axauth 1.8.0 → 1.10.0

package/README.md

@@ -253,7 +253,7 @@ src/
 
 ## Related Packages
 
-axauth is part of the [a╳point](https://axpoint.dev) ecosystem:
+axauth is part of the [a╳kit](https://axkit.dev) ecosystem:
 
 - **axshared** - Shared types and agent metadata
 - **axconfig** - Permission and configuration management

package/dist/auth/adapter.d.ts

@@ -111,6 +111,18 @@ interface AdapterCapabilities {
  *
  * Encapsulates all auth operations for a single agent, hiding the
  * complexity of different storage mechanisms and credential formats.
+ *
+ * ## Credential Source Priority
+ *
+ * When resolving credentials, sources are checked in this order:
+ *
+ * 1. **Environment variables** (via `extractFromEnvironment`)
+ * 2. **Vault** (external, via axvault server when configured)
+ * 3. **Local storage** (keychain/file via `extractRawCredentials`)
+ *
+ * Environment variables always take precedence to allow easy overrides
+ * in CI/CD and development. Vault provides centralized credential
+ * management. Local storage is the fallback for interactive use.
  */
 interface AuthAdapter {
     /** Agent identifier */
@@ -124,6 +136,19 @@ interface AuthAdapter {
      * and returns the status without making API calls.
      */
     checkAuth(): AuthStatus;
+    /**
+     * Extract credentials from environment variables only.
+     *
+     * This is called before checking vault or local storage to ensure
+     * environment variables have highest priority. Returns undefined if
+     * no credentials are set via environment variables.
+     *
+     * @example
+     * // For Claude, checks CLAUDE_CODE_OAUTH_TOKEN and ANTHROPIC_API_KEY
+     * const envCreds = adapter.extractFromEnvironment?.();
+     * if (envCreds) return envCreds; // Env vars win over vault
+     */
+    extractFromEnvironment?(): Credentials | undefined;
     /**
      * Extract raw credentials for export.
      *

package/dist/auth/agents/claude-storage.d.ts

@@ -18,9 +18,19 @@ declare function checkAuth(): {
     method?: string;
     details?: Record<string, unknown>;
 };
+/**
+ * Extract credentials from environment variables only.
+ *
+ * This is called before checking vault or local storage to ensure
+ * environment variables have highest priority.
+ */
+declare function extractFromEnvironment(): {
+    type: "oauth-credentials" | "oauth-token" | "api-key";
+    data: Record<string, unknown>;
+} | undefined;
 /** Extract raw credentials from available sources */
 declare function extractRawCredentials(): {
-    type: "oauth" | "api-key";
+    type: "oauth-credentials" | "oauth-token" | "api-key";
     data: Record<string, unknown>;
 } | undefined;
-export { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, };
+export { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractFromEnvironment, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, };

package/dist/auth/agents/claude-storage.js

@@ -81,34 +81,57 @@ function checkAuth() {
     }
     return { authenticated: false };
 }
-/** Extract raw credentials from available sources */
-function extractRawCredentials() {
+/**
+ * Extract credentials from environment variables only.
+ *
+ * This is called before checking vault or local storage to ensure
+ * environment variables have highest priority.
+ */
+function extractFromEnvironment() {
     if (process.env.CLAUDE_CODE_OAUTH_TOKEN) {
         return {
-            type: "oauth",
+            type: "oauth-token",
             data: { accessToken: process.env.CLAUDE_CODE_OAUTH_TOKEN },
         };
     }
+    if (process.env.ANTHROPIC_API_KEY) {
+        return {
+            type: "api-key",
+            data: { apiKey: process.env.ANTHROPIC_API_KEY },
+        };
+    }
+    return undefined;
+}
+/**
+ * Extract credentials from local storage only (keychain + file).
+ *
+ * This skips environment variable checks and only looks at local storage.
+ * Used as fallback after vault fetch fails.
+ */
+function extractFromLocalStorage() {
     const keychainCreds = loadKeychainCreds();
     if (keychainCreds) {
         return {
-            type: "oauth",
+            type: "oauth-credentials",
             data: { ...keychainCreds, _source: "keychain" },
         };
     }
     const fileCreds = loadFileCreds();
     if (fileCreds) {
         return {
-            type: "oauth",
+            type: "oauth-credentials",
             data: { ...fileCreds, _source: "file" },
         };
     }
-    if (process.env.ANTHROPIC_API_KEY) {
-        return {
-            type: "api-key",
-            data: { apiKey: process.env.ANTHROPIC_API_KEY },
-        };
-    }
     return undefined;
 }
-export { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, };
+/** Extract raw credentials from available sources */
+function extractRawCredentials() {
+    // Check env vars first
+    const environmentCreds = extractFromEnvironment();
+    if (environmentCreds)
+        return environmentCreds;
+    // Fall back to local storage
+    return extractFromLocalStorage();
+}
+export { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractFromEnvironment, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, };

package/dist/auth/agents/claude.js

@@ -7,7 +7,7 @@ import path from "node:path";
 import { extractCredsFromDirectory } from "../extract-creds-from-directory.js";
 import { isMacOS } from "../keychain.js";
 import { resolveCustomDirectory } from "../validate-directories.js";
-import { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, } from "./claude-storage.js";
+import { AGENT_ID, checkAuth, deleteFileCreds, deleteKeychainCreds, extractFromEnvironment, extractRawCredentials, getDefaultCredsFilePath, saveFileCreds, saveKeychainCreds, } from "./claude-storage.js";
 const CREDS_FILE_NAME = ".credentials.json";
 /** Claude Code authentication adapter */
 const claudeCodeAdapter = {
@@ -22,6 +22,12 @@ const claudeCodeAdapter = {
         const result = checkAuth();
         return { agentId: AGENT_ID, ...result };
     },
+    extractFromEnvironment() {
+        const result = extractFromEnvironment();
+        if (!result)
+            return undefined;
+        return { agent: AGENT_ID, ...result };
+    },
     extractRawCredentials() {
         const result = extractRawCredentials();
         if (!result)
@@ -121,7 +127,8 @@ const claudeCodeAdapter = {
     },
     getAccessToken(creds) {
         const data = creds.data;
-        if (creds.type === "oauth" && typeof data.accessToken === "string") {
+        if ((creds.type === "oauth-credentials" || creds.type === "oauth-token") &&
+            typeof data.accessToken === "string") {
             return data.accessToken;
         }
         if (creds.type === "api-key" && typeof data.apiKey === "string") {
@@ -132,7 +139,8 @@ const claudeCodeAdapter = {
     credentialsToEnvironment(creds) {
         const environment = {};
         const data = creds.data;
-        if (creds.type === "oauth" && typeof data.accessToken === "string") {
+        if ((creds.type === "oauth-credentials" || creds.type === "oauth-token") &&
+            typeof data.accessToken === "string") {
             environment.CLAUDE_CODE_OAUTH_TOKEN = data.accessToken;
         }
         else if (creds.type === "api-key" && typeof data.apiKey === "string") {

package/dist/auth/agents/codex-auth-check.d.ts

@@ -4,6 +4,8 @@
 import type { AuthStatus, Credentials } from "../types.js";
 /** Check auth status across all sources */
 declare function checkAuth(): AuthStatus;
+/** Extract credentials from environment */
+declare function extractEnvironmentCredentials(): Credentials | undefined;
 /** Extract raw credentials from first available source */
 declare function extractRawCredentials(): Credentials | undefined;
-export { checkAuth, extractRawCredentials };
+export { checkAuth, extractEnvironmentCredentials, extractRawCredentials };

package/dist/auth/agents/codex-auth-check.js

@@ -71,7 +71,7 @@ function extractKeychainCredentials() {
     if (keychainAuth?.tokens) {
         return {
             agent: AGENT_ID,
-            type: "oauth",
+            type: "oauth-credentials",
             data: { ...keychainAuth, _source: "keychain" },
         };
     }
@@ -88,7 +88,7 @@ function extractFileCredentials() {
         };
     }
     if (fileAuth?.tokens) {
-        return { agent: AGENT_ID, type: "oauth", data: fileAuth };
+        return { agent: AGENT_ID, type: "oauth-credentials", data: fileAuth };
     }
     return undefined;
 }
@@ -98,4 +98,4 @@ function extractRawCredentials() {
         extractKeychainCredentials() ??
         extractFileCredentials());
 }
-export { checkAuth, extractRawCredentials };
+export { checkAuth, extractEnvironmentCredentials, extractRawCredentials };

package/dist/auth/agents/codex-storage.d.ts

@@ -39,5 +39,5 @@ interface CredentialsData {
     [key: string]: unknown;
 }
 /** Build auth content from credentials data */
-declare function buildAuthContent(type: "oauth" | "api-key", data: CredentialsData): CodexAuthJson;
+declare function buildAuthContent(type: "oauth-credentials" | "oauth-token" | "api-key", data: CredentialsData): CodexAuthJson;
 export { buildAuthContent, deleteFileCreds, deleteKeychainCreds, getEnvironmentApiKey, hasFileApiKey, hasFileOAuth, hasKeychainApiKey, hasKeychainOAuth, loadFileCreds, loadKeychainCreds, saveFileCreds, saveKeychainCreds, };

package/dist/auth/agents/codex.js

@@ -8,7 +8,7 @@ import path from "node:path";
 import { ensureDirectory } from "../file-storage.js";
 import { isMacOS } from "../keychain.js";
 import { resolveCustomDirectory } from "../validate-directories.js";
-import { checkAuth, extractRawCredentials } from "./codex-auth-check.js";
+import { checkAuth, extractEnvironmentCredentials, extractRawCredentials, } from "./codex-auth-check.js";
 import { getAuthFilePath, getCodexHome, updateConfigStorage, } from "./codex-config.js";
 import { buildAuthContent, deleteFileCreds, deleteKeychainCreds, saveFileCreds, saveKeychainCreds, } from "./codex-storage.js";
 const AGENT_ID = "codex";
@@ -23,6 +23,7 @@ const codexAdapter = {
         installApiKey: true,
     },
     checkAuth,
+    extractFromEnvironment: extractEnvironmentCredentials,
     extractRawCredentials,
     extractRawCredentialsFromDirectory(options) {
         // Codex doesn't separate config/data - use either directory
@@ -38,7 +39,7 @@ const codexAdapter = {
                 return undefined;
             const data = parsed;
             // Determine type from data structure
-            const type = data.api_key ? "api-key" : "oauth";
+            const type = data.api_key ? "api-key" : "oauth-credentials";
             return { agent: AGENT_ID, type, data };
         }
         catch {
@@ -133,7 +134,7 @@ const codexAdapter = {
         if (creds.type === "api-key" && typeof data.apiKey === "string") {
             return data.apiKey;
         }
-        if (creds.type === "oauth") {
+        if (creds.type === "oauth-credentials") {
             // Direct access_token
             if (typeof data.access_token === "string") {
                 return data.access_token;

package/dist/auth/agents/copilot-install.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Copilot credential installation helpers.
+ *
+ * Extracted from copilot.ts to reduce file complexity.
+ */
+import type { InstallOptions, OperationResult } from "../adapter.js";
+import type { Credentials } from "../types.js";
+import type { ResolveResult } from "../validate-directories.js";
+declare const CREDS_FILE_NAME = "token.json";
+/**
+ * Install Copilot credentials.
+ *
+ * Handles keychain vs file storage and custom directories.
+ */
+declare function installCopilotCredentials(creds: Credentials, resolved: Extract<ResolveResult, {
+    ok: true;
+}>, options?: InstallOptions): OperationResult;
+export { CREDS_FILE_NAME, installCopilotCredentials };

package/dist/auth/agents/copilot-install.js

@@ -0,0 +1,73 @@
+/**
+ * Copilot credential installation helpers.
+ *
+ * Extracted from copilot.ts to reduce file complexity.
+ */
+import path from "node:path";
+import { ensureDirectory } from "../file-storage.js";
+import { isMacOS } from "../keychain.js";
+import { getConfigDirectory, getConfigFilePath, saveFileToken, saveKeychainToken, saveTokenToPath, } from "./copilot-storage.js";
+const CREDS_FILE_NAME = "token.json";
+/**
+ * Install Copilot credentials.
+ *
+ * Handles keychain vs file storage and custom directories.
+ */
+function installCopilotCredentials(creds, resolved, options) {
+    if (creds.type === "api-key") {
+        return {
+            ok: false,
+            message: "API key credentials cannot be installed (use COPILOT_GITHUB_TOKEN env var)",
+        };
+    }
+    const token = typeof creds.data.accessToken === "string"
+        ? creds.data.accessToken
+        : undefined;
+    if (!token) {
+        return { ok: false, message: "No access token found in credentials" };
+    }
+    // Custom directory forces file storage
+    if (resolved.customDir) {
+        const targetPath = path.join(resolved.customDir, CREDS_FILE_NAME);
+        if (saveTokenToPath(token, targetPath)) {
+            return {
+                ok: true,
+                message: `Installed credentials to ${targetPath}`,
+            };
+        }
+        return {
+            ok: false,
+            message: `Failed to install credentials to ${targetPath}`,
+        };
+    }
+    // Default location: use storage option or _source marker
+    const sourceMarker = creds.data._source;
+    const targetStorage = options?.storage ?? (sourceMarker === "keychain" ? "keychain" : "file");
+    if (targetStorage === "keychain") {
+        if (!isMacOS()) {
+            return {
+                ok: false,
+                message: "Keychain storage is only available on macOS",
+            };
+        }
+        if (saveKeychainToken(token)) {
+            return { ok: true, message: "Installed credentials to macOS Keychain" };
+        }
+        return { ok: false, message: "Failed to save to macOS Keychain" };
+    }
+    // File storage
+    if (!ensureDirectory(getConfigDirectory())) {
+        return {
+            ok: false,
+            message: "Failed to create copilot config directory",
+        };
+    }
+    if (saveFileToken(token)) {
+        return {
+            ok: true,
+            message: `Installed credentials to ${getConfigFilePath()}`,
+        };
+    }
+    return { ok: false, message: "Failed to install credentials to file" };
+}
+export { CREDS_FILE_NAME, installCopilotCredentials };

package/dist/auth/agents/copilot.js

@@ -6,13 +6,11 @@
  */
 import path from "node:path";
 import { extractCredsFromDirectory } from "../extract-creds-from-directory.js";
-import { ensureDirectory } from "../file-storage.js";
-import { isMacOS } from "../keychain.js";
 import { resolveCustomDirectory } from "../validate-directories.js";
 import { findFirstAvailableToken } from "./copilot-auth-check.js";
-import { deleteFileToken, deleteKeychainToken, deleteTokenFromPath, getConfigDirectory, getConfigFilePath, saveFileToken, saveKeychainToken, saveTokenToPath, } from "./copilot-storage.js";
+import { CREDS_FILE_NAME, installCopilotCredentials, } from "./copilot-install.js";
+import { deleteFileToken, deleteKeychainToken, deleteTokenFromPath, getConfigFilePath, getEnvironmentToken, } from "./copilot-storage.js";
 const AGENT_ID = "copilot";
-const CREDS_FILE_NAME = "token.json";
 /** Copilot CLI authentication adapter */
 const copilotAdapter = {
     agentId: AGENT_ID,
@@ -39,13 +37,23 @@ const copilotAdapter = {
             method: methodMap[result.source],
         };
     },
+    extractFromEnvironment() {
+        const token = getEnvironmentToken();
+        if (!token)
+            return undefined;
+        return {
+            agent: AGENT_ID,
+            type: "oauth-token",
+            data: { accessToken: token },
+        };
+    },
     extractRawCredentials() {
         const result = findFirstAvailableToken();
         if (!result)
             return undefined;
         return {
             agent: AGENT_ID,
-            type: "oauth",
+            type: "oauth-token",
             data: { accessToken: result.token, _source: result.source },
         };
     },
@@ -57,65 +65,10 @@ const copilotAdapter = {
         return extractCredsFromDirectory(AGENT_ID, directory, CREDS_FILE_NAME);
     },
     installCredentials(creds, options) {
-        // Resolve custom directory with validation
         const resolved = resolveCustomDirectory(AGENT_ID, options?.configDir, options?.dataDir);
         if (!resolved.ok)
             return resolved.error;
-        if (creds.type === "api-key") {
-            return {
-                ok: false,
-                message: "API key credentials cannot be installed (use COPILOT_GITHUB_TOKEN env var)",
-            };
-        }
-        const token = typeof creds.data.accessToken === "string"
-            ? creds.data.accessToken
-            : undefined;
-        if (!token) {
-            return { ok: false, message: "No access token found in credentials" };
-        }
-        // Custom directory forces file storage
-        if (resolved.customDir) {
-            const targetPath = path.join(resolved.customDir, CREDS_FILE_NAME);
-            if (saveTokenToPath(token, targetPath)) {
-                return {
-                    ok: true,
-                    message: `Installed credentials to ${targetPath}`,
-                };
-            }
-            return {
-                ok: false,
-                message: `Failed to install credentials to ${targetPath}`,
-            };
-        }
-        // Default location: use storage option or _source marker
-        const sourceMarker = creds.data._source;
-        const targetStorage = options?.storage ?? (sourceMarker === "keychain" ? "keychain" : "file");
-        if (targetStorage === "keychain") {
-            if (!isMacOS()) {
-                return {
-                    ok: false,
-                    message: "Keychain storage is only available on macOS",
-                };
-            }
-            if (saveKeychainToken(token)) {
-                return { ok: true, message: "Installed credentials to macOS Keychain" };
-            }
-            return { ok: false, message: "Failed to save to macOS Keychain" };
-        }
-        // File storage
-        if (!ensureDirectory(getConfigDirectory())) {
-            return {
-                ok: false,
-                message: "Failed to create copilot config directory",
-            };
-        }
-        if (saveFileToken(token)) {
-            return {
-                ok: true,
-                message: `Installed credentials to ${getConfigFilePath()}`,
-            };
-        }
-        return { ok: false, message: "Failed to install credentials to file" };
+        return installCopilotCredentials(creds, resolved, options);
     },
     removeCredentials(options) {
         // Resolve custom directory with validation

package/dist/auth/agents/gemini-auth-check.d.ts

@@ -11,6 +11,8 @@ interface CredentialResult {
     method: string;
     data?: Record<string, unknown>;
 }
+/** Check environment variable credentials (API key and Vertex AI) */
+declare function checkEnvironmentAuth(): CredentialResult | undefined;
 /** Find credentials using priority-ordered discovery: env → keychain → file */
 declare function findCredentials(): CredentialResult | undefined;
-export { findCredentials };
+export { checkEnvironmentAuth, findCredentials };

package/dist/auth/agents/gemini-auth-check.js

@@ -57,4 +57,4 @@ function checkFileAuth() {
 function findCredentials() {
     return checkEnvironmentAuth() ?? checkKeychainAuth() ?? checkFileAuth();
 }
-export { findCredentials };
+export { checkEnvironmentAuth, findCredentials };

package/dist/auth/agents/gemini.js

@@ -4,7 +4,7 @@
  * Supports OAuth via keychain (macOS) or file. API key auth is env-var only.
  */
 import { extractCredsFromDirectory } from "../extract-creds-from-directory.js";
-import { findCredentials } from "./gemini-auth-check.js";
+import { checkEnvironmentAuth, findCredentials } from "./gemini-auth-check.js";
 import { installOAuthCredentials, removeGeminiCredentials, } from "./gemini-install.js";
 const AGENT_ID = "gemini";
 /** Gemini authentication adapter */
@@ -27,6 +27,16 @@ const geminiAdapter = {
             method: result.method,
         };
     },
+    extractFromEnvironment() {
+        const result = checkEnvironmentAuth();
+        if (!result || !result.data)
+            return undefined;
+        return {
+            agent: AGENT_ID,
+            type: "api-key",
+            data: result.data,
+        };
+    },
     extractRawCredentials() {
         const result = findCredentials();
         if (!result || !result.data)
@@ -42,7 +52,7 @@ const geminiAdapter = {
         // OAuth credentials from keychain or file include _source for round-tripping
         return {
             agent: AGENT_ID,
-            type: "oauth",
+            type: "oauth-credentials",
             data: {
                 ...result.data,
                 _source: result.source === "keychain" ? "keychain" : "file",
@@ -74,7 +84,8 @@ const geminiAdapter = {
         if (creds.type === "api-key" && typeof data.apiKey === "string") {
             return data.apiKey;
         }
-        if (creds.type === "oauth" && typeof data.access_token === "string") {
+        if (creds.type === "oauth-credentials" &&
+            typeof data.access_token === "string") {
             return data.access_token;
         }
         return undefined;

package/dist/auth/agents/opencode.js

@@ -77,7 +77,7 @@ const opencodeAdapter = {
         const auth = readAuthFile(getDefaultAuthFilePath());
         if (!auth || Object.keys(auth).length === 0)
             return undefined;
-        return { agent: AGENT_ID, type: "oauth", data: auth };
+        return { agent: AGENT_ID, type: "oauth-credentials", data: auth };
     },
     extractRawCredentialsFromDirectory(options) {
         // OpenCode stores credentials in dataDir only - configDir is for settings

package/dist/auth/extract-creds-from-directory.js

@@ -28,7 +28,7 @@ function extractCredsFromDirectory(agentId, directory, fileName, transform) {
         const data = transform ? transform(record) : record;
         if (!data)
             return undefined;
-        return { agent: agentId, type: "oauth", data };
+        return { agent: agentId, type: "oauth-credentials", data };
     }
     catch {
         return undefined;

package/dist/auth/registry.d.ts

@@ -51,9 +51,17 @@ declare function checkAllAuth(): AuthStatus[];
 /**
  * Extract raw credentials for an agent.
  *
+ * Checks credentials from all available sources:
+ * - Environment variables
+ * - Keychain (macOS)
+ * - File storage
+ *
  * Note: The `data` field format is agent-specific and not standardized.
  * Use {@link getAccessToken} to extract the token in a uniform way.
  *
+ * For vault credentials, use {@link fetchVaultCredentials} from the vault module
+ * or the `axauth vault fetch` CLI command.
+ *
  * @example
  * const creds = extractRawCredentials("codex");
  * if (creds) { await exportCredentials(creds); }

package/dist/auth/registry.js

@@ -75,9 +75,17 @@ function checkAllAuth() {
 /**
  * Extract raw credentials for an agent.
  *
+ * Checks credentials from all available sources:
+ * - Environment variables
+ * - Keychain (macOS)
+ * - File storage
+ *
  * Note: The `data` field format is agent-specific and not standardized.
  * Use {@link getAccessToken} to extract the token in a uniform way.
  *
+ * For vault credentials, use {@link fetchVaultCredentials} from the vault module
+ * or the `axauth vault fetch` CLI command.
+ *
  * @example
  * const creds = extractRawCredentials("codex");
  * if (creds) { await exportCredentials(creds); }

package/dist/auth/types.d.ts

@@ -21,8 +21,9 @@ declare const Credentials: z.ZodObject<{
         copilot: "copilot";
     }>;
     type: z.ZodEnum<{
-        oauth: "oauth";
         "api-key": "api-key";
+        "oauth-token": "oauth-token";
+        "oauth-credentials": "oauth-credentials";
     }>;
     data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
 }, z.core.$strip>;

package/dist/auth/types.js

@@ -1,14 +1,14 @@
 /**
  * Shared types for auth module.
  */
-import { AGENT_CLIS } from "axshared";
+import { AGENT_CLIS, CredentialType } from "axshared";
 import { z } from "zod";
 /** Zod schema for AgentCli */
 const AgentCliSchema = z.enum(AGENT_CLIS);
 /** Extracted credential data schema */
 const Credentials = z.object({
     agent: AgentCliSchema,
-    type: z.enum(["oauth", "api-key"]),
+    type: CredentialType,
     data: z.record(z.string(), z.unknown()),
 });
 /**

package/dist/auth/validate-directories.d.ts

@@ -22,4 +22,5 @@ type ResolveResult = {
  * @see resolveCustomDirectories in axshared for behavior details
  */
 declare function resolveCustomDirectory(agentId: AgentCli, configDirectory: string | undefined, dataDirectory: string | undefined): ResolveResult;
+export type { ResolveResult };
 export { resolveCustomDirectory };