toolcraft 0.0.26 → 0.0.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.compile-check.js +7 -1
- package/dist/cli.d.ts +9 -1
- package/dist/cli.js +134 -62
- package/dist/design.d.ts +1 -0
- package/dist/design.js +1 -0
- package/dist/error-codes.d.ts +1 -0
- package/dist/error-codes.js +6 -0
- package/dist/error-report.js +99 -29
- package/dist/human-in-loop/approvals-commands.js +2 -1
- package/dist/human-in-loop/runner.js +2 -2
- package/dist/index.d.ts +6 -2
- package/dist/json-schema-converter.js +12 -1
- package/dist/mcp-proxy.js +26 -9
- package/dist/mcp.js +55 -4
- package/dist/renderer.js +1 -1
- package/dist/schema-scope.js +22 -1
- package/dist/sdk.js +51 -3
- package/dist/source-snippet.js +1 -1
- package/node_modules/@poe-code/agent-defs/dist/agents/claude-code.js +5 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/codex.js +10 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/cursor.d.ts +2 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/cursor.js +15 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/goose.js +1 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/index.d.ts +1 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/index.js +1 -0
- package/node_modules/@poe-code/agent-defs/dist/agents/opencode.js +5 -0
- package/node_modules/@poe-code/agent-defs/dist/index.d.ts +2 -2
- package/node_modules/@poe-code/agent-defs/dist/index.js +1 -1
- package/node_modules/@poe-code/agent-defs/dist/registry.js +8 -1
- package/node_modules/@poe-code/agent-defs/dist/specifier.js +7 -3
- package/node_modules/@poe-code/agent-defs/dist/types.d.ts +5 -0
- package/node_modules/@poe-code/agent-human-in-loop/dist/providers/osascript.js +7 -1
- package/node_modules/@poe-code/agent-mcp-config/dist/configs.js +6 -0
- package/node_modules/@poe-code/config-mutations/dist/error-codes.d.ts +1 -0
- package/node_modules/@poe-code/config-mutations/dist/error-codes.js +6 -0
- package/node_modules/@poe-code/config-mutations/dist/execution/apply-mutation.js +25 -15
- package/node_modules/@poe-code/config-mutations/dist/formats/json.js +1 -1
- package/node_modules/@poe-code/config-mutations/dist/formats/toml.js +1 -1
- package/node_modules/@poe-code/config-mutations/dist/formats/yaml.js +1 -1
- package/node_modules/@poe-code/config-mutations/dist/fs-utils.js +2 -4
- package/node_modules/@poe-code/config-mutations/dist/template/render.js +1 -1
- package/node_modules/@poe-code/config-mutations/package.json +1 -1
- package/node_modules/@poe-code/process-runner/dist/host/host-execution-env.js +18 -5
- package/node_modules/@poe-code/process-runner/dist/host/host-runner.js +38 -4
- package/node_modules/@poe-code/process-runner/dist/workspace-transfer.js +8 -2
- package/node_modules/@poe-code/task-list/dist/backends/gh-issues-sync.js +18 -7
- package/node_modules/@poe-code/task-list/dist/backends/markdown-dir.js +13 -6
- package/node_modules/@poe-code/task-list/dist/backends/utils.js +15 -10
- package/node_modules/@poe-code/task-list/dist/backends/yaml-file.js +39 -22
- package/node_modules/@poe-code/task-list/dist/move.js +4 -1
- package/node_modules/@poe-code/task-list/dist/open.js +42 -20
- package/node_modules/@poe-code/task-list/dist/state-machine.js +8 -5
- package/node_modules/auth-store/dist/create-secret-store.js +6 -1
- package/node_modules/auth-store/dist/encrypted-file-store.d.ts +1 -1
- package/node_modules/auth-store/dist/encrypted-file-store.js +32 -28
- package/node_modules/auth-store/dist/error-codes.d.ts +1 -0
- package/node_modules/auth-store/dist/error-codes.js +5 -0
- package/node_modules/auth-store/dist/keychain-store.js +23 -8
- package/node_modules/mcp-oauth/dist/client/auth-store-session-store.js +17 -5
- package/node_modules/mcp-oauth/dist/client/authorization-state.js +21 -8
- package/node_modules/mcp-oauth/dist/client/default-oauth-client-provider.js +128 -55
- package/node_modules/mcp-oauth/dist/client/token-endpoint.js +27 -17
- package/node_modules/mcp-oauth/dist/server/jwks-token-verifier.js +43 -22
- package/node_modules/toolcraft-design/README.md +148 -0
- package/node_modules/toolcraft-design/dist/components/catalog.d.ts +26 -0
- package/node_modules/toolcraft-design/dist/components/catalog.js +94 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/index.d.ts +2 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/index.js +1 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/footer.js +1 -2
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/output-pane.js +16 -19
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/stats-pane.js +1 -15
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/demo.js +2 -2
- package/node_modules/toolcraft-design/dist/explorer/theme.js +29 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/index.d.ts +7 -1
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/index.js +4 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/theme-detect.d.ts +1 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/theme-detect.js +28 -6
- package/node_modules/toolcraft-design/dist/internal/theme-state.d.ts +12 -0
- package/node_modules/toolcraft-design/dist/internal/theme-state.js +35 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/theme.d.ts +1 -1
- package/node_modules/toolcraft-design/dist/prompts/theme.js +15 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/frontmatter.js +50 -0
- package/node_modules/toolcraft-design/dist/tokens/brand.d.ts +5 -0
- package/node_modules/toolcraft-design/dist/tokens/brand.js +5 -0
- package/node_modules/toolcraft-design/dist/tokens/colors.d.ts +37 -0
- package/node_modules/toolcraft-design/dist/tokens/colors.js +85 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/index.d.ts +2 -0
- package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/index.js +1 -0
- package/node_modules/toolcraft-design/package.json +42 -0
- package/package.json +10 -6
- package/node_modules/@poe-code/design-system/dist/explorer/theme.js +0 -97
- package/node_modules/@poe-code/design-system/dist/prompts/theme.js +0 -12
- package/node_modules/@poe-code/design-system/dist/tokens/colors.d.ts +0 -35
- package/node_modules/@poe-code/design-system/dist/tokens/colors.js +0 -34
- package/node_modules/@poe-code/design-system/package.json +0 -29
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/components.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/components.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/writer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/writer.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/browser.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/browser.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/color.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/color.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/command-errors.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/command-errors.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/detail-card.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/detail-card.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter-plain.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter-plain.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/logger.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/logger.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/symbols.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/symbols.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/table.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/table.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/template.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/template.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/text.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/text.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/ansi.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/ansi.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/buffer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/buffer.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/border.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/border.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/footer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/output-pane.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/stats-pane.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/dashboard.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/dashboard.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/demo.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/demo.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/keymap.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/keymap.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/layout.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/layout.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/should-use-dashboard.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/should-use-dashboard.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/snapshot.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/snapshot.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/store.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/store.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal-width.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal-width.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/types.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/types.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/actions.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/actions.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/demo.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/events.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/events.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/filter.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/filter.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/jobs.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/jobs.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/keymap.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/keymap.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/layout.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/layout.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/reducer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/reducer.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/detail.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/detail.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/footer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/footer.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/header.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/header.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/list.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/list.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/modal.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/modal.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/test-fixtures.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/test-fixtures.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/text.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/text.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.test-helpers.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.test-helpers.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/state.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/state.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/theme.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/color-support.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/color-support.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/output-format.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/output-format.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/strip-ansi.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/strip-ansi.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/cancel.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/cancel.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/intro.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/intro.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/log.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/log.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/note.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/note.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/outro.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/outro.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/spinner.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/spinner.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/menu.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/menu.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/spinner.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/spinner.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/ast.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/ast.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/demo-content.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/demo-content.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/index.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/index.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/block.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/block.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/frontmatter.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/inline.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/inline.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/renderer.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/renderer.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/testing/theme-render-fixture.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/testing/theme-render-fixture.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/spacing.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/spacing.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/typography.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/typography.js +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/widths.d.ts +0 -0
- /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/widths.js +0 -0
|
@@ -98,7 +98,7 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
98
98
|
while (true) {
|
|
99
99
|
try {
|
|
100
100
|
refreshedTokens = await refreshAccessToken({
|
|
101
|
-
tokenEndpoint: discovery.authorizationServerMetadata
|
|
101
|
+
tokenEndpoint: requireOwnString(discovery.authorizationServerMetadata, "token_endpoint", "Authorization server metadata"),
|
|
102
102
|
clientId: session.client.clientId,
|
|
103
103
|
clientSecret: session.client.clientSecret,
|
|
104
104
|
refreshToken: session.tokens.refreshToken,
|
|
@@ -184,7 +184,7 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
184
184
|
});
|
|
185
185
|
const code = await loopback.waitForCode(authorizationUrl);
|
|
186
186
|
const tokens = await exchangeAuthorizationCode({
|
|
187
|
-
tokenEndpoint: discovery.authorizationServerMetadata
|
|
187
|
+
tokenEndpoint: requireOwnString(discovery.authorizationServerMetadata, "token_endpoint", "Authorization server metadata"),
|
|
188
188
|
clientId: resolvedClient.client.clientId,
|
|
189
189
|
clientSecret: resolvedClient.client.clientSecret,
|
|
190
190
|
code,
|
|
@@ -239,7 +239,7 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
239
239
|
},
|
|
240
240
|
};
|
|
241
241
|
}
|
|
242
|
-
const registrationEndpoint = discovery.authorizationServerMetadata
|
|
242
|
+
const registrationEndpoint = getOwnString(discovery.authorizationServerMetadata, "registration_endpoint");
|
|
243
243
|
if (registrationEndpoint === undefined && options.client.clientId !== undefined) {
|
|
244
244
|
return {
|
|
245
245
|
kind: "static",
|
|
@@ -290,14 +290,16 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
290
290
|
body: JSON.stringify(registrationBody),
|
|
291
291
|
});
|
|
292
292
|
const payload = await readOAuthJsonObjectResponse(response);
|
|
293
|
-
|
|
294
|
-
|
|
293
|
+
const clientId = getOwnString(payload, "client_id");
|
|
294
|
+
if (clientId === undefined ||
|
|
295
|
+
clientId.trim().length === 0) {
|
|
295
296
|
throw new Error("OAuth client registration response missing client_id");
|
|
296
297
|
}
|
|
298
|
+
const clientSecret = getOwnString(payload, "client_secret");
|
|
297
299
|
const registeredClient = {
|
|
298
|
-
clientId
|
|
299
|
-
clientSecret:
|
|
300
|
-
?
|
|
300
|
+
clientId,
|
|
301
|
+
clientSecret: clientSecret !== undefined && clientSecret.length > 0
|
|
302
|
+
? clientSecret
|
|
301
303
|
: undefined,
|
|
302
304
|
};
|
|
303
305
|
await saveRegisteredClient(discovery.authorizationServer, registeredClient);
|
|
@@ -324,12 +326,13 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
324
326
|
return null;
|
|
325
327
|
}
|
|
326
328
|
const client = await clientStore.load(issuer);
|
|
327
|
-
|
|
329
|
+
const normalizedClient = client === null ? null : normalizeStoredClient(client);
|
|
330
|
+
if (client !== null && normalizedClient === null) {
|
|
328
331
|
await clientStore.clear(issuer);
|
|
329
332
|
return null;
|
|
330
333
|
}
|
|
331
|
-
registeredClients.set(issuer,
|
|
332
|
-
return
|
|
334
|
+
registeredClients.set(issuer, normalizedClient);
|
|
335
|
+
return normalizedClient;
|
|
333
336
|
}
|
|
334
337
|
async function saveRegisteredClient(issuer, client) {
|
|
335
338
|
registeredClients.set(issuer, client);
|
|
@@ -345,7 +348,7 @@ export function createDefaultOAuthClientProvider(options) {
|
|
|
345
348
|
}
|
|
346
349
|
}
|
|
347
350
|
function isProviderOptions(options) {
|
|
348
|
-
return "provider"
|
|
351
|
+
return Object.prototype.hasOwnProperty.call(options, "provider");
|
|
349
352
|
}
|
|
350
353
|
function isExpired(tokens, now) {
|
|
351
354
|
return tokens.expiresAt !== null && tokens.expiresAt <= now();
|
|
@@ -361,11 +364,15 @@ function resolveDiscovery(discovery, session) {
|
|
|
361
364
|
return undefined;
|
|
362
365
|
}
|
|
363
366
|
const metadata = session.discovery.authorizationServerMetadata;
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
367
|
+
const issuer = getOwnString(metadata, "issuer");
|
|
368
|
+
const authorizationEndpoint = getOwnString(metadata, "authorization_endpoint");
|
|
369
|
+
const tokenEndpoint = getOwnString(metadata, "token_endpoint");
|
|
370
|
+
const codeChallengeMethodsSupported = getOwnStringArray(metadata, "code_challenge_methods_supported");
|
|
371
|
+
if (issuer === undefined ||
|
|
372
|
+
authorizationEndpoint === undefined ||
|
|
373
|
+
tokenEndpoint === undefined ||
|
|
374
|
+
codeChallengeMethodsSupported === undefined ||
|
|
375
|
+
!codeChallengeMethodsSupported.includes("S256")) {
|
|
369
376
|
return undefined;
|
|
370
377
|
}
|
|
371
378
|
return {
|
|
@@ -389,39 +396,96 @@ function normalizeLoadedSession(session) {
|
|
|
389
396
|
if (session === null) {
|
|
390
397
|
return null;
|
|
391
398
|
}
|
|
392
|
-
|
|
399
|
+
const client = normalizeStoredClient(getOwnEntry(session, "client"));
|
|
400
|
+
if (client === null) {
|
|
393
401
|
return { ...session, client: { clientId: "" }, tokens: undefined };
|
|
394
402
|
}
|
|
395
|
-
return
|
|
396
|
-
|
|
397
|
-
|
|
403
|
+
return {
|
|
404
|
+
...session,
|
|
405
|
+
client,
|
|
406
|
+
tokens: normalizeStoredTokens(getOwnEntry(session, "tokens")),
|
|
407
|
+
};
|
|
398
408
|
}
|
|
399
|
-
function
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
409
|
+
function normalizeStoredClient(value) {
|
|
410
|
+
if (!isObjectRecord(value)) {
|
|
411
|
+
return null;
|
|
412
|
+
}
|
|
413
|
+
const clientId = getOwnString(value, "clientId");
|
|
414
|
+
if (clientId === undefined || clientId.trim().length === 0) {
|
|
415
|
+
return null;
|
|
416
|
+
}
|
|
417
|
+
const clientSecret = getOwnEntry(value, "clientSecret");
|
|
418
|
+
if (clientSecret === undefined) {
|
|
419
|
+
return { clientId };
|
|
420
|
+
}
|
|
421
|
+
if (typeof clientSecret !== "string" || clientSecret.trim().length === 0) {
|
|
422
|
+
return null;
|
|
423
|
+
}
|
|
424
|
+
return { clientId, clientSecret };
|
|
404
425
|
}
|
|
405
|
-
function
|
|
406
|
-
if (
|
|
407
|
-
return
|
|
408
|
-
}
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
426
|
+
function normalizeStoredTokens(value) {
|
|
427
|
+
if (value === undefined || !isObjectRecord(value)) {
|
|
428
|
+
return undefined;
|
|
429
|
+
}
|
|
430
|
+
const accessToken = getOwnString(value, "accessToken");
|
|
431
|
+
const tokenType = getOwnString(value, "tokenType");
|
|
432
|
+
const expiresAt = getOwnEntry(value, "expiresAt");
|
|
433
|
+
const refreshToken = getOwnEntry(value, "refreshToken");
|
|
434
|
+
const scope = getOwnString(value, "scope");
|
|
435
|
+
const normalizedRefreshToken = typeof refreshToken === "string" ? refreshToken : undefined;
|
|
436
|
+
if (accessToken === undefined ||
|
|
437
|
+
accessToken.trim().length === 0 ||
|
|
438
|
+
tokenType !== "Bearer" ||
|
|
439
|
+
!(expiresAt === null ||
|
|
440
|
+
(typeof expiresAt === "number" && Number.isFinite(expiresAt))) ||
|
|
441
|
+
(refreshToken !== undefined &&
|
|
442
|
+
(typeof refreshToken !== "string" || refreshToken.trim().length === 0))) {
|
|
443
|
+
return undefined;
|
|
444
|
+
}
|
|
445
|
+
return {
|
|
446
|
+
accessToken,
|
|
447
|
+
tokenType,
|
|
448
|
+
expiresAt,
|
|
449
|
+
...(normalizedRefreshToken === undefined ? {} : { refreshToken: normalizedRefreshToken }),
|
|
450
|
+
...(scope === undefined || scope.length === 0 ? {} : { scope }),
|
|
451
|
+
};
|
|
415
452
|
}
|
|
416
453
|
function getClientMetadata(client) {
|
|
417
454
|
return client.metadata;
|
|
418
455
|
}
|
|
456
|
+
function getOwnEntry(record, key) {
|
|
457
|
+
return Object.prototype.hasOwnProperty.call(record, key)
|
|
458
|
+
? record[key]
|
|
459
|
+
: undefined;
|
|
460
|
+
}
|
|
461
|
+
function isObjectRecord(value) {
|
|
462
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
463
|
+
}
|
|
464
|
+
function getOwnString(record, key) {
|
|
465
|
+
const value = getOwnEntry(record, key);
|
|
466
|
+
return typeof value === "string" ? value : undefined;
|
|
467
|
+
}
|
|
468
|
+
function requireOwnString(record, key, label) {
|
|
469
|
+
const value = getOwnString(record, key);
|
|
470
|
+
if (value === undefined) {
|
|
471
|
+
throw new Error(`${label} is missing ${key}`);
|
|
472
|
+
}
|
|
473
|
+
return value;
|
|
474
|
+
}
|
|
475
|
+
function getOwnStringArray(record, key) {
|
|
476
|
+
const value = getOwnEntry(record, key);
|
|
477
|
+
return Array.isArray(value) && value.every((entry) => typeof entry === "string")
|
|
478
|
+
? value
|
|
479
|
+
: undefined;
|
|
480
|
+
}
|
|
419
481
|
function buildAuthorizationUrl(input) {
|
|
420
|
-
const
|
|
482
|
+
const authorizationEndpoint = requireOwnString(input.metadata, "authorization_endpoint", "Authorization server metadata");
|
|
483
|
+
const issuer = requireOwnString(input.metadata, "issuer", "Authorization server metadata");
|
|
484
|
+
const url = new URL(authorizationEndpoint);
|
|
421
485
|
const resource = canonicalizeResourceIndicator(input.resource);
|
|
422
486
|
const state = createAuthorizationState({
|
|
423
|
-
issuer
|
|
424
|
-
requireIssuer: input.metadata
|
|
487
|
+
issuer,
|
|
488
|
+
requireIssuer: getOwnEntry(input.metadata, "authorization_response_iss_parameter_supported") === true,
|
|
425
489
|
});
|
|
426
490
|
url.searchParams.set("response_type", "code");
|
|
427
491
|
url.searchParams.set("client_id", input.clientId);
|
|
@@ -436,7 +500,7 @@ function buildAuthorizationUrl(input) {
|
|
|
436
500
|
return url.toString();
|
|
437
501
|
}
|
|
438
502
|
function assertS256PkceSupport(metadata) {
|
|
439
|
-
if (!metadata
|
|
503
|
+
if (!getOwnStringArray(metadata, "code_challenge_methods_supported")?.includes("S256")) {
|
|
440
504
|
throw new Error("Authorization server metadata must advertise code_challenge_methods_supported including S256");
|
|
441
505
|
}
|
|
442
506
|
}
|
|
@@ -460,13 +524,16 @@ function assertSecureUrl(value, label) {
|
|
|
460
524
|
throw new Error(`${label} must use https unless it targets a loopback host`);
|
|
461
525
|
}
|
|
462
526
|
function assertSecureOAuthFlowEndpoints(metadata) {
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
527
|
+
const authorizationEndpoint = requireOwnString(metadata, "authorization_endpoint", "Authorization server metadata");
|
|
528
|
+
const tokenEndpoint = requireOwnString(metadata, "token_endpoint", "Authorization server metadata");
|
|
529
|
+
const registrationEndpoint = getOwnString(metadata, "registration_endpoint");
|
|
530
|
+
assertNoAccessTokenInUrl(authorizationEndpoint, "Authorization endpoint");
|
|
531
|
+
assertNoAccessTokenInUrl(tokenEndpoint, "Token endpoint");
|
|
532
|
+
assertSecureUrl(authorizationEndpoint, "Authorization endpoint");
|
|
533
|
+
assertSecureUrl(tokenEndpoint, "Token endpoint");
|
|
534
|
+
if (registrationEndpoint !== undefined) {
|
|
535
|
+
assertNoAccessTokenInUrl(registrationEndpoint, "Registration endpoint");
|
|
536
|
+
assertSecureUrl(registrationEndpoint, "Registration endpoint");
|
|
470
537
|
}
|
|
471
538
|
}
|
|
472
539
|
function assertNoAccessTokenInUrl(value, label) {
|
|
@@ -487,17 +554,23 @@ function buildClientRegistrationBody(metadata, redirectUri) {
|
|
|
487
554
|
response_types: ["code"],
|
|
488
555
|
token_endpoint_auth_method: "none",
|
|
489
556
|
};
|
|
490
|
-
|
|
491
|
-
|
|
557
|
+
const clientName = metadata === undefined ? undefined : getOwnString(metadata, "clientName");
|
|
558
|
+
const scope = metadata === undefined ? undefined : getOwnString(metadata, "scope");
|
|
559
|
+
const softwareId = metadata === undefined ? undefined : getOwnString(metadata, "softwareId");
|
|
560
|
+
const softwareVersion = metadata === undefined
|
|
561
|
+
? undefined
|
|
562
|
+
: getOwnString(metadata, "softwareVersion");
|
|
563
|
+
if (clientName !== undefined && clientName.length > 0) {
|
|
564
|
+
body.client_name = clientName;
|
|
492
565
|
}
|
|
493
|
-
if (
|
|
494
|
-
body.scope =
|
|
566
|
+
if (scope !== undefined && scope.length > 0) {
|
|
567
|
+
body.scope = scope;
|
|
495
568
|
}
|
|
496
|
-
if (
|
|
497
|
-
body.software_id =
|
|
569
|
+
if (softwareId !== undefined && softwareId.length > 0) {
|
|
570
|
+
body.software_id = softwareId;
|
|
498
571
|
}
|
|
499
|
-
if (
|
|
500
|
-
body.software_version =
|
|
572
|
+
if (softwareVersion !== undefined && softwareVersion.length > 0) {
|
|
573
|
+
body.software_version = softwareVersion;
|
|
501
574
|
}
|
|
502
575
|
return body;
|
|
503
576
|
}
|
|
@@ -75,29 +75,33 @@ async function requestTokens(input) {
|
|
|
75
75
|
body: body.toString(),
|
|
76
76
|
});
|
|
77
77
|
const payload = await readOAuthJsonObjectResponse(response);
|
|
78
|
-
|
|
78
|
+
const accessToken = getOwnEntry(payload, "access_token");
|
|
79
|
+
if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
|
|
79
80
|
throw new Error("OAuth token response missing access_token");
|
|
80
81
|
}
|
|
81
|
-
const tokenType = normalizeBearerTokenType(payload
|
|
82
|
+
const tokenType = normalizeBearerTokenType(getOwnEntry(payload, "token_type"));
|
|
82
83
|
if (tokenType === null) {
|
|
83
84
|
throw new Error("OAuth token response missing token_type=Bearer");
|
|
84
85
|
}
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
&&
|
|
86
|
+
const expiresIn = getOwnEntry(payload, "expires_in");
|
|
87
|
+
if (typeof expiresIn === "number"
|
|
88
|
+
&& Number.isFinite(expiresIn)
|
|
89
|
+
&& expiresIn < 0) {
|
|
88
90
|
throw new Error("OAuth token response has invalid expires_in");
|
|
89
91
|
}
|
|
92
|
+
const refreshToken = getOwnEntry(payload, "refresh_token");
|
|
93
|
+
const scope = getOwnEntry(payload, "scope");
|
|
90
94
|
return {
|
|
91
|
-
accessToken
|
|
92
|
-
refreshToken: typeof
|
|
93
|
-
?
|
|
95
|
+
accessToken,
|
|
96
|
+
refreshToken: typeof refreshToken === "string" && refreshToken.length > 0
|
|
97
|
+
? refreshToken
|
|
94
98
|
: undefined,
|
|
95
99
|
tokenType,
|
|
96
|
-
expiresAt: typeof
|
|
97
|
-
? input.now() + (
|
|
100
|
+
expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn)
|
|
101
|
+
? input.now() + (expiresIn * 1000)
|
|
98
102
|
: null,
|
|
99
|
-
scope: typeof
|
|
100
|
-
?
|
|
103
|
+
scope: typeof scope === "string" && scope.length > 0
|
|
104
|
+
? scope
|
|
101
105
|
: undefined,
|
|
102
106
|
};
|
|
103
107
|
}
|
|
@@ -126,16 +130,22 @@ export async function readOAuthJsonObjectResponse(response) {
|
|
|
126
130
|
return record;
|
|
127
131
|
}
|
|
128
132
|
function readOAuthError(payload, fallbackError = "server_error") {
|
|
133
|
+
const error = getOwnEntry(payload, "error");
|
|
134
|
+
const errorDescription = getOwnEntry(payload, "error_description");
|
|
135
|
+
const errorUri = getOwnEntry(payload, "error_uri");
|
|
129
136
|
return {
|
|
130
|
-
error: typeof
|
|
131
|
-
error_description: typeof
|
|
132
|
-
?
|
|
137
|
+
error: typeof error === "string" ? error : fallbackError,
|
|
138
|
+
error_description: typeof errorDescription === "string"
|
|
139
|
+
? errorDescription
|
|
133
140
|
: undefined,
|
|
134
|
-
error_uri: typeof
|
|
135
|
-
?
|
|
141
|
+
error_uri: typeof errorUri === "string"
|
|
142
|
+
? errorUri
|
|
136
143
|
: undefined,
|
|
137
144
|
};
|
|
138
145
|
}
|
|
146
|
+
function getOwnEntry(record, key) {
|
|
147
|
+
return Object.prototype.hasOwnProperty.call(record, key) ? record[key] : undefined;
|
|
148
|
+
}
|
|
139
149
|
function createFallbackOAuthError(status) {
|
|
140
150
|
const error = status === 503 ? "temporarily_unavailable" : "server_error";
|
|
141
151
|
return new OAuthError({ error }, status);
|
|
@@ -26,6 +26,15 @@ function isObjectRecord(value) {
|
|
|
26
26
|
function isStringArray(value) {
|
|
27
27
|
return Array.isArray(value) && value.every((item) => typeof item === "string");
|
|
28
28
|
}
|
|
29
|
+
function getOwnEntry(record, key) {
|
|
30
|
+
return Object.prototype.hasOwnProperty.call(record, key)
|
|
31
|
+
? record[key]
|
|
32
|
+
: undefined;
|
|
33
|
+
}
|
|
34
|
+
function getOwnString(record, key) {
|
|
35
|
+
const value = getOwnEntry(record, key);
|
|
36
|
+
return typeof value === "string" ? value : undefined;
|
|
37
|
+
}
|
|
29
38
|
function toUrl(value, label) {
|
|
30
39
|
try {
|
|
31
40
|
return new URL(String(value));
|
|
@@ -58,10 +67,12 @@ function normalizeVerifiedAudience(value, expectedResource) {
|
|
|
58
67
|
return [normalizedAudience];
|
|
59
68
|
}
|
|
60
69
|
function parseScopes(payload) {
|
|
61
|
-
const
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
70
|
+
const scope = getOwnString(payload, "scope");
|
|
71
|
+
const scopes = getOwnEntry(payload, "scopes");
|
|
72
|
+
const raw = scope !== undefined
|
|
73
|
+
? scope
|
|
74
|
+
: typeof scopes === "string"
|
|
75
|
+
? scopes
|
|
65
76
|
: null;
|
|
66
77
|
if (raw !== null) {
|
|
67
78
|
return raw
|
|
@@ -69,24 +80,28 @@ function parseScopes(payload) {
|
|
|
69
80
|
.map((scope) => scope.trim())
|
|
70
81
|
.filter((scope) => scope.length > 0);
|
|
71
82
|
}
|
|
72
|
-
return isStringArray(
|
|
83
|
+
return isStringArray(scopes) ? [...scopes] : [];
|
|
73
84
|
}
|
|
74
|
-
function toVerifiedAccessToken(token, payload, audience = normalizeAudience(payload
|
|
85
|
+
function toVerifiedAccessToken(token, payload, audience = normalizeAudience(getOwnEntry(payload, "aud"))) {
|
|
86
|
+
const issuer = getOwnString(payload, "iss");
|
|
87
|
+
const expiresAt = getOwnEntry(payload, "exp");
|
|
88
|
+
const subject = getOwnString(payload, "sub");
|
|
89
|
+
const clientId = getOwnString(payload, "client_id");
|
|
75
90
|
return {
|
|
76
91
|
token,
|
|
77
|
-
issuer:
|
|
92
|
+
issuer: issuer ?? "",
|
|
78
93
|
audience,
|
|
79
94
|
scopes: parseScopes(payload),
|
|
80
|
-
expiresAt: typeof
|
|
95
|
+
expiresAt: typeof expiresAt === "number" ? expiresAt : 0,
|
|
81
96
|
claims: { ...payload },
|
|
82
|
-
...(
|
|
97
|
+
...(subject !== undefined
|
|
83
98
|
? {
|
|
84
|
-
subject
|
|
99
|
+
subject,
|
|
85
100
|
}
|
|
86
101
|
: {}),
|
|
87
|
-
...(
|
|
102
|
+
...(clientId !== undefined
|
|
88
103
|
? {
|
|
89
|
-
clientId
|
|
104
|
+
clientId,
|
|
90
105
|
}
|
|
91
106
|
: {}),
|
|
92
107
|
};
|
|
@@ -151,14 +166,15 @@ async function loadJwks(jwksUrl, fetchImplementation) {
|
|
|
151
166
|
throw createInvalidTokenError(`unable to load JWKS (${response.status})`);
|
|
152
167
|
}
|
|
153
168
|
const payload = (await response.json());
|
|
154
|
-
|
|
169
|
+
const keys = isObjectRecord(payload) ? getOwnEntry(payload, "keys") : undefined;
|
|
170
|
+
if (!isObjectRecord(payload) || !Array.isArray(keys)) {
|
|
155
171
|
throw createInvalidTokenError("invalid JWKS document");
|
|
156
172
|
}
|
|
157
|
-
return payload;
|
|
173
|
+
return { ...payload, keys };
|
|
158
174
|
}
|
|
159
175
|
function resolveAlgorithm(token, allowedAlgorithms) {
|
|
160
176
|
const header = decodeProtectedHeader(token);
|
|
161
|
-
const alg = header
|
|
177
|
+
const alg = getOwnString(header, "alg");
|
|
162
178
|
if (hasCriticalHeaderClaims(header)) {
|
|
163
179
|
throw createInvalidTokenError("unsupported critical token claims");
|
|
164
180
|
}
|
|
@@ -171,19 +187,24 @@ function resolveAlgorithm(token, allowedAlgorithms) {
|
|
|
171
187
|
return alg;
|
|
172
188
|
}
|
|
173
189
|
function hasCriticalHeaderClaims(header) {
|
|
174
|
-
|
|
190
|
+
const criticalClaims = getOwnEntry(header, "crit");
|
|
191
|
+
return Array.isArray(criticalClaims) && criticalClaims.length > 0;
|
|
175
192
|
}
|
|
176
193
|
function isVerificationCandidate(key, alg, kid) {
|
|
177
|
-
|
|
194
|
+
const keyId = getOwnString(key, "kid");
|
|
195
|
+
const keyAlgorithm = getOwnString(key, "alg");
|
|
196
|
+
const keyUse = getOwnString(key, "use");
|
|
197
|
+
const keyOps = getOwnEntry(key, "key_ops");
|
|
198
|
+
if (kid !== undefined && keyId !== kid) {
|
|
178
199
|
return false;
|
|
179
200
|
}
|
|
180
|
-
if (
|
|
201
|
+
if (keyAlgorithm !== undefined && keyAlgorithm !== alg) {
|
|
181
202
|
return false;
|
|
182
203
|
}
|
|
183
|
-
if (
|
|
204
|
+
if (keyUse !== undefined && keyUse !== "sig") {
|
|
184
205
|
return false;
|
|
185
206
|
}
|
|
186
|
-
if (Array.isArray(
|
|
207
|
+
if (Array.isArray(keyOps) && !keyOps.includes("verify")) {
|
|
187
208
|
return false;
|
|
188
209
|
}
|
|
189
210
|
return true;
|
|
@@ -193,7 +214,7 @@ function shouldContinueWithNextKey(error) {
|
|
|
193
214
|
}
|
|
194
215
|
async function verifyJwtAgainstJwks(input) {
|
|
195
216
|
const protectedHeader = decodeProtectedHeader(input.token);
|
|
196
|
-
const kid =
|
|
217
|
+
const kid = getOwnString(protectedHeader, "kid");
|
|
197
218
|
const candidateKeys = input.jwks.keys.filter((key) => isVerificationCandidate(key, input.alg, kid));
|
|
198
219
|
if (candidateKeys.length === 0) {
|
|
199
220
|
throw createInvalidTokenError("token signature invalid");
|
|
@@ -239,7 +260,7 @@ export function createJwksTokenVerifier(options) {
|
|
|
239
260
|
authorizationServers: input.authorizationServers,
|
|
240
261
|
clockSkewSeconds,
|
|
241
262
|
});
|
|
242
|
-
const audience = normalizeVerifiedAudience(verified.payload
|
|
263
|
+
const audience = normalizeVerifiedAudience(getOwnEntry(verified.payload, "aud"), expectedResource);
|
|
243
264
|
const accessToken = toVerifiedAccessToken(input.token, verified.payload, audience);
|
|
244
265
|
if (input.requiredScopes.length > 0
|
|
245
266
|
&& !input.requiredScopes.every((scope) => accessToken.scopes.includes(scope))) {
|
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
# toolcraft-design
|
|
2
|
+
|
|
3
|
+
Shared terminal design system for Toolcraft applications. It provides design tokens, ANSI-aware text and layout components, interactive prompts, dashboards, explorers, terminal Markdown rendering, and deterministic static renderers from one package.
|
|
4
|
+
|
|
5
|
+
## Install
|
|
6
|
+
|
|
7
|
+
```sh
|
|
8
|
+
npm install toolcraft-design
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
Import from the package root:
|
|
12
|
+
|
|
13
|
+
```ts
|
|
14
|
+
import { configureTheme, promptText, renderMarkdown, renderTable, text } from "toolcraft-design";
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
The package does not expose public subpath imports.
|
|
18
|
+
|
|
19
|
+
## Public API
|
|
20
|
+
|
|
21
|
+
### Tokens
|
|
22
|
+
|
|
23
|
+
- `tokens`: namespace containing the token exports.
|
|
24
|
+
- `brand`: the default purple brand color.
|
|
25
|
+
- `dark`, `light`: built-in purple `ThemePalette` values.
|
|
26
|
+
- `brands`: mutable registry of available brands.
|
|
27
|
+
- `spacing`, `typography`, `widths`: shared design token collections.
|
|
28
|
+
- Types: `Brand`, `ThemeName`, `ThemePalette`.
|
|
29
|
+
|
|
30
|
+
### Components
|
|
31
|
+
|
|
32
|
+
- `text`, `color`, `symbols`: text styles, color helpers, and terminal symbols.
|
|
33
|
+
- `createLogger`, `logger`: styled logger creation and the default logger.
|
|
34
|
+
- `helpFormatter`, `helpFormatterPlain`: styled and plain help formatting APIs.
|
|
35
|
+
- `formatColumns`, `formatCommand`, `formatUsage`, `formatOption`, `formatCommandList`, `formatOptionList`: individual help-formatting functions.
|
|
36
|
+
- `formatCommandNotFound`, `formatCommandNotFoundPanel`: command error rendering.
|
|
37
|
+
- `renderTable`, `renderDetailCard`: tabular and detail-card rendering.
|
|
38
|
+
- `getTemplatePartialNames`, `renderTemplate`, `resolveTemplatePartials`: template rendering utilities.
|
|
39
|
+
- `openExternal`: opens a URL or file with the platform browser command.
|
|
40
|
+
- Types: `Color`, `LoggerOutput`, `CommandInfo`, `OptionInfo`, `FormatColumnsOptions`, `TableColumn`, `RenderTableOptions`, `DetailCardRow`, `DetailCardSection`, `RenderDetailCardOptions`, `RenderTemplateOptions`, `TemplateEscape`.
|
|
41
|
+
|
|
42
|
+
### Prompts
|
|
43
|
+
|
|
44
|
+
- `prompts`: namespace containing the prompt exports.
|
|
45
|
+
- `intro`, `introPlain`, `outro`, `note`: prompt flow presentation.
|
|
46
|
+
- `select`, `multiselect`, `promptText`, `confirm`, `confirmOrCancel`, `password`: interactive inputs. The prompt text function is exported as `promptText` at the package root and as `text` on `prompts`.
|
|
47
|
+
- `spinner`, `withSpinner`: spinner APIs.
|
|
48
|
+
- `isCancel`, `cancel`, `log`, `PromptCancelledError`: cancellation and prompt logging utilities.
|
|
49
|
+
- `promptTheme`: the brand-aware prompt theme.
|
|
50
|
+
- Types: `SelectOptions`, `MultiselectOptions`, `TextOptions`, `ConfirmOptions`, `PasswordOptions`, `SpinnerOptions`, `WithSpinnerOptions`.
|
|
51
|
+
|
|
52
|
+
### Dashboard
|
|
53
|
+
|
|
54
|
+
- `dashboard`: namespace containing the complete dashboard API.
|
|
55
|
+
- `createDashboard`, `shouldUseInteractiveDashboard`: root-level dashboard exports.
|
|
56
|
+
- Root-level types: `Dashboard`, `DashboardOptions`.
|
|
57
|
+
- The namespace also exports `renderDashboardSnapshot`, `defaultHints`, and the dashboard snapshot, state, output, command, statistics, and footer-hint types.
|
|
58
|
+
|
|
59
|
+
### Explorer
|
|
60
|
+
|
|
61
|
+
- `explorer`: namespace containing the complete explorer API.
|
|
62
|
+
- `runExplorer`, `singleDetail`: root-level explorer exports.
|
|
63
|
+
- Root-level types: `Row`, `DetailItem`, `Detail`, `DetailCtx`, `Action`, `ActionContext`, `ExplorerConfig`, `ReorderContext`, `Tone`.
|
|
64
|
+
- The namespace also exports `createInitialState`, `resolveBindings`, and the remaining explorer event, binding, layout, size, state, and effect types.
|
|
65
|
+
|
|
66
|
+
### Terminal Markdown
|
|
67
|
+
|
|
68
|
+
- `parse`: parses Markdown into `MdNode` values.
|
|
69
|
+
- `render`: renders parsed Markdown nodes for the terminal.
|
|
70
|
+
- `renderMarkdown`: parses and renders a Markdown string.
|
|
71
|
+
- Types: `MdNode`, `RenderOptions`.
|
|
72
|
+
|
|
73
|
+
### Static Rendering
|
|
74
|
+
|
|
75
|
+
- `staticRender`: namespace containing the static rendering exports.
|
|
76
|
+
- `SPINNER_FRAMES`, `renderSpinnerFrame`, `renderSpinnerStopped`: deterministic spinner rendering.
|
|
77
|
+
- `renderMenu`: deterministic menu rendering.
|
|
78
|
+
- Types: `SpinnerFrameOptions`, `SpinnerStoppedOptions`, `MenuOption`, `RenderMenuOptions`.
|
|
79
|
+
|
|
80
|
+
### ACP Rendering
|
|
81
|
+
|
|
82
|
+
- `acp`: namespace containing `renderAgentMessage`, `renderToolStart`, `renderToolComplete`, `renderReasoning`, `renderUsage`, `renderError`, `getAcpWriter`, and `withAcpWriter`.
|
|
83
|
+
- Namespace type: `AcpLineWriter`.
|
|
84
|
+
|
|
85
|
+
### Advanced Utilities
|
|
86
|
+
|
|
87
|
+
- `getTheme`, `resolveThemeName`, `resetThemeCache`: theme resolution and cache control.
|
|
88
|
+
- `configureTheme`, `getThemeConfig`, `resetTheme`: brand and label configuration.
|
|
89
|
+
- `resolveOutputFormat`, `resetOutputFormatCache`, `withOutputFormat`: terminal, Markdown, or JSON output-format selection.
|
|
90
|
+
- Types: `ThemeEnv`, `OutputFormat`.
|
|
91
|
+
|
|
92
|
+
## Brand Theme
|
|
93
|
+
|
|
94
|
+
The default configuration is `{ brand: "purple", label: "Poe" }`. Configure the package before producing design-system output:
|
|
95
|
+
|
|
96
|
+
```ts
|
|
97
|
+
import { configureTheme, getThemeConfig, resetTheme } from "toolcraft-design";
|
|
98
|
+
|
|
99
|
+
configureTheme({ brand: "blue", label: "Toolcraft" });
|
|
100
|
+
|
|
101
|
+
console.log(getThemeConfig());
|
|
102
|
+
// { brand: "blue", label: "Toolcraft" }
|
|
103
|
+
|
|
104
|
+
resetTheme();
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
`configureTheme` accepts either or both fields and merges them into the current configuration. It throws for an unknown brand. `getThemeConfig` returns a copy of the current configuration, and `resetTheme` restores the purple `Poe` defaults.
|
|
108
|
+
|
|
109
|
+
The built-in brands are:
|
|
110
|
+
|
|
111
|
+
- `purple`: `#a200ff`
|
|
112
|
+
- `blue`: `#2f6fed`
|
|
113
|
+
- `green`: `#1f9d57`
|
|
114
|
+
|
|
115
|
+
Register another brand by adding a `Brand` to the exported `brands` registry before selecting it:
|
|
116
|
+
|
|
117
|
+
```ts
|
|
118
|
+
import { brands, configureTheme, type Brand } from "toolcraft-design";
|
|
119
|
+
|
|
120
|
+
const orange: Brand = {
|
|
121
|
+
name: "orange",
|
|
122
|
+
primary: "#f97316"
|
|
123
|
+
};
|
|
124
|
+
|
|
125
|
+
brands.orange = orange;
|
|
126
|
+
configureTheme({ brand: "orange", label: "My CLI" });
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
The registry key and `Brand.name` should match. Brand primary colors are CSS-style hex strings used to build light and dark terminal palettes.
|
|
130
|
+
|
|
131
|
+
## Environment Variables
|
|
132
|
+
|
|
133
|
+
### Theme and Brand
|
|
134
|
+
|
|
135
|
+
- `POE_CODE_THEME`: forces the rendering mode when set to `light` or `dark`. It takes precedence over `POE_THEME` and automatic terminal theme detection.
|
|
136
|
+
- `POE_THEME`: legacy light/dark override used when `POE_CODE_THEME` is not set to a valid mode.
|
|
137
|
+
- `POE_BRAND`: debug-only built-in or registered brand override. An explicit `configureTheme({ brand })` call takes precedence. Unknown values are ignored.
|
|
138
|
+
- `APPLE_INTERFACE_STYLE`: automatic macOS theme hint used when no valid explicit light/dark override is present.
|
|
139
|
+
- `VSCODE_COLOR_THEME_KIND`: automatic VS Code theme hint used after the macOS hint.
|
|
140
|
+
- `COLORFGBG`: terminal foreground/background hint used after the macOS and VS Code hints. Rendering defaults to dark when no hint resolves a mode.
|
|
141
|
+
|
|
142
|
+
### Output and Color
|
|
143
|
+
|
|
144
|
+
- `OUTPUT_FORMAT`: selects `terminal`, `markdown`, or `json` output for components that use the output-format resolver. Invalid or missing values default to `terminal`.
|
|
145
|
+
- `FORCE_COLOR`: enables color when present and not `0`, taking precedence over `NO_COLOR`.
|
|
146
|
+
- `NO_COLOR`: disables color when `FORCE_COLOR` does not enable it.
|
|
147
|
+
- `TERM`: participates in color support detection; an unset or `dumb` terminal disables color unless forced.
|
|
148
|
+
- `POE_NO_SPINNER`: uses non-animated spinner behavior when set to `1`.
|