neozip-mcp 0.1.0-beta

package/dist/config/index.js

@@ -0,0 +1,74 @@
+import * as os from "os";
+import { applyActiveProfileToEnv } from "../account/profile-store.js";
+import { readConnectionCredentials } from "../connection/credentials.js";
+import { promoteReadyActiveConnection } from "../connection/promote-active.js";
+import { isAutoCapabilitiesMode, resolveCapabilities, } from "./capabilities.js";
+function parseSandboxPaths(raw) {
+    const defaults = [process.cwd(), os.homedir()];
+    if (!raw)
+        return defaults;
+    const custom = raw
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean);
+    return custom.length > 0 ? custom : defaults;
+}
+export function loadConfig() {
+    // Merge into process.env for subprocess compatibility; config reads connection store directly.
+    applyActiveProfileToEnv();
+    const rawCaps = process.env.NEOZIP_MCP_CAPABILITIES;
+    let creds = readConnectionCredentials();
+    if (isAutoCapabilitiesMode(rawCaps)) {
+        promoteReadyActiveConnection({
+            preferredTokenServiceOrigin: creds.tokenServiceUrl ?? undefined,
+        });
+        creds = readConnectionCredentials();
+    }
+    const { capabilities, mode: capabilitiesMode } = resolveCapabilities(rawCaps);
+    let walletKeySource = null;
+    let walletKey = null;
+    if (creds.walletKey) {
+        walletKey = creds.walletKey;
+        walletKeySource = "mcp-profile";
+    }
+    let networkSource = "default";
+    let network = "base-sepolia";
+    if (process.env.NEOZIP_NETWORK) {
+        networkSource = "env";
+        network = process.env.NEOZIP_NETWORK;
+    }
+    let recipientEmailSource = null;
+    let recipientEmail = null;
+    if (creds.recipientEmail) {
+        recipientEmail = creds.recipientEmail;
+        recipientEmailSource = "mcp-profile";
+    }
+    return {
+        capabilities,
+        capabilitiesMode,
+        sandboxPaths: parseSandboxPaths(process.env.NEOZIP_MCP_SANDBOX_PATHS),
+        rateLimit: parseInt(process.env.NEOZIP_MCP_RATE_LIMIT || "60", 10),
+        blockchainRateLimit: parseInt(process.env.NEOZIP_MCP_BLOCKCHAIN_RATE_LIMIT || "10", 10),
+        maxFileSize: parseInt(process.env.NEOZIP_MCP_MAX_FILE_SIZE || "524288000", 10),
+        maxEntries: parseInt(process.env.NEOZIP_MCP_MAX_ENTRIES || "10000", 10),
+        timeoutSeconds: parseInt(process.env.NEOZIP_MCP_TIMEOUT || "300", 10),
+        defaultMaxChars: parseInt(process.env.NEOZIP_MCP_DEFAULT_MAX_CHARS || "10000", 10),
+        maxReadChars: parseInt(process.env.NEOZIP_MCP_MAX_READ_CHARS || "100000", 10),
+        grepMaxMatches: parseInt(process.env.NEOZIP_MCP_GREP_MAX_MATCHES || "100", 10),
+        grepMaxSnippetChars: parseInt(process.env.NEOZIP_MCP_GREP_MAX_SNIPPET_CHARS || "200", 10),
+        grepMaxFileBytes: parseInt(process.env.NEOZIP_MCP_GREP_MAX_FILE_BYTES || "1048576", 10),
+        apiKey: process.env.NEOZIP_MCP_API_KEY || null,
+        walletKey,
+        network,
+        tokenServiceUrl: creds.tokenServiceUrl,
+        recipientEmail,
+        identityPrivateKeyHex: process.env.NEOZIP_IDENTITY_PRIVATE_KEY_HEX?.trim() || null,
+        tokenServiceAccessToken: creds.tokenServiceAccessToken,
+        debug: process.env.NEOZIP_MCP_DEBUG === "true",
+        walletKeySource,
+        networkSource,
+        recipientEmailSource,
+        mcpProfileActiveId: creds.connectionId,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/connect-cli.js

@@ -0,0 +1,312 @@
+#!/usr/bin/env node
+import "./load-env.js";
+import { connectFinish, connectDelete, connectLogout, connectMigrate, connectPhoneRequest, connectPhoneVerify, connectRegister, connectRename, connectSelect, connectSetup, connectStatus, connectVerify, connectWalletCreate, connectWalletImportKey, connectWalletImportMnemonic, } from "./connection/onboarding.js";
+import { buildConnectionDump, formatConnectionDump } from "./connection/dump.js";
+import { resetConnectionStore } from "./connection/reset.js";
+import { runInteractiveConnect } from "./connection/interactive.js";
+import { formatVerboseStatusText } from "./connection/status-report.js";
+function parseArgs(argv) {
+    const args = argv.slice(2);
+    const flags = { json: false };
+    const positional = [];
+    let command = null;
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === "--json") {
+            flags.json = true;
+        }
+        else if (arg === "--token-service-url" && args[i + 1]) {
+            flags.tokenServiceUrl = args[++i];
+        }
+        else if (arg === "--label" && args[i + 1]) {
+            flags.label = args[++i];
+        }
+        else if (arg === "--email" && args[i + 1]) {
+            flags.email = args[++i];
+        }
+        else if (arg === "--code" && args[i + 1]) {
+            flags.code = args[++i];
+        }
+        else if (arg === "--phone" && args[i + 1]) {
+            flags.phone = args[++i];
+        }
+        else if (arg === "--mnemonic" && args[i + 1]) {
+            flags.mnemonic = args[++i];
+        }
+        else if (arg === "--private-key" && args[i + 1]) {
+            flags.privateKey = args[++i];
+        }
+        else if (arg === "--ack-backup") {
+            flags.ackBackup = true;
+        }
+        else if (arg === "--create-wallet") {
+            flags.createWallet = true;
+        }
+        else if (arg === "--force") {
+            flags.force = true;
+        }
+        else if (arg === "--verbose" || arg === "-v") {
+            flags.verbose = true;
+        }
+        else if (arg === "--resend") {
+            flags.resend = true;
+        }
+        else if (arg === "--magic-token" && args[i + 1]) {
+            flags.magicToken = args[++i];
+        }
+        else if (arg === "--connection-id" && args[i + 1]) {
+            flags.connectionId = args[++i];
+        }
+        else if (arg === "--help" || arg === "-h") {
+            command = "help";
+        }
+        else if (arg.startsWith("-")) {
+            throw new Error(`Unknown flag: ${arg}`);
+        }
+        else if (command === null) {
+            command = arg;
+        }
+        else {
+            positional.push(arg);
+        }
+    }
+    return { command: command ?? "interactive", flags, positional };
+}
+function printResult(res, json) {
+    if (json) {
+        console.log(JSON.stringify(res, null, 2));
+        return;
+    }
+    const lines = [`Phase: ${res.phase}`];
+    if (res.tokenServiceOrigin)
+        lines.push(`Token Service: ${res.tokenServiceOrigin}`);
+    if (res.connectionId)
+        lines.push(`Connection: ${res.connectionId}`);
+    if (res.message)
+        lines.push(res.message);
+    if (res.nextCommand)
+        lines.push(`Next: ${res.nextCommand}`);
+    if (res.accounts?.length) {
+        lines.push("");
+        lines.push(formatVerboseStatusText(res.accounts));
+    }
+    console.log(lines.join("\n"));
+}
+function usage() {
+    console.error(`NeoZip Connect — Token Service account setup
+
+Usage:
+  neozip-connect                              Interactive wizard (default)
+  neozip-connect wizard                       Same as running with no subcommand
+  neozip-connect status [--verbose] [--json] [--token-service-url URL]
+  neozip-connect select --connection-id ID [--json]
+  neozip-connect rename --label NAME [--connection-id ID] [--json]
+  neozip-connect dump [--connection-id ID]   Print manifest + public.json (no secrets)
+  neozip-connect register --email EMAIL [--resend] [--json] [--token-service-url URL] [--label NAME]
+  neozip-connect verify --email EMAIL --code CODE [--json] [--token-service-url URL]
+  neozip-connect verify --magic-token LINK_OR_TOKEN [--email EMAIL] [--json]
+  neozip-connect phone request --phone +14155551234 [--json] [--token-service-url URL]
+  neozip-connect phone verify --phone +14155551234 --code CODE [--json] [--token-service-url URL]
+  neozip-connect wallet create --ack-backup [--json] [--token-service-url URL]
+  neozip-connect wallet import-mnemonic --mnemonic "word1 word2 ..." [--force] [--json]
+  neozip-connect wallet import-key --private-key 0x... [--force] [--json]
+  neozip-connect finish [--create-wallet] [--json] [--token-service-url URL]
+  neozip-connect setup --email EMAIL --code CODE [--json] [--token-service-url URL]
+  neozip-connect logout [--json]
+  neozip-connect delete [--json] [--connection-id ID]
+  neozip-connect migrate [--json]
+  neozip-connect reset [--force]     Remove connection data (re-run setup)
+
+Environment:
+  NEOZIP_UNLOCK_PASSPHRASE — optional custom passphrase (default: machine-local key)
+  TOKEN_SERVICE_URL — default Token Service base URL
+`);
+}
+async function main() {
+    const { command, flags, positional } = parseArgs(process.argv);
+    const json = Boolean(flags.json);
+    const tokenServiceUrl = typeof flags.tokenServiceUrl === "string" ? flags.tokenServiceUrl : undefined;
+    const label = typeof flags.label === "string" ? flags.label : undefined;
+    let res;
+    switch (command) {
+        case "interactive":
+        case "wizard":
+            if (json) {
+                throw new Error("Interactive setup requires a TTY; omit --json or use subcommands (register, verify, finish).");
+            }
+            if (!process.stdin.isTTY) {
+                throw new Error("Interactive setup requires a TTY. Use subcommands with --json for scripted setup.");
+            }
+            res = await runInteractiveConnect({ tokenServiceUrl, label });
+            if (!res.success) {
+                process.exit(1);
+            }
+            return;
+        case "status":
+            res = await connectStatus({
+                tokenServiceUrl,
+                autoMigrate: true,
+                verbose: Boolean(flags.verbose),
+            });
+            break;
+        case "select": {
+            const connectionId = String(flags.connectionId || "");
+            if (!connectionId)
+                throw new Error("--connection-id is required");
+            res = connectSelect({ connectionId });
+            break;
+        }
+        case "rename": {
+            const renameLabel = String(flags.label || "");
+            if (!renameLabel)
+                throw new Error("--label is required");
+            const connectionId = typeof flags.connectionId === "string" ? flags.connectionId : undefined;
+            res = connectRename({ label: renameLabel, connectionId });
+            break;
+        }
+        case "dump": {
+            const connectionId = typeof flags.connectionId === "string" ? flags.connectionId : undefined;
+            const snapshot = buildConnectionDump({ connectionId });
+            console.log(formatConnectionDump(snapshot));
+            return;
+        }
+        case "register": {
+            const email = String(flags.email || "");
+            if (!email)
+                throw new Error("--email is required");
+            res = await connectRegister({
+                email,
+                tokenServiceUrl,
+                label,
+                resend: Boolean(flags.resend),
+            });
+            break;
+        }
+        case "verify": {
+            const email = typeof flags.email === "string" ? flags.email : undefined;
+            const code = typeof flags.code === "string" ? flags.code : undefined;
+            const magicToken = typeof flags.magicToken === "string" ? flags.magicToken : undefined;
+            if (!magicToken && (!email || !code)) {
+                throw new Error("Provide --email and --code, or --magic-token (optionally with --email)");
+            }
+            res = await connectVerify({ email, code, magicToken, tokenServiceUrl });
+            break;
+        }
+        case "phone": {
+            const action = positional[0];
+            const phone = String(flags.phone || "");
+            if (action === "request") {
+                if (!phone)
+                    throw new Error("--phone is required");
+                res = await connectPhoneRequest({ phone, tokenServiceUrl });
+            }
+            else if (action === "verify") {
+                const code = String(flags.code || "");
+                if (!phone || !code)
+                    throw new Error("--phone and --code are required");
+                res = await connectPhoneVerify({ phone, code, tokenServiceUrl });
+            }
+            else {
+                throw new Error("Usage: neozip-connect phone request|verify ...");
+            }
+            break;
+        }
+        case "wallet": {
+            const action = positional[0];
+            if (action === "create") {
+                res = await connectWalletCreate({
+                    ackBackup: Boolean(flags.ackBackup),
+                    tokenServiceUrl,
+                });
+            }
+            else if (action === "import-mnemonic") {
+                const mnemonic = String(flags.mnemonic || "");
+                if (!mnemonic)
+                    throw new Error("--mnemonic is required");
+                res = await connectWalletImportMnemonic({
+                    mnemonic,
+                    force: Boolean(flags.force),
+                    tokenServiceUrl,
+                });
+            }
+            else if (action === "import-key") {
+                const privateKey = String(flags.privateKey || "");
+                if (!privateKey)
+                    throw new Error("--private-key is required");
+                res = await connectWalletImportKey({
+                    privateKey,
+                    force: Boolean(flags.force),
+                    tokenServiceUrl,
+                });
+            }
+            else {
+                throw new Error("Usage: neozip-connect wallet create|import-mnemonic|import-key ...");
+            }
+            break;
+        }
+        case "finish":
+            res = await connectFinish({
+                tokenServiceUrl,
+                createWallet: Boolean(flags.createWallet),
+            });
+            break;
+        case "setup": {
+            const email = String(flags.email || "");
+            const code = String(flags.code || "");
+            if (!email || !code)
+                throw new Error("--email and --code are required");
+            res = await connectSetup({ email, code, tokenServiceUrl, label });
+            break;
+        }
+        case "logout":
+            res = connectLogout();
+            break;
+        case "delete": {
+            const connectionId = typeof flags.connectionId === "string" ? flags.connectionId : undefined;
+            res = connectDelete({ connectionId });
+            break;
+        }
+        case "migrate":
+            res = connectMigrate();
+            break;
+        case "reset": {
+            const force = process.argv.includes("--force") || process.argv.includes("-f");
+            if (!force && process.stdin.isTTY) {
+                console.error("This removes all NeoZip connection data.", "Run neozip-connect (interactive wizard offers reset), or: neozip-connect reset --force");
+                process.exit(1);
+            }
+            const out = resetConnectionStore();
+            res = {
+                success: out.removedConnection || out.removedLegacy,
+                phase: "no_profile",
+                message: [
+                    out.removedConnection ? `Removed ${out.connectionDir}` : null,
+                    out.removedLegacy ? `Removed ${out.legacyMcpDir}` : null,
+                    "Run neozip-connect to set up again.",
+                ]
+                    .filter(Boolean)
+                    .join(" "),
+            };
+            if (!json) {
+                console.error(res.message);
+                return;
+            }
+            break;
+        }
+        case "help":
+            usage();
+            return;
+        default:
+            usage();
+            throw new Error(`Unknown command: ${command}`);
+    }
+    printResult(res, json);
+    if (!res.success && res.phase !== "awaiting_code") {
+        process.exit(1);
+    }
+}
+main().catch((err) => {
+    console.error(`neozip-connect: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+});
+//# sourceMappingURL=connect-cli.js.map

package/dist/connection/coordinator.js

@@ -0,0 +1,74 @@
+import { WRAP_AEAD, WRAP_FORMAT_VERSION, WRAP_IV_LEN, WRAP_KDF_INFO, WRAP_KDF_SALT_LEN, } from "../constants/wallet-identity.js";
+import { normalizeTokenServiceOrigin } from "./origin.js";
+function normalizeUrl(baseUrl) {
+    return baseUrl.trim().replace(/\/+$/, "");
+}
+export async function fetchCoordinatorConfigParsed(baseUrl) {
+    const url = normalizeUrl(baseUrl);
+    let res;
+    try {
+        res = await fetch(`${url}/crypto/coordinator-config`, { method: "GET" });
+    }
+    catch {
+        return null;
+    }
+    if (!res.ok)
+        return null;
+    const ct = res.headers.get("content-type") || "";
+    if (!ct.includes("application/json"))
+        return null;
+    try {
+        const data = (await res.json());
+        const wrap = data.walletEncryptedIdentityKey;
+        return {
+            cryptoRequirePhoneVerified: Boolean(data.cryptoRequirePhoneVerified),
+            walletGatedIdentityKey: Boolean(data.walletGatedIdentityKey),
+            walletEncryptedIdentityKey: wrap
+                ? {
+                    wrapFormatVersion: Number(wrap.wrapFormatVersion),
+                    wrapKdfInfo: String(wrap.wrapKdfInfo ?? ""),
+                    wrapAead: String(wrap.wrapAead ?? ""),
+                    wrapKdfSaltLen: Number(wrap.wrapKdfSaltLen),
+                    wrapIvLen: Number(wrap.wrapIvLen),
+                }
+                : null,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function assertCoordinatorWrapSupported(config) {
+    if (!config?.walletEncryptedIdentityKey) {
+        return;
+    }
+    const w = config.walletEncryptedIdentityKey;
+    if (w.wrapFormatVersion !== WRAP_FORMAT_VERSION) {
+        throw new Error(`Unsupported wrapFormatVersion ${w.wrapFormatVersion} (client supports ${WRAP_FORMAT_VERSION}).`);
+    }
+    if (w.wrapAead !== WRAP_AEAD) {
+        throw new Error(`Unsupported wrapAead ${w.wrapAead} (client supports ${WRAP_AEAD}).`);
+    }
+    if (w.wrapKdfInfo !== WRAP_KDF_INFO) {
+        throw new Error(`Unsupported wrapKdfInfo (client expects ${WRAP_KDF_INFO}).`);
+    }
+    if (w.wrapKdfSaltLen !== WRAP_KDF_SALT_LEN) {
+        throw new Error(`Unsupported wrapKdfSaltLen (client expects ${WRAP_KDF_SALT_LEN}).`);
+    }
+    if (w.wrapIvLen !== WRAP_IV_LEN) {
+        throw new Error(`Unsupported wrapIvLen (client expects ${WRAP_IV_LEN}).`);
+    }
+}
+export async function probeTokenServiceReachable(baseUrl) {
+    try {
+        const parsed = await fetchCoordinatorConfigParsed(baseUrl);
+        return parsed !== null;
+    }
+    catch {
+        return false;
+    }
+}
+export function coordinatorBaseUrl(serverUrl) {
+    return normalizeTokenServiceOrigin(serverUrl || process.env.TOKEN_SERVICE_URL || "");
+}
+//# sourceMappingURL=coordinator.js.map

package/dist/connection/credentials.js

@@ -0,0 +1,29 @@
+import { getActiveConnection, getActiveConnectionId, getConnectionDir, readActiveConnectionSecrets, } from "./store.js";
+/** Token Service and wallet credentials from neozip-connect only (not MCP env or wallet.json). */
+export function readConnectionCredentials() {
+    const connectionId = getActiveConnectionId();
+    const meta = getActiveConnection();
+    const secrets = readActiveConnectionSecrets();
+    if (!meta || !secrets) {
+        return {
+            connectionId: null,
+            label: null,
+            tokenServiceUrl: null,
+            recipientEmail: null,
+            tokenServiceAccessToken: null,
+            walletKey: null,
+        };
+    }
+    return {
+        connectionId,
+        label: meta.label,
+        tokenServiceUrl: meta.tokenServiceOrigin ?? null,
+        recipientEmail: meta.emailVerified && meta.email ? meta.email : null,
+        tokenServiceAccessToken: secrets.accessToken?.trim() || null,
+        walletKey: secrets.evmPrivateKeyHex?.trim() || null,
+    };
+}
+export function getConnectionStorePath() {
+    return getConnectionDir();
+}
+//# sourceMappingURL=credentials.js.map

package/dist/connection/crypto.js

@@ -0,0 +1,56 @@
+import * as crypto from "node:crypto";
+import * as os from "node:os";
+const CONNECTION_KDF_INFO = "NeoZip/ConnectionSecrets/v1";
+const CONNECTION_KDF_SALT = Buffer.from("NeoZipConnectionStoreSalt-v1", "utf8");
+/** Machine-local default when NEOZIP_UNLOCK_PASSPHRASE is unset. */
+export function machineUnlockPassphrase() {
+    return `${os.hostname()}:${os.userInfo().username}:neozip-connection`;
+}
+export function usesCustomUnlockPassphrase() {
+    return Boolean(process.env.NEOZIP_UNLOCK_PASSPHRASE?.trim());
+}
+/** Passphrase for encrypting connection secrets at rest. */
+export function resolveUnlockPassphrase() {
+    return process.env.NEOZIP_UNLOCK_PASSPHRASE?.trim() || machineUnlockPassphrase();
+}
+function deriveKey() {
+    const passphrase = resolveUnlockPassphrase();
+    return Buffer.from(crypto.hkdfSync("sha256", Buffer.from(passphrase, "utf8"), CONNECTION_KDF_SALT, CONNECTION_KDF_INFO, 32));
+}
+export function encryptSecrets(payload) {
+    const key = deriveKey();
+    const iv = crypto.randomBytes(12);
+    const plaintext = Buffer.from(JSON.stringify(payload), "utf8");
+    try {
+        const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+        const ct = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return JSON.stringify({
+            v: 1,
+            iv: iv.toString("base64"),
+            tag: tag.toString("base64"),
+            data: ct.toString("base64"),
+        });
+    }
+    finally {
+        key.fill(0);
+        plaintext.fill(0);
+    }
+}
+export function decryptSecrets(encrypted) {
+    const key = deriveKey();
+    const parsed = JSON.parse(encrypted);
+    const iv = Buffer.from(parsed.iv, "base64");
+    const tag = Buffer.from(parsed.tag, "base64");
+    const ct = Buffer.from(parsed.data, "base64");
+    try {
+        const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+        decipher.setAuthTag(tag);
+        const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
+        return JSON.parse(pt.toString("utf8"));
+    }
+    finally {
+        key.fill(0);
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/connection/dump.js

@@ -0,0 +1,79 @@
+import * as fs from "node:fs";
+import { computeConnectionPhase, computeConnectionPhaseForId } from "./phase.js";
+import { connectionPathFor, getActiveConnectionId, getConnectionDir, listConnectionIds, listConnections, readConnectionPublic, } from "./store.js";
+function readManifestForDump() {
+    const manifestPath = `${getConnectionDir()}/manifest.json`;
+    if (!fs.existsSync(manifestPath)) {
+        return { version: 1, activeConnectionId: null, workspaces: {} };
+    }
+    return JSON.parse(fs.readFileSync(manifestPath, "utf8"));
+}
+/** Safe snapshot of manifest + public.json files (never includes secrets.enc). */
+export function buildConnectionDump(options) {
+    const manifest = readManifestForDump();
+    const activeId = getActiveConnectionId();
+    const requestedId = options?.connectionId?.trim();
+    let ids = listConnectionIds();
+    if (requestedId) {
+        if (!readConnectionPublic(requestedId)) {
+            throw new Error(`Connection not found: ${requestedId}`);
+        }
+        ids = [requestedId];
+    }
+    const connections = [];
+    for (const id of ids) {
+        const meta = readConnectionPublic(id);
+        if (!meta)
+            continue;
+        connections.push({
+            id,
+            path: connectionPathFor(id),
+            active: id === activeId,
+            hasSecretsEnc: fs.existsSync(`${connectionPathFor(id)}/secrets.enc`),
+            public: meta,
+        });
+    }
+    return {
+        connectionDir: getConnectionDir(),
+        phase: computeConnectionPhase(),
+        manifest,
+        connections,
+    };
+}
+export function formatConnectionDump(snapshot) {
+    return JSON.stringify(snapshot, null, 2);
+}
+function formatAccountLine(meta, activeId) {
+    const phase = computeConnectionPhaseForId(meta.id);
+    const active = meta.id === activeId ? " [active]" : "";
+    const email = meta.email ?? "no email";
+    const wallet = meta.evmAddress ?? "no wallet";
+    const phone = meta.phoneVerifiedAt
+        ? "phone verified"
+        : meta.phoneE164
+            ? "phone pending"
+            : "no phone";
+    const ready = meta.onboardingCompleteAt ? "onboarding complete" : "onboarding incomplete";
+    return [
+        `  • ${meta.label}${active}`,
+        `    Email: ${email}`,
+        `    Token Service: ${meta.tokenServiceOrigin}`,
+        `    Phase: ${phase} · Wallet: ${wallet}`,
+        `    ${phone} · ${ready}`,
+    ];
+}
+/** Human-readable summary of all saved accounts (no secrets). */
+export function formatConnectionsSummaryText() {
+    const activeId = getActiveConnectionId();
+    const connections = listConnections();
+    if (connections.length === 0) {
+        return `Connection store: ${getConnectionDir()}\nNo saved accounts.`;
+    }
+    const lines = [
+        `Connection store: ${getConnectionDir()}`,
+        `Saved accounts (${connections.length}):`,
+        ...connections.flatMap((conn) => formatAccountLine(conn, activeId)),
+    ];
+    return lines.join("\n");
+}
+//# sourceMappingURL=dump.js.map