@chances-ai/engine 24.0.0

package/dist/mcp/oauth/sdk-shapes.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Type-only mirrors of `@modelcontextprotocol/sdk/shared/auth.js` shapes.
+ *
+ * Why mirror instead of `import type { ... }` from the SDK?
+ *
+ * The SDK is an OPTIONAL peer dependency. When MCP is disabled, the SDK
+ * is absent from `node_modules` entirely. A bare `import type` is erased
+ * at runtime, BUT `tsc` still resolves the module and errors when the
+ * SDK isn't installed in the build environment (e.g. consumer projects
+ * that depend on `@chances-ai/cli` without enabling MCP). The
+ * runtime-load story (computed-specifier dynamic import in `client.ts`
+ * and `provider.ts` wiring) keeps the binary compileable without the
+ * SDK; this file keeps the TYPE story consistent.
+ *
+ * These mirrors must stay aligned with SDK `1.29.0` `shared/auth.d.ts`.
+ * Drift is acceptable because the runtime path uses the SDK's own zod
+ * schemas — our types are advisory, not load-bearing. The integration
+ * test (`e2e-oauth.test.ts`) exercises the real SDK shapes end-to-end.
+ */
+/** RFC 6749 / OAuth 2.1 token response (snake_case). */
+export interface OAuthTokens {
+    access_token: string;
+    token_type: string;
+    refresh_token?: string;
+    scope?: string;
+    id_token?: string;
+    /** Relative seconds — convert to absolute `expires_at` (epoch ms) on save. */
+    expires_in?: number;
+}
+/** RFC 7591 client information — fields we surface to the SDK. */
+export interface OAuthClientInformation {
+    client_id: string;
+    client_secret?: string;
+    client_id_issued_at?: number;
+    client_secret_expires_at?: number;
+}
+/** RFC 7591 full DCR response — `OAuthClientInformation` + metadata. */
+export interface OAuthClientInformationFull extends OAuthClientInformation {
+    redirect_uris: readonly string[];
+    token_endpoint_auth_method?: string;
+    grant_types?: readonly string[];
+    response_types?: readonly string[];
+    client_name?: string;
+    client_uri?: string;
+    logo_uri?: string;
+    scope?: string;
+    contacts?: readonly string[];
+    tos_uri?: string;
+    policy_uri?: string;
+    jwks_uri?: string;
+    jwks?: unknown;
+    software_id?: string;
+    software_version?: string;
+    software_statement?: string;
+}
+/** Union the SDK passes through `clientInformation()` / `saveClientInformation()`. */
+export type OAuthClientInformationMixed = OAuthClientInformation | OAuthClientInformationFull;
+/** RFC 7591 DCR registration request body. */
+export interface OAuthClientMetadata {
+    redirect_uris: readonly string[];
+    token_endpoint_auth_method?: string;
+    grant_types?: readonly string[];
+    response_types?: readonly string[];
+    client_name?: string;
+    client_uri?: string;
+    logo_uri?: string;
+    scope?: string;
+    contacts?: readonly string[];
+    tos_uri?: string;
+    policy_uri?: string;
+    jwks_uri?: string;
+    jwks?: unknown;
+    software_id?: string;
+    software_version?: string;
+    software_statement?: string;
+}
+//# sourceMappingURL=sdk-shapes.d.ts.map

package/dist/mcp/oauth/sdk-shapes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk-shapes.d.ts","sourceRoot":"","sources":["../../../src/mcp/oauth/sdk-shapes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,wDAAwD;AACxD,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,kEAAkE;AAClE,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wBAAwB,CAAC,EAAE,MAAM,CAAC;CACnC;AAED,wEAAwE;AACxE,MAAM,WAAW,0BAA2B,SAAQ,sBAAsB;IACxE,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAChC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,sFAAsF;AACtF,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG,0BAA0B,CAAC;AAE9F,8CAA8C;AAC9C,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAChC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}

package/dist/mcp/oauth/sdk-shapes.js

@@ -0,0 +1,21 @@
+/**
+ * Type-only mirrors of `@modelcontextprotocol/sdk/shared/auth.js` shapes.
+ *
+ * Why mirror instead of `import type { ... }` from the SDK?
+ *
+ * The SDK is an OPTIONAL peer dependency. When MCP is disabled, the SDK
+ * is absent from `node_modules` entirely. A bare `import type` is erased
+ * at runtime, BUT `tsc` still resolves the module and errors when the
+ * SDK isn't installed in the build environment (e.g. consumer projects
+ * that depend on `@chances-ai/cli` without enabling MCP). The
+ * runtime-load story (computed-specifier dynamic import in `client.ts`
+ * and `provider.ts` wiring) keeps the binary compileable without the
+ * SDK; this file keeps the TYPE story consistent.
+ *
+ * These mirrors must stay aligned with SDK `1.29.0` `shared/auth.d.ts`.
+ * Drift is acceptable because the runtime path uses the SDK's own zod
+ * schemas — our types are advisory, not load-bearing. The integration
+ * test (`e2e-oauth.test.ts`) exercises the real SDK shapes end-to-end.
+ */
+export {};
+//# sourceMappingURL=sdk-shapes.js.map

package/dist/mcp/oauth/sdk-shapes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk-shapes.js","sourceRoot":"","sources":["../../../src/mcp/oauth/sdk-shapes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG"}

package/dist/mcp/parse.d.ts

@@ -0,0 +1,28 @@
+import type { McpServerConfig } from "./types.js";
+export interface ParseFailure {
+    error: string;
+}
+/**
+ * Defensive narrowing from `unknown` JSON to the typed `McpServerConfig`
+ * union. The config layer keeps MCP entries as opaque records — this is
+ * where we enforce the discriminator + required-field shape so a malformed
+ * entry can't crash `McpHost.start`.
+ *
+ * Unknown fields are **dropped** (not preserved) — we explicitly enumerate
+ * every accepted field below. When the SDK adds a new transport-specific
+ * knob, this parser must learn it too. The trade-off favors auditability
+ * (one place to see what's accepted) over auto-passthrough (which would
+ * forward typos like `enableed: true` straight to the SDK and silently
+ * misbehave).
+ */
+export declare function parseServerConfig(raw: unknown): McpServerConfig | ParseFailure;
+/**
+ * Parses the entire `mcp.servers` map. Per-server failures are reported via
+ * `failures` so the caller can surface them on the log without dropping the
+ * good entries.
+ */
+export declare function parseServerMap(raw: Record<string, unknown> | undefined): {
+    servers: Record<string, McpServerConfig>;
+    failures: Record<string, string>;
+};
+//# sourceMappingURL=parse.d.ts.map

package/dist/mcp/parse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.d.ts","sourceRoot":"","sources":["../../src/mcp/parse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAgB,MAAM,YAAY,CAAC;AAEhE,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,eAAe,GAAG,YAAY,CA2D9E;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GACvC;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,CAYhF"}

package/dist/mcp/parse.js

@@ -0,0 +1,209 @@
+/**
+ * Defensive narrowing from `unknown` JSON to the typed `McpServerConfig`
+ * union. The config layer keeps MCP entries as opaque records — this is
+ * where we enforce the discriminator + required-field shape so a malformed
+ * entry can't crash `McpHost.start`.
+ *
+ * Unknown fields are **dropped** (not preserved) — we explicitly enumerate
+ * every accepted field below. When the SDK adds a new transport-specific
+ * knob, this parser must learn it too. The trade-off favors auditability
+ * (one place to see what's accepted) over auto-passthrough (which would
+ * forward typos like `enableed: true` straight to the SDK and silently
+ * misbehave).
+ */
+export function parseServerConfig(raw) {
+    if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+        return { error: "mcp server config must be a JSON object" };
+    }
+    const obj = raw;
+    const type = obj["type"];
+    if (type === "stdio") {
+        if (typeof obj["command"] !== "string" || !obj["command"]) {
+            return { error: "stdio mcp server: 'command' (string) is required" };
+        }
+        const args = obj["args"];
+        if (args !== undefined && !isStringArray(args)) {
+            return { error: "stdio mcp server: 'args' must be an array of strings" };
+        }
+        const env = obj["env"];
+        if (env !== undefined && !isStringRecord(env)) {
+            return { error: "stdio mcp server: 'env' must be a string-keyed string map" };
+        }
+        if (obj["cwd"] !== undefined && typeof obj["cwd"] !== "string") {
+            return { error: "stdio mcp server: 'cwd' must be a string" };
+        }
+        return {
+            type: "stdio",
+            command: obj["command"],
+            args: args,
+            env: env,
+            cwd: obj["cwd"],
+            enabled: optBool(obj["enabled"]),
+            timeoutMs: optPositiveInt(obj["timeoutMs"]),
+        };
+    }
+    if (type === "http") {
+        if (typeof obj["url"] !== "string" || !obj["url"]) {
+            return { error: "http mcp server: 'url' (string) is required" };
+        }
+        const headers = obj["headers"];
+        if (headers !== undefined && !isStringRecord(headers)) {
+            return { error: "http mcp server: 'headers' must be a string-keyed string map" };
+        }
+        const authResult = parseOAuthAuth(obj["auth"]);
+        if ("error" in authResult)
+            return authResult;
+        // (codex Round-1 MUST-FIX #7) When OAuth is configured, the resource
+        // URL MUST be https:// (RFC 6750 §5.2 — bearer tokens travel in
+        // cleartext otherwise). Loopback exceptions allowed for local-dev MCP
+        // servers running on `127.0.0.1` / `[::1]` / `localhost`.
+        if (authResult.auth) {
+            const httpsErr = validateOAuthResourceUrl(obj["url"]);
+            if (httpsErr)
+                return { error: httpsErr };
+        }
+        return {
+            type: "http",
+            url: obj["url"],
+            headers: headers,
+            enabled: optBool(obj["enabled"]),
+            timeoutMs: optPositiveInt(obj["timeoutMs"]),
+            auth: authResult.auth,
+        };
+    }
+    return { error: `mcp server: 'type' must be 'stdio' or 'http' (got ${JSON.stringify(type)})` };
+}
+/**
+ * Parses the entire `mcp.servers` map. Per-server failures are reported via
+ * `failures` so the caller can surface them on the log without dropping the
+ * good entries.
+ */
+export function parseServerMap(raw) {
+    const servers = {};
+    const failures = {};
+    for (const [id, value] of Object.entries(raw ?? {})) {
+        const parsed = parseServerConfig(value);
+        if ("error" in parsed) {
+            failures[id] = parsed.error;
+        }
+        else {
+            servers[id] = parsed;
+        }
+    }
+    return { servers, failures };
+}
+/**
+ * (3.7) Parses the optional `auth` block on an HTTP MCP server config.
+ * Returns `{auth: undefined}` when absent. Validation is intentionally
+ * defensive — config can come from `.chances/config.json` typed by a user.
+ */
+function parseOAuthAuth(raw) {
+    if (raw === undefined || raw === null)
+        return { auth: undefined };
+    if (typeof raw !== "object" || Array.isArray(raw)) {
+        return { error: "http mcp server: 'auth' must be an object" };
+    }
+    const o = raw;
+    if (o["kind"] !== "oauth") {
+        return { error: `http mcp server: 'auth.kind' must be 'oauth' (got ${JSON.stringify(o["kind"])})` };
+    }
+    if (o["authServerMetadataUrl"] !== undefined) {
+        // (codex Round-2 SHOULD-FIX #1) The field is parsed + validated but
+        // not yet threaded into SDK auth() — the SDK doesn't expose a clean
+        // override path for protected-resource-metadata short-circuiting in
+        // v1.29.0. We continue to validate so users get a clear error if
+        // they typo the URL, and we'll wire the override in 3.7.1 (or
+        // remove the field entirely if the SDK still doesn't surface a hook).
+        if (typeof o["authServerMetadataUrl"] !== "string") {
+            return { error: "http mcp server: 'auth.authServerMetadataUrl' must be a string" };
+        }
+        let u;
+        try {
+            u = new URL(o["authServerMetadataUrl"]);
+        }
+        catch {
+            return { error: "http mcp server: 'auth.authServerMetadataUrl' must be a valid URL" };
+        }
+        if (u.protocol !== "https:") {
+            return { error: "http mcp server: 'auth.authServerMetadataUrl' must use https:// (protects discovery from MITM)" };
+        }
+    }
+    if (o["clientId"] !== undefined && typeof o["clientId"] !== "string") {
+        return { error: "http mcp server: 'auth.clientId' must be a string" };
+    }
+    if (o["clientSecret"] !== undefined && typeof o["clientSecret"] !== "string") {
+        return { error: "http mcp server: 'auth.clientSecret' must be a string" };
+    }
+    if (o["scopes"] !== undefined) {
+        if (!Array.isArray(o["scopes"]) || !o["scopes"].every((s) => typeof s === "string")) {
+            return { error: "http mcp server: 'auth.scopes' must be an array of strings" };
+        }
+        if (o["scopes"].length > 32) {
+            return { error: "http mcp server: 'auth.scopes' is limited to 32 entries" };
+        }
+        if (o["scopes"].some((s) => s.length > 256)) {
+            return { error: "http mcp server: each entry in 'auth.scopes' must be ≤ 256 characters" };
+        }
+    }
+    if (o["callbackPort"] !== undefined) {
+        if (typeof o["callbackPort"] !== "number" ||
+            !Number.isInteger(o["callbackPort"]) ||
+            o["callbackPort"] < 1024 ||
+            o["callbackPort"] > 65535) {
+            return { error: "http mcp server: 'auth.callbackPort' must be an integer in [1024, 65535]" };
+        }
+    }
+    return {
+        auth: {
+            kind: "oauth",
+            authServerMetadataUrl: o["authServerMetadataUrl"],
+            clientId: o["clientId"],
+            clientSecret: o["clientSecret"],
+            scopes: o["scopes"],
+            callbackPort: o["callbackPort"],
+        },
+    };
+}
+/**
+ * (3.7 codex Round-1 MUST-FIX #7) RFC 6750 §5.2 requires that bearer
+ * tokens never travel in cleartext. When OAuth is configured, the MCP
+ * server URL must be `https://` UNLESS it points to a loopback address
+ * (local-dev exception per RFC 8252 §7.3 spirit). Returns an error
+ * message string when the URL fails the check; undefined when it's OK.
+ */
+function validateOAuthResourceUrl(urlStr) {
+    let url;
+    try {
+        url = new URL(urlStr);
+    }
+    catch {
+        return "http mcp server: 'url' must be a valid URL when OAuth is configured";
+    }
+    if (url.protocol === "https:")
+        return undefined;
+    if (url.protocol !== "http:") {
+        return `http mcp server: OAuth requires https:// (got ${url.protocol})`;
+    }
+    // http://  — only loopback is allowed.
+    const host = url.hostname.toLowerCase().replace(/\.+$/, "");
+    if (host === "127.0.0.1" || host === "localhost" || host === "[::1]" || host === "::1")
+        return undefined;
+    return ("http mcp server: OAuth requires https:// for the resource server URL " +
+        "(bearer tokens travel in cleartext otherwise; RFC 6750 §5.2). " +
+        "Add TLS, or use a loopback address (127.0.0.1 / [::1] / localhost) for local dev.");
+}
+function isStringArray(v) {
+    return Array.isArray(v) && v.every((x) => typeof x === "string");
+}
+function isStringRecord(v) {
+    if (!v || typeof v !== "object" || Array.isArray(v))
+        return false;
+    return Object.values(v).every((x) => typeof x === "string");
+}
+function optBool(v) {
+    return typeof v === "boolean" ? v : undefined;
+}
+function optPositiveInt(v) {
+    return typeof v === "number" && Number.isInteger(v) && v > 0 ? v : undefined;
+}
+//# sourceMappingURL=parse.js.map

package/dist/mcp/parse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.js","sourceRoot":"","sources":["../../src/mcp/parse.ts"],"names":[],"mappings":"AAMA;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1D,OAAO,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC;IAC9D,CAAC;IACD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,IAAI,OAAO,GAAG,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1D,OAAO,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC;QACvE,CAAC;QACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,sDAAsD,EAAE,CAAC;QAC3E,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9C,OAAO,EAAE,KAAK,EAAE,2DAA2D,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC/D,OAAO,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC;QAC/D,CAAC;QACD,OAAO;YACL,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;YACvB,IAAI,EAAE,IAA4B;YAClC,GAAG,EAAE,GAAyC;YAC9C,GAAG,EAAE,GAAG,CAAC,KAAK,CAAuB;YACrC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;SAC5C,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,OAAO,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC;QAClE,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,OAAO,KAAK,SAAS,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,KAAK,EAAE,8DAA8D,EAAE,CAAC;QACnF,CAAC;QACD,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/C,IAAI,OAAO,IAAI,UAAU;YAAE,OAAO,UAAU,CAAC;QAC7C,qEAAqE;QACrE,gEAAgE;QAChE,sEAAsE;QACtE,0DAA0D;QAC1D,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,wBAAwB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;YACf,OAAO,EAAE,OAA6C;YACtD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,EAAE,UAAU,CAAC,IAAI;SACtB,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,qDAAqD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;AACjG,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,GAAwC;IAExC,MAAM,OAAO,GAAoC,EAAE,CAAC;IACpD,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACtB,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAY;IAClC,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IAClE,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,OAAO,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,qDAAqD,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC;IACtG,CAAC;IACD,IAAI,CAAC,CAAC,uBAAuB,CAAC,KAAK,SAAS,EAAE,CAAC;QAC7C,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,iEAAiE;QACjE,8DAA8D;QAC9D,sEAAsE;QACtE,IAAI,OAAO,CAAC,CAAC,uBAAuB,CAAC,KAAK,QAAQ,EAAE,CAAC;YACnD,OAAO,EAAE,KAAK,EAAE,gEAAgE,EAAE,CAAC;QACrF,CAAC;QACD,IAAI,CAAkB,CAAC;QACvB,IAAI,CAAC;YACH,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,mEAAmE,EAAE,CAAC;QACxF,CAAC;QACD,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,EAAE,KAAK,EAAE,gGAAgG,EAAE,CAAC;QACrH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QACrE,OAAO,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,cAAc,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC7E,OAAO,EAAE,KAAK,EAAE,uDAAuD,EAAE,CAAC;IAC5E,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACpF,OAAO,EAAE,KAAK,EAAE,4DAA4D,EAAE,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC5B,OAAO,EAAE,KAAK,EAAE,yDAAyD,EAAE,CAAC;QAC9E,CAAC;QACD,IAAK,CAAC,CAAC,QAAQ,CAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,EAAE,KAAK,EAAE,uEAAuE,EAAE,CAAC;QAC5F,CAAC;IACH,CAAC;IACD,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;QACpC,IACE,OAAO,CAAC,CAAC,cAAc,CAAC,KAAK,QAAQ;YACrC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YACpC,CAAC,CAAC,cAAc,CAAC,GAAG,IAAI;YACxB,CAAC,CAAC,cAAc,CAAC,GAAG,KAAK,EACzB,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,0EAA0E,EAAE,CAAC;QAC/F,CAAC;IACH,CAAC;IACD,OAAO;QACL,IAAI,EAAE;YACJ,IAAI,EAAE,OAAO;YACb,qBAAqB,EAAE,CAAC,CAAC,uBAAuB,CAAuB;YACvE,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAuB;YAC7C,YAAY,EAAE,CAAC,CAAC,cAAc,CAAuB;YACrD,MAAM,EAAG,CAAC,CAAC,QAAQ,CAAmC;YACtD,YAAY,EAAE,CAAC,CAAC,cAAc,CAAuB;SACtD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,wBAAwB,CAAC,MAAc;IAC9C,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,qEAAqE,CAAC;IAC/E,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC7B,OAAO,iDAAiD,GAAG,CAAC,QAAQ,GAAG,CAAC;IAC1E,CAAC;IACD,uCAAuC;IACvC,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC5D,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,SAAS,CAAC;IACzG,OAAO,CACL,uEAAuE;QACvE,gEAAgE;QAChE,mFAAmF,CACpF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,cAAc,CAAC,CAAU;IAChC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAClE,OAAO,MAAM,CAAC,MAAM,CAAC,CAA4B,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,OAAO,CAAC,CAAU;IACzB,OAAO,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,CAAU;IAChC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/E,CAAC"}

package/dist/mcp/prompts.d.ts

@@ -0,0 +1,31 @@
+import type { McpPromptArgument, McpPromptMessage } from "./types.js";
+/**
+ * (5.4 D2) Parse slash-command tokens into a `prompts/get` argument map.
+ *
+ * - **No declared args** → `{}` (surplus tokens ignored).
+ * - **Named mode** — iff EVERY token is `key=value` (key a valid identifier)
+ *   AND every key is a declared arg name → `{key: value}`.
+ * - **Positional mode** (default) — zip tokens to declared names in order;
+ *   surplus tokens space-rejoin into the LAST arg (so a free-text trailing
+ *   arg works: `/srv:summarize the whole file`).
+ * - Missing **required** args → `{ ok: false, error }` with a usage hint; the
+ *   caller surfaces it and does NOT fire a model turn.
+ */
+export declare function parsePromptArgs(declared: McpPromptArgument[] | undefined, tokens: string[]): {
+    ok: true;
+    args: Record<string, string>;
+} | {
+    ok: false;
+    error: string;
+};
+/**
+ * (5.4) Render `prompts/get` messages into a single user-turn string. Most MCP
+ * prompts return one user message; multi-message prompts are flattened (assistant
+ * messages prefixed `[assistant]`). Each message's `content` is a single MCP
+ * content part per spec, but we tolerate an array too. Text-first via
+ * `renderMcpContentParts` (strip + redact). Returns "" when nothing renders.
+ */
+export declare function renderPromptMessages(messages: McpPromptMessage[], opts?: {
+    redact?: (msg: string) => string;
+}): string;
+//# sourceMappingURL=prompts.d.ts.map

package/dist/mcp/prompts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/mcp/prompts.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGtE;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,EACzC,MAAM,EAAE,MAAM,EAAE,GACf;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAoC3E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,gBAAgB,EAAE,EAC5B,IAAI,GAAE;IAAE,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,CAAA;CAAO,GAC9C,MAAM,CAWR"}

package/dist/mcp/prompts.js

@@ -0,0 +1,71 @@
+import { renderMcpContentParts } from "./content.js";
+/**
+ * (5.4 D2) Parse slash-command tokens into a `prompts/get` argument map.
+ *
+ * - **No declared args** → `{}` (surplus tokens ignored).
+ * - **Named mode** — iff EVERY token is `key=value` (key a valid identifier)
+ *   AND every key is a declared arg name → `{key: value}`.
+ * - **Positional mode** (default) — zip tokens to declared names in order;
+ *   surplus tokens space-rejoin into the LAST arg (so a free-text trailing
+ *   arg works: `/srv:summarize the whole file`).
+ * - Missing **required** args → `{ ok: false, error }` with a usage hint; the
+ *   caller surfaces it and does NOT fire a model turn.
+ */
+export function parsePromptArgs(declared, tokens) {
+    const decl = declared ?? [];
+    if (decl.length === 0)
+        return { ok: true, args: {} };
+    const names = decl.map((a) => a.name);
+    const nameSet = new Set(names);
+    const args = {};
+    const looksNamed = tokens.length > 0 && tokens.every((t) => /^[A-Za-z_][\w-]*=/.test(t));
+    const allKeysKnown = looksNamed && tokens.every((t) => nameSet.has(t.slice(0, t.indexOf("="))));
+    if (looksNamed && allKeysKnown) {
+        for (const t of tokens) {
+            const eq = t.indexOf("=");
+            args[t.slice(0, eq)] = t.slice(eq + 1);
+        }
+    }
+    else {
+        // Positional: zip; the surplus joins into the last declared arg.
+        for (let i = 0; i < names.length; i++) {
+            const name = names[i];
+            if (i < names.length - 1) {
+                if (tokens[i] !== undefined)
+                    args[name] = tokens[i];
+            }
+            else {
+                const rest = tokens.slice(i);
+                if (rest.length > 0)
+                    args[name] = rest.join(" ");
+            }
+        }
+    }
+    const missing = decl.filter((a) => a.required && !args[a.name]).map((a) => a.name);
+    if (missing.length > 0) {
+        const usage = decl.map((a) => (a.required ? `<${a.name}>` : `[${a.name}]`)).join(" ");
+        return { ok: false, error: `missing required argument(s): ${missing.join(", ")} — usage: ${usage}` };
+    }
+    return { ok: true, args };
+}
+/**
+ * (5.4) Render `prompts/get` messages into a single user-turn string. Most MCP
+ * prompts return one user message; multi-message prompts are flattened (assistant
+ * messages prefixed `[assistant]`). Each message's `content` is a single MCP
+ * content part per spec, but we tolerate an array too. Text-first via
+ * `renderMcpContentParts` (strip + redact). Returns "" when nothing renders.
+ */
+export function renderPromptMessages(messages, opts = {}) {
+    const blocks = [];
+    for (const m of messages) {
+        const parts = Array.isArray(m.content)
+            ? m.content
+            : [m.content];
+        const text = renderMcpContentParts(parts, opts);
+        if (!text)
+            continue;
+        blocks.push(m.role === "assistant" ? `[assistant]\n${text}` : text);
+    }
+    return blocks.join("\n\n");
+}
+//# sourceMappingURL=prompts.js.map

package/dist/mcp/prompts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/mcp/prompts.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAE1E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAyC,EACzC,MAAgB;IAEhB,MAAM,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;IAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAErD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,IAAI,GAA2B,EAAE,CAAC;IAExC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,MAAM,YAAY,GAChB,UAAU,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7E,IAAI,UAAU,IAAI,YAAY,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,iEAAiE;QACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;YACvB,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,SAAS;oBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC7B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACnF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,KAAK,EAAE,EAAE,CAAC;IACvG,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAA4B,EAC5B,OAA6C,EAAE;IAE/C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAqB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YACtD,CAAC,CAAE,CAAC,CAAC,OAA4B;YACjC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAyB,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC"}

package/dist/mcp/redact.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Scrubs sensitive substrings from a string. Used by the MCP client/host to
+ * sanitize errors before they hit the bus, the logger, transcript plugins,
+ * or `/mcp test` output. Mirrors the redactor pattern in
+ * `packages/ai/src/adapters/ai-sdk.ts` — when an HTTP transport throws with
+ * a bearer token or env-var value in the message (some servers echo
+ * `Authorization` headers in 4xx bodies), the original string must never
+ * reach the user-facing channels.
+ *
+ * Short secrets (< 8 chars) are not redacted — too many false positives on
+ * innocuous substrings, and a token of 8+ chars is the practical floor for
+ * anything worth protecting.
+ *
+ * (3.7) The returned callable carries a mutable `.add(secrets)` method so
+ * OAuth tokens / refresh tokens / PKCE verifiers discovered at runtime can
+ * join the scrub set on save WITHOUT having to rebuild the redactor (which
+ * would invalidate the reference held by every already-wired callsite).
+ * Strings shorter than 8 chars are silently ignored — same floor as the
+ * constructor.
+ */
+export interface RuntimeRedactor {
+    (msg: string): string;
+    /** Extend the scrub set in place. Re-sorts longest-first lazily so a new
+     *  short secret doesn't clobber an existing long-prefix scrub on the
+     *  next call. */
+    add(secrets: readonly string[]): void;
+}
+export declare function buildRedactor(secrets: ReadonlyArray<string | undefined>): RuntimeRedactor;
+/**
+ * Collects every substring that should be considered a secret for one
+ * server's lifetime: header values, URL userinfo, URL query values, and
+ * env-var values from a stdio launch. Used by `McpHost` when wiring each
+ * `McpClient`.
+ *
+ * Defense-in-depth: the *raw URL* is always added too, even when it parses
+ * cleanly. A malformed-URL error (`new URL("https://x?token=secret bad")`
+ * throwing) would otherwise echo the full URL with embedded secrets into
+ * logs while the parsed query-value bag is empty. Adding the raw URL means
+ * any string-replace pass scrubs it wholesale; the cost is that the user's
+ * own URL shows up as `[REDACTED]` in errors, which is acceptable for a
+ * defense layer (the user can read their config to see the URL).
+ */
+export declare function collectSecrets(input: {
+    env?: Record<string, string>;
+    headers?: Record<string, string>;
+    url?: string;
+}): string[];
+/**
+ * Removes ANSI / OSC / other CSI control sequences from MCP-rendered text
+ * before it reaches the bus / TUI / transcript. A malicious server (or a
+ * carelessly-pasted shell output from a benign one) can otherwise emit
+ * cursor moves, clipboard hijacks (OSC 52), or terminal-title escapes that
+ * affect the host terminal.
+ *
+ * (5.7) Now the shared **conservative** variant from `@chances-ai/runtime`
+ * (`text-sanitize.ts`): only `ESC [ … letter` (CSI), `ESC ] … BEL|ST` (OSC),
+ * and `ESC @`..`ESC _` — deliberately NOT every non-printable byte, because
+ * MCP tools legitimately return tabs / newlines / form-feed in code snippets.
+ * Kept distinct from the model-output `stripAnsi` for exactly that reason.
+ */
+export { stripTerminalControls } from "@chances-ai/runtime";
+//# sourceMappingURL=redact.d.ts.map

package/dist/mcp/redact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../../src/mcp/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB;;qBAEiB;IACjB,GAAG,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;CACvC;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,eAAe,CA4BzF;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE;IACpC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,MAAM,EAAE,CAkBX;AAED;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/mcp/redact.js

@@ -0,0 +1,87 @@
+export function buildRedactor(secrets) {
+    // Mutable set — the closure below sees changes from `.add()`.
+    const set = new Set();
+    for (const s of secrets) {
+        if (typeof s === "string" && s.length >= 8)
+            set.add(s);
+    }
+    // Lazy-sorted scrub list — invalidated whenever `set` mutates.
+    let sorted = undefined;
+    const fn = ((msg) => {
+        if (set.size === 0)
+            return msg;
+        if (!sorted)
+            sorted = [...set].sort((a, b) => b.length - a.length);
+        let out = msg;
+        for (const s of sorted) {
+            out = out.split(s).join("[REDACTED]");
+        }
+        return out;
+    });
+    fn.add = (more) => {
+        let mutated = false;
+        for (const s of more) {
+            if (typeof s === "string" && s.length >= 8 && !set.has(s)) {
+                set.add(s);
+                mutated = true;
+            }
+        }
+        if (mutated)
+            sorted = undefined;
+    };
+    return fn;
+}
+/**
+ * Collects every substring that should be considered a secret for one
+ * server's lifetime: header values, URL userinfo, URL query values, and
+ * env-var values from a stdio launch. Used by `McpHost` when wiring each
+ * `McpClient`.
+ *
+ * Defense-in-depth: the *raw URL* is always added too, even when it parses
+ * cleanly. A malformed-URL error (`new URL("https://x?token=secret bad")`
+ * throwing) would otherwise echo the full URL with embedded secrets into
+ * logs while the parsed query-value bag is empty. Adding the raw URL means
+ * any string-replace pass scrubs it wholesale; the cost is that the user's
+ * own URL shows up as `[REDACTED]` in errors, which is acceptable for a
+ * defense layer (the user can read their config to see the URL).
+ */
+export function collectSecrets(input) {
+    const out = [];
+    for (const v of Object.values(input.env ?? {}))
+        out.push(v);
+    for (const v of Object.values(input.headers ?? {}))
+        out.push(v);
+    if (input.url) {
+        // Always include the raw URL so even an unparseable URL gets scrubbed
+        // out of error messages that quote it back.
+        out.push(input.url);
+        try {
+            const u = new URL(input.url);
+            if (u.username)
+                out.push(u.username);
+            if (u.password)
+                out.push(u.password);
+            for (const [, v] of u.searchParams)
+                out.push(v);
+        }
+        catch {
+            // The raw URL above is the fallback when parsing fails.
+        }
+    }
+    return out;
+}
+/**
+ * Removes ANSI / OSC / other CSI control sequences from MCP-rendered text
+ * before it reaches the bus / TUI / transcript. A malicious server (or a
+ * carelessly-pasted shell output from a benign one) can otherwise emit
+ * cursor moves, clipboard hijacks (OSC 52), or terminal-title escapes that
+ * affect the host terminal.
+ *
+ * (5.7) Now the shared **conservative** variant from `@chances-ai/runtime`
+ * (`text-sanitize.ts`): only `ESC [ … letter` (CSI), `ESC ] … BEL|ST` (OSC),
+ * and `ESC @`..`ESC _` — deliberately NOT every non-printable byte, because
+ * MCP tools legitimately return tabs / newlines / form-feed in code snippets.
+ * Kept distinct from the model-output `stripAnsi` for exactly that reason.
+ */
+export { stripTerminalControls } from "@chances-ai/runtime";
+//# sourceMappingURL=redact.js.map

package/dist/mcp/redact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.js","sourceRoot":"","sources":["../../src/mcp/redact.ts"],"names":[],"mappings":"AA4BA,MAAM,UAAU,aAAa,CAAC,OAA0C;IACtE,8DAA8D;IAC9D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,+DAA+D;IAC/D,IAAI,MAAM,GAAyB,SAAS,CAAC;IAC7C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAW,EAAU,EAAE;QAClC,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAC/B,IAAI,CAAC,MAAM;YAAE,MAAM,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;QACnE,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAoB,CAAC;IACtB,EAAE,CAAC,GAAG,GAAG,CAAC,IAAuB,EAAQ,EAAE;QACzC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACX,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QACD,IAAI,OAAO;YAAE,MAAM,GAAG,SAAS,CAAC;IAClC,CAAC,CAAC;IACF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,cAAc,CAAC,KAI9B;IACC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,CAAC;QAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5D,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;QAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChE,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,sEAAsE;QACtE,4CAA4C;QAC5C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,CAAC,QAAQ;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,CAAC,QAAQ;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACrC,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}