npm - @aitne/daemon - Versions diffs - 0.1.0 - Mend

@aitne/daemon 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1386) hide show

package/LICENSE +21 -0
package/dist/adapters/composite-dashboard-stream.d.ts +42 -0
package/dist/adapters/composite-dashboard-stream.d.ts.map +1 -0
package/dist/adapters/composite-dashboard-stream.js +49 -0
package/dist/adapters/composite-dashboard-stream.js.map +1 -0
package/dist/adapters/dashboard-adapter.d.ts +104 -0
package/dist/adapters/dashboard-adapter.d.ts.map +1 -0
package/dist/adapters/dashboard-adapter.js +216 -0
package/dist/adapters/dashboard-adapter.js.map +1 -0
package/dist/adapters/discord.d.ts +77 -0
package/dist/adapters/discord.d.ts.map +1 -0
package/dist/adapters/discord.js +339 -0
package/dist/adapters/discord.js.map +1 -0
package/dist/adapters/docs-qa-adapter.d.ts +123 -0
package/dist/adapters/docs-qa-adapter.d.ts.map +1 -0
package/dist/adapters/docs-qa-adapter.js +218 -0
package/dist/adapters/docs-qa-adapter.js.map +1 -0
package/dist/adapters/message-hub.d.ts +70 -0
package/dist/adapters/message-hub.d.ts.map +1 -0
package/dist/adapters/message-hub.js +359 -0
package/dist/adapters/message-hub.js.map +1 -0
package/dist/adapters/notification-manager.d.ts +99 -0
package/dist/adapters/notification-manager.d.ts.map +1 -0
package/dist/adapters/notification-manager.js +498 -0
package/dist/adapters/notification-manager.js.map +1 -0
package/dist/adapters/outbound-text.d.ts +28 -0
package/dist/adapters/outbound-text.d.ts.map +1 -0
package/dist/adapters/outbound-text.js +58 -0
package/dist/adapters/outbound-text.js.map +1 -0
package/dist/adapters/slack-adapter.d.ts +82 -0
package/dist/adapters/slack-adapter.d.ts.map +1 -0
package/dist/adapters/slack-adapter.js +359 -0
package/dist/adapters/slack-adapter.js.map +1 -0
package/dist/adapters/telegram-adapter.d.ts +107 -0
package/dist/adapters/telegram-adapter.d.ts.map +1 -0
package/dist/adapters/telegram-adapter.js +477 -0
package/dist/adapters/telegram-adapter.js.map +1 -0
package/dist/adapters/types.d.ts +92 -0
package/dist/adapters/types.d.ts.map +1 -0
package/dist/adapters/types.js +2 -0
package/dist/adapters/types.js.map +1 -0
package/dist/adapters/whatsapp-adapter.d.ts +213 -0
package/dist/adapters/whatsapp-adapter.d.ts.map +1 -0
package/dist/adapters/whatsapp-adapter.js +1216 -0
package/dist/adapters/whatsapp-adapter.js.map +1 -0
package/dist/api/chat-binding-query.d.ts +36 -0
package/dist/api/chat-binding-query.d.ts.map +1 -0
package/dist/api/chat-binding-query.js +63 -0
package/dist/api/chat-binding-query.js.map +1 -0
package/dist/api/chat-session-resume.d.ts +12 -0
package/dist/api/chat-session-resume.d.ts.map +1 -0
package/dist/api/chat-session-resume.js +21 -0
package/dist/api/chat-session-resume.js.map +1 -0
package/dist/api/delegated-proxy-helper.d.ts +33 -0
package/dist/api/delegated-proxy-helper.d.ts.map +1 -0
package/dist/api/delegated-proxy-helper.js +54 -0
package/dist/api/delegated-proxy-helper.js.map +1 -0
package/dist/api/directory-picker.d.ts +38 -0
package/dist/api/directory-picker.d.ts.map +1 -0
package/dist/api/directory-picker.js +278 -0
package/dist/api/directory-picker.js.map +1 -0
package/dist/api/env-writer.d.ts +25 -0
package/dist/api/env-writer.d.ts.map +1 -0
package/dist/api/env-writer.js +421 -0
package/dist/api/env-writer.js.map +1 -0
package/dist/api/integration-route-gate.d.ts +60 -0
package/dist/api/integration-route-gate.d.ts.map +1 -0
package/dist/api/integration-route-gate.js +83 -0
package/dist/api/integration-route-gate.js.map +1 -0
package/dist/api/json-body.d.ts +29 -0
package/dist/api/json-body.d.ts.map +1 -0
package/dist/api/json-body.js +87 -0
package/dist/api/json-body.js.map +1 -0
package/dist/api/routes/activity-sources.d.ts +20 -0
package/dist/api/routes/activity-sources.d.ts.map +1 -0
package/dist/api/routes/activity-sources.js +18 -0
package/dist/api/routes/activity-sources.js.map +1 -0
package/dist/api/routes/agent.d.ts +4 -0
package/dist/api/routes/agent.d.ts.map +1 -0
package/dist/api/routes/agent.js +619 -0
package/dist/api/routes/agent.js.map +1 -0
package/dist/api/routes/apple-calendar.d.ts +31 -0
package/dist/api/routes/apple-calendar.d.ts.map +1 -0
package/dist/api/routes/apple-calendar.js +310 -0
package/dist/api/routes/apple-calendar.js.map +1 -0
package/dist/api/routes/attachments.d.ts +36 -0
package/dist/api/routes/attachments.d.ts.map +1 -0
package/dist/api/routes/attachments.js +305 -0
package/dist/api/routes/attachments.js.map +1 -0
package/dist/api/routes/backends.d.ts +4 -0
package/dist/api/routes/backends.d.ts.map +1 -0
package/dist/api/routes/backends.js +1132 -0
package/dist/api/routes/backends.js.map +1 -0
package/dist/api/routes/books.d.ts +63 -0
package/dist/api/routes/books.d.ts.map +1 -0
package/dist/api/routes/books.js +467 -0
package/dist/api/routes/books.js.map +1 -0
package/dist/api/routes/calendar.d.ts +36 -0
package/dist/api/routes/calendar.d.ts.map +1 -0
package/dist/api/routes/calendar.js +351 -0
package/dist/api/routes/calendar.js.map +1 -0
package/dist/api/routes/commands.d.ts +4 -0
package/dist/api/routes/commands.d.ts.map +1 -0
package/dist/api/routes/commands.js +251 -0
package/dist/api/routes/commands.js.map +1 -0
package/dist/api/routes/context.d.ts +57 -0
package/dist/api/routes/context.d.ts.map +1 -0
package/dist/api/routes/context.js +1765 -0
package/dist/api/routes/context.js.map +1 -0
package/dist/api/routes/dashboard.d.ts +29 -0
package/dist/api/routes/dashboard.d.ts.map +1 -0
package/dist/api/routes/dashboard.js +2062 -0
package/dist/api/routes/dashboard.js.map +1 -0
package/dist/api/routes/delegated-sync.d.ts +4 -0
package/dist/api/routes/delegated-sync.d.ts.map +1 -0
package/dist/api/routes/delegated-sync.js +192 -0
package/dist/api/routes/delegated-sync.js.map +1 -0
package/dist/api/routes/delegated.d.ts +42 -0
package/dist/api/routes/delegated.d.ts.map +1 -0
package/dist/api/routes/delegated.js +250 -0
package/dist/api/routes/delegated.js.map +1 -0
package/dist/api/routes/docs.d.ts +34 -0
package/dist/api/routes/docs.d.ts.map +1 -0
package/dist/api/routes/docs.js +580 -0
package/dist/api/routes/docs.js.map +1 -0
package/dist/api/routes/entities.d.ts +9 -0
package/dist/api/routes/entities.d.ts.map +1 -0
package/dist/api/routes/entities.js +176 -0
package/dist/api/routes/entities.js.map +1 -0
package/dist/api/routes/git-accounts.d.ts +23 -0
package/dist/api/routes/git-accounts.d.ts.map +1 -0
package/dist/api/routes/git-accounts.js +227 -0
package/dist/api/routes/git-accounts.js.map +1 -0
package/dist/api/routes/git-templates.d.ts +50 -0
package/dist/api/routes/git-templates.d.ts.map +1 -0
package/dist/api/routes/git-templates.js +276 -0
package/dist/api/routes/git-templates.js.map +1 -0
package/dist/api/routes/git.d.ts +34 -0
package/dist/api/routes/git.d.ts.map +1 -0
package/dist/api/routes/git.js +126 -0
package/dist/api/routes/git.js.map +1 -0
package/dist/api/routes/github.d.ts +34 -0
package/dist/api/routes/github.d.ts.map +1 -0
package/dist/api/routes/github.js +465 -0
package/dist/api/routes/github.js.map +1 -0
package/dist/api/routes/health.d.ts +4 -0
package/dist/api/routes/health.d.ts.map +1 -0
package/dist/api/routes/health.js +257 -0
package/dist/api/routes/health.js.map +1 -0
package/dist/api/routes/integrations-reconcile.d.ts +33 -0
package/dist/api/routes/integrations-reconcile.d.ts.map +1 -0
package/dist/api/routes/integrations-reconcile.js +463 -0
package/dist/api/routes/integrations-reconcile.js.map +1 -0
package/dist/api/routes/integrations.d.ts +19 -0
package/dist/api/routes/integrations.d.ts.map +1 -0
package/dist/api/routes/integrations.js +1384 -0
package/dist/api/routes/integrations.js.map +1 -0
package/dist/api/routes/knowledge.d.ts +4 -0
package/dist/api/routes/knowledge.d.ts.map +1 -0
package/dist/api/routes/knowledge.js +224 -0
package/dist/api/routes/knowledge.js.map +1 -0
package/dist/api/routes/mail.d.ts +39 -0
package/dist/api/routes/mail.d.ts.map +1 -0
package/dist/api/routes/mail.js +1406 -0
package/dist/api/routes/mail.js.map +1 -0
package/dist/api/routes/managed-tasks.d.ts +48 -0
package/dist/api/routes/managed-tasks.d.ts.map +1 -0
package/dist/api/routes/managed-tasks.js +844 -0
package/dist/api/routes/managed-tasks.js.map +1 -0
package/dist/api/routes/mcp.d.ts +50 -0
package/dist/api/routes/mcp.d.ts.map +1 -0
package/dist/api/routes/mcp.js +470 -0
package/dist/api/routes/mcp.js.map +1 -0
package/dist/api/routes/metrics.d.ts +13 -0
package/dist/api/routes/metrics.d.ts.map +1 -0
package/dist/api/routes/metrics.js +117 -0
package/dist/api/routes/metrics.js.map +1 -0
package/dist/api/routes/notion.d.ts +35 -0
package/dist/api/routes/notion.d.ts.map +1 -0
package/dist/api/routes/notion.js +442 -0
package/dist/api/routes/notion.js.map +1 -0
package/dist/api/routes/observations.d.ts +4 -0
package/dist/api/routes/observations.d.ts.map +1 -0
package/dist/api/routes/observations.js +177 -0
package/dist/api/routes/observations.js.map +1 -0
package/dist/api/routes/obsidian.d.ts +16 -0
package/dist/api/routes/obsidian.d.ts.map +1 -0
package/dist/api/routes/obsidian.js +321 -0
package/dist/api/routes/obsidian.js.map +1 -0
package/dist/api/routes/profile-questions.d.ts +17 -0
package/dist/api/routes/profile-questions.d.ts.map +1 -0
package/dist/api/routes/profile-questions.js +115 -0
package/dist/api/routes/profile-questions.js.map +1 -0
package/dist/api/routes/receipts.d.ts +4 -0
package/dist/api/routes/receipts.d.ts.map +1 -0
package/dist/api/routes/receipts.js +155 -0
package/dist/api/routes/receipts.js.map +1 -0
package/dist/api/routes/recurring-schedules.d.ts +4 -0
package/dist/api/routes/recurring-schedules.d.ts.map +1 -0
package/dist/api/routes/recurring-schedules.js +137 -0
package/dist/api/routes/recurring-schedules.js.map +1 -0
package/dist/api/routes/repositories.d.ts +40 -0
package/dist/api/routes/repositories.d.ts.map +1 -0
package/dist/api/routes/repositories.js +857 -0
package/dist/api/routes/repositories.js.map +1 -0
package/dist/api/routes/setup-migrate.d.ts +74 -0
package/dist/api/routes/setup-migrate.d.ts.map +1 -0
package/dist/api/routes/setup-migrate.js +944 -0
package/dist/api/routes/setup-migrate.js.map +1 -0
package/dist/api/routes/setup.d.ts +4 -0
package/dist/api/routes/setup.d.ts.map +1 -0
package/dist/api/routes/setup.js +443 -0
package/dist/api/routes/setup.js.map +1 -0
package/dist/api/routes/skill-curation.d.ts +5 -0
package/dist/api/routes/skill-curation.d.ts.map +1 -0
package/dist/api/routes/skill-curation.js +728 -0
package/dist/api/routes/skill-curation.js.map +1 -0
package/dist/api/routes/skills.d.ts +52 -0
package/dist/api/routes/skills.d.ts.map +1 -0
package/dist/api/routes/skills.js +429 -0
package/dist/api/routes/skills.js.map +1 -0
package/dist/api/routes/sot-bindings.d.ts +20 -0
package/dist/api/routes/sot-bindings.d.ts.map +1 -0
package/dist/api/routes/sot-bindings.js +163 -0
package/dist/api/routes/sot-bindings.js.map +1 -0
package/dist/api/routes/sse.d.ts +86 -0
package/dist/api/routes/sse.d.ts.map +1 -0
package/dist/api/routes/sse.js +378 -0
package/dist/api/routes/sse.js.map +1 -0
package/dist/api/routes/system.d.ts +4 -0
package/dist/api/routes/system.d.ts.map +1 -0
package/dist/api/routes/system.js +207 -0
package/dist/api/routes/system.js.map +1 -0
package/dist/api/routes/task-flows.d.ts +30 -0
package/dist/api/routes/task-flows.d.ts.map +1 -0
package/dist/api/routes/task-flows.js +155 -0
package/dist/api/routes/task-flows.js.map +1 -0
package/dist/api/routes/travel-bookings.d.ts +4 -0
package/dist/api/routes/travel-bookings.d.ts.map +1 -0
package/dist/api/routes/travel-bookings.js +142 -0
package/dist/api/routes/travel-bookings.js.map +1 -0
package/dist/api/routes/travel-time.d.ts +8 -0
package/dist/api/routes/travel-time.d.ts.map +1 -0
package/dist/api/routes/travel-time.js +87 -0
package/dist/api/routes/travel-time.js.map +1 -0
package/dist/api/routes/triggers.d.ts +4 -0
package/dist/api/routes/triggers.d.ts.map +1 -0
package/dist/api/routes/triggers.js +101 -0
package/dist/api/routes/triggers.js.map +1 -0
package/dist/api/routes/voice.d.ts +48 -0
package/dist/api/routes/voice.d.ts.map +1 -0
package/dist/api/routes/voice.js +232 -0
package/dist/api/routes/voice.js.map +1 -0
package/dist/api/server.d.ts +428 -0
package/dist/api/server.d.ts.map +1 -0
package/dist/api/server.js +558 -0
package/dist/api/server.js.map +1 -0
package/dist/config.d.ts +136 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +699 -0
package/dist/config.js.map +1 -0
package/dist/core/agent-core.d.ts +517 -0
package/dist/core/agent-core.d.ts.map +1 -0
package/dist/core/agent-core.js +102 -0
package/dist/core/agent-core.js.map +1 -0
package/dist/core/alerts.d.ts +86 -0
package/dist/core/alerts.d.ts.map +1 -0
package/dist/core/alerts.js +304 -0
package/dist/core/alerts.js.map +1 -0
package/dist/core/atomic-write.d.ts +51 -0
package/dist/core/atomic-write.d.ts.map +1 -0
package/dist/core/atomic-write.js +135 -0
package/dist/core/atomic-write.js.map +1 -0
package/dist/core/backends/api-key-probe.d.ts +40 -0
package/dist/core/backends/api-key-probe.d.ts.map +1 -0
package/dist/core/backends/api-key-probe.js +116 -0
package/dist/core/backends/api-key-probe.js.map +1 -0
package/dist/core/backends/auth-health-monitor.d.ts +373 -0
package/dist/core/backends/auth-health-monitor.d.ts.map +1 -0
package/dist/core/backends/auth-health-monitor.js +950 -0
package/dist/core/backends/auth-health-monitor.js.map +1 -0
package/dist/core/backends/auth-recovery.d.ts +263 -0
package/dist/core/backends/auth-recovery.d.ts.map +1 -0
package/dist/core/backends/auth-recovery.js +1086 -0
package/dist/core/backends/auth-recovery.js.map +1 -0
package/dist/core/backends/auth-telemetry.d.ts +81 -0
package/dist/core/backends/auth-telemetry.d.ts.map +1 -0
package/dist/core/backends/auth-telemetry.js +108 -0
package/dist/core/backends/auth-telemetry.js.map +1 -0
package/dist/core/backends/backend-router.d.ts +272 -0
package/dist/core/backends/backend-router.d.ts.map +1 -0
package/dist/core/backends/backend-router.js +759 -0
package/dist/core/backends/backend-router.js.map +1 -0
package/dist/core/backends/claude-code-core.d.ts +299 -0
package/dist/core/backends/claude-code-core.d.ts.map +1 -0
package/dist/core/backends/claude-code-core.js +2541 -0
package/dist/core/backends/claude-code-core.js.map +1 -0
package/dist/core/backends/claude-credentials-store.d.ts +83 -0
package/dist/core/backends/claude-credentials-store.d.ts.map +1 -0
package/dist/core/backends/claude-credentials-store.js +243 -0
package/dist/core/backends/claude-credentials-store.js.map +1 -0
package/dist/core/backends/cli-utils.d.ts +95 -0
package/dist/core/backends/cli-utils.d.ts.map +1 -0
package/dist/core/backends/cli-utils.js +464 -0
package/dist/core/backends/cli-utils.js.map +1 -0
package/dist/core/backends/codex-core.d.ts +127 -0
package/dist/core/backends/codex-core.d.ts.map +1 -0
package/dist/core/backends/codex-core.js +1693 -0
package/dist/core/backends/codex-core.js.map +1 -0
package/dist/core/backends/gemini-cli-core.d.ts +367 -0
package/dist/core/backends/gemini-cli-core.d.ts.map +1 -0
package/dist/core/backends/gemini-cli-core.js +2331 -0
package/dist/core/backends/gemini-cli-core.js.map +1 -0
package/dist/core/backends/idle-watchdog.d.ts +77 -0
package/dist/core/backends/idle-watchdog.d.ts.map +1 -0
package/dist/core/backends/idle-watchdog.js +94 -0
package/dist/core/backends/idle-watchdog.js.map +1 -0
package/dist/core/backends/install-methods.d.ts +93 -0
package/dist/core/backends/install-methods.d.ts.map +1 -0
package/dist/core/backends/install-methods.js +267 -0
package/dist/core/backends/install-methods.js.map +1 -0
package/dist/core/backends/model-registry.d.ts +58 -0
package/dist/core/backends/model-registry.d.ts.map +1 -0
package/dist/core/backends/model-registry.js +539 -0
package/dist/core/backends/model-registry.js.map +1 -0
package/dist/core/backends/plan-presets.d.ts +123 -0
package/dist/core/backends/plan-presets.d.ts.map +1 -0
package/dist/core/backends/plan-presets.js +235 -0
package/dist/core/backends/plan-presets.js.map +1 -0
package/dist/core/backends/price-fetcher.d.ts +48 -0
package/dist/core/backends/price-fetcher.d.ts.map +1 -0
package/dist/core/backends/price-fetcher.js +248 -0
package/dist/core/backends/price-fetcher.js.map +1 -0
package/dist/core/backends/process-config-cascade.d.ts +68 -0
package/dist/core/backends/process-config-cascade.d.ts.map +1 -0
package/dist/core/backends/process-config-cascade.js +173 -0
package/dist/core/backends/process-config-cascade.js.map +1 -0
package/dist/core/backends/prompt-utils.d.ts +6 -0
package/dist/core/backends/prompt-utils.d.ts.map +1 -0
package/dist/core/backends/prompt-utils.js +80 -0
package/dist/core/backends/prompt-utils.js.map +1 -0
package/dist/core/backends/proxy-model-registry.d.ts +110 -0
package/dist/core/backends/proxy-model-registry.d.ts.map +1 -0
package/dist/core/backends/proxy-model-registry.js +195 -0
package/dist/core/backends/proxy-model-registry.js.map +1 -0
package/dist/core/backends/silent-api-error-detector.d.ts +31 -0
package/dist/core/backends/silent-api-error-detector.d.ts.map +1 -0
package/dist/core/backends/silent-api-error-detector.js +44 -0
package/dist/core/backends/silent-api-error-detector.js.map +1 -0
package/dist/core/bang-commands/commands-cost.d.ts +13 -0
package/dist/core/bang-commands/commands-cost.d.ts.map +1 -0
package/dist/core/bang-commands/commands-cost.js +91 -0
package/dist/core/bang-commands/commands-cost.js.map +1 -0
package/dist/core/bang-commands/commands-report.d.ts +18 -0
package/dist/core/bang-commands/commands-report.d.ts.map +1 -0
package/dist/core/bang-commands/commands-report.js +105 -0
package/dist/core/bang-commands/commands-report.js.map +1 -0
package/dist/core/bang-commands/commands-stop-start.d.ts +4 -0
package/dist/core/bang-commands/commands-stop-start.d.ts.map +1 -0
package/dist/core/bang-commands/commands-stop-start.js +88 -0
package/dist/core/bang-commands/commands-stop-start.js.map +1 -0
package/dist/core/bang-commands/format-utils.d.ts +34 -0
package/dist/core/bang-commands/format-utils.d.ts.map +1 -0
package/dist/core/bang-commands/format-utils.js +118 -0
package/dist/core/bang-commands/format-utils.js.map +1 -0
package/dist/core/bang-commands/index.d.ts +20 -0
package/dist/core/bang-commands/index.d.ts.map +1 -0
package/dist/core/bang-commands/index.js +31 -0
package/dist/core/bang-commands/index.js.map +1 -0
package/dist/core/bang-commands/registry.d.ts +72 -0
package/dist/core/bang-commands/registry.d.ts.map +1 -0
package/dist/core/bang-commands/registry.js +174 -0
package/dist/core/bang-commands/registry.js.map +1 -0
package/dist/core/bang-commands/user-commands.d.ts +86 -0
package/dist/core/bang-commands/user-commands.d.ts.map +1 -0
package/dist/core/bang-commands/user-commands.js +212 -0
package/dist/core/bang-commands/user-commands.js.map +1 -0
package/dist/core/channel-timeline.d.ts +28 -0
package/dist/core/channel-timeline.d.ts.map +1 -0
package/dist/core/channel-timeline.js +117 -0
package/dist/core/channel-timeline.js.map +1 -0
package/dist/core/character-block.d.ts +37 -0
package/dist/core/character-block.d.ts.map +1 -0
package/dist/core/character-block.js +162 -0
package/dist/core/character-block.js.map +1 -0
package/dist/core/context/activity-sources.d.ts +37 -0
package/dist/core/context/activity-sources.d.ts.map +1 -0
package/dist/core/context/activity-sources.js +69 -0
package/dist/core/context/activity-sources.js.map +1 -0
package/dist/core/context/activity-view-reconciler.d.ts +110 -0
package/dist/core/context/activity-view-reconciler.d.ts.map +1 -0
package/dist/core/context/activity-view-reconciler.js +252 -0
package/dist/core/context/activity-view-reconciler.js.map +1 -0
package/dist/core/context/activity-view-runner.d.ts +38 -0
package/dist/core/context/activity-view-runner.d.ts.map +1 -0
package/dist/core/context/activity-view-runner.js +402 -0
package/dist/core/context/activity-view-runner.js.map +1 -0
package/dist/core/context/default-schedules-reconciler.d.ts +85 -0
package/dist/core/context/default-schedules-reconciler.d.ts.map +1 -0
package/dist/core/context/default-schedules-reconciler.js +153 -0
package/dist/core/context/default-schedules-reconciler.js.map +1 -0
package/dist/core/context/default-schedules-runner.d.ts +40 -0
package/dist/core/context/default-schedules-runner.d.ts.map +1 -0
package/dist/core/context/default-schedules-runner.js +233 -0
package/dist/core/context/default-schedules-runner.js.map +1 -0
package/dist/core/context/domain-index-reconciler.d.ts +81 -0
package/dist/core/context/domain-index-reconciler.d.ts.map +1 -0
package/dist/core/context/domain-index-reconciler.js +199 -0
package/dist/core/context/domain-index-reconciler.js.map +1 -0
package/dist/core/context/domain-index-runner.d.ts +35 -0
package/dist/core/context/domain-index-runner.d.ts.map +1 -0
package/dist/core/context/domain-index-runner.js +223 -0
package/dist/core/context/domain-index-runner.js.map +1 -0
package/dist/core/context/entity-mirror.d.ts +227 -0
package/dist/core/context/entity-mirror.d.ts.map +1 -0
package/dist/core/context/entity-mirror.js +629 -0
package/dist/core/context/entity-mirror.js.map +1 -0
package/dist/core/context/entity-source-rename.d.ts +61 -0
package/dist/core/context/entity-source-rename.d.ts.map +1 -0
package/dist/core/context/entity-source-rename.js +237 -0
package/dist/core/context/entity-source-rename.js.map +1 -0
package/dist/core/context/index-reconciler.d.ts +61 -0
package/dist/core/context/index-reconciler.d.ts.map +1 -0
package/dist/core/context/index-reconciler.js +329 -0
package/dist/core/context/index-reconciler.js.map +1 -0
package/dist/core/context/policy-index-reconciler.d.ts +102 -0
package/dist/core/context/policy-index-reconciler.d.ts.map +1 -0
package/dist/core/context/policy-index-reconciler.js +202 -0
package/dist/core/context/policy-index-reconciler.js.map +1 -0
package/dist/core/context/policy-index-runner.d.ts +66 -0
package/dist/core/context/policy-index-runner.d.ts.map +1 -0
package/dist/core/context/policy-index-runner.js +406 -0
package/dist/core/context/policy-index-runner.js.map +1 -0
package/dist/core/context/reconciler-runner.d.ts +44 -0
package/dist/core/context/reconciler-runner.d.ts.map +1 -0
package/dist/core/context/reconciler-runner.js +273 -0
package/dist/core/context/reconciler-runner.js.map +1 -0
package/dist/core/context-builder.d.ts +115 -0
package/dist/core/context-builder.d.ts.map +1 -0
package/dist/core/context-builder.js +1148 -0
package/dist/core/context-builder.js.map +1 -0
package/dist/core/context-frontmatter-backfill.d.ts +33 -0
package/dist/core/context-frontmatter-backfill.d.ts.map +1 -0
package/dist/core/context-frontmatter-backfill.js +111 -0
package/dist/core/context-frontmatter-backfill.js.map +1 -0
package/dist/core/context-frontmatter.d.ts +13 -0
package/dist/core/context-frontmatter.d.ts.map +1 -0
package/dist/core/context-frontmatter.js +325 -0
package/dist/core/context-frontmatter.js.map +1 -0
package/dist/core/context-health.d.ts +51 -0
package/dist/core/context-health.d.ts.map +1 -0
package/dist/core/context-health.js +304 -0
package/dist/core/context-health.js.map +1 -0
package/dist/core/context-paths.d.ts +183 -0
package/dist/core/context-paths.d.ts.map +1 -0
package/dist/core/context-paths.js +241 -0
package/dist/core/context-paths.js.map +1 -0
package/dist/core/context-staleness.d.ts +45 -0
package/dist/core/context-staleness.d.ts.map +1 -0
package/dist/core/context-staleness.js +88 -0
package/dist/core/context-staleness.js.map +1 -0
package/dist/core/custom-routine-scheduler.d.ts +151 -0
package/dist/core/custom-routine-scheduler.d.ts.map +1 -0
package/dist/core/custom-routine-scheduler.js +335 -0
package/dist/core/custom-routine-scheduler.js.map +1 -0
package/dist/core/daemon-api-cli.d.ts +33 -0
package/dist/core/daemon-api-cli.d.ts.map +1 -0
package/dist/core/daemon-api-cli.js +614 -0
package/dist/core/daemon-api-cli.js.map +1 -0
package/dist/core/dashboard-session-cleanup.d.ts +39 -0
package/dist/core/dashboard-session-cleanup.d.ts.map +1 -0
package/dist/core/dashboard-session-cleanup.js +108 -0
package/dist/core/dashboard-session-cleanup.js.map +1 -0
package/dist/core/dashboard-session-controls.d.ts +41 -0
package/dist/core/dashboard-session-controls.d.ts.map +1 -0
package/dist/core/dashboard-session-controls.js +154 -0
package/dist/core/dashboard-session-controls.js.map +1 -0
package/dist/core/delegated-connector-health.d.ts +63 -0
package/dist/core/delegated-connector-health.d.ts.map +1 -0
package/dist/core/delegated-connector-health.js +157 -0
package/dist/core/delegated-connector-health.js.map +1 -0
package/dist/core/dispatcher.d.ts +999 -0
package/dist/core/dispatcher.d.ts.map +1 -0
package/dist/core/dispatcher.js +4378 -0
package/dist/core/dispatcher.js.map +1 -0
package/dist/core/dm-freshness-metrics.d.ts +73 -0
package/dist/core/dm-freshness-metrics.d.ts.map +1 -0
package/dist/core/dm-freshness-metrics.js +138 -0
package/dist/core/dm-freshness-metrics.js.map +1 -0
package/dist/core/docs/citation-validator.d.ts +73 -0
package/dist/core/docs/citation-validator.d.ts.map +1 -0
package/dist/core/docs/citation-validator.js +195 -0
package/dist/core/docs/citation-validator.js.map +1 -0
package/dist/core/docs/extract-terms.d.ts +78 -0
package/dist/core/docs/extract-terms.d.ts.map +1 -0
package/dist/core/docs/extract-terms.js +147 -0
package/dist/core/docs/extract-terms.js.map +1 -0
package/dist/core/docs/indexer.d.ts +104 -0
package/dist/core/docs/indexer.d.ts.map +1 -0
package/dist/core/docs/indexer.js +340 -0
package/dist/core/docs/indexer.js.map +1 -0
package/dist/core/drift-effects.d.ts +30 -0
package/dist/core/drift-effects.d.ts.map +1 -0
package/dist/core/drift-effects.js +384 -0
package/dist/core/drift-effects.js.map +1 -0
package/dist/core/event-bus.d.ts +56 -0
package/dist/core/event-bus.d.ts.map +1 -0
package/dist/core/event-bus.js +135 -0
package/dist/core/event-bus.js.map +1 -0
package/dist/core/git-project-docs.d.ts +77 -0
package/dist/core/git-project-docs.d.ts.map +1 -0
package/dist/core/git-project-docs.js +439 -0
package/dist/core/git-project-docs.js.map +1 -0
package/dist/core/health-monitor.d.ts +57 -0
package/dist/core/health-monitor.d.ts.map +1 -0
package/dist/core/health-monitor.js +137 -0
package/dist/core/health-monitor.js.map +1 -0
package/dist/core/heartbeat.d.ts +26 -0
package/dist/core/heartbeat.d.ts.map +1 -0
package/dist/core/heartbeat.js +48 -0
package/dist/core/heartbeat.js.map +1 -0
package/dist/core/integration-health.d.ts +49 -0
package/dist/core/integration-health.d.ts.map +1 -0
package/dist/core/integration-health.js +89 -0
package/dist/core/integration-health.js.map +1 -0
package/dist/core/integration-lifecycle.d.ts +79 -0
package/dist/core/integration-lifecycle.d.ts.map +1 -0
package/dist/core/integration-lifecycle.js +153 -0
package/dist/core/integration-lifecycle.js.map +1 -0
package/dist/core/integration-main-backend.d.ts +36 -0
package/dist/core/integration-main-backend.d.ts.map +1 -0
package/dist/core/integration-main-backend.js +59 -0
package/dist/core/integration-main-backend.js.map +1 -0
package/dist/core/integration-probe.d.ts +98 -0
package/dist/core/integration-probe.d.ts.map +1 -0
package/dist/core/integration-probe.js +152 -0
package/dist/core/integration-probe.js.map +1 -0
package/dist/core/management-md-write-lock.d.ts +68 -0
package/dist/core/management-md-write-lock.d.ts.map +1 -0
package/dist/core/management-md-write-lock.js +93 -0
package/dist/core/management-md-write-lock.js.map +1 -0
package/dist/core/management-md.d.ts +186 -0
package/dist/core/management-md.d.ts.map +1 -0
package/dist/core/management-md.js +652 -0
package/dist/core/management-md.js.map +1 -0
package/dist/core/management-registry.d.ts +245 -0
package/dist/core/management-registry.d.ts.map +1 -0
package/dist/core/management-registry.js +906 -0
package/dist/core/management-registry.js.map +1 -0
package/dist/core/management-telemetry.d.ts +100 -0
package/dist/core/management-telemetry.d.ts.map +1 -0
package/dist/core/management-telemetry.js +156 -0
package/dist/core/management-telemetry.js.map +1 -0
package/dist/core/message-recorder.d.ts +38 -0
package/dist/core/message-recorder.d.ts.map +1 -0
package/dist/core/message-recorder.js +88 -0
package/dist/core/message-recorder.js.map +1 -0
package/dist/core/metrics.d.ts +338 -0
package/dist/core/metrics.d.ts.map +1 -0
package/dist/core/metrics.js +747 -0
package/dist/core/metrics.js.map +1 -0
package/dist/core/migration-backup.d.ts +218 -0
package/dist/core/migration-backup.d.ts.map +1 -0
package/dist/core/migration-backup.js +934 -0
package/dist/core/migration-backup.js.map +1 -0
package/dist/core/overview-write-lock.d.ts +48 -0
package/dist/core/overview-write-lock.d.ts.map +1 -0
package/dist/core/overview-write-lock.js +56 -0
package/dist/core/overview-write-lock.js.map +1 -0
package/dist/core/path-compat.d.ts +22 -0
package/dist/core/path-compat.d.ts.map +1 -0
package/dist/core/path-compat.js +67 -0
package/dist/core/path-compat.js.map +1 -0
package/dist/core/path-rewrite.d.ts +58 -0
package/dist/core/path-rewrite.d.ts.map +1 -0
package/dist/core/path-rewrite.js +141 -0
package/dist/core/path-rewrite.js.map +1 -0
package/dist/core/policy-files.d.ts +108 -0
package/dist/core/policy-files.d.ts.map +1 -0
package/dist/core/policy-files.js +198 -0
package/dist/core/policy-files.js.map +1 -0
package/dist/core/profile-questions/seed.d.ts +44 -0
package/dist/core/profile-questions/seed.d.ts.map +1 -0
package/dist/core/profile-questions/seed.js +173 -0
package/dist/core/profile-questions/seed.js.map +1 -0
package/dist/core/profile-questions/slot-filled.d.ts +51 -0
package/dist/core/profile-questions/slot-filled.d.ts.map +1 -0
package/dist/core/profile-questions/slot-filled.js +118 -0
package/dist/core/profile-questions/slot-filled.js.map +1 -0
package/dist/core/prompts.d.ts +111 -0
package/dist/core/prompts.d.ts.map +1 -0
package/dist/core/prompts.js +267 -0
package/dist/core/prompts.js.map +1 -0
package/dist/core/quiet-hours-sync.d.ts +15 -0
package/dist/core/quiet-hours-sync.d.ts.map +1 -0
package/dist/core/quiet-hours-sync.js +51 -0
package/dist/core/quiet-hours-sync.js.map +1 -0
package/dist/core/read-sensitive-token-manager.d.ts +19 -0
package/dist/core/read-sensitive-token-manager.d.ts.map +1 -0
package/dist/core/read-sensitive-token-manager.js +29 -0
package/dist/core/read-sensitive-token-manager.js.map +1 -0
package/dist/core/recurrence.d.ts +24 -0
package/dist/core/recurrence.d.ts.map +1 -0
package/dist/core/recurrence.js +162 -0
package/dist/core/recurrence.js.map +1 -0
package/dist/core/reinstall.d.ts +107 -0
package/dist/core/reinstall.d.ts.map +1 -0
package/dist/core/reinstall.js +163 -0
package/dist/core/reinstall.js.map +1 -0
package/dist/core/release-assets.d.ts +106 -0
package/dist/core/release-assets.d.ts.map +1 -0
package/dist/core/release-assets.js +434 -0
package/dist/core/release-assets.js.map +1 -0
package/dist/core/repository-management-docs.d.ts +216 -0
package/dist/core/repository-management-docs.d.ts.map +1 -0
package/dist/core/repository-management-docs.js +855 -0
package/dist/core/repository-management-docs.js.map +1 -0
package/dist/core/retention.d.ts +164 -0
package/dist/core/retention.d.ts.map +1 -0
package/dist/core/retention.js +1008 -0
package/dist/core/retention.js.map +1 -0
package/dist/core/review-context.d.ts +48 -0
package/dist/core/review-context.d.ts.map +1 -0
package/dist/core/review-context.js +282 -0
package/dist/core/review-context.js.map +1 -0
package/dist/core/roadmap-horizon.d.ts +48 -0
package/dist/core/roadmap-horizon.d.ts.map +1 -0
package/dist/core/roadmap-horizon.js +213 -0
package/dist/core/roadmap-horizon.js.map +1 -0
package/dist/core/roadmap-ids.d.ts +57 -0
package/dist/core/roadmap-ids.d.ts.map +1 -0
package/dist/core/roadmap-ids.js +118 -0
package/dist/core/roadmap-ids.js.map +1 -0
package/dist/core/roadmap-merge.d.ts +7 -0
package/dist/core/roadmap-merge.d.ts.map +1 -0
package/dist/core/roadmap-merge.js +187 -0
package/dist/core/roadmap-merge.js.map +1 -0
package/dist/core/roadmap-refresh-triggers.d.ts +32 -0
package/dist/core/roadmap-refresh-triggers.d.ts.map +1 -0
package/dist/core/roadmap-refresh-triggers.js +51 -0
package/dist/core/roadmap-refresh-triggers.js.map +1 -0
package/dist/core/roadmap-truncate.d.ts +49 -0
package/dist/core/roadmap-truncate.d.ts.map +1 -0
package/dist/core/roadmap-truncate.js +152 -0
package/dist/core/roadmap-truncate.js.map +1 -0
package/dist/core/roadmap-validate.d.ts +31 -0
package/dist/core/roadmap-validate.d.ts.map +1 -0
package/dist/core/roadmap-validate.js +403 -0
package/dist/core/roadmap-validate.js.map +1 -0
package/dist/core/roadmap-write-lock.d.ts +53 -0
package/dist/core/roadmap-write-lock.d.ts.map +1 -0
package/dist/core/roadmap-write-lock.js +59 -0
package/dist/core/roadmap-write-lock.js.map +1 -0
package/dist/core/schedule-insert-helper.d.ts +46 -0
package/dist/core/schedule-insert-helper.d.ts.map +1 -0
package/dist/core/schedule-insert-helper.js +52 -0
package/dist/core/schedule-insert-helper.js.map +1 -0
package/dist/core/schedule-maintenance.d.ts +22 -0
package/dist/core/schedule-maintenance.d.ts.map +1 -0
package/dist/core/schedule-maintenance.js +57 -0
package/dist/core/schedule-maintenance.js.map +1 -0
package/dist/core/scheduler.d.ts +208 -0
package/dist/core/scheduler.d.ts.map +1 -0
package/dist/core/scheduler.js +896 -0
package/dist/core/scheduler.js.map +1 -0
package/dist/core/semaphore.d.ts +13 -0
package/dist/core/semaphore.d.ts.map +1 -0
package/dist/core/semaphore.js +31 -0
package/dist/core/semaphore.js.map +1 -0
package/dist/core/session-gate.d.ts +37 -0
package/dist/core/session-gate.d.ts.map +1 -0
package/dist/core/session-gate.js +69 -0
package/dist/core/session-gate.js.map +1 -0
package/dist/core/session-manager.d.ts +252 -0
package/dist/core/session-manager.d.ts.map +1 -0
package/dist/core/session-manager.js +716 -0
package/dist/core/session-manager.js.map +1 -0
package/dist/core/signal-detector.d.ts +97 -0
package/dist/core/signal-detector.d.ts.map +1 -0
package/dist/core/signal-detector.js +215 -0
package/dist/core/signal-detector.js.map +1 -0
package/dist/core/skeleton.d.ts +83 -0
package/dist/core/skeleton.d.ts.map +1 -0
package/dist/core/skeleton.js +255 -0
package/dist/core/skeleton.js.map +1 -0
package/dist/core/skill-curation/apply-proposal.d.ts +71 -0
package/dist/core/skill-curation/apply-proposal.d.ts.map +1 -0
package/dist/core/skill-curation/apply-proposal.js +175 -0
package/dist/core/skill-curation/apply-proposal.js.map +1 -0
package/dist/core/skill-curation/auto-revert.d.ts +43 -0
package/dist/core/skill-curation/auto-revert.d.ts.map +1 -0
package/dist/core/skill-curation/auto-revert.js +155 -0
package/dist/core/skill-curation/auto-revert.js.map +1 -0
package/dist/core/skill-curation/classify-diff.d.ts +27 -0
package/dist/core/skill-curation/classify-diff.d.ts.map +1 -0
package/dist/core/skill-curation/classify-diff.js +0 -0
package/dist/core/skill-curation/classify-diff.js.map +1 -0
package/dist/core/skill-curation/declarations.d.ts +32 -0
package/dist/core/skill-curation/declarations.d.ts.map +1 -0
package/dist/core/skill-curation/declarations.js +171 -0
package/dist/core/skill-curation/declarations.js.map +1 -0
package/dist/core/skill-curation/knowledge-map.d.ts +26 -0
package/dist/core/skill-curation/knowledge-map.d.ts.map +1 -0
package/dist/core/skill-curation/knowledge-map.js +154 -0
package/dist/core/skill-curation/knowledge-map.js.map +1 -0
package/dist/core/skill-curation/orphan-overlay.d.ts +35 -0
package/dist/core/skill-curation/orphan-overlay.d.ts.map +1 -0
package/dist/core/skill-curation/orphan-overlay.js +167 -0
package/dist/core/skill-curation/orphan-overlay.js.map +1 -0
package/dist/core/skill-curation/overlay-store.d.ts +41 -0
package/dist/core/skill-curation/overlay-store.d.ts.map +1 -0
package/dist/core/skill-curation/overlay-store.js +143 -0
package/dist/core/skill-curation/overlay-store.js.map +1 -0
package/dist/core/skill-curation/render/convention-notes.d.ts +4 -0
package/dist/core/skill-curation/render/convention-notes.d.ts.map +1 -0
package/dist/core/skill-curation/render/convention-notes.js +13 -0
package/dist/core/skill-curation/render/convention-notes.js.map +1 -0
package/dist/core/skill-curation/render/cross-references.d.ts +4 -0
package/dist/core/skill-curation/render/cross-references.d.ts.map +1 -0
package/dist/core/skill-curation/render/cross-references.js +10 -0
package/dist/core/skill-curation/render/cross-references.js.map +1 -0
package/dist/core/skill-curation/render/frontmatter-schema.d.ts +4 -0
package/dist/core/skill-curation/render/frontmatter-schema.d.ts.map +1 -0
package/dist/core/skill-curation/render/frontmatter-schema.js +25 -0
package/dist/core/skill-curation/render/frontmatter-schema.js.map +1 -0
package/dist/core/skill-curation/render/index.d.ts +5 -0
package/dist/core/skill-curation/render/index.d.ts.map +1 -0
package/dist/core/skill-curation/render/index.js +42 -0
package/dist/core/skill-curation/render/index.js.map +1 -0
package/dist/core/skill-curation/render/knowledge-layout.d.ts +4 -0
package/dist/core/skill-curation/render/knowledge-layout.d.ts.map +1 -0
package/dist/core/skill-curation/render/knowledge-layout.js +36 -0
package/dist/core/skill-curation/render/knowledge-layout.js.map +1 -0
package/dist/core/skill-curation/render/routing-table.d.ts +4 -0
package/dist/core/skill-curation/render/routing-table.d.ts.map +1 -0
package/dist/core/skill-curation/render/routing-table.js +37 -0
package/dist/core/skill-curation/render/routing-table.js.map +1 -0
package/dist/core/skill-curation/render/search-recipes.d.ts +4 -0
package/dist/core/skill-curation/render/search-recipes.d.ts.map +1 -0
package/dist/core/skill-curation/render/search-recipes.js +39 -0
package/dist/core/skill-curation/render/search-recipes.js.map +1 -0
package/dist/core/skill-curation/run-token.d.ts +27 -0
package/dist/core/skill-curation/run-token.d.ts.map +1 -0
package/dist/core/skill-curation/run-token.js +81 -0
package/dist/core/skill-curation/run-token.js.map +1 -0
package/dist/core/skill-curation/signals.d.ts +49 -0
package/dist/core/skill-curation/signals.d.ts.map +1 -0
package/dist/core/skill-curation/signals.js +149 -0
package/dist/core/skill-curation/signals.js.map +1 -0
package/dist/core/skill-curation/smoke-test.d.ts +39 -0
package/dist/core/skill-curation/smoke-test.d.ts.map +1 -0
package/dist/core/skill-curation/smoke-test.js +313 -0
package/dist/core/skill-curation/smoke-test.js.map +1 -0
package/dist/core/skill-curation/splicer.d.ts +16 -0
package/dist/core/skill-curation/splicer.d.ts.map +1 -0
package/dist/core/skill-curation/splicer.js +78 -0
package/dist/core/skill-curation/splicer.js.map +1 -0
package/dist/core/skill-curation/workdir.d.ts +40 -0
package/dist/core/skill-curation/workdir.d.ts.map +1 -0
package/dist/core/skill-curation/workdir.js +242 -0
package/dist/core/skill-curation/workdir.js.map +1 -0
package/dist/core/skills-compiler.d.ts +391 -0
package/dist/core/skills-compiler.d.ts.map +1 -0
package/dist/core/skills-compiler.js +1271 -0
package/dist/core/skills-compiler.js.map +1 -0
package/dist/core/skills-manifest.d.ts +8 -0
package/dist/core/skills-manifest.d.ts.map +1 -0
package/dist/core/skills-manifest.js +408 -0
package/dist/core/skills-manifest.js.map +1 -0
package/dist/core/system-reset.d.ts +268 -0
package/dist/core/system-reset.d.ts.map +1 -0
package/dist/core/system-reset.js +816 -0
package/dist/core/system-reset.js.map +1 -0
package/dist/core/template-store.d.ts +170 -0
package/dist/core/template-store.d.ts.map +1 -0
package/dist/core/template-store.js +388 -0
package/dist/core/template-store.js.map +1 -0
package/dist/core/template-versions.d.ts +95 -0
package/dist/core/template-versions.d.ts.map +1 -0
package/dist/core/template-versions.js +175 -0
package/dist/core/template-versions.js.map +1 -0
package/dist/core/today-agent-plan.d.ts +33 -0
package/dist/core/today-agent-plan.d.ts.map +1 -0
package/dist/core/today-agent-plan.js +120 -0
package/dist/core/today-agent-plan.js.map +1 -0
package/dist/core/today-direct-writer.d.ts +62 -0
package/dist/core/today-direct-writer.d.ts.map +1 -0
package/dist/core/today-direct-writer.js +132 -0
package/dist/core/today-direct-writer.js.map +1 -0
package/dist/core/today-write-lock.d.ts +89 -0
package/dist/core/today-write-lock.d.ts.map +1 -0
package/dist/core/today-write-lock.js +154 -0
package/dist/core/today-write-lock.js.map +1 -0
package/dist/core/trigger-dispatch.d.ts +31 -0
package/dist/core/trigger-dispatch.d.ts.map +1 -0
package/dist/core/trigger-dispatch.js +100 -0
package/dist/core/trigger-dispatch.js.map +1 -0
package/dist/core/trigger-evaluator.d.ts +59 -0
package/dist/core/trigger-evaluator.d.ts.map +1 -0
package/dist/core/trigger-evaluator.js +243 -0
package/dist/core/trigger-evaluator.js.map +1 -0
package/dist/core/workdir.d.ts +241 -0
package/dist/core/workdir.d.ts.map +1 -0
package/dist/core/workdir.js +565 -0
package/dist/core/workdir.js.map +1 -0
package/dist/db/automation-triggers.d.ts +90 -0
package/dist/db/automation-triggers.d.ts.map +1 -0
package/dist/db/automation-triggers.js +199 -0
package/dist/db/automation-triggers.js.map +1 -0
package/dist/db/client.d.ts +6 -0
package/dist/db/client.d.ts.map +1 -0
package/dist/db/client.js +47 -0
package/dist/db/client.js.map +1 -0
package/dist/db/entities-store.d.ts +92 -0
package/dist/db/entities-store.d.ts.map +1 -0
package/dist/db/entities-store.js +180 -0
package/dist/db/entities-store.js.map +1 -0
package/dist/db/hourly-check-signals.d.ts +78 -0
package/dist/db/hourly-check-signals.d.ts.map +1 -0
package/dist/db/hourly-check-signals.js +289 -0
package/dist/db/hourly-check-signals.js.map +1 -0
package/dist/db/integration-probe-store.d.ts +27 -0
package/dist/db/integration-probe-store.d.ts.map +1 -0
package/dist/db/integration-probe-store.js +75 -0
package/dist/db/integration-probe-store.js.map +1 -0
package/dist/db/integrations-store.d.ts +19 -0
package/dist/db/integrations-store.d.ts.map +1 -0
package/dist/db/integrations-store.js +85 -0
package/dist/db/integrations-store.js.map +1 -0
package/dist/db/managed-tasks-store.d.ts +130 -0
package/dist/db/managed-tasks-store.d.ts.map +1 -0
package/dist/db/managed-tasks-store.js +238 -0
package/dist/db/managed-tasks-store.js.map +1 -0
package/dist/db/management-parse-failures-store.d.ts +45 -0
package/dist/db/management-parse-failures-store.d.ts.map +1 -0
package/dist/db/management-parse-failures-store.js +36 -0
package/dist/db/management-parse-failures-store.js.map +1 -0
package/dist/db/observations.d.ts +145 -0
package/dist/db/observations.d.ts.map +1 -0
package/dist/db/observations.js +287 -0
package/dist/db/observations.js.map +1 -0
package/dist/db/recurring-schedules.d.ts +70 -0
package/dist/db/recurring-schedules.d.ts.map +1 -0
package/dist/db/recurring-schedules.js +213 -0
package/dist/db/recurring-schedules.js.map +1 -0
package/dist/db/repositories-store.d.ts +296 -0
package/dist/db/repositories-store.d.ts.map +1 -0
package/dist/db/repositories-store.js +754 -0
package/dist/db/repositories-store.js.map +1 -0
package/dist/db/runtime-state.d.ts +61 -0
package/dist/db/runtime-state.d.ts.map +1 -0
package/dist/db/runtime-state.js +104 -0
package/dist/db/runtime-state.js.map +1 -0
package/dist/db/schema.d.ts +4 -0
package/dist/db/schema.d.ts.map +1 -0
package/dist/db/schema.js +1338 -0
package/dist/db/schema.js.map +1 -0
package/dist/db/sot-bindings-store.d.ts +41 -0
package/dist/db/sot-bindings-store.d.ts.map +1 -0
package/dist/db/sot-bindings-store.js +64 -0
package/dist/db/sot-bindings-store.js.map +1 -0
package/dist/db/test-schemas.d.ts +23 -0
package/dist/db/test-schemas.d.ts.map +1 -0
package/dist/db/test-schemas.js +111 -0
package/dist/db/test-schemas.js.map +1 -0
package/dist/db/voice-transcripts-store.d.ts +28 -0
package/dist/db/voice-transcripts-store.d.ts.map +1 -0
package/dist/db/voice-transcripts-store.js +43 -0
package/dist/db/voice-transcripts-store.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +2913 -0
package/dist/index.js.map +1 -0
package/dist/init.d.ts +7 -0
package/dist/init.d.ts.map +1 -0
package/dist/init.js +32 -0
package/dist/init.js.map +1 -0
package/dist/log-buffer.d.ts +71 -0
package/dist/log-buffer.d.ts.map +1 -0
package/dist/log-buffer.js +201 -0
package/dist/log-buffer.js.map +1 -0
package/dist/logging.d.ts +5 -0
package/dist/logging.d.ts.map +1 -0
package/dist/logging.js +130 -0
package/dist/logging.js.map +1 -0
package/dist/management-rules.d.ts +2 -0
package/dist/management-rules.d.ts.map +1 -0
package/dist/management-rules.js +62 -0
package/dist/management-rules.js.map +1 -0
package/dist/messaging/constants.d.ts +33 -0
package/dist/messaging/constants.d.ts.map +1 -0
package/dist/messaging/constants.js +52 -0
package/dist/messaging/constants.js.map +1 -0
package/dist/messaging/magic-phrase.d.ts +16 -0
package/dist/messaging/magic-phrase.d.ts.map +1 -0
package/dist/messaging/magic-phrase.js +103 -0
package/dist/messaging/magic-phrase.js.map +1 -0
package/dist/messaging/owner-channels.d.ts +20 -0
package/dist/messaging/owner-channels.d.ts.map +1 -0
package/dist/messaging/owner-channels.js +41 -0
package/dist/messaging/owner-channels.js.map +1 -0
package/dist/observers/calendar-poller.d.ts +51 -0
package/dist/observers/calendar-poller.d.ts.map +1 -0
package/dist/observers/calendar-poller.js +128 -0
package/dist/observers/calendar-poller.js.map +1 -0
package/dist/observers/context-index-reconciler-observer.d.ts +72 -0
package/dist/observers/context-index-reconciler-observer.d.ts.map +1 -0
package/dist/observers/context-index-reconciler-observer.js +253 -0
package/dist/observers/context-index-reconciler-observer.js.map +1 -0
package/dist/observers/delegated-probe-observer.d.ts +83 -0
package/dist/observers/delegated-probe-observer.d.ts.map +1 -0
package/dist/observers/delegated-probe-observer.js +237 -0
package/dist/observers/delegated-probe-observer.js.map +1 -0
package/dist/observers/delegated-sync-worker.d.ts +375 -0
package/dist/observers/delegated-sync-worker.d.ts.map +1 -0
package/dist/observers/delegated-sync-worker.js +1087 -0
package/dist/observers/delegated-sync-worker.js.map +1 -0
package/dist/observers/entity-mirror-observer.d.ts +55 -0
package/dist/observers/entity-mirror-observer.d.ts.map +1 -0
package/dist/observers/entity-mirror-observer.js +73 -0
package/dist/observers/entity-mirror-observer.js.map +1 -0
package/dist/observers/git-delegated-cron.d.ts +41 -0
package/dist/observers/git-delegated-cron.d.ts.map +1 -0
package/dist/observers/git-delegated-cron.js +159 -0
package/dist/observers/git-delegated-cron.js.map +1 -0
package/dist/observers/git-event-classifier.d.ts +52 -0
package/dist/observers/git-event-classifier.d.ts.map +1 -0
package/dist/observers/git-event-classifier.js +70 -0
package/dist/observers/git-event-classifier.js.map +1 -0
package/dist/observers/git-watcher.d.ts +162 -0
package/dist/observers/git-watcher.d.ts.map +1 -0
package/dist/observers/git-watcher.js +768 -0
package/dist/observers/git-watcher.js.map +1 -0
package/dist/observers/github-poller-classifier.d.ts +101 -0
package/dist/observers/github-poller-classifier.d.ts.map +1 -0
package/dist/observers/github-poller-classifier.js +199 -0
package/dist/observers/github-poller-classifier.js.map +1 -0
package/dist/observers/github-poller.d.ts +291 -0
package/dist/observers/github-poller.d.ts.map +1 -0
package/dist/observers/github-poller.js +609 -0
package/dist/observers/github-poller.js.map +1 -0
package/dist/observers/imminent-event-scheduler.d.ts +34 -0
package/dist/observers/imminent-event-scheduler.d.ts.map +1 -0
package/dist/observers/imminent-event-scheduler.js +125 -0
package/dist/observers/imminent-event-scheduler.js.map +1 -0
package/dist/observers/mail-poller.d.ts +133 -0
package/dist/observers/mail-poller.d.ts.map +1 -0
package/dist/observers/mail-poller.js +563 -0
package/dist/observers/mail-poller.js.map +1 -0
package/dist/observers/mail-reconciliation.d.ts +87 -0
package/dist/observers/mail-reconciliation.d.ts.map +1 -0
package/dist/observers/mail-reconciliation.js +241 -0
package/dist/observers/mail-reconciliation.js.map +1 -0
package/dist/observers/manager.d.ts +67 -0
package/dist/observers/manager.d.ts.map +1 -0
package/dist/observers/manager.js +136 -0
package/dist/observers/manager.js.map +1 -0
package/dist/observers/notion-poller.d.ts +43 -0
package/dist/observers/notion-poller.d.ts.map +1 -0
package/dist/observers/notion-poller.js +184 -0
package/dist/observers/notion-poller.js.map +1 -0
package/dist/observers/observation-summarizer/index.d.ts +13 -0
package/dist/observers/observation-summarizer/index.d.ts.map +1 -0
package/dist/observers/observation-summarizer/index.js +13 -0
package/dist/observers/observation-summarizer/index.js.map +1 -0
package/dist/observers/observation-summarizer/pre-filter.d.ts +62 -0
package/dist/observers/observation-summarizer/pre-filter.d.ts.map +1 -0
package/dist/observers/observation-summarizer/pre-filter.js +189 -0
package/dist/observers/observation-summarizer/pre-filter.js.map +1 -0
package/dist/observers/observation-summarizer/response-parser.d.ts +30 -0
package/dist/observers/observation-summarizer/response-parser.d.ts.map +1 -0
package/dist/observers/observation-summarizer/response-parser.js +106 -0
package/dist/observers/observation-summarizer/response-parser.js.map +1 -0
package/dist/observers/observation-summarizer/summarizer-client.d.ts +83 -0
package/dist/observers/observation-summarizer/summarizer-client.d.ts.map +1 -0
package/dist/observers/observation-summarizer/summarizer-client.js +185 -0
package/dist/observers/observation-summarizer/summarizer-client.js.map +1 -0
package/dist/observers/observation-summarizer/summarizer-prompts.d.ts +51 -0
package/dist/observers/observation-summarizer/summarizer-prompts.d.ts.map +1 -0
package/dist/observers/observation-summarizer/summarizer-prompts.js +286 -0
package/dist/observers/observation-summarizer/summarizer-prompts.js.map +1 -0
package/dist/observers/observation-summarizer/worker.d.ts +106 -0
package/dist/observers/observation-summarizer/worker.d.ts.map +1 -0
package/dist/observers/observation-summarizer/worker.js +311 -0
package/dist/observers/observation-summarizer/worker.js.map +1 -0
package/dist/observers/obsidian-watcher.d.ts +90 -0
package/dist/observers/obsidian-watcher.d.ts.map +1 -0
package/dist/observers/obsidian-watcher.js +166 -0
package/dist/observers/obsidian-watcher.js.map +1 -0
package/dist/observers/primary-vault-watcher.d.ts +73 -0
package/dist/observers/primary-vault-watcher.d.ts.map +1 -0
package/dist/observers/primary-vault-watcher.js +115 -0
package/dist/observers/primary-vault-watcher.js.map +1 -0
package/dist/observers/repository-management-cron.d.ts +70 -0
package/dist/observers/repository-management-cron.d.ts.map +1 -0
package/dist/observers/repository-management-cron.js +166 -0
package/dist/observers/repository-management-cron.js.map +1 -0
package/dist/observers/skill-curation-walker.d.ts +33 -0
package/dist/observers/skill-curation-walker.d.ts.map +1 -0
package/dist/observers/skill-curation-walker.js +216 -0
package/dist/observers/skill-curation-walker.js.map +1 -0
package/dist/safety/absolute-block-audit.d.ts +22 -0
package/dist/safety/absolute-block-audit.d.ts.map +1 -0
package/dist/safety/absolute-block-audit.js +32 -0
package/dist/safety/absolute-block-audit.js.map +1 -0
package/dist/safety/agent-write-tracker.d.ts +42 -0
package/dist/safety/agent-write-tracker.d.ts.map +1 -0
package/dist/safety/agent-write-tracker.js +82 -0
package/dist/safety/agent-write-tracker.js.map +1 -0
package/dist/safety/always-disallowed.d.ts +66 -0
package/dist/safety/always-disallowed.d.ts.map +1 -0
package/dist/safety/always-disallowed.js +347 -0
package/dist/safety/always-disallowed.js.map +1 -0
package/dist/safety/audit.d.ts +118 -0
package/dist/safety/audit.d.ts.map +1 -0
package/dist/safety/audit.js +324 -0
package/dist/safety/audit.js.map +1 -0
package/dist/safety/integration-write-tracker.d.ts +58 -0
package/dist/safety/integration-write-tracker.d.ts.map +1 -0
package/dist/safety/integration-write-tracker.js +41 -0
package/dist/safety/integration-write-tracker.js.map +1 -0
package/dist/safety/risk-classifier.d.ts +65 -0
package/dist/safety/risk-classifier.d.ts.map +1 -0
package/dist/safety/risk-classifier.js +763 -0
package/dist/safety/risk-classifier.js.map +1 -0
package/dist/scheduler/hourly-check-gate.d.ts +73 -0
package/dist/scheduler/hourly-check-gate.d.ts.map +1 -0
package/dist/scheduler/hourly-check-gate.js +128 -0
package/dist/scheduler/hourly-check-gate.js.map +1 -0
package/dist/secrets/backend-api-key-env.d.ts +104 -0
package/dist/secrets/backend-api-key-env.d.ts.map +1 -0
package/dist/secrets/backend-api-key-env.js +197 -0
package/dist/secrets/backend-api-key-env.js.map +1 -0
package/dist/secrets/codex-home-materializer.d.ts +35 -0
package/dist/secrets/codex-home-materializer.d.ts.map +1 -0
package/dist/secrets/codex-home-materializer.js +76 -0
package/dist/secrets/codex-home-materializer.js.map +1 -0
package/dist/secrets/encrypted-blob-store.d.ts +20 -0
package/dist/secrets/encrypted-blob-store.d.ts.map +1 -0
package/dist/secrets/encrypted-blob-store.js +80 -0
package/dist/secrets/encrypted-blob-store.js.map +1 -0
package/dist/secrets/platform-secret-store.d.ts +17 -0
package/dist/secrets/platform-secret-store.d.ts.map +1 -0
package/dist/secrets/platform-secret-store.js +37 -0
package/dist/secrets/platform-secret-store.js.map +1 -0
package/dist/secrets/redaction.d.ts +2 -0
package/dist/secrets/redaction.d.ts.map +1 -0
package/dist/secrets/redaction.js +2 -0
package/dist/secrets/redaction.js.map +1 -0
package/dist/secrets/secret-broker.d.ts +61 -0
package/dist/secrets/secret-broker.d.ts.map +1 -0
package/dist/secrets/secret-broker.js +160 -0
package/dist/secrets/secret-broker.js.map +1 -0
package/dist/secrets/secret-names.d.ts +34 -0
package/dist/secrets/secret-names.d.ts.map +1 -0
package/dist/secrets/secret-names.js +39 -0
package/dist/secrets/secret-names.js.map +1 -0
package/dist/secrets/secret-store.d.ts +8 -0
package/dist/secrets/secret-store.d.ts.map +1 -0
package/dist/secrets/secret-store.js +2 -0
package/dist/secrets/secret-store.js.map +1 -0
package/dist/secrets/types.d.ts +7 -0
package/dist/secrets/types.d.ts.map +1 -0
package/dist/secrets/types.js +2 -0
package/dist/secrets/types.js.map +1 -0
package/dist/services/apple-calendar/caldav-client.d.ts +48 -0
package/dist/services/apple-calendar/caldav-client.d.ts.map +1 -0
package/dist/services/apple-calendar/caldav-client.js +86 -0
package/dist/services/apple-calendar/caldav-client.js.map +1 -0
package/dist/services/apple-calendar/caldav-codec.d.ts +67 -0
package/dist/services/apple-calendar/caldav-codec.d.ts.map +1 -0
package/dist/services/apple-calendar/caldav-codec.js +341 -0
package/dist/services/apple-calendar/caldav-codec.js.map +1 -0
package/dist/services/apple-calendar/index.d.ts +3 -0
package/dist/services/apple-calendar/index.d.ts.map +1 -0
package/dist/services/apple-calendar/index.js +2 -0
package/dist/services/apple-calendar/index.js.map +1 -0
package/dist/services/apple-calendar/service.d.ts +75 -0
package/dist/services/apple-calendar/service.d.ts.map +1 -0
package/dist/services/apple-calendar/service.js +374 -0
package/dist/services/apple-calendar/service.js.map +1 -0
package/dist/services/apple-calendar/types.d.ts +78 -0
package/dist/services/apple-calendar/types.d.ts.map +1 -0
package/dist/services/apple-calendar/types.js +17 -0
package/dist/services/apple-calendar/types.js.map +1 -0
package/dist/services/attachments/hardlink.d.ts +11 -0
package/dist/services/attachments/hardlink.d.ts.map +1 -0
package/dist/services/attachments/hardlink.js +56 -0
package/dist/services/attachments/hardlink.js.map +1 -0
package/dist/services/attachments/sanitize.d.ts +21 -0
package/dist/services/attachments/sanitize.d.ts.map +1 -0
package/dist/services/attachments/sanitize.js +128 -0
package/dist/services/attachments/sanitize.js.map +1 -0
package/dist/services/attachments/store.d.ts +146 -0
package/dist/services/attachments/store.d.ts.map +1 -0
package/dist/services/attachments/store.js +477 -0
package/dist/services/attachments/store.js.map +1 -0
package/dist/services/calendar/outlook/graph-calendar-client.d.ts +114 -0
package/dist/services/calendar/outlook/graph-calendar-client.d.ts.map +1 -0
package/dist/services/calendar/outlook/graph-calendar-client.js +146 -0
package/dist/services/calendar/outlook/graph-calendar-client.js.map +1 -0
package/dist/services/calendar.d.ts +115 -0
package/dist/services/calendar.d.ts.map +1 -0
package/dist/services/calendar.js +281 -0
package/dist/services/calendar.js.map +1 -0
package/dist/services/delegated-backend-invoker.d.ts +414 -0
package/dist/services/delegated-backend-invoker.d.ts.map +1 -0
package/dist/services/delegated-backend-invoker.js +2372 -0
package/dist/services/delegated-backend-invoker.js.map +1 -0
package/dist/services/delegated-proxy-config.d.ts +93 -0
package/dist/services/delegated-proxy-config.d.ts.map +1 -0
package/dist/services/delegated-proxy-config.js +98 -0
package/dist/services/delegated-proxy-config.js.map +1 -0
package/dist/services/delegated-task-result-cache.d.ts +176 -0
package/dist/services/delegated-task-result-cache.d.ts.map +1 -0
package/dist/services/delegated-task-result-cache.js +0 -0
package/dist/services/delegated-task-result-cache.js.map +1 -0
package/dist/services/delegated-task-runtime.d.ts +346 -0
package/dist/services/delegated-task-runtime.d.ts.map +1 -0
package/dist/services/delegated-task-runtime.js +589 -0
package/dist/services/delegated-task-runtime.js.map +1 -0
package/dist/services/delegated-task-session-pool.d.ts +182 -0
package/dist/services/delegated-task-session-pool.d.ts.map +1 -0
package/dist/services/delegated-task-session-pool.js +292 -0
package/dist/services/delegated-task-session-pool.js.map +1 -0
package/dist/services/delegated-tool-runtime.d.ts +50 -0
package/dist/services/delegated-tool-runtime.d.ts.map +1 -0
package/dist/services/delegated-tool-runtime.js +120 -0
package/dist/services/delegated-tool-runtime.js.map +1 -0
package/dist/services/fts5.d.ts +40 -0
package/dist/services/fts5.d.ts.map +1 -0
package/dist/services/fts5.js +54 -0
package/dist/services/fts5.js.map +1 -0
package/dist/services/git-account-registry.d.ts +164 -0
package/dist/services/git-account-registry.d.ts.map +1 -0
package/dist/services/git-account-registry.js +297 -0
package/dist/services/git-account-registry.js.map +1 -0
package/dist/services/github.d.ts +49 -0
package/dist/services/github.d.ts.map +1 -0
package/dist/services/github.js +123 -0
package/dist/services/github.js.map +1 -0
package/dist/services/gmail-classifier.d.ts +62 -0
package/dist/services/gmail-classifier.d.ts.map +1 -0
package/dist/services/gmail-classifier.js +221 -0
package/dist/services/gmail-classifier.js.map +1 -0
package/dist/services/gmail.d.ts +192 -0
package/dist/services/gmail.d.ts.map +1 -0
package/dist/services/gmail.js +678 -0
package/dist/services/gmail.js.map +1 -0
package/dist/services/google-auth.d.ts +16 -0
package/dist/services/google-auth.d.ts.map +1 -0
package/dist/services/google-auth.js +37 -0
package/dist/services/google-auth.js.map +1 -0
package/dist/services/google-maps.d.ts +35 -0
package/dist/services/google-maps.d.ts.map +1 -0
package/dist/services/google-maps.js +82 -0
package/dist/services/google-maps.js.map +1 -0
package/dist/services/integrations/extract-write-item-id.d.ts +64 -0
package/dist/services/integrations/extract-write-item-id.d.ts.map +1 -0
package/dist/services/integrations/extract-write-item-id.js +188 -0
package/dist/services/integrations/extract-write-item-id.js.map +1 -0
package/dist/services/integrations/reconcile.d.ts +136 -0
package/dist/services/integrations/reconcile.d.ts.map +1 -0
package/dist/services/integrations/reconcile.js +218 -0
package/dist/services/integrations/reconcile.js.map +1 -0
package/dist/services/integrations/snapshot-partitions.d.ts +40 -0
package/dist/services/integrations/snapshot-partitions.d.ts.map +1 -0
package/dist/services/integrations/snapshot-partitions.js +113 -0
package/dist/services/integrations/snapshot-partitions.js.map +1 -0
package/dist/services/journal/render.d.ts +15 -0
package/dist/services/journal/render.d.ts.map +1 -0
package/dist/services/journal/render.js +17 -0
package/dist/services/journal/render.js.map +1 -0
package/dist/services/journal/writer.d.ts +26 -0
package/dist/services/journal/writer.d.ts.map +1 -0
package/dist/services/journal/writer.js +50 -0
package/dist/services/journal/writer.js.map +1 -0
package/dist/services/mail/account-registry.d.ts +208 -0
package/dist/services/mail/account-registry.d.ts.map +1 -0
package/dist/services/mail/account-registry.js +554 -0
package/dist/services/mail/account-registry.js.map +1 -0
package/dist/services/mail/gmail/auth-failure-classifier.d.ts +24 -0
package/dist/services/mail/gmail/auth-failure-classifier.d.ts.map +1 -0
package/dist/services/mail/gmail/auth-failure-classifier.js +67 -0
package/dist/services/mail/gmail/auth-failure-classifier.js.map +1 -0
package/dist/services/mail/gmail/gmail-provider.d.ts +58 -0
package/dist/services/mail/gmail/gmail-provider.d.ts.map +1 -0
package/dist/services/mail/gmail/gmail-provider.js +434 -0
package/dist/services/mail/gmail/gmail-provider.js.map +1 -0
package/dist/services/mail/gmail/legacy-row.d.ts +24 -0
package/dist/services/mail/gmail/legacy-row.d.ts.map +1 -0
package/dist/services/mail/gmail/legacy-row.js +71 -0
package/dist/services/mail/gmail/legacy-row.js.map +1 -0
package/dist/services/mail/gmail/poll-cursor.d.ts +12 -0
package/dist/services/mail/gmail/poll-cursor.d.ts.map +1 -0
package/dist/services/mail/gmail/poll-cursor.js +32 -0
package/dist/services/mail/gmail/poll-cursor.js.map +1 -0
package/dist/services/mail/html-to-plaintext.d.ts +27 -0
package/dist/services/mail/html-to-plaintext.d.ts.map +1 -0
package/dist/services/mail/html-to-plaintext.js +163 -0
package/dist/services/mail/html-to-plaintext.js.map +1 -0
package/dist/services/mail/imap/app-password.d.ts +27 -0
package/dist/services/mail/imap/app-password.d.ts.map +1 -0
package/dist/services/mail/imap/app-password.js +86 -0
package/dist/services/mail/imap/app-password.js.map +1 -0
package/dist/services/mail/imap/auth-failure-classifier.d.ts +21 -0
package/dist/services/mail/imap/auth-failure-classifier.d.ts.map +1 -0
package/dist/services/mail/imap/auth-failure-classifier.js +54 -0
package/dist/services/mail/imap/auth-failure-classifier.js.map +1 -0
package/dist/services/mail/imap/capabilities.d.ts +30 -0
package/dist/services/mail/imap/capabilities.d.ts.map +1 -0
package/dist/services/mail/imap/capabilities.js +70 -0
package/dist/services/mail/imap/capabilities.js.map +1 -0
package/dist/services/mail/imap/client.d.ts +15 -0
package/dist/services/mail/imap/client.d.ts.map +1 -0
package/dist/services/mail/imap/client.js +60 -0
package/dist/services/mail/imap/client.js.map +1 -0
package/dist/services/mail/imap/cursor.d.ts +19 -0
package/dist/services/mail/imap/cursor.d.ts.map +1 -0
package/dist/services/mail/imap/cursor.js +47 -0
package/dist/services/mail/imap/cursor.js.map +1 -0
package/dist/services/mail/imap/folder-resolver.d.ts +24 -0
package/dist/services/mail/imap/folder-resolver.d.ts.map +1 -0
package/dist/services/mail/imap/folder-resolver.js +58 -0
package/dist/services/mail/imap/folder-resolver.js.map +1 -0
package/dist/services/mail/imap/icloud-provider.d.ts +5 -0
package/dist/services/mail/imap/icloud-provider.d.ts.map +1 -0
package/dist/services/mail/imap/icloud-provider.js +5 -0
package/dist/services/mail/imap/icloud-provider.js.map +1 -0
package/dist/services/mail/imap/imap-provider-base.d.ts +173 -0
package/dist/services/mail/imap/imap-provider-base.d.ts.map +1 -0
package/dist/services/mail/imap/imap-provider-base.js +1004 -0
package/dist/services/mail/imap/imap-provider-base.js.map +1 -0
package/dist/services/mail/imap/query-translator.d.ts +13 -0
package/dist/services/mail/imap/query-translator.d.ts.map +1 -0
package/dist/services/mail/imap/query-translator.js +114 -0
package/dist/services/mail/imap/query-translator.js.map +1 -0
package/dist/services/mail/imap/reconcile-planner.d.ts +56 -0
package/dist/services/mail/imap/reconcile-planner.d.ts.map +1 -0
package/dist/services/mail/imap/reconcile-planner.js +52 -0
package/dist/services/mail/imap/reconcile-planner.js.map +1 -0
package/dist/services/mail/imap/reply-mime.d.ts +24 -0
package/dist/services/mail/imap/reply-mime.d.ts.map +1 -0
package/dist/services/mail/imap/reply-mime.js +77 -0
package/dist/services/mail/imap/reply-mime.js.map +1 -0
package/dist/services/mail/imap/yahoo-provider.d.ts +5 -0
package/dist/services/mail/imap/yahoo-provider.d.ts.map +1 -0
package/dist/services/mail/imap/yahoo-provider.js +5 -0
package/dist/services/mail/imap/yahoo-provider.js.map +1 -0
package/dist/services/mail/mail-search.d.ts +35 -0
package/dist/services/mail/mail-search.d.ts.map +1 -0
package/dist/services/mail/mail-search.js +59 -0
package/dist/services/mail/mail-search.js.map +1 -0
package/dist/services/mail/outlook/auth-failure-classifier.d.ts +38 -0
package/dist/services/mail/outlook/auth-failure-classifier.d.ts.map +1 -0
package/dist/services/mail/outlook/auth-failure-classifier.js +91 -0
package/dist/services/mail/outlook/auth-failure-classifier.js.map +1 -0
package/dist/services/mail/outlook/client-config.d.ts +34 -0
package/dist/services/mail/outlook/client-config.d.ts.map +1 -0
package/dist/services/mail/outlook/client-config.js +58 -0
package/dist/services/mail/outlook/client-config.js.map +1 -0
package/dist/services/mail/outlook/delta-cursor.d.ts +66 -0
package/dist/services/mail/outlook/delta-cursor.d.ts.map +1 -0
package/dist/services/mail/outlook/delta-cursor.js +85 -0
package/dist/services/mail/outlook/delta-cursor.js.map +1 -0
package/dist/services/mail/outlook/graph-client.d.ts +98 -0
package/dist/services/mail/outlook/graph-client.d.ts.map +1 -0
package/dist/services/mail/outlook/graph-client.js +198 -0
package/dist/services/mail/outlook/graph-client.js.map +1 -0
package/dist/services/mail/outlook/msal-app-factory.d.ts +20 -0
package/dist/services/mail/outlook/msal-app-factory.d.ts.map +1 -0
package/dist/services/mail/outlook/msal-app-factory.js +62 -0
package/dist/services/mail/outlook/msal-app-factory.js.map +1 -0
package/dist/services/mail/outlook/msal-cache-plugin.d.ts +19 -0
package/dist/services/mail/outlook/msal-cache-plugin.d.ts.map +1 -0
package/dist/services/mail/outlook/msal-cache-plugin.js +30 -0
package/dist/services/mail/outlook/msal-cache-plugin.js.map +1 -0
package/dist/services/mail/outlook/oauth-device-code.d.ts +26 -0
package/dist/services/mail/outlook/oauth-device-code.d.ts.map +1 -0
package/dist/services/mail/outlook/oauth-device-code.js +32 -0
package/dist/services/mail/outlook/oauth-device-code.js.map +1 -0
package/dist/services/mail/outlook/oauth-loopback.d.ts +41 -0
package/dist/services/mail/outlook/oauth-loopback.d.ts.map +1 -0
package/dist/services/mail/outlook/oauth-loopback.js +223 -0
package/dist/services/mail/outlook/oauth-loopback.js.map +1 -0
package/dist/services/mail/outlook/outlook-provider.d.ts +100 -0
package/dist/services/mail/outlook/outlook-provider.d.ts.map +1 -0
package/dist/services/mail/outlook/outlook-provider.js +619 -0
package/dist/services/mail/outlook/outlook-provider.js.map +1 -0
package/dist/services/mail/outlook/query-translator.d.ts +10 -0
package/dist/services/mail/outlook/query-translator.d.ts.map +1 -0
package/dist/services/mail/outlook/query-translator.js +103 -0
package/dist/services/mail/outlook/query-translator.js.map +1 -0
package/dist/services/mail/provider.d.ts +267 -0
package/dist/services/mail/provider.d.ts.map +1 -0
package/dist/services/mail/provider.js +34 -0
package/dist/services/mail/provider.js.map +1 -0
package/dist/services/mail/query-utils.d.ts +13 -0
package/dist/services/mail/query-utils.d.ts.map +1 -0
package/dist/services/mail/query-utils.js +18 -0
package/dist/services/mail/query-utils.js.map +1 -0
package/dist/services/mail-classifier.d.ts +25 -0
package/dist/services/mail-classifier.d.ts.map +1 -0
package/dist/services/mail-classifier.js +52 -0
package/dist/services/mail-classifier.js.map +1 -0
package/dist/services/mail-ingestion.d.ts +139 -0
package/dist/services/mail-ingestion.d.ts.map +1 -0
package/dist/services/mail-ingestion.js +223 -0
package/dist/services/mail-ingestion.js.map +1 -0
package/dist/services/mcp/auto-probe.d.ts +76 -0
package/dist/services/mcp/auto-probe.d.ts.map +1 -0
package/dist/services/mcp/auto-probe.js +147 -0
package/dist/services/mcp/auto-probe.js.map +1 -0
package/dist/services/mcp/generators/claude.d.ts +18 -0
package/dist/services/mcp/generators/claude.d.ts.map +1 -0
package/dist/services/mcp/generators/claude.js +90 -0
package/dist/services/mcp/generators/claude.js.map +1 -0
package/dist/services/mcp/generators/codex.d.ts +22 -0
package/dist/services/mcp/generators/codex.d.ts.map +1 -0
package/dist/services/mcp/generators/codex.js +102 -0
package/dist/services/mcp/generators/codex.js.map +1 -0
package/dist/services/mcp/generators/gemini.d.ts +20 -0
package/dist/services/mcp/generators/gemini.d.ts.map +1 -0
package/dist/services/mcp/generators/gemini.js +97 -0
package/dist/services/mcp/generators/gemini.js.map +1 -0
package/dist/services/mcp/generators/index.d.ts +20 -0
package/dist/services/mcp/generators/index.d.ts.map +1 -0
package/dist/services/mcp/generators/index.js +29 -0
package/dist/services/mcp/generators/index.js.map +1 -0
package/dist/services/mcp/generators/types.d.ts +47 -0
package/dist/services/mcp/generators/types.d.ts.map +1 -0
package/dist/services/mcp/generators/types.js +40 -0
package/dist/services/mcp/generators/types.js.map +1 -0
package/dist/services/mcp/probe.d.ts +31 -0
package/dist/services/mcp/probe.d.ts.map +1 -0
package/dist/services/mcp/probe.js +437 -0
package/dist/services/mcp/probe.js.map +1 -0
package/dist/services/mcp/registry.d.ts +84 -0
package/dist/services/mcp/registry.d.ts.map +1 -0
package/dist/services/mcp/registry.js +387 -0
package/dist/services/mcp/registry.js.map +1 -0
package/dist/services/mcp/risk.d.ts +82 -0
package/dist/services/mcp/risk.d.ts.map +1 -0
package/dist/services/mcp/risk.js +126 -0
package/dist/services/mcp/risk.js.map +1 -0
package/dist/services/mcp/session-materializer.d.ts +123 -0
package/dist/services/mcp/session-materializer.d.ts.map +1 -0
package/dist/services/mcp/session-materializer.js +361 -0
package/dist/services/mcp/session-materializer.js.map +1 -0
package/dist/services/mcp/tool-audit.d.ts +53 -0
package/dist/services/mcp/tool-audit.d.ts.map +1 -0
package/dist/services/mcp/tool-audit.js +74 -0
package/dist/services/mcp/tool-audit.js.map +1 -0
package/dist/services/mcp/types.d.ts +88 -0
package/dist/services/mcp/types.d.ts.map +1 -0
package/dist/services/mcp/types.js +94 -0
package/dist/services/mcp/types.js.map +1 -0
package/dist/services/notion.d.ts +134 -0
package/dist/services/notion.d.ts.map +1 -0
package/dist/services/notion.js +350 -0
package/dist/services/notion.js.map +1 -0
package/dist/services/obsidian.d.ts +116 -0
package/dist/services/obsidian.d.ts.map +1 -0
package/dist/services/obsidian.js +305 -0
package/dist/services/obsidian.js.map +1 -0
package/dist/services/service-registry.d.ts +31 -0
package/dist/services/service-registry.d.ts.map +1 -0
package/dist/services/service-registry.js +15 -0
package/dist/services/service-registry.js.map +1 -0
package/dist/services/voice/transcriber-impl.d.ts +15 -0
package/dist/services/voice/transcriber-impl.d.ts.map +1 -0
package/dist/services/voice/transcriber-impl.js +129 -0
package/dist/services/voice/transcriber-impl.js.map +1 -0
package/dist/services/voice/transcriber.d.ts +117 -0
package/dist/services/voice/transcriber.d.ts.map +1 -0
package/dist/services/voice/transcriber.js +201 -0
package/dist/services/voice/transcriber.js.map +1 -0
package/dist/settings/runtime-settings.d.ts +232 -0
package/dist/settings/runtime-settings.d.ts.map +1 -0
package/dist/settings/runtime-settings.js +769 -0
package/dist/settings/runtime-settings.js.map +1 -0
package/dist/settings/settings-store.d.ts +13 -0
package/dist/settings/settings-store.d.ts.map +1 -0
package/dist/settings/settings-store.js +87 -0
package/dist/settings/settings-store.js.map +1 -0
package/package.json +85 -0

package/dist/core/backends/gemini-cli-core.js ADDED Viewed

@@ -0,0 +1,2331 @@
+import { existsSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join, resolve as resolvePath } from "node:path";
+import { APP_NAME, collectSessionDeniedTools, getAgentDayDateStr, INTEGRATION_DESCRIPTORS, INTEGRATION_KEYS, isAutonomousProcessKey, isPlausibleGeminiApiKey, matchRunAllowedToolPattern, } from "@aitne/shared";
+import { readIntegrations } from "../../db/integrations-store.js";
+import { getContextDir } from "../../config.js";
+import { cleanupSessionWorkdir, createSessionWorkdir } from "../workdir.js";
+import { BackendDecisiveFailure, BackendQuotaError, DelegatedProxyTimeoutError, classifyAbortReason, } from "../agent-core.js";
+import { IdleWatchdog } from "./idle-watchdog.js";
+import { buildDelegatedToolPrompt, emptyCost, tryParseToolResult, withDurationMs, } from "../../services/delegated-tool-runtime.js";
+import { DELEGATED_PROXY_DEFAULTS } from "../../services/delegated-proxy-config.js";
+import { materializeMcpForSession } from "../../services/mcp/session-materializer.js";
+import { parseMcpToolName } from "../../services/mcp/risk.js";
+import { logMcpToolCall } from "../../services/mcp/tool-audit.js";
+import { buildDaemonApiCliEnv } from "../daemon-api-cli.js";
+import { ALWAYS_DISALLOWED_TOOLS } from "../../safety/always-disallowed.js";
+import { CliPathCache, parseJsonLine, runLineCommand, } from "./cli-utils.js";
+import { isPathInsideOrEqual, jsonStringPathForms, shellPathForms, } from "../path-compat.js";
+import { probeApiKeyServerSide } from "./api-key-probe.js";
+import { extractSilentApiErrors, logSilentApiErrors, } from "./silent-api-error-detector.js";
+import { estimateTextInputTokens, findRegisteredModel, getModelsForBackend, latestLiteFor, } from "./model-registry.js";
+import { PriceFetcher } from "./price-fetcher.js";
+import { buildExecutionPrompt, buildSummaryPrompt } from "./prompt-utils.js";
+import { createLogger } from "../../logging.js";
+import { readRuntimeState, writeRuntimeState } from "../../db/runtime-state.js";
+const logger = createLogger("gemini-cli-core");
+/**
+ * runtime_state key for the Gemini per-agent-day request counter.
+ * Gemini meters per-day model requests, and `maxTurns` alone cannot
+ * bound daily consumption — so this counter applies a conservative
+ * fixed ceiling that matches the free Gemini API tier (500 requests/
+ * day × 0.9 = 450 requests/day). Operators on higher-quota Gemini
+ * accounts can widen via the dashboard config.
+ */
+const GEMINI_REQUESTS_STATE_KEY = "gemini_requests_today";
+/**
+ * Conservative default. Replaces the legacy plan-driven ceilings — the
+ * daemon does not ask the operator which Gemini account tier they
+ * hold (Aitne is intended to run on `GEMINI_API_KEY` / `GOOGLE_API_KEY`,
+ * with the CLI's local auth as a fallback), so we cannot infer a
+ * tier-specific quota and assume the free-tier published cap. When an
+ * API key is configured, the upstream Google quota is the real bound
+ * and this counter just stops the daemon from blowing past 450/day in
+ * the worst case.
+ */
+const GEMINI_DAILY_REQUEST_CEILING = 450;
+/** Policy file name written into each session workdir. */
+const ADMIN_POLICY_FILENAME = ".pa-admin-policy.toml";
+const EMPTY_USAGE = {
+    inputTokens: 0,
+    outputTokens: 0,
+    cacheCreationInputTokens: 0,
+    cacheReadInputTokens: 0,
+};
+export class GeminiCliCore {
+    config;
+    writeTracker;
+    priceFetcher;
+    db;
+    backendId = "gemini";
+    // Lazily re-resolved with a 60 s TTL — see ClaudeCodeCore for rationale (§9.4).
+    cliPathCache;
+    /** Legacy shared read token injected into the Gemini subprocess env. */
+    readToken;
+    /** Scoped token manager preferred over the legacy shared read token. */
+    readTokenManager;
+    get cliPath() {
+        return this.cliPathCache.get();
+    }
+    constructor(config,
+    /**
+     * Shared AgentWriteTracker. When present, vault-scoped writes detected in
+     * Gemini's tool_use stream are pre-marked so the ObsidianWatcher attributes
+     * the chokidar event to `actor='agent'` instead of `'user'`.
+     */
+    writeTracker, priceFetcher = new PriceFetcher(config.dataDir),
+    /**
+     * DB handle for the per-agent-day Gemini request counter. Optional so
+     * unit tests that construct the core without a database get
+     * graceful degradation: no quota enforcement and no counter writes.
+     * Production always supplies this.
+     */
+    db = null) {
+        this.config = config;
+        this.writeTracker = writeTracker;
+        this.priceFetcher = priceFetcher;
+        this.db = db;
+        this.cliPathCache = new CliPathCache("gemini");
+    }
+    /** Set the per-daemon-boot read token for subprocess-local daemon API auth. */
+    setReadToken(token) {
+        this.readToken = token;
+    }
+    setReadTokenManager(manager) {
+        this.readTokenManager = manager;
+    }
+    mcpContext;
+    setMcpContext(context) {
+        this.mcpContext = context;
+    }
+    async materializeMcp(sessionDir, processKey) {
+        if (!this.mcpContext) {
+            return {
+                servers: [],
+                env: {},
+                configPath: null,
+                claudeMcpServers: null,
+                disallowedTools: [],
+            };
+        }
+        // Allow mode bypasses the approve-tier MCP strip (see claude-code-core
+        // for the rationale — "strong permission mode" enables every MCP tool,
+        // autonomous routines included).
+        const allowMode = this.config.geminiExecutionPermissionMode === "allow";
+        const autonomous = !allowMode && (processKey ? isAutonomousProcessKey(processKey) : false);
+        return materializeMcpForSession({
+            db: this.mcpContext.db,
+            blobStore: this.mcpContext.blobStore,
+            sessionDir,
+            backendId: this.backendId,
+            autonomous,
+            contextDir: getContextDir(this.config),
+        });
+    }
+    async execute(params, streamCallbacks) {
+        return await this.runTurn({
+            prompt: appendGeminiAttachmentTokens(buildExecutionPrompt(params.prompt, params.context, params.event, params.conversationHistory), params.stagedAttachments),
+            modelId: params.modelId,
+            eventType: params.event.type,
+            processKey: params.processKey,
+            sessionDir: params.sessionDir,
+            maxBudgetUsd: params.maxBudgetUsd,
+            webSearchEnabled: params.webSearchEnabled,
+            turnToken: params.turnToken,
+            sessionDbId: params.sessionDbId,
+            eventCorrelationId: params.event.correlationId,
+        }, streamCallbacks);
+    }
+    async executeResume(params, streamCallbacks) {
+        return await this.runTurn({
+            prompt: appendGeminiAttachmentTokens(params.message, params.stagedAttachments),
+            modelId: params.modelId,
+            eventType: "message.received",
+            sessionDir: params.sessionDir,
+            resumeSessionId: params.sessionId,
+            maxBudgetUsd: params.maxBudgetUsd,
+            webSearchEnabled: params.webSearchEnabled,
+            turnToken: params.turnToken,
+            sessionDbId: params.sessionDbId,
+            eventCorrelationId: params.eventCorrelationId,
+        }, streamCallbacks);
+    }
+    async summarize(conversationText) {
+        const result = await this.runTurn({
+            prompt: buildSummaryPrompt(conversationText),
+            modelId: this.pickSummaryModel(),
+            eventType: "message.received",
+        });
+        return result.output;
+    }
+    async checkAuth() {
+        if (!this.cliPath) {
+            return { ok: false, reason: "Gemini CLI is not installed or not on PATH." };
+        }
+        const rawApiKey = process.env.GEMINI_API_KEY?.trim() || process.env.GOOGLE_API_KEY?.trim();
+        if (rawApiKey) {
+            if (!isPlausibleGeminiApiKey(rawApiKey)) {
+                return {
+                    ok: false,
+                    reason: "GEMINI_API_KEY / GOOGLE_API_KEY is set but does not look like a Google API key (expected `AIza…`, 39 chars).",
+                };
+            }
+            return { ok: true, method: "api_key" };
+        }
+        if (process.env.GOOGLE_APPLICATION_CREDENTIALS?.trim()
+            && process.env.GOOGLE_CLOUD_PROJECT?.trim()) {
+            return { ok: true, method: "vertex" };
+        }
+        if (existsSync(join(homedir(), ".gemini", "oauth_creds.json"))
+            || existsSync(join(homedir(), ".gemini", "google_accounts.json"))) {
+            return { ok: true, method: "oauth" };
+        }
+        return {
+            ok: false,
+            reason: "Gemini is not authenticated. Configure OAuth, Vertex, or GEMINI_API_KEY.",
+        };
+    }
+    /**
+     * Detailed auth probe. Three modes:
+     *  - **API key** (`GEMINI_API_KEY` / `GOOGLE_API_KEY`): format check +
+     *    server-side probe via `probeApiKeyServerSide("google", ...)`
+     *    (roadmap §9.1). Throws on network/timeout.
+     *  - **Vertex** (`GOOGLE_APPLICATION_CREDENTIALS` + `GOOGLE_CLOUD_PROJECT`):
+     *    env-var presence check only.
+     *  - **OAuth** (`~/.gemini/oauth_creds.json`): presence check on
+     *    `refresh_token` field + grace window. Does NOT validate the
+     *    refresh_token server-side; real failures surface via the reactive
+     *    path during `execute()`.
+     */
+    async checkAuthDetailed() {
+        if (!this.cliPath) {
+            return {
+                ok: false,
+                status: "missing",
+                method: "cli_login",
+                detail: "Gemini CLI not found on PATH",
+                recoveryCommand: "npm install -g @google/gemini-cli",
+            };
+        }
+        const rawApiKey = process.env.GEMINI_API_KEY?.trim() || process.env.GOOGLE_API_KEY?.trim();
+        if (rawApiKey) {
+            if (!isPlausibleGeminiApiKey(rawApiKey)) {
+                return {
+                    ok: false,
+                    status: "expired",
+                    method: "api_key",
+                    detail: "GEMINI_API_KEY / GOOGLE_API_KEY does not match Google API key format (`AIza…`, 39 chars).",
+                    recoveryCommand: "Unset the env var or replace it with a valid Google API key",
+                };
+            }
+            // Format is plausible — attempt a server-side probe to detect
+            // revoked keys within 1 hourly cycle (roadmap §9.1).
+            const probe = await probeApiKeyServerSide("google", rawApiKey);
+            return {
+                ok: probe.ok,
+                status: probe.ok ? "ok" : "expired",
+                method: "api_key",
+                detail: probe.detail,
+                ...(!probe.ok && {
+                    recoveryCommand: "Unset the env var or replace it with a valid Google API key",
+                }),
+            };
+        }
+        if (process.env.GOOGLE_APPLICATION_CREDENTIALS?.trim()
+            && process.env.GOOGLE_CLOUD_PROJECT?.trim()) {
+            return { ok: true, status: "ok", method: "vertex" };
+        }
+        const oauthPath = join(homedir(), ".gemini", "oauth_creds.json");
+        if (existsSync(oauthPath)) {
+            try {
+                const raw = readFileSync(oauthPath, "utf-8");
+                const creds = JSON.parse(raw);
+                if (typeof creds.refresh_token === "string" && creds.refresh_token.length > 0) {
+                    return { ok: true, status: "ok", method: "oauth" };
+                }
+                // refresh_token missing — treat recently-modified files as ok
+                // because the Gemini CLI has a known upstream bug where the field
+                // drops out mid-session (observed in 0.x CLI versions). Without
+                // this grace, every Gemini user would false-trip to "expired"
+                // until they re-authenticated. The grace window is tunable via
+                // `PA_GEMINI_OAUTH_GRACE_HOURS`; set to 0 to disable the grace
+                // entirely once the upstream bug is fixed.
+                const graceHours = parseGraceHours(process.env.PA_GEMINI_OAUTH_GRACE_HOURS, 24);
+                const hoursSinceModified = (Date.now() - statSync(oauthPath).mtimeMs) / 3_600_000;
+                if (graceHours > 0 && hoursSinceModified < graceHours) {
+                    logger.warn({ graceHours, hoursSinceModified }, "Gemini oauth_creds.json missing refresh_token — applying grace window");
+                    return {
+                        ok: true,
+                        status: "ok",
+                        method: "oauth",
+                        detail: `refresh_token missing but file was updated ${hoursSinceModified.toFixed(1)}h ago (< ${graceHours}h grace)`,
+                    };
+                }
+                return {
+                    ok: false,
+                    status: "expired",
+                    method: "oauth",
+                    detail: "refresh_token missing from oauth_creds.json",
+                    recoveryCommand: "gemini → Sign in with Google",
+                };
+            }
+            catch (err) {
+                logger.warn({ err }, "Failed to read Gemini oauth_creds.json");
+                return {
+                    ok: false,
+                    status: "expired",
+                    method: "oauth",
+                    detail: err instanceof Error ? err.message : "Failed to parse oauth_creds.json",
+                    recoveryCommand: "gemini → Sign in with Google",
+                };
+            }
+        }
+        if (existsSync(join(homedir(), ".gemini", "gemini-credentials.json"))) {
+            return {
+                ok: true,
+                status: "ok",
+                method: "oauth",
+                detail: "Encrypted storage detected — CLI handles validation",
+            };
+        }
+        if (existsSync(join(homedir(), ".gemini", "google_accounts.json"))) {
+            return { ok: true, status: "ok", method: "oauth" };
+        }
+        return {
+            ok: false,
+            status: "expired",
+            method: "oauth",
+            detail: "No Gemini OAuth credentials found",
+            recoveryCommand: "gemini → Sign in with Google",
+        };
+    }
+    listModels() {
+        return getModelsForBackend(this.backendId);
+    }
+    /**
+     * Phase 5 §4.11 live probe for Gemini. Gemini CLI exposes no first-party
+     * tool-enumeration API and its MCP namespace (`mcp_<server>_<tool>`,
+     * single-underscore — confirmed via stream-event probe 2026-04-26)
+     * differs from Claude / Codex (`mcp__<server>__<tool>`).
+     *
+     * Strategy: scan the host for registered MCP servers (the
+     * `gemini-extension.json` `mcpServers` block under each subdir of
+     * `~/.gemini/extensions/` plus the `~/.gemini/settings.json`
+     * `mcpServers` block), then for every registry-declared Gemini
+     * connector whose namespace points at a detected server, synthesize
+     * the expected fully-qualified tool names from `capabilityTools`. The
+     * synthetic list is what `evaluateProbe` matches against the
+     * descriptor.
+     *
+     * Trade-off: this is a "presence-only" probe — it verifies the server
+     * is registered with Gemini, not that the agent's OAuth / tool-call
+     * actually works. Connector auth failures surface when the agent first
+     * invokes the tool. Codex / Claude run live `tool_search` queries
+     * because their MCP catalog is queryable from the SDK; Gemini does not
+     * expose that surface, and asking the model to enumerate via prompt
+     * proved unreliable (whitespace-only responses, see chat history).
+     *
+     * Two distinct outcomes:
+     *  - Server NOT detected → returns `[]`. `evaluateProbe` matches
+     *    against the connector's expected tools, finds none, reports all
+     *    required capabilities missing — dashboard correctly shows
+     *    "Gemini's <X> connector is not installed."
+     *  - Server detected → returns the registry's claimed tool list for
+     *    that server. `evaluateProbe` matches every entry exactly (since
+     *    the list IS the registry's expectation), so all caps mark
+     *    present. The dashboard shows "all features available." This is
+     *    accurate for `google-workspace` (whose tool names were verified
+     *    from `~/.gemini/extensions/google-workspace/dist/index.js` —
+     *    `registerTool("gmail.*", ...)` etc. — at registry-write time)
+     *    and is a guess for `notion` (registry assumes `notion-search`,
+     *    `notion-fetch`, etc.; actual hosted-MCP names may diverge —
+     *    surfaced via the install card's namespace caveat). Runtime
+     *    `wrong_tool` errors are the failure mode for the latter.
+     */
+    async probeTools() {
+        const detectedServers = new Set();
+        // Extension-installed MCP servers (e.g. google-workspace ships
+        // gmail.* and calendar.* via this path).
+        const extDir = join(homedir(), ".gemini", "extensions");
+        if (existsSync(extDir)) {
+            try {
+                const subdirs = readdirSync(extDir, { withFileTypes: true });
+                for (const ent of subdirs) {
+                    if (!ent.isDirectory())
+                        continue;
+                    const manifestPath = join(extDir, ent.name, "gemini-extension.json");
+                    if (!existsSync(manifestPath))
+                        continue;
+                    collectMcpServerNames(manifestPath, detectedServers);
+                }
+            }
+            catch (err) {
+                logger.warn({ err, extDir }, "failed to scan Gemini extensions");
+            }
+        }
+        // User-added MCP servers (`gemini mcp add <name> ...`). Notion's
+        // hosted MCP server is typically registered here under the literal
+        // name `notion` — that's the assumption the registry's Notion
+        // descriptor encodes.
+        const settingsPath = join(homedir(), ".gemini", "settings.json");
+        if (existsSync(settingsPath)) {
+            collectMcpServerNames(settingsPath, detectedServers);
+        }
+        const tools = [];
+        for (const integrationKey of INTEGRATION_KEYS) {
+            const connector = INTEGRATION_DESCRIPTORS[integrationKey].backendConnectors.gemini;
+            if (!connector)
+                continue;
+            const serverName = extractGeminiServerName(connector.toolNamespace);
+            if (!serverName || !detectedServers.has(serverName))
+                continue;
+            for (const toolList of Object.values(connector.capabilityTools)) {
+                for (const t of toolList) {
+                    tools.push(connector.toolNamespace + t);
+                }
+            }
+        }
+        const deduped = Array.from(new Set(tools));
+        logger.info({
+            detectedServers: [...detectedServers],
+            toolCount: deduped.length,
+        }, "Gemini probe collected tool manifest via host MCP scan");
+        return deduped;
+    }
+    async runTurn(params, streamCallbacks) {
+        // Pre-flight auth gate — intentionally absent in ClaudeCodeCore.
+        // Same reasoning as Codex: spawning the Gemini CLI subprocess has
+        // non-trivial TTFB, so reading `oauth_creds.json` (or the API key
+        // format) once here is cheaper than discovering the failure after
+        // the subprocess has already booted and begun streaming. Claude
+        // leans on the Agent SDK's own 401 instead, which is why it has
+        // no equivalent pre-flight. See the class-level comment on
+        // `ClaudeCodeCore` for the full rationale.
+        const auth = await this.checkAuth();
+        if (!auth.ok) {
+            logger.warn({ reason: auth.reason }, "Gemini auth check failed");
+            throw new BackendDecisiveFailure(this.backendId, "auth", new Error(auth.reason));
+        }
+        // Daily-request quota gate. Reads `backend_global_defaults.gemini_plan`
+        // → `PlanPreset.dailyRequestCeiling` and compares against the per-agent-day
+        // counter in runtime_state. Pre-flight refusal so we don't waste a CLI
+        // subprocess on a request we know is over quota. See
+        // `docs/design/09-safety-cost.md` §9.4.8 for the full contract.
+        const today = getAgentDayDateStr(this.config.timezone, this.config.dayBoundaryHour);
+        const ceiling = this.resolveDailyRequestCeiling();
+        if (ceiling !== null) {
+            const currentCount = this.readRequestsCount(today);
+            if (currentCount >= ceiling) {
+                logger.warn({ currentCount, ceiling, date: today }, "Gemini daily-request ceiling hit — refusing execution");
+                throw new BackendQuotaError(this.backendId, "daily_ceiling", null, `Gemini daily-request ceiling reached (${currentCount}/${ceiling}) — resets at the next agent-day boundary.`);
+            }
+        }
+        this.assertPromptWithinMaxBudget(params.prompt, params.maxBudgetUsd, params.modelId);
+        const startMs = Date.now();
+        const sessionDir = params.sessionDir ?? createSessionWorkdir(this.config.workspaceDir, params.eventType, `${this.config.dataDir}/skills`, {
+            backendId: this.backendId,
+            processKey: params.processKey,
+            character: this.config.character,
+        });
+        const ownsSessionDir = !params.sessionDir;
+        const daemonReadToken = this.readTokenManager?.issue(sessionDir) ?? this.readToken;
+        // Write admin policy to session workdir. The admin tier overrides the
+        // --approval-mode yolo grants, so this policy is the ONLY mechanism on
+        // Gemini for preserving non-negotiable invariants — chiefly that writes
+        // to the context directory must go through the daemon API.
+        //
+        // Strict mode: full whitelist policy (catch-all deny + explicit allows).
+        // Allow mode: minimal policy with NO catch-all — only denies context-dir
+        // writes and sensitive-path reads; everything else falls through to yolo.
+        const allowMode = this.config.geminiExecutionPermissionMode === "allow";
+        const policyPath = join(sessionDir, ADMIN_POLICY_FILENAME);
+        writeFileSync(policyPath, allowMode
+            ? this.generateAllowModeMinimalPolicy()
+            : this.generateAdminPolicy({ webSearchEnabled: params.webSearchEnabled }), "utf-8");
+        const mcp = await this.materializeMcp(sessionDir, params.processKey);
+        logger.info({ eventType: params.eventType, model: params.modelId, promptLen: params.prompt.length, mcpServers: mcp.servers.map((s) => s.id) }, "Gemini execute started");
+        let assistantDelta = "";
+        let finalAssistantMessage = "";
+        let sessionId = params.resumeSessionId ?? null;
+        let lastError = null;
+        let resultStatus = "error";
+        let stats = null;
+        let streamed = false;
+        const deferStreamingUntilBudgetCheck = params.maxBudgetUsd !== undefined;
+        // Accumulate raw subprocess text across the run so we can scan once for
+        // `PA_API_ERROR` markers the pa-api / curl wrappers emit on HTTP errors.
+        // Gemini's stream schema doesn't expose a dedicated tool-output field, so
+        // we fall back to the raw stdout/stderr lines (which include both the
+        // JSONL itself and any uncaptured subprocess stderr).
+        const apiOutputBuffer = [];
+        try {
+            const runResult = await runLineCommand({
+                command: "gemini",
+                args: this.buildArgs(params, policyPath),
+                cwd: sessionDir,
+                env: {
+                    ...buildDaemonApiCliEnv(sessionDir, this.config.apiPort, {
+                        readToken: daemonReadToken,
+                        sessionBackend: "gemini",
+                        sessionId: params.sessionDbId,
+                        eventCorrelationId: params.eventCorrelationId,
+                    }),
+                    ...mcp.env,
+                    ...(params.turnToken ? { PA_TURN_TOKEN: params.turnToken } : {}),
+                },
+                timeoutMs: this.config.executeTimeoutMinutes * 60 * 1000,
+                onStdoutLine: (line) => {
+                    apiOutputBuffer.push(line);
+                    const event = parseJsonLine(line);
+                    if (!event?.type) {
+                        if (isLikelyGeminiFailure(line)) {
+                            lastError = line.trim();
+                        }
+                        return;
+                    }
+                    if (event.type === "init" && typeof event.session_id === "string") {
+                        sessionId = event.session_id;
+                        return;
+                    }
+                    // Pre-mark vault writes for observer attribution (same as Claude Code hook).
+                    if (this.writeTracker && event.type === "tool_use") {
+                        this.trackVaultWrite(event);
+                    }
+                    // B-003 Phase 4.4 — persist MCP tool call to `mcp_tool_calls`.
+                    // Gemini emits `mcp_<server>_<tool>` (single underscore — see
+                    // parseMcpToolName); host-installed Gemini MCPs (like
+                    // `google-workspace` from extensions, or user-added `notion`)
+                    // produce `serverId` values that DON'T appear in the daemon's
+                    // `mcp_servers` table. The schema has no FK so writes succeed,
+                    // but the dashboard's per-server activity panel (keyed by a
+                    // matching server-card) won't surface them. The rows persist
+                    // for any future "all MCP activity" view; for now they're a
+                    // forensic-only audit trail.
+                    if (event.type === "tool_use" && typeof event.tool_name === "string") {
+                        const parsed = parseMcpToolName(event.tool_name);
+                        if (parsed) {
+                            logger.debug({
+                                serverId: parsed.serverId,
+                                toolName: parsed.toolName,
+                                sessionId,
+                                eventType: params.eventType,
+                            }, "mcp.tool_call");
+                            if (this.mcpContext?.db) {
+                                try {
+                                    logMcpToolCall(this.mcpContext.db, {
+                                        serverId: parsed.serverId,
+                                        toolName: parsed.toolName,
+                                        eventType: params.eventType,
+                                        sessionId: sessionId ?? undefined,
+                                    });
+                                }
+                                catch (err) {
+                                    logger.warn({ err, serverId: parsed.serverId }, "mcp.tool_call audit insert failed");
+                                }
+                            }
+                        }
+                    }
+                    if (event.type === "message" && event.role === "assistant") {
+                        const content = typeof event.content === "string" ? event.content : "";
+                        if (!content) {
+                            return;
+                        }
+                        if (event.delta) {
+                            assistantDelta += content;
+                            if (!deferStreamingUntilBudgetCheck) {
+                                streamCallbacks?.onText?.(content);
+                                streamed = true;
+                            }
+                            return;
+                        }
+                        finalAssistantMessage = content;
+                        return;
+                    }
+                    if (event.type === "result") {
+                        const payload = event.result ?? event;
+                        resultStatus = payload.status ?? resultStatus;
+                        stats = payload.stats ?? stats;
+                        lastError = payload.error ?? lastError;
+                    }
+                },
+                onStderrLine: (line) => {
+                    apiOutputBuffer.push(line);
+                    if (isLikelyGeminiFailure(line)) {
+                        lastError = line.trim();
+                    }
+                },
+            });
+            const apiErrors = extractSilentApiErrors(apiOutputBuffer.join("\n"));
+            if (apiErrors.length > 0) {
+                logSilentApiErrors(logger, apiErrors, {
+                    backendId: this.backendId,
+                    sessionId,
+                    eventType: params.eventType,
+                });
+            }
+            if (runResult.timedOut) {
+                const err = new BackendDecisiveFailure(this.backendId, "timeout", new Error(`Gemini execution exceeded timeout of ${this.config.executeTimeoutMinutes} minutes`));
+                logger.error({ err, eventType: params.eventType, model: params.modelId, durationMs: Date.now() - startMs }, "Gemini execute timed out");
+                throw err;
+            }
+            const outputSource = finalAssistantMessage.trim().length > 0
+                ? finalAssistantMessage
+                : assistantDelta;
+            const output = outputSource.trim();
+            if (resultStatus !== "success" || runResult.exitCode !== 0) {
+                const failureText = lastError
+                    ?? firstFailureLine(runResult.stdoutLines)
+                    ?? firstFailureLine(runResult.stderrLines)
+                    ?? "Gemini execution did not complete successfully.";
+                const classified = this.classifyFailure(failureText);
+                logger.error({ err: classified, eventType: params.eventType, model: params.modelId, exitCode: runResult.exitCode, durationMs: Date.now() - startMs }, "Gemini execute failed");
+                throw classified;
+            }
+            const normalizedUsage = normalizeGeminiUsage(stats);
+            const { modelUsage, costSource } = buildGeminiModelUsage(this.priceFetcher, stats);
+            const actualModelId = resolveActualGeminiModel(params.modelId, modelUsage);
+            const durationApiMs = stats?.duration_ms ?? Date.now() - startMs;
+            const estimatedCost = this.priceFetcher.estimateUsageCost({
+                backendId: this.backendId,
+                modelId: actualModelId,
+                usage: normalizedUsage,
+                fallbackModel: findRegisteredModel(this.backendId, actualModelId),
+            });
+            const costUsd = Object.values(modelUsage)
+                .reduce((total, usage) => total + usage.costUsd, 0)
+                || estimatedCost.costUsd;
+            this.assertWithinMaxBudget(costUsd, params.maxBudgetUsd, actualModelId);
+            if (output && !streamed) {
+                streamCallbacks?.onText?.(output);
+            }
+            const durationMs = Date.now() - startMs;
+            logger.info({ eventType: params.eventType, model: actualModelId, durationMs, costUsd }, "Gemini execute completed");
+            // Bump the per-agent-day request counter on successful completion.
+            // We increment per-runTurn rather than per-JSONL-event because
+            // Gemini's streaming CLI may emit only delta messages without a
+            // final non-delta aggregate — counting on events made the ceiling
+            // enforcement silently break in streaming-only mode. Per-runTurn is
+            // protocol-agnostic and guaranteed to fire once per successful
+            // execution. Tool-fanout turns still count as one request, which
+            // undercounts real API consumption; that is an acceptable
+            // approximation for a safety-net ceiling (the tight 900 / 1350 /
+            // 1800 plan ceilings absorb the slack).
+            this.incrementRequestsCount(today);
+            return {
+                output,
+                sessionId,
+                backendId: this.backendId,
+                modelId: actualModelId,
+                costSource: Object.keys(modelUsage).length > 0 ? costSource : estimatedCost.costSource,
+                costUsd,
+                usage: normalizedUsage,
+                modelUsage,
+                numTurns: 1,
+                durationMs,
+                durationApiMs,
+                model: actualModelId,
+                isError: false,
+                stopReason: resultStatus,
+                contextUpdated: false,
+                // advisorCallCount omitted — non-Anthropic backends never populate
+                // this field, consumers treat undefined as 0.
+            };
+        }
+        finally {
+            if (ownsSessionDir) {
+                this.readTokenManager?.revoke(sessionDir);
+            }
+            streamCallbacks?.onEnd?.();
+            if (ownsSessionDir) {
+                cleanupSessionWorkdir(sessionDir);
+            }
+        }
+    }
+    buildArgs(params, policyPath) {
+        // The admin policy always applies (strict or allow) so context-dir and
+        // sensitive-path guardrails remain enforced. `--sandbox` is the container
+        // sandbox toggle (Docker/Podman) — only strict mode runs inside it.
+        // `--skip-trust` bypasses the workspace-trust prompt: session workdirs
+        // under PA_DATA_DIR are created fresh by the daemon and can't realistically
+        // be trusted interactively; the admin policy is the actual safety surface.
+        const allowMode = this.config.geminiExecutionPermissionMode === "allow";
+        return [
+            ...(params.resumeSessionId ? ["--resume", params.resumeSessionId] : []),
+            "--prompt",
+            params.prompt,
+            "--model",
+            params.modelId,
+            "--approval-mode",
+            "yolo",
+            "--skip-trust",
+            ...(allowMode ? [] : ["--sandbox"]),
+            "--admin-policy",
+            policyPath,
+            "--output-format",
+            "stream-json",
+        ];
+    }
+    /**
+     * Generate a TOML admin policy that restricts Gemini CLI tools to match
+     * the same security posture as Claude Code (allowedTools + security hooks).
+     *
+     * Admin policies are tier 5 (highest priority) and override --approval-mode yolo.
+     *
+     * All regex patterns use TOML literal strings ('...') to avoid escape-sequence
+     * conflicts — TOML basic strings ("...") treat `\b` as backspace and reject
+     * unknown escapes like `\.` / `\s`, which are valid regex metacharacters.
+     *
+     * ── Audit note: DM reactive-path allowlist bug (BUG-DM-BACKEND-PERMISSIONS) ──
+     *
+     * This Gemini policy does NOT need the Skill / Bash(jq *) additions that
+     * Claude Code needed for the same bug. Reasons verified 2026-04-11:
+     *
+     *   1. Gemini CLI has no first-class "Skill" tool. User skills are loaded
+     *      as files in the session workdir (`${dataDir}/skills/`), and the
+     *      agent reads them via `read_file` — which is already allowed at
+     *      priority 500 below. There is no tool invocation to deny.
+     *
+     *   2. The priority-950 rule below denies any shell command that contains
+     *      a pipe (`|`), semicolon (`;`), `&&`, or subshell operator. That
+     *      means `curl ... | jq ...` is ALREADY denied on this backend by
+     *      design — adding `jq` to an allowlist would have no effect while the
+     *      pipe-chaining deny rule is in force. Gemini's workflow for JSON
+     *      post-processing is: `curl -o /tmp/out.json ...`, then `read_file`,
+     *      then parse in-model. That workflow does not need `jq`.
+     *
+     * If `message.dm` is ever re-routed to Gemini by default, re-audit: the
+     * task-flow prompts may reference `Skill(...)` syntax the agent cannot
+     * invoke on this backend. That would be a prompt/task-flow issue, not an
+     * allowlist issue.
+     */
+    generateAdminPolicy(options) {
+        const webSearchEnabled = options?.webSearchEnabled ?? false;
+        const port = this.config.apiPort;
+        const contextDir = resolvePath(getContextDir(this.config));
+        // Escape regex special chars in the path for use inside TOML literal strings.
+        // Literal strings don't process escapes, so single backslash is fine.
+        const escapedContextDir = contextDir.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        // Build sensitive-path argsPattern (regex alternation).
+        const sensitivePathPatterns = [
+            "\\.ssh/",
+            "\\.gnupg/",
+            "\\.aws/",
+            "Library/Keychains/",
+            "\\.personal-agent/backups/",
+            "\\.personal-agent/whatsapp/auth/",
+            // `\"` (closing JSON string quote) is a required terminator because
+            // Gemini matches argsPattern against the JSON-stringified args object
+            // like `{"file_path":".env"}` — without `\"` the pattern silently
+            // misses root `.env` reads (after `.env` comes `"` in the JSON, which
+            // matches none of $ / . / /).
+            '\\.env($|\\.|/|\\")',
+        ];
+        const sensitivePathRegex = sensitivePathPatterns.join("|");
+        const sessionHelperPathRegex = '(^|/)\\.pa/';
+        // Translate config.disallowedTools into additional deny rules.
+        // Claude Code format: "Bash(rm -rf *)", "Read(~/.ssh/**)" etc.
+        const extraDenyRules = this.buildDisallowedToolRules();
+        // DELEGATED-MODE-V2-DESIGN.md §4.3.3 — same-backend integration deny
+        // rules. For each integration whose `delegatedBackend === "gemini"`,
+        // emit one literal-toolName deny rule per concrete (glob-expanded)
+        // tool name. Priority sits between user-disallowedTools (935) and the
+        // absolute-block layer (1000) — same enforcement weight as user-driven
+        // disallowedTools by intent, but distinct so logs/audits can attribute.
+        const sessionDenyRules = this.buildSessionDeniedToolRules();
+        // EXECUTION-MODE-DESIGN.md §6 absolute-block layer — applied in both
+        // strict and allow mode at priority 999 (the in-tier ceiling enforced
+        // by Gemini CLI's PolicyFileSchema; admin tier still outranks user /
+        // workspace / default tiers regardless of in-tier priority).
+        const absoluteBlockRules = this.buildAbsoluteBlockRules();
+        return `# ${APP_NAME} admin policy for Gemini CLI (auto-generated)
+# Admin tier — overrides approval-mode yolo
+# ══════════════════════════════════════════════════
+# Catch-all: deny everything not explicitly allowed.
+# This creates whitelist semantics matching Claude Code's allowedTools.
+# Every allowed tool must have a higher-priority allow rule below.
+# ══════════════════════════════════════════════════
+[[rule]]
+toolName = "*"
+decision = "deny"
+denyMessage = "This tool is not permitted in daemon mode."
+priority = 1
+${this.buildWebAccessRules(webSearchEnabled)}
+# ── Shell: restrict to curl localhost:${port} and git ──
+# Deny any shell command containing a non-localhost HTTP URL.
+# This catches curl piping/chaining bypasses like:
+#   curl http://localhost:8321/... ; curl http://evil.com
+# Negative lookahead ensures only localhost:{port} URLs are permitted.
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = 'https?://(?!(localhost|127\\.0\\.0\\.1):${port}[/\\s?#])'
+decision = "deny"
+denyMessage = "HTTP requests to non-localhost targets are forbidden. Use the daemon API."
+priority = 960
+# Deny curl with connection-override flags (bypass prevention, matches Claude Code hook)
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bcurl\\b.*(--connect-to|--resolve|--config(\\b|=)|\\s-K|--proxy(\\b|=)|\\s-x|--socks)'
+decision = "deny"
+denyMessage = "curl connection override flags are not allowed (--connect-to, --resolve, --config, --proxy)."
+priority = 955
+# Deny curl with command chaining operators (pipe, semicolon, &&, ||, subshell, backtick)
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bcurl\\b.*(;|\\|\\||&&|\\||\\$\\(|\x60)'
+decision = "deny"
+denyMessage = "curl with command chaining is not allowed. Use separate tool calls."
+priority = 950
+# Allow curl targeting localhost:${port}
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bcurl\\b.*https?://(localhost|127\\.0\\.0\\.1):${port}(/|\\s|$|\\?)'
+decision = "allow"
+priority = 900
+# Deny any other curl command
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bcurl\\b'
+decision = "deny"
+denyMessage = "curl is restricted to localhost:${port}. Use the daemon API for all HTTP requests."
+priority = 850
+# Deny dangerous git operations (matches Claude Code's disallowedTools)
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bgit\\s+push\\s+(-f|--force)'
+decision = "deny"
+denyMessage = "git push --force is not allowed."
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bgit\\s+reset\\s+--hard'
+decision = "deny"
+denyMessage = "git reset --hard is not allowed."
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '\\bgit\\s+clean\\b'
+decision = "deny"
+denyMessage = "git clean is not allowed."
+priority = 940
+# Allow other git commands
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "git "
+decision = "allow"
+priority = 800
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "git"
+decision = "allow"
+priority = 800
+# Deny keychain access (secrets use -A flag; block agent from reading them)
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "security "
+decision = "deny"
+denyMessage = "Keychain access is not allowed in daemon mode."
+priority = 950
+# Deny dangerous shell commands
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "rm -rf"
+decision = "deny"
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "rm -r"
+decision = "deny"
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "sudo "
+decision = "deny"
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "su "
+decision = "deny"
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "chmod "
+decision = "deny"
+priority = 940
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "chown "
+decision = "deny"
+priority = 940
+# Deny all other shell commands (only curl-to-localhost and git are allowed)
+[[rule]]
+toolName = "run_shell_command"
+decision = "deny"
+denyMessage = "Only 'curl localhost:${port}' and 'git' commands are allowed in daemon mode."
+priority = 100
+# ── File operations ──
+# Deny writes to context directory (must use daemon API)
+[[rule]]
+toolName = ["write_file", "replace"]
+argsPattern = '${escapedContextDir}'
+decision = "deny"
+denyMessage = "Direct writes to context directory are forbidden. Use PUT/PATCH http://localhost:${port}/api/context/*"
+priority = 960
+# Deny writes to the session helper directory. The daemon manages .pa/bin/*
+# wrappers; allowing edits would let the agent rewrite the curl shim that
+# receives daemon-auth env at execution time.
+[[rule]]
+toolName = ["write_file", "replace"]
+argsPattern = '${sessionHelperPathRegex}'
+decision = "deny"
+denyMessage = "Direct writes to .pa are forbidden. Session helper binaries are daemon-managed."
+priority = 958
+# Deny reads/writes to sensitive paths
+[[rule]]
+toolName = ["read_file", "read_many_files", "write_file", "replace"]
+argsPattern = '${sensitivePathRegex}'
+decision = "deny"
+denyMessage = "Access to sensitive paths (.ssh, .aws, .gnupg, Keychains, .env, backups) is forbidden."
+priority = 955
+# Allow standard file operations
+[[rule]]
+toolName = ["read_file", "read_many_files", "glob", "grep_search", "list_directory"]
+decision = "allow"
+priority = 500
+[[rule]]
+toolName = ["write_file", "replace"]
+decision = "allow"
+priority = 500
+# ── Other tools ──
+[[rule]]
+toolName = ["ask_user", "write_todos", "save_memory"]
+decision = "allow"
+priority = 500
+# ── Subagent delegation (invoke_agent) ──
+# Block Gemini CLI's built-in subagent dispatcher. The daemon's stream
+# parsers (runTurn + runDelegatedTool) only observe the parent agent's
+# tool_use events — subagent-internal MCP calls don't surface, so the
+# anti-prompt-injection guard would mis-classify the turn as wrong_tool.
+# Subagents also paraphrase tool output instead of returning the raw
+# connector envelope, and per-integration deniedTools / cost accounting
+# don't cross the subagent boundary. Bundled policies/agents.toml allows
+# invoke_agent at default-tier priority 50; admin tier wins cross-tier
+# so this rule's priority only orders it inside the admin policy, not
+# against the bundled allow.
+#
+# Hard-coded by tool name — if a future Gemini CLI ships a renamed or
+# additional delegation builtin, this rule will not catch it. Watch for
+# new tool-name constants alongside AGENT_TOOL_NAME in the bundled CLI.
+[[rule]]
+toolName = "invoke_agent"
+decision = "deny"
+denyMessage = "Subagent delegation via invoke_agent is not allowed in daemon-managed sessions. Call the requested tool directly."
+priority = 950
+${absoluteBlockRules}${extraDenyRules}${sessionDenyRules}`;
+    }
+    /**
+     * Minimal admin policy for allow mode. No catch-all deny — every tool not
+     * matched by a rule below falls through to the `--approval-mode yolo`
+     * grants, which is what "all commands/MCPs/skills enabled" requires.
+     *
+     * Only two invariants are preserved:
+     *   1. Context directory writes must go through the daemon API. This is
+     *      memory-layer integrity (today-write-lock, md_file_snapshots,
+     *      CONTEXT_WRITE_PERMISSIONS, onPromptContextChanged) — orthogonal to
+     *      tool permissions. Denied for both `write_file`/`replace` directly
+     *      and for `run_shell_command` whose argv contains the context path.
+     *   2. Reads of keychain / SSH / GPG / AWS / .env / daemon secrets /
+     *      WhatsApp auth / backups stay denied. These aren't tool policy
+     *      either — they're the exfiltration surface, and enabling them
+     *      serves no agent workflow on a single-owner device.
+     *
+     * Everything else (arbitrary `rm`, `curl` to any host, `chmod`, `sudo`,
+     * web search / fetch, etc.) is permitted because allow mode is meant to
+     * be the "strong permission mode" the user asked for.
+     */
+    generateAllowModeMinimalPolicy() {
+        const port = this.config.apiPort;
+        const contextDir = resolvePath(getContextDir(this.config));
+        // Escape regex metacharacters — TOML literal strings don't process escapes,
+        // so a single backslash reaches the regex engine unchanged.
+        const escapeRegex = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        // Match any shell-level path form that points at the context dir:
+        //   - absolute: /Users/.../context
+        //   - home-tilde: ~/... (shell expands; raw command text contains "~")
+        //   - $HOME / ${HOME} env-var interpolation
+        // Without these alternations, `tee ~/.personal-agent/context/today.md`
+        // slips through the context-write deny rule.
+        const home = homedir();
+        const contextPathForms = shellPathForms(contextDir, home);
+        const contextPathRegex = contextPathForms.map(escapeRegex).join("|");
+        const contextArgsRegex = jsonStringPathForms(contextPathForms)
+            .map(escapeRegex)
+            .join("|");
+        const sensitivePathPatterns = [
+            "\\.ssh[\\\\/]",
+            "\\.gnupg[\\\\/]",
+            "\\.aws[\\\\/]",
+            "Library[\\\\/]Keychains[\\\\/]",
+            "\\.personal-agent[\\\\/]backups[\\\\/]",
+            "\\.personal-agent[\\\\/]whatsapp[\\\\/]auth[\\\\/]",
+            "\\.personal-agent[\\\\/]secrets[\\\\/]",
+            // `\"` (closing JSON string quote) is a required terminator because
+            // Gemini matches argsPattern against the JSON-stringified args object
+            // like `{"file_path":".env"}` — without `\"` the pattern silently
+            // misses root `.env` reads (after `.env` comes `"` in the JSON, which
+            // matches none of $ / . / /).
+            '\\.env($|\\.|[\\\\/]|\\")',
+        ];
+        const sensitivePathRegex = sensitivePathPatterns.join("|");
+        return `# ${APP_NAME} admin policy for Gemini CLI — Allow mode (minimal)
+# Admin tier — overrides approval-mode yolo only for the rules below.
+# No catch-all deny: every tool not matched here inherits yolo's auto-approve.
+# ── Context directory writes must go through the daemon API ──
+# Memory-layer integrity invariants (today-write-lock, md_file_snapshots,
+# CONTEXT_WRITE_PERMISSIONS, onPromptContextChanged) cannot be enforced on
+# shell-level writes; so we deny any shell command or direct tool that
+# targets the context dir.
+[[rule]]
+toolName = ["write_file", "replace"]
+argsPattern = '${contextArgsRegex}'
+decision = "deny"
+denyMessage = "Direct writes to the context directory are forbidden even in Allow mode. Use PUT/PATCH http://localhost:${port}/api/context/* so today-write-lock, md_file_snapshots, and CONTEXT_WRITE_PERMISSIONS stay enforced."
+priority = 999
+[[rule]]
+toolName = "run_shell_command"
+commandRegex = '${contextPathRegex}'
+decision = "deny"
+denyMessage = "Shell commands that reference the context directory are forbidden — writing via redirects / tee / sed -i / script engines bypasses daemon-API guarantees. Use http://localhost:${port}/api/context/*. Absolute, ~, and HOME-env-var forms are all matched."
+priority = 999
+# ── Sensitive-path reads ──
+# Secrets, keys, and daemon backups stay read-blocked. Writes to these
+# paths are also blocked so the agent cannot plant credentials or tamper
+# with keychain-adjacent directories.
+[[rule]]
+toolName = ["read_file", "read_many_files", "write_file", "replace"]
+argsPattern = '${sensitivePathRegex}'
+decision = "deny"
+denyMessage = "Access to sensitive paths (.ssh, .aws, .gnupg, Keychains, .env, daemon secrets, backups, WhatsApp auth) is forbidden even in Allow mode."
+priority = 998
+# ── Subagent delegation (invoke_agent) ──
+# Same rationale as the strict-mode policy: daemon stream parsers don't
+# see subagent-internal tool calls, subagents paraphrase results, and
+# per-integration deniedTools / cost accounting don't cross the subagent
+# boundary. Allow mode has no catch-all "*" deny, so this explicit rule
+# is the only thing keeping bundled policies/agents.toml (default tier,
+# priority 50) from re-allowing invoke_agent.
+[[rule]]
+toolName = "invoke_agent"
+decision = "deny"
+denyMessage = "Subagent delegation via invoke_agent is not allowed in daemon-managed sessions. Call the requested tool directly."
+priority = 950
+${this.buildAbsoluteBlockRules()}${this.buildSessionDeniedToolRules()}`;
+    }
+    /**
+     * EXECUTION-MODE-DESIGN.md §6.2 — absolute-block rules applied in BOTH
+     * strict and allow mode. Priority is pinned at 999 — the in-tier
+     * ceiling enforced by Gemini CLI's `PolicyFileSchema` (`priority` is
+     * `.int().min(0).max(999)`; values >= 1000 fail with "Schema validation
+     * failed" and the entire policy file is dropped, which would also drop
+     * every other guardrail in this admin policy).
+     *
+     * Cross-tier precedence is unaffected: the daemon registers this file
+     * via `--admin-policy <path>`, which puts it at `ADMIN_POLICY_TIER (=5)`,
+     * strictly above user/workspace/default. Within the admin tier, 999 is
+     * the maximum so absolute-block still wins against every other rule
+     * here. The two existing 998/999 deny rules in allow mode are also
+     * `decision = "deny"`, so a tie at 999 collapses to the same outcome
+     * (deny) — no semantic conflict.
+     *
+     * Highest-priority ALLOW rule across both modes is `curl localhost`
+     * at 900, well below 999, so absolute-block continues to override any
+     * allow currently emitted.
+     */
+    buildAbsoluteBlockRules() {
+        return this.convertToolListToTomlRules(ALWAYS_DISALLOWED_TOOLS, {
+            priority: 999,
+            denyPrefix: "Blocked by absolute-block layer: ",
+            sectionHeader: "Absolute-block layer (EXECUTION-MODE-DESIGN.md §6)",
+        });
+    }
+    /**
+     * Convert config.disallowedTools entries into TOML deny rules.
+     *
+     * Claude Code format entries like "Bash(rm -rf *)" or "Read(~/.ssh/**)"
+     * are translated into Gemini-native policy rules.
+     */
+    buildDisallowedToolRules() {
+        return this.convertToolListToTomlRules(this.config.disallowedTools ?? [], {
+            priority: 935,
+            denyPrefix: "Blocked by disallowedTools: ",
+            sectionHeader: "User-configured disallowedTools",
+        });
+    }
+    /**
+     * DELEGATED-MODE-V2-DESIGN.md §4.3.3 — emit deny rules for every
+     * concrete (glob-expanded) MCP tool name carried by an integration's
+     * `deniedTools` whose `delegatedBackend === "gemini"`. Tools are
+     * matched by literal name (e.g.
+     * `mcp__codex_apps__google_calendar._delete_event`) at priority 936
+     * — one tick above the user-disallowedTools block (935) so a deny
+     * here cannot be overridden by anything below.
+     *
+     * Empty when no integration is in same-backend mode for Gemini.
+     */
+    buildSessionDeniedToolRules() {
+        if (!this.mcpContext)
+            return "";
+        let denied = [];
+        try {
+            const integrations = readIntegrations(this.mcpContext.db);
+            const map = collectSessionDeniedTools(integrations, "gemini");
+            const flat = [];
+            for (const names of map.values())
+                flat.push(...names);
+            denied = flat;
+        }
+        catch (err) {
+            logger.warn({ err }, "Failed to read integrations for same-backend denied-tools — proceeding without per-integration deny");
+            return "";
+        }
+        if (denied.length === 0)
+            return "";
+        const rules = [
+            "",
+            "",
+            "# ══════════════════════════════════════════════════",
+            "# Same-backend deniedTools (DELEGATED-MODE-V2-DESIGN.md §4.3.3)",
+            "# ══════════════════════════════════════════════════",
+        ];
+        for (const tool of denied) {
+            rules.push(`
+[[rule]]
+toolName = "${this.escapeTomlBasicString(tool)}"
+decision = "deny"
+denyMessage = "Tool '${this.escapeTomlBasicString(tool)}' is denied by the user's integration deniedTools setting."
+priority = 936`);
+        }
+        return rules.join("\n");
+    }
+    convertToolListToTomlRules(disallowed, opts) {
+        const rules = [];
+        for (const entry of disallowed) {
+            const bashMatch = /^Bash\((.+)\)$/.exec(entry);
+            if (bashMatch) {
+                // "Bash(rm -rf *)" → deny run_shell_command with commandPrefix
+                const cmdPattern = bashMatch[1].replace(/\s*\*$/, "").trim();
+                if (cmdPattern) {
+                    rules.push(`
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = "${this.escapeTomlBasicString(cmdPattern)}"
+decision = "deny"
+denyMessage = "${this.escapeTomlBasicString(opts.denyPrefix)}${this.escapeTomlBasicString(entry)}"
+priority = ${opts.priority}`);
+                }
+                continue;
+            }
+            const fileMatch = /^(Read|Write|Edit)\((.+)\)$/.exec(entry);
+            if (fileMatch) {
+                const [, toolType, pathGlob] = fileMatch;
+                // Convert glob to a simple regex substring for argsPattern.
+                // "~/.ssh/**" → ".ssh/"
+                const pathFragment = pathGlob
+                    .replace(/^~\//, "")
+                    .replace(/\*+$/g, "")
+                    .replace(/\\/g, "/");
+                if (!pathFragment)
+                    continue;
+                const toolNames = [];
+                if (toolType === "Read")
+                    toolNames.push("read_file", "read_many_files");
+                if (toolType === "Write" || toolType === "Edit")
+                    toolNames.push("write_file", "replace");
+                if (toolNames.length > 0) {
+                    const toolNameValue = toolNames.length === 1
+                        ? `"${toolNames[0]}"`
+                        : `[${toolNames.map((t) => `"${t}"`).join(", ")}]`;
+                    rules.push(`
+[[rule]]
+toolName = ${toolNameValue}
+argsPattern = '${pathFragment}'
+decision = "deny"
+denyMessage = "${this.escapeTomlBasicString(opts.denyPrefix)}${this.escapeTomlBasicString(entry)}"
+priority = ${opts.priority}`);
+                }
+            }
+        }
+        if (rules.length === 0)
+            return "";
+        return `
+# ── ${opts.sectionHeader} ──
+${rules.join("\n")}
+`;
+    }
+    /**
+     * Build the web-access TOML rules section.
+     *
+     * When disabled (default): deny both google_web_search and web_fetch at
+     * priority 999 (overrides any lower-priority allow).
+     *
+     * When enabled: allow google_web_search only. web_fetch remains denied
+     * because it can fetch arbitrary URLs, creating a data-exfiltration
+     * vector that contradicts the curl-to-localhost shell restriction.
+     */
+    buildWebAccessRules(webSearchEnabled) {
+        if (webSearchEnabled) {
+            return `# ── Web access: PARTIAL ALLOW ──
+# google_web_search enabled via dashboard settings.
+# web_fetch remains denied (arbitrary URL fetch = exfiltration risk).
+[[rule]]
+toolName = "google_web_search"
+decision = "allow"
+priority = 500
+[[rule]]
+toolName = "web_fetch"
+decision = "deny"
+denyMessage = "Web fetch is not allowed. Only google_web_search is permitted when web search is enabled."
+priority = 999`;
+        }
+        return `# ── Web access: DENY ──
+# Block internet search and URL fetching (parity with Claude Code's allowedTools whitelist)
+[[rule]]
+toolName = "google_web_search"
+decision = "deny"
+denyMessage = "Web search is not allowed in daemon mode. Use the daemon API for external data."
+priority = 999
+[[rule]]
+toolName = "web_fetch"
+decision = "deny"
+denyMessage = "Web fetch is not allowed in daemon mode. Use the daemon API for external data."
+priority = 999`;
+    }
+    /** Escape characters for TOML basic string values (double-quoted). */
+    escapeTomlBasicString(value) {
+        return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+    }
+    /**
+     * Pre-mark vault-scoped file writes from Gemini's tool_use events
+     * so the ObsidianWatcher attributes them to actor='agent'.
+     */
+    trackVaultWrite(event) {
+        if (!this.writeTracker)
+            return;
+        const vaultPath = this.config.externalObsidianVaultPath;
+        if (!vaultPath)
+            return;
+        if (event.tool_name !== "write_file" && event.tool_name !== "replace")
+            return;
+        const filePath = event.args?.file_path;
+        if (typeof filePath !== "string" || !filePath)
+            return;
+        const absFile = resolvePath(filePath);
+        const absVault = resolvePath(vaultPath);
+        if (isPathInsideOrEqual(absVault, absFile)) {
+            this.writeTracker.markWriting(absFile);
+            logger.debug({ filePath: absFile }, "Gemini vault write pre-marked for observer attribution");
+        }
+    }
+    pickSummaryModel() {
+        // Registry-derived lite-tier model is the canonical pick (compaction
+        // summaries are short-shape and benefit from the cheapest model).
+        // Falls through to "any registered model" when the registry has no
+        // available lite entry, then throws when the registry is empty for
+        // this backend — preferable to the prior silent literal fallback
+        // that hid registry misconfiguration.
+        const liteFromRegistry = latestLiteFor(this.backendId);
+        if (liteFromRegistry)
+            return liteFromRegistry;
+        const anyFromRegistry = this.listModels()[0]?.modelId;
+        if (anyFromRegistry)
+            return anyFromRegistry;
+        throw new Error(`pickSummaryModel: no models registered for backend ${this.backendId}`);
+    }
+    /**
+     * Resolve the Gemini per-agent-day request ceiling. The daemon does
+     * not store per-backend account tiers (Aitne runs on
+     * `GEMINI_API_KEY` / `GOOGLE_API_KEY`, with CLI auth as fallback),
+     * so this returns a fixed conservative default
+     * (`GEMINI_DAILY_REQUEST_CEILING`, matching the free Gemini API tier
+     * with 10% headroom). Operators on a paid Google account whose real
+     * upstream quota is higher can widen the gate by editing
+     * `runtime_state` directly or via a dashboard config surface (out of
+     * scope for this layer).
+     *
+     * Returns `null` only when no db handle is injected (test/dev paths
+     * that bypass enforcement entirely).
+     */
+    resolveDailyRequestCeiling() {
+        if (!this.db)
+            return null;
+        return GEMINI_DAILY_REQUEST_CEILING;
+    }
+    /**
+     * Read the current request count for today's agent day. Returns 0 when:
+     * - the stored state is from a previous agent day (natural daily reset),
+     * - the row is missing,
+     * - or the db handle is not injected.
+     */
+    readRequestsCount(today) {
+        if (!this.db)
+            return 0;
+        const state = readRuntimeState(this.db, GEMINI_REQUESTS_STATE_KEY);
+        if (!state || state.date !== today)
+            return 0;
+        return state.count;
+    }
+    /**
+     * Increment the per-agent-day counter. Resets to 1 when the stored date
+     * does not match the current agent day (that is the reset path — no
+     * separate scheduler job is needed because the key is agent-day scoped).
+     */
+    incrementRequestsCount(today) {
+        if (!this.db)
+            return;
+        try {
+            const state = readRuntimeState(this.db, GEMINI_REQUESTS_STATE_KEY);
+            const nextCount = state && state.date === today ? state.count + 1 : 1;
+            writeRuntimeState(this.db, GEMINI_REQUESTS_STATE_KEY, {
+                date: today,
+                count: nextCount,
+            });
+        }
+        catch (err) {
+            // A counter write failure must not break an in-flight execution.
+            logger.warn({ err }, "Failed to persist Gemini request counter");
+        }
+    }
+    classifyFailure(message) {
+        if (isMaxBudgetMessage(message)) {
+            return new BackendQuotaError(this.backendId, "max_budget_usd", null, message);
+        }
+        if (/rate limit|quota|429/i.test(message)) {
+            return new BackendQuotaError(this.backendId, "rate_limited", null, message);
+        }
+        if (/authentication page|oauth|api key|login|required/i.test(message)) {
+            return new BackendDecisiveFailure(this.backendId, "auth", new Error(message));
+        }
+        if (/timed out|timeout/i.test(message)) {
+            return new BackendDecisiveFailure(this.backendId, "timeout", new Error(message));
+        }
+        return new BackendDecisiveFailure(this.backendId, "other_non_retryable", new Error(message));
+    }
+    assertWithinMaxBudget(costUsd, maxBudgetUsd, modelId) {
+        if (maxBudgetUsd === undefined || costUsd <= maxBudgetUsd) {
+            return;
+        }
+        throw new BackendQuotaError(this.backendId, "max_budget_usd", null, `Gemini CLI estimated cost $${costUsd.toFixed(4)} exceeded the per-turn budget limit $${maxBudgetUsd.toFixed(2)} for ${modelId}.`);
+    }
+    assertPromptWithinMaxBudget(prompt, maxBudgetUsd, modelId) {
+        if (maxBudgetUsd === undefined) {
+            return;
+        }
+        const estimatedUsage = {
+            inputTokens: estimateTextInputTokens(prompt),
+            outputTokens: 0,
+            cacheCreationInputTokens: 0,
+            cacheReadInputTokens: 0,
+        };
+        const { costUsd } = this.priceFetcher.estimateUsageCost({
+            backendId: this.backendId,
+            modelId,
+            usage: estimatedUsage,
+            fallbackModel: findRegisteredModel(this.backendId, modelId),
+        });
+        if (costUsd <= maxBudgetUsd) {
+            return;
+        }
+        throw new BackendQuotaError(this.backendId, "max_budget_usd", null, `Gemini CLI estimated prompt cost $${costUsd.toFixed(4)} exceeded the per-turn budget limit $${maxBudgetUsd.toFixed(2)} for ${modelId}.`);
+    }
+    /**
+     * Delegated proxy invocation — Gemini CLI path.
+     *
+     * **Result extraction**: Gemini CLI ≥ 0.40 emits structured
+     * `tool_result` events with `tool_id` correlation and a string-encoded
+     * `output` field. We capture the first `tool_result` whose `tool_id`
+     * pairs with a `tool_use` event for the requested tool name; that
+     * output (parsed JSON when possible) becomes the `toolResult`. This
+     * matches the Claude/Codex paths and is robust to Gemini Flash Lite
+     * disregarding the proxy prompt's "return raw result, do not narrate"
+     * instruction by emitting prose summaries — the prose lands in the
+     * assistant message stream, which we now ignore.
+     *
+     * **Fallback**: if no matching `tool_result` event arrives (older CLI,
+     * unexpected stream shape) we fall back to the previous text-based
+     * extraction from the final assistant message — strictly worse, but
+     * better than failing the call outright.
+     *
+     * Reachable for every integration whose registry descriptor lists a
+     * Gemini connector. As of 2026-04-26 that includes `gmail` (via the
+     * `google-workspace` extension), `google_calendar` (same extension),
+     * and `notion` (user-installed Notion MCP server registered as
+     * `notion`). Gmail and Calendar are also in `PROXY_DRIVEN_INTEGRATIONS`,
+     * so a Claude/Codex DM session with `delegatedBackend = "gemini"` for
+     * either lands here through `/api/integrations/:key/invoke`.
+     */
+    async runDelegatedTool(params) {
+        const startMs = Date.now();
+        const { toolName, toolArgs, modelId, sessionDir, abortSignal } = params;
+        if (!this.cliPath) {
+            return {
+                ok: false,
+                errorClass: "subprocess_crashed",
+                message: "gemini CLI not found on PATH",
+                cost: withDurationMs(emptyCost(), startMs),
+            };
+        }
+        const auth = await this.checkAuth();
+        if (!auth.ok) {
+            return {
+                ok: false,
+                errorClass: "auth_error",
+                message: auth.reason,
+                cost: withDurationMs(emptyCost(), startMs),
+            };
+        }
+        // Daily-request quota gate. Mirrors `runTurn` (line 480-495) — Gemini
+        // meters per-day model requests via plan-preset `dailyRequestCeiling`
+        // (900/1350/1800), and proxy invocations consume the same quota as
+        // direct execute()s. Without this gate, proxy calls would silently
+        // exceed the day cap. Counter increment lives at the end of the
+        // success path so failed proxy calls don't bias the count toward
+        // saturation. See `docs/design/09-safety-cost.md` §9.4.8.
+        const today = getAgentDayDateStr(this.config.timezone, this.config.dayBoundaryHour);
+        const ceiling = this.resolveDailyRequestCeiling();
+        if (ceiling !== null) {
+            const currentCount = this.readRequestsCount(today);
+            if (currentCount >= ceiling) {
+                return {
+                    ok: false,
+                    errorClass: "auth_error",
+                    message: `Gemini daily-request ceiling reached (${currentCount}/${ceiling}) — `
+                        + `resets at the next agent-day boundary.`,
+                    cost: withDurationMs(emptyCost(), startMs),
+                };
+            }
+        }
+        // Write the same admin policy the normal path uses so context-dir
+        // writes and pipe-chained shell commands are denied even on the
+        // proxy session. Proxy.md tells the model to call exactly one tool;
+        // the policy is belt-and-suspenders.
+        const allowMode = this.config.geminiExecutionPermissionMode === "allow";
+        const policyPath = join(sessionDir, ADMIN_POLICY_FILENAME);
+        writeFileSync(policyPath, allowMode
+            ? this.generateAllowModeMinimalPolicy()
+            : this.generateAdminPolicy({ webSearchEnabled: false }), "utf-8");
+        const prompt = buildDelegatedToolPrompt(toolName, toolArgs);
+        const args = this.buildArgs({ prompt, modelId }, policyPath);
+        let calledMatchingTool = false;
+        let wrongToolName = null;
+        let assistantDelta = "";
+        let finalAssistantMessage = "";
+        let lastError = null;
+        let resultStatus = null;
+        let stats = null;
+        // tool_use → tool_id mapping for the requested tool. Gemini sometimes
+        // calls the matching tool more than once (e.g. retries with refined
+        // args, or extra confirmation calls disregarding the prompt's
+        // "do not call other tools"). We capture every matching tool_id and
+        // keep only the first paired tool_result so the proxy returns
+        // deterministic output.
+        const matchingToolIds = new Set();
+        let capturedToolOutput = null;
+        let capturedToolStatus = null;
+        // Local aborter bridged from the caller's signal so we can also
+        // trigger an early abort on wrong-tool detection without polluting
+        // the caller's signal. Without early abort, a wrong-tool failure
+        // burns the full 180s gemini wall-clock waiting for natural
+        // completion (audit log 2026-05-01: 9.5s when subprocess completes
+        // naturally, but up to 180s when the model loops on the missing
+        // tool name). Abort caps it at ~5s.
+        const proxyAborter = new AbortController();
+        const callerAbortListener = () => {
+            proxyAborter.abort(abortSignal?.reason);
+        };
+        if (abortSignal) {
+            if (abortSignal.aborted) {
+                proxyAborter.abort(abortSignal.reason);
+            }
+            else {
+                abortSignal.addEventListener("abort", callerAbortListener, {
+                    once: true,
+                });
+            }
+        }
+        // Idle / hang watchdog. `gemini-cli` has been observed (audit log
+        // 2026-05-02 / 2026-05-03: 9 / 83 cadence calls) to lock up entirely
+        // — subprocess alive, zero stream-json output, only the 180s wall-
+        // clock fires. The idle detector trips much earlier (75s default,
+        // see `delegated-proxy-config.ts`) by treating each arrived line as
+        // a heartbeat. On trip, we abort with a `DelegatedProxyTimeoutError`
+        // so the post-loop classifier maps to `errorClass="timeout"`,
+        // identical to wall-clock — the cadence retry path stays uniform.
+        let idleTimedOut = false;
+        const idleTimeoutMs = DELEGATED_PROXY_DEFAULTS.idleTimeoutMsByBackend.gemini
+            ?? DELEGATED_PROXY_DEFAULTS.idleTimeoutMs;
+        const idleWatchdog = new IdleWatchdog({
+            idleTimeoutMs,
+            onTimeout: (idleMs) => {
+                idleTimedOut = true;
+                logger.warn({ idleMs, idleTimeoutMs, toolName }, "gemini delegated proxy idle watchdog tripped");
+                proxyAborter.abort(new DelegatedProxyTimeoutError(`gemini stream idle for ${idleMs}ms (limit ${idleTimeoutMs}ms)`));
+            },
+        });
+        try {
+            idleWatchdog.start();
+            const runResult = await runLineCommand({
+                command: this.cliPath,
+                args,
+                cwd: sessionDir,
+                env: buildDaemonApiCliEnv(sessionDir, this.config.apiPort, { sessionBackend: "gemini" }),
+                // Safety-net timeout, derived from the invoker's per-backend
+                // abort timeout (`callTimeoutMsByBackend.gemini`). We add a 60s
+                // grace window so the abort signal *always* fires first and we
+                // get a clean `timeout` errorClass instead of the watchdog's
+                // ambiguous "subprocess exceeded local safety-net timeout".
+                // Deriving rather than hard-coding prevents drift if the abort
+                // cap is later raised or lowered.
+                timeoutMs: (DELEGATED_PROXY_DEFAULTS.callTimeoutMsByBackend.gemini
+                    ?? DELEGATED_PROXY_DEFAULTS.callTimeoutMs)
+                    + 60_000,
+                abortSignal: proxyAborter.signal,
+                onStdoutLine: (line) => {
+                    idleWatchdog.beat();
+                    const event = parseJsonLine(line);
+                    if (!event?.type)
+                        return;
+                    if (event.type === "tool_use"
+                        && typeof event.tool_name === "string") {
+                        if (event.tool_name === toolName) {
+                            calledMatchingTool = true;
+                            if (typeof event.tool_id === "string") {
+                                matchingToolIds.add(event.tool_id);
+                            }
+                        }
+                        else if (wrongToolName === null) {
+                            wrongToolName = event.tool_name;
+                            // Early abort: kill the subprocess as soon as we see the
+                            // model call a tool that doesn't match `toolName`. The
+                            // post-await classifier checks `wrongToolName` BEFORE
+                            // `abortSignal?.aborted`, so the resulting failure is
+                            // attributed to wrong_tool (not cancelled).
+                            proxyAborter.abort(new Error("wrong_tool"));
+                        }
+                        return;
+                    }
+                    if (event.type === "tool_result"
+                        && typeof event.tool_id === "string"
+                        && matchingToolIds.has(event.tool_id)
+                        && capturedToolOutput === null) {
+                        capturedToolOutput =
+                            typeof event.output === "string" ? event.output : "";
+                        capturedToolStatus = event.status ?? null;
+                        return;
+                    }
+                    if (event.type === "message" && event.role === "assistant") {
+                        const content = typeof event.content === "string" ? event.content : "";
+                        if (!content)
+                            return;
+                        if (event.delta) {
+                            assistantDelta += content;
+                        }
+                        else {
+                            finalAssistantMessage = content;
+                        }
+                        return;
+                    }
+                    if (event.type === "result") {
+                        const payload = event.result ?? event;
+                        resultStatus = payload.status ?? resultStatus;
+                        stats = payload.stats ?? stats;
+                        lastError = payload.error ?? lastError;
+                    }
+                },
+                onStderrLine: (line) => {
+                    idleWatchdog.beat();
+                    if (isLikelyGeminiFailure(line)) {
+                        lastError = line.trim();
+                    }
+                },
+            });
+            const usage = normalizeGeminiUsage(stats);
+            const actualModelId = modelId;
+            const estimatedCost = this.priceFetcher.estimateUsageCost({
+                backendId: this.backendId,
+                modelId: actualModelId,
+                usage,
+                fallbackModel: findRegisteredModel(this.backendId, actualModelId),
+            });
+            const cost = withDurationMs({
+                tokensInput: usage.inputTokens,
+                tokensOutput: usage.outputTokens,
+                cacheCreationTokens: usage.cacheCreationInputTokens,
+                cacheReadTokens: usage.cacheReadInputTokens,
+                costUsd: estimatedCost.costUsd,
+                durationMs: 0,
+                numTurns: 1,
+            }, startMs);
+            // Order matters: wrong_tool is checked before the abort branch
+            // because the early-abort path (proxyAborter.abort) sets
+            // wrongToolName + triggers a kill. Without this ordering, the
+            // failure would surface as "cancelled" instead of the actual
+            // upstream cause. The idle-watchdog branch is checked AFTER
+            // wrong_tool (a wrong-tool-then-idle race should still attribute
+            // wrong_tool, since the model demonstrably misbehaved) but BEFORE
+            // the caller's abortSignal branch (idle-induced proxyAborter abort
+            // does not propagate back to abortSignal, so without this ordering
+            // an idle hang would mis-classify as `no_tool_call`).
+            if (wrongToolName !== null && !calledMatchingTool) {
+                return {
+                    ok: false,
+                    errorClass: "wrong_tool",
+                    message: `model called '${wrongToolName}' instead of requested '${toolName}'`,
+                    cost,
+                };
+            }
+            if (idleTimedOut) {
+                return {
+                    ok: false,
+                    errorClass: "timeout",
+                    message: `delegated proxy stream went idle (no gemini events for ${idleTimeoutMs}ms)`,
+                    cost,
+                };
+            }
+            if (abortSignal?.aborted) {
+                const errorClass = classifyAbortReason(abortSignal.reason);
+                return {
+                    ok: false,
+                    errorClass,
+                    message: errorClass === "timeout"
+                        ? "delegated proxy timed out (wall-clock)"
+                        : "delegated proxy cancelled by caller",
+                    cost,
+                };
+            }
+            if (runResult.timedOut) {
+                return {
+                    ok: false,
+                    errorClass: "timeout",
+                    message: "gemini subprocess exceeded local safety-net timeout",
+                    cost,
+                };
+            }
+            if (!calledMatchingTool) {
+                const failure = lastError;
+                if (failure && /unauthorized|forbidden|api key|login|auth/i.test(failure)) {
+                    return {
+                        ok: false,
+                        errorClass: "auth_error",
+                        message: failure,
+                        cost,
+                    };
+                }
+                return {
+                    ok: false,
+                    errorClass: "no_tool_call",
+                    message: failure
+                        ?? `model did not invoke '${toolName}' (resultStatus=${resultStatus ?? "unknown"})`,
+                    cost,
+                };
+            }
+            // Preferred path: structured tool_result captured from the stream.
+            // Reliable across Gemini Flash Lite's prose-narration tendency
+            // because we ignore the assistant message and use the connector's
+            // raw output verbatim.
+            if (capturedToolOutput !== null) {
+                if (capturedToolStatus === "error") {
+                    // Gemini CLI surfaces an MCP-tool-name-not-in-registry condition
+                    // as a tool_result with `status="error"` and an output starting
+                    // `Tool "<name>" not found. Did you mean…`. This is a transient
+                    // CLI-side registry miss (extension MCP server cold-start race
+                    // observed when the cadence worker's first tick fires <10s after
+                    // an integration switches to `delegated` — the host's
+                    // google-workspace MCP hasn't completed handshake yet, so the
+                    // model's tool_use lands on an empty registry). It is NOT a
+                    // real connector error from the upstream API, so we classify it
+                    // distinctly and let `delegated-sync-worker`'s retry policy
+                    // bounce once with a delay; the second attempt finds the tool
+                    // registered.
+                    if (isToolNotRegisteredError(capturedToolOutput, toolName)) {
+                        return {
+                            ok: false,
+                            errorClass: "tool_not_registered",
+                            message: capturedToolOutput,
+                            cost,
+                        };
+                    }
+                    return {
+                        ok: false,
+                        errorClass: "tool_error",
+                        message: capturedToolOutput || "tool returned error",
+                        cost,
+                    };
+                }
+                this.incrementRequestsCount(today);
+                return {
+                    ok: true,
+                    toolResult: tryParseToolResult(capturedToolOutput),
+                    cost,
+                };
+            }
+            // Fallback: text-based extraction from the assistant message.
+            // Reached when the CLI's stream-json schema doesn't emit
+            // tool_result events (older versions) or when the matching
+            // tool_use never paired with a tool_result for some reason.
+            //
+            // Warn so production can detect CLI version drift — silent fallback
+            // is what produced the original Flash Lite "narrate-the-result"
+            // bug. If this warning starts firing, audit the CLI version.
+            logger.warn({
+                integrationKey: params.integrationKey,
+                toolName,
+                backendId: this.backendId,
+                modelId,
+                matchingToolUseCount: matchingToolIds.size,
+            }, "Gemini delegated proxy fell back to assistant-text extraction — no paired tool_result event captured. Audit CLI stream schema if this fires regularly.");
+            const resultText = finalAssistantMessage.trim().length > 0
+                ? finalAssistantMessage.trim()
+                : assistantDelta.trim();
+            if (resultText.length === 0) {
+                return {
+                    ok: false,
+                    errorClass: "parse_error",
+                    message: "gemini emitted matching tool_use but no tool_result event and no assistant text to extract result from",
+                    cost,
+                };
+            }
+            // resultStatus === "error" with content present is a connector
+            // tool_error path — surface the message verbatim per proxy.md.
+            if (resultStatus === "error") {
+                return {
+                    ok: false,
+                    errorClass: "tool_error",
+                    message: resultText,
+                    cost,
+                };
+            }
+            // Bump the per-agent-day counter on the success path only, mirroring
+            // `runTurn` line 720. Proxy success consumes one Gemini request
+            // (turn-level approximation; tool fanout still counts as one,
+            // matching the existing accounting).
+            this.incrementRequestsCount(today);
+            return {
+                ok: true,
+                toolResult: tryParseToolResult(resultText),
+                cost,
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            const cost = withDurationMs(emptyCost(), startMs);
+            if (abortSignal?.aborted) {
+                return {
+                    ok: false,
+                    errorClass: classifyAbortReason(abortSignal.reason),
+                    message,
+                    cost,
+                };
+            }
+            return { ok: false, errorClass: "subprocess_crashed", message, cost };
+        }
+        finally {
+            // Stop the idle watchdog before listener cleanup so a late-firing
+            // poll cannot abort an already-resolved subprocess.
+            idleWatchdog.stop();
+            // Drop the listener regardless of how the call resolved so a
+            // long-lived caller signal doesn't accumulate references across
+            // back-to-back proxy invocations.
+            if (abortSignal && !abortSignal.aborted) {
+                abortSignal.removeEventListener("abort", callerAbortListener);
+            }
+        }
+    }
+    /**
+     * DELEGATED-TASK-MODE-DESIGN.md §9.3 — Gemini CLI task mode.
+     *
+     * The admin policy is rebuilt per-request as a tightly-scoped task-only
+     * surface (not the full strict/allow generators):
+     *   - catch-all deny at priority 1
+     *   - per-task allow rules at priority 920 for each tool in `allowedTools`
+     *   - destructive denies at priority 998 (when allowDestructive=false)
+     *   - absolute-block at priority 999
+     * No shell or file allows — task mode runs MCP tools only.
+     *
+     * Stream parsing tracks `tool_use` / `tool_result` pairs to populate the
+     * trace, counts assistant turns for the §8.3 Gemini per-day request
+     * counter, and aborts on `maxToolCalls` overrun or any tool not in
+     * `allowedTools` (defense-in-depth past the admin TOML).
+     */
+    async runDelegatedTask(params) {
+        const startMs = Date.now();
+        const { systemPrompt, allowedTools, destructiveTools, writeClassTools, modelId, maxToolCalls, sessionDir, abortSignal, onToolStep, allowDestructive, } = params;
+        const trace = [];
+        let writeClassToolFired = false;
+        // §6.2 / §7.4 — match against the *write-class* set (destructive ∪
+        // reversible writes), not just destructive. Otherwise reversible
+        // write tools like `create_draft` slip past the retry guard and the
+        // single retry creates a duplicate side effect.
+        //
+        // Phase 1 (`/exec`) entries are fully-qualified exact names; Phase 2
+        // (`/api/delegated/run`) may pass `*`-suffixed glob patterns. The shared
+        // `matchRunAllowedToolPattern` helper covers both shapes — exact equality
+        // OR trailing-`*` prefix match — so the same matcher applies to the
+        // allowed-tool guard further down (§9.3 stream-level enforcement).
+        const writeClassMatcher = (name) => writeClassTools.some((pattern) => matchRunAllowedToolPattern(pattern, name));
+        if (!this.cliPath) {
+            return {
+                ok: false,
+                errorClass: "subprocess_crashed",
+                message: "gemini CLI not found on PATH",
+                cost: withDurationMs(emptyCost(), startMs),
+                trace,
+                writeClassToolFired,
+            };
+        }
+        const auth = await this.checkAuth();
+        if (!auth.ok) {
+            return {
+                ok: false,
+                errorClass: "auth_error",
+                message: auth.reason,
+                cost: withDurationMs(emptyCost(), startMs),
+                trace,
+                writeClassToolFired,
+            };
+        }
+        // §8.3 — pre-spawn daily-request gate. Mirrors runDelegatedTool because
+        // task mode consumes the same daily budget.
+        const today = getAgentDayDateStr(this.config.timezone, this.config.dayBoundaryHour);
+        const ceiling = this.resolveDailyRequestCeiling();
+        if (ceiling !== null) {
+            const currentCount = this.readRequestsCount(today);
+            if (currentCount >= ceiling) {
+                return {
+                    ok: false,
+                    errorClass: "auth_error",
+                    message: `Gemini daily-request ceiling reached (${currentCount}/${ceiling}) — `
+                        + `resets at the next agent-day boundary.`,
+                    cost: withDurationMs(emptyCost(), startMs),
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+        }
+        const policyPath = join(sessionDir, ADMIN_POLICY_FILENAME);
+        writeFileSync(policyPath, this.generateTaskModePolicy({
+            allowedTools,
+            destructiveTools: allowDestructive ? [] : destructiveTools,
+        }), "utf-8");
+        const args = this.buildArgs({ prompt: systemPrompt, modelId }, policyPath);
+        const pendingByUseId = new Map();
+        let toolCallCount = 0;
+        let loopAborted = false;
+        let assistantDelta = "";
+        let finalAssistantMessage = "";
+        let lastError = null;
+        let resultStatus = null;
+        let stats = null;
+        let policyViolationTool = null;
+        let assistantTurns = 0;
+        const aborter = new AbortController();
+        const callerListener = () => aborter.abort(abortSignal?.reason);
+        if (abortSignal) {
+            if (abortSignal.aborted) {
+                aborter.abort(abortSignal.reason);
+            }
+            else {
+                abortSignal.addEventListener("abort", callerListener, { once: true });
+            }
+        }
+        // §9.3 — stream-level allowed-tools guard. `allowedTools` may carry
+        // Phase 2 (`/api/delegated/run`) trailing-`*` glob patterns
+        // (DELEGATED-TASK-MODE-DESIGN.md §4.2), so an exact-equality `Set.has`
+        // would silently reject every glob-admitted call as `policy_violation`.
+        // The Gemini admin policy TOML at priority 920 honors the same glob
+        // shape upstream (verified against the gemini-cli policy engine docs);
+        // the daemon-side guard mirrors that semantics so the two layers agree.
+        // Phase 1 (`/exec`) entries are fully-qualified exact names — the
+        // exact-equality fast path inside `matchRunAllowedToolPattern` covers
+        // them at one comparison.
+        const isAllowedTool = (name) => allowedTools.some((pattern) => matchRunAllowedToolPattern(pattern, name));
+        // `destructiveTools` is fully-qualified exact names from the registry
+        // (Phase 1 only — Phase 2 passes `[]`), so a Set lookup is correct here
+        // and stays O(1).
+        const destructiveSet = allowDestructive
+            ? new Set()
+            : new Set(destructiveTools);
+        try {
+            const runResult = await runLineCommand({
+                command: this.cliPath,
+                args,
+                cwd: sessionDir,
+                env: buildDaemonApiCliEnv(sessionDir, this.config.apiPort, { sessionBackend: "gemini" }),
+                timeoutMs: (DELEGATED_PROXY_DEFAULTS.callTimeoutMsByBackend.gemini
+                    ?? DELEGATED_PROXY_DEFAULTS.callTimeoutMs)
+                    + 60_000,
+                abortSignal: aborter.signal,
+                onStdoutLine: (line) => {
+                    const event = parseJsonLine(line);
+                    if (!event?.type)
+                        return;
+                    if (event.type === "tool_use" && typeof event.tool_name === "string") {
+                        const toolName = event.tool_name;
+                        if (!isAllowedTool(toolName) || destructiveSet.has(toolName)) {
+                            policyViolationTool = toolName;
+                            loopAborted = true;
+                            aborter.abort(new Error("policy_violation"));
+                            return;
+                        }
+                        toolCallCount += 1;
+                        if (toolCallCount > maxToolCalls) {
+                            loopAborted = true;
+                            aborter.abort(new Error("loop_aborted"));
+                            return;
+                        }
+                        if (writeClassMatcher(toolName)) {
+                            writeClassToolFired = true;
+                        }
+                        if (typeof event.tool_id === "string") {
+                            pendingByUseId.set(event.tool_id, {
+                                name: toolName,
+                                args: event.args ?? null,
+                                startedAt: Date.now(),
+                            });
+                        }
+                        return;
+                    }
+                    if (event.type === "tool_result"
+                        && typeof event.tool_id === "string") {
+                        const pending = pendingByUseId.get(event.tool_id);
+                        if (!pending)
+                            return;
+                        pendingByUseId.delete(event.tool_id);
+                        const status = event.status === "error" ? "error" : "ok";
+                        // `event.output` is a string-encoded tool result (the
+                        // google-workspace extension and most other connectors
+                        // serialize JSON responses to text). Try to parse so the
+                        // response-shape walker downstream can pluck ids; fall back
+                        // to the raw string when parsing fails (free-form text
+                        // replies).
+                        let parsedToolResult;
+                        if (typeof event.output === "string") {
+                            try {
+                                parsedToolResult = JSON.parse(event.output);
+                            }
+                            catch {
+                                parsedToolResult = event.output;
+                            }
+                        }
+                        const step = {
+                            toolName: pending.name,
+                            toolArgs: pending.args,
+                            durationMs: Date.now() - pending.startedAt,
+                            status,
+                            costUsd: null,
+                            tokensInput: null,
+                            tokensOutput: null,
+                            toolResult: parsedToolResult,
+                        };
+                        trace.push(step);
+                        onToolStep?.(step);
+                        return;
+                    }
+                    if (event.type === "message" && event.role === "assistant") {
+                        assistantTurns += 1;
+                        const content = typeof event.content === "string" ? event.content : "";
+                        if (!content)
+                            return;
+                        if (event.delta) {
+                            assistantDelta += content;
+                        }
+                        else {
+                            finalAssistantMessage = content;
+                        }
+                        return;
+                    }
+                    if (event.type === "result") {
+                        const payload = event.result ?? event;
+                        resultStatus = payload.status ?? resultStatus;
+                        stats = payload.stats ?? stats;
+                        lastError = payload.error ?? lastError;
+                    }
+                },
+                onStderrLine: (line) => {
+                    if (isLikelyGeminiFailure(line)) {
+                        lastError = line.trim();
+                    }
+                },
+            });
+            const usage = normalizeGeminiUsage(stats);
+            const estimatedCost = this.priceFetcher.estimateUsageCost({
+                backendId: this.backendId,
+                modelId,
+                usage,
+                fallbackModel: findRegisteredModel(this.backendId, modelId),
+            });
+            const cost = withDurationMs({
+                tokensInput: usage.inputTokens,
+                tokensOutput: usage.outputTokens,
+                cacheCreationTokens: usage.cacheCreationInputTokens,
+                cacheReadTokens: usage.cacheReadInputTokens,
+                costUsd: estimatedCost.costUsd,
+                durationMs: 0,
+                numTurns: assistantTurns,
+            }, startMs);
+            // §8.3 per-turn counter — increment once per assistant message
+            // observed (turn-level approximation matching Google's billing
+            // surface).
+            for (let i = 0; i < assistantTurns; i++) {
+                this.incrementRequestsCount(today);
+            }
+            if (policyViolationTool) {
+                return {
+                    ok: false,
+                    errorClass: "policy_violation",
+                    message: `subprocess attempted to call '${policyViolationTool}' which is outside the per-task allowlist`,
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            if (loopAborted) {
+                return {
+                    ok: false,
+                    errorClass: "loop_aborted",
+                    message: `subprocess exceeded maxToolCalls=${maxToolCalls}`,
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            if (abortSignal?.aborted) {
+                const errorClass = classifyAbortReason(abortSignal.reason);
+                return {
+                    ok: false,
+                    errorClass,
+                    message: errorClass === "timeout"
+                        ? "delegated task timed out (wall-clock)"
+                        : "delegated task cancelled by caller",
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            if (runResult.timedOut) {
+                return {
+                    ok: false,
+                    errorClass: "timeout",
+                    message: "gemini subprocess exceeded local safety-net timeout",
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            const finalText = finalAssistantMessage.trim().length > 0
+                ? finalAssistantMessage.trim()
+                : assistantDelta.trim();
+            if (finalText.length === 0) {
+                const failure = lastError;
+                if (failure && /unauthorized|forbidden|api key|login|auth/i.test(failure)) {
+                    return {
+                        ok: false,
+                        errorClass: "auth_error",
+                        message: failure,
+                        cost,
+                        trace,
+                        writeClassToolFired,
+                    };
+                }
+                return {
+                    ok: false,
+                    errorClass: "parse_error",
+                    message: failure
+                        ?? `gemini emitted no final assistant message (resultStatus=${resultStatus ?? "unknown"})`,
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            return {
+                ok: true,
+                rawAssistantText: finalText,
+                cost,
+                trace,
+                writeClassToolFired,
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            const cost = withDurationMs(emptyCost(), startMs);
+            if (abortSignal?.aborted || aborter.signal.aborted) {
+                return {
+                    ok: false,
+                    errorClass: classifyAbortReason(abortSignal?.reason ?? aborter.signal.reason),
+                    message,
+                    cost,
+                    trace,
+                    writeClassToolFired,
+                };
+            }
+            return {
+                ok: false,
+                errorClass: "subprocess_crashed",
+                message,
+                cost,
+                trace,
+                writeClassToolFired,
+            };
+        }
+        finally {
+            if (abortSignal) {
+                abortSignal.removeEventListener("abort", callerListener);
+            }
+        }
+    }
+    /**
+     * DELEGATED-TASK-MODE-DESIGN.md §9.3 — task-mode admin policy. Tightly
+     * scoped: catch-all deny at priority 1, per-task allow rules at 920,
+     * destructive denies at 998, absolute-block at 999. No shell or file
+     * allows — the task subprocess only needs MCP tool calls.
+     */
+    generateTaskModePolicy(args) {
+        const parts = [];
+        parts.push(`# ${APP_NAME} task-mode admin policy (auto-generated)`, "# DELEGATED-TASK-MODE-DESIGN.md §9.3", "", "# Catch-all deny", "[[rule]]", 'toolName = "*"', 'decision = "deny"', 'denyMessage = "Tool not in the per-task allowlist."', "priority = 1", "");
+        if (args.destructiveTools.length > 0) {
+            parts.push("# Destructive tools — denied at priority 998 (allowDestructive=false)");
+            for (const tool of args.destructiveTools) {
+                parts.push("[[rule]]", `toolName = ${JSON.stringify(tool)}`, 'decision = "deny"', 'denyMessage = "Destructive tool denied — caller did not pass allowDestructive=true."', "priority = 998", "");
+            }
+        }
+        if (args.allowedTools.length > 0) {
+            parts.push("# Per-task allowed tools (priority 920)");
+            for (const tool of args.allowedTools) {
+                parts.push("[[rule]]", `toolName = ${JSON.stringify(tool)}`, 'decision = "allow"', "priority = 920", "");
+            }
+        }
+        parts.push(this.buildAbsoluteBlockRules());
+        return parts.join("\n");
+    }
+}
+function isMaxBudgetMessage(message) {
+    return /max(?:imum)? budget|max_budget_usd|budget limit|per-turn budget/i.test(message);
+}
+function normalizeGeminiUsage(stats) {
+    if (!stats) {
+        return { ...EMPTY_USAGE };
+    }
+    const totalInputTokens = readNumber(stats.input_tokens);
+    const cacheReadInputTokens = readNumber(stats.cached);
+    return {
+        inputTokens: nonCachedInputTokens(totalInputTokens, cacheReadInputTokens),
+        outputTokens: readNumber(stats.output_tokens),
+        cacheCreationInputTokens: 0,
+        cacheReadInputTokens,
+    };
+}
+function buildGeminiModelUsage(priceFetcher, stats) {
+    if (!stats?.models) {
+        return { modelUsage: {}, costSource: "hardcoded" };
+    }
+    const usage = {};
+    let allFromLitellm = true;
+    for (const [modelId, modelStats] of Object.entries(stats.models)) {
+        const cacheReadInputTokens = readNumber(modelStats.cached);
+        const normalized = {
+            inputTokens: nonCachedInputTokens(readNumber(modelStats.input_tokens), cacheReadInputTokens),
+            outputTokens: readNumber(modelStats.output_tokens),
+            cacheCreationInputTokens: 0,
+            cacheReadInputTokens,
+        };
+        const priceEstimate = priceFetcher.estimateUsageCost({
+            backendId: "gemini",
+            modelId,
+            usage: normalized,
+            fallbackModel: findRegisteredModel("gemini", modelId),
+        });
+        usage[modelId] = {
+            inputTokens: normalized.inputTokens,
+            outputTokens: normalized.outputTokens,
+            costUsd: priceEstimate.costUsd,
+        };
+        if (priceEstimate.costSource !== "litellm") {
+            allFromLitellm = false;
+        }
+    }
+    return {
+        modelUsage: usage,
+        costSource: allFromLitellm ? "litellm" : "hardcoded",
+    };
+}
+function nonCachedInputTokens(totalInputTokens, cacheReadInputTokens, cacheCreationInputTokens = 0) {
+    return Math.max(totalInputTokens - cacheReadInputTokens - cacheCreationInputTokens, 0);
+}
+function resolveActualGeminiModel(requestedModel, modelUsage) {
+    const [firstModel] = Object.keys(modelUsage);
+    return firstModel ?? requestedModel;
+}
+function isLikelyGeminiFailure(line) {
+    return /error|failed|authentication|oauth|api key|quota|rate limit/i.test(line);
+}
+/**
+ * Detect Gemini CLI's "tool name not in registry" tool_result error pattern.
+ *
+ * Format produced by `getToolSuggestion` in @google/gemini-cli (verified
+ * 2026-05-04 against bundle 0.40.1):
+ *   `Tool "<name>" not found. Did you mean one of: "<a>", "<b>"?`  (≥2 hits)
+ *   `Tool "<name>" not found. Did you mean "<a>"?`                  (1 hit)
+ *
+ * The expected `toolName` is included in the literal because we want to
+ * avoid false positives — a connector tool that itself happens to emit a
+ * "not found" message about some upstream resource (e.g. a Notion page
+ * not_found error) should NOT be reclassified as transient.
+ */
+export function isToolNotRegisteredError(output, expectedToolName) {
+    if (typeof output !== "string" || output.length === 0)
+        return false;
+    const escapedName = expectedToolName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    return new RegExp(`^Tool "${escapedName}" not found\\. Did you mean`).test(output);
+}
+function firstFailureLine(lines) {
+    const line = lines.find((candidate) => isLikelyGeminiFailure(candidate));
+    return line?.trim() ?? null;
+}
+function readNumber(value) {
+    return typeof value === "number" && Number.isFinite(value) ? value : 0;
+}
+/**
+ * Parse `PA_GEMINI_OAUTH_GRACE_HOURS`. Returns `fallback` for undefined
+ * or malformed values; a parseable 0 disables the grace entirely (the
+ * intended escape hatch once the upstream CLI bug is fixed).
+ */
+function parseGraceHours(value, fallback) {
+    if (value === undefined)
+        return fallback;
+    const n = Number(value);
+    if (!Number.isFinite(n) || n < 0)
+        return fallback;
+    return n;
+}
+/**
+ * Append `@<relativePath>` tokens for every staged attachment to the tail
+ * of the Gemini prompt. Gemini CLI v0.37+ expands these in non-interactive
+ * mode by reading the file bytes and inlining them as multimodal content.
+ *
+ * The bracketed `[Attached files]` text block composed by the dispatcher
+ * still describes what each file is; this helper only adds the
+ * machine-readable `@`-tokens the CLI looks for. Kept on a single trailing
+ * line so prompt hashing / diff comparisons remain stable when the list is
+ * empty.
+ *
+ * Pure — exported for unit testing.
+ */
+export function appendGeminiAttachmentTokens(prompt, staged) {
+    if (!staged || staged.length === 0)
+        return prompt;
+    const tokens = staged.map((att) => `@${att.relativePath}`).join(" ");
+    return `${prompt}\n\n${tokens}`;
+}
+/**
+ * Read a Gemini config file (extension manifest or settings.json) and
+ * collect every key under `mcpServers`. Tolerant of missing keys, malformed
+ * JSON, and non-object payloads — best-effort host scan, not validation.
+ *
+ * Exported for unit testing.
+ */
+export function collectMcpServerNames(filePath, out) {
+    let raw;
+    try {
+        raw = readFileSync(filePath, "utf-8");
+    }
+    catch {
+        return;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return;
+    }
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
+        return;
+    const mcpServers = parsed.mcpServers;
+    // typeof null === "object" and typeof [] === "object" — guard both. A
+    // user who hand-edited settings.json with `mcpServers: [{...}]` (array
+    // instead of dict) would otherwise have `Object.keys` return numeric
+    // index strings ("0", "1") that get added as bogus server names.
+    if (!mcpServers
+        || typeof mcpServers !== "object"
+        || Array.isArray(mcpServers)) {
+        return;
+    }
+    for (const name of Object.keys(mcpServers)) {
+        out.add(name);
+    }
+}
+/**
+ * Extract the MCP server name from a Gemini-convention `toolNamespace`.
+ * Gemini's MCP namespace is `mcp_<server>_<rest>`, so the server name is
+ * everything between the first `_` and the second `_` after the `mcp_`
+ * prefix. Returns null if the namespace is not Gemini-shaped.
+ *
+ * Examples:
+ *   `mcp_google-workspace_gmail.` → `google-workspace`
+ *   `mcp_notion_`                 → `notion`
+ *   `mcp__claude_ai_Gmail__`      → null  (Claude double-underscore form)
+ *
+ * Exported for unit testing.
+ */
+export function extractGeminiServerName(toolNamespace) {
+    if (!toolNamespace.startsWith("mcp_"))
+        return null;
+    // Reject Claude / Codex double-underscore namespaces — they begin with
+    // `mcp__` which also starts with `mcp_`. Single-underscore is the
+    // distinguishing trait of Gemini's convention.
+    if (toolNamespace.startsWith("mcp__"))
+        return null;
+    const rest = toolNamespace.slice("mcp_".length);
+    const sep = rest.indexOf("_");
+    if (sep === -1)
+        return rest.length > 0 ? rest : null;
+    return sep === 0 ? null : rest.slice(0, sep);
+}
+//# sourceMappingURL=gemini-cli-core.js.map