dexto 1.6.10 → 1.6.12

package/dist/cli/auth/api-client.d.ts

@@ -53,17 +53,24 @@ interface RequestOptions {
  * Dexto API client for key management
  */
 export declare class DextoApiClient {
-    private readonly baseUrl;
+    private readonly platformBaseUrl;
     private readonly timeoutMs;
-    constructor(baseUrl?: string);
+    constructor(baseUrl?: string | {
+        gatewayBaseUrl?: string | undefined;
+        platformBaseUrl?: string | undefined;
+    });
     private createRequestSignal;
+    private getPlatformUrl;
+    private listPlatformApiKeys;
+    private createPlatformApiKey;
+    private deletePlatformApiKey;
     /**
      * Validate if a Dexto API key is valid
      */
     validateDextoApiKey(apiKey: string): Promise<boolean>;
     /**
-     * Provision Dexto API key (get existing or create new with given name)
-     * @param regenerate - If true, delete existing key and create new one
+     * Provision Dexto API key and always return a usable secret key value.
+     * @param regenerate - If true, delete existing key(s) and create a new one
      */
     provisionDextoApiKey(authToken: string, name?: string, regenerate?: boolean): Promise<{
         dextoApiKey: string;
@@ -75,11 +82,11 @@ export declare class DextoApiClient {
      */
     getUsageSummary(apiKey: string): Promise<UsageSummaryResponse>;
     /**
-     * Start device code login at the gateway.
+     * Start device code login at the platform.
      */
     startDeviceCodeLogin(client?: string, options?: RequestOptions): Promise<DeviceCodeStartResponse>;
     /**
-     * Poll the gateway for device-code login completion.
+     * Poll the platform for device-code login completion.
      */
     pollDeviceCodeLogin(deviceCode: string, options?: RequestOptions): Promise<DeviceCodePollResponse>;
     /**

package/dist/cli/auth/api-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/api-client.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAUpD,MAAM,WAAW,uBAAuB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,MAAM,sBAAsB,GAC5B;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,UAAU,CAAA;CAAE,GACtB;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,QAAQ,CAAA;CAAE,GACpB;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAC5B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,KAAK,EAAE,uBAAuB,CAAA;CAAE,CAAC;AAE5D,MAAM,WAAW,oBAAoB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE;QACP,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CACZ,MAAM,EACN;YACI,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;SAClB,CACJ,CAAC;KACL,CAAC;IACF,MAAM,EAAE,KAAK,CAAC;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;CACN;AAED,UAAU,cAAc;IACpB,MAAM,CAAC,EAAE,WAAW,GAAG,SAAS,CAAC;CACpC;AAkSD;;GAEG;AACH,qBAAa,cAAc;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAU;gBAExB,OAAO,GAAE,MAAsB;IAI3C,OAAO,CAAC,mBAAmB;IAS3B;;OAEG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAwB3D;;;OAGG;IACG,oBAAoB,CACtB,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,MAAwB,EAC9B,UAAU,GAAE,OAAe,GAC5B,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC;IA6DrE;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA2BpE;;OAEG;IACG,oBAAoB,CACtB,MAAM,GAAE,MAAoB,EAC5B,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,uBAAuB,CAAC;IAyBnC;;OAEG;IACG,mBAAmB,CACrB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAuFlC;;OAEG;IACG,iBAAiB,CACnB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IAyBzC;;OAEG;IACG,2BAA2B,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,OAAO,CAAC;CAItB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAElD"}
+{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/api-client.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAwBpD,MAAM,WAAW,uBAAuB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,MAAM,sBAAsB,GAC5B;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,UAAU,CAAA;CAAE,GACtB;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,QAAQ,CAAA;CAAE,GACpB;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAC5B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,KAAK,EAAE,uBAAuB,CAAA;CAAE,CAAC;AAE5D,MAAM,WAAW,oBAAoB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE;QACP,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CACZ,MAAM,EACN;YACI,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;SAClB,CACJ,CAAC;KACL,CAAC;IACF,MAAM,EAAE,KAAK,CAAC;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;CACN;AAED,UAAU,cAAc;IACpB,MAAM,CAAC,EAAE,WAAW,GAAG,SAAS,CAAC;CACpC;AAiUD;;GAEG;AACH,qBAAa,cAAc;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAU;gBAGhC,OAAO,GACD,MAAM,GACN;QACI,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QACpC,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;KACnC;IAehB,OAAO,CAAC,mBAAmB;IAS3B,OAAO,CAAC,cAAc;YAIR,mBAAmB;YAoBnB,oBAAoB;YAkCpB,oBAAoB;IAoBlC;;OAEG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAwB3D;;;OAGG;IACG,oBAAoB,CACtB,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,MAAwB,EAC9B,UAAU,GAAE,OAAe,GAC5B,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC;IAkCrE;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA2BpE;;OAEG;IACG,oBAAoB,CACtB,MAAM,GAAE,MAAoB,EAC5B,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,uBAAuB,CAAC;IAyBnC;;OAEG;IACG,mBAAmB,CACrB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAuFlC;;OAEG;IACG,iBAAiB,CACnB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IAyBzC;;OAEG;IACG,2BAA2B,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,cAAmB,GAC7B,OAAO,CAAC,OAAO,CAAC;CAItB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAElD"}

package/dist/cli/auth/api-client.js

@@ -1,5 +1,5 @@
 // packages/cli/src/cli/auth/api-client.ts
-// Dexto API client for key management and usage
+// Dexto API client for auth/key/account APIs
 // TODO: Migrate to typed client for type safety and better DX
 // Options:
 // 1. Migrate dexto-web APIs to Hono and use @hono/client (like packages/server)
@@ -7,7 +7,7 @@
 // 3. Use tRPC if we want full-stack type safety
 // Currently using plain fetch() with runtime response validation.
 import { logger } from '@dexto/core';
-import { DEXTO_API_URL, SUPABASE_ANON_KEY, SUPABASE_URL } from './constants.js';
+import { DEXTO_PLATFORM_URL, SUPABASE_ANON_KEY, SUPABASE_URL } from './constants.js';
 function parseString(value) {
     return typeof value === 'string' && value.trim().length > 0 ? value : null;
 }
@@ -26,35 +26,6 @@ function parseNumber(value) {
     }
     return null;
 }
-function parseProvisionResponse(payload) {
-    if (typeof payload !== 'object' || payload === null) {
-        throw new Error('Invalid response from API');
-    }
-    const success = parseBoolean(Reflect.get(payload, 'success'));
-    if (success === null) {
-        throw new Error('Invalid response from API');
-    }
-    const dextoApiKey = parseString(Reflect.get(payload, 'dextoApiKey')) ?? undefined;
-    const keyId = parseString(Reflect.get(payload, 'keyId')) ?? undefined;
-    const isNewKey = parseBoolean(Reflect.get(payload, 'isNewKey')) ?? undefined;
-    const error = parseString(Reflect.get(payload, 'error')) ?? undefined;
-    const result = {
-        success,
-    };
-    if (dextoApiKey) {
-        result.dextoApiKey = dextoApiKey;
-    }
-    if (keyId) {
-        result.keyId = keyId;
-    }
-    if (isNewKey !== undefined) {
-        result.isNewKey = isNewKey;
-    }
-    if (error) {
-        result.error = error;
-    }
-    return result;
-}
 function parseDeviceCodeStartResponse(payload) {
     if (typeof payload !== 'object' || payload === null) {
         throw new Error('Invalid device start response');
@@ -221,6 +192,58 @@ function parseValidateResponse(payload) {
     const valid = parseBoolean(Reflect.get(payload, 'valid'));
     return valid ?? false;
 }
+function parsePlatformKeyListResponse(payload) {
+    if (typeof payload !== 'object' || payload === null) {
+        throw new Error('Invalid response from API');
+    }
+    const success = parseBoolean(Reflect.get(payload, 'success'));
+    if (success !== true) {
+        const error = parseString(Reflect.get(payload, 'error'));
+        throw new Error(error || 'Failed to fetch API keys');
+    }
+    const data = Reflect.get(payload, 'data');
+    if (!Array.isArray(data)) {
+        throw new Error('Invalid response from API');
+    }
+    const keys = [];
+    for (const entry of data) {
+        if (typeof entry !== 'object' || entry === null) {
+            continue;
+        }
+        const id = parseString(Reflect.get(entry, 'id'));
+        const name = parseString(Reflect.get(entry, 'name'));
+        const status = parseString(Reflect.get(entry, 'status'));
+        const isActive = parseBoolean(Reflect.get(entry, 'isActive'));
+        if (!id || !status || isActive === null) {
+            continue;
+        }
+        keys.push({ id, name, status, isActive });
+    }
+    return { success: true, data: keys };
+}
+function parsePlatformCreateKeyResponse(payload) {
+    if (typeof payload !== 'object' || payload === null) {
+        throw new Error('Invalid response from API');
+    }
+    const success = parseBoolean(Reflect.get(payload, 'success'));
+    if (success !== true) {
+        const error = parseString(Reflect.get(payload, 'error'));
+        return { success: false, error: error || 'Failed to create API key' };
+    }
+    const data = Reflect.get(payload, 'data');
+    if (typeof data !== 'object' || data === null) {
+        throw new Error('Invalid response from API');
+    }
+    const id = parseString(Reflect.get(data, 'id'));
+    const fullKey = parseString(Reflect.get(data, 'fullKey'));
+    if (!id || !fullKey) {
+        throw new Error('Invalid response from API');
+    }
+    return {
+        success: true,
+        data: { id, fullKey },
+    };
+}
 function formatHttpFailure(status, payload, rawText) {
     if (rawText.trim().length > 0) {
         return `${status} ${rawText}`;
@@ -234,10 +257,17 @@ function formatHttpFailure(status, payload, rawText) {
  * Dexto API client for key management
  */
 export class DextoApiClient {
-    baseUrl;
+    platformBaseUrl;
     timeoutMs = 10_000;
-    constructor(baseUrl = DEXTO_API_URL) {
-        this.baseUrl = baseUrl;
+    constructor(baseUrl = {}) {
+        if (typeof baseUrl === 'string') {
+            const normalized = baseUrl.replace(/\/+$/, '');
+            this.platformBaseUrl = normalized;
+            return;
+        }
+        this.platformBaseUrl = (baseUrl.platformBaseUrl ??
+            baseUrl.gatewayBaseUrl ??
+            DEXTO_PLATFORM_URL).replace(/\/+$/, '');
     }
     createRequestSignal(signal) {
         const timeoutSignal = AbortSignal.timeout(this.timeoutMs);
@@ -246,13 +276,68 @@ export class DextoApiClient {
         }
         return AbortSignal.any([signal, timeoutSignal]);
     }
+    getPlatformUrl(path) {
+        return `${this.platformBaseUrl}${path}`;
+    }
+    async listPlatformApiKeys(authToken) {
+        const response = await fetch(this.getPlatformUrl('/api/keys'), {
+            method: 'GET',
+            headers: {
+                Authorization: `Bearer ${authToken}`,
+            },
+            signal: this.createRequestSignal(undefined),
+        });
+        if (!response.ok) {
+            const rawText = await response.text();
+            throw new Error(`API request failed: ${formatHttpFailure(response.status, null, rawText)}`);
+        }
+        const payload = await response.json();
+        return parsePlatformKeyListResponse(payload).data;
+    }
+    async createPlatformApiKey(authToken, name) {
+        const response = await fetch(this.getPlatformUrl('/api/keys'), {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${authToken}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ name }),
+            signal: this.createRequestSignal(undefined),
+        });
+        if (!response.ok) {
+            const rawText = await response.text();
+            throw new Error(`API request failed: ${formatHttpFailure(response.status, null, rawText)}`);
+        }
+        const payload = await response.json();
+        const result = parsePlatformCreateKeyResponse(payload);
+        if (!result.success || !result.data) {
+            throw new Error(result.error || 'Failed to create Dexto API key');
+        }
+        return {
+            dextoApiKey: result.data.fullKey,
+            keyId: result.data.id,
+        };
+    }
+    async deletePlatformApiKey(authToken, keyId) {
+        const response = await fetch(this.getPlatformUrl(`/api/keys/${encodeURIComponent(keyId)}`), {
+            method: 'DELETE',
+            headers: {
+                Authorization: `Bearer ${authToken}`,
+            },
+            signal: this.createRequestSignal(undefined),
+        });
+        if (!response.ok) {
+            const rawText = await response.text();
+            throw new Error(`API request failed: ${formatHttpFailure(response.status, null, rawText)}`);
+        }
+    }
     /**
      * Validate if a Dexto API key is valid
      */
     async validateDextoApiKey(apiKey) {
         try {
             logger.debug('Validating DEXTO_API_KEY');
-            const response = await fetch(`${this.baseUrl}/keys/validate`, {
+            const response = await fetch(this.getPlatformUrl('/api/keys/validate'), {
                 method: 'GET',
                 headers: {
                     Authorization: `Bearer ${apiKey}`,
@@ -271,51 +356,27 @@ export class DextoApiClient {
         }
     }
     /**
-     * Provision Dexto API key (get existing or create new with given name)
-     * @param regenerate - If true, delete existing key and create new one
+     * Provision Dexto API key and always return a usable secret key value.
+     * @param regenerate - If true, delete existing key(s) and create a new one
      */
     async provisionDextoApiKey(authToken, name = 'Dexto CLI Key', regenerate = false) {
         try {
             logger.debug(`Provisioning DEXTO_API_KEY with name: ${name}, regenerate: ${regenerate}`);
-            const response = await fetch(`${this.baseUrl}/keys/provision`, {
-                method: 'POST',
-                headers: {
-                    Authorization: `Bearer ${authToken}`,
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify({ name, regenerate }),
-                signal: this.createRequestSignal(undefined),
-            });
-            if (!response.ok) {
-                const rawText = await response.text();
-                throw new Error(`API request failed: ${formatHttpFailure(response.status, null, rawText)}`);
-            }
-            const payload = await response.json();
-            const result = parseProvisionResponse(payload);
-            if (!result.success) {
-                throw new Error(result.error || 'Failed to provision Dexto API key');
-            }
-            if (!result.keyId) {
-                throw new Error('Invalid response from API');
-            }
-            // If isNewKey is false, the key already exists (we don't get the key value back)
-            // This is expected - the key was already provisioned
-            if (!result.isNewKey && !result.dextoApiKey) {
-                logger.debug(`DEXTO_API_KEY already exists: ${result.keyId}`);
-                return {
-                    dextoApiKey: '', // Empty - key already exists, not returned for security
-                    keyId: result.keyId,
-                    isNewKey: false,
-                };
-            }
-            if (!result.dextoApiKey) {
-                throw new Error('Invalid response from API - missing key');
+            const matchingKeys = (await this.listPlatformApiKeys(authToken)).filter((key) => key.isActive && key.name === name);
+            if (matchingKeys.length > 0) {
+                if (!regenerate) {
+                    logger.debug(`Active key exists (${matchingKeys[0]?.id ?? 'unknown'}); rotating to obtain key value`);
+                }
+                for (const key of matchingKeys) {
+                    await this.deletePlatformApiKey(authToken, key.id);
+                }
             }
-            logger.debug(`Successfully provisioned DEXTO_API_KEY: ${result.keyId}`);
+            const createdKey = await this.createPlatformApiKey(authToken, name);
+            logger.debug(`Successfully provisioned DEXTO_API_KEY: ${createdKey.keyId}`);
             return {
-                dextoApiKey: result.dextoApiKey,
-                keyId: result.keyId,
-                isNewKey: result.isNewKey ?? true,
+                dextoApiKey: createdKey.dextoApiKey,
+                keyId: createdKey.keyId,
+                isNewKey: true,
             };
         }
         catch (error) {
@@ -329,7 +390,7 @@ export class DextoApiClient {
     async getUsageSummary(apiKey) {
         try {
             logger.debug('Fetching usage summary');
-            const response = await fetch(`${this.baseUrl}/me/usage`, {
+            const response = await fetch(this.getPlatformUrl('/api/account/usage'), {
                 method: 'GET',
                 headers: {
                     Authorization: `Bearer ${apiKey}`,
@@ -349,10 +410,10 @@ export class DextoApiClient {
         }
     }
     /**
-     * Start device code login at the gateway.
+     * Start device code login at the platform.
      */
     async startDeviceCodeLogin(client = 'dexto-cli', options = {}) {
-        const response = await fetch(`${this.baseUrl}/auth/device/start`, {
+        const response = await fetch(this.getPlatformUrl('/api/auth/device/start'), {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
@@ -371,12 +432,12 @@ export class DextoApiClient {
         return parseDeviceCodeStartResponse(payload);
     }
     /**
-     * Poll the gateway for device-code login completion.
+     * Poll the platform for device-code login completion.
      */
     async pollDeviceCodeLogin(deviceCode, options = {}) {
         let response;
         try {
-            response = await fetch(`${this.baseUrl}/auth/device/poll`, {
+            response = await fetch(this.getPlatformUrl('/api/auth/device/poll'), {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',

package/dist/cli/auth/constants.d.ts

@@ -12,14 +12,19 @@
  * Environment variable overrides (for local development):
  * - SUPABASE_URL: Override Supabase URL (e.g., http://localhost:54321)
  * - SUPABASE_ANON_KEY: Override anon key (from `supabase start` output)
- * - DEXTO_API_URL: Override Dexto API URL (e.g., http://localhost:3001)
+ * - DEXTO_API_URL: Override Dexto gateway URL for data-plane calls (e.g., http://localhost:3001)
+ * - DEXTO_PLATFORM_URL: Override Dexto platform URL for auth/key/account control-plane calls (e.g., http://localhost:3002)
  */
 export declare const SUPABASE_URL: string;
 export declare const SUPABASE_ANON_KEY: string;
 /**
- * Dexto API URL for key provisioning
+ * Dexto gateway URL for retained data-plane endpoints.
  */
 export declare const DEXTO_API_URL: string;
+/**
+ * Dexto platform URL for auth/key/account control-plane endpoints.
+ */
+export declare const DEXTO_PLATFORM_URL: string;
 /**
  * Dexto Nova credits purchase URL
  */

package/dist/cli/auth/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/constants.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,YAAY,QAAyE,CAAC;AACnG,eAAO,MAAM,iBAAiB,QAEwL,CAAC;AAEvN;;GAEG;AACH,eAAO,MAAM,aAAa,QAAsD,CAAC;AAEjF;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAC+C,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/constants.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,YAAY,QAAyE,CAAC;AACnG,eAAO,MAAM,iBAAiB,QAEwL,CAAC;AAEvN;;GAEG;AACH,eAAO,MAAM,aAAa,QAAsD,CAAC;AAEjF;;GAEG;AACH,eAAO,MAAM,kBAAkB,QAA2D,CAAC;AAE3F;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAC+C,CAAC"}

package/dist/cli/auth/constants.js

@@ -13,15 +13,20 @@
  * Environment variable overrides (for local development):
  * - SUPABASE_URL: Override Supabase URL (e.g., http://localhost:54321)
  * - SUPABASE_ANON_KEY: Override anon key (from `supabase start` output)
- * - DEXTO_API_URL: Override Dexto API URL (e.g., http://localhost:3001)
+ * - DEXTO_API_URL: Override Dexto gateway URL for data-plane calls (e.g., http://localhost:3001)
+ * - DEXTO_PLATFORM_URL: Override Dexto platform URL for auth/key/account control-plane calls (e.g., http://localhost:3002)
  */
 export const SUPABASE_URL = process.env.SUPABASE_URL || 'https://gdfbxznhnnsamvsrtwjq.supabase.co';
 export const SUPABASE_ANON_KEY = process.env.SUPABASE_ANON_KEY ||
     'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImdkZmJ4em5obm5zYW12c3J0d2pxIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjQwNjkzNjksImV4cCI6MjA3OTY0NTM2OX0.j2NWOJDOy8gTT84XeomalkGSPpLdPvTCBnQMrTgdlI4';
 /**
- * Dexto API URL for key provisioning
+ * Dexto gateway URL for retained data-plane endpoints.
  */
 export const DEXTO_API_URL = process.env.DEXTO_API_URL || 'https://api.dexto.ai';
+/**
+ * Dexto platform URL for auth/key/account control-plane endpoints.
+ */
+export const DEXTO_PLATFORM_URL = process.env.DEXTO_PLATFORM_URL || 'https://app.dexto.ai';
 /**
  * Dexto Nova credits purchase URL
  */

package/dist/cli/auth/index.d.ts

@@ -3,6 +3,6 @@ export { type OAuthResult } from './oauth.js';
 export { type DeviceLoginPrompt, performDeviceCodeLogin } from './device.js';
 export { type PersistOAuthLoginOptions, type PersistedLoginResult, persistOAuthLoginResult, } from './login-persistence.js';
 export { type UsageSummaryResponse, DextoApiClient, getDextoApiClient } from './api-client.js';
-export { SUPABASE_URL, SUPABASE_ANON_KEY, DEXTO_API_URL } from './constants.js';
+export { SUPABASE_URL, SUPABASE_ANON_KEY, DEXTO_API_URL, DEXTO_PLATFORM_URL } from './constants.js';
 export { type DextoApiKeyProvisionStatus, type DextoApiKeyProvisionStatusLevel, type EnsureDextoApiKeyOptions, ensureDextoApiKeyForAuthToken, saveDextoApiKeyToEnv, removeDextoApiKeyFromEnv, } from './dexto-api-key.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/cli/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,KAAK,UAAU,EACf,SAAS,EACT,QAAQ,EACR,UAAU,EACV,eAAe,EACf,YAAY,EACZ,cAAc,EACd,eAAe,GAClB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,KAAK,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,EACH,KAAK,wBAAwB,EAC7B,KAAK,oBAAoB,EACzB,uBAAuB,GAC1B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,KAAK,oBAAoB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE/F,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhF,OAAO,EACH,KAAK,0BAA0B,EAC/B,KAAK,+BAA+B,EACpC,KAAK,wBAAwB,EAC7B,6BAA6B,EAC7B,oBAAoB,EACpB,wBAAwB,GAC3B,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,KAAK,UAAU,EACf,SAAS,EACT,QAAQ,EACR,UAAU,EACV,eAAe,EACf,YAAY,EACZ,cAAc,EACd,eAAe,GAClB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,KAAK,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,EACH,KAAK,wBAAwB,EAC7B,KAAK,oBAAoB,EACzB,uBAAuB,GAC1B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,KAAK,oBAAoB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE/F,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpG,OAAO,EACH,KAAK,0BAA0B,EAC/B,KAAK,+BAA+B,EACpC,KAAK,wBAAwB,EAC7B,6BAA6B,EAC7B,oBAAoB,EACpB,wBAAwB,GAC3B,MAAM,oBAAoB,CAAC"}

package/dist/cli/auth/index.js

@@ -4,5 +4,5 @@ export { storeAuth, loadAuth, removeAuth, isAuthenticated, getAuthToken, getDext
 export { performDeviceCodeLogin } from './device.js';
 export { persistOAuthLoginResult, } from './login-persistence.js';
 export { DextoApiClient, getDextoApiClient } from './api-client.js';
-export { SUPABASE_URL, SUPABASE_ANON_KEY, DEXTO_API_URL } from './constants.js';
+export { SUPABASE_URL, SUPABASE_ANON_KEY, DEXTO_API_URL, DEXTO_PLATFORM_URL } from './constants.js';
 export { ensureDextoApiKeyForAuthToken, saveDextoApiKeyToEnv, removeDextoApiKeyFromEnv, } from './dexto-api-key.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dexto",
-  "version": "1.6.10",
+  "version": "1.6.12",
   "type": "module",
   "bin": {
     "dexto": "./dist/index.js"
@@ -32,16 +32,16 @@
     "ws": "^8.18.1",
     "yaml": "^2.7.1",
     "zod": "^3.25.0",
-    "@dexto/agent-config": "1.6.10",
-    "@dexto/agent-management": "1.6.10",
-    "@dexto/analytics": "1.6.10",
-    "@dexto/core": "1.6.10",
-    "@dexto/image-local": "1.6.10",
-    "@dexto/image-logger-agent": "1.6.10",
-    "@dexto/registry": "1.6.10",
-    "@dexto/server": "1.6.10",
-    "@dexto/storage": "1.6.10",
-    "@dexto/tui": "1.6.10"
+    "@dexto/agent-config": "1.6.12",
+    "@dexto/agent-management": "1.6.12",
+    "@dexto/analytics": "1.6.12",
+    "@dexto/core": "1.6.12",
+    "@dexto/image-local": "1.6.12",
+    "@dexto/image-logger-agent": "1.6.12",
+    "@dexto/registry": "1.6.12",
+    "@dexto/server": "1.6.12",
+    "@dexto/storage": "1.6.12",
+    "@dexto/tui": "1.6.12"
   },
   "devDependencies": {
     "@types/ws": "^8.5.11",