: string,\n): Promise<AccountControls | null> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as {\n      controls?: {\n        account?: {\n          pod?: string;\n          clientCredentials?: string;\n          webId?: string;\n        };\n      };\n    };\n    return {\n      pod: data.controls?.account?.pod,\n      clientCredentials: data.controls?.account?.clientCredentials,\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Create a new client credential bound to a WebID.\n */\nexport async function createClientCredentials(\n  token: string,\n  credentialsUrl: string,\n  webId: string,\n  name?: string,\n): Promise<ClientCredential | null> {\n  try {\n    const res = await fetch(credentialsUrl, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n      body: JSON.stringify({\n        name: name ?? `xpod-cli-${Date.now()}`,\n        webId,\n      }),\n    });\n    if (!res.ok) return null;\n    return (await res.json()) as ClientCredential;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * List all client credentials for the account.\n */\nexport async function listClientCredentials(\n  token: string,\n  baseUrl?: string,\n): Promise<ClientCredential[]> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    if (!res.ok) return [];\n    const data = (await res.json()) as {\n      controls?: {\n        account?: {\n          clientCredentials?: string;\n        };\n      };\n      clientCredentials?: Record<string, string>;\n    };\n\n    // CSS returns clientCredentials as { [credentialUrl]: webId }\n    const creds = data.clientCredentials;\n    if (!creds || typeof creds !== 'object') return [];\n\n    return Object.entries(creds).map(([url, webId]) => {\n      // Extract credential ID from URL (last path segment)\n      const id = url.split('/').filter(Boolean).pop() ?? url;\n      return { id, webId: typeof webId === 'string' ? webId : undefined };\n    });\n  } catch {\n    return [];\n  }\n}\n\n/**\n * Revoke (delete) a client credential by its ID.\n */\nexport async function revokeClientCredential(\n  token: string,\n  credentialId: string,\n  baseUrl?: string,\n): Promise<boolean> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const url = `${base}.account/client-credentials/${credentialId}/`;\n    const res = await fetch(url, {\n      method: 'DELETE',\n      headers: {\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    return res.ok;\n  } catch {\n    return false;\n  }\n}\n"]}
+{"version":3,"file":"css-account.js","sourceRoot":"","sources":["../../../src/cli/lib/css-account.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA8BH,kCASC;AAKD,sBAqBC;AAKD,gDA6BC;AAKD,wCAqCC;AAKD,8BAsBC;AAKD,0DAwBC;AAKD,sDAkCC;AAKD,wDAkBC;AA7OD,SAAS,cAAc,CAAC,GAAY;IAClC,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;IACvE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAAC,OAAgB;IAChD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE;YAC7D,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,KAAK,CACzB,KAAa,EACb,QAAgB,EAChB,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,0BAA0B,EAAE;YACzD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA+B,CAAC;QAC9D,OAAO,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,WAAW,EAAE;YAC1C,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAQ7B,CAAC;QACF,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG;YAChC,iBAAiB,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,iBAAiB;SAC7D,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc,CAClC,KAAa,EACb,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,WAAW,EAAE;YAC1C,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAW7B,CAAC;QACF,OAAO;YACL,QAAQ,EAAE;gBACR,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG;gBAChC,iBAAiB,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,iBAAiB;aAC7D;YACD,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;YACzB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,IAAI,EAAE;SAChD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,WAAmB,EACnB,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAqC,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB,CAC3C,KAAa,EACb,cAAsB,EACtB,KAAa,EACb,IAAa;IAEb,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,IAAI,IAAI,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE;gBACtC,KAAK;aACN,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAqB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,WAAW,EAAE;YAC1C,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAO7B,CAAC;QAEF,8DAA8D;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC;QACrC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAEnD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YAChD,qDAAqD;YACrD,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC;YACvD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,sBAAsB,CAC1C,KAAa,EACb,YAAoB,EACpB,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,IAAI,+BAA+B,YAAY,GAAG,CAAC;QAClE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,aAAa,EAAE,qBAAqB,KAAK,EAAE;aAC5C;SACF,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["/**\n * CSS Account API helpers for CLI commands.\n *\n * Wraps the CSS .account/* endpoints used by login, credential management, etc.\n */\n\nexport interface AccountControls {\n  pod?: string;\n  clientCredentials?: string;\n  webId?: string[];\n}\n\nexport interface AccountData {\n  controls: AccountControls;\n  pods: Record<string, string>;\n  webIds: Record<string, string>;\n  clientCredentials: Record<string, string>;\n}\n\nexport interface ClientCredential {\n  id: string;\n  secret?: string;\n  label?: string;\n  webId?: string;\n}\n\nfunction resolveBaseUrl(url?: string): string {\n  const raw = url ?? process.env.CSS_BASE_URL ?? 'http://localhost:3000';\n  return raw.endsWith('/') ? raw : `${raw}/`;\n}\n\n/**\n * Check if the CSS server is reachable.\n */\nexport async function checkServer(baseUrl?: string): Promise<boolean> {\n  try {\n    const res = await fetch(`${resolveBaseUrl(baseUrl)}.account/`, {\n      headers: { Accept: 'application/json' },\n    });\n    return res.ok;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Login with email/password, returns a CSS account token.\n */\nexport async function login(\n  email: string,\n  password: string,\n  baseUrl?: string,\n): Promise<string | null> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/login/password/`, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        Accept: 'application/json',\n      },\n      body: JSON.stringify({ email, password }),\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as { authorization?: string };\n    return data.authorization ?? null;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Fetch account controls (endpoints for pod/credential management).\n */\nexport async function getAccountControls(\n  token: string,\n  baseUrl?: string,\n): Promise<AccountControls | null> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as {\n      controls?: {\n        account?: {\n          pod?: string;\n          clientCredentials?: string;\n          webId?: string;\n        };\n      };\n    };\n    return {\n      pod: data.controls?.account?.pod,\n      clientCredentials: data.controls?.account?.clientCredentials,\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Fetch full account data including pods, webIds, and credentials.\n */\nexport async function getAccountData(\n  token: string,\n  baseUrl?: string,\n): Promise<AccountData | null> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as {\n      controls?: {\n        account?: {\n          pod?: string;\n          clientCredentials?: string;\n          webId?: string;\n        };\n      };\n      pods?: Record<string, string>;\n      webIds?: Record<string, string>;\n      clientCredentials?: Record<string, string>;\n    };\n    return {\n      controls: {\n        pod: data.controls?.account?.pod,\n        clientCredentials: data.controls?.account?.clientCredentials,\n      },\n      pods: data.pods ?? {},\n      webIds: data.webIds ?? {},\n      clientCredentials: data.clientCredentials ?? {},\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Create a new pod for the account.\n */\nexport async function createPod(\n  token: string,\n  podEndpoint: string,\n  podName: string,\n): Promise<{ podUrl: string; webId: string } | null> {\n  try {\n    const res = await fetch(podEndpoint, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n      body: JSON.stringify({ name: podName }),\n    });\n    if (!res.ok) return null;\n    const data = (await res.json()) as { pod?: string; webId?: string };\n    if (!data.pod || !data.webId) return null;\n    return { podUrl: data.pod, webId: data.webId };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Create a new client credential bound to a WebID.\n */\nexport async function createClientCredentials(\n  token: string,\n  credentialsUrl: string,\n  webId: string,\n  name?: string,\n): Promise<ClientCredential | null> {\n  try {\n    const res = await fetch(credentialsUrl, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n      body: JSON.stringify({\n        name: name ?? `xpod-cli-${Date.now()}`,\n        webId,\n      }),\n    });\n    if (!res.ok) return null;\n    return (await res.json()) as ClientCredential;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * List all client credentials for the account.\n */\nexport async function listClientCredentials(\n  token: string,\n  baseUrl?: string,\n): Promise<ClientCredential[]> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const res = await fetch(`${base}.account/`, {\n      headers: {\n        Accept: 'application/json',\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    if (!res.ok) return [];\n    const data = (await res.json()) as {\n      controls?: {\n        account?: {\n          clientCredentials?: string;\n        };\n      };\n      clientCredentials?: Record<string, string>;\n    };\n\n    // CSS returns clientCredentials as { [credentialUrl]: webId }\n    const creds = data.clientCredentials;\n    if (!creds || typeof creds !== 'object') return [];\n\n    return Object.entries(creds).map(([url, webId]) => {\n      // Extract credential ID from URL (last path segment)\n      const id = url.split('/').filter(Boolean).pop() ?? url;\n      return { id, webId: typeof webId === 'string' ? webId : undefined };\n    });\n  } catch {\n    return [];\n  }\n}\n\n/**\n * Revoke (delete) a client credential by its ID.\n */\nexport async function revokeClientCredential(\n  token: string,\n  credentialId: string,\n  baseUrl?: string,\n): Promise<boolean> {\n  const base = resolveBaseUrl(baseUrl);\n  try {\n    const url = `${base}.account/client-credentials/${credentialId}/`;\n    const res = await fetch(url, {\n      method: 'DELETE',\n      headers: {\n        Authorization: `CSS-Account-Token ${token}`,\n      },\n    });\n    return res.ok;\n  } catch {\n    return false;\n  }\n}\n"]}

package/dist/cli/lib/pod-thread-store.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Conversation thread storage backed by the user's Solid Pod.
+ *
+ * Uses drizzle-solid to operate on Chat + Thread + Message tables,
+ * following the same protocol as API/ChatKit.
+ *
+ * Data model:
+ * - Chat = 通讯录（跟谁聊）：由 participants 决定，不再由 cwd hash 生成
+ * - Thread = 对话实例（聊什么、在哪聊）：workspace 是一级字段
+ */
+import type { Session } from '@inrupt/solid-client-authn-node';
+export interface ThreadMessage {
+    role: 'user' | 'assistant' | 'system';
+    content: string;
+    timestamp: string;
+}
+export interface ThreadData {
+    id: string;
+    title?: string;
+    workspace?: string;
+    createdAt: string;
+    updatedAt: string;
+    messages: ThreadMessage[];
+}
+/**
+ * Get or create the default 1v1 Chat for CLI (user ↔ SecretaryAI).
+ * Returns the chatId (bare ID, not URI).
+ */
+export declare function getOrCreateDefaultChat(session: Session): Promise<string>;
+/**
+ * List thread IDs (most-recent first) for a given chatId.
+ * Uses direct SPARQL because eq() on optional uri() fields still has issues.
+ */
+export declare function listThreads(session: Session, chatId: string): Promise<string[]>;
+/**
+ * Load a thread by ID with all its messages.
+ */
+export declare function loadThread(session: Session, chatId: string, threadId: string): Promise<ThreadData | null>;
+/**
+ * Save a message to a thread.
+ */
+export declare function saveMessage(session: Session, chatId: string, threadId: string, message: ThreadMessage): Promise<boolean>;
+/**
+ * Save a tool call as a message with metadata.
+ */
+export declare function saveToolCall(session: Session, chatId: string, threadId: string, toolCall: {
+    toolName: string;
+    toolCallId: string;
+    arguments: any;
+    output?: string;
+    status: 'pending' | 'completed' | 'failed';
+}): Promise<boolean>;
+/**
+ * Create a fresh thread.
+ * workspace is stored as a first-class field on Thread.
+ */
+export declare function createThread(session: Session, chatId: string, workspace?: string, title?: string): Promise<string>;

package/dist/cli/lib/pod-thread-store.js

@@ -0,0 +1,310 @@
+"use strict";
+/**
+ * Conversation thread storage backed by the user's Solid Pod.
+ *
+ * Uses drizzle-solid to operate on Chat + Thread + Message tables,
+ * following the same protocol as API/ChatKit.
+ *
+ * Data model:
+ * - Chat = 通讯录（跟谁聊）：由 participants 决定，不再由 cwd hash 生成
+ * - Thread = 对话实例（聊什么、在哪聊）：workspace 是一级字段
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOrCreateDefaultChat = getOrCreateDefaultChat;
+exports.listThreads = listThreads;
+exports.loadThread = loadThread;
+exports.saveMessage = saveMessage;
+exports.saveToolCall = saveToolCall;
+exports.createThread = createThread;
+const drizzle_solid_1 = require("@undefineds.co/drizzle-solid");
+const schema_1 = require("../../api/chatkit/schema");
+/** Default Chat ID for CLI 1v1 conversations with SecretaryAI */
+const DEFAULT_CLI_CHAT_ID = 'cli-default';
+/**
+ * Create a drizzle-solid database instance from an authenticated Session.
+ */
+function createDb(session) {
+    return (0, drizzle_solid_1.drizzle)({
+        fetch: session.fetch,
+        info: session.info,
+    });
+}
+/**
+ * Get or create the default 1v1 Chat for CLI (user ↔ SecretaryAI).
+ * Returns the chatId (bare ID, not URI).
+ */
+async function getOrCreateDefaultChat(session) {
+    const chatId = DEFAULT_CLI_CHAT_ID;
+    try {
+        const db = createDb(session);
+        await ensureChat(db, chatId, session.info.webId);
+    }
+    catch (error) {
+        console.error('Failed to ensure default chat:', error);
+    }
+    return chatId;
+}
+/**
+ * List thread IDs (most-recent first) for a given chatId.
+ * Uses direct SPARQL because eq() on optional uri() fields still has issues.
+ */
+async function listThreads(session, chatId) {
+    try {
+        const podBaseUrl = session.info.webId.replace('/profile/card#me', '');
+        const endpoint = `${podBaseUrl}/.data/chat/-/sparql`;
+        const chatSubject = `<${podBaseUrl}/.data/chat/${chatId}/index.ttl#this>`;
+        // Note: Removed OPTIONAL to avoid filtering out threads without createdAt
+        // OPTIONAL in GRAPH ?g context can cause incomplete results (40 vs 57 threads)
+        const query = `
+      PREFIX sioc: <http://rdfs.org/sioc/ns#>
+      PREFIX udfs: <https://undefineds.co/ns#>
+      SELECT ?thread ?createdAt
+      WHERE {
+        ?thread a sioc:Thread ;
+                sioc:has_parent ${chatSubject} ;
+                udfs:createdAt ?createdAt .
+      }
+      ORDER BY DESC(?createdAt)
+    `;
+        const res = await session.fetch(endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/sparql-query',
+                'Accept': 'application/sparql-results+json',
+            },
+            body: query,
+        });
+        if (!res.ok)
+            return [];
+        const json = await res.json();
+        const bindings = json.results?.bindings || [];
+        // Extract thread ID from URI fragment: ...index.ttl#thread-xxx → thread-xxx
+        return bindings
+            .map((b) => {
+            const uri = b.thread?.value || '';
+            const hash = uri.lastIndexOf('#');
+            return hash >= 0 ? uri.slice(hash + 1) : '';
+        })
+            .filter((id) => id.length > 0);
+    }
+    catch (error) {
+        console.error('Failed to list threads:', error);
+        return [];
+    }
+}
+/**
+ * Load a thread by ID with all its messages.
+ */
+async function loadThread(session, chatId, threadId) {
+    try {
+        const db = createDb(session);
+        const podBaseUrl = session.info.webId.replace('/profile/card#me', '');
+        const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;
+        // Query thread by full URI
+        const thread = await db.findByIri(schema_1.Thread, threadUri);
+        if (!thread)
+            return null;
+        // Query messages using direct SPARQL
+        // Note: OPTIONAL works correctly with date-grouped files (messages.ttl)
+        const endpoint = `${podBaseUrl}/.data/chat/-/sparql`;
+        const threadSubject = `<${threadUri}>`;
+        const messagesQuery = `
+      PREFIX meeting: <http://www.w3.org/ns/pim/meeting#>
+      PREFIX sioc: <http://rdfs.org/sioc/ns#>
+      PREFIX udfs: <https://undefineds.co/ns#>
+      SELECT ?role ?content ?createdAt
+      WHERE {
+        ?msg a meeting:Message ;
+             sioc:has_container ${threadSubject} .
+        OPTIONAL { ?msg udfs:role ?role . }
+        OPTIONAL { ?msg sioc:content ?content . }
+        OPTIONAL { ?msg udfs:createdAt ?createdAt . }
+      }
+      ORDER BY ?createdAt
+    `;
+        const messagesRes = await session.fetch(endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/sparql-query',
+                'Accept': 'application/sparql-results+json',
+            },
+            body: messagesQuery,
+        });
+        const messagesJson = messagesRes.ok ? await messagesRes.json() : { results: { bindings: [] } };
+        const messageBindings = messagesJson.results?.bindings || [];
+        // Extract bare ID from thread.id
+        const bareId = typeof thread.id === 'string' && thread.id.includes('#')
+            ? thread.id.split('#').pop() || threadId
+            : thread.id;
+        return {
+            id: bareId,
+            title: thread.title || undefined,
+            workspace: thread.workspace || undefined,
+            createdAt: thread.createdAt?.toISOString() || new Date().toISOString(),
+            updatedAt: thread.updatedAt?.toISOString() || new Date().toISOString(),
+            messages: messageBindings.map((m) => ({
+                role: m.role?.value || 'user',
+                content: m.content?.value || '',
+                timestamp: m.createdAt?.value || new Date().toISOString(),
+            })),
+        };
+    }
+    catch (error) {
+        console.error('Failed to load thread:', error);
+        return null;
+    }
+}
+/**
+ * Save a message to a thread.
+ */
+async function saveMessage(session, chatId, threadId, message) {
+    try {
+        const db = createDb(session);
+        // Ensure chat exists
+        await ensureChat(db, chatId, session.info.webId);
+        // Ensure thread exists
+        await ensureThread(db, chatId, threadId, session.info.webId);
+        // 构建完整的 Thread URI（用于 RDF 引用）
+        const podBaseUrl = session.info.webId.replace('/profile/card#me', '');
+        const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;
+        // Insert message
+        // Note: yyyy/MM/dd are automatically extracted from createdAt by drizzle-solid
+        const messageId = `msg-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        await db.insert(schema_1.Message).values({
+            id: messageId,
+            chatId,
+            threadId: threadUri, // 传入完整 URI
+            maker: session.info.webId,
+            role: message.role,
+            content: message.content,
+            status: 'completed',
+            createdAt: new Date(message.timestamp),
+        });
+        return true;
+    }
+    catch (error) {
+        console.error('Failed to save message:', error);
+        return false;
+    }
+}
+/**
+ * Save a tool call as a message with metadata.
+ */
+async function saveToolCall(session, chatId, threadId, toolCall) {
+    try {
+        const db = createDb(session);
+        // Ensure chat and thread exist
+        await ensureChat(db, chatId, session.info.webId);
+        await ensureThread(db, chatId, threadId, session.info.webId);
+        // 构建完整的 Thread URI（用于 RDF 引用）
+        const podBaseUrl = session.info.webId.replace('/profile/card#me', '');
+        const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;
+        // Insert tool call message
+        // Note: yyyy/MM/dd are automatically extracted from createdAt by drizzle-solid
+        const messageId = `tool-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        await db.insert(schema_1.Message).values({
+            id: messageId,
+            chatId,
+            threadId: threadUri, // 传入完整 URI
+            maker: session.info.webId,
+            role: 'tool_call',
+            content: `Executed ${toolCall.toolName}`,
+            status: toolCall.status,
+            toolName: toolCall.toolName,
+            toolCallId: toolCall.toolCallId,
+            metadata: JSON.stringify({
+                type: 'tool_call',
+                toolName: toolCall.toolName,
+                toolCallId: toolCall.toolCallId,
+                arguments: toolCall.arguments,
+                output: toolCall.output,
+                status: toolCall.status,
+            }),
+            createdAt: new Date(),
+        });
+        return true;
+    }
+    catch (error) {
+        console.error('Failed to save tool call:', error);
+        return false;
+    }
+}
+/**
+ * Create a fresh thread.
+ * workspace is stored as a first-class field on Thread.
+ */
+async function createThread(session, chatId, workspace, title) {
+    const threadId = `thread-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    try {
+        const db = createDb(session);
+        // Ensure chat exists
+        await ensureChat(db, chatId, session.info.webId);
+        // Create thread with workspace as first-class field
+        const now = new Date();
+        await db.insert(schema_1.Thread).values({
+            id: threadId,
+            chatId,
+            title: title || 'CLI Conversation',
+            workspace: workspace || null,
+            status: 'active',
+            metadata: JSON.stringify({ source: 'cli' }),
+            createdAt: now,
+            updatedAt: now,
+        });
+        return threadId;
+    }
+    catch (error) {
+        console.error('Failed to create thread:', error);
+        return threadId; // Return ID anyway, will be created on first message
+    }
+}
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+async function ensureChat(db, chatId, webId) {
+    try {
+        // Use findByIri to avoid OPTIONAL bug in SPARQL queries
+        const podBaseUrl = webId.replace('/profile/card#me', '');
+        const chatUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#this`;
+        const chat = await db.findByIri(schema_1.Chat, chatUri);
+        if (!chat) {
+            const now = new Date();
+            await db.insert(schema_1.Chat).values({
+                id: chatId,
+                title: 'CLI Chat',
+                author: webId,
+                participants: [],
+                status: 'active',
+                createdAt: now,
+                updatedAt: now,
+            });
+        }
+    }
+    catch (error) {
+        // Ignore if already exists
+    }
+}
+async function ensureThread(db, chatId, threadId, webId) {
+    try {
+        // Use findByIri to avoid OPTIONAL bug in SPARQL queries
+        const podBaseUrl = webId.replace('/profile/card#me', '');
+        const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;
+        const thread = await db.findByIri(schema_1.Thread, threadUri);
+        if (!thread) {
+            const now = new Date();
+            await db.insert(schema_1.Thread).values({
+                id: threadId,
+                chatId,
+                title: 'CLI Conversation',
+                status: 'active',
+                metadata: JSON.stringify({ source: 'cli' }),
+                createdAt: now,
+                updatedAt: now,
+            });
+        }
+    }
+    catch (error) {
+        // Ignore if already exists
+    }
+}
+//# sourceMappingURL=pod-thread-store.js.map

package/dist/cli/lib/pod-thread-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pod-thread-store.js","sourceRoot":"","sources":["../../../src/cli/lib/pod-thread-store.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAsCH,wDASC;AAMD,kCA8CC;AAKD,gCAmEC;AAKD,kCAsCC;AAKD,oCAoDC;AAMD,oCAgCC;AAnTD,gEAA2D;AAC3D,qDAAiE;AAGjE,iEAAiE;AACjE,MAAM,mBAAmB,GAAG,aAAa,CAAC;AAiB1C;;GAEG;AACH,SAAS,QAAQ,CAAC,OAAgB;IAChC,OAAO,IAAA,uBAAO,EAAC;QACb,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;KACZ,CAAC,CAAC;AACZ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAAC,OAAgB;IAC3D,MAAM,MAAM,GAAG,mBAAmB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,WAAW,CAAC,OAAgB,EAAE,MAAc;IAChE,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,GAAG,UAAU,sBAAsB,CAAC;QACrD,MAAM,WAAW,GAAG,IAAI,UAAU,eAAe,MAAM,kBAAkB,CAAC;QAE1E,0EAA0E;QAC1E,+EAA+E;QAC/E,MAAM,KAAK,GAAG;;;;;;kCAMgB,WAAW;;;;KAIxC,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,0BAA0B;gBAC1C,QAAQ,EAAE,iCAAiC;aAC5C;YACD,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QAEvB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,IAAI,EAAE,CAAC;QAE9C,4EAA4E;QAC5E,OAAO,QAAQ;aACZ,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;YACd,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAClC,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,UAAU,CAC9B,OAAgB,EAChB,MAAc,EACd,QAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,GAAG,UAAU,eAAe,MAAM,cAAc,QAAQ,EAAE,CAAC;QAE7E,2BAA2B;QAC3B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,eAAM,EAAE,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,qCAAqC;QACrC,wEAAwE;QACxE,MAAM,QAAQ,GAAG,GAAG,UAAU,sBAAsB,CAAC;QACrD,MAAM,aAAa,GAAG,IAAI,SAAS,GAAG,CAAC;QAEvC,MAAM,aAAa,GAAG;;;;;;;kCAOQ,aAAa;;;;;;KAM1C,CAAC;QAEF,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,0BAA0B;gBAC1C,QAAQ,EAAE,iCAAiC;aAC5C;YACD,IAAI,EAAE,aAAa;SACpB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,CAAC;QAC/F,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,EAAE,QAAQ,IAAI,EAAE,CAAC;QAE7D,iCAAiC;QACjC,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ,IAAI,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YACrE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,QAAQ;YACxC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;QAEd,OAAO;YACL,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,SAAS;YAChC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtE,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBACzC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,IAAI,MAAM;gBAC7B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;gBAC/B,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,KAAK,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aAC1D,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAgB,EAChB,MAAc,EACd,QAAgB,EAChB,OAAsB;IAEtB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE7B,qBAAqB;QACrB,MAAM,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;QAElD,uBAAuB;QACvB,MAAM,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;QAE9D,8BAA8B;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,GAAG,UAAU,eAAe,MAAM,cAAc,QAAQ,EAAE,CAAC;QAE7E,iBAAiB;QACjB,+EAA+E;QAC/E,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAChF,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAO,CAAC,CAAC,MAAM,CAAC;YAC9B,EAAE,EAAE,SAAS;YACb,MAAM;YACN,QAAQ,EAAE,SAAS,EAAG,WAAW;YACjC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;SACvC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,OAAgB,EAChB,MAAc,EACd,QAAgB,EAChB,QAMC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE7B,+BAA+B;QAC/B,MAAM,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;QAClD,MAAM,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;QAE9D,8BAA8B;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,GAAG,UAAU,eAAe,MAAM,cAAc,QAAQ,EAAE,CAAC;QAE7E,2BAA2B;QAC3B,+EAA+E;QAC/E,MAAM,SAAS,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjF,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAO,CAAC,CAAC,MAAM,CAAC;YAC9B,EAAE,EAAE,SAAS;YACb,MAAM;YACN,QAAQ,EAAE,SAAS,EAAG,WAAW;YACjC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM;YAC1B,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,YAAY,QAAQ,CAAC,QAAQ,EAAE;YACxC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBACvB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;gBAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YACF,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY,CAChC,OAAgB,EAChB,MAAc,EACd,SAAkB,EAClB,KAAc;IAEd,MAAM,QAAQ,GAAG,UAAU,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAElF,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE7B,qBAAqB;QACrB,MAAM,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC;QAElD,oDAAoD;QACpD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,CAAC,MAAM,CAAC,eAAM,CAAC,CAAC,MAAM,CAAC;YAC7B,EAAE,EAAE,QAAQ;YACZ,MAAM;YACN,KAAK,EAAE,KAAK,IAAI,kBAAkB;YAClC,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3C,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,QAAQ,CAAC,CAAC,qDAAqD;IACxE,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,KAAK,UAAU,UAAU,CAAC,EAAO,EAAE,MAAc,EAAE,KAAa;IAC9D,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,GAAG,UAAU,eAAe,MAAM,iBAAiB,CAAC;QACpE,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,aAAI,EAAE,OAAO,CAAC,CAAC;QAE/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,EAAE,CAAC,MAAM,CAAC,aAAI,CAAC,CAAC,MAAM,CAAC;gBAC3B,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,UAAU;gBACjB,MAAM,EAAE,KAAK;gBACb,YAAY,EAAE,EAAE;gBAChB,MAAM,EAAE,QAAQ;gBAChB,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,GAAG;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,2BAA2B;IAC7B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,EAAO,EAAE,MAAc,EAAE,QAAgB,EAAE,KAAa;IAClF,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,GAAG,UAAU,eAAe,MAAM,cAAc,QAAQ,EAAE,CAAC;QAC7E,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,eAAM,EAAE,SAAS,CAAC,CAAC;QAErD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,EAAE,CAAC,MAAM,CAAC,eAAM,CAAC,CAAC,MAAM,CAAC;gBAC7B,EAAE,EAAE,QAAQ;gBACZ,MAAM;gBACN,KAAK,EAAE,kBAAkB;gBACzB,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3C,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,GAAG;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,2BAA2B;IAC7B,CAAC;AACH,CAAC","sourcesContent":["/**\n * Conversation thread storage backed by the user's Solid Pod.\n *\n * Uses drizzle-solid to operate on Chat + Thread + Message tables,\n * following the same protocol as API/ChatKit.\n *\n * Data model:\n * - Chat = 通讯录（跟谁聊）：由 participants 决定，不再由 cwd hash 生成\n * - Thread = 对话实例（聊什么、在哪聊）：workspace 是一级字段\n */\n\nimport { drizzle, eq } from '@undefineds.co/drizzle-solid';\nimport { Chat, Thread, Message } from '../../api/chatkit/schema';\nimport type { Session } from '@inrupt/solid-client-authn-node';\n\n/** Default Chat ID for CLI 1v1 conversations with SecretaryAI */\nconst DEFAULT_CLI_CHAT_ID = 'cli-default';\n\nexport interface ThreadMessage {\n  role: 'user' | 'assistant' | 'system';\n  content: string;\n  timestamp: string;\n}\n\nexport interface ThreadData {\n  id: string;\n  title?: string;\n  workspace?: string;\n  createdAt: string;\n  updatedAt: string;\n  messages: ThreadMessage[];\n}\n\n/**\n * Create a drizzle-solid database instance from an authenticated Session.\n */\nfunction createDb(session: Session) {\n  return drizzle({\n    fetch: session.fetch,\n    info: session.info,\n  } as any);\n}\n\n/**\n * Get or create the default 1v1 Chat for CLI (user ↔ SecretaryAI).\n * Returns the chatId (bare ID, not URI).\n */\nexport async function getOrCreateDefaultChat(session: Session): Promise<string> {\n  const chatId = DEFAULT_CLI_CHAT_ID;\n  try {\n    const db = createDb(session);\n    await ensureChat(db, chatId, session.info.webId!);\n  } catch (error) {\n    console.error('Failed to ensure default chat:', error);\n  }\n  return chatId;\n}\n\n/**\n * List thread IDs (most-recent first) for a given chatId.\n * Uses direct SPARQL because eq() on optional uri() fields still has issues.\n */\nexport async function listThreads(session: Session, chatId: string): Promise<string[]> {\n  try {\n    const podBaseUrl = session.info.webId!.replace('/profile/card#me', '');\n    const endpoint = `${podBaseUrl}/.data/chat/-/sparql`;\n    const chatSubject = `<${podBaseUrl}/.data/chat/${chatId}/index.ttl#this>`;\n\n    // Note: Removed OPTIONAL to avoid filtering out threads without createdAt\n    // OPTIONAL in GRAPH ?g context can cause incomplete results (40 vs 57 threads)\n    const query = `\n      PREFIX sioc: <http://rdfs.org/sioc/ns#>\n      PREFIX udfs: <https://undefineds.co/ns#>\n      SELECT ?thread ?createdAt\n      WHERE {\n        ?thread a sioc:Thread ;\n                sioc:has_parent ${chatSubject} ;\n                udfs:createdAt ?createdAt .\n      }\n      ORDER BY DESC(?createdAt)\n    `;\n\n    const res = await session.fetch(endpoint, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/sparql-query',\n        'Accept': 'application/sparql-results+json',\n      },\n      body: query,\n    });\n\n    if (!res.ok) return [];\n\n    const json = await res.json();\n    const bindings = json.results?.bindings || [];\n\n    // Extract thread ID from URI fragment: ...index.ttl#thread-xxx → thread-xxx\n    return bindings\n      .map((b: any) => {\n        const uri = b.thread?.value || '';\n        const hash = uri.lastIndexOf('#');\n        return hash >= 0 ? uri.slice(hash + 1) : '';\n      })\n      .filter((id: string) => id.length > 0);\n  } catch (error) {\n    console.error('Failed to list threads:', error);\n    return [];\n  }\n}\n\n/**\n * Load a thread by ID with all its messages.\n */\nexport async function loadThread(\n  session: Session,\n  chatId: string,\n  threadId: string,\n): Promise<ThreadData | null> {\n  try {\n    const db = createDb(session);\n    const podBaseUrl = session.info.webId!.replace('/profile/card#me', '');\n    const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;\n\n    // Query thread by full URI\n    const thread = await db.findByIri(Thread, threadUri);\n    if (!thread) return null;\n\n    // Query messages using direct SPARQL\n    // Note: OPTIONAL works correctly with date-grouped files (messages.ttl)\n    const endpoint = `${podBaseUrl}/.data/chat/-/sparql`;\n    const threadSubject = `<${threadUri}>`;\n\n    const messagesQuery = `\n      PREFIX meeting: <http://www.w3.org/ns/pim/meeting#>\n      PREFIX sioc: <http://rdfs.org/sioc/ns#>\n      PREFIX udfs: <https://undefineds.co/ns#>\n      SELECT ?role ?content ?createdAt\n      WHERE {\n        ?msg a meeting:Message ;\n             sioc:has_container ${threadSubject} .\n        OPTIONAL { ?msg udfs:role ?role . }\n        OPTIONAL { ?msg sioc:content ?content . }\n        OPTIONAL { ?msg udfs:createdAt ?createdAt . }\n      }\n      ORDER BY ?createdAt\n    `;\n\n    const messagesRes = await session.fetch(endpoint, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/sparql-query',\n        'Accept': 'application/sparql-results+json',\n      },\n      body: messagesQuery,\n    });\n\n    const messagesJson = messagesRes.ok ? await messagesRes.json() : { results: { bindings: [] } };\n    const messageBindings = messagesJson.results?.bindings || [];\n\n    // Extract bare ID from thread.id\n    const bareId = typeof thread.id === 'string' && thread.id.includes('#')\n      ? thread.id.split('#').pop() || threadId\n      : thread.id;\n\n    return {\n      id: bareId,\n      title: thread.title || undefined,\n      workspace: thread.workspace || undefined,\n      createdAt: thread.createdAt?.toISOString() || new Date().toISOString(),\n      updatedAt: thread.updatedAt?.toISOString() || new Date().toISOString(),\n      messages: messageBindings.map((m: any) => ({\n        role: m.role?.value || 'user',\n        content: m.content?.value || '',\n        timestamp: m.createdAt?.value || new Date().toISOString(),\n      })),\n    };\n  } catch (error) {\n    console.error('Failed to load thread:', error);\n    return null;\n  }\n}\n\n/**\n * Save a message to a thread.\n */\nexport async function saveMessage(\n  session: Session,\n  chatId: string,\n  threadId: string,\n  message: ThreadMessage,\n): Promise<boolean> {\n  try {\n    const db = createDb(session);\n\n    // Ensure chat exists\n    await ensureChat(db, chatId, session.info.webId!);\n\n    // Ensure thread exists\n    await ensureThread(db, chatId, threadId, session.info.webId!);\n\n    // 构建完整的 Thread URI（用于 RDF 引用）\n    const podBaseUrl = session.info.webId!.replace('/profile/card#me', '');\n    const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;\n\n    // Insert message\n    // Note: yyyy/MM/dd are automatically extracted from createdAt by drizzle-solid\n    const messageId = `msg-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n    await db.insert(Message).values({\n      id: messageId,\n      chatId,\n      threadId: threadUri,  // 传入完整 URI\n      maker: session.info.webId!,\n      role: message.role,\n      content: message.content,\n      status: 'completed',\n      createdAt: new Date(message.timestamp),\n    });\n\n    return true;\n  } catch (error) {\n    console.error('Failed to save message:', error);\n    return false;\n  }\n}\n\n/**\n * Save a tool call as a message with metadata.\n */\nexport async function saveToolCall(\n  session: Session,\n  chatId: string,\n  threadId: string,\n  toolCall: {\n    toolName: string;\n    toolCallId: string;\n    arguments: any;\n    output?: string;\n    status: 'pending' | 'completed' | 'failed';\n  },\n): Promise<boolean> {\n  try {\n    const db = createDb(session);\n\n    // Ensure chat and thread exist\n    await ensureChat(db, chatId, session.info.webId!);\n    await ensureThread(db, chatId, threadId, session.info.webId!);\n\n    // 构建完整的 Thread URI（用于 RDF 引用）\n    const podBaseUrl = session.info.webId!.replace('/profile/card#me', '');\n    const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;\n\n    // Insert tool call message\n    // Note: yyyy/MM/dd are automatically extracted from createdAt by drizzle-solid\n    const messageId = `tool-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n    await db.insert(Message).values({\n      id: messageId,\n      chatId,\n      threadId: threadUri,  // 传入完整 URI\n      maker: session.info.webId!,\n      role: 'tool_call',\n      content: `Executed ${toolCall.toolName}`,\n      status: toolCall.status,\n      toolName: toolCall.toolName,\n      toolCallId: toolCall.toolCallId,\n      metadata: JSON.stringify({\n        type: 'tool_call',\n        toolName: toolCall.toolName,\n        toolCallId: toolCall.toolCallId,\n        arguments: toolCall.arguments,\n        output: toolCall.output,\n        status: toolCall.status,\n      }),\n      createdAt: new Date(),\n    });\n\n    return true;\n  } catch (error) {\n    console.error('Failed to save tool call:', error);\n    return false;\n  }\n}\n\n/**\n * Create a fresh thread.\n * workspace is stored as a first-class field on Thread.\n */\nexport async function createThread(\n  session: Session,\n  chatId: string,\n  workspace?: string,\n  title?: string,\n): Promise<string> {\n  const threadId = `thread-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n\n  try {\n    const db = createDb(session);\n\n    // Ensure chat exists\n    await ensureChat(db, chatId, session.info.webId!);\n\n    // Create thread with workspace as first-class field\n    const now = new Date();\n    await db.insert(Thread).values({\n      id: threadId,\n      chatId,\n      title: title || 'CLI Conversation',\n      workspace: workspace || null,\n      status: 'active',\n      metadata: JSON.stringify({ source: 'cli' }),\n      createdAt: now,\n      updatedAt: now,\n    });\n\n    return threadId;\n  } catch (error) {\n    console.error('Failed to create thread:', error);\n    return threadId; // Return ID anyway, will be created on first message\n  }\n}\n\n// ============================================================================\n// Internal Helpers\n// ============================================================================\n\nasync function ensureChat(db: any, chatId: string, webId: string): Promise<void> {\n  try {\n    // Use findByIri to avoid OPTIONAL bug in SPARQL queries\n    const podBaseUrl = webId.replace('/profile/card#me', '');\n    const chatUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#this`;\n    const chat = await db.findByIri(Chat, chatUri);\n\n    if (!chat) {\n      const now = new Date();\n      await db.insert(Chat).values({\n        id: chatId,\n        title: 'CLI Chat',\n        author: webId,\n        participants: [],\n        status: 'active',\n        createdAt: now,\n        updatedAt: now,\n      });\n    }\n  } catch (error) {\n    // Ignore if already exists\n  }\n}\n\nasync function ensureThread(db: any, chatId: string, threadId: string, webId: string): Promise<void> {\n  try {\n    // Use findByIri to avoid OPTIONAL bug in SPARQL queries\n    const podBaseUrl = webId.replace('/profile/card#me', '');\n    const threadUri = `${podBaseUrl}/.data/chat/${chatId}/index.ttl#${threadId}`;\n    const thread = await db.findByIri(Thread, threadUri);\n\n    if (!thread) {\n      const now = new Date();\n      await db.insert(Thread).values({\n        id: threadId,\n        chatId,\n        title: 'CLI Conversation',\n        status: 'active',\n        metadata: JSON.stringify({ source: 'cli' }),\n        createdAt: now,\n        updatedAt: now,\n      });\n    }\n  } catch (error) {\n    // Ignore if already exists\n  }\n}\n"]}

package/dist/cli/lib/solid-auth.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Solid OIDC authentication helpers for CLI.
+ *
+ * Uses client_credentials grant to obtain an access token from the
+ * CSS OIDC token endpoint, so CLI commands can access Pod resources
+ * without email/password.
+ */
+export interface SolidTokenResult {
+    accessToken: string;
+    tokenType: string;
+    expiresAt: Date;
+}
+/**
+ * Exchange client credentials for an access token via the OIDC token endpoint.
+ */
+export declare function getAccessToken(clientId: string, clientSecret: string, baseUrl: string): Promise<SolidTokenResult | null>;
+/**
+ * Perform an authenticated fetch using a Bearer access token.
+ */
+export declare function authenticatedFetch(url: string, token: string, init?: RequestInit): Promise<Response>;

package/dist/cli/lib/solid-auth.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * Solid OIDC authentication helpers for CLI.
+ *
+ * Uses client_credentials grant to obtain an access token from the
+ * CSS OIDC token endpoint, so CLI commands can access Pod resources
+ * without email/password.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAccessToken = getAccessToken;
+exports.authenticatedFetch = authenticatedFetch;
+/**
+ * Discover the OIDC token endpoint from the server's openid-configuration.
+ */
+async function discoverTokenEndpoint(baseUrl) {
+    try {
+        const res = await fetch(`${baseUrl}.well-known/openid-configuration`);
+        if (!res.ok)
+            return null;
+        const data = (await res.json());
+        return data.token_endpoint ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Exchange client credentials for an access token via the OIDC token endpoint.
+ */
+async function getAccessToken(clientId, clientSecret, baseUrl) {
+    const tokenEndpoint = await discoverTokenEndpoint(baseUrl);
+    if (!tokenEndpoint) {
+        return null;
+    }
+    try {
+        const params = new URLSearchParams({
+            grant_type: 'client_credentials',
+            client_id: clientId,
+            client_secret: clientSecret,
+        });
+        const res = await fetch(tokenEndpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: params.toString(),
+        });
+        if (!res.ok)
+            return null;
+        const data = (await res.json());
+        if (!data.access_token)
+            return null;
+        const expiresIn = data.expires_in ?? 3600;
+        return {
+            accessToken: data.access_token,
+            tokenType: data.token_type ?? 'Bearer',
+            expiresAt: new Date(Date.now() + expiresIn * 1000),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Perform an authenticated fetch using a Bearer access token.
+ */
+async function authenticatedFetch(url, token, init) {
+    const headers = new Headers(init?.headers);
+    headers.set('Authorization', `Bearer ${token}`);
+    return fetch(url, { ...init, headers });
+}
+//# sourceMappingURL=solid-auth.js.map

package/dist/cli/lib/solid-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"solid-auth.js","sourceRoot":"","sources":["../../../src/cli/lib/solid-auth.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAyBH,wCA0CC;AAKD,gDAQC;AAxED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAAC,OAAe;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,kCAAkC,CAAC,CAAC;QACtE,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAgC,CAAC;QAC/D,OAAO,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,YAAoB,EACpB,OAAe;IAEf,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAEpC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC;QAC1C,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;YACtC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,GAAW,EACX,KAAa,EACb,IAAkB;IAElB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;IAChD,OAAO,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAC1C,CAAC","sourcesContent":["/**\n * Solid OIDC authentication helpers for CLI.\n *\n * Uses client_credentials grant to obtain an access token from the\n * CSS OIDC token endpoint, so CLI commands can access Pod resources\n * without email/password.\n */\n\nexport interface SolidTokenResult {\n  accessToken: string;\n  tokenType: string;\n  expiresAt: Date;\n}\n\n/**\n * Discover the OIDC token endpoint from the server's openid-configuration.\n */\nasync function discoverTokenEndpoint(baseUrl: string): Promise<string | null> {\n  try {\n    const res = await fetch(`${baseUrl}.well-known/openid-configuration`);\n    if (!res.ok) return null;\n    const data = (await res.json()) as { token_endpoint?: string };\n    return data.token_endpoint ?? null;\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Exchange client credentials for an access token via the OIDC token endpoint.\n */\nexport async function getAccessToken(\n  clientId: string,\n  clientSecret: string,\n  baseUrl: string,\n): Promise<SolidTokenResult | null> {\n  const tokenEndpoint = await discoverTokenEndpoint(baseUrl);\n  if (!tokenEndpoint) {\n    return null;\n  }\n\n  try {\n    const params = new URLSearchParams({\n      grant_type: 'client_credentials',\n      client_id: clientId,\n      client_secret: clientSecret,\n    });\n\n    const res = await fetch(tokenEndpoint, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n      body: params.toString(),\n    });\n\n    if (!res.ok) return null;\n\n    const data = (await res.json()) as {\n      access_token?: string;\n      token_type?: string;\n      expires_in?: number;\n    };\n\n    if (!data.access_token) return null;\n\n    const expiresIn = data.expires_in ?? 3600;\n    return {\n      accessToken: data.access_token,\n      tokenType: data.token_type ?? 'Bearer',\n      expiresAt: new Date(Date.now() + expiresIn * 1000),\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Perform an authenticated fetch using a Bearer access token.\n */\nexport async function authenticatedFetch(\n  url: string,\n  token: string,\n  init?: RequestInit,\n): Promise<Response> {\n  const headers = new Headers(init?.headers);\n  headers.set('Authorization', `Bearer ${token}`);\n  return fetch(url, { ...init, headers });\n}\n"]}

package/dist/components/components.jsonld

@@ -7,7 +7,6 @@
   "requireName": "@undefineds.co/xpod",
   "import": [
     "undefineds:dist/storage/sparql/SubgraphQueryEngine.jsonld",
-    "undefineds:dist/storage/MigratableDataAccessor.jsonld",
     "undefineds:dist/dns/DnsProvider.jsonld",
     "undefineds:dist/edge/EdgeNodeCertificateProvisioner.jsonld",
     "undefineds:dist/edge/interfaces/EdgeNodeTunnelManager.jsonld",
@@ -24,12 +23,10 @@
     "undefineds:dist/storage/SparqlUpdateResourceStore.jsonld",
     "undefineds:dist/http/SubgraphSparqlHttpHandler.jsonld",
     "undefineds:dist/http/quota/QuotaAdminHttpHandler.jsonld",
-    "undefineds:dist/http/admin/EdgeNodeSignalHttpHandler.jsonld",
     "undefineds:dist/http/ClusterIngressRouter.jsonld",
     "undefineds:dist/http/ClusterWebSocketConfigurator.jsonld",
     "undefineds:dist/http/EdgeNodeDirectDebugHttpHandler.jsonld",
     "undefineds:dist/http/EdgeNodeProxyHttpHandler.jsonld",
-    "undefineds:dist/http/SignalInterceptHttpHandler.jsonld",
     "undefineds:dist/http/RouterHttpHandler.jsonld",
     "undefineds:dist/http/RouterHttpRoute.jsonld",
     "undefineds:dist/http/TracingHandler.jsonld",
@@ -40,7 +37,6 @@
     "undefineds:dist/storage/keyvalue/PostgresKeyValueStorage.jsonld",
     "undefineds:dist/storage/keyvalue/RedisKeyValueStorage.jsonld",
     "undefineds:dist/storage/keyvalue/SqliteKeyValueStorage.jsonld",
-    "undefineds:dist/quota/DefaultQuotaService.jsonld",
     "undefineds:dist/quota/DrizzleQuotaService.jsonld",
     "undefineds:dist/quota/NoopQuotaService.jsonld",
     "undefineds:dist/storage/quota/PerAccountQuotaStrategy.jsonld",
@@ -58,9 +54,6 @@
     "undefineds:dist/storage/quota/UsageTrackingStore.jsonld",
     "undefineds:dist/identity/CenterNodeRegistrationService.jsonld",
     "undefineds:dist/http/PodRoutingHttpHandler.jsonld",
-    "undefineds:dist/storage/accessors/TieredMinioDataAccessor.jsonld",
-    "undefineds:dist/http/cluster/PodMigrationHttpHandler.jsonld",
-    "undefineds:dist/service/PodMigrationService.jsonld",
     "undefineds:dist/identity/ReactAppViewHandler.jsonld",
     "undefineds:dist/storage/quint/types.jsonld",
     "undefineds:dist/storage/quint/SqliteQuintStore.jsonld",
@@ -83,6 +76,10 @@
     "undefineds:dist/identity/oidc/DisabledOidcHandler.jsonld",
     "undefineds:dist/identity/oidc/DisabledIdentityProviderHandler.jsonld",
     "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld",
-    "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld"
+    "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld",
+    "undefineds:dist/storage/locking/UrlAwareRedisLocker.jsonld",
+    "undefineds:dist/provision/ProvisionPodCreator.jsonld",
+    "undefineds:dist/provision/ProvisionCodeCodec.jsonld",
+    "undefineds:dist/authorization/AuthModeSelector.jsonld"
   ]
 }