grok-it-mcp 0.1.0

package/README.md

@@ -0,0 +1,106 @@
+# grok-it MCP Plugin
+
+Local TypeScript stdio MCP server published as an npm CLI package, plus shared Claude Code + Codex plugin wrappers for Grok/xAI.
+
+- `grok_x_search` — xAI Responses API with built-in `x_search`.
+- `grok_image_generate` — `/images/generations`, cached locally by default.
+- `grok_video_generate` — `/videos/generations`, polling; returns remote URL by default, optional local cache.
+- `grok_auth_status` / `grok_login` — Grok OAuth PKCE status/login with `XAI_API_KEY` fallback.
+
+## npm CLI
+
+Install the server directly:
+
+```bash
+npm install -g grok-it-mcp
+```
+
+Or run it ad hoc:
+
+```bash
+npx -y grok-it-mcp@0.1.0
+```
+
+The default CLI starts the stdio MCP server defined in `src/index.ts`. It also exposes auth helpers for terminal use:
+
+```bash
+grok-it-mcp status
+grok-it-mcp login --open
+grok-it-mcp search "xAI news"
+grok-it-mcp x-search "grok updates" --include-handles xai --max-results 5 --json
+```
+
+For manual OAuth completion without a loopback browser flow:
+
+```bash
+grok-it-mcp login
+grok-it-mcp login --callback '<callback-url-or-code>' --verifier '<verifier>' --state '<state>' --redirect-uri 'http://127.0.0.1:8765/callback'
+```
+
+
+### OAuth note
+
+The current default browser-login flow uses xAI's public Grok OAuth client id and the `grok-cli:access api:access` scopes. If xAI changes those values again, override them with `GROK_IT_OAUTH_CLIENT_ID` or fall back to `XAI_API_KEY`.
+
+### Search connectivity test
+
+Use `search` or its alias `x-search` to run the existing `grok_x_search` flow from a terminal. This is useful for end-to-end connectivity checks because it exercises credential resolution, xAI `/responses`, and the built-in `x_search` tool:
+
+```bash
+grok-it-mcp search "xAI news"
+grok-it-mcp x-search --query "grok updates" --include-handles xai,elonmusk --max-results 10 --json
+```
+
+Supported search flags: `--model`, `--from-date`, `--to-date`, `--include-handles`, `--exclude-handles`, `--include-images`, `--include-videos`, `--max-results`, and `--json`.
+## Cross-platform plugin root
+
+`plugins/grok-it/` is the canonical plugin root for both Claude Code and Codex:
+
+```text
+plugins/grok-it/
+  .claude-plugin/plugin.json   # Claude Code manifest
+  .codex-plugin/plugin.json    # Codex manifest
+  .mcp.json                    # shared MCP server config
+  skills/grok-tools/SKILL.md   # shared skill instructions
+  skills/grok-tools/agents/openai.yaml
+```
+
+Both manifests reference the same `./skills/` and `./.mcp.json`. The shared MCP config launches `npx -y grok-it-mcp@0.1.0`, so the plugin no longer bundles `dist/index.js`.
+
+## Install/build
+
+```bash
+npm install
+npm run build
+```
+
+`npm run build` typechecks and emits the CLI entrypoint.
+
+## Authentication
+
+Preferred: call MCP tool `grok_login`. It performs OAuth PKCE and stores tokens at `~/.grok-it/auth.json` (override with `GROK_IT_TOKEN_STORE`). The tool never returns token material.
+
+Fallback: set `XAI_API_KEY`. OAuth credentials take precedence over API keys. OAuth bearer requests are pinned to `https://*.x.ai` so `XAI_BASE_URL` cannot leak OAuth tokens to another origin.
+
+## Codex
+
+Install/use `plugins/grok-it/` as the Codex plugin root. The Codex manifest is at `plugins/grok-it/.codex-plugin/plugin.json`.
+
+## Claude Code
+
+Install/use the same `plugins/grok-it/` folder as the Claude Code plugin root. The Claude manifest is at `plugins/grok-it/.claude-plugin/plugin.json`.
+
+## Validation
+
+```bash
+npm run typecheck
+npm test
+npm run build
+npm run validate:plugin
+npm run validate:codex-plugin
+```
+
+- `validate:plugin` checks the shared Claude/Codex plugin root and shared MCP config.
+- `validate:codex-plugin` runs the official plugin-creator validator against `plugins/grok-it/` and checks shared skill metadata.
+
+Tests mock network behavior; they must not call real xAI APIs or open browsers.

package/dist/auth/credentials.d.ts

@@ -0,0 +1,28 @@
+export type CredentialSource = 'xai-oauth' | 'xai';
+export type ResolvedCredentials = {
+    provider: CredentialSource;
+    credentialSource: CredentialSource;
+    authorization: string;
+    baseUrl: string;
+    expiresAt?: number;
+    tokenStorePath?: string;
+};
+export declare class AuthRequiredError extends Error {
+    constructor(message?: string);
+}
+export declare function resolveCredentials(options?: {
+    forceRefresh?: boolean;
+    fetchImpl?: typeof fetch;
+    env?: NodeJS.ProcessEnv;
+}): Promise<ResolvedCredentials>;
+export declare function isOAuthCredential(creds: ResolvedCredentials): boolean;
+export declare function redactSecret(input: string): string;
+export declare function authStatus(env?: NodeJS.ProcessEnv): Promise<{
+    logged_in: boolean;
+    provider: string | null;
+    base_url: string | null;
+    oauth_expires_at: string | null;
+    token_store: string;
+    cache_dir: string;
+    api_key_present: boolean;
+}>;

package/dist/auth/credentials.js

@@ -0,0 +1,67 @@
+import { DEFAULT_XAI_BASE_URL } from '../config/constants.js';
+import { getConfig } from '../config/env.js';
+import { OAuthError, readOAuthState, refreshOAuthState, validateInferenceBaseUrl } from './oauth.js';
+export class AuthRequiredError extends Error {
+    constructor(message = 'No Grok OAuth token or XAI_API_KEY is configured') {
+        super(message);
+        this.name = 'AuthRequiredError';
+    }
+}
+export async function resolveCredentials(options = {}) {
+    const config = getConfig(options.env);
+    const oauth = await readOAuthState(config.tokenStorePath);
+    if (oauth) {
+        try {
+            const fresh = await refreshOAuthState(oauth, { force: options.forceRefresh, fetchImpl: options.fetchImpl, tokenStorePath: config.tokenStorePath });
+            return {
+                provider: 'xai-oauth',
+                credentialSource: 'xai-oauth',
+                authorization: `Bearer ${fresh.tokens.access_token}`,
+                baseUrl: validateInferenceBaseUrl(fresh.base_url || DEFAULT_XAI_BASE_URL),
+                expiresAt: fresh.tokens.expires_at,
+                tokenStorePath: config.tokenStorePath,
+            };
+        }
+        catch (error) {
+            if (error instanceof OAuthError && (error.code === 'invalid_grant' || error.code === 'oauth_entitlement_required')) {
+                if (config.apiKey)
+                    return apiKeyCredentials(config);
+            }
+            throw error;
+        }
+    }
+    if (config.apiKey)
+        return apiKeyCredentials(config);
+    throw new AuthRequiredError();
+}
+function apiKeyCredentials(config) {
+    return {
+        provider: 'xai',
+        credentialSource: 'xai',
+        authorization: `Bearer ${config.apiKey}`,
+        baseUrl: config.baseUrl.replace(/\/$/, ''),
+        tokenStorePath: config.tokenStorePath,
+    };
+}
+export function isOAuthCredential(creds) {
+    return creds.provider === 'xai-oauth';
+}
+export function redactSecret(input) {
+    return input
+        .replace(/Bearer\s+[A-Za-z0-9._~+/-]+/g, 'Bearer [REDACTED]')
+        .replace(/(access_token|refresh_token|id_token|code|code_verifier)=([^&\s]+)/gi, '$1=[REDACTED]');
+}
+export async function authStatus(env = process.env) {
+    const config = getConfig(env);
+    const oauth = await readOAuthState(config.tokenStorePath);
+    return {
+        logged_in: Boolean(oauth?.tokens?.access_token || config.apiKey),
+        provider: oauth?.tokens?.access_token ? 'xai-oauth' : config.apiKey ? 'xai' : null,
+        base_url: oauth?.tokens?.access_token ? oauth.base_url : config.apiKey ? config.baseUrl : null,
+        oauth_expires_at: oauth?.tokens?.expires_at ? new Date(oauth.tokens.expires_at).toISOString() : null,
+        token_store: config.tokenStorePath,
+        cache_dir: config.cacheDir,
+        api_key_present: Boolean(config.apiKey),
+    };
+}
+//# sourceMappingURL=credentials.js.map

package/dist/auth/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../src/auth/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAarG,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAO,GAAG,kDAAkD;QACtE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,UAAyF,EAAE;IAClI,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAC1D,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;YACnJ,OAAO;gBACL,QAAQ,EAAE,WAAW;gBACrB,gBAAgB,EAAE,WAAW;gBAC7B,aAAa,EAAE,UAAU,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE;gBACpD,OAAO,EAAE,wBAAwB,CAAC,KAAK,CAAC,QAAQ,IAAI,oBAAoB,CAAC;gBACzE,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,UAAU;gBAClC,cAAc,EAAE,MAAM,CAAC,cAAc;aACtC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,UAAU,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,eAAe,IAAI,KAAK,CAAC,IAAI,KAAK,4BAA4B,CAAC,EAAE,CAAC;gBACnH,IAAI,MAAM,CAAC,MAAM;oBAAE,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACtD,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,MAAM;QAAE,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,IAAI,iBAAiB,EAAE,CAAC;AAChC,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAoC;IAC7D,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,gBAAgB,EAAE,KAAK;QACvB,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;QACxC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1C,cAAc,EAAE,MAAM,CAAC,cAAc;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAA0B;IAC1D,OAAO,KAAK,CAAC,QAAQ,KAAK,WAAW,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,OAAO,KAAK;SACT,OAAO,CAAC,8BAA8B,EAAE,mBAAmB,CAAC;SAC5D,OAAO,CAAC,sEAAsE,EAAE,eAAe,CAAC,CAAC;AACtG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,MAAyB,OAAO,CAAC,GAAG;IACnE,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAC1D,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,MAAM,CAAC;QAChE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;QAClF,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;QAC9F,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;QACpG,WAAW,EAAE,MAAM,CAAC,cAAc;QAClC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;KACxC,CAAC;AACJ,CAAC"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,101 @@
+export type OAuthDiscovery = {
+    issuer?: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+};
+export type StoredOAuthTokens = {
+    access_token: string;
+    refresh_token?: string;
+    id_token?: string;
+    expires_at?: number;
+    token_type?: string;
+    scope?: string;
+};
+export type StoredOAuthState = {
+    provider: 'xai-oauth';
+    auth_mode: 'oauth_pkce';
+    tokens: StoredOAuthTokens;
+    discovery: OAuthDiscovery;
+    redirect_uri: string;
+    base_url: string;
+    last_refresh: string;
+    invalid?: boolean;
+    last_auth_error?: string;
+};
+export type AuthStore = {
+    providers?: {
+        'xai-oauth'?: StoredOAuthState;
+    };
+};
+export type LoginSession = {
+    verifier: string;
+    challenge: string;
+    state: string;
+    nonce: string;
+    redirectUri: string;
+    authorizeUrl: string;
+    discovery: OAuthDiscovery;
+};
+export declare class OAuthError extends Error {
+    code: string;
+    status?: number | undefined;
+    constructor(code: string, message: string, status?: number | undefined);
+}
+export declare function base64Url(input: Buffer): string;
+export declare function generatePkce(): {
+    verifier: string;
+    challenge: string;
+};
+export declare function randomState(): string;
+export declare function isXaiOrigin(value: string): boolean;
+export declare function validateXaiHttpsUrl(value: string, label?: string): string;
+export declare function validateInferenceBaseUrl(value: string): string;
+export declare function readAuthStore(tokenStorePath?: string): Promise<AuthStore>;
+export declare function writeAuthStore(store: AuthStore, tokenStorePath?: string): Promise<void>;
+export declare function readOAuthState(tokenStorePath?: string): Promise<StoredOAuthState | undefined>;
+export declare function saveOAuthState(state: StoredOAuthState, tokenStorePath?: string): Promise<void>;
+export declare function markOAuthInvalid(reason: string, tokenStorePath?: string): Promise<void>;
+export declare function clearOAuthState(tokenStorePath?: string): Promise<void>;
+export declare function tokenExpiresAt(tokenResponse: Record<string, unknown>, now?: number): number | undefined;
+export declare function isTokenExpiring(tokens: StoredOAuthTokens, now?: number): boolean;
+export declare function discoverOAuth(fetchImpl?: typeof fetch): Promise<OAuthDiscovery>;
+export declare function buildAuthorizeUrl(params: {
+    discovery: OAuthDiscovery;
+    clientId?: string;
+    redirectUri: string;
+    scope?: string;
+    challenge: string;
+    state: string;
+    nonce: string;
+}): string;
+export declare function createLoginSession(options?: {
+    redirectUri?: string;
+    port?: number;
+    fetchImpl?: typeof fetch;
+}): Promise<LoginSession>;
+export declare function parseCallback(input: string, expectedState?: string): {
+    code: string;
+    state?: string;
+};
+export declare function exchangeCodeForTokens(params: {
+    code: string;
+    verifier: string;
+    challenge?: string;
+    redirectUri: string;
+    discovery: OAuthDiscovery;
+    clientId?: string;
+    fetchImpl?: typeof fetch;
+}): Promise<StoredOAuthTokens>;
+export declare function persistTokenResponse(params: {
+    tokens: StoredOAuthTokens;
+    discovery: OAuthDiscovery;
+    redirectUri: string;
+    baseUrl?: string;
+    tokenStorePath?: string;
+}): Promise<StoredOAuthState>;
+export declare function refreshOAuthState(state: StoredOAuthState, options?: {
+    force?: boolean;
+    fetchImpl?: typeof fetch;
+    tokenStorePath?: string;
+}): Promise<StoredOAuthState>;
+export declare function waitForLoopbackCode(session: LoginSession, timeoutMs: number): Promise<string>;

package/dist/auth/oauth.js

@@ -0,0 +1,284 @@
+import crypto from 'node:crypto';
+import http from 'node:http';
+import { URL, URLSearchParams } from 'node:url';
+import { mkdir, readFile, rename, rm, writeFile } from 'node:fs/promises';
+import path from 'node:path';
+import { DEFAULT_REDIRECT_HOST, DEFAULT_REDIRECT_PATH, DEFAULT_REDIRECT_PORT, DEFAULT_XAI_DISCOVERY_URL, DEFAULT_XAI_OAUTH_CLIENT_ID, DEFAULT_XAI_OAUTH_SCOPE, OAUTH_REFRESH_SKEW_MS, PACKAGE_NAME, PACKAGE_VERSION, } from '../config/constants.js';
+import { getConfig } from '../config/env.js';
+export class OAuthError extends Error {
+    code;
+    status;
+    constructor(code, message, status) {
+        super(message);
+        this.code = code;
+        this.status = status;
+        this.name = 'OAuthError';
+    }
+}
+export function base64Url(input) {
+    return input.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
+}
+export function generatePkce() {
+    const verifier = base64Url(crypto.randomBytes(32));
+    const challenge = base64Url(crypto.createHash('sha256').update(verifier).digest());
+    return { verifier, challenge };
+}
+export function randomState() {
+    return base64Url(crypto.randomBytes(24));
+}
+export function isXaiOrigin(value) {
+    try {
+        const url = new URL(value);
+        return url.protocol === 'https:' && (url.hostname === 'x.ai' || url.hostname.endsWith('.x.ai'));
+    }
+    catch {
+        return false;
+    }
+}
+export function validateXaiHttpsUrl(value, label = 'xAI URL') {
+    if (!isXaiOrigin(value)) {
+        throw new OAuthError('xai_origin_required', `${label} must be an https://*.x.ai URL`);
+    }
+    return value;
+}
+export function validateInferenceBaseUrl(value) {
+    const url = new URL(validateXaiHttpsUrl(value, 'OAuth inference base URL'));
+    url.pathname = url.pathname.replace(/\/$/, '');
+    return url.toString().replace(/\/$/, '');
+}
+export async function readAuthStore(tokenStorePath = getConfig().tokenStorePath) {
+    try {
+        return JSON.parse(await readFile(tokenStorePath, 'utf8'));
+    }
+    catch (error) {
+        if (error.code === 'ENOENT')
+            return {};
+        throw error;
+    }
+}
+export async function writeAuthStore(store, tokenStorePath = getConfig().tokenStorePath) {
+    await mkdir(path.dirname(tokenStorePath), { recursive: true, mode: 0o700 });
+    const tmp = `${tokenStorePath}.${process.pid}.tmp`;
+    await writeFile(tmp, `${JSON.stringify(store, null, 2)}\n`, { mode: 0o600 });
+    await rename(tmp, tokenStorePath);
+}
+export async function readOAuthState(tokenStorePath = getConfig().tokenStorePath) {
+    const state = (await readAuthStore(tokenStorePath)).providers?.['xai-oauth'];
+    if (!state || state.invalid || !state.tokens?.access_token)
+        return undefined;
+    return state;
+}
+export async function saveOAuthState(state, tokenStorePath = getConfig().tokenStorePath) {
+    const store = await readAuthStore(tokenStorePath);
+    store.providers ||= {};
+    store.providers['xai-oauth'] = state;
+    await writeAuthStore(store, tokenStorePath);
+}
+export async function markOAuthInvalid(reason, tokenStorePath = getConfig().tokenStorePath) {
+    const store = await readAuthStore(tokenStorePath);
+    if (store.providers?.['xai-oauth']) {
+        store.providers['xai-oauth'].invalid = true;
+        store.providers['xai-oauth'].last_auth_error = reason;
+        await writeAuthStore(store, tokenStorePath);
+    }
+}
+export async function clearOAuthState(tokenStorePath = getConfig().tokenStorePath) {
+    const store = await readAuthStore(tokenStorePath);
+    if (store.providers?.['xai-oauth']) {
+        delete store.providers['xai-oauth'];
+        await writeAuthStore(store, tokenStorePath);
+    }
+    else {
+        await rm(tokenStorePath, { force: true });
+    }
+}
+export function tokenExpiresAt(tokenResponse, now = Date.now()) {
+    if (typeof tokenResponse.expires_at === 'number')
+        return tokenResponse.expires_at;
+    if (typeof tokenResponse.expires_in === 'number')
+        return now + tokenResponse.expires_in * 1000;
+    return undefined;
+}
+export function isTokenExpiring(tokens, now = Date.now()) {
+    return typeof tokens.expires_at === 'number' && tokens.expires_at - now <= OAUTH_REFRESH_SKEW_MS;
+}
+export async function discoverOAuth(fetchImpl = fetch) {
+    const response = await fetchImpl(DEFAULT_XAI_DISCOVERY_URL, { headers: { accept: 'application/json', 'user-agent': `${PACKAGE_NAME}/${PACKAGE_VERSION}` } });
+    if (!response.ok)
+        throw new OAuthError('discovery_failed', `OIDC discovery failed with HTTP ${response.status}`, response.status);
+    const discovery = (await response.json());
+    validateXaiHttpsUrl(discovery.authorization_endpoint, 'authorization_endpoint');
+    validateXaiHttpsUrl(discovery.token_endpoint, 'token_endpoint');
+    return discovery;
+}
+export function buildAuthorizeUrl(params) {
+    const url = new URL(params.discovery.authorization_endpoint);
+    url.search = new URLSearchParams({
+        response_type: 'code',
+        client_id: params.clientId || DEFAULT_XAI_OAUTH_CLIENT_ID,
+        redirect_uri: params.redirectUri,
+        scope: params.scope || DEFAULT_XAI_OAUTH_SCOPE,
+        code_challenge: params.challenge,
+        code_challenge_method: 'S256',
+        state: params.state,
+        nonce: params.nonce,
+        plan: 'generic',
+        referrer: PACKAGE_NAME,
+    }).toString();
+    return url.toString();
+}
+export async function createLoginSession(options = {}) {
+    const config = getConfig();
+    const discovery = await discoverOAuth(options.fetchImpl || fetch);
+    const { verifier, challenge } = generatePkce();
+    const state = randomState();
+    const nonce = randomState();
+    const redirectUri = options.redirectUri || `http://${DEFAULT_REDIRECT_HOST}:${options.port || DEFAULT_REDIRECT_PORT}${DEFAULT_REDIRECT_PATH}`;
+    return {
+        verifier,
+        challenge,
+        state,
+        nonce,
+        redirectUri,
+        discovery,
+        authorizeUrl: buildAuthorizeUrl({ discovery, clientId: config.oauthClientId, redirectUri, challenge, state, nonce }),
+    };
+}
+export function parseCallback(input, expectedState) {
+    let code = null;
+    let state = null;
+    let callbackUrl = false;
+    if (/^https?:\/\//.test(input)) {
+        callbackUrl = true;
+        const url = new URL(input);
+        const error = url.searchParams.get('error');
+        if (error)
+            throw new OAuthError(error, url.searchParams.get('error_description') || error);
+        code = url.searchParams.get('code');
+        state = url.searchParams.get('state');
+    }
+    else {
+        code = input.trim();
+    }
+    if (!code)
+        throw new OAuthError('missing_code', 'OAuth callback did not contain an authorization code');
+    if (expectedState && callbackUrl && !state)
+        throw new OAuthError('missing_state', 'OAuth callback URL did not contain state');
+    if (expectedState && state !== null && state !== expectedState)
+        throw new OAuthError('state_mismatch', 'OAuth callback state did not match login session');
+    return { code, state: state || undefined };
+}
+export async function exchangeCodeForTokens(params) {
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code: params.code,
+        redirect_uri: params.redirectUri,
+        client_id: params.clientId || DEFAULT_XAI_OAUTH_CLIENT_ID,
+        code_verifier: params.verifier,
+    });
+    if (params.challenge) {
+        body.set('code_challenge', params.challenge);
+        body.set('code_challenge_method', 'S256');
+    }
+    const response = await (params.fetchImpl || fetch)(validateXaiHttpsUrl(params.discovery.token_endpoint, 'token_endpoint'), {
+        method: 'POST',
+        headers: { accept: 'application/json', 'content-type': 'application/x-www-form-urlencoded', 'user-agent': `${PACKAGE_NAME}/${PACKAGE_VERSION}` },
+        body,
+    });
+    const payload = (await response.json().catch(() => ({})));
+    if (!response.ok) {
+        const message = typeof payload.error_description === 'string' ? payload.error_description : `Token exchange failed with HTTP ${response.status}`;
+        throw new OAuthError(response.status === 403 ? 'oauth_entitlement_required' : 'token_exchange_failed', message, response.status);
+    }
+    if (typeof payload.access_token !== 'string')
+        throw new OAuthError('missing_access_token', 'Token exchange response did not contain access_token');
+    return {
+        access_token: payload.access_token,
+        refresh_token: typeof payload.refresh_token === 'string' ? payload.refresh_token : undefined,
+        id_token: typeof payload.id_token === 'string' ? payload.id_token : undefined,
+        expires_at: tokenExpiresAt(payload),
+        token_type: typeof payload.token_type === 'string' ? payload.token_type : 'Bearer',
+        scope: typeof payload.scope === 'string' ? payload.scope : undefined,
+    };
+}
+export async function persistTokenResponse(params) {
+    const state = {
+        provider: 'xai-oauth',
+        auth_mode: 'oauth_pkce',
+        tokens: params.tokens,
+        discovery: params.discovery,
+        redirect_uri: params.redirectUri,
+        base_url: validateInferenceBaseUrl(params.baseUrl || getConfig().oauthBaseUrl),
+        last_refresh: new Date().toISOString(),
+    };
+    await saveOAuthState(state, params.tokenStorePath);
+    return state;
+}
+export async function refreshOAuthState(state, options = {}) {
+    if (!options.force && !isTokenExpiring(state.tokens))
+        return state;
+    if (!state.tokens.refresh_token)
+        throw new OAuthError('missing_refresh_token', 'OAuth token has no refresh_token; run grok_login again');
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: getConfig().oauthClientId || DEFAULT_XAI_OAUTH_CLIENT_ID,
+        refresh_token: state.tokens.refresh_token,
+    });
+    const response = await (options.fetchImpl || fetch)(validateXaiHttpsUrl(state.discovery.token_endpoint, 'token_endpoint'), {
+        method: 'POST',
+        headers: { accept: 'application/json', 'content-type': 'application/x-www-form-urlencoded', 'user-agent': `${PACKAGE_NAME}/${PACKAGE_VERSION}` },
+        body,
+    });
+    const payload = (await response.json().catch(() => ({})));
+    if (!response.ok) {
+        const code = response.status === 403 ? 'oauth_entitlement_required' : response.status === 400 || response.status === 401 ? 'invalid_grant' : 'refresh_failed';
+        if (code === 'invalid_grant' || code === 'oauth_entitlement_required')
+            await markOAuthInvalid(code, options.tokenStorePath);
+        throw new OAuthError(code, typeof payload.error_description === 'string' ? payload.error_description : `OAuth refresh failed with HTTP ${response.status}`, response.status);
+    }
+    if (typeof payload.access_token !== 'string')
+        throw new OAuthError('missing_access_token', 'OAuth refresh response did not contain access_token');
+    const next = {
+        ...state,
+        invalid: false,
+        last_auth_error: undefined,
+        last_refresh: new Date().toISOString(),
+        tokens: {
+            access_token: payload.access_token,
+            refresh_token: typeof payload.refresh_token === 'string' ? payload.refresh_token : state.tokens.refresh_token,
+            id_token: typeof payload.id_token === 'string' ? payload.id_token : state.tokens.id_token,
+            expires_at: tokenExpiresAt(payload),
+            token_type: typeof payload.token_type === 'string' ? payload.token_type : 'Bearer',
+            scope: typeof payload.scope === 'string' ? payload.scope : state.tokens.scope,
+        },
+    };
+    await saveOAuthState(next, options.tokenStorePath);
+    return next;
+}
+export async function waitForLoopbackCode(session, timeoutMs) {
+    const redirect = new URL(session.redirectUri);
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            server.close();
+            reject(new OAuthError('callback_timeout', 'Timed out waiting for OAuth loopback callback'));
+        }, timeoutMs);
+        const server = http.createServer((req, res) => {
+            try {
+                const parsed = new URL(req.url || '/', session.redirectUri);
+                const { code } = parseCallback(parsed.toString(), session.state);
+                res.writeHead(200, { 'content-type': 'text/plain' });
+                res.end('Grok login complete. You can close this tab.');
+                clearTimeout(timer);
+                server.close();
+                resolve(code);
+            }
+            catch (error) {
+                res.writeHead(400, { 'content-type': 'text/plain' });
+                res.end(error.message);
+            }
+        });
+        server.listen(Number(redirect.port), redirect.hostname, () => undefined);
+        server.on('error', reject);
+    });
+}
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,yBAAyB,EACzB,2BAA2B,EAC3B,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,EACZ,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AA6C7C,MAAM,OAAO,UAAW,SAAQ,KAAK;IAChB;IAAsC;IAAzD,YAAmB,IAAY,EAAE,OAAe,EAAS,MAAe;QACtE,KAAK,CAAC,OAAO,CAAC,CAAC;QADE,SAAI,GAAJ,IAAI,CAAQ;QAA0B,WAAM,GAAN,MAAM,CAAS;QAEtE,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;IAC3B,CAAC;CACF;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACnF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAClG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,KAAK,GAAG,SAAS;IAClE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,GAAG,KAAK,gCAAgC,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,KAAa;IACpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,KAAK,EAAE,0BAA0B,CAAC,CAAC,CAAC;IAC5E,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IAC7E,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAc,CAAC;IACzE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAClE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAgB,EAAE,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IAChG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;IACnD,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7E,MAAM,MAAM,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IAC9E,MAAM,KAAK,GAAG,CAAC,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,CAAC;IAC7E,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,YAAY;QAAE,OAAO,SAAS,CAAC;IAC7E,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAuB,EAAE,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IACvG,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,KAAK,CAAC,SAAS,KAAK,EAAE,CAAC;IACvB,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;IACrC,MAAM,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAc,EAAE,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IAChG,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;QACnC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC;QAC5C,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,eAAe,GAAG,MAAM,CAAC;QACtD,MAAM,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,cAAc,GAAG,SAAS,EAAE,CAAC,cAAc;IAC/E,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACpC,MAAM,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,aAAsC,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;IACrF,IAAI,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,aAAa,CAAC,UAAU,CAAC;IAClF,IAAI,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC;IAC/F,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAyB,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;IACzE,OAAO,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,IAAI,qBAAqB,CAAC;AACnG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,YAA0B,KAAK;IACjE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,yBAAyB,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,GAAG,YAAY,IAAI,eAAe,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7J,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,kBAAkB,EAAE,mCAAmC,QAAQ,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClI,MAAM,SAAS,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;IAC5D,mBAAmB,CAAC,SAAS,CAAC,sBAAsB,EAAE,wBAAwB,CAAC,CAAC;IAChF,mBAAmB,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IAChE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAQjC;IACC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IAC7D,GAAG,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC;QAC/B,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,QAAQ,IAAI,2BAA2B;QACzD,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,uBAAuB;QAC9C,cAAc,EAAE,MAAM,CAAC,SAAS;QAChC,qBAAqB,EAAE,MAAM;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAC,QAAQ,EAAE,CAAC;IACd,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,UAA6E,EAAE;IACtH,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IAClE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,UAAU,qBAAqB,IAAI,OAAO,CAAC,IAAI,IAAI,qBAAqB,GAAG,qBAAqB,EAAE,CAAC;IAC9I,OAAO;QACL,QAAQ;QACR,SAAS;QACT,KAAK;QACL,KAAK;QACL,WAAW;QACX,SAAS;QACT,YAAY,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;KACrH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,aAAsB;IACjE,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,WAAW,GAAG,IAAI,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,KAAK;YAAE,MAAM,IAAI,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,CAAC;QAC3F,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,sDAAsD,CAAC,CAAC;IACxG,IAAI,aAAa,IAAI,WAAW,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,0CAA0C,CAAC,CAAC;IAC9H,IAAI,aAAa,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,aAAa;QAAE,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,kDAAkD,CAAC,CAAC;IAC3J,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,MAQ3C;IACC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ,IAAI,2BAA2B;QACzD,aAAa,EAAE,MAAM,CAAC,QAAQ;KAC/B,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,EAAE;QACzH,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,mCAAmC,EAAE,YAAY,EAAE,GAAG,YAAY,IAAI,eAAe,EAAE,EAAE;QAChJ,IAAI;KACL,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IACrF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,mCAAmC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACjJ,MAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,uBAAuB,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnI,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,YAAY,KAAK,QAAQ;QAAE,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE,sDAAsD,CAAC,CAAC;IACnJ,OAAO;QACL,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,aAAa,EAAE,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QAC5F,QAAQ,EAAE,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7E,UAAU,EAAE,cAAc,CAAC,OAAO,CAAC;QACnC,UAAU,EAAE,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;QAClF,KAAK,EAAE,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,MAM1C;IACC,MAAM,KAAK,GAAqB;QAC9B,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,YAAY;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,QAAQ,EAAE,wBAAwB,CAAC,MAAM,CAAC,OAAO,IAAI,SAAS,EAAE,CAAC,YAAY,CAAC;QAC9E,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;IACF,MAAM,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,KAAuB,EAAE,UAAkF,EAAE;IACnJ,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACnE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa;QAAE,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE,wDAAwD,CAAC,CAAC;IACzI,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,SAAS,EAAE,CAAC,aAAa,IAAI,2BAA2B;QACnE,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,aAAa;KAC1C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,EAAE;QACzH,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,mCAAmC,EAAE,YAAY,EAAE,GAAG,YAAY,IAAI,eAAe,EAAE,EAAE;QAChJ,IAAI;KACL,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IACrF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAC9J,IAAI,IAAI,KAAK,eAAe,IAAI,IAAI,KAAK,4BAA4B;YAAE,MAAM,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QAC5H,MAAM,IAAI,UAAU,CAAC,IAAI,EAAE,OAAO,OAAO,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,kCAAkC,QAAQ,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/K,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,YAAY,KAAK,QAAQ;QAAE,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE,qDAAqD,CAAC,CAAC;IAClJ,MAAM,IAAI,GAAqB;QAC7B,GAAG,KAAK;QACR,OAAO,EAAE,KAAK;QACd,eAAe,EAAE,SAAS;QAC1B,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtC,MAAM,EAAE;YACN,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa;YAC7G,QAAQ,EAAE,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ;YACzF,UAAU,EAAE,cAAc,CAAC,OAAO,CAAC;YACnC,UAAU,EAAE,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;YAClF,KAAK,EAAE,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK;SAC9E;KACF,CAAC;IACF,MAAM,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,OAAqB,EAAE,SAAiB;IAChF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,UAAU,CAAC,kBAAkB,EAAE,+CAA+C,CAAC,CAAC,CAAC;QAC9F,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC5C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;gBAC5D,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBACxD,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,GAAG,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACzE,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cache/artifacts.d.ts

@@ -0,0 +1,16 @@
+export type CacheResult = {
+    path: string;
+    bytes: number;
+    contentType?: string;
+};
+export declare function cacheBase64Artifact(data: string, options?: {
+    mediaType: 'image' | 'video';
+    contentType?: string;
+    cacheDir?: string;
+}): Promise<CacheResult>;
+export declare function cacheUrlArtifact(url: string, options?: {
+    mediaType: 'image' | 'video';
+    cacheDir?: string;
+    maxBytes?: number;
+    fetchImpl?: typeof fetch;
+}): Promise<CacheResult>;