zeroauth 1.0.0

package/dist/api/services/stripe.js

@@ -0,0 +1,69 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stripe = void 0;
+exports.createStripeCustomer = createStripeCustomer;
+exports.reportUsage = reportUsage;
+const stripe_1 = __importDefault(require("stripe"));
+const logger_1 = require("../../logger");
+const STRIPE_API_KEY = process.env.STRIPE_API_KEY || "sk_test_123"; // Default for mock
+const STRIPE_API_BASE_URL = process.env.STRIPE_API_BASE_URL; // Used for stripe-mock in dev
+/**
+ * Initialize Stripe Client
+ *
+ * In production: Connects to real Stripe API
+ * In development: Connects to stripe-mock container if STRIPE_API_BASE_URL is set
+ */
+exports.stripe = new stripe_1.default(STRIPE_API_KEY, {
+    apiVersion: "2025-10-29.clover", // Pin to latest version
+    typescript: true,
+    host: STRIPE_API_BASE_URL ? STRIPE_API_BASE_URL.replace("http://", "").replace("https://", "").split(":")[0] : undefined,
+    port: STRIPE_API_BASE_URL ? parseInt(STRIPE_API_BASE_URL.split(":")[2] || "80") : undefined,
+    protocol: STRIPE_API_BASE_URL && STRIPE_API_BASE_URL.startsWith("http:") ? "http" : "https",
+    maxNetworkRetries: 3,
+});
+logger_1.log.info(`Stripe initialized. Mock Mode: ${!!STRIPE_API_BASE_URL}`);
+/**
+ * Creates a Stripe Customer for an Organization
+ */
+async function createStripeCustomer(organizationId, email, name) {
+    try {
+        const customer = await exports.stripe.customers.create({
+            email,
+            name,
+            metadata: {
+                organizationId,
+            },
+            // In a real app we might attach a payment method here
+        });
+        logger_1.log.info({ customerId: customer.id, organizationId }, "Created Stripe Customer");
+        return customer;
+    }
+    catch (error) {
+        logger_1.log.error({ error, organizationId }, "Failed to create Stripe Customer");
+        throw error;
+    }
+}
+/**
+ * Reports usage for Metered Billing using Stripe's modern Metering API
+ */
+async function reportUsage(customerId, tokens) {
+    try {
+        // With Stripe's new Metering API, we send events.
+        // Stripe handle the aggregation based on the Meter configuration in the dashboard.
+        await exports.stripe.billing.meterEvents.create({
+            event_name: "tokens_used",
+            payload: {
+                stripe_customer_id: customerId,
+                value: tokens.toString(),
+            },
+        });
+        logger_1.log.info({ customerId, tokens, event: "tokens_used" }, "Successfully reported usage event to Stripe");
+    }
+    catch (error) {
+        logger_1.log.error({ error, customerId }, "Failed to report usage event to Stripe");
+    }
+}
+//# sourceMappingURL=stripe.js.map

package/dist/api/services/stripe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stripe.js","sourceRoot":"","sources":["../../../src/api/services/stripe.ts"],"names":[],"mappings":";;;;;;AA0BA,oDAoBC;AAKD,kCAsBC;AAzED,oDAA4B;AAC5B,yCAAmC;AAEnC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,aAAa,CAAC,CAAC,mBAAmB;AACvF,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,8BAA8B;AAE3F;;;;;GAKG;AACU,QAAA,MAAM,GAAG,IAAI,gBAAM,CAAC,cAAc,EAAE;IAC/C,UAAU,EAAE,mBAAmB,EAAE,wBAAwB;IACzD,UAAU,EAAE,IAAI;IAChB,IAAI,EAAE,mBAAmB,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;IACxH,IAAI,EAAE,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;IAC3F,QAAQ,EAAE,mBAAmB,IAAI,mBAAmB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;IAC3F,iBAAiB,EAAE,CAAC;CACrB,CAAC,CAAC;AAEH,YAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,mBAAmB,EAAE,CAAC,CAAC;AAEpE;;GAEG;AACI,KAAK,UAAU,oBAAoB,CACxC,cAAsB,EACtB,KAAa,EACb,IAAY;IAEZ,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,cAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC7C,KAAK;YACL,IAAI;YACJ,QAAQ,EAAE;gBACR,cAAc;aACf;YACD,sDAAsD;SACvD,CAAC,CAAC;QACH,YAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,cAAc,EAAE,EAAE,yBAAyB,CAAC,CAAC;QACjF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAG,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,kCAAkC,CAAC,CAAC;QACzE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,MAAc;IAEd,IAAI,CAAC;QACH,kDAAkD;QAClD,mFAAmF;QACnF,MAAM,cAAM,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC;YACtC,UAAU,EAAE,aAAa;YACzB,OAAO,EAAE;gBACP,kBAAkB,EAAE,UAAU;gBAC9B,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE;aACzB;SACF,CAAC,CAAC;QAEH,YAAG,CAAC,IAAI,CACN,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,EAC5C,6CAA6C,CAC9C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAG,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,wCAAwC,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC"}

package/dist/cli/auth.d.ts

@@ -0,0 +1,20 @@
+export interface Tokens {
+    access_token: string;
+    refresh_token: string;
+    id_token?: string;
+}
+export declare function getOidcEndpoints(): Promise<{
+    authorization_endpoint: string;
+    token_endpoint: string;
+    logout_endpoint: string;
+}>;
+export declare function saveTokens(tokens: Tokens): void;
+export declare function loadTokens(): Tokens | null;
+export declare function getTokenClaims(token: string): any;
+export declare function isTokenExpired(token: string): boolean;
+export declare function getTokenTimeRemaining(token: string): number;
+export declare function refreshAccessToken(refreshToken: string): Promise<string | null>;
+export declare function getValidAccessToken(): Promise<string | null>;
+export declare function performLogin(): Promise<string | null>;
+export declare function exchangeCodeForToken(code: string): Promise<Tokens>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/cli/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/cli/auth.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,MAAM;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAChD,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAoBD;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAQ/C;AAED,wBAAgB,UAAU,IAAI,MAAM,GAAG,IAAI,CAW1C;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,CAMjD;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAMrD;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAQ3D;AAED,wBAAsB,kBAAkB,CACtC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAgCxB;AAED,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAkBlE;AAED,wBAAsB,YAAY,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAwF3D;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA2BxE"}

package/dist/cli/auth.js

@@ -0,0 +1,264 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOidcEndpoints = getOidcEndpoints;
+exports.saveTokens = saveTokens;
+exports.loadTokens = loadTokens;
+exports.getTokenClaims = getTokenClaims;
+exports.isTokenExpired = isTokenExpired;
+exports.getTokenTimeRemaining = getTokenTimeRemaining;
+exports.refreshAccessToken = refreshAccessToken;
+exports.getValidAccessToken = getValidAccessToken;
+exports.performLogin = performLogin;
+exports.exchangeCodeForToken = exchangeCodeForToken;
+const axios_1 = __importDefault(require("axios"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const open_1 = __importDefault(require("open"));
+const http_1 = require("http");
+const url_1 = require("url");
+const jwt = __importStar(require("jsonwebtoken"));
+const config_1 = require("./config");
+const crypto_1 = require("crypto");
+function getCredentialsFile() {
+    return path.join(os.homedir(), ".zeroauth", "credentials.json");
+}
+let oidcEndpointsCache = null;
+async function getOidcEndpoints() {
+    if (oidcEndpointsCache) {
+        return oidcEndpointsCache;
+    }
+    const envConfig = (0, config_1.getActiveEnvConfig)();
+    const discoveryUrl = `${envConfig.authIssuerUrl}/.well-known/openid-configuration`;
+    try {
+        const response = await axios_1.default.get(discoveryUrl);
+        oidcEndpointsCache = {
+            authorization_endpoint: response.data.authorization_endpoint,
+            token_endpoint: response.data.token_endpoint,
+            logout_endpoint: response.data.end_session_endpoint || response.data.logout_endpoint,
+        };
+        return oidcEndpointsCache;
+    }
+    catch (error) {
+        throw new Error(`Failed to fetch OIDC discovery document: ${error}`);
+    }
+}
+function saveTokens(tokens) {
+    const credentialsFile = getCredentialsFile();
+    const dir = path.dirname(credentialsFile);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(credentialsFile, JSON.stringify(tokens, null, 2));
+    fs.chmodSync(credentialsFile, 0o600);
+}
+function loadTokens() {
+    const credentialsFile = getCredentialsFile();
+    if (!fs.existsSync(credentialsFile)) {
+        return null;
+    }
+    try {
+        const data = fs.readFileSync(credentialsFile, "utf8");
+        return JSON.parse(data);
+    }
+    catch {
+        return null;
+    }
+}
+function getTokenClaims(token) {
+    try {
+        return jwt.decode(token);
+    }
+    catch {
+        return {};
+    }
+}
+function isTokenExpired(token) {
+    const claims = getTokenClaims(token);
+    if (!claims || !claims.exp) {
+        return true; // Consider invalid tokens as expired
+    }
+    return claims.exp < Date.now() / 1000 + 10;
+}
+function getTokenTimeRemaining(token) {
+    const claims = getTokenClaims(token);
+    if (!claims || !claims.exp) {
+        return 0;
+    }
+    const exp = claims.exp;
+    const remaining = exp - Date.now() / 1000;
+    return Math.max(remaining, 0);
+}
+async function refreshAccessToken(refreshToken) {
+    const endpoints = await getOidcEndpoints();
+    const envConfig = (0, config_1.getActiveEnvConfig)(); // Use 'any' for secret
+    try {
+        const params = new URLSearchParams({
+            grant_type: "refresh_token",
+            client_id: envConfig.authClientId,
+            refresh_token: refreshToken,
+        });
+        if (envConfig.authClientSecret) {
+            params.append("client_secret", envConfig.authClientSecret);
+        }
+        const response = await axios_1.default.post(endpoints.token_endpoint, params, // Use the new params object
+        {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            timeout: 10000,
+        });
+        const newTokens = response.data;
+        saveTokens(newTokens);
+        console.log("Access token refreshed.");
+        return newTokens.access_token;
+    }
+    catch (error) {
+        // console.error(`❌ Failed to refresh token: ${error}. Please log in again.`);
+        return null;
+    }
+}
+async function getValidAccessToken() {
+    const tokens = loadTokens();
+    if (!tokens) {
+        return null;
+    }
+    // Use id_token for API calls since access_token is opaque
+    const idToken = tokens.id_token;
+    if (idToken && !isTokenExpired(idToken)) {
+        return idToken;
+    }
+    const refreshToken = tokens.refresh_token;
+    if (refreshToken) {
+        return await refreshAccessToken(refreshToken);
+    }
+    return null;
+}
+async function performLogin() {
+    const endpoints = await getOidcEndpoints();
+    const envConfig = (0, config_1.getActiveEnvConfig)();
+    // --- ADDED: Generate state ---
+    const state = (0, crypto_1.randomBytes)(8).toString("hex"); // 16-char random string
+    // --- END ADDED ---
+    const authUrl = endpoints.authorization_endpoint;
+    const params = new URLSearchParams({
+        client_id: envConfig.authClientId,
+        redirect_uri: envConfig.authRedirectUri,
+        response_type: "code",
+        scope: "openid", // Keep this from the previous fix
+        state: state, // <-- ADDED state parameter
+    });
+    const url = `${authUrl}?${params.toString()}`;
+    await (0, open_1.default)(url);
+    return new Promise((resolve) => {
+        const server = (0, http_1.createServer)((req, res) => {
+            const parsedUrl = (0, url_1.parse)(req.url, true);
+            // console.log("\n[Auth Callback Received]");
+            // console.log("  Full URL:", req.url);
+            // console.log(
+            //   "  Query parameters:",
+            //   JSON.stringify(parsedUrl.query, null, 2),
+            // );
+            // --- ADDED: State validation ---
+            const receivedState = parsedUrl.query.state;
+            if (receivedState !== state) {
+                // console.error(`❌ Authentication failed: Invalid state parameter.`);
+                // console.error(`  Expected: ${state}`);
+                // console.error(`  Received: ${receivedState || "null"}`);
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(`<html><body><h1>Login Failed</h1><p>State mismatch (CSRF protection). Please try again.</p></body></html>`);
+                server.close();
+                resolve(null);
+                return;
+            }
+            // --- END ADDED ---
+            if (parsedUrl.query.error) {
+                // console.error(`❌ Authentication failed: ${parsedUrl.query.error}`);
+                // console.error(
+                //   `  Description: ${parsedUrl.query.error_description || "No description provided."}`,
+                // );
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(`
+          <html><head><title>Login Failed</title></head>
+          <body>
+            <h1>Login Failed</h1>
+            <p>Error: ${parsedUrl.query.error}</p>
+            <p>Description: ${parsedUrl.query.error_description || "N/A"}</p>
+            <p>You can close this window.</p>
+          </body></html>
+        `);
+                server.close();
+                resolve(null);
+                return;
+            }
+            const code = parsedUrl.query.code;
+            res.writeHead(200, { "Content-Type": "text/html" });
+            res.end(`
+        <html>
+          <head><title>Login Successful</title></head>
+          <body>Login successful! This window will close automatically in 5 seconds.</body>
+          <script>setTimeout(() => window.close(), 5000);</script>
+        </html>
+      `);
+            server.close();
+            resolve(code || null);
+        });
+        server.listen(8085);
+    });
+}
+async function exchangeCodeForToken(code) {
+    const endpoints = await getOidcEndpoints();
+    const envConfig = (0, config_1.getActiveEnvConfig)(); // Use 'any' to access new secret prop
+    // --- MODIFIED: Build params and add secret ---
+    const params = new URLSearchParams({
+        grant_type: "authorization_code",
+        client_id: envConfig.authClientId,
+        code: code,
+        redirect_uri: envConfig.authRedirectUri,
+    });
+    if (envConfig.authClientSecret) {
+        params.append("client_secret", envConfig.authClientSecret);
+    }
+    // --- END MODIFIED ---
+    const response = await axios_1.default.post(endpoints.token_endpoint, params, // Use the new params object
+    {
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        timeout: 10000,
+    });
+    return response.data;
+}
+//# sourceMappingURL=auth.js.map

package/dist/cli/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/cli/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,4CAwBC;AAED,gCAQC;AAED,gCAWC;AAED,wCAMC;AAED,wCAMC;AAED,sDAQC;AAED,gDAkCC;AAED,kDAkBC;AAED,oCAwFC;AAED,oDA2BC;AAnRD,kDAA0B;AAC1B,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,gDAAwB;AACxB,+BAAqE;AACrE,6BAA4B;AAC5B,kDAAoC;AACpC,qCAAsE;AACtE,mCAAqC;AAErC,SAAS,kBAAkB;IACzB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC;AAClE,CAAC;AAQD,IAAI,kBAAkB,GAIX,IAAI,CAAC;AAET,KAAK,UAAU,gBAAgB;IAKpC,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAkB,GAAE,CAAC;IACvC,MAAM,YAAY,GAAG,GAAG,SAAS,CAAC,aAAa,mCAAmC,CAAC;IAEnF,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC/C,kBAAkB,GAAG;YACnB,sBAAsB,EAAE,QAAQ,CAAC,IAAI,CAAC,sBAAsB;YAC5D,cAAc,EAAE,QAAQ,CAAC,IAAI,CAAC,cAAc;YAC5C,eAAe,EACb,QAAQ,CAAC,IAAI,CAAC,oBAAoB,IAAI,QAAQ,CAAC,IAAI,CAAC,eAAe;SACtE,CAAC;QACF,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,4CAA4C,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,MAAc;IACvC,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,EAAE,CAAC,SAAS,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,SAAgB,UAAU;IACxB,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,KAAa;IAC1C,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAQ,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,KAAa;IAC1C,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,CAAC,qCAAqC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,CAAC;AAC7C,CAAC;AAED,SAAgB,qBAAqB,CAAC,KAAa;IACjD,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IACvB,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;AAChC,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,YAAoB;IAEpB,MAAM,SAAS,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAA,2BAAkB,GAAS,CAAC,CAAC,uBAAuB;IAEtE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,SAAS,CAAC,YAAY;YACjC,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAC/B,SAAS,CAAC,cAAc,EACxB,MAAM,EAAE,4BAA4B;QACpC;YACE,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,OAAO,EAAE,KAAK;SACf,CACF,CAAC;QAEF,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC;QAChC,UAAU,CAAC,SAAS,CAAC,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC,YAAY,CAAC;IAChC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8EAA8E;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB;IACvC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0DAA0D;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC;IAChC,IAAI,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC;IAC1C,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,YAAY;IAChC,MAAM,SAAS,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAA,2BAAkB,GAAE,CAAC;IAEvC,gCAAgC;IAChC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,wBAAwB;IACtE,oBAAoB;IAEpB,MAAM,OAAO,GAAG,SAAS,CAAC,sBAAsB,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,SAAS,CAAC,YAAY;QACjC,YAAY,EAAE,SAAS,CAAC,eAAe;QACvC,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,QAAQ,EAAE,kCAAkC;QACnD,KAAK,EAAE,KAAK,EAAE,4BAA4B;KAC3C,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAE9C,MAAM,IAAA,cAAI,EAAC,GAAG,CAAC,CAAC;IAEhB,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,MAAM,SAAS,GAAG,IAAA,WAAK,EAAC,GAAG,CAAC,GAAI,EAAE,IAAI,CAAC,CAAC;YAExC,6CAA6C;YAC7C,uCAAuC;YACvC,eAAe;YACf,2BAA2B;YAC3B,8CAA8C;YAC9C,KAAK;YAEL,kCAAkC;YAClC,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,KAAe,CAAC;YACtD,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;gBAC5B,sEAAsE;gBACtE,yCAAyC;gBACzC,2DAA2D;gBAE3D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL,2GAA2G,CAC5G,CAAC;gBAEF,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,oBAAoB;YAEpB,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBAC1B,sEAAsE;gBACtE,iBAAiB;gBACjB,yFAAyF;gBACzF,KAAK;gBAEL,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;wBAIQ,SAAS,CAAC,KAAK,CAAC,KAAK;8BACf,SAAS,CAAC,KAAK,CAAC,iBAAiB,IAAI,KAAK;;;SAG/D,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,IAAc,CAAC;YAE5C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC;;;;;;OAMP,CAAC,CAAC;YAEH,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,oBAAoB,CAAC,IAAY;IACrD,MAAM,SAAS,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAA,2BAAkB,GAAS,CAAC,CAAC,sCAAsC;IAErF,gDAAgD;IAChD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,SAAS,CAAC,YAAY;QACjC,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,SAAS,CAAC,eAAe;KACxC,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAC7D,CAAC;IACD,uBAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAC/B,SAAS,CAAC,cAAc,EACxB,MAAM,EAAE,4BAA4B;IACpC;QACE,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,OAAO,EAAE,KAAK;KACf,CACF,CAAC;IAEF,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC"}

package/dist/cli/config.d.ts

@@ -0,0 +1,17 @@
+export interface EnvConfig {
+    apiBaseUrl: string;
+    authIssuerUrl: string;
+    authClientId: string;
+    authRedirectUri: string;
+}
+export interface Config {
+    activeEnv: string;
+    defaultModel: string;
+    envs: {
+        [key: string]: EnvConfig;
+    };
+}
+export declare function loadConfig(): Config;
+export declare function saveConfig(config: Config): void;
+export declare function getActiveEnvConfig(): EnvConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/cli/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/cli/config.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAC;CACpC;AAqBD,wBAAgB,UAAU,IAAI,MAAM,CAYnC;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAQ/C;AAED,wBAAgB,kBAAkB,IAAI,SAAS,CAS9C"}

package/dist/cli/config.js

@@ -0,0 +1,94 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadConfig = loadConfig;
+exports.saveConfig = saveConfig;
+exports.getActiveEnvConfig = getActiveEnvConfig;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+function getConfigFile() {
+    return path.join(os.homedir(), ".zeroauth", "config.json");
+}
+const DEFAULT_CONFIG = {
+    activeEnv: "local",
+    defaultModel: "intent:budget",
+    envs: {
+        local: {
+            apiBaseUrl: "http://localhost:8080/v1",
+            authIssuerUrl: "http://localhost:8081/realms/zeroauth",
+            authClientId: "zeroauth-cli",
+            authRedirectUri: "http://localhost:8085/callback",
+        },
+        prod: {
+            apiBaseUrl: "https://api.zeroauth.ai/v1",
+            authIssuerUrl: "https://flexible-doberman-84.clerk.accounts.dev",
+            authClientId: "eoLgtLOGjAWdjlFp",
+            authRedirectUri: "http://localhost:8085/callback",
+        },
+    },
+};
+function loadConfig() {
+    const configFile = getConfigFile();
+    if (!fs.existsSync(configFile)) {
+        saveConfig(DEFAULT_CONFIG);
+        return DEFAULT_CONFIG;
+    }
+    try {
+        const data = fs.readFileSync(configFile, "utf8");
+        return JSON.parse(data);
+    }
+    catch {
+        return DEFAULT_CONFIG;
+    }
+}
+function saveConfig(config) {
+    const configFile = getConfigFile();
+    const dir = path.dirname(configFile);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(configFile, JSON.stringify(config, null, 2));
+    fs.chmodSync(configFile, 0o600);
+}
+function getActiveEnvConfig() {
+    const config = loadConfig();
+    const activeEnv = config.envs[config.activeEnv];
+    if (!activeEnv) {
+        throw new Error(`Active environment '${config.activeEnv}' not found in config`);
+    }
+    return activeEnv;
+}
+//# sourceMappingURL=config.js.map

package/dist/cli/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/cli/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCA,gCAYC;AAED,gCAQC;AAED,gDASC;AAzED,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB,SAAS,aAAa;IACpB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;AAC7D,CAAC;AAeD,MAAM,cAAc,GAAW;IAC7B,SAAS,EAAE,OAAO;IAClB,YAAY,EAAE,eAAe;IAC7B,IAAI,EAAE;QACJ,KAAK,EAAE;YACL,UAAU,EAAE,0BAA0B;YACtC,aAAa,EAAE,uCAAuC;YACtD,YAAY,EAAE,cAAc;YAC5B,eAAe,EAAE,gCAAgC;SAClD;QACD,IAAI,EAAE;YACJ,UAAU,EAAE,4BAA4B;YACxC,aAAa,EAAE,iDAAiD;YAChE,YAAY,EAAE,kBAAkB;YAChC,eAAe,EAAE,gCAAgC;SAClD;KACF;CACF,CAAC;AAEF,SAAgB,UAAU;IACxB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3B,OAAO,cAAc,CAAC;IACxB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,MAAc;IACvC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9D,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,uBAAuB,MAAM,CAAC,SAAS,uBAAuB,CAC/D,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/cli/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":""}