toolcraft-openapi 0.0.1

package/node_modules/@poe-code/design-system/dist/tokens/colors.js

@@ -0,0 +1,34 @@
+import chalk from "chalk";
+export const brand = "#a200ff";
+export const dark = {
+    header: (text) => chalk.magentaBright.bold(text),
+    divider: (text) => chalk.dim(text),
+    prompt: (text) => chalk.cyan(text),
+    number: (text) => chalk.cyanBright(text),
+    intro: (text) => chalk.bgMagenta.white(` Poe - ${text} `),
+    resolvedSymbol: chalk.magenta("◇"),
+    errorSymbol: chalk.red("■"),
+    accent: (text) => chalk.cyan(text),
+    muted: (text) => chalk.dim(text),
+    success: (text) => chalk.green(text),
+    warning: (text) => chalk.yellow(text),
+    error: (text) => chalk.red(text),
+    info: (text) => chalk.magenta(text),
+    badge: (text) => chalk.bgYellow.black(` ${text} `)
+};
+export const light = {
+    header: (text) => chalk.hex("#a200ff").bold(text),
+    divider: (text) => chalk.hex("#666666")(text),
+    prompt: (text) => chalk.hex("#006699").bold(text),
+    number: (text) => chalk.hex("#0077cc").bold(text),
+    intro: (text) => chalk.bgHex("#a200ff").white(` Poe - ${text} `),
+    resolvedSymbol: chalk.hex("#a200ff")("◇"),
+    errorSymbol: chalk.hex("#cc0000")("■"),
+    accent: (text) => chalk.hex("#006699").bold(text),
+    muted: (text) => chalk.hex("#666666")(text),
+    success: (text) => chalk.hex("#008800")(text),
+    warning: (text) => chalk.hex("#cc6600")(text),
+    error: (text) => chalk.hex("#cc0000")(text),
+    info: (text) => chalk.hex("#a200ff")(text),
+    badge: (text) => chalk.bgHex("#cc6600").white(` ${text} `)
+};

package/node_modules/@poe-code/design-system/dist/tokens/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./colors.js";
+export { spacing } from "./spacing.js";
+export { typography } from "./typography.js";
+export { widths } from "./widths.js";

package/node_modules/@poe-code/design-system/dist/tokens/index.js

@@ -0,0 +1,4 @@
+export * from "./colors.js";
+export { spacing } from "./spacing.js";
+export { typography } from "./typography.js";
+export { widths } from "./widths.js";

package/node_modules/@poe-code/design-system/dist/tokens/spacing.d.ts

@@ -0,0 +1,6 @@
+export declare const spacing: {
+    readonly sm: 1;
+    readonly md: 2;
+    readonly lg: 4;
+    readonly xl: 8;
+};

package/node_modules/@poe-code/design-system/dist/tokens/spacing.js

@@ -0,0 +1,6 @@
+export const spacing = {
+    sm: 1,
+    md: 2,
+    lg: 4,
+    xl: 8
+};

package/node_modules/@poe-code/design-system/dist/tokens/typography.d.ts

@@ -0,0 +1,7 @@
+export declare const typography: {
+    readonly bold: (text: string) => string;
+    readonly dim: (text: string) => string;
+    readonly italic: (text: string) => string;
+    readonly underline: (text: string) => string;
+    readonly strikethrough: (text: string) => string;
+};

package/node_modules/@poe-code/design-system/dist/tokens/typography.js

@@ -0,0 +1,8 @@
+import chalk from "chalk";
+export const typography = {
+    bold: (text) => chalk.bold(text),
+    dim: (text) => chalk.dim(text),
+    italic: (text) => chalk.italic(text),
+    underline: (text) => chalk.underline(text),
+    strikethrough: (text) => chalk.strikethrough(text)
+};

package/node_modules/@poe-code/design-system/dist/tokens/widths.d.ts

@@ -0,0 +1,5 @@
+export declare const widths: {
+    readonly header: 60;
+    readonly helpColumn: 24;
+    readonly maxLine: 80;
+};

package/node_modules/@poe-code/design-system/dist/tokens/widths.js

@@ -0,0 +1,5 @@
+export const widths = {
+    header: 60,
+    helpColumn: 24,
+    maxLine: 80
+};

package/node_modules/@poe-code/design-system/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@poe-code/design-system",
+  "version": "0.0.1",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "lint": "cd ../.. && eslint packages/design-system --ext ts && tsc -p packages/design-system/tsconfig.json --noEmit",
+    "test": "cd ../.. && vitest run $(rg --files packages/design-system/src -g '*.test.ts' | sort | tr '\\n' ' ')",
+    "demo": "tsx scripts/demo.ts",
+    "generate:docs": "tsx scripts/generate-docs.ts all",
+    "generate:design-docs:markdown": "tsx scripts/generate-docs.ts markdown",
+    "generate:design-docs:json": "tsx scripts/generate-docs.ts json",
+    "generate:design-docs:all": "tsx scripts/generate-docs.ts all"
+  },
+  "files": [
+    "dist"
+  ],
+  "peerDependencies": {
+    "@clack/prompts": "^1.0.0",
+    "chalk": "^5.3.0",
+    "console-table-printer": "^2.15.0"
+  }
+}

package/node_modules/auth-store/README.md

@@ -0,0 +1,47 @@
+# auth-store
+
+Generic encrypted secret storage with platform-aware backends.
+
+## Usage
+
+```ts
+import { createSecretStore } from "auth-store";
+
+const { store, backend } = createSecretStore({
+  backendEnvVar: "MY_AUTH_BACKEND",
+  fileStore: {
+    salt: "my-app:encrypted-store:v1",
+    defaultDirectory: ".my-app",
+    defaultFileName: "credentials.enc"
+  },
+  keychainStore: {
+    service: "my-app",
+    account: "api-key"
+  }
+});
+
+await store.set("secret-value");
+const value = await store.get(); // "secret-value"
+await store.delete();
+```
+
+## Backends
+
+| `backendEnvVar` value | Platform | Backend        |
+| --------------------- | -------- | -------------- |
+| _(unset)_             | any      | Encrypted file |
+| `file`                | any      | Encrypted file |
+| `keychain`            | macOS    | macOS Keychain |
+| `keychain`            | other    | Error          |
+
+### Encrypted file
+
+- AES-256-GCM with machine-derived key (hostname + username via scrypt)
+- Configurable salt, directory, and file name
+- File permissions: `0600`
+- Random IV per write
+
+### macOS Keychain
+
+- Uses the `security` CLI (`add-generic-password`, `find-generic-password`, `delete-generic-password`)
+- Configurable service and account names

package/node_modules/auth-store/dist/create-secret-store.d.ts

@@ -0,0 +1,2 @@
+import type { CreateSecretStoreInput, CreateSecretStoreResult } from "./types.js";
+export declare function createSecretStore(input: CreateSecretStoreInput): CreateSecretStoreResult;

package/node_modules/auth-store/dist/create-secret-store.js

@@ -0,0 +1,35 @@
+import { EncryptedFileStore } from "./encrypted-file-store.js";
+import { KeychainStore } from "./keychain-store.js";
+const DEFAULT_BACKEND_ENV_VAR = "AUTH_BACKEND";
+const MACOS_PLATFORM = "darwin";
+const storeFactories = {
+    file: (input) => {
+        if (!input.fileStore) {
+            throw new Error("fileStore configuration is required for file backend");
+        }
+        return new EncryptedFileStore(input.fileStore);
+    },
+    keychain: (input) => {
+        if (!input.keychainStore) {
+            throw new Error("keychainStore configuration is required for keychain backend");
+        }
+        return new KeychainStore(input.keychainStore);
+    }
+};
+export function createSecretStore(input) {
+    const backend = resolveBackend(input);
+    const platform = input.platform ?? process.platform;
+    if (backend === "keychain" && platform !== MACOS_PLATFORM) {
+        throw new Error(`Keychain backend is only supported on macOS. Current platform: ${platform}`);
+    }
+    const store = storeFactories[backend](input);
+    return { backend, store };
+}
+function resolveBackend(input) {
+    const envVar = input.backendEnvVar ?? DEFAULT_BACKEND_ENV_VAR;
+    const configuredBackend = input.backend ?? input.env?.[envVar] ?? process.env[envVar];
+    if (configuredBackend === "keychain") {
+        return "keychain";
+    }
+    return "file";
+}

package/node_modules/auth-store/dist/encrypted-file-store.d.ts

@@ -0,0 +1,39 @@
+import type { SecretStore } from "./types.js";
+export interface MachineIdentity {
+    hostname: string;
+    username: string;
+}
+export interface EncryptedFileStoreFileSystem {
+    readFile(path: string, encoding: BufferEncoding): Promise<string>;
+    writeFile(path: string, data: string | NodeJS.ArrayBufferView, options?: {
+        encoding?: BufferEncoding;
+    }): Promise<void>;
+    mkdir(path: string, options?: {
+        recursive?: boolean;
+    }): Promise<void | string | undefined>;
+    unlink(path: string): Promise<void>;
+    chmod(path: string, mode: number): Promise<void>;
+}
+export interface EncryptedFileStoreInput {
+    fs?: EncryptedFileStoreFileSystem;
+    filePath?: string;
+    salt: string;
+    defaultDirectory?: string;
+    defaultFileName?: string;
+    getMachineIdentity?: () => MachineIdentity | Promise<MachineIdentity>;
+    getHomeDirectory?: () => string;
+    getRandomBytes?: (size: number) => Buffer;
+}
+export declare class EncryptedFileStore implements SecretStore {
+    private readonly fs;
+    private readonly filePath;
+    private readonly salt;
+    private readonly getMachineIdentity;
+    private readonly getRandomBytes;
+    private keyPromise;
+    constructor(input: EncryptedFileStoreInput);
+    get(): Promise<string | null>;
+    set(value: string): Promise<void>;
+    delete(): Promise<void>;
+    private getEncryptionKey;
+}

package/node_modules/auth-store/dist/encrypted-file-store.js

@@ -0,0 +1,156 @@
+import { createCipheriv, createDecipheriv, randomBytes, scrypt } from "node:crypto";
+import { promises as fs } from "node:fs";
+import { homedir, hostname, userInfo } from "node:os";
+import path from "node:path";
+const derivedKeyCache = new Map();
+const ENCRYPTION_ALGORITHM = "aes-256-gcm";
+const ENCRYPTION_VERSION = 1;
+const ENCRYPTION_KEY_BYTES = 32;
+const ENCRYPTION_IV_BYTES = 12;
+const ENCRYPTION_AUTH_TAG_BYTES = 16;
+const ENCRYPTION_FILE_MODE = 0o600;
+export class EncryptedFileStore {
+    fs;
+    filePath;
+    salt;
+    getMachineIdentity;
+    getRandomBytes;
+    keyPromise = null;
+    constructor(input) {
+        this.fs = input.fs ?? fs;
+        this.salt = input.salt;
+        this.filePath = input.filePath ?? path.join((input.getHomeDirectory ?? homedir)(), input.defaultDirectory ?? ".auth-store", input.defaultFileName ?? "credentials.enc");
+        this.getMachineIdentity = input.getMachineIdentity ?? defaultMachineIdentity;
+        this.getRandomBytes = input.getRandomBytes ?? randomBytes;
+    }
+    async get() {
+        let rawDocument;
+        try {
+            rawDocument = await this.fs.readFile(this.filePath, "utf8");
+        }
+        catch (error) {
+            if (isNotFoundError(error)) {
+                return null;
+            }
+            throw error;
+        }
+        const document = parseEncryptedDocument(rawDocument);
+        if (!document) {
+            return null;
+        }
+        const key = await this.getEncryptionKey();
+        try {
+            const iv = Buffer.from(document.iv, "base64");
+            const authTag = Buffer.from(document.authTag, "base64");
+            const ciphertext = Buffer.from(document.ciphertext, "base64");
+            if (iv.byteLength !== ENCRYPTION_IV_BYTES ||
+                authTag.byteLength !== ENCRYPTION_AUTH_TAG_BYTES) {
+                return null;
+            }
+            const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
+            decipher.setAuthTag(authTag);
+            const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+            return plaintext.toString("utf8");
+        }
+        catch {
+            return null;
+        }
+    }
+    async set(value) {
+        const key = await this.getEncryptionKey();
+        const iv = this.getRandomBytes(ENCRYPTION_IV_BYTES);
+        const cipher = createCipheriv(ENCRYPTION_ALGORITHM, key, iv);
+        const ciphertext = Buffer.concat([
+            cipher.update(value, "utf8"),
+            cipher.final()
+        ]);
+        const authTag = cipher.getAuthTag();
+        const document = {
+            version: ENCRYPTION_VERSION,
+            iv: iv.toString("base64"),
+            authTag: authTag.toString("base64"),
+            ciphertext: ciphertext.toString("base64")
+        };
+        await this.fs.mkdir(path.dirname(this.filePath), { recursive: true });
+        await this.fs.writeFile(this.filePath, JSON.stringify(document), {
+            encoding: "utf8"
+        });
+        await this.fs.chmod(this.filePath, ENCRYPTION_FILE_MODE);
+    }
+    async delete() {
+        try {
+            await this.fs.unlink(this.filePath);
+        }
+        catch (error) {
+            if (!isNotFoundError(error)) {
+                throw error;
+            }
+        }
+    }
+    getEncryptionKey() {
+        if (!this.keyPromise) {
+            this.keyPromise = deriveEncryptionKey(this.getMachineIdentity, this.salt);
+        }
+        return this.keyPromise;
+    }
+}
+function defaultMachineIdentity() {
+    return {
+        hostname: hostname(),
+        username: userInfo().username
+    };
+}
+async function deriveEncryptionKey(getMachineIdentity, salt) {
+    const machineIdentity = await getMachineIdentity();
+    const secret = `${machineIdentity.hostname}:${machineIdentity.username}`;
+    const cacheKey = `${secret}:${salt}`;
+    const cached = derivedKeyCache.get(cacheKey);
+    if (cached) {
+        return cached;
+    }
+    const keyPromise = new Promise((resolve, reject) => {
+        scrypt(secret, salt, ENCRYPTION_KEY_BYTES, (error, derivedKey) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve(Buffer.from(derivedKey));
+        });
+    });
+    derivedKeyCache.set(cacheKey, keyPromise);
+    return keyPromise;
+}
+function parseEncryptedDocument(raw) {
+    try {
+        const parsed = JSON.parse(raw);
+        if (!isRecord(parsed)) {
+            return null;
+        }
+        if (parsed.version !== ENCRYPTION_VERSION) {
+            return null;
+        }
+        if (typeof parsed.iv !== "string" ||
+            typeof parsed.authTag !== "string" ||
+            typeof parsed.ciphertext !== "string") {
+            return null;
+        }
+        return {
+            version: parsed.version,
+            iv: parsed.iv,
+            authTag: parsed.authTag,
+            ciphertext: parsed.ciphertext
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function isRecord(value) {
+    return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+function isNotFoundError(error) {
+    return Boolean(error &&
+        typeof error === "object" &&
+        "code" in error &&
+        error.code === "ENOENT");
+}

package/node_modules/auth-store/dist/index.d.ts

@@ -0,0 +1,7 @@
+export { createSecretStore } from "./create-secret-store.js";
+export { EncryptedFileStore } from "./encrypted-file-store.js";
+export { KeychainStore } from "./keychain-store.js";
+export { key, MigratingSecretStore } from "./provider-store.js";
+export type { SecretStore, StoreBackend, CreateSecretStoreInput, CreateSecretStoreResult } from "./types.js";
+export type { MachineIdentity, EncryptedFileStoreInput, EncryptedFileStoreFileSystem } from "./encrypted-file-store.js";
+export type { KeychainStoreInput, KeychainCommandRunner, KeychainCommandResult } from "./keychain-store.js";

package/node_modules/auth-store/dist/index.js

@@ -0,0 +1,4 @@
+export { createSecretStore } from "./create-secret-store.js";
+export { EncryptedFileStore } from "./encrypted-file-store.js";
+export { KeychainStore } from "./keychain-store.js";
+export { key, MigratingSecretStore } from "./provider-store.js";

package/node_modules/auth-store/dist/keychain-store.d.ts

@@ -0,0 +1,22 @@
+import type { SecretStore } from "./types.js";
+export interface KeychainCommandResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+export type KeychainCommandRunner = (command: string, args: string[]) => Promise<KeychainCommandResult>;
+export interface KeychainStoreInput {
+    runCommand?: KeychainCommandRunner;
+    service: string;
+    account: string;
+}
+export declare class KeychainStore implements SecretStore {
+    private readonly runCommand;
+    private readonly service;
+    private readonly account;
+    constructor(input: KeychainStoreInput);
+    get(): Promise<string | null>;
+    set(value: string): Promise<void>;
+    delete(): Promise<void>;
+    private executeSecurityCommand;
+}

package/node_modules/auth-store/dist/keychain-store.js

@@ -0,0 +1,111 @@
+import { spawn } from "node:child_process";
+const SECURITY_CLI = "security";
+const KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE = 44;
+export class KeychainStore {
+    runCommand;
+    service;
+    account;
+    constructor(input) {
+        this.runCommand = input.runCommand ?? runSecurityCommand;
+        this.service = input.service;
+        this.account = input.account;
+    }
+    async get() {
+        const result = await this.executeSecurityCommand(["find-generic-password", "-s", this.service, "-a", this.account, "-w"], "read secret from macOS Keychain");
+        if (result.exitCode === 0) {
+            return stripTrailingLineBreak(result.stdout);
+        }
+        if (isKeychainEntryNotFound(result)) {
+            return null;
+        }
+        throw createSecurityCliFailure("read secret from macOS Keychain", result);
+    }
+    async set(value) {
+        const result = await this.executeSecurityCommand([
+            "add-generic-password",
+            "-s",
+            this.service,
+            "-a",
+            this.account,
+            "-w",
+            value,
+            "-U"
+        ], "store secret in macOS Keychain");
+        if (result.exitCode !== 0) {
+            throw createSecurityCliFailure("store secret in macOS Keychain", result);
+        }
+    }
+    async delete() {
+        const result = await this.executeSecurityCommand(["delete-generic-password", "-s", this.service, "-a", this.account], "delete secret from macOS Keychain");
+        if (result.exitCode === 0 || isKeychainEntryNotFound(result)) {
+            return;
+        }
+        throw createSecurityCliFailure("delete secret from macOS Keychain", result);
+    }
+    async executeSecurityCommand(args, operation) {
+        try {
+            return await this.runCommand(SECURITY_CLI, args);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            throw new Error(`Failed to ${operation}: ${message}`);
+        }
+    }
+}
+function runSecurityCommand(command, args) {
+    return new Promise((resolve) => {
+        const child = spawn(command, args, {
+            stdio: ["ignore", "pipe", "pipe"]
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout?.setEncoding("utf8");
+        child.stdout?.on("data", (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr?.setEncoding("utf8");
+        child.stderr?.on("data", (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on("error", (error) => {
+            const message = error instanceof Error ? error.message : String(error ?? "Unknown error");
+            resolve({
+                stdout,
+                stderr: stderr ? `${stderr}${message}` : message,
+                exitCode: 127
+            });
+        });
+        child.on("close", (code) => {
+            resolve({
+                stdout,
+                stderr,
+                exitCode: code ?? 0
+            });
+        });
+    });
+}
+function stripTrailingLineBreak(value) {
+    if (value.endsWith("\r\n")) {
+        return value.slice(0, -2);
+    }
+    if (value.endsWith("\n") || value.endsWith("\r")) {
+        return value.slice(0, -1);
+    }
+    return value;
+}
+function isKeychainEntryNotFound(result) {
+    if (result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE) {
+        return true;
+    }
+    const output = `${result.stderr}\n${result.stdout}`.toLowerCase();
+    return (output.includes("could not be found") ||
+        output.includes("item not found") ||
+        output.includes("errsecitemnotfound"));
+}
+function createSecurityCliFailure(operation, result) {
+    const details = result.stderr.trim() || result.stdout.trim();
+    if (details) {
+        return new Error(`Failed to ${operation}: security exited with code ${result.exitCode}: ${details}`);
+    }
+    return new Error(`Failed to ${operation}: security exited with code ${result.exitCode}`);
+}

package/node_modules/auth-store/dist/provider-store.d.ts

@@ -0,0 +1,10 @@
+import type { SecretStore } from "./types.js";
+export declare function key(providerId: string): string;
+export declare class MigratingSecretStore implements SecretStore {
+    private readonly store;
+    private readonly legacyStore;
+    constructor(store: SecretStore, legacyStore?: SecretStore | null);
+    get(): Promise<string | null>;
+    set(value: string): Promise<void>;
+    delete(): Promise<void>;
+}

package/node_modules/auth-store/dist/provider-store.js

@@ -0,0 +1,28 @@
+export function key(providerId) {
+    return `provider:${providerId}`;
+}
+export class MigratingSecretStore {
+    store;
+    legacyStore;
+    constructor(store, legacyStore = null) {
+        this.store = store;
+        this.legacyStore = legacyStore;
+    }
+    async get() {
+        const value = await this.store.get();
+        if (value !== null || !this.legacyStore) {
+            return value;
+        }
+        const legacyValue = await this.legacyStore.get();
+        if (legacyValue !== null) {
+            await this.store.set(legacyValue);
+        }
+        return legacyValue;
+    }
+    async set(value) {
+        return this.store.set(value);
+    }
+    async delete() {
+        return this.store.delete();
+    }
+}

package/node_modules/auth-store/dist/types.d.ts

@@ -0,0 +1,20 @@
+import type { EncryptedFileStoreInput } from "./encrypted-file-store.js";
+import type { KeychainStoreInput } from "./keychain-store.js";
+export interface SecretStore {
+    get(): Promise<string | null>;
+    set(value: string): Promise<void>;
+    delete(): Promise<void>;
+}
+export type StoreBackend = "file" | "keychain";
+export interface CreateSecretStoreInput {
+    backend?: StoreBackend;
+    env?: NodeJS.ProcessEnv;
+    platform?: NodeJS.Platform;
+    backendEnvVar?: string;
+    fileStore?: EncryptedFileStoreInput;
+    keychainStore?: KeychainStoreInput;
+}
+export interface CreateSecretStoreResult {
+    store: SecretStore;
+    backend: StoreBackend;
+}

package/node_modules/auth-store/dist/types.js

@@ -0,0 +1 @@
+export {};

package/node_modules/auth-store/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "auth-store",
+  "version": "0.0.1",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc"
+  },
+  "dependencies": {},
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/poe-platform/poe-code.git",
+    "directory": "packages/auth-store"
+  }
+}