oh-my-claude-sisyphus 1.11.2 → 2.0.2

package/dist/auth/oauth-openai.d.ts

@@ -1,46 +0,0 @@
-/**
- * OpenAI OAuth 2.0 implementation for ChatGPT Plus/Pro subscriptions
- *
- * Uses the same OAuth flow as OpenAI's Codex CLI
- */
-import type { OAuthTokens, OAuthConfig } from '../providers/types.js';
-import type { OAuthResult, PKCEData } from './types.js';
-/**
- * OpenAI OAuth configuration
- * These are the same credentials used by OpenAI's Codex CLI
- */
-export declare const OPENAI_OAUTH_CONFIG: OAuthConfig;
-/**
- * OpenAI OAuth handler
- */
-export declare class OpenAIOAuth {
-    private config;
-    constructor(config?: OAuthConfig);
-    /**
-     * Generate the authorization URL for the OAuth flow
-     */
-    getAuthorizationUrl(pkce: PKCEData): string;
-    /**
-     * Exchange authorization code for tokens
-     */
-    exchangeCodeForTokens(code: string, codeVerifier: string): Promise<OAuthTokens>;
-    /**
-     * Refresh tokens using refresh token
-     */
-    refreshTokens(refreshToken: string): Promise<OAuthTokens>;
-    /**
-     * Exchange ID token for an API key (optional)
-     * This can be used if you want a traditional API key instead of OAuth tokens
-     */
-    exchangeForApiKey(idToken: string): Promise<string>;
-    /**
-     * Run the full OAuth authentication flow
-     * Opens a browser and waits for callback
-     */
-    authenticate(): Promise<OAuthResult>;
-}
-/**
- * Create OpenAI OAuth handler instance
- */
-export declare function createOpenAIOAuth(): OpenAIOAuth;
-//# sourceMappingURL=oauth-openai.d.ts.map

package/dist/auth/oauth-openai.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-openai.d.ts","sourceRoot":"","sources":["../../src/auth/oauth-openai.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AA2BxD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,WAMjC,CAAC;AAEF;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,GAAE,WAAiC;IAIrD;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM;IAgB3C;;OAEG;IACG,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqCrF;;OAEG;IACG,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAmC/D;;;OAGG;IACG,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBzD;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;CA+G3C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,WAAW,CAE/C"}

package/dist/auth/oauth-openai.js

@@ -1,264 +0,0 @@
-/**
- * OpenAI OAuth 2.0 implementation for ChatGPT Plus/Pro subscriptions
- *
- * Uses the same OAuth flow as OpenAI's Codex CLI
- */
-import * as http from 'http';
-import { exec } from 'child_process';
-import { URL, URLSearchParams } from 'url';
-import { generatePKCE, verifyState } from './pkce.js';
-/**
- * Open URL in default browser (cross-platform)
- */
-function openBrowser(url) {
-    const platform = process.platform;
-    let command;
-    if (platform === 'darwin') {
-        command = `open "${url}"`;
-    }
-    else if (platform === 'win32') {
-        command = `start "" "${url}"`;
-    }
-    else {
-        // Linux and others
-        command = `xdg-open "${url}"`;
-    }
-    exec(command, (error) => {
-        if (error) {
-            console.log('Could not open browser automatically.');
-            console.log(`Please visit: ${url}`);
-        }
-    });
-}
-/**
- * OpenAI OAuth configuration
- * These are the same credentials used by OpenAI's Codex CLI
- */
-export const OPENAI_OAUTH_CONFIG = {
-    clientId: 'app_EMoamEEZ73f0CkXaXp7hrann',
-    authUrl: 'https://auth.openai.com/oauth/authorize',
-    tokenUrl: 'https://auth.openai.com/oauth/token',
-    redirectUri: 'http://localhost:1455/auth/callback',
-    scopes: ['openid', 'profile', 'email', 'offline_access'],
-};
-/**
- * OpenAI OAuth handler
- */
-export class OpenAIOAuth {
-    config;
-    constructor(config = OPENAI_OAUTH_CONFIG) {
-        this.config = config;
-    }
-    /**
-     * Generate the authorization URL for the OAuth flow
-     */
-    getAuthorizationUrl(pkce) {
-        const params = new URLSearchParams({
-            response_type: 'code',
-            client_id: this.config.clientId,
-            redirect_uri: this.config.redirectUri,
-            scope: this.config.scopes.join(' '),
-            code_challenge: pkce.codeChallenge,
-            code_challenge_method: 'S256',
-            id_token_add_organizations: 'true',
-            codex_cli_simplified_flow: 'true',
-            state: pkce.state,
-        });
-        return `${this.config.authUrl}?${params.toString()}`;
-    }
-    /**
-     * Exchange authorization code for tokens
-     */
-    async exchangeCodeForTokens(code, codeVerifier) {
-        const response = await fetch(this.config.tokenUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/x-www-form-urlencoded',
-            },
-            body: new URLSearchParams({
-                grant_type: 'authorization_code',
-                code,
-                redirect_uri: this.config.redirectUri,
-                client_id: this.config.clientId,
-                code_verifier: codeVerifier,
-            }),
-        });
-        if (!response.ok) {
-            const error = await response.text();
-            throw new Error(`Token exchange failed: ${error}`);
-        }
-        const data = await response.json();
-        return {
-            accessToken: data.access_token,
-            refreshToken: data.refresh_token,
-            idToken: data.id_token,
-            expiresAt: Date.now() + (data.expires_in * 1000),
-            tokenType: data.token_type,
-        };
-    }
-    /**
-     * Refresh tokens using refresh token
-     */
-    async refreshTokens(refreshToken) {
-        const response = await fetch(this.config.tokenUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/x-www-form-urlencoded',
-            },
-            body: new URLSearchParams({
-                grant_type: 'refresh_token',
-                refresh_token: refreshToken,
-                client_id: this.config.clientId,
-            }),
-        });
-        if (!response.ok) {
-            const error = await response.text();
-            throw new Error(`Token refresh failed: ${error}`);
-        }
-        const data = await response.json();
-        return {
-            accessToken: data.access_token,
-            refreshToken: data.refresh_token || refreshToken,
-            idToken: data.id_token,
-            expiresAt: Date.now() + (data.expires_in * 1000),
-            tokenType: data.token_type,
-        };
-    }
-    /**
-     * Exchange ID token for an API key (optional)
-     * This can be used if you want a traditional API key instead of OAuth tokens
-     */
-    async exchangeForApiKey(idToken) {
-        const response = await fetch(this.config.tokenUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/x-www-form-urlencoded',
-            },
-            body: new URLSearchParams({
-                grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
-                requested_token: 'openai-api-key',
-                subject_token: idToken,
-                subject_token_type: 'urn:ietf:params:oauth:token-type:id_token',
-                client_id: this.config.clientId,
-            }),
-        });
-        if (!response.ok) {
-            const error = await response.text();
-            throw new Error(`API key exchange failed: ${error}`);
-        }
-        const data = await response.json();
-        return data.access_token;
-    }
-    /**
-     * Run the full OAuth authentication flow
-     * Opens a browser and waits for callback
-     */
-    async authenticate() {
-        const pkce = generatePKCE();
-        const authUrl = this.getAuthorizationUrl(pkce);
-        return new Promise((resolve) => {
-            const server = http.createServer(async (req, res) => {
-                const url = new URL(req.url, `http://localhost:1455`);
-                if (url.pathname === '/auth/callback') {
-                    const code = url.searchParams.get('code');
-                    const returnedState = url.searchParams.get('state');
-                    const error = url.searchParams.get('error');
-                    // Handle errors
-                    if (error) {
-                        res.writeHead(400, { 'Content-Type': 'text/html' });
-                        res.end(`
-              <html>
-                <body style="font-family: system-ui; padding: 40px; text-align: center;">
-                  <h1>Authentication Failed</h1>
-                  <p>Error: ${error}</p>
-                  <p>You can close this window.</p>
-                </body>
-              </html>
-            `);
-                        server.close();
-                        resolve({ success: false, error });
-                        return;
-                    }
-                    // Verify state
-                    if (!returnedState || !verifyState(pkce.state, returnedState)) {
-                        res.writeHead(400, { 'Content-Type': 'text/html' });
-                        res.end(`
-              <html>
-                <body style="font-family: system-ui; padding: 40px; text-align: center;">
-                  <h1>Authentication Failed</h1>
-                  <p>State mismatch - possible CSRF attack.</p>
-                  <p>You can close this window.</p>
-                </body>
-              </html>
-            `);
-                        server.close();
-                        resolve({ success: false, error: 'State mismatch' });
-                        return;
-                    }
-                    // Exchange code for tokens
-                    if (code) {
-                        try {
-                            const tokens = await this.exchangeCodeForTokens(code, pkce.codeVerifier);
-                            // Extract email from ID token if available
-                            let email;
-                            if (tokens.idToken) {
-                                try {
-                                    const payload = JSON.parse(Buffer.from(tokens.idToken.split('.')[1], 'base64').toString());
-                                    email = payload.email;
-                                }
-                                catch {
-                                    // Ignore ID token parsing errors
-                                }
-                            }
-                            res.writeHead(200, { 'Content-Type': 'text/html' });
-                            res.end(`
-                <html>
-                  <body style="font-family: system-ui; padding: 40px; text-align: center;">
-                    <h1>Authentication Successful!</h1>
-                    <p>You are now connected to OpenAI${email ? ` as ${email}` : ''}.</p>
-                    <p>You can close this window and return to the terminal.</p>
-                  </body>
-                </html>
-              `);
-                            server.close();
-                            resolve({ success: true, tokens, email });
-                        }
-                        catch (err) {
-                            res.writeHead(500, { 'Content-Type': 'text/html' });
-                            res.end(`
-                <html>
-                  <body style="font-family: system-ui; padding: 40px; text-align: center;">
-                    <h1>Authentication Failed</h1>
-                    <p>Error: ${err instanceof Error ? err.message : 'Unknown error'}</p>
-                    <p>You can close this window.</p>
-                  </body>
-                </html>
-              `);
-                            server.close();
-                            resolve({ success: false, error: err instanceof Error ? err.message : 'Unknown error' });
-                        }
-                    }
-                }
-            });
-            // Start server
-            server.listen(1455, '127.0.0.1', () => {
-                console.log('\nOpening browser for OpenAI authentication...');
-                console.log(`If the browser doesn't open, visit: ${authUrl}\n`);
-                // Try to open browser
-                openBrowser(authUrl);
-            });
-            // Timeout after 5 minutes
-            setTimeout(() => {
-                server.close();
-                resolve({ success: false, error: 'Authentication timeout (5 minutes)' });
-            }, 5 * 60 * 1000);
-        });
-    }
-}
-/**
- * Create OpenAI OAuth handler instance
- */
-export function createOpenAIOAuth() {
-    return new OpenAIOAuth();
-}
-//# sourceMappingURL=oauth-openai.js.map

package/dist/auth/oauth-openai.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-openai.js","sourceRoot":"","sources":["../../src/auth/oauth-openai.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM,KAAK,CAAC;AAG3C,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAEtD;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;IAC5B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgB;IAC9C,QAAQ,EAAE,8BAA8B;IACxC,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,WAAW,EAAE,qCAAqC;IAClD,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC;CACzD,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAAc;IAE5B,YAAY,SAAsB,mBAAmB;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAc;QAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACrC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACnC,cAAc,EAAE,IAAI,CAAC,aAAa;YAClC,qBAAqB,EAAE,MAAM;YAC7B,0BAA0B,EAAE,MAAM;YAClC,yBAAyB,EAAE,MAAM;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,IAAY,EAAE,YAAoB;QAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;gBACrC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;YAChD,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAe;QACrC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,iDAAiD;gBAC7D,eAAe,EAAE,gBAAgB;gBACjC,aAAa,EAAE,OAAO;gBACtB,kBAAkB,EAAE,2CAA2C;gBAC/D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;QAC/D,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAE/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,uBAAuB,CAAC,CAAC;gBAEvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;oBACtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACpD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAE5C,gBAAgB;oBAChB,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;8BAIU,KAAK;;;;aAItB,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;wBACnC,OAAO;oBACT,CAAC;oBAED,eAAe;oBACf,IAAI,CAAC,aAAa,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC;wBAC9D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;aAQP,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;wBACrD,OAAO;oBACT,CAAC;oBAED,2BAA2B;oBAC3B,IAAI,IAAI,EAAE,CAAC;wBACT,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;4BAEzE,2CAA2C;4BAC3C,IAAI,KAAyB,CAAC;4BAC9B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gCACnB,IAAI,CAAC;oCACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAC/D,CAAC;oCACF,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;gCACxB,CAAC;gCAAC,MAAM,CAAC;oCACP,iCAAiC;gCACnC,CAAC;4BACH,CAAC;4BAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;wDAIkC,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;;;;eAIpE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;wBAC5C,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;gCAIU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;;;;eAIrE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;wBAC3F,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uCAAuC,OAAO,IAAI,CAAC,CAAC;gBAEhE,sBAAsB;gBACtB,WAAW,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YAC3E,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,WAAW,EAAE,CAAC;AAC3B,CAAC"}

package/dist/auth/pkce.d.ts

@@ -1,14 +0,0 @@
-/**
- * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0
- */
-import type { PKCEData } from './types.js';
-/**
- * Generate PKCE code verifier and challenge
- * RFC 7636: https://datatracker.ietf.org/doc/html/rfc7636
- */
-export declare function generatePKCE(): PKCEData;
-/**
- * Verify that a state matches the expected state
- */
-export declare function verifyState(expected: string, received: string): boolean;
-//# sourceMappingURL=pkce.d.ts.map

package/dist/auth/pkce.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/auth/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C;;;GAGG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CAkBvC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CASvE"}

package/dist/auth/pkce.js

@@ -1,35 +0,0 @@
-/**
- * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0
- */
-import * as crypto from 'crypto';
-/**
- * Generate PKCE code verifier and challenge
- * RFC 7636: https://datatracker.ietf.org/doc/html/rfc7636
- */
-export function generatePKCE() {
-    // Generate random code verifier (43-128 characters, URL-safe)
-    const codeVerifier = crypto.randomBytes(32).toString('base64url');
-    // Generate code challenge using S256 method
-    const codeChallenge = crypto
-        .createHash('sha256')
-        .update(codeVerifier)
-        .digest('base64url');
-    // Generate state for CSRF protection
-    const state = crypto.randomBytes(16).toString('hex');
-    return {
-        codeVerifier,
-        codeChallenge,
-        state,
-    };
-}
-/**
- * Verify that a state matches the expected state
- */
-export function verifyState(expected, received) {
-    // Use timing-safe comparison to prevent timing attacks
-    if (expected.length !== received.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(received));
-}
-//# sourceMappingURL=pkce.js.map

package/dist/auth/pkce.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../src/auth/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAGjC;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,8DAA8D;IAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAElE,4CAA4C;IAC5C,MAAM,aAAa,GAAG,MAAM;SACzB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,YAAY,CAAC;SACpB,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,qCAAqC;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAErD,OAAO;QACL,YAAY;QACZ,aAAa;QACb,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,QAAgB;IAC5D,uDAAuD;IACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACrB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CACtB,CAAC;AACJ,CAAC"}

package/dist/auth/storage.d.ts

@@ -1,52 +0,0 @@
-/**
- * Secure credential storage for OAuth tokens and API keys
- *
- * Storage locations:
- * - ~/.config/claude-sisyphus/auth/openai.json   - OpenAI OAuth tokens
- * - ~/.config/claude-sisyphus/auth/google.json   - Google OAuth tokens
- * - ~/.config/claude-sisyphus/auth/api-keys.enc  - Encrypted API keys
- */
-import type { ProviderType, OAuthTokens } from '../providers/types.js';
-import type { StoredCredential } from './types.js';
-/**
- * Credential storage class
- */
-export declare class CredentialStorage {
-    /**
-     * Store OAuth tokens for a provider
-     */
-    storeOAuthTokens(provider: 'openai' | 'google', tokens: OAuthTokens, email?: string): Promise<void>;
-    /**
-     * Get OAuth tokens for a provider
-     */
-    getOAuthTokens(provider: 'openai' | 'google'): Promise<StoredCredential | null>;
-    /**
-     * Store an API key for a provider (encrypted)
-     */
-    storeApiKey(provider: 'anthropic' | 'openrouter', apiKey: string): Promise<void>;
-    /**
-     * Get an API key for a provider
-     */
-    getApiKey(provider: 'anthropic' | 'openrouter'): Promise<StoredCredential | null>;
-    /**
-     * Get stored credential for any provider
-     */
-    getCredential(provider: ProviderType): Promise<StoredCredential | null>;
-    /**
-     * Delete credentials for a provider
-     */
-    delete(provider: ProviderType): Promise<void>;
-    /**
-     * Check if credentials exist for a provider
-     */
-    hasCredentials(provider: ProviderType): Promise<boolean>;
-    /**
-     * Get all stored provider credentials (for auth-status)
-     */
-    getAllCredentials(): Promise<StoredCredential[]>;
-}
-/**
- * Get the credential storage instance
- */
-export declare function getCredentialStorage(): CredentialStorage;
-//# sourceMappingURL=storage.d.ts.map

package/dist/auth/storage.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../src/auth/storage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA6EnD;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACG,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,GAAG,QAAQ,EAC7B,MAAM,EAAE,WAAW,EACnB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC;IAoBhB;;OAEG;IACG,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAUrF;;OAEG;IACG,WAAW,CAAC,QAAQ,EAAE,WAAW,GAAG,YAAY,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBtF;;OAEG;IACG,SAAS,CAAC,QAAQ,EAAE,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAUvF;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAQ7E;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BnD;;OAEG;IACG,cAAc,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAK9D;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;CAqBvD;AAOD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,iBAAiB,CAKxD"}

package/dist/auth/storage.js

@@ -1,230 +0,0 @@
-/**
- * Secure credential storage for OAuth tokens and API keys
- *
- * Storage locations:
- * - ~/.config/claude-sisyphus/auth/openai.json   - OpenAI OAuth tokens
- * - ~/.config/claude-sisyphus/auth/google.json   - Google OAuth tokens
- * - ~/.config/claude-sisyphus/auth/api-keys.enc  - Encrypted API keys
- */
-import { promises as fs } from 'fs';
-import * as path from 'path';
-import * as os from 'os';
-import * as crypto from 'crypto';
-/**
- * Base directory for auth storage
- */
-const AUTH_DIR = path.join(os.homedir(), '.config', 'claude-sisyphus', 'auth');
-/**
- * Get the path for OAuth token storage
- */
-function getOAuthPath(provider) {
-    return path.join(AUTH_DIR, `${provider}.json`);
-}
-/**
- * Get the path for encrypted API keys
- */
-function getApiKeysPath() {
-    return path.join(AUTH_DIR, 'api-keys.enc');
-}
-/**
- * Derive encryption key from machine-specific data
- * This provides basic protection for stored API keys
- */
-function deriveEncryptionKey() {
-    const machineId = `${os.hostname()}-${os.userInfo().username}-${os.homedir()}`;
-    return crypto.scryptSync(machineId, 'claude-sisyphus-salt', 32);
-}
-/**
- * Encrypt data with AES-256-GCM
- */
-function encrypt(data) {
-    const key = deriveEncryptionKey();
-    const iv = crypto.randomBytes(16);
-    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
-    let encrypted = cipher.update(data, 'utf8', 'hex');
-    encrypted += cipher.final('hex');
-    const authTag = cipher.getAuthTag();
-    return JSON.stringify({
-        iv: iv.toString('hex'),
-        data: encrypted,
-        tag: authTag.toString('hex'),
-    });
-}
-/**
- * Decrypt data with AES-256-GCM
- */
-function decrypt(encryptedData) {
-    const key = deriveEncryptionKey();
-    const { iv, data, tag } = JSON.parse(encryptedData);
-    const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(iv, 'hex'));
-    decipher.setAuthTag(Buffer.from(tag, 'hex'));
-    let decrypted = decipher.update(data, 'hex', 'utf8');
-    decrypted += decipher.final('utf8');
-    return decrypted;
-}
-/**
- * Ensure the auth directory exists with proper permissions
- */
-async function ensureAuthDir() {
-    await fs.mkdir(AUTH_DIR, { recursive: true, mode: 0o700 });
-}
-/**
- * Credential storage class
- */
-export class CredentialStorage {
-    /**
-     * Store OAuth tokens for a provider
-     */
-    async storeOAuthTokens(provider, tokens, email) {
-        await ensureAuthDir();
-        const credential = {
-            provider,
-            type: 'oauth',
-            accessToken: tokens.accessToken,
-            refreshToken: tokens.refreshToken,
-            idToken: tokens.idToken,
-            expiresAt: tokens.expiresAt,
-            createdAt: Date.now(),
-            email,
-        };
-        const filePath = getOAuthPath(provider);
-        await fs.writeFile(filePath, JSON.stringify(credential, null, 2), {
-            mode: 0o600,
-        });
-    }
-    /**
-     * Get OAuth tokens for a provider
-     */
-    async getOAuthTokens(provider) {
-        try {
-            const filePath = getOAuthPath(provider);
-            const content = await fs.readFile(filePath, 'utf-8');
-            return JSON.parse(content);
-        }
-        catch {
-            return null;
-        }
-    }
-    /**
-     * Store an API key for a provider (encrypted)
-     */
-    async storeApiKey(provider, apiKey) {
-        await ensureAuthDir();
-        // Load existing keys
-        let keys = {};
-        try {
-            const content = await fs.readFile(getApiKeysPath(), 'utf-8');
-            keys = JSON.parse(decrypt(content));
-        }
-        catch {
-            // No existing keys file
-        }
-        // Add/update the key
-        keys[provider] = {
-            provider,
-            type: 'api_key',
-            accessToken: apiKey,
-            createdAt: Date.now(),
-        };
-        // Write encrypted
-        const encrypted = encrypt(JSON.stringify(keys));
-        await fs.writeFile(getApiKeysPath(), encrypted, { mode: 0o600 });
-    }
-    /**
-     * Get an API key for a provider
-     */
-    async getApiKey(provider) {
-        try {
-            const content = await fs.readFile(getApiKeysPath(), 'utf-8');
-            const keys = JSON.parse(decrypt(content));
-            return keys[provider] || null;
-        }
-        catch {
-            return null;
-        }
-    }
-    /**
-     * Get stored credential for any provider
-     */
-    async getCredential(provider) {
-        if (provider === 'openai' || provider === 'google') {
-            return this.getOAuthTokens(provider);
-        }
-        else {
-            return this.getApiKey(provider);
-        }
-    }
-    /**
-     * Delete credentials for a provider
-     */
-    async delete(provider) {
-        if (provider === 'openai' || provider === 'google') {
-            try {
-                await fs.unlink(getOAuthPath(provider));
-            }
-            catch {
-                // File might not exist
-            }
-        }
-        else {
-            // Remove from encrypted API keys
-            try {
-                const content = await fs.readFile(getApiKeysPath(), 'utf-8');
-                const keys = JSON.parse(decrypt(content));
-                delete keys[provider];
-                if (Object.keys(keys).length === 0) {
-                    await fs.unlink(getApiKeysPath());
-                }
-                else {
-                    const encrypted = encrypt(JSON.stringify(keys));
-                    await fs.writeFile(getApiKeysPath(), encrypted, { mode: 0o600 });
-                }
-            }
-            catch {
-                // File might not exist
-            }
-        }
-    }
-    /**
-     * Check if credentials exist for a provider
-     */
-    async hasCredentials(provider) {
-        const credential = await this.getCredential(provider);
-        return credential !== null;
-    }
-    /**
-     * Get all stored provider credentials (for auth-status)
-     */
-    async getAllCredentials() {
-        const credentials = [];
-        // Check OAuth providers
-        for (const provider of ['openai', 'google']) {
-            const cred = await this.getOAuthTokens(provider);
-            if (cred) {
-                credentials.push(cred);
-            }
-        }
-        // Check API key providers
-        for (const provider of ['anthropic', 'openrouter']) {
-            const cred = await this.getApiKey(provider);
-            if (cred) {
-                credentials.push(cred);
-            }
-        }
-        return credentials;
-    }
-}
-/**
- * Singleton storage instance
- */
-let storageInstance = null;
-/**
- * Get the credential storage instance
- */
-export function getCredentialStorage() {
-    if (!storageInstance) {
-        storageInstance = new CredentialStorage();
-    }
-    return storageInstance;
-}
-//# sourceMappingURL=storage.js.map