funolio-agent 0.17.8 → 1.0.3

package/dist/auth/subscription-runtime.js

@@ -1,304 +1,36 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
+/**
+ * REMOVED: Subscription API runtime has been removed.
+ *
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
+ *   2. API key (BYOK) — standard x-api-key authentication
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveClaudeSubscriptionRuntime = resolveClaudeSubscriptionRuntime;
+exports.resolveCodexSubscriptionRuntime = resolveCodexSubscriptionRuntime;
 exports.claudeSubscriptionRuntimeLabel = claudeSubscriptionRuntimeLabel;
 exports.resolveClaudeSubscriptionRequestShape = resolveClaudeSubscriptionRequestShape;
 exports.resolveSubscriptionApiModel = resolveSubscriptionApiModel;
-exports.resolveClaudeSubscriptionRuntime = resolveClaudeSubscriptionRuntime;
-exports.resolveCodexSubscriptionRuntime = resolveCodexSubscriptionRuntime;
-const data = __importStar(require("../local-data"));
-const credential_reader_1 = require("./credential-reader");
-const token_refresh_1 = require("./token-refresh");
-const anthropic_subscription_1 = require("./anthropic-subscription");
-function claudeSubscriptionRuntimeLabel(source) {
-    const normalized = String(source || '').trim().toLowerCase();
-    if (normalized.includes('openclaw'))
-        return 'OpenClaw Connection';
-    return 'Subscription API';
-}
-/**
- * Anthropic/OpenClaw request shape should stay on native structured messages by default.
- * Source selection tells us where credentials came from, not how to flatten prompts.
- */
-function resolveClaudeSubscriptionRequestShape(_source) {
-    return 'default';
-}
-function resolveSubscriptionApiModel(profileModel, configuredDefaultModel) {
-    const isPlaceholder = (value) => {
-        const normalized = value.trim().toLowerCase();
-        return normalized === ''
-            || normalized === 'default'
-            || normalized === 'claude-code'
-            || normalized === 'codex-cli';
-    };
-    const resolvedProfileModel = (profileModel || '').trim();
-    if (!isPlaceholder(resolvedProfileModel)) {
-        return resolvedProfileModel;
-    }
-    const resolvedDefaultModel = (configuredDefaultModel || '').trim();
-    if (!isPlaceholder(resolvedDefaultModel)) {
-        return resolvedDefaultModel;
-    }
+/** @deprecated Always returns null. */
+async function resolveClaudeSubscriptionRuntime(_options) {
     return null;
 }
-function readDbOauthCredential(providerId) {
-    const connection = data.findProviderConnection(providerId, 'oauth') || data.findProviderConnection(providerId);
-    if (!connection?.oauth_token) {
-        return null;
-    }
-    return {
-        source: `db:${providerId}`,
-        credential: {
-            provider: providerId === 'anthropic' || providerId === 'claude-cli' ? 'anthropic' : 'openai',
-            accessToken: connection.oauth_token,
-            refreshToken: connection.oauth_refresh_token || '',
-            expiresAt: connection.oauth_expires_at ?? 0,
-        },
-    };
-}
-function shouldImportCandidate(current, incoming) {
-    if (!incoming?.accessToken)
-        return false;
-    if (!current?.accessToken)
-        return true;
-    if (incoming.accessToken === current.accessToken) {
-        return (incoming.expiresAt || 0) > (current.expiresAt || 0)
-            || (!!incoming.refreshToken && !current.refreshToken);
-    }
-    return (incoming.expiresAt || 0) > (current.expiresAt || 0)
-        || (!!incoming.refreshToken && !current.refreshToken);
-}
-function syncProviderOauthCredential(providerId, credential, defaultModel) {
-    if (!credential.accessToken)
-        return;
-    data.upsertOauthProviderConnection({
-        providerId,
-        oauthToken: credential.accessToken,
-        oauthRefreshToken: credential.refreshToken || null,
-        oauthExpiresAt: credential.expiresAt ?? null,
-        defaultModel: defaultModel ?? null,
-    });
-}
-async function ensureFreshCredential(credential, providerForLog, onRefresh) {
-    if (!credential)
-        return null;
-    const needsCodexIdTokenRepair = providerForLog === 'openai' && !credential.idToken;
-    const expired = (0, credential_reader_1.isExpired)(credential);
-    if (!expired && !needsCodexIdTokenRepair) {
-        return credential;
-    }
-    if (!credential.refreshToken) {
-        return expired ? null : (credential.accessToken ? credential : null);
-    }
-    try {
-        const refreshed = await (0, token_refresh_1.refreshToken)(credential);
-        onRefresh?.(refreshed.credential);
-        return refreshed.credential;
-    }
-    catch (err) {
-        console.warn(`[subscription-runtime] ${providerForLog} OAuth token refresh failed: ${err?.message || err}`);
-        return expired ? null : (credential.accessToken ? credential : null);
-    }
-}
-async function resolveDbPrimaryClaudeCredentialCandidates(preferredModel, inputCredential, inputToken, inputAccessMode, inputSource = 'request:anthropic', persistInputCredential = false) {
-    const candidates = [];
-    const seen = new Set();
-    const pushCandidate = (candidate) => {
-        if (!candidate?.credential?.accessToken)
-            return;
-        const key = `${candidate.source}:${candidate.credential.accessToken}`;
-        if (seen.has(key))
-            return;
-        seen.add(key);
-        candidates.push(candidate);
-    };
-    const openClawConnection = data.findProviderConnection('anthropic', 'openclaw');
-    if (inputAccessMode === 'openclaw' && inputToken?.trim()) {
-        pushCandidate({
-            source: 'request:anthropic:openclaw',
-            credential: {
-                provider: 'anthropic',
-                accessToken: inputToken.trim(),
-                refreshToken: '',
-                expiresAt: 0,
-            },
-        });
-    }
-    if (openClawConnection?.api_key_enc) {
-        pushCandidate({
-            source: 'db:anthropic:openclaw',
-            credential: {
-                provider: 'anthropic',
-                accessToken: openClawConnection.api_key_enc,
-                refreshToken: '',
-                expiresAt: 0,
-            },
-        });
-    }
-    const dbCandidate = readDbOauthCredential('anthropic');
-    const legacyCandidate = readDbOauthCredential('claude-cli');
-    const fileCredential = (0, credential_reader_1.readClaudeCredentials)();
-    let selected = dbCandidate;
-    if (legacyCandidate && shouldImportCandidate(dbCandidate?.credential || null, legacyCandidate.credential)) {
-        syncProviderOauthCredential('anthropic', legacyCandidate.credential, preferredModel);
-        selected = { source: 'db:anthropic', credential: legacyCandidate.credential };
-    }
-    if (fileCredential && shouldImportCandidate(selected?.credential || null, fileCredential)) {
-        syncProviderOauthCredential('anthropic', fileCredential, preferredModel);
-        selected = { source: 'db:anthropic', credential: fileCredential };
-    }
-    if (inputCredential?.accessToken && shouldImportCandidate(selected?.credential || null, inputCredential)) {
-        if (persistInputCredential) {
-            syncProviderOauthCredential('anthropic', inputCredential, preferredModel);
-            selected = { source: 'db:anthropic', credential: inputCredential };
-        }
-        else {
-            selected = { source: inputSource, credential: inputCredential };
-        }
-    }
-    if (!selected?.credential?.accessToken) {
-        return candidates;
-    }
-    const refreshed = await ensureFreshCredential(selected.credential, 'anthropic', selected.source === 'db:anthropic' || selected.source === inputSource
-        ? (credential) => syncProviderOauthCredential('anthropic', credential, preferredModel)
-        : (credential) => syncProviderOauthCredential('anthropic', credential, preferredModel));
-    if (!refreshed?.accessToken) {
-        return candidates;
-    }
-    if (selected.source !== inputSource || persistInputCredential) {
-        syncProviderOauthCredential('anthropic', refreshed, preferredModel);
-        pushCandidate({ source: 'db:anthropic', credential: refreshed });
-        return candidates;
-    }
-    pushCandidate({ source: selected.source, credential: refreshed });
-    return candidates;
+/** @deprecated Always returns null. */
+async function resolveCodexSubscriptionRuntime(_options) {
+    return null;
 }
-async function resolveDbPrimaryCodexCredential(preferredModel, inputCredential, inputSource = 'request:openai', persistInputCredential = false) {
-    const dbCandidate = readDbOauthCredential('openai');
-    const legacyCandidate = readDbOauthCredential('codex-cli');
-    const fileCredential = (0, credential_reader_1.readCodexCredentials)();
-    let selected = dbCandidate;
-    if (legacyCandidate && shouldImportCandidate(dbCandidate?.credential || null, legacyCandidate.credential)) {
-        syncProviderOauthCredential('openai', legacyCandidate.credential, preferredModel);
-        selected = { source: 'db:openai', credential: legacyCandidate.credential };
-    }
-    if (fileCredential && shouldImportCandidate(selected?.credential || null, fileCredential)) {
-        syncProviderOauthCredential('openai', fileCredential, preferredModel);
-        selected = { source: 'db:openai', credential: fileCredential };
-    }
-    if (inputCredential?.accessToken && shouldImportCandidate(selected?.credential || null, inputCredential)) {
-        if (persistInputCredential) {
-            syncProviderOauthCredential('openai', inputCredential, preferredModel);
-            selected = { source: 'db:openai', credential: inputCredential };
-        }
-        else {
-            selected = { source: inputSource, credential: inputCredential };
-        }
-    }
-    if (!selected?.credential?.accessToken) {
-        return null;
-    }
-    const refreshed = await ensureFreshCredential(selected.credential, 'openai', selected.source === 'db:openai' || persistInputCredential
-        ? (credential) => syncProviderOauthCredential('openai', credential, preferredModel)
-        : null);
-    if (!refreshed?.accessToken) {
-        return null;
-    }
-    if (selected.source !== inputSource || persistInputCredential) {
-        syncProviderOauthCredential('openai', refreshed, preferredModel);
-        return { source: 'db:openai', credential: refreshed };
-    }
-    return { source: selected.source, credential: refreshed };
+/** @deprecated Subscription API removed. Returns a display label. */
+function claudeSubscriptionRuntimeLabel(_source) {
+    return 'Subscription (removed)';
 }
-async function resolveClaudeSubscriptionRuntime(options = {}) {
-    const model = resolveSubscriptionApiModel(options.preferredModel, data.findProviderConnection('anthropic')?.default_model
-        || data.findProviderConnection('claude-cli')?.default_model
-        || null);
-    if (!model)
-        return null;
-    const candidates = await resolveDbPrimaryClaudeCredentialCandidates(model, options.inputCredential, options.inputToken, options.inputAccessMode, options.inputSource || 'request:anthropic', options.persistInputCredential === true);
-    if (candidates.length === 0) {
-        return null;
-    }
-    let lastError = null;
-    for (const selected of candidates) {
-        try {
-            const requestConfig = (0, anthropic_subscription_1.getClaudeSubscriptionRequestConfig)(selected.source);
-            const resolved = await (0, anthropic_subscription_1.resolveAnthropicSubscriptionAuth)({
-                accessToken: selected.credential.accessToken,
-                refreshToken: selected.credential.refreshToken || null,
-                expiresAt: selected.credential.expiresAt ?? null,
-                onRefresh: (credential) => syncProviderOauthCredential('anthropic', credential, model),
-            });
-            return {
-                providerName: 'anthropic',
-                apiKey: resolved.token,
-                model,
-                source: selected.source,
-                authMode: resolved.authMode,
-                baseUrl: requestConfig.baseUrl,
-                apiQuery: requestConfig.apiQuery,
-                extraHeaders: requestConfig.extraHeaders,
-            };
-        }
-        catch (err) {
-            lastError = err;
-            console.warn(`[subscription-runtime] Claude credential candidate failed (${selected.source}); trying next candidate if available: ${err?.message || err}`);
-        }
-    }
-    if (lastError)
-        throw lastError;
-    return null;
+/** @deprecated Subscription API removed. Always returns undefined. */
+function resolveClaudeSubscriptionRequestShape(_source) {
+    return undefined;
 }
-async function resolveCodexSubscriptionRuntime(options = {}) {
-    const model = resolveSubscriptionApiModel(options.preferredModel, data.findProviderConnection('openai')?.default_model
-        || data.findProviderConnection('codex-cli')?.default_model
-        || null);
-    if (!model)
-        return null;
-    const selected = await resolveDbPrimaryCodexCredential(model, options.inputCredential, options.inputSource || 'request:openai', options.persistInputCredential === true);
-    if (!selected?.credential?.accessToken) {
-        return null;
-    }
-    return {
-        providerName: 'openai',
-        apiKey: selected.credential.accessToken,
-        model,
-        source: selected.source,
-        baseUrl: 'https://chatgpt.com/backend-api/codex',
-        apiStyle: 'codex-chatgpt-responses',
-    };
+/** @deprecated Subscription API removed. Returns the preferred model or fallback. */
+function resolveSubscriptionApiModel(preferred, fallback) {
+    const model = (preferred || '').trim() || (fallback || '').trim();
+    return model || undefined;
 }
 //# sourceMappingURL=subscription-runtime.js.map

package/dist/auth/subscription-runtime.js.map

@@ -1 +1 @@
-{"version":3,"file":"subscription-runtime.js","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqDA,wEAIC;AAMD,sFAIC;AAED,kEAuBC;AA4ND,4EAmDC;AAED,0EA6BC;AA1YD,oDAAsC;AACtC,2DAK6B;AAC7B,mDAA+C;AAC/C,qEAIkC;AAyClC,SAAgB,8BAA8B,CAAC,MAA2C;IACxF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7D,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAClE,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,SAAgB,qCAAqC,CACnD,OAA4C;IAE5C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAgB,2BAA2B,CACzC,YAA4B,EAC5B,sBAAsC;IAEtC,MAAM,aAAa,GAAG,CAAC,KAAa,EAAE,EAAE;QACtC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,OAAO,UAAU,KAAK,EAAE;eACnB,UAAU,KAAK,SAAS;eACxB,UAAU,KAAK,aAAa;eAC5B,UAAU,KAAK,WAAW,CAAC;IAClC,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,MAAM,oBAAoB,GAAG,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACnE,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAC5B,UAA+D;IAE/D,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;IAC/G,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,MAAM,EAAE,MAAM,UAAU,EAAwB;QAChD,UAAU,EAAE;YACV,QAAQ,EAAE,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YAC5F,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,YAAY,EAAE,UAAU,CAAC,mBAAmB,IAAI,EAAE;YAClD,SAAS,EAAE,UAAU,CAAC,gBAAgB,IAAI,CAAC;SAC5C;KACF,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,OAA+B,EAAE,QAAgC;IAC9F,IAAI,CAAC,QAAQ,EAAE,WAAW;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,CAAC,OAAO,EAAE,WAAW;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,QAAQ,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;QACjD,OAAO,CAAC,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;eACtD,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;WACtD,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,2BAA2B,CAClC,UAAkC,EAClC,UAA2B,EAC3B,YAA4B;IAE5B,IAAI,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO;IACpC,IAAI,CAAC,6BAA6B,CAAC;QACjC,UAAU;QACV,UAAU,EAAE,UAAU,CAAC,WAAW;QAClC,iBAAiB,EAAE,UAAU,CAAC,YAAY,IAAI,IAAI;QAClD,cAAc,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;QAC5C,YAAY,EAAE,YAAY,IAAI,IAAI;KACnC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,UAAkC,EAClC,cAAsC,EACtC,SAA0D;IAE1D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,uBAAuB,GAAG,cAAc,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;IACnF,MAAM,OAAO,GAAG,IAAA,6BAAS,EAAC,UAAU,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACzC,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAY,EAAC,UAAU,CAAC,CAAC;QACjD,SAAS,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAClC,OAAO,SAAS,CAAC,UAAU,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,0BAA0B,cAAc,gCAAgC,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC;QAC5G,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,0CAA0C,CACvD,cAA8B,EAC9B,eAAwC,EACxC,UAA0B,EAC1B,eAA+B,EAC/B,cAAkC,mBAAmB,EACrD,sBAAsB,GAAG,KAAK;IAE9B,MAAM,UAAU,GAAkC,EAAE,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,aAAa,GAAG,CAAC,SAAyD,EAAE,EAAE;QAClF,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW;YAAE,OAAO;QAChD,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAChF,IAAI,eAAe,KAAK,UAAU,IAAI,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;QACzD,aAAa,CAAC;YACZ,MAAM,EAAE,4BAA4B;YACpC,UAAU,EAAE;gBACV,QAAQ,EAAE,WAAW;gBACrB,WAAW,EAAE,UAAU,CAAC,IAAI,EAAE;gBAC9B,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,CAAC;aACb;SACF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,kBAAkB,EAAE,WAAW,EAAE,CAAC;QACpC,aAAa,CAAC;YACZ,MAAM,EAAE,uBAAuB;YAC/B,UAAU,EAAE;gBACV,QAAQ,EAAE,WAAW;gBACrB,WAAW,EAAE,kBAAkB,CAAC,WAAW;gBAC3C,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,CAAC;aACb;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAC5D,MAAM,cAAc,GAAG,IAAA,yCAAqB,GAAE,CAAC;IAE/C,IAAI,QAAQ,GAAG,WAAW,CAAC;IAE3B,IAAI,eAAe,IAAI,qBAAqB,CAAC,WAAW,EAAE,UAAU,IAAI,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1G,2BAA2B,CAAC,WAAW,EAAE,eAAe,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACrF,QAAQ,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,CAAC,UAAU,EAAE,CAAC;IAChF,CAAC;IAED,IAAI,cAAc,IAAI,qBAAqB,CAAC,QAAQ,EAAE,UAAU,IAAI,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;QAC1F,2BAA2B,CAAC,WAAW,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;QACzE,QAAQ,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,eAAe,EAAE,WAAW,IAAI,qBAAqB,CAAC,QAAQ,EAAE,UAAU,IAAI,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC;QACzG,IAAI,sBAAsB,EAAE,CAAC;YAC3B,2BAA2B,CAAC,WAAW,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;YAC1E,QAAQ,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC;QACvC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAC3C,QAAQ,CAAC,UAAU,EACnB,WAAW,EACX,QAAQ,CAAC,MAAM,KAAK,cAAc,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW;QACnE,CAAC,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,2BAA2B,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC;QACtF,CAAC,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,2BAA2B,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC,CACzF,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,IAAI,sBAAsB,EAAE,CAAC;QAC9D,2BAA2B,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACpE,aAAa,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,aAAa,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IAClE,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,+BAA+B,CAC5C,cAA8B,EAC9B,eAAwC,EACxC,cAAkC,gBAAgB,EAClD,sBAAsB,GAAG,KAAK;IAE9B,MAAM,WAAW,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,cAAc,GAAG,IAAA,wCAAoB,GAAE,CAAC;IAE9C,IAAI,QAAQ,GAAG,WAAW,CAAC;IAE3B,IAAI,eAAe,IAAI,qBAAqB,CAAC,WAAW,EAAE,UAAU,IAAI,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1G,2BAA2B,CAAC,QAAQ,EAAE,eAAe,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAClF,QAAQ,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,CAAC,UAAU,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,cAAc,IAAI,qBAAqB,CAAC,QAAQ,EAAE,UAAU,IAAI,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;QAC1F,2BAA2B,CAAC,QAAQ,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;QACtE,QAAQ,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC;IACjE,CAAC;IAED,IAAI,eAAe,EAAE,WAAW,IAAI,qBAAqB,CAAC,QAAQ,EAAE,UAAU,IAAI,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC;QACzG,IAAI,sBAAsB,EAAE,CAAC;YAC3B,2BAA2B,CAAC,QAAQ,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;YACvE,QAAQ,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAC3C,QAAQ,CAAC,UAAU,EACnB,QAAQ,EACR,QAAQ,CAAC,MAAM,KAAK,WAAW,IAAI,sBAAsB;QACvD,CAAC,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,2BAA2B,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,CAAC;QACnF,CAAC,CAAC,IAAI,CACT,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,IAAI,sBAAsB,EAAE,CAAC;QAC9D,2BAA2B,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACjE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IACxD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC5D,CAAC;AAEM,KAAK,UAAU,gCAAgC,CACpD,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,2BAA2B,CACvC,OAAO,CAAC,cAAc,EACtB,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,EAAE,aAAa;WAClD,IAAI,CAAC,sBAAsB,CAAC,YAAY,CAAC,EAAE,aAAa;WACxD,IAAI,CACV,CAAC;IACF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,UAAU,GAAG,MAAM,0CAA0C,CACjE,KAAK,EACL,OAAO,CAAC,eAAe,EACvB,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,eAAe,EACvB,OAAO,CAAC,WAAW,IAAI,mBAAmB,EAC1C,OAAO,CAAC,sBAAsB,KAAK,IAAI,CACxC,CAAC;IACF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,SAAS,GAAY,IAAI,CAAC;IAC9B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,2DAAkC,EAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC1E,MAAM,QAAQ,GAAG,MAAM,IAAA,yDAAgC,EAAC;gBACtD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW;gBAC5C,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY,IAAI,IAAI;gBACtD,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,IAAI,IAAI;gBAChD,SAAS,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,2BAA2B,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC;aACvF,CAAC,CAAC;YAEH,OAAO;gBACL,YAAY,EAAE,WAAW;gBACzB,MAAM,EAAE,QAAQ,CAAC,KAAK;gBACtB,KAAK;gBACL,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,QAAQ,EAAE,aAAa,CAAC,QAAQ;gBAChC,YAAY,EAAE,aAAa,CAAC,YAAY;aACzC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,8DAA8D,QAAQ,CAAC,MAAM,0CAA2C,GAAW,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC;QACtK,CAAC;IACH,CAAC;IAED,IAAI,SAAS;QAAE,MAAM,SAAS,CAAC;IAC/B,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,+BAA+B,CACnD,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,2BAA2B,CACvC,OAAO,CAAC,cAAc,EACtB,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,EAAE,aAAa;WAC/C,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,EAAE,aAAa;WACvD,IAAI,CACV,CAAC;IACF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,QAAQ,GAAG,MAAM,+BAA+B,CACpD,KAAK,EACL,OAAO,CAAC,eAAe,EACvB,OAAO,CAAC,WAAW,IAAI,gBAAgB,EACvC,OAAO,CAAC,sBAAsB,KAAK,IAAI,CACxC,CAAC;IACF,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,YAAY,EAAE,QAAQ;QACtB,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW;QACvC,KAAK;QACL,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,yBAAyB;KACpC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"subscription-runtime.js","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAmBH,4EAEC;AAGD,0EAEC;AAGD,wEAEC;AAGD,sFAEC;AAGD,kEAGC;AAxBD,uCAAuC;AAChC,KAAK,UAAU,gCAAgC,CAAC,QAAc;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AAChC,KAAK,UAAU,+BAA+B,CAAC,QAAc;IAClE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qEAAqE;AACrE,SAAgB,8BAA8B,CAAC,OAAuB;IACpE,OAAO,wBAAwB,CAAC;AAClC,CAAC;AAED,sEAAsE;AACtE,SAAgB,qCAAqC,CAAC,OAAuB;IAC3E,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,qFAAqF;AACrF,SAAgB,2BAA2B,CAAC,SAAyB,EAAE,QAAwB;IAC7F,MAAM,KAAK,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,OAAO,KAAK,IAAI,SAAS,CAAC;AAC5B,CAAC"}

package/dist/auth/token-refresh.d.ts

@@ -1,15 +1,17 @@
 /**
- * Token Refresh Module — Funolio Agent OAuth System
+ * REMOVED: OAuth token refresh has been removed.
  *
- * For Anthropic tokens: delegates refresh to the Funolio server (cloud mode)
- * to prevent race conditions with single-use refresh tokens.
- * The server is the sole authority for refreshing with Anthropic.
+ * Connection to LLM providers is now exclusively via:
+ *   1. CLI providers (claude-cli, codex-cli) — handle their own auth/refresh
+ *   2. API key (BYOK) — API keys don't expire
  *
- * For OpenAI/Gemini: refreshes directly (their tokens aren't single-use).
+ * The token-refresh module previously handled:
+ *   - Anthropic OAuth token refresh (single-use rotation)
+ *   - OpenAI OAuth token refresh
+ *   - Google/Gemini OAuth token refresh
+ *   - Server-delegated token refresh (cloud mode)
  *
- * Config: `tokenRefreshAuthority` in ~/.funolio/config.json
- *   - "cloud" (default): Server refreshes Anthropic tokens
- *   - "local": Legacy direct refresh (for self-hosted without a server)
+ * CLI providers now handle all token lifecycle internally.
  */
 import { OAuthCredential } from './credential-reader';
 export declare class TokenRefreshError extends Error {
@@ -21,24 +23,13 @@ export interface RefreshResult {
     credential: OAuthCredential;
     written: boolean;
 }
-export declare function refreshOpenAIToken(credential: OAuthCredential): Promise<OAuthCredential>;
-export declare function refreshGeminiToken(credential: OAuthCredential): Promise<OAuthCredential>;
-export declare function writeClaudeCredentials(credential: OAuthCredential): boolean;
-export declare function writeCodexCredentials(credential: OAuthCredential): boolean;
-/**
- * Push a fresh credential to the Funolio server so it can perform
- * server-side refresh later. Fire-and-forget after local refresh.
- */
-export declare function seedServerWithToken(credential: OAuthCredential): Promise<boolean>;
-/**
- * Check if a credential needs refresh (expired or within 5-minute buffer).
- */
-export declare function needsRefresh(credential: OAuthCredential): boolean;
-/**
- * Refresh a single credential. For Anthropic in cloud mode, delegates to the
- * Funolio server. For other providers (or local mode), refreshes directly.
- *
- * After refresh, writes updated tokens back to the source files.
- */
-export declare function refreshToken(credential: OAuthCredential): Promise<RefreshResult>;
+/** @deprecated Always returns false. API keys don't expire. */
+export declare function needsRefresh(_credential: OAuthCredential): boolean;
+/** @deprecated Always throws. Use CLI providers or API keys instead. */
+export declare function refreshToken(_credential: OAuthCredential): Promise<RefreshResult>;
+export declare function refreshOpenAIToken(_credential: OAuthCredential): Promise<OAuthCredential>;
+export declare function refreshGeminiToken(_credential: OAuthCredential): Promise<OAuthCredential>;
+export declare function writeClaudeCredentials(_credential: OAuthCredential): boolean;
+export declare function writeCodexCredentials(_credential: OAuthCredential): boolean;
+export declare function seedServerWithToken(_credential: OAuthCredential): Promise<boolean>;
 //# sourceMappingURL=token-refresh.d.ts.map

package/dist/auth/token-refresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-refresh.d.ts","sourceRoot":"","sources":["../../src/auth/token-refresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EAAE,eAAe,EAAc,MAAM,qBAAqB,CAAC;AAyBlE,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;gBAEnC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;CAMnE;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,OAAO,CAAC;CAClB;AAuMD,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,eAAe,GAC1B,OAAO,CAAC,eAAe,CAAC,CAoC1B;AAED,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,eAAe,GAC1B,OAAO,CAAC,eAAe,CAAC,CAmC1B;AAID,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,eAAe,GAAG,OAAO,CA0C3E;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,eAAe,GAAG,OAAO,CA4C1E;AA6BD;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,UAAU,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CA4BvF;AAID;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,eAAe,GAAG,OAAO,CAEjE;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,UAAU,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,CAAC,CA4DtF"}
+{"version":3,"file":"token-refresh.d.ts","sourceRoot":"","sources":["../../src/auth/token-refresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,eAAe,EAAc,MAAM,qBAAqB,CAAC;AAElE,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;gBAEnC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;CAMnE;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,+DAA+D;AAC/D,wBAAgB,YAAY,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAElE;AAED,wEAAwE;AACxE,wBAAsB,YAAY,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,CAAC,CAKvF;AAGD,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAE/F;AAED,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAE/F;AAED,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAkB;AAC/F,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAkB;AAC9F,wBAAsB,mBAAmB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAAkB"}