@anna-ai/cli 0.1.23 → 0.1.27

package/dist/{executa-dev-DFp1ckAn.js → executa-dev-BOo6xpVy.js}

@@ -1,4 +1,5 @@
-import { parseExecutaSpec } from "./dev-CyFATq6R.js";
+import "./nexus-root-BlPwOusj.js";
+import { parseExecutaSpec } from "./dev-DGTtVCNj.js";
 import { isAbsolute, resolve } from "node:path";
 import { existsSync } from "node:fs";
 import { bold, cyan, dim, green, red, yellow } from "kleur/colors";
@@ -33,8 +34,8 @@ async function runExecutaDev(opts) {
 	}
 	const oneShot = !!(opts.describe || opts.health || opts.invoke);
 	const quiet = oneShot && (opts.json ?? false);
-	const { getAccount } = await import("./credentials-DklPMD22.js");
-	const { ensureDevExecutaRegistered } = await import("./dev-app-cache-DMQLQ93-.js");
+	const { getAccount } = await import("./credentials-Chkoidh5.js");
+	const { ensureDevExecutaRegistered } = await import("./dev-app-cache-TSjL4D4n.js");
 	const needsRealMint = !opts.noSampling && !opts.mockSampling || !opts.noAgent && !opts.mockAgent || !opts.noImage && !opts.mockImage || !opts.noUpload && !opts.mockUpload || opts.storage === "real";
 	let effectiveAppSlug = opts.appSlug;
 	let autoRegistered = false;
@@ -56,7 +57,7 @@ async function runExecutaDev(opts) {
 			}
 		}
 	}
-	const { SamplingBridge } = await import("./sampling-finZ8aNJ.js");
+	const { SamplingBridge } = await import("./sampling-BcML4teS.js");
 	const sampling = opts.noSampling ? new SamplingBridge({ mode: "off" }) : opts.mockSampling ? new SamplingBridge({
 		mode: "mock",
 		mockFile: opts.mockSampling
@@ -65,7 +66,7 @@ async function runExecutaDev(opts) {
 		account: opts.samplingAccount,
 		appSlug: effectiveAppSlug
 	}) : new SamplingBridge({ mode: "off" });
-	const { AgentBridge } = await import("./agent-DyXJhaZ0.js");
+	const { AgentBridge } = await import("./agent-CaZVCPs6.js");
 	const agent = opts.noAgent ? new AgentBridge({ mode: "off" }) : opts.mockAgent ? new AgentBridge({
 		mode: "mock",
 		mockFile: opts.mockAgent
@@ -74,7 +75,7 @@ async function runExecutaDev(opts) {
 		account: opts.agentAccount ?? opts.samplingAccount,
 		appSlug: effectiveAppSlug
 	}) : new AgentBridge({ mode: "off" });
-	const { StorageBridge } = await import("./storage-BCj754in.js");
+	const { StorageBridge } = await import("./storage-CKTmE87u.js");
 	const storageMode = opts.storage ?? (opts.mockStorage ? "mock" : "memory");
 	const storage = new StorageBridge({
 		mode: storageMode,
@@ -84,8 +85,8 @@ async function runExecutaDev(opts) {
 		scopes: opts.storageScopes ? opts.storageScopes.split(",").map((s) => s.trim()).filter(Boolean) : void 0,
 		pluginName: parsed.tool_id
 	});
-	const { ExecutaRunner } = await import("./runner-4-ugGH5e.js");
-	const { ImageBridge } = await import("./image-CBSlNb-9.js");
+	const { ExecutaRunner } = await import("./runner-BuYbm-ex.js");
+	const { ImageBridge } = await import("./image-CSEXEfD-.js");
 	const image = opts.noImage ? new ImageBridge({ mode: "off" }) : opts.mockImage ? new ImageBridge({
 		mode: "mock",
 		mockFile: opts.mockImage
@@ -94,7 +95,7 @@ async function runExecutaDev(opts) {
 		account: opts.imageAccount ?? opts.samplingAccount,
 		appSlug: effectiveAppSlug
 	}) : new ImageBridge({ mode: "off" });
-	const { HostUploadBridge } = await import("./host_upload-wKM0jQoL.js");
+	const { HostUploadBridge } = await import("./host_upload-BXeHTgJs.js");
 	const hostUpload = opts.noUpload ? new HostUploadBridge({ mode: "off" }) : opts.mockUpload ? new HostUploadBridge({
 		mode: "mock",
 		mockFile: opts.mockUpload

package/dist/{executa-install-DnBG8UJA.js → executa-install-BGirXLX5.js}

@@ -1,5 +1,5 @@
-import { readExecutaIdentity } from "./executa-cache-BFoUtb4J.js";
-import { parseExecutaSpec } from "./dev-CyFATq6R.js";
+import { readExecutaIdentity } from "./executa-cache-CXiEgFZY.js";
+import { parseExecutaSpec } from "./dev-DGTtVCNj.js";
 import { isAbsolute, join, resolve } from "node:path";
 import { chmodSync, existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { bold, cyan, dim, green, red, yellow } from "kleur/colors";

package/dist/executa-install-Cuq0Y_H4.js

@@ -0,0 +1,7 @@
+import "./credentials-BTv2IfUZ.js";
+import "./nexus-root-BlPwOusj.js";
+import "./executa-cache-CXiEgFZY.js";
+import "./dev-DGTtVCNj.js";
+import { runExecutaInstall } from "./executa-install-BGirXLX5.js";
+
+export { runExecutaInstall };

package/dist/{executa-publish-BKFq6Hz9.js → executa-publish-CkPAB34b.js}

@@ -1,9 +1,9 @@
 import { canonicalHost } from "./credentials-BTv2IfUZ.js";
-import { CliError } from "./client-Dn9zThOd.js";
-import { commitDraft, createDraft, getMySkill, getMyTool, listToolVersions, publishToolVersion, setSkillVisibility, setToolVisibility, updateMySkill, updateMyTool } from "./executas-Cep6KEo0.js";
-import { executaCacheMatches, invalidateExecutaCache, mintIdempotencyKey, readExecutaIdentity, writeExecutaIdentity } from "./executa-cache-BFoUtb4J.js";
-import { loadExecutaManifest } from "./manifest-hXWnNFHE.js";
-import { resolveClient, withErrorHandling } from "./_lifecycle-shared-sbea9HtH.js";
+import { CliError } from "./client-D-_z1ALk.js";
+import { commitDraft, createDraft, getMySkill, getMyTool, listToolVersions, publishToolVersion, setSkillVisibility, setToolVisibility, updateMySkill, updateMyTool } from "./executas-CK3er6f9.js";
+import { executaCacheMatches, invalidateExecutaCache, mintIdempotencyKey, readExecutaIdentity, writeExecutaIdentity } from "./executa-cache-CXiEgFZY.js";
+import { loadExecutaManifest } from "./manifest-Bljz8Y6T.js";
+import { resolveClient, withErrorHandling } from "./_lifecycle-shared-BpSOfVCP.js";
 import { join, relative, resolve, sep } from "node:path";
 import { readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
 import { bold, cyan, dim, green, yellow } from "kleur/colors";

package/dist/executa-publish-IXWSwva0.js

@@ -0,0 +1,9 @@
+import "./credentials-BTv2IfUZ.js";
+import "./client-D-_z1ALk.js";
+import "./executas-CK3er6f9.js";
+import "./executa-cache-CXiEgFZY.js";
+import { runExecutaPublish } from "./executa-publish-CkPAB34b.js";
+import "./manifest-Bljz8Y6T.js";
+import "./_lifecycle-shared-BpSOfVCP.js";
+
+export { runExecutaPublish };

package/dist/{executa-reads-cd-8ZRjI.js → executa-reads-CjGZq1yP.js}

@@ -1,7 +1,7 @@
 import "./credentials-BTv2IfUZ.js";
-import { CliError } from "./client-Dn9zThOd.js";
-import { getMyTool, listMyTools, listToolVersions } from "./executas-Cep6KEo0.js";
-import { resolveClient, withErrorHandling } from "./_lifecycle-shared-sbea9HtH.js";
+import { CliError } from "./client-D-_z1ALk.js";
+import { getMyTool, listMyTools, listToolVersions } from "./executas-CK3er6f9.js";
+import { resolveClient, withErrorHandling } from "./_lifecycle-shared-BpSOfVCP.js";
 import { bold, cyan, dim, green } from "kleur/colors";
 
 //#region src/commands/executa-reads.ts

package/dist/{manifest-hXWnNFHE.js → manifest-Bljz8Y6T.js}

@@ -1,4 +1,4 @@
-import { CliError } from "./client-Dn9zThOd.js";
+import { CliError } from "./client-D-_z1ALk.js";
 import { resolve } from "node:path";
 import { existsSync, readFileSync } from "node:fs";
 

package/dist/nexus-root-BlPwOusj.js

@@ -0,0 +1,49 @@
+import { dirname, isAbsolute, resolve } from "node:path";
+import { existsSync } from "node:fs";
+
+//#region src/nexus-root.ts
+/**
+* Resolve an absolute matrix-nexus root, or null if none is found.
+*
+* Search order (first hit wins):
+*   1. `explicit` (the `--matrix-nexus-root` flag).
+*   2. `$ANNA_NEXUS_ROOT`.
+*   3. Walk up from `cwd`.
+*   4. Sibling `../matrix-nexus`.
+*
+* A candidate qualifies only if it contains
+* `packages/anna-app-runtime-local/pyproject.toml` (the marker that also
+* gates `nexus-source` runtime mode), so the three escape hatches can
+* never disagree on what counts as "a matrix-nexus checkout".
+*/
+function findMatrixNexusRoot(explicit, cwd) {
+	const candidates = [explicit, process.env.ANNA_NEXUS_ROOT];
+	let dir = cwd;
+	while (true) {
+		candidates.push(dir);
+		const parent = dirname(dir);
+		if (parent === dir) break;
+		dir = parent;
+	}
+	candidates.push(resolve(cwd, "..", "matrix-nexus"));
+	for (const c of candidates) {
+		if (!c) continue;
+		const abs = isAbsolute(c) ? c : resolve(cwd, c);
+		if (existsSync(resolve(abs, "packages/anna-app-runtime-local/pyproject.toml"))) return abs;
+	}
+	return null;
+}
+/**
+* Locate the in-tree `@anna-ai/app-schema` bundle inside a matrix-nexus
+* root, or null if it is absent / not built. The returned dir is suitable
+* for `ANNA_APP_SCHEMA_DIR` / `loadSchemaBundle`'s override so contributors
+* can `validate` against an UNPUBLISHED schema bump without waiting for the
+* npm push — parity with the runtime/SDK nexus-source hatches.
+*/
+function nexusSchemaDir(root) {
+	const dir = resolve(root, "packages", "anna-app-schema");
+	return existsSync(resolve(dir, "dispatcher_version.txt")) ? dir : null;
+}
+
+//#endregion
+export { findMatrixNexusRoot, nexusSchemaDir };

package/dist/{publish-R3JAl9Hm.js → publish-BYWuujP3.js}

@@ -1,15 +1,15 @@
 import "./credentials-BTv2IfUZ.js";
-import "./apps-B1Nd8l_t.js";
-import { CliError } from "./client-Dn9zThOd.js";
-import "./bundled-executas-BNOKw4kv.js";
-import "./executas-Cep6KEo0.js";
-import "./executa-cache-BFoUtb4J.js";
-import { runExecutaPublish } from "./executa-publish-BKFq6Hz9.js";
-import "./manifest-hXWnNFHE.js";
-import { withErrorHandling } from "./_lifecycle-shared-sbea9HtH.js";
-import "./app-cache-TcmbIIuL.js";
-import "./app-bundle-upload-Cd4ci4rB.js";
-import { runAppsPublish } from "./apps-publish-U_Y7svJw.js";
+import "./apps-CCdtLmxQ.js";
+import { CliError } from "./client-D-_z1ALk.js";
+import "./bundled-executas-B6b8gIfp.js";
+import "./executas-CK3er6f9.js";
+import "./executa-cache-CXiEgFZY.js";
+import { runExecutaPublish } from "./executa-publish-CkPAB34b.js";
+import "./manifest-Bljz8Y6T.js";
+import { withErrorHandling } from "./_lifecycle-shared-BpSOfVCP.js";
+import "./app-cache-Bl7cE5fm.js";
+import "./app-bundle-upload-BhAYo6yj.js";
+import { runAppsPublish } from "./apps-publish-Dgi4lBlu.js";
 import { resolve } from "node:path";
 import { existsSync } from "node:fs";
 import { red, yellow } from "kleur/colors";

package/dist/{server-BzfmXVJD.js → server-D7zabdJY.js}

@@ -1,5 +1,5 @@
 import { canonicalHost, getAccount } from "./credentials-BTv2IfUZ.js";
-import { BridgeRequestError } from "./bridge-CBew_Ytl.js";
+import { BridgeRequestError } from "./bridge-DAY7bsje.js";
 import { dirname, join, normalize, resolve } from "node:path";
 import { createRequire } from "node:module";
 import { createReadStream, existsSync, readFileSync, statSync, watch } from "node:fs";
@@ -200,6 +200,80 @@ var LlmBridge = class {
 		this.mintedAgent.set(ms.appSessionUuid, ms);
 		return ms;
 	}
+	/** Re-mint an agent session token by ``app_session_uuid`` via the dev
+	*  ``/dev/session/refresh`` endpoint (PAT + uuid — NO stale token needed).
+	*
+	*  This is the harness's token-free recovery path: even after the CLI
+	*  process restarted (so ``mintedAgent`` is empty) or the previous token
+	*  expired, the underlying ``AnnaAppSession`` row is still alive and the
+	*  app remembers its ``app_session_uuid``. ``refresh`` slides the idle
+	*  window and hands back a fresh short-lived token, fixing the forum
+	*  report "uuid unusable after dev restart". Throws on 404/410 (the row
+	*  is genuinely gone / revoked / idle-expired). */
+	async callRefresh(apsUuid) {
+		const acc = this.account();
+		const url = `${canonicalHost(acc.host)}/api/v1/anna-apps/dev/session/refresh`;
+		const res = await fetch(url, {
+			method: "POST",
+			headers: { "content-type": "application/json" },
+			body: JSON.stringify({
+				pat: acc.pat,
+				app_session_uuid: apsUuid
+			})
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw new Error(`session.refresh failed: HTTP ${res.status} ${text}`);
+		}
+		const payload = await res.json();
+		return {
+			token: payload.app_session_token,
+			expiresIn: payload.expires_in || 600,
+			submode: payload.submode ?? null
+		};
+	}
+	/** Revoke an agent session by uuid via ``/dev/session/revoke`` (PAT-auth).
+	*
+	*  Token-free: works even when the session token is long expired (which
+	*  used to make the session impossible to release → quota leak). */
+	async callRevoke(apsUuid) {
+		const acc = this.account();
+		const url = `${canonicalHost(acc.host)}/api/v1/anna-apps/dev/session/revoke`;
+		const res = await fetch(url, {
+			method: "POST",
+			headers: { "content-type": "application/json" },
+			body: JSON.stringify({
+				pat: acc.pat,
+				app_session_uuid: apsUuid
+			})
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw new Error(`session.revoke failed: HTTP ${res.status} ${text}`);
+		}
+	}
+	/** Return a live agent session token for ``apsUuid``, re-minting via
+	*  ``/dev/session/refresh`` on cache-miss or near-expiry.
+	*
+	*  Centralises the "is my token still good?" decision for every operation
+	*  that needs an ``app_session_token`` (run / cancel / delete). On success
+	*  the freshly-minted session is cached in ``mintedAgent`` so subsequent
+	*  calls in the same process reuse it until the next near-expiry check. */
+	async ensureLiveToken(apsUuid) {
+		const now = Math.floor(Date.now() / 1e3);
+		const cached = this.mintedAgent.get(apsUuid);
+		if (cached && cached.expiresAt - 30 > now) return cached;
+		const refreshed = await this.callRefresh(apsUuid);
+		const ms = {
+			appSessionToken: refreshed.token,
+			appSessionUuid: apsUuid,
+			expiresAt: Math.floor(Date.now() / 1e3) + refreshed.expiresIn,
+			isAgent: true,
+			submode: refreshed.submode ?? cached?.submode ?? null
+		};
+		this.mintedAgent.set(apsUuid, ms);
+		return ms;
+	}
 	/** Mint (or reuse) a storage_token for APS forwarding.
 	*
 	*  Server-side ``/dev/storage/mint`` issues a JWT scoped to
@@ -394,14 +468,18 @@ var LlmBridge = class {
 			}
 			case "session.run": {
 				const apsUuid = String(args.args.app_session_uuid ?? "");
-				const ms = this.mintedAgent.get(apsUuid);
-				if (!ms) return {
-					ok: false,
-					error: {
-						code: "session_expired",
-						message: "no cached session"
-					}
-				};
+				let ms;
+				try {
+					ms = await this.ensureLiveToken(apsUuid);
+				} catch (e) {
+					return {
+						ok: false,
+						error: {
+							code: "session_expired",
+							message: e.message || "session expired or revoked"
+						}
+					};
+				}
 				const sid = `dev-${++this.streamCounter}`;
 				this.pumpAgentRun({
 					host: acc.host,
@@ -422,16 +500,42 @@ var LlmBridge = class {
 					}
 				};
 			}
+			case "session.refresh": {
+				const apsUuid = String(args.args.app_session_uuid ?? "");
+				try {
+					const ms = await this.ensureLiveToken(apsUuid);
+					return {
+						ok: true,
+						result: {
+							app_session_uuid: ms.appSessionUuid,
+							expires_in: Math.max(0, ms.expiresAt - Math.floor(Date.now() / 1e3)),
+							submode: ms.submode
+						}
+					};
+				} catch (e) {
+					return {
+						ok: false,
+						error: {
+							code: "session_expired",
+							message: e.message || "session expired or revoked"
+						}
+					};
+				}
+			}
 			case "session.cancel": {
 				const apsUuid = String(args.args.app_session_uuid ?? "");
-				const ms = this.mintedAgent.get(apsUuid);
-				if (!ms) return {
-					ok: false,
-					error: {
-						code: "session_expired",
-						message: "no cached session"
-					}
-				};
+				let ms;
+				try {
+					ms = await this.ensureLiveToken(apsUuid);
+				} catch (e) {
+					return {
+						ok: false,
+						error: {
+							code: "session_expired",
+							message: e.message || "session expired or revoked"
+						}
+					};
+				}
 				const out = await this.postJson(`${canonicalHost(acc.host)}/api/v1/copilot/app/agent/cancel`, ms.appSessionToken, args.args);
 				return {
 					ok: true,
@@ -445,33 +549,72 @@ var LlmBridge = class {
 					message: "agent.session.history is not exposed over HTTP; available only via in-process store"
 				}
 			};
+			case "session.list": {
+				const includeExpired = Boolean(args.args?.include_expired);
+				const rawLimit = Number(args.args?.limit ?? 50);
+				const limit = Math.max(1, Math.min(100, Number.isFinite(rawLimit) ? rawLimit : 50));
+				if (this.opts.appSlug) try {
+					const acc2 = this.account();
+					const url = new URL(`${canonicalHost(acc2.host)}/api/v1/anna-apps/dev/sessions`);
+					url.searchParams.set("pat", acc2.pat);
+					url.searchParams.set("app_slug", this.opts.appSlug);
+					url.searchParams.set("include_expired", String(includeExpired));
+					url.searchParams.set("limit", String(limit));
+					const res = await fetch(url, { method: "GET" });
+					if (res.ok) {
+						const body = await res.json();
+						return {
+							ok: true,
+							result: { sessions: body.sessions ?? [] }
+						};
+					}
+				} catch {}
+				const now = Math.floor(Date.now() / 1e3);
+				const sessions = [...this.mintedAgent.values()].filter((ms) => includeExpired || ms.expiresAt > now).slice(0, limit).map((ms) => ({
+					app_session_uuid: ms.appSessionUuid,
+					kind: "agent",
+					submode: ms.submode,
+					fixed_client_id: null,
+					label: "anna-app dev",
+					created_at: null,
+					last_active_at: null,
+					expires_at: new Date(ms.expiresAt * 1e3).toISOString()
+				}));
+				return {
+					ok: true,
+					result: { sessions }
+				};
+			}
 			case "session.delete": {
 				const apsUuid = String(args.args.app_session_uuid ?? "");
-				const ms = this.mintedAgent.get(apsUuid);
+				const cached = this.mintedAgent.get(apsUuid);
 				this.mintedAgent.delete(apsUuid);
-				if (!ms) return {
-					ok: true,
-					result: { deleted: true }
-				};
-				const url = `${canonicalHost(acc.host)}/api/v1/copilot/app/sessions/${encodeURIComponent(apsUuid)}`;
-				const res = await fetch(url, {
-					method: "DELETE",
-					headers: { authorization: `Bearer ${ms.appSessionToken}` }
-				});
-				if (!res.ok) {
-					const text = await res.text().catch(() => "");
+				if (cached && cached.expiresAt - 5 > Math.floor(Date.now() / 1e3)) {
+					const url = `${canonicalHost(acc.host)}/api/v1/copilot/app/sessions/${encodeURIComponent(apsUuid)}`;
+					const res = await fetch(url, {
+						method: "DELETE",
+						headers: { authorization: `Bearer ${cached.appSessionToken}` }
+					});
+					if (res.ok) return {
+						ok: true,
+						result: { deleted: true }
+					};
+				}
+				try {
+					await this.callRevoke(apsUuid);
+					return {
+						ok: true,
+						result: { deleted: true }
+					};
+				} catch (e) {
 					return {
 						ok: false,
 						error: {
 							code: "transport",
-							message: `HTTP ${res.status}: ${text}`
+							message: e.message
 						}
 					};
 				}
-				return {
-					ok: true,
-					result: { deleted: true }
-				};
 			}
 		}
 		if (args.ns === "image" && (args.method === "generate" || args.method === "edit")) {
@@ -852,11 +995,21 @@ var HarnessServer = class {
 				"agent",
 				"session.history"
 			],
+			[
+				"host.agent.session.refresh",
+				"agent",
+				"session.refresh"
+			],
 			[
 				"host.agent.session.delete",
 				"agent",
 				"session.delete"
 			],
+			[
+				"host.agent.session.list",
+				"agent",
+				"session.list"
+			],
 			[
 				"host.image.generate",
 				"image",
@@ -1133,17 +1286,34 @@ var HarnessServer = class {
 	}
 	async serveSdk(pathname, res) {
 		const sdkRel = pathname.replace(/^\/static\/anna-apps\/_sdk\/[^/]+\//, "");
-		let distRoot;
-		try {
-			const req = createRequire(import.meta.url);
-			distRoot = dirname(req.resolve("@anna-ai/app-runtime"));
-		} catch (e) {
-			return this.text(res, 500, `@anna-ai/app-runtime is not installed: ${e.message}`);
-		}
+		const distRoot = this.resolveSdkDistRoot();
+		if (!distRoot) return this.text(res, 500, "@anna-ai/app-runtime is not installed and no in-tree packages/anna-app-runtime/dist was found.");
 		const abs = resolve(distRoot, sdkRel);
 		if (!abs.startsWith(distRoot)) return this.text(res, 403, "forbidden");
 		return this.serveFile(abs, res);
 	}
+	/**
+	* Resolve the directory the browser SDK (`index.js` + friends) is served
+	* from. When `--matrix-nexus-root` is set we prefer the in-tree
+	* `packages/anna-app-runtime/dist/` so contributors run byte-identical
+	* with the unpublished workspace SDK (parity with the Python bridge, which
+	* already runs in-tree in `nexus-source` mode). Falls back to the
+	* published npm package resolved from anna-app-cli's own node_modules.
+	* Returns null if neither is available.
+	*/
+	resolveSdkDistRoot() {
+		const root = this.cfg.matrixNexusRoot;
+		if (root) {
+			const inTree = resolve(root, "packages", "anna-app-runtime", "dist");
+			if (existsSync(join(inTree, "index.js"))) return inTree;
+		}
+		try {
+			const req = createRequire(import.meta.url);
+			return dirname(req.resolve("@anna-ai/app-runtime"));
+		} catch {
+			return null;
+		}
+	}
 	async serveBundleAsset(rel, res) {
 		const abs = resolve(this.cfg.bundleDir, normalize(rel));
 		if (!abs.startsWith(resolve(this.cfg.bundleDir))) return this.text(res, 403, "forbidden");

package/dist/{storage-BCj754in.js → storage-CKTmE87u.js}

@@ -1,5 +1,5 @@
 import { canonicalHost } from "./credentials-BTv2IfUZ.js";
-import { hostOf, requireAccount, withCode } from "./dev-account-CD6hTr7M.js";
+import { hostOf, requireAccount, withCode } from "./dev-account-CGo8k9_2.js";
 import { resolve } from "node:path";
 import { existsSync, readFileSync } from "node:fs";
 

package/dist/{token-BGjbb2aU.js → token-Cg7BZGp6.js}

@@ -1,6 +1,6 @@
 import "./credentials-BTv2IfUZ.js";
-import "./client-Dn9zThOd.js";
-import { resolveClient, withErrorHandling } from "./_lifecycle-shared-sbea9HtH.js";
+import "./client-D-_z1ALk.js";
+import { resolveClient, withErrorHandling } from "./_lifecycle-shared-BpSOfVCP.js";
 import { bold, cyan, dim, green, red, yellow } from "kleur/colors";
 
 //#region src/api/tokens.ts

package/dist/{working-orchestration-CIpQ_JMY.js → working-orchestration-Dh1gCwGg.js}

@@ -1,11 +1,11 @@
 import { canonicalHost } from "./credentials-BTv2IfUZ.js";
-import { createApp, findAppBySlug, getApp } from "./apps-B1Nd8l_t.js";
-import { CliError } from "./client-Dn9zThOd.js";
-import { parseExecutaIdOverrides, readExecutasLock, substituteBundledRefs, validateBundledHandles, writeBundleToolIdSidecar, writeExecutasLock } from "./bundled-executas-BNOKw4kv.js";
-import { runExecutaPublish } from "./executa-publish-BKFq6Hz9.js";
-import { loadExecutaManifest } from "./manifest-hXWnNFHE.js";
-import { runExecutaInstall } from "./executa-install-DnBG8UJA.js";
-import { appCacheMatches, readAppIdentity, writeAppIdentity } from "./app-cache-TcmbIIuL.js";
+import { createApp, findAppBySlug, getApp } from "./apps-CCdtLmxQ.js";
+import { CliError } from "./client-D-_z1ALk.js";
+import { parseExecutaIdOverrides, readExecutasLock, substituteBundledRefs, validateBundledHandles, writeBundleToolIdSidecar, writeExecutasLock } from "./bundled-executas-B6b8gIfp.js";
+import { runExecutaPublish } from "./executa-publish-CkPAB34b.js";
+import { loadExecutaManifest } from "./manifest-Bljz8Y6T.js";
+import { runExecutaInstall } from "./executa-install-BGirXLX5.js";
+import { appCacheMatches, readAppIdentity, writeAppIdentity } from "./app-cache-Bl7cE5fm.js";
 import { join, resolve } from "node:path";
 import { dim, green, yellow } from "kleur/colors";
 import { homedir } from "node:os";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@anna-ai/cli",
-  "version": "0.1.23",
+  "version": "0.1.27",
   "description": "Anna App developer CLI: scaffold, validate, harness (Phase 2 MVP: init + validate).",
   "license": "MIT",
   "type": "module",
@@ -29,11 +29,12 @@
     "test:watch": "vitest",
     "lint": "tsc --noEmit",
     "check:runtime-pin": "node scripts/check-runtime-pin.mjs",
-    "prepublishOnly": "pnpm lint && pnpm test && pnpm build"
+    "check:sdk-pin": "node scripts/check-sdk-pin.mjs",
+    "prepublishOnly": "pnpm lint && pnpm test && pnpm build && node scripts/check-runtime-pin.mjs && node scripts/check-sdk-pin.mjs"
   },
   "dependencies": {
-    "@anna-ai/app-runtime": "^0.5.0",
-    "@anna-ai/app-schema": "^0.8.0",
+    "@anna-ai/app-runtime": "^0.8.0",
+    "@anna-ai/app-schema": "^0.10.0",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "commander": "^12.1.0",

package/dist/apps-publish-D403z305.js

@@ -1,14 +0,0 @@
-import "./credentials-BTv2IfUZ.js";
-import "./apps-B1Nd8l_t.js";
-import "./client-Dn9zThOd.js";
-import "./bundled-executas-BNOKw4kv.js";
-import "./executas-Cep6KEo0.js";
-import "./executa-cache-BFoUtb4J.js";
-import "./executa-publish-BKFq6Hz9.js";
-import "./manifest-hXWnNFHE.js";
-import "./_lifecycle-shared-sbea9HtH.js";
-import "./app-cache-TcmbIIuL.js";
-import "./app-bundle-upload-Cd4ci4rB.js";
-import { runAppsPublish } from "./apps-publish-U_Y7svJw.js";
-
-export { runAppsPublish };

package/dist/bridge-DZmZIWG0.js

@@ -1,3 +0,0 @@
-import { BridgeRequestError, PINNED_RUNTIME_VERSION, PythonBridge } from "./bridge-CBew_Ytl.js";
-
-export { PINNED_RUNTIME_VERSION, PythonBridge };

package/dist/dev-DdjwQzJ2.js

@@ -1,3 +0,0 @@
-import { parseExecutaSpec, runDev } from "./dev-CyFATq6R.js";
-
-export { parseExecutaSpec, runDev };

package/dist/executa-install-viq3kiV7.js

@@ -1,6 +0,0 @@
-import "./credentials-BTv2IfUZ.js";
-import "./executa-cache-BFoUtb4J.js";
-import "./dev-CyFATq6R.js";
-import { runExecutaInstall } from "./executa-install-DnBG8UJA.js";
-
-export { runExecutaInstall };

package/dist/executa-publish-DaYvxbbW.js

@@ -1,9 +0,0 @@
-import "./credentials-BTv2IfUZ.js";
-import "./client-Dn9zThOd.js";
-import "./executas-Cep6KEo0.js";
-import "./executa-cache-BFoUtb4J.js";
-import { runExecutaPublish } from "./executa-publish-BKFq6Hz9.js";
-import "./manifest-hXWnNFHE.js";
-import "./_lifecycle-shared-sbea9HtH.js";
-
-export { runExecutaPublish };