npm - daemora - Versions diffs - 1.0.0-alpha.0 - Mend

daemora 1.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1238) hide show

package/LICENSE +661 -0
package/README.md +645 -0
package/crew/_template/plugin.json +18 -0
package/crew/analyst/plugin.json +29 -0
package/crew/architect/plugin.json +29 -0
package/crew/assistant/plugin.json +29 -0
package/crew/backend/plugin.json +31 -0
package/crew/devops/plugin.json +30 -0
package/crew/facebook/plugin.json +36 -0
package/crew/frontend/plugin.json +30 -0
package/crew/github/plugin.json +18 -0
package/crew/gmail/plugin.json +34 -0
package/crew/google-calendar/plugin.json +26 -0
package/crew/google-services/plugin.json +25 -0
package/crew/imessage/plugin.json +24 -0
package/crew/instagram/plugin.json +34 -0
package/crew/linkedin/plugin.json +24 -0
package/crew/meeting-attendant/plugin.json +27 -0
package/crew/notifications/plugin.json +23 -0
package/crew/notion/plugin.json +18 -0
package/crew/planner/plugin.json +25 -0
package/crew/reddit/plugin.json +32 -0
package/crew/researcher/plugin.json +29 -0
package/crew/reviewer/plugin.json +29 -0
package/crew/security/plugin.json +30 -0
package/crew/smart-home/plugin.json +23 -0
package/crew/ssh-remote/plugin.json +28 -0
package/crew/tiktok/plugin.json +26 -0
package/crew/twitter/plugin.json +46 -0
package/crew/video-editor/plugin.json +19 -0
package/crew/video-editor/rules/3d.md +86 -0
package/crew/video-editor/rules/animations.md +31 -0
package/crew/video-editor/rules/assets/charts-bar-chart.tsx +173 -0
package/crew/video-editor/rules/assets/text-animations-typewriter.tsx +100 -0
package/crew/video-editor/rules/assets/text-animations-word-highlight.tsx +103 -0
package/crew/video-editor/rules/assets.md +78 -0
package/crew/video-editor/rules/audio-visualization.md +198 -0
package/crew/video-editor/rules/audio.md +169 -0
package/crew/video-editor/rules/calculate-metadata.md +134 -0
package/crew/video-editor/rules/can-decode.md +81 -0
package/crew/video-editor/rules/charts.md +120 -0
package/crew/video-editor/rules/compositions.md +154 -0
package/crew/video-editor/rules/cursor-and-clicks.md +108 -0
package/crew/video-editor/rules/display-captions.md +184 -0
package/crew/video-editor/rules/extract-frames.md +229 -0
package/crew/video-editor/rules/ffmpeg.md +34 -0
package/crew/video-editor/rules/focus-zoom.md +108 -0
package/crew/video-editor/rules/fonts.md +152 -0
package/crew/video-editor/rules/get-audio-duration.md +58 -0
package/crew/video-editor/rules/get-video-dimensions.md +68 -0
package/crew/video-editor/rules/get-video-duration.md +60 -0
package/crew/video-editor/rules/gifs.md +141 -0
package/crew/video-editor/rules/images.md +134 -0
package/crew/video-editor/rules/import-srt-captions.md +69 -0
package/crew/video-editor/rules/light-leaks.md +73 -0
package/crew/video-editor/rules/lottie.md +70 -0
package/crew/video-editor/rules/maps.md +412 -0
package/crew/video-editor/rules/measuring-dom-nodes.md +34 -0
package/crew/video-editor/rules/measuring-text.md +140 -0
package/crew/video-editor/rules/parameters.md +109 -0
package/crew/video-editor/rules/sequencing.md +118 -0
package/crew/video-editor/rules/sfx.md +30 -0
package/crew/video-editor/rules/silence-detection.md +71 -0
package/crew/video-editor/rules/subtitles.md +36 -0
package/crew/video-editor/rules/tailwind.md +11 -0
package/crew/video-editor/rules/text-animations.md +20 -0
package/crew/video-editor/rules/theme-switching.md +103 -0
package/crew/video-editor/rules/timing.md +136 -0
package/crew/video-editor/rules/transcribe-captions.md +70 -0
package/crew/video-editor/rules/transitions.md +197 -0
package/crew/video-editor/rules/transparent-videos.md +106 -0
package/crew/video-editor/rules/trimming.md +51 -0
package/crew/video-editor/rules/ui-chrome.md +139 -0
package/crew/video-editor/rules/videos.md +171 -0
package/crew/video-editor/rules/voiceover.md +99 -0
package/crew/video-editor/template/README.md +42 -0
package/crew/video-editor/template/package.json +24 -0
package/crew/video-editor/template/public/.gitkeep +0 -0
package/crew/video-editor/template/public/image.png +0 -0
package/crew/video-editor/template/public/logo.png +0 -0
package/crew/video-editor/template/remotion.config.ts +5 -0
package/crew/video-editor/template/src/Root.tsx +21 -0
package/crew/video-editor/template/src/Video.tsx +38 -0
package/crew/video-editor/template/src/components/LogoStinger.tsx +77 -0
package/crew/video-editor/template/src/index.ts +4 -0
package/crew/video-editor/template/tsconfig.json +16 -0
package/crew/youtube/plugin.json +42 -0
package/dist/auth/AuthProvider.d.ts +35 -0
package/dist/auth/AuthProvider.d.ts.map +1 -0
package/dist/auth/AuthProvider.js +13 -0
package/dist/auth/AuthProvider.js.map +1 -0
package/dist/auth/AuthStore.d.ts +79 -0
package/dist/auth/AuthStore.d.ts.map +1 -0
package/dist/auth/AuthStore.js +139 -0
package/dist/auth/AuthStore.js.map +1 -0
package/dist/auth/LocalAuthProvider.d.ts +28 -0
package/dist/auth/LocalAuthProvider.d.ts.map +1 -0
package/dist/auth/LocalAuthProvider.js +70 -0
package/dist/auth/LocalAuthProvider.js.map +1 -0
package/dist/auth/TokenService.d.ts +83 -0
package/dist/auth/TokenService.d.ts.map +1 -0
package/dist/auth/TokenService.js +129 -0
package/dist/auth/TokenService.js.map +1 -0
package/dist/auth/fileToken.d.ts +33 -0
package/dist/auth/fileToken.d.ts.map +1 -0
package/dist/auth/fileToken.js +69 -0
package/dist/auth/fileToken.js.map +1 -0
package/dist/auth/index.d.ts +47 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +76 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/jwt.d.ts +27 -0
package/dist/auth/jwt.d.ts.map +1 -0
package/dist/auth/jwt.js +67 -0
package/dist/auth/jwt.js.map +1 -0
package/dist/channels/BaseChannel.d.ts +139 -0
package/dist/channels/BaseChannel.d.ts.map +1 -0
package/dist/channels/BaseChannel.js +103 -0
package/dist/channels/BaseChannel.js.map +1 -0
package/dist/channels/BlueBubblesChannel.d.ts +37 -0
package/dist/channels/BlueBubblesChannel.d.ts.map +1 -0
package/dist/channels/BlueBubblesChannel.js +115 -0
package/dist/channels/BlueBubblesChannel.js.map +1 -0
package/dist/channels/ChannelManager.d.ts +85 -0
package/dist/channels/ChannelManager.d.ts.map +1 -0
package/dist/channels/ChannelManager.js +557 -0
package/dist/channels/ChannelManager.js.map +1 -0
package/dist/channels/ChannelRegistry.d.ts +57 -0
package/dist/channels/ChannelRegistry.d.ts.map +1 -0
package/dist/channels/ChannelRegistry.js +93 -0
package/dist/channels/ChannelRegistry.js.map +1 -0
package/dist/channels/DiscordChannel.d.ts +87 -0
package/dist/channels/DiscordChannel.d.ts.map +1 -0
package/dist/channels/DiscordChannel.js +469 -0
package/dist/channels/DiscordChannel.js.map +1 -0
package/dist/channels/EmailChannel.d.ts +64 -0
package/dist/channels/EmailChannel.d.ts.map +1 -0
package/dist/channels/EmailChannel.js +226 -0
package/dist/channels/EmailChannel.js.map +1 -0
package/dist/channels/FeishuChannel.d.ts +40 -0
package/dist/channels/FeishuChannel.d.ts.map +1 -0
package/dist/channels/FeishuChannel.js +169 -0
package/dist/channels/FeishuChannel.js.map +1 -0
package/dist/channels/GoogleChatChannel.d.ts +46 -0
package/dist/channels/GoogleChatChannel.d.ts.map +1 -0
package/dist/channels/GoogleChatChannel.js +184 -0
package/dist/channels/GoogleChatChannel.js.map +1 -0
package/dist/channels/IRCChannel.d.ts +50 -0
package/dist/channels/IRCChannel.d.ts.map +1 -0
package/dist/channels/IRCChannel.js +149 -0
package/dist/channels/IRCChannel.js.map +1 -0
package/dist/channels/LineChannel.d.ts +35 -0
package/dist/channels/LineChannel.d.ts.map +1 -0
package/dist/channels/LineChannel.js +118 -0
package/dist/channels/LineChannel.js.map +1 -0
package/dist/channels/MatrixChannel.d.ts +45 -0
package/dist/channels/MatrixChannel.d.ts.map +1 -0
package/dist/channels/MatrixChannel.js +156 -0
package/dist/channels/MatrixChannel.js.map +1 -0
package/dist/channels/MattermostChannel.d.ts +42 -0
package/dist/channels/MattermostChannel.d.ts.map +1 -0
package/dist/channels/MattermostChannel.js +144 -0
package/dist/channels/MattermostChannel.js.map +1 -0
package/dist/channels/NextcloudChannel.d.ts +46 -0
package/dist/channels/NextcloudChannel.d.ts.map +1 -0
package/dist/channels/NextcloudChannel.js +146 -0
package/dist/channels/NextcloudChannel.js.map +1 -0
package/dist/channels/SignalChannel.d.ts +39 -0
package/dist/channels/SignalChannel.d.ts.map +1 -0
package/dist/channels/SignalChannel.js +160 -0
package/dist/channels/SignalChannel.js.map +1 -0
package/dist/channels/SlackChannel.d.ts +81 -0
package/dist/channels/SlackChannel.d.ts.map +1 -0
package/dist/channels/SlackChannel.js +363 -0
package/dist/channels/SlackChannel.js.map +1 -0
package/dist/channels/StreamingEditor.d.ts +37 -0
package/dist/channels/StreamingEditor.d.ts.map +1 -0
package/dist/channels/StreamingEditor.js +108 -0
package/dist/channels/StreamingEditor.js.map +1 -0
package/dist/channels/TelegramChannel.d.ts +84 -0
package/dist/channels/TelegramChannel.d.ts.map +1 -0
package/dist/channels/TelegramChannel.js +469 -0
package/dist/channels/TelegramChannel.js.map +1 -0
package/dist/channels/TwitchChannel.d.ts +45 -0
package/dist/channels/TwitchChannel.d.ts.map +1 -0
package/dist/channels/TwitchChannel.js +117 -0
package/dist/channels/TwitchChannel.js.map +1 -0
package/dist/channels/WhatsAppChannel.d.ts +45 -0
package/dist/channels/WhatsAppChannel.d.ts.map +1 -0
package/dist/channels/WhatsAppChannel.js +153 -0
package/dist/channels/WhatsAppChannel.js.map +1 -0
package/dist/channels/ZaloChannel.d.ts +42 -0
package/dist/channels/ZaloChannel.d.ts.map +1 -0
package/dist/channels/ZaloChannel.js +114 -0
package/dist/channels/ZaloChannel.js.map +1 -0
package/dist/cli/commands/config.d.ts +10 -0
package/dist/cli/commands/config.d.ts.map +1 -0
package/dist/cli/commands/config.js +107 -0
package/dist/cli/commands/config.js.map +1 -0
package/dist/cli/commands/daemon.d.ts +17 -0
package/dist/cli/commands/daemon.d.ts.map +1 -0
package/dist/cli/commands/daemon.js +82 -0
package/dist/cli/commands/daemon.js.map +1 -0
package/dist/cli/commands/doctor.d.ts +17 -0
package/dist/cli/commands/doctor.d.ts.map +1 -0
package/dist/cli/commands/doctor.js +138 -0
package/dist/cli/commands/doctor.js.map +1 -0
package/dist/cli/commands/setup.d.ts +16 -0
package/dist/cli/commands/setup.d.ts.map +1 -0
package/dist/cli/commands/setup.js +206 -0
package/dist/cli/commands/setup.js.map +1 -0
package/dist/cli/commands/start.d.ts +8 -0
package/dist/cli/commands/start.d.ts.map +1 -0
package/dist/cli/commands/start.js +444 -0
package/dist/cli/commands/start.js.map +1 -0
package/dist/cli/commands/vault.d.ts +15 -0
package/dist/cli/commands/vault.d.ts.map +1 -0
package/dist/cli/commands/vault.js +167 -0
package/dist/cli/commands/vault.js.map +1 -0
package/dist/cli/index.d.ts +13 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +93 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/loadEnv.d.ts +14 -0
package/dist/cli/loadEnv.d.ts.map +1 -0
package/dist/cli/loadEnv.js +18 -0
package/dist/cli/loadEnv.js.map +1 -0
package/dist/config/ConfigManager.d.ts +79 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +118 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/config/Secret.d.ts +29 -0
package/dist/config/Secret.d.ts.map +1 -0
package/dist/config/Secret.js +47 -0
package/dist/config/Secret.js.map +1 -0
package/dist/config/SecretVault.d.ts +53 -0
package/dist/config/SecretVault.d.ts.map +1 -0
package/dist/config/SecretVault.js +205 -0
package/dist/config/SecretVault.js.map +1 -0
package/dist/config/SettingsStore.d.ts +46 -0
package/dist/config/SettingsStore.d.ts.map +1 -0
package/dist/config/SettingsStore.js +132 -0
package/dist/config/SettingsStore.js.map +1 -0
package/dist/config/env.d.ts +21 -0
package/dist/config/env.d.ts.map +1 -0
package/dist/config/env.js +62 -0
package/dist/config/env.js.map +1 -0
package/dist/config/schema.d.ts +127 -0
package/dist/config/schema.d.ts.map +1 -0
package/dist/config/schema.js +346 -0
package/dist/config/schema.js.map +1 -0
package/dist/core/AgentLoop.d.ts +180 -0
package/dist/core/AgentLoop.d.ts.map +1 -0
package/dist/core/AgentLoop.js +428 -0
package/dist/core/AgentLoop.js.map +1 -0
package/dist/core/AttachmentProcessor.d.ts +75 -0
package/dist/core/AttachmentProcessor.d.ts.map +1 -0
package/dist/core/AttachmentProcessor.js +191 -0
package/dist/core/AttachmentProcessor.js.map +1 -0
package/dist/core/Compaction.d.ts +62 -0
package/dist/core/Compaction.d.ts.map +1 -0
package/dist/core/Compaction.js +260 -0
package/dist/core/Compaction.js.map +1 -0
package/dist/core/InboundDebouncer.d.ts +42 -0
package/dist/core/InboundDebouncer.d.ts.map +1 -0
package/dist/core/InboundDebouncer.js +81 -0
package/dist/core/InboundDebouncer.js.map +1 -0
package/dist/core/LoopDetector.d.ts +36 -0
package/dist/core/LoopDetector.d.ts.map +1 -0
package/dist/core/LoopDetector.js +139 -0
package/dist/core/LoopDetector.js.map +1 -0
package/dist/core/TaskRunner.d.ts +134 -0
package/dist/core/TaskRunner.d.ts.map +1 -0
package/dist/core/TaskRunner.js +454 -0
package/dist/core/TaskRunner.js.map +1 -0
package/dist/costs/CostTracker.d.ts +70 -0
package/dist/costs/CostTracker.d.ts.map +1 -0
package/dist/costs/CostTracker.js +176 -0
package/dist/costs/CostTracker.js.map +1 -0
package/dist/crew/CrewAgentRunner.d.ts +55 -0
package/dist/crew/CrewAgentRunner.d.ts.map +1 -0
package/dist/crew/CrewAgentRunner.js +208 -0
package/dist/crew/CrewAgentRunner.js.map +1 -0
package/dist/crew/CrewLoader.d.ts +43 -0
package/dist/crew/CrewLoader.d.ts.map +1 -0
package/dist/crew/CrewLoader.js +122 -0
package/dist/crew/CrewLoader.js.map +1 -0
package/dist/crew/CrewRegistry.d.ts +30 -0
package/dist/crew/CrewRegistry.d.ts.map +1 -0
package/dist/crew/CrewRegistry.js +56 -0
package/dist/crew/CrewRegistry.js.map +1 -0
package/dist/crew/types.d.ts +79 -0
package/dist/crew/types.d.ts.map +1 -0
package/dist/crew/types.js +36 -0
package/dist/crew/types.js.map +1 -0
package/dist/cron/CronScheduler.d.ts +40 -0
package/dist/cron/CronScheduler.d.ts.map +1 -0
package/dist/cron/CronScheduler.js +119 -0
package/dist/cron/CronScheduler.js.map +1 -0
package/dist/cron/CronStore.d.ts +73 -0
package/dist/cron/CronStore.d.ts.map +1 -0
package/dist/cron/CronStore.js +209 -0
package/dist/cron/CronStore.js.map +1 -0
package/dist/cron/cronParser.d.ts +33 -0
package/dist/cron/cronParser.d.ts.map +1 -0
package/dist/cron/cronParser.js +211 -0
package/dist/cron/cronParser.js.map +1 -0
package/dist/daemon/DaemonManager.d.ts +59 -0
package/dist/daemon/DaemonManager.d.ts.map +1 -0
package/dist/daemon/DaemonManager.js +380 -0
package/dist/daemon/DaemonManager.js.map +1 -0
package/dist/embeddings/Embeddings.d.ts +70 -0
package/dist/embeddings/Embeddings.d.ts.map +1 -0
package/dist/embeddings/Embeddings.js +252 -0
package/dist/embeddings/Embeddings.js.map +1 -0
package/dist/embeddings/TfIdf.d.ts +26 -0
package/dist/embeddings/TfIdf.d.ts.map +1 -0
package/dist/embeddings/TfIdf.js +88 -0
package/dist/embeddings/TfIdf.js.map +1 -0
package/dist/events/eventBus.d.ts +97 -0
package/dist/events/eventBus.d.ts.map +1 -0
package/dist/events/eventBus.js +26 -0
package/dist/events/eventBus.js.map +1 -0
package/dist/goals/GoalStore.d.ts +40 -0
package/dist/goals/GoalStore.d.ts.map +1 -0
package/dist/goals/GoalStore.js +82 -0
package/dist/goals/GoalStore.js.map +1 -0
package/dist/hooks/HookRunner.d.ts +80 -0
package/dist/hooks/HookRunner.d.ts.map +1 -0
package/dist/hooks/HookRunner.js +218 -0
package/dist/hooks/HookRunner.js.map +1 -0
package/dist/integrations/IntegrationCrewSync.d.ts +33 -0
package/dist/integrations/IntegrationCrewSync.d.ts.map +1 -0
package/dist/integrations/IntegrationCrewSync.js +96 -0
package/dist/integrations/IntegrationCrewSync.js.map +1 -0
package/dist/integrations/IntegrationManager.d.ts +116 -0
package/dist/integrations/IntegrationManager.d.ts.map +1 -0
package/dist/integrations/IntegrationManager.js +580 -0
package/dist/integrations/IntegrationManager.js.map +1 -0
package/dist/integrations/IntegrationStore.d.ts +42 -0
package/dist/integrations/IntegrationStore.d.ts.map +1 -0
package/dist/integrations/IntegrationStore.js +146 -0
package/dist/integrations/IntegrationStore.js.map +1 -0
package/dist/integrations/authFetch.d.ts +21 -0
package/dist/integrations/authFetch.d.ts.map +1 -0
package/dist/integrations/authFetch.js +36 -0
package/dist/integrations/authFetch.js.map +1 -0
package/dist/integrations/facebook/FacebookClient.d.ts +33 -0
package/dist/integrations/facebook/FacebookClient.d.ts.map +1 -0
package/dist/integrations/facebook/FacebookClient.js +88 -0
package/dist/integrations/facebook/FacebookClient.js.map +1 -0
package/dist/integrations/facebook/tools.d.ts +9 -0
package/dist/integrations/facebook/tools.d.ts.map +1 -0
package/dist/integrations/facebook/tools.js +324 -0
package/dist/integrations/facebook/tools.js.map +1 -0
package/dist/integrations/gmail/GmailClient.d.ts +34 -0
package/dist/integrations/gmail/GmailClient.d.ts.map +1 -0
package/dist/integrations/gmail/GmailClient.js +69 -0
package/dist/integrations/gmail/GmailClient.js.map +1 -0
package/dist/integrations/gmail/tools.d.ts +14 -0
package/dist/integrations/gmail/tools.d.ts.map +1 -0
package/dist/integrations/gmail/tools.js +295 -0
package/dist/integrations/gmail/tools.js.map +1 -0
package/dist/integrations/google-calendar/CalendarClient.d.ts +16 -0
package/dist/integrations/google-calendar/CalendarClient.d.ts.map +1 -0
package/dist/integrations/google-calendar/CalendarClient.js +39 -0
package/dist/integrations/google-calendar/CalendarClient.js.map +1 -0
package/dist/integrations/google-calendar/tools.d.ts +15 -0
package/dist/integrations/google-calendar/tools.d.ts.map +1 -0
package/dist/integrations/google-calendar/tools.js +246 -0
package/dist/integrations/google-calendar/tools.js.map +1 -0
package/dist/integrations/instagram/InstagramClient.d.ts +33 -0
package/dist/integrations/instagram/InstagramClient.d.ts.map +1 -0
package/dist/integrations/instagram/InstagramClient.js +93 -0
package/dist/integrations/instagram/InstagramClient.js.map +1 -0
package/dist/integrations/instagram/tools.d.ts +17 -0
package/dist/integrations/instagram/tools.d.ts.map +1 -0
package/dist/integrations/instagram/tools.js +348 -0
package/dist/integrations/instagram/tools.js.map +1 -0
package/dist/integrations/keys.d.ts +56 -0
package/dist/integrations/keys.d.ts.map +1 -0
package/dist/integrations/keys.js +174 -0
package/dist/integrations/keys.js.map +1 -0
package/dist/integrations/linkedin/LinkedInClient.d.ts +24 -0
package/dist/integrations/linkedin/LinkedInClient.d.ts.map +1 -0
package/dist/integrations/linkedin/LinkedInClient.js +56 -0
package/dist/integrations/linkedin/LinkedInClient.js.map +1 -0
package/dist/integrations/linkedin/tools.d.ts +14 -0
package/dist/integrations/linkedin/tools.d.ts.map +1 -0
package/dist/integrations/linkedin/tools.js +154 -0
package/dist/integrations/linkedin/tools.js.map +1 -0
package/dist/integrations/pkce.d.ts +17 -0
package/dist/integrations/pkce.d.ts.map +1 -0
package/dist/integrations/pkce.js +22 -0
package/dist/integrations/pkce.js.map +1 -0
package/dist/integrations/providers/github.d.ts +20 -0
package/dist/integrations/providers/github.d.ts.map +1 -0
package/dist/integrations/providers/github.js +113 -0
package/dist/integrations/providers/github.js.map +1 -0
package/dist/integrations/providers/google.d.ts +17 -0
package/dist/integrations/providers/google.d.ts.map +1 -0
package/dist/integrations/providers/google.js +115 -0
package/dist/integrations/providers/google.js.map +1 -0
package/dist/integrations/providers/linkedin.d.ts +22 -0
package/dist/integrations/providers/linkedin.d.ts.map +1 -0
package/dist/integrations/providers/linkedin.js +103 -0
package/dist/integrations/providers/linkedin.js.map +1 -0
package/dist/integrations/providers/meta.d.ts +19 -0
package/dist/integrations/providers/meta.d.ts.map +1 -0
package/dist/integrations/providers/meta.js +116 -0
package/dist/integrations/providers/meta.js.map +1 -0
package/dist/integrations/providers/notion.d.ts +21 -0
package/dist/integrations/providers/notion.d.ts.map +1 -0
package/dist/integrations/providers/notion.js +96 -0
package/dist/integrations/providers/notion.js.map +1 -0
package/dist/integrations/providers/reddit.d.ts +18 -0
package/dist/integrations/providers/reddit.d.ts.map +1 -0
package/dist/integrations/providers/reddit.js +104 -0
package/dist/integrations/providers/reddit.js.map +1 -0
package/dist/integrations/providers/tiktok.d.ts +28 -0
package/dist/integrations/providers/tiktok.d.ts.map +1 -0
package/dist/integrations/providers/tiktok.js +138 -0
package/dist/integrations/providers/tiktok.js.map +1 -0
package/dist/integrations/providers/twitter.d.ts +26 -0
package/dist/integrations/providers/twitter.d.ts.map +1 -0
package/dist/integrations/providers/twitter.js +141 -0
package/dist/integrations/providers/twitter.js.map +1 -0
package/dist/integrations/reddit/RedditClient.d.ts +18 -0
package/dist/integrations/reddit/RedditClient.d.ts.map +1 -0
package/dist/integrations/reddit/RedditClient.js +54 -0
package/dist/integrations/reddit/RedditClient.js.map +1 -0
package/dist/integrations/reddit/tools.d.ts +16 -0
package/dist/integrations/reddit/tools.d.ts.map +1 -0
package/dist/integrations/reddit/tools.js +293 -0
package/dist/integrations/reddit/tools.js.map +1 -0
package/dist/integrations/tiktok/TikTokClient.d.ts +21 -0
package/dist/integrations/tiktok/TikTokClient.d.ts.map +1 -0
package/dist/integrations/tiktok/TikTokClient.js +44 -0
package/dist/integrations/tiktok/TikTokClient.js.map +1 -0
package/dist/integrations/tiktok/tools.d.ts +17 -0
package/dist/integrations/tiktok/tools.d.ts.map +1 -0
package/dist/integrations/tiktok/tools.js +258 -0
package/dist/integrations/tiktok/tools.js.map +1 -0
package/dist/integrations/tools.d.ts +20 -0
package/dist/integrations/tools.d.ts.map +1 -0
package/dist/integrations/tools.js +43 -0
package/dist/integrations/tools.js.map +1 -0
package/dist/integrations/twitter/TwitterClient.d.ts +19 -0
package/dist/integrations/twitter/TwitterClient.d.ts.map +1 -0
package/dist/integrations/twitter/TwitterClient.js +51 -0
package/dist/integrations/twitter/TwitterClient.js.map +1 -0
package/dist/integrations/twitter/tools.d.ts +11 -0
package/dist/integrations/twitter/tools.d.ts.map +1 -0
package/dist/integrations/twitter/tools.js +459 -0
package/dist/integrations/twitter/tools.js.map +1 -0
package/dist/integrations/types.d.ts +118 -0
package/dist/integrations/types.d.ts.map +1 -0
package/dist/integrations/types.js +10 -0
package/dist/integrations/types.js.map +1 -0
package/dist/integrations/youtube/YouTubeClient.d.ts +45 -0
package/dist/integrations/youtube/YouTubeClient.d.ts.map +1 -0
package/dist/integrations/youtube/YouTubeClient.js +115 -0
package/dist/integrations/youtube/YouTubeClient.js.map +1 -0
package/dist/integrations/youtube/tools.d.ts +14 -0
package/dist/integrations/youtube/tools.d.ts.map +1 -0
package/dist/integrations/youtube/tools.js +500 -0
package/dist/integrations/youtube/tools.js.map +1 -0
package/dist/learning/BackgroundReviewer.d.ts +43 -0
package/dist/learning/BackgroundReviewer.d.ts.map +1 -0
package/dist/learning/BackgroundReviewer.js +143 -0
package/dist/learning/BackgroundReviewer.js.map +1 -0
package/dist/learning/ExtractionPipeline.d.ts +46 -0
package/dist/learning/ExtractionPipeline.d.ts.map +1 -0
package/dist/learning/ExtractionPipeline.js +220 -0
package/dist/learning/ExtractionPipeline.js.map +1 -0
package/dist/learning/MemoryDecay.d.ts +63 -0
package/dist/learning/MemoryDecay.d.ts.map +1 -0
package/dist/learning/MemoryDecay.js +204 -0
package/dist/learning/MemoryDecay.js.map +1 -0
package/dist/learning/SmartRecall.d.ts +58 -0
package/dist/learning/SmartRecall.d.ts.map +1 -0
package/dist/learning/SmartRecall.js +182 -0
package/dist/learning/SmartRecall.js.map +1 -0
package/dist/mcp/MCPIntegrationBridge.d.ts +40 -0
package/dist/mcp/MCPIntegrationBridge.d.ts.map +1 -0
package/dist/mcp/MCPIntegrationBridge.js +136 -0
package/dist/mcp/MCPIntegrationBridge.js.map +1 -0
package/dist/mcp/MCPManager.d.ts +126 -0
package/dist/mcp/MCPManager.d.ts.map +1 -0
package/dist/mcp/MCPManager.js +418 -0
package/dist/mcp/MCPManager.js.map +1 -0
package/dist/mcp/MCPStore.d.ts +41 -0
package/dist/mcp/MCPStore.d.ts.map +1 -0
package/dist/mcp/MCPStore.js +102 -0
package/dist/mcp/MCPStore.js.map +1 -0
package/dist/mcp/defaults.d.ts +51 -0
package/dist/mcp/defaults.d.ts.map +1 -0
package/dist/mcp/defaults.js +243 -0
package/dist/mcp/defaults.js.map +1 -0
package/dist/memory/DeclarativeMemoryStore.d.ts +54 -0
package/dist/memory/DeclarativeMemoryStore.d.ts.map +1 -0
package/dist/memory/DeclarativeMemoryStore.js +195 -0
package/dist/memory/DeclarativeMemoryStore.js.map +1 -0
package/dist/memory/MemoryStore.d.ts +65 -0
package/dist/memory/MemoryStore.d.ts.map +1 -0
package/dist/memory/MemoryStore.js +189 -0
package/dist/memory/MemoryStore.js.map +1 -0
package/dist/memory/SessionStore.d.ts +207 -0
package/dist/memory/SessionStore.d.ts.map +1 -0
package/dist/memory/SessionStore.js +391 -0
package/dist/memory/SessionStore.js.map +1 -0
package/dist/models/ModelRouter.d.ts +57 -0
package/dist/models/ModelRouter.d.ts.map +1 -0
package/dist/models/ModelRouter.js +301 -0
package/dist/models/ModelRouter.js.map +1 -0
package/dist/models/discovery.d.ts +44 -0
package/dist/models/discovery.d.ts.map +1 -0
package/dist/models/discovery.js +456 -0
package/dist/models/discovery.js.map +1 -0
package/dist/models/providers.d.ts +82 -0
package/dist/models/providers.d.ts.map +1 -0
package/dist/models/providers.js +455 -0
package/dist/models/providers.js.map +1 -0
package/dist/models/registry.d.ts +13 -0
package/dist/models/registry.d.ts.map +1 -0
package/dist/models/registry.js +42 -0
package/dist/models/registry.js.map +1 -0
package/dist/models/types.d.ts +24 -0
package/dist/models/types.d.ts.map +1 -0
package/dist/models/types.js +8 -0
package/dist/models/types.js.map +1 -0
package/dist/projects/ProjectStore.d.ts +73 -0
package/dist/projects/ProjectStore.d.ts.map +1 -0
package/dist/projects/ProjectStore.js +132 -0
package/dist/projects/ProjectStore.js.map +1 -0
package/dist/safety/AuditLog.d.ts +53 -0
package/dist/safety/AuditLog.d.ts.map +1 -0
package/dist/safety/AuditLog.js +170 -0
package/dist/safety/AuditLog.js.map +1 -0
package/dist/safety/CircuitBreaker.d.ts +53 -0
package/dist/safety/CircuitBreaker.d.ts.map +1 -0
package/dist/safety/CircuitBreaker.js +112 -0
package/dist/safety/CircuitBreaker.js.map +1 -0
package/dist/safety/CommandGuard.d.ts +32 -0
package/dist/safety/CommandGuard.d.ts.map +1 -0
package/dist/safety/CommandGuard.js +157 -0
package/dist/safety/CommandGuard.js.map +1 -0
package/dist/safety/DockerSandbox.d.ts +72 -0
package/dist/safety/DockerSandbox.d.ts.map +1 -0
package/dist/safety/DockerSandbox.js +188 -0
package/dist/safety/DockerSandbox.js.map +1 -0
package/dist/safety/EgressGuard.d.ts +35 -0
package/dist/safety/EgressGuard.d.ts.map +1 -0
package/dist/safety/EgressGuard.js +95 -0
package/dist/safety/EgressGuard.js.map +1 -0
package/dist/safety/ExecApproval.d.ts +53 -0
package/dist/safety/ExecApproval.d.ts.map +1 -0
package/dist/safety/ExecApproval.js +120 -0
package/dist/safety/ExecApproval.js.map +1 -0
package/dist/safety/FilesystemGuard.d.ts +94 -0
package/dist/safety/FilesystemGuard.d.ts.map +1 -0
package/dist/safety/FilesystemGuard.js +275 -0
package/dist/safety/FilesystemGuard.js.map +1 -0
package/dist/safety/GitRollback.d.ts +47 -0
package/dist/safety/GitRollback.d.ts.map +1 -0
package/dist/safety/GitRollback.js +161 -0
package/dist/safety/GitRollback.js.map +1 -0
package/dist/safety/HumanApproval.d.ts +65 -0
package/dist/safety/HumanApproval.d.ts.map +1 -0
package/dist/safety/HumanApproval.js +157 -0
package/dist/safety/HumanApproval.js.map +1 -0
package/dist/safety/InputSanitizer.d.ts +59 -0
package/dist/safety/InputSanitizer.d.ts.map +1 -0
package/dist/safety/InputSanitizer.js +111 -0
package/dist/safety/InputSanitizer.js.map +1 -0
package/dist/safety/PermissionGuard.d.ts +49 -0
package/dist/safety/PermissionGuard.d.ts.map +1 -0
package/dist/safety/PermissionGuard.js +136 -0
package/dist/safety/PermissionGuard.js.map +1 -0
package/dist/safety/Sandbox.d.ts +38 -0
package/dist/safety/Sandbox.d.ts.map +1 -0
package/dist/safety/Sandbox.js +82 -0
package/dist/safety/Sandbox.js.map +1 -0
package/dist/safety/SecretScanner.d.ts +67 -0
package/dist/safety/SecretScanner.d.ts.map +1 -0
package/dist/safety/SecretScanner.js +150 -0
package/dist/safety/SecretScanner.js.map +1 -0
package/dist/safety/Supervisor.d.ts +69 -0
package/dist/safety/Supervisor.d.ts.map +1 -0
package/dist/safety/Supervisor.js +165 -0
package/dist/safety/Supervisor.js.map +1 -0
package/dist/scheduler/CronExecutor.d.ts +18 -0
package/dist/scheduler/CronExecutor.d.ts.map +1 -0
package/dist/scheduler/CronExecutor.js +57 -0
package/dist/scheduler/CronExecutor.js.map +1 -0
package/dist/scheduler/DailyLog.d.ts +29 -0
package/dist/scheduler/DailyLog.d.ts.map +1 -0
package/dist/scheduler/DailyLog.js +84 -0
package/dist/scheduler/DailyLog.js.map +1 -0
package/dist/scheduler/DeliveryPresetStore.d.ts +47 -0
package/dist/scheduler/DeliveryPresetStore.d.ts.map +1 -0
package/dist/scheduler/DeliveryPresetStore.js +101 -0
package/dist/scheduler/DeliveryPresetStore.js.map +1 -0
package/dist/scheduler/GoalPulse.d.ts +42 -0
package/dist/scheduler/GoalPulse.d.ts.map +1 -0
package/dist/scheduler/GoalPulse.js +123 -0
package/dist/scheduler/GoalPulse.js.map +1 -0
package/dist/scheduler/Heartbeat.d.ts +87 -0
package/dist/scheduler/Heartbeat.d.ts.map +1 -0
package/dist/scheduler/Heartbeat.js +313 -0
package/dist/scheduler/Heartbeat.js.map +1 -0
package/dist/scheduler/MorningPulse.d.ts +23 -0
package/dist/scheduler/MorningPulse.d.ts.map +1 -0
package/dist/scheduler/MorningPulse.js +45 -0
package/dist/scheduler/MorningPulse.js.map +1 -0
package/dist/server/index.d.ts +77 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +227 -0
package/dist/server/index.js.map +1 -0
package/dist/server/middleware/requireAuth.d.ts +41 -0
package/dist/server/middleware/requireAuth.d.ts.map +1 -0
package/dist/server/middleware/requireAuth.js +72 -0
package/dist/server/middleware/requireAuth.js.map +1 -0
package/dist/server/middleware/security.d.ts +83 -0
package/dist/server/middleware/security.d.ts.map +1 -0
package/dist/server/middleware/security.js +171 -0
package/dist/server/middleware/security.js.map +1 -0
package/dist/server/routes/auth.d.ts +24 -0
package/dist/server/routes/auth.d.ts.map +1 -0
package/dist/server/routes/auth.js +65 -0
package/dist/server/routes/auth.js.map +1 -0
package/dist/server/routes/channels.d.ts +7 -0
package/dist/server/routes/channels.d.ts.map +1 -0
package/dist/server/routes/channels.js +90 -0
package/dist/server/routes/channels.js.map +1 -0
package/dist/server/routes/chat.d.ts +19 -0
package/dist/server/routes/chat.d.ts.map +1 -0
package/dist/server/routes/chat.js +209 -0
package/dist/server/routes/chat.js.map +1 -0
package/dist/server/routes/compat.d.ts +8 -0
package/dist/server/routes/compat.d.ts.map +1 -0
package/dist/server/routes/compat.js +661 -0
package/dist/server/routes/compat.js.map +1 -0
package/dist/server/routes/config.d.ts +10 -0
package/dist/server/routes/config.d.ts.map +1 -0
package/dist/server/routes/config.js +142 -0
package/dist/server/routes/config.js.map +1 -0
package/dist/server/routes/costs.d.ts +7 -0
package/dist/server/routes/costs.d.ts.map +1 -0
package/dist/server/routes/costs.js +23 -0
package/dist/server/routes/costs.js.map +1 -0
package/dist/server/routes/crew.d.ts +21 -0
package/dist/server/routes/crew.d.ts.map +1 -0
package/dist/server/routes/crew.js +372 -0
package/dist/server/routes/crew.js.map +1 -0
package/dist/server/routes/cron.d.ts +9 -0
package/dist/server/routes/cron.d.ts.map +1 -0
package/dist/server/routes/cron.js +91 -0
package/dist/server/routes/cron.js.map +1 -0
package/dist/server/routes/deliveryPresets.d.ts +13 -0
package/dist/server/routes/deliveryPresets.d.ts.map +1 -0
package/dist/server/routes/deliveryPresets.js +42 -0
package/dist/server/routes/deliveryPresets.js.map +1 -0
package/dist/server/routes/goals.d.ts +7 -0
package/dist/server/routes/goals.d.ts.map +1 -0
package/dist/server/routes/goals.js +65 -0
package/dist/server/routes/goals.js.map +1 -0
package/dist/server/routes/integrations.d.ts +35 -0
package/dist/server/routes/integrations.d.ts.map +1 -0
package/dist/server/routes/integrations.js +448 -0
package/dist/server/routes/integrations.js.map +1 -0
package/dist/server/routes/mcp.d.ts +7 -0
package/dist/server/routes/mcp.d.ts.map +1 -0
package/dist/server/routes/mcp.js +88 -0
package/dist/server/routes/mcp.js.map +1 -0
package/dist/server/routes/memory.d.ts +15 -0
package/dist/server/routes/memory.d.ts.map +1 -0
package/dist/server/routes/memory.js +104 -0
package/dist/server/routes/memory.js.map +1 -0
package/dist/server/routes/providers.d.ts +15 -0
package/dist/server/routes/providers.d.ts.map +1 -0
package/dist/server/routes/providers.js +209 -0
package/dist/server/routes/providers.js.map +1 -0
package/dist/server/routes/security.d.ts +15 -0
package/dist/server/routes/security.d.ts.map +1 -0
package/dist/server/routes/security.js +117 -0
package/dist/server/routes/security.js.map +1 -0
package/dist/server/routes/sessions.d.ts +12 -0
package/dist/server/routes/sessions.d.ts.map +1 -0
package/dist/server/routes/sessions.js +172 -0
package/dist/server/routes/sessions.js.map +1 -0
package/dist/server/routes/skills.d.ts +11 -0
package/dist/server/routes/skills.d.ts.map +1 -0
package/dist/server/routes/skills.js +214 -0
package/dist/server/routes/skills.js.map +1 -0
package/dist/server/routes/tasks.d.ts +10 -0
package/dist/server/routes/tasks.d.ts.map +1 -0
package/dist/server/routes/tasks.js +38 -0
package/dist/server/routes/tasks.js.map +1 -0
package/dist/server/routes/teams.d.ts +7 -0
package/dist/server/routes/teams.d.ts.map +1 -0
package/dist/server/routes/teams.js +61 -0
package/dist/server/routes/teams.js.map +1 -0
package/dist/server/routes/tunnel.d.ts +12 -0
package/dist/server/routes/tunnel.d.ts.map +1 -0
package/dist/server/routes/tunnel.js +18 -0
package/dist/server/routes/tunnel.js.map +1 -0
package/dist/server/routes/vault.d.ts +15 -0
package/dist/server/routes/vault.d.ts.map +1 -0
package/dist/server/routes/vault.js +82 -0
package/dist/server/routes/vault.js.map +1 -0
package/dist/server/routes/voice.d.ts +16 -0
package/dist/server/routes/voice.d.ts.map +1 -0
package/dist/server/routes/voice.js +431 -0
package/dist/server/routes/voice.js.map +1 -0
package/dist/server/routes/watchers.d.ts +14 -0
package/dist/server/routes/watchers.d.ts.map +1 -0
package/dist/server/routes/watchers.js +143 -0
package/dist/server/routes/watchers.js.map +1 -0
package/dist/services/Cleanup.d.ts +50 -0
package/dist/services/Cleanup.d.ts.map +1 -0
package/dist/services/Cleanup.js +104 -0
package/dist/services/Cleanup.js.map +1 -0
package/dist/skills/SecurityScanner.d.ts +18 -0
package/dist/skills/SecurityScanner.d.ts.map +1 -0
package/dist/skills/SecurityScanner.js +49 -0
package/dist/skills/SecurityScanner.js.map +1 -0
package/dist/skills/SkillLoader.d.ts +45 -0
package/dist/skills/SkillLoader.d.ts.map +1 -0
package/dist/skills/SkillLoader.js +336 -0
package/dist/skills/SkillLoader.js.map +1 -0
package/dist/skills/SkillRegistry.d.ts +78 -0
package/dist/skills/SkillRegistry.d.ts.map +1 -0
package/dist/skills/SkillRegistry.js +185 -0
package/dist/skills/SkillRegistry.js.map +1 -0
package/dist/skills/SkillSnapshot.d.ts +37 -0
package/dist/skills/SkillSnapshot.d.ts.map +1 -0
package/dist/skills/SkillSnapshot.js +106 -0
package/dist/skills/SkillSnapshot.js.map +1 -0
package/dist/skills/types.d.ts +184 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/skills/types.js +58 -0
package/dist/skills/types.js.map +1 -0
package/dist/tasks/TaskStore.d.ts +70 -0
package/dist/tasks/TaskStore.d.ts.map +1 -0
package/dist/tasks/TaskStore.js +200 -0
package/dist/tasks/TaskStore.js.map +1 -0
package/dist/teams/TeamRunner.d.ts +46 -0
package/dist/teams/TeamRunner.d.ts.map +1 -0
package/dist/teams/TeamRunner.js +186 -0
package/dist/teams/TeamRunner.js.map +1 -0
package/dist/teams/TeamStore.d.ts +84 -0
package/dist/teams/TeamStore.d.ts.map +1 -0
package/dist/teams/TeamStore.js +231 -0
package/dist/teams/TeamStore.js.map +1 -0
package/dist/teams/templates.d.ts +18 -0
package/dist/teams/templates.d.ts.map +1 -0
package/dist/teams/templates.js +89 -0
package/dist/teams/templates.js.map +1 -0
package/dist/tools/core/applyPatch.d.ts +19 -0
package/dist/tools/core/applyPatch.d.ts.map +1 -0
package/dist/tools/core/applyPatch.js +51 -0
package/dist/tools/core/applyPatch.js.map +1 -0
package/dist/tools/core/broadcast.d.ts +67 -0
package/dist/tools/core/broadcast.d.ts.map +1 -0
package/dist/tools/core/broadcast.js +93 -0
package/dist/tools/core/broadcast.js.map +1 -0
package/dist/tools/core/clipboard.d.ts +17 -0
package/dist/tools/core/clipboard.d.ts.map +1 -0
package/dist/tools/core/clipboard.js +38 -0
package/dist/tools/core/clipboard.js.map +1 -0
package/dist/tools/core/createDocument.d.ts +27 -0
package/dist/tools/core/createDocument.d.ts.map +1 -0
package/dist/tools/core/createDocument.js +297 -0
package/dist/tools/core/createDocument.js.map +1 -0
package/dist/tools/core/cronTool.d.ts +55 -0
package/dist/tools/core/cronTool.d.ts.map +1 -0
package/dist/tools/core/cronTool.js +162 -0
package/dist/tools/core/cronTool.js.map +1 -0
package/dist/tools/core/desktop.d.ts +16 -0
package/dist/tools/core/desktop.d.ts.map +1 -0
package/dist/tools/core/desktop.js +480 -0
package/dist/tools/core/desktop.js.map +1 -0
package/dist/tools/core/editFile.d.ts +43 -0
package/dist/tools/core/editFile.d.ts.map +1 -0
package/dist/tools/core/editFile.js +104 -0
package/dist/tools/core/editFile.js.map +1 -0
package/dist/tools/core/executeCommand.d.ts +36 -0
package/dist/tools/core/executeCommand.d.ts.map +1 -0
package/dist/tools/core/executeCommand.js +92 -0
package/dist/tools/core/executeCommand.js.map +1 -0
package/dist/tools/core/fetchUrl.d.ts +38 -0
package/dist/tools/core/fetchUrl.d.ts.map +1 -0
package/dist/tools/core/fetchUrl.js +111 -0
package/dist/tools/core/fetchUrl.js.map +1 -0
package/dist/tools/core/generateImage.d.ts +42 -0
package/dist/tools/core/generateImage.d.ts.map +1 -0
package/dist/tools/core/generateImage.js +143 -0
package/dist/tools/core/generateImage.js.map +1 -0
package/dist/tools/core/generateMusic.d.ts +42 -0
package/dist/tools/core/generateMusic.d.ts.map +1 -0
package/dist/tools/core/generateMusic.js +158 -0
package/dist/tools/core/generateMusic.js.map +1 -0
package/dist/tools/core/generateVideo.d.ts +45 -0
package/dist/tools/core/generateVideo.d.ts.map +1 -0
package/dist/tools/core/generateVideo.js +447 -0
package/dist/tools/core/generateVideo.js.map +1 -0
package/dist/tools/core/gitTool.d.ts +81 -0
package/dist/tools/core/gitTool.d.ts.map +1 -0
package/dist/tools/core/gitTool.js +196 -0
package/dist/tools/core/gitTool.js.map +1 -0
package/dist/tools/core/glob.d.ts +26 -0
package/dist/tools/core/glob.d.ts.map +1 -0
package/dist/tools/core/glob.js +104 -0
package/dist/tools/core/glob.js.map +1 -0
package/dist/tools/core/goalTool.d.ts +50 -0
package/dist/tools/core/goalTool.d.ts.map +1 -0
package/dist/tools/core/goalTool.js +150 -0
package/dist/tools/core/goalTool.js.map +1 -0
package/dist/tools/core/grep.d.ts +32 -0
package/dist/tools/core/grep.d.ts.map +1 -0
package/dist/tools/core/grep.js +83 -0
package/dist/tools/core/grep.js.map +1 -0
package/dist/tools/core/imageAnalysis.d.ts +18 -0
package/dist/tools/core/imageAnalysis.d.ts.map +1 -0
package/dist/tools/core/imageAnalysis.js +77 -0
package/dist/tools/core/imageAnalysis.js.map +1 -0
package/dist/tools/core/imageOps.d.ts +70 -0
package/dist/tools/core/imageOps.d.ts.map +1 -0
package/dist/tools/core/imageOps.js +179 -0
package/dist/tools/core/imageOps.js.map +1 -0
package/dist/tools/core/index.d.ts +50 -0
package/dist/tools/core/index.d.ts.map +1 -0
package/dist/tools/core/index.js +159 -0
package/dist/tools/core/index.js.map +1 -0
package/dist/tools/core/listCrews.d.ts +41 -0
package/dist/tools/core/listCrews.d.ts.map +1 -0
package/dist/tools/core/listCrews.js +50 -0
package/dist/tools/core/listCrews.js.map +1 -0
package/dist/tools/core/listDirectory.d.ts +33 -0
package/dist/tools/core/listDirectory.d.ts.map +1 -0
package/dist/tools/core/listDirectory.js +89 -0
package/dist/tools/core/listDirectory.js.map +1 -0
package/dist/tools/core/manageAgents.d.ts +48 -0
package/dist/tools/core/manageAgents.d.ts.map +1 -0
package/dist/tools/core/manageAgents.js +104 -0
package/dist/tools/core/manageAgents.js.map +1 -0
package/dist/tools/core/manageMCP.d.ts +52 -0
package/dist/tools/core/manageMCP.d.ts.map +1 -0
package/dist/tools/core/manageMCP.js +160 -0
package/dist/tools/core/manageMCP.js.map +1 -0
package/dist/tools/core/memory.d.ts +49 -0
package/dist/tools/core/memory.d.ts.map +1 -0
package/dist/tools/core/memory.js +80 -0
package/dist/tools/core/memory.js.map +1 -0
package/dist/tools/core/memoryRecall.d.ts +39 -0
package/dist/tools/core/memoryRecall.d.ts.map +1 -0
package/dist/tools/core/memoryRecall.js +42 -0
package/dist/tools/core/memoryRecall.js.map +1 -0
package/dist/tools/core/memorySave.d.ts +33 -0
package/dist/tools/core/memorySave.d.ts.map +1 -0
package/dist/tools/core/memorySave.js +41 -0
package/dist/tools/core/memorySave.js.map +1 -0
package/dist/tools/core/messageChannel.d.ts +27 -0
package/dist/tools/core/messageChannel.d.ts.map +1 -0
package/dist/tools/core/messageChannel.js +59 -0
package/dist/tools/core/messageChannel.js.map +1 -0
package/dist/tools/core/parallelCrew.d.ts +54 -0
package/dist/tools/core/parallelCrew.d.ts.map +1 -0
package/dist/tools/core/parallelCrew.js +60 -0
package/dist/tools/core/parallelCrew.js.map +1 -0
package/dist/tools/core/pollTool.d.ts +36 -0
package/dist/tools/core/pollTool.d.ts.map +1 -0
package/dist/tools/core/pollTool.js +69 -0
package/dist/tools/core/pollTool.js.map +1 -0
package/dist/tools/core/projectTracker.d.ts +71 -0
package/dist/tools/core/projectTracker.d.ts.map +1 -0
package/dist/tools/core/projectTracker.js +181 -0
package/dist/tools/core/projectTracker.js.map +1 -0
package/dist/tools/core/readFile.d.ts +24 -0
package/dist/tools/core/readFile.d.ts.map +1 -0
package/dist/tools/core/readFile.js +49 -0
package/dist/tools/core/readFile.js.map +1 -0
package/dist/tools/core/readPDF.d.ts +32 -0
package/dist/tools/core/readPDF.d.ts.map +1 -0
package/dist/tools/core/readPDF.js +135 -0
package/dist/tools/core/readPDF.js.map +1 -0
package/dist/tools/core/reloadTool.d.ts +36 -0
package/dist/tools/core/reloadTool.d.ts.map +1 -0
package/dist/tools/core/reloadTool.js +109 -0
package/dist/tools/core/reloadTool.js.map +1 -0
package/dist/tools/core/replyToUser.d.ts +14 -0
package/dist/tools/core/replyToUser.d.ts.map +1 -0
package/dist/tools/core/replyToUser.js +19 -0
package/dist/tools/core/replyToUser.js.map +1 -0
package/dist/tools/core/screenCapture.d.ts +17 -0
package/dist/tools/core/screenCapture.d.ts.map +1 -0
package/dist/tools/core/screenCapture.js +34 -0
package/dist/tools/core/screenCapture.js.map +1 -0
package/dist/tools/core/sendEmail.d.ts +34 -0
package/dist/tools/core/sendEmail.d.ts.map +1 -0
package/dist/tools/core/sendEmail.js +56 -0
package/dist/tools/core/sendEmail.js.map +1 -0
package/dist/tools/core/sendFile.d.ts +37 -0
package/dist/tools/core/sendFile.d.ts.map +1 -0
package/dist/tools/core/sendFile.js +53 -0
package/dist/tools/core/sendFile.js.map +1 -0
package/dist/tools/core/sessionSearch.d.ts +62 -0
package/dist/tools/core/sessionSearch.d.ts.map +1 -0
package/dist/tools/core/sessionSearch.js +154 -0
package/dist/tools/core/sessionSearch.js.map +1 -0
package/dist/tools/core/skillManage.d.ts +71 -0
package/dist/tools/core/skillManage.d.ts.map +1 -0
package/dist/tools/core/skillManage.js +353 -0
package/dist/tools/core/skillManage.js.map +1 -0
package/dist/tools/core/skillView.d.ts +46 -0
package/dist/tools/core/skillView.d.ts.map +1 -0
package/dist/tools/core/skillView.js +101 -0
package/dist/tools/core/skillView.js.map +1 -0
package/dist/tools/core/teamTool.d.ts +71 -0
package/dist/tools/core/teamTool.d.ts.map +1 -0
package/dist/tools/core/teamTool.js +132 -0
package/dist/tools/core/teamTool.js.map +1 -0
package/dist/tools/core/textToSpeech.d.ts +25 -0
package/dist/tools/core/textToSpeech.d.ts.map +1 -0
package/dist/tools/core/textToSpeech.js +87 -0
package/dist/tools/core/textToSpeech.js.map +1 -0
package/dist/tools/core/transcribeAudio.d.ts +21 -0
package/dist/tools/core/transcribeAudio.d.ts.map +1 -0
package/dist/tools/core/transcribeAudio.js +27 -0
package/dist/tools/core/transcribeAudio.js.map +1 -0
package/dist/tools/core/useCrew.d.ts +38 -0
package/dist/tools/core/useCrew.d.ts.map +1 -0
package/dist/tools/core/useCrew.js +48 -0
package/dist/tools/core/useCrew.js.map +1 -0
package/dist/tools/core/useMCP.d.ts +40 -0
package/dist/tools/core/useMCP.d.ts.map +1 -0
package/dist/tools/core/useMCP.js +64 -0
package/dist/tools/core/useMCP.js.map +1 -0
package/dist/tools/core/watcherTool.d.ts +47 -0
package/dist/tools/core/watcherTool.d.ts.map +1 -0
package/dist/tools/core/watcherTool.js +119 -0
package/dist/tools/core/watcherTool.js.map +1 -0
package/dist/tools/core/webFetch.d.ts +48 -0
package/dist/tools/core/webFetch.d.ts.map +1 -0
package/dist/tools/core/webFetch.js +265 -0
package/dist/tools/core/webFetch.js.map +1 -0
package/dist/tools/core/webSearch.d.ts +55 -0
package/dist/tools/core/webSearch.d.ts.map +1 -0
package/dist/tools/core/webSearch.js +429 -0
package/dist/tools/core/webSearch.js.map +1 -0
package/dist/tools/core/writeFile.d.ts +27 -0
package/dist/tools/core/writeFile.d.ts.map +1 -0
package/dist/tools/core/writeFile.js +51 -0
package/dist/tools/core/writeFile.js.map +1 -0
package/dist/tools/registry.d.ts +36 -0
package/dist/tools/registry.d.ts.map +1 -0
package/dist/tools/registry.js +73 -0
package/dist/tools/registry.js.map +1 -0
package/dist/tools/types.d.ts +50 -0
package/dist/tools/types.d.ts.map +1 -0
package/dist/tools/types.js +20 -0
package/dist/tools/types.js.map +1 -0
package/dist/tunnels/TunnelManager.d.ts +52 -0
package/dist/tunnels/TunnelManager.d.ts.map +1 -0
package/dist/tunnels/TunnelManager.js +183 -0
package/dist/tunnels/TunnelManager.js.map +1 -0
package/dist/tunnels/urls.d.ts +20 -0
package/dist/tunnels/urls.d.ts.map +1 -0
package/dist/tunnels/urls.js +22 -0
package/dist/tunnels/urls.js.map +1 -0
package/dist/util/errors.d.ts +54 -0
package/dist/util/errors.d.ts.map +1 -0
package/dist/util/errors.js +102 -0
package/dist/util/errors.js.map +1 -0
package/dist/util/logger.d.ts +21 -0
package/dist/util/logger.d.ts.map +1 -0
package/dist/util/logger.js +62 -0
package/dist/util/logger.js.map +1 -0
package/dist/util/msgText.d.ts +16 -0
package/dist/util/msgText.d.ts.map +1 -0
package/dist/util/msgText.js +65 -0
package/dist/util/msgText.js.map +1 -0
package/dist/util/result.d.ts +24 -0
package/dist/util/result.d.ts.map +1 -0
package/dist/util/result.js +35 -0
package/dist/util/result.js.map +1 -0
package/dist/util/tokenEstimate.d.ts +12 -0
package/dist/util/tokenEstimate.d.ts.map +1 -0
package/dist/util/tokenEstimate.js +22 -0
package/dist/util/tokenEstimate.js.map +1 -0
package/dist/voice/DaemoraLLM.d.ts +44 -0
package/dist/voice/DaemoraLLM.d.ts.map +1 -0
package/dist/voice/DaemoraLLM.js +185 -0
package/dist/voice/DaemoraLLM.js.map +1 -0
package/dist/voice/ElevenLabsSTT.d.ts +41 -0
package/dist/voice/ElevenLabsSTT.d.ts.map +1 -0
package/dist/voice/ElevenLabsSTT.js +98 -0
package/dist/voice/ElevenLabsSTT.js.map +1 -0
package/dist/voice/GroqTTS.d.ts +38 -0
package/dist/voice/GroqTTS.d.ts.map +1 -0
package/dist/voice/GroqTTS.js +208 -0
package/dist/voice/GroqTTS.js.map +1 -0
package/dist/voice/LiveKitServer.d.ts +30 -0
package/dist/voice/LiveKitServer.d.ts.map +1 -0
package/dist/voice/LiveKitServer.js +119 -0
package/dist/voice/LiveKitServer.js.map +1 -0
package/dist/voice/LiveKitToken.d.ts +25 -0
package/dist/voice/LiveKitToken.d.ts.map +1 -0
package/dist/voice/LiveKitToken.js +44 -0
package/dist/voice/LiveKitToken.js.map +1 -0
package/dist/voice/SidecarSupervisor.d.ts +39 -0
package/dist/voice/SidecarSupervisor.d.ts.map +1 -0
package/dist/voice/SidecarSupervisor.js +194 -0
package/dist/voice/SidecarSupervisor.js.map +1 -0
package/dist/voice/VoiceAgent.d.ts +23 -0
package/dist/voice/VoiceAgent.d.ts.map +1 -0
package/dist/voice/VoiceAgent.js +265 -0
package/dist/voice/VoiceAgent.js.map +1 -0
package/dist/voice/VoiceProviders.d.ts +29 -0
package/dist/voice/VoiceProviders.d.ts.map +1 -0
package/dist/voice/VoiceProviders.js +177 -0
package/dist/voice/VoiceProviders.js.map +1 -0
package/dist/voice/VoiceSession.d.ts +106 -0
package/dist/voice/VoiceSession.d.ts.map +1 -0
package/dist/voice/VoiceSession.js +454 -0
package/dist/voice/VoiceSession.js.map +1 -0
package/dist/voice/VoiceSocket.d.ts +49 -0
package/dist/voice/VoiceSocket.d.ts.map +1 -0
package/dist/voice/VoiceSocket.js +274 -0
package/dist/voice/VoiceSocket.js.map +1 -0
package/dist/voice/stt/DeepgramSTT.d.ts +26 -0
package/dist/voice/stt/DeepgramSTT.d.ts.map +1 -0
package/dist/voice/stt/DeepgramSTT.js +188 -0
package/dist/voice/stt/DeepgramSTT.js.map +1 -0
package/dist/voice/stt/GroqSTT.d.ts +28 -0
package/dist/voice/stt/GroqSTT.d.ts.map +1 -0
package/dist/voice/stt/GroqSTT.js +169 -0
package/dist/voice/stt/GroqSTT.js.map +1 -0
package/dist/voice/stt/STTAdapter.d.ts +47 -0
package/dist/voice/stt/STTAdapter.d.ts.map +1 -0
package/dist/voice/stt/STTAdapter.js +27 -0
package/dist/voice/stt/STTAdapter.js.map +1 -0
package/dist/voice/transcribe.d.ts +33 -0
package/dist/voice/transcribe.d.ts.map +1 -0
package/dist/voice/transcribe.js +73 -0
package/dist/voice/transcribe.js.map +1 -0
package/dist/voice/transcriptFilter.d.ts +16 -0
package/dist/voice/transcriptFilter.d.ts.map +1 -0
package/dist/voice/transcriptFilter.js +36 -0
package/dist/voice/transcriptFilter.js.map +1 -0
package/dist/voice/tts/CartesiaTTS.d.ts +31 -0
package/dist/voice/tts/CartesiaTTS.d.ts.map +1 -0
package/dist/voice/tts/CartesiaTTS.js +201 -0
package/dist/voice/tts/CartesiaTTS.js.map +1 -0
package/dist/voice/tts/ElevenLabsTTS.d.ts +29 -0
package/dist/voice/tts/ElevenLabsTTS.d.ts.map +1 -0
package/dist/voice/tts/ElevenLabsTTS.js +210 -0
package/dist/voice/tts/ElevenLabsTTS.js.map +1 -0
package/dist/voice/tts/OpenAITTS.d.ts +23 -0
package/dist/voice/tts/OpenAITTS.d.ts.map +1 -0
package/dist/voice/tts/OpenAITTS.js +124 -0
package/dist/voice/tts/OpenAITTS.js.map +1 -0
package/dist/voice/tts/TTSAdapter.d.ts +46 -0
package/dist/voice/tts/TTSAdapter.d.ts.map +1 -0
package/dist/voice/tts/TTSAdapter.js +26 -0
package/dist/voice/tts/TTSAdapter.js.map +1 -0
package/dist/voice-worker.mjs +607 -0
package/dist/watchers/FileWatcher.d.ts +47 -0
package/dist/watchers/FileWatcher.d.ts.map +1 -0
package/dist/watchers/FileWatcher.js +103 -0
package/dist/watchers/FileWatcher.js.map +1 -0
package/dist/watchers/IntegrationWatcher.d.ts +68 -0
package/dist/watchers/IntegrationWatcher.d.ts.map +1 -0
package/dist/watchers/IntegrationWatcher.js +347 -0
package/dist/watchers/IntegrationWatcher.js.map +1 -0
package/dist/watchers/PollWatcher.d.ts +54 -0
package/dist/watchers/PollWatcher.d.ts.map +1 -0
package/dist/watchers/PollWatcher.js +135 -0
package/dist/watchers/PollWatcher.js.map +1 -0
package/dist/watchers/WatcherRunner.d.ts +49 -0
package/dist/watchers/WatcherRunner.d.ts.map +1 -0
package/dist/watchers/WatcherRunner.js +203 -0
package/dist/watchers/WatcherRunner.js.map +1 -0
package/dist/watchers/WatcherStore.d.ts +43 -0
package/dist/watchers/WatcherStore.d.ts.map +1 -0
package/dist/watchers/WatcherStore.js +78 -0
package/dist/watchers/WatcherStore.js.map +1 -0
package/dist/webhooks/WebhookHandler.d.ts +36 -0
package/dist/webhooks/WebhookHandler.d.ts.map +1 -0
package/dist/webhooks/WebhookHandler.js +264 -0
package/dist/webhooks/WebhookHandler.js.map +1 -0
package/dist/webhooks/WebhookTokenStore.d.ts +48 -0
package/dist/webhooks/WebhookTokenStore.d.ts.map +1 -0
package/dist/webhooks/WebhookTokenStore.js +136 -0
package/dist/webhooks/WebhookTokenStore.js.map +1 -0
package/dist/webhooks/hmac.d.ts +43 -0
package/dist/webhooks/hmac.d.ts.map +1 -0
package/dist/webhooks/hmac.js +98 -0
package/dist/webhooks/hmac.js.map +1 -0
package/dist/webhooks/watcherTemplates.d.ts +21 -0
package/dist/webhooks/watcherTemplates.d.ts.map +1 -0
package/dist/webhooks/watcherTemplates.js +164 -0
package/dist/webhooks/watcherTemplates.js.map +1 -0
package/package.json +119 -0
package/public/architecture.svg +99 -0
package/public/banner.png +0 -0
package/public/banner.svg +141 -0
package/public/multi-agent.svg +109 -0
package/public/security.svg +84 -0
package/public/steer-inject.svg +73 -0
package/public/task-lifecycle.svg +77 -0
package/skills/_template/SKILL.md +11 -0
package/skills/api-development.md +35 -0
package/skills/apple-notes/SKILL.md +77 -0
package/skills/apple-reminders/SKILL.md +118 -0
package/skills/artifacts-builder/SKILL.md +74 -0
package/skills/artifacts-builder/scripts/bundle-artifact.sh +54 -0
package/skills/artifacts-builder/scripts/init-artifact.sh +322 -0
package/skills/artifacts-builder/scripts/shadcn-components.tar.gz +0 -0
package/skills/brand-guidelines.md +73 -0
package/skills/browser.md +77 -0
package/skills/camsnap/SKILL.md +45 -0
package/skills/changelog-generator.md +104 -0
package/skills/coding-agent/SKILL.md +316 -0
package/skills/content-research-writer.md +538 -0
package/skills/create-new-skill.md +564 -0
package/skills/data-analysis.md +27 -0
package/skills/debugging.md +33 -0
package/skills/devops.md +37 -0
package/skills/discord/SKILL.md +197 -0
package/skills/document-docx.md +197 -0
package/skills/document-pptx.md +484 -0
package/skills/document-xlsx.md +289 -0
package/skills/documents.md +13 -0
package/skills/domain-name-brainstormer.md +212 -0
package/skills/email.md +13 -0
package/skills/example-pdf/SKILL.md +17 -0
package/skills/file-organizer.md +433 -0
package/skills/frontend-design.md +42 -0
package/skills/gif-search.md +53 -0
package/skills/github/SKILL.md +163 -0
package/skills/google-workspace.md +64 -0
package/skills/image-enhancer.md +99 -0
package/skills/image-gen.md +48 -0
package/skills/invoice-organizer.md +446 -0
package/skills/lead-research-assistant.md +199 -0
package/skills/link-understanding.md +21 -0
package/skills/macos-automation.md +62 -0
package/skills/mcp-builder/SKILL.md +328 -0
package/skills/mcp-builder/reference/evaluation.md +602 -0
package/skills/mcp-builder/reference/mcp_best_practices.md +915 -0
package/skills/mcp-builder/reference/node_mcp_server.md +916 -0
package/skills/mcp-builder/reference/python_mcp_server.md +752 -0
package/skills/mcp-builder/scripts/connections.py +151 -0
package/skills/mcp-builder/scripts/evaluation.py +373 -0
package/skills/mcp-builder/scripts/example_evaluation.xml +22 -0
package/skills/mcp-builder/scripts/requirements.txt +2 -0
package/skills/meeting-attendance.md +37 -0
package/skills/meeting-insights-analyzer.md +327 -0
package/skills/model-usage/SKILL.md +69 -0
package/skills/model-usage/references/codexbar-cli.md +33 -0
package/skills/model-usage/scripts/model_usage.py +320 -0
package/skills/model-usage/scripts/test_model_usage.py +40 -0
package/skills/notion/SKILL.md +174 -0
package/skills/obsidian/SKILL.md +81 -0
package/skills/orchestration.md +114 -0
package/skills/pdf.md +60 -0
package/skills/planning/SKILL.md +98 -0
package/skills/planning.md +168 -0
package/skills/raffle-winner-picker.md +159 -0
package/skills/remotion.md +126 -0
package/skills/research.md +13 -0
package/skills/skill-creator/SKILL.md +372 -0
package/skills/skill-creator/license.txt +202 -0
package/skills/skill-creator/scripts/init_skill.py +378 -0
package/skills/skill-creator/scripts/package_skill.py +139 -0
package/skills/skill-creator/scripts/quick_validate.py +159 -0
package/skills/skill-creator/scripts/test_package_skill.py +160 -0
package/skills/skill-creator/scripts/test_quick_validate.py +72 -0
package/skills/slack/SKILL.md +144 -0
package/skills/slack-gif-creator/SKILL.md +646 -0
package/skills/slack-gif-creator/core/color_palettes.py +302 -0
package/skills/slack-gif-creator/core/easing.py +230 -0
package/skills/slack-gif-creator/core/frame_composer.py +469 -0
package/skills/slack-gif-creator/core/gif_builder.py +246 -0
package/skills/slack-gif-creator/core/typography.py +357 -0
package/skills/slack-gif-creator/core/validators.py +264 -0
package/skills/slack-gif-creator/core/visual_effects.py +494 -0
package/skills/slack-gif-creator/requirements.txt +4 -0
package/skills/slack-gif-creator/templates/bounce.py +106 -0
package/skills/slack-gif-creator/templates/explode.py +331 -0
package/skills/slack-gif-creator/templates/fade.py +329 -0
package/skills/slack-gif-creator/templates/flip.py +291 -0
package/skills/slack-gif-creator/templates/kaleidoscope.py +211 -0
package/skills/slack-gif-creator/templates/morph.py +329 -0
package/skills/slack-gif-creator/templates/move.py +293 -0
package/skills/slack-gif-creator/templates/pulse.py +268 -0
package/skills/slack-gif-creator/templates/shake.py +127 -0
package/skills/slack-gif-creator/templates/slide.py +291 -0
package/skills/slack-gif-creator/templates/spin.py +269 -0
package/skills/slack-gif-creator/templates/wiggle.py +300 -0
package/skills/slack-gif-creator/templates/zoom.py +312 -0
package/skills/summarize/SKILL.md +87 -0
package/skills/system-admin.md +44 -0
package/skills/tailored-resume-generator.md +345 -0
package/skills/task-decomposition/SKILL.md +113 -0
package/skills/theme-factory/SKILL.md +59 -0
package/skills/theme-factory/theme-showcase.pdf +0 -0
package/skills/theme-factory/themes/arctic-frost.md +19 -0
package/skills/theme-factory/themes/botanical-garden.md +19 -0
package/skills/theme-factory/themes/desert-rose.md +19 -0
package/skills/theme-factory/themes/forest-canopy.md +19 -0
package/skills/theme-factory/themes/golden-hour.md +19 -0
package/skills/theme-factory/themes/midnight-galaxy.md +19 -0
package/skills/theme-factory/themes/modern-minimalist.md +19 -0
package/skills/theme-factory/themes/ocean-depths.md +19 -0
package/skills/theme-factory/themes/sunset-boulevard.md +19 -0
package/skills/theme-factory/themes/tech-innovation.md +19 -0
package/skills/things-mac/SKILL.md +86 -0
package/skills/tmux/SKILL.md +170 -0
package/skills/tmux/scripts/find-sessions.sh +112 -0
package/skills/tmux/scripts/wait-for-text.sh +83 -0
package/skills/trello/SKILL.md +108 -0
package/skills/video-downloader.md +99 -0
package/skills/video-frames/SKILL.md +46 -0
package/skills/video-frames/scripts/frame.sh +81 -0
package/skills/weather/SKILL.md +129 -0
package/skills/web-development.md +32 -0
package/skills/webapp-testing/SKILL.md +96 -0
package/skills/webapp-testing/examples/console_logging.py +35 -0
package/skills/webapp-testing/examples/element_discovery.py +40 -0
package/skills/webapp-testing/examples/static_html_automation.py +33 -0
package/skills/webapp-testing/scripts/with_server.py +106 -0
package/ui/dist/assets/index-DuybLBDW.css +1 -0
package/ui/dist/assets/index-kK4jTnXz.js +569 -0
package/ui/dist/favicon.svg +29 -0
package/ui/dist/index.html +16 -0

package/dist/auth/AuthStore.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * AuthStore — refresh-token persistence + audit trail.
+ *
+ * Refresh tokens are stored as `sha256(token)` so a DB leak can't be
+ * replayed. Rows carry enough metadata to list "active sessions" in
+ * the UI (device name, last used, created at) and revoke individually
+ * or en masse (on password change).
+ *
+ * Revocation is soft — `revoked_at` timestamp, never deleted. Keeps
+ * audit trail; cleanup is a separate scheduled sweep (not done here).
+ */
+import { createHash, randomBytes } from "node:crypto";
+import { createLogger } from "../util/logger.js";
+const log = createLogger("auth.store");
+const SCHEMA = `
+CREATE TABLE IF NOT EXISTS auth_refresh_tokens (
+  id              TEXT PRIMARY KEY,
+  user_id         TEXT NOT NULL,
+  token_hash      TEXT NOT NULL UNIQUE,
+  device_name     TEXT,
+  created_at      INTEGER NOT NULL,
+  last_used_at    INTEGER NOT NULL,
+  revoked_at      INTEGER,
+  expires_at      INTEGER
+);
+CREATE INDEX IF NOT EXISTS idx_auth_tokens_user ON auth_refresh_tokens(user_id);
+CREATE INDEX IF NOT EXISTS idx_auth_tokens_hash ON auth_refresh_tokens(token_hash);
+CREATE TABLE IF NOT EXISTS auth_audit (
+  id         TEXT PRIMARY KEY,
+  at         INTEGER NOT NULL,
+  user_id    TEXT NOT NULL,
+  event      TEXT NOT NULL,
+  ip         TEXT,
+  detail     TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_auth_audit_at ON auth_audit(at DESC);
+CREATE INDEX IF NOT EXISTS idx_auth_audit_user ON auth_audit(user_id);
+`;
+export class AuthStore {
+    db;
+    stmts;
+    constructor(db) {
+        this.db = db;
+        this.db.exec(SCHEMA);
+        this.stmts = this.prepare();
+        log.debug("auth store ready");
+    }
+    // ── Refresh tokens ─────────────────────────────────────────────────────
+    /**
+     * Mint a fresh refresh token and persist its hash. Returns the
+     * plaintext token (caller gives it to the client; server never
+     * sees it again except as a hash).
+     */
+    issueRefresh(opts) {
+        const token = randomBytes(32).toString("base64url");
+        const tokenHash = hash(token);
+        const id = randomBytes(12).toString("hex");
+        const now = Date.now();
+        this.stmts.insertRefresh.run(id, opts.userId, tokenHash, opts.deviceName ?? null, now, now, null, opts.expiresAt ?? null);
+        const row = this.getRefreshById(id);
+        return { id, token, row };
+    }
+    /**
+     * Look up by plaintext token. Returns null if the token is unknown,
+     * revoked, or expired. Marks the row as used on success.
+     *
+     * NOTE: caller still has to rotate the token (issue new, revoke old)
+     * — that's in TokenService to keep the audit path centralised.
+     */
+    findActiveByToken(token) {
+        const tokenHash = hash(token);
+        const row = this.stmts.selectByHash.get(tokenHash);
+        if (!row)
+            return null;
+        if (row.revokedAt !== null)
+            return null;
+        if (row.expiresAt !== null && row.expiresAt <= Date.now())
+            return null;
+        return row;
+    }
+    markUsed(id) {
+        this.stmts.touchUsed.run(Date.now(), id);
+    }
+    revoke(id) {
+        const info = this.stmts.revokeOne.run(Date.now(), id);
+        return info.changes > 0;
+    }
+    revokeAllForUser(userId) {
+        return this.stmts.revokeUser.run(Date.now(), userId).changes;
+    }
+    listActiveForUser(userId) {
+        return this.stmts.listActive.all(userId);
+    }
+    getRefreshById(id) {
+        return this.stmts.selectById.get(id) ?? null;
+    }
+    // ── Audit ──────────────────────────────────────────────────────────────
+    audit(entry) {
+        this.stmts.insertAudit.run(randomBytes(8).toString("hex"), Date.now(), entry.userId, entry.event, entry.ip ?? null, entry.detail ?? null);
+    }
+    listAudit(opts = {}) {
+        const limit = Math.min(opts.limit ?? 100, 500);
+        if (opts.userId)
+            return this.stmts.auditByUser.all(opts.userId, limit);
+        return this.stmts.auditAll.all(limit);
+    }
+    // ── Internal ───────────────────────────────────────────────────────────
+    prepare() {
+        return {
+            insertRefresh: this.db.prepare(`INSERT INTO auth_refresh_tokens (id, user_id, token_hash, device_name, created_at, last_used_at, revoked_at, expires_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`),
+            selectByHash: this.db.prepare(`SELECT id, user_id AS userId, token_hash AS tokenHash, device_name AS deviceName,
+                created_at AS createdAt, last_used_at AS lastUsedAt,
+                revoked_at AS revokedAt, expires_at AS expiresAt
+         FROM auth_refresh_tokens WHERE token_hash = ?`),
+            selectById: this.db.prepare(`SELECT id, user_id AS userId, token_hash AS tokenHash, device_name AS deviceName,
+                created_at AS createdAt, last_used_at AS lastUsedAt,
+                revoked_at AS revokedAt, expires_at AS expiresAt
+         FROM auth_refresh_tokens WHERE id = ?`),
+            listActive: this.db.prepare(`SELECT id, user_id AS userId, token_hash AS tokenHash, device_name AS deviceName,
+                created_at AS createdAt, last_used_at AS lastUsedAt,
+                revoked_at AS revokedAt, expires_at AS expiresAt
+         FROM auth_refresh_tokens
+         WHERE user_id = ? AND revoked_at IS NULL
+         ORDER BY last_used_at DESC`),
+            touchUsed: this.db.prepare(`UPDATE auth_refresh_tokens SET last_used_at = ? WHERE id = ? AND revoked_at IS NULL`),
+            revokeOne: this.db.prepare(`UPDATE auth_refresh_tokens SET revoked_at = ? WHERE id = ? AND revoked_at IS NULL`),
+            revokeUser: this.db.prepare(`UPDATE auth_refresh_tokens SET revoked_at = ? WHERE user_id = ? AND revoked_at IS NULL`),
+            insertAudit: this.db.prepare(`INSERT INTO auth_audit (id, at, user_id, event, ip, detail) VALUES (?, ?, ?, ?, ?, ?)`),
+            auditByUser: this.db.prepare(`SELECT id, at, user_id AS userId, event, ip, detail FROM auth_audit WHERE user_id = ? ORDER BY at DESC LIMIT ?`),
+            auditAll: this.db.prepare(`SELECT id, at, user_id AS userId, event, ip, detail FROM auth_audit ORDER BY at DESC LIMIT ?`),
+        };
+    }
+}
+function hash(token) {
+    return createHash("sha256").update(token).digest("hex");
+}
+//# sourceMappingURL=AuthStore.js.map

package/dist/auth/AuthStore.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthStore.js","sourceRoot":"","sources":["../../src/auth/AuthStore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAGtD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;AAoCvC,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;CAwBd,CAAC;AAEF,MAAM,OAAO,SAAS;IAGS;IAFZ,KAAK,CAAmC;IAEzD,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;QAChD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;IAED,0EAA0E;IAE1E;;;;OAIG;IACH,YAAY,CAAC,IAAwE;QACnF,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAC1B,EAAE,EACF,IAAI,CAAC,MAAM,EACX,SAAS,EACT,IAAI,CAAC,UAAU,IAAI,IAAI,EACvB,GAAG,EACH,GAAG,EACH,IAAI,EACJ,IAAI,CAAC,SAAS,IAAI,IAAI,CACvB,CAAC;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,CAAE,CAAC;QACrC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IAC5B,CAAC;IAED;;;;;;OAMG;IACH,iBAAiB,CAAC,KAAa;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAgC,CAAC;QAClF,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QACxC,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,IAAI,CAAC;QACvE,OAAO,GAAG,CAAC;IACb,CAAC;IAED,QAAQ,CAAC,EAAU;QACjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,CAAC,EAAU;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,gBAAgB,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAc;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAsB,CAAC;IAChE,CAAC;IAED,cAAc,CAAC,EAAU;QACvB,OAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAqB,IAAI,IAAI,CAAC;IACpE,CAAC;IAED,0EAA0E;IAE1E,KAAK,CAAC,KAAwF;QAC5F,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CACxB,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAC9B,IAAI,CAAC,GAAG,EAAE,EACV,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,EAAE,IAAI,IAAI,EAChB,KAAK,CAAC,MAAM,IAAI,IAAI,CACrB,CAAC;IACJ,CAAC;IAED,SAAS,CAAC,OAA4C,EAAE;QACtD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,EAAE,GAAG,CAAC,CAAC;QAC/C,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAe,CAAC;QACrF,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAe,CAAC;IACtD,CAAC;IAED,0EAA0E;IAElE,OAAO;QACb,OAAO;YACL,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B;yCACiC,CAClC;YACD,YAAY,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAC3B;;;uDAG+C,CAChD;YACD,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACzB;;;+CAGuC,CACxC;YACD,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACzB;;;;;oCAK4B,CAC7B;YACD,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACxB,qFAAqF,CACtF;YACD,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACxB,mFAAmF,CACpF;YACD,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACzB,wFAAwF,CACzF;YACD,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,uFAAuF,CACxF;YACD,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,gHAAgH,CACjH;YACD,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CACvB,8FAA8F,CAC/F;SACF,CAAC;IACJ,CAAC;CACF;AAED,SAAS,IAAI,CAAC,KAAa;IACzB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC"}

package/dist/auth/LocalAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * LocalAuthProvider — the vault passphrase IS the credential.
+ *
+ * Verification path:
+ *   1. Attempt `vault.unlock(passphrase)`.
+ *   2. Success → user is authenticated as the single local user.
+ *      Failure → return null (ValidationError maps to "bad passphrase").
+ *
+ * Scopes: local user has everything. Plan is "self-hosted". These
+ * values exist so the downstream token/middleware code is identical
+ * to cloud, but they carry no enforcement meaning locally.
+ *
+ * Locking the vault (manual, idle timeout, or on passphrase rotation)
+ * doesn't invalidate existing tokens directly — that's the signing
+ * key's job (derived from vault state in TokenService).
+ */
+import type { SecretVault } from "../config/SecretVault.js";
+import type { AuthenticatedUser, AuthCredentials, AuthProvider } from "./AuthProvider.js";
+export declare class LocalAuthProvider implements AuthProvider {
+    private readonly vault;
+    constructor(vault: SecretVault);
+    isReady(): boolean;
+    verifyCredentials(creds: AuthCredentials): Promise<AuthenticatedUser | null>;
+    isUnlocked(): boolean;
+    exists(): boolean;
+    lock(): void;
+}
+//# sourceMappingURL=LocalAuthProvider.d.ts.map

package/dist/auth/LocalAuthProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"LocalAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/LocalAuthProvider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAU1F,qBAAa,iBAAkB,YAAW,YAAY;IAExC,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,WAAW;IAE/C,OAAO,IAAI,OAAO;IAIZ,iBAAiB,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IA2BlF,UAAU,IAAI,OAAO;IAIrB,MAAM,IAAI,OAAO;IAIjB,IAAI,IAAI,IAAI;CAGb"}

package/dist/auth/LocalAuthProvider.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * LocalAuthProvider — the vault passphrase IS the credential.
+ *
+ * Verification path:
+ *   1. Attempt `vault.unlock(passphrase)`.
+ *   2. Success → user is authenticated as the single local user.
+ *      Failure → return null (ValidationError maps to "bad passphrase").
+ *
+ * Scopes: local user has everything. Plan is "self-hosted". These
+ * values exist so the downstream token/middleware code is identical
+ * to cloud, but they carry no enforcement meaning locally.
+ *
+ * Locking the vault (manual, idle timeout, or on passphrase rotation)
+ * doesn't invalidate existing tokens directly — that's the signing
+ * key's job (derived from vault state in TokenService).
+ */
+import { ValidationError } from "../util/errors.js";
+const LOCAL_USER_ID = "local";
+const LOCAL_USER = {
+    id: LOCAL_USER_ID,
+    scopes: ["chat", "admin", "webhooks", "voice", "settings", "vault"],
+    label: "Local user",
+};
+export class LocalAuthProvider {
+    vault;
+    constructor(vault) {
+        this.vault = vault;
+    }
+    isReady() {
+        return true; // vault may be locked, but we can still try to unlock
+    }
+    async verifyCredentials(creds) {
+        const passphrase = creds.passphrase;
+        if (!passphrase || passphrase.length < 8)
+            return null;
+        try {
+            if (!this.vault.isUnlocked()) {
+                this.vault.unlock(passphrase);
+            }
+            else {
+                // Vault already unlocked — re-derive + compare without changing state.
+                // We do this by briefly locking, trying, then restoring: simplest
+                // correct implementation since vault.unlock is idempotent and
+                // guards against wrong passphrases with ValidationError.
+                // This path hits when a second device logs in while the first is live.
+                this.vault.lock();
+                this.vault.unlock(passphrase);
+            }
+        }
+        catch (e) {
+            if (e instanceof ValidationError)
+                return null;
+            throw e;
+        }
+        return LOCAL_USER;
+    }
+    // ── Vault lifecycle passthrough ────────────────────────────────
+    // Routes ask the provider (not the vault) about unlock state so the
+    // Auth bundle stays the one thing routes import.
+    isUnlocked() {
+        return this.vault.isUnlocked();
+    }
+    exists() {
+        return this.vault.exists();
+    }
+    lock() {
+        this.vault.lock();
+    }
+}
+//# sourceMappingURL=LocalAuthProvider.js.map

package/dist/auth/LocalAuthProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"LocalAuthProvider.js","sourceRoot":"","sources":["../../src/auth/LocalAuthProvider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGpD,MAAM,aAAa,GAAG,OAAO,CAAC;AAE9B,MAAM,UAAU,GAAsB;IACpC,EAAE,EAAE,aAAa;IACjB,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC;IACnE,KAAK,EAAE,YAAY;CACpB,CAAC;AAEF,MAAM,OAAO,iBAAiB;IAEC;IAA7B,YAA6B,KAAkB;QAAlB,UAAK,GAAL,KAAK,CAAa;IAAG,CAAC;IAEnD,OAAO;QACL,OAAO,IAAI,CAAC,CAAC,sDAAsD;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAsB;QAC5C,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAEtD,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC7B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,uEAAuE;gBACvE,kEAAkE;gBAClE,8DAA8D;gBAC9D,yDAAyD;gBACzD,uEAAuE;gBACvE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAClB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,eAAe;gBAAE,OAAO,IAAI,CAAC;YAC9C,MAAM,CAAC,CAAC;QACV,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,kEAAkE;IAClE,oEAAoE;IACpE,iDAAiD;IAEjD,UAAU;QACR,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;IAC7B,CAAC;IAED,IAAI;QACF,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;CACF"}

package/dist/auth/TokenService.d.ts ADDED Viewed

@@ -0,0 +1,83 @@
+/**
+ * TokenService — issues access + refresh tokens, rotates refresh on
+ * use, verifies access tokens, centralises the audit trail.
+ *
+ * Access tokens (JWT HS256):
+ *   - Short-lived (24 h default). Stateless — verification is signature
+ *     + expiry; no DB hit.
+ *   - Claims: sub, plan, scopes, iat, exp, deviceName.
+ *
+ * Refresh tokens (opaque, 32 B, random):
+ *   - Long-lived / non-expiring by default. Stored as sha256 hash.
+ *   - Rotated on use: every /auth/refresh invalidates the old token
+ *     and returns a fresh one. Replay of a used token → "refresh.reuse"
+ *     audit entry + revoke-all-for-user (defense in depth: if an
+ *     attacker stole a refresh token and the real user has already
+ *     rotated, we detect the double-use and kill the whole session set).
+ *
+ * Signing key:
+ *   - Passed in at construction. The caller (auth factory) derives it
+ *     per deploy mode — HKDF from vault locally, env-injected in cloud.
+ *   - Rotating the key invalidates every outstanding access token.
+ *     Refresh tokens survive (they're opaque, not signed) so clients
+ *     transparently get new access tokens on next refresh.
+ */
+import type { AuthStore } from "./AuthStore.js";
+import type { AuthenticatedUser } from "./AuthProvider.js";
+import { type VerifyResult } from "./jwt.js";
+export interface IssuedTokens {
+    readonly accessToken: string;
+    readonly refreshToken: string;
+    readonly accessExpiresAt: number;
+    readonly refreshId: string;
+    readonly user: AuthenticatedUser;
+}
+export interface TokenServiceOptions {
+    /** HMAC key for JWT HS256 sign/verify. */
+    readonly signingKey: Buffer | string;
+    /** Override access-token TTL in seconds (default 24h). */
+    readonly accessTtlSeconds?: number;
+    /** Device name to tag the refresh token with (for the UI session list). */
+    readonly defaultDeviceName?: string;
+}
+export declare class TokenService {
+    private readonly store;
+    private readonly signingKey;
+    private readonly accessTtl;
+    constructor(store: AuthStore, opts: TokenServiceOptions);
+    /**
+     * Called by /auth/login after AuthProvider verified credentials.
+     * Issues a fresh refresh + access pair. Passes `deviceName` so the
+     * user can distinguish devices in the session list later.
+     */
+    issueForUser(user: AuthenticatedUser, opts?: {
+        deviceName?: string;
+        ip?: string | null;
+    }): IssuedTokens;
+    /**
+     * Called by /auth/refresh. Rotates the refresh token (invalidates
+     * old, issues new) and mints a fresh access token.
+     *
+     * `provider` lets us re-resolve the user's current plan/scopes —
+     * refresh shouldn't snapshot stale tier info if the user's plan
+     * changed since the last login.
+     */
+    rotateRefresh(refreshToken: string, resolveUser: (userId: string) => AuthenticatedUser | null, opts?: {
+        deviceName?: string;
+        ip?: string | null;
+    }): IssuedTokens | {
+        failure: "unknown" | "reused";
+    };
+    /**
+     * Revoke a single refresh token (sign-out this device). Called by
+     * /auth/logout.
+     */
+    logout(refreshToken: string, ip?: string | null): boolean;
+    /** Revoke every session for a user (called on passphrase rotation). */
+    logoutAll(userId: string, ip?: string | null): number;
+    /** Verify an access token. Fast path — no DB hit. */
+    verifyAccess(token: string): VerifyResult;
+    private mintAccess;
+    private audit;
+}
+//# sourceMappingURL=TokenService.d.ts.map

package/dist/auth/TokenService.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TokenService.d.ts","sourceRoot":"","sources":["../../src/auth/TokenService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,gBAAgB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAsC,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAKjF,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;CAClC;AAED,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;IACrC,0DAA0D;IAC1D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,2EAA2E;IAC3E,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,qBAAa,YAAY;IAKrB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAJxB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAGhB,KAAK,EAAE,SAAS,EACjC,IAAI,EAAE,mBAAmB;IAM3B;;;;OAIG;IACH,YAAY,CAAC,IAAI,EAAE,iBAAiB,EAAE,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAO,GAAG,YAAY;IAO3G;;;;;;;OAOG;IACH,aAAa,CACX,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,iBAAiB,GAAG,IAAI,EACzD,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAO,GACrD,YAAY,GAAG;QAAE,OAAO,EAAE,SAAS,GAAG,QAAQ,CAAA;KAAE;IAkCnD;;;OAGG;IACH,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO;IAQzD,uEAAuE;IACvE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM;IAMrD,qDAAqD;IACrD,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY;IAMzC,OAAO,CAAC,UAAU;IAiBlB,OAAO,CAAC,KAAK;CAGd"}

package/dist/auth/TokenService.js ADDED Viewed

@@ -0,0 +1,129 @@
+/**
+ * TokenService — issues access + refresh tokens, rotates refresh on
+ * use, verifies access tokens, centralises the audit trail.
+ *
+ * Access tokens (JWT HS256):
+ *   - Short-lived (24 h default). Stateless — verification is signature
+ *     + expiry; no DB hit.
+ *   - Claims: sub, plan, scopes, iat, exp, deviceName.
+ *
+ * Refresh tokens (opaque, 32 B, random):
+ *   - Long-lived / non-expiring by default. Stored as sha256 hash.
+ *   - Rotated on use: every /auth/refresh invalidates the old token
+ *     and returns a fresh one. Replay of a used token → "refresh.reuse"
+ *     audit entry + revoke-all-for-user (defense in depth: if an
+ *     attacker stole a refresh token and the real user has already
+ *     rotated, we detect the double-use and kill the whole session set).
+ *
+ * Signing key:
+ *   - Passed in at construction. The caller (auth factory) derives it
+ *     per deploy mode — HKDF from vault locally, env-injected in cloud.
+ *   - Rotating the key invalidates every outstanding access token.
+ *     Refresh tokens survive (they're opaque, not signed) so clients
+ *     transparently get new access tokens on next refresh.
+ */
+import { signJwt, verifyJwt } from "./jwt.js";
+const ACCESS_TTL_SECONDS = 24 * 60 * 60; // 24h
+const REFRESH_REUSE_WINDOW_MS = 5_000; // grace period for legit network retries
+export class TokenService {
+    store;
+    signingKey;
+    accessTtl;
+    constructor(store, opts) {
+        this.store = store;
+        this.signingKey = opts.signingKey;
+        this.accessTtl = opts.accessTtlSeconds ?? ACCESS_TTL_SECONDS;
+    }
+    /**
+     * Called by /auth/login after AuthProvider verified credentials.
+     * Issues a fresh refresh + access pair. Passes `deviceName` so the
+     * user can distinguish devices in the session list later.
+     */
+    issueForUser(user, opts = {}) {
+        const refresh = this.store.issueRefresh({ userId: user.id, ...(opts.deviceName ? { deviceName: opts.deviceName } : {}) });
+        const tokens = this.mintAccess(user, refresh.id, opts.deviceName);
+        this.audit(user.id, "login.ok", opts.ip ?? null, opts.deviceName);
+        return { ...tokens, refreshToken: refresh.token, refreshId: refresh.id, user };
+    }
+    /**
+     * Called by /auth/refresh. Rotates the refresh token (invalidates
+     * old, issues new) and mints a fresh access token.
+     *
+     * `provider` lets us re-resolve the user's current plan/scopes —
+     * refresh shouldn't snapshot stale tier info if the user's plan
+     * changed since the last login.
+     */
+    rotateRefresh(refreshToken, resolveUser, opts = {}) {
+        const row = this.store.findActiveByToken(refreshToken);
+        if (!row) {
+            // Token doesn't exist or was already revoked → possible reuse.
+            // We can't know whose session to kill without a lookup that
+            // doesn't exist here (the hash is the only identifier), so the
+            // best we can do is audit a generic reuse event and refuse.
+            this.audit("unknown", "refresh.reuse", opts.ip ?? null, `token prefix=${refreshToken.slice(0, 6)}`);
+            return { failure: "reused" };
+        }
+        const user = resolveUser(row.userId);
+        if (!user) {
+            this.store.revoke(row.id);
+            return { failure: "unknown" };
+        }
+        // Grace period: don't rotate if the same refresh was just rotated
+        // a couple seconds ago (retry after a dropped connection).
+        const tooRecent = Date.now() - row.lastUsedAt < REFRESH_REUSE_WINDOW_MS && row.lastUsedAt !== row.createdAt;
+        if (tooRecent) {
+            this.store.markUsed(row.id);
+            const access = this.mintAccess(user, row.id, row.deviceName ?? undefined);
+            return { ...access, refreshToken, refreshId: row.id, user };
+        }
+        // Rotate: revoke current, issue new, bind to the same user+device.
+        this.store.revoke(row.id);
+        const newRow = this.store.issueRefresh({ userId: user.id, ...(row.deviceName ? { deviceName: row.deviceName } : {}) });
+        const access = this.mintAccess(user, newRow.id, row.deviceName ?? undefined);
+        this.audit(user.id, "refresh.ok", opts.ip ?? null);
+        return { ...access, refreshToken: newRow.token, refreshId: newRow.id, user };
+    }
+    /**
+     * Revoke a single refresh token (sign-out this device). Called by
+     * /auth/logout.
+     */
+    logout(refreshToken, ip) {
+        const row = this.store.findActiveByToken(refreshToken);
+        if (!row)
+            return false;
+        this.store.revoke(row.id);
+        this.audit(row.userId, "logout", ip ?? null);
+        return true;
+    }
+    /** Revoke every session for a user (called on passphrase rotation). */
+    logoutAll(userId, ip) {
+        const n = this.store.revokeAllForUser(userId);
+        this.audit(userId, "revoke.all", ip ?? null, `count=${n}`);
+        return n;
+    }
+    /** Verify an access token. Fast path — no DB hit. */
+    verifyAccess(token) {
+        return verifyJwt(token, this.signingKey);
+    }
+    // ── Internal ────────────────────────────────────────────────────────────
+    mintAccess(user, refreshId, deviceName) {
+        const now = Math.floor(Date.now() / 1000);
+        const exp = now + this.accessTtl;
+        const claims = {
+            sub: user.id,
+            iat: now,
+            exp,
+            scopes: user.scopes,
+            rid: refreshId, // pair access ↔ refresh row for audit correlation
+            ...(deviceName ? { deviceName } : {}),
+        };
+        return {
+            accessToken: signJwt(claims, this.signingKey),
+            accessExpiresAt: exp * 1000,
+        };
+    }
+    audit(userId, event, ip, detail) {
+        this.store.audit({ userId, event, ip, ...(detail ? { detail } : {}) });
+    }
+}
+//# sourceMappingURL=TokenService.js.map

package/dist/auth/TokenService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TokenService.js","sourceRoot":"","sources":["../../src/auth/TokenService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,OAAO,EAAE,OAAO,EAAE,SAAS,EAAqC,MAAM,UAAU,CAAC;AAEjF,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM;AAC/C,MAAM,uBAAuB,GAAG,KAAK,CAAC,CAAG,yCAAyC;AAmBlF,MAAM,OAAO,YAAY;IAKJ;IAJF,UAAU,CAAkB;IAC5B,SAAS,CAAS;IAEnC,YACmB,KAAgB,EACjC,IAAyB;QADR,UAAK,GAAL,KAAK,CAAW;QAGjC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAgB,IAAI,kBAAkB,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,IAAuB,EAAE,OAAoD,EAAE;QAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1H,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAClE,OAAO,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;IACjF,CAAC;IAED;;;;;;;OAOG;IACH,aAAa,CACX,YAAoB,EACpB,WAAyD,EACzD,OAAoD,EAAE;QAEtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+DAA+D;YAC/D,4DAA4D;YAC5D,+DAA+D;YAC/D,4DAA4D;YAC5D,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,eAAe,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,gBAAgB,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACpG,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QAC/B,CAAC;QAED,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QAChC,CAAC;QAED,kEAAkE;QAClE,2DAA2D;QAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,UAAU,GAAG,uBAAuB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS,CAAC;QAC5G,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;YAC1E,OAAO,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;QAC9D,CAAC;QAED,mEAAmE;QACnE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACvH,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;QAC7E,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC;QACnD,OAAO,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,YAAoB,EAAE,EAAkB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,IAAI,IAAI,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uEAAuE;IACvE,SAAS,CAAC,MAAc,EAAE,EAAkB;QAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,EAAE,IAAI,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,CAAC;IACX,CAAC;IAED,qDAAqD;IACrD,YAAY,CAAC,KAAa;QACxB,OAAO,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;IAED,2EAA2E;IAEnE,UAAU,CAAC,IAAuB,EAAE,SAAiB,EAAE,UAA8B;QAC3F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,MAAM,MAAM,GAAc;YACxB,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,GAAG,EAAE,GAAG;YACR,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,EAAE,SAAS,EAAQ,kDAAkD;YACxE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtC,CAAC;QACF,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;YAC7C,eAAe,EAAE,GAAG,GAAG,IAAI;SAC5B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,MAAc,EAAE,KAAiB,EAAE,EAAiB,EAAE,MAAe;QACjF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;CACF"}

package/dist/auth/fileToken.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Loopback file-token — the "same-machine script access" escape hatch.
+ *
+ * Writes a 32-byte random token to `{dataDir}/auth-token` with 0600
+ * perms. The middleware accepts it ONLY when the request arrived over
+ * loopback (127.0.0.1 / ::1). Remote requests hitting the same endpoint
+ * with this token are rejected.
+ *
+ * Why this is safe:
+ *   - File perm 0600 limits read to the owning UID. Any process
+ *     already running as your user has full access anyway — this
+ *     token just lets them talk to Daemora over HTTP without a full
+ *     login flow (curl, scripts, the desktop app).
+ *   - The loopback check uses `req.socket.remoteAddress` directly
+ *     (not headers) so X-Forwarded-For spoofing doesn't bypass.
+ *
+ * The UI in the desktop/dev build reads this via server-injected
+ * `<meta name="api-token">` — same pattern as the JS daemora.
+ */
+export declare function getOrCreateFileToken(dataDir: string): string;
+/**
+ * Constant-time comparison. Use for every token-vs-token check to avoid
+ * timing-based side channels revealing prefix matches.
+ */
+export declare function constantTimeEqual(a: string, b: string): boolean;
+/**
+ * Is the socket peer a loopback address? Uses the TCP peer directly,
+ * ignoring X-Forwarded-For / X-Real-IP so a malicious proxy can't
+ * pretend to be local. If you're running Daemora behind a reverse
+ * proxy on the same host, you're fine — the peer IS localhost.
+ */
+export declare function isLoopback(remoteAddress: string | undefined): boolean;
+//# sourceMappingURL=fileToken.d.ts.map

package/dist/auth/fileToken.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"fileToken.d.ts","sourceRoot":"","sources":["../../src/auth/fileToken.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAWH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAc5D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK/D;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAOrE"}

package/dist/auth/fileToken.js ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * Loopback file-token — the "same-machine script access" escape hatch.
+ *
+ * Writes a 32-byte random token to `{dataDir}/auth-token` with 0600
+ * perms. The middleware accepts it ONLY when the request arrived over
+ * loopback (127.0.0.1 / ::1). Remote requests hitting the same endpoint
+ * with this token are rejected.
+ *
+ * Why this is safe:
+ *   - File perm 0600 limits read to the owning UID. Any process
+ *     already running as your user has full access anyway — this
+ *     token just lets them talk to Daemora over HTTP without a full
+ *     login flow (curl, scripts, the desktop app).
+ *   - The loopback check uses `req.socket.remoteAddress` directly
+ *     (not headers) so X-Forwarded-For spoofing doesn't bypass.
+ *
+ * The UI in the desktop/dev build reads this via server-injected
+ * `<meta name="api-token">` — same pattern as the JS daemora.
+ */
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { chmodSync, mkdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { randomBytes, timingSafeEqual } from "node:crypto";
+import { createLogger } from "../util/logger.js";
+const log = createLogger("auth.filetoken");
+export function getOrCreateFileToken(dataDir) {
+    const path = join(dataDir, "auth-token");
+    if (existsSync(path)) {
+        const token = readFileSync(path, "utf-8").trim();
+        if (token.length >= 32)
+            return token;
+    }
+    const token = randomBytes(32).toString("hex");
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, token, "utf-8");
+    // chmod 0600 — only the owner can read. Some OS (Windows) may not
+    // enforce, but the file path is still inside the user's data dir.
+    try {
+        chmodSync(path, 0o600);
+    }
+    catch { /* best effort */ }
+    log.info("loopback auth token generated");
+    return token;
+}
+/**
+ * Constant-time comparison. Use for every token-vs-token check to avoid
+ * timing-based side channels revealing prefix matches.
+ */
+export function constantTimeEqual(a, b) {
+    const ab = Buffer.from(a, "utf-8");
+    const bb = Buffer.from(b, "utf-8");
+    if (ab.length !== bb.length)
+        return false;
+    return timingSafeEqual(ab, bb);
+}
+/**
+ * Is the socket peer a loopback address? Uses the TCP peer directly,
+ * ignoring X-Forwarded-For / X-Real-IP so a malicious proxy can't
+ * pretend to be local. If you're running Daemora behind a reverse
+ * proxy on the same host, you're fine — the peer IS localhost.
+ */
+export function isLoopback(remoteAddress) {
+    if (!remoteAddress)
+        return false;
+    return (remoteAddress === "127.0.0.1" ||
+        remoteAddress === "::1" ||
+        remoteAddress === "::ffff:127.0.0.1");
+}
+//# sourceMappingURL=fileToken.js.map

package/dist/auth/fileToken.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fileToken.js","sourceRoot":"","sources":["../../src/auth/fileToken.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE3D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;AAE3C,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE;YAAE,OAAO,KAAK,CAAC;IACvC,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACpC,kEAAkE;IAClE,kEAAkE;IAClE,IAAI,CAAC;QAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAC3D,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACnC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,aAAiC;IAC1D,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,OAAO,CACL,aAAa,KAAK,WAAW;QAC7B,aAAa,KAAK,KAAK;QACvB,aAAa,KAAK,kBAAkB,CACrC,CAAC;AACJ,CAAC"}

package/dist/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Auth factory — wires AuthStore + LocalAuthProvider + TokenService
+ * together with a signing key derived from the vault.
+ *
+ * Signing key derivation:
+ *   - HKDF-SHA256 from the vault's per-install salt + a fixed label
+ *     ("daemora-auth-sign-v1"). Deterministic per-install, unique
+ *     across installs.
+ *   - Rotating the vault (new passphrase, same data) preserves the
+ *     salt so tokens survive — which is what we want, since
+ *     legitimate passphrase rotation shouldn't log everyone out by
+ *     side-effect of invalidating signatures. Explicit "revoke all
+ *     sessions" handles session invalidation cleanly.
+ *   - If you wanted every passphrase change to invalidate tokens,
+ *     rotate the salt too. Deliberately we don't.
+ */
+import type Database from "better-sqlite3";
+import type { SecretVault } from "../config/SecretVault.js";
+import { AuthStore } from "./AuthStore.js";
+import { LocalAuthProvider } from "./LocalAuthProvider.js";
+import { TokenService } from "./TokenService.js";
+export interface Auth {
+    readonly store: AuthStore;
+    readonly provider: LocalAuthProvider;
+    readonly tokens: TokenService;
+    readonly fileToken: string;
+    /**
+     * Primary HS256 signing key. Exposed so adjacent subsystems
+     * (webhook token encryption, channel signers, etc.) can derive
+     * their own sub-keys via `deriveSubKey(primary, label)` instead of
+     * generating independent secrets that need separate persistence.
+     */
+    readonly signingKey: Buffer;
+}
+export interface BuildAuthOpts {
+    readonly db: Database.Database;
+    readonly vault: SecretVault;
+    readonly dataDir: string;
+}
+export declare function buildAuth(opts: BuildAuthOpts): Auth;
+/**
+ * Utility: derive a sub-key for a specific purpose (HMAC for webhook
+ * tokens, etc.) so we don't reuse the primary signing key for
+ * multiple distinct uses.
+ */
+export declare function deriveSubKey(primary: Buffer, label: string): Buffer;
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAMH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAKjD,MAAM,WAAW,IAAI;IACnB,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,IAAI,CAQnD;AAgCD;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnE"}