agent-insights 0.0.10 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +219 -60
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +6 -0
- package/dist/index.js +142 -44
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -136,16 +136,15 @@ var claudeCodeAdapter = {
|
|
|
136
136
|
const path = resolveClaudePath(repoRoot, scope);
|
|
137
137
|
const settings = await readJson(path);
|
|
138
138
|
const next = { ...settings ?? {} };
|
|
139
|
-
const hooks = {
|
|
139
|
+
const hooks = {};
|
|
140
|
+
for (const [event, raw] of Object.entries(next.hooks ?? {})) {
|
|
141
|
+
hooks[event] = normalizeEventHooks(raw);
|
|
142
|
+
}
|
|
140
143
|
for (const event of CLAUDE_HOOK_EVENTS) {
|
|
141
|
-
const
|
|
142
|
-
|
|
144
|
+
const withoutInsights = removeAgentInsightsMatchers(
|
|
145
|
+
hooks[event] ?? []
|
|
143
146
|
);
|
|
144
|
-
|
|
145
|
-
type: "command",
|
|
146
|
-
command: `${HOOK_COMMAND_NAME} hook ${event}`
|
|
147
|
-
});
|
|
148
|
-
hooks[event] = existing;
|
|
147
|
+
hooks[event] = addAgentInsightsHook(withoutInsights, event);
|
|
149
148
|
}
|
|
150
149
|
next.hooks = hooks;
|
|
151
150
|
await mkdir(dirname(path), { recursive: true });
|
|
@@ -157,18 +156,16 @@ var claudeCodeAdapter = {
|
|
|
157
156
|
const path = resolveClaudePath(repoRoot, scope);
|
|
158
157
|
const settings = await readJson(path);
|
|
159
158
|
if (!settings?.hooks) return { removed: false, path };
|
|
160
|
-
const hooks = {
|
|
159
|
+
const hooks = {};
|
|
161
160
|
let touched = false;
|
|
162
|
-
for (const [event,
|
|
163
|
-
const
|
|
164
|
-
|
|
165
|
-
);
|
|
166
|
-
if (
|
|
167
|
-
|
|
168
|
-
delete hooks[event];
|
|
169
|
-
} else {
|
|
170
|
-
hooks[event] = filtered;
|
|
161
|
+
for (const [event, raw] of Object.entries(settings.hooks)) {
|
|
162
|
+
const before = normalizeEventHooks(raw);
|
|
163
|
+
const after = removeAgentInsightsMatchers(before);
|
|
164
|
+
if (after.length !== before.length) touched = true;
|
|
165
|
+
else if (JSON.stringify(after) !== JSON.stringify(before)) {
|
|
166
|
+
touched = true;
|
|
171
167
|
}
|
|
168
|
+
if (after.length > 0) hooks[event] = after;
|
|
172
169
|
}
|
|
173
170
|
settings.hooks = hooks;
|
|
174
171
|
await writeFile(path, `${JSON.stringify(settings, null, 2)}
|
|
@@ -181,7 +178,9 @@ var claudeCodeAdapter = {
|
|
|
181
178
|
);
|
|
182
179
|
if (!settings?.hooks) return false;
|
|
183
180
|
return Object.values(settings.hooks).some(
|
|
184
|
-
(
|
|
181
|
+
(raw) => normalizeEventHooks(raw).some(
|
|
182
|
+
(group) => group.hooks.some((h) => isAgentInsightsCommand(h.command))
|
|
183
|
+
)
|
|
185
184
|
);
|
|
186
185
|
}
|
|
187
186
|
};
|
|
@@ -192,6 +191,59 @@ function isAgentInsightsCommand(cmd) {
|
|
|
192
191
|
if (!cmd) return false;
|
|
193
192
|
return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);
|
|
194
193
|
}
|
|
194
|
+
function isHookCommand(value) {
|
|
195
|
+
if (!value || typeof value !== "object") return false;
|
|
196
|
+
const entry = value;
|
|
197
|
+
return entry.type === "command" && typeof entry.command === "string";
|
|
198
|
+
}
|
|
199
|
+
function normalizeEventHooks(raw) {
|
|
200
|
+
const groups = [];
|
|
201
|
+
for (const entry of raw) {
|
|
202
|
+
if (!entry || typeof entry !== "object") continue;
|
|
203
|
+
const record = entry;
|
|
204
|
+
if (Array.isArray(record.hooks)) {
|
|
205
|
+
const commands = record.hooks.filter(isHookCommand);
|
|
206
|
+
if (commands.length === 0) continue;
|
|
207
|
+
groups.push({
|
|
208
|
+
matcher: typeof record.matcher === "string" ? record.matcher : "",
|
|
209
|
+
hooks: commands
|
|
210
|
+
});
|
|
211
|
+
continue;
|
|
212
|
+
}
|
|
213
|
+
if (isHookCommand(record)) {
|
|
214
|
+
groups.push({
|
|
215
|
+
matcher: "",
|
|
216
|
+
hooks: [record]
|
|
217
|
+
});
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
return groups;
|
|
221
|
+
}
|
|
222
|
+
function removeAgentInsightsMatchers(matchers) {
|
|
223
|
+
const result = [];
|
|
224
|
+
for (const group of matchers) {
|
|
225
|
+
const hooks = group.hooks.filter(
|
|
226
|
+
(h) => !isAgentInsightsCommand(h.command)
|
|
227
|
+
);
|
|
228
|
+
if (hooks.length > 0) {
|
|
229
|
+
result.push({ ...group, hooks });
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
return result;
|
|
233
|
+
}
|
|
234
|
+
function addAgentInsightsHook(matchers, event) {
|
|
235
|
+
const command = `${HOOK_COMMAND_NAME} hook ${event}`;
|
|
236
|
+
const entry = { type: "command", command };
|
|
237
|
+
for (const group of matchers) {
|
|
238
|
+
if (group.matcher === "") {
|
|
239
|
+
if (!group.hooks.some((h) => h.command === command)) {
|
|
240
|
+
group.hooks.push(entry);
|
|
241
|
+
}
|
|
242
|
+
return matchers;
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
return [...matchers, { matcher: "", hooks: [entry] }];
|
|
246
|
+
}
|
|
195
247
|
async function readJson(path) {
|
|
196
248
|
try {
|
|
197
249
|
const raw = await readFile(path, "utf8");
|
|
@@ -334,6 +386,12 @@ function getAdapter(id) {
|
|
|
334
386
|
import { mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
|
|
335
387
|
import { dirname as dirname3 } from "path";
|
|
336
388
|
|
|
389
|
+
// src/config/analyzer.ts
|
|
390
|
+
var DEFAULT_ANALYZER_URL = "https://agent-insights.labs.vercel.dev";
|
|
391
|
+
function getAnalyzerUrl() {
|
|
392
|
+
return process.env.AGENT_INSIGHTS_ANALYZER_URL || DEFAULT_ANALYZER_URL;
|
|
393
|
+
}
|
|
394
|
+
|
|
337
395
|
// src/config/paths.ts
|
|
338
396
|
import { homedir as homedir3 } from "os";
|
|
339
397
|
import { join as join3 } from "path";
|
|
@@ -346,6 +404,9 @@ function configFile() {
|
|
|
346
404
|
function authFile() {
|
|
347
405
|
return join3(configRoot(), "auth.json");
|
|
348
406
|
}
|
|
407
|
+
function bypassSecretFile() {
|
|
408
|
+
return join3(configRoot(), "bypass-secret");
|
|
409
|
+
}
|
|
349
410
|
function sessionCacheDir() {
|
|
350
411
|
return join3(configRoot(), "session-cache");
|
|
351
412
|
}
|
|
@@ -382,7 +443,7 @@ function defaultConfig() {
|
|
|
382
443
|
},
|
|
383
444
|
sessionAnalysis: {
|
|
384
445
|
enabled: false,
|
|
385
|
-
analyzerUrl:
|
|
446
|
+
analyzerUrl: getAnalyzerUrl(),
|
|
386
447
|
githubIssueRepo: "vercel-labs/agent-insights"
|
|
387
448
|
},
|
|
388
449
|
agents: {
|
|
@@ -441,7 +502,7 @@ function mergeConfig(base, patch) {
|
|
|
441
502
|
}
|
|
442
503
|
|
|
443
504
|
// src/transcript/store.ts
|
|
444
|
-
import { readFile as
|
|
505
|
+
import { readFile as readFile6 } from "fs/promises";
|
|
445
506
|
import { put } from "@vercel/blob";
|
|
446
507
|
|
|
447
508
|
// src/auth/store.ts
|
|
@@ -504,9 +565,9 @@ async function saveAuth(state) {
|
|
|
504
565
|
}
|
|
505
566
|
}
|
|
506
567
|
async function clearAuth() {
|
|
507
|
-
const { unlink } = await import("fs/promises");
|
|
568
|
+
const { unlink: unlink2 } = await import("fs/promises");
|
|
508
569
|
try {
|
|
509
|
-
await
|
|
570
|
+
await unlink2(authFile());
|
|
510
571
|
} catch (err) {
|
|
511
572
|
if (err.code !== "ENOENT") throw err;
|
|
512
573
|
}
|
|
@@ -525,7 +586,8 @@ async function getValidToken() {
|
|
|
525
586
|
const refreshed = {
|
|
526
587
|
accessToken: tokens.access_token,
|
|
527
588
|
refreshToken: tokens.refresh_token ?? auth.refreshToken,
|
|
528
|
-
expiresAt: Date.now() + tokens.expires_in * 1e3
|
|
589
|
+
expiresAt: Date.now() + tokens.expires_in * 1e3,
|
|
590
|
+
...auth.email ? { email: auth.email } : {}
|
|
529
591
|
};
|
|
530
592
|
await saveAuth(refreshed);
|
|
531
593
|
return refreshed.accessToken;
|
|
@@ -535,6 +597,28 @@ async function getValidToken() {
|
|
|
535
597
|
}
|
|
536
598
|
}
|
|
537
599
|
|
|
600
|
+
// src/config/bypass.ts
|
|
601
|
+
import { chmod as chmod2, mkdir as mkdir5, readFile as readFile5, unlink, writeFile as writeFile5 } from "fs/promises";
|
|
602
|
+
import { dirname as dirname5 } from "path";
|
|
603
|
+
async function loadBypassSecret() {
|
|
604
|
+
const fromEnv = process.env.AGENT_INSIGHTS_BYPASS_SECRET || process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
|
|
605
|
+
if (fromEnv) return fromEnv;
|
|
606
|
+
try {
|
|
607
|
+
const raw = (await readFile5(bypassSecretFile(), "utf8")).trim();
|
|
608
|
+
return raw || void 0;
|
|
609
|
+
} catch (err) {
|
|
610
|
+
if (err.code === "ENOENT") return void 0;
|
|
611
|
+
throw err;
|
|
612
|
+
}
|
|
613
|
+
}
|
|
614
|
+
async function withBypassHeader(headers) {
|
|
615
|
+
const secret = await loadBypassSecret();
|
|
616
|
+
if (secret) {
|
|
617
|
+
headers["x-vercel-protection-bypass"] = secret;
|
|
618
|
+
}
|
|
619
|
+
return headers;
|
|
620
|
+
}
|
|
621
|
+
|
|
538
622
|
// src/transcript/store.ts
|
|
539
623
|
var NoopTranscriptStore = class {
|
|
540
624
|
async upload() {
|
|
@@ -552,7 +636,7 @@ var BlobTranscriptStore = class {
|
|
|
552
636
|
token;
|
|
553
637
|
prefix;
|
|
554
638
|
async upload(input) {
|
|
555
|
-
const body = await
|
|
639
|
+
const body = await readFile6(input.transcriptPath);
|
|
556
640
|
const requestedPath = buildPathname(
|
|
557
641
|
this.prefix,
|
|
558
642
|
input.userHash,
|
|
@@ -583,19 +667,17 @@ var AnalyzerTranscriptStore = class {
|
|
|
583
667
|
"transcript store: not logged in \u2014 run `agent-insights login`"
|
|
584
668
|
);
|
|
585
669
|
}
|
|
586
|
-
const body = await
|
|
670
|
+
const body = await readFile6(input.transcriptPath);
|
|
587
671
|
const url = new URL("/api/sessions/upload", this.analyzerUrl).toString();
|
|
588
|
-
const
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
"x-user-hash": input.userHash
|
|
596
|
-
},
|
|
597
|
-
body
|
|
672
|
+
const headers = await withBypassHeader({
|
|
673
|
+
authorization: `Bearer ${token}`,
|
|
674
|
+
"content-type": "application/jsonl",
|
|
675
|
+
"x-session-id": input.sessionId,
|
|
676
|
+
"x-agent": input.agent,
|
|
677
|
+
"x-user-hash": input.userHash,
|
|
678
|
+
...input.userEmail ? { "x-user-email": input.userEmail } : {}
|
|
598
679
|
});
|
|
680
|
+
const res = await fetch(url, { method: "POST", headers, body });
|
|
599
681
|
if (!res.ok) {
|
|
600
682
|
const text = await res.text().catch(() => "");
|
|
601
683
|
throw new Error(
|
|
@@ -613,27 +695,43 @@ var AnalyzerTranscriptStore = class {
|
|
|
613
695
|
};
|
|
614
696
|
}
|
|
615
697
|
async ping() {
|
|
616
|
-
|
|
698
|
+
const token = await getValidToken();
|
|
699
|
+
if (!token) {
|
|
617
700
|
return {
|
|
618
701
|
ok: false,
|
|
619
|
-
reason: "
|
|
702
|
+
reason: "not logged in \u2014 run `agent-insights login`"
|
|
620
703
|
};
|
|
621
704
|
}
|
|
622
|
-
|
|
623
|
-
|
|
705
|
+
try {
|
|
706
|
+
const url = new URL("/api/sessions/upload", this.analyzerUrl).toString();
|
|
707
|
+
const headers = await withBypassHeader({
|
|
708
|
+
authorization: `Bearer ${token}`
|
|
709
|
+
});
|
|
710
|
+
const res = await fetch(url, { method: "POST", headers });
|
|
711
|
+
if (res.status === 400) return { ok: true };
|
|
712
|
+
if (res.status === 401 || res.status === 403) {
|
|
713
|
+
const ct = res.headers.get("content-type") ?? "";
|
|
714
|
+
if (ct.includes("text/html")) {
|
|
715
|
+
return {
|
|
716
|
+
ok: false,
|
|
717
|
+
reason: "blocked by Vercel deployment protection \u2014 set a bypass secret via `agent-insights init --bypass-secret <secret>`"
|
|
718
|
+
};
|
|
719
|
+
}
|
|
720
|
+
return { ok: false, reason: `analyzer rejected token (${res.status})` };
|
|
721
|
+
}
|
|
722
|
+
return { ok: false, reason: `unexpected status ${res.status}` };
|
|
723
|
+
} catch (err) {
|
|
624
724
|
return {
|
|
625
725
|
ok: false,
|
|
626
|
-
reason:
|
|
726
|
+
reason: `analyzer unreachable: ${err.message}`
|
|
627
727
|
};
|
|
628
728
|
}
|
|
629
|
-
return { ok: true };
|
|
630
729
|
}
|
|
631
730
|
};
|
|
632
731
|
function createTranscriptStore(cfg) {
|
|
633
732
|
if (cfg.type === "none") return new NoopTranscriptStore();
|
|
634
733
|
if (cfg.type === "analyzer") {
|
|
635
|
-
|
|
636
|
-
return new AnalyzerTranscriptStore(analyzerUrl);
|
|
734
|
+
return new AnalyzerTranscriptStore(getAnalyzerUrl());
|
|
637
735
|
}
|
|
638
736
|
const token = process.env[cfg.tokenEnv];
|
|
639
737
|
if (!token) {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/privacy/hash.ts","../src/privacy/sanitize.ts","../src/adapters/claude-code.ts","../src/adapters/cursor.ts","../src/adapters/registry.ts","../src/config/config.ts","../src/config/paths.ts","../src/transcript/store.ts","../src/auth/store.ts","../src/auth/oauth.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\n/**\n * Stable SHA-256 hash of a value, hex-encoded.\n *\n * Used to anonymize usernames, repo remote URLs, workspace paths, and\n * session identifiers before they leave the machine.\n */\nexport function sha256(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n/** Short prefix of `sha256(value)` for human-readable dashboards. */\nexport function shortHash(value: string, length = 12): string {\n return sha256(value).slice(0, length);\n}\n","/**\n * Keys that must never appear in any payload that leaves the machine.\n *\n * Matching is case-insensitive and snake_case/camelCase agnostic — we strip a\n * key if its normalized form equals one of these values.\n */\nconst FORBIDDEN_KEYS: ReadonlySet<string> = new Set([\n \"prompt\",\n \"prompts\",\n \"message\",\n \"messages\",\n \"content\",\n \"text\",\n \"transcript\",\n \"toolinput\",\n \"input\",\n \"arguments\",\n \"args\",\n \"params\",\n \"file\",\n \"filecontent\",\n \"filecontents\",\n \"diff\",\n \"patch\",\n \"secret\",\n \"secrets\",\n \"token\",\n \"apikey\",\n \"authorization\",\n \"password\",\n \"credentials\",\n]);\n\nconst MAX_STRING_LENGTH = 256;\n\n/** Allowed primitive value types in sanitized metadata. */\nexport type SanitizedPrimitive = string | number | boolean | null;\n\nfunction normalizeKey(key: string): string {\n return key.toLowerCase().replace(/[_\\-\\s]/g, \"\");\n}\n\nfunction truncate(value: string): string {\n if (value.length <= MAX_STRING_LENGTH) return value;\n return `${value.slice(0, MAX_STRING_LENGTH)}…[truncated]`;\n}\n\nfunction sanitizePrimitive(value: unknown): SanitizedPrimitive | undefined {\n if (value === null) return null;\n switch (typeof value) {\n case \"string\":\n return truncate(value);\n case \"number\":\n return Number.isFinite(value) ? value : null;\n case \"boolean\":\n return value;\n default:\n return undefined;\n }\n}\n\n/**\n * Recursively remove forbidden keys from an arbitrary payload.\n *\n * Returned shape:\n * - Objects keep allowed primitive fields (truncated to {@link MAX_STRING_LENGTH}).\n * - Arrays keep allowed primitive elements; nested objects/arrays are recursed.\n * - Non-primitive, non-container values (functions, symbols, Buffers, …) are dropped.\n */\nexport function sanitize(input: unknown): unknown {\n return sanitizeInner(input);\n}\n\nfunction sanitizeInner(value: unknown): unknown {\n if (Array.isArray(value)) {\n const out: unknown[] = [];\n for (const item of value) {\n const sanitizedItem = sanitizeInner(item);\n if (sanitizedItem !== undefined) {\n out.push(sanitizedItem);\n }\n }\n return out;\n }\n\n if (value && typeof value === \"object\") {\n const out: Record<string, unknown> = {};\n for (const [rawKey, rawValue] of Object.entries(value)) {\n if (FORBIDDEN_KEYS.has(normalizeKey(rawKey))) {\n continue;\n }\n if (rawValue && typeof rawValue === \"object\") {\n out[rawKey] = sanitizeInner(rawValue);\n } else {\n const primitive = sanitizePrimitive(rawValue);\n if (primitive !== undefined) {\n out[rawKey] = primitive;\n }\n }\n }\n return out;\n }\n\n return sanitizePrimitive(value);\n}\n\nexport const __testing = { FORBIDDEN_KEYS, normalizeKey };\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\nconst HOOK_MAP: Record<string, AgentEventType> = {\n SessionStart: \"session.start\",\n SessionEnd: \"session.end\",\n UserPromptSubmit: \"user.prompt.submit\",\n PreToolUse: \"tool.start\",\n PostToolUse: \"tool.end\",\n PostToolUseFailure: \"tool.failure\",\n PermissionRequest: \"permission.request\",\n PermissionDenied: \"permission.denied\",\n SubagentStart: \"subagent.start\",\n SubagentStop: \"subagent.end\",\n Stop: \"agent.stop\",\n Notification: \"notification\",\n PreCompact: \"context.compact.start\",\n PostCompact: \"context.compact.end\",\n};\n\nexport const CLAUDE_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype ClaudeHookEntry = {\n type: \"command\";\n command: string;\n};\n\ntype ClaudeSettings = {\n hooks?: Record<string, ClaudeHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const claudeCodeAdapter: Adapter = {\n id: \"claude-code\",\n agent: \"claude-code\",\n label: \"Claude Code\",\n settingsFile: \".claude/settings.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n const sessionId =\n asString(data[\"session_id\"]) ?? asString(data[\"sessionId\"]);\n const toolName =\n asString(data[\"tool_name\"]) ??\n asString(data[\"toolName\"]) ??\n asString((data[\"tool\"] as Record<string, unknown> | undefined)?.[\"name\"]);\n const transcriptPath =\n asString(data[\"transcript_path\"]) ?? asString(data[\"transcriptPath\"]);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n const next: ClaudeSettings = { ...(settings ?? {}) };\n const hooks: Record<string, ClaudeHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CLAUDE_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({\n type: \"command\",\n command: `${HOOK_COMMAND_NAME} hook ${event}`,\n });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<ClaudeSettings>(\n resolveClaudePath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveClaudePath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".claude\", \"settings.json\")\n : join(repoRoot, \".claude\", \"settings.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\n/**\n * Cursor native hook names (camelCase) → common schema. Reference:\n * https://cursor.com/docs/hooks\n */\nconst HOOK_MAP: Record<string, AgentEventType> = {\n sessionStart: \"session.start\",\n sessionEnd: \"session.end\",\n beforeSubmitPrompt: \"user.prompt.submit\",\n preToolUse: \"tool.start\",\n postToolUse: \"tool.end\",\n postToolUseFailure: \"tool.failure\",\n subagentStart: \"subagent.start\",\n subagentStop: \"subagent.end\",\n stop: \"agent.stop\",\n preCompact: \"context.compact.start\",\n // Additional events — mapped to existing schema types\n beforeShellExecution: \"tool.start\",\n afterShellExecution: \"tool.end\",\n afterFileEdit: \"tool.end\",\n workspaceOpen: \"session.start\",\n};\n\nexport const CURSOR_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype CursorHookEntry = {\n command: string;\n};\n\ntype CursorHooksConfig = {\n /** Cursor expects schema version 1 at the top level. */\n version?: number;\n hooks?: Record<string, CursorHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const cursorAdapter: Adapter = {\n id: \"cursor\",\n agent: \"cursor\",\n label: \"Cursor\",\n settingsFile: \".cursor/hooks.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n // Cursor uses `session_id` in payloads and is identical to `conversation_id`.\n const sessionId =\n asString(data[\"session_id\"]) ??\n asString(data[\"sessionId\"]) ??\n asString(data[\"conversation_id\"]);\n const toolName = asString(data[\"tool_name\"]) ?? asString(data[\"toolName\"]);\n\n // transcript_path is confirmed in all Cursor hook payloads.\n const transcriptPath =\n asString(data[\"transcript_path\"]) ??\n asString(data[\"transcriptPath\"]) ??\n asString(process.env.CURSOR_TRANSCRIPT_PATH);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n const next: CursorHooksConfig = {\n version: 1,\n ...(settings ?? {}),\n };\n const hooks: Record<string, CursorHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CURSOR_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({ command: `${HOOK_COMMAND_NAME} hook ${event}` });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<CursorHooksConfig>(\n resolveCursorPath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveCursorPath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".cursor\", \"hooks.json\")\n : join(repoRoot, \".cursor\", \"hooks.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { claudeCodeAdapter } from \"./claude-code.js\";\nimport { cursorAdapter } from \"./cursor.js\";\nimport type { Adapter, AgentId } from \"./types.js\";\n\nexport const adapters: Record<AgentId, Adapter> = {\n \"claude-code\": claudeCodeAdapter,\n cursor: cursorAdapter,\n};\n\nexport const adapterList: ReadonlyArray<Adapter> = Object.values(adapters);\n\nexport function getAdapter(id: AgentId): Adapter {\n return adapters[id];\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { configFile, logsDir, sessionCacheDir } from \"./paths.js\";\n\nexport type ExporterConfig = {\n type: \"otlp\";\n endpoint: string;\n headers: Record<string, string>;\n dataset: string;\n};\n\nexport type HooksScope = \"global\" | \"local\";\n\nexport type TranscriptStoreConfig =\n | {\n /** Upload via analyzer API using AGENT_INSIGHTS_API_KEY (preferred). */\n type: \"analyzer\";\n }\n | {\n /** Direct upload with a Blob RW token (legacy / advanced). */\n type: \"blob\";\n tokenEnv: string;\n prefix: string;\n }\n | {\n type: \"none\";\n };\n\nexport type SessionAnalysisConfig = {\n /** Server-side enablement; user opts in via `userConsent.sessionAnalysis`. */\n enabled: boolean;\n /** Analyzer endpoint base URL. CLI POSTs to `${analyzerUrl}/api/sessions`. */\n analyzerUrl: string;\n /** GitHub repo for pre-filled new-issue URLs (display only; constructed by analyzer). */\n githubIssueRepo: string;\n};\n\nexport type AgentConfig = {\n enabled: boolean;\n};\n\nexport type AgentInsightsConfig = {\n version: 1;\n enabled: boolean;\n /** Where agent hook entries are written. Default `global` (user home). */\n hooksScope: HooksScope;\n vercel: {\n team: string;\n project: string;\n };\n userConsent: {\n eventTelemetry: boolean;\n transcriptSync: boolean;\n sessionAnalysis: boolean;\n };\n exporter: ExporterConfig;\n transcriptStore: TranscriptStoreConfig;\n sessionAnalysis: SessionAnalysisConfig;\n agents: Record<\"claudeCode\" | \"cursor\", AgentConfig>;\n privacy: {\n capturePrompts: false;\n captureMessages: false;\n captureToolInputs: false;\n captureFileContents: false;\n };\n};\n\nexport function defaultConfig(): AgentInsightsConfig {\n return {\n version: 1,\n enabled: true,\n hooksScope: \"global\",\n vercel: {\n team: \"vercel-labs\",\n project: \"agent-insights\",\n },\n userConsent: {\n eventTelemetry: false,\n transcriptSync: false,\n sessionAnalysis: false,\n },\n exporter: {\n type: \"otlp\",\n endpoint: process.env.AGENT_INSIGHTS_OTEL_ENDPOINT ?? \"\",\n headers: {},\n dataset: \"agent-insights\",\n },\n transcriptStore: {\n // Upload via the analyzer using the SiwV bearer token — no client-side\n // Blob token required. Set `transcriptStore.type` to \"blob\" in\n // config.json to switch to direct uploads with BLOB_READ_WRITE_TOKEN.\n type: \"analyzer\",\n },\n sessionAnalysis: {\n enabled: false,\n analyzerUrl: process.env.AGENT_INSIGHTS_ANALYZER_URL ?? \"\",\n githubIssueRepo: \"vercel-labs/agent-insights\",\n },\n agents: {\n claudeCode: { enabled: false },\n cursor: { enabled: false },\n },\n privacy: {\n capturePrompts: false,\n captureMessages: false,\n captureToolInputs: false,\n captureFileContents: false,\n },\n };\n}\n\nexport async function loadConfig(): Promise<AgentInsightsConfig | undefined> {\n try {\n const raw = await readFile(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AgentInsightsConfig>;\n return mergeConfig(defaultConfig(), parsed);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveConfig(cfg: AgentInsightsConfig): Promise<void> {\n await ensureDirs();\n await writeFile(configFile(), `${JSON.stringify(cfg, null, 2)}\\n`, \"utf8\");\n}\n\nexport async function ensureDirs(): Promise<void> {\n await mkdir(dirname(configFile()), { recursive: true });\n await mkdir(sessionCacheDir(), { recursive: true });\n await mkdir(logsDir(), { recursive: true });\n}\n\nfunction mergeConfig(\n base: AgentInsightsConfig,\n patch: Partial<AgentInsightsConfig>,\n): AgentInsightsConfig {\n return {\n ...base,\n ...patch,\n vercel: { ...base.vercel, ...(patch.vercel ?? {}) },\n userConsent: { ...base.userConsent, ...(patch.userConsent ?? {}) },\n exporter: { ...base.exporter, ...(patch.exporter ?? {}) },\n transcriptStore: (patch.transcriptStore ??\n base.transcriptStore) as TranscriptStoreConfig,\n sessionAnalysis: {\n ...base.sessionAnalysis,\n ...(patch.sessionAnalysis ?? {}),\n },\n agents: {\n claudeCode: {\n ...base.agents.claudeCode,\n ...(patch.agents?.claudeCode ?? {}),\n },\n cursor: { ...base.agents.cursor, ...(patch.agents?.cursor ?? {}) },\n },\n privacy: base.privacy,\n };\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\n/** Root directory for agent-insights state. Honors `AGENT_INSIGHTS_HOME`. */\nexport function configRoot(): string {\n return process.env.AGENT_INSIGHTS_HOME ?? join(homedir(), \".agent-insights\");\n}\n\nexport function configFile(): string {\n return join(configRoot(), \"config.json\");\n}\n\n/** API key storage (`chmod 600`). Not checked into git. */\nexport function credentialsFile(): string {\n return join(configRoot(), \"credentials.json\");\n}\n\n/** OAuth token storage (`chmod 600`). Not checked into git. */\nexport function authFile(): string {\n return join(configRoot(), \"auth.json\");\n}\n\nexport function sessionCacheDir(): string {\n return join(configRoot(), \"session-cache\");\n}\n\nexport function logsDir(): string {\n return join(configRoot(), \"logs\");\n}\n\nexport const CLAUDE_SETTINGS_FILE = \".claude/settings.json\";\nexport const CURSOR_HOOKS_FILE = \".cursor/hooks.json\";\n\n/** User-level Claude Code settings (hooks apply in every repo). */\nexport function claudeUserSettingsPath(): string {\n return join(homedir(), \".claude\", \"settings.json\");\n}\n\n/** User-level Cursor hooks (hooks apply in every project). */\nexport function cursorUserHooksPath(): string {\n return join(homedir(), \".cursor\", \"hooks.json\");\n}\n","import { readFile } from \"node:fs/promises\";\nimport { put } from \"@vercel/blob\";\nimport { getValidToken } from \"../auth/store.js\";\nimport type { TranscriptStoreConfig } from \"../config/config.js\";\n\nexport type TranscriptUploadInput = {\n /** Absolute path on disk to the transcript file. */\n transcriptPath: string;\n /** SHA256-hashed user identifier. Used in the upload pathname. */\n userHash: string;\n /** Session identifier supplied by the agent. */\n sessionId: string;\n /** Agent name (e.g. \"claude-code\"). */\n agent: string;\n};\n\nexport type TranscriptUploadResult = {\n pathname: string;\n url: string;\n size: number;\n};\n\nexport interface TranscriptStore {\n upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult>;\n /** Lightweight health check used by `doctor`. */\n ping(): Promise<{ ok: true } | { ok: false; reason: string }>;\n}\n\nclass NoopTranscriptStore implements TranscriptStore {\n async upload(): Promise<TranscriptUploadResult> {\n throw new Error(\"transcript store disabled (transcriptStore.type=none)\");\n }\n async ping(): Promise<{ ok: false; reason: string }> {\n return { ok: false, reason: \"transcript store disabled\" };\n }\n}\n\nclass BlobTranscriptStore implements TranscriptStore {\n constructor(\n private readonly token: string,\n private readonly prefix: string,\n ) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const body = await readFile(input.transcriptPath);\n const requestedPath = buildPathname(\n this.prefix,\n input.userHash,\n input.sessionId,\n );\n const blob = await put(requestedPath, body, {\n access: \"private\",\n token: this.token,\n contentType: \"application/jsonl\",\n addRandomSuffix: true,\n });\n return { pathname: blob.pathname, url: blob.url, size: body.byteLength };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.token) return { ok: false, reason: \"missing token\" };\n return { ok: true };\n }\n}\n\n/**\n * Uploads transcripts via the analyzer's POST /api/sessions/upload endpoint\n * using the Sign-in-with-Vercel bearer token. The analyzer then proxies the\n * write to Vercel Blob with its own server-side credentials, so this client\n * does not need a Blob read/write token.\n */\nclass AnalyzerTranscriptStore implements TranscriptStore {\n constructor(private readonly analyzerUrl: string) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const token = await getValidToken();\n if (!token) {\n throw new Error(\n \"transcript store: not logged in — run `agent-insights login`\",\n );\n }\n const body = await readFile(input.transcriptPath);\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const res = await fetch(url, {\n method: \"POST\",\n headers: {\n authorization: `Bearer ${token}`,\n \"content-type\": \"application/jsonl\",\n \"x-session-id\": input.sessionId,\n \"x-agent\": input.agent,\n \"x-user-hash\": input.userHash,\n },\n body,\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `transcript upload failed (${res.status}): ${text || res.statusText}`,\n );\n }\n const json = (await res.json()) as {\n ok: boolean;\n blobUrl?: string;\n pathname?: string;\n size?: number;\n error?: string;\n };\n if (!json.ok || !json.blobUrl || !json.pathname) {\n throw new Error(`transcript upload error: ${json.error ?? \"unknown\"}`);\n }\n return {\n pathname: json.pathname,\n url: json.blobUrl,\n size: json.size ?? body.byteLength,\n };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.analyzerUrl) {\n return {\n ok: false,\n reason: \"analyzer URL not set (AGENT_INSIGHTS_ANALYZER_URL)\",\n };\n }\n const token = await getValidToken();\n if (!token) {\n return {\n ok: false,\n reason: \"not logged in — run `agent-insights login`\",\n };\n }\n return { ok: true };\n }\n}\n\nexport function createTranscriptStore(\n cfg: TranscriptStoreConfig,\n): TranscriptStore {\n if (cfg.type === \"none\") return new NoopTranscriptStore();\n if (cfg.type === \"analyzer\") {\n const analyzerUrl = process.env.AGENT_INSIGHTS_ANALYZER_URL ?? \"\";\n return new AnalyzerTranscriptStore(analyzerUrl);\n }\n // type === \"blob\"\n const token = process.env[cfg.tokenEnv];\n if (!token) {\n throw new Error(\n `transcript store: env ${cfg.tokenEnv} is not set — run \\`agent-insights init --force\\` to switch to analyzer-proxied uploads (no token required), or \\`vercel env pull .env.local\\` to keep direct Blob uploads`,\n );\n }\n return new BlobTranscriptStore(token, cfg.prefix);\n}\n\nfunction buildPathname(\n prefix: string,\n userHash: string,\n sessionId: string,\n): string {\n const safePrefix = prefix.endsWith(\"/\") ? prefix : `${prefix}/`;\n const safeSession = encodeURIComponent(sessionId);\n return `${safePrefix}${userHash}/${safeSession}/transcript.jsonl`;\n}\n","import { chmod, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { mkdir } from \"node:fs/promises\";\nimport { authFile } from \"../config/paths.js\";\nimport { refreshAccessToken } from \"./oauth.js\";\n\nexport type AuthState = {\n accessToken: string;\n refreshToken?: string;\n /** Unix epoch milliseconds when the access token expires. */\n expiresAt: number;\n};\n\n/** How many ms before expiry we proactively refresh. */\nconst REFRESH_BUFFER_MS = 60_000;\n\nexport async function loadAuth(): Promise<AuthState | undefined> {\n try {\n const raw = await readFile(authFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AuthState>;\n if (typeof parsed.accessToken === \"string\" && parsed.accessToken.length > 0) {\n return parsed as AuthState;\n }\n return undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveAuth(state: AuthState): Promise<void> {\n const path = authFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(state, null, 2)}\\n`, {\n encoding: \"utf8\",\n mode: 0o600,\n });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows doesn't support chmod — ignore\n }\n}\n\nexport async function clearAuth(): Promise<void> {\n const { unlink } = await import(\"node:fs/promises\");\n try {\n await unlink(authFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Returns a valid access token, refreshing silently if needed.\n * Returns `undefined` if not logged in or refresh fails (caller should prompt login).\n */\nexport async function getValidToken(): Promise<string | undefined> {\n const auth = await loadAuth();\n if (!auth) return undefined;\n\n const needsRefresh = Date.now() >= auth.expiresAt - REFRESH_BUFFER_MS;\n if (!needsRefresh) return auth.accessToken;\n\n if (!auth.refreshToken) {\n // Access token expired, no refresh token — clear and force re-login\n await clearAuth();\n return undefined;\n }\n\n try {\n const tokens = await refreshAccessToken(auth.refreshToken);\n const refreshed: AuthState = {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? auth.refreshToken,\n expiresAt: Date.now() + tokens.expires_in * 1000,\n };\n await saveAuth(refreshed);\n return refreshed.accessToken;\n } catch {\n // Refresh failed (revoked, expired beyond 30 days) — clear and force re-login\n await clearAuth();\n return undefined;\n }\n}\n","import { createHash, randomBytes } from \"node:crypto\";\nimport { exec } from \"node:child_process\";\nimport { createServer } from \"node:http\";\nimport { platform } from \"node:os\";\n\n// ---------------------------------------------------------------------------\n// OAuth app config — Sign-in-with-Vercel client ID (public, not a secret).\n// Override at runtime via AGENT_INSIGHTS_CLIENT_ID env var.\n// ---------------------------------------------------------------------------\nexport const CLIENT_ID =\n process.env.AGENT_INSIGHTS_CLIENT_ID ?? \"cl_TxqqNFTHcF9kEtM48LBFsYfwjhJ9T8sz\";\n\nconst AUTH_ENDPOINT = \"https://vercel.com/oauth/authorize\";\nconst TOKEN_ENDPOINT = \"https://api.vercel.com/login/oauth/token\";\nconst USERINFO_ENDPOINT = \"https://api.vercel.com/login/oauth/userinfo\";\nconst REVOKE_ENDPOINT = \"https://api.vercel.com/login/oauth/token/revoke\";\n\n// Fixed port — must match the redirect URI registered in the OAuth app.\nconst CALLBACK_PORT = 9797;\nexport const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}/callback`;\n\nconst SCOPES = \"openid email profile offline_access\";\n\nexport type TokenResponse = {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n token_type: string;\n id_token?: string;\n};\n\nexport type UserInfo = {\n sub: string;\n email: string;\n email_verified: boolean;\n name?: string;\n preferred_username?: string;\n picture?: string;\n};\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\nfunction generateCodeVerifier(): string {\n return randomBytes(48).toString(\"base64url\");\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n return createHash(\"sha256\").update(verifier).digest(\"base64url\");\n}\n\nfunction generateState(): string {\n return randomBytes(16).toString(\"hex\");\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code + PKCE flow\n// ---------------------------------------------------------------------------\n\nexport type AuthCodeResult =\n | { status: \"success\"; code: string; state: string }\n | { status: \"error\"; message: string };\n\n/**\n * Starts a localhost callback server, opens the Vercel authorization URL in\n * the browser, and waits for the redirect with the auth code.\n * Resolves (or rejects after timeout) when Vercel redirects back.\n */\nexport async function startPkceFlow(timeoutMs = 120_000): Promise<{\n code: string;\n codeVerifier: string;\n}> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const authUrl = new URL(AUTH_ENDPOINT);\n authUrl.searchParams.set(\"client_id\", CLIENT_ID);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"redirect_uri\", REDIRECT_URI);\n authUrl.searchParams.set(\"scope\", SCOPES);\n authUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n authUrl.searchParams.set(\"state\", state);\n\n const url = authUrl.toString();\n const codePromise = listenForCallback(state, timeoutMs);\n openBrowser(url);\n // Always print the URL — browser open may fail silently\n process.stderr.write(`\\nIf the browser did not open, visit:\\n ${url}\\n\\n`);\n\n const code = await codePromise;\n return { code, codeVerifier };\n}\n\nfunction listenForCallback(\n expectedState: string,\n timeoutMs: number,\n): Promise<string> {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost:${CALLBACK_PORT}`);\n if (url.pathname !== \"/callback\") {\n res.writeHead(404, { connection: \"close\" });\n res.end(\"Not found\");\n return;\n }\n\n const code = url.searchParams.get(\"code\");\n const returnedState = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n\n const html = (msg: string) =>\n `<html><body style=\"font-family:sans-serif;text-align:center;padding:80px\">` +\n `<h2>${msg}</h2><p>You can close this tab.</p></body></html>`;\n\n // Tell the browser to drop the socket so the server can shut down cleanly\n // and Node's event loop can exit once the callback returns.\n const headers = { \"content-type\": \"text/html\", connection: \"close\" };\n\n const finish = (\n next: () => void,\n body: string,\n status: number,\n ): void => {\n res.writeHead(status, headers);\n res.end(body, () => {\n clearTimeout(timer);\n server.closeAllConnections?.();\n server.close();\n next();\n });\n };\n\n if (error) {\n finish(\n () => reject(new Error(`OAuth error: ${error}`)),\n html(`Login failed: ${error}`),\n 400,\n );\n return;\n }\n\n if (returnedState !== expectedState) {\n finish(\n () => reject(new Error(\"State mismatch — possible CSRF\")),\n html(\"Invalid state parameter — please try again.\"),\n 400,\n );\n return;\n }\n\n if (!code) {\n finish(\n () => reject(new Error(\"No code in callback\")),\n html(\"No authorization code received.\"),\n 400,\n );\n return;\n }\n\n finish(\n () => resolve(code),\n html(\"✓ Logged in! You can close this tab.\"),\n 200,\n );\n });\n\n const timer = setTimeout(() => {\n server.closeAllConnections?.();\n server.close();\n reject(new Error(\"Login timed out — no response within 2 minutes.\"));\n }, timeoutMs);\n timer.unref();\n\n server.listen(CALLBACK_PORT, \"127.0.0.1\", () => {\n // Server is ready; browser will be opened by caller\n });\n\n server.on(\"error\", (err: NodeJS.ErrnoException) => {\n clearTimeout(timer);\n if (err.code === \"EADDRINUSE\") {\n reject(\n new Error(\n `Port ${CALLBACK_PORT} is already in use. Close any other agent-insights login process and try again.`,\n ),\n );\n } else {\n reject(err);\n }\n });\n });\n}\n\n// ---------------------------------------------------------------------------\n// Token exchange\n// ---------------------------------------------------------------------------\n\nexport async function exchangeCodeForToken(\n code: string,\n codeVerifier: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: CLIENT_ID,\n code,\n code_verifier: codeVerifier,\n redirect_uri: REDIRECT_URI,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token exchange failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function refreshAccessToken(\n refreshToken: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: CLIENT_ID,\n refresh_token: refreshToken,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token refresh failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function revokeToken(token: string): Promise<void> {\n await fetch(REVOKE_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({ token }),\n }).catch(() => {\n // best-effort — don't fail logout if revocation fails\n });\n}\n\nexport async function fetchUserInfo(accessToken: string): Promise<UserInfo> {\n const res = await fetch(USERINFO_ENDPOINT, {\n headers: { authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n throw new Error(`Failed to fetch user info (${res.status})`);\n }\n return res.json() as Promise<UserInfo>;\n}\n\n/** Open a URL in the system browser. Fails silently — callers always print the URL too. */\nexport function openBrowser(url: string): void {\n const os = platform();\n let cmd: string;\n if (os === \"darwin\") cmd = `open \"${url}\"`;\n else if (os === \"win32\") cmd = `start \"\" \"${url}\"`;\n else cmd = `xdg-open \"${url}\"`;\n\n // Detach + unref so the child doesn't keep the event loop alive after login.\n const child = exec(cmd);\n child.on(\"error\", () => {\n // Silently ignore — caller has already printed the URL\n });\n child.unref();\n}\n"],"mappings":";;;AAAA,SAAS,kBAAkB;AAQpB,SAAS,OAAO,OAAuB;AAC5C,SAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAChE;AAGO,SAAS,UAAU,OAAe,SAAS,IAAY;AAC5D,SAAO,OAAO,KAAK,EAAE,MAAM,GAAG,MAAM;AACtC;;;ACTA,IAAM,iBAAsC,oBAAI,IAAI;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,oBAAoB;AAK1B,SAAS,aAAa,KAAqB;AACzC,SAAO,IAAI,YAAY,EAAE,QAAQ,YAAY,EAAE;AACjD;AAEA,SAAS,SAAS,OAAuB;AACvC,MAAI,MAAM,UAAU,kBAAmB,QAAO;AAC9C,SAAO,GAAG,MAAM,MAAM,GAAG,iBAAiB,CAAC;AAC7C;AAEA,SAAS,kBAAkB,OAAgD;AACzE,MAAI,UAAU,KAAM,QAAO;AAC3B,UAAQ,OAAO,OAAO;AAAA,IACpB,KAAK;AACH,aAAO,SAAS,KAAK;AAAA,IACvB,KAAK;AACH,aAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AAAA,IAC1C,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAUO,SAAS,SAAS,OAAyB;AAChD,SAAO,cAAc,KAAK;AAC5B;AAEA,SAAS,cAAc,OAAyB;AAC9C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,MAAiB,CAAC;AACxB,eAAW,QAAQ,OAAO;AACxB,YAAM,gBAAgB,cAAc,IAAI;AACxC,UAAI,kBAAkB,QAAW;AAC/B,YAAI,KAAK,aAAa;AAAA,MACxB;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAI,eAAe,IAAI,aAAa,MAAM,CAAC,GAAG;AAC5C;AAAA,MACF;AACA,UAAI,YAAY,OAAO,aAAa,UAAU;AAC5C,YAAI,MAAM,IAAI,cAAc,QAAQ;AAAA,MACtC,OAAO;AACL,cAAM,YAAY,kBAAkB,QAAQ;AAC5C,YAAI,cAAc,QAAW;AAC3B,cAAI,MAAM,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO,kBAAkB,KAAK;AAChC;;;ACxGA,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY;AAK9B,IAAM,oBAAoB;AAE1B,IAAM,WAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,kBAAkB;AAAA,EAClB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,aAAa;AACf;AAEO,IAAM,qBAA4C,OAAO,KAAK,QAAQ;AAYtE,IAAM,oBAA6B;AAAA,EACxC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAO,SAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAC9B,UAAM,YACJ,SAAS,KAAK,YAAY,CAAC,KAAK,SAAS,KAAK,WAAW,CAAC;AAC5D,UAAM,WACJ,SAAS,KAAK,WAAW,CAAC,KAC1B,SAAS,KAAK,UAAU,CAAC,KACzB,SAAU,KAAK,MAAM,IAA4C,MAAM,CAAC;AAC1E,UAAM,iBACJ,SAAS,KAAK,iBAAiB,CAAC,KAAK,SAAS,KAAK,gBAAgB,CAAC;AAEtE,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,UAAM,OAAuB,EAAE,GAAI,YAAY,CAAC,EAAG;AACnD,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK;AAAA,QACZ,MAAM;AAAA,QACN,SAAS,GAAG,iBAAiB,SAAS,KAAK;AAAA,MAC7C,CAAC;AACD,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAM,MAAM,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAM;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAM,uBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACb,KAAK,QAAQ,GAAG,WAAW,eAAe,IAC1C,KAAK,UAAU,WAAW,eAAe;AAC/C;AAEA,SAAS,uBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAG,iBAAiB,OAAO;AACnD;AAEA,eAAe,SAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAM,SAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACjJA,SAAS,SAAAA,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,WAAAC,UAAS,QAAAC,aAAY;AAK9B,IAAMC,qBAAoB;AAM1B,IAAMC,YAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,YAAY;AAAA;AAAA,EAEZ,sBAAsB;AAAA,EACtB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,eAAe;AACjB;AAEO,IAAM,qBAA4C,OAAO,KAAKA,SAAQ;AAatE,IAAM,gBAAyB;AAAA,EACpC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAOA,UAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9B,UAAM,YACJC,UAAS,KAAK,YAAY,CAAC,KAC3BA,UAAS,KAAK,WAAW,CAAC,KAC1BA,UAAS,KAAK,iBAAiB,CAAC;AAClC,UAAM,WAAWA,UAAS,KAAK,WAAW,CAAC,KAAKA,UAAS,KAAK,UAAU,CAAC;AAGzE,UAAM,iBACJA,UAAS,KAAK,iBAAiB,CAAC,KAChCA,UAAS,KAAK,gBAAgB,CAAC,KAC/BA,UAAS,QAAQ,IAAI,sBAAsB;AAE7C,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMC,UAA4B,IAAI;AACvD,UAAM,OAA0B;AAAA,MAC9B,SAAS;AAAA,MACT,GAAI,YAAY,CAAC;AAAA,IACnB;AACA,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK,EAAE,SAAS,GAAGJ,kBAAiB,SAAS,KAAK,GAAG,CAAC;AAC/D,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAMN,OAAMI,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAMF,WAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMO,UAA4B,IAAI;AACvD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAMR,WAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAMO;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAMC,wBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACbL,MAAKF,SAAQ,GAAG,WAAW,YAAY,IACvCE,MAAK,UAAU,WAAW,YAAY;AAC5C;AAEA,SAASK,wBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAGJ,kBAAiB,OAAO;AACnD;AAEA,eAAeG,UAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMR,UAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAASO,UAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACvJO,IAAM,WAAqC;AAAA,EAChD,eAAe;AAAA,EACf,QAAQ;AACV;AAEO,IAAM,cAAsC,OAAO,OAAO,QAAQ;AAElE,SAAS,WAAW,IAAsB;AAC/C,SAAO,SAAS,EAAE;AACpB;;;ACbA,SAAS,SAAAG,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;;;ACDxB,SAAS,WAAAC,gBAAe;AACxB,SAAS,QAAAC,aAAY;AAGd,SAAS,aAAqB;AACnC,SAAO,QAAQ,IAAI,uBAAuBA,MAAKD,SAAQ,GAAG,iBAAiB;AAC7E;AAEO,SAAS,aAAqB;AACnC,SAAOC,MAAK,WAAW,GAAG,aAAa;AACzC;AAQO,SAAS,WAAmB;AACjC,SAAOC,MAAK,WAAW,GAAG,WAAW;AACvC;AAEO,SAAS,kBAA0B;AACxC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,UAAkB;AAChC,SAAOA,MAAK,WAAW,GAAG,MAAM;AAClC;;;ADuCO,SAAS,gBAAqC;AACnD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA,aAAa;AAAA,MACX,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,IACnB;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,QAAQ,IAAI,gCAAgC;AAAA,MACtD,SAAS,CAAC;AAAA,MACV,SAAS;AAAA,IACX;AAAA,IACA,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIf,MAAM;AAAA,IACR;AAAA,IACA,iBAAiB;AAAA,MACf,SAAS;AAAA,MACT,aAAa,QAAQ,IAAI,+BAA+B;AAAA,MACxD,iBAAiB;AAAA,IACnB;AAAA,IACA,QAAQ;AAAA,MACN,YAAY,EAAE,SAAS,MAAM;AAAA,MAC7B,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,mBAAmB;AAAA,MACnB,qBAAqB;AAAA,IACvB;AAAA,EACF;AACF;AAEA,eAAsB,aAAuD;AAC3E,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,WAAW,GAAG,MAAM;AAC/C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,YAAY,cAAc,GAAG,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,WAAW,KAAyC;AACxE,QAAM,WAAW;AACjB,QAAMC,WAAU,WAAW,GAAG,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAC3E;AAEA,eAAsB,aAA4B;AAChD,QAAMC,OAAMC,SAAQ,WAAW,CAAC,GAAG,EAAE,WAAW,KAAK,CAAC;AACtD,QAAMD,OAAM,gBAAgB,GAAG,EAAE,WAAW,KAAK,CAAC;AAClD,QAAMA,OAAM,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C;AAEA,SAAS,YACP,MACA,OACqB;AACrB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,IACH,QAAQ,EAAE,GAAG,KAAK,QAAQ,GAAI,MAAM,UAAU,CAAC,EAAG;AAAA,IAClD,aAAa,EAAE,GAAG,KAAK,aAAa,GAAI,MAAM,eAAe,CAAC,EAAG;AAAA,IACjE,UAAU,EAAE,GAAG,KAAK,UAAU,GAAI,MAAM,YAAY,CAAC,EAAG;AAAA,IACxD,iBAAkB,MAAM,mBACtB,KAAK;AAAA,IACP,iBAAiB;AAAA,MACf,GAAG,KAAK;AAAA,MACR,GAAI,MAAM,mBAAmB,CAAC;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,MACN,YAAY;AAAA,QACV,GAAG,KAAK,OAAO;AAAA,QACf,GAAI,MAAM,QAAQ,cAAc,CAAC;AAAA,MACnC;AAAA,MACA,QAAQ,EAAE,GAAG,KAAK,OAAO,QAAQ,GAAI,MAAM,QAAQ,UAAU,CAAC,EAAG;AAAA,IACnE;AAAA,IACA,SAAS,KAAK;AAAA,EAChB;AACF;;;AE9JA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,WAAW;;;ACDpB,SAAS,OAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,SAAAC,cAAa;;;ACFtB,SAAS,cAAAC,aAAY,mBAAmB;AACxC,SAAS,YAAY;AACrB,SAAS,oBAAoB;AAC7B,SAAS,gBAAgB;AAMlB,IAAM,YACX,QAAQ,IAAI,4BAA4B;AAG1C,IAAM,iBAAiB;AAKvB,IAAM,gBAAgB;AACf,IAAM,eAAe,oBAAoB,aAAa;AA0M7D,eAAsB,mBACpB,cACwB;AACxB,QAAM,MAAM,MAAM,MAAM,gBAAgB;AAAA,IACtC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,IAAI,EAAE;AAAA,EACjE;AACA,SAAO,IAAI,KAAK;AAClB;;;ADhOA,IAAM,oBAAoB;AAE1B,eAAsB,WAA2C;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,SAAS,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QAAI,OAAO,OAAO,gBAAgB,YAAY,OAAO,YAAY,SAAS,GAAG;AAC3E,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,SAAS,OAAiC;AAC9D,QAAM,OAAO,SAAS;AACtB,QAAMC,OAAMC,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,QAAMC,WAAU,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM;AAAA,IAC3D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,MAAI;AACF,UAAM,MAAM,MAAM,GAAK;AAAA,EACzB,QAAQ;AAAA,EAER;AACF;AAEA,eAAsB,YAA2B;AAC/C,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,aAAkB;AAClD,MAAI;AACF,UAAM,OAAO,SAAS,CAAC;AAAA,EACzB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAMA,eAAsB,gBAA6C;AACjE,QAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,KAAM,QAAO;AAElB,QAAM,eAAe,KAAK,IAAI,KAAK,KAAK,YAAY;AACpD,MAAI,CAAC,aAAc,QAAO,KAAK;AAE/B,MAAI,CAAC,KAAK,cAAc;AAEtB,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,KAAK,YAAY;AACzD,UAAM,YAAuB;AAAA,MAC3B,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO,iBAAiB,KAAK;AAAA,MAC3C,WAAW,KAAK,IAAI,IAAI,OAAO,aAAa;AAAA,IAC9C;AACA,UAAM,SAAS,SAAS;AACxB,WAAO,UAAU;AAAA,EACnB,QAAQ;AAEN,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AACF;;;ADxDA,IAAM,sBAAN,MAAqD;AAAA,EACnD,MAAM,SAA0C;AAC9C,UAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAAA,EACA,MAAM,OAA+C;AACnD,WAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B;AAAA,EAC1D;AACF;AAEA,IAAM,sBAAN,MAAqD;AAAA,EACnD,YACmB,OACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,OAAO,OAA+D;AAC1E,UAAM,OAAO,MAAMC,UAAS,MAAM,cAAc;AAChD,UAAM,gBAAgB;AAAA,MACpB,KAAK;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AACA,UAAM,OAAO,MAAM,IAAI,eAAe,MAAM;AAAA,MAC1C,QAAQ;AAAA,MACR,OAAO,KAAK;AAAA,MACZ,aAAa;AAAA,MACb,iBAAiB;AAAA,IACnB,CAAC;AACD,WAAO,EAAE,UAAU,KAAK,UAAU,KAAK,KAAK,KAAK,MAAM,KAAK,WAAW;AAAA,EACzE;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,MAAO,QAAO,EAAE,IAAI,OAAO,QAAQ,gBAAgB;AAC7D,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAQA,IAAM,0BAAN,MAAyD;AAAA,EACvD,YAA6B,aAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA,EAE7B,MAAM,OAAO,OAA+D;AAC1E,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,OAAO,MAAMA,UAAS,MAAM,cAAc;AAChD,UAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,eAAe,UAAU,KAAK;AAAA,QAC9B,gBAAgB;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,WAAW,MAAM;AAAA,QACjB,eAAe,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,YAAM,IAAI;AAAA,QACR,6BAA6B,IAAI,MAAM,MAAM,QAAQ,IAAI,UAAU;AAAA,MACrE;AAAA,IACF;AACA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAO7B,QAAI,CAAC,KAAK,MAAM,CAAC,KAAK,WAAW,CAAC,KAAK,UAAU;AAC/C,YAAM,IAAI,MAAM,4BAA4B,KAAK,SAAS,SAAS,EAAE;AAAA,IACvE;AACA,WAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,KAAK,KAAK;AAAA,MACV,MAAM,KAAK,QAAQ,KAAK;AAAA,IAC1B;AAAA,EACF;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AACA,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AACA,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAEO,SAAS,sBACd,KACiB;AACjB,MAAI,IAAI,SAAS,OAAQ,QAAO,IAAI,oBAAoB;AACxD,MAAI,IAAI,SAAS,YAAY;AAC3B,UAAM,cAAc,QAAQ,IAAI,+BAA+B;AAC/D,WAAO,IAAI,wBAAwB,WAAW;AAAA,EAChD;AAEA,QAAM,QAAQ,QAAQ,IAAI,IAAI,QAAQ;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR,yBAAyB,IAAI,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,IAAI,oBAAoB,OAAO,IAAI,MAAM;AAClD;AAEA,SAAS,cACP,QACA,UACA,WACQ;AACR,QAAM,aAAa,OAAO,SAAS,GAAG,IAAI,SAAS,GAAG,MAAM;AAC5D,QAAM,cAAc,mBAAmB,SAAS;AAChD,SAAO,GAAG,UAAU,GAAG,QAAQ,IAAI,WAAW;AAChD;","names":["mkdir","readFile","writeFile","homedir","dirname","join","HOOK_COMMAND_NAME","HOOK_MAP","asString","readJson","isAgentInsightsCommand","mkdir","readFile","writeFile","dirname","homedir","join","join","readFile","writeFile","mkdir","dirname","readFile","readFile","writeFile","dirname","mkdir","createHash","readFile","mkdir","dirname","writeFile","readFile"]}
|
|
1
|
+
{"version":3,"sources":["../src/privacy/hash.ts","../src/privacy/sanitize.ts","../src/adapters/claude-code.ts","../src/adapters/cursor.ts","../src/adapters/registry.ts","../src/config/config.ts","../src/config/analyzer.ts","../src/config/paths.ts","../src/transcript/store.ts","../src/auth/store.ts","../src/auth/oauth.ts","../src/config/bypass.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\n/**\n * Stable SHA-256 hash of a value, hex-encoded.\n *\n * Used to anonymize usernames, repo remote URLs, workspace paths, and\n * session identifiers before they leave the machine.\n */\nexport function sha256(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n/** Short prefix of `sha256(value)` for human-readable dashboards. */\nexport function shortHash(value: string, length = 12): string {\n return sha256(value).slice(0, length);\n}\n","/**\n * Keys that must never appear in any payload that leaves the machine.\n *\n * Matching is case-insensitive and snake_case/camelCase agnostic — we strip a\n * key if its normalized form equals one of these values.\n */\nconst FORBIDDEN_KEYS: ReadonlySet<string> = new Set([\n \"prompt\",\n \"prompts\",\n \"message\",\n \"messages\",\n \"content\",\n \"text\",\n \"transcript\",\n \"toolinput\",\n \"input\",\n \"arguments\",\n \"args\",\n \"params\",\n \"file\",\n \"filecontent\",\n \"filecontents\",\n \"diff\",\n \"patch\",\n \"secret\",\n \"secrets\",\n \"token\",\n \"apikey\",\n \"authorization\",\n \"password\",\n \"credentials\",\n]);\n\nconst MAX_STRING_LENGTH = 256;\n\n/** Allowed primitive value types in sanitized metadata. */\nexport type SanitizedPrimitive = string | number | boolean | null;\n\nfunction normalizeKey(key: string): string {\n return key.toLowerCase().replace(/[_\\-\\s]/g, \"\");\n}\n\nfunction truncate(value: string): string {\n if (value.length <= MAX_STRING_LENGTH) return value;\n return `${value.slice(0, MAX_STRING_LENGTH)}…[truncated]`;\n}\n\nfunction sanitizePrimitive(value: unknown): SanitizedPrimitive | undefined {\n if (value === null) return null;\n switch (typeof value) {\n case \"string\":\n return truncate(value);\n case \"number\":\n return Number.isFinite(value) ? value : null;\n case \"boolean\":\n return value;\n default:\n return undefined;\n }\n}\n\n/**\n * Recursively remove forbidden keys from an arbitrary payload.\n *\n * Returned shape:\n * - Objects keep allowed primitive fields (truncated to {@link MAX_STRING_LENGTH}).\n * - Arrays keep allowed primitive elements; nested objects/arrays are recursed.\n * - Non-primitive, non-container values (functions, symbols, Buffers, …) are dropped.\n */\nexport function sanitize(input: unknown): unknown {\n return sanitizeInner(input);\n}\n\nfunction sanitizeInner(value: unknown): unknown {\n if (Array.isArray(value)) {\n const out: unknown[] = [];\n for (const item of value) {\n const sanitizedItem = sanitizeInner(item);\n if (sanitizedItem !== undefined) {\n out.push(sanitizedItem);\n }\n }\n return out;\n }\n\n if (value && typeof value === \"object\") {\n const out: Record<string, unknown> = {};\n for (const [rawKey, rawValue] of Object.entries(value)) {\n if (FORBIDDEN_KEYS.has(normalizeKey(rawKey))) {\n continue;\n }\n if (rawValue && typeof rawValue === \"object\") {\n out[rawKey] = sanitizeInner(rawValue);\n } else {\n const primitive = sanitizePrimitive(rawValue);\n if (primitive !== undefined) {\n out[rawKey] = primitive;\n }\n }\n }\n return out;\n }\n\n return sanitizePrimitive(value);\n}\n\nexport const __testing = { FORBIDDEN_KEYS, normalizeKey };\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\nconst HOOK_MAP: Record<string, AgentEventType> = {\n SessionStart: \"session.start\",\n SessionEnd: \"session.end\",\n UserPromptSubmit: \"user.prompt.submit\",\n PreToolUse: \"tool.start\",\n PostToolUse: \"tool.end\",\n PostToolUseFailure: \"tool.failure\",\n PermissionRequest: \"permission.request\",\n PermissionDenied: \"permission.denied\",\n SubagentStart: \"subagent.start\",\n SubagentStop: \"subagent.end\",\n Stop: \"agent.stop\",\n Notification: \"notification\",\n PreCompact: \"context.compact.start\",\n PostCompact: \"context.compact.end\",\n};\n\nexport const CLAUDE_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype ClaudeHookCommand = {\n type: \"command\";\n command: string;\n};\n\n/** Claude Code 0.12+ matcher group (see code.claude.com/docs/en/hooks). */\ntype ClaudeHookMatcherGroup = {\n matcher: string;\n hooks: ClaudeHookCommand[];\n};\n\ntype ClaudeSettings = {\n hooks?: Record<string, unknown[]>;\n [key: string]: unknown;\n};\n\nexport const claudeCodeAdapter: Adapter = {\n id: \"claude-code\",\n agent: \"claude-code\",\n label: \"Claude Code\",\n settingsFile: \".claude/settings.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n const sessionId =\n asString(data[\"session_id\"]) ?? asString(data[\"sessionId\"]);\n const toolName =\n asString(data[\"tool_name\"]) ??\n asString(data[\"toolName\"]) ??\n asString((data[\"tool\"] as Record<string, unknown> | undefined)?.[\"name\"]);\n const transcriptPath =\n asString(data[\"transcript_path\"]) ?? asString(data[\"transcriptPath\"]);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n const next: ClaudeSettings = { ...(settings ?? {}) };\n const hooks: Record<string, ClaudeHookMatcherGroup[]> = {};\n\n for (const [event, raw] of Object.entries(next.hooks ?? {})) {\n hooks[event] = normalizeEventHooks(raw);\n }\n\n for (const event of CLAUDE_HOOK_EVENTS) {\n const withoutInsights = removeAgentInsightsMatchers(\n hooks[event] ?? [],\n );\n hooks[event] = addAgentInsightsHook(withoutInsights, event);\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks: Record<string, ClaudeHookMatcherGroup[]> = {};\n let touched = false;\n\n for (const [event, raw] of Object.entries(settings.hooks)) {\n const before = normalizeEventHooks(raw);\n const after = removeAgentInsightsMatchers(before);\n if (after.length !== before.length) touched = true;\n else if (JSON.stringify(after) !== JSON.stringify(before)) {\n touched = true;\n }\n if (after.length > 0) hooks[event] = after;\n }\n\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<ClaudeSettings>(\n resolveClaudePath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((raw) =>\n normalizeEventHooks(raw).some((group) =>\n group.hooks.some((h) => isAgentInsightsCommand(h.command)),\n ),\n );\n },\n};\n\nfunction resolveClaudePath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".claude\", \"settings.json\")\n : join(repoRoot, \".claude\", \"settings.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nfunction isHookCommand(value: unknown): value is ClaudeHookCommand {\n if (!value || typeof value !== \"object\") return false;\n const entry = value as Record<string, unknown>;\n return entry.type === \"command\" && typeof entry.command === \"string\";\n}\n\n/** Accept matcher groups and migrate legacy flat `{ type, command }` entries. */\nfunction normalizeEventHooks(raw: unknown[]): ClaudeHookMatcherGroup[] {\n const groups: ClaudeHookMatcherGroup[] = [];\n\n for (const entry of raw) {\n if (!entry || typeof entry !== \"object\") continue;\n const record = entry as Record<string, unknown>;\n\n if (Array.isArray(record.hooks)) {\n const commands = record.hooks.filter(isHookCommand);\n if (commands.length === 0) continue;\n groups.push({\n matcher: typeof record.matcher === \"string\" ? record.matcher : \"\",\n hooks: commands,\n });\n continue;\n }\n\n if (isHookCommand(record)) {\n groups.push({\n matcher: \"\",\n hooks: [record],\n });\n }\n }\n\n return groups;\n}\n\nfunction removeAgentInsightsMatchers(\n matchers: ClaudeHookMatcherGroup[],\n): ClaudeHookMatcherGroup[] {\n const result: ClaudeHookMatcherGroup[] = [];\n\n for (const group of matchers) {\n const hooks = group.hooks.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (hooks.length > 0) {\n result.push({ ...group, hooks });\n }\n }\n\n return result;\n}\n\nfunction addAgentInsightsHook(\n matchers: ClaudeHookMatcherGroup[],\n event: string,\n): ClaudeHookMatcherGroup[] {\n const command = `${HOOK_COMMAND_NAME} hook ${event}`;\n const entry: ClaudeHookCommand = { type: \"command\", command };\n\n for (const group of matchers) {\n if (group.matcher === \"\") {\n if (!group.hooks.some((h) => h.command === command)) {\n group.hooks.push(entry);\n }\n return matchers;\n }\n }\n\n return [...matchers, { matcher: \"\", hooks: [entry] }];\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\n/**\n * Cursor native hook names (camelCase) → common schema. Reference:\n * https://cursor.com/docs/hooks\n */\nconst HOOK_MAP: Record<string, AgentEventType> = {\n sessionStart: \"session.start\",\n sessionEnd: \"session.end\",\n beforeSubmitPrompt: \"user.prompt.submit\",\n preToolUse: \"tool.start\",\n postToolUse: \"tool.end\",\n postToolUseFailure: \"tool.failure\",\n subagentStart: \"subagent.start\",\n subagentStop: \"subagent.end\",\n stop: \"agent.stop\",\n preCompact: \"context.compact.start\",\n // Additional events — mapped to existing schema types\n beforeShellExecution: \"tool.start\",\n afterShellExecution: \"tool.end\",\n afterFileEdit: \"tool.end\",\n workspaceOpen: \"session.start\",\n};\n\nexport const CURSOR_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype CursorHookEntry = {\n command: string;\n};\n\ntype CursorHooksConfig = {\n /** Cursor expects schema version 1 at the top level. */\n version?: number;\n hooks?: Record<string, CursorHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const cursorAdapter: Adapter = {\n id: \"cursor\",\n agent: \"cursor\",\n label: \"Cursor\",\n settingsFile: \".cursor/hooks.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n // Cursor uses `session_id` in payloads and is identical to `conversation_id`.\n const sessionId =\n asString(data[\"session_id\"]) ??\n asString(data[\"sessionId\"]) ??\n asString(data[\"conversation_id\"]);\n const toolName = asString(data[\"tool_name\"]) ?? asString(data[\"toolName\"]);\n\n // transcript_path is confirmed in all Cursor hook payloads.\n const transcriptPath =\n asString(data[\"transcript_path\"]) ??\n asString(data[\"transcriptPath\"]) ??\n asString(process.env.CURSOR_TRANSCRIPT_PATH);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n const next: CursorHooksConfig = {\n version: 1,\n ...(settings ?? {}),\n };\n const hooks: Record<string, CursorHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CURSOR_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({ command: `${HOOK_COMMAND_NAME} hook ${event}` });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<CursorHooksConfig>(\n resolveCursorPath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveCursorPath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".cursor\", \"hooks.json\")\n : join(repoRoot, \".cursor\", \"hooks.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { claudeCodeAdapter } from \"./claude-code.js\";\nimport { cursorAdapter } from \"./cursor.js\";\nimport type { Adapter, AgentId } from \"./types.js\";\n\nexport const adapters: Record<AgentId, Adapter> = {\n \"claude-code\": claudeCodeAdapter,\n cursor: cursorAdapter,\n};\n\nexport const adapterList: ReadonlyArray<Adapter> = Object.values(adapters);\n\nexport function getAdapter(id: AgentId): Adapter {\n return adapters[id];\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { getAnalyzerUrl } from \"./analyzer.js\";\nimport { configFile, logsDir, sessionCacheDir } from \"./paths.js\";\n\nexport type ExporterConfig = {\n type: \"otlp\";\n endpoint: string;\n headers: Record<string, string>;\n dataset: string;\n};\n\nexport type HooksScope = \"global\" | \"local\";\n\nexport type TranscriptStoreConfig =\n | {\n /** Upload via analyzer API using AGENT_INSIGHTS_API_KEY (preferred). */\n type: \"analyzer\";\n }\n | {\n /** Direct upload with a Blob RW token (legacy / advanced). */\n type: \"blob\";\n tokenEnv: string;\n prefix: string;\n }\n | {\n type: \"none\";\n };\n\nexport type SessionAnalysisConfig = {\n /** Server-side enablement; user opts in via `userConsent.sessionAnalysis`. */\n enabled: boolean;\n /** Analyzer endpoint base URL. CLI POSTs to `${analyzerUrl}/api/sessions`. */\n analyzerUrl: string;\n /** GitHub repo for pre-filled new-issue URLs (display only; constructed by analyzer). */\n githubIssueRepo: string;\n};\n\nexport type AgentConfig = {\n enabled: boolean;\n};\n\nexport type AgentInsightsConfig = {\n version: 1;\n enabled: boolean;\n /** Where agent hook entries are written. Default `global` (user home). */\n hooksScope: HooksScope;\n vercel: {\n team: string;\n project: string;\n };\n userConsent: {\n eventTelemetry: boolean;\n transcriptSync: boolean;\n sessionAnalysis: boolean;\n };\n exporter: ExporterConfig;\n transcriptStore: TranscriptStoreConfig;\n sessionAnalysis: SessionAnalysisConfig;\n agents: Record<\"claudeCode\" | \"cursor\", AgentConfig>;\n privacy: {\n capturePrompts: false;\n captureMessages: false;\n captureToolInputs: false;\n captureFileContents: false;\n };\n};\n\nexport function defaultConfig(): AgentInsightsConfig {\n return {\n version: 1,\n enabled: true,\n hooksScope: \"global\",\n vercel: {\n team: \"vercel-labs\",\n project: \"agent-insights\",\n },\n userConsent: {\n eventTelemetry: false,\n transcriptSync: false,\n sessionAnalysis: false,\n },\n exporter: {\n type: \"otlp\",\n endpoint: process.env.AGENT_INSIGHTS_OTEL_ENDPOINT ?? \"\",\n headers: {},\n dataset: \"agent-insights\",\n },\n transcriptStore: {\n // Upload via the analyzer using the SiwV bearer token — no client-side\n // Blob token required. Set `transcriptStore.type` to \"blob\" in\n // config.json to switch to direct uploads with BLOB_READ_WRITE_TOKEN.\n type: \"analyzer\",\n },\n sessionAnalysis: {\n enabled: false,\n analyzerUrl: getAnalyzerUrl(),\n githubIssueRepo: \"vercel-labs/agent-insights\",\n },\n agents: {\n claudeCode: { enabled: false },\n cursor: { enabled: false },\n },\n privacy: {\n capturePrompts: false,\n captureMessages: false,\n captureToolInputs: false,\n captureFileContents: false,\n },\n };\n}\n\nexport async function loadConfig(): Promise<AgentInsightsConfig | undefined> {\n try {\n const raw = await readFile(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AgentInsightsConfig>;\n return mergeConfig(defaultConfig(), parsed);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveConfig(cfg: AgentInsightsConfig): Promise<void> {\n await ensureDirs();\n await writeFile(configFile(), `${JSON.stringify(cfg, null, 2)}\\n`, \"utf8\");\n}\n\nexport async function ensureDirs(): Promise<void> {\n await mkdir(dirname(configFile()), { recursive: true });\n await mkdir(sessionCacheDir(), { recursive: true });\n await mkdir(logsDir(), { recursive: true });\n}\n\nfunction mergeConfig(\n base: AgentInsightsConfig,\n patch: Partial<AgentInsightsConfig>,\n): AgentInsightsConfig {\n return {\n ...base,\n ...patch,\n vercel: { ...base.vercel, ...(patch.vercel ?? {}) },\n userConsent: { ...base.userConsent, ...(patch.userConsent ?? {}) },\n exporter: { ...base.exporter, ...(patch.exporter ?? {}) },\n transcriptStore: (patch.transcriptStore ??\n base.transcriptStore) as TranscriptStoreConfig,\n sessionAnalysis: {\n ...base.sessionAnalysis,\n ...(patch.sessionAnalysis ?? {}),\n },\n agents: {\n claudeCode: {\n ...base.agents.claudeCode,\n ...(patch.agents?.claudeCode ?? {}),\n },\n cursor: { ...base.agents.cursor, ...(patch.agents?.cursor ?? {}) },\n },\n privacy: base.privacy,\n };\n}\n","/**\n * Production analyzer deployment. Override via AGENT_INSIGHTS_ANALYZER_URL\n * for local/dev/staging analyzers.\n */\nexport const DEFAULT_ANALYZER_URL = \"https://agent-insights.labs.vercel.dev\";\n\n/** Resolve the analyzer base URL: env var if set, otherwise the prod default. */\nexport function getAnalyzerUrl(): string {\n return process.env.AGENT_INSIGHTS_ANALYZER_URL || DEFAULT_ANALYZER_URL;\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\n/** Root directory for agent-insights state. Honors `AGENT_INSIGHTS_HOME`. */\nexport function configRoot(): string {\n return process.env.AGENT_INSIGHTS_HOME ?? join(homedir(), \".agent-insights\");\n}\n\nexport function configFile(): string {\n return join(configRoot(), \"config.json\");\n}\n\n/** API key storage (`chmod 600`). Not checked into git. */\nexport function credentialsFile(): string {\n return join(configRoot(), \"credentials.json\");\n}\n\n/** OAuth token storage (`chmod 600`). Not checked into git. */\nexport function authFile(): string {\n return join(configRoot(), \"auth.json\");\n}\n\n/** Vercel deployment-protection bypass secret (`chmod 600`). */\nexport function bypassSecretFile(): string {\n return join(configRoot(), \"bypass-secret\");\n}\n\nexport function sessionCacheDir(): string {\n return join(configRoot(), \"session-cache\");\n}\n\nexport function logsDir(): string {\n return join(configRoot(), \"logs\");\n}\n\nexport const CLAUDE_SETTINGS_FILE = \".claude/settings.json\";\nexport const CURSOR_HOOKS_FILE = \".cursor/hooks.json\";\n\n/** User-level Claude Code settings (hooks apply in every repo). */\nexport function claudeUserSettingsPath(): string {\n return join(homedir(), \".claude\", \"settings.json\");\n}\n\n/** User-level Cursor hooks (hooks apply in every project). */\nexport function cursorUserHooksPath(): string {\n return join(homedir(), \".cursor\", \"hooks.json\");\n}\n","import { readFile } from \"node:fs/promises\";\nimport { put } from \"@vercel/blob\";\nimport { getValidToken } from \"../auth/store.js\";\nimport { getAnalyzerUrl } from \"../config/analyzer.js\";\nimport { withBypassHeader } from \"../config/bypass.js\";\nimport type { TranscriptStoreConfig } from \"../config/config.js\";\n\nexport type TranscriptUploadInput = {\n /** Absolute path on disk to the transcript file. */\n transcriptPath: string;\n /** SHA256-hashed user identifier. Used in the upload pathname. */\n userHash: string;\n /** Session identifier supplied by the agent. */\n sessionId: string;\n /** Agent name (e.g. \"claude-code\"). */\n agent: string;\n /**\n * Vercel email captured at `agent-insights login`. Lets the analyzer\n * join sessions to real user accounts; never logged or written into\n * the transcript itself.\n */\n userEmail?: string;\n};\n\nexport type TranscriptUploadResult = {\n pathname: string;\n url: string;\n size: number;\n};\n\nexport interface TranscriptStore {\n upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult>;\n /** Lightweight health check used by `doctor`. */\n ping(): Promise<{ ok: true } | { ok: false; reason: string }>;\n}\n\nclass NoopTranscriptStore implements TranscriptStore {\n async upload(): Promise<TranscriptUploadResult> {\n throw new Error(\"transcript store disabled (transcriptStore.type=none)\");\n }\n async ping(): Promise<{ ok: false; reason: string }> {\n return { ok: false, reason: \"transcript store disabled\" };\n }\n}\n\nclass BlobTranscriptStore implements TranscriptStore {\n constructor(\n private readonly token: string,\n private readonly prefix: string,\n ) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const body = await readFile(input.transcriptPath);\n const requestedPath = buildPathname(\n this.prefix,\n input.userHash,\n input.sessionId,\n );\n const blob = await put(requestedPath, body, {\n access: \"private\",\n token: this.token,\n contentType: \"application/jsonl\",\n addRandomSuffix: true,\n });\n return { pathname: blob.pathname, url: blob.url, size: body.byteLength };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.token) return { ok: false, reason: \"missing token\" };\n return { ok: true };\n }\n}\n\n/**\n * Uploads transcripts via the analyzer's POST /api/sessions/upload endpoint\n * using the Sign-in-with-Vercel bearer token. The analyzer then proxies the\n * write to Vercel Blob with its own server-side credentials, so this client\n * does not need a Blob read/write token.\n */\nclass AnalyzerTranscriptStore implements TranscriptStore {\n constructor(private readonly analyzerUrl: string) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const token = await getValidToken();\n if (!token) {\n throw new Error(\n \"transcript store: not logged in — run `agent-insights login`\",\n );\n }\n const body = await readFile(input.transcriptPath);\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const headers = await withBypassHeader({\n authorization: `Bearer ${token}`,\n \"content-type\": \"application/jsonl\",\n \"x-session-id\": input.sessionId,\n \"x-agent\": input.agent,\n \"x-user-hash\": input.userHash,\n ...(input.userEmail ? { \"x-user-email\": input.userEmail } : {}),\n });\n const res = await fetch(url, { method: \"POST\", headers, body });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `transcript upload failed (${res.status}): ${text || res.statusText}`,\n );\n }\n const json = (await res.json()) as {\n ok: boolean;\n blobUrl?: string;\n pathname?: string;\n size?: number;\n error?: string;\n };\n if (!json.ok || !json.blobUrl || !json.pathname) {\n throw new Error(`transcript upload error: ${json.error ?? \"unknown\"}`);\n }\n return {\n pathname: json.pathname,\n url: json.blobUrl,\n size: json.size ?? body.byteLength,\n };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n const token = await getValidToken();\n if (!token) {\n return {\n ok: false,\n reason: \"not logged in — run `agent-insights login`\",\n };\n }\n // Try the actual upload endpoint with an intentionally bad request — a\n // healthy analyzer responds 400 (missing headers); a protection wall\n // responds 401/403 with HTML; an unreachable host throws.\n try {\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const headers = await withBypassHeader({\n authorization: `Bearer ${token}`,\n });\n const res = await fetch(url, { method: \"POST\", headers });\n if (res.status === 400) return { ok: true };\n if (res.status === 401 || res.status === 403) {\n const ct = res.headers.get(\"content-type\") ?? \"\";\n if (ct.includes(\"text/html\")) {\n return {\n ok: false,\n reason:\n \"blocked by Vercel deployment protection — set a bypass secret via `agent-insights init --bypass-secret <secret>`\",\n };\n }\n return { ok: false, reason: `analyzer rejected token (${res.status})` };\n }\n return { ok: false, reason: `unexpected status ${res.status}` };\n } catch (err) {\n return {\n ok: false,\n reason: `analyzer unreachable: ${(err as Error).message}`,\n };\n }\n }\n}\n\nexport function createTranscriptStore(\n cfg: TranscriptStoreConfig,\n): TranscriptStore {\n if (cfg.type === \"none\") return new NoopTranscriptStore();\n if (cfg.type === \"analyzer\") {\n return new AnalyzerTranscriptStore(getAnalyzerUrl());\n }\n // type === \"blob\"\n const token = process.env[cfg.tokenEnv];\n if (!token) {\n throw new Error(\n `transcript store: env ${cfg.tokenEnv} is not set — run \\`agent-insights init --force\\` to switch to analyzer-proxied uploads (no token required), or \\`vercel env pull .env.local\\` to keep direct Blob uploads`,\n );\n }\n return new BlobTranscriptStore(token, cfg.prefix);\n}\n\nfunction buildPathname(\n prefix: string,\n userHash: string,\n sessionId: string,\n): string {\n const safePrefix = prefix.endsWith(\"/\") ? prefix : `${prefix}/`;\n const safeSession = encodeURIComponent(sessionId);\n return `${safePrefix}${userHash}/${safeSession}/transcript.jsonl`;\n}\n","import { chmod, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { mkdir } from \"node:fs/promises\";\nimport { authFile } from \"../config/paths.js\";\nimport { refreshAccessToken } from \"./oauth.js\";\n\nexport type AuthState = {\n accessToken: string;\n refreshToken?: string;\n /** Unix epoch milliseconds when the access token expires. */\n expiresAt: number;\n /** Captured at login for per-user analytics joins on the analyzer side. */\n email?: string;\n};\n\nexport async function loadEmail(): Promise<string | undefined> {\n return (await loadAuth())?.email;\n}\n\n/** How many ms before expiry we proactively refresh. */\nconst REFRESH_BUFFER_MS = 60_000;\n\nexport async function loadAuth(): Promise<AuthState | undefined> {\n try {\n const raw = await readFile(authFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AuthState>;\n if (typeof parsed.accessToken === \"string\" && parsed.accessToken.length > 0) {\n return parsed as AuthState;\n }\n return undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveAuth(state: AuthState): Promise<void> {\n const path = authFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(state, null, 2)}\\n`, {\n encoding: \"utf8\",\n mode: 0o600,\n });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows doesn't support chmod — ignore\n }\n}\n\nexport async function clearAuth(): Promise<void> {\n const { unlink } = await import(\"node:fs/promises\");\n try {\n await unlink(authFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Returns a valid access token, refreshing silently if needed.\n * Returns `undefined` if not logged in or refresh fails (caller should prompt login).\n */\nexport async function getValidToken(): Promise<string | undefined> {\n const auth = await loadAuth();\n if (!auth) return undefined;\n\n const needsRefresh = Date.now() >= auth.expiresAt - REFRESH_BUFFER_MS;\n if (!needsRefresh) return auth.accessToken;\n\n if (!auth.refreshToken) {\n // Access token expired, no refresh token — clear and force re-login\n await clearAuth();\n return undefined;\n }\n\n try {\n const tokens = await refreshAccessToken(auth.refreshToken);\n const refreshed: AuthState = {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? auth.refreshToken,\n expiresAt: Date.now() + tokens.expires_in * 1000,\n ...(auth.email ? { email: auth.email } : {}),\n };\n await saveAuth(refreshed);\n return refreshed.accessToken;\n } catch {\n // Refresh failed (revoked, expired beyond 30 days) — clear and force re-login\n await clearAuth();\n return undefined;\n }\n}\n","import { createHash, randomBytes } from \"node:crypto\";\nimport { exec } from \"node:child_process\";\nimport { createServer } from \"node:http\";\nimport { platform } from \"node:os\";\n\n// ---------------------------------------------------------------------------\n// OAuth app config — Sign-in-with-Vercel client ID (public, not a secret).\n// Override at runtime via AGENT_INSIGHTS_CLIENT_ID env var.\n// ---------------------------------------------------------------------------\nexport const CLIENT_ID =\n process.env.AGENT_INSIGHTS_CLIENT_ID ?? \"cl_TxqqNFTHcF9kEtM48LBFsYfwjhJ9T8sz\";\n\nconst AUTH_ENDPOINT = \"https://vercel.com/oauth/authorize\";\nconst TOKEN_ENDPOINT = \"https://api.vercel.com/login/oauth/token\";\nconst USERINFO_ENDPOINT = \"https://api.vercel.com/login/oauth/userinfo\";\nconst REVOKE_ENDPOINT = \"https://api.vercel.com/login/oauth/token/revoke\";\n\n// Fixed port — must match the redirect URI registered in the OAuth app.\nconst CALLBACK_PORT = 9797;\nexport const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}/callback`;\n\nconst SCOPES = \"openid email profile offline_access\";\n\nexport type TokenResponse = {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n token_type: string;\n id_token?: string;\n};\n\nexport type UserInfo = {\n sub: string;\n email: string;\n email_verified: boolean;\n name?: string;\n preferred_username?: string;\n picture?: string;\n};\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\nfunction generateCodeVerifier(): string {\n return randomBytes(48).toString(\"base64url\");\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n return createHash(\"sha256\").update(verifier).digest(\"base64url\");\n}\n\nfunction generateState(): string {\n return randomBytes(16).toString(\"hex\");\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code + PKCE flow\n// ---------------------------------------------------------------------------\n\nexport type AuthCodeResult =\n | { status: \"success\"; code: string; state: string }\n | { status: \"error\"; message: string };\n\n/**\n * Starts a localhost callback server, opens the Vercel authorization URL in\n * the browser, and waits for the redirect with the auth code.\n * Resolves (or rejects after timeout) when Vercel redirects back.\n */\nexport async function startPkceFlow(timeoutMs = 120_000): Promise<{\n code: string;\n codeVerifier: string;\n}> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const authUrl = new URL(AUTH_ENDPOINT);\n authUrl.searchParams.set(\"client_id\", CLIENT_ID);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"redirect_uri\", REDIRECT_URI);\n authUrl.searchParams.set(\"scope\", SCOPES);\n authUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n authUrl.searchParams.set(\"state\", state);\n\n const url = authUrl.toString();\n const codePromise = listenForCallback(state, timeoutMs);\n openBrowser(url);\n // Always print the URL — browser open may fail silently\n process.stderr.write(`\\nIf the browser did not open, visit:\\n ${url}\\n\\n`);\n\n const code = await codePromise;\n return { code, codeVerifier };\n}\n\nfunction listenForCallback(\n expectedState: string,\n timeoutMs: number,\n): Promise<string> {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost:${CALLBACK_PORT}`);\n if (url.pathname !== \"/callback\") {\n res.writeHead(404, { connection: \"close\" });\n res.end(\"Not found\");\n return;\n }\n\n const code = url.searchParams.get(\"code\");\n const returnedState = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n\n const html = (msg: string) =>\n `<html><body style=\"font-family:sans-serif;text-align:center;padding:80px\">` +\n `<h2>${msg}</h2><p>You can close this tab.</p></body></html>`;\n\n // Tell the browser to drop the socket so the server can shut down cleanly\n // and Node's event loop can exit once the callback returns.\n const headers = { \"content-type\": \"text/html\", connection: \"close\" };\n\n const finish = (\n next: () => void,\n body: string,\n status: number,\n ): void => {\n res.writeHead(status, headers);\n res.end(body, () => {\n clearTimeout(timer);\n server.closeAllConnections?.();\n server.close();\n next();\n });\n };\n\n if (error) {\n finish(\n () => reject(new Error(`OAuth error: ${error}`)),\n html(`Login failed: ${error}`),\n 400,\n );\n return;\n }\n\n if (returnedState !== expectedState) {\n finish(\n () => reject(new Error(\"State mismatch — possible CSRF\")),\n html(\"Invalid state parameter — please try again.\"),\n 400,\n );\n return;\n }\n\n if (!code) {\n finish(\n () => reject(new Error(\"No code in callback\")),\n html(\"No authorization code received.\"),\n 400,\n );\n return;\n }\n\n finish(\n () => resolve(code),\n html(\"✓ Logged in! You can close this tab.\"),\n 200,\n );\n });\n\n const timer = setTimeout(() => {\n server.closeAllConnections?.();\n server.close();\n reject(new Error(\"Login timed out — no response within 2 minutes.\"));\n }, timeoutMs);\n timer.unref();\n\n server.listen(CALLBACK_PORT, \"127.0.0.1\", () => {\n // Server is ready; browser will be opened by caller\n });\n\n server.on(\"error\", (err: NodeJS.ErrnoException) => {\n clearTimeout(timer);\n if (err.code === \"EADDRINUSE\") {\n reject(\n new Error(\n `Port ${CALLBACK_PORT} is already in use. Close any other agent-insights login process and try again.`,\n ),\n );\n } else {\n reject(err);\n }\n });\n });\n}\n\n// ---------------------------------------------------------------------------\n// Token exchange\n// ---------------------------------------------------------------------------\n\nexport async function exchangeCodeForToken(\n code: string,\n codeVerifier: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: CLIENT_ID,\n code,\n code_verifier: codeVerifier,\n redirect_uri: REDIRECT_URI,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token exchange failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function refreshAccessToken(\n refreshToken: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: CLIENT_ID,\n refresh_token: refreshToken,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token refresh failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function revokeToken(token: string): Promise<void> {\n await fetch(REVOKE_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({ token }),\n }).catch(() => {\n // best-effort — don't fail logout if revocation fails\n });\n}\n\nexport async function fetchUserInfo(accessToken: string): Promise<UserInfo> {\n const res = await fetch(USERINFO_ENDPOINT, {\n headers: { authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n throw new Error(`Failed to fetch user info (${res.status})`);\n }\n return res.json() as Promise<UserInfo>;\n}\n\n/** Open a URL in the system browser. Fails silently — callers always print the URL too. */\nexport function openBrowser(url: string): void {\n const os = platform();\n let cmd: string;\n if (os === \"darwin\") cmd = `open \"${url}\"`;\n else if (os === \"win32\") cmd = `start \"\" \"${url}\"`;\n else cmd = `xdg-open \"${url}\"`;\n\n // Detach + unref so the child doesn't keep the event loop alive after login.\n const child = exec(cmd);\n child.on(\"error\", () => {\n // Silently ignore — caller has already printed the URL\n });\n child.unref();\n}\n","import { chmod, mkdir, readFile, unlink, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { bypassSecretFile } from \"./paths.js\";\n\n/**\n * Resolve the Vercel deployment-protection bypass secret.\n * Precedence:\n * 1. `AGENT_INSIGHTS_BYPASS_SECRET` (explicit override)\n * 2. `VERCEL_AUTOMATION_BYPASS_SECRET` (Vercel's standard env)\n * 3. `~/.agent-insights/bypass-secret` (set via `agent-insights init`)\n */\nexport async function loadBypassSecret(): Promise<string | undefined> {\n const fromEnv =\n process.env.AGENT_INSIGHTS_BYPASS_SECRET ||\n process.env.VERCEL_AUTOMATION_BYPASS_SECRET;\n if (fromEnv) return fromEnv;\n\n try {\n const raw = (await readFile(bypassSecretFile(), \"utf8\")).trim();\n return raw || undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveBypassSecret(secret: string): Promise<void> {\n const path = bypassSecretFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, secret.trim(), { encoding: \"utf8\", mode: 0o600 });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows — ignore.\n }\n}\n\nexport async function clearBypassSecret(): Promise<void> {\n try {\n await unlink(bypassSecretFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Add the `x-vercel-protection-bypass` header onto an existing headers\n * object if a secret is configured. Mutates and returns the input.\n */\nexport async function withBypassHeader<T extends Record<string, string>>(\n headers: T,\n): Promise<T> {\n const secret = await loadBypassSecret();\n if (secret) {\n (headers as Record<string, string>)[\"x-vercel-protection-bypass\"] = secret;\n }\n return headers;\n}\n"],"mappings":";;;AAAA,SAAS,kBAAkB;AAQpB,SAAS,OAAO,OAAuB;AAC5C,SAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAChE;AAGO,SAAS,UAAU,OAAe,SAAS,IAAY;AAC5D,SAAO,OAAO,KAAK,EAAE,MAAM,GAAG,MAAM;AACtC;;;ACTA,IAAM,iBAAsC,oBAAI,IAAI;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,oBAAoB;AAK1B,SAAS,aAAa,KAAqB;AACzC,SAAO,IAAI,YAAY,EAAE,QAAQ,YAAY,EAAE;AACjD;AAEA,SAAS,SAAS,OAAuB;AACvC,MAAI,MAAM,UAAU,kBAAmB,QAAO;AAC9C,SAAO,GAAG,MAAM,MAAM,GAAG,iBAAiB,CAAC;AAC7C;AAEA,SAAS,kBAAkB,OAAgD;AACzE,MAAI,UAAU,KAAM,QAAO;AAC3B,UAAQ,OAAO,OAAO;AAAA,IACpB,KAAK;AACH,aAAO,SAAS,KAAK;AAAA,IACvB,KAAK;AACH,aAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AAAA,IAC1C,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAUO,SAAS,SAAS,OAAyB;AAChD,SAAO,cAAc,KAAK;AAC5B;AAEA,SAAS,cAAc,OAAyB;AAC9C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,MAAiB,CAAC;AACxB,eAAW,QAAQ,OAAO;AACxB,YAAM,gBAAgB,cAAc,IAAI;AACxC,UAAI,kBAAkB,QAAW;AAC/B,YAAI,KAAK,aAAa;AAAA,MACxB;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAI,eAAe,IAAI,aAAa,MAAM,CAAC,GAAG;AAC5C;AAAA,MACF;AACA,UAAI,YAAY,OAAO,aAAa,UAAU;AAC5C,YAAI,MAAM,IAAI,cAAc,QAAQ;AAAA,MACtC,OAAO;AACL,cAAM,YAAY,kBAAkB,QAAQ;AAC5C,YAAI,cAAc,QAAW;AAC3B,cAAI,MAAM,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO,kBAAkB,KAAK;AAChC;;;ACxGA,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY;AAK9B,IAAM,oBAAoB;AAE1B,IAAM,WAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,kBAAkB;AAAA,EAClB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,aAAa;AACf;AAEO,IAAM,qBAA4C,OAAO,KAAK,QAAQ;AAkBtE,IAAM,oBAA6B;AAAA,EACxC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAO,SAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAC9B,UAAM,YACJ,SAAS,KAAK,YAAY,CAAC,KAAK,SAAS,KAAK,WAAW,CAAC;AAC5D,UAAM,WACJ,SAAS,KAAK,WAAW,CAAC,KAC1B,SAAS,KAAK,UAAU,CAAC,KACzB,SAAU,KAAK,MAAM,IAA4C,MAAM,CAAC;AAC1E,UAAM,iBACJ,SAAS,KAAK,iBAAiB,CAAC,KAAK,SAAS,KAAK,gBAAgB,CAAC;AAEtE,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,UAAM,OAAuB,EAAE,GAAI,YAAY,CAAC,EAAG;AACnD,UAAM,QAAkD,CAAC;AAEzD,eAAW,CAAC,OAAO,GAAG,KAAK,OAAO,QAAQ,KAAK,SAAS,CAAC,CAAC,GAAG;AAC3D,YAAM,KAAK,IAAI,oBAAoB,GAAG;AAAA,IACxC;AAEA,eAAW,SAAS,oBAAoB;AACtC,YAAM,kBAAkB;AAAA,QACtB,MAAM,KAAK,KAAK,CAAC;AAAA,MACnB;AACA,YAAM,KAAK,IAAI,qBAAqB,iBAAiB,KAAK;AAAA,IAC5D;AAEA,SAAK,QAAQ;AACb,UAAM,MAAM,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAkD,CAAC;AACzD,QAAI,UAAU;AAEd,eAAW,CAAC,OAAO,GAAG,KAAK,OAAO,QAAQ,SAAS,KAAK,GAAG;AACzD,YAAM,SAAS,oBAAoB,GAAG;AACtC,YAAM,QAAQ,4BAA4B,MAAM;AAChD,UAAI,MAAM,WAAW,OAAO,OAAQ,WAAU;AAAA,eACrC,KAAK,UAAU,KAAK,MAAM,KAAK,UAAU,MAAM,GAAG;AACzD,kBAAU;AAAA,MACZ;AACA,UAAI,MAAM,SAAS,EAAG,OAAM,KAAK,IAAI;AAAA,IACvC;AAEA,aAAS,QAAQ;AACjB,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAM;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,QACzC,oBAAoB,GAAG,EAAE;AAAA,QAAK,CAAC,UAC7B,MAAM,MAAM,KAAK,CAAC,MAAM,uBAAuB,EAAE,OAAO,CAAC;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACb,KAAK,QAAQ,GAAG,WAAW,eAAe,IAC1C,KAAK,UAAU,WAAW,eAAe;AAC/C;AAEA,SAAS,uBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAG,iBAAiB,OAAO;AACnD;AAEA,SAAS,cAAc,OAA4C;AACjE,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAM,QAAQ;AACd,SAAO,MAAM,SAAS,aAAa,OAAO,MAAM,YAAY;AAC9D;AAGA,SAAS,oBAAoB,KAA0C;AACrE,QAAM,SAAmC,CAAC;AAE1C,aAAW,SAAS,KAAK;AACvB,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU;AACzC,UAAM,SAAS;AAEf,QAAI,MAAM,QAAQ,OAAO,KAAK,GAAG;AAC/B,YAAM,WAAW,OAAO,MAAM,OAAO,aAAa;AAClD,UAAI,SAAS,WAAW,EAAG;AAC3B,aAAO,KAAK;AAAA,QACV,SAAS,OAAO,OAAO,YAAY,WAAW,OAAO,UAAU;AAAA,QAC/D,OAAO;AAAA,MACT,CAAC;AACD;AAAA,IACF;AAEA,QAAI,cAAc,MAAM,GAAG;AACzB,aAAO,KAAK;AAAA,QACV,SAAS;AAAA,QACT,OAAO,CAAC,MAAM;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,4BACP,UAC0B;AAC1B,QAAM,SAAmC,CAAC;AAE1C,aAAW,SAAS,UAAU;AAC5B,UAAM,QAAQ,MAAM,MAAM;AAAA,MACxB,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,IAC1C;AACA,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,KAAK,EAAE,GAAG,OAAO,MAAM,CAAC;AAAA,IACjC;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,qBACP,UACA,OAC0B;AAC1B,QAAM,UAAU,GAAG,iBAAiB,SAAS,KAAK;AAClD,QAAM,QAA2B,EAAE,MAAM,WAAW,QAAQ;AAE5D,aAAW,SAAS,UAAU;AAC5B,QAAI,MAAM,YAAY,IAAI;AACxB,UAAI,CAAC,MAAM,MAAM,KAAK,CAAC,MAAM,EAAE,YAAY,OAAO,GAAG;AACnD,cAAM,MAAM,KAAK,KAAK;AAAA,MACxB;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,CAAC,GAAG,UAAU,EAAE,SAAS,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;AACtD;AAEA,eAAe,SAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAM,SAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;AChOA,SAAS,SAAAA,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,WAAAC,UAAS,QAAAC,aAAY;AAK9B,IAAMC,qBAAoB;AAM1B,IAAMC,YAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,YAAY;AAAA;AAAA,EAEZ,sBAAsB;AAAA,EACtB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,eAAe;AACjB;AAEO,IAAM,qBAA4C,OAAO,KAAKA,SAAQ;AAatE,IAAM,gBAAyB;AAAA,EACpC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAOA,UAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9B,UAAM,YACJC,UAAS,KAAK,YAAY,CAAC,KAC3BA,UAAS,KAAK,WAAW,CAAC,KAC1BA,UAAS,KAAK,iBAAiB,CAAC;AAClC,UAAM,WAAWA,UAAS,KAAK,WAAW,CAAC,KAAKA,UAAS,KAAK,UAAU,CAAC;AAGzE,UAAM,iBACJA,UAAS,KAAK,iBAAiB,CAAC,KAChCA,UAAS,KAAK,gBAAgB,CAAC,KAC/BA,UAAS,QAAQ,IAAI,sBAAsB;AAE7C,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMC,UAA4B,IAAI;AACvD,UAAM,OAA0B;AAAA,MAC9B,SAAS;AAAA,MACT,GAAI,YAAY,CAAC;AAAA,IACnB;AACA,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK,EAAE,SAAS,GAAGJ,kBAAiB,SAAS,KAAK,GAAG,CAAC;AAC/D,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAMN,OAAMI,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAMF,WAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMO,UAA4B,IAAI;AACvD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAMR,WAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAMO;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAMC,wBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACbL,MAAKF,SAAQ,GAAG,WAAW,YAAY,IACvCE,MAAK,UAAU,WAAW,YAAY;AAC5C;AAEA,SAASK,wBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAGJ,kBAAiB,OAAO;AACnD;AAEA,eAAeG,UAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMR,UAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAASO,UAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACvJO,IAAM,WAAqC;AAAA,EAChD,eAAe;AAAA,EACf,QAAQ;AACV;AAEO,IAAM,cAAsC,OAAO,OAAO,QAAQ;AAElE,SAAS,WAAW,IAAsB;AAC/C,SAAO,SAAS,EAAE;AACpB;;;ACbA,SAAS,SAAAG,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;;;ACGjB,IAAM,uBAAuB;AAG7B,SAAS,iBAAyB;AACvC,SAAO,QAAQ,IAAI,+BAA+B;AACpD;;;ACTA,SAAS,WAAAC,gBAAe;AACxB,SAAS,QAAAC,aAAY;AAGd,SAAS,aAAqB;AACnC,SAAO,QAAQ,IAAI,uBAAuBA,MAAKD,SAAQ,GAAG,iBAAiB;AAC7E;AAEO,SAAS,aAAqB;AACnC,SAAOC,MAAK,WAAW,GAAG,aAAa;AACzC;AAQO,SAAS,WAAmB;AACjC,SAAOC,MAAK,WAAW,GAAG,WAAW;AACvC;AAGO,SAAS,mBAA2B;AACzC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,kBAA0B;AACxC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,UAAkB;AAChC,SAAOA,MAAK,WAAW,GAAG,MAAM;AAClC;;;AFmCO,SAAS,gBAAqC;AACnD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA,aAAa;AAAA,MACX,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,IACnB;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,QAAQ,IAAI,gCAAgC;AAAA,MACtD,SAAS,CAAC;AAAA,MACV,SAAS;AAAA,IACX;AAAA,IACA,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIf,MAAM;AAAA,IACR;AAAA,IACA,iBAAiB;AAAA,MACf,SAAS;AAAA,MACT,aAAa,eAAe;AAAA,MAC5B,iBAAiB;AAAA,IACnB;AAAA,IACA,QAAQ;AAAA,MACN,YAAY,EAAE,SAAS,MAAM;AAAA,MAC7B,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,mBAAmB;AAAA,MACnB,qBAAqB;AAAA,IACvB;AAAA,EACF;AACF;AAEA,eAAsB,aAAuD;AAC3E,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,WAAW,GAAG,MAAM;AAC/C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,YAAY,cAAc,GAAG,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,WAAW,KAAyC;AACxE,QAAM,WAAW;AACjB,QAAMC,WAAU,WAAW,GAAG,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAC3E;AAEA,eAAsB,aAA4B;AAChD,QAAMC,OAAMC,SAAQ,WAAW,CAAC,GAAG,EAAE,WAAW,KAAK,CAAC;AACtD,QAAMD,OAAM,gBAAgB,GAAG,EAAE,WAAW,KAAK,CAAC;AAClD,QAAMA,OAAM,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C;AAEA,SAAS,YACP,MACA,OACqB;AACrB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,IACH,QAAQ,EAAE,GAAG,KAAK,QAAQ,GAAI,MAAM,UAAU,CAAC,EAAG;AAAA,IAClD,aAAa,EAAE,GAAG,KAAK,aAAa,GAAI,MAAM,eAAe,CAAC,EAAG;AAAA,IACjE,UAAU,EAAE,GAAG,KAAK,UAAU,GAAI,MAAM,YAAY,CAAC,EAAG;AAAA,IACxD,iBAAkB,MAAM,mBACtB,KAAK;AAAA,IACP,iBAAiB;AAAA,MACf,GAAG,KAAK;AAAA,MACR,GAAI,MAAM,mBAAmB,CAAC;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,MACN,YAAY;AAAA,QACV,GAAG,KAAK,OAAO;AAAA,QACf,GAAI,MAAM,QAAQ,cAAc,CAAC;AAAA,MACnC;AAAA,MACA,QAAQ,EAAE,GAAG,KAAK,OAAO,QAAQ,GAAI,MAAM,QAAQ,UAAU,CAAC,EAAG;AAAA,IACnE;AAAA,IACA,SAAS,KAAK;AAAA,EAChB;AACF;;;AG/JA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,WAAW;;;ACDpB,SAAS,OAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,SAAAC,cAAa;;;ACFtB,SAAS,cAAAC,aAAY,mBAAmB;AACxC,SAAS,YAAY;AACrB,SAAS,oBAAoB;AAC7B,SAAS,gBAAgB;AAMlB,IAAM,YACX,QAAQ,IAAI,4BAA4B;AAG1C,IAAM,iBAAiB;AAKvB,IAAM,gBAAgB;AACf,IAAM,eAAe,oBAAoB,aAAa;AA0M7D,eAAsB,mBACpB,cACwB;AACxB,QAAM,MAAM,MAAM,MAAM,gBAAgB;AAAA,IACtC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,IAAI,EAAE;AAAA,EACjE;AACA,SAAO,IAAI,KAAK;AAClB;;;AD1NA,IAAM,oBAAoB;AAE1B,eAAsB,WAA2C;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,SAAS,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QAAI,OAAO,OAAO,gBAAgB,YAAY,OAAO,YAAY,SAAS,GAAG;AAC3E,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,SAAS,OAAiC;AAC9D,QAAM,OAAO,SAAS;AACtB,QAAMC,OAAMC,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,QAAMC,WAAU,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM;AAAA,IAC3D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,MAAI;AACF,UAAM,MAAM,MAAM,GAAK;AAAA,EACzB,QAAQ;AAAA,EAER;AACF;AAEA,eAAsB,YAA2B;AAC/C,QAAM,EAAE,QAAAC,QAAO,IAAI,MAAM,OAAO,aAAkB;AAClD,MAAI;AACF,UAAMA,QAAO,SAAS,CAAC;AAAA,EACzB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAMA,eAAsB,gBAA6C;AACjE,QAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,KAAM,QAAO;AAElB,QAAM,eAAe,KAAK,IAAI,KAAK,KAAK,YAAY;AACpD,MAAI,CAAC,aAAc,QAAO,KAAK;AAE/B,MAAI,CAAC,KAAK,cAAc;AAEtB,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,KAAK,YAAY;AACzD,UAAM,YAAuB;AAAA,MAC3B,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO,iBAAiB,KAAK;AAAA,MAC3C,WAAW,KAAK,IAAI,IAAI,OAAO,aAAa;AAAA,MAC5C,GAAI,KAAK,QAAQ,EAAE,OAAO,KAAK,MAAM,IAAI,CAAC;AAAA,IAC5C;AACA,UAAM,SAAS,SAAS;AACxB,WAAO,UAAU;AAAA,EACnB,QAAQ;AAEN,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AACF;;;AE3FA,SAAS,SAAAC,QAAO,SAAAC,QAAO,YAAAC,WAAU,QAAQ,aAAAC,kBAAiB;AAC1D,SAAS,WAAAC,gBAAe;AAUxB,eAAsB,mBAAgD;AACpE,QAAM,UACJ,QAAQ,IAAI,gCACZ,QAAQ,IAAI;AACd,MAAI,QAAS,QAAO;AAEpB,MAAI;AACF,UAAM,OAAO,MAAMC,UAAS,iBAAiB,GAAG,MAAM,GAAG,KAAK;AAC9D,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAyBA,eAAsB,iBACpB,SACY;AACZ,QAAM,SAAS,MAAM,iBAAiB;AACtC,MAAI,QAAQ;AACV,IAAC,QAAmC,4BAA4B,IAAI;AAAA,EACtE;AACA,SAAO;AACT;;;AHrBA,IAAM,sBAAN,MAAqD;AAAA,EACnD,MAAM,SAA0C;AAC9C,UAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAAA,EACA,MAAM,OAA+C;AACnD,WAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B;AAAA,EAC1D;AACF;AAEA,IAAM,sBAAN,MAAqD;AAAA,EACnD,YACmB,OACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,OAAO,OAA+D;AAC1E,UAAM,OAAO,MAAMC,UAAS,MAAM,cAAc;AAChD,UAAM,gBAAgB;AAAA,MACpB,KAAK;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AACA,UAAM,OAAO,MAAM,IAAI,eAAe,MAAM;AAAA,MAC1C,QAAQ;AAAA,MACR,OAAO,KAAK;AAAA,MACZ,aAAa;AAAA,MACb,iBAAiB;AAAA,IACnB,CAAC;AACD,WAAO,EAAE,UAAU,KAAK,UAAU,KAAK,KAAK,KAAK,MAAM,KAAK,WAAW;AAAA,EACzE;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,MAAO,QAAO,EAAE,IAAI,OAAO,QAAQ,gBAAgB;AAC7D,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAQA,IAAM,0BAAN,MAAyD;AAAA,EACvD,YAA6B,aAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA,EAE7B,MAAM,OAAO,OAA+D;AAC1E,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,OAAO,MAAMA,UAAS,MAAM,cAAc;AAChD,UAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,UAAM,UAAU,MAAM,iBAAiB;AAAA,MACrC,eAAe,UAAU,KAAK;AAAA,MAC9B,gBAAgB;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW,MAAM;AAAA,MACjB,eAAe,MAAM;AAAA,MACrB,GAAI,MAAM,YAAY,EAAE,gBAAgB,MAAM,UAAU,IAAI,CAAC;AAAA,IAC/D,CAAC;AACD,UAAM,MAAM,MAAM,MAAM,KAAK,EAAE,QAAQ,QAAQ,SAAS,KAAK,CAAC;AAC9D,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,YAAM,IAAI;AAAA,QACR,6BAA6B,IAAI,MAAM,MAAM,QAAQ,IAAI,UAAU;AAAA,MACrE;AAAA,IACF;AACA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAO7B,QAAI,CAAC,KAAK,MAAM,CAAC,KAAK,WAAW,CAAC,KAAK,UAAU;AAC/C,YAAM,IAAI,MAAM,4BAA4B,KAAK,SAAS,SAAS,EAAE;AAAA,IACvE;AACA,WAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,KAAK,KAAK;AAAA,MACV,MAAM,KAAK,QAAQ,KAAK;AAAA,IAC1B;AAAA,EACF;AAAA,EAEA,MAAM,OAA8D;AAClE,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AAIA,QAAI;AACF,YAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,YAAM,UAAU,MAAM,iBAAiB;AAAA,QACrC,eAAe,UAAU,KAAK;AAAA,MAChC,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,KAAK,EAAE,QAAQ,QAAQ,QAAQ,CAAC;AACxD,UAAI,IAAI,WAAW,IAAK,QAAO,EAAE,IAAI,KAAK;AAC1C,UAAI,IAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC5C,cAAM,KAAK,IAAI,QAAQ,IAAI,cAAc,KAAK;AAC9C,YAAI,GAAG,SAAS,WAAW,GAAG;AAC5B,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,QACE;AAAA,UACJ;AAAA,QACF;AACA,eAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B,IAAI,MAAM,IAAI;AAAA,MACxE;AACA,aAAO,EAAE,IAAI,OAAO,QAAQ,qBAAqB,IAAI,MAAM,GAAG;AAAA,IAChE,SAAS,KAAK;AACZ,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ,yBAA0B,IAAc,OAAO;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,sBACd,KACiB;AACjB,MAAI,IAAI,SAAS,OAAQ,QAAO,IAAI,oBAAoB;AACxD,MAAI,IAAI,SAAS,YAAY;AAC3B,WAAO,IAAI,wBAAwB,eAAe,CAAC;AAAA,EACrD;AAEA,QAAM,QAAQ,QAAQ,IAAI,IAAI,QAAQ;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR,yBAAyB,IAAI,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,IAAI,oBAAoB,OAAO,IAAI,MAAM;AAClD;AAEA,SAAS,cACP,QACA,UACA,WACQ;AACR,QAAM,aAAa,OAAO,SAAS,GAAG,IAAI,SAAS,GAAG,MAAM;AAC5D,QAAM,cAAc,mBAAmB,SAAS;AAChD,SAAO,GAAG,UAAU,GAAG,QAAQ,IAAI,WAAW;AAChD;","names":["mkdir","readFile","writeFile","homedir","dirname","join","HOOK_COMMAND_NAME","HOOK_MAP","asString","readJson","isAgentInsightsCommand","mkdir","readFile","writeFile","dirname","homedir","join","join","readFile","writeFile","mkdir","dirname","readFile","readFile","writeFile","dirname","mkdir","createHash","readFile","mkdir","dirname","writeFile","unlink","chmod","mkdir","readFile","writeFile","dirname","readFile","readFile"]}
|
package/package.json
CHANGED