patchwork-os 0.2.0-alpha.3 → 0.2.0-alpha.31

package/dist/connectors/tokenStorage.js

@@ -0,0 +1,459 @@
+/**
+ * Token Storage — secure credential storage for OAuth tokens.
+ *
+ * Platform-specific implementations:
+ *   - macOS: Keychain (security command)
+ *   - Windows: DPAPI (data protection API via PowerShell)
+ *   - Linux: Secret Service API (via secret-tool or libsecret)
+ *
+ * Falls back to file-based encrypted storage if native APIs unavailable.
+ */
+import { spawnSync } from "node:child_process";
+import crypto from "node:crypto";
+import { existsSync, mkdirSync, readdirSync, readFileSync, unlinkSync, writeFileSync, } from "node:fs";
+import os from "node:os";
+import { join } from "node:path";
+const SERVICE_NAME = "patchwork-os";
+function storageKey(provider) {
+    return `${SERVICE_NAME}.${provider}`;
+}
+function parseJson(json) {
+    if (json === null) {
+        return null;
+    }
+    try {
+        return JSON.parse(json);
+    }
+    catch {
+        return null;
+    }
+}
+export function storeSecretJsonSync(provider, value) {
+    const key = storageKey(provider);
+    const json = JSON.stringify(value);
+    if (resolveBackend() === "file") {
+        setEncryptedFileSync(key, json);
+        return;
+    }
+    if (setKeychainItemSync(key, json)) {
+        deleteEncryptedFileSync(key);
+        return;
+    }
+    setEncryptedFileSync(key, json);
+}
+export function getSecretJsonSync(provider) {
+    const key = storageKey(provider);
+    if (resolveBackend() === "file") {
+        return parseJson(getEncryptedFileSync(key));
+    }
+    const fromKeychain = getKeychainItemSync(key);
+    if (fromKeychain !== null) {
+        return parseJson(fromKeychain);
+    }
+    return parseJson(getEncryptedFileSync(key));
+}
+export function deleteSecretJsonSync(provider) {
+    const key = storageKey(provider);
+    if (resolveBackend() === "file") {
+        deleteEncryptedFileSync(key);
+        return;
+    }
+    deleteKeychainItemSync(key);
+    deleteEncryptedFileSync(key);
+}
+/**
+ * Store tokens securely for a provider.
+ */
+export async function storeTokens(provider, tokens) {
+    storeSecretJsonSync(provider, tokens);
+}
+/**
+ * Retrieve stored tokens for a provider.
+ */
+export async function getTokens(provider) {
+    return getSecretJsonSync(provider);
+}
+/**
+ * Delete stored tokens for a provider.
+ */
+export async function deleteTokens(provider) {
+    deleteSecretJsonSync(provider);
+}
+/**
+ * List all providers with stored tokens.
+ */
+export async function listStoredProviders() {
+    if (resolveBackend() === "file") {
+        return (await listEncryptedFiles()).sort();
+    }
+    const providers = [];
+    // Check keychain
+    const keychainProviders = await listKeychainItems();
+    providers.push(...keychainProviders);
+    // Check file storage
+    const fileProviders = await listEncryptedFiles();
+    for (const p of fileProviders) {
+        if (!providers.includes(p)) {
+            providers.push(p);
+        }
+    }
+    return providers.sort();
+}
+// Platform implementations are defined at the end of this file
+// ============================================================================
+// Windows DPAPI (via PowerShell)
+// ============================================================================
+function setWindowsCredentialSync(key, value) {
+    if (process.platform !== "win32")
+        return false;
+    try {
+        const script = `
+      $bytes = [System.Text.Encoding]::UTF8.GetBytes('${value.replace(/'/g, "''")}')
+      $protected = [System.Security.Cryptography.ProtectedData]::Protect($bytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser)
+      $path = Join-Path $env:LOCALAPPDATA "PatchworkOS" "tokens"
+      if (-not (Test-Path $path)) { New-Item -ItemType Directory -Path $path -Force | Out-Null }
+      $protected | Set-Content -Path (Join-Path $path "${key}.bin") -Encoding Byte
+    `;
+        const result = spawnSync("powershell", ["-Command", script], {
+            encoding: "utf-8",
+            timeout: 10000,
+        });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+function getWindowsCredentialSync(key) {
+    if (process.platform !== "win32")
+        return null;
+    try {
+        const script = `
+      $path = Join-Path $env:LOCALAPPDATA "PatchworkOS" "tokens" "${key}.bin"
+      if (Test-Path $path) {
+        $bytes = Get-Content -Path $path -Encoding Byte -Raw
+        $unprotected = [System.Security.Cryptography.ProtectedData]::Unprotect($bytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser)
+        [System.Text.Encoding]::UTF8.GetString($unprotected)
+      }
+    `;
+        const result = spawnSync("powershell", ["-Command", script], {
+            encoding: "utf-8",
+            timeout: 10000,
+        });
+        if (result.status !== 0) {
+            return null;
+        }
+        return result.stdout.trim() || null;
+    }
+    catch {
+        return null;
+    }
+}
+// ============================================================================
+// Encrypted File Storage (Fallback)
+// ============================================================================
+function getStorageDir() {
+    const base = process.env.PATCHWORK_HOME ?? join(os.homedir(), ".patchwork");
+    return join(base, "tokens");
+}
+const MASTER_KEY_FILE = ".master.key";
+let cachedKey = null;
+let cachedKeyDir = null;
+function legacyDerivedKey() {
+    // Legacy key: sha256(hostname + username). Kept only for one-time migration
+    // of existing encrypted files. New data is encrypted with the random master key.
+    const machineId = `${os.hostname()}-${os.userInfo().username}`;
+    return crypto.createHash("sha256").update(machineId).digest().slice(0, 32);
+}
+function getEncryptionKey() {
+    const dir = getStorageDir();
+    const keyPath = join(dir, MASTER_KEY_FILE);
+    if (cachedKey && cachedKeyDir === dir && existsSync(keyPath)) {
+        return cachedKey;
+    }
+    if (existsSync(keyPath)) {
+        try {
+            const key = readFileSync(keyPath);
+            if (key.length === 32) {
+                cachedKey = key;
+                cachedKeyDir = dir;
+                return key;
+            }
+        }
+        catch {
+            // fall through to regenerate
+        }
+        // Corrupt or unreadable — replace.
+        try {
+            unlinkSync(keyPath);
+        }
+        catch { }
+    }
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const key = crypto.randomBytes(32);
+    try {
+        // flag "wx" = O_EXCL: fail if another process created the file in between.
+        writeFileSync(keyPath, key, { flag: "wx", mode: 0o600 });
+    }
+    catch {
+        // Another process may have written it first; prefer that one for consistency.
+        try {
+            const existing = readFileSync(keyPath);
+            if (existing.length === 32) {
+                cachedKey = existing;
+                cachedKeyDir = dir;
+                return existing;
+            }
+        }
+        catch { }
+        // Best effort: fall through with the in-memory key.
+    }
+    cachedKey = key;
+    cachedKeyDir = dir;
+    return key;
+}
+function encrypt(text) {
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv("aes-256-gcm", getEncryptionKey(), iv);
+    let encrypted = cipher.update(text, "utf8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag();
+    return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
+}
+function decryptWith(key, encryptedData) {
+    try {
+        const [ivHex, authTagHex, encrypted] = encryptedData.split(":");
+        if (!ivHex || !authTagHex || !encrypted)
+            return null;
+        const decipher = crypto.createDecipheriv("aes-256-gcm", key, Buffer.from(ivHex, "hex"));
+        decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
+        let decrypted = decipher.update(encrypted, "hex", "utf8");
+        decrypted += decipher.final("utf8");
+        return decrypted;
+    }
+    catch {
+        return null;
+    }
+}
+function decrypt(encryptedData) {
+    return decryptWith(getEncryptionKey(), encryptedData);
+}
+function setEncryptedFileSync(key, value) {
+    const dir = getStorageDir();
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const encrypted = encrypt(value);
+    writeFileSync(join(dir, `${key}.enc`), encrypted, { mode: 0o600 });
+}
+function getEncryptedFileSync(key) {
+    const filePath = join(getStorageDir(), `${key}.enc`);
+    if (!existsSync(filePath))
+        return null;
+    try {
+        const encrypted = readFileSync(filePath, "utf-8");
+        const plain = decrypt(encrypted);
+        if (plain !== null)
+            return plain;
+        // One-time migration: files encrypted with the old hostname-derived key
+        // are re-encrypted under the random master key.
+        const legacyPlain = decryptWith(legacyDerivedKey(), encrypted);
+        if (legacyPlain !== null) {
+            setEncryptedFileSync(key, legacyPlain);
+            return legacyPlain;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function deleteEncryptedFileSync(key) {
+    const filePath = join(getStorageDir(), `${key}.enc`);
+    if (existsSync(filePath)) {
+        try {
+            unlinkSync(filePath);
+        }
+        catch { }
+    }
+}
+function listEncryptedFiles() {
+    const dir = getStorageDir();
+    if (!existsSync(dir))
+        return [];
+    try {
+        const files = readdirSync(dir);
+        return files
+            .filter((f) => f.endsWith(".enc"))
+            .map((f) => f.replace(`${SERVICE_NAME}.`, "").replace(".enc", ""));
+    }
+    catch {
+        return [];
+    }
+}
+function deleteWindowsCredentialSync(key) {
+    if (process.platform !== "win32")
+        return false;
+    try {
+        const localAppData = process.env.LOCALAPPDATA;
+        if (!localAppData)
+            return false;
+        const filePath = join(localAppData, "PatchworkOS", "tokens", `${key}.bin`);
+        if (!existsSync(filePath))
+            return true;
+        unlinkSync(filePath);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// ============================================================================
+// Helpers
+// ============================================================================
+function resolveBackend() {
+    const backend = process.env.PATCHWORK_TOKEN_STORAGE_BACKEND;
+    if (backend === "file" || backend === "native" || backend === "auto") {
+        return backend;
+    }
+    return "auto";
+}
+// Platform abstraction
+function setKeychainItemSync(key, value) {
+    if (process.platform === "darwin") {
+        return setMacOSKeychainItemSync(key, value);
+    }
+    if (process.platform === "win32") {
+        return setWindowsCredentialSync(key, value);
+    }
+    return setLinuxSecretSync(key, value);
+}
+function getKeychainItemSync(key) {
+    if (process.platform === "darwin") {
+        return getMacOSKeychainItemSync(key);
+    }
+    if (process.platform === "win32") {
+        return getWindowsCredentialSync(key);
+    }
+    return getLinuxSecretSync(key);
+}
+function deleteKeychainItemSync(key) {
+    if (process.platform === "darwin") {
+        return deleteMacOSKeychainItemSync(key);
+    }
+    if (process.platform === "win32") {
+        return deleteWindowsCredentialSync(key);
+    }
+    return deleteLinuxSecretSync(key);
+}
+function listKeychainItems() {
+    if (process.platform === "darwin") {
+        return listMacOSKeychainItems();
+    }
+    if (process.platform === "win32") {
+        // Handled by file listing
+        return [];
+    }
+    return listLinuxSecrets();
+}
+// Linux Secret Service
+function setLinuxSecretSync(key, value) {
+    try {
+        const result = spawnSync("secret-tool", ["store", "--label", key, "service", SERVICE_NAME, "account", key], { input: value, encoding: "utf-8", timeout: 5000 });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+function getLinuxSecretSync(key) {
+    try {
+        const result = spawnSync("secret-tool", ["lookup", "service", SERVICE_NAME, "account", key], { encoding: "utf-8", timeout: 5000 });
+        if (result.status === 0 && result.stdout) {
+            return result.stdout.trim();
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function deleteLinuxSecretSync(key) {
+    try {
+        const result = spawnSync("secret-tool", ["clear", "service", SERVICE_NAME, "account", key], { encoding: "utf-8", timeout: 5000 });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+function listLinuxSecrets() {
+    // secret-tool doesn't have a list command; we'd need libsecret bindings
+    return [];
+}
+// Rename the platform-specific functions to avoid conflicts
+function setMacOSKeychainItemSync(key, value) {
+    try {
+        const result = spawnSync("security", [
+            "add-generic-password",
+            "-s",
+            key,
+            "-a",
+            SERVICE_NAME,
+            "-w",
+            value,
+            "-U",
+        ], { encoding: "utf-8", timeout: 5000 });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+function getMacOSKeychainItemSync(key) {
+    try {
+        const result = spawnSync("security", ["find-generic-password", "-s", key, "-a", SERVICE_NAME, "-w"], { encoding: "utf-8", timeout: 5000 });
+        if (result.status === 0 && result.stdout) {
+            return result.stdout.trim();
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function deleteMacOSKeychainItemSync(key) {
+    try {
+        const result = spawnSync("security", ["delete-generic-password", "-s", key, "-a", SERVICE_NAME], { encoding: "utf-8", timeout: 5000 });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+function listMacOSKeychainItems() {
+    try {
+        const result = spawnSync("security", ["dump-keychain"], {
+            encoding: "utf-8",
+            timeout: 10000,
+        });
+        if (result.status !== 0)
+            return [];
+        const providers = [];
+        const regex = new RegExp(`svce<blob>=${SERVICE_NAME}\\.([^\\s]+)`, "g");
+        let match;
+        while ((match = regex.exec(result.stdout)) !== null) {
+            const provider = match[1];
+            if (provider) {
+                providers.push(provider);
+            }
+        }
+        return providers;
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=tokenStorage.js.map

package/dist/connectors/tokenStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenStorage.js","sourceRoot":"","sources":["../../src/connectors/tokenStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,WAAW,EACX,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,YAAY,GAAG,cAAc,CAAC;AAWpC,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,GAAG,YAAY,IAAI,QAAQ,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,SAAS,CAAI,IAAmB;IACvC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,KAAc;IAClE,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,cAAc,EAAE,KAAK,MAAM,EAAE,CAAC;QAChC,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IAED,IAAI,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACnC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO;IACT,CAAC;IAED,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAI,QAAgB;IACnD,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAEjC,IAAI,cAAc,EAAE,KAAK,MAAM,EAAE,CAAC;QAChC,OAAO,SAAS,CAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAI,YAAY,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,SAAS,CAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAEjC,IAAI,cAAc,EAAE,KAAK,MAAM,EAAE,CAAC;QAChC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO;IACT,CAAC;IAED,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC5B,uBAAuB,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAgB,EAChB,MAAmB;IAEnB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,OAAO,iBAAiB,CAAc,QAAQ,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,oBAAoB,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,cAAc,EAAE,KAAK,MAAM,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,kBAAkB,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,iBAAiB;IACjB,MAAM,iBAAiB,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACpD,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;IAErC,qBAAqB;IACrB,MAAM,aAAa,GAAG,MAAM,kBAAkB,EAAE,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,+DAA+D;AAE/D,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E,SAAS,wBAAwB,CAAC,GAAW,EAAE,KAAa;IAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG;wDACqC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;;;;yDAIxB,GAAG;KACvD,CAAC;QACF,MAAM,MAAM,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE;YAC3D,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,GAAW;IAC3C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG;oEACiD,GAAG;;;;;;KAMlE,CAAC;QACF,MAAM,MAAM,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE;YAC3D,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,oCAAoC;AACpC,+EAA+E;AAE/E,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;IAC5E,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,eAAe,GAAG,aAAa,CAAC;AAEtC,IAAI,SAAS,GAAkB,IAAI,CAAC;AACpC,IAAI,YAAY,GAAkB,IAAI,CAAC;AAEvC,SAAS,gBAAgB;IACvB,4EAA4E;IAC5E,iFAAiF;IACjF,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC;IAC/D,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAE3C,IAAI,SAAS,IAAI,YAAY,KAAK,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACtB,SAAS,GAAG,GAAG,CAAC;gBAChB,YAAY,GAAG,GAAG,CAAC;gBACnB,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;QACD,mCAAmC;QACnC,IAAI,CAAC;YACH,UAAU,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC;QACH,2EAA2E;QAC3E,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC3B,SAAS,GAAG,QAAQ,CAAC;gBACrB,YAAY,GAAG,GAAG,CAAC;gBACnB,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QACV,oDAAoD;IACtD,CAAC;IACD,SAAS,GAAG,GAAG,CAAC;IAChB,YAAY,GAAG,GAAG,CAAC;IACnB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACpC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;AACzE,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,aAAqB;IACrD,IAAI,CAAC;QACH,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAErD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,aAAa,EACb,GAAG,EACH,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAC1B,CAAC;QACF,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,aAAqB;IACpC,OAAO,WAAW,CAAC,gBAAgB,EAAE,EAAE,aAAa,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW,EAAE,KAAa;IACtD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACjC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAEjC,wEAAwE;QACxE,gDAAgD;QAChD,MAAM,WAAW,GAAG,WAAW,CAAC,gBAAgB,EAAE,EAAE,SAAS,CAAC,CAAC;QAC/D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,oBAAoB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;YACvC,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,GAAW;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAEhC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,KAAK;aACT,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aACzC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CACjB,CAAC,CAAC,OAAO,CAAC,GAAG,YAAY,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CACtD,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,GAAW;IAC9C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAC9C,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC;QAC3E,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,cAAc;IACrB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;IAC5D,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACrE,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uBAAuB;AACvB,SAAS,mBAAmB,CAAC,GAAW,EAAE,KAAa;IACrD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,wBAAwB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,wBAAwB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,2BAA2B,CAAC,GAAG,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,2BAA2B,CAAC,GAAG,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,sBAAsB,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,0BAA0B;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,gBAAgB,EAAE,CAAC;AAC5B,CAAC;AAED,uBAAuB;AACvB,SAAS,kBAAkB,CAAC,GAAW,EAAE,KAAa;IACpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,aAAa,EACb,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,CAAC,EAClE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACnD,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,aAAa,EACb,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,CAAC,EACnD,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;QACF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACzC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,aAAa,EACb,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,CAAC,EAClD,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB;IACvB,wEAAwE;IACxE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,4DAA4D;AAC5D,SAAS,wBAAwB,CAAC,GAAW,EAAE,KAAa;IAC1D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,UAAU,EACV;YACE,sBAAsB;YACtB,IAAI;YACJ,GAAG;YACH,IAAI;YACJ,YAAY;YACZ,IAAI;YACJ,KAAK;YACL,IAAI;SACL,EACD,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,GAAW;IAC3C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,UAAU,EACV,CAAC,uBAAuB,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9D,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;QACF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACzC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,GAAW;IAC9C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,UAAU,EACV,CAAC,yBAAyB,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,CAAC,EAC1D,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,eAAe,CAAC,EAAE;YACtD,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEnC,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,cAAc,YAAY,cAAc,EAAE,GAAG,CAAC,CAAC;QACxE,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,QAAQ,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/connectors/zendesk.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Zendesk connector — read/write Zendesk tickets via the Zendesk REST API v2.
+ *
+ * Auth: API token + email + subdomain.
+ *   - Env vars: ZENDESK_API_TOKEN, ZENDESK_EMAIL, ZENDESK_SUBDOMAIN
+ *   - Stored: getSecretJsonSync("zendesk") → ZendeskTokens
+ *   - Basic auth: `email/token:api_token` (Zendesk token auth convention)
+ *
+ * Tools: listTickets, getTicket, addComment, updateStatus, listUsers
+ *
+ * Extends BaseConnector for unified auth, retry, rate-limit, error handling.
+ */
+import { type AuthContext, BaseConnector, type ConnectorError, type ConnectorStatus } from "./baseConnector.js";
+export interface ZendeskTokens {
+    apiToken: string;
+    email: string;
+    subdomain: string;
+    connected_at: string;
+}
+export interface ZendeskTicket {
+    id: number;
+    subject: string;
+    description: string;
+    status: "new" | "open" | "pending" | "hold" | "solved" | "closed";
+    priority: "urgent" | "high" | "normal" | "low" | null;
+    type: "problem" | "incident" | "question" | "task" | null;
+    requester_id: number;
+    assignee_id: number | null;
+    group_id: number | null;
+    tags: string[];
+    created_at: string;
+    updated_at: string;
+    url: string;
+}
+export interface ZendeskComment {
+    id: number;
+    type: "Comment" | "VoiceComment";
+    author_id: number;
+    body: string;
+    html_body: string;
+    public: boolean;
+    created_at: string;
+}
+export interface ZendeskUser {
+    id: number;
+    name: string;
+    email: string;
+    role: "end-user" | "agent" | "admin";
+    active: boolean;
+    created_at: string;
+}
+export interface ZendeskListResult<T> {
+    results: T[];
+    count: number;
+    next_page: string | null;
+    previous_page: string | null;
+}
+export declare class ZendeskConnector extends BaseConnector {
+    readonly providerName = "zendesk";
+    private tokens;
+    protected getOAuthConfig(): null;
+    authenticate(): Promise<AuthContext>;
+    healthCheck(): Promise<{
+        ok: boolean;
+        error?: ConnectorError;
+    }>;
+    normalizeError(error: unknown): ConnectorError;
+    getStatus(): ConnectorStatus;
+    listTickets(params?: {
+        status?: ZendeskTicket["status"];
+        assigneeId?: number;
+        query?: string;
+        perPage?: number;
+    }): Promise<ZendeskListResult<ZendeskTicket>>;
+    getTicket(ticketId: number): Promise<ZendeskTicket | null>;
+    getTicketComments(ticketId: number): Promise<ZendeskComment[]>;
+    addComment(ticketId: number, body: string, isPublic?: boolean): Promise<ZendeskTicket>;
+    updateStatus(ticketId: number, status: ZendeskTicket["status"]): Promise<ZendeskTicket>;
+    listUsers(role?: ZendeskUser["role"], perPage?: number): Promise<ZendeskUser[]>;
+    private baseUrl;
+    private buildHeaders;
+}
+export declare function loadTokens(): ZendeskTokens | null;
+export declare function saveTokens(tokens: ZendeskTokens): void;
+export declare function clearTokens(): void;
+export declare function getZendeskConnector(): ZendeskConnector;
+export { getZendeskConnector as zendesk };
+export interface ConnectorHandlerResult {
+    status: number;
+    body: string;
+    contentType?: string;
+}
+/**
+ * POST /connections/zendesk/connect  { apiToken, email, subdomain }
+ */
+export declare function handleZendeskConnect(body: string): Promise<ConnectorHandlerResult>;
+/**
+ * POST /connections/zendesk/test
+ */
+export declare function handleZendeskTest(): Promise<ConnectorHandlerResult>;
+/**
+ * DELETE /connections/zendesk
+ */
+export declare function handleZendeskDisconnect(): ConnectorHandlerResult;