@bike4mind/cli 0.2.30 → 0.2.31-b4m-cli-undo-command.19534

package/bin/bike4mind-cli.mjs

@@ -88,6 +88,8 @@ const argv = await yargs(hideBin(process.argv))
       })
       .demandCommand(1, 'You must provide a subcommand (list, add, remove, enable, disable)');
   })
+  .command('update', 'Check for and install CLI updates')
+  .command('doctor', 'Run diagnostic checks on CLI installation')
   .help()
   .alias('help', 'h')
   .version()
@@ -149,6 +151,52 @@ if (argv._[0] === 'mcp') {
   }
 }
 
+// Handle update command (external command)
+if (argv._[0] === 'update') {
+  try {
+    let handleUpdateCommand;
+
+    if (isDev) {
+      const { register } = require('tsx/esm/api');
+      register();
+      const module = await import('../src/commands/updateCommand.ts');
+      handleUpdateCommand = module.handleUpdateCommand;
+    } else {
+      const module = await import('../dist/commands/updateCommand.js');
+      handleUpdateCommand = module.handleUpdateCommand;
+    }
+
+    await handleUpdateCommand();
+    process.exit(0);
+  } catch (error) {
+    console.error('Error:', error.message);
+    process.exit(1);
+  }
+}
+
+// Handle doctor command (external command)
+if (argv._[0] === 'doctor') {
+  try {
+    let handleDoctorCommand;
+
+    if (isDev) {
+      const { register } = require('tsx/esm/api');
+      register();
+      const module = await import('../src/commands/doctorCommand.ts');
+      handleDoctorCommand = module.handleDoctorCommand;
+    } else {
+      const module = await import('../dist/commands/doctorCommand.js');
+      handleDoctorCommand = module.handleDoctorCommand;
+    }
+
+    await handleDoctorCommand();
+    process.exit(0);
+  } catch (error) {
+    console.error('Error:', error.message);
+    process.exit(1);
+  }
+}
+
 if (isDev) {
   // Show dev mode indicator for developers
   console.log('🔧 Running in development mode (using TypeScript source)\n');

package/dist/{HydrationEngine-WGYKF46H.js → HydrationEngine-YL2HWJ3V.js}

@@ -2,7 +2,7 @@
 import {
   HydrationEngine,
   createHydrationEngine
-} from "./chunk-RUI6HNLO.js";
+} from "./chunk-GQGOWACU.js";
 export {
   HydrationEngine,
   createHydrationEngine

package/dist/{artifactExtractor-JQMWU272.js → artifactExtractor-T6NJ7V7P.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   CurationArtifactType
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-NI22LIK3.js";
 
 // ../../b4m-core/packages/services/dist/src/notebookCurationService/artifactExtractor.js
 var ARTIFACT_TAG_REGEX = /<artifact\s+(.*?)>([\s\S]*?)<\/artifact>/gi;

package/dist/{chunk-LBTTUQJM.js → chunk-32PKF3N7.js}

@@ -269,24 +269,25 @@ var AuthTokensSchema = z.object({
   userId: z.string()
 });
 var ApiConfigSchema = z.object({
-  customUrl: z.string().url().optional()
+  customUrl: z.url().optional()
 });
 var McpServerSchema = z.object({
   name: z.string(),
   command: z.string().optional(),
   args: z.array(z.string()).optional(),
-  env: z.record(z.string()).default({}),
-  enabled: z.boolean().default(true)
+  env: z.record(z.string(), z.string()).prefault({}),
+  enabled: z.boolean().prefault(true)
 });
 var McpServersSchema = z.union([
   // Array format (B4M native)
   z.array(McpServerSchema),
   // Object format (portable - compatible with Claude Code)
   z.record(
+    z.string(),
     z.object({
       command: z.string().optional(),
       args: z.array(z.string()).optional(),
-      env: z.record(z.string()).optional(),
+      env: z.record(z.string(), z.string()).optional(),
       enabled: z.boolean().optional()
     })
   )
@@ -325,24 +326,24 @@ var CliConfigSchema = z.object({
     maxTokens: z.number(),
     temperature: z.number(),
     autoSave: z.boolean(),
-    autoCompact: z.boolean().optional().default(true),
+    autoCompact: z.boolean().optional().prefault(true),
     theme: z.enum(["light", "dark"]),
     exportFormat: z.enum(["markdown", "json"]),
-    maxIterations: z.number().nullable().default(10),
-    enableSkillTool: z.boolean().optional().default(true)
+    maxIterations: z.number().nullable().prefault(10),
+    enableSkillTool: z.boolean().optional().prefault(true)
   }),
   tools: z.object({
     enabled: z.array(z.string()),
     disabled: z.array(z.string()),
-    config: z.record(z.any())
+    config: z.record(z.string(), z.any())
   }),
-  trustedTools: z.array(z.string()).optional().default([])
+  trustedTools: z.array(z.string()).optional().prefault([])
 });
 var ProjectConfigSchema = z.object({
   tools: z.object({
     enabled: z.array(z.string()).optional(),
     denied: z.array(z.string()).optional(),
-    config: z.record(z.any()).optional()
+    config: z.record(z.string(), z.any()).optional()
   }).optional(),
   defaultModel: z.string().optional(),
   mcpServers: McpServersSchema.optional(),
@@ -432,7 +433,7 @@ async function loadProjectConfig(projectDir) {
       return null;
     }
     if (error instanceof z.ZodError) {
-      console.error("Project config validation error:", error.errors);
+      console.error("Project config validation error:", error.issues);
       return null;
     }
     console.error("Failed to load project config:", error);
@@ -455,7 +456,7 @@ async function loadProjectLocalConfig(projectDir) {
       return null;
     }
     if (error instanceof z.ZodError) {
-      console.error("Project local config validation error:", error.errors);
+      console.error("Project local config validation error:", error.issues);
       return null;
     }
     console.error("Failed to load project local config:", error);
@@ -478,7 +479,7 @@ async function loadMcpJsonConfig(projectDir) {
       return null;
     }
     if (error instanceof z.ZodError) {
-      console.error(".mcp.json validation error:", error.errors);
+      console.error(".mcp.json validation error:", error.issues);
       return null;
     }
     console.error("Failed to load .mcp.json:", error);
@@ -620,7 +621,7 @@ var ConfigStore = class {
         if (error.code === "ENOENT") {
           globalConfig = { ...DEFAULT_CONFIG };
         } else if (error instanceof z.ZodError) {
-          console.error("Global config validation error:", error.errors);
+          console.error("Global config validation error:", error.issues);
           console.error("Using default configuration");
           globalConfig = { ...DEFAULT_CONFIG };
         } else {
@@ -657,7 +658,7 @@ var ConfigStore = class {
         return this.reset();
       }
       if (error instanceof z.ZodError) {
-        console.error("Config validation error:", error.errors);
+        console.error("Config validation error:", error.issues);
         console.error("Resetting to default configuration");
         return this.reset();
       }

package/dist/{chunk-BQAPZP5Y.js → chunk-3SPW5FYJ.js}

@@ -16,10 +16,10 @@ import {
   dayjsConfig_default,
   extractSnippetMeta,
   settingsMap
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-NI22LIK3.js";
 import {
   Logger
-} from "./chunk-OCYRD7D6.js";
+} from "./chunk-PFBYGCOW.js";
 
 // ../../b4m-core/packages/utils/dist/src/storage/S3Storage.js
 import { S3Client, PutObjectCommand, DeleteObjectCommand, GetObjectCommand, HeadObjectCommand } from "@aws-sdk/client-s3";
@@ -591,6 +591,125 @@ function getSettingsCacheStats() {
 // ../../b4m-core/packages/utils/dist/src/ingest.js
 import axios from "axios";
 import mime2 from "mime-types";
+
+// ../../b4m-core/packages/utils/dist/src/ssrfProtection.js
+import dns from "dns";
+import { promisify } from "util";
+var dnsResolve4 = promisify(dns.resolve4);
+var dnsResolve6 = promisify(dns.resolve6);
+function isPrivateIPv4(ip) {
+  const ipv4Match = ip.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!ipv4Match)
+    return false;
+  const [, a, b, c] = ipv4Match.map(Number);
+  if (a === 10)
+    return true;
+  if (a === 172 && b >= 16 && b <= 31)
+    return true;
+  if (a === 192 && b === 168)
+    return true;
+  if (a === 127)
+    return true;
+  if (a === 169 && b === 254)
+    return true;
+  if (a === 0)
+    return true;
+  if (a === 100 && b >= 64 && b <= 127)
+    return true;
+  if (a === 192 && b === 0 && c === 0)
+    return true;
+  if (a === 192 && b === 0 && c === 2 || a === 198 && b === 51 && c === 100 || a === 203 && b === 0 && c === 113)
+    return true;
+  if (a >= 224 && a <= 239)
+    return true;
+  if (a >= 240)
+    return true;
+  return false;
+}
+function isPrivateIPv6(ip) {
+  const normalized = ip.toLowerCase();
+  if (normalized === "::1" || normalized === "0:0:0:0:0:0:0:1")
+    return true;
+  if (normalized === "::" || normalized === "0:0:0:0:0:0:0:0")
+    return true;
+  if (normalized.startsWith("fe8") || normalized.startsWith("fe9") || normalized.startsWith("fea") || normalized.startsWith("feb"))
+    return true;
+  if (normalized.startsWith("fc") || normalized.startsWith("fd"))
+    return true;
+  if (normalized.startsWith("ff"))
+    return true;
+  const ipv4MappedMatch = normalized.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+  if (ipv4MappedMatch) {
+    return isPrivateIPv4(ipv4MappedMatch[1]);
+  }
+  if (normalized.startsWith("2001:db8:") || normalized.startsWith("2001:0db8:"))
+    return true;
+  if (normalized.startsWith("100::") || normalized.startsWith("0100::"))
+    return true;
+  if (normalized.startsWith("64:ff9b:") || normalized.startsWith("0064:ff9b:"))
+    return true;
+  return false;
+}
+function isPrivateIP(ip) {
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(ip)) {
+    return isPrivateIPv4(ip);
+  }
+  return isPrivateIPv6(ip);
+}
+function isPrivateOrInternalHostname(hostname) {
+  const normalized = hostname.toLowerCase();
+  if (normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1" || normalized === "0.0.0.0" || normalized.endsWith(".localhost") || normalized.endsWith(".local")) {
+    return true;
+  }
+  if (normalized === "169.254.169.254" || normalized === "instance-data" || normalized === "metadata.google.internal" || normalized === "metadata.internal") {
+    return true;
+  }
+  if (normalized.endsWith(".cluster.local") || normalized.endsWith(".svc.cluster.local") || normalized.endsWith(".pod.cluster.local")) {
+    return true;
+  }
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(normalized)) {
+    return isPrivateIPv4(normalized);
+  }
+  if (normalized.includes(":")) {
+    return isPrivateIPv6(normalized);
+  }
+  return false;
+}
+async function validateUrlForFetch(url) {
+  try {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return { valid: false, error: "URL must use HTTP or HTTPS protocol" };
+    }
+    if (isPrivateOrInternalHostname(parsed.hostname)) {
+      return { valid: false, error: "URL points to a private or internal network" };
+    }
+    const isIPv4Address = /^(\d{1,3}\.){3}\d{1,3}$/.test(parsed.hostname);
+    const isIPv6Address = parsed.hostname.includes(":");
+    if (!isIPv4Address && !isIPv6Address) {
+      try {
+        const ipv4Addresses = await dnsResolve4(parsed.hostname).catch(() => []);
+        const ipv6Addresses = await dnsResolve6(parsed.hostname).catch(() => []);
+        const allAddresses = [...ipv4Addresses, ...ipv6Addresses];
+        if (allAddresses.length === 0) {
+          return { valid: false, error: "Could not resolve hostname" };
+        }
+        for (const ip of allAddresses) {
+          if (isPrivateIP(ip)) {
+            return { valid: false, error: `Hostname resolves to private IP address (${ip})` };
+          }
+        }
+      } catch {
+        return { valid: false, error: "Could not resolve hostname" };
+      }
+    }
+    return { valid: true };
+  } catch {
+    return { valid: false, error: "Invalid URL format" };
+  }
+}
+
+// ../../b4m-core/packages/utils/dist/src/ingest.js
 var URL_REGEX = /https?:\/\/(?:[-\w.])+(?:\:[0-9]+)?(?:\/(?:[\w\/_.])*(?:\?(?:[\w&=%.])*)?(?:\#(?:[\w.])*)?)?/gi;
 function detectURLs(string) {
   const urlsFound = string.match(URL_REGEX) || [];
@@ -603,15 +722,22 @@ function urlExists(stringWithPossibleUrl) {
   const cleanString = stringWithPossibleUrl.replace(/\n/g, " ").replace(/,/g, " ");
   return detectURLs(cleanString);
 }
+var URL_FETCH_TIMEOUT_MS = 1e4;
 async function fetchAndParseURL(url, { logger }) {
   logger.updateMetadata({ failedUrl: null });
   try {
+    const ssrfValidation = await validateUrlForFetch(url);
+    if (!ssrfValidation.valid) {
+      throw new Error(`URL blocked for security reasons: ${ssrfValidation.error}`);
+    }
     let urlMimeType = "text/plain";
     if (url.split(".")?.pop()?.startsWith("pdf")) {
       urlMimeType = "application/pdf";
     }
     const response = await axios.get(url, {
-      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text"
+      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text",
+      timeout: URL_FETCH_TIMEOUT_MS
+      // Prevent Lambda timeout exhaustion
     });
     const cheerio = await import("cheerio");
     const htmlContent = response.data;
@@ -619,17 +745,19 @@ async function fetchAndParseURL(url, { logger }) {
     const title = $("title").text() || url.split("/")?.pop();
     let urlContent = null;
     switch (urlMimeType) {
-      case "application/pdf":
+      case "application/pdf": {
         const pdfbuffer = Buffer.from(response.data);
         urlContent = pdfbuffer;
         break;
-      default:
+      }
+      default: {
         let textContent = "";
         $("body").find("p").each((index, element) => {
           textContent += $(element).text() + "\n";
         });
         urlContent = textContent || htmlContent;
         break;
+      }
     }
     logger.log(`Fetched ${title} with mimetype ${urlMimeType} and parsed ${url}`);
     return { title, textContent: urlContent, mimeType: urlMimeType, ext: mime2.extension(urlMimeType) || null };
@@ -1155,8 +1283,30 @@ function separateUrls(urls) {
   const nonImageUrls = urls.filter((url) => !imageExtensions.some((ext) => url.toLowerCase().endsWith(ext)));
   return { imageUrls, nonImageUrls };
 }
-var urlContentCache = /* @__PURE__ */ new Map();
-var CACHE_TTL_MS = 5 * 60 * 1e3;
+function sanitizeUrlForLogging(url) {
+  try {
+    const parsed = new URL(url);
+    const sensitiveParams = [
+      "token",
+      "key",
+      "api_key",
+      "apikey",
+      "secret",
+      "password",
+      "session",
+      "auth",
+      "access_token"
+    ];
+    sensitiveParams.forEach((param) => {
+      if (parsed.searchParams.has(param)) {
+        parsed.searchParams.set(param, "[REDACTED]");
+      }
+    });
+    return parsed.toString();
+  } catch {
+    return url.substring(0, 100) + (url.length > 100 ? "..." : "");
+  }
+}
 async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendStatusUpdate, logger, options = { verbose: false }) {
   if (!hasURLs(userPrompt)) {
     if (options?.verbose) {
@@ -1164,6 +1314,7 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     }
     return { userMessages: [], remainingPrompt: userPrompt };
   }
+  const urlContentCache = /* @__PURE__ */ new Map();
   sendStatusUpdate("Processing URLs from user prompt...");
   const userMessages = [];
   const promptMeta = extractSnippetMeta(userPrompt);
@@ -1191,20 +1342,26 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     try {
       const cached = urlContentCache.get(url);
       let textContent;
-      if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
-        if (options?.verbose) {
-          logger.log(`Using cached content for URL: ${url}`);
-        }
-        textContent = cached.content;
+      if (cached) {
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: true,
+          source: "same-request-dedup"
+        });
+        textContent = cached;
       } else {
         const result = await fetchAndParseURL(url, { logger });
         if (typeof result.textContent !== "string")
           throw new Error("textContent is not a string");
         textContent = result.textContent;
-        urlContentCache.set(url, {
-          content: textContent,
-          timestamp: Date.now()
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: false,
+          contentLength: textContent.length
         });
+        urlContentCache.set(url, textContent);
       }
       const message = {
         role: "user",
@@ -7634,7 +7791,7 @@ function secureParameters(params, schema) {
     return schema.parse(params);
   } catch (e) {
     if (isZodError(e)) {
-      throw new UnprocessableEntityError(e.errors.map((err) => `${err.path.join(".")}: ${err.message}`).join(", "));
+      throw new UnprocessableEntityError(e.issues.map((err) => `${err.path.join(".")}: ${err.message}`).join(", "));
     }
     throw new InternalServerError();
   }
@@ -11600,6 +11757,9 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
     "gemini-2.5-flash-preview-05-20": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
     "gemini-1.5-pro": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-opus-20240229"],
     "gemini-1.5-flash": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
+    // Claude 4.5/4.6 Opus models fallback to Sonnet 4.5
+    "claude-opus-4-5-20251101": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
+    "claude-opus-4-6": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
     // Claude models fallback to other Claude models or GPT
     "claude-3-5-sonnet-20241022": ["claude-3-opus-20240229", "gpt-4o", "claude-3-sonnet-20240229"],
     "claude-3-opus-20240229": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-sonnet-20240229"],
@@ -11609,7 +11769,7 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
   };
   const preferences = fallbackPreferences[originalModel.id] || [];
   if (preferences.length === 0) {
-    preferences.push("claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-haiku-20240307");
+    preferences.push("claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001");
   }
   for (const modelId of preferences) {
     const fallbackModel = availableModels.find((m) => m.id === modelId);
@@ -11998,6 +12158,59 @@ function buildVoiceInstructions(baseInstructions, historyContext) {
   return `${baseInstructions}${historyContext}`;
 }
 
+// ../../b4m-core/packages/utils/dist/src/lambdaErrorHandler.js
+var isRegistered = false;
+function classifyError(error) {
+  if (error instanceof TypeError) {
+    if (error.message === "terminated" || error.message.includes("fetch failed")) {
+      return "network_terminated";
+    }
+  }
+  if (error instanceof Error) {
+    if (error.name === "AbortError") {
+      return "network_timeout";
+    }
+    const connectionErrors = ["ECONNRESET", "ETIMEDOUT", "ECONNREFUSED", "EPIPE", "ENOTFOUND"];
+    if (connectionErrors.some((code) => error.message.includes(code))) {
+      return "network_connection";
+    }
+  }
+  return "unhandled_rejection";
+}
+function buildLogEntry(error, category) {
+  return {
+    error: error instanceof Error ? error.message : String(error),
+    stack: error instanceof Error ? error.stack : void 0,
+    category,
+    functionName: process.env.AWS_LAMBDA_FUNCTION_NAME,
+    stage: process.env.SEED_STAGE_NAME,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function registerLambdaErrorHandlers(logger) {
+  if (isRegistered)
+    return;
+  isRegistered = true;
+  const log = logger || console;
+  process.on("unhandledRejection", (reason) => {
+    const category = classifyError(reason);
+    const isNetworkError = category.startsWith("network_");
+    const logEntry = buildLogEntry(reason, category);
+    if (isNetworkError) {
+      log.warn("[Lambda] Network error (unhandled rejection)", logEntry);
+    } else {
+      log.error("[Lambda] Unhandled promise rejection", logEntry);
+    }
+  });
+  process.on("uncaughtException", (error) => {
+    const logEntry = buildLogEntry(error, "uncaught_exception");
+    log.error("[Lambda] Uncaught exception", logEntry);
+  });
+}
+function _resetLambdaErrorHandlers() {
+  isRegistered = false;
+}
+
 export {
   BaseStorage,
   S3Storage,
@@ -12015,6 +12228,9 @@ export {
   warmUpSettingsCache,
   shutdownSettingsCache,
   getSettingsCacheStats,
+  isPrivateIP,
+  isPrivateOrInternalHostname,
+  validateUrlForFetch,
   URL_REGEX,
   detectURLs,
   hasURLs,
@@ -12132,5 +12348,7 @@ export {
   calculateRetryDelay,
   withRetry,
   formatVoiceHistory,
-  buildVoiceInstructions
+  buildVoiceInstructions,
+  registerLambdaErrorHandlers,
+  _resetLambdaErrorHandlers
 };

package/dist/{chunk-U63VANTQ.js → chunk-ERV5G6MX.js}

@@ -7,11 +7,11 @@ import {
   getSettingsMap,
   getSettingsValue,
   secureParameters
-} from "./chunk-BQAPZP5Y.js";
+} from "./chunk-3SPW5FYJ.js";
 import {
   KnowledgeType,
   SupportedFabFileMimeTypes
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-NI22LIK3.js";
 
 // ../../b4m-core/packages/services/dist/src/fabFileService/create.js
 import { z } from "zod";
@@ -20,7 +20,7 @@ var createFabFileSchema = z.object({
   fileName: z.string(),
   mimeType: z.string(),
   fileSize: z.number(),
-  type: z.nativeEnum(KnowledgeType),
+  type: z.enum(KnowledgeType),
   content: z.union([z.string(), z.instanceof(Buffer)]).optional(),
   organizationId: z.string().optional(),
   /**

package/dist/{chunk-LLA44SW7.js → chunk-F4PXVLZX.js}

@@ -2,7 +2,7 @@
 import {
   BadRequestError,
   secureParameters
-} from "./chunk-BQAPZP5Y.js";
+} from "./chunk-3SPW5FYJ.js";
 import {
   CompletionApiUsageTransaction,
   GenericCreditDeductTransaction,
@@ -12,7 +12,7 @@ import {
   TextGenerationUsageTransaction,
   TransferCreditTransaction,
   VideoGenerationUsageTransaction
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-NI22LIK3.js";
 
 // ../../b4m-core/packages/services/dist/src/creditService/subtractCredits.js
 import { z } from "zod";

package/dist/{chunk-RUI6HNLO.js → chunk-GQGOWACU.js}

@@ -595,12 +595,13 @@ var HydrationEngine = class {
         return numericInputs[0] / numericInputs[1];
       case "ABS":
         return numericInputs.length > 0 ? Math.abs(numericInputs[0]) : 0;
-      case "ROUND":
+      case "ROUND": {
         if (numericInputs.length === 0)
           return 0;
         const decimals = numericInputs[1] ?? 0;
         const factor = Math.pow(10, decimals);
         return Math.round(numericInputs[0] * factor) / factor;
+      }
       case "FLOOR":
         return numericInputs.length > 0 ? Math.floor(numericInputs[0]) : 0;
       case "CEIL":
@@ -624,12 +625,13 @@ var HydrationEngine = class {
         return numericInputs.length > 0 ? Math.max(...numericInputs) : 0;
       case "COUNT":
         return inputs.filter((v) => v !== null).length;
-      case "MEDIAN":
+      case "MEDIAN": {
         if (numericInputs.length === 0)
           return 0;
         const sorted = [...numericInputs].sort((a, b) => a - b);
         const mid = Math.floor(sorted.length / 2);
         return sorted.length % 2 === 0 ? (sorted[mid - 1] + sorted[mid]) / 2 : sorted[mid];
+      }
       // Logical
       case "IF":
         return inputs[0] ? inputs[1] : inputs[2];
@@ -649,13 +651,14 @@ var HydrationEngine = class {
         return inputs.length >= 2 && inputs[0] >= inputs[1];
       case "LESS_THAN_OR_EQUAL":
         return inputs.length >= 2 && inputs[0] <= inputs[1];
-      case "BETWEEN":
+      case "BETWEEN": {
         if (inputs.length < 3)
           return false;
         const val = inputs[0];
         const min = inputs[1];
         const max = inputs[2];
         return val >= min && val <= max;
+      }
       // Financial
       case "PERCENT_OF":
         if (numericInputs.length < 2 || numericInputs[1] === 0)
@@ -714,11 +717,12 @@ var HydrationEngine = class {
       case "REFERENCE":
         return inputs[0];
       // Pass through
-      case "LOOKUP":
+      case "LOOKUP": {
         if (inputs.length < 2)
           return null;
         const index = inputs[0];
         return inputs[Math.min(index + 1, inputs.length - 1)];
+      }
       default:
         context.errors.push({
           type: "INVALID_OPERATION",

package/dist/{chunk-WIB75EEX.js → chunk-JWJF6O4L.js}

@@ -6,17 +6,17 @@ import {
   getSettingsByNames,
   obfuscateApiKey,
   secureParameters
-} from "./chunk-BQAPZP5Y.js";
+} from "./chunk-3SPW5FYJ.js";
 import {
   ApiKeyType,
   MementoTier,
   isSupportedEmbeddingModel
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-NI22LIK3.js";
 
 // ../../b4m-core/packages/services/dist/src/apiKeyService/get.js
 import { z } from "zod";
 var getApiKeySchema = z.object({
-  type: z.nativeEnum(ApiKeyType),
+  type: z.enum(ApiKeyType),
   nullIfMissing: z.boolean().optional(),
   obfuscate: z.boolean().optional(),
   demoKeyName: z.string().optional()