workos 0.1.2 → 0.2.1

package/dist/src/lib/ai-content.js

@@ -0,0 +1,68 @@
+import Anthropic from '@anthropic-ai/sdk';
+const client = new Anthropic();
+/**
+ * Generate a concise commit message for the AuthKit integration.
+ * Falls back to a default message if AI generation fails.
+ */
+export async function generateCommitMessage(integration, files) {
+    try {
+        const response = await client.messages.create({
+            model: 'claude-sonnet-4-20250514',
+            max_tokens: 100,
+            messages: [
+                {
+                    role: 'user',
+                    content: `Generate a concise git commit message for adding WorkOS AuthKit to a ${integration} project. Changed files: ${files.slice(0, 10).join(', ')}. Use conventional commit format (feat:). One line only, under 72 chars.`,
+                },
+            ],
+        });
+        const text = response.content[0];
+        if (text.type === 'text') {
+            return text.text.trim();
+        }
+    }
+    catch { }
+    return `feat: add WorkOS AuthKit integration for ${integration}`;
+}
+/**
+ * Generate a PR description for the AuthKit integration.
+ * Falls back to a default template if AI generation fails.
+ */
+export async function generatePrDescription(integration, files, commitMessage) {
+    try {
+        const response = await client.messages.create({
+            model: 'claude-sonnet-4-20250514',
+            max_tokens: 500,
+            messages: [
+                {
+                    role: 'user',
+                    content: `Generate a GitHub PR description for: "${commitMessage}"
+
+Framework: ${integration}
+Files changed: ${files.join(', ')}
+
+Include:
+- Brief summary (2-3 sentences)
+- Key changes bullet list
+- Link to WorkOS AuthKit docs: https://workos.com/docs/user-management
+
+Keep it concise. Markdown format.`,
+                },
+            ],
+        });
+        const text = response.content[0];
+        if (text.type === 'text') {
+            return text.text.trim();
+        }
+    }
+    catch { }
+    return `## Summary
+Added WorkOS AuthKit integration for ${integration}.
+
+## Changes
+${files.map((f) => `- ${f}`).join('\n')}
+
+## Documentation
+https://workos.com/docs/user-management`;
+}
+//# sourceMappingURL=ai-content.js.map

package/dist/src/lib/ai-content.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-content.js","sourceRoot":"","sources":["../../../src/lib/ai-content.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAE1C,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;AAE/B;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,WAAmB,EAAE,KAAe;IAC9E,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,0BAA0B;YACjC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,wEAAwE,WAAW,4BAA4B,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,0EAA0E;iBAChO;aACF;SACF,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,OAAO,4CAA4C,WAAW,EAAE,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAAmB,EACnB,KAAe,EACf,aAAqB;IAErB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,0BAA0B;YACjC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,0CAA0C,aAAa;;aAE7D,WAAW;iBACP,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;kCAOC;iBACzB;aACF;SACF,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,OAAO;uCAC8B,WAAW;;;EAGhD,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;wCAGC,CAAC;AACzC,CAAC","sourcesContent":["import Anthropic from '@anthropic-ai/sdk';\n\nconst client = new Anthropic();\n\n/**\n * Generate a concise commit message for the AuthKit integration.\n * Falls back to a default message if AI generation fails.\n */\nexport async function generateCommitMessage(integration: string, files: string[]): Promise<string> {\n  try {\n    const response = await client.messages.create({\n      model: 'claude-sonnet-4-20250514',\n      max_tokens: 100,\n      messages: [\n        {\n          role: 'user',\n          content: `Generate a concise git commit message for adding WorkOS AuthKit to a ${integration} project. Changed files: ${files.slice(0, 10).join(', ')}. Use conventional commit format (feat:). One line only, under 72 chars.`,\n        },\n      ],\n    });\n\n    const text = response.content[0];\n    if (text.type === 'text') {\n      return text.text.trim();\n    }\n  } catch {}\n\n  return `feat: add WorkOS AuthKit integration for ${integration}`;\n}\n\n/**\n * Generate a PR description for the AuthKit integration.\n * Falls back to a default template if AI generation fails.\n */\nexport async function generatePrDescription(\n  integration: string,\n  files: string[],\n  commitMessage: string,\n): Promise<string> {\n  try {\n    const response = await client.messages.create({\n      model: 'claude-sonnet-4-20250514',\n      max_tokens: 500,\n      messages: [\n        {\n          role: 'user',\n          content: `Generate a GitHub PR description for: \"${commitMessage}\"\n\nFramework: ${integration}\nFiles changed: ${files.join(', ')}\n\nInclude:\n- Brief summary (2-3 sentences)\n- Key changes bullet list\n- Link to WorkOS AuthKit docs: https://workos.com/docs/user-management\n\nKeep it concise. Markdown format.`,\n        },\n      ],\n    });\n\n    const text = response.content[0];\n    if (text.type === 'text') {\n      return text.text.trim();\n    }\n  } catch {}\n\n  return `## Summary\nAdded WorkOS AuthKit integration for ${integration}.\n\n## Changes\n${files.map((f) => `- ${f}`).join('\\n')}\n\n## Documentation\nhttps://workos.com/docs/user-management`;\n}\n"]}

package/dist/src/lib/credential-discovery.d.ts

@@ -0,0 +1,42 @@
+export interface DiscoveryResult {
+    found: boolean;
+    source?: 'env' | 'declined';
+    clientId?: string;
+    apiKey?: string;
+    sourcePath?: string;
+}
+export interface EnvFileInfo {
+    exists: boolean;
+    files: string[];
+}
+/**
+ * Check if env files exist in the project directory (without reading contents).
+ * Returns which files were found so the UI can prompt for consent.
+ */
+export declare function checkForEnvFiles(projectDir: string): Promise<EnvFileInfo>;
+/**
+ * Scan a single env file for WorkOS credentials.
+ * Only extracts WORKOS_CLIENT_ID and WORKOS_API_KEY - ignores all other variables.
+ */
+export declare function scanEnvFile(filePath: string): Promise<{
+    clientId?: string;
+    apiKey?: string;
+}>;
+/**
+ * Validate client ID format.
+ * WorkOS client IDs start with 'client_' prefix.
+ */
+export declare function isValidClientId(value: string): boolean;
+/**
+ * Validate API key format.
+ * WorkOS secret keys start with 'sk_' prefix.
+ */
+export declare function isValidApiKey(value: string): boolean;
+/**
+ * Discover WorkOS credentials from project env files.
+ * Must be called AFTER user consent is given.
+ *
+ * Scans files in priority order: .env.local > .env.development.local > .env.development > .env
+ * Returns first complete match (both clientId and apiKey preferred, but clientId-only is valid).
+ */
+export declare function discoverCredentials(projectDir: string): Promise<DiscoveryResult>;

package/dist/src/lib/credential-discovery.js

@@ -0,0 +1,100 @@
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { logInfo } from '../utils/debug.js';
+const ENV_FILE_NAMES = ['.env.local', '.env.development.local', '.env.development', '.env'];
+// Only extract WorkOS variables - ignore everything else
+const WORKOS_CLIENT_ID_PATTERN = /^WORKOS_CLIENT_ID=["']?([^"'\s#]+)["']?/m;
+const WORKOS_API_KEY_PATTERN = /^WORKOS_API_KEY=["']?([^"'\s#]+)["']?/m;
+/**
+ * Check if env files exist in the project directory (without reading contents).
+ * Returns which files were found so the UI can prompt for consent.
+ */
+export async function checkForEnvFiles(projectDir) {
+    logInfo('[credential-discovery] Checking for env files in:', projectDir);
+    const foundFiles = [];
+    for (const fileName of ENV_FILE_NAMES) {
+        const filePath = path.join(projectDir, fileName);
+        try {
+            await fs.access(filePath, fs.constants.R_OK);
+            foundFiles.push(fileName);
+        }
+        catch {
+            // continue
+        }
+    }
+    logInfo('[credential-discovery] Found env files:', foundFiles);
+    return {
+        exists: foundFiles.length > 0,
+        files: foundFiles,
+    };
+}
+/**
+ * Scan a single env file for WorkOS credentials.
+ * Only extracts WORKOS_CLIENT_ID and WORKOS_API_KEY - ignores all other variables.
+ */
+export async function scanEnvFile(filePath) {
+    const content = await fs.readFile(filePath, 'utf-8');
+    // Filter out commented lines before matching
+    const lines = content.split('\n');
+    const uncommentedContent = lines.filter((line) => !line.trim().startsWith('#')).join('\n');
+    const clientIdMatch = uncommentedContent.match(WORKOS_CLIENT_ID_PATTERN);
+    const apiKeyMatch = uncommentedContent.match(WORKOS_API_KEY_PATTERN);
+    return {
+        clientId: clientIdMatch?.[1],
+        apiKey: apiKeyMatch?.[1],
+    };
+}
+/**
+ * Validate client ID format.
+ * WorkOS client IDs start with 'client_' prefix.
+ */
+export function isValidClientId(value) {
+    return value.startsWith('client_') && value.length > 10;
+}
+/**
+ * Validate API key format.
+ * WorkOS secret keys start with 'sk_' prefix.
+ */
+export function isValidApiKey(value) {
+    return value.startsWith('sk_') && value.length > 10;
+}
+/**
+ * Discover WorkOS credentials from project env files.
+ * Must be called AFTER user consent is given.
+ *
+ * Scans files in priority order: .env.local > .env.development.local > .env.development > .env
+ * Returns first complete match (both clientId and apiKey preferred, but clientId-only is valid).
+ */
+export async function discoverCredentials(projectDir) {
+    logInfo('[credential-discovery] Scanning env files for WorkOS credentials');
+    for (const fileName of ENV_FILE_NAMES) {
+        const filePath = path.join(projectDir, fileName);
+        try {
+            const result = await scanEnvFile(filePath);
+            const clientIdValid = result.clientId && isValidClientId(result.clientId);
+            const apiKeyValid = result.apiKey && isValidApiKey(result.apiKey);
+            if (result.clientId && !clientIdValid) {
+                logInfo('[credential-discovery] Invalid clientId format in', fileName);
+            }
+            if (result.apiKey && !apiKeyValid) {
+                logInfo('[credential-discovery] Invalid apiKey format in', fileName);
+            }
+            if (clientIdValid) {
+                logInfo('[credential-discovery] Found valid credentials in', fileName);
+                return {
+                    found: true,
+                    source: 'env',
+                    clientId: result.clientId,
+                    apiKey: apiKeyValid ? result.apiKey : undefined,
+                    sourcePath: fileName,
+                };
+            }
+        }
+        catch {
+            // continue
+        }
+    }
+    logInfo('[credential-discovery] No valid credentials found');
+    return { found: false };
+}
+//# sourceMappingURL=credential-discovery.js.map

package/dist/src/lib/credential-discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-discovery.js","sourceRoot":"","sources":["../../../src/lib/credential-discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAe5C,MAAM,cAAc,GAAG,CAAC,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAC;AAE5F,yDAAyD;AACzD,MAAM,wBAAwB,GAAG,0CAA0C,CAAC;AAC5E,MAAM,sBAAsB,GAAG,wCAAwC,CAAC;AAExE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAkB;IACvD,OAAO,CAAC,mDAAmD,EAAE,UAAU,CAAC,CAAC;IACzE,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7C,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IAED,OAAO,CAAC,yCAAyC,EAAE,UAAU,CAAC,CAAC;IAC/D,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;QAC7B,KAAK,EAAE,UAAU;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAErD,6CAA6C;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,kBAAkB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE3F,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAErE,OAAO;QACL,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;QAC5B,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;KACzB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,OAAO,CAAC,kEAAkE,CAAC,CAAC;IAC5E,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAElE,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,aAAa,EAAE,CAAC;gBACtC,OAAO,CAAC,mDAAmD,EAAE,QAAQ,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO,CAAC,iDAAiD,EAAE,QAAQ,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,CAAC,mDAAmD,EAAE,QAAQ,CAAC,CAAC;gBACvE,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,MAAM,EAAE,KAAK;oBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBAC/C,UAAU,EAAE,QAAQ;iBACrB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IAED,OAAO,CAAC,mDAAmD,CAAC,CAAC;IAC7D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC","sourcesContent":["import { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { logInfo } from '../utils/debug.js';\n\nexport interface DiscoveryResult {\n  found: boolean;\n  source?: 'env' | 'declined';\n  clientId?: string;\n  apiKey?: string;\n  sourcePath?: string;\n}\n\nexport interface EnvFileInfo {\n  exists: boolean;\n  files: string[];\n}\n\nconst ENV_FILE_NAMES = ['.env.local', '.env.development.local', '.env.development', '.env'];\n\n// Only extract WorkOS variables - ignore everything else\nconst WORKOS_CLIENT_ID_PATTERN = /^WORKOS_CLIENT_ID=[\"']?([^\"'\\s#]+)[\"']?/m;\nconst WORKOS_API_KEY_PATTERN = /^WORKOS_API_KEY=[\"']?([^\"'\\s#]+)[\"']?/m;\n\n/**\n * Check if env files exist in the project directory (without reading contents).\n * Returns which files were found so the UI can prompt for consent.\n */\nexport async function checkForEnvFiles(projectDir: string): Promise<EnvFileInfo> {\n  logInfo('[credential-discovery] Checking for env files in:', projectDir);\n  const foundFiles: string[] = [];\n\n  for (const fileName of ENV_FILE_NAMES) {\n    const filePath = path.join(projectDir, fileName);\n    try {\n      await fs.access(filePath, fs.constants.R_OK);\n      foundFiles.push(fileName);\n    } catch {\n      // continue\n    }\n  }\n\n  logInfo('[credential-discovery] Found env files:', foundFiles);\n  return {\n    exists: foundFiles.length > 0,\n    files: foundFiles,\n  };\n}\n\n/**\n * Scan a single env file for WorkOS credentials.\n * Only extracts WORKOS_CLIENT_ID and WORKOS_API_KEY - ignores all other variables.\n */\nexport async function scanEnvFile(filePath: string): Promise<{ clientId?: string; apiKey?: string }> {\n  const content = await fs.readFile(filePath, 'utf-8');\n\n  // Filter out commented lines before matching\n  const lines = content.split('\\n');\n  const uncommentedContent = lines.filter((line) => !line.trim().startsWith('#')).join('\\n');\n\n  const clientIdMatch = uncommentedContent.match(WORKOS_CLIENT_ID_PATTERN);\n  const apiKeyMatch = uncommentedContent.match(WORKOS_API_KEY_PATTERN);\n\n  return {\n    clientId: clientIdMatch?.[1],\n    apiKey: apiKeyMatch?.[1],\n  };\n}\n\n/**\n * Validate client ID format.\n * WorkOS client IDs start with 'client_' prefix.\n */\nexport function isValidClientId(value: string): boolean {\n  return value.startsWith('client_') && value.length > 10;\n}\n\n/**\n * Validate API key format.\n * WorkOS secret keys start with 'sk_' prefix.\n */\nexport function isValidApiKey(value: string): boolean {\n  return value.startsWith('sk_') && value.length > 10;\n}\n\n/**\n * Discover WorkOS credentials from project env files.\n * Must be called AFTER user consent is given.\n *\n * Scans files in priority order: .env.local > .env.development.local > .env.development > .env\n * Returns first complete match (both clientId and apiKey preferred, but clientId-only is valid).\n */\nexport async function discoverCredentials(projectDir: string): Promise<DiscoveryResult> {\n  logInfo('[credential-discovery] Scanning env files for WorkOS credentials');\n  for (const fileName of ENV_FILE_NAMES) {\n    const filePath = path.join(projectDir, fileName);\n\n    try {\n      const result = await scanEnvFile(filePath);\n\n      const clientIdValid = result.clientId && isValidClientId(result.clientId);\n      const apiKeyValid = result.apiKey && isValidApiKey(result.apiKey);\n\n      if (result.clientId && !clientIdValid) {\n        logInfo('[credential-discovery] Invalid clientId format in', fileName);\n      }\n      if (result.apiKey && !apiKeyValid) {\n        logInfo('[credential-discovery] Invalid apiKey format in', fileName);\n      }\n\n      if (clientIdValid) {\n        logInfo('[credential-discovery] Found valid credentials in', fileName);\n        return {\n          found: true,\n          source: 'env',\n          clientId: result.clientId,\n          apiKey: apiKeyValid ? result.apiKey : undefined,\n          sourcePath: fileName,\n        };\n      }\n    } catch {\n      // continue\n    }\n  }\n\n  logInfo('[credential-discovery] No valid credentials found');\n  return { found: false };\n}\n"]}

package/dist/src/lib/credentials.d.ts

@@ -1,8 +1,14 @@
+export interface StagingCache {
+    clientId: string;
+    apiKey: string;
+    fetchedAt: number;
+}
 export interface Credentials {
     accessToken: string;
     expiresAt: number;
     userId: string;
     email?: string;
+    staging?: StagingCache;
 }
 export declare function getCredentialsPath(): string;
 export declare function hasCredentials(): boolean;
@@ -17,3 +23,19 @@ export declare function isTokenExpired(creds: Credentials): boolean;
  * Get access token if available and not expired.
  */
 export declare function getAccessToken(): string | null;
+/**
+ * Save staging credentials to the credential cache.
+ * Staging credentials are tied to the access token lifecycle.
+ */
+export declare function saveStagingCredentials(staging: {
+    clientId: string;
+    apiKey: string;
+}): void;
+/**
+ * Get cached staging credentials if available and access token is still valid.
+ * Returns null if no cached credentials or if access token has expired.
+ */
+export declare function getStagingCredentials(): {
+    clientId: string;
+    apiKey: string;
+} | null;

package/dist/src/lib/credentials.js

@@ -52,4 +52,33 @@ export function getAccessToken() {
         return null;
     return creds.accessToken;
 }
+/**
+ * Save staging credentials to the credential cache.
+ * Staging credentials are tied to the access token lifecycle.
+ */
+export function saveStagingCredentials(staging) {
+    const creds = getCredentials();
+    if (!creds)
+        return;
+    saveCredentials({
+        ...creds,
+        staging: {
+            ...staging,
+            fetchedAt: Date.now(),
+        },
+    });
+}
+/**
+ * Get cached staging credentials if available and access token is still valid.
+ * Returns null if no cached credentials or if access token has expired.
+ */
+export function getStagingCredentials() {
+    const creds = getCredentials();
+    if (!creds?.staging)
+        return null;
+    // Invalidate staging credentials when access token expires
+    if (isTokenExpired(creds))
+        return null;
+    return { clientId: creds.staging.clientId, apiKey: creds.staging.apiKey };
+}
 //# sourceMappingURL=credentials.js.map

package/dist/src/lib/credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../src/lib/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AASzB,SAAS,iBAAiB;IACxB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,EAAE,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC,cAAc,EAAE;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,kBAAkB,EAAE,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAkB;IAChD,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,kBAAkB,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACrE,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,EAAE,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAkB;IAC/C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,SAAS,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,cAAc,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC","sourcesContent":["import fs from 'node:fs';\nimport path from 'node:path';\nimport os from 'node:os';\n\nexport interface Credentials {\n  accessToken: string;\n  expiresAt: number;\n  userId: string;\n  email?: string;\n}\n\nfunction getCredentialsDir(): string {\n  return path.join(os.homedir(), '.workos');\n}\n\nexport function getCredentialsPath(): string {\n  return path.join(getCredentialsDir(), 'credentials.json');\n}\n\nexport function hasCredentials(): boolean {\n  return fs.existsSync(getCredentialsPath());\n}\n\nexport function getCredentials(): Credentials | null {\n  if (!hasCredentials()) return null;\n  try {\n    const content = fs.readFileSync(getCredentialsPath(), 'utf-8');\n    return JSON.parse(content);\n  } catch {\n    return null;\n  }\n}\n\nexport function saveCredentials(creds: Credentials): void {\n  const dir = getCredentialsDir();\n  if (!fs.existsSync(dir)) {\n    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });\n  }\n  fs.writeFileSync(getCredentialsPath(), JSON.stringify(creds, null, 2), {\n    mode: 0o600,\n  });\n}\n\nexport function clearCredentials(): void {\n  if (hasCredentials()) {\n    fs.unlinkSync(getCredentialsPath());\n  }\n}\n\n/**\n * Check if token is actually expired (hard expiry check).\n */\nexport function isTokenExpired(creds: Credentials): boolean {\n  return Date.now() >= creds.expiresAt;\n}\n\n/**\n * Get access token if available and not expired.\n */\nexport function getAccessToken(): string | null {\n  const creds = getCredentials();\n  if (!creds) return null;\n  if (isTokenExpired(creds)) return null;\n  return creds.accessToken;\n}\n"]}
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../src/lib/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAgBzB,SAAS,iBAAiB;IACxB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,EAAE,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC,cAAc,EAAE;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,kBAAkB,EAAE,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAkB;IAChD,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,kBAAkB,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACrE,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,EAAE,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAkB;IAC/C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,SAAS,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,cAAc,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAA6C;IAClF,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,eAAe,CAAC;QACd,GAAG,KAAK;QACR,OAAO,EAAE;YACP,GAAG,OAAO;YACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,OAAO;QAAE,OAAO,IAAI,CAAC;IACjC,2DAA2D;IAC3D,IAAI,cAAc,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;AAC5E,CAAC","sourcesContent":["import fs from 'node:fs';\nimport path from 'node:path';\nimport os from 'node:os';\n\nexport interface StagingCache {\n  clientId: string;\n  apiKey: string;\n  fetchedAt: number;\n}\n\nexport interface Credentials {\n  accessToken: string;\n  expiresAt: number;\n  userId: string;\n  email?: string;\n  staging?: StagingCache;\n}\n\nfunction getCredentialsDir(): string {\n  return path.join(os.homedir(), '.workos');\n}\n\nexport function getCredentialsPath(): string {\n  return path.join(getCredentialsDir(), 'credentials.json');\n}\n\nexport function hasCredentials(): boolean {\n  return fs.existsSync(getCredentialsPath());\n}\n\nexport function getCredentials(): Credentials | null {\n  if (!hasCredentials()) return null;\n  try {\n    const content = fs.readFileSync(getCredentialsPath(), 'utf-8');\n    return JSON.parse(content);\n  } catch {\n    return null;\n  }\n}\n\nexport function saveCredentials(creds: Credentials): void {\n  const dir = getCredentialsDir();\n  if (!fs.existsSync(dir)) {\n    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });\n  }\n  fs.writeFileSync(getCredentialsPath(), JSON.stringify(creds, null, 2), {\n    mode: 0o600,\n  });\n}\n\nexport function clearCredentials(): void {\n  if (hasCredentials()) {\n    fs.unlinkSync(getCredentialsPath());\n  }\n}\n\n/**\n * Check if token is actually expired (hard expiry check).\n */\nexport function isTokenExpired(creds: Credentials): boolean {\n  return Date.now() >= creds.expiresAt;\n}\n\n/**\n * Get access token if available and not expired.\n */\nexport function getAccessToken(): string | null {\n  const creds = getCredentials();\n  if (!creds) return null;\n  if (isTokenExpired(creds)) return null;\n  return creds.accessToken;\n}\n\n/**\n * Save staging credentials to the credential cache.\n * Staging credentials are tied to the access token lifecycle.\n */\nexport function saveStagingCredentials(staging: { clientId: string; apiKey: string }): void {\n  const creds = getCredentials();\n  if (!creds) return;\n\n  saveCredentials({\n    ...creds,\n    staging: {\n      ...staging,\n      fetchedAt: Date.now(),\n    },\n  });\n}\n\n/**\n * Get cached staging credentials if available and access token is still valid.\n * Returns null if no cached credentials or if access token has expired.\n */\nexport function getStagingCredentials(): { clientId: string; apiKey: string } | null {\n  const creds = getCredentials();\n  if (!creds?.staging) return null;\n  // Invalidate staging credentials when access token expires\n  if (isTokenExpired(creds)) return null;\n  return { clientId: creds.staging.clientId, apiKey: creds.staging.apiKey };\n}\n"]}

package/dist/src/lib/device-auth.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Device Authorization Flow
+ *
+ * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.
+ * Extracted from login.ts for reuse in wizard credential gathering.
+ */
+export interface DeviceAuthResponse {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+}
+export interface DeviceAuthOptions {
+    clientId: string;
+    authkitDomain: string;
+    scopes?: string[];
+    timeoutMs?: number;
+    onPoll?: () => void;
+    onSlowDown?: (newIntervalMs: number) => void;
+}
+export interface DeviceAuthResult {
+    accessToken: string;
+    idToken: string;
+    expiresAt: number;
+    userId: string;
+    email?: string;
+}
+export declare class DeviceAuthError extends Error {
+    constructor(message: string);
+}
+/**
+ * Request a device code from the OAuth authorization server.
+ * Returns the device code, user code, and verification URIs.
+ */
+export declare function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse>;
+/**
+ * Poll for token after user has authorized in the browser.
+ * Handles authorization_pending and slow_down responses per RFC 8628.
+ */
+export declare function pollForToken(deviceCode: string, options: DeviceAuthOptions & {
+    interval: number;
+}): Promise<DeviceAuthResult>;

package/dist/src/lib/device-auth.js

@@ -0,0 +1,137 @@
+/**
+ * Device Authorization Flow
+ *
+ * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.
+ * Extracted from login.ts for reuse in wizard credential gathering.
+ */
+import { logInfo, logError } from '../utils/debug.js';
+export class DeviceAuthError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'DeviceAuthError';
+    }
+}
+const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+const DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read'];
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Parse JWT payload
+ */
+function parseJwt(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Extract expiry time from JWT token
+ */
+function getJwtExpiry(token) {
+    const payload = parseJwt(token);
+    if (!payload || typeof payload.exp !== 'number')
+        return null;
+    return payload.exp * 1000;
+}
+/**
+ * Request a device code from the OAuth authorization server.
+ * Returns the device code, user code, and verification URIs.
+ */
+export async function requestDeviceCode(options) {
+    const scopes = options.scopes ?? DEFAULT_SCOPES;
+    const url = `${options.authkitDomain}/oauth2/device_authorization`;
+    logInfo('[device-auth] Requesting device code from:', url);
+    const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+            client_id: options.clientId,
+            scope: scopes.join(' '),
+        }),
+    });
+    logInfo('[device-auth] Device code response status:', res.status);
+    if (!res.ok) {
+        const text = await res.text();
+        logError('[device-auth] Device authorization failed:', res.status, text);
+        throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);
+    }
+    const data = (await res.json());
+    logInfo('[device-auth] Device code received, user_code:', data.user_code);
+    return data;
+}
+/**
+ * Poll for token after user has authorized in the browser.
+ * Handles authorization_pending and slow_down responses per RFC 8628.
+ */
+export async function pollForToken(deviceCode, options) {
+    const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const startTime = Date.now();
+    let pollInterval = options.interval * 1000;
+    const tokenUrl = `${options.authkitDomain}/oauth2/token`;
+    logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);
+    while (Date.now() - startTime < timeoutMs) {
+        await sleep(pollInterval);
+        options.onPoll?.();
+        let res;
+        try {
+            res = await fetch(tokenUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: new URLSearchParams({
+                    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+                    device_code: deviceCode,
+                    client_id: options.clientId,
+                }),
+            });
+        }
+        catch (err) {
+            logInfo('[device-auth] Token poll network error, retrying');
+            continue;
+        }
+        let data;
+        try {
+            data = await res.json();
+        }
+        catch {
+            logError('[device-auth] Invalid JSON response from auth server');
+            throw new DeviceAuthError('Invalid response from auth server');
+        }
+        logInfo('[device-auth] Token poll response:', res.status, data?.error ?? 'success');
+        if (res.ok) {
+            logInfo('[device-auth] Token received successfully');
+            return parseTokenResponse(data);
+        }
+        const errorData = data;
+        if (errorData.error === 'authorization_pending') {
+            continue;
+        }
+        if (errorData.error === 'slow_down') {
+            pollInterval += 5000;
+            logInfo('[device-auth] Slowing down, new interval:', pollInterval);
+            options.onSlowDown?.(pollInterval);
+            continue;
+        }
+        logError('[device-auth] Token error:', errorData.error);
+        throw new DeviceAuthError(`Token error: ${errorData.error}`);
+    }
+    logError('[device-auth] Authentication timed out');
+    throw new DeviceAuthError('Authentication timed out after 5 minutes');
+}
+function parseTokenResponse(data) {
+    const idPayload = parseJwt(data.id_token);
+    const jwtExpiry = getJwtExpiry(data.access_token);
+    return {
+        accessToken: data.access_token,
+        idToken: data.id_token,
+        expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),
+        userId: String(idPayload?.sub ?? 'unknown'),
+        email: idPayload?.email,
+    };
+}
+//# sourceMappingURL=device-auth.js.map

package/dist/src/lib/device-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-auth.js","sourceRoot":"","sources":["../../../src/lib/device-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAwCtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AACtD,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,sCAAsC,CAAC,CAAC;AAEnF,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC;IAChD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,aAAa,8BAA8B,CAAC;IAEnE,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,QAAQ,CAAC,4CAA4C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,eAAe,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IACtD,OAAO,CAAC,gDAAgD,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,aAAa,eAAe,CAAC;IAEzD,OAAO,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAEnB,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,8CAA8C;oBAC1D,WAAW,EAAE,UAAU;oBACvB,SAAS,EAAE,OAAO,CAAC,QAAQ;iBAC5B,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,kDAAkD,CAAC,CAAC;YAC5D,SAAS;QACX,CAAC;QAED,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,sDAAsD,CAAC,CAAC;YACjE,MAAM,IAAI,eAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,oCAAoC,EAAE,GAAG,CAAC,MAAM,EAAG,IAA0B,EAAE,KAAK,IAAI,SAAS,CAAC,CAAC;QAC3G,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACrD,OAAO,kBAAkB,CAAC,IAAqB,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,SAAS,GAAG,IAAyB,CAAC;QAE5C,IAAI,SAAS,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAChD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACpC,YAAY,IAAI,IAAI,CAAC;YACrB,OAAO,CAAC,2CAA2C,EAAE,YAAY,CAAC,CAAC;YACnE,OAAO,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;YACnC,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,IAAI,eAAe,CAAC,gBAAgB,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,wCAAwC,CAAC,CAAC;IACnD,MAAM,IAAI,eAAe,CAAC,0CAA0C,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAElD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7G,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,IAAI,SAAS,CAAC;QAC3C,KAAK,EAAE,SAAS,EAAE,KAA2B;KAC9C,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Device Authorization Flow\n *\n * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.\n * Extracted from login.ts for reuse in wizard credential gathering.\n */\n\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface DeviceAuthResponse {\n  device_code: string;\n  user_code: string;\n  verification_uri: string;\n  verification_uri_complete: string;\n  expires_in: number;\n  interval: number;\n}\n\nexport interface DeviceAuthOptions {\n  clientId: string;\n  authkitDomain: string;\n  scopes?: string[];\n  timeoutMs?: number;\n  onPoll?: () => void;\n  onSlowDown?: (newIntervalMs: number) => void;\n}\n\nexport interface DeviceAuthResult {\n  accessToken: string;\n  idToken: string;\n  expiresAt: number;\n  userId: string;\n  email?: string;\n}\n\ninterface TokenResponse {\n  access_token: string;\n  id_token: string;\n  token_type: string;\n  expires_in: number;\n  refresh_token?: string;\n}\n\ninterface AuthErrorResponse {\n  error: string;\n}\n\nexport class DeviceAuthError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DeviceAuthError';\n  }\n}\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_SCOPES = ['openid', 'email', 'staging-environment:credentials:read'];\n\nfunction sleep(ms: number): Promise<void> {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Parse JWT payload\n */\nfunction parseJwt(token: string): Record<string, unknown> | null {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) return null;\n    return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Extract expiry time from JWT token\n */\nfunction getJwtExpiry(token: string): number | null {\n  const payload = parseJwt(token);\n  if (!payload || typeof payload.exp !== 'number') return null;\n  return payload.exp * 1000;\n}\n\n/**\n * Request a device code from the OAuth authorization server.\n * Returns the device code, user code, and verification URIs.\n */\nexport async function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse> {\n  const scopes = options.scopes ?? DEFAULT_SCOPES;\n  const url = `${options.authkitDomain}/oauth2/device_authorization`;\n\n  logInfo('[device-auth] Requesting device code from:', url);\n  const res = await fetch(url, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: new URLSearchParams({\n      client_id: options.clientId,\n      scope: scopes.join(' '),\n    }),\n  });\n\n  logInfo('[device-auth] Device code response status:', res.status);\n  if (!res.ok) {\n    const text = await res.text();\n    logError('[device-auth] Device authorization failed:', res.status, text);\n    throw new DeviceAuthError(`Device authorization failed: ${res.status} ${text}`);\n  }\n\n  const data = (await res.json()) as DeviceAuthResponse;\n  logInfo('[device-auth] Device code received, user_code:', data.user_code);\n  return data;\n}\n\n/**\n * Poll for token after user has authorized in the browser.\n * Handles authorization_pending and slow_down responses per RFC 8628.\n */\nexport async function pollForToken(\n  deviceCode: string,\n  options: DeviceAuthOptions & { interval: number },\n): Promise<DeviceAuthResult> {\n  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const startTime = Date.now();\n  let pollInterval = options.interval * 1000;\n  const tokenUrl = `${options.authkitDomain}/oauth2/token`;\n\n  logInfo('[device-auth] Starting token polling, timeout:', timeoutMs);\n  while (Date.now() - startTime < timeoutMs) {\n    await sleep(pollInterval);\n    options.onPoll?.();\n\n    let res: Response;\n    try {\n      res = await fetch(tokenUrl, {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n        body: new URLSearchParams({\n          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n          device_code: deviceCode,\n          client_id: options.clientId,\n        }),\n      });\n    } catch (err) {\n      logInfo('[device-auth] Token poll network error, retrying');\n      continue;\n    }\n\n    let data;\n    try {\n      data = await res.json();\n    } catch {\n      logError('[device-auth] Invalid JSON response from auth server');\n      throw new DeviceAuthError('Invalid response from auth server');\n    }\n\n    logInfo('[device-auth] Token poll response:', res.status, (data as AuthErrorResponse)?.error ?? 'success');\n    if (res.ok) {\n      logInfo('[device-auth] Token received successfully');\n      return parseTokenResponse(data as TokenResponse);\n    }\n\n    const errorData = data as AuthErrorResponse;\n\n    if (errorData.error === 'authorization_pending') {\n      continue;\n    }\n\n    if (errorData.error === 'slow_down') {\n      pollInterval += 5000;\n      logInfo('[device-auth] Slowing down, new interval:', pollInterval);\n      options.onSlowDown?.(pollInterval);\n      continue;\n    }\n\n    logError('[device-auth] Token error:', errorData.error);\n    throw new DeviceAuthError(`Token error: ${errorData.error}`);\n  }\n\n  logError('[device-auth] Authentication timed out');\n  throw new DeviceAuthError('Authentication timed out after 5 minutes');\n}\n\nfunction parseTokenResponse(data: TokenResponse): DeviceAuthResult {\n  const idPayload = parseJwt(data.id_token);\n  const jwtExpiry = getJwtExpiry(data.access_token);\n\n  return {\n    accessToken: data.access_token,\n    idToken: data.id_token,\n    expiresAt: jwtExpiry ?? (data.expires_in ? Date.now() + data.expires_in * 1000 : Date.now() + 15 * 60 * 1000),\n    userId: String(idPayload?.sub ?? 'unknown'),\n    email: idPayload?.email as string | undefined,\n  };\n}\n"]}

package/dist/src/lib/events.d.ts

@@ -78,6 +78,36 @@ export interface WizardEvents {
         requiresApiKey: boolean;
     };
     'credentials:found': Record<string, never>;
+    'credentials:env:detected': {
+        files: string[];
+    };
+    'credentials:env:prompt': {
+        files: string[];
+    };
+    'credentials:env:scanning': Record<string, never>;
+    'credentials:env:found': {
+        sourcePath: string;
+    };
+    'credentials:env:notfound': Record<string, never>;
+    'device:started': {
+        verificationUri: string;
+        verificationUriComplete: string;
+        userCode: string;
+    };
+    'device:polling': Record<string, never>;
+    'device:success': {
+        email?: string;
+    };
+    'device:timeout': Record<string, never>;
+    'device:error': {
+        message: string;
+    };
+    'staging:fetching': Record<string, never>;
+    'staging:success': Record<string, never>;
+    'staging:error': {
+        message: string;
+        statusCode?: number;
+    };
     'config:start': Record<string, never>;
     'config:complete': Record<string, never>;
     'agent:start': Record<string, never>;
@@ -103,6 +133,51 @@ export interface WizardEvents {
         issueCount: number;
         durationMs: number;
     };
+    'branch:checking': Record<string, never>;
+    'branch:protected': {
+        branch: string;
+    };
+    'branch:prompt': {
+        branch: string;
+    };
+    'branch:created': {
+        branch: string;
+    };
+    'branch:create:failed': {
+        error: string;
+    };
+    'branch:skipped': Record<string, never>;
+    'postinstall:changes': {
+        files: string[];
+    };
+    'postinstall:nochanges': Record<string, never>;
+    'postinstall:commit:prompt': Record<string, never>;
+    'postinstall:commit:generating': Record<string, never>;
+    'postinstall:commit:committing': {
+        message: string;
+    };
+    'postinstall:commit:success': {
+        message: string;
+    };
+    'postinstall:commit:failed': {
+        error: string;
+    };
+    'postinstall:pr:prompt': Record<string, never>;
+    'postinstall:pr:generating': Record<string, never>;
+    'postinstall:pr:pushing': Record<string, never>;
+    'postinstall:pr:creating': Record<string, never>;
+    'postinstall:pr:success': {
+        url: string;
+    };
+    'postinstall:pr:failed': {
+        error: string;
+    };
+    'postinstall:push:failed': {
+        error: string;
+    };
+    'postinstall:manual': {
+        instructions: string;
+    };
 }
 export type WizardEventName = keyof WizardEvents;
 export declare class WizardEventEmitter extends EventEmitter {

package/dist/src/lib/events.js.map

@@ -1 +1 @@
-{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/lib/events.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AA8CtC,MAAM,OAAO,kBAAmB,SAAQ,YAAY;IAClD,IAAI,CAA4B,KAAQ,EAAE,OAAwB;QAChE,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,EAAE,CAA4B,KAAQ,EAAE,QAA4C;QAClF,OAAO,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,GAAG,CAA4B,KAAQ,EAAE,QAA4C;QACnF,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,CAA4B,KAAQ,EAAE,QAA4C;QACpF,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB;IACtC,OAAO,IAAI,kBAAkB,EAAE,CAAC;AAClC,CAAC","sourcesContent":["import { EventEmitter } from 'events';\n\nexport interface WizardEvents {\n  status: { message: string };\n  output: { text: string; isError?: boolean };\n  'file:write': { path: string; content: string };\n  'file:edit': { path: string; oldContent: string; newContent: string };\n  'prompt:request': { id: string; message: string; options?: string[] };\n  'prompt:response': { id: string; value: string };\n  'confirm:request': { id: string; message: string; warning?: string; files?: string[] };\n  'confirm:response': { id: string; confirmed: boolean };\n  'credentials:request': { requiresApiKey: boolean };\n  'credentials:response': { apiKey: string; clientId: string };\n  complete: { success: boolean; summary?: string };\n  error: { message: string; stack?: string };\n\n  'state:enter': { state: string };\n  'state:exit': { state: string };\n  'auth:checking': Record<string, never>;\n  'auth:required': Record<string, never>;\n  'auth:success': Record<string, never>;\n  'auth:failure': { message: string };\n  'detection:start': Record<string, never>;\n  'detection:complete': { integration: string };\n  'detection:none': Record<string, never>;\n  'git:checking': Record<string, never>;\n  'git:clean': Record<string, never>;\n  'git:dirty': { files: string[] };\n  'git:dirty:confirmed': Record<string, never>;\n  'git:dirty:cancelled': Record<string, never>;\n  'credentials:gathering': { requiresApiKey: boolean };\n  'credentials:found': Record<string, never>;\n  'config:start': Record<string, never>;\n  'config:complete': Record<string, never>;\n  'agent:start': Record<string, never>;\n  'agent:progress': { step: string; detail?: string };\n  'agent:success': { summary?: string };\n  'agent:failure': { message: string; stack?: string };\n\n  'validation:start': { framework: string };\n  'validation:issues': { issues: import('./validation/types.js').ValidationIssue[] };\n  'validation:complete': { passed: boolean; issueCount: number; durationMs: number };\n}\n\nexport type WizardEventName = keyof WizardEvents;\n\nexport class WizardEventEmitter extends EventEmitter {\n  emit<K extends WizardEventName>(event: K, payload: WizardEvents[K]): boolean {\n    return super.emit(event, payload);\n  }\n\n  on<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.on(event, listener);\n  }\n\n  off<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.off(event, listener);\n  }\n\n  once<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.once(event, listener);\n  }\n}\n\nexport function createWizardEventEmitter(): WizardEventEmitter {\n  return new WizardEventEmitter();\n}\n"]}
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/lib/events.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAuFtC,MAAM,OAAO,kBAAmB,SAAQ,YAAY;IAClD,IAAI,CAA4B,KAAQ,EAAE,OAAwB;QAChE,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,EAAE,CAA4B,KAAQ,EAAE,QAA4C;QAClF,OAAO,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,GAAG,CAA4B,KAAQ,EAAE,QAA4C;QACnF,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,CAA4B,KAAQ,EAAE,QAA4C;QACpF,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB;IACtC,OAAO,IAAI,kBAAkB,EAAE,CAAC;AAClC,CAAC","sourcesContent":["import { EventEmitter } from 'events';\n\nexport interface WizardEvents {\n  status: { message: string };\n  output: { text: string; isError?: boolean };\n  'file:write': { path: string; content: string };\n  'file:edit': { path: string; oldContent: string; newContent: string };\n  'prompt:request': { id: string; message: string; options?: string[] };\n  'prompt:response': { id: string; value: string };\n  'confirm:request': { id: string; message: string; warning?: string; files?: string[] };\n  'confirm:response': { id: string; confirmed: boolean };\n  'credentials:request': { requiresApiKey: boolean };\n  'credentials:response': { apiKey: string; clientId: string };\n  complete: { success: boolean; summary?: string };\n  error: { message: string; stack?: string };\n\n  'state:enter': { state: string };\n  'state:exit': { state: string };\n  'auth:checking': Record<string, never>;\n  'auth:required': Record<string, never>;\n  'auth:success': Record<string, never>;\n  'auth:failure': { message: string };\n  'detection:start': Record<string, never>;\n  'detection:complete': { integration: string };\n  'detection:none': Record<string, never>;\n  'git:checking': Record<string, never>;\n  'git:clean': Record<string, never>;\n  'git:dirty': { files: string[] };\n  'git:dirty:confirmed': Record<string, never>;\n  'git:dirty:cancelled': Record<string, never>;\n  'credentials:gathering': { requiresApiKey: boolean };\n  'credentials:found': Record<string, never>;\n  // Credential discovery events\n  'credentials:env:detected': { files: string[] };\n  'credentials:env:prompt': { files: string[] };\n  'credentials:env:scanning': Record<string, never>;\n  'credentials:env:found': { sourcePath: string };\n  'credentials:env:notfound': Record<string, never>;\n  // Device auth events\n  'device:started': { verificationUri: string; verificationUriComplete: string; userCode: string };\n  'device:polling': Record<string, never>;\n  'device:success': { email?: string };\n  'device:timeout': Record<string, never>;\n  'device:error': { message: string };\n  // Staging API events\n  'staging:fetching': Record<string, never>;\n  'staging:success': Record<string, never>;\n  'staging:error': { message: string; statusCode?: number };\n  'config:start': Record<string, never>;\n  'config:complete': Record<string, never>;\n  'agent:start': Record<string, never>;\n  'agent:progress': { step: string; detail?: string };\n  'agent:success': { summary?: string };\n  'agent:failure': { message: string; stack?: string };\n\n  'validation:start': { framework: string };\n  'validation:issues': { issues: import('./validation/types.js').ValidationIssue[] };\n  'validation:complete': { passed: boolean; issueCount: number; durationMs: number };\n\n  // Branch check events\n  'branch:checking': Record<string, never>;\n  'branch:protected': { branch: string };\n  'branch:prompt': { branch: string };\n  'branch:created': { branch: string };\n  'branch:create:failed': { error: string };\n  'branch:skipped': Record<string, never>;\n\n  // Post-install events\n  'postinstall:changes': { files: string[] };\n  'postinstall:nochanges': Record<string, never>;\n  'postinstall:commit:prompt': Record<string, never>;\n  'postinstall:commit:generating': Record<string, never>;\n  'postinstall:commit:committing': { message: string };\n  'postinstall:commit:success': { message: string };\n  'postinstall:commit:failed': { error: string };\n  'postinstall:pr:prompt': Record<string, never>;\n  'postinstall:pr:generating': Record<string, never>;\n  'postinstall:pr:pushing': Record<string, never>;\n  'postinstall:pr:creating': Record<string, never>;\n  'postinstall:pr:success': { url: string };\n  'postinstall:pr:failed': { error: string };\n  'postinstall:push:failed': { error: string };\n  'postinstall:manual': { instructions: string };\n}\n\nexport type WizardEventName = keyof WizardEvents;\n\nexport class WizardEventEmitter extends EventEmitter {\n  emit<K extends WizardEventName>(event: K, payload: WizardEvents[K]): boolean {\n    return super.emit(event, payload);\n  }\n\n  on<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.on(event, listener);\n  }\n\n  off<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.off(event, listener);\n  }\n\n  once<K extends WizardEventName>(event: K, listener: (payload: WizardEvents[K]) => void): this {\n    return super.once(event, listener);\n  }\n}\n\nexport function createWizardEventEmitter(): WizardEventEmitter {\n  return new WizardEventEmitter();\n}\n"]}

package/dist/src/lib/post-install.d.ts

@@ -0,0 +1,8 @@
+export declare function detectChanges(): {
+    hasChanges: boolean;
+    files: string[];
+};
+export declare function stageAndCommit(message: string, cwd: string): void;
+export declare function pushBranch(cwd: string): void;
+export declare function createPullRequest(title: string, body: string, cwd: string): string;
+export declare function getManualPrInstructions(branch: string): string;