@aihq/harness 0.5.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -8
- package/dist/chunk-HPWF2YPV.js +3060 -0
- package/dist/cli.js +2 -1
- package/dist/index.d.ts +214 -6
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-75FWB266.js +0 -3046
package/dist/cli.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import{
|
|
2
|
+
import{qa as s,ra as e,sa as n}from"./chunk-HPWF2YPV.js";e(process.argv)?s().parse(process.argv):n().then(({program:r,warnings:o})=>{for(let i of o)process.stderr.write(`aih: plugin: ${i}
|
|
3
|
+
`);return r.parseAsync(process.argv)}).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
|
|
3
4
|
`),process.exitCode=1});
|
package/dist/index.d.ts
CHANGED
|
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
|
|
|
186
186
|
* sealed: a new failure mode means a new member here PLUS the `code` set at the
|
|
187
187
|
* emitter; never derive a code by matching `detail`.
|
|
188
188
|
*/
|
|
189
|
-
type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest";
|
|
189
|
+
type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "org-policy.invalid" | "org-policy.bundle-invalid" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest" | "marketplace.manifest-parse" | "marketplace.path-traversal" | "marketplace.missing-file" | "marketplace.checksum-mismatch" | "marketplace.sums-coverage" | "marketplace.unapproved-verdict" | "marketplace.signature";
|
|
190
190
|
interface Check {
|
|
191
191
|
name: string;
|
|
192
192
|
verdict: Verdict;
|
|
@@ -311,6 +311,16 @@ interface ExecAction {
|
|
|
311
311
|
blockProbesOnFailure?: boolean;
|
|
312
312
|
/** Continue the plan even if the command exits non-zero. */
|
|
313
313
|
allowFailure?: boolean;
|
|
314
|
+
/**
|
|
315
|
+
* Apply-time content pin: refuse to run (abort the apply) unless the file's
|
|
316
|
+
* bytes still hash to `sha256` — pins an apply-time exec to the plan-time
|
|
317
|
+
* preflighted content, so nothing swapped in between plan and apply can ever
|
|
318
|
+
* be consumed by the command (the validate-then-use TOCTOU).
|
|
319
|
+
*/
|
|
320
|
+
expect?: {
|
|
321
|
+
path: string;
|
|
322
|
+
sha256: string;
|
|
323
|
+
};
|
|
314
324
|
}
|
|
315
325
|
/**
|
|
316
326
|
* Upsert an aih-managed env block (one `scope`) into a shell profile. Unlike a
|
|
@@ -433,6 +443,23 @@ interface CommandOption {
|
|
|
433
443
|
interface CommandSpec {
|
|
434
444
|
name: string;
|
|
435
445
|
summary: string;
|
|
446
|
+
/**
|
|
447
|
+
* Old command NAMES this command still answers to after a rename — the
|
|
448
|
+
* alias-before-removal deprecation machinery (STABILITY.md). Each entry
|
|
449
|
+
* registers as a commander alias of this command on the shared registerSpec
|
|
450
|
+
* path (src/commands/index.ts): the old name dispatches the SAME action with
|
|
451
|
+
* the same flags, after ONE stderr line naming the replacement. An alias
|
|
452
|
+
* lives for at least one minor release and is removed only by the next
|
|
453
|
+
* major (VERSIONING.md), staying reserved in {@link builtinCommandNames}
|
|
454
|
+
* for its whole grace window. Core-only: the plugin registry strips this
|
|
455
|
+
* field from plugin specs — a plugin ships new commands, it never renames
|
|
456
|
+
* (or shadows) core ones. TOP-LEVEL commands only: specs registered through
|
|
457
|
+
* the manual parent-group paths (trust/skill/pack/marketplace/policy/
|
|
458
|
+
* evidence subcommands) never pass through registerSpec, so the field is
|
|
459
|
+
* silently ignored there — wire alias support into that path before the
|
|
460
|
+
* first nested rename.
|
|
461
|
+
*/
|
|
462
|
+
deprecatedAliases?: string[];
|
|
436
463
|
options?: CommandOption[];
|
|
437
464
|
plan: PlanFn;
|
|
438
465
|
/** Read-only commands (doctor/status) skip the apply path entirely. */
|
|
@@ -480,6 +507,7 @@ declare function exec(describe: string, argv: string[], opts?: {
|
|
|
480
507
|
timeoutMs?: number;
|
|
481
508
|
failureCheck?: ExecAction["failureCheck"];
|
|
482
509
|
blockProbesOnFailure?: boolean;
|
|
510
|
+
expect?: ExecAction["expect"];
|
|
483
511
|
}): ExecAction;
|
|
484
512
|
declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
|
|
485
513
|
declare function remove(path: string, describe: string, opts?: {
|
|
@@ -493,7 +521,34 @@ declare const CAPABILITIES: CommandSpec[];
|
|
|
493
521
|
/** Read-only commands (always safe). */
|
|
494
522
|
declare const READONLY: CommandSpec[];
|
|
495
523
|
declare const ALL_COMMANDS: CommandSpec[];
|
|
496
|
-
|
|
524
|
+
/**
|
|
525
|
+
* Every top-level name the core CLI claims: ALL_COMMANDS' names AND their
|
|
526
|
+
* deprecated aliases (an old name stays reserved for its whole grace window —
|
|
527
|
+
* see CommandSpec.deprecatedAliases), plus the parent group names
|
|
528
|
+
* (`workspace` is both a CommandSpec and a group — the Set folds it) plus
|
|
529
|
+
* commander's own reserved `help`/`version`. The plugin registry refuses any
|
|
530
|
+
* external spec colliding with one of these, so a plugin can never shadow
|
|
531
|
+
* `doctor`, capture the `marketplace` group, impersonate `help`, or squat on
|
|
532
|
+
* a deprecated old name mid-migration. `specs` is a test seam (defaults to
|
|
533
|
+
* ALL_COMMANDS) so the alias reservation is provable while zero built-ins
|
|
534
|
+
* carry one.
|
|
535
|
+
*/
|
|
536
|
+
declare function builtinCommandNames(specs?: readonly CommandSpec[]): ReadonlySet<string>;
|
|
537
|
+
/**
|
|
538
|
+
* Register every command on the program. `extra` carries EXTERNAL plugin specs
|
|
539
|
+
* (see src/plugins/registry.ts, already gated + collision-free): they flow
|
|
540
|
+
* through the IDENTICAL registerSpec path as the built-ins — same shared
|
|
541
|
+
* flags, same optional `[root]` positional, same runCapability action (posture
|
|
542
|
+
* resolution, dirty-worktree gate, run ledger). TOP-LEVEL specs only: a plugin
|
|
543
|
+
* cannot contribute subcommands to a parent group (trust/skill/pack/…) in v1.
|
|
544
|
+
*
|
|
545
|
+
* Containment: built-ins register OUTSIDE any try/catch — a throw there is a
|
|
546
|
+
* core bug that must crash loudly. Each plugin spec registers inside its own
|
|
547
|
+
* try/catch: a Commander throw (e.g. a flag conflict the structural gate
|
|
548
|
+
* cannot predict) drops THAT spec with a warning pushed to the `warnings`
|
|
549
|
+
* sink, and every other command stays live.
|
|
550
|
+
*/
|
|
551
|
+
declare function registerCommands(program: Command, extra?: CommandSpec[], warnings?: string[]): void;
|
|
497
552
|
|
|
498
553
|
/** Resolved runtime settings (env defaults overlaid with CLI flags). */
|
|
499
554
|
interface Settings {
|
|
@@ -699,6 +754,20 @@ declare class FsTransaction {
|
|
|
699
754
|
}
|
|
700
755
|
/** Read a file's text, or `undefined` if it does not exist. */
|
|
701
756
|
declare function readIfExists(path: string): string | undefined;
|
|
757
|
+
/**
|
|
758
|
+
* Open-then-read on ONE file descriptor: the regular-file check (`fstat` on the
|
|
759
|
+
* open fd, never a second path lookup) and the read cannot be raced apart, and
|
|
760
|
+
* a symlink swapped in after directory enumeration is refused at open where
|
|
761
|
+
* `O_NOFOLLOW` exists rather than silently followed. Returns undefined for
|
|
762
|
+
* anything that is not a readable regular file.
|
|
763
|
+
*
|
|
764
|
+
* Use this — not {@link readIfExists} — for any path DISCOVERED by a directory
|
|
765
|
+
* scan: a plain exists-then-read pair on a scanned path is a swap window where
|
|
766
|
+
* a symlink planted between enumeration and read gets silently followed and its
|
|
767
|
+
* target's bytes laundered into an artifact (marketplace build, evidence
|
|
768
|
+
* bundle, fleet bundle all package what they read).
|
|
769
|
+
*/
|
|
770
|
+
declare function readRegularFile(abs: string): Buffer | undefined;
|
|
702
771
|
|
|
703
772
|
/**
|
|
704
773
|
* Parse JSON or JSONC text (tolerant of comments + trailing commas). Returns
|
|
@@ -778,8 +847,147 @@ declare function parseCertLines(stdout: string): CertEntry[];
|
|
|
778
847
|
*/
|
|
779
848
|
declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
|
|
780
849
|
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
850
|
+
/**
|
|
851
|
+
* The pluggable command registry — aih's ONE extension seam (OPA/Semgrep-style
|
|
852
|
+
* open core). The public harness is complete and fully local on its own; on
|
|
853
|
+
* startup the CLI probes for a single optional peer package,
|
|
854
|
+
* {@link PLUGIN_PACKAGE}, and when it is installed and valid, the `aihCommands`
|
|
855
|
+
* CommandSpecs it exports merge into the registry and appear as NATIVE
|
|
856
|
+
* subcommands — flowing through the identical registration path as the
|
|
857
|
+
* built-ins (shared flags, posture resolution, dirty-worktree gate, run
|
|
858
|
+
* ledger), so the private package bolts on without forking the core. An
|
|
859
|
+
* unenrolled machine sees zero output and zero behavior change.
|
|
860
|
+
*
|
|
861
|
+
* Rules the seam is built on:
|
|
862
|
+
* - LITERAL package name only. The probe always imports {@link PLUGIN_PACKAGE}
|
|
863
|
+
* verbatim — never an env var, flag, or config value — so nothing
|
|
864
|
+
* user-controlled can point the import at other code. (The `importer` and
|
|
865
|
+
* `resolver` options are purely test seams; production uses the platform
|
|
866
|
+
* dynamic import and `import.meta.resolve`.)
|
|
867
|
+
* - SAME INSTALL TREE only. Before importing, the probe resolves where the
|
|
868
|
+
* import WOULD load from and refuses anything outside the harness's own
|
|
869
|
+
* install tree, so a global or `npx`-run aih pointed at a hostile repo can
|
|
870
|
+
* never import that repo's planted `node_modules/@aihq/enterprise`. Honesty
|
|
871
|
+
* note (also in the README): when aih itself is installed INSIDE the target
|
|
872
|
+
* repo, the repo already controls the binary — the check draws the boundary
|
|
873
|
+
* at "the tree aih runs from", nothing stronger.
|
|
874
|
+
* - STARTUP BUDGET. The import races a timeout (default
|
|
875
|
+
* {@link DEFAULT_IMPORT_TIMEOUT_MS} ms); a slow or wedged plugin degrades to
|
|
876
|
+
* local-only with a warning instead of stalling every invocation. (`aih
|
|
877
|
+
* --version` skips the probe entirely — see src/cli.ts.)
|
|
878
|
+
* - Kill switch: `AIH_NO_PLUGINS=1` (read from the injectable `env`) skips the
|
|
879
|
+
* probe without touching the importer at all.
|
|
880
|
+
* - Fail open to LOCAL. A missing package is the normal unenrolled case
|
|
881
|
+
* (silent — zero noise); anything else (the package present but failing to
|
|
882
|
+
* resolve or load, a malformed export, an invalid or colliding spec)
|
|
883
|
+
* degrades to local-only behavior with a one-line warning. A broken plugin
|
|
884
|
+
* must never break the CLI.
|
|
885
|
+
* - Built-ins always win: a plugin spec whose name collides with a built-in
|
|
886
|
+
* command, a parent group, or commander's own `help`/`version` is refused
|
|
887
|
+
* ("refusing to shadow").
|
|
888
|
+
* - Shared + reserved flags are off-limits: a plugin option may not claim any
|
|
889
|
+
* token from {@link SHARED_FLAG_TOKENS} (the addSharedFlags surface) or
|
|
890
|
+
* commander's reserved `--help`/`-h`/`--version`/`-V`.
|
|
891
|
+
* - `skipWorktreeGate` is never honored for plugin commands — the field is
|
|
892
|
+
* stripped from the registered copy (see {@link stripWorktreeGateField}).
|
|
893
|
+
* - `deprecatedAliases` is never honored for plugin commands — aliases are
|
|
894
|
+
* the CORE rename machinery (STABILITY.md), and an alias is an extra
|
|
895
|
+
* dispatch name the collision rules above do not walk. The field is
|
|
896
|
+
* stripped from the registered copy with a warning (see
|
|
897
|
+
* {@link stripDeprecatedAliasesField}); built-in aliases stay reserved
|
|
898
|
+
* against plugin NAMES via builtinCommandNames.
|
|
899
|
+
* - Warnings render hostile input: every plugin-influenced string that lands
|
|
900
|
+
* in a warning routes through {@link sanitizeLabel} first.
|
|
901
|
+
*
|
|
902
|
+
* Trust boundary note: the boundary is package INSTALLATION — by the time this
|
|
903
|
+
* module inspects the export, `import()` has already run the plugin's module
|
|
904
|
+
* code, exactly like any other installed dependency. The structural gate below
|
|
905
|
+
* is about REGISTRY INTEGRITY (only well-formed, non-colliding specs register),
|
|
906
|
+
* not sandboxing: a gated spec may use any {@link CommandSpec} field, including
|
|
907
|
+
* `readOnly` (`skipWorktreeGate` being the one carve-out).
|
|
908
|
+
*/
|
|
909
|
+
/** The one probed plugin package. Literal by design — see the module jsdoc. */
|
|
910
|
+
declare const PLUGIN_PACKAGE = "@aihq/enterprise";
|
|
911
|
+
interface PluginLoadResult {
|
|
912
|
+
commands: CommandSpec[];
|
|
913
|
+
warnings: string[];
|
|
914
|
+
}
|
|
915
|
+
/** Import seam so tests can simulate any module shape without installing anything. */
|
|
916
|
+
type PluginImporter = (specifier: string) => Promise<unknown>;
|
|
917
|
+
/**
|
|
918
|
+
* Resolver seam for the install-tree boundary: maps the package specifier to
|
|
919
|
+
* the FILE PATH the import would load from. Production uses
|
|
920
|
+
* `import.meta.resolve`; tests inject paths inside/outside the allowed roots.
|
|
921
|
+
*/
|
|
922
|
+
type PluginResolver = (specifier: string) => string;
|
|
923
|
+
interface PluginLoadOptions {
|
|
924
|
+
/** Test seam replacing the platform dynamic import. */
|
|
925
|
+
importer?: PluginImporter;
|
|
926
|
+
/** Test seam replacing `import.meta.resolve` for the install-tree check. */
|
|
927
|
+
resolver?: PluginResolver;
|
|
928
|
+
/** Environment for the kill switch — matches runCapability's deps.env convention. */
|
|
929
|
+
env?: NodeJS.ProcessEnv;
|
|
930
|
+
/** Import budget in milliseconds (default {@link DEFAULT_IMPORT_TIMEOUT_MS}). */
|
|
931
|
+
timeoutMs?: number;
|
|
932
|
+
}
|
|
933
|
+
/**
|
|
934
|
+
* Long flag tokens `addSharedFlags` (src/commands/index.ts) puts on every
|
|
935
|
+
* capability subcommand. Mirrored as a constant because the registry must stay
|
|
936
|
+
* a leaf module — importing the command tree from here would create an import
|
|
937
|
+
* cycle (commands/index.ts imports {@link sanitizeLabel} back from this file).
|
|
938
|
+
* The mirror is pinned against the real addSharedFlags registration by
|
|
939
|
+
* tests/plugins/registry.test.ts, so any drift fails CI.
|
|
940
|
+
*/
|
|
941
|
+
declare const SHARED_FLAG_TOKENS: ReadonlySet<string>;
|
|
942
|
+
/**
|
|
943
|
+
* Make a plugin-influenced string safe to echo in a one-line warning: collapse
|
|
944
|
+
* newlines to spaces, strip C0/C1 control characters (including ESC, so
|
|
945
|
+
* ANSI/OSC sequences lose their teeth) plus DEL, and truncate to `max` with an
|
|
946
|
+
* ellipsis. Exported so the plugin-registration containment in
|
|
947
|
+
* src/commands/index.ts routes through the SAME sanitizer — one
|
|
948
|
+
* implementation, no drift.
|
|
949
|
+
*/
|
|
950
|
+
declare function sanitizeLabel(value: string, max?: number): string;
|
|
951
|
+
/**
|
|
952
|
+
* Every root the plugin is allowed to resolve under: each `node_modules`
|
|
953
|
+
* directory on the ancestor chain of THIS module's own file (after bundling,
|
|
954
|
+
* that file IS the CLI binary in `dist/`), plus `<package root>/node_modules`
|
|
955
|
+
* where the package root is the first ancestor directory carrying a
|
|
956
|
+
* package.json — that second clause covers running from the dev tree, where no
|
|
957
|
+
* ancestor is itself a node_modules. Everything is realpath'd; candidates that
|
|
958
|
+
* do not exist are dropped (a missing directory cannot contain the plugin).
|
|
959
|
+
* Exported as a test seam so tests can build paths inside a real root.
|
|
960
|
+
*/
|
|
961
|
+
declare function allowedPluginRoots(): string[];
|
|
962
|
+
/**
|
|
963
|
+
* Probe for {@link PLUGIN_PACKAGE} and return its registrable CommandSpecs.
|
|
964
|
+
* Never throws: every failure mode degrades to `{ commands: [] }` plus at most
|
|
965
|
+
* one-line warnings, so the CLI stays fully local no matter how broken the
|
|
966
|
+
* plugin is. `AIH_NO_PLUGINS=1` (from `opts.env ?? process.env`) skips the
|
|
967
|
+
* probe entirely. See {@link PluginLoadOptions} for the test seams.
|
|
968
|
+
*/
|
|
969
|
+
declare function loadExternalCommands(builtinNames: ReadonlySet<string>, opts?: PluginLoadOptions): Promise<PluginLoadResult>;
|
|
970
|
+
|
|
971
|
+
declare const VERSION = "1.0.0";
|
|
972
|
+
/**
|
|
973
|
+
* Build the configured commander program. Imported by both the CLI entry and
|
|
974
|
+
* tests. Stays SYNC: `extra` lets callers merge pre-loaded plugin specs — the
|
|
975
|
+
* async plugin probe lives in {@link buildProgramWithPlugins}. `warnings` is an
|
|
976
|
+
* optional sink for per-spec registration containment: a plugin spec Commander
|
|
977
|
+
* refuses at registration time is dropped with a warning instead of taking the
|
|
978
|
+
* CLI down (see registerCommands in src/commands/index.ts).
|
|
979
|
+
*/
|
|
980
|
+
declare function buildProgram(extra?: CommandSpec[], warnings?: string[]): Command;
|
|
981
|
+
/**
|
|
982
|
+
* The CLI entry's builder: probe for the optional `@aihq/enterprise` peer
|
|
983
|
+
* (fail-open to local — see src/plugins/registry.ts) and build with whatever
|
|
984
|
+
* validly loaded. `warnings` (probe + registration containment, in that order)
|
|
985
|
+
* is printed to stderr by the entry BEFORE parse; an unenrolled machine gets
|
|
986
|
+
* zero warnings and the exact buildProgram surface.
|
|
987
|
+
*/
|
|
988
|
+
declare function buildProgramWithPlugins(): Promise<{
|
|
989
|
+
program: Command;
|
|
990
|
+
warnings: string[];
|
|
991
|
+
}>;
|
|
784
992
|
|
|
785
|
-
export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, beginMarker, buildProgram, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
|
|
993
|
+
export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PLUGIN_PACKAGE, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type PluginImporter, type PluginLoadOptions, type PluginLoadResult, type PluginResolver, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, SHARED_FLAG_TOKENS, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, allowedPluginRoots, beginMarker, buildProgram, buildProgramWithPlugins, builtinCommandNames, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadExternalCommands, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, readRegularFile, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, sanitizeLabel, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
|
package/dist/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{$ as
|
|
1
|
+
import{$ as xr,A as Y,B as _,C as c,D as j,E as k,F as q,G as v,H as w,I as y,J as z,K as F,L as G,M as H,N as J,O as K,P as Q,Q as U,R as X,S as Z,T as $,U as rr,V as or,W as mr,X as er,Y as tr,Z as fr,_ as pr,a as i,aa as ir,b as a,ba as ar,c as A,ca as Ar,d,da as dr,e as g,ea as gr,f as l,fa as lr,g as n,ga as nr,h as s,ha as sr,i as u,ia as ur,j as C,ja as Cr,k as I,ka as r,l as L,la as o,m as N,ma as m,n as P,na as e,o as b,oa as t,p as E,pa as f,q as O,qa as p,r as S,s as D,sa as x,t as M,u as R,v as h,w as B,x as T,y as V,z as W}from"./chunk-HPWF2YPV.js";export{m as ALL_COMMANDS,i as AihError,r as CAPABILITIES,P as ContextDir,u as DirtyWorktreeError,I as FsTransaction,d as FsTxnError,n as MergeError,l as NotImplementedError,lr as PLUGIN_PACKAGE,s as PathContainmentError,A as PlatformError,o as READONLY,nr as SHARED_FLAG_TOKENS,a as SettingsError,f as VERSION,g as VerificationError,U as VerificationReport,ur as allowedPluginRoots,v as beginMarker,p as buildProgram,x as buildProgramWithPlugins,e as builtinCommandNames,Q as deepMerge,or as defaultRunner,tr as derBase64ToPem,D as digest,S as doc,M as dynamicDigest,w as endMarker,q as ensureTrailingNewline,T as envBlock,B as exec,$ as executePlan,mr as fakeRunner,z as formatExport,j as frontmatter,c as indent,K as isPlainObject,k as jsonFile,_ as lines,Cr as loadExternalCommands,b as loadSettings,gr as makeHostAdapter,y as managedBlock,er as missingToolRunner,ar as parseCertLines,xr as parseFirstInt,J as parseJsoncText,ir as parseNvidiaSmi,Ar as parsePemBlocks,W as plan,R as probe,h as probeMany,L as readIfExists,N as readRegularFile,t as registerCommands,V as remove,H as removeManagedBlock,Z as resolveContents,dr as resolvePlatform,C as retryTransient,fr as safeCaPattern,sr as sanitizeLabel,Y as stripTrailingNewlines,rr as summarizeResult,F as upsertManagedBlock,G as upsertTextBlock,pr as vdiFromEnv,X as writeArtifact,O as writeJson,E as writeText};
|