aemeathcli 1.0.0

package/dist/claude-login-5WELXPKT.js

@@ -0,0 +1,324 @@
+import { CredentialStore } from './chunk-4IJD72YB.js';
+import './chunk-CGEV3ARR.js';
+import './chunk-CYQNBB25.js';
+import './chunk-NBR3GHMT.js';
+import './chunk-CS5X3BWX.js';
+import './chunk-HCIHOHLX.js';
+import { AuthenticationError } from './chunk-ZGOHARPV.js';
+import { logger } from './chunk-JAXXTYID.js';
+import { createServer } from 'http';
+import { randomBytes, createHash } from 'crypto';
+import { execFile } from 'child_process';
+import { promisify } from 'util';
+import { URL } from 'url';
+
+var execFileAsync = promisify(execFile);
+var CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+var AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+var TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+var SCOPE = "user:inference";
+var CALLBACK_TIMEOUT_MS = 3e5;
+var LOCALHOST = "localhost";
+var KEYCHAIN_SERVICE = "Claude Code-credentials";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function asString(value) {
+  return typeof value === "string" && value.length > 0 ? value : void 0;
+}
+function asDate(value) {
+  if (value instanceof Date) {
+    return Number.isNaN(value.getTime()) ? void 0 : value;
+  }
+  if (typeof value === "number" && Number.isFinite(value)) {
+    const millis = value > 1e10 ? value : value * 1e3;
+    const date = new Date(millis);
+    return Number.isNaN(date.getTime()) ? void 0 : date;
+  }
+  if (typeof value === "string" && value.length > 0) {
+    const numeric = Number(value);
+    if (Number.isFinite(numeric) && value.trim() !== "") {
+      return asDate(numeric);
+    }
+    const parsed = new Date(value);
+    return Number.isNaN(parsed.getTime()) ? void 0 : parsed;
+  }
+  return void 0;
+}
+function parseKeychainCredential(raw) {
+  if (raw.length === 0) {
+    return void 0;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return void 0;
+  }
+  if (!isRecord(parsed)) {
+    return void 0;
+  }
+  const directPayload = parsed;
+  const nestedPayload = isRecord(parsed["claudeAiOauth"]) ? parsed["claudeAiOauth"] : void 0;
+  const payloads = nestedPayload ? [nestedPayload, directPayload] : [directPayload];
+  for (const payload of payloads) {
+    const accessToken = asString(payload["accessToken"]) ?? asString(payload["access_token"]);
+    if (!accessToken) {
+      continue;
+    }
+    const refreshToken = asString(payload["refreshToken"]) ?? asString(payload["refresh_token"]);
+    const expiresAt = asDate(payload["expiresAt"] ?? payload["expires_at"]);
+    const email = asString(payload["email"]);
+    const plan = asString(payload["plan"]) ?? asString(payload["subscriptionType"]) ?? asString(payload["subscription_type"]) ?? asString(payload["rateLimitTier"]) ?? asString(payload["rate_limit_tier"]);
+    return {
+      provider: "anthropic",
+      method: "native_login",
+      token: accessToken,
+      ...refreshToken !== void 0 ? { refreshToken } : {},
+      ...expiresAt !== void 0 ? { expiresAt } : {},
+      ...email !== void 0 ? { email } : {},
+      ...plan !== void 0 ? { plan } : {}
+    };
+  }
+  return void 0;
+}
+async function readKeychainCredential() {
+  if (process.platform !== "darwin") return void 0;
+  try {
+    const { stdout } = await execFileAsync("security", [
+      "find-generic-password",
+      "-s",
+      KEYCHAIN_SERVICE,
+      "-w"
+    ], { timeout: 5e3 });
+    return parseKeychainCredential(stdout.trim());
+  } catch {
+    return void 0;
+  }
+}
+function generateCodeVerifier() {
+  return randomBytes(32).toString("base64url");
+}
+function generateCodeChallenge(verifier) {
+  return createHash("sha256").update(verifier).digest("base64url");
+}
+function generateState() {
+  return randomBytes(16).toString("hex");
+}
+function escapeHtml(unsafe) {
+  return unsafe.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
+function successHtml() {
+  return `<!DOCTYPE html>
+<html><head><title>AemeathCLI \u2014 Login Successful</title></head>
+<body style="font-family:system-ui;text-align:center;padding:40px">
+<h1>Login Successful</h1>
+<p>You can close this window and return to your terminal.</p>
+</body></html>`;
+}
+function errorHtml(message) {
+  return `<!DOCTYPE html>
+<html><head><title>AemeathCLI \u2014 Login Failed</title></head>
+<body style="font-family:system-ui;text-align:center;padding:40px">
+<h1>Login Failed</h1>
+<p>${escapeHtml(message)}</p>
+</body></html>`;
+}
+var ClaudeLogin = class {
+  credentialStore;
+  callbackServer;
+  constructor(store) {
+    this.credentialStore = store ?? new CredentialStore();
+  }
+  /**
+   * Run browser-based OAuth 2.0 + PKCE login using the same client ID
+   * as the official Claude Code CLI. Browser opens automatically.
+   */
+  async login() {
+    const existing = await readKeychainCredential();
+    if (existing && existing.token) {
+      const isExpired = existing.expiresAt ? /* @__PURE__ */ new Date() > existing.expiresAt : false;
+      if (!isExpired) {
+        logger.info("Imported existing Claude Code credentials from keychain");
+        await this.credentialStore.set("anthropic", existing);
+        return existing;
+      }
+    }
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    const state = generateState();
+    const { port, server } = await this.startCallbackServer();
+    this.callbackServer = server;
+    const redirectUri = `http://${LOCALHOST}:${port}/callback`;
+    const authUrl = new URL(AUTHORIZE_URL);
+    authUrl.searchParams.set("code", "true");
+    authUrl.searchParams.set("client_id", CLIENT_ID);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("redirect_uri", redirectUri);
+    authUrl.searchParams.set("scope", SCOPE);
+    authUrl.searchParams.set("code_challenge", codeChallenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    authUrl.searchParams.set("state", state);
+    logger.info("Opening browser for Claude OAuth login");
+    try {
+      const openModule = await import('open');
+      await openModule.default(authUrl.toString());
+    } catch {
+      this.stopServer();
+      throw new AuthenticationError("anthropic", "Failed to open browser for login");
+    }
+    try {
+      const code = await this.waitForCallback(state);
+      const credential = await this.exchangeCodeForToken(code, codeVerifier, redirectUri, state);
+      await this.credentialStore.set("anthropic", credential);
+      logger.info("Claude OAuth login successful");
+      return credential;
+    } finally {
+      this.stopServer();
+    }
+  }
+  async logout() {
+    await this.credentialStore.delete("anthropic");
+    logger.info("Claude session revoked");
+  }
+  async isLoggedIn() {
+    const credential = await this.getCachedCredential();
+    return credential !== void 0;
+  }
+  async getStatus() {
+    const loggedIn = await this.isLoggedIn();
+    if (!loggedIn) return { loggedIn: false };
+    const credential = await this.credentialStore.get("anthropic");
+    if (!credential) return { loggedIn: false };
+    return {
+      loggedIn: true,
+      ...credential.email !== void 0 ? { email: credential.email } : {},
+      ...credential.plan !== void 0 ? { plan: credential.plan } : {}
+    };
+  }
+  async getCachedCredential() {
+    const existing = await this.credentialStore.get("anthropic");
+    if (existing?.method === "native_login" && existing.token) {
+      const isExpired2 = existing.expiresAt ? /* @__PURE__ */ new Date() > existing.expiresAt : false;
+      if (!isExpired2) {
+        return existing;
+      }
+    }
+    const keychain = await readKeychainCredential();
+    if (!keychain?.token) {
+      return void 0;
+    }
+    const isExpired = keychain.expiresAt ? /* @__PURE__ */ new Date() > keychain.expiresAt : false;
+    if (isExpired) {
+      return void 0;
+    }
+    await this.credentialStore.set("anthropic", keychain);
+    return keychain;
+  }
+  // ── Internal ──────────────────────────────────────────────────────────
+  startCallbackServer() {
+    return new Promise((resolve, reject) => {
+      const server = createServer();
+      server.listen(0, LOCALHOST, () => {
+        const address = server.address();
+        if (address === null || typeof address === "string") {
+          server.close();
+          reject(new Error("Failed to bind callback server"));
+          return;
+        }
+        resolve({ port: address.port, server });
+      });
+      server.on("error", reject);
+    });
+  }
+  waitForCallback(expectedState) {
+    return new Promise((resolve, reject) => {
+      const server = this.callbackServer;
+      if (server === void 0) {
+        reject(new AuthenticationError("anthropic", "Callback server not started"));
+        return;
+      }
+      const timeout = setTimeout(() => {
+        reject(new AuthenticationError("anthropic", "Login timed out"));
+      }, CALLBACK_TIMEOUT_MS);
+      server.on("request", (req, res) => {
+        const requestUrl = new URL(req.url ?? "/", `http://${LOCALHOST}`);
+        if (requestUrl.pathname !== "/callback") {
+          res.writeHead(404);
+          res.end("Not found");
+          return;
+        }
+        clearTimeout(timeout);
+        const code = requestUrl.searchParams.get("code");
+        const state = requestUrl.searchParams.get("state");
+        const error = requestUrl.searchParams.get("error");
+        if (error) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(errorHtml(`OAuth error: ${error}`));
+          reject(new AuthenticationError("anthropic", `OAuth error: ${error}`));
+          return;
+        }
+        if (state !== expectedState) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(errorHtml("State mismatch"));
+          reject(new AuthenticationError("anthropic", "OAuth state mismatch"));
+          return;
+        }
+        if (!code) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(errorHtml("Missing authorization code"));
+          reject(new AuthenticationError("anthropic", "No authorization code received"));
+          return;
+        }
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(successHtml());
+        resolve(code);
+      });
+    });
+  }
+  async exchangeCodeForToken(code, codeVerifier, redirectUri, state) {
+    const body = {
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      client_id: CLIENT_ID,
+      code_verifier: codeVerifier,
+      state
+    };
+    const response = await fetch(TOKEN_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new AuthenticationError("anthropic", `Token exchange failed: ${response.status} ${text}`);
+    }
+    const data = await response.json();
+    if (!data.access_token) {
+      throw new AuthenticationError("anthropic", "Token exchange returned no access_token");
+    }
+    const expiresAt = data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0;
+    return {
+      provider: "anthropic",
+      method: "native_login",
+      token: data.access_token,
+      ...data.refresh_token !== void 0 ? { refreshToken: data.refresh_token } : {},
+      ...expiresAt !== void 0 ? { expiresAt } : {},
+      ...data.email !== void 0 ? { email: data.email } : {},
+      ...data.plan !== void 0 ? { plan: data.plan } : {}
+    };
+  }
+  stopServer() {
+    if (this.callbackServer !== void 0) {
+      this.callbackServer.close();
+      this.callbackServer = void 0;
+    }
+  }
+};
+
+export { ClaudeLogin };
+//# sourceMappingURL=claude-login-5WELXPKT.js.map
+//# sourceMappingURL=claude-login-5WELXPKT.js.map

package/dist/claude-login-5WELXPKT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/providers/claude-login.ts"],"names":["isExpired"],"mappings":";;;;;;;;;;;;;;AAiBA,IAAM,aAAA,GAAgB,UAAU,QAAQ,CAAA;AAIxC,IAAM,SAAA,GAAY,sCAAA;AAClB,IAAM,aAAA,GAAgB,mCAAA;AACtB,IAAM,SAAA,GAAY,4CAAA;AAClB,IAAM,KAAA,GAAQ,gBAAA;AACd,IAAM,mBAAA,GAAsB,GAAA;AAC5B,IAAM,SAAA,GAAY,WAAA;AAIlB,IAAM,gBAAA,GAAmB,yBAAA;AAEzB,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA;AAChD;AAEA,SAAS,SAAS,KAAA,EAAoC;AACpD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAA,GAAS,IAAI,KAAA,GAAQ,MAAA;AACjE;AAEA,SAAS,OAAO,KAAA,EAAkC;AAChD,EAAA,IAAI,iBAAiB,IAAA,EAAM;AACzB,IAAA,OAAO,OAAO,KAAA,CAAM,KAAA,CAAM,OAAA,EAAS,IAAI,MAAA,GAAY,KAAA;AAAA,EACrD;AAEA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AACvD,IAAA,MAAM,MAAA,GAAS,KAAA,GAAQ,IAAA,GAAiB,KAAA,GAAQ,KAAA,GAAQ,GAAA;AACxD,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAM,CAAA;AAC5B,IAAA,OAAO,OAAO,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,IAAI,MAAA,GAAY,IAAA;AAAA,EACpD;AAEA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,SAAS,CAAA,EAAG;AACjD,IAAA,MAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAC5B,IAAA,IAAI,OAAO,QAAA,CAAS,OAAO,KAAK,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACnD,MAAA,OAAO,OAAO,OAAO,CAAA;AAAA,IACvB;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,IAAA,CAAK,KAAK,CAAA;AAC7B,IAAA,OAAO,OAAO,KAAA,CAAM,MAAA,CAAO,OAAA,EAAS,IAAI,MAAA,GAAY,MAAA;AAAA,EACtD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,wBAAwB,GAAA,EAAsC;AACrE,EAAA,IAAI,GAAA,CAAI,WAAW,CAAA,EAAG;AACpB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,EACzB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,QAAA,CAAS,MAAM,CAAA,EAAG;AACrB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAA;AACtB,EAAA,MAAM,aAAA,GAAgB,SAAS,MAAA,CAAO,eAAe,CAAC,CAAA,GAClD,MAAA,CAAO,eAAe,CAAA,GACtB,MAAA;AACJ,EAAA,MAAM,WAAW,aAAA,GAAgB,CAAC,eAAe,aAAa,CAAA,GAAI,CAAC,aAAa,CAAA;AAEhF,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,MAAM,WAAA,GAAc,SAAS,OAAA,CAAQ,aAAa,CAAC,CAAA,IAAK,QAAA,CAAS,OAAA,CAAQ,cAAc,CAAC,CAAA;AACxF,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,SAAS,OAAA,CAAQ,cAAc,CAAC,CAAA,IAAK,QAAA,CAAS,OAAA,CAAQ,eAAe,CAAC,CAAA;AAC3F,IAAA,MAAM,YAAY,MAAA,CAAO,OAAA,CAAQ,WAAW,CAAA,IAAK,OAAA,CAAQ,YAAY,CAAC,CAAA;AACtE,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAC,CAAA;AACvC,IAAA,MAAM,IAAA,GAAO,QAAA,CAAS,OAAA,CAAQ,MAAM,CAAC,KAChC,QAAA,CAAS,OAAA,CAAQ,kBAAkB,CAAC,CAAA,IACpC,QAAA,CAAS,QAAQ,mBAAmB,CAAC,CAAA,IACrC,QAAA,CAAS,OAAA,CAAQ,eAAe,CAAC,CAAA,IACjC,QAAA,CAAS,OAAA,CAAQ,iBAAiB,CAAC,CAAA;AAExC,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,WAAA;AAAA,MACV,MAAA,EAAQ,cAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,GAAI,YAAA,KAAiB,MAAA,GAAY,EAAE,YAAA,KAAiB,EAAC;AAAA,MACrD,GAAI,SAAA,KAAc,MAAA,GAAY,EAAE,SAAA,KAAc,EAAC;AAAA,MAC/C,GAAI,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,KAAU,EAAC;AAAA,MACvC,GAAI,IAAA,KAAS,MAAA,GAAY,EAAE,IAAA,KAAS;AAAC,KACvC;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,eAAe,sBAAA,GAA2D;AACxE,EAAA,IAAI,OAAA,CAAQ,QAAA,KAAa,QAAA,EAAU,OAAO,MAAA;AAE1C,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAM,cAAc,UAAA,EAAY;AAAA,MACjD,uBAAA;AAAA,MAAyB,IAAA;AAAA,MAAM,gBAAA;AAAA,MAAkB;AAAA,KACnD,EAAG,EAAE,OAAA,EAAS,GAAA,EAAM,CAAA;AAEpB,IAAA,OAAO,uBAAA,CAAwB,MAAA,CAAO,IAAA,EAAM,CAAA;AAAA,EAC9C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAIA,SAAS,oBAAA,GAA+B;AACtC,EAAA,OAAO,WAAA,CAAY,EAAE,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAC7C;AAEA,SAAS,sBAAsB,QAAA,EAA0B;AACvD,EAAA,OAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,QAAQ,CAAA,CAAE,OAAO,WAAW,CAAA;AACjE;AAEA,SAAS,aAAA,GAAwB;AAC/B,EAAA,OAAO,WAAA,CAAY,EAAE,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AACvC;AAIA,SAAS,WAAW,MAAA,EAAwB;AAC1C,EAAA,OAAO,OACJ,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA,CACrB,OAAA,CAAQ,MAAM,MAAM,CAAA,CACpB,QAAQ,IAAA,EAAM,MAAM,EACpB,OAAA,CAAQ,IAAA,EAAM,QAAQ,CAAA,CACtB,OAAA,CAAQ,MAAM,QAAQ,CAAA;AAC3B;AAEA,SAAS,WAAA,GAAsB;AAC7B,EAAA,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,cAAA,CAAA;AAMT;AAEA,SAAS,UAAU,OAAA,EAAyB;AAC1C,EAAA,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA,GAAA,EAIJ,UAAA,CAAW,OAAO,CAAC,CAAA;AAAA,cAAA,CAAA;AAExB;AAIO,IAAM,cAAN,MAAkB;AAAA,EACN,eAAA;AAAA,EACT,cAAA;AAAA,EAER,YAAY,KAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAA,IAAS,IAAI,eAAA,EAAgB;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,KAAA,GAA8B;AAElC,IAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,EAAuB;AAC9C,IAAA,IAAI,QAAA,IAAY,SAAS,KAAA,EAAO;AAC9B,MAAA,MAAM,YAAY,QAAA,CAAS,SAAA,uBAAgB,IAAA,EAAK,GAAI,SAAS,SAAA,GAAY,KAAA;AACzE,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAA,CAAO,KAAK,yDAAyD,CAAA;AACrE,QAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AACpD,QAAA,OAAO,QAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,MAAM,eAAe,oBAAA,EAAqB;AAC1C,IAAA,MAAM,aAAA,GAAgB,sBAAsB,YAAY,CAAA;AACxD,IAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,IAAA,MAAM,EAAE,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,KAAK,mBAAA,EAAoB;AACxD,IAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AAEtB,IAAA,MAAM,WAAA,GAAc,CAAA,OAAA,EAAU,SAAS,CAAA,CAAA,EAAI,IAAI,CAAA,SAAA,CAAA;AAE/C,IAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,aAAa,CAAA;AACrC,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAA,EAAQ,MAAM,CAAA;AACvC,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,SAAS,CAAA;AAC/C,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAChD,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,WAAW,CAAA;AACpD,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACvC,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACxD,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACxD,IAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AAEvC,IAAA,MAAA,CAAO,KAAK,wCAAwC,CAAA;AAEpD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,OAAO,MAAM,CAAA;AACtC,MAAA,MAAM,UAAA,CAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,CAAA;AAAA,IAC7C,CAAA,CAAA,MAAQ;AACN,MAAA,IAAA,CAAK,UAAA,EAAW;AAChB,MAAA,MAAM,IAAI,mBAAA,CAAoB,WAAA,EAAa,kCAAkC,CAAA;AAAA,IAC/E;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,eAAA,CAAgB,KAAK,CAAA;AAC7C,MAAA,MAAM,aAAa,MAAM,IAAA,CAAK,qBAAqB,IAAA,EAAM,YAAA,EAAc,aAAa,KAAK,CAAA;AAEzF,MAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,WAAA,EAAa,UAAU,CAAA;AACtD,MAAA,MAAA,CAAO,KAAK,+BAA+B,CAAA;AAE3C,MAAA,OAAO,UAAA;AAAA,IACT,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,UAAA,EAAW;AAAA,IAClB;AAAA,EACF;AAAA,EAEA,MAAM,MAAA,GAAwB;AAC5B,IAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,MAAA,CAAO,WAAW,CAAA;AAC7C,IAAA,MAAA,CAAO,KAAK,wBAAwB,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,UAAA,GAA+B;AACnC,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,mBAAA,EAAoB;AAClD,IAAA,OAAO,UAAA,KAAe,MAAA;AAAA,EACxB;AAAA,EAEA,MAAM,SAAA,GAAmG;AACvG,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,UAAA,EAAW;AACvC,IAAA,IAAI,CAAC,QAAA,EAAU,OAAO,EAAE,UAAU,KAAA,EAAM;AAExC,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,eAAA,CAAgB,IAAI,WAAW,CAAA;AAC7D,IAAA,IAAI,CAAC,UAAA,EAAY,OAAO,EAAE,UAAU,KAAA,EAAM;AAE1C,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,IAAA;AAAA,MACV,GAAI,WAAW,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,UAAA,CAAW,KAAA,EAAM,GAAI,EAAC;AAAA,MACpE,GAAI,WAAW,IAAA,KAAS,MAAA,GAAY,EAAE,IAAA,EAAM,UAAA,CAAW,IAAA,EAAK,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,mBAAA,GAAwD;AAC5D,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,eAAA,CAAgB,IAAI,WAAW,CAAA;AAC3D,IAAA,IAAI,QAAA,EAAU,MAAA,KAAW,cAAA,IAAkB,QAAA,CAAS,KAAA,EAAO;AACzD,MAAA,MAAMA,aAAY,QAAA,CAAS,SAAA,uBAAgB,IAAA,EAAK,GAAI,SAAS,SAAA,GAAY,KAAA;AACzE,MAAA,IAAI,CAACA,UAAAA,EAAW;AACd,QAAA,OAAO,QAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,EAAuB;AAC9C,IAAA,IAAI,CAAC,UAAU,KAAA,EAAO;AACpB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,YAAY,QAAA,CAAS,SAAA,uBAAgB,IAAA,EAAK,GAAI,SAAS,SAAA,GAAY,KAAA;AACzE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AACpD,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA,EAIQ,mBAAA,GAAiE;AACvE,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,MAAA,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,SAAA,EAAW,MAAM;AAChC,QAAA,MAAM,OAAA,GAAU,OAAO,OAAA,EAAQ;AAC/B,QAAA,IAAI,OAAA,KAAY,IAAA,IAAQ,OAAO,OAAA,KAAY,QAAA,EAAU;AACnD,UAAA,MAAA,CAAO,KAAA,EAAM;AACb,UAAA,MAAA,CAAO,IAAI,KAAA,CAAM,gCAAgC,CAAC,CAAA;AAClD,UAAA;AAAA,QACF;AACA,QAAA,OAAA,CAAQ,EAAE,IAAA,EAAM,OAAA,CAAQ,IAAA,EAAM,QAAQ,CAAA;AAAA,MACxC,CAAC,CAAA;AACD,MAAA,MAAA,CAAO,EAAA,CAAG,SAAS,MAAM,CAAA;AAAA,IAC3B,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,gBAAgB,aAAA,EAAwC;AAC9D,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,MAAM,SAAS,IAAA,CAAK,cAAA;AACpB,MAAA,IAAI,WAAW,MAAA,EAAW;AACxB,QAAA,MAAA,CAAO,IAAI,mBAAA,CAAoB,WAAA,EAAa,6BAA6B,CAAC,CAAA;AAC1E,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,WAAW,MAAM;AAC/B,QAAA,MAAA,CAAO,IAAI,mBAAA,CAAoB,WAAA,EAAa,iBAAiB,CAAC,CAAA;AAAA,MAChE,GAAG,mBAAmB,CAAA;AAEtB,MAAA,MAAA,CAAO,EAAA,CAAG,SAAA,EAAW,CAAC,GAAA,EAAsB,GAAA,KAAwB;AAClE,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,GAAA,CAAI,OAAO,GAAA,EAAK,CAAA,OAAA,EAAU,SAAS,CAAA,CAAE,CAAA;AAChE,QAAA,IAAI,UAAA,CAAW,aAAa,WAAA,EAAa;AACvC,UAAA,GAAA,CAAI,UAAU,GAAG,CAAA;AACjB,UAAA,GAAA,CAAI,IAAI,WAAW,CAAA;AACnB,UAAA;AAAA,QACF;AAEA,QAAA,YAAA,CAAa,OAAO,CAAA;AAEpB,QAAA,MAAM,IAAA,GAAO,UAAA,CAAW,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AAC/C,QAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACjD,QAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAEjD,QAAA,IAAI,KAAA,EAAO;AACT,UAAA,GAAA,CAAI,SAAA,CAAU,GAAA,EAAK,EAAE,cAAA,EAAgB,aAAa,CAAA;AAClD,UAAA,GAAA,CAAI,GAAA,CAAI,SAAA,CAAU,CAAA,aAAA,EAAgB,KAAK,EAAE,CAAC,CAAA;AAC1C,UAAA,MAAA,CAAO,IAAI,mBAAA,CAAoB,WAAA,EAAa,CAAA,aAAA,EAAgB,KAAK,EAAE,CAAC,CAAA;AACpE,UAAA;AAAA,QACF;AAEA,QAAA,IAAI,UAAU,aAAA,EAAe;AAC3B,UAAA,GAAA,CAAI,SAAA,CAAU,GAAA,EAAK,EAAE,cAAA,EAAgB,aAAa,CAAA;AAClD,UAAA,GAAA,CAAI,GAAA,CAAI,SAAA,CAAU,gBAAgB,CAAC,CAAA;AACnC,UAAA,MAAA,CAAO,IAAI,mBAAA,CAAoB,WAAA,EAAa,sBAAsB,CAAC,CAAA;AACnE,UAAA;AAAA,QACF;AAEA,QAAA,IAAI,CAAC,IAAA,EAAM;AACT,UAAA,GAAA,CAAI,SAAA,CAAU,GAAA,EAAK,EAAE,cAAA,EAAgB,aAAa,CAAA;AAClD,UAAA,GAAA,CAAI,GAAA,CAAI,SAAA,CAAU,4BAA4B,CAAC,CAAA;AAC/C,UAAA,MAAA,CAAO,IAAI,mBAAA,CAAoB,WAAA,EAAa,gCAAgC,CAAC,CAAA;AAC7E,UAAA;AAAA,QACF;AAEA,QAAA,GAAA,CAAI,SAAA,CAAU,GAAA,EAAK,EAAE,cAAA,EAAgB,aAAa,CAAA;AAClD,QAAA,GAAA,CAAI,GAAA,CAAI,aAAa,CAAA;AACrB,QAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,MACd,CAAC,CAAA;AAAA,IACH,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,MAAc,oBAAA,CACZ,IAAA,EACA,YAAA,EACA,aACA,KAAA,EACsB;AACtB,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd,SAAA,EAAW,SAAA;AAAA,MACX,aAAA,EAAe,YAAA;AAAA,MACf;AAAA,KACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,EAAW;AAAA,MACtC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,MAAA,MAAM,IAAI,oBAAoB,WAAA,EAAa,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE,CAAA;AAAA,IAChG;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAQlC,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,MAAM,IAAI,mBAAA,CAAoB,WAAA,EAAa,yCAAyC,CAAA;AAAA,IACtF;AAEA,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,UAAA,GACnB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA,GAC5C,MAAA;AAEJ,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,WAAA;AAAA,MACV,MAAA,EAAQ,cAAA;AAAA,MACR,OAAO,IAAA,CAAK,YAAA;AAAA,MACZ,GAAI,KAAK,aAAA,KAAkB,MAAA,GAAY,EAAE,YAAA,EAAc,IAAA,CAAK,aAAA,EAAc,GAAI,EAAC;AAAA,MAC/E,GAAI,SAAA,KAAc,MAAA,GAAY,EAAE,SAAA,KAAc,EAAC;AAAA,MAC/C,GAAI,KAAK,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,IAAA,CAAK,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,KAAK,IAAA,KAAS,MAAA,GAAY,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAK,GAAI;AAAC,KACvD;AAAA,EACF;AAAA,EAEQ,UAAA,GAAmB;AACzB,IAAA,IAAI,IAAA,CAAK,mBAAmB,MAAA,EAAW;AACrC,MAAA,IAAA,CAAK,eAAe,KAAA,EAAM;AAC1B,MAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AAAA,IACxB;AAAA,EACF;AACF","file":"claude-login-5WELXPKT.js","sourcesContent":["/**\n * Claude Code OAuth 2.0 + PKCE login\n * Uses the same client ID as the official Claude Code CLI.\n * After login, stores tokens in our credential store AND writes to macOS Keychain\n * so credentials are shared with the official Claude Code CLI.\n */\n\nimport { createServer, type Server, type IncomingMessage, type ServerResponse } from \"node:http\";\nimport { randomBytes, createHash } from \"node:crypto\";\nimport { execFile } from \"node:child_process\";\nimport { promisify } from \"node:util\";\nimport { URL } from \"node:url\";\nimport type { ICredential } from \"../../types/index.js\";\nimport { AuthenticationError } from \"../../types/index.js\";\nimport { CredentialStore } from \"../credential-store.js\";\nimport { logger } from \"../../utils/index.js\";\n\nconst execFileAsync = promisify(execFile);\n\n// ── Claude Code OAuth Config (same as official Claude Code CLI) ─────────\n\nconst CLIENT_ID = \"9d1c250a-e61b-44d9-88ed-5944d1962f5e\";\nconst AUTHORIZE_URL = \"https://claude.ai/oauth/authorize\";\nconst TOKEN_URL = \"https://platform.claude.com/v1/oauth/token\";\nconst SCOPE = \"user:inference\";\nconst CALLBACK_TIMEOUT_MS = 300_000;\nconst LOCALHOST = \"localhost\";\n\n// ── Also try reading from official Claude Code CLI's keychain ───────────\n\nconst KEYCHAIN_SERVICE = \"Claude Code-credentials\";\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === \"object\" && value !== null;\n}\n\nfunction asString(value: unknown): string | undefined {\n  return typeof value === \"string\" && value.length > 0 ? value : undefined;\n}\n\nfunction asDate(value: unknown): Date | undefined {\n  if (value instanceof Date) {\n    return Number.isNaN(value.getTime()) ? undefined : value;\n  }\n\n  if (typeof value === \"number\" && Number.isFinite(value)) {\n    const millis = value > 10_000_000_000 ? value : value * 1000;\n    const date = new Date(millis);\n    return Number.isNaN(date.getTime()) ? undefined : date;\n  }\n\n  if (typeof value === \"string\" && value.length > 0) {\n    const numeric = Number(value);\n    if (Number.isFinite(numeric) && value.trim() !== \"\") {\n      return asDate(numeric);\n    }\n\n    const parsed = new Date(value);\n    return Number.isNaN(parsed.getTime()) ? undefined : parsed;\n  }\n\n  return undefined;\n}\n\nfunction parseKeychainCredential(raw: string): ICredential | undefined {\n  if (raw.length === 0) {\n    return undefined;\n  }\n\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(raw) as unknown;\n  } catch {\n    return undefined;\n  }\n\n  if (!isRecord(parsed)) {\n    return undefined;\n  }\n\n  const directPayload = parsed;\n  const nestedPayload = isRecord(parsed[\"claudeAiOauth\"])\n    ? parsed[\"claudeAiOauth\"]\n    : undefined;\n  const payloads = nestedPayload ? [nestedPayload, directPayload] : [directPayload];\n\n  for (const payload of payloads) {\n    const accessToken = asString(payload[\"accessToken\"]) ?? asString(payload[\"access_token\"]);\n    if (!accessToken) {\n      continue;\n    }\n\n    const refreshToken = asString(payload[\"refreshToken\"]) ?? asString(payload[\"refresh_token\"]);\n    const expiresAt = asDate(payload[\"expiresAt\"] ?? payload[\"expires_at\"]);\n    const email = asString(payload[\"email\"]);\n    const plan = asString(payload[\"plan\"])\n      ?? asString(payload[\"subscriptionType\"])\n      ?? asString(payload[\"subscription_type\"])\n      ?? asString(payload[\"rateLimitTier\"])\n      ?? asString(payload[\"rate_limit_tier\"]);\n\n    return {\n      provider: \"anthropic\",\n      method: \"native_login\",\n      token: accessToken,\n      ...(refreshToken !== undefined ? { refreshToken } : {}),\n      ...(expiresAt !== undefined ? { expiresAt } : {}),\n      ...(email !== undefined ? { email } : {}),\n      ...(plan !== undefined ? { plan } : {}),\n    };\n  }\n\n  return undefined;\n}\n\nasync function readKeychainCredential(): Promise<ICredential | undefined> {\n  if (process.platform !== \"darwin\") return undefined;\n\n  try {\n    const { stdout } = await execFileAsync(\"security\", [\n      \"find-generic-password\", \"-s\", KEYCHAIN_SERVICE, \"-w\",\n    ], { timeout: 5000 });\n\n    return parseKeychainCredential(stdout.trim());\n  } catch {\n    return undefined;\n  }\n}\n\n// ── PKCE Helpers ────────────────────────────────────────────────────────\n\nfunction generateCodeVerifier(): string {\n  return randomBytes(32).toString(\"base64url\");\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n  return createHash(\"sha256\").update(verifier).digest(\"base64url\");\n}\n\nfunction generateState(): string {\n  return randomBytes(16).toString(\"hex\");\n}\n\n// ── HTML Responses ──────────────────────────────────────────────────────\n\nfunction escapeHtml(unsafe: string): string {\n  return unsafe\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/'/g, \"&#039;\");\n}\n\nfunction successHtml(): string {\n  return `<!DOCTYPE html>\n<html><head><title>AemeathCLI — Login Successful</title></head>\n<body style=\"font-family:system-ui;text-align:center;padding:40px\">\n<h1>Login Successful</h1>\n<p>You can close this window and return to your terminal.</p>\n</body></html>`;\n}\n\nfunction errorHtml(message: string): string {\n  return `<!DOCTYPE html>\n<html><head><title>AemeathCLI — Login Failed</title></head>\n<body style=\"font-family:system-ui;text-align:center;padding:40px\">\n<h1>Login Failed</h1>\n<p>${escapeHtml(message)}</p>\n</body></html>`;\n}\n\n// ── ClaudeLogin Class ───────────────────────────────────────────────────\n\nexport class ClaudeLogin {\n  private readonly credentialStore: CredentialStore;\n  private callbackServer: Server | undefined;\n\n  constructor(store?: CredentialStore) {\n    this.credentialStore = store ?? new CredentialStore();\n  }\n\n  /**\n   * Run browser-based OAuth 2.0 + PKCE login using the same client ID\n   * as the official Claude Code CLI. Browser opens automatically.\n   */\n  async login(): Promise<ICredential> {\n    // First try importing existing credentials from Claude Code's keychain\n    const existing = await readKeychainCredential();\n    if (existing && existing.token) {\n      const isExpired = existing.expiresAt ? new Date() > existing.expiresAt : false;\n      if (!isExpired) {\n        logger.info(\"Imported existing Claude Code credentials from keychain\");\n        await this.credentialStore.set(\"anthropic\", existing);\n        return existing;\n      }\n    }\n\n    // Run the OAuth flow — browser opens automatically\n    const codeVerifier = generateCodeVerifier();\n    const codeChallenge = generateCodeChallenge(codeVerifier);\n    const state = generateState();\n\n    const { port, server } = await this.startCallbackServer();\n    this.callbackServer = server;\n\n    const redirectUri = `http://${LOCALHOST}:${port}/callback`;\n\n    const authUrl = new URL(AUTHORIZE_URL);\n    authUrl.searchParams.set(\"code\", \"true\");\n    authUrl.searchParams.set(\"client_id\", CLIENT_ID);\n    authUrl.searchParams.set(\"response_type\", \"code\");\n    authUrl.searchParams.set(\"redirect_uri\", redirectUri);\n    authUrl.searchParams.set(\"scope\", SCOPE);\n    authUrl.searchParams.set(\"code_challenge\", codeChallenge);\n    authUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n    authUrl.searchParams.set(\"state\", state);\n\n    logger.info(\"Opening browser for Claude OAuth login\");\n\n    try {\n      const openModule = await import(\"open\");\n      await openModule.default(authUrl.toString());\n    } catch {\n      this.stopServer();\n      throw new AuthenticationError(\"anthropic\", \"Failed to open browser for login\");\n    }\n\n    try {\n      const code = await this.waitForCallback(state);\n      const credential = await this.exchangeCodeForToken(code, codeVerifier, redirectUri, state);\n\n      await this.credentialStore.set(\"anthropic\", credential);\n      logger.info(\"Claude OAuth login successful\");\n\n      return credential;\n    } finally {\n      this.stopServer();\n    }\n  }\n\n  async logout(): Promise<void> {\n    await this.credentialStore.delete(\"anthropic\");\n    logger.info(\"Claude session revoked\");\n  }\n\n  async isLoggedIn(): Promise<boolean> {\n    const credential = await this.getCachedCredential();\n    return credential !== undefined;\n  }\n\n  async getStatus(): Promise<{ loggedIn: boolean; email?: string | undefined; plan?: string | undefined }> {\n    const loggedIn = await this.isLoggedIn();\n    if (!loggedIn) return { loggedIn: false };\n\n    const credential = await this.credentialStore.get(\"anthropic\");\n    if (!credential) return { loggedIn: false };\n\n    return {\n      loggedIn: true,\n      ...(credential.email !== undefined ? { email: credential.email } : {}),\n      ...(credential.plan !== undefined ? { plan: credential.plan } : {}),\n    };\n  }\n\n  async getCachedCredential(): Promise<ICredential | undefined> {\n    const existing = await this.credentialStore.get(\"anthropic\");\n    if (existing?.method === \"native_login\" && existing.token) {\n      const isExpired = existing.expiresAt ? new Date() > existing.expiresAt : false;\n      if (!isExpired) {\n        return existing;\n      }\n    }\n\n    const keychain = await readKeychainCredential();\n    if (!keychain?.token) {\n      return undefined;\n    }\n\n    const isExpired = keychain.expiresAt ? new Date() > keychain.expiresAt : false;\n    if (isExpired) {\n      return undefined;\n    }\n\n    await this.credentialStore.set(\"anthropic\", keychain);\n    return keychain;\n  }\n\n  // ── Internal ──────────────────────────────────────────────────────────\n\n  private startCallbackServer(): Promise<{ port: number; server: Server }> {\n    return new Promise((resolve, reject) => {\n      const server = createServer();\n      server.listen(0, LOCALHOST, () => {\n        const address = server.address();\n        if (address === null || typeof address === \"string\") {\n          server.close();\n          reject(new Error(\"Failed to bind callback server\"));\n          return;\n        }\n        resolve({ port: address.port, server });\n      });\n      server.on(\"error\", reject);\n    });\n  }\n\n  private waitForCallback(expectedState: string): Promise<string> {\n    return new Promise((resolve, reject) => {\n      const server = this.callbackServer;\n      if (server === undefined) {\n        reject(new AuthenticationError(\"anthropic\", \"Callback server not started\"));\n        return;\n      }\n\n      const timeout = setTimeout(() => {\n        reject(new AuthenticationError(\"anthropic\", \"Login timed out\"));\n      }, CALLBACK_TIMEOUT_MS);\n\n      server.on(\"request\", (req: IncomingMessage, res: ServerResponse) => {\n        const requestUrl = new URL(req.url ?? \"/\", `http://${LOCALHOST}`);\n        if (requestUrl.pathname !== \"/callback\") {\n          res.writeHead(404);\n          res.end(\"Not found\");\n          return;\n        }\n\n        clearTimeout(timeout);\n\n        const code = requestUrl.searchParams.get(\"code\");\n        const state = requestUrl.searchParams.get(\"state\");\n        const error = requestUrl.searchParams.get(\"error\");\n\n        if (error) {\n          res.writeHead(400, { \"Content-Type\": \"text/html\" });\n          res.end(errorHtml(`OAuth error: ${error}`));\n          reject(new AuthenticationError(\"anthropic\", `OAuth error: ${error}`));\n          return;\n        }\n\n        if (state !== expectedState) {\n          res.writeHead(400, { \"Content-Type\": \"text/html\" });\n          res.end(errorHtml(\"State mismatch\"));\n          reject(new AuthenticationError(\"anthropic\", \"OAuth state mismatch\"));\n          return;\n        }\n\n        if (!code) {\n          res.writeHead(400, { \"Content-Type\": \"text/html\" });\n          res.end(errorHtml(\"Missing authorization code\"));\n          reject(new AuthenticationError(\"anthropic\", \"No authorization code received\"));\n          return;\n        }\n\n        res.writeHead(200, { \"Content-Type\": \"text/html\" });\n        res.end(successHtml());\n        resolve(code);\n      });\n    });\n  }\n\n  private async exchangeCodeForToken(\n    code: string,\n    codeVerifier: string,\n    redirectUri: string,\n    state: string,\n  ): Promise<ICredential> {\n    const body = {\n      grant_type: \"authorization_code\",\n      code,\n      redirect_uri: redirectUri,\n      client_id: CLIENT_ID,\n      code_verifier: codeVerifier,\n      state,\n    };\n\n    const response = await fetch(TOKEN_URL, {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n      },\n      body: JSON.stringify(body),\n    });\n\n    if (!response.ok) {\n      const text = await response.text();\n      throw new AuthenticationError(\"anthropic\", `Token exchange failed: ${response.status} ${text}`);\n    }\n\n    const data = (await response.json()) as {\n      access_token?: string;\n      refresh_token?: string;\n      expires_in?: number;\n      email?: string;\n      plan?: string;\n    };\n\n    if (!data.access_token) {\n      throw new AuthenticationError(\"anthropic\", \"Token exchange returned no access_token\");\n    }\n\n    const expiresAt = data.expires_in\n      ? new Date(Date.now() + data.expires_in * 1000)\n      : undefined;\n\n    return {\n      provider: \"anthropic\",\n      method: \"native_login\",\n      token: data.access_token,\n      ...(data.refresh_token !== undefined ? { refreshToken: data.refresh_token } : {}),\n      ...(expiresAt !== undefined ? { expiresAt } : {}),\n      ...(data.email !== undefined ? { email: data.email } : {}),\n      ...(data.plan !== undefined ? { plan: data.plan } : {}),\n    };\n  }\n\n  private stopServer(): void {\n    if (this.callbackServer !== undefined) {\n      this.callbackServer.close();\n      this.callbackServer = undefined;\n    }\n  }\n}\n"]}

package/dist/cli.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node