toolcraft-openapi 0.0.23 → 0.0.24

package/node_modules/@poe-code/design-system/dist/static/menu.js

@@ -2,13 +2,19 @@ import { color } from "../components/color.js";
 import { symbols } from "../components/symbols.js";
 import { resolveOutputFormat } from "../internal/output-format.js";
 import { getTheme } from "../internal/theme-detect.js";
+function renderMarkdownInline(value) {
+    return value.replaceAll("\r\n", " ").replaceAll("\n", " ").replaceAll("\r", " ");
+}
 export function renderMenu(opts) {
     const format = resolveOutputFormat();
     const selectedIndex = opts.selectedIndex ?? 0;
+    if (!Number.isInteger(selectedIndex) || !Number.isFinite(selectedIndex)) {
+        throw new Error("selectedIndex must be a finite integer.");
+    }
     if (format === "markdown") {
         return [
-            `**${opts.message}**`,
-            ...opts.options.map((option, index) => `- [${index === selectedIndex ? "x" : " "}] ${option.label}`)
+            `**${renderMarkdownInline(opts.message)}**`,
+            ...opts.options.map((option, index) => `- [${index === selectedIndex ? "x" : " "}] ${renderMarkdownInline(option.label)}`)
         ].join("\n");
     }
     if (format === "json") {

package/node_modules/@poe-code/design-system/dist/static/spinner.js

@@ -1,7 +1,7 @@
 import { color } from "../components/color.js";
 import { symbols } from "../components/symbols.js";
 import { resolveOutputFormat } from "../internal/output-format.js";
-export const SPINNER_FRAMES = ["◒", "◐", "◓", "◑"];
+export const SPINNER_FRAMES = Object.freeze(["◒", "◐", "◓", "◑"]);
 export function renderSpinnerFrame(options) {
     const format = resolveOutputFormat();
     if (format === "markdown") {
@@ -16,22 +16,28 @@ export function renderSpinnerFrame(options) {
         })}\n`;
     }
     const frame = options.frame ?? 0;
-    const spinnerChar = color.magenta(SPINNER_FRAMES[frame % SPINNER_FRAMES.length]);
+    const index = ((frame % SPINNER_FRAMES.length) + SPINNER_FRAMES.length) % SPINNER_FRAMES.length;
+    const spinnerChar = color.magenta(SPINNER_FRAMES[index]);
     const timerSuffix = options.timer ? color.dim(` [${options.timer}]`) : "";
     const bar = color.gray(symbols.bar);
     return `${spinnerChar}  ${options.message}${timerSuffix}\n${bar}`;
 }
+function renderMarkdownInline(value) {
+    return value.replaceAll("\r\n", " ").replaceAll("\n", " ").replaceAll("\r", " ");
+}
 export function renderSpinnerStopped(options) {
     const format = resolveOutputFormat();
     if (format === "markdown") {
-        return `- ${options.message}${options.timer ? ` [${options.timer}]` : ""}\n`;
+        return `- ${renderMarkdownInline(options.message)}${options.timer ? ` [${renderMarkdownInline(options.timer)}]` : ""}\n`;
     }
     if (format === "json") {
         return `${JSON.stringify({
             type: "spinner",
             state: "stopped",
             message: options.message,
-            ...(options.timer ? { timer: options.timer } : {})
+            code: options.code ?? 0,
+            ...(options.timer ? { timer: options.timer } : {}),
+            ...(options.subtext ? { subtext: options.subtext } : {})
         })}\n`;
     }
     const code = options.code ?? 0;

package/node_modules/@poe-code/design-system/dist/terminal-markdown/parser/frontmatter.js

@@ -32,7 +32,12 @@ class YamlSubsetParser {
                 throw new FrontmatterParseError("Invalid mapping entry.");
             }
             this.position += 1;
-            result[entry.key] = this.readEntryValue(entry, expectedIndent);
+            Object.defineProperty(result, entry.key, {
+                configurable: true,
+                enumerable: true,
+                value: this.readEntryValue(entry, expectedIndent),
+                writable: true
+            });
         }
         return result;
     }
@@ -345,8 +350,10 @@ function sliceFrontmatterBlock(content, start, end) {
 function startsWithFrontmatterFence(value) {
     return (value.startsWith("---\n") ||
         value.startsWith("---\r\n") ||
+        value.startsWith("---\r") ||
         value.startsWith("\uFEFF---\n") ||
-        value.startsWith("\uFEFF---\r\n"));
+        value.startsWith("\uFEFF---\r\n") ||
+        value.startsWith("\uFEFF---\r"));
 }
 function stripBom(value) {
     return value.startsWith("\uFEFF") ? value.slice(1) : value;

package/node_modules/@poe-code/design-system/dist/terminal-markdown/renderer.js

@@ -6,7 +6,11 @@ import { typography } from "../tokens/typography.js";
 import { widths } from "../tokens/widths.js";
 const lineChar = "─";
 export function render(ast, options = {}) {
-    const width = Math.max(1, options.width ?? process.stdout.columns ?? widths.maxLine);
+    const requestedWidth = options.width ?? process.stdout.columns ?? widths.maxLine;
+    if (!Number.isFinite(requestedWidth) || requestedWidth <= 0) {
+        throw new Error("width must be a positive finite number.");
+    }
+    const width = Math.max(1, requestedWidth);
     const context = {
         width,
         showFrontmatter: options.showFrontmatter ?? false,
@@ -215,7 +219,20 @@ function formatFrontmatterValue(value) {
     if (typeof value === "number" || typeof value === "boolean") {
         return String(value);
     }
-    return JSON.stringify(value);
+    const ancestors = [];
+    return JSON.stringify(value, function (_key, nestedValue) {
+        if (typeof nestedValue !== "object" || nestedValue === null) {
+            return nestedValue;
+        }
+        while (ancestors.length > 0 && ancestors[ancestors.length - 1] !== this) {
+            ancestors.pop();
+        }
+        if (ancestors.includes(nestedValue)) {
+            return "[Circular]";
+        }
+        ancestors.push(nestedValue);
+        return nestedValue;
+    });
 }
 function renderHtml(node, context) {
     const value = stripHtmlTags(node.value).trim();

package/node_modules/@poe-code/design-system/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@poe-code/design-system",
   "version": "0.0.2",
+  "private": true,
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {
-    "build": "tsc",
+    "build": "node ../../scripts/guard-package-dist.mjs && tsc",
     "postbuild": "node scripts/smoke-built-exports.cjs",
     "lint": "cd ../.. && eslint packages/design-system --ext ts && tsc -p packages/design-system/tsconfig.json --noEmit",
     "test": "cd ../.. && vitest run $(rg --files packages/design-system/src -g '*.test.ts' | sort | tr '\\n' ' ')",

package/node_modules/auth-store/dist/create-secret-store.js

@@ -31,5 +31,8 @@ function resolveBackend(input) {
     if (configuredBackend === "keychain") {
         return "keychain";
     }
-    return "file";
+    if (configuredBackend === undefined || configuredBackend === "file") {
+        return "file";
+    }
+    throw new Error(`Unsupported auth store backend: ${configuredBackend}`);
 }

package/node_modules/auth-store/dist/encrypted-file-store.d.ts

@@ -7,10 +7,16 @@ export interface EncryptedFileStoreFileSystem {
     readFile(path: string, encoding: BufferEncoding): Promise<string>;
     writeFile(path: string, data: string | NodeJS.ArrayBufferView, options?: {
         encoding?: BufferEncoding;
+        flag?: string;
+        mode?: number;
     }): Promise<void>;
     mkdir(path: string, options?: {
         recursive?: boolean;
     }): Promise<void | string | undefined>;
+    rename(oldPath: string, newPath: string): Promise<void>;
+    lstat(path: string): Promise<{
+        isSymbolicLink(): boolean;
+    }>;
     unlink(path: string): Promise<void>;
     chmod(path: string, mode: number): Promise<void>;
 }
@@ -35,5 +41,6 @@ export declare class EncryptedFileStore implements SecretStore {
     get(): Promise<string | null>;
     set(value: string): Promise<void>;
     delete(): Promise<void>;
+    private assertRegularCredentialPath;
     private getEncryptionKey;
 }

package/node_modules/auth-store/dist/encrypted-file-store.js

@@ -9,6 +9,7 @@ const ENCRYPTION_KEY_BYTES = 32;
 const ENCRYPTION_IV_BYTES = 12;
 const ENCRYPTION_AUTH_TAG_BYTES = 16;
 const ENCRYPTION_FILE_MODE = 0o600;
+let temporaryFileSequence = 0;
 export class EncryptedFileStore {
     fs;
     filePath;
@@ -24,6 +25,7 @@ export class EncryptedFileStore {
         this.getRandomBytes = input.getRandomBytes ?? randomBytes;
     }
     async get() {
+        await this.assertRegularCredentialPath();
         let rawDocument;
         try {
             rawDocument = await this.fs.readFile(this.filePath, "utf8");
@@ -57,6 +59,7 @@ export class EncryptedFileStore {
         }
     }
     async set(value) {
+        await this.assertRegularCredentialPath();
         const key = await this.getEncryptionKey();
         const iv = this.getRandomBytes(ENCRYPTION_IV_BYTES);
         const cipher = createCipheriv(ENCRYPTION_ALGORITHM, key, iv);
@@ -72,12 +75,26 @@ export class EncryptedFileStore {
             ciphertext: ciphertext.toString("base64")
         };
         await this.fs.mkdir(path.dirname(this.filePath), { recursive: true });
-        await this.fs.writeFile(this.filePath, JSON.stringify(document), {
-            encoding: "utf8"
-        });
-        await this.fs.chmod(this.filePath, ENCRYPTION_FILE_MODE);
+        await this.assertRegularCredentialPath();
+        const temporaryPath = `${this.filePath}.${process.pid}.${temporaryFileSequence++}.tmp`;
+        try {
+            await this.fs.writeFile(temporaryPath, JSON.stringify(document), {
+                encoding: "utf8",
+                flag: "wx",
+                mode: ENCRYPTION_FILE_MODE
+            });
+            await this.fs.chmod(temporaryPath, ENCRYPTION_FILE_MODE);
+            await this.fs.rename(temporaryPath, this.filePath);
+        }
+        catch (error) {
+            if (!isAlreadyExistsError(error)) {
+                await removeIfPresent(this.fs, temporaryPath).catch(() => undefined);
+            }
+            throw error;
+        }
     }
     async delete() {
+        await this.assertRegularCredentialPath();
         try {
             await this.fs.unlink(this.filePath);
         }
@@ -87,13 +104,53 @@ export class EncryptedFileStore {
             }
         }
     }
+    async assertRegularCredentialPath() {
+        const resolvedPath = path.resolve(this.filePath);
+        const protectedPaths = [path.dirname(resolvedPath), resolvedPath];
+        for (const currentPath of protectedPaths) {
+            try {
+                const stats = await this.fs.lstat(currentPath);
+                if (stats.isSymbolicLink()) {
+                    throw new Error(`Refusing to use encrypted credential path through symbolic link: ${currentPath}`);
+                }
+            }
+            catch (error) {
+                if (isNotFoundError(error)) {
+                    return;
+                }
+                throw error;
+            }
+        }
+    }
     getEncryptionKey() {
         if (!this.keyPromise) {
-            this.keyPromise = deriveEncryptionKey(this.getMachineIdentity, this.salt);
+            const retryableKeyPromise = deriveEncryptionKey(this.getMachineIdentity, this.salt).catch((error) => {
+                if (this.keyPromise === retryableKeyPromise) {
+                    this.keyPromise = null;
+                }
+                throw error;
+            });
+            this.keyPromise = retryableKeyPromise;
         }
         return this.keyPromise;
     }
 }
+async function removeIfPresent(fileSystem, filePath) {
+    try {
+        await fileSystem.unlink(filePath);
+    }
+    catch (error) {
+        if (!isNotFoundError(error)) {
+            throw error;
+        }
+    }
+}
+function isAlreadyExistsError(error) {
+    return (typeof error === "object" &&
+        error !== null &&
+        "code" in error &&
+        error.code === "EEXIST");
+}
 function defaultMachineIdentity() {
     return {
         hostname: hostname(),
@@ -103,7 +160,7 @@ function defaultMachineIdentity() {
 async function deriveEncryptionKey(getMachineIdentity, salt) {
     const machineIdentity = await getMachineIdentity();
     const secret = `${machineIdentity.hostname}:${machineIdentity.username}`;
-    const cacheKey = `${secret}:${salt}`;
+    const cacheKey = JSON.stringify([machineIdentity.hostname, machineIdentity.username, salt]);
     const cached = derivedKeyCache.get(cacheKey);
     if (cached) {
         return cached;
@@ -118,7 +175,12 @@ async function deriveEncryptionKey(getMachineIdentity, salt) {
         });
     });
     derivedKeyCache.set(cacheKey, keyPromise);
-    return keyPromise;
+    return keyPromise.catch((error) => {
+        if (derivedKeyCache.get(cacheKey) === keyPromise) {
+            derivedKeyCache.delete(cacheKey);
+        }
+        throw error;
+    });
 }
 function parseEncryptedDocument(raw) {
     try {

package/node_modules/auth-store/dist/index.d.ts

@@ -4,4 +4,4 @@ export { KeychainStore } from "./keychain-store.js";
 export { key, MigratingSecretStore } from "./provider-store.js";
 export type { SecretStore, StoreBackend, CreateSecretStoreInput, CreateSecretStoreResult } from "./types.js";
 export type { MachineIdentity, EncryptedFileStoreInput, EncryptedFileStoreFileSystem } from "./encrypted-file-store.js";
-export type { KeychainStoreInput, KeychainCommandRunner, KeychainCommandResult } from "./keychain-store.js";
+export type { KeychainStoreInput, KeychainCommandRunner, KeychainCommandResult, KeychainCommandOptions } from "./keychain-store.js";

package/node_modules/auth-store/dist/keychain-store.d.ts

@@ -4,7 +4,10 @@ export interface KeychainCommandResult {
     stderr: string;
     exitCode: number;
 }
-export type KeychainCommandRunner = (command: string, args: string[]) => Promise<KeychainCommandResult>;
+export interface KeychainCommandOptions {
+    stdin?: string;
+}
+export type KeychainCommandRunner = (command: string, args: string[], options?: KeychainCommandOptions) => Promise<KeychainCommandResult>;
 export interface KeychainStoreInput {
     runCommand?: KeychainCommandRunner;
     service: string;

package/node_modules/auth-store/dist/keychain-store.js

@@ -21,16 +21,18 @@ export class KeychainStore {
         throw createSecurityCliFailure("read secret from macOS Keychain", result);
     }
     async set(value) {
+        if (value.includes("\n") || value.includes("\r")) {
+            throw new Error("Keychain secrets cannot contain line breaks");
+        }
         const result = await this.executeSecurityCommand([
             "add-generic-password",
             "-s",
             this.service,
             "-a",
             this.account,
-            "-w",
-            value,
-            "-U"
-        ], "store secret in macOS Keychain");
+            "-U",
+            "-w"
+        ], "store secret in macOS Keychain", { stdin: value });
         if (result.exitCode !== 0) {
             throw createSecurityCliFailure("store secret in macOS Keychain", result);
         }
@@ -42,9 +44,12 @@ export class KeychainStore {
         }
         throw createSecurityCliFailure("delete secret from macOS Keychain", result);
     }
-    async executeSecurityCommand(args, operation) {
+    async executeSecurityCommand(args, operation, options) {
         try {
-            return await this.runCommand(SECURITY_CLI, args);
+            if (options === undefined) {
+                return await this.runCommand(SECURITY_CLI, args);
+            }
+            return await this.runCommand(SECURITY_CLI, args, options);
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);
@@ -52,10 +57,10 @@ export class KeychainStore {
         }
     }
 }
-function runSecurityCommand(command, args) {
+function runSecurityCommand(command, args, options) {
     return new Promise((resolve) => {
         const child = spawn(command, args, {
-            stdio: ["ignore", "pipe", "pipe"]
+            stdio: [options?.stdin === undefined ? "ignore" : "pipe", "pipe", "pipe"]
         });
         let stdout = "";
         let stderr = "";
@@ -67,6 +72,9 @@ function runSecurityCommand(command, args) {
         child.stderr?.on("data", (chunk) => {
             stderr += chunk.toString();
         });
+        if (options?.stdin !== undefined) {
+            child.stdin?.end(options.stdin);
+        }
         child.on("error", (error) => {
             const message = error instanceof Error ? error.message : String(error ?? "Unknown error");
             resolve({
@@ -79,7 +87,7 @@ function runSecurityCommand(command, args) {
             resolve({
                 stdout,
                 stderr,
-                exitCode: code ?? 0
+                exitCode: code ?? 1
             });
         });
     });
@@ -94,13 +102,7 @@ function stripTrailingLineBreak(value) {
     return value;
 }
 function isKeychainEntryNotFound(result) {
-    if (result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE) {
-        return true;
-    }
-    const output = `${result.stderr}\n${result.stdout}`.toLowerCase();
-    return (output.includes("could not be found") ||
-        output.includes("item not found") ||
-        output.includes("errsecitemnotfound"));
+    return result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
 }
 function createSecurityCliFailure(operation, result) {
     const details = result.stderr.trim() || result.stdout.trim();

package/node_modules/auth-store/dist/provider-store.d.ts

@@ -3,8 +3,12 @@ export declare function key(providerId: string): string;
 export declare class MigratingSecretStore implements SecretStore {
     private readonly store;
     private readonly legacyStore;
+    private pendingMutation;
     constructor(store: SecretStore, legacyStore?: SecretStore | null);
-    get(): Promise<string | null>;
+    get(options?: {
+        readOnly?: boolean;
+    }): Promise<string | null>;
     set(value: string): Promise<void>;
     delete(): Promise<void>;
+    private mutate;
 }

package/node_modules/auth-store/dist/provider-store.js

@@ -4,27 +4,75 @@ export function key(providerId) {
 export class MigratingSecretStore {
     store;
     legacyStore;
+    pendingMutation = Promise.resolve();
     constructor(store, legacyStore = null) {
         this.store = store;
         this.legacyStore = legacyStore;
     }
-    async get() {
+    async get(options = {}) {
         const value = await this.store.get();
         if (value !== null || !this.legacyStore) {
             return value;
         }
         const legacyValue = await this.legacyStore.get();
-        if (legacyValue !== null) {
-            await this.store.set(legacyValue);
+        if (legacyValue !== null && !options.readOnly) {
+            await this.mutate(async () => {
+                if (await this.store.get() === null) {
+                    try {
+                        await this.store.set(legacyValue);
+                    }
+                    catch {
+                        return;
+                    }
+                }
+            });
         }
         return legacyValue;
     }
     async set(value) {
-        await this.store.set(value);
-        await this.legacyStore?.set(value);
+        await this.mutate(async () => {
+            const previousValue = await this.store.get();
+            const previousLegacyValue = await this.legacyStore?.get() ?? null;
+            await this.store.set(value);
+            try {
+                await this.legacyStore?.set(value);
+            }
+            catch (error) {
+                await restore(this.store, previousValue);
+                if (this.legacyStore) {
+                    await restore(this.legacyStore, previousLegacyValue);
+                }
+                throw error;
+            }
+        });
     }
     async delete() {
-        await this.store.delete();
-        await this.legacyStore?.delete();
+        await this.mutate(async () => {
+            const previousValue = await this.store.get();
+            const previousLegacyValue = await this.legacyStore?.get() ?? null;
+            await this.store.delete();
+            try {
+                await this.legacyStore?.delete();
+            }
+            catch (error) {
+                await restore(this.store, previousValue);
+                if (this.legacyStore) {
+                    await restore(this.legacyStore, previousLegacyValue);
+                }
+                throw error;
+            }
+        });
     }
+    async mutate(action) {
+        const operation = this.pendingMutation.then(action, action);
+        this.pendingMutation = operation.catch(() => undefined);
+        await operation;
+    }
+}
+async function restore(store, value) {
+    if (value === null) {
+        await store.delete();
+        return;
+    }
+    await store.set(value);
 }

package/node_modules/auth-store/dist/types.d.ts

@@ -1,7 +1,9 @@
 import type { EncryptedFileStoreInput } from "./encrypted-file-store.js";
 import type { KeychainStoreInput } from "./keychain-store.js";
 export interface SecretStore {
-    get(): Promise<string | null>;
+    get(options?: {
+        readOnly?: boolean;
+    }): Promise<string | null>;
     set(value: string): Promise<void>;
     delete(): Promise<void>;
 }

package/node_modules/auth-store/package.json

@@ -1,6 +1,7 @@
 {
   "name": "auth-store",
   "version": "0.0.1",
+  "private": true,
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -11,7 +12,7 @@
     }
   },
   "scripts": {
-    "build": "tsc"
+    "build": "node ../../scripts/guard-package-dist.mjs && tsc"
   },
   "dependencies": {},
   "files": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "toolcraft-openapi",
-  "version": "0.0.23",
+  "version": "0.0.24",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -18,7 +18,7 @@
     "build": "rm -rf dist && tsc",
     "test": "cd ../.. && vitest run packages/toolcraft-openapi/src",
     "test:unit": "cd ../.. && vitest run packages/toolcraft-openapi/src",
-    "prepack": "node ../../scripts/manage-bundled-workspace-deps.mjs prepare . @poe-code/design-system auth-store",
+    "prepack": "node ../../scripts/set-bin-executable.mjs && node ../../scripts/manage-bundled-workspace-deps.mjs prepare . @poe-code/design-system auth-store",
     "postpack": "node ../../scripts/manage-bundled-workspace-deps.mjs cleanup . @poe-code/design-system auth-store"
   },
   "files": [
@@ -31,8 +31,8 @@
     "@clack/core": "^1.0.0",
     "@clack/prompts": "^1.0.0",
     "@poe-code/design-system": "^0.0.2",
+    "toolcraft": "0.0.24",
     "auth-store": "^0.0.1",
-    "toolcraft": "^0.0.23",
     "yaml": "^2.8.2"
   },
   "engines": {

package/dist/lock.d.ts

@@ -1,14 +0,0 @@
-export interface OpenApiLock {
-    specSha: string;
-}
-export interface LockFileSystem {
-    mkdir(directoryPath: string, options?: {
-        recursive?: boolean;
-    }): Promise<unknown>;
-    readFile(filePath: string, encoding: BufferEncoding): Promise<string>;
-    writeFile(filePath: string, contents: string, encoding: BufferEncoding): Promise<void>;
-}
-export declare function parseOpenApiLock(contents: string, lockPath: string): OpenApiLock | null;
-export declare function stringifyOpenApiLock(lock: OpenApiLock): string;
-export declare function readOpenApiLock(fs: Pick<LockFileSystem, "readFile">, lockPath: string): Promise<OpenApiLock | null>;
-export declare function writeOpenApiLock(fs: LockFileSystem, lockPath: string, lock: OpenApiLock): Promise<void>;