smol-symphony 0.2.0 → 0.3.0

package/dist/src/core/credential/fake-creds.js

@@ -0,0 +1,171 @@
+// FCIS rewrite — PURE builder of the guest fake-creds file set (placeholders only).
+//
+// Ported faithfully from the reference `src/agent/gondolin-creds-staging.ts`
+// (`buildGondolinFakeCreds`, `buildClaudeFiles`, `buildCodexFiles`).
+//
+// This is the credential-MODEL half of the Gondolin backend: there is NO proxy
+// server and NO base-URL injection. The in-VM client dials its REAL upstream in
+// its NATIVE mode with a token-shaped PLACEHOLDER as its bearer; Gondolin
+// substitutes the real access token into the outbound request at egress
+// (TLS-MITM) by EXACT string match on the `Authorization` header. So the bearer
+// the guest sends MUST equal the placeholder Gondolin holds — we therefore stage
+// `input.placeholder` VERBATIM as the staged file's bearer field (claude
+// `claudeAiOauth.accessToken`, codex `tokens.access_token`/`id_token`). The real
+// refresh/durable token NEVER enters the guest (the invariant).
+//
+// FCIS shape: in the reference the only IO was reading the host `~/.claude.json`
+// and `~/.codex/auth.json` for the NON-SECRET identity/metadata (oauthAccount
+// UUIDs; codex account_id / auth_mode / last_refresh). In this clean-room rewrite
+// that IO lives in the SHELL: the shell reads + extracts the already-validated
+// `ClaudeIdentity` / `CodexIdentity` and hands them to this core as plain data.
+// This module is 100% synchronous, has ZERO IO, and imports ONLY from src/types.
+//
+// Defense-in-depth (codex review, HIGH, preserved from the reference): even
+// though the shell extractor is expected to validate, this STAGING chokepoint
+// re-validates the codex `accountId` (must be a UUID — a real token/`sk-…`/JWT
+// never matches), `authMode` (closed set), and `lastRefresh` (ISO-timestamp
+// shape) before embedding them into the staged auth.json. A token-shaped value is
+// OMITTED regardless of which producer handed it to us.
+// SHARED account_id guard (codex review HIGH) — the ONE definition. Re-exported
+// so this module's importers keep their specifier.
+import { validAccountId } from './account-id.js';
+export { validAccountId };
+// ---------------------------------------------------------------------------
+// Constants (mirrors the reference guest paths + magic values).
+// ---------------------------------------------------------------------------
+// Guest paths the fake native creds land at (the VM runs as root). These mirror
+// the runner's `stageAdapterExtras` guest paths so a client finds its creds in
+// exactly the place its native mode looks.
+const CLAUDE_CREDENTIALS_GUEST_PATH = '/root/.claude/.credentials.json';
+const CLAUDE_CONFIG_GUEST_PATH = '/root/.claude.json';
+const CODEX_AUTH_GUEST_PATH = '/root/.codex/auth.json';
+// Creds files are 0600.
+const CRED_FILE_MODE = 0o600;
+// Far-future expiry (2100-01-01T00:00:00Z, ms since epoch) so the claude client
+// never proactively refreshes the placeholder (a refresh attempt would be
+// egress-blocked and is pure waste). Matches the spike's `4102444800000`.
+const FAR_FUTURE_MS = 4_102_444_800_000;
+// A junk refresh token: token-SHAPED but explicitly never a real token. The guest
+// has nothing to rotate (the real refresh token stays host-side).
+const JUNK_REFRESH = 'JUNK-PLACEHOLDER-REFRESH-not-a-real-token';
+// ---------------------------------------------------------------------------
+// Validation guards (defense-in-depth; SHARED, codex review HIGH).
+// `validAccountId` + its UUID_RE live in ./account-id.js (imported above).
+// ---------------------------------------------------------------------------
+/** codex auth modes are a tiny closed set. */
+const KNOWN_AUTH_MODES = new Set(['chatgpt', 'apikey']);
+/** `last_refresh` is an ISO-8601 timestamp: digits + `-:.TZ+`, bounded length. */
+const ISO_TIMESTAMP_RE = /^[0-9T:.Z+-]{1,40}$/;
+function validAuthMode(v) {
+    return v !== null && KNOWN_AUTH_MODES.has(v) ? v : null;
+}
+function validLastRefresh(v) {
+    return v !== null && ISO_TIMESTAMP_RE.test(v) ? v : null;
+}
+// ---------------------------------------------------------------------------
+// Entry point.
+// ---------------------------------------------------------------------------
+/**
+ * Build the fake native creds + env additions for `input.adapter`. The
+ * placeholder (a fake, token-shaped value) is what the guest sees as its bearer;
+ * Gondolin substitutes the real token at egress by EXACT string match. The
+ * returned `env` is always the single-entry `{ [secretName]: placeholder }` so a
+ * client reading its bearer from env (not a file) still gets the placeholder.
+ *
+ * 100% synchronous, pure: identity inputs (`claudeIdentity`/`codexIdentity`) are
+ * supplied already-resolved by the shell. No IO.
+ */
+export function buildGondolinFakeCreds(input) {
+    const env = { [input.secretName]: input.placeholder };
+    switch (input.adapter) {
+        case 'claude':
+            return { files: buildClaudeFiles(input.placeholder, input.claudeIdentity), env };
+        case 'codex':
+            return { files: buildCodexFiles(input.placeholder, input.codexIdentity), env };
+        default: {
+            // Exhaustive over AcpAdapterId (closed union claude|codex): the compiler
+            // proves `input.adapter` is `never` here. Kept as a total function.
+            const unreachable = input.adapter;
+            throw new Error(`buildGondolinFakeCreds: unhandled adapter ${String(unreachable)}`);
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Per-adapter builders.
+// ---------------------------------------------------------------------------
+/**
+ * claude fake `~/.claude/.credentials.json` = `{ claudeAiOauth: { accessToken:
+ * <placeholder>, refreshToken: <junk>, expiresAt: <far future ms> } }` (spike B5).
+ * Far-future expiry ⇒ no proactive refresh. ALSO stage the scrubbed
+ * `~/.claude.json` identity (oauthAccount UUIDs only — the real accountUuid /
+ * organizationUuid are identifiers, NOT secrets) when one is supplied; absent
+ * identity is non-fatal (best-effort).
+ */
+export function buildClaudeFiles(placeholder, identity) {
+    const credsContent = JSON.stringify({
+        claudeAiOauth: {
+            accessToken: placeholder,
+            refreshToken: JUNK_REFRESH,
+            expiresAt: FAR_FUTURE_MS,
+        },
+    });
+    const files = [credFile(CLAUDE_CREDENTIALS_GUEST_PATH, credsContent)];
+    if (identity !== null) {
+        const configContent = JSON.stringify({
+            hasCompletedOnboarding: true,
+            oauthAccount: { accountUuid: identity.accountUuid, organizationUuid: identity.organizationUuid },
+            projects: {},
+        });
+        files.push(credFile(CLAUDE_CONFIG_GUEST_PATH, configContent));
+    }
+    return files;
+}
+/**
+ * codex fake `~/.codex/auth.json`, shaped to be COMPLETE for codex 0.135.
+ *
+ * codex 0.135's local auth manager runs a COMPLETENESS check on auth.json BEFORE
+ * it will send the `Authorization` bearer. A too-minimal `{ tokens: {…} }` is
+ * judged "credentials incomplete" → no bearer → 401 → blocked refresh → refusal.
+ * The proven-working shape (spike C7) carries the non-secret top-level
+ * completeness fields `auth_mode` + `last_refresh` (and `OPENAI_API_KEY: null`)
+ * alongside the tokens block.
+ *
+ * SAFETY-FIRST: we do NOT spread any host auth.json into the staged file. We
+ * read ONLY an ALLOWLIST of non-secret metadata (supplied as `CodexIdentity`) and
+ * BUILD a fresh object from scratch, re-validating each field at this chokepoint
+ * (defense-in-depth). The placeholder is staged as both `access_token` (codex's
+ * bearer; Gondolin substitutes the real token at egress) and `id_token`; the
+ * refresh token is JUNK; `account_id` is the non-secret routing identifier.
+ */
+export function buildCodexFiles(placeholder, identity) {
+    // Re-validate at this STAGING chokepoint: a custom/buggy/hostile producer could
+    // hand us a non-UUID `accountId` (or out-of-allowlist `authMode`/`lastRefresh`).
+    // The shared guards run again so a token-shaped value is OMITTED from the staged
+    // auth.json regardless of which producer made it.
+    const accountId = validAccountId(identity?.accountId ?? null);
+    const authMode = validAuthMode(identity?.authMode ?? null);
+    const lastRefresh = validLastRefresh(identity?.lastRefresh ?? null);
+    const tokens = {
+        access_token: placeholder,
+        id_token: placeholder,
+        refresh_token: JUNK_REFRESH,
+        ...(accountId !== null ? { account_id: accountId } : {}),
+    };
+    // Top-level non-secret completeness fields. `OPENAI_API_KEY: null` mirrors the
+    // host (codex stores the OAuth tokens block, NOT an api key); `auth_mode` /
+    // `last_refresh` are the markers codex 0.135's completeness check requires.
+    const auth = {
+        OPENAI_API_KEY: null,
+        ...(authMode !== null ? { auth_mode: authMode } : {}),
+        tokens,
+        ...(lastRefresh !== null ? { last_refresh: lastRefresh } : {}),
+    };
+    return [credFile(CODEX_AUTH_GUEST_PATH, JSON.stringify(auth))];
+}
+// ---------------------------------------------------------------------------
+// Helpers.
+// ---------------------------------------------------------------------------
+function credFile(guestPath, content) {
+    return { guestPath, content, mode: CRED_FILE_MODE };
+}
+//# sourceMappingURL=fake-creds.js.map

package/dist/src/core/credential/fake-creds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fake-creds.js","sourceRoot":"","sources":["../../../../src/core/credential/fake-creds.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,6EAA6E;AAC7E,qEAAqE;AACrE,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,0EAA0E;AAC1E,wEAAwE;AACxE,gFAAgF;AAChF,iFAAiF;AACjF,yEAAyE;AACzE,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,+EAA+E;AAC/E,gFAAgF;AAChF,iFAAiF;AACjF,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,+EAA+E;AAC/E,4EAA4E;AAC5E,kFAAkF;AAClF,wDAAwD;AASxD,gFAAgF;AAChF,mDAAmD;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAE1B,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,gFAAgF;AAChF,+EAA+E;AAC/E,2CAA2C;AAC3C,MAAM,6BAA6B,GAAG,iCAAiC,CAAC;AACxE,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD,wBAAwB;AACxB,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,gFAAgF;AAChF,0EAA0E;AAC1E,0EAA0E;AAC1E,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAExC,kFAAkF;AAClF,kEAAkE;AAClE,MAAM,YAAY,GAAG,2CAA2C,CAAC;AAEjE,8EAA8E;AAC9E,mEAAmE;AACnE,2EAA2E;AAC3E,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC7E,kFAAkF;AAClF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,aAAa,CAAC,CAAgB;IACrC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAgB;IACxC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAyB;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;IAC9E,QAAQ,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,KAAK,QAAQ;YACX,OAAO,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,CAAC;QACnF,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,CAAC;QACjF,OAAO,CAAC,CAAC,CAAC;YACR,yEAAyE;YACzE,oEAAoE;YACpE,MAAM,WAAW,GAAU,KAAK,CAAC,OAAO,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,6CAA6C,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,WAAmB,EACnB,QAA+B;IAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QAClC,aAAa,EAAE;YACb,WAAW,EAAE,WAAW;YACxB,YAAY,EAAE,YAAY;YAC1B,SAAS,EAAE,aAAa;SACzB;KACF,CAAC,CAAC;IACH,MAAM,KAAK,GAAoB,CAAC,QAAQ,CAAC,6BAA6B,EAAE,YAAY,CAAC,CAAC,CAAC;IAEvF,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACnC,sBAAsB,EAAE,IAAI;YAC5B,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,EAAE;YAChG,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,aAAa,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,QAA8B;IAE9B,gFAAgF;IAChF,iFAAiF;IACjF,iFAAiF;IACjF,kDAAkD;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI,CAAC,CAAC;IAEpE,MAAM,MAAM,GAA4B;QACtC,YAAY,EAAE,WAAW;QACzB,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,YAAY;QAC3B,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzD,CAAC;IACF,+EAA+E;IAC/E,4EAA4E;IAC5E,4EAA4E;IAC5E,MAAM,IAAI,GAA4B;QACpC,cAAc,EAAE,IAAI;QACpB,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM;QACN,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IACF,OAAO,CAAC,QAAQ,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,SAAiB,EAAE,OAAe;IAClD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACtD,CAAC"}

package/dist/src/core/credential/identity.js

@@ -0,0 +1,125 @@
+// FCIS rewrite — pure host-identity EXTRACTORS over already-parsed JSON.
+//
+// Functional core: every export is a pure, SYNCHRONOUS (data) -> data function —
+// no IO, no async/Promise, no clock/random, no node: imports; imports ONLY
+// src/types. Ports the PURE half of src/agent/gondolin-creds-staging.ts verbatim
+// in behavior. The original READ the host files itself; a pure core cannot touch
+// fs/os, so the read is a `credential.read_identity` Effect the shell interprets,
+// handing the PARSED JSON (or null when missing/malformed) to these extractors.
+//
+// SECURITY INVARIANT (codex review): the codex auth.json bytes the shell parses DO
+// contain real tokens. These extractors read ONLY non-secret identity by an
+// explicit key allowlist (claude oauthAccount UUIDs; codex `tokens.account_id` /
+// top-level `auth_mode` / `last_refresh`) and NEVER touch
+// `tokens.{access,id,refresh}_token` / a real `OPENAI_API_KEY`. The guards below
+// re-validate at the staging chokepoint so a hostile/buggy reader cannot smuggle a
+// token-shaped value into the placeholder-JWT `chatgpt_account_id` claim (the guest
+// BEARER) or the staged metadata: a non-UUID `account_id`, out-of-allowlist
+// `auth_mode`, or non-ISO `last_refresh` is OMITTED (the SAFE failure), not embedded.
+// SHARED account_id guard (codex review, HIGH) — the ONE definition. Both
+// account_id flows MUST validate through it so a hostile/malformed host
+// `~/.codex/auth.json` cannot smuggle a token-shaped value into either sink:
+// (1) the placeholder JWT's `chatgpt_account_id` claim (the guest BEARER), and
+// (2) the staged `~/.codex/auth.json` `tokens.account_id`. Re-exported so this
+// module's importers keep their specifier.
+import { validAccountId } from './account-id.js';
+export { validAccountId };
+// ---------------------------------------------------------------------------
+// Allowlist format guards (the staging-chokepoint re-validation).
+// ---------------------------------------------------------------------------
+/** codex auth modes are a tiny closed set. */
+const KNOWN_AUTH_MODES = new Set(['chatgpt', 'apikey']);
+/** `last_refresh` is an ISO-8601 timestamp: digits + `-:.TZ+`, bounded length. */
+const ISO_TIMESTAMP_RE = /^[0-9T:.Z+-]{1,40}$/;
+/** Guard the non-secret top-level `auth_mode` against the tiny closed set. */
+export function validAuthMode(v) {
+    return v !== null && KNOWN_AUTH_MODES.has(v) ? v : null;
+}
+/** Guard the non-secret top-level `last_refresh` against the ISO-timestamp shape. */
+export function validLastRefresh(v) {
+    return v !== null && ISO_TIMESTAMP_RE.test(v) ? v : null;
+}
+// ---------------------------------------------------------------------------
+// Extractors over already-parsed JSON (the `credential.read_identity` Effect
+// result the shell hands in).
+// ---------------------------------------------------------------------------
+/**
+ * Pure: pull ONLY the non-secret oauthAccount UUIDs out of a parsed `~/.claude.json`.
+ * Mirrors the original `extractOauthAccountIdentity` — no token, no device/session
+ * id, no local config. Returns null when the file was missing/malformed (parsed is
+ * null/non-object) or the oauthAccount UUIDs are absent.
+ */
+export function extractClaudeIdentity(parsed) {
+    const acct = pickObject(parsed, 'oauthAccount');
+    if (acct === null)
+        return null;
+    const accountUuid = pickString(acct, 'accountUuid');
+    const organizationUuid = pickString(acct, 'organizationUuid');
+    if (accountUuid === null || organizationUuid === null)
+        return null;
+    return { accountUuid, organizationUuid };
+}
+/**
+ * Pure: pull ONLY the non-secret `account_id` out of a parsed `~/.codex/auth.json`
+ * `tokens` block. The parsed object also holds the real access/refresh tokens (the
+ * shell parsed the whole file), but this reads + returns ONLY `account_id` — the
+ * tokens are never returned or emitted.
+ *
+ * SAFETY-CRITICAL (codex review, HIGH): this value flows into the placeholder JWT's
+ * `chatgpt_account_id` claim, and that JWT IS the guest's staged
+ * `tokens.access_token` BEARER. So we validate through the SHARED {@link
+ * validAccountId} UUID guard here: a hostile/malformed `account_id` (a token /
+ * `sk-…` / JWT string) is NOT a UUID → returns null → the claim is OMITTED from the
+ * bearer (the SAFE failure), never embedded.
+ */
+export function extractCodexAccountId(parsed) {
+    const tokens = pickObject(parsed, 'tokens');
+    if (tokens === null)
+        return null;
+    return validAccountId(pickString(tokens, 'account_id'));
+}
+/**
+ * Pure: pull ONLY the allowlisted NON-SECRET codex completeness metadata out of a
+ * parsed `~/.codex/auth.json`. SAFETY-CRITICAL: reads three explicit non-secret
+ * keys by name (`tokens.account_id`, top-level `auth_mode`, `last_refresh`) and
+ * NEVER touches `tokens.access_token` / `tokens.id_token` / `tokens.refresh_token`
+ * / a real `OPENAI_API_KEY` — even though the parsed object holds them. Returns
+ * null only when the file is entirely missing/unparseable (parsed === null / not an
+ * object); a present-but-sparse auth.json yields a struct with null fields (each
+ * omitted downstream). Every non-null field is validated through the shared guards
+ * so a real token (JWT / `sk-…` / refresh) cannot pass as identity/metadata.
+ */
+export function extractCodexMetadata(parsed) {
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
+        return null;
+    const top = parsed;
+    const tokens = pickObject(parsed, 'tokens');
+    return {
+        accountId: validAccountId(tokens !== null ? pickString(tokens, 'account_id') : null),
+        authMode: validAuthMode(pickString(top, 'auth_mode')),
+        lastRefresh: validLastRefresh(pickString(top, 'last_refresh')),
+    };
+}
+// ---------------------------------------------------------------------------
+// Tiny shape pickers (pure).
+// ---------------------------------------------------------------------------
+/** Return `value[key]` when both `value` and the child are plain objects, else null. */
+function pickObject(value, key) {
+    if (!value || typeof value !== 'object' || Array.isArray(value))
+        return null;
+    const v = value[key];
+    if (!v || typeof v !== 'object' || Array.isArray(v))
+        return null;
+    return v;
+}
+/** Return `obj[key]` when it is a non-empty string, else null. */
+function pickString(obj, key) {
+    const v = obj[key];
+    return typeof v === 'string' && v.length > 0 ? v : null;
+}
+// NOTE (boundary, settled): the original `safeReadClaudeIdentity` /
+// `safeReadCodexMetadata` are async try/catch wrappers (fs read + warn-on-failure)
+// around the IO readers. They are IO+async by nature, so they live in the shell
+// interpreter for the `credential.read_identity` Effect — porting them here would
+// break the core async-ban. This module is the PURE extraction half only.
+//# sourceMappingURL=identity.js.map

package/dist/src/core/credential/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../../../src/core/credential/identity.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,EAAE;AACF,iFAAiF;AACjF,2EAA2E;AAC3E,iFAAiF;AACjF,iFAAiF;AACjF,kFAAkF;AAClF,gFAAgF;AAChF,EAAE;AACF,mFAAmF;AACnF,4EAA4E;AAC5E,iFAAiF;AACjF,0DAA0D;AAC1D,iFAAiF;AACjF,mFAAmF;AACnF,oFAAoF;AACpF,4EAA4E;AAC5E,sFAAsF;AAGtF,0EAA0E;AAC1E,wEAAwE;AACxE,6EAA6E;AAC7E,+EAA+E;AAC/E,+EAA+E;AAC/E,2CAA2C;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAE1B,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE7E,kFAAkF;AAClF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,8EAA8E;AAC9E,MAAM,UAAU,aAAa,CAAC,CAAgB;IAC5C,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,gBAAgB,CAAC,CAAgB;IAC/C,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,8BAA8B;AAC9B,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAChD,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACpD,MAAM,gBAAgB,GAAG,UAAU,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC9D,IAAI,WAAW,KAAK,IAAI,IAAI,gBAAgB,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC5C,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC5C,OAAO;QACL,SAAS,EAAE,cAAc,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACrD,WAAW,EAAE,gBAAgB,CAAC,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,wFAAwF;AACxF,SAAS,UAAU,CAAC,KAAc,EAAE,GAAW;IAC7C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,CAAC,GAAI,KAAiC,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,OAAO,CAA4B,CAAC;AACtC,CAAC;AAED,kEAAkE;AAClE,SAAS,UAAU,CAAC,GAA4B,EAAE,GAAW;IAC3D,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,oEAAoE;AACpE,mFAAmF;AACnF,gFAAgF;AAChF,kFAAkF;AAClF,0EAA0E"}

package/dist/src/core/credential/shape.js

@@ -0,0 +1,230 @@
+// FCIS rewrite — PURE credential ASSEMBLY (the "shape" half of the original
+// src/agent/credential-secrets.ts).
+//
+// Functional core: every export here is a pure, synchronous (data) -> data
+// function. No IO, no clock, no randomness read off the wall (the placeholder
+// signature/random segments come from an INJECTED RandomSource port), no node:
+// imports, no process/env read, no Promise. Imports ONLY from src/types.
+//
+// This module owns the *shape* of the credential output, NOT its lifecycle:
+//   - assemblePlaceholderJwt(...) + PLACEHOLDER_JWT_EXP_SECONDS
+//       the JWT-shaped placeholder codex's native mode reads as its (non-expiring)
+//       bearer; the host `chatgpt_account_id` is embedded (UUID-guarded) so codex
+//       does not attempt an egress-blocked mid-turn refresh.
+//   - buildAdapterPlaceholder(adapter, rng, accountId?)
+//       the token-shaped placeholder string for an adapter (sk-ant- / JWT / gho_).
+//   - buildAdapterCredentialSpec(adapter, placeholder)
+//       the per-adapter AdapterCredentialSpec (secretName + substitutionHosts +
+//       placeholder), faithful to the original's static per-adapter config.
+//   - codexUpstreamRoute(token)
+//       the ChatGPT-backend upstream-route decision + chatgpt-account-id header
+//       policy (routes ChatGPT-OAuth subscription tokens off the metered platform
+//       API onto chatgpt.com/backend-api/codex). Pure decision object; the shell
+//       applies it at egress.
+//   - buildAdapterHooksConfig(specs, egressAllowlist)
+//       the egress-allowlist UNION (every adapter's substitutionHosts ∪
+//       egress.allowed_hosts) → AdapterHooksConfig. createHttpHooks ITSELF stays
+//       in the shell; this returns the decided config it is constructed from.
+//
+// The original mixed these pure decisions with host IO (file reads, flock,
+// refresher spawns, the live SecretManager registry, createHttpHooks). All of
+// that is now the shell's job; the SHELL constructs createHttpHooks from the
+// AdapterHooksConfig this core returns, registers the SecretManager, and performs
+// the credential.{probe,refresh,push_to_all} Effects.
+// SHARED account_id UUID guard (codex review HIGH) — the ONE definition.
+// Re-exported so this module's importers keep their specifier.
+import { validAccountId } from './account-id.js';
+export { validAccountId };
+import { nonEmptyString } from './strings.js';
+// ─── per-adapter static config (secret name + substitution hosts) ────────────
+//
+// The env var / secret name each adapter's placeholder is keyed under — the SAME
+// name the in-VM client reads its bearer from (claude `ANTHROPIC_AUTH_TOKEN`,
+// codex `OPENAI_API_KEY`).
+export const CLAUDE_SECRET_NAME = 'ANTHROPIC_AUTH_TOKEN';
+export const CODEX_SECRET_NAME = 'OPENAI_API_KEY';
+// The hosts each adapter's real token may be substituted onto at egress (its
+// credential validity scope — NOT the general firewall; see buildAdapterHooksConfig).
+export const CLAUDE_UPSTREAM_HOST = 'api.anthropic.com';
+// codex ChatGPT-OAuth subscription tokens are honored on the ChatGPT backend
+// (chatgpt.com/backend-api/codex), never the metered platform API.
+export const CODEX_UPSTREAM_HOST = 'chatgpt.com';
+/**
+ * Far-future JWT `exp` (seconds since epoch — 2100-01-01T00:00:00Z) baked into
+ * the codex placeholder so codex's native mode treats it as a long-lived,
+ * unexpired token and never attempts a refresh (egress-blocked → wasteful 403).
+ * Exported so the fake-creds staging + tests can assert the same instant.
+ */
+export const PLACEHOLDER_JWT_EXP_SECONDS = 4_102_444_800;
+// The CHATGPT-backend route the codexUpstreamRoute decision targets.
+const CHATGPT_BACKEND_HOST = 'chatgpt.com';
+// ─── placeholder JWT assembly (codex) ────────────────────────────────────────
+/**
+ * Assemble a structurally-valid (but cryptographically meaningless) JWT-shaped
+ * placeholder: `base64url(header).base64url(payload).<signature>`. codex never
+ * verifies the signature — it reads `exp` (far-future, so it never tries to
+ * refresh) and the `https://api.openai.com/auth.chatgpt_account_id` claim (which
+ * it uses to route + to consider the token complete; a missing claim triggers an
+ * egress-blocked refresh). The real token replaces this whole string at egress.
+ * The `signature` segment is the caller's high-entropy random string (from the
+ * injected RandomSource), making each VM's placeholder unique + exact-matchable
+ * by Gondolin's header substitution.
+ *
+ * SAFETY-CRITICAL: this JWT becomes the guest's staged BEARER, so this is the
+ * LAST chokepoint before a host `account_id` lands in a bearer slot. The id is
+ * re-validated through the shared {@link validAccountId} UUID guard (defense in
+ * depth): a non-UUID / token-shaped value is NOT embedded; the claim is simply
+ * OMITTED (the well-formed, SAFE failure). A real token (JWT / `sk-…` / refresh)
+ * never matches a UUID, so it can never reach the `chatgpt_account_id` claim.
+ */
+export function assemblePlaceholderJwt(signature, accountId = null) {
+    const safeAccountId = validAccountId(accountId);
+    const header = base64urlJson({ alg: 'RS256', typ: 'JWT' });
+    const payload = base64urlJson({
+        exp: PLACEHOLDER_JWT_EXP_SECONDS,
+        ...(safeAccountId !== null
+            ? { 'https://api.openai.com/auth': { chatgpt_account_id: safeAccountId } }
+            : {}),
+    });
+    return `${header}.${payload}.${signature}`;
+}
+// ─── per-adapter placeholder strings ─────────────────────────────────────────
+/**
+ * Build the token-shaped placeholder STRING for an adapter. The original used
+ * Gondolin's `makePlaceholderFunc` (shell) called once at createHttpHooks() time;
+ * here the random material comes from the injected RandomSource (a pure value to
+ * the core) so this stays synchronous + deterministic under test.
+ *
+ *   - claude  → `sk-ant-<random>`        (claude validates the `sk-ant-` shape)
+ *   - codex   → a JWT-shaped placeholder (header.payload.<random-sig>) with a
+ *               far-future `exp` + (when known + UUID-valid) the account-id claim
+ *
+ * `accountId` is consulted ONLY for codex; null/undefined elsewhere.
+ */
+export function buildAdapterPlaceholder(adapter, rng, accountId = null) {
+    switch (adapter) {
+        case 'claude':
+            return `sk-ant-${rng.newToken()}`;
+        case 'codex':
+            // The signature segment is high-entropy random material (base64url-safe).
+            return assemblePlaceholderJwt(rng.newToken(), accountId);
+    }
+}
+// ─── per-adapter credential spec ─────────────────────────────────────────────
+/**
+ * Build the per-adapter {@link AdapterCredentialSpec}: the secret/env name the
+ * placeholder is keyed under, the substitution hosts (the credential's validity
+ * scope — where the real token may be substituted onto an outbound request), and
+ * the placeholder string. Faithful to the original's static per-adapter config.
+ *
+ * SECURITY: `substitutionHosts` is the credential VALIDITY scope, NOT the general
+ * egress firewall — only these are wired into `secrets[].hosts` by the shell, so a
+ * general egress host (from egress.allowed_hosts) never receives a real token.
+ */
+export function buildAdapterCredentialSpec(adapter, placeholder) {
+    switch (adapter) {
+        case 'claude':
+            return {
+                adapter,
+                placeholder,
+                secretName: CLAUDE_SECRET_NAME,
+                substitutionHosts: [CLAUDE_UPSTREAM_HOST],
+            };
+        case 'codex':
+            return {
+                adapter,
+                placeholder,
+                secretName: CODEX_SECRET_NAME,
+                substitutionHosts: [CODEX_UPSTREAM_HOST],
+            };
+    }
+}
+/**
+ * Convenience: assemble both halves (placeholder + spec) for an adapter in one
+ * call, drawing placeholder randomness from the injected RandomSource. The
+ * `accountId` is only consulted for codex (embedded in the placeholder JWT's auth
+ * claim, UUID-guarded).
+ */
+export function buildAdapterCredentialSpecWithPlaceholder(adapter, rng, accountId = null) {
+    return buildAdapterCredentialSpec(adapter, buildAdapterPlaceholder(adapter, rng, accountId));
+}
+/**
+ * Decide the codex upstream route for a credential. ChatGPT-OAuth subscription
+ * tokens are accepted ONLY by OpenAI's ChatGPT backend
+ * (chatgpt.com/backend-api/codex), NOT the metered platform API (api.openai.com/v1,
+ * which 401s "Missing scopes: api.responses.write" — the subscription token carries
+ * only openid/profile/email/offline_access). So for a ChatGPT-OAuth credential we
+ * swap host → chatgpt.com, rewrite `/v1/*` → `/backend-api/codex/*`, and add the
+ * `chatgpt-account-id` header WHEN we have it.
+ *
+ * Routing keys on `chatgptOAuth`, NOT the account id — an OAuth token WITHOUT an
+ * account id still must avoid the platform API (codex review finding). API-key
+ * credentials (`chatgptOAuth` falsy) get null: they keep the default
+ * api.openai.com/v1 route unchanged.
+ */
+export function codexUpstreamRoute(token) {
+    if (!token.chatgptOAuth)
+        return null;
+    // The account id is the routing CONTEXT the backend expects, but it is not the
+    // routing TRIGGER: send the header only when present.
+    const accountId = nonEmptyString(token.chatgptAccountId ?? null);
+    const extraHeaders = accountId !== null ? { 'chatgpt-account-id': accountId } : {};
+    return { host: CHATGPT_BACKEND_HOST, rewritePath: rewriteCodexBackendPath, extraHeaders };
+}
+/** `/v1/<rest>` → `/backend-api/codex/<rest>`; non-`/v1` paths pass through unchanged. */
+export function rewriteCodexBackendPath(pathname) {
+    return pathname.replace(/^\/v1(?=\/|$|\?)/, '/backend-api/codex');
+}
+// ─── egress-allowlist union → hooks config ───────────────────────────────────
+/**
+ * Build the per-VM {@link AdapterHooksConfig} from the per-adapter specs plus the
+ * general workspace egress allowlist.
+ *
+ * The egress firewall (`allowedHosts`) = the general workspace dev-tooling
+ * allowlist (`egress.allowed_hosts` from WORKFLOW.yaml — npm/git/CDNs) UNION every
+ * adapter's `substitutionHosts` (you must be able to reach the host whose token you
+ * substitute on). Deduplicated, order-stable (egress hosts first, then each spec's
+ * substitution hosts in order).
+ *
+ * SECURITY: only `substitutionHosts` are wired (by the shell) into `secrets[].hosts`,
+ * so the real token is NEVER substituted for a general egress host — those receive
+ * plain network egress only. The FIREWALL is the union; the SUBSTITUTION scope is not.
+ */
+export function buildAdapterHooksConfig(specs, egressAllowlist = []) {
+    const substitution = specs.flatMap((s) => s.substitutionHosts);
+    const allowedHosts = dedupe([...egressAllowlist, ...substitution]);
+    return {
+        specs: specs.map((s) => ({ ...s, substitutionHosts: [...s.substitutionHosts] })),
+        allowedHosts,
+    };
+}
+// ─── internal helpers ────────────────────────────────────────────────────────
+// nonEmptyString is the shared credential helper from ./strings.js (imported above).
+/** Order-stable de-duplication (first occurrence wins). */
+function dedupe(values) {
+    const seen = new Set();
+    const out = [];
+    for (const v of values) {
+        if (seen.has(v))
+            continue;
+        seen.add(v);
+        out.push(v);
+    }
+    return out;
+}
+/**
+ * base64url-encode a JSON-serialized object WITHOUT node:buffer (core may not
+ * import node builtins). Mirrors the extract.ts convention (which uses the WHATWG
+ * `atob` for decoding): here we JSON-stringify, UTF-8 encode via
+ * `unescape(encodeURIComponent(...))` (the inverse of extract.ts's decode), base64
+ * via the WHATWG `btoa`, then translate base64 → base64url (strip padding,
+ * `+`→`-`, `/`→`_`).
+ */
+function base64urlJson(obj) {
+    const json = JSON.stringify(obj);
+    // UTF-8 encode the string into a Latin-1 "binary string" btoa accepts.
+    const binary = unescape(encodeURIComponent(json));
+    const b64 = btoa(binary);
+    return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
+}
+//# sourceMappingURL=shape.js.map

package/dist/src/core/credential/shape.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shape.js","sourceRoot":"","sources":["../../../../src/core/credential/shape.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,oCAAoC;AACpC,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,+EAA+E;AAC/E,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gEAAgE;AAChE,mFAAmF;AACnF,kFAAkF;AAClF,6DAA6D;AAC7D,wDAAwD;AACxD,mFAAmF;AACnF,uDAAuD;AACvD,gFAAgF;AAChF,4EAA4E;AAC5E,gCAAgC;AAChC,gFAAgF;AAChF,kFAAkF;AAClF,iFAAiF;AACjF,8BAA8B;AAC9B,sDAAsD;AACtD,wEAAwE;AACxE,iFAAiF;AACjF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AAStD,yEAAyE;AACzE,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;AAElD,6EAA6E;AAC7E,sFAAsF;AACtF,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AACxD,6EAA6E;AAC7E,mEAAmE;AACnE,MAAM,CAAC,MAAM,mBAAmB,GAAG,aAAa,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,aAAa,CAAC;AAEzD,qEAAqE;AACrE,MAAM,oBAAoB,GAAG,aAAa,CAAC;AAE3C,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAAiB,EACjB,YAA2B,IAAI;IAE/B,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,aAAa,CAAC;QAC5B,GAAG,EAAE,2BAA2B;QAChC,GAAG,CAAC,aAAa,KAAK,IAAI;YACxB,CAAC,CAAC,EAAE,6BAA6B,EAAE,EAAE,kBAAkB,EAAE,aAAa,EAAE,EAAE;YAC1E,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IACH,OAAO,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI;IAE/B,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,UAAU,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QACpC,KAAK,OAAO;YACV,0EAA0E;YAC1E,OAAO,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAqB,EACrB,WAAmB;IAEnB,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,kBAAkB;gBAC9B,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;aAC1C,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,iBAAiB;gBAC7B,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;aACzC,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yCAAyC,CACvD,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI;IAE/B,OAAO,0BAA0B,CAAC,OAAO,EAAE,uBAAuB,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;AAC/F,CAAC;AAkBD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAgB;IACjD,IAAI,CAAC,KAAK,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IACrC,+EAA+E;IAC/E,sDAAsD;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC;IACjE,MAAM,YAAY,GAChB,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,uBAAuB,EAAE,YAAY,EAAE,CAAC;AAC5F,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,OAAO,QAAQ,CAAC,OAAO,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;AACpE,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAuC,EACvC,kBAAqC,EAAE;IAEvC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IACnE,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAChF,YAAY;KACb,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,qFAAqF;AAErF,2DAA2D;AAC3D,SAAS,MAAM,CAAC,MAAyB;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC1B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACjC,uEAAuE;IACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzE,CAAC"}

package/dist/src/core/credential/strings.js

@@ -0,0 +1,15 @@
+// FCIS rewrite — shared credential string helpers (the ONE home).
+//
+// `nonEmptyString` was inlined across the credential modules (extract.ts /
+// shape.ts / availability.ts), and availability.ts's copy had DRIFTED to a
+// boolean return while the others returned the string value. The canonical
+// (and strictly more useful — the boolean is just `!== null`) form is the
+// string-valued one; availability.ts's boolean call sites adapt with a
+// `!== null` check. This collapses all three onto one definition.
+//
+// 100% PURE + SYNCHRONOUS. No IO, no node: imports, no clock/randomness.
+/** The value iff it is a non-empty string, else null. (`!== null` ⇒ "is set".) */
+export function nonEmptyString(v) {
+    return typeof v === 'string' && v.length > 0 ? v : null;
+}
+//# sourceMappingURL=strings.js.map

package/dist/src/core/credential/strings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../../../src/core/credential/strings.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,EAAE;AACF,2EAA2E;AAC3E,2EAA2E;AAC3E,2EAA2E;AAC3E,0EAA0E;AAC1E,uEAAuE;AACvE,kEAAkE;AAClE,EAAE;AACF,yEAAyE;AAEzE,kFAAkF;AAClF,MAAM,UAAU,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC"}