funolio-agent 0.17.8 → 1.0.3

package/dist/auth/auto-detect.js

@@ -1,242 +1,89 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
+/**
+ * Auth Auto-Detect — Funolio Agent
+ *
+ * Resolves the best available authentication method for LLM providers.
+ * Supported auth methods:
+ *   1. Explicit API key (BYOK) — passed via config or CLI flag
+ *   2. Environment variable API keys — ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.
+ *
+ * CLI providers (claude-cli, codex-cli) do not need auth resolution here —
+ * they spawn the CLI binary which handles its own authentication.
+ *
+ * NOTE: Subscription API / OAuth credential resolution has been removed.
+ * OAuth tokens passed in config are ignored. Use CLI providers for
+ * subscription-based access, or provide an explicit API key.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveAuth = resolveAuth;
 exports.ensureFreshToken = ensureFreshToken;
-const credential_reader_1 = require("./credential-reader");
-const token_refresh_1 = require("./token-refresh");
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const os = __importStar(require("os"));
 // ── Default Models ──────────────────────────────────────────────────────────
 const DEFAULT_MODELS = {
     anthropic: 'claude-sonnet-4-5',
     openai: 'gpt-4o',
     'google-gemini': 'gemini-2.5-flash',
 };
+// ── Environment API Key Detection ───────────────────────────────────────────
+function getEnvApiKey(provider) {
+    switch (provider) {
+        case 'anthropic': return process.env.ANTHROPIC_API_KEY;
+        case 'openai': return process.env.OPENAI_API_KEY;
+        case 'google':
+        case 'google-gemini': return process.env.GOOGLE_API_KEY;
+        default: return undefined;
+    }
+}
 // ── resolveAuth ─────────────────────────────────────────────────────────────
 /**
  * Resolve the best available authentication method.
- * Priority: explicit API key > OAuth credentials > env vars
+ *
+ * Priority:
+ *   1. Explicit API key (from config.apiKey)
+ *   2. Environment variable API key
+ *
+ * OAuth/subscription tokens are ignored. For subscription-based access,
+ * use a CLI provider (claude-cli, codex-cli) instead.
+ *
+ * @param config - Auth configuration. oauthToken fields are accepted for
+ *   backwards compatibility but are ignored.
  */
 async function resolveAuth(config) {
+    const provider = config.provider || 'anthropic';
+    const model = config.model || DEFAULT_MODELS[provider] || 'claude-sonnet-4-5';
     // 1. Explicit API key takes priority (BYOK)
     if (config.apiKey) {
-        const provider = config.provider || 'anthropic';
         console.log(`[auto-detect] Using explicit API key (source: api-key, provider: ${provider})`);
         return {
             provider,
-            model: config.model || DEFAULT_MODELS[provider] || 'claude-sonnet-4-5',
+            model,
             apiKey: config.apiKey,
             source: 'api-key',
         };
     }
-    // 2. Use OAuth token from agent config (written during setup/configure)
-    if (config.oauthToken) {
-        const provider = config.provider || 'anthropic';
-        const model = config.model || DEFAULT_MODELS[provider] || 'claude-sonnet-4-5';
-        const credential = {
-            provider: provider,
-            accessToken: config.oauthToken,
-            refreshToken: config.oauthRefreshToken || '',
-            expiresAt: config.oauthExpiresAt || 0,
-        };
-        // If token is expired OR has no expiry info, and no refresh token in config,
-        // try to find one from CLI credentials (which track expiry properly)
-        if (!credential.refreshToken && ((0, credential_reader_1.isExpired)(credential) || !credential.expiresAt)) {
-            console.log(`[auto-detect] Config OAuth token expired with no refresh token — checking CLI credentials...`);
-            const cliCreds = detectClaudeCodeCredentials();
-            if (cliCreds?.refreshToken) {
-                console.log(`[auto-detect] Found refresh token in Claude Code credentials`);
-                credential.refreshToken = cliCreds.refreshToken;
-                credential.expiresAt = cliCreds.expiresAt || credential.expiresAt;
-                // Use CLI access token if it's newer
-                if (cliCreds.accessToken && (!(0, credential_reader_1.isExpired)(cliCreds) || cliCreds.expiresAt > credential.expiresAt)) {
-                    credential.accessToken = cliCreds.accessToken;
-                }
-            }
-        }
-        // Refresh if expired (or if we just imported CLI expiry that shows it's expired)
-        if (credential.refreshToken && ((0, credential_reader_1.isExpired)(credential) || (credential.expiresAt > 0 && Date.now() >= credential.expiresAt))) {
-            try {
-                const result = await (0, token_refresh_1.refreshToken)(credential);
-                credential.accessToken = result.credential.accessToken;
-                credential.refreshToken = result.credential.refreshToken;
-                credential.expiresAt = result.credential.expiresAt;
-                // Persist the refresh token back to config so we don't lose it
-                try {
-                    const configPath = path.join(os.homedir(), '.funolio', 'config.json');
-                    if (fs.existsSync(configPath)) {
-                        const cfg = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-                        const idx = cfg.providers?.findIndex((p) => p.id === provider);
-                        if (idx >= 0 && cfg.providers[idx]) {
-                            cfg.providers[idx].oauthToken = credential.accessToken;
-                            cfg.providers[idx].oauthRefreshToken = credential.refreshToken;
-                            cfg.providers[idx].oauthExpiresAt = credential.expiresAt;
-                            fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2), 'utf-8');
-                            console.log(`[auto-detect] Persisted refreshed tokens to config`);
-                        }
-                    }
-                }
-                catch (writeErr) {
-                    console.warn(`[auto-detect] Failed to persist refreshed tokens:`, writeErr);
-                }
-            }
-            catch {
-                console.log(`[auto-detect] OAuth token expired and refresh failed for ${provider}`);
-                return {
-                    provider,
-                    model,
-                    apiKey: credential.accessToken,
-                    source: 'oauth',
-                    credential,
-                    expired: true,
-                    error: `OAuth token expired for ${provider}. Run \`funolio-agent configure\` to re-authenticate.`,
-                };
-            }
-        }
-        console.log(`[auto-detect] Resolved auth: provider=${provider}, model=${model}, source=oauth (from config)`);
-        return {
-            provider,
-            model,
-            apiKey: credential.accessToken,
-            source: 'oauth',
-            credential,
-        };
-    }
-    // 3. Try to auto-detect OAuth token from Claude Code credentials
-    const claudeCodeAuth = detectClaudeCodeCredentials();
-    if (claudeCodeAuth) {
-        const provider = config.provider || 'anthropic';
-        const model = config.model || DEFAULT_MODELS[provider] || 'claude-sonnet-4-5';
-        // Refresh if expired
-        if ((0, credential_reader_1.isExpired)(claudeCodeAuth) && claudeCodeAuth.refreshToken) {
-            try {
-                const result = await (0, token_refresh_1.refreshToken)(claudeCodeAuth);
-                claudeCodeAuth.accessToken = result.credential.accessToken;
-                claudeCodeAuth.refreshToken = result.credential.refreshToken;
-                claudeCodeAuth.expiresAt = result.credential.expiresAt;
-            }
-            catch {
-                console.log(`[auto-detect] Claude Code OAuth token expired and refresh failed`);
-                return {
-                    provider,
-                    model,
-                    apiKey: claudeCodeAuth.accessToken,
-                    source: 'oauth',
-                    credential: claudeCodeAuth,
-                    expired: true,
-                    error: `Claude Code OAuth token expired and refresh failed. Run \`claude login\` to re-authenticate.`,
-                };
-            }
-        }
-        console.log(`[auto-detect] Resolved auth: provider=${provider}, model=${model}, source=oauth (from Claude Code credentials)`);
+    // 2. Check environment variable API keys
+    const envKey = getEnvApiKey(provider);
+    if (envKey) {
+        console.log(`[auto-detect] Using environment variable API key (source: env, provider: ${provider})`);
         return {
             provider,
             model,
-            apiKey: claudeCodeAuth.accessToken,
-            source: 'oauth',
-            credential: claudeCodeAuth,
+            apiKey: envKey,
+            source: 'env',
         };
     }
-    console.log('[auto-detect] No API key or OAuth token found in config');
+    // No API key found — CLI providers handle their own auth, so returning null
+    // is expected for claude-cli / codex-cli. For API-based providers, this
+    // means the user needs to configure an API key.
+    console.log(`[auto-detect] No API key found for provider: ${provider}`);
     return null;
 }
-// ── Claude Code Credential Detection ────────────────────────────────────────
-/**
- * Detect OAuth credentials from Claude Code's local credential files.
- * Checks ~/.claude/.credentials.json for claudeAiOauth tokens.
- */
-function detectClaudeCodeCredentials() {
-    try {
-        const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
-        if (!fs.existsSync(credPath))
-            return null;
-        const raw = JSON.parse(fs.readFileSync(credPath, 'utf-8'));
-        const oauth = raw?.claudeAiOauth;
-        if (!oauth?.accessToken?.startsWith('sk-ant-oat01-'))
-            return null;
-        const credential = {
-            provider: 'anthropic',
-            accessToken: oauth.accessToken,
-            refreshToken: oauth.refreshToken || '',
-            expiresAt: oauth.expiresAt || 0,
-        };
-        if ((0, credential_reader_1.isExpired)(credential)) {
-            console.log('[auto-detect] Claude Code OAuth token is expired, will attempt refresh');
-        }
-        return credential;
-    }
-    catch {
-        return null;
-    }
-}
 // ── ensureFreshToken ────────────────────────────────────────────────────────
 /**
- * Ensure the token in a ResolvedAuth is still valid. Refreshes if needed.
- * Returns the same object if still valid, or a new one with updated token.
+ * Ensure the auth is still valid. For API keys, this is a no-op passthrough.
+ * OAuth token refresh has been removed.
  */
 async function ensureFreshToken(auth) {
-    if (auth.source !== 'oauth' || !auth.credential) {
-        return auth;
-    }
-    if (!(0, credential_reader_1.isExpired)(auth.credential)) {
-        return auth;
-    }
-    try {
-        const result = await (0, token_refresh_1.refreshToken)(auth.credential);
-        const refreshed = result.credential;
-        if (refreshed.accessToken === auth.credential.accessToken) {
-            return auth; // refresh failed or not needed, return as-is
-        }
-        return {
-            ...auth,
-            apiKey: refreshed.accessToken,
-            credential: refreshed,
-        };
-    }
-    catch (err) {
-        if (err instanceof token_refresh_1.TokenRefreshError) {
-            console.error(`[auto-detect] Token refresh failed for ${err.provider}: ${err.message}`);
-            return {
-                ...auth,
-                expired: true,
-                error: `Token refresh failed for ${err.provider}${err.httpStatus ? ` (HTTP ${err.httpStatus})` : ''}: ${err.message}`,
-            };
-        }
-        throw err;
-    }
+    // API keys don't expire — return as-is
+    return auth;
 }
 //# sourceMappingURL=auto-detect.js.map

package/dist/auth/auto-detect.js.map

@@ -1 +1 @@
-{"version":3,"file":"auto-detect.js","sourceRoot":"","sources":["../../src/auth/auto-detect.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,kCAwIC;AAwCD,4CAgCC;AAhPD,2DAAiE;AACjE,mDAAiF;AACjF,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAczB,+EAA+E;AAE/E,MAAM,cAAc,GAA2B;IAC7C,SAAS,EAAE,mBAAmB;IAC9B,MAAM,EAAE,QAAQ;IAChB,eAAe,EAAE,kBAAkB;CACpC,CAAC;AAEF,+EAA+E;AAE/E;;;GAGG;AACI,KAAK,UAAU,WAAW,CAAC,MAOjC;IACC,4CAA4C;IAC5C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,oEAAoE,QAAQ,GAAG,CAAC,CAAC;QAC7F,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,mBAAmB;YACtE,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,mBAAmB,CAAC;QAE9E,MAAM,UAAU,GAAoB;YAClC,QAAQ,EAAE,QAAuC;YACjD,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,YAAY,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;YAC5C,SAAS,EAAE,MAAM,CAAC,cAAc,IAAI,CAAC;SACtC,CAAC;QAEF,6EAA6E;QAC7E,qEAAqE;QACrE,IAAI,CAAC,UAAU,CAAC,YAAY,IAAI,CAAC,IAAA,6BAAS,EAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACjF,OAAO,CAAC,GAAG,CAAC,8FAA8F,CAAC,CAAC;YAC5G,MAAM,QAAQ,GAAG,2BAA2B,EAAE,CAAC;YAC/C,IAAI,QAAQ,EAAE,YAAY,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;gBAC5E,UAAU,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC;gBAChD,UAAU,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC;gBAClE,qCAAqC;gBACrC,IAAI,QAAQ,CAAC,WAAW,IAAI,CAAC,CAAC,IAAA,6BAAS,EAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAChG,UAAU,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC;QAED,iFAAiF;QACjF,IAAI,UAAU,CAAC,YAAY,IAAI,CAAC,IAAA,6BAAS,EAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YAC3H,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAY,EAAC,UAAU,CAAC,CAAC;gBAC9C,UAAU,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;gBACvD,UAAU,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC;gBACzD,UAAU,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;gBAEnD,+DAA+D;gBAC/D,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;oBACtE,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;wBAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;wBACpE,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;4BACnC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,WAAW,CAAC;4BACvD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,iBAAiB,GAAG,UAAU,CAAC,YAAY,CAAC;4BAC/D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,cAAc,GAAG,UAAU,CAAC,SAAS,CAAC;4BACzD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;4BACpE,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;wBACpE,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,QAAQ,EAAE,CAAC;oBAClB,OAAO,CAAC,IAAI,CAAC,mDAAmD,EAAE,QAAQ,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,4DAA4D,QAAQ,EAAE,CAAC,CAAC;gBACpF,OAAO;oBACL,QAAQ;oBACR,KAAK;oBACL,MAAM,EAAE,UAAU,CAAC,WAAW;oBAC9B,MAAM,EAAE,OAAO;oBACf,UAAU;oBACV,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,2BAA2B,QAAQ,uDAAuD;iBAClG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,QAAQ,WAAW,KAAK,8BAA8B,CAAC,CAAC;QAC7G,OAAO;YACL,QAAQ;YACR,KAAK;YACL,MAAM,EAAE,UAAU,CAAC,WAAW;YAC9B,MAAM,EAAE,OAAO;YACf,UAAU;SACX,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,MAAM,cAAc,GAAG,2BAA2B,EAAE,CAAC;IACrD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,mBAAmB,CAAC;QAE9E,qBAAqB;QACrB,IAAI,IAAA,6BAAS,EAAC,cAAc,CAAC,IAAI,cAAc,CAAC,YAAY,EAAE,CAAC;YAC7D,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAY,EAAC,cAAc,CAAC,CAAC;gBAClD,cAAc,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;gBAC3D,cAAc,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC;gBAC7D,cAAc,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;gBAChF,OAAO;oBACL,QAAQ;oBACR,KAAK;oBACL,MAAM,EAAE,cAAc,CAAC,WAAW;oBAClC,MAAM,EAAE,OAAO;oBACf,UAAU,EAAE,cAAc;oBAC1B,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,8FAA8F;iBACtG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,QAAQ,WAAW,KAAK,+CAA+C,CAAC,CAAC;QAC9H,OAAO;YACL,QAAQ;YACR,KAAK;YACL,MAAM,EAAE,cAAc,CAAC,WAAW;YAClC,MAAM,EAAE,OAAO;YACf,UAAU,EAAE,cAAc;SAC3B,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,2BAA2B;IAClC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACzE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAE1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,GAAG,EAAE,aAAa,CAAC;QACjC,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC,eAAe,CAAC;YAAE,OAAO,IAAI,CAAC;QAElE,MAAM,UAAU,GAAoB;YAClC,QAAQ,EAAE,WAAW;YACrB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,EAAE;YACtC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC;SAChC,CAAC;QAEF,IAAI,IAAA,6BAAS,EAAC,UAAU,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;QACxF,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACI,KAAK,UAAU,gBAAgB,CAAC,IAAkB;IACvD,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAA,6BAAS,EAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAY,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,SAAS,CAAC,WAAW,KAAK,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,CAAC,6CAA6C;QAC5D,CAAC;QAED,OAAO;YACL,GAAG,IAAI;YACP,MAAM,EAAE,SAAS,CAAC,WAAW;YAC7B,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,GAAG,YAAY,iCAAiB,EAAE,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,0CAA0C,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxF,OAAO;gBACL,GAAG,IAAI;gBACP,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,4BAA4B,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,OAAO,EAAE;aACtH,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}
+{"version":3,"file":"auto-detect.js","sourceRoot":"","sources":["../../src/auth/auto-detect.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAgDH,kCAuCC;AAQD,4CAGC;AArFD,+EAA+E;AAE/E,MAAM,cAAc,GAA2B;IAC7C,SAAS,EAAE,mBAAmB;IAC9B,MAAM,EAAE,QAAQ;IAChB,eAAe,EAAE,kBAAkB;CACpC,CAAC;AAEF,+EAA+E;AAE/E,SAAS,YAAY,CAAC,QAAgB;IACpC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,WAAW,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACvD,KAAK,QAAQ,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACjD,KAAK,QAAQ,CAAC;QACd,KAAK,eAAe,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACxD,OAAO,CAAC,CAAC,OAAO,SAAS,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,WAAW,CAAC,MAOjC;IACC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC;IAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,mBAAmB,CAAC;IAE9E,4CAA4C;IAC5C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,oEAAoE,QAAQ,GAAG,CAAC,CAAC;QAC7F,OAAO;YACL,QAAQ;YACR,KAAK;YACL,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,4EAA4E,QAAQ,GAAG,CAAC,CAAC;QACrG,OAAO;YACL,QAAQ;YACR,KAAK;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,wEAAwE;IACxE,gDAAgD;IAChD,OAAO,CAAC,GAAG,CAAC,gDAAgD,QAAQ,EAAE,CAAC,CAAC;IACxE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACI,KAAK,UAAU,gBAAgB,CAAC,IAAkB;IACvD,uCAAuC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/credential-reader.d.ts

@@ -1,3 +1,18 @@
+/**
+ * REMOVED: OAuth credential reading from disk has been removed.
+ *
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
+ *
+ * The credential-reader previously read OAuth tokens from:
+ *   - ~/.claude/.credentials.json (Anthropic)
+ *   - ~/.codex/auth.json (OpenAI)
+ *   - ~/.config/gcloud/application_default_credentials.json (Google)
+ *
+ * These files are now only used by the CLI providers themselves (claude, codex)
+ * and are not read by the Funolio agent.
+ */
 export interface OAuthCredential {
     provider: 'anthropic' | 'openai' | 'google-gemini';
     accessToken: string;
@@ -14,11 +29,16 @@ export interface CredentialDetectionResult {
         error: string;
     }[];
 }
-/** Clear the credential cache (useful for testing or forced refresh). */
-export declare function clearCache(): void;
+/** @deprecated Always returns empty results. */
+export declare function detectCredentials(): CredentialDetectionResult;
+/** @deprecated Always returns null. */
 export declare function readClaudeCredentials(): OAuthCredential | null;
+/** @deprecated Always returns null. */
 export declare function readCodexCredentials(): OAuthCredential | null;
+/** @deprecated Always returns null. */
 export declare function readGeminiCredentials(): OAuthCredential | null;
-export declare function detectCredentials(): CredentialDetectionResult;
-export declare function isExpired(cred: OAuthCredential): boolean;
+/** Clear the credential cache (no-op). */
+export declare function clearCache(): void;
+/** @deprecated Always returns true (expired). */
+export declare function isExpired(_cred: OAuthCredential): boolean;
 //# sourceMappingURL=credential-reader.d.ts.map

package/dist/auth/credential-reader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credential-reader.d.ts","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,eAAe,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC/C;AAyBD,yEAAyE;AACzE,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAyCD,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CAwC9D;AAED,wBAAgB,oBAAoB,IAAI,eAAe,GAAG,IAAI,CA+C7D;AAED,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CA2D9D;AAID,wBAAgB,iBAAiB,IAAI,yBAAyB,CA0B7D;AAMD,wBAAgB,SAAS,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAIxD"}
+{"version":3,"file":"credential-reader.d.ts","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,eAAe,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC/C;AAED,gDAAgD;AAChD,wBAAgB,iBAAiB,IAAI,yBAAyB,CAE7D;AAED,uCAAuC;AACvC,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CAE9D;AAED,uCAAuC;AACvC,wBAAgB,oBAAoB,IAAI,eAAe,GAAG,IAAI,CAE7D;AAED,uCAAuC;AACvC,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CAE9D;AAED,0CAA0C;AAC1C,wBAAgB,UAAU,IAAI,IAAI,CAAG;AAErC,iDAAiD;AACjD,wBAAgB,SAAS,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAEzD"}