npm - codex-multi-auth - Versions diffs - 0.1.0 - Mend

codex-multi-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (327) hide show

package/LICENSE +1 -0
package/README.md +162 -0
package/assets/opencode-logo-ornate-dark.svg +18 -0
package/assets/readme-hero.svg +31 -0
package/config/README.md +87 -0
package/config/minimal-opencode.json +13 -0
package/config/opencode-legacy.json +571 -0
package/config/opencode-modern.json +239 -0
package/dist/index.d.ts +45 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3160 -0
package/dist/index.js.map +1 -0
package/dist/lib/accounts/rate-limits.d.ts +22 -0
package/dist/lib/accounts/rate-limits.d.ts.map +1 -0
package/dist/lib/accounts/rate-limits.js +63 -0
package/dist/lib/accounts/rate-limits.js.map +1 -0
package/dist/lib/accounts.d.ts +95 -0
package/dist/lib/accounts.d.ts.map +1 -0
package/dist/lib/accounts.js +668 -0
package/dist/lib/accounts.js.map +1 -0
package/dist/lib/audit.d.ts +45 -0
package/dist/lib/audit.d.ts.map +1 -0
package/dist/lib/audit.js +131 -0
package/dist/lib/audit.js.map +1 -0
package/dist/lib/auth/auth.d.ts +56 -0
package/dist/lib/auth/auth.d.ts.map +1 -0
package/dist/lib/auth/auth.js +214 -0
package/dist/lib/auth/auth.js.map +1 -0
package/dist/lib/auth/browser.d.ts +34 -0
package/dist/lib/auth/browser.d.ts.map +1 -0
package/dist/lib/auth/browser.js +185 -0
package/dist/lib/auth/browser.js.map +1 -0
package/dist/lib/auth/server.d.ts +24 -0
package/dist/lib/auth/server.d.ts.map +1 -0
package/dist/lib/auth/server.js +116 -0
package/dist/lib/auth/server.js.map +1 -0
package/dist/lib/auth/token-utils.d.ts +59 -0
package/dist/lib/auth/token-utils.d.ts.map +1 -0
package/dist/lib/auth/token-utils.js +331 -0
package/dist/lib/auth/token-utils.js.map +1 -0
package/dist/lib/auth-rate-limit.d.ts +20 -0
package/dist/lib/auth-rate-limit.d.ts.map +1 -0
package/dist/lib/auth-rate-limit.js +91 -0
package/dist/lib/auth-rate-limit.js.map +1 -0
package/dist/lib/auto-update-checker.d.ts +10 -0
package/dist/lib/auto-update-checker.d.ts.map +1 -0
package/dist/lib/auto-update-checker.js +216 -0
package/dist/lib/auto-update-checker.js.map +1 -0
package/dist/lib/capability-policy.d.ts +18 -0
package/dist/lib/capability-policy.d.ts.map +1 -0
package/dist/lib/capability-policy.js +150 -0
package/dist/lib/capability-policy.js.map +1 -0
package/dist/lib/circuit-breaker.d.ts +34 -0
package/dist/lib/circuit-breaker.d.ts.map +1 -0
package/dist/lib/circuit-breaker.js +124 -0
package/dist/lib/circuit-breaker.js.map +1 -0
package/dist/lib/cli.d.ts +64 -0
package/dist/lib/cli.d.ts.map +1 -0
package/dist/lib/cli.js +274 -0
package/dist/lib/cli.js.map +1 -0
package/dist/lib/codex-cli/observability.d.ts +22 -0
package/dist/lib/codex-cli/observability.d.ts.map +1 -0
package/dist/lib/codex-cli/observability.js +36 -0
package/dist/lib/codex-cli/observability.js.map +1 -0
package/dist/lib/codex-cli/state.d.ts +86 -0
package/dist/lib/codex-cli/state.d.ts.map +1 -0
package/dist/lib/codex-cli/state.js +470 -0
package/dist/lib/codex-cli/state.js.map +1 -0
package/dist/lib/codex-cli/sync.d.ts +27 -0
package/dist/lib/codex-cli/sync.d.ts.map +1 -0
package/dist/lib/codex-cli/sync.js +325 -0
package/dist/lib/codex-cli/sync.js.map +1 -0
package/dist/lib/codex-cli/writer.d.ts +12 -0
package/dist/lib/codex-cli/writer.d.ts.map +1 -0
package/dist/lib/codex-cli/writer.js +388 -0
package/dist/lib/codex-cli/writer.js.map +1 -0
package/dist/lib/codex-manager.d.ts +2 -0
package/dist/lib/codex-manager.d.ts.map +1 -0
package/dist/lib/codex-manager.js +4841 -0
package/dist/lib/codex-manager.js.map +1 -0
package/dist/lib/config.d.ts +269 -0
package/dist/lib/config.d.ts.map +1 -0
package/dist/lib/config.js +789 -0
package/dist/lib/config.js.map +1 -0
package/dist/lib/constants.d.ts +78 -0
package/dist/lib/constants.d.ts.map +1 -0
package/dist/lib/constants.js +78 -0
package/dist/lib/constants.js.map +1 -0
package/dist/lib/context-overflow.d.ts +27 -0
package/dist/lib/context-overflow.d.ts.map +1 -0
package/dist/lib/context-overflow.js +124 -0
package/dist/lib/context-overflow.js.map +1 -0
package/dist/lib/dashboard-settings.d.ts +90 -0
package/dist/lib/dashboard-settings.d.ts.map +1 -0
package/dist/lib/dashboard-settings.js +327 -0
package/dist/lib/dashboard-settings.js.map +1 -0
package/dist/lib/entitlement-cache.d.ts +41 -0
package/dist/lib/entitlement-cache.d.ts.map +1 -0
package/dist/lib/entitlement-cache.js +137 -0
package/dist/lib/entitlement-cache.js.map +1 -0
package/dist/lib/errors.d.ts +113 -0
package/dist/lib/errors.d.ts.map +1 -0
package/dist/lib/errors.js +103 -0
package/dist/lib/errors.js.map +1 -0
package/dist/lib/forecast.d.ts +42 -0
package/dist/lib/forecast.d.ts.map +1 -0
package/dist/lib/forecast.js +256 -0
package/dist/lib/forecast.js.map +1 -0
package/dist/lib/health.d.ts +33 -0
package/dist/lib/health.d.ts.map +1 -0
package/dist/lib/health.js +70 -0
package/dist/lib/health.js.map +1 -0
package/dist/lib/index.d.ts +32 -0
package/dist/lib/index.d.ts.map +1 -0
package/dist/lib/index.js +32 -0
package/dist/lib/index.js.map +1 -0
package/dist/lib/live-account-sync.d.ts +39 -0
package/dist/lib/live-account-sync.d.ts.map +1 -0
package/dist/lib/live-account-sync.js +196 -0
package/dist/lib/live-account-sync.js.map +1 -0
package/dist/lib/logger.d.ts +40 -0
package/dist/lib/logger.d.ts.map +1 -0
package/dist/lib/logger.js +364 -0
package/dist/lib/logger.js.map +1 -0
package/dist/lib/oauth-success.html +338 -0
package/dist/lib/parallel-probe.d.ts +28 -0
package/dist/lib/parallel-probe.d.ts.map +1 -0
package/dist/lib/parallel-probe.js +97 -0
package/dist/lib/parallel-probe.js.map +1 -0
package/dist/lib/preemptive-quota-scheduler.d.ts +53 -0
package/dist/lib/preemptive-quota-scheduler.d.ts.map +1 -0
package/dist/lib/preemptive-quota-scheduler.js +220 -0
package/dist/lib/preemptive-quota-scheduler.js.map +1 -0
package/dist/lib/proactive-refresh.d.ts +66 -0
package/dist/lib/proactive-refresh.d.ts.map +1 -0
package/dist/lib/proactive-refresh.js +143 -0
package/dist/lib/proactive-refresh.js.map +1 -0
package/dist/lib/prompts/codex-opencode-bridge.d.ts +19 -0
package/dist/lib/prompts/codex-opencode-bridge.d.ts.map +1 -0
package/dist/lib/prompts/codex-opencode-bridge.js +169 -0
package/dist/lib/prompts/codex-opencode-bridge.js.map +1 -0
package/dist/lib/prompts/codex.d.ts +41 -0
package/dist/lib/prompts/codex.d.ts.map +1 -0
package/dist/lib/prompts/codex.js +383 -0
package/dist/lib/prompts/codex.js.map +1 -0
package/dist/lib/prompts/opencode-codex.d.ts +25 -0
package/dist/lib/prompts/opencode-codex.d.ts.map +1 -0
package/dist/lib/prompts/opencode-codex.js +270 -0
package/dist/lib/prompts/opencode-codex.js.map +1 -0
package/dist/lib/quota-cache.d.ts +68 -0
package/dist/lib/quota-cache.d.ts.map +1 -0
package/dist/lib/quota-cache.js +224 -0
package/dist/lib/quota-cache.js.map +1 -0
package/dist/lib/quota-probe.d.ts +49 -0
package/dist/lib/quota-probe.d.ts.map +1 -0
package/dist/lib/quota-probe.js +368 -0
package/dist/lib/quota-probe.js.map +1 -0
package/dist/lib/recovery/constants.d.ts +12 -0
package/dist/lib/recovery/constants.d.ts.map +1 -0
package/dist/lib/recovery/constants.js +31 -0
package/dist/lib/recovery/constants.js.map +1 -0
package/dist/lib/recovery/index.d.ts +12 -0
package/dist/lib/recovery/index.d.ts.map +1 -0
package/dist/lib/recovery/index.js +12 -0
package/dist/lib/recovery/index.js.map +1 -0
package/dist/lib/recovery/storage.d.ts +24 -0
package/dist/lib/recovery/storage.d.ts.map +1 -0
package/dist/lib/recovery/storage.js +362 -0
package/dist/lib/recovery/storage.js.map +1 -0
package/dist/lib/recovery/types.d.ts +116 -0
package/dist/lib/recovery/types.d.ts.map +1 -0
package/dist/lib/recovery/types.js +7 -0
package/dist/lib/recovery/types.js.map +1 -0
package/dist/lib/recovery.d.ts +31 -0
package/dist/lib/recovery.d.ts.map +1 -0
package/dist/lib/recovery.js +313 -0
package/dist/lib/recovery.js.map +1 -0
package/dist/lib/refresh-guardian.d.ts +31 -0
package/dist/lib/refresh-guardian.d.ts.map +1 -0
package/dist/lib/refresh-guardian.js +151 -0
package/dist/lib/refresh-guardian.js.map +1 -0
package/dist/lib/refresh-lease.d.ts +37 -0
package/dist/lib/refresh-lease.d.ts.map +1 -0
package/dist/lib/refresh-lease.js +335 -0
package/dist/lib/refresh-lease.js.map +1 -0
package/dist/lib/refresh-queue.d.ts +117 -0
package/dist/lib/refresh-queue.d.ts.map +1 -0
package/dist/lib/refresh-queue.js +297 -0
package/dist/lib/refresh-queue.js.map +1 -0
package/dist/lib/request/failure-policy.d.ts +42 -0
package/dist/lib/request/failure-policy.d.ts.map +1 -0
package/dist/lib/request/failure-policy.js +133 -0
package/dist/lib/request/failure-policy.js.map +1 -0
package/dist/lib/request/fetch-helpers.d.ts +152 -0
package/dist/lib/request/fetch-helpers.d.ts.map +1 -0
package/dist/lib/request/fetch-helpers.js +704 -0
package/dist/lib/request/fetch-helpers.js.map +1 -0
package/dist/lib/request/helpers/input-utils.d.ts +7 -0
package/dist/lib/request/helpers/input-utils.d.ts.map +1 -0
package/dist/lib/request/helpers/input-utils.js +214 -0
package/dist/lib/request/helpers/input-utils.js.map +1 -0
package/dist/lib/request/helpers/model-map.d.ts +28 -0
package/dist/lib/request/helpers/model-map.d.ts.map +1 -0
package/dist/lib/request/helpers/model-map.js +133 -0
package/dist/lib/request/helpers/model-map.js.map +1 -0
package/dist/lib/request/helpers/tool-utils.d.ts +29 -0
package/dist/lib/request/helpers/tool-utils.d.ts.map +1 -0
package/dist/lib/request/helpers/tool-utils.js +117 -0
package/dist/lib/request/helpers/tool-utils.js.map +1 -0
package/dist/lib/request/rate-limit-backoff.d.ts +17 -0
package/dist/lib/request/rate-limit-backoff.d.ts.map +1 -0
package/dist/lib/request/rate-limit-backoff.js +83 -0
package/dist/lib/request/rate-limit-backoff.js.map +1 -0
package/dist/lib/request/request-transformer.d.ts +107 -0
package/dist/lib/request/request-transformer.d.ts.map +1 -0
package/dist/lib/request/request-transformer.js +814 -0
package/dist/lib/request/request-transformer.js.map +1 -0
package/dist/lib/request/response-handler.d.ts +23 -0
package/dist/lib/request/response-handler.d.ts.map +1 -0
package/dist/lib/request/response-handler.js +155 -0
package/dist/lib/request/response-handler.js.map +1 -0
package/dist/lib/request/stream-failover.d.ts +21 -0
package/dist/lib/request/stream-failover.d.ts.map +1 -0
package/dist/lib/request/stream-failover.js +204 -0
package/dist/lib/request/stream-failover.js.map +1 -0
package/dist/lib/rotation.d.ts +146 -0
package/dist/lib/rotation.d.ts.map +1 -0
package/dist/lib/rotation.js +321 -0
package/dist/lib/rotation.js.map +1 -0
package/dist/lib/runtime-paths.d.ts +58 -0
package/dist/lib/runtime-paths.d.ts.map +1 -0
package/dist/lib/runtime-paths.js +164 -0
package/dist/lib/runtime-paths.js.map +1 -0
package/dist/lib/schemas.d.ts +435 -0
package/dist/lib/schemas.d.ts.map +1 -0
package/dist/lib/schemas.js +268 -0
package/dist/lib/schemas.js.map +1 -0
package/dist/lib/session-affinity.d.ts +23 -0
package/dist/lib/session-affinity.d.ts.map +1 -0
package/dist/lib/session-affinity.js +127 -0
package/dist/lib/session-affinity.js.map +1 -0
package/dist/lib/shutdown.d.ts +7 -0
package/dist/lib/shutdown.d.ts.map +1 -0
package/dist/lib/shutdown.js +43 -0
package/dist/lib/shutdown.js.map +1 -0
package/dist/lib/storage/migrations.d.ts +59 -0
package/dist/lib/storage/migrations.d.ts.map +1 -0
package/dist/lib/storage/migrations.js +41 -0
package/dist/lib/storage/migrations.js.map +1 -0
package/dist/lib/storage/paths.d.ts +51 -0
package/dist/lib/storage/paths.d.ts.map +1 -0
package/dist/lib/storage/paths.js +152 -0
package/dist/lib/storage/paths.js.map +1 -0
package/dist/lib/storage.d.ts +106 -0
package/dist/lib/storage.d.ts.map +1 -0
package/dist/lib/storage.js +896 -0
package/dist/lib/storage.js.map +1 -0
package/dist/lib/table-formatter.d.ts +32 -0
package/dist/lib/table-formatter.d.ts.map +1 -0
package/dist/lib/table-formatter.js +44 -0
package/dist/lib/table-formatter.js.map +1 -0
package/dist/lib/tools/hashline-tools.d.ts +51 -0
package/dist/lib/tools/hashline-tools.d.ts.map +1 -0
package/dist/lib/tools/hashline-tools.js +456 -0
package/dist/lib/tools/hashline-tools.js.map +1 -0
package/dist/lib/types.d.ts +130 -0
package/dist/lib/types.d.ts.map +1 -0
package/dist/lib/types.js +2 -0
package/dist/lib/types.js.map +1 -0
package/dist/lib/ui/ansi.d.ts +40 -0
package/dist/lib/ui/ansi.d.ts.map +1 -0
package/dist/lib/ui/ansi.js +68 -0
package/dist/lib/ui/ansi.js.map +1 -0
package/dist/lib/ui/auth-menu.d.ts +76 -0
package/dist/lib/ui/auth-menu.d.ts.map +1 -0
package/dist/lib/ui/auth-menu.js +590 -0
package/dist/lib/ui/auth-menu.js.map +1 -0
package/dist/lib/ui/confirm.d.ts +11 -0
package/dist/lib/ui/confirm.d.ts.map +1 -0
package/dist/lib/ui/confirm.js +29 -0
package/dist/lib/ui/confirm.js.map +1 -0
package/dist/lib/ui/copy.d.ts +123 -0
package/dist/lib/ui/copy.d.ts.map +1 -0
package/dist/lib/ui/copy.js +127 -0
package/dist/lib/ui/copy.js.map +1 -0
package/dist/lib/ui/format.d.ts +62 -0
package/dist/lib/ui/format.d.ts.map +1 -0
package/dist/lib/ui/format.js +205 -0
package/dist/lib/ui/format.js.map +1 -0
package/dist/lib/ui/runtime.d.ts +43 -0
package/dist/lib/ui/runtime.d.ts.map +1 -0
package/dist/lib/ui/runtime.js +69 -0
package/dist/lib/ui/runtime.js.map +1 -0
package/dist/lib/ui/select.d.ts +60 -0
package/dist/lib/ui/select.d.ts.map +1 -0
package/dist/lib/ui/select.js +467 -0
package/dist/lib/ui/select.js.map +1 -0
package/dist/lib/ui/theme.d.ts +56 -0
package/dist/lib/ui/theme.d.ts.map +1 -0
package/dist/lib/ui/theme.js +186 -0
package/dist/lib/ui/theme.js.map +1 -0
package/dist/lib/unified-settings.d.ts +71 -0
package/dist/lib/unified-settings.d.ts.map +1 -0
package/dist/lib/unified-settings.js +299 -0
package/dist/lib/unified-settings.js.map +1 -0
package/dist/lib/utils.d.ts +29 -0
package/dist/lib/utils.d.ts.map +1 -0
package/dist/lib/utils.js +54 -0
package/dist/lib/utils.js.map +1 -0
package/package.json +115 -0
package/scripts/audit-dev-allowlist.js +128 -0
package/scripts/bench-format/hashline-v2.mjs +642 -0
package/scripts/bench-format/models.mjs +105 -0
package/scripts/bench-format/opencode.mjs +205 -0
package/scripts/bench-format/render.mjs +496 -0
package/scripts/bench-format/stats.mjs +54 -0
package/scripts/bench-format/tasks.mjs +151 -0
package/scripts/benchmark-edit-formats.mjs +1161 -0
package/scripts/benchmark-render-dashboard.mjs +49 -0
package/scripts/codex-multi-auth.js +6 -0
package/scripts/codex-routing.js +34 -0
package/scripts/codex.js +122 -0
package/scripts/copy-oauth-success.js +37 -0
package/scripts/install-opencode-codex-auth.js +193 -0
package/scripts/test-all-models.sh +7 -0
package/scripts/test-model-matrix.js +424 -0
package/scripts/validate-model-map.sh +7 -0

package/dist/lib/auth/browser.js ADDED Viewed

@@ -0,0 +1,185 @@
+/**
+ * Browser utilities for OAuth flow
+ * Handles platform-specific browser opening
+ */
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { PLATFORM_OPENERS } from "../constants.js";
+/**
+ * Gets the platform-specific command to open a URL in the default browser
+ * @returns Browser opener command for the current platform
+ */
+export function getBrowserOpener() {
+    const platform = process.platform;
+    if (platform === "darwin")
+        return PLATFORM_OPENERS.darwin;
+    if (platform === "win32")
+        return PLATFORM_OPENERS.win32;
+    return PLATFORM_OPENERS.linux;
+}
+/**
+ * Determines whether a given command name exists on the system PATH.
+ *
+ * @param command - The command name to check.
+ * @returns `true` if a matching executable is found on PATH (on Windows this includes PATHEXT extensions or the literal `"start"`), `false` otherwise.
+ *
+ * Concurrency: result reflects the current filesystem state and may change after return; no atomicity guarantees.
+ * Windows filesystem behavior: resolves executable candidates using PATHEXT extensions.
+ * Token handling: the `command` string is used verbatim for lookup and is not redacted or modified.
+ */
+function commandExists(command) {
+    if (!command)
+        return false;
+    /* v8 ignore start -- unreachable: openBrowserUrl uses PowerShell on win32 */
+    if (process.platform === "win32" && command.toLowerCase() === "start") {
+        return true;
+    }
+    /* v8 ignore stop */
+    const pathValue = process.env.PATH || "";
+    const entries = pathValue.split(path.delimiter).filter(Boolean);
+    if (entries.length === 0)
+        return false;
+    /* v8 ignore start -- unreachable: openBrowserUrl uses PowerShell on win32 */
+    if (process.platform === "win32") {
+        const pathext = (process.env.PATHEXT || ".EXE;.CMD;.BAT;.COM")
+            .split(";")
+            .filter(Boolean);
+        const hasExtension = /\.[^\\/]+$/.test(command);
+        for (const entry of entries) {
+            if (hasExtension) {
+                const directCandidate = path.join(entry, command);
+                if (fs.existsSync(directCandidate))
+                    return true;
+                continue;
+            }
+            for (const ext of pathext) {
+                const candidate = path.join(entry, `${command}${ext}`);
+                if (fs.existsSync(candidate))
+                    return true;
+            }
+        }
+        return false;
+    }
+    /* v8 ignore stop */
+    for (const entry of entries) {
+        const candidate = path.join(entry, command);
+        try {
+            const stats = fs.statSync(candidate);
+            if (!stats.isFile())
+                continue;
+            // On POSIX, ensure at least one executable bit is set.
+            if ((stats.mode & 0o111) === 0)
+                continue;
+            return true;
+        }
+        catch {
+            continue;
+        }
+    }
+    return false;
+}
+/**
+ * Launches the user's default browser to open the provided URL using a platform-appropriate command.
+ *
+ * This is a best-effort, fire-and-forget launcher: it attempts a platform-specific spawn and ignores
+ * child-process errors. On Windows it uses PowerShell `Start-Process` with PowerShell meta-character
+ * escaping to reduce shell/filesystem quirks. Callers must redact any sensitive tokens (for example,
+ * OAuth codes) from `url` before calling. Invocations are not atomic—concurrent calls may race but are
+ * safe to perform.
+ *
+ * @param url - The URL to open; redact sensitive tokens (e.g., OAuth codes) before passing.
+ * @returns `true` if a browser launch was attempted, `false` if no suitable opener was available or an exception occurred.
+ */
+export function openBrowserUrl(url) {
+    try {
+        // Windows: use PowerShell Start-Process to avoid cmd/start quirks with URLs containing '&' or ':'
+        if (process.platform === "win32") {
+            if (!commandExists("powershell.exe")) {
+                return false;
+            }
+            // Escape PowerShell special characters: backticks, double quotes, and $ (sub-expression injection)
+            const psUrl = url
+                .replace(/`/g, "``")
+                .replace(/\$/g, "`$")
+                .replace(/"/g, '""');
+            const child = spawn("powershell.exe", ["-NoLogo", "-NoProfile", "-Command", `Start-Process "${psUrl}"`], { stdio: "ignore" });
+            child.on("error", () => { });
+            return true;
+        }
+        const opener = getBrowserOpener();
+        if (!commandExists(opener)) {
+            return false;
+        }
+        const child = spawn(opener, [url], {
+            stdio: "ignore",
+            shell: false,
+        });
+        child.on("error", () => { });
+        return true;
+    }
+    catch {
+        // Silently fail - user can manually open the URL from instructions
+        return false;
+    }
+}
+/**
+ * Copy text into the system clipboard using a best-effort, platform-specific command.
+ *
+ * On Windows the text is escaped for PowerShell to avoid interpretation of special characters.
+ * This function makes no guarantees of atomicity across processes; concurrent invocations may interleave.
+ * Clipboard contents are not redacted or logged — callers must mask or remove sensitive tokens before calling.
+ *
+ * @param text - The text to copy; falsy or empty values produce no action
+ * @returns `true` if a clipboard command was launched, `false` otherwise
+ */
+export function copyTextToClipboard(text) {
+    try {
+        if (!text)
+            return false;
+        if (process.platform === "win32") {
+            if (!commandExists("powershell.exe")) {
+                return false;
+            }
+            const psText = text
+                .replace(/`/g, "``")
+                .replace(/\$/g, "`$")
+                .replace(/"/g, '""');
+            const child = spawn("powershell.exe", ["-NoLogo", "-NoProfile", "-Command", `Set-Clipboard -Value "${psText}"`], { stdio: "ignore" });
+            child.on("error", () => { });
+            return true;
+        }
+        if (process.platform === "darwin") {
+            if (!commandExists("pbcopy"))
+                return false;
+            const child = spawn("pbcopy", [], {
+                stdio: ["pipe", "ignore", "ignore"],
+                shell: false,
+            });
+            child.on("error", () => { });
+            child.stdin?.end(text);
+            return true;
+        }
+        const linuxClipboardCommands = [
+            { command: "wl-copy", args: [] },
+            { command: "xclip", args: ["-selection", "clipboard"] },
+            { command: "xsel", args: ["--clipboard", "--input"] },
+        ];
+        for (const { command, args } of linuxClipboardCommands) {
+            if (!commandExists(command))
+                continue;
+            const child = spawn(command, args, {
+                stdio: ["pipe", "ignore", "ignore"],
+                shell: false,
+            });
+            child.on("error", () => { });
+            child.stdin?.end(text);
+            return true;
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=browser.js.map

package/dist/lib/auth/browser.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"browser.js","sourceRoot":"","sources":["../../../lib/auth/browser.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC;IAC1D,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,gBAAgB,CAAC,KAAK,CAAC;IACxD,OAAO,gBAAgB,CAAC,KAAK,CAAC;AAC/B,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,aAAa,CAAC,OAAe;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,6EAA6E;IAC7E,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QACvE,OAAO,IAAI,CAAC;IACb,CAAC;IACD,oBAAoB;IAEpB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvC,6EAA6E;IAC7E,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,qBAAqB,CAAC;aAC5D,KAAK,CAAC,GAAG,CAAC;aACV,MAAM,CAAC,OAAO,CAAC,CAAC;QAClB,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,YAAY,EAAE,CAAC;gBAClB,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAChD,SAAS;YACV,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,GAAG,GAAG,EAAE,CAAC,CAAC;gBACvD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC3C,CAAC;QACF,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IACD,oBAAoB;IAEpB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC;YACJ,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;gBAAE,SAAS;YAC9B,uDAAuD;YACvD,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACzC,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,SAAS;QACV,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACzC,IAAI,CAAC;QACJ,kGAAkG;QAClG,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAClC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACd,CAAC;YACD,mGAAmG;YACnG,MAAM,KAAK,GAAG,GAAG;iBACf,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;iBACnB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC;iBACpB,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACtB,MAAM,KAAK,GAAG,KAAK,CAClB,gBAAgB,EAChB,CAAC,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,KAAK,GAAG,CAAC,EACjE,EAAE,KAAK,EAAE,QAAQ,EAAE,CACnB,CAAC;YACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC5B,OAAO,IAAI,CAAC;QACb,CAAC;QAGD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE;YAClC,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,KAAK;SACZ,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACR,mEAAmE;QACnE,OAAO,KAAK,CAAC;IACd,CAAC;AACF,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC/C,IAAI,CAAC;QACJ,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAClC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACd,CAAC;YACD,MAAM,MAAM,GAAG,IAAI;iBACjB,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;iBACnB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC;iBACpB,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACtB,MAAM,KAAK,GAAG,KAAK,CAClB,gBAAgB,EAChB,CAAC,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,yBAAyB,MAAM,GAAG,CAAC,EACzE,EAAE,KAAK,EAAE,QAAQ,EAAE,CACnB,CAAC;YACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC5B,OAAO,IAAI,CAAC;QACb,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE;gBACjC,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;gBACnC,KAAK,EAAE,KAAK;aACZ,CAAC,CAAC;YACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACb,CAAC;QAED,MAAM,sBAAsB,GAA+C;YAC1E,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE;YAChC,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC,EAAE;YACvD,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,aAAa,EAAE,SAAS,CAAC,EAAE;SACrD,CAAC;QACF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,sBAAsB,EAAE,CAAC;YACxD,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;gBAAE,SAAS;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBAClC,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;gBACnC,KAAK,EAAE,KAAK;aACZ,CAAC,CAAC;YACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAC;IACd,CAAC;AACF,CAAC"}

package/dist/lib/auth/server.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { OAuthServerInfo } from "../types.js";
+/**
+ * Start a local HTTP server that captures an OAuth authorization code sent to /auth/callback.
+ *
+ * The server validates the `state` query parameter, serves a static success page for valid callbacks,
+ * and retains a single authorization code on the server instance until consumed via `waitForCode`.
+ * Only one code is stored at a time; call `close` to abort polling and shut down the server.
+ *
+ * On platforms such as Windows, binding to 127.0.0.1:1455 may fail if another process holds the port
+ * or if firewall/antivirus restrictions prevent local binding; in that case the returned `ready`
+ * flag is `false` to allow a manual paste fallback.
+ *
+ * Captured authorization codes are secrets and must be treated accordingly; callers should redact
+ * them from logs and error messages.
+ *
+ * @param options - Object with a `state` string used to validate the OAuth redirect
+ * @returns An OAuthServerInfo describing the server: `port` (1455), `ready` (boolean), a `close`
+ *          function to abort polling and close the server, and `waitForCode` which returns
+ *          `{ code: string }` when a code becomes available or `null` on timeout/abort.
+ */
+export declare function startLocalOAuthServer({ state }: {
+    state: string;
+}): Promise<OAuthServerInfo>;
+//# sourceMappingURL=server.d.ts.map

package/dist/lib/auth/server.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAOnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,qBAAqB,CAAC,EAAE,KAAK,EAAE,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CA4F5F"}

package/dist/lib/auth/server.js ADDED Viewed

@@ -0,0 +1,116 @@
+import http from "node:http";
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { logError, logWarn } from "../logger.js";
+// Resolve path to oauth-success.html (one level up from auth/ subfolder)
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const successHtml = fs.readFileSync(path.join(__dirname, "..", "oauth-success.html"), "utf-8");
+/**
+ * Start a local HTTP server that captures an OAuth authorization code sent to /auth/callback.
+ *
+ * The server validates the `state` query parameter, serves a static success page for valid callbacks,
+ * and retains a single authorization code on the server instance until consumed via `waitForCode`.
+ * Only one code is stored at a time; call `close` to abort polling and shut down the server.
+ *
+ * On platforms such as Windows, binding to 127.0.0.1:1455 may fail if another process holds the port
+ * or if firewall/antivirus restrictions prevent local binding; in that case the returned `ready`
+ * flag is `false` to allow a manual paste fallback.
+ *
+ * Captured authorization codes are secrets and must be treated accordingly; callers should redact
+ * them from logs and error messages.
+ *
+ * @param options - Object with a `state` string used to validate the OAuth redirect
+ * @returns An OAuthServerInfo describing the server: `port` (1455), `ready` (boolean), a `close`
+ *          function to abort polling and close the server, and `waitForCode` which returns
+ *          `{ code: string }` when a code becomes available or `null` on timeout/abort.
+ */
+export function startLocalOAuthServer({ state }) {
+    let pollAborted = false;
+    const server = http.createServer((req, res) => {
+        try {
+            const url = new URL(req.url || "", "http://localhost");
+            if (url.pathname !== "/auth/callback") {
+                res.statusCode = 404;
+                res.end("Not found");
+                return;
+            }
+            if (url.searchParams.get("state") !== state) {
+                res.statusCode = 400;
+                res.end("State mismatch");
+                return;
+            }
+            const code = url.searchParams.get("code");
+            if (!code) {
+                res.statusCode = 400;
+                res.end("Missing authorization code");
+                return;
+            }
+            res.statusCode = 200;
+            res.setHeader("Content-Type", "text/html; charset=utf-8");
+            res.setHeader("X-Frame-Options", "DENY");
+            res.setHeader("X-Content-Type-Options", "nosniff");
+            res.setHeader("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; script-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'");
+            res.end(successHtml);
+            const trackedServer = server;
+            if (trackedServer._lastCode) {
+                logWarn("Duplicate OAuth callback received; preserving first authorization code");
+                return;
+            }
+            trackedServer._lastCode = code;
+        }
+        catch (err) {
+            logError(`Request handler error: ${err?.message ?? String(err)}`);
+            res.statusCode = 500;
+            res.end("Internal error");
+        }
+    });
+    server.unref();
+    return new Promise((resolve) => {
+        server
+            .listen(1455, "127.0.0.1", () => {
+            resolve({
+                port: 1455,
+                ready: true,
+                close: () => {
+                    pollAborted = true;
+                    server.close();
+                },
+                waitForCode: async () => {
+                    const POLL_INTERVAL_MS = 100;
+                    const TIMEOUT_MS = 5 * 60 * 1000;
+                    const maxIterations = Math.floor(TIMEOUT_MS / POLL_INTERVAL_MS);
+                    const poll = () => new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+                    for (let i = 0; i < maxIterations; i++) {
+                        if (pollAborted)
+                            return null;
+                        const lastCode = server._lastCode;
+                        if (lastCode)
+                            return { code: lastCode };
+                        await poll();
+                    }
+                    logWarn("OAuth poll timeout after 5 minutes");
+                    return null;
+                },
+            });
+        })
+            .on("error", (err) => {
+            logError(`Failed to bind http://127.0.0.1:1455 (${err?.code}). Falling back to manual paste.`);
+            resolve({
+                port: 1455,
+                ready: false,
+                close: () => {
+                    pollAborted = true;
+                    try {
+                        server.close();
+                    }
+                    catch (closeErr) {
+                        logError(`Failed to close OAuth server: ${closeErr?.message ?? String(closeErr)}`);
+                    }
+                },
+                waitForCode: () => Promise.resolve(null),
+            });
+        });
+    });
+}
+//# sourceMappingURL=server.js.map

package/dist/lib/auth/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEjD,yEAAyE;AACzE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC;AAE/F;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAE,KAAK,EAAqB;IACjE,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7C,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBACvC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACR,CAAC;YACD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC7C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC1B,OAAO;YACR,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBACtC,OAAO;YACR,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;YAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;YACzC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;YACnD,GAAG,CAAC,SAAS,CACZ,yBAAyB,EACzB,4KAA4K,CAC5K,CAAC;YACF,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACrB,MAAM,aAAa,GAAG,MAA8C,CAAC;YACrE,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC7B,OAAO,CAAC,wEAAwE,CAAC,CAAC;gBAClF,OAAO;YACR,CAAC;YACD,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,QAAQ,CAAC,0BAA2B,GAAa,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7E,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3B,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,EAAE,CAAC;IAEf,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM;aACJ,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YAC/B,OAAO,CAAC;gBACP,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,GAAG,EAAE;oBACX,WAAW,GAAG,IAAI,CAAC;oBACnB,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChB,CAAC;gBACD,WAAW,EAAE,KAAK,IAAI,EAAE;oBACvB,MAAM,gBAAgB,GAAG,GAAG,CAAC;oBAC7B,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;oBACjC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,gBAAgB,CAAC,CAAC;oBAChE,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC;oBAC7E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;wBACxC,IAAI,WAAW;4BAAE,OAAO,IAAI,CAAC;wBAC7B,MAAM,QAAQ,GAAI,MAA+C,CAAC,SAAS,CAAC;wBAC5E,IAAI,QAAQ;4BAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;wBACxC,MAAM,IAAI,EAAE,CAAC;oBACd,CAAC;oBACD,OAAO,CAAC,oCAAoC,CAAC,CAAC;oBAC9C,OAAO,IAAI,CAAC;gBACb,CAAC;aACD,CAAC,CAAC;QACJ,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAC3C,QAAQ,CACP,yCAAyC,GAAG,EAAE,IAAI,kCAAkC,CACpF,CAAC;YACF,OAAO,CAAC;gBACP,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,GAAG,EAAE;oBACX,WAAW,GAAG,IAAI,CAAC;oBACnB,IAAI,CAAC;wBACJ,MAAM,CAAC,KAAK,EAAE,CAAC;oBAChB,CAAC;oBAAC,OAAO,QAAQ,EAAE,CAAC;wBACnB,QAAQ,CACP,iCAAkC,QAAkB,EAAE,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CACnF,CAAC;oBACH,CAAC;gBACF,CAAC;gBACD,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;aACxC,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACJ,CAAC"}

package/dist/lib/auth/token-utils.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * Token utility functions for JWT parsing and account ID extraction.
+ * Extracted from accounts.ts to reduce module size and improve cohesion.
+ */
+import type { AccountIdSource } from "../types.js";
+/**
+ * Account ID candidate from token or organization data.
+ */
+export interface AccountIdCandidate {
+    accountId: string;
+    label: string;
+    source: AccountIdSource;
+    isDefault?: boolean;
+    isPersonal?: boolean;
+}
+/**
+ * Select the best workspace candidate for OAuth account binding.
+ * Preference order:
+ * 1) org default that is not personal
+ * 2) org default (any)
+ * 3) id_token candidate
+ * 4) non-personal org candidate
+ * 5) token candidate
+ * 6) first candidate
+ */
+export declare function selectBestAccountCandidate(candidates: AccountIdCandidate[]): AccountIdCandidate | undefined;
+/**
+ * Extracts the ChatGPT account ID from a JWT access token.
+ * @param accessToken - JWT access token from OAuth flow
+ * @returns Account ID string or undefined if not found
+ */
+export declare function extractAccountId(accessToken?: string): string | undefined;
+/**
+ * Extracts the email address from OAuth tokens.
+ * Checks id_token first (where OpenAI puts email), then falls back to access_token.
+ */
+export declare function extractAccountEmail(accessToken?: string, idToken?: string): string | undefined;
+/**
+ * Extracts all accountId candidates from access/id tokens.
+ * Used to support business workspaces/organizations that are not the token default.
+ */
+export declare function getAccountIdCandidates(accessToken?: string, idToken?: string): AccountIdCandidate[];
+/**
+ * Determines if accountId should be updated from a token-derived value.
+ * We keep org/manual selections stable across refreshes.
+ */
+export declare function shouldUpdateAccountIdFromToken(source: AccountIdSource | undefined, currentAccountId?: string): boolean;
+/**
+ * Resolve which accountId to use for runtime API calls.
+ * Preserves explicit org/manual selections; only token/id_token sources auto-follow token changes.
+ */
+export declare function resolveRequestAccountId(storedAccountId: string | undefined, source: AccountIdSource | undefined, tokenAccountId: string | undefined): string | undefined;
+/**
+ * Sanitizes an email address by trimming whitespace and lowercasing.
+ * @param email - Email string to sanitize
+ * @returns Sanitized email or undefined if invalid
+ */
+export declare function sanitizeEmail(email: string | undefined): string | undefined;
+//# sourceMappingURL=token-utils.d.ts.map

package/dist/lib/auth/token-utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-utils.d.ts","sourceRoot":"","sources":["../../../lib/auth/token-utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAc,MAAM,aAAa,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,eAAe,CAAC;IACxB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;CACrB;AAoND;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CACzC,UAAU,EAAE,kBAAkB,EAAE,GAC9B,kBAAkB,GAAG,SAAS,CA8BhC;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAKzE;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAuB9F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACrC,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,GACd,kBAAkB,EAAE,CA+BtB;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC7C,MAAM,EAAE,eAAe,GAAG,SAAS,EACnC,gBAAgB,CAAC,EAAE,MAAM,GACvB,OAAO,CAIT;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACtC,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,MAAM,EAAE,eAAe,GAAG,SAAS,EACnC,cAAc,EAAE,MAAM,GAAG,SAAS,GAChC,MAAM,GAAG,SAAS,CAMpB;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAK3E"}