npm - workos - Versions diffs - 0.2.1 → 0.3.2 - Mend

workos 0.2.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (404) hide show

package/dist/lib/ai-content.js ADDED Viewed

@@ -0,0 +1,130 @@
+import Anthropic from '@anthropic-ai/sdk';
+import { startCredentialProxy } from './credential-proxy.js';
+import { getLlmGatewayUrl, getAuthkitDomain, getCliAuthClientId, getConfig } from './settings.js';
+import { getCredentials } from './credentials.js';
+import { logInfo, logError } from '../utils/debug.js';
+/**
+ * Execute an API call through a short-lived credential proxy.
+ * Handles proxy lifecycle automatically.
+ */
+async function withProxy(fn) {
+    const gatewayUrl = getLlmGatewayUrl();
+    const creds = getCredentials();
+    if (!creds?.refreshToken) {
+        // No refresh token - use credentials directly (legacy mode)
+        logInfo('[ai-content] No refresh token, using credentials directly');
+        const client = new Anthropic({
+            baseURL: gatewayUrl,
+            apiKey: 'gateway', // SDK requires something, gateway uses Authorization header
+            defaultHeaders: creds?.accessToken ? { Authorization: `Bearer ${creds.accessToken}` } : undefined,
+        });
+        return fn(client);
+    }
+    // Start short-lived proxy
+    const proxy = await startCredentialProxy({
+        upstreamUrl: gatewayUrl,
+        refresh: {
+            authkitDomain: getAuthkitDomain(),
+            clientId: getCliAuthClientId(),
+            refreshThresholdMs: getConfig().proxy.refreshThresholdMs,
+        },
+    });
+    logInfo(`[ai-content] Started proxy at ${proxy.url}`);
+    try {
+        const client = new Anthropic({
+            baseURL: proxy.url,
+            apiKey: 'proxy', // SDK requires something, proxy handles real auth
+        });
+        return await fn(client);
+    }
+    finally {
+        await proxy.stop();
+        logInfo('[ai-content] Stopped proxy');
+    }
+}
+/**
+ * Execute an API call directly to Anthropic (--direct mode).
+ */
+async function withDirect(fn) {
+    // SDK reads ANTHROPIC_API_KEY from env automatically
+    const client = new Anthropic();
+    return fn(client);
+}
+/**
+ * Generate a concise commit message for the AuthKit integration.
+ * Falls back to a default message if AI generation fails.
+ */
+export async function generateCommitMessage(integration, files, options = {}) {
+    const executor = options.direct ? withDirect : withProxy;
+    try {
+        return await executor(async (client) => {
+            const response = await client.messages.create({
+                model: 'claude-sonnet-4-20250514',
+                max_tokens: 100,
+                messages: [
+                    {
+                        role: 'user',
+                        content: `Generate a concise git commit message for adding WorkOS AuthKit to a ${integration} project. Changed files: ${files.slice(0, 10).join(', ')}. Use conventional commit format (feat:). One line only, under 72 chars.`,
+                    },
+                ],
+            });
+            const text = response.content[0];
+            if (text.type === 'text') {
+                return text.text.trim();
+            }
+            throw new Error('Unexpected response format');
+        });
+    }
+    catch (error) {
+        logError('[ai-content] Failed to generate commit message:', error);
+        return `feat: add WorkOS AuthKit integration for ${integration}`;
+    }
+}
+/**
+ * Generate a PR description for the AuthKit integration.
+ * Falls back to a default template if AI generation fails.
+ */
+export async function generatePrDescription(integration, files, commitMessage, options = {}) {
+    const executor = options.direct ? withDirect : withProxy;
+    try {
+        return await executor(async (client) => {
+            const response = await client.messages.create({
+                model: 'claude-sonnet-4-20250514',
+                max_tokens: 500,
+                messages: [
+                    {
+                        role: 'user',
+                        content: `Generate a GitHub PR description for: "${commitMessage}"
+Framework: ${integration}
+Files changed: ${files.join(', ')}
+Include:
+- Brief summary (2-3 sentences)
+- Key changes bullet list
+- Link to WorkOS AuthKit docs: https://workos.com/docs/user-management
+Keep it concise. Markdown format.`,
+                    },
+                ],
+            });
+            const text = response.content[0];
+            if (text.type === 'text') {
+                return text.text.trim();
+            }
+            throw new Error('Unexpected response format');
+        });
+    }
+    catch (error) {
+        logError('[ai-content] Failed to generate PR description:', error);
+        return `## Summary
+Added WorkOS AuthKit integration for ${integration}.
+## Changes
+${files.map((f) => `- ${f}`).join('\n')}
+## Documentation
+https://workos.com/docs/user-management`;
+    }
+}
+//# sourceMappingURL=ai-content.js.map

package/dist/lib/ai-content.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-content.js","sourceRoot":"","sources":["../../src/lib/ai-content.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAOtD;;;GAGG;AACH,KAAK,UAAU,SAAS,CAAI,EAAqC;IAC/D,MAAM,UAAU,GAAG,gBAAgB,EAAE,CAAC;IACtC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAE/B,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC;QACzB,4DAA4D;QAC5D,OAAO,CAAC,2DAA2D,CAAC,CAAC;QACrE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;YAC3B,OAAO,EAAE,UAAU;YACnB,MAAM,EAAE,SAAS,EAAE,4DAA4D;YAC/E,cAAc,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS;SAClG,CAAC,CAAC;QACH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;IACpB,CAAC;IAED,0BAA0B;IAC1B,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC;QACvC,WAAW,EAAE,UAAU;QACvB,OAAO,EAAE;YACP,aAAa,EAAE,gBAAgB,EAAE;YACjC,QAAQ,EAAE,kBAAkB,EAAE;YAC9B,kBAAkB,EAAE,SAAS,EAAE,CAAC,KAAK,CAAC,kBAAkB;SACzD;KACF,CAAC,CAAC;IAEH,OAAO,CAAC,iCAAiC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;IAEtD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;YAC3B,OAAO,EAAE,KAAK,CAAC,GAAG;YAClB,MAAM,EAAE,OAAO,EAAE,kDAAkD;SACpE,CAAC,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;YAAS,CAAC;QACT,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAI,EAAqC;IAChE,qDAAqD;IACrD,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;IAC/B,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAAmB,EACnB,KAAe,EACf,UAA4B,EAAE;IAE9B,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAEzD,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC5C,KAAK,EAAE,0BAA0B;gBACjC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,OAAO,EAAE,wEAAwE,WAAW,4BAA4B,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,0EAA0E;qBAChO;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACnE,OAAO,4CAA4C,WAAW,EAAE,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAAmB,EACnB,KAAe,EACf,aAAqB,EACrB,UAA4B,EAAE;IAE9B,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAEzD,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC5C,KAAK,EAAE,0BAA0B;gBACjC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,OAAO,EAAE,0CAA0C,aAAa;;aAE/D,WAAW;iBACP,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;kCAOC;qBACvB;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACnE,OAAO;uCAC4B,WAAW;;;EAGhD,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;wCAGC,CAAC;IACvC,CAAC;AACH,CAAC","sourcesContent":["import Anthropic from '@anthropic-ai/sdk';\nimport { startCredentialProxy } from './credential-proxy.js';\nimport { getLlmGatewayUrl, getAuthkitDomain, getCliAuthClientId, getConfig } from './settings.js';\nimport { getCredentials } from './credentials.js';\nimport { logInfo, logError } from '../utils/debug.js';\n\nexport interface AiContentOptions {\n /** Use direct Anthropic API instead of llm-gateway */\n direct?: boolean;\n}\n\n/**\n * Execute an API call through a short-lived credential proxy.\n * Handles proxy lifecycle automatically.\n */\nasync function withProxy<T>(fn: (client: Anthropic) => Promise<T>): Promise<T> {\n const gatewayUrl = getLlmGatewayUrl();\n const creds = getCredentials();\n\n if (!creds?.refreshToken) {\n // No refresh token - use credentials directly (legacy mode)\n logInfo('[ai-content] No refresh token, using credentials directly');\n const client = new Anthropic({\n baseURL: gatewayUrl,\n apiKey: 'gateway', // SDK requires something, gateway uses Authorization header\n defaultHeaders: creds?.accessToken ? { Authorization: `Bearer ${creds.accessToken}` } : undefined,\n });\n return fn(client);\n }\n\n // Start short-lived proxy\n const proxy = await startCredentialProxy({\n upstreamUrl: gatewayUrl,\n refresh: {\n authkitDomain: getAuthkitDomain(),\n clientId: getCliAuthClientId(),\n refreshThresholdMs: getConfig().proxy.refreshThresholdMs,\n },\n });\n\n logInfo(`[ai-content] Started proxy at ${proxy.url}`);\n\n try {\n const client = new Anthropic({\n baseURL: proxy.url,\n apiKey: 'proxy', // SDK requires something, proxy handles real auth\n });\n return await fn(client);\n } finally {\n await proxy.stop();\n logInfo('[ai-content] Stopped proxy');\n }\n}\n\n/**\n * Execute an API call directly to Anthropic (--direct mode).\n */\nasync function withDirect<T>(fn: (client: Anthropic) => Promise<T>): Promise<T> {\n // SDK reads ANTHROPIC_API_KEY from env automatically\n const client = new Anthropic();\n return fn(client);\n}\n\n/**\n * Generate a concise commit message for the AuthKit integration.\n * Falls back to a default message if AI generation fails.\n */\nexport async function generateCommitMessage(\n integration: string,\n files: string[],\n options: AiContentOptions = {},\n): Promise<string> {\n const executor = options.direct ? withDirect : withProxy;\n\n try {\n return await executor(async (client) => {\n const response = await client.messages.create({\n model: 'claude-sonnet-4-20250514',\n max_tokens: 100,\n messages: [\n {\n role: 'user',\n content: `Generate a concise git commit message for adding WorkOS AuthKit to a ${integration} project. Changed files: ${files.slice(0, 10).join(', ')}. Use conventional commit format (feat:). One line only, under 72 chars.`,\n },\n ],\n });\n\n const text = response.content[0];\n if (text.type === 'text') {\n return text.text.trim();\n }\n throw new Error('Unexpected response format');\n });\n } catch (error) {\n logError('[ai-content] Failed to generate commit message:', error);\n return `feat: add WorkOS AuthKit integration for ${integration}`;\n }\n}\n\n/**\n * Generate a PR description for the AuthKit integration.\n * Falls back to a default template if AI generation fails.\n */\nexport async function generatePrDescription(\n integration: string,\n files: string[],\n commitMessage: string,\n options: AiContentOptions = {},\n): Promise<string> {\n const executor = options.direct ? withDirect : withProxy;\n\n try {\n return await executor(async (client) => {\n const response = await client.messages.create({\n model: 'claude-sonnet-4-20250514',\n max_tokens: 500,\n messages: [\n {\n role: 'user',\n content: `Generate a GitHub PR description for: \"${commitMessage}\"\n\nFramework: ${integration}\nFiles changed: ${files.join(', ')}\n\nInclude:\n- Brief summary (2-3 sentences)\n- Key changes bullet list\n- Link to WorkOS AuthKit docs: https://workos.com/docs/user-management\n\nKeep it concise. Markdown format.`,\n },\n ],\n });\n\n const text = response.content[0];\n if (text.type === 'text') {\n return text.text.trim();\n }\n throw new Error('Unexpected response format');\n });\n } catch (error) {\n logError('[ai-content] Failed to generate PR description:', error);\n return `## Summary\nAdded WorkOS AuthKit integration for ${integration}.\n\n## Changes\n${files.map((f) => `- ${f}`).join('\\n')}\n\n## Documentation\nhttps://workos.com/docs/user-management`;\n }\n}\n"]}

package/dist/lib/api.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,aAAa,EAAE,CAAC,CAAC,KAAK,CACpB,CAAC,CAAC,MAAM,CAAC;QACP,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;KACb,CAAC,CACH;IACD,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACb,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,YAAY,EAAE,CAAC,CAAC,IAAI,EAAE;KACvB,CAAC;IACF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;KACb,CAAC;CACH,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;IACd,YAAY,EAAE,CAAC,CAAC,IAAI,EAAE;IACtB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAKH,MAAM,QAAS,SAAQ,KAAK;IAGR;IACA;IAHlB,YACE,OAAe,EACC,UAAmB,EACnB,QAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,eAAU,GAAV,UAAU,CAAS;QACnB,aAAQ,GAAR,QAAQ,CAAS;QAGjC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,WAAmB,EAAE,OAAe;IACtE,MAAM,QAAQ,GAAG,iBAAiB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,GAAG,QAAQ,EAAE,EAAE;YACpD,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;QACpE,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE;YACnC,QAAQ;YACR,OAAO;SACR,CAAC,CAAC;QACH,MAAM,QAAQ,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB,EAAE,SAAiB,EAAE,OAAe;IAC5F,MAAM,QAAQ,GAAG,iBAAiB,SAAS,GAAG,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,GAAG,QAAQ,EAAE,EAAE;YACpD,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,OAAO,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;QACvE,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE;YACnC,QAAQ;YACR,OAAO;YACP,SAAS;SACV,CAAC,CAAC;QACH,MAAM,QAAQ,CAAC;IACjB,CAAC;AACH,CAAC;AAQD,KAAK,UAAU,gBAAgB,CAAC,QAAkB,EAAE,QAAgB;IAClE,IAAI,MAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YAClE,MAAM,GAAG,MAAM,CAAE,IAA4B,CAAC,MAAM,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAe,CAAC;IACjE,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC/B,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC1B,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,KAAK,YAAY,KAAK,IAAI,QAAQ,IAAI,KAAK,IAAI,OAAQ,KAAoB,CAAC,MAAM,KAAK,QAAQ,CAAC;AACzG,CAAC;AAED,SAAS,cAAc,CAAC,KAAc,EAAE,SAAiB,EAAE,QAAgB;IACzE,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAEjC,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,IAAI,QAAQ,CAAC,yCAAyC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC9F,CAAC;QAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,IAAI,QAAQ,CAAC,iCAAiC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,IAAI,QAAQ,CAAC,sCAAsC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,aAAa,SAAS,EAAE,CAAC;QACnD,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;QAChC,OAAO,IAAI,QAAQ,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,IAAI,QAAQ,CACjB,oCAAoC,SAAS,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC7G,CAAC;AACJ,CAAC","sourcesContent":["import { z } from 'zod';\nimport { analytics } from '../utils/analytics.js';\n\nexport const ApiUserSchema = z.object({\n distinct_id: z.string(),\n organizations: z.array(\n z.object({\n id: z.uuid(),\n }),\n ),\n team: z.object({\n id: z.number(),\n organization: z.uuid(),\n }),\n organization: z.object({\n id: z.uuid(),\n }),\n});\n\nexport const ApiProjectSchema = z.object({\n id: z.number(),\n uuid: z.uuid(),\n organization: z.uuid(),\n api_token: z.string(),\n name: z.string(),\n});\n\nexport type ApiUser = z.infer<typeof ApiUserSchema>;\nexport type ApiProject = z.infer<typeof ApiProjectSchema>;\n\nclass ApiError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n public readonly endpoint?: string,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n}\n\nexport async function fetchUserData(accessToken: string, baseUrl: string): Promise<ApiUser> {\n const endpoint = '/api/users/@me/';\n try {\n const response = await fetch(`${baseUrl}${endpoint}`, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n throw await createFetchError(response, endpoint);\n }\n\n const data = await response.json();\n return ApiUserSchema.parse(data);\n } catch (error) {\n const apiError = handleApiError(error, 'fetch user data', endpoint);\n analytics.captureException(apiError, {\n endpoint,\n baseUrl,\n });\n throw apiError;\n }\n}\n\nexport async function fetchProjectData(accessToken: string, projectId: number, baseUrl: string): Promise<ApiProject> {\n const endpoint = `/api/projects/${projectId}/`;\n try {\n const response = await fetch(`${baseUrl}${endpoint}`, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n throw await createFetchError(response, endpoint);\n }\n\n const data = await response.json();\n return ApiProjectSchema.parse(data);\n } catch (error) {\n const apiError = handleApiError(error, 'fetch project data', endpoint);\n analytics.captureException(apiError, {\n endpoint,\n baseUrl,\n projectId,\n });\n throw apiError;\n }\n}\n\ninterface FetchError extends Error {\n status: number;\n endpoint: string;\n detail?: string;\n}\n\nasync function createFetchError(response: Response, endpoint: string): Promise<FetchError> {\n let detail: string | undefined;\n try {\n const data: unknown = await response.json();\n if (typeof data === 'object' && data !== null && 'detail' in data) {\n detail = String((data as { detail: unknown }).detail);\n }\n } catch {\n // Response wasn't JSON\n }\n\n const error = new Error(`HTTP ${response.status}`) as FetchError;\n error.status = response.status;\n error.endpoint = endpoint;\n error.detail = detail;\n return error;\n}\n\nfunction isFetchError(error: unknown): error is FetchError {\n return error instanceof Error && 'status' in error && typeof (error as FetchError).status === 'number';\n}\n\nfunction handleApiError(error: unknown, operation: string, endpoint: string): ApiError {\n if (isFetchError(error)) {\n const { status, detail } = error;\n\n if (status === 401) {\n return new ApiError(`Authentication failed while trying to ${operation}`, status, endpoint);\n }\n\n if (status === 403) {\n return new ApiError(`Access denied while trying to ${operation}`, status, endpoint);\n }\n\n if (status === 404) {\n return new ApiError(`Resource not found while trying to ${operation}`, status, endpoint);\n }\n\n const message = detail || `Failed to ${operation}`;\n return new ApiError(message, status, endpoint);\n }\n\n if (error instanceof z.ZodError) {\n return new ApiError(`Invalid response format while trying to ${operation}`);\n }\n\n return new ApiError(\n `Unexpected error while trying to ${operation}: ${error instanceof Error ? error.message : 'Unknown error'}`,\n );\n}\n"]}

package/dist/lib/background-refresh.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Background token refresh loop.
+ * Runs in main wizard process, refreshes tokens before expiry,
+ * writes to credentials file for proxy to read.
+ */
+export interface BackgroundRefreshOptions {
+    /** AuthKit domain for refresh endpoint */
+    authkitDomain: string;
+    /** OAuth client ID */
+    clientId: string;
+    /** Check interval in ms (default: 30000) */
+    intervalMs?: number;
+    /** Refresh threshold in ms before expiry (default: 120000 = 2 min) */
+    refreshThresholdMs?: number;
+    /** Callback when refresh fails permanently */
+    onRefreshExpired?: () => void;
+    /** Callback when refresh succeeds */
+    onRefreshSuccess?: () => void;
+}
+export interface BackgroundRefreshHandle {
+    /** Stop the refresh loop */
+    stop: () => void;
+    /** Check if the loop is running */
+    isRunning: () => boolean;
+}
+/**
+ * Start background token refresh loop.
+ */
+export declare function startBackgroundRefresh(options: BackgroundRefreshOptions): BackgroundRefreshHandle;

package/dist/lib/background-refresh.js ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * Background token refresh loop.
+ * Runs in main wizard process, refreshes tokens before expiry,
+ * writes to credentials file for proxy to read.
+ */
+import { logInfo, logError, logWarn } from '../utils/debug.js';
+import { getCredentials, updateTokens } from './credentials.js';
+import { refreshAccessToken, tokenNeedsRefresh } from './token-refresh-client.js';
+import { analytics } from '../utils/analytics.js';
+/**
+ * Start background token refresh loop.
+ */
+export function startBackgroundRefresh(options) {
+    const { authkitDomain, clientId, intervalMs = 30_000, refreshThresholdMs = 2 * 60 * 1000, onRefreshExpired, onRefreshSuccess, } = options;
+    let isRunning = true;
+    let intervalId = null;
+    let consecutiveFailures = 0;
+    const MAX_CONSECUTIVE_FAILURES = 3;
+    const checkAndRefresh = async () => {
+        if (!isRunning)
+            return;
+        const creds = getCredentials();
+        if (!creds?.refreshToken) {
+            logWarn('[background-refresh] No refresh token available');
+            return;
+        }
+        if (!tokenNeedsRefresh(creds.expiresAt, refreshThresholdMs)) {
+            // Token still valid, nothing to do
+            const timeUntilExpiry = creds.expiresAt - Date.now();
+            logInfo(`[background-refresh] Token valid for ${Math.round(timeUntilExpiry / 1000)}s`);
+            return;
+        }
+        logInfo('[background-refresh] Token needs refresh, initiating...');
+        analytics.capture('installer.token.refresh', {
+            action: 'refresh_attempt',
+            trigger: 'proactive',
+            time_until_expiry_ms: creds.expiresAt - Date.now(),
+        });
+        const startTime = Date.now();
+        const result = await refreshAccessToken(authkitDomain, clientId);
+        if (result.success && result.accessToken && result.expiresAt) {
+            // Update credentials file atomically
+            updateTokens(result.accessToken, result.expiresAt, result.refreshToken);
+            consecutiveFailures = 0;
+            const durationMs = Date.now() - startTime;
+            logInfo(`[background-refresh] Token refreshed in ${durationMs}ms, new expiry: ${new Date(result.expiresAt).toISOString()}`);
+            analytics.capture('installer.token.refresh', {
+                action: 'refresh_success',
+                duration_ms: durationMs,
+                token_rotated: !!result.refreshToken,
+            });
+            onRefreshSuccess?.();
+        }
+        else {
+            consecutiveFailures++;
+            logError(`[background-refresh] Refresh failed: ${result.error}`);
+            analytics.capture('installer.token.refresh', {
+                action: 'refresh_failure',
+                error_type: result.errorType || 'unknown',
+                error_message: result.error || 'Unknown error',
+                consecutive_failures: consecutiveFailures,
+            });
+            // Handle permanent failure (refresh token expired)
+            if (result.errorType === 'invalid_grant') {
+                logError('[background-refresh] Refresh token expired, stopping refresh loop');
+                stop();
+                onRefreshExpired?.();
+                return;
+            }
+            // Handle too many consecutive transient failures
+            if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+                logError(`[background-refresh] ${MAX_CONSECUTIVE_FAILURES} consecutive failures, stopping`);
+                stop();
+                onRefreshExpired?.();
+            }
+        }
+    };
+    const stop = () => {
+        isRunning = false;
+        if (intervalId) {
+            clearInterval(intervalId);
+            intervalId = null;
+        }
+        logInfo('[background-refresh] Stopped');
+    };
+    // Run immediately, then on interval
+    checkAndRefresh();
+    intervalId = setInterval(checkAndRefresh, intervalMs);
+    logInfo(`[background-refresh] Started, checking every ${intervalMs}ms`);
+    return {
+        stop,
+        isRunning: () => isRunning,
+    };
+}
+//# sourceMappingURL=background-refresh.js.map

package/dist/lib/background-refresh.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"background-refresh.js","sourceRoot":"","sources":["../../src/lib/background-refresh.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAClF,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAwBlD;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAiC;IACtE,MAAM,EACJ,aAAa,EACb,QAAQ,EACR,UAAU,GAAG,MAAM,EACnB,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAClC,gBAAgB,EAChB,gBAAgB,GACjB,GAAG,OAAO,CAAC;IAEZ,IAAI,SAAS,GAAG,IAAI,CAAC;IACrB,IAAI,UAAU,GAA0B,IAAI,CAAC;IAC7C,IAAI,mBAAmB,GAAG,CAAC,CAAC;IAC5B,MAAM,wBAAwB,GAAG,CAAC,CAAC;IAEnC,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;QACjC,IAAI,CAAC,SAAS;YAAE,OAAO;QAEvB,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAE/B,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC;YACzB,OAAO,CAAC,iDAAiD,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,CAAC;YAC5D,mCAAmC;YACnC,MAAM,eAAe,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACrD,OAAO,CAAC,wCAAwC,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;QAED,OAAO,CAAC,yDAAyD,CAAC,CAAC;QAEnE,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE;YAC3C,MAAM,EAAE,iBAAiB;YACzB,OAAO,EAAE,WAAW;YACpB,oBAAoB,EAAE,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;SACnD,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAEjE,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7D,qCAAqC;YACrC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YAExE,mBAAmB,GAAG,CAAC,CAAC;YACxB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAE1C,OAAO,CACL,2CAA2C,UAAU,mBAAmB,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CACnH,CAAC;YAEF,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE;gBAC3C,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE,UAAU;gBACvB,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,YAAY;aACrC,CAAC,CAAC;YAEH,gBAAgB,EAAE,EAAE,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,mBAAmB,EAAE,CAAC;YAEtB,QAAQ,CAAC,wCAAwC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YAEjE,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE;gBAC3C,MAAM,EAAE,iBAAiB;gBACzB,UAAU,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;gBACzC,aAAa,EAAE,MAAM,CAAC,KAAK,IAAI,eAAe;gBAC9C,oBAAoB,EAAE,mBAAmB;aAC1C,CAAC,CAAC;YAEH,mDAAmD;YACnD,IAAI,MAAM,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;gBACzC,QAAQ,CAAC,mEAAmE,CAAC,CAAC;gBAC9E,IAAI,EAAE,CAAC;gBACP,gBAAgB,EAAE,EAAE,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,iDAAiD;YACjD,IAAI,mBAAmB,IAAI,wBAAwB,EAAE,CAAC;gBACpD,QAAQ,CAAC,wBAAwB,wBAAwB,iCAAiC,CAAC,CAAC;gBAC5F,IAAI,EAAE,CAAC;gBACP,gBAAgB,EAAE,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,IAAI,GAAG,GAAG,EAAE;QAChB,SAAS,GAAG,KAAK,CAAC;QAClB,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,CAAC,UAAU,CAAC,CAAC;YAC1B,UAAU,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,oCAAoC;IACpC,eAAe,EAAE,CAAC;IAClB,UAAU,GAAG,WAAW,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAEtD,OAAO,CAAC,gDAAgD,UAAU,IAAI,CAAC,CAAC;IAExE,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;KAC3B,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Background token refresh loop.\n * Runs in main wizard process, refreshes tokens before expiry,\n * writes to credentials file for proxy to read.\n */\n\nimport { logInfo, logError, logWarn } from '../utils/debug.js';\nimport { getCredentials, updateTokens } from './credentials.js';\nimport { refreshAccessToken, tokenNeedsRefresh } from './token-refresh-client.js';\nimport { analytics } from '../utils/analytics.js';\n\nexport interface BackgroundRefreshOptions {\n /** AuthKit domain for refresh endpoint */\n authkitDomain: string;\n /** OAuth client ID */\n clientId: string;\n /** Check interval in ms (default: 30000) */\n intervalMs?: number;\n /** Refresh threshold in ms before expiry (default: 120000 = 2 min) */\n refreshThresholdMs?: number;\n /** Callback when refresh fails permanently */\n onRefreshExpired?: () => void;\n /** Callback when refresh succeeds */\n onRefreshSuccess?: () => void;\n}\n\nexport interface BackgroundRefreshHandle {\n /** Stop the refresh loop */\n stop: () => void;\n /** Check if the loop is running */\n isRunning: () => boolean;\n}\n\n/**\n * Start background token refresh loop.\n */\nexport function startBackgroundRefresh(options: BackgroundRefreshOptions): BackgroundRefreshHandle {\n const {\n authkitDomain,\n clientId,\n intervalMs = 30_000,\n refreshThresholdMs = 2 * 60 * 1000,\n onRefreshExpired,\n onRefreshSuccess,\n } = options;\n\n let isRunning = true;\n let intervalId: NodeJS.Timeout | null = null;\n let consecutiveFailures = 0;\n const MAX_CONSECUTIVE_FAILURES = 3;\n\n const checkAndRefresh = async () => {\n if (!isRunning) return;\n\n const creds = getCredentials();\n\n if (!creds?.refreshToken) {\n logWarn('[background-refresh] No refresh token available');\n return;\n }\n\n if (!tokenNeedsRefresh(creds.expiresAt, refreshThresholdMs)) {\n // Token still valid, nothing to do\n const timeUntilExpiry = creds.expiresAt - Date.now();\n logInfo(`[background-refresh] Token valid for ${Math.round(timeUntilExpiry / 1000)}s`);\n return;\n }\n\n logInfo('[background-refresh] Token needs refresh, initiating...');\n\n analytics.capture('installer.token.refresh', {\n action: 'refresh_attempt',\n trigger: 'proactive',\n time_until_expiry_ms: creds.expiresAt - Date.now(),\n });\n\n const startTime = Date.now();\n const result = await refreshAccessToken(authkitDomain, clientId);\n\n if (result.success && result.accessToken && result.expiresAt) {\n // Update credentials file atomically\n updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n\n consecutiveFailures = 0;\n const durationMs = Date.now() - startTime;\n\n logInfo(\n `[background-refresh] Token refreshed in ${durationMs}ms, new expiry: ${new Date(result.expiresAt).toISOString()}`,\n );\n\n analytics.capture('installer.token.refresh', {\n action: 'refresh_success',\n duration_ms: durationMs,\n token_rotated: !!result.refreshToken,\n });\n\n onRefreshSuccess?.();\n } else {\n consecutiveFailures++;\n\n logError(`[background-refresh] Refresh failed: ${result.error}`);\n\n analytics.capture('installer.token.refresh', {\n action: 'refresh_failure',\n error_type: result.errorType || 'unknown',\n error_message: result.error || 'Unknown error',\n consecutive_failures: consecutiveFailures,\n });\n\n // Handle permanent failure (refresh token expired)\n if (result.errorType === 'invalid_grant') {\n logError('[background-refresh] Refresh token expired, stopping refresh loop');\n stop();\n onRefreshExpired?.();\n return;\n }\n\n // Handle too many consecutive transient failures\n if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {\n logError(`[background-refresh] ${MAX_CONSECUTIVE_FAILURES} consecutive failures, stopping`);\n stop();\n onRefreshExpired?.();\n }\n }\n };\n\n const stop = () => {\n isRunning = false;\n if (intervalId) {\n clearInterval(intervalId);\n intervalId = null;\n }\n logInfo('[background-refresh] Stopped');\n };\n\n // Run immediately, then on interval\n checkAndRefresh();\n intervalId = setInterval(checkAndRefresh, intervalMs);\n\n logInfo(`[background-refresh] Started, checking every ${intervalMs}ms`);\n\n return {\n stop,\n isRunning: () => isRunning,\n };\n}\n"]}

package/dist/{src/lib → lib}/config.d.ts RENAMED Viewed

@@ -1,11 +1,11 @@
-import type { WizardOptions } from '../utils/types.js';
+import type { InstallerOptions } from '../utils/types.js';
 import { Integration } from './constants.js';
 export declare const INTEGRATION_CONFIG: {
     readonly nextjs: {
         readonly name: "Next.js";
         readonly filterPatterns: ["**/*.{tsx,ts,jsx,js,mjs,cjs}"];
         readonly ignorePatterns: ["node_modules", "dist", "build", "public", "static", "next-env.d.*"];
-        readonly detect: (options: Pick<WizardOptions, "installDir">) => Promise<boolean>;
+        readonly detect: (options: Pick<InstallerOptions, "installDir">) => Promise<boolean>;
         readonly generateFilesRules: "";
         readonly filterFilesRules: "";
         readonly docsUrl: "https://workos.com/docs/user-management/authkit/nextjs";
@@ -16,7 +16,7 @@ export declare const INTEGRATION_CONFIG: {
         readonly name: "React (SPA)";
         readonly filterPatterns: ["**/*.{tsx,ts,jsx,js}"];
         readonly ignorePatterns: ["node_modules", "dist", "build", "public", "static", "assets"];
-        readonly detect: (options: Pick<WizardOptions, "installDir">) => Promise<boolean>;
+        readonly detect: (options: Pick<InstallerOptions, "installDir">) => Promise<boolean>;
         readonly generateFilesRules: "";
         readonly filterFilesRules: "";
         readonly docsUrl: "https://workos.com/docs/user-management/authkit/react";
@@ -27,7 +27,7 @@ export declare const INTEGRATION_CONFIG: {
         readonly name: "TanStack Start";
         readonly filterPatterns: ["**/*.{tsx,ts,jsx,js}"];
         readonly ignorePatterns: ["node_modules", "dist", "build", ".vinxi", ".output"];
-        readonly detect: (options: Pick<WizardOptions, "installDir">) => Promise<boolean>;
+        readonly detect: (options: Pick<InstallerOptions, "installDir">) => Promise<boolean>;
         readonly generateFilesRules: "";
         readonly filterFilesRules: "";
         readonly docsUrl: "https://workos.com/docs/user-management/authkit/tanstack-start";
@@ -38,7 +38,7 @@ export declare const INTEGRATION_CONFIG: {
         readonly name: "React Router";
         readonly filterPatterns: ["**/*.{tsx,ts,jsx,js}"];
         readonly ignorePatterns: ["node_modules", "dist", "build", "public", "static", "assets"];
-        readonly detect: (options: Pick<WizardOptions, "installDir">) => Promise<boolean>;
+        readonly detect: (options: Pick<InstallerOptions, "installDir">) => Promise<boolean>;
         readonly generateFilesRules: "";
         readonly filterFilesRules: "";
         readonly docsUrl: "https://workos.com/docs/user-management/authkit/react-router";
@@ -49,7 +49,7 @@ export declare const INTEGRATION_CONFIG: {
         readonly name: "Vanilla JavaScript";
         readonly filterPatterns: ["**/*.{html,js,ts}"];
         readonly ignorePatterns: ["node_modules", "dist", "build"];
-        readonly detect: (options: Pick<WizardOptions, "installDir">) => Promise<true>;
+        readonly detect: (options: Pick<InstallerOptions, "installDir">) => Promise<true>;
         readonly generateFilesRules: "";
         readonly filterFilesRules: "";
         readonly docsUrl: "https://workos.com/docs/user-management/authkit/javascript";

package/dist/lib/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAc7C,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE;QACpB,IAAI,EAAE,SAAS;QACf,cAAc,EAAE,CAAC,8BAA8B,CAAC;QAChD,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,CAAC;QACrF,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACxB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,mBAAmB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QACD,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,wDAAwD;QACjE,cAAc,EACZ,mLAAmL;QACrL,SAAS,EACP,+JAA+J;KAClK;IACD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE;QACnB,IAAI,EAAE,aAAa;QACnB,cAAc,EAAE,CAAC,sBAAsB,CAAC;QACxC,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;QAC/E,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACxB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACrD,0CAA0C;YAC1C,MAAM,QAAQ,GAAG,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC3D,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YACzD,MAAM,cAAc,GAAG,mBAAmB,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;YACxE,MAAM,WAAW,GAAG,mBAAmB,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAC;YAC9E,OAAO,QAAQ,IAAI,CAAC,OAAO,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,CAAC;QACjE,CAAC;QACD,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,uDAAuD;QAChE,cAAc,EACZ,8HAA8H;QAChI,SAAS,EACP,sJAAsJ;KACzJ;IACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;QAC3B,IAAI,EAAE,gBAAgB;QACtB,cAAc,EAAE,CAAC,sBAAsB,CAAC;QACxC,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC;QACtE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACxB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,mBAAmB,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAC;QACnE,CAAC;QACD,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,gEAAgE;QACzE,cAAc,EACZ,oHAAoH;QACtH,SAAS,EACP,qIAAqI;KACxI;IACD,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE;QACzB,IAAI,EAAE,cAAc;QACpB,cAAc,EAAE,CAAC,sBAAsB,CAAC;QACxC,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;QAC/E,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACxB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,mBAAmB,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC1D,CAAC;QACD,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,8DAA8D;QACvE,cAAc,EACZ,4IAA4I;QAC9I,SAAS,EACP,kIAAkI;KACrI;IACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;QACvB,IAAI,EAAE,oBAAoB;QAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;QACrC,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC;QACjD,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YACxB,wDAAwD;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,4DAA4D;QACrE,cAAc,EACZ,gKAAgK;QAClK,SAAS,EACP,oIAAoI;KACvI;CACwD,CAAC;AAE5D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,WAAW,CAAC,MAAM;IAClB,WAAW,CAAC,aAAa;IACzB,WAAW,CAAC,WAAW;IACvB,WAAW,CAAC,KAAK;IACjB,WAAW,CAAC,SAAS,EAAE,WAAW;CAC1B,CAAC","sourcesContent":["import { getPackageDotJson } from '../utils/clack-utils.js';\nimport { hasPackageInstalled } from '../utils/package-json.js';\nimport type { InstallerOptions } from '../utils/types.js';\nimport { Integration } from './constants.js';\n\ntype IntegrationConfig = {\n name: string;\n filterPatterns: string[];\n ignorePatterns: string[];\n detect: (options: Pick<InstallerOptions, 'installDir'>) => Promise<boolean>;\n generateFilesRules: string;\n filterFilesRules: string;\n docsUrl: string;\n nextSteps: string;\n defaultChanges: string;\n};\n\nexport const INTEGRATION_CONFIG = {\n [Integration.nextjs]: {\n name: 'Next.js',\n filterPatterns: ['**/*.{tsx,ts,jsx,js,mjs,cjs}'],\n ignorePatterns: ['node_modules', 'dist', 'build', 'public', 'static', 'next-env.d.*'],\n detect: async (options) => {\n const packageJson = await getPackageDotJson(options);\n return hasPackageInstalled('next', packageJson);\n },\n generateFilesRules: '',\n filterFilesRules: '',\n docsUrl: 'https://workos.com/docs/user-management/authkit/nextjs',\n defaultChanges:\n '• Installed @workos/authkit-nextjs package\\n• Initialized WorkOS AuthKit with your credentials\\n• Created authentication routes and callbacks\\n• Added login/logout UI components',\n nextSteps:\n '• Customize the auth UI to match your app design\\n• Add protected routes using withAuth() middleware\\n• Access user session with getUser() in your components',\n },\n [Integration.react]: {\n name: 'React (SPA)',\n filterPatterns: ['**/*.{tsx,ts,jsx,js}'],\n ignorePatterns: ['node_modules', 'dist', 'build', 'public', 'static', 'assets'],\n detect: async (options) => {\n const packageJson = await getPackageDotJson(options);\n // Detect React without routing frameworks\n const hasReact = hasPackageInstalled('react', packageJson);\n const hasNext = hasPackageInstalled('next', packageJson);\n const hasReactRouter = hasPackageInstalled('react-router', packageJson);\n const hasTanstack = hasPackageInstalled('@tanstack/react-start', packageJson);\n return hasReact && !hasNext && !hasReactRouter && !hasTanstack;\n },\n generateFilesRules: '',\n filterFilesRules: '',\n docsUrl: 'https://workos.com/docs/user-management/authkit/react',\n defaultChanges:\n '• Installed @workos/authkit-react package\\n• Added AuthKitProvider to wrap your app\\n• Created login and callback components',\n nextSteps:\n '• Use useAuth() hook to access auth state in components\\n• Add protected routes with conditional rendering\\n• Customize auth UI to match your design',\n },\n [Integration.tanstackStart]: {\n name: 'TanStack Start',\n filterPatterns: ['**/*.{tsx,ts,jsx,js}'],\n ignorePatterns: ['node_modules', 'dist', 'build', '.vinxi', '.output'],\n detect: async (options) => {\n const packageJson = await getPackageDotJson(options);\n return hasPackageInstalled('@tanstack/react-start', packageJson);\n },\n generateFilesRules: '',\n filterFilesRules: '',\n docsUrl: 'https://workos.com/docs/user-management/authkit/tanstack-start',\n defaultChanges:\n '• Installed WorkOS AuthKit SDK package\\n• Added AuthKit middleware and routes\\n• Created authentication components',\n nextSteps:\n '• Use useAuth() hook to access auth state\\n• Add protected routes with authentication checks\\n• Customize auth UI to match your app',\n },\n [Integration.reactRouter]: {\n name: 'React Router',\n filterPatterns: ['**/*.{tsx,ts,jsx,js}'],\n ignorePatterns: ['node_modules', 'dist', 'build', 'public', 'static', 'assets'],\n detect: async (options) => {\n const packageJson = await getPackageDotJson(options);\n return hasPackageInstalled('react-router', packageJson);\n },\n generateFilesRules: '',\n filterFilesRules: '',\n docsUrl: 'https://workos.com/docs/user-management/authkit/react-router',\n defaultChanges:\n '• Installed @workos/authkit-react-router package\\n• Added AuthKitProvider with React Router integration\\n• Created auth routes and loaders',\n nextSteps:\n '• Use useAuth() hook in your components\\n• Add protected routes with loader functions\\n• Customize auth flow to match your needs',\n },\n [Integration.vanillaJs]: {\n name: 'Vanilla JavaScript',\n filterPatterns: ['**/*.{html,js,ts}'],\n ignorePatterns: ['node_modules', 'dist', 'build'],\n detect: async (options) => {\n // Fallback: if no framework detected, assume vanilla JS\n return true;\n },\n generateFilesRules: '',\n filterFilesRules: '',\n docsUrl: 'https://workos.com/docs/user-management/authkit/javascript',\n defaultChanges:\n '• Installed @workos/authkit-js package (or added CDN script)\\n• Created auth initialization and callback handling\\n• Added login button and auth state display',\n nextSteps:\n '• Integrate auth state into your existing UI\\n• Add logout functionality where needed\\n• Protect pages that require authentication',\n },\n} as const satisfies Record<Integration, IntegrationConfig>;\n\nexport const INTEGRATION_ORDER = [\n Integration.nextjs,\n Integration.tanstackStart,\n Integration.reactRouter,\n Integration.react,\n Integration.vanillaJs, // fallback\n] as const;\n"]}

package/dist/{src/lib → lib}/constants.d.ts RENAMED Viewed

@@ -21,7 +21,7 @@ export declare const WORKOS_DOCS_URL: string;
 export declare const WORKOS_DASHBOARD_URL: string;
 export declare const ISSUES_URL: string;
 export declare const ANALYTICS_ENABLED: boolean;
-export declare const WIZARD_INTERACTION_EVENT_NAME: string;
+export declare const INSTALLER_INTERACTION_EVENT_NAME: string;
 export declare const WORKOS_TELEMETRY_ENABLED: boolean;
 export declare const OAUTH_PORT: number;
 /**

package/dist/{src/lib → lib}/constants.js RENAMED Viewed

@@ -36,7 +36,7 @@ export const WORKOS_DOCS_URL = settings.documentation.workosDocsUrl;
 export const WORKOS_DASHBOARD_URL = settings.documentation.dashboardUrl;
 export const ISSUES_URL = settings.documentation.issuesUrl;
 export const ANALYTICS_ENABLED = settings.telemetry.enabled;
-export const WIZARD_INTERACTION_EVENT_NAME = settings.telemetry.eventName;
+export const INSTALLER_INTERACTION_EVENT_NAME = settings.telemetry.eventName;
 export const WORKOS_TELEMETRY_ENABLED = process.env.WORKOS_TELEMETRY !== 'false';
 export const OAUTH_PORT = settings.legacy.oauthPort;
 /**

package/dist/lib/constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/lib/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,CAAN,IAAY,WAMX;AAND,WAAY,WAAW;IACrB,gCAAiB,CAAA;IACjB,8BAAe,CAAA;IACf,+CAAgC,CAAA;IAChC,2CAA4B,CAAA;IAC5B,uCAAwB,CAAA;AAC1B,CAAC,EANW,WAAW,KAAX,WAAW,QAMtB;AAED,MAAM,UAAU,yBAAyB,CAAC,IAAY;IACpD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,MAAM;YACrB,OAAO,SAAS,CAAC;QACnB,KAAK,WAAW,CAAC,KAAK;YACpB,OAAO,aAAa,CAAC;QACvB,KAAK,WAAW,CAAC,aAAa;YAC5B,OAAO,gBAAgB,CAAC;QAC1B,KAAK,WAAW,CAAC,WAAW;YAC1B,OAAO,cAAc,CAAC;QACxB,KAAK,WAAW,CAAC,SAAS;YACxB,OAAO,oBAAoB,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAOD,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,EAAE,yBAAyB,CAAC,IAAI,CAAC;QACrC,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC,CAAC;AACN,CAAC;AAOD,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;AAEnF,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7B,MAAM,CAAC,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;AAChD,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC,aAAa,CAAC,aAAa,CAAC;AACpE,MAAM,CAAC,MAAM,oBAAoB,GAAG,QAAQ,CAAC,aAAa,CAAC,YAAY,CAAC;AACxE,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,CAAC,SAAS,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC;AAC5D,MAAM,CAAC,MAAM,gCAAgC,GAAG,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC;AAC7E,MAAM,CAAC,MAAM,wBAAwB,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,OAAO,CAAC;AACjF,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;AAEpD;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAa;IACvC,oBAAoB;IACpB,YAAY;IACZ,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC","sourcesContent":["import { getConfig } from './settings.js';\n\nexport enum Integration {\n nextjs = 'nextjs',\n react = 'react',\n tanstackStart = 'tanstack-start',\n reactRouter = 'react-router',\n vanillaJs = 'vanilla-js',\n}\n\nexport function getIntegrationDescription(type: string): string {\n switch (type) {\n case Integration.nextjs:\n return 'Next.js';\n case Integration.react:\n return 'React (SPA)';\n case Integration.tanstackStart:\n return 'TanStack Start';\n case Integration.reactRouter:\n return 'React Router';\n case Integration.vanillaJs:\n return 'Vanilla JavaScript';\n default:\n throw new Error(`Unknown integration ${type}`);\n }\n}\n\ntype IntegrationChoice = {\n name: string;\n value: string;\n};\n\nexport function getIntegrationChoices(): IntegrationChoice[] {\n return Object.keys(Integration).map((type: string) => ({\n name: getIntegrationDescription(type),\n value: type,\n }));\n}\n\nexport interface Args {\n debug: boolean;\n integration: Integration;\n}\n\nexport const IS_DEV = ['test', 'development'].includes(process.env.NODE_ENV ?? '');\n\nconst settings = getConfig();\n\nexport const DEBUG = settings.logging.debugMode;\nexport const WORKOS_DOCS_URL = settings.documentation.workosDocsUrl;\nexport const WORKOS_DASHBOARD_URL = settings.documentation.dashboardUrl;\nexport const ISSUES_URL = settings.documentation.issuesUrl;\nexport const ANALYTICS_ENABLED = settings.telemetry.enabled;\nexport const INSTALLER_INTERACTION_EVENT_NAME = settings.telemetry.eventName;\nexport const WORKOS_TELEMETRY_ENABLED = process.env.WORKOS_TELEMETRY !== 'false';\nexport const OAUTH_PORT = settings.legacy.oauthPort;\n\n/**\n * Common glob patterns to ignore when searching for files.\n * Used by both Next.js and React Router integrations.\n */\nexport const IGNORE_PATTERNS: string[] = [\n '**/node_modules/**',\n '**/dist/**',\n '**/build/**',\n '**/public/**',\n '**/.next/**',\n];\n"]}

package/dist/lib/credential-discovery.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"credential-discovery.js","sourceRoot":"","sources":["../../src/lib/credential-discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAe5C,MAAM,cAAc,GAAG,CAAC,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAC;AAE5F,yDAAyD;AACzD,MAAM,wBAAwB,GAAG,0CAA0C,CAAC;AAC5E,MAAM,sBAAsB,GAAG,wCAAwC,CAAC;AAExE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAkB;IACvD,OAAO,CAAC,mDAAmD,EAAE,UAAU,CAAC,CAAC;IACzE,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7C,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IAED,OAAO,CAAC,yCAAyC,EAAE,UAAU,CAAC,CAAC;IAC/D,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;QAC7B,KAAK,EAAE,UAAU;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAErD,6CAA6C;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,kBAAkB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE3F,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAErE,OAAO;QACL,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;QAC5B,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;KACzB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,OAAO,CAAC,kEAAkE,CAAC,CAAC;IAC5E,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAElE,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,aAAa,EAAE,CAAC;gBACtC,OAAO,CAAC,mDAAmD,EAAE,QAAQ,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO,CAAC,iDAAiD,EAAE,QAAQ,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,CAAC,mDAAmD,EAAE,QAAQ,CAAC,CAAC;gBACvE,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,MAAM,EAAE,KAAK;oBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBAC/C,UAAU,EAAE,QAAQ;iBACrB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IAED,OAAO,CAAC,mDAAmD,CAAC,CAAC;IAC7D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC","sourcesContent":["import { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { logInfo } from '../utils/debug.js';\n\nexport interface DiscoveryResult {\n found: boolean;\n source?: 'env' | 'declined';\n clientId?: string;\n apiKey?: string;\n sourcePath?: string;\n}\n\nexport interface EnvFileInfo {\n exists: boolean;\n files: string[];\n}\n\nconst ENV_FILE_NAMES = ['.env.local', '.env.development.local', '.env.development', '.env'];\n\n// Only extract WorkOS variables - ignore everything else\nconst WORKOS_CLIENT_ID_PATTERN = /^WORKOS_CLIENT_ID=[\"']?([^\"'\\s#]+)[\"']?/m;\nconst WORKOS_API_KEY_PATTERN = /^WORKOS_API_KEY=[\"']?([^\"'\\s#]+)[\"']?/m;\n\n/**\n * Check if env files exist in the project directory (without reading contents).\n * Returns which files were found so the UI can prompt for consent.\n */\nexport async function checkForEnvFiles(projectDir: string): Promise<EnvFileInfo> {\n logInfo('[credential-discovery] Checking for env files in:', projectDir);\n const foundFiles: string[] = [];\n\n for (const fileName of ENV_FILE_NAMES) {\n const filePath = path.join(projectDir, fileName);\n try {\n await fs.access(filePath, fs.constants.R_OK);\n foundFiles.push(fileName);\n } catch {\n // continue\n }\n }\n\n logInfo('[credential-discovery] Found env files:', foundFiles);\n return {\n exists: foundFiles.length > 0,\n files: foundFiles,\n };\n}\n\n/**\n * Scan a single env file for WorkOS credentials.\n * Only extracts WORKOS_CLIENT_ID and WORKOS_API_KEY - ignores all other variables.\n */\nexport async function scanEnvFile(filePath: string): Promise<{ clientId?: string; apiKey?: string }> {\n const content = await fs.readFile(filePath, 'utf-8');\n\n // Filter out commented lines before matching\n const lines = content.split('\\n');\n const uncommentedContent = lines.filter((line) => !line.trim().startsWith('#')).join('\\n');\n\n const clientIdMatch = uncommentedContent.match(WORKOS_CLIENT_ID_PATTERN);\n const apiKeyMatch = uncommentedContent.match(WORKOS_API_KEY_PATTERN);\n\n return {\n clientId: clientIdMatch?.[1],\n apiKey: apiKeyMatch?.[1],\n };\n}\n\n/**\n * Validate client ID format.\n * WorkOS client IDs start with 'client_' prefix.\n */\nexport function isValidClientId(value: string): boolean {\n return value.startsWith('client_') && value.length > 10;\n}\n\n/**\n * Validate API key format.\n * WorkOS secret keys start with 'sk_' prefix.\n */\nexport function isValidApiKey(value: string): boolean {\n return value.startsWith('sk_') && value.length > 10;\n}\n\n/**\n * Discover WorkOS credentials from project env files.\n * Must be called AFTER user consent is given.\n *\n * Scans files in priority order: .env.local > .env.development.local > .env.development > .env\n * Returns first complete match (both clientId and apiKey preferred, but clientId-only is valid).\n */\nexport async function discoverCredentials(projectDir: string): Promise<DiscoveryResult> {\n logInfo('[credential-discovery] Scanning env files for WorkOS credentials');\n for (const fileName of ENV_FILE_NAMES) {\n const filePath = path.join(projectDir, fileName);\n\n try {\n const result = await scanEnvFile(filePath);\n\n const clientIdValid = result.clientId && isValidClientId(result.clientId);\n const apiKeyValid = result.apiKey && isValidApiKey(result.apiKey);\n\n if (result.clientId && !clientIdValid) {\n logInfo('[credential-discovery] Invalid clientId format in', fileName);\n }\n if (result.apiKey && !apiKeyValid) {\n logInfo('[credential-discovery] Invalid apiKey format in', fileName);\n }\n\n if (clientIdValid) {\n logInfo('[credential-discovery] Found valid credentials in', fileName);\n return {\n found: true,\n source: 'env',\n clientId: result.clientId,\n apiKey: apiKeyValid ? result.apiKey : undefined,\n sourcePath: fileName,\n };\n }\n } catch {\n // continue\n }\n }\n\n logInfo('[credential-discovery] No valid credentials found');\n return { found: false };\n}\n"]}

package/dist/lib/credential-proxy.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Lightweight HTTP proxy that injects credentials from file into requests.
+ * Includes lazy token refresh - refreshes proactively when token is expiring soon.
+ */
+export interface RefreshConfig {
+    /** AuthKit domain for refresh endpoint */
+    authkitDomain: string;
+    /** OAuth client ID */
+    clientId: string;
+    /** Threshold in ms - refresh when token expires within this window (default: 60000 = 1 min) */
+    refreshThresholdMs?: number;
+    /** Callback when refresh succeeds */
+    onRefreshSuccess?: () => void;
+    /** Callback when refresh fails permanently (token expired, invalid_grant) */
+    onRefreshExpired?: () => void;
+}
+export interface CredentialProxyOptions {
+    /** Upstream URL to forward requests to */
+    upstreamUrl: string;
+    /** Optional: specific port to bind (default: random) */
+    port?: number;
+    /** Optional: refresh configuration for lazy token refresh */
+    refresh?: RefreshConfig;
+}
+export interface CredentialProxyHandle {
+    /** Port the proxy is listening on */
+    port: number;
+    /** Full URL for the proxy (e.g., http://localhost:54321) */
+    url: string;
+    /** Stop the proxy server */
+    stop: () => Promise<void>;
+}
+/**
+ * Start the credential injector proxy with optional lazy refresh.
+ */
+export declare function startCredentialProxy(options: CredentialProxyOptions): Promise<CredentialProxyHandle>;