opalserve 2.0.0 → 3.0.0

package/README.md

@@ -3,7 +3,7 @@
 </p>
 
 <p align="center">
-  <strong>Local MCP Tool Registry & Discovery Hub</strong>
+  <strong>The control plane for your team's AI tools</strong>
 </p>
 
 <p align="center">
@@ -15,19 +15,41 @@
 
 ---
 
-**OpalServe** aggregates, discovers, and proxies tools across multiple MCP (Model Context Protocol) servers from a single hub.
+**OpalServe** is a team platform for managing AI coding tools. Share MCP servers, knowledge bases, and usage analytics across your engineering team — whether they use Claude Code, Cursor, Codex, or any MCP-compatible tool.
 
-- **Real MCP Protocol** — Connects to any MCP server via stdio, SSE, or Streamable HTTP
-- **Full-Text Search** — SQLite FTS5-powered tool discovery across all servers
-- **Beautiful CLI** — Interactive setup, gradient banners, color-coded tables
-- **HTTP API** — Fastify REST API for managing servers and tools
-- **Persistent** — SQLite database survives restarts
-- **MCP Gateway** — Acts as an MCP server itself for LLM clients
+## Features
+
+- **Team MCP Server Registry** — Admin registers servers once, every developer gets them via `opalserve sync`
+- **Shared Knowledge Base** — Upload architecture docs, coding standards, API specs — your team's AI tools query it automatically via MCP
+- **Usage Analytics Dashboard** — React SPA showing tool calls, token usage, active users, error rates per developer
+- **Auth & Access Control** — User accounts, API keys, rate limits, tool permissions per role
+- **GitHub + Slack Integration** — Webhooks auto-update context, slash commands for search
+- **MCP Gateway** — OpalServe itself is an MCP server — connect any AI client to access all tools from one endpoint
+- **Beautiful CLI** — Interactive setup, gradient banners, color-coded tables, 15+ commands
+- **100% Open Source** — MIT licensed, self-host for free
+
+## Architecture
+
+```
+                    ┌──────────────────────────┐
+                    │   OpalServe Team Server   │
+                    │                           │
+                    │  Team MCP Server Registry │
+                    │  Shared Knowledge Base    │
+                    │  Usage Analytics          │
+                    │  React Admin Dashboard    │
+                    │  Auth / API Keys          │
+                    └────────────┬──────────────┘
+                                 │ HTTPS API
+                ┌────────────────┼────────────────┐
+                │                │                │
+         Dev A (Claude)    Dev B (Cursor)    Dev C (Codex)
+```
 
 ## Quick Start
 
 ```bash
-# Install globally
+# Install
 npm install -g opalserve
 
 # Interactive setup
@@ -35,47 +57,60 @@ opalserve init
 
 # Start the registry
 opalserve start
-```
 
-## Add MCP Servers
-
-```bash
-# Filesystem access
+# Add an MCP server
 opalserve server add --name files --stdio "npx -y @modelcontextprotocol/server-filesystem ."
 
-# GitHub
-opalserve server add --name github --stdio "npx -y @modelcontextprotocol/server-github" --env GITHUB_TOKEN=ghp_xxx
-
-# Any MCP server
-opalserve server add --name my-server --url https://mcp.example.com/sse
+# Search tools
+opalserve tools search "read file"
 ```
 
-## Discover Tools
+## Team Mode
 
 ```bash
-# List all tools
-opalserve tools list
+# Initialize team server
+opalserve admin init
+
+# Start in team mode
+# (set mode: "team-server" in opalserve.config.json)
+opalserve start
 
-# Full-text search
-opalserve tools search "create issue"
+# On each developer's machine:
+opalserve login
+opalserve sync
 
-# Check server health
-opalserve health
+# Upload shared docs
+opalserve context add ./docs/architecture.md
+opalserve context add ./docs/api-spec.md
+
+# Search team knowledge
+opalserve context search "authentication flow"
 ```
 
-## Use as MCP Gateway
+## Admin Dashboard
+
+Start the server and visit `http://localhost:3456/dashboard` for:
+- Usage overview with charts
+- Server status monitoring
+- User management
+- Tool browser with search
+- Knowledge base management
+- API key + integration settings
 
-Point your MCP client (Claude Desktop, Cursor, etc.) at OpalServe to access all tools from one connection:
+## CLI Commands
 
-```json
-{
-  "mcpServers": {
-    "opalserve": {
-      "command": "npx",
-      "args": ["-y", "opalserve", "start", "--mcp"]
-    }
-  }
-}
+```
+opalserve init                    Setup wizard
+opalserve start                   Start server
+opalserve status                  Show status
+opalserve login / logout / whoami Auth commands
+opalserve sync                    Pull team configs
+opalserve server list|add|remove  Server management
+opalserve tools list|search       Tool discovery
+opalserve context add|list|search Knowledge base
+opalserve health                  Health checks
+opalserve admin init|stats|users  Team admin
+opalserve admin limits|permissions Access control
 ```
 
 ## Library Usage
@@ -91,53 +126,15 @@ const registry = await OpalServeRegistry.create({
 });
 
 await registry.start();
-
 const tools = registry.listTools();
 const results = registry.searchTools('read file');
-const result = await registry.callTool('my-files:read_file', { path: './README.md' });
-
 await registry.stop();
 ```
 
-## HTTP API
-
-Start the server with `opalserve start`, then:
-
-```bash
-# Health check
-curl http://localhost:3456/api/v1/health
-
-# List tools
-curl http://localhost:3456/api/v1/tools
-
-# Search tools
-curl "http://localhost:3456/api/v1/tools/search?q=read+file"
-
-# Call a tool
-curl -X POST http://localhost:3456/api/v1/tools/files%3Aread_file/call \
-  -H "Content-Type: application/json" \
-  -d '{"path": "./README.md"}'
-```
-
-## Architecture
-
-```
-[Claude/Cursor] <--MCP--> [OpalServe Gateway] <--MCP--> [Server A]
-                                  |             <--MCP--> [Server B]
-                            [HTTP API]           <--MCP--> [Server C]
-                            [SQLite DB]
-```
-
-OpalServe is simultaneously:
-- An **MCP Client** to each backend server
-- An **MCP Server** exposing aggregated tools
-- An **HTTP API** for management
-- A **CLI** for humans
-
 ## Documentation
 
-Full documentation at [adityaidev.github.io/opalserve](https://adityaidev.github.io/opalserve)
+Full docs at [opalserve.vercel.app](https://opalserve.vercel.app)
 
 ## License
 
-MIT
+MIT — 100% open source, free to self-host

package/assets/logo.svg

@@ -1,54 +1,51 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" fill="none">
   <defs>
-    <linearGradient id="opal-gradient" x1="0%" y1="0%" x2="100%" y2="100%">
+    <linearGradient id="hub-gradient" x1="0%" y1="0%" x2="100%" y2="100%">
       <stop offset="0%" stop-color="#F59E0B"/>
-      <stop offset="35%" stop-color="#F97316"/>
-      <stop offset="65%" stop-color="#EF4444"/>
+      <stop offset="50%" stop-color="#F97316"/>
       <stop offset="100%" stop-color="#8B5CF6"/>
     </linearGradient>
-    <linearGradient id="opal-shine" x1="20%" y1="0%" x2="80%" y2="100%">
-      <stop offset="0%" stop-color="#FFFFFF" stop-opacity="0.4"/>
-      <stop offset="50%" stop-color="#FFFFFF" stop-opacity="0.1"/>
-      <stop offset="100%" stop-color="#FFFFFF" stop-opacity="0"/>
+    <linearGradient id="line-gradient-top" x1="256" y1="256" x2="256" y2="80" gradientUnits="userSpaceOnUse">
+      <stop offset="0%" stop-color="#F97316"/>
+      <stop offset="100%" stop-color="#F59E0B"/>
     </linearGradient>
-    <linearGradient id="facet-light" x1="0%" y1="0%" x2="100%" y2="100%">
-      <stop offset="0%" stop-color="#FFFFFF" stop-opacity="0.25"/>
-      <stop offset="100%" stop-color="#FFFFFF" stop-opacity="0.05"/>
+    <linearGradient id="line-gradient-right" x1="256" y1="256" x2="432" y2="316" gradientUnits="userSpaceOnUse">
+      <stop offset="0%" stop-color="#F97316"/>
+      <stop offset="100%" stop-color="#8B5CF6"/>
+    </linearGradient>
+    <linearGradient id="line-gradient-bottom" x1="256" y1="256" x2="256" y2="432" gradientUnits="userSpaceOnUse">
+      <stop offset="0%" stop-color="#F97316"/>
+      <stop offset="100%" stop-color="#8B5CF6"/>
+    </linearGradient>
+    <linearGradient id="line-gradient-left" x1="256" y1="256" x2="80" y2="196" gradientUnits="userSpaceOnUse">
+      <stop offset="0%" stop-color="#F97316"/>
+      <stop offset="100%" stop-color="#F59E0B"/>
     </linearGradient>
   </defs>
 
-  <!-- Outer gem shape — hexagonal prism -->
-  <polygon
-    points="256,32 432,128 432,320 256,480 80,320 80,128"
-    fill="url(#opal-gradient)"
-  />
+  <!-- Connection lines from hub to satellites -->
+  <line x1="256" y1="256" x2="256" y2="88" stroke="url(#line-gradient-top)" stroke-width="6" stroke-linecap="round" opacity="0.6"/>
+  <line x1="256" y1="256" x2="424" y2="316" stroke="url(#line-gradient-right)" stroke-width="6" stroke-linecap="round" opacity="0.6"/>
+  <line x1="256" y1="256" x2="256" y2="424" stroke="url(#line-gradient-bottom)" stroke-width="6" stroke-linecap="round" opacity="0.6"/>
+  <line x1="256" y1="256" x2="88" y2="196" stroke="url(#line-gradient-left)" stroke-width="6" stroke-linecap="round" opacity="0.6"/>
+
+  <!-- Satellite nodes -->
+  <circle cx="256" cy="88" r="28" fill="#F59E0B" opacity="0.5"/>
+  <circle cx="256" cy="88" r="18" fill="#F59E0B" opacity="0.85"/>
 
-  <!-- Top facet highlight -->
-  <polygon
-    points="256,32 432,128 256,192 80,128"
-    fill="url(#opal-shine)"
-  />
+  <circle cx="424" cy="316" r="28" fill="#8B5CF6" opacity="0.5"/>
+  <circle cx="424" cy="316" r="18" fill="#8B5CF6" opacity="0.85"/>
 
-  <!-- Left facet -->
-  <polygon
-    points="80,128 256,192 256,380 80,320"
-    fill="url(#facet-light)"
-    opacity="0.3"
-  />
+  <circle cx="256" cy="424" r="28" fill="#8B5CF6" opacity="0.5"/>
+  <circle cx="256" cy="424" r="18" fill="#A855F7" opacity="0.85"/>
 
-  <!-- Inner refraction lines -->
-  <line x1="256" y1="192" x2="256" y2="380" stroke="#FFFFFF" stroke-opacity="0.15" stroke-width="2"/>
-  <line x1="256" y1="192" x2="160" y2="260" stroke="#FFFFFF" stroke-opacity="0.12" stroke-width="1.5"/>
-  <line x1="256" y1="192" x2="352" y2="260" stroke="#FFFFFF" stroke-opacity="0.12" stroke-width="1.5"/>
-  <line x1="256" y1="192" x2="180" y2="340" stroke="#FFFFFF" stroke-opacity="0.08" stroke-width="1"/>
-  <line x1="256" y1="192" x2="332" y2="340" stroke="#FFFFFF" stroke-opacity="0.08" stroke-width="1"/>
+  <circle cx="88" cy="196" r="28" fill="#F97316" opacity="0.5"/>
+  <circle cx="88" cy="196" r="18" fill="#F97316" opacity="0.85"/>
 
-  <!-- Center sparkle -->
-  <circle cx="256" cy="220" r="6" fill="#FFFFFF" opacity="0.6"/>
-  <circle cx="256" cy="220" r="12" fill="#FFFFFF" opacity="0.15"/>
+  <!-- Central hub node -->
+  <circle cx="256" cy="256" r="64" fill="url(#hub-gradient)" opacity="0.2"/>
+  <circle cx="256" cy="256" r="48" fill="url(#hub-gradient)"/>
 
-  <!-- Small accent sparkles -->
-  <circle cx="200" cy="260" r="3" fill="#FFFFFF" opacity="0.3"/>
-  <circle cx="310" cy="280" r="2.5" fill="#FFFFFF" opacity="0.25"/>
-  <circle cx="240" cy="320" r="2" fill="#FFFFFF" opacity="0.2"/>
+  <!-- Hub inner highlight -->
+  <circle cx="246" cy="246" r="20" fill="#FFFFFF" opacity="0.15"/>
 </svg>

package/dist/auth/api-keys.d.ts

@@ -0,0 +1,7 @@
+export declare function generateApiKey(): {
+    key: string;
+    keyHash: string;
+    keyPrefix: string;
+};
+export declare function hashApiKey(key: string): string;
+//# sourceMappingURL=api-keys.d.ts.map

package/dist/auth/api-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAEA,wBAAgB,cAAc,IAAI;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAMpF;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9C"}

package/dist/auth/api-keys.js

@@ -0,0 +1,12 @@
+import { randomBytes, createHash } from 'node:crypto';
+export function generateApiKey() {
+    const random = randomBytes(16).toString('hex'); // 32 hex chars
+    const key = `opal_${random}`;
+    const keyHash = hashApiKey(key);
+    const keyPrefix = key.slice(0, 8);
+    return { key, keyHash, keyPrefix };
+}
+export function hashApiKey(key) {
+    return createHash('sha256').update(key).digest('hex');
+}
+//# sourceMappingURL=api-keys.js.map

package/dist/auth/api-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEtD,MAAM,UAAU,cAAc;IAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe;IAC/D,MAAM,GAAG,GAAG,QAAQ,MAAM,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,4 @@
+export { hashPassword, verifyPassword } from './passwords.js';
+export { generateApiKey, hashApiKey } from './api-keys.js';
+export { createAuthMiddleware, registerAuthDecorator } from './middleware.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,4 @@
+export { hashPassword, verifyPassword } from './passwords.js';
+export { generateApiKey, hashApiKey } from './api-keys.js';
+export { createAuthMiddleware, registerAuthDecorator } from './middleware.js';
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/auth/middleware.d.ts

@@ -0,0 +1,11 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import type { Database } from '../storage/database.js';
+import type { User } from '../types/index.js';
+declare module 'fastify' {
+    interface FastifyRequest {
+        user?: User;
+    }
+}
+export declare function createAuthMiddleware(db: Database): (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
+export declare function registerAuthDecorator(app: FastifyInstance): void;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/auth/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb;CACF;AAED,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,QAAQ,IAChB,SAAS,cAAc,EAAE,OAAO,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAsD5F;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,CAEhE"}

package/dist/auth/middleware.js

@@ -0,0 +1,46 @@
+import { hashApiKey } from './api-keys.js';
+export function createAuthMiddleware(db) {
+    return async function authHook(request, reply) {
+        // In local mode, skip auth entirely
+        const mode = process.env.OPALSERVE_MODE || 'local';
+        if (mode === 'local') {
+            return;
+        }
+        const authHeader = request.headers.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            reply.code(401).send({ ok: false, error: 'Missing or invalid Authorization header' });
+            return;
+        }
+        const key = authHeader.slice(7);
+        const keyHash = hashApiKey(key);
+        const row = db.get('SELECT user_id, expires_at FROM api_keys WHERE key_hash = ?', [keyHash]);
+        if (!row) {
+            reply.code(401).send({ ok: false, error: 'Invalid API key' });
+            return;
+        }
+        // Check expiry
+        if (row.expires_at && new Date(row.expires_at) < new Date()) {
+            reply.code(401).send({ ok: false, error: 'API key has expired' });
+            return;
+        }
+        // Update last_used_at
+        db.run('UPDATE api_keys SET last_used_at = datetime("now") WHERE key_hash = ?', [keyHash]);
+        // Load user
+        const user = db.get('SELECT id, email, display_name, created_at, updated_at FROM users WHERE id = ?', [row.user_id]);
+        if (!user) {
+            reply.code(401).send({ ok: false, error: 'User not found' });
+            return;
+        }
+        request.user = {
+            id: user.id,
+            email: user.email,
+            displayName: user.display_name,
+            createdAt: user.created_at,
+            updatedAt: user.updated_at,
+        };
+    };
+}
+export function registerAuthDecorator(app) {
+    app.decorateRequest('user', undefined);
+}
+//# sourceMappingURL=middleware.js.map

package/dist/auth/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAQ3C,MAAM,UAAU,oBAAoB,CAAC,EAAY;IAC/C,OAAO,KAAK,UAAU,QAAQ,CAAC,OAAuB,EAAE,KAAmB;QACzE,oCAAoC;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;QACnD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAEhC,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAChB,6DAA6D,EAC7D,CAAC,OAAO,CAAC,CACV,CAAC;QAEF,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,EAAE,CAAC,GAAG,CAAC,uEAAuE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAE3F,YAAY;QACZ,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CACjB,gFAAgF,EAChF,CAAC,GAAG,CAAC,OAAO,CAAC,CACd,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,OAAO,CAAC,IAAI,GAAG;YACb,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAoB;IACxD,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AACzC,CAAC"}

package/dist/auth/passwords.d.ts

@@ -0,0 +1,3 @@
+export declare function hashPassword(password: string): Promise<string>;
+export declare function verifyPassword(password: string, stored: string): Promise<boolean>;
+//# sourceMappingURL=passwords.d.ts.map

package/dist/auth/passwords.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passwords.d.ts","sourceRoot":"","sources":["../../src/auth/passwords.ts"],"names":[],"mappings":"AAKA,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CASpE;AAED,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAevF"}

package/dist/auth/passwords.js

@@ -0,0 +1,33 @@
+import { randomBytes, scrypt, timingSafeEqual } from 'node:crypto';
+const SALT_LENGTH = 32;
+const KEY_LENGTH = 64;
+export async function hashPassword(password) {
+    const salt = randomBytes(SALT_LENGTH).toString('hex');
+    const hash = await new Promise((resolve, reject) => {
+        scrypt(password, salt, KEY_LENGTH, (err, derivedKey) => {
+            if (err)
+                reject(err);
+            else
+                resolve(derivedKey.toString('hex'));
+        });
+    });
+    return `${salt}:${hash}`;
+}
+export async function verifyPassword(password, stored) {
+    const [salt, storedHash] = stored.split(':');
+    if (!salt || !storedHash)
+        return false;
+    const hash = await new Promise((resolve, reject) => {
+        scrypt(password, salt, KEY_LENGTH, (err, derivedKey) => {
+            if (err)
+                reject(err);
+            else
+                resolve(derivedKey);
+        });
+    });
+    const storedBuffer = Buffer.from(storedHash, 'hex');
+    if (hash.length !== storedBuffer.length)
+        return false;
+    return timingSafeEqual(hash, storedBuffer);
+}
+//# sourceMappingURL=passwords.js.map

package/dist/auth/passwords.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passwords.js","sourceRoot":"","sources":["../../src/auth/passwords.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnE,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,UAAU,GAAG,EAAE,CAAC;AAEtB,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzD,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE;YACrD,IAAI,GAAG;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;gBAChB,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,MAAc;IACnE,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAEvC,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzD,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE;YACrD,IAAI,GAAG;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;gBAChB,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACpD,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAEtD,OAAO,eAAe,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;AAC7C,CAAC"}

package/dist/cli/commands/admin.d.ts

@@ -0,0 +1,13 @@
+export declare function adminInitCommand(): Promise<void>;
+export declare function adminStatsCommand(): Promise<void>;
+export declare function adminUsersCommand(): Promise<void>;
+export declare function adminInviteCommand(email: string): Promise<void>;
+export declare function adminLimitsCommand(options: {
+    set?: string;
+    list?: boolean;
+}): Promise<void>;
+export declare function adminPermissionsCommand(options: {
+    set?: string;
+    list?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=admin.d.ts.map

package/dist/cli/commands/admin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/admin.ts"],"names":[],"mappings":"AAQA,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CA2DtD;AAED,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CAyCvD;AAED,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CA4CvD;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA6DrE;AAED,wBAAsB,kBAAkB,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAkEjG;AAED,wBAAsB,uBAAuB,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+DtG"}