npm - @gaodefa/daocore - Versions diffs - 2026.5.55 → 2026.5.57 - Mend

@gaodefa/daocore 2026.5.55 → 2026.5.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1688) hide show

package/dist/abort-DiC4Sznz.js +277 -0
package/dist/abort.runtime-CQoHzKTf.js +2 -0
package/dist/abort.runtime.js +1 -1
package/dist/account-inspect-Dh7EWFPH.js +173 -0
package/dist/accounts-BZStTFvH.js +107 -0
package/dist/accounts-DOSIhc1G.js +107 -0
package/dist/accounts-hM84k1b4.js +2 -0
package/dist/accounts-j_TdtEpS.js +119 -0
package/dist/acp-runtime-BK9aeb-F.js +26 -0
package/dist/acp-spawn-B_TzMnCs.js +2 -0
package/dist/acp-spawn-C-jSM9pB.js +1275 -0
package/dist/acp-stateful-target-driver-Bs7j0_2y.js +89 -0
package/dist/action-kill-BZimChzW.js +33 -0
package/dist/action-runtime-CV2RGgay.js +469 -0
package/dist/action-runtime-api-Di0XuJjs.js +2 -0
package/dist/action-send-CGACS9au.js +39 -0
package/dist/action-spawn-CaZbPxyj.js +47 -0
package/dist/actions-CWN32SuY.js +161 -0
package/dist/actions.runtime-COUjuN0A.js +5 -0
package/dist/agent-7rrYnTDJ.js +3 -0
package/dist/agent-command-DCD5KH4O.js +1367 -0
package/dist/agent-components.runtime-CpszZAIK.js +10 -0
package/dist/agent-components.runtime.js +1 -1
package/dist/agent-harness-CGtBwZh6.d.ts +146 -0
package/dist/agent-harness-runtime-C8bm2G6W.js +180 -0
package/dist/agent-harness-runtime-DMYJ4buZ.d.ts +691 -0
package/dist/agent-harness-task-runtime-BIlxU__c.js +140 -0
package/dist/agent-runner-execution-BwxMzaLo.js +1713 -0
package/dist/agent-runner-utils-rclNBb27.js +266 -0
package/dist/agent-runner.runtime-bHUq_x-t.js +3455 -0
package/dist/agent-runner.runtime.js +1 -1
package/dist/agent-runtime-xKSjW2h-.js +229 -0
package/dist/agent-via-gateway-CmbxFwNI.js +463 -0
package/dist/agent-zvVk5Gj7.js +2 -0
package/dist/agents/pi-embedded-runner/tool-split.d.ts +1 -1
package/dist/api-Bq22hQPa.js +2 -0
package/dist/api-C9Dmd2CA.d.ts +52 -0
package/dist/api-CFnwFx29.js +639 -0
package/dist/api-ChHyXerl.js +6 -0
package/dist/api-CwAgaVbv.js +2 -0
package/dist/api-DuR1iuSt.js +3 -0
package/dist/api-oLwjYZlQ.js +134 -0
package/dist/apply-CYqNieX-.js +54 -0
package/dist/apply-DhAs6lD_.js +41 -0
package/dist/approval-handler.runtime-DKFYzDbX.js +130 -0
package/dist/assistant-VvAy5G1q.js +291 -0
package/dist/attachment-normalize-DXLRb1vV.js +225 -0
package/dist/attempt-execution-ByHukLRQ.js +558 -0
package/dist/attempt-execution.runtime-CB1K0mw-.js +3 -0
package/dist/attempt-execution.runtime.js +1 -1
package/dist/attempt-execution.shared-DUY-qllk.js +38 -0
package/dist/attempt.prompt-helpers-OGgVyJYC.js +475 -0
package/dist/attempt.tool-run-context-lCJOOyoF.js +2094 -0
package/dist/binding-routing-V7qHnpr1.js +113 -0
package/dist/binding-targets-DRZy-L0v.js +121 -0
package/dist/bot-BRiKm0Sj.js +7894 -0
package/dist/bot-deps-C7IwsRPN.js +2 -0
package/dist/bot-deps-PET2I6SF.js +747 -0
package/dist/bot-message-context.runtime-CToAd9y4.js +7 -0
package/dist/bot-message-context.runtime.js +1 -1
package/dist/bot-message-context.session.runtime-BUs3Wbbp.js +12 -0
package/dist/bot-message-context.session.runtime.js +1 -1
package/dist/bot-native-commands.delivery.runtime-BX5zaPEH.js +4 -0
package/dist/bot-native-commands.delivery.runtime.js +1 -1
package/dist/bot-native-commands.runtime-9tQ5_DNB.js +13 -0
package/dist/bot-native-commands.runtime.js +1 -1
package/dist/bridge-server-B5j8kXOX.js +113 -0
package/dist/browser-cli-C2Zh3969.js +2 -0
package/dist/browser-cli-C8xLyTcb.js +230 -0
package/dist/browser-cli-actions-input-pLyGefrN.js +473 -0
package/dist/browser-cli-actions-observe-yIc8XHto.js +81 -0
package/dist/browser-cli-debug-XNnJPUBx.js +137 -0
package/dist/browser-cli-inspect-bdB11tMm.js +104 -0
package/dist/browser-cli-manage-DxyNyyfu.js +443 -0
package/dist/browser-cli-resize-DTTYXJZe.js +26 -0
package/dist/browser-cli-shared-NVP-6AKd.js +50 -0
package/dist/browser-cli-state-CNGbNPwa.js +337 -0
package/dist/browser-control-auth--sLVv1gk.js +2 -0
package/dist/browser-profiles-DbqSFyjp.js +2 -0
package/dist/browser-runtime-awhrDqeW.js +384 -0
package/dist/build-D-2nejZD.js +257 -0
package/dist/build-info.json +2 -2
package/dist/bundled/boot-md/handler.js +2 -2
package/dist/bundled/session-memory/handler.js +1 -1
package/dist/bundled-channel-config-schema-4eXcH-RE.d.ts +3163 -0
package/dist/call-BAWIPJo2.d.ts +43 -0
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/capability-cli-BolcyA0G.js +1782 -0
package/dist/channel-Aq5t-z3L.js +2126 -0
package/dist/channel-B6YcNFXw.d.ts +104 -0
package/dist/channel-BSgHNRHc.js +867 -0
package/dist/channel-BdhbzWTg.d.ts +427 -0
package/dist/channel-Bkp8v6zY.d.ts +14 -0
package/dist/channel-BoK62YYe.d.ts +49 -0
package/dist/channel-BspahFUv.js +238 -0
package/dist/channel-C10lHKrC.d.ts +47 -0
package/dist/channel-C6iG1bMw.js +740 -0
package/dist/channel-CGqfpV9W.js +481 -0
package/dist/channel-CP4Ay-zH.js +1496 -0
package/dist/channel-CXv96eif.js +362 -0
package/dist/channel-CZrble5P.d.ts +8 -0
package/dist/channel-D8X4fgB9.d.ts +106 -0
package/dist/channel-D9LDQOYt.d.ts +8 -0
package/dist/channel-DKtJJJmk.js +1134 -0
package/dist/channel-DVGMasO6.d.ts +7 -0
package/dist/channel-DYaugblh.js +1777 -0
package/dist/channel-DfP8Sc0t.d.ts +6 -0
package/dist/channel-Djgm5DE9.d.ts +64 -0
package/dist/channel-Dl4eeuJ3.d.ts +114 -0
package/dist/channel-DpQ6_cvo.d.ts +8 -0
package/dist/channel-Drfw8mPm.js +376 -0
package/dist/channel-DsZ5FgWv.js +508 -0
package/dist/channel-K5ieMY2B.js +1249 -0
package/dist/channel-TByHmphS.js +653 -0
package/dist/channel-_qt56abp.js +955 -0
package/dist/channel-actions.runtime-IJXVGMwr.js +265 -0
package/dist/channel-actions.runtime.js +1 -1
package/dist/channel-core-CbkDdNXh.d.ts +6 -0
package/dist/channel-core-DI56iN4a.js +5 -0
package/dist/channel-entry-contract-DUSF3gce.d.ts +112 -0
package/dist/channel-hShoCuAc.d.ts +12 -0
package/dist/channel-inbound-CLiXSx1p.js +80 -0
package/dist/channel-jD9TGFqC.js +562 -0
package/dist/channel-pIMjOo6Y.d.ts +28 -0
package/dist/channel-plugin-runtime-Cg67QAiE.d.ts +7 -0
package/dist/channel-plugin-runtime-DbH-PJHG.js +998 -0
package/dist/channel-runtime-qDFdfs2o.js +408 -0
package/dist/channel-uP-mo8Q6.d.ts +7 -0
package/dist/channel-v10vtt5n.js +808 -0
package/dist/channel-whyHp4eY.d.ts +26 -0
package/dist/channel-zuYcvD-Z.js +1556 -0
package/dist/channel.runtime-CDU2dm0s.js +1008 -0
package/dist/channel.runtime-CHdAXkYH.js +254 -0
package/dist/channel.runtime-CLJRpc-h.js +88 -0
package/dist/channel.runtime-CPcuYCrA.js +109 -0
package/dist/channel.runtime-CyBKohZL.js +652 -0
package/dist/channel.runtime-Cyt2i5vz.js +733 -0
package/dist/channel.runtime-D0-a4fRP.js +21009 -0
package/dist/channel.runtime-DoLjhXDx.js +4 -0
package/dist/channel.runtime-w3cW8r41.js +2528 -0
package/dist/channel.setup-BMXb23G7.d.ts +6 -0
package/dist/channel.setup-BS1OC5oY.js +10 -0
package/dist/channel.setup-BdEXf9Ic.d.ts +8 -0
package/dist/channel.setup-DVAWbxPf.js +1098 -0
package/dist/channel.setup-Dr17Z8Bs.js +343 -0
package/dist/channel.setup-UZjcpncE.d.ts +7 -0
package/dist/chat-CjtxdDLc.js +2666 -0
package/dist/chrome-edHD-MwA.js +1503 -0
package/dist/cli/run-main.js +5 -5
package/dist/cli-D5u1KTqm.js +1341 -0
package/dist/cli-DYinYyHP.d.ts +20 -0
package/dist/cli-backend-CSCGROD2.d.ts +5 -0
package/dist/cli-backend-DmBwqwqy.d.ts +5 -0
package/dist/cli-compaction-C9Gf32ee.js +347 -0
package/dist/cli-metadata-BRwOm0gD.js +22 -0
package/dist/cli-runner-CHOYrtX0.js +2 -0
package/dist/cli-runner-DoVHGCQ_.js +540 -0
package/dist/cli-runner.runtime-CLMCxLS3.js +3 -0
package/dist/cli-runner.runtime-zYfDdco2.js +4 -0
package/dist/cli-runner.runtime.js +1 -1
package/dist/cli-shared-CXpra3BN.d.ts +20 -0
package/dist/cli-startup-metadata.json +8 -8
package/dist/client-Cnjvcmyb.js +650 -0
package/dist/client-adapter-e-8O4cOK.js +897 -0
package/dist/client-factory-Ciknc94j.js +9 -0
package/dist/command-auth-DptBVN5F.js +135 -0
package/dist/command-handlers-I-N79aEc.js +1609 -0
package/dist/command-registry-CEGc-tLO.js +9 -0
package/dist/command-registry-DyH-S8Mq.js +4 -0
package/dist/command-registry-core-Dm6muwXT.js +110 -0
package/dist/command-status.runtime-BxXo4Lh8.js +90 -0
package/dist/command-status.runtime.js +1 -1
package/dist/commands-CqcnXnk-.d.ts +113 -0
package/dist/commands-acp-D8Qo4y4s.js +74 -0
package/dist/commands-compact.runtime-T8fDbiQ3.js +10 -0
package/dist/commands-compact.runtime.js +1 -1
package/dist/commands-handlers.runtime-BXbiNMgg.js +6154 -0
package/dist/commands-handlers.runtime.js +1 -1
package/dist/commands-status-C33sx-wg.js +16 -0
package/dist/commands-status-ontnXxS9.js +3 -0
package/dist/commands-status.runtime-ontnXxS9.js +3 -0
package/dist/commands-status.runtime.js +1 -1
package/dist/commands-subagents-control.runtime-Dj_eYE95.js +2 -0
package/dist/commands-subagents-control.runtime-vdq632cp.js +3 -0
package/dist/commands-subagents-control.runtime.js +1 -1
package/dist/commands-system-prompt-C12SSIRK.js +162 -0
package/dist/commands-system-prompt-CLwISYbJ.js +2 -0
package/dist/commands.runtime-CpTdfFOn.js +176 -0
package/dist/commands.runtime.js +1 -1
package/dist/commitments/runtime.js +1 -1
package/dist/compact-B_oM1_Kj.js +480 -0
package/dist/compact-D1kBFth6.js +1141 -0
package/dist/compact.runtime-DUkHrkr5.js +12 -0
package/dist/compact.runtime.js +1 -1
package/dist/completion-cli-jKzV4sfV.js +315 -0
package/dist/components-u4gL95dv.d.ts +228 -0
package/dist/components.modal-glHG-y8o.d.ts +568 -0
package/dist/computer-use-CSww5tMF.js +367 -0
package/dist/config-B1vAgTvP.js +373 -0
package/dist/config-DbqSFyjp.js +2 -0
package/dist/config-mutations-CTSn5iBU.js +159 -0
package/dist/config-schema-Bqr7vPys.d.ts +20 -0
package/dist/context-engine-host-compat-Uh8zFTKI.js +2 -0
package/dist/context-engine-host-compat-oT1wCKie.js +288 -0
package/dist/context-engine-lifecycle-DuQ3Yn9Y.js +1274 -0
package/dist/contracts-testkit-DQ4aMv6G.d.ts +145 -0
package/dist/control-auth-Bs45HadJ.js +114 -0
package/dist/control-service-xpFmVcOh.js +145 -0
package/dist/control-ui/assets/agents-BDUMERgO.js +1008 -0
package/dist/control-ui/assets/channel-config-extras-Cf2MQ4fw.js +2 -0
package/dist/control-ui/assets/channels-u-ST-7HL.js +367 -0
package/dist/control-ui/assets/cron-B9oQvQUF.js +1013 -0
package/dist/control-ui/assets/debug-DzwXJPob.js +97 -0
package/dist/control-ui/assets/index-BNgzcqbU.js +7388 -0
package/dist/control-ui/assets/instances-CvAVAozy.js +57 -0
package/dist/control-ui/assets/logs-aR0p0kJ3.js +74 -0
package/dist/control-ui/assets/nodes-m4lui4-1.js +436 -0
package/dist/control-ui/assets/sessions-NOIW66qZ.js +399 -0
package/dist/control-ui/assets/skills-Jm7PDV4c.js +314 -0
package/dist/control-ui/assets/skills-shared-DNQYYVFk.js +11 -0
package/dist/control-ui/index.html +1 -1
package/dist/control-ui/sw.js +1 -1
package/dist/conversation-binding-runtime-x4mPNIxH.js +4 -0
package/dist/conversation-runtime-DtEjS-G-.js +31 -0
package/dist/core-DC7Ny2oO.js +282 -0
package/dist/core-DIQ0fbwp.d.ts +224 -0
package/dist/core-api-15EcrNg-.js +2 -0
package/dist/core-api-BYZCq0RV.js +5 -0
package/dist/crestodian/crestodian.js +1 -1
package/dist/crestodian/rescue-message.js +1 -1
package/dist/crestodian-D5kJCfGc.js +55 -0
package/dist/daocore-runtime-JsdCNe3l.d.ts +151 -0
package/dist/daocore-tools-B3_b_UBy.js +11727 -0
package/dist/delivery-DzhYKAIC.js +1002 -0
package/dist/dialogue-CeR00F0b.js +37 -0
package/dist/dir-fetch-tool-BN93HZEX.js +565 -0
package/dist/dir-list-tool-GN9j9rZf.js +100 -0
package/dist/direct-dm-DG_Y9uZa.js +64 -0
package/dist/directive-handling.fast-lane-C6MB3gfj.js +68 -0
package/dist/directive-handling.impl-DMd8DEIx.js +2 -0
package/dist/directive-handling.impl-DiHRiklw.js +818 -0
package/dist/directive-handling.model-selection-bFnPrpT5.js +122 -0
package/dist/directive-handling.persist.runtime-BmUPRBpx.js +263 -0
package/dist/directive-handling.persist.runtime.js +1 -1
package/dist/dispatch-acp-transcript.runtime-BOd5NoBy.js +40 -0
package/dist/dispatch-acp-transcript.runtime.js +1 -1
package/dist/dispatch-acp.runtime-BAHKODIz.js +18 -0
package/dist/dispatch-acp.runtime.js +1 -1
package/dist/dispatch-nvTA16b0.js +1640 -0
package/dist/doctor-BC74dYFO.js +6 -0
package/dist/doctor-BYhXKI0q.js +2 -0
package/dist/doctor-config-flow-DQGS37Mm.js +1741 -0
package/dist/doctor-core-checks-Cbu28kU4.js +573 -0
package/dist/doctor-core-checks-RYxzr9_s.js +2 -0
package/dist/doctor-health-B_mD0NRM.js +65 -0
package/dist/doctor-health-contributions-CXGagKlC.js +696 -0
package/dist/doctor-lint-D3uAOXwJ.js +94 -0
package/dist/doctor-state-integrity-BGTUWx8E.js +1231 -0
package/dist/doctor-update-BEEW5jJq.js +58 -0
package/dist/dynamic-tools-iaDgH2y8.js +486 -0
package/dist/embedded-backend-CrWLS1VO.js +579 -0
package/dist/embedded-gateway-stub.runtime-D1V-x8Xf.js +12 -0
package/dist/embedded-gateway-stub.runtime.js +1 -1
package/dist/embedding-provider-56qUY6a4.d.ts +16 -0
package/dist/embedding-provider-CfSvDhLk.d.ts +65 -0
package/dist/embedding-provider-DV9KtS1H.d.ts +21 -0
package/dist/entry.d.ts +1 -1
package/dist/exec-approvals-CtBpUdfe.js +149 -0
package/dist/extensionAPI.js +1 -1
package/dist/extensions/active-memory/index.d.ts +1 -1
package/dist/extensions/active-memory/index.js +1 -1
package/dist/extensions/admin-http-rpc/index.d.ts +1 -1
package/dist/extensions/admin-http-rpc/index.js +1 -1
package/dist/extensions/alibaba/index.d.ts +1 -1
package/dist/extensions/anthropic/api.d.ts +3 -3
package/dist/extensions/anthropic/cli-backend-api.d.ts +2 -2
package/dist/extensions/anthropic/cli-backend.d.ts +1 -1
package/dist/extensions/anthropic/cli-migration.d.ts +1 -1
package/dist/extensions/anthropic/cli-shared.d.ts +1 -1
package/dist/extensions/anthropic/contract-api.d.ts +1 -1
package/dist/extensions/anthropic/index.d.ts +1 -1
package/dist/extensions/anthropic/provider-contract-api.d.ts +1 -1
package/dist/extensions/anthropic/provider-discovery.d.ts +1 -1
package/dist/extensions/anthropic/provider-policy-api.d.ts +1 -1
package/dist/extensions/anthropic/register.runtime.d.ts +1 -1
package/dist/extensions/anthropic/replay-policy.d.ts +1 -1
package/dist/extensions/anthropic/setup-api.d.ts +1 -1
package/dist/extensions/anthropic/stream-wrappers.d.ts +1 -1
package/dist/extensions/anthropic/test-api.d.ts +2 -2
package/dist/extensions/arcee/index.d.ts +1 -1
package/dist/extensions/azure-speech/index.d.ts +1 -1
package/dist/extensions/azure-speech/speech-provider.d.ts +1 -1
package/dist/extensions/bonjour/index.d.ts +1 -1
package/dist/extensions/browser/browser-bridge.js +1 -1
package/dist/extensions/browser/browser-config.js +4 -4
package/dist/extensions/browser/browser-control-auth.js +2 -2
package/dist/extensions/browser/browser-doctor.js +2 -2
package/dist/extensions/browser/browser-maintenance.js +1 -1
package/dist/extensions/browser/browser-profiles.js +2 -2
package/dist/extensions/browser/browser-runtime-api.js +11 -11
package/dist/extensions/browser/cli-metadata.d.ts +1 -1
package/dist/extensions/browser/cli-metadata.js +1 -1
package/dist/extensions/browser/index.d.ts +1 -1
package/dist/extensions/browser/index.js +1 -1
package/dist/extensions/browser/plugin-registration.d.ts +1 -1
package/dist/extensions/browser/plugin-registration.js +1 -1
package/dist/extensions/browser/register.runtime.d.ts +2 -2
package/dist/extensions/browser/register.runtime.js +4 -4
package/dist/extensions/browser/runtime-api.d.ts +3 -3
package/dist/extensions/browser/runtime-api.js +13 -13
package/dist/extensions/browser/setup-api.d.ts +1 -1
package/dist/extensions/byteplus/index.d.ts +1 -1
package/dist/extensions/byteplus/provider-discovery.d.ts +1 -1
package/dist/extensions/canvas/cli-metadata.d.ts +1 -1
package/dist/extensions/canvas/index.d.ts +1 -1
package/dist/extensions/canvas/index.js +1 -1
package/dist/extensions/canvas/runtime-api.d.ts +2 -2
package/dist/extensions/canvas/setup-api.d.ts +1 -1
package/dist/extensions/cerebras/index.d.ts +1 -1
package/dist/extensions/chutes/index.d.ts +1 -1
package/dist/extensions/clickclack/api.d.ts +2 -2
package/dist/extensions/clickclack/api.js +2 -2
package/dist/extensions/clickclack/channel-plugin-api.d.ts +1 -1
package/dist/extensions/clickclack/channel-plugin-api.js +1 -1
package/dist/extensions/clickclack/index.d.ts +2 -2
package/dist/extensions/clickclack/runtime-api.d.ts +2 -2
package/dist/extensions/clickclack/runtime-api.js +2 -2
package/dist/extensions/cloudflare-ai-gateway/index.d.ts +1 -1
package/dist/extensions/cloudflare-ai-gateway/stream-wrappers.d.ts +1 -1
package/dist/extensions/comfy/index.d.ts +1 -1
package/dist/extensions/copilot-proxy/index.d.ts +1 -1
package/dist/extensions/copilot-proxy/runtime-api.d.ts +2 -2
package/dist/extensions/deepgram/index.d.ts +1 -1
package/dist/extensions/deepgram/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/deepgram/test-api.d.ts +1 -1
package/dist/extensions/deepinfra/api.d.ts +2 -2
package/dist/extensions/deepinfra/embedding-provider.d.ts +1 -1
package/dist/extensions/deepinfra/index.d.ts +1 -1
package/dist/extensions/deepinfra/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/deepinfra/speech-provider.d.ts +1 -1
package/dist/extensions/deepseek/api.d.ts +1 -1
package/dist/extensions/deepseek/index.d.ts +1 -1
package/dist/extensions/deepseek/provider-discovery.d.ts +1 -1
package/dist/extensions/deepseek/provider-policy-api.d.ts +1 -1
package/dist/extensions/deepseek/stream.d.ts +1 -1
package/dist/extensions/deepseek/thinking.d.ts +1 -1
package/dist/extensions/device-pair/api.d.ts +3 -3
package/dist/extensions/device-pair/api.js +1 -1
package/dist/extensions/device-pair/index.d.ts +1 -1
package/dist/extensions/device-pair/notify.d.ts +1 -1
package/dist/extensions/device-pair/pair-command-approve.js +1 -1
package/dist/extensions/document-extract/index.d.ts +1 -1
package/dist/extensions/duckduckgo/index.d.ts +1 -1
package/dist/extensions/elevenlabs/index.d.ts +1 -1
package/dist/extensions/elevenlabs/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/elevenlabs/setup-api.d.ts +1 -1
package/dist/extensions/elevenlabs/speech-provider.d.ts +1 -1
package/dist/extensions/elevenlabs/test-api.d.ts +2 -2
package/dist/extensions/exa/index.d.ts +1 -1
package/dist/extensions/fal/index.d.ts +1 -1
package/dist/extensions/fal/provider-contract-api.d.ts +1 -1
package/dist/extensions/fal/provider-registration.d.ts +1 -1
package/dist/extensions/file-transfer/index.d.ts +1 -1
package/dist/extensions/file-transfer/index.js +4 -4
package/dist/extensions/firecrawl/index.d.ts +1 -1
package/dist/extensions/fireworks/index.d.ts +1 -1
package/dist/extensions/fireworks/provider-policy-api.d.ts +1 -1
package/dist/extensions/fireworks/stream.d.ts +1 -1
package/dist/extensions/fireworks/thinking-policy.d.ts +1 -1
package/dist/extensions/github-copilot/embeddings.d.ts +1 -1
package/dist/extensions/github-copilot/index.d.ts +1 -1
package/dist/extensions/github-copilot/models.d.ts +1 -1
package/dist/extensions/github-copilot/register.runtime.d.ts +2 -2
package/dist/extensions/github-copilot/stream.d.ts +1 -1
package/dist/extensions/google/api.d.ts +5 -5
package/dist/extensions/google/cli-backend.d.ts +1 -1
package/dist/extensions/google/embedding-batch.d.ts +1 -1
package/dist/extensions/google/embedding-provider.d.ts +1 -1
package/dist/extensions/google/gemini-cli-provider.d.ts +1 -1
package/dist/extensions/google/index.d.ts +1 -1
package/dist/extensions/google/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/google/provider-contract-api.d.ts +1 -1
package/dist/extensions/google/provider-hooks.d.ts +2 -2
package/dist/extensions/google/provider-models.d.ts +1 -1
package/dist/extensions/google/provider-policy-api.d.ts +1 -1
package/dist/extensions/google/provider-policy.d.ts +1 -1
package/dist/extensions/google/provider-registration.d.ts +1 -1
package/dist/extensions/google/realtime-voice-provider.d.ts +1 -1
package/dist/extensions/google/runtime-api.d.ts +3 -3
package/dist/extensions/google/setup-api.d.ts +1 -1
package/dist/extensions/google/speech-provider.d.ts +1 -1
package/dist/extensions/google/test-api.d.ts +2 -2
package/dist/extensions/google/thinking-api.d.ts +1 -1
package/dist/extensions/google/thinking.d.ts +1 -1
package/dist/extensions/google/transport-stream.d.ts +1 -1
package/dist/extensions/gradium/index.d.ts +1 -1
package/dist/extensions/gradium/speech-provider.d.ts +1 -1
package/dist/extensions/groq/index.d.ts +1 -1
package/dist/extensions/huggingface/index.d.ts +1 -1
package/dist/extensions/image-generation-core/api.d.ts +3 -3
package/dist/extensions/image-generation-core/runtime-api.d.ts +1 -1
package/dist/extensions/imessage/api.d.ts +2 -2
package/dist/extensions/imessage/api.js +2 -2
package/dist/extensions/imessage/channel-plugin-api.d.ts +1 -1
package/dist/extensions/imessage/channel-plugin-api.js +1 -1
package/dist/extensions/imessage/index.d.ts +2 -2
package/dist/extensions/imessage/message-tool-api.d.ts +1 -1
package/dist/extensions/imessage/runtime-api.d.ts +3 -3
package/dist/extensions/imessage/runtime-api.js +3 -3
package/dist/extensions/imessage/setup-entry.d.ts +2 -2
package/dist/extensions/imessage/test-api.d.ts +1 -1
package/dist/extensions/inworld/index.d.ts +1 -1
package/dist/extensions/inworld/speech-provider.d.ts +1 -1
package/dist/extensions/irc/api.d.ts +1 -1
package/dist/extensions/irc/api.js +2 -2
package/dist/extensions/irc/channel-plugin-api.d.ts +1 -1
package/dist/extensions/irc/channel-plugin-api.js +1 -1
package/dist/extensions/irc/index.d.ts +2 -2
package/dist/extensions/irc/setup-entry.d.ts +2 -2
package/dist/extensions/kilocode/index.d.ts +1 -1
package/dist/extensions/kimi-coding/index.d.ts +1 -1
package/dist/extensions/kimi-coding/stream.d.ts +1 -1
package/dist/extensions/litellm/index.d.ts +1 -1
package/dist/extensions/llm-task/api.d.ts +2 -2
package/dist/extensions/llm-task/index.d.ts +1 -1
package/dist/extensions/llm-task/index.js +1 -1
package/dist/extensions/lmstudio/api.d.ts +1 -1
package/dist/extensions/lmstudio/index.d.ts +1 -1
package/dist/extensions/lmstudio/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/mattermost/api.js +1 -1
package/dist/extensions/mattermost/channel-plugin-api.d.ts +2 -2
package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
package/dist/extensions/mattermost/channel-plugin-runtime.d.ts +1 -1
package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
package/dist/extensions/mattermost/index.d.ts +2 -2
package/dist/extensions/mattermost/policy-api.js +1 -1
package/dist/extensions/mattermost/runtime-api.d.ts +3 -3
package/dist/extensions/mattermost/runtime-api.js +2 -2
package/dist/extensions/mattermost/setup-entry.d.ts +2 -2
package/dist/extensions/mattermost/slash-route-api.d.ts +1 -1
package/dist/extensions/mattermost/slash-route-api.js +1 -1
package/dist/extensions/memory-core/api.d.ts +1 -1
package/dist/extensions/memory-core/cli-metadata.d.ts +1 -1
package/dist/extensions/memory-core/cli-metadata.js +1 -1
package/dist/extensions/memory-core/index.d.ts +1 -1
package/dist/extensions/memory-core/manager-runtime.d.ts +1 -1
package/dist/extensions/memory-core/runtime-api.d.ts +2 -2
package/dist/extensions/memory-wiki/api.d.ts +3 -3
package/dist/extensions/memory-wiki/cli-metadata.d.ts +1 -1
package/dist/extensions/memory-wiki/index.d.ts +1 -1
package/dist/extensions/memory-wiki/setup-api.d.ts +1 -1
package/dist/extensions/microsoft/index.d.ts +1 -1
package/dist/extensions/microsoft/speech-provider.d.ts +1 -1
package/dist/extensions/microsoft/test-api.d.ts +1 -1
package/dist/extensions/microsoft-foundry/auth.d.ts +1 -1
package/dist/extensions/microsoft-foundry/cli.d.ts +1 -1
package/dist/extensions/microsoft-foundry/index.d.ts +1 -1
package/dist/extensions/microsoft-foundry/onboard.d.ts +3 -3
package/dist/extensions/microsoft-foundry/provider.d.ts +1 -1
package/dist/extensions/microsoft-foundry/runtime.d.ts +1 -1
package/dist/extensions/microsoft-foundry/shared-runtime.d.ts +1 -1
package/dist/extensions/microsoft-foundry/shared.d.ts +1 -1
package/dist/extensions/migrate-claude/apply.d.ts +1 -1
package/dist/extensions/migrate-claude/apply.js +1 -1
package/dist/extensions/migrate-claude/config.d.ts +1 -1
package/dist/extensions/migrate-claude/helpers.d.ts +1 -1
package/dist/extensions/migrate-claude/index.d.ts +1 -1
package/dist/extensions/migrate-claude/index.js +1 -1
package/dist/extensions/migrate-claude/memory.d.ts +2 -2
package/dist/extensions/migrate-claude/plan.d.ts +1 -1
package/dist/extensions/migrate-claude/plan.js +1 -1
package/dist/extensions/migrate-claude/provider.d.ts +1 -1
package/dist/extensions/migrate-claude/provider.js +1 -1
package/dist/extensions/migrate-claude/skills.d.ts +2 -2
package/dist/extensions/migrate-claude/targets.d.ts +1 -1
package/dist/extensions/migrate-claude/targets.js +1 -1
package/dist/extensions/migrate-hermes/apply.d.ts +1 -1
package/dist/extensions/migrate-hermes/apply.js +1 -1
package/dist/extensions/migrate-hermes/config.d.ts +1 -1
package/dist/extensions/migrate-hermes/helpers.d.ts +1 -1
package/dist/extensions/migrate-hermes/index.d.ts +1 -1
package/dist/extensions/migrate-hermes/index.js +1 -1
package/dist/extensions/migrate-hermes/items.d.ts +1 -1
package/dist/extensions/migrate-hermes/model.d.ts +1 -1
package/dist/extensions/migrate-hermes/model.js +1 -1
package/dist/extensions/migrate-hermes/plan.d.ts +1 -1
package/dist/extensions/migrate-hermes/plan.js +1 -1
package/dist/extensions/migrate-hermes/provider.d.ts +1 -1
package/dist/extensions/migrate-hermes/provider.js +1 -1
package/dist/extensions/migrate-hermes/secrets.d.ts +2 -2
package/dist/extensions/migrate-hermes/secrets.js +1 -1
package/dist/extensions/migrate-hermes/skills.d.ts +2 -2
package/dist/extensions/migrate-hermes/targets.d.ts +1 -1
package/dist/extensions/migrate-hermes/targets.js +1 -1
package/dist/extensions/minimax/index.d.ts +1 -1
package/dist/extensions/minimax/provider-contract-api.d.ts +1 -1
package/dist/extensions/minimax/provider-registration.d.ts +1 -1
package/dist/extensions/minimax/speech-provider.d.ts +1 -1
package/dist/extensions/mistral/embedding-provider.d.ts +1 -1
package/dist/extensions/mistral/index.d.ts +1 -1
package/dist/extensions/mistral/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/mistral/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/mistral/test-api.d.ts +1 -1
package/dist/extensions/moonshot/index.d.ts +1 -1
package/dist/extensions/moonshot/provider-contract-api.d.ts +1 -1
package/dist/extensions/moonshot/provider-discovery.d.ts +1 -1
package/dist/extensions/nvidia/index.d.ts +1 -1
package/dist/extensions/oc-path/cli-metadata.d.ts +1 -1
package/dist/extensions/oc-path/cli-registration.d.ts +1 -1
package/dist/extensions/oc-path/index.d.ts +1 -1
package/dist/extensions/ollama/api.d.ts +1 -1
package/dist/extensions/ollama/index.d.ts +1 -1
package/dist/extensions/ollama/provider-discovery.d.ts +1 -1
package/dist/extensions/ollama/provider-policy-api.d.ts +1 -1
package/dist/extensions/ollama/runtime-api.d.ts +1 -1
package/dist/extensions/open-prose/index.d.ts +1 -1
package/dist/extensions/open-prose/runtime-api.d.ts +2 -2
package/dist/extensions/openai/api.d.ts +4 -4
package/dist/extensions/openai/embedding-batch.d.ts +1 -1
package/dist/extensions/openai/embedding-provider.d.ts +1 -1
package/dist/extensions/openai/index.d.ts +1 -1
package/dist/extensions/openai/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/openai/openai-codex-oauth.runtime.d.ts +1 -1
package/dist/extensions/openai/openai-codex-provider.d.ts +1 -1
package/dist/extensions/openai/openai-provider.d.ts +1 -1
package/dist/extensions/openai/prompt-overlay.d.ts +1 -1
package/dist/extensions/openai/provider-contract-api.d.ts +1 -1
package/dist/extensions/openai/provider-policy-api.d.ts +1 -1
package/dist/extensions/openai/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/openai/realtime-voice-provider.d.ts +1 -1
package/dist/extensions/openai/register.runtime.d.ts +6 -6
package/dist/extensions/openai/replay-policy.d.ts +1 -1
package/dist/extensions/openai/setup-api.d.ts +1 -1
package/dist/extensions/openai/shared.d.ts +3 -3
package/dist/extensions/openai/speech-provider.d.ts +1 -1
package/dist/extensions/openai/test-api.d.ts +3 -3
package/dist/extensions/openai/thinking-policy.d.ts +1 -1
package/dist/extensions/openai/transport-policy.d.ts +1 -1
package/dist/extensions/opencode/index.d.ts +1 -1
package/dist/extensions/opencode/provider-policy-api.d.ts +1 -1
package/dist/extensions/opencode-go/index.d.ts +1 -1
package/dist/extensions/opencode-go/provider-catalog.d.ts +1 -1
package/dist/extensions/opencode-go/stream.d.ts +1 -1
package/dist/extensions/openrouter/api.d.ts +1 -1
package/dist/extensions/openrouter/index.d.ts +1 -1
package/dist/extensions/openrouter/provider-contract-api.d.ts +1 -1
package/dist/extensions/openrouter/provider-policy-api.d.ts +1 -1
package/dist/extensions/openrouter/speech-provider.d.ts +1 -1
package/dist/extensions/openrouter/stream.d.ts +1 -1
package/dist/extensions/openrouter/test-api.d.ts +1 -1
package/dist/extensions/openrouter/thinking-policy.d.ts +1 -1
package/dist/extensions/openrouter/video-generation-provider.d.ts +1 -1
package/dist/extensions/openrouter/video-model-catalog.d.ts +1 -1
package/dist/extensions/perplexity/index.d.ts +1 -1
package/dist/extensions/phone-control/index.d.ts +1 -1
package/dist/extensions/phone-control/runtime-api.d.ts +2 -2
package/dist/extensions/policy/api.js +1 -1
package/dist/extensions/policy/index.d.ts +1 -1
package/dist/extensions/policy/index.js +2 -2
package/dist/extensions/qianfan/index.d.ts +1 -1
package/dist/extensions/qwen/api.d.ts +1 -1
package/dist/extensions/qwen/index.d.ts +1 -1
package/dist/extensions/qwen/stream.d.ts +1 -1
package/dist/extensions/runway/index.d.ts +1 -1
package/dist/extensions/searxng/index.d.ts +1 -1
package/dist/extensions/senseaudio/index.d.ts +1 -1
package/dist/extensions/sglang/index.d.ts +1 -1
package/dist/extensions/signal/api.d.ts +2 -2
package/dist/extensions/signal/api.js +6 -6
package/dist/extensions/signal/channel-entry.d.ts +2 -2
package/dist/extensions/signal/channel-plugin-api.d.ts +1 -1
package/dist/extensions/signal/channel-plugin-api.js +1 -1
package/dist/extensions/signal/index.d.ts +2 -2
package/dist/extensions/signal/reaction-runtime-api.js +1 -1
package/dist/extensions/signal/runtime-api.d.ts +5 -5
package/dist/extensions/signal/runtime-api.js +7 -7
package/dist/extensions/signal/setup-entry.d.ts +2 -2
package/dist/extensions/skill-workshop/api.d.ts +2 -2
package/dist/extensions/skill-workshop/api.js +1 -1
package/dist/extensions/skill-workshop/index.d.ts +1 -1
package/dist/extensions/skill-workshop/index.js +2 -2
package/dist/extensions/speech-core/api.d.ts +3 -3
package/dist/extensions/speech-core/runtime-api.d.ts +2 -2
package/dist/extensions/stepfun/index.d.ts +1 -1
package/dist/extensions/synthetic/index.d.ts +1 -1
package/dist/extensions/talk-voice/api.d.ts +2 -2
package/dist/extensions/talk-voice/index.d.ts +1 -1
package/dist/extensions/tavily/index.d.ts +1 -1
package/dist/extensions/telegram/account-inspect-api.js +1 -1
package/dist/extensions/telegram/api.d.ts +4 -4
package/dist/extensions/telegram/api.js +11 -11
package/dist/extensions/telegram/channel-plugin-api.d.ts +2 -2
package/dist/extensions/telegram/channel-plugin-api.js +2 -2
package/dist/extensions/telegram/contract-api.d.ts +1 -1
package/dist/extensions/telegram/contract-api.js +3 -3
package/dist/extensions/telegram/index.d.ts +2 -2
package/dist/extensions/telegram/runtime-api.d.ts +4 -4
package/dist/extensions/telegram/runtime-api.js +7 -7
package/dist/extensions/telegram/security-audit-contract-api.js +1 -1
package/dist/extensions/telegram/setup-entry.d.ts +2 -2
package/dist/extensions/telegram/setup-plugin-api.d.ts +1 -1
package/dist/extensions/telegram/setup-plugin-api.js +1 -1
package/dist/extensions/telegram/test-api.js +2 -2
package/dist/extensions/tencent/index.d.ts +1 -1
package/dist/extensions/tencent/provider-discovery.d.ts +1 -1
package/dist/extensions/thread-ownership/api.d.ts +2 -2
package/dist/extensions/thread-ownership/index.d.ts +1 -1
package/dist/extensions/together/index.d.ts +1 -1
package/dist/extensions/tokenjuice/index.d.ts +1 -1
package/dist/extensions/tokenjuice/tool-result-middleware.d.ts +1 -1
package/dist/extensions/tts-local-cli/index.d.ts +1 -1
package/dist/extensions/tts-local-cli/speech-provider.d.ts +1 -1
package/dist/extensions/venice/index.d.ts +1 -1
package/dist/extensions/venice/stream.d.ts +1 -1
package/dist/extensions/vercel-ai-gateway/index.d.ts +1 -1
package/dist/extensions/vercel-ai-gateway/thinking.d.ts +1 -1
package/dist/extensions/video-generation-core/api.d.ts +2 -2
package/dist/extensions/video-generation-core/runtime-api.d.ts +1 -1
package/dist/extensions/vllm/api.d.ts +1 -1
package/dist/extensions/vllm/index.d.ts +1 -1
package/dist/extensions/vllm/stream.d.ts +1 -1
package/dist/extensions/volcengine/index.d.ts +1 -1
package/dist/extensions/volcengine/provider-discovery.d.ts +1 -1
package/dist/extensions/volcengine/speech-provider.d.ts +1 -1
package/dist/extensions/voyage/embedding-batch.d.ts +1 -1
package/dist/extensions/voyage/embedding-provider.d.ts +1 -1
package/dist/extensions/voyage/index.d.ts +1 -1
package/dist/extensions/voyage/memory-embedding-adapter.d.ts +1 -1
package/dist/extensions/vydra/index.d.ts +1 -1
package/dist/extensions/vydra/speech-provider.d.ts +1 -1
package/dist/extensions/web-readability/index.d.ts +1 -1
package/dist/extensions/webhooks/api.d.ts +2 -2
package/dist/extensions/webhooks/api.js +1 -1
package/dist/extensions/webhooks/index.d.ts +1 -1
package/dist/extensions/webhooks/index.js +1 -1
package/dist/extensions/webhooks/runtime-api.d.ts +1 -1
package/dist/extensions/xai/api.d.ts +1 -1
package/dist/extensions/xai/index.d.ts +1 -1
package/dist/extensions/xai/index.js +4 -4
package/dist/extensions/xai/provider-contract-api.d.ts +1 -1
package/dist/extensions/xai/provider-discovery.d.ts +1 -1
package/dist/extensions/xai/provider-models.d.ts +1 -1
package/dist/extensions/xai/provider-policy-api.d.ts +1 -1
package/dist/extensions/xai/realtime-transcription-provider.d.ts +1 -1
package/dist/extensions/xai/realtime-transcription-provider.js +1 -1
package/dist/extensions/xai/setup-api.d.ts +1 -1
package/dist/extensions/xai/speech-provider.d.ts +1 -1
package/dist/extensions/xai/speech-provider.js +1 -1
package/dist/extensions/xai/stream.d.ts +1 -1
package/dist/extensions/xai/test-api.js +1 -1
package/dist/extensions/xai/tts.js +1 -1
package/dist/extensions/xai/web-search.js +1 -1
package/dist/extensions/xai/xai-oauth.d.ts +1 -1
package/dist/extensions/xai/xai-oauth.js +1 -1
package/dist/extensions/xiaomi/index.d.ts +1 -1
package/dist/extensions/xiaomi/speech-provider.d.ts +1 -1
package/dist/extensions/xiaomi/stream.d.ts +1 -1
package/dist/extensions/xiaomi/thinking.d.ts +1 -1
package/dist/extensions/zai/index.d.ts +1 -1
package/dist/file-fetch-tool-6M7otZWJ.js +124 -0
package/dist/file-write-tool-C7sxNalS.js +127 -0
package/dist/format-BaYeBN8g.js +1145 -0
package/dist/format-Gd-3cUBL.js +250 -0
package/dist/gateway/protocol/index.d.ts +1 -1
package/dist/gateway-cli-Do3zXVoA.js +435 -0
package/dist/gateway-method-runtime-3Bh2bCrI.js +21 -0
package/dist/gateway-runtime-COtKzRqi.d.ts +163 -0
package/dist/gemini-cli-provider-BQgviROv.d.ts +6 -0
package/dist/get-reply-fC2lq4Bn.js +4689 -0
package/dist/get-reply-from-config.runtime-BPyCiEfV.js +2 -0
package/dist/get-reply-from-config.runtime.js +1 -1
package/dist/graph-users-CJlHYK21.js +1419 -0
package/dist/group-access-DOGbhNxW.js +112 -0
package/dist/handle-action.guild-admin-CdoddJ3u.js +288 -0
package/dist/harness-B-nCy5CA.js +61 -0
package/dist/health-DTO8sQYx.js +4 -0
package/dist/health-state-D8_oJguq.js +106 -0
package/dist/heartbeat-runner-CyGiZsj3.js +5 -0
package/dist/heartbeat-runner.runtime-D1dYoxzx.js +4 -0
package/dist/heartbeat-runner.runtime.js +1 -1
package/dist/hooks-DlPF6dZs.js +534 -0
package/dist/http-registry-Yo_NvKls.d.ts +23 -0
package/dist/image-generation-runtime-BIAvq6jv.d.ts +21 -0
package/dist/inbound-direct-dm-runtime-DAejzdQq.js +2 -0
package/dist/inbound-reply-dispatch-ccCfh5JF.js +148 -0
package/dist/index-7GMgTC5k.d.ts +3971 -0
package/dist/index.js +1 -1
package/dist/init-DzayFaI9.js +59 -0
package/dist/inline-buttons-6SL2p5Vu.js +40 -0
package/dist/interactive-dispatch-ChuCQxzf.d.ts +56 -0
package/dist/interactive-dispatch-DY_jVu-V.d.ts +143 -0
package/dist/internal-events-CAA5utUP.js +90 -0
package/dist/isolated-agent-B95d6tII.js +2 -0
package/dist/isolated-agent-BAkur-kh.js +1118 -0
package/dist/lifecycle-OYEvGSs_.js +571 -0
package/dist/list.probe-D6_5AksK.js +449 -0
package/dist/list.status-command-f0dAuxjW.js +789 -0
package/dist/llm-slug-generator-DzjXXHiO.js +78 -0
package/dist/llm-slug-generator.js +1 -1
package/dist/loader-C-JyPvyF.d.ts +142 -0
package/dist/local-dispatch.runtime-DE2f2WAa.js +9 -0
package/dist/local-dispatch.runtime.js +1 -1
package/dist/manager-CknaUr2b.d.ts +356 -0
package/dist/manager.runtime-DoBAFZ8r.js +2714 -0
package/dist/manager.runtime.js +1 -1
package/dist/markdown-to-line-DTEs6hVv.js +811 -0
package/dist/mcp-http-CgKbc-pc.js +555 -0
package/dist/mcp-http-x6Cwd0Yu.js +2 -0
package/dist/media-understanding-provider-Bt2HA6p3.js +339 -0
package/dist/memory-core-host-engine-storage-izjrNFNA.d.ts +54 -0
package/dist/memory-embedding-adapter-B3WLPdKc.d.ts +5 -0
package/dist/message-actions-B7JwvxAS.js +145 -0
package/dist/message-handler-BmkNxRDD.js +384 -0
package/dist/message-handler-BsTTww09.js +1715 -0
package/dist/message-handler.preflight-UPPmUa3q.js +1125 -0
package/dist/message-handler.process-D0yb6UtD.js +1484 -0
package/dist/migration-DVKbowM8.d.ts +45 -0
package/dist/model-BSBoLWjJ.d.ts +33 -0
package/dist/model-j0YMhzJy.js +74 -0
package/dist/model-selection-26YSj6pz.js +272 -0
package/dist/models-BWABpoiz.js +104 -0
package/dist/models-BvEw11kE.d.ts +24 -0
package/dist/models-K85k5nnr.js +2 -0
package/dist/models-cli-C7bbgiRD.js +256 -0
package/dist/monitor-B6yOuR2r.js +834 -0
package/dist/monitor-CIFjlXVi.js +60 -0
package/dist/monitor-CWaPk_7V.js +1370 -0
package/dist/monitor-Cs9Lo6bb.js +715 -0
package/dist/monitor-DC_WFeow.js +4377 -0
package/dist/monitor-Db2Zsmky.js +2788 -0
package/dist/monitor-ZJLxyo1m.js +1657 -0
package/dist/monitor-auth-9lbTrakT.js +179 -0
package/dist/monitor-gMuNdFNL.js +2 -0
package/dist/monitor-polling.runtime-rd2B_RoJ.js +883 -0
package/dist/monitor-polling.runtime.js +1 -1
package/dist/monitor-webhook.runtime-YytBaFht.js +387 -0
package/dist/monitor-webhook.runtime.js +1 -1
package/dist/monitor.account-CSzuEIqT.js +5233 -0
package/dist/monitor.runtime-BiN5yYq0.js +2 -0
package/dist/monitor.runtime.js +1 -1
package/dist/monitor.webhook-DK1oH0sg.js +180 -0
package/dist/node-cli-sessions-CRp1n9U4.js +1228 -0
package/dist/openai-codex-provider-C48t8ka8.d.ts +5 -0
package/dist/openai-http-qVcPqpQN.js +824 -0
package/dist/openai-provider-Df75q4KM.d.ts +5 -0
package/dist/openresponses-http-BxeU2OF4.js +1173 -0
package/dist/operations-Pr0GlIYC.js +805 -0
package/dist/outbound-adapter-BaBC-WXA.js +543 -0
package/dist/outbound-session-route-51WiyntM.js +45 -0
package/dist/outbound.runtime-Drn1outO.js +2 -0
package/dist/outbound.runtime.js +1 -1
package/dist/pi-embedded-B2Z84wpp.js +3796 -0
package/dist/pi-embedded-WaRss8a7.js +4 -0
package/dist/pi-embedded.runtime-BXtJQU5L.js +4 -0
package/dist/pi-embedded.runtime.js +1 -1
package/dist/pi-tools--L-L_5qV.js +2413 -0
package/dist/plan-C9P_Zx9I.js +81 -0
package/dist/plan-DvGesBjU.js +112 -0
package/dist/plugin-C946oTpr.js +12396 -0
package/dist/plugin-DMYsMKAW.d.ts +17 -0
package/dist/plugin-app-cache-key-CA3Fk_MS.js +46 -0
package/dist/plugin-enabled-Dl21DFci.js +233 -0
package/dist/plugin-entry-DwVZtdM9.d.ts +47 -0
package/dist/plugin-registration-M8OrW2uL.js +88 -0
package/dist/plugin-runtime-Dx9WRWX8.d.ts +117 -0
package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
package/dist/plugin-sdk/acp-runtime-backend.js +1 -1
package/dist/plugin-sdk/acp-runtime.js +2 -2
package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
package/dist/plugin-sdk/agent-harness-task-runtime.js +1 -1
package/dist/plugin-sdk/agent-harness.js +7 -7
package/dist/plugin-sdk/agent-runtime.js +2 -2
package/dist/plugin-sdk/channel-core.js +2 -2
package/dist/plugin-sdk/channel-inbound.js +2 -2
package/dist/plugin-sdk/channel-test-helpers.js +1 -1
package/dist/plugin-sdk/command-auth.js +1 -1
package/dist/plugin-sdk/command-status-runtime.js +1 -1
package/dist/plugin-sdk/compat.js +1 -1
package/dist/plugin-sdk/conversation-binding-runtime.js +2 -2
package/dist/plugin-sdk/conversation-runtime.js +3 -3
package/dist/plugin-sdk/core.js +2 -2
package/dist/plugin-sdk/direct-dm.js +1 -1
package/dist/plugin-sdk/gateway-method-runtime.js +1 -1
package/dist/plugin-sdk/health.js +2 -2
package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
package/dist/plugin-sdk/index.js +1 -1
package/dist/plugin-sdk/mattermost.js +1 -1
package/dist/plugin-sdk/plugin-test-contracts.js +2 -2
package/dist/plugin-sdk/provider-test-contracts.js +4 -4
package/dist/plugin-sdk/reply-runtime.js +4 -4
package/dist/plugin-sdk/testing.js +2 -2
package/dist/plugin-sdk/zalouser.js +1 -1
package/dist/plugin-service-Dii4hVsM.js +1229 -0
package/dist/plugin-service-mHunWjlo.d.ts +24 -0
package/dist/plugins/build-smoke-entry.d.ts +2 -2
package/dist/plugins/loader.d.ts +1 -1
package/dist/plugins/provider-discovery.runtime.d.ts +1 -1
package/dist/plugins/provider-runtime.runtime.d.ts +1 -1
package/dist/plugins/runtime/index.js +4 -4
package/dist/policy-BK63POC5.js +138 -0
package/dist/policy-BVF5IwsA.js +680 -0
package/dist/postinstall-inventory.json +600 -600
package/dist/prepare.runtime-C4MmUS7q.js +732 -0
package/dist/prepare.runtime.js +1 -1
package/dist/preview-warnings-BzWg6XZO.js +392 -0
package/dist/probe-BlRrdfJI.js +47 -0
package/dist/probe-BmRhtWLq.js +2204 -0
package/dist/probe-DM8yRYcU.js +2 -0
package/dist/probe-ejeGnKS6.js +682 -0
package/dist/program-BBjSDxOK.js +131 -0
package/dist/prompt-overlay-D0r0EA6z.d.ts +23 -0
package/dist/provider-BQqi3nak.js +8735 -0
package/dist/provider-CAW13htM.js +32 -0
package/dist/provider-DToIle9H.js +152 -0
package/dist/provider-api-key-auth-2Fp25hP8.d.ts +27 -0
package/dist/provider-auth-result-mIg6RY-l.d.ts +21 -0
package/dist/provider-catalog-runtime-B7e02aat.d.ts +23 -0
package/dist/provider-catalog-shared-D0mIMF1C.d.ts +62 -0
package/dist/provider-dispatcher-DqZ7i_rd.js +22 -0
package/dist/provider-dispatcher.runtime.js +1 -1
package/dist/provider-hook-runtime-CrtHxgL6.d.ts +61 -0
package/dist/provider-model-shared-BESf3jvo.d.ts +143 -0
package/dist/provider-models-B6wofKVD.d.ts +12 -0
package/dist/provider-policy-0JjxJfxh.d.ts +30 -0
package/dist/provider-qnh6YFNd.js +32 -0
package/dist/provider-registration-O7mvATZX.d.ts +6 -0
package/dist/provider-registry-CtFVQxwM.d.ts +8 -0
package/dist/provider-registry-DZxCJHb2.d.ts +8 -0
package/dist/provider-registry-DcUASGbX.d.ts +30 -0
package/dist/provider-runtime-CrrstiDP.d.ts +359 -0
package/dist/provider-self-hosted-setup-DKlGE8A7.d.ts +74 -0
package/dist/provider-session.runtime-DMjJXSkF.js +9 -0
package/dist/provider-session.runtime.js +1 -1
package/dist/provider-stream-C2vPdKh5.d.ts +140 -0
package/dist/provider-stream-shared-CslVTt39.d.ts +128 -0
package/dist/provider.runtime-D4ZzNUfo.js +2 -0
package/dist/provider.runtime.js +1 -1
package/dist/providers.runtime-CHPPEG1J.d.ts +25 -0
package/dist/public-surface-loader-COAaBDuY.js +114 -0
package/dist/pw-ai-4Dk5FtCe.js +3029 -0
package/dist/pw-role-snapshot-CuQzm5NK.js +333 -0
package/dist/reaction-level-ZgH5HPmP.js +19 -0
package/dist/reaction-runtime-api-lrZlU8Ab.js +116 -0
package/dist/realtime-transcription-Brox5yj7.d.ts +43 -0
package/dist/realtime-transcription-provider-Ai-XHtXs.js +205 -0
package/dist/realtime-transcription-provider-B9DWwCuO.d.ts +32 -0
package/dist/realtime-transcription-provider-CGhoGie3.d.ts +28 -0
package/dist/realtime-transcription-provider-Dau7Zk9V.d.ts +37 -0
package/dist/realtime-transcription-provider-WgtPbRJc.d.ts +5 -0
package/dist/realtime-voice-C5Xiylos.d.ts +333 -0
package/dist/realtime-voice-provider-DUPM9wyW.d.ts +5 -0
package/dist/register-CDhBb-x0.js +2178 -0
package/dist/register.agent-DBiFgnVA.js +156 -0
package/dist/register.crestodian-BxWP7RD3.js +24 -0
package/dist/register.maintenance-CnCvd-hk.js +83 -0
package/dist/register.runtime-BcgdXzLA.d.ts +6 -0
package/dist/register.runtime-CihNYXEU.js +54 -0
package/dist/register.status-health-sessions-B0aNyEHy.js +282 -0
package/dist/register.subclis-CLGUU8xn.js +31 -0
package/dist/register.subclis-DwHGcc-o.js +3 -0
package/dist/register.subclis-core-BtmmMq6c.js +273 -0
package/dist/registry-DnnBulh_.d.ts +91 -0
package/dist/registry-types-BQ26lhRo.d.ts +392 -0
package/dist/repair-sequencing-BjZ6HdVL.js +640 -0
package/dist/reply-delivery-7xtGUhB9.js +196 -0
package/dist/reply-runtime-Bts14dIE.js +11 -0
package/dist/reply.runtime-BPyCiEfV.js +2 -0
package/dist/reply.runtime.js +1 -1
package/dist/request-CXg-P0JT.js +54 -0
package/dist/resolve-allowlist-DFQmlgMw.js +220 -0
package/dist/result-fallback-classifier-zyED1xtr.js +79 -0
package/dist/route-C_y4jDQj.js +469 -0
package/dist/route-resolution-Ds3w61Lx.js +274 -0
package/dist/routes-CTG90Mv3.js +2 -0
package/dist/routes-CxTVR0cX.js +3602 -0
package/dist/run-DkpOzywN.js +1162 -0
package/dist/run-attempt-C8drUXdL.js +7704 -0
package/dist/run-command-BFRAg7du.js +23 -0
package/dist/run-command-DdJMIAJV.js +2 -0
package/dist/run-embedded.runtime-LQMkpF2y.js +4 -0
package/dist/run-embedded.runtime.js +1 -1
package/dist/run-execution-cli.runtime-0FeH38Px.js +4 -0
package/dist/run-execution-cli.runtime.js +1 -1
package/dist/run-executor.runtime.js +1 -1
package/dist/run-subagent-registry.runtime-DpPQTC66.js +2 -0
package/dist/run-subagent-registry.runtime.js +1 -1
package/dist/runtime-B3ogObAE.js +438 -0
package/dist/runtime-CPmMLEBj.js +1287 -0
package/dist/runtime-CiJ6IGJc.js +6179 -0
package/dist/runtime-api-BIeJjKVB.js +13 -0
package/dist/runtime-api-BWSHkISv.js +3 -0
package/dist/runtime-api-C2HmJspc.js +13 -0
package/dist/runtime-api-C4WThy-0.js +24 -0
package/dist/runtime-api-CTym-WGW.js +21 -0
package/dist/runtime-api-QSTydHlX.js +17 -0
package/dist/runtime-api-XBWYmn8F.js +4 -0
package/dist/runtime-api.actions-bGxji7I2.js +3 -0
package/dist/runtime-api.monitor-5-ucdxYA.d.ts +3757 -0
package/dist/runtime-api.monitor-e7p7IfH1.js +6 -0
package/dist/runtime-api.send-BttKZW-F.d.ts +38 -0
package/dist/runtime-api.send-COhoRdi6.js +4 -0
package/dist/runtime-api.threads-DFYlu1e-.js +2 -0
package/dist/runtime-channel-CUJifY4W.js +2 -0
package/dist/runtime-channel-CZWoqFu0.js +150 -0
package/dist/runtime-embedded-pi.runtime-BIxr-MBr.js +2 -0
package/dist/runtime-embedded-pi.runtime.js +1 -1
package/dist/runtime-taskflow-Co1PrqbP.d.ts +435 -0
package/dist/sanitize-outbound-DS3EW4FZ.js +127 -0
package/dist/sdk-setup-tools-Dbu0ISil.js +8 -0
package/dist/secrets-B2FsNqik.js +113 -0
package/dist/security-audit-7dSJt583.js +118 -0
package/dist/security-audit-C7nv2f1p.js +122 -0
package/dist/security-audit.runtime-BjFxH4oO.js +2 -0
package/dist/security-audit.runtime.js +1 -1
package/dist/selection-CNuMWlGI.js +3 -0
package/dist/selection-DSrTbfdV.js +16157 -0
package/dist/send-Bt7s80wR.js +143 -0
package/dist/send-CinwCGAp.js +1631 -0
package/dist/send-Dhc5pazQ.js +192 -0
package/dist/send-Dz6aPmRx.js +2 -0
package/dist/send.components-C6Vc715w.js +2 -0
package/dist/send.components-CZQvbNpy.js +500 -0
package/dist/send.runtime-DjcCJNHz.js +2 -0
package/dist/send.runtime.js +1 -1
package/dist/server-C7zyrFv9.js +73 -0
package/dist/server-DP_Qxv9p.js +24 -0
package/dist/server-close.runtime.d.ts +1 -1
package/dist/server-close.runtime.js +1 -1
package/dist/server-context-9btqwxTM.js +2 -0
package/dist/server-context-BWN2z4-J.js +955 -0
package/dist/server-cron-ClWdOpAE.js +2989 -0
package/dist/server-cron-DUfOPQkW.js +2 -0
package/dist/server-maintenance-B4tgrBO5.js +167 -0
package/dist/server-methods-BM3XCIWG.js +16494 -0
package/dist/server-node-events-BUL_qMQZ.js +596 -0
package/dist/server-plugin-bootstrap-D8ECRLtf.js +70 -0
package/dist/server-plugins-ClApYARY.js +432 -0
package/dist/server-reload-handlers-BsTBOEdp.js +714 -0
package/dist/server-restart-sentinel-7LRUDz6N.js +2 -0
package/dist/server-restart-sentinel-DTf-yNzJ.js +747 -0
package/dist/server-runtime-services-3hlgWAb8.js +2 -0
package/dist/server-runtime-services-D4epI5_k.js +267 -0
package/dist/server-startup-early-C_ZWIblP.js +87 -0
package/dist/server-startup-plugins-v2iGMqTe.js +113 -0
package/dist/server-startup-post-attach-CNe0QrNc.js +716 -0
package/dist/server-ws-runtime-hH14LVjT.js +349 -0
package/dist/server.impl-VrV1FexC.js +2586 -0
package/dist/service-CLQYUJAj.js +1446 -0
package/dist/session-binding-B8dvxX2y.js +2 -0
package/dist/session-binding-C2GrKek4.js +219 -0
package/dist/session-kill-http-hFb4-8bg.js +121 -0
package/dist/session-reset-service-CnDZw4-5.js +625 -0
package/dist/session-route-D1tSy-VJ.js +93 -0
package/dist/session-status.runtime-BdpmXmcH.js +2 -0
package/dist/session-status.runtime.js +1 -1
package/dist/session-subagent-reactivation.runtime-DUrd5FpN.js +2 -0
package/dist/session-subagent-reactivation.runtime.js +1 -1
package/dist/session-tab-registry-DRhbHQEm.js +521 -0
package/dist/sessions-history-http-D2K0mGDk.js +430 -0
package/dist/sessions.runtime-CfWr4fEQ.js +2 -0
package/dist/sessions.runtime.js +1 -1
package/dist/setup-api-COkXH76p.js +29 -0
package/dist/setup-core-BdWBmyOC.js +174 -0
package/dist/setup-surface-BV6Wc_S1.js +405 -0
package/dist/setup-surface-CXqLNgjz.js +221 -0
package/dist/setup-surface-Dl-mS95G.js +288 -0
package/dist/setup-surface-Dn-hYgTO.js +320 -0
package/dist/shared-2-FiBN51.d.ts +115 -0
package/dist/shared-client-BAvec-HA.js +2 -0
package/dist/shared-client-Bk01En7M.js +629 -0
package/dist/shared-soPxo6JL.js +121 -0
package/dist/side-question-BAXAMJru.js +683 -0
package/dist/simple-completion-runtime-JMnVclQ6.d.ts +73 -0
package/dist/skill-tool-dispatch.runtime-DaMjMQII.js +143 -0
package/dist/skill-tool-dispatch.runtime.js +1 -1
package/dist/slash-state-BZ06y0To.js +2166 -0
package/dist/speech-CmQkc7zi.d.ts +47 -0
package/dist/speech-core-CVkLGUxG.d.ts +36 -0
package/dist/speech-provider-B73iu4fH.d.ts +5 -0
package/dist/speech-provider-BEBH8vyF.d.ts +34 -0
package/dist/speech-provider-BhCRdoMK.d.ts +8 -0
package/dist/speech-provider-Cf1PVMAj.d.ts +8 -0
package/dist/speech-provider-DdEPWhuR.d.ts +5 -0
package/dist/speech-provider-DwB37Ie_.js +184 -0
package/dist/speech-provider-ECom8JiZ.d.ts +5 -0
package/dist/src-BsqijqVt.js +4256 -0
package/dist/startup-context-CFODg9YM.js +313 -0
package/dist/status-D3n01dp5.js +4 -0
package/dist/status-DbZB702Q.js +3 -0
package/dist/status-all-CCV1CGJz.js +573 -0
package/dist/status-json-DZAKQD2Y.js +14 -0
package/dist/status-json-command-BSE_pTG-.js +84 -0
package/dist/status-runtime-shared-CKt3t6sE.js +283 -0
package/dist/status-subagents.runtime-YuzmENDp.js +18 -0
package/dist/status-subagents.runtime.js +1 -1
package/dist/status-text-D9Zi8UnO.js +296 -0
package/dist/status.command-CBTSvOW1.js +420 -0
package/dist/status.command-CBnJpuXq.js +2 -0
package/dist/status.command.text-runtime-VNORbsBS.js +15 -0
package/dist/status.scan-BMinf8AZ.js +68 -0
package/dist/status.scan-overview-B6kfuktS.js +444 -0
package/dist/status.scan.fast-json-CRT_aiEX.js +2 -0
package/dist/status.scan.fast-json-DmoXxjwC.js +127 -0
package/dist/status.scan.runtime-mccN052p.js +479 -0
package/dist/status.scan.runtime.js +1 -1
package/dist/status.update-DAbNKHAA.js +86 -0
package/dist/status.update-Dj_UDfud.js +2 -0
package/dist/sticker-cache-B_K5GK1F.js +206 -0
package/dist/sticker-vision.runtime-CLXVetAJ.js +17 -0
package/dist/sticker-vision.runtime.js +1 -1
package/dist/stream-CYHgCxMh.d.ts +5 -0
package/dist/stream-D8Ytt_tB.d.ts +120 -0
package/dist/stream-DX9I-gkW.d.ts +19 -0
package/dist/stream-DjL6Gw2C.d.ts +16 -0
package/dist/stream-m7GKt3W2.d.ts +10 -0
package/dist/stream-wrappers-UyEQes6p.d.ts +21 -0
package/dist/subagent-announce-CYVKLzpF.js +354 -0
package/dist/subagent-announce-delivery-DGlpzYtu.js +958 -0
package/dist/subagent-control-DdpvJydn.js +508 -0
package/dist/subagent-hooks-CJ38n1yI.js +116 -0
package/dist/subagent-hooks-CM8d7uom.js +230 -0
package/dist/subagent-hooks-CWXgYgeR.js +2 -0
package/dist/subagent-hooks-ChZlZfOE.js +146 -0
package/dist/subagent-hooks-CsHFqBnn.js +2 -0
package/dist/subagent-hooks-J6Z1owZi.js +2 -0
package/dist/subagent-hooks-api-C6FcvHTT.js +23 -0
package/dist/subagent-hooks-api-Cjv3KxcX.js +23 -0
package/dist/subagent-hooks-api-DWfQ0N2_.js +22 -0
package/dist/subagent-orphan-recovery-C2iu65pp.js +352 -0
package/dist/subagent-registry-C__l22X7.js +2351 -0
package/dist/subagent-registry-DsGh1uuc.js +3 -0
package/dist/subagent-registry.runtime.js +1 -1
package/dist/subagent-session-cleanup-BJK0KFuz.js +525 -0
package/dist/subagent-spawn-xX_hbBgM.js +1164 -0
package/dist/target-id-BcuunvtM.js +107 -0
package/dist/targets-BgRpAISD.js +19 -0
package/dist/targets-BynqpysF.js +19 -0
package/dist/targets-D-0Biv4s.d.ts +10 -0
package/dist/targets-S-Pmze3w.d.ts +10 -0
package/dist/targets-noUOYK7d.js +44 -0
package/dist/task-registry-control.runtime.js +1 -1
package/dist/telegram/token.js +1 -1
package/dist/testing-B0wf2Ir6.js +267 -0
package/dist/text-report-DK79dOC4.js +695 -0
package/dist/thinking-policy-B31-nCQk.d.ts +5 -0
package/dist/thread-bindings-BQal3jZo.js +8 -0
package/dist/thread-bindings-BfMLiM2l.js +228 -0
package/dist/thread-bindings-DJ8RMaTI.js +571 -0
package/dist/thread-bindings-nJ5yQbn5.js +232 -0
package/dist/thread-bindings.discord-api-Cy9zlCKJ.js +187 -0
package/dist/thread-bindings.manager-BN6EeBr_.js +536 -0
package/dist/thread-bindings.manager-REfgswjE.js +2 -0
package/dist/thread-lifecycle-Di28EHnZ.js +1614 -0
package/dist/token-CkH7nFWY.js +134 -0
package/dist/tool-DqzQ3obs.js +139 -0
package/dist/tool-actions.runtime--jhK-xmj.js +534 -0
package/dist/tool-actions.runtime.js +1 -1
package/dist/tool-plugin-B9aQw4fj.d.ts +77 -0
package/dist/tool-resolution-D1-4S4j9.js +149 -0
package/dist/tool-split-zov3PauL.d.ts +19 -0
package/dist/tools-effective-inventory-JOMz2Ra6.js +204 -0
package/dist/tools-invoke-http-C9N441MA.js +67 -0
package/dist/tools-invoke-shared-DfSLo2Tr.js +200 -0
package/dist/transport-stream-3OMu_lV2.d.ts +42 -0
package/dist/tts-DAeWj9Bb.js +66 -0
package/dist/tui-CTCn5piF.js +4709 -0
package/dist/tui-backend-By5bSm4p.js +256 -0
package/dist/tui-cli-DTPrRo4_.js +37 -0
package/dist/tui-t_WAdGfV.js +2 -0
package/dist/types-D3enA0Vx.d.ts +786 -0
package/dist/types-DHSQkzyq2.d.ts +3650 -0
package/dist/types.public-DHQb4Kl9.d.ts +70 -0
package/dist/update-check-Dvu5Z_Jp.js +407 -0
package/dist/update-cli-Bd5_MzQC.js +3664 -0
package/dist/update-runner-B8GJeQ12.js +2390 -0
package/dist/update-startup-B86---uS.js +2 -0
package/dist/update-startup-C2tCNZ7v.js +339 -0
package/dist/video-generation-runtime-Dj060lga.d.ts +21 -0
package/dist/video-model-catalog-CQ-f89xh.d.ts +16 -0
package/dist/vision-tools-mjhp5ZJQ.js +1409 -0
package/dist/web-search-DznJdih_.js +62 -0
package/dist/web-search-provider.runtime-CbIP4C_P.js +328 -0
package/dist/web-search-provider.runtime-D74o1ayv.js +2 -0
package/dist/web-search-provider.runtime.js +1 -1
package/dist/webhook-targets-Bixk4LO_.d.ts +99 -0
package/dist/xai-oauth-B2dU9w_h.js +479 -0
package/dist/xai-user-agent-CD1kt9ys.js +32 -0
package/package.json +1 -1
package/dist/abort-DbmSukS6.js +0 -277
package/dist/abort.runtime-DfTphPUe.js +0 -2
package/dist/account-inspect-CrOeeGkg.js +0 -173
package/dist/accounts-CF5wlCaC.js +0 -119
package/dist/accounts-CfFTGexZ.js +0 -107
package/dist/accounts-Cr9iBKG5.js +0 -2
package/dist/accounts-DdAZRSd-.js +0 -107
package/dist/acp-runtime-B1CfWEsR.js +0 -26
package/dist/acp-spawn-Bq8RHmXn.js +0 -1275
package/dist/acp-spawn-BxyX0qDU.js +0 -2
package/dist/acp-stateful-target-driver-y9Vk9ZkZ.js +0 -89
package/dist/action-kill-Xr3eQUBu.js +0 -33
package/dist/action-runtime-CweBFa8U.js +0 -469
package/dist/action-runtime-api-DZY1J62H.js +0 -2
package/dist/action-send-HdOQtFcz.js +0 -39
package/dist/action-spawn-DWrPplrX.js +0 -47
package/dist/actions-zZzXK7Ic.js +0 -161
package/dist/actions.runtime-CK0aV6y4.js +0 -5
package/dist/agent-command-DB0sppso.js +0 -1367
package/dist/agent-components.runtime-Drdzm2-F.js +0 -10
package/dist/agent-harness-BAdIuhgp.d.ts +0 -146
package/dist/agent-harness-runtime-Btzminw9.js +0 -180
package/dist/agent-harness-runtime-Dsl-hUeN.d.ts +0 -691
package/dist/agent-harness-task-runtime-DWiDnwnT.js +0 -140
package/dist/agent-nenZtwAX.js +0 -3
package/dist/agent-runner-execution-Cun_PNBn.js +0 -1713
package/dist/agent-runner-utils-BfF--s17.js +0 -266
package/dist/agent-runner.runtime-vxDguHci.js +0 -3455
package/dist/agent-runtime-C5xeqCn8.js +0 -229
package/dist/agent-svdKN_62.js +0 -2
package/dist/agent-via-gateway-DQa8cmBa.js +0 -463
package/dist/api-BQxP3H11.js +0 -134
package/dist/api-CMMiQOJ0.d.ts +0 -52
package/dist/api-CT5SnVgO.js +0 -2
package/dist/api-CtX70NwR.js +0 -2
package/dist/api-CvUdFHq7.js +0 -6
package/dist/api-DG9oHhm4.js +0 -639
package/dist/api-DzfMdJ46.js +0 -3
package/dist/apply-D8UoOoVD.js +0 -41
package/dist/apply-DrHwBR1D.js +0 -54
package/dist/approval-handler.runtime-CT8PWJ9W.js +0 -130
package/dist/assistant-ByynDFnI.js +0 -291
package/dist/attachment-normalize-DEAS_ziY.js +0 -225
package/dist/attempt-execution-CQUmv8x2.js +0 -558
package/dist/attempt-execution.runtime-AZYQQuAv.js +0 -3
package/dist/attempt-execution.shared-2ZOaCHct.js +0 -38
package/dist/attempt.prompt-helpers-B7ano4Xa.js +0 -475
package/dist/attempt.tool-run-context-DBta4Vhq.js +0 -2094
package/dist/binding-routing-DYUUioo1.js +0 -113
package/dist/binding-targets-DthC_zAF.js +0 -121
package/dist/bot-CHP8Hnzo.js +0 -7894
package/dist/bot-deps-CLDgPV_x.js +0 -747
package/dist/bot-deps-W9zVbYpY.js +0 -2
package/dist/bot-message-context.runtime-B1-gGjAv.js +0 -7
package/dist/bot-message-context.session.runtime-DUtlPLJq.js +0 -12
package/dist/bot-native-commands.delivery.runtime-B2_Sb8-0.js +0 -4
package/dist/bot-native-commands.runtime-pplrKHcn.js +0 -13
package/dist/bridge-server-Du_qnIXr.js +0 -113
package/dist/browser-cli-B2-Lzvd1.js +0 -230
package/dist/browser-cli-actions-input-ZF6YYuIY.js +0 -473
package/dist/browser-cli-actions-observe-DWLHFME1.js +0 -81
package/dist/browser-cli-bTjCd41u.js +0 -2
package/dist/browser-cli-debug-lzd4l2hl.js +0 -137
package/dist/browser-cli-inspect-C5OnFKqx.js +0 -104
package/dist/browser-cli-manage-BofwSOgU.js +0 -443
package/dist/browser-cli-resize-CLs1i6Nu.js +0 -26
package/dist/browser-cli-shared-6Jygx3GN.js +0 -50
package/dist/browser-cli-state-BdoHl8ny.js +0 -337
package/dist/browser-control-auth-DuI4vfIv.js +0 -2
package/dist/browser-profiles-DkblgTjb.js +0 -2
package/dist/browser-runtime-BiJKNDAE.js +0 -384
package/dist/build-CrC0bToI.js +0 -257
package/dist/bundled-channel-config-schema-Dq9GyGkV.d.ts +0 -3163
package/dist/call-C_O9lFB3.d.ts +0 -43
package/dist/capability-cli-BHlS8tBg.js +0 -1782
package/dist/channel-3bHGABHQ.d.ts +0 -104
package/dist/channel-5iqpbW6B.js +0 -867
package/dist/channel-B1qFfjbe.d.ts +0 -7
package/dist/channel-BGGj7Wjy.d.ts +0 -14
package/dist/channel-BW3tbxJQ.js +0 -1496
package/dist/channel-BWo67yh1.js +0 -2126
package/dist/channel-Bppi3FMK.d.ts +0 -12
package/dist/channel-Bq52osTf.d.ts +0 -8
package/dist/channel-Bs3DZFPq.d.ts +0 -106
package/dist/channel-BsDZhXfM.js +0 -362
package/dist/channel-BstFikSc.d.ts +0 -427
package/dist/channel-C95y8CWt.js +0 -1556
package/dist/channel-CMKGn1i6.js +0 -376
package/dist/channel-CMUiDCTQ.js +0 -740
package/dist/channel-CNvxy1bb.js +0 -808
package/dist/channel-COW85E9X.d.ts +0 -8
package/dist/channel-CQzh6Wn1.js +0 -653
package/dist/channel-CWr2KVGU.d.ts +0 -26
package/dist/channel-CchnfGMs.js +0 -481
package/dist/channel-CjWH9zRX.js +0 -1777
package/dist/channel-CjZoZfa2.js +0 -238
package/dist/channel-CjboShyl.d.ts +0 -6
package/dist/channel-CkKzMzC_.d.ts +0 -114
package/dist/channel-Cug3Bamu.d.ts +0 -28
package/dist/channel-D4fHzRMz.d.ts +0 -7
package/dist/channel-DKHlpUHA.js +0 -1134
package/dist/channel-DQivVI_l.d.ts +0 -64
package/dist/channel-DcxcCY8j.d.ts +0 -8
package/dist/channel-DhZvHOpE.js +0 -562
package/dist/channel-DkFslMm5.d.ts +0 -47
package/dist/channel-DtL_IvqV.js +0 -508
package/dist/channel-GdNHqdaw.js +0 -1249
package/dist/channel-ZkqVX5SL.js +0 -955
package/dist/channel-actions.runtime-DYiOBQDx.js +0 -265
package/dist/channel-core-CiUQ9zxC.js +0 -5
package/dist/channel-core-iRU5FnZE.d.ts +0 -6
package/dist/channel-entry-contract-UMXaNqZx.d.ts +0 -112
package/dist/channel-inbound-Ctv6wSJ3.js +0 -80
package/dist/channel-jbiJFUAA.d.ts +0 -49
package/dist/channel-plugin-runtime-CgGpeLjf.js +0 -998
package/dist/channel-plugin-runtime-D9Gl8DZ6.d.ts +0 -7
package/dist/channel-runtime-CPbfvG0l.js +0 -408
package/dist/channel.runtime-5ebeoN8j.js +0 -1008
package/dist/channel.runtime-B2Olk7LG.js +0 -4
package/dist/channel.runtime-B4CnXDGx.js +0 -652
package/dist/channel.runtime-BzLoF_dR.js +0 -21009
package/dist/channel.runtime-CNCIcAd6.js +0 -109
package/dist/channel.runtime-C_--rR-H.js +0 -88
package/dist/channel.runtime-CmK77Uxp.js +0 -254
package/dist/channel.runtime-DF5K3pkO.js +0 -2528
package/dist/channel.runtime-iKNOt2eM.js +0 -733
package/dist/channel.setup-BMuqTkrm.d.ts +0 -7
package/dist/channel.setup-CxvbmJQ2.js +0 -343
package/dist/channel.setup-CzdDnMh7.js +0 -1098
package/dist/channel.setup-DFIibepr.d.ts +0 -8
package/dist/channel.setup-Sku9g-22.js +0 -10
package/dist/channel.setup-qFWXWApC.d.ts +0 -6
package/dist/chat-BV-WLur6.js +0 -2666
package/dist/chrome-CBr1Nlj5.js +0 -1503
package/dist/cli-BIp6XQcZ.d.ts +0 -20
package/dist/cli-backend-7jHQ_xIa.d.ts +0 -5
package/dist/cli-backend-BGrt9NcX.d.ts +0 -5
package/dist/cli-compaction-CzfXx99c.js +0 -347
package/dist/cli-lsMRD5BD.js +0 -1341
package/dist/cli-metadata-Cpdwx3O7.js +0 -22
package/dist/cli-runner-DFh20BoX.js +0 -2
package/dist/cli-runner-DjgUGfBa.js +0 -540
package/dist/cli-runner.runtime-Cjd2VdQI.js +0 -3
package/dist/cli-runner.runtime-uAtVtWM7.js +0 -4
package/dist/cli-shared-BXoHwlQv.d.ts +0 -20
package/dist/client-D-yT6rne.js +0 -650
package/dist/client-adapter-PXk4JoQR.js +0 -897
package/dist/client-factory-C9zVXY0y.js +0 -9
package/dist/command-auth-PrmmYdot.js +0 -135
package/dist/command-handlers-DuHt0qVp.js +0 -1609
package/dist/command-registry-B_v8R74Z.js +0 -4
package/dist/command-registry-QvQgQxqT.js +0 -9
package/dist/command-registry-core-dLVpK66o.js +0 -110
package/dist/command-status.runtime-DM3aUyTe.js +0 -90
package/dist/commands-BF90P53c.d.ts +0 -113
package/dist/commands-acp-DzUZwawt.js +0 -74
package/dist/commands-compact.runtime-B6-Vv1CH.js +0 -10
package/dist/commands-handlers.runtime-CaTYrYbd.js +0 -6154
package/dist/commands-status-NuvnoSL-.js +0 -16
package/dist/commands-status-SMWi-mj9.js +0 -3
package/dist/commands-status.runtime-SMWi-mj9.js +0 -3
package/dist/commands-subagents-control.runtime-Cm9cxI8S.js +0 -2
package/dist/commands-subagents-control.runtime-e7gSoCXL.js +0 -3
package/dist/commands-system-prompt-C9pVUDbu.js +0 -162
package/dist/commands-system-prompt-JP4vOPVK.js +0 -2
package/dist/commands.runtime-Dg6eg0rn.js +0 -176
package/dist/compact-B2rH1SUd.js +0 -480
package/dist/compact-D80suJg8.js +0 -1141
package/dist/compact.runtime-D8nzDxmY.js +0 -12
package/dist/completion-cli-DWxWi4aD.js +0 -315
package/dist/components-D9TlXmrM.d.ts +0 -228
package/dist/components.modal-F1ooc12a.d.ts +0 -568
package/dist/computer-use-BGvZ1YTf.js +0 -367
package/dist/config-DV-fdSq3.js +0 -373
package/dist/config-DkblgTjb.js +0 -2
package/dist/config-mutations-DsTp_oTJ.js +0 -159
package/dist/config-schema-1Rq_tK9x.d.ts +0 -20
package/dist/context-engine-host-compat-BwIxzf7F.js +0 -2
package/dist/context-engine-host-compat-CXhSw3Ub.js +0 -288
package/dist/context-engine-lifecycle-CxxoOuT8.js +0 -1274
package/dist/contracts-testkit-CkDBPri-.d.ts +0 -145
package/dist/control-auth-Bb_hAwJF.js +0 -114
package/dist/control-service-Dom28xYt.js +0 -145
package/dist/control-ui/assets/agents-8-THqDFl.js +0 -1008
package/dist/control-ui/assets/channel-config-extras-B5hwzwVQ.js +0 -2
package/dist/control-ui/assets/channels-DTrsR3i5.js +0 -367
package/dist/control-ui/assets/cron-u6eW1T62.js +0 -1013
package/dist/control-ui/assets/debug-Bct0MI1V.js +0 -97
package/dist/control-ui/assets/index-BUfyv2kl.js +0 -7406
package/dist/control-ui/assets/instances-C9tRY_VR.js +0 -57
package/dist/control-ui/assets/logs-CdzoG4_t.js +0 -74
package/dist/control-ui/assets/nodes-p7_ysgvS.js +0 -436
package/dist/control-ui/assets/sessions-nkfdptx_.js +0 -399
package/dist/control-ui/assets/skills-CyCRwu_E.js +0 -314
package/dist/control-ui/assets/skills-shared-DKx7iJVp.js +0 -11
package/dist/conversation-binding-runtime-BXeidhrY.js +0 -4
package/dist/conversation-runtime-Das7yftQ.js +0 -31
package/dist/core-AxrxO8_x.js +0 -282
package/dist/core-D7u6inkU.d.ts +0 -224
package/dist/core-api-BL4BNR1C.js +0 -5
package/dist/core-api-Bnc3J2fe.js +0 -2
package/dist/crestodian-CnfWHGFm.js +0 -55
package/dist/daocore-runtime-DhGitUyP.d.ts +0 -151
package/dist/daocore-tools-C1WpZGCu.js +0 -11727
package/dist/delivery--FvYHWJO.js +0 -1002
package/dist/dialogue-B40qxVGM.js +0 -37
package/dist/dir-fetch-tool-fbOAtLfN.js +0 -565
package/dist/dir-list-tool-BQ3k3hKf.js +0 -100
package/dist/direct-dm-CuNsmrdk.js +0 -64
package/dist/directive-handling.fast-lane-CQYYvYi_.js +0 -68
package/dist/directive-handling.impl-DoLFcRUI.js +0 -2
package/dist/directive-handling.impl-RsdNckR4.js +0 -818
package/dist/directive-handling.model-selection-Ad4n0BBf.js +0 -122
package/dist/directive-handling.persist.runtime-Dq8SQvB4.js +0 -263
package/dist/dispatch-Bmw9mO6a.js +0 -1640
package/dist/dispatch-acp-transcript.runtime-B7DKK79t.js +0 -40
package/dist/dispatch-acp.runtime-cVH58wGq.js +0 -18
package/dist/doctor-HffoL5ik.js +0 -6
package/dist/doctor-Qg1Gj0PC.js +0 -2
package/dist/doctor-config-flow-Dudp0oO_.js +0 -1741
package/dist/doctor-core-checks-BTvmehLq.js +0 -573
package/dist/doctor-core-checks-CcacCMGd.js +0 -2
package/dist/doctor-health-DIu25ot8.js +0 -65
package/dist/doctor-health-contributions-ZQUAiwng.js +0 -696
package/dist/doctor-lint-C8RjoIYq.js +0 -94
package/dist/doctor-state-integrity-D5NJcM0t.js +0 -1231
package/dist/doctor-update-07o96Num.js +0 -58
package/dist/dynamic-tools-BSIfb0RP.js +0 -486
package/dist/embedded-backend-499B1IIV.js +0 -579
package/dist/embedded-gateway-stub.runtime-Bqr2Z4Co.js +0 -12
package/dist/embedding-provider-BZTPwWKb.d.ts +0 -21
package/dist/embedding-provider-CSexv_6m.d.ts +0 -16
package/dist/embedding-provider-VAxs8MlT.d.ts +0 -65
package/dist/exec-approvals-ClTqhSd7.js +0 -149
package/dist/file-fetch-tool-CJu8umi9.js +0 -124
package/dist/file-write-tool-Dz49CI0K.js +0 -127
package/dist/format-DBhooCE7.js +0 -1145
package/dist/format-DCronAhx.js +0 -250
package/dist/gateway-cli-D21vxek0.js +0 -435
package/dist/gateway-method-runtime-qsRZHdfx.js +0 -21
package/dist/gateway-runtime-DB-OXh4s.d.ts +0 -163
package/dist/gemini-cli-provider-DbhcYwoe.d.ts +0 -6
package/dist/get-reply-D140C4TM.js +0 -4689
package/dist/get-reply-from-config.runtime-CaM7M0Zp.js +0 -2
package/dist/graph-users-cBY7anTM.js +0 -1419
package/dist/group-access-CZOQhsjs.js +0 -112
package/dist/handle-action.guild-admin-DjuZqjM2.js +0 -288
package/dist/harness-XL58LNpX.js +0 -61
package/dist/health-CFPXXpFW.js +0 -4
package/dist/health-state-Bp0DOLCD.js +0 -106
package/dist/heartbeat-runner-D_o-itnk.js +0 -5
package/dist/heartbeat-runner.runtime-CPVGa3Gd.js +0 -4
package/dist/hooks-Bx3n6o-5.js +0 -534
package/dist/http-registry-CvWunWhG.d.ts +0 -23
package/dist/image-generation-runtime-Bmuyaswz.d.ts +0 -21
package/dist/inbound-direct-dm-runtime-6nIJyODo.js +0 -2
package/dist/inbound-reply-dispatch-CoeXQvL6.js +0 -148
package/dist/index-UJCqyZjG.d.ts +0 -3971
package/dist/init-C8Yc8LlO.js +0 -59
package/dist/inline-buttons-BMPhhfsN.js +0 -40
package/dist/interactive-dispatch-BAQobp1L.d.ts +0 -56
package/dist/interactive-dispatch-VY7vCm4F.d.ts +0 -143
package/dist/internal-events-BS1EMi0C.js +0 -90
package/dist/isolated-agent-Ct_AYfLb.js +0 -2
package/dist/isolated-agent-DxVGoLjs.js +0 -1118
package/dist/lifecycle-CGcqxM3V.js +0 -571
package/dist/list.probe-R_AqbwD1.js +0 -449
package/dist/list.status-command-DcaLppGJ.js +0 -789
package/dist/llm-slug-generator-Bz1MaPt1.js +0 -78
package/dist/loader-Dkh4Y7sQ.d.ts +0 -142
package/dist/local-dispatch.runtime-DnXAlwr7.js +0 -9
package/dist/manager-BOuQY5Cm.d.ts +0 -356
package/dist/manager.runtime-1A0jFsbF.js +0 -2714
package/dist/markdown-to-line-Gq4y1nH-.js +0 -811
package/dist/mcp-http-BMgo3eu6.js +0 -2
package/dist/mcp-http-BdgsyrHJ.js +0 -555
package/dist/media-understanding-provider-CYrAwQ2G.js +0 -339
package/dist/memory-core-host-engine-storage-DE_xj2Bc.d.ts +0 -54
package/dist/memory-embedding-adapter-CB6OgeAj.d.ts +0 -5
package/dist/message-actions-DoFxM22K.js +0 -145
package/dist/message-handler-CEvRtI9d.js +0 -384
package/dist/message-handler-CJclaiC-.js +0 -1715
package/dist/message-handler.preflight-DDVS50X3.js +0 -1125
package/dist/message-handler.process-BuFXf8os.js +0 -1484
package/dist/migration-DypFGBwg.d.ts +0 -45
package/dist/model-B--RdZDR.d.ts +0 -33
package/dist/model-BqQrUk9a.js +0 -74
package/dist/model-selection-2Lm1qMLE.js +0 -272
package/dist/models-BNjZuv4X.d.ts +0 -24
package/dist/models-BjMdWXf2.js +0 -104
package/dist/models-cli-RRK90p8k.js +0 -256
package/dist/models-wWhwx_am.js +0 -2
package/dist/monitor-C7VAs-uK.js +0 -834
package/dist/monitor-CezSJDeG.js +0 -60
package/dist/monitor-Cnzchc9n.js +0 -2788
package/dist/monitor-Dcvw55ky.js +0 -4377
package/dist/monitor-DuxFMl7d.js +0 -715
package/dist/monitor-DxrfxRZL.js +0 -2
package/dist/monitor-auth-UPQgTP9Y.js +0 -179
package/dist/monitor-fYdQKsGp.js +0 -1370
package/dist/monitor-polling.runtime-Db4NoLLg.js +0 -883
package/dist/monitor-wcLtLTfx.js +0 -1657
package/dist/monitor-webhook.runtime-DAr7kRbV.js +0 -387
package/dist/monitor.account-C1mUBkKA.js +0 -5233
package/dist/monitor.runtime-Bqj8vHGY.js +0 -2
package/dist/monitor.webhook-Ir3T5B1s.js +0 -180
package/dist/node-cli-sessions-MBQKJyrs.js +0 -1228
package/dist/openai-codex-provider-DwXcOSqF.d.ts +0 -5
package/dist/openai-http-9jmQ2o9Z.js +0 -824
package/dist/openai-provider-CUJ-PaPI.d.ts +0 -5
package/dist/openresponses-http-C3-s16Dp.js +0 -1173
package/dist/operations-C1hhf_yC.js +0 -805
package/dist/outbound-adapter-C5zBbuVO.js +0 -543
package/dist/outbound-session-route-Bq_utu59.js +0 -45
package/dist/outbound.runtime-QHoe8EWX.js +0 -2
package/dist/pi-embedded-6xH25qP-.js +0 -4
package/dist/pi-embedded-CkcV64LR.js +0 -3796
package/dist/pi-embedded.runtime-CKpyReN5.js +0 -4
package/dist/pi-tools-BbGodehg.js +0 -2413
package/dist/plan-B_EcRdNP.js +0 -112
package/dist/plan-DmMZJkHt.js +0 -81
package/dist/plugin-BVI9qQnF.d.ts +0 -17
package/dist/plugin-CjfnnqXb.js +0 -12396
package/dist/plugin-app-cache-key-Dak7S3ax.js +0 -46
package/dist/plugin-enabled-B9wCs568.js +0 -233
package/dist/plugin-entry-DLQdGGuF.d.ts +0 -47
package/dist/plugin-registration-B3AVf0Xj.js +0 -88
package/dist/plugin-runtime-C0-rSvwU.d.ts +0 -117
package/dist/plugin-service-BeuNN5d5.d.ts +0 -24
package/dist/plugin-service-C2toP50L.js +0 -1229
package/dist/policy-B5jHUD04.js +0 -138
package/dist/policy-C7_EFtGD.js +0 -680
package/dist/prepare.runtime-C41yGgw-.js +0 -732
package/dist/preview-warnings-rfGY8dVy.js +0 -392
package/dist/probe-B0eSVoSm.js +0 -682
package/dist/probe-CqAGxL6l.js +0 -2
package/dist/probe-DFyoiqiI.js +0 -2204
package/dist/probe-hR0HWnET.js +0 -47
package/dist/program-CD73-5Xj.js +0 -131
package/dist/prompt-overlay-Byn_R8NU.d.ts +0 -23
package/dist/provider-B0ujadL5.js +0 -32
package/dist/provider-BxR_JJXW.js +0 -152
package/dist/provider-C9mKa8qP.js +0 -32
package/dist/provider-DbGPdInL.js +0 -8735
package/dist/provider-api-key-auth-Dx8L-t2_.d.ts +0 -27
package/dist/provider-auth-result-BNSiQhij.d.ts +0 -21
package/dist/provider-catalog-runtime-CHO5ynAJ.d.ts +0 -23
package/dist/provider-catalog-shared-CnjzKwdh.d.ts +0 -62
package/dist/provider-dispatcher-CGPKPaP5.js +0 -22
package/dist/provider-hook-runtime-Di9KibUS.d.ts +0 -61
package/dist/provider-model-shared-BdiLr8i6.d.ts +0 -143
package/dist/provider-models-Bhg840ah.d.ts +0 -12
package/dist/provider-policy-BQkPPnao.d.ts +0 -30
package/dist/provider-registration-Bmmz4ZeC.d.ts +0 -6
package/dist/provider-registry-CIIVRa6w.d.ts +0 -8
package/dist/provider-registry-DmGMS3NG.d.ts +0 -30
package/dist/provider-registry-nhvIqLQS.d.ts +0 -8
package/dist/provider-runtime-DXbh5hA1.d.ts +0 -359
package/dist/provider-self-hosted-setup-NeHRz9nM.d.ts +0 -74
package/dist/provider-session.runtime-DKkydJWv.js +0 -9
package/dist/provider-stream-C2CgRBk_.d.ts +0 -140
package/dist/provider-stream-shared-BVIP58k-.d.ts +0 -128
package/dist/provider.runtime-ChrWUTdG.js +0 -2
package/dist/providers.runtime-BxZZsCo6.d.ts +0 -25
package/dist/public-surface-loader-CMOWVmyY.js +0 -114
package/dist/pw-ai-mygsAPX7.js +0 -3029
package/dist/pw-role-snapshot-7_IMuYRR.js +0 -333
package/dist/reaction-level-DFUu127f.js +0 -19
package/dist/reaction-runtime-api-6LQnr6q_.js +0 -116
package/dist/realtime-transcription-RzONWH63.d.ts +0 -43
package/dist/realtime-transcription-provider-BCVZfRXn.d.ts +0 -37
package/dist/realtime-transcription-provider-BrLEXlzr.d.ts +0 -5
package/dist/realtime-transcription-provider-CmxyAofL.d.ts +0 -28
package/dist/realtime-transcription-provider-LrzigbIT.js +0 -205
package/dist/realtime-transcription-provider-tltowP27.d.ts +0 -32
package/dist/realtime-voice-XuxaWlNv.d.ts +0 -333
package/dist/realtime-voice-provider-CgwwfKxl.d.ts +0 -5
package/dist/register-B9TeJvXU.js +0 -2178
package/dist/register.agent-o9BDHbH2.js +0 -156
package/dist/register.crestodian-BOUP_Pon.js +0 -24
package/dist/register.maintenance-BC83-YdR.js +0 -83
package/dist/register.runtime-BSpRaqNT.d.ts +0 -6
package/dist/register.runtime-DSHYrjtd.js +0 -54
package/dist/register.status-health-sessions-BrkNpe59.js +0 -282
package/dist/register.subclis-BS5Lj5wU.js +0 -3
package/dist/register.subclis-QQq9COp0.js +0 -31
package/dist/register.subclis-core-DnNechJo.js +0 -273
package/dist/registry-BCQkqtgq.d.ts +0 -91
package/dist/registry-types-PnLnWFuJ.d.ts +0 -392
package/dist/repair-sequencing-CqjW4_hd.js +0 -640
package/dist/reply-delivery-KRwW1tqL.js +0 -196
package/dist/reply-runtime-SSrAwVeQ.js +0 -11
package/dist/reply.runtime-CaM7M0Zp.js +0 -2
package/dist/request-CatWtIoq.js +0 -54
package/dist/resolve-allowlist-Dxe9wc_Y.js +0 -220
package/dist/result-fallback-classifier-B3kvqc2o.js +0 -79
package/dist/route-BPWKlRDB.js +0 -469
package/dist/route-resolution-BhkvdIUP.js +0 -274
package/dist/routes-BOmtNSeT.js +0 -2
package/dist/routes-Cr9bRW8t.js +0 -3602
package/dist/run-attempt-DWBeHRdc.js +0 -7704
package/dist/run-command-DNNFNkbv.js +0 -23
package/dist/run-command-Kp7LWkQv.js +0 -2
package/dist/run-embedded.runtime-BxV8m38U.js +0 -4
package/dist/run-execution-cli.runtime-B9I1oAEO.js +0 -4
package/dist/run-subagent-registry.runtime-BIsbEmUD.js +0 -2
package/dist/run-vAv9-st8.js +0 -1162
package/dist/runtime-BXJM8M8F.js +0 -1287
package/dist/runtime-BodO4UZT.js +0 -438
package/dist/runtime-C_5j10Cp.js +0 -6179
package/dist/runtime-api-BbNLHCZ5.js +0 -24
package/dist/runtime-api-HUquGiJa.js +0 -4
package/dist/runtime-api-I6ur4A1S.js +0 -17
package/dist/runtime-api-MQL0v6n2.js +0 -13
package/dist/runtime-api-a340pYdX.js +0 -13
package/dist/runtime-api-g_pGO9f3.js +0 -21
package/dist/runtime-api-hLSYbpGH.js +0 -3
package/dist/runtime-api.actions-CawQ9WKM.js +0 -3
package/dist/runtime-api.monitor-DN3P4USq.js +0 -6
package/dist/runtime-api.monitor-LRfB_JTP.d.ts +0 -3757
package/dist/runtime-api.send-BIA6QfVI.js +0 -4
package/dist/runtime-api.send-BygcWA7R.d.ts +0 -38
package/dist/runtime-api.threads-DYnc3Jvu.js +0 -2
package/dist/runtime-channel-CYlRNrxR.js +0 -150
package/dist/runtime-channel-Ci0dC0Tq.js +0 -2
package/dist/runtime-embedded-pi.runtime-Wc_lZOzO.js +0 -2
package/dist/runtime-taskflow-Bwo7SO8T.d.ts +0 -435
package/dist/sanitize-outbound-BFrYI8F4.js +0 -127
package/dist/sdk-setup-tools-DLjnnh3Y.js +0 -8
package/dist/secrets-DibHCqDz.js +0 -113
package/dist/security-audit-CyMhUYN9.js +0 -122
package/dist/security-audit-DAk0I2g8.js +0 -118
package/dist/security-audit.runtime-DtdxZcEG.js +0 -2
package/dist/selection-BJ2yQ0yh.js +0 -16157
package/dist/selection-CJ3YNIjG.js +0 -3
package/dist/send-Ar9e_pA3.js +0 -1631
package/dist/send-BN-3u18j.js +0 -2
package/dist/send-BYlEXkEO.js +0 -143
package/dist/send-BusufuyP.js +0 -192
package/dist/send.components-C3FzEyYz.js +0 -500
package/dist/send.components-CMi7rcIs.js +0 -2
package/dist/send.runtime-D-nw3p-S.js +0 -2
package/dist/server-CJVI2gjZ.js +0 -24
package/dist/server-DZl7k4VX.js +0 -73
package/dist/server-context-BAAz3W-8.js +0 -2
package/dist/server-context-BLrLchWj.js +0 -955
package/dist/server-cron-CiyrI-WY.js +0 -2
package/dist/server-cron-CzhteL8F.js +0 -2989
package/dist/server-maintenance-CDfLZpYN.js +0 -167
package/dist/server-methods-DQ0gaIXu.js +0 -16494
package/dist/server-node-events-D1TywtBI.js +0 -596
package/dist/server-plugin-bootstrap-ByEZkPkc.js +0 -70
package/dist/server-plugins-CEZ-W7dG.js +0 -432
package/dist/server-reload-handlers-DDXJwZWE.js +0 -714
package/dist/server-restart-sentinel-C9l1iG1h.js +0 -747
package/dist/server-restart-sentinel-CyweyjEa.js +0 -2
package/dist/server-runtime-services-BQ08Hyco.js +0 -2
package/dist/server-runtime-services-BjKoAkjM.js +0 -267
package/dist/server-startup-early-Ctjir66B.js +0 -87
package/dist/server-startup-plugins-C_Y62xZe.js +0 -113
package/dist/server-startup-post-attach-DCAmn6Ct.js +0 -716
package/dist/server-ws-runtime-CvN63X_w.js +0 -349
package/dist/server.impl-yHI7jtXF.js +0 -2586
package/dist/service-mHxeSPC2.js +0 -1446
package/dist/session-binding-DtmTypDj.js +0 -2
package/dist/session-binding-xtRKSQOW.js +0 -219
package/dist/session-kill-http-GnTgzcvZ.js +0 -121
package/dist/session-reset-service-Bw6li9Te.js +0 -625
package/dist/session-route-D-PISLLo.js +0 -93
package/dist/session-status.runtime-jiGvxIDK.js +0 -2
package/dist/session-subagent-reactivation.runtime-B9QimjvS.js +0 -2
package/dist/session-tab-registry-BoqXuTYc.js +0 -521
package/dist/sessions-history-http-CG934aaV.js +0 -430
package/dist/sessions.runtime-Cl91aZ2M.js +0 -2
package/dist/setup-api-DAqXqbGP.js +0 -29
package/dist/setup-core-Czt7XqlN.js +0 -174
package/dist/setup-surface-CHETBocT.js +0 -405
package/dist/setup-surface-CVtEDUic.js +0 -320
package/dist/setup-surface-YW9INYKN.js +0 -288
package/dist/setup-surface-utUyMdYz.js +0 -221
package/dist/shared-CSQmYbeX.d.ts +0 -115
package/dist/shared-DwZ1ZQM4.js +0 -121
package/dist/shared-client-B2kMpTHH.js +0 -2
package/dist/shared-client-DHJbz0yn.js +0 -629
package/dist/side-question-Dlr5pcZK.js +0 -683
package/dist/simple-completion-runtime-C8xGogR1.d.ts +0 -73
package/dist/skill-tool-dispatch.runtime-CbDumhVh.js +0 -143
package/dist/slash-state-BxzZ0Rmv.js +0 -2166
package/dist/speech-CZ5gvq-1.d.ts +0 -47
package/dist/speech-core-UlM7sC1c.d.ts +0 -36
package/dist/speech-provider-BjqPFFWl.d.ts +0 -34
package/dist/speech-provider-Bl5mpTPW.d.ts +0 -5
package/dist/speech-provider-C0NTQ--Q.d.ts +0 -5
package/dist/speech-provider-CDasrxDt.d.ts +0 -8
package/dist/speech-provider-INk_7d-9.js +0 -184
package/dist/speech-provider-Z6RxW9fC.d.ts +0 -8
package/dist/speech-provider-sPM0Xu9T.d.ts +0 -5
package/dist/src-DAMtNlRl.js +0 -4256
package/dist/startup-context-DhSjA04E.js +0 -313
package/dist/status-CHChLqRH.js +0 -3
package/dist/status-OYJF7NHg.js +0 -4
package/dist/status-all-CSz2mOkm.js +0 -573
package/dist/status-json-B5iKxsPt.js +0 -14
package/dist/status-json-command-B7mD_HM0.js +0 -84
package/dist/status-runtime-shared-tJ5_gXDE.js +0 -283
package/dist/status-subagents.runtime-UViaj6fy.js +0 -18
package/dist/status-text-D4yQvJnW.js +0 -296
package/dist/status.command-29iMh5b8.js +0 -420
package/dist/status.command-cDrXztZ4.js +0 -2
package/dist/status.command.text-runtime-CJLiLlec.js +0 -15
package/dist/status.scan-BnCyO_-1.js +0 -68
package/dist/status.scan-overview-8jfuH7wl.js +0 -444
package/dist/status.scan.fast-json-CyqrMrI6.js +0 -2
package/dist/status.scan.fast-json-D0y03alo.js +0 -127
package/dist/status.scan.runtime-DGbNNELT.js +0 -479
package/dist/status.update-C6moG8hY.js +0 -2
package/dist/status.update-Ch-d2YqJ.js +0 -86
package/dist/sticker-cache-CpE2UF0o.js +0 -206
package/dist/sticker-vision.runtime-C5lk740o.js +0 -17
package/dist/stream-BQsCB10Z.d.ts +0 -16
package/dist/stream-Ba6Savi8.d.ts +0 -19
package/dist/stream-CSzQ2k0Z.d.ts +0 -5
package/dist/stream-nEf-UhFE.d.ts +0 -120
package/dist/stream-wrappers-DlkjdNOC.d.ts +0 -21
package/dist/stream-zWJcNi1V.d.ts +0 -10
package/dist/subagent-announce-DDensDxS.js +0 -354
package/dist/subagent-announce-delivery-16skgjOt.js +0 -958
package/dist/subagent-control-C2SGCamc.js +0 -508
package/dist/subagent-hooks-BqabvLsv.js +0 -2
package/dist/subagent-hooks-CGeDwTHC.js +0 -2
package/dist/subagent-hooks-CR0M3L4o.js +0 -146
package/dist/subagent-hooks-Dw9C-nUM.js +0 -2
package/dist/subagent-hooks-api-B03j55PK.js +0 -22
package/dist/subagent-hooks-api-B2i15coF.js +0 -23
package/dist/subagent-hooks-api-BcopR7NZ.js +0 -23
package/dist/subagent-hooks-eOUaLnxx.js +0 -116
package/dist/subagent-hooks-l4-8TBr2.js +0 -230
package/dist/subagent-orphan-recovery-CytpmJnf.js +0 -352
package/dist/subagent-registry-DTDYUst1.js +0 -2351
package/dist/subagent-registry-kGjRY7OP.js +0 -3
package/dist/subagent-session-cleanup-C7MqSx3u.js +0 -525
package/dist/subagent-spawn-DuLVHzht.js +0 -1164
package/dist/target-id-BqKER5JR.js +0 -107
package/dist/targets-BkPxUid9.d.ts +0 -10
package/dist/targets-CYrewJgy.d.ts +0 -10
package/dist/targets-DYNDWy1s.js +0 -44
package/dist/targets-DuRWAuVM.js +0 -19
package/dist/targets-aaR2Mlk_.js +0 -19
package/dist/testing-7ayMtB6I.js +0 -267
package/dist/text-report-E0TZg1LV.js +0 -695
package/dist/thinking-policy-59Wogr8a.d.ts +0 -5
package/dist/thread-bindings-BzpAXUwZ.js +0 -232
package/dist/thread-bindings-Cu4J90KY.js +0 -8
package/dist/thread-bindings-D5o9c3aE.js +0 -228
package/dist/thread-bindings-DMy2kJ74.js +0 -571
package/dist/thread-bindings.discord-api-BDj-jkBV.js +0 -187
package/dist/thread-bindings.manager-C5jC_3Mo.js +0 -2
package/dist/thread-bindings.manager-CLK7FYoE.js +0 -536
package/dist/thread-lifecycle-DYeO0OTi.js +0 -1614
package/dist/token-Ccki3ia9.js +0 -134
package/dist/tool-BqIYC7Fz.js +0 -139
package/dist/tool-actions.runtime-Cjbhroli.js +0 -534
package/dist/tool-plugin-APfyB2vB.d.ts +0 -77
package/dist/tool-resolution-D4klFB4B.js +0 -149
package/dist/tool-split-Bwpcndoo.d.ts +0 -19
package/dist/tools-effective-inventory-YuOuPKR8.js +0 -204
package/dist/tools-invoke-http-BmQFkxSN.js +0 -67
package/dist/tools-invoke-shared-DD4l34hg.js +0 -200
package/dist/transport-stream-CjC5n25n.d.ts +0 -42
package/dist/tts-BAQZtO6A.js +0 -66
package/dist/tui-B-CC1PjA.js +0 -2
package/dist/tui-backend-DLm_nQL8.js +0 -256
package/dist/tui-cli-BfCs3qwc.js +0 -37
package/dist/tui-qi8Vakes.js +0 -4709
package/dist/types-BKHLKutw.d.ts +0 -786
package/dist/types-Bv_n7Yed2.d.ts +0 -3650
package/dist/types.public-BCv7Iieb.d.ts +0 -70
package/dist/update-check-Dvp_oog_.js +0 -387
package/dist/update-cli-BP32xvfl.js +0 -3664
package/dist/update-runner-DnbwY3OV.js +0 -2390
package/dist/update-startup-3l7wPrqM.js +0 -339
package/dist/update-startup-C_peqiGI.js +0 -2
package/dist/video-generation-runtime-Cvo9t7Bj.d.ts +0 -21
package/dist/video-model-catalog-Clo7aLfS.d.ts +0 -16
package/dist/vision-tools-De-gGPAw.js +0 -1409
package/dist/web-search-DJMus2yt.js +0 -62
package/dist/web-search-provider.runtime-6Md25pj8.js +0 -2
package/dist/web-search-provider.runtime-CBUbt7xF.js +0 -328
package/dist/webhook-targets-nfKrQnF1.d.ts +0 -99
package/dist/xai-oauth-Cud_8Og7.js +0 -479
package/dist/xai-user-agent-dCQuZI6k.js +0 -32
/package/dist/{acp-runtime-backend-BQNm-KYC.js → acp-runtime-backend-C7YOcgPq.js} +0 -0
/package/dist/{channel-actions-CMUt5769.js → channel-actions-Blfq9sNz.js} +0 -0
/package/dist/{command-status-runtime-DXZZv5h_.js → command-status-runtime-D9nZ4WZF.js} +0 -0
/package/dist/{delegate-BTCHfZIj.js → delegate-BadknD7_.js} +0 -0
/package/dist/{dispatch-acp-DtdYZo4i.js → dispatch-acp-iub5P5an.js} +0 -0
/package/dist/{heartbeat-runner-BqUKIwmn.js → heartbeat-runner-l-pU94CG.js} +0 -0
/package/dist/{library-DavrGMix.js → library-DoNPigeh.js} +0 -0
/package/dist/{run-executor.runtime-DMU7greB.js → run-executor.runtime-BAkprH5Z.js} +0 -0
/package/dist/{shared-Kl_LS_vA.js → shared-BtQHfSwf.js} +0 -0

package/dist/message-handler-BsTTww09.js ADDED Viewed

@@ -0,0 +1,1715 @@
+import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString } from "./string-coerce-DyL154ka.js";
+import { s as resolveRuntimeServiceVersion } from "./version-QmPt05QD.js";
+import { t as normalizeArrayBackedTrimmedStringList } from "./string-normalization-DiPHgdft.js";
+import { S as runWithDiagnosticTraceContext, p as createDiagnosticTraceContext } from "./diagnostic-events-DPfGiEBK.js";
+import { a as isPrivateOrLoopbackAddress, c as isTrustedProxyAddress, f as resolveClientIp, h as resolveHostName, i as isLoopbackHost, n as isLocalishHost, o as isPrivateOrLoopbackHost, r as isLoopbackAddress } from "./net-DCUMtgJy.js";
+import { i as AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET, n as AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN } from "./auth-rate-limit-DA3xJNFz.js";
+import { a as hasForwardedRequestHeaders, i as authorizeWsControlUiGatewayConnect, o as isLocalDirectRequest, r as authorizeHttpGatewayConnect, s as checkBrowserOrigin } from "./auth-zk3HFDT6.js";
+import { i as getRuntimeConfig } from "./io-Ct2JqgbR.js";
+import { i as normalizeDevicePublicKeyBase64Url, s as verifyDeviceSignature, t as deriveDeviceIdFromPublicKey } from "./device-identity-BVmCQ4s6.js";
+import { n as GATEWAY_CLIENT_IDS, r as GATEWAY_CLIENT_MODES } from "./client-info-B56HGdh-.js";
+import { a as isOperatorUiClient, n as isGatewayCliClient, o as isWebchatClient, t as isBrowserOperatorUiClient } from "./message-channel-CRza_Xs_.js";
+import { c as GATEWAY_STARTUP_CLOSE_REASON, d as buildDeviceAuthPayload, f as buildDeviceAuthPayloadV3, l as GATEWAY_STARTUP_PENDING_CLOSE_CAUSE, s as GATEWAY_STARTUP_CLOSE_CODE, u as gatewayStartupUnavailableDetails } from "./client-yI_gYDpR.js";
+import { t as rawDataToString } from "./ws-C3qhmaFC.js";
+import { t as normalizeDeviceMetadataForAuth } from "./device-metadata-normalization-PRIe4LWk.js";
+import { i as buildPairingConnectErrorMessage, m as resolveDeviceAuthConnectErrorDetailCode, n as buildPairingConnectCloseReason, p as resolveAuthConnectErrorDetailCode, r as buildPairingConnectErrorDetails, t as ConnectErrorDetailCodes } from "./connect-error-details-BNpp20bs.js";
+import { At as validateRequestFrame, M as validateConnectParams, Ni as ErrorCodes, Pi as errorShape, t as formatValidationErrors } from "./protocol-BqIJbb8x.js";
+import "./version-DDqbebEG.js";
+import { t as ADMIN_SCOPE } from "./operator-scopes-DGvgHuOd.js";
+import "./method-scopes-Ce2SpYo5.js";
+import { n as isOperatorApprovalRuntimeToken } from "./operator-approval-runtime-token-C5pv_wEb.js";
+import { n as logRejectedLargePayload } from "./diagnostic-payload-BfH_Skky.js";
+import { a as MAX_PAYLOAD_BYTES, i as MAX_BUFFERED_BYTES, o as MAX_PREAUTH_PAYLOAD_BYTES, s as TICK_INTERVAL_MS } from "./server-constants-BGwLM6XN.js";
+import { a as indexPluginNodeCapabilitySurfaces, l as resolvePluginNodeCapabilityTtlMs, o as mintPluginNodeCapabilityToken, r as buildPluginNodeCapabilityScopedHostUrl, u as setClientPluginNodeCapability } from "./plugin-node-capability-D0b7yj9X.js";
+import { a as normalizeDeclaredNodeCommands, o as resolveNodeCommandAllowlist, s as resolveNodePairingCommandAllowlist } from "./node-command-policy-BB2wSh5I.js";
+import { n as logWs, t as formatForLog } from "./ws-log-CHuv7KC7.js";
+import { l as roleScopesAllow } from "./pairing-token-B1grnvMr.js";
+import { c as updatePairedNodeMetadata, n as getPairedNode, s as requestNodePairing } from "./node-pairing-B5I4lpks.js";
+import { i as recordRemoteNodeInfo, o as refreshRemoteNodeBins } from "./skills-remote-vuEE6sLa.js";
+import { a as redeemDeviceBootstrapTokenProfile, d as PAIRING_SETUP_BOOTSTRAP_PROFILE, l as verifyDeviceBootstrapToken, n as getBoundDeviceBootstrapProfile, o as restoreDeviceBootstrapToken, p as resolveBootstrapProfileScopesForRole, r as getDeviceBootstrapTokenProfile, s as revokeDeviceBootstrapToken, u as BOOTSTRAP_HANDOFF_OPERATOR_SCOPES } from "./device-bootstrap-BZT0wrl5.js";
+import { _ as updatePairedDeviceMetadata, a as getPairedDevice, c as listApprovedPairedDeviceRoles, l as listDevicePairing, n as approveDevicePairing, p as requestDevicePairing, r as ensureDeviceToken, s as hasEffectivePairedDeviceRole, t as approveBootstrapDevicePairing, u as listEffectivePairedDeviceRoles, v as verifyDeviceToken } from "./device-pairing-Bw7rq1YT.js";
+import { r as loadVoiceWakeConfig, t as formatError } from "./server-utils-Dzo1sugg.js";
+import { r as upsertPresence } from "./system-presence-ClNSY4UX.js";
+import { a as incrementPresenceVersion, n as getHealthCache, r as getHealthVersion, t as buildGatewaySnapshot } from "./health-state-D8_oJguq.js";
+import { c as roleCanSkipDeviceIdentity, s as parseGatewayRole, t as loadVoiceWakeRoutingConfig } from "./voicewake-routing-DZDAf5fD.js";
+import { t as resolveSharedGatewaySessionGeneration } from "./ws-shared-generation-Bp5l7wzu.js";
+import { t as truncateCloseReason } from "./close-reason-f7R6T5LC.js";
+import os from "node:os";
+//#region src/gateway/node-connect-reconcile.ts
+function resolveApprovedReconnectCommands(params) {
+	return normalizeDeclaredNodeCommands({
+		declaredCommands: Array.isArray(params.pairedCommands) ? params.pairedCommands : [],
+		allowlist: params.allowlist
+	});
+}
+function normalizeApprovalSurfaceList(value) {
+	return normalizeArrayBackedTrimmedStringList(value) ?? [];
+}
+function sameApprovalSurfaceSet(left, right) {
+	const normalizedLeft = new Set(normalizeApprovalSurfaceList(left));
+	const normalizedRight = new Set(normalizeApprovalSurfaceList(right));
+	if (normalizedLeft.size !== normalizedRight.size) return false;
+	for (const entry of normalizedLeft) if (!normalizedRight.has(entry)) return false;
+	return true;
+}
+function normalizePermissionMap(value) {
+	if (!value) return;
+	const entries = Object.entries(value).toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey));
+	return entries.length > 0 ? Object.fromEntries(entries) : void 0;
+}
+function samePermissions(left, right) {
+	const leftEntries = Object.entries(left ?? {}).toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey));
+	const rightEntries = Object.entries(right ?? {}).toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey));
+	if (leftEntries.length !== rightEntries.length) return false;
+	return leftEntries.every(([key, value], index) => {
+		const rightEntry = rightEntries[index];
+		return rightEntry !== void 0 && rightEntry[0] === key && rightEntry[1] === value;
+	});
+}
+function intersectApprovalSurfaceList(params) {
+	const approved = new Set(normalizeApprovalSurfaceList(params.approved));
+	return normalizeApprovalSurfaceList(params.declared).filter((entry) => approved.has(entry));
+}
+function intersectPermissionSurface(params) {
+	const entries = [];
+	for (const [key, declaredValue] of Object.entries(params.declared ?? {})) {
+		const approvedValue = params.approved?.[key];
+		if (!declaredValue) {
+			entries.push([key, false]);
+			continue;
+		}
+		if (approvedValue === true) {
+			entries.push([key, true]);
+			continue;
+		}
+		if (approvedValue === false) entries.push([key, false]);
+	}
+	return entries.length > 0 ? Object.fromEntries(entries) : void 0;
+}
+function buildNodePairingRequestInput(params) {
+	return {
+		nodeId: params.nodeId,
+		displayName: params.connectParams.client.displayName,
+		platform: params.connectParams.client.platform,
+		version: params.connectParams.client.version,
+		deviceFamily: params.connectParams.client.deviceFamily,
+		modelIdentifier: params.connectParams.client.modelIdentifier,
+		caps: params.caps,
+		commands: params.commands,
+		permissions: params.permissions,
+		remoteIp: params.remoteIp
+	};
+}
+async function reconcileNodePairingOnConnect(params) {
+	const nodeId = params.connectParams.device?.id ?? params.connectParams.client.id;
+	const policyNode = {
+		platform: params.connectParams.client.platform,
+		deviceFamily: params.connectParams.client.deviceFamily,
+		caps: params.connectParams.caps,
+		commands: params.connectParams.commands
+	};
+	const pairingAllowlist = resolveNodePairingCommandAllowlist(params.cfg, policyNode);
+	const declared = normalizeDeclaredNodeCommands({
+		declaredCommands: Array.isArray(params.connectParams.commands) ? params.connectParams.commands : [],
+		allowlist: pairingAllowlist
+	});
+	const declaredCaps = normalizeApprovalSurfaceList(params.connectParams.caps);
+	const declaredPermissions = normalizePermissionMap(params.connectParams.permissions);
+	if (!params.pairedNode) return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: [],
+		declaredCommands: declared,
+		effectiveCommands: [],
+		declaredPermissions,
+		effectivePermissions: void 0,
+		pendingPairing: await params.requestPairing(buildNodePairingRequestInput({
+			nodeId,
+			connectParams: params.connectParams,
+			caps: declaredCaps,
+			commands: declared,
+			permissions: declaredPermissions,
+			remoteIp: params.reportedClientIp
+		}))
+	};
+	const runtimeAllowlist = resolveNodeCommandAllowlist(params.cfg, {
+		...policyNode,
+		approvedCommands: params.pairedNode.commands
+	});
+	const approvedCommands = resolveApprovedReconnectCommands({
+		pairedCommands: params.pairedNode.commands,
+		allowlist: runtimeAllowlist
+	});
+	const approvedCaps = normalizeApprovalSurfaceList(params.pairedNode.caps);
+	const approvedPermissions = normalizePermissionMap(params.pairedNode.permissions);
+	const hasCommandUpgrade = declared.some((command) => !approvedCommands.includes(command));
+	const hasCapabilityChange = !sameApprovalSurfaceSet(params.pairedNode.caps, declaredCaps);
+	const hasPermissionChange = !samePermissions(params.pairedNode.permissions, declaredPermissions);
+	const effectiveApprovedDeclaredCaps = intersectApprovalSurfaceList({
+		approved: approvedCaps,
+		declared: declaredCaps
+	});
+	const effectiveApprovedDeclaredCommands = intersectApprovalSurfaceList({
+		approved: approvedCommands,
+		declared
+	});
+	const effectiveApprovedDeclaredPermissions = intersectPermissionSurface({
+		approved: approvedPermissions,
+		declared: declaredPermissions
+	});
+	if (hasCommandUpgrade || hasCapabilityChange || hasPermissionChange) return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: effectiveApprovedDeclaredCaps,
+		declaredCommands: declared,
+		effectiveCommands: effectiveApprovedDeclaredCommands,
+		declaredPermissions,
+		effectivePermissions: effectiveApprovedDeclaredPermissions,
+		pendingPairing: await params.requestPairing(buildNodePairingRequestInput({
+			nodeId,
+			connectParams: params.connectParams,
+			caps: declaredCaps,
+			commands: declared,
+			permissions: declaredPermissions ?? (hasPermissionChange ? {} : void 0),
+			remoteIp: params.reportedClientIp
+		}))
+	};
+	return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: declaredCaps,
+		declaredCommands: declared,
+		effectiveCommands: declared,
+		declaredPermissions,
+		effectivePermissions: declaredPermissions
+	};
+}
+//#endregion
+//#region src/gateway/node-pairing-auto-approve.ts
+function resolveNodePairingClientIpSource(params) {
+	if (!params.reportedClientIp) return "none";
+	if (!params.hasProxyHeaders || !params.remoteIsTrustedProxy) return "direct";
+	return params.remoteIsLoopback ? "loopback-trusted-proxy" : "trusted-proxy";
+}
+function shouldAutoApproveNodePairingFromTrustedCidrs(params) {
+	if (params.existingPairedDevice) return false;
+	if (params.role !== "node") return false;
+	if (params.reason !== "not-paired") return false;
+	if (params.scopes.length > 0) return false;
+	if (params.hasBrowserOriginHeader || params.isControlUi || params.isWebchat) return false;
+	if (params.reportedClientIpSource === "none" || params.reportedClientIpSource === "loopback-trusted-proxy") return false;
+	if (!params.reportedClientIp) return false;
+	const autoApproveCidrs = params.autoApproveCidrs?.map((entry) => entry.trim()).filter((entry) => entry.length > 0);
+	if (!autoApproveCidrs || autoApproveCidrs.length === 0) return false;
+	return isTrustedProxyAddress(params.reportedClientIp, autoApproveCidrs);
+}
+//#endregion
+//#region src/gateway/server/ws-connection/auth-context.ts
+function mapDeviceTokenAuthFailureReason(params) {
+	if (params.tokenCheckReason === "scope-mismatch" || params.tokenCheckReason === "scope_mismatch") return "scope_mismatch";
+	if (params.candidateSource === "explicit-device-token") return "device_token_mismatch";
+	return params.fallbackReason ?? "device_token_mismatch";
+}
+function resolveSharedConnectAuth(connectAuth) {
+	const token = normalizeOptionalString(connectAuth?.token);
+	const password = normalizeOptionalString(connectAuth?.password);
+	if (!token && !password) return;
+	return {
+		token,
+		password
+	};
+}
+function resolveDeviceTokenCandidate(connectAuth) {
+	const explicitDeviceToken = normalizeOptionalString(connectAuth?.deviceToken);
+	if (explicitDeviceToken) return {
+		token: explicitDeviceToken,
+		source: "explicit-device-token"
+	};
+	const fallbackToken = normalizeOptionalString(connectAuth?.token);
+	if (!fallbackToken) return {};
+	return {
+		token: fallbackToken,
+		source: "shared-token-fallback"
+	};
+}
+async function resolveConnectAuthState(params) {
+	const sharedConnectAuth = resolveSharedConnectAuth(params.connectAuth);
+	const sharedAuthProvided = Boolean(sharedConnectAuth);
+	const bootstrapTokenCandidate = params.hasDeviceIdentity ? normalizeOptionalString(params.connectAuth?.bootstrapToken) : void 0;
+	const { token: deviceTokenCandidate, source: deviceTokenCandidateSource } = params.hasDeviceIdentity ? resolveDeviceTokenCandidate(params.connectAuth) : {};
+	let authResult = await authorizeWsControlUiGatewayConnect({
+		auth: params.resolvedAuth,
+		connectAuth: sharedConnectAuth,
+		req: params.req,
+		trustedProxies: params.trustedProxies,
+		allowRealIpFallback: params.allowRealIpFallback,
+		rateLimiter: sharedAuthProvided ? params.rateLimiter : void 0,
+		clientIp: params.clientIp,
+		rateLimitScope: AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET
+	});
+	const sharedAuthResult = sharedConnectAuth && await authorizeHttpGatewayConnect({
+		auth: {
+			...params.resolvedAuth,
+			allowTailscale: false
+		},
+		connectAuth: sharedConnectAuth,
+		req: params.req,
+		trustedProxies: params.trustedProxies,
+		allowRealIpFallback: params.allowRealIpFallback,
+		rateLimitScope: "shared-secret"
+	});
+	const sharedAuthOk = sharedAuthResult?.ok === true && (sharedAuthResult.method === "token" || sharedAuthResult.method === "password") || authResult.ok && authResult.method === "trusted-proxy";
+	return {
+		authResult,
+		authOk: authResult.ok,
+		authMethod: authResult.method ?? (params.resolvedAuth.mode === "password" ? "password" : "token"),
+		sharedAuthOk,
+		sharedAuthProvided,
+		bootstrapTokenCandidate,
+		deviceTokenCandidate,
+		deviceTokenCandidateSource
+	};
+}
+async function resolveConnectAuthDecision(params) {
+	let authResult = params.state.authResult;
+	let authOk = params.state.authOk;
+	let authMethod = params.state.authMethod;
+	const bootstrapTokenCandidate = params.state.bootstrapTokenCandidate;
+	if (params.hasDeviceIdentity && params.deviceId && params.publicKey && bootstrapTokenCandidate) {
+		const tokenCheck = await params.verifyBootstrapToken({
+			deviceId: params.deviceId,
+			publicKey: params.publicKey,
+			token: bootstrapTokenCandidate,
+			role: params.role,
+			scopes: params.scopes
+		});
+		if (tokenCheck.ok) {
+			authOk = true;
+			authMethod = "bootstrap-token";
+		} else if (!authOk) authResult = {
+			ok: false,
+			reason: tokenCheck.reason ?? "bootstrap_token_invalid"
+		};
+	}
+	const deviceTokenCandidate = params.state.deviceTokenCandidate;
+	if (!params.hasDeviceIdentity || !params.deviceId || authOk || !deviceTokenCandidate) return {
+		authResult,
+		authOk,
+		authMethod
+	};
+	let deviceTokenRateLimited = false;
+	if (params.rateLimiter) {
+		const deviceRateCheck = params.rateLimiter.check(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+		if (!deviceRateCheck.allowed) {
+			deviceTokenRateLimited = true;
+			authResult = {
+				ok: false,
+				reason: "rate_limited",
+				rateLimited: true,
+				retryAfterMs: deviceRateCheck.retryAfterMs
+			};
+		}
+	}
+	if (!deviceTokenRateLimited) {
+		const tokenCheck = await params.verifyDeviceToken({
+			deviceId: params.deviceId,
+			token: deviceTokenCandidate,
+			role: params.role,
+			scopes: params.scopes
+		});
+		if (tokenCheck.ok) {
+			authOk = true;
+			authMethod = "device-token";
+			params.rateLimiter?.reset(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+			if (params.state.sharedAuthProvided) params.rateLimiter?.reset(params.clientIp, AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET);
+		} else {
+			authResult = {
+				ok: false,
+				reason: mapDeviceTokenAuthFailureReason({
+					tokenCheckReason: tokenCheck.reason,
+					candidateSource: params.state.deviceTokenCandidateSource,
+					fallbackReason: authResult.reason
+				})
+			};
+			params.rateLimiter?.recordFailure(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+		}
+	}
+	return {
+		authResult,
+		authOk,
+		authMethod
+	};
+}
+//#endregion
+//#region src/gateway/server/ws-connection/auth-messages.ts
+function formatGatewayAuthFailureMessage(params) {
+	const { authMode, authProvided, reason, client } = params;
+	const isCli = isGatewayCliClient(client);
+	const isControlUi = isOperatorUiClient(client);
+	const isWebchat = isWebchatClient(client);
+	const tokenHint = isCli ? "set gateway.remote.token to match gateway.auth.token" : isControlUi || isWebchat ? "open the dashboard URL and paste the token in Control UI settings" : "provide gateway auth token";
+	const passwordHint = isCli ? "set gateway.remote.password to match gateway.auth.password" : isControlUi || isWebchat ? "enter the password in Control UI settings" : "provide gateway auth password";
+	switch (reason) {
+		case "token_missing": return `unauthorized: gateway token missing (${tokenHint})`;
+		case "token_mismatch": return `unauthorized: gateway token mismatch (${tokenHint})`;
+		case "token_missing_config": return "unauthorized: gateway token not configured on gateway (set gateway.auth.token)";
+		case "password_missing": return `unauthorized: gateway password missing (${passwordHint})`;
+		case "password_mismatch": return `unauthorized: gateway password mismatch (${passwordHint})`;
+		case "password_missing_config": return "unauthorized: gateway password not configured on gateway (set gateway.auth.password)";
+		case "bootstrap_token_invalid": return "unauthorized: bootstrap token invalid or expired (scan a fresh setup code)";
+		case "tailscale_user_missing": return "unauthorized: tailscale identity missing (use Tailscale Serve auth or gateway token/password)";
+		case "tailscale_proxy_missing": return "unauthorized: tailscale proxy headers missing (use Tailscale Serve or gateway token/password)";
+		case "tailscale_whois_failed": return "unauthorized: tailscale identity check failed (use Tailscale Serve auth or gateway token/password)";
+		case "tailscale_user_mismatch": return "unauthorized: tailscale identity mismatch (use Tailscale Serve auth or gateway token/password)";
+		case "rate_limited": return "unauthorized: too many failed authentication attempts (retry later)";
+		case "device_token_mismatch": return "unauthorized: device token mismatch (rotate/reissue device token)";
+		case "scope_mismatch": return "unauthorized: device token scope mismatch (re-pair or approve scope upgrade)";
+		default: break;
+	}
+	if (authMode === "token" && authProvided === "none") return `unauthorized: gateway token missing (${tokenHint})`;
+	if (authMode === "token" && authProvided === "device-token") return "unauthorized: device token rejected (pair/repair this device, or provide gateway token)";
+	if (authProvided === "bootstrap-token") return "unauthorized: bootstrap token invalid or expired (scan a fresh setup code)";
+	if (authMode === "password" && authProvided === "none") return `unauthorized: gateway password missing (${passwordHint})`;
+	return "unauthorized";
+}
+//#endregion
+//#region src/gateway/server/ws-connection/connect-policy.ts
+function resolveControlUiAuthPolicy(params) {
+	const allowInsecureAuthConfigured = params.isControlUi && params.controlUiConfig?.allowInsecureAuth === true;
+	const dangerouslyDisableDeviceAuth = params.isControlUi && params.controlUiConfig?.dangerouslyDisableDeviceAuth === true;
+	return {
+		isControlUi: params.isControlUi,
+		allowInsecureAuthConfigured,
+		dangerouslyDisableDeviceAuth,
+		allowBypass: dangerouslyDisableDeviceAuth,
+		device: dangerouslyDisableDeviceAuth ? null : params.deviceRaw
+	};
+}
+function shouldSkipControlUiPairing(policy, role, _trustedProxyAuthOk = false, authMode, authMethod) {
+	if (policy.isControlUi && role === "operator" && authMethod === "tailscale" && policy.device) return true;
+	if (policy.isControlUi && role === "operator" && authMode === "none") return true;
+	return role === "operator" && policy.allowBypass;
+}
+function isTrustedProxyControlUiOperatorAuth(params) {
+	return params.isControlUi && params.role === "operator" && params.authMode === "trusted-proxy" && params.authOk && params.authMethod === "trusted-proxy";
+}
+function shouldClearUnboundScopesForMissingDeviceIdentity(params) {
+	return params.decision.kind !== "allow" || !params.controlUiAuthPolicy.allowBypass && !params.preserveInsecureLocalControlUiScopes && (params.authMethod === "token" || params.authMethod === "password" || params.authMethod === "trusted-proxy");
+}
+function evaluateMissingDeviceIdentity(params) {
+	if (params.hasDeviceIdentity) return { kind: "allow" };
+	if (params.isControlUi && params.trustedProxyAuthOk) return { kind: "allow" };
+	if (params.isControlUi && params.controlUiAuthPolicy.allowBypass && params.role === "operator") return { kind: "allow" };
+	if (params.localBackendSelfPairingOk && params.role === "operator") return { kind: "allow" };
+	if (params.isControlUi && !params.controlUiAuthPolicy.allowBypass) {
+		if (!params.controlUiAuthPolicy.allowInsecureAuthConfigured || !params.isLocalClient) return { kind: "reject-control-ui-insecure-auth" };
+	}
+	if (roleCanSkipDeviceIdentity(params.role, params.sharedAuthOk)) return { kind: "allow" };
+	if (!params.authOk && params.hasSharedAuth) return { kind: "reject-unauthorized" };
+	return { kind: "reject-device-required" };
+}
+//#endregion
+//#region src/gateway/server/ws-connection/handshake-auth-helpers.ts
+const BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP = "198.18.0.1";
+const BROWSER_ORIGIN_RATE_LIMIT_KEY_PREFIX = "browser-origin:";
+function resolveBrowserOriginRateLimitKey(requestOrigin) {
+	const trimmedOrigin = requestOrigin?.trim();
+	if (!trimmedOrigin) return BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP;
+	try {
+		return `${BROWSER_ORIGIN_RATE_LIMIT_KEY_PREFIX}${normalizeLowercaseStringOrEmpty(new URL(trimmedOrigin).origin)}`;
+	} catch {
+		return BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP;
+	}
+}
+function resolveHandshakeBrowserSecurityContext(params) {
+	const hasBrowserOriginHeader = Boolean(params.requestOrigin && params.requestOrigin.trim() !== "");
+	return {
+		hasBrowserOriginHeader,
+		enforceOriginCheckForAnyClient: hasBrowserOriginHeader,
+		rateLimitClientIp: hasBrowserOriginHeader && isLoopbackAddress(params.clientIp) ? resolveBrowserOriginRateLimitKey(params.requestOrigin) : params.clientIp,
+		authRateLimiter: hasBrowserOriginHeader && params.browserRateLimiter ? params.browserRateLimiter : params.rateLimiter
+	};
+}
+function shouldAllowSilentLocalPairing(params) {
+	if (params.locality === "remote") return false;
+	if (params.hasBrowserOriginHeader && !params.isControlUi && !params.isWebchat) return false;
+	if (params.reason === "not-paired" || params.reason === "scope-upgrade" || params.reason === "role-upgrade") return true;
+	if (params.reason === "metadata-upgrade" && !params.hasBrowserOriginHeader && !params.isControlUi && !params.isWebchat && (params.locality === "direct_local" && params.isNativeAppUi === true || params.locality === "cli_container_local" || params.locality === "shared_secret_loopback_local")) return true;
+	return false;
+}
+function isCliContainerLocalEquivalent(params) {
+	const isCliClient = params.connectParams.client.id === GATEWAY_CLIENT_IDS.CLI && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.CLI;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return isCliClient && params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && !params.hasBrowserOriginHeader && isLoopbackAddress(params.remoteAddress) && isPrivateOrLoopbackHost(resolveHostName(params.requestHost));
+}
+function isSharedSecretLoopbackLocalEquivalent(params) {
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && !params.hasBrowserOriginHeader && isLoopbackAddress(params.remoteAddress) && isPrivateOrLoopbackHost(resolveHostName(params.requestHost));
+}
+function resolveOriginHost(origin) {
+	const trimmed = origin?.trim();
+	if (!trimmed) return "";
+	try {
+		return new URL(trimmed).hostname;
+	} catch {
+		return "";
+	}
+}
+function isControlUiBrowserContainerLocalEquivalent(params) {
+	const isControlUiBrowser = params.connectParams.client.id === GATEWAY_CLIENT_IDS.CONTROL_UI && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.WEBCHAT;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return isControlUiBrowser && params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && params.hasBrowserOriginHeader && isPrivateOrLoopbackAddress(params.remoteAddress) && isLoopbackHost(resolveHostName(params.requestHost)) && isLoopbackHost(resolveOriginHost(params.requestOrigin));
+}
+function resolvePairingLocality(params) {
+	if (params.isLocalClient) return "direct_local";
+	if (isControlUiBrowserContainerLocalEquivalent({
+		connectParams: params.connectParams,
+		requestHost: params.requestHost,
+		requestOrigin: params.requestOrigin,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "browser_container_local";
+	if (isCliContainerLocalEquivalent({
+		connectParams: params.connectParams,
+		requestHost: params.requestHost,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "cli_container_local";
+	if (isSharedSecretLoopbackLocalEquivalent({
+		requestHost: params.requestHost,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "shared_secret_loopback_local";
+	return "remote";
+}
+function shouldSkipLocalBackendSelfPairing(params) {
+	if (!(params.connectParams.client.id === GATEWAY_CLIENT_IDS.GATEWAY_CLIENT && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.BACKEND)) return false;
+	if (!(params.locality === "direct_local" || params.locality === "shared_secret_loopback_local") || params.hasBrowserOriginHeader) return false;
+	if (params.authMethod === "none") return true;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	const usesDeviceTokenAuth = params.authMethod === "device-token";
+	return params.sharedAuthOk && usesSharedSecretAuth || usesDeviceTokenAuth;
+}
+function resolveSignatureToken(connectParams) {
+	return connectParams.auth?.token ?? connectParams.auth?.deviceToken ?? connectParams.auth?.bootstrapToken ?? null;
+}
+function buildUnauthorizedHandshakeContext(params) {
+	return {
+		authProvided: params.authProvided,
+		canRetryWithDeviceToken: params.canRetryWithDeviceToken,
+		recommendedNextStep: params.recommendedNextStep
+	};
+}
+function resolveDeviceSignaturePayloadVersion(params) {
+	const signatureToken = resolveSignatureToken(params.connectParams);
+	const basePayload = {
+		deviceId: params.device.id,
+		clientId: params.connectParams.client.id,
+		clientMode: params.connectParams.client.mode,
+		role: params.role,
+		scopes: params.scopes,
+		signedAtMs: params.signedAtMs,
+		token: signatureToken,
+		nonce: params.nonce
+	};
+	const payloadV3 = buildDeviceAuthPayloadV3({
+		...basePayload,
+		platform: params.connectParams.client.platform,
+		deviceFamily: params.connectParams.client.deviceFamily
+	});
+	if (verifyDeviceSignature(params.device.publicKey, payloadV3, params.device.signature)) return "v3";
+	const payloadV2 = buildDeviceAuthPayload(basePayload);
+	if (verifyDeviceSignature(params.device.publicKey, payloadV2, params.device.signature)) return "v2";
+	return null;
+}
+function resolveAuthProvidedKind(connectAuth) {
+	return connectAuth?.password ? "password" : connectAuth?.token ? "token" : connectAuth?.bootstrapToken ? "bootstrap-token" : connectAuth?.deviceToken ? "device-token" : "none";
+}
+function resolveUnauthorizedHandshakeContext(params) {
+	const authProvided = resolveAuthProvidedKind(params.connectAuth);
+	const canRetryWithDeviceToken = params.failedAuth.reason === "token_mismatch" && params.hasDeviceIdentity && authProvided === "token" && !params.connectAuth?.deviceToken;
+	if (canRetryWithDeviceToken) return buildUnauthorizedHandshakeContext({
+		authProvided,
+		canRetryWithDeviceToken,
+		recommendedNextStep: "retry_with_device_token"
+	});
+	switch (params.failedAuth.reason) {
+		case "token_missing":
+		case "token_missing_config":
+		case "password_missing":
+		case "password_missing_config": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "update_auth_configuration"
+		});
+		case "token_mismatch":
+		case "password_mismatch":
+		case "device_token_mismatch": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "update_auth_credentials"
+		});
+		case "scope_mismatch": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "review_auth_configuration"
+		});
+		case "rate_limited": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "wait_then_retry"
+		});
+		default: return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "review_auth_configuration"
+		});
+	}
+}
+//#endregion
+//#region src/gateway/server/ws-connection/unauthorized-flood-guard.ts
+const DEFAULT_CLOSE_AFTER = 10;
+const DEFAULT_LOG_EVERY = 100;
+var UnauthorizedFloodGuard = class {
+	constructor(options) {
+		this.count = 0;
+		this.suppressedSinceLastLog = 0;
+		this.closeAfter = Math.max(1, Math.floor(options?.closeAfter ?? DEFAULT_CLOSE_AFTER));
+		this.logEvery = Math.max(1, Math.floor(options?.logEvery ?? DEFAULT_LOG_EVERY));
+	}
+	registerUnauthorized() {
+		this.count += 1;
+		const shouldClose = this.count > this.closeAfter;
+		if (!(this.count === 1 || this.count % this.logEvery === 0 || shouldClose)) {
+			this.suppressedSinceLastLog += 1;
+			return {
+				shouldClose,
+				shouldLog: false,
+				count: this.count,
+				suppressedSinceLastLog: 0
+			};
+		}
+		const suppressedSinceLastLog = this.suppressedSinceLastLog;
+		this.suppressedSinceLastLog = 0;
+		return {
+			shouldClose,
+			shouldLog: true,
+			count: this.count,
+			suppressedSinceLastLog
+		};
+	}
+	reset() {
+		this.count = 0;
+		this.suppressedSinceLastLog = 0;
+	}
+};
+function isUnauthorizedRoleError(error) {
+	if (!error) return false;
+	return error.code === ErrorCodes.INVALID_REQUEST && typeof error.message === "string" && error.message.startsWith("unauthorized role:");
+}
+//#endregion
+//#region src/gateway/server/ws-connection/message-handler.ts
+const DEVICE_SIGNATURE_SKEW_MS = 120 * 1e3;
+function sameBootstrapProfile(left, right) {
+	if (left.roles.length !== right.roles.length || left.scopes.length !== right.scopes.length) return false;
+	return left.roles.every((role, index) => role === right.roles[index]) && left.scopes.every((scope, index) => scope === right.scopes[index]);
+}
+function firstHeaderValue(value) {
+	return Array.isArray(value) ? value[0] : value;
+}
+function resolveTrustedProxyControlUiScopes(params) {
+	const rawHeader = firstHeaderValue(params.upgradeReq.headers["x-daocore-scopes"]);
+	if (rawHeader === void 0) return params.requestedScopes;
+	const declaredScopes = new Set(rawHeader.split(",").map((scope) => scope.trim()).filter((scope) => scope.length > 0));
+	if (declaredScopes.size === 0) return [];
+	return params.requestedScopes.filter((scope) => declaredScopes.has(scope));
+}
+function resolvePinnedClientMetadata(params) {
+	function normalizeLegacyNodeHostPlatformPin(value) {
+		switch (value) {
+			case "darwin":
+			case "macos": return "macos";
+			case "win32":
+			case "windows": return "windows";
+			default: return value;
+		}
+	}
+	function normalizeMobileAppPlatformPin(clientId, value) {
+		if (clientId === GATEWAY_CLIENT_IDS.IOS_APP && /^(?:ios|ipados)(?:\s|$)/.test(value)) return "ios-family";
+		if (clientId === GATEWAY_CLIENT_IDS.ANDROID_APP && /^android(?:\s|$)/.test(value)) return "android";
+		return value;
+	}
+	const claimedPlatform = normalizeDeviceMetadataForAuth(params.claimedPlatform);
+	const claimedDeviceFamily = normalizeDeviceMetadataForAuth(params.claimedDeviceFamily);
+	const pairedPlatform = normalizeDeviceMetadataForAuth(params.pairedPlatform);
+	const pairedDeviceFamily = normalizeDeviceMetadataForAuth(params.pairedDeviceFamily);
+	const hasPinnedPlatform = pairedPlatform !== "";
+	const hasPinnedDeviceFamily = pairedDeviceFamily !== "";
+	const isLegacyNodeHostPlatformPin = params.clientId === GATEWAY_CLIENT_IDS.NODE_HOST && params.clientMode === GATEWAY_CLIENT_MODES.NODE && hasPinnedPlatform && claimedPlatform !== "" && normalizeLegacyNodeHostPlatformPin(claimedPlatform) === normalizeLegacyNodeHostPlatformPin(pairedPlatform);
+	const isMobileAppPlatformVersionRefresh = hasPinnedPlatform && claimedPlatform !== "" && claimedPlatform !== pairedPlatform && normalizeMobileAppPlatformPin(params.clientId, claimedPlatform) === normalizeMobileAppPlatformPin(params.clientId, pairedPlatform);
+	const platformMismatch = hasPinnedPlatform && claimedPlatform !== pairedPlatform && !isLegacyNodeHostPlatformPin && !isMobileAppPlatformVersionRefresh;
+	const deviceFamilyMismatch = hasPinnedDeviceFamily && claimedDeviceFamily !== pairedDeviceFamily;
+	const pinnedPlatform = claimedPlatform === pairedPlatform ? params.pairedPlatform : isLegacyNodeHostPlatformPin ? normalizeLegacyNodeHostPlatformPin(pairedPlatform) : isMobileAppPlatformVersionRefresh ? params.claimedPlatform : void 0;
+	return {
+		platformMismatch,
+		deviceFamilyMismatch,
+		pinnedPlatform: hasPinnedPlatform ? pinnedPlatform : void 0,
+		pinnedDeviceFamily: hasPinnedDeviceFamily ? params.pairedDeviceFamily : void 0,
+		...isMobileAppPlatformVersionRefresh ? { refreshPairedPlatform: params.claimedPlatform } : {}
+	};
+}
+function attachGatewayWsMessageHandler(params) {
+	const { socket, upgradeReq, connId, remoteAddr, remotePort, localAddr, localPort, endpoint, forwardedFor, realIp, requestHost, requestOrigin, requestUserAgent, pluginSurfaceBaseUrl, pluginNodeCapabilities = [], connectNonce, getResolvedAuth, getRequiredSharedGatewaySessionGeneration, rateLimiter, browserRateLimiter, isStartupPending, gatewayMethods, events, extraHandlers, getMethodRegistry, buildRequestContext, refreshHealthSnapshot, send, close, isClosed, clearHandshakeTimer, getClient, setClient, setHandshakeState, setCloseCause, setLastFrameMeta, originCheckMetrics, logGateway, logHealth, logWsControl } = params;
+	const sendFrame = async (obj) => await new Promise((resolve, reject) => {
+		socket.send(JSON.stringify(obj), (err) => {
+			if (err) {
+				reject(err);
+				return;
+			}
+			resolve();
+		});
+	});
+	const configSnapshot = getRuntimeConfig();
+	const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+	const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
+	const clientIp = resolveClientIp({
+		remoteAddr,
+		forwardedFor,
+		realIp,
+		trustedProxies,
+		allowRealIpFallback
+	});
+	const peerLabel = endpoint ?? remoteAddr ?? "n/a";
+	const hasProxyHeaders = hasForwardedRequestHeaders(upgradeReq);
+	const remoteIsTrustedProxy = isTrustedProxyAddress(remoteAddr, trustedProxies);
+	const hasUntrustedProxyHeaders = hasProxyHeaders && !remoteIsTrustedProxy;
+	const hostIsLocalish = isLocalishHost(requestHost);
+	const isLocalClient = isLocalDirectRequest(upgradeReq, trustedProxies, allowRealIpFallback);
+	const reportedClientIp = isLocalClient || hasUntrustedProxyHeaders ? void 0 : clientIp && !isLoopbackAddress(clientIp) ? clientIp : void 0;
+	const reportedClientIpSource = resolveNodePairingClientIpSource({
+		reportedClientIp,
+		hasProxyHeaders,
+		remoteIsTrustedProxy,
+		remoteIsLoopback: isLoopbackAddress(remoteAddr)
+	});
+	if (hasUntrustedProxyHeaders) logWsControl.warn("Proxy headers detected from untrusted address. Connection will not be treated as local. Configure gateway.trustedProxies to restore local client detection behind your proxy.");
+	if (!hostIsLocalish && isLoopbackAddress(remoteAddr) && !hasProxyHeaders) logWsControl.warn("Loopback connection with non-local Host header. Treating it as remote. If you're behind a reverse proxy, set gateway.trustedProxies and forward X-Forwarded-For/X-Real-IP.");
+	const isWebchatConnect = (p) => isWebchatClient(p?.client);
+	const unauthorizedFloodGuard = new UnauthorizedFloodGuard();
+	const { hasBrowserOriginHeader, enforceOriginCheckForAnyClient, rateLimitClientIp: browserRateLimitClientIp, authRateLimiter } = resolveHandshakeBrowserSecurityContext({
+		requestOrigin,
+		clientIp,
+		rateLimiter,
+		browserRateLimiter
+	});
+	const handleMessage = async (data) => {
+		if (isClosed()) return;
+		const preauthPayloadBytes = !getClient() ? getRawDataByteLength(data) : void 0;
+		if (preauthPayloadBytes !== void 0 && preauthPayloadBytes > 65536) {
+			logRejectedLargePayload({
+				surface: "gateway.ws.preauth",
+				bytes: preauthPayloadBytes,
+				limitBytes: MAX_PREAUTH_PAYLOAD_BYTES,
+				reason: "preauth_frame_limit"
+			});
+			setHandshakeState("failed");
+			setCloseCause("preauth-payload-too-large", {
+				payloadBytes: preauthPayloadBytes,
+				limitBytes: MAX_PREAUTH_PAYLOAD_BYTES
+			});
+			close(1009, "preauth payload too large");
+			return;
+		}
+		const text = rawDataToString(data);
+		try {
+			const parsed = JSON.parse(text);
+			const frameType = parsed && typeof parsed === "object" && "type" in parsed ? typeof parsed.type === "string" ? String(parsed.type) : void 0 : void 0;
+			const frameMethod = parsed && typeof parsed === "object" && "method" in parsed ? typeof parsed.method === "string" ? String(parsed.method) : void 0 : void 0;
+			const frameId = parsed && typeof parsed === "object" && "id" in parsed ? typeof parsed.id === "string" ? String(parsed.id) : void 0 : void 0;
+			if (frameType || frameMethod || frameId) setLastFrameMeta({
+				type: frameType,
+				method: frameMethod,
+				id: frameId
+			});
+			const client = getClient();
+			if (!client) {
+				const isRequestFrame = validateRequestFrame(parsed);
+				if (!isRequestFrame || parsed.method !== "connect" || !validateConnectParams(parsed.params)) {
+					const handshakeError = isRequestFrame ? parsed.method === "connect" ? `invalid connect params: ${formatValidationErrors(validateConnectParams.errors)}` : "invalid handshake: first request must be connect" : "invalid request frame";
+					setHandshakeState("failed");
+					setCloseCause("invalid-handshake", {
+						frameType,
+						frameMethod,
+						frameId,
+						handshakeError
+					});
+					if (isRequestFrame) send({
+						type: "res",
+						id: parsed.id,
+						ok: false,
+						error: errorShape(ErrorCodes.INVALID_REQUEST, handshakeError)
+					});
+					else logWsControl.warn(`invalid handshake conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} fwd=${formatForLog(forwardedFor ?? "n/a")} origin=${formatForLog(requestOrigin ?? "n/a")} host=${formatForLog(requestHost ?? "n/a")} ua=${formatForLog(requestUserAgent ?? "n/a")}`);
+					const closeReason = truncateCloseReason(handshakeError || "invalid handshake");
+					if (isRequestFrame) queueMicrotask(() => close(1008, closeReason));
+					else close(1008, closeReason);
+					return;
+				}
+				const frame = parsed;
+				const connectParams = frame.params;
+				const resolvedAuth = getResolvedAuth();
+				const clientLabel = connectParams.client.displayName ?? connectParams.client.id;
+				const clientMeta = {
+					client: connectParams.client.id,
+					clientDisplayName: connectParams.client.displayName,
+					mode: connectParams.client.mode,
+					version: connectParams.client.version,
+					platform: connectParams.client.platform,
+					deviceFamily: connectParams.client.deviceFamily,
+					modelIdentifier: connectParams.client.modelIdentifier,
+					instanceId: connectParams.client.instanceId
+				};
+				const markHandshakeFailure = (cause, meta) => {
+					setHandshakeState("failed");
+					setCloseCause(cause, {
+						...meta,
+						...clientMeta
+					});
+				};
+				const sendHandshakeErrorResponse = (code, message, options) => {
+					send({
+						type: "res",
+						id: frame.id,
+						ok: false,
+						error: errorShape(code, message, options)
+					});
+				};
+				if (isStartupPending?.()) {
+					markHandshakeFailure(GATEWAY_STARTUP_PENDING_CLOSE_CAUSE);
+					await sendFrame({
+						type: "res",
+						id: frame.id,
+						ok: false,
+						error: errorShape(ErrorCodes.UNAVAILABLE, "gateway starting; retry shortly", {
+							retryable: true,
+							retryAfterMs: 500,
+							details: gatewayStartupUnavailableDetails()
+						})
+					}).catch(() => {});
+					queueMicrotask(() => close(GATEWAY_STARTUP_CLOSE_CODE, GATEWAY_STARTUP_CLOSE_REASON));
+					return;
+				}
+				const { minProtocol, maxProtocol } = connectParams;
+				const supportsCurrentProtocol = maxProtocol >= 4 && minProtocol <= 4;
+				const supportsProbeRestartProtocol = connectParams.client.mode === GATEWAY_CLIENT_MODES.PROBE && maxProtocol >= 4 && minProtocol <= 4;
+				if (!supportsCurrentProtocol && !supportsProbeRestartProtocol) {
+					markHandshakeFailure("protocol-mismatch", {
+						minProtocol,
+						maxProtocol,
+						expectedProtocol: 4,
+						minimumProbeProtocol: 4
+					});
+					logWsControl.warn(`protocol mismatch conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} remotePort=${remotePort ?? "?"} client=${formatForLog(clientLabel)} ${connectParams.client.mode} v${formatForLog(connectParams.client.version)} min=${minProtocol} max=${maxProtocol} expected=4 probeMin=4 instance=${formatForLog(connectParams.client.instanceId ?? "n/a")}`);
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "protocol mismatch", { details: {
+						code: ConnectErrorDetailCodes.PROTOCOL_MISMATCH,
+						clientMinProtocol: minProtocol,
+						clientMaxProtocol: maxProtocol,
+						expectedProtocol: 4,
+						minimumProbeProtocol: 4
+					} });
+					close(1002, "protocol mismatch");
+					return;
+				}
+				const roleRaw = connectParams.role ?? "operator";
+				const role = parseGatewayRole(roleRaw);
+				if (!role) {
+					markHandshakeFailure("invalid-role", { role: roleRaw });
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "invalid role");
+					close(1008, "invalid role");
+					return;
+				}
+				let scopes = Array.isArray(connectParams.scopes) ? connectParams.scopes : [];
+				connectParams.role = role;
+				connectParams.scopes = scopes;
+				const isControlUi = isOperatorUiClient(connectParams.client);
+				const isBrowserOperatorUi = isBrowserOperatorUiClient(connectParams.client);
+				const isWebchat = isWebchatConnect(connectParams);
+				const isNativeAppUi = connectParams.client.mode === GATEWAY_CLIENT_MODES.UI && (connectParams.client.id === GATEWAY_CLIENT_IDS.MACOS_APP || connectParams.client.id === GATEWAY_CLIENT_IDS.IOS_APP || connectParams.client.id === GATEWAY_CLIENT_IDS.ANDROID_APP);
+				if (enforceOriginCheckForAnyClient || isBrowserOperatorUi || isWebchat) {
+					const hostHeaderOriginFallbackEnabled = configSnapshot.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true;
+					const originCheck = checkBrowserOrigin({
+						requestHost,
+						origin: requestOrigin,
+						allowedOrigins: configSnapshot.gateway?.controlUi?.allowedOrigins,
+						allowHostHeaderOriginFallback: hostHeaderOriginFallbackEnabled,
+						isLocalClient
+					});
+					if (!originCheck.ok) {
+						const errorMessage = "origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)";
+						markHandshakeFailure("origin-mismatch", {
+							origin: requestOrigin ?? "n/a",
+							host: requestHost ?? "n/a",
+							reason: originCheck.reason
+						});
+						sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage, { details: {
+							code: ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+							reason: originCheck.reason
+						} });
+						close(1008, truncateCloseReason(errorMessage));
+						return;
+					}
+					if (originCheck.matchedBy === "host-header-fallback") {
+						originCheckMetrics.hostHeaderFallbackAccepted += 1;
+						logWsControl.warn(`security warning: websocket origin accepted via Host-header fallback conn=${connId} count=${originCheckMetrics.hostHeaderFallbackAccepted} host=${requestHost ?? "n/a"} origin=${requestOrigin ?? "n/a"}`);
+						if (hostHeaderOriginFallbackEnabled) logGateway.warn("security metric: gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback accepted a websocket connect request");
+					}
+				}
+				const deviceRaw = connectParams.device;
+				let devicePublicKey = null;
+				let deviceAuthPayloadVersion = null;
+				const hasTokenAuth = Boolean(connectParams.auth?.token);
+				const hasPasswordAuth = Boolean(connectParams.auth?.password);
+				const hasSharedAuth = hasTokenAuth || hasPasswordAuth;
+				const controlUiAuthPolicy = resolveControlUiAuthPolicy({
+					isControlUi,
+					controlUiConfig: configSnapshot.gateway?.controlUi,
+					deviceRaw
+				});
+				const device = controlUiAuthPolicy.device;
+				let { authResult, authOk, authMethod, sharedAuthOk, bootstrapTokenCandidate, deviceTokenCandidate, deviceTokenCandidateSource } = await resolveConnectAuthState({
+					resolvedAuth,
+					connectAuth: connectParams.auth,
+					hasDeviceIdentity: Boolean(device),
+					req: upgradeReq,
+					trustedProxies,
+					allowRealIpFallback,
+					rateLimiter: authRateLimiter,
+					clientIp: browserRateLimitClientIp
+				});
+				const rejectUnauthorized = (failedAuth) => {
+					const { authProvided, canRetryWithDeviceToken, recommendedNextStep } = resolveUnauthorizedHandshakeContext({
+						connectAuth: connectParams.auth,
+						failedAuth,
+						hasDeviceIdentity: Boolean(device)
+					});
+					markHandshakeFailure("unauthorized", {
+						authMode: resolvedAuth.mode,
+						authProvided,
+						authReason: failedAuth.reason,
+						allowTailscale: resolvedAuth.allowTailscale,
+						peer: peerLabel,
+						remoteAddr,
+						remotePort,
+						localAddr,
+						localPort,
+						role,
+						scopeCount: scopes.length,
+						hasDeviceIdentity: Boolean(device)
+					});
+					logWsControl.warn(`unauthorized conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} client=${formatForLog(clientLabel)} ${connectParams.client.mode} v${formatForLog(connectParams.client.version)} role=${role} scopes=${scopes.length} auth=${authProvided} device=${device ? "yes" : "no"} platform=${formatForLog(connectParams.client.platform)} instance=${formatForLog(connectParams.client.instanceId ?? "n/a")} host=${formatForLog(requestHost ?? "n/a")} origin=${formatForLog(requestOrigin ?? "n/a")} ua=${formatForLog(requestUserAgent ?? "n/a")} reason=${failedAuth.reason ?? "unknown"}`);
+					const authMessage = formatGatewayAuthFailureMessage({
+						authMode: resolvedAuth.mode,
+						authProvided,
+						reason: failedAuth.reason,
+						client: connectParams.client
+					});
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, authMessage, { details: {
+						code: resolveAuthConnectErrorDetailCode(failedAuth.reason),
+						authReason: failedAuth.reason,
+						canRetryWithDeviceToken,
+						recommendedNextStep
+					} });
+					close(1008, truncateCloseReason(authMessage));
+				};
+				const clearUnboundScopes = () => {
+					if (scopes.length > 0) {
+						scopes = [];
+						connectParams.scopes = scopes;
+					}
+				};
+				let pairingLocality = resolvePairingLocality({
+					connectParams,
+					isLocalClient,
+					requestHost,
+					requestOrigin,
+					remoteAddress: remoteAddr,
+					hasProxyHeaders,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				let skipLocalBackendSelfPairing = shouldSkipLocalBackendSelfPairing({
+					connectParams,
+					locality: pairingLocality,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				const handleMissingDeviceIdentity = () => {
+					const trustedProxyAuthOk = isTrustedProxyControlUiOperatorAuth({
+						isControlUi,
+						role,
+						authMode: resolvedAuth.mode,
+						authOk,
+						authMethod
+					});
+					const preserveInsecureLocalControlUiScopes = isControlUi && controlUiAuthPolicy.allowInsecureAuthConfigured && isLocalClient && (authMethod === "token" || authMethod === "password");
+					const decision = evaluateMissingDeviceIdentity({
+						hasDeviceIdentity: Boolean(device),
+						role,
+						isControlUi,
+						controlUiAuthPolicy,
+						trustedProxyAuthOk,
+						localBackendSelfPairingOk: skipLocalBackendSelfPairing,
+						sharedAuthOk,
+						authOk,
+						hasSharedAuth,
+						isLocalClient
+					});
+					if (!device && !skipLocalBackendSelfPairing && shouldClearUnboundScopesForMissingDeviceIdentity({
+						decision,
+						controlUiAuthPolicy,
+						preserveInsecureLocalControlUiScopes,
+						authMethod,
+						trustedProxyAuthOk
+					})) clearUnboundScopes();
+					if (decision.kind === "allow") return true;
+					if (decision.kind === "reject-control-ui-insecure-auth") {
+						const errorMessage = "control ui requires device identity (use HTTPS or localhost secure context)";
+						markHandshakeFailure("control-ui-insecure-auth", { insecureAuthConfigured: controlUiAuthPolicy.allowInsecureAuthConfigured });
+						sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage, { details: { code: ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED } });
+						close(1008, errorMessage);
+						return false;
+					}
+					if (decision.kind === "reject-unauthorized") {
+						rejectUnauthorized(authResult);
+						return false;
+					}
+					markHandshakeFailure("device-required");
+					sendHandshakeErrorResponse(ErrorCodes.NOT_PAIRED, "device identity required", { details: { code: ConnectErrorDetailCodes.DEVICE_IDENTITY_REQUIRED } });
+					close(1008, "device identity required");
+					return false;
+				};
+				if (!handleMissingDeviceIdentity()) return;
+				if (device) {
+					const rejectDeviceAuthInvalid = (reason, message) => {
+						setHandshakeState("failed");
+						setCloseCause("device-auth-invalid", {
+							reason,
+							client: connectParams.client.id,
+							deviceId: device.id
+						});
+						send({
+							type: "res",
+							id: frame.id,
+							ok: false,
+							error: errorShape(ErrorCodes.INVALID_REQUEST, message, { details: {
+								code: resolveDeviceAuthConnectErrorDetailCode(reason),
+								reason
+							} })
+						});
+						close(1008, message);
+					};
+					const derivedId = deriveDeviceIdFromPublicKey(device.publicKey);
+					if (!derivedId || derivedId !== device.id) {
+						rejectDeviceAuthInvalid("device-id-mismatch", "device identity mismatch");
+						return;
+					}
+					const signedAt = device.signedAt;
+					if (typeof signedAt !== "number" || Math.abs(Date.now() - signedAt) > DEVICE_SIGNATURE_SKEW_MS) {
+						rejectDeviceAuthInvalid("device-signature-stale", "device signature expired");
+						return;
+					}
+					const providedNonce = typeof device.nonce === "string" ? device.nonce.trim() : "";
+					if (!providedNonce) {
+						rejectDeviceAuthInvalid("device-nonce-missing", "device nonce required");
+						return;
+					}
+					if (providedNonce !== connectNonce) {
+						rejectDeviceAuthInvalid("device-nonce-mismatch", "device nonce mismatch");
+						return;
+					}
+					const rejectDeviceSignatureInvalid = () => rejectDeviceAuthInvalid("device-signature", "device signature invalid");
+					const payloadVersion = resolveDeviceSignaturePayloadVersion({
+						device,
+						connectParams,
+						role,
+						scopes,
+						signedAtMs: signedAt,
+						nonce: providedNonce
+					});
+					if (!payloadVersion) {
+						rejectDeviceSignatureInvalid();
+						return;
+					}
+					deviceAuthPayloadVersion = payloadVersion;
+					devicePublicKey = normalizeDevicePublicKeyBase64Url(device.publicKey);
+					if (!devicePublicKey) {
+						rejectDeviceAuthInvalid("device-public-key", "device public key invalid");
+						return;
+					}
+				}
+				({authResult, authOk, authMethod} = await resolveConnectAuthDecision({
+					state: {
+						authResult,
+						authOk,
+						authMethod,
+						sharedAuthOk,
+						sharedAuthProvided: hasSharedAuth,
+						bootstrapTokenCandidate,
+						deviceTokenCandidate,
+						deviceTokenCandidateSource
+					},
+					hasDeviceIdentity: Boolean(device),
+					deviceId: device?.id,
+					publicKey: device?.publicKey,
+					role,
+					scopes,
+					rateLimiter: authRateLimiter,
+					clientIp: browserRateLimitClientIp,
+					verifyBootstrapToken: async ({ deviceId, publicKey, token, role, scopes }) => await verifyDeviceBootstrapToken({
+						deviceId,
+						publicKey,
+						token,
+						role,
+						scopes
+					}),
+					verifyDeviceToken
+				}));
+				pairingLocality = resolvePairingLocality({
+					connectParams,
+					isLocalClient,
+					requestHost,
+					requestOrigin,
+					remoteAddress: remoteAddr,
+					hasProxyHeaders,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				skipLocalBackendSelfPairing = shouldSkipLocalBackendSelfPairing({
+					connectParams,
+					locality: pairingLocality,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				if (!authOk) {
+					rejectUnauthorized(authResult);
+					return;
+				}
+				if (authMethod === "token" || authMethod === "password" || authMethod === "trusted-proxy") {
+					const sharedGatewaySessionGeneration = resolveSharedGatewaySessionGeneration(resolvedAuth, trustedProxies);
+					const requiredSharedGatewaySessionGeneration = getRequiredSharedGatewaySessionGeneration?.();
+					if (requiredSharedGatewaySessionGeneration !== void 0 && sharedGatewaySessionGeneration !== requiredSharedGatewaySessionGeneration) {
+						setCloseCause("gateway-auth-rotated", { authGenerationStale: true });
+						close(4001, "gateway auth changed");
+						return;
+					}
+				}
+				const issuedBootstrapProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate ? await getDeviceBootstrapTokenProfile({ token: bootstrapTokenCandidate }) : null;
+				let handoffBootstrapProfile = null;
+				const trustedProxyAuthOk = isTrustedProxyControlUiOperatorAuth({
+					isControlUi,
+					role,
+					authMode: resolvedAuth.mode,
+					authOk,
+					authMethod
+				});
+				if (trustedProxyAuthOk) {
+					scopes = resolveTrustedProxyControlUiScopes({
+						requestedScopes: scopes,
+						upgradeReq
+					});
+					connectParams.scopes = scopes;
+				}
+				const skipControlUiPairingForDevice = shouldSkipControlUiPairing(controlUiAuthPolicy, role, trustedProxyAuthOk, resolvedAuth.mode, authMethod);
+				let hasServerApprovedDeviceTokenBaseline = false;
+				if (device && devicePublicKey) {
+					const formatAuditList = (items) => {
+						if (!items || items.length === 0) return "<none>";
+						const out = /* @__PURE__ */ new Set();
+						for (const item of items) {
+							const trimmed = item.trim();
+							if (trimmed) out.add(trimmed);
+						}
+						if (out.size === 0) return "<none>";
+						return [...out].toSorted().join(",");
+					};
+					const logUpgradeAudit = (reason, currentRoles, currentScopes) => {
+						logGateway.warn(`security audit: device access upgrade requested reason=${reason} device=${device.id} ip=${reportedClientIp ?? "unknown-ip"} auth=${authMethod} roleFrom=${formatAuditList(currentRoles)} roleTo=${role} scopesFrom=${formatAuditList(currentScopes)} scopesTo=${formatAuditList(scopes)} client=${connectParams.client.id} conn=${connId}`);
+					};
+					const clientPairingMetadata = {
+						displayName: connectParams.client.displayName,
+						platform: connectParams.client.platform,
+						deviceFamily: connectParams.client.deviceFamily,
+						clientId: connectParams.client.id,
+						clientMode: connectParams.client.mode,
+						role,
+						scopes,
+						remoteIp: reportedClientIp
+					};
+					const clientAccessMetadata = {
+						displayName: connectParams.client.displayName,
+						remoteIp: reportedClientIp
+					};
+					const requirePairing = async (reason, existingPairedDevice = null) => {
+						const pairingStateAllowsRequestedAccess = (pairedCandidate) => {
+							if (!pairedCandidate || pairedCandidate.publicKey !== devicePublicKey) return false;
+							if (!hasEffectivePairedDeviceRole(pairedCandidate, role)) return false;
+							if (scopes.length === 0) return true;
+							const pairedScopes = Array.isArray(pairedCandidate.approvedScopes) ? pairedCandidate.approvedScopes : Array.isArray(pairedCandidate.scopes) ? pairedCandidate.scopes : [];
+							if (pairedScopes.length === 0) return false;
+							return roleScopesAllow({
+								role,
+								requestedScopes: scopes,
+								allowedScopes: pairedScopes
+							});
+						};
+						const allowSilentLocalPairing = !(existingPairedDevice && role !== "operator") && shouldAllowSilentLocalPairing({
+							locality: pairingLocality,
+							hasBrowserOriginHeader,
+							isControlUi,
+							isWebchat,
+							isNativeAppUi,
+							reason
+						});
+						const allowSilentTrustedCidrsNodePairing = shouldAutoApproveNodePairingFromTrustedCidrs({
+							existingPairedDevice: Boolean(existingPairedDevice),
+							role,
+							reason,
+							scopes,
+							hasBrowserOriginHeader,
+							isControlUi,
+							isWebchat,
+							reportedClientIpSource,
+							reportedClientIp,
+							autoApproveCidrs: configSnapshot.gateway?.nodes?.pairing?.autoApproveCidrs
+						});
+						const boundBootstrapProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate && reason === "not-paired" && role === "node" && scopes.length === 0 && !existingPairedDevice && !isControlUi && !isBrowserOperatorUi && !isWebchat && connectParams.client.mode === GATEWAY_CLIENT_MODES.NODE ? await getBoundDeviceBootstrapProfile({
+							token: bootstrapTokenCandidate,
+							deviceId: device.id,
+							publicKey: devicePublicKey
+						}) : null;
+						const allowSilentBootstrapPairing = boundBootstrapProfile !== null && sameBootstrapProfile(boundBootstrapProfile, PAIRING_SETUP_BOOTSTRAP_PROFILE);
+						const bootstrapPairingRoles = allowSilentBootstrapPairing ? Array.from(new Set([role, ...boundBootstrapProfile.roles])) : void 0;
+						const pairing = await requestDevicePairing({
+							deviceId: device.id,
+							publicKey: devicePublicKey,
+							...clientPairingMetadata,
+							...bootstrapPairingRoles ? {
+								roles: bootstrapPairingRoles,
+								scopes: [...BOOTSTRAP_HANDOFF_OPERATOR_SCOPES]
+							} : {},
+							silent: reason === "scope-upgrade" ? false : allowSilentLocalPairing || allowSilentTrustedCidrsNodePairing || allowSilentBootstrapPairing
+						});
+						const context = buildRequestContext();
+						let approved;
+						let resolvedByConcurrentApproval = false;
+						let recoveryRequestId = pairing.request.requestId;
+						const resolveLivePendingRequestId = async () => {
+							const pendingList = await listDevicePairing();
+							const exactPending = pendingList.pending.find((pending) => pending.requestId === pairing.request.requestId);
+							if (exactPending) return exactPending.requestId;
+							return pendingList.pending.find((pending) => pending.deviceId === device.id && pending.publicKey === devicePublicKey)?.requestId;
+						};
+						if (pairing.request.silent === true) {
+							approved = allowSilentBootstrapPairing && boundBootstrapProfile ? await approveBootstrapDevicePairing(pairing.request.requestId, boundBootstrapProfile) : await approveDevicePairing(pairing.request.requestId, { callerScopes: scopes });
+							if (approved?.status === "approved") {
+								if (allowSilentBootstrapPairing && boundBootstrapProfile) handoffBootstrapProfile = boundBootstrapProfile;
+								logGateway.info(`device pairing auto-approved device=${approved.device.deviceId} role=${approved.device.role ?? "unknown"}`);
+								context.broadcast("device.pair.resolved", {
+									requestId: pairing.request.requestId,
+									deviceId: approved.device.deviceId,
+									decision: "approved",
+									ts: Date.now()
+								}, { dropIfSlow: true });
+							} else {
+								resolvedByConcurrentApproval = pairingStateAllowsRequestedAccess(await getPairedDevice(device.id));
+								let requestStillPending = false;
+								if (!resolvedByConcurrentApproval) {
+									recoveryRequestId = await resolveLivePendingRequestId();
+									requestStillPending = recoveryRequestId === pairing.request.requestId;
+								}
+								if (requestStillPending) context.broadcast("device.pair.requested", pairing.request, { dropIfSlow: true });
+							}
+						} else if (pairing.created) context.broadcast("device.pair.requested", pairing.request, { dropIfSlow: true });
+						recoveryRequestId = await resolveLivePendingRequestId();
+						if (!(pairing.request.silent === true && (approved?.status === "approved" || resolvedByConcurrentApproval))) {
+							const exposeApprovedAccess = existingPairedDevice?.publicKey === devicePublicKey;
+							const approvedRoles = exposeApprovedAccess ? listApprovedPairedDeviceRoles(existingPairedDevice) : [];
+							const approvedScopes = exposeApprovedAccess ? Array.isArray(existingPairedDevice.approvedScopes) ? existingPairedDevice.approvedScopes : Array.isArray(existingPairedDevice.scopes) ? existingPairedDevice.scopes : [] : [];
+							const retryAfterBootstrapPairingApproval = authMethod === "bootstrap-token" && reason === "not-paired" && role === "node" && scopes.length === 0 && !existingPairedDevice;
+							const pairingErrorDetails = buildPairingConnectErrorDetails({
+								reason,
+								requestId: recoveryRequestId,
+								...retryAfterBootstrapPairingApproval ? {
+									recommendedNextStep: "wait_then_retry",
+									retryable: true,
+									pauseReconnect: false
+								} : {},
+								deviceId: device.id,
+								requestedRole: role,
+								requestedScopes: scopes,
+								...approvedRoles.length > 0 ? { approvedRoles } : {},
+								...approvedScopes.length > 0 ? { approvedScopes } : {}
+							});
+							const pairingErrorMessage = buildPairingConnectErrorMessage(reason);
+							setHandshakeState("failed");
+							setCloseCause("pairing-required", {
+								deviceId: device.id,
+								...recoveryRequestId ? { requestId: recoveryRequestId } : {},
+								reason
+							});
+							send({
+								type: "res",
+								id: frame.id,
+								ok: false,
+								error: errorShape(ErrorCodes.NOT_PAIRED, pairingErrorMessage, { details: pairingErrorDetails })
+							});
+							close(1008, truncateCloseReason(buildPairingConnectCloseReason({
+								reason,
+								requestId: recoveryRequestId
+							})));
+							return false;
+						}
+						return true;
+					};
+					const paired = await getPairedDevice(device.id);
+					if (!(paired?.publicKey === devicePublicKey)) {
+						if (!(skipLocalBackendSelfPairing || skipControlUiPairingForDevice)) {
+							if (!await requirePairing("not-paired", paired)) return;
+							hasServerApprovedDeviceTokenBaseline = true;
+						} else if (skipControlUiPairingForDevice || skipLocalBackendSelfPairing && authMethod !== "device-token") hasServerApprovedDeviceTokenBaseline = true;
+					} else {
+						hasServerApprovedDeviceTokenBaseline = true;
+						const claimedPlatform = connectParams.client.platform;
+						const pairedPlatform = paired.platform;
+						const claimedDeviceFamily = connectParams.client.deviceFamily;
+						const pairedDeviceFamily = paired.deviceFamily;
+						const metadataPinning = resolvePinnedClientMetadata({
+							clientId: connectParams.client.id,
+							clientMode: connectParams.client.mode,
+							claimedPlatform,
+							claimedDeviceFamily,
+							pairedPlatform,
+							pairedDeviceFamily
+						});
+						const { platformMismatch, deviceFamilyMismatch } = metadataPinning;
+						if (platformMismatch || deviceFamilyMismatch) {
+							if (!shouldAllowSilentLocalPairing({
+								locality: pairingLocality,
+								hasBrowserOriginHeader,
+								isControlUi,
+								isWebchat,
+								isNativeAppUi,
+								reason: "metadata-upgrade"
+							})) logGateway.warn(`security audit: device metadata upgrade requested reason=metadata-upgrade device=${device.id} ip=${reportedClientIp ?? "unknown-ip"} auth=${authMethod} payload=${deviceAuthPayloadVersion ?? "unknown"} claimedPlatform=${claimedPlatform ?? "<none>"} pinnedPlatform=${pairedPlatform ?? "<none>"} claimedDeviceFamily=${claimedDeviceFamily ?? "<none>"} pinnedDeviceFamily=${pairedDeviceFamily ?? "<none>"} client=${connectParams.client.id} conn=${connId}`);
+							if (!await requirePairing("metadata-upgrade", paired)) return;
+						} else {
+							if (metadataPinning.pinnedPlatform) connectParams.client.platform = metadataPinning.pinnedPlatform;
+							if (metadataPinning.pinnedDeviceFamily) connectParams.client.deviceFamily = metadataPinning.pinnedDeviceFamily;
+						}
+						const pairedRoles = listEffectivePairedDeviceRoles(paired);
+						const pairedScopes = Array.isArray(paired.approvedScopes) ? paired.approvedScopes : Array.isArray(paired.scopes) ? paired.scopes : [];
+						const allowedRoles = new Set(pairedRoles);
+						if (allowedRoles.size === 0) {
+							logUpgradeAudit("role-upgrade", pairedRoles, pairedScopes);
+							if (!await requirePairing("role-upgrade", paired)) return;
+						} else if (!allowedRoles.has(role)) {
+							logUpgradeAudit("role-upgrade", pairedRoles, pairedScopes);
+							if (!await requirePairing("role-upgrade", paired)) return;
+						}
+						if (scopes.length > 0) {
+							if (pairedScopes.length === 0) {
+								logUpgradeAudit("scope-upgrade", pairedRoles, pairedScopes);
+								if (!await requirePairing("scope-upgrade", paired)) return;
+							} else if (!roleScopesAllow({
+								role,
+								requestedScopes: scopes,
+								allowedScopes: pairedScopes
+							})) {
+								logUpgradeAudit("scope-upgrade", pairedRoles, pairedScopes);
+								if (!await requirePairing("scope-upgrade", paired)) return;
+							}
+						}
+						const retryBootstrapHandoffProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate && role === "node" && scopes.length === 0 && !isControlUi && !isBrowserOperatorUi && !isWebchat && connectParams.client.mode === GATEWAY_CLIENT_MODES.NODE && pairedRoles.includes("operator") && roleScopesAllow({
+							role: "operator",
+							requestedScopes: BOOTSTRAP_HANDOFF_OPERATOR_SCOPES,
+							allowedScopes: pairedScopes
+						}) ? await getBoundDeviceBootstrapProfile({
+							token: bootstrapTokenCandidate,
+							deviceId: device.id,
+							publicKey: devicePublicKey
+						}) : null;
+						if (retryBootstrapHandoffProfile && sameBootstrapProfile(retryBootstrapHandoffProfile, PAIRING_SETUP_BOOTSTRAP_PROFILE)) handoffBootstrapProfile = retryBootstrapHandoffProfile;
+						await updatePairedDeviceMetadata(device.id, {
+							...clientAccessMetadata,
+							...metadataPinning.refreshPairedPlatform ? { platform: metadataPinning.refreshPairedPlatform } : {}
+						});
+					}
+				}
+				const deviceToken = !trustedProxyAuthOk && device && hasServerApprovedDeviceTokenBaseline ? await ensureDeviceToken({
+					deviceId: device.id,
+					role,
+					scopes
+				}) : null;
+				const bootstrapDeviceTokens = [];
+				if (deviceToken) bootstrapDeviceTokens.push({
+					deviceToken: deviceToken.token,
+					role: deviceToken.role,
+					scopes: deviceToken.scopes,
+					issuedAtMs: deviceToken.rotatedAtMs ?? deviceToken.createdAtMs
+				});
+				const approvedHandoffBootstrapProfile = handoffBootstrapProfile;
+				if (device && approvedHandoffBootstrapProfile) for (const bootstrapRole of approvedHandoffBootstrapProfile.roles) {
+					if (bootstrapDeviceTokens.some((entry) => entry.role === bootstrapRole)) continue;
+					const bootstrapRoleScopes = bootstrapRole === "operator" ? resolveBootstrapProfileScopesForRole(bootstrapRole, approvedHandoffBootstrapProfile.scopes) : [];
+					const extraToken = await ensureDeviceToken({
+						deviceId: device.id,
+						role: bootstrapRole,
+						scopes: bootstrapRoleScopes
+					});
+					if (!extraToken) continue;
+					bootstrapDeviceTokens.push({
+						deviceToken: extraToken.token,
+						role: extraToken.role,
+						scopes: extraToken.scopes,
+						issuedAtMs: extraToken.rotatedAtMs ?? extraToken.createdAtMs
+					});
+				}
+				if (role === "node") {
+					const reconciliation = await reconcileNodePairingOnConnect({
+						cfg: getRuntimeConfig(),
+						connectParams,
+						pairedNode: await getPairedNode(connectParams.device?.id ?? connectParams.client.id),
+						reportedClientIp,
+						requestPairing: async (input) => await requestNodePairing(input)
+					});
+					if (reconciliation.pendingPairing?.created) {
+						const requestContext = buildRequestContext();
+						const resolvedAt = Date.now();
+						for (const superseded of reconciliation.pendingPairing.superseded ?? []) requestContext.broadcast("node.pair.resolved", {
+							requestId: superseded.requestId,
+							nodeId: superseded.nodeId,
+							decision: "rejected",
+							ts: resolvedAt
+						}, { dropIfSlow: true });
+						requestContext.broadcast("node.pair.requested", reconciliation.pendingPairing.request, { dropIfSlow: true });
+					}
+					const nodeConnectParams = connectParams;
+					nodeConnectParams.declaredCaps = reconciliation.declaredCaps;
+					nodeConnectParams.declaredCommands = reconciliation.declaredCommands;
+					nodeConnectParams.declaredPermissions = reconciliation.declaredPermissions;
+					connectParams.caps = reconciliation.effectiveCaps;
+					connectParams.commands = reconciliation.effectiveCommands;
+					connectParams.permissions = reconciliation.effectivePermissions;
+				}
+				const shouldTrackPresence = !isGatewayCliClient(connectParams.client);
+				const clientId = connectParams.client.id;
+				const instanceId = connectParams.client.instanceId;
+				const presenceKey = shouldTrackPresence ? device?.id ?? instanceId ?? connId : void 0;
+				if (isClosed()) {
+					setCloseCause("connect-aborted-before-register", {
+						...clientMeta,
+						auth: authMethod
+					});
+					return;
+				}
+				const pluginSurfaceUrls = {};
+				const pluginNodeCapabilitySurfaces = indexPluginNodeCapabilitySurfaces(pluginNodeCapabilities);
+				const pendingPluginNodeCapabilities = [];
+				if (pluginSurfaceBaseUrl) for (const pluginCapabilitySurface of Object.values(pluginNodeCapabilitySurfaces)) {
+					const capability = mintPluginNodeCapabilityToken();
+					const expiresAtMs = Date.now() + resolvePluginNodeCapabilityTtlMs(pluginCapabilitySurface);
+					const scopedUrl = buildPluginNodeCapabilityScopedHostUrl(pluginSurfaceBaseUrl, capability) ?? pluginSurfaceBaseUrl;
+					pluginSurfaceUrls[pluginCapabilitySurface.surface] = scopedUrl;
+					pendingPluginNodeCapabilities.push({
+						surface: pluginCapabilitySurface,
+						capability,
+						expiresAtMs
+					});
+				}
+				const usesSharedGatewayAuth = authMethod === "token" || authMethod === "password" || authMethod === "trusted-proxy";
+				const sharedGatewaySessionGeneration = usesSharedGatewayAuth ? resolveSharedGatewaySessionGeneration(resolvedAuth, trustedProxies) : void 0;
+				const isTrustedApprovalRuntime = scopes.includes("operator.approvals") && connectParams.client.id === GATEWAY_CLIENT_IDS.GATEWAY_CLIENT && connectParams.client.mode === GATEWAY_CLIENT_MODES.BACKEND && isOperatorApprovalRuntimeToken(connectParams.auth?.approvalRuntimeToken);
+				clearHandshakeTimer();
+				const nextClient = {
+					socket,
+					connect: connectParams,
+					connId,
+					isDeviceTokenAuth: authMethod === "device-token",
+					usesSharedGatewayAuth,
+					sharedGatewaySessionGeneration,
+					presenceKey,
+					clientIp: reportedClientIp,
+					...isTrustedApprovalRuntime ? { internal: { approvalRuntime: true } } : {},
+					...Object.keys(pluginSurfaceUrls).length > 0 ? { pluginSurfaceUrls } : {},
+					...Object.keys(pluginNodeCapabilitySurfaces).length > 0 ? { pluginNodeCapabilitySurfaces } : {}
+				};
+				for (const entry of pendingPluginNodeCapabilities) setClientPluginNodeCapability({
+					client: nextClient,
+					surface: entry.surface,
+					capability: entry.capability,
+					expiresAtMs: entry.expiresAtMs
+				});
+				setSocketMaxPayload(socket, MAX_PAYLOAD_BYTES);
+				if (!setClient(nextClient)) {
+					setCloseCause("connect-aborted-before-register", {
+						...clientMeta,
+						auth: authMethod
+					});
+					return;
+				}
+				setHandshakeState("connected");
+				logWs("in", "connect", {
+					connId,
+					client: connectParams.client.id,
+					clientDisplayName: connectParams.client.displayName,
+					version: connectParams.client.version,
+					mode: connectParams.client.mode,
+					clientId,
+					platform: connectParams.client.platform,
+					auth: authMethod
+				});
+				if (isWebchatConnect(connectParams)) logWsControl.info(`webchat connected conn=${connId} remote=${remoteAddr ?? "?"} client=${clientLabel} ${connectParams.client.mode} v${connectParams.client.version}`);
+				if (presenceKey) {
+					upsertPresence(presenceKey, {
+						host: connectParams.client.displayName ?? connectParams.client.id ?? os.hostname(),
+						ip: isLocalClient ? void 0 : reportedClientIp,
+						version: connectParams.client.version,
+						platform: connectParams.client.platform,
+						deviceFamily: connectParams.client.deviceFamily,
+						modelIdentifier: connectParams.client.modelIdentifier,
+						mode: connectParams.client.mode,
+						deviceId: device?.id,
+						roles: [role],
+						scopes,
+						instanceId: device?.id ?? instanceId,
+						reason: "connect"
+					});
+					incrementPresenceVersion();
+				}
+				if (role === "node") {
+					const context = buildRequestContext();
+					const nodeSession = context.nodeRegistry.register(nextClient, { remoteIp: reportedClientIp });
+					const instanceIdRaw = connectParams.client.instanceId;
+					const instanceId = typeof instanceIdRaw === "string" ? instanceIdRaw.trim() : "";
+					const nodeIdsForPairing = new Set([nodeSession.nodeId]);
+					if (instanceId) nodeIdsForPairing.add(instanceId);
+					for (const nodeId of nodeIdsForPairing) updatePairedNodeMetadata(nodeId, { lastConnectedAtMs: nodeSession.connectedAtMs }).catch((err) => logGateway.warn(`failed to record last connect for ${nodeId}: ${formatForLog(err)}`));
+					recordRemoteNodeInfo({
+						nodeId: nodeSession.nodeId,
+						displayName: nodeSession.displayName,
+						platform: nodeSession.platform,
+						deviceFamily: nodeSession.deviceFamily,
+						commands: nodeSession.commands,
+						remoteIp: nodeSession.remoteIp
+					});
+					refreshRemoteNodeBins({
+						nodeId: nodeSession.nodeId,
+						platform: nodeSession.platform,
+						deviceFamily: nodeSession.deviceFamily,
+						commands: nodeSession.commands,
+						cfg: getRuntimeConfig()
+					}).catch((err) => logGateway.warn(`remote bin probe failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+					loadVoiceWakeConfig().then((cfg) => {
+						context.nodeRegistry.sendEvent(nodeSession.nodeId, "voicewake.changed", { triggers: cfg.triggers });
+					}).catch((err) => logGateway.warn(`voicewake snapshot failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+					loadVoiceWakeRoutingConfig().then((routing) => {
+						context.nodeRegistry.sendEvent(nodeSession.nodeId, "voicewake.routing.changed", { config: routing });
+					}).catch((err) => logGateway.warn(`voicewake routing snapshot failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+				}
+				const snapshot = buildGatewaySnapshot({ includeSensitive: scopes.includes(ADMIN_SCOPE) });
+				const cachedHealth = getHealthCache();
+				if (cachedHealth) {
+					snapshot.health = cachedHealth;
+					snapshot.stateVersion.health = getHealthVersion();
+				}
+				const helloOkAuthScopes = deviceToken ? deviceToken.scopes : scopes;
+				const helloOk = {
+					type: "hello-ok",
+					protocol: 4,
+					server: {
+						version: resolveRuntimeServiceVersion(process.env),
+						connId
+					},
+					features: {
+						methods: gatewayMethods,
+						events
+					},
+					snapshot,
+					...Object.keys(pluginSurfaceUrls).length > 0 ? { pluginSurfaceUrls } : {},
+					auth: {
+						role,
+						scopes: helloOkAuthScopes,
+						...deviceToken ? {
+							deviceToken: deviceToken.token,
+							issuedAtMs: deviceToken.rotatedAtMs ?? deviceToken.createdAtMs,
+							...bootstrapDeviceTokens.length > 1 ? { deviceTokens: bootstrapDeviceTokens.slice(1) } : {}
+						} : {}
+					},
+					policy: {
+						maxPayload: MAX_PAYLOAD_BYTES,
+						maxBufferedBytes: MAX_BUFFERED_BYTES,
+						tickIntervalMs: TICK_INTERVAL_MS
+					}
+				};
+				let revokedBootstrapTokenRecord;
+				if (authMethod === "bootstrap-token" && bootstrapTokenCandidate && device) try {
+					if (handoffBootstrapProfile || issuedBootstrapProfile) {
+						const redemption = await redeemDeviceBootstrapTokenProfile({
+							token: bootstrapTokenCandidate,
+							role,
+							scopes
+						});
+						if (handoffBootstrapProfile || redemption.fullyRedeemed) {
+							const revoked = await revokeDeviceBootstrapToken({ token: bootstrapTokenCandidate });
+							if (!revoked.removed) logGateway.warn(`bootstrap token revoke skipped after profile redemption device=${device.id}`);
+							else revokedBootstrapTokenRecord = revoked.record;
+						}
+					}
+				} catch (err) {
+					logGateway.warn(`bootstrap token post-connect bookkeeping failed device=${device.id}: ${formatForLog(err)}`);
+				}
+				try {
+					await sendFrame({
+						type: "res",
+						id: frame.id,
+						ok: true,
+						payload: helloOk
+					});
+				} catch (err) {
+					if (revokedBootstrapTokenRecord) try {
+						await restoreDeviceBootstrapToken({ record: revokedBootstrapTokenRecord });
+					} catch (restoreErr) {
+						logGateway.warn(`bootstrap token restore after hello-send failure failed device=${device?.id ?? "unknown"}: ${formatForLog(restoreErr)}`);
+					}
+					setCloseCause("hello-send-failed", { error: formatForLog(err) });
+					close();
+					return;
+				}
+				logWs("out", "hello-ok", {
+					connId,
+					methods: gatewayMethods.length,
+					events: events.length,
+					presence: snapshot.presence.length,
+					stateVersion: snapshot.stateVersion.presence
+				});
+				refreshHealthSnapshot({ probe: true }).catch((err) => logHealth.error(`post-connect health refresh failed: ${formatError(err)}`));
+				return;
+			}
+			if (!validateRequestFrame(parsed)) {
+				send({
+					type: "res",
+					id: parsed?.id ?? "invalid",
+					ok: false,
+					error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid request frame: ${formatValidationErrors(validateRequestFrame.errors)}`)
+				});
+				return;
+			}
+			const req = parsed;
+			logWs("in", "req", {
+				connId,
+				id: req.id,
+				method: req.method
+			});
+			if (client.usesSharedGatewayAuth) {
+				const requiredSharedGatewaySessionGeneration = getRequiredSharedGatewaySessionGeneration?.();
+				if (requiredSharedGatewaySessionGeneration !== void 0 && client.sharedGatewaySessionGeneration !== requiredSharedGatewaySessionGeneration) {
+					setCloseCause("gateway-auth-rotated", {
+						authGenerationStale: true,
+						method: req.method
+					});
+					close(4001, "gateway auth changed");
+					return;
+				}
+			}
+			const respond = (ok, payload, error, meta) => {
+				send({
+					type: "res",
+					id: req.id,
+					ok,
+					payload,
+					error
+				});
+				const unauthorizedRoleError = isUnauthorizedRoleError(error);
+				let logMeta = meta;
+				if (unauthorizedRoleError) {
+					const unauthorizedDecision = unauthorizedFloodGuard.registerUnauthorized();
+					if (unauthorizedDecision.suppressedSinceLastLog > 0) logMeta = {
+						...logMeta,
+						suppressedUnauthorizedResponses: unauthorizedDecision.suppressedSinceLastLog
+					};
+					if (!unauthorizedDecision.shouldLog) return;
+					if (unauthorizedDecision.shouldClose) {
+						setCloseCause("repeated-unauthorized-requests", {
+							unauthorizedCount: unauthorizedDecision.count,
+							method: req.method
+						});
+						queueMicrotask(() => close(1008, "repeated unauthorized calls"));
+					}
+					logMeta = {
+						...logMeta,
+						unauthorizedCount: unauthorizedDecision.count
+					};
+				} else unauthorizedFloodGuard.reset();
+				logWs("out", "res", {
+					connId,
+					id: req.id,
+					ok,
+					method: req.method,
+					errorCode: error?.code,
+					errorMessage: error?.message,
+					...logMeta
+				});
+			};
+			(async () => {
+				const { handleGatewayRequest } = await import("./server-methods-BM3XCIWG.js");
+				await handleGatewayRequest({
+					req,
+					respond,
+					client,
+					isWebchatConnect,
+					extraHandlers,
+					methodRegistry: getMethodRegistry?.(),
+					context: buildRequestContext()
+				});
+			})().catch((err) => {
+				logGateway.error(`request handler failed: ${formatForLog(err)}`);
+				respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err)));
+			});
+		} catch (err) {
+			logGateway.error(`parse/handle error: ${String(err)}`);
+			logWs("out", "parse-error", {
+				connId,
+				error: formatForLog(err)
+			});
+			if (!getClient()) close();
+		}
+	};
+	socket.on("message", (data) => {
+		runWithDiagnosticTraceContext(createDiagnosticTraceContext(), () => handleMessage(data));
+	});
+}
+function getRawDataByteLength(data) {
+	if (Buffer.isBuffer(data)) return data.byteLength;
+	if (Array.isArray(data)) return data.reduce((total, chunk) => total + chunk.byteLength, 0);
+	if (data instanceof ArrayBuffer) return data.byteLength;
+	return Buffer.byteLength(String(data));
+}
+function setSocketMaxPayload(socket, maxPayload) {
+	const receiver = socket["_receiver"];
+	if (receiver) receiver["_maxPayload"] = maxPayload;
+}
+//#endregion
+export { attachGatewayWsMessageHandler };