borgmcp 0.9.57 → 0.9.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/README.md +104 -176
  2. package/dist/auth-env.d.ts +52 -0
  3. package/dist/auth-env.d.ts.map +1 -0
  4. package/dist/auth-env.js +107 -0
  5. package/dist/auth-env.js.map +1 -0
  6. package/dist/auth.d.ts +33 -13
  7. package/dist/auth.d.ts.map +1 -1
  8. package/dist/auth.js +100 -4
  9. package/dist/auth.js.map +1 -1
  10. package/dist/cli-help.d.ts.map +1 -1
  11. package/dist/cli-help.js +6 -3
  12. package/dist/cli-help.js.map +1 -1
  13. package/dist/cli-platform.js +1 -1
  14. package/dist/cli-platform.js.map +1 -1
  15. package/dist/config.d.ts +13 -10
  16. package/dist/config.d.ts.map +1 -1
  17. package/dist/config.js +105 -60
  18. package/dist/config.js.map +1 -1
  19. package/dist/device-auth.d.ts +75 -0
  20. package/dist/device-auth.d.ts.map +1 -0
  21. package/dist/device-auth.js +167 -0
  22. package/dist/device-auth.js.map +1 -0
  23. package/dist/setup.js +10 -1
  24. package/dist/setup.js.map +1 -1
  25. package/dist/token-crypto.d.ts +50 -0
  26. package/dist/token-crypto.d.ts.map +1 -0
  27. package/dist/token-crypto.js +91 -0
  28. package/dist/token-crypto.js.map +1 -0
  29. package/dist/token-store.d.ts +98 -0
  30. package/dist/token-store.d.ts.map +1 -0
  31. package/dist/token-store.js +136 -0
  32. package/dist/token-store.js.map +1 -0
  33. package/package.json +1 -9
package/dist/auth.js CHANGED
@@ -17,6 +17,8 @@ import crypto from 'crypto';
17
17
  import open from 'open';
18
18
  import { storeIdToken, storeRefreshToken, getRefreshToken } from './config.js';
19
19
  import { cerr } from './console-prefix.js';
20
+ import { isNoBrowserEnv } from './auth-env.js';
21
+ import { requestDeviceCode, pollForDeviceToken, } from './device-auth.js';
20
22
  /**
21
23
  * Refresh-token-revoked / expired — the user must re-run `borg setup`
22
24
  * to recover. Anchored on Google's canonical signal: HTTP 400 + JSON
@@ -63,6 +65,14 @@ export class RefreshTransientError extends Error {
63
65
  // for installed/desktop applications. This follows industry standard (AWS CLI, gcloud, GitHub CLI)
64
66
  const GOOGLE_CLIENT_ID = '675073910799-41pbe12rfhqemidh64h09s4q3e0udpgp.apps.googleusercontent.com';
65
67
  const GOOGLE_CLIENT_SECRET = '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';
68
+ // gh#557 ESCALATION-1: the device-grant flow needs a SEPARATE Google OAuth
69
+ // client of type "TVs & Limited Input devices" — the Desktop/loopback client
70
+ // above rejects POST /device/code with invalid_client. That client does not
71
+ // exist yet (operator/Queen Cloud-Console action, sequenced with the publish),
72
+ // so this baked-in id is empty and the live id is taken from the
73
+ // GOOGLE_DEVICE_CLIENT_ID env. Once the operator creates the (public) client,
74
+ // set this constant to its id; the env then becomes an optional override.
75
+ const BAKED_IN_DEVICE_CLIENT_ID = '';
66
76
  const GOOGLE_AUTHORIZE_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
67
77
  const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
68
78
  const GOOGLE_REVOKE_URL = 'https://oauth2.googleapis.com/revoke';
@@ -225,9 +235,12 @@ async function revokeRefreshTokenAtGoogle(refreshToken) {
225
235
  }
226
236
  }
227
237
  /**
228
- * Perform complete OAuth authorization code flow with PKCE
229
- * Opens browser for user authorization
230
- * Stores tokens in OS keychain on success
238
+ * The browser/loopback OAuth flow (PKCE authorization-code). The DEFAULT
239
+ * path on a desktop with a browser; gh#557 dispatches here from
240
+ * `authenticateWithGoogle` unless the environment is browserless.
241
+ *
242
+ * Opens a browser for user authorization and stores tokens in the selected
243
+ * token backend on success.
231
244
  *
232
245
  * Force-fresh-consent discipline: before requesting new consent, this function
233
246
  * revokes any existing refresh_token at Google's revocation endpoint AND uses
@@ -239,7 +252,7 @@ async function revokeRefreshTokenAtGoogle(refreshToken) {
239
252
  * an id_token but no refresh_token, forcing manual re-setup after the ~1h
240
253
  * id_token TTL expires.)
241
254
  */
242
- export async function authenticateWithGoogle() {
255
+ async function authenticateWithBrowser() {
243
256
  cerr('\n◼ Borg MCP Authentication');
244
257
  cerr('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
245
258
  // Step 0: revoke any existing refresh_token to force Google to re-issue
@@ -303,6 +316,89 @@ export async function authenticateWithGoogle() {
303
316
  }
304
317
  cerr('\n◼ Authentication successful!\n');
305
318
  }
319
+ /**
320
+ * Decide whether to use the no-browser device-grant flow. An explicit
321
+ * `--no-browser`/`--device` (surfaced as opts.noBrowser) wins; otherwise
322
+ * auto-detect via isNoBrowserEnv (SSH session, container, headless Linux).
323
+ */
324
+ export function shouldUseDeviceFlow(opts) {
325
+ return opts?.noBrowser ?? isNoBrowserEnv();
326
+ }
327
+ /**
328
+ * Assemble the device-grant OAuth config from the environment. Enforces the
329
+ * gh#557 ESCALATION-1 gate: a "TVs & Limited Input devices" client id must be
330
+ * available (baked-in once the operator creates it, or via GOOGLE_DEVICE_CLIENT_ID).
331
+ * Without one we fail with an actionable error instead of hitting Google with
332
+ * the Desktop client, which rejects /device/code as invalid_client.
333
+ */
334
+ export function buildDeviceAuthConfig(env = process.env) {
335
+ const clientId = (env.GOOGLE_DEVICE_CLIENT_ID?.trim() || BAKED_IN_DEVICE_CLIENT_ID).trim();
336
+ if (!clientId) {
337
+ throw new Error('No-browser (device-grant) auth needs a Google "TVs & Limited Input devices" ' +
338
+ 'OAuth client. Set GOOGLE_DEVICE_CLIENT_ID in the environment, or run ' +
339
+ '`borg setup` on a machine with a browser. See docs/REMOTE_TERMINAL_AUTH.md.');
340
+ }
341
+ return {
342
+ clientId,
343
+ clientSecret: env.GOOGLE_DEVICE_CLIENT_SECRET?.trim() || undefined,
344
+ scopes: SCOPES,
345
+ };
346
+ }
347
+ /** Real sleep for the production device-poll loop. */
348
+ function defaultSleep(ms) {
349
+ return new Promise((resolve) => setTimeout(resolve, ms));
350
+ }
351
+ /**
352
+ * The RFC 8628 device-grant flow (no browser). Prints a verification URL +
353
+ * user_code for the human to open on ANY device, polls Google until they
354
+ * authorize, then stores tokens in the selected backend. Network deps are
355
+ * injectable for tests; the device-poll state machine itself lives in
356
+ * device-auth.ts (fully unit-tested).
357
+ */
358
+ export async function authenticateWithDeviceFlow(deps = { fetch, sleep: defaultSleep }, env = process.env) {
359
+ cerr('\n◼ Borg MCP Authentication (no-browser mode)');
360
+ cerr('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
361
+ const config = buildDeviceAuthConfig(env);
362
+ // Same force-fresh-consent discipline as the browser flow: revoke any
363
+ // existing refresh_token so Google re-issues one in the new grant.
364
+ const existingRefreshToken = await getRefreshToken();
365
+ if (existingRefreshToken) {
366
+ cerr('Revoking previous refresh_token to force fresh consent...');
367
+ await revokeRefreshTokenAtGoogle(existingRefreshToken);
368
+ }
369
+ const deviceCode = await requestDeviceCode(config, deps);
370
+ cerr('To authorize Borg MCP on this machine:');
371
+ cerr(` 1. On any device with a browser, open: ${deviceCode.verification_url}`);
372
+ cerr(` 2. Enter this code: ${deviceCode.user_code}\n`);
373
+ cerr('Waiting for authorization (this page can be open on your phone or laptop)...');
374
+ const tokens = await pollForDeviceToken(deviceCode, config, deps);
375
+ const expiresAt = Date.now() + tokens.expires_in * 1000;
376
+ await storeIdToken(tokens.id_token, expiresAt);
377
+ if (tokens.refresh_token) {
378
+ await storeRefreshToken(tokens.refresh_token);
379
+ }
380
+ else {
381
+ cerr('\n⚠ No refresh_token returned by Google.');
382
+ cerr(' Your session will expire after ~1 hour and require re-running');
383
+ cerr(' `borg setup`. Re-consent at https://myaccount.google.com/permissions');
384
+ cerr(' (remove "Borg MCP") then re-run setup to restore automatic token refresh.\n');
385
+ }
386
+ cerr('\n◼ Authentication successful!\n');
387
+ }
388
+ /**
389
+ * Perform the complete OAuth flow, choosing the browser/loopback flow or the
390
+ * no-browser device-grant flow based on the environment (gh#557). Stores
391
+ * tokens in the selected backend on success.
392
+ *
393
+ * @param opts.noBrowser force the device flow (`--no-browser`/`--device`);
394
+ * when omitted, the environment is auto-detected.
395
+ */
396
+ export async function authenticateWithGoogle(opts) {
397
+ if (shouldUseDeviceFlow(opts)) {
398
+ return authenticateWithDeviceFlow();
399
+ }
400
+ return authenticateWithBrowser();
401
+ }
306
402
  /**
307
403
  * Refresh ID token using refresh token (gh#34 hardened).
308
404
  *
package/dist/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAmC,MAAM,MAAM,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAE3C;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACrB;IAAmC;IAA/D,YAA4B,SAAiB,EAAkB,gBAAyB;QACtF,KAAK,CACH,gBAAgB;YACd,CAAC,CAAC,0BAA0B,SAAS,MAAM,gBAAgB,EAAE;YAC7D,CAAC,CAAC,0BAA0B,SAAS,GAAG,CAC3C,CAAC;QALwB,cAAS,GAAT,SAAS,CAAQ;QAAkB,qBAAgB,GAAhB,gBAAgB,CAAS;QAMtF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,iEAAiE;AACjE,uFAAuF;AACvF,mGAAmG;AACnG,MAAM,gBAAgB,GAAG,0EAA0E,CAAC;AACpG,MAAM,oBAAoB,GAAG,qCAAqC,CAAC;AAEnE,MAAM,oBAAoB,GAAG,8CAA8C,CAAC;AAC5E,MAAM,gBAAgB,GAAG,qCAAqC,CAAC;AAC/D,MAAM,iBAAiB,GAAG,sCAAsC,CAAC;AACjE,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAE9C,oDAAoD;AACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,cAAc,GAAG,IAAI,CAAC;AAc5B;;;GAGG;AACH,SAAS,YAAY;IACnB,oDAAoD;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,6DAA6D;IAC7D,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,QAAQ,CAAC;SAChB,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,yDAAyD;QACzD,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE;YACxB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB;IAIhC,4BAA4B;IAC5B,MAAM,IAAI,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAEvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;4BAIU,KAAK;;;;WAItB,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;WAOP,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;SAOP,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,IAAI,CAAC,iDAAiD,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,qEAAqE;QACrE,iEAAiE;QACjE,qCAAqC;QACrC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,YAAoB,EACpB,IAAY;IAEZ,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,gBAAgB;YAC3B,aAAa,EAAE,oBAAoB;YACnC,IAAI;YACJ,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,0BAA0B,CAAC,YAAoB;IAC5D,IAAI,CAAC;QACH,kEAAkE;QAClE,kEAAkE;QAClE,qEAAqE;QACrE,oEAAoE;QACpE,gEAAgE;QAChE,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC7B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,SAAS,kBAAkB,CAAC,YAAY,CAAC,EAAE;SAClD,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACpC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAEnD,wEAAwE;IACxE,sEAAsE;IACtE,6DAA6D;IAC7D,MAAM,oBAAoB,GAAG,MAAM,eAAe,EAAE,CAAC;IACrD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAClE,MAAM,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAE5B,0DAA0D;IAC1D,IAAI,CAAC,mCAAmC,CAAC,CAAC;IAC1C,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE1D,4DAA4D;IAC5D,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IACxD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAC9C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACxD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,wBAAwB;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yDAAyD;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC;IAE7D,uBAAuB;IACvB,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAClD,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACzC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAChC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE/B,sCAAsC;IACtC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC;IAE/B,mCAAmC;IACnC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAEzE,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3D,MAAM,YAAY,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,IAAI,SAAS,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,oEAAoE;QACpE,2DAA2D;QAC3D,kEAAkE;QAClE,iEAAiE;QACjE,2CAA2C;QAC3C,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAClD,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAC9D,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAC5D,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAC7D,IAAI,CAAC,iDAAiD,CAAC,CAAC;QACxD,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAClC,IAAI,CAAC,sDAAsD,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,kCAAkC,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAoB;IAEpB,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,gBAAgB;gBAC3B,aAAa,EAAE,oBAAoB;gBACnC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,gEAAgE;QAChE,4DAA4D;QAC5D,mCAAmC;QACnC,MAAM,IAAI,qBAAqB,CAC7B,yCAA0C,GAAa,EAAE,OAAO,IAAI,SAAS,EAAE,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,8DAA8D;QAC9D,gEAAgE;QAChE,uDAAuD;QACvD,IAAI,OAAO,GAA0D,IAAI,CAAC;QAC1E,IAAI,CAAC;YACH,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmD,CAAC;QACtF,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,qBAAqB,CAC7B,kCAAkC,QAAQ,CAAC,MAAM,kBAAkB,CACpE,CAAC;QACJ,CAAC;QACD,8DAA8D;QAC9D,+DAA+D;QAC/D,kEAAkE;QAClE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,OAAO,EAAE,KAAK,KAAK,eAAe,EAAE,CAAC;YAClE,MAAM,IAAI,wBAAwB,CAAC,eAAe,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,IAAI,qBAAqB,CAC7B,kCAAkC,QAAQ,CAAC,MAAM,GAAG,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAClG,CAAC;IACJ,CAAC;IAED,IAAI,IAAwE,CAAC;IAC7E,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,qBAAqB,CAC7B,uCAAwC,GAAa,EAAE,OAAO,IAAI,SAAS,EAAE,CAC9E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,qBAAqB,CAC7B,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAEtD,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,4DAA4D;IAC5D,+DAA+D;IAC/D,+DAA+D;IAC/D,kEAAkE;IAClE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,oBAAoB,GAAG,MAAM,eAAe,EAAE,CAAC;QACrD,MAAM,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,0DAA0D;YAC1D,8DAA8D;YAC9D,wBAAwB;YACxB,IAAI,oBAAoB,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,iBAAiB,CAAC,oBAAoB,CAAC,CAAC;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,wDAAwD;gBAC1D,CAAC;YACH,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,OAAO;IACT,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAmC,MAAM,MAAM,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GAGnB,MAAM,kBAAkB,CAAC;AAE1B;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACrB;IAAmC;IAA/D,YAA4B,SAAiB,EAAkB,gBAAyB;QACtF,KAAK,CACH,gBAAgB;YACd,CAAC,CAAC,0BAA0B,SAAS,MAAM,gBAAgB,EAAE;YAC7D,CAAC,CAAC,0BAA0B,SAAS,GAAG,CAC3C,CAAC;QALwB,cAAS,GAAT,SAAS,CAAQ;QAAkB,qBAAgB,GAAhB,gBAAgB,CAAS;QAMtF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,iEAAiE;AACjE,uFAAuF;AACvF,mGAAmG;AACnG,MAAM,gBAAgB,GAAG,0EAA0E,CAAC;AACpG,MAAM,oBAAoB,GAAG,qCAAqC,CAAC;AAEnE,2EAA2E;AAC3E,6EAA6E;AAC7E,4EAA4E;AAC5E,+EAA+E;AAC/E,iEAAiE;AACjE,8EAA8E;AAC9E,0EAA0E;AAC1E,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,MAAM,oBAAoB,GAAG,8CAA8C,CAAC;AAC5E,MAAM,gBAAgB,GAAG,qCAAqC,CAAC;AAC/D,MAAM,iBAAiB,GAAG,sCAAsC,CAAC;AACjE,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAE9C,oDAAoD;AACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,cAAc,GAAG,IAAI,CAAC;AAc5B;;;GAGG;AACH,SAAS,YAAY;IACnB,oDAAoD;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,6DAA6D;IAC7D,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,QAAQ,CAAC;SAChB,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,yDAAyD;QACzD,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE;YACxB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB;IAIhC,4BAA4B;IAC5B,MAAM,IAAI,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAEvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;4BAIU,KAAK;;;;WAItB,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;WAOP,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;SAOP,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,IAAI,CAAC,iDAAiD,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,qEAAqE;QACrE,iEAAiE;QACjE,qCAAqC;QACrC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,YAAoB,EACpB,IAAY;IAEZ,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,gBAAgB;YAC3B,aAAa,EAAE,oBAAoB;YACnC,IAAI;YACJ,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,0BAA0B,CAAC,YAAoB;IAC5D,IAAI,CAAC;QACH,kEAAkE;QAClE,kEAAkE;QAClE,qEAAqE;QACrE,oEAAoE;QACpE,gEAAgE;QAChE,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC7B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,SAAS,kBAAkB,CAAC,YAAY,CAAC,EAAE;SAClD,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,KAAK,UAAU,uBAAuB;IACpC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACpC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAEnD,wEAAwE;IACxE,sEAAsE;IACtE,6DAA6D;IAC7D,MAAM,oBAAoB,GAAG,MAAM,eAAe,EAAE,CAAC;IACrD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAClE,MAAM,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAE5B,0DAA0D;IAC1D,IAAI,CAAC,mCAAmC,CAAC,CAAC;IAC1C,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE1D,4DAA4D;IAC5D,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IACxD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAC9C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACxD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,wBAAwB;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yDAAyD;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC;IAE7D,uBAAuB;IACvB,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAClD,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACzC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAChC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE/B,sCAAsC;IACtC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC;IAE/B,mCAAmC;IACnC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAEzE,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3D,MAAM,YAAY,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,IAAI,SAAS,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,oEAAoE;QACpE,2DAA2D;QAC3D,kEAAkE;QAClE,iEAAiE;QACjE,2CAA2C;QAC3C,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAClD,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAC9D,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAC5D,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAC7D,IAAI,CAAC,iDAAiD,CAAC,CAAC;QACxD,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAClC,IAAI,CAAC,sDAAsD,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,kCAAkC,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAA8B;IAChE,OAAO,IAAI,EAAE,SAAS,IAAI,cAAc,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAyB,OAAO,CAAC,GAAG;IACxE,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,yBAAyB,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,8EAA8E;YAC5E,uEAAuE;YACvE,6EAA6E,CAChF,CAAC;IACJ,CAAC;IACD,OAAO;QACL,QAAQ;QACR,YAAY,EAAE,GAAG,CAAC,2BAA2B,EAAE,IAAI,EAAE,IAAI,SAAS;QAClE,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC;AAED,sDAAsD;AACtD,SAAS,YAAY,CAAC,EAAU;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,OAAuB,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,EACrD,MAAyB,OAAO,CAAC,GAAG;IAEpC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IACtD,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAE1C,sEAAsE;IACtE,mEAAmE;IACnE,MAAM,oBAAoB,GAAG,MAAM,eAAe,EAAE,CAAC;IACrD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAClE,MAAM,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEzD,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC/C,IAAI,CAAC,6CAA6C,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACjF,IAAI,CAAC,0BAA0B,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;IACzD,IAAI,CAAC,8EAA8E,CAAC,CAAC;IAErF,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAElE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;IACxD,MAAM,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE/C,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAClD,IAAI,CAAC,kEAAkE,CAAC,CAAC;QACzE,IAAI,CAAC,yEAAyE,CAAC,CAAC;QAChF,IAAI,CAAC,gFAAgF,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,CAAC,kCAAkC,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAA8B;IACzE,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,0BAA0B,EAAE,CAAC;IACtC,CAAC;IACD,OAAO,uBAAuB,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAoB;IAEpB,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,gBAAgB;gBAC3B,aAAa,EAAE,oBAAoB;gBACnC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,gEAAgE;QAChE,4DAA4D;QAC5D,mCAAmC;QACnC,MAAM,IAAI,qBAAqB,CAC7B,yCAA0C,GAAa,EAAE,OAAO,IAAI,SAAS,EAAE,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,8DAA8D;QAC9D,gEAAgE;QAChE,uDAAuD;QACvD,IAAI,OAAO,GAA0D,IAAI,CAAC;QAC1E,IAAI,CAAC;YACH,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmD,CAAC;QACtF,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,qBAAqB,CAC7B,kCAAkC,QAAQ,CAAC,MAAM,kBAAkB,CACpE,CAAC;QACJ,CAAC;QACD,8DAA8D;QAC9D,+DAA+D;QAC/D,kEAAkE;QAClE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,OAAO,EAAE,KAAK,KAAK,eAAe,EAAE,CAAC;YAClE,MAAM,IAAI,wBAAwB,CAAC,eAAe,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,IAAI,qBAAqB,CAC7B,kCAAkC,QAAQ,CAAC,MAAM,GAAG,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAClG,CAAC;IACJ,CAAC;IAED,IAAI,IAAwE,CAAC;IAC7E,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,qBAAqB,CAC7B,uCAAwC,GAAa,EAAE,OAAO,IAAI,SAAS,EAAE,CAC9E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,qBAAqB,CAC7B,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAEtD,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,4DAA4D;IAC5D,+DAA+D;IAC/D,+DAA+D;IAC/D,kEAAkE;IAClE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,oBAAoB,GAAG,MAAM,eAAe,EAAE,CAAC;QACrD,MAAM,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,0DAA0D;YAC1D,8DAA8D;YAC9D,wBAAwB;YACxB,IAAI,oBAAoB,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,iBAAiB,CAAC,oBAAoB,CAAC,CAAC;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,wDAAwD;gBAC1D,CAAC;YACH,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,OAAO;IACT,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC"}
package/dist/cli-help.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli-help.d.ts","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,wDAAwD;AACxD,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAE3D;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQrD"}
1
+ {"version":3,"file":"cli-help.d.ts","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,wDAAwD;AACxD,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAE3D;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAWrD"}
package/dist/cli-help.js CHANGED
@@ -17,8 +17,11 @@ export function isHelpFlag(arg) {
17
17
  export function setupHelpText(version) {
18
18
  return (`borg setup (borgmcp ${version}) — set up OAuth + register the borg MCP server\n\n` +
19
19
  `Usage:\n` +
20
- ` borg setup Run the interactive setup wizard (OAuth sign-in +\n` +
21
- ` register the borg MCP server with your agent CLI)\n` +
22
- ` borg setup --help Show this help\n`);
20
+ ` borg setup Run the interactive setup wizard (OAuth sign-in +\n` +
21
+ ` register the borg MCP server with your agent CLI)\n` +
22
+ ` borg setup --no-browser Sign in without a local browser (device-code flow)\n` +
23
+ ` for SSH / headless / container terminals. Alias: --device.\n` +
24
+ ` Auto-detected on SSH/headless; this forces it.\n` +
25
+ ` borg setup --help Show this help\n`);
23
26
  }
24
27
  //# sourceMappingURL=cli-help.js.map
package/dist/cli-help.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli-help.js","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,wDAAwD;AACxD,MAAM,UAAU,UAAU,CAAC,GAAuB;IAChD,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,CACL,uBAAuB,OAAO,qDAAqD;QACnF,UAAU;QACV,4EAA4E;QAC5E,4EAA4E;QAC5E,yCAAyC,CAC1C,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"cli-help.js","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,wDAAwD;AACxD,MAAM,UAAU,UAAU,CAAC,GAAuB;IAChD,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,CACL,uBAAuB,OAAO,qDAAqD;QACnF,UAAU;QACV,gFAAgF;QAChF,gFAAgF;QAChF,iFAAiF;QACjF,yFAAyF;QACzF,6EAA6E;QAC7E,6CAA6C,CAC9C,CAAC;AACJ,CAAC"}
package/dist/cli-platform.js CHANGED
@@ -43,7 +43,7 @@ export async function resolveCliChoice(explicit, deps) {
43
43
  return installed[0];
44
44
  }
45
45
  if (!deps.isTTY()) {
46
- throw new Error('Both Claude Code and Codex are installed. Pass --cli claude or --cli codex.');
46
+ throw new Error('Multiple agent CLIs detected. Pass --cli claude or --cli codex to choose.');
47
47
  }
48
48
  const answer = (await deps.prompt('Use which CLI for this project?\n 1) claude\n 2) codex\n[1]: ')).trim();
49
49
  const choice = answer === '' || answer === '1' || answer.toLowerCase() === 'claude'
package/dist/cli-platform.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli-platform.js","sourceRoot":"","sources":["../src/cli-platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAe9E,MAAM,UAAU,qBAAqB;IACnC,OAAO;QACL,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC;QAC7B,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAA6B;IAC7D,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,IAAI,YAAY,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,YAAY,CAAC,KAAK;QAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAA6B,EAC7B,IAAmB;IAEnB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;IAC3G,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,wBAAwB,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC1C,IAAI,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAExD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,iEAAiE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7G,MAAM,MAAM,GAAG,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ;QACjF,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,OAAO;YAClD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC;IACX,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,GAAG,CAAC,CAAC;IAC/D,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAA4C,EAAE,KAAoB;IACrG,OAAO;QACL,SAAS,EAAE,qBAAqB;QAChC,aAAa,EAAE,uBAAuB;QACtC,aAAa,EAAE,uBAAuB;QACtC,MAAM;QACN,KAAK;KACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAc;IACzC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,GAAwB,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;YAC3D,CAAC;YACD,GAAG,GAAG,IAAI,CAAC;YACX,CAAC,IAAI,CAAC,CAAC;QACT,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;gBAC5C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;YAC3D,CAAC;YACD,GAAG,GAAG,KAAK,CAAC;QACd,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACvB,CAAC"}
1
+ {"version":3,"file":"cli-platform.js","sourceRoot":"","sources":["../src/cli-platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAe9E,MAAM,UAAU,qBAAqB;IACnC,OAAO;QACL,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC;QAC7B,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAA6B;IAC7D,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,IAAI,YAAY,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,YAAY,CAAC,KAAK;QAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAA6B,EAC7B,IAAmB;IAEnB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;IAC3G,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,wBAAwB,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC1C,IAAI,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAExD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,iEAAiE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7G,MAAM,MAAM,GAAG,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ;QACjF,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,OAAO;YAClD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC;IACX,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,GAAG,CAAC,CAAC;IAC/D,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAA4C,EAAE,KAAoB;IACrG,OAAO;QACL,SAAS,EAAE,qBAAqB;QAChC,aAAa,EAAE,uBAAuB;QACtC,aAAa,EAAE,uBAAuB;QACtC,MAAM;QACN,KAAK;KACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAc;IACzC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,GAAwB,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;YAC3D,CAAC;YACD,GAAG,GAAG,IAAI,CAAC;YACX,CAAC,IAAI,CAAC,CAAC;QACT,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;gBAC5C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;YAC3D,CAAC;YACD,GAAG,GAAG,KAAK,CAAC;QACd,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACvB,CAAC"}
package/dist/config.d.ts CHANGED
@@ -1,27 +1,30 @@
1
1
  /**
2
- * Store Google OAuth ID token securely in the OS keychain.
2
+ * Store Google OAuth ID token securely in the selected backend.
3
3
  */
4
4
  export declare function storeIdToken(idToken: string, expiresAt: number): Promise<void>;
5
5
  /**
6
- * Store Google OAuth refresh token securely in the OS keychain.
6
+ * Store Google OAuth refresh token securely in the selected backend.
7
7
  */
8
8
  export declare function storeRefreshToken(refreshToken: string): Promise<void>;
9
9
  /**
10
- * Retrieve the Google OAuth ID token from the OS keychain.
11
- * Returns null if not stored or expired (5-minute buffer).
10
+ * Retrieve the Google OAuth ID token.
12
11
  *
13
- * `getPassword` on a missing entry returns null/undefined depending
14
- * on platform binding; normalize with `?? null` so the caller
15
- * contract (`string | null`) is platform-stable.
12
+ * A caller-managed token (BORG_TOKEN / BORG_TOKEN_FILE) takes precedence and
13
+ * is returned verbatim the caller owns its freshness, so the expiry buffer
14
+ * does not apply. Otherwise reads the persistent backend and returns null if
15
+ * not stored or within the 5-minute expiry buffer.
16
16
  */
17
17
  export declare function getIdToken(): Promise<string | null>;
18
18
  /**
19
- * Retrieve the Google OAuth refresh token from the OS keychain.
19
+ * Retrieve the Google OAuth refresh token. There is no refresh_token in
20
+ * caller-managed mode (the externally-supplied id_token has no refresh
21
+ * counterpart), so this returns null whenever a caller-managed token is set.
20
22
  */
21
23
  export declare function getRefreshToken(): Promise<string | null>;
22
24
  /**
23
- * Clear all stored tokens from the OS keychain. Idempotent — calling
24
- * on an already-empty keychain is a no-op (NoEntry errors absorbed).
25
+ * Clear all stored tokens from the selected backend. Idempotent — clearing
26
+ * an already-empty store is a no-op. Does not touch caller-managed env vars
27
+ * (those are the caller's to manage).
25
28
  */
26
29
  export declare function clearTokens(): Promise<void>;
27
30
  /**
package/dist/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAuDA;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE3E;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAiBzD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE9D;AAED;;;GAGG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAIjD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAGxD"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAkGA;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIpF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAG3E;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBzD;AAED;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAI9D;AAED;;;;GAIG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAKjD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAGxD"}
package/dist/config.js CHANGED
@@ -1,79 +1,117 @@
1
1
  /**
2
- * Secure token storage using OS keychain.
2
+ * Secure token storage.
3
3
  *
4
- * Uses @napi-rs/keyring (NAPI-RS binding over the Rust `keyring-rs`
5
- * crate) for cross-platform credential storage:
6
- * - macOS: Keychain Services
7
- * - Windows: Credential Vault (Credential Manager)
8
- * - Linux: Secret Service (libsecret / gnome-keyring)
4
+ * The public API (storeIdToken / getIdToken / getRefreshToken / clearTokens /
5
+ * isAuthenticated) is unchanged; what changed in gh#557 is what sits beneath
6
+ * it. Three storage paths, in precedence order:
9
7
  *
10
- * Migrated from `keytar` in 0.7.2 (gh#22). Same encryption-at-rest
11
- * shape as keytar (delegates to the platform's native keychain
12
- * service); eliminates the maintenance-orphaned keytar + prebuild-
13
- * install dependency chain.
8
+ * 1. Caller-managed (read-only): if BORG_TOKEN / BORG_TOKEN_FILE supplies an
9
+ * id_token, it's served verbatim no keychain, no expiry check, no
10
+ * refresh_token. The caller owns the token's lifecycle (CI, containers,
11
+ * `borg --token-file`).
12
+ * 2. OS keychain (default): @napi-rs/keyring — real platform at-rest
13
+ * encryption (macOS Keychain / Windows Credential Vault / libsecret).
14
+ * 3. Encrypted file (fallback): ~/.borg/credentials, AES-256-GCM under a
15
+ * machine-derived key, 0600. Engages only when no keychain is available
16
+ * (headless Linux without Secret Service). Obfuscation-grade — see
17
+ * token-crypto.ts.
14
18
  *
15
- * `AsyncEntry` is used (over the sync `Entry` class) so the public
16
- * API surface every function below is `async` — stays identical
17
- * to the pre-migration shape. No call sites needed to change.
19
+ * The persistent backend (2 or 3) is selected once per process and memoized.
20
+ * BORG_TOKEN_STORE=keychain|file forces the choice and skips the probe.
18
21
  */
19
- import { AsyncEntry } from '@napi-rs/keyring';
20
- const SERVICE_NAME = 'borg-mcp';
22
+ import os from 'os';
23
+ import path from 'path';
24
+ import { promises as fsp } from 'fs';
25
+ import { isKeyringAvailable } from './auth-env.js';
26
+ import { deriveMachineKey } from './token-crypto.js';
27
+ import { makeKeychainBackend, makeEncryptedFileBackend, selectTokenBackend, readCallerManagedIdToken, } from './token-store.js';
21
28
  const ID_TOKEN_ACCOUNT = 'google-id-token';
22
29
  const REFRESH_TOKEN_ACCOUNT = 'google-refresh-token';
23
30
  const TOKEN_EXPIRY_ACCOUNT = 'token-expiry';
24
- /**
25
- * Build an AsyncEntry bound to the borg-mcp service + given account.
26
- * One per call site rather than module-level singletons so the
27
- * underlying Rust handle isn't held longer than necessary.
28
- */
29
- function entry(account) {
30
- return new AsyncEntry(SERVICE_NAME, account);
31
+ /** Where the encrypted-file fallback lives when no keychain is available. */
32
+ function credentialsPath() {
33
+ return path.join(os.homedir(), '.borg', 'credentials');
31
34
  }
32
- /**
33
- * `@napi-rs/keyring`'s `deletePassword` returns a `NoEntry` error
34
- * when the entry doesn't exist. `keytar.deletePassword` returned
35
- * `false` silently in the same case. We preserve the silent-on-
36
- * missing semantic so `clearTokens()` stays idempotent across
37
- * repeat calls.
38
- *
39
- * Other errors (platform unavailable, ambiguous credential, etc.)
40
- * propagate — fail-loud is correct for those classes.
41
- */
42
- async function deleteIfExists(account) {
43
- try {
44
- await entry(account).deletePassword();
45
- }
46
- catch (err) {
47
- const msg = String(err?.message ?? '');
48
- if (/no entry|not found/i.test(msg))
49
- return;
50
- throw err;
35
+ /** Production fs adapter for the encrypted-file backend. */
36
+ const nodeFs = {
37
+ readFile: (filePath) => fsp.readFile(filePath, 'utf8'),
38
+ writeFile: async (filePath, data, mode) => {
39
+ // `mode` on writeFile only applies when the file is CREATED; chmod after
40
+ // guarantees 0600 even when rewriting an existing credentials file.
41
+ await fsp.writeFile(filePath, data, { mode });
42
+ await fsp.chmod(filePath, mode);
43
+ },
44
+ mkdir: async (dir, mode) => {
45
+ await fsp.mkdir(dir, { recursive: true, mode });
46
+ },
47
+ };
48
+ /** Map the user-facing BORG_TOKEN_STORE value to a forced backend, if valid. */
49
+ function parseForcedStore(value) {
50
+ const v = value?.trim().toLowerCase();
51
+ if (v === 'keychain')
52
+ return 'keychain';
53
+ if (v === 'file' || v === 'encrypted-file')
54
+ return 'file';
55
+ return undefined;
56
+ }
57
+ // Memoized persistent-backend selection (one keychain probe per process).
58
+ let backendPromise = null;
59
+ function getBackend() {
60
+ if (!backendPromise) {
61
+ backendPromise = selectTokenBackend({
62
+ keyringAvailable: () => isKeyringAvailable(),
63
+ makeKeychain: () => makeKeychainBackend(),
64
+ makeFile: () => makeEncryptedFileBackend({
65
+ filePath: credentialsPath(),
66
+ key: deriveMachineKey({
67
+ hostname: os.hostname(),
68
+ username: os.userInfo().username,
69
+ platform: process.platform,
70
+ }),
71
+ fs: nodeFs,
72
+ }),
73
+ forced: parseForcedStore(process.env.BORG_TOKEN_STORE),
74
+ });
51
75
  }
76
+ return backendPromise;
77
+ }
78
+ /** Caller-managed id_token (BORG_TOKEN / BORG_TOKEN_FILE), or null. */
79
+ function callerManagedIdToken() {
80
+ return readCallerManagedIdToken({
81
+ env: process.env,
82
+ readFile: (filePath) => fsp.readFile(filePath, 'utf8'),
83
+ });
52
84
  }
53
85
  /**
54
- * Store Google OAuth ID token securely in the OS keychain.
86
+ * Store Google OAuth ID token securely in the selected backend.
55
87
  */
56
88
  export async function storeIdToken(idToken, expiresAt) {
57
- await entry(ID_TOKEN_ACCOUNT).setPassword(idToken);
58
- await entry(TOKEN_EXPIRY_ACCOUNT).setPassword(expiresAt.toString());
89
+ const backend = await getBackend();
90
+ await backend.set(ID_TOKEN_ACCOUNT, idToken);
91
+ await backend.set(TOKEN_EXPIRY_ACCOUNT, expiresAt.toString());
59
92
  }
60
93
  /**
61
- * Store Google OAuth refresh token securely in the OS keychain.
94
+ * Store Google OAuth refresh token securely in the selected backend.
62
95
  */
63
96
  export async function storeRefreshToken(refreshToken) {
64
- await entry(REFRESH_TOKEN_ACCOUNT).setPassword(refreshToken);
97
+ const backend = await getBackend();
98
+ await backend.set(REFRESH_TOKEN_ACCOUNT, refreshToken);
65
99
  }
66
100
  /**
67
- * Retrieve the Google OAuth ID token from the OS keychain.
68
- * Returns null if not stored or expired (5-minute buffer).
101
+ * Retrieve the Google OAuth ID token.
69
102
  *
70
- * `getPassword` on a missing entry returns null/undefined depending
71
- * on platform binding; normalize with `?? null` so the caller
72
- * contract (`string | null`) is platform-stable.
103
+ * A caller-managed token (BORG_TOKEN / BORG_TOKEN_FILE) takes precedence and
104
+ * is returned verbatim the caller owns its freshness, so the expiry buffer
105
+ * does not apply. Otherwise reads the persistent backend and returns null if
106
+ * not stored or within the 5-minute expiry buffer.
73
107
  */
74
108
  export async function getIdToken() {
75
- const token = (await entry(ID_TOKEN_ACCOUNT).getPassword()) ?? null;
76
- const expiryStr = (await entry(TOKEN_EXPIRY_ACCOUNT).getPassword()) ?? null;
109
+ const callerManaged = await callerManagedIdToken();
110
+ if (callerManaged)
111
+ return callerManaged;
112
+ const backend = await getBackend();
113
+ const token = await backend.get(ID_TOKEN_ACCOUNT);
114
+ const expiryStr = await backend.get(TOKEN_EXPIRY_ACCOUNT);
77
115
  if (!token || !expiryStr) {
78
116
  return null;
79
117
  }
@@ -86,19 +124,26 @@ export async function getIdToken() {
86
124
  return token;
87
125
  }
88
126
  /**
89
- * Retrieve the Google OAuth refresh token from the OS keychain.
127
+ * Retrieve the Google OAuth refresh token. There is no refresh_token in
128
+ * caller-managed mode (the externally-supplied id_token has no refresh
129
+ * counterpart), so this returns null whenever a caller-managed token is set.
90
130
  */
91
131
  export async function getRefreshToken() {
92
- return (await entry(REFRESH_TOKEN_ACCOUNT).getPassword()) ?? null;
132
+ if (await callerManagedIdToken())
133
+ return null;
134
+ const backend = await getBackend();
135
+ return backend.get(REFRESH_TOKEN_ACCOUNT);
93
136
  }
94
137
  /**
95
- * Clear all stored tokens from the OS keychain. Idempotent — calling
96
- * on an already-empty keychain is a no-op (NoEntry errors absorbed).
138
+ * Clear all stored tokens from the selected backend. Idempotent — clearing
139
+ * an already-empty store is a no-op. Does not touch caller-managed env vars
140
+ * (those are the caller's to manage).
97
141
  */
98
142
  export async function clearTokens() {
99
- await deleteIfExists(ID_TOKEN_ACCOUNT);
100
- await deleteIfExists(REFRESH_TOKEN_ACCOUNT);
101
- await deleteIfExists(TOKEN_EXPIRY_ACCOUNT);
143
+ const backend = await getBackend();
144
+ await backend.delete(ID_TOKEN_ACCOUNT);
145
+ await backend.delete(REFRESH_TOKEN_ACCOUNT);
146
+ await backend.delete(TOKEN_EXPIRY_ACCOUNT);
102
147
  }
103
148
  /**
104
149
  * Check if user has valid authentication.
package/dist/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAG9C,MAAM,YAAY,GAAG,UAAU,CAAC;AAChC,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;AAC3C,MAAM,qBAAqB,GAAG,sBAAsB,CAAC;AACrD,MAAM,oBAAoB,GAAG,cAAc,CAAC;AAE5C;;;;GAIG;AACH,SAAS,KAAK,CAAC,OAAe;IAC5B,OAAO,IAAI,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe;IAC3C,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;QACvC,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO;QAC5C,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,SAAiB;IACnE,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,CAAC,oBAAoB,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,YAAoB;IAC1D,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,KAAK,GAAG,CAAC,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,IAAI,CAAC;IACpE,MAAM,SAAS,GAAG,CAAC,MAAM,KAAK,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5E,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,oDAAoD;IACpD,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,OAAO,CAAC,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,IAAI,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACvC,MAAM,cAAc,CAAC,qBAAqB,CAAC,CAAC;IAC5C,MAAM,cAAc,CAAC,oBAAoB,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,MAAM,UAAU,EAAE,CAAC;IACjC,OAAO,KAAK,KAAK,IAAI,CAAC;AACxB,CAAC"}
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,QAAQ,IAAI,GAAG,EAAE,MAAM,IAAI,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EACL,mBAAmB,EACnB,wBAAwB,EACxB,kBAAkB,EAClB,wBAAwB,GAIzB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;AAC3C,MAAM,qBAAqB,GAAG,sBAAsB,CAAC;AACrD,MAAM,oBAAoB,GAAG,cAAc,CAAC;AAE5C,6EAA6E;AAC7E,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AACzD,CAAC;AAED,4DAA4D;AAC5D,MAAM,MAAM,GAAgB;IAC1B,QAAQ,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IACtD,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxC,yEAAyE;QACzE,oEAAoE;QACpE,MAAM,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IACD,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;CACF,CAAC;AAEF,gFAAgF;AAChF,SAAS,gBAAgB,CAAC,KAAyB;IACjD,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtC,IAAI,CAAC,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,gBAAgB;QAAE,OAAO,MAAM,CAAC;IAC1D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,0EAA0E;AAC1E,IAAI,cAAc,GAAiC,IAAI,CAAC;AACxD,SAAS,UAAU;IACjB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,kBAAkB,CAAC;YAClC,gBAAgB,EAAE,GAAG,EAAE,CAAC,kBAAkB,EAAE;YAC5C,YAAY,EAAE,GAAG,EAAE,CAAC,mBAAmB,EAAE;YACzC,QAAQ,EAAE,GAAG,EAAE,CACb,wBAAwB,CAAC;gBACvB,QAAQ,EAAE,eAAe,EAAE;gBAC3B,GAAG,EAAE,gBAAgB,CAAC;oBACpB,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE;oBACvB,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC;gBACF,EAAE,EAAE,MAAM;aACX,CAAC;YACJ,MAAM,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;SACvD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,uEAAuE;AACvE,SAAS,oBAAoB;IAC3B,OAAO,wBAAwB,CAAC;QAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,QAAQ,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KACvD,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,SAAiB;IACnE,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,YAAoB;IAC1D,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,aAAa,GAAG,MAAM,oBAAoB,EAAE,CAAC;IACnD,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAE1D,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,oDAAoD;IACpD,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,MAAM,oBAAoB,EAAE;QAAE,OAAO,IAAI,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,MAAM,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACvC,MAAM,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC5C,MAAM,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,MAAM,UAAU,EAAE,CAAC;IACjC,OAAO,KAAK,KAAK,IAAI,CAAC;AACxB,CAAC"}
package/dist/device-auth.d.ts ADDED
@@ -0,0 +1,75 @@
1
+ /**
2
+ * gh#557 — Google OAuth 2.0 Device Authorization Grant (RFC 8628).
3
+ *
4
+ * The no-browser counterpart to the loopback flow in auth.ts. Instead of
5
+ * opening a browser and listening on localhost, the device flow:
6
+ * 1. asks Google for a device_code + a short human-typable user_code,
7
+ * 2. prints a verification URL + the user_code for the human to open on
8
+ * ANY device (their phone, a laptop with a browser), and
9
+ * 3. polls Google's token endpoint until the human authorizes (or the
10
+ * code expires / is denied).
11
+ *
12
+ * This module is decoupled from the live Google client: `fetch`, `sleep`,
13
+ * and `now` are injected, and the client_id / client_secret / endpoints
14
+ * come from the caller. The live device flow needs a Google OAuth client
15
+ * of type "TVs & Limited Input devices" (a separate GOOGLE_DEVICE_CLIENT_ID
16
+ * — Desktop/loopback clients reject /device/code with invalid_client); the
17
+ * wiring layer supplies those credentials. Everything here is unit-tested
18
+ * against a mocked Google.
19
+ */
20
+ /**
21
+ * Failure of the device-grant flow. `code` is Google's OAuth error code
22
+ * where one exists (`access_denied`, `expired_token`, `invalid_client`,
23
+ * `slow_down`, `authorization_pending`) or a synthetic code for
24
+ * transport/shape failures (`device_code_request_failed`,
25
+ * `device_token_request_failed`, `malformed_token_response`).
26
+ *
27
+ * Token material is never placed in the message — only Google's error
28
+ * code + description, mirroring RefreshTokenInvalidError's discipline.
29
+ */
30
+ export declare class DeviceAuthError extends Error {
31
+ readonly code: string;
32
+ constructor(code: string, message?: string);
33
+ }
34
+ export interface DeviceAuthConfig {
35
+ clientId: string;
36
+ /** Limited-Input clients are issued a secret; included in the token poll. */
37
+ clientSecret?: string;
38
+ scopes: string[];
39
+ /** Overridable for tests; defaults to Google's production endpoints. */
40
+ deviceCodeUrl?: string;
41
+ tokenUrl?: string;
42
+ }
43
+ export interface DeviceAuthDeps {
44
+ fetch: typeof fetch;
45
+ sleep: (ms: number) => Promise<void>;
46
+ /** Monotonic-ish clock for the local expiry deadline; defaults to Date.now. */
47
+ now?: () => number;
48
+ }
49
+ export interface DeviceCodeResponse {
50
+ device_code: string;
51
+ user_code: string;
52
+ /** Google returns `verification_url` (not the RFC's `verification_uri`). */
53
+ verification_url: string;
54
+ expires_in: number;
55
+ interval: number;
56
+ }
57
+ export interface DeviceTokenResult {
58
+ id_token: string;
59
+ refresh_token?: string;
60
+ expires_in: number;
61
+ }
62
+ /**
63
+ * Step 1 — request a device_code + user_code from Google.
64
+ */
65
+ export declare function requestDeviceCode(config: DeviceAuthConfig, deps: DeviceAuthDeps): Promise<DeviceCodeResponse>;
66
+ /**
67
+ * Step 2 — poll Google's token endpoint until the user authorizes the
68
+ * device_code, honoring the RFC 8628 poll semantics.
69
+ *
70
+ * Sleeps `interval` BEFORE each poll (never hammers immediately). A local
71
+ * deadline derived from `expires_in` bounds the loop so a code the user
72
+ * abandons can't poll forever even if Google never returns expired_token.
73
+ */
74
+ export declare function pollForDeviceToken(deviceCode: DeviceCodeResponse, config: DeviceAuthConfig, deps: DeviceAuthDeps): Promise<DeviceTokenResult>;
75
+ //# sourceMappingURL=device-auth.d.ts.map
package/dist/device-auth.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-auth.d.ts","sourceRoot":"","sources":["../src/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAQH;;;;;;;;;GASG;AACH,qBAAa,eAAgB,SAAQ,KAAK;aACZ,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM;CAI3D;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,6EAA6E;IAC7E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,OAAO,KAAK,CAAC;IACpB,KAAK,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,+EAA+E;IAC/E,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,4EAA4E;IAC5E,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAiD7B;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,kBAAkB,EAC9B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,iBAAiB,CAAC,CA4E5B"}