dexto 1.5.5 → 1.5.7

package/dist/cli/mcp/oauth-server.js

@@ -0,0 +1,70 @@
+import { createServer } from 'node:http';
+import { URL } from 'node:url';
+import { ensurePortAvailable } from './oauth-utils.js';
+function escapeHtml(value) {
+    return value
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#039;');
+}
+export async function createMcpCallbackServer(redirectUrl) {
+    const parsed = new URL(redirectUrl);
+    const port = Number(parsed.port || 8080);
+    if (!Number.isFinite(port) || port <= 0) {
+        throw new Error(`Invalid redirect port: ${parsed.port}`);
+    }
+    await ensurePortAvailable(port);
+    return new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            if (!req.url) {
+                res.writeHead(400);
+                res.end('Bad Request');
+                return;
+            }
+            const requestUrl = new URL(req.url, redirectUrl);
+            const code = requestUrl.searchParams.get('code');
+            const error = requestUrl.searchParams.get('error');
+            const errorDescription = requestUrl.searchParams.get('error_description');
+            if (code) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(`
+                    <html>
+                      <body>
+                        <h1>Authorization Successful</h1>
+                        <p>You can close this window and return to your terminal.</p>
+                      </body>
+                    </html>
+                `);
+                resolve(code);
+                setTimeout(() => server.close(), 3000);
+                return;
+            }
+            if (error) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+                    <html>
+                      <body>
+                        <h1>Authorization Failed</h1>
+                        <p>Error: ${escapeHtml(error)}</p>
+                        ${errorDescription ? `<p>${escapeHtml(errorDescription)}</p>` : ''}
+                      </body>
+                    </html>
+                `);
+                reject(new Error(`OAuth authorization failed: ${error}${errorDescription ? ` (${errorDescription})` : ''}`));
+                setTimeout(() => server.close(), 3000);
+                return;
+            }
+            res.writeHead(400);
+            res.end('Missing authorization code');
+        });
+        server.on('error', (err) => {
+            reject(err);
+            server.close();
+        });
+        server.listen(port, () => {
+            console.log(`🔐 Awaiting MCP OAuth callback on ${redirectUrl}`);
+        });
+    });
+}

package/dist/cli/mcp/oauth-store.d.ts

@@ -0,0 +1,10 @@
+import type { OAuthTokens, OAuthClientInformationMixed } from '@modelcontextprotocol/sdk/shared/auth.js';
+export type McpAuthStore = {
+    tokens?: OAuthTokens | undefined;
+    clientInformation?: OAuthClientInformationMixed | undefined;
+    codeVerifier?: string | undefined;
+};
+export declare function loadMcpAuthStore(serverId: string): Promise<McpAuthStore>;
+export declare function saveMcpAuthStore(serverId: string, store: McpAuthStore): Promise<void>;
+export declare function getMcpAuthStorePath(serverId: string): string;
+//# sourceMappingURL=oauth-store.d.ts.map

package/dist/cli/mcp/oauth-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../../src/cli/mcp/oauth-store.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACR,WAAW,EACX,2BAA2B,EAC9B,MAAM,0CAA0C,CAAC;AAElD,MAAM,MAAM,YAAY,GAAG;IACvB,MAAM,CAAC,EAAE,WAAW,GAAG,SAAS,CAAC;IACjC,iBAAiB,CAAC,EAAE,2BAA2B,GAAG,SAAS,CAAC;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACrC,CAAC;AAEF,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAW9E;AAED,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAI3F;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D"}

package/dist/cli/mcp/oauth-store.js

@@ -0,0 +1,27 @@
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { getDextoPath } from '@dexto/core';
+export async function loadMcpAuthStore(serverId) {
+    const filePath = getMcpAuthStorePath(serverId);
+    try {
+        const data = await fs.readFile(filePath, 'utf8');
+        return JSON.parse(data);
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            return {};
+        }
+        throw error;
+    }
+}
+export async function saveMcpAuthStore(serverId, store) {
+    const filePath = getMcpAuthStorePath(serverId);
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, JSON.stringify(store, null, 2));
+}
+export function getMcpAuthStorePath(serverId) {
+    return getDextoPath('mcp-auth', `${sanitizeServerId(serverId)}.json`);
+}
+function sanitizeServerId(serverId) {
+    return serverId.replace(/[^a-zA-Z0-9._-]/g, '_');
+}

package/dist/cli/mcp/oauth-ui.d.ts

@@ -0,0 +1,2 @@
+export declare function openAuthUrl(url: string): Promise<void>;
+//# sourceMappingURL=oauth-ui.d.ts.map

package/dist/cli/mcp/oauth-ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-ui.d.ts","sourceRoot":"","sources":["../../../src/cli/mcp/oauth-ui.ts"],"names":[],"mappings":"AAEA,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAU5D"}

package/dist/cli/mcp/oauth-ui.js

@@ -0,0 +1,12 @@
+import chalk from 'chalk';
+export async function openAuthUrl(url) {
+    console.log(chalk.cyan('🌐 Opening browser for MCP authentication...'));
+    try {
+        const { default: open } = await import('open');
+        await open(url, { wait: false });
+        console.log(chalk.green('✅ Browser opened'));
+    }
+    catch (_error) {
+        console.log(chalk.yellow(`💡 Please open manually: ${url}`));
+    }
+}

package/dist/cli/mcp/oauth-utils.d.ts

@@ -0,0 +1,2 @@
+export declare function ensurePortAvailable(port: number): Promise<void>;
+//# sourceMappingURL=oauth-utils.d.ts.map

package/dist/cli/mcp/oauth-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-utils.d.ts","sourceRoot":"","sources":["../../../src/cli/mcp/oauth-utils.ts"],"names":[],"mappings":"AAEA,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkBrE"}

package/dist/cli/mcp/oauth-utils.js

@@ -0,0 +1,17 @@
+import { createServer } from 'node:http';
+export async function ensurePortAvailable(port) {
+    await new Promise((resolve, reject) => {
+        const server = createServer();
+        server.listen(port, () => {
+            server.close(() => resolve());
+        });
+        server.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                reject(new Error(`Port ${port} is already in use. Please close the application using it and try again.`));
+            }
+            else {
+                reject(err);
+            }
+        });
+    });
+}

package/dist/cli/utils/api-key-setup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-key-setup.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/api-key-setup.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAe/C,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,WAAW,EACrB,OAAO,GAAE;IACL,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CACb,GACP,OAAO,CAAC,iBAAiB,CAAC,CAuK5B;AAsMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAGlE;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACrC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,WAAW,EACrB,KAAK,EAAE,MAAM,GACd,OAAO,CAAC,wBAAwB,CAAC,CAkEnC;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACpC,MAAM,EAAE,SAAS,GAAG,aAAa,GAAG,QAAQ,CAAC;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,wBAAsB,2BAA2B,CAC7C,aAAa,EAAE,WAAW,EAC1B,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,WAAW,EACzB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,CAAC,CAiGlC"}
+{"version":3,"file":"api-key-setup.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/api-key-setup.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAc/C,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,WAAW,EACrB,OAAO,GAAE;IACL,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CACb,GACP,OAAO,CAAC,iBAAiB,CAAC,CAmK5B;AA8GD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAGlE;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACrC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,WAAW,EACrB,KAAK,EAAE,MAAM,GACd,OAAO,CAAC,wBAAwB,CAAC,CAkEnC;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACpC,MAAM,EAAE,SAAS,GAAG,aAAa,GAAG,QAAQ,CAAC;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,wBAAsB,2BAA2B,CAC7C,aAAa,EAAE,WAAW,EAC1B,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,WAAW,EACzB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,CAAC,CAiGlC"}

package/dist/cli/utils/api-key-setup.js

@@ -4,7 +4,7 @@ import chalk from 'chalk';
 import { logger, getExecutionContext } from '@dexto/core';
 import { saveProviderApiKey } from '@dexto/agent-management';
 import { applyLayeredEnvironmentLoading } from '../../utils/env.js';
-import { getProviderDisplayName, validateApiKeyFormat, getProviderInstructions, openApiKeyUrl, getProviderInfo, getProviderEnvVar, PROVIDER_REGISTRY, } from './provider-setup.js';
+import { getProviderDisplayName, validateApiKeyFormat, getProviderInstructions, openApiKeyUrl, getProviderInfo, getProviderEnvVar, } from './provider-setup.js';
 import { verifyApiKey } from './api-key-verification.js';
 /**
  * Interactively prompts the user to set up an API key for a specific provider.
@@ -32,25 +32,20 @@ export async function interactiveApiKeySetup(provider, options = {}) {
                 ? [
                     {
                         value: 'open-browser',
-                        label: 'Open browser & set up now',
-                        hint: 'Opens the API key page in your browser (recommended)',
+                        label: `${chalk.green('→')} Get API key (opens browser)`,
+                        hint: "We'll wait while you grab one",
                     },
                 ]
                 : []),
             {
                 value: 'setup',
-                label: hasApiKeyUrl ? 'I already have a key' : 'Enter API key now',
-                hint: 'Paste an existing API key',
+                label: `${chalk.cyan('●')} Paste existing key`,
+                hint: 'I already have an API key',
             },
             {
                 value: 'skip',
-                label: 'Skip for now',
-                hint: 'Continue without API key - configure later in settings',
-            },
-            {
-                value: 'manual',
-                label: 'View manual instructions',
-                hint: 'See how to set up manually',
+                label: `${chalk.gray('○')} Set up later`,
+                hint: 'Continue without key for now',
             },
         ];
         const action = await p.select({
@@ -64,13 +59,12 @@ export async function interactiveApiKeySetup(provider, options = {}) {
             return { success: false, cancelled: true };
         }
         if (action === 'skip') {
-            p.log.warn('Skipping API key setup. You can configure it later with: dexto setup');
-            return { success: true, skipped: true };
-        }
-        if (action === 'manual') {
-            showManualSetupInstructions(provider);
-            // Don't exit - let them continue
-            p.log.info('You can configure your API key later with: dexto setup');
+            const envVar = getProviderEnvVar(provider);
+            p.note(`You can configure your API key later:\n\n` +
+                `${chalk.cyan('Option 1:')} Run ${chalk.bold('dexto setup')}\n\n` +
+                `${chalk.cyan('Option 2:')} Set environment variable manually:\n` +
+                `  ${chalk.dim(`export ${envVar}=your-key-here`)}\n` +
+                `  ${chalk.dim('Add to ~/.bashrc or ~/.zshrc to persist')}`, 'Setup Later');
             return { success: true, skipped: true };
         }
         // Open browser if requested
@@ -252,77 +246,6 @@ function showManualSaveInstructions(provider, apiKey) {
         ];
     p.note(instructions.join('\n'), chalk.rgb(255, 165, 0)('Manual Setup Required'));
 }
-/**
- * Shows manual setup instructions to the user
- */
-function showManualSetupInstructions(provider) {
-    const envVar = getProviderEnvVar(provider);
-    const providerInfo = getProviderInfo(provider);
-    const envInstructions = getExecutionContext() === 'global-cli'
-        ? [
-            `${chalk.bold('2. Save your API key:')}`,
-            `   ${chalk.gray('Option A:')} Run ${chalk.cyan('dexto setup')} (interactive)`,
-            `   ${chalk.gray('Option B:')} Create ${chalk.cyan('~/.dexto/.env')} with:`,
-            `            ${chalk.rgb(255, 165, 0)(`${envVar}=your_api_key_here`)}`,
-        ]
-        : [
-            `${chalk.bold('2. Save your API key:')}`,
-            `   Create ${chalk.cyan('.env')} in your project with:`,
-            `   ${chalk.rgb(255, 165, 0)(`${envVar}=your_api_key_here`)}`,
-        ];
-    // Build provider URLs list dynamically from registry
-    const providerUrls = [];
-    // Add current provider first if it has an API key URL
-    if (providerInfo?.apiKeyUrl) {
-        providerUrls.push(`   ${chalk.cyan('→')} ${chalk.cyan(getProviderDisplayName(provider))}: ${providerInfo.apiKeyUrl}`);
-        providerUrls.push(''); // Add spacing
-    }
-    // Add recommended/popular providers with API keys
-    const popularProviders = [
-        { provider: 'google', color: chalk.green }, // Free
-        { provider: 'groq', color: chalk.green }, // Free
-        { provider: 'openai', color: chalk.blue },
-        { provider: 'anthropic', color: chalk.blue },
-        { provider: 'xai', color: chalk.blue },
-        { provider: 'cohere', color: chalk.blue },
-    ];
-    for (const { provider: p, color } of popularProviders) {
-        const info = PROVIDER_REGISTRY[p];
-        if (info?.apiKeyUrl && p !== provider) {
-            // Don't duplicate current provider
-            const freeTag = info.free ? ' (Free)' : '';
-            providerUrls.push(`   ${color('●')} ${color(info.label + freeTag)}: ${info.apiKeyUrl}`);
-        }
-    }
-    // Add gateway providers
-    const gatewayProviders = ['openrouter', 'glama'];
-    for (const p of gatewayProviders) {
-        const info = PROVIDER_REGISTRY[p];
-        if (info?.apiKeyUrl && p !== provider) {
-            providerUrls.push(`   ${chalk.rgb(255, 165, 0)('●')} ${chalk.rgb(255, 165, 0)(info.label)} (Gateway): ${info.apiKeyUrl}`);
-        }
-    }
-    // Add enterprise providers
-    const enterpriseProviders = ['vertex', 'bedrock'];
-    for (const p of enterpriseProviders) {
-        const info = PROVIDER_REGISTRY[p];
-        if (info?.apiKeyUrl && p !== provider) {
-            providerUrls.push(`   ${chalk.cyan('●')} ${chalk.cyan(info.label)} (Enterprise): ${info.apiKeyUrl}`);
-        }
-    }
-    const instructions = [
-        `${chalk.bold('1. Get an API key from your provider:')}`,
-        ...providerUrls,
-        ``,
-        ...envInstructions,
-        ``,
-        `${chalk.bold('3. Run dexto again:')}`,
-        `   ${chalk.cyan('dexto')} or ${chalk.cyan('npx dexto')}`,
-        ``,
-        `${chalk.gray('💡 Tip: Start with Google Gemini or Groq for a free experience!')}`,
-    ].join('\n');
-    p.note(instructions, chalk.bold('Manual Setup Instructions'));
-}
 /**
  * Quick check if an API key is already configured for a provider
  */

package/dist/cli/utils/api-key-verification.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-key-verification.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/api-key-verification.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,WAAW,kBAAkB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAC9B,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,kBAAkB,CAAC,CAsC7B"}
+{"version":3,"file":"api-key-verification.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/api-key-verification.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,WAAW,kBAAkB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAC9B,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,kBAAkB,CAAC,CA0C7B"}

package/dist/cli/utils/api-key-verification.js

@@ -28,6 +28,10 @@ export async function verifyApiKey(provider, apiKey, _model) {
                 return await verifyOpenRouter(apiKey);
             case 'glama':
                 return await verifyGlama(apiKey);
+            case 'minimax':
+                return await verifyMiniMax(apiKey);
+            case 'glm':
+                return await verifyGLM(apiKey);
             case 'openai-compatible':
             case 'litellm':
                 // For custom endpoints, we can't verify without a baseURL
@@ -184,6 +188,38 @@ async function verifyGlama(apiKey) {
     const error = await parseErrorResponse(response);
     return { success: false, error };
 }
+/**
+ * Verify MiniMax API key using the OpenAI-compatible models endpoint
+ */
+async function verifyMiniMax(apiKey) {
+    const response = await fetch('https://api.minimax.chat/v1/models', {
+        method: 'GET',
+        headers: {
+            Authorization: `Bearer ${apiKey}`,
+        },
+    });
+    if (response.ok) {
+        return { success: true, modelUsed: 'models-list' };
+    }
+    const error = await parseErrorResponse(response);
+    return { success: false, error };
+}
+/**
+ * Verify GLM (Zhipu) API key using the OpenAI-compatible models endpoint
+ */
+async function verifyGLM(apiKey) {
+    const response = await fetch('https://open.bigmodel.cn/api/paas/v4/models', {
+        method: 'GET',
+        headers: {
+            Authorization: `Bearer ${apiKey}`,
+        },
+    });
+    if (response.ok) {
+        return { success: true, modelUsed: 'models-list' };
+    }
+    const error = await parseErrorResponse(response);
+    return { success: false, error };
+}
 /**
  * Parse error response from provider API
  */

package/dist/cli/utils/config-validation.d.ts

@@ -19,7 +19,9 @@ export interface ValidationResult {
  * @param validationOptions.strict - When true (default), enforces API key requirements.
  *                                   When false, allows missing credentials for interactive config.
  */
-export declare function validateAgentConfig(config: AgentConfig, interactive?: boolean, validationOptions?: LLMValidationOptions): Promise<ValidationResult>;
+export declare function validateAgentConfig(config: AgentConfig, interactive?: boolean, validationOptions?: LLMValidationOptions & {
+    agentPath?: string;
+}): Promise<ValidationResult>;
 /**
  * Legacy function for backwards compatibility
  * @deprecated Use validateAgentConfig with result handling instead

package/dist/cli/utils/config-validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config-validation.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/config-validation.ts"],"names":[],"mappings":"AAGA,OAAO,EAGH,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EAC5B,MAAM,aAAa,CAAC;AAWrB,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CACrC,MAAM,EAAE,WAAW,EACnB,WAAW,GAAE,OAAe,EAC5B,iBAAiB,CAAC,EAAE,oBAAoB,GACzC,OAAO,CAAC,gBAAgB,CAAC,CAyC3B;AAwZD;;;GAGG;AACH,wBAAsB,yBAAyB,CAC3C,MAAM,EAAE,WAAW,EACnB,WAAW,GAAE,OAAe,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAgC/B"}
+{"version":3,"file":"config-validation.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/config-validation.ts"],"names":[],"mappings":"AAGA,OAAO,EAGH,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EAC5B,MAAM,aAAa,CAAC;AAYrB,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CACrC,MAAM,EAAE,WAAW,EACnB,WAAW,GAAE,OAAe,EAC5B,iBAAiB,CAAC,EAAE,oBAAoB,GAAG;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAClE,OAAO,CAAC,gBAAgB,CAAC,CAyC3B;AAkbD;;;GAGG;AACH,wBAAsB,yBAAyB,CAC3C,MAAM,EAAE,WAAW,EACnB,WAAW,GAAE,OAAe,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAgC/B"}

package/dist/cli/utils/config-validation.js

@@ -5,6 +5,7 @@ import { interactiveApiKeySetup } from './api-key-setup.js';
 import { LLMErrorCode } from '@dexto/core';
 import { logger } from '@dexto/core';
 import { getGlobalPreferencesPath, loadGlobalPreferences, saveGlobalPreferences, } from '@dexto/agent-management';
+import { handleSyncAgentsCommand } from '../commands/sync-agents.js';
 /**
  * Validates agent config with optional interactive fixes for user experience.
  * Uses schema parsing to detect API key issues and provides targeted setup.
@@ -51,7 +52,7 @@ export async function validateAgentConfig(config, interactive = false, validatio
         return await handleBaseURLError(baseURLError.provider, config, errors, validationOptions);
     }
     // Other validation errors - show options
-    return await handleOtherErrors(errors);
+    return await handleOtherErrors(errors, validationOptions);
 }
 /**
  * Handle API key validation errors interactively
@@ -92,7 +93,7 @@ async function handleApiKeyError(provider, config, errors, validationOptions) {
         return { success: false, errors, skipped: true };
     }
     if (action === 'edit') {
-        showManualEditInstructions();
+        showManualEditInstructions(undefined);
         return { success: false, errors, skipped: true };
     }
     // 'skip' - continue anyway
@@ -154,7 +155,7 @@ async function handleBaseURLError(provider, config, errors, validationOptions) {
         return { success: false, errors, skipped: true };
     }
     if (action === 'edit') {
-        showManualEditInstructions();
+        showManualEditInstructions(undefined);
         return { success: false, errors, skipped: true };
     }
     // 'skip' - continue anyway
@@ -228,7 +229,7 @@ async function interactiveBaseURLSetup(provider, existingBaseURL) {
 /**
  * Handle non-API-key validation errors interactively
  */
-async function handleOtherErrors(errors) {
+async function handleOtherErrors(errors, validationOptions) {
     console.log(chalk.rgb(255, 165, 0)('\n⚠️  Configuration issues detected:\n'));
     for (const error of errors) {
         console.log(chalk.red(`  • ${error}`));
@@ -237,6 +238,11 @@ async function handleOtherErrors(errors) {
     const action = await p.select({
         message: 'How would you like to proceed?',
         options: [
+            {
+                value: 'sync',
+                label: 'Sync agent config',
+                hint: 'Update from bundled registry (recommended)',
+            },
             {
                 value: 'skip',
                 label: 'Continue anyway',
@@ -247,23 +253,27 @@ async function handleOtherErrors(errors) {
                 label: 'Edit configuration manually',
                 hint: 'Show file path and instructions',
             },
-            {
-                value: 'setup',
-                label: 'Run setup again',
-                hint: 'Reconfigure from scratch',
-            },
         ],
     });
     if (p.isCancel(action)) {
         showNextSteps();
         return { success: false, errors, skipped: true };
     }
-    if (action === 'edit') {
-        showManualEditInstructions();
-        return { success: false, errors, skipped: true };
+    if (action === 'sync') {
+        try {
+            // Run sync-agents to update the agent config
+            await handleSyncAgentsCommand({ force: true, quiet: false });
+            // Exit after sync - user needs to restart dexto
+            p.outro(chalk.gray('Run dexto to start Dexto'));
+            process.exit(0);
+        }
+        catch (error) {
+            p.log.error(`Failed to sync agent: ${error instanceof Error ? error.message : String(error)}`);
+            return { success: false, errors, skipped: true };
+        }
     }
-    if (action === 'setup') {
-        p.log.info('Run: dexto setup --force');
+    if (action === 'edit') {
+        showManualEditInstructions(validationOptions?.agentPath);
         return { success: false, errors, skipped: true };
     }
     // 'skip' - continue anyway
@@ -293,19 +303,32 @@ function showNextSteps() {
 /**
  * Show manual edit instructions
  */
-function showManualEditInstructions() {
+function showManualEditInstructions(agentPath) {
     const prefsPath = getGlobalPreferencesPath();
+    const configPaths = [`  ${chalk.cyan('Global preferences:')} ${prefsPath}`];
+    if (agentPath) {
+        configPaths.push(`  ${chalk.cyan('Agent config:')} ${agentPath}`);
+    }
+    else {
+        configPaths.push(`  ${chalk.cyan('Agent configs:')} ~/.dexto/agents/*/`);
+    }
     p.note([
         `Your configuration files:`,
         ``,
-        `  ${chalk.cyan('Global preferences:')} ${prefsPath}`,
-        `  ${chalk.cyan('Agent configs:')} ~/.dexto/agents/*/`,
+        ...configPaths,
         ``,
         `Edit the appropriate file and run dexto again.`,
         ``,
         chalk.gray('Example commands:'),
-        chalk.gray(`  code ${prefsPath}     # Open in VS Code`),
-        chalk.gray(`  nano ${prefsPath}     # Edit in terminal`),
+        ...(agentPath
+            ? [
+                chalk.gray(`  code ${agentPath}     # Open in VS Code`),
+                chalk.gray(`  nano ${agentPath}     # Edit in terminal`),
+            ]
+            : [
+                chalk.gray(`  code ${prefsPath}     # Open in VS Code`),
+                chalk.gray(`  nano ${prefsPath}     # Edit in terminal`),
+            ]),
     ].join('\n'), 'Manual Configuration');
 }
 /**

package/dist/cli/utils/dexto-auth-check.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Dexto Authentication Check
+ *
+ * Validates that users configured to use Dexto credits are properly authenticated.
+ * This prevents the confusing state where user is logged out but still has
+ * Dexto credits configured (which would fail at runtime).
+ *
+ * ## When This Check Runs
+ *
+ * - On CLI startup, after loading preferences
+ * - Before attempting to use the LLM
+ *
+ * ## Why This Exists
+ *
+ * When a user runs `dexto logout` while configured with `provider: dexto`,
+ * their preferences.yml still points to Dexto. Without this check, the CLI
+ * would attempt to use Dexto credits and fail with "Invalid API key" errors.
+ *
+ * Instead, we catch this state early and offer clear options:
+ * - Log back in to continue using Dexto credits
+ * - Run setup to configure a different provider (BYOK)
+ *
+ * @module dexto-auth-check
+ */
+export interface DextoAuthCheckResult {
+    shouldContinue: boolean;
+    action?: 'login' | 'setup' | 'cancel';
+}
+/**
+ * Check if user is configured to use Dexto credits but is not authenticated.
+ * This can happen if user logged out after setting up with Dexto credits.
+ *
+ * Uses getEffectiveLLMConfig() to determine the actual LLM that will be used,
+ * considering all config layers (local, preferences, bundled).
+ *
+ * @param interactive Whether to show interactive prompts
+ * @param agentId Agent to check config for (default: 'coding-agent')
+ * @returns Whether to continue startup and what action was taken
+ *
+ * @example
+ * ```typescript
+ * const result = await checkDextoAuthState(true, 'coding-agent');
+ * if (!result.shouldContinue) {
+ *   if (result.action === 'login') {
+ *     await handleLoginCommand();
+ *   } else if (result.action === 'setup') {
+ *     await handleSetupCommand();
+ *   }
+ * }
+ * ```
+ */
+export declare function checkDextoAuthState(interactive?: boolean, agentId?: string): Promise<DextoAuthCheckResult>;
+//# sourceMappingURL=dexto-auth-check.d.ts.map

package/dist/cli/utils/dexto-auth-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dexto-auth-check.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/dexto-auth-check.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAOH,MAAM,WAAW,oBAAoB;IACjC,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;CACzC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,mBAAmB,CACrC,WAAW,GAAE,OAAc,EAC3B,OAAO,GAAE,MAAuB,GACjC,OAAO,CAAC,oBAAoB,CAAC,CA8D/B"}