terminalhire 0.1.0

package/dist/bin/jpi-login.js

@@ -0,0 +1,1603 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/github-auth.ts
+var github_auth_exports = {};
+__export(github_auth_exports, {
+  GITHUB_SCOPE: () => GITHUB_SCOPE,
+  deleteGitHubToken: () => deleteGitHubToken,
+  hasGitHubToken: () => hasGitHubToken,
+  readGitHubToken: () => readGitHubToken,
+  resolveStoredLogin: () => resolveStoredLogin,
+  runDeviceFlow: () => runDeviceFlow,
+  writeGitHubToken: () => writeGitHubToken
+});
+import {
+  createCipheriv,
+  createDecipheriv,
+  randomBytes
+} from "crypto";
+import {
+  readFileSync,
+  writeFileSync,
+  mkdirSync,
+  existsSync,
+  rmSync
+} from "fs";
+import { join } from "path";
+import { homedir } from "os";
+async function loadKey() {
+  try {
+    const kt = await import("keytar");
+    const stored = await kt.getPassword("terminalhire", "profile-key");
+    if (stored) return Buffer.from(stored, "hex");
+    const key2 = randomBytes(KEY_BYTES);
+    await kt.setPassword("terminalhire", "profile-key", key2.toString("hex"));
+    return key2;
+  } catch {
+  }
+  mkdirSync(TERMINALHIRE_DIR, { recursive: true });
+  if (existsSync(KEY_FILE)) {
+    return Buffer.from(readFileSync(KEY_FILE, "utf8").trim(), "hex");
+  }
+  const key = randomBytes(KEY_BYTES);
+  writeFileSync(KEY_FILE, key.toString("hex"), { mode: 384, encoding: "utf8" });
+  return key;
+}
+function encrypt(plaintext, key) {
+  const iv = randomBytes(IV_BYTES);
+  const cipher = createCipheriv(ALGO, key, iv);
+  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return { iv: iv.toString("hex"), tag: tag.toString("hex"), ciphertext: ct.toString("hex") };
+}
+function decrypt(blob, key) {
+  const decipher = createDecipheriv(ALGO, key, Buffer.from(blob.iv, "hex"));
+  decipher.setAuthTag(Buffer.from(blob.tag, "hex"));
+  const plain = Buffer.concat([
+    decipher.update(Buffer.from(blob.ciphertext, "hex")),
+    decipher.final()
+  ]);
+  return plain.toString("utf8");
+}
+async function readGitHubToken() {
+  if (!existsSync(TOKEN_FILE)) return void 0;
+  try {
+    const key = await loadKey();
+    const raw = readFileSync(TOKEN_FILE, "utf8");
+    const blob = JSON.parse(raw);
+    return decrypt(blob, key);
+  } catch {
+    return void 0;
+  }
+}
+async function writeGitHubToken(token) {
+  mkdirSync(TERMINALHIRE_DIR, { recursive: true });
+  const key = await loadKey();
+  const blob = encrypt(token, key);
+  writeFileSync(TOKEN_FILE, JSON.stringify(blob, null, 2), { encoding: "utf8" });
+}
+async function deleteGitHubToken() {
+  try {
+    rmSync(TOKEN_FILE);
+  } catch {
+  }
+}
+async function hasGitHubToken() {
+  return existsSync(TOKEN_FILE);
+}
+async function runDeviceFlow() {
+  if (process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["JPI_GITHUB_MOCK"] === "1") {
+    console.log("\n[mock] GitHub OAuth skipped (JPI_GITHUB_MOCK=1)");
+    console.log(`[mock] Using fixture profile: ${MOCK_LOGIN}`);
+    await writeGitHubToken(MOCK_TOKEN);
+    return MOCK_LOGIN;
+  }
+  const clientId = process.env["GITHUB_DEVICE_CLIENT_ID"] ?? process.env["GITHUB_CLIENT_ID"] ?? DEV_PLACEHOLDER_CLIENT_ID;
+  if (clientId === "Iv1.PLACEHOLDER_REGISTER_YOUR_APP") {
+    console.warn("\nWarning: GITHUB_CLIENT_ID env var looks like a placeholder.");
+    console.warn("Remove it to use the baked-in client ID, or set it to your own OAuth App Client ID.\n");
+  }
+  const deviceRes = await fetch(DEVICE_CODE_URL, {
+    method: "POST",
+    headers: {
+      Accept: "application/json",
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams({ client_id: clientId, scope: GITHUB_SCOPE }).toString(),
+    signal: AbortSignal.timeout(15e3)
+  });
+  if (!deviceRes.ok) {
+    throw new Error(`GitHub device code request failed: HTTP ${deviceRes.status}`);
+  }
+  const deviceData = await deviceRes.json();
+  console.log("");
+  console.log("  GitHub sign-in (device flow)");
+  console.log("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  console.log(`  1. Open: ${deviceData.verification_uri}`);
+  console.log(`  2. Enter code: ${deviceData.user_code}`);
+  console.log('  3. Authorize "jpi" (scope: read:user \u2014 public data only)');
+  console.log("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  console.log("  Waiting for authorization...");
+  console.log("");
+  let intervalSecs = deviceData.interval ?? 5;
+  const expiresAt = Date.now() + (deviceData.expires_in ?? 900) * 1e3;
+  const clientSecret = process.env["GITHUB_CLIENT_SECRET"];
+  while (Date.now() < expiresAt) {
+    await sleep(intervalSecs * 1e3);
+    const body = new URLSearchParams({
+      client_id: clientId,
+      device_code: deviceData.device_code,
+      grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+    });
+    if (clientSecret) body.set("client_secret", clientSecret);
+    const tokenRes = await fetch(ACCESS_TOKEN_URL, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: body.toString(),
+      signal: AbortSignal.timeout(15e3)
+    });
+    if (!tokenRes.ok) {
+      throw new Error(`GitHub token poll failed: HTTP ${tokenRes.status}`);
+    }
+    const tokenData = await tokenRes.json();
+    if (tokenData.access_token) {
+      await writeGitHubToken(tokenData.access_token);
+      const login = await fetchAuthedLogin(tokenData.access_token);
+      console.log(`  Authorized as: ${login}`);
+      return login;
+    }
+    if (tokenData.error === "authorization_pending") {
+      continue;
+    }
+    if (tokenData.error === "slow_down") {
+      intervalSecs = (tokenData.interval ?? intervalSecs) + 5;
+      continue;
+    }
+    if (tokenData.error === "expired_token") {
+      throw new Error("GitHub device code expired. Please run `terminalhire login` again.");
+    }
+    if (tokenData.error === "access_denied") {
+      throw new Error("GitHub authorization was denied by the user.");
+    }
+    throw new Error(
+      `GitHub device flow error: ${tokenData.error ?? "unknown"} \u2014 ${tokenData.error_description ?? ""}`
+    );
+  }
+  throw new Error("GitHub device code expired before authorization. Please run `terminalhire login` again.");
+}
+async function fetchAuthedLogin(token) {
+  if (token === MOCK_TOKEN) return MOCK_LOGIN;
+  const res = await fetch("https://api.github.com/user", {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28"
+    },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!res.ok) throw new Error(`GitHub /user: HTTP ${res.status}`);
+  const data = await res.json();
+  return data.login;
+}
+async function resolveStoredLogin() {
+  if (process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["JPI_GITHUB_MOCK"] === "1") return MOCK_LOGIN;
+  const token = await readGitHubToken();
+  if (!token) return void 0;
+  try {
+    return await fetchAuthedLogin(token);
+  } catch {
+    return void 0;
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var TERMINALHIRE_DIR, TOKEN_FILE, KEY_FILE, ALGO, KEY_BYTES, IV_BYTES, GITHUB_SCOPE, DEVICE_CODE_URL, ACCESS_TOKEN_URL, DEV_PLACEHOLDER_CLIENT_ID, MOCK_TOKEN, MOCK_LOGIN;
+var init_github_auth = __esm({
+  "src/github-auth.ts"() {
+    "use strict";
+    TERMINALHIRE_DIR = join(homedir(), ".terminalhire");
+    TOKEN_FILE = join(TERMINALHIRE_DIR, "github-token.enc");
+    KEY_FILE = join(TERMINALHIRE_DIR, "key");
+    ALGO = "aes-256-gcm";
+    KEY_BYTES = 32;
+    IV_BYTES = 12;
+    GITHUB_SCOPE = "read:user";
+    DEVICE_CODE_URL = "https://github.com/login/device/code";
+    ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
+    DEV_PLACEHOLDER_CLIENT_ID = "Ov23lignE2ZSBe0J3a6B";
+    MOCK_TOKEN = "mock-github-token-jpi-dev";
+    MOCK_LOGIN = "janedev";
+  }
+});
+
+// ../../packages/core/src/types.ts
+var init_types = __esm({
+  "../../packages/core/src/types.ts"() {
+    "use strict";
+  }
+});
+
+// ../../packages/core/src/vocabulary.ts
+function normalize(tokens) {
+  const result = /* @__PURE__ */ new Set();
+  for (const raw of tokens) {
+    const lower = raw.toLowerCase().trim();
+    if (VOCAB_SET.has(lower)) {
+      result.add(lower);
+      continue;
+    }
+    const mapped = SYNONYMS[lower];
+    if (mapped && VOCAB_SET.has(mapped)) {
+      result.add(mapped);
+    }
+  }
+  return Array.from(result);
+}
+var VOCABULARY, SYNONYMS, VOCAB_SET;
+var init_vocabulary = __esm({
+  "../../packages/core/src/vocabulary.ts"() {
+    "use strict";
+    VOCABULARY = [
+      // Languages
+      "typescript",
+      "javascript",
+      "python",
+      "go",
+      "rust",
+      "java",
+      "ruby",
+      "elixir",
+      "scala",
+      "kotlin",
+      "swift",
+      "cpp",
+      "csharp",
+      "php",
+      "haskell",
+      "clojure",
+      "r",
+      // Frontend frameworks / libs
+      "react",
+      "nextjs",
+      "vue",
+      "nuxt",
+      "svelte",
+      "angular",
+      "solidjs",
+      "tailwind",
+      "css",
+      "html",
+      "graphql",
+      "trpc",
+      // Backend frameworks
+      "nodejs",
+      "express",
+      "fastify",
+      "nestjs",
+      "django",
+      "fastapi",
+      "flask",
+      "rails",
+      "spring",
+      "actix",
+      "gin",
+      "phoenix",
+      "laravel",
+      "dotnet",
+      // Infrastructure & DevOps
+      "kubernetes",
+      "docker",
+      "terraform",
+      "aws",
+      "gcp",
+      "azure",
+      "ci-cd",
+      "github-actions",
+      "linux",
+      "nginx",
+      "pulumi",
+      "ansible",
+      "prometheus",
+      "grafana",
+      "datadog",
+      "opentelemetry",
+      // Data & ML
+      "postgresql",
+      "mysql",
+      "sqlite",
+      "mongodb",
+      "redis",
+      "elasticsearch",
+      "kafka",
+      "rabbitmq",
+      "data-engineering",
+      "spark",
+      "airflow",
+      "dbt",
+      "ml",
+      "llm",
+      "pytorch",
+      "tensorflow",
+      "pandas",
+      "numpy",
+      // Domains / capabilities
+      "oauth",
+      "authentication",
+      "security",
+      "payments",
+      "billing",
+      "frontend",
+      "backend",
+      "devops",
+      "mobile",
+      "ios",
+      "android",
+      "api-design",
+      "microservices",
+      "websockets",
+      "testing",
+      "accessibility",
+      "seo",
+      "performance",
+      "observability",
+      "search",
+      "realtime"
+    ];
+    SYNONYMS = {
+      // Kubernetes aliases
+      "k8s": "kubernetes",
+      "kube": "kubernetes",
+      // Auth / identity
+      "passport": "authentication",
+      "oauth2": "oauth",
+      "oidc": "oauth",
+      "jwt": "authentication",
+      "saml": "authentication",
+      "auth0": "authentication",
+      "clerk": "authentication",
+      "nextauth": "authentication",
+      // Payments
+      "@stripe/stripe-js": "payments",
+      "stripe": "payments",
+      "braintree": "payments",
+      "paddle": "payments",
+      "lemonsqueezy": "payments",
+      "recurly": "billing",
+      "chargebee": "billing",
+      // Framework / lib aliases
+      "next": "nextjs",
+      "next.js": "nextjs",
+      "nuxt.js": "nuxt",
+      "vue.js": "vue",
+      "angular.js": "angular",
+      "angularjs": "angular",
+      "express.js": "express",
+      "expressjs": "express",
+      "fastapi": "fastapi",
+      "nest": "nestjs",
+      "nest.js": "nestjs",
+      "sveltekit": "svelte",
+      // Language aliases
+      "ts": "typescript",
+      "js": "javascript",
+      "py": "python",
+      "golang": "go",
+      "c++": "cpp",
+      "c#": "csharp",
+      ".net": "dotnet",
+      "asp.net": "dotnet",
+      // DB aliases
+      "postgres": "postgresql",
+      "pg": "postgresql",
+      "mongo": "mongodb",
+      "elastic": "elasticsearch",
+      // Cloud aliases
+      "amazon web services": "aws",
+      "google cloud": "gcp",
+      "google cloud platform": "gcp",
+      "microsoft azure": "azure",
+      // CI/CD aliases
+      "github actions": "github-actions",
+      "circle ci": "ci-cd",
+      "circleci": "ci-cd",
+      "jenkins": "ci-cd",
+      "gitlab ci": "ci-cd",
+      "travis": "ci-cd",
+      // Mobile
+      "react native": "mobile",
+      "flutter": "mobile",
+      "expo": "mobile",
+      // AI / ML
+      "openai": "llm",
+      "anthropic": "llm",
+      "langchain": "llm",
+      "llamaindex": "llm",
+      "hugging face": "ml",
+      "huggingface": "ml",
+      "scikit-learn": "ml",
+      "sklearn": "ml",
+      // Data pipeline
+      "apache kafka": "kafka",
+      "apache spark": "spark",
+      "apache airflow": "airflow",
+      // Misc
+      "tailwindcss": "tailwind",
+      "tw": "tailwind",
+      "gql": "graphql",
+      "ws": "websockets",
+      "socket.io": "websockets",
+      "jest": "testing",
+      "vitest": "testing",
+      "playwright": "testing",
+      "cypress": "testing"
+    };
+    VOCAB_SET = new Set(VOCABULARY);
+  }
+});
+
+// ../../packages/core/src/matcher.ts
+function computeIdf(jobs) {
+  const docFreq = /* @__PURE__ */ new Map();
+  const N = jobs.length;
+  for (const job of jobs) {
+    const unique = new Set(job.tags);
+    for (const tag of unique) {
+      docFreq.set(tag, (docFreq.get(tag) ?? 0) + 1);
+    }
+  }
+  const idf = /* @__PURE__ */ new Map();
+  for (const [tag, df] of docFreq) {
+    idf.set(tag, Math.log((N + 1) / (df + 1)) + 1);
+  }
+  return idf;
+}
+function inferSeniority(title) {
+  for (const [re, level] of SENIORITY_PATTERNS) {
+    if (re.test(title)) return level;
+  }
+  return void 0;
+}
+function seniorityScore(fp, job) {
+  if (!fp.seniorityBand) return 1;
+  const jobLevel = inferSeniority(job.title);
+  if (!jobLevel) return 0.85;
+  const wanted = SENIORITY_RANK[fp.seniorityBand] ?? 1;
+  const got = SENIORITY_RANK[jobLevel] ?? 1;
+  const delta = Math.abs(wanted - got);
+  if (delta === 0) return 1;
+  if (delta === 1) return 0.5;
+  return 0.2;
+}
+function recencyScore(postedAt) {
+  if (!postedAt) return 0.75;
+  const ageDays = (Date.now() - new Date(postedAt).getTime()) / 864e5;
+  if (ageDays < 7) return 1;
+  if (ageDays < 30) return 0.9;
+  if (ageDays < 90) return 0.75;
+  return 0.6;
+}
+function passesFilters(fp, job) {
+  const prefs = fp.prefs;
+  if (!prefs) return true;
+  if (prefs.remoteOnly && !job.remote) return false;
+  if (prefs.roleTypes && prefs.roleTypes.length > 0 && !prefs.roleTypes.includes(job.roleType)) {
+    return false;
+  }
+  if (prefs.compFloorUsd !== void 0) {
+    if (job.compMax !== void 0 && job.compMax < prefs.compFloorUsd) return false;
+  }
+  return true;
+}
+function buildReason(matchedTags) {
+  if (matchedTags.length === 0) return "No direct skill overlap found.";
+  const top = matchedTags.slice(0, 3);
+  const rest = matchedTags.length - top.length;
+  const listed = top.join(", ");
+  if (rest === 0) return `Matched on ${listed}.`;
+  return `Matched on ${listed} + ${rest} more skill${rest > 1 ? "s" : ""}.`;
+}
+function match(fp, jobs, limit = 5) {
+  const idf = computeIdf(jobs);
+  const fpTagSet = new Set(fp.skillTags);
+  const maxTagScore = fp.skillTags.reduce((acc, t) => acc + (idf.get(t) ?? 1), 0);
+  const candidates = jobs.filter((j) => passesFilters(fp, j));
+  const scored = candidates.map((job) => {
+    const jobTagSet = new Set(job.tags);
+    const matched = [];
+    let tagScore2 = 0;
+    for (const tag of fpTagSet) {
+      if (jobTagSet.has(tag)) {
+        const w = idf.get(tag) ?? 1;
+        tagScore2 += w;
+        matched.push(tag);
+      }
+    }
+    const normTagScore = maxTagScore > 0 ? tagScore2 / maxTagScore : 0;
+    matched.sort((a, b) => (idf.get(b) ?? 1) - (idf.get(a) ?? 1));
+    const sScore = seniorityScore(fp, job);
+    const rScore = recencyScore(job.postedAt);
+    const score = normTagScore * 0.6 + sScore * 0.25 + rScore * 0.15;
+    return {
+      job,
+      score: Math.round(score * 1e3) / 1e3,
+      matchedTags: matched,
+      reason: buildReason(matched)
+    };
+  });
+  return scored.sort((a, b) => b.score - a.score).slice(0, limit);
+}
+function matchOne(fp, job) {
+  const results = match(fp, [job], 1);
+  return results.length > 0 ? results[0] : null;
+}
+var SENIORITY_RANK, SENIORITY_PATTERNS;
+var init_matcher = __esm({
+  "../../packages/core/src/matcher.ts"() {
+    "use strict";
+    SENIORITY_RANK = {
+      junior: 0,
+      mid: 1,
+      senior: 2,
+      staff: 3
+    };
+    SENIORITY_PATTERNS = [
+      [/\bstaff\b|\bprincipal\b|\bdistinguished\b/i, "staff"],
+      [/\bsenior\b|\bsr\.?\b/i, "senior"],
+      [/\bjunior\b|\bjr\.?\b|\bentry[\s-]?level\b/i, "junior"],
+      [/\bmid[\s-]?level\b|\bmid\b/i, "mid"]
+    ];
+  }
+});
+
+// ../../packages/core/src/feeds/greenhouse.ts
+function tokenize(text) {
+  return text.toLowerCase().replace(/[^a-z0-9.\-+#]/g, " ").split(/\s+/).filter(Boolean);
+}
+function extractTags(job) {
+  const texts = [
+    job.title,
+    ...(job.departments ?? []).map((d) => d.name),
+    job.location?.name ?? "",
+    ...(job.offices ?? []).map((o) => o.name),
+    // mine the full HTML description for additional signal when present
+    ...job.content ? [job.content.replace(/<[^>]*>/g, " ")] : []
+  ].filter(Boolean);
+  const tokens = texts.flatMap(tokenize);
+  return normalize(tokens);
+}
+function inferRemote(location) {
+  const l = location.toLowerCase();
+  return l.includes("remote") || l.includes("anywhere") || l.includes("worldwide");
+}
+async function fetchSlug(slug) {
+  const url = `https://boards-api.greenhouse.io/v1/boards/${slug}/jobs?content=true`;
+  let res;
+  try {
+    res = await fetch(url, { headers: { Accept: "application/json" } });
+  } catch (err) {
+    console.warn(`[greenhouse] ${slug}: network error \u2014`, err);
+    return [];
+  }
+  if (!res.ok) {
+    console.warn(`[greenhouse] ${slug}: HTTP ${res.status} ${res.statusText}`);
+    return [];
+  }
+  let data;
+  try {
+    data = await res.json();
+  } catch (err) {
+    console.warn(`[greenhouse] ${slug}: JSON parse error \u2014`, err);
+    return [];
+  }
+  const jobs = data.jobs ?? [];
+  if (jobs.length === 0) {
+    console.warn(`[greenhouse] ${slug}: 0 jobs returned (board may be private or slug invalid)`);
+  } else {
+    console.info(`[greenhouse] ${slug}: ${jobs.length} jobs`);
+  }
+  return jobs.map((j) => ({
+    id: `greenhouse:${j.id}`,
+    source: "greenhouse",
+    title: j.title,
+    company: slug,
+    url: j.absolute_url,
+    remote: inferRemote(j.location?.name ?? ""),
+    location: j.location?.name,
+    tags: extractTags(j),
+    roleType: "full_time",
+    postedAt: j.updated_at,
+    applyMode: "direct",
+    raw: j
+  }));
+}
+var FALLBACK_SLUGS, greenhouse;
+var init_greenhouse = __esm({
+  "../../packages/core/src/feeds/greenhouse.ts"() {
+    "use strict";
+    init_vocabulary();
+    FALLBACK_SLUGS = [
+      "stripe",
+      "linear",
+      "vercel",
+      "ramp",
+      "notion",
+      "airbnb",
+      "anthropic",
+      "figma",
+      "discord",
+      "brex",
+      "mercury",
+      "retool",
+      "vanta",
+      "plaid",
+      "gusto",
+      "scale",
+      "databricks",
+      "coinbase",
+      "robinhood",
+      "doordash"
+    ];
+    greenhouse = {
+      source: "greenhouse",
+      async fetch(opts) {
+        const slugs = opts?.slugs && opts.slugs.length > 0 ? opts.slugs : FALLBACK_SLUGS;
+        console.info(`[greenhouse] fetching ${slugs.length} slugs: ${slugs.join(", ")}`);
+        const results = await Promise.allSettled(slugs.map(fetchSlug));
+        const jobs = [];
+        let failures = 0;
+        for (const r of results) {
+          if (r.status === "fulfilled") {
+            jobs.push(...r.value);
+          } else {
+            failures++;
+            console.warn(`[greenhouse] slug fetch rejected:`, r.reason);
+          }
+        }
+        console.info(`[greenhouse] total: ${jobs.length} jobs, ${failures} slug failures`);
+        return jobs;
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/feeds/ashby.ts
+function tokenize2(text) {
+  return text.toLowerCase().replace(/[^a-z0-9.\-+#]/g, " ").split(/\s+/).filter(Boolean);
+}
+function extractTags2(job) {
+  const texts = [
+    job.title,
+    job.teamName ?? "",
+    job.locationName ?? "",
+    ...(job.secondaryLocations ?? []).map((l) => l.locationName ?? "")
+  ];
+  return normalize(texts.flatMap(tokenize2));
+}
+function mapEmploymentType(raw) {
+  if (!raw) return "full_time";
+  const lower = raw.toLowerCase();
+  if (lower.includes("contract") || lower.includes("contractor")) return "contract";
+  if (lower.includes("freelance")) return "freelance";
+  return "full_time";
+}
+function inferRemote2(job) {
+  if (job.isRemote === true) return true;
+  const loc = (job.locationName ?? "").toLowerCase();
+  return loc.includes("remote") || loc.includes("anywhere");
+}
+async function fetchSlug2(slug) {
+  const url = `https://api.ashbyhq.com/posting-api/job-board/${slug}`;
+  const res = await fetch(url, {
+    headers: { Accept: "application/json" }
+  });
+  if (!res.ok) {
+    throw new Error(`Ashby ${slug}: HTTP ${res.status}`);
+  }
+  const data = await res.json();
+  return (data.jobs ?? []).map((j) => {
+    const comp = j.compensation;
+    return {
+      id: `ashby:${j.id}`,
+      source: "ashby",
+      title: j.title,
+      company: slug,
+      url: j.applyUrl ?? `https://jobs.ashbyhq.com/${slug}/${j.id}`,
+      remote: inferRemote2(j),
+      location: j.locationName,
+      compMin: comp?.minValue,
+      compMax: comp?.maxValue,
+      tags: extractTags2(j),
+      roleType: mapEmploymentType(j.employmentType),
+      postedAt: j.publishedDate,
+      applyMode: "direct",
+      raw: j
+    };
+  });
+}
+var ashby;
+var init_ashby = __esm({
+  "../../packages/core/src/feeds/ashby.ts"() {
+    "use strict";
+    init_vocabulary();
+    ashby = {
+      source: "ashby",
+      async fetch(opts) {
+        const slugs = opts?.slugs ?? [];
+        const results = await Promise.allSettled(slugs.map(fetchSlug2));
+        const jobs = [];
+        for (const r of results) {
+          if (r.status === "fulfilled") jobs.push(...r.value);
+        }
+        return jobs;
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/feeds/himalayas.ts
+function tokenize3(text) {
+  return text.toLowerCase().replace(/[^a-z0-9.\-+#]/g, " ").split(/\s+/).filter(Boolean);
+}
+function extractTags3(job) {
+  const texts = [
+    job.title,
+    ...job.tags ?? []
+  ];
+  return normalize(texts.flatMap(tokenize3));
+}
+function mapJobType(raw) {
+  if (!raw) return "full_time";
+  const lower = raw.toLowerCase();
+  if (lower.includes("contract")) return "contract";
+  if (lower.includes("freelance")) return "freelance";
+  return "full_time";
+}
+function buildUrl(job) {
+  if (job.applicationUrl) return job.applicationUrl;
+  if (job.url) return job.url;
+  const slug = job.slug ?? job.id ?? "unknown";
+  return `https://himalayas.app/jobs/${slug}`;
+}
+function buildId(job) {
+  return `himalayas:${job.id ?? job.slug ?? job.title}`;
+}
+var himalayas;
+var init_himalayas = __esm({
+  "../../packages/core/src/feeds/himalayas.ts"() {
+    "use strict";
+    init_vocabulary();
+    himalayas = {
+      source: "himalayas",
+      async fetch(opts) {
+        const limit = opts?.limit ?? 100;
+        const url = `https://himalayas.app/jobs/api?limit=${limit}`;
+        const res = await fetch(url, {
+          headers: { Accept: "application/json" }
+        });
+        if (!res.ok) {
+          throw new Error(`Himalayas: HTTP ${res.status}`);
+        }
+        const data = await res.json();
+        return (data.jobs ?? []).map((j) => ({
+          id: buildId(j),
+          source: "himalayas",
+          title: j.title,
+          company: j.companyName ?? j.companySlug ?? "unknown",
+          url: buildUrl(j),
+          // Himalayas is a remote-only board
+          remote: true,
+          location: (j.locationRestrictions ?? []).join(", ") || "Remote",
+          compMin: j.salaryMin,
+          compMax: j.salaryMax,
+          tags: extractTags3(j),
+          roleType: mapJobType(j.jobType),
+          postedAt: j.pubDate ?? j.createdAt,
+          applyMode: "direct",
+          raw: j
+        }));
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/feeds/wwr.ts
+function tokenize4(text) {
+  return text.toLowerCase().replace(/[^a-z0-9.\-+#]/g, " ").split(/\s+/).filter(Boolean);
+}
+function stripHtml(html) {
+  return html.replace(/<[^>]*>/g, " ").replace(/\s+/g, " ").trim();
+}
+function inferRoleType(category) {
+  const lower = category.toLowerCase();
+  if (lower.includes("contract")) return "contract";
+  if (lower.includes("freelance")) return "freelance";
+  return "full_time";
+}
+function extractId(link) {
+  const match2 = link.match(/\/opening\/([^/\s]+)/);
+  return `wwr:${match2?.[1] ?? encodeURIComponent(link)}`;
+}
+function parseRss(xml) {
+  const items = [];
+  const itemBlocks = xml.match(/<item>([\s\S]*?)<\/item>/g) ?? [];
+  for (const block of itemBlocks) {
+    const get = (tag) => {
+      const cdataMatch = block.match(new RegExp(`<${tag}[^>]*><!\\[CDATA\\[([\\s\\S]*?)\\]\\]><\\/${tag}>`, "i"));
+      if (cdataMatch) return cdataMatch[1].trim();
+      const plainMatch = block.match(new RegExp(`<${tag}[^>]*>([\\s\\S]*?)<\\/${tag}>`, "i"));
+      return plainMatch?.[1].trim() ?? "";
+    };
+    const rawTitle = get("title");
+    const colonIdx = rawTitle.indexOf(":");
+    const company = colonIdx !== -1 ? rawTitle.slice(0, colonIdx).trim() : "Unknown";
+    const titleAfterColon = colonIdx !== -1 ? rawTitle.slice(colonIdx + 1).trim() : rawTitle;
+    const title = titleAfterColon.replace(/\s*\([^)]*\)\s*$/, "").trim();
+    items.push({
+      title,
+      link: get("link") || get("guid"),
+      pubDate: get("pubDate"),
+      category: get("category"),
+      description: get("description"),
+      company
+    });
+  }
+  return items;
+}
+function extractTags4(item) {
+  const text = [item.title, item.category, stripHtml(item.description)].join(" ");
+  return normalize(tokenize4(text));
+}
+var WWR_RSS_URL, wwr;
+var init_wwr = __esm({
+  "../../packages/core/src/feeds/wwr.ts"() {
+    "use strict";
+    init_vocabulary();
+    WWR_RSS_URL = "https://weworkremotely.com/remote-jobs.rss";
+    wwr = {
+      source: "wwr",
+      async fetch(opts) {
+        const limit = opts?.limit ?? 200;
+        const res = await fetch(WWR_RSS_URL, {
+          headers: { Accept: "application/rss+xml, application/xml, text/xml" }
+        });
+        if (!res.ok) {
+          throw new Error(`WWR RSS: HTTP ${res.status}`);
+        }
+        const xml = await res.text();
+        const items = parseRss(xml).slice(0, limit);
+        return items.map((item) => ({
+          id: extractId(item.link),
+          source: "wwr",
+          title: item.title,
+          company: item.company,
+          url: item.link,
+          // WWR is a remote-only board
+          remote: true,
+          location: "Remote",
+          tags: extractTags4(item),
+          roleType: inferRoleType(item.category),
+          postedAt: item.pubDate ? new Date(item.pubDate).toISOString() : void 0,
+          applyMode: "direct",
+          raw: item
+        }));
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/feeds/hn.ts
+function tokenize5(text) {
+  return text.toLowerCase().replace(/[^a-z0-9.\-+#]/g, " ").split(/\s+/).filter(Boolean);
+}
+function stripHtml2(html) {
+  return html.replace(/<p>/gi, " ").replace(/<[^>]*>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#x27;/g, "'").replace(/\s+/g, " ").trim();
+}
+function extractUrl(text) {
+  const match2 = text.match(/https?:\/\/[^\s<>"']+/);
+  return match2?.[0] ?? "";
+}
+function inferRemote3(text) {
+  const lower = text.toLowerCase();
+  return lower.includes("remote") || lower.includes("anywhere") || lower.includes("distributed");
+}
+function inferRoleType2(text) {
+  const lower = text.toLowerCase();
+  if (lower.includes("contract") || lower.includes("contractor")) return "contract";
+  if (lower.includes("freelance")) return "freelance";
+  return "full_time";
+}
+function parseComment(item) {
+  if (!item.text || item.text.trim().length < 20) return null;
+  const raw = stripHtml2(item.text);
+  if (!raw) return null;
+  const firstLine = raw.split(/\n/)[0];
+  const parts = firstLine.split("|").map((s) => s.trim());
+  const company = parts[0] ?? "Unknown";
+  const title = parts[1] ?? firstLine.slice(0, 80).trim();
+  const location = parts[2] ?? "";
+  if (company.toLowerCase().startsWith("note:") || company.toLowerCase().startsWith("ps:") || title.length < 3) {
+    return null;
+  }
+  const url = extractUrl(raw) || `https://news.ycombinator.com/item?id=${item.id}`;
+  const tags = extractTags5(raw);
+  if (tags.length === 0) return null;
+  return {
+    id: `hn:${item.id}`,
+    source: "hn",
+    title: title.slice(0, 120),
+    company: company.slice(0, 80),
+    url,
+    remote: inferRemote3(raw),
+    location: location || void 0,
+    tags,
+    roleType: inferRoleType2(raw),
+    postedAt: item.created_at,
+    applyMode: "direct",
+    raw: item
+  };
+}
+function extractTags5(text) {
+  return normalize(tokenize5(text));
+}
+var ALGOLIA_SEARCH, ALGOLIA_ITEMS, hn;
+var init_hn = __esm({
+  "../../packages/core/src/feeds/hn.ts"() {
+    "use strict";
+    init_vocabulary();
+    ALGOLIA_SEARCH = "https://hn.algolia.com/api/v1/search?query=Ask+HN%3A+Who+is+Hiring%3F&tags=story,ask_hn&hitsPerPage=1";
+    ALGOLIA_ITEMS = "https://hn.algolia.com/api/v1/items/";
+    hn = {
+      source: "hn",
+      async fetch(opts) {
+        const limit = opts?.limit ?? 150;
+        const searchRes = await fetch(ALGOLIA_SEARCH, {
+          headers: { Accept: "application/json" }
+        });
+        if (!searchRes.ok) {
+          throw new Error(`HN Algolia search: HTTP ${searchRes.status}`);
+        }
+        const searchData = await searchRes.json();
+        const story = searchData.hits[0];
+        if (!story) {
+          throw new Error('HN: No "Who is Hiring" story found');
+        }
+        const itemRes = await fetch(`${ALGOLIA_ITEMS}${story.objectID}`, {
+          headers: { Accept: "application/json" }
+        });
+        if (!itemRes.ok) {
+          throw new Error(`HN Algolia item ${story.objectID}: HTTP ${itemRes.status}`);
+        }
+        const storyItem = await itemRes.json();
+        const comments = storyItem.children ?? [];
+        const jobs = [];
+        for (const comment of comments.slice(0, limit)) {
+          const job = parseComment(comment);
+          if (job) jobs.push(job);
+        }
+        return jobs;
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/feeds/index.ts
+async function aggregate(opts) {
+  const ghSlugs = opts?.slugs?.["greenhouse"] ?? DEFAULT_GREENHOUSE_SLUGS;
+  const ashbySlugs = opts?.slugs?.["ashby"] ?? DEFAULT_ASHBY_SLUGS;
+  const limit = opts?.limit ?? 150;
+  const settled = await Promise.allSettled([
+    greenhouse.fetch({ slugs: ghSlugs, limit }),
+    ashby.fetch({ slugs: ashbySlugs, limit }),
+    himalayas.fetch({ limit }),
+    wwr.fetch({ limit }),
+    hn.fetch({ limit })
+  ]);
+  const seen = /* @__PURE__ */ new Set();
+  const jobs = [];
+  const sourceNames = ["greenhouse", "ashby", "himalayas", "wwr", "hn"];
+  for (let i = 0; i < settled.length; i++) {
+    const result = settled[i];
+    if (result.status === "rejected") {
+      console.warn(`[feeds] ${sourceNames[i]} failed:`, result.reason);
+      continue;
+    }
+    for (const job of result.value) {
+      if (!seen.has(job.id)) {
+        seen.add(job.id);
+        jobs.push(job);
+      }
+    }
+  }
+  return jobs;
+}
+var FEEDS, DEFAULT_GREENHOUSE_SLUGS, DEFAULT_ASHBY_SLUGS;
+var init_feeds = __esm({
+  "../../packages/core/src/feeds/index.ts"() {
+    "use strict";
+    init_greenhouse();
+    init_ashby();
+    init_himalayas();
+    init_wwr();
+    init_hn();
+    FEEDS = [greenhouse, ashby, himalayas, wwr, hn];
+    DEFAULT_GREENHOUSE_SLUGS = [
+      "stripe",
+      "linear",
+      "vercel",
+      "ramp",
+      "notion",
+      "airbnb",
+      "anthropic",
+      "figma",
+      "discord",
+      "brex",
+      "mercury",
+      "retool",
+      "vanta",
+      "plaid",
+      "gusto",
+      "scale",
+      "databricks",
+      "coinbase",
+      "robinhood",
+      "doordash"
+    ];
+    DEFAULT_ASHBY_SLUGS = [
+      "ramp",
+      "notion",
+      "linear",
+      "vercel",
+      "replit",
+      "posthog"
+    ];
+  }
+});
+
+// ../../packages/core/src/coastal.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
+import { fileURLToPath } from "url";
+function resolveDataPath() {
+  try {
+    const dir = fileURLToPath(new URL("../../../data", import.meta.url));
+    return join2(dir, "coastal-roles.json");
+  } catch {
+    return join2(process.cwd(), "data", "coastal-roles.json");
+  }
+}
+function loadCoastalRoles() {
+  const filePath = resolveDataPath();
+  try {
+    const raw = readFileSync2(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) {
+      console.warn("[coastal] coastal-roles.json is not an array \u2014 skipping");
+      return [];
+    }
+    const valid = [];
+    for (const entry of parsed) {
+      if (typeof entry === "object" && entry !== null && typeof entry.id === "string" && entry.applyMode === "buyer-lead" && entry.buyer === "coastal") {
+        valid.push(entry);
+      } else {
+        console.warn("[coastal] Skipping malformed role entry:", entry);
+      }
+    }
+    return valid;
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      console.warn(`[coastal] data/coastal-roles.json not found at ${filePath} \u2014 no Coastal roles loaded`);
+    } else {
+      console.warn("[coastal] Failed to load coastal-roles.json:", err);
+    }
+    return [];
+  }
+}
+var COASTAL_BUYER;
+var init_coastal = __esm({
+  "../../packages/core/src/coastal.ts"() {
+    "use strict";
+    COASTAL_BUYER = {
+      id: "coastal",
+      legalName: "Coastal Recruiting LLC",
+      matchCriteria: {
+        roleTypes: ["full_time"]
+      }
+    };
+  }
+});
+
+// ../../packages/core/src/indexer.ts
+async function buildIndex(opts) {
+  const includeCoastal = opts?.includeCoastal ?? true;
+  const publicJobs = await aggregate(opts);
+  const allJobs = [...publicJobs];
+  if (includeCoastal) {
+    const coastalJobs = loadCoastalRoles();
+    const seen = new Set(publicJobs.map((j) => j.id));
+    for (const job of coastalJobs) {
+      if (!seen.has(job.id)) {
+        seen.add(job.id);
+        allJobs.push(job);
+      }
+    }
+  }
+  const jobs = allJobs.map(({ raw: _raw, ...rest }) => rest);
+  return {
+    builtAt: (/* @__PURE__ */ new Date()).toISOString(),
+    jobs
+  };
+}
+var init_indexer = __esm({
+  "../../packages/core/src/indexer.ts"() {
+    "use strict";
+    init_feeds();
+    init_coastal();
+  }
+});
+
+// ../../packages/core/src/github.ts
+function ghHeaders(token) {
+  const headers = {
+    Accept: "application/vnd.github+json",
+    "X-GitHub-Api-Version": "2022-11-28"
+  };
+  if (token) headers["Authorization"] = `Bearer ${token}`;
+  return headers;
+}
+async function ghFetch(path, token) {
+  const url = `https://api.github.com${path}`;
+  const res = await fetch(url, { headers: ghHeaders(token) });
+  if (!res.ok) {
+    throw new Error(`GitHub API ${path}: HTTP ${res.status} ${res.statusText}`);
+  }
+  return res.json();
+}
+async function fetchGitHubProfile(login, token) {
+  const user = await ghFetch(`/users/${login}`, token);
+  let repos = [];
+  try {
+    repos = await ghFetch(
+      `/users/${login}/repos?sort=pushed&per_page=100`,
+      token
+    );
+  } catch (err) {
+    console.warn(`[github] ${login}: repos fetch failed, continuing \u2014`, err);
+  }
+  const langCount = {};
+  for (const repo of repos) {
+    if (repo.fork) continue;
+    if (repo.language) {
+      langCount[repo.language.toLowerCase()] = (langCount[repo.language.toLowerCase()] ?? 0) + 1;
+    }
+  }
+  const topLanguages = Object.entries(langCount).sort(([, a], [, b]) => b - a).slice(0, 10).map(([lang]) => lang);
+  const topicSet = /* @__PURE__ */ new Set();
+  for (const repo of repos) {
+    if (repo.fork) continue;
+    for (const t of repo.topics ?? []) topicSet.add(t.toLowerCase());
+  }
+  const topics = Array.from(topicSet).slice(0, 30);
+  let recentPRorgs;
+  try {
+    const q = encodeURIComponent(
+      `type:pr is:merged author:${login} sort:updated`
+    );
+    const result = await ghFetch(
+      `/search/issues?q=${q}&per_page=30`,
+      token
+    );
+    const orgs = /* @__PURE__ */ new Set();
+    for (const item of result.items ?? []) {
+      const orgLogin = item.repository?.owner?.login;
+      if (orgLogin && orgLogin !== login) orgs.add(orgLogin);
+    }
+    if (orgs.size > 0) recentPRorgs = Array.from(orgs);
+  } catch {
+  }
+  return {
+    login: user.login,
+    name: user.name ?? void 0,
+    publicEmail: user.email ?? void 0,
+    avatarUrl: user.avatar_url,
+    accountCreatedAt: user.created_at,
+    publicRepos: user.public_repos,
+    followers: user.followers,
+    topLanguages,
+    topics,
+    recentPRorgs
+  };
+}
+function inferSeniority2(p) {
+  const ageMs = Date.now() - new Date(p.accountCreatedAt).getTime();
+  const ageYears = ageMs / (1e3 * 60 * 60 * 24 * 365.25);
+  if (ageYears >= 9 && (p.publicRepos >= 40 || p.followers >= 500)) return "staff";
+  if (ageYears >= 5 && (p.publicRepos >= 20 || p.followers >= 100)) return "senior";
+  if (ageYears >= 2 && p.publicRepos >= 5) return "mid";
+  if (ageYears < 2 || p.publicRepos < 5) return "junior";
+  return void 0;
+}
+function githubToFingerprint(p) {
+  const rawTokens = [
+    ...p.topLanguages,
+    ...p.topics
+    // recentPRorgs intentionally excluded — org names are not skill tags
+  ];
+  const skillTags = normalize(rawTokens);
+  const seniorityBand = inferSeniority2(p);
+  return { skillTags, seniorityBand };
+}
+var init_github = __esm({
+  "../../packages/core/src/github.ts"() {
+    "use strict";
+    init_vocabulary();
+  }
+});
+
+// ../../packages/core/src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  COASTAL_BUYER: () => COASTAL_BUYER,
+  DEFAULT_ASHBY_SLUGS: () => DEFAULT_ASHBY_SLUGS,
+  DEFAULT_GREENHOUSE_SLUGS: () => DEFAULT_GREENHOUSE_SLUGS,
+  FEEDS: () => FEEDS,
+  SYNONYMS: () => SYNONYMS,
+  VOCABULARY: () => VOCABULARY,
+  aggregate: () => aggregate,
+  ashby: () => ashby,
+  buildIndex: () => buildIndex,
+  buildReason: () => buildReason,
+  fetchGitHubProfile: () => fetchGitHubProfile,
+  githubToFingerprint: () => githubToFingerprint,
+  greenhouse: () => greenhouse,
+  himalayas: () => himalayas,
+  hn: () => hn,
+  loadCoastalRoles: () => loadCoastalRoles,
+  match: () => match,
+  matchOne: () => matchOne,
+  normalize: () => normalize,
+  wwr: () => wwr
+});
+var init_src = __esm({
+  "../../packages/core/src/index.ts"() {
+    "use strict";
+    init_types();
+    init_vocabulary();
+    init_matcher();
+    init_feeds();
+    init_indexer();
+    init_coastal();
+    init_github();
+  }
+});
+
+// src/profile.ts
+var profile_exports = {};
+__export(profile_exports, {
+  accumulateGitHubTags: () => accumulateGitHubTags,
+  accumulateSession: () => accumulateSession,
+  accumulateTags: () => accumulateTags,
+  deleteProfile: () => deleteProfile,
+  profileToFingerprint: () => profileToFingerprint,
+  readProfile: () => readProfile,
+  writeProfile: () => writeProfile
+});
+import {
+  createCipheriv as createCipheriv2,
+  createDecipheriv as createDecipheriv2,
+  randomBytes as randomBytes2
+} from "crypto";
+import {
+  readFileSync as readFileSync3,
+  writeFileSync as writeFileSync2,
+  mkdirSync as mkdirSync2,
+  existsSync as existsSync2
+} from "fs";
+import { join as join3 } from "path";
+import { homedir as homedir2 } from "os";
+async function loadKey2() {
+  try {
+    const kt = await import("keytar");
+    const stored = await kt.getPassword("terminalhire", "profile-key");
+    if (stored) {
+      return Buffer.from(stored, "hex");
+    }
+    const key2 = randomBytes2(KEY_BYTES2);
+    await kt.setPassword("terminalhire", "profile-key", key2.toString("hex"));
+    return key2;
+  } catch {
+  }
+  mkdirSync2(TERMINALHIRE_DIR2, { recursive: true });
+  if (existsSync2(KEY_FILE2)) {
+    return Buffer.from(readFileSync3(KEY_FILE2, "utf8").trim(), "hex");
+  }
+  const key = randomBytes2(KEY_BYTES2);
+  writeFileSync2(KEY_FILE2, key.toString("hex"), { mode: 384, encoding: "utf8" });
+  return key;
+}
+function encrypt2(plaintext, key) {
+  const iv = randomBytes2(IV_BYTES2);
+  const cipher = createCipheriv2(ALGO2, key, iv);
+  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("hex"),
+    tag: tag.toString("hex"),
+    ciphertext: ct.toString("hex")
+  };
+}
+function decrypt2(blob, key) {
+  const decipher = createDecipheriv2(
+    ALGO2,
+    key,
+    Buffer.from(blob.iv, "hex")
+  );
+  decipher.setAuthTag(Buffer.from(blob.tag, "hex"));
+  const plain = Buffer.concat([
+    decipher.update(Buffer.from(blob.ciphertext, "hex")),
+    decipher.final()
+  ]);
+  return plain.toString("utf8");
+}
+function blankProfile() {
+  return {
+    version: 3,
+    skillTags: [],
+    tagWeights: {},
+    hasEmployerSessions: false,
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function recencyDecay(lastSeen) {
+  const ageMs = Date.now() - new Date(lastSeen).getTime();
+  return Math.pow(0.5, ageMs / DECAY_HALF_LIFE_MS);
+}
+function tagScore(w) {
+  return w.count * recencyDecay(w.lastSeen);
+}
+function deriveSkillTags(tagWeights) {
+  return Object.entries(tagWeights).filter(([, w]) => w.count >= 1).sort(([, a], [, b]) => tagScore(b) - tagScore(a)).map(([tag]) => tag);
+}
+function migrateTagWeights(profile) {
+  if (!profile.tagWeights) {
+    profile.tagWeights = {};
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  for (const tag of profile.skillTags) {
+    if (!profile.tagWeights[tag]) {
+      profile.tagWeights[tag] = { count: 1, firstSeen: now, lastSeen: now, sessions: 1 };
+    }
+  }
+}
+async function readProfile() {
+  if (!existsSync2(PROFILE_FILE)) return blankProfile();
+  try {
+    const key = await loadKey2();
+    const raw = readFileSync3(PROFILE_FILE, "utf8");
+    const blob = JSON.parse(raw);
+    const plaintext = decrypt2(blob, key);
+    const parsed = JSON.parse(plaintext);
+    migrateTagWeights(parsed);
+    return parsed;
+  } catch {
+    return blankProfile();
+  }
+}
+async function writeProfile(profile) {
+  mkdirSync2(TERMINALHIRE_DIR2, { recursive: true });
+  const key = await loadKey2();
+  profile.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+  profile.skillTags = deriveSkillTags(profile.tagWeights);
+  const blob = encrypt2(JSON.stringify(profile), key);
+  writeFileSync2(PROFILE_FILE, JSON.stringify(blob, null, 2), { encoding: "utf8" });
+}
+function accumulateSession(profile, tags, isEmployerContext, inferredSeniority) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  let filtered = normalize(tags);
+  if (isEmployerContext) {
+    filtered = filtered.filter((t) => LANGUAGE_TAGS.has(t));
+    profile.hasEmployerSessions = true;
+  }
+  for (const tag of filtered) {
+    const existing = profile.tagWeights[tag];
+    if (existing) {
+      existing.count += 1;
+      existing.sessions += 1;
+      existing.lastSeen = now;
+    } else {
+      profile.tagWeights[tag] = { count: 1, firstSeen: now, lastSeen: now, sessions: 1 };
+    }
+  }
+  if (inferredSeniority && !isEmployerContext) {
+    profile.seniority = inferredSeniority;
+  }
+}
+async function accumulateTags(rawTokens, isEmployerContext, inferredSeniority) {
+  const profile = await readProfile();
+  accumulateSession(profile, rawTokens, isEmployerContext, inferredSeniority);
+  await writeProfile(profile);
+}
+function accumulateGitHubTags(profile, tags) {
+  accumulateSession(
+    profile,
+    tags,
+    /* isEmployerContext */
+    false
+  );
+}
+async function deleteProfile() {
+  const { rmSync: rmSync2 } = await import("fs");
+  try {
+    rmSync2(PROFILE_FILE);
+  } catch {
+  }
+  try {
+    rmSync2(KEY_FILE2);
+  } catch {
+  }
+}
+function profileToFingerprint(profile) {
+  const rankedTags = Object.entries(profile.tagWeights).map(([tag, w]) => ({ tag, score: tagScore(w) })).filter(({ score }) => score >= MIN_FINGERPRINT_SCORE).sort((a, b) => b.score - a.score).map(({ tag }) => tag);
+  const skillTags = rankedTags.length > 0 ? rankedTags : profile.skillTags;
+  return {
+    skillTags,
+    seniorityBand: profile.seniority,
+    prefs: {
+      roleTypes: profile.roleTypes,
+      remoteOnly: profile.remoteOnly,
+      compFloorUsd: profile.compFloorUsd
+    }
+  };
+}
+var TERMINALHIRE_DIR2, PROFILE_FILE, KEY_FILE2, ALGO2, KEY_BYTES2, IV_BYTES2, DECAY_HALF_LIFE_MS, LANGUAGE_TAGS, MIN_FINGERPRINT_SCORE;
+var init_profile = __esm({
+  "src/profile.ts"() {
+    "use strict";
+    init_src();
+    TERMINALHIRE_DIR2 = join3(homedir2(), ".terminalhire");
+    PROFILE_FILE = join3(TERMINALHIRE_DIR2, "profile.enc");
+    KEY_FILE2 = join3(TERMINALHIRE_DIR2, "key");
+    ALGO2 = "aes-256-gcm";
+    KEY_BYTES2 = 32;
+    IV_BYTES2 = 12;
+    DECAY_HALF_LIFE_MS = 30 * 24 * 60 * 60 * 1e3;
+    LANGUAGE_TAGS = /* @__PURE__ */ new Set([
+      "typescript",
+      "javascript",
+      "python",
+      "go",
+      "rust",
+      "java",
+      "ruby",
+      "elixir",
+      "scala",
+      "kotlin",
+      "swift",
+      "cpp",
+      "csharp",
+      "php",
+      "haskell",
+      "clojure",
+      "r"
+    ]);
+    MIN_FINGERPRINT_SCORE = 0.05;
+  }
+});
+
+// bin/jpi-login.js
+async function run() {
+  const subcommand = process.argv[2];
+  if (subcommand === "logout") {
+    await runLogout();
+  } else {
+    await runLogin();
+  }
+}
+async function runLogin() {
+  const { runDeviceFlow: runDeviceFlow2, readGitHubToken: readGitHubToken2 } = await Promise.resolve().then(() => (init_github_auth(), github_auth_exports));
+  const { fetchGitHubProfile: fetchGitHubProfile2, githubToFingerprint: githubToFingerprint2 } = await Promise.resolve().then(() => (init_src(), src_exports));
+  const { readProfile: readProfile2, writeProfile: writeProfile2, accumulateGitHubTags: accumulateGitHubTags2 } = await Promise.resolve().then(() => (init_profile(), profile_exports));
+  console.log("");
+  console.log("  terminalhire \u2014 Sign in with GitHub");
+  console.log("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  console.log("  Scope: read:user  (public profile + public repos only)");
+  console.log("  Your token is encrypted and stored at ~/.terminalhire/github-token.enc");
+  console.log("  GitHub data enriches your LOCAL profile \u2014 no data leaves your machine.");
+  console.log("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  try {
+    const login = await runDeviceFlow2();
+    const token = await readGitHubToken2();
+    if (!token) throw new Error("Token was not stored after device flow \u2014 unexpected.");
+    console.log(`
+  Fetching public profile for @${login}...`);
+    let ghProfile;
+    if (process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["TERMINALHIRE_GITHUB_MOCK"] === "1" || process.env["JPI_GITHUB_MOCK"] === "1") {
+      const { createRequire } = await import("module");
+      const { fileURLToPath: fileURLToPath2 } = await import("url");
+      const { join: join4, dirname } = await import("path");
+      const __dirname = fileURLToPath2(new URL(".", import.meta.url));
+      const fixturePath = join4(__dirname, "../../fixtures/github-sample.json");
+      const { readFileSync: readFileSync4 } = await import("fs");
+      ghProfile = JSON.parse(readFileSync4(fixturePath, "utf8"));
+    } else {
+      ghProfile = await fetchGitHubProfile2(login, token);
+    }
+    const fragment = githubToFingerprint2(ghProfile);
+    const profile = await readProfile2();
+    accumulateGitHubTags2(profile, fragment.skillTags);
+    if (fragment.seniorityBand && !profile.seniority) {
+      profile.seniority = fragment.seniorityBand;
+    }
+    if (!profile.displayName && ghProfile.name) {
+      profile.displayName = ghProfile.name;
+    }
+    if (!profile.contactEmail && ghProfile.publicEmail) {
+      profile.contactEmail = ghProfile.publicEmail;
+    }
+    profile.github = {
+      login: ghProfile.login,
+      profileUrl: `https://github.com/${ghProfile.login}`,
+      topLanguages: ghProfile.topLanguages.slice(0, 5),
+      publicRepos: ghProfile.publicRepos
+    };
+    await writeProfile2(profile);
+    console.log("");
+    console.log("  GitHub profile merged into local encrypted profile:");
+    console.log(`    Login:         @${ghProfile.login}`);
+    if (ghProfile.name) {
+      console.log(`    Name:          ${ghProfile.name}`);
+    }
+    console.log(`    Public repos:  ${ghProfile.publicRepos}`);
+    console.log(`    Top languages: ${ghProfile.topLanguages.slice(0, 5).join(", ")}`);
+    if (fragment.seniorityBand) {
+      console.log(`    Seniority est: ${fragment.seniorityBand}`);
+    }
+    console.log(`    Skill tags:    ${fragment.skillTags.join(", ")}`);
+    if (fragment.skillTags.length === 0) {
+      console.log("    (No matching vocabulary tags found in public repos/topics)");
+    }
+    console.log("");
+    console.log("  Profile updated at ~/.terminalhire/profile.enc (encrypted at rest)");
+    console.log("  GitHub data stays on your machine unless you consent to share it in a lead.");
+    console.log("");
+    console.log("  Run `terminalhire jobs` to see matching roles using your enriched profile.");
+    console.log("");
+  } catch (err) {
+    console.error("\n  Login error:", err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+}
+async function runLogout() {
+  const { deleteGitHubToken: deleteGitHubToken2, hasGitHubToken: hasGitHubToken2 } = await Promise.resolve().then(() => (init_github_auth(), github_auth_exports));
+  const { readProfile: readProfile2, writeProfile: writeProfile2 } = await Promise.resolve().then(() => (init_profile(), profile_exports));
+  const hasToken = await hasGitHubToken2();
+  if (!hasToken) {
+    console.log("\n  No GitHub token stored \u2014 nothing to remove.\n");
+    process.exit(0);
+  }
+  await deleteGitHubToken2();
+  const profile = await readProfile2();
+  if (profile.github) {
+    delete profile.github;
+    await writeProfile2(profile);
+    console.log("\n  GitHub identity cleared from local profile.");
+  }
+  console.log("  GitHub token deleted from ~/.terminalhire/github-token.enc");
+  console.log("  Skill tags accumulated from GitHub remain in your profile.");
+  console.log("  To also delete those: terminalhire profile --delete\n");
+}
+export {
+  run
+};