berget 2.2.7 → 2.2.8

package/dist/src/commands/code/__tests__/auth-sync.test.js

@@ -1,348 +1,351 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 const vitest_1 = require("vitest");
 const auth_sync_1 = require("../auth-sync");
+const fake_api_key_service_1 = require("./fake-api-key-service");
+const fake_auth_service_1 = require("./fake-auth-service");
 const fake_file_store_1 = require("./fake-file-store");
 const fake_prompter_1 = require("./fake-prompter");
-const fake_auth_service_1 = require("./fake-auth-service");
-const fake_api_key_service_1 = require("./fake-api-key-service");
 function base64urlEncode(data) {
-    return Buffer.from(data).toString("base64url");
+    return Buffer.from(data).toString('base64url');
 }
 function makeJwt(payload) {
-    const header = base64urlEncode(JSON.stringify({ alg: "none", typ: "JWT" }));
+    const header = base64urlEncode(JSON.stringify({ alg: 'none', typ: 'JWT' }));
     const body = base64urlEncode(JSON.stringify(payload));
     return `${header}.${body}.signature`;
 }
-const HOME = "/home/user";
-const fakeCliAuth = (overrides = {}) => (Object.assign({ access_token: makeJwt({
-        realm_access: { roles: ["default-roles-berget"] },
+const HOME = '/home/user';
+const fakeCliAuth = (overrides = {}) => ({
+    access_token: makeJwt({
         exp: 9999999999999, // JWT exp in seconds (different from expires_at in ms)
-    }), refresh_token: "refreshtoken", expires_at: 9999999999999 }, overrides));
-(0, vitest_1.describe)("readCliAuth", () => {
-    (0, vitest_1.it)("returns null when auth file does not exist", () => __awaiter(void 0, void 0, void 0, function* () {
+        realm_access: { roles: ['default-roles-berget'] },
+    }),
+    expires_at: 9999999999999,
+    refresh_token: 'refreshtoken',
+    ...overrides,
+});
+(0, vitest_1.describe)('readCliAuth', () => {
+    (0, vitest_1.it)('returns null when auth file does not exist', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        const result = yield (0, auth_sync_1.readCliAuth)(files, HOME);
+        const result = await (0, auth_sync_1.readCliAuth)(files, HOME);
         (0, vitest_1.expect)(result).toBeNull();
-    }));
-    (0, vitest_1.it)("parses valid auth file", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('parses valid auth file', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const auth = fakeCliAuth();
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify(auth));
-        const result = yield (0, auth_sync_1.readCliAuth)(files, HOME);
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify(auth));
+        const result = await (0, auth_sync_1.readCliAuth)(files, HOME);
         // The JWT's exp claim should be extracted and converted to milliseconds
-        const jwtPayload = JSON.parse(Buffer.from(auth.access_token.split(".")[1], "base64url").toString());
+        const jwtPayload = JSON.parse(Buffer.from(auth.access_token.split('.')[1], 'base64url').toString());
         const expectedAuth = {
             access_token: auth.access_token,
-            refresh_token: auth.refresh_token,
             expires_at: jwtPayload.exp * 1000,
+            refresh_token: auth.refresh_token,
         };
         (0, vitest_1.expect)(result).toEqual(expectedAuth);
-    }));
-    (0, vitest_1.it)("returns null for malformed JSON", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('returns null for malformed JSON', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.berget/auth.json", "not json");
-        const result = yield (0, auth_sync_1.readCliAuth)(files, HOME);
+        files.seed(HOME + '/.berget/auth.json', 'not json');
+        const result = await (0, auth_sync_1.readCliAuth)(files, HOME);
         (0, vitest_1.expect)(result).toBeNull();
-    }));
-    (0, vitest_1.it)("returns null when fields are missing", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('returns null when fields are missing', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify({ access_token: "only" }));
-        const result = yield (0, auth_sync_1.readCliAuth)(files, HOME);
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify({ access_token: 'only' }));
+        const result = await (0, auth_sync_1.readCliAuth)(files, HOME);
         (0, vitest_1.expect)(result).toBeNull();
-    }));
+    });
 });
-(0, vitest_1.describe)("isToolAuthenticated", () => {
-    (0, vitest_1.it)("returns false when auth file does not exist", () => __awaiter(void 0, void 0, void 0, function* () {
+(0, vitest_1.describe)('isToolAuthenticated', () => {
+    (0, vitest_1.it)('returns false when auth file does not exist', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        const result = yield (0, auth_sync_1.isToolAuthenticated)(files, HOME, "opencode");
+        const result = await (0, auth_sync_1.isToolAuthenticated)(files, HOME, 'opencode');
         (0, vitest_1.expect)(result).toBe(false);
-    }));
-    (0, vitest_1.it)("returns true when berget entry exists", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('returns true when berget entry exists', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ berget: { type: "oauth", access: "tok" } }));
-        const result = yield (0, auth_sync_1.isToolAuthenticated)(files, HOME, "opencode");
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ berget: { access: 'tok', type: 'oauth' } }));
+        const result = await (0, auth_sync_1.isToolAuthenticated)(files, HOME, 'opencode');
         (0, vitest_1.expect)(result).toBe(true);
-    }));
-    (0, vitest_1.it)("returns false when berget entry is missing", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('returns false when berget entry is missing', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ openai: { type: "api" } }));
-        const result = yield (0, auth_sync_1.isToolAuthenticated)(files, HOME, "opencode");
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ openai: { type: 'api' } }));
+        const result = await (0, auth_sync_1.isToolAuthenticated)(files, HOME, 'opencode');
         (0, vitest_1.expect)(result).toBe(false);
-    }));
-    (0, vitest_1.it)("checks correct path for pi", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('checks correct path for pi', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.pi/agent/auth.json", JSON.stringify({ berget: { type: "oauth" } }));
-        const result = yield (0, auth_sync_1.isToolAuthenticated)(files, HOME, "pi");
+        files.seed(HOME + '/.pi/agent/auth.json', JSON.stringify({ berget: { type: 'oauth' } }));
+        const result = await (0, auth_sync_1.isToolAuthenticated)(files, HOME, 'pi');
         (0, vitest_1.expect)(result).toBe(true);
-    }));
+    });
 });
-(0, vitest_1.describe)("decodeJwtPayload", () => {
-    (0, vitest_1.it)("decodes a valid JWT payload", () => {
-        const payload = { sub: "123", realm_access: { roles: ["admin"] } };
+(0, vitest_1.describe)('decodeJwtPayload', () => {
+    (0, vitest_1.it)('decodes a valid JWT payload', () => {
+        const payload = { realm_access: { roles: ['admin'] }, sub: '123' };
         const jwt = makeJwt(payload);
         (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)(jwt)).toEqual(payload);
     });
-    (0, vitest_1.it)("returns null for invalid format", () => {
-        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)("not.a")).toBeNull();
-        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)("onlyOnePart")).toBeNull();
+    (0, vitest_1.it)('returns null for invalid format', () => {
+        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)('not.a')).toBeNull();
+        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)('onlyOnePart')).toBeNull();
     });
-    (0, vitest_1.it)("returns null for invalid base64", () => {
-        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)("header.bad\.base64.signature")).toBeNull();
+    (0, vitest_1.it)('returns null for invalid base64', () => {
+        (0, vitest_1.expect)((0, auth_sync_1.decodeJwtPayload)('header.bad\.base64.signature')).toBeNull();
     });
 });
-(0, vitest_1.describe)("hasBergetCodeSeat", () => {
-    (0, vitest_1.it)("returns true when berget_code_seat is present", () => {
+(0, vitest_1.describe)('hasBergetCodeSeat', () => {
+    (0, vitest_1.it)('returns true when berget_code_seat is present', () => {
         const token = makeJwt({
-            realm_access: { roles: ["berget_code_seat", "default-roles-berget"] },
+            realm_access: { roles: ['berget_code_seat', 'default-roles-berget'] },
         });
         (0, vitest_1.expect)((0, auth_sync_1.hasBergetCodeSeat)(token)).toBe(true);
     });
-    (0, vitest_1.it)("returns false when role is missing", () => {
+    (0, vitest_1.it)('returns false when role is missing', () => {
         const token = makeJwt({
-            realm_access: { roles: ["default-roles-berget"] },
+            realm_access: { roles: ['default-roles-berget'] },
         });
         (0, vitest_1.expect)((0, auth_sync_1.hasBergetCodeSeat)(token)).toBe(false);
     });
-    (0, vitest_1.it)("returns false when realm_access is missing", () => {
-        const token = makeJwt({ sub: "123" });
+    (0, vitest_1.it)('returns false when realm_access is missing', () => {
+        const token = makeJwt({ sub: '123' });
         (0, vitest_1.expect)((0, auth_sync_1.hasBergetCodeSeat)(token)).toBe(false);
     });
-    (0, vitest_1.it)("returns false for invalid JWT", () => {
-        (0, vitest_1.expect)((0, auth_sync_1.hasBergetCodeSeat)("invalid")).toBe(false);
+    (0, vitest_1.it)('returns false for invalid JWT', () => {
+        (0, vitest_1.expect)((0, auth_sync_1.hasBergetCodeSeat)('invalid')).toBe(false);
     });
 });
-(0, vitest_1.describe)("syncOAuthToTool", () => {
-    (0, vitest_1.it)("writes oauth tokens to opencode auth file", () => __awaiter(void 0, void 0, void 0, function* () {
+(0, vitest_1.describe)('syncOAuthToTool', () => {
+    (0, vitest_1.it)('writes oauth tokens to opencode auth file', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const auth = fakeCliAuth();
-        yield (0, auth_sync_1.syncOAuthToTool)(files, HOME, "opencode", auth);
+        await (0, auth_sync_1.syncOAuthToTool)(files, HOME, 'opencode', auth);
         const written = files.getWrittenFiles();
-        const content = written.get(HOME + "/.local/share/opencode/auth.json");
+        const content = written.get(HOME + '/.local/share/opencode/auth.json');
         const parsed = JSON.parse(content);
         // The expires field should now use the JWT's exp claim (converted to milliseconds)
-        const jwtPayload = JSON.parse(Buffer.from(auth.access_token.split(".")[1], "base64url").toString());
+        const jwtPayload = JSON.parse(Buffer.from(auth.access_token.split('.')[1], 'base64url').toString());
         (0, vitest_1.expect)(parsed.berget).toEqual({
-            type: "oauth",
             access: auth.access_token,
-            refresh: auth.refresh_token,
             expires: jwtPayload.exp * 1000,
+            refresh: auth.refresh_token,
+            type: 'oauth',
         });
-    }));
-    (0, vitest_1.it)("writes oauth tokens to pi auth file", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('writes oauth tokens to pi auth file', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const auth = fakeCliAuth();
-        yield (0, auth_sync_1.syncOAuthToTool)(files, HOME, "pi", auth);
+        await (0, auth_sync_1.syncOAuthToTool)(files, HOME, 'pi', auth);
         const written = files.getWrittenFiles();
-        const content = written.get(HOME + "/.pi/agent/auth.json");
+        const content = written.get(HOME + '/.pi/agent/auth.json');
         const parsed = JSON.parse(content);
-        (0, vitest_1.expect)(parsed.berget.type).toBe("oauth");
-    }));
-    (0, vitest_1.it)("merges with existing providers", () => __awaiter(void 0, void 0, void 0, function* () {
+        (0, vitest_1.expect)(parsed.berget.type).toBe('oauth');
+    });
+    (0, vitest_1.it)('merges with existing providers', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ openai: { type: "api", key: "sk-openai" } }));
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ openai: { key: 'sk-openai', type: 'api' } }));
         const auth = fakeCliAuth();
-        yield (0, auth_sync_1.syncOAuthToTool)(files, HOME, "opencode", auth);
+        await (0, auth_sync_1.syncOAuthToTool)(files, HOME, 'opencode', auth);
         const written = files.getWrittenFiles();
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.openai).toEqual({ type: "api", key: "sk-openai" });
-        (0, vitest_1.expect)(parsed.berget.type).toBe("oauth");
-    }));
-    (0, vitest_1.it)("sets 0o600 permissions on the auth file", () => __awaiter(void 0, void 0, void 0, function* () {
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.openai).toEqual({ key: 'sk-openai', type: 'api' });
+        (0, vitest_1.expect)(parsed.berget.type).toBe('oauth');
+    });
+    (0, vitest_1.it)('sets 0o600 permissions on the auth file', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const auth = fakeCliAuth();
-        yield (0, auth_sync_1.syncOAuthToTool)(files, HOME, "opencode", auth);
+        await (0, auth_sync_1.syncOAuthToTool)(files, HOME, 'opencode', auth);
         const chmodCalls = files.getChmodCalls();
         (0, vitest_1.expect)(chmodCalls).toHaveLength(1);
         (0, vitest_1.expect)(chmodCalls[0]).toEqual({
-            path: HOME + "/.local/share/opencode/auth.json",
             mode: 0o600,
+            path: HOME + '/.local/share/opencode/auth.json',
         });
-    }));
+    });
 });
-(0, vitest_1.describe)("syncApiKeyToTool", () => {
-    (0, vitest_1.it)('writes api key to opencode auth file with type "api"', () => __awaiter(void 0, void 0, void 0, function* () {
+(0, vitest_1.describe)('syncApiKeyToTool', () => {
+    (0, vitest_1.it)('writes api key to opencode auth file with type "api"', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        yield (0, auth_sync_1.syncApiKeyToTool)(files, HOME, "opencode", "sk_ber_test");
+        await (0, auth_sync_1.syncApiKeyToTool)(files, HOME, 'opencode', 'sk_ber_test');
         const written = files.getWrittenFiles();
-        const content = written.get(HOME + "/.local/share/opencode/auth.json");
+        const content = written.get(HOME + '/.local/share/opencode/auth.json');
         const parsed = JSON.parse(content);
         (0, vitest_1.expect)(parsed.berget).toEqual({
-            type: "api",
-            key: "sk_ber_test",
+            key: 'sk_ber_test',
+            type: 'api',
         });
-    }));
-    (0, vitest_1.it)('writes api key to pi auth file with type "api_key"', () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('writes api key to pi auth file with type "api_key"', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        yield (0, auth_sync_1.syncApiKeyToTool)(files, HOME, "pi", "sk_ber_pi");
+        await (0, auth_sync_1.syncApiKeyToTool)(files, HOME, 'pi', 'sk_ber_pi');
         const written = files.getWrittenFiles();
-        const content = written.get(HOME + "/.pi/agent/auth.json");
+        const content = written.get(HOME + '/.pi/agent/auth.json');
         const parsed = JSON.parse(content);
         (0, vitest_1.expect)(parsed.berget).toEqual({
-            type: "api_key",
-            key: "sk_ber_pi",
+            key: 'sk_ber_pi',
+            type: 'api_key',
         });
-    }));
-    (0, vitest_1.it)("merges with existing providers", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('merges with existing providers', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ anthropic: { type: "api", key: "sk-ant" } }));
-        yield (0, auth_sync_1.syncApiKeyToTool)(files, HOME, "opencode", "sk_ber_test");
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ anthropic: { key: 'sk-ant', type: 'api' } }));
+        await (0, auth_sync_1.syncApiKeyToTool)(files, HOME, 'opencode', 'sk_ber_test');
         const written = files.getWrittenFiles();
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.anthropic).toEqual({ type: "api", key: "sk-ant" });
-    }));
-    (0, vitest_1.it)("sets 0o600 permissions on the auth file", () => __awaiter(void 0, void 0, void 0, function* () {
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.anthropic).toEqual({ key: 'sk-ant', type: 'api' });
+    });
+    (0, vitest_1.it)('sets 0o600 permissions on the auth file', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        yield (0, auth_sync_1.syncApiKeyToTool)(files, HOME, "opencode", "sk_ber_test");
+        await (0, auth_sync_1.syncApiKeyToTool)(files, HOME, 'opencode', 'sk_ber_test');
         const chmodCalls = files.getChmodCalls();
         (0, vitest_1.expect)(chmodCalls).toHaveLength(1);
         (0, vitest_1.expect)(chmodCalls[0]).toEqual({
-            path: HOME + "/.local/share/opencode/auth.json",
             mode: 0o600,
+            path: HOME + '/.local/share/opencode/auth.json',
         });
-    }));
+    });
 });
-(0, vitest_1.describe)("configureAuth", () => {
-    const makeAuthDeps = (overrides = {}) => (Object.assign({ prompter: new fake_prompter_1.FakePrompter([]), files: new fake_file_store_1.FakeFileStore(), authService: new fake_auth_service_1.FakeAuthService(true), apiKeyService: new fake_api_key_service_1.FakeApiKeyService("sk_ber_test"), homeDir: HOME }, overrides));
-    (0, vitest_1.it)("Case A: already authenticated — chooses keep → skips flow", () => __awaiter(void 0, void 0, void 0, function* () {
+(0, vitest_1.describe)('configureAuth', () => {
+    const makeAuthDeps = (overrides = {}) => ({
+        apiKeyService: new fake_api_key_service_1.FakeApiKeyService('sk_ber_test'),
+        authService: new fake_auth_service_1.FakeAuthService(true),
+        files: new fake_file_store_1.FakeFileStore(),
+        homeDir: HOME,
+        prompter: new fake_prompter_1.FakePrompter([]),
+        ...overrides,
+    });
+    (0, vitest_1.it)('Case A: already authenticated — chooses keep → skips flow', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ berget: { type: "oauth" } }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("keep")]);
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ berget: { type: 'oauth' } }));
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('keep')]);
         const deps = makeAuthDeps({ files, prompter });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         (0, vitest_1.expect)(deps.prompter.calls.length).toBe(1); // Only the select prompt
-    }));
-    (0, vitest_1.it)("Case A reconfigure: already authenticated — reconfigure with fresh browser login", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('Case A reconfigure: already authenticated — reconfigure with fresh browser login', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ berget: { type: "oauth" } }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("reconfigure"), (0, fake_prompter_1.select)("subscription")]);
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ berget: { type: 'oauth' } }));
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('reconfigure'), (0, fake_prompter_1.select)('subscription')]);
         const deps = makeAuthDeps({ files, prompter });
         const authService = deps.authService;
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         // Should have called loginInteractive (no token reuse since no ~/.berget/auth.json seeded)
         (0, vitest_1.expect)(authService.loginInteractiveCallCount).toBeGreaterThanOrEqual(1);
-    }));
-    (0, vitest_1.it)("Case A reconfigure: already authenticated — reconfigure with valid CLI token → skips browser", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('Case A reconfigure: already authenticated — reconfigure with valid CLI token → skips browser', async () => {
         const farFuture = Date.now() + 365 * 24 * 60 * 60 * 1000; // 1 year from now
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ berget: { type: "oauth" } }));
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify({
-            access_token: makeJwt({ realm_access: { roles: ["berget_code_seat"] }, exp: farFuture }),
-            refresh_token: "ref",
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ berget: { type: 'oauth' } }));
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify({
+            access_token: makeJwt({ exp: farFuture, realm_access: { roles: ['berget_code_seat'] } }),
             expires_at: farFuture,
+            refresh_token: 'ref',
         }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("reconfigure"), (0, fake_prompter_1.select)("subscription")]);
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('reconfigure'), (0, fake_prompter_1.select)('subscription')]);
         const authService = new fake_auth_service_1.FakeAuthService(true);
-        const deps = makeAuthDeps({ files, prompter, authService });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const deps = makeAuthDeps({ authService, files, prompter });
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         // Should NOT have called loginInteractive since token was reused
         (0, vitest_1.expect)(authService.loginInteractiveCallCount).toBe(0);
-    }));
-    (0, vitest_1.it)("Case B: login success + berget_code_seat → chooses subscription", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('Case B: login success + berget_code_seat → chooses subscription', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const jwt = makeJwt({
-            realm_access: { roles: ["berget_code_seat"] },
             exp: 9999999999999,
+            realm_access: { roles: ['berget_code_seat'] },
         });
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify({
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify({
             access_token: jwt,
-            refresh_token: "ref",
             expires_at: 9999999999999,
+            refresh_token: 'ref',
         }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("subscription")]);
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('subscription')]);
         const deps = makeAuthDeps({ files, prompter });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         const written = files.getWrittenFiles();
-        (0, vitest_1.expect)(written.has(HOME + "/.local/share/opencode/auth.json")).toBe(true);
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.berget.type).toBe("oauth");
-    }));
-    (0, vitest_1.it)("Case B variant: login success + seat → chooses api_key", () => __awaiter(void 0, void 0, void 0, function* () {
+        (0, vitest_1.expect)(written.has(HOME + '/.local/share/opencode/auth.json')).toBe(true);
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.berget.type).toBe('oauth');
+    });
+    (0, vitest_1.it)('Case B variant: login success + seat → chooses api_key', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const jwt = makeJwt({
-            realm_access: { roles: ["berget_code_seat"] },
             exp: 9999999999999,
+            realm_access: { roles: ['berget_code_seat'] },
         });
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify({
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify({
             access_token: jwt,
-            refresh_token: "ref",
             expires_at: 9999999999999,
+            refresh_token: 'ref',
         }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("api_key")]);
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('api_key')]);
         const deps = makeAuthDeps({ files, prompter });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         const written = files.getWrittenFiles();
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.berget.type).toBe("api");
-        (0, vitest_1.expect)(parsed.berget.key).toBe("sk_ber_test");
-    }));
-    (0, vitest_1.it)("Case C: login success + no seat → creates api key", () => __awaiter(void 0, void 0, void 0, function* () {
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.berget.type).toBe('api');
+        (0, vitest_1.expect)(parsed.berget.key).toBe('sk_ber_test');
+    });
+    (0, vitest_1.it)('Case C: login success + no seat → creates api key', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.confirm)(true)]);
-        const deps = makeAuthDeps({ files, prompter, authService: new fake_auth_service_1.FakeAuthService(true, false) });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const deps = makeAuthDeps({ authService: new fake_auth_service_1.FakeAuthService(true, false), files, prompter });
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(true);
         const written = files.getWrittenFiles();
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.berget.type).toBe("api");
-        (0, vitest_1.expect)(parsed.berget.key).toBe("sk_ber_test");
-    }));
-    (0, vitest_1.it)("Case D: login success + no seat → declines api key", () => __awaiter(void 0, void 0, void 0, function* () {
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.berget.type).toBe('api');
+        (0, vitest_1.expect)(parsed.berget.key).toBe('sk_ber_test');
+    });
+    (0, vitest_1.it)('Case D: login success + no seat → declines api key', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.confirm)(false)]);
-        const deps = makeAuthDeps({ files, prompter, authService: new fake_auth_service_1.FakeAuthService(true, false) });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const deps = makeAuthDeps({ authService: new fake_auth_service_1.FakeAuthService(true, false), files, prompter });
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(false);
-        (0, vitest_1.expect)(files.getWrittenFiles().has(HOME + "/.local/share/opencode/auth.json")).toBe(false);
-    }));
-    (0, vitest_1.it)("Case E: login fails", () => __awaiter(void 0, void 0, void 0, function* () {
+        (0, vitest_1.expect)(files.getWrittenFiles().has(HOME + '/.local/share/opencode/auth.json')).toBe(false);
+    });
+    (0, vitest_1.it)('Case E: login fails', async () => {
         const files = new fake_file_store_1.FakeFileStore();
         const authService = new fake_auth_service_1.FakeAuthService(false);
-        const deps = makeAuthDeps({ files, authService });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const deps = makeAuthDeps({ authService, files });
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(false);
-    }));
-    (0, vitest_1.it)("fails authentication when jwt decode fails", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('fails authentication when jwt decode fails', async () => {
         const prompter = new fake_prompter_1.FakePrompter([]);
         const deps = makeAuthDeps({
-            prompter,
             authService: new fake_auth_service_1.FakeAuthService(true, true, false), // valid login, has seat, but invalid token
+            prompter,
         });
-        const result = yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        const result = await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         (0, vitest_1.expect)(result.authenticated).toBe(false); // Should fail due to invalid JWT
         const written = deps.files.getWrittenFiles();
         (0, vitest_1.expect)(written.size).toBe(0); // No files should be written
-    }));
-    (0, vitest_1.it)("preserves existing providers during sync", () => __awaiter(void 0, void 0, void 0, function* () {
+    });
+    (0, vitest_1.it)('preserves existing providers during sync', async () => {
         const files = new fake_file_store_1.FakeFileStore();
-        files.seed(HOME + "/.local/share/opencode/auth.json", JSON.stringify({ openai: { type: "api", key: "sk-openai" } }));
-        files.seed(HOME + "/.berget/auth.json", JSON.stringify({
+        files.seed(HOME + '/.local/share/opencode/auth.json', JSON.stringify({ openai: { key: 'sk-openai', type: 'api' } }));
+        files.seed(HOME + '/.berget/auth.json', JSON.stringify({
             access_token: makeJwt({
-                realm_access: { roles: ["berget_code_seat"], exp: 9999999999999 },
+                realm_access: { exp: 9999999999999, roles: ['berget_code_seat'] },
             }),
-            refresh_token: "ref",
             expires_at: 9999999999999,
+            refresh_token: 'ref',
         }));
-        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)("subscription")]);
+        const prompter = new fake_prompter_1.FakePrompter([(0, fake_prompter_1.select)('subscription')]);
         const deps = makeAuthDeps({ files, prompter });
-        yield (0, auth_sync_1.configureAuth)(deps, "opencode");
+        await (0, auth_sync_1.configureAuth)(deps, 'opencode');
         const written = files.getWrittenFiles();
-        const parsed = JSON.parse(written.get(HOME + "/.local/share/opencode/auth.json"));
-        (0, vitest_1.expect)(parsed.openai).toEqual({ type: "api", key: "sk-openai" });
+        const parsed = JSON.parse(written.get(HOME + '/.local/share/opencode/auth.json'));
+        (0, vitest_1.expect)(parsed.openai).toEqual({ key: 'sk-openai', type: 'api' });
         (0, vitest_1.expect)(parsed.berget).toBeDefined();
-    }));
+    });
 });

package/dist/src/commands/code/__tests__/fake-api-key-service.js

@@ -1,23 +1,13 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.FakeApiKeyService = void 0;
 class FakeApiKeyService {
+    _key;
     constructor(key) {
         this._key = key;
     }
-    create(_options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return { key: this._key };
-        });
+    async create(_options) {
+        return { key: this._key };
     }
 }
 exports.FakeApiKeyService = FakeApiKeyService;