@autohq/cli 0.1.88 → 0.1.90

package/dist/index.js

@@ -257,10 +257,10 @@ function mergeDefs(...defs) {
 function cloneDef(schema) {
   return mergeDefs(schema._zod.def);
 }
-function getElementAtPath(obj, path) {
-  if (!path)
+function getElementAtPath(obj, path2) {
+  if (!path2)
     return obj;
-  return path.reduce((acc, key) => acc?.[key], obj);
+  return path2.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -588,11 +588,11 @@ function explicitlyAborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path, issues) {
+function prefixIssues(path2, issues) {
   return issues.map((iss) => {
     var _a3;
     (_a3 = iss).path ?? (_a3.path = []);
-    iss.path.unshift(path);
+    iss.path.unshift(path2);
     return iss;
   });
 }
@@ -810,16 +810,16 @@ function flattenError(error51, mapper = (issue2) => issue2.message) {
 }
 function formatError(error51, mapper = (issue2) => issue2.message) {
   const fieldErrors = { _errors: [] };
-  const processError = (error52, path = []) => {
+  const processError = (error52, path2 = []) => {
     for (const issue2 of error52.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
-        issue2.errors.map((issues) => processError({ issues }, [...path, ...issue2.path]));
+        issue2.errors.map((issues) => processError({ issues }, [...path2, ...issue2.path]));
       } else if (issue2.code === "invalid_key") {
-        processError({ issues: issue2.issues }, [...path, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path2, ...issue2.path]);
       } else if (issue2.code === "invalid_element") {
-        processError({ issues: issue2.issues }, [...path, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path2, ...issue2.path]);
       } else {
-        const fullpath = [...path, ...issue2.path];
+        const fullpath = [...path2, ...issue2.path];
         if (fullpath.length === 0) {
           fieldErrors._errors.push(mapper(issue2));
         } else {
@@ -846,17 +846,17 @@ function formatError(error51, mapper = (issue2) => issue2.message) {
 }
 function treeifyError(error51, mapper = (issue2) => issue2.message) {
   const result = { errors: [] };
-  const processError = (error52, path = []) => {
+  const processError = (error52, path2 = []) => {
     var _a3, _b;
     for (const issue2 of error52.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
-        issue2.errors.map((issues) => processError({ issues }, [...path, ...issue2.path]));
+        issue2.errors.map((issues) => processError({ issues }, [...path2, ...issue2.path]));
       } else if (issue2.code === "invalid_key") {
-        processError({ issues: issue2.issues }, [...path, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path2, ...issue2.path]);
       } else if (issue2.code === "invalid_element") {
-        processError({ issues: issue2.issues }, [...path, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path2, ...issue2.path]);
       } else {
-        const fullpath = [...path, ...issue2.path];
+        const fullpath = [...path2, ...issue2.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue2));
           continue;
@@ -888,8 +888,8 @@ function treeifyError(error51, mapper = (issue2) => issue2.message) {
 }
 function toDotPath(_path) {
   const segs = [];
-  const path = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path) {
+  const path2 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path2) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -14392,13 +14392,13 @@ function resolveRef(ref, ctx) {
   if (!ref.startsWith("#")) {
     throw new Error("External $ref is not supported, only local refs (#/...) are allowed");
   }
-  const path = ref.slice(1).split("/").filter(Boolean);
-  if (path.length === 0) {
+  const path2 = ref.slice(1).split("/").filter(Boolean);
+  if (path2.length === 0) {
     return ctx.rootSchema;
   }
   const defsKey = ctx.version === "draft-2020-12" ? "$defs" : "definitions";
-  if (path[0] === defsKey) {
-    const key = path[1];
+  if (path2[0] === defsKey) {
+    const key = path2[1];
     if (!key || !ctx.defs[key]) {
       throw new Error(`Reference not found: ${ref}`);
     }
@@ -15223,6 +15223,8 @@ var init_auth = __esm({
       "secrets:read",
       "secrets:write",
       "secrets:use",
+      "github:mcp",
+      "github:credentials",
       "projects:admin",
       "org:admin"
     ]);
@@ -16413,6 +16415,100 @@ var init_connections = __esm({
   }
 });
 
+// ../../packages/schemas/src/github-credentials.ts
+var CreateRunGithubCredentialRequestSchema, RunGithubCredentialResponseSchema;
+var init_github_credentials = __esm({
+  "../../packages/schemas/src/github-credentials.ts"() {
+    "use strict";
+    init_zod();
+    CreateRunGithubCredentialRequestSchema = external_exports.object({
+      host: external_exports.literal("github.com"),
+      path: external_exports.string().trim().min(1).optional()
+    });
+    RunGithubCredentialResponseSchema = external_exports.object({
+      username: external_exports.literal("x-access-token"),
+      password: external_exports.string().min(1),
+      expiresAt: external_exports.string().datetime()
+    });
+  }
+});
+
+// ../../packages/schemas/src/github-mcp-catalog.ts
+var GITHUB_MCP_TOOL_NAMES, GITHUB_MCP_WRITE_TOOLS, githubMcpToolNameSet, githubMcpWriteToolSet;
+var init_github_mcp_catalog = __esm({
+  "../../packages/schemas/src/github-mcp-catalog.ts"() {
+    "use strict";
+    GITHUB_MCP_TOOL_NAMES = [
+      "actions_get",
+      "actions_list",
+      "actions_run_trigger",
+      "add_comment_to_pending_review",
+      "add_issue_comment",
+      "add_reply_to_pull_request_comment",
+      "create_branch",
+      "create_or_update_file",
+      "create_pull_request",
+      "create_repository",
+      "delete_file",
+      "fork_repository",
+      "get_commit",
+      "get_file_contents",
+      "get_job_logs",
+      "get_label",
+      "get_latest_release",
+      "get_release_by_tag",
+      "get_tag",
+      "issue_read",
+      "issue_write",
+      "list_branches",
+      "list_commits",
+      "list_issue_types",
+      "list_issues",
+      "list_pull_requests",
+      "list_releases",
+      "list_repository_collaborators",
+      "list_tags",
+      "merge_pull_request",
+      "pull_request_read",
+      "pull_request_review_write",
+      "push_files",
+      "search_code",
+      "search_commits",
+      "search_issues",
+      "search_pull_requests",
+      "search_repositories",
+      "sub_issue_write",
+      "update_pull_request",
+      "update_pull_request_branch"
+    ];
+    GITHUB_MCP_WRITE_TOOLS = [
+      "actions_run_trigger",
+      "add_comment_to_pending_review",
+      "add_issue_comment",
+      "add_reply_to_pull_request_comment",
+      "create_branch",
+      "create_or_update_file",
+      "create_pull_request",
+      "create_repository",
+      "delete_file",
+      "fork_repository",
+      "issue_write",
+      "merge_pull_request",
+      "pull_request_review_write",
+      "push_files",
+      "sub_issue_write",
+      "update_pull_request",
+      "update_pull_request_branch"
+    ];
+    githubMcpToolNameSet = new Set(
+      GITHUB_MCP_TOOL_NAMES
+    );
+    githubMcpWriteToolSet = new Set(
+      GITHUB_MCP_WRITE_TOOLS
+    );
+  }
+});
+
 // ../../packages/schemas/src/secrets.ts
 var SECRET_ENCRYPTION_ALGORITHM, SecretEnvNameSchema, SecretCiphertextFieldSchema, SecretAesGcmIvSchema, SecretAesGcmAuthTagSchema, SecretEnvValueSchema, SecretEnvSchema, EncryptedSecretValueSchema, SecretSetRequestSchema, SecretMetadataSchema, SecretSetResponseSchema, SecretListResponseSchema, SecretDeleteResponseSchema;
 var init_secrets = __esm({
@@ -16600,7 +16696,7 @@ var init_mcp = __esm({
 });
 
 // ../../packages/schemas/src/mounts.ts
-var AbsoluteMountPathSchema, GITHUB_MOUNT_CAPABILITY_LEVELS, GithubMountCapabilityLevelSchema, GitMountAuthSchema, GitMountSchema, SessionMountSchema;
+var AbsoluteMountPathSchema, GITHUB_MOUNT_CAPABILITY_LEVELS, GithubMountCapabilityLevelSchema, DEFAULT_GITHUB_MOUNT_CAPABILITIES, GitMountAuthSchema, GitMountSchema, SessionMountSchema;
 var init_mounts = __esm({
   "../../packages/schemas/src/mounts.ts"() {
     "use strict";
@@ -16616,6 +16712,14 @@ var init_mounts = __esm({
     GithubMountCapabilityLevelSchema = external_exports.enum(
       GITHUB_MOUNT_CAPABILITY_LEVELS
     );
+    DEFAULT_GITHUB_MOUNT_CAPABILITIES = {
+      contents: "write",
+      pullRequests: "write",
+      issues: "write",
+      checks: "read",
+      actions: "read",
+      workflows: "none"
+    };
     GitMountAuthSchema = external_exports.discriminatedUnion("kind", [
       external_exports.object({
         kind: external_exports.literal("none")
@@ -16636,14 +16740,7 @@ var init_mounts = __esm({
           checks: GithubMountCapabilityLevelSchema.default("read"),
           actions: GithubMountCapabilityLevelSchema.default("read"),
           workflows: GithubMountCapabilityLevelSchema.default("none")
-        }).default({
-          contents: "write",
-          pullRequests: "write",
-          issues: "write",
-          checks: "read",
-          actions: "read",
-          workflows: "none"
-        })
+        }).default({ ...DEFAULT_GITHUB_MOUNT_CAPABILITIES })
       })
     ]);
     GitMountSchema = external_exports.object({
@@ -16759,12 +16856,13 @@ function remoteMcpToolSchema(input) {
     ]).default({ kind: "none" })
   });
 }
-var RESOURCE_KIND_TOOL, REMOTE_MCP_TRANSPORTS, LOCAL_TOOL_IMPLEMENTATIONS, SecretReferenceSchema, NoToolAuthSchema, McpOAuthToolAuthSchema, ConnectionToolAuthSchema, ConnectionsToolAuthSchema, ToolAliasSchema, RemoteMcpToolSchema, LocalAutoToolSchema, LocalPingToolSchema, LocalChatToolSchema, LocalToolSchema, ToolSpecSchema, ToolResourceSchema, ToolApplyRequestSchema, ToolConnectRequestSchema, ToolConnectResponseSchema, ToolConnectCompleteResponseSchema, ReferencedSessionToolRefSchema, ReferencedSessionToolRefsSchema, InlineSessionToolSchema, SessionToolRefSchema, SessionToolsSchema;
+var RESOURCE_KIND_TOOL, REMOTE_MCP_TRANSPORTS, LOCAL_TOOL_IMPLEMENTATIONS, SecretReferenceSchema, NoToolAuthSchema, McpOAuthToolAuthSchema, ConnectionToolAuthSchema, ConnectionsToolAuthSchema, ToolAliasSchema, RemoteMcpToolSchema, LocalAutoToolSchema, LocalPingToolSchema, LocalChatToolSchema, LocalToolSchema, GithubToolSchema, ToolSpecSchema, ToolResourceSchema, ToolApplyRequestSchema, ToolConnectRequestSchema, ToolConnectResponseSchema, ToolConnectCompleteResponseSchema, ReferencedSessionToolRefSchema, ReferencedSessionToolRefsSchema, InlineSessionToolSchema, SessionToolRefSchema, SessionToolsSchema;
 var init_tools = __esm({
   "../../packages/schemas/src/tools.ts"() {
     "use strict";
     init_zod();
     init_connections();
+    init_github_mcp_catalog();
     init_ids();
     init_resources();
     RESOURCE_KIND_TOOL = "tool";
@@ -16822,6 +16920,11 @@ var init_tools = __esm({
         error: `Unsupported local tool implementation. Supported implementations: ${LOCAL_TOOL_IMPLEMENTATIONS.join(", ")}`
       }
     );
+    GithubToolSchema = external_exports.object({
+      kind: external_exports.literal("github"),
+      description: external_exports.string().trim().min(1).optional(),
+      tools: external_exports.array(external_exports.enum(GITHUB_MCP_TOOL_NAMES)).min(1).optional()
+    });
     ToolSpecSchema = external_exports.discriminatedUnion("kind", [
       RemoteMcpToolSchema,
       LocalToolSchema
@@ -16871,6 +16974,10 @@ var init_tools = __esm({
           disabled: external_exports.boolean().optional()
         })
       )
+    ).or(
+      GithubToolSchema.extend({
+        disabled: external_exports.boolean().optional()
+      })
     );
     SessionToolRefSchema = InlineSessionToolSchema.or(
       ReferencedSessionToolRefSchema
@@ -17133,8 +17240,8 @@ function hasAutoAttributionsExists(trigger, expected) {
 function isChatMessageEvent(trigger) {
   return trigger.event.startsWith("chat.message.");
 }
-function hasFilterValue(trigger, path, expected) {
-  return trigger.where?.[path] === expected;
+function hasFilterValue(trigger, path2, expected) {
+  return trigger.where?.[path2] === expected;
 }
 var RESOURCE_KIND_SESSION, TriggerFilterScalarSchema, TriggerFilterPathSchema, TriggerFilterClauseSchema, TriggerFilterSchema, SessionTriggerCheckTimeoutSchema, TriggerEventSchema, TriggerEventsSchema, SessionTriggerSharedFields, SessionTriggerEventSourceFields, SessionTriggerBaseSchema, SessionTriggerDefinitionBaseSchema, SessionTriggerSchema, SessionApplyTriggerSchema, SessionHeartbeatTriggerBaseSchema, SessionHeartbeatTriggerSchema, SessionApplyHeartbeatTriggerSchema, SessionTriggerDefinitionSchema, SessionApplyTriggerDefinitionSchema, SessionTriggersSchema, SessionApplyTriggersSchema, AVATAR_ASSET_EXTENSIONS, MAX_AVATAR_ASSET_BYTES, SESSION_IDENTITY_DESCRIPTION_MAX_LENGTH, SHA256_HEX_PATTERN, SessionIdentitySchema, SessionSpecSchema, SessionApplySpecSchema, SessionStatusSchema, SessionResourceSchema, SessionApplyRequestSchema, SessionApplyTriggerReceiptSchema, SessionApplyResponseSchema, SESSION_TELEGRAM_IDENTITY_STATUSES, SessionTelegramIdentityStatusSchema, SessionPresenceIdentitySchema, SessionPresenceResponseSchema, SessionPresenceConnectRequestSchema, SessionPresenceConnectPendingSchema, SessionPresenceConnectResponseSchema, SessionPresenceIconRequestSchema, SessionPresenceIconResponseSchema, SessionPresenceCompleteResponseSchema;
 var init_sessions = __esm({
@@ -17156,17 +17263,17 @@ var init_sessions = __esm({
       external_exports.boolean()
     ]);
     TriggerFilterPathSchema = external_exports.string().refine(
-      (path) => {
-        if (path.length === 0 || path.trim() !== path) {
+      (path2) => {
+        if (path2.length === 0 || path2.trim() !== path2) {
           return false;
         }
-        if (path.startsWith("$.")) {
-          const segments = path.slice(2).split(".");
+        if (path2.startsWith("$.")) {
+          const segments = path2.slice(2).split(".");
           return segments.length > 0 && segments.every(
             (segment) => segment.length > 0 && segment.trim() === segment
           );
         }
-        return !path.includes(".");
+        return !path2.includes(".");
       },
       {
         message: "Trigger filter paths must be a single bare key or use $.path.segments"
@@ -17654,6 +17761,307 @@ var init_run_diagnostics = __esm({
   }
 });
 
+// ../../packages/schemas/src/session-runs.ts
+var SESSION_RUN_STATUSES, SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH, SessionRunStatusSchema, SessionRunDisplayTitleSchema, SESSION_RUN_CHECK_STATUSES, SESSION_RUN_CHECK_CONCLUSIONS, SESSION_RUN_CHECK_TIMEOUT_PHASES, SessionRunCheckStatusSchema, SessionRunCheckConclusionSchema, SessionRunCheckTimeoutPhaseSchema, ManualSessionRunRequestSchema, SessionRunArchiveRequestSchema, SessionRunsArchiveRequestSchema, SessionRunRecordSchema, SessionRunsArchiveResponseSchema;
+var init_session_runs = __esm({
+  "../../packages/schemas/src/session-runs.ts"() {
+    "use strict";
+    init_zod();
+    init_auth();
+    init_environments();
+    init_ids();
+    init_primitives();
+    init_profiles();
+    init_sessions();
+    init_tools();
+    SESSION_RUN_STATUSES = [
+      "queued",
+      "running",
+      "awaiting",
+      "failed",
+      "stopped"
+    ];
+    SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH = 64;
+    SessionRunStatusSchema = external_exports.enum(SESSION_RUN_STATUSES);
+    SessionRunDisplayTitleSchema = external_exports.string().trim().max(SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH);
+    SESSION_RUN_CHECK_STATUSES = [
+      "queued",
+      "in_progress",
+      "completed"
+    ];
+    SESSION_RUN_CHECK_CONCLUSIONS = ["success", "failure"];
+    SESSION_RUN_CHECK_TIMEOUT_PHASES = ["begin", "complete"];
+    SessionRunCheckStatusSchema = external_exports.enum(SESSION_RUN_CHECK_STATUSES);
+    SessionRunCheckConclusionSchema = external_exports.enum(
+      SESSION_RUN_CHECK_CONCLUSIONS
+    );
+    SessionRunCheckTimeoutPhaseSchema = external_exports.enum(
+      SESSION_RUN_CHECK_TIMEOUT_PHASES
+    );
+    ManualSessionRunRequestSchema = external_exports.object({
+      message: external_exports.string().trim().min(1).max(2e4).optional(),
+      interactive: external_exports.boolean().optional()
+    });
+    SessionRunArchiveRequestSchema = external_exports.object({
+      archived: external_exports.boolean()
+    });
+    SessionRunsArchiveRequestSchema = external_exports.object({
+      run_ids: external_exports.array(SessionRunIdSchema2).min(1).max(100),
+      archived: external_exports.boolean()
+    });
+    SessionRunRecordSchema = external_exports.object({
+      id: SessionRunIdSchema2,
+      organizationId: external_exports.string().trim().min(1),
+      projectId: external_exports.string().trim().min(1).nullable(),
+      sessionId: SessionIdSchema,
+      runtimeId: RuntimeIdSchema2.nullable(),
+      status: SessionRunStatusSchema,
+      idempotencyKey: external_exports.string().min(1).nullable(),
+      correlationKey: external_exports.string().nullable(),
+      workflowId: external_exports.string().min(1),
+      displayTitle: SessionRunDisplayTitleSchema,
+      starterActor: AuthActorSchema.nullable(),
+      sessionSnapshot: SessionResourceSchema,
+      profileSnapshot: ProfileResourceSchema,
+      environmentSnapshot: EnvironmentResourceSchema,
+      toolSnapshots: external_exports.array(
+        external_exports.discriminatedUnion("source", [
+          external_exports.object({
+            source: external_exports.literal("inline"),
+            alias: ToolAliasSchema,
+            spec: RemoteMcpToolSchema.or(LocalToolSchema).or(GithubToolSchema)
+          }),
+          external_exports.object({
+            source: external_exports.literal("resource"),
+            alias: ToolAliasSchema,
+            resource: ToolResourceSchema
+          })
+        ])
+      ),
+      input: JsonValueSchema2,
+      createdAt: external_exports.string().datetime(),
+      updatedAt: external_exports.string().datetime(),
+      startedAt: external_exports.string().datetime().nullable(),
+      finishedAt: external_exports.string().datetime().nullable(),
+      archivedAt: external_exports.string().datetime().nullable(),
+      error: JsonValueSchema2.nullable()
+    });
+    SessionRunsArchiveResponseSchema = external_exports.object({
+      archived: external_exports.boolean(),
+      runs: external_exports.array(SessionRunRecordSchema)
+    });
+  }
+});
+
+// ../../packages/schemas/src/run-introspection.ts
+var TruncatedValueSchema, RunConversationSearchSnippetSchema, RunConversationSearchMatchSchema, RunConversationSearchResponseSchema, RunToolExchangeSchema, RunToolExchangesResponseSchema, RUN_TRIGGER_DELIVERY_ACTIONS, RunTriggerDeliveryActionSchema, RUN_EVENT_ORIGIN_KINDS, RunEventOriginKindSchema, RunTriggerDeliveryRecordSchema, RunTriggersResponseSchema, RunArtifactRecordSchema, RunArtifactsResponseSchema, RunTurnSchema, RunToolStatSchema, RunSummarySchema;
+var init_run_introspection = __esm({
+  "../../packages/schemas/src/run-introspection.ts"() {
+    "use strict";
+    init_zod();
+    init_auth();
+    init_conversation();
+    init_ids();
+    init_primitives();
+    init_session_runs();
+    TruncatedValueSchema = external_exports.object({
+      truncated: external_exports.literal(true),
+      truncatedPreview: external_exports.string(),
+      originalBytes: external_exports.number().int().nonnegative()
+    });
+    RunConversationSearchSnippetSchema = external_exports.object({
+      partIndex: external_exports.number().int().nonnegative(),
+      partType: external_exports.string(),
+      /** The search term this snippet was produced for. */
+      query: external_exports.string(),
+      text: external_exports.string()
+    });
+    RunConversationSearchMatchSchema = external_exports.object({
+      sequence: external_exports.number().int().nonnegative(),
+      role: ConversationRoleSchema2,
+      kind: ConversationEntryKindSchema2,
+      status: ConversationEntryStatusSchema2,
+      createdAt: external_exports.string().datetime(),
+      /** Which of the requested terms matched this entry. */
+      matchedQueries: external_exports.array(external_exports.string()),
+      /** Total match occurrences across terms in this entry. */
+      matchCount: external_exports.number().int().positive(),
+      snippets: external_exports.array(RunConversationSearchSnippetSchema)
+    });
+    RunConversationSearchResponseSchema = external_exports.object({
+      matches: external_exports.array(RunConversationSearchMatchSchema),
+      hasMore: external_exports.boolean(),
+      /**
+       * Sequence of the last candidate entry scanned (not just the last confirmed
+       * match) — pass as `afterSequence` to continue without re-scanning
+       * candidates the match confirmation dropped. Null when nothing was scanned.
+       */
+      nextAfterSequence: external_exports.number().int().nullable()
+    });
+    RunToolExchangeSchema = external_exports.object({
+      name: external_exports.string(),
+      callSequence: external_exports.number().int().nonnegative(),
+      resultSequence: external_exports.number().int().nonnegative().nullable(),
+      input: JsonValueSchema2,
+      output: JsonValueSchema2.nullable(),
+      /** Null while the call has no recorded result. */
+      isError: external_exports.boolean().nullable(),
+      /** Result `completedAt` minus call `createdAt`; null without a result. */
+      durationMs: external_exports.number().int().nonnegative().nullable(),
+      startedAt: external_exports.string().datetime(),
+      completedAt: external_exports.string().datetime().nullable()
+    });
+    RunToolExchangesResponseSchema = external_exports.object({
+      exchanges: external_exports.array(RunToolExchangeSchema),
+      hasMore: external_exports.boolean(),
+      /**
+       * Sequence bounds of the entries window this page consumed (not just the
+       * returned exchanges) — continue paging with `after`/`before` from these so
+       * filtered-out entries are not re-scanned. Null when nothing was scanned.
+       */
+      nextAfterSequence: external_exports.number().int().nullable(),
+      nextBeforeSequence: external_exports.number().int().nullable()
+    });
+    RUN_TRIGGER_DELIVERY_ACTIONS = [
+      "started",
+      "signaled",
+      "dropped",
+      "warned",
+      "errored"
+    ];
+    RunTriggerDeliveryActionSchema = external_exports.enum(
+      RUN_TRIGGER_DELIVERY_ACTIONS
+    );
+    RUN_EVENT_ORIGIN_KINDS = [
+      "internal",
+      "provider_grant",
+      "webhook"
+    ];
+    RunEventOriginKindSchema = external_exports.enum(RUN_EVENT_ORIGIN_KINDS);
+    RunTriggerDeliveryRecordSchema = external_exports.object({
+      action: RunTriggerDeliveryActionSchema,
+      triggerId: external_exports.string(),
+      eventKey: external_exports.string(),
+      originKind: RunEventOriginKindSchema,
+      occurredAt: external_exports.string().datetime(),
+      receivedAt: external_exports.string().datetime(),
+      deliveredAt: external_exports.string().datetime(),
+      reason: external_exports.string().nullable(),
+      /** Event payload; may be a {@link TruncatedValueSchema} marker. */
+      payload: JsonValueSchema2.optional()
+    });
+    RunTriggersResponseSchema = external_exports.object({
+      /** The `started` delivery that spawned the run; null for manual/agent spawns. */
+      spawn: RunTriggerDeliveryRecordSchema.nullable(),
+      /** Who started the run, for manual/CLI/agent spawns. */
+      starter: AuthActorSchema.nullable(),
+      /** Subsequent deliveries against the run, chronological. */
+      deliveries: external_exports.array(RunTriggerDeliveryRecordSchema)
+    });
+    RunArtifactRecordSchema = external_exports.object({
+      artifactType: external_exports.string(),
+      externalId: external_exports.string(),
+      payload: JsonValueSchema2,
+      recordedAt: external_exports.string().datetime()
+    });
+    RunArtifactsResponseSchema = external_exports.object({
+      artifacts: external_exports.array(RunArtifactRecordSchema)
+    });
+    RunTurnSchema = external_exports.object({
+      startSequence: external_exports.number().int().nonnegative(),
+      endSequence: external_exports.number().int().nonnegative(),
+      startedAt: external_exports.string().datetime(),
+      completedAt: external_exports.string().datetime().nullable(),
+      toolCallCount: external_exports.number().int().nonnegative()
+    });
+    RunToolStatSchema = external_exports.object({
+      name: external_exports.string(),
+      /** Run-wide call count from the SQL aggregate. */
+      calls: external_exports.number().int().nonnegative(),
+      /**
+       * Derived from the summary's recent-entries window (most recent ~1000
+       * entries), so on very long runs `errors` and `durationMs` can understate
+       * relative to the run-wide `calls`.
+       */
+      errors: external_exports.number().int().nonnegative(),
+      durationMs: external_exports.object({
+        p50: external_exports.number().nonnegative().nullable(),
+        max: external_exports.number().nonnegative().nullable()
+      })
+    });
+    RunSummarySchema = external_exports.object({
+      run: external_exports.object({
+        id: SessionRunIdSchema2,
+        sessionName: external_exports.string(),
+        profileName: external_exports.string(),
+        displayTitle: external_exports.string(),
+        status: SessionRunStatusSchema,
+        error: JsonValueSchema2.nullable(),
+        workflowId: external_exports.string(),
+        createdAt: external_exports.string().datetime(),
+        startedAt: external_exports.string().datetime().nullable(),
+        finishedAt: external_exports.string().datetime().nullable(),
+        archivedAt: external_exports.string().datetime().nullable()
+      }),
+      timing: external_exports.object({
+        /** `startedAt - createdAt`; null until the run starts. */
+        queuedMs: external_exports.number().int().nonnegative().nullable(),
+        /** `(finishedAt ?? now) - startedAt`; null until the run starts. */
+        activeMs: external_exports.number().int().nonnegative().nullable(),
+        /** `(finishedAt ?? now) - createdAt`. */
+        totalMs: external_exports.number().int().nonnegative()
+      }),
+      conversation: external_exports.object({
+        entryCount: external_exports.number().int().nonnegative(),
+        firstEntryAt: external_exports.string().datetime().nullable(),
+        lastEntryAt: external_exports.string().datetime().nullable(),
+        countsByKind: external_exports.object({
+          status: external_exports.number().int().nonnegative(),
+          message: external_exports.number().int().nonnegative(),
+          tool_call: external_exports.number().int().nonnegative(),
+          tool_result: external_exports.number().int().nonnegative(),
+          question: external_exports.number().int().nonnegative()
+        }),
+        failedEntryCount: external_exports.number().int().nonnegative(),
+        lastSequence: external_exports.number().int().nonnegative()
+      }),
+      tools: external_exports.array(RunToolStatSchema),
+      /**
+       * True when the run has more conversation entries than the summary's
+       * recent-entries window, meaning per-tool `errors`/`durationMs` (and
+       * `turns`) describe only the most recent slice of the run.
+       */
+      toolStatsWindowed: external_exports.boolean(),
+      trigger: external_exports.object({
+        /** Spawning event key, or "manual" / "agent" for actor-started runs. */
+        spawn: external_exports.string(),
+        signaledCount: external_exports.number().int().nonnegative(),
+        droppedCount: external_exports.number().int().nonnegative()
+      }),
+      artifacts: external_exports.object({
+        count: external_exports.number().int().nonnegative(),
+        types: external_exports.array(external_exports.string())
+      }),
+      /** Derived per-user-message turns, capped to the most recent. */
+      turns: external_exports.array(RunTurnSchema),
+      commands: external_exports.object({
+        total: external_exports.number().int().nonnegative(),
+        byKind: external_exports.record(external_exports.string(), external_exports.number().int().nonnegative()),
+        failed: external_exports.number().int().nonnegative()
+      }),
+      checks: external_exports.array(
+        external_exports.object({
+          name: external_exports.string(),
+          displayName: external_exports.string(),
+          status: SessionRunCheckStatusSchema,
+          conclusion: SessionRunCheckConclusionSchema.nullable(),
+          completedAt: external_exports.string().datetime().nullable()
+        })
+      )
+    });
+  }
+});
+
 // ../../packages/schemas/src/session-run-commands.ts
 var SESSION_RUN_COMMAND_KINDS, SESSION_RUN_DISPATCH_COMMAND_KINDS, SESSION_RUN_PERSISTED_COMMAND_KINDS, SESSION_RUN_LIFECYCLE_COMMAND_KINDS, SESSION_RUN_COMMAND_STATUSES, SESSION_RUN_DISPATCH_COMMAND_STATUSES, SessionRunCommandKindSchema2, SessionRunPersistedCommandKindSchema, SessionRunDispatchCommandKindSchema, SessionRunLifecycleCommandKindSchema, SessionRunCommandStatusSchema, SessionRunDispatchCommandStatusSchema, SessionRunCommandSenderSchema, SessionRunMessageCommandPayloadSchema, SessionRunAnswerCommandPayloadSchema, SessionRunLifecycleCommandPayloadSchema, SessionRunCommandPayloadSchema, CreateSessionRunMessageCommandRequestSchema, CreateSessionRunAnswerCommandRequestSchema, CreateSessionRunLifecycleCommandRequestSchema, CreateSessionRunCommandRequestSchema, SessionRunResolutionPolicySchema, SessionAddressedCommandTargetSchema, SessionRunCommandRecordBaseSchema, SessionRunStartCommandPayloadSchema, SessionRunStartWithMessageCommandPayloadSchema, SessionRunPersistedCommandPayloadSchema, SessionRunCommandRecordSchema, SessionRunDispatchMessageCommandPayloadSchema, SessionRunDispatchAnswerCommandPayloadSchema, SessionRunDispatchStopCommandPayloadSchema, SessionRunDispatchCommandPayloadSchema, SessionRunDispatchCommandRecordBaseSchema, SessionRunDispatchCommandRecordSchema;
 var init_session_run_commands = __esm({
@@ -17970,98 +18378,6 @@ var init_runtimes = __esm({
   }
 });
 
-// ../../packages/schemas/src/session-runs.ts
-var SESSION_RUN_STATUSES, SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH, SessionRunStatusSchema, SessionRunDisplayTitleSchema, SESSION_RUN_CHECK_STATUSES, SESSION_RUN_CHECK_CONCLUSIONS, SESSION_RUN_CHECK_TIMEOUT_PHASES, SessionRunCheckStatusSchema, SessionRunCheckConclusionSchema, SessionRunCheckTimeoutPhaseSchema, ManualSessionRunRequestSchema, SessionRunArchiveRequestSchema, SessionRunsArchiveRequestSchema, SessionRunRecordSchema, SessionRunsArchiveResponseSchema;
-var init_session_runs = __esm({
-  "../../packages/schemas/src/session-runs.ts"() {
-    "use strict";
-    init_zod();
-    init_auth();
-    init_environments();
-    init_ids();
-    init_primitives();
-    init_profiles();
-    init_sessions();
-    init_tools();
-    SESSION_RUN_STATUSES = [
-      "queued",
-      "running",
-      "awaiting",
-      "failed",
-      "stopped"
-    ];
-    SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH = 64;
-    SessionRunStatusSchema = external_exports.enum(SESSION_RUN_STATUSES);
-    SessionRunDisplayTitleSchema = external_exports.string().trim().max(SESSION_RUN_DISPLAY_TITLE_MAX_LENGTH);
-    SESSION_RUN_CHECK_STATUSES = [
-      "queued",
-      "in_progress",
-      "completed"
-    ];
-    SESSION_RUN_CHECK_CONCLUSIONS = ["success", "failure"];
-    SESSION_RUN_CHECK_TIMEOUT_PHASES = ["begin", "complete"];
-    SessionRunCheckStatusSchema = external_exports.enum(SESSION_RUN_CHECK_STATUSES);
-    SessionRunCheckConclusionSchema = external_exports.enum(
-      SESSION_RUN_CHECK_CONCLUSIONS
-    );
-    SessionRunCheckTimeoutPhaseSchema = external_exports.enum(
-      SESSION_RUN_CHECK_TIMEOUT_PHASES
-    );
-    ManualSessionRunRequestSchema = external_exports.object({
-      message: external_exports.string().trim().min(1).max(2e4).optional(),
-      interactive: external_exports.boolean().optional()
-    });
-    SessionRunArchiveRequestSchema = external_exports.object({
-      archived: external_exports.boolean()
-    });
-    SessionRunsArchiveRequestSchema = external_exports.object({
-      run_ids: external_exports.array(SessionRunIdSchema2).min(1).max(100),
-      archived: external_exports.boolean()
-    });
-    SessionRunRecordSchema = external_exports.object({
-      id: SessionRunIdSchema2,
-      organizationId: external_exports.string().trim().min(1),
-      projectId: external_exports.string().trim().min(1).nullable(),
-      sessionId: SessionIdSchema,
-      runtimeId: RuntimeIdSchema2.nullable(),
-      status: SessionRunStatusSchema,
-      idempotencyKey: external_exports.string().min(1).nullable(),
-      correlationKey: external_exports.string().nullable(),
-      workflowId: external_exports.string().min(1),
-      displayTitle: SessionRunDisplayTitleSchema,
-      starterActor: AuthActorSchema.nullable(),
-      sessionSnapshot: SessionResourceSchema,
-      profileSnapshot: ProfileResourceSchema,
-      environmentSnapshot: EnvironmentResourceSchema,
-      toolSnapshots: external_exports.array(
-        external_exports.discriminatedUnion("source", [
-          external_exports.object({
-            source: external_exports.literal("inline"),
-            alias: ToolAliasSchema,
-            spec: RemoteMcpToolSchema.or(LocalToolSchema)
-          }),
-          external_exports.object({
-            source: external_exports.literal("resource"),
-            alias: ToolAliasSchema,
-            resource: ToolResourceSchema
-          })
-        ])
-      ),
-      input: JsonValueSchema2,
-      createdAt: external_exports.string().datetime(),
-      updatedAt: external_exports.string().datetime(),
-      startedAt: external_exports.string().datetime().nullable(),
-      finishedAt: external_exports.string().datetime().nullable(),
-      archivedAt: external_exports.string().datetime().nullable(),
-      error: JsonValueSchema2.nullable()
-    });
-    SessionRunsArchiveResponseSchema = external_exports.object({
-      archived: external_exports.boolean(),
-      runs: external_exports.array(SessionRunRecordSchema)
-    });
-  }
-});
-
 // ../../packages/schemas/src/temporal.ts
 var ResourceReconciliationScopeSchema;
 var init_temporal = __esm({
@@ -18085,6 +18401,8 @@ var init_src = __esm({
     init_conversation();
     init_conversation_reducer();
     init_connections();
+    init_github_credentials();
+    init_github_mcp_catalog();
     init_ids();
     init_environments();
     init_mcp();
@@ -18097,6 +18415,7 @@ var init_src = __esm({
     init_realtime();
     init_resources();
     init_run_diagnostics();
+    init_run_introspection();
     init_secrets();
     init_session_run_commands();
     init_runtimes();
@@ -18159,10 +18478,10 @@ var init_active_project = __esm({
 
 // src/lib/config/path.ts
 import { createHash } from "crypto";
-import { homedir } from "os";
+import { homedir as homedir2 } from "os";
 import { join, normalize } from "path";
 function defaultConfigPath() {
-  return process.env.AUTO_CLI_CONFIG ?? join(homedir(), ".auto", "config.yaml");
+  return process.env.AUTO_CLI_CONFIG ?? join(homedir2(), ".auto", "config.yaml");
 }
 function profilesDir(configPath = defaultConfigPath()) {
   return normalize(join(configPath, "..", PROFILES_DIR_NAME));
@@ -18194,9 +18513,9 @@ var init_path = __esm({
 // src/lib/config/file.ts
 import { chmodSync, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
 import { basename, dirname as dirname2, join as join2 } from "path";
-function readConfig(path = defaultConfigPath()) {
+function readConfig(path2 = defaultConfigPath()) {
   try {
-    const text = readFileSync2(path, "utf8");
+    const text = readFileSync2(path2, "utf8");
     const config2 = {};
     for (const line of text.split(/\r?\n/)) {
       const match = /^([A-Za-z0-9_]+):\s*(.*)$/.exec(line.trim());
@@ -18210,13 +18529,13 @@ function readConfig(path = defaultConfigPath()) {
     throw err;
   }
 }
-function writeConfig(config2, path = defaultConfigPath()) {
-  writeConfigFile(config2, path);
-  if (config2.userEmail && config2.serverUrl && basename(dirname2(path)) !== PROFILES_DIR_NAME) {
+function writeConfig(config2, path2 = defaultConfigPath()) {
+  writeConfigFile(config2, path2);
+  if (config2.userEmail && config2.serverUrl && basename(dirname2(path2)) !== PROFILES_DIR_NAME) {
     writeConfigFile(
       config2,
       join2(
-        dirname2(path),
+        dirname2(path2),
         PROFILES_DIR_NAME,
         profileFileName({
           userEmail: config2.userEmail,
@@ -18226,17 +18545,17 @@ function writeConfig(config2, path = defaultConfigPath()) {
     );
   }
 }
-function writeConfigFile(config2, path) {
-  mkdirSync2(dirname2(path), { recursive: true });
+function writeConfigFile(config2, path2) {
+  mkdirSync2(dirname2(path2), { recursive: true });
   const lines = CONFIG_KEYS.filter((key) => config2[key]).map(
     (key) => `${key}: ${config2[key]}`
   );
-  writeFileSync2(path, `${lines.join("\n")}
+  writeFileSync2(path2, `${lines.join("\n")}
 `, {
     encoding: "utf8",
     mode: 384
   });
-  chmodSync(path, 384);
+  chmodSync(path2, 384);
 }
 var CONFIG_KEYS;
 var init_file = __esm({
@@ -18394,38 +18713,38 @@ var init_http = __esm({
 });
 
 // src/lib/api/paths.ts
-function apiPath(path = "") {
-  return `${API_PREFIX}${cleanSubpath(path)}`;
+function apiPath(path2 = "") {
+  return `${API_PREFIX}${cleanSubpath(path2)}`;
 }
-function orgApiPath(organizationId, path = "") {
-  return apiPath(orgSubpath(organizationId, path));
+function orgApiPath(organizationId, path2 = "") {
+  return apiPath(orgSubpath(organizationId, path2));
 }
-function projectApiPath(project, path = "") {
+function projectApiPath(project, path2 = "") {
   return apiPath(
     orgSubpath(
       project.organizationId,
-      `/projects/${encodeURIComponent(project.projectId)}${cleanSubpath(path)}`
+      `/projects/${encodeURIComponent(project.projectId)}${cleanSubpath(path2)}`
     )
   );
 }
-function sessionApiPath(project, sessionName, path = "") {
+function sessionApiPath(project, sessionName, path2 = "") {
   return projectApiPath(
     project,
-    `/sessions/${encodeURIComponent(sessionName)}${cleanSubpath(path)}`
+    `/sessions/${encodeURIComponent(sessionName)}${cleanSubpath(path2)}`
   );
 }
-function runApiPath(runId, path = "") {
-  return apiPath(`/runs/${encodeURIComponent(runId)}${cleanSubpath(path)}`);
+function runApiPath(runId, path2 = "") {
+  return apiPath(`/runs/${encodeURIComponent(runId)}${cleanSubpath(path2)}`);
 }
-function cleanSubpath(path) {
-  const trimmed = path.trim();
+function cleanSubpath(path2) {
+  const trimmed = path2.trim();
   if (!trimmed) {
     return "";
   }
   return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
 }
-function orgSubpath(organizationId, path = "") {
-  return `/orgs/${encodeURIComponent(organizationId)}${cleanSubpath(path)}`;
+function orgSubpath(organizationId, path2 = "") {
+  return `/orgs/${encodeURIComponent(organizationId)}${cleanSubpath(path2)}`;
 }
 var API_PREFIX;
 var init_paths = __esm({
@@ -18717,9 +19036,9 @@ async function deleteProjectResource(context, request, options) {
   };
 }
 async function applyProjectResources(context, request, options) {
-  const path = projectApplyPath(context);
+  const path2 = projectApplyPath(context);
   const response = await context.authenticatedFetch(
-    context.apiUrl(path, options.apiBaseUrl),
+    context.apiUrl(path2, options.apiBaseUrl),
     {
       method: "POST",
       headers: {
@@ -18816,8 +19135,8 @@ function createApiClient(input) {
       explicit
     });
   }
-  function apiUrl(path, explicit) {
-    return `${apiBaseUrl(explicit)}${path}`;
+  function apiUrl(path2, explicit) {
+    return `${apiBaseUrl(explicit)}${path2}`;
   }
   function activeProject() {
     const config2 = readConfig(input.configPath);
@@ -18986,10 +19305,11 @@ function createApiClient(input) {
       headers: bootstrapAuthHeaders(init.headers)
     });
   }
-  async function requestJson(path, options = {}) {
-    const url2 = new URL(apiUrl(path, options.apiBaseUrl));
-    for (const [name, value] of Object.entries(options.searchParams ?? {})) {
-      url2.searchParams.set(name, value);
+  async function requestJson(path2, options = {}) {
+    const url2 = new URL(apiUrl(path2, options.apiBaseUrl));
+    const searchParamEntries = Array.isArray(options.searchParams) ? options.searchParams : Object.entries(options.searchParams ?? {});
+    for (const [name, value] of searchParamEntries) {
+      url2.searchParams.append(name, value);
     }
     const response = await authenticatedFetch(
       url2.toString(),
@@ -19370,7 +19690,7 @@ function createApiClient(input) {
     }),
     async setSecret(name, request, options = {}) {
       const organization = activeOrganization();
-      const path = options.projectId ? projectApiPath(
+      const path2 = options.projectId ? projectApiPath(
         {
           organizationId: organization.organizationId,
           projectId: options.projectId
@@ -19381,7 +19701,7 @@ function createApiClient(input) {
         `/secrets/${encodeURIComponent(name)}`
       );
       const response = await authenticatedFetch(
-        apiUrl(path, options.apiBaseUrl),
+        apiUrl(path2, options.apiBaseUrl),
         {
           method: "PUT",
           headers: {
@@ -19398,7 +19718,7 @@ function createApiClient(input) {
     },
     async listSecrets(options = {}) {
       const organization = activeOrganization();
-      const path = options.projectId ? projectApiPath(
+      const path2 = options.projectId ? projectApiPath(
         {
           organizationId: organization.organizationId,
           projectId: options.projectId
@@ -19406,7 +19726,7 @@ function createApiClient(input) {
         "/secrets"
       ) : orgApiPath(organization.organizationId, "/secrets");
       const response = await authenticatedFetch(
-        apiUrl(path, options.apiBaseUrl),
+        apiUrl(path2, options.apiBaseUrl),
         {},
         options.apiBaseUrl
       );
@@ -19417,7 +19737,7 @@ function createApiClient(input) {
     },
     async removeSecret(name, options = {}) {
       const organization = activeOrganization();
-      const path = options.projectId ? projectApiPath(
+      const path2 = options.projectId ? projectApiPath(
         {
           organizationId: organization.organizationId,
           projectId: options.projectId
@@ -19428,7 +19748,7 @@ function createApiClient(input) {
         `/secrets/${encodeURIComponent(name)}`
       );
       const response = await authenticatedFetch(
-        apiUrl(path, options.apiBaseUrl),
+        apiUrl(path2, options.apiBaseUrl),
         {
           method: "DELETE"
         },
@@ -19729,7 +20049,7 @@ function createApiClient(input) {
         sessionApiPath(scope, sessionName, "/runs"),
         {
           apiBaseUrl: options.apiBaseUrl,
-          searchParams: options.includeArchived ? { include_archived: "true" } : void 0
+          searchParams: runListSearchParams(options)
         }
       );
     },
@@ -19737,7 +20057,87 @@ function createApiClient(input) {
       const scope = activeProject();
       return requestJson(projectApiPath(scope, "/runs"), {
         apiBaseUrl: options.apiBaseUrl,
-        searchParams: options.includeArchived ? { include_archived: "true" } : void 0
+        searchParams: runListSearchParams(options)
+      });
+    },
+    async getRunSummary(runId, options = {}) {
+      return requestJson(runApiPath(runId, "/summary"), {
+        apiBaseUrl: options.apiBaseUrl
+      });
+    },
+    async getRunConversation(runId, options = {}) {
+      const searchParams = [];
+      if (options.cursor) searchParams.push(["cursor", options.cursor]);
+      if (options.before !== void 0)
+        searchParams.push(["before", String(options.before)]);
+      if (options.limit !== void 0)
+        searchParams.push(["limit", String(options.limit)]);
+      if (options.order) searchParams.push(["order", options.order]);
+      for (const kind of options.kinds ?? []) searchParams.push(["kind", kind]);
+      for (const role of options.roles ?? []) searchParams.push(["role", role]);
+      return requestJson(
+        runApiPath(runId, "/conversation"),
+        {
+          apiBaseUrl: options.apiBaseUrl,
+          searchParams
+        }
+      );
+    },
+    async searchRunConversation(runId, queries, options = {}) {
+      const searchParams = queries.map((query) => [
+        "q",
+        query
+      ]);
+      if (options.after !== void 0)
+        searchParams.push(["after", String(options.after)]);
+      for (const kind of options.kinds ?? []) searchParams.push(["kind", kind]);
+      for (const role of options.roles ?? []) searchParams.push(["role", role]);
+      if (options.limit !== void 0)
+        searchParams.push(["limit", String(options.limit)]);
+      return requestJson(
+        runApiPath(runId, "/conversation/search"),
+        {
+          apiBaseUrl: options.apiBaseUrl,
+          searchParams
+        }
+      );
+    },
+    async listRunToolExchanges(runId, options = {}) {
+      const searchParams = [];
+      if (options.toolName) searchParams.push(["toolName", options.toolName]);
+      if (options.errorsOnly) searchParams.push(["errorsOnly", "true"]);
+      if (options.after !== void 0)
+        searchParams.push(["after", String(options.after)]);
+      if (options.before !== void 0)
+        searchParams.push(["before", String(options.before)]);
+      if (options.order) searchParams.push(["order", options.order]);
+      if (options.limit !== void 0)
+        searchParams.push(["limit", String(options.limit)]);
+      return requestJson(
+        runApiPath(runId, "/tools"),
+        {
+          apiBaseUrl: options.apiBaseUrl,
+          searchParams
+        }
+      );
+    },
+    async listRunTriggers(runId, options = {}) {
+      return requestJson(runApiPath(runId, "/triggers"), {
+        apiBaseUrl: options.apiBaseUrl,
+        searchParams: options.payload ? { payload: options.payload } : void 0
+      });
+    },
+    async listRunArtifacts(runId, options = {}) {
+      return requestJson(
+        runApiPath(runId, "/artifacts"),
+        {
+          apiBaseUrl: options.apiBaseUrl
+        }
+      );
+    },
+    async listRunCommands(runId, options = {}) {
+      return requestJson(runApiPath(runId, "/commands"), {
+        apiBaseUrl: options.apiBaseUrl
       });
     },
     getOperatorInfo() {
@@ -19797,6 +20197,22 @@ function createApiClient(input) {
     }
   };
 }
+function runListSearchParams(options) {
+  const searchParams = [];
+  if (options.includeArchived) {
+    searchParams.push(["include_archived", "true"]);
+  }
+  for (const status of options.statuses ?? []) {
+    searchParams.push(["status", status]);
+  }
+  if (options.since) {
+    searchParams.push(["created_after", options.since]);
+  }
+  if (options.limit !== void 0) {
+    searchParams.push(["limit", String(options.limit)]);
+  }
+  return searchParams;
+}
 var init_client = __esm({
   "src/lib/api/client.ts"() {
     "use strict";
@@ -19831,9 +20247,9 @@ var init_browser = __esm({
 });
 
 // src/lib/oauth/loopback.ts
-import { createServer } from "http";
+import { createServer as createServer2 } from "http";
 async function createOAuthLoopbackCallback(input) {
-  const path = input?.path ?? "/callback";
+  const path2 = input?.path ?? "/callback";
   const successHtml = input?.successHtml ?? renderOAuthLoopbackPage({
     status: "success",
     eyebrow: "Auto",
@@ -19852,9 +20268,9 @@ async function createOAuthLoopbackCallback(input) {
     resolveResult = resolve2;
     rejectResult = reject;
   });
-  const server = createServer((request, response) => {
+  const server = createServer2((request, response) => {
     const url2 = new URL(request.url ?? "/", "http://127.0.0.1");
-    if (url2.pathname !== path) {
+    if (url2.pathname !== path2) {
       response.writeHead(404).end("Not found");
       return;
     }
@@ -19896,7 +20312,7 @@ async function createOAuthLoopbackCallback(input) {
   const address = server.address();
   return {
     close: () => server.close(),
-    redirectUri: `http://127.0.0.1:${address.port}${path}`,
+    redirectUri: `http://127.0.0.1:${address.port}${path2}`,
     result
   };
 }
@@ -20278,12 +20694,12 @@ function readProjectApplyRequest(options) {
     throw new Error(`No resource files found in ${directory}`);
   }
   const resources = [];
-  for (const { kind, path } of files) {
-    const request = readApplyDocumentFile(path);
+  for (const { kind, path: path2 } of files) {
+    const request = readApplyDocumentFile(path2);
     for (const resource of request.resources) {
       if (resource.kind !== kind) {
         throw new Error(
-          `Resource kind "${resource.kind}" in ${path} does not match .auto/${APPLY_DIRECTORIES[kind]}`
+          `Resource kind "${resource.kind}" in ${path2} does not match .auto/${APPLY_DIRECTORIES[kind]}`
         );
       }
       resources.push(resource);
@@ -20335,15 +20751,15 @@ function applyFiles(root) {
   const files = [];
   for (const kind of APPLY_RESOURCE_ORDER) {
     const directory = APPLY_DIRECTORIES[kind];
-    const path = join3(root, directory);
+    const path2 = join3(root, directory);
     let entries;
     try {
-      entries = readdirSync(path, { withFileTypes: true });
+      entries = readdirSync(path2, { withFileTypes: true });
     } catch {
       continue;
     }
     files.push(
-      ...resourceApplyFiles(path, entries).map((file2) => ({
+      ...resourceApplyFiles(path2, entries).map((file2) => ({
         kind,
         path: file2
       }))
@@ -20351,8 +20767,8 @@ function applyFiles(root) {
   }
   return files;
 }
-function readApplyDocumentFile(path) {
-  const source = readFileSync3(path, "utf8");
+function readApplyDocumentFile(path2) {
+  const source = readFileSync3(path2, "utf8");
   let documents;
   try {
     documents = parseYamlDocuments(source).filter((document) => document.contents !== null).map((document) => document.toJSON());
@@ -20362,7 +20778,7 @@ function readApplyDocumentFile(path) {
     );
   }
   if (documents.length === 0) {
-    throw new Error(`Invalid apply file: ${path} is empty`);
+    throw new Error(`Invalid apply file: ${path2} is empty`);
   }
   if (documents.length === 1) {
     const system = ProjectApplySystemConfigSchema.safeParse(documents[0]);
@@ -20488,8 +20904,8 @@ function applyFileProjectRoot(file2) {
     dir = parent;
   }
 }
-function isInside(path, parent) {
-  return path.startsWith(`${parent}/`);
+function isInside(path2, parent) {
+  return path2.startsWith(`${parent}/`);
 }
 function applyCandidate(document) {
   if (!isRecord(document) || !("kind" in document)) {
@@ -20515,15 +20931,15 @@ function isRecord(value) {
 function resourceApplyFiles(directory, entries) {
   const files = [];
   for (const entry of entries) {
-    const path = join3(directory, entry.name);
+    const path2 = join3(directory, entry.name);
     if (entry.isDirectory()) {
       files.push(
-        ...resourceApplyFiles(path, readdirSync(path, { withFileTypes: true }))
+        ...resourceApplyFiles(path2, readdirSync(path2, { withFileTypes: true }))
       );
       continue;
     }
     if (entry.isFile() && /\.(json|ya?ml)$/i.test(entry.name)) {
-      files.push(path);
+      files.push(path2);
     }
   }
   return files.sort((left, right) => left.localeCompare(right));
@@ -20677,8 +21093,8 @@ function listProfiles(configPath = defaultConfigPath()) {
     throw err;
   }
   return entries.filter((entry) => entry.endsWith(".yaml")).sort().map((entry) => {
-    const path = join4(dir, entry);
-    return { path, config: readConfig(path) };
+    const path2 = join4(dir, entry);
+    return { path: path2, config: readConfig(path2) };
   }).filter((profile) => profile.config.userEmail);
 }
 function findAccountProfile(input) {
@@ -21183,7 +21599,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@autohq/cli",
-      version: "0.1.88",
+      version: "0.1.90",
       license: "SEE LICENSE IN README.md",
       publishConfig: {
         access: "public"
@@ -23866,7 +24282,10 @@ function sessionRunsQueryOptions(client, sessionName, apiUrl, includeArchived =
     queryFn: async () => {
       const res = await client.listSessionRuns(sessionName ?? "", {
         apiBaseUrl: apiUrl,
-        includeArchived
+        includeArchived,
+        // The run-list routes default to 50; ask for the server max so the
+        // TUI keeps showing deep history.
+        limit: TUI_RUN_LIST_LIMIT
       });
       return res.runs;
     },
@@ -23880,7 +24299,8 @@ function runsQueryOptions(client, apiUrl, includeArchived = false) {
     queryFn: async () => {
       const res = await client.listRuns({
         apiBaseUrl: apiUrl,
-        includeArchived
+        includeArchived,
+        limit: TUI_RUN_LIST_LIMIT
       });
       return res.runs;
     },
@@ -23996,12 +24416,13 @@ function invalidateRunsQueries(queryClient, apiUrl, runs) {
     });
   }
 }
-var queryKeys, RUNS_REFETCH_INTERVAL_MS;
+var TUI_RUN_LIST_LIMIT, queryKeys, RUNS_REFETCH_INTERVAL_MS;
 var init_queries = __esm({
   "src/tui/hooks/queries.ts"() {
     "use strict";
     init_src();
     init_ApiClientContext();
+    TUI_RUN_LIST_LIMIT = 200;
     queryKeys = {
       environments: (apiUrl) => ["environments", apiUrl],
       profiles: (apiUrl) => ["profiles", apiUrl],
@@ -24359,7 +24780,7 @@ var init_SessionsView = __esm({
 
 // src/tui/SpecInspector.tsx
 import { Box as Box12, Text as Text13 } from "ink";
-import { stringify as stringify3 } from "yaml";
+import { stringify as stringify4 } from "yaml";
 import { jsx as jsx13, jsxs as jsxs11 } from "react/jsx-runtime";
 function SpecInspector({
   kind,
@@ -24390,7 +24811,7 @@ function specLineCount(spec) {
   return yamlLines(spec).length;
 }
 function yamlLines(spec) {
-  return stringify3(spec).trimEnd().split("\n");
+  return stringify4(spec).trimEnd().split("\n");
 }
 function YamlLine({ line }) {
   const match = /^(\s*)([^:#][^:]*:)(.*)$/.exec(line);
@@ -26304,6 +26725,156 @@ var init_launcher = __esm({
 // src/cli/program.ts
 import { Command, Option as Option3 } from "commander";
 
+// src/commands/agent-bridge/git-credentials.ts
+import { once } from "events";
+import { chmod, mkdir, readFile, writeFile } from "fs/promises";
+import { createServer } from "http";
+import { homedir } from "os";
+import path from "path";
+var RELAY_PATH = "/git-credential";
+function defaultGitCredentialPortFilePath() {
+  return path.join(homedir(), ".auto", "agent-bridge", "git-credential.json");
+}
+async function startGitCredentialRelay(input) {
+  const fetchImpl = input.fetchImpl ?? fetch;
+  let target = { url: input.url, accessToken: input.accessToken };
+  const server = createServer((request, response) => {
+    if (request.method !== "POST" || request.url !== RELAY_PATH) {
+      response.writeHead(404).end();
+      return;
+    }
+    const chunks = [];
+    request.on("data", (chunk) => chunks.push(chunk));
+    request.on("end", () => {
+      void (async () => {
+        try {
+          const upstream = await fetchImpl(target.url, {
+            method: "POST",
+            headers: {
+              authorization: `Bearer ${target.accessToken}`,
+              "content-type": "application/json"
+            },
+            body: Buffer.concat(chunks).toString("utf8") || "{}"
+          });
+          const body = await upstream.text();
+          response.writeHead(upstream.status, {
+            "content-type": upstream.headers.get("content-type") ?? "application/json"
+          }).end(body);
+        } catch (error51) {
+          response.writeHead(502, { "content-type": "application/json" }).end(
+            JSON.stringify({
+              error: error51 instanceof Error ? error51.message : String(error51)
+            })
+          );
+        }
+      })();
+    });
+  });
+  server.listen(0, "127.0.0.1");
+  await once(server, "listening");
+  server.unref();
+  const address = server.address();
+  if (!address || typeof address !== "object") {
+    server.close();
+    throw new Error("git credential relay failed to bind a loopback port");
+  }
+  const portFilePath = input.portFilePath ?? defaultGitCredentialPortFilePath();
+  await mkdir(path.dirname(portFilePath), { recursive: true });
+  await writeFile(portFilePath, JSON.stringify({ port: address.port }), {
+    mode: 384
+  });
+  await chmod(portFilePath, 384);
+  return {
+    port: address.port,
+    update: (next) => {
+      target = { url: next.url, accessToken: next.accessToken };
+    },
+    close: () => new Promise((resolve2) => {
+      server.close(() => resolve2());
+    })
+  };
+}
+async function runGitCredentialHelper(input) {
+  if (input.args.includes("--check")) {
+    return 0;
+  }
+  const operation = input.args.find((arg) => !arg.startsWith("-"));
+  if (operation === "store" || operation === "erase") {
+    return 0;
+  }
+  if (operation !== "get") {
+    input.writeError(`unsupported git credential operation: ${operation}`);
+    return 1;
+  }
+  try {
+    const attributes = parseGitCredentialAttributes(
+      await readStream(input.stdin)
+    );
+    if (attributes.protocol !== "https" || attributes.host !== "github.com") {
+      return 1;
+    }
+    const portFilePath = input.portFilePath ?? defaultGitCredentialPortFilePath();
+    const portFile = JSON.parse(await readFile(portFilePath, "utf8"));
+    if (typeof portFile.port !== "number") {
+      input.writeError("git credential relay port file is malformed");
+      return 1;
+    }
+    const response = await (input.fetchImpl ?? fetch)(
+      `http://127.0.0.1:${portFile.port}${RELAY_PATH}`,
+      {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+          host: attributes.host,
+          ...attributes.path ? { path: attributes.path } : {}
+        })
+      }
+    );
+    if (!response.ok) {
+      input.writeError(
+        `git credential broker rejected the request: ${response.status}`
+      );
+      return 1;
+    }
+    const credential = await response.json();
+    if (!credential.username || !credential.password) {
+      input.writeError("git credential broker returned no credential");
+      return 1;
+    }
+    input.writeOutput(`username=${credential.username}`);
+    input.writeOutput(`password=${credential.password}`);
+    const expiryUtc = credential.expiresAt ? Math.floor(new Date(credential.expiresAt).getTime() / 1e3) : void 0;
+    if (expiryUtc && Number.isFinite(expiryUtc)) {
+      input.writeOutput(`password_expiry_utc=${expiryUtc}`);
+    }
+    return 0;
+  } catch (error51) {
+    input.writeError(error51 instanceof Error ? error51.message : String(error51));
+    return 1;
+  }
+}
+function parseGitCredentialAttributes(raw) {
+  const attributes = {};
+  for (const line of raw.split("\n")) {
+    if (!line.trim()) {
+      continue;
+    }
+    const separator = line.indexOf("=");
+    if (separator <= 0) {
+      continue;
+    }
+    attributes[line.slice(0, separator)] = line.slice(separator + 1);
+  }
+  return attributes;
+}
+async function readStream(stream) {
+  const chunks = [];
+  for await (const chunk of stream) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  return Buffer.concat(chunks).toString("utf8");
+}
+
 // ../../packages/protocol/src/index.ts
 init_zod();
 var OpaqueIdSchema = external_exports.string().trim().min(1);
@@ -26412,7 +26983,14 @@ var AgentBridgeClaudeConfigSchema = external_exports.object({
 var RuntimeBridgeBootstrapPlaintextSchema = external_exports.object({
   version: external_exports.literal(1),
   outputSeqStart: external_exports.number().int().nonnegative(),
-  claude: AgentBridgeClaudeConfigSchema
+  claude: AgentBridgeClaudeConfigSchema,
+  // Endpoint + run token for the git credential broker. Present only when
+  // the run has GitHub App git mounts; rides the encrypted bootstrap so the
+  // token lives in agent-bridge memory, never on disk.
+  gitCredentials: external_exports.object({
+    url: external_exports.string().trim().min(1),
+    accessToken: external_exports.string().trim().min(1)
+  }).strict().optional()
 }).strict();
 var RuntimeBridgeEncryptedBootstrapSchema = external_exports.object({
   version: external_exports.literal(1),
@@ -26639,6 +27217,7 @@ async function runAgentBridgeSocket(options) {
       RUNTIME_BRIDGE_BOOTSTRAP_EVENT,
       createRuntimeBridgeBootstrapListener({
         token: options.token,
+        onBootstrap: options.onBootstrap,
         createHandler: (bootstrap) => options.createHandler({
           emitOutput: (output) => emitOutputWithAck(socket, output),
           claude: bootstrap.claude,
@@ -26737,6 +27316,7 @@ function createRuntimeBridgeBootstrapListener(input) {
       input.writeOutput?.(
         `agent_bridge_bootstrap_decrypted duration_ms=${Date.now() - decryptStartedAt}`
       );
+      await input.onBootstrap?.(bootstrap);
       let handler = input.getHandler();
       if (!handler) {
         handler = input.createHandler(bootstrap);
@@ -27573,21 +28153,21 @@ import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 import { dirname } from "path";
 var AGENT_BRIDGE_RUNTIME_DIR = "/tmp/auto-bridge-runtime";
 var CLAUDE_SESSION_RESUME_PATH = `${AGENT_BRIDGE_RUNTIME_DIR}/claude-session-id`;
-function fileClaudeSessionResumeStore(path = CLAUDE_SESSION_RESUME_PATH) {
+function fileClaudeSessionResumeStore(path2 = CLAUDE_SESSION_RESUME_PATH) {
   return {
     read(runId) {
-      if (!existsSync(path)) {
+      if (!existsSync(path2)) {
         return null;
       }
-      const record2 = parseResumeRecord(readFileSync(path, "utf8"));
+      const record2 = parseResumeRecord(readFileSync(path2, "utf8"));
       if (!record2 || record2.runId !== runId) {
         return null;
       }
       return record2.sessionId;
     },
     write(record2) {
-      mkdirSync(dirname(path), { recursive: true });
-      writeFileSync(path, `${JSON.stringify(record2)}
+      mkdirSync(dirname(path2), { recursive: true });
+      writeFileSync(path2, `${JSON.stringify(record2)}
 `, "utf8");
     }
   };
@@ -27956,7 +28536,10 @@ function deliveryMessage(delivery) {
 // src/commands/agent-bridge/entrypoint.ts
 async function runAgentBridgeProcess(input) {
   const runAgentBridge = input.runAgentBridge ?? runAgentBridgeClaudeCode;
-  await runAgentBridge(agentBridgeOptionsFromEnv(input));
+  await runAgentBridge({
+    ...agentBridgeOptionsFromEnv(input),
+    onBootstrap: createGitCredentialRelayStarter(input.writeOutput)
+  });
 }
 function agentBridgeOptionsFromEnv(input) {
   return {
@@ -27965,6 +28548,37 @@ function agentBridgeOptionsFromEnv(input) {
     writeOutput: input.writeOutput
   };
 }
+function createGitCredentialRelayStarter(writeOutput) {
+  let relay;
+  let startup;
+  return async (bootstrap) => {
+    const gitCredentials = bootstrap.gitCredentials;
+    if (!gitCredentials) {
+      return;
+    }
+    if (relay) {
+      relay.update(gitCredentials);
+      return;
+    }
+    if (startup) {
+      const started = await startup;
+      started?.update(gitCredentials);
+      return;
+    }
+    startup = startGitCredentialRelay(gitCredentials).then((started) => {
+      relay = started;
+      writeOutput?.(`agent_bridge_git_credential_relay port=${started.port}`);
+      return started;
+    }).catch((error51) => {
+      startup = void 0;
+      writeOutput?.(
+        `agent_bridge_git_credential_relay_failed error=${error51 instanceof Error ? error51.message : String(error51)}`
+      );
+      return void 0;
+    });
+    await startup;
+  };
+}
 function requiredEnv(env, key) {
   const value = env[key]?.trim();
   if (!value) {
@@ -27975,12 +28589,25 @@ function requiredEnv(env, key) {
 
 // src/commands/agent-bridge/commands.ts
 function registerAgentBridgeCommands(program, context) {
-  program.command("agent-bridge", { hidden: true }).description("Run the internal runtime bridge wrapper.").action(async () => {
+  const agentBridge = program.command("agent-bridge", { hidden: true }).description("Run the internal runtime bridge wrapper.").action(async () => {
     await runAgentBridgeProcess({
       env: context.env,
       writeOutput: context.writeOutput
     });
   });
+  agentBridge.command("git-credential [operation]").description("git credential helper backed by the run's broker endpoint.").option("--check", "Exit 0 when the helper is available.").allowUnknownOption(true).action(async (operation, options) => {
+    const exitCode = await runGitCredentialHelper({
+      args: [
+        ...options.check ? ["--check"] : [],
+        ...operation ? [operation] : []
+      ],
+      stdin: process.stdin,
+      writeOutput: context.writeOutput,
+      writeError: (line) => process.stderr.write(`${line}
+`)
+    });
+    process.exitCode = exitCode;
+  });
 }
 
 // src/cli/options.ts
@@ -30424,26 +31051,292 @@ function validateNonNegativeInteger(value, label) {
   }
 }
 
+// src/commands/runs/introspect.ts
+var PREVIEW_CHARS = 160;
+async function handleRunsShow(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const apiBaseUrl = apiUrlFromOptions(context, options);
+  const [run, summary] = await Promise.all([
+    client.getRun(runId, { apiBaseUrl }),
+    client.getRunSummary(runId, { apiBaseUrl })
+  ]);
+  context.io.writeResult({ run, summary }, formatRunShowText);
+}
+function formatRunShowText(result, writeLine) {
+  const { summary } = result;
+  writeLine(
+    `${summary.run.id} ${summary.run.status} session=${summary.run.sessionName} profile=${summary.run.profileName}`
+  );
+  if (summary.run.displayTitle) {
+    writeLine(`title: ${summary.run.displayTitle}`);
+  }
+  writeLine(
+    `created=${summary.run.createdAt} started=${summary.run.startedAt ?? "-"} finished=${summary.run.finishedAt ?? "-"}`
+  );
+  writeLine(
+    `timing: queued=${formatMs(summary.timing.queuedMs)} active=${formatMs(summary.timing.activeMs)} total=${formatMs(summary.timing.totalMs)}`
+  );
+  writeLine(
+    `entries=${summary.conversation.entryCount} failed=${summary.conversation.failedEntryCount} turns=${summary.turns.length} lastSequence=${summary.conversation.lastSequence}`
+  );
+  writeLine(
+    `trigger: spawn=${summary.trigger.spawn} signaled=${summary.trigger.signaledCount} dropped=${summary.trigger.droppedCount}`
+  );
+  if (summary.artifacts.count > 0) {
+    writeLine(
+      `artifacts: ${summary.artifacts.count} (${summary.artifacts.types.join(", ")})`
+    );
+  }
+  writeLine(
+    `commands: ${summary.commands.total} failed=${summary.commands.failed}`
+  );
+  if (summary.tools.length > 0) {
+    writeLine("tools:");
+    for (const tool of summary.tools) {
+      writeLine(
+        `  ${tool.name} calls=${tool.calls} errors=${tool.errors} p50=${formatMs(tool.durationMs.p50)} max=${formatMs(tool.durationMs.max)}`
+      );
+    }
+  }
+  for (const check2 of summary.checks) {
+    writeLine(
+      `check: ${check2.name} ${check2.status}${check2.conclusion ? ` ${check2.conclusion}` : ""}`
+    );
+  }
+  if (summary.run.error !== null) {
+    writeLine(`error: ${JSON.stringify(summary.run.error)}`);
+  }
+}
+async function handleRunsConversation(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const tailMode = !options.after;
+  const response = await client.getRunConversation(runId, {
+    apiBaseUrl: apiUrlFromOptions(context, options),
+    cursor: options.after,
+    before: options.before,
+    order: tailMode ? "desc" : "asc",
+    limit: options.tail ?? 25,
+    kinds: options.kind
+  });
+  const events = [...response.events].sort((a, b) => a.sequence - b.sequence);
+  context.io.writeResult(
+    {
+      runId,
+      events,
+      cursor: response.cursor,
+      hasMore: response.hasMore,
+      full: Boolean(options.full),
+      tailMode
+    },
+    formatConversationText
+  );
+}
+function formatConversationText(result, writeLine) {
+  if (result.events.length === 0) {
+    writeLine("No conversation entries.");
+    return;
+  }
+  for (const event of result.events) {
+    const failed = event.status === "failed" ? " FAILED" : "";
+    writeLine(
+      `${event.sequence} ${event.role}/${event.kind}${failed}: ${entryPreview(event, result.full)}`
+    );
+  }
+  if (result.hasMore) {
+    if (result.tailMode) {
+      const oldest = result.events[0]?.sequence;
+      writeLine(
+        `(more older entries; rerun with --before ${oldest ?? "<sequence>"})`
+      );
+    } else {
+      writeLine(`(more entries; continue with --after ${result.cursor})`);
+    }
+  }
+}
+async function handleRunsSearch(context, runId, queries, options = {}) {
+  const client = createContextApiClient(context);
+  const response = await client.searchRunConversation(runId, queries, {
+    apiBaseUrl: apiUrlFromOptions(context, options),
+    kinds: options.kind,
+    after: options.after,
+    limit: options.limit
+  });
+  context.io.writeResult({ runId, queries, ...response }, formatSearchText);
+}
+function formatSearchText(result, writeLine) {
+  if (result.matches.length === 0) {
+    writeLine(`No matches for: ${result.queries.join(", ")}`);
+    return;
+  }
+  for (const match of result.matches) {
+    for (const snippet of match.snippets) {
+      writeLine(
+        `${match.sequence} ${match.kind} [${snippet.query}]: ${singleLine(snippet.text)}`
+      );
+    }
+  }
+  if (result.hasMore) {
+    writeLine(
+      `(more scanned entries; continue with --after ${result.nextAfterSequence ?? "<sequence>"})`
+    );
+  }
+}
+async function handleRunsTools(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const response = await client.listRunToolExchanges(runId, {
+    apiBaseUrl: apiUrlFromOptions(context, options),
+    toolName: options.tool,
+    errorsOnly: options.errors,
+    after: options.after,
+    before: options.before,
+    limit: options.limit
+  });
+  context.io.writeResult({ runId, ...response }, formatToolsText);
+}
+function formatToolsText(result, writeLine) {
+  if (result.exchanges.length === 0) {
+    writeLine("No tool exchanges.");
+    return;
+  }
+  for (const exchange of result.exchanges) {
+    const duration4 = exchange.durationMs === null ? "-" : `${exchange.durationMs}ms`;
+    const outcome = exchange.isError === null ? "pending" : exchange.isError ? "ERR" : "ok";
+    writeLine(
+      `${exchange.callSequence} ${exchange.name} ${duration4} ${outcome}: ${preview(exchange.input)}`
+    );
+  }
+  if (result.hasMore) {
+    writeLine(
+      `(more exchanges; page older with --before ${result.nextBeforeSequence ?? "<sequence>"})`
+    );
+  }
+}
+async function handleRunsTriggers(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const response = await client.listRunTriggers(runId, {
+    apiBaseUrl: apiUrlFromOptions(context, options)
+  });
+  context.io.writeResult({ runId, ...response }, formatTriggersText);
+}
+function formatTriggersText(result, writeLine) {
+  if (result.spawn) {
+    writeLine(
+      `spawn: ${result.spawn.eventKey} (${result.spawn.originKind}) delivered=${result.spawn.deliveredAt}`
+    );
+  } else if (result.starter) {
+    writeLine(
+      `spawn: ${result.starter.principal.kind === "run" ? "agent" : "manual"} starter=${JSON.stringify(result.starter.principal)}`
+    );
+  } else {
+    writeLine("spawn: manual");
+  }
+  if (result.deliveries.length === 0) {
+    writeLine("No subsequent deliveries.");
+    return;
+  }
+  for (const delivery of result.deliveries) {
+    const reason = delivery.reason ? ` reason=${delivery.reason}` : "";
+    writeLine(
+      `${delivery.deliveredAt} ${delivery.action} ${delivery.eventKey}${reason}`
+    );
+  }
+}
+async function handleRunsArtifacts(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const response = await client.listRunArtifacts(runId, {
+    apiBaseUrl: apiUrlFromOptions(context, options)
+  });
+  context.io.writeResult({ runId, ...response }, formatArtifactsText);
+}
+function formatArtifactsText(result, writeLine) {
+  if (result.artifacts.length === 0) {
+    writeLine("No artifacts currently owned.");
+    return;
+  }
+  for (const artifact of result.artifacts) {
+    writeLine(
+      `${artifact.artifactType} ${artifact.externalId} recorded=${artifact.recordedAt}`
+    );
+  }
+}
+async function handleRunsCommands(context, runId, options = {}) {
+  const client = createContextApiClient(context);
+  const response = await client.listRunCommands(runId, {
+    apiBaseUrl: apiUrlFromOptions(context, options)
+  });
+  context.io.writeResult({ runId, ...response }, formatCommandsText);
+}
+function formatCommandsText(result, writeLine) {
+  if (result.commands.length === 0) {
+    writeLine("No commands.");
+    return;
+  }
+  for (const command of result.commands) {
+    writeLine(
+      `${command.createdAt} ${command.kind} ${command.status} sender=${command.sender.type}: ${preview(command.payload)}`
+    );
+  }
+}
+function formatMs(value) {
+  return value === null ? "-" : `${value}ms`;
+}
+function entryPreview(event, full) {
+  const texts = event.content.parts.map((part) => {
+    switch (part.type) {
+      case "text":
+        return part.text;
+      case "tool_call":
+        return `${part.name} ${stringify3(part.input)}`;
+      case "tool_result":
+        return stringify3(part.output);
+      case "question":
+        return part.questions.map((question) => question.question).join(" ");
+      default:
+        return "";
+    }
+  });
+  const joined = singleLine(texts.join(" "));
+  return full ? joined : clip(joined);
+}
+function preview(value) {
+  return clip(singleLine(stringify3(value)));
+}
+function stringify3(value) {
+  return typeof value === "string" ? value : JSON.stringify(value);
+}
+function singleLine(text) {
+  return text.replace(/\s+/g, " ").trim();
+}
+function clip(text) {
+  return text.length > PREVIEW_CHARS ? `${text.slice(0, PREVIEW_CHARS)}\u2026` : text;
+}
+
 // src/commands/runs/list.ts
 async function handleRunsList(context, sessionName, options = {}) {
-  const result = await fetchSessionRuns(context, sessionName, options);
+  const result = await fetchRuns(context, sessionName, options);
   context.io.writeResult(result, formatRunsText);
 }
-async function fetchSessionRuns(context, sessionName, options) {
+async function fetchRuns(context, sessionName, options) {
   const client = createContextApiClient(context);
-  const response = await client.listSessionRuns(sessionName, {
+  const clientOptions = {
     apiBaseUrl: apiUrlFromOptions(context, options),
-    includeArchived: options.includeArchived
-  });
+    includeArchived: options.includeArchived,
+    statuses: options.status,
+    since: options.since,
+    limit: options.limit
+  };
+  const response = sessionName ? await client.listSessionRuns(sessionName, clientOptions) : await client.listRuns(clientOptions);
   return {
-    session: sessionName,
+    session: sessionName ?? null,
     runs: response.runs,
     includeArchived: Boolean(options.includeArchived)
   };
 }
 function formatRunsText(result, writeLine) {
   if (result.runs.length === 0) {
-    writeLine(`No runs found for session ${result.session}.`);
+    writeLine(
+      result.session ? `No runs found for session ${result.session}.` : "No runs found in the current project."
+    );
     return;
   }
   for (const run of result.runs) {
@@ -30453,13 +31346,63 @@ function formatRunsText(result, writeLine) {
 }
 
 // src/commands/runs/commands.ts
+function collect(value, previous = []) {
+  return [...previous, value];
+}
 function registerRunCommands(program, context) {
   const runs = program.command("runs").description("Inspect session runs.");
-  runs.command("list").description("List runs for a session.").requiredOption("--session <name>", "session name").option("--include-archived", "include archived runs").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(
-    async (options) => {
-      await handleRunsList(context, options.session, options);
+  runs.command("list").description("List runs for a session or the whole project.").option("--session <name>", "session name").option("--include-archived", "include archived runs").option("--status <status>", "filter by run status (repeatable)", collect).option("--since <iso-timestamp>", "only runs created after this time").option("--limit <count>", "maximum runs to return", parsePositiveInteger).option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (options) => {
+    await handleRunsList(context, options.session, options);
+  });
+  runs.command("show").description("Show a run's lifecycle, timing, and behavior summary.").argument("<run-id>", "run id").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (runId, commandOptions) => {
+    await handleRunsShow(context, runId, commandOptions);
+  });
+  runs.command("conversation").description(
+    "Read a snapshot of a run's conversation (most recent entries by default)."
+  ).argument("<run-id>", "run id").option(
+    "--tail <count>",
+    "number of most recent entries",
+    parsePositiveInteger
+  ).option("--after <cursor>", "read forward from an rt:<sequence> cursor").option(
+    "--before <sequence>",
+    "only entries older than this sequence (backward paging)",
+    parsePositiveInteger
+  ).option("--kind <kind>", "filter by entry kind (repeatable)", collect).option("--full", "do not clip entry previews in text output").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(
+    async (runId, commandOptions) => {
+      await handleRunsConversation(context, runId, commandOptions);
     }
   );
+  runs.command("search").description("Grep a run's transcript; multiple query terms OR together.").argument("<run-id>", "run id").argument("<query...>", "search term(s), at least 2 characters each").option("--kind <kind>", "filter by entry kind (repeatable)", collect).option(
+    "--after <sequence>",
+    "only entries after this sequence (forward paging)",
+    parsePositiveInteger
+  ).option("--limit <count>", "maximum matched entries", parsePositiveInteger).option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(
+    async (runId, queries, commandOptions) => {
+      await handleRunsSearch(context, runId, queries, commandOptions);
+    }
+  );
+  runs.command("tools").description("List a run's paired tool calls and results with timing.").argument("<run-id>", "run id").option("--tool <name>", "filter by tool name").option("--errors", "only failed exchanges").option(
+    "--after <sequence>",
+    "only exchanges after this entry sequence",
+    parsePositiveInteger
+  ).option(
+    "--before <sequence>",
+    "only exchanges before this entry sequence (backward paging)",
+    parsePositiveInteger
+  ).option("--limit <count>", "maximum exchanges", parsePositiveInteger).option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(
+    async (runId, commandOptions) => {
+      await handleRunsTools(context, runId, commandOptions);
+    }
+  );
+  runs.command("triggers").description("Show what spawned a run and the events delivered to it.").argument("<run-id>", "run id").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (runId, commandOptions) => {
+    await handleRunsTriggers(context, runId, commandOptions);
+  });
+  runs.command("artifacts").description("List artifacts a run currently owns.").argument("<run-id>", "run id").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (runId, commandOptions) => {
+    await handleRunsArtifacts(context, runId, commandOptions);
+  });
+  runs.command("commands").description("List a run's inbound command history.").argument("<run-id>", "run id").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (runId, commandOptions) => {
+    await handleRunsCommands(context, runId, commandOptions);
+  });
   runs.command("archive").description("Archive runs so they are hidden from default run lists.").argument("<run-ids...>", "run id(s)").option("--api-url <url>", "Auto API base URL").option("--api-base-url <url>", "Auto API base URL").action(async (runIds, commandOptions) => {
     if (runIds.length === 1) {
       await archiveRunAction(context, runIds[0], commandOptions);
@@ -30586,7 +31529,7 @@ async function secretValue(input) {
     }
     value = envValue;
   } else if (input.options.stdin) {
-    value = await readStream(input.stdin, Boolean(input.options.raw));
+    value = await readStream2(input.stdin, Boolean(input.options.raw));
   } else {
     throw new Error(
       "Provide the secret value with --stdin, --value, or --from-env."
@@ -30599,7 +31542,7 @@ async function secretValue(input) {
   }
   return value;
 }
-async function readStream(stream, raw) {
+async function readStream2(stream, raw) {
   const chunks = [];
   for await (const chunk of stream) {
     chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
@@ -30829,7 +31772,7 @@ function withApiBaseUrl2(context, commandOptions) {
 init_resources2();
 init_browser();
 import { existsSync as existsSync2, mkdtempSync as mkdtempSync2, writeFileSync as writeFileSync4 } from "fs";
-import { homedir as homedir2, tmpdir as tmpdir2 } from "os";
+import { homedir as homedir3, tmpdir as tmpdir2 } from "os";
 import { join as join6 } from "path";
 var POLL_INTERVAL_MS = 2e3;
 var POLL_TIMEOUT_MS = 5 * 6e4;
@@ -30991,7 +31934,7 @@ async function promptForIconUploads(input, options) {
   }
 }
 function stagedLocationLabel(stagedPath) {
-  return stagedPath.startsWith(`${join6(homedir2(), "Downloads")}/`) ? "Downloads" : "the printed path";
+  return stagedPath.startsWith(`${join6(homedir3(), "Downloads")}/`) ? "Downloads" : "the printed path";
 }
 async function stageAvatarImage(input) {
   try {
@@ -31003,11 +31946,11 @@ async function stageAvatarImage(input) {
     }
     const contentType = response.headers.get("content-type") ?? "";
     const extension = contentType.includes("jpeg") ? ".jpg" : ".png";
-    const downloads = join6(homedir2(), "Downloads");
+    const downloads = join6(homedir3(), "Downloads");
     const directory = existsSync2(downloads) ? downloads : mkdtempSync2(join6(tmpdir2(), "auto-avatar-"));
-    const path = join6(directory, `${input.session}-avatar${extension}`);
-    writeFileSync4(path, Buffer.from(await response.arrayBuffer()));
-    return path;
+    const path2 = join6(directory, `${input.session}-avatar${extension}`);
+    writeFileSync4(path2, Buffer.from(await response.arrayBuffer()));
+    return path2;
   } catch {
     return void 0;
   }