levante 0.1.4 → 0.2.0

package/dist/cli-2pkertsv.js

@@ -0,0 +1,936 @@
+// ../cli-auth/dist/index.js
+import { createHash, randomBytes } from "node:crypto";
+import { createServer } from "node:http";
+import process7 from "node:process";
+import { Buffer } from "node:buffer";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { promisify as promisify5 } from "node:util";
+import childProcess from "node:child_process";
+import fs5, { constants as fsConstants2 } from "node:fs/promises";
+import process3 from "node:process";
+import fs4, { constants as fsConstants } from "node:fs/promises";
+import process2 from "node:process";
+import os from "node:os";
+import fs3 from "node:fs";
+import fs2 from "node:fs";
+import fs from "node:fs";
+import { promisify as promisify4 } from "node:util";
+import process6 from "node:process";
+import { execFile as execFile4 } from "node:child_process";
+import { promisify } from "node:util";
+import process4 from "node:process";
+import { execFile } from "node:child_process";
+import process5 from "node:process";
+import { promisify as promisify2 } from "node:util";
+import { execFile as execFile2, execFileSync } from "node:child_process";
+import { promisify as promisify3 } from "node:util";
+import { execFile as execFile3 } from "node:child_process";
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+var __create = Object.create;
+var __getProtoOf = Object.getPrototypeOf;
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toESMCache_node;
+var __toESMCache_esm;
+var __toESM = (mod, isNodeMode, target) => {
+  var canCache = mod != null && typeof mod === "object";
+  if (canCache) {
+    var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
+    var cached = cache.get(mod);
+    if (cached)
+      return cached;
+  }
+  target = mod != null ? __create(__getProtoOf(mod)) : {};
+  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
+  for (let key of __getOwnPropNames(mod))
+    if (!__hasOwnProp.call(to, key))
+      __defProp(to, key, {
+        get: __accessProp.bind(mod, key),
+        enumerable: true
+      });
+  if (canCache)
+    cache.set(mod, to);
+  return to;
+};
+var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+var require_picocolors = __commonJS((exports, module) => {
+  var p = process || {};
+  var argv = p.argv || [];
+  var env = p.env || {};
+  var isColorSupported = !(!!env.NO_COLOR || argv.includes("--no-color")) && (!!env.FORCE_COLOR || argv.includes("--color") || p.platform === "win32" || (p.stdout || {}).isTTY && env.TERM !== "dumb" || !!env.CI);
+  var formatter = (open, close, replace = open) => (input) => {
+    let string = "" + input, index = string.indexOf(close, open.length);
+    return ~index ? open + replaceClose(string, close, replace, index) + close : open + string + close;
+  };
+  var replaceClose = (string, close, replace, index) => {
+    let result = "", cursor = 0;
+    do {
+      result += string.substring(cursor, index) + replace;
+      cursor = index + close.length;
+      index = string.indexOf(close, cursor);
+    } while (~index);
+    return result + string.substring(cursor);
+  };
+  var createColors = (enabled = isColorSupported) => {
+    let f = enabled ? formatter : () => String;
+    return {
+      isColorSupported: enabled,
+      reset: f("\x1B[0m", "\x1B[0m"),
+      bold: f("\x1B[1m", "\x1B[22m", "\x1B[22m\x1B[1m"),
+      dim: f("\x1B[2m", "\x1B[22m", "\x1B[22m\x1B[2m"),
+      italic: f("\x1B[3m", "\x1B[23m"),
+      underline: f("\x1B[4m", "\x1B[24m"),
+      inverse: f("\x1B[7m", "\x1B[27m"),
+      hidden: f("\x1B[8m", "\x1B[28m"),
+      strikethrough: f("\x1B[9m", "\x1B[29m"),
+      black: f("\x1B[30m", "\x1B[39m"),
+      red: f("\x1B[31m", "\x1B[39m"),
+      green: f("\x1B[32m", "\x1B[39m"),
+      yellow: f("\x1B[33m", "\x1B[39m"),
+      blue: f("\x1B[34m", "\x1B[39m"),
+      magenta: f("\x1B[35m", "\x1B[39m"),
+      cyan: f("\x1B[36m", "\x1B[39m"),
+      white: f("\x1B[37m", "\x1B[39m"),
+      gray: f("\x1B[90m", "\x1B[39m"),
+      bgBlack: f("\x1B[40m", "\x1B[49m"),
+      bgRed: f("\x1B[41m", "\x1B[49m"),
+      bgGreen: f("\x1B[42m", "\x1B[49m"),
+      bgYellow: f("\x1B[43m", "\x1B[49m"),
+      bgBlue: f("\x1B[44m", "\x1B[49m"),
+      bgMagenta: f("\x1B[45m", "\x1B[49m"),
+      bgCyan: f("\x1B[46m", "\x1B[49m"),
+      bgWhite: f("\x1B[47m", "\x1B[49m"),
+      blackBright: f("\x1B[90m", "\x1B[39m"),
+      redBright: f("\x1B[91m", "\x1B[39m"),
+      greenBright: f("\x1B[92m", "\x1B[39m"),
+      yellowBright: f("\x1B[93m", "\x1B[39m"),
+      blueBright: f("\x1B[94m", "\x1B[39m"),
+      magentaBright: f("\x1B[95m", "\x1B[39m"),
+      cyanBright: f("\x1B[96m", "\x1B[39m"),
+      whiteBright: f("\x1B[97m", "\x1B[39m"),
+      bgBlackBright: f("\x1B[100m", "\x1B[49m"),
+      bgRedBright: f("\x1B[101m", "\x1B[49m"),
+      bgGreenBright: f("\x1B[102m", "\x1B[49m"),
+      bgYellowBright: f("\x1B[103m", "\x1B[49m"),
+      bgBlueBright: f("\x1B[104m", "\x1B[49m"),
+      bgMagentaBright: f("\x1B[105m", "\x1B[49m"),
+      bgCyanBright: f("\x1B[106m", "\x1B[49m"),
+      bgWhiteBright: f("\x1B[107m", "\x1B[49m")
+    };
+  };
+  module.exports = createColors();
+  module.exports.createColors = createColors;
+});
+var import_picocolors2 = __toESM(require_picocolors(), 1);
+var isDockerCached;
+function hasDockerEnv() {
+  try {
+    fs.statSync("/.dockerenv");
+    return true;
+  } catch {
+    return false;
+  }
+}
+function hasDockerCGroup() {
+  try {
+    return fs.readFileSync("/proc/self/cgroup", "utf8").includes("docker");
+  } catch {
+    return false;
+  }
+}
+function isDocker() {
+  if (isDockerCached === undefined) {
+    isDockerCached = hasDockerEnv() || hasDockerCGroup();
+  }
+  return isDockerCached;
+}
+var cachedResult;
+var hasContainerEnv = () => {
+  try {
+    fs2.statSync("/run/.containerenv");
+    return true;
+  } catch {
+    return false;
+  }
+};
+function isInsideContainer() {
+  if (cachedResult === undefined) {
+    cachedResult = hasContainerEnv() || isDocker();
+  }
+  return cachedResult;
+}
+var isWsl = () => {
+  if (process2.platform !== "linux") {
+    return false;
+  }
+  if (os.release().toLowerCase().includes("microsoft")) {
+    if (isInsideContainer()) {
+      return false;
+    }
+    return true;
+  }
+  try {
+    if (fs3.readFileSync("/proc/version", "utf8").toLowerCase().includes("microsoft")) {
+      return !isInsideContainer();
+    }
+  } catch {}
+  if (fs3.existsSync("/proc/sys/fs/binfmt_misc/WSLInterop") || fs3.existsSync("/run/WSL")) {
+    return !isInsideContainer();
+  }
+  return false;
+};
+var is_wsl_default = process2.env.__IS_WSL_TEST__ ? isWsl : isWsl();
+var wslDrivesMountPoint = (() => {
+  const defaultMountPoint = "/mnt/";
+  let mountPoint;
+  return async function() {
+    if (mountPoint) {
+      return mountPoint;
+    }
+    const configFilePath = "/etc/wsl.conf";
+    let isConfigFileExists = false;
+    try {
+      await fs4.access(configFilePath, fsConstants.F_OK);
+      isConfigFileExists = true;
+    } catch {}
+    if (!isConfigFileExists) {
+      return defaultMountPoint;
+    }
+    const configContent = await fs4.readFile(configFilePath, { encoding: "utf8" });
+    const configMountPoint = /(?<!#.*)root\s*=\s*(?<mountPoint>.*)/g.exec(configContent);
+    if (!configMountPoint) {
+      return defaultMountPoint;
+    }
+    mountPoint = configMountPoint.groups.mountPoint.trim();
+    mountPoint = mountPoint.endsWith("/") ? mountPoint : `${mountPoint}/`;
+    return mountPoint;
+  };
+})();
+var powerShellPathFromWsl = async () => {
+  const mountPoint = await wslDrivesMountPoint();
+  return `${mountPoint}c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe`;
+};
+var powerShellPath = async () => {
+  if (is_wsl_default) {
+    return powerShellPathFromWsl();
+  }
+  return `${process3.env.SYSTEMROOT || process3.env.windir || String.raw`C:\Windows`}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`;
+};
+function defineLazyProperty(object, propertyName, valueGetter) {
+  const define = (value) => Object.defineProperty(object, propertyName, { value, enumerable: true, writable: true });
+  Object.defineProperty(object, propertyName, {
+    configurable: true,
+    enumerable: true,
+    get() {
+      const result = valueGetter();
+      define(result);
+      return result;
+    },
+    set(value) {
+      define(value);
+    }
+  });
+  return object;
+}
+var execFileAsync = promisify(execFile);
+async function defaultBrowserId() {
+  if (process4.platform !== "darwin") {
+    throw new Error("macOS only");
+  }
+  const { stdout } = await execFileAsync("defaults", ["read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers"]);
+  const match = /LSHandlerRoleAll = "(?!-)(?<id>[^"]+?)";\s+?LSHandlerURLScheme = (?:http|https);/.exec(stdout);
+  const browserId = match?.groups.id ?? "com.apple.Safari";
+  if (browserId === "com.apple.safari") {
+    return "com.apple.Safari";
+  }
+  return browserId;
+}
+var execFileAsync2 = promisify2(execFile2);
+async function runAppleScript(script, { humanReadableOutput = true, signal } = {}) {
+  if (process5.platform !== "darwin") {
+    throw new Error("macOS only");
+  }
+  const outputArguments = humanReadableOutput ? [] : ["-ss"];
+  const execOptions = {};
+  if (signal) {
+    execOptions.signal = signal;
+  }
+  const { stdout } = await execFileAsync2("osascript", ["-e", script, outputArguments], execOptions);
+  return stdout.trim();
+}
+async function bundleName(bundleId) {
+  return runAppleScript(`tell application "Finder" to set app_path to application file id "${bundleId}" as string
+tell application "System Events" to get value of property list item "CFBundleName" of property list file (app_path & ":Contents:Info.plist")`);
+}
+var execFileAsync3 = promisify3(execFile3);
+var windowsBrowserProgIds = {
+  MSEdgeHTM: { name: "Edge", id: "com.microsoft.edge" },
+  MSEdgeBHTML: { name: "Edge Beta", id: "com.microsoft.edge.beta" },
+  MSEdgeDHTML: { name: "Edge Dev", id: "com.microsoft.edge.dev" },
+  AppXq0fevzme2pys62n3e0fbqa7peapykr8v: { name: "Edge", id: "com.microsoft.edge.old" },
+  ChromeHTML: { name: "Chrome", id: "com.google.chrome" },
+  ChromeBHTML: { name: "Chrome Beta", id: "com.google.chrome.beta" },
+  ChromeDHTML: { name: "Chrome Dev", id: "com.google.chrome.dev" },
+  ChromiumHTM: { name: "Chromium", id: "org.chromium.Chromium" },
+  BraveHTML: { name: "Brave", id: "com.brave.Browser" },
+  BraveBHTML: { name: "Brave Beta", id: "com.brave.Browser.beta" },
+  BraveDHTML: { name: "Brave Dev", id: "com.brave.Browser.dev" },
+  BraveSSHTM: { name: "Brave Nightly", id: "com.brave.Browser.nightly" },
+  FirefoxURL: { name: "Firefox", id: "org.mozilla.firefox" },
+  OperaStable: { name: "Opera", id: "com.operasoftware.Opera" },
+  VivaldiHTM: { name: "Vivaldi", id: "com.vivaldi.Vivaldi" },
+  "IE.HTTP": { name: "Internet Explorer", id: "com.microsoft.ie" }
+};
+var _windowsBrowserProgIdMap = new Map(Object.entries(windowsBrowserProgIds));
+
+class UnknownBrowserError extends Error {
+}
+async function defaultBrowser(_execFileAsync = execFileAsync3) {
+  const { stdout } = await _execFileAsync("reg", [
+    "QUERY",
+    " HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
+    "/v",
+    "ProgId"
+  ]);
+  const match = /ProgId\s*REG_SZ\s*(?<id>\S+)/.exec(stdout);
+  if (!match) {
+    throw new UnknownBrowserError(`Cannot find Windows browser in stdout: ${JSON.stringify(stdout)}`);
+  }
+  const { id } = match.groups;
+  const dotIndex = id.lastIndexOf(".");
+  const hyphenIndex = id.lastIndexOf("-");
+  const baseIdByDot = dotIndex === -1 ? undefined : id.slice(0, dotIndex);
+  const baseIdByHyphen = hyphenIndex === -1 ? undefined : id.slice(0, hyphenIndex);
+  return windowsBrowserProgIds[id] ?? windowsBrowserProgIds[baseIdByDot] ?? windowsBrowserProgIds[baseIdByHyphen] ?? { name: id, id };
+}
+var execFileAsync4 = promisify4(execFile4);
+var titleize = (string) => string.toLowerCase().replaceAll(/(?:^|\s|-)\S/g, (x) => x.toUpperCase());
+async function defaultBrowser2() {
+  if (process6.platform === "darwin") {
+    const id = await defaultBrowserId();
+    const name = await bundleName(id);
+    return { name, id };
+  }
+  if (process6.platform === "linux") {
+    const { stdout } = await execFileAsync4("xdg-mime", ["query", "default", "x-scheme-handler/http"]);
+    const id = stdout.trim();
+    const name = titleize(id.replace(/.desktop$/, "").replace("-", " "));
+    return { name, id };
+  }
+  if (process6.platform === "win32") {
+    return defaultBrowser();
+  }
+  throw new Error("Only macOS, Linux, and Windows are supported");
+}
+var execFile5 = promisify5(childProcess.execFile);
+var __dirname2 = path.dirname(fileURLToPath(import.meta.url));
+var localXdgOpenPath = path.join(__dirname2, "xdg-open");
+var { platform, arch } = process7;
+async function getWindowsDefaultBrowserFromWsl() {
+  const powershellPath = await powerShellPath();
+  const rawCommand = String.raw`(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice").ProgId`;
+  const encodedCommand = Buffer.from(rawCommand, "utf16le").toString("base64");
+  const { stdout } = await execFile5(powershellPath, [
+    "-NoProfile",
+    "-NonInteractive",
+    "-ExecutionPolicy",
+    "Bypass",
+    "-EncodedCommand",
+    encodedCommand
+  ], { encoding: "utf8" });
+  const progId = stdout.trim();
+  const browserMap = {
+    ChromeHTML: "com.google.chrome",
+    BraveHTML: "com.brave.Browser",
+    MSEdgeHTM: "com.microsoft.edge",
+    FirefoxURL: "org.mozilla.firefox"
+  };
+  return browserMap[progId] ? { id: browserMap[progId] } : {};
+}
+var pTryEach = async (array, mapper) => {
+  let latestError;
+  for (const item of array) {
+    try {
+      return await mapper(item);
+    } catch (error) {
+      latestError = error;
+    }
+  }
+  throw latestError;
+};
+var baseOpen = async (options) => {
+  options = {
+    wait: false,
+    background: false,
+    newInstance: false,
+    allowNonzeroExitCode: false,
+    ...options
+  };
+  if (Array.isArray(options.app)) {
+    return pTryEach(options.app, (singleApp) => baseOpen({
+      ...options,
+      app: singleApp
+    }));
+  }
+  let { name: app, arguments: appArguments = [] } = options.app ?? {};
+  appArguments = [...appArguments];
+  if (Array.isArray(app)) {
+    return pTryEach(app, (appName) => baseOpen({
+      ...options,
+      app: {
+        name: appName,
+        arguments: appArguments
+      }
+    }));
+  }
+  if (app === "browser" || app === "browserPrivate") {
+    const ids = {
+      "com.google.chrome": "chrome",
+      "google-chrome.desktop": "chrome",
+      "com.brave.Browser": "brave",
+      "org.mozilla.firefox": "firefox",
+      "firefox.desktop": "firefox",
+      "com.microsoft.msedge": "edge",
+      "com.microsoft.edge": "edge",
+      "com.microsoft.edgemac": "edge",
+      "microsoft-edge.desktop": "edge"
+    };
+    const flags = {
+      chrome: "--incognito",
+      brave: "--incognito",
+      firefox: "--private-window",
+      edge: "--inPrivate"
+    };
+    const browser = is_wsl_default ? await getWindowsDefaultBrowserFromWsl() : await defaultBrowser2();
+    if (browser.id in ids) {
+      const browserName = ids[browser.id];
+      if (app === "browserPrivate") {
+        appArguments.push(flags[browserName]);
+      }
+      return baseOpen({
+        ...options,
+        app: {
+          name: apps[browserName],
+          arguments: appArguments
+        }
+      });
+    }
+    throw new Error(`${browser.name} is not supported as a default browser`);
+  }
+  let command;
+  const cliArguments = [];
+  const childProcessOptions = {};
+  if (platform === "darwin") {
+    command = "open";
+    if (options.wait) {
+      cliArguments.push("--wait-apps");
+    }
+    if (options.background) {
+      cliArguments.push("--background");
+    }
+    if (options.newInstance) {
+      cliArguments.push("--new");
+    }
+    if (app) {
+      cliArguments.push("-a", app);
+    }
+  } else if (platform === "win32" || is_wsl_default && !isInsideContainer() && !app) {
+    command = await powerShellPath();
+    cliArguments.push("-NoProfile", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-EncodedCommand");
+    if (!is_wsl_default) {
+      childProcessOptions.windowsVerbatimArguments = true;
+    }
+    const encodedArguments = ["Start"];
+    if (options.wait) {
+      encodedArguments.push("-Wait");
+    }
+    if (app) {
+      encodedArguments.push(`"\`"${app}\`""`);
+      if (options.target) {
+        appArguments.push(options.target);
+      }
+    } else if (options.target) {
+      encodedArguments.push(`"${options.target}"`);
+    }
+    if (appArguments.length > 0) {
+      appArguments = appArguments.map((argument) => `"\`"${argument}\`""`);
+      encodedArguments.push("-ArgumentList", appArguments.join(","));
+    }
+    options.target = Buffer.from(encodedArguments.join(" "), "utf16le").toString("base64");
+  } else {
+    if (app) {
+      command = app;
+    } else {
+      const isBundled = !__dirname2 || __dirname2 === "/";
+      let exeLocalXdgOpen = false;
+      try {
+        await fs5.access(localXdgOpenPath, fsConstants2.X_OK);
+        exeLocalXdgOpen = true;
+      } catch {}
+      const useSystemXdgOpen = process7.versions.electron ?? (platform === "android" || isBundled || !exeLocalXdgOpen);
+      command = useSystemXdgOpen ? "xdg-open" : localXdgOpenPath;
+    }
+    if (appArguments.length > 0) {
+      cliArguments.push(...appArguments);
+    }
+    if (!options.wait) {
+      childProcessOptions.stdio = "ignore";
+      childProcessOptions.detached = true;
+    }
+  }
+  if (platform === "darwin" && appArguments.length > 0) {
+    cliArguments.push("--args", ...appArguments);
+  }
+  if (options.target) {
+    cliArguments.push(options.target);
+  }
+  const subprocess = childProcess.spawn(command, cliArguments, childProcessOptions);
+  if (options.wait) {
+    return new Promise((resolve, reject) => {
+      subprocess.once("error", reject);
+      subprocess.once("close", (exitCode) => {
+        if (!options.allowNonzeroExitCode && exitCode > 0) {
+          reject(new Error(`Exited with code ${exitCode}`));
+          return;
+        }
+        resolve(subprocess);
+      });
+    });
+  }
+  subprocess.unref();
+  return subprocess;
+};
+var open = (target, options) => {
+  if (typeof target !== "string") {
+    throw new TypeError("Expected a `target`");
+  }
+  return baseOpen({
+    ...options,
+    target
+  });
+};
+function detectArchBinary(binary) {
+  if (typeof binary === "string" || Array.isArray(binary)) {
+    return binary;
+  }
+  const { [arch]: archBinary } = binary;
+  if (!archBinary) {
+    throw new Error(`${arch} is not supported`);
+  }
+  return archBinary;
+}
+function detectPlatformBinary({ [platform]: platformBinary }, { wsl }) {
+  if (wsl && is_wsl_default) {
+    return detectArchBinary(wsl);
+  }
+  if (!platformBinary) {
+    throw new Error(`${platform} is not supported`);
+  }
+  return detectArchBinary(platformBinary);
+}
+var apps = {};
+defineLazyProperty(apps, "chrome", () => detectPlatformBinary({
+  darwin: "google chrome",
+  win32: "chrome",
+  linux: ["google-chrome", "google-chrome-stable", "chromium"]
+}, {
+  wsl: {
+    ia32: "/mnt/c/Program Files (x86)/Google/Chrome/Application/chrome.exe",
+    x64: ["/mnt/c/Program Files/Google/Chrome/Application/chrome.exe", "/mnt/c/Program Files (x86)/Google/Chrome/Application/chrome.exe"]
+  }
+}));
+defineLazyProperty(apps, "brave", () => detectPlatformBinary({
+  darwin: "brave browser",
+  win32: "brave",
+  linux: ["brave-browser", "brave"]
+}, {
+  wsl: {
+    ia32: "/mnt/c/Program Files (x86)/BraveSoftware/Brave-Browser/Application/brave.exe",
+    x64: ["/mnt/c/Program Files/BraveSoftware/Brave-Browser/Application/brave.exe", "/mnt/c/Program Files (x86)/BraveSoftware/Brave-Browser/Application/brave.exe"]
+  }
+}));
+defineLazyProperty(apps, "firefox", () => detectPlatformBinary({
+  darwin: "firefox",
+  win32: String.raw`C:\Program Files\Mozilla Firefox\firefox.exe`,
+  linux: "firefox"
+}, {
+  wsl: "/mnt/c/Program Files/Mozilla Firefox/firefox.exe"
+}));
+defineLazyProperty(apps, "edge", () => detectPlatformBinary({
+  darwin: "microsoft edge",
+  win32: "msedge",
+  linux: ["microsoft-edge", "microsoft-edge-dev"]
+}, {
+  wsl: "/mnt/c/Program Files (x86)/Microsoft/Edge/Application/msedge.exe"
+}));
+defineLazyProperty(apps, "browser", () => "browser");
+defineLazyProperty(apps, "browserPrivate", () => "browserPrivate");
+var open_default = open;
+var import_picocolors = __toESM(require_picocolors(), 1);
+var AUTH_DIR = join(homedir(), ".qai");
+var AUTH_FILE = join(AUTH_DIR, "auth.json");
+function emptyStore() {
+  return { version: 1, sessions: [], activeSessionIndex: -1 };
+}
+function loadStore() {
+  if (!existsSync(AUTH_FILE))
+    return emptyStore();
+  try {
+    const data = JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
+    if (data.version !== 1)
+      return emptyStore();
+    return data;
+  } catch {
+    return emptyStore();
+  }
+}
+function saveStore(store) {
+  mkdirSync(AUTH_DIR, { recursive: true });
+  writeFileSync(AUTH_FILE, JSON.stringify(store, null, 2), { mode: 384 });
+}
+function getActiveSession() {
+  const store = loadStore();
+  if (store.activeSessionIndex < 0 || store.activeSessionIndex >= store.sessions.length) {
+    return null;
+  }
+  return store.sessions[store.activeSessionIndex];
+}
+function saveSession(session) {
+  const store = loadStore();
+  const existingIdx = store.sessions.findIndex((s) => s.webappUrl === session.webappUrl && s.scope.appId === session.scope.appId);
+  if (existingIdx >= 0) {
+    store.sessions[existingIdx] = session;
+    store.activeSessionIndex = existingIdx;
+  } else {
+    store.sessions.push(session);
+    store.activeSessionIndex = store.sessions.length - 1;
+  }
+  saveStore(store);
+}
+function clearSession(webappUrl) {
+  const store = loadStore();
+  if (webappUrl) {
+    store.sessions = store.sessions.filter((s) => s.webappUrl !== webappUrl);
+  } else {
+    store.sessions = [];
+  }
+  store.activeSessionIndex = store.sessions.length > 0 ? 0 : -1;
+  saveStore(store);
+}
+var LOGIN_TIMEOUT_MS = 120000;
+function generateCodeVerifier() {
+  return randomBytes(32).toString("base64url");
+}
+function generateCodeChallenge(verifier) {
+  return createHash("sha256").update(verifier).digest("base64url");
+}
+function generateState() {
+  return randomBytes(16).toString("hex");
+}
+function htmlPage(body) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>QA Intelligence CLI</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #0a0e17; color: #e2e8f0; min-height: 100vh; display: flex; align-items: center; justify-content: center; }
+    .card { background: #131a2b; border: 1px solid #1e293b; border-radius: 16px; padding: 48px; max-width: 480px; width: 100%; text-align: center; box-shadow: 0 25px 50px rgba(0,0,0,0.4); }
+    .icon { font-size: 48px; margin-bottom: 16px; }
+    .icon.success { color: #22d3ee; }
+    .icon.error { color: #f87171; }
+    h2 { font-size: 22px; font-weight: 600; margin-bottom: 24px; }
+    .detail { display: flex; justify-content: space-between; padding: 10px 0; border-bottom: 1px solid #1e293b; font-size: 14px; }
+    .detail:last-child { border-bottom: none; }
+    .detail .label { color: #64748b; }
+    .detail .value { color: #e2e8f0; font-weight: 500; }
+    .scope { background: #0c1322; border: 1px solid #1e293b; border-radius: 8px; padding: 16px; margin: 20px 0; }
+    .close-hint { color: #475569; font-size: 13px; margin-top: 24px; }
+    .error-msg { color: #f87171; background: #1c1117; border: 1px solid #7f1d1d; border-radius: 8px; padding: 12px 16px; margin-top: 16px; font-size: 14px; }
+  </style>
+</head>
+<body><div class="card">${body}</div></body>
+</html>`;
+}
+function successPage(email, orgSlug, projectSlug, appSlug) {
+  return htmlPage(`
+    <div class="icon success">&#10003;</div>
+    <h2>Authenticated</h2>
+    <div class="scope">
+      <div class="detail"><span class="label">User</span><span class="value">${email}</span></div>
+      <div class="detail"><span class="label">Organization</span><span class="value">${orgSlug}</span></div>
+      <div class="detail"><span class="label">Project</span><span class="value">${projectSlug}</span></div>
+      <div class="detail"><span class="label">App</span><span class="value">${appSlug}</span></div>
+    </div>
+    <p class="close-hint">You can close this window and return to your terminal.</p>
+  `);
+}
+function errorPage(title, message) {
+  return htmlPage(`
+    <div class="icon error">&#10007;</div>
+    <h2>${title}</h2>
+    <div class="error-msg">${message}</div>
+    <p class="close-hint">Check your terminal for details.</p>
+  `);
+}
+async function login(opts) {
+  const { webappUrl } = opts;
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = generateCodeChallenge(codeVerifier);
+  const state = generateState();
+  return new Promise((resolve, reject) => {
+    const server = createServer(async (req, res) => {
+      const url = new URL(req.url, `http://localhost`);
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end("Not found");
+        return;
+      }
+      const code = url.searchParams.get("code");
+      const returnedState = url.searchParams.get("state");
+      const error = url.searchParams.get("error");
+      if (error) {
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(errorPage("Authentication Failed", error));
+        server.close();
+        reject(new Error(`Auth failed: ${error}`));
+        return;
+      }
+      if (!code || returnedState !== state) {
+        res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(errorPage("Invalid Callback", "Missing authorization code or state mismatch."));
+        server.close();
+        reject(new Error("Invalid callback: missing code or state mismatch"));
+        return;
+      }
+      try {
+        const exchangeRes = await fetch(`${webappUrl}/api/cli/token/exchange`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ code, code_verifier: codeVerifier })
+        });
+        if (!exchangeRes.ok) {
+          const errBody = await exchangeRes.text();
+          throw new Error(`Token exchange failed (${exchangeRes.status}): ${errBody}`);
+        }
+        const data = await exchangeRes.json();
+        const session = {
+          webappUrl,
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token,
+          expiresAt: new Date(Date.now() + data.expires_in * 1000).toISOString(),
+          refreshExpiresAt: new Date(Date.now() + data.refresh_expires_in * 1000).toISOString(),
+          user: data.user,
+          scope: data.scope,
+          createdAt: new Date().toISOString()
+        };
+        saveSession(session);
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(successPage(data.user.email, data.scope.orgSlug, data.scope.projectSlug, data.scope.appSlug));
+        server.close();
+        resolve(session);
+      } catch (err) {
+        res.writeHead(500, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(errorPage("Authentication Error", "Token exchange failed. Check your terminal for details."));
+        server.close();
+        reject(err);
+      }
+    });
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        reject(new Error("Failed to start local server"));
+        return;
+      }
+      const port = addr.port;
+      const authUrl = `${webappUrl}/cli/auth?redirect_port=${port}&code_challenge=${codeChallenge}&state=${state}`;
+      console.log(import_picocolors.default.dim(`Opening browser for authentication...`));
+      console.log(import_picocolors.default.dim(`If the browser doesn't open, visit:`));
+      console.log(import_picocolors.default.cyan(authUrl));
+      open_default(authUrl).catch(() => {});
+    });
+    setTimeout(() => {
+      server.close();
+      reject(new Error("Login timed out after 120 seconds"));
+    }, LOGIN_TIMEOUT_MS);
+  });
+}
+
+class AuthClient {
+  session;
+  constructor(session) {
+    this.session = session;
+  }
+  static fromSession() {
+    const session = getActiveSession();
+    if (!session)
+      return null;
+    return new AuthClient(session);
+  }
+  async refreshToken() {
+    try {
+      const res = await fetch(`${this.session.webappUrl}/api/cli/token/refresh`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.session.refreshToken}`
+        }
+      });
+      if (!res.ok)
+        return false;
+      const data = await res.json();
+      this.session = {
+        ...this.session,
+        accessToken: data.access_token,
+        expiresAt: new Date(Date.now() + data.expires_in * 1000).toISOString()
+      };
+      saveSession(this.session);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  isExpired() {
+    return new Date(this.session.expiresAt).getTime() < Date.now() + 60000;
+  }
+  async request(path2, options = {}) {
+    if (this.isExpired()) {
+      const refreshed = await this.refreshToken();
+      if (!refreshed) {
+        clearSession(this.session.webappUrl);
+        throw new Error("Session expired. Please run `auth login` again.");
+      }
+    }
+    const url = `${this.session.webappUrl}${path2}`;
+    const res = await fetch(url, {
+      ...options,
+      headers: {
+        ...options.headers,
+        Authorization: `Bearer ${this.session.accessToken}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (res.status === 401) {
+      const refreshed = await this.refreshToken();
+      if (!refreshed) {
+        clearSession(this.session.webappUrl);
+        throw new Error("Session expired. Please run `auth login` again.");
+      }
+      return fetch(url, {
+        ...options,
+        headers: {
+          ...options.headers,
+          Authorization: `Bearer ${this.session.accessToken}`,
+          "Content-Type": "application/json"
+        }
+      });
+    }
+    return res;
+  }
+  async get(path2) {
+    const res = await this.request(path2);
+    if (!res.ok) {
+      const body = await res.text();
+      throw new Error(`GET ${path2} failed (${res.status}): ${body}`);
+    }
+    return res.json();
+  }
+  async post(path2, body) {
+    const res = await this.request(path2, {
+      method: "POST",
+      body: body ? JSON.stringify(body) : undefined
+    });
+    if (!res.ok) {
+      const errBody = await res.text();
+      throw new Error(`POST ${path2} failed (${res.status}): ${errBody}`);
+    }
+    return res.json();
+  }
+  async del(path2) {
+    const res = await this.request(path2, { method: "DELETE" });
+    if (!res.ok) {
+      const body = await res.text();
+      throw new Error(`DELETE ${path2} failed (${res.status}): ${body}`);
+    }
+  }
+  getSession() {
+    return this.session;
+  }
+}
+var DEFAULT_WEBAPP_URL = "https://qaligent.space";
+function registerAuthCommands(program, opts) {
+  const defaultUrl = opts?.defaultWebappUrl ?? DEFAULT_WEBAPP_URL;
+  const authCmd = program.command("auth").description("Manage QA Intelligence authentication");
+  authCmd.command("login").description("Authenticate with QA Intelligence").option("--url <url>", "Webapp URL", defaultUrl).action(async (cmdOpts) => {
+    console.log(import_picocolors2.default.bold(`Authenticating with QA Intelligence...
+`));
+    try {
+      const session = await login({ webappUrl: cmdOpts.url });
+      console.log("");
+      console.log(import_picocolors2.default.green("✓") + " Authenticated as " + import_picocolors2.default.bold(session.user.email));
+      console.log(import_picocolors2.default.green("✓") + " Linked to: " + import_picocolors2.default.cyan(`${session.scope.orgSlug} / ${session.scope.projectSlug} / ${session.scope.appSlug}`));
+      console.log(import_picocolors2.default.dim(`  Token expires: ${new Date(session.expiresAt).toLocaleDateString()}`));
+    } catch (err) {
+      console.error(import_picocolors2.default.red("✗ Authentication failed:"), err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+  authCmd.command("logout").description("Sign out and revoke CLI token").action(async () => {
+    const session = getActiveSession();
+    if (!session) {
+      console.log(import_picocolors2.default.yellow("Not currently authenticated."));
+      return;
+    }
+    try {
+      const client = new AuthClient(session);
+      await client.del("/api/cli/token");
+    } catch {}
+    clearSession(session.webappUrl);
+    console.log(import_picocolors2.default.green("✓") + " Signed out successfully.");
+  });
+  authCmd.command("status").description("Show current authentication status").action(async () => {
+    const session = getActiveSession();
+    if (!session) {
+      console.log(import_picocolors2.default.yellow("Not authenticated."));
+      console.log(import_picocolors2.default.dim(`Run ${import_picocolors2.default.cyan(`${program.name()} auth login`)} to authenticate.`));
+      return;
+    }
+    const expired = new Date(session.expiresAt).getTime() < Date.now();
+    console.log(import_picocolors2.default.bold(`Authentication Status
+`));
+    console.log(`  User:    ${session.user.email} (${session.user.name})`);
+    console.log(`  Org:     ${session.scope.orgSlug}`);
+    console.log(`  Project: ${session.scope.projectSlug}`);
+    console.log(`  App:     ${session.scope.appSlug}`);
+    console.log(`  Webapp:  ${session.webappUrl}`);
+    console.log(`  Expires: ${new Date(session.expiresAt).toLocaleString()} ${expired ? import_picocolors2.default.red("(expired)") : import_picocolors2.default.green("(valid)")}`);
+    if (expired) {
+      console.log("");
+      console.log(import_picocolors2.default.dim(`Token expired. Run ${import_picocolors2.default.cyan(`${program.name()} auth login`)} to re-authenticate.`));
+    }
+  });
+  authCmd.command("switch").description("Switch scope (re-authenticate with different org/project/app)").option("--url <url>", "Webapp URL", defaultUrl).action(async (cmdOpts) => {
+    console.log(import_picocolors2.default.bold(`Switching scope...
+`));
+    console.log(import_picocolors2.default.dim(`This will open a browser to select a new org/project/app.
+`));
+    try {
+      const session = await login({ webappUrl: cmdOpts.url });
+      console.log("");
+      console.log(import_picocolors2.default.green("✓") + " Switched to: " + import_picocolors2.default.cyan(`${session.scope.orgSlug} / ${session.scope.projectSlug} / ${session.scope.appSlug}`));
+    } catch (err) {
+      console.error(import_picocolors2.default.red("✗ Switch failed:"), err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+}
+export { loadStore, getActiveSession, saveSession, clearSession, login, AuthClient, registerAuthCommands };