npm - @hanzo/bot - Versions diffs - 2026.3.8 → 2026.3.10 - Mend

@hanzo/bot 2026.3.8 → 2026.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/dist/{audio-preflight-D_s-peid.js → audio-preflight-BnfuyvxO.js} +4 -4
package/dist/{audio-preflight-BEc8i-bS.js → audio-preflight-CpAXC_Ct.js} +4 -4
package/dist/{audio-transcription-runner-X1KzI7dF.js → audio-transcription-runner-CAOjjGxN.js} +1 -1
package/dist/{audio-transcription-runner-BePCnZfw.js → audio-transcription-runner-GcMnO6sT.js} +1 -1
package/dist/build-info.json +3 -3
package/dist/bundled/boot-md/handler.js +6 -6
package/dist/bundled/session-memory/handler.js +6 -6
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/{chrome-B24-8NDM.js → chrome--CFg5C_H.js} +8 -8
package/dist/{chrome-C7OwLtx9.js → chrome-jCt9JCU8.js} +8 -8
package/dist/{cloud-connect-CknfBF39.js → cloud-connect-6kdj8st_.js} +1 -1
package/dist/{deliver-D8dBbzpu.js → deliver-BVtVDxwX.js} +1 -1
package/dist/{deliver-DudaV86i.js → deliver-DmfS4khs.js} +1 -1
package/dist/{deliver-runtime-C76IMU4W.js → deliver-runtime-G0G5orrZ.js} +3 -3
package/dist/{deliver-runtime-qDmQqiF-.js → deliver-runtime-PxJvVUhh.js} +3 -3
package/dist/{deps-send-whatsapp.runtime-Cv_awFtm.js → deps-send-whatsapp.runtime-8bLqjmui.js} +7 -7
package/dist/{deps-send-whatsapp.runtime-Cq-TLsJw.js → deps-send-whatsapp.runtime-CrzuaVhC.js} +7 -7
package/dist/entry.js +15 -8
package/dist/extensionAPI.js +6 -6
package/dist/{image-nUHQF6BX.js → image-BdZcUz8M.js} +1 -1
package/dist/{image-BOybyCis.js → image-DSK1hSSV.js} +1 -1
package/dist/{image-runtime-B5M_-diF.js → image-runtime-ueqmfx1a.js} +3 -3
package/dist/{image-runtime-y4msd5bn.js → image-runtime-xqxW2PQA.js} +3 -3
package/dist/llm-slug-generator.js +6 -6
package/dist/{local-launch-C2RER-G3.js → local-launch-BJpBAIR5.js} +37 -33
package/dist/{pi-embedded-BHXPs-Ix.js → pi-embedded-DBn841N-.js} +24 -24
package/dist/{pi-embedded-DvWHP6Nn.js → pi-embedded-DYc6emwb.js} +24 -24
package/dist/{pi-embedded-helpers-xIXwvwuE.js → pi-embedded-helpers-BtnBVL-4.js} +3 -3
package/dist/{pi-embedded-helpers-Ck1qEeMH.js → pi-embedded-helpers-DLm1Mtr2.js} +3 -3
package/dist/plugin-sdk/accounts-B8qv93DH.js +35 -0
package/dist/plugin-sdk/accounts-D2p8t4UO.js +288 -0
package/dist/plugin-sdk/accounts-D96D1U9M.js +46 -0
package/dist/plugin-sdk/active-listener-Mha1rAbh.js +50 -0
package/dist/plugin-sdk/api-key-rotation-D0aZfxXH.js +181 -0
package/dist/plugin-sdk/audio-preflight-D3y8mHJa.js +69 -0
package/dist/plugin-sdk/audio-transcription-runner-j0mQXKSH.js +2205 -0
package/dist/plugin-sdk/audit-membership-runtime-D-Ni2WDc.js +58 -0
package/dist/plugin-sdk/channel-activity-VpA3MxPb.js +94 -0
package/dist/plugin-sdk/channel-web-BP3vDdim.js +2256 -0
package/dist/plugin-sdk/chrome-5jJIDTj0.js +2447 -0
package/dist/plugin-sdk/commands-registry-BVKCdwN_.js +1125 -0
package/dist/plugin-sdk/config-CudVTZDi.js +18200 -0
package/dist/plugin-sdk/deliver-4NrmrRKu.js +1744 -0
package/dist/plugin-sdk/deliver-runtime-CB4wXMTH.js +32 -0
package/dist/plugin-sdk/deps-send-discord.runtime-Di8ELKED.js +23 -0
package/dist/plugin-sdk/deps-send-imessage.runtime-CWWtApbz.js +22 -0
package/dist/plugin-sdk/deps-send-signal.runtime-C6BGyoIY.js +21 -0
package/dist/plugin-sdk/deps-send-slack.runtime-DgtITBuc.js +19 -0
package/dist/plugin-sdk/deps-send-telegram.runtime-DyY4XRxh.js +24 -0
package/dist/plugin-sdk/deps-send-whatsapp.runtime-LKiQNFcF.js +57 -0
package/dist/plugin-sdk/diagnostic-DCPixRez.js +319 -0
package/dist/plugin-sdk/errors-D5bA02--.js +54 -0
package/dist/plugin-sdk/fetch-guard-n0LVdzZL.js +156 -0
package/dist/plugin-sdk/fs-safe-IQ0H7rVD.js +352 -0
package/dist/plugin-sdk/image-n-R2HcNg.js +2314 -0
package/dist/plugin-sdk/image-ops-BpYDXC6N.js +584 -0
package/dist/plugin-sdk/image-runtime-CbCl82B8.js +25 -0
package/dist/plugin-sdk/index.js +50 -50
package/dist/plugin-sdk/ir-DsMX3GcS.js +1296 -0
package/dist/plugin-sdk/local-roots-DR-lR22p.js +186 -0
package/dist/plugin-sdk/logger-2A0UE34q.js +1163 -0
package/dist/plugin-sdk/login-CxFTtHEi.js +57 -0
package/dist/plugin-sdk/login-qr-BCkrf1Zx.js +320 -0
package/dist/plugin-sdk/manager-ClUgSFkG.js +3943 -0
package/dist/plugin-sdk/manager-runtime-MWzYCRyH.js +15 -0
package/dist/plugin-sdk/outbound-Dqs8L8QW.js +212 -0
package/dist/plugin-sdk/outbound-attachment-CPfpUcdI.js +19 -0
package/dist/plugin-sdk/path-alias-guards-LILr7Hrs.js +43 -0
package/dist/plugin-sdk/paths-CfGmXu9A.js +166 -0
package/dist/plugin-sdk/pi-embedded-helpers-CeC8GbRi.js +9731 -0
package/dist/plugin-sdk/pi-model-discovery-DycOMKYh.js +134 -0
package/dist/plugin-sdk/pi-model-discovery-runtime-C64BYe5F.js +8 -0
package/dist/plugin-sdk/pi-tools.before-tool-call.runtime-C-HNtPSw.js +354 -0
package/dist/plugin-sdk/plugins-2gQWMmUN.js +1205 -0
package/dist/plugin-sdk/proxy-fetch-sX3-xzX1.js +38 -0
package/dist/plugin-sdk/pw-ai-D7FTxM3C.js +1938 -0
package/dist/plugin-sdk/qmd-manager-Da3Jq30m.js +1608 -0
package/dist/plugin-sdk/query-expansion-B5Z0In1U.js +1014 -0
package/dist/plugin-sdk/redact-85H1J7mo.js +319 -0
package/dist/plugin-sdk/reply-DmCyOPxV.js +102224 -0
package/dist/plugin-sdk/resolve-outbound-target-y0Sp7gsM.js +40 -0
package/dist/plugin-sdk/run-with-concurrency-CFRxflYW.js +1994 -0
package/dist/plugin-sdk/runtime-whatsapp-login.runtime-fgm84Rdh.js +10 -0
package/dist/plugin-sdk/runtime-whatsapp-outbound.runtime-DpMuLd_h.js +19 -0
package/dist/plugin-sdk/send-BQvcPd54.js +3135 -0
package/dist/plugin-sdk/send-Bplfz7UW.js +540 -0
package/dist/plugin-sdk/send-C8gdhoLP.js +414 -0
package/dist/plugin-sdk/send-CTOVZqmi.js +2602 -0
package/dist/plugin-sdk/send-Cld7xlxq.js +503 -0
package/dist/plugin-sdk/session-D4k86ARy.js +169 -0
package/dist/plugin-sdk/signal.js +2 -2
package/dist/plugin-sdk/skill-commands-BfHvtJx2.js +353 -0
package/dist/plugin-sdk/skills-BrE5Yb5o.js +1428 -0
package/dist/plugin-sdk/slash-commands.runtime-UpSrdY-a.js +13 -0
package/dist/plugin-sdk/slash-dispatch.runtime-C-Ymizf2.js +52 -0
package/dist/plugin-sdk/slash-skill-commands.runtime-Bb9wo3w0.js +16 -0
package/dist/plugin-sdk/ssrf-CbvrROKN.js +202 -0
package/dist/plugin-sdk/store-8XS_isi_.js +81 -0
package/dist/plugin-sdk/subagent-registry-runtime-Cl3jJKM1.js +52 -0
package/dist/plugin-sdk/tables-BhfDBQ58.js +55 -0
package/dist/plugin-sdk/target-errors-0DW3k-Ae.js +195 -0
package/dist/plugin-sdk/thinking-DE2FCBnv.js +1209 -0
package/dist/plugin-sdk/tokens-C2tJ8uXs.js +52 -0
package/dist/plugin-sdk/tool-images-B1I6LEp7.js +274 -0
package/dist/plugin-sdk/web-BHzDLmns.js +56 -0
package/dist/plugin-sdk/whatsapp-actions-BoAH0BAS.js +80 -0
package/dist/{pw-ai-DweqbnMJ.js → pw-ai-C-Sy12jT.js} +1 -1
package/dist/{pw-ai-DsYmOxCp.js → pw-ai-pJMhS79V.js} +1 -1
package/dist/{run-main-CgFUs81l.js → run-main-JI9-1g4u.js} +2 -2
package/dist/{slash-dispatch.runtime-D28-UnsO.js → slash-dispatch.runtime-DLP2IeNv.js} +6 -6
package/dist/{slash-dispatch.runtime-DzpJjr3K.js → slash-dispatch.runtime-Vp6IDoCc.js} +6 -6
package/dist/{subagent-registry-runtime-a7xfwPB8.js → subagent-registry-runtime-BlAI3eqU.js} +6 -6
package/dist/{subagent-registry-runtime-Bt-LYyrB.js → subagent-registry-runtime-COKZwsHd.js} +6 -6
package/dist/{web-CREcqhe9.js → web-BEuMJbx-.js} +6 -6
package/dist/{web-IBqHOVI2.js → web-BvId86u4.js} +6 -6
package/extensions/acpx/package.json +1 -1
package/extensions/bluebubbles/package.json +1 -1
package/extensions/ci-fix-loop/package.json +1 -1
package/extensions/continuous-learning/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/diffs/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/flow/package.json +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +10 -0
package/extensions/matrix/package.json +1 -1
package/extensions/mattermost/package.json +1 -1
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +10 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +10 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/self-improvement/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/synology-chat/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +10 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +10 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +10 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +10 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +2 -1

package/dist/plugin-sdk/slash-commands.runtime-UpSrdY-a.js ADDED Viewed

@@ -0,0 +1,13 @@
+import "./run-with-concurrency-CFRxflYW.js";
+import "./accounts-D2p8t4UO.js";
+import "./paths-MKyEVmEb.js";
+import "./github-copilot-token-D5fdS6xD.js";
+import "./config-CudVTZDi.js";
+import "./logger-2A0UE34q.js";
+import "./thinking-DE2FCBnv.js";
+import "./plugins-2gQWMmUN.js";
+import "./accounts-B8qv93DH.js";
+import "./accounts-D96D1U9M.js";
+import { f as resolveCommandArgMenu, n as findCommandByNativeName, s as listNativeCommandSpecsForConfig, t as buildCommandTextFromArgs, u as parseCommandArgs } from "./commands-registry-BVKCdwN_.js";
+export { buildCommandTextFromArgs, findCommandByNativeName, listNativeCommandSpecsForConfig, parseCommandArgs, resolveCommandArgMenu };

package/dist/plugin-sdk/slash-dispatch.runtime-C-Ymizf2.js ADDED Viewed

@@ -0,0 +1,52 @@
+import "./run-with-concurrency-CFRxflYW.js";
+import "./accounts-D2p8t4UO.js";
+import { I as resolveAgentRoute, L as finalizeInboundContext, T as dispatchReplyWithDispatcher, d as recordInboundSessionMetaSafe, et as createReplyPrefixOptions, m as deliverSlackSlashReplies } from "./reply-DmCyOPxV.js";
+import "./paths-MKyEVmEb.js";
+import "./github-copilot-token-D5fdS6xD.js";
+import "./config-CudVTZDi.js";
+import "./logger-2A0UE34q.js";
+import "./thinking-DE2FCBnv.js";
+import "./image-ops-BpYDXC6N.js";
+import { rn as resolveConversationLabel } from "./pi-embedded-helpers-CeC8GbRi.js";
+import "./plugins-2gQWMmUN.js";
+import "./accounts-B8qv93DH.js";
+import "./accounts-D96D1U9M.js";
+import "./send-BQvcPd54.js";
+import "./paths-CfGmXu9A.js";
+import "./fetch-Bv4TQOMH.js";
+import "./redact-85H1J7mo.js";
+import "./errors-D5bA02--.js";
+import "./channel-activity-VpA3MxPb.js";
+import "./path-alias-guards-LILr7Hrs.js";
+import "./fs-safe-IQ0H7rVD.js";
+import "./ssrf-CbvrROKN.js";
+import "./fetch-guard-n0LVdzZL.js";
+import "./local-roots-DR-lR22p.js";
+import { d as resolveChunkMode, i as resolveMarkdownTableMode } from "./ir-DsMX3GcS.js";
+import "./render-HmipMDlP.js";
+import "./tables-BhfDBQ58.js";
+import "./send-Cld7xlxq.js";
+import "./send-CTOVZqmi.js";
+import "./tool-images-B1I6LEp7.js";
+import "./target-errors-0DW3k-Ae.js";
+import "./send-C8gdhoLP.js";
+import "./audio-transcription-runner-j0mQXKSH.js";
+import "./tokens-C2tJ8uXs.js";
+import "./skill-commands-BfHvtJx2.js";
+import "./skills-BrE5Yb5o.js";
+import "./chrome-5jJIDTj0.js";
+import "./deliver-4NrmrRKu.js";
+import "./diagnostic-DCPixRez.js";
+import "./store-8XS_isi_.js";
+import "./commands-registry-BVKCdwN_.js";
+import "./image-n-R2HcNg.js";
+import "./api-key-rotation-D0aZfxXH.js";
+import "./proxy-fetch-sX3-xzX1.js";
+import "./pi-model-discovery-DycOMKYh.js";
+import "./send-Bplfz7UW.js";
+import "./outbound-attachment-CPfpUcdI.js";
+import "./proxy-BFm9FJeW.js";
+import "./manager-ClUgSFkG.js";
+import "./query-expansion-B5Z0In1U.js";
+export { createReplyPrefixOptions, deliverSlackSlashReplies, dispatchReplyWithDispatcher, finalizeInboundContext, recordInboundSessionMetaSafe, resolveAgentRoute, resolveChunkMode, resolveConversationLabel, resolveMarkdownTableMode };

package/dist/plugin-sdk/slash-skill-commands.runtime-Bb9wo3w0.js ADDED Viewed

@@ -0,0 +1,16 @@
+import "./run-with-concurrency-CFRxflYW.js";
+import "./accounts-D2p8t4UO.js";
+import "./paths-MKyEVmEb.js";
+import "./github-copilot-token-D5fdS6xD.js";
+import "./config-CudVTZDi.js";
+import "./logger-2A0UE34q.js";
+import "./thinking-DE2FCBnv.js";
+import "./plugins-2gQWMmUN.js";
+import "./accounts-B8qv93DH.js";
+import "./accounts-D96D1U9M.js";
+import "./path-alias-guards-LILr7Hrs.js";
+import { n as listSkillCommandsForAgents } from "./skill-commands-BfHvtJx2.js";
+import "./skills-BrE5Yb5o.js";
+import "./commands-registry-BVKCdwN_.js";
+export { listSkillCommandsForAgents };

package/dist/plugin-sdk/ssrf-CbvrROKN.js ADDED Viewed

@@ -0,0 +1,202 @@
+import { $ as parseCanonicalIpAddress, G as isBlockedSpecialUseIpv4Address, J as isIpv4Address, K as isBlockedSpecialUseIpv6Address, W as extractEmbeddedIpv4FromIpv6, Y as isLegacyIpv4Literal, et as parseLooseIpAddress, q as isCanonicalDottedDecimalIPv4 } from "./config-CudVTZDi.js";
+import { Agent } from "undici";
+import { lookup } from "node:dns";
+import { lookup as lookup$1 } from "node:dns/promises";
+//#region src/infra/net/proxy-env.ts
+const PROXY_ENV_KEYS = [
+	"HTTP_PROXY",
+	"HTTPS_PROXY",
+	"ALL_PROXY",
+	"http_proxy",
+	"https_proxy",
+	"all_proxy"
+];
+function hasProxyEnvConfigured(env = process.env) {
+	for (const key of PROXY_ENV_KEYS) {
+		const value = env[key];
+		if (typeof value === "string" && value.trim().length > 0) return true;
+	}
+	return false;
+}
+//#endregion
+//#region src/infra/net/hostname.ts
+function normalizeHostname(hostname) {
+	const normalized = hostname.trim().toLowerCase().replace(/\.$/, "");
+	if (normalized.startsWith("[") && normalized.endsWith("]")) return normalized.slice(1, -1);
+	return normalized;
+}
+//#endregion
+//#region src/infra/net/ssrf.ts
+var SsrFBlockedError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "SsrFBlockedError";
+	}
+};
+const BLOCKED_HOSTNAMES = new Set([
+	"localhost",
+	"localhost.localdomain",
+	"metadata.google.internal"
+]);
+function normalizeHostnameSet(values) {
+	if (!values || values.length === 0) return /* @__PURE__ */ new Set();
+	return new Set(values.map((value) => normalizeHostname(value)).filter(Boolean));
+}
+function normalizeHostnameAllowlist(values) {
+	if (!values || values.length === 0) return [];
+	return Array.from(new Set(values.map((value) => normalizeHostname(value)).filter((value) => value !== "*" && value !== "*." && value.length > 0)));
+}
+function isPrivateNetworkAllowedByPolicy(policy) {
+	return policy?.dangerouslyAllowPrivateNetwork === true || policy?.allowPrivateNetwork === true;
+}
+function resolveIpv4SpecialUseBlockOptions(policy) {
+	return { allowRfc2544BenchmarkRange: policy?.allowRfc2544BenchmarkRange === true };
+}
+function isHostnameAllowedByPattern(hostname, pattern) {
+	if (pattern.startsWith("*.")) {
+		const suffix = pattern.slice(2);
+		if (!suffix || hostname === suffix) return false;
+		return hostname.endsWith(`.${suffix}`);
+	}
+	return hostname === pattern;
+}
+function matchesHostnameAllowlist(hostname, allowlist) {
+	if (allowlist.length === 0) return true;
+	return allowlist.some((pattern) => isHostnameAllowedByPattern(hostname, pattern));
+}
+function looksLikeUnsupportedIpv4Literal(address) {
+	const parts = address.split(".");
+	if (parts.length === 0 || parts.length > 4) return false;
+	if (parts.some((part) => part.length === 0)) return true;
+	return parts.every((part) => /^[0-9]+$/.test(part) || /^0x/i.test(part));
+}
+function isPrivateIpAddress(address, policy) {
+	let normalized = address.trim().toLowerCase();
+	if (normalized.startsWith("[") && normalized.endsWith("]")) normalized = normalized.slice(1, -1);
+	if (!normalized) return false;
+	const blockOptions = resolveIpv4SpecialUseBlockOptions(policy);
+	const strictIp = parseCanonicalIpAddress(normalized);
+	if (strictIp) {
+		if (isIpv4Address(strictIp)) return isBlockedSpecialUseIpv4Address(strictIp, blockOptions);
+		if (isBlockedSpecialUseIpv6Address(strictIp)) return true;
+		const embeddedIpv4 = extractEmbeddedIpv4FromIpv6(strictIp);
+		if (embeddedIpv4) return isBlockedSpecialUseIpv4Address(embeddedIpv4, blockOptions);
+		return false;
+	}
+	if (normalized.includes(":") && !parseLooseIpAddress(normalized)) return true;
+	if (!isCanonicalDottedDecimalIPv4(normalized) && isLegacyIpv4Literal(normalized)) return true;
+	if (looksLikeUnsupportedIpv4Literal(normalized)) return true;
+	return false;
+}
+function isBlockedHostname(hostname) {
+	const normalized = normalizeHostname(hostname);
+	if (!normalized) return false;
+	return isBlockedHostnameNormalized(normalized);
+}
+function isBlockedHostnameNormalized(normalized) {
+	if (BLOCKED_HOSTNAMES.has(normalized)) return true;
+	return normalized.endsWith(".localhost") || normalized.endsWith(".local") || normalized.endsWith(".internal");
+}
+function isBlockedHostnameOrIp(hostname, policy) {
+	const normalized = normalizeHostname(hostname);
+	if (!normalized) return false;
+	return isBlockedHostnameNormalized(normalized) || isPrivateIpAddress(normalized, policy);
+}
+const BLOCKED_HOST_OR_IP_MESSAGE = "Blocked hostname or private/internal/special-use IP address";
+const BLOCKED_RESOLVED_IP_MESSAGE = "Blocked: resolves to private/internal/special-use IP address";
+function assertAllowedHostOrIpOrThrow(hostnameOrIp, policy) {
+	if (isBlockedHostnameOrIp(hostnameOrIp, policy)) throw new SsrFBlockedError(BLOCKED_HOST_OR_IP_MESSAGE);
+}
+function assertAllowedResolvedAddressesOrThrow(results, policy) {
+	for (const entry of results) if (isBlockedHostnameOrIp(entry.address, policy)) throw new SsrFBlockedError(BLOCKED_RESOLVED_IP_MESSAGE);
+}
+function createPinnedLookup(params) {
+	const normalizedHost = normalizeHostname(params.hostname);
+	const fallback = params.fallback ?? lookup;
+	const fallbackLookup = fallback;
+	const fallbackWithOptions = fallback;
+	const records = params.addresses.map((address) => ({
+		address,
+		family: address.includes(":") ? 6 : 4
+	}));
+	let index = 0;
+	return ((host, options, callback) => {
+		const cb = typeof options === "function" ? options : callback;
+		if (!cb) return;
+		const normalized = normalizeHostname(host);
+		if (!normalized || normalized !== normalizedHost) {
+			if (typeof options === "function" || options === void 0) return fallbackLookup(host, cb);
+			return fallbackWithOptions(host, options, cb);
+		}
+		const opts = typeof options === "object" && options !== null ? options : {};
+		const requestedFamily = typeof options === "number" ? options : typeof opts.family === "number" ? opts.family : 0;
+		const candidates = requestedFamily === 4 || requestedFamily === 6 ? records.filter((entry) => entry.family === requestedFamily) : records;
+		const usable = candidates.length > 0 ? candidates : records;
+		if (opts.all) {
+			cb(null, usable);
+			return;
+		}
+		const chosen = usable[index % usable.length];
+		index += 1;
+		cb(null, chosen.address, chosen.family);
+	});
+}
+function dedupeAndPreferIpv4(results) {
+	const seen = /* @__PURE__ */ new Set();
+	const ipv4 = [];
+	const otherFamilies = [];
+	for (const entry of results) {
+		if (seen.has(entry.address)) continue;
+		seen.add(entry.address);
+		if (entry.family === 4) {
+			ipv4.push(entry.address);
+			continue;
+		}
+		otherFamilies.push(entry.address);
+	}
+	return [...ipv4, ...otherFamilies];
+}
+async function resolvePinnedHostnameWithPolicy(hostname, params = {}) {
+	const normalized = normalizeHostname(hostname);
+	if (!normalized) throw new Error("Invalid hostname");
+	const allowPrivateNetwork = isPrivateNetworkAllowedByPolicy(params.policy);
+	const allowedHostnames = normalizeHostnameSet(params.policy?.allowedHostnames);
+	const hostnameAllowlist = normalizeHostnameAllowlist(params.policy?.hostnameAllowlist);
+	const isExplicitAllowed = allowedHostnames.has(normalized);
+	const skipPrivateNetworkChecks = allowPrivateNetwork || isExplicitAllowed;
+	if (!matchesHostnameAllowlist(normalized, hostnameAllowlist)) throw new SsrFBlockedError(`Blocked hostname (not in allowlist): ${hostname}`);
+	if (!skipPrivateNetworkChecks) assertAllowedHostOrIpOrThrow(normalized, params.policy);
+	const results = await (params.lookupFn ?? lookup$1)(normalized, { all: true });
+	if (results.length === 0) throw new Error(`Unable to resolve hostname: ${hostname}`);
+	if (!skipPrivateNetworkChecks) assertAllowedResolvedAddressesOrThrow(results, params.policy);
+	const addresses = dedupeAndPreferIpv4(results);
+	if (addresses.length === 0) throw new Error(`Unable to resolve hostname: ${hostname}`);
+	return {
+		hostname: normalized,
+		addresses,
+		lookup: createPinnedLookup({
+			hostname: normalized,
+			addresses
+		})
+	};
+}
+function createPinnedDispatcher(pinned) {
+	return new Agent({ connect: { lookup: pinned.lookup } });
+}
+async function closeDispatcher(dispatcher) {
+	if (!dispatcher) return;
+	const candidate = dispatcher;
+	try {
+		if (typeof candidate.close === "function") {
+			await candidate.close();
+			return;
+		}
+		if (typeof candidate.destroy === "function") candidate.destroy();
+	} catch {}
+}
+//#endregion
+export { isBlockedHostnameOrIp as a, resolvePinnedHostnameWithPolicy as c, isBlockedHostname as i, normalizeHostname as l, closeDispatcher as n, isPrivateIpAddress as o, createPinnedDispatcher as r, isPrivateNetworkAllowedByPolicy as s, SsrFBlockedError as t, hasProxyEnvConfigured as u };

package/dist/plugin-sdk/store-8XS_isi_.js ADDED Viewed

@@ -0,0 +1,81 @@
+import { w as resolveConfigDir } from "./logger-2A0UE34q.js";
+import { c as detectMime, l as extensionForMime } from "./image-ops-BpYDXC6N.js";
+import { createWriteStream } from "node:fs";
+import path from "node:path";
+import fs$1 from "node:fs/promises";
+import crypto from "node:crypto";
+import { pipeline } from "node:stream/promises";
+import { request } from "node:https";
+//#region src/media/store.ts
+const resolveMediaDir = () => path.join(resolveConfigDir(), "media");
+const MEDIA_MAX_BYTES = 5 * 1024 * 1024;
+const MAX_BYTES = MEDIA_MAX_BYTES;
+const DEFAULT_TTL_MS = 120 * 1e3;
+const MEDIA_FILE_MODE = 420;
+/**
+* Sanitize a filename for cross-platform safety.
+* Removes chars unsafe on Windows/SharePoint/all platforms.
+* Keeps: alphanumeric, dots, hyphens, underscores, Unicode letters/numbers.
+*/
+function sanitizeFilename(name) {
+	const trimmed = name.trim();
+	if (!trimmed) return "";
+	return trimmed.replace(/[^\p{L}\p{N}._-]+/gu, "_").replace(/_+/g, "_").replace(/^_|_$/g, "").slice(0, 60);
+}
+/**
+* Extract original filename from path if it matches the embedded format.
+* Pattern: {original}---{uuid}.{ext} → returns "{original}.{ext}"
+* Falls back to basename if no pattern match, or "file.bin" if empty.
+*/
+function extractOriginalFilename(filePath) {
+	const basename = path.basename(filePath);
+	if (!basename) return "file.bin";
+	const ext = path.extname(basename);
+	const match = path.basename(basename, ext).match(/^(.+)---[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i);
+	if (match?.[1]) return `${match[1]}${ext}`;
+	return basename;
+}
+function getMediaDir() {
+	return resolveMediaDir();
+}
+async function ensureMediaDir() {
+	const mediaDir = resolveMediaDir();
+	await fs$1.mkdir(mediaDir, {
+		recursive: true,
+		mode: 448
+	});
+	return mediaDir;
+}
+async function saveMediaBuffer(buffer, contentType, subdir = "inbound", maxBytes = MAX_BYTES, originalFilename) {
+	if (buffer.byteLength > maxBytes) throw new Error(`Media exceeds ${(maxBytes / (1024 * 1024)).toFixed(0)}MB limit`);
+	const dir = path.join(resolveMediaDir(), subdir);
+	await fs$1.mkdir(dir, {
+		recursive: true,
+		mode: 448
+	});
+	const uuid = crypto.randomUUID();
+	const headerExt = extensionForMime(contentType?.split(";")[0]?.trim() ?? void 0);
+	const mime = await detectMime({
+		buffer,
+		headerMime: contentType
+	});
+	const ext = headerExt ?? extensionForMime(mime) ?? "";
+	let id;
+	if (originalFilename) {
+		const base = path.parse(originalFilename).name;
+		const sanitized = sanitizeFilename(base);
+		id = sanitized ? `${sanitized}---${uuid}${ext}` : `${uuid}${ext}`;
+	} else id = ext ? `${uuid}${ext}` : uuid;
+	const dest = path.join(dir, id);
+	await fs$1.writeFile(dest, buffer, { mode: MEDIA_FILE_MODE });
+	return {
+		id,
+		path: dest,
+		size: buffer.byteLength,
+		contentType: mime
+	};
+}
+//#endregion
+export { saveMediaBuffer as a, getMediaDir as i, ensureMediaDir as n, extractOriginalFilename as r, MEDIA_MAX_BYTES as t };

package/dist/plugin-sdk/subagent-registry-runtime-Cl3jJKM1.js ADDED Viewed

@@ -0,0 +1,52 @@
+import "./run-with-concurrency-CFRxflYW.js";
+import "./accounts-D2p8t4UO.js";
+import { a as isSubagentSessionRunActive, c as resolveRequesterForChildSession, i as countPendingDescendantRunsExcludingRun, l as shouldIgnorePostCompletionAnnounceForSession, n as countActiveDescendantRuns, o as listSubagentRunsForRequester, r as countPendingDescendantRuns, s as replaceSubagentRunAfterSteer } from "./reply-DmCyOPxV.js";
+import "./paths-MKyEVmEb.js";
+import "./github-copilot-token-D5fdS6xD.js";
+import "./config-CudVTZDi.js";
+import "./logger-2A0UE34q.js";
+import "./thinking-DE2FCBnv.js";
+import "./image-ops-BpYDXC6N.js";
+import "./pi-embedded-helpers-CeC8GbRi.js";
+import "./plugins-2gQWMmUN.js";
+import "./accounts-B8qv93DH.js";
+import "./accounts-D96D1U9M.js";
+import "./send-BQvcPd54.js";
+import "./paths-CfGmXu9A.js";
+import "./fetch-Bv4TQOMH.js";
+import "./redact-85H1J7mo.js";
+import "./errors-D5bA02--.js";
+import "./channel-activity-VpA3MxPb.js";
+import "./path-alias-guards-LILr7Hrs.js";
+import "./fs-safe-IQ0H7rVD.js";
+import "./ssrf-CbvrROKN.js";
+import "./fetch-guard-n0LVdzZL.js";
+import "./local-roots-DR-lR22p.js";
+import "./ir-DsMX3GcS.js";
+import "./render-HmipMDlP.js";
+import "./tables-BhfDBQ58.js";
+import "./send-Cld7xlxq.js";
+import "./send-CTOVZqmi.js";
+import "./tool-images-B1I6LEp7.js";
+import "./target-errors-0DW3k-Ae.js";
+import "./send-C8gdhoLP.js";
+import "./audio-transcription-runner-j0mQXKSH.js";
+import "./tokens-C2tJ8uXs.js";
+import "./skill-commands-BfHvtJx2.js";
+import "./skills-BrE5Yb5o.js";
+import "./chrome-5jJIDTj0.js";
+import "./deliver-4NrmrRKu.js";
+import "./diagnostic-DCPixRez.js";
+import "./store-8XS_isi_.js";
+import "./commands-registry-BVKCdwN_.js";
+import "./image-n-R2HcNg.js";
+import "./api-key-rotation-D0aZfxXH.js";
+import "./proxy-fetch-sX3-xzX1.js";
+import "./pi-model-discovery-DycOMKYh.js";
+import "./send-Bplfz7UW.js";
+import "./outbound-attachment-CPfpUcdI.js";
+import "./proxy-BFm9FJeW.js";
+import "./manager-ClUgSFkG.js";
+import "./query-expansion-B5Z0In1U.js";
+export { countActiveDescendantRuns, countPendingDescendantRuns, countPendingDescendantRunsExcludingRun, isSubagentSessionRunActive, listSubagentRunsForRequester, replaceSubagentRunAfterSteer, resolveRequesterForChildSession, shouldIgnorePostCompletionAnnounceForSession };

package/dist/plugin-sdk/tables-BhfDBQ58.js ADDED Viewed

@@ -0,0 +1,55 @@
+import { r as markdownToIRWithMeta } from "./ir-DsMX3GcS.js";
+import { t as renderMarkdownWithMarkers } from "./render-HmipMDlP.js";
+//#region src/markdown/tables.ts
+const MARKDOWN_STYLE_MARKERS = {
+	bold: {
+		open: "**",
+		close: "**"
+	},
+	italic: {
+		open: "_",
+		close: "_"
+	},
+	strikethrough: {
+		open: "~~",
+		close: "~~"
+	},
+	code: {
+		open: "`",
+		close: "`"
+	},
+	code_block: {
+		open: "```\n",
+		close: "```"
+	}
+};
+function convertMarkdownTables(markdown, mode) {
+	if (!markdown || mode === "off") return markdown;
+	const { ir, hasTables } = markdownToIRWithMeta(markdown, {
+		linkify: false,
+		autolink: false,
+		headingStyle: "none",
+		blockquotePrefix: "",
+		tableMode: mode
+	});
+	if (!hasTables) return markdown;
+	return renderMarkdownWithMarkers(ir, {
+		styleMarkers: MARKDOWN_STYLE_MARKERS,
+		escapeText: (text) => text,
+		buildLink: (link, text) => {
+			const href = link.href.trim();
+			if (!href) return null;
+			if (!text.slice(link.start, link.end)) return null;
+			return {
+				start: link.start,
+				end: link.end,
+				open: "[",
+				close: `](${href})`
+			};
+		}
+	});
+}
+//#endregion
+export { convertMarkdownTables as t };

package/dist/plugin-sdk/target-errors-0DW3k-Ae.js ADDED Viewed

@@ -0,0 +1,195 @@
+import { c as detectMime } from "./image-ops-BpYDXC6N.js";
+import { r as sanitizeToolResultImages } from "./tool-images-B1I6LEp7.js";
+import fs from "node:fs/promises";
+//#region src/agents/tools/common.ts
+var ToolInputError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.status = 400;
+		this.name = "ToolInputError";
+	}
+};
+var ToolAuthorizationError = class extends ToolInputError {
+	constructor(message) {
+		super(message);
+		this.status = 403;
+		this.name = "ToolAuthorizationError";
+	}
+};
+function createActionGate(actions) {
+	return (key, defaultValue = true) => {
+		const value = actions?.[key];
+		if (value === void 0) return defaultValue;
+		return value !== false;
+	};
+}
+function toSnakeCaseKey(key) {
+	return key.replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").replace(/([a-z0-9])([A-Z])/g, "$1_$2").toLowerCase();
+}
+function readParamRaw(params, key) {
+	if (Object.hasOwn(params, key)) return params[key];
+	const snakeKey = toSnakeCaseKey(key);
+	if (snakeKey !== key && Object.hasOwn(params, snakeKey)) return params[snakeKey];
+}
+function readStringParam(params, key, options = {}) {
+	const { required = false, trim = true, label = key, allowEmpty = false } = options;
+	const raw = readParamRaw(params, key);
+	if (typeof raw !== "string") {
+		if (required) throw new ToolInputError(`${label} required`);
+		return;
+	}
+	const value = trim ? raw.trim() : raw;
+	if (!value && !allowEmpty) {
+		if (required) throw new ToolInputError(`${label} required`);
+		return;
+	}
+	return value;
+}
+function readStringOrNumberParam(params, key, options = {}) {
+	const { required = false, label = key } = options;
+	const raw = readParamRaw(params, key);
+	if (typeof raw === "number" && Number.isFinite(raw)) return String(raw);
+	if (typeof raw === "string") {
+		const value = raw.trim();
+		if (value) return value;
+	}
+	if (required) throw new ToolInputError(`${label} required`);
+}
+function readNumberParam(params, key, options = {}) {
+	const { required = false, label = key, integer = false, strict = false } = options;
+	const raw = readParamRaw(params, key);
+	let value;
+	if (typeof raw === "number" && Number.isFinite(raw)) value = raw;
+	else if (typeof raw === "string") {
+		const trimmed = raw.trim();
+		if (trimmed) {
+			const parsed = strict ? Number(trimmed) : Number.parseFloat(trimmed);
+			if (Number.isFinite(parsed)) value = parsed;
+		}
+	}
+	if (value === void 0) {
+		if (required) throw new ToolInputError(`${label} required`);
+		return;
+	}
+	return integer ? Math.trunc(value) : value;
+}
+function readStringArrayParam(params, key, options = {}) {
+	const { required = false, label = key } = options;
+	const raw = readParamRaw(params, key);
+	if (Array.isArray(raw)) {
+		const values = raw.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean);
+		if (values.length === 0) {
+			if (required) throw new ToolInputError(`${label} required`);
+			return;
+		}
+		return values;
+	}
+	if (typeof raw === "string") {
+		const value = raw.trim();
+		if (!value) {
+			if (required) throw new ToolInputError(`${label} required`);
+			return;
+		}
+		return [value];
+	}
+	if (required) throw new ToolInputError(`${label} required`);
+}
+function readReactionParams(params, options) {
+	const emojiKey = options.emojiKey ?? "emoji";
+	const removeKey = options.removeKey ?? "remove";
+	const remove = typeof params[removeKey] === "boolean" ? params[removeKey] : false;
+	const emoji = readStringParam(params, emojiKey, {
+		required: true,
+		allowEmpty: true
+	});
+	if (remove && !emoji) throw new ToolInputError(options.removeErrorMessage);
+	return {
+		emoji,
+		remove,
+		isEmpty: !emoji
+	};
+}
+function jsonResult(payload) {
+	return {
+		content: [{
+			type: "text",
+			text: JSON.stringify(payload, null, 2)
+		}],
+		details: payload
+	};
+}
+async function imageResult(params) {
+	return await sanitizeToolResultImages({
+		content: [{
+			type: "text",
+			text: params.extraText ?? `MEDIA:${params.path}`
+		}, {
+			type: "image",
+			data: params.base64,
+			mimeType: params.mimeType
+		}],
+		details: {
+			path: params.path,
+			...params.details
+		}
+	}, params.label, params.imageSanitization);
+}
+async function imageResultFromFile(params) {
+	const buf = await fs.readFile(params.path);
+	const mimeType = await detectMime({ buffer: buf.slice(0, 256) }) ?? "image/png";
+	return await imageResult({
+		label: params.label,
+		path: params.path,
+		base64: buf.toString("base64"),
+		mimeType,
+		extraText: params.extraText,
+		details: params.details,
+		imageSanitization: params.imageSanitization
+	});
+}
+/**
+* Validate and parse an `availableTags` parameter from untrusted input.
+* Returns `undefined` when the value is missing or not an array.
+* Entries that lack a string `name` are silently dropped.
+*/
+function parseAvailableTags(raw) {
+	if (raw === void 0 || raw === null) return;
+	if (!Array.isArray(raw)) return;
+	const result = raw.filter((t) => typeof t === "object" && t !== null && typeof t.name === "string").map((t) => ({
+		...t.id !== void 0 && typeof t.id === "string" ? { id: t.id } : {},
+		name: t.name,
+		...typeof t.moderated === "boolean" ? { moderated: t.moderated } : {},
+		...t.emoji_id === null || typeof t.emoji_id === "string" ? { emoji_id: t.emoji_id } : {},
+		...t.emoji_name === null || typeof t.emoji_name === "string" ? { emoji_name: t.emoji_name } : {}
+	}));
+	return result.length ? result : void 0;
+}
+//#endregion
+//#region src/infra/outbound/target-errors.ts
+function missingTargetMessage(provider, hint) {
+	return `Delivering to ${provider} requires target${formatTargetHint(hint)}`;
+}
+function missingTargetError(provider, hint) {
+	return new Error(missingTargetMessage(provider, hint));
+}
+function ambiguousTargetMessage(provider, raw, hint) {
+	return `Ambiguous target "${raw}" for ${provider}. Provide a unique name or an explicit id.${formatTargetHint(hint, true)}`;
+}
+function ambiguousTargetError(provider, raw, hint) {
+	return new Error(ambiguousTargetMessage(provider, raw, hint));
+}
+function unknownTargetMessage(provider, raw, hint) {
+	return `Unknown target "${raw}" for ${provider}.${formatTargetHint(hint, true)}`;
+}
+function unknownTargetError(provider, raw, hint) {
+	return new Error(unknownTargetMessage(provider, raw, hint));
+}
+function formatTargetHint(hint, withLabel = false) {
+	if (!hint) return "";
+	return withLabel ? ` Hint: ${hint}` : ` ${hint}`;
+}
+//#endregion
+export { ToolInputError as a, imageResultFromFile as c, readNumberParam as d, readReactionParams as f, readStringParam as h, ToolAuthorizationError as i, jsonResult as l, readStringOrNumberParam as m, missingTargetError as n, createActionGate as o, readStringArrayParam as p, unknownTargetError as r, imageResult as s, ambiguousTargetError as t, parseAvailableTags as u };