npm - @xopcai/xopc - Versions diffs - 0.0.87 → 0.0.89 - Mend

@xopcai/xopc 0.0.87 → 0.0.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (282) hide show

package/dist/src/agent/workflow/types.d.ts CHANGED Viewed

@@ -22,12 +22,24 @@ export interface JsonSchema {
 export interface WorkflowMetaPhase {
     title: string;
     detail?: string;
+    /** Default model for this phase: `provider/model` or configured typed id. */
     model?: string;
 }
 export interface WorkflowMetaEstimatedAgents {
     min: number;
     max: number;
 }
+/** One-click starter text in the gateway start dialog; `field` is `goal` or an `args` key. */
+export interface WorkflowMetaExamplePrompt {
+    field: string;
+    text: string;
+}
+/** Locale-specific copy overrides; top-level `description` / `whenToUse` / `examplePrompts` are English defaults. */
+export interface WorkflowMetaLocale {
+    description?: string;
+    whenToUse?: string;
+    examplePrompts?: WorkflowMetaExamplePrompt[];
+}
 export interface WorkflowMeta {
     name: string;
     description: string;
@@ -37,8 +49,24 @@ export interface WorkflowMeta {
     tags?: string[];
     /** Rough subagent count range for UX / cost hints. */
     estimatedAgents?: WorkflowMetaEstimatedAgents;
+    /** English-default example prompts for the gateway start dialog. */
+    examplePrompts?: WorkflowMetaExamplePrompt[];
+    /** Non-English locale bundles keyed by BCP-47 language tag (e.g. `zh`). */
+    i18n?: Record<string, WorkflowMetaLocale>;
 }
 export type WorkflowAgentStatus = 'queued' | 'running' | 'done' | 'error' | 'skipped';
+export type WorkflowAgentStepStatus = 'running' | 'done' | 'error';
+export interface WorkflowAgentStep {
+    id: string;
+    kind: 'tool' | 'llm' | 'thinking';
+    /** Original tool name when `kind === 'tool'` (for chat UI reuse). */
+    toolName?: string;
+    label: string;
+    detail?: string;
+    status: WorkflowAgentStepStatus;
+    startedAtMs?: number;
+    durationMs?: number;
+}
 export interface WorkflowAgentSnapshot {
     id: number;
     label: string;
@@ -47,6 +75,15 @@ export interface WorkflowAgentSnapshot {
     status: WorkflowAgentStatus;
     resultPreview?: string;
     error?: string;
+    startedAtMs?: number;
+    durationMs?: number;
+    steps?: WorkflowAgentStep[];
+    /** One-line summary for inline agent rows. */
+    currentStep?: string;
+    iteration?: number;
+    maxIterations?: number;
+    /** Accumulated assistant/thinking text when subagentStream is `full`. */
+    streamText?: string;
 }
 export interface WorkflowSnapshot {
     name: string;
@@ -79,12 +116,35 @@ export interface SubagentRunOptions<T = unknown> {
     rethrow?: boolean;
     /** Hint about which phase this agent belongs to (passed through for logging). */
     phase?: string;
+    /** Live progress from the child agent loop (workflow tool binds per agent id). */
+    onProgress?: (event: SubagentProgressEvent) => void;
     /** Pre-bound capture for structured output (internal: created by the adapter when schema present). */
     __capture?: {
         called: boolean;
         value?: T;
     };
 }
+export type SubagentProgressEvent = {
+    type: 'tool_start';
+    toolCallId: string;
+    toolName: string;
+    args: Record<string, unknown>;
+} | {
+    type: 'tool_end';
+    toolCallId: string;
+    toolName: string;
+    isError: boolean;
+} | {
+    type: 'iteration';
+    count: number;
+    max: number;
+} | {
+    type: 'text_delta';
+    delta: string;
+} | {
+    type: 'thinking_delta';
+    delta: string;
+};
 /**
  * Spawns a single fresh subagent and returns its result.
  *
@@ -103,7 +163,7 @@ export interface AgentScriptOptions {
     phase?: string;
     schema?: JsonSchema;
     /**
-     * Real model id (e.g. `openai/gpt-4o-mini`) — must contain `/`.
+     * Model ref: `provider/model` or a configured typed id (e.g. `small`, `@large`).
      */
     model?: string;
     /** Subagent tool allowlist override (forwarded to the runner). */
@@ -123,6 +183,12 @@ export interface WorkflowRunOptions {
     maxSubagents?: number;
     onLog?: (message: string) => void;
     onPhase?: (title: string) => void;
+    onAgentQueued?: (event: {
+        id: number;
+        label: string;
+        phase?: string;
+        prompt: string;
+    }) => void;
     onAgentStart?: (event: {
         id: number;
         label: string;
@@ -136,6 +202,13 @@ export interface WorkflowRunOptions {
         result: unknown;
         status: WorkflowAgentStatus;
     }) => void;
+    /** Merge extra subagent run options (e.g. progress callbacks) per agent id. */
+    enhanceSubagentRun?: (ctx: {
+        id: number;
+        label: string;
+        phase?: string;
+        prompt: string;
+    }) => Partial<SubagentRunOptions<unknown>>;
 }
 export interface WorkflowRunResult<T = unknown> {
     meta: WorkflowMeta;

package/dist/src/agent/workflow/workflow-child-tools.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { AgentTool } from '@earendil-works/pi-agent-core';
+import type { BuildChildToolsOptions } from '../child-agent-factory.js';
+/** Builds the tool set for workflow child agents (wired from gateway to avoid cycles). */
+export declare function buildWorkflowChildTools(childOptions: BuildChildToolsOptions): AgentTool<any, any>[];

package/dist/src/agent/workflow/workflow-child-tools.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { AgentToolsFactory } from "../tools/factory.js";
+//#region src/agent/workflow/workflow-child-tools.ts
+/** Builds the tool set for workflow child agents (wired from gateway to avoid cycles). */
+function buildWorkflowChildTools(childOptions) {
+	return new AgentToolsFactory({
+		workspace: childOptions.workspace,
+		bus: childOptions.bus,
+		getCurrentContext: () => null,
+		getConfig: childOptions.getConfig,
+		getPrimaryModel: () => childOptions.model,
+		toolExecutorConfig: childOptions.toolExecutorConfig
+	}).createAllTools({
+		workspace: childOptions.workspace,
+		getPrimaryModel: () => childOptions.model,
+		disabledTools: new Set(["extensions"])
+	});
+}
+//#endregion
+export { buildWorkflowChildTools };
+//# sourceMappingURL=workflow-child-tools.js.map

package/dist/src/agent/workflow/workflow-child-tools.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workflow-child-tools.js","names":[],"sources":["../../../../src/agent/workflow/workflow-child-tools.ts"],"sourcesContent":["import type { AgentTool } from '@earendil-works/pi-agent-core';\n\nimport type { BuildChildToolsOptions } from '../child-agent-factory.js';\nimport { AgentToolsFactory } from '../tools/factory.js';\n\n/** Builds the tool set for workflow child agents (wired from gateway to avoid cycles). */\nexport function buildWorkflowChildTools(childOptions: BuildChildToolsOptions): AgentTool<any, any>[] {\n const childFactory = new AgentToolsFactory({\n workspace: childOptions.workspace,\n bus: childOptions.bus,\n getCurrentContext: () => null,\n getConfig: childOptions.getConfig,\n getPrimaryModel: () => childOptions.model,\n toolExecutorConfig: childOptions.toolExecutorConfig,\n });\n return childFactory.createAllTools({\n workspace: childOptions.workspace,\n getPrimaryModel: () => childOptions.model,\n disabledTools: new Set(['extensions']),\n });\n}\n"],"mappings":";;;AAMA,SAAgB,wBAAwB,cAA6D;AASnG,QAAO,IARkB,kBAAkB;EACzC,WAAW,aAAa;EACxB,KAAK,aAAa;EAClB,yBAAyB;EACzB,WAAW,aAAa;EACxB,uBAAuB,aAAa;EACpC,oBAAoB,aAAa;EAClC,CACkB,CAAC,eAAe;EACjC,WAAW,aAAa;EACxB,uBAAuB,aAAa;EACpC,eAAe,IAAI,IAAI,CAAC,aAAa,CAAC;EACvC,CAAC"}

package/dist/src/auth/credentials.d.ts CHANGED Viewed

@@ -54,6 +54,11 @@ export declare class CredentialResolver {
         id: string;
         source: 'agent' | 'global';
     }>>;
+    /**
+     * Plaintext API key from global auth profiles only (no env/oauth fallback).
+     * Used by the gateway console reveal endpoint.
+     */
+    revealGatewayStoredApiKey(provider: string): Promise<string | null>;
     /**
      * Save an API key profile
      */
@@ -69,13 +74,25 @@ export declare class CredentialResolver {
         agentPrivate?: boolean;
     }): Promise<void>;
     /**
-     * Load OAuth token for a provider
+     * Load OAuth token for a provider.
      */
     loadOAuthToken(provider: string): Promise<OAuthToken | null>;
     /**
-     * Save OAuth token for a provider
+     * Load the raw OAuth token record, including expired tokens for status UIs.
+     */
+    loadOAuthTokenRecord(provider: string): Promise<OAuthToken | null>;
+    /**
+     * Save OAuth token for a provider.
      */
     saveOAuthToken(provider: string, token: Omit<OAuthToken, 'type' | 'provider' | 'updatedAt'>): Promise<void>;
+    /**
+     * Delete the OAuth token persisted for a provider.
+     */
+    deleteOAuthToken(provider: string): Promise<void>;
+    /**
+     * Disconnect the default credential for a provider from local storage.
+     */
+    deleteProviderCredential(provider: string): Promise<void>;
     private loadFromAgentCredentials;
     private loadFromGlobalCredentials;
     private loadFromEnv;

package/dist/src/auth/credentials.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { init_paths, resolveAgentAuthProfilesPath, resolveAuthProfilesPath, reso
 import { init_write_file_atomic, writeTextAtomic } from "../infra/write-file-atomic.js";
 import { getApiKeyFromEnv, init_env_keys } from "../providers/env-keys.js";
 import { dirname, join } from "path";
-import { mkdir, readFile } from "fs/promises";
+import { mkdir, readFile, rm } from "fs/promises";
 //#region src/auth/credentials.ts
 function getCredentialResolver(options) {
 	return new CredentialResolver(options);
@@ -117,6 +117,15 @@ var init_credentials = __esmMin((() => {
 			return profiles;
 		}
 		/**
+		* Plaintext API key from global auth profiles only (no env/oauth fallback).
+		* Used by the gateway console reveal endpoint.
+		*/
+		async revealGatewayStoredApiKey(provider) {
+			const normalizedProvider = provider.toLowerCase();
+			const profiles = await this.loadAuthProfilesFile();
+			return this.findProfileForProvider(profiles, normalizedProvider)?.key?.trim() || null;
+		}
+		/**
 		* Save an API key profile
 		*/
 		async saveApiKey(provider, key, options = {}) {
@@ -149,27 +158,36 @@ var init_credentials = __esmMin((() => {
 			}, "Deleted credential profile");
 		}
 		/**
-		* Load OAuth token for a provider
+		* Load OAuth token for a provider.
 		*/
 		async loadOAuthToken(provider) {
-			const oauthPath = resolveOAuthPath(provider.toLowerCase());
+			const token = await this.loadOAuthTokenRecord(provider);
+			if (!token) return null;
+			if (token.expiresAt && token.expiresAt < Date.now()) {
+				log.warn({
+					provider,
+					expiresAt: token.expiresAt
+				}, "OAuth token is expired");
+				return null;
+			}
+			return token;
+		}
+		/**
+		* Load the raw OAuth token record, including expired tokens for status UIs.
+		*/
+		async loadOAuthTokenRecord(provider) {
+			const normalizedProvider = provider.toLowerCase();
+			const oauthPath = resolveOAuthPath(normalizedProvider);
 			try {
 				const content = await readFile(oauthPath, "utf-8");
 				const token = JSON.parse(content);
-				if (token.expiresAt && token.expiresAt < Date.now()) {
-					log.warn({
-						provider,
-						expiresAt: token.expiresAt
-					}, "OAuth token is expired");
-					return null;
-				}
-				return token;
+				return token.provider === normalizedProvider ? token : null;
 			} catch {
 				return null;
 			}
 		}
 		/**
-		* Save OAuth token for a provider
+		* Save OAuth token for a provider.
 		*/
 		async saveOAuthToken(provider, token) {
 			const normalizedProvider = provider.toLowerCase();
@@ -182,7 +200,23 @@ var init_credentials = __esmMin((() => {
 				updatedAt: (/* @__PURE__ */ new Date()).toISOString()
 			};
 			await writeTextAtomic(oauthPath, JSON.stringify(fullToken, null, 2));
-			log.info({ provider }, "Saved OAuth token");
+			log.info({ provider: normalizedProvider }, "Saved OAuth token");
+		}
+		/**
+		* Delete the OAuth token persisted for a provider.
+		*/
+		async deleteOAuthToken(provider) {
+			const normalizedProvider = provider.toLowerCase();
+			await rm(resolveOAuthPath(normalizedProvider), { force: true });
+			log.info({ provider: normalizedProvider }, "Deleted OAuth token");
+		}
+		/**
+		* Disconnect the default credential for a provider from local storage.
+		*/
+		async deleteProviderCredential(provider) {
+			const normalizedProvider = provider.toLowerCase();
+			await this.deleteProfile(`${normalizedProvider}:default`);
+			await this.deleteOAuthToken(normalizedProvider);
 		}
 		async loadFromAgentCredentials(provider) {
 			if (!this.agentId) return null;

package/dist/src/auth/credentials.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"credentials.js","names":[],"sources":["../../../src/auth/credentials.ts"],"sourcesContent":["import { readFile, mkdir } from 'fs/promises';\nimport { writeTextAtomic } from '../infra/write-file-atomic.js';\nimport { join, dirname } from 'path';\nimport { createLogger } from '../utils/logger.js';\nimport { getApiKeyFromEnv } from '../providers/env-keys.js';\nimport {\n resolveCredentialsDir,\n resolveAuthProfilesPath,\n resolveAgentAuthProfilesPath,\n resolveOAuthPath,\n} from '../config/paths.js';\nimport type { Config } from '../config/schema.js';\n\nconst log = createLogger('Credentials');\n\n// ============================================\n// Types\n// ============================================\n\nexport type CredentialType = 'api_key' \| 'oauth';\n\nexport interface ApiKeyProfile {\n type: 'api_key';\n provider: string;\n profileName?: string;\n envVar?: string \| null;\n key: string \| null;\n}\n\nexport interface OAuthToken {\n type: 'oauth';\n provider: string;\n access: string;\n refresh?: string;\n expiresAt?: number;\n scope?: string[];\n createdAt: string;\n updatedAt: string;\n}\n\nexport type CredentialProfile = ApiKeyProfile;\n\nexport interface AuthProfilesFile {\n version: number;\n profiles: Record<string, ApiKeyProfile>;\n}\n\n// ============================================\n// Credential Resolver\n// ============================================\n\nexport interface CredentialResolverOptions {\n stateDir?: string;\n /** When set, per-agent auth profiles are read from `resolveAgentAuthProfilesPath(appConfig, agentId)`. /\n agentId?: string;\n /* Required when `agentId` is set. /\n appConfig?: Config;\n}\n\nexport class CredentialResolver {\n private readonly credentialsDir: string;\n private readonly agentId?: string;\n private readonly appConfig?: Config;\n\n constructor(options: CredentialResolverOptions = {}) {\n this.credentialsDir = options.stateDir\n ? join(options.stateDir, 'credentials')\n : resolveCredentialsDir();\n this.agentId = options.agentId;\n this.appConfig = options.appConfig;\n if (this.agentId && !this.appConfig) {\n throw new Error('CredentialResolver: appConfig is required when agentId is set');\n }\n }\n\n /\n Resolve API key for a provider\n * Priority: Agent private > Global > OAuth > Environment\n /\n async resolveApiKey(provider: string): Promise<string \| null> {\n const normalizedProvider = provider.toLowerCase();\n\n // 1. Try agent private credentials\n if (this.agentId) {\n const agentKey = await this.loadFromAgentCredentials(normalizedProvider);\n if (agentKey) {\n log.debug({ provider, source: 'agent' }, 'Resolved API key from agent credentials');\n return agentKey;\n }\n }\n\n // 2. Try global credentials\n const globalKey = await this.loadFromGlobalCredentials(normalizedProvider);\n if (globalKey) {\n log.debug({ provider, source: 'global' }, 'Resolved API key from global credentials');\n return globalKey;\n }\n\n // 3. Try OAuth token (convert to Bearer)\n const oauthToken = await this.loadOAuthToken(normalizedProvider);\n if (oauthToken) {\n log.debug({ provider, source: 'oauth' }, 'Resolved API key from OAuth token');\n return oauthToken.access;\n }\n\n // 4. Environment variables (see `src/providers/env-keys.ts`)\n const envKey = getApiKeyFromEnv(normalizedProvider);\n if (envKey) {\n log.debug({ provider, source: 'env' }, 'Resolved API key from environment');\n return envKey;\n }\n\n log.debug({ provider }, 'No API key found');\n return null;\n }\n\n /\n Check if a provider has credentials configured\n /\n async hasCredentials(provider: string): Promise<boolean> {\n const key = await this.resolveApiKey(provider);\n return key !== null;\n }\n\n /\n Which step in {@link resolveApiKey} would supply the key (no secret material).\n /\n async resolveApiKeySource(\n provider: string,\n ): Promise<'agent' \| 'global' \| 'oauth' \| 'env' \| null> {\n const normalizedProvider = provider.toLowerCase();\n\n if (this.agentId) {\n const agentKey = await this.loadFromAgentCredentials(normalizedProvider);\n if (agentKey) return 'agent';\n }\n\n const globalKey = await this.loadFromGlobalCredentials(normalizedProvider);\n if (globalKey) return 'global';\n\n const oauthToken = await this.loadOAuthToken(normalizedProvider);\n if (oauthToken) return 'oauth';\n\n if (getApiKeyFromEnv(normalizedProvider)) return 'env';\n\n return null;\n }\n\n /\n List all available credential profiles\n /\n async listProfiles(): Promise<Array<ApiKeyProfile & { id: string; source: 'agent' \| 'global' }>> {\n const profiles: Array<ApiKeyProfile & { id: string; source: 'agent' \| 'global' }> = [];\n\n // Global profiles\n const globalProfiles = await this.loadAuthProfilesFile();\n for (const [id, profile] of Object.entries(globalProfiles.profiles)) {\n profiles.push({ ...profile, id, source: 'global' });\n }\n\n // Agent private profiles\n if (this.agentId) {\n const agentProfiles = await this.loadAgentAuthProfilesFile();\n for (const [id, profile] of Object.entries(agentProfiles.profiles)) {\n profiles.push({ ...profile, id, source: 'agent' });\n }\n }\n\n return profiles;\n }\n\n /\n Save an API key profile\n /\n async saveApiKey(\n provider: string,\n key: string,\n options: {\n profileName?: string;\n envVar?: string \| null;\n agentPrivate?: boolean;\n } = {}\n ): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n const profileId = options.profileName\n ? `${normalizedProvider}:${options.profileName}`\n : `${normalizedProvider}:default`;\n\n const profile: ApiKeyProfile = {\n type: 'api_key',\n provider: normalizedProvider,\n profileName: options.profileName,\n envVar: options.envVar ?? null,\n key,\n };\n\n if (options.agentPrivate && this.agentId) {\n await this.saveAgentAuthProfile(profileId, profile);\n } else {\n await this.saveGlobalAuthProfile(profileId, profile);\n }\n\n log.info({ provider, profileId, agentPrivate: options.agentPrivate }, 'Saved API key');\n }\n\n /\n Delete a credential profile\n /\n async deleteProfile(profileId: string, options: { agentPrivate?: boolean } = {}): Promise<void> {\n if (options.agentPrivate && this.agentId) {\n await this.deleteAgentAuthProfile(profileId);\n } else {\n await this.deleteGlobalAuthProfile(profileId);\n }\n\n log.info({ profileId, agentPrivate: options.agentPrivate }, 'Deleted credential profile');\n }\n\n /\n Load OAuth token for a provider\n /\n async loadOAuthToken(provider: string): Promise<OAuthToken \| null> {\n const normalizedProvider = provider.toLowerCase();\n const oauthPath = resolveOAuthPath(normalizedProvider);\n\n try {\n const content = await readFile(oauthPath, 'utf-8');\n const token = JSON.parse(content) as OAuthToken;\n\n // Check if token is expired\n if (token.expiresAt && token.expiresAt < Date.now()) {\n log.warn({ provider, expiresAt: token.expiresAt }, 'OAuth token is expired');\n // TODO: Implement token refresh\n return null;\n }\n\n return token;\n } catch {\n return null;\n }\n }\n\n /\n Save OAuth token for a provider\n */\n async saveOAuthToken(provider: string, token: Omit<OAuthToken, 'type' \| 'provider' \| 'updatedAt'>): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n const oauthPath = resolveOAuthPath(normalizedProvider);\n\n await mkdir(dirname(oauthPath), { recursive: true });\n\n const fullToken: OAuthToken = {\n ...token,\n type: 'oauth',\n provider: normalizedProvider,\n updatedAt: new Date().toISOString(),\n };\n\n await writeTextAtomic(oauthPath, JSON.stringify(fullToken, null, 2));\n log.info({ provider }, 'Saved OAuth token');\n }\n\n // ============================================\n // Private Methods\n // ============================================\n\n private async loadFromAgentCredentials(provider: string): Promise<string \| null> {\n if (!this.agentId) return null;\n\n const profiles = await this.loadAgentAuthProfilesFile();\n const profile = this.findProfileForProvider(profiles, provider);\n\n if (!profile) return null;\n if (profile.envVar) return this.loadFromEnv(profile.envVar) ?? profile.key;\n return profile.key;\n }\n\n private async loadFromGlobalCredentials(provider: string): Promise<string \| null> {\n const profiles = await this.loadAuthProfilesFile();\n const profile = this.findProfileForProvider(profiles, provider);\n\n if (!profile) return null;\n if (profile.envVar) return this.loadFromEnv(profile.envVar) ?? profile.key;\n return profile.key;\n }\n\n private loadFromEnv(envVarName: string): string \| null {\n return process.env[envVarName] \|\| null;\n }\n\n private findProfileForProvider(\n file: AuthProfilesFile,\n provider: string\n ): ApiKeyProfile \| null {\n const normalizedProvider = provider.toLowerCase();\n\n // Look for exact match first\n for (const [, profile] of Object.entries(file.profiles)) {\n if (profile.provider === normalizedProvider) {\n return profile;\n }\n }\n\n return null;\n }\n\n private async loadAuthProfilesFile(): Promise<AuthProfilesFile> {\n const path = resolveAuthProfilesPath();\n\n try {\n const content = await readFile(path, 'utf-8');\n const data = JSON.parse(content);\n return {\n version: data.version \|\| 1,\n profiles: data.profiles \|\| {},\n };\n } catch {\n return { version: 2, profiles: {} };\n }\n }\n\n private async loadAgentAuthProfilesFile(): Promise<AuthProfilesFile> {\n if (!this.agentId \|\| !this.appConfig) return { version: 2, profiles: {} };\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n\n try {\n const content = await readFile(path, 'utf-8');\n const data = JSON.parse(content);\n return {\n version: data.version \|\| 1,\n profiles: data.profiles \|\| {},\n };\n } catch {\n return { version: 2, profiles: {} };\n }\n }\n\n private async saveGlobalAuthProfile(profileId: string, profile: ApiKeyProfile): Promise<void> {\n const path = resolveAuthProfilesPath();\n await mkdir(dirname(path), { recursive: true });\n\n const file = await this.loadAuthProfilesFile();\n file.profiles[profileId] = profile;\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async saveAgentAuthProfile(profileId: string, profile: ApiKeyProfile): Promise<void> {\n if (!this.agentId \|\| !this.appConfig) throw new Error('Agent ID and appConfig required for agent-private profiles');\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n await mkdir(dirname(path), { recursive: true });\n\n const file = await this.loadAgentAuthProfilesFile();\n file.profiles[profileId] = profile;\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async deleteGlobalAuthProfile(profileId: string): Promise<void> {\n const path = resolveAuthProfilesPath();\n const file = await this.loadAuthProfilesFile();\n\n delete file.profiles[profileId];\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async deleteAgentAuthProfile(profileId: string): Promise<void> {\n if (!this.agentId \|\| !this.appConfig) throw new Error('Agent ID and appConfig required for agent-private profiles');\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n const file = await this.loadAgentAuthProfilesFile();\n\n delete file.profiles[profileId];\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n}\n\n// ============================================\n// Convenience Functions\n// ============================================\n\nlet defaultResolver: CredentialResolver \| null = null;\n\nexport function getCredentialResolver(options?: CredentialResolverOptions): CredentialResolver {\n if (!defaultResolver \|\| options) {\n return new CredentialResolver(options);\n }\n return defaultResolver;\n}\n\nexport async function resolveApiKey(provider: string, options?: CredentialResolverOptions): Promise<string \| null> {\n const resolver = getCredentialResolver(options);\n return resolver.resolveApiKey(provider);\n}\n\nexport async function hasCredentials(provider: string, options?: CredentialResolverOptions): Promise<boolean> {\n const resolver = getCredentialResolver(options);\n return resolver.hasCredentials(provider);\n}\n"],"mappings":";;;;;;;;;AAmYA,SAAgB,sBAAsB,SAAyD;AAE3F,QAAO,IAAI,mBAAmB,QAAQ;;AAK1C,eAAsB,cAAc,UAAkB,SAA6D;AAEjH,QADiB,sBAAsB,QACxB,CAAC,cAAc,SAAS;;AAGzC,eAAsB,eAAe,UAAkB,SAAuD;AAE5G,QADiB,sBAAsB,QACxB,CAAC,eAAe,SAAS;;;;yBAhZsB;cAEd;gBACU;aAMhC;AAGtB,OAAM,aAAa,cAAc;AA8C1B,sBAAb,MAAgC;EAC9B;EACA;EACA;EAEA,YAAY,UAAqC,EAAE,EAAE;AACnD,QAAK,iBAAiB,QAAQ,WAC1B,KAAK,QAAQ,UAAU,cAAc,GACrC,uBAAuB;AAC3B,QAAK,UAAU,QAAQ;AACvB,QAAK,YAAY,QAAQ;AACzB,OAAI,KAAK,WAAW,CAAC,KAAK,UACxB,OAAM,IAAI,MAAM,gEAAgE;;;;;;EAQpF,MAAM,cAAc,UAA0C;GAC5D,MAAM,qBAAqB,SAAS,aAAa;AAGjD,OAAI,KAAK,SAAS;IAChB,MAAM,WAAW,MAAM,KAAK,yBAAyB,mBAAmB;AACxE,QAAI,UAAU;AACZ,SAAI,MAAM;MAAE;MAAU,QAAQ;MAAS,EAAE,0CAA0C;AACnF,YAAO;;;GAKX,MAAM,YAAY,MAAM,KAAK,0BAA0B,mBAAmB;AAC1E,OAAI,WAAW;AACb,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAU,EAAE,2CAA2C;AACrF,WAAO;;GAIT,MAAM,aAAa,MAAM,KAAK,eAAe,mBAAmB;AAChE,OAAI,YAAY;AACd,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAS,EAAE,oCAAoC;AAC7E,WAAO,WAAW;;GAIpB,MAAM,SAAS,iBAAiB,mBAAmB;AACnD,OAAI,QAAQ;AACV,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAO,EAAE,oCAAoC;AAC3E,WAAO;;AAGT,OAAI,MAAM,EAAE,UAAU,EAAE,mBAAmB;AAC3C,UAAO;;;;;EAMT,MAAM,eAAe,UAAoC;AAEvD,UAAO,MADW,KAAK,cAAc,SAAS,KAC/B;;;;;EAMjB,MAAM,oBACJ,UACsD;GACtD,MAAM,qBAAqB,SAAS,aAAa;AAEjD,OAAI,KAAK;QAEH,MADmB,KAAK,yBAAyB,mBAAmB,CAC1D,QAAO;;AAIvB,OAAI,MADoB,KAAK,0BAA0B,mBAAmB,CAC3D,QAAO;AAGtB,OAAI,MADqB,KAAK,eAAe,mBAAmB,CAChD,QAAO;AAEvB,OAAI,iBAAiB,mBAAmB,CAAE,QAAO;AAEjD,UAAO;;;;;EAMT,MAAM,eAA2F;GAC/F,MAAM,WAA8E,EAAE;GAGtF,MAAM,iBAAiB,MAAM,KAAK,sBAAsB;AACxD,QAAK,MAAM,CAAC,IAAI,YAAY,OAAO,QAAQ,eAAe,SAAS,CACjE,UAAS,KAAK;IAAE,GAAG;IAAS;IAAI,QAAQ;IAAU,CAAC;AAIrD,OAAI,KAAK,SAAS;IAChB,MAAM,gBAAgB,MAAM,KAAK,2BAA2B;AAC5D,SAAK,MAAM,CAAC,IAAI,YAAY,OAAO,QAAQ,cAAc,SAAS,CAChE,UAAS,KAAK;KAAE,GAAG;KAAS;KAAI,QAAQ;KAAS,CAAC;;AAItD,UAAO;;;;;EAMT,MAAM,WACJ,UACA,KACA,UAII,EAAE,EACS;GACf,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,YAAY,QAAQ,cACtB,GAAG,mBAAmB,GAAG,QAAQ,gBACjC,GAAG,mBAAmB;GAE1B,MAAM,UAAyB;IAC7B,MAAM;IACN,UAAU;IACV,aAAa,QAAQ;IACrB,QAAQ,QAAQ,UAAU;IAC1B;IACD;AAED,OAAI,QAAQ,gBAAgB,KAAK,QAC/B,OAAM,KAAK,qBAAqB,WAAW,QAAQ;OAEnD,OAAM,KAAK,sBAAsB,WAAW,QAAQ;AAGtD,OAAI,KAAK;IAAE;IAAU;IAAW,cAAc,QAAQ;IAAc,EAAE,gBAAgB;;;;;EAMxF,MAAM,cAAc,WAAmB,UAAsC,EAAE,EAAiB;AAC9F,OAAI,QAAQ,gBAAgB,KAAK,QAC/B,OAAM,KAAK,uBAAuB,UAAU;OAE5C,OAAM,KAAK,wBAAwB,UAAU;AAG/C,OAAI,KAAK;IAAE;IAAW,cAAc,QAAQ;IAAc,EAAE,6BAA6B;;;;;EAM3F,MAAM,eAAe,UAA8C;GAEjE,MAAM,YAAY,iBADS,SAAS,aACiB,CAAC;AAEtD,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,WAAW,QAAQ;IAClD,MAAM,QAAQ,KAAK,MAAM,QAAQ;AAGjC,QAAI,MAAM,aAAa,MAAM,YAAY,KAAK,KAAK,EAAE;AACnD,SAAI,KAAK;MAAE;MAAU,WAAW,MAAM;MAAW,EAAE,yBAAyB;AAE5E,YAAO;;AAGT,WAAO;WACD;AACN,WAAO;;;;;;EAOX,MAAM,eAAe,UAAkB,OAA2E;GAChH,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,YAAY,iBAAiB,mBAAmB;AAEtD,SAAM,MAAM,QAAQ,UAAU,EAAE,EAAE,WAAW,MAAM,CAAC;GAEpD,MAAM,YAAwB;IAC5B,GAAG;IACH,MAAM;IACN,UAAU;IACV,4BAAW,IAAI,MAAM,EAAC,aAAa;IACpC;AAED,SAAM,gBAAgB,WAAW,KAAK,UAAU,WAAW,MAAM,EAAE,CAAC;AACpE,OAAI,KAAK,EAAE,UAAU,EAAE,oBAAoB;;EAO7C,MAAc,yBAAyB,UAA0C;AAC/E,OAAI,CAAC,KAAK,QAAS,QAAO;GAE1B,MAAM,WAAW,MAAM,KAAK,2BAA2B;GACvD,MAAM,UAAU,KAAK,uBAAuB,UAAU,SAAS;AAE/D,OAAI,CAAC,QAAS,QAAO;AACrB,OAAI,QAAQ,OAAQ,QAAO,KAAK,YAAY,QAAQ,OAAO,IAAI,QAAQ;AACvE,UAAO,QAAQ;;EAGjB,MAAc,0BAA0B,UAA0C;GAChF,MAAM,WAAW,MAAM,KAAK,sBAAsB;GAClD,MAAM,UAAU,KAAK,uBAAuB,UAAU,SAAS;AAE/D,OAAI,CAAC,QAAS,QAAO;AACrB,OAAI,QAAQ,OAAQ,QAAO,KAAK,YAAY,QAAQ,OAAO,IAAI,QAAQ;AACvE,UAAO,QAAQ;;EAGjB,YAAoB,YAAmC;AACrD,UAAO,QAAQ,IAAI,eAAe;;EAGpC,uBACE,MACA,UACsB;GACtB,MAAM,qBAAqB,SAAS,aAAa;AAGjD,QAAK,MAAM,GAAG,YAAY,OAAO,QAAQ,KAAK,SAAS,CACrD,KAAI,QAAQ,aAAa,mBACvB,QAAO;AAIX,UAAO;;EAGT,MAAc,uBAAkD;GAC9D,MAAM,OAAO,yBAAyB;AAEtC,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;IAC7C,MAAM,OAAO,KAAK,MAAM,QAAQ;AAChC,WAAO;KACL,SAAS,KAAK,WAAW;KACzB,UAAU,KAAK,YAAY,EAAE;KAC9B;WACK;AACN,WAAO;KAAE,SAAS;KAAG,UAAU,EAAE;KAAE;;;EAIvC,MAAc,4BAAuD;AACnE,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,QAAO;IAAE,SAAS;IAAG,UAAU,EAAE;IAAE;GAEzE,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;AAEvE,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;IAC7C,MAAM,OAAO,KAAK,MAAM,QAAQ;AAChC,WAAO;KACL,SAAS,KAAK,WAAW;KACzB,UAAU,KAAK,YAAY,EAAE;KAC9B;WACK;AACN,WAAO;KAAE,SAAS;KAAG,UAAU,EAAE;KAAE;;;EAIvC,MAAc,sBAAsB,WAAmB,SAAuC;GAC5F,MAAM,OAAO,yBAAyB;AACtC,SAAM,MAAM,QAAQ,KAAK,EAAE,EAAE,WAAW,MAAM,CAAC;GAE/C,MAAM,OAAO,MAAM,KAAK,sBAAsB;AAC9C,QAAK,SAAS,aAAa;AAE3B,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,qBAAqB,WAAmB,SAAuC;AAC3F,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,OAAM,IAAI,MAAM,6DAA6D;GAEnH,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;AACvE,SAAM,MAAM,QAAQ,KAAK,EAAE,EAAE,WAAW,MAAM,CAAC;GAE/C,MAAM,OAAO,MAAM,KAAK,2BAA2B;AACnD,QAAK,SAAS,aAAa;AAE3B,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,wBAAwB,WAAkC;GACtE,MAAM,OAAO,yBAAyB;GACtC,MAAM,OAAO,MAAM,KAAK,sBAAsB;AAE9C,UAAO,KAAK,SAAS;AAErB,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,uBAAuB,WAAkC;AACrE,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,OAAM,IAAI,MAAM,6DAA6D;GAEnH,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;GACvE,MAAM,OAAO,MAAM,KAAK,2BAA2B;AAEnD,UAAO,KAAK,SAAS;AAErB,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC"}
1	+ {"version":3,"file":"credentials.js","names":[],"sources":["../../../src/auth/credentials.ts"],"sourcesContent":["import { readFile, mkdir, rm } from 'fs/promises';\nimport { writeTextAtomic } from '../infra/write-file-atomic.js';\nimport { join, dirname } from 'path';\nimport { createLogger } from '../utils/logger.js';\nimport { getApiKeyFromEnv } from '../providers/env-keys.js';\nimport {\n resolveCredentialsDir,\n resolveAuthProfilesPath,\n resolveAgentAuthProfilesPath,\n resolveOAuthPath,\n} from '../config/paths.js';\nimport type { Config } from '../config/schema.js';\n\nconst log = createLogger('Credentials');\n\n// ============================================\n// Types\n// ============================================\n\nexport type CredentialType = 'api_key' \| 'oauth';\n\nexport interface ApiKeyProfile {\n type: 'api_key';\n provider: string;\n profileName?: string;\n envVar?: string \| null;\n key: string \| null;\n}\n\nexport interface OAuthToken {\n type: 'oauth';\n provider: string;\n access: string;\n refresh?: string;\n expiresAt?: number;\n scope?: string[];\n createdAt: string;\n updatedAt: string;\n}\n\nexport type CredentialProfile = ApiKeyProfile;\n\nexport interface AuthProfilesFile {\n version: number;\n profiles: Record<string, ApiKeyProfile>;\n}\n\n// ============================================\n// Credential Resolver\n// ============================================\n\nexport interface CredentialResolverOptions {\n stateDir?: string;\n /** When set, per-agent auth profiles are read from `resolveAgentAuthProfilesPath(appConfig, agentId)`. /\n agentId?: string;\n /* Required when `agentId` is set. /\n appConfig?: Config;\n}\n\nexport class CredentialResolver {\n private readonly credentialsDir: string;\n private readonly agentId?: string;\n private readonly appConfig?: Config;\n\n constructor(options: CredentialResolverOptions = {}) {\n this.credentialsDir = options.stateDir\n ? join(options.stateDir, 'credentials')\n : resolveCredentialsDir();\n this.agentId = options.agentId;\n this.appConfig = options.appConfig;\n if (this.agentId && !this.appConfig) {\n throw new Error('CredentialResolver: appConfig is required when agentId is set');\n }\n }\n\n /\n Resolve API key for a provider\n * Priority: Agent private > Global > OAuth > Environment\n /\n async resolveApiKey(provider: string): Promise<string \| null> {\n const normalizedProvider = provider.toLowerCase();\n\n // 1. Try agent private credentials\n if (this.agentId) {\n const agentKey = await this.loadFromAgentCredentials(normalizedProvider);\n if (agentKey) {\n log.debug({ provider, source: 'agent' }, 'Resolved API key from agent credentials');\n return agentKey;\n }\n }\n\n // 2. Try global credentials\n const globalKey = await this.loadFromGlobalCredentials(normalizedProvider);\n if (globalKey) {\n log.debug({ provider, source: 'global' }, 'Resolved API key from global credentials');\n return globalKey;\n }\n\n // 3. Try OAuth token (convert to Bearer)\n const oauthToken = await this.loadOAuthToken(normalizedProvider);\n if (oauthToken) {\n log.debug({ provider, source: 'oauth' }, 'Resolved API key from OAuth token');\n return oauthToken.access;\n }\n\n // 4. Environment variables (see `src/providers/env-keys.ts`)\n const envKey = getApiKeyFromEnv(normalizedProvider);\n if (envKey) {\n log.debug({ provider, source: 'env' }, 'Resolved API key from environment');\n return envKey;\n }\n\n log.debug({ provider }, 'No API key found');\n return null;\n }\n\n /\n Check if a provider has credentials configured\n /\n async hasCredentials(provider: string): Promise<boolean> {\n const key = await this.resolveApiKey(provider);\n return key !== null;\n }\n\n /\n Which step in {@link resolveApiKey} would supply the key (no secret material).\n /\n async resolveApiKeySource(\n provider: string,\n ): Promise<'agent' \| 'global' \| 'oauth' \| 'env' \| null> {\n const normalizedProvider = provider.toLowerCase();\n\n if (this.agentId) {\n const agentKey = await this.loadFromAgentCredentials(normalizedProvider);\n if (agentKey) return 'agent';\n }\n\n const globalKey = await this.loadFromGlobalCredentials(normalizedProvider);\n if (globalKey) return 'global';\n\n const oauthToken = await this.loadOAuthToken(normalizedProvider);\n if (oauthToken) return 'oauth';\n\n if (getApiKeyFromEnv(normalizedProvider)) return 'env';\n\n return null;\n }\n\n /\n List all available credential profiles\n /\n async listProfiles(): Promise<Array<ApiKeyProfile & { id: string; source: 'agent' \| 'global' }>> {\n const profiles: Array<ApiKeyProfile & { id: string; source: 'agent' \| 'global' }> = [];\n\n // Global profiles\n const globalProfiles = await this.loadAuthProfilesFile();\n for (const [id, profile] of Object.entries(globalProfiles.profiles)) {\n profiles.push({ ...profile, id, source: 'global' });\n }\n\n // Agent private profiles\n if (this.agentId) {\n const agentProfiles = await this.loadAgentAuthProfilesFile();\n for (const [id, profile] of Object.entries(agentProfiles.profiles)) {\n profiles.push({ ...profile, id, source: 'agent' });\n }\n }\n\n return profiles;\n }\n\n /\n Plaintext API key from global auth profiles only (no env/oauth fallback).\n * Used by the gateway console reveal endpoint.\n /\n async revealGatewayStoredApiKey(provider: string): Promise<string \| null> {\n const normalizedProvider = provider.toLowerCase();\n const profiles = await this.loadAuthProfilesFile();\n const profile = this.findProfileForProvider(profiles, normalizedProvider);\n const key = profile?.key?.trim();\n return key \|\| null;\n }\n\n /\n Save an API key profile\n /\n async saveApiKey(\n provider: string,\n key: string,\n options: {\n profileName?: string;\n envVar?: string \| null;\n agentPrivate?: boolean;\n } = {}\n ): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n const profileId = options.profileName\n ? `${normalizedProvider}:${options.profileName}`\n : `${normalizedProvider}:default`;\n\n const profile: ApiKeyProfile = {\n type: 'api_key',\n provider: normalizedProvider,\n profileName: options.profileName,\n envVar: options.envVar ?? null,\n key,\n };\n\n if (options.agentPrivate && this.agentId) {\n await this.saveAgentAuthProfile(profileId, profile);\n } else {\n await this.saveGlobalAuthProfile(profileId, profile);\n }\n\n log.info({ provider, profileId, agentPrivate: options.agentPrivate }, 'Saved API key');\n }\n\n /\n Delete a credential profile\n /\n async deleteProfile(profileId: string, options: { agentPrivate?: boolean } = {}): Promise<void> {\n if (options.agentPrivate && this.agentId) {\n await this.deleteAgentAuthProfile(profileId);\n } else {\n await this.deleteGlobalAuthProfile(profileId);\n }\n\n log.info({ profileId, agentPrivate: options.agentPrivate }, 'Deleted credential profile');\n }\n\n /\n Load OAuth token for a provider.\n /\n async loadOAuthToken(provider: string): Promise<OAuthToken \| null> {\n const token = await this.loadOAuthTokenRecord(provider);\n if (!token) return null;\n\n if (token.expiresAt && token.expiresAt < Date.now()) {\n log.warn({ provider, expiresAt: token.expiresAt }, 'OAuth token is expired');\n return null;\n }\n\n return token;\n }\n\n /\n Load the raw OAuth token record, including expired tokens for status UIs.\n /\n async loadOAuthTokenRecord(provider: string): Promise<OAuthToken \| null> {\n const normalizedProvider = provider.toLowerCase();\n const oauthPath = resolveOAuthPath(normalizedProvider);\n\n try {\n const content = await readFile(oauthPath, 'utf-8');\n const token = JSON.parse(content) as OAuthToken;\n return token.provider === normalizedProvider ? token : null;\n } catch {\n return null;\n }\n }\n\n /\n Save OAuth token for a provider.\n /\n async saveOAuthToken(provider: string, token: Omit<OAuthToken, 'type' \| 'provider' \| 'updatedAt'>): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n const oauthPath = resolveOAuthPath(normalizedProvider);\n\n await mkdir(dirname(oauthPath), { recursive: true });\n\n const fullToken: OAuthToken = {\n ...token,\n type: 'oauth',\n provider: normalizedProvider,\n updatedAt: new Date().toISOString(),\n };\n\n await writeTextAtomic(oauthPath, JSON.stringify(fullToken, null, 2));\n log.info({ provider: normalizedProvider }, 'Saved OAuth token');\n }\n\n /\n Delete the OAuth token persisted for a provider.\n /\n async deleteOAuthToken(provider: string): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n const oauthPath = resolveOAuthPath(normalizedProvider);\n await rm(oauthPath, { force: true });\n log.info({ provider: normalizedProvider }, 'Deleted OAuth token');\n }\n\n /\n Disconnect the default credential for a provider from local storage.\n */\n async deleteProviderCredential(provider: string): Promise<void> {\n const normalizedProvider = provider.toLowerCase();\n await this.deleteProfile(`${normalizedProvider}:default`);\n await this.deleteOAuthToken(normalizedProvider);\n }\n\n // ============================================\n // Private Methods\n // ============================================\n\n private async loadFromAgentCredentials(provider: string): Promise<string \| null> {\n if (!this.agentId) return null;\n\n const profiles = await this.loadAgentAuthProfilesFile();\n const profile = this.findProfileForProvider(profiles, provider);\n\n if (!profile) return null;\n if (profile.envVar) return this.loadFromEnv(profile.envVar) ?? profile.key;\n return profile.key;\n }\n\n private async loadFromGlobalCredentials(provider: string): Promise<string \| null> {\n const profiles = await this.loadAuthProfilesFile();\n const profile = this.findProfileForProvider(profiles, provider);\n\n if (!profile) return null;\n if (profile.envVar) return this.loadFromEnv(profile.envVar) ?? profile.key;\n return profile.key;\n }\n\n private loadFromEnv(envVarName: string): string \| null {\n return process.env[envVarName] \|\| null;\n }\n\n private findProfileForProvider(\n file: AuthProfilesFile,\n provider: string\n ): ApiKeyProfile \| null {\n const normalizedProvider = provider.toLowerCase();\n\n // Look for exact match first\n for (const [, profile] of Object.entries(file.profiles)) {\n if (profile.provider === normalizedProvider) {\n return profile;\n }\n }\n\n return null;\n }\n\n private async loadAuthProfilesFile(): Promise<AuthProfilesFile> {\n const path = resolveAuthProfilesPath();\n\n try {\n const content = await readFile(path, 'utf-8');\n const data = JSON.parse(content);\n return {\n version: data.version \|\| 1,\n profiles: data.profiles \|\| {},\n };\n } catch {\n return { version: 2, profiles: {} };\n }\n }\n\n private async loadAgentAuthProfilesFile(): Promise<AuthProfilesFile> {\n if (!this.agentId \|\| !this.appConfig) return { version: 2, profiles: {} };\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n\n try {\n const content = await readFile(path, 'utf-8');\n const data = JSON.parse(content);\n return {\n version: data.version \|\| 1,\n profiles: data.profiles \|\| {},\n };\n } catch {\n return { version: 2, profiles: {} };\n }\n }\n\n private async saveGlobalAuthProfile(profileId: string, profile: ApiKeyProfile): Promise<void> {\n const path = resolveAuthProfilesPath();\n await mkdir(dirname(path), { recursive: true });\n\n const file = await this.loadAuthProfilesFile();\n file.profiles[profileId] = profile;\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async saveAgentAuthProfile(profileId: string, profile: ApiKeyProfile): Promise<void> {\n if (!this.agentId \|\| !this.appConfig) throw new Error('Agent ID and appConfig required for agent-private profiles');\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n await mkdir(dirname(path), { recursive: true });\n\n const file = await this.loadAgentAuthProfilesFile();\n file.profiles[profileId] = profile;\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async deleteGlobalAuthProfile(profileId: string): Promise<void> {\n const path = resolveAuthProfilesPath();\n const file = await this.loadAuthProfilesFile();\n\n delete file.profiles[profileId];\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n\n private async deleteAgentAuthProfile(profileId: string): Promise<void> {\n if (!this.agentId \|\| !this.appConfig) throw new Error('Agent ID and appConfig required for agent-private profiles');\n\n const path = resolveAgentAuthProfilesPath(this.appConfig, this.agentId);\n const file = await this.loadAgentAuthProfilesFile();\n\n delete file.profiles[profileId];\n\n await writeTextAtomic(path, JSON.stringify(file, null, 2));\n }\n}\n\n// ============================================\n// Convenience Functions\n// ============================================\n\nlet defaultResolver: CredentialResolver \| null = null;\n\nexport function getCredentialResolver(options?: CredentialResolverOptions): CredentialResolver {\n if (!defaultResolver \|\| options) {\n return new CredentialResolver(options);\n }\n return defaultResolver;\n}\n\nexport async function resolveApiKey(provider: string, options?: CredentialResolverOptions): Promise<string \| null> {\n const resolver = getCredentialResolver(options);\n return resolver.resolveApiKey(provider);\n}\n\nexport async function hasCredentials(provider: string, options?: CredentialResolverOptions): Promise<boolean> {\n const resolver = getCredentialResolver(options);\n return resolver.hasCredentials(provider);\n}\n"],"mappings":";;;;;;;;;AAyaA,SAAgB,sBAAsB,SAAyD;AAE3F,QAAO,IAAI,mBAAmB,QAAQ;;AAK1C,eAAsB,cAAc,UAAkB,SAA6D;AAEjH,QADiB,sBAAsB,QACxB,CAAC,cAAc,SAAS;;AAGzC,eAAsB,eAAe,UAAkB,SAAuD;AAE5G,QADiB,sBAAsB,QACxB,CAAC,eAAe,SAAS;;;;yBAtbsB;cAEd;gBACU;aAMhC;AAGtB,OAAM,aAAa,cAAc;AA8C1B,sBAAb,MAAgC;EAC9B;EACA;EACA;EAEA,YAAY,UAAqC,EAAE,EAAE;AACnD,QAAK,iBAAiB,QAAQ,WAC1B,KAAK,QAAQ,UAAU,cAAc,GACrC,uBAAuB;AAC3B,QAAK,UAAU,QAAQ;AACvB,QAAK,YAAY,QAAQ;AACzB,OAAI,KAAK,WAAW,CAAC,KAAK,UACxB,OAAM,IAAI,MAAM,gEAAgE;;;;;;EAQpF,MAAM,cAAc,UAA0C;GAC5D,MAAM,qBAAqB,SAAS,aAAa;AAGjD,OAAI,KAAK,SAAS;IAChB,MAAM,WAAW,MAAM,KAAK,yBAAyB,mBAAmB;AACxE,QAAI,UAAU;AACZ,SAAI,MAAM;MAAE;MAAU,QAAQ;MAAS,EAAE,0CAA0C;AACnF,YAAO;;;GAKX,MAAM,YAAY,MAAM,KAAK,0BAA0B,mBAAmB;AAC1E,OAAI,WAAW;AACb,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAU,EAAE,2CAA2C;AACrF,WAAO;;GAIT,MAAM,aAAa,MAAM,KAAK,eAAe,mBAAmB;AAChE,OAAI,YAAY;AACd,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAS,EAAE,oCAAoC;AAC7E,WAAO,WAAW;;GAIpB,MAAM,SAAS,iBAAiB,mBAAmB;AACnD,OAAI,QAAQ;AACV,QAAI,MAAM;KAAE;KAAU,QAAQ;KAAO,EAAE,oCAAoC;AAC3E,WAAO;;AAGT,OAAI,MAAM,EAAE,UAAU,EAAE,mBAAmB;AAC3C,UAAO;;;;;EAMT,MAAM,eAAe,UAAoC;AAEvD,UAAO,MADW,KAAK,cAAc,SAAS,KAC/B;;;;;EAMjB,MAAM,oBACJ,UACsD;GACtD,MAAM,qBAAqB,SAAS,aAAa;AAEjD,OAAI,KAAK;QAEH,MADmB,KAAK,yBAAyB,mBAAmB,CAC1D,QAAO;;AAIvB,OAAI,MADoB,KAAK,0BAA0B,mBAAmB,CAC3D,QAAO;AAGtB,OAAI,MADqB,KAAK,eAAe,mBAAmB,CAChD,QAAO;AAEvB,OAAI,iBAAiB,mBAAmB,CAAE,QAAO;AAEjD,UAAO;;;;;EAMT,MAAM,eAA2F;GAC/F,MAAM,WAA8E,EAAE;GAGtF,MAAM,iBAAiB,MAAM,KAAK,sBAAsB;AACxD,QAAK,MAAM,CAAC,IAAI,YAAY,OAAO,QAAQ,eAAe,SAAS,CACjE,UAAS,KAAK;IAAE,GAAG;IAAS;IAAI,QAAQ;IAAU,CAAC;AAIrD,OAAI,KAAK,SAAS;IAChB,MAAM,gBAAgB,MAAM,KAAK,2BAA2B;AAC5D,SAAK,MAAM,CAAC,IAAI,YAAY,OAAO,QAAQ,cAAc,SAAS,CAChE,UAAS,KAAK;KAAE,GAAG;KAAS;KAAI,QAAQ;KAAS,CAAC;;AAItD,UAAO;;;;;;EAOT,MAAM,0BAA0B,UAA0C;GACxE,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,WAAW,MAAM,KAAK,sBAAsB;AAGlD,UAFgB,KAAK,uBAAuB,UAAU,mBACnC,EAAE,KAAK,MAAM,IAClB;;;;;EAMhB,MAAM,WACJ,UACA,KACA,UAII,EAAE,EACS;GACf,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,YAAY,QAAQ,cACtB,GAAG,mBAAmB,GAAG,QAAQ,gBACjC,GAAG,mBAAmB;GAE1B,MAAM,UAAyB;IAC7B,MAAM;IACN,UAAU;IACV,aAAa,QAAQ;IACrB,QAAQ,QAAQ,UAAU;IAC1B;IACD;AAED,OAAI,QAAQ,gBAAgB,KAAK,QAC/B,OAAM,KAAK,qBAAqB,WAAW,QAAQ;OAEnD,OAAM,KAAK,sBAAsB,WAAW,QAAQ;AAGtD,OAAI,KAAK;IAAE;IAAU;IAAW,cAAc,QAAQ;IAAc,EAAE,gBAAgB;;;;;EAMxF,MAAM,cAAc,WAAmB,UAAsC,EAAE,EAAiB;AAC9F,OAAI,QAAQ,gBAAgB,KAAK,QAC/B,OAAM,KAAK,uBAAuB,UAAU;OAE5C,OAAM,KAAK,wBAAwB,UAAU;AAG/C,OAAI,KAAK;IAAE;IAAW,cAAc,QAAQ;IAAc,EAAE,6BAA6B;;;;;EAM3F,MAAM,eAAe,UAA8C;GACjE,MAAM,QAAQ,MAAM,KAAK,qBAAqB,SAAS;AACvD,OAAI,CAAC,MAAO,QAAO;AAEnB,OAAI,MAAM,aAAa,MAAM,YAAY,KAAK,KAAK,EAAE;AACnD,QAAI,KAAK;KAAE;KAAU,WAAW,MAAM;KAAW,EAAE,yBAAyB;AAC5E,WAAO;;AAGT,UAAO;;;;;EAMT,MAAM,qBAAqB,UAA8C;GACvE,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,YAAY,iBAAiB,mBAAmB;AAEtD,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,WAAW,QAAQ;IAClD,MAAM,QAAQ,KAAK,MAAM,QAAQ;AACjC,WAAO,MAAM,aAAa,qBAAqB,QAAQ;WACjD;AACN,WAAO;;;;;;EAOX,MAAM,eAAe,UAAkB,OAA2E;GAChH,MAAM,qBAAqB,SAAS,aAAa;GACjD,MAAM,YAAY,iBAAiB,mBAAmB;AAEtD,SAAM,MAAM,QAAQ,UAAU,EAAE,EAAE,WAAW,MAAM,CAAC;GAEpD,MAAM,YAAwB;IAC5B,GAAG;IACH,MAAM;IACN,UAAU;IACV,4BAAW,IAAI,MAAM,EAAC,aAAa;IACpC;AAED,SAAM,gBAAgB,WAAW,KAAK,UAAU,WAAW,MAAM,EAAE,CAAC;AACpE,OAAI,KAAK,EAAE,UAAU,oBAAoB,EAAE,oBAAoB;;;;;EAMjE,MAAM,iBAAiB,UAAiC;GACtD,MAAM,qBAAqB,SAAS,aAAa;AAEjD,SAAM,GADY,iBAAiB,mBACjB,EAAE,EAAE,OAAO,MAAM,CAAC;AACpC,OAAI,KAAK,EAAE,UAAU,oBAAoB,EAAE,sBAAsB;;;;;EAMnE,MAAM,yBAAyB,UAAiC;GAC9D,MAAM,qBAAqB,SAAS,aAAa;AACjD,SAAM,KAAK,cAAc,GAAG,mBAAmB,UAAU;AACzD,SAAM,KAAK,iBAAiB,mBAAmB;;EAOjD,MAAc,yBAAyB,UAA0C;AAC/E,OAAI,CAAC,KAAK,QAAS,QAAO;GAE1B,MAAM,WAAW,MAAM,KAAK,2BAA2B;GACvD,MAAM,UAAU,KAAK,uBAAuB,UAAU,SAAS;AAE/D,OAAI,CAAC,QAAS,QAAO;AACrB,OAAI,QAAQ,OAAQ,QAAO,KAAK,YAAY,QAAQ,OAAO,IAAI,QAAQ;AACvE,UAAO,QAAQ;;EAGjB,MAAc,0BAA0B,UAA0C;GAChF,MAAM,WAAW,MAAM,KAAK,sBAAsB;GAClD,MAAM,UAAU,KAAK,uBAAuB,UAAU,SAAS;AAE/D,OAAI,CAAC,QAAS,QAAO;AACrB,OAAI,QAAQ,OAAQ,QAAO,KAAK,YAAY,QAAQ,OAAO,IAAI,QAAQ;AACvE,UAAO,QAAQ;;EAGjB,YAAoB,YAAmC;AACrD,UAAO,QAAQ,IAAI,eAAe;;EAGpC,uBACE,MACA,UACsB;GACtB,MAAM,qBAAqB,SAAS,aAAa;AAGjD,QAAK,MAAM,GAAG,YAAY,OAAO,QAAQ,KAAK,SAAS,CACrD,KAAI,QAAQ,aAAa,mBACvB,QAAO;AAIX,UAAO;;EAGT,MAAc,uBAAkD;GAC9D,MAAM,OAAO,yBAAyB;AAEtC,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;IAC7C,MAAM,OAAO,KAAK,MAAM,QAAQ;AAChC,WAAO;KACL,SAAS,KAAK,WAAW;KACzB,UAAU,KAAK,YAAY,EAAE;KAC9B;WACK;AACN,WAAO;KAAE,SAAS;KAAG,UAAU,EAAE;KAAE;;;EAIvC,MAAc,4BAAuD;AACnE,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,QAAO;IAAE,SAAS;IAAG,UAAU,EAAE;IAAE;GAEzE,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;AAEvE,OAAI;IACF,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;IAC7C,MAAM,OAAO,KAAK,MAAM,QAAQ;AAChC,WAAO;KACL,SAAS,KAAK,WAAW;KACzB,UAAU,KAAK,YAAY,EAAE;KAC9B;WACK;AACN,WAAO;KAAE,SAAS;KAAG,UAAU,EAAE;KAAE;;;EAIvC,MAAc,sBAAsB,WAAmB,SAAuC;GAC5F,MAAM,OAAO,yBAAyB;AACtC,SAAM,MAAM,QAAQ,KAAK,EAAE,EAAE,WAAW,MAAM,CAAC;GAE/C,MAAM,OAAO,MAAM,KAAK,sBAAsB;AAC9C,QAAK,SAAS,aAAa;AAE3B,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,qBAAqB,WAAmB,SAAuC;AAC3F,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,OAAM,IAAI,MAAM,6DAA6D;GAEnH,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;AACvE,SAAM,MAAM,QAAQ,KAAK,EAAE,EAAE,WAAW,MAAM,CAAC;GAE/C,MAAM,OAAO,MAAM,KAAK,2BAA2B;AACnD,QAAK,SAAS,aAAa;AAE3B,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,wBAAwB,WAAkC;GACtE,MAAM,OAAO,yBAAyB;GACtC,MAAM,OAAO,MAAM,KAAK,sBAAsB;AAE9C,UAAO,KAAK,SAAS;AAErB,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;EAG5D,MAAc,uBAAuB,WAAkC;AACrE,OAAI,CAAC,KAAK,WAAW,CAAC,KAAK,UAAW,OAAM,IAAI,MAAM,6DAA6D;GAEnH,MAAM,OAAO,6BAA6B,KAAK,WAAW,KAAK,QAAQ;GACvE,MAAM,OAAO,MAAM,KAAK,2BAA2B;AAEnD,UAAO,KAAK,SAAS;AAErB,SAAM,gBAAgB,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC"}

package/dist/src/auth/oauth/types.d.ts CHANGED Viewed

@@ -19,11 +19,27 @@ export type OAuthAuthInfo = {
     url: string;
     instructions?: string;
 };
+export type OAuthDeviceCodeInfo = {
+    userCode: string;
+    verificationUri: string;
+    intervalSeconds?: number;
+    expiresInSeconds?: number;
+};
+export type OAuthSelectOption = {
+    id: string;
+    label: string;
+};
+export type OAuthSelectPrompt = {
+    message: string;
+    options: OAuthSelectOption[];
+};
 export interface OAuthLoginCallbacks {
     onAuth: (info: OAuthAuthInfo) => void;
+    onDeviceCode: (info: OAuthDeviceCodeInfo) => void;
     onPrompt: (prompt: OAuthPrompt) => Promise<string>;
     onProgress?: (message: string) => void;
     onManualCodeInput?: () => Promise<string>;
+    onSelect: (prompt: OAuthSelectPrompt) => Promise<string | undefined>;
     signal?: AbortSignal;
 }
 export interface OAuthProviderInterface {

package/dist/src/cli/commands/auth.js CHANGED Viewed

@@ -86,12 +86,18 @@ function createAuthCommand(_ctx) {
 				if (info.instructions) console.log("\n" + info.instructions);
 				console.log("\n");
 			},
+			onDeviceCode: (info) => {
+				console.log(`\nOpen ${info.verificationUri} and enter code ${info.userCode}\n`);
+			},
 			onPrompt: async (prompt) => {
 				const { input } = await import("@inquirer/prompts");
 				return input({ message: prompt.message });
 			},
 			onProgress: (message) => {
 				log.info(message);
+			},
+			onSelect: async (prompt) => {
+				return prompt.options.find((option) => option.id === "browser")?.id ?? prompt.options[0]?.id;
 			}
 		};
 		try {

package/dist/src/cli/commands/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","names":[],"sources":["../../../../src/cli/commands/auth.ts"],"sourcesContent":["/*\n Auth Command\n * \n * Manage authentication credentials (API keys, OAuth tokens, Auth Profiles).\n /\n\nimport { Command } from 'commander';\nimport { type OAuthLoginCallbacks } from '../../auth/index.js';\nimport {\n\tlistProfilesForProvider,\n\tlistAllProfiles,\n\tupsertAuthProfile,\n\tremoveAuthProfile,\n\ttype AuthProfileCredential,\n} from '../../auth/profiles/index.js';\nimport { getAllProviders } from '../../providers/index.js';\nimport { createLogger } from '../../utils/logger.js';\nimport { register, formatExamples, type CLIContext } from '../registry.js';\nimport { colors, colorizeStatus } from '../utils/colors.js';\nimport { getOAuthProvider, getSupportedOAuthProviders } from '../utils/oauth-providers.js';\n\nconst log = createLogger('AuthCommand');\n\nfunction createAuthCommand(_ctx: CLIContext): Command {\n\tconst cmd = new Command('auth')\n\t\t.description('Manage authentication credentials')\n\t\t.addHelpText(\n\t\t\t'after',\n\t\t\tformatExamples([\n\t\t\t\t'xopc auth list',\n\t\t\t\t'xopc auth set openai sk-xxx',\n\t\t\t\t'xopc auth set anthropic sk-ant-api-xxx',\n\t\t\t\t'xopc auth login anthropic',\n\t\t\t\t'xopc auth login kimi-coding',\n\t\t\t\t'xopc auth logout anthropic',\n\t\t\t\t'xopc auth remove anthropic',\n\t\t\t\t'xopc auth profiles list',\n\t\t\t])\n\t\t);\n\n\t// List command - shows auth profiles\n\tcmd\n\t\t.command('list')\n\t\t.description('List all configured authentication credentials')\n\t\t.action(() => {\n\t\t\tlistAuthProfiles();\n\t\t});\n\n\t// Set command\n\tcmd\n\t\t.command('set <provider> <key>')\n\t\t.description('Set API key for a provider')\n\t\t.option('-p, --profile <profileId>', 'Profile ID (default: provider:default)')\n\t\t.action((provider: string, key: string, options: { profile?: string }) => {\n\t\t\tconst profileId = options.profile \|\| `${provider}:default`;\n\t\t\t\n\t\t\tconst credential: AuthProfileCredential = {\n\t\t\t\ttype: 'api_key',\n\t\t\t\tprovider,\n\t\t\t\tkey,\n\t\t\t};\n\t\t\t\n\t\t\tupsertAuthProfile({ profileId, credential });\n\t\t\tlog.info(`API key set for ${provider} (profile: ${profileId})`);\n\t\t});\n\n\t// Get command\n\tcmd\n\t\t.command('get <provider>')\n\t\t.description('Get API key for a provider (shows masked)')\n\t\t.option('-p, --profile <profileId>', 'Profile ID')\n\t\t.action(async (provider: string, _options: { profile?: string }) => {\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\t\n\t\t\tif (profiles.length === 0) {\n\t\t\t\tlog.error(`No credentials found for provider: ${provider}`);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tconst _masked = '***';\n\t\t\t\tconst status = colorizeStatus(profile.hasKey);\n\t\t\t\tconsole.log(`\\nProvider: ${provider}`);\n\t\t\t\tconsole.log(`Profile: ${profile.profileId}`);\n\t\t\t\tconsole.log(`Type: ${profile.type}`);\n\t\t\t\tconsole.log(`Status: ${status} ${profile.hasKey ? 'Configured' : 'Missing'}`);\n\t\t\t\tif (profile.expires) {\n\t\t\t\t\tconst expDate = new Date(profile.expires);\n\t\t\t\t\tconsole.log(`Expires: ${expDate.toLocaleString()}`);\n\t\t\t\t}\n\t\t\t\tconsole.log('');\n\t\t\t}\n\t\t});\n\n\t// Remove command\n\tcmd\n\t\t.command('remove <provider>')\n\t\t.description('Remove authentication for a provider')\n\t\t.option('-p, --profile <profileId>', 'Profile ID to remove')\n\t\t.action((provider: string, options: { profile?: string }) => {\n\t\t\tif (options.profile) {\n\t\t\t\tconst removed = removeAuthProfile(options.profile);\n\t\t\t\tif (removed) {\n\t\t\t\t\tlog.info(`Profile removed: ${options.profile}`);\n\t\t\t\t} else {\n\t\t\t\t\tlog.warn(`Profile not found: ${options.profile}`);\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\t// Remove all profiles for provider\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\tlog.info(`All profiles removed for provider: ${provider}`);\n\t\t});\n\n\t// Login command (OAuth)\n\tcmd\n\t\t.command('login <provider>')\n\t\t.description('Login to a provider using OAuth')\n\t\t.option('-p, --profile <profileId>', 'Profile ID (default: provider:default)')\n\t\t.action(async (provider: string, options: { profile?: string }) => {\n\t\t\tconst oauthConfig = getOAuthProvider(provider);\n\t\t\t\n\t\t\tif (!oauthConfig) {\n\t\t\t\tlog.error(`OAuth not supported for provider: ${provider}`);\n\t\t\t\tlog.info(`Supported OAuth providers: ${getSupportedOAuthProviders().join(', ')}`);\n\t\t\t\tlog.info('Alternatively, set an API key: xopc auth set <provider> <key>');\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\n\t\t\tlog.info(`Starting ${oauthConfig.displayName} OAuth login...`);\n\t\t\t\n\t\t\tconst callbacks: OAuthLoginCallbacks = {\n\t\t\t\tonAuth: (info) => {\n\t\t\t\t\tconsole.log('\\n' + oauthConfig.urlPrompt);\n\t\t\t\t\tconsole.log(info.url);\n\t\t\t\t\tif (info.instructions) {\n\t\t\t\t\t\tconsole.log('\\n' + info.instructions);\n\t\t\t\t\t}\n\t\t\t\t\tconsole.log('\\n');\n\t\t\t\t},\n\t\t\t\tonPrompt: async (prompt) => {\n\t\t\t\t\tconst { input } = await import('@inquirer/prompts');\n\t\t\t\t\treturn input({ message: prompt.message });\n\t\t\t\t},\n\t\t\t\tonProgress: (message) => {\n\t\t\t\t\tlog.info(message);\n\t\t\t\t},\n\t\t\t};\n\n\t\t\ttry {\n\t\t\t\tconst creds = await oauthConfig.provider.login(callbacks);\n\t\t\t\tconst profileId = options.profile \|\| oauthConfig.profileId;\n\t\t\t\tupsertAuthProfile({\n\t\t\t\t\tprofileId,\n\t\t\t\t\tcredential: {\n\t\t\t\t\t\ttype: 'oauth',\n\t\t\t\t\t\tprovider,\n\t\t\t\t\t\t...creds,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tlog.info(`✅ OAuth login successful! Profile: ${profileId}`);\n\t\t\t} catch (error) {\n\t\t\t\tlog.error(`OAuth login failed: ${error}`);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t});\n\n\t// Logout command\n\tcmd\n\t\t.command('logout <provider>')\n\t\t.description('Logout from a provider (remove credentials)')\n\t\t.option('-p, --profile <profileId>', 'Profile ID to remove')\n\t\t.action((provider: string, options: { profile?: string }) => {\n\t\t\tif (options.profile) {\n\t\t\t\tconst removed = removeAuthProfile(options.profile);\n\t\t\t\tif (removed) {\n\t\t\t\t\tlog.info(`Logged out: ${options.profile}`);\n\t\t\t\t} else {\n\t\t\t\t\tlog.warn(`Profile not found: ${options.profile}`);\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\t// Remove all profiles for provider\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\tif (profiles.length === 0) {\n\t\t\t\tlog.warn(`No profiles found for provider: ${provider}`);\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\tlog.info(`Logged out from provider: ${provider}`);\n\t\t});\n\n\t// Profiles subcommand\n\tconst profilesCmd = cmd\n\t\t.command('profiles')\n\t\t.description('Manage auth profiles');\n\n\tprofilesCmd\n\t\t.command('list')\n\t\t.description('List all auth profiles')\n\t\t.action(() => {\n\t\t\tlistAuthProfiles();\n\t\t});\n\n\tprofilesCmd\n\t\t.command('add')\n\t\t.description('Add a new auth profile')\n\t\t.requiredOption('-p, --profile <profileId>', 'Profile ID (e.g., openai:work)')\n\t\t.requiredOption('-t, --type <type>', 'Credential type (api_key, token, oauth)')\n\t\t.option('-k, --key <key>', 'API key (for api_key type)')\n\t\t.option('-e, --email <email>', 'Email associated with the credential')\n\t\t.action((options) => {\n\t\t\tconst { profile, type, key, email } = options;\n\t\t\t\n\t\t\tlet credential: AuthProfileCredential;\n\t\t\t\n\t\t\tif (type === 'api_key') {\n\t\t\t\tif (!key) {\n\t\t\t\t\tlog.error('API key required for api_key type');\n\t\t\t\t\tprocess.exit(1);\n\t\t\t\t}\n\t\t\t\tcredential = { type: 'api_key', provider: profile.split(':')[0], key, email };\n\t\t\t} else if (type === 'token') {\n\t\t\t\tif (!key) {\n\t\t\t\t\tlog.error('Token required for token type');\n\t\t\t\t\tprocess.exit(1);\n\t\t\t\t}\n\t\t\t\tcredential = { type: 'token', provider: profile.split(':')[0], token: key, email };\n\t\t\t} else {\n\t\t\t\tlog.error('OAuth credentials must be added via \"xopc auth login\"');\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t\t\n\t\t\tupsertAuthProfile({ profileId: profile, credential });\n\t\t\tlog.info(`Profile added: ${profile}`);\n\t\t});\n\n\t// Clear command\n\tcmd\n\t\t.command('clear')\n\t\t.description('Clear all authentication credentials')\n\t\t.action(() => {\n\t\t\tconst profiles = listAllProfiles();\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\t\n\t\t\tlog.info('All authentication credentials cleared.');\n\t\t});\n\n\t// Providers command - show supported providers\n\tcmd\n\t\t.command('providers')\n\t\t.description('List supported providers and their auth methods')\n\t\t.action(() => {\n\t\t\tconsole.log('\\nSupported providers:\\n');\n\t\t\t\n\t\t\t// Built-in providers from pi-ai\n\t\t\tconst providers = getAllProviders();\n\t\t\t\n\t\t\tfor (const id of providers) {\n\t\t\t\tconsole.log(` ${id}`);\n\t\t\t}\n\t\t\t\n\t\t\tconsole.log('\\nSet API key: xopc auth set <provider> <key>');\n\t\t\tconsole.log('Environment variables: PROVIDER_API_KEY\\n');\n\t\t});\n\n\treturn cmd;\n}\n\nfunction listAuthProfiles(): void {\n\tconst profiles = listAllProfiles();\n\t\n\tif (profiles.length === 0) {\n\t\tlog.info('No auth profiles configured.');\n\t\tlog.info('Set an API key: xopc auth set <provider> <key>');\n\t\tlog.info('Or login with OAuth: xopc auth login <provider>');\n\t\treturn;\n\t}\n\n\tconsole.log('\\nAuth profiles:\\n');\n\tfor (const profile of profiles) {\n\t\tconst typeColor = profile.type === 'oauth' ? colors.yellow :\n\t\t\tprofile.type === 'token' ? colors.cyan : colors.blue;\n\t\tconst status = colorizeStatus(profile.hasKey);\n\t\t\n\t\tconsole.log(` ${profile.profileId}`);\n\t\tconsole.log(` Type: ${typeColor(profile.type)}`);\n\t\tconsole.log(` Status: ${status} ${profile.hasKey ? 'Configured' : 'Missing'}`);\n\t\tif (profile.email) {\n\t\t\tconsole.log(` Email: ${profile.email}`);\n\t\t}\n\t\tif (profile.expires) {\n\t\t\tconst expDate = new Date(profile.expires);\n\t\t\tconst isExpired = Date.now() >= profile.expires;\n\t\t\tconsole.log(` Expires: ${isExpired ? colors.red('') : ''}${expDate.toLocaleString()}`);\n\t\t}\n\t\tconsole.log('');\n\t}\n}\n\n// Register the command\nregister({\n\tid: 'auth',\n\tname: 'auth',\n\tdescription: 'Manage authentication credentials',\n\tfactory: createAuthCommand,\n\tmetadata: { \n\t\tcategory: 'setup',\n\t\texamples: [\n\t\t\t'xopc auth list',\n\t\t\t'xopc auth providers',\n\t\t\t'xopc auth set openai sk-xxx',\n\t\t\t'xopc auth login anthropic',\n\t\t\t'xopc auth login kimi-coding',\n\t\t\t'xopc auth profiles list',\n\t\t],\n\t},\n});\n"],"mappings":";;;;;;;;;;;;;;gBAe2D;aACN;AAKrD,MAAM,MAAM,aAAa,cAAc;AAEvC,SAAS,kBAAkB,MAA2B;CACrD,MAAM,MAAM,IAAI,QAAQ,OAAO,CAC7B,YAAY,oCAAoC,CAChD,YACA,SACA,eAAe;EACd;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,CAAC,CACF;AAGF,KACE,QAAQ,OAAO,CACf,YAAY,iDAAiD,CAC7D,aAAa;AACb,oBAAkB;GACjB;AAGH,KACE,QAAQ,uBAAuB,CAC/B,YAAY,6BAA6B,CACzC,OAAO,6BAA6B,yCAAyC,CAC7E,QAAQ,UAAkB,KAAa,YAAkC;EACzE,MAAM,YAAY,QAAQ,WAAW,GAAG,SAAS;AAQjD,oBAAkB;GAAE;GAAW,YAAA;IAL9B,MAAM;IACN;IACA;IAGwC;GAAE,CAAC;AAC5C,MAAI,KAAK,mBAAmB,SAAS,aAAa,UAAU,GAAG;GAC9D;AAGH,KACE,QAAQ,iBAAiB,CACzB,YAAY,4CAA4C,CACxD,OAAO,6BAA6B,aAAa,CACjD,OAAO,OAAO,UAAkB,aAAmC;EACnE,MAAM,WAAW,wBAAwB,SAAS;AAElD,MAAI,SAAS,WAAW,GAAG;AAC1B,OAAI,MAAM,sCAAsC,WAAW;AAC3D,WAAQ,KAAK,EAAE;;AAGhB,OAAK,MAAM,WAAW,UAAU;GAE/B,MAAM,SAAS,eAAe,QAAQ,OAAO;AAC7C,WAAQ,IAAI,eAAe,WAAW;AACtC,WAAQ,IAAI,YAAY,QAAQ,YAAY;AAC5C,WAAQ,IAAI,SAAS,QAAQ,OAAO;AACpC,WAAQ,IAAI,WAAW,OAAO,GAAG,QAAQ,SAAS,eAAe,YAAY;AAC7E,OAAI,QAAQ,SAAS;IACpB,MAAM,UAAU,IAAI,KAAK,QAAQ,QAAQ;AACzC,YAAQ,IAAI,YAAY,QAAQ,gBAAgB,GAAG;;AAEpD,WAAQ,IAAI,GAAG;;GAEf;AAGH,KACE,QAAQ,oBAAoB,CAC5B,YAAY,uCAAuC,CACnD,OAAO,6BAA6B,uBAAuB,CAC3D,QAAQ,UAAkB,YAAkC;AAC5D,MAAI,QAAQ,SAAS;AAEpB,OADgB,kBAAkB,QAAQ,QAC/B,CACV,KAAI,KAAK,oBAAoB,QAAQ,UAAU;OAE/C,KAAI,KAAK,sBAAsB,QAAQ,UAAU;AAElD;;EAID,MAAM,WAAW,wBAAwB,SAAS;AAClD,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAErC,MAAI,KAAK,sCAAsC,WAAW;GACzD;AAGH,KACE,QAAQ,mBAAmB,CAC3B,YAAY,kCAAkC,CAC9C,OAAO,6BAA6B,yCAAyC,CAC7E,OAAO,OAAO,UAAkB,YAAkC;EAClE,MAAM,cAAc,iBAAiB,SAAS;AAE9C,MAAI,CAAC,aAAa;AACjB,OAAI,MAAM,qCAAqC,WAAW;AAC1D,OAAI,KAAK,8BAA8B,4BAA4B,CAAC,KAAK,KAAK,GAAG;AACjF,OAAI,KAAK,gEAAgE;AACzE,WAAQ,KAAK,EAAE;;AAGhB,MAAI,KAAK,YAAY,YAAY,YAAY,iBAAiB;EAE9D,MAAM,YAAiC;GACtC,SAAS,SAAS;AACjB,YAAQ,IAAI,OAAO,YAAY,UAAU;AACzC,YAAQ,IAAI,KAAK,IAAI;AACrB,QAAI,KAAK,aACR,SAAQ,IAAI,OAAO,KAAK,aAAa;AAEtC,YAAQ,IAAI,KAAK;;GAElB,UAAU,OAAO,WAAW;IAC3B,MAAM,EAAE,UAAU,MAAM,OAAO;AAC/B,WAAO,MAAM,EAAE,SAAS,OAAO,SAAS,CAAC;;GAE1C,aAAa,YAAY;AACxB,QAAI,KAAK,QAAQ;;GAElB;AAED,MAAI;GACH,MAAM,QAAQ,MAAM,YAAY,SAAS,MAAM,UAAU;GACzD,MAAM,YAAY,QAAQ,WAAW,YAAY;AACjD,qBAAkB;IACjB;IACA,YAAY;KACX,MAAM;KACN;KACA,GAAG;KACH;IACD,CAAC;AACF,OAAI,KAAK,sCAAsC,YAAY;WACnD,OAAO;AACf,OAAI,MAAM,uBAAuB,QAAQ;AACzC,WAAQ,KAAK,EAAE;;GAEf;AAGH,KACE,QAAQ,oBAAoB,CAC5B,YAAY,8CAA8C,CAC1D,OAAO,6BAA6B,uBAAuB,CAC3D,QAAQ,UAAkB,YAAkC;AAC5D,MAAI,QAAQ,SAAS;AAEpB,OADgB,kBAAkB,QAAQ,QAC/B,CACV,KAAI,KAAK,eAAe,QAAQ,UAAU;OAE1C,KAAI,KAAK,sBAAsB,QAAQ,UAAU;AAElD;;EAID,MAAM,WAAW,wBAAwB,SAAS;AAClD,MAAI,SAAS,WAAW,GAAG;AAC1B,OAAI,KAAK,mCAAmC,WAAW;AACvD;;AAGD,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAErC,MAAI,KAAK,6BAA6B,WAAW;GAChD;CAGH,MAAM,cAAc,IAClB,QAAQ,WAAW,CACnB,YAAY,uBAAuB;AAErC,aACE,QAAQ,OAAO,CACf,YAAY,yBAAyB,CACrC,aAAa;AACb,oBAAkB;GACjB;AAEH,aACE,QAAQ,MAAM,CACd,YAAY,yBAAyB,CACrC,eAAe,6BAA6B,iCAAiC,CAC7E,eAAe,qBAAqB,0CAA0C,CAC9E,OAAO,mBAAmB,6BAA6B,CACvD,OAAO,uBAAuB,uCAAuC,CACrE,QAAQ,YAAY;EACpB,MAAM,EAAE,SAAS,MAAM,KAAK,UAAU;EAEtC,IAAI;AAEJ,MAAI,SAAS,WAAW;AACvB,OAAI,CAAC,KAAK;AACT,QAAI,MAAM,oCAAoC;AAC9C,YAAQ,KAAK,EAAE;;AAEhB,gBAAa;IAAE,MAAM;IAAW,UAAU,QAAQ,MAAM,IAAI,CAAC;IAAI;IAAK;IAAO;aACnE,SAAS,SAAS;AAC5B,OAAI,CAAC,KAAK;AACT,QAAI,MAAM,gCAAgC;AAC1C,YAAQ,KAAK,EAAE;;AAEhB,gBAAa;IAAE,MAAM;IAAS,UAAU,QAAQ,MAAM,IAAI,CAAC;IAAI,OAAO;IAAK;IAAO;SAC5E;AACN,OAAI,MAAM,0DAAwD;AAClE,WAAQ,KAAK,EAAE;;AAGhB,oBAAkB;GAAE,WAAW;GAAS;GAAY,CAAC;AACrD,MAAI,KAAK,kBAAkB,UAAU;GACpC;AAGH,KACE,QAAQ,QAAQ,CAChB,YAAY,uCAAuC,CACnD,aAAa;EACb,MAAM,WAAW,iBAAiB;AAClC,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAGrC,MAAI,KAAK,0CAA0C;GAClD;AAGH,KACE,QAAQ,YAAY,CACpB,YAAY,kDAAkD,CAC9D,aAAa;AACb,UAAQ,IAAI,2BAA2B;EAGvC,MAAM,YAAY,iBAAiB;AAEnC,OAAK,MAAM,MAAM,UAChB,SAAQ,IAAI,KAAK,KAAK;AAGvB,UAAQ,IAAI,gDAAgD;AAC5D,UAAQ,IAAI,4CAA4C;GACvD;AAEH,QAAO;;AAGR,SAAS,mBAAyB;CACjC,MAAM,WAAW,iBAAiB;AAElC,KAAI,SAAS,WAAW,GAAG;AAC1B,MAAI,KAAK,+BAA+B;AACxC,MAAI,KAAK,iDAAiD;AAC1D,MAAI,KAAK,kDAAkD;AAC3D;;AAGD,SAAQ,IAAI,qBAAqB;AACjC,MAAK,MAAM,WAAW,UAAU;EAC/B,MAAM,YAAY,QAAQ,SAAS,UAAU,OAAO,SACnD,QAAQ,SAAS,UAAU,OAAO,OAAO,OAAO;EACjD,MAAM,SAAS,eAAe,QAAQ,OAAO;AAE7C,UAAQ,IAAI,KAAK,QAAQ,YAAY;AACrC,UAAQ,IAAI,aAAa,UAAU,QAAQ,KAAK,GAAG;AACnD,UAAQ,IAAI,eAAe,OAAO,GAAG,QAAQ,SAAS,eAAe,YAAY;AACjF,MAAI,QAAQ,MACX,SAAQ,IAAI,cAAc,QAAQ,QAAQ;AAE3C,MAAI,QAAQ,SAAS;GACpB,MAAM,UAAU,IAAI,KAAK,QAAQ,QAAQ;GACzC,MAAM,YAAY,KAAK,KAAK,IAAI,QAAQ;AACxC,WAAQ,IAAI,gBAAgB,YAAY,OAAO,IAAI,GAAG,GAAG,KAAK,QAAQ,gBAAgB,GAAG;;AAE1F,UAAQ,IAAI,GAAG;;;AAKjB,SAAS;CACR,IAAI;CACJ,MAAM;CACN,aAAa;CACb,SAAS;CACT,UAAU;EACT,UAAU;EACV,UAAU;GACT;GACA;GACA;GACA;GACA;GACA;GACA;EACD;CACD,CAAC"}
1	+ {"version":3,"file":"auth.js","names":[],"sources":["../../../../src/cli/commands/auth.ts"],"sourcesContent":["/*\n Auth Command\n * \n * Manage authentication credentials (API keys, OAuth tokens, Auth Profiles).\n /\n\nimport { Command } from 'commander';\nimport { type OAuthLoginCallbacks } from '../../auth/index.js';\nimport {\n\tlistProfilesForProvider,\n\tlistAllProfiles,\n\tupsertAuthProfile,\n\tremoveAuthProfile,\n\ttype AuthProfileCredential,\n} from '../../auth/profiles/index.js';\nimport { getAllProviders } from '../../providers/index.js';\nimport { createLogger } from '../../utils/logger.js';\nimport { register, formatExamples, type CLIContext } from '../registry.js';\nimport { colors, colorizeStatus } from '../utils/colors.js';\nimport { getOAuthProvider, getSupportedOAuthProviders } from '../utils/oauth-providers.js';\n\nconst log = createLogger('AuthCommand');\n\nfunction createAuthCommand(_ctx: CLIContext): Command {\n\tconst cmd = new Command('auth')\n\t\t.description('Manage authentication credentials')\n\t\t.addHelpText(\n\t\t\t'after',\n\t\t\tformatExamples([\n\t\t\t\t'xopc auth list',\n\t\t\t\t'xopc auth set openai sk-xxx',\n\t\t\t\t'xopc auth set anthropic sk-ant-api-xxx',\n\t\t\t\t'xopc auth login anthropic',\n\t\t\t\t'xopc auth login kimi-coding',\n\t\t\t\t'xopc auth logout anthropic',\n\t\t\t\t'xopc auth remove anthropic',\n\t\t\t\t'xopc auth profiles list',\n\t\t\t])\n\t\t);\n\n\t// List command - shows auth profiles\n\tcmd\n\t\t.command('list')\n\t\t.description('List all configured authentication credentials')\n\t\t.action(() => {\n\t\t\tlistAuthProfiles();\n\t\t});\n\n\t// Set command\n\tcmd\n\t\t.command('set <provider> <key>')\n\t\t.description('Set API key for a provider')\n\t\t.option('-p, --profile <profileId>', 'Profile ID (default: provider:default)')\n\t\t.action((provider: string, key: string, options: { profile?: string }) => {\n\t\t\tconst profileId = options.profile \|\| `${provider}:default`;\n\t\t\t\n\t\t\tconst credential: AuthProfileCredential = {\n\t\t\t\ttype: 'api_key',\n\t\t\t\tprovider,\n\t\t\t\tkey,\n\t\t\t};\n\t\t\t\n\t\t\tupsertAuthProfile({ profileId, credential });\n\t\t\tlog.info(`API key set for ${provider} (profile: ${profileId})`);\n\t\t});\n\n\t// Get command\n\tcmd\n\t\t.command('get <provider>')\n\t\t.description('Get API key for a provider (shows masked)')\n\t\t.option('-p, --profile <profileId>', 'Profile ID')\n\t\t.action(async (provider: string, _options: { profile?: string }) => {\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\t\n\t\t\tif (profiles.length === 0) {\n\t\t\t\tlog.error(`No credentials found for provider: ${provider}`);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tconst _masked = '***';\n\t\t\t\tconst status = colorizeStatus(profile.hasKey);\n\t\t\t\tconsole.log(`\\nProvider: ${provider}`);\n\t\t\t\tconsole.log(`Profile: ${profile.profileId}`);\n\t\t\t\tconsole.log(`Type: ${profile.type}`);\n\t\t\t\tconsole.log(`Status: ${status} ${profile.hasKey ? 'Configured' : 'Missing'}`);\n\t\t\t\tif (profile.expires) {\n\t\t\t\t\tconst expDate = new Date(profile.expires);\n\t\t\t\t\tconsole.log(`Expires: ${expDate.toLocaleString()}`);\n\t\t\t\t}\n\t\t\t\tconsole.log('');\n\t\t\t}\n\t\t});\n\n\t// Remove command\n\tcmd\n\t\t.command('remove <provider>')\n\t\t.description('Remove authentication for a provider')\n\t\t.option('-p, --profile <profileId>', 'Profile ID to remove')\n\t\t.action((provider: string, options: { profile?: string }) => {\n\t\t\tif (options.profile) {\n\t\t\t\tconst removed = removeAuthProfile(options.profile);\n\t\t\t\tif (removed) {\n\t\t\t\t\tlog.info(`Profile removed: ${options.profile}`);\n\t\t\t\t} else {\n\t\t\t\t\tlog.warn(`Profile not found: ${options.profile}`);\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\t// Remove all profiles for provider\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\tlog.info(`All profiles removed for provider: ${provider}`);\n\t\t});\n\n\t// Login command (OAuth)\n\tcmd\n\t\t.command('login <provider>')\n\t\t.description('Login to a provider using OAuth')\n\t\t.option('-p, --profile <profileId>', 'Profile ID (default: provider:default)')\n\t\t.action(async (provider: string, options: { profile?: string }) => {\n\t\t\tconst oauthConfig = getOAuthProvider(provider);\n\t\t\t\n\t\t\tif (!oauthConfig) {\n\t\t\t\tlog.error(`OAuth not supported for provider: ${provider}`);\n\t\t\t\tlog.info(`Supported OAuth providers: ${getSupportedOAuthProviders().join(', ')}`);\n\t\t\t\tlog.info('Alternatively, set an API key: xopc auth set <provider> <key>');\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\n\t\t\tlog.info(`Starting ${oauthConfig.displayName} OAuth login...`);\n\t\t\t\n\t\t\tconst callbacks: OAuthLoginCallbacks = {\n\t\t\t\tonAuth: (info) => {\n\t\t\t\t\tconsole.log('\\n' + oauthConfig.urlPrompt);\n\t\t\t\t\tconsole.log(info.url);\n\t\t\t\t\tif (info.instructions) {\n\t\t\t\t\t\tconsole.log('\\n' + info.instructions);\n\t\t\t\t\t}\n\t\t\t\t\tconsole.log('\\n');\n\t\t\t\t},\n\t\t\t\tonDeviceCode: (info) => {\n\t\t\t\t\tconsole.log(`\\nOpen ${info.verificationUri} and enter code ${info.userCode}\\n`);\n\t\t\t\t},\n\t\t\t\tonPrompt: async (prompt) => {\n\t\t\t\t\tconst { input } = await import('@inquirer/prompts');\n\t\t\t\t\treturn input({ message: prompt.message });\n\t\t\t\t},\n\t\t\t\tonProgress: (message) => {\n\t\t\t\t\tlog.info(message);\n\t\t\t\t},\n\t\t\t\tonSelect: async (prompt) => {\n\t\t\t\t\tconst browserOption = prompt.options.find((option) => option.id === 'browser');\n\t\t\t\t\treturn browserOption?.id ?? prompt.options[0]?.id;\n\t\t\t\t},\n\t\t\t};\n\n\t\t\ttry {\n\t\t\t\tconst creds = await oauthConfig.provider.login(callbacks);\n\t\t\t\tconst profileId = options.profile \|\| oauthConfig.profileId;\n\t\t\t\tupsertAuthProfile({\n\t\t\t\t\tprofileId,\n\t\t\t\t\tcredential: {\n\t\t\t\t\t\ttype: 'oauth',\n\t\t\t\t\t\tprovider,\n\t\t\t\t\t\t...creds,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tlog.info(`✅ OAuth login successful! Profile: ${profileId}`);\n\t\t\t} catch (error) {\n\t\t\t\tlog.error(`OAuth login failed: ${error}`);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t});\n\n\t// Logout command\n\tcmd\n\t\t.command('logout <provider>')\n\t\t.description('Logout from a provider (remove credentials)')\n\t\t.option('-p, --profile <profileId>', 'Profile ID to remove')\n\t\t.action((provider: string, options: { profile?: string }) => {\n\t\t\tif (options.profile) {\n\t\t\t\tconst removed = removeAuthProfile(options.profile);\n\t\t\t\tif (removed) {\n\t\t\t\t\tlog.info(`Logged out: ${options.profile}`);\n\t\t\t\t} else {\n\t\t\t\t\tlog.warn(`Profile not found: ${options.profile}`);\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\t// Remove all profiles for provider\n\t\t\tconst profiles = listProfilesForProvider(provider);\n\t\t\tif (profiles.length === 0) {\n\t\t\t\tlog.warn(`No profiles found for provider: ${provider}`);\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\tlog.info(`Logged out from provider: ${provider}`);\n\t\t});\n\n\t// Profiles subcommand\n\tconst profilesCmd = cmd\n\t\t.command('profiles')\n\t\t.description('Manage auth profiles');\n\n\tprofilesCmd\n\t\t.command('list')\n\t\t.description('List all auth profiles')\n\t\t.action(() => {\n\t\t\tlistAuthProfiles();\n\t\t});\n\n\tprofilesCmd\n\t\t.command('add')\n\t\t.description('Add a new auth profile')\n\t\t.requiredOption('-p, --profile <profileId>', 'Profile ID (e.g., openai:work)')\n\t\t.requiredOption('-t, --type <type>', 'Credential type (api_key, token, oauth)')\n\t\t.option('-k, --key <key>', 'API key (for api_key type)')\n\t\t.option('-e, --email <email>', 'Email associated with the credential')\n\t\t.action((options) => {\n\t\t\tconst { profile, type, key, email } = options;\n\t\t\t\n\t\t\tlet credential: AuthProfileCredential;\n\t\t\t\n\t\t\tif (type === 'api_key') {\n\t\t\t\tif (!key) {\n\t\t\t\t\tlog.error('API key required for api_key type');\n\t\t\t\t\tprocess.exit(1);\n\t\t\t\t}\n\t\t\t\tcredential = { type: 'api_key', provider: profile.split(':')[0], key, email };\n\t\t\t} else if (type === 'token') {\n\t\t\t\tif (!key) {\n\t\t\t\t\tlog.error('Token required for token type');\n\t\t\t\t\tprocess.exit(1);\n\t\t\t\t}\n\t\t\t\tcredential = { type: 'token', provider: profile.split(':')[0], token: key, email };\n\t\t\t} else {\n\t\t\t\tlog.error('OAuth credentials must be added via \"xopc auth login\"');\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t\t\n\t\t\tupsertAuthProfile({ profileId: profile, credential });\n\t\t\tlog.info(`Profile added: ${profile}`);\n\t\t});\n\n\t// Clear command\n\tcmd\n\t\t.command('clear')\n\t\t.description('Clear all authentication credentials')\n\t\t.action(() => {\n\t\t\tconst profiles = listAllProfiles();\n\t\t\tfor (const profile of profiles) {\n\t\t\t\tremoveAuthProfile(profile.profileId);\n\t\t\t}\n\t\t\t\n\t\t\tlog.info('All authentication credentials cleared.');\n\t\t});\n\n\t// Providers command - show supported providers\n\tcmd\n\t\t.command('providers')\n\t\t.description('List supported providers and their auth methods')\n\t\t.action(() => {\n\t\t\tconsole.log('\\nSupported providers:\\n');\n\t\t\t\n\t\t\t// Built-in providers from pi-ai\n\t\t\tconst providers = getAllProviders();\n\t\t\t\n\t\t\tfor (const id of providers) {\n\t\t\t\tconsole.log(` ${id}`);\n\t\t\t}\n\t\t\t\n\t\t\tconsole.log('\\nSet API key: xopc auth set <provider> <key>');\n\t\t\tconsole.log('Environment variables: PROVIDER_API_KEY\\n');\n\t\t});\n\n\treturn cmd;\n}\n\nfunction listAuthProfiles(): void {\n\tconst profiles = listAllProfiles();\n\t\n\tif (profiles.length === 0) {\n\t\tlog.info('No auth profiles configured.');\n\t\tlog.info('Set an API key: xopc auth set <provider> <key>');\n\t\tlog.info('Or login with OAuth: xopc auth login <provider>');\n\t\treturn;\n\t}\n\n\tconsole.log('\\nAuth profiles:\\n');\n\tfor (const profile of profiles) {\n\t\tconst typeColor = profile.type === 'oauth' ? colors.yellow :\n\t\t\tprofile.type === 'token' ? colors.cyan : colors.blue;\n\t\tconst status = colorizeStatus(profile.hasKey);\n\t\t\n\t\tconsole.log(` ${profile.profileId}`);\n\t\tconsole.log(` Type: ${typeColor(profile.type)}`);\n\t\tconsole.log(` Status: ${status} ${profile.hasKey ? 'Configured' : 'Missing'}`);\n\t\tif (profile.email) {\n\t\t\tconsole.log(` Email: ${profile.email}`);\n\t\t}\n\t\tif (profile.expires) {\n\t\t\tconst expDate = new Date(profile.expires);\n\t\t\tconst isExpired = Date.now() >= profile.expires;\n\t\t\tconsole.log(` Expires: ${isExpired ? colors.red('') : ''}${expDate.toLocaleString()}`);\n\t\t}\n\t\tconsole.log('');\n\t}\n}\n\n// Register the command\nregister({\n\tid: 'auth',\n\tname: 'auth',\n\tdescription: 'Manage authentication credentials',\n\tfactory: createAuthCommand,\n\tmetadata: { \n\t\tcategory: 'setup',\n\t\texamples: [\n\t\t\t'xopc auth list',\n\t\t\t'xopc auth providers',\n\t\t\t'xopc auth set openai sk-xxx',\n\t\t\t'xopc auth login anthropic',\n\t\t\t'xopc auth login kimi-coding',\n\t\t\t'xopc auth profiles list',\n\t\t],\n\t},\n});\n"],"mappings":";;;;;;;;;;;;;;gBAe2D;aACN;AAKrD,MAAM,MAAM,aAAa,cAAc;AAEvC,SAAS,kBAAkB,MAA2B;CACrD,MAAM,MAAM,IAAI,QAAQ,OAAO,CAC7B,YAAY,oCAAoC,CAChD,YACA,SACA,eAAe;EACd;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,CAAC,CACF;AAGF,KACE,QAAQ,OAAO,CACf,YAAY,iDAAiD,CAC7D,aAAa;AACb,oBAAkB;GACjB;AAGH,KACE,QAAQ,uBAAuB,CAC/B,YAAY,6BAA6B,CACzC,OAAO,6BAA6B,yCAAyC,CAC7E,QAAQ,UAAkB,KAAa,YAAkC;EACzE,MAAM,YAAY,QAAQ,WAAW,GAAG,SAAS;AAQjD,oBAAkB;GAAE;GAAW,YAAA;IAL9B,MAAM;IACN;IACA;IAGwC;GAAE,CAAC;AAC5C,MAAI,KAAK,mBAAmB,SAAS,aAAa,UAAU,GAAG;GAC9D;AAGH,KACE,QAAQ,iBAAiB,CACzB,YAAY,4CAA4C,CACxD,OAAO,6BAA6B,aAAa,CACjD,OAAO,OAAO,UAAkB,aAAmC;EACnE,MAAM,WAAW,wBAAwB,SAAS;AAElD,MAAI,SAAS,WAAW,GAAG;AAC1B,OAAI,MAAM,sCAAsC,WAAW;AAC3D,WAAQ,KAAK,EAAE;;AAGhB,OAAK,MAAM,WAAW,UAAU;GAE/B,MAAM,SAAS,eAAe,QAAQ,OAAO;AAC7C,WAAQ,IAAI,eAAe,WAAW;AACtC,WAAQ,IAAI,YAAY,QAAQ,YAAY;AAC5C,WAAQ,IAAI,SAAS,QAAQ,OAAO;AACpC,WAAQ,IAAI,WAAW,OAAO,GAAG,QAAQ,SAAS,eAAe,YAAY;AAC7E,OAAI,QAAQ,SAAS;IACpB,MAAM,UAAU,IAAI,KAAK,QAAQ,QAAQ;AACzC,YAAQ,IAAI,YAAY,QAAQ,gBAAgB,GAAG;;AAEpD,WAAQ,IAAI,GAAG;;GAEf;AAGH,KACE,QAAQ,oBAAoB,CAC5B,YAAY,uCAAuC,CACnD,OAAO,6BAA6B,uBAAuB,CAC3D,QAAQ,UAAkB,YAAkC;AAC5D,MAAI,QAAQ,SAAS;AAEpB,OADgB,kBAAkB,QAAQ,QAC/B,CACV,KAAI,KAAK,oBAAoB,QAAQ,UAAU;OAE/C,KAAI,KAAK,sBAAsB,QAAQ,UAAU;AAElD;;EAID,MAAM,WAAW,wBAAwB,SAAS;AAClD,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAErC,MAAI,KAAK,sCAAsC,WAAW;GACzD;AAGH,KACE,QAAQ,mBAAmB,CAC3B,YAAY,kCAAkC,CAC9C,OAAO,6BAA6B,yCAAyC,CAC7E,OAAO,OAAO,UAAkB,YAAkC;EAClE,MAAM,cAAc,iBAAiB,SAAS;AAE9C,MAAI,CAAC,aAAa;AACjB,OAAI,MAAM,qCAAqC,WAAW;AAC1D,OAAI,KAAK,8BAA8B,4BAA4B,CAAC,KAAK,KAAK,GAAG;AACjF,OAAI,KAAK,gEAAgE;AACzE,WAAQ,KAAK,EAAE;;AAGhB,MAAI,KAAK,YAAY,YAAY,YAAY,iBAAiB;EAE9D,MAAM,YAAiC;GACtC,SAAS,SAAS;AACjB,YAAQ,IAAI,OAAO,YAAY,UAAU;AACzC,YAAQ,IAAI,KAAK,IAAI;AACrB,QAAI,KAAK,aACR,SAAQ,IAAI,OAAO,KAAK,aAAa;AAEtC,YAAQ,IAAI,KAAK;;GAElB,eAAe,SAAS;AACvB,YAAQ,IAAI,UAAU,KAAK,gBAAgB,kBAAkB,KAAK,SAAS,IAAI;;GAEhF,UAAU,OAAO,WAAW;IAC3B,MAAM,EAAE,UAAU,MAAM,OAAO;AAC/B,WAAO,MAAM,EAAE,SAAS,OAAO,SAAS,CAAC;;GAE1C,aAAa,YAAY;AACxB,QAAI,KAAK,QAAQ;;GAElB,UAAU,OAAO,WAAW;AAE3B,WADsB,OAAO,QAAQ,MAAM,WAAW,OAAO,OAAO,UAChD,EAAE,MAAM,OAAO,QAAQ,IAAI;;GAEhD;AAED,MAAI;GACH,MAAM,QAAQ,MAAM,YAAY,SAAS,MAAM,UAAU;GACzD,MAAM,YAAY,QAAQ,WAAW,YAAY;AACjD,qBAAkB;IACjB;IACA,YAAY;KACX,MAAM;KACN;KACA,GAAG;KACH;IACD,CAAC;AACF,OAAI,KAAK,sCAAsC,YAAY;WACnD,OAAO;AACf,OAAI,MAAM,uBAAuB,QAAQ;AACzC,WAAQ,KAAK,EAAE;;GAEf;AAGH,KACE,QAAQ,oBAAoB,CAC5B,YAAY,8CAA8C,CAC1D,OAAO,6BAA6B,uBAAuB,CAC3D,QAAQ,UAAkB,YAAkC;AAC5D,MAAI,QAAQ,SAAS;AAEpB,OADgB,kBAAkB,QAAQ,QAC/B,CACV,KAAI,KAAK,eAAe,QAAQ,UAAU;OAE1C,KAAI,KAAK,sBAAsB,QAAQ,UAAU;AAElD;;EAID,MAAM,WAAW,wBAAwB,SAAS;AAClD,MAAI,SAAS,WAAW,GAAG;AAC1B,OAAI,KAAK,mCAAmC,WAAW;AACvD;;AAGD,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAErC,MAAI,KAAK,6BAA6B,WAAW;GAChD;CAGH,MAAM,cAAc,IAClB,QAAQ,WAAW,CACnB,YAAY,uBAAuB;AAErC,aACE,QAAQ,OAAO,CACf,YAAY,yBAAyB,CACrC,aAAa;AACb,oBAAkB;GACjB;AAEH,aACE,QAAQ,MAAM,CACd,YAAY,yBAAyB,CACrC,eAAe,6BAA6B,iCAAiC,CAC7E,eAAe,qBAAqB,0CAA0C,CAC9E,OAAO,mBAAmB,6BAA6B,CACvD,OAAO,uBAAuB,uCAAuC,CACrE,QAAQ,YAAY;EACpB,MAAM,EAAE,SAAS,MAAM,KAAK,UAAU;EAEtC,IAAI;AAEJ,MAAI,SAAS,WAAW;AACvB,OAAI,CAAC,KAAK;AACT,QAAI,MAAM,oCAAoC;AAC9C,YAAQ,KAAK,EAAE;;AAEhB,gBAAa;IAAE,MAAM;IAAW,UAAU,QAAQ,MAAM,IAAI,CAAC;IAAI;IAAK;IAAO;aACnE,SAAS,SAAS;AAC5B,OAAI,CAAC,KAAK;AACT,QAAI,MAAM,gCAAgC;AAC1C,YAAQ,KAAK,EAAE;;AAEhB,gBAAa;IAAE,MAAM;IAAS,UAAU,QAAQ,MAAM,IAAI,CAAC;IAAI,OAAO;IAAK;IAAO;SAC5E;AACN,OAAI,MAAM,0DAAwD;AAClE,WAAQ,KAAK,EAAE;;AAGhB,oBAAkB;GAAE,WAAW;GAAS;GAAY,CAAC;AACrD,MAAI,KAAK,kBAAkB,UAAU;GACpC;AAGH,KACE,QAAQ,QAAQ,CAChB,YAAY,uCAAuC,CACnD,aAAa;EACb,MAAM,WAAW,iBAAiB;AAClC,OAAK,MAAM,WAAW,SACrB,mBAAkB,QAAQ,UAAU;AAGrC,MAAI,KAAK,0CAA0C;GAClD;AAGH,KACE,QAAQ,YAAY,CACpB,YAAY,kDAAkD,CAC9D,aAAa;AACb,UAAQ,IAAI,2BAA2B;EAGvC,MAAM,YAAY,iBAAiB;AAEnC,OAAK,MAAM,MAAM,UAChB,SAAQ,IAAI,KAAK,KAAK;AAGvB,UAAQ,IAAI,gDAAgD;AAC5D,UAAQ,IAAI,4CAA4C;GACvD;AAEH,QAAO;;AAGR,SAAS,mBAAyB;CACjC,MAAM,WAAW,iBAAiB;AAElC,KAAI,SAAS,WAAW,GAAG;AAC1B,MAAI,KAAK,+BAA+B;AACxC,MAAI,KAAK,iDAAiD;AAC1D,MAAI,KAAK,kDAAkD;AAC3D;;AAGD,SAAQ,IAAI,qBAAqB;AACjC,MAAK,MAAM,WAAW,UAAU;EAC/B,MAAM,YAAY,QAAQ,SAAS,UAAU,OAAO,SACnD,QAAQ,SAAS,UAAU,OAAO,OAAO,OAAO;EACjD,MAAM,SAAS,eAAe,QAAQ,OAAO;AAE7C,UAAQ,IAAI,KAAK,QAAQ,YAAY;AACrC,UAAQ,IAAI,aAAa,UAAU,QAAQ,KAAK,GAAG;AACnD,UAAQ,IAAI,eAAe,OAAO,GAAG,QAAQ,SAAS,eAAe,YAAY;AACjF,MAAI,QAAQ,MACX,SAAQ,IAAI,cAAc,QAAQ,QAAQ;AAE3C,MAAI,QAAQ,SAAS;GACpB,MAAM,UAAU,IAAI,KAAK,QAAQ,QAAQ;GACzC,MAAM,YAAY,KAAK,KAAK,IAAI,QAAQ;AACxC,WAAQ,IAAI,gBAAgB,YAAY,OAAO,IAAI,GAAG,GAAG,KAAK,QAAQ,gBAAgB,GAAG;;AAE1F,UAAQ,IAAI,GAAG;;;AAKjB,SAAS;CACR,IAAI;CACJ,MAAM;CACN,aAAa;CACb,SAAS;CACT,UAAU;EACT,UAAU;EACV,UAAU;GACT;GACA;GACA;GACA;GACA;GACA;GACA;EACD;CACD,CAAC"}

package/dist/src/cli/commands/gateway/lifecycle.js CHANGED Viewed

@@ -1,8 +1,8 @@
 import { init_paths, resolveConfigPath } from "../../../config/paths.js";
 import { loadConfig } from "../../../config/loader.js";
 import "../../../config/index.js";
-import { isRestartEnabled } from "../../../config/commands.flags.js";
 import { resolveGatewayService } from "../../../daemon/service.js";
+import { isRestartEnabled } from "../../../config/commands.flags.js";
 import { authorizeGatewaySigusr1Restart, writeGatewayRestartIntentSync } from "../../../infra/restart.js";
 import { findVerifiedGatewayListenerPidsOnPortSync, formatGatewayPidList, signalVerifiedGatewayPidSync } from "../../../infra/gateway-processes.js";
 import { runServiceRestart, runServiceStop } from "./lifecycle-core.js";

package/dist/src/cli/commands/onboard/model.js CHANGED Viewed

@@ -38,11 +38,17 @@ async function doOAuthLogin(provider) {
 			if (info.instructions) console.log("\n" + info.instructions);
 			console.log("\n");
 		},
+		onDeviceCode: (info) => {
+			console.log(`\nOpen ${info.verificationUri} and enter code ${info.userCode}\n`);
+		},
 		onPrompt: async (prompt) => {
 			return input({ message: prompt.message });
 		},
 		onProgress: (message) => {
 			console.log(" →", message);
+		},
+		onSelect: async (prompt) => {
+			return prompt.options.find((option) => option.id === "browser")?.id ?? prompt.options[0]?.id;
 		}
 	};
 	try {

package/dist/src/cli/commands/onboard/model.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"model.js","names":[],"sources":["../../../../../src/cli/commands/onboard/model.ts"],"sourcesContent":["/*\n Model Configuration for Onboarding\n /\n\nimport { input, select, confirm } from '@inquirer/prompts';\nimport type { Config } from '../../../config/schema.js';\nimport type { CLIContext } from '../../registry.js';\nimport { colors } from '../../utils/colors.js';\nimport {\n getModelsByProvider,\n getSortedProviders,\n getProviderDisplayName,\n providerSupportsOAuth,\n providerSupportsApiKey,\n} from '../../../providers/index.js';\nimport { listProfilesForProvider } from '../../../auth/profiles/index.js';\nimport { upsertAuthProfile } from '../../../auth/profiles/index.js';\nimport { getOAuthProvider } from '../../utils/oauth-providers.js';\nimport type { OAuthLoginCallbacks } from '../../../auth/index.js';\nimport { CredentialResolver } from '../../../auth/credentials.js';\nimport { getApiKeyFromEnv } from '../../../providers/env-keys.js';\n\n/\n Get available models for a provider\n /\nasync function getModelsForProvider(provider: string): Promise<{ value: string; name: string }[]> {\n const models = getModelsByProvider(provider);\n return models.map((m) => ({\n value: `${m.provider}/${m.id}`,\n name: m.name \|\| m.id,\n }));\n}\n\n/\n Perform OAuth login for a provider\n /\nasync function doOAuthLogin(provider: string): Promise<boolean> {\n const config = getOAuthProvider(provider);\n if (!config) {\n console.error(`OAuth not supported for provider: ${provider}`);\n return false;\n }\n\n console.log(`\\n🔐 Starting ${config.displayName} OAuth login...`);\n\n const callbacks: OAuthLoginCallbacks = {\n onAuth: (info) => {\n console.log(`\\n${config.urlPrompt}`);\n console.log(info.url);\n if (info.instructions) {\n console.log('\\n' + info.instructions);\n }\n console.log('\\n');\n },\n onPrompt: async (prompt) => {\n return input({ message: prompt.message });\n },\n onProgress: (message) => {\n console.log(' →', message);\n },\n };\n\n try {\n const creds = await config.provider.login(callbacks);\n upsertAuthProfile({\n profileId: config.profileId,\n credential: {\n type: 'oauth',\n provider,\n ...creds,\n },\n });\n return true;\n } catch (error) {\n console.error('❌ OAuth login failed:', error);\n return false;\n }\n}\n\n/\n Configure AI model provider and model\n */\nexport async function setupModel(\n existingConfig: Config \| null,\n ctx: CLIContext\n): Promise<Config> {\n console.log('\\n🤖 Step: AI Model\\n');\n\n const config = existingConfig \|\| ({} as Config);\n const currentModelConfig = config?.agents?.defaults?.model;\n const currentModel =\n typeof currentModelConfig === 'string' ? currentModelConfig : currentModelConfig?.primary;\n\n if (currentModel) {\n console.log('Current model:', currentModel);\n const keepCurrent = await confirm({\n message: 'Keep using this model?',\n default: true,\n });\n if (keepCurrent) {\n console.log('✅ Keeping:', currentModel);\n return config;\n }\n }\n\n // Get sorted providers with metadata\n const sortedProviders = getSortedProviders();\n\n const choices = sortedProviders.map((p) => ({\n value: p,\n name: getProviderDisplayName(p),\n }));\n\n const provider = await select({\n message: 'Select provider:',\n choices,\n });\n\n const providerName = getProviderDisplayName(provider);\n\n // Check if provider has existing profiles\n const existingProfiles = listProfilesForProvider(provider);\n if (existingProfiles.length > 0) {\n console.log(`\\n${colors.green('✓')} Found existing credentials for ${providerName}`);\n const useExisting = await confirm({\n message: 'Use existing credentials?',\n default: true,\n });\n\n if (useExisting) {\n // Get available models\n const modelChoices = await getModelsForProvider(provider);\n if (modelChoices.length === 0) {\n console.log(`\\n⚠️ No models found for ${providerName}. Please check your credentials.`);\n } else {\n const model = await select({\n message: 'Select model:',\n choices: modelChoices,\n });\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: model, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: model, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', model);\n return config;\n }\n }\n }\n\n let apiKey: string \| undefined;\n let useOAuth = false;\n\n apiKey = getApiKeyFromEnv(provider);\n if (apiKey) {\n console.log(`\\n${colors.green('✓')} Found API key for ${providerName} in environment`);\n }\n\n if (!apiKey) {\n // Check auth support from metadata\n const supportsOAuth = providerSupportsOAuth(provider);\n const supportsApiKey = providerSupportsApiKey(provider);\n const isOAuthOnly = supportsOAuth && !supportsApiKey;\n\n if (isOAuthOnly) {\n // OAuth only - no choice\n const success = await doOAuthLogin(provider);\n if (success) {\n useOAuth = true;\n console.log('\\n✅ OAuth login successful!');\n } else {\n console.error('\\n❌ OAuth login failed. This provider requires OAuth.');\n return config;\n }\n } else if (supportsOAuth && supportsApiKey) {\n // Dual auth - let user choose\n const authMethod = await select({\n message: `How would you like to authenticate with ${providerName}?`,\n choices: [\n { value: 'api_key', name: 'API Key (enter manually)' },\n { value: 'oauth', name: 'OAuth Login (browser-based)' },\n ],\n });\n\n if (authMethod === 'oauth') {\n const success = await doOAuthLogin(provider);\n if (success) {\n useOAuth = true;\n console.log('\\n✅ OAuth login successful!');\n } else {\n console.log('\\n⚠️ OAuth login failed. Please enter API key manually.');\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n useOAuth = false;\n }\n } else {\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n }\n } else {\n // API key only\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n }\n }\n\n // Get available models\n const modelChoices = await getModelsForProvider(provider);\n if (modelChoices.length === 0) {\n console.log(`\\n⚠️ No built-in models found for ${providerName}.`);\n console.log(' You can still use custom model names.');\n const model = await input({\n message: 'Model name:',\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n\n // Store API key in new credential system\n if (apiKey) {\n const resolver = new CredentialResolver();\n await resolver.saveApiKey(provider, apiKey, { profileName: 'default' });\n }\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: `${provider}/${model}`, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: `${provider}/${model}`, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', `${provider}/${model}`);\n return config;\n }\n\n console.log(`\\n📋 Available models for ${providerName}:`);\n const model = await select({\n message: 'Select model:',\n choices: modelChoices,\n });\n\n // Store in new credential system\n if (!useOAuth && apiKey) {\n const resolver = new CredentialResolver();\n await resolver.saveApiKey(provider, apiKey, { profileName: 'default' });\n }\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: model, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: model, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', model);\n return config;\n}\n"],"mappings":";;;;;;;;;;;gBAcqC;kBAK6B;eACA;;;;AAKlE,eAAe,qBAAqB,UAA8D;AAEhG,QADe,oBAAoB,SACtB,CAAC,KAAK,OAAO;EACxB,OAAO,GAAG,EAAE,SAAS,GAAG,EAAE;EAC1B,MAAM,EAAE,QAAQ,EAAE;EACnB,EAAE;;;;;AAML,eAAe,aAAa,UAAoC;CAC9D,MAAM,SAAS,iBAAiB,SAAS;AACzC,KAAI,CAAC,QAAQ;AACX,UAAQ,MAAM,qCAAqC,WAAW;AAC9D,SAAO;;AAGT,SAAQ,IAAI,iBAAiB,OAAO,YAAY,iBAAiB;CAEjE,MAAM,YAAiC;EACrC,SAAS,SAAS;AAChB,WAAQ,IAAI,KAAK,OAAO,YAAY;AACpC,WAAQ,IAAI,KAAK,IAAI;AACrB,OAAI,KAAK,aACP,SAAQ,IAAI,OAAO,KAAK,aAAa;AAEvC,WAAQ,IAAI,KAAK;;EAEnB,UAAU,OAAO,WAAW;AAC1B,UAAO,MAAM,EAAE,SAAS,OAAO,SAAS,CAAC;;EAE3C,aAAa,YAAY;AACvB,WAAQ,IAAI,MAAM,QAAQ;;EAE7B;AAED,KAAI;EACF,MAAM,QAAQ,MAAM,OAAO,SAAS,MAAM,UAAU;AACpD,oBAAkB;GAChB,WAAW,OAAO;GAClB,YAAY;IACV,MAAM;IACN;IACA,GAAG;IACJ;GACF,CAAC;AACF,SAAO;UACA,OAAO;AACd,UAAQ,MAAM,yBAAyB,MAAM;AAC7C,SAAO;;;;;;AAOX,eAAsB,WACpB,gBACA,KACiB;AACjB,SAAQ,IAAI,wBAAwB;CAEpC,MAAM,SAAS,kBAAmB,EAAE;CACpC,MAAM,qBAAqB,QAAQ,QAAQ,UAAU;CACrD,MAAM,eACJ,OAAO,uBAAuB,WAAW,qBAAqB,oBAAoB;AAEpF,KAAI,cAAc;AAChB,UAAQ,IAAI,kBAAkB,aAAa;AAK3C,MAAI,MAJsB,QAAQ;GAChC,SAAS;GACT,SAAS;GACV,CAAC,EACe;AACf,WAAQ,IAAI,cAAc,aAAa;AACvC,UAAO;;;CAYX,MAAM,WAAW,MAAM,OAAO;EAC5B,SAAS;EACT,SATsB,oBAEO,CAAC,KAAK,OAAO;GAC1C,OAAO;GACP,MAAM,uBAAuB,EAAE;GAChC,EAIQ;EACR,CAAC;CAEF,MAAM,eAAe,uBAAuB,SAAS;AAIrD,KADyB,wBAAwB,SAC7B,CAAC,SAAS,GAAG;AAC/B,UAAQ,IAAI,KAAK,OAAO,MAAM,IAAI,CAAC,kCAAkC,eAAe;AAMpF,MAAI,MALsB,QAAQ;GAChC,SAAS;GACT,SAAS;GACV,CAAC,EAEe;GAEf,MAAM,eAAe,MAAM,qBAAqB,SAAS;AACzD,OAAI,aAAa,WAAW,EAC1B,SAAQ,IAAI,6BAA6B,aAAa,kCAAkC;QACnF;IACL,MAAM,QAAQ,MAAM,OAAO;KACzB,SAAS;KACT,SAAS;KACV,CAAC;AAEF,WAAO,SAAS,OAAO,UAAU,EAAE;AACnC,WAAO,OAAO,WAAW,OAAO,OAAO,YAAY;KACjD,WAAW,IAAI;KACf,OAAO;MAAE,SAAS;MAAO,WAAW,EAAE;MAAE;KACxC,WAAW;KACX,aAAa;KACb,mBAAmB;KACnB,oBAAoB;KACpB,wBAAwB;KACzB;AACD,WAAO,OAAO,SAAS,QAAQ;KAAE,SAAS;KAAO,WAAW,EAAE;KAAE;AAChE,WAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,YAAQ,IAAI,yBAAyB,MAAM;AAC3C,WAAO;;;;CAKb,IAAI;CACJ,IAAI,WAAW;AAEf,UAAS,iBAAiB,SAAS;AACnC,KAAI,OACF,SAAQ,IAAI,KAAK,OAAO,MAAM,IAAI,CAAC,qBAAqB,aAAa,iBAAiB;AAGxF,KAAI,CAAC,QAAQ;EAEX,MAAM,gBAAgB,sBAAsB,SAAS;EACrD,MAAM,iBAAiB,uBAAuB,SAAS;AAGvD,MAFoB,iBAAiB,CAAC,eAKpC,KAAI,MADkB,aAAa,SAAS,EAC/B;AACX,cAAW;AACX,WAAQ,IAAI,8BAA8B;SACrC;AACL,WAAQ,MAAM,wDAAwD;AACtE,UAAO;;WAEA,iBAAiB,eAU1B,KAAI,MARqB,OAAO;GAC9B,SAAS,2CAA2C,aAAa;GACjE,SAAS,CACP;IAAE,OAAO;IAAW,MAAM;IAA4B,EACtD;IAAE,OAAO;IAAS,MAAM;IAA+B,CACxD;GACF,CAAC,KAEiB,QAEjB,KAAI,MADkB,aAAa,SAAS,EAC/B;AACX,cAAW;AACX,WAAQ,IAAI,8BAA8B;SACrC;AACL,WAAQ,IAAI,0DAA0D;AACtE,YAAS,MAAM,MAAM;IACnB,SAAS,eAAe,aAAa;IACrC,WAAW,MAAc,EAAE,SAAS,KAAK;IAC1C,CAAC;AACF,cAAW;;MAGb,UAAS,MAAM,MAAM;GACnB,SAAS,eAAe,aAAa;GACrC,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;MAIJ,UAAS,MAAM,MAAM;GACnB,SAAS,eAAe,aAAa;GACrC,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;;CAKN,MAAM,eAAe,MAAM,qBAAqB,SAAS;AACzD,KAAI,aAAa,WAAW,GAAG;AAC7B,UAAQ,IAAI,sCAAsC,aAAa,GAAG;AAClE,UAAQ,IAAI,2CAA2C;EACvD,MAAM,QAAQ,MAAM,MAAM;GACxB,SAAS;GACT,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;AAGF,MAAI,OAEF,OAAM,IADe,oBACP,CAAC,WAAW,UAAU,QAAQ,EAAE,aAAa,WAAW,CAAC;AAGzE,SAAO,SAAS,OAAO,UAAU,EAAE;AACnC,SAAO,OAAO,WAAW,OAAO,OAAO,YAAY;GACjD,WAAW,IAAI;GACf,OAAO;IAAE,SAAS,GAAG,SAAS,GAAG;IAAS,WAAW,EAAE;IAAE;GACzD,WAAW;GACX,aAAa;GACb,mBAAmB;GACnB,oBAAoB;GACpB,wBAAwB;GACzB;AACD,SAAO,OAAO,SAAS,QAAQ;GAAE,SAAS,GAAG,SAAS,GAAG;GAAS,WAAW,EAAE;GAAE;AACjF,SAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,UAAQ,IAAI,yBAAyB,GAAG,SAAS,GAAG,QAAQ;AAC5D,SAAO;;AAGT,SAAQ,IAAI,6BAA6B,aAAa,GAAG;CACzD,MAAM,QAAQ,MAAM,OAAO;EACzB,SAAS;EACT,SAAS;EACV,CAAC;AAGF,KAAI,CAAC,YAAY,OAEf,OAAM,IADe,oBACP,CAAC,WAAW,UAAU,QAAQ,EAAE,aAAa,WAAW,CAAC;AAGzE,QAAO,SAAS,OAAO,UAAU,EAAE;AACnC,QAAO,OAAO,WAAW,OAAO,OAAO,YAAY;EACjD,WAAW,IAAI;EACf,OAAO;GAAE,SAAS;GAAO,WAAW,EAAE;GAAE;EACxC,WAAW;EACX,aAAa;EACb,mBAAmB;EACnB,oBAAoB;EACpB,wBAAwB;EACzB;AACD,QAAO,OAAO,SAAS,QAAQ;EAAE,SAAS;EAAO,WAAW,EAAE;EAAE;AAChE,QAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,SAAQ,IAAI,yBAAyB,MAAM;AAC3C,QAAO"}
1	+ {"version":3,"file":"model.js","names":[],"sources":["../../../../../src/cli/commands/onboard/model.ts"],"sourcesContent":["/*\n Model Configuration for Onboarding\n /\n\nimport { input, select, confirm } from '@inquirer/prompts';\nimport type { Config } from '../../../config/schema.js';\nimport type { CLIContext } from '../../registry.js';\nimport { colors } from '../../utils/colors.js';\nimport {\n getModelsByProvider,\n getSortedProviders,\n getProviderDisplayName,\n providerSupportsOAuth,\n providerSupportsApiKey,\n} from '../../../providers/index.js';\nimport { listProfilesForProvider } from '../../../auth/profiles/index.js';\nimport { upsertAuthProfile } from '../../../auth/profiles/index.js';\nimport { getOAuthProvider } from '../../utils/oauth-providers.js';\nimport type { OAuthLoginCallbacks } from '../../../auth/index.js';\nimport { CredentialResolver } from '../../../auth/credentials.js';\nimport { getApiKeyFromEnv } from '../../../providers/env-keys.js';\n\n/\n Get available models for a provider\n /\nasync function getModelsForProvider(provider: string): Promise<{ value: string; name: string }[]> {\n const models = getModelsByProvider(provider);\n return models.map((m) => ({\n value: `${m.provider}/${m.id}`,\n name: m.name \|\| m.id,\n }));\n}\n\n/\n Perform OAuth login for a provider\n /\nasync function doOAuthLogin(provider: string): Promise<boolean> {\n const config = getOAuthProvider(provider);\n if (!config) {\n console.error(`OAuth not supported for provider: ${provider}`);\n return false;\n }\n\n console.log(`\\n🔐 Starting ${config.displayName} OAuth login...`);\n\n const callbacks: OAuthLoginCallbacks = {\n onAuth: (info) => {\n console.log(`\\n${config.urlPrompt}`);\n console.log(info.url);\n if (info.instructions) {\n console.log('\\n' + info.instructions);\n }\n console.log('\\n');\n },\n onDeviceCode: (info) => {\n console.log(`\\nOpen ${info.verificationUri} and enter code ${info.userCode}\\n`);\n },\n onPrompt: async (prompt) => {\n return input({ message: prompt.message });\n },\n onProgress: (message) => {\n console.log(' →', message);\n },\n onSelect: async (prompt) => {\n const browserOption = prompt.options.find((option) => option.id === 'browser');\n return browserOption?.id ?? prompt.options[0]?.id;\n },\n };\n\n try {\n const creds = await config.provider.login(callbacks);\n upsertAuthProfile({\n profileId: config.profileId,\n credential: {\n type: 'oauth',\n provider,\n ...creds,\n },\n });\n return true;\n } catch (error) {\n console.error('❌ OAuth login failed:', error);\n return false;\n }\n}\n\n/\n Configure AI model provider and model\n */\nexport async function setupModel(\n existingConfig: Config \| null,\n ctx: CLIContext\n): Promise<Config> {\n console.log('\\n🤖 Step: AI Model\\n');\n\n const config = existingConfig \|\| ({} as Config);\n const currentModelConfig = config?.agents?.defaults?.model;\n const currentModel =\n typeof currentModelConfig === 'string' ? currentModelConfig : currentModelConfig?.primary;\n\n if (currentModel) {\n console.log('Current model:', currentModel);\n const keepCurrent = await confirm({\n message: 'Keep using this model?',\n default: true,\n });\n if (keepCurrent) {\n console.log('✅ Keeping:', currentModel);\n return config;\n }\n }\n\n // Get sorted providers with metadata\n const sortedProviders = getSortedProviders();\n\n const choices = sortedProviders.map((p) => ({\n value: p,\n name: getProviderDisplayName(p),\n }));\n\n const provider = await select({\n message: 'Select provider:',\n choices,\n });\n\n const providerName = getProviderDisplayName(provider);\n\n // Check if provider has existing profiles\n const existingProfiles = listProfilesForProvider(provider);\n if (existingProfiles.length > 0) {\n console.log(`\\n${colors.green('✓')} Found existing credentials for ${providerName}`);\n const useExisting = await confirm({\n message: 'Use existing credentials?',\n default: true,\n });\n\n if (useExisting) {\n // Get available models\n const modelChoices = await getModelsForProvider(provider);\n if (modelChoices.length === 0) {\n console.log(`\\n⚠️ No models found for ${providerName}. Please check your credentials.`);\n } else {\n const model = await select({\n message: 'Select model:',\n choices: modelChoices,\n });\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: model, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: model, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', model);\n return config;\n }\n }\n }\n\n let apiKey: string \| undefined;\n let useOAuth = false;\n\n apiKey = getApiKeyFromEnv(provider);\n if (apiKey) {\n console.log(`\\n${colors.green('✓')} Found API key for ${providerName} in environment`);\n }\n\n if (!apiKey) {\n // Check auth support from metadata\n const supportsOAuth = providerSupportsOAuth(provider);\n const supportsApiKey = providerSupportsApiKey(provider);\n const isOAuthOnly = supportsOAuth && !supportsApiKey;\n\n if (isOAuthOnly) {\n // OAuth only - no choice\n const success = await doOAuthLogin(provider);\n if (success) {\n useOAuth = true;\n console.log('\\n✅ OAuth login successful!');\n } else {\n console.error('\\n❌ OAuth login failed. This provider requires OAuth.');\n return config;\n }\n } else if (supportsOAuth && supportsApiKey) {\n // Dual auth - let user choose\n const authMethod = await select({\n message: `How would you like to authenticate with ${providerName}?`,\n choices: [\n { value: 'api_key', name: 'API Key (enter manually)' },\n { value: 'oauth', name: 'OAuth Login (browser-based)' },\n ],\n });\n\n if (authMethod === 'oauth') {\n const success = await doOAuthLogin(provider);\n if (success) {\n useOAuth = true;\n console.log('\\n✅ OAuth login successful!');\n } else {\n console.log('\\n⚠️ OAuth login failed. Please enter API key manually.');\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n useOAuth = false;\n }\n } else {\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n }\n } else {\n // API key only\n apiKey = await input({\n message: `API Key for ${providerName}:`,\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n }\n }\n\n // Get available models\n const modelChoices = await getModelsForProvider(provider);\n if (modelChoices.length === 0) {\n console.log(`\\n⚠️ No built-in models found for ${providerName}.`);\n console.log(' You can still use custom model names.');\n const model = await input({\n message: 'Model name:',\n validate: (v: string) => v.length > 0 \|\| 'Required',\n });\n\n // Store API key in new credential system\n if (apiKey) {\n const resolver = new CredentialResolver();\n await resolver.saveApiKey(provider, apiKey, { profileName: 'default' });\n }\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: `${provider}/${model}`, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: `${provider}/${model}`, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', `${provider}/${model}`);\n return config;\n }\n\n console.log(`\\n📋 Available models for ${providerName}:`);\n const model = await select({\n message: 'Select model:',\n choices: modelChoices,\n });\n\n // Store in new credential system\n if (!useOAuth && apiKey) {\n const resolver = new CredentialResolver();\n await resolver.saveApiKey(provider, apiKey, { profileName: 'default' });\n }\n\n config.agents = config.agents \|\| {};\n config.agents.defaults = config.agents.defaults \|\| {\n workspace: ctx.workspacePath,\n model: { primary: model, fallbacks: [] },\n maxTokens: 8192,\n temperature: 0.7,\n maxToolIterations: 20,\n maxRequestsPerTurn: 50,\n maxToolFailuresPerTurn: 3,\n };\n config.agents.defaults.model = { primary: model, fallbacks: [] };\n config.agents.defaults.workspace = ctx.workspacePath;\n\n console.log('\\n✅ Model configured:', model);\n return config;\n}\n"],"mappings":";;;;;;;;;;;gBAcqC;kBAK6B;eACA;;;;AAKlE,eAAe,qBAAqB,UAA8D;AAEhG,QADe,oBAAoB,SACtB,CAAC,KAAK,OAAO;EACxB,OAAO,GAAG,EAAE,SAAS,GAAG,EAAE;EAC1B,MAAM,EAAE,QAAQ,EAAE;EACnB,EAAE;;;;;AAML,eAAe,aAAa,UAAoC;CAC9D,MAAM,SAAS,iBAAiB,SAAS;AACzC,KAAI,CAAC,QAAQ;AACX,UAAQ,MAAM,qCAAqC,WAAW;AAC9D,SAAO;;AAGT,SAAQ,IAAI,iBAAiB,OAAO,YAAY,iBAAiB;CAEjE,MAAM,YAAiC;EACrC,SAAS,SAAS;AAChB,WAAQ,IAAI,KAAK,OAAO,YAAY;AACpC,WAAQ,IAAI,KAAK,IAAI;AACrB,OAAI,KAAK,aACP,SAAQ,IAAI,OAAO,KAAK,aAAa;AAEvC,WAAQ,IAAI,KAAK;;EAEnB,eAAe,SAAS;AACtB,WAAQ,IAAI,UAAU,KAAK,gBAAgB,kBAAkB,KAAK,SAAS,IAAI;;EAEjF,UAAU,OAAO,WAAW;AAC1B,UAAO,MAAM,EAAE,SAAS,OAAO,SAAS,CAAC;;EAE3C,aAAa,YAAY;AACvB,WAAQ,IAAI,MAAM,QAAQ;;EAE5B,UAAU,OAAO,WAAW;AAE1B,UADsB,OAAO,QAAQ,MAAM,WAAW,OAAO,OAAO,UAChD,EAAE,MAAM,OAAO,QAAQ,IAAI;;EAElD;AAED,KAAI;EACF,MAAM,QAAQ,MAAM,OAAO,SAAS,MAAM,UAAU;AACpD,oBAAkB;GAChB,WAAW,OAAO;GAClB,YAAY;IACV,MAAM;IACN;IACA,GAAG;IACJ;GACF,CAAC;AACF,SAAO;UACA,OAAO;AACd,UAAQ,MAAM,yBAAyB,MAAM;AAC7C,SAAO;;;;;;AAOX,eAAsB,WACpB,gBACA,KACiB;AACjB,SAAQ,IAAI,wBAAwB;CAEpC,MAAM,SAAS,kBAAmB,EAAE;CACpC,MAAM,qBAAqB,QAAQ,QAAQ,UAAU;CACrD,MAAM,eACJ,OAAO,uBAAuB,WAAW,qBAAqB,oBAAoB;AAEpF,KAAI,cAAc;AAChB,UAAQ,IAAI,kBAAkB,aAAa;AAK3C,MAAI,MAJsB,QAAQ;GAChC,SAAS;GACT,SAAS;GACV,CAAC,EACe;AACf,WAAQ,IAAI,cAAc,aAAa;AACvC,UAAO;;;CAYX,MAAM,WAAW,MAAM,OAAO;EAC5B,SAAS;EACT,SATsB,oBAEO,CAAC,KAAK,OAAO;GAC1C,OAAO;GACP,MAAM,uBAAuB,EAAE;GAChC,EAIQ;EACR,CAAC;CAEF,MAAM,eAAe,uBAAuB,SAAS;AAIrD,KADyB,wBAAwB,SAC7B,CAAC,SAAS,GAAG;AAC/B,UAAQ,IAAI,KAAK,OAAO,MAAM,IAAI,CAAC,kCAAkC,eAAe;AAMpF,MAAI,MALsB,QAAQ;GAChC,SAAS;GACT,SAAS;GACV,CAAC,EAEe;GAEf,MAAM,eAAe,MAAM,qBAAqB,SAAS;AACzD,OAAI,aAAa,WAAW,EAC1B,SAAQ,IAAI,6BAA6B,aAAa,kCAAkC;QACnF;IACL,MAAM,QAAQ,MAAM,OAAO;KACzB,SAAS;KACT,SAAS;KACV,CAAC;AAEF,WAAO,SAAS,OAAO,UAAU,EAAE;AACnC,WAAO,OAAO,WAAW,OAAO,OAAO,YAAY;KACjD,WAAW,IAAI;KACf,OAAO;MAAE,SAAS;MAAO,WAAW,EAAE;MAAE;KACxC,WAAW;KACX,aAAa;KACb,mBAAmB;KACnB,oBAAoB;KACpB,wBAAwB;KACzB;AACD,WAAO,OAAO,SAAS,QAAQ;KAAE,SAAS;KAAO,WAAW,EAAE;KAAE;AAChE,WAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,YAAQ,IAAI,yBAAyB,MAAM;AAC3C,WAAO;;;;CAKb,IAAI;CACJ,IAAI,WAAW;AAEf,UAAS,iBAAiB,SAAS;AACnC,KAAI,OACF,SAAQ,IAAI,KAAK,OAAO,MAAM,IAAI,CAAC,qBAAqB,aAAa,iBAAiB;AAGxF,KAAI,CAAC,QAAQ;EAEX,MAAM,gBAAgB,sBAAsB,SAAS;EACrD,MAAM,iBAAiB,uBAAuB,SAAS;AAGvD,MAFoB,iBAAiB,CAAC,eAKpC,KAAI,MADkB,aAAa,SAAS,EAC/B;AACX,cAAW;AACX,WAAQ,IAAI,8BAA8B;SACrC;AACL,WAAQ,MAAM,wDAAwD;AACtE,UAAO;;WAEA,iBAAiB,eAU1B,KAAI,MARqB,OAAO;GAC9B,SAAS,2CAA2C,aAAa;GACjE,SAAS,CACP;IAAE,OAAO;IAAW,MAAM;IAA4B,EACtD;IAAE,OAAO;IAAS,MAAM;IAA+B,CACxD;GACF,CAAC,KAEiB,QAEjB,KAAI,MADkB,aAAa,SAAS,EAC/B;AACX,cAAW;AACX,WAAQ,IAAI,8BAA8B;SACrC;AACL,WAAQ,IAAI,0DAA0D;AACtE,YAAS,MAAM,MAAM;IACnB,SAAS,eAAe,aAAa;IACrC,WAAW,MAAc,EAAE,SAAS,KAAK;IAC1C,CAAC;AACF,cAAW;;MAGb,UAAS,MAAM,MAAM;GACnB,SAAS,eAAe,aAAa;GACrC,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;MAIJ,UAAS,MAAM,MAAM;GACnB,SAAS,eAAe,aAAa;GACrC,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;;CAKN,MAAM,eAAe,MAAM,qBAAqB,SAAS;AACzD,KAAI,aAAa,WAAW,GAAG;AAC7B,UAAQ,IAAI,sCAAsC,aAAa,GAAG;AAClE,UAAQ,IAAI,2CAA2C;EACvD,MAAM,QAAQ,MAAM,MAAM;GACxB,SAAS;GACT,WAAW,MAAc,EAAE,SAAS,KAAK;GAC1C,CAAC;AAGF,MAAI,OAEF,OAAM,IADe,oBACP,CAAC,WAAW,UAAU,QAAQ,EAAE,aAAa,WAAW,CAAC;AAGzE,SAAO,SAAS,OAAO,UAAU,EAAE;AACnC,SAAO,OAAO,WAAW,OAAO,OAAO,YAAY;GACjD,WAAW,IAAI;GACf,OAAO;IAAE,SAAS,GAAG,SAAS,GAAG;IAAS,WAAW,EAAE;IAAE;GACzD,WAAW;GACX,aAAa;GACb,mBAAmB;GACnB,oBAAoB;GACpB,wBAAwB;GACzB;AACD,SAAO,OAAO,SAAS,QAAQ;GAAE,SAAS,GAAG,SAAS,GAAG;GAAS,WAAW,EAAE;GAAE;AACjF,SAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,UAAQ,IAAI,yBAAyB,GAAG,SAAS,GAAG,QAAQ;AAC5D,SAAO;;AAGT,SAAQ,IAAI,6BAA6B,aAAa,GAAG;CACzD,MAAM,QAAQ,MAAM,OAAO;EACzB,SAAS;EACT,SAAS;EACV,CAAC;AAGF,KAAI,CAAC,YAAY,OAEf,OAAM,IADe,oBACP,CAAC,WAAW,UAAU,QAAQ,EAAE,aAAa,WAAW,CAAC;AAGzE,QAAO,SAAS,OAAO,UAAU,EAAE;AACnC,QAAO,OAAO,WAAW,OAAO,OAAO,YAAY;EACjD,WAAW,IAAI;EACf,OAAO;GAAE,SAAS;GAAO,WAAW,EAAE;GAAE;EACxC,WAAW;EACX,aAAa;EACb,mBAAmB;EACnB,oBAAoB;EACpB,wBAAwB;EACzB;AACD,QAAO,OAAO,SAAS,QAAQ;EAAE,SAAS;EAAO,WAAW,EAAE;EAAE;AAChE,QAAO,OAAO,SAAS,YAAY,IAAI;AAEvC,SAAQ,IAAI,yBAAyB,MAAM;AAC3C,QAAO"}