hyperclaw 5.4.0 → 5.4.2

package/dist/oauth-flow-CniM4jlJ.js

@@ -0,0 +1,148 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const crypto = require_chunk.__toESM(require("crypto"));
+const http = require_chunk.__toESM(require("http"));
+
+//#region src/services/oauth-flow.ts
+const REDIRECT_PORT = 38789;
+const REDIRECT_PATH = "/oauth/callback";
+const PROVIDERS = {
+	google: {
+		authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
+		token_url: "https://oauth2.googleapis.com/token",
+		scopes: [
+			"openid",
+			"email",
+			"profile",
+			"https://www.googleapis.com/auth/aiplatform"
+		],
+		client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
+		client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
+	},
+	"google-gmail": {
+		authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
+		token_url: "https://oauth2.googleapis.com/token",
+		scopes: [
+			"openid",
+			"email",
+			"profile",
+			"https://www.googleapis.com/auth/gmail.modify",
+			"https://mail.google.com/"
+		],
+		client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
+		client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
+	},
+	microsoft: {
+		authorize_url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
+		token_url: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
+		scopes: [
+			"openid",
+			"profile",
+			"offline_access",
+			"https://cognitiveservices.azure.com/.default"
+		],
+		client_id: process.env.AZURE_OAUTH_CLIENT_ID || process.env.MICROSOFT_OAUTH_CLIENT_ID || "",
+		client_secret: process.env.AZURE_OAUTH_CLIENT_SECRET || process.env.MICROSOFT_OAUTH_CLIENT_SECRET
+	}
+};
+async function runOAuthFlow(providerId, opts) {
+	const cfg = PROVIDERS[providerId];
+	if (!cfg) throw new Error(`OAuth provider "${providerId}" not configured. Supported: google, google-gmail (Gmail Pub/Sub), microsoft. Anthropic/OpenAI: use "hyperclaw auth add" (API keys) or "hyperclaw auth setup-token anthropic" for Claude Pro/Max.`);
+	const clientId = opts?.clientId || cfg.client_id || process.env.OAUTH_CLIENT_ID;
+	const clientSecret = opts?.clientSecret || cfg.client_secret || process.env.OAUTH_CLIENT_SECRET;
+	const scopes = opts?.scopes || cfg.scopes;
+	if (!clientId) {
+		const hint = providerId === "google" ? "Set GOOGLE_OAUTH_CLIENT_ID or OAUTH_CLIENT_ID. Create at: https://console.cloud.google.com/apis/credentials" : providerId === "microsoft" ? "Set AZURE_OAUTH_CLIENT_ID. Create at: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade" : "Set OAUTH_CLIENT_ID or pass --client-id";
+		throw new Error(`OAuth client_id required. ${hint}`);
+	}
+	const codeVerifier = crypto.default.randomBytes(32).toString("base64url");
+	const codeChallenge = crypto.default.createHash("sha256").update(codeVerifier).digest("base64url");
+	const authParams = new URLSearchParams({
+		client_id: clientId,
+		redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
+		response_type: "code",
+		scope: scopes.join(" "),
+		code_challenge: codeChallenge,
+		code_challenge_method: "S256",
+		access_type: "offline",
+		prompt: "consent"
+	});
+	const authUrl = `${cfg.authorize_url}?${authParams}`;
+	return new Promise((resolve, reject) => {
+		const server = http.default.createServer(async (req, res) => {
+			const url = new URL(req.url || "/", `http://127.0.0.1`);
+			if (url.pathname !== REDIRECT_PATH) {
+				res.writeHead(404);
+				res.end("Not found");
+				return;
+			}
+			const code = url.searchParams.get("code");
+			const error = url.searchParams.get("error");
+			res.setHeader("Content-Type", "text/html; charset=utf-8");
+			if (error) {
+				const safeError = String(error).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+				res.writeHead(400);
+				res.end(`<h1>OAuth error</h1><p>${safeError}</p><p>You can close this tab.</p>`);
+				server.close();
+				reject(new Error(`OAuth error: ${error}`));
+				return;
+			}
+			if (!code) {
+				res.writeHead(400);
+				res.end("<h1>No code received</h1><p>You can close this tab.</p>");
+				server.close();
+				reject(new Error("No authorization code received"));
+				return;
+			}
+			const body = new URLSearchParams({
+				grant_type: "authorization_code",
+				code,
+				redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
+				code_verifier: codeVerifier
+			});
+			if (clientSecret) body.set("client_secret", clientSecret);
+			body.set("client_id", clientId);
+			try {
+				const tokenRes = await fetch(cfg.token_url, {
+					method: "POST",
+					headers: { "Content-Type": "application/x-www-form-urlencoded" },
+					body: body.toString()
+				});
+				const tokenData = await tokenRes.json();
+				if (tokenData.error) {
+					res.writeHead(400);
+					res.end(`<h1>Token error</h1><p>${tokenData.error}</p><p>You can close this tab.</p>`);
+					server.close();
+					reject(new Error(tokenData.error_description || tokenData.error));
+					return;
+				}
+				res.writeHead(200);
+				res.end("<h1>Success!</h1><p>HyperClaw has received your tokens. You can close this tab and return to the terminal.</p>");
+				server.close();
+				resolve({
+					access_token: tokenData.access_token,
+					refresh_token: tokenData.refresh_token,
+					expires_in: tokenData.expires_in
+				});
+			} catch (e) {
+				res.writeHead(500);
+				res.end(`<h1>Error</h1><p>${e.message}</p><p>You can close this tab.</p>`);
+				server.close();
+				reject(e);
+			}
+		});
+		server.listen(REDIRECT_PORT, "127.0.0.1", () => {
+			try {
+				const { exec } = require("child_process");
+				const opener = process.platform === "win32" ? `start "" "${authUrl}"` : (process.platform === "darwin" ? "open" : "xdg-open") + ` "${authUrl}"`;
+				exec(opener);
+			} catch {}
+		});
+		server.on("error", (err) => {
+			server.close();
+			reject(err);
+		});
+	});
+}
+
+//#endregion
+exports.runOAuthFlow = runOAuthFlow;

package/dist/oauth-provider-BA4GVFKg.js

@@ -0,0 +1,111 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const https = require_chunk.__toESM(require("https"));
+
+//#region src/services/oauth-provider.ts
+function defaultTokenPath(providerId) {
+	return path.default.join(require_paths.getHyperClawDir(), `oauth-${providerId}.json`);
+}
+async function getProviderCredentialAsync(cfg) {
+	if (!cfg?.provider) return "";
+	const authType = cfg.provider.authType ?? "api_key";
+	if (authType === "api_key") {
+		const key = cfg.provider.apiKey;
+		if (key) return key;
+		const pid = cfg.provider.providerId || "openrouter";
+		switch (pid) {
+			case "openrouter": return process.env.OPENROUTER_API_KEY || "";
+			case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
+			case "openai": return process.env.OPENAI_API_KEY || "";
+			case "xai": return process.env.XAI_API_KEY || "";
+			case "google": return process.env.GOOGLE_AI_API_KEY || "";
+			default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+		}
+	}
+	const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
+	if (!await fs_extra.default.pathExists(tokenPath)) return "";
+	let data;
+	try {
+		data = await fs_extra.default.readJson(tokenPath);
+	} catch {
+		return "";
+	}
+	if (!data.access_token) return "";
+	const now = Math.floor(Date.now() / 1e3);
+	const expiresAt = data.expires_at ?? 0;
+	if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
+	if (!data.refresh_token) return data.access_token;
+	const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
+	if (!tokenUrl) return data.access_token;
+	const refreshed = await refreshAccessToken({
+		token_url: tokenUrl,
+		refresh_token: data.refresh_token,
+		client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
+		client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
+	});
+	if (refreshed.access_token) {
+		data.access_token = refreshed.access_token;
+		if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
+		await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
+		return data.access_token;
+	}
+	return data.access_token;
+}
+async function refreshAccessToken(opts) {
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: opts.refresh_token
+	});
+	if (opts.client_id) body.set("client_id", opts.client_id);
+	if (opts.client_secret) body.set("client_secret", opts.client_secret);
+	const u = new URL(opts.token_url);
+	return new Promise((resolve) => {
+		const req = https.default.request({
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" }
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const j = JSON.parse(data);
+					resolve({
+						access_token: j.access_token,
+						expires_in: j.expires_in
+					});
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", () => resolve({}));
+		req.write(body.toString());
+		req.end();
+	});
+}
+/** Write token file (e.g. after OAuth callback or manual paste). */
+async function writeOAuthToken(providerId, token, customPath) {
+	const p = customPath || defaultTokenPath(providerId);
+	await fs_extra.default.ensureDir(path.default.dirname(p));
+	await fs_extra.default.writeJson(p, token, { spaces: 2 });
+}
+var DEFAULT_REFRESH_URLS;
+var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
+	require_paths$1.init_paths();
+	DEFAULT_REFRESH_URLS = {
+		google: "https://oauth2.googleapis.com/token",
+		openai: "https://api.openai.com/v1/auth/refresh",
+		anthropic: ""
+	};
+} });
+
+//#endregion
+init_oauth_provider();
+exports.getProviderCredentialAsync = getProviderCredentialAsync;
+exports.writeOAuthToken = writeOAuthToken;

package/dist/oauth-provider-Bnul5A_Z.js

@@ -0,0 +1,111 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const https = require_chunk.__toESM(require("https"));
+
+//#region src/services/oauth-provider.ts
+function defaultTokenPath(providerId) {
+	return path.default.join(require_paths.getHyperClawDir(), `oauth-${providerId}.json`);
+}
+async function getProviderCredentialAsync(cfg) {
+	if (!cfg?.provider) return "";
+	const authType = cfg.provider.authType ?? "api_key";
+	if (authType === "api_key") {
+		const key = cfg.provider.apiKey;
+		if (key) return key;
+		const pid = cfg.provider.providerId || "openrouter";
+		switch (pid) {
+			case "openrouter": return process.env.OPENROUTER_API_KEY || "";
+			case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
+			case "openai": return process.env.OPENAI_API_KEY || "";
+			case "xai": return process.env.XAI_API_KEY || "";
+			case "google": return process.env.GOOGLE_AI_API_KEY || "";
+			default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+		}
+	}
+	const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
+	if (!await fs_extra.default.pathExists(tokenPath)) return "";
+	let data;
+	try {
+		data = await fs_extra.default.readJson(tokenPath);
+	} catch {
+		return "";
+	}
+	if (!data.access_token) return "";
+	const now = Math.floor(Date.now() / 1e3);
+	const expiresAt = data.expires_at ?? 0;
+	if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
+	if (!data.refresh_token) return data.access_token;
+	const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
+	if (!tokenUrl) return data.access_token;
+	const refreshed = await refreshAccessToken({
+		token_url: tokenUrl,
+		refresh_token: data.refresh_token,
+		client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
+		client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
+	});
+	if (refreshed.access_token) {
+		data.access_token = refreshed.access_token;
+		if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
+		await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
+		return data.access_token;
+	}
+	return data.access_token;
+}
+async function refreshAccessToken(opts) {
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: opts.refresh_token
+	});
+	if (opts.client_id) body.set("client_id", opts.client_id);
+	if (opts.client_secret) body.set("client_secret", opts.client_secret);
+	const u = new URL(opts.token_url);
+	return new Promise((resolve) => {
+		const req = https.default.request({
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" }
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const j = JSON.parse(data);
+					resolve({
+						access_token: j.access_token,
+						expires_in: j.expires_in
+					});
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", () => resolve({}));
+		req.write(body.toString());
+		req.end();
+	});
+}
+/** Write token file (e.g. after OAuth callback or manual paste). */
+async function writeOAuthToken(providerId, token, customPath) {
+	const p = customPath || defaultTokenPath(providerId);
+	await fs_extra.default.ensureDir(path.default.dirname(p));
+	await fs_extra.default.writeJson(p, token, { spaces: 2 });
+}
+var DEFAULT_REFRESH_URLS;
+var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
+	require_paths$1.init_paths();
+	DEFAULT_REFRESH_URLS = {
+		google: "https://oauth2.googleapis.com/token",
+		openai: "https://api.openai.com/v1/auth/refresh",
+		anthropic: ""
+	};
+} });
+
+//#endregion
+init_oauth_provider();
+exports.getProviderCredentialAsync = getProviderCredentialAsync;
+exports.writeOAuthToken = writeOAuthToken;

package/dist/oauth-provider-Dk-6BmGL.js

@@ -0,0 +1,111 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const https = require_chunk.__toESM(require("https"));
+
+//#region src/services/oauth-provider.ts
+function defaultTokenPath(providerId) {
+	return path.default.join(require_paths.getHyperClawDir(), `oauth-${providerId}.json`);
+}
+async function getProviderCredentialAsync(cfg) {
+	if (!cfg?.provider) return "";
+	const authType = cfg.provider.authType ?? "api_key";
+	if (authType === "api_key") {
+		const key = cfg.provider.apiKey;
+		if (key) return key;
+		const pid = cfg.provider.providerId || "openrouter";
+		switch (pid) {
+			case "openrouter": return process.env.OPENROUTER_API_KEY || "";
+			case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
+			case "openai": return process.env.OPENAI_API_KEY || "";
+			case "xai": return process.env.XAI_API_KEY || "";
+			case "google": return process.env.GOOGLE_AI_API_KEY || "";
+			default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+		}
+	}
+	const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
+	if (!await fs_extra.default.pathExists(tokenPath)) return "";
+	let data;
+	try {
+		data = await fs_extra.default.readJson(tokenPath);
+	} catch {
+		return "";
+	}
+	if (!data.access_token) return "";
+	const now = Math.floor(Date.now() / 1e3);
+	const expiresAt = data.expires_at ?? 0;
+	if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
+	if (!data.refresh_token) return data.access_token;
+	const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
+	if (!tokenUrl) return data.access_token;
+	const refreshed = await refreshAccessToken({
+		token_url: tokenUrl,
+		refresh_token: data.refresh_token,
+		client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
+		client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
+	});
+	if (refreshed.access_token) {
+		data.access_token = refreshed.access_token;
+		if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
+		await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
+		return data.access_token;
+	}
+	return data.access_token;
+}
+async function refreshAccessToken(opts) {
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: opts.refresh_token
+	});
+	if (opts.client_id) body.set("client_id", opts.client_id);
+	if (opts.client_secret) body.set("client_secret", opts.client_secret);
+	const u = new URL(opts.token_url);
+	return new Promise((resolve) => {
+		const req = https.default.request({
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" }
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const j = JSON.parse(data);
+					resolve({
+						access_token: j.access_token,
+						expires_in: j.expires_in
+					});
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", () => resolve({}));
+		req.write(body.toString());
+		req.end();
+	});
+}
+/** Write token file (e.g. after OAuth callback or manual paste). */
+async function writeOAuthToken(providerId, token, customPath) {
+	const p = customPath || defaultTokenPath(providerId);
+	await fs_extra.default.ensureDir(path.default.dirname(p));
+	await fs_extra.default.writeJson(p, token, { spaces: 2 });
+}
+var DEFAULT_REFRESH_URLS;
+var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
+	require_paths$1.init_paths();
+	DEFAULT_REFRESH_URLS = {
+		google: "https://oauth2.googleapis.com/token",
+		openai: "https://api.openai.com/v1/auth/refresh",
+		anthropic: ""
+	};
+} });
+
+//#endregion
+init_oauth_provider();
+exports.getProviderCredentialAsync = getProviderCredentialAsync;
+exports.writeOAuthToken = writeOAuthToken;

package/dist/oauth-provider-DqPXPiiC.js

@@ -0,0 +1,111 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const https = require_chunk.__toESM(require("https"));
+
+//#region src/services/oauth-provider.ts
+function defaultTokenPath(providerId) {
+	return path.default.join(require_paths.getHyperClawDir(), `oauth-${providerId}.json`);
+}
+async function getProviderCredentialAsync(cfg) {
+	if (!cfg?.provider) return "";
+	const authType = cfg.provider.authType ?? "api_key";
+	if (authType === "api_key") {
+		const key = cfg.provider.apiKey;
+		if (key) return key;
+		const pid = cfg.provider.providerId || "openrouter";
+		switch (pid) {
+			case "openrouter": return process.env.OPENROUTER_API_KEY || "";
+			case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
+			case "openai": return process.env.OPENAI_API_KEY || "";
+			case "xai": return process.env.XAI_API_KEY || "";
+			case "google": return process.env.GOOGLE_AI_API_KEY || "";
+			default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+		}
+	}
+	const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
+	if (!await fs_extra.default.pathExists(tokenPath)) return "";
+	let data;
+	try {
+		data = await fs_extra.default.readJson(tokenPath);
+	} catch {
+		return "";
+	}
+	if (!data.access_token) return "";
+	const now = Math.floor(Date.now() / 1e3);
+	const expiresAt = data.expires_at ?? 0;
+	if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
+	if (!data.refresh_token) return data.access_token;
+	const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
+	if (!tokenUrl) return data.access_token;
+	const refreshed = await refreshAccessToken({
+		token_url: tokenUrl,
+		refresh_token: data.refresh_token,
+		client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
+		client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
+	});
+	if (refreshed.access_token) {
+		data.access_token = refreshed.access_token;
+		if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
+		await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
+		return data.access_token;
+	}
+	return data.access_token;
+}
+async function refreshAccessToken(opts) {
+	const body = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: opts.refresh_token
+	});
+	if (opts.client_id) body.set("client_id", opts.client_id);
+	if (opts.client_secret) body.set("client_secret", opts.client_secret);
+	const u = new URL(opts.token_url);
+	return new Promise((resolve) => {
+		const req = https.default.request({
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" }
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const j = JSON.parse(data);
+					resolve({
+						access_token: j.access_token,
+						expires_in: j.expires_in
+					});
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", () => resolve({}));
+		req.write(body.toString());
+		req.end();
+	});
+}
+/** Write token file (e.g. after OAuth callback or manual paste). */
+async function writeOAuthToken(providerId, token, customPath) {
+	const p = customPath || defaultTokenPath(providerId);
+	await fs_extra.default.ensureDir(path.default.dirname(p));
+	await fs_extra.default.writeJson(p, token, { spaces: 2 });
+}
+var DEFAULT_REFRESH_URLS;
+var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
+	require_paths$1.init_paths();
+	DEFAULT_REFRESH_URLS = {
+		google: "https://oauth2.googleapis.com/token",
+		openai: "https://api.openai.com/v1/auth/refresh",
+		anthropic: ""
+	};
+} });
+
+//#endregion
+init_oauth_provider();
+exports.getProviderCredentialAsync = getProviderCredentialAsync;
+exports.writeOAuthToken = writeOAuthToken;