openkitt 0.1.2

package/dist/credentials/config.d.ts

@@ -0,0 +1,12 @@
+export type LlmProvider = 'anthropic' | 'openai' | 'gemini';
+export interface LlmConfig {
+    provider: LlmProvider;
+    model: string;
+    validatedAt: string;
+}
+export declare function storeLlmCredentials(provider: LlmProvider, model: string, apiKey: string): Promise<void>;
+export declare function getLlmApiKey(): Promise<string | null>;
+export declare function getLlmConfig(): Promise<LlmConfig | null>;
+export declare function updateLlmModel(model: string): Promise<void>;
+export declare function clearLlmCredentials(): Promise<void>;
+export declare function isLlmConfigured(): Promise<boolean>;

package/dist/credentials/config.js

@@ -0,0 +1,196 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, statSync, unlinkSync, writeFileSync } from 'node:fs';
+import { homedir, platform } from 'node:os';
+import { join } from 'node:path';
+import { decrypt, encrypt } from './encryption.js';
+import { deleteKeychainValue, getKeychainValue, isKeychainAvailable, setKeychainValue, } from './keychain.js';
+const CONFIG_DIR = join(homedir(), '.kitt');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+const KEYCHAIN_API_KEY = 'llm-api-key';
+const DIR_MODE = 0o700;
+const FILE_MODE = 0o600;
+function isWindows() {
+    return platform() === 'win32';
+}
+function hasExtraPermissionBits(actualMode, allowedMode) {
+    const activeBits = actualMode & 0o777;
+    return (activeBits & ~allowedMode) !== 0;
+}
+function ensurePermissions(path, mode) {
+    if (isWindows() || !existsSync(path)) {
+        return;
+    }
+    const currentMode = statSync(path).mode;
+    if (hasExtraPermissionBits(currentMode, mode)) {
+        console.warn(`[kitt] Detected permissive config permissions for ${path}. Auto-fixing.`);
+        chmodSync(path, mode);
+    }
+}
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: DIR_MODE });
+    }
+    if (!isWindows()) {
+        ensurePermissions(CONFIG_DIR, DIR_MODE);
+    }
+}
+function readConfig() {
+    ensureConfigDir();
+    if (!existsSync(CONFIG_FILE)) {
+        return {};
+    }
+    if (!isWindows()) {
+        ensurePermissions(CONFIG_FILE, FILE_MODE);
+    }
+    const raw = readFileSync(CONFIG_FILE, 'utf-8').trim();
+    if (raw.length === 0) {
+        return {};
+    }
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== 'object') {
+        return {};
+    }
+    return parsed;
+}
+function writeConfig(config) {
+    ensureConfigDir();
+    const tempFile = `${CONFIG_FILE}.tmp-${process.pid}-${Date.now()}`;
+    const payload = `${JSON.stringify(config, null, 2)}\n`;
+    try {
+        writeFileSync(tempFile, payload, { encoding: 'utf-8', mode: FILE_MODE });
+        if (!isWindows()) {
+            chmodSync(tempFile, FILE_MODE);
+        }
+        renameSync(tempFile, CONFIG_FILE);
+        if (!isWindows()) {
+            chmodSync(CONFIG_FILE, FILE_MODE);
+        }
+    }
+    catch (error) {
+        if (existsSync(tempFile)) {
+            unlinkSync(tempFile);
+        }
+        throw error;
+    }
+}
+function isStoredProvider(value) {
+    return value === 'anthropic' || value === 'openai' || value === 'gemini';
+}
+function getStoredLlm(config) {
+    const llm = config.llm;
+    if (!llm || typeof llm !== 'object') {
+        return null;
+    }
+    if (!isStoredProvider(llm.provider)) {
+        return null;
+    }
+    if (typeof llm.model !== 'string' || llm.model.length === 0) {
+        return null;
+    }
+    if (typeof llm.validatedAt !== 'string' || llm.validatedAt.length === 0) {
+        return null;
+    }
+    if (llm.storage !== 'keychain' && llm.storage !== 'encrypted') {
+        return null;
+    }
+    return llm;
+}
+export async function storeLlmCredentials(provider, model, apiKey) {
+    const validatedAt = new Date().toISOString();
+    const keychainAvailable = await isKeychainAvailable();
+    if (keychainAvailable) {
+        const result = await setKeychainValue(KEYCHAIN_API_KEY, apiKey);
+        if (result.success) {
+            writeConfig({
+                llm: {
+                    provider,
+                    model,
+                    validatedAt,
+                    storage: 'keychain',
+                },
+            });
+            return;
+        }
+    }
+    const encrypted = await encrypt(apiKey);
+    await deleteKeychainValue(KEYCHAIN_API_KEY);
+    writeConfig({
+        llm: {
+            provider,
+            model,
+            validatedAt,
+            storage: 'encrypted',
+            apiKey: encrypted.encrypted,
+            iv: encrypted.iv,
+            salt: encrypted.salt,
+            authTag: encrypted.authTag,
+        },
+    });
+}
+export async function getLlmApiKey() {
+    const config = readConfig();
+    const llm = getStoredLlm(config);
+    if (!llm) {
+        return null;
+    }
+    if (llm.storage === 'keychain') {
+        return getKeychainValue(KEYCHAIN_API_KEY);
+    }
+    if (typeof llm.apiKey !== 'string' ||
+        typeof llm.iv !== 'string' ||
+        typeof llm.salt !== 'string' ||
+        typeof llm.authTag !== 'string') {
+        return null;
+    }
+    try {
+        return await decrypt({
+            encrypted: llm.apiKey,
+            iv: llm.iv,
+            salt: llm.salt,
+            authTag: llm.authTag,
+        });
+    }
+    catch {
+        return null;
+    }
+}
+export async function getLlmConfig() {
+    const config = readConfig();
+    const llm = getStoredLlm(config);
+    if (!llm) {
+        return null;
+    }
+    return {
+        provider: llm.provider,
+        model: llm.model,
+        validatedAt: llm.validatedAt,
+    };
+}
+export async function updateLlmModel(model) {
+    const config = readConfig();
+    const llm = getStoredLlm(config);
+    if (!llm) {
+        return;
+    }
+    writeConfig({
+        ...config,
+        llm: {
+            ...llm,
+            model,
+        },
+    });
+}
+export async function clearLlmCredentials() {
+    await deleteKeychainValue(KEYCHAIN_API_KEY);
+    const config = readConfig();
+    if (!config.llm) {
+        return;
+    }
+    const nextConfig = { ...config };
+    delete nextConfig.llm;
+    writeConfig(nextConfig);
+}
+export async function isLlmConfigured() {
+    const [apiKey, llmConfig] = await Promise.all([getLlmApiKey(), getLlmConfig()]);
+    return apiKey !== null && llmConfig !== null;
+}
+//# sourceMappingURL=config.js.map

package/dist/credentials/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/credentials/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC1H,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAgCvB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACpD,MAAM,gBAAgB,GAAG,aAAa,CAAC;AACvC,MAAM,QAAQ,GAAG,KAAK,CAAC;AACvB,MAAM,SAAS,GAAG,KAAK,CAAC;AAExB,SAAS,SAAS;IAChB,OAAO,QAAQ,EAAE,KAAK,OAAO,CAAC;AAChC,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAkB,EAAE,WAAmB;IACrE,MAAM,UAAU,GAAG,UAAU,GAAG,KAAK,CAAC;IACtC,OAAO,CAAC,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,IAAY;IACnD,IAAI,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC;IACxC,IAAI,sBAAsB,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,qDAAqD,IAAI,gBAAgB,CAAC,CAAC;QACxF,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,eAAe;IACtB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACjB,iBAAiB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,eAAe,EAAE,CAAC;IAElB,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACjB,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACtD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,MAAoB;IACvC,eAAe,EAAE,CAAC;IAElB,MAAM,QAAQ,GAAG,GAAG,WAAW,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACnE,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;IAEvD,IAAI,CAAC;QACH,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACjB,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACjC,CAAC;QACD,UAAU,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAClC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACjB,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,QAAQ,CAAC;AAC3E,CAAC;AAED,SAAS,YAAY,CAAC,MAAoB;IACxC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IACvB,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,KAAK,UAAU,IAAI,GAAG,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAqB,EACrB,KAAa,EACb,MAAc;IAEd,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAEtD,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;QAChE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,WAAW,CAAC;gBACV,GAAG,EAAE;oBACH,QAAQ;oBACR,KAAK;oBACL,WAAW;oBACX,OAAO,EAAE,UAAU;iBACpB;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,WAAW,CAAC;QACV,GAAG,EAAE;YACH,QAAQ;YACR,KAAK;YACL,WAAW;YACX,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,SAAS,CAAC,SAAS;YAC3B,EAAE,EAAE,SAAS,CAAC,EAAE;YAChB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,OAAO,EAAE,SAAS,CAAC,OAAO;SAC3B;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC;IAED,IACE,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;QAC9B,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ;QAC1B,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;QAC5B,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC;YACnB,SAAS,EAAE,GAAG,CAAC,MAAM;YACrB,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,WAAW,EAAE,GAAG,CAAC,WAAW;KAC7B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAa;IAChD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;IACT,CAAC;IAED,WAAW,CAAC;QACV,GAAG,MAAM;QACT,GAAG,EAAE;YACH,GAAG,GAAG;YACN,KAAK;SACN;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAiB,EAAE,GAAG,MAAM,EAAE,CAAC;IAC/C,OAAO,UAAU,CAAC,GAAG,CAAC;IACtB,WAAW,CAAC,UAAU,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,MAAM,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC;AAC/C,CAAC"}

package/dist/credentials/encryption.d.ts

@@ -0,0 +1,9 @@
+export interface EncryptedData {
+    encrypted: string;
+    iv: string;
+    salt: string;
+    authTag: string;
+}
+export declare function getMachineId(): string;
+export declare function encrypt(plaintext: string): Promise<EncryptedData>;
+export declare function decrypt(data: EncryptedData): Promise<string>;

package/dist/credentials/encryption.js

@@ -0,0 +1,100 @@
+import { execSync } from 'node:child_process';
+import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes, } from 'node:crypto';
+import { readFileSync } from 'node:fs';
+import { hostname, platform, userInfo } from 'node:os';
+const KITT_SALT = 'openkitt-credential-salt-v1';
+const PBKDF2_ITERATIONS = 100_000;
+const KEY_LENGTH_BYTES = 32;
+const GCM_IV_LENGTH_BYTES = 12;
+const PBKDF2_SALT_LENGTH_BYTES = 16;
+let cachedMachineId;
+export function getMachineId() {
+    if (cachedMachineId) {
+        return cachedMachineId;
+    }
+    const currentPlatform = platform();
+    if (currentPlatform === 'darwin') {
+        try {
+            const output = execSync('ioreg -rd1 -c IOPlatformExpertDevice', {
+                encoding: 'utf-8',
+                stdio: 'pipe',
+            });
+            const match = output.match(/"IOPlatformUUID"\s*=\s*"([^"]+)"/);
+            if (match?.[1]) {
+                cachedMachineId = match[1].trim();
+                return cachedMachineId;
+            }
+        }
+        catch { }
+    }
+    if (currentPlatform === 'linux') {
+        try {
+            const machineId = readFileSync('/etc/machine-id', 'utf-8').trim();
+            if (machineId) {
+                cachedMachineId = machineId;
+                return cachedMachineId;
+            }
+        }
+        catch { }
+    }
+    if (currentPlatform === 'win32') {
+        try {
+            const output = execSync('reg query "HKLM\\SOFTWARE\\Microsoft\\Cryptography" /v MachineGuid', {
+                encoding: 'utf-8',
+                stdio: 'pipe',
+            });
+            const match = output.match(/MachineGuid\s+REG_\w+\s+([^\r\n]+)/i);
+            if (match?.[1]) {
+                cachedMachineId = match[1].trim();
+                return cachedMachineId;
+            }
+        }
+        catch { }
+    }
+    try {
+        cachedMachineId = `${hostname()}${userInfo().username}`;
+    }
+    catch {
+        cachedMachineId = hostname();
+    }
+    return cachedMachineId;
+}
+export async function encrypt(plaintext) {
+    const machineId = getMachineId();
+    const salt = randomBytes(PBKDF2_SALT_LENGTH_BYTES);
+    const iv = randomBytes(GCM_IV_LENGTH_BYTES);
+    const key = pbkdf2Sync(`${machineId}${KITT_SALT}`, salt, PBKDF2_ITERATIONS, KEY_LENGTH_BYTES, 'sha256');
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const encrypted = Buffer.concat([
+        cipher.update(plaintext, 'utf8'),
+        cipher.final(),
+    ]);
+    const authTag = cipher.getAuthTag();
+    return {
+        encrypted: encrypted.toString('base64'),
+        iv: iv.toString('base64'),
+        salt: salt.toString('base64'),
+        authTag: authTag.toString('base64'),
+    };
+}
+export async function decrypt(data) {
+    try {
+        const machineId = getMachineId();
+        const salt = Buffer.from(data.salt, 'base64');
+        const iv = Buffer.from(data.iv, 'base64');
+        const encrypted = Buffer.from(data.encrypted, 'base64');
+        const authTag = Buffer.from(data.authTag, 'base64');
+        const key = pbkdf2Sync(`${machineId}${KITT_SALT}`, salt, PBKDF2_ITERATIONS, KEY_LENGTH_BYTES, 'sha256');
+        const decipher = createDecipheriv('aes-256-gcm', key, iv);
+        decipher.setAuthTag(authTag);
+        const decrypted = Buffer.concat([
+            decipher.update(encrypted),
+            decipher.final(),
+        ]);
+        return decrypted.toString('utf8');
+    }
+    catch {
+        throw new Error('Failed to decrypt credential data. Data may be invalid, tampered, or from a different machine.');
+    }
+}
+//# sourceMappingURL=encryption.js.map

package/dist/credentials/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/credentials/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEvD,MAAM,SAAS,GAAG,6BAA6B,CAAC;AAChD,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAClC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAC5B,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAC/B,MAAM,wBAAwB,GAAG,EAAE,CAAC;AAEpC,IAAI,eAAmC,CAAC;AASxC,MAAM,UAAU,YAAY;IAC1B,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,eAAe,GAAG,QAAQ,EAAE,CAAC;IAEnC,IAAI,eAAe,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,sCAAsC,EAAE;gBAC9D,QAAQ,EAAE,OAAO;gBACjB,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAC/D,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACf,eAAe,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClC,OAAO,eAAe,CAAC;YACzB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,YAAY,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAClE,IAAI,SAAS,EAAE,CAAC;gBACd,eAAe,GAAG,SAAS,CAAC;gBAC5B,OAAO,eAAe,CAAC;YACzB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,oEAAoE,EAAE;gBAC5F,QAAQ,EAAE,OAAO;gBACjB,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YAClE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACf,eAAe,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClC,OAAO,eAAe,CAAC;YACzB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,eAAe,GAAG,GAAG,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe,GAAG,QAAQ,EAAE,CAAC;IAC/B,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,SAAiB;IAC7C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,WAAW,CAAC,wBAAwB,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,WAAW,CAAC,mBAAmB,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,UAAU,CACpB,GAAG,SAAS,GAAG,SAAS,EAAE,EAC1B,IAAI,EACJ,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,CACT,CAAC;IAEF,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC;QAChC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAmB;IAC/C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEpD,MAAM,GAAG,GAAG,UAAU,CACpB,GAAG,SAAS,GAAG,SAAS,EAAE,EAC1B,IAAI,EACJ,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,CACT,CAAC;QAEF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC9B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;YAC1B,QAAQ,CAAC,KAAK,EAAE;SACjB,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAC;IACpH,CAAC;AACH,CAAC"}

package/dist/credentials/keychain.d.ts

@@ -0,0 +1,8 @@
+export interface KeychainResult {
+    success: boolean;
+    error?: string;
+}
+export declare function isKeychainAvailable(): Promise<boolean>;
+export declare function setKeychainValue(key: string, value: string): Promise<KeychainResult>;
+export declare function getKeychainValue(key: string): Promise<string | null>;
+export declare function deleteKeychainValue(key: string): Promise<KeychainResult>;

package/dist/credentials/keychain.js

@@ -0,0 +1,236 @@
+import { execFileSync } from "node:child_process";
+const SERVICE_NAME = "openkitt";
+function normalizeKey(key) {
+    return key.startsWith(`${SERVICE_NAME}-`) ? key : `${SERVICE_NAME}-${key}`;
+}
+function isNotFoundError(errorMessage) {
+    const normalized = errorMessage.toLowerCase();
+    return (normalized.includes("could not be found") ||
+        normalized.includes("item not found") ||
+        normalized.includes("not found") ||
+        normalized.includes("element not found"));
+}
+function getErrorMessage(error) {
+    if (error instanceof Error) {
+        const maybeStderr = error.stderr;
+        if (typeof maybeStderr === "string" && maybeStderr.trim().length > 0) {
+            return maybeStderr.trim();
+        }
+        if (Buffer.isBuffer(maybeStderr) && maybeStderr.length > 0) {
+            return maybeStderr.toString("utf-8").trim();
+        }
+        if (error.message.trim().length > 0) {
+            return error.message.trim();
+        }
+    }
+    return "Unknown keychain error";
+}
+function runPowerShellEncoded(script) {
+    const encodedCommand = Buffer.from(script, "utf16le").toString("base64");
+    return execFileSync("powershell", ["-NoProfile", "-EncodedCommand", encodedCommand], {
+        encoding: "utf-8",
+        stdio: "pipe"
+    }).trim();
+}
+function getWindowsReadScript(targetName) {
+    const escapedTarget = targetName.replace(/'/g, "''");
+    return `$ErrorActionPreference = 'Stop'
+
+Add-Type @"
+using System;
+using System.Runtime.InteropServices;
+
+public static class WinCred {
+  [DllImport("Advapi32.dll", EntryPoint = "CredReadW", CharSet = CharSet.Unicode, SetLastError = true)]
+  public static extern bool CredRead(string target, int type, int reservedFlag, out IntPtr credentialPtr);
+
+  [DllImport("Advapi32.dll", EntryPoint = "CredFree", SetLastError = true)]
+  public static extern void CredFree(IntPtr cred);
+
+  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+  public struct CREDENTIAL {
+    public int Flags;
+    public int Type;
+    public string TargetName;
+    public string Comment;
+    public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten;
+    public int CredentialBlobSize;
+    public IntPtr CredentialBlob;
+    public int Persist;
+    public int AttributeCount;
+    public IntPtr Attributes;
+    public string TargetAlias;
+    public string UserName;
+  }
+}
+"@
+
+$target = '${escapedTarget}'
+$credPtr = [IntPtr]::Zero
+
+if (-not [WinCred]::CredRead($target, 1, 0, [ref]$credPtr)) {
+  exit 2
+}
+
+try {
+  $credential = [System.Runtime.InteropServices.Marshal]::PtrToStructure($credPtr, [type][WinCred+CREDENTIAL])
+  if ($credential.CredentialBlobSize -le 0 -or $credential.CredentialBlob -eq [IntPtr]::Zero) {
+    exit 3
+  }
+
+  $bytes = New-Object byte[] $credential.CredentialBlobSize
+  [System.Runtime.InteropServices.Marshal]::Copy($credential.CredentialBlob, $bytes, 0, $credential.CredentialBlobSize)
+  $secret = [System.Text.Encoding]::Unicode.GetString($bytes)
+  Write-Output $secret
+} finally {
+  [WinCred]::CredFree($credPtr)
+}`;
+}
+function checkMacAvailable() {
+    execFileSync("security", ["-h"], {
+        encoding: "utf-8",
+        stdio: "pipe"
+    });
+    return true;
+}
+function checkLinuxAvailable() {
+    execFileSync("secret-tool", ["--help"], {
+        encoding: "utf-8",
+        stdio: "pipe"
+    });
+    return true;
+}
+function checkWindowsAvailable() {
+    execFileSync("cmdkey", ["/?"], {
+        encoding: "utf-8",
+        stdio: "pipe"
+    });
+    return true;
+}
+export async function isKeychainAvailable() {
+    try {
+        switch (process.platform) {
+            case "darwin":
+                return checkMacAvailable();
+            case "linux":
+                return checkLinuxAvailable();
+            case "win32":
+                return checkWindowsAvailable();
+            default:
+                return false;
+        }
+    }
+    catch {
+        return false;
+    }
+}
+export async function setKeychainValue(key, value) {
+    const normalizedKey = normalizeKey(key);
+    try {
+        switch (process.platform) {
+            case "darwin":
+                execFileSync("security", [
+                    "add-generic-password",
+                    "-a",
+                    normalizedKey,
+                    "-s",
+                    SERVICE_NAME,
+                    "-w",
+                    value,
+                    "-U"
+                ], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                });
+                return { success: true };
+            case "linux":
+                execFileSync("secret-tool", ["store", `--label=${SERVICE_NAME}`, "service", SERVICE_NAME, "key", normalizedKey], {
+                    encoding: "utf-8",
+                    stdio: "pipe",
+                    input: value
+                });
+                return { success: true };
+            case "win32":
+                execFileSync("cmdkey", [
+                    `/generic:${normalizedKey}`,
+                    `/user:${SERVICE_NAME}`,
+                    `/pass:${value}`
+                ], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                });
+                return { success: true };
+            default:
+                return { success: false, error: "Unsupported platform" };
+        }
+    }
+    catch (error) {
+        return { success: false, error: getErrorMessage(error) };
+    }
+}
+export async function getKeychainValue(key) {
+    const normalizedKey = normalizeKey(key);
+    try {
+        switch (process.platform) {
+            case "darwin":
+                return execFileSync("security", ["find-generic-password", "-a", normalizedKey, "-s", SERVICE_NAME, "-w"], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                }).trim();
+            case "linux":
+                return execFileSync("secret-tool", ["lookup", "service", SERVICE_NAME, "key", normalizedKey], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                }).trim();
+            case "win32": {
+                const script = getWindowsReadScript(normalizedKey);
+                const output = runPowerShellEncoded(script);
+                return output.length > 0 ? output : null;
+            }
+            default:
+                return null;
+        }
+    }
+    catch (error) {
+        const errorMessage = getErrorMessage(error);
+        if (isNotFoundError(errorMessage)) {
+            return null;
+        }
+        return null;
+    }
+}
+export async function deleteKeychainValue(key) {
+    const normalizedKey = normalizeKey(key);
+    try {
+        switch (process.platform) {
+            case "darwin":
+                execFileSync("security", ["delete-generic-password", "-a", normalizedKey, "-s", SERVICE_NAME], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                });
+                return { success: true };
+            case "linux":
+                execFileSync("secret-tool", ["clear", "service", SERVICE_NAME, "key", normalizedKey], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                });
+                return { success: true };
+            case "win32":
+                execFileSync("cmdkey", [`/delete:${normalizedKey}`], {
+                    encoding: "utf-8",
+                    stdio: "pipe"
+                });
+                return { success: true };
+            default:
+                return { success: false, error: "Unsupported platform" };
+        }
+    }
+    catch (error) {
+        const errorMessage = getErrorMessage(error);
+        if (isNotFoundError(errorMessage)) {
+            return { success: true };
+        }
+        return { success: false, error: errorMessage };
+    }
+}
+//# sourceMappingURL=keychain.js.map

package/dist/credentials/keychain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/credentials/keychain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAOlD,MAAM,YAAY,GAAG,UAAU,CAAC;AAEhC,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;AAC7E,CAAC;AAED,SAAS,eAAe,CAAC,YAAoB;IAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC;IAC9C,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QACzC,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACrC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;QAChC,UAAU,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CACzC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAI,KAA8C,CAAC,MAAM,CAAC;QAC3E,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrE,OAAO,WAAW,CAAC,IAAI,EAAE,CAAC;QAC5B,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,OAAO,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,OAAO,wBAAwB,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzE,OAAO,YAAY,CACjB,YAAY,EACZ,CAAC,YAAY,EAAE,iBAAiB,EAAE,cAAc,CAAC,EACjD;QACE,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,MAAM;KACd,CACF,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aA+BI,aAAa;;;;;;;;;;;;;;;;;;;EAmBxB,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB;IACxB,YAAY,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/B,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,MAAM;KACd,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB;IAC1B,YAAY,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,EAAE;QACtC,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,MAAM;KACd,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB;IAC5B,YAAY,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAE;QAC7B,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,MAAM;KACd,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,CAAC;QACH,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACX,OAAO,iBAAiB,EAAE,CAAC;YAC7B,KAAK,OAAO;gBACV,OAAO,mBAAmB,EAAE,CAAC;YAC/B,KAAK,OAAO;gBACV,OAAO,qBAAqB,EAAE,CAAC;YACjC;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAW,EACX,KAAa;IAEb,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACX,YAAY,CACV,UAAU,EACV;oBACE,sBAAsB;oBACtB,IAAI;oBACJ,aAAa;oBACb,IAAI;oBACJ,YAAY;oBACZ,IAAI;oBACJ,KAAK;oBACL,IAAI;iBACL,EACD;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,OAAO;gBACV,YAAY,CACV,aAAa,EACb,CAAC,OAAO,EAAE,WAAW,YAAY,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,CAAC,EACnF;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,KAAK;iBACb,CACF,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,OAAO;gBACV,YAAY,CACV,QAAQ,EACR;oBACE,YAAY,aAAa,EAAE;oBAC3B,SAAS,YAAY,EAAE;oBACvB,SAAS,KAAK,EAAE;iBACjB,EACD;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;QAC7D,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAW;IAChD,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACX,OAAO,YAAY,CACjB,UAAU,EACV,CAAC,uBAAuB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,EACxE;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC,IAAI,EAAE,CAAC;YACX,KAAK,OAAO;gBACV,OAAO,YAAY,CACjB,aAAa,EACb,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,CAAC,EACzD;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC,IAAI,EAAE,CAAC;YACX,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,MAAM,MAAM,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;gBACnD,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;gBAC5C,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;YAC3C,CAAC;YACD;gBACE,OAAO,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAW;IACnD,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACX,YAAY,CACV,UAAU,EACV,CAAC,yBAAyB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,CAAC,EACpE;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,OAAO;gBACV,YAAY,CACV,aAAa,EACb,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,CAAC,EACxD;oBACE,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CACF,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,OAAO;gBACV,YAAY,CAAC,QAAQ,EAAE,CAAC,WAAW,aAAa,EAAE,CAAC,EAAE;oBACnD,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,MAAM;iBACd,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;QAC7D,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;IACjD,CAAC;AACH,CAAC"}

package/dist/credentials/railway.d.ts

@@ -0,0 +1,9 @@
+export interface RailwayAuthStatus {
+    authenticated: boolean;
+    username?: string;
+    error?: string;
+}
+export declare function isRailwayInstalled(): Promise<boolean>;
+export declare function checkRailwayAuth(): Promise<RailwayAuthStatus>;
+export declare function railwayLogin(): Promise<RailwayAuthStatus>;
+export declare function railwayLogout(): Promise<boolean>;

package/dist/credentials/railway.js

@@ -0,0 +1,69 @@
+import { execSync } from 'node:child_process';
+export async function isRailwayInstalled() {
+    try {
+        execSync('railway --version', {
+            encoding: 'utf-8',
+            stdio: 'pipe',
+        });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function checkRailwayAuth() {
+    const installed = await isRailwayInstalled();
+    if (!installed) {
+        return {
+            authenticated: false,
+            error: 'Railway CLI not installed',
+        };
+    }
+    try {
+        const output = execSync('railway whoami', {
+            encoding: 'utf-8',
+            stdio: 'pipe',
+        }).trim();
+        if (output && output.length > 0) {
+            return {
+                authenticated: true,
+                username: output,
+            };
+        }
+        return {
+            authenticated: false,
+        };
+    }
+    catch {
+        return {
+            authenticated: false,
+        };
+    }
+}
+export async function railwayLogin() {
+    try {
+        execSync('railway login', {
+            stdio: 'inherit',
+        });
+        return await checkRailwayAuth();
+    }
+    catch {
+        return {
+            authenticated: false,
+            error: 'Failed to complete Railway login',
+        };
+    }
+}
+export async function railwayLogout() {
+    try {
+        execSync('railway logout', {
+            encoding: 'utf-8',
+            stdio: 'pipe',
+        });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=railway.js.map