toolcraft 0.0.26 → 0.0.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (243) hide show
  1. package/dist/cli.compile-check.js +7 -1
  2. package/dist/cli.d.ts +9 -1
  3. package/dist/cli.js +134 -62
  4. package/dist/design.d.ts +1 -0
  5. package/dist/design.js +1 -0
  6. package/dist/error-codes.d.ts +1 -0
  7. package/dist/error-codes.js +6 -0
  8. package/dist/error-report.js +99 -29
  9. package/dist/human-in-loop/approvals-commands.js +2 -1
  10. package/dist/human-in-loop/runner.js +2 -2
  11. package/dist/index.d.ts +6 -2
  12. package/dist/json-schema-converter.js +12 -1
  13. package/dist/mcp-proxy.js +26 -9
  14. package/dist/mcp.js +55 -4
  15. package/dist/renderer.js +1 -1
  16. package/dist/schema-scope.js +22 -1
  17. package/dist/sdk.js +51 -3
  18. package/dist/source-snippet.js +1 -1
  19. package/node_modules/@poe-code/agent-defs/dist/agents/claude-code.js +5 -0
  20. package/node_modules/@poe-code/agent-defs/dist/agents/codex.js +10 -0
  21. package/node_modules/@poe-code/agent-defs/dist/agents/cursor.d.ts +2 -0
  22. package/node_modules/@poe-code/agent-defs/dist/agents/cursor.js +15 -0
  23. package/node_modules/@poe-code/agent-defs/dist/agents/goose.js +1 -0
  24. package/node_modules/@poe-code/agent-defs/dist/agents/index.d.ts +1 -0
  25. package/node_modules/@poe-code/agent-defs/dist/agents/index.js +1 -0
  26. package/node_modules/@poe-code/agent-defs/dist/agents/opencode.js +5 -0
  27. package/node_modules/@poe-code/agent-defs/dist/index.d.ts +2 -2
  28. package/node_modules/@poe-code/agent-defs/dist/index.js +1 -1
  29. package/node_modules/@poe-code/agent-defs/dist/registry.js +8 -1
  30. package/node_modules/@poe-code/agent-defs/dist/specifier.js +7 -3
  31. package/node_modules/@poe-code/agent-defs/dist/types.d.ts +5 -0
  32. package/node_modules/@poe-code/agent-human-in-loop/dist/providers/osascript.js +7 -1
  33. package/node_modules/@poe-code/agent-mcp-config/dist/configs.js +6 -0
  34. package/node_modules/@poe-code/config-mutations/dist/error-codes.d.ts +1 -0
  35. package/node_modules/@poe-code/config-mutations/dist/error-codes.js +6 -0
  36. package/node_modules/@poe-code/config-mutations/dist/execution/apply-mutation.js +25 -15
  37. package/node_modules/@poe-code/config-mutations/dist/formats/json.js +1 -1
  38. package/node_modules/@poe-code/config-mutations/dist/formats/toml.js +1 -1
  39. package/node_modules/@poe-code/config-mutations/dist/formats/yaml.js +1 -1
  40. package/node_modules/@poe-code/config-mutations/dist/fs-utils.js +2 -4
  41. package/node_modules/@poe-code/config-mutations/dist/template/render.js +1 -1
  42. package/node_modules/@poe-code/config-mutations/package.json +1 -1
  43. package/node_modules/@poe-code/process-runner/dist/host/host-execution-env.js +18 -5
  44. package/node_modules/@poe-code/process-runner/dist/host/host-runner.js +38 -4
  45. package/node_modules/@poe-code/process-runner/dist/workspace-transfer.js +8 -2
  46. package/node_modules/@poe-code/task-list/dist/backends/gh-issues-sync.js +18 -7
  47. package/node_modules/@poe-code/task-list/dist/backends/markdown-dir.js +13 -6
  48. package/node_modules/@poe-code/task-list/dist/backends/utils.js +15 -10
  49. package/node_modules/@poe-code/task-list/dist/backends/yaml-file.js +39 -22
  50. package/node_modules/@poe-code/task-list/dist/move.js +4 -1
  51. package/node_modules/@poe-code/task-list/dist/open.js +42 -20
  52. package/node_modules/@poe-code/task-list/dist/state-machine.js +8 -5
  53. package/node_modules/auth-store/dist/create-secret-store.js +6 -1
  54. package/node_modules/auth-store/dist/encrypted-file-store.d.ts +1 -1
  55. package/node_modules/auth-store/dist/encrypted-file-store.js +32 -28
  56. package/node_modules/auth-store/dist/error-codes.d.ts +1 -0
  57. package/node_modules/auth-store/dist/error-codes.js +5 -0
  58. package/node_modules/auth-store/dist/keychain-store.js +23 -8
  59. package/node_modules/mcp-oauth/dist/client/auth-store-session-store.js +17 -5
  60. package/node_modules/mcp-oauth/dist/client/authorization-state.js +21 -8
  61. package/node_modules/mcp-oauth/dist/client/default-oauth-client-provider.js +128 -55
  62. package/node_modules/mcp-oauth/dist/client/token-endpoint.js +27 -17
  63. package/node_modules/mcp-oauth/dist/server/jwks-token-verifier.js +43 -22
  64. package/node_modules/toolcraft-design/README.md +148 -0
  65. package/node_modules/toolcraft-design/dist/components/catalog.d.ts +26 -0
  66. package/node_modules/toolcraft-design/dist/components/catalog.js +94 -0
  67. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/index.d.ts +2 -0
  68. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/index.js +1 -0
  69. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/footer.js +1 -2
  70. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/output-pane.js +16 -19
  71. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/stats-pane.js +1 -15
  72. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/demo.js +2 -2
  73. package/node_modules/toolcraft-design/dist/explorer/theme.js +29 -0
  74. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/index.d.ts +7 -1
  75. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/index.js +4 -0
  76. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/theme-detect.d.ts +1 -0
  77. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/theme-detect.js +28 -6
  78. package/node_modules/toolcraft-design/dist/internal/theme-state.d.ts +12 -0
  79. package/node_modules/toolcraft-design/dist/internal/theme-state.js +35 -0
  80. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/theme.d.ts +1 -1
  81. package/node_modules/toolcraft-design/dist/prompts/theme.js +15 -0
  82. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/frontmatter.js +50 -0
  83. package/node_modules/toolcraft-design/dist/tokens/brand.d.ts +5 -0
  84. package/node_modules/toolcraft-design/dist/tokens/brand.js +5 -0
  85. package/node_modules/toolcraft-design/dist/tokens/colors.d.ts +37 -0
  86. package/node_modules/toolcraft-design/dist/tokens/colors.js +85 -0
  87. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/index.d.ts +2 -0
  88. package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/index.js +1 -0
  89. package/node_modules/toolcraft-design/package.json +42 -0
  90. package/package.json +10 -6
  91. package/node_modules/@poe-code/design-system/dist/explorer/theme.js +0 -97
  92. package/node_modules/@poe-code/design-system/dist/prompts/theme.js +0 -12
  93. package/node_modules/@poe-code/design-system/dist/tokens/colors.d.ts +0 -35
  94. package/node_modules/@poe-code/design-system/dist/tokens/colors.js +0 -34
  95. package/node_modules/@poe-code/design-system/package.json +0 -29
  96. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/components.d.ts +0 -0
  97. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/components.js +0 -0
  98. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/index.d.ts +0 -0
  99. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/index.js +0 -0
  100. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/writer.d.ts +0 -0
  101. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/acp/writer.js +0 -0
  102. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/browser.d.ts +0 -0
  103. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/browser.js +0 -0
  104. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/color.d.ts +0 -0
  105. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/color.js +0 -0
  106. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/command-errors.d.ts +0 -0
  107. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/command-errors.js +0 -0
  108. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/detail-card.d.ts +0 -0
  109. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/detail-card.js +0 -0
  110. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter-plain.d.ts +0 -0
  111. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter-plain.js +0 -0
  112. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter.d.ts +0 -0
  113. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/help-formatter.js +0 -0
  114. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/logger.d.ts +0 -0
  115. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/logger.js +0 -0
  116. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/symbols.d.ts +0 -0
  117. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/symbols.js +0 -0
  118. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/table.d.ts +0 -0
  119. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/table.js +0 -0
  120. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/template.d.ts +0 -0
  121. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/template.js +0 -0
  122. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/text.d.ts +0 -0
  123. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/components/text.js +0 -0
  124. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/ansi.d.ts +0 -0
  125. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/ansi.js +0 -0
  126. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/buffer.d.ts +0 -0
  127. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/buffer.js +0 -0
  128. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/border.d.ts +0 -0
  129. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/border.js +0 -0
  130. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/footer.d.ts +0 -0
  131. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/output-pane.d.ts +0 -0
  132. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/components/stats-pane.d.ts +0 -0
  133. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/dashboard.d.ts +0 -0
  134. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/dashboard.js +0 -0
  135. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/demo.d.ts +0 -0
  136. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/demo.js +0 -0
  137. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/index.d.ts +0 -0
  138. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/index.js +0 -0
  139. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/keymap.d.ts +0 -0
  140. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/keymap.js +0 -0
  141. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/layout.d.ts +0 -0
  142. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/layout.js +0 -0
  143. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/should-use-dashboard.d.ts +0 -0
  144. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/should-use-dashboard.js +0 -0
  145. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/snapshot.d.ts +0 -0
  146. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/snapshot.js +0 -0
  147. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/store.d.ts +0 -0
  148. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/store.js +0 -0
  149. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal-width.d.ts +0 -0
  150. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal-width.js +0 -0
  151. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal.d.ts +0 -0
  152. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/terminal.js +0 -0
  153. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/types.d.ts +0 -0
  154. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/dashboard/types.js +0 -0
  155. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/actions.d.ts +0 -0
  156. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/actions.js +0 -0
  157. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/demo.d.ts +0 -0
  158. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/events.d.ts +0 -0
  159. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/events.js +0 -0
  160. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/filter.d.ts +0 -0
  161. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/filter.js +0 -0
  162. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/index.d.ts +0 -0
  163. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/index.js +0 -0
  164. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/jobs.d.ts +0 -0
  165. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/jobs.js +0 -0
  166. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/keymap.d.ts +0 -0
  167. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/keymap.js +0 -0
  168. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/layout.d.ts +0 -0
  169. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/layout.js +0 -0
  170. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/reducer.d.ts +0 -0
  171. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/reducer.js +0 -0
  172. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/detail.d.ts +0 -0
  173. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/detail.js +0 -0
  174. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/footer.d.ts +0 -0
  175. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/footer.js +0 -0
  176. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/header.d.ts +0 -0
  177. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/header.js +0 -0
  178. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/index.d.ts +0 -0
  179. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/index.js +0 -0
  180. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/list.d.ts +0 -0
  181. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/list.js +0 -0
  182. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/modal.d.ts +0 -0
  183. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/modal.js +0 -0
  184. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/test-fixtures.d.ts +0 -0
  185. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/test-fixtures.js +0 -0
  186. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/text.d.ts +0 -0
  187. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/render/text.js +0 -0
  188. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.d.ts +0 -0
  189. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.js +0 -0
  190. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.test-helpers.d.ts +0 -0
  191. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/runtime.test-helpers.js +0 -0
  192. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/state.d.ts +0 -0
  193. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/state.js +0 -0
  194. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/explorer/theme.d.ts +0 -0
  195. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/color-support.d.ts +0 -0
  196. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/color-support.js +0 -0
  197. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/output-format.d.ts +0 -0
  198. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/output-format.js +0 -0
  199. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/strip-ansi.d.ts +0 -0
  200. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/internal/strip-ansi.js +0 -0
  201. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/index.d.ts +0 -0
  202. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/index.js +0 -0
  203. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/cancel.d.ts +0 -0
  204. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/cancel.js +0 -0
  205. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/intro.d.ts +0 -0
  206. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/intro.js +0 -0
  207. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/log.d.ts +0 -0
  208. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/log.js +0 -0
  209. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/note.d.ts +0 -0
  210. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/note.js +0 -0
  211. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/outro.d.ts +0 -0
  212. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/outro.js +0 -0
  213. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/spinner.d.ts +0 -0
  214. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/prompts/primitives/spinner.js +0 -0
  215. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/index.d.ts +0 -0
  216. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/index.js +0 -0
  217. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/menu.d.ts +0 -0
  218. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/menu.js +0 -0
  219. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/spinner.d.ts +0 -0
  220. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/static/spinner.js +0 -0
  221. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/ast.d.ts +0 -0
  222. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/ast.js +0 -0
  223. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/demo-content.d.ts +0 -0
  224. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/demo-content.js +0 -0
  225. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/index.d.ts +0 -0
  226. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/index.js +0 -0
  227. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/block.d.ts +0 -0
  228. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/block.js +0 -0
  229. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/frontmatter.d.ts +0 -0
  230. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/inline.d.ts +0 -0
  231. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser/inline.js +0 -0
  232. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser.d.ts +0 -0
  233. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/parser.js +0 -0
  234. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/renderer.d.ts +0 -0
  235. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/renderer.js +0 -0
  236. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/testing/theme-render-fixture.d.ts +0 -0
  237. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/terminal-markdown/testing/theme-render-fixture.js +0 -0
  238. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/spacing.d.ts +0 -0
  239. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/spacing.js +0 -0
  240. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/typography.d.ts +0 -0
  241. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/typography.js +0 -0
  242. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/widths.d.ts +0 -0
  243. /package/node_modules/{@poe-code/design-system → toolcraft-design}/dist/tokens/widths.js +0 -0
@@ -98,7 +98,7 @@ export function createDefaultOAuthClientProvider(options) {
98
98
  while (true) {
99
99
  try {
100
100
  refreshedTokens = await refreshAccessToken({
101
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
101
+ tokenEndpoint: requireOwnString(discovery.authorizationServerMetadata, "token_endpoint", "Authorization server metadata"),
102
102
  clientId: session.client.clientId,
103
103
  clientSecret: session.client.clientSecret,
104
104
  refreshToken: session.tokens.refreshToken,
@@ -184,7 +184,7 @@ export function createDefaultOAuthClientProvider(options) {
184
184
  });
185
185
  const code = await loopback.waitForCode(authorizationUrl);
186
186
  const tokens = await exchangeAuthorizationCode({
187
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
187
+ tokenEndpoint: requireOwnString(discovery.authorizationServerMetadata, "token_endpoint", "Authorization server metadata"),
188
188
  clientId: resolvedClient.client.clientId,
189
189
  clientSecret: resolvedClient.client.clientSecret,
190
190
  code,
@@ -239,7 +239,7 @@ export function createDefaultOAuthClientProvider(options) {
239
239
  },
240
240
  };
241
241
  }
242
- const registrationEndpoint = discovery.authorizationServerMetadata.registration_endpoint;
242
+ const registrationEndpoint = getOwnString(discovery.authorizationServerMetadata, "registration_endpoint");
243
243
  if (registrationEndpoint === undefined && options.client.clientId !== undefined) {
244
244
  return {
245
245
  kind: "static",
@@ -290,14 +290,16 @@ export function createDefaultOAuthClientProvider(options) {
290
290
  body: JSON.stringify(registrationBody),
291
291
  });
292
292
  const payload = await readOAuthJsonObjectResponse(response);
293
- if (typeof payload.client_id !== "string" ||
294
- payload.client_id.trim().length === 0) {
293
+ const clientId = getOwnString(payload, "client_id");
294
+ if (clientId === undefined ||
295
+ clientId.trim().length === 0) {
295
296
  throw new Error("OAuth client registration response missing client_id");
296
297
  }
298
+ const clientSecret = getOwnString(payload, "client_secret");
297
299
  const registeredClient = {
298
- clientId: payload.client_id,
299
- clientSecret: typeof payload.client_secret === "string" && payload.client_secret.length > 0
300
- ? payload.client_secret
300
+ clientId,
301
+ clientSecret: clientSecret !== undefined && clientSecret.length > 0
302
+ ? clientSecret
301
303
  : undefined,
302
304
  };
303
305
  await saveRegisteredClient(discovery.authorizationServer, registeredClient);
@@ -324,12 +326,13 @@ export function createDefaultOAuthClientProvider(options) {
324
326
  return null;
325
327
  }
326
328
  const client = await clientStore.load(issuer);
327
- if (client !== null && !isUsableClient(client)) {
329
+ const normalizedClient = client === null ? null : normalizeStoredClient(client);
330
+ if (client !== null && normalizedClient === null) {
328
331
  await clientStore.clear(issuer);
329
332
  return null;
330
333
  }
331
- registeredClients.set(issuer, client);
332
- return client;
334
+ registeredClients.set(issuer, normalizedClient);
335
+ return normalizedClient;
333
336
  }
334
337
  async function saveRegisteredClient(issuer, client) {
335
338
  registeredClients.set(issuer, client);
@@ -345,7 +348,7 @@ export function createDefaultOAuthClientProvider(options) {
345
348
  }
346
349
  }
347
350
  function isProviderOptions(options) {
348
- return "provider" in options;
351
+ return Object.prototype.hasOwnProperty.call(options, "provider");
349
352
  }
350
353
  function isExpired(tokens, now) {
351
354
  return tokens.expiresAt !== null && tokens.expiresAt <= now();
@@ -361,11 +364,15 @@ function resolveDiscovery(discovery, session) {
361
364
  return undefined;
362
365
  }
363
366
  const metadata = session.discovery.authorizationServerMetadata;
364
- if (typeof metadata.issuer !== "string" ||
365
- typeof metadata.authorization_endpoint !== "string" ||
366
- typeof metadata.token_endpoint !== "string" ||
367
- !Array.isArray(metadata.code_challenge_methods_supported) ||
368
- !metadata.code_challenge_methods_supported.includes("S256")) {
367
+ const issuer = getOwnString(metadata, "issuer");
368
+ const authorizationEndpoint = getOwnString(metadata, "authorization_endpoint");
369
+ const tokenEndpoint = getOwnString(metadata, "token_endpoint");
370
+ const codeChallengeMethodsSupported = getOwnStringArray(metadata, "code_challenge_methods_supported");
371
+ if (issuer === undefined ||
372
+ authorizationEndpoint === undefined ||
373
+ tokenEndpoint === undefined ||
374
+ codeChallengeMethodsSupported === undefined ||
375
+ !codeChallengeMethodsSupported.includes("S256")) {
369
376
  return undefined;
370
377
  }
371
378
  return {
@@ -389,39 +396,96 @@ function normalizeLoadedSession(session) {
389
396
  if (session === null) {
390
397
  return null;
391
398
  }
392
- if (!isUsableClient(session.client)) {
399
+ const client = normalizeStoredClient(getOwnEntry(session, "client"));
400
+ if (client === null) {
393
401
  return { ...session, client: { clientId: "" }, tokens: undefined };
394
402
  }
395
- return isUsableTokens(session.tokens)
396
- ? session
397
- : { ...session, tokens: undefined };
403
+ return {
404
+ ...session,
405
+ client,
406
+ tokens: normalizeStoredTokens(getOwnEntry(session, "tokens")),
407
+ };
398
408
  }
399
- function isUsableClient(client) {
400
- return (typeof client.clientId === "string"
401
- && client.clientId.trim().length > 0
402
- && (client.clientSecret === undefined
403
- || (typeof client.clientSecret === "string" && client.clientSecret.trim().length > 0)));
409
+ function normalizeStoredClient(value) {
410
+ if (!isObjectRecord(value)) {
411
+ return null;
412
+ }
413
+ const clientId = getOwnString(value, "clientId");
414
+ if (clientId === undefined || clientId.trim().length === 0) {
415
+ return null;
416
+ }
417
+ const clientSecret = getOwnEntry(value, "clientSecret");
418
+ if (clientSecret === undefined) {
419
+ return { clientId };
420
+ }
421
+ if (typeof clientSecret !== "string" || clientSecret.trim().length === 0) {
422
+ return null;
423
+ }
424
+ return { clientId, clientSecret };
404
425
  }
405
- function isUsableTokens(tokens) {
406
- if (tokens === undefined) {
407
- return true;
408
- }
409
- return (typeof tokens.accessToken === "string"
410
- && tokens.accessToken.trim().length > 0
411
- && tokens.tokenType === "Bearer"
412
- && (tokens.expiresAt === null || (typeof tokens.expiresAt === "number" && Number.isFinite(tokens.expiresAt)))
413
- && (tokens.refreshToken === undefined
414
- || (typeof tokens.refreshToken === "string" && tokens.refreshToken.trim().length > 0)));
426
+ function normalizeStoredTokens(value) {
427
+ if (value === undefined || !isObjectRecord(value)) {
428
+ return undefined;
429
+ }
430
+ const accessToken = getOwnString(value, "accessToken");
431
+ const tokenType = getOwnString(value, "tokenType");
432
+ const expiresAt = getOwnEntry(value, "expiresAt");
433
+ const refreshToken = getOwnEntry(value, "refreshToken");
434
+ const scope = getOwnString(value, "scope");
435
+ const normalizedRefreshToken = typeof refreshToken === "string" ? refreshToken : undefined;
436
+ if (accessToken === undefined ||
437
+ accessToken.trim().length === 0 ||
438
+ tokenType !== "Bearer" ||
439
+ !(expiresAt === null ||
440
+ (typeof expiresAt === "number" && Number.isFinite(expiresAt))) ||
441
+ (refreshToken !== undefined &&
442
+ (typeof refreshToken !== "string" || refreshToken.trim().length === 0))) {
443
+ return undefined;
444
+ }
445
+ return {
446
+ accessToken,
447
+ tokenType,
448
+ expiresAt,
449
+ ...(normalizedRefreshToken === undefined ? {} : { refreshToken: normalizedRefreshToken }),
450
+ ...(scope === undefined || scope.length === 0 ? {} : { scope }),
451
+ };
415
452
  }
416
453
  function getClientMetadata(client) {
417
454
  return client.metadata;
418
455
  }
456
+ function getOwnEntry(record, key) {
457
+ return Object.prototype.hasOwnProperty.call(record, key)
458
+ ? record[key]
459
+ : undefined;
460
+ }
461
+ function isObjectRecord(value) {
462
+ return typeof value === "object" && value !== null && !Array.isArray(value);
463
+ }
464
+ function getOwnString(record, key) {
465
+ const value = getOwnEntry(record, key);
466
+ return typeof value === "string" ? value : undefined;
467
+ }
468
+ function requireOwnString(record, key, label) {
469
+ const value = getOwnString(record, key);
470
+ if (value === undefined) {
471
+ throw new Error(`${label} is missing ${key}`);
472
+ }
473
+ return value;
474
+ }
475
+ function getOwnStringArray(record, key) {
476
+ const value = getOwnEntry(record, key);
477
+ return Array.isArray(value) && value.every((entry) => typeof entry === "string")
478
+ ? value
479
+ : undefined;
480
+ }
419
481
  function buildAuthorizationUrl(input) {
420
- const url = new URL(input.metadata.authorization_endpoint);
482
+ const authorizationEndpoint = requireOwnString(input.metadata, "authorization_endpoint", "Authorization server metadata");
483
+ const issuer = requireOwnString(input.metadata, "issuer", "Authorization server metadata");
484
+ const url = new URL(authorizationEndpoint);
421
485
  const resource = canonicalizeResourceIndicator(input.resource);
422
486
  const state = createAuthorizationState({
423
- issuer: input.metadata.issuer,
424
- requireIssuer: input.metadata.authorization_response_iss_parameter_supported === true,
487
+ issuer,
488
+ requireIssuer: getOwnEntry(input.metadata, "authorization_response_iss_parameter_supported") === true,
425
489
  });
426
490
  url.searchParams.set("response_type", "code");
427
491
  url.searchParams.set("client_id", input.clientId);
@@ -436,7 +500,7 @@ function buildAuthorizationUrl(input) {
436
500
  return url.toString();
437
501
  }
438
502
  function assertS256PkceSupport(metadata) {
439
- if (!metadata.code_challenge_methods_supported.includes("S256")) {
503
+ if (!getOwnStringArray(metadata, "code_challenge_methods_supported")?.includes("S256")) {
440
504
  throw new Error("Authorization server metadata must advertise code_challenge_methods_supported including S256");
441
505
  }
442
506
  }
@@ -460,13 +524,16 @@ function assertSecureUrl(value, label) {
460
524
  throw new Error(`${label} must use https unless it targets a loopback host`);
461
525
  }
462
526
  function assertSecureOAuthFlowEndpoints(metadata) {
463
- assertNoAccessTokenInUrl(metadata.authorization_endpoint, "Authorization endpoint");
464
- assertNoAccessTokenInUrl(metadata.token_endpoint, "Token endpoint");
465
- assertSecureUrl(metadata.authorization_endpoint, "Authorization endpoint");
466
- assertSecureUrl(metadata.token_endpoint, "Token endpoint");
467
- if (metadata.registration_endpoint !== undefined) {
468
- assertNoAccessTokenInUrl(metadata.registration_endpoint, "Registration endpoint");
469
- assertSecureUrl(metadata.registration_endpoint, "Registration endpoint");
527
+ const authorizationEndpoint = requireOwnString(metadata, "authorization_endpoint", "Authorization server metadata");
528
+ const tokenEndpoint = requireOwnString(metadata, "token_endpoint", "Authorization server metadata");
529
+ const registrationEndpoint = getOwnString(metadata, "registration_endpoint");
530
+ assertNoAccessTokenInUrl(authorizationEndpoint, "Authorization endpoint");
531
+ assertNoAccessTokenInUrl(tokenEndpoint, "Token endpoint");
532
+ assertSecureUrl(authorizationEndpoint, "Authorization endpoint");
533
+ assertSecureUrl(tokenEndpoint, "Token endpoint");
534
+ if (registrationEndpoint !== undefined) {
535
+ assertNoAccessTokenInUrl(registrationEndpoint, "Registration endpoint");
536
+ assertSecureUrl(registrationEndpoint, "Registration endpoint");
470
537
  }
471
538
  }
472
539
  function assertNoAccessTokenInUrl(value, label) {
@@ -487,17 +554,23 @@ function buildClientRegistrationBody(metadata, redirectUri) {
487
554
  response_types: ["code"],
488
555
  token_endpoint_auth_method: "none",
489
556
  };
490
- if (metadata?.clientName !== undefined && metadata.clientName.length > 0) {
491
- body.client_name = metadata.clientName;
557
+ const clientName = metadata === undefined ? undefined : getOwnString(metadata, "clientName");
558
+ const scope = metadata === undefined ? undefined : getOwnString(metadata, "scope");
559
+ const softwareId = metadata === undefined ? undefined : getOwnString(metadata, "softwareId");
560
+ const softwareVersion = metadata === undefined
561
+ ? undefined
562
+ : getOwnString(metadata, "softwareVersion");
563
+ if (clientName !== undefined && clientName.length > 0) {
564
+ body.client_name = clientName;
492
565
  }
493
- if (metadata?.scope !== undefined && metadata.scope.length > 0) {
494
- body.scope = metadata.scope;
566
+ if (scope !== undefined && scope.length > 0) {
567
+ body.scope = scope;
495
568
  }
496
- if (metadata?.softwareId !== undefined && metadata.softwareId.length > 0) {
497
- body.software_id = metadata.softwareId;
569
+ if (softwareId !== undefined && softwareId.length > 0) {
570
+ body.software_id = softwareId;
498
571
  }
499
- if (metadata?.softwareVersion !== undefined && metadata.softwareVersion.length > 0) {
500
- body.software_version = metadata.softwareVersion;
572
+ if (softwareVersion !== undefined && softwareVersion.length > 0) {
573
+ body.software_version = softwareVersion;
501
574
  }
502
575
  return body;
503
576
  }
@@ -75,29 +75,33 @@ async function requestTokens(input) {
75
75
  body: body.toString(),
76
76
  });
77
77
  const payload = await readOAuthJsonObjectResponse(response);
78
- if (typeof payload.access_token !== "string" || payload.access_token.trim().length === 0) {
78
+ const accessToken = getOwnEntry(payload, "access_token");
79
+ if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
79
80
  throw new Error("OAuth token response missing access_token");
80
81
  }
81
- const tokenType = normalizeBearerTokenType(payload.token_type);
82
+ const tokenType = normalizeBearerTokenType(getOwnEntry(payload, "token_type"));
82
83
  if (tokenType === null) {
83
84
  throw new Error("OAuth token response missing token_type=Bearer");
84
85
  }
85
- if (typeof payload.expires_in === "number"
86
- && Number.isFinite(payload.expires_in)
87
- && payload.expires_in < 0) {
86
+ const expiresIn = getOwnEntry(payload, "expires_in");
87
+ if (typeof expiresIn === "number"
88
+ && Number.isFinite(expiresIn)
89
+ && expiresIn < 0) {
88
90
  throw new Error("OAuth token response has invalid expires_in");
89
91
  }
92
+ const refreshToken = getOwnEntry(payload, "refresh_token");
93
+ const scope = getOwnEntry(payload, "scope");
90
94
  return {
91
- accessToken: payload.access_token,
92
- refreshToken: typeof payload.refresh_token === "string" && payload.refresh_token.length > 0
93
- ? payload.refresh_token
95
+ accessToken,
96
+ refreshToken: typeof refreshToken === "string" && refreshToken.length > 0
97
+ ? refreshToken
94
98
  : undefined,
95
99
  tokenType,
96
- expiresAt: typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in)
97
- ? input.now() + (payload.expires_in * 1000)
100
+ expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn)
101
+ ? input.now() + (expiresIn * 1000)
98
102
  : null,
99
- scope: typeof payload.scope === "string" && payload.scope.length > 0
100
- ? payload.scope
103
+ scope: typeof scope === "string" && scope.length > 0
104
+ ? scope
101
105
  : undefined,
102
106
  };
103
107
  }
@@ -126,16 +130,22 @@ export async function readOAuthJsonObjectResponse(response) {
126
130
  return record;
127
131
  }
128
132
  function readOAuthError(payload, fallbackError = "server_error") {
133
+ const error = getOwnEntry(payload, "error");
134
+ const errorDescription = getOwnEntry(payload, "error_description");
135
+ const errorUri = getOwnEntry(payload, "error_uri");
129
136
  return {
130
- error: typeof payload.error === "string" ? payload.error : fallbackError,
131
- error_description: typeof payload.error_description === "string"
132
- ? payload.error_description
137
+ error: typeof error === "string" ? error : fallbackError,
138
+ error_description: typeof errorDescription === "string"
139
+ ? errorDescription
133
140
  : undefined,
134
- error_uri: typeof payload.error_uri === "string"
135
- ? payload.error_uri
141
+ error_uri: typeof errorUri === "string"
142
+ ? errorUri
136
143
  : undefined,
137
144
  };
138
145
  }
146
+ function getOwnEntry(record, key) {
147
+ return Object.prototype.hasOwnProperty.call(record, key) ? record[key] : undefined;
148
+ }
139
149
  function createFallbackOAuthError(status) {
140
150
  const error = status === 503 ? "temporarily_unavailable" : "server_error";
141
151
  return new OAuthError({ error }, status);
@@ -26,6 +26,15 @@ function isObjectRecord(value) {
26
26
  function isStringArray(value) {
27
27
  return Array.isArray(value) && value.every((item) => typeof item === "string");
28
28
  }
29
+ function getOwnEntry(record, key) {
30
+ return Object.prototype.hasOwnProperty.call(record, key)
31
+ ? record[key]
32
+ : undefined;
33
+ }
34
+ function getOwnString(record, key) {
35
+ const value = getOwnEntry(record, key);
36
+ return typeof value === "string" ? value : undefined;
37
+ }
29
38
  function toUrl(value, label) {
30
39
  try {
31
40
  return new URL(String(value));
@@ -58,10 +67,12 @@ function normalizeVerifiedAudience(value, expectedResource) {
58
67
  return [normalizedAudience];
59
68
  }
60
69
  function parseScopes(payload) {
61
- const raw = typeof payload.scope === "string"
62
- ? payload.scope
63
- : typeof payload.scopes === "string"
64
- ? payload.scopes
70
+ const scope = getOwnString(payload, "scope");
71
+ const scopes = getOwnEntry(payload, "scopes");
72
+ const raw = scope !== undefined
73
+ ? scope
74
+ : typeof scopes === "string"
75
+ ? scopes
65
76
  : null;
66
77
  if (raw !== null) {
67
78
  return raw
@@ -69,24 +80,28 @@ function parseScopes(payload) {
69
80
  .map((scope) => scope.trim())
70
81
  .filter((scope) => scope.length > 0);
71
82
  }
72
- return isStringArray(payload.scopes) ? [...payload.scopes] : [];
83
+ return isStringArray(scopes) ? [...scopes] : [];
73
84
  }
74
- function toVerifiedAccessToken(token, payload, audience = normalizeAudience(payload.aud)) {
85
+ function toVerifiedAccessToken(token, payload, audience = normalizeAudience(getOwnEntry(payload, "aud"))) {
86
+ const issuer = getOwnString(payload, "iss");
87
+ const expiresAt = getOwnEntry(payload, "exp");
88
+ const subject = getOwnString(payload, "sub");
89
+ const clientId = getOwnString(payload, "client_id");
75
90
  return {
76
91
  token,
77
- issuer: typeof payload.iss === "string" ? payload.iss : "",
92
+ issuer: issuer ?? "",
78
93
  audience,
79
94
  scopes: parseScopes(payload),
80
- expiresAt: typeof payload.exp === "number" ? payload.exp : 0,
95
+ expiresAt: typeof expiresAt === "number" ? expiresAt : 0,
81
96
  claims: { ...payload },
82
- ...(typeof payload.sub === "string"
97
+ ...(subject !== undefined
83
98
  ? {
84
- subject: payload.sub,
99
+ subject,
85
100
  }
86
101
  : {}),
87
- ...(typeof payload.client_id === "string"
102
+ ...(clientId !== undefined
88
103
  ? {
89
- clientId: payload.client_id,
104
+ clientId,
90
105
  }
91
106
  : {}),
92
107
  };
@@ -151,14 +166,15 @@ async function loadJwks(jwksUrl, fetchImplementation) {
151
166
  throw createInvalidTokenError(`unable to load JWKS (${response.status})`);
152
167
  }
153
168
  const payload = (await response.json());
154
- if (!isObjectRecord(payload) || !Array.isArray(payload.keys)) {
169
+ const keys = isObjectRecord(payload) ? getOwnEntry(payload, "keys") : undefined;
170
+ if (!isObjectRecord(payload) || !Array.isArray(keys)) {
155
171
  throw createInvalidTokenError("invalid JWKS document");
156
172
  }
157
- return payload;
173
+ return { ...payload, keys };
158
174
  }
159
175
  function resolveAlgorithm(token, allowedAlgorithms) {
160
176
  const header = decodeProtectedHeader(token);
161
- const alg = header.alg;
177
+ const alg = getOwnString(header, "alg");
162
178
  if (hasCriticalHeaderClaims(header)) {
163
179
  throw createInvalidTokenError("unsupported critical token claims");
164
180
  }
@@ -171,19 +187,24 @@ function resolveAlgorithm(token, allowedAlgorithms) {
171
187
  return alg;
172
188
  }
173
189
  function hasCriticalHeaderClaims(header) {
174
- return Array.isArray(header.crit) && header.crit.length > 0;
190
+ const criticalClaims = getOwnEntry(header, "crit");
191
+ return Array.isArray(criticalClaims) && criticalClaims.length > 0;
175
192
  }
176
193
  function isVerificationCandidate(key, alg, kid) {
177
- if (kid !== undefined && key.kid !== kid) {
194
+ const keyId = getOwnString(key, "kid");
195
+ const keyAlgorithm = getOwnString(key, "alg");
196
+ const keyUse = getOwnString(key, "use");
197
+ const keyOps = getOwnEntry(key, "key_ops");
198
+ if (kid !== undefined && keyId !== kid) {
178
199
  return false;
179
200
  }
180
- if (typeof key.alg === "string" && key.alg !== alg) {
201
+ if (keyAlgorithm !== undefined && keyAlgorithm !== alg) {
181
202
  return false;
182
203
  }
183
- if (typeof key.use === "string" && key.use !== "sig") {
204
+ if (keyUse !== undefined && keyUse !== "sig") {
184
205
  return false;
185
206
  }
186
- if (Array.isArray(key.key_ops) && !key.key_ops.includes("verify")) {
207
+ if (Array.isArray(keyOps) && !keyOps.includes("verify")) {
187
208
  return false;
188
209
  }
189
210
  return true;
@@ -193,7 +214,7 @@ function shouldContinueWithNextKey(error) {
193
214
  }
194
215
  async function verifyJwtAgainstJwks(input) {
195
216
  const protectedHeader = decodeProtectedHeader(input.token);
196
- const kid = typeof protectedHeader.kid === "string" ? protectedHeader.kid : undefined;
217
+ const kid = getOwnString(protectedHeader, "kid");
197
218
  const candidateKeys = input.jwks.keys.filter((key) => isVerificationCandidate(key, input.alg, kid));
198
219
  if (candidateKeys.length === 0) {
199
220
  throw createInvalidTokenError("token signature invalid");
@@ -239,7 +260,7 @@ export function createJwksTokenVerifier(options) {
239
260
  authorizationServers: input.authorizationServers,
240
261
  clockSkewSeconds,
241
262
  });
242
- const audience = normalizeVerifiedAudience(verified.payload.aud, expectedResource);
263
+ const audience = normalizeVerifiedAudience(getOwnEntry(verified.payload, "aud"), expectedResource);
243
264
  const accessToken = toVerifiedAccessToken(input.token, verified.payload, audience);
244
265
  if (input.requiredScopes.length > 0
245
266
  && !input.requiredScopes.every((scope) => accessToken.scopes.includes(scope))) {
@@ -0,0 +1,148 @@
1
+ # toolcraft-design
2
+
3
+ Shared terminal design system for Toolcraft applications. It provides design tokens, ANSI-aware text and layout components, interactive prompts, dashboards, explorers, terminal Markdown rendering, and deterministic static renderers from one package.
4
+
5
+ ## Install
6
+
7
+ ```sh
8
+ npm install toolcraft-design
9
+ ```
10
+
11
+ Import from the package root:
12
+
13
+ ```ts
14
+ import { configureTheme, promptText, renderMarkdown, renderTable, text } from "toolcraft-design";
15
+ ```
16
+
17
+ The package does not expose public subpath imports.
18
+
19
+ ## Public API
20
+
21
+ ### Tokens
22
+
23
+ - `tokens`: namespace containing the token exports.
24
+ - `brand`: the default purple brand color.
25
+ - `dark`, `light`: built-in purple `ThemePalette` values.
26
+ - `brands`: mutable registry of available brands.
27
+ - `spacing`, `typography`, `widths`: shared design token collections.
28
+ - Types: `Brand`, `ThemeName`, `ThemePalette`.
29
+
30
+ ### Components
31
+
32
+ - `text`, `color`, `symbols`: text styles, color helpers, and terminal symbols.
33
+ - `createLogger`, `logger`: styled logger creation and the default logger.
34
+ - `helpFormatter`, `helpFormatterPlain`: styled and plain help formatting APIs.
35
+ - `formatColumns`, `formatCommand`, `formatUsage`, `formatOption`, `formatCommandList`, `formatOptionList`: individual help-formatting functions.
36
+ - `formatCommandNotFound`, `formatCommandNotFoundPanel`: command error rendering.
37
+ - `renderTable`, `renderDetailCard`: tabular and detail-card rendering.
38
+ - `getTemplatePartialNames`, `renderTemplate`, `resolveTemplatePartials`: template rendering utilities.
39
+ - `openExternal`: opens a URL or file with the platform browser command.
40
+ - Types: `Color`, `LoggerOutput`, `CommandInfo`, `OptionInfo`, `FormatColumnsOptions`, `TableColumn`, `RenderTableOptions`, `DetailCardRow`, `DetailCardSection`, `RenderDetailCardOptions`, `RenderTemplateOptions`, `TemplateEscape`.
41
+
42
+ ### Prompts
43
+
44
+ - `prompts`: namespace containing the prompt exports.
45
+ - `intro`, `introPlain`, `outro`, `note`: prompt flow presentation.
46
+ - `select`, `multiselect`, `promptText`, `confirm`, `confirmOrCancel`, `password`: interactive inputs. The prompt text function is exported as `promptText` at the package root and as `text` on `prompts`.
47
+ - `spinner`, `withSpinner`: spinner APIs.
48
+ - `isCancel`, `cancel`, `log`, `PromptCancelledError`: cancellation and prompt logging utilities.
49
+ - `promptTheme`: the brand-aware prompt theme.
50
+ - Types: `SelectOptions`, `MultiselectOptions`, `TextOptions`, `ConfirmOptions`, `PasswordOptions`, `SpinnerOptions`, `WithSpinnerOptions`.
51
+
52
+ ### Dashboard
53
+
54
+ - `dashboard`: namespace containing the complete dashboard API.
55
+ - `createDashboard`, `shouldUseInteractiveDashboard`: root-level dashboard exports.
56
+ - Root-level types: `Dashboard`, `DashboardOptions`.
57
+ - The namespace also exports `renderDashboardSnapshot`, `defaultHints`, and the dashboard snapshot, state, output, command, statistics, and footer-hint types.
58
+
59
+ ### Explorer
60
+
61
+ - `explorer`: namespace containing the complete explorer API.
62
+ - `runExplorer`, `singleDetail`: root-level explorer exports.
63
+ - Root-level types: `Row`, `DetailItem`, `Detail`, `DetailCtx`, `Action`, `ActionContext`, `ExplorerConfig`, `ReorderContext`, `Tone`.
64
+ - The namespace also exports `createInitialState`, `resolveBindings`, and the remaining explorer event, binding, layout, size, state, and effect types.
65
+
66
+ ### Terminal Markdown
67
+
68
+ - `parse`: parses Markdown into `MdNode` values.
69
+ - `render`: renders parsed Markdown nodes for the terminal.
70
+ - `renderMarkdown`: parses and renders a Markdown string.
71
+ - Types: `MdNode`, `RenderOptions`.
72
+
73
+ ### Static Rendering
74
+
75
+ - `staticRender`: namespace containing the static rendering exports.
76
+ - `SPINNER_FRAMES`, `renderSpinnerFrame`, `renderSpinnerStopped`: deterministic spinner rendering.
77
+ - `renderMenu`: deterministic menu rendering.
78
+ - Types: `SpinnerFrameOptions`, `SpinnerStoppedOptions`, `MenuOption`, `RenderMenuOptions`.
79
+
80
+ ### ACP Rendering
81
+
82
+ - `acp`: namespace containing `renderAgentMessage`, `renderToolStart`, `renderToolComplete`, `renderReasoning`, `renderUsage`, `renderError`, `getAcpWriter`, and `withAcpWriter`.
83
+ - Namespace type: `AcpLineWriter`.
84
+
85
+ ### Advanced Utilities
86
+
87
+ - `getTheme`, `resolveThemeName`, `resetThemeCache`: theme resolution and cache control.
88
+ - `configureTheme`, `getThemeConfig`, `resetTheme`: brand and label configuration.
89
+ - `resolveOutputFormat`, `resetOutputFormatCache`, `withOutputFormat`: terminal, Markdown, or JSON output-format selection.
90
+ - Types: `ThemeEnv`, `OutputFormat`.
91
+
92
+ ## Brand Theme
93
+
94
+ The default configuration is `{ brand: "purple", label: "Poe" }`. Configure the package before producing design-system output:
95
+
96
+ ```ts
97
+ import { configureTheme, getThemeConfig, resetTheme } from "toolcraft-design";
98
+
99
+ configureTheme({ brand: "blue", label: "Toolcraft" });
100
+
101
+ console.log(getThemeConfig());
102
+ // { brand: "blue", label: "Toolcraft" }
103
+
104
+ resetTheme();
105
+ ```
106
+
107
+ `configureTheme` accepts either or both fields and merges them into the current configuration. It throws for an unknown brand. `getThemeConfig` returns a copy of the current configuration, and `resetTheme` restores the purple `Poe` defaults.
108
+
109
+ The built-in brands are:
110
+
111
+ - `purple`: `#a200ff`
112
+ - `blue`: `#2f6fed`
113
+ - `green`: `#1f9d57`
114
+
115
+ Register another brand by adding a `Brand` to the exported `brands` registry before selecting it:
116
+
117
+ ```ts
118
+ import { brands, configureTheme, type Brand } from "toolcraft-design";
119
+
120
+ const orange: Brand = {
121
+ name: "orange",
122
+ primary: "#f97316"
123
+ };
124
+
125
+ brands.orange = orange;
126
+ configureTheme({ brand: "orange", label: "My CLI" });
127
+ ```
128
+
129
+ The registry key and `Brand.name` should match. Brand primary colors are CSS-style hex strings used to build light and dark terminal palettes.
130
+
131
+ ## Environment Variables
132
+
133
+ ### Theme and Brand
134
+
135
+ - `POE_CODE_THEME`: forces the rendering mode when set to `light` or `dark`. It takes precedence over `POE_THEME` and automatic terminal theme detection.
136
+ - `POE_THEME`: legacy light/dark override used when `POE_CODE_THEME` is not set to a valid mode.
137
+ - `POE_BRAND`: debug-only built-in or registered brand override. An explicit `configureTheme({ brand })` call takes precedence. Unknown values are ignored.
138
+ - `APPLE_INTERFACE_STYLE`: automatic macOS theme hint used when no valid explicit light/dark override is present.
139
+ - `VSCODE_COLOR_THEME_KIND`: automatic VS Code theme hint used after the macOS hint.
140
+ - `COLORFGBG`: terminal foreground/background hint used after the macOS and VS Code hints. Rendering defaults to dark when no hint resolves a mode.
141
+
142
+ ### Output and Color
143
+
144
+ - `OUTPUT_FORMAT`: selects `terminal`, `markdown`, or `json` output for components that use the output-format resolver. Invalid or missing values default to `terminal`.
145
+ - `FORCE_COLOR`: enables color when present and not `0`, taking precedence over `NO_COLOR`.
146
+ - `NO_COLOR`: disables color when `FORCE_COLOR` does not enable it.
147
+ - `TERM`: participates in color support detection; an unset or `dumb` terminal disables color unless forced.
148
+ - `POE_NO_SPINNER`: uses non-animated spinner behavior when set to `1`.