latchkey 0.1.4 → 0.2.0

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2026 Imbue (Generally Intelligent, Inc.)
+Copyright 2026 Imbue, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

package/README.md

@@ -15,7 +15,7 @@ latchkey curl -X POST 'https://slack.com/api/conversations.create' \
 Latchkey is a command-line tool that injects credentials to curl requests to known public APIs.
 
 - `latchkey services`
-	- Get a list of known and supported third-party services (Slack, Discord, Linear, GitHub, etc.).
+	- Get a list of known and supported third-party services (Slack, Google Workspace, Linear, GitHub, etc.).
 - `latchkey curl <arguments>`
 	- Automatically inject credentials to your otherwise standard curl calls to public APIs.
 	- (The first time you access a service, a browser pop-up with a login screen appears.)
@@ -63,19 +63,19 @@ you're willing to accept the risks.
 ### OpenCode
 ```
 mkdir -p ~/.opencode/skills/latchkey
-cp integrations/SKILL.md ~/.opencode/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.opencode/skills/latchkey/SKILL.md
 ```
 
 ### Claude Code
 ```
 mkdir -p ~/.claude/skills/latchkey
-cp integrations/SKILL.md ~/.claude/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.claude/skills/latchkey/SKILL.md
 ```
 
 ### Codex
 ```
 mkdir -p ~/.codex/skills/latchkey
-cp integrations/SKILL.md ~/.codex/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.codex/skills/latchkey/SKILL.md
 ```
 
 ### Passepartout

package/dist/integrations/SKILL.md

@@ -0,0 +1,71 @@
+---
+name: latchkey
+description: Interact with third-party services (Slack, Google Workspace, Dropbox, GitHub, Linear...) on user's behalf using their public APIs.
+compatibility: Requires node.js, curl, latchkey (npm install -g latchkey) and a desktop/GUI environment.
+---
+
+# Latchkey
+
+## Instructions
+
+Latchkey is a CLI tool that automatically injects credentials into curl commands for supported public APIs. Instead of manually managing API tokens, latchkey opens a browser for login, extracts credentials from the session, and injects them into your curl requests.
+
+Use this skill when the user asks you to work with third-party services like Slack, Discord, Dropbox, Github, Linear and others on their behalf.
+
+Usage:
+
+1. **Use `latchkey curl`** instead of regular `curl` for supported services.
+2. **Use `latchkey info <service_name>`** to get developer notes about a specific service (API docs links, special requirements, etc.).
+3. **Look for the newest documentation of the desired public API online.** Avoid bot-only endpoints if such a distinction exists.
+4. **Pass through all regular curl arguments** - latchkey is a transparent wrapper.
+5. **Use `latchkey status <service_name>`** when you notice potentially expired credentials.
+6. When the status is `invalid`, **force a new login by calling `latchkey clear <service_name>`**, then retry the curl command.
+7. **Do not force a new login if the status is `valid`** - the user might just not have the necessary permissions.
+
+
+## Examples
+
+### Make an authenticated curl request
+```bash
+latchkey curl [curl arguments]
+```
+
+### Creating a Slack channel
+```bash
+latchkey curl -X POST 'https://slack.com/api/conversations.create' \
+  -H 'Content-Type: application/json' \
+  -d '{"name":"my-channel"}'
+```
+
+(Notice that `-H 'Authorization: Bearer` is not present in the invocation.)
+
+### Getting Discord user info
+```bash
+latchkey curl 'https://discord.com/api/v10/users/@me'
+```
+
+### Clear expired credentials and force a new login to Discord
+```bash
+latchkey status discord  # Returns "invalid"
+latchkey clear discord
+latchkey curl 'https://discord.com/api/v10/users/@me'
+```
+
+Only do this when you notice that your previous call ended up not being authenticated (HTTP 401 or 403). The next `latchkey curl` call will trigger a new login flow.
+
+### List supported services
+```bash
+latchkey services
+```
+
+### Get service-specific info
+```bash
+latchkey info slack
+```
+
+Returns developer notes about the service, including API documentation links and any special requirements.
+
+## Notes
+
+- All curl arguments are passed through unchanged
+- Return codes, stdin, and stdout are passed back from curl

package/dist/package.json

@@ -0,0 +1,67 @@
+{
+    "name": "latchkey",
+    "version": "0.2.0",
+    "description": "A CLI tool that injects API credentials into curl requests for known third-party services",
+    "author": "Imbue <hynek@imbue.com>",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/imbue-ai/latchkey.git"
+    },
+    "homepage": "https://github.com/imbue-ai/latchkey#readme",
+    "bugs": {
+        "url": "https://github.com/imbue-ai/latchkey/issues"
+    },
+    "type": "module",
+    "main": "dist/src/index.js",
+    "types": "dist/src/index.d.ts",
+    "bin": {
+        "latchkey": "./dist/src/cli.js"
+    },
+    "files": [
+        "dist",
+        "README.md",
+        "LICENSE"
+    ],
+    "scripts": {
+        "prepublishOnly": "npm run build",
+        "build": "tsc && node -e \"require('fs').cpSync('integrations', 'dist/integrations', {recursive:true})\" ",
+        "dev": "tsc --watch",
+        "lint": "eslint src tests scripts",
+        "lint:fix": "eslint src tests scripts --fix",
+        "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\" \"scripts/**/*.ts\"",
+        "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\" \"scripts/**/*.ts\"",
+        "typecheck": "tsc --noEmit",
+        "test": "vitest run",
+        "test:watch": "vitest",
+        "start": "node dist/cli.js",
+        "bun-compile": "bun build ./src/cli.ts --compile --external chromium-bidi --external electron --outfile latchkey"
+    },
+    "keywords": [
+        "cli",
+        "curl",
+        "api",
+        "credentials",
+        "authentication",
+        "agents",
+        "imbue"
+    ],
+    "license": "MIT",
+    "engines": {
+        "node": ">=20"
+    },
+    "dependencies": {
+        "@napi-rs/keyring": "^1.2.0",
+        "commander": "^12.0.0",
+        "playwright": "^1.49.1",
+        "zod": "^3.22.0"
+    },
+    "devDependencies": {
+        "@eslint/js": "^9.39.2",
+        "@types/node": "^20.0.0",
+        "eslint": "^9.39.2",
+        "prettier": "^3.8.1",
+        "typescript": "^5.3.0",
+        "typescript-eslint": "^8.53.1",
+        "vitest": "^2.0.0"
+    }
+}

package/dist/scripts/encryptFile.d.ts

@@ -0,0 +1,21 @@
+#!/usr/bin/env npx tsx
+/**
+ * CLI tool for encrypting and decrypting latchkey files.
+ *
+ * This is a developer utility for inspecting and modifying encrypted
+ * credential and browser state files.
+ *
+ * Usage:
+ *   npx tsx scripts/encryptFile.ts decrypt <file>     # Decrypt file to stdout
+ *   npx tsx scripts/encryptFile.ts encrypt <file>     # Encrypt file in place
+ *
+ * The encryption key is sourced from:
+ *   1. LATCHKEY_ENCRYPTION_KEY environment variable
+ *   2. System keychain
+ *
+ * Examples:
+ *   npx tsx scripts/encryptFile.ts decrypt ~/.latchkey/credentials.json
+ *   npx tsx scripts/encryptFile.ts encrypt ~/.latchkey/credentials.json
+ */
+export {};
+//# sourceMappingURL=encryptFile.d.ts.map

package/dist/scripts/encryptFile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptFile.d.ts","sourceRoot":"","sources":["../../scripts/encryptFile.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;GAiBG"}

package/dist/scripts/encryptFile.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env npx tsx
+/**
+ * CLI tool for encrypting and decrypting latchkey files.
+ *
+ * This is a developer utility for inspecting and modifying encrypted
+ * credential and browser state files.
+ *
+ * Usage:
+ *   npx tsx scripts/encryptFile.ts decrypt <file>     # Decrypt file to stdout
+ *   npx tsx scripts/encryptFile.ts encrypt <file>     # Encrypt file in place
+ *
+ * The encryption key is sourced from:
+ *   1. LATCHKEY_ENCRYPTION_KEY environment variable
+ *   2. System keychain
+ *
+ * Examples:
+ *   npx tsx scripts/encryptFile.ts decrypt ~/.latchkey/credentials.json
+ *   npx tsx scripts/encryptFile.ts encrypt ~/.latchkey/credentials.json
+ */
+import { program } from 'commander';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { CONFIG } from '../src/config.js';
+import { EncryptedStorage } from '../src/encryptedStorage.js';
+import { encrypt, generateKey } from '../src/encryption.js';
+import { isKeychainAvailable, retrieveFromKeychain } from '../src/keychain.js';
+const ENCRYPTED_FILE_PREFIX = 'LATCHKEY_ENCRYPTED:';
+function getEncryptionKey() {
+    // 1. Check environment variable via Config
+    if (CONFIG.encryptionKeyOverride) {
+        return CONFIG.encryptionKeyOverride;
+    }
+    // 2. Check keychain
+    if (isKeychainAvailable(CONFIG.serviceName, CONFIG.accountName)) {
+        const keychainKey = retrieveFromKeychain(CONFIG.serviceName, CONFIG.accountName);
+        if (keychainKey) {
+            return keychainKey;
+        }
+    }
+    console.error(`\
+Error: No encryption key available.
+Set LATCHKEY_ENCRYPTION_KEY or ensure the system keychain has a stored key.
+
+To generate a new key:
+  export LATCHKEY_ENCRYPTION_KEY="${generateKey()}"`);
+    process.exit(1);
+}
+function decryptCommand(filePath) {
+    if (!existsSync(filePath)) {
+        console.error(`Error: File not found: ${filePath}`);
+        process.exit(1);
+    }
+    const storage = new EncryptedStorage({
+        serviceName: CONFIG.serviceName,
+        accountName: CONFIG.accountName,
+    });
+    const content = storage.readFile(filePath);
+    if (content === null) {
+        console.error(`Error: Could not read file: ${filePath}`);
+        process.exit(1);
+    }
+    // Output to stdout
+    process.stdout.write(content);
+}
+function encryptCommand(filePath) {
+    if (!existsSync(filePath)) {
+        console.error(`Error: File not found: ${filePath}`);
+        process.exit(1);
+    }
+    const content = readFileSync(filePath, 'utf-8');
+    if (content.startsWith(ENCRYPTED_FILE_PREFIX)) {
+        console.error(`Error: File is already encrypted: ${filePath}`);
+        process.exit(1);
+    }
+    const key = getEncryptionKey();
+    const encryptedData = encrypt(content, key);
+    const dataToWrite = ENCRYPTED_FILE_PREFIX + encryptedData;
+    writeFileSync(filePath, dataToWrite, { encoding: 'utf-8', mode: 0o600 });
+    console.error(`Encrypted: ${filePath}`);
+}
+program.name('encryptFile').description(`\
+CLI tool for encrypting and decrypting latchkey files.
+
+The encryption key is sourced from:
+  1. LATCHKEY_ENCRYPTION_KEY environment variable
+  2. System keychain`);
+program
+    .command('decrypt')
+    .description('Decrypt file and print to stdout')
+    .argument('<file>', 'Path to the encrypted file')
+    .action((filePath) => {
+    decryptCommand(filePath);
+});
+program
+    .command('encrypt')
+    .description('Encrypt an unencrypted file in place')
+    .argument('<file>', 'Path to the file to encrypt')
+    .action((filePath) => {
+    encryptCommand(filePath);
+});
+program.parse();
+//# sourceMappingURL=encryptFile.js.map

package/dist/scripts/encryptFile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptFile.js","sourceRoot":"","sources":["../../scripts/encryptFile.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE/E,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AAEpD,SAAS,gBAAgB;IACvB,2CAA2C;IAC3C,IAAI,MAAM,CAAC,qBAAqB,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,qBAAqB,CAAC;IACtC,CAAC;IAED,oBAAoB;IACpB,IAAI,mBAAmB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QAChE,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACjF,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC;;;;;oCAKoB,WAAW,EAAE,GAAG,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC;QACnC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE3C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO,CAAC,KAAK,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,mBAAmB;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;IAE1D,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzE,OAAO,CAAC,KAAK,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC;;;;;qBAKnB,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kCAAkC,CAAC;KAC/C,QAAQ,CAAC,QAAQ,EAAE,4BAA4B,CAAC;KAChD,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE;IAC3B,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,sCAAsC,CAAC;KACnD,QAAQ,CAAC,QAAQ,EAAE,6BAA6B,CAAC;KACjD,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE;IAC3B,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/src/apiCredentials.d.ts

@@ -1,5 +1,6 @@
 /**
- * API credentials types and utilities for authentication with various services.
+ * Serialized API credentials types and utilities.
+ *
  */
 import { z } from 'zod';
 export declare enum ApiCredentialStatus {
@@ -14,6 +15,11 @@ export declare enum ApiCredentialStatus {
 export interface ApiCredentials {
     readonly objectType: string;
     asCurlArguments(): readonly string[];
+    /**
+     * Check if the credentials are expired.
+     * Returns true if expired, false if valid, or undefined if expiration is unknown.
+     */
+    isExpired(): boolean | undefined;
 }
 /**
  * Bearer token authentication (Authorization: Bearer <token>).
@@ -34,6 +40,7 @@ export declare class AuthorizationBearer implements ApiCredentials {
     readonly token: string;
     constructor(token: string);
     asCurlArguments(): readonly string[];
+    isExpired(): boolean | undefined;
     toJSON(): AuthorizationBearerData;
     static fromJSON(data: AuthorizationBearerData): AuthorizationBearer;
 }
@@ -56,6 +63,7 @@ export declare class AuthorizationBare implements ApiCredentials {
     readonly token: string;
     constructor(token: string);
     asCurlArguments(): readonly string[];
+    isExpired(): boolean | undefined;
     toJSON(): AuthorizationBareData;
     static fromJSON(data: AuthorizationBareData): AuthorizationBare;
 }
@@ -82,9 +90,59 @@ export declare class SlackApiCredentials implements ApiCredentials {
     readonly dCookie: string;
     constructor(token: string, dCookie: string);
     asCurlArguments(): readonly string[];
+    isExpired(): boolean | undefined;
     toJSON(): SlackApiCredentialsData;
     static fromJSON(data: SlackApiCredentialsData): SlackApiCredentials;
 }
+/**
+ * OAuth 2.0 credentials (access token, refresh token, client ID, and client secret).
+ * Used by services that implement OAuth 2.0 authorization flows.
+ * Token attributes are optional - when only clientId and clientSecret are present,
+ * this represents credentials from the prepare() step before obtaining user tokens.
+ */
+export declare const OAuthCredentialsSchema: z.ZodObject<{
+    objectType: z.ZodLiteral<"oauth">;
+    accessToken: z.ZodOptional<z.ZodString>;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+    accessTokenExpiresAt: z.ZodOptional<z.ZodString>;
+    refreshTokenExpiresAt: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    objectType: "oauth";
+    clientId: string;
+    clientSecret: string;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    accessTokenExpiresAt?: string | undefined;
+    refreshTokenExpiresAt?: string | undefined;
+}, {
+    objectType: "oauth";
+    clientId: string;
+    clientSecret: string;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    accessTokenExpiresAt?: string | undefined;
+    refreshTokenExpiresAt?: string | undefined;
+}>;
+export type OAuthCredentialsData = z.infer<typeof OAuthCredentialsSchema>;
+export declare class OAuthCredentials implements ApiCredentials {
+    readonly objectType: "oauth";
+    readonly accessToken?: string;
+    readonly refreshToken?: string;
+    readonly clientId: string;
+    readonly clientSecret: string;
+    readonly accessTokenExpiresAt?: string;
+    readonly refreshTokenExpiresAt?: string;
+    constructor(clientId: string, clientSecret: string, accessToken?: string, refreshToken?: string, accessTokenExpiresAt?: string, refreshTokenExpiresAt?: string);
+    asCurlArguments(): readonly string[];
+    isExpired(): boolean | undefined;
+    toJSON(): OAuthCredentialsData;
+    static fromJSON(data: OAuthCredentialsData): OAuthCredentials;
+}
+export declare class ApiCredentialsUsageError extends Error {
+    constructor(message: string);
+}
 /**
  * Union schema for all credential types.
  */
@@ -118,6 +176,30 @@ export declare const ApiCredentialsSchema: z.ZodDiscriminatedUnion<"objectType",
     objectType: "slack";
     token: string;
     dCookie: string;
+}>, z.ZodObject<{
+    objectType: z.ZodLiteral<"oauth">;
+    accessToken: z.ZodOptional<z.ZodString>;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+    accessTokenExpiresAt: z.ZodOptional<z.ZodString>;
+    refreshTokenExpiresAt: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    objectType: "oauth";
+    clientId: string;
+    clientSecret: string;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    accessTokenExpiresAt?: string | undefined;
+    refreshTokenExpiresAt?: string | undefined;
+}, {
+    objectType: "oauth";
+    clientId: string;
+    clientSecret: string;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    accessTokenExpiresAt?: string | undefined;
+    refreshTokenExpiresAt?: string | undefined;
 }>]>;
 export type ApiCredentialsData = z.infer<typeof ApiCredentialsSchema>;
 /**

package/dist/src/apiCredentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiCredentials.d.ts","sourceRoot":"","sources":["../../src/apiCredentials.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,oBAAY,mBAAmB;IAC7B,OAAO,YAAY;IACnB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,eAAe,IAAI,SAAS,MAAM,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;EAGpC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEhF,qBAAa,mBAAoB,YAAW,cAAc;IACxD,QAAQ,CAAC,UAAU,EAAG,qBAAqB,CAAU;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEX,KAAK,EAAE,MAAM;IAIzB,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,MAAM,IAAI,uBAAuB;IAOjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,uBAAuB,GAAG,mBAAmB;CAGpE;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;EAGlC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE5E,qBAAa,iBAAkB,YAAW,cAAc;IACtD,QAAQ,CAAC,UAAU,EAAG,mBAAmB,CAAU;IACnD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEX,KAAK,EAAE,MAAM;IAIzB,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,MAAM,IAAI,qBAAqB;IAO/B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,GAAG,iBAAiB;CAGhE;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;EAIpC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEhF,qBAAa,mBAAoB,YAAW,cAAc;IACxD,QAAQ,CAAC,UAAU,EAAG,OAAO,CAAU;IACvC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBAEb,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAK1C,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,MAAM,IAAI,uBAAuB;IAQjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,uBAAuB,GAAG,mBAAmB;CAGpE;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI/B,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEtE;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAe/E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,cAAc,GAAG,kBAAkB,CAWpF;AAED,qBAAa,gCAAiC,SAAQ,KAAK;gBAC7C,OAAO,EAAE,MAAM;CAI5B"}
+{"version":3,"file":"apiCredentials.d.ts","sourceRoot":"","sources":["../../src/apiCredentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,oBAAY,mBAAmB;IAC7B,OAAO,YAAY;IACnB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,eAAe,IAAI,SAAS,MAAM,EAAE,CAAC;IACrC;;;OAGG;IACH,SAAS,IAAI,OAAO,GAAG,SAAS,CAAC;CAClC;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;EAGpC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEhF,qBAAa,mBAAoB,YAAW,cAAc;IACxD,QAAQ,CAAC,UAAU,EAAG,qBAAqB,CAAU;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEX,KAAK,EAAE,MAAM;IAIzB,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,SAAS,IAAI,OAAO,GAAG,SAAS;IAIhC,MAAM,IAAI,uBAAuB;IAOjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,uBAAuB,GAAG,mBAAmB;CAGpE;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;EAGlC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE5E,qBAAa,iBAAkB,YAAW,cAAc;IACtD,QAAQ,CAAC,UAAU,EAAG,mBAAmB,CAAU;IACnD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEX,KAAK,EAAE,MAAM;IAIzB,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,SAAS,IAAI,OAAO,GAAG,SAAS;IAIhC,MAAM,IAAI,qBAAqB;IAO/B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,GAAG,iBAAiB;CAGhE;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;EAIpC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEhF,qBAAa,mBAAoB,YAAW,cAAc;IACxD,QAAQ,CAAC,UAAU,EAAG,OAAO,CAAU;IACvC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBAEb,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAK1C,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC,SAAS,IAAI,OAAO,GAAG,SAAS;IAIhC,MAAM,IAAI,uBAAuB;IAQjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,uBAAuB,GAAG,mBAAmB;CAGpE;AAED;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;EAQjC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE1E,qBAAa,gBAAiB,YAAW,cAAc;IACrD,QAAQ,CAAC,UAAU,EAAG,OAAO,CAAU;IACvC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;gBAGtC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,WAAW,CAAC,EAAE,MAAM,EACpB,YAAY,CAAC,EAAE,MAAM,EACrB,oBAAoB,CAAC,EAAE,MAAM,EAC7B,qBAAqB,CAAC,EAAE,MAAM;IAUhC,eAAe,IAAI,SAAS,MAAM,EAAE;IASpC,SAAS,IAAI,OAAO,GAAG,SAAS;IAQhC,MAAM,IAAI,oBAAoB;IAa9B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,oBAAoB,GAAG,gBAAgB;CAU9D;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAK/B,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEtE;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAiB/E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,cAAc,GAAG,kBAAkB,CAcpF;AAED,qBAAa,gCAAiC,SAAQ,KAAK;gBAC7C,OAAO,EAAE,MAAM;CAI5B"}

package/dist/src/apiCredentials.js

@@ -1,5 +1,6 @@
 /**
- * API credentials types and utilities for authentication with various services.
+ * Serialized API credentials types and utilities.
+ *
  */
 import { z } from 'zod';
 export var ApiCredentialStatus;
@@ -24,6 +25,9 @@ export class AuthorizationBearer {
     asCurlArguments() {
         return ['-H', `Authorization: Bearer ${this.token}`];
     }
+    isExpired() {
+        return undefined;
+    }
     toJSON() {
         return {
             objectType: this.objectType,
@@ -50,6 +54,9 @@ export class AuthorizationBare {
     asCurlArguments() {
         return ['-H', `Authorization: ${this.token}`];
     }
+    isExpired() {
+        return undefined;
+    }
     toJSON() {
         return {
             objectType: this.objectType,
@@ -79,6 +86,9 @@ export class SlackApiCredentials {
     asCurlArguments() {
         return ['-H', `Authorization: Bearer ${this.token}`, '-H', `Cookie: d=${this.dCookie}`];
     }
+    isExpired() {
+        return undefined;
+    }
     toJSON() {
         return {
             objectType: this.objectType,
@@ -90,6 +100,72 @@ export class SlackApiCredentials {
         return new SlackApiCredentials(data.token, data.dCookie);
     }
 }
+/**
+ * OAuth 2.0 credentials (access token, refresh token, client ID, and client secret).
+ * Used by services that implement OAuth 2.0 authorization flows.
+ * Token attributes are optional - when only clientId and clientSecret are present,
+ * this represents credentials from the prepare() step before obtaining user tokens.
+ */
+export const OAuthCredentialsSchema = z.object({
+    objectType: z.literal('oauth'),
+    accessToken: z.string().optional(),
+    refreshToken: z.string().optional(),
+    clientId: z.string(),
+    clientSecret: z.string(),
+    accessTokenExpiresAt: z.string().optional(),
+    refreshTokenExpiresAt: z.string().optional(),
+});
+export class OAuthCredentials {
+    objectType = 'oauth';
+    accessToken;
+    refreshToken;
+    clientId;
+    clientSecret;
+    accessTokenExpiresAt;
+    refreshTokenExpiresAt;
+    constructor(clientId, clientSecret, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) {
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+        this.accessTokenExpiresAt = accessTokenExpiresAt;
+        this.refreshTokenExpiresAt = refreshTokenExpiresAt;
+    }
+    asCurlArguments() {
+        if (this.accessToken === undefined) {
+            throw new ApiCredentialsUsageError('OAuth credentials missing access token. Run login to obtain access tokens.');
+        }
+        return ['-H', `Authorization: Bearer ${this.accessToken}`];
+    }
+    isExpired() {
+        if (this.accessTokenExpiresAt === undefined) {
+            return undefined;
+        }
+        const expirationDate = new Date(this.accessTokenExpiresAt);
+        return Date.now() >= expirationDate.getTime();
+    }
+    toJSON() {
+        const result = {
+            objectType: this.objectType,
+            clientId: this.clientId,
+            clientSecret: this.clientSecret,
+            accessToken: this.accessToken,
+            refreshToken: this.refreshToken,
+            accessTokenExpiresAt: this.accessTokenExpiresAt,
+            refreshTokenExpiresAt: this.refreshTokenExpiresAt,
+        };
+        return result;
+    }
+    static fromJSON(data) {
+        return new OAuthCredentials(data.clientId, data.clientSecret, data.accessToken, data.refreshToken, data.accessTokenExpiresAt, data.refreshTokenExpiresAt);
+    }
+}
+export class ApiCredentialsUsageError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ApiCredentialsUsageError';
+    }
+}
 /**
  * Union schema for all credential types.
  */
@@ -97,6 +173,7 @@ export const ApiCredentialsSchema = z.discriminatedUnion('objectType', [
     AuthorizationBearerSchema,
     AuthorizationBareSchema,
     SlackApiCredentialsSchema,
+    OAuthCredentialsSchema,
 ]);
 /**
  * Deserialize credentials from JSON data.
@@ -109,6 +186,8 @@ export function deserializeCredentials(data) {
             return AuthorizationBare.fromJSON(data);
         case 'slack':
             return SlackApiCredentials.fromJSON(data);
+        case 'oauth':
+            return OAuthCredentials.fromJSON(data);
         default: {
             const exhaustiveCheck = data;
             throw new ApiCredentialsSerializationError(`Unknown credential type: ${exhaustiveCheck.objectType}`);
@@ -128,6 +207,9 @@ export function serializeCredentials(credentials) {
     if (credentials instanceof SlackApiCredentials) {
         return credentials.toJSON();
     }
+    if (credentials instanceof OAuthCredentials) {
+        return credentials.toJSON();
+    }
     throw new ApiCredentialsSerializationError(`Unknown credential type: ${credentials.objectType}`);
 }
 export class ApiCredentialsSerializationError extends Error {

package/dist/src/apiCredentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"apiCredentials.js","sourceRoot":"","sources":["../../src/apiCredentials.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAN,IAAY,mBAIX;AAJD,WAAY,mBAAmB;IAC7B,0CAAmB,CAAA;IACnB,sCAAe,CAAA;IACf,0CAAmB,CAAA;AACrB,CAAC,EAJW,mBAAmB,KAAnB,mBAAmB,QAI9B;AAWD;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC;IAC5C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CAAC;AAIH,MAAM,OAAO,mBAAmB;IACrB,UAAU,GAAG,qBAA8B,CAAC;IAC5C,KAAK,CAAS;IAEvB,YAAY,KAAa;QACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,yBAAyB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAC1C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CAAC;AAIH,MAAM,OAAO,iBAAiB;IACnB,UAAU,GAAG,mBAA4B,CAAC;IAC1C,KAAK,CAAS;IAEvB,YAAY,KAAa;QACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,kBAAkB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA2B;QACzC,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC,CAAC;AAIH,MAAM,OAAO,mBAAmB;IACrB,UAAU,GAAG,OAAgB,CAAC;IAC9B,KAAK,CAAS;IACd,OAAO,CAAS;IAEzB,YAAY,KAAa,EAAE,OAAe;QACxC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,yBAAyB,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACrE,yBAAyB;IACzB,uBAAuB;IACvB,yBAAyB;CAC1B,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAwB;IAC7D,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,qBAAqB;YACxB,OAAO,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5C,KAAK,mBAAmB;YACtB,OAAO,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1C,KAAK,OAAO;YACV,OAAO,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,eAAe,GAAU,IAAI,CAAC;YACpC,MAAM,IAAI,gCAAgC,CACxC,4BAA6B,eAA0C,CAAC,UAAU,EAAE,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAA2B;IAC9D,IAAI,WAAW,YAAY,mBAAmB,EAAE,CAAC;QAC/C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,WAAW,YAAY,iBAAiB,EAAE,CAAC;QAC7C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,WAAW,YAAY,mBAAmB,EAAE,CAAC;QAC/C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,MAAM,IAAI,gCAAgC,CAAC,4BAA4B,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,MAAM,OAAO,gCAAiC,SAAQ,KAAK;IACzD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kCAAkC,CAAC;IACjD,CAAC;CACF"}
+{"version":3,"file":"apiCredentials.js","sourceRoot":"","sources":["../../src/apiCredentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAN,IAAY,mBAIX;AAJD,WAAY,mBAAmB;IAC7B,0CAAmB,CAAA;IACnB,sCAAe,CAAA;IACf,0CAAmB,CAAA;AACrB,CAAC,EAJW,mBAAmB,KAAnB,mBAAmB,QAI9B;AAgBD;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC;IAC5C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CAAC;AAIH,MAAM,OAAO,mBAAmB;IACrB,UAAU,GAAG,qBAA8B,CAAC;IAC5C,KAAK,CAAS;IAEvB,YAAY,KAAa;QACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,yBAAyB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,SAAS;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAC1C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CAAC;AAIH,MAAM,OAAO,iBAAiB;IACnB,UAAU,GAAG,mBAA4B,CAAC;IAC1C,KAAK,CAAS;IAEvB,YAAY,KAAa;QACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,kBAAkB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,SAAS;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA2B;QACzC,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC,CAAC;AAIH,MAAM,OAAO,mBAAmB;IACrB,UAAU,GAAG,OAAgB,CAAC;IAC9B,KAAK,CAAS;IACd,OAAO,CAAS;IAEzB,YAAY,KAAa,EAAE,OAAe;QACxC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,eAAe;QACb,OAAO,CAAC,IAAI,EAAE,yBAAyB,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,SAAS;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAIH,MAAM,OAAO,gBAAgB;IAClB,UAAU,GAAG,OAAgB,CAAC;IAC9B,WAAW,CAAU;IACrB,YAAY,CAAU;IACtB,QAAQ,CAAS;IACjB,YAAY,CAAS;IACrB,oBAAoB,CAAU;IAC9B,qBAAqB,CAAU;IAExC,YACE,QAAgB,EAChB,YAAoB,EACpB,WAAoB,EACpB,YAAqB,EACrB,oBAA6B,EAC7B,qBAA8B;QAE9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;IACrD,CAAC;IAED,eAAe;QACb,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,wBAAwB,CAChC,4EAA4E,CAC7E,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,IAAI,EAAE,yBAAyB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,SAAS;QACP,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;YAC5C,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;IAChD,CAAC;IAED,MAAM;QACJ,MAAM,MAAM,GAAyB;YACnC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,oBAAoB,EAAE,IAAI,CAAC,oBAAoB;YAC/C,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;SAClD,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA0B;QACxC,OAAO,IAAI,gBAAgB,CACzB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,qBAAqB,CAC3B,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACrE,yBAAyB;IACzB,uBAAuB;IACvB,yBAAyB;IACzB,sBAAsB;CACvB,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAwB;IAC7D,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,qBAAqB;YACxB,OAAO,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5C,KAAK,mBAAmB;YACtB,OAAO,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1C,KAAK,OAAO;YACV,OAAO,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5C,KAAK,OAAO;YACV,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,eAAe,GAAU,IAAI,CAAC;YACpC,MAAM,IAAI,gCAAgC,CACxC,4BAA6B,eAA0C,CAAC,UAAU,EAAE,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAA2B;IAC9D,IAAI,WAAW,YAAY,mBAAmB,EAAE,CAAC;QAC/C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,WAAW,YAAY,iBAAiB,EAAE,CAAC;QAC7C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,WAAW,YAAY,mBAAmB,EAAE,CAAC;QAC/C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,WAAW,YAAY,gBAAgB,EAAE,CAAC;QAC5C,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC;IACD,MAAM,IAAI,gCAAgC,CAAC,4BAA4B,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,MAAM,OAAO,gCAAiC,SAAQ,KAAK;IACzD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kCAAkC,CAAC;IACjD,CAAC;CACF"}

package/dist/src/browserState.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Browser state management utilities.
+ */
+/**
+ * Get the browser state path from the LATCHKEY_BROWSER_STATE environment variable.
+ */
+export declare function getBrowserStatePath(): string | null;
+//# sourceMappingURL=browserState.d.ts.map

package/dist/src/browserState.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserState.d.ts","sourceRoot":"","sources":["../../src/browserState.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAUnD"}

package/dist/src/browserState.js

@@ -0,0 +1,21 @@
+/**
+ * Browser state management utilities.
+ */
+import { homedir } from 'node:os';
+import { resolve } from 'node:path';
+const LATCHKEY_BROWSER_STATE_ENV_VAR = 'LATCHKEY_BROWSER_STATE';
+/**
+ * Get the browser state path from the LATCHKEY_BROWSER_STATE environment variable.
+ */
+export function getBrowserStatePath() {
+    const envValue = process.env[LATCHKEY_BROWSER_STATE_ENV_VAR];
+    if (envValue) {
+        // Expand ~ to home directory
+        if (envValue.startsWith('~')) {
+            return resolve(homedir(), envValue.slice(2));
+        }
+        return resolve(envValue);
+    }
+    return null;
+}
+//# sourceMappingURL=browserState.js.map

package/dist/src/browserState.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserState.js","sourceRoot":"","sources":["../../src/browserState.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,MAAM,8BAA8B,GAAG,wBAAwB,CAAC;AAEhE;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC7D,IAAI,QAAQ,EAAE,CAAC;QACb,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/cli.js

@@ -5,6 +5,7 @@
 import { program } from 'commander';
 import { registerCommands, createDefaultDependencies } from './cliCommands.js';
 import { InsecureFilePermissionsError } from './config.js';
+import packageJson from '../package.json' with { type: 'json' };
 const deps = createDefaultDependencies();
 try {
     deps.config.checkSensitiveFilePermissions();
@@ -19,7 +20,7 @@ catch (error) {
 program
     .name('latchkey')
     .description('A command-line tool that injects API credentials to curl requests to known public APIs.')
-    .version('0.1.4');
+    .version(packageJson.version);
 registerCommands(program, deps);
 program.parse();
 //# sourceMappingURL=cli.js.map