npm - @bike4mind/cli - Versions diffs - 0.2.31-feat-wolfram-alpha-tool.19431 → 0.2.31-feat-cli-websocket-streaming.19470 - Mend

@bike4mind/cli 0.2.31-feat-wolfram-alpha-tool.19431 → 0.2.31-feat-cli-websocket-streaming.19470

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/{HydrationEngine-WGYKF46H.js → HydrationEngine-YL2HWJ3V.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 import {
   HydrationEngine,
   createHydrationEngine
-} from "./chunk-RUI6HNLO.js";
+} from "./chunk-GQGOWACU.js";
 export {
   HydrationEngine,
   createHydrationEngine

package/dist/{artifactExtractor-T2KT7N6X.js → artifactExtractor-TFERMHLV.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   CurationArtifactType
-} from "./chunk-HP6AES2S.js";
+} from "./chunk-2HFZJMGD.js";
 // ../../b4m-core/packages/services/dist/src/notebookCurationService/artifactExtractor.js
 var ARTIFACT_TAG_REGEX = /<artifact\s+(.*?)>([\s\S]*?)<\/artifact>/gi;

package/dist/{chunk-HP6AES2S.js → chunk-2HFZJMGD.js} RENAMED Viewed

@@ -307,7 +307,6 @@ var b4mLLMTools = z5.enum([
   "weather_info",
   "web_search",
   "web_fetch",
-  "wolfram_alpha",
   "math_evaluate",
   "mermaid_chart",
   "current_datetime",
@@ -327,6 +326,8 @@ var b4mLLMTools = z5.enum([
   // Knowledge base search
   "search_knowledge_base",
   "retrieve_knowledge_content",
+  // Agent delegation
+  "delegate_to_agent",
   // Quantum optimization tools
   "quantum_schedule",
   "quantum_formulate",
@@ -1216,6 +1217,29 @@ var VoiceSessionSendTranscriptAction = z10.object({
   conversationItemId: z10.string(),
   timestamp: z10.coerce.date().optional()
 });
+var CliCompletionRequestAction = z10.object({
+  action: z10.literal("cli_completion_request"),
+  accessToken: z10.string(),
+  requestId: z10.string().uuid(),
+  model: z10.string(),
+  messages: z10.array(z10.object({
+    role: z10.enum(["user", "assistant", "system"]),
+    content: z10.union([z10.string(), z10.array(z10.unknown())])
+  })),
+  options: z10.object({
+    temperature: z10.number().optional(),
+    maxTokens: z10.number().optional(),
+    stream: z10.boolean().optional(),
+    tools: z10.array(z10.unknown()).optional()
+  }).optional()
+});
+var CliToolRequestAction = z10.object({
+  action: z10.literal("cli_tool_request"),
+  accessToken: z10.string(),
+  requestId: z10.string().uuid(),
+  toolName: z10.string(),
+  input: z10.record(z10.unknown())
+});
 var VoiceSessionEndedAction = z10.object({
   action: z10.literal("voice_session_ended"),
   userId: z10.string(),
@@ -1504,6 +1528,36 @@ var VoiceCreditsExhaustedAction = z10.object({
   creditsUsed: z10.number(),
   clientId: z10.string().optional()
 });
+var CliCompletionChunkAction = z10.object({
+  action: z10.literal("cli_completion_chunk"),
+  requestId: z10.string(),
+  chunk: z10.object({
+    type: z10.enum(["content", "tool_use"]),
+    text: z10.string(),
+    tools: z10.array(z10.unknown()).optional(),
+    usage: z10.object({
+      inputTokens: z10.number().optional(),
+      outputTokens: z10.number().optional()
+    }).optional(),
+    thinking: z10.array(z10.unknown()).optional()
+  })
+});
+var CliCompletionDoneAction = z10.object({
+  action: z10.literal("cli_completion_done"),
+  requestId: z10.string()
+});
+var CliCompletionErrorAction = z10.object({
+  action: z10.literal("cli_completion_error"),
+  requestId: z10.string(),
+  error: z10.string()
+});
+var CliToolResponseAction = z10.object({
+  action: z10.literal("cli_tool_response"),
+  requestId: z10.string(),
+  success: z10.boolean(),
+  content: z10.unknown().optional(),
+  error: z10.string().optional()
+});
 var SessionCreatedAction = shareableDocumentSchema.extend({
   action: z10.literal("session.created"),
   id: z10.string(),
@@ -1538,7 +1592,9 @@ var MessageDataToServer = z10.discriminatedUnion("action", [
   DataUnsubscribeRequestAction,
   HeartbeatAction,
   VoiceSessionSendTranscriptAction,
-  VoiceSessionEndedAction
+  VoiceSessionEndedAction,
+  CliCompletionRequestAction,
+  CliToolRequestAction
 ]);
 var MessageDataToClient = z10.discriminatedUnion("action", [
   DataSubscriptionUpdateAction,
@@ -1564,7 +1620,11 @@ var MessageDataToClient = z10.discriminatedUnion("action", [
   PiHistoryCompleteAction,
   PiHistoryErrorAction,
   SessionCreatedAction,
-  VoiceCreditsExhaustedAction
+  VoiceCreditsExhaustedAction,
+  CliCompletionChunkAction,
+  CliCompletionDoneAction,
+  CliCompletionErrorAction,
+  CliToolResponseAction
 ]);
 // ../../b4m-core/packages/common/dist/src/schemas/cliCompletions.js
@@ -2441,7 +2501,6 @@ var SettingKeySchema = z21.enum([
   "SystemFiles",
   "OpenWeatherKey",
   "SerperKey",
-  "WolframAlphaKey",
   "VectorThreshold",
   "bflApiKey",
   "EnableMCPServer",
@@ -2879,13 +2938,10 @@ var API_SERVICE_GROUPS = {
   },
   SEARCH: {
     id: "searchAPIService",
-    name: "Search & Compute",
-    description: "Search and computational API integration settings",
+    name: "Search Service",
+    description: "Serper Search API integration settings",
     icon: "Search",
-    settings: [
-      { key: "SerperKey", order: 1 },
-      { key: "WolframAlphaKey", order: 2 }
-    ]
+    settings: [{ key: "SerperKey", order: 1 }]
   },
   CALENDAR: {
     id: "calendarAPIService",
@@ -3668,16 +3724,6 @@ var settingsMap = {
     order: 1,
     isSensitive: true
   }),
-  WolframAlphaKey: makeStringSetting({
-    key: "WolframAlphaKey",
-    name: "Wolfram Alpha API Key",
-    defaultValue: "",
-    description: "The AppID for Wolfram Alpha LLM API. Get one at developer.wolframalpha.com.",
-    category: "Tools",
-    group: API_SERVICE_GROUPS.SEARCH.id,
-    order: 2,
-    isSensitive: true
-  }),
   VectorThreshold: makeNumberSetting({
     key: "VectorThreshold",
     name: "Vector Threshold",
@@ -9388,7 +9434,16 @@ var VIEW_REGISTRY = [
     description: "Configure which solvers to race \u2014 greedy, simulated annealing, tabu search, genetic algorithm, ant colony",
     navigationType: "action",
     target: "scheduling.solvers",
-    keywords: ["solvers", "tabu", "simulated annealing", "genetic algorithm", "ant colony", "greedy", "solver race", "configure solvers"]
+    keywords: [
+      "solvers",
+      "tabu",
+      "simulated annealing",
+      "genetic algorithm",
+      "ant colony",
+      "greedy",
+      "solver race",
+      "configure solvers"
+    ]
   },
   {
     id: "opti.scheduling.results",
@@ -9397,7 +9452,15 @@ var VIEW_REGISTRY = [
     description: "View solver race results \u2014 progress, best schedule, makespan comparison, utilization",
     navigationType: "action",
     target: "scheduling.results",
-    keywords: ["results", "race results", "makespan", "comparison", "best schedule", "utilization", "solver comparison"]
+    keywords: [
+      "results",
+      "race results",
+      "makespan",
+      "comparison",
+      "best schedule",
+      "utilization",
+      "solver comparison"
+    ]
   },
   {
     id: "opti.scheduling.gantt",
@@ -10147,6 +10210,8 @@ export {
   DataUnsubscribeRequestAction,
   HeartbeatAction,
   VoiceSessionSendTranscriptAction,
+  CliCompletionRequestAction,
+  CliToolRequestAction,
   VoiceSessionEndedAction,
   DataSubscriptionUpdateAction,
   LLMStatusUpdateAction,
@@ -10171,6 +10236,10 @@ export {
   ImportHistoryJobProgressUpdateAction,
   ResearchModeStreamAction,
   VoiceCreditsExhaustedAction,
+  CliCompletionChunkAction,
+  CliCompletionDoneAction,
+  CliCompletionErrorAction,
+  CliToolResponseAction,
   SessionCreatedAction,
   MessageDataToServer,
   MessageDataToClient,

package/dist/{chunk-RUI6HNLO.js → chunk-GQGOWACU.js} RENAMED Viewed

@@ -595,12 +595,13 @@ var HydrationEngine = class {
         return numericInputs[0] / numericInputs[1];
       case "ABS":
         return numericInputs.length > 0 ? Math.abs(numericInputs[0]) : 0;
-      case "ROUND":
+      case "ROUND": {
         if (numericInputs.length === 0)
           return 0;
         const decimals = numericInputs[1] ?? 0;
         const factor = Math.pow(10, decimals);
         return Math.round(numericInputs[0] * factor) / factor;
+      }
       case "FLOOR":
         return numericInputs.length > 0 ? Math.floor(numericInputs[0]) : 0;
       case "CEIL":
@@ -624,12 +625,13 @@ var HydrationEngine = class {
         return numericInputs.length > 0 ? Math.max(...numericInputs) : 0;
       case "COUNT":
         return inputs.filter((v) => v !== null).length;
-      case "MEDIAN":
+      case "MEDIAN": {
         if (numericInputs.length === 0)
           return 0;
         const sorted = [...numericInputs].sort((a, b) => a - b);
         const mid = Math.floor(sorted.length / 2);
         return sorted.length % 2 === 0 ? (sorted[mid - 1] + sorted[mid]) / 2 : sorted[mid];
+      }
       // Logical
       case "IF":
         return inputs[0] ? inputs[1] : inputs[2];
@@ -649,13 +651,14 @@ var HydrationEngine = class {
         return inputs.length >= 2 && inputs[0] >= inputs[1];
       case "LESS_THAN_OR_EQUAL":
         return inputs.length >= 2 && inputs[0] <= inputs[1];
-      case "BETWEEN":
+      case "BETWEEN": {
         if (inputs.length < 3)
           return false;
         const val = inputs[0];
         const min = inputs[1];
         const max = inputs[2];
         return val >= min && val <= max;
+      }
       // Financial
       case "PERCENT_OF":
         if (numericInputs.length < 2 || numericInputs[1] === 0)
@@ -714,11 +717,12 @@ var HydrationEngine = class {
       case "REFERENCE":
         return inputs[0];
       // Pass through
-      case "LOOKUP":
+      case "LOOKUP": {
         if (inputs.length < 2)
           return null;
         const index = inputs[0];
         return inputs[Math.min(index + 1, inputs.length - 1)];
+      }
       default:
         context.errors.push({
           type: "INVALID_OPERATION",

package/dist/{chunk-XAN2CAVX.js → chunk-NIWN4JNK.js} RENAMED Viewed

@@ -7,11 +7,11 @@ import {
   getSettingsMap,
   getSettingsValue,
   secureParameters
-} from "./chunk-Z5CU4KFU.js";
+} from "./chunk-SYJA4DXH.js";
 import {
   KnowledgeType,
   SupportedFabFileMimeTypes
-} from "./chunk-HP6AES2S.js";
+} from "./chunk-2HFZJMGD.js";
 // ../../b4m-core/packages/services/dist/src/fabFileService/create.js
 import { z } from "zod";

package/dist/{chunk-6VX2EI7Y.js → chunk-QFMQLZDW.js} RENAMED Viewed

@@ -6,12 +6,12 @@ import {
   getSettingsByNames,
   obfuscateApiKey,
   secureParameters
-} from "./chunk-Z5CU4KFU.js";
+} from "./chunk-SYJA4DXH.js";
 import {
   ApiKeyType,
   MementoTier,
   isSupportedEmbeddingModel
-} from "./chunk-HP6AES2S.js";
+} from "./chunk-2HFZJMGD.js";
 // ../../b4m-core/packages/services/dist/src/apiKeyService/get.js
 import { z } from "zod";
@@ -62,11 +62,6 @@ var getOpenWeatherKey = async (adapters) => {
   const settings = await db.adminSettings.findBySettingName("OpenWeatherKey");
   return settings?.settingValue;
 };
-var getWolframAlphaKey = async (adapters) => {
-  const { db } = adapters;
-  const settings = await db.adminSettings.findBySettingName("WolframAlphaKey");
-  return settings?.settingValue;
-};
 var getEffectiveApiKey = async (userId, params, adapters) => {
   const { db } = adapters;
   const apiKey = await getApiKey(userId, params, adapters);
@@ -234,7 +229,6 @@ function findMostSimilarMemento(targetEmbedding, mementos) {
 export {
   getSerperKey,
   getOpenWeatherKey,
-  getWolframAlphaKey,
   getEffectiveApiKey,
   getRelevantMementos,
   findMostSimilarMemento

package/dist/{chunk-Z5CU4KFU.js → chunk-SYJA4DXH.js} RENAMED Viewed

@@ -16,7 +16,7 @@ import {
   dayjsConfig_default,
   extractSnippetMeta,
   settingsMap
-} from "./chunk-HP6AES2S.js";
+} from "./chunk-2HFZJMGD.js";
 import {
   Logger
 } from "./chunk-OCYRD7D6.js";
@@ -591,6 +591,125 @@ function getSettingsCacheStats() {
 // ../../b4m-core/packages/utils/dist/src/ingest.js
 import axios from "axios";
 import mime2 from "mime-types";
+// ../../b4m-core/packages/utils/dist/src/ssrfProtection.js
+import dns from "dns";
+import { promisify } from "util";
+var dnsResolve4 = promisify(dns.resolve4);
+var dnsResolve6 = promisify(dns.resolve6);
+function isPrivateIPv4(ip) {
+  const ipv4Match = ip.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!ipv4Match)
+    return false;
+  const [, a, b, c] = ipv4Match.map(Number);
+  if (a === 10)
+    return true;
+  if (a === 172 && b >= 16 && b <= 31)
+    return true;
+  if (a === 192 && b === 168)
+    return true;
+  if (a === 127)
+    return true;
+  if (a === 169 && b === 254)
+    return true;
+  if (a === 0)
+    return true;
+  if (a === 100 && b >= 64 && b <= 127)
+    return true;
+  if (a === 192 && b === 0 && c === 0)
+    return true;
+  if (a === 192 && b === 0 && c === 2 || a === 198 && b === 51 && c === 100 || a === 203 && b === 0 && c === 113)
+    return true;
+  if (a >= 224 && a <= 239)
+    return true;
+  if (a >= 240)
+    return true;
+  return false;
+}
+function isPrivateIPv6(ip) {
+  const normalized = ip.toLowerCase();
+  if (normalized === "::1" || normalized === "0:0:0:0:0:0:0:1")
+    return true;
+  if (normalized === "::" || normalized === "0:0:0:0:0:0:0:0")
+    return true;
+  if (normalized.startsWith("fe8") || normalized.startsWith("fe9") || normalized.startsWith("fea") || normalized.startsWith("feb"))
+    return true;
+  if (normalized.startsWith("fc") || normalized.startsWith("fd"))
+    return true;
+  if (normalized.startsWith("ff"))
+    return true;
+  const ipv4MappedMatch = normalized.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+  if (ipv4MappedMatch) {
+    return isPrivateIPv4(ipv4MappedMatch[1]);
+  }
+  if (normalized.startsWith("2001:db8:") || normalized.startsWith("2001:0db8:"))
+    return true;
+  if (normalized.startsWith("100::") || normalized.startsWith("0100::"))
+    return true;
+  if (normalized.startsWith("64:ff9b:") || normalized.startsWith("0064:ff9b:"))
+    return true;
+  return false;
+}
+function isPrivateIP(ip) {
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(ip)) {
+    return isPrivateIPv4(ip);
+  }
+  return isPrivateIPv6(ip);
+}
+function isPrivateOrInternalHostname(hostname) {
+  const normalized = hostname.toLowerCase();
+  if (normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1" || normalized === "0.0.0.0" || normalized.endsWith(".localhost") || normalized.endsWith(".local")) {
+    return true;
+  }
+  if (normalized === "169.254.169.254" || normalized === "instance-data" || normalized === "metadata.google.internal" || normalized === "metadata.internal") {
+    return true;
+  }
+  if (normalized.endsWith(".cluster.local") || normalized.endsWith(".svc.cluster.local") || normalized.endsWith(".pod.cluster.local")) {
+    return true;
+  }
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(normalized)) {
+    return isPrivateIPv4(normalized);
+  }
+  if (normalized.includes(":")) {
+    return isPrivateIPv6(normalized);
+  }
+  return false;
+}
+async function validateUrlForFetch(url) {
+  try {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return { valid: false, error: "URL must use HTTP or HTTPS protocol" };
+    }
+    if (isPrivateOrInternalHostname(parsed.hostname)) {
+      return { valid: false, error: "URL points to a private or internal network" };
+    }
+    const isIPv4Address = /^(\d{1,3}\.){3}\d{1,3}$/.test(parsed.hostname);
+    const isIPv6Address = parsed.hostname.includes(":");
+    if (!isIPv4Address && !isIPv6Address) {
+      try {
+        const ipv4Addresses = await dnsResolve4(parsed.hostname).catch(() => []);
+        const ipv6Addresses = await dnsResolve6(parsed.hostname).catch(() => []);
+        const allAddresses = [...ipv4Addresses, ...ipv6Addresses];
+        if (allAddresses.length === 0) {
+          return { valid: false, error: "Could not resolve hostname" };
+        }
+        for (const ip of allAddresses) {
+          if (isPrivateIP(ip)) {
+            return { valid: false, error: `Hostname resolves to private IP address (${ip})` };
+          }
+        }
+      } catch {
+        return { valid: false, error: "Could not resolve hostname" };
+      }
+    }
+    return { valid: true };
+  } catch {
+    return { valid: false, error: "Invalid URL format" };
+  }
+}
+// ../../b4m-core/packages/utils/dist/src/ingest.js
 var URL_REGEX = /https?:\/\/(?:[-\w.])+(?:\:[0-9]+)?(?:\/(?:[\w\/_.])*(?:\?(?:[\w&=%.])*)?(?:\#(?:[\w.])*)?)?/gi;
 function detectURLs(string) {
   const urlsFound = string.match(URL_REGEX) || [];
@@ -603,15 +722,22 @@ function urlExists(stringWithPossibleUrl) {
   const cleanString = stringWithPossibleUrl.replace(/\n/g, " ").replace(/,/g, " ");
   return detectURLs(cleanString);
 }
+var URL_FETCH_TIMEOUT_MS = 1e4;
 async function fetchAndParseURL(url, { logger }) {
   logger.updateMetadata({ failedUrl: null });
   try {
+    const ssrfValidation = await validateUrlForFetch(url);
+    if (!ssrfValidation.valid) {
+      throw new Error(`URL blocked for security reasons: ${ssrfValidation.error}`);
+    }
     let urlMimeType = "text/plain";
     if (url.split(".")?.pop()?.startsWith("pdf")) {
       urlMimeType = "application/pdf";
     }
     const response = await axios.get(url, {
-      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text"
+      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text",
+      timeout: URL_FETCH_TIMEOUT_MS
+      // Prevent Lambda timeout exhaustion
     });
     const cheerio = await import("cheerio");
     const htmlContent = response.data;
@@ -619,17 +745,19 @@ async function fetchAndParseURL(url, { logger }) {
     const title = $("title").text() || url.split("/")?.pop();
     let urlContent = null;
     switch (urlMimeType) {
-      case "application/pdf":
+      case "application/pdf": {
         const pdfbuffer = Buffer.from(response.data);
         urlContent = pdfbuffer;
         break;
-      default:
+      }
+      default: {
         let textContent = "";
         $("body").find("p").each((index, element) => {
           textContent += $(element).text() + "\n";
         });
         urlContent = textContent || htmlContent;
         break;
+      }
     }
     logger.log(`Fetched ${title} with mimetype ${urlMimeType} and parsed ${url}`);
     return { title, textContent: urlContent, mimeType: urlMimeType, ext: mime2.extension(urlMimeType) || null };
@@ -1155,8 +1283,30 @@ function separateUrls(urls) {
   const nonImageUrls = urls.filter((url) => !imageExtensions.some((ext) => url.toLowerCase().endsWith(ext)));
   return { imageUrls, nonImageUrls };
 }
-var urlContentCache = /* @__PURE__ */ new Map();
-var CACHE_TTL_MS = 5 * 60 * 1e3;
+function sanitizeUrlForLogging(url) {
+  try {
+    const parsed = new URL(url);
+    const sensitiveParams = [
+      "token",
+      "key",
+      "api_key",
+      "apikey",
+      "secret",
+      "password",
+      "session",
+      "auth",
+      "access_token"
+    ];
+    sensitiveParams.forEach((param) => {
+      if (parsed.searchParams.has(param)) {
+        parsed.searchParams.set(param, "[REDACTED]");
+      }
+    });
+    return parsed.toString();
+  } catch {
+    return url.substring(0, 100) + (url.length > 100 ? "..." : "");
+  }
+}
 async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendStatusUpdate, logger, options = { verbose: false }) {
   if (!hasURLs(userPrompt)) {
     if (options?.verbose) {
@@ -1164,6 +1314,7 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     }
     return { userMessages: [], remainingPrompt: userPrompt };
   }
+  const urlContentCache = /* @__PURE__ */ new Map();
   sendStatusUpdate("Processing URLs from user prompt...");
   const userMessages = [];
   const promptMeta = extractSnippetMeta(userPrompt);
@@ -1191,20 +1342,26 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     try {
       const cached = urlContentCache.get(url);
       let textContent;
-      if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
-        if (options?.verbose) {
-          logger.log(`Using cached content for URL: ${url}`);
-        }
-        textContent = cached.content;
+      if (cached) {
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: true,
+          source: "same-request-dedup"
+        });
+        textContent = cached;
       } else {
         const result = await fetchAndParseURL(url, { logger });
         if (typeof result.textContent !== "string")
           throw new Error("textContent is not a string");
         textContent = result.textContent;
-        urlContentCache.set(url, {
-          content: textContent,
-          timestamp: Date.now()
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: false,
+          contentLength: textContent.length
         });
+        urlContentCache.set(url, textContent);
       }
       const message = {
         role: "user",
@@ -11600,6 +11757,9 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
     "gemini-2.5-flash-preview-05-20": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
     "gemini-1.5-pro": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-opus-20240229"],
     "gemini-1.5-flash": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
+    // Claude 4.5/4.6 Opus models fallback to Sonnet 4.5
+    "claude-opus-4-5-20251101": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
+    "claude-opus-4-6": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
     // Claude models fallback to other Claude models or GPT
     "claude-3-5-sonnet-20241022": ["claude-3-opus-20240229", "gpt-4o", "claude-3-sonnet-20240229"],
     "claude-3-opus-20240229": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-sonnet-20240229"],
@@ -11609,7 +11769,7 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
   };
   const preferences = fallbackPreferences[originalModel.id] || [];
   if (preferences.length === 0) {
-    preferences.push("claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-haiku-20240307");
+    preferences.push("claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001");
   }
   for (const modelId of preferences) {
     const fallbackModel = availableModels.find((m) => m.id === modelId);
@@ -12015,6 +12175,9 @@ export {
   warmUpSettingsCache,
   shutdownSettingsCache,
   getSettingsCacheStats,
+  isPrivateIP,
+  isPrivateOrInternalHostname,
+  validateUrlForFetch,
   URL_REGEX,
   detectURLs,
   hasURLs,

package/dist/{chunk-7PXF7F3B.js → chunk-YJ5ZBTMG.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 import {
   BadRequestError,
   secureParameters
-} from "./chunk-Z5CU4KFU.js";
+} from "./chunk-SYJA4DXH.js";
 import {
   CompletionApiUsageTransaction,
   GenericCreditDeductTransaction,
@@ -12,7 +12,7 @@ import {
   TextGenerationUsageTransaction,
   TransferCreditTransaction,
   VideoGenerationUsageTransaction
-} from "./chunk-HP6AES2S.js";
+} from "./chunk-2HFZJMGD.js";
 // ../../b4m-core/packages/services/dist/src/creditService/subtractCredits.js
 import { z } from "zod";

package/dist/{create-3LYU77L5.js → create-ST2OYV5P.js} RENAMED Viewed

@@ -2,9 +2,9 @@
 import {
   createFabFile,
   createFabFileSchema
-} from "./chunk-XAN2CAVX.js";
-import "./chunk-Z5CU4KFU.js";
-import "./chunk-HP6AES2S.js";
+} from "./chunk-NIWN4JNK.js";
+import "./chunk-SYJA4DXH.js";
+import "./chunk-2HFZJMGD.js";
 import "./chunk-OCYRD7D6.js";
 export {
   createFabFile,