@vybestack/llxprt-code-auth 0.10.0-nightly.260613.1adad3b34

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * @plan:PLAN-20260608-ISSUE1586.P03
+ * @requirement:REQ-AUTH-001.2
+ */
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export * from './src/index.js';

package/dist/index.js

@@ -0,0 +1,11 @@
+/**
+ * @plan:PLAN-20260608-ISSUE1586.P03
+ * @requirement:REQ-AUTH-001.2
+ */
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export * from './src/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;GAIG;AAEH,cAAc,gBAAgB,CAAC"}

package/dist/src/auth-precedence-resolver.d.ts

@@ -0,0 +1,147 @@
+/**
+ * @license
+ * Copyright 2025 Vybestack LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { ISettingsService } from './interfaces/settings-service.js';
+import type { GetActiveRuntimeContext } from './interfaces/runtime-context.js';
+import type { IDebugLogger } from './interfaces/debug-logger.js';
+import type { IProviderKeyStorage } from './interfaces/provider-key-storage.js';
+import type { AuthPrecedenceConfig, OAuthManager } from './precedence.js';
+interface ResolveAuthOptions {
+    settingsService?: ISettingsService | null;
+    includeOAuth?: boolean;
+}
+export declare class AuthPrecedenceResolver {
+    private static readonly NO_OP_LOGGER;
+    private config;
+    private oauthManager?;
+    private settingsService?;
+    private providerKeyStorage?;
+    private logger;
+    private getActiveRuntimeContextFn?;
+    /**
+     * Constructs an AuthPrecedenceResolver.
+     *
+     * If callers expect resolveAuthentication() to resolve named auth keys itself,
+     * providerKeyStorage must be injected. CLI profile handling normally resolves
+     * named keys to concrete provider apiKey values before provider construction;
+     * direct consumers should pass providerKeyStorage or use core's
+     * createAuthPrecedenceResolver() factory.
+     */
+    constructor(config: AuthPrecedenceConfig, options?: {
+        oauthManager?: OAuthManager;
+        settingsService?: ISettingsService;
+        providerKeyStorage?: IProviderKeyStorage;
+        logger?: IDebugLogger;
+        getActiveRuntimeContext?: GetActiveRuntimeContext;
+    });
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-2
+     */
+    setSettingsService(settingsService: ISettingsService | null | undefined): void;
+    /**
+     * Get the active runtime context via injected function.
+     * Returns null if no function was injected or if it returns null/undefined.
+     */
+    private getActiveRuntimeContext;
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-2
+     */
+    private resolveSettingsService;
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-3
+     * Resolves authentication using the full precedence chain
+     * Returns the first available authentication method or null if none found
+     */
+    resolveAuthentication(options?: ResolveAuthOptions): Promise<string | null>;
+    private resolveNonOAuthAuthentication;
+    private resolveDirectAuthentication;
+    private resolveProviderAuthentication;
+    private resolveGlobalAuthentication;
+    private resolveKeyFileAuth;
+    private resolveEnvironmentAuthentication;
+    private canResolveOAuth;
+    private resolveOAuthAuthentication;
+    private buildOAuthContext;
+    private tryGetRuntimeState;
+    private isOAuthDisabledByManager;
+    private debugOAuthEnablementError;
+    private invalidateDisabledOAuthEntry;
+    private getCachedOAuthToken;
+    private fetchAndCacheOAuthToken;
+    private buildOAuthRequestMetadata;
+    private extractRuntimeMetadata;
+    private storeOAuthTokenMetadata;
+    private tryGetOAuthTokenMetadata;
+    private debugOAuthTokenError;
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-3
+     * Check if any authentication method is available without triggering OAuth
+     */
+    hasNonOAuthAuthentication(options?: ResolveAuthOptions): Promise<boolean>;
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-3
+     * Check if OAuth is the only available authentication method
+     */
+    isOAuthOnlyAvailable(options?: ResolveAuthOptions): Promise<boolean>;
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P06
+     * @requirement REQ-SP2-001
+     * @pseudocode base-provider-call-contract.md lines 1-3
+     * Get authentication method name for debugging/logging
+     */
+    getAuthMethodName(options?: ResolveAuthOptions): Promise<string | null>;
+    private getGlobalAuthMethodName;
+    private getKeyFileMethodName;
+    private getConfigAuthMethodName;
+    private getEnvironmentAuthMethodName;
+    private getOAuthMethodName;
+    private normalizeAuthValue;
+    private normalizeProviderId;
+    private resolveProviderIdentifier;
+    private shouldUseGlobalAuth;
+    private resolveNamedKey;
+    /**
+     * Reads API key from a file path, handling tilde expansion, absolute and relative paths
+     */
+    private readKeyFile;
+    /**
+     * Updates the configuration
+     */
+    updateConfig(newConfig: Partial<AuthPrecedenceConfig>): void;
+    /**
+     * Updates the OAuth manager
+     */
+    updateOAuthManager(oauthManager: OAuthManager): void;
+    /**
+     * Invalidates the cached OAuth tokens for this resolver.
+     * This should be called during logout to ensure fresh tokens are fetched
+     * on the next authentication attempt.
+     *
+     * @plan PLAN-20251023-STATELESS-HARDENING
+     * @requirement Issue #975 - OAuth logout cache invalidation
+     */
+    invalidateCache(): void;
+    /**
+     * Invalidates cached OAuth tokens for a specific provider.
+     * This enables surgical cache invalidation for a single provider rather than
+     * the all-or-nothing invalidateCache() behavior.
+     *
+     * @param providerId - The provider ID to invalidate cache entries for
+     * @param profileId - Optional profile ID to invalidate only that specific profile
+     * @fix issue1861 - Token revocation handling
+     */
+    invalidateProviderCache(providerId: string, profileId?: string): void;
+}
+export {};