npm - @gaodefa/daocore - Versions diffs - 2026.5.50 → 2026.5.52 - Mend

@gaodefa/daocore 2026.5.50 → 2026.5.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1722) hide show

package/dist/abort-DbmSukS6.js +277 -0
package/dist/abort.runtime-DfTphPUe.js +2 -0
package/dist/abort.runtime.js +1 -1
package/dist/account-inspect-CrOeeGkg.js +173 -0
package/dist/accounts-CF5wlCaC.js +119 -0
package/dist/accounts-CfFTGexZ.js +107 -0
package/dist/accounts-Cr9iBKG5.js +2 -0
package/dist/accounts-DdAZRSd-.js +107 -0
package/dist/acp/control-plane/manager.d.ts +2 -1
package/dist/acp-runtime-B1CfWEsR.js +26 -0
package/dist/acp-spawn-Bq8RHmXn.js +1275 -0
package/dist/acp-spawn-BxyX0qDU.js +2 -0
package/dist/acp-stateful-target-driver-y9Vk9ZkZ.js +89 -0
package/dist/action-kill-Xr3eQUBu.js +33 -0
package/dist/action-runtime-CweBFa8U.js +469 -0
package/dist/action-runtime-api-DZY1J62H.js +2 -0
package/dist/action-send-HdOQtFcz.js +39 -0
package/dist/action-spawn-DWrPplrX.js +47 -0
package/dist/actions-zZzXK7Ic.js +161 -0
package/dist/actions.runtime-CK0aV6y4.js +5 -0
package/dist/agent-command-DB0sppso.js +1367 -0
package/dist/agent-command-DKqx29vm.d.ts +105 -0
package/dist/agent-components.runtime-Drdzm2-F.js +10 -0
package/dist/agent-components.runtime.js +1 -1
package/dist/agent-harness-0S9shX6I.d.ts +146 -0
package/dist/agent-harness-runtime-Btzminw9.js +180 -0
package/dist/agent-harness-runtime-BzM-Zidp.d.ts +691 -0
package/dist/agent-harness-task-runtime-DWiDnwnT.js +140 -0
package/dist/agent-nenZtwAX.js +3 -0
package/dist/agent-runner-execution-Cun_PNBn.js +1713 -0
package/dist/agent-runner-utils-BfF--s17.js +266 -0
package/dist/agent-runner.runtime-vxDguHci.js +3455 -0
package/dist/agent-runner.runtime.js +1 -1
package/dist/agent-runtime-C5xeqCn8.js +229 -0
package/dist/agent-svdKN_62.js +2 -0
package/dist/agent-via-gateway-DQa8cmBa.js +463 -0
package/dist/agents/pi-embedded-runner/tool-split.d.ts +1 -1
package/dist/api-BQxP3H11.js +134 -0
package/dist/api-CT5SnVgO.js +2 -0
package/dist/api-CtX70NwR.js +2 -0
package/dist/api-CvUdFHq7.js +6 -0
package/dist/api-DG9oHhm4.js +639 -0
package/dist/api-DLICQ3uY.d.ts +52 -0
package/dist/api-DzfMdJ46.js +3 -0
package/dist/apply-D8UoOoVD.js +41 -0
package/dist/apply-DrHwBR1D.js +54 -0
package/dist/approval-handler.runtime-CT8PWJ9W.js +130 -0
package/dist/assistant-ByynDFnI.js +291 -0
package/dist/attachment-normalize-DEAS_ziY.js +225 -0
package/dist/attempt-execution-CQUmv8x2.js +558 -0
package/dist/attempt-execution.runtime-AZYQQuAv.js +3 -0
package/dist/attempt-execution.runtime.js +1 -1
package/dist/attempt-execution.shared-2ZOaCHct.js +38 -0
package/dist/attempt.prompt-helpers-B7ano4Xa.js +475 -0
package/dist/attempt.tool-run-context-DBta4Vhq.js +2094 -0
package/dist/binding-routing-DYUUioo1.js +113 -0
package/dist/binding-targets-DthC_zAF.js +121 -0
package/dist/bot-CHP8Hnzo.js +7894 -0
package/dist/bot-deps-CLDgPV_x.js +747 -0
package/dist/bot-deps-W9zVbYpY.js +2 -0
package/dist/bot-message-context.runtime-B1-gGjAv.js +7 -0
package/dist/bot-message-context.runtime.js +1 -1
package/dist/bot-message-context.session.runtime-DUtlPLJq.js +12 -0
package/dist/bot-message-context.session.runtime.js +1 -1
package/dist/bot-native-commands.delivery.runtime-B2_Sb8-0.js +4 -0
package/dist/bot-native-commands.delivery.runtime.js +1 -1
package/dist/bot-native-commands.runtime-pplrKHcn.js +13 -0
package/dist/bot-native-commands.runtime.js +1 -1
package/dist/bridge-server-Du_qnIXr.js +113 -0
package/dist/browser-cli-B2-Lzvd1.js +230 -0
package/dist/browser-cli-actions-input-ZF6YYuIY.js +473 -0
package/dist/browser-cli-actions-observe-DWLHFME1.js +81 -0
package/dist/browser-cli-bTjCd41u.js +2 -0
package/dist/browser-cli-debug-lzd4l2hl.js +137 -0
package/dist/browser-cli-inspect-C5OnFKqx.js +104 -0
package/dist/browser-cli-manage-BofwSOgU.js +443 -0
package/dist/browser-cli-resize-CLs1i6Nu.js +26 -0
package/dist/browser-cli-shared-6Jygx3GN.js +50 -0
package/dist/browser-cli-state-BdoHl8ny.js +337 -0
package/dist/browser-control-auth-DuI4vfIv.js +2 -0
package/dist/browser-profiles-DkblgTjb.js +2 -0
package/dist/browser-runtime-BiJKNDAE.js +384 -0
package/dist/build-CrC0bToI.js +257 -0
package/dist/build-info.json +3 -3
package/dist/bundled/boot-md/handler.js +2 -2
package/dist/bundled/session-memory/handler.js +1 -1
package/dist/call-24hRHHmF.d.ts +43 -0
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/capability-cli-BHlS8tBg.js +1782 -0
package/dist/channel--0fyEs0Z.d.ts +427 -0
package/dist/channel-3LWS39OW.d.ts +8 -0
package/dist/channel-46xLzWLi.d.ts +7 -0
package/dist/channel-5iqpbW6B.js +867 -0
package/dist/channel-B0pUJwQw.d.ts +47 -0
package/dist/channel-B64Sv9j5.d.ts +104 -0
package/dist/channel-B6_lte7r.d.ts +7 -0
package/dist/channel-BW3tbxJQ.js +1496 -0
package/dist/channel-BWo67yh1.js +2126 -0
package/dist/channel-BnitTtQK.d.ts +114 -0
package/dist/channel-Bs7OhCjy.d.ts +12 -0
package/dist/channel-BsDZhXfM.js +362 -0
package/dist/channel-BwPVoltV.d.ts +28 -0
package/dist/channel-C5J_H2pp.d.ts +14 -0
package/dist/channel-C95y8CWt.js +1556 -0
package/dist/channel-CHNN5Rsp.d.ts +8 -0
package/dist/channel-CKLsQEc3.d.ts +8 -0
package/dist/channel-CMKGn1i6.js +376 -0
package/dist/channel-CMUiDCTQ.js +740 -0
package/dist/channel-CNvxy1bb.js +808 -0
package/dist/channel-CQzh6Wn1.js +653 -0
package/dist/channel-CchnfGMs.js +481 -0
package/dist/channel-CjWH9zRX.js +1777 -0
package/dist/channel-CjZoZfa2.js +238 -0
package/dist/channel-DKHlpUHA.js +1134 -0
package/dist/channel-DhZvHOpE.js +562 -0
package/dist/channel-DnhG9FfT.d.ts +49 -0
package/dist/channel-DtL_IvqV.js +508 -0
package/dist/channel-DttUK_jI.d.ts +106 -0
package/dist/channel-GdNHqdaw.js +1249 -0
package/dist/channel-ISyuJyXr.d.ts +64 -0
package/dist/channel-Md2S70sE.d.ts +26 -0
package/dist/channel-YV3cL_eV.d.ts +6 -0
package/dist/channel-ZkqVX5SL.js +955 -0
package/dist/channel-actions.runtime-DYiOBQDx.js +265 -0
package/dist/channel-actions.runtime.js +1 -1
package/dist/channel-core-CiUQ9zxC.js +5 -0
package/dist/channel-core-DtLfTcqN.d.ts +6 -0
package/dist/channel-entry-contract-DetnubHE.d.ts +112 -0
package/dist/channel-inbound-Ctv6wSJ3.js +80 -0
package/dist/channel-lifecycle-DCTZ2J_8.d.ts +126 -0
package/dist/channel-pairing-pKisqGWj.d.ts +58 -0
package/dist/channel-plugin-runtime-CgGpeLjf.js +998 -0
package/dist/channel-plugin-runtime-DD65rVLo.d.ts +7 -0
package/dist/channel-runtime-CPbfvG0l.js +408 -0
package/dist/channel.runtime-5ebeoN8j.js +1008 -0
package/dist/channel.runtime-B2Olk7LG.js +4 -0
package/dist/channel.runtime-B4CnXDGx.js +652 -0
package/dist/channel.runtime-BzLoF_dR.js +21009 -0
package/dist/channel.runtime-CNCIcAd6.js +109 -0
package/dist/channel.runtime-C_--rR-H.js +88 -0
package/dist/channel.runtime-CmK77Uxp.js +254 -0
package/dist/channel.runtime-DF5K3pkO.js +2528 -0
package/dist/channel.runtime-iKNOt2eM.js +733 -0
package/dist/channel.setup-5xB5WJ_W.d.ts +7 -0
package/dist/channel.setup-BLZ5UP_C.d.ts +8 -0
package/dist/channel.setup-CxvbmJQ2.js +343 -0
package/dist/channel.setup-CzdDnMh7.js +1098 -0
package/dist/channel.setup-D5JkHqaT.d.ts +6 -0
package/dist/channel.setup-Sku9g-22.js +10 -0
package/dist/chat-BV-WLur6.js +2666 -0
package/dist/chrome-CBr1Nlj5.js +1503 -0
package/dist/cli/run-main.js +5 -5
package/dist/cli-CKbsPiKd.d.ts +20 -0
package/dist/cli-backend-RJDeltkQ.d.ts +5 -0
package/dist/cli-backend-YUvL58y6.d.ts +5 -0
package/dist/cli-compaction-CzfXx99c.js +347 -0
package/dist/cli-lsMRD5BD.js +1341 -0
package/dist/cli-metadata-Cpdwx3O7.js +22 -0
package/dist/cli-runner-DFh20BoX.js +2 -0
package/dist/cli-runner-DjgUGfBa.js +540 -0
package/dist/cli-runner.runtime-Cjd2VdQI.js +3 -0
package/dist/cli-runner.runtime-uAtVtWM7.js +4 -0
package/dist/cli-runner.runtime.js +1 -1
package/dist/cli-shared-MtcLmUBO.d.ts +20 -0
package/dist/cli-startup-metadata.json +8 -8
package/dist/client-D-yT6rne.js +650 -0
package/dist/client-adapter-PXk4JoQR.js +897 -0
package/dist/client-factory-C9zVXY0y.js +9 -0
package/dist/command-auth-PrmmYdot.js +135 -0
package/dist/command-handlers-DuHt0qVp.js +1609 -0
package/dist/command-registry-B_v8R74Z.js +4 -0
package/dist/command-registry-QvQgQxqT.js +9 -0
package/dist/command-registry-core-dLVpK66o.js +110 -0
package/dist/command-status.runtime-DM3aUyTe.js +90 -0
package/dist/command-status.runtime.js +1 -1
package/dist/commands-1BDw9uWC.d.ts +113 -0
package/dist/commands-acp-DzUZwawt.js +74 -0
package/dist/commands-compact.runtime-B6-Vv1CH.js +10 -0
package/dist/commands-compact.runtime.js +1 -1
package/dist/commands-handlers.runtime-CaTYrYbd.js +6154 -0
package/dist/commands-handlers.runtime.js +1 -1
package/dist/commands-status-NuvnoSL-.js +16 -0
package/dist/commands-status-SMWi-mj9.js +3 -0
package/dist/commands-status.runtime-SMWi-mj9.js +3 -0
package/dist/commands-status.runtime.js +1 -1
package/dist/commands-subagents-control.runtime-Cm9cxI8S.js +2 -0
package/dist/commands-subagents-control.runtime-e7gSoCXL.js +3 -0
package/dist/commands-subagents-control.runtime.js +1 -1
package/dist/commands-system-prompt-C9pVUDbu.js +162 -0
package/dist/commands-system-prompt-JP4vOPVK.js +2 -0
package/dist/commands.runtime-Dg6eg0rn.js +176 -0
package/dist/commands.runtime.js +1 -1
package/dist/commitments/runtime.js +1 -1
package/dist/compact-B2rH1SUd.js +480 -0
package/dist/compact-D80suJg8.js +1141 -0
package/dist/compact.runtime-D8nzDxmY.js +12 -0
package/dist/compact.runtime.js +1 -1
package/dist/completion-cli-DWxWi4aD.js +315 -0
package/dist/computer-use-BGvZ1YTf.js +367 -0
package/dist/config-DV-fdSq3.js +373 -0
package/dist/config-DkblgTjb.js +2 -0
package/dist/config-mutations-DsTp_oTJ.js +159 -0
package/dist/config-schema-DF9xCI2y.d.ts +20 -0
package/dist/context-engine-host-compat-BwIxzf7F.js +2 -0
package/dist/context-engine-host-compat-CXhSw3Ub.js +288 -0
package/dist/context-engine-lifecycle-CxxoOuT8.js +1274 -0
package/dist/contracts-testkit-CxpjkeIi.d.ts +145 -0
package/dist/control-auth-Bb_hAwJF.js +114 -0
package/dist/control-service-Dom28xYt.js +145 -0
package/dist/control-ui/assets/agents-rZdl7Lts.js +1008 -0
package/dist/control-ui/assets/channel-config-extras-CCwrOjtI.js +2 -0
package/dist/control-ui/assets/channels-DbqVud-e.js +367 -0
package/dist/control-ui/assets/cron-DPC-maJB.js +1013 -0
package/dist/control-ui/assets/debug-NFz52cdI.js +97 -0
package/dist/control-ui/assets/index-CEPSeBbz.css +1 -0
package/dist/control-ui/assets/index-CfhYy5M_.js +7397 -0
package/dist/control-ui/assets/instances-cSKkoQco.js +57 -0
package/dist/control-ui/assets/logs-ZV4qLYrQ.js +74 -0
package/dist/control-ui/assets/nodes-Bw1ehTX8.js +436 -0
package/dist/control-ui/assets/sessions-CSmtOkWG.js +399 -0
package/dist/control-ui/assets/skills-B55LcyYb.js +314 -0
package/dist/control-ui/assets/skills-shared-aGtbQOdv.js +11 -0
package/dist/control-ui/index.html +2 -2
package/dist/control-ui/sw.js +1 -1
package/dist/conversation-binding-runtime-BXeidhrY.js +4 -0
package/dist/conversation-runtime-Das7yftQ.js +31 -0
package/dist/core-AxrxO8_x.js +282 -0
package/dist/core-BPYelryK.d.ts +224 -0
package/dist/core-api-BL4BNR1C.js +5 -0
package/dist/core-api-Bnc3J2fe.js +2 -0
package/dist/crestodian/crestodian.js +1 -1
package/dist/crestodian/rescue-message.js +1 -1
package/dist/crestodian-CnfWHGFm.js +55 -0
package/dist/daocore-runtime-Dc0o171r.d.ts +151 -0
package/dist/daocore-tools-C1WpZGCu.js +11727 -0
package/dist/delivery--FvYHWJO.js +1002 -0
package/dist/dialogue-B40qxVGM.js +37 -0
package/dist/dir-fetch-tool-fbOAtLfN.js +565 -0
package/dist/dir-list-tool-BQ3k3hKf.js +100 -0
package/dist/direct-dm-CuNsmrdk.js +64 -0
package/dist/directive-handling.fast-lane-CQYYvYi_.js +68 -0
package/dist/directive-handling.impl-DoLFcRUI.js +2 -0
package/dist/directive-handling.impl-RsdNckR4.js +818 -0
package/dist/directive-handling.model-selection-Ad4n0BBf.js +122 -0
package/dist/directive-handling.persist.runtime-Dq8SQvB4.js +263 -0
package/dist/directive-handling.persist.runtime.js +1 -1
package/dist/dispatch-Bmw9mO6a.js +1640 -0
package/dist/dispatch-acp-transcript.runtime-B7DKK79t.js +40 -0
package/dist/dispatch-acp-transcript.runtime.js +1 -1
package/dist/dispatch-acp.runtime-cVH58wGq.js +18 -0
package/dist/dispatch-acp.runtime.js +1 -1
package/dist/doctor-HffoL5ik.js +6 -0
package/dist/doctor-Qg1Gj0PC.js +2 -0
package/dist/doctor-config-flow-Dudp0oO_.js +1741 -0
package/dist/doctor-core-checks-BTvmehLq.js +573 -0
package/dist/doctor-core-checks-CcacCMGd.js +2 -0
package/dist/doctor-health-DIu25ot8.js +65 -0
package/dist/doctor-health-contributions-ZQUAiwng.js +696 -0
package/dist/doctor-lint-C8RjoIYq.js +94 -0
package/dist/doctor-state-integrity-D5NJcM0t.js +1231 -0
package/dist/doctor-update-07o96Num.js +58 -0
package/dist/dynamic-tools-BSIfb0RP.js +486 -0
package/dist/embedded-backend-499B1IIV.js +579 -0
package/dist/embedded-gateway-stub.runtime-Bqr2Z4Co.js +12 -0
package/dist/embedded-gateway-stub.runtime.js +1 -1
package/dist/embedding-provider-4LSsOBwt.d.ts +16 -0
package/dist/embedding-provider-BCuEDQZe.d.ts +65 -0
package/dist/embedding-provider-CM81rI07.d.ts +21 -0
package/dist/entry.d.ts +1 -1
package/dist/exec-approvals-ClTqhSd7.js +149 -0
package/dist/extensionAPI.js +1 -1
package/dist/extensions/active-memory/index.d.ts +1 -1
package/dist/extensions/active-memory/index.js +1 -1
package/dist/extensions/admin-http-rpc/index.d.ts +1 -1
package/dist/extensions/admin-http-rpc/index.js +1 -1
package/dist/extensions/alibaba/index.d.ts +1 -1
package/dist/extensions/anthropic/api.d.ts +3 -3
package/dist/extensions/anthropic/cli-backend-api.d.ts +2 -2
package/dist/extensions/anthropic/cli-backend.d.ts +1 -1
package/dist/extensions/anthropic/cli-migration.d.ts +1 -1
package/dist/extensions/anthropic/cli-shared.d.ts +1 -1
package/dist/extensions/anthropic/contract-api.d.ts +1 -1
package/dist/extensions/anthropic/doctor-contract-api.d.ts +1 -1
package/dist/extensions/anthropic/index.d.ts +1 -1
package/dist/extensions/anthropic/provider-contract-api.d.ts +1 -1
package/dist/extensions/anthropic/provider-discovery.d.ts +1 -1
package/dist/extensions/anthropic/provider-policy-api.d.ts +1 -1
package/dist/extensions/anthropic/register.runtime.d.ts +1 -1
package/dist/extensions/anthropic/replay-policy.d.ts +1 -1
package/dist/extensions/anthropic/setup-api.d.ts +1 -1
package/dist/extensions/anthropic/stream-wrappers.d.ts +1 -1
package/dist/extensions/anthropic/test-api.d.ts +2 -2
package/dist/extensions/arcee/index.d.ts +1 -1
package/dist/extensions/azure-speech/index.d.ts +1 -1
package/dist/extensions/azure-speech/speech-provider.d.ts +1 -1
package/dist/extensions/bonjour/index.d.ts +1 -1
package/dist/extensions/browser/browser-bridge.js +1 -1
package/dist/extensions/browser/browser-config.js +4 -4
package/dist/extensions/browser/browser-control-auth.js +2 -2
package/dist/extensions/browser/browser-doctor.js +2 -2
package/dist/extensions/browser/browser-maintenance.js +1 -1
package/dist/extensions/browser/browser-profiles.js +2 -2
package/dist/extensions/browser/browser-runtime-api.js +11 -11
package/dist/extensions/browser/cli-metadata.d.ts +1 -1
package/dist/extensions/browser/cli-metadata.js +1 -1
package/dist/extensions/browser/index.d.ts +1 -1
package/dist/extensions/browser/index.js +1 -1
package/dist/extensions/browser/plugin-registration.d.ts +1 -1
package/dist/extensions/browser/plugin-registration.js +1 -1
package/dist/extensions/browser/register.runtime.d.ts +2 -2
package/dist/extensions/browser/register.runtime.js +4 -4
package/dist/extensions/browser/runtime-api.d.ts +3 -3
package/dist/extensions/browser/runtime-api.js +13 -13
package/dist/extensions/browser/setup-api.d.ts +1 -1
package/dist/extensions/byteplus/index.d.ts +1 -1
package/dist/extensions/byteplus/provider-discovery.d.ts +1 -1
package/dist/extensions/canvas/cli-metadata.d.ts +1 -1
package/dist/extensions/canvas/index.d.ts +1 -1
package/dist/extensions/canvas/index.js +1 -1
package/dist/extensions/canvas/runtime-api.d.ts +2 -2
package/dist/extensions/canvas/setup-api.d.ts +1 -1
package/dist/extensions/cerebras/index.d.ts +1 -1
package/dist/extensions/chutes/index.d.ts +1 -1
package/dist/extensions/clickclack/api.d.ts +2 -2
package/dist/extensions/clickclack/api.js +2 -2
package/dist/extensions/clickclack/channel-plugin-api.d.ts +1 -1
package/dist/extensions/clickclack/channel-plugin-api.js +1 -1
package/dist/extensions/clickclack/index.d.ts +2 -2
package/dist/extensions/clickclack/runtime-api.d.ts +2 -2
package/dist/extensions/clickclack/runtime-api.js +2 -2
package/dist/extensions/cloudflare-ai-gateway/index.d.ts +1 -1
package/dist/extensions/cloudflare-ai-gateway/stream-wrappers.d.ts +1 -1
package/dist/extensions/comfy/index.d.ts +1 -1
package/dist/extensions/copilot-proxy/index.d.ts +1 -1
package/dist/extensions/copilot-proxy/runtime-api.d.ts +2 -2
package/dist/extensions/deepgram/index.d.ts +1 -1
package/dist/extensions/deepgram/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/deepgram/test-api.d.ts +1 -1
package/dist/extensions/deepinfra/api.d.ts +2 -2
package/dist/extensions/deepinfra/embedding-provider.d.ts +1 -1
package/dist/extensions/deepinfra/index.d.ts +1 -1
package/dist/extensions/deepinfra/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/deepinfra/speech-provider.d.ts +1 -1
package/dist/extensions/deepseek/api.d.ts +1 -1
package/dist/extensions/deepseek/index.d.ts +1 -1
package/dist/extensions/deepseek/provider-discovery.d.ts +1 -1
package/dist/extensions/deepseek/provider-policy-api.d.ts +1 -1
package/dist/extensions/deepseek/stream.d.ts +1 -1
package/dist/extensions/deepseek/thinking.d.ts +1 -1
package/dist/extensions/device-pair/api.d.ts +3 -3
package/dist/extensions/device-pair/api.js +1 -1
package/dist/extensions/device-pair/index.d.ts +1 -1
package/dist/extensions/device-pair/notify.d.ts +1 -1
package/dist/extensions/device-pair/pair-command-approve.js +1 -1
package/dist/extensions/document-extract/index.d.ts +1 -1
package/dist/extensions/duckduckgo/index.d.ts +1 -1
package/dist/extensions/elevenlabs/index.d.ts +1 -1
package/dist/extensions/elevenlabs/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/elevenlabs/setup-api.d.ts +1 -1
package/dist/extensions/elevenlabs/speech-provider.d.ts +1 -1
package/dist/extensions/elevenlabs/test-api.d.ts +2 -2
package/dist/extensions/exa/index.d.ts +1 -1
package/dist/extensions/fal/index.d.ts +1 -1
package/dist/extensions/fal/provider-contract-api.d.ts +1 -1
package/dist/extensions/fal/provider-registration.d.ts +1 -1
package/dist/extensions/file-transfer/index.d.ts +1 -1
package/dist/extensions/file-transfer/index.js +4 -4
package/dist/extensions/firecrawl/index.d.ts +1 -1
package/dist/extensions/fireworks/index.d.ts +1 -1
package/dist/extensions/fireworks/provider-policy-api.d.ts +1 -1
package/dist/extensions/fireworks/stream.d.ts +1 -1
package/dist/extensions/fireworks/thinking-policy.d.ts +1 -1
package/dist/extensions/github-copilot/embeddings.d.ts +1 -1
package/dist/extensions/github-copilot/index.d.ts +1 -1
package/dist/extensions/github-copilot/models.d.ts +1 -1
package/dist/extensions/github-copilot/register.runtime.d.ts +2 -2
package/dist/extensions/github-copilot/stream.d.ts +1 -1
package/dist/extensions/google/api.d.ts +5 -5
package/dist/extensions/google/cli-backend.d.ts +1 -1
package/dist/extensions/google/doctor-contract-api.d.ts +1 -1
package/dist/extensions/google/embedding-batch.d.ts +1 -1
package/dist/extensions/google/embedding-provider.d.ts +1 -1
package/dist/extensions/google/gemini-cli-provider.d.ts +1 -1
package/dist/extensions/google/index.d.ts +1 -1
package/dist/extensions/google/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/google/provider-contract-api.d.ts +1 -1
package/dist/extensions/google/provider-hooks.d.ts +2 -2
package/dist/extensions/google/provider-models.d.ts +1 -1
package/dist/extensions/google/provider-policy-api.d.ts +1 -1
package/dist/extensions/google/provider-policy.d.ts +1 -1
package/dist/extensions/google/provider-registration.d.ts +1 -1
package/dist/extensions/google/realtime-voice-provider.d.ts +1 -1
package/dist/extensions/google/runtime-api.d.ts +3 -3
package/dist/extensions/google/setup-api.d.ts +1 -1
package/dist/extensions/google/speech-provider.d.ts +1 -1
package/dist/extensions/google/test-api.d.ts +2 -2
package/dist/extensions/google/thinking-api.d.ts +1 -1
package/dist/extensions/google/thinking.d.ts +1 -1
package/dist/extensions/google/transport-stream.d.ts +1 -1
package/dist/extensions/gradium/index.d.ts +1 -1
package/dist/extensions/gradium/speech-provider.d.ts +1 -1
package/dist/extensions/groq/index.d.ts +1 -1
package/dist/extensions/huggingface/index.d.ts +1 -1
package/dist/extensions/image-generation-core/api.d.ts +3 -3
package/dist/extensions/image-generation-core/runtime-api.d.ts +1 -1
package/dist/extensions/imessage/api.d.ts +2 -2
package/dist/extensions/imessage/api.js +2 -2
package/dist/extensions/imessage/channel-plugin-api.d.ts +1 -1
package/dist/extensions/imessage/channel-plugin-api.js +1 -1
package/dist/extensions/imessage/index.d.ts +2 -2
package/dist/extensions/imessage/message-tool-api.d.ts +1 -1
package/dist/extensions/imessage/runtime-api.d.ts +3 -3
package/dist/extensions/imessage/runtime-api.js +3 -3
package/dist/extensions/imessage/setup-entry.d.ts +2 -2
package/dist/extensions/imessage/test-api.d.ts +1 -1
package/dist/extensions/inworld/index.d.ts +1 -1
package/dist/extensions/inworld/speech-provider.d.ts +1 -1
package/dist/extensions/irc/api.d.ts +1 -1
package/dist/extensions/irc/api.js +2 -2
package/dist/extensions/irc/channel-plugin-api.d.ts +1 -1
package/dist/extensions/irc/channel-plugin-api.js +1 -1
package/dist/extensions/irc/index.d.ts +2 -2
package/dist/extensions/irc/setup-entry.d.ts +2 -2
package/dist/extensions/kilocode/index.d.ts +1 -1
package/dist/extensions/kimi-coding/index.d.ts +1 -1
package/dist/extensions/kimi-coding/stream.d.ts +1 -1
package/dist/extensions/litellm/index.d.ts +1 -1
package/dist/extensions/llm-task/api.d.ts +2 -2
package/dist/extensions/llm-task/index.d.ts +1 -1
package/dist/extensions/llm-task/index.js +1 -1
package/dist/extensions/lmstudio/api.d.ts +1 -1
package/dist/extensions/lmstudio/index.d.ts +1 -1
package/dist/extensions/lmstudio/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/mattermost/api.js +1 -1
package/dist/extensions/mattermost/channel-plugin-api.d.ts +2 -2
package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
package/dist/extensions/mattermost/channel-plugin-runtime.d.ts +1 -1
package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
package/dist/extensions/mattermost/index.d.ts +2 -2
package/dist/extensions/mattermost/policy-api.js +1 -1
package/dist/extensions/mattermost/runtime-api.d.ts +9 -9
package/dist/extensions/mattermost/runtime-api.js +2 -2
package/dist/extensions/mattermost/setup-entry.d.ts +2 -2
package/dist/extensions/mattermost/slash-route-api.d.ts +1 -1
package/dist/extensions/mattermost/slash-route-api.js +1 -1
package/dist/extensions/memory-core/api.d.ts +1 -1
package/dist/extensions/memory-core/cli-metadata.d.ts +1 -1
package/dist/extensions/memory-core/cli-metadata.js +1 -1
package/dist/extensions/memory-core/index.d.ts +1 -1
package/dist/extensions/memory-core/manager-runtime.d.ts +1 -1
package/dist/extensions/memory-core/runtime-api.d.ts +2 -2
package/dist/extensions/memory-wiki/api.d.ts +3 -3
package/dist/extensions/memory-wiki/cli-metadata.d.ts +1 -1
package/dist/extensions/memory-wiki/index.d.ts +1 -1
package/dist/extensions/memory-wiki/setup-api.d.ts +1 -1
package/dist/extensions/microsoft/index.d.ts +1 -1
package/dist/extensions/microsoft/speech-provider.d.ts +1 -1
package/dist/extensions/microsoft/test-api.d.ts +1 -1
package/dist/extensions/microsoft-foundry/auth.d.ts +1 -1
package/dist/extensions/microsoft-foundry/cli.d.ts +1 -1
package/dist/extensions/microsoft-foundry/index.d.ts +1 -1
package/dist/extensions/microsoft-foundry/onboard.d.ts +3 -3
package/dist/extensions/microsoft-foundry/provider.d.ts +1 -1
package/dist/extensions/microsoft-foundry/runtime.d.ts +1 -1
package/dist/extensions/microsoft-foundry/shared-runtime.d.ts +1 -1
package/dist/extensions/microsoft-foundry/shared.d.ts +1 -1
package/dist/extensions/migrate-claude/apply.d.ts +1 -1
package/dist/extensions/migrate-claude/apply.js +1 -1
package/dist/extensions/migrate-claude/config.d.ts +1 -1
package/dist/extensions/migrate-claude/helpers.d.ts +1 -1
package/dist/extensions/migrate-claude/index.d.ts +1 -1
package/dist/extensions/migrate-claude/index.js +1 -1
package/dist/extensions/migrate-claude/memory.d.ts +2 -2
package/dist/extensions/migrate-claude/plan.d.ts +1 -1
package/dist/extensions/migrate-claude/plan.js +1 -1
package/dist/extensions/migrate-claude/provider.d.ts +1 -1
package/dist/extensions/migrate-claude/provider.js +1 -1
package/dist/extensions/migrate-claude/skills.d.ts +2 -2
package/dist/extensions/migrate-claude/targets.d.ts +1 -1
package/dist/extensions/migrate-claude/targets.js +1 -1
package/dist/extensions/migrate-hermes/apply.d.ts +1 -1
package/dist/extensions/migrate-hermes/apply.js +1 -1
package/dist/extensions/migrate-hermes/config.d.ts +1 -1
package/dist/extensions/migrate-hermes/helpers.d.ts +1 -1
package/dist/extensions/migrate-hermes/index.d.ts +1 -1
package/dist/extensions/migrate-hermes/index.js +1 -1
package/dist/extensions/migrate-hermes/items.d.ts +1 -1
package/dist/extensions/migrate-hermes/model.d.ts +1 -1
package/dist/extensions/migrate-hermes/model.js +1 -1
package/dist/extensions/migrate-hermes/plan.d.ts +1 -1
package/dist/extensions/migrate-hermes/plan.js +1 -1
package/dist/extensions/migrate-hermes/provider.d.ts +1 -1
package/dist/extensions/migrate-hermes/provider.js +1 -1
package/dist/extensions/migrate-hermes/secrets.d.ts +2 -2
package/dist/extensions/migrate-hermes/secrets.js +1 -1
package/dist/extensions/migrate-hermes/skills.d.ts +2 -2
package/dist/extensions/migrate-hermes/targets.d.ts +1 -1
package/dist/extensions/migrate-hermes/targets.js +1 -1
package/dist/extensions/minimax/index.d.ts +1 -1
package/dist/extensions/minimax/provider-contract-api.d.ts +1 -1
package/dist/extensions/minimax/provider-registration.d.ts +1 -1
package/dist/extensions/minimax/speech-provider.d.ts +1 -1
package/dist/extensions/mistral/embedding-provider.d.ts +1 -1
package/dist/extensions/mistral/index.d.ts +1 -1
package/dist/extensions/mistral/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/mistral/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/mistral/test-api.d.ts +1 -1
package/dist/extensions/moonshot/index.d.ts +1 -1
package/dist/extensions/moonshot/provider-contract-api.d.ts +1 -1
package/dist/extensions/moonshot/provider-discovery.d.ts +1 -1
package/dist/extensions/nvidia/index.d.ts +1 -1
package/dist/extensions/oc-path/cli-metadata.d.ts +1 -1
package/dist/extensions/oc-path/cli-registration.d.ts +1 -1
package/dist/extensions/oc-path/index.d.ts +1 -1
package/dist/extensions/ollama/api.d.ts +1 -1
package/dist/extensions/ollama/index.d.ts +1 -1
package/dist/extensions/ollama/provider-discovery.d.ts +1 -1
package/dist/extensions/ollama/provider-policy-api.d.ts +1 -1
package/dist/extensions/ollama/runtime-api.d.ts +1 -1
package/dist/extensions/open-prose/index.d.ts +1 -1
package/dist/extensions/open-prose/runtime-api.d.ts +2 -2
package/dist/extensions/openai/api.d.ts +4 -4
package/dist/extensions/openai/embedding-batch.d.ts +1 -1
package/dist/extensions/openai/embedding-provider.d.ts +1 -1
package/dist/extensions/openai/index.d.ts +1 -1
package/dist/extensions/openai/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/openai/openai-codex-oauth.runtime.d.ts +1 -1
package/dist/extensions/openai/openai-codex-provider.d.ts +1 -1
package/dist/extensions/openai/openai-provider.d.ts +1 -1
package/dist/extensions/openai/prompt-overlay.d.ts +1 -1
package/dist/extensions/openai/provider-contract-api.d.ts +1 -1
package/dist/extensions/openai/provider-policy-api.d.ts +1 -1
package/dist/extensions/openai/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/openai/realtime-voice-provider.d.ts +1 -1
package/dist/extensions/openai/register.runtime.d.ts +6 -6
package/dist/extensions/openai/replay-policy.d.ts +1 -1
package/dist/extensions/openai/setup-api.d.ts +1 -1
package/dist/extensions/openai/shared.d.ts +3 -3
package/dist/extensions/openai/speech-provider.d.ts +1 -1
package/dist/extensions/openai/test-api.d.ts +3 -3
package/dist/extensions/openai/thinking-policy.d.ts +1 -1
package/dist/extensions/openai/transport-policy.d.ts +1 -1
package/dist/extensions/opencode/index.d.ts +1 -1
package/dist/extensions/opencode/provider-policy-api.d.ts +1 -1
package/dist/extensions/opencode-go/index.d.ts +1 -1
package/dist/extensions/opencode-go/provider-catalog.d.ts +1 -1
package/dist/extensions/opencode-go/stream.d.ts +1 -1
package/dist/extensions/openrouter/api.d.ts +1 -1
package/dist/extensions/openrouter/index.d.ts +1 -1
package/dist/extensions/openrouter/provider-contract-api.d.ts +1 -1
package/dist/extensions/openrouter/provider-policy-api.d.ts +1 -1
package/dist/extensions/openrouter/speech-provider.d.ts +1 -1
package/dist/extensions/openrouter/stream.d.ts +1 -1
package/dist/extensions/openrouter/test-api.d.ts +1 -1
package/dist/extensions/openrouter/thinking-policy.d.ts +1 -1
package/dist/extensions/openrouter/video-generation-provider.d.ts +1 -1
package/dist/extensions/openrouter/video-model-catalog.d.ts +1 -1
package/dist/extensions/perplexity/index.d.ts +1 -1
package/dist/extensions/phone-control/index.d.ts +1 -1
package/dist/extensions/phone-control/runtime-api.d.ts +2 -2
package/dist/extensions/policy/api.js +1 -1
package/dist/extensions/policy/index.d.ts +1 -1
package/dist/extensions/policy/index.js +2 -2
package/dist/extensions/qianfan/index.d.ts +1 -1
package/dist/extensions/qwen/api.d.ts +1 -1
package/dist/extensions/qwen/index.d.ts +1 -1
package/dist/extensions/qwen/stream.d.ts +1 -1
package/dist/extensions/runway/index.d.ts +1 -1
package/dist/extensions/searxng/index.d.ts +1 -1
package/dist/extensions/senseaudio/index.d.ts +1 -1
package/dist/extensions/sglang/index.d.ts +1 -1
package/dist/extensions/signal/api.d.ts +3 -3
package/dist/extensions/signal/api.js +6 -6
package/dist/extensions/signal/channel-entry.d.ts +2 -2
package/dist/extensions/signal/channel-plugin-api.d.ts +1 -1
package/dist/extensions/signal/channel-plugin-api.js +1 -1
package/dist/extensions/signal/index.d.ts +2 -2
package/dist/extensions/signal/reaction-runtime-api.js +1 -1
package/dist/extensions/signal/runtime-api.d.ts +6 -6
package/dist/extensions/signal/runtime-api.js +7 -7
package/dist/extensions/signal/setup-entry.d.ts +2 -2
package/dist/extensions/skill-workshop/api.d.ts +2 -2
package/dist/extensions/skill-workshop/api.js +1 -1
package/dist/extensions/skill-workshop/index.d.ts +1 -1
package/dist/extensions/skill-workshop/index.js +2 -2
package/dist/extensions/speech-core/api.d.ts +3 -3
package/dist/extensions/speech-core/runtime-api.d.ts +2 -2
package/dist/extensions/stepfun/index.d.ts +1 -1
package/dist/extensions/synthetic/index.d.ts +1 -1
package/dist/extensions/talk-voice/api.d.ts +2 -2
package/dist/extensions/talk-voice/index.d.ts +1 -1
package/dist/extensions/tavily/index.d.ts +1 -1
package/dist/extensions/telegram/account-inspect-api.js +1 -1
package/dist/extensions/telegram/api.d.ts +4 -4
package/dist/extensions/telegram/api.js +11 -11
package/dist/extensions/telegram/channel-plugin-api.d.ts +2 -2
package/dist/extensions/telegram/channel-plugin-api.js +2 -2
package/dist/extensions/telegram/contract-api.d.ts +1 -1
package/dist/extensions/telegram/contract-api.js +3 -3
package/dist/extensions/telegram/index.d.ts +2 -2
package/dist/extensions/telegram/runtime-api.d.ts +3 -3
package/dist/extensions/telegram/runtime-api.js +7 -7
package/dist/extensions/telegram/security-audit-contract-api.js +1 -1
package/dist/extensions/telegram/setup-entry.d.ts +2 -2
package/dist/extensions/telegram/setup-plugin-api.d.ts +1 -1
package/dist/extensions/telegram/setup-plugin-api.js +1 -1
package/dist/extensions/telegram/test-api.js +2 -2
package/dist/extensions/tencent/index.d.ts +1 -1
package/dist/extensions/tencent/provider-discovery.d.ts +1 -1
package/dist/extensions/thread-ownership/api.d.ts +2 -2
package/dist/extensions/thread-ownership/index.d.ts +1 -1
package/dist/extensions/together/index.d.ts +1 -1
package/dist/extensions/tokenjuice/index.d.ts +1 -1
package/dist/extensions/tokenjuice/tool-result-middleware.d.ts +1 -1
package/dist/extensions/tts-local-cli/index.d.ts +1 -1
package/dist/extensions/tts-local-cli/speech-provider.d.ts +1 -1
package/dist/extensions/venice/index.d.ts +1 -1
package/dist/extensions/venice/stream.d.ts +1 -1
package/dist/extensions/vercel-ai-gateway/index.d.ts +1 -1
package/dist/extensions/vercel-ai-gateway/thinking.d.ts +1 -1
package/dist/extensions/video-generation-core/api.d.ts +2 -2
package/dist/extensions/video-generation-core/runtime-api.d.ts +1 -1
package/dist/extensions/vllm/api.d.ts +1 -1
package/dist/extensions/vllm/index.d.ts +1 -1
package/dist/extensions/vllm/stream.d.ts +1 -1
package/dist/extensions/volcengine/index.d.ts +1 -1
package/dist/extensions/volcengine/provider-discovery.d.ts +1 -1
package/dist/extensions/volcengine/speech-provider.d.ts +1 -1
package/dist/extensions/voyage/embedding-batch.d.ts +1 -1
package/dist/extensions/voyage/embedding-provider.d.ts +1 -1
package/dist/extensions/voyage/index.d.ts +1 -1
package/dist/extensions/voyage/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/vydra/index.d.ts +1 -1
package/dist/extensions/vydra/speech-provider.d.ts +1 -1
package/dist/extensions/web-readability/index.d.ts +1 -1
package/dist/extensions/webhooks/api.d.ts +2 -2
package/dist/extensions/webhooks/api.js +1 -1
package/dist/extensions/webhooks/index.d.ts +1 -1
package/dist/extensions/webhooks/index.js +1 -1
package/dist/extensions/webhooks/runtime-api.d.ts +2 -2
package/dist/extensions/xai/api.d.ts +1 -1
package/dist/extensions/xai/index.d.ts +1 -1
package/dist/extensions/xai/index.js +4 -4
package/dist/extensions/xai/provider-contract-api.d.ts +1 -1
package/dist/extensions/xai/provider-discovery.d.ts +1 -1
package/dist/extensions/xai/provider-models.d.ts +1 -1
package/dist/extensions/xai/provider-policy-api.d.ts +1 -1
package/dist/extensions/xai/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/xai/realtime-transcription-provider.js +1 -1
package/dist/extensions/xai/setup-api.d.ts +1 -1
package/dist/extensions/xai/speech-provider.d.ts +1 -1
package/dist/extensions/xai/speech-provider.js +1 -1
package/dist/extensions/xai/stream.d.ts +1 -1
package/dist/extensions/xai/test-api.js +1 -1
package/dist/extensions/xai/tts.js +1 -1
package/dist/extensions/xai/web-search.js +1 -1
package/dist/extensions/xai/xai-oauth.d.ts +1 -1
package/dist/extensions/xai/xai-oauth.js +1 -1
package/dist/extensions/xiaomi/index.d.ts +1 -1
package/dist/extensions/xiaomi/speech-provider.d.ts +1 -1
package/dist/extensions/xiaomi/stream.d.ts +1 -1
package/dist/extensions/xiaomi/thinking.d.ts +1 -1
package/dist/extensions/zai/index.d.ts +1 -1
package/dist/file-fetch-tool-CJu8umi9.js +124 -0
package/dist/file-write-tool-Dz49CI0K.js +127 -0
package/dist/format-DBhooCE7.js +1145 -0
package/dist/format-DCronAhx.js +250 -0
package/dist/gateway/protocol/index.d.ts +1 -1
package/dist/gateway-cli-D21vxek0.js +435 -0
package/dist/gateway-method-runtime-qsRZHdfx.js +21 -0
package/dist/gateway-runtime-CWc-bhhM.d.ts +163 -0
package/dist/gemini-cli-provider-BZu6GiCY.d.ts +6 -0
package/dist/get-reply-D140C4TM.js +4689 -0
package/dist/get-reply-from-config.runtime-CaM7M0Zp.js +2 -0
package/dist/get-reply-from-config.runtime.js +1 -1
package/dist/graph-users-cBY7anTM.js +1419 -0
package/dist/group-access-CZOQhsjs.js +112 -0
package/dist/group-keys-B_lbVBmI.d.ts +17 -0
package/dist/handle-action.guild-admin-DjuZqjM2.js +288 -0
package/dist/harness-XL58LNpX.js +61 -0
package/dist/health-CFPXXpFW.js +4 -0
package/dist/health-state-Bp0DOLCD.js +106 -0
package/dist/heartbeat-runner-D_o-itnk.js +5 -0
package/dist/heartbeat-runner.runtime-CPVGa3Gd.js +4 -0
package/dist/heartbeat-runner.runtime.js +1 -1
package/dist/hook-runtime-UU80d5qW.d.ts +108 -0
package/dist/hooks-Bx3n6o-5.js +534 -0
package/dist/http-registry-C-f7vW7S.d.ts +23 -0
package/dist/image-generation-runtime-B0b6G2RS.d.ts +21 -0
package/dist/inbound-direct-dm-runtime-6nIJyODo.js +2 -0
package/dist/inbound-reply-dispatch-CoeXQvL6.js +148 -0
package/dist/index-DHa4gPIE.d.ts +3971 -0
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -1
package/dist/init-C8Yc8LlO.js +59 -0
package/dist/inline-buttons-BMPhhfsN.js +40 -0
package/dist/interactive-dispatch-CatcTBqB.d.ts +56 -0
package/dist/interactive-dispatch-G7B0ncTk.d.ts +143 -0
package/dist/internal-events-BS1EMi0C.js +90 -0
package/dist/isolated-agent-Ct_AYfLb.js +2 -0
package/dist/isolated-agent-DxVGoLjs.js +1118 -0
package/dist/lifecycle-CGcqxM3V.js +571 -0
package/dist/list.probe-R_AqbwD1.js +449 -0
package/dist/list.status-command-DcaLppGJ.js +789 -0
package/dist/llm-slug-generator-Bz1MaPt1.js +78 -0
package/dist/llm-slug-generator.js +1 -1
package/dist/loader-BJVKYh6Z.d.ts +142 -0
package/dist/local-dispatch.runtime-DnXAlwr7.js +9 -0
package/dist/local-dispatch.runtime.js +1 -1
package/dist/manager-CFz9NSyI.d.ts +356 -0
package/dist/manager-D058VQAp.d.ts +10 -0
package/dist/manager.core-DKeUsAcV.d.ts +198 -0
package/dist/manager.runtime-1A0jFsbF.js +2714 -0
package/dist/manager.runtime.js +1 -1
package/dist/markdown-to-line-Gq4y1nH-.js +811 -0
package/dist/mcp-http-BMgo3eu6.js +2 -0
package/dist/mcp-http-BdgsyrHJ.js +555 -0
package/dist/media-understanding-provider-CYrAwQ2G.js +339 -0
package/dist/memory-core-host-engine-storage-8GfNNp0q.d.ts +54 -0
package/dist/memory-embedding-adapter-BLsukxSv.d.ts +5 -0
package/dist/message-actions-DoFxM22K.js +145 -0
package/dist/message-handler-CEvRtI9d.js +384 -0
package/dist/message-handler-CJclaiC-.js +1715 -0
package/dist/message-handler.preflight-DDVS50X3.js +1125 -0
package/dist/message-handler.process-BuFXf8os.js +1484 -0
package/dist/migration-BA6knKch.d.ts +45 -0
package/dist/model-BqQrUk9a.js +74 -0
package/dist/model-Rs0v9Ssn.d.ts +33 -0
package/dist/model-selection-2Lm1qMLE.js +272 -0
package/dist/models-Bh-JhaPe.d.ts +24 -0
package/dist/models-BjMdWXf2.js +104 -0
package/dist/models-cli-RRK90p8k.js +256 -0
package/dist/models-wWhwx_am.js +2 -0
package/dist/monitor-C7VAs-uK.js +834 -0
package/dist/monitor-CezSJDeG.js +60 -0
package/dist/monitor-Cnzchc9n.js +2788 -0
package/dist/monitor-Dcvw55ky.js +4377 -0
package/dist/monitor-DuxFMl7d.js +715 -0
package/dist/monitor-DxrfxRZL.js +2 -0
package/dist/monitor-auth-UPQgTP9Y.js +179 -0
package/dist/monitor-fYdQKsGp.js +1370 -0
package/dist/monitor-polling.runtime-Db4NoLLg.js +883 -0
package/dist/monitor-polling.runtime.js +1 -1
package/dist/monitor-wcLtLTfx.js +1657 -0
package/dist/monitor-webhook.runtime-DAr7kRbV.js +387 -0
package/dist/monitor-webhook.runtime.js +1 -1
package/dist/monitor.account-C1mUBkKA.js +5233 -0
package/dist/monitor.runtime-Bqj8vHGY.js +2 -0
package/dist/monitor.runtime.js +1 -1
package/dist/monitor.webhook-Ir3T5B1s.js +180 -0
package/dist/node-cli-sessions-MBQKJyrs.js +1228 -0
package/dist/openai-codex-provider-DZtIqtWp.d.ts +5 -0
package/dist/openai-http-9jmQ2o9Z.js +824 -0
package/dist/openai-provider-Bw9Kco5z.d.ts +5 -0
package/dist/openresponses-http-C3-s16Dp.js +1173 -0
package/dist/operations-C1hhf_yC.js +805 -0
package/dist/outbound-adapter-C5zBbuVO.js +543 -0
package/dist/outbound-session-route-Bq_utu59.js +45 -0
package/dist/outbound.runtime-QHoe8EWX.js +2 -0
package/dist/outbound.runtime.js +1 -1
package/dist/pairing-store-C-WQTUHq.d.ts +87 -0
package/dist/pi-embedded-6xH25qP-.js +4 -0
package/dist/pi-embedded-CkcV64LR.js +3796 -0
package/dist/pi-embedded.runtime-CKpyReN5.js +4 -0
package/dist/pi-embedded.runtime.js +1 -1
package/dist/pi-tools-BbGodehg.js +2413 -0
package/dist/plan-B_EcRdNP.js +112 -0
package/dist/plan-DmMZJkHt.js +81 -0
package/dist/plugin-CRo2OGWn.d.ts +17 -0
package/dist/plugin-CjfnnqXb.js +12396 -0
package/dist/plugin-app-cache-key-Dak7S3ax.js +46 -0
package/dist/plugin-enabled-B9wCs568.js +233 -0
package/dist/plugin-entry-CNChDSoJ.d.ts +47 -0
package/dist/plugin-registration-B3AVf0Xj.js +88 -0
package/dist/plugin-runtime-DiLQGuwa.d.ts +117 -0
package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
package/dist/plugin-sdk/acp-runtime-backend.js +1 -1
package/dist/plugin-sdk/acp-runtime.js +2 -2
package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
package/dist/plugin-sdk/agent-harness-task-runtime.js +1 -1
package/dist/plugin-sdk/agent-harness.js +7 -7
package/dist/plugin-sdk/agent-runtime.js +2 -2
package/dist/plugin-sdk/channel-core.js +2 -2
package/dist/plugin-sdk/channel-inbound.js +2 -2
package/dist/plugin-sdk/channel-test-helpers.js +1 -1
package/dist/plugin-sdk/command-auth.js +1 -1
package/dist/plugin-sdk/command-status-runtime.js +1 -1
package/dist/plugin-sdk/compat.js +1 -1
package/dist/plugin-sdk/conversation-binding-runtime.js +2 -2
package/dist/plugin-sdk/conversation-runtime.js +3 -3
package/dist/plugin-sdk/core.js +2 -2
package/dist/plugin-sdk/direct-dm.js +1 -1
package/dist/plugin-sdk/gateway-method-runtime.js +1 -1
package/dist/plugin-sdk/health.js +2 -2
package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
package/dist/plugin-sdk/index.js +1 -1
package/dist/plugin-sdk/mattermost.js +1 -1
package/dist/plugin-sdk/plugin-test-contracts.js +2 -2
package/dist/plugin-sdk/provider-test-contracts.js +4 -4
package/dist/plugin-sdk/reply-runtime.js +4 -4
package/dist/plugin-sdk/testing.js +2 -2
package/dist/plugin-sdk/zalouser.js +1 -1
package/dist/plugin-service-C2toP50L.js +1229 -0
package/dist/plugin-service-kXFyBhRs.d.ts +24 -0
package/dist/plugins/build-smoke-entry.d.ts +2 -2
package/dist/plugins/loader.d.ts +1 -1
package/dist/plugins/provider-discovery.runtime.d.ts +1 -1
package/dist/plugins/provider-runtime.runtime.d.ts +1 -1
package/dist/plugins/runtime/index.js +4 -4
package/dist/policy-B5jHUD04.js +138 -0
package/dist/policy-C7_EFtGD.js +680 -0
package/dist/postinstall-inventory.json +11605 -0
package/dist/prepare.runtime-C41yGgw-.js +732 -0
package/dist/prepare.runtime.js +1 -1
package/dist/preview-warnings-rfGY8dVy.js +392 -0
package/dist/probe-B0eSVoSm.js +682 -0
package/dist/probe-CqAGxL6l.js +2 -0
package/dist/probe-DFyoiqiI.js +2204 -0
package/dist/probe-hR0HWnET.js +47 -0
package/dist/program-CD73-5Xj.js +131 -0
package/dist/prompt-overlay-DbcpIMys.d.ts +23 -0
package/dist/provider-B0ujadL5.js +32 -0
package/dist/provider-BxR_JJXW.js +152 -0
package/dist/provider-C9mKa8qP.js +32 -0
package/dist/provider-DbGPdInL.js +8735 -0
package/dist/provider-api-key-auth-D8y4IlQj.d.ts +27 -0
package/dist/provider-auth-result-C0xaSYib.d.ts +21 -0
package/dist/provider-catalog-runtime-BAWG7LRX.d.ts +23 -0
package/dist/provider-catalog-shared-CkBOptdy.d.ts +62 -0
package/dist/provider-dispatcher-CGPKPaP5.js +22 -0
package/dist/provider-dispatcher.runtime.js +1 -1
package/dist/provider-hook-runtime-BSZZzyNg.d.ts +61 -0
package/dist/provider-model-shared-Bf1xeD3V.d.ts +143 -0
package/dist/provider-models-CFchbjnP.d.ts +12 -0
package/dist/provider-policy-9ahu-lZj.d.ts +30 -0
package/dist/provider-registration-DoH64sSM.d.ts +6 -0
package/dist/provider-registry-DRcr5Rk_.d.ts +30 -0
package/dist/provider-registry-GxzxXrUl.d.ts +8 -0
package/dist/provider-registry-h0Gq6GFZ.d.ts +8 -0
package/dist/provider-runtime-DzGUKscG.d.ts +359 -0
package/dist/provider-self-hosted-setup-Cw0BFbDy.d.ts +74 -0
package/dist/provider-session.runtime-DKkydJWv.js +9 -0
package/dist/provider-session.runtime.js +1 -1
package/dist/provider-stream-BYhKmNRY.d.ts +140 -0
package/dist/provider-stream-shared-BTB7F_lR.d.ts +128 -0
package/dist/provider.runtime-ChrWUTdG.js +2 -0
package/dist/provider.runtime.js +1 -1
package/dist/providers.runtime-B4a_NP7Y.d.ts +25 -0
package/dist/public-surface-loader-CMOWVmyY.js +114 -0
package/dist/pw-ai-mygsAPX7.js +3029 -0
package/dist/pw-role-snapshot-7_IMuYRR.js +333 -0
package/dist/reaction-level-DFUu127f.js +19 -0
package/dist/reaction-runtime-api-6LQnr6q_.js +116 -0
package/dist/realtime-transcription-BhJ77lrq.d.ts +43 -0
package/dist/realtime-transcription-provider-BMWPW_6Z.d.ts +5 -0
package/dist/realtime-transcription-provider-Bv1kN38x.d.ts +28 -0
package/dist/realtime-transcription-provider-DbAynqNd.d.ts +32 -0
package/dist/realtime-transcription-provider-Dt5A6YcK.d.ts +37 -0
package/dist/realtime-transcription-provider-LrzigbIT.js +205 -0
package/dist/realtime-voice-C3a4duUD.d.ts +333 -0
package/dist/realtime-voice-provider-DGsBjyx0.d.ts +5 -0
package/dist/register-B9TeJvXU.js +2178 -0
package/dist/register.agent-o9BDHbH2.js +156 -0
package/dist/register.crestodian-BOUP_Pon.js +24 -0
package/dist/register.maintenance-BC83-YdR.js +83 -0
package/dist/register.runtime-DSHYrjtd.js +54 -0
package/dist/register.runtime-DoQkvWI5.d.ts +6 -0
package/dist/register.status-health-sessions-BrkNpe59.js +282 -0
package/dist/register.subclis-BS5Lj5wU.js +3 -0
package/dist/register.subclis-QQq9COp0.js +31 -0
package/dist/register.subclis-core-DnNechJo.js +273 -0
package/dist/registry-DYuSEmnv.d.ts +91 -0
package/dist/registry-types-AT--lk_g.d.ts +392 -0
package/dist/repair-sequencing-CqjW4_hd.js +640 -0
package/dist/reply-delivery-KRwW1tqL.js +196 -0
package/dist/reply-runtime-DuaOZ9MH.d.ts +34 -0
package/dist/reply-runtime-SSrAwVeQ.js +11 -0
package/dist/reply.runtime-CaM7M0Zp.js +2 -0
package/dist/reply.runtime.js +1 -1
package/dist/request-CatWtIoq.js +54 -0
package/dist/resolve-allowlist-Dxe9wc_Y.js +220 -0
package/dist/result-fallback-classifier-B3kvqc2o.js +79 -0
package/dist/route-BPWKlRDB.js +469 -0
package/dist/route-resolution-BhkvdIUP.js +274 -0
package/dist/routes-BOmtNSeT.js +2 -0
package/dist/routes-Cr9bRW8t.js +3602 -0
package/dist/run-attempt-DWBeHRdc.js +7704 -0
package/dist/run-command-DNNFNkbv.js +23 -0
package/dist/run-command-Kp7LWkQv.js +2 -0
package/dist/run-embedded.runtime-BxV8m38U.js +4 -0
package/dist/run-embedded.runtime.js +1 -1
package/dist/run-execution-cli.runtime-B9I1oAEO.js +4 -0
package/dist/run-execution-cli.runtime.js +1 -1
package/dist/run-executor.runtime.js +1 -1
package/dist/run-subagent-registry.runtime-BIsbEmUD.js +2 -0
package/dist/run-subagent-registry.runtime.js +1 -1
package/dist/run-vAv9-st8.js +1162 -0
package/dist/runtime-3PDZU_1b.d.ts +17 -0
package/dist/runtime-BXJM8M8F.js +1287 -0
package/dist/runtime-BodO4UZT.js +438 -0
package/dist/runtime-C_5j10Cp.js +6179 -0
package/dist/runtime-api-9CEihqK3.d.ts +3151 -0
package/dist/runtime-api-BbNLHCZ5.js +24 -0
package/dist/runtime-api-HUquGiJa.js +4 -0
package/dist/runtime-api-I6ur4A1S.js +17 -0
package/dist/runtime-api-MQL0v6n2.js +13 -0
package/dist/runtime-api-a340pYdX.js +13 -0
package/dist/runtime-api-g_pGO9f3.js +21 -0
package/dist/runtime-api-hLSYbpGH.js +3 -0
package/dist/runtime-api.actions-Blt2bAHw.d.ts +23 -0
package/dist/runtime-api.actions-CawQ9WKM.js +3 -0
package/dist/runtime-api.monitor-DN3P4USq.js +6 -0
package/dist/runtime-api.send-BIA6QfVI.js +4 -0
package/dist/runtime-api.send-BygcWA7R.d.ts +38 -0
package/dist/runtime-api.threads-DYnc3Jvu.js +2 -0
package/dist/runtime-channel-CYlRNrxR.js +150 -0
package/dist/runtime-channel-Ci0dC0Tq.js +2 -0
package/dist/runtime-doctor-DVYwKwIT.d.ts +47 -0
package/dist/runtime-embedded-pi.runtime-Wc_lZOzO.js +2 -0
package/dist/runtime-embedded-pi.runtime.js +1 -1
package/dist/runtime-taskflow-D2uXlHq-.d.ts +435 -0
package/dist/sanitize-outbound-BFrYI8F4.js +127 -0
package/dist/sdk-setup-tools-DLjnnh3Y.js +8 -0
package/dist/secrets-DibHCqDz.js +113 -0
package/dist/security-audit-CyMhUYN9.js +122 -0
package/dist/security-audit-DAk0I2g8.js +118 -0
package/dist/security-audit.runtime-DtdxZcEG.js +2 -0
package/dist/security-audit.runtime.js +1 -1
package/dist/selection-BJ2yQ0yh.js +16157 -0
package/dist/selection-CJ3YNIjG.js +3 -0
package/dist/send-Ar9e_pA3.js +1631 -0
package/dist/send-BETlETJ5.d.ts +231 -0
package/dist/send-BN-3u18j.js +2 -0
package/dist/send-BYlEXkEO.js +143 -0
package/dist/send-BusufuyP.js +192 -0
package/dist/send-CpcmWYrM.d.ts +104 -0
package/dist/send.components-C3FzEyYz.js +500 -0
package/dist/send.components-CMi7rcIs.js +2 -0
package/dist/send.runtime-D-nw3p-S.js +2 -0
package/dist/send.runtime.js +1 -1
package/dist/send.types-D_3tsfSL.d.ts +159 -0
package/dist/server-CJVI2gjZ.js +24 -0
package/dist/server-DZl7k4VX.js +73 -0
package/dist/server-close.runtime.d.ts +1 -1
package/dist/server-close.runtime.js +1 -1
package/dist/server-context-BAAz3W-8.js +2 -0
package/dist/server-context-BLrLchWj.js +955 -0
package/dist/server-cron-CiyrI-WY.js +2 -0
package/dist/server-cron-CzhteL8F.js +2989 -0
package/dist/server-maintenance-CDfLZpYN.js +167 -0
package/dist/server-methods-DQ0gaIXu.js +16494 -0
package/dist/server-node-events-D1TywtBI.js +596 -0
package/dist/server-plugin-bootstrap-ByEZkPkc.js +70 -0
package/dist/server-plugins-BVVgDSdq.d.ts +1 -0
package/dist/server-plugins-CEZ-W7dG.js +432 -0
package/dist/server-reload-handlers-DDXJwZWE.js +714 -0
package/dist/server-restart-sentinel-C9l1iG1h.js +747 -0
package/dist/server-restart-sentinel-CyweyjEa.js +2 -0
package/dist/server-runtime-services-BQ08Hyco.js +2 -0
package/dist/server-runtime-services-BjKoAkjM.js +267 -0
package/dist/server-startup-early-Ctjir66B.js +87 -0
package/dist/server-startup-plugins-C_Y62xZe.js +113 -0
package/dist/server-startup-post-attach-DCAmn6Ct.js +716 -0
package/dist/server-ws-runtime-CvN63X_w.js +349 -0
package/dist/server.impl-yHI7jtXF.js +2586 -0
package/dist/service-mHxeSPC2.js +1446 -0
package/dist/session-binding-DtmTypDj.js +2 -0
package/dist/session-binding-xtRKSQOW.js +219 -0
package/dist/session-kill-http-GnTgzcvZ.js +121 -0
package/dist/session-reset-service-Bw6li9Te.js +625 -0
package/dist/session-route-D-PISLLo.js +93 -0
package/dist/session-status.runtime-jiGvxIDK.js +2 -0
package/dist/session-status.runtime.js +1 -1
package/dist/session-subagent-reactivation.runtime-B9QimjvS.js +2 -0
package/dist/session-subagent-reactivation.runtime.js +1 -1
package/dist/session-tab-registry-BoqXuTYc.js +521 -0
package/dist/sessions-history-http-CG934aaV.js +430 -0
package/dist/sessions.runtime-Cl91aZ2M.js +2 -0
package/dist/sessions.runtime.js +1 -1
package/dist/setup-api-DAqXqbGP.js +29 -0
package/dist/setup-core-Czt7XqlN.js +174 -0
package/dist/setup-surface-CHETBocT.js +405 -0
package/dist/setup-surface-CVtEDUic.js +320 -0
package/dist/setup-surface-YW9INYKN.js +288 -0
package/dist/setup-surface-utUyMdYz.js +221 -0
package/dist/shared-DwZ1ZQM4.js +121 -0
package/dist/shared-GqViLLMZ.d.ts +115 -0
package/dist/shared-client-B2kMpTHH.js +2 -0
package/dist/shared-client-DHJbz0yn.js +629 -0
package/dist/side-question-Dlr5pcZK.js +683 -0
package/dist/simple-completion-runtime-C2XB3FmU.d.ts +73 -0
package/dist/skill-tool-dispatch.runtime-CbDumhVh.js +143 -0
package/dist/skill-tool-dispatch.runtime.js +1 -1
package/dist/slash-state-BxzZ0Rmv.js +2166 -0
package/dist/speech-7OMUxiIh.d.ts +47 -0
package/dist/speech-core-B6S8VB5i.d.ts +36 -0
package/dist/speech-provider-BBcUtfUo.d.ts +5 -0
package/dist/speech-provider-BGqwbIux.d.ts +5 -0
package/dist/speech-provider-INk_7d-9.js +184 -0
package/dist/speech-provider-R9UJY1Js.d.ts +34 -0
package/dist/speech-provider-bhRtaJRp.d.ts +5 -0
package/dist/speech-provider-e9FgZG5q.d.ts +8 -0
package/dist/speech-provider-ezhJhCLg.d.ts +8 -0
package/dist/src-DAMtNlRl.js +4256 -0
package/dist/startup-context-DhSjA04E.js +313 -0
package/dist/status-CHChLqRH.js +3 -0
package/dist/status-OYJF7NHg.js +4 -0
package/dist/status-all-CSz2mOkm.js +573 -0
package/dist/status-json-B5iKxsPt.js +14 -0
package/dist/status-json-command-B7mD_HM0.js +84 -0
package/dist/status-runtime-shared-tJ5_gXDE.js +283 -0
package/dist/status-subagents.runtime-UViaj6fy.js +18 -0
package/dist/status-subagents.runtime.js +1 -1
package/dist/status-text-D4yQvJnW.js +296 -0
package/dist/status.command-29iMh5b8.js +420 -0
package/dist/status.command-cDrXztZ4.js +2 -0
package/dist/status.command.text-runtime-CJLiLlec.js +15 -0
package/dist/status.scan-BnCyO_-1.js +68 -0
package/dist/status.scan-overview-8jfuH7wl.js +444 -0
package/dist/status.scan.fast-json-CyqrMrI6.js +2 -0
package/dist/status.scan.fast-json-D0y03alo.js +127 -0
package/dist/status.scan.runtime-DGbNNELT.js +479 -0
package/dist/status.scan.runtime.js +1 -1
package/dist/status.update-C6moG8hY.js +2 -0
package/dist/status.update-Ch-d2YqJ.js +86 -0
package/dist/sticker-cache-CpE2UF0o.js +206 -0
package/dist/sticker-vision.runtime-C5lk740o.js +17 -0
package/dist/sticker-vision.runtime.js +1 -1
package/dist/stream--10cWdms.d.ts +19 -0
package/dist/stream-DCkBlJ0J.d.ts +5 -0
package/dist/stream-DmAKFkMw.d.ts +10 -0
package/dist/stream-J3KcbKrN.d.ts +120 -0
package/dist/stream-lEQ5UjYs.d.ts +16 -0
package/dist/stream-wrappers-CVukBdTu.d.ts +21 -0
package/dist/subagent-announce-DDensDxS.js +354 -0
package/dist/subagent-announce-delivery-16skgjOt.js +958 -0
package/dist/subagent-control-C2SGCamc.js +508 -0
package/dist/subagent-hooks-BqabvLsv.js +2 -0
package/dist/subagent-hooks-CGeDwTHC.js +2 -0
package/dist/subagent-hooks-CR0M3L4o.js +146 -0
package/dist/subagent-hooks-Dw9C-nUM.js +2 -0
package/dist/subagent-hooks-api-B03j55PK.js +22 -0
package/dist/subagent-hooks-api-B2i15coF.js +23 -0
package/dist/subagent-hooks-api-BcopR7NZ.js +23 -0
package/dist/subagent-hooks-eOUaLnxx.js +116 -0
package/dist/subagent-hooks-l4-8TBr2.js +230 -0
package/dist/subagent-orphan-recovery-CytpmJnf.js +352 -0
package/dist/subagent-registry-BVVgDSdq.d.ts +1 -0
package/dist/subagent-registry-DTDYUst1.js +2351 -0
package/dist/subagent-registry-kGjRY7OP.js +3 -0
package/dist/subagent-registry-read-BVVgDSdq.d.ts +1 -0
package/dist/subagent-registry.runtime.js +1 -1
package/dist/subagent-session-cleanup-C7MqSx3u.js +525 -0
package/dist/subagent-spawn-DuLVHzht.js +1164 -0
package/dist/target-id-BqKER5JR.js +107 -0
package/dist/targets-BHzDWL_b.d.ts +10 -0
package/dist/targets-DF2oAxk4.d.ts +10 -0
package/dist/targets-DYNDWy1s.js +44 -0
package/dist/targets-DuRWAuVM.js +19 -0
package/dist/targets-aaR2Mlk_.js +19 -0
package/dist/task-registry-control.runtime.d.ts +1 -1
package/dist/task-registry-control.runtime.js +1 -1
package/dist/telegram/token.js +1 -1
package/dist/testing-7ayMtB6I.js +267 -0
package/dist/text-report-E0TZg1LV.js +695 -0
package/dist/thinking-policy-CuUnQ8Ii.d.ts +5 -0
package/dist/thread-bindings-BzpAXUwZ.js +232 -0
package/dist/thread-bindings-Cu4J90KY.js +8 -0
package/dist/thread-bindings-D5o9c3aE.js +228 -0
package/dist/thread-bindings-DMy2kJ74.js +571 -0
package/dist/thread-bindings.discord-api-BDj-jkBV.js +187 -0
package/dist/thread-bindings.manager-C5jC_3Mo.js +2 -0
package/dist/thread-bindings.manager-CLK7FYoE.js +536 -0
package/dist/thread-lifecycle-DYeO0OTi.js +1614 -0
package/dist/token-Ccki3ia9.js +134 -0
package/dist/tool-BqIYC7Fz.js +139 -0
package/dist/tool-actions.runtime-Cjbhroli.js +534 -0
package/dist/tool-actions.runtime.js +1 -1
package/dist/tool-plugin-CofS2wE_.d.ts +77 -0
package/dist/tool-resolution-D4klFB4B.js +149 -0
package/dist/tool-split-DMKOu1-C.d.ts +19 -0
package/dist/tools-effective-inventory-YuOuPKR8.js +204 -0
package/dist/tools-invoke-http-BmQFkxSN.js +67 -0
package/dist/tools-invoke-shared-DD4l34hg.js +200 -0
package/dist/transport-stream-BX7wROMY.d.ts +42 -0
package/dist/tts-BAQZtO6A.js +66 -0
package/dist/tui-B-CC1PjA.js +2 -0
package/dist/tui-backend-DLm_nQL8.js +256 -0
package/dist/tui-cli-BfCs3qwc.js +37 -0
package/dist/tui-qi8Vakes.js +4709 -0
package/dist/types-b0O6mxGU2.d.ts +3650 -0
package/dist/types-olRxdQM4.d.ts +786 -0
package/dist/types.public-BRMxVhDo.d.ts +70 -0
package/dist/update-check-Dvp_oog_.js +387 -0
package/dist/update-cli-BP32xvfl.js +3664 -0
package/dist/update-runner-DnbwY3OV.js +2390 -0
package/dist/update-startup-3l7wPrqM.js +339 -0
package/dist/update-startup-C_peqiGI.js +2 -0
package/dist/video-generation-runtime-C9sOxImj.d.ts +21 -0
package/dist/video-model-catalog-CNHZOLyE.d.ts +16 -0
package/dist/vision-tools-De-gGPAw.js +1409 -0
package/dist/web-search-DJMus2yt.js +62 -0
package/dist/web-search-provider.runtime-6Md25pj8.js +2 -0
package/dist/web-search-provider.runtime-CBUbt7xF.js +328 -0
package/dist/web-search-provider.runtime.js +1 -1
package/dist/webhook-targets-Sx2e7G-W.d.ts +99 -0
package/dist/xai-oauth-Cud_8Og7.js +479 -0
package/dist/xai-user-agent-dCQuZI6k.js +32 -0
package/package.json +1 -1
package/dist/abort-Bp4IXIaT.js +0 -277
package/dist/abort.runtime-yT20lVm3.js +0 -2
package/dist/account-inspect-Braq4T5C.js +0 -173
package/dist/accounts-B73T487L.js +0 -2
package/dist/accounts-Byqhka0B.js +0 -107
package/dist/accounts-C6REvXTb.js +0 -107
package/dist/accounts-DHkZahnb.js +0 -119
package/dist/acp-runtime-CsYu7oyf.js +0 -26
package/dist/acp-spawn-BpcanpjB.js +0 -2
package/dist/acp-spawn-CXnfFZet.js +0 -1275
package/dist/acp-stateful-target-driver-dbQl7Cls.js +0 -89
package/dist/action-kill-CmrHUh6-.js +0 -33
package/dist/action-runtime-Nz_MTd85.js +0 -469
package/dist/action-runtime-api-NVBTHRJ0.js +0 -2
package/dist/action-send-Bw28r8YX.js +0 -39
package/dist/action-spawn-Db3goKdw.js +0 -47
package/dist/actions-CZEEFK0T.js +0 -161
package/dist/actions.runtime-f4FlBapO.js +0 -5
package/dist/agent-BFrHijEI.js +0 -3
package/dist/agent-BvTZZujh.js +0 -2
package/dist/agent-command-CexUxiL4.js +0 -1367
package/dist/agent-command-D5KxwCVS.d.ts +0 -141
package/dist/agent-components.runtime-Bv--4UUq.js +0 -10
package/dist/agent-harness-CEPgjZ3p.d.ts +0 -146
package/dist/agent-harness-runtime-DMYJ4buZ.d.ts +0 -691
package/dist/agent-harness-runtime-_4Ou4ZI_.js +0 -180
package/dist/agent-harness-task-runtime-D0TI6yGM.js +0 -140
package/dist/agent-runner-execution-BWvPnRM1.js +0 -1713
package/dist/agent-runner-utils-hmda0Lyc.js +0 -266
package/dist/agent-runner.runtime-6MrZPOYP.js +0 -3455
package/dist/agent-runtime-Cnq13raf.js +0 -229
package/dist/agent-via-gateway-Cux4caUy.js +0 -463
package/dist/api-0vV8JjoW.js +0 -2
package/dist/api-4kojV9vT.js +0 -639
package/dist/api-C4dZHG-E.js +0 -2
package/dist/api-C9Dmd2CA.d.ts +0 -52
package/dist/api-DFDhOB71.js +0 -134
package/dist/api-Dd41e_NF.js +0 -3
package/dist/api-DqSBNv8i.js +0 -6
package/dist/apply-DnknmYSP.js +0 -41
package/dist/apply-XMFoVMgK.js +0 -54
package/dist/approval-handler.runtime-BIKhPCUE.js +0 -130
package/dist/assistant-Cfzr-QfG.js +0 -291
package/dist/attachment-normalize-Bqthqujs.js +0 -225
package/dist/attempt-execution-Cc2IUiUY.js +0 -558
package/dist/attempt-execution.runtime-C1pnC5CL.js +0 -3
package/dist/attempt-execution.shared-DR-LL9H1.js +0 -38
package/dist/attempt.prompt-helpers-DvfaNdO_.js +0 -475
package/dist/attempt.tool-run-context-Fk3-iLKA.js +0 -2094
package/dist/binding-routing-BjRihOZ8.js +0 -113
package/dist/binding-targets-D3vQIPpu.js +0 -121
package/dist/bot-BzKQljl1.js +0 -7894
package/dist/bot-deps-CHJno4Xv.js +0 -747
package/dist/bot-deps-CTU3vOGH.js +0 -2
package/dist/bot-message-context.runtime-DPAocg_K.js +0 -7
package/dist/bot-message-context.session.runtime-cWFJiTXb.js +0 -12
package/dist/bot-native-commands.delivery.runtime-BBiSJ9qu.js +0 -4
package/dist/bot-native-commands.runtime-BoWjkHEv.js +0 -13
package/dist/bridge-server-BnWfM8E9.js +0 -113
package/dist/browser-cli-CKSNhiVi.js +0 -230
package/dist/browser-cli-CsC0lbjc.js +0 -2
package/dist/browser-cli-actions-input-1PFDZ0_b.js +0 -473
package/dist/browser-cli-actions-observe-DfH0Y9FC.js +0 -81
package/dist/browser-cli-debug-hj-w-s9t.js +0 -137
package/dist/browser-cli-inspect-CxxMD86J.js +0 -104
package/dist/browser-cli-manage-DOn9OEh_.js +0 -443
package/dist/browser-cli-resize-BFHf-RqV.js +0 -26
package/dist/browser-cli-shared-Ca_pACoG.js +0 -50
package/dist/browser-cli-state-CCIHMGkC.js +0 -337
package/dist/browser-control-auth-dTGAuDxC.js +0 -2
package/dist/browser-profiles-CjXJJdop.js +0 -2
package/dist/browser-runtime-DrNsVpfv.js +0 -384
package/dist/build-QfdWbTGY.js +0 -257
package/dist/call-BAWIPJo2.d.ts +0 -43
package/dist/capability-cli-D7nQY4qe.js +0 -1782
package/dist/channel-13BBMvGu.js +0 -1496
package/dist/channel-B6YcNFXw.d.ts +0 -104
package/dist/channel-B9qWcqGg.js +0 -562
package/dist/channel-BB9gjVcH.js +0 -362
package/dist/channel-BM_u9Kct.js +0 -508
package/dist/channel-BdhbzWTg.d.ts +0 -427
package/dist/channel-Bkp8v6zY.d.ts +0 -14
package/dist/channel-BoK62YYe.d.ts +0 -49
package/dist/channel-C10lHKrC.d.ts +0 -47
package/dist/channel-CQbX6z1g.js +0 -740
package/dist/channel-CXkMpUA_.js +0 -1134
package/dist/channel-CZrble5P.d.ts +0 -8
package/dist/channel-CcENPjLR.js +0 -1556
package/dist/channel-CfgfbGDs.js +0 -808
package/dist/channel-D6JtLARW.js +0 -955
package/dist/channel-D6klawjQ.js +0 -867
package/dist/channel-D8X4fgB9.d.ts +0 -106
package/dist/channel-D9LDQOYt.d.ts +0 -8
package/dist/channel-DFTg6l_Y.js +0 -1777
package/dist/channel-DI30oIzM.js +0 -238
package/dist/channel-DVGMasO6.d.ts +0 -7
package/dist/channel-Djgm5DE9.d.ts +0 -64
package/dist/channel-Dl4eeuJ3.d.ts +0 -114
package/dist/channel-DpQ6_cvo.d.ts +0 -8
package/dist/channel-Dwmhp2QK.js +0 -376
package/dist/channel-DyOJHorx.js +0 -481
package/dist/channel-DzLAzPz_.js +0 -1249
package/dist/channel-JqEqZ04S.d.ts +0 -6
package/dist/channel-ZshGzzZU.js +0 -2126
package/dist/channel-actions.runtime-BPuh-LPy.js +0 -265
package/dist/channel-core-CbkDdNXh.d.ts +0 -6
package/dist/channel-core-Cip0DXqW.js +0 -5
package/dist/channel-entry-contract-DUSF3gce.d.ts +0 -112
package/dist/channel-hShoCuAc.d.ts +0 -12
package/dist/channel-inbound-nxJGbY-L.js +0 -80
package/dist/channel-kn7WFIV-.js +0 -653
package/dist/channel-lifecycle-DCl2GbRW.d.ts +0 -125
package/dist/channel-pIMjOo6Y.d.ts +0 -28
package/dist/channel-pairing-BRqfYy30.d.ts +0 -58
package/dist/channel-plugin-runtime-Cg67QAiE.d.ts +0 -7
package/dist/channel-plugin-runtime-D2mUAQP6.js +0 -998
package/dist/channel-runtime-DWbCQz0-.js +0 -408
package/dist/channel-uP-mo8Q6.d.ts +0 -7
package/dist/channel-whyHp4eY.d.ts +0 -26
package/dist/channel.runtime-BRLds_50.js +0 -1008
package/dist/channel.runtime-BYk5D3KV.js +0 -652
package/dist/channel.runtime-Bd5GuqVD.js +0 -4
package/dist/channel.runtime-BhiiHau6.js +0 -109
package/dist/channel.runtime-CKnG96oM.js +0 -254
package/dist/channel.runtime-DbuDXi8A.js +0 -2528
package/dist/channel.runtime-DfQ7lbcl.js +0 -21009
package/dist/channel.runtime-DhzR3IQP.js +0 -733
package/dist/channel.runtime-SnJqiMZZ.js +0 -88
package/dist/channel.setup-0jZeZ91N.js +0 -1098
package/dist/channel.setup-BMXb23G7.d.ts +0 -6
package/dist/channel.setup-BdEXf9Ic.d.ts +0 -8
package/dist/channel.setup-C3aSMtNe.js +0 -343
package/dist/channel.setup-UZjcpncE.d.ts +0 -7
package/dist/channel.setup-x_GPUW2e.js +0 -10
package/dist/chat-DyxY_o5e.js +0 -2666
package/dist/chrome-CUytWLO5.js +0 -1503
package/dist/cli-BnAifbUH.js +0 -1341
package/dist/cli-DYinYyHP.d.ts +0 -20
package/dist/cli-backend-CSCGROD2.d.ts +0 -5
package/dist/cli-backend-DmBwqwqy.d.ts +0 -5
package/dist/cli-compaction-BsDXzDbB.js +0 -347
package/dist/cli-metadata-C2ez_EOq.js +0 -22
package/dist/cli-runner-Df8f6aib.js +0 -2
package/dist/cli-runner-N-xuwavW.js +0 -540
package/dist/cli-runner.runtime-BZgB5Wze.js +0 -3
package/dist/cli-runner.runtime-CzWSBiUX.js +0 -4
package/dist/cli-shared-CXpra3BN.d.ts +0 -20
package/dist/client-BSznX-Sw.js +0 -650
package/dist/client-adapter-CvuAhGRl.js +0 -897
package/dist/client-factory-Dl9ZpTlR.js +0 -9
package/dist/command-auth-Cp3qho7_.js +0 -135
package/dist/command-handlers-7evBobOS.js +0 -1609
package/dist/command-registry-BTdu515H.js +0 -4
package/dist/command-registry-MW7FkJ_Y.js +0 -9
package/dist/command-registry-core-COtKps6g.js +0 -110
package/dist/command-status.runtime-HmI60xl3.js +0 -90
package/dist/commands-CqcnXnk-.d.ts +0 -113
package/dist/commands-acp-NnHhockz.js +0 -74
package/dist/commands-compact.runtime-wJDJ6VWY.js +0 -10
package/dist/commands-handlers.runtime-CDlvieOM.js +0 -6154
package/dist/commands-status-CJsUMgIw.js +0 -16
package/dist/commands-status-j5QdKUbl.js +0 -3
package/dist/commands-status.runtime-j5QdKUbl.js +0 -3
package/dist/commands-subagents-control.runtime-BfOBOw5t.js +0 -3
package/dist/commands-subagents-control.runtime-CALs_ywD.js +0 -2
package/dist/commands-system-prompt-BnMuvo_P.js +0 -2
package/dist/commands-system-prompt-BqcYl8m9.js +0 -162
package/dist/commands.runtime-DMhewKIp.js +0 -176
package/dist/compact-B4Hs8o3S.js +0 -1141
package/dist/compact-CKxyl7Ak.js +0 -480
package/dist/compact.runtime-BPnE7Lia.js +0 -12
package/dist/completion-cli-dN803PIC.js +0 -315
package/dist/computer-use-DI-JbifZ.js +0 -367
package/dist/config-CA7Mb3IV.js +0 -373
package/dist/config-CjXJJdop.js +0 -2
package/dist/config-mutations-CIt7XNeY.js +0 -159
package/dist/config-schema-Bqr7vPys.d.ts +0 -20
package/dist/context-engine-host-compat-C0PN-GqB.js +0 -288
package/dist/context-engine-host-compat-r4dLJY0h.js +0 -2
package/dist/context-engine-lifecycle-BgedIp9C.js +0 -1274
package/dist/contracts-testkit-DQ4aMv6G.d.ts +0 -145
package/dist/control-auth-BNpGd-Kk.js +0 -114
package/dist/control-service-kce7bfHU.js +0 -145
package/dist/control-ui/assets/agents-BdvJfq80.js +0 -1008
package/dist/control-ui/assets/channel-config-extras-Ceaj0SW_.js +0 -2
package/dist/control-ui/assets/channels-CdXoXJoZ.js +0 -367
package/dist/control-ui/assets/cron-8oEfCQUI.js +0 -1013
package/dist/control-ui/assets/debug-Br-EwLEu.js +0 -97
package/dist/control-ui/assets/index-B_b8hb35.js +0 -7381
package/dist/control-ui/assets/index-Crl1466m.css +0 -1
package/dist/control-ui/assets/instances-7yY0VA1d.js +0 -57
package/dist/control-ui/assets/logs-DcKMzQjP.js +0 -74
package/dist/control-ui/assets/nodes-BXjhsRXJ.js +0 -436
package/dist/control-ui/assets/sessions-Civ0cHoq.js +0 -399
package/dist/control-ui/assets/skills-BkRG__0I.js +0 -314
package/dist/control-ui/assets/skills-shared-CTIiKUNP.js +0 -11
package/dist/conversation-binding-runtime-CUUOaxkw.js +0 -4
package/dist/conversation-runtime-CAGsRmgG.js +0 -31
package/dist/core-DDHeEXv5.js +0 -282
package/dist/core-DIQ0fbwp.d.ts +0 -224
package/dist/core-api-BfuO-na1.js +0 -5
package/dist/core-api-YA03piFN.js +0 -2
package/dist/crestodian-BvNBIbgT.js +0 -55
package/dist/daocore-runtime-JsdCNe3l.d.ts +0 -151
package/dist/daocore-tools-V8Z6YbCA.js +0 -11727
package/dist/delivery-CqDMMxF-.js +0 -1002
package/dist/dialogue-C7jN6TtR.js +0 -37
package/dist/dir-fetch-tool-DKizoBAo.js +0 -565
package/dist/dir-list-tool-CMSe1Gic.js +0 -100
package/dist/direct-dm-CNDGhZHH.js +0 -64
package/dist/directive-handling.fast-lane-BNDUrJm9.js +0 -68
package/dist/directive-handling.impl-CNMskvfI.js +0 -2
package/dist/directive-handling.impl-DkSnupbX.js +0 -818
package/dist/directive-handling.model-selection-DrYH2dJi.js +0 -122
package/dist/directive-handling.persist.runtime-Bf1g-e09.js +0 -263
package/dist/dispatch-BqXq6928.js +0 -1640
package/dist/dispatch-acp-transcript.runtime-B8OLBkcv.js +0 -40
package/dist/dispatch-acp.runtime-CFRlXnm3.js +0 -18
package/dist/doctor-C8zSecbl.js +0 -6
package/dist/doctor-DmE-4kn4.js +0 -2
package/dist/doctor-config-flow-CiEbrb8s.js +0 -1741
package/dist/doctor-core-checks-B3G8nJ2e.js +0 -573
package/dist/doctor-core-checks-BeflOFTE.js +0 -2
package/dist/doctor-health-Ali-Hxdp.js +0 -65
package/dist/doctor-health-contributions-CXfgIUQd.js +0 -696
package/dist/doctor-lint-B5IHZCxG.js +0 -94
package/dist/doctor-state-integrity-BjeDtfbq.js +0 -1231
package/dist/doctor-update-CG2msB2K.js +0 -58
package/dist/dynamic-tools-D5gHaas6.js +0 -486
package/dist/embedded-backend-BLW2WQJF.js +0 -579
package/dist/embedded-gateway-stub.runtime-DbUedhpy.js +0 -12
package/dist/embedding-provider-56qUY6a4.d.ts +0 -16
package/dist/embedding-provider-CfSvDhLk.d.ts +0 -65
package/dist/embedding-provider-DV9KtS1H.d.ts +0 -21
package/dist/exec-approvals-CwwQA-_B.js +0 -149
package/dist/file-fetch-tool-CekPjemC.js +0 -124
package/dist/file-write-tool-C7-UYxXN.js +0 -127
package/dist/format-BrgWhpMP.js +0 -1145
package/dist/format-C-lnTES_.js +0 -250
package/dist/gateway-cli-BIl9ooav.js +0 -435
package/dist/gateway-method-runtime-B3nJGqAy.js +0 -21
package/dist/gateway-runtime-COtKzRqi.d.ts +0 -163
package/dist/gemini-cli-provider-BQgviROv.d.ts +0 -6
package/dist/get-reply-CCGEqENF.js +0 -4689
package/dist/get-reply-from-config.runtime-1bVL6Eaa.js +0 -2
package/dist/graph-users-CCkJYdwo.js +0 -1419
package/dist/group-access-BrcrVhTm.js +0 -112
package/dist/group-keys-DnxWQtll.d.ts +0 -17
package/dist/handle-action.guild-admin-8EfNNvKz.js +0 -288
package/dist/harness-BNsomB7U.js +0 -61
package/dist/health-CJOAk46r.js +0 -4
package/dist/health-state-CETJtly-.js +0 -106
package/dist/heartbeat-runner-BjAnHwan.js +0 -5
package/dist/heartbeat-runner.runtime-BhQDpIvL.js +0 -4
package/dist/hook-runtime-Cm73yH0T.d.ts +0 -107
package/dist/hooks-CAleL-fH.js +0 -534
package/dist/http-registry-Yo_NvKls.d.ts +0 -23
package/dist/image-generation-runtime-BIAvq6jv.d.ts +0 -21
package/dist/inbound-direct-dm-runtime-aWeBKeRE.js +0 -2
package/dist/inbound-reply-dispatch-DvWaNCgR.js +0 -148
package/dist/index-7GMgTC5k.d.ts +0 -3971
package/dist/init-D_kHY2_L.js +0 -59
package/dist/inline-buttons-CBfC5L_C.js +0 -40
package/dist/interactive-dispatch-ChuCQxzf.d.ts +0 -56
package/dist/interactive-dispatch-DY_jVu-V.d.ts +0 -143
package/dist/internal-events-DR7M-R-k.js +0 -90
package/dist/isolated-agent-BSwvfJdq.js +0 -1118
package/dist/isolated-agent-B_H2wb6F.js +0 -2
package/dist/lifecycle-BsPQk14E.js +0 -571
package/dist/list.probe-DVPoP_gs.js +0 -449
package/dist/list.status-command-YLSxt2nU.js +0 -789
package/dist/llm-slug-generator-DMXCuj_8.js +0 -78
package/dist/loader-C-JyPvyF.d.ts +0 -142
package/dist/local-dispatch.runtime-ByJpKbzY.js +0 -9
package/dist/manager-CSN9j9hh.d.ts +0 -205
package/dist/manager-CknaUr2b.d.ts +0 -356
package/dist/manager.runtime-Cbd4Wkzv.js +0 -2714
package/dist/markdown-to-line-UROW4ICU.js +0 -811
package/dist/mcp-http-Bs04-o36.js +0 -2
package/dist/mcp-http-DusJ-yus.js +0 -555
package/dist/media-understanding-provider-DJ2PVD5L.js +0 -339
package/dist/memory-core-host-engine-storage-izjrNFNA.d.ts +0 -54
package/dist/memory-embedding-adapter-B3WLPdKc.d.ts +0 -5
package/dist/message-actions-BOhsMU7S.js +0 -145
package/dist/message-handler-BUvaTnYL.js +0 -384
package/dist/message-handler-DsiaQGjj.js +0 -1715
package/dist/message-handler.preflight-COR7HHaa.js +0 -1125
package/dist/message-handler.process-Cnlh9kQt.js +0 -1484
package/dist/migration-DVKbowM8.d.ts +0 -45
package/dist/model-BSBoLWjJ.d.ts +0 -33
package/dist/model-CrGV78vh.js +0 -74
package/dist/model-selection-BkMRVKvT.js +0 -272
package/dist/models-BvEw11kE.d.ts +0 -24
package/dist/models-CAsfL9Yc.js +0 -104
package/dist/models-DAHwZzdm.js +0 -2
package/dist/models-cli-NVAexFpF.js +0 -256
package/dist/monitor-BHLuAWAQ.js +0 -2
package/dist/monitor-BbTVo-eV.js +0 -715
package/dist/monitor-CLLyEX0R.js +0 -2788
package/dist/monitor-CTR3lVMb.js +0 -834
package/dist/monitor-Cl2p6Juz.js +0 -60
package/dist/monitor-D5rBDT5w.js +0 -4377
package/dist/monitor-DyRkvAJd.js +0 -1370
package/dist/monitor-IiG3eV5_.js +0 -1657
package/dist/monitor-auth-D_0zoeLn.js +0 -179
package/dist/monitor-polling.runtime-BXzw5egF.js +0 -883
package/dist/monitor-webhook.runtime-C3arPPzi.js +0 -387
package/dist/monitor.account-DrVGHE8V.js +0 -5233
package/dist/monitor.runtime-DPEbukZB.js +0 -2
package/dist/monitor.webhook-jkAnTCQb.js +0 -180
package/dist/node-cli-sessions-DcVj-6eN.js +0 -1228
package/dist/openai-codex-provider-C48t8ka8.d.ts +0 -5
package/dist/openai-http-CmoI0e7t.js +0 -824
package/dist/openai-provider-Df75q4KM.d.ts +0 -5
package/dist/openresponses-http-Bi3LSGUc.js +0 -1173
package/dist/operations-9LkwgILD.js +0 -805
package/dist/outbound-adapter-xUTnrNGD.js +0 -543
package/dist/outbound-session-route-CBXkht6a.js +0 -45
package/dist/outbound.runtime-CAgimRZ1.js +0 -2
package/dist/pairing-challenge-DD0D0sfM.d.ts +0 -87
package/dist/pi-embedded-BKpKsszm.js +0 -4
package/dist/pi-embedded-DmeQCwCt.js +0 -3796
package/dist/pi-embedded.runtime-C283Wor9.js +0 -4
package/dist/pi-tools-B0nJW7W4.js +0 -2413
package/dist/plan-BILA3XMN.js +0 -81
package/dist/plan-DHXchBJq.js +0 -112
package/dist/plugin-CHLmrL9G.js +0 -12396
package/dist/plugin-DMYsMKAW.d.ts +0 -17
package/dist/plugin-app-cache-key-C-_klURZ.js +0 -46
package/dist/plugin-enabled-DzYMnPpm.js +0 -233
package/dist/plugin-entry-DwVZtdM9.d.ts +0 -47
package/dist/plugin-registration-DLrh8AB5.js +0 -88
package/dist/plugin-runtime-Dx9WRWX8.d.ts +0 -117
package/dist/plugin-sdk/scripts/lib/plugin-sdk-doc-metadata.d.ts +0 -107
package/dist/plugin-service-mHunWjlo.d.ts +0 -24
package/dist/plugin-service-xm4tv2oM.js +0 -1229
package/dist/policy-BUSsfT7A.js +0 -138
package/dist/policy-BwwL6sP2.js +0 -680
package/dist/prepare.runtime-Dcrb22a5.js +0 -732
package/dist/preview-warnings-Cx__1X43.js +0 -392
package/dist/probe-CevnbYpq.js +0 -682
package/dist/probe-CoEDhBiC.js +0 -2204
package/dist/probe-ConXyeqE.js +0 -2
package/dist/probe-D-jU5onR.js +0 -47
package/dist/program-BBwmibpa.js +0 -131
package/dist/prompt-overlay-D0r0EA6z.d.ts +0 -23
package/dist/provider--7lUimtp.js +0 -152
package/dist/provider-CCGQtVNI.js +0 -8735
package/dist/provider-DVMSF8i8.js +0 -32
package/dist/provider-R_TaXN59.js +0 -32
package/dist/provider-api-key-auth-2Fp25hP8.d.ts +0 -27
package/dist/provider-auth-result-mIg6RY-l.d.ts +0 -21
package/dist/provider-catalog-runtime-B7e02aat.d.ts +0 -23
package/dist/provider-catalog-shared-D0mIMF1C.d.ts +0 -62
package/dist/provider-dispatcher-CYkb3lfL.js +0 -22
package/dist/provider-hook-runtime-CrtHxgL6.d.ts +0 -61
package/dist/provider-model-shared-BESf3jvo.d.ts +0 -143
package/dist/provider-models-B6wofKVD.d.ts +0 -12
package/dist/provider-policy-0JjxJfxh.d.ts +0 -30
package/dist/provider-registration-O7mvATZX.d.ts +0 -6
package/dist/provider-registry-CtFVQxwM.d.ts +0 -8
package/dist/provider-registry-DZxCJHb2.d.ts +0 -8
package/dist/provider-registry-DcUASGbX.d.ts +0 -30
package/dist/provider-runtime-CrrstiDP.d.ts +0 -359
package/dist/provider-self-hosted-setup-DKlGE8A7.d.ts +0 -74
package/dist/provider-session.runtime-DzG2BUE9.js +0 -9
package/dist/provider-stream-C2vPdKh5.d.ts +0 -140
package/dist/provider-stream-shared-CslVTt39.d.ts +0 -128
package/dist/provider.runtime-D1-pMnoj.js +0 -2
package/dist/providers.runtime-CHPPEG1J.d.ts +0 -25
package/dist/public-surface-loader-BZisefzq.js +0 -114
package/dist/pw-ai-Cbau3n7J.js +0 -3029
package/dist/pw-role-snapshot-HeQTrxIk.js +0 -333
package/dist/reaction-level-uJ8tiLpH.js +0 -19
package/dist/reaction-runtime-api-BKUvK5Wn.js +0 -116
package/dist/realtime-transcription-Brox5yj7.d.ts +0 -43
package/dist/realtime-transcription-provider-B9DWwCuO.d.ts +0 -32
package/dist/realtime-transcription-provider-CGhoGie3.d.ts +0 -28
package/dist/realtime-transcription-provider-Daix0e58.js +0 -205
package/dist/realtime-transcription-provider-Dau7Zk9V.d.ts +0 -37
package/dist/realtime-transcription-provider-WgtPbRJc.d.ts +0 -5
package/dist/realtime-voice-C5Xiylos.d.ts +0 -333
package/dist/realtime-voice-provider-DUPM9wyW.d.ts +0 -5
package/dist/register-Dj9j6LEv.js +0 -2178
package/dist/register.agent-OiMUcpgI.js +0 -156
package/dist/register.crestodian-CbqhJMEx.js +0 -24
package/dist/register.maintenance-CQILEqsM.js +0 -83
package/dist/register.runtime-BcgdXzLA.d.ts +0 -6
package/dist/register.runtime-BwfUZoFY.js +0 -54
package/dist/register.status-health-sessions-DF6wxmsG.js +0 -282
package/dist/register.subclis-BR2kCzHF.js +0 -31
package/dist/register.subclis-Wd-wKmYg.js +0 -3
package/dist/register.subclis-core-DS7RVqtY.js +0 -273
package/dist/registry-DnnBulh_.d.ts +0 -91
package/dist/registry-types-BQ26lhRo.d.ts +0 -392
package/dist/repair-sequencing-DvQQmyrq.js +0 -640
package/dist/reply-delivery-ohbM16VN.js +0 -196
package/dist/reply-runtime-qGOCyyux.js +0 -11
package/dist/reply.runtime-1bVL6Eaa.js +0 -2
package/dist/request-CC3c4Svm.js +0 -54
package/dist/resolve-allowlist-vAhCe75e.js +0 -220
package/dist/result-fallback-classifier-CZtnXmbx.js +0 -79
package/dist/route-resolution-CXaxgYtw.js +0 -274
package/dist/route-uo5aoUdQ.js +0 -469
package/dist/routes-BqtrHP28.js +0 -2
package/dist/routes-pIjFm3n0.js +0 -3602
package/dist/run-DYwW1kIR.js +0 -1162
package/dist/run-attempt-B2GDG3uT.js +0 -7704
package/dist/run-command-CbUIDjYf.js +0 -2
package/dist/run-command-DHOIYQm_.js +0 -23
package/dist/run-embedded.runtime-g47oIqaL.js +0 -4
package/dist/run-execution-cli.runtime-zQ48ZAc5.js +0 -4
package/dist/run-subagent-registry.runtime-CXj8K_pJ.js +0 -2
package/dist/runtime-CjTLh1Zl.js +0 -6179
package/dist/runtime-DbTiSX85.d.ts +0 -17
package/dist/runtime-NVf_F_HM.js +0 -1287
package/dist/runtime-Z5_yALHT.js +0 -438
package/dist/runtime-api-BExObylL.js +0 -17
package/dist/runtime-api-BfCI6iAu.js +0 -3
package/dist/runtime-api-BkzOHOsq.js +0 -13
package/dist/runtime-api-BtVSnSI4.js +0 -4
package/dist/runtime-api-DLHn_SE-.js +0 -24
package/dist/runtime-api-_nsdMn3H.js +0 -13
package/dist/runtime-api-k3v6Q0lb2.d.ts +0 -3151
package/dist/runtime-api-qMRycIAN.js +0 -21
package/dist/runtime-api.actions-C2-n4QQ5.d.ts +0 -23
package/dist/runtime-api.actions-UmkTxLGC.js +0 -3
package/dist/runtime-api.monitor-JDAShUxC.js +0 -6
package/dist/runtime-api.send-B65J_Lod.js +0 -4
package/dist/runtime-api.send-t0FX9tXf.d.ts +0 -38
package/dist/runtime-api.threads-B7tsKPA_.js +0 -2
package/dist/runtime-channel-Bs6XTsp4.js +0 -150
package/dist/runtime-channel-C3WZVBBg.js +0 -2
package/dist/runtime-doctor-_yVIDUi3.d.ts +0 -48
package/dist/runtime-embedded-pi.runtime-P8AdyyIu.js +0 -2
package/dist/runtime-taskflow-Co1PrqbP.d.ts +0 -435
package/dist/sanitize-outbound-Bt4-FGfp.js +0 -127
package/dist/sdk-setup-tools-CfyJODAu.js +0 -8
package/dist/secrets-DjmhS0YO.js +0 -113
package/dist/security-audit-CKVBQPWN.js +0 -118
package/dist/security-audit-D9IeXoG3.js +0 -122
package/dist/security-audit.runtime-CYMQTOM9.js +0 -2
package/dist/selection--wvE7VOv.js +0 -16157
package/dist/selection-y-7QPgGA.js +0 -3
package/dist/send-B5TXXeBz.d.ts +0 -231
package/dist/send-BlmkYrI0.js +0 -1631
package/dist/send-CbkEX0QM.js +0 -143
package/dist/send-Cmn4RsqA.js +0 -192
package/dist/send-DEMaBWpw.d.ts +0 -105
package/dist/send-Dug9BZ9D.js +0 -2
package/dist/send.components-CyaKuD2L.js +0 -500
package/dist/send.components-PcOc-Ovz.js +0 -2
package/dist/send.runtime-xY6hEtyv.js +0 -2
package/dist/send.types-DywwIqYK.d.ts +0 -160
package/dist/server-BnGgr3PE.js +0 -73
package/dist/server-DSUxFJfU.js +0 -24
package/dist/server-context-CLKwYCyu.js +0 -955
package/dist/server-context-CYVPTQQC.js +0 -2
package/dist/server-cron-B1jBiRyb.js +0 -2989
package/dist/server-cron-X77jGOEU.js +0 -2
package/dist/server-maintenance-Y0NvZrH-.js +0 -167
package/dist/server-methods-BBnXSrf2.js +0 -16494
package/dist/server-node-events-BUsL79RS.js +0 -596
package/dist/server-plugin-bootstrap-ALp-FJwj.js +0 -70
package/dist/server-plugins-ufO_8NhB.js +0 -432
package/dist/server-reload-handlers-CPiyHZtT.js +0 -714
package/dist/server-restart-sentinel-CQk6eeWM.js +0 -747
package/dist/server-restart-sentinel-D3cRaMdv.js +0 -2
package/dist/server-runtime-services-Bu0xO9C9.js +0 -2
package/dist/server-runtime-services-DXP2sVWQ.js +0 -267
package/dist/server-startup-early-5UM54scV.js +0 -87
package/dist/server-startup-plugins-CQ_pYS5Y.js +0 -113
package/dist/server-startup-post-attach-Ja8NHfJQ.js +0 -716
package/dist/server-ws-runtime-DNH4m_Ix.js +0 -349
package/dist/server.impl-BXCtVnO2.js +0 -2586
package/dist/service-wi5zUseG.js +0 -1446
package/dist/session-binding-BUfCOB1r.js +0 -219
package/dist/session-binding-DBdZdGMb.js +0 -2
package/dist/session-kill-http-PtCc8zMl.js +0 -121
package/dist/session-reset-service-BOBmro8l.js +0 -625
package/dist/session-route-CJUmMLQC.js +0 -93
package/dist/session-status.runtime-C10K54fr.js +0 -2
package/dist/session-subagent-reactivation.runtime-DfIyTUKb.js +0 -2
package/dist/session-tab-registry-DQbVw6TC.js +0 -521
package/dist/sessions-history-http-BX2MupcW.js +0 -430
package/dist/sessions.runtime-C2inYyN4.js +0 -2
package/dist/setup-api-LkhGnkD8.js +0 -29
package/dist/setup-core-CinEapxM.js +0 -174
package/dist/setup-surface-BCtf5vsv.js +0 -221
package/dist/setup-surface-BlIPVefp.js +0 -320
package/dist/setup-surface-CfGI8GXG.js +0 -288
package/dist/setup-surface-Cpi2A6hH.js +0 -405
package/dist/shared-2-FiBN51.d.ts +0 -115
package/dist/shared-D57heBsq.js +0 -121
package/dist/shared-client-BNqlZyQZ.js +0 -2
package/dist/shared-client-DkXSWGuf.js +0 -629
package/dist/side-question-CJpQXQwO.js +0 -683
package/dist/simple-completion-runtime-JMnVclQ6.d.ts +0 -73
package/dist/skill-tool-dispatch.runtime-DFIYzLB7.js +0 -143
package/dist/slash-state-PVFVXsf5.js +0 -2166
package/dist/speech-CmQkc7zi.d.ts +0 -47
package/dist/speech-core-CVkLGUxG.d.ts +0 -36
package/dist/speech-provider-B73iu4fH.d.ts +0 -5
package/dist/speech-provider-BEBH8vyF.d.ts +0 -34
package/dist/speech-provider-BYMES40R.js +0 -184
package/dist/speech-provider-BhCRdoMK.d.ts +0 -8
package/dist/speech-provider-Cf1PVMAj.d.ts +0 -8
package/dist/speech-provider-DdEPWhuR.d.ts +0 -5
package/dist/speech-provider-ECom8JiZ.d.ts +0 -5
package/dist/src-Cig0nIaB.js +0 -4256
package/dist/startup-context-BhCfCVUP.js +0 -313
package/dist/status-BUGiySd0.js +0 -3
package/dist/status-CCUVxq2T.js +0 -4
package/dist/status-all-DVmRki9n.js +0 -573
package/dist/status-json-C9yB-I_P.js +0 -14
package/dist/status-json-command-DLiHHY4-.js +0 -84
package/dist/status-runtime-shared-CVVr1-B8.js +0 -283
package/dist/status-subagents.runtime-Dnd_-sFp.js +0 -18
package/dist/status-text-Bv7B6Qvi.js +0 -296
package/dist/status.command-CgQ_YxAV.js +0 -2
package/dist/status.command-DljDx7Pt.js +0 -420
package/dist/status.command.text-runtime-HPfXUUVK.js +0 -15
package/dist/status.scan-XGVKT6BH.js +0 -68
package/dist/status.scan-overview-BdO_Dwpk.js +0 -444
package/dist/status.scan.fast-json-BbfAYFaX.js +0 -2
package/dist/status.scan.fast-json-CixCI_VT.js +0 -127
package/dist/status.scan.runtime-c77nmHB8.js +0 -479
package/dist/status.update-CgJc9Ame.js +0 -2
package/dist/status.update-DxUx2UCj.js +0 -86
package/dist/sticker-cache-zbRCf5UY.js +0 -206
package/dist/sticker-vision.runtime-D8hb_hbK.js +0 -17
package/dist/stream-CYHgCxMh.d.ts +0 -5
package/dist/stream-D8Ytt_tB.d.ts +0 -120
package/dist/stream-DX9I-gkW.d.ts +0 -19
package/dist/stream-DjL6Gw2C.d.ts +0 -16
package/dist/stream-m7GKt3W2.d.ts +0 -10
package/dist/stream-wrappers-UyEQes6p.d.ts +0 -21
package/dist/subagent-announce-D-tCpxB7.js +0 -354
package/dist/subagent-announce-delivery-CV9sHBb8.js +0 -958
package/dist/subagent-control-B71yROQ1.js +0 -508
package/dist/subagent-hooks-5z9r_kyU.js +0 -230
package/dist/subagent-hooks-B9N4nO9J.js +0 -2
package/dist/subagent-hooks-Bqm8GC4e.js +0 -116
package/dist/subagent-hooks-CH64M3D2.js +0 -2
package/dist/subagent-hooks-YX204bTO.js +0 -2
package/dist/subagent-hooks-api-22u-zraT.js +0 -23
package/dist/subagent-hooks-api-CZbBhZq3.js +0 -23
package/dist/subagent-hooks-api-Ji-FhB1I.js +0 -22
package/dist/subagent-hooks-yIneGe_q.js +0 -146
package/dist/subagent-orphan-recovery-BR2b7ZZK.js +0 -352
package/dist/subagent-registry-7llbjThI.js +0 -2351
package/dist/subagent-registry-IXRntXRj.js +0 -3
package/dist/subagent-session-cleanup-Ckvz5u4B.js +0 -525
package/dist/subagent-spawn-28HeMeKx.js +0 -1164
package/dist/target-id-CGBWkCke.js +0 -107
package/dist/targets-B8kgW-Y8.js +0 -19
package/dist/targets-BhYsYz4Q.js +0 -44
package/dist/targets-D-0Biv4s.d.ts +0 -10
package/dist/targets-Dl-MgHWz.js +0 -19
package/dist/targets-S-Pmze3w.d.ts +0 -10
package/dist/testing-CwJ9EDFR.js +0 -267
package/dist/text-report-97aYC9pB.js +0 -695
package/dist/thinking-policy-B31-nCQk.d.ts +0 -5
package/dist/thread-bindings-B6t8Q4ba.js +0 -8
package/dist/thread-bindings-B9f-_sFy.js +0 -571
package/dist/thread-bindings-CJDUpwXD.js +0 -228
package/dist/thread-bindings-DxvjdbzW.js +0 -232
package/dist/thread-bindings.discord-api-CnRP-DSi.js +0 -187
package/dist/thread-bindings.manager-2B6_nSpQ.js +0 -536
package/dist/thread-bindings.manager-C_n--VnJ.js +0 -2
package/dist/thread-lifecycle-C2hLLuqe.js +0 -1614
package/dist/token-Bo7-r-aE.js +0 -134
package/dist/tool-BLIlzoql.js +0 -139
package/dist/tool-actions.runtime-CXZ0UNkZ.js +0 -534
package/dist/tool-plugin-B9aQw4fj.d.ts +0 -77
package/dist/tool-resolution-BqtQFCPq.js +0 -149
package/dist/tool-split-zov3PauL.d.ts +0 -19
package/dist/tools-effective-inventory-DABx239z.js +0 -204
package/dist/tools-invoke-http-8pjepRT1.js +0 -67
package/dist/tools-invoke-shared-l5WK0ntS.js +0 -200
package/dist/transport-stream-3OMu_lV2.d.ts +0 -42
package/dist/tts-BIYGM92g.js +0 -66
package/dist/tui-DCykl3IU.js +0 -4709
package/dist/tui-DzUa_vFQ.js +0 -2
package/dist/tui-backend-BJUtldXg.js +0 -256
package/dist/tui-cli-C-Q6SJc7.js +0 -37
package/dist/types-D3enA0Vx.d.ts +0 -786
package/dist/types-DHSQkzyq2.d.ts +0 -3650
package/dist/types.public-DHQb4Kl9.d.ts +0 -70
package/dist/update-check-BKUpUW-v.js +0 -372
package/dist/update-cli-DA6H6wa0.js +0 -3664
package/dist/update-runner-C680U-SL.js +0 -2379
package/dist/update-startup-D26cmPn-.js +0 -2
package/dist/update-startup-XLbXHCT1.js +0 -339
package/dist/video-generation-runtime-Dj060lga.d.ts +0 -21
package/dist/video-model-catalog-CQ-f89xh.d.ts +0 -16
package/dist/vision-tools-DJ4y7cV-.js +0 -1409
package/dist/web-search-DpV8PBBY.js +0 -62
package/dist/web-search-provider.runtime-Bmvff7rR.js +0 -2
package/dist/web-search-provider.runtime-CY9JJJoF.js +0 -328
package/dist/webhook-targets-CW4Nl_cq.d.ts +0 -99
package/dist/xai-oauth-gj-8ubLa.js +0 -479
package/dist/xai-user-agent-D4JRRc1W.js +0 -32
/package/dist/{accounts-CqgATPC-2.d.ts → accounts-CqgATPC-.d.ts} +0 -0
/package/dist/{acp-runtime-backend-DL9bHzqW.js → acp-runtime-backend-BQNm-KYC.js} +0 -0
/package/dist/{channel-actions-CMf4W2nb.js → channel-actions-CMUt5769.js} +0 -0
/package/dist/{command-status-runtime-CFttYerC.js → command-status-runtime-DXZZv5h_.js} +0 -0
/package/dist/{delegate-D6LGFAf5.js → delegate-BTCHfZIj.js} +0 -0
/package/dist/{dispatch-acp-aDmm-ClP.js → dispatch-acp-DtdYZo4i.js} +0 -0
/package/dist/{heartbeat-runner-CA3FnKVt.js → heartbeat-runner-BqUKIwmn.js} +0 -0
/package/dist/{library-Bwpqe3Xn.js → library-DavrGMix.js} +0 -0
/package/dist/{run-executor.runtime-BDRmO1Qf.js → run-executor.runtime-DMU7greB.js} +0 -0
/package/dist/{shared-DMRXpVQc.js → shared-Kl_LS_vA.js} +0 -0

package/dist/register-Dj9j6LEv.js DELETED Viewed

@@ -1,2178 +0,0 @@
-import { o as coerceSecretRef } from "./types.secrets-Ct1DNG7D.js";
-import { r as normalizeProviderId } from "./provider-id-zTW9Rdln.js";
-import "./provider-model-shared-H18UrK7h.js";
-import "./secret-input-s8BgZnEq.js";
-import { i as registerHealthCheck } from "./health-check-registry-DxXQHCTW.js";
-import "./health-CJOAk46r.js";
-import JSON5 from "json5";
-import { basename, isAbsolute, resolve } from "node:path";
-import { createHash } from "node:crypto";
-//#region extensions/policy/src/policy-state.ts
-const RESERVED_CHANNEL_CONFIG_KEYS = new Set(["defaults", "modelByChannel"]);
-const NON_SLUG_CHARS = /[^a-z0-9-]+/g;
-const COLLAPSE_HYPHENS = /-+/g;
-const TRIM_HYPHENS = /^-+|-+$/g;
-function policyDocumentHash(policy) {
-	return sha256(stableJson(policy));
-}
-function policyWorkspaceHash(evidence) {
-	return sha256(stableJson(evidence));
-}
-function policyFindingsHash(findings) {
-	return sha256(stableJson(findings));
-}
-function policyAttestationHash(input) {
-	return sha256(stableJson(input));
-}
-function createPolicyAttestation(input) {
-	const workspaceHash = policyWorkspaceHash(input.evidence);
-	const findingsHash = policyFindingsHash(input.findings);
-	return {
-		checkedAt: input.checkedAt,
-		...input.policyHash === void 0 ? {} : { policy: {
-			path: input.policyPath,
-			hash: input.policyHash
-		} },
-		workspace: {
-			scope: "policy",
-			hash: workspaceHash
-		},
-		findingsHash,
-		attestationHash: policyAttestationHash({
-			ok: input.ok,
-			policyHash: input.policyHash,
-			workspaceHash,
-			findingsHash
-		})
-	};
-}
-function collectPolicyEvidence(cfg, options = {}) {
-	const evidence = {
-		channels: scanPolicyChannels(cfg),
-		mcpServers: scanPolicyMcpServers(cfg),
-		modelProviders: scanPolicyModelProviders(cfg),
-		modelRefs: scanPolicyModelRefs(cfg),
-		network: scanPolicyNetwork(cfg),
-		...options.includeGatewayExposure === false ? {} : { gatewayExposure: scanPolicyGatewayExposure(cfg) },
-		...options.includeSecrets === false ? {} : { secrets: scanPolicySecrets(cfg) },
-		...options.includeAuthProfiles === false ? {} : { authProfiles: scanPolicyAuthProfiles(cfg) }
-	};
-	if (options.toolsRaw === void 0) return evidence;
-	return scanPolicyTools(options.toolsRaw).then((tools) => ({
-		...evidence,
-		tools
-	}));
-}
-function scanPolicyChannels(cfg) {
-	return Object.entries(configuredChannels(cfg)).filter(([id]) => !RESERVED_CHANNEL_CONFIG_KEYS.has(id)).toSorted(([a], [b]) => a.localeCompare(b)).map(([id, value]) => {
-		const entry = {
-			id,
-			provider: id,
-			source: `oc://daocore.config/channels/${id}`
-		};
-		if (isRecord$1(value) && typeof value.enabled === "boolean") entry.enabled = value.enabled;
-		return entry;
-	});
-}
-function scanPolicyMcpServers(cfg) {
-	return Object.entries(configuredMcpServers(cfg)).toSorted(([a], [b]) => a.localeCompare(b)).map(([id, value]) => {
-		const entry = {
-			id,
-			transport: mcpServerTransport(value),
-			source: `oc://daocore.config/mcp/servers/${ocPathSegment(id)}`
-		};
-		if (isRecord$1(value)) {
-			if (typeof value.command === "string") entry.command = value.command;
-			if (typeof value.url === "string") entry.url = redactMcpUrlForEvidence(value.url);
-		}
-		return entry;
-	});
-}
-function scanPolicyModelProviders(cfg) {
-	return Object.keys(configuredModelProviders(cfg)).toSorted((a, b) => a.localeCompare(b)).map((id) => ({
-		id: normalizeProviderId(id),
-		source: `oc://daocore.config/models/providers/${id}`
-	}));
-}
-function scanPolicyModelRefs(cfg) {
-	const refs = [];
-	if (isRecord$1(cfg.agents)) {
-		collectModelRefsFromRecord(refs, cfg.agents, "oc://daocore.config/agents");
-		collectModelRefsFromAgentAllowlist(refs, cfg.agents);
-	}
-	return refs.toSorted((a, b) => a.provider.localeCompare(b.provider) || a.model.localeCompare(b.model));
-}
-function scanPolicyNetwork(cfg) {
-	return [
-		networkBooleanEvidence(cfg, "browser-private-network", [
-			"browser",
-			"ssrfPolicy",
-			"dangerouslyAllowPrivateNetwork"
-		], "oc://daocore.config/browser/ssrfPolicy/dangerouslyAllowPrivateNetwork"),
-		networkBooleanEvidence(cfg, "browser-private-network-legacy", [
-			"browser",
-			"ssrfPolicy",
-			"allowPrivateNetwork"
-		], "oc://daocore.config/browser/ssrfPolicy/allowPrivateNetwork"),
-		networkBooleanEvidence(cfg, "web-fetch-private-network", [
-			"tools",
-			"web",
-			"fetch",
-			"ssrfPolicy",
-			"dangerouslyAllowPrivateNetwork"
-		], "oc://daocore.config/tools/web/fetch/ssrfPolicy/dangerouslyAllowPrivateNetwork"),
-		networkBooleanEvidence(cfg, "web-fetch-private-network-legacy", [
-			"tools",
-			"web",
-			"fetch",
-			"ssrfPolicy",
-			"allowPrivateNetwork"
-		], "oc://daocore.config/tools/web/fetch/ssrfPolicy/allowPrivateNetwork"),
-		networkBooleanEvidence(cfg, "web-fetch-rfc2544-benchmark-range", [
-			"tools",
-			"web",
-			"fetch",
-			"ssrfPolicy",
-			"allowRfc2544BenchmarkRange"
-		], "oc://daocore.config/tools/web/fetch/ssrfPolicy/allowRfc2544BenchmarkRange"),
-		networkBooleanEvidence(cfg, "web-fetch-ipv6-unique-local-range", [
-			"tools",
-			"web",
-			"fetch",
-			"ssrfPolicy",
-			"allowIpv6UniqueLocalRange"
-		], "oc://daocore.config/tools/web/fetch/ssrfPolicy/allowIpv6UniqueLocalRange")
-	].filter((entry) => entry !== void 0);
-}
-function scanPolicyGatewayExposure(cfg) {
-	const gateway = isRecord$1(cfg.gateway) ? cfg.gateway : {};
-	const entries = [];
-	const bind = typeof gateway.bind === "string" ? gateway.bind : void 0;
-	const customBindHost = typeof gateway.customBindHost === "string" ? gateway.customBindHost : void 0;
-	const hasCustomBindHost = customBindHost !== void 0 && customBindHost.trim() !== "";
-	const tailscale = isRecord$1(gateway.tailscale) ? gateway.tailscale : {};
-	const tailscaleForcesLoopback = tailscale.mode === "serve" || tailscale.mode === "funnel";
-	entries.push({
-		id: bind === void 0 ? "gateway-bind-default" : "gateway-bind",
-		kind: "bind",
-		source: "oc://daocore.config/gateway/bind",
-		value: bind ?? (tailscaleForcesLoopback ? "loopback" : "runtime-default"),
-		nonLoopback: bind === void 0 ? !tailscaleForcesLoopback : bind === "custom" ? false : isGatewayNonLoopbackBind(bind),
-		explicit: bind !== void 0
-	});
-	if (bind === "custom" && hasCustomBindHost) entries.push({
-		id: "gateway-custom-bind-host",
-		kind: "bind",
-		source: "oc://daocore.config/gateway/customBindHost",
-		value: customBindHost,
-		nonLoopback: isRuntimeNonLoopbackCustomBindHost(customBindHost)
-	});
-	const auth = isRecord$1(gateway.auth) ? gateway.auth : {};
-	entries.push({
-		id: "gateway-auth-mode",
-		kind: "auth",
-		source: "oc://daocore.config/gateway/auth/mode",
-		value: typeof auth.mode === "string" ? auth.mode : "token",
-		explicit: typeof auth.mode === "string"
-	});
-	entries.push({
-		id: "gateway-auth-rate-limit",
-		kind: "authRateLimit",
-		source: "oc://daocore.config/gateway/auth/rateLimit",
-		value: isRecord$1(auth.rateLimit),
-		explicit: isRecord$1(auth.rateLimit)
-	});
-	const controlUi = isRecord$1(gateway.controlUi) ? gateway.controlUi : {};
-	pushGatewayBooleanEvidence(entries, "gateway-control-ui-enabled", "controlUi", controlUi.enabled, "oc://daocore.config/gateway/controlUi/enabled");
-	pushGatewayBooleanEvidence(entries, "gateway-control-ui-insecure-auth", "controlUi", controlUi.allowInsecureAuth, "oc://daocore.config/gateway/controlUi/allowInsecureAuth");
-	pushGatewayBooleanEvidence(entries, "gateway-control-ui-device-auth-disabled", "controlUi", controlUi.dangerouslyDisableDeviceAuth, "oc://daocore.config/gateway/controlUi/dangerouslyDisableDeviceAuth");
-	pushGatewayBooleanEvidence(entries, "gateway-control-ui-host-origin-fallback", "controlUi", controlUi.dangerouslyAllowHostHeaderOriginFallback, "oc://daocore.config/gateway/controlUi/dangerouslyAllowHostHeaderOriginFallback");
-	if (typeof tailscale.mode === "string") entries.push({
-		id: "gateway-tailscale-mode",
-		kind: "tailscale",
-		source: "oc://daocore.config/gateway/tailscale/mode",
-		value: tailscale.mode
-	});
-	if (tailscale.mode === "serve" && tailscale.preserveFunnel === true) entries.push({
-		id: "gateway-tailscale-preserve-funnel",
-		kind: "tailscale",
-		source: "oc://daocore.config/gateway/tailscale/preserveFunnel",
-		value: "funnel"
-	});
-	const remote = isRecord$1(gateway.remote) ? gateway.remote : {};
-	if (gateway.mode === "remote") {
-		entries.push({
-			id: "gateway-mode-remote",
-			kind: "remote",
-			source: "oc://daocore.config/gateway/mode",
-			value: "remote"
-		});
-		if (typeof remote.url === "string" && remote.url.trim() !== "") entries.push({
-			id: "gateway-remote-url",
-			kind: "remote",
-			source: "oc://daocore.config/gateway/remote/url",
-			value: true
-		});
-	}
-	const http = isRecord$1(gateway.http) ? gateway.http : {};
-	const endpoints = isRecord$1(http.endpoints) ? http.endpoints : {};
-	pushGatewayHttpEndpointEvidence(entries, endpoints, "chatCompletions");
-	pushGatewayHttpEndpointEvidence(entries, endpoints, "responses");
-	return entries.toSorted((a, b) => a.source.localeCompare(b.source));
-}
-function scanPolicySecrets(cfg) {
-	return [...scanPolicySecretProviders(cfg), ...scanPolicySecretInputs(cfg)].toSorted((a, b) => a.source.localeCompare(b.source));
-}
-function scanPolicyAuthProfiles(cfg) {
-	const auth = isRecord$1(cfg.auth) ? cfg.auth : {};
-	const profiles = isRecord$1(auth.profiles) ? auth.profiles : {};
-	return Object.entries(profiles).toSorted(([a], [b]) => a.localeCompare(b)).map(([id, value]) => {
-		const entry = {
-			id,
-			source: `oc://daocore.config/auth/profiles/${ocPathSegment(id)}`,
-			validMetadata: isValidAuthProfileMetadata(value)
-		};
-		if (isRecord$1(value)) {
-			if (typeof value.provider === "string") entry.provider = value.provider;
-			if (typeof value.mode === "string") entry.mode = value.mode;
-		}
-		return entry;
-	});
-}
-function scanPolicySecretProviders(cfg) {
-	const secrets = isRecord$1(cfg.secrets) ? cfg.secrets : {};
-	const providers = isRecord$1(secrets.providers) ? secrets.providers : {};
-	return Object.entries(providers).map(([id, value]) => {
-		const insecure = secretProviderInsecureFlags(value);
-		const entry = {
-			id,
-			kind: "provider",
-			source: `oc://daocore.config/secrets/providers/${ocPathSegment(id)}`
-		};
-		if (isRecord$1(value) && typeof value.source === "string") entry.providerSource = value.source;
-		if (insecure.length > 0) entry.insecure = insecure;
-		return entry;
-	});
-}
-function scanPolicySecretInputs(cfg) {
-	const entries = [];
-	collectSecretInputs(entries, cfg, [], secretRefDefaults((isRecord$1(cfg.secrets) ? cfg.secrets : {}).defaults));
-	return entries;
-}
-function collectSecretInputs(entries, value, path, defaults) {
-	if (Array.isArray(value)) {
-		value.forEach((item, index) => collectSecretInputs(entries, item, [...path, `#${index}`], defaults));
-		return;
-	}
-	if (!isRecord$1(value)) return;
-	for (const [key, child] of Object.entries(value)) {
-		const childPath = [...path, key];
-		const source = configPathSource(childPath);
-		const ref = isSecretInputPath(childPath) ? secretRefEvidence(child, defaults) : void 0;
-		if (ref !== void 0) {
-			entries.push({
-				id: source,
-				kind: "input",
-				source,
-				provenance: "secretRef",
-				refSource: ref.source,
-				refProvider: ref.provider
-			});
-			continue;
-		}
-		collectSecretInputs(entries, child, childPath, defaults);
-	}
-}
-function configPathSource(path) {
-	return `oc://daocore.config/${path.map(ocPathSegment).join("/")}`;
-}
-function isSecretInputPath(path) {
-	const key = path.at(-1);
-	if (key === void 0) return false;
-	if (matchesConfigPath(path, [
-		"plugins",
-		"entries",
-		"acpx",
-		"config",
-		"mcpServers",
-		"*",
-		"env",
-		"*"
-	])) return true;
-	if (isRawEnvMapValuePath(path)) return false;
-	if (isSecretInputKey(key)) return true;
-	return matchesConfigPath(path, [
-		"models",
-		"providers",
-		"*",
-		"headers",
-		"*"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"models",
-		"providers",
-		"*"
-	]) || isMediaConfiguredProviderRequestSecretPath(path) || matchesConfigPath(path, [
-		"agents",
-		"defaults",
-		"memorySearch",
-		"remote",
-		"headers",
-		"*"
-	]) || matchesConfigPath(path, [
-		"diagnostics",
-		"otel",
-		"headers",
-		"*"
-	]);
-}
-function isRawEnvMapValuePath(path) {
-	return path.length >= 2 && path.at(-2) === "env";
-}
-function isMediaConfiguredProviderRequestSecretPath(path) {
-	return isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"models",
-		"#"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"audio"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"audio",
-		"models",
-		"#"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"image"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"image",
-		"models",
-		"#"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"video"
-	]) || isConfiguredProviderRequestSecretPath(path, [
-		"tools",
-		"media",
-		"video",
-		"models",
-		"#"
-	]);
-}
-function isConfiguredProviderRequestSecretPath(path, prefix) {
-	if (path.length < prefix.length + 3) return false;
-	if (!matchesConfigPathPrefix(path, prefix)) return false;
-	const requestIndex = prefix.length;
-	if (path[requestIndex] !== "request") return false;
-	const suffix = path.slice(requestIndex + 1);
-	if (suffix.length === 2 && suffix[0] === "headers") return true;
-	if (suffix.length === 2 && suffix[0] === "auth" && isConfiguredProviderAuthSecretKey(suffix[1])) return true;
-	if (suffix.length === 2 && suffix[0] === "tls" && isConfiguredProviderTlsSecretKey(suffix[1])) return true;
-	return suffix.length === 3 && suffix[0] === "proxy" && suffix[1] === "tls" && isConfiguredProviderTlsSecretKey(suffix[2]);
-}
-function matchesConfigPathPrefix(path, prefix) {
-	if (path.length < prefix.length) return false;
-	return prefix.every((segment, index) => {
-		const value = path[index];
-		if (segment === "*") return value !== void 0 && value !== "";
-		if (segment === "#") return value?.startsWith("#") ?? false;
-		return value === segment;
-	});
-}
-function matchesConfigPath(path, pattern) {
-	return path.length === pattern.length && matchesConfigPathPrefix(path, pattern);
-}
-function isConfiguredProviderTlsSecretKey(key) {
-	return key === "ca" || key === "cert" || key === "key" || key === "passphrase";
-}
-function isConfiguredProviderAuthSecretKey(key) {
-	return key === "token" || key === "value";
-}
-function isSecretInputKey(key) {
-	const normalized = key.toLowerCase();
-	return normalized === "apikey" || normalized === "keyref" || normalized === "token" || normalized === "tokenref" || normalized === "password" || normalized === "secret" || normalized === "encryptkey" || normalized === "webhooksecret" || normalized === "serviceaccount" || normalized === "serviceaccountref" || normalized === "privatekey" || normalized === "certificate" || normalized === "certificatedata" || normalized === "identitydata" || normalized === "knownhosts" || normalized === "knownhostsdata" || normalized.endsWith("apikey") || normalized.endsWith("token") || normalized.endsWith("secret") || normalized.endsWith("password");
-}
-function secretRefDefaults(value) {
-	if (!isRecord$1(value)) return;
-	const defaults = {};
-	if (typeof value.env === "string") defaults.env = value.env;
-	if (typeof value.file === "string") defaults.file = value.file;
-	if (typeof value.exec === "string") defaults.exec = value.exec;
-	return defaults;
-}
-function secretRefEvidence(value, defaults) {
-	const ref = coerceSecretRef(value, defaults);
-	return ref === null ? void 0 : {
-		source: ref.source,
-		provider: ref.provider,
-		id: ref.id
-	};
-}
-function secretProviderInsecureFlags(value) {
-	if (!isRecord$1(value)) return [];
-	return [...value.allowInsecurePath === true ? ["allowInsecurePath"] : [], ...value.allowSymlinkCommand === true ? ["allowSymlinkCommand"] : []];
-}
-function isValidAuthProfileMetadata(value) {
-	if (!isRecord$1(value)) return false;
-	return typeof value.provider === "string" && value.provider.trim() !== "" && isAuthProfileMode(value.mode);
-}
-function isAuthProfileMode(value) {
-	return value === "api_key" || value === "aws-sdk" || value === "oauth" || value === "token";
-}
-function scanPolicyTools(raw) {
-	return Promise.resolve(scanPolicyToolHeaders(raw));
-}
-function scanPolicyToolHeaders(raw) {
-	const section = markdownSectionLines(raw, "tools");
-	if (section.length === 0) return [];
-	const tools = [];
-	for (let index = 0; index < section.length; index += 1) {
-		const line = section[index]?.text ?? "";
-		const heading = /^###\s+([^\s#]+)(.*)$/.exec(line);
-		const bullet = /^[-*+]\s+([^:\s][^:]*?)\s*:(.*)$/.exec(line);
-		const match = heading ?? bullet;
-		if (match === null || slugify(match[1]).length === 0) continue;
-		const id = slugify(match[1]);
-		const entry = {
-			id,
-			source: `oc://TOOLS.md/tools/${id}`,
-			line: section[index]?.line ?? index + 1
-		};
-		const metaLines = [match[2] ?? ""];
-		for (let metaIndex = index + 1; metaIndex < section.length; metaIndex += 1) {
-			const metaLine = section[metaIndex]?.text ?? "";
-			if (/^###\s+\S+/.test(metaLine.trim()) || /^[-*+]\s+[^:\s][^:]*?\s*:/.test(metaLine)) break;
-			metaLines.push(metaLine);
-		}
-		const meta = metaLines.join("\n");
-		const risk = riskFromMeta(meta);
-		const sensitivity = /\bsensitivity\s*:\s*([a-z0-9_-]+)\b/i.exec(meta)?.[1]?.toLowerCase();
-		const owner = /\bowner\s*:\s*([^\s#]+)\b/i.exec(meta)?.[1];
-		const capabilities = capabilityTokensFromMetaLines(metaLines);
-		if (risk !== void 0) entry.risk = risk;
-		if (sensitivity !== void 0) entry.sensitivity = sensitivity;
-		if (owner !== void 0) entry.owner = owner;
-		if (capabilities.length > 0) entry.capabilities = capabilities;
-		tools.push(entry);
-	}
-	return tools;
-}
-function markdownSectionLines(raw, sectionSlug) {
-	const lines = raw.split(/\r?\n/);
-	let sectionDepth;
-	const section = [];
-	for (let index = 0; index < lines.length; index += 1) {
-		const line = lines[index] ?? "";
-		const heading = /^(#{1,6})\s+(.+?)\s*#*\s*$/.exec(line);
-		if (heading !== null) {
-			const depth = heading[1]?.length ?? 0;
-			const slug = slugify(heading[2] ?? "");
-			if (sectionDepth !== void 0 && depth <= sectionDepth) break;
-			if (sectionDepth !== void 0) {
-				section.push({
-					line: index + 1,
-					text: line
-				});
-				continue;
-			}
-			if (sectionDepth === void 0 && slug === sectionSlug) sectionDepth = depth;
-			continue;
-		}
-		if (sectionDepth !== void 0) section.push({
-			line: index + 1,
-			text: line
-		});
-	}
-	return section;
-}
-function slugify(text) {
-	return text.toLowerCase().replace(/_/g, "-").replace(NON_SLUG_CHARS, "-").replace(COLLAPSE_HYPHENS, "-").replace(TRIM_HYPHENS, "");
-}
-function riskFromMeta(meta) {
-	const namedRisk = /\brisk\s*:\s*([a-z0-9_-]+)\b/i.exec(meta)?.[1];
-	if (namedRisk !== void 0) return namedRisk.toLowerCase();
-	switch (/\bR([0-5])\b/.exec(meta)?.[1]) {
-		case "0":
-		case "1": return "low";
-		case "2":
-		case "3": return "medium";
-		case "4": return "high";
-		case "5": return "critical";
-		default: return;
-	}
-}
-function capabilityTokensFromMetaLines(lines) {
-	return lines.flatMap((line, index) => {
-		const trimmed = line.trim();
-		if (trimmed.length === 0) return [];
-		const tokens = trimmed.match(/\b[A-Z][A-Z0-9_]{2,}\b/g) ?? [];
-		if (index === 0 || /\bcapabilities\s*:/i.test(trimmed)) return tokens;
-		const withoutTokens = tokens.reduce((remaining, token) => {
-			return remaining.replace(token, "");
-		}, trimmed);
-		return /^[\s,;:[\](){}#*_-]*$/.test(withoutTokens) ? tokens : [];
-	});
-}
-function configuredChannels(cfg) {
-	return isRecord$1(cfg.channels) ? cfg.channels : {};
-}
-function configuredMcpServers(cfg) {
-	return isRecord$1(cfg.mcp) && isRecord$1(cfg.mcp.servers) ? cfg.mcp.servers : {};
-}
-function mcpServerTransport(value) {
-	if (!isRecord$1(value)) return "unknown";
-	if (typeof value.command === "string") return "stdio";
-	if (value.transport === "sse" || value.transport === "streamable-http") return value.transport;
-	if (typeof value.url === "string") return "streamable-http";
-	return "unknown";
-}
-function redactMcpUrlForEvidence(raw) {
-	try {
-		const url = new URL(raw);
-		return `${url.protocol}//${url.host}`;
-	} catch {
-		return "[redacted-url]";
-	}
-}
-function configuredModelProviders(cfg) {
-	return isRecord$1(cfg.models) && isRecord$1(cfg.models.providers) ? cfg.models.providers : {};
-}
-function networkBooleanEvidence(cfg, id, path, source) {
-	const value = readBooleanPath(cfg, path);
-	return value === void 0 ? void 0 : {
-		id,
-		source,
-		value
-	};
-}
-function pushGatewayBooleanEvidence(entries, id, kind, value, source) {
-	if (typeof value !== "boolean") return;
-	entries.push({
-		id,
-		kind,
-		source,
-		value
-	});
-}
-function pushGatewayHttpEndpointEvidence(entries, endpoints, endpoint) {
-	const config = endpoints[endpoint];
-	if (!isRecord$1(config)) return;
-	const source = `oc://daocore.config/gateway/http/endpoints/${endpoint}`;
-	const enabled = config.enabled === true;
-	if (enabled) entries.push({
-		id: `gateway-http-${endpoint}`,
-		kind: "httpEndpoint",
-		source: `${source}/enabled`,
-		value: true,
-		endpoint
-	});
-	if (!enabled) return;
-	if (endpoint === "chatCompletions") {
-		pushGatewayHttpUrlFetchEvidence(entries, source, endpoint, ["images"], config.images);
-		return;
-	}
-	pushGatewayHttpUrlFetchEvidence(entries, source, endpoint, ["files"], config.files);
-	pushGatewayHttpUrlFetchEvidence(entries, source, endpoint, ["images"], config.images);
-}
-function pushGatewayHttpUrlFetchEvidence(entries, endpointSource, endpoint, path, value) {
-	const allowUrl = isRecord$1(value) ? value.allowUrl : void 0;
-	if (allowUrl === false || allowUrl !== true && endpoint !== "responses") return;
-	const allowlist = isRecord$1(value) ? value.urlAllowlist : void 0;
-	const hasEffectiveAllowlist = Array.isArray(allowlist) && allowlist.some((entry) => isEffectiveGatewayUrlAllowlistEntry(entry));
-	entries.push({
-		id: `gateway-http-${endpoint}-${path.join("-")}-url-fetch`,
-		kind: "httpUrlFetch",
-		source: `${endpointSource}/${path.map(ocPathSegment).join("/")}/allowUrl`,
-		value: true,
-		endpoint,
-		explicit: allowUrl === true,
-		hasAllowlist: hasEffectiveAllowlist
-	});
-}
-function isEffectiveGatewayUrlAllowlistEntry(value) {
-	if (typeof value !== "string") return false;
-	const normalized = value.trim().toLowerCase();
-	return normalized !== "" && normalized !== "*" && normalized !== "*.";
-}
-function isGatewayNonLoopbackBind(value) {
-	return value === "auto" || value === "lan" || value === "custom" || value === "tailnet";
-}
-function isRuntimeNonLoopbackCustomBindHost(value) {
-	const normalized = value.trim().toLowerCase();
-	return isCanonicalDottedDecimalIPv4(normalized) && !normalized.startsWith("127.");
-}
-function isCanonicalDottedDecimalIPv4(value) {
-	return /^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}$/.test(value);
-}
-function readBooleanPath(value, path) {
-	let current = value;
-	for (const part of path) {
-		if (!isRecord$1(current)) return;
-		current = current[part];
-	}
-	return typeof current === "boolean" ? current : void 0;
-}
-function collectModelRefsFromValue(refs, value, source) {
-	if (typeof value === "string") {
-		pushModelRef(refs, value, source);
-		return;
-	}
-	if (!isRecord$1(value)) return;
-	if (typeof value.primary === "string") pushModelRef(refs, value.primary, `${source}/primary`);
-	if (Array.isArray(value.fallbacks)) {
-		for (const [index, fallback] of value.fallbacks.entries()) if (typeof fallback === "string") pushModelRef(refs, fallback, `${source}/fallbacks/#${index}`);
-	}
-}
-function collectModelRefsFromRecord(refs, value, source) {
-	for (const [key, child] of Object.entries(value)) {
-		const childPath = `${source}/${key}`;
-		if (isModelSettingKey(key)) {
-			collectModelRefsFromValue(refs, child, childPath);
-			continue;
-		}
-		if (Array.isArray(child)) {
-			for (const [index, item] of child.entries()) if (isRecord$1(item)) collectModelRefsFromRecord(refs, item, `${childPath}/#${index}`);
-			continue;
-		}
-		if (isRecord$1(child)) collectModelRefsFromRecord(refs, child, childPath);
-	}
-}
-function collectModelRefsFromAgentAllowlist(refs, agents) {
-	const defaults = agents.defaults;
-	if (isRecord$1(defaults) && isRecord$1(defaults.models)) collectModelRefsFromModelMap(refs, defaults.models, "oc://daocore.config/agents/defaults/models");
-	const list = agents.list;
-	if (!Array.isArray(list)) return;
-	for (const [index, agent] of list.entries()) {
-		if (!isRecord$1(agent) || !isRecord$1(agent.models)) continue;
-		collectModelRefsFromModelMap(refs, agent.models, `oc://daocore.config/agents/list/#${index}/models`);
-	}
-}
-function collectModelRefsFromModelMap(refs, models, source) {
-	for (const ref of Object.keys(models)) pushModelRef(refs, ref, `${source}/${ocPathSegment(ref)}`);
-}
-function isModelSettingKey(key) {
-	return key === "model" || key.endsWith("Model");
-}
-function ocPathSegment(value) {
-	if (/^(?:[A-Za-z0-9_-]+|#\d+)$/.test(value)) return value;
-	if (value.includes("\"") || value.includes("\\")) return value;
-	return `"${value}"`;
-}
-function pushModelRef(refs, ref, source) {
-	const parsed = parseModelRef(ref);
-	if (parsed === void 0) return;
-	refs.push({
-		ref,
-		provider: parsed.provider,
-		model: parsed.model,
-		source
-	});
-}
-function parseModelRef(ref) {
-	const trimmed = ref.trim();
-	const slash = trimmed.indexOf("/");
-	if (slash <= 0 || slash >= trimmed.length - 1) return;
-	return {
-		provider: normalizeProviderId(trimmed.slice(0, slash)),
-		model: trimmed.slice(slash + 1)
-	};
-}
-function sha256(value) {
-	return `sha256:${createHash("sha256").update(value).digest("hex")}`;
-}
-function stableJson(value) {
-	if (Array.isArray(value)) return `[${value.map(stableJson).join(",")}]`;
-	if (isRecord$1(value)) return `{${Object.entries(value).toSorted(([a], [b]) => a.localeCompare(b)).map(([key, child]) => `${JSON.stringify(key)}:${stableJson(child)}`).join(",")}}`;
-	return JSON.stringify(value);
-}
-function isRecord$1(value) {
-	return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-//#endregion
-//#region extensions/policy/src/doctor/register.ts
-const CHECK_IDS = {
-	policyAttestationMismatch: "policy/attestation-hash-mismatch",
-	policyDeniedChannelProvider: "policy/channels-denied-provider",
-	policyHashMismatch: "policy/policy-hash-mismatch",
-	policyInvalidFile: "policy/policy-jsonc-invalid",
-	policyMissingFile: "policy/policy-jsonc-missing",
-	policyDeniedMcpServer: "policy/mcp-denied-server",
-	policyUnapprovedMcpServer: "policy/mcp-unapproved-server",
-	policyDeniedModelProvider: "policy/models-denied-provider",
-	policyUnapprovedModelProvider: "policy/models-unapproved-provider",
-	policyPrivateNetworkAccess: "policy/network-private-access-enabled",
-	policyGatewayNonLoopbackBind: "policy/gateway-non-loopback-bind",
-	policyGatewayAuthDisabled: "policy/gateway-auth-disabled",
-	policyGatewayRateLimitMissing: "policy/gateway-rate-limit-missing",
-	policyGatewayControlUiInsecure: "policy/gateway-control-ui-insecure",
-	policyGatewayTailscaleFunnel: "policy/gateway-tailscale-funnel",
-	policyGatewayRemoteEnabled: "policy/gateway-remote-enabled",
-	policyGatewayHttpEndpointEnabled: "policy/gateway-http-endpoint-enabled",
-	policyGatewayHttpUrlFetchUnrestricted: "policy/gateway-http-url-fetch-unrestricted",
-	policySecretsUnmanagedProvider: "policy/secrets-unmanaged-provider",
-	policySecretsDeniedProviderSource: "policy/secrets-denied-provider-source",
-	policySecretsInsecureProvider: "policy/secrets-insecure-provider",
-	policyAuthProfileInvalidMetadata: "policy/auth-profile-invalid-metadata",
-	policyAuthProfileUnapprovedMode: "policy/auth-profile-unapproved-mode",
-	policyMissingToolOwner: "policy/tools-missing-owner",
-	policyMissingToolRisk: "policy/tools-missing-risk-level",
-	policyMissingToolSensitivity: "policy/tools-missing-sensitivity-token",
-	policyUnknownToolRisk: "policy/tools-unknown-risk-level",
-	policyUnknownToolSensitivity: "policy/tools-unknown-sensitivity-token"
-};
-const POLICY_CHECK_IDS = [
-	CHECK_IDS.policyMissingFile,
-	CHECK_IDS.policyInvalidFile,
-	CHECK_IDS.policyHashMismatch,
-	CHECK_IDS.policyAttestationMismatch,
-	CHECK_IDS.policyDeniedChannelProvider,
-	CHECK_IDS.policyDeniedMcpServer,
-	CHECK_IDS.policyUnapprovedMcpServer,
-	CHECK_IDS.policyDeniedModelProvider,
-	CHECK_IDS.policyUnapprovedModelProvider,
-	CHECK_IDS.policyPrivateNetworkAccess,
-	CHECK_IDS.policyGatewayNonLoopbackBind,
-	CHECK_IDS.policyGatewayAuthDisabled,
-	CHECK_IDS.policyGatewayRateLimitMissing,
-	CHECK_IDS.policyGatewayControlUiInsecure,
-	CHECK_IDS.policyGatewayTailscaleFunnel,
-	CHECK_IDS.policyGatewayRemoteEnabled,
-	CHECK_IDS.policyGatewayHttpEndpointEnabled,
-	CHECK_IDS.policyGatewayHttpUrlFetchUnrestricted,
-	CHECK_IDS.policySecretsUnmanagedProvider,
-	CHECK_IDS.policySecretsDeniedProviderSource,
-	CHECK_IDS.policySecretsInsecureProvider,
-	CHECK_IDS.policyAuthProfileInvalidMetadata,
-	CHECK_IDS.policyAuthProfileUnapprovedMode,
-	CHECK_IDS.policyMissingToolRisk,
-	CHECK_IDS.policyUnknownToolRisk,
-	CHECK_IDS.policyMissingToolSensitivity,
-	CHECK_IDS.policyMissingToolOwner,
-	CHECK_IDS.policyUnknownToolSensitivity
-];
-const KNOWN_RISK_LEVELS = [
-	"low",
-	"medium",
-	"high",
-	"critical"
-];
-const KNOWN_SENSITIVITY_LEVELS = [
-	"public",
-	"internal",
-	"confidential",
-	"restricted"
-];
-const SUPPORTED_TOOL_METADATA = [
-	"risk",
-	"sensitivity",
-	"owner"
-];
-const SUPPORTED_AUTH_PROFILE_METADATA = ["provider", "mode"];
-const SUPPORTED_AUTH_PROFILE_MODES = [
-	"api_key",
-	"aws-sdk",
-	"oauth",
-	"token"
-];
-const SUPPORTED_GATEWAY_HTTP_ENDPOINTS = ["chatCompletions", "responses"];
-let registered = false;
-const policyEvaluationCache = /* @__PURE__ */ new WeakMap();
-function registerPolicyDoctorChecks(host) {
-	if (registered) return;
-	const registerHealthCheck$1 = host?.registerHealthCheck ?? registerHealthCheck;
-	registerHealthCheck$1(policyMissingFileCheck);
-	registerHealthCheck$1(policyInvalidFileCheck);
-	registerHealthCheck$1(policyHashMismatchCheck);
-	registerHealthCheck$1(policyAttestationMismatchCheck);
-	registerHealthCheck$1(policyChannelsDeniedProviderCheck);
-	registerHealthCheck$1(policyMcpDeniedServerCheck);
-	registerHealthCheck$1(policyMcpUnapprovedServerCheck);
-	registerHealthCheck$1(policyModelsDeniedProviderCheck);
-	registerHealthCheck$1(policyModelsUnapprovedProviderCheck);
-	registerHealthCheck$1(policyNetworkPrivateAccessCheck);
-	registerHealthCheck$1(policyGatewayNonLoopbackBindCheck);
-	registerHealthCheck$1(policyGatewayAuthDisabledCheck);
-	registerHealthCheck$1(policyGatewayRateLimitMissingCheck);
-	registerHealthCheck$1(policyGatewayControlUiInsecureCheck);
-	registerHealthCheck$1(policyGatewayTailscaleFunnelCheck);
-	registerHealthCheck$1(policyGatewayRemoteEnabledCheck);
-	registerHealthCheck$1(policyGatewayHttpEndpointEnabledCheck);
-	registerHealthCheck$1(policyGatewayHttpUrlFetchUnrestrictedCheck);
-	registerHealthCheck$1(policySecretsUnmanagedProviderCheck);
-	registerHealthCheck$1(policySecretsDeniedProviderSourceCheck);
-	registerHealthCheck$1(policySecretsInsecureProviderCheck);
-	registerHealthCheck$1(policyAuthProfileInvalidMetadataCheck);
-	registerHealthCheck$1(policyAuthProfileUnapprovedModeCheck);
-	registerHealthCheck$1(policyToolsMissingRiskCheck);
-	registerHealthCheck$1(policyToolsUnknownRiskCheck);
-	registerHealthCheck$1(policyToolsMissingSensitivityCheck);
-	registerHealthCheck$1(policyToolsMissingOwnerCheck);
-	registerHealthCheck$1(policyToolsUnknownSensitivityCheck);
-	registered = true;
-}
-function evaluatePolicy(ctx) {
-	const cached = policyEvaluationCache.get(ctx);
-	if (cached !== void 0) return cached;
-	const next = evaluatePolicyUncached(ctx);
-	policyEvaluationCache.set(ctx, next);
-	return next;
-}
-const policyMissingFileCheck = {
-	id: CHECK_IDS.policyMissingFile,
-	kind: "plugin",
-	description: "The enabled Policy plugin has a policy file to verify.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyMissingFile);
-	}
-};
-const policyHashMismatchCheck = {
-	id: CHECK_IDS.policyHashMismatch,
-	kind: "plugin",
-	description: "The policy file matches the configured expected hash.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyHashMismatch);
-	}
-};
-const policyAttestationMismatchCheck = {
-	id: CHECK_IDS.policyAttestationMismatch,
-	kind: "plugin",
-	description: "The current policy check matches the accepted attestation.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyAttestationMismatch);
-	}
-};
-const policyInvalidFileCheck = {
-	id: CHECK_IDS.policyInvalidFile,
-	kind: "plugin",
-	description: "The enabled policy file parses before policy checks run.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyInvalidFile);
-	}
-};
-const policyChannelsDeniedProviderCheck = {
-	id: CHECK_IDS.policyDeniedChannelProvider,
-	kind: "plugin",
-	description: "Configured channels satisfy policy deny rules.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyDeniedChannelProvider);
-	},
-	async repair(ctx, findings) {
-		if (!workspaceRepairsEnabled(ctx)) return workspaceRepairsDisabledResult("channel config");
-		const channelIds = channelIdsFromFindings(findings);
-		if (channelIds.length === 0) return {
-			status: "skipped",
-			reason: "no channel findings matched a configurable channel",
-			changes: []
-		};
-		const next = disableChannels(ctx.cfg, channelIds);
-		if (next.changed.length === 0) return {
-			status: "skipped",
-			reason: "matching channels were already disabled or missing",
-			changes: []
-		};
-		return {
-			config: next.config,
-			changes: next.changed.map((id) => `Disabled channels.${id}.enabled for policy conformance.`)
-		};
-	}
-};
-const policyMcpDeniedServerCheck = {
-	id: CHECK_IDS.policyDeniedMcpServer,
-	kind: "plugin",
-	description: "Configured MCP servers do not match policy deny rules.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyDeniedMcpServer);
-	}
-};
-const policyMcpUnapprovedServerCheck = {
-	id: CHECK_IDS.policyUnapprovedMcpServer,
-	kind: "plugin",
-	description: "Configured MCP servers do not match policy allow rules.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyUnapprovedMcpServer);
-	}
-};
-const policyModelsDeniedProviderCheck = {
-	id: CHECK_IDS.policyDeniedModelProvider,
-	kind: "plugin",
-	description: "Configured model providers do not match policy deny rules.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyDeniedModelProvider);
-	}
-};
-const policyModelsUnapprovedProviderCheck = {
-	id: CHECK_IDS.policyUnapprovedModelProvider,
-	kind: "plugin",
-	description: "Configured model providers do not match policy allow rules.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyUnapprovedModelProvider);
-	}
-};
-const policyNetworkPrivateAccessCheck = {
-	id: CHECK_IDS.policyPrivateNetworkAccess,
-	kind: "plugin",
-	description: "Network SSRF policy settings match private-network requirements.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyPrivateNetworkAccess);
-	}
-};
-const policyGatewayNonLoopbackBindCheck = {
-	id: CHECK_IDS.policyGatewayNonLoopbackBind,
-	kind: "plugin",
-	description: "Gateway bind posture matches policy exposure requirements.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayNonLoopbackBind);
-	}
-};
-const policyGatewayAuthDisabledCheck = {
-	id: CHECK_IDS.policyGatewayAuthDisabled,
-	kind: "plugin",
-	description: "Gateway authentication remains enabled when required by policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayAuthDisabled);
-	}
-};
-const policyGatewayRateLimitMissingCheck = {
-	id: CHECK_IDS.policyGatewayRateLimitMissing,
-	kind: "plugin",
-	description: "Gateway authentication rate-limit posture is explicit when required by policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayRateLimitMissing);
-	}
-};
-const policyGatewayControlUiInsecureCheck = {
-	id: CHECK_IDS.policyGatewayControlUiInsecure,
-	kind: "plugin",
-	description: "Gateway Control UI insecure exposure toggles remain disabled by policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayControlUiInsecure);
-	}
-};
-const policyGatewayTailscaleFunnelCheck = {
-	id: CHECK_IDS.policyGatewayTailscaleFunnel,
-	kind: "plugin",
-	description: "Gateway Tailscale Funnel exposure matches policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayTailscaleFunnel);
-	}
-};
-const policyGatewayRemoteEnabledCheck = {
-	id: CHECK_IDS.policyGatewayRemoteEnabled,
-	kind: "plugin",
-	description: "Remote gateway mode matches policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayRemoteEnabled);
-	}
-};
-const policyGatewayHttpEndpointEnabledCheck = {
-	id: CHECK_IDS.policyGatewayHttpEndpointEnabled,
-	kind: "plugin",
-	description: "Gateway HTTP API endpoints match policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayHttpEndpointEnabled);
-	}
-};
-const policyGatewayHttpUrlFetchUnrestrictedCheck = {
-	id: CHECK_IDS.policyGatewayHttpUrlFetchUnrestricted,
-	kind: "plugin",
-	description: "Gateway HTTP URL-fetch inputs have allowlists when required by policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyGatewayHttpUrlFetchUnrestricted);
-	}
-};
-const policySecretsUnmanagedProviderCheck = {
-	id: CHECK_IDS.policySecretsUnmanagedProvider,
-	kind: "plugin",
-	description: "DaoCore config SecretRefs use configured secret providers when policy requires managed providers.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policySecretsUnmanagedProvider);
-	}
-};
-const policySecretsDeniedProviderSourceCheck = {
-	id: CHECK_IDS.policySecretsDeniedProviderSource,
-	kind: "plugin",
-	description: "DaoCore config secret providers and SecretRefs do not use sources denied by policy.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policySecretsDeniedProviderSource);
-	}
-};
-const policySecretsInsecureProviderCheck = {
-	id: CHECK_IDS.policySecretsInsecureProvider,
-	kind: "plugin",
-	description: "Configured secret providers do not opt into insecure posture unless policy allows it.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policySecretsInsecureProvider);
-	}
-};
-const policyAuthProfileInvalidMetadataCheck = {
-	id: CHECK_IDS.policyAuthProfileInvalidMetadata,
-	kind: "plugin",
-	description: "DaoCore config auth profiles declare required provider and mode metadata.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyAuthProfileInvalidMetadata);
-	}
-};
-const policyAuthProfileUnapprovedModeCheck = {
-	id: CHECK_IDS.policyAuthProfileUnapprovedMode,
-	kind: "plugin",
-	description: "DaoCore config auth profile modes stay within the policy allowlist.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyAuthProfileUnapprovedMode);
-	}
-};
-const policyToolsMissingRiskCheck = {
-	id: CHECK_IDS.policyMissingToolRisk,
-	kind: "plugin",
-	description: "TOOLS.md policy entries declare explicit risk levels.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyMissingToolRisk);
-	}
-};
-const policyToolsUnknownRiskCheck = {
-	id: CHECK_IDS.policyUnknownToolRisk,
-	kind: "plugin",
-	description: "TOOLS.md policy entries use known risk levels.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyUnknownToolRisk);
-	}
-};
-const policyToolsMissingSensitivityCheck = {
-	id: CHECK_IDS.policyMissingToolSensitivity,
-	kind: "plugin",
-	description: "TOOLS.md policy entries declare default artifact sensitivity.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyMissingToolSensitivity);
-	}
-};
-const policyToolsUnknownSensitivityCheck = {
-	id: CHECK_IDS.policyUnknownToolSensitivity,
-	kind: "plugin",
-	description: "TOOLS.md policy entries use known sensitivity levels.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyUnknownToolSensitivity);
-	}
-};
-const policyToolsMissingOwnerCheck = {
-	id: CHECK_IDS.policyMissingToolOwner,
-	kind: "plugin",
-	description: "TOOLS.md policy entries declare an accountable owner.",
-	source: "policy",
-	async detect(ctx) {
-		return findingsForCheck(await evaluatePolicy(ctx), CHECK_IDS.policyMissingToolOwner);
-	}
-};
-async function evaluatePolicyUncached(ctx) {
-	const settings = policySettings(ctx);
-	const policyPath = policyDisplayName(ctx);
-	let evidence = collectPolicyEvidence(ctx.cfg, {
-		includeGatewayExposure: false,
-		includeSecrets: false,
-		includeAuthProfiles: false
-	});
-	const findings = [];
-	if (!policyChecksEnabled(ctx, settings)) return {
-		policyPath,
-		evidence,
-		expectedAttestationHash: settings.expectedAttestationHash,
-		findings,
-		attestedFindings: findings
-	};
-	const policyFile = await readPolicyFile(ctx);
-	if (policyFile === null) {
-		findings.push({
-			checkId: CHECK_IDS.policyMissingFile,
-			severity: "warning",
-			message: `${policyPath} is missing for the enabled Policy plugin.`,
-			source: "policy",
-			path: policyPath,
-			fixHint: `Restore ${policyPath} or add the policy artifact for this workspace.`
-		});
-		return {
-			policyPath,
-			evidence,
-			expectedAttestationHash: settings.expectedAttestationHash,
-			findings,
-			attestedFindings: findings
-		};
-	}
-	const parsedPolicy = parsePolicyFile(policyFile.raw);
-	if (!parsedPolicy.ok) {
-		findings.push(policyParseFinding(policyFile.displayName, policyFile.ocDocName, parsedPolicy));
-		return {
-			policyPath,
-			evidence,
-			expectedAttestationHash: settings.expectedAttestationHash,
-			findings,
-			attestedFindings: findings
-		};
-	}
-	const policy = parsedPolicy.value;
-	const policyHash = policyDocumentHash(policy);
-	const expectedHash = settings.expectedHash;
-	if (typeof expectedHash === "string" && expectedHash.trim() !== "" && policyHash !== expectedHash.trim()) {
-		findings.push({
-			checkId: CHECK_IDS.policyHashMismatch,
-			severity: "error",
-			message: `${policyFile.displayName} does not match the configured policy hash.`,
-			source: "policy",
-			path: policyFile.displayName,
-			target: `oc://${policyFile.ocDocName}`,
-			requirement: "oc://daocore.config/plugins/entries/policy/config/expectedHash",
-			fixHint: `Restore the approved policy artifact or update plugins.entries.policy.config.expectedHash after review.`
-		});
-		return {
-			policyPath,
-			policy: {
-				value: policy,
-				hash: policyHash
-			},
-			evidence,
-			expectedAttestationHash: settings.expectedAttestationHash,
-			findings,
-			attestedFindings: findings
-		};
-	}
-	const metadataRequirementFindings = toolMetadataRequirementFindings(policy, policyFile.displayName, policyFile.ocDocName);
-	const authMetadataRequirementFindings = authProfileMetadataRequirementFindings(policy, policyFile.displayName, policyFile.ocDocName);
-	const requiredMetadata = metadataRequirementFindings.length === 0 ? requiredToolMetadata(policy) : /* @__PURE__ */ new Set();
-	const includeSecrets = policyHasSecretRules(policy);
-	const includeAuthProfiles = policyHasAuthProfileRules(policy);
-	const includeGatewayExposure = policyHasGatewayRules(policy);
-	if (requiredMetadata.size > 0) {
-		const toolsFile = await readWorkspaceFile(ctx, "TOOLS.md");
-		evidence = await collectPolicyEvidence(ctx.cfg, {
-			toolsRaw: toolsFile?.raw ?? "",
-			includeGatewayExposure,
-			includeSecrets,
-			includeAuthProfiles
-		});
-	} else evidence = collectPolicyEvidence(ctx.cfg, {
-		includeGatewayExposure,
-		includeSecrets,
-		includeAuthProfiles
-	});
-	const policyFindings = [
-		...policyContainerShapeFindings(policy, policyFile.displayName, policyFile.ocDocName),
-		...channelFindings(policy, policyFile.displayName, policyFile.ocDocName, evidence),
-		...mcpServerFindings(policy, policyFile.ocDocName, evidence),
-		...modelProviderFindings(policy, policyFile.ocDocName, evidence),
-		...networkFindings(policy, policyFile.ocDocName, evidence),
-		...secretAuthProvenanceFindings(policy, policyFile.displayName, policyFile.ocDocName, evidence),
-		...gatewayExposureFindings(policy, policyFile.ocDocName, evidence),
-		...authMetadataRequirementFindings,
-		...metadataRequirementFindings
-	];
-	if (requiredMetadata.has("risk")) {
-		policyFindings.push(...toolRiskFindings(policyFile.ocDocName, evidence));
-		policyFindings.push(...toolUnknownRiskFindings(policyFile.ocDocName, evidence));
-	}
-	if (requiredMetadata.has("sensitivity")) policyFindings.push(...toolSensitivityFindings(policyFile.ocDocName, evidence));
-	if (requiredMetadata.has("owner")) policyFindings.push(...toolOwnerFindings(policyFile.ocDocName, evidence));
-	const attestationFindings = policyAttestationFindings(policyFile.displayName, policyHash, evidence, policyFindings, settings);
-	if (hasPolicyValidationFinding(policyFindings)) findings.push(...policyFindings);
-	else if (attestationFindings.length > 0) findings.push(...attestationFindings);
-	else findings.push(...policyFindings);
-	return {
-		policyPath,
-		policy: {
-			value: policy,
-			hash: policyHash
-		},
-		evidence,
-		expectedAttestationHash: settings.expectedAttestationHash,
-		findings,
-		attestedFindings: policyFindings
-	};
-}
-function policyParseFinding(policyPath, policyDocName, parseError) {
-	return {
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} could not be parsed: ${parseError.message}`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}`,
-		fixHint: `Fix ${policyPath} so policy conformance checks can run.`
-	};
-}
-function findingsForCheck(evaluation, checkId) {
-	return evaluation.findings.filter((finding) => finding.checkId === checkId);
-}
-function hasPolicyValidationFinding(findings) {
-	return findings.some((finding) => finding.checkId === CHECK_IDS.policyInvalidFile);
-}
-function channelFindings(policy, policyPath, policyDocName, evidence) {
-	const invalidRules = invalidChannelDenyRuleFindings(policy, policyPath, policyDocName);
-	if (invalidRules.length > 0) return invalidRules;
-	const denyRules = readChannelDenyRules(policy, policyDocName);
-	if (denyRules.length === 0) return [];
-	return evidence.channels.flatMap((channel) => {
-		if (channel.enabled === false) return [];
-		const rule = denyRules.find((candidate) => candidate.when?.provider === channel.provider);
-		if (rule === void 0) return [];
-		return [{
-			checkId: CHECK_IDS.policyDeniedChannelProvider,
-			severity: "error",
-			message: `Channel '${channel.id}' uses denied provider '${channel.provider}'.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: channel.source,
-			target: channel.source,
-			requirement: rule.requirement,
-			fixHint: rule.reason ?? "Disable this channel, remove it from config, or update the policy deny rule."
-		}];
-	});
-}
-function policyAttestationFindings(policyPath, policyHash, evidence, findings, settings) {
-	const expected = settings.expectedAttestationHash?.trim();
-	if (!expected) return [];
-	const current = createPolicyAttestation({
-		ok: findings.length === 0,
-		checkedAt: (/* @__PURE__ */ new Date(0)).toISOString(),
-		policyPath,
-		policyHash,
-		evidence,
-		findings: findings.map(toAttestedFinding)
-	});
-	if (current.attestationHash === expected) return [];
-	return [{
-		checkId: CHECK_IDS.policyAttestationMismatch,
-		severity: "error",
-		message: "The current policy check no longer matches the accepted policy attestation.",
-		source: "policy",
-		path: "policy attestation",
-		target: "oc://policy/attestation/current",
-		requirement: "oc://daocore.config/plugins/entries/policy/config/expectedAttestationHash",
-		fixHint: `Run policy check, review attestation ${current.attestationHash}, then update plugins.entries.policy.config.expectedAttestationHash and the supervisor/gateway accepted attestation.`
-	}];
-}
-function toAttestedFinding(finding) {
-	return {
-		checkId: finding.checkId,
-		severity: finding.severity,
-		message: finding.message,
-		...finding.source !== void 0 ? { source: finding.source } : {},
-		...finding.path !== void 0 ? { path: finding.path } : {},
-		...finding.line !== void 0 ? { line: finding.line } : {},
-		...finding.column !== void 0 ? { column: finding.column } : {},
-		...finding.ocPath !== void 0 ? { ocPath: finding.ocPath } : {},
-		...finding.target !== void 0 ? { target: finding.target } : {},
-		...finding.requirement !== void 0 ? { requirement: finding.requirement } : {},
-		...finding.fixHint !== void 0 ? { fixHint: finding.fixHint } : {}
-	};
-}
-function toolMetadataRequirementFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.tools) || policy.tools.requireMetadata === void 0) return [];
-	if (!Array.isArray(policy.tools.requireMetadata)) return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} tools.requireMetadata must be an array of metadata keys.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/tools/requireMetadata`,
-		fixHint: `Use supported metadata keys: ${SUPPORTED_TOOL_METADATA.join(", ")}.`
-	}];
-	const invalidIndex = policy.tools.requireMetadata.findIndex((entry) => typeof entry !== "string" || !SUPPORTED_TOOL_METADATA.includes(entry.trim().toLowerCase()));
-	if (invalidIndex < 0) return [];
-	return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} tools.requireMetadata[${invalidIndex}] must be a supported metadata key.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/tools/requireMetadata/#${invalidIndex}`,
-		fixHint: `Use supported metadata keys: ${SUPPORTED_TOOL_METADATA.join(", ")}.`
-	}];
-}
-function policyContainerShapeFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy)) return [policyShapeFinding(policyPath, `oc://${policyDocName}`, `${policyPath} must contain a policy object.`, `Fix ${policyPath} so the top-level policy is an object.`)];
-	if (policy.tools !== void 0 && !isRecord(policy.tools)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/tools`, `${policyPath} tools must be an object.`, `Fix ${policyPath} so tools is an object.`)];
-	if (isRecord(policy.tools)) {
-		if (policy.tools.settings !== void 0 && !isRecord(policy.tools.settings)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/tools/settings`, `${policyPath} tools.settings must be an object.`, `Fix ${policyPath} so tools.settings is an object.`)];
-		if (policy.tools.entries !== void 0 && !Array.isArray(policy.tools.entries)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/tools/entries`, `${policyPath} tools.entries must be an array.`, `Fix ${policyPath} so tools.entries is an array.`)];
-	}
-	if (policy.channels !== void 0 && !isRecord(policy.channels)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/channels`, `${policyPath} channels must be an object.`, `Fix ${policyPath} so channels is an object.`)];
-	if (policy.mcp !== void 0 && !isRecord(policy.mcp)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/mcp`, `${policyPath} mcp must be an object.`, `Fix ${policyPath} so mcp is an object.`)];
-	if (isRecord(policy.mcp)) {
-		const finding = policyStringArrayShapeFinding(policy.mcp.servers, {
-			property: "mcp.servers",
-			policyDocName,
-			policyPath,
-			target: "mcp/servers",
-			valueName: "MCP server id"
-		});
-		if (finding !== void 0) return [finding];
-	}
-	if (policy.models !== void 0 && !isRecord(policy.models)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/models`, `${policyPath} models must be an object.`, `Fix ${policyPath} so models is an object.`)];
-	if (isRecord(policy.models)) {
-		const finding = policyStringArrayShapeFinding(policy.models.providers, {
-			property: "models.providers",
-			policyDocName,
-			policyPath,
-			target: "models/providers",
-			valueName: "model provider id"
-		});
-		if (finding !== void 0) return [finding];
-	}
-	if (policy.network !== void 0 && !isRecord(policy.network)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/network`, `${policyPath} network must be an object.`, `Fix ${policyPath} so network is an object.`)];
-	if (isRecord(policy.network)) {
-		if (policy.network.privateNetwork !== void 0 && !isRecord(policy.network.privateNetwork)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/network/privateNetwork`, `${policyPath} network.privateNetwork must be an object.`, `Fix ${policyPath} so network.privateNetwork is an object.`)];
-		if (isRecord(policy.network.privateNetwork) && policy.network.privateNetwork.allow !== void 0 && typeof policy.network.privateNetwork.allow !== "boolean") return [policyShapeFinding(policyPath, `oc://${policyDocName}/network/privateNetwork/allow`, `${policyPath} network.privateNetwork.allow must be a boolean.`, `Fix ${policyPath} so network.privateNetwork.allow is true or false.`)];
-	}
-	if (policy.secrets !== void 0 && !isRecord(policy.secrets)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/secrets`, `${policyPath} secrets must be an object.`, `Fix ${policyPath} so secrets is an object.`)];
-	if (policy.auth !== void 0 && !isRecord(policy.auth)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/auth`, `${policyPath} auth must be an object.`, `Fix ${policyPath} so auth is an object.`)];
-	if (isRecord(policy.auth) && policy.auth.profiles !== void 0 && !isRecord(policy.auth.profiles)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/auth/profiles`, `${policyPath} auth.profiles must be an object.`, `Fix ${policyPath} so auth.profiles is an object.`)];
-	const gatewayFinding = gatewayPolicyShapeFinding(policy.gateway, {
-		policyDocName,
-		policyPath
-	});
-	if (gatewayFinding !== void 0) return [gatewayFinding];
-	return [];
-}
-function gatewayPolicyShapeFinding(value, params) {
-	if (value === void 0) return;
-	if (!isRecord(value)) return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/gateway`, `${params.policyPath} gateway must be an object.`, `Fix ${params.policyPath} so gateway is an object.`);
-	for (const section of [
-		"exposure",
-		"auth",
-		"controlUi",
-		"remote",
-		"http"
-	]) if (value[section] !== void 0 && !isRecord(value[section])) return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/gateway/${section}`, `${params.policyPath} gateway.${section} must be an object.`, `Fix ${params.policyPath} so gateway.${section} is an object.`);
-	const exposure = isRecord(value.exposure) ? value.exposure : {};
-	const auth = isRecord(value.auth) ? value.auth : {};
-	const controlUi = isRecord(value.controlUi) ? value.controlUi : {};
-	const remote = isRecord(value.remote) ? value.remote : {};
-	const http = isRecord(value.http) ? value.http : {};
-	const booleanRules = [
-		[
-			"gateway/exposure/allowNonLoopbackBind",
-			"gateway.exposure.allowNonLoopbackBind",
-			exposure.allowNonLoopbackBind
-		],
-		[
-			"gateway/exposure/allowTailscaleFunnel",
-			"gateway.exposure.allowTailscaleFunnel",
-			exposure.allowTailscaleFunnel
-		],
-		[
-			"gateway/auth/requireAuth",
-			"gateway.auth.requireAuth",
-			auth.requireAuth
-		],
-		[
-			"gateway/auth/requireExplicitRateLimit",
-			"gateway.auth.requireExplicitRateLimit",
-			auth.requireExplicitRateLimit
-		],
-		[
-			"gateway/controlUi/allowInsecure",
-			"gateway.controlUi.allowInsecure",
-			controlUi.allowInsecure
-		],
-		[
-			"gateway/remote/allow",
-			"gateway.remote.allow",
-			remote.allow
-		],
-		[
-			"gateway/http/requireUrlAllowlists",
-			"gateway.http.requireUrlAllowlists",
-			http.requireUrlAllowlists
-		]
-	];
-	for (const [target, property, ruleValue] of booleanRules) if (ruleValue !== void 0 && typeof ruleValue !== "boolean") return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/${target}`, `${params.policyPath} ${property} must be a boolean.`, `Fix ${params.policyPath} so ${property} is true or false.`);
-	const denyEndpoints = http.denyEndpoints;
-	if (denyEndpoints !== void 0 && !Array.isArray(denyEndpoints)) return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/gateway/http/denyEndpoints`, `${params.policyPath} gateway.http.denyEndpoints must be an array.`, "Use an array of endpoint ids such as [\"responses\"] or remove gateway.http.denyEndpoints.");
-	if (Array.isArray(denyEndpoints)) {
-		const invalidIndex = denyEndpoints.findIndex((entry) => typeof entry !== "string" || !SUPPORTED_GATEWAY_HTTP_ENDPOINTS.includes(entry.trim()));
-		if (invalidIndex >= 0) return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/gateway/http/denyEndpoints/#${invalidIndex}`, `${params.policyPath} gateway.http.denyEndpoints[${invalidIndex}] must be a supported endpoint id.`, `Use supported endpoint ids: ${SUPPORTED_GATEWAY_HTTP_ENDPOINTS.join(", ")}.`);
-	}
-}
-function policyStringArrayShapeFinding(value, params) {
-	if (value === void 0) return;
-	if (!isRecord(value)) return policyShapeFinding(params.policyPath, `oc://${params.policyDocName}/${params.target}`, `${params.policyPath} ${params.property} must be an object.`, `Fix ${params.policyPath} so ${params.property} is an object.`);
-	for (const key of ["allow", "deny"]) {
-		const entries = value[key];
-		if (entries === void 0) continue;
-		const target = `oc://${params.policyDocName}/${params.target}/${key}`;
-		if (!Array.isArray(entries)) return policyShapeFinding(params.policyPath, target, `${params.policyPath} ${params.property}.${key} must be an array.`, `Fix ${params.policyPath} so ${params.property}.${key} is an array of ${params.valueName}s.`);
-		const invalidIndex = entries.findIndex((entry) => typeof entry !== "string" || entry.trim() === "");
-		if (invalidIndex >= 0) return policyShapeFinding(params.policyPath, `${target}/#${invalidIndex}`, `${params.policyPath} ${params.property}.${key}[${invalidIndex}] must be a non-empty string.`, `Fix ${params.policyPath} so each ${params.property}.${key} entry is a ${params.valueName}.`);
-	}
-}
-function policyShapeFinding(policyPath, target, message, fixHint) {
-	return {
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message,
-		source: "policy",
-		path: policyPath,
-		target,
-		fixHint
-	};
-}
-function authProfileMetadataRequirementFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.auth) || !isRecord(policy.auth.profiles) || policy.auth.profiles.requireMetadata === void 0) return [];
-	if (!Array.isArray(policy.auth.profiles.requireMetadata)) return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} auth.profiles.requireMetadata must be an array of metadata keys.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/auth/profiles/requireMetadata`,
-		fixHint: `Use supported metadata keys: ${SUPPORTED_AUTH_PROFILE_METADATA.join(", ")}.`
-	}];
-	const invalidIndex = policy.auth.profiles.requireMetadata.findIndex((entry) => typeof entry !== "string" || !SUPPORTED_AUTH_PROFILE_METADATA.includes(entry.trim().toLowerCase()));
-	if (invalidIndex < 0) return [];
-	return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} auth.profiles.requireMetadata[${invalidIndex}] must be a supported metadata key.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/auth/profiles/requireMetadata/#${invalidIndex}`,
-		fixHint: `Use supported metadata keys: ${SUPPORTED_AUTH_PROFILE_METADATA.join(", ")}.`
-	}];
-}
-function invalidChannelDenyRuleFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.channels) || policy.channels.denyRules === void 0) return [];
-	if (!Array.isArray(policy.channels.denyRules)) return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} channels.denyRules must be an array.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/channels/denyRules`,
-		fixHint: `Fix ${policyPath} so channel deny rules are an array.`
-	}];
-	const invalid = policy.channels.denyRules.findIndex((rule) => !isChannelDenyRule(rule));
-	if (invalid < 0) return [];
-	return [{
-		checkId: CHECK_IDS.policyInvalidFile,
-		severity: "error",
-		message: `${policyPath} channels.denyRules[${invalid}] must define when.provider as a string.`,
-		source: "policy",
-		path: policyPath,
-		target: `oc://${policyDocName}/channels/denyRules/#${invalid}`,
-		fixHint: `Fix ${policyPath} so each channel deny rule has a provider match.`
-	}];
-}
-function mcpServerFindings(policy, policyDocName, evidence) {
-	const denied = new Set(readStringList(policy, [
-		"mcp",
-		"servers",
-		"deny"
-	], { lowercase: false }));
-	const allowed = readStringList(policy, [
-		"mcp",
-		"servers",
-		"allow"
-	], { lowercase: false });
-	const allowedSet = new Set(allowed);
-	const findings = [];
-	for (const server of evidence.mcpServers) {
-		if (denied.has(server.id)) {
-			findings.push({
-				checkId: CHECK_IDS.policyDeniedMcpServer,
-				severity: "error",
-				message: `MCP server '${server.id}' is denied by policy.`,
-				source: "policy",
-				path: "daocore config",
-				ocPath: server.source,
-				target: server.source,
-				requirement: `oc://${policyDocName}/mcp/servers/deny`,
-				fixHint: "Remove this configured MCP server or update the policy after review."
-			});
-			continue;
-		}
-		if (allowedSet.size > 0 && !allowedSet.has(server.id)) findings.push({
-			checkId: CHECK_IDS.policyUnapprovedMcpServer,
-			severity: "error",
-			message: `MCP server '${server.id}' is not in the policy allowlist.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: server.source,
-			target: server.source,
-			requirement: `oc://${policyDocName}/mcp/servers/allow`,
-			fixHint: "Use an approved MCP server or update the policy after review."
-		});
-	}
-	return findings;
-}
-function modelProviderFindings(policy, policyDocName, evidence) {
-	const denied = new Set(readModelProviderPolicyList(policy, [
-		"models",
-		"providers",
-		"deny"
-	]));
-	const allowed = readModelProviderPolicyList(policy, [
-		"models",
-		"providers",
-		"allow"
-	]);
-	const allowedSet = new Set(allowed);
-	const findings = [];
-	for (const provider of evidence.modelProviders) findings.push(...modelProviderConformanceFindings(provider, denied, allowedSet, policyDocName));
-	for (const modelRef of evidence.modelRefs) findings.push(...modelRefConformanceFindings(modelRef, denied, allowedSet, policyDocName));
-	return findings;
-}
-function readModelProviderPolicyList(policy, path) {
-	return readStringList(policy, path).map((provider) => normalizeProviderId(provider));
-}
-function modelProviderConformanceFindings(provider, denied, allowed, policyDocName) {
-	const findings = [];
-	if (denied.has(provider.id)) findings.push({
-		checkId: CHECK_IDS.policyDeniedModelProvider,
-		severity: "error",
-		message: `Model provider '${provider.id}' is denied by policy.`,
-		source: "policy",
-		path: "daocore config",
-		ocPath: provider.source,
-		target: provider.source,
-		requirement: `oc://${policyDocName}/models/providers/deny`,
-		fixHint: "Remove this configured provider or update the policy after review."
-	});
-	if (!denied.has(provider.id) && allowed.size > 0 && !allowed.has(provider.id)) findings.push({
-		checkId: CHECK_IDS.policyUnapprovedModelProvider,
-		severity: "error",
-		message: `Model provider '${provider.id}' is not in the policy allowlist.`,
-		source: "policy",
-		path: "daocore config",
-		ocPath: provider.source,
-		target: provider.source,
-		requirement: `oc://${policyDocName}/models/providers/allow`,
-		fixHint: "Use an approved model provider or update the policy after review."
-	});
-	return findings;
-}
-function modelRefConformanceFindings(modelRef, denied, allowed, policyDocName) {
-	const findings = [];
-	if (denied.has(modelRef.provider)) findings.push({
-		checkId: CHECK_IDS.policyDeniedModelProvider,
-		severity: "error",
-		message: `Model ref '${modelRef.ref}' uses denied provider '${modelRef.provider}'.`,
-		source: "policy",
-		path: "daocore config",
-		ocPath: modelRef.source,
-		target: modelRef.source,
-		requirement: `oc://${policyDocName}/models/providers/deny`,
-		fixHint: "Select an approved model provider or update the policy after review."
-	});
-	if (!denied.has(modelRef.provider) && allowed.size > 0 && !allowed.has(modelRef.provider)) findings.push({
-		checkId: CHECK_IDS.policyUnapprovedModelProvider,
-		severity: "error",
-		message: `Model ref '${modelRef.ref}' uses unapproved provider '${modelRef.provider}'.`,
-		source: "policy",
-		path: "daocore config",
-		ocPath: modelRef.source,
-		target: modelRef.source,
-		requirement: `oc://${policyDocName}/models/providers/allow`,
-		fixHint: "Select an approved model provider or update the policy after review."
-	});
-	return findings;
-}
-function networkFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"network",
-		"privateNetwork",
-		"allow"
-	]) !== false) return [];
-	return evidence.network.filter((setting) => setting.value).map((setting) => {
-		return {
-			checkId: CHECK_IDS.policyPrivateNetworkAccess,
-			severity: "error",
-			message: `Network setting '${setting.id}' allows private-network access.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: setting.source,
-			target: setting.source,
-			requirement: `oc://${policyDocName}/network/privateNetwork/allow`,
-			fixHint: "Disable this private-network access setting or update policy after review."
-		};
-	});
-}
-function gatewayExposureFindings(policy, policyDocName, evidence) {
-	return [
-		...gatewayNonLoopbackBindFindings(policy, policyDocName, evidence),
-		...gatewayAuthFindings(policy, policyDocName, evidence),
-		...gatewayControlUiFindings(policy, policyDocName, evidence),
-		...gatewayTailscaleFindings(policy, policyDocName, evidence),
-		...gatewayRemoteFindings(policy, policyDocName, evidence),
-		...gatewayHttpEndpointFindings(policy, policyDocName, evidence),
-		...gatewayHttpUrlFetchFindings(policy, policyDocName, evidence)
-	];
-}
-function gatewayNonLoopbackBindFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"exposure",
-		"allowNonLoopbackBind"
-	]) !== false) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "bind" && entry.nonLoopback === true).map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayNonLoopbackBind,
-			severity: "error",
-			message: entry.explicit === false ? "Gateway bind is omitted while the runtime default can permit non-loopback exposure." : `Gateway bind setting '${entry.id}' permits non-loopback exposure.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/exposure/allowNonLoopbackBind`,
-			fixHint: "Use gateway.bind=loopback or update policy after review."
-		};
-	});
-}
-function gatewayAuthFindings(policy, policyDocName, evidence) {
-	const findings = [];
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"auth",
-		"requireAuth"
-	]) === true) findings.push(...(evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "auth" && entry.value === "none").map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayAuthDisabled,
-			severity: "error",
-			message: "Gateway authentication is disabled.",
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/auth/requireAuth`,
-			fixHint: "Set gateway.auth.mode to token, password, or trusted-proxy."
-		};
-	}));
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"auth",
-		"requireExplicitRateLimit"
-	]) === true) findings.push(...(evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "authRateLimit" && entry.explicit !== true).map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayRateLimitMissing,
-			severity: "error",
-			message: "Gateway authentication rate-limit posture is not explicit.",
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/auth/requireExplicitRateLimit`,
-			fixHint: "Configure gateway.auth.rateLimit or update policy after review."
-		};
-	}));
-	return findings;
-}
-function gatewayControlUiFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"controlUi",
-		"allowInsecure"
-	]) !== false) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "controlUi" && entry.value === true && (entry.id === "gateway-control-ui-insecure-auth" || entry.id === "gateway-control-ui-device-auth-disabled" || entry.id === "gateway-control-ui-host-origin-fallback")).map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayControlUiInsecure,
-			severity: "error",
-			message: `Gateway Control UI insecure toggle '${entry.id}' is enabled.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/controlUi/allowInsecure`,
-			fixHint: "Disable the insecure Control UI toggle or update policy after review."
-		};
-	});
-}
-function gatewayTailscaleFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"exposure",
-		"allowTailscaleFunnel"
-	]) !== false) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "tailscale" && entry.value === "funnel").map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayTailscaleFunnel,
-			severity: "error",
-			message: "Gateway Tailscale Funnel exposure is enabled.",
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/exposure/allowTailscaleFunnel`,
-			fixHint: "Use tailscale serve/off or update policy after review."
-		};
-	});
-}
-function gatewayRemoteFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"remote",
-		"allow"
-	]) !== false) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "remote").map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayRemoteEnabled,
-			severity: "error",
-			message: `Gateway remote posture '${entry.id}' is enabled.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/remote/allow`,
-			fixHint: "Disable remote gateway mode/config or update policy after review."
-		};
-	});
-}
-function gatewayHttpEndpointFindings(policy, policyDocName, evidence) {
-	const denied = new Set(readStringList(policy, [
-		"gateway",
-		"http",
-		"denyEndpoints"
-	]).map((endpoint) => endpoint.toLowerCase()));
-	if (denied.size === 0) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "httpEndpoint" && entry.endpoint !== void 0 && denied.has(entry.endpoint.toLowerCase())).map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayHttpEndpointEnabled,
-			severity: "error",
-			message: `Gateway HTTP endpoint '${entry.endpoint ?? entry.id}' is denied by policy.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/http/denyEndpoints`,
-			fixHint: "Disable the HTTP endpoint or update policy after review."
-		};
-	});
-}
-function gatewayHttpUrlFetchFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, [
-		"gateway",
-		"http",
-		"requireUrlAllowlists"
-	]) !== true) return [];
-	return (evidence.gatewayExposure ?? []).filter((entry) => entry.kind === "httpUrlFetch" && entry.hasAllowlist !== true).map((entry) => {
-		return {
-			checkId: CHECK_IDS.policyGatewayHttpUrlFetchUnrestricted,
-			severity: "error",
-			message: `Gateway HTTP URL-fetch input '${entry.id}' has no URL allowlist.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: entry.source,
-			target: entry.source,
-			requirement: `oc://${policyDocName}/gateway/http/requireUrlAllowlists`,
-			fixHint: "Add a urlAllowlist for this URL-fetch input or update policy after review."
-		};
-	});
-}
-function secretAuthProvenanceFindings(policy, policyPath, policyDocName, evidence) {
-	const secretShapeFindings = secretPolicyShapeFindings(policy, policyPath, policyDocName);
-	const authShapeFindings = authProfileAllowModesShapeFindings(policy, policyPath, policyDocName);
-	return [...secretShapeFindings.length > 0 ? secretShapeFindings : [
-		...secretManagedProviderFindings(policy, policyDocName, evidence),
-		...secretDeniedSourceFindings(policy, policyDocName, evidence),
-		...secretInsecureProviderFindings(policy, policyDocName, evidence)
-	], ...authShapeFindings.length > 0 ? authShapeFindings : [...authProfileMetadataFindings(policy, policyDocName, evidence), ...authProfileModeFindings(policy, policyDocName, evidence)]];
-}
-function policyHasSecretRules(policy) {
-	if (!isRecord(policy) || !isRecord(policy.secrets)) return false;
-	return policy.secrets.requireManagedProviders !== void 0 || policy.secrets.denySources !== void 0 || policy.secrets.allowInsecureProviders !== void 0;
-}
-function policyHasAuthProfileRules(policy) {
-	return isRecord(policy) && isRecord(policy.auth) && isRecord(policy.auth.profiles) && (policy.auth.profiles.requireMetadata !== void 0 || policy.auth.profiles.allowModes !== void 0);
-}
-function policyHasGatewayRules(policy) {
-	if (!isRecord(policy) || !isRecord(policy.gateway)) return false;
-	const gateway = policy.gateway;
-	return isRecord(gateway.exposure) && (gateway.exposure.allowNonLoopbackBind !== void 0 || gateway.exposure.allowTailscaleFunnel !== void 0) || isRecord(gateway.auth) && (gateway.auth.requireAuth !== void 0 || gateway.auth.requireExplicitRateLimit !== void 0) || isRecord(gateway.controlUi) && gateway.controlUi.allowInsecure !== void 0 || isRecord(gateway.remote) && gateway.remote.allow !== void 0 || isRecord(gateway.http) && (gateway.http.denyEndpoints !== void 0 || gateway.http.requireUrlAllowlists !== void 0);
-}
-function secretPolicyShapeFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.secrets)) return [];
-	const findings = [];
-	for (const key of ["requireManagedProviders", "allowInsecureProviders"]) if (policy.secrets[key] !== void 0 && typeof policy.secrets[key] !== "boolean") findings.push(policyShapeFinding(policyPath, `oc://${policyDocName}/secrets/${key}`, `${policyPath} secrets.${key} must be a boolean.`, `Set secrets.${key} to true or false.`));
-	if (policy.secrets.denySources !== void 0 && !Array.isArray(policy.secrets.denySources)) findings.push(policyShapeFinding(policyPath, `oc://${policyDocName}/secrets/denySources`, `${policyPath} secrets.denySources must be an array of source names.`, "Use an array such as [\"exec\"] or remove secrets.denySources."));
-	else if (Array.isArray(policy.secrets.denySources)) {
-		const invalidIndex = policy.secrets.denySources.findIndex((entry) => typeof entry !== "string" || entry.trim() === "");
-		if (invalidIndex >= 0) findings.push(policyShapeFinding(policyPath, `oc://${policyDocName}/secrets/denySources/#${invalidIndex}`, `${policyPath} secrets.denySources[${invalidIndex}] must be a non-empty source name.`, "Use non-empty source names such as env, file, exec, or daocore."));
-	}
-	return findings;
-}
-function authProfileAllowModesShapeFindings(policy, policyPath, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.auth) || !isRecord(policy.auth.profiles) || policy.auth.profiles.allowModes === void 0) return [];
-	if (!Array.isArray(policy.auth.profiles.allowModes)) return [policyShapeFinding(policyPath, `oc://${policyDocName}/auth/profiles/allowModes`, `${policyPath} auth.profiles.allowModes must be an array of auth modes.`, `Use supported auth modes: ${SUPPORTED_AUTH_PROFILE_MODES.join(", ")}.`)];
-	const invalidIndex = policy.auth.profiles.allowModes.findIndex((entry) => typeof entry !== "string" || !SUPPORTED_AUTH_PROFILE_MODES.includes(entry.trim().toLowerCase()));
-	if (invalidIndex < 0) return [];
-	return [policyShapeFinding(policyPath, `oc://${policyDocName}/auth/profiles/allowModes/#${invalidIndex}`, `${policyPath} auth.profiles.allowModes[${invalidIndex}] must be a supported auth mode.`, `Use supported auth modes: ${SUPPORTED_AUTH_PROFILE_MODES.join(", ")}.`)];
-}
-function secretManagedProviderFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, ["secrets", "requireManagedProviders"]) !== true) return [];
-	const secrets = evidence.secrets ?? [];
-	const providerKeys = new Set(secrets.filter((secret) => secret.kind === "provider" && secret.providerSource !== void 0).map((secret) => `${secret.providerSource}:${secret.id}`));
-	return secrets.filter((secret) => secret.kind === "input" && secret.provenance === "secretRef" && (secret.refProvider === void 0 || secret.refSource === void 0 || !providerKeys.has(`${secret.refSource}:${secret.refProvider}`))).map((secret) => {
-		return {
-			checkId: CHECK_IDS.policySecretsUnmanagedProvider,
-			severity: "error",
-			message: `SecretRef uses unmanaged provider '${secret.refProvider ?? "default"}'.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: secret.source,
-			target: secret.source,
-			requirement: `oc://${policyDocName}/secrets/requireManagedProviders`,
-			fixHint: "Declare the referenced provider under secrets.providers or update policy after review."
-		};
-	});
-}
-function secretDeniedSourceFindings(policy, policyDocName, evidence) {
-	const deniedSources = new Set(readStringList(policy, ["secrets", "denySources"]));
-	if (deniedSources.size === 0) return [];
-	return (evidence.secrets ?? []).filter((secret) => {
-		const source = secret.kind === "provider" ? secret.providerSource : secret.refSource;
-		return source !== void 0 && deniedSources.has(source);
-	}).map((secret) => {
-		const source = secret.kind === "provider" ? secret.providerSource : secret.refSource;
-		return {
-			checkId: CHECK_IDS.policySecretsDeniedProviderSource,
-			severity: "error",
-			message: `Secret ${secret.kind} '${secret.id}' uses denied source '${source}'.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: secret.source,
-			target: secret.source,
-			requirement: `oc://${policyDocName}/secrets/denySources`,
-			fixHint: "Move this secret to an approved source or update policy after review."
-		};
-	});
-}
-function secretInsecureProviderFindings(policy, policyDocName, evidence) {
-	if (readPolicyBoolean(policy, ["secrets", "allowInsecureProviders"]) !== false) return [];
-	return (evidence.secrets ?? []).filter((secret) => secret.kind === "provider" && (secret.insecure?.length ?? 0) > 0).map((secret) => {
-		return {
-			checkId: CHECK_IDS.policySecretsInsecureProvider,
-			severity: "error",
-			message: `Secret provider '${secret.id}' enables insecure posture: ${(secret.insecure ?? []).join(", ")}.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: secret.source,
-			target: secret.source,
-			requirement: `oc://${policyDocName}/secrets/allowInsecureProviders`,
-			fixHint: "Remove insecure provider overrides or update policy after review."
-		};
-	});
-}
-function authProfileMetadataFindings(policy, policyDocName, evidence) {
-	const requiredMetadata = requiredAuthProfileMetadata(policy);
-	if (requiredMetadata.size === 0) return [];
-	return (evidence.authProfiles ?? []).flatMap((profile) => {
-		const missing = [...requiredMetadata].filter((metadata) => !authProfileHasMetadata(profile, metadata));
-		if (missing.length === 0) return [];
-		return [{
-			checkId: CHECK_IDS.policyAuthProfileInvalidMetadata,
-			severity: "error",
-			message: `Auth profile '${profile.id}' is missing required metadata: ${missing.join(", ")}.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: profile.source,
-			target: profile.source,
-			requirement: `oc://${policyDocName}/auth/profiles/requireMetadata`,
-			fixHint: "Set auth.profiles.<id>.provider and a supported auth profile mode."
-		}];
-	});
-}
-function authProfileModeFindings(policy, policyDocName, evidence) {
-	const allowedModes = new Set(readStringList(policy, [
-		"auth",
-		"profiles",
-		"allowModes"
-	]));
-	if (allowedModes.size === 0) return [];
-	return (evidence.authProfiles ?? []).filter((profile) => profile.mode !== void 0 && !allowedModes.has(profile.mode)).map((profile) => {
-		return {
-			checkId: CHECK_IDS.policyAuthProfileUnapprovedMode,
-			severity: "error",
-			message: `Auth profile '${profile.id}' uses mode '${profile.mode}' outside the policy allowlist.`,
-			source: "policy",
-			path: "daocore config",
-			ocPath: profile.source,
-			target: profile.source,
-			requirement: `oc://${policyDocName}/auth/profiles/allowModes`,
-			fixHint: "Change the auth profile mode or update policy after review."
-		};
-	});
-}
-function toolRiskFindings(policyDocName, evidence) {
-	return (evidence.tools ?? []).filter((tool) => tool.risk === void 0).map((tool) => {
-		return {
-			checkId: CHECK_IDS.policyMissingToolRisk,
-			severity: "error",
-			message: `TOOLS.md tool '${tool.id}' has no explicit risk classification.`,
-			source: "policy",
-			path: "TOOLS.md",
-			line: tool.line,
-			ocPath: tool.source,
-			target: tool.source,
-			requirement: `oc://${policyDocName}/tools/requireMetadata`,
-			fixHint: "Declare risk:low, risk:medium, risk:high, risk:critical, or an R0-R5 review alias."
-		};
-	});
-}
-function toolUnknownRiskFindings(policyDocName, evidence) {
-	return (evidence.tools ?? []).filter((tool) => tool.risk !== void 0 && !KNOWN_RISK_LEVELS.includes(tool.risk)).map((tool) => {
-		return {
-			checkId: CHECK_IDS.policyUnknownToolRisk,
-			severity: "error",
-			message: `TOOLS.md tool '${tool.id}' declares unknown risk '${tool.risk}'.`,
-			source: "policy",
-			path: "TOOLS.md",
-			line: tool.line,
-			ocPath: tool.source,
-			target: tool.source,
-			requirement: `oc://${policyDocName}/tools/requireMetadata`,
-			fixHint: `Use one of: ${KNOWN_RISK_LEVELS.join(", ")}.`
-		};
-	});
-}
-function toolSensitivityFindings(policyDocName, evidence) {
-	return (evidence.tools ?? []).flatMap((tool) => {
-		if (tool.sensitivity === void 0) return [{
-			checkId: CHECK_IDS.policyMissingToolSensitivity,
-			severity: "error",
-			message: `TOOLS.md tool '${tool.id}' has no declared artifact sensitivity.`,
-			source: "policy",
-			path: "TOOLS.md",
-			line: tool.line,
-			ocPath: tool.source,
-			target: tool.source,
-			requirement: `oc://${policyDocName}/tools/requireMetadata`,
-			fixHint: `Declare sensitivity as one of: ${KNOWN_SENSITIVITY_LEVELS.join(", ")}.`
-		}];
-		if (KNOWN_SENSITIVITY_LEVELS.includes(tool.sensitivity)) return [];
-		return [{
-			checkId: CHECK_IDS.policyUnknownToolSensitivity,
-			severity: "error",
-			message: `TOOLS.md tool '${tool.id}' declares unknown sensitivity '${tool.sensitivity}'.`,
-			source: "policy",
-			path: "TOOLS.md",
-			line: tool.line,
-			ocPath: tool.source,
-			target: tool.source,
-			requirement: `oc://${policyDocName}/tools/requireMetadata`,
-			fixHint: `Use one of: ${KNOWN_SENSITIVITY_LEVELS.join(", ")}.`
-		}];
-	});
-}
-function toolOwnerFindings(policyDocName, evidence) {
-	return (evidence.tools ?? []).filter((tool) => tool.owner === void 0).map((tool) => {
-		return {
-			checkId: CHECK_IDS.policyMissingToolOwner,
-			severity: "error",
-			message: `TOOLS.md tool '${tool.id}' has no declared owner.`,
-			source: "policy",
-			path: "TOOLS.md",
-			line: tool.line,
-			ocPath: tool.source,
-			target: tool.source,
-			requirement: `oc://${policyDocName}/tools/requireMetadata`,
-			fixHint: "Declare owner:<team-or-person> for this tool."
-		};
-	});
-}
-async function readPolicyFile(ctx) {
-	const displayName = policyDisplayName(ctx);
-	const path = resolveWorkspacePath(ctx, policyPathSetting(ctx));
-	try {
-		return {
-			raw: await (await import("node:fs/promises")).readFile(path, "utf-8"),
-			path,
-			displayName,
-			ocDocName: basename(displayName)
-		};
-	} catch (err) {
-		if (isNotFound(err)) return null;
-		throw err;
-	}
-}
-async function readWorkspaceFile(ctx, fileName) {
-	const path = resolveWorkspacePath(ctx, fileName);
-	try {
-		return {
-			raw: await (await import("node:fs/promises")).readFile(path, "utf-8"),
-			path
-		};
-	} catch (err) {
-		if (isNotFound(err)) return null;
-		throw err;
-	}
-}
-function resolveWorkspacePath(ctx, fileName) {
-	if (isAbsolute(fileName)) return fileName;
-	return resolve(ctx.cwd ?? process.cwd(), fileName);
-}
-function isNotFound(err) {
-	return typeof err === "object" && err !== null && "code" in err && err.code === "ENOENT";
-}
-function parsePolicyFile(raw) {
-	try {
-		return {
-			ok: true,
-			value: JSON5.parse(raw)
-		};
-	} catch (err) {
-		return {
-			ok: false,
-			message: err instanceof Error ? err.message : String(err)
-		};
-	}
-}
-function workspaceRepairsEnabled(ctx) {
-	return policySettings(ctx).workspaceRepairs === true;
-}
-function workspaceRepairsDisabledResult(fileName) {
-	return {
-		status: "skipped",
-		reason: "workspace repairs are disabled",
-		changes: [],
-		warnings: [`Skipped ${fileName} repair. Enable plugins.entries.policy.config.workspaceRepairs to let doctor --fix edit workspace files.`]
-	};
-}
-function readChannelDenyRules(policy, policyDocName) {
-	if (!isRecord(policy) || !isRecord(policy.channels) || !Array.isArray(policy.channels.denyRules)) return [];
-	return policy.channels.denyRules.map((rule, index) => ({
-		rule,
-		index
-	})).filter((entry) => isChannelDenyRule(entry.rule)).map(({ rule, index }) => {
-		const next = {
-			when: rule.when,
-			requirement: `oc://${policyDocName}/channels/denyRules/#${index}`
-		};
-		if (rule.id !== void 0) next.id = rule.id;
-		if (rule.reason !== void 0) next.reason = rule.reason;
-		return next;
-	});
-}
-function isChannelDenyRule(value) {
-	return isRecord(value) && (value.id === void 0 || typeof value.id === "string") && (value.reason === void 0 || typeof value.reason === "string") && isRecord(value.when) && typeof value.when.provider === "string";
-}
-function channelIdsFromFindings(findings) {
-	return [...new Set(findings.filter((finding) => finding.checkId === CHECK_IDS.policyDeniedChannelProvider).map((finding) => finding.ocPath?.match(/^oc:\/\/daocore\.config\/channels\/(.+)$/)?.[1]).filter((id) => id !== void 0 && id !== ""))];
-}
-function disableChannels(cfg, channelIds) {
-	if (!isRecord(cfg.channels)) return {
-		config: cfg,
-		changed: []
-	};
-	const channels = { ...cfg.channels };
-	const changed = [];
-	for (const id of channelIds) {
-		const current = channels[id];
-		if (!isRecord(current) || current.enabled === false) continue;
-		channels[id] = {
-			...current,
-			enabled: false
-		};
-		changed.push(id);
-	}
-	if (changed.length === 0) return {
-		config: cfg,
-		changed
-	};
-	return {
-		config: {
-			...cfg,
-			channels
-		},
-		changed
-	};
-}
-function policySettings(ctx) {
-	const pluginConfig = ctx.cfg.plugins?.entries?.["policy"]?.config;
-	if (!isRecord(pluginConfig)) return {};
-	return pluginConfig;
-}
-function policyChecksEnabled(ctx, settings) {
-	const entry = ctx.cfg.plugins?.entries?.["policy"];
-	if (!isRecord(entry) || entry.enabled === false) return false;
-	return settings.enabled !== false;
-}
-function requiredToolMetadata(policy) {
-	return new Set(readPolicyStringArray(policy, ["tools", "requireMetadata"]) ?? []);
-}
-function requiredAuthProfileMetadata(policy) {
-	const entries = readPolicyStringArray(policy, [
-		"auth",
-		"profiles",
-		"requireMetadata"
-	]) ?? [];
-	return new Set(entries.filter((entry) => SUPPORTED_AUTH_PROFILE_METADATA.includes(entry)));
-}
-function authProfileHasMetadata(profile, metadata) {
-	if (metadata === "provider") return profile.provider !== void 0 && profile.provider.trim() !== "";
-	return SUPPORTED_AUTH_PROFILE_MODES.includes(profile.mode);
-}
-function readPolicyStringArray(policy, path, options = {}) {
-	let current = policy;
-	for (const part of path) {
-		if (!isRecord(current)) return;
-		current = current[part];
-	}
-	if (!Array.isArray(current) || !current.every((entry) => typeof entry === "string")) return;
-	const lowercase = options.lowercase ?? true;
-	return current.map((entry) => {
-		const trimmed = entry.trim();
-		return lowercase ? trimmed.toLowerCase() : trimmed;
-	}).filter(Boolean);
-}
-function readStringList(policy, path, options) {
-	return readPolicyStringArray(policy, path, options) ?? [];
-}
-function readPolicyBoolean(policy, path) {
-	let current = policy;
-	for (const part of path) {
-		if (!isRecord(current)) return;
-		current = current[part];
-	}
-	return typeof current === "boolean" ? current : void 0;
-}
-function policyPathSetting(ctx) {
-	const configured = policySettings(ctx).path;
-	return typeof configured === "string" && configured.trim() !== "" ? configured.trim() : "policy.jsonc";
-}
-function policyDisplayName(ctx) {
-	const configured = policyPathSetting(ctx);
-	return isAbsolute(configured) ? basename(configured) : configured;
-}
-function isRecord(value) {
-	return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-//#endregion
-export { createPolicyAttestation as i, evaluatePolicy as n, registerPolicyDoctorChecks as r, POLICY_CHECK_IDS as t };