funolio-agent 0.17.8 → 1.0.3

package/dist/auth/credential-reader.js

@@ -1,271 +1,46 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
+/**
+ * REMOVED: OAuth credential reading from disk has been removed.
+ *
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
+ *
+ * The credential-reader previously read OAuth tokens from:
+ *   - ~/.claude/.credentials.json (Anthropic)
+ *   - ~/.codex/auth.json (OpenAI)
+ *   - ~/.config/gcloud/application_default_credentials.json (Google)
+ *
+ * These files are now only used by the CLI providers themselves (claude, codex)
+ * and are not read by the Funolio agent.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.clearCache = clearCache;
+exports.detectCredentials = detectCredentials;
 exports.readClaudeCredentials = readClaudeCredentials;
 exports.readCodexCredentials = readCodexCredentials;
 exports.readGeminiCredentials = readGeminiCredentials;
-exports.detectCredentials = detectCredentials;
+exports.clearCache = clearCache;
 exports.isExpired = isExpired;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const os = __importStar(require("os"));
-const child_process_1 = require("child_process");
-const crypto = __importStar(require("crypto"));
-// ── Cache ───────────────────────────────────────────────────────────────────
-const CACHE_TTL_MS = 60_000; // 1 minute
-const cache = new Map();
-function getCached(key) {
-    const entry = cache.get(key);
-    if (entry && Date.now() - entry.timestamp < CACHE_TTL_MS) {
-        return entry.credential;
-    }
-    return undefined; // cache miss
-}
-function setCache(key, credential) {
-    cache.set(key, { credential, timestamp: Date.now() });
-}
-/** Clear the credential cache (useful for testing or forced refresh). */
-function clearCache() {
-    cache.clear();
-}
-// ── Helpers ─────────────────────────────────────────────────────────────────
-function readJsonFile(filePath) {
-    try {
-        const content = fs.readFileSync(filePath, 'utf-8');
-        return JSON.parse(content);
-    }
-    catch {
-        return null;
-    }
-}
-function fileMtime(filePath) {
-    try {
-        return fs.statSync(filePath).mtimeMs;
-    }
-    catch {
-        return null;
-    }
-}
-function readMacKeychain(service, account) {
-    if (process.platform !== 'darwin')
-        return null;
-    try {
-        const result = (0, child_process_1.execSync)(`security find-generic-password -s ${JSON.stringify(service)} -a ${JSON.stringify(account)} -w`, { encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-        return result || null;
-    }
-    catch {
-        return null;
-    }
-}
-function logDetected(provider, expiresAt) {
-    const expiry = new Date(expiresAt).toISOString();
-    console.log(`[credential-reader] Detected ${provider} credentials (expires: ${expiry})`);
+/** @deprecated Always returns empty results. */
+function detectCredentials() {
+    return { credentials: [], errors: [] };
 }
-// ── Readers ─────────────────────────────────────────────────────────────────
+/** @deprecated Always returns null. */
 function readClaudeCredentials() {
-    const cached = getCached('anthropic');
-    if (cached !== undefined)
-        return cached;
-    let result = null;
-    try {
-        const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
-        let data = readJsonFile(credPath);
-        // macOS Keychain fallback
-        if (!data) {
-            const keychainJson = readMacKeychain('Claude Code-credentials', 'Claude Code');
-            if (keychainJson) {
-                try {
-                    data = JSON.parse(keychainJson);
-                }
-                catch { /* ignore */ }
-            }
-        }
-        if (data) {
-            const oauth = data.claudeAiOauth;
-            if (oauth?.accessToken && oauth?.refreshToken) {
-                result = {
-                    provider: 'anthropic',
-                    accessToken: String(oauth.accessToken),
-                    refreshToken: String(oauth.refreshToken),
-                    expiresAt: typeof oauth.expiresAt === 'number'
-                        ? oauth.expiresAt
-                        : typeof oauth.expiresAt === 'string'
-                            ? new Date(oauth.expiresAt).getTime()
-                            : Date.now() + 3600_000,
-                };
-                logDetected('anthropic', result.expiresAt);
-            }
-        }
-    }
-    catch {
-        // graceful failure
-    }
-    setCache('anthropic', result);
-    return result;
+    return null;
 }
+/** @deprecated Always returns null. */
 function readCodexCredentials() {
-    const cached = getCached('openai');
-    if (cached !== undefined)
-        return cached;
-    let result = null;
-    try {
-        const codexHome = process.env.CODEX_HOME || path.join(os.homedir(), '.codex');
-        const authPath = path.join(codexHome, 'auth.json');
-        let data = readJsonFile(authPath);
-        // macOS Keychain fallback
-        if (!data) {
-            const account = crypto.createHash('sha256').update(codexHome).digest('hex').slice(0, 16);
-            const keychainJson = readMacKeychain('Codex Auth', account);
-            if (keychainJson) {
-                try {
-                    data = JSON.parse(keychainJson);
-                }
-                catch { /* ignore */ }
-            }
-        }
-        if (data) {
-            const tokens = data.tokens;
-            if (tokens?.access_token && tokens?.refresh_token) {
-                const expiresAtRaw = tokens.expires_at ?? tokens.expiresAt;
-                const expiresAt = typeof expiresAtRaw === 'number'
-                    ? expiresAtRaw
-                    : typeof expiresAtRaw === 'string'
-                        ? new Date(expiresAtRaw).getTime()
-                        : Date.now() + 30 * 24 * 3600_000;
-                result = {
-                    provider: 'openai',
-                    accessToken: String(tokens.access_token),
-                    refreshToken: String(tokens.refresh_token),
-                    expiresAt,
-                    ...(tokens.account_id ? { accountId: String(tokens.account_id) } : {}),
-                    ...(tokens.id_token ? { idToken: String(tokens.id_token) } : {}),
-                };
-                logDetected('openai', result.expiresAt);
-            }
-        }
-    }
-    catch {
-        // graceful failure
-    }
-    setCache('openai', result);
-    return result;
+    return null;
 }
+/** @deprecated Always returns null. */
 function readGeminiCredentials() {
-    const cached = getCached('google-gemini');
-    if (cached !== undefined)
-        return cached;
-    let result = null;
-    try {
-        const adcPath = path.join(os.homedir(), '.config', 'gcloud', 'application_default_credentials.json');
-        const data = readJsonFile(adcPath);
-        if (data) {
-            // ADC files typically have client_id, client_secret, refresh_token, type
-            // access_token may not be present (needs refresh); we store refresh_token
-            const refreshToken = data.refresh_token;
-            // Some ADC files don't have access_token — it's obtained via refresh
-            const accessToken = data.access_token || '';
-            if (refreshToken) {
-                // Try to get project ID from gcloud config
-                let projectId;
-                try {
-                    const configPath = path.join(os.homedir(), '.config', 'gcloud', 'properties');
-                    const props = fs.readFileSync(configPath, 'utf-8');
-                    const match = props.match(/project\s*=\s*(.+)/);
-                    if (match)
-                        projectId = match[1].trim();
-                }
-                catch { /* ignore */ }
-                if (!projectId) {
-                    try {
-                        projectId = (0, child_process_1.execSync)('gcloud config get-value project 2>/dev/null', {
-                            encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
-                        }).trim() || undefined;
-                    }
-                    catch { /* ignore */ }
-                }
-                // ADC files don't have expiry — token needs refresh, set short expiry
-                const mtime = fileMtime(adcPath);
-                const expiresAt = mtime ? mtime + 3600_000 : Date.now() + 3600_000;
-                result = {
-                    provider: 'google-gemini',
-                    accessToken: accessToken,
-                    refreshToken,
-                    expiresAt,
-                    ...(projectId ? { projectId } : {}),
-                };
-                logDetected('google-gemini', result.expiresAt);
-            }
-        }
-    }
-    catch {
-        // graceful failure
-    }
-    setCache('google-gemini', result);
-    return result;
-}
-// ── Main Detection ──────────────────────────────────────────────────────────
-function detectCredentials() {
-    const credentials = [];
-    const errors = [];
-    const readers = [
-        { provider: 'anthropic', fn: readClaudeCredentials },
-        { provider: 'openai', fn: readCodexCredentials },
-        { provider: 'google-gemini', fn: readGeminiCredentials },
-    ];
-    for (const { provider, fn } of readers) {
-        try {
-            const cred = fn();
-            if (cred)
-                credentials.push(cred);
-        }
-        catch (err) {
-            const message = err instanceof Error ? err.message : String(err);
-            errors.push({ provider, error: message });
-        }
-    }
-    console.log(`[credential-reader] Detection complete: ${credentials.length} provider(s) found` +
-        (errors.length ? `, ${errors.length} error(s)` : ''));
-    return { credentials, errors };
+    return null;
 }
-// ── Expiry Check ────────────────────────────────────────────────────────────
-const EXPIRY_BUFFER_MS = 5 * 60_000; // 5 minutes
-function isExpired(cred) {
-    // Setup-tokens and tokens without expiry info have expiresAt=0 — treat as not expired
-    if (!cred.expiresAt)
-        return false;
-    return Date.now() >= cred.expiresAt - EXPIRY_BUFFER_MS;
+/** Clear the credential cache (no-op). */
+function clearCache() { }
+/** @deprecated Always returns true (expired). */
+function isExpired(_cred) {
+    return true;
 }
 //# sourceMappingURL=credential-reader.js.map

package/dist/auth/credential-reader.js.map

@@ -1 +1 @@
-{"version":3,"file":"credential-reader.js","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CA,gCAEC;AAyCD,sDAwCC;AAED,oDA+CC;AAED,sDA2DC;AAID,8CA0BC;AAMD,8BAIC;AAxRD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,iDAAyC;AACzC,+CAAiC;AAmBjC,+EAA+E;AAE/E,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,WAAW;AAOxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;AAE5C,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,GAAG,YAAY,EAAE,CAAC;QACzD,OAAO,KAAK,CAAC,UAAU,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC,CAAC,aAAa;AACjC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,UAAkC;IAC/D,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,yEAAyE;AACzE,SAAgB,UAAU;IACxB,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,OAAe;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EACrB,qCAAqC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAC/F,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACtE,CAAC,IAAI,EAAE,CAAC;QACT,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,SAAiB;IACtD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,gCAAgC,QAAQ,0BAA0B,MAAM,GAAG,CAAC,CAAC;AAC3F,CAAC;AAED,+EAA+E;AAE/E,SAAgB,qBAAqB;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACtC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACzE,IAAI,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAmC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,YAAY,GAAG,eAAe,CAAC,yBAAyB,EAAE,aAAa,CAAC,CAAC;YAC/E,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAA4B,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,KAAK,GAAG,IAAI,CAAC,aAAoD,CAAC;YACxE,IAAI,KAAK,EAAE,WAAW,IAAI,KAAK,EAAE,YAAY,EAAE,CAAC;gBAC9C,MAAM,GAAG;oBACP,QAAQ,EAAE,WAAW;oBACrB,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC;oBACtC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;oBACxC,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;wBAC5C,CAAC,CAAC,KAAK,CAAC,SAAS;wBACjB,CAAC,CAAC,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;4BACnC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;4BACrC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;iBAC5B,CAAC;gBACF,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,oBAAoB;IAClC,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,IAAI,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAmC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzF,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAA4B,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6C,CAAC;YAClE,IAAI,MAAM,EAAE,YAAY,IAAI,MAAM,EAAE,aAAa,EAAE,CAAC;gBAClD,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,CAAC;gBAC3D,MAAM,SAAS,GAAG,OAAO,YAAY,KAAK,QAAQ;oBAChD,CAAC,CAAC,YAAY;oBACd,CAAC,CAAC,OAAO,YAAY,KAAK,QAAQ;wBAChC,CAAC,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;wBAClC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC;gBAEtC,MAAM,GAAG;oBACP,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC;oBACxC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;oBAC1C,SAAS;oBACT,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACtE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACjE,CAAC;gBACF,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,qBAAqB;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CACvB,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,sCAAsC,CAC1E,CAAC;QACF,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAmC,CAAC;QAErE,IAAI,IAAI,EAAE,CAAC;YACT,yEAAyE;YACzE,0EAA0E;YAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,aAAmC,CAAC;YAC9D,qEAAqE;YACrE,MAAM,WAAW,GAAI,IAAI,CAAC,YAAmC,IAAI,EAAE,CAAC;YAEpE,IAAI,YAAY,EAAE,CAAC;gBACjB,2CAA2C;gBAC3C,IAAI,SAA6B,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,CAChD,CAAC;oBACF,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;oBACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;oBAChD,IAAI,KAAK;wBAAE,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACzC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAExB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,IAAI,CAAC;wBACH,SAAS,GAAG,IAAA,wBAAQ,EAAC,6CAA6C,EAAE;4BAClE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;yBAClE,CAAC,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;oBACzB,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC1B,CAAC;gBAED,sEAAsE;gBACtE,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;gBAEnE,MAAM,GAAG;oBACP,QAAQ,EAAE,eAAe;oBACzB,WAAW,EAAE,WAAW;oBACxB,YAAY;oBACZ,SAAS;oBACT,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACpC,CAAC;gBACF,WAAW,CAAC,eAAe,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAgB,iBAAiB;IAC/B,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAA0C,EAAE,CAAC;IAEzD,MAAM,OAAO,GAAkE;QAC7E,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,qBAAqB,EAAE;QACpD,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,oBAAoB,EAAE;QAChD,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,EAAE,qBAAqB,EAAE;KACzD,CAAC;IAEF,KAAK,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,OAAO,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,EAAE,CAAC;YAClB,IAAI,IAAI;gBAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CACT,2CAA2C,WAAW,CAAC,MAAM,oBAAoB;QACjF,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CACrD,CAAC;IAEF,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,YAAY;AAEjD,SAAgB,SAAS,CAAC,IAAqB;IAC7C,sFAAsF;IACtF,IAAI,CAAC,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAClC,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC;AACzD,CAAC"}
+{"version":3,"file":"credential-reader.js","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAkBH,8CAEC;AAGD,sDAEC;AAGD,oDAEC;AAGD,sDAEC;AAGD,gCAAqC;AAGrC,8BAEC;AA1BD,gDAAgD;AAChD,SAAgB,iBAAiB;IAC/B,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AACzC,CAAC;AAED,uCAAuC;AACvC,SAAgB,qBAAqB;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AACvC,SAAgB,oBAAoB;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AACvC,SAAgB,qBAAqB;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0CAA0C;AAC1C,SAAgB,UAAU,KAAU,CAAC;AAErC,iDAAiD;AACjD,SAAgB,SAAS,CAAC,KAAsB;IAC9C,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/credential-status.d.ts

@@ -1,35 +1,15 @@
 /**
- * Anthropic Auth Reliability — Credential status types and probe helpers.
+ * REMOVED: Credential status probing has been removed.
  *
- * Implements the 3-state capability model from anthropic-auth-reliability-v3 spec:
- *   healthy  — exchange probe passed, bot can run
- *   unknown  — never probed or stale, trigger probe before use
- *   invalid  — exchange probe failed, fail closed
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
  */
 export type CapabilityStatus = 'healthy' | 'unknown' | 'invalid';
-export type CredentialSource = 'web-oauth' | 'server-local' | 'apikey';
-/** Typed error codes from the spec */
-export type CapabilityErrorCode = 'SCOPE_MISSING_ORG_CREATE_API_KEY' | 'EXCHANGE_TOKEN_INVALID' | 'EXCHANGE_PERMISSION_DENIED' | 'EXCHANGE_NETWORK_ERROR' | 'OAUTH_REFRESH_INVALID_GRANT' | 'CREDENTIAL_SOURCE_UNAVAILABLE' | 'BEARER_UNSUPPORTED';
 export interface BotCredentialInfo {
-    credentialSource?: CredentialSource;
     capabilityStatus?: CapabilityStatus;
-    capabilityErrorCode?: CapabilityErrorCode | null;
-    capabilityErrorDetail?: string | null;
-    capabilityCheckedAt?: number | null;
+    capabilityErrorCode?: string | null;
 }
-export declare function isProbeStale(checkedAt: number | null | undefined): boolean;
-export declare function shouldReprobe(info: BotCredentialInfo): boolean;
-/**
- * Run probe against the server for a given credential.
- * Returns updated capability info.
- */
-export declare function runProbe(serverBaseUrl: string, authToken: string, keyId?: string): Promise<BotCredentialInfo>;
-/**
- * Map an HTTP status code from an Anthropic API auth error to a typed error code.
- */
-export declare function authErrorToCode(statusCode: number): CapabilityErrorCode;
-/**
- * Get human-readable remediation message for an error code.
- */
-export declare function getRemediation(code: CapabilityErrorCode): string;
+/** @deprecated Always returns false. */
+export declare function shouldReprobe(_info: BotCredentialInfo): boolean;
 //# sourceMappingURL=credential-status.d.ts.map

package/dist/auth/credential-status.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credential-status.d.ts","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AACjE,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,cAAc,GAAG,QAAQ,CAAC;AAEvE,sCAAsC;AACtC,MAAM,MAAM,mBAAmB,GAC3B,kCAAkC,GAClC,wBAAwB,GACxB,4BAA4B,GAC5B,wBAAwB,GACxB,6BAA6B,GAC7B,+BAA+B,GAC/B,oBAAoB,CAAC;AAEzB,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACjD,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACrC;AAKD,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAG1E;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAG9D;AAED;;;GAGG;AACH,wBAAsB,QAAQ,CAC5B,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC,CA4C5B;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,CAMvE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,mBAAmB,GAAG,MAAM,CAmBhE"}
+{"version":3,"file":"credential-status.d.ts","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAEjE,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACrC;AAED,wCAAwC;AACxC,wBAAgB,aAAa,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAE/D"}

package/dist/auth/credential-status.js

@@ -1,103 +1,15 @@
 "use strict";
 /**
- * Anthropic Auth Reliability — Credential status types and probe helpers.
+ * REMOVED: Credential status probing has been removed.
  *
- * Implements the 3-state capability model from anthropic-auth-reliability-v3 spec:
- *   healthy  — exchange probe passed, bot can run
- *   unknown  — never probed or stale, trigger probe before use
- *   invalid  — exchange probe failed, fail closed
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isProbeStale = isProbeStale;
 exports.shouldReprobe = shouldReprobe;
-exports.runProbe = runProbe;
-exports.authErrorToCode = authErrorToCode;
-exports.getRemediation = getRemediation;
-/** Probe staleness threshold — 1 hour */
-const PROBE_STALE_MS = 60 * 60 * 1000;
-function isProbeStale(checkedAt) {
-    if (!checkedAt)
-        return true;
-    return Date.now() - checkedAt > PROBE_STALE_MS;
-}
-function shouldReprobe(info) {
-    if (!info.capabilityStatus || info.capabilityStatus !== 'healthy')
-        return true;
-    return isProbeStale(info.capabilityCheckedAt);
-}
-/**
- * Run probe against the server for a given credential.
- * Returns updated capability info.
- */
-async function runProbe(serverBaseUrl, authToken, keyId) {
-    try {
-        const res = await fetch(`${serverBaseUrl}/api/v1/auth/anthropic/probe`, {
-            method: 'POST',
-            headers: {
-                Authorization: `Bearer ${authToken}`,
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({ keyId }),
-        });
-        if (!res.ok) {
-            const body = await res.text().catch(() => '');
-            console.warn(`[credential-status] Probe request failed (${res.status}): ${body}`);
-            return {
-                capabilityStatus: 'unknown',
-                capabilityErrorCode: 'EXCHANGE_NETWORK_ERROR',
-                capabilityErrorDetail: `Probe HTTP ${res.status}`,
-                capabilityCheckedAt: Date.now(),
-            };
-        }
-        const data = await res.json();
-        return {
-            capabilityStatus: data.capabilityStatus || 'unknown',
-            capabilityErrorCode: data.capabilityErrorCode || null,
-            capabilityErrorDetail: data.capabilityErrorDetail || null,
-            capabilityCheckedAt: data.capabilityCheckedAt || Date.now(),
-        };
-    }
-    catch (err) {
-        console.warn(`[credential-status] Probe network error: ${err?.message}`);
-        return {
-            capabilityStatus: 'unknown',
-            capabilityErrorCode: 'EXCHANGE_NETWORK_ERROR',
-            capabilityErrorDetail: err?.message || 'Network error',
-            capabilityCheckedAt: Date.now(),
-        };
-    }
-}
-/**
- * Map an HTTP status code from an Anthropic API auth error to a typed error code.
- */
-function authErrorToCode(statusCode) {
-    switch (statusCode) {
-        case 401: return 'EXCHANGE_TOKEN_INVALID';
-        case 403: return 'EXCHANGE_PERMISSION_DENIED';
-        default: return 'EXCHANGE_NETWORK_ERROR';
-    }
-}
-/**
- * Get human-readable remediation message for an error code.
- */
-function getRemediation(code) {
-    switch (code) {
-        case 'SCOPE_MISSING_ORG_CREATE_API_KEY':
-            return 'Re-authorize your Anthropic connection in Settings to grant the required scope.';
-        case 'EXCHANGE_TOKEN_INVALID':
-            return 'Your Anthropic token was rejected. Re-authorize or check your account.';
-        case 'EXCHANGE_PERMISSION_DENIED':
-            return 'Your Anthropic token lacks required permissions. Re-authorize with correct permissions.';
-        case 'EXCHANGE_NETWORK_ERROR':
-            return 'Network error during credential verification. Retry or check connectivity.';
-        case 'OAUTH_REFRESH_INVALID_GRANT':
-            return 'Your refresh token was rejected. Re-authorize from scratch.';
-        case 'CREDENTIAL_SOURCE_UNAVAILABLE':
-            return 'Selected credential source is missing or unreachable. Check server agent or re-connect.';
-        case 'BEARER_UNSUPPORTED':
-            return 'Direct bearer auth rejected by Anthropic. Use the exchange path instead.';
-        default:
-            return 'Unknown credential error. Check Settings.';
-    }
+/** @deprecated Always returns false. */
+function shouldReprobe(_info) {
+    return false;
 }
 //# sourceMappingURL=credential-status.js.map

package/dist/auth/credential-status.js.map

@@ -1 +1 @@
-{"version":3,"file":"credential-status.js","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA0BH,oCAGC;AAED,sCAGC;AAMD,4BAgDC;AAKD,0CAMC;AAKD,wCAmBC;AApGD,yCAAyC;AACzC,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,SAAgB,YAAY,CAAC,SAAoC;IAC/D,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,cAAc,CAAC;AACjD,CAAC;AAED,SAAgB,aAAa,CAAC,IAAuB;IACnD,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/E,OAAO,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,QAAQ,CAC5B,aAAqB,EACrB,SAAiB,EACjB,KAAc;IAEd,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,aAAa,8BAA8B,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,SAAS,EAAE;gBACpC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,6CAA6C,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;YAClF,OAAO;gBACL,gBAAgB,EAAE,SAAS;gBAC3B,mBAAmB,EAAE,wBAAwB;gBAC7C,qBAAqB,EAAE,cAAc,GAAG,CAAC,MAAM,EAAE;gBACjD,mBAAmB,EAAE,IAAI,CAAC,GAAG,EAAE;aAChC,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAK1B,CAAC;QAEF,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,SAAS;YACpD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;YACrD,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,IAAI,IAAI;YACzD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,GAAG,EAAE;SAC5D,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,4CAA4C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,OAAO;YACL,gBAAgB,EAAE,SAAS;YAC3B,mBAAmB,EAAE,wBAAwB;YAC7C,qBAAqB,EAAE,GAAG,EAAE,OAAO,IAAI,eAAe;YACtD,mBAAmB,EAAE,IAAI,CAAC,GAAG,EAAE;SAChC,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,UAAkB;IAChD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,GAAG,CAAC,CAAC,OAAO,wBAAwB,CAAC;QAC1C,KAAK,GAAG,CAAC,CAAC,OAAO,4BAA4B,CAAC;QAC9C,OAAO,CAAC,CAAC,OAAO,wBAAwB,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,IAAyB;IACtD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,kCAAkC;YACrC,OAAO,iFAAiF,CAAC;QAC3F,KAAK,wBAAwB;YAC3B,OAAO,wEAAwE,CAAC;QAClF,KAAK,4BAA4B;YAC/B,OAAO,yFAAyF,CAAC;QACnG,KAAK,wBAAwB;YAC3B,OAAO,4EAA4E,CAAC;QACtF,KAAK,6BAA6B;YAChC,OAAO,6DAA6D,CAAC;QACvE,KAAK,+BAA+B;YAClC,OAAO,yFAAyF,CAAC;QACnG,KAAK,oBAAoB;YACvB,OAAO,0EAA0E,CAAC;QACpF;YACE,OAAO,2CAA2C,CAAC;IACvD,CAAC;AACH,CAAC"}
+{"version":3,"file":"credential-status.js","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAUH,sCAEC;AAHD,wCAAwC;AACxC,SAAgB,aAAa,CAAC,KAAwB;IACpD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/auth/index.d.ts

@@ -1,4 +1,11 @@
-export { OAuthCredential, CredentialDetectionResult, detectCredentials, readClaudeCredentials, readCodexCredentials, readGeminiCredentials, isExpired, clearCache, } from './credential-reader';
-export { refreshToken, RefreshResult } from './token-refresh';
+/**
+ * Auth Module — Funolio Agent
+ *
+ * Supported auth methods:
+ *   1. CLI providers (claude-cli, codex-cli) — handle their own auth
+ *   2. API key (BYOK) — explicit key or environment variable
+ *
+ * Subscription API / OAuth credential resolution has been removed.
+ */
 export { ResolvedAuth, resolveAuth, ensureFreshToken, } from './auto-detect';
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,iBAAiB,EACjB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,SAAS,EACT,UAAU,GACX,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE9D,OAAO,EACL,YAAY,EACZ,WAAW,EACX,gBAAgB,GACjB,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,YAAY,EACZ,WAAW,EACX,gBAAgB,GACjB,MAAM,eAAe,CAAC"}

package/dist/auth/index.js

@@ -1,15 +1,15 @@
 "use strict";
+/**
+ * Auth Module — Funolio Agent
+ *
+ * Supported auth methods:
+ *   1. CLI providers (claude-cli, codex-cli) — handle their own auth
+ *   2. API key (BYOK) — explicit key or environment variable
+ *
+ * Subscription API / OAuth credential resolution has been removed.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ensureFreshToken = exports.resolveAuth = exports.refreshToken = exports.clearCache = exports.isExpired = exports.readGeminiCredentials = exports.readCodexCredentials = exports.readClaudeCredentials = exports.detectCredentials = void 0;
-var credential_reader_1 = require("./credential-reader");
-Object.defineProperty(exports, "detectCredentials", { enumerable: true, get: function () { return credential_reader_1.detectCredentials; } });
-Object.defineProperty(exports, "readClaudeCredentials", { enumerable: true, get: function () { return credential_reader_1.readClaudeCredentials; } });
-Object.defineProperty(exports, "readCodexCredentials", { enumerable: true, get: function () { return credential_reader_1.readCodexCredentials; } });
-Object.defineProperty(exports, "readGeminiCredentials", { enumerable: true, get: function () { return credential_reader_1.readGeminiCredentials; } });
-Object.defineProperty(exports, "isExpired", { enumerable: true, get: function () { return credential_reader_1.isExpired; } });
-Object.defineProperty(exports, "clearCache", { enumerable: true, get: function () { return credential_reader_1.clearCache; } });
-var token_refresh_1 = require("./token-refresh");
-Object.defineProperty(exports, "refreshToken", { enumerable: true, get: function () { return token_refresh_1.refreshToken; } });
+exports.ensureFreshToken = exports.resolveAuth = void 0;
 var auto_detect_1 = require("./auto-detect");
 Object.defineProperty(exports, "resolveAuth", { enumerable: true, get: function () { return auto_detect_1.resolveAuth; } });
 Object.defineProperty(exports, "ensureFreshToken", { enumerable: true, get: function () { return auto_detect_1.ensureFreshToken; } });

package/dist/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,yDAS6B;AAN3B,sHAAA,iBAAiB,OAAA;AACjB,0HAAA,qBAAqB,OAAA;AACrB,yHAAA,oBAAoB,OAAA;AACpB,0HAAA,qBAAqB,OAAA;AACrB,8GAAA,SAAS,OAAA;AACT,+GAAA,UAAU,OAAA;AAGZ,iDAA8D;AAArD,6GAAA,YAAY,OAAA;AAErB,6CAIuB;AAFrB,0GAAA,WAAW,OAAA;AACX,+GAAA,gBAAgB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,6CAIuB;AAFrB,0GAAA,WAAW,OAAA;AACX,+GAAA,gBAAgB,OAAA"}

package/dist/auth/subscription-runtime.d.ts

@@ -1,34 +1,30 @@
-import { type OAuthCredential } from './credential-reader';
-import { type AnthropicAuthMode } from './anthropic-subscription';
+/**
+ * REMOVED: Subscription API runtime has been removed.
+ *
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
+ */
 export type SubscriptionRuntimeProvider = 'anthropic' | 'openai';
-export type SubscriptionSource = 'db:anthropic:openclaw' | 'db:anthropic' | 'db:claude-cli' | 'claude-credentials' | 'db:openai' | 'db:codex-cli' | 'codex-credentials' | 'request:anthropic:openclaw' | 'request:anthropic' | 'request:openai';
 export interface ResolvedSubscriptionRuntime {
     providerName: SubscriptionRuntimeProvider;
     apiKey: string;
     model: string;
-    source: SubscriptionSource | string;
-    authMode?: AnthropicAuthMode;
+    source: string;
     baseUrl?: string;
     apiQuery?: string;
     apiStyle?: 'openai-chat-completions' | 'codex-chatgpt-responses';
+    authMode?: 'oauth-bearer' | 'api-key';
     extraHeaders?: Record<string, string>;
 }
-interface ResolveRuntimeOptions {
-    preferredModel?: string | null;
-    inputCredential?: OAuthCredential | null;
-    inputToken?: string | null;
-    inputAccessMode?: string | null;
-    inputSource?: SubscriptionSource;
-    persistInputCredential?: boolean;
-}
-export declare function claudeSubscriptionRuntimeLabel(source?: SubscriptionSource | string | null): string;
-/**
- * Anthropic/OpenClaw request shape should stay on native structured messages by default.
- * Source selection tells us where credentials came from, not how to flatten prompts.
- */
-export declare function resolveClaudeSubscriptionRequestShape(_source?: SubscriptionSource | string | null): 'default' | 'claude-cli-flat';
-export declare function resolveSubscriptionApiModel(profileModel?: string | null, configuredDefaultModel?: string | null): string | null;
-export declare function resolveClaudeSubscriptionRuntime(options?: ResolveRuntimeOptions): Promise<ResolvedSubscriptionRuntime | null>;
-export declare function resolveCodexSubscriptionRuntime(options?: ResolveRuntimeOptions): Promise<ResolvedSubscriptionRuntime | null>;
-export {};
+/** @deprecated Always returns null. */
+export declare function resolveClaudeSubscriptionRuntime(_options?: any): Promise<null>;
+/** @deprecated Always returns null. */
+export declare function resolveCodexSubscriptionRuntime(_options?: any): Promise<null>;
+/** @deprecated Subscription API removed. Returns a display label. */
+export declare function claudeSubscriptionRuntimeLabel(_source?: string | null): string;
+/** @deprecated Subscription API removed. Always returns undefined. */
+export declare function resolveClaudeSubscriptionRequestShape(_source?: string | null): undefined;
+/** @deprecated Subscription API removed. Returns the preferred model or fallback. */
+export declare function resolveSubscriptionApiModel(preferred?: string | null, fallback?: string | null): string | undefined;
 //# sourceMappingURL=subscription-runtime.d.ts.map

package/dist/auth/subscription-runtime.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"subscription-runtime.d.ts","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAGL,KAAK,iBAAiB,EACvB,MAAM,0BAA0B,CAAC;AAElC,MAAM,MAAM,2BAA2B,GAAG,WAAW,GAAG,QAAQ,CAAC;AACjE,MAAM,MAAM,kBAAkB,GAC1B,uBAAuB,GACvB,cAAc,GACd,eAAe,GACf,oBAAoB,GACpB,WAAW,GACX,cAAc,GACd,mBAAmB,GACnB,4BAA4B,GAC5B,mBAAmB,GACnB,gBAAgB,CAAC;AAErB,MAAM,WAAW,2BAA2B;IAC1C,YAAY,EAAE,2BAA2B,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,kBAAkB,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,yBAAyB,GAAG,yBAAyB,CAAC;IACjE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC;AAOD,UAAU,qBAAqB;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IACzC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,wBAAgB,8BAA8B,CAAC,MAAM,CAAC,EAAE,kBAAkB,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,CAIlG;AAED;;;GAGG;AACH,wBAAgB,qCAAqC,CACnD,OAAO,CAAC,EAAE,kBAAkB,GAAG,MAAM,GAAG,IAAI,GAC3C,SAAS,GAAG,iBAAiB,CAE/B;AAED,wBAAgB,2BAA2B,CACzC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,GACrC,MAAM,GAAG,IAAI,CAoBf;AA4ND,wBAAsB,gCAAgC,CACpD,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,2BAA2B,GAAG,IAAI,CAAC,CAiD7C;AAED,wBAAsB,+BAA+B,CACnD,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,2BAA2B,GAAG,IAAI,CAAC,CA2B7C"}
+{"version":3,"file":"subscription-runtime.d.ts","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,MAAM,2BAA2B,GAAG,WAAW,GAAG,QAAQ,CAAC;AAEjE,MAAM,WAAW,2BAA2B;IAC1C,YAAY,EAAE,2BAA2B,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,yBAAyB,GAAG,yBAAyB,CAAC;IACjE,QAAQ,CAAC,EAAE,cAAc,GAAG,SAAS,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC;AAED,uCAAuC;AACvC,wBAAsB,gCAAgC,CAAC,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAEpF;AAED,uCAAuC;AACvC,wBAAsB,+BAA+B,CAAC,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAEnF;AAED,qEAAqE;AACrE,wBAAgB,8BAA8B,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAE9E;AAED,sEAAsE;AACtE,wBAAgB,qCAAqC,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAExF;AAED,qFAAqF;AACrF,wBAAgB,2BAA2B,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,CAGnH"}