workos 0.6.0 → 0.7.1

package/dist/doctor/agent-prompt.js

@@ -0,0 +1,190 @@
+import { readFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+const MAX_FILE_SIZE = 2000;
+const README_TIMEOUT_MS = 5000;
+const MAX_README_SIZE = 15000;
+// Map SDK package names to their GitHub repo README URLs
+const SDK_README_URLS = {
+    '@workos/authkit-nextjs': 'https://raw.githubusercontent.com/workos/authkit-nextjs/main/README.md',
+    '@workos-inc/authkit-nextjs': 'https://raw.githubusercontent.com/workos/authkit-nextjs/main/README.md',
+    '@workos/authkit-react-router': 'https://raw.githubusercontent.com/workos/authkit-react-router/main/README.md',
+    '@workos-inc/authkit-react-router': 'https://raw.githubusercontent.com/workos/authkit-react-router/main/README.md',
+    '@workos/authkit-react': 'https://raw.githubusercontent.com/workos/authkit-react/main/README.md',
+    '@workos-inc/authkit-react': 'https://raw.githubusercontent.com/workos/authkit-react/main/README.md',
+    '@workos/authkit-tanstack-react-start': 'https://raw.githubusercontent.com/workos/authkit-tanstack-react-start/main/README.md',
+    '@workos/authkit-remix': 'https://raw.githubusercontent.com/workos/authkit-remix/main/README.md',
+    '@workos-inc/authkit-remix': 'https://raw.githubusercontent.com/workos/authkit-remix/main/README.md',
+    '@workos/authkit-sveltekit': 'https://raw.githubusercontent.com/workos/authkit-sveltekit/main/README.md',
+    '@workos/authkit-js': 'https://raw.githubusercontent.com/workos/authkit-js/main/README.md',
+    '@workos-inc/authkit-js': 'https://raw.githubusercontent.com/workos/authkit-js/main/README.md',
+    '@workos-inc/node': 'https://raw.githubusercontent.com/workos/workos-node/main/README.md',
+};
+async function fetchSdkReadme(sdkName) {
+    if (!sdkName)
+        return null;
+    const url = SDK_README_URLS[sdkName];
+    if (!url)
+        return null;
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), README_TIMEOUT_MS);
+        const response = await fetch(url, { signal: controller.signal });
+        clearTimeout(timeoutId);
+        if (!response.ok)
+            return null;
+        const text = await response.text();
+        return text.length > MAX_README_SIZE ? text.slice(0, MAX_README_SIZE) + '\n... (truncated)' : text;
+    }
+    catch {
+        return null;
+    }
+}
+function readFileSafe(path) {
+    try {
+        const content = readFileSync(path, 'utf-8');
+        return content.length > MAX_FILE_SIZE ? content.slice(0, MAX_FILE_SIZE) + '\n... (truncated)' : content;
+    }
+    catch {
+        return null;
+    }
+}
+function readEnvFileRedacted(path) {
+    const content = readFileSafe(path);
+    if (!content)
+        return null;
+    return content.replace(/^([A-Z_]+)=(.+)$/gm, (_match, key, value) => {
+        if (key.includes('SECRET') || key.includes('PASSWORD') || key.includes('API_KEY')) {
+            return `${key}=${value.slice(0, 3)}...(redacted)`;
+        }
+        return `${key}=${value}`;
+    });
+}
+function collectProjectFiles(installDir) {
+    const candidates = [
+        'middleware.ts',
+        'middleware.js',
+        'proxy.ts',
+        'proxy.js',
+        'src/middleware.ts',
+        'src/middleware.js',
+        'src/proxy.ts',
+        'src/proxy.js',
+        'app/layout.tsx',
+        'app/layout.jsx',
+        'src/app/layout.tsx',
+        'src/app/layout.jsx',
+        'app/page.tsx',
+        'app/page.jsx',
+        'src/app/page.tsx',
+        'src/app/page.jsx',
+        'src/start.ts',
+        'src/start.tsx',
+        'app/start.ts',
+        'app/root.tsx',
+        'app/root.jsx',
+        'config/initializers/workos.rb',
+        'config/routes.rb',
+        'app/settings.py',
+        'settings.py',
+        'main.go',
+        'cmd/main.go',
+    ];
+    // Callback routes
+    for (const prefix of ['app', 'src/app']) {
+        for (const path of ['auth/callback', 'callback', 'api/auth/callback']) {
+            for (const ext of ['ts', 'tsx', 'js', 'jsx']) {
+                candidates.push(`${prefix}/${path}/route.${ext}`);
+            }
+        }
+    }
+    const files = [];
+    for (const candidate of candidates) {
+        const fullPath = join(installDir, candidate);
+        if (existsSync(fullPath)) {
+            const content = readFileSafe(fullPath);
+            if (content) {
+                files.push(`### ${candidate}\n\`\`\`\n${content}\n\`\`\``);
+            }
+        }
+    }
+    // Include env files with redacted secrets
+    for (const envFile of ['.env.local', '.env']) {
+        const fullPath = join(installDir, envFile);
+        const content = readEnvFileRedacted(fullPath);
+        if (content) {
+            files.push(`### ${envFile} (secrets redacted)\n\`\`\`\n${content}\n\`\`\``);
+        }
+    }
+    return files.length > 0 ? files.join('\n\n') : 'No key files found.';
+}
+export async function buildDoctorPrompt(context) {
+    const { installDir, language, framework, sdk, environment, existingIssues } = context;
+    const projectContext = [
+        `- Language: ${language.name}`,
+        framework.name
+            ? `- Framework: ${framework.name} ${framework.version ?? ''}${framework.variant ? ` (${framework.variant})` : ''}`
+            : null,
+        sdk.name ? `- SDK: ${sdk.name}${sdk.version ? ` v${sdk.version}` : ''}` : '- SDK: Not installed',
+        `- Environment: ${environment.apiKeyType ?? 'Unknown'}`,
+        environment.baseUrl ? `- Base URL: ${environment.baseUrl}` : null,
+    ]
+        .filter(Boolean)
+        .join('\n');
+    const existingIssuesList = existingIssues.length > 0
+        ? existingIssues.map((i) => `- [${i.severity}] ${i.code}: ${i.message}`).join('\n')
+        : 'None detected.';
+    const readme = await fetchSdkReadme(sdk.name);
+    const readmeSection = readme
+        ? `## SDK Documentation (source of truth)\nThis is the official README for ${sdk.name}. Use it to determine correct patterns, imports, and configuration.\n\n${readme}`
+        : '## SDK Documentation\nUnable to fetch SDK README. Be conservative — only report issues you are certain about.';
+    return `You are a WorkOS integration analyst. Compare this project's code against the SDK documentation and identify real issues.
+
+## Project Context
+${projectContext}
+
+## General SDK Knowledge
+- \`@workos-inc/node\` works in ANY JavaScript runtime (Node.js, browsers, React Native, Expo, etc.). Despite the name, it has no Node.js-specific dependencies.
+- Some packages are under \`@workos-inc/*\` and some under \`@workos/*\`. Both are official. Do NOT flag package scope as an issue.
+
+${readmeSection}
+
+## Project Files
+${collectProjectFiles(installDir)}
+
+## Already Detected Issues
+${existingIssuesList}
+
+## Your Task
+Compare the project files against the SDK documentation above. Report issues where the code DEVIATES from what the documentation says to do. If the code follows the documented patterns, it is correct.
+
+## Output Format
+Return your analysis as a JSON object wrapped in a markdown code block:
+\`\`\`json
+{
+  "findings": [
+    {
+      "severity": "error | warning | info",
+      "title": "Short description",
+      "detail": "What's wrong and why it matters",
+      "docSays": "Direct quote or paraphrase from the SDK documentation above",
+      "codeDoes": "What the project code actually does that contradicts the docs",
+      "remediation": "How to fix it",
+      "filePath": "path/to/relevant/file"
+    }
+  ],
+  "summary": "One paragraph summary of the integration health"
+}
+\`\`\`
+
+## Rules
+- Every finding MUST have both "docSays" and "codeDoes" filled in. If you cannot cite what the documentation requires AND how the code deviates, it is not a valid finding — drop it.
+- "docSays" must reference something the documentation REQUIRES, not something optional or a suggestion.
+- "codeDoes" must show an actual contradiction, not "the code doesn't use an optional feature."
+- If the code matches the documented patterns, it is CORRECT. Do not suggest alternatives, improvements, or optional features.
+- Do NOT report issues about optional configuration, missing optional callbacks, or "consider adding" suggestions.
+- Do NOT repeat issues already detected (listed above).
+- Do NOT invent SDK options, config properties, or API methods not in the documentation.
+- Do NOT flag package scope (@workos-inc/* vs @workos/*) as an issue.
+- A well-configured project should have ZERO findings — return an empty findings array and a positive summary.`;
+}
+//# sourceMappingURL=agent-prompt.js.map

package/dist/doctor/agent-prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-prompt.js","sourceRoot":"","sources":["../../src/doctor/agent-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAYjC,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAC/B,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B,yDAAyD;AACzD,MAAM,eAAe,GAA2B;IAC9C,wBAAwB,EAAE,wEAAwE;IAClG,4BAA4B,EAAE,wEAAwE;IACtG,8BAA8B,EAAE,8EAA8E;IAC9G,kCAAkC,EAAE,8EAA8E;IAClH,uBAAuB,EAAE,uEAAuE;IAChG,2BAA2B,EAAE,uEAAuE;IACpG,sCAAsC,EACpC,sFAAsF;IACxF,uBAAuB,EAAE,uEAAuE;IAChG,2BAA2B,EAAE,uEAAuE;IACpG,2BAA2B,EAAE,2EAA2E;IACxG,oBAAoB,EAAE,oEAAoE;IAC1F,wBAAwB,EAAE,oEAAoE;IAC9F,kBAAkB,EAAE,qEAAqE;CAC1F,CAAC;AAEF,KAAK,UAAU,cAAc,CAAC,OAAsB;IAClD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC1E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC;IACrG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC;IAC1G,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,GAAW,EAAE,KAAa,EAAE,EAAE;QAClF,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClF,OAAO,GAAG,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC;QACpD,CAAC;QACD,OAAO,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,MAAM,UAAU,GAAa;QAC3B,eAAe;QACf,eAAe;QACf,UAAU;QACV,UAAU;QACV,mBAAmB;QACnB,mBAAmB;QACnB,cAAc;QACd,cAAc;QACd,gBAAgB;QAChB,gBAAgB;QAChB,oBAAoB;QACpB,oBAAoB;QACpB,cAAc;QACd,cAAc;QACd,kBAAkB;QAClB,kBAAkB;QAClB,cAAc;QACd,eAAe;QACf,cAAc;QACd,cAAc;QACd,cAAc;QACd,+BAA+B;QAC/B,kBAAkB;QAClB,iBAAiB;QACjB,aAAa;QACb,SAAS;QACT,aAAa;KACd,CAAC;IAEF,kBAAkB;IAClB,KAAK,MAAM,MAAM,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,mBAAmB,CAAC,EAAE,CAAC;YACtE,KAAK,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;gBAC7C,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,IAAI,UAAU,GAAG,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACvC,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,CAAC,IAAI,CAAC,OAAO,SAAS,aAAa,OAAO,UAAU,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,OAAO,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,gCAAgC,OAAO,UAAU,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAAwB;IAC9D,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAEtF,MAAM,cAAc,GAAG;QACrB,eAAe,QAAQ,CAAC,IAAI,EAAE;QAC9B,SAAS,CAAC,IAAI;YACZ,CAAC,CAAC,gBAAgB,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,IAAI,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClH,CAAC,CAAC,IAAI;QACR,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB;QAChG,kBAAkB,WAAW,CAAC,UAAU,IAAI,SAAS,EAAE;QACvD,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI;KAClE;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,kBAAkB,GACtB,cAAc,CAAC,MAAM,GAAG,CAAC;QACvB,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QACnF,CAAC,CAAC,gBAAgB,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,MAAM;QAC1B,CAAC,CAAC,2EAA2E,GAAG,CAAC,IAAI,0EAA0E,MAAM,EAAE;QACvK,CAAC,CAAC,+GAA+G,CAAC;IAEpH,OAAO;;;EAGP,cAAc;;;;;;EAMd,aAAa;;;EAGb,mBAAmB,CAAC,UAAU,CAAC;;;EAG/B,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+GAiC2F,CAAC;AAChH,CAAC","sourcesContent":["import { readFileSync, existsSync } from 'node:fs';\nimport { join } from 'node:path';\nimport type { LanguageInfo, FrameworkInfo, SdkInfo, EnvironmentInfo, Issue } from './types.js';\n\nexport interface AnalysisContext {\n  installDir: string;\n  language: LanguageInfo;\n  framework: FrameworkInfo;\n  sdk: SdkInfo;\n  environment: EnvironmentInfo;\n  existingIssues: Issue[];\n}\n\nconst MAX_FILE_SIZE = 2000;\nconst README_TIMEOUT_MS = 5000;\nconst MAX_README_SIZE = 15000;\n\n// Map SDK package names to their GitHub repo README URLs\nconst SDK_README_URLS: Record<string, string> = {\n  '@workos/authkit-nextjs': 'https://raw.githubusercontent.com/workos/authkit-nextjs/main/README.md',\n  '@workos-inc/authkit-nextjs': 'https://raw.githubusercontent.com/workos/authkit-nextjs/main/README.md',\n  '@workos/authkit-react-router': 'https://raw.githubusercontent.com/workos/authkit-react-router/main/README.md',\n  '@workos-inc/authkit-react-router': 'https://raw.githubusercontent.com/workos/authkit-react-router/main/README.md',\n  '@workos/authkit-react': 'https://raw.githubusercontent.com/workos/authkit-react/main/README.md',\n  '@workos-inc/authkit-react': 'https://raw.githubusercontent.com/workos/authkit-react/main/README.md',\n  '@workos/authkit-tanstack-react-start':\n    'https://raw.githubusercontent.com/workos/authkit-tanstack-react-start/main/README.md',\n  '@workos/authkit-remix': 'https://raw.githubusercontent.com/workos/authkit-remix/main/README.md',\n  '@workos-inc/authkit-remix': 'https://raw.githubusercontent.com/workos/authkit-remix/main/README.md',\n  '@workos/authkit-sveltekit': 'https://raw.githubusercontent.com/workos/authkit-sveltekit/main/README.md',\n  '@workos/authkit-js': 'https://raw.githubusercontent.com/workos/authkit-js/main/README.md',\n  '@workos-inc/authkit-js': 'https://raw.githubusercontent.com/workos/authkit-js/main/README.md',\n  '@workos-inc/node': 'https://raw.githubusercontent.com/workos/workos-node/main/README.md',\n};\n\nasync function fetchSdkReadme(sdkName: string | null): Promise<string | null> {\n  if (!sdkName) return null;\n  const url = SDK_README_URLS[sdkName];\n  if (!url) return null;\n\n  try {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), README_TIMEOUT_MS);\n    const response = await fetch(url, { signal: controller.signal });\n    clearTimeout(timeoutId);\n\n    if (!response.ok) return null;\n    const text = await response.text();\n    return text.length > MAX_README_SIZE ? text.slice(0, MAX_README_SIZE) + '\\n... (truncated)' : text;\n  } catch {\n    return null;\n  }\n}\n\nfunction readFileSafe(path: string): string | null {\n  try {\n    const content = readFileSync(path, 'utf-8');\n    return content.length > MAX_FILE_SIZE ? content.slice(0, MAX_FILE_SIZE) + '\\n... (truncated)' : content;\n  } catch {\n    return null;\n  }\n}\n\nfunction readEnvFileRedacted(path: string): string | null {\n  const content = readFileSafe(path);\n  if (!content) return null;\n  return content.replace(/^([A-Z_]+)=(.+)$/gm, (_match, key: string, value: string) => {\n    if (key.includes('SECRET') || key.includes('PASSWORD') || key.includes('API_KEY')) {\n      return `${key}=${value.slice(0, 3)}...(redacted)`;\n    }\n    return `${key}=${value}`;\n  });\n}\n\nfunction collectProjectFiles(installDir: string): string {\n  const candidates: string[] = [\n    'middleware.ts',\n    'middleware.js',\n    'proxy.ts',\n    'proxy.js',\n    'src/middleware.ts',\n    'src/middleware.js',\n    'src/proxy.ts',\n    'src/proxy.js',\n    'app/layout.tsx',\n    'app/layout.jsx',\n    'src/app/layout.tsx',\n    'src/app/layout.jsx',\n    'app/page.tsx',\n    'app/page.jsx',\n    'src/app/page.tsx',\n    'src/app/page.jsx',\n    'src/start.ts',\n    'src/start.tsx',\n    'app/start.ts',\n    'app/root.tsx',\n    'app/root.jsx',\n    'config/initializers/workos.rb',\n    'config/routes.rb',\n    'app/settings.py',\n    'settings.py',\n    'main.go',\n    'cmd/main.go',\n  ];\n\n  // Callback routes\n  for (const prefix of ['app', 'src/app']) {\n    for (const path of ['auth/callback', 'callback', 'api/auth/callback']) {\n      for (const ext of ['ts', 'tsx', 'js', 'jsx']) {\n        candidates.push(`${prefix}/${path}/route.${ext}`);\n      }\n    }\n  }\n\n  const files: string[] = [];\n  for (const candidate of candidates) {\n    const fullPath = join(installDir, candidate);\n    if (existsSync(fullPath)) {\n      const content = readFileSafe(fullPath);\n      if (content) {\n        files.push(`### ${candidate}\\n\\`\\`\\`\\n${content}\\n\\`\\`\\``);\n      }\n    }\n  }\n\n  // Include env files with redacted secrets\n  for (const envFile of ['.env.local', '.env']) {\n    const fullPath = join(installDir, envFile);\n    const content = readEnvFileRedacted(fullPath);\n    if (content) {\n      files.push(`### ${envFile} (secrets redacted)\\n\\`\\`\\`\\n${content}\\n\\`\\`\\``);\n    }\n  }\n\n  return files.length > 0 ? files.join('\\n\\n') : 'No key files found.';\n}\n\nexport async function buildDoctorPrompt(context: AnalysisContext): Promise<string> {\n  const { installDir, language, framework, sdk, environment, existingIssues } = context;\n\n  const projectContext = [\n    `- Language: ${language.name}`,\n    framework.name\n      ? `- Framework: ${framework.name} ${framework.version ?? ''}${framework.variant ? ` (${framework.variant})` : ''}`\n      : null,\n    sdk.name ? `- SDK: ${sdk.name}${sdk.version ? ` v${sdk.version}` : ''}` : '- SDK: Not installed',\n    `- Environment: ${environment.apiKeyType ?? 'Unknown'}`,\n    environment.baseUrl ? `- Base URL: ${environment.baseUrl}` : null,\n  ]\n    .filter(Boolean)\n    .join('\\n');\n\n  const existingIssuesList =\n    existingIssues.length > 0\n      ? existingIssues.map((i) => `- [${i.severity}] ${i.code}: ${i.message}`).join('\\n')\n      : 'None detected.';\n\n  const readme = await fetchSdkReadme(sdk.name);\n  const readmeSection = readme\n    ? `## SDK Documentation (source of truth)\\nThis is the official README for ${sdk.name}. Use it to determine correct patterns, imports, and configuration.\\n\\n${readme}`\n    : '## SDK Documentation\\nUnable to fetch SDK README. Be conservative — only report issues you are certain about.';\n\n  return `You are a WorkOS integration analyst. Compare this project's code against the SDK documentation and identify real issues.\n\n## Project Context\n${projectContext}\n\n## General SDK Knowledge\n- \\`@workos-inc/node\\` works in ANY JavaScript runtime (Node.js, browsers, React Native, Expo, etc.). Despite the name, it has no Node.js-specific dependencies.\n- Some packages are under \\`@workos-inc/*\\` and some under \\`@workos/*\\`. Both are official. Do NOT flag package scope as an issue.\n\n${readmeSection}\n\n## Project Files\n${collectProjectFiles(installDir)}\n\n## Already Detected Issues\n${existingIssuesList}\n\n## Your Task\nCompare the project files against the SDK documentation above. Report issues where the code DEVIATES from what the documentation says to do. If the code follows the documented patterns, it is correct.\n\n## Output Format\nReturn your analysis as a JSON object wrapped in a markdown code block:\n\\`\\`\\`json\n{\n  \"findings\": [\n    {\n      \"severity\": \"error | warning | info\",\n      \"title\": \"Short description\",\n      \"detail\": \"What's wrong and why it matters\",\n      \"docSays\": \"Direct quote or paraphrase from the SDK documentation above\",\n      \"codeDoes\": \"What the project code actually does that contradicts the docs\",\n      \"remediation\": \"How to fix it\",\n      \"filePath\": \"path/to/relevant/file\"\n    }\n  ],\n  \"summary\": \"One paragraph summary of the integration health\"\n}\n\\`\\`\\`\n\n## Rules\n- Every finding MUST have both \"docSays\" and \"codeDoes\" filled in. If you cannot cite what the documentation requires AND how the code deviates, it is not a valid finding — drop it.\n- \"docSays\" must reference something the documentation REQUIRES, not something optional or a suggestion.\n- \"codeDoes\" must show an actual contradiction, not \"the code doesn't use an optional feature.\"\n- If the code matches the documented patterns, it is CORRECT. Do not suggest alternatives, improvements, or optional features.\n- Do NOT report issues about optional configuration, missing optional callbacks, or \"consider adding\" suggestions.\n- Do NOT repeat issues already detected (listed above).\n- Do NOT invent SDK options, config properties, or API methods not in the documentation.\n- Do NOT flag package scope (@workos-inc/* vs @workos/*) as an issue.\n- A well-configured project should have ZERO findings — return an empty findings array and a positive summary.`;\n}\n"]}

package/dist/doctor/checks/ai-analysis.d.ts

@@ -0,0 +1,9 @@
+import { type AnalysisContext } from '../agent-prompt.js';
+import type { AiAnalysis, AiFinding } from '../types.js';
+export declare function parseAiResponse(text: string): {
+    findings: AiFinding[];
+    summary: string;
+};
+export declare function checkAiAnalysis(context: AnalysisContext, options: {
+    skipAi?: boolean;
+}): Promise<AiAnalysis>;

package/dist/doctor/checks/ai-analysis.js

@@ -0,0 +1,122 @@
+import Anthropic from '@anthropic-ai/sdk';
+import { getLlmGatewayUrl, getAuthkitDomain, getCliAuthClientId, getConfig } from '../../lib/settings.js';
+import { getCredentials, isTokenExpired, updateTokens, diagnoseCredentials } from '../../lib/credentials.js';
+import { refreshAccessToken } from '../../lib/token-refresh-client.js';
+import { buildDoctorPrompt } from '../agent-prompt.js';
+const SPINNER_FRAMES = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+function startSpinner(message) {
+    let i = 0;
+    const interval = setInterval(() => {
+        process.stderr.write(`\r  ${SPINNER_FRAMES[i++ % SPINNER_FRAMES.length]} ${message}`);
+    }, 80);
+    return {
+        stop: () => {
+            clearInterval(interval);
+            process.stderr.write(`\r${' '.repeat(message.length + 6)}\r`);
+        },
+    };
+}
+export function parseAiResponse(text) {
+    const codeBlockMatch = text.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
+    const jsonStr = codeBlockMatch ? codeBlockMatch[1] : text;
+    try {
+        const parsed = JSON.parse(jsonStr.trim());
+        const findings = Array.isArray(parsed.findings)
+            ? parsed.findings.map((f) => ({
+                severity: (['error', 'warning', 'info'].includes(f.severity) ? f.severity : 'info'),
+                title: String(f.title ?? ''),
+                detail: String(f.detail ?? ''),
+                remediation: String(f.remediation ?? ''),
+                filePath: f.filePath ? String(f.filePath) : undefined,
+            }))
+            : [];
+        return { findings, summary: String(parsed.summary ?? '') };
+    }
+    catch {
+        const jsonMatch = text.match(/\{[\s\S]*"findings"[\s\S]*\}/);
+        if (jsonMatch) {
+            try {
+                const parsed = JSON.parse(jsonMatch[0]);
+                return {
+                    findings: Array.isArray(parsed.findings) ? parsed.findings : [],
+                    summary: String(parsed.summary ?? ''),
+                };
+            }
+            catch {
+                // give up
+            }
+        }
+        return { findings: [], summary: text.slice(0, 500) };
+    }
+}
+async function callModel(prompt, model) {
+    let creds = getCredentials();
+    if (!creds)
+        throw new Error('Not authenticated');
+    if (isTokenExpired(creds)) {
+        if (!creds.refreshToken)
+            throw new Error('Session expired — run `workos login` to re-authenticate');
+        const result = await refreshAccessToken(getAuthkitDomain(), getCliAuthClientId());
+        if (!result.success || !result.accessToken || !result.expiresAt) {
+            throw new Error('Session expired — run `workos login` to re-authenticate');
+        }
+        updateTokens(result.accessToken, result.expiresAt, result.refreshToken);
+        creds = getCredentials();
+    }
+    const client = new Anthropic({
+        baseURL: getLlmGatewayUrl(),
+        apiKey: 'gateway',
+        defaultHeaders: { Authorization: `Bearer ${creds.accessToken}` },
+    });
+    const response = await client.messages.create({
+        model,
+        max_tokens: 2048,
+        messages: [{ role: 'user', content: prompt }],
+    });
+    const text = response.content[0];
+    if (text.type === 'text')
+        return text.text;
+    throw new Error('Unexpected response format');
+}
+export async function checkAiAnalysis(context, options) {
+    const model = getConfig().doctorModel;
+    const skippedResult = (reason) => ({
+        findings: [],
+        summary: '',
+        model,
+        durationMs: 0,
+        skipped: true,
+        skipReason: reason,
+    });
+    if (options.skipAi) {
+        return skippedResult('Skipped (--skip-ai flag)');
+    }
+    const creds = getCredentials();
+    if (!creds) {
+        const diag = diagnoseCredentials();
+        process.stderr.write('\n  [credential-debug]\n');
+        for (const line of diag) {
+            process.stderr.write(`    ${line}\n`);
+        }
+        process.stderr.write('\n');
+        return skippedResult('Not authenticated — run `workos login` for AI-powered analysis');
+    }
+    const startTime = Date.now();
+    const spinner = startSpinner('Analyzing project with AI...');
+    try {
+        const prompt = await buildDoctorPrompt(context);
+        const responseText = await callModel(prompt, model);
+        const durationMs = Date.now() - startTime;
+        const { findings, summary } = parseAiResponse(responseText);
+        return { findings, summary, model, durationMs };
+    }
+    catch (error) {
+        const durationMs = Date.now() - startTime;
+        const errMsg = error instanceof Error ? error.message : 'Unknown error';
+        return { ...skippedResult(`Analysis failed: ${errMsg}`), durationMs };
+    }
+    finally {
+        spinner.stop();
+    }
+}
+//# sourceMappingURL=ai-analysis.js.map

package/dist/doctor/checks/ai-analysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-analysis.js","sourceRoot":"","sources":["../../../src/doctor/checks/ai-analysis.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAC1G,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC7G,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAwB,MAAM,oBAAoB,CAAC;AAG7E,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAE1E,SAAS,YAAY,CAAC,OAAe;IACnC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;QAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;IACxF,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,OAAO;QACL,IAAI,EAAE,GAAG,EAAE;YACT,aAAa,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3E,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC7C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC;gBACnD,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAGlF;gBACV,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5B,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;gBAC9B,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;gBACxC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;aACtD,CAAC,CAAC;YACL,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC7D,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,OAAO;oBACL,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;oBAC/D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;iBACtC,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU;YACZ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,MAAc,EAAE,KAAa;IACpD,IAAI,KAAK,GAAG,cAAc,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAEjD,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACpG,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACxE,KAAK,GAAG,cAAc,EAAG,CAAC;IAC5B,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,OAAO,EAAE,gBAAgB,EAAE;QAC3B,MAAM,EAAE,SAAS;QACjB,cAAc,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,WAAW,EAAE,EAAE;KACjE,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5C,KAAK;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;KAC9C,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACjC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IAC3C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAwB,EAAE,OAA6B;IAC3F,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC,WAAW,CAAC;IAEtC,MAAM,aAAa,GAAG,CAAC,MAAc,EAAc,EAAE,CAAC,CAAC;QACrD,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,EAAE;QACX,KAAK;QACL,UAAU,EAAE,CAAC;QACb,OAAO,EAAE,IAAI;QACb,UAAU,EAAE,MAAM;KACnB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,aAAa,CAAC,0BAA0B,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;QACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,aAAa,CAAC,gEAAgE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,YAAY,CAAC,8BAA8B,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAC5D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAClD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC1C,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACxE,OAAO,EAAE,GAAG,aAAa,CAAC,oBAAoB,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;IACxE,CAAC;YAAS,CAAC;QACT,OAAO,CAAC,IAAI,EAAE,CAAC;IACjB,CAAC;AACH,CAAC","sourcesContent":["import Anthropic from '@anthropic-ai/sdk';\nimport { getLlmGatewayUrl, getAuthkitDomain, getCliAuthClientId, getConfig } from '../../lib/settings.js';\nimport { getCredentials, isTokenExpired, updateTokens, diagnoseCredentials } from '../../lib/credentials.js';\nimport { refreshAccessToken } from '../../lib/token-refresh-client.js';\nimport { buildDoctorPrompt, type AnalysisContext } from '../agent-prompt.js';\nimport type { AiAnalysis, AiFinding } from '../types.js';\n\nconst SPINNER_FRAMES = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];\n\nfunction startSpinner(message: string): { stop: () => void } {\n  let i = 0;\n  const interval = setInterval(() => {\n    process.stderr.write(`\\r  ${SPINNER_FRAMES[i++ % SPINNER_FRAMES.length]} ${message}`);\n  }, 80);\n  return {\n    stop: () => {\n      clearInterval(interval);\n      process.stderr.write(`\\r${' '.repeat(message.length + 6)}\\r`);\n    },\n  };\n}\n\nexport function parseAiResponse(text: string): { findings: AiFinding[]; summary: string } {\n  const codeBlockMatch = text.match(/```(?:json)?\\s*\\n?([\\s\\S]*?)\\n?\\s*```/);\n  const jsonStr = codeBlockMatch ? codeBlockMatch[1] : text;\n\n  try {\n    const parsed = JSON.parse(jsonStr.trim());\n    const findings = Array.isArray(parsed.findings)\n      ? parsed.findings.map((f: Record<string, unknown>) => ({\n          severity: (['error', 'warning', 'info'].includes(f.severity as string) ? f.severity : 'info') as\n            | 'error'\n            | 'warning'\n            | 'info',\n          title: String(f.title ?? ''),\n          detail: String(f.detail ?? ''),\n          remediation: String(f.remediation ?? ''),\n          filePath: f.filePath ? String(f.filePath) : undefined,\n        }))\n      : [];\n    return { findings, summary: String(parsed.summary ?? '') };\n  } catch {\n    const jsonMatch = text.match(/\\{[\\s\\S]*\"findings\"[\\s\\S]*\\}/);\n    if (jsonMatch) {\n      try {\n        const parsed = JSON.parse(jsonMatch[0]);\n        return {\n          findings: Array.isArray(parsed.findings) ? parsed.findings : [],\n          summary: String(parsed.summary ?? ''),\n        };\n      } catch {\n        // give up\n      }\n    }\n    return { findings: [], summary: text.slice(0, 500) };\n  }\n}\n\nasync function callModel(prompt: string, model: string): Promise<string> {\n  let creds = getCredentials();\n  if (!creds) throw new Error('Not authenticated');\n\n  if (isTokenExpired(creds)) {\n    if (!creds.refreshToken) throw new Error('Session expired — run `workos login` to re-authenticate');\n    const result = await refreshAccessToken(getAuthkitDomain(), getCliAuthClientId());\n    if (!result.success || !result.accessToken || !result.expiresAt) {\n      throw new Error('Session expired — run `workos login` to re-authenticate');\n    }\n    updateTokens(result.accessToken, result.expiresAt, result.refreshToken);\n    creds = getCredentials()!;\n  }\n\n  const client = new Anthropic({\n    baseURL: getLlmGatewayUrl(),\n    apiKey: 'gateway',\n    defaultHeaders: { Authorization: `Bearer ${creds.accessToken}` },\n  });\n\n  const response = await client.messages.create({\n    model,\n    max_tokens: 2048,\n    messages: [{ role: 'user', content: prompt }],\n  });\n\n  const text = response.content[0];\n  if (text.type === 'text') return text.text;\n  throw new Error('Unexpected response format');\n}\n\nexport async function checkAiAnalysis(context: AnalysisContext, options: { skipAi?: boolean }): Promise<AiAnalysis> {\n  const model = getConfig().doctorModel;\n\n  const skippedResult = (reason: string): AiAnalysis => ({\n    findings: [],\n    summary: '',\n    model,\n    durationMs: 0,\n    skipped: true,\n    skipReason: reason,\n  });\n\n  if (options.skipAi) {\n    return skippedResult('Skipped (--skip-ai flag)');\n  }\n\n  const creds = getCredentials();\n  if (!creds) {\n    const diag = diagnoseCredentials();\n    process.stderr.write('\\n  [credential-debug]\\n');\n    for (const line of diag) {\n      process.stderr.write(`    ${line}\\n`);\n    }\n    process.stderr.write('\\n');\n    return skippedResult('Not authenticated — run `workos login` for AI-powered analysis');\n  }\n\n  const startTime = Date.now();\n  const spinner = startSpinner('Analyzing project with AI...');\n\n  try {\n    const prompt = await buildDoctorPrompt(context);\n    const responseText = await callModel(prompt, model);\n    const durationMs = Date.now() - startTime;\n    const { findings, summary } = parseAiResponse(responseText);\n    return { findings, summary, model, durationMs };\n  } catch (error) {\n    const durationMs = Date.now() - startTime;\n    const errMsg = error instanceof Error ? error.message : 'Unknown error';\n    return { ...skippedResult(`Analysis failed: ${errMsg}`), durationMs };\n  } finally {\n    spinner.stop();\n  }\n}\n"]}

package/dist/doctor/checks/auth-patterns.d.ts

@@ -0,0 +1,2 @@
+import type { AuthPatternInfo, FrameworkInfo, EnvironmentInfo, SdkInfo, DoctorOptions } from '../types.js';
+export declare function checkAuthPatterns(options: DoctorOptions, framework: FrameworkInfo, environment: EnvironmentInfo, sdk: SdkInfo): Promise<AuthPatternInfo>;