determinate 0.0.0

package/dist/errors.js

@@ -0,0 +1,44 @@
+export class ValidationError extends Error {
+    name = "ValidationError";
+}
+export class BudgetExceededError extends Error {
+    section;
+    actual;
+    budget;
+    name = "BudgetExceededError";
+    constructor(section, actual, budget) {
+        super(`Token budget exceeded for "${section}": ${actual} tokens used, budget is ${budget}`);
+        this.section = section;
+        this.actual = actual;
+        this.budget = budget;
+    }
+}
+export class NoValidToolsError extends Error {
+    name = "NoValidToolsError";
+    constructor() {
+        super("No tools passed their validWhen predicate for the current state");
+    }
+}
+export class ProviderError extends Error {
+    provider;
+    name = "ProviderError";
+    constructor(provider, message) {
+        super(`[${provider}] ${message}`);
+        this.provider = provider;
+    }
+}
+export class OutputError extends Error {
+    rawOutput;
+    name = "OutputError";
+    constructor(message, rawOutput) {
+        super(message);
+        this.rawOutput = rawOutput;
+    }
+}
+export class AbortError extends Error {
+    name = "AbortError";
+    constructor(message = "Operation was aborted") {
+        super(message);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAChC,IAAI,GAAG,iBAA0B,CAAC;CAC3C;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAG5B;IACA;IACA;IAJR,IAAI,GAAG,qBAA8B,CAAC;IAC/C,YACiB,OAAe,EACf,MAAc,EACd,MAAc;QAE9B,KAAK,CAAC,8BAA8B,OAAO,MAAM,MAAM,2BAA2B,MAAM,EAAE,CAAC,CAAC;QAJ5E,YAAO,GAAP,OAAO,CAAQ;QACf,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;IAG/B,CAAC;CACD;AAED,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAClC,IAAI,GAAG,mBAA4B,CAAC;IAC7C;QACC,KAAK,CAAC,iEAAiE,CAAC,CAAC;IAC1E,CAAC;CACD;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAGtB;IAFR,IAAI,GAAG,eAAwB,CAAC;IACzC,YACiB,QAAgB,EAChC,OAAe;QAEf,KAAK,CAAC,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC,CAAC;QAHlB,aAAQ,GAAR,QAAQ,CAAQ;IAIjC,CAAC;CACD;AAED,MAAM,OAAO,WAAY,SAAQ,KAAK;IAIpB;IAHR,IAAI,GAAG,aAAsB,CAAC;IACvC,YACC,OAAe,EACC,SAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,cAAS,GAAT,SAAS,CAAQ;IAGlC,CAAC;CACD;AAED,MAAM,OAAO,UAAW,SAAQ,KAAK;IAC3B,IAAI,GAAG,YAAqB,CAAC;IACtC,YAAY,UAAkB,uBAAuB;QACpD,KAAK,CAAC,OAAO,CAAC,CAAC;IAChB,CAAC;CACD"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+import { Agent } from "./agent";
+import type { AgentConfig } from "./types";
+export declare function createAgent<TState>(config: AgentConfig<TState>): Agent<TState>;
+export { Agent } from "./agent";
+export { AbortError, BudgetExceededError, NoValidToolsError, OutputError, ProviderError, ValidationError, } from "./errors";
+export type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface, } from "./oauth/index";
+export { getOAuthApiKey, getOAuthProvider, getOAuthProviders, TokenStore } from "./oauth/index";
+export type { Action, ActionMeta, ActionResult, AgentConfig, AssembledContext, HistoryEntry, ModelPricing, NextActionOptions, ProviderConfig, TokenBudgets, TokenUsage, ToolDefinition, VerboseActionResult, } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAE9E;AAED,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAEhC,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,aAAa,EACb,eAAe,GACf,MAAM,UAAU,CAAC;AAClB,YAAY,EACX,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChG,YAAY,EACX,MAAM,EACN,UAAU,EACV,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,GACnB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,8 @@
+import { Agent } from "./agent";
+export function createAgent(config) {
+    return new Agent(config);
+}
+export { Agent } from "./agent";
+export { AbortError, BudgetExceededError, NoValidToolsError, OutputError, ProviderError, ValidationError, } from "./errors";
+export { getOAuthApiKey, getOAuthProvider, getOAuthProviders, TokenStore } from "./oauth/index";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAGhC,MAAM,UAAU,WAAW,CAAS,MAA2B;IAC9D,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAEhC,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,aAAa,EACb,eAAe,GACf,MAAM,UAAU,CAAC;AAMlB,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC"}

package/dist/oauth/anthropic.d.ts

@@ -0,0 +1,5 @@
+import type { OAuthCredentials, OAuthProviderInterface } from "./types";
+export declare function loginAnthropic(onAuthUrl: (url: string) => void, onPromptCode: () => Promise<string>): Promise<OAuthCredentials>;
+export declare function refreshAnthropicToken(refreshToken: string): Promise<OAuthCredentials>;
+export declare const anthropicOAuthProvider: OAuthProviderInterface;
+//# sourceMappingURL=anthropic.d.ts.map

package/dist/oauth/anthropic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../src/oauth/anthropic.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAuB,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAS7F,wBAAsB,cAAc,CACnC,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,EAChC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,GACjC,OAAO,CAAC,gBAAgB,CAAC,CAqD3B;AAED,wBAAsB,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA2B3F;AAED,eAAO,MAAM,sBAAsB,EAAE,sBAkBpC,CAAC"}

package/dist/oauth/anthropic.js

@@ -0,0 +1,84 @@
+import { generatePKCE } from "./pkce";
+const decode = (s) => atob(s);
+const CLIENT_ID = decode("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
+const AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+const TOKEN_URL = "https://console.anthropic.com/v1/oauth/token";
+const REDIRECT_URI = "https://console.anthropic.com/oauth/code/callback";
+const SCOPES = "org:create_api_key user:profile user:inference";
+export async function loginAnthropic(onAuthUrl, onPromptCode) {
+    const { verifier, challenge } = await generatePKCE();
+    const authParams = new URLSearchParams({
+        code: "true",
+        client_id: CLIENT_ID,
+        response_type: "code",
+        redirect_uri: REDIRECT_URI,
+        scope: SCOPES,
+        code_challenge: challenge,
+        code_challenge_method: "S256",
+        state: verifier,
+    });
+    const authUrl = `${AUTHORIZE_URL}?${authParams.toString()}`;
+    onAuthUrl(authUrl);
+    const authCode = await onPromptCode();
+    const splits = authCode.split("#");
+    const code = splits[0];
+    const state = splits[1];
+    const tokenResponse = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grant_type: "authorization_code",
+            client_id: CLIENT_ID,
+            code,
+            state,
+            redirect_uri: REDIRECT_URI,
+            code_verifier: verifier,
+        }),
+    });
+    if (!tokenResponse.ok) {
+        const error = await tokenResponse.text();
+        throw new Error(`Token exchange failed: ${error}`);
+    }
+    const tokenData = (await tokenResponse.json());
+    const expiresAt = Date.now() + tokenData.expires_in * 1000 - 5 * 60 * 1000;
+    return {
+        refresh: tokenData.refresh_token,
+        access: tokenData.access_token,
+        expires: expiresAt,
+    };
+}
+export async function refreshAnthropicToken(refreshToken) {
+    const response = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grant_type: "refresh_token",
+            client_id: CLIENT_ID,
+            refresh_token: refreshToken,
+        }),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Anthropic token refresh failed: ${error}`);
+    }
+    const data = (await response.json());
+    return {
+        refresh: data.refresh_token,
+        access: data.access_token,
+        expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
+    };
+}
+export const anthropicOAuthProvider = {
+    id: "anthropic",
+    name: "Anthropic (Claude Pro/Max)",
+    async login(callbacks) {
+        return loginAnthropic((url) => callbacks.onAuth({ url }), () => callbacks.onPrompt({ message: "Paste the authorization code:" }));
+    },
+    async refreshToken(credentials) {
+        return refreshAnthropicToken(credentials.refresh);
+    },
+    getApiKey(credentials) {
+        return credentials.access;
+    },
+};
+//# sourceMappingURL=anthropic.js.map

package/dist/oauth/anthropic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic.js","sourceRoot":"","sources":["../../src/oauth/anthropic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAGtC,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACtC,MAAM,SAAS,GAAG,MAAM,CAAC,kDAAkD,CAAC,CAAC;AAC7E,MAAM,aAAa,GAAG,mCAAmC,CAAC;AAC1D,MAAM,SAAS,GAAG,8CAA8C,CAAC;AACjE,MAAM,YAAY,GAAG,mDAAmD,CAAC;AACzE,MAAM,MAAM,GAAG,gDAAgD,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,SAAgC,EAChC,YAAmC;IAEnC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAErD,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC;QACtC,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,MAAM;QACrB,YAAY,EAAE,YAAY;QAC1B,KAAK,EAAE,MAAM;QACb,cAAc,EAAE,SAAS;QACzB,qBAAqB,EAAE,MAAM;QAC7B,KAAK,EAAE,QAAQ;KACf,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC5D,SAAS,CAAC,OAAO,CAAC,CAAC;IAEnB,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAExB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QAC5C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACpB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,KAAK;YACL,YAAY,EAAE,YAAY;YAC1B,aAAa,EAAE,QAAQ;SACvB,CAAC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAI5C,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAE3E,OAAO;QACN,OAAO,EAAE,SAAS,CAAC,aAAa;QAChC,MAAM,EAAE,SAAS,CAAC,YAAY;QAC9B,OAAO,EAAE,SAAS;KAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,YAAoB;IAC/D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QACvC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,SAAS;YACpB,aAAa,EAAE,YAAY;SAC3B,CAAC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;IAEF,OAAO;QACN,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI;KAC5D,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAA2B;IAC7D,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,4BAA4B;IAElC,KAAK,CAAC,KAAK,CAAC,SAA8B;QACzC,OAAO,cAAc,CACpB,CAAC,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,EAClC,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CACtE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,WAA6B;QAC/C,OAAO,qBAAqB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,SAAS,CAAC,WAA6B;QACtC,OAAO,WAAW,CAAC,MAAM,CAAC;IAC3B,CAAC;CACD,CAAC"}

package/dist/oauth/index.d.ts

@@ -0,0 +1,18 @@
+import { TokenStore } from "./token-store";
+import type { OAuthCredentials, OAuthProviderInterface } from "./types";
+export { anthropicOAuthProvider } from "./anthropic";
+export { openaiOAuthProvider } from "./openai";
+export { TokenStore } from "./token-store";
+export type { OAuthAuthInfo, OAuthCredentials, OAuthLoginCallbacks, OAuthPrompt, OAuthProviderId, OAuthProviderInterface, } from "./types";
+export declare function getOAuthProvider(id: string): OAuthProviderInterface | undefined;
+export declare function getOAuthProviders(): OAuthProviderInterface[];
+/**
+ * Get an API key from stored OAuth credentials.
+ * If credentials are expired but refreshable, refreshes transparently.
+ * Returns null if no stored credentials exist.
+ */
+export declare function getOAuthApiKey(providerId: string, store?: TokenStore): Promise<{
+    apiKey: string;
+    credentials: OAuthCredentials;
+} | null>;
+//# sourceMappingURL=index.d.ts.map

package/dist/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAExE,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACX,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,sBAAsB,GACtB,MAAM,SAAS,CAAC;AAOjB,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,sBAAsB,GAAG,SAAS,CAE/E;AAED,wBAAgB,iBAAiB,IAAI,sBAAsB,EAAE,CAE5D;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CACnC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,UAAU,GAChB,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,gBAAgB,CAAA;CAAE,GAAG,IAAI,CAAC,CAqBnE"}

package/dist/oauth/index.js

@@ -0,0 +1,44 @@
+import { anthropicOAuthProvider } from "./anthropic";
+import { openaiOAuthProvider } from "./openai";
+import { TokenStore } from "./token-store";
+export { anthropicOAuthProvider } from "./anthropic";
+export { openaiOAuthProvider } from "./openai";
+export { TokenStore } from "./token-store";
+const providers = new Map([
+    ["anthropic", anthropicOAuthProvider],
+    ["openai", openaiOAuthProvider],
+]);
+export function getOAuthProvider(id) {
+    return providers.get(id);
+}
+export function getOAuthProviders() {
+    return Array.from(providers.values());
+}
+/**
+ * Get an API key from stored OAuth credentials.
+ * If credentials are expired but refreshable, refreshes transparently.
+ * Returns null if no stored credentials exist.
+ */
+export async function getOAuthApiKey(providerId, store) {
+    const provider = providers.get(providerId);
+    if (!provider)
+        return null;
+    const tokenStore = store ?? new TokenStore();
+    const credentials = await tokenStore.load(providerId);
+    if (!credentials)
+        return null;
+    // Check if expired
+    if (Date.now() >= credentials.expires) {
+        try {
+            const refreshed = await provider.refreshToken(credentials);
+            await tokenStore.save(providerId, refreshed);
+            return { apiKey: provider.getApiKey(refreshed), credentials: refreshed };
+        }
+        catch {
+            // Refresh failed — credentials are invalid
+            return null;
+        }
+    }
+    return { apiKey: provider.getApiKey(credentials), credentials };
+}
+//# sourceMappingURL=index.js.map

package/dist/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAG3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAU3C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAiC;IACzD,CAAC,WAAW,EAAE,sBAAsB,CAAC;IACrC,CAAC,QAAQ,EAAE,mBAAmB,CAAC;CAC/B,CAAC,CAAC;AAEH,MAAM,UAAU,gBAAgB,CAAC,EAAU;IAC1C,OAAO,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,iBAAiB;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,UAAkB,EAClB,KAAkB;IAElB,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,UAAU,GAAG,KAAK,IAAI,IAAI,UAAU,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,mBAAmB;IACnB,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACvC,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;YAC3D,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACR,2CAA2C;YAC3C,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,WAAW,EAAE,CAAC;AACjE,CAAC"}

package/dist/oauth/openai.d.ts

@@ -0,0 +1,14 @@
+import type { OAuthCredentials, OAuthPrompt, OAuthProviderInterface } from "./types";
+export declare function loginOpenAI(options: {
+    onAuth: (info: {
+        url: string;
+        instructions?: string;
+    }) => void;
+    onPrompt: (prompt: OAuthPrompt) => Promise<string>;
+    onProgress?: (message: string) => void;
+    onManualCodeInput?: () => Promise<string>;
+    originator?: string;
+}): Promise<OAuthCredentials>;
+export declare function refreshOpenAIToken(refreshToken: string): Promise<OAuthCredentials>;
+export declare const openaiOAuthProvider: OAuthProviderInterface;
+//# sourceMappingURL=openai.d.ts.map

package/dist/oauth/openai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.d.ts","sourceRoot":"","sources":["../../src/oauth/openai.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACX,gBAAgB,EAEhB,WAAW,EACX,sBAAsB,EACtB,MAAM,SAAS,CAAC;AA+PjB,wBAAsB,WAAW,CAAC,OAAO,EAAE;IAC1C,MAAM,EAAE,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/D,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACnD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,iBAAiB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAwF5B;AAED,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAiBxF;AAED,eAAO,MAAM,mBAAmB,EAAE,sBAqBjC,CAAC"}

package/dist/oauth/openai.js

@@ -0,0 +1,328 @@
+import { randomBytes } from "node:crypto";
+import http from "node:http";
+import { generatePKCE } from "./pkce";
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+const TOKEN_URL = "https://auth.openai.com/oauth/token";
+const REDIRECT_URI = "http://localhost:1455/auth/callback";
+const SCOPE = "openid profile email offline_access";
+const JWT_CLAIM_PATH = "https://api.openai.com/auth";
+const SUCCESS_HTML = `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Authentication successful</title>
+</head>
+<body>
+  <p>Authentication successful. Return to your terminal to continue.</p>
+</body>
+</html>`;
+function createState() {
+    return randomBytes(16).toString("hex");
+}
+function parseAuthorizationInput(input) {
+    const value = input.trim();
+    if (!value)
+        return {};
+    try {
+        const url = new URL(value);
+        return {
+            code: url.searchParams.get("code") ?? undefined,
+            state: url.searchParams.get("state") ?? undefined,
+        };
+    }
+    catch {
+        // not a URL
+    }
+    if (value.includes("#")) {
+        const [code, state] = value.split("#", 2);
+        return { code, state };
+    }
+    if (value.includes("code=")) {
+        const params = new URLSearchParams(value);
+        return {
+            code: params.get("code") ?? undefined,
+            state: params.get("state") ?? undefined,
+        };
+    }
+    return { code: value };
+}
+function decodeJwt(token) {
+    try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+            return null;
+        const payload = parts[1] ?? "";
+        const decoded = atob(payload);
+        return JSON.parse(decoded);
+    }
+    catch {
+        return null;
+    }
+}
+async function exchangeAuthorizationCode(code, verifier, redirectUri = REDIRECT_URI) {
+    const response = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            client_id: CLIENT_ID,
+            code,
+            code_verifier: verifier,
+            redirect_uri: redirectUri,
+        }),
+    });
+    if (!response.ok) {
+        return { type: "failed" };
+    }
+    const json = (await response.json());
+    if (!json.access_token || !json.refresh_token || typeof json.expires_in !== "number") {
+        return { type: "failed" };
+    }
+    return {
+        type: "success",
+        access: json.access_token,
+        refresh: json.refresh_token,
+        expires: Date.now() + json.expires_in * 1000,
+    };
+}
+async function refreshAccessToken(refreshToken) {
+    try {
+        const response = await fetch(TOKEN_URL, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "refresh_token",
+                refresh_token: refreshToken,
+                client_id: CLIENT_ID,
+            }),
+        });
+        if (!response.ok) {
+            return { type: "failed" };
+        }
+        const json = (await response.json());
+        if (!json.access_token || !json.refresh_token || typeof json.expires_in !== "number") {
+            return { type: "failed" };
+        }
+        return {
+            type: "success",
+            access: json.access_token,
+            refresh: json.refresh_token,
+            expires: Date.now() + json.expires_in * 1000,
+        };
+    }
+    catch {
+        return { type: "failed" };
+    }
+}
+async function createAuthorizationFlow(originator = "determinate") {
+    const { verifier, challenge } = await generatePKCE();
+    const state = createState();
+    const url = new URL(AUTHORIZE_URL);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", CLIENT_ID);
+    url.searchParams.set("redirect_uri", REDIRECT_URI);
+    url.searchParams.set("scope", SCOPE);
+    url.searchParams.set("code_challenge", challenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("state", state);
+    url.searchParams.set("id_token_add_organizations", "true");
+    url.searchParams.set("codex_cli_simplified_flow", "true");
+    url.searchParams.set("originator", originator);
+    return { verifier, state, url: url.toString() };
+}
+function startLocalOAuthServer(state) {
+    let lastCode = null;
+    let cancelled = false;
+    const server = http.createServer((req, res) => {
+        try {
+            const url = new URL(req.url || "", "http://localhost");
+            if (url.pathname !== "/auth/callback") {
+                res.statusCode = 404;
+                res.end("Not found");
+                return;
+            }
+            if (url.searchParams.get("state") !== state) {
+                res.statusCode = 400;
+                res.end("State mismatch");
+                return;
+            }
+            const code = url.searchParams.get("code");
+            if (!code) {
+                res.statusCode = 400;
+                res.end("Missing authorization code");
+                return;
+            }
+            res.statusCode = 200;
+            res.setHeader("Content-Type", "text/html; charset=utf-8");
+            res.end(SUCCESS_HTML);
+            lastCode = code;
+        }
+        catch {
+            res.statusCode = 500;
+            res.end("Internal error");
+        }
+    });
+    return new Promise((resolve) => {
+        server
+            .listen(1455, "127.0.0.1", () => {
+            resolve({
+                close: () => server.close(),
+                cancelWait: () => {
+                    cancelled = true;
+                },
+                waitForCode: async () => {
+                    const sleep = () => new Promise((r) => setTimeout(r, 100));
+                    for (let i = 0; i < 600; i += 1) {
+                        if (lastCode)
+                            return { code: lastCode };
+                        if (cancelled)
+                            return null;
+                        await sleep();
+                    }
+                    return null;
+                },
+            });
+        })
+            .on("error", (_err) => {
+            resolve({
+                close: () => {
+                    try {
+                        server.close();
+                    }
+                    catch {
+                        // ignore
+                    }
+                },
+                cancelWait: () => { },
+                waitForCode: async () => null,
+            });
+        });
+    });
+}
+function getAccountId(accessToken) {
+    const payload = decodeJwt(accessToken);
+    const auth = payload?.[JWT_CLAIM_PATH];
+    const accountId = auth?.chatgpt_account_id;
+    return typeof accountId === "string" && accountId.length > 0 ? accountId : null;
+}
+export async function loginOpenAI(options) {
+    const { verifier, state, url } = await createAuthorizationFlow(options.originator);
+    const server = await startLocalOAuthServer(state);
+    options.onAuth({ url, instructions: "A browser window should open. Complete login to finish." });
+    let code;
+    try {
+        if (options.onManualCodeInput) {
+            let manualCode;
+            let manualError;
+            const manualPromise = options
+                .onManualCodeInput()
+                .then((input) => {
+                manualCode = input;
+                server.cancelWait();
+            })
+                .catch((err) => {
+                manualError = err instanceof Error ? err : new Error(String(err));
+                server.cancelWait();
+            });
+            const result = await server.waitForCode();
+            if (manualError)
+                throw manualError;
+            if (result?.code) {
+                code = result.code;
+            }
+            else if (manualCode) {
+                const parsed = parseAuthorizationInput(manualCode);
+                if (parsed.state && parsed.state !== state) {
+                    throw new Error("State mismatch");
+                }
+                code = parsed.code;
+            }
+            if (!code) {
+                await manualPromise;
+                if (manualError)
+                    throw manualError;
+                if (manualCode) {
+                    const parsed = parseAuthorizationInput(manualCode);
+                    if (parsed.state && parsed.state !== state) {
+                        throw new Error("State mismatch");
+                    }
+                    code = parsed.code;
+                }
+            }
+        }
+        else {
+            const result = await server.waitForCode();
+            if (result?.code) {
+                code = result.code;
+            }
+        }
+        if (!code) {
+            const input = await options.onPrompt({
+                message: "Paste the authorization code (or full redirect URL):",
+            });
+            const parsed = parseAuthorizationInput(input);
+            if (parsed.state && parsed.state !== state) {
+                throw new Error("State mismatch");
+            }
+            code = parsed.code;
+        }
+        if (!code) {
+            throw new Error("Missing authorization code");
+        }
+        const tokenResult = await exchangeAuthorizationCode(code, verifier);
+        if (tokenResult.type !== "success") {
+            throw new Error("Token exchange failed");
+        }
+        const accountId = getAccountId(tokenResult.access);
+        if (!accountId) {
+            throw new Error("Failed to extract accountId from token");
+        }
+        return {
+            access: tokenResult.access,
+            refresh: tokenResult.refresh,
+            expires: tokenResult.expires,
+            accountId,
+        };
+    }
+    finally {
+        server.close();
+    }
+}
+export async function refreshOpenAIToken(refreshToken) {
+    const result = await refreshAccessToken(refreshToken);
+    if (result.type !== "success") {
+        throw new Error("Failed to refresh OpenAI token");
+    }
+    const accountId = getAccountId(result.access);
+    if (!accountId) {
+        throw new Error("Failed to extract accountId from token");
+    }
+    return {
+        access: result.access,
+        refresh: result.refresh,
+        expires: result.expires,
+        accountId,
+    };
+}
+export const openaiOAuthProvider = {
+    id: "openai",
+    name: "ChatGPT Plus/Pro",
+    usesCallbackServer: true,
+    async login(callbacks) {
+        return loginOpenAI({
+            onAuth: callbacks.onAuth,
+            onPrompt: callbacks.onPrompt,
+            onProgress: callbacks.onProgress,
+            onManualCodeInput: callbacks.onManualCodeInput,
+        });
+    },
+    async refreshToken(credentials) {
+        return refreshOpenAIToken(credentials.refresh);
+    },
+    getApiKey(credentials) {
+        return credentials.access;
+    },
+};
+//# sourceMappingURL=openai.js.map

package/dist/oauth/openai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.js","sourceRoot":"","sources":["../../src/oauth/openai.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAQtC,MAAM,SAAS,GAAG,8BAA8B,CAAC;AACjD,MAAM,aAAa,GAAG,yCAAyC,CAAC;AAChE,MAAM,SAAS,GAAG,qCAAqC,CAAC;AACxD,MAAM,YAAY,GAAG,qCAAqC,CAAC;AAC3D,MAAM,KAAK,GAAG,qCAAqC,CAAC;AACpD,MAAM,cAAc,GAAG,6BAA6B,CAAC;AAErD,MAAM,YAAY,GAAG;;;;;;;;;;QAUb,CAAC;AAaT,SAAS,WAAW;IACnB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAa;IAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO;YACN,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YAC/C,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACR,YAAY;IACb,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACN,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACvC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC/B,IAAI,CAAC;QACJ,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,KAAK,UAAU,yBAAyB,CACvC,IAAY,EACZ,QAAgB,EAChB,cAAsB,YAAY;IAElC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QACvC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACzB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,aAAa,EAAE,QAAQ;YACvB,YAAY,EAAE,WAAW;SACzB,CAAC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAED,OAAO;QACN,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC5C,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IACrD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACzB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,SAAS;aACpB,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACtF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO;YACN,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,YAAY;YACzB,OAAO,EAAE,IAAI,CAAC,aAAa;YAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC5C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACF,CAAC;AAED,KAAK,UAAU,uBAAuB,CACrC,aAAqB,aAAa;IAElC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IACrD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;IAC1D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAE/C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;AACjD,CAAC;AAQD,SAAS,qBAAqB,CAAC,KAAa;IAC3C,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7C,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBACvC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACR,CAAC;YACD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC7C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC1B,OAAO;YACR,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBACtC,OAAO;YACR,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACtB,QAAQ,GAAG,IAAI,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACR,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3B,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM;aACJ,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YAC/B,OAAO,CAAC;gBACP,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE;gBAC3B,UAAU,EAAE,GAAG,EAAE;oBAChB,SAAS,GAAG,IAAI,CAAC;gBAClB,CAAC;gBACD,WAAW,EAAE,KAAK,IAAI,EAAE;oBACvB,MAAM,KAAK,GAAG,GAAG,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;wBACjC,IAAI,QAAQ;4BAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;wBACxC,IAAI,SAAS;4BAAE,OAAO,IAAI,CAAC;wBAC3B,MAAM,KAAK,EAAE,CAAC;oBACf,CAAC;oBACD,OAAO,IAAI,CAAC;gBACb,CAAC;aACD,CAAC,CAAC;QACJ,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,CAAC,IAA2B,EAAE,EAAE;YAC5C,OAAO,CAAC;gBACP,KAAK,EAAE,GAAG,EAAE;oBACX,IAAI,CAAC;wBACJ,MAAM,CAAC,KAAK,EAAE,CAAC;oBAChB,CAAC;oBAAC,MAAM,CAAC;wBACR,SAAS;oBACV,CAAC;gBACF,CAAC;gBACD,UAAU,EAAE,GAAG,EAAE,GAAE,CAAC;gBACpB,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;aAC7B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,WAAmB;IACxC,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC,cAAc,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,EAAE,kBAAkB,CAAC;IAC3C,OAAO,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAMjC;IACA,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAElD,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,yDAAyD,EAAE,CAAC,CAAC;IAEjG,IAAI,IAAwB,CAAC;IAC7B,IAAI,CAAC;QACJ,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC/B,IAAI,UAA8B,CAAC;YACnC,IAAI,WAA8B,CAAC;YACnC,MAAM,aAAa,GAAG,OAAO;iBAC3B,iBAAiB,EAAE;iBACnB,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,UAAU,GAAG,KAAK,CAAC;gBACnB,MAAM,CAAC,UAAU,EAAE,CAAC;YACrB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACd,WAAW,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,MAAM,CAAC,UAAU,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;YAEJ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE1C,IAAI,WAAW;gBAAE,MAAM,WAAW,CAAC;YAEnC,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;gBAClB,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACpB,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACvB,MAAM,MAAM,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;gBACnD,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACpB,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,MAAM,aAAa,CAAC;gBACpB,IAAI,WAAW;oBAAE,MAAM,WAAW,CAAC;gBACnC,IAAI,UAAU,EAAE,CAAC;oBAChB,MAAM,MAAM,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;oBACnD,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;wBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;oBACnC,CAAC;oBACD,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;gBACpB,CAAC;YACF,CAAC;QACF,CAAC;aAAM,CAAC;YACP,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAC1C,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;gBAClB,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACpB,CAAC;QACF,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;gBACpC,OAAO,EAAE,sDAAsD;aAC/D,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACnC,CAAC;YACD,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACN,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,SAAS;SACT,CAAC;IACH,CAAC;YAAS,CAAC;QACV,MAAM,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC5D,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO;QACN,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS;KACT,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAA2B;IAC1D,EAAE,EAAE,QAAQ;IACZ,IAAI,EAAE,kBAAkB;IACxB,kBAAkB,EAAE,IAAI;IAExB,KAAK,CAAC,KAAK,CAAC,SAA8B;QACzC,OAAO,WAAW,CAAC;YAClB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;SAC9C,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,WAA6B;QAC/C,OAAO,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,SAAS,CAAC,WAA6B;QACtC,OAAO,WAAW,CAAC,MAAM,CAAC;IAC3B,CAAC;CACD,CAAC"}

package/dist/oauth/pkce.d.ts

@@ -0,0 +1,9 @@
+/**
+ * PKCE utilities using Web Crypto API.
+ * Works in both Node.js 20+ and browsers.
+ */
+export declare function generatePKCE(): Promise<{
+    verifier: string;
+    challenge: string;
+}>;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/oauth/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/oauth/pkce.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,wBAAsB,YAAY,IAAI,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAWrF"}

package/dist/oauth/pkce.js

@@ -0,0 +1,22 @@
+/**
+ * PKCE utilities using Web Crypto API.
+ * Works in both Node.js 20+ and browsers.
+ */
+function base64urlEncode(bytes) {
+    let binary = "";
+    for (const byte of bytes) {
+        binary += String.fromCharCode(byte);
+    }
+    return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+export async function generatePKCE() {
+    const verifierBytes = new Uint8Array(32);
+    crypto.getRandomValues(verifierBytes);
+    const verifier = base64urlEncode(verifierBytes);
+    const encoder = new TextEncoder();
+    const data = encoder.encode(verifier);
+    const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+    const challenge = base64urlEncode(new Uint8Array(hashBuffer));
+    return { verifier, challenge };
+}
+//# sourceMappingURL=pkce.js.map