funolio-agent 1.0.4 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/anthropic-subscription.d.ts +29 -9
- package/dist/auth/anthropic-subscription.d.ts.map +1 -1
- package/dist/auth/anthropic-subscription.js +133 -12
- package/dist/auth/anthropic-subscription.js.map +1 -1
- package/dist/auth/auto-detect.d.ts +6 -28
- package/dist/auth/auto-detect.d.ts.map +1 -1
- package/dist/auth/auto-detect.js +200 -57
- package/dist/auth/auto-detect.js.map +1 -1
- package/dist/auth/credential-reader.d.ts +4 -24
- package/dist/auth/credential-reader.d.ts.map +1 -1
- package/dist/auth/credential-reader.js +256 -31
- package/dist/auth/credential-reader.js.map +1 -1
- package/dist/auth/credential-status.d.ts +27 -7
- package/dist/auth/credential-status.d.ts.map +1 -1
- package/dist/auth/credential-status.js +95 -7
- package/dist/auth/credential-status.js.map +1 -1
- package/dist/auth/index.d.ts +2 -9
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +10 -10
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/subscription-runtime.d.ts +23 -19
- package/dist/auth/subscription-runtime.d.ts.map +1 -1
- package/dist/auth/subscription-runtime.js +292 -24
- package/dist/auth/subscription-runtime.js.map +1 -1
- package/dist/auth/token-refresh.d.ts +28 -19
- package/dist/auth/token-refresh.d.ts.map +1 -1
- package/dist/auth/token-refresh.js +464 -26
- package/dist/auth/token-refresh.js.map +1 -1
- package/dist/bot-manager.d.ts +6 -6
- package/dist/bot-manager.d.ts.map +1 -1
- package/dist/bot-manager.js +61 -26
- package/dist/bot-manager.js.map +1 -1
- package/dist/commands/start.d.ts.map +1 -1
- package/dist/commands/start.js +223 -49
- package/dist/commands/start.js.map +1 -1
- package/dist/message-loop.d.ts +10 -2
- package/dist/message-loop.d.ts.map +1 -1
- package/dist/message-loop.js +249 -184
- package/dist/message-loop.js.map +1 -1
- package/dist/providers/anthropic.d.ts +5 -0
- package/dist/providers/anthropic.d.ts.map +1 -1
- package/dist/providers/anthropic.js +48 -13
- package/dist/providers/anthropic.js.map +1 -1
- package/dist/providers/index.d.ts +2 -2
- package/dist/providers/index.d.ts.map +1 -1
- package/dist/wizard-support.d.ts +2 -2
- package/dist/wizard-support.d.ts.map +1 -1
- package/dist/wizard-support.js +93 -80
- package/dist/wizard-support.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-reader.d.ts","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"credential-reader.d.ts","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,eAAe,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC/C;AAyBD,yEAAyE;AACzE,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAyCD,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CAwC9D;AAED,wBAAgB,oBAAoB,IAAI,eAAe,GAAG,IAAI,CA+C7D;AAED,wBAAgB,qBAAqB,IAAI,eAAe,GAAG,IAAI,CA2D9D;AAID,wBAAgB,iBAAiB,IAAI,yBAAyB,CA0B7D;AAMD,wBAAgB,SAAS,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAIxD"}
|
|
@@ -1,46 +1,271 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
17
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.
|
|
36
|
+
exports.clearCache = clearCache;
|
|
19
37
|
exports.readClaudeCredentials = readClaudeCredentials;
|
|
20
38
|
exports.readCodexCredentials = readCodexCredentials;
|
|
21
39
|
exports.readGeminiCredentials = readGeminiCredentials;
|
|
22
|
-
exports.
|
|
40
|
+
exports.detectCredentials = detectCredentials;
|
|
23
41
|
exports.isExpired = isExpired;
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
42
|
+
const fs = __importStar(require("fs"));
|
|
43
|
+
const path = __importStar(require("path"));
|
|
44
|
+
const os = __importStar(require("os"));
|
|
45
|
+
const child_process_1 = require("child_process");
|
|
46
|
+
const crypto = __importStar(require("crypto"));
|
|
47
|
+
// ── Cache ───────────────────────────────────────────────────────────────────
|
|
48
|
+
const CACHE_TTL_MS = 60_000; // 1 minute
|
|
49
|
+
const cache = new Map();
|
|
50
|
+
function getCached(key) {
|
|
51
|
+
const entry = cache.get(key);
|
|
52
|
+
if (entry && Date.now() - entry.timestamp < CACHE_TTL_MS) {
|
|
53
|
+
return entry.credential;
|
|
54
|
+
}
|
|
55
|
+
return undefined; // cache miss
|
|
56
|
+
}
|
|
57
|
+
function setCache(key, credential) {
|
|
58
|
+
cache.set(key, { credential, timestamp: Date.now() });
|
|
59
|
+
}
|
|
60
|
+
/** Clear the credential cache (useful for testing or forced refresh). */
|
|
61
|
+
function clearCache() {
|
|
62
|
+
cache.clear();
|
|
27
63
|
}
|
|
28
|
-
|
|
64
|
+
// ── Helpers ─────────────────────────────────────────────────────────────────
|
|
65
|
+
function readJsonFile(filePath) {
|
|
66
|
+
try {
|
|
67
|
+
const content = fs.readFileSync(filePath, 'utf-8');
|
|
68
|
+
return JSON.parse(content);
|
|
69
|
+
}
|
|
70
|
+
catch {
|
|
71
|
+
return null;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
function fileMtime(filePath) {
|
|
75
|
+
try {
|
|
76
|
+
return fs.statSync(filePath).mtimeMs;
|
|
77
|
+
}
|
|
78
|
+
catch {
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
function readMacKeychain(service, account) {
|
|
83
|
+
if (process.platform !== 'darwin')
|
|
84
|
+
return null;
|
|
85
|
+
try {
|
|
86
|
+
const result = (0, child_process_1.execSync)(`security find-generic-password -s ${JSON.stringify(service)} -a ${JSON.stringify(account)} -w`, { encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] }).trim();
|
|
87
|
+
return result || null;
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
return null;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
function logDetected(provider, expiresAt) {
|
|
94
|
+
const expiry = new Date(expiresAt).toISOString();
|
|
95
|
+
console.log(`[credential-reader] Detected ${provider} credentials (expires: ${expiry})`);
|
|
96
|
+
}
|
|
97
|
+
// ── Readers ─────────────────────────────────────────────────────────────────
|
|
29
98
|
function readClaudeCredentials() {
|
|
30
|
-
|
|
99
|
+
const cached = getCached('anthropic');
|
|
100
|
+
if (cached !== undefined)
|
|
101
|
+
return cached;
|
|
102
|
+
let result = null;
|
|
103
|
+
try {
|
|
104
|
+
const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
|
|
105
|
+
let data = readJsonFile(credPath);
|
|
106
|
+
// macOS Keychain fallback
|
|
107
|
+
if (!data) {
|
|
108
|
+
const keychainJson = readMacKeychain('Claude Code-credentials', 'Claude Code');
|
|
109
|
+
if (keychainJson) {
|
|
110
|
+
try {
|
|
111
|
+
data = JSON.parse(keychainJson);
|
|
112
|
+
}
|
|
113
|
+
catch { /* ignore */ }
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
if (data) {
|
|
117
|
+
const oauth = data.claudeAiOauth;
|
|
118
|
+
if (oauth?.accessToken && oauth?.refreshToken) {
|
|
119
|
+
result = {
|
|
120
|
+
provider: 'anthropic',
|
|
121
|
+
accessToken: String(oauth.accessToken),
|
|
122
|
+
refreshToken: String(oauth.refreshToken),
|
|
123
|
+
expiresAt: typeof oauth.expiresAt === 'number'
|
|
124
|
+
? oauth.expiresAt
|
|
125
|
+
: typeof oauth.expiresAt === 'string'
|
|
126
|
+
? new Date(oauth.expiresAt).getTime()
|
|
127
|
+
: Date.now() + 3600_000,
|
|
128
|
+
};
|
|
129
|
+
logDetected('anthropic', result.expiresAt);
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
catch {
|
|
134
|
+
// graceful failure
|
|
135
|
+
}
|
|
136
|
+
setCache('anthropic', result);
|
|
137
|
+
return result;
|
|
31
138
|
}
|
|
32
|
-
/** @deprecated Always returns null. */
|
|
33
139
|
function readCodexCredentials() {
|
|
34
|
-
|
|
140
|
+
const cached = getCached('openai');
|
|
141
|
+
if (cached !== undefined)
|
|
142
|
+
return cached;
|
|
143
|
+
let result = null;
|
|
144
|
+
try {
|
|
145
|
+
const codexHome = process.env.CODEX_HOME || path.join(os.homedir(), '.codex');
|
|
146
|
+
const authPath = path.join(codexHome, 'auth.json');
|
|
147
|
+
let data = readJsonFile(authPath);
|
|
148
|
+
// macOS Keychain fallback
|
|
149
|
+
if (!data) {
|
|
150
|
+
const account = crypto.createHash('sha256').update(codexHome).digest('hex').slice(0, 16);
|
|
151
|
+
const keychainJson = readMacKeychain('Codex Auth', account);
|
|
152
|
+
if (keychainJson) {
|
|
153
|
+
try {
|
|
154
|
+
data = JSON.parse(keychainJson);
|
|
155
|
+
}
|
|
156
|
+
catch { /* ignore */ }
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
if (data) {
|
|
160
|
+
const tokens = data.tokens;
|
|
161
|
+
if (tokens?.access_token && tokens?.refresh_token) {
|
|
162
|
+
const expiresAtRaw = tokens.expires_at ?? tokens.expiresAt;
|
|
163
|
+
const expiresAt = typeof expiresAtRaw === 'number'
|
|
164
|
+
? expiresAtRaw
|
|
165
|
+
: typeof expiresAtRaw === 'string'
|
|
166
|
+
? new Date(expiresAtRaw).getTime()
|
|
167
|
+
: Date.now() + 30 * 24 * 3600_000;
|
|
168
|
+
result = {
|
|
169
|
+
provider: 'openai',
|
|
170
|
+
accessToken: String(tokens.access_token),
|
|
171
|
+
refreshToken: String(tokens.refresh_token),
|
|
172
|
+
expiresAt,
|
|
173
|
+
...(tokens.account_id ? { accountId: String(tokens.account_id) } : {}),
|
|
174
|
+
...(tokens.id_token ? { idToken: String(tokens.id_token) } : {}),
|
|
175
|
+
};
|
|
176
|
+
logDetected('openai', result.expiresAt);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
catch {
|
|
181
|
+
// graceful failure
|
|
182
|
+
}
|
|
183
|
+
setCache('openai', result);
|
|
184
|
+
return result;
|
|
35
185
|
}
|
|
36
|
-
/** @deprecated Always returns null. */
|
|
37
186
|
function readGeminiCredentials() {
|
|
38
|
-
|
|
187
|
+
const cached = getCached('google-gemini');
|
|
188
|
+
if (cached !== undefined)
|
|
189
|
+
return cached;
|
|
190
|
+
let result = null;
|
|
191
|
+
try {
|
|
192
|
+
const adcPath = path.join(os.homedir(), '.config', 'gcloud', 'application_default_credentials.json');
|
|
193
|
+
const data = readJsonFile(adcPath);
|
|
194
|
+
if (data) {
|
|
195
|
+
// ADC files typically have client_id, client_secret, refresh_token, type
|
|
196
|
+
// access_token may not be present (needs refresh); we store refresh_token
|
|
197
|
+
const refreshToken = data.refresh_token;
|
|
198
|
+
// Some ADC files don't have access_token — it's obtained via refresh
|
|
199
|
+
const accessToken = data.access_token || '';
|
|
200
|
+
if (refreshToken) {
|
|
201
|
+
// Try to get project ID from gcloud config
|
|
202
|
+
let projectId;
|
|
203
|
+
try {
|
|
204
|
+
const configPath = path.join(os.homedir(), '.config', 'gcloud', 'properties');
|
|
205
|
+
const props = fs.readFileSync(configPath, 'utf-8');
|
|
206
|
+
const match = props.match(/project\s*=\s*(.+)/);
|
|
207
|
+
if (match)
|
|
208
|
+
projectId = match[1].trim();
|
|
209
|
+
}
|
|
210
|
+
catch { /* ignore */ }
|
|
211
|
+
if (!projectId) {
|
|
212
|
+
try {
|
|
213
|
+
projectId = (0, child_process_1.execSync)('gcloud config get-value project 2>/dev/null', {
|
|
214
|
+
encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
|
|
215
|
+
}).trim() || undefined;
|
|
216
|
+
}
|
|
217
|
+
catch { /* ignore */ }
|
|
218
|
+
}
|
|
219
|
+
// ADC files don't have expiry — token needs refresh, set short expiry
|
|
220
|
+
const mtime = fileMtime(adcPath);
|
|
221
|
+
const expiresAt = mtime ? mtime + 3600_000 : Date.now() + 3600_000;
|
|
222
|
+
result = {
|
|
223
|
+
provider: 'google-gemini',
|
|
224
|
+
accessToken: accessToken,
|
|
225
|
+
refreshToken,
|
|
226
|
+
expiresAt,
|
|
227
|
+
...(projectId ? { projectId } : {}),
|
|
228
|
+
};
|
|
229
|
+
logDetected('google-gemini', result.expiresAt);
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
catch {
|
|
234
|
+
// graceful failure
|
|
235
|
+
}
|
|
236
|
+
setCache('google-gemini', result);
|
|
237
|
+
return result;
|
|
238
|
+
}
|
|
239
|
+
// ── Main Detection ──────────────────────────────────────────────────────────
|
|
240
|
+
function detectCredentials() {
|
|
241
|
+
const credentials = [];
|
|
242
|
+
const errors = [];
|
|
243
|
+
const readers = [
|
|
244
|
+
{ provider: 'anthropic', fn: readClaudeCredentials },
|
|
245
|
+
{ provider: 'openai', fn: readCodexCredentials },
|
|
246
|
+
{ provider: 'google-gemini', fn: readGeminiCredentials },
|
|
247
|
+
];
|
|
248
|
+
for (const { provider, fn } of readers) {
|
|
249
|
+
try {
|
|
250
|
+
const cred = fn();
|
|
251
|
+
if (cred)
|
|
252
|
+
credentials.push(cred);
|
|
253
|
+
}
|
|
254
|
+
catch (err) {
|
|
255
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
256
|
+
errors.push({ provider, error: message });
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
console.log(`[credential-reader] Detection complete: ${credentials.length} provider(s) found` +
|
|
260
|
+
(errors.length ? `, ${errors.length} error(s)` : ''));
|
|
261
|
+
return { credentials, errors };
|
|
39
262
|
}
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
263
|
+
// ── Expiry Check ────────────────────────────────────────────────────────────
|
|
264
|
+
const EXPIRY_BUFFER_MS = 5 * 60_000; // 5 minutes
|
|
265
|
+
function isExpired(cred) {
|
|
266
|
+
// Setup-tokens and tokens without expiry info have expiresAt=0 — treat as not expired
|
|
267
|
+
if (!cred.expiresAt)
|
|
268
|
+
return false;
|
|
269
|
+
return Date.now() >= cred.expiresAt - EXPIRY_BUFFER_MS;
|
|
45
270
|
}
|
|
46
271
|
//# sourceMappingURL=credential-reader.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-reader.js","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"credential-reader.js","sourceRoot":"","sources":["../../src/auth/credential-reader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CA,gCAEC;AAyCD,sDAwCC;AAED,oDA+CC;AAED,sDA2DC;AAID,8CA0BC;AAMD,8BAIC;AAxRD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,iDAAyC;AACzC,+CAAiC;AAmBjC,+EAA+E;AAE/E,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,WAAW;AAOxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;AAE5C,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,GAAG,YAAY,EAAE,CAAC;QACzD,OAAO,KAAK,CAAC,UAAU,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC,CAAC,aAAa;AACjC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,UAAkC;IAC/D,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,yEAAyE;AACzE,SAAgB,UAAU;IACxB,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,OAAe;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EACrB,qCAAqC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAC/F,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACtE,CAAC,IAAI,EAAE,CAAC;QACT,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,SAAiB;IACtD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,gCAAgC,QAAQ,0BAA0B,MAAM,GAAG,CAAC,CAAC;AAC3F,CAAC;AAED,+EAA+E;AAE/E,SAAgB,qBAAqB;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACtC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACzE,IAAI,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAmC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,YAAY,GAAG,eAAe,CAAC,yBAAyB,EAAE,aAAa,CAAC,CAAC;YAC/E,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAA4B,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,KAAK,GAAG,IAAI,CAAC,aAAoD,CAAC;YACxE,IAAI,KAAK,EAAE,WAAW,IAAI,KAAK,EAAE,YAAY,EAAE,CAAC;gBAC9C,MAAM,GAAG;oBACP,QAAQ,EAAE,WAAW;oBACrB,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC;oBACtC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;oBACxC,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;wBAC5C,CAAC,CAAC,KAAK,CAAC,SAAS;wBACjB,CAAC,CAAC,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;4BACnC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;4BACrC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;iBAC5B,CAAC;gBACF,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,oBAAoB;IAClC,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,IAAI,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAmC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzF,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAA4B,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6C,CAAC;YAClE,IAAI,MAAM,EAAE,YAAY,IAAI,MAAM,EAAE,aAAa,EAAE,CAAC;gBAClD,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,CAAC;gBAC3D,MAAM,SAAS,GAAG,OAAO,YAAY,KAAK,QAAQ;oBAChD,CAAC,CAAC,YAAY;oBACd,CAAC,CAAC,OAAO,YAAY,KAAK,QAAQ;wBAChC,CAAC,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;wBAClC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC;gBAEtC,MAAM,GAAG;oBACP,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC;oBACxC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;oBAC1C,SAAS;oBACT,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACtE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACjE,CAAC;gBACF,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,qBAAqB;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,MAAM,GAA2B,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CACvB,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,sCAAsC,CAC1E,CAAC;QACF,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAmC,CAAC;QAErE,IAAI,IAAI,EAAE,CAAC;YACT,yEAAyE;YACzE,0EAA0E;YAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,aAAmC,CAAC;YAC9D,qEAAqE;YACrE,MAAM,WAAW,GAAI,IAAI,CAAC,YAAmC,IAAI,EAAE,CAAC;YAEpE,IAAI,YAAY,EAAE,CAAC;gBACjB,2CAA2C;gBAC3C,IAAI,SAA6B,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,CAChD,CAAC;oBACF,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;oBACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;oBAChD,IAAI,KAAK;wBAAE,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACzC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAExB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,IAAI,CAAC;wBACH,SAAS,GAAG,IAAA,wBAAQ,EAAC,6CAA6C,EAAE;4BAClE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;yBAClE,CAAC,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;oBACzB,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC1B,CAAC;gBAED,sEAAsE;gBACtE,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;gBAEnE,MAAM,GAAG;oBACP,QAAQ,EAAE,eAAe;oBACzB,WAAW,EAAE,WAAW;oBACxB,YAAY;oBACZ,SAAS;oBACT,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACpC,CAAC;gBACF,WAAW,CAAC,eAAe,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAgB,iBAAiB;IAC/B,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAA0C,EAAE,CAAC;IAEzD,MAAM,OAAO,GAAkE;QAC7E,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,qBAAqB,EAAE;QACpD,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,oBAAoB,EAAE;QAChD,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,EAAE,qBAAqB,EAAE;KACzD,CAAC;IAEF,KAAK,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,OAAO,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,EAAE,CAAC;YAClB,IAAI,IAAI;gBAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CACT,2CAA2C,WAAW,CAAC,MAAM,oBAAoB;QACjF,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CACrD,CAAC;IAEF,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,YAAY;AAEjD,SAAgB,SAAS,CAAC,IAAqB;IAC7C,sFAAsF;IACtF,IAAI,CAAC,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAClC,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC;AACzD,CAAC"}
|
|
@@ -1,15 +1,35 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Anthropic Auth Reliability — Credential status types and probe helpers.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* Implements the 3-state capability model from anthropic-auth-reliability-v3 spec:
|
|
5
|
+
* healthy — exchange probe passed, bot can run
|
|
6
|
+
* unknown — never probed or stale, trigger probe before use
|
|
7
|
+
* invalid — exchange probe failed, fail closed
|
|
7
8
|
*/
|
|
8
9
|
export type CapabilityStatus = 'healthy' | 'unknown' | 'invalid';
|
|
10
|
+
export type CredentialSource = 'web-oauth' | 'server-local' | 'apikey';
|
|
11
|
+
/** Typed error codes from the spec */
|
|
12
|
+
export type CapabilityErrorCode = 'SCOPE_MISSING_ORG_CREATE_API_KEY' | 'EXCHANGE_TOKEN_INVALID' | 'EXCHANGE_PERMISSION_DENIED' | 'EXCHANGE_NETWORK_ERROR' | 'OAUTH_REFRESH_INVALID_GRANT' | 'CREDENTIAL_SOURCE_UNAVAILABLE' | 'BEARER_UNSUPPORTED';
|
|
9
13
|
export interface BotCredentialInfo {
|
|
14
|
+
credentialSource?: CredentialSource;
|
|
10
15
|
capabilityStatus?: CapabilityStatus;
|
|
11
|
-
capabilityErrorCode?:
|
|
16
|
+
capabilityErrorCode?: CapabilityErrorCode | null;
|
|
17
|
+
capabilityErrorDetail?: string | null;
|
|
18
|
+
capabilityCheckedAt?: number | null;
|
|
12
19
|
}
|
|
13
|
-
|
|
14
|
-
export declare function shouldReprobe(
|
|
20
|
+
export declare function isProbeStale(checkedAt: number | null | undefined): boolean;
|
|
21
|
+
export declare function shouldReprobe(info: BotCredentialInfo): boolean;
|
|
22
|
+
/**
|
|
23
|
+
* Run probe against the server for a given credential.
|
|
24
|
+
* Returns updated capability info.
|
|
25
|
+
*/
|
|
26
|
+
export declare function runProbe(serverBaseUrl: string, authToken: string, keyId?: string): Promise<BotCredentialInfo>;
|
|
27
|
+
/**
|
|
28
|
+
* Map an HTTP status code from an Anthropic API auth error to a typed error code.
|
|
29
|
+
*/
|
|
30
|
+
export declare function authErrorToCode(statusCode: number): CapabilityErrorCode;
|
|
31
|
+
/**
|
|
32
|
+
* Get human-readable remediation message for an error code.
|
|
33
|
+
*/
|
|
34
|
+
export declare function getRemediation(code: CapabilityErrorCode): string;
|
|
15
35
|
//# sourceMappingURL=credential-status.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-status.d.ts","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"credential-status.d.ts","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AACjE,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,cAAc,GAAG,QAAQ,CAAC;AAEvE,sCAAsC;AACtC,MAAM,MAAM,mBAAmB,GAC3B,kCAAkC,GAClC,wBAAwB,GACxB,4BAA4B,GAC5B,wBAAwB,GACxB,6BAA6B,GAC7B,+BAA+B,GAC/B,oBAAoB,CAAC;AAEzB,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACjD,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACrC;AAKD,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAG1E;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAG9D;AAED;;;GAGG;AACH,wBAAsB,QAAQ,CAC5B,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC,CA4C5B;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,CAMvE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,mBAAmB,GAAG,MAAM,CAmBhE"}
|
|
@@ -1,15 +1,103 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* Anthropic Auth Reliability — Credential status types and probe helpers.
|
|
4
4
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
5
|
+
* Implements the 3-state capability model from anthropic-auth-reliability-v3 spec:
|
|
6
|
+
* healthy — exchange probe passed, bot can run
|
|
7
|
+
* unknown — never probed or stale, trigger probe before use
|
|
8
|
+
* invalid — exchange probe failed, fail closed
|
|
8
9
|
*/
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.isProbeStale = isProbeStale;
|
|
10
12
|
exports.shouldReprobe = shouldReprobe;
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
13
|
+
exports.runProbe = runProbe;
|
|
14
|
+
exports.authErrorToCode = authErrorToCode;
|
|
15
|
+
exports.getRemediation = getRemediation;
|
|
16
|
+
/** Probe staleness threshold — 1 hour */
|
|
17
|
+
const PROBE_STALE_MS = 60 * 60 * 1000;
|
|
18
|
+
function isProbeStale(checkedAt) {
|
|
19
|
+
if (!checkedAt)
|
|
20
|
+
return true;
|
|
21
|
+
return Date.now() - checkedAt > PROBE_STALE_MS;
|
|
22
|
+
}
|
|
23
|
+
function shouldReprobe(info) {
|
|
24
|
+
if (!info.capabilityStatus || info.capabilityStatus !== 'healthy')
|
|
25
|
+
return true;
|
|
26
|
+
return isProbeStale(info.capabilityCheckedAt);
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Run probe against the server for a given credential.
|
|
30
|
+
* Returns updated capability info.
|
|
31
|
+
*/
|
|
32
|
+
async function runProbe(serverBaseUrl, authToken, keyId) {
|
|
33
|
+
try {
|
|
34
|
+
const res = await fetch(`${serverBaseUrl}/api/v1/auth/anthropic/probe`, {
|
|
35
|
+
method: 'POST',
|
|
36
|
+
headers: {
|
|
37
|
+
Authorization: `Bearer ${authToken}`,
|
|
38
|
+
'Content-Type': 'application/json',
|
|
39
|
+
},
|
|
40
|
+
body: JSON.stringify({ keyId }),
|
|
41
|
+
});
|
|
42
|
+
if (!res.ok) {
|
|
43
|
+
const body = await res.text().catch(() => '');
|
|
44
|
+
console.warn(`[credential-status] Probe request failed (${res.status}): ${body}`);
|
|
45
|
+
return {
|
|
46
|
+
capabilityStatus: 'unknown',
|
|
47
|
+
capabilityErrorCode: 'EXCHANGE_NETWORK_ERROR',
|
|
48
|
+
capabilityErrorDetail: `Probe HTTP ${res.status}`,
|
|
49
|
+
capabilityCheckedAt: Date.now(),
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
const data = await res.json();
|
|
53
|
+
return {
|
|
54
|
+
capabilityStatus: data.capabilityStatus || 'unknown',
|
|
55
|
+
capabilityErrorCode: data.capabilityErrorCode || null,
|
|
56
|
+
capabilityErrorDetail: data.capabilityErrorDetail || null,
|
|
57
|
+
capabilityCheckedAt: data.capabilityCheckedAt || Date.now(),
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
catch (err) {
|
|
61
|
+
console.warn(`[credential-status] Probe network error: ${err?.message}`);
|
|
62
|
+
return {
|
|
63
|
+
capabilityStatus: 'unknown',
|
|
64
|
+
capabilityErrorCode: 'EXCHANGE_NETWORK_ERROR',
|
|
65
|
+
capabilityErrorDetail: err?.message || 'Network error',
|
|
66
|
+
capabilityCheckedAt: Date.now(),
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Map an HTTP status code from an Anthropic API auth error to a typed error code.
|
|
72
|
+
*/
|
|
73
|
+
function authErrorToCode(statusCode) {
|
|
74
|
+
switch (statusCode) {
|
|
75
|
+
case 401: return 'EXCHANGE_TOKEN_INVALID';
|
|
76
|
+
case 403: return 'EXCHANGE_PERMISSION_DENIED';
|
|
77
|
+
default: return 'EXCHANGE_NETWORK_ERROR';
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Get human-readable remediation message for an error code.
|
|
82
|
+
*/
|
|
83
|
+
function getRemediation(code) {
|
|
84
|
+
switch (code) {
|
|
85
|
+
case 'SCOPE_MISSING_ORG_CREATE_API_KEY':
|
|
86
|
+
return 'Re-authorize your Anthropic connection in Settings to grant the required scope.';
|
|
87
|
+
case 'EXCHANGE_TOKEN_INVALID':
|
|
88
|
+
return 'Your Anthropic token was rejected. Re-authorize or check your account.';
|
|
89
|
+
case 'EXCHANGE_PERMISSION_DENIED':
|
|
90
|
+
return 'Your Anthropic token lacks required permissions. Re-authorize with correct permissions.';
|
|
91
|
+
case 'EXCHANGE_NETWORK_ERROR':
|
|
92
|
+
return 'Network error during credential verification. Retry or check connectivity.';
|
|
93
|
+
case 'OAUTH_REFRESH_INVALID_GRANT':
|
|
94
|
+
return 'Your refresh token was rejected. Re-authorize from scratch.';
|
|
95
|
+
case 'CREDENTIAL_SOURCE_UNAVAILABLE':
|
|
96
|
+
return 'Selected credential source is missing or unreachable. Check server agent or re-connect.';
|
|
97
|
+
case 'BEARER_UNSUPPORTED':
|
|
98
|
+
return 'Direct bearer auth rejected by Anthropic. Use the exchange path instead.';
|
|
99
|
+
default:
|
|
100
|
+
return 'Unknown credential error. Check Settings.';
|
|
101
|
+
}
|
|
14
102
|
}
|
|
15
103
|
//# sourceMappingURL=credential-status.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-status.js","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"credential-status.js","sourceRoot":"","sources":["../../src/auth/credential-status.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA0BH,oCAGC;AAED,sCAGC;AAMD,4BAgDC;AAKD,0CAMC;AAKD,wCAmBC;AApGD,yCAAyC;AACzC,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,SAAgB,YAAY,CAAC,SAAoC;IAC/D,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,cAAc,CAAC;AACjD,CAAC;AAED,SAAgB,aAAa,CAAC,IAAuB;IACnD,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/E,OAAO,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,QAAQ,CAC5B,aAAqB,EACrB,SAAiB,EACjB,KAAc;IAEd,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,aAAa,8BAA8B,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,SAAS,EAAE;gBACpC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,6CAA6C,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;YAClF,OAAO;gBACL,gBAAgB,EAAE,SAAS;gBAC3B,mBAAmB,EAAE,wBAAwB;gBAC7C,qBAAqB,EAAE,cAAc,GAAG,CAAC,MAAM,EAAE;gBACjD,mBAAmB,EAAE,IAAI,CAAC,GAAG,EAAE;aAChC,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAK1B,CAAC;QAEF,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,SAAS;YACpD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;YACrD,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,IAAI,IAAI;YACzD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,GAAG,EAAE;SAC5D,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,4CAA4C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,OAAO;YACL,gBAAgB,EAAE,SAAS;YAC3B,mBAAmB,EAAE,wBAAwB;YAC7C,qBAAqB,EAAE,GAAG,EAAE,OAAO,IAAI,eAAe;YACtD,mBAAmB,EAAE,IAAI,CAAC,GAAG,EAAE;SAChC,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,UAAkB;IAChD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,GAAG,CAAC,CAAC,OAAO,wBAAwB,CAAC;QAC1C,KAAK,GAAG,CAAC,CAAC,OAAO,4BAA4B,CAAC;QAC9C,OAAO,CAAC,CAAC,OAAO,wBAAwB,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,IAAyB;IACtD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,kCAAkC;YACrC,OAAO,iFAAiF,CAAC;QAC3F,KAAK,wBAAwB;YAC3B,OAAO,wEAAwE,CAAC;QAClF,KAAK,4BAA4B;YAC/B,OAAO,yFAAyF,CAAC;QACnG,KAAK,wBAAwB;YAC3B,OAAO,4EAA4E,CAAC;QACtF,KAAK,6BAA6B;YAChC,OAAO,6DAA6D,CAAC;QACvE,KAAK,+BAA+B;YAClC,OAAO,yFAAyF,CAAC;QACnG,KAAK,oBAAoB;YACvB,OAAO,0EAA0E,CAAC;QACpF;YACE,OAAO,2CAA2C,CAAC;IACvD,CAAC;AACH,CAAC"}
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -1,11 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
* Supported auth methods:
|
|
5
|
-
* 1. CLI providers (claude-cli, codex-cli) — handle their own auth
|
|
6
|
-
* 2. API key (BYOK) — explicit key or environment variable
|
|
7
|
-
*
|
|
8
|
-
* Subscription API / OAuth credential resolution has been removed.
|
|
9
|
-
*/
|
|
1
|
+
export { OAuthCredential, CredentialDetectionResult, detectCredentials, readClaudeCredentials, readCodexCredentials, readGeminiCredentials, isExpired, clearCache, } from './credential-reader';
|
|
2
|
+
export { refreshToken, RefreshResult } from './token-refresh';
|
|
10
3
|
export { ResolvedAuth, resolveAuth, ensureFreshToken, } from './auto-detect';
|
|
11
4
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/auth/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,iBAAiB,EACjB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,SAAS,EACT,UAAU,GACX,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE9D,OAAO,EACL,YAAY,EACZ,WAAW,EACX,gBAAgB,GACjB,MAAM,eAAe,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Auth Module — Funolio Agent
|
|
4
|
-
*
|
|
5
|
-
* Supported auth methods:
|
|
6
|
-
* 1. CLI providers (claude-cli, codex-cli) — handle their own auth
|
|
7
|
-
* 2. API key (BYOK) — explicit key or environment variable
|
|
8
|
-
*
|
|
9
|
-
* Subscription API / OAuth credential resolution has been removed.
|
|
10
|
-
*/
|
|
11
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.ensureFreshToken = exports.resolveAuth = void 0;
|
|
3
|
+
exports.ensureFreshToken = exports.resolveAuth = exports.refreshToken = exports.clearCache = exports.isExpired = exports.readGeminiCredentials = exports.readCodexCredentials = exports.readClaudeCredentials = exports.detectCredentials = void 0;
|
|
4
|
+
var credential_reader_1 = require("./credential-reader");
|
|
5
|
+
Object.defineProperty(exports, "detectCredentials", { enumerable: true, get: function () { return credential_reader_1.detectCredentials; } });
|
|
6
|
+
Object.defineProperty(exports, "readClaudeCredentials", { enumerable: true, get: function () { return credential_reader_1.readClaudeCredentials; } });
|
|
7
|
+
Object.defineProperty(exports, "readCodexCredentials", { enumerable: true, get: function () { return credential_reader_1.readCodexCredentials; } });
|
|
8
|
+
Object.defineProperty(exports, "readGeminiCredentials", { enumerable: true, get: function () { return credential_reader_1.readGeminiCredentials; } });
|
|
9
|
+
Object.defineProperty(exports, "isExpired", { enumerable: true, get: function () { return credential_reader_1.isExpired; } });
|
|
10
|
+
Object.defineProperty(exports, "clearCache", { enumerable: true, get: function () { return credential_reader_1.clearCache; } });
|
|
11
|
+
var token_refresh_1 = require("./token-refresh");
|
|
12
|
+
Object.defineProperty(exports, "refreshToken", { enumerable: true, get: function () { return token_refresh_1.refreshToken; } });
|
|
13
13
|
var auto_detect_1 = require("./auto-detect");
|
|
14
14
|
Object.defineProperty(exports, "resolveAuth", { enumerable: true, get: function () { return auto_detect_1.resolveAuth; } });
|
|
15
15
|
Object.defineProperty(exports, "ensureFreshToken", { enumerable: true, get: function () { return auto_detect_1.ensureFreshToken; } });
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,yDAS6B;AAN3B,sHAAA,iBAAiB,OAAA;AACjB,0HAAA,qBAAqB,OAAA;AACrB,yHAAA,oBAAoB,OAAA;AACpB,0HAAA,qBAAqB,OAAA;AACrB,8GAAA,SAAS,OAAA;AACT,+GAAA,UAAU,OAAA;AAGZ,iDAA8D;AAArD,6GAAA,YAAY,OAAA;AAErB,6CAIuB;AAFrB,0GAAA,WAAW,OAAA;AACX,+GAAA,gBAAgB,OAAA"}
|
|
@@ -1,30 +1,34 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
* Connection to LLM providers is now exclusively via:
|
|
5
|
-
* 1. CLI providers (claude-cli, codex-cli) — spawns the CLI binary
|
|
6
|
-
* 2. API key (BYOK) — standard x-api-key authentication
|
|
7
|
-
*/
|
|
1
|
+
import { type OAuthCredential } from './credential-reader';
|
|
2
|
+
import { type AnthropicAuthMode } from './anthropic-subscription';
|
|
8
3
|
export type SubscriptionRuntimeProvider = 'anthropic' | 'openai';
|
|
4
|
+
export type SubscriptionSource = 'db:anthropic:openclaw' | 'db:anthropic' | 'db:claude-cli' | 'claude-credentials' | 'db:openai' | 'db:codex-cli' | 'codex-credentials' | 'request:anthropic:openclaw' | 'request:anthropic' | 'request:openai';
|
|
9
5
|
export interface ResolvedSubscriptionRuntime {
|
|
10
6
|
providerName: SubscriptionRuntimeProvider;
|
|
11
7
|
apiKey: string;
|
|
12
8
|
model: string;
|
|
13
|
-
source: string;
|
|
9
|
+
source: SubscriptionSource | string;
|
|
10
|
+
authMode?: AnthropicAuthMode;
|
|
14
11
|
baseUrl?: string;
|
|
15
12
|
apiQuery?: string;
|
|
16
13
|
apiStyle?: 'openai-chat-completions' | 'codex-chatgpt-responses';
|
|
17
|
-
authMode?: 'oauth-bearer' | 'api-key';
|
|
18
14
|
extraHeaders?: Record<string, string>;
|
|
19
15
|
}
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
16
|
+
interface ResolveRuntimeOptions {
|
|
17
|
+
preferredModel?: string | null;
|
|
18
|
+
inputCredential?: OAuthCredential | null;
|
|
19
|
+
inputToken?: string | null;
|
|
20
|
+
inputAccessMode?: string | null;
|
|
21
|
+
inputSource?: SubscriptionSource;
|
|
22
|
+
persistInputCredential?: boolean;
|
|
23
|
+
}
|
|
24
|
+
export declare function claudeSubscriptionRuntimeLabel(source?: SubscriptionSource | string | null): string;
|
|
25
|
+
/**
|
|
26
|
+
* Anthropic/OpenClaw request shape should stay on native structured messages by default.
|
|
27
|
+
* Source selection tells us where credentials came from, not how to flatten prompts.
|
|
28
|
+
*/
|
|
29
|
+
export declare function resolveClaudeSubscriptionRequestShape(_source?: SubscriptionSource | string | null): 'default' | 'claude-cli-flat';
|
|
30
|
+
export declare function resolveSubscriptionApiModel(profileModel?: string | null, configuredDefaultModel?: string | null): string | null;
|
|
31
|
+
export declare function resolveClaudeSubscriptionRuntime(options?: ResolveRuntimeOptions): Promise<ResolvedSubscriptionRuntime | null>;
|
|
32
|
+
export declare function resolveCodexSubscriptionRuntime(options?: ResolveRuntimeOptions): Promise<ResolvedSubscriptionRuntime | null>;
|
|
33
|
+
export {};
|
|
30
34
|
//# sourceMappingURL=subscription-runtime.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subscription-runtime.d.ts","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"subscription-runtime.d.ts","sourceRoot":"","sources":["../../src/auth/subscription-runtime.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAGL,KAAK,iBAAiB,EACvB,MAAM,0BAA0B,CAAC;AAElC,MAAM,MAAM,2BAA2B,GAAG,WAAW,GAAG,QAAQ,CAAC;AACjE,MAAM,MAAM,kBAAkB,GAC1B,uBAAuB,GACvB,cAAc,GACd,eAAe,GACf,oBAAoB,GACpB,WAAW,GACX,cAAc,GACd,mBAAmB,GACnB,4BAA4B,GAC5B,mBAAmB,GACnB,gBAAgB,CAAC;AAErB,MAAM,WAAW,2BAA2B;IAC1C,YAAY,EAAE,2BAA2B,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,kBAAkB,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,yBAAyB,GAAG,yBAAyB,CAAC;IACjE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC;AAOD,UAAU,qBAAqB;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IACzC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,wBAAgB,8BAA8B,CAAC,MAAM,CAAC,EAAE,kBAAkB,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,CAIlG;AAED;;;GAGG;AACH,wBAAgB,qCAAqC,CACnD,OAAO,CAAC,EAAE,kBAAkB,GAAG,MAAM,GAAG,IAAI,GAC3C,SAAS,GAAG,iBAAiB,CAE/B;AAED,wBAAgB,2BAA2B,CACzC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,GACrC,MAAM,GAAG,IAAI,CAoBf;AA4ND,wBAAsB,gCAAgC,CACpD,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,2BAA2B,GAAG,IAAI,CAAC,CAiD7C;AAED,wBAAsB,+BAA+B,CACnD,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,2BAA2B,GAAG,IAAI,CAAC,CA2B7C"}
|