patchwork-os 0.2.0-alpha.0 → 0.2.0-alpha.2

package/dist/connectors/gmail.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Gmail OAuth 2.0 connector.
+ *
+ * Handles:
+ *   GET  /connections/gmail/auth      — redirect to Google consent screen
+ *   GET  /connections/gmail/callback  — exchange code for tokens, store locally
+ *   POST /connections/gmail/test      — verify stored token works
+ *   DELETE /connections/gmail         — revoke + delete stored token
+ *   GET  /connections                 — list connector statuses
+ *
+ * Tokens stored at ~/.patchwork/tokens/gmail.json (mode 0600, never leaves machine).
+ * Client credentials read from env: GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET.
+ */
+export interface GmailTokens {
+    access_token: string;
+    refresh_token?: string;
+    expiry_date?: number;
+    token_type?: string;
+    scope?: string;
+}
+export interface ConnectorStatus {
+    id: string;
+    status: "connected" | "disconnected";
+    lastSync?: string;
+    email?: string;
+}
+export declare function loadTokens(): GmailTokens | null;
+/** Returns a valid access token, refreshing if needed. */
+export declare function getValidAccessToken(): Promise<string>;
+export interface ConnectorHandlerResult {
+    status: number;
+    body: string;
+    contentType?: string;
+    redirect?: string;
+}
+export declare function handleConnectionsList(): Promise<ConnectorHandlerResult>;
+export declare function handleGmailAuthRedirect(): ConnectorHandlerResult;
+export declare function handleGmailCallback(code: string | null, state: string | null, error: string | null): Promise<ConnectorHandlerResult>;
+export declare function handleGmailTest(): Promise<ConnectorHandlerResult>;
+export declare function handleGmailDisconnect(): Promise<ConnectorHandlerResult>;

package/dist/connectors/gmail.js

@@ -0,0 +1,275 @@
+/**
+ * Gmail OAuth 2.0 connector.
+ *
+ * Handles:
+ *   GET  /connections/gmail/auth      — redirect to Google consent screen
+ *   GET  /connections/gmail/callback  — exchange code for tokens, store locally
+ *   POST /connections/gmail/test      — verify stored token works
+ *   DELETE /connections/gmail         — revoke + delete stored token
+ *   GET  /connections                 — list connector statuses
+ *
+ * Tokens stored at ~/.patchwork/tokens/gmail.json (mode 0600, never leaves machine).
+ * Client credentials read from env: GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET.
+ */
+import crypto from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync, } from "node:fs";
+import { homedir } from "node:os";
+import path from "node:path";
+const SCOPES = ["https://www.googleapis.com/auth/gmail.readonly"];
+const REDIRECT_URI = "http://localhost:3100/connections/gmail/callback";
+const TOKEN_PATH = path.join(homedir(), ".patchwork", "tokens", "gmail.json");
+function clientId() {
+    return process.env.GMAIL_CLIENT_ID ?? "";
+}
+function clientSecret() {
+    return process.env.GMAIL_CLIENT_SECRET ?? "";
+}
+function isConfigured() {
+    return Boolean(clientId() && clientSecret());
+}
+// ── Token storage ─────────────────────────────────────────────────────────────
+export function loadTokens() {
+    if (!existsSync(TOKEN_PATH))
+        return null;
+    try {
+        return JSON.parse(readFileSync(TOKEN_PATH, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+function saveTokens(tokens) {
+    mkdirSync(path.dirname(TOKEN_PATH), { recursive: true, mode: 0o700 });
+    writeFileSync(TOKEN_PATH, JSON.stringify(tokens, null, 2), { mode: 0o600 });
+}
+function deleteTokens() {
+    if (existsSync(TOKEN_PATH))
+        unlinkSync(TOKEN_PATH);
+}
+// ── OAuth helpers ─────────────────────────────────────────────────────────────
+function buildAuthUrl(state) {
+    const params = new URLSearchParams({
+        client_id: clientId(),
+        redirect_uri: REDIRECT_URI,
+        response_type: "code",
+        scope: SCOPES.join(" "),
+        access_type: "offline",
+        prompt: "consent",
+        state,
+    });
+    return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+}
+async function exchangeCode(code) {
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            code,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            redirect_uri: REDIRECT_URI,
+            grant_type: "authorization_code",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token exchange failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    return {
+        access_token: json.access_token,
+        refresh_token: json.refresh_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : undefined,
+        token_type: json.token_type,
+        scope: json.scope,
+    };
+}
+async function refreshAccessToken(tokens) {
+    if (!tokens.refresh_token)
+        throw new Error("No refresh token available");
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            refresh_token: tokens.refresh_token,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            grant_type: "refresh_token",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token refresh failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    const updated = {
+        ...tokens,
+        access_token: json.access_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : tokens.expiry_date,
+    };
+    saveTokens(updated);
+    return updated;
+}
+/** Returns a valid access token, refreshing if needed. */
+export async function getValidAccessToken() {
+    let tokens = loadTokens();
+    if (!tokens)
+        throw new Error("Gmail not connected");
+    const bufferMs = 60_000;
+    if (tokens.expiry_date && Date.now() > tokens.expiry_date - bufferMs) {
+        tokens = await refreshAccessToken(tokens);
+    }
+    return tokens.access_token;
+}
+async function revokeToken(token) {
+    await fetch(`https://oauth2.googleapis.com/revoke?token=${encodeURIComponent(token)}`, { method: "POST" }).catch(() => { });
+}
+async function fetchUserEmail(accessToken) {
+    const res = await fetch("https://gmail.googleapis.com/gmail/v1/users/me/profile", { headers: { Authorization: `Bearer ${accessToken}` } });
+    if (!res.ok)
+        return "";
+    const json = (await res.json());
+    return json.emailAddress ?? "";
+}
+// ── State map (in-memory CSRF protection) ────────────────────────────────────
+const pendingStates = new Set();
+function generateState() {
+    const state = crypto.randomBytes(32).toString("hex");
+    pendingStates.add(state);
+    setTimeout(() => pendingStates.delete(state), 10 * 60 * 1000); // 10 min TTL
+    return state;
+}
+export async function handleConnectionsList() {
+    const tokens = loadTokens();
+    const { getStatus: getGitHubStatus } = await import("./github.js");
+    const gh = getGitHubStatus();
+    const connectors = [
+        {
+            id: "gmail",
+            status: tokens ? "connected" : "disconnected",
+            lastSync: tokens ? new Date().toISOString() : undefined,
+        },
+        {
+            id: "github",
+            status: gh.connected ? "connected" : "disconnected",
+            lastSync: gh.connected ? new Date().toISOString() : undefined,
+        },
+    ];
+    return {
+        status: 200,
+        contentType: "application/json",
+        body: JSON.stringify({ connectors }),
+    };
+}
+export function handleGmailAuthRedirect() {
+    if (!isConfigured()) {
+        return {
+            status: 503,
+            contentType: "application/json",
+            body: JSON.stringify({
+                error: "Gmail connector not configured. Set GMAIL_CLIENT_ID and GMAIL_CLIENT_SECRET.",
+            }),
+        };
+    }
+    const state = generateState();
+    const url = buildAuthUrl(state);
+    return { status: 302, redirect: url, body: "" };
+}
+export async function handleGmailCallback(code, state, error) {
+    if (error) {
+        return {
+            status: 400,
+            contentType: "text/html",
+            body: callbackHtml("Connection cancelled", `Google returned: ${error}`, false),
+        };
+    }
+    if (!code || !state || !pendingStates.has(state)) {
+        return {
+            status: 400,
+            contentType: "text/html",
+            body: callbackHtml("Invalid request", "Missing or expired state.", false),
+        };
+    }
+    pendingStates.delete(state);
+    try {
+        const tokens = await exchangeCode(code);
+        saveTokens(tokens);
+        const email = await fetchUserEmail(tokens.access_token);
+        return {
+            status: 200,
+            contentType: "text/html",
+            body: callbackHtml("Gmail connected", `Connected${email ? ` as ${email}` : ""}. You can close this tab.`, true),
+        };
+    }
+    catch (err) {
+        return {
+            status: 500,
+            contentType: "text/html",
+            body: callbackHtml("Connection failed", err instanceof Error ? err.message : String(err), false),
+        };
+    }
+}
+export async function handleGmailTest() {
+    try {
+        const token = await getValidAccessToken();
+        const email = await fetchUserEmail(token);
+        return {
+            status: 200,
+            contentType: "application/json",
+            body: JSON.stringify({ ok: true, email }),
+        };
+    }
+    catch (err) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: err instanceof Error ? err.message : String(err),
+            }),
+        };
+    }
+}
+export async function handleGmailDisconnect() {
+    const tokens = loadTokens();
+    if (tokens?.access_token) {
+        await revokeToken(tokens.access_token);
+    }
+    deleteTokens();
+    return {
+        status: 200,
+        contentType: "application/json",
+        body: JSON.stringify({ ok: true }),
+    };
+}
+// ── Callback HTML ─────────────────────────────────────────────────────────────
+function callbackHtml(title, message, success) {
+    const color = success ? "#b8ff57" : "#ff5555";
+    return `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">
+<title>${title} — Patchwork OS</title>
+<style>
+  body { background: #040406; color: #e0e0e0; font-family: system-ui, sans-serif;
+    display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; }
+  .card { background: #0d0d14; border: 1px solid #1e1e2e; border-radius: 8px;
+    padding: 40px 48px; max-width: 420px; text-align: center; }
+  h1 { color: ${color}; font-size: 1.4rem; margin-bottom: 12px; }
+  p { color: #888; line-height: 1.6; }
+  a { color: ${color}; text-decoration: none; font-size: 0.9rem; }
+</style>
+</head>
+<body><div class="card">
+  <h1>${title}</h1>
+  <p>${message}</p>
+  <br><a href="javascript:window.close()">Close this tab</a>
+</div>
+<script>
+  // Notify the opener tab that auth completed so it can poll.
+  if (window.opener) { try { window.opener.postMessage('patchwork:gmail:connected', 'http://localhost:3100'); } catch(_) {} }
+</script>
+</body></html>`;
+}
+//# sourceMappingURL=gmail.js.map

package/dist/connectors/gmail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gmail.js","sourceRoot":"","sources":["../../src/connectors/gmail.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,MAAM,GAAG,CAAC,gDAAgD,CAAC,CAAC;AAClE,MAAM,YAAY,GAAG,kDAAkD,CAAC;AACxE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AAiB9E,SAAS,QAAQ;IACf,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAgB,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAmB;IACrC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,UAAU,CAAC,UAAU,CAAC;QAAE,UAAU,CAAC,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,QAAQ,EAAE;QACrB,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,SAAS;QACjB,KAAK;KACN,CAAC,CAAC;IACH,OAAO,gDAAgD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAY;IACtC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,IAAI;YACJ,SAAS,EAAE,QAAQ,EAAE;YACrB,aAAa,EAAE,YAAY,EAAE;YAC7B,YAAY,EAAE,YAAY;YAC1B,UAAU,EAAE,oBAAoB;SACjC,CAAC,CAAC,QAAQ,EAAE;KACd,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAM7B,CAAC;IACF,OAAO;QACL,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,UAAU;YAC1B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;YACrC,CAAC,CAAC,SAAS;QACb,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,MAAmB;IACnD,IAAI,CAAC,MAAM,CAAC,aAAa;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,QAAQ,EAAE;YACrB,aAAa,EAAE,YAAY,EAAE;YAC7B,UAAU,EAAE,eAAe;SAC5B,CAAC,CAAC,QAAQ,EAAE;KACd,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,MAAM,OAAO,GAAgB;QAC3B,GAAG,MAAM;QACT,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,UAAU;YAC1B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;YACrC,CAAC,CAAC,MAAM,CAAC,WAAW;KACvB,CAAC;IACF,UAAU,CAAC,OAAO,CAAC,CAAC;IACpB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,0DAA0D;AAC1D,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,MAAM,GAAG,UAAU,EAAE,CAAC;IAC1B,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC;IACxB,IAAI,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,GAAG,QAAQ,EAAE,CAAC;QACrE,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC,YAAY,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,KAAa;IACtC,MAAM,KAAK,CACT,8CAA8C,kBAAkB,CAAC,KAAK,CAAC,EAAE,EACzE,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,WAAmB;IAC/C,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,wDAAwD,EACxD,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE,EAAE,CACxD,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA8B,CAAC;IAC7D,OAAO,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,gFAAgF;AAEhF,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;AAExC,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,UAAU,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,aAAa;IAC5E,OAAO,KAAK,CAAC;AACf,CAAC;AAWD,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,EAAE,GAAG,eAAe,EAAE,CAAC;IAC7B,MAAM,UAAU,GAAsB;QACpC;YACE,EAAE,EAAE,OAAO;YACX,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc;YAC7C,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SACxD;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc;YACnD,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SAC9D;KACF,CAAC;IACF,OAAO;QACL,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,kBAAkB;QAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;QACpB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EACH,8EAA8E;aACjF,CAAC;SACH,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAmB,EACnB,KAAoB,EACpB,KAAoB;IAEpB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,sBAAsB,EACtB,oBAAoB,KAAK,EAAE,EAC3B,KAAK,CACN;SACF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAAC,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,CAAC;SAC1E,CAAC;IACJ,CAAC;IACD,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACxC,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACxD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,iBAAiB,EACjB,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,2BAA2B,EAClE,IAAI,CACL;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,mBAAmB,EACnB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,KAAK,CACN;SACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,MAAM,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC;IACD,YAAY,EAAE,CAAC;IACf,OAAO;QACL,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,kBAAkB;QAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;KACnC,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CACnB,KAAa,EACb,OAAe,EACf,OAAgB;IAEhB,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,OAAO;SACA,KAAK;;;;;;gBAME,KAAK;;eAEN,KAAK;;;;QAIZ,KAAK;OACN,OAAO;;;;;;;eAOC,CAAC;AAChB,CAAC"}

package/dist/index.js

@@ -1,4 +1,24 @@
 #!/usr/bin/env node
+// Load .env from repo root if present (connector credentials, etc.).
+// Uses Node 20.6+ native dotenv loader; falls back to manual parse for older Node.
+{
+    const { fileURLToPath: _fileURLToPath } = await import("node:url");
+    const envPath = _fileURLToPath(new URL("../../.env", import.meta.url));
+    try {
+        const { readFileSync, existsSync } = await import("node:fs");
+        if (existsSync(envPath)) {
+            for (const line of readFileSync(envPath, "utf-8").split("\n")) {
+                const m = /^([A-Z_][A-Z0-9_]*)=(.*)$/.exec(line.trim());
+                if (m?.[1] && !process.env[m[1]]) {
+                    process.env[m[1]] = m[2]?.replace(/^["']|["']$/g, "");
+                }
+            }
+        }
+    }
+    catch {
+        /* non-fatal */
+    }
+}
 // Enable V8 compile cache for faster cold-start on repeated restarts (Node 22.8+).
 import nodeModule from "node:module";
 if (typeof nodeModule.enableCompileCache === "function") {
@@ -547,39 +567,99 @@ export function register(ctx) {
     process.stderr.write(`  3. Or add to your config: { "plugins": ["${outDir}"] }\n`);
     process.exit(0);
 }
-// Patchwork: `patchwork recipe run <name>` — POSTs to a running bridge's
-// /recipes/run endpoint to enqueue the recipe via the Claude orchestrator.
+// Patchwork: `patchwork recipe list` — enumerate installed recipes.
+if (process.argv[2] === "recipe" && process.argv[3] === "list") {
+    (async () => {
+        const { listYamlRecipes } = await import("./recipes/yamlRunner.js");
+        const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
+        const recipes = listYamlRecipes(recipesDir);
+        if (recipes.length === 0) {
+            process.stdout.write("No recipes installed. Run `patchwork-os patchwork-init` to install the starter set.\n");
+        }
+        else {
+            process.stdout.write(`Installed recipes (${recipes.length}):\n\n`);
+            for (const r of recipes) {
+                const desc = r.description ? `  ${r.description}` : "";
+                process.stdout.write(`  ${r.name.padEnd(28)} [${r.trigger}]${desc}\n`);
+            }
+            process.stdout.write(`\nRun a recipe: patchwork-os recipe run <name>\n`);
+        }
+        process.exit(0);
+    })();
+}
+// Patchwork: `patchwork recipe run <name>` — runs a recipe locally or via
+// a running bridge's /recipes/run endpoint if one is available.
 if (process.argv[2] === "recipe" && process.argv[3] === "run") {
-    const name = process.argv[4];
+    const args = process.argv.slice(4);
+    const localFlag = args.includes("--local");
+    const name = args.find((a) => !a.startsWith("--"));
     if (!name) {
-        process.stderr.write("Usage: patchwork recipe run <name>\n");
+        process.stderr.write("Usage: patchwork recipe run <name> [--local]\n");
         process.exit(1);
     }
     (async () => {
         try {
+            // Try bridge first (requires --claude-driver subprocess).
             const { findBridgeLock } = await import("./bridgeLockDiscovery.js");
-            const lock = findBridgeLock();
-            if (!lock) {
-                process.stderr.write("Error: no running bridge found under ~/.claude/ide/. Start the bridge with --claude-driver subprocess first.\n");
-                process.exit(1);
-                return;
+            const lock = localFlag ? null : findBridgeLock();
+            if (lock) {
+                const res = await fetch(`http://127.0.0.1:${lock.port}/recipes/run`, {
+                    method: "POST",
+                    headers: {
+                        Authorization: `Bearer ${lock.authToken}`,
+                        "Content-Type": "application/json",
+                    },
+                    body: JSON.stringify({ name }),
+                });
+                const body = (await res.json());
+                if (!body.ok) {
+                    // Fall through to local YAML runner if bridge doesn't know the recipe.
+                    if (!(body.error ?? "").includes("not found")) {
+                        process.stderr.write(`Error: ${body.error ?? "unknown"}\n`);
+                        process.exit(1);
+                        return;
+                    }
+                    // else: fall through to local runner below
+                }
+                else {
+                    process.stdout.write(`  ✓ enqueued recipe "${name}" as task ${(body.taskId ?? "").slice(0, 8)}\n` +
+                        "    Watch progress on the dashboard Tasks page or via listClaudeTasks.\n");
+                    process.exit(0);
+                    return;
+                }
             }
-            const res = await fetch(`http://127.0.0.1:${lock.port}/recipes/run`, {
-                method: "POST",
-                headers: {
-                    Authorization: `Bearer ${lock.authToken}`,
-                    "Content-Type": "application/json",
-                },
-                body: JSON.stringify({ name }),
-            });
-            const body = (await res.json());
-            if (!body.ok) {
-                process.stderr.write(`Error: ${body.error ?? "unknown"}\n`);
+            // No bridge — run locally using the YAML runner.
+            const { loadYamlRecipe, runYamlRecipe } = await import("./recipes/yamlRunner.js");
+            const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
+            const bundledDir = fileURLToPath(new URL("../templates/recipes", import.meta.url));
+            const candidates = [
+                path.join(recipesDir, `${name}.yaml`),
+                path.join(recipesDir, `${name}.yml`),
+                path.join(recipesDir, `${name}.json`),
+                path.join(bundledDir, `${name}.yaml`),
+                path.join(bundledDir, `${name}.yml`),
+            ];
+            let recipePath;
+            for (const c of candidates) {
+                if (existsSync(c)) {
+                    recipePath = c;
+                    break;
+                }
+            }
+            if (!recipePath) {
+                process.stderr.write(`Error: recipe "${name}" not found in ${recipesDir}\n` +
+                    "  Run `patchwork-os recipe list` to see available recipes.\n");
                 process.exit(1);
                 return;
             }
-            process.stdout.write(`  ✓ enqueued recipe "${name}" as task ${(body.taskId ?? "").slice(0, 8)}\n` +
-                "    Watch progress on the dashboard Tasks page or via listClaudeTasks.\n");
+            process.stdout.write(`  Running recipe "${name}" locally…\n`);
+            const recipe = loadYamlRecipe(recipePath);
+            const workdir = lock?.workspace || process.cwd();
+            const result = await runYamlRecipe(recipe, { workdir });
+            process.stdout.write(`  ✓ ${result.stepsRun} step(s) completed\n`);
+            if (result.outputs.length > 0) {
+                process.stdout.write(`  Output written to:\n${result.outputs.map((o) => `    ${o}`).join("\n")}\n`);
+            }
             process.exit(0);
         }
         catch (err) {
@@ -1304,6 +1384,19 @@ Options:
     process.exit(0);
 }
 // F6: "Did you mean?" for unknown CLI subcommands
+// Patchwork: no-args → terminal dashboard (when invoked as patchwork-os or patchwork).
+{
+    const binName = path.basename(process.argv[1] ?? "");
+    const isPatchworkBin = binName === "patchwork-os" ||
+        binName === "patchwork" ||
+        binName === "patchwork.js";
+    if (isPatchworkBin && !process.argv[2]) {
+        (async () => {
+            const { runDashboard } = await import("./commands/dashboard.js");
+            await runDashboard();
+        })();
+    }
+}
 {
     const KNOWN_COMMANDS = [
         "init",
@@ -1319,6 +1412,7 @@ Options:
         "status",
         "shim",
         "recipe",
+        "dashboard",
     ];
     const unknownSub = process.argv[2];
     if (unknownSub &&