@defend-tech/opencode-optima 0.1.39 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -9248,12 +9248,16 @@ async function validateClickUpWebhookState(state, config, clickupClient = null,
9248
9248
  }
9249
9249
  return { valid: true, mode: "local_state", state: { ...state, lastValidatedAt: (/* @__PURE__ */ new Date()).toISOString() }, limitation: "ClickUp API validation unavailable; Optima trusts ignored local runtime state only after id/secret/config checks." };
9250
9250
  }
9251
- async function ensureClickUpWebhookSubscription({ validation, worktree, clickupClient = null } = {}) {
9251
+ function clickUpWebhookValidationFromConfig(config = null) {
9252
+ if (!config) return { complete: false, ok: false, errors: ["clickup_config_unavailable"] };
9253
+ return { complete: true, ok: true, enabled: true, config, errors: [] };
9254
+ }
9255
+ async function ensureClickUpWebhookSubscription({ validation, worktree, clickupClient = null, existingState = null } = {}) {
9252
9256
  if (!validation?.complete) {
9253
9257
  return { active: false, valid: false, reason: "config_incomplete", errors: validation?.errors || [] };
9254
9258
  }
9255
9259
  const { config } = validation;
9256
- const existing = readClickUpWebhookState(worktree, config);
9260
+ const existing = existingState ? sanitizeClickUpWebhookState(existingState, config) : readClickUpWebhookState(worktree, config);
9257
9261
  const existingValidation = await validateClickUpWebhookState(existing, config, clickupClient, { allowRemoteUnhealthyLocalRecovery: true });
9258
9262
  if (existingValidation.valid) {
9259
9263
  const state = writeClickUpWebhookState(worktree, { ...existingValidation.state, recentEventKeys: existing.recentEventKeys || [] }, config);
@@ -9306,6 +9310,30 @@ function verifyClickUpSignature(rawBody, signatureHeader, secret) {
9306
9310
  const wanted = Buffer.from(expected, "hex");
9307
9311
  return given.length === wanted.length && crypto.timingSafeEqual(given, wanted);
9308
9312
  }
9313
+ async function resyncClickUpWebhookForSignatureDrift({ rawBody, signature, config, state = {}, worktree = process.cwd(), clickupClient, saveState } = {}) {
9314
+ const validation = clickUpWebhookValidationFromConfig(config);
9315
+ if (!clickupClient?.listWebhooks && !clickupClient?.createWebhook) {
9316
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_skipped", reason: "clickup_client_unavailable", webhookId: state?.webhookId || null });
9317
+ return { ok: false, reason: "clickup_client_unavailable", state };
9318
+ }
9319
+ try {
9320
+ const resync = await ensureClickUpWebhookSubscription({ validation, worktree, clickupClient, existingState: state });
9321
+ if (!resync?.valid || !resync?.state?.secret) {
9322
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_failed", reason: resync?.reason || "resync_failed", webhookId: state?.webhookId || null });
9323
+ return { ok: false, reason: resync?.reason || "resync_failed", resync, state };
9324
+ }
9325
+ if (!verifyClickUpSignature(rawBody, signature, resync.state.secret)) {
9326
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_unverified", reason: "invalid_signature_after_resync", oldWebhookId: state?.webhookId || null, webhookId: resync.state.webhookId || null, mode: resync.mode || null });
9327
+ return { ok: false, reason: "invalid_signature_after_resync", resync, state: resync.state };
9328
+ }
9329
+ if (saveState) saveState(resync.state);
9330
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_verified", oldWebhookId: state?.webhookId || null, webhookId: resync.state.webhookId || null, mode: resync.mode || null });
9331
+ return { ok: true, state: resync.state, resync };
9332
+ } catch (error) {
9333
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_error", webhookId: state?.webhookId || null, message: error.message });
9334
+ return { ok: false, reason: "resync_error", error: error.message, state };
9335
+ }
9336
+ }
9309
9337
  function clickUpWebhookEventKey(payload = {}) {
9310
9338
  const history = Array.isArray(payload.history_items) ? payload.history_items[0] : payload.history_item;
9311
9339
  const comment = payload.comment || history?.comment || {};
@@ -9672,7 +9700,7 @@ async function applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason,
9672
9700
  return { ok: false, error: error.message, tagName };
9673
9701
  }
9674
9702
  }
9675
- async function deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent, text, directory, opencodeBaseUrl, eventMarkers = [], verifySessionEventDelivery = verifyOpenCodeSessionEventDelivery } = {}) {
9703
+ async function deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent, text, directory, opencodeBaseUrl, eventMarkers = [], verifySessionEventDelivery = verifyOpenCodeSessionEventDelivery, applyBlockerOnFailure = true } = {}) {
9676
9704
  const beforeMessages = await readOpenCodeSessionMessages(openCodeClient, { sessionId, limit: 50 }).catch(() => null);
9677
9705
  await sendSessionEvent(openCodeClient, { sessionId, agent, text, directory, opencodeBaseUrl });
9678
9706
  let verification = await verifySessionEventDelivery(openCodeClient, { sessionId, beforeMessages, expectedText: text, markers: eventMarkers });
@@ -9686,9 +9714,50 @@ async function deliverClickUpSessionEventWithVerification({ openCodeClient, send
9686
9714
  }
9687
9715
  const reason = verification?.reason || "message_delivery_failed";
9688
9716
  appendClickUpWebhookLocalLog(worktree, { type: "message_delivery_failed", taskId, sessionId, reason, fallbackAttempted: canFallbackDirect });
9717
+ if (!applyBlockerOnFailure) return { ok: false, action: "message_delivery_failed", reason, taskId, sessionId, fallbackAttempted: canFallbackDirect };
9689
9718
  const blocker = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason, source: canFallbackDirect ? "delivery_fallback_failed" : "delivery_verification_failed" });
9690
9719
  return { ok: false, action: "message_delivery_failed", reason, taskId, sessionId, fallbackAttempted: canFallbackDirect, blockerTag: blocker };
9691
9720
  }
9721
+ async function recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers = [], deliveryEvidencePath, evidencePath, eventKey, createSession, verifySessionEventDelivery } = {}) {
9722
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_started", taskId, staleSessionId, worktree: taskRoute?.worktree });
9723
+ let replacementSessionId = "";
9724
+ try {
9725
+ replacementSessionId = await createSession(openCodeClient, { title: `${sessionTitle} (recovery)`, directory: taskRoute.worktree, agent: config.routing.targetAgent });
9726
+ } catch (error) {
9727
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_create_failed", taskId, staleSessionId, message: error.message });
9728
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "replacement_session_create_failed", source: "pm_session_recovery" });
9729
+ return { ok: false, action: "message_delivery_failed", reason: "replacement_session_create_failed", taskId, sessionId: staleSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9730
+ }
9731
+ if (!String(replacementSessionId || "").startsWith("ses_")) {
9732
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_create_invalid", taskId, staleSessionId, replacementSessionId });
9733
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "replacement_session_create_failed", source: "pm_session_recovery" });
9734
+ return { ok: false, action: "message_delivery_failed", reason: "replacement_session_create_failed", taskId, sessionId: staleSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9735
+ }
9736
+ const replacementDelivery = await deliverClickUpSessionEventWithVerification({
9737
+ openCodeClient,
9738
+ sendSessionEvent,
9739
+ clickupClient,
9740
+ worktree,
9741
+ taskId,
9742
+ sessionId: replacementSessionId,
9743
+ agent: config.routing.targetAgent,
9744
+ text: prompt,
9745
+ directory: taskRoute.worktree,
9746
+ opencodeBaseUrl: config.opencode?.baseUrl,
9747
+ eventMarkers,
9748
+ verifySessionEventDelivery,
9749
+ applyBlockerOnFailure: false
9750
+ });
9751
+ if (!replacementDelivery.ok) {
9752
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_delivery_failed", taskId, staleSessionId, replacementSessionId, reason: replacementDelivery.reason });
9753
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: replacementDelivery.reason || "replacement_delivery_failed", source: "pm_session_recovery" });
9754
+ return { ...replacementDelivery, sessionId: staleSessionId, replacementSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9755
+ }
9756
+ const replacementMetadata = clearClickUpPendingSessionMetadata(setClickUpSessionMetadata(metadataWithRouting, config.routing.metadataKey, replacementSessionId), config.routing.metadataKey);
9757
+ await clickupClient.updateTaskMetadata({ taskId, fieldId: config.routing.metadataFieldId, value: replacementMetadata });
9758
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_succeeded", taskId, staleSessionId, replacementSessionId });
9759
+ return { ok: true, action: "sent_to_replacement_session", taskId, sessionId: replacementSessionId, staleSessionId, replacementAttempted: true, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath, deliveryVerification: replacementDelivery.verification, deliveryFallback: replacementDelivery.fallback };
9760
+ }
9692
9761
  function formatClickUpWebhookPrompt({ eventType, taskId, payload, branch = "", worktree = "", deliveryEvidencePath = "" }) {
9693
9762
  const comment = clickUpCommentFromPayload(payload);
9694
9763
  const commentText = clickUpCommentText(comment).trim();
@@ -9765,7 +9834,7 @@ async function cleanupManagedClickUpWebhook(entry = {}, { timeoutMs = CLICKUP_WE
9765
9834
  if (entry.listenerRegistry && entry.listener?.key) entry.listenerRegistry.delete(entry.listener.key);
9766
9835
  const preservedResult = { ok: true, skipped: true, reason: "remote_webhook_preserved" };
9767
9836
  clickUpWebhookLifecycleLog(entry.worktree, { type: "remote_webhook_preserved", reason, webhookId: entry.state?.webhookId });
9768
- markClickUpWebhookInactive(entry.worktree, entry.state, entry.config);
9837
+ writeClickUpWebhookState(entry.worktree, { ...entry.state, listener: {}, lastValidatedAt: (/* @__PURE__ */ new Date()).toISOString() }, entry.config);
9769
9838
  activeClickUpWebhookLifecycleRegistry.delete(entry.key);
9770
9839
  clickUpWebhookLifecycleLog(entry.worktree, { type: "cleanup_finished", reason, close_ok: closeResult.ok, remote_webhook: "preserved" });
9771
9840
  return { ok: closeResult.ok !== false, closeResult, deleteResult: preservedResult, preserveResult: preservedResult };
@@ -9940,8 +10009,8 @@ async function routeClickUpWebhookEventUnlocked({ payload, config, state = {}, w
9940
10009
  } catch (error) {
9941
10010
  const message = `Optima webhook could not create or reuse a task worktree for ${taskId}: ${error.message}`;
9942
10011
  appendClickUpWebhookLocalLog(worktree, { type: "task_worktree_failed", taskId, message });
9943
- const blockerTag2 = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "task_worktree_failed", source: "route_worktree" });
9944
- return { ok: false, action: "error", reason: "task_worktree_failed", taskId, message, blockerTag: blockerTag2 };
10012
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "task_worktree_failed", source: "route_worktree" });
10013
+ return { ok: false, action: "error", reason: "task_worktree_failed", taskId, message, blockerTag };
9945
10014
  }
9946
10015
  const deliveryEvidencePath = deliveryEvidencePathForClickUpTask(taskId);
9947
10016
  const routingMetadata = {
@@ -9982,14 +10051,17 @@ async function routeClickUpWebhookEventUnlocked({ payload, config, state = {}, w
9982
10051
  const sessionId = String(existingSessionId);
9983
10052
  if (await sessionExists(openCodeClient, sessionId)) {
9984
10053
  if (typeof clickupClient?.updateTaskMetadata === "function") await clickupClient.updateTaskMetadata({ taskId, fieldId: config.routing.metadataFieldId, value: metadataWithRouting });
9985
- const delivery = await deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent: config.routing.targetAgent, text: prompt, directory: taskRoute.worktree, opencodeBaseUrl: config.opencode?.baseUrl, eventMarkers: [taskId, eventType], verifySessionEventDelivery });
9986
- if (!delivery.ok) return finish({ ...delivery, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path });
10054
+ const delivery = await deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent: config.routing.targetAgent, text: prompt, directory: taskRoute.worktree, opencodeBaseUrl: config.opencode?.baseUrl, eventMarkers: [taskId, eventType], verifySessionEventDelivery, applyBlockerOnFailure: false });
10055
+ if (!delivery.ok) {
10056
+ const recovery2 = await recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId: sessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers: [taskId, eventType], deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, eventKey, createSession, verifySessionEventDelivery });
10057
+ return finish(recovery2);
10058
+ }
9987
10059
  return finish({ ok: true, action: "sent_to_existing_session", taskId, sessionId, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, deliveryVerification: delivery.verification, deliveryFallback: delivery.fallback });
9988
10060
  }
9989
10061
  const at = now().toISOString();
9990
10062
  appendClickUpWebhookLocalLog(worktree, { type: "missing_session", taskId, sessionId, host, at });
9991
- const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "missing_session", source: "route_existing_session" });
9992
- return finish({ ok: true, action: "missing_session_reported", taskId, sessionId, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, blockerTag });
10063
+ const recovery = await recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId: sessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers: [taskId, eventType], deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, eventKey, createSession, verifySessionEventDelivery });
10064
+ return finish(recovery);
9993
10065
  }
9994
10066
  async function routeClickUpWebhookEvent(options = {}) {
9995
10067
  const taskId = clickUpTaskIdFromPayload(options.payload || {});
@@ -10097,15 +10169,16 @@ function clickUpWebhookExpectedPath(config) {
10097
10169
  return "/";
10098
10170
  }
10099
10171
  }
10100
- async function handleClickUpWebhookRequest({ method = "POST", url = null, headers = {}, rawBody = "", config, state, worktree, clickupClient, openCodeClient, saveState, now = () => /* @__PURE__ */ new Date() } = {}) {
10172
+ async function handleClickUpWebhookRequest({ method = "POST", url = null, headers = {}, rawBody = "", config, state, worktree, clickupClient, openCodeClient, saveState, now = () => /* @__PURE__ */ new Date(), sessionExists, createSession, sendSessionEvent, ensureTaskWorktree, verifySessionEventDelivery } = {}) {
10101
10173
  let payload = null;
10102
10174
  let handled = null;
10103
10175
  let authenticatedWebhook = false;
10104
10176
  let receivedAt = null;
10177
+ let activeState = state;
10105
10178
  const finish = (result) => {
10106
10179
  handled = result;
10107
10180
  receivedAt ??= now();
10108
- const auditState = authenticatedWebhook ? { ...state, lastWebhookAt: receivedAt.toISOString() } : state;
10181
+ const auditState = authenticatedWebhook ? { ...activeState, lastWebhookAt: receivedAt.toISOString() } : activeState;
10109
10182
  if (saveState && authenticatedWebhook) saveState(auditState);
10110
10183
  writeClickUpWebhookAuditLog({ method, url, headers, rawBody, config, state: auditState, handled, payload, at: receivedAt });
10111
10184
  return result;
@@ -10120,7 +10193,11 @@ async function handleClickUpWebhookRequest({ method = "POST", url = null, header
10120
10193
  const bodyBytes = Buffer.isBuffer(rawBody) ? rawBody.length : Buffer.byteLength(String(rawBody || ""));
10121
10194
  if (bodyBytes > maxBodyBytes) return finish({ ok: false, status: 413, reason: "body_too_large" });
10122
10195
  const signature = headers["x-signature"] || headers["X-Signature"];
10123
- if (!verifyClickUpSignature(rawBody, signature, state?.secret)) return finish({ ok: false, status: 401, reason: "invalid_signature" });
10196
+ if (!verifyClickUpSignature(rawBody, signature, activeState?.secret)) {
10197
+ const resync = await resyncClickUpWebhookForSignatureDrift({ rawBody, signature, config, state: activeState, worktree, clickupClient, saveState });
10198
+ if (!resync.ok) return finish({ ok: false, status: 401, reason: "invalid_signature", resync: { attempted: true, reason: resync.reason } });
10199
+ activeState = resync.state;
10200
+ }
10124
10201
  authenticatedWebhook = true;
10125
10202
  receivedAt = now();
10126
10203
  try {
@@ -10128,8 +10205,8 @@ async function handleClickUpWebhookRequest({ method = "POST", url = null, header
10128
10205
  } catch {
10129
10206
  return finish({ ok: false, status: 400, reason: "invalid_json" });
10130
10207
  }
10131
- const receivedState = { ...state, lastWebhookAt: receivedAt.toISOString() };
10132
- const result = await routeClickUpWebhookEvent({ payload, config, state: receivedState, worktree, clickupClient, openCodeClient, saveState });
10208
+ const receivedState = { ...activeState, lastWebhookAt: receivedAt.toISOString() };
10209
+ const result = await routeClickUpWebhookEvent({ payload, config, state: receivedState, worktree, clickupClient, openCodeClient, saveState, sessionExists, createSession, sendSessionEvent, ensureTaskWorktree, verifySessionEventDelivery });
10133
10210
  return finish({ ok: result.ok, status: result.ok ? 200 : 422, result });
10134
10211
  } catch (error) {
10135
10212
  writeClickUpWebhookAuditLog({ method, url, headers, rawBody, config, state, handled, error, payload, at: now() });
@@ -11869,7 +11946,7 @@ Follow-up: use optima_prompt_workflow with session_id '${sessionId}' to check in
11869
11946
  }
11870
11947
  };
11871
11948
  }
11872
- OptimaPlugin.__internals = { BUNDLE_AGENTS_DIR, BUNDLE_ASSETS_DIR, CLICKUP_DEFINITION_DOC_PARENT, activeClickUpWebhookLifecycleRegistry, cleanupManagedClickUpWebhook, deleteClickUpWebhookBestEffort, BUNDLE_POLICIES_DIR, buildClickUpApplyPayloadResult, buildClickUpCreateSubtasksPayload, buildClickUpStartTaskPayload, buildClickUpSummaryPayload, buildClickUpTransitionPayload, buildOptimaAgents, clickUpCommentLedgerKey, clickUpCommentMentionsProductManager, clickUpWebhookAuditLogDir, clickUpWebhookAuditLogPath, createClickUpApiClient, deliveryEvidencePathForClickUpTask, ensureClickUpTaskWorktree, ensureClickUpWebhookSubscription, handleClickUpWebhookRequest, isClickUpWebhookStateActive, normalizeClickUpWebhookConfig, normalizeClickUpWebhookLogLevel, normalizeOpenCodeBaseUrl, readClickUpCommentLedger, readClickUpWebhookState, reconcileClickUpStartup, recordClickUpCommentVersionProcessed, resolveOptimaPluginOptions, resolveSecretReference, routeClickUpWebhookEvent, sendOpenCodeSessionEvent, sendOpenCodeSessionEventDirect, verifyOpenCodeSessionEventDelivery, stableClickUpCommentVersionMarker, startClickUpWebhookListener, validateClickUpWebhookState, verifyClickUpSignature, writeClickUpWebhookState, decideClickUpStatusAction, deriveClickUpBranchName, deriveClickUpPendingSubtaskBranch, deriveClickUpPrTarget, deriveClickUpWorktree, determineClickUpMergeAuthority, ensureOptimaGitignoreRules, explicitSafeInputWorktree, finalApprovalAssignees, formatValidationResult, isIgnoredClickUpTaskType, isOptimaPluginPackageWorktree, isSafeWritableDirectory, loadHumansRegistry, mergeClickUpAgentMetadata, mergeClickUpSessionMetadata, migrateLegacyOptimaLayout, normalizeAgentMetadataJson, normalizeClickUpStatus, normalizeClickUpTaskType, normalizePromptResponseParts, normalizeWorkflowTaskPath, parseClickUpSubtasksMarkdown, parseHumansRegistry, parseMarkdownArtifact, parseMarkdownSections, preEstimateClickUpWork, readMarkdownArtifact, resolveHumanRoles, resolveSafeWorktree, safeWorktreeOrFailure, stripRawLogSections, validateMainWorkspaceBranchSafety, workflowFinalMessageFromPromptResponse };
11949
+ OptimaPlugin.__internals = { BUNDLE_AGENTS_DIR, BUNDLE_ASSETS_DIR, CLICKUP_DEFINITION_DOC_PARENT, activeClickUpWebhookLifecycleRegistry, cleanupManagedClickUpWebhook, deleteClickUpWebhookBestEffort, BUNDLE_POLICIES_DIR, buildClickUpApplyPayloadResult, buildClickUpCreateSubtasksPayload, buildClickUpStartTaskPayload, buildClickUpSummaryPayload, buildClickUpTransitionPayload, buildOptimaAgents, clickUpCommentLedgerKey, clickUpCommentMentionsProductManager, clickUpWebhookAuditLogDir, clickUpWebhookAuditLogPath, createClickUpApiClient, deliveryEvidencePathForClickUpTask, ensureClickUpTaskWorktree, ensureClickUpWebhookSubscription, handleClickUpWebhookRequest, isClickUpWebhookStateActive, normalizeClickUpWebhookConfig, normalizeClickUpWebhookLogLevel, normalizeOpenCodeBaseUrl, readClickUpCommentLedger, readClickUpWebhookState, reconcileClickUpStartup, recordClickUpCommentVersionProcessed, resyncClickUpWebhookForSignatureDrift, resolveOptimaPluginOptions, resolveSecretReference, routeClickUpWebhookEvent, sendOpenCodeSessionEvent, sendOpenCodeSessionEventDirect, verifyOpenCodeSessionEventDelivery, stableClickUpCommentVersionMarker, startClickUpWebhookListener, validateClickUpWebhookState, verifyClickUpSignature, writeClickUpWebhookState, decideClickUpStatusAction, deriveClickUpBranchName, deriveClickUpPendingSubtaskBranch, deriveClickUpPrTarget, deriveClickUpWorktree, determineClickUpMergeAuthority, ensureOptimaGitignoreRules, explicitSafeInputWorktree, finalApprovalAssignees, formatValidationResult, isIgnoredClickUpTaskType, isOptimaPluginPackageWorktree, isSafeWritableDirectory, loadHumansRegistry, mergeClickUpAgentMetadata, mergeClickUpSessionMetadata, migrateLegacyOptimaLayout, normalizeAgentMetadataJson, normalizeClickUpStatus, normalizeClickUpTaskType, normalizePromptResponseParts, normalizeWorkflowTaskPath, parseClickUpSubtasksMarkdown, parseHumansRegistry, parseMarkdownArtifact, parseMarkdownSections, preEstimateClickUpWork, readMarkdownArtifact, resolveHumanRoles, resolveSafeWorktree, safeWorktreeOrFailure, stripRawLogSections, validateMainWorkspaceBranchSafety, workflowFinalMessageFromPromptResponse };
11873
11950
  export {
11874
11951
  OptimaPlugin as default
11875
11952
  };
@@ -9255,12 +9255,16 @@ async function validateClickUpWebhookState(state, config, clickupClient = null,
9255
9255
  }
9256
9256
  return { valid: true, mode: "local_state", state: { ...state, lastValidatedAt: (/* @__PURE__ */ new Date()).toISOString() }, limitation: "ClickUp API validation unavailable; Optima trusts ignored local runtime state only after id/secret/config checks." };
9257
9257
  }
9258
- async function ensureClickUpWebhookSubscription({ validation, worktree, clickupClient = null } = {}) {
9258
+ function clickUpWebhookValidationFromConfig(config = null) {
9259
+ if (!config) return { complete: false, ok: false, errors: ["clickup_config_unavailable"] };
9260
+ return { complete: true, ok: true, enabled: true, config, errors: [] };
9261
+ }
9262
+ async function ensureClickUpWebhookSubscription({ validation, worktree, clickupClient = null, existingState = null } = {}) {
9259
9263
  if (!validation?.complete) {
9260
9264
  return { active: false, valid: false, reason: "config_incomplete", errors: validation?.errors || [] };
9261
9265
  }
9262
9266
  const { config } = validation;
9263
- const existing = readClickUpWebhookState(worktree, config);
9267
+ const existing = existingState ? sanitizeClickUpWebhookState(existingState, config) : readClickUpWebhookState(worktree, config);
9264
9268
  const existingValidation = await validateClickUpWebhookState(existing, config, clickupClient, { allowRemoteUnhealthyLocalRecovery: true });
9265
9269
  if (existingValidation.valid) {
9266
9270
  const state = writeClickUpWebhookState(worktree, { ...existingValidation.state, recentEventKeys: existing.recentEventKeys || [] }, config);
@@ -9313,6 +9317,30 @@ function verifyClickUpSignature(rawBody, signatureHeader, secret) {
9313
9317
  const wanted = Buffer.from(expected, "hex");
9314
9318
  return given.length === wanted.length && crypto.timingSafeEqual(given, wanted);
9315
9319
  }
9320
+ async function resyncClickUpWebhookForSignatureDrift({ rawBody, signature, config, state = {}, worktree = process.cwd(), clickupClient, saveState } = {}) {
9321
+ const validation = clickUpWebhookValidationFromConfig(config);
9322
+ if (!clickupClient?.listWebhooks && !clickupClient?.createWebhook) {
9323
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_skipped", reason: "clickup_client_unavailable", webhookId: state?.webhookId || null });
9324
+ return { ok: false, reason: "clickup_client_unavailable", state };
9325
+ }
9326
+ try {
9327
+ const resync = await ensureClickUpWebhookSubscription({ validation, worktree, clickupClient, existingState: state });
9328
+ if (!resync?.valid || !resync?.state?.secret) {
9329
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_failed", reason: resync?.reason || "resync_failed", webhookId: state?.webhookId || null });
9330
+ return { ok: false, reason: resync?.reason || "resync_failed", resync, state };
9331
+ }
9332
+ if (!verifyClickUpSignature(rawBody, signature, resync.state.secret)) {
9333
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_unverified", reason: "invalid_signature_after_resync", oldWebhookId: state?.webhookId || null, webhookId: resync.state.webhookId || null, mode: resync.mode || null });
9334
+ return { ok: false, reason: "invalid_signature_after_resync", resync, state: resync.state };
9335
+ }
9336
+ if (saveState) saveState(resync.state);
9337
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_verified", oldWebhookId: state?.webhookId || null, webhookId: resync.state.webhookId || null, mode: resync.mode || null });
9338
+ return { ok: true, state: resync.state, resync };
9339
+ } catch (error) {
9340
+ appendClickUpWebhookLocalLog(worktree, { type: "signature_resync_error", webhookId: state?.webhookId || null, message: error.message });
9341
+ return { ok: false, reason: "resync_error", error: error.message, state };
9342
+ }
9343
+ }
9316
9344
  function clickUpWebhookEventKey(payload = {}) {
9317
9345
  const history = Array.isArray(payload.history_items) ? payload.history_items[0] : payload.history_item;
9318
9346
  const comment = payload.comment || history?.comment || {};
@@ -9679,7 +9707,7 @@ async function applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason,
9679
9707
  return { ok: false, error: error.message, tagName };
9680
9708
  }
9681
9709
  }
9682
- async function deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent, text, directory, opencodeBaseUrl, eventMarkers = [], verifySessionEventDelivery = verifyOpenCodeSessionEventDelivery } = {}) {
9710
+ async function deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent, text, directory, opencodeBaseUrl, eventMarkers = [], verifySessionEventDelivery = verifyOpenCodeSessionEventDelivery, applyBlockerOnFailure = true } = {}) {
9683
9711
  const beforeMessages = await readOpenCodeSessionMessages(openCodeClient, { sessionId, limit: 50 }).catch(() => null);
9684
9712
  await sendSessionEvent(openCodeClient, { sessionId, agent, text, directory, opencodeBaseUrl });
9685
9713
  let verification = await verifySessionEventDelivery(openCodeClient, { sessionId, beforeMessages, expectedText: text, markers: eventMarkers });
@@ -9693,9 +9721,50 @@ async function deliverClickUpSessionEventWithVerification({ openCodeClient, send
9693
9721
  }
9694
9722
  const reason = verification?.reason || "message_delivery_failed";
9695
9723
  appendClickUpWebhookLocalLog(worktree, { type: "message_delivery_failed", taskId, sessionId, reason, fallbackAttempted: canFallbackDirect });
9724
+ if (!applyBlockerOnFailure) return { ok: false, action: "message_delivery_failed", reason, taskId, sessionId, fallbackAttempted: canFallbackDirect };
9696
9725
  const blocker = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason, source: canFallbackDirect ? "delivery_fallback_failed" : "delivery_verification_failed" });
9697
9726
  return { ok: false, action: "message_delivery_failed", reason, taskId, sessionId, fallbackAttempted: canFallbackDirect, blockerTag: blocker };
9698
9727
  }
9728
+ async function recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers = [], deliveryEvidencePath, evidencePath, eventKey, createSession, verifySessionEventDelivery } = {}) {
9729
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_started", taskId, staleSessionId, worktree: taskRoute?.worktree });
9730
+ let replacementSessionId = "";
9731
+ try {
9732
+ replacementSessionId = await createSession(openCodeClient, { title: `${sessionTitle} (recovery)`, directory: taskRoute.worktree, agent: config.routing.targetAgent });
9733
+ } catch (error) {
9734
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_create_failed", taskId, staleSessionId, message: error.message });
9735
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "replacement_session_create_failed", source: "pm_session_recovery" });
9736
+ return { ok: false, action: "message_delivery_failed", reason: "replacement_session_create_failed", taskId, sessionId: staleSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9737
+ }
9738
+ if (!String(replacementSessionId || "").startsWith("ses_")) {
9739
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_create_invalid", taskId, staleSessionId, replacementSessionId });
9740
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "replacement_session_create_failed", source: "pm_session_recovery" });
9741
+ return { ok: false, action: "message_delivery_failed", reason: "replacement_session_create_failed", taskId, sessionId: staleSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9742
+ }
9743
+ const replacementDelivery = await deliverClickUpSessionEventWithVerification({
9744
+ openCodeClient,
9745
+ sendSessionEvent,
9746
+ clickupClient,
9747
+ worktree,
9748
+ taskId,
9749
+ sessionId: replacementSessionId,
9750
+ agent: config.routing.targetAgent,
9751
+ text: prompt,
9752
+ directory: taskRoute.worktree,
9753
+ opencodeBaseUrl: config.opencode?.baseUrl,
9754
+ eventMarkers,
9755
+ verifySessionEventDelivery,
9756
+ applyBlockerOnFailure: false
9757
+ });
9758
+ if (!replacementDelivery.ok) {
9759
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_delivery_failed", taskId, staleSessionId, replacementSessionId, reason: replacementDelivery.reason });
9760
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: replacementDelivery.reason || "replacement_delivery_failed", source: "pm_session_recovery" });
9761
+ return { ...replacementDelivery, sessionId: staleSessionId, replacementSessionId, replacementAttempted: true, blockerTag, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath };
9762
+ }
9763
+ const replacementMetadata = clearClickUpPendingSessionMetadata(setClickUpSessionMetadata(metadataWithRouting, config.routing.metadataKey, replacementSessionId), config.routing.metadataKey);
9764
+ await clickupClient.updateTaskMetadata({ taskId, fieldId: config.routing.metadataFieldId, value: replacementMetadata });
9765
+ appendClickUpWebhookLocalLog(worktree, { type: "pm_session_recovery_succeeded", taskId, staleSessionId, replacementSessionId });
9766
+ return { ok: true, action: "sent_to_replacement_session", taskId, sessionId: replacementSessionId, staleSessionId, replacementAttempted: true, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath, deliveryVerification: replacementDelivery.verification, deliveryFallback: replacementDelivery.fallback };
9767
+ }
9699
9768
  function formatClickUpWebhookPrompt({ eventType, taskId, payload, branch = "", worktree = "", deliveryEvidencePath = "" }) {
9700
9769
  const comment = clickUpCommentFromPayload(payload);
9701
9770
  const commentText = clickUpCommentText(comment).trim();
@@ -9772,7 +9841,7 @@ async function cleanupManagedClickUpWebhook(entry = {}, { timeoutMs = CLICKUP_WE
9772
9841
  if (entry.listenerRegistry && entry.listener?.key) entry.listenerRegistry.delete(entry.listener.key);
9773
9842
  const preservedResult = { ok: true, skipped: true, reason: "remote_webhook_preserved" };
9774
9843
  clickUpWebhookLifecycleLog(entry.worktree, { type: "remote_webhook_preserved", reason, webhookId: entry.state?.webhookId });
9775
- markClickUpWebhookInactive(entry.worktree, entry.state, entry.config);
9844
+ writeClickUpWebhookState(entry.worktree, { ...entry.state, listener: {}, lastValidatedAt: (/* @__PURE__ */ new Date()).toISOString() }, entry.config);
9776
9845
  activeClickUpWebhookLifecycleRegistry.delete(entry.key);
9777
9846
  clickUpWebhookLifecycleLog(entry.worktree, { type: "cleanup_finished", reason, close_ok: closeResult.ok, remote_webhook: "preserved" });
9778
9847
  return { ok: closeResult.ok !== false, closeResult, deleteResult: preservedResult, preserveResult: preservedResult };
@@ -9947,8 +10016,8 @@ async function routeClickUpWebhookEventUnlocked({ payload, config, state = {}, w
9947
10016
  } catch (error) {
9948
10017
  const message = `Optima webhook could not create or reuse a task worktree for ${taskId}: ${error.message}`;
9949
10018
  appendClickUpWebhookLocalLog(worktree, { type: "task_worktree_failed", taskId, message });
9950
- const blockerTag2 = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "task_worktree_failed", source: "route_worktree" });
9951
- return { ok: false, action: "error", reason: "task_worktree_failed", taskId, message, blockerTag: blockerTag2 };
10019
+ const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "task_worktree_failed", source: "route_worktree" });
10020
+ return { ok: false, action: "error", reason: "task_worktree_failed", taskId, message, blockerTag };
9952
10021
  }
9953
10022
  const deliveryEvidencePath = deliveryEvidencePathForClickUpTask(taskId);
9954
10023
  const routingMetadata = {
@@ -9989,14 +10058,17 @@ async function routeClickUpWebhookEventUnlocked({ payload, config, state = {}, w
9989
10058
  const sessionId = String(existingSessionId);
9990
10059
  if (await sessionExists(openCodeClient, sessionId)) {
9991
10060
  if (typeof clickupClient?.updateTaskMetadata === "function") await clickupClient.updateTaskMetadata({ taskId, fieldId: config.routing.metadataFieldId, value: metadataWithRouting });
9992
- const delivery = await deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent: config.routing.targetAgent, text: prompt, directory: taskRoute.worktree, opencodeBaseUrl: config.opencode?.baseUrl, eventMarkers: [taskId, eventType], verifySessionEventDelivery });
9993
- if (!delivery.ok) return finish({ ...delivery, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path });
10061
+ const delivery = await deliverClickUpSessionEventWithVerification({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, sessionId, agent: config.routing.targetAgent, text: prompt, directory: taskRoute.worktree, opencodeBaseUrl: config.opencode?.baseUrl, eventMarkers: [taskId, eventType], verifySessionEventDelivery, applyBlockerOnFailure: false });
10062
+ if (!delivery.ok) {
10063
+ const recovery2 = await recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId: sessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers: [taskId, eventType], deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, eventKey, createSession, verifySessionEventDelivery });
10064
+ return finish(recovery2);
10065
+ }
9994
10066
  return finish({ ok: true, action: "sent_to_existing_session", taskId, sessionId, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, deliveryVerification: delivery.verification, deliveryFallback: delivery.fallback });
9995
10067
  }
9996
10068
  const at = now().toISOString();
9997
10069
  appendClickUpWebhookLocalLog(worktree, { type: "missing_session", taskId, sessionId, host, at });
9998
- const blockerTag = await applyClickUpBlockerTag({ clickupClient, worktree, taskId, reason: "missing_session", source: "route_existing_session" });
9999
- return finish({ ok: true, action: "missing_session_reported", taskId, sessionId, eventKey, branch: taskRoute.branch, worktree: taskRoute.worktree, deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, blockerTag });
10070
+ const recovery = await recoverClickUpPmSession({ openCodeClient, sendSessionEvent, clickupClient, worktree, taskId, staleSessionId: sessionId, sessionTitle, taskRoute, metadataWithRouting, config, prompt, eventMarkers: [taskId, eventType], deliveryEvidencePath, evidencePath: routingMetadata.evidence_path, eventKey, createSession, verifySessionEventDelivery });
10071
+ return finish(recovery);
10000
10072
  }
10001
10073
  async function routeClickUpWebhookEvent(options = {}) {
10002
10074
  const taskId = clickUpTaskIdFromPayload(options.payload || {});
@@ -10104,15 +10176,16 @@ function clickUpWebhookExpectedPath(config) {
10104
10176
  return "/";
10105
10177
  }
10106
10178
  }
10107
- async function handleClickUpWebhookRequest({ method = "POST", url = null, headers = {}, rawBody = "", config, state, worktree, clickupClient, openCodeClient, saveState, now = () => /* @__PURE__ */ new Date() } = {}) {
10179
+ async function handleClickUpWebhookRequest({ method = "POST", url = null, headers = {}, rawBody = "", config, state, worktree, clickupClient, openCodeClient, saveState, now = () => /* @__PURE__ */ new Date(), sessionExists, createSession, sendSessionEvent, ensureTaskWorktree, verifySessionEventDelivery } = {}) {
10108
10180
  let payload = null;
10109
10181
  let handled = null;
10110
10182
  let authenticatedWebhook = false;
10111
10183
  let receivedAt = null;
10184
+ let activeState = state;
10112
10185
  const finish = (result) => {
10113
10186
  handled = result;
10114
10187
  receivedAt ??= now();
10115
- const auditState = authenticatedWebhook ? { ...state, lastWebhookAt: receivedAt.toISOString() } : state;
10188
+ const auditState = authenticatedWebhook ? { ...activeState, lastWebhookAt: receivedAt.toISOString() } : activeState;
10116
10189
  if (saveState && authenticatedWebhook) saveState(auditState);
10117
10190
  writeClickUpWebhookAuditLog({ method, url, headers, rawBody, config, state: auditState, handled, payload, at: receivedAt });
10118
10191
  return result;
@@ -10127,7 +10200,11 @@ async function handleClickUpWebhookRequest({ method = "POST", url = null, header
10127
10200
  const bodyBytes = Buffer.isBuffer(rawBody) ? rawBody.length : Buffer.byteLength(String(rawBody || ""));
10128
10201
  if (bodyBytes > maxBodyBytes) return finish({ ok: false, status: 413, reason: "body_too_large" });
10129
10202
  const signature = headers["x-signature"] || headers["X-Signature"];
10130
- if (!verifyClickUpSignature(rawBody, signature, state?.secret)) return finish({ ok: false, status: 401, reason: "invalid_signature" });
10203
+ if (!verifyClickUpSignature(rawBody, signature, activeState?.secret)) {
10204
+ const resync = await resyncClickUpWebhookForSignatureDrift({ rawBody, signature, config, state: activeState, worktree, clickupClient, saveState });
10205
+ if (!resync.ok) return finish({ ok: false, status: 401, reason: "invalid_signature", resync: { attempted: true, reason: resync.reason } });
10206
+ activeState = resync.state;
10207
+ }
10131
10208
  authenticatedWebhook = true;
10132
10209
  receivedAt = now();
10133
10210
  try {
@@ -10135,8 +10212,8 @@ async function handleClickUpWebhookRequest({ method = "POST", url = null, header
10135
10212
  } catch {
10136
10213
  return finish({ ok: false, status: 400, reason: "invalid_json" });
10137
10214
  }
10138
- const receivedState = { ...state, lastWebhookAt: receivedAt.toISOString() };
10139
- const result = await routeClickUpWebhookEvent({ payload, config, state: receivedState, worktree, clickupClient, openCodeClient, saveState });
10215
+ const receivedState = { ...activeState, lastWebhookAt: receivedAt.toISOString() };
10216
+ const result = await routeClickUpWebhookEvent({ payload, config, state: receivedState, worktree, clickupClient, openCodeClient, saveState, sessionExists, createSession, sendSessionEvent, ensureTaskWorktree, verifySessionEventDelivery });
10140
10217
  return finish({ ok: result.ok, status: result.ok ? 200 : 422, result });
10141
10218
  } catch (error) {
10142
10219
  writeClickUpWebhookAuditLog({ method, url, headers, rawBody, config, state, handled, error, payload, at: now() });
@@ -11876,7 +11953,7 @@ Follow-up: use optima_prompt_workflow with session_id '${sessionId}' to check in
11876
11953
  }
11877
11954
  };
11878
11955
  }
11879
- OptimaPlugin.__internals = { BUNDLE_AGENTS_DIR, BUNDLE_ASSETS_DIR, CLICKUP_DEFINITION_DOC_PARENT, activeClickUpWebhookLifecycleRegistry, cleanupManagedClickUpWebhook, deleteClickUpWebhookBestEffort, BUNDLE_POLICIES_DIR, buildClickUpApplyPayloadResult, buildClickUpCreateSubtasksPayload, buildClickUpStartTaskPayload, buildClickUpSummaryPayload, buildClickUpTransitionPayload, buildOptimaAgents, clickUpCommentLedgerKey, clickUpCommentMentionsProductManager, clickUpWebhookAuditLogDir, clickUpWebhookAuditLogPath, createClickUpApiClient, deliveryEvidencePathForClickUpTask, ensureClickUpTaskWorktree, ensureClickUpWebhookSubscription, handleClickUpWebhookRequest, isClickUpWebhookStateActive, normalizeClickUpWebhookConfig, normalizeClickUpWebhookLogLevel, normalizeOpenCodeBaseUrl, readClickUpCommentLedger, readClickUpWebhookState, reconcileClickUpStartup, recordClickUpCommentVersionProcessed, resolveOptimaPluginOptions, resolveSecretReference, routeClickUpWebhookEvent, sendOpenCodeSessionEvent, sendOpenCodeSessionEventDirect, verifyOpenCodeSessionEventDelivery, stableClickUpCommentVersionMarker, startClickUpWebhookListener, validateClickUpWebhookState, verifyClickUpSignature, writeClickUpWebhookState, decideClickUpStatusAction, deriveClickUpBranchName, deriveClickUpPendingSubtaskBranch, deriveClickUpPrTarget, deriveClickUpWorktree, determineClickUpMergeAuthority, ensureOptimaGitignoreRules, explicitSafeInputWorktree, finalApprovalAssignees, formatValidationResult, isIgnoredClickUpTaskType, isOptimaPluginPackageWorktree, isSafeWritableDirectory, loadHumansRegistry, mergeClickUpAgentMetadata, mergeClickUpSessionMetadata, migrateLegacyOptimaLayout, normalizeAgentMetadataJson, normalizeClickUpStatus, normalizeClickUpTaskType, normalizePromptResponseParts, normalizeWorkflowTaskPath, parseClickUpSubtasksMarkdown, parseHumansRegistry, parseMarkdownArtifact, parseMarkdownSections, preEstimateClickUpWork, readMarkdownArtifact, resolveHumanRoles, resolveSafeWorktree, safeWorktreeOrFailure, stripRawLogSections, validateMainWorkspaceBranchSafety, workflowFinalMessageFromPromptResponse };
11956
+ OptimaPlugin.__internals = { BUNDLE_AGENTS_DIR, BUNDLE_ASSETS_DIR, CLICKUP_DEFINITION_DOC_PARENT, activeClickUpWebhookLifecycleRegistry, cleanupManagedClickUpWebhook, deleteClickUpWebhookBestEffort, BUNDLE_POLICIES_DIR, buildClickUpApplyPayloadResult, buildClickUpCreateSubtasksPayload, buildClickUpStartTaskPayload, buildClickUpSummaryPayload, buildClickUpTransitionPayload, buildOptimaAgents, clickUpCommentLedgerKey, clickUpCommentMentionsProductManager, clickUpWebhookAuditLogDir, clickUpWebhookAuditLogPath, createClickUpApiClient, deliveryEvidencePathForClickUpTask, ensureClickUpTaskWorktree, ensureClickUpWebhookSubscription, handleClickUpWebhookRequest, isClickUpWebhookStateActive, normalizeClickUpWebhookConfig, normalizeClickUpWebhookLogLevel, normalizeOpenCodeBaseUrl, readClickUpCommentLedger, readClickUpWebhookState, reconcileClickUpStartup, recordClickUpCommentVersionProcessed, resyncClickUpWebhookForSignatureDrift, resolveOptimaPluginOptions, resolveSecretReference, routeClickUpWebhookEvent, sendOpenCodeSessionEvent, sendOpenCodeSessionEventDirect, verifyOpenCodeSessionEventDelivery, stableClickUpCommentVersionMarker, startClickUpWebhookListener, validateClickUpWebhookState, verifyClickUpSignature, writeClickUpWebhookState, decideClickUpStatusAction, deriveClickUpBranchName, deriveClickUpPendingSubtaskBranch, deriveClickUpPrTarget, deriveClickUpWorktree, determineClickUpMergeAuthority, ensureOptimaGitignoreRules, explicitSafeInputWorktree, finalApprovalAssignees, formatValidationResult, isIgnoredClickUpTaskType, isOptimaPluginPackageWorktree, isSafeWritableDirectory, loadHumansRegistry, mergeClickUpAgentMetadata, mergeClickUpSessionMetadata, migrateLegacyOptimaLayout, normalizeAgentMetadataJson, normalizeClickUpStatus, normalizeClickUpTaskType, normalizePromptResponseParts, normalizeWorkflowTaskPath, parseClickUpSubtasksMarkdown, parseHumansRegistry, parseMarkdownArtifact, parseMarkdownSections, preEstimateClickUpWork, readMarkdownArtifact, resolveHumanRoles, resolveSafeWorktree, safeWorktreeOrFailure, stripRawLogSections, validateMainWorkspaceBranchSafety, workflowFinalMessageFromPromptResponse };
11880
11957
 
11881
11958
  // src/sanitize_cli.js
11882
11959
  var { migrateLegacyOptimaLayout: migrateLegacyOptimaLayout2 } = OptimaPlugin.__internals;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@defend-tech/opencode-optima",
3
- "version": "0.1.39",
3
+ "version": "0.1.42",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "git+ssh://git@github.com/defend-tech/opencode-optima.git"