npm - @iaforged/context-code - Versions diffs - 1.0.72 → 1.0.74 - Mend

@iaforged/context-code 1.0.72 → 1.0.74

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2050) hide show

package/context-bootstrap.js +7 -8
package/dist/src/QueryEngine.js +928 -0
package/dist/src/Task.js +49 -0
package/dist/src/Tool.js +56 -0
package/dist/src/assistant/AssistantSessionChooser.js +16 -0
package/dist/src/assistant/index.js +16 -0
package/dist/src/assistant/sessionDiscovery.js +16 -0
package/dist/src/assistant/sessionHistory.js +47 -0
package/dist/src/bootstrap/state.js +1165 -0
package/dist/src/bridge/bridgeApi.js +304 -0
package/dist/src/bridge/bridgeConfig.js +39 -0
package/dist/src/bridge/bridgeDebug.js +73 -0
package/dist/src/bridge/bridgeEnabled.js +187 -0
package/dist/src/bridge/bridgeMain.js +2289 -0
package/dist/src/bridge/bridgeMessaging.js +353 -0
package/dist/src/bridge/bridgePermissionCallbacks.js +10 -0
package/dist/src/bridge/bridgePointer.js +175 -0
package/dist/src/bridge/bridgeStatusUtil.js +105 -0
package/dist/src/bridge/bridgeUI.js +412 -0
package/dist/src/bridge/capacityWake.js +35 -0
package/dist/src/bridge/codeSessionApi.js +111 -0
package/dist/src/bridge/createSession.js +273 -0
package/dist/src/bridge/debugUtils.js +115 -0
package/dist/src/bridge/envLessBridgeConfig.js +121 -0
package/dist/src/bridge/flushGate.js +65 -0
package/dist/src/bridge/inboundAttachments.js +152 -0
package/dist/src/bridge/inboundMessages.js +63 -0
package/dist/src/bridge/initReplBridge.js +428 -0
package/dist/src/bridge/jwtUtils.js +185 -0
package/dist/src/bridge/pollConfig.js +85 -0
package/dist/src/bridge/pollConfigDefaults.js +62 -0
package/dist/src/bridge/remoteBridgeCore.js +712 -0
package/dist/src/bridge/replBridge.js +1720 -0
package/dist/src/bridge/replBridgeHandle.js +30 -0
package/dist/src/bridge/replBridgeTransport.js +236 -0
package/dist/src/bridge/sessionIdCompat.js +56 -0
package/dist/src/bridge/sessionRunner.js +421 -0
package/dist/src/bridge/trustedDevice.js +172 -0
package/dist/src/bridge/types.js +9 -0
package/dist/src/bridge/workSecret.js +99 -0
package/dist/src/buddy/CompanionSprite.js +349 -0
package/dist/src/buddy/companion.js +107 -0
package/dist/src/buddy/prompt.js +33 -0
package/dist/src/buddy/sprites.js +488 -0
package/dist/src/buddy/types.js +90 -0
package/dist/src/buddy/useBuddyNotification.js +90 -0
package/dist/src/cli/bg.js +16 -0
package/dist/src/cli/exit.js +30 -0
package/dist/src/cli/handlers/agents.js +55 -0
package/dist/src/cli/handlers/ant.js +16 -0
package/dist/src/cli/handlers/auth.js +315 -0
package/dist/src/cli/handlers/autoMode.js +128 -0
package/dist/src/cli/handlers/mcp.js +334 -0
package/dist/src/cli/handlers/plugins.js +634 -0
package/dist/src/cli/handlers/projects_bridge.js +40 -0
package/dist/src/cli/handlers/provider.js +42 -0
package/dist/src/cli/handlers/templateJobs.js +16 -0
package/dist/src/cli/handlers/util.js +76 -0
package/dist/src/cli/ndjsonSafeStringify.js +27 -0
package/dist/src/cli/print.js +4225 -0
package/dist/src/cli/remoteIO.js +208 -0
package/dist/src/cli/rollback.js +16 -0
package/dist/src/cli/structuredIO.js +644 -0
package/dist/src/cli/transports/HybridTransport.js +233 -0
package/dist/src/cli/transports/SSETransport.js +538 -0
package/dist/src/cli/transports/SerialBatchEventUploader.js +224 -0
package/dist/src/cli/transports/Transport.js +1 -0
package/dist/src/cli/transports/WebSocketTransport.js +613 -0
package/dist/src/cli/transports/WorkerStateUploader.js +88 -0
package/dist/src/cli/transports/ccrClient.js +711 -0
package/dist/src/cli/transports/transportUtils.js +39 -0
package/dist/src/cli/up.js +16 -0
package/dist/src/cli/update.js +315 -0
package/dist/src/commands/add-dir/add-dir.js +121 -0
package/dist/src/commands/add-dir/index.js +8 -0
package/dist/src/commands/add-dir/validation.js +76 -0
package/dist/src/commands/advisor.js +88 -0
package/dist/src/commands/agent/agent.js +283 -0
package/dist/src/commands/agent/agentStore.js +120 -0
package/dist/src/commands/agent/index.js +9 -0
package/dist/src/commands/agents/agents.js +9 -0
package/dist/src/commands/agents/index.js +7 -0
package/dist/src/commands/ant-trace/index.js +1 -0
package/dist/src/commands/assistant/assistant.js +16 -0
package/dist/src/commands/autofix-pr/index.js +1 -0
package/dist/src/commands/backfill-sessions/index.js +1 -0
package/dist/src/commands/branch/branch.js +205 -0
package/dist/src/commands/branch/index.js +11 -0
package/dist/src/commands/break-cache/index.js +1 -0
package/dist/src/commands/bridge/bridge.js +512 -0
package/dist/src/commands/bridge/index.js +22 -0
package/dist/src/commands/bridge-kick.js +179 -0
package/dist/src/commands/brief.js +94 -0
package/dist/src/commands/btw/btw.js +234 -0
package/dist/src/commands/btw/index.js +9 -0
package/dist/src/commands/bughunter/index.js +1 -0
package/dist/src/commands/chrome/chrome.js +291 -0
package/dist/src/commands/chrome/index.js +11 -0
package/dist/src/commands/clear/caches.js +116 -0
package/dist/src/commands/clear/clear.js +5 -0
package/dist/src/commands/clear/conversation.js +191 -0
package/dist/src/commands/clear/index.js +9 -0
package/dist/src/commands/color/color.js +58 -0
package/dist/src/commands/color/index.js +9 -0
package/dist/src/commands/commit-push-pr.js +137 -0
package/dist/src/commands/commit.js +80 -0
package/dist/src/commands/compact/compact.js +196 -0
package/dist/src/commands/compact/index.js +11 -0
package/dist/src/commands/config/config.js +5 -0
package/dist/src/commands/config/index.js +8 -0
package/dist/src/commands/context/context-noninteractive.js +221 -0
package/dist/src/commands/context/context.js +46 -0
package/dist/src/commands/context/index.js +21 -0
package/dist/src/commands/copy/copy.js +366 -0
package/dist/src/commands/copy/index.js +7 -0
package/dist/src/commands/cost/cost.js +21 -0
package/dist/src/commands/cost/index.js +16 -0
package/dist/src/commands/createMovedToPluginCommand.js +33 -0
package/dist/src/commands/ctx_viz/index.js +1 -0
package/dist/src/commands/debug-tool-call/index.js +1 -0
package/dist/src/commands/desktop/desktop.js +5 -0
package/dist/src/commands/desktop/index.js +22 -0
package/dist/src/commands/diff/diff.js +5 -0
package/dist/src/commands/diff/index.js +6 -0
package/dist/src/commands/doctor/doctor.js +5 -0
package/dist/src/commands/doctor/index.js +9 -0
package/dist/src/commands/effort/effort.js +166 -0
package/dist/src/commands/effort/index.js +11 -0
package/dist/src/commands/env/index.js +1 -0
package/dist/src/commands/exit/exit.js +31 -0
package/dist/src/commands/exit/index.js +9 -0
package/dist/src/commands/export/export.js +86 -0
package/dist/src/commands/export/index.js +8 -0
package/dist/src/commands/extra-usage/extra-usage-core.js +99 -0
package/dist/src/commands/extra-usage/extra-usage-noninteractive.js +13 -0
package/dist/src/commands/extra-usage/extra-usage.js +14 -0
package/dist/src/commands/extra-usage/index.js +27 -0
package/dist/src/commands/fast/fast.js +275 -0
package/dist/src/commands/fast/index.js +20 -0
package/dist/src/commands/feedback/feedback.js +10 -0
package/dist/src/commands/feedback/index.js +21 -0
package/dist/src/commands/files/files.js +11 -0
package/dist/src/commands/files/index.js +9 -0
package/dist/src/commands/good-claude/index.js +1 -0
package/dist/src/commands/heapdump/heapdump.js +14 -0
package/dist/src/commands/heapdump/index.js +9 -0
package/dist/src/commands/help/help.js +5 -0
package/dist/src/commands/help/index.js +7 -0
package/dist/src/commands/hooks/hooks.js +11 -0
package/dist/src/commands/hooks/index.js +8 -0
package/dist/src/commands/ide/ide.js +615 -0
package/dist/src/commands/ide/index.js +8 -0
package/dist/src/commands/init-verifiers.js +258 -0
package/dist/src/commands/init.js +249 -0
package/dist/src/commands/insights.js +2555 -0
package/dist/src/commands/install-github-app/ApiKeyStep.js +230 -0
package/dist/src/commands/install-github-app/CheckExistingSecretStep.js +194 -0
package/dist/src/commands/install-github-app/CheckGitHubStep.js +15 -0
package/dist/src/commands/install-github-app/ChooseRepoStep.js +211 -0
package/dist/src/commands/install-github-app/CreatingStep.js +52 -0
package/dist/src/commands/install-github-app/ErrorStep.js +83 -0
package/dist/src/commands/install-github-app/ExistingWorkflowStep.js +104 -0
package/dist/src/commands/install-github-app/InstallAppStep.js +96 -0
package/dist/src/commands/install-github-app/OAuthFlowStep.js +190 -0
package/dist/src/commands/install-github-app/SuccessStep.js +93 -0
package/dist/src/commands/install-github-app/WarningsStep.js +70 -0
package/dist/src/commands/install-github-app/index.js +10 -0
package/dist/src/commands/install-github-app/install-github-app.js +593 -0
package/dist/src/commands/install-github-app/setupGitHubActions.js +227 -0
package/dist/src/commands/install-slack-app/index.js +9 -0
package/dist/src/commands/install-slack-app/install-slack-app.js +25 -0
package/dist/src/commands/install.js +118 -0
package/dist/src/commands/issue/index.js +1 -0
package/dist/src/commands/keybindings/index.js +10 -0
package/dist/src/commands/keybindings/keybindings.js +47 -0
package/dist/src/commands/limites/index.js +8 -0
package/dist/src/commands/limites/limites.js +214 -0
package/dist/src/commands/login/index.js +11 -0
package/dist/src/commands/login/login.js +120 -0
package/dist/src/commands/login-openai/index.js +7 -0
package/dist/src/commands/login-openai/login-openai.js +54 -0
package/dist/src/commands/logout/index.js +8 -0
package/dist/src/commands/logout/logout.js +72 -0
package/dist/src/commands/mcp/addCommand.js +183 -0
package/dist/src/commands/mcp/index.js +9 -0
package/dist/src/commands/mcp/mcp.js +78 -0
package/dist/src/commands/mcp/xaaIdpCommand.js +193 -0
package/dist/src/commands/memory/index.js +7 -0
package/dist/src/commands/memory/memory.js +71 -0
package/dist/src/commands/mobile/index.js +9 -0
package/dist/src/commands/mobile/mobile.js +278 -0
package/dist/src/commands/mock-limits/index.js +1 -0
package/dist/src/commands/model/index.js +14 -0
package/dist/src/commands/model/model.js +297 -0
package/dist/src/commands/oauth-refresh/index.js +1 -0
package/dist/src/commands/onboarding/index.js +1 -0
package/dist/src/commands/orchestrate/index.js +8 -0
package/dist/src/commands/orchestrate/orchestrate.js +542 -0
package/dist/src/commands/output-style/index.js +8 -0
package/dist/src/commands/output-style/output-style.js +6 -0
package/dist/src/commands/passes/index.js +17 -0
package/dist/src/commands/passes/passes.js +22 -0
package/dist/src/commands/perf-issue/index.js +1 -0
package/dist/src/commands/permissions/index.js +8 -0
package/dist/src/commands/permissions/permissions.js +8 -0
package/dist/src/commands/plan/index.js +8 -0
package/dist/src/commands/plan/plan.js +115 -0
package/dist/src/commands/plugin/AddMarketplace.js +95 -0
package/dist/src/commands/plugin/BrowseMarketplace.js +576 -0
package/dist/src/commands/plugin/DiscoverPlugins.js +613 -0
package/dist/src/commands/plugin/ManageMarketplaces.js +582 -0
package/dist/src/commands/plugin/ManagePlugins.js +1783 -0
package/dist/src/commands/plugin/PluginErrors.js +124 -0
package/dist/src/commands/plugin/PluginOptionsDialog.js +367 -0
package/dist/src/commands/plugin/PluginOptionsFlow.js +97 -0
package/dist/src/commands/plugin/PluginSettings.js +1042 -0
package/dist/src/commands/plugin/PluginTrustWarning.js +34 -0
package/dist/src/commands/plugin/UnifiedInstalledCell.js +615 -0
package/dist/src/commands/plugin/ValidatePlugin.js +95 -0
package/dist/src/commands/plugin/index.js +10 -0
package/dist/src/commands/plugin/parseArgs.js +71 -0
package/dist/src/commands/plugin/plugin.js +5 -0
package/dist/src/commands/plugin/pluginDetailsHelpers.js +89 -0
package/dist/src/commands/plugin/usePagination.js +89 -0
package/dist/src/commands/policy/index.js +9 -0
package/dist/src/commands/policy/policy.js +84 -0
package/dist/src/commands/pr_comments/index.js +49 -0
package/dist/src/commands/privacy-settings/index.js +11 -0
package/dist/src/commands/privacy-settings/privacy-settings.js +54 -0
package/dist/src/commands/profile/index.js +9 -0
package/dist/src/commands/profile/profile.js +482 -0
package/dist/src/commands/provider/index.js +8 -0
package/dist/src/commands/provider/provider.js +457 -0
package/dist/src/commands/rate-limit-options/index.js +15 -0
package/dist/src/commands/rate-limit-options/rate-limit-options.js +213 -0
package/dist/src/commands/release-notes/index.js +9 -0
package/dist/src/commands/release-notes/release-notes.js +38 -0
package/dist/src/commands/reload-plugins/index.js +11 -0
package/dist/src/commands/reload-plugins/reload-plugins.js +52 -0
package/dist/src/commands/remote-env/index.js +12 -0
package/dist/src/commands/remote-env/remote-env.js +5 -0
package/dist/src/commands/remote-setup/api.js +155 -0
package/dist/src/commands/remote-setup/index.js +15 -0
package/dist/src/commands/remote-setup/remote-setup.js +149 -0
package/dist/src/commands/rename/generateSessionName.js +58 -0
package/dist/src/commands/rename/index.js +9 -0
package/dist/src/commands/rename/rename.js +52 -0
package/dist/src/commands/reset-limits/index.js +4 -0
package/dist/src/commands/resume/index.js +9 -0
package/dist/src/commands/resume/resume.js +239 -0
package/dist/src/commands/review/UltrareviewOverageDialog.js +97 -0
package/dist/src/commands/review/reviewRemote.js +259 -0
package/dist/src/commands/review/ultrareviewCommand.js +57 -0
package/dist/src/commands/review/ultrareviewEnabled.js +10 -0
package/dist/src/commands/review.js +50 -0
package/dist/src/commands/rewind/index.js +10 -0
package/dist/src/commands/rewind/rewind.js +7 -0
package/dist/src/commands/run/index.js +9 -0
package/dist/src/commands/run/run.js +1126 -0
package/dist/src/commands/sandbox-toggle/index.js +41 -0
package/dist/src/commands/sandbox-toggle/sandbox-toggle.js +72 -0
package/dist/src/commands/security-review.js +231 -0
package/dist/src/commands/session/index.js +13 -0
package/dist/src/commands/session/session.js +142 -0
package/dist/src/commands/share/index.js +1 -0
package/dist/src/commands/skills/index.js +8 -0
package/dist/src/commands/skills/skills.js +97 -0
package/dist/src/commands/stats/index.js +7 -0
package/dist/src/commands/stats/stats.js +5 -0
package/dist/src/commands/status/index.js +8 -0
package/dist/src/commands/status/status.js +5 -0
package/dist/src/commands/statusline.js +22 -0
package/dist/src/commands/stickers/index.js +9 -0
package/dist/src/commands/stickers/stickers.js +14 -0
package/dist/src/commands/summary/index.js +1 -0
package/dist/src/commands/tag/index.js +9 -0
package/dist/src/commands/tag/tag.js +215 -0
package/dist/src/commands/tasks/index.js +8 -0
package/dist/src/commands/tasks/tasks.js +5 -0
package/dist/src/commands/team/index.js +9 -0
package/dist/src/commands/team/team.js +582 -0
package/dist/src/commands/team-auto/index.js +9 -0
package/dist/src/commands/team-auto/teamAuto.js +340 -0
package/dist/src/commands/telegram/index.js +9 -0
package/dist/src/commands/telegram/telegram.js +118 -0
package/dist/src/commands/teleport/index.js +1 -0
package/dist/src/commands/terminalSetup/index.js +18 -0
package/dist/src/commands/terminalSetup/terminalSetup.js +491 -0
package/dist/src/commands/theme/index.js +7 -0
package/dist/src/commands/theme/theme.js +50 -0
package/dist/src/commands/thinkback/index.js +9 -0
package/dist/src/commands/thinkback/thinkback.js +527 -0
package/dist/src/commands/thinkback-play/index.js +13 -0
package/dist/src/commands/thinkback-play/thinkback-play.js +34 -0
package/dist/src/commands/ultraplan.js +418 -0
package/dist/src/commands/upgrade/index.js +12 -0
package/dist/src/commands/upgrade/upgrade.js +37 -0
package/dist/src/commands/version.js +18 -0
package/dist/src/commands/vim/index.js +8 -0
package/dist/src/commands/vim/vim.js +25 -0
package/dist/src/commands/voice/index.js +14 -0
package/dist/src/commands/voice/voice.js +130 -0
package/dist/src/commands/whatsapp/index.js +9 -0
package/dist/src/commands/whatsapp/whatsapp.js +326 -0
package/dist/src/commands/workspace/index.js +9 -0
package/dist/src/commands/workspace/workspace.js +701 -0
package/dist/src/commands.js +635 -0
package/dist/src/components/AgentProgressLine.js +111 -0
package/dist/src/components/App.js +45 -0
package/dist/src/components/ApproveApiKey.js +124 -0
package/dist/src/components/AutoModeOptInDialog.js +140 -0
package/dist/src/components/AutoUpdater.js +157 -0
package/dist/src/components/AutoUpdaterWrapper.js +78 -0
package/dist/src/components/AwsAuthStatusBox.js +88 -0
package/dist/src/components/BaseTextInput.js +105 -0
package/dist/src/components/BashModeProgress.js +48 -0
package/dist/src/components/BridgeDialog.js +414 -0
package/dist/src/components/BypassPermissionsModeDialog.js +87 -0
package/dist/src/components/ChannelDowngradeDialog.js +100 -0
package/dist/src/components/ClaudeCodeHint/PluginHintMenu.js +37 -0
package/dist/src/components/ClaudeInChromeOnboarding.js +126 -0
package/dist/src/components/ClaudeMdExternalIncludesDialog.js +137 -0
package/dist/src/components/ClickableImageRef.js +64 -0
package/dist/src/components/CompactSummary.js +119 -0
package/dist/src/components/ConfigurableShortcutHint.js +34 -0
package/dist/src/components/ConsoleOAuthFlow.js +758 -0
package/dist/src/components/ContextSuggestions.js +43 -0
package/dist/src/components/ContextVisualization.js +483 -0
package/dist/src/components/CoordinatorAgentStatus.js +261 -0
package/dist/src/components/CostThresholdDialog.js +48 -0
package/dist/src/components/CtrlOToExpand.js +50 -0
package/dist/src/components/CustomSelect/SelectMulti.js +149 -0
package/dist/src/components/CustomSelect/index.js +2 -0
package/dist/src/components/CustomSelect/option-map.js +32 -0
package/dist/src/components/CustomSelect/select-input-option.js +426 -0
package/dist/src/components/CustomSelect/select-option.js +23 -0
package/dist/src/components/CustomSelect/select.js +518 -0
package/dist/src/components/CustomSelect/use-multi-select-state.js +214 -0
package/dist/src/components/CustomSelect/use-select-input.js +170 -0
package/dist/src/components/CustomSelect/use-select-navigation.js +366 -0
package/dist/src/components/CustomSelect/use-select-state.js +22 -0
package/dist/src/components/DesktopHandoff.js +195 -0
package/dist/src/components/DesktopUpsell/DesktopUpsellStartup.js +173 -0
package/dist/src/components/DevBar.js +50 -0
package/dist/src/components/DevChannelsDialog.js +103 -0
package/dist/src/components/DiagnosticsDisplay.js +91 -0
package/dist/src/components/EffortCallout.js +264 -0
package/dist/src/components/EffortIndicator.js +29 -0
package/dist/src/components/ExitFlow.js +40 -0
package/dist/src/components/ExportDialog.js +101 -0
package/dist/src/components/FallbackToolUseErrorMessage.js +115 -0
package/dist/src/components/FallbackToolUseRejectedMessage.js +16 -0
package/dist/src/components/FastIcon.js +42 -0
package/dist/src/components/Feedback.js +439 -0
package/dist/src/components/FeedbackSurvey/FeedbackSurvey.js +150 -0
package/dist/src/components/FeedbackSurvey/FeedbackSurveyView.js +103 -0
package/dist/src/components/FeedbackSurvey/TranscriptSharePrompt.js +83 -0
package/dist/src/components/FeedbackSurvey/submitTranscriptShare.js +81 -0
package/dist/src/components/FeedbackSurvey/useDebouncedDigitInput.js +51 -0
package/dist/src/components/FeedbackSurvey/useFeedbackSurvey.js +258 -0
package/dist/src/components/FeedbackSurvey/useMemorySurvey.js +191 -0
package/dist/src/components/FeedbackSurvey/usePostCompactSurvey.js +202 -0
package/dist/src/components/FeedbackSurvey/useSurveyState.js +80 -0
package/dist/src/components/FileEditToolDiff.js +166 -0
package/dist/src/components/FileEditToolUpdatedMessage.js +111 -0
package/dist/src/components/FileEditToolUseRejectedMessage.js +157 -0
package/dist/src/components/FilePathLink.js +34 -0
package/dist/src/components/FullscreenLayout.js +578 -0
package/dist/src/components/GlobalSearchDialog.js +339 -0
package/dist/src/components/HelpV2/Commands.js +65 -0
package/dist/src/components/HelpV2/General.js +24 -0
package/dist/src/components/HelpV2/HelpV2.js +186 -0
package/dist/src/components/HighlightedCode/Fallback.js +193 -0
package/dist/src/components/HighlightedCode.js +184 -0
package/dist/src/components/HistorySearchDialog.js +92 -0
package/dist/src/components/IdeAutoConnectDialog.js +153 -0
package/dist/src/components/IdeOnboardingDialog.js +174 -0
package/dist/src/components/IdeStatusIndicator.js +49 -0
package/dist/src/components/IdleReturnDialog.js +116 -0
package/dist/src/components/InterruptedByUser.js +15 -0
package/dist/src/components/InvalidConfigDialog.js +134 -0
package/dist/src/components/InvalidSettingsDialog.js +84 -0
package/dist/src/components/KeybindingWarnings.js +54 -0
package/dist/src/components/LanguagePicker.js +84 -0
package/dist/src/components/LogSelector.js +1579 -0
package/dist/src/components/LogoV2/AnimatedAsterisk.js +42 -0
package/dist/src/components/LogoV2/AnimatedClawd.js +111 -0
package/dist/src/components/LogoV2/ChannelsNotice.js +258 -0
package/dist/src/components/LogoV2/Clawd.js +12 -0
package/dist/src/components/LogoV2/CondensedLogo.js +144 -0
package/dist/src/components/LogoV2/EmergencyTip.js +47 -0
package/dist/src/components/LogoV2/Feed.js +84 -0
package/dist/src/components/LogoV2/FeedColumn.js +55 -0
package/dist/src/components/LogoV2/GuestPassesUpsell.js +71 -0
package/dist/src/components/LogoV2/LogoV2.js +564 -0
package/dist/src/components/LogoV2/Opus1mMergeNotice.js +56 -0
package/dist/src/components/LogoV2/OverageCreditUpsell.js +160 -0
package/dist/src/components/LogoV2/VoiceModeNotice.js +70 -0
package/dist/src/components/LogoV2/WelcomeV2.js +8 -0
package/dist/src/components/LogoV2/feedConfigs.js +78 -0
package/dist/src/components/LspRecommendation/LspRecommendationMenu.js +46 -0
package/dist/src/components/MCPServerApprovalDialog.js +113 -0
package/dist/src/components/MCPServerDesktopImportDialog.js +206 -0
package/dist/src/components/MCPServerDialogCopy.js +15 -0
package/dist/src/components/MCPServerMultiselectDialog.js +133 -0
package/dist/src/components/ManagedSettingsSecurityDialog/ManagedSettingsSecurityDialog.js +149 -0
package/dist/src/components/ManagedSettingsSecurityDialog/utils.js +105 -0
package/dist/src/components/Markdown.js +217 -0
package/dist/src/components/MarkdownTable.js +279 -0
package/dist/src/components/MemoryUsageIndicator.js +27 -0
package/dist/src/components/Message.js +566 -0
package/dist/src/components/MessageModel.js +36 -0
package/dist/src/components/MessageResponse.js +73 -0
package/dist/src/components/MessageRow.js +346 -0
package/dist/src/components/MessageSelector.js +743 -0
package/dist/src/components/MessageTimestamp.js +57 -0
package/dist/src/components/Messages.js +637 -0
package/dist/src/components/ModelPicker.js +493 -0
package/dist/src/components/NativeAutoUpdater.js +153 -0
package/dist/src/components/NotebookEditToolUseRejectedMessage.js +83 -0
package/dist/src/components/OffscreenFreeze.js +35 -0
package/dist/src/components/Onboarding.js +174 -0
package/dist/src/components/OutputStylePicker.js +102 -0
package/dist/src/components/PackageManagerAutoUpdater.js +100 -0
package/dist/src/components/Passes/Passes.js +113 -0
package/dist/src/components/PrBadge.js +90 -0
package/dist/src/components/PressEnterToContinue.js +15 -0
package/dist/src/components/PromptInput/HistorySearchInput.js +44 -0
package/dist/src/components/PromptInput/IssueFlagBanner.js +8 -0
package/dist/src/components/PromptInput/Notifications.js +221 -0
package/dist/src/components/PromptInput/PromptInput.js +1998 -0
package/dist/src/components/PromptInput/PromptInputFooter.js +84 -0
package/dist/src/components/PromptInput/PromptInputFooterLeftSide.js +409 -0
package/dist/src/components/PromptInput/PromptInputFooterSuggestions.js +280 -0
package/dist/src/components/PromptInput/PromptInputHelpMenu.js +379 -0
package/dist/src/components/PromptInput/PromptInputModeIndicator.js +72 -0
package/dist/src/components/PromptInput/PromptInputQueuedCommands.js +105 -0
package/dist/src/components/PromptInput/PromptInputStashNotice.js +20 -0
package/dist/src/components/PromptInput/SandboxPromptFooterHint.js +65 -0
package/dist/src/components/PromptInput/ShimmeredInput.js +132 -0
package/dist/src/components/PromptInput/VoiceIndicator.js +136 -0
package/dist/src/components/PromptInput/inputModes.js +24 -0
package/dist/src/components/PromptInput/inputPaste.js +62 -0
package/dist/src/components/PromptInput/useMaybeTruncateInput.js +33 -0
package/dist/src/components/PromptInput/usePromptInputPlaceholder.js +55 -0
package/dist/src/components/PromptInput/useShowFastIconHint.js +23 -0
package/dist/src/components/PromptInput/useSwarmBanner.js +112 -0
package/dist/src/components/PromptInput/utils.js +50 -0
package/dist/src/components/QuickOpenDialog.js +243 -0
package/dist/src/components/RemoteCallout.js +53 -0
package/dist/src/components/RemoteEnvironmentDialog.js +345 -0
package/dist/src/components/ResumeTask.js +173 -0
package/dist/src/components/SandboxViolationExpandedView.js +102 -0
package/dist/src/components/ScrollKeybindingHandler.js +982 -0
package/dist/src/components/SearchBox.js +55 -0
package/dist/src/components/SentryErrorBoundary.js +16 -0
package/dist/src/components/SessionBackgroundHint.js +104 -0
package/dist/src/components/SessionPreview.js +200 -0
package/dist/src/components/Settings/Config.js +1628 -0
package/dist/src/components/Settings/Settings.js +129 -0
package/dist/src/components/Settings/Status.js +239 -0
package/dist/src/components/Settings/Usage.js +341 -0
package/dist/src/components/ShowInIDEPrompt.js +151 -0
package/dist/src/components/SkillImprovementSurvey.js +130 -0
package/dist/src/components/Spinner/FlashingChar.js +51 -0
package/dist/src/components/Spinner/GlimmerMessage.js +328 -0
package/dist/src/components/Spinner/ShimmerChar.js +22 -0
package/dist/src/components/Spinner/SpinnerAnimationRow.js +169 -0
package/dist/src/components/Spinner/SpinnerGlyph.js +69 -0
package/dist/src/components/Spinner/TeammateSpinnerLine.js +170 -0
package/dist/src/components/Spinner/TeammateSpinnerTree.js +268 -0
package/dist/src/components/Spinner/index.js +11 -0
package/dist/src/components/Spinner/teammateSelectHint.js +1 -0
package/dist/src/components/Spinner/useShimmerAnimation.js +22 -0
package/dist/src/components/Spinner/useStalledAnimation.js +63 -0
package/dist/src/components/Spinner/utils.js +77 -0
package/dist/src/components/Spinner.js +470 -0
package/dist/src/components/Stats.js +1000 -0
package/dist/src/components/StatusLine.js +288 -0
package/dist/src/components/StatusNotices.js +50 -0
package/dist/src/components/StructuredDiff/Fallback.js +335 -0
package/dist/src/components/StructuredDiff/colorDiff.js +26 -0
package/dist/src/components/StructuredDiff.js +152 -0
package/dist/src/components/StructuredDiffList.js +8 -0
package/dist/src/components/TagTabs.js +100 -0
package/dist/src/components/TaskListV2.js +333 -0
package/dist/src/components/TeammateViewHeader.js +87 -0
package/dist/src/components/TeleportError.js +191 -0
package/dist/src/components/TeleportProgress.js +130 -0
package/dist/src/components/TeleportRepoMismatchDialog.js +98 -0
package/dist/src/components/TeleportResumeWrapper.js +158 -0
package/dist/src/components/TeleportStash.js +82 -0
package/dist/src/components/TextInput.js +108 -0
package/dist/src/components/ThemePicker.js +330 -0
package/dist/src/components/ThinkingToggle.js +153 -0
package/dist/src/components/TokenWarning.js +172 -0
package/dist/src/components/ToolUseLoader.js +34 -0
package/dist/src/components/TrustDialog/TrustDialog.js +113 -0
package/dist/src/components/TrustDialog/utils.js +199 -0
package/dist/src/components/ValidationErrorsList.js +146 -0
package/dist/src/components/VimTextInput.js +136 -0
package/dist/src/components/VirtualMessageList.js +892 -0
package/dist/src/components/WorkflowMultiselectDialog.js +118 -0
package/dist/src/components/WorktreeExitDialog.js +222 -0
package/dist/src/components/agents/AgentDetail.js +226 -0
package/dist/src/components/agents/AgentEditor.js +146 -0
package/dist/src/components/agents/AgentNavigationFooter.js +21 -0
package/dist/src/components/agents/AgentsList.js +436 -0
package/dist/src/components/agents/AgentsMenu.js +848 -0
package/dist/src/components/agents/ColorPicker.js +110 -0
package/dist/src/components/agents/ModelSelector.js +62 -0
package/dist/src/components/agents/SnapshotUpdateDialog.js +16 -0
package/dist/src/components/agents/ToolSelector.js +557 -0
package/dist/src/components/agents/agentFileUtils.js +187 -0
package/dist/src/components/agents/generateAgent.js +161 -0
package/dist/src/components/agents/new-agent-creation/CreateAgentWizard.js +88 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/ColorStep.js +80 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/ConfirmStep.js +386 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/ConfirmStepWrapper.js +63 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/DescriptionStep.js +126 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/GenerateStep.js +118 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/LocationStep.js +92 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/MemoryStep.js +120 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/MethodStep.js +79 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/ModelStep.js +48 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/PromptStep.js +131 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/ToolsStep.js +51 -0
package/dist/src/components/agents/new-agent-creation/wizard-steps/TypeStep.js +100 -0
package/dist/src/components/agents/types.js +4 -0
package/dist/src/components/agents/utils.js +14 -0
package/dist/src/components/agents/validateAgent.js +79 -0
package/dist/src/components/design-system/Byline.js +72 -0
package/dist/src/components/design-system/Dialog.js +116 -0
package/dist/src/components/design-system/Divider.js +109 -0
package/dist/src/components/design-system/FuzzyPicker.js +187 -0
package/dist/src/components/design-system/KeyboardShortcutHint.js +67 -0
package/dist/src/components/design-system/ListItem.js +183 -0
package/dist/src/components/design-system/LoadingState.js +68 -0
package/dist/src/components/design-system/Pane.js +68 -0
package/dist/src/components/design-system/ProgressBar.js +62 -0
package/dist/src/components/design-system/Ratchet.js +71 -0
package/dist/src/components/design-system/StatusIcon.js +69 -0
package/dist/src/components/design-system/Tabs.js +269 -0
package/dist/src/components/design-system/ThemeProvider.js +137 -0
package/dist/src/components/design-system/ThemedBox.js +125 -0
package/dist/src/components/design-system/ThemedText.js +60 -0
package/dist/src/components/design-system/color.js +22 -0
package/dist/src/components/diff/DiffDetailView.js +284 -0
package/dist/src/components/diff/DiffDialog.js +387 -0
package/dist/src/components/diff/DiffFileList.js +291 -0
package/dist/src/components/grove/Grove.js +483 -0
package/dist/src/components/hooks/HooksConfigMenu.js +570 -0
package/dist/src/components/hooks/PromptDialog.js +81 -0
package/dist/src/components/hooks/SelectEventMode.js +117 -0
package/dist/src/components/hooks/SelectHookMode.js +93 -0
package/dist/src/components/hooks/SelectMatcherMode.js +124 -0
package/dist/src/components/hooks/ViewHookMode.js +197 -0
package/dist/src/components/mcp/CapabilitiesSection.js +55 -0
package/dist/src/components/mcp/ElicitationDialog.js +945 -0
package/dist/src/components/mcp/MCPAgentServerMenu.js +95 -0
package/dist/src/components/mcp/MCPListPanel.js +504 -0
package/dist/src/components/mcp/MCPReconnect.js +168 -0
package/dist/src/components/mcp/MCPRemoteServerMenu.js +460 -0
package/dist/src/components/mcp/MCPSettings.js +414 -0
package/dist/src/components/mcp/MCPStdioServerMenu.js +95 -0
package/dist/src/components/mcp/MCPToolDetailView.js +219 -0
package/dist/src/components/mcp/MCPToolListView.js +136 -0
package/dist/src/components/mcp/McpParsingWarnings.js +211 -0
package/dist/src/components/mcp/index.js +8 -0
package/dist/src/components/mcp/types.js +3 -0
package/dist/src/components/mcp/utils/reconnectHelpers.js +35 -0
package/dist/src/components/memory/MemoryFileSelector.js +455 -0
package/dist/src/components/memory/MemoryUpdateNotification.js +42 -0
package/dist/src/components/messageActions.js +418 -0
package/dist/src/components/messages/AdvisorMessage.js +151 -0
package/dist/src/components/messages/AssistantRedactedThinkingMessage.js +27 -0
package/dist/src/components/messages/AssistantTextMessage.js +274 -0
package/dist/src/components/messages/AssistantThinkingMessage.js +69 -0
package/dist/src/components/messages/AssistantToolUseMessage.js +323 -0
package/dist/src/components/messages/AttachmentMessage.js +418 -0
package/dist/src/components/messages/CollapsedReadSearchContent.js +362 -0
package/dist/src/components/messages/CompactBoundaryMessage.js +18 -0
package/dist/src/components/messages/GroupedToolUseContent.js +37 -0
package/dist/src/components/messages/HighlightedThinkingText.js +164 -0
package/dist/src/components/messages/HookProgressMessage.js +110 -0
package/dist/src/components/messages/PlanApprovalMessage.js +212 -0
package/dist/src/components/messages/RateLimitMessage.js +149 -0
package/dist/src/components/messages/ShutdownMessage.js +123 -0
package/dist/src/components/messages/SystemAPIErrorMessage.js +135 -0
package/dist/src/components/messages/SystemTextMessage.js +843 -0
package/dist/src/components/messages/TaskAssignmentMessage.js +71 -0
package/dist/src/components/messages/UserAgentNotificationMessage.js +77 -0
package/dist/src/components/messages/UserBashInputMessage.js +51 -0
package/dist/src/components/messages/UserBashOutputMessage.js +54 -0
package/dist/src/components/messages/UserChannelMessage.js +129 -0
package/dist/src/components/messages/UserCommandMessage.js +106 -0
package/dist/src/components/messages/UserImageMessage.js +53 -0
package/dist/src/components/messages/UserLocalCommandOutputMessage.js +169 -0
package/dist/src/components/messages/UserMemoryInputMessage.js +72 -0
package/dist/src/components/messages/UserPlanMessage.js +37 -0
package/dist/src/components/messages/UserPromptMessage.js +63 -0
package/dist/src/components/messages/UserResourceUpdateMessage.js +101 -0
package/dist/src/components/messages/UserTeammateMessage.js +156 -0
package/dist/src/components/messages/UserTextMessage.js +271 -0
package/dist/src/components/messages/UserToolResultMessage/RejectedPlanMessage.js +27 -0
package/dist/src/components/messages/UserToolResultMessage/RejectedToolUseMessage.js +16 -0
package/dist/src/components/messages/UserToolResultMessage/UserToolCanceledMessage.js +16 -0
package/dist/src/components/messages/UserToolResultMessage/UserToolErrorMessage.js +91 -0
package/dist/src/components/messages/UserToolResultMessage/UserToolRejectMessage.js +73 -0
package/dist/src/components/messages/UserToolResultMessage/UserToolResultMessage.js +83 -0
package/dist/src/components/messages/UserToolResultMessage/UserToolSuccessMessage.js +58 -0
package/dist/src/components/messages/UserToolResultMessage/utils.js +43 -0
package/dist/src/components/messages/nullRenderingAttachments.js +58 -0
package/dist/src/components/messages/teamMemCollapsed.js +142 -0
package/dist/src/components/messages/teamMemSaved.js +17 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/AskUserQuestionPermissionRequest.js +654 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/PreviewBox.js +219 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/PreviewQuestionView.js +227 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/QuestionNavigationBar.js +174 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/QuestionView.js +444 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/SubmitQuestionsView.js +136 -0
package/dist/src/components/permissions/AskUserQuestionPermissionRequest/use-multiple-choice-state.js +100 -0
package/dist/src/components/permissions/BashPermissionRequest/BashPermissionRequest.js +404 -0
package/dist/src/components/permissions/BashPermissionRequest/bashToolUseOptions.js +110 -0
package/dist/src/components/permissions/ComputerUseApproval/ComputerUseApproval.js +448 -0
package/dist/src/components/permissions/EnterPlanModePermissionRequest/EnterPlanModePermissionRequest.js +125 -0
package/dist/src/components/permissions/ExitPlanModePermissionRequest/ExitPlanModePermissionRequest.js +649 -0
package/dist/src/components/permissions/FallbackPermissionRequest.js +348 -0
package/dist/src/components/permissions/FileEditPermissionRequest/FileEditPermissionRequest.js +184 -0
package/dist/src/components/permissions/FilePermissionDialog/FilePermissionDialog.js +108 -0
package/dist/src/components/permissions/FilePermissionDialog/ideDiffConfig.js +13 -0
package/dist/src/components/permissions/FilePermissionDialog/permissionOptions.js +136 -0
package/dist/src/components/permissions/FilePermissionDialog/useFilePermissionDialog.js +131 -0
package/dist/src/components/permissions/FilePermissionDialog/usePermissionHandler.js +86 -0
package/dist/src/components/permissions/FileWritePermissionRequest/FileWritePermissionRequest.js +163 -0
package/dist/src/components/permissions/FileWritePermissionRequest/FileWriteToolDiff.js +78 -0
package/dist/src/components/permissions/FilesystemPermissionRequest/FilesystemPermissionRequest.js +112 -0
package/dist/src/components/permissions/NotebookEditPermissionRequest/NotebookEditPermissionRequest.js +163 -0
package/dist/src/components/permissions/NotebookEditPermissionRequest/NotebookEditToolDiff.js +217 -0
package/dist/src/components/permissions/PermissionDecisionDebugInfo.js +466 -0
package/dist/src/components/permissions/PermissionDialog.js +54 -0
package/dist/src/components/permissions/PermissionExplanation.js +269 -0
package/dist/src/components/permissions/PermissionPrompt.js +316 -0
package/dist/src/components/permissions/PermissionRequest.js +160 -0
package/dist/src/components/permissions/PermissionRequestTitle.js +57 -0
package/dist/src/components/permissions/PermissionRuleExplanation.js +116 -0
package/dist/src/components/permissions/PowerShellPermissionRequest/PowerShellPermissionRequest.js +178 -0
package/dist/src/components/permissions/PowerShellPermissionRequest/powershellToolUseOptions.js +73 -0
package/dist/src/components/permissions/SandboxPermissionRequest.js +161 -0
package/dist/src/components/permissions/SedEditPermissionRequest/SedEditPermissionRequest.js +228 -0
package/dist/src/components/permissions/SkillPermissionRequest/SkillPermissionRequest.js +384 -0
package/dist/src/components/permissions/WebFetchPermissionRequest/WebFetchPermissionRequest.js +258 -0
package/dist/src/components/permissions/WorkerBadge.js +43 -0
package/dist/src/components/permissions/WorkerPendingPermission.js +106 -0
package/dist/src/components/permissions/hooks.js +163 -0
package/dist/src/components/permissions/rules/AddPermissionRules.js +172 -0
package/dist/src/components/permissions/rules/AddWorkspaceDirectory.js +334 -0
package/dist/src/components/permissions/rules/PermissionRuleDescription.js +77 -0
package/dist/src/components/permissions/rules/PermissionRuleInput.js +135 -0
package/dist/src/components/permissions/rules/PermissionRuleList.js +1189 -0
package/dist/src/components/permissions/rules/RecentDenialsTab.js +204 -0
package/dist/src/components/permissions/rules/RemoveWorkspaceDirectory.js +102 -0
package/dist/src/components/permissions/rules/WorkspaceTab.js +132 -0
package/dist/src/components/permissions/shellPermissionHelpers.js +111 -0
package/dist/src/components/permissions/useShellPermissionFeedback.js +108 -0
package/dist/src/components/permissions/utils.js +14 -0
package/dist/src/components/sandbox/SandboxConfigTab.js +47 -0
package/dist/src/components/sandbox/SandboxDependenciesTab.js +122 -0
package/dist/src/components/sandbox/SandboxDoctorSection.js +46 -0
package/dist/src/components/sandbox/SandboxOverridesTab.js +192 -0
package/dist/src/components/sandbox/SandboxSettings.js +296 -0
package/dist/src/components/shell/ExpandShellOutputContext.js +33 -0
package/dist/src/components/shell/OutputLine.js +110 -0
package/dist/src/components/shell/ShellProgressMessage.js +143 -0
package/dist/src/components/shell/ShellTimeDisplay.js +71 -0
package/dist/src/components/skills/SkillsMenu.js +238 -0
package/dist/src/components/tasks/AsyncAgentDetailDialog.js +234 -0
package/dist/src/components/tasks/BackgroundTask.js +363 -0
package/dist/src/components/tasks/BackgroundTaskStatus.js +419 -0
package/dist/src/components/tasks/BackgroundTasksDialog.js +496 -0
package/dist/src/components/tasks/DreamDetailDialog.js +250 -0
package/dist/src/components/tasks/InProcessTeammateDetailDialog.js +274 -0
package/dist/src/components/tasks/RemoteSessionDetailDialog.js +868 -0
package/dist/src/components/tasks/RemoteSessionProgress.js +249 -0
package/dist/src/components/tasks/ShellDetailDialog.js +403 -0
package/dist/src/components/tasks/ShellProgress.js +76 -0
package/dist/src/components/tasks/renderToolActivity.js +28 -0
package/dist/src/components/tasks/taskStatusUtils.js +94 -0
package/dist/src/components/teams/TeamStatus.js +76 -0
package/dist/src/components/teams/TeamsDialog.js +672 -0
package/dist/src/components/ui/ContextCard.js +5 -0
package/dist/src/components/ui/OrderedList.js +66 -0
package/dist/src/components/ui/OrderedListItem.js +41 -0
package/dist/src/components/ui/TreeSelect.js +300 -0
package/dist/src/components/wizard/WizardDialogLayout.js +47 -0
package/dist/src/components/wizard/WizardNavigationFooter.js +10 -0
package/dist/src/components/wizard/WizardProvider.js +217 -0
package/dist/src/components/wizard/index.js +4 -0
package/dist/src/components/wizard/useWizard.js +9 -0
package/dist/src/constants/apiLimits.js +81 -0
package/dist/src/constants/betas.js +45 -0
package/dist/src/constants/common.js +29 -0
package/dist/src/constants/cyberRiskInstruction.js +24 -0
package/dist/src/constants/errorIds.js +14 -0
package/dist/src/constants/figures.js +38 -0
package/dist/src/constants/files.js +150 -0
package/dist/src/constants/github-app.js +139 -0
package/dist/src/constants/keys.js +10 -0
package/dist/src/constants/messages.js +1 -0
package/dist/src/constants/oauth.js +221 -0
package/dist/src/constants/outputStyles.js +162 -0
package/dist/src/constants/product.js +56 -0
package/dist/src/constants/prompts.js +752 -0
package/dist/src/constants/spinnerVerbs.js +202 -0
package/dist/src/constants/system.js +77 -0
package/dist/src/constants/systemPromptSections.js +39 -0
package/dist/src/constants/toolLimits.js +50 -0
package/dist/src/constants/tools.js +103 -0
package/dist/src/constants/turnCompletionVerbs.js +12 -0
package/dist/src/constants/xml.js +73 -0
package/dist/src/context/QueuedMessageContext.js +51 -0
package/dist/src/context/fpsMetrics.js +22 -0
package/dist/src/context/mailbox.js +35 -0
package/dist/src/context/modalContext.js +34 -0
package/dist/src/context/notifications.js +199 -0
package/dist/src/context/overlayContext.js +149 -0
package/dist/src/context/promptOverlayContext.js +118 -0
package/dist/src/context/stats.js +207 -0
package/dist/src/context/voice.js +74 -0
package/dist/src/context.js +146 -0
package/dist/src/coordinator/coordinatorMode.js +349 -0
package/dist/src/cost-tracker.js +208 -0
package/dist/src/costHook.js +17 -0
package/dist/src/daemon/main.js +16 -0
package/dist/src/daemon/workerRegistry.js +16 -0
package/dist/src/dialogLaunchers.js +68 -0
package/dist/src/entrypoints/agentSdkTypes.js +202 -0
package/dist/src/entrypoints/cli.js +252 -0
package/dist/src/entrypoints/init.js +265 -0
package/dist/src/entrypoints/mcp.js +142 -0
package/dist/src/entrypoints/sandboxTypes.js +112 -0
package/dist/src/entrypoints/sdk/controlSchemas.js +452 -0
package/dist/src/entrypoints/sdk/controlTypes.js +1 -0
package/dist/src/entrypoints/sdk/coreSchemas.js +1331 -0
package/dist/src/entrypoints/sdk/coreTypes.generated.js +1 -0
package/dist/src/entrypoints/sdk/coreTypes.js +49 -0
package/dist/src/entrypoints/sdk/runtimeTypes.js +1 -0
package/dist/src/entrypoints/sdk/toolTypes.js +1 -0
package/dist/src/environment-runner/main.js +16 -0
package/dist/src/history.js +386 -0
package/dist/src/hooks/fileSuggestions.js +635 -0
package/dist/src/hooks/notifs/useAutoModeUnavailableNotification.js +47 -0
package/dist/src/hooks/notifs/useCanSwitchToExistingSubscription.js +57 -0
package/dist/src/hooks/notifs/useDeprecationWarningNotification.js +43 -0
package/dist/src/hooks/notifs/useFastModeNotification.js +164 -0
package/dist/src/hooks/notifs/useIDEStatusIndicator.js +174 -0
package/dist/src/hooks/notifs/useInstallMessages.js +27 -0
package/dist/src/hooks/notifs/useLspInitializationNotification.js +144 -0
package/dist/src/hooks/notifs/useMcpConnectivityStatus.js +80 -0
package/dist/src/hooks/notifs/useModelMigrationNotifications.js +53 -0
package/dist/src/hooks/notifs/useNpmDeprecationNotification.js +24 -0
package/dist/src/hooks/notifs/usePluginAutoupdateNotification.js +82 -0
package/dist/src/hooks/notifs/usePluginInstallationStatus.js +127 -0
package/dist/src/hooks/notifs/useRateLimitWarningNotification.js +118 -0
package/dist/src/hooks/notifs/useSettingsErrors.js +64 -0
package/dist/src/hooks/notifs/useStartupNotification.js +33 -0
package/dist/src/hooks/notifs/useTeammateShutdownNotification.js +64 -0
package/dist/src/hooks/renderPlaceholder.js +26 -0
package/dist/src/hooks/toolPermission/PermissionContext.js +211 -0
package/dist/src/hooks/toolPermission/handlers/coordinatorHandler.js +44 -0
package/dist/src/hooks/toolPermission/handlers/interactiveHandler.js +397 -0
package/dist/src/hooks/toolPermission/handlers/swarmWorkerHandler.js +108 -0
package/dist/src/hooks/toolPermission/permissionLogging.js +145 -0
package/dist/src/hooks/unifiedSuggestions.js +130 -0
package/dist/src/hooks/useAfterFirstRender.js +12 -0
package/dist/src/hooks/useApiKeyVerification.js +63 -0
package/dist/src/hooks/useArrowKeyHistory.js +203 -0
package/dist/src/hooks/useAssistantHistory.js +194 -0
package/dist/src/hooks/useAwaySummary.js +105 -0
package/dist/src/hooks/useBackgroundTaskNavigation.js +204 -0
package/dist/src/hooks/useBlink.js +28 -0
package/dist/src/hooks/useCanUseTool.js +192 -0
package/dist/src/hooks/useCancelRequest.js +195 -0
package/dist/src/hooks/useChromeExtensionNotification.js +49 -0
package/dist/src/hooks/useClaudeCodeHintRecommendation.js +117 -0
package/dist/src/hooks/useClipboardImageHint.js +59 -0
package/dist/src/hooks/useCommandKeybindings.js +87 -0
package/dist/src/hooks/useCommandQueue.js +10 -0
package/dist/src/hooks/useCopyOnSelect.js +88 -0
package/dist/src/hooks/useDeferredHookMessages.js +43 -0
package/dist/src/hooks/useDiffData.js +69 -0
package/dist/src/hooks/useDiffInIDE.js +252 -0
package/dist/src/hooks/useDirectConnect.js +150 -0
package/dist/src/hooks/useDoublePress.js +44 -0
package/dist/src/hooks/useDynamicConfig.js +17 -0
package/dist/src/hooks/useElapsedTime.js +25 -0
package/dist/src/hooks/useExitOnCtrlCD.js +57 -0
package/dist/src/hooks/useExitOnCtrlCDWithKeybindings.js +17 -0
package/dist/src/hooks/useFileHistorySnapshotInit.js +14 -0
package/dist/src/hooks/useGlobalKeybindings.js +215 -0
package/dist/src/hooks/useHistorySearch.js +241 -0
package/dist/src/hooks/useIDEIntegration.js +56 -0
package/dist/src/hooks/useIdeAtMentioned.js +51 -0
package/dist/src/hooks/useIdeConnectionStatus.js +21 -0
package/dist/src/hooks/useIdeLogging.js +29 -0
package/dist/src/hooks/useIdeSelection.js +106 -0
package/dist/src/hooks/useInboxPoller.js +709 -0
package/dist/src/hooks/useInputBuffer.js +73 -0
package/dist/src/hooks/useIssueFlagBanner.js +115 -0
package/dist/src/hooks/useLogMessages.js +98 -0
package/dist/src/hooks/useLspPluginRecommendation.js +176 -0
package/dist/src/hooks/useMailboxBridge.js +15 -0
package/dist/src/hooks/useMainLoopModel.js +25 -0
package/dist/src/hooks/useManagePlugins.js +261 -0
package/dist/src/hooks/useMemoryUsage.js +28 -0
package/dist/src/hooks/useMergedClients.js +11 -0
package/dist/src/hooks/useMergedCommands.js +10 -0
package/dist/src/hooks/useMergedTools.js +32 -0
package/dist/src/hooks/useMinDisplayTime.js +26 -0
package/dist/src/hooks/useNotifyAfterTimeout.js +51 -0
package/dist/src/hooks/useOfficialMarketplaceNotification.js +46 -0
package/dist/src/hooks/usePasteHandler.js +188 -0
package/dist/src/hooks/usePluginRecommendationBase.js +101 -0
package/dist/src/hooks/usePrStatus.js +91 -0
package/dist/src/hooks/usePromptSuggestion.js +128 -0
package/dist/src/hooks/usePromptsFromClaudeInChrome.js +66 -0
package/dist/src/hooks/useQueueProcessor.js +46 -0
package/dist/src/hooks/useRemoteSession.js +431 -0
package/dist/src/hooks/useReplBridge.js +717 -0
package/dist/src/hooks/useSSHSession.js +167 -0
package/dist/src/hooks/useScheduledTasks.js +104 -0
package/dist/src/hooks/useSearchInput.js +302 -0
package/dist/src/hooks/useSessionBackgrounding.js +132 -0
package/dist/src/hooks/useSettings.js +10 -0
package/dist/src/hooks/useSettingsChange.js +13 -0
package/dist/src/hooks/useSkillImprovementSurvey.js +69 -0
package/dist/src/hooks/useSkillsChange.js +51 -0
package/dist/src/hooks/useSwarmInitialization.js +67 -0
package/dist/src/hooks/useSwarmPermissionPoller.js +215 -0
package/dist/src/hooks/useTaskListWatcher.js +157 -0
package/dist/src/hooks/useTasksV2.js +220 -0
package/dist/src/hooks/useTeammateViewAutoExit.js +55 -0
package/dist/src/hooks/useTelegramMirror.js +47 -0
package/dist/src/hooks/useTeleportResume.js +81 -0
package/dist/src/hooks/useTerminalSize.js +9 -0
package/dist/src/hooks/useTextInput.js +397 -0
package/dist/src/hooks/useTimeout.js +10 -0
package/dist/src/hooks/useTurnDiffs.js +160 -0
package/dist/src/hooks/useTypeahead.js +1617 -0
package/dist/src/hooks/useUpdateNotification.js +22 -0
package/dist/src/hooks/useVimInput.js +232 -0
package/dist/src/hooks/useVirtualScroll.js +627 -0
package/dist/src/hooks/useVoice.js +954 -0
package/dist/src/hooks/useVoiceEnabled.js +21 -0
package/dist/src/hooks/useVoiceIntegration.js +631 -0
package/dist/src/hooks/useWhatsAppMirror.js +46 -0
package/dist/src/index.js +18 -0
package/dist/src/ink/Ansi.js +269 -0
package/dist/src/ink/bidi.js +117 -0
package/dist/src/ink/clearTerminal.js +58 -0
package/dist/src/ink/colorize.js +198 -0
package/dist/src/ink/components/AlternateScreen.js +74 -0
package/dist/src/ink/components/App.js +558 -0
package/dist/src/ink/components/AppContext.js +11 -0
package/dist/src/ink/components/Box.js +153 -0
package/dist/src/ink/components/Button.js +166 -0
package/dist/src/ink/components/ClockContext.js +108 -0
package/dist/src/ink/components/CursorDeclarationContext.js +3 -0
package/dist/src/ink/components/ErrorOverview.js +49 -0
package/dist/src/ink/components/Link.js +33 -0
package/dist/src/ink/components/Newline.js +29 -0
package/dist/src/ink/components/NoSelect.js +56 -0
package/dist/src/ink/components/RawAnsi.js +45 -0
package/dist/src/ink/components/ScrollBox.js +170 -0
package/dist/src/ink/components/Spacer.js +19 -0
package/dist/src/ink/components/StdinContext.js +16 -0
package/dist/src/ink/components/TerminalFocusContext.js +45 -0
package/dist/src/ink/components/TerminalSizeContext.js +3 -0
package/dist/src/ink/components/Text.js +194 -0
package/dist/src/ink/constants.js +2 -0
package/dist/src/ink/devtools.js +16 -0
package/dist/src/ink/dom.js +298 -0
package/dist/src/ink/events/click-event.js +36 -0
package/dist/src/ink/events/dispatcher.js +172 -0
package/dist/src/ink/events/emitter.js +31 -0
package/dist/src/ink/events/event-handlers.js +30 -0
package/dist/src/ink/events/event.js +9 -0
package/dist/src/ink/events/focus-event.js +16 -0
package/dist/src/ink/events/input-event.js +161 -0
package/dist/src/ink/events/keyboard-event.js +45 -0
package/dist/src/ink/events/terminal-event.js +78 -0
package/dist/src/ink/events/terminal-focus-event.js +15 -0
package/dist/src/ink/focus.js +158 -0
package/dist/src/ink/frame.js +30 -0
package/dist/src/ink/get-max-width.js +23 -0
package/dist/src/ink/hit-test.js +113 -0
package/dist/src/ink/hooks/use-animation-frame.js +48 -0
package/dist/src/ink/hooks/use-app.js +7 -0
package/dist/src/ink/hooks/use-declared-cursor.js +60 -0
package/dist/src/ink/hooks/use-input.js +70 -0
package/dist/src/ink/hooks/use-interval.js +54 -0
package/dist/src/ink/hooks/use-search-highlight.js +32 -0
package/dist/src/ink/hooks/use-selection.js +60 -0
package/dist/src/ink/hooks/use-stdin.js +7 -0
package/dist/src/ink/hooks/use-tab-status.js +57 -0
package/dist/src/ink/hooks/use-terminal-focus.js +15 -0
package/dist/src/ink/hooks/use-terminal-title.js +29 -0
package/dist/src/ink/hooks/use-terminal-viewport.js +77 -0
package/dist/src/ink/ink.js +1644 -0
package/dist/src/ink/instances.js +7 -0
package/dist/src/ink/layout/engine.js +4 -0
package/dist/src/ink/layout/geometry.js +61 -0
package/dist/src/ink/layout/node.js +62 -0
package/dist/src/ink/layout/yoga.js +237 -0
package/dist/src/ink/line-width-cache.js +19 -0
package/dist/src/ink/log-update.js +583 -0
package/dist/src/ink/measure-element.js +8 -0
package/dist/src/ink/measure-text.js +35 -0
package/dist/src/ink/node-cache.js +30 -0
package/dist/src/ink/optimizer.js +81 -0
package/dist/src/ink/output.js +556 -0
package/dist/src/ink/parse-keypress.js +695 -0
package/dist/src/ink/reconciler.js +384 -0
package/dist/src/ink/render-border.js +134 -0
package/dist/src/ink/render-node-to-output.js +1216 -0
package/dist/src/ink/render-to-screen.js +171 -0
package/dist/src/ink/renderer.js +129 -0
package/dist/src/ink/root.js +80 -0
package/dist/src/ink/screen.js +1132 -0
package/dist/src/ink/searchHighlight.js +78 -0
package/dist/src/ink/selection.js +792 -0
package/dist/src/ink/squash-text-nodes.js +56 -0
package/dist/src/ink/stringWidth.js +200 -0
package/dist/src/ink/styles.js +299 -0
package/dist/src/ink/supports-hyperlinks.js +40 -0
package/dist/src/ink/tabstops.js +39 -0
package/dist/src/ink/terminal-focus-state.js +35 -0
package/dist/src/ink/terminal-querier.js +173 -0
package/dist/src/ink/terminal.js +208 -0
package/dist/src/ink/termio/ansi.js +70 -0
package/dist/src/ink/termio/csi.js +260 -0
package/dist/src/ink/termio/dec.js +53 -0
package/dist/src/ink/termio/esc.js +55 -0
package/dist/src/ink/termio/osc.js +432 -0
package/dist/src/ink/termio/parser.js +356 -0
package/dist/src/ink/termio/sgr.js +292 -0
package/dist/src/ink/termio/tokenize.js +264 -0
package/dist/src/ink/termio/types.js +55 -0
package/dist/src/ink/termio.js +24 -0
package/dist/src/ink/useTerminalNotification.js +57 -0
package/dist/src/ink/warn.js +10 -0
package/dist/src/ink/widest-line.js +14 -0
package/dist/src/ink/wrap-text.js +54 -0
package/dist/src/ink/wrapAnsi.js +6 -0
package/dist/src/ink.js +50 -0
package/dist/src/interactiveHelpers.js +317 -0
package/dist/src/keybindings/KeybindingContext.js +184 -0
package/dist/src/keybindings/KeybindingProviderSetup.js +259 -0
package/dist/src/keybindings/defaultBindings.js +333 -0
package/dist/src/keybindings/loadUserBindings.js +393 -0
package/dist/src/keybindings/match.js +111 -0
package/dist/src/keybindings/parser.js +184 -0
package/dist/src/keybindings/reservedShortcuts.js +109 -0
package/dist/src/keybindings/resolver.js +182 -0
package/dist/src/keybindings/schema.js +205 -0
package/dist/src/keybindings/shortcutFormat.js +48 -0
package/dist/src/keybindings/template.js +40 -0
package/dist/src/keybindings/useKeybinding.js +161 -0
package/dist/src/keybindings/useShortcutDisplay.js +43 -0
package/dist/src/keybindings/validate.js +395 -0
package/dist/src/main.js +4080 -0
package/dist/src/memdir/findRelevantMemories.js +101 -0
package/dist/src/memdir/memdir.js +408 -0
package/dist/src/memdir/memoryAge.js +52 -0
package/dist/src/memdir/memoryScan.js +65 -0
package/dist/src/memdir/memoryTypes.js +260 -0
package/dist/src/memdir/paths.js +236 -0
package/dist/src/memdir/teamMemPaths.js +261 -0
package/dist/src/memdir/teamMemPrompts.js +82 -0
package/dist/src/migrations/migrateAutoUpdatesToSettings.js +47 -0
package/dist/src/migrations/migrateBypassPermissionsAcceptedToSettings.js +32 -0
package/dist/src/migrations/migrateEnableAllProjectMcpServersToSettings.js +83 -0
package/dist/src/migrations/migrateFennecToOpus.js +39 -0
package/dist/src/migrations/migrateLegacyOpusToCurrent.js +44 -0
package/dist/src/migrations/migrateOpusToOpus1m.js +31 -0
package/dist/src/migrations/migrateReplBridgeEnabledToRemoteControlAtStartup.js +23 -0
package/dist/src/migrations/migrateSonnet1mToSonnet45.js +38 -0
package/dist/src/migrations/migrateSonnet45ToSonnet46.js +48 -0
package/dist/src/migrations/resetAutoModeOptInForDefaultOffer.js +47 -0
package/dist/src/migrations/resetProToOpusDefault.js +46 -0
package/dist/src/mirrors/shared.js +186 -0
package/dist/src/moreright/useMoreRight.js +13 -0
package/dist/src/native-ts/color-diff/index.js +821 -0
package/dist/src/native-ts/file-index/index.js +328 -0
package/dist/src/native-ts/yoga-layout/enums.js +101 -0
package/dist/src/native-ts/yoga-layout/index.js +2113 -0
package/dist/src/outputStyles/loadOutputStylesDir.js +73 -0
package/dist/src/plugins/builtinPlugins.js +132 -0
package/dist/src/plugins/bundled/index.js +22 -0
package/dist/src/projectOnboardingState.js +61 -0
package/dist/src/query/config.js +17 -0
package/dist/src/query/deps.js +12 -0
package/dist/src/query/stopHooks.js +334 -0
package/dist/src/query/tokenBudget.js +49 -0
package/dist/src/query.js +1330 -0
package/dist/src/recovery/bunBundleShim.js +11 -0
package/dist/src/remote/RemoteSessionManager.js +195 -0
package/dist/src/remote/SessionsWebSocket.js +305 -0
package/dist/src/remote/remotePermissionBridge.js +70 -0
package/dist/src/remote/sdkMessageAdapter.js +227 -0
package/dist/src/replLauncher.js +6 -0
package/dist/src/schemas/hooks.js +174 -0
package/dist/src/screens/Doctor.js +581 -0
package/dist/src/screens/REPL.js +4434 -0
package/dist/src/screens/ResumeConversation.js +341 -0
package/dist/src/self-hosted-runner/main.js +16 -0
package/dist/src/server/backends/dangerousBackend.js +16 -0
package/dist/src/server/connectHeadless.js +16 -0
package/dist/src/server/createDirectConnectSession.js +62 -0
package/dist/src/server/directConnectManager.js +153 -0
package/dist/src/server/lockfile.js +16 -0
package/dist/src/server/parseConnectUrl.js +16 -0
package/dist/src/server/server.js +16 -0
package/dist/src/server/serverBanner.js +16 -0
package/dist/src/server/serverLog.js +16 -0
package/dist/src/server/sessionManager.js +16 -0
package/dist/src/server/types.js +7 -0
package/dist/src/services/AgentSummary/agentSummary.js +147 -0
package/dist/src/services/MagicDocs/magicDocs.js +193 -0
package/dist/src/services/MagicDocs/prompts.js +110 -0
package/dist/src/services/PromptSuggestion/promptSuggestion.js +402 -0
package/dist/src/services/PromptSuggestion/speculation.js +643 -0
package/dist/src/services/SessionMemory/prompts.js +254 -0
package/dist/src/services/SessionMemory/sessionMemory.js +358 -0
package/dist/src/services/SessionMemory/sessionMemoryUtils.js +157 -0
package/dist/src/services/analytics/config.js +33 -0
package/dist/src/services/analytics/datadog.js +259 -0
package/dist/src/services/analytics/firstPartyEventLogger.js +342 -0
package/dist/src/services/analytics/firstPartyEventLoggingExporter.js +594 -0
package/dist/src/services/analytics/growthbook.js +952 -0
package/dist/src/services/analytics/index.js +114 -0
package/dist/src/services/analytics/metadata.js +698 -0
package/dist/src/services/analytics/sink.js +95 -0
package/dist/src/services/analytics/sinkKillswitch.js +19 -0
package/dist/src/services/api/adminRequests.js +57 -0
package/dist/src/services/api/bootstrap.js +149 -0
package/dist/src/services/api/claude.js +2461 -0
package/dist/src/services/api/client.js +325 -0
package/dist/src/services/api/dumpPrompts.js +174 -0
package/dist/src/services/api/emptyUsage.js +20 -0
package/dist/src/services/api/errorUtils.js +203 -0
package/dist/src/services/api/errors.js +934 -0
package/dist/src/services/api/filesApi.js +523 -0
package/dist/src/services/api/firstTokenDate.js +49 -0
package/dist/src/services/api/grove.js +272 -0
package/dist/src/services/api/index.js +23 -0
package/dist/src/services/api/logging.js +484 -0
package/dist/src/services/api/metricsOptOut.js +129 -0
package/dist/src/services/api/openai.js +1187 -0
package/dist/src/services/api/openrouter.js +30 -0
package/dist/src/services/api/overageCreditGrant.js +123 -0
package/dist/src/services/api/promptCacheBreakDetection.js +510 -0
package/dist/src/services/api/referral.js +219 -0
package/dist/src/services/api/sessionIngress.js +358 -0
package/dist/src/services/api/ultrareviewQuota.js +29 -0
package/dist/src/services/api/usage.js +31 -0
package/dist/src/services/api/withRetry.js +599 -0
package/dist/src/services/autoDream/autoDream.js +244 -0
package/dist/src/services/autoDream/config.js +17 -0
package/dist/src/services/autoDream/consolidationLock.js +122 -0
package/dist/src/services/autoDream/consolidationPrompt.js +56 -0
package/dist/src/services/awaySummary.js +61 -0
package/dist/src/services/claudeAiLimits.js +331 -0
package/dist/src/services/claudeAiLimitsHook.js +15 -0
package/dist/src/services/compact/apiMicrocompact.js +97 -0
package/dist/src/services/compact/autoCompact.js +236 -0
package/dist/src/services/compact/cachedMicrocompact.js +16 -0
package/dist/src/services/compact/compact.js +1258 -0
package/dist/src/services/compact/compactWarningHook.js +12 -0
package/dist/src/services/compact/compactWarningState.js +15 -0
package/dist/src/services/compact/grouping.js +58 -0
package/dist/src/services/compact/microCompact.js +414 -0
package/dist/src/services/compact/postCompactCleanup.js +72 -0
package/dist/src/services/compact/prompt.js +327 -0
package/dist/src/services/compact/sessionMemoryCompact.js +467 -0
package/dist/src/services/compact/timeBasedMCConfig.js +11 -0
package/dist/src/services/diagnosticTracking.js +282 -0
package/dist/src/services/extractMemories/extractMemories.js +444 -0
package/dist/src/services/extractMemories/prompts.js +129 -0
package/dist/src/services/internalLogging.js +68 -0
package/dist/src/services/limits/adapters/claude.js +219 -0
package/dist/src/services/limits/adapters/minimax.js +177 -0
package/dist/src/services/limits/adapters/ollama.js +189 -0
package/dist/src/services/limits/adapters/openai.js +167 -0
package/dist/src/services/limits/adapters/openrouter.js +166 -0
package/dist/src/services/limits/adapters/zai.js +154 -0
package/dist/src/services/limits/index.js +2 -0
package/dist/src/services/limits/registry.js +179 -0
package/dist/src/services/limits/sessionCounter.js +168 -0
package/dist/src/services/limits/types.js +1 -0
package/dist/src/services/lsp/LSPClient.js +306 -0
package/dist/src/services/lsp/LSPDiagnosticRegistry.js +277 -0
package/dist/src/services/lsp/LSPServerInstance.js +390 -0
package/dist/src/services/lsp/LSPServerManager.js +305 -0
package/dist/src/services/lsp/config.js +57 -0
package/dist/src/services/lsp/manager.js +246 -0
package/dist/src/services/lsp/passiveFeedback.js +226 -0
package/dist/src/services/mcp/InProcessTransport.js +54 -0
package/dist/src/services/mcp/MCPConnectionManager.js +50 -0
package/dist/src/services/mcp/SdkControlTransport.js +115 -0
package/dist/src/services/mcp/auth.js +1882 -0
package/dist/src/services/mcp/channelAllowlist.js +57 -0
package/dist/src/services/mcp/channelNotification.js +236 -0
package/dist/src/services/mcp/channelPermissions.js +192 -0
package/dist/src/services/mcp/claudeai.js +123 -0
package/dist/src/services/mcp/client.js +2480 -0
package/dist/src/services/mcp/config.js +1277 -0
package/dist/src/services/mcp/elicitationHandler.js +192 -0
package/dist/src/services/mcp/envExpansion.js +30 -0
package/dist/src/services/mcp/headersHelper.js +94 -0
package/dist/src/services/mcp/mcpStringUtils.js +85 -0
package/dist/src/services/mcp/normalization.js +21 -0
package/dist/src/services/mcp/oauthPort.js +69 -0
package/dist/src/services/mcp/officialRegistry.js +58 -0
package/dist/src/services/mcp/types.js +94 -0
package/dist/src/services/mcp/useManageMCPConnections.js +820 -0
package/dist/src/services/mcp/utils.js +433 -0
package/dist/src/services/mcp/vscodeSdkMcp.js +69 -0
package/dist/src/services/mcp/xaa.js +342 -0
package/dist/src/services/mcp/xaaIdpLogin.js +377 -0
package/dist/src/services/mcpServerApproval.js +29 -0
package/dist/src/services/mockRateLimits.js +666 -0
package/dist/src/services/notifier.js +114 -0
package/dist/src/services/oauth/auth-code-listener.js +236 -0
package/dist/src/services/oauth/client.js +545 -0
package/dist/src/services/oauth/crypto.js +19 -0
package/dist/src/services/oauth/getOauthProfile.js +48 -0
package/dist/src/services/oauth/index.js +152 -0
package/dist/src/services/oauth/types.js +1 -0
package/dist/src/services/orchestration/execution/AgentTaskExecutor.js +315 -0
package/dist/src/services/orchestration/execution/OrchestrationExecutionRuntime.js +1147 -0
package/dist/src/services/orchestration/execution/index.js +2 -0
package/dist/src/services/orchestration/execution/types.js +1 -0
package/dist/src/services/orchestration/global/GlobalOrchestratorRuntime.js +140 -0
package/dist/src/services/orchestration/global/index.js +3 -0
package/dist/src/services/orchestration/global/reporting.js +541 -0
package/dist/src/services/orchestration/global/types.js +1 -0
package/dist/src/services/orchestration/index.js +4 -0
package/dist/src/services/orchestration/policy/index.js +2 -0
package/dist/src/services/orchestration/policy/scoring.js +291 -0
package/dist/src/services/orchestration/policy/types.js +1 -0
package/dist/src/services/orchestration/squad/SquadOrchestratorRuntime.js +198 -0
package/dist/src/services/orchestration/squad/index.js +3 -0
package/dist/src/services/orchestration/squad/reporting.js +525 -0
package/dist/src/services/orchestration/squad/types.js +1 -0
package/dist/src/services/plugins/PluginInstallationManager.js +139 -0
package/dist/src/services/plugins/pluginCliCommands.js +230 -0
package/dist/src/services/plugins/pluginOperations.js +826 -0
package/dist/src/services/policyLimits/index.js +547 -0
package/dist/src/services/policyLimits/types.js +9 -0
package/dist/src/services/preventSleep.js +143 -0
package/dist/src/services/rateLimitMessages.js +271 -0
package/dist/src/services/rateLimitMocking.js +91 -0
package/dist/src/services/remoteManagedSettings/index.js +534 -0
package/dist/src/services/remoteManagedSettings/securityCheck.js +59 -0
package/dist/src/services/remoteManagedSettings/syncCache.js +90 -0
package/dist/src/services/remoteManagedSettings/syncCacheState.js +89 -0
package/dist/src/services/remoteManagedSettings/types.js +12 -0
package/dist/src/services/settingsSync/index.js +478 -0
package/dist/src/services/settingsSync/types.js +35 -0
package/dist/src/services/teamMemorySync/index.js +976 -0
package/dist/src/services/teamMemorySync/secretScanner.js +275 -0
package/dist/src/services/teamMemorySync/teamMemSecretGuard.js +35 -0
package/dist/src/services/teamMemorySync/types.js +47 -0
package/dist/src/services/teamMemorySync/watcher.js +326 -0
package/dist/src/services/tips/tipHistory.js +17 -0
package/dist/src/services/tips/tipRegistry.js +589 -0
package/dist/src/services/tips/tipScheduler.js +40 -0
package/dist/src/services/tokenEstimation.js +365 -0
package/dist/src/services/toolUseSummary/toolUseSummaryGenerator.js +87 -0
package/dist/src/services/tools/StreamingToolExecutor.js +413 -0
package/dist/src/services/tools/toolExecution.js +1218 -0
package/dist/src/services/tools/toolHooks.js +454 -0
package/dist/src/services/tools/toolOrchestration.js +110 -0
package/dist/src/services/vcr.js +291 -0
package/dist/src/services/voice.js +394 -0
package/dist/src/services/voiceKeyterms.js +94 -0
package/dist/src/services/voiceStreamSTT.js +406 -0
package/dist/src/setup.js +349 -0
package/dist/src/skills/bundled/batch.js +114 -0
package/dist/src/skills/bundled/claudeApi.js +145 -0
package/dist/src/skills/bundled/claudeApiContent.js +14 -0
package/dist/src/skills/bundled/claudeInChrome.js +27 -0
package/dist/src/skills/bundled/debug.js +99 -0
package/dist/src/skills/bundled/index.js +5 -0
package/dist/src/skills/bundled/keybindings.js +292 -0
package/dist/src/skills/bundled/loop.js +81 -0
package/dist/src/skills/bundled/loremIpsum.js +266 -0
package/dist/src/skills/bundled/remember.js +75 -0
package/dist/src/skills/bundled/scheduleRemoteAgents.js +373 -0
package/dist/src/skills/bundled/simplify.js +66 -0
package/dist/src/skills/bundled/skillify.js +184 -0
package/dist/src/skills/bundled/stuck.js +75 -0
package/dist/src/skills/bundled/updateConfig.js +463 -0
package/dist/src/skills/bundled/verify.js +25 -0
package/dist/src/skills/bundled/verifyContent.js +7 -0
package/dist/src/skills/bundledSkills.js +159 -0
package/dist/src/skills/loadSkillsDir.js +751 -0
package/dist/src/skills/mcpSkillBuilders.js +10 -0
package/dist/src/ssh/createSSHSession.js +16 -0
package/dist/src/state/AppState.js +184 -0
package/dist/src/state/AppStateStore.js +120 -0
package/dist/src/state/onChangeAppState.js +132 -0
package/dist/src/state/selectors.js +51 -0
package/dist/src/state/store.js +21 -0
package/dist/src/state/teammateViewHelpers.js +124 -0
package/dist/src/tasks/DreamTask/DreamTask.js +99 -0
package/dist/src/tasks/InProcessTeammateTask/InProcessTeammateTask.js +116 -0
package/dist/src/tasks/InProcessTeammateTask/types.js +35 -0
package/dist/src/tasks/LocalAgentTask/LocalAgentTask.js +507 -0
package/dist/src/tasks/LocalMainSessionTask.js +338 -0
package/dist/src/tasks/LocalShellTask/LocalShellTask.js +475 -0
package/dist/src/tasks/LocalShellTask/guards.js +9 -0
package/dist/src/tasks/LocalShellTask/killShellTasks.js +59 -0
package/dist/src/tasks/RemoteAgentTask/RemoteAgentTask.js +742 -0
package/dist/src/tasks/pillLabel.js +69 -0
package/dist/src/tasks/stopTask.js +67 -0
package/dist/src/tasks/types.js +18 -0
package/dist/src/tasks.js +39 -0
package/dist/src/telegram/bridge.js +329 -0
package/dist/src/telegram/config.js +89 -0
package/dist/src/telegram/mirror.js +91 -0
package/dist/src/tools/AgentTool/AgentTool.js +1222 -0
package/dist/src/tools/AgentTool/UI.js +592 -0
package/dist/src/tools/AgentTool/agentColorManager.js +43 -0
package/dist/src/tools/AgentTool/agentDisplay.js +72 -0
package/dist/src/tools/AgentTool/agentMemory.js +139 -0
package/dist/src/tools/AgentTool/agentMemorySnapshot.js +136 -0
package/dist/src/tools/AgentTool/agentToolUtils.js +456 -0
package/dist/src/tools/AgentTool/built-in/claudeCodeGuideAgent.js +175 -0
package/dist/src/tools/AgentTool/built-in/exploreAgent.js +76 -0
package/dist/src/tools/AgentTool/built-in/generalPurposeAgent.js +28 -0
package/dist/src/tools/AgentTool/built-in/planAgent.js +87 -0
package/dist/src/tools/AgentTool/built-in/statuslineSetup.js +140 -0
package/dist/src/tools/AgentTool/built-in/verificationAgent.js +146 -0
package/dist/src/tools/AgentTool/builtInAgents.js +59 -0
package/dist/src/tools/AgentTool/constants.js +11 -0
package/dist/src/tools/AgentTool/forkSubagent.js +177 -0
package/dist/src/tools/AgentTool/loadAgentsDir.js +497 -0
package/dist/src/tools/AgentTool/prompt.js +262 -0
package/dist/src/tools/AgentTool/resumeAgent.js +182 -0
package/dist/src/tools/AgentTool/runAgent.js +629 -0
package/dist/src/tools/AskUserQuestionTool/AskUserQuestionTool.js +237 -0
package/dist/src/tools/AskUserQuestionTool/prompt.js +38 -0
package/dist/src/tools/BashTool/BashTool.js +1008 -0
package/dist/src/tools/BashTool/BashToolResultMessage.js +168 -0
package/dist/src/tools/BashTool/UI.js +133 -0
package/dist/src/tools/BashTool/bashCommandHelpers.js +184 -0
package/dist/src/tools/BashTool/bashPermissions.js +2023 -0
package/dist/src/tools/BashTool/bashSecurity.js +2267 -0
package/dist/src/tools/BashTool/commandSemantics.js +105 -0
package/dist/src/tools/BashTool/commentLabel.js +14 -0
package/dist/src/tools/BashTool/destructiveCommandWarning.js +88 -0
package/dist/src/tools/BashTool/modeValidation.js +86 -0
package/dist/src/tools/BashTool/pathValidation.js +1080 -0
package/dist/src/tools/BashTool/prompt.js +334 -0
package/dist/src/tools/BashTool/readOnlyValidation.js +1794 -0
package/dist/src/tools/BashTool/sedEditParser.js +282 -0
package/dist/src/tools/BashTool/sedValidation.js +580 -0
package/dist/src/tools/BashTool/shouldUseSandbox.js +125 -0
package/dist/src/tools/BashTool/toolName.js +2 -0
package/dist/src/tools/BashTool/utils.js +180 -0
package/dist/src/tools/BriefTool/BriefTool.js +172 -0
package/dist/src/tools/BriefTool/UI.js +66 -0
package/dist/src/tools/BriefTool/attachments.js +86 -0
package/dist/src/tools/BriefTool/prompt.js +19 -0
package/dist/src/tools/BriefTool/upload.js +136 -0
package/dist/src/tools/ConfigTool/ConfigTool.js +398 -0
package/dist/src/tools/ConfigTool/UI.js +24 -0
package/dist/src/tools/ConfigTool/constants.js +1 -0
package/dist/src/tools/ConfigTool/prompt.js +82 -0
package/dist/src/tools/ConfigTool/supportedSettings.js +180 -0
package/dist/src/tools/EnterPlanModeTool/EnterPlanModeTool.js +98 -0
package/dist/src/tools/EnterPlanModeTool/UI.js +13 -0
package/dist/src/tools/EnterPlanModeTool/constants.js +1 -0
package/dist/src/tools/EnterPlanModeTool/prompt.js +164 -0
package/dist/src/tools/EnterWorktreeTool/EnterWorktreeTool.js +104 -0
package/dist/src/tools/EnterWorktreeTool/UI.js +8 -0
package/dist/src/tools/EnterWorktreeTool/constants.js +1 -0
package/dist/src/tools/EnterWorktreeTool/prompt.js +30 -0
package/dist/src/tools/ExitPlanModeTool/ExitPlanModeV2Tool.js +385 -0
package/dist/src/tools/ExitPlanModeTool/UI.js +31 -0
package/dist/src/tools/ExitPlanModeTool/constants.js +2 -0
package/dist/src/tools/ExitPlanModeTool/prompt.js +27 -0
package/dist/src/tools/ExitWorktreeTool/ExitWorktreeTool.js +257 -0
package/dist/src/tools/ExitWorktreeTool/UI.js +9 -0
package/dist/src/tools/ExitWorktreeTool/constants.js +1 -0
package/dist/src/tools/ExitWorktreeTool/prompt.js +32 -0
package/dist/src/tools/FileEditTool/FileEditTool.js +480 -0
package/dist/src/tools/FileEditTool/UI.js +201 -0
package/dist/src/tools/FileEditTool/constants.js +7 -0
package/dist/src/tools/FileEditTool/prompt.js +24 -0
package/dist/src/tools/FileEditTool/types.js +50 -0
package/dist/src/tools/FileEditTool/utils.js +579 -0
package/dist/src/tools/FileReadTool/FileReadTool.js +889 -0
package/dist/src/tools/FileReadTool/UI.js +125 -0
package/dist/src/tools/FileReadTool/imageProcessor.js +46 -0
package/dist/src/tools/FileReadTool/limits.js +70 -0
package/dist/src/tools/FileReadTool/prompt.js +31 -0
package/dist/src/tools/FileWriteTool/FileWriteTool.js +341 -0
package/dist/src/tools/FileWriteTool/UI.js +338 -0
package/dist/src/tools/FileWriteTool/prompt.js +15 -0
package/dist/src/tools/GlobTool/GlobTool.js +161 -0
package/dist/src/tools/GlobTool/UI.js +39 -0
package/dist/src/tools/GlobTool/prompt.js +6 -0
package/dist/src/tools/GrepTool/GrepTool.js +439 -0
package/dist/src/tools/GrepTool/UI.js +154 -0
package/dist/src/tools/GrepTool/prompt.js +16 -0
package/dist/src/tools/LSPTool/LSPTool.js +660 -0
package/dist/src/tools/LSPTool/UI.js +204 -0
package/dist/src/tools/LSPTool/formatters.js +445 -0
package/dist/src/tools/LSPTool/prompt.js +20 -0
package/dist/src/tools/LSPTool/schemas.js +197 -0
package/dist/src/tools/LSPTool/symbolContext.js +75 -0
package/dist/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.js +100 -0
package/dist/src/tools/ListMcpResourcesTool/UI.js +16 -0
package/dist/src/tools/ListMcpResourcesTool/prompt.js +18 -0
package/dist/src/tools/MCPTool/MCPTool.js +60 -0
package/dist/src/tools/MCPTool/UI.js +342 -0
package/dist/src/tools/MCPTool/classifyForCollapse.js +597 -0
package/dist/src/tools/MCPTool/prompt.js +3 -0
package/dist/src/tools/McpAuthTool/McpAuthTool.js +162 -0
package/dist/src/tools/NotebookEditTool/NotebookEditTool.js +421 -0
package/dist/src/tools/NotebookEditTool/UI.js +40 -0
package/dist/src/tools/NotebookEditTool/constants.js +2 -0
package/dist/src/tools/NotebookEditTool/prompt.js +2 -0
package/dist/src/tools/PowerShellTool/PowerShellTool.js +899 -0
package/dist/src/tools/PowerShellTool/UI.js +57 -0
package/dist/src/tools/PowerShellTool/clmTypes.js +207 -0
package/dist/src/tools/PowerShellTool/commandSemantics.js +115 -0
package/dist/src/tools/PowerShellTool/commonParameters.js +27 -0
package/dist/src/tools/PowerShellTool/destructiveCommandWarning.js +92 -0
package/dist/src/tools/PowerShellTool/gitSafety.js +185 -0
package/dist/src/tools/PowerShellTool/modeValidation.js +357 -0
package/dist/src/tools/PowerShellTool/pathValidation.js +1712 -0
package/dist/src/tools/PowerShellTool/powershellPermissions.js +1351 -0
package/dist/src/tools/PowerShellTool/powershellSecurity.js +942 -0
package/dist/src/tools/PowerShellTool/prompt.js +134 -0
package/dist/src/tools/PowerShellTool/readOnlyValidation.js +1633 -0
package/dist/src/tools/PowerShellTool/toolName.js +2 -0
package/dist/src/tools/REPLTool/constants.js +43 -0
package/dist/src/tools/REPLTool/primitiveTools.js +36 -0
package/dist/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.js +112 -0
package/dist/src/tools/ReadMcpResourceTool/UI.js +23 -0
package/dist/src/tools/ReadMcpResourceTool/prompt.js +15 -0
package/dist/src/tools/RemoteTriggerTool/RemoteTriggerTool.js +142 -0
package/dist/src/tools/RemoteTriggerTool/UI.js +11 -0
package/dist/src/tools/RemoteTriggerTool/prompt.js +12 -0
package/dist/src/tools/ScheduleCronTool/CronCreateTool.js +120 -0
package/dist/src/tools/ScheduleCronTool/CronDeleteTool.js +74 -0
package/dist/src/tools/ScheduleCronTool/CronListTool.js +77 -0
package/dist/src/tools/ScheduleCronTool/UI.js +28 -0
package/dist/src/tools/ScheduleCronTool/prompt.js +115 -0
package/dist/src/tools/SendMessageTool/SendMessageTool.js +675 -0
package/dist/src/tools/SendMessageTool/UI.js +23 -0
package/dist/src/tools/SendMessageTool/constants.js +1 -0
package/dist/src/tools/SendMessageTool/prompt.js +47 -0
package/dist/src/tools/SkillTool/SkillTool.js +827 -0
package/dist/src/tools/SkillTool/UI.js +60 -0
package/dist/src/tools/SkillTool/constants.js +1 -0
package/dist/src/tools/SkillTool/prompt.js +184 -0
package/dist/src/tools/SleepTool/prompt.js +14 -0
package/dist/src/tools/SyntheticOutputTool/SyntheticOutputTool.js +138 -0
package/dist/src/tools/TaskCreateTool/TaskCreateTool.js +104 -0
package/dist/src/tools/TaskCreateTool/constants.js +1 -0
package/dist/src/tools/TaskCreateTool/prompt.js +52 -0
package/dist/src/tools/TaskGetTool/TaskGetTool.js +106 -0
package/dist/src/tools/TaskGetTool/constants.js +1 -0
package/dist/src/tools/TaskGetTool/prompt.js +23 -0
package/dist/src/tools/TaskListTool/TaskListTool.js +89 -0
package/dist/src/tools/TaskListTool/constants.js +1 -0
package/dist/src/tools/TaskListTool/prompt.js +44 -0
package/dist/src/tools/TaskOutputTool/TaskOutputTool.js +535 -0
package/dist/src/tools/TaskOutputTool/constants.js +1 -0
package/dist/src/tools/TaskStopTool/TaskStopTool.js +110 -0
package/dist/src/tools/TaskStopTool/UI.js +30 -0
package/dist/src/tools/TaskStopTool/prompt.js +7 -0
package/dist/src/tools/TaskUpdateTool/TaskUpdateTool.js +301 -0
package/dist/src/tools/TaskUpdateTool/constants.js +1 -0
package/dist/src/tools/TaskUpdateTool/prompt.js +76 -0
package/dist/src/tools/TeamCreateTool/TeamCreateTool.js +177 -0
package/dist/src/tools/TeamCreateTool/UI.js +4 -0
package/dist/src/tools/TeamCreateTool/constants.js +1 -0
package/dist/src/tools/TeamCreateTool/prompt.js +113 -0
package/dist/src/tools/TeamDeleteTool/TeamDeleteTool.js +102 -0
package/dist/src/tools/TeamDeleteTool/UI.js +13 -0
package/dist/src/tools/TeamDeleteTool/constants.js +1 -0
package/dist/src/tools/TeamDeleteTool/prompt.js +16 -0
package/dist/src/tools/TodoWriteTool/TodoWriteTool.js +99 -0
package/dist/src/tools/TodoWriteTool/constants.js +1 -0
package/dist/src/tools/TodoWriteTool/prompt.js +181 -0
package/dist/src/tools/ToolSearchTool/ToolSearchTool.js +357 -0
package/dist/src/tools/ToolSearchTool/constants.js +1 -0
package/dist/src/tools/ToolSearchTool/prompt.js +99 -0
package/dist/src/tools/TungstenTool/TungstenLiveMonitor.js +7 -0
package/dist/src/tools/TungstenTool/TungstenTool.js +3 -0
package/dist/src/tools/WebFetchTool/UI.js +30 -0
package/dist/src/tools/WebFetchTool/WebFetchTool.js +246 -0
package/dist/src/tools/WebFetchTool/preapproved.js +155 -0
package/dist/src/tools/WebFetchTool/prompt.js +39 -0
package/dist/src/tools/WebFetchTool/utils.js +381 -0
package/dist/src/tools/WebSearchTool/UI.js +66 -0
package/dist/src/tools/WebSearchTool/WebSearchTool.js +352 -0
package/dist/src/tools/WebSearchTool/prompt.js +32 -0
package/dist/src/tools/WorkflowTool/constants.js +2 -0
package/dist/src/tools/shared/gitOperationTracking.js +220 -0
package/dist/src/tools/shared/spawnMultiAgent.js +805 -0
package/dist/src/tools/testing/TestingPermissionTool.js +72 -0
package/dist/src/tools/utils.js +24 -0
package/dist/src/tools.js +332 -0
package/dist/src/types/command.js +10 -0
package/dist/src/types/connectorText.js +2 -0
package/dist/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.js +673 -0
package/dist/src/types/generated/events_mono/common/v1/auth.js +49 -0
package/dist/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.js +147 -0
package/dist/src/types/generated/google/protobuf/timestamp.js +38 -0
package/dist/src/types/hooks.js +153 -0
package/dist/src/types/ids.js +27 -0
package/dist/src/types/logs.js +11 -0
package/dist/src/types/message.js +1 -0
package/dist/src/types/permissions.js +25 -0
package/dist/src/types/plugin.js +72 -0
package/dist/src/types/textInputTypes.js +20 -0
package/dist/src/types/utils.js +5 -0
package/dist/src/upstreamproxy/relay.js +346 -0
package/dist/src/upstreamproxy/upstreamproxy.js +236 -0
package/dist/src/utils/CircularBuffer.js +75 -0
package/dist/src/utils/Cursor.js +1229 -0
package/dist/src/utils/QueryGuard.js +115 -0
package/dist/src/utils/Shell.js +374 -0
package/dist/src/utils/ShellCommand.js +338 -0
package/dist/src/utils/abortController.js +74 -0
package/dist/src/utils/activityManager.js +127 -0
package/dist/src/utils/advisor.js +77 -0
package/dist/src/utils/agentContext.js +91 -0
package/dist/src/utils/agentId.js +83 -0
package/dist/src/utils/agentSwarmsEnabled.js +37 -0
package/dist/src/utils/agenticSessionSearch.js +255 -0
package/dist/src/utils/analyzeContext.js +848 -0
package/dist/src/utils/ansiToPng.js +259 -0
package/dist/src/utils/ansiToSvg.js +207 -0
package/dist/src/utils/api.js +555 -0
package/dist/src/utils/apiPreconnect.js +62 -0
package/dist/src/utils/appleTerminalBackup.js +95 -0
package/dist/src/utils/argumentSubstitution.js +114 -0
package/dist/src/utils/array.js +12 -0
package/dist/src/utils/asciicast.js +200 -0
package/dist/src/utils/attachments.js +2514 -0
package/dist/src/utils/attribution.js +308 -0
package/dist/src/utils/attributionHooks.js +16 -0
package/dist/src/utils/attributionTrailer.js +16 -0
package/dist/src/utils/auth.js +2022 -0
package/dist/src/utils/authFileDescriptor.js +152 -0
package/dist/src/utils/authPortable.js +14 -0
package/dist/src/utils/autoModeDenials.js +15 -0
package/dist/src/utils/autoRunIssue.js +112 -0
package/dist/src/utils/autoUpdater.js +461 -0
package/dist/src/utils/aws.js +44 -0
package/dist/src/utils/awsAuthStatusManager.js +66 -0
package/dist/src/utils/background/remote/preconditions.js +175 -0
package/dist/src/utils/background/remote/remoteSession.js +53 -0
package/dist/src/utils/backgroundHousekeeping.js +66 -0
package/dist/src/utils/bash/ParsedCommand.js +241 -0
package/dist/src/utils/bash/ShellSnapshot.js +489 -0
package/dist/src/utils/bash/ast.js +2590 -0
package/dist/src/utils/bash/bashParser.js +4355 -0
package/dist/src/utils/bash/bashPipeCommand.js +249 -0
package/dist/src/utils/bash/commands.js +1131 -0
package/dist/src/utils/bash/heredoc.js +647 -0
package/dist/src/utils/bash/parser.js +195 -0
package/dist/src/utils/bash/prefix.js +154 -0
package/dist/src/utils/bash/registry.js +23 -0
package/dist/src/utils/bash/shellCompletion.js +196 -0
package/dist/src/utils/bash/shellPrefix.js +25 -0
package/dist/src/utils/bash/shellQuote.js +253 -0
package/dist/src/utils/bash/shellQuoting.js +106 -0
package/dist/src/utils/bash/specs/alias.js +11 -0
package/dist/src/utils/bash/specs/index.js +16 -0
package/dist/src/utils/bash/specs/nohup.js +10 -0
package/dist/src/utils/bash/specs/pyright.js +88 -0
package/dist/src/utils/bash/specs/sleep.js +10 -0
package/dist/src/utils/bash/specs/srun.js +28 -0
package/dist/src/utils/bash/specs/time.js +10 -0
package/dist/src/utils/bash/specs/timeout.js +17 -0
package/dist/src/utils/bash/treeSitterAnalysis.js +407 -0
package/dist/src/utils/betas.js +332 -0
package/dist/src/utils/billing.js +54 -0
package/dist/src/utils/binaryCheck.js +40 -0
package/dist/src/utils/browser.js +58 -0
package/dist/src/utils/bufferedWriter.js +77 -0
package/dist/src/utils/bundledMode.js +19 -0
package/dist/src/utils/caCerts.js +93 -0
package/dist/src/utils/caCertsConfig.js +77 -0
package/dist/src/utils/cachePaths.js +28 -0
package/dist/src/utils/ccshareResume.js +16 -0
package/dist/src/utils/classifierApprovals.js +66 -0
package/dist/src/utils/classifierApprovalsHook.js +10 -0
package/dist/src/utils/claudeCodeHints.js +142 -0
package/dist/src/utils/claudeDesktop.js +108 -0
package/dist/src/utils/claudeInChrome/chromeNativeHost.js +416 -0
package/dist/src/utils/claudeInChrome/common.js +466 -0
package/dist/src/utils/claudeInChrome/mcpServer.js +237 -0
package/dist/src/utils/claudeInChrome/prompt.js +79 -0
package/dist/src/utils/claudeInChrome/setup.js +320 -0
package/dist/src/utils/claudeInChrome/setupPortable.js +172 -0
package/dist/src/utils/claudeInChrome/toolRendering.js +234 -0
package/dist/src/utils/claudemd.js +1054 -0
package/dist/src/utils/cleanup.js +514 -0
package/dist/src/utils/cleanupRegistry.js +22 -0
package/dist/src/utils/cliArgs.js +53 -0
package/dist/src/utils/cliHighlight.js +45 -0
package/dist/src/utils/codeIndexing.js +149 -0
package/dist/src/utils/collapseBackgroundBashNotifications.js +70 -0
package/dist/src/utils/collapseHookSummaries.js +48 -0
package/dist/src/utils/collapseReadSearch.js +871 -0
package/dist/src/utils/collapseTeammateShutdowns.js +44 -0
package/dist/src/utils/combinedAbortSignal.js +40 -0
package/dist/src/utils/commandLifecycle.js +7 -0
package/dist/src/utils/commitAttribution.js +720 -0
package/dist/src/utils/completionCache.js +138 -0
package/dist/src/utils/computerUse/appNames.js +170 -0
package/dist/src/utils/computerUse/cleanup.js +66 -0
package/dist/src/utils/computerUse/common.js +56 -0
package/dist/src/utils/computerUse/computerUseLock.js +183 -0
package/dist/src/utils/computerUse/drainRunLoop.js +71 -0
package/dist/src/utils/computerUse/escHotkey.js +53 -0
package/dist/src/utils/computerUse/executor.js +480 -0
package/dist/src/utils/computerUse/gates.js +55 -0
package/dist/src/utils/computerUse/hostAdapter.js +62 -0
package/dist/src/utils/computerUse/inputLoader.js +27 -0
package/dist/src/utils/computerUse/mcpServer.js +84 -0
package/dist/src/utils/computerUse/setup.js +42 -0
package/dist/src/utils/computerUse/swiftLoader.js +20 -0
package/dist/src/utils/computerUse/toolRendering.js +100 -0
package/dist/src/utils/computerUse/wrapper.js +318 -0
package/dist/src/utils/concurrentSessions.js +179 -0
package/dist/src/utils/config.js +1084 -0
package/dist/src/utils/configConstants.js +18 -0
package/dist/src/utils/contentArray.js +45 -0
package/dist/src/utils/context.js +185 -0
package/dist/src/utils/contextAnalysis.js +171 -0
package/dist/src/utils/contextSuggestions.js +158 -0
package/dist/src/utils/controlMessageCompat.js +31 -0
package/dist/src/utils/conversationRecovery.js +436 -0
package/dist/src/utils/cron.js +260 -0
package/dist/src/utils/cronJitterConfig.js +62 -0
package/dist/src/utils/cronScheduler.js +388 -0
package/dist/src/utils/cronTasks.js +332 -0
package/dist/src/utils/cronTasksLock.js +164 -0
package/dist/src/utils/crossProjectResume.js +46 -0
package/dist/src/utils/crypto.js +13 -0
package/dist/src/utils/cwd.js +29 -0
package/dist/src/utils/databaseMcp/common.js +48 -0
package/dist/src/utils/databaseMcp/mcpServer.js +2 -0
package/dist/src/utils/databaseMcp/server/connection.js +243 -0
package/dist/src/utils/databaseMcp/server/index.js +1442 -0
package/dist/src/utils/databaseMcp/server/queries.js +683 -0
package/dist/src/utils/databaseMcp/server/types.js +7 -0
package/dist/src/utils/databaseMcp/setup.js +28 -0
package/dist/src/utils/debug.js +220 -0
package/dist/src/utils/debugFilter.js +125 -0
package/dist/src/utils/deepLink/banner.js +103 -0
package/dist/src/utils/deepLink/parseDeepLink.js +138 -0
package/dist/src/utils/deepLink/protocolHandler.js +119 -0
package/dist/src/utils/deepLink/registerProtocol.js +291 -0
package/dist/src/utils/deepLink/terminalLauncher.js +455 -0
package/dist/src/utils/deepLink/terminalPreference.js +51 -0
package/dist/src/utils/desktopDeepLink.js +208 -0
package/dist/src/utils/detectRepository.js +157 -0
package/dist/src/utils/diagLogs.js +74 -0
package/dist/src/utils/diff.js +108 -0
package/dist/src/utils/directMemberMessage.js +34 -0
package/dist/src/utils/displayTags.js +46 -0
package/dist/src/utils/doctorContextWarnings.js +179 -0
package/dist/src/utils/doctorDiagnostic.js +495 -0
package/dist/src/utils/dxt/helpers.js +64 -0
package/dist/src/utils/dxt/zip.js +167 -0
package/dist/src/utils/earlyInput.js +166 -0
package/dist/src/utils/editor.js +163 -0
package/dist/src/utils/effort.js +278 -0
package/dist/src/utils/embeddedTools.js +26 -0
package/dist/src/utils/env.js +358 -0
package/dist/src/utils/envDynamic.js +130 -0
package/dist/src/utils/envUtils.js +192 -0
package/dist/src/utils/envValidation.js +26 -0
package/dist/src/utils/errorLogSink.js +197 -0
package/dist/src/utils/errors.js +207 -0
package/dist/src/utils/eventLoopStallDetector.js +16 -0
package/dist/src/utils/exampleCommands.js +165 -0
package/dist/src/utils/execFileNoThrow.js +93 -0
package/dist/src/utils/execFileNoThrowPortable.js +111 -0
package/dist/src/utils/execSyncWrapper.js +68 -0
package/dist/src/utils/exportRenderer.js +71 -0
package/dist/src/utils/extraUsage.js +19 -0
package/dist/src/utils/fastMode.js +393 -0
package/dist/src/utils/file.js +467 -0
package/dist/src/utils/fileHistory.js +851 -0
package/dist/src/utils/fileOperationAnalytics.js +45 -0
package/dist/src/utils/filePersistence/filePersistence.js +212 -0
package/dist/src/utils/filePersistence/outputsScanner.js +104 -0
package/dist/src/utils/filePersistence/types.js +5 -0
package/dist/src/utils/fileRead.js +81 -0
package/dist/src/utils/fileReadCache.js +78 -0
package/dist/src/utils/fileStateCache.js +99 -0
package/dist/src/utils/findExecutable.js +13 -0
package/dist/src/utils/fingerprint.js +59 -0
package/dist/src/utils/forkedAgent.js +410 -0
package/dist/src/utils/format.js +238 -0
package/dist/src/utils/formatBriefTimestamp.js +72 -0
package/dist/src/utils/fpsTracker.js +34 -0
package/dist/src/utils/frontmatterParser.js +260 -0
package/dist/src/utils/fsOperations.js +834 -0
package/dist/src/utils/fullscreen.js +194 -0
package/dist/src/utils/generatedFiles.js +122 -0
package/dist/src/utils/generators.js +67 -0
package/dist/src/utils/genericProcessUtils.js +155 -0
package/dist/src/utils/getWorktreePaths.js +56 -0
package/dist/src/utils/getWorktreePathsPortable.js +23 -0
package/dist/src/utils/ghPrStatus.js +71 -0
package/dist/src/utils/git/gitConfigParser.js +226 -0
package/dist/src/utils/git/gitFilesystem.js +606 -0
package/dist/src/utils/git/gitignore.js +84 -0
package/dist/src/utils/git.js +725 -0
package/dist/src/utils/gitDiff.js +395 -0
package/dist/src/utils/gitSettings.js +18 -0
package/dist/src/utils/github/ghAuthStatus.js +23 -0
package/dist/src/utils/githubRepoPathMapping.js +135 -0
package/dist/src/utils/glob.js +90 -0
package/dist/src/utils/gracefulShutdown.js +447 -0
package/dist/src/utils/groupToolUses.js +126 -0
package/dist/src/utils/handlePromptSubmit.js +398 -0
package/dist/src/utils/hash.js +46 -0
package/dist/src/utils/headlessProfiler.js +147 -0
package/dist/src/utils/heapDumpService.js +202 -0
package/dist/src/utils/heatmap.js +151 -0
package/dist/src/utils/highlightMatch.js +28 -0
package/dist/src/utils/hooks/AsyncHookRegistry.js +187 -0
package/dist/src/utils/hooks/apiQueryHookHelper.js +77 -0
package/dist/src/utils/hooks/execAgentHook.js +257 -0
package/dist/src/utils/hooks/execHttpHook.js +184 -0
package/dist/src/utils/hooks/execPromptHook.js +171 -0
package/dist/src/utils/hooks/fileChangedWatcher.js +161 -0
package/dist/src/utils/hooks/hookEvents.js +111 -0
package/dist/src/utils/hooks/hookHelpers.js +60 -0
package/dist/src/utils/hooks/hooksConfigManager.js +323 -0
package/dist/src/utils/hooks/hooksConfigSnapshot.js +114 -0
package/dist/src/utils/hooks/hooksSettings.js +204 -0
package/dist/src/utils/hooks/postSamplingHooks.js +39 -0
package/dist/src/utils/hooks/registerFrontmatterHooks.js +47 -0
package/dist/src/utils/hooks/registerSkillHooks.js +40 -0
package/dist/src/utils/hooks/sessionHooks.js +252 -0
package/dist/src/utils/hooks/skillImprovement.js +211 -0
package/dist/src/utils/hooks/ssrfGuard.js +258 -0
package/dist/src/utils/hooks.js +3668 -0
package/dist/src/utils/horizontalScroll.js +108 -0
package/dist/src/utils/http.js +121 -0
package/dist/src/utils/hyperlink.js +28 -0
package/dist/src/utils/iTermBackup.js +48 -0
package/dist/src/utils/ide.js +1235 -0
package/dist/src/utils/idePathConversion.js +66 -0
package/dist/src/utils/idleTimeout.js +44 -0
package/dist/src/utils/imagePaste.js +329 -0
package/dist/src/utils/imageResizer.js +664 -0
package/dist/src/utils/imageStore.js +150 -0
package/dist/src/utils/imageValidation.js +92 -0
package/dist/src/utils/immediateCommand.js +12 -0
package/dist/src/utils/inProcessTeammateHelpers.js +71 -0
package/dist/src/utils/ink.js +20 -0
package/dist/src/utils/intl.js +83 -0
package/dist/src/utils/jetbrains.js +152 -0
package/dist/src/utils/json.js +295 -0
package/dist/src/utils/jsonRead.js +14 -0
package/dist/src/utils/keyboardShortcuts.js +11 -0
package/dist/src/utils/lazySchema.js +8 -0
package/dist/src/utils/listSessionsImpl.js +332 -0
package/dist/src/utils/localInstaller.js +131 -0
package/dist/src/utils/lockfile.js +22 -0
package/dist/src/utils/log.js +280 -0
package/dist/src/utils/logoV2Utils.js +290 -0
package/dist/src/utils/mailbox.js +50 -0
package/dist/src/utils/managedEnv.js +160 -0
package/dist/src/utils/managedEnvConstants.js +200 -0
package/dist/src/utils/markdown.js +300 -0
package/dist/src/utils/markdownConfigLoader.js +494 -0
package/dist/src/utils/mcp/dateTimeParser.js +102 -0
package/dist/src/utils/mcp/elicitationValidation.js +259 -0
package/dist/src/utils/mcpInstructionsDelta.js +97 -0
package/dist/src/utils/mcpOutputStorage.js +159 -0
package/dist/src/utils/mcpValidation.js +165 -0
package/dist/src/utils/mcpWebSocketTransport.js +180 -0
package/dist/src/utils/memoize.js +205 -0
package/dist/src/utils/memory/types.js +9 -0
package/dist/src/utils/memory/versions.js +7 -0
package/dist/src/utils/memoryFileDetection.js +247 -0
package/dist/src/utils/messagePredicates.js +6 -0
package/dist/src/utils/messageQueueManager.js +430 -0
package/dist/src/utils/messages/mappers.js +240 -0
package/dist/src/utils/messages/systemInit.js +74 -0
package/dist/src/utils/messages.js +4273 -0
package/dist/src/utils/model/agent.js +128 -0
package/dist/src/utils/model/aliases.js +21 -0
package/dist/src/utils/model/antModels.js +25 -0
package/dist/src/utils/model/bedrock.js +220 -0
package/dist/src/utils/model/check1mAccess.js +64 -0
package/dist/src/utils/model/configs.js +93 -0
package/dist/src/utils/model/contextWindowUpgradeCheck.js +41 -0
package/dist/src/utils/model/deprecation.js +72 -0
package/dist/src/utils/model/model.js +641 -0
package/dist/src/utils/model/modelAllowlist.js +148 -0
package/dist/src/utils/model/modelCapabilities.js +107 -0
package/dist/src/utils/model/modelOptions.js +645 -0
package/dist/src/utils/model/modelStrings.js +144 -0
package/dist/src/utils/model/modelSupportOverrides.js +40 -0
package/dist/src/utils/model/openrouter.js +51 -0
package/dist/src/utils/model/providerBaseUrls.js +77 -0
package/dist/src/utils/model/providerCatalog.js +81 -0
package/dist/src/utils/model/providerModels.js +334 -0
package/dist/src/utils/model/providerProfiles.js +392 -0
package/dist/src/utils/model/providerProfilesDb.js +886 -0
package/dist/src/utils/model/providerSwitch.js +50 -0
package/dist/src/utils/model/providerWorkspaces.js +36 -0
package/dist/src/utils/model/providers.js +199 -0
package/dist/src/utils/model/validateModel.js +257 -0
package/dist/src/utils/modelCost.js +160 -0
package/dist/src/utils/modifiers.js +35 -0
package/dist/src/utils/mtls.js +134 -0
package/dist/src/utils/nativeInstaller/download.js +370 -0
package/dist/src/utils/nativeInstaller/index.js +8 -0
package/dist/src/utils/nativeInstaller/installer.js +1396 -0
package/dist/src/utils/nativeInstaller/packageManagers.js +258 -0
package/dist/src/utils/nativeInstaller/pidLock.js +347 -0
package/dist/src/utils/notebook.js +176 -0
package/dist/src/utils/objectGroupBy.js +15 -0
package/dist/src/utils/orchestration/store/index.js +6 -0
package/dist/src/utils/orchestration/store/orchestrationDb.js +42 -0
package/dist/src/utils/orchestration/store/providerAgentStore.js +244 -0
package/dist/src/utils/orchestration/store/providerWorkspaceStore.js +125 -0
package/dist/src/utils/orchestration/store/runStore.js +486 -0
package/dist/src/utils/orchestration/store/teamStore.js +285 -0
package/dist/src/utils/orchestration/store/types.js +1 -0
package/dist/src/utils/pasteStore.js +93 -0
package/dist/src/utils/path.js +140 -0
package/dist/src/utils/pdf.js +236 -0
package/dist/src/utils/pdfUtils.js +61 -0
package/dist/src/utils/peerAddress.js +20 -0
package/dist/src/utils/permissions/PermissionMode.js +95 -0
package/dist/src/utils/permissions/PermissionPromptToolResultSchema.js +85 -0
package/dist/src/utils/permissions/PermissionResult.js +11 -0
package/dist/src/utils/permissions/PermissionRule.js +19 -0
package/dist/src/utils/permissions/PermissionUpdate.js +330 -0
package/dist/src/utils/permissions/PermissionUpdateSchema.js +61 -0
package/dist/src/utils/permissions/autoModeState.js +34 -0
package/dist/src/utils/permissions/bashClassifier.js +30 -0
package/dist/src/utils/permissions/bypassPermissionsKillswitch.js +115 -0
package/dist/src/utils/permissions/classifierDecision.js +88 -0
package/dist/src/utils/permissions/classifierShared.js +28 -0
package/dist/src/utils/permissions/dangerousPatterns.js +78 -0
package/dist/src/utils/permissions/denialTracking.js +34 -0
package/dist/src/utils/permissions/filesystem.js +1426 -0
package/dist/src/utils/permissions/getNextPermissionMode.js +74 -0
package/dist/src/utils/permissions/pathValidation.js +351 -0
package/dist/src/utils/permissions/permissionExplainer.js +188 -0
package/dist/src/utils/permissions/permissionRuleParser.js +177 -0
package/dist/src/utils/permissions/permissionSetup.js +1164 -0
package/dist/src/utils/permissions/permissions.js +1106 -0
package/dist/src/utils/permissions/permissionsDb.js +322 -0
package/dist/src/utils/permissions/permissionsLoader.js +217 -0
package/dist/src/utils/permissions/shadowedRuleDetection.js +149 -0
package/dist/src/utils/permissions/shellRuleMatching.js +174 -0
package/dist/src/utils/permissions/yoloClassifier.js +1195 -0
package/dist/src/utils/planModeV2.js +75 -0
package/dist/src/utils/plans.js +334 -0
package/dist/src/utils/platform.js +122 -0
package/dist/src/utils/plugins/addDirPluginSettings.js +53 -0
package/dist/src/utils/plugins/cacheUtils.js +174 -0
package/dist/src/utils/plugins/dependencyResolver.js +244 -0
package/dist/src/utils/plugins/fetchTelemetry.js +108 -0
package/dist/src/utils/plugins/gitAvailability.js +65 -0
package/dist/src/utils/plugins/headlessPluginInstall.js +136 -0
package/dist/src/utils/plugins/hintRecommendation.js +136 -0
package/dist/src/utils/plugins/installCounts.js +218 -0
package/dist/src/utils/plugins/installedPluginsManager.js +1003 -0
package/dist/src/utils/plugins/loadPluginAgents.js +219 -0
package/dist/src/utils/plugins/loadPluginCommands.js +595 -0
package/dist/src/utils/plugins/loadPluginHooks.js +239 -0
package/dist/src/utils/plugins/loadPluginOutputStyles.js +112 -0
package/dist/src/utils/plugins/lspPluginIntegration.js +293 -0
package/dist/src/utils/plugins/lspRecommendation.js +278 -0
package/dist/src/utils/plugins/managedPlugins.js +26 -0
package/dist/src/utils/plugins/marketplaceHelpers.js +470 -0
package/dist/src/utils/plugins/marketplaceManager.js +1939 -0
package/dist/src/utils/plugins/mcpPluginIntegration.js +465 -0
package/dist/src/utils/plugins/mcpbHandler.js +708 -0
package/dist/src/utils/plugins/officialMarketplace.js +21 -0
package/dist/src/utils/plugins/officialMarketplaceGcs.js +195 -0
package/dist/src/utils/plugins/officialMarketplaceStartupCheck.js +338 -0
package/dist/src/utils/plugins/orphanedPluginFilter.js +96 -0
package/dist/src/utils/plugins/parseMarketplaceInput.js +143 -0
package/dist/src/utils/plugins/performStartupChecks.js +66 -0
package/dist/src/utils/plugins/pluginAutoupdate.js +210 -0
package/dist/src/utils/plugins/pluginBlocklist.js +93 -0
package/dist/src/utils/plugins/pluginDirectories.js +172 -0
package/dist/src/utils/plugins/pluginFlagging.js +173 -0
package/dist/src/utils/plugins/pluginIdentifier.js +78 -0
package/dist/src/utils/plugins/pluginInstallationHelpers.js +400 -0
package/dist/src/utils/plugins/pluginLoader.js +2426 -0
package/dist/src/utils/plugins/pluginOptionsStorage.js +311 -0
package/dist/src/utils/plugins/pluginPolicy.js +18 -0
package/dist/src/utils/plugins/pluginStartupCheck.js +261 -0
package/dist/src/utils/plugins/pluginVersioning.js +128 -0
package/dist/src/utils/plugins/reconciler.js +181 -0
package/dist/src/utils/plugins/refresh.js +162 -0
package/dist/src/utils/plugins/schemas.js +1283 -0
package/dist/src/utils/plugins/validatePlugin.js +765 -0
package/dist/src/utils/plugins/walkPluginMarkdown.js +49 -0
package/dist/src/utils/plugins/zipCache.js +346 -0
package/dist/src/utils/plugins/zipCacheAdapters.js +133 -0
package/dist/src/utils/postCommitAttribution.js +16 -0
package/dist/src/utils/powershell/dangerousCmdlets.js +174 -0
package/dist/src/utils/powershell/parser.js +1357 -0
package/dist/src/utils/powershell/staticPrefix.js +277 -0
package/dist/src/utils/preflightChecks.js +147 -0
package/dist/src/utils/privacyLevel.js +49 -0
package/dist/src/utils/process.js +56 -0
package/dist/src/utils/processUserInput/processBashCommand.js +119 -0
package/dist/src/utils/processUserInput/processSlashCommand.js +859 -0
package/dist/src/utils/processUserInput/processTextPrompt.js +68 -0
package/dist/src/utils/processUserInput/processUserInput.js +326 -0
package/dist/src/utils/profilerBase.js +29 -0
package/dist/src/utils/promptCategory.js +39 -0
package/dist/src/utils/promptEditor.js +151 -0
package/dist/src/utils/promptShellExecution.js +119 -0
package/dist/src/utils/proxy.js +347 -0
package/dist/src/utils/queryContext.js +110 -0
package/dist/src/utils/queryHelpers.js +436 -0
package/dist/src/utils/queryProfiler.js +242 -0
package/dist/src/utils/queueProcessor.js +70 -0
package/dist/src/utils/readEditContext.js +176 -0
package/dist/src/utils/readFileInRange.js +278 -0
package/dist/src/utils/releaseNotes.js +304 -0
package/dist/src/utils/renderOptions.js +67 -0
package/dist/src/utils/ripgrep.js +540 -0
package/dist/src/utils/sandbox/sandbox-adapter.js +751 -0
package/dist/src/utils/sandbox/sandbox-ui-utils.js +11 -0
package/dist/src/utils/sanitization.js +72 -0
package/dist/src/utils/screenshotClipboard.js +89 -0
package/dist/src/utils/sdkEventQueue.js +49 -0
package/dist/src/utils/sdkHeapDumpMonitor.js +16 -0
package/dist/src/utils/secureStorage/fallbackStorage.js +59 -0
package/dist/src/utils/secureStorage/index.js +14 -0
package/dist/src/utils/secureStorage/keychainPrefetch.js +91 -0
package/dist/src/utils/secureStorage/macOsKeychainHelpers.js +91 -0
package/dist/src/utils/secureStorage/macOsKeychainStorage.js +192 -0
package/dist/src/utils/secureStorage/plainTextStorage.js +81 -0
package/dist/src/utils/secureStorage/secureStoreDefs.js +1 -0
package/dist/src/utils/secureStorage/sqliteStorage.js +224 -0
package/dist/src/utils/secureStorage/types.js +1 -0
package/dist/src/utils/semanticBoolean.js +23 -0
package/dist/src/utils/semanticNumber.js +34 -0
package/dist/src/utils/semver.js +53 -0
package/dist/src/utils/sequential.js +43 -0
package/dist/src/utils/sessionActivity.js +120 -0
package/dist/src/utils/sessionDataUploader.js +16 -0
package/dist/src/utils/sessionEnvVars.js +18 -0
package/dist/src/utils/sessionEnvironment.js +131 -0
package/dist/src/utils/sessionFileAccessHooks.js +207 -0
package/dist/src/utils/sessionIngressAuth.js +113 -0
package/dist/src/utils/sessionRestore.js +359 -0
package/dist/src/utils/sessionStart.js +165 -0
package/dist/src/utils/sessionState.js +76 -0
package/dist/src/utils/sessionStorage.js +4162 -0
package/dist/src/utils/sessionStoragePortable.js +665 -0
package/dist/src/utils/sessionTitle.js +120 -0
package/dist/src/utils/sessionUrl.js +50 -0
package/dist/src/utils/set.js +50 -0
package/dist/src/utils/settings/allErrors.js +29 -0
package/dist/src/utils/settings/applySettingsChange.js +65 -0
package/dist/src/utils/settings/changeDetector.js +409 -0
package/dist/src/utils/settings/constants.js +166 -0
package/dist/src/utils/settings/internalWrites.js +33 -0
package/dist/src/utils/settings/managedPath.js +29 -0
package/dist/src/utils/settings/mdm/constants.js +62 -0
package/dist/src/utils/settings/mdm/rawRead.js +97 -0
package/dist/src/utils/settings/mdm/settings.js +254 -0
package/dist/src/utils/settings/permissionValidation.js +224 -0
package/dist/src/utils/settings/pluginOnlyPolicy.js +53 -0
package/dist/src/utils/settings/schemaOutput.js +7 -0
package/dist/src/utils/settings/settings.js +844 -0
package/dist/src/utils/settings/settingsCache.js +47 -0
package/dist/src/utils/settings/toolValidationConfig.js +76 -0
package/dist/src/utils/settings/types.js +846 -0
package/dist/src/utils/settings/validateEditTool.js +34 -0
package/dist/src/utils/settings/validation.js +192 -0
package/dist/src/utils/settings/validationTips.js +111 -0
package/dist/src/utils/shell/bashProvider.js +202 -0
package/dist/src/utils/shell/outputLimits.js +7 -0
package/dist/src/utils/shell/powershellDetection.js +96 -0
package/dist/src/utils/shell/powershellProvider.js +104 -0
package/dist/src/utils/shell/prefix.js +246 -0
package/dist/src/utils/shell/readOnlyCommandValidation.js +1776 -0
package/dist/src/utils/shell/resolveDefaultShell.js +13 -0
package/dist/src/utils/shell/shellProvider.js +2 -0
package/dist/src/utils/shell/shellToolUtils.js +21 -0
package/dist/src/utils/shell/specPrefix.js +198 -0
package/dist/src/utils/shellConfig.js +136 -0
package/dist/src/utils/sideQuery.js +195 -0
package/dist/src/utils/sideQuestion.js +121 -0
package/dist/src/utils/signal.js +34 -0
package/dist/src/utils/sinks.js +15 -0
package/dist/src/utils/skills/skillChangeDetector.js +266 -0
package/dist/src/utils/slashCommandParsing.js +46 -0
package/dist/src/utils/sleep.js +72 -0
package/dist/src/utils/sliceAnsi.js +74 -0
package/dist/src/utils/slowOperations.js +323 -0
package/dist/src/utils/standaloneAgent.js +20 -0
package/dist/src/utils/startupProfiler.js +158 -0
package/dist/src/utils/staticRender.js +103 -0
package/dist/src/utils/stats.js +802 -0
package/dist/src/utils/statsCache.js +330 -0
package/dist/src/utils/status.js +552 -0
package/dist/src/utils/statusNoticeDefinitions.js +112 -0
package/dist/src/utils/statusNoticeHelpers.js +15 -0
package/dist/src/utils/stream.js +73 -0
package/dist/src/utils/streamJsonStdoutGuard.js +107 -0
package/dist/src/utils/streamlinedTransform.js +162 -0
package/dist/src/utils/stringUtils.js +202 -0
package/dist/src/utils/subprocessEnv.js +87 -0
package/dist/src/utils/suggestions/commandSuggestions.js +458 -0
package/dist/src/utils/suggestions/directoryCompletion.js +191 -0
package/dist/src/utils/suggestions/shellHistoryCompletion.js +95 -0
package/dist/src/utils/suggestions/skillUsageTracking.js +50 -0
package/dist/src/utils/suggestions/slackChannelSuggestions.js +169 -0
package/dist/src/utils/swarm/It2SetupPrompt.js +386 -0
package/dist/src/utils/swarm/backends/ITermBackend.js +276 -0
package/dist/src/utils/swarm/backends/InProcessBackend.js +237 -0
package/dist/src/utils/swarm/backends/PaneBackendExecutor.js +250 -0
package/dist/src/utils/swarm/backends/TmuxBackend.js +574 -0
package/dist/src/utils/swarm/backends/detection.js +112 -0
package/dist/src/utils/swarm/backends/it2Setup.js +185 -0
package/dist/src/utils/swarm/backends/registry.js +369 -0
package/dist/src/utils/swarm/backends/teammateModeSnapshot.js +68 -0
package/dist/src/utils/swarm/backends/types.js +9 -0
package/dist/src/utils/swarm/constants.js +29 -0
package/dist/src/utils/swarm/inProcessRunner.js +1021 -0
package/dist/src/utils/swarm/leaderPermissionBridge.js +31 -0
package/dist/src/utils/swarm/permissionSync.js +667 -0
package/dist/src/utils/swarm/reconnection.js +82 -0
package/dist/src/utils/swarm/spawnInProcess.js +218 -0
package/dist/src/utils/swarm/spawnUtils.js +123 -0
package/dist/src/utils/swarm/teamHelpers.js +484 -0
package/dist/src/utils/swarm/teammateInit.js +87 -0
package/dist/src/utils/swarm/teammateLayoutManager.js +82 -0
package/dist/src/utils/swarm/teammateModel.js +9 -0
package/dist/src/utils/swarm/teammatePromptAddendum.js +17 -0
package/dist/src/utils/systemDirectories.js +51 -0
package/dist/src/utils/systemPrompt.js +91 -0
package/dist/src/utils/systemPromptType.js +9 -0
package/dist/src/utils/systemTheme.js +108 -0
package/dist/src/utils/systemThemeWatcher.js +16 -0
package/dist/src/utils/taggedId.js +49 -0
package/dist/src/utils/task/TaskOutput.js +320 -0
package/dist/src/utils/task/diskOutput.js +387 -0
package/dist/src/utils/task/framework.js +236 -0
package/dist/src/utils/task/outputFormatting.js +24 -0
package/dist/src/utils/task/sdkProgress.js +24 -0
package/dist/src/utils/tasks.js +672 -0
package/dist/src/utils/teamDiscovery.js +48 -0
package/dist/src/utils/teamMemoryOps.js +67 -0
package/dist/src/utils/teammate.js +237 -0
package/dist/src/utils/teammateContext.js +56 -0
package/dist/src/utils/teammateMailbox.js +793 -0
package/dist/src/utils/telemetry/betaSessionTracing.js +371 -0
package/dist/src/utils/telemetry/bigqueryExporter.js +181 -0
package/dist/src/utils/telemetry/events.js +57 -0
package/dist/src/utils/telemetry/instrumentation.js +617 -0
package/dist/src/utils/telemetry/logger.js +25 -0
package/dist/src/utils/telemetry/perfettoTracing.js +882 -0
package/dist/src/utils/telemetry/pluginTelemetry.js +157 -0
package/dist/src/utils/telemetry/sessionTracing.js +693 -0
package/dist/src/utils/telemetry/skillLoadedEvent.js +26 -0
package/dist/src/utils/telemetryAttributes.js +57 -0
package/dist/src/utils/teleport/api.js +299 -0
package/dist/src/utils/teleport/environmentSelection.js +55 -0
package/dist/src/utils/teleport/environments.js +84 -0
package/dist/src/utils/teleport/gitBundle.js +192 -0
package/dist/src/utils/teleport.js +1041 -0
package/dist/src/utils/tempfile.js +26 -0
package/dist/src/utils/terminal.js +105 -0
package/dist/src/utils/terminalPanel.js +155 -0
package/dist/src/utils/textHighlighting.js +113 -0
package/dist/src/utils/theme.js +525 -0
package/dist/src/utils/thinking.js +130 -0
package/dist/src/utils/timeouts.js +35 -0
package/dist/src/utils/tmuxSocket.js +373 -0
package/dist/src/utils/todo/types.js +9 -0
package/dist/src/utils/tokenBudget.js +62 -0
package/dist/src/utils/tokens.js +223 -0
package/dist/src/utils/toolErrors.js +101 -0
package/dist/src/utils/toolPool.js +63 -0
package/dist/src/utils/toolResultStorage.js +769 -0
package/dist/src/utils/toolSchemaCache.js +7 -0
package/dist/src/utils/toolSearch.js +551 -0
package/dist/src/utils/transcriptSearch.js +200 -0
package/dist/src/utils/treeify.js +111 -0
package/dist/src/utils/truncate.js +164 -0
package/dist/src/utils/udsClient.js +16 -0
package/dist/src/utils/udsMessaging.js +16 -0
package/dist/src/utils/ultraplan/ccrSession.js +264 -0
package/dist/src/utils/ultraplan/keyword.js +122 -0
package/dist/src/utils/ultraplan/prompt.txt +1 -0
package/dist/src/utils/unaryLogging.js +16 -0
package/dist/src/utils/undercover.js +89 -0
package/dist/src/utils/user.js +138 -0
package/dist/src/utils/userAgent.js +13 -0
package/dist/src/utils/userPromptKeywords.js +21 -0
package/dist/src/utils/uuid.js +22 -0
package/dist/src/utils/warningHandler.js +97 -0
package/dist/src/utils/which.js +75 -0
package/dist/src/utils/windowsPaths.js +150 -0
package/dist/src/utils/withResolvers.js +13 -0
package/dist/src/utils/words.js +793 -0
package/dist/src/utils/workloadContext.js +42 -0
package/dist/src/utils/worktree.js +1145 -0
package/dist/src/utils/worktreeModeEnabled.js +11 -0
package/dist/src/utils/xdg.js +52 -0
package/dist/src/utils/xml.js +15 -0
package/dist/src/utils/yaml.js +16 -0
package/dist/src/utils/zodToJsonSchema.js +19 -0
package/dist/src/vim/motions.js +73 -0
package/dist/src/vim/operators.js +401 -0
package/dist/src/vim/textObjects.js +153 -0
package/dist/src/vim/transitions.js +340 -0
package/dist/src/vim/types.js +93 -0
package/dist/src/voice/voiceModeEnabled.js +48 -0
package/dist/src/whatsapp/bridge.js +267 -0
package/dist/src/whatsapp/config.js +153 -0
package/dist/src/whatsapp/markdown.js +37 -0
package/dist/src/whatsapp/mirror.js +74 -0
package/dist/src/whatsapp/session.js +142 -0
package/package.json +2 -1

package/dist/src/services/mcp/auth.js ADDED Viewed

@@ -0,0 +1,1882 @@
+import { discoverAuthorizationServerMetadata, discoverOAuthServerInfo, auth as sdkAuth, refreshAuthorization as sdkRefreshAuthorization, } from '@modelcontextprotocol/sdk/client/auth.js';
+import { InvalidGrantError, OAuthError, ServerError, TemporarilyUnavailableError, TooManyRequestsError, } from '@modelcontextprotocol/sdk/server/auth/errors.js';
+import { OAuthErrorResponseSchema, OAuthMetadataSchema, OAuthTokensSchema, } from '@modelcontextprotocol/sdk/shared/auth.js';
+import axios from 'axios';
+import { createHash, randomBytes, randomUUID } from 'crypto';
+import { mkdir } from 'fs/promises';
+import { createServer } from 'http';
+import { join } from 'path';
+import { parse } from 'url';
+import xss from 'xss';
+import { MCP_CLIENT_METADATA_URL } from '../../constants/oauth.js';
+import { openBrowser } from '../../utils/browser.js';
+import { getClaudeConfigHomeDir } from '../../utils/envUtils.js';
+import { errorMessage, getErrnoCode } from '../../utils/errors.js';
+import * as lockfile from '../../utils/lockfile.js';
+import { logMCPDebug } from '../../utils/log.js';
+import { getPlatform } from '../../utils/platform.js';
+import { getSecureStorage } from '../../utils/secureStorage/index.js';
+import { clearKeychainCache } from '../../utils/secureStorage/macOsKeychainHelpers.js';
+import { sleep } from '../../utils/sleep.js';
+import { jsonParse, jsonStringify } from '../../utils/slowOperations.js';
+import { logEvent } from '../analytics/index.js';
+import { buildRedirectUri, findAvailablePort } from './oauthPort.js';
+import { getLoggingSafeMcpBaseUrl } from './utils.js';
+import { performCrossAppAccess, XaaTokenExchangeError } from './xaa.js';
+import { acquireIdpIdToken, clearIdpIdToken, discoverOidc, getCachedIdpIdToken, getIdpClientSecret, getXaaIdpSettings, isXaaEnabled, } from './xaaIdpLogin.js';
+/**
+ * Timeout for individual OAuth requests (metadata discovery, token refresh, etc.)
+ */
+const AUTH_REQUEST_TIMEOUT_MS = 30000;
+const MAX_LOCK_RETRIES = 5;
+/**
+ * OAuth query parameters that should be redacted from logs.
+ * These contain sensitive values that could enable CSRF or session fixation attacks.
+ */
+const SENSITIVE_OAUTH_PARAMS = [
+    'state',
+    'nonce',
+    'code_challenge',
+    'code_verifier',
+    'code',
+];
+/**
+ * Redacts sensitive OAuth query parameters from a URL for safe logging.
+ * Prevents exposure of state, nonce, code_challenge, code_verifier, and authorization codes.
+ */
+function redactSensitiveUrlParams(url) {
+    try {
+        const parsedUrl = new URL(url);
+        for (const param of SENSITIVE_OAUTH_PARAMS) {
+            if (parsedUrl.searchParams.has(param)) {
+                parsedUrl.searchParams.set(param, '[REDACTED]');
+            }
+        }
+        return parsedUrl.toString();
+    }
+    catch {
+        // Return as-is if not a valid URL
+        return url;
+    }
+}
+/**
+ * Some OAuth servers (notably Slack) return HTTP 200 for all responses,
+ * signaling errors via the JSON body instead. The SDK's executeTokenRequest
+ * only calls parseErrorResponse when !response.ok, so a 200 with
+ * {"error":"invalid_grant"} gets fed to OAuthTokensSchema.parse() and
+ * surfaces as a ZodError — which the refresh retry/invalidation logic
+ * treats as opaque request_failed instead of invalid_grant.
+ *
+ * This wrapper peeks at 2xx POST response bodies and rewrites ones that
+ * match OAuthErrorResponseSchema (but not OAuthTokensSchema) to a 400
+ * Response, so the SDK's normal error-class mapping applies. The same
+ * fetchFn is also used for DCR POSTs, but DCR success responses have no
+ * {error: string} field so they don't match the rewrite condition.
+ *
+ * Slack uses non-standard error codes (invalid_refresh_token observed live
+ * at oauth.v2.user.access; expired_refresh_token/token_expired per Slack's
+ * token rotation docs) where RFC 6749 specifies invalid_grant. We normalize
+ * those so OAUTH_ERRORS['invalid_grant'] → InvalidGrantError matches and
+ * token invalidation fires correctly.
+ */
+const NONSTANDARD_INVALID_GRANT_ALIASES = new Set([
+    'invalid_refresh_token',
+    'expired_refresh_token',
+    'token_expired',
+]);
+/* eslint-disable eslint-plugin-n/no-unsupported-features/node-builtins --
+ * Response has been stable in Node since 18; the rule flags it as
+ * experimental-until-21 which is incorrect. Pattern matches existing
+ * createAuthFetch suppressions in this file. */
+export async function normalizeOAuthErrorBody(response) {
+    if (!response.ok) {
+        return response;
+    }
+    const text = await response.text();
+    let parsed;
+    try {
+        parsed = jsonParse(text);
+    }
+    catch {
+        return new Response(text, response);
+    }
+    if (OAuthTokensSchema.safeParse(parsed).success) {
+        return new Response(text, response);
+    }
+    const result = OAuthErrorResponseSchema.safeParse(parsed);
+    if (!result.success) {
+        return new Response(text, response);
+    }
+    const normalized = NONSTANDARD_INVALID_GRANT_ALIASES.has(result.data.error)
+        ? {
+            error: 'invalid_grant',
+            error_description: result.data.error_description ??
+                `Server returned non-standard error code: ${result.data.error}`,
+        }
+        : result.data;
+    return new Response(jsonStringify(normalized), {
+        status: 400,
+        statusText: 'Bad Request',
+        headers: response.headers,
+    });
+}
+/* eslint-enable eslint-plugin-n/no-unsupported-features/node-builtins */
+/**
+ * Creates a fetch function with a fresh 30-second timeout for each OAuth request.
+ * Used by ClaudeAuthProvider for metadata discovery and token refresh.
+ * Prevents stale timeout signals from affecting auth operations.
+ */
+function createAuthFetch() {
+    return async (url, init) => {
+        const timeoutSignal = AbortSignal.timeout(AUTH_REQUEST_TIMEOUT_MS);
+        const isPost = init?.method?.toUpperCase() === 'POST';
+        // No existing signal - just use timeout
+        if (!init?.signal) {
+            // eslint-disable-next-line eslint-plugin-n/no-unsupported-features/node-builtins
+            const response = await fetch(url, { ...init, signal: timeoutSignal });
+            return isPost ? normalizeOAuthErrorBody(response) : response;
+        }
+        // Combine signals: abort when either fires
+        const controller = new AbortController();
+        const abort = () => controller.abort();
+        init.signal.addEventListener('abort', abort);
+        timeoutSignal.addEventListener('abort', abort);
+        // Cleanup to prevent event listener leaks after fetch completes
+        const cleanup = () => {
+            init.signal?.removeEventListener('abort', abort);
+            timeoutSignal.removeEventListener('abort', abort);
+        };
+        if (init.signal.aborted) {
+            controller.abort();
+        }
+        try {
+            // eslint-disable-next-line eslint-plugin-n/no-unsupported-features/node-builtins
+            const response = await fetch(url, { ...init, signal: controller.signal });
+            cleanup();
+            return isPost ? normalizeOAuthErrorBody(response) : response;
+        }
+        catch (error) {
+            cleanup();
+            throw error;
+        }
+    };
+}
+/**
+ * Fetches authorization server metadata, using a configured metadata URL if available,
+ * otherwise performing RFC 9728 → RFC 8414 discovery via the SDK.
+ *
+ * Discovery order when no configured URL:
+ * 1. RFC 9728: probe /.well-known/oauth-protected-resource on the MCP server,
+ *    read authorization_servers[0], then RFC 8414 against that URL.
+ * 2. Fallback: RFC 8414 directly against the MCP server URL (path-aware). Covers
+ *    legacy servers that co-host auth metadata at /.well-known/oauth-authorization-server/{path}
+ *    without implementing RFC 9728. The SDK's own fallback strips the path, so this
+ *    preserves the pre-existing path-aware probe for backward compatibility.
+ *
+ * Note: configuredMetadataUrl is user-controlled via .mcp.json. Project-scoped MCP
+ * servers require user approval before connecting (same trust level as the MCP server
+ * URL itself). The HTTPS requirement here is defense-in-depth beyond schema validation
+ * — RFC 8414 mandates OAuth metadata retrieval over TLS.
+ */
+async function fetchAuthServerMetadata(serverName, serverUrl, configuredMetadataUrl, fetchFn, resourceMetadataUrl) {
+    if (configuredMetadataUrl) {
+        if (!configuredMetadataUrl.startsWith('https://')) {
+            throw new Error(`authServerMetadataUrl must use https:// (got: ${configuredMetadataUrl})`);
+        }
+        const authFetch = fetchFn ?? createAuthFetch();
+        const response = await authFetch(configuredMetadataUrl, {
+            headers: { Accept: 'application/json' },
+        });
+        if (response.ok) {
+            return OAuthMetadataSchema.parse(await response.json());
+        }
+        throw new Error(`HTTP ${response.status} fetching configured auth server metadata from ${configuredMetadataUrl}`);
+    }
+    try {
+        const { authorizationServerMetadata } = await discoverOAuthServerInfo(serverUrl, {
+            ...(fetchFn && { fetchFn }),
+            ...(resourceMetadataUrl && { resourceMetadataUrl }),
+        });
+        if (authorizationServerMetadata) {
+            return authorizationServerMetadata;
+        }
+    }
+    catch (err) {
+        // Any error from the RFC 9728 → RFC 8414 chain (5xx from the root or
+        // resolved-AS probe, schema parse failure, network error) — fall through
+        // to the legacy path-aware retry.
+        logMCPDebug(serverName, `RFC 9728 discovery failed, falling back: ${errorMessage(err)}`);
+    }
+    // Fallback only when the URL has a path component; for root URLs the SDK's
+    // own fallback already probed the same endpoints.
+    const url = new URL(serverUrl);
+    if (url.pathname === '/') {
+        return undefined;
+    }
+    return discoverAuthorizationServerMetadata(url, {
+        ...(fetchFn && { fetchFn }),
+    });
+}
+export class AuthenticationCancelledError extends Error {
+    constructor() {
+        super('Authentication was cancelled');
+        this.name = 'AuthenticationCancelledError';
+    }
+}
+/**
+ * Generates a unique key for server credentials based on both name and config hash
+ * This prevents credentials from being reused across different servers
+ * with the same name or different configurations
+ */
+export function getServerKey(serverName, serverConfig) {
+    const configJson = jsonStringify({
+        type: serverConfig.type,
+        url: serverConfig.url,
+        headers: serverConfig.headers || {},
+    });
+    const hash = createHash('sha256')
+        .update(configJson)
+        .digest('hex')
+        .substring(0, 16);
+    return `${serverName}|${hash}`;
+}
+/**
+ * True when we have probed this server before (OAuth discovery state is
+ * stored) but hold no credentials to try. A connection attempt in this
+ * state is guaranteed to 401 — the only way out is the user running
+ * /mcp to authenticate.
+ */
+export function hasMcpDiscoveryButNoToken(serverName, serverConfig) {
+    // XAA servers can silently re-auth via cached id_token even without an
+    // access/refresh token — tokens() fires the xaaRefresh path. Skipping the
+    // connection here would make that auto-auth branch unreachable after
+    // invalidateCredentials('tokens') clears the stored tokens.
+    if (isXaaEnabled() && serverConfig.oauth?.xaa) {
+        return false;
+    }
+    const serverKey = getServerKey(serverName, serverConfig);
+    const entry = getSecureStorage().read()?.mcpOAuth?.[serverKey];
+    return entry !== undefined && !entry.accessToken && !entry.refreshToken;
+}
+/**
+ * Revokes a single token on the OAuth server.
+ *
+ * Per RFC 7009, public clients (like Context Code) should authenticate by including
+ * client_id in the request body, NOT via an Authorization header. The Bearer token
+ * in an Authorization header is meant for resource owner authentication, not client
+ * authentication.
+ *
+ * However, the MCP spec doesn't explicitly define token revocation behavior, so some
+ * servers may not be RFC 7009 compliant. As defensive programming, we:
+ * 1. First try the RFC 7009 compliant approach (client_id in body, no Authorization header)
+ * 2. If we get a 401, retry with Bearer auth as a fallback for non-compliant servers
+ *
+ * This fallback should rarely be needed - most servers either accept the compliant
+ * approach or ignore unexpected headers.
+ */
+async function revokeToken({ serverName, endpoint, token, tokenTypeHint, clientId, clientSecret, accessToken, authMethod = 'client_secret_basic', }) {
+    const params = new URLSearchParams();
+    params.set('token', token);
+    params.set('token_type_hint', tokenTypeHint);
+    const headers = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+    };
+    // RFC 7009 §2.1 requires client auth per RFC 6749 §2.3. XAA always uses a
+    // confidential client at the AS — strict ASes (Okta/Stytch) reject public-
+    // client revocation of confidential-client tokens.
+    if (clientId && clientSecret) {
+        if (authMethod === 'client_secret_post') {
+            params.set('client_id', clientId);
+            params.set('client_secret', clientSecret);
+        }
+        else {
+            const basic = Buffer.from(`${encodeURIComponent(clientId)}:${encodeURIComponent(clientSecret)}`).toString('base64');
+            headers.Authorization = `Basic ${basic}`;
+        }
+    }
+    else if (clientId) {
+        params.set('client_id', clientId);
+    }
+    else {
+        logMCPDebug(serverName, `No client_id available for ${tokenTypeHint} revocation - server may reject`);
+    }
+    try {
+        await axios.post(endpoint, params, { headers });
+        logMCPDebug(serverName, `Successfully revoked ${tokenTypeHint}`);
+    }
+    catch (error) {
+        // Fallback for non-RFC-7009-compliant servers that require Bearer auth
+        if (axios.isAxiosError(error) &&
+            error.response?.status === 401 &&
+            accessToken) {
+            logMCPDebug(serverName, `Got 401, retrying ${tokenTypeHint} revocation with Bearer auth`);
+            // RFC 6749 §2.3.1: must not send more than one auth method. The retry
+            // switches to Bearer — clear any client creds from the body.
+            params.delete('client_id');
+            params.delete('client_secret');
+            await axios.post(endpoint, params, {
+                headers: { ...headers, Authorization: `Bearer ${accessToken}` },
+            });
+            logMCPDebug(serverName, `Successfully revoked ${tokenTypeHint} with Bearer auth`);
+        }
+        else {
+            throw error;
+        }
+    }
+}
+/**
+ * Revokes tokens on the OAuth server if a revocation endpoint is available.
+ * Per RFC 7009, we revoke the refresh token first (the long-lived credential),
+ * then the access token. Revoking the refresh token prevents generation of new
+ * access tokens and many servers implicitly invalidate associated access tokens.
+ */
+export async function revokeServerTokens(serverName, serverConfig, { preserveStepUpState = false } = {}) {
+    const storage = getSecureStorage();
+    const existingData = storage.read();
+    if (!existingData?.mcpOAuth)
+        return;
+    const serverKey = getServerKey(serverName, serverConfig);
+    const tokenData = existingData.mcpOAuth[serverKey];
+    // Attempt server-side revocation if there are tokens to revoke (best-effort)
+    if (tokenData?.accessToken || tokenData?.refreshToken) {
+        try {
+            // For XAA (and any PRM-discovered auth), the AS is at a different host
+            // than the MCP URL — use the persisted discoveryState if we have it.
+            const asUrl = tokenData.discoveryState?.authorizationServerUrl ?? serverConfig.url;
+            const metadata = await fetchAuthServerMetadata(serverName, asUrl, serverConfig.oauth?.authServerMetadataUrl);
+            if (!metadata) {
+                logMCPDebug(serverName, 'No OAuth metadata found');
+            }
+            else {
+                const revocationEndpoint = 'revocation_endpoint' in metadata
+                    ? metadata.revocation_endpoint
+                    : null;
+                if (!revocationEndpoint) {
+                    logMCPDebug(serverName, 'Server does not support token revocation');
+                }
+                else {
+                    const revocationEndpointStr = String(revocationEndpoint);
+                    // RFC 7009 defines revocation_endpoint_auth_methods_supported
+                    // separately from the token endpoint's list; prefer it if present.
+                    const authMethods = ('revocation_endpoint_auth_methods_supported' in metadata
+                        ? metadata.revocation_endpoint_auth_methods_supported
+                        : undefined) ??
+                        ('token_endpoint_auth_methods_supported' in metadata
+                            ? metadata.token_endpoint_auth_methods_supported
+                            : undefined);
+                    const authMethod = authMethods &&
+                        !authMethods.includes('client_secret_basic') &&
+                        authMethods.includes('client_secret_post')
+                        ? 'client_secret_post'
+                        : 'client_secret_basic';
+                    logMCPDebug(serverName, `Revoking tokens via ${revocationEndpointStr} (${authMethod})`);
+                    // Revoke refresh token first (more important - prevents future access token generation)
+                    if (tokenData.refreshToken) {
+                        try {
+                            await revokeToken({
+                                serverName,
+                                endpoint: revocationEndpointStr,
+                                token: tokenData.refreshToken,
+                                tokenTypeHint: 'refresh_token',
+                                clientId: tokenData.clientId,
+                                clientSecret: tokenData.clientSecret,
+                                accessToken: tokenData.accessToken,
+                                authMethod,
+                            });
+                        }
+                        catch (error) {
+                            // Log but continue
+                            logMCPDebug(serverName, `Failed to revoke refresh token: ${errorMessage(error)}`);
+                        }
+                    }
+                    // Then revoke access token (may already be invalidated by refresh token revocation)
+                    if (tokenData.accessToken) {
+                        try {
+                            await revokeToken({
+                                serverName,
+                                endpoint: revocationEndpointStr,
+                                token: tokenData.accessToken,
+                                tokenTypeHint: 'access_token',
+                                clientId: tokenData.clientId,
+                                clientSecret: tokenData.clientSecret,
+                                accessToken: tokenData.accessToken,
+                                authMethod,
+                            });
+                        }
+                        catch (error) {
+                            logMCPDebug(serverName, `Failed to revoke access token: ${errorMessage(error)}`);
+                        }
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Log error but don't throw - revocation is best-effort
+            logMCPDebug(serverName, `Failed to revoke tokens: ${errorMessage(error)}`);
+        }
+    }
+    else {
+        logMCPDebug(serverName, 'No tokens to revoke');
+    }
+    // Always clear local tokens, regardless of server-side revocation result.
+    clearServerTokensFromLocalStorage(serverName, serverConfig);
+    // When re-authenticating, preserve step-up auth state (scope + discovery)
+    // so the next performMCPOAuthFlow can use cached scope instead of
+    // re-probing. For "Clear Auth" (default), wipe everything.
+    if (preserveStepUpState &&
+        tokenData &&
+        (tokenData.stepUpScope || tokenData.discoveryState)) {
+        const freshData = storage.read() || {};
+        const updatedData = {
+            ...freshData,
+            mcpOAuth: {
+                ...freshData.mcpOAuth,
+                [serverKey]: {
+                    ...freshData.mcpOAuth?.[serverKey],
+                    serverName,
+                    serverUrl: serverConfig.url,
+                    accessToken: freshData.mcpOAuth?.[serverKey]?.accessToken ?? '',
+                    expiresAt: freshData.mcpOAuth?.[serverKey]?.expiresAt ?? 0,
+                    ...(tokenData.stepUpScope
+                        ? { stepUpScope: tokenData.stepUpScope }
+                        : {}),
+                    ...(tokenData.discoveryState
+                        ? {
+                            // Strip legacy bulky metadata fields here too so users with
+                            // existing overflowed blobs recover on next re-auth (#30337).
+                            discoveryState: {
+                                authorizationServerUrl: tokenData.discoveryState.authorizationServerUrl,
+                                resourceMetadataUrl: tokenData.discoveryState.resourceMetadataUrl,
+                            },
+                        }
+                        : {}),
+                },
+            },
+        };
+        storage.update(updatedData);
+        logMCPDebug(serverName, 'Preserved step-up auth state across revocation');
+    }
+}
+export function clearServerTokensFromLocalStorage(serverName, serverConfig) {
+    const storage = getSecureStorage();
+    const existingData = storage.read();
+    if (!existingData?.mcpOAuth)
+        return;
+    const serverKey = getServerKey(serverName, serverConfig);
+    if (existingData.mcpOAuth[serverKey]) {
+        delete existingData.mcpOAuth[serverKey];
+        storage.update(existingData);
+        logMCPDebug(serverName, 'Cleared stored tokens');
+    }
+}
+/**
+ * XAA (Cross-App Access) auth.
+ *
+ * One IdP browser login is reused across all XAA-configured MCP servers:
+ * 1. Acquire an id_token from the IdP (cached in keychain by issuer; if
+ *    missing/expired, runs a standard OIDC authorization_code+PKCE flow
+ *    — this is the one browser pop)
+ * 2. Run the RFC 8693 + RFC 7523 exchange (no browser)
+ * 3. Save tokens to the same keychain slot as normal OAuth
+ *
+ * IdP connection details come from settings.xaaIdp (configured once via
+ * `claude mcp xaa setup`). Per-server config is just `oauth.xaa: true`
+ * plus the AS clientId/clientSecret.
+ *
+ * No silent fallback: if `oauth.xaa` is set, XAA is the only path.
+ * All errors are actionable — they tell the user what to run.
+ */
+async function performMCPXaaAuth(serverName, serverConfig, onAuthorizationUrl, abortSignal, skipBrowserOpen) {
+    if (!serverConfig.oauth?.xaa) {
+        throw new Error('XAA: oauth.xaa must be set'); // guarded by caller
+    }
+    // IdP config comes from user-level settings, not per-server.
+    const idp = getXaaIdpSettings();
+    if (!idp) {
+        throw new Error("XAA: no IdP connection configured. Run 'claude mcp xaa setup --issuer <url> --client-id <id> --client-secret' to configure.");
+    }
+    const clientId = serverConfig.oauth?.clientId;
+    if (!clientId) {
+        throw new Error(`XAA: server '${serverName}' needs an AS client_id. Re-add with --client-id.`);
+    }
+    const clientConfig = getMcpClientConfig(serverName, serverConfig);
+    const clientSecret = clientConfig?.clientSecret;
+    if (!clientSecret) {
+        // Diagnostic context for serverKey mismatch debugging. Only computed
+        // on the error path so there's no perf cost on success.
+        const wantedKey = getServerKey(serverName, serverConfig);
+        const haveKeys = Object.keys(getSecureStorage().read()?.mcpOAuthClientConfig ?? {});
+        const headersForLogging = Object.fromEntries(Object.entries(serverConfig.headers ?? {}).map(([k, v]) => k.toLowerCase() === 'authorization' ? [k, '[REDACTED]'] : [k, v]));
+        logMCPDebug(serverName, `XAA: secret lookup miss. wanted=${wantedKey} have=[${haveKeys.join(', ')}] configHeaders=${jsonStringify(headersForLogging)}`);
+        throw new Error(`XAA: AS client secret not found for '${serverName}'. Re-add with --client-secret.`);
+    }
+    logMCPDebug(serverName, 'XAA: starting cross-app access flow');
+    // IdP client secret lives in a separate keychain slot (keyed by IdP issuer),
+    // NOT the AS secret — different trust domain. Optional: if absent, PKCE-only.
+    const idpClientSecret = getIdpClientSecret(idp.issuer);
+    // Acquire id_token (cached or via one OIDC browser pop at the IdP).
+    // Peek the cache first so we can report idTokenCacheHit in analytics before
+    // acquireIdpIdToken potentially writes a fresh one.
+    const idTokenCacheHit = getCachedIdpIdToken(idp.issuer) !== undefined;
+    let failureStage = 'idp_login';
+    try {
+        let idToken;
+        try {
+            idToken = await acquireIdpIdToken({
+                idpIssuer: idp.issuer,
+                idpClientId: idp.clientId,
+                idpClientSecret,
+                callbackPort: idp.callbackPort,
+                onAuthorizationUrl,
+                skipBrowserOpen,
+                abortSignal,
+            });
+        }
+        catch (e) {
+            if (abortSignal?.aborted)
+                throw new AuthenticationCancelledError();
+            throw e;
+        }
+        // Discover the IdP's token endpoint for the RFC 8693 exchange.
+        failureStage = 'discovery';
+        const oidc = await discoverOidc(idp.issuer);
+        // Run the exchange. performCrossAppAccess throws XaaTokenExchangeError
+        // for the IdP leg and "jwt-bearer grant failed" for the AS leg.
+        failureStage = 'token_exchange';
+        let tokens;
+        try {
+            tokens = await performCrossAppAccess(serverConfig.url, {
+                clientId,
+                clientSecret,
+                idpClientId: idp.clientId,
+                idpClientSecret,
+                idpIdToken: idToken,
+                idpTokenEndpoint: oidc.token_endpoint,
+            }, serverName, abortSignal);
+        }
+        catch (e) {
+            if (abortSignal?.aborted)
+                throw new AuthenticationCancelledError();
+            const msg = errorMessage(e);
+            // If the IdP says the id_token is bad, drop it from the cache so the
+            // next attempt does a fresh IdP login. XaaTokenExchangeError carries
+            // shouldClearIdToken so we key off OAuth semantics (4xx / invalid body
+            // → clear; 5xx IdP outage → preserve) rather than substring matching.
+            if (e instanceof XaaTokenExchangeError) {
+                if (e.shouldClearIdToken) {
+                    clearIdpIdToken(idp.issuer);
+                    logMCPDebug(serverName, 'XAA: cleared cached id_token after token-exchange failure');
+                }
+            }
+            else if (msg.includes('PRM discovery failed') ||
+                msg.includes('AS metadata discovery failed') ||
+                msg.includes('no authorization server supports jwt-bearer')) {
+                // performCrossAppAccess runs PRM + AS discovery before the actual
+                // exchange — don't attribute their failures to 'token_exchange'.
+                failureStage = 'discovery';
+            }
+            else if (msg.includes('jwt-bearer')) {
+                failureStage = 'jwt_bearer';
+            }
+            throw e;
+        }
+        // Save tokens via the same storage path as normal OAuth. We write directly
+        // (instead of ClaudeAuthProvider.saveTokens) to avoid instantiating the
+        // whole provider just to write the same keys.
+        const storage = getSecureStorage();
+        const existingData = storage.read() || {};
+        const serverKey = getServerKey(serverName, serverConfig);
+        const prev = existingData.mcpOAuth?.[serverKey];
+        storage.update({
+            ...existingData,
+            mcpOAuth: {
+                ...existingData.mcpOAuth,
+                [serverKey]: {
+                    ...prev,
+                    serverName,
+                    serverUrl: serverConfig.url,
+                    accessToken: tokens.access_token,
+                    // AS may omit refresh_token on jwt-bearer — preserve any existing one
+                    refreshToken: tokens.refresh_token ?? prev?.refreshToken,
+                    expiresAt: Date.now() + (tokens.expires_in || 3600) * 1000,
+                    scope: tokens.scope,
+                    clientId,
+                    clientSecret,
+                    // Persist the AS URL so _doRefresh and revokeServerTokens can locate
+                    // the token/revocation endpoints when MCP URL ≠ AS URL (the common
+                    // XAA topology).
+                    discoveryState: {
+                        authorizationServerUrl: tokens.authorizationServerUrl,
+                    },
+                },
+            },
+        });
+        logMCPDebug(serverName, 'XAA: tokens saved');
+        logEvent('tengu_mcp_oauth_flow_success', {
+            authMethod: 'xaa',
+            idTokenCacheHit,
+        });
+    }
+    catch (e) {
+        // User-initiated cancel (Esc during IdP browser pop) isn't a failure.
+        if (e instanceof AuthenticationCancelledError) {
+            throw e;
+        }
+        logEvent('tengu_mcp_oauth_flow_failure', {
+            authMethod: 'xaa',
+            xaaFailureStage: failureStage,
+            idTokenCacheHit,
+        });
+        throw e;
+    }
+}
+export async function performMCPOAuthFlow(serverName, serverConfig, onAuthorizationUrl, abortSignal, options) {
+    // XAA (SEP-990): if configured, bypass the per-server consent dance.
+    // If the IdP id_token isn't cached, this pops the browser once at the IdP
+    // (shared across all XAA servers for that issuer). Subsequent servers hit
+    // the cache and are silent. Tokens land in the same keychain slot, so the
+    // rest of CC's transport wiring (ClaudeAuthProvider.tokens() in client.ts)
+    // works unchanged.
+    //
+    // No silent fallback: if `oauth.xaa` is set, XAA is the only path. We
+    // never fall through to the consent flow — that would be surprising (the
+    // user explicitly asked for XAA) and security-relevant (consent flow may
+    // have a different trust/scope posture than the org's IdP policy).
+    //
+    // Servers with `oauth.xaa` but CLAUDE_CODE_ENABLE_XAA unset hard-fail with
+    // actionable copy rather than silently degrade to consent.
+    if (serverConfig.oauth?.xaa) {
+        if (!isXaaEnabled()) {
+            throw new Error(`XAA is not enabled (set CLAUDE_CODE_ENABLE_XAA=1). Remove 'oauth.xaa' from server '${serverName}' to use the standard consent flow.`);
+        }
+        logEvent('tengu_mcp_oauth_flow_start', {
+            isOAuthFlow: true,
+            authMethod: 'xaa',
+            transportType: serverConfig.type,
+            ...(getLoggingSafeMcpBaseUrl(serverConfig)
+                ? {
+                    mcpServerBaseUrl: getLoggingSafeMcpBaseUrl(serverConfig),
+                }
+                : {}),
+        });
+        // performMCPXaaAuth logs its own success/failure events (with
+        // idTokenCacheHit + xaaFailureStage).
+        await performMCPXaaAuth(serverName, serverConfig, onAuthorizationUrl, abortSignal, options?.skipBrowserOpen);
+        return;
+    }
+    // Check for cached step-up scope and resource metadata URL before clearing
+    // tokens. The transport-attached auth provider persists scope when it receives
+    // a step-up 401, so we can use it here instead of making an extra probe request.
+    const storage = getSecureStorage();
+    const serverKey = getServerKey(serverName, serverConfig);
+    const cachedEntry = storage.read()?.mcpOAuth?.[serverKey];
+    const cachedStepUpScope = cachedEntry?.stepUpScope;
+    const cachedResourceMetadataUrl = cachedEntry?.discoveryState?.resourceMetadataUrl;
+    // Clear any existing stored credentials to ensure fresh client registration.
+    // Note: this deletes the entire entry (including discoveryState/stepUpScope),
+    // but we already read the cached values above.
+    clearServerTokensFromLocalStorage(serverName, serverConfig);
+    // Use cached step-up scope and resource metadata URL if available.
+    // The transport-attached auth provider caches these when it receives a
+    // step-up 401, so we don't need to probe the server again.
+    let resourceMetadataUrl;
+    if (cachedResourceMetadataUrl) {
+        try {
+            resourceMetadataUrl = new URL(cachedResourceMetadataUrl);
+        }
+        catch {
+            logMCPDebug(serverName, `Invalid cached resourceMetadataUrl: ${cachedResourceMetadataUrl}`);
+        }
+    }
+    const wwwAuthParams = {
+        scope: cachedStepUpScope,
+        resourceMetadataUrl,
+    };
+    const flowAttemptId = randomUUID();
+    logEvent('tengu_mcp_oauth_flow_start', {
+        flowAttemptId: flowAttemptId,
+        isOAuthFlow: true,
+        transportType: serverConfig.type,
+        ...(getLoggingSafeMcpBaseUrl(serverConfig)
+            ? {
+                mcpServerBaseUrl: getLoggingSafeMcpBaseUrl(serverConfig),
+            }
+            : {}),
+    });
+    // Track whether we reached the token-exchange phase so the catch block can
+    // attribute the failure reason correctly.
+    let authorizationCodeObtained = false;
+    try {
+        // Use configured callback port for pre-configured OAuth, otherwise find an available port
+        const configuredCallbackPort = serverConfig.oauth?.callbackPort;
+        const port = configuredCallbackPort ?? (await findAvailablePort());
+        const redirectUri = buildRedirectUri(port);
+        logMCPDebug(serverName, `Using redirect port: ${port}${configuredCallbackPort ? ' (from config)' : ''}`);
+        const provider = new ClaudeAuthProvider(serverName, serverConfig, redirectUri, true, onAuthorizationUrl, options?.skipBrowserOpen);
+        // Fetch and store OAuth metadata for scope information
+        try {
+            const metadata = await fetchAuthServerMetadata(serverName, serverConfig.url, serverConfig.oauth?.authServerMetadataUrl, undefined, wwwAuthParams.resourceMetadataUrl);
+            if (metadata) {
+                // Store metadata in provider for scope information
+                provider.setMetadata(metadata);
+                logMCPDebug(serverName, `Fetched OAuth metadata with scope: ${getScopeFromMetadata(metadata) || 'NONE'}`);
+            }
+        }
+        catch (error) {
+            logMCPDebug(serverName, `Failed to fetch OAuth metadata: ${errorMessage(error)}`);
+        }
+        // Get the OAuth state from the provider for validation
+        const oauthState = await provider.state();
+        // Store the server, timeout, and abort listener references for cleanup
+        let server = null;
+        let timeoutId = null;
+        let abortHandler = null;
+        const cleanup = () => {
+            if (server) {
+                server.removeAllListeners();
+                // Defensive: removeAllListeners() strips the error handler, so swallow any late error during close
+                server.on('error', () => { });
+                server.close();
+                server = null;
+            }
+            if (timeoutId) {
+                clearTimeout(timeoutId);
+                timeoutId = null;
+            }
+            if (abortSignal && abortHandler) {
+                abortSignal.removeEventListener('abort', abortHandler);
+                abortHandler = null;
+            }
+            logMCPDebug(serverName, `MCP OAuth server cleaned up`);
+        };
+        // Setup a server to receive the callback
+        const authorizationCode = await new Promise((resolve, reject) => {
+            let resolved = false;
+            const resolveOnce = (code) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                resolve(code);
+            };
+            const rejectOnce = (error) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                reject(error);
+            };
+            if (abortSignal) {
+                abortHandler = () => {
+                    cleanup();
+                    rejectOnce(new AuthenticationCancelledError());
+                };
+                if (abortSignal.aborted) {
+                    abortHandler();
+                    return;
+                }
+                abortSignal.addEventListener('abort', abortHandler);
+            }
+            // Allow manual callback URL paste for remote/browser-based environments
+            // where localhost is not reachable from the user's browser.
+            if (options?.onWaitingForCallback) {
+                options.onWaitingForCallback((callbackUrl) => {
+                    try {
+                        const parsed = new URL(callbackUrl);
+                        const code = parsed.searchParams.get('code');
+                        const state = parsed.searchParams.get('state');
+                        const error = parsed.searchParams.get('error');
+                        if (error) {
+                            const errorDescription = parsed.searchParams.get('error_description') || '';
+                            cleanup();
+                            rejectOnce(new Error(`OAuth error: ${error} - ${errorDescription}`));
+                            return;
+                        }
+                        if (!code) {
+                            // Not a valid callback URL, ignore so the user can try again
+                            return;
+                        }
+                        if (state !== oauthState) {
+                            cleanup();
+                            rejectOnce(new Error('OAuth state mismatch - possible CSRF attack'));
+                            return;
+                        }
+                        logMCPDebug(serverName, `Received auth code via manual callback URL`);
+                        cleanup();
+                        resolveOnce(code);
+                    }
+                    catch {
+                        // Invalid URL, ignore so the user can try again
+                    }
+                });
+            }
+            server = createServer((req, res) => {
+                const parsedUrl = parse(req.url || '', true);
+                if (parsedUrl.pathname === '/callback') {
+                    const code = parsedUrl.query.code;
+                    const state = parsedUrl.query.state;
+                    const error = parsedUrl.query.error;
+                    const errorDescription = parsedUrl.query.error_description;
+                    const errorUri = parsedUrl.query.error_uri;
+                    // Validate OAuth state to prevent CSRF attacks
+                    if (!error && state !== oauthState) {
+                        res.writeHead(400, { 'Content-Type': 'text/html' });
+                        res.end(`<h1>Authentication Error</h1><p>Invalid state parameter. Please try again.</p><p>You can close this window.</p>`);
+                        cleanup();
+                        rejectOnce(new Error('OAuth state mismatch - possible CSRF attack'));
+                        return;
+                    }
+                    if (error) {
+                        res.writeHead(200, { 'Content-Type': 'text/html' });
+                        // Sanitize error messages to prevent XSS
+                        const sanitizedError = xss(String(error));
+                        const sanitizedErrorDescription = errorDescription
+                            ? xss(String(errorDescription))
+                            : '';
+                        res.end(`<h1>Authentication Error</h1><p>${sanitizedError}: ${sanitizedErrorDescription}</p><p>You can close this window.</p>`);
+                        cleanup();
+                        let errorMessage = `OAuth error: ${error}`;
+                        if (errorDescription) {
+                            errorMessage += ` - ${errorDescription}`;
+                        }
+                        if (errorUri) {
+                            errorMessage += ` (See: ${errorUri})`;
+                        }
+                        rejectOnce(new Error(errorMessage));
+                        return;
+                    }
+                    if (code) {
+                        res.writeHead(200, { 'Content-Type': 'text/html' });
+                        res.end(`<h1>Authentication Successful</h1><p>You can close this window. Return to Context Code.</p>`);
+                        cleanup();
+                        resolveOnce(code);
+                    }
+                }
+            });
+            server.on('error', (err) => {
+                cleanup();
+                if (err.code === 'EADDRINUSE') {
+                    const findCmd = getPlatform() === 'windows'
+                        ? `netstat -ano | findstr :${port}`
+                        : `lsof -ti:${port} -sTCP:LISTEN`;
+                    rejectOnce(new Error(`OAuth callback port ${port} is already in use — another process may be holding it. ` +
+                        `Run \`${findCmd}\` to find it.`));
+                }
+                else {
+                    rejectOnce(new Error(`OAuth callback server failed: ${err.message}`));
+                }
+            });
+            server.listen(port, '127.0.0.1', async () => {
+                try {
+                    logMCPDebug(serverName, `Starting SDK auth`);
+                    logMCPDebug(serverName, `Server URL: ${serverConfig.url}`);
+                    // First call to start the auth flow - should redirect
+                    // Pass the scope and resource_metadata from WWW-Authenticate header if available
+                    const result = await sdkAuth(provider, {
+                        serverUrl: serverConfig.url,
+                        scope: wwwAuthParams.scope,
+                        resourceMetadataUrl: wwwAuthParams.resourceMetadataUrl,
+                    });
+                    logMCPDebug(serverName, `Initial auth result: ${result}`);
+                    if (result !== 'REDIRECT') {
+                        logMCPDebug(serverName, `Unexpected auth result, expected REDIRECT: ${result}`);
+                    }
+                }
+                catch (error) {
+                    logMCPDebug(serverName, `SDK auth error: ${error}`);
+                    cleanup();
+                    rejectOnce(new Error(`SDK auth failed: ${errorMessage(error)}`));
+                }
+            });
+            // Don't let the callback server or timeout pin the event loop — if the UI
+            // component unmounts without aborting (e.g. parent intercepts Esc), we'd
+            // rather let the process exit than stay alive for 5 minutes holding the
+            // port. The abortSignal is the intended lifecycle management.
+            server.unref();
+            timeoutId = setTimeout((cleanup, rejectOnce) => {
+                cleanup();
+                rejectOnce(new Error('Authentication timeout'));
+            }, 5 * 60 * 1000, // 5 minutes
+            cleanup, rejectOnce);
+            timeoutId.unref();
+        });
+        authorizationCodeObtained = true;
+        // Now complete the auth flow with the received code
+        logMCPDebug(serverName, `Completing auth flow with authorization code`);
+        const result = await sdkAuth(provider, {
+            serverUrl: serverConfig.url,
+            authorizationCode,
+            resourceMetadataUrl: wwwAuthParams.resourceMetadataUrl,
+        });
+        logMCPDebug(serverName, `Auth result: ${result}`);
+        if (result === 'AUTHORIZED') {
+            // Debug: Check if tokens were properly saved
+            const savedTokens = await provider.tokens();
+            logMCPDebug(serverName, `Tokens after auth: ${savedTokens ? 'Present' : 'Missing'}`);
+            if (savedTokens) {
+                logMCPDebug(serverName, `Token access_token length: ${savedTokens.access_token?.length}`);
+                logMCPDebug(serverName, `Token expires_in: ${savedTokens.expires_in}`);
+            }
+            logEvent('tengu_mcp_oauth_flow_success', {
+                flowAttemptId: flowAttemptId,
+                transportType: serverConfig.type,
+                ...(getLoggingSafeMcpBaseUrl(serverConfig)
+                    ? {
+                        mcpServerBaseUrl: getLoggingSafeMcpBaseUrl(serverConfig),
+                    }
+                    : {}),
+            });
+        }
+        else {
+            throw new Error('Unexpected auth result: ' + result);
+        }
+    }
+    catch (error) {
+        logMCPDebug(serverName, `Error during auth completion: ${error}`);
+        // Determine failure reason for attribution telemetry. The try block covers
+        // port acquisition, the callback server, the redirect flow, and token
+        // exchange. Map known failure paths to stable reason codes.
+        let reason = 'unknown';
+        let oauthErrorCode;
+        let httpStatus;
+        if (error instanceof AuthenticationCancelledError) {
+            reason = 'cancelled';
+        }
+        else if (authorizationCodeObtained) {
+            reason = 'token_exchange_failed';
+        }
+        else {
+            const msg = errorMessage(error);
+            if (msg.includes('Authentication timeout')) {
+                reason = 'timeout';
+            }
+            else if (msg.includes('OAuth state mismatch')) {
+                reason = 'state_mismatch';
+            }
+            else if (msg.includes('OAuth error:')) {
+                reason = 'provider_denied';
+            }
+            else if (msg.includes('already in use') ||
+                msg.includes('EADDRINUSE') ||
+                msg.includes('callback server failed') ||
+                msg.includes('No available port')) {
+                reason = 'port_unavailable';
+            }
+            else if (msg.includes('SDK auth failed')) {
+                reason = 'sdk_auth_failed';
+            }
+        }
+        // sdkAuth uses native fetch and throws OAuthError subclasses (InvalidGrantError,
+        // ServerError, InvalidClientError, etc.) via parseErrorResponse. Extract the
+        // OAuth error code directly from the SDK error instance.
+        if (error instanceof OAuthError) {
+            oauthErrorCode = error.errorCode;
+            // SDK does not attach HTTP status as a property, but the fallback ServerError
+            // embeds it in the message as "HTTP {status}:" when the response body was
+            // unparseable. Best-effort extraction.
+            const statusMatch = error.message.match(/^HTTP (\d{3}):/);
+            if (statusMatch) {
+                httpStatus = Number(statusMatch[1]);
+            }
+            // If client not found, clear the stored client ID and suggest retry
+            if (error.errorCode === 'invalid_client' &&
+                error.message.includes('Client not found')) {
+                const storage = getSecureStorage();
+                const existingData = storage.read() || {};
+                const serverKey = getServerKey(serverName, serverConfig);
+                if (existingData.mcpOAuth?.[serverKey]) {
+                    delete existingData.mcpOAuth[serverKey].clientId;
+                    delete existingData.mcpOAuth[serverKey].clientSecret;
+                    storage.update(existingData);
+                }
+            }
+        }
+        logEvent('tengu_mcp_oauth_flow_error', {
+            flowAttemptId: flowAttemptId,
+            reason: reason,
+            error_code: oauthErrorCode,
+            http_status: httpStatus?.toString(),
+            transportType: serverConfig.type,
+            ...(getLoggingSafeMcpBaseUrl(serverConfig)
+                ? {
+                    mcpServerBaseUrl: getLoggingSafeMcpBaseUrl(serverConfig),
+                }
+                : {}),
+        });
+        throw error;
+    }
+}
+/**
+ * Wraps fetch to detect 403 insufficient_scope responses and mark step-up
+ * pending on the provider BEFORE the SDK's 403 handler calls auth(). Without
+ * this, the SDK's authInternal sees refresh_token → refreshes (uselessly, since
+ * RFC 6749 §6 forbids scope elevation via refresh) → returns 'AUTHORIZED' →
+ * retry → 403 again → aborts with "Server returned 403 after trying upscoping",
+ * never reaching redirectToAuthorization where step-up scope is persisted.
+ * With this flag set, tokens() omits refresh_token so the SDK falls through
+ * to the PKCE flow. See github.com/anthropics/claude-code/issues/28258.
+ */
+export function wrapFetchWithStepUpDetection(baseFetch, provider) {
+    return async (url, init) => {
+        const response = await baseFetch(url, init);
+        if (response.status === 403) {
+            const wwwAuth = response.headers.get('WWW-Authenticate');
+            if (wwwAuth?.includes('insufficient_scope')) {
+                // Match both quoted and unquoted values (RFC 6750 §3 allows either).
+                // Same pattern as the SDK's extractFieldFromWwwAuth.
+                const match = wwwAuth.match(/scope=(?:"([^"]+)"|([^\s,]+))/);
+                const scope = match?.[1] ?? match?.[2];
+                if (scope) {
+                    provider.markStepUpPending(scope);
+                }
+            }
+        }
+        return response;
+    };
+}
+export class ClaudeAuthProvider {
+    serverName;
+    serverConfig;
+    redirectUri;
+    handleRedirection;
+    _codeVerifier;
+    _authorizationUrl;
+    _state;
+    _scopes;
+    _metadata;
+    _refreshInProgress;
+    _pendingStepUpScope;
+    onAuthorizationUrlCallback;
+    skipBrowserOpen;
+    constructor(serverName, serverConfig, redirectUri = buildRedirectUri(), handleRedirection = false, onAuthorizationUrl, skipBrowserOpen) {
+        this.serverName = serverName;
+        this.serverConfig = serverConfig;
+        this.redirectUri = redirectUri;
+        this.handleRedirection = handleRedirection;
+        this.onAuthorizationUrlCallback = onAuthorizationUrl;
+        this.skipBrowserOpen = skipBrowserOpen ?? false;
+    }
+    get redirectUrl() {
+        return this.redirectUri;
+    }
+    get authorizationUrl() {
+        return this._authorizationUrl;
+    }
+    get clientMetadata() {
+        const metadata = {
+            client_name: `Context Code (${this.serverName})`,
+            redirect_uris: [this.redirectUri],
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'none', // Public client
+        };
+        // Include scope from metadata if available
+        const metadataScope = getScopeFromMetadata(this._metadata);
+        if (metadataScope) {
+            metadata.scope = metadataScope;
+            logMCPDebug(this.serverName, `Using scope from metadata: ${metadata.scope}`);
+        }
+        return metadata;
+    }
+    /**
+     * CIMD (SEP-991): URL-based client_id. When the auth server advertises
+     * client_id_metadata_document_supported: true, the SDK uses this URL as the
+     * client_id instead of performing Dynamic Client Registration.
+     * Override via MCP_OAUTH_CLIENT_METADATA_URL env var (e.g. for testing, FedStart).
+     */
+    get clientMetadataUrl() {
+        const override = process.env.MCP_OAUTH_CLIENT_METADATA_URL;
+        if (override) {
+            logMCPDebug(this.serverName, `Using CIMD URL from env: ${override}`);
+            return override;
+        }
+        return MCP_CLIENT_METADATA_URL;
+    }
+    setMetadata(metadata) {
+        this._metadata = metadata;
+    }
+    /**
+     * Called by the fetch wrapper when a 403 insufficient_scope response is
+     * detected. Setting this causes tokens() to omit refresh_token, forcing
+     * the SDK's authInternal to skip its (useless) refresh path and fall through
+     * to startAuthorization → redirectToAuthorization → step-up persistence.
+     * RFC 6749 §6 forbids scope elevation via refresh, so refreshing would just
+     * return the same-scoped token and the retry would 403 again.
+     */
+    markStepUpPending(scope) {
+        this._pendingStepUpScope = scope;
+        logMCPDebug(this.serverName, `Marked step-up pending: ${scope}`);
+    }
+    async state() {
+        // Generate state if not already generated for this instance
+        if (!this._state) {
+            this._state = randomBytes(32).toString('base64url');
+            logMCPDebug(this.serverName, 'Generated new OAuth state');
+        }
+        return this._state;
+    }
+    async clientInformation() {
+        const storage = getSecureStorage();
+        const data = storage.read();
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        // Check session credentials first (from DCR or previous auth)
+        const storedInfo = data?.mcpOAuth?.[serverKey];
+        if (storedInfo?.clientId) {
+            logMCPDebug(this.serverName, `Found client info`);
+            return {
+                client_id: storedInfo.clientId,
+                client_secret: storedInfo.clientSecret,
+            };
+        }
+        // Fallback: pre-configured client ID from server config
+        const configClientId = this.serverConfig.oauth?.clientId;
+        if (configClientId) {
+            const clientConfig = data?.mcpOAuthClientConfig?.[serverKey];
+            logMCPDebug(this.serverName, `Using pre-configured client ID`);
+            return {
+                client_id: configClientId,
+                client_secret: clientConfig?.clientSecret,
+            };
+        }
+        // If we don't have stored client info, return undefined to trigger registration
+        logMCPDebug(this.serverName, `No client info found`);
+        return undefined;
+    }
+    async saveClientInformation(clientInformation) {
+        const storage = getSecureStorage();
+        const existingData = storage.read() || {};
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        const updatedData = {
+            ...existingData,
+            mcpOAuth: {
+                ...existingData.mcpOAuth,
+                [serverKey]: {
+                    ...existingData.mcpOAuth?.[serverKey],
+                    serverName: this.serverName,
+                    serverUrl: this.serverConfig.url,
+                    clientId: clientInformation.client_id,
+                    clientSecret: clientInformation.client_secret,
+                    // Provide default values for required fields if not present
+                    accessToken: existingData.mcpOAuth?.[serverKey]?.accessToken || '',
+                    expiresAt: existingData.mcpOAuth?.[serverKey]?.expiresAt || 0,
+                },
+            },
+        };
+        storage.update(updatedData);
+    }
+    async tokens() {
+        // Cross-process token changes (another CC instance refreshed or invalidated)
+        // are picked up via the keychain cache TTL (see macOsKeychainStorage.ts).
+        // In-process writes already invalidate the cache via storage.update().
+        // We do NOT clearKeychainCache() here — tokens() is called by the MCP SDK's
+        // _commonHeaders on every request, and forcing a cache miss would trigger
+        // a blocking spawnSync(`security find-generic-password`) 30-40x/sec.
+        // See CPU profile: spawnSync was 7.2% of total CPU after PR #19436.
+        const storage = getSecureStorage();
+        const data = await storage.readAsync();
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        const tokenData = data?.mcpOAuth?.[serverKey];
+        // XAA: a cached id_token plays the same UX role as a refresh_token — run
+        // the silent exchange to get a fresh access_token without a browser. The
+        // id_token does expire (we re-acquire via `xaa login` when it does); the
+        // point is that while it's valid, re-auth is zero-interaction.
+        //
+        // Only fire when we don't have a refresh_token. If the AS returned one,
+        // the normal refresh path (below) is cheaper — 1 request vs the 4-request
+        // XAA chain. If that refresh is revoked, refreshAuthorization() clears it
+        // (invalidateCredentials('tokens')), and the next tokens() falls through
+        // to here.
+        //
+        // Fires on:
+        //   - never authed (!tokenData)                 → first connect, auto-auth
+        //   - SDK partial write {accessToken:''}        → stale from past session
+        //   - expired/expiring, no refresh_token        → proactive XAA re-auth
+        //
+        // No special-casing of {accessToken:'', expiresAt:0}. Yes, SDK auth()
+        // writes that mid-flow (saveClientInformation defaults). But with this
+        // auto-auth branch, the *first* tokens() call — before auth() writes
+        // anything — fires xaaRefresh. If id_token is cached, SDK short-circuits
+        // there and never reaches the write. If id_token isn't cached, xaaRefresh
+        // returns undefined in ~1 keychain read, auth() proceeds, writes the
+        // marker, calls tokens() again, xaaRefresh fails again identically.
+        // Harmless redundancy, not a wasted exchange. And guarding on `!==''`
+        // permanently bricks auto-auth when a *prior* session left that marker
+        // in keychain — real bug seen with xaa.dev.
+        //
+        // xaaRefresh() internally short-circuits to undefined when the id_token
+        // isn't cached (or settings.xaaIdp is gone) → we fall through to the
+        // existing needs-auth path → user runs `xaa login`.
+        //
+        if (isXaaEnabled() &&
+            this.serverConfig.oauth?.xaa &&
+            !tokenData?.refreshToken &&
+            (!tokenData?.accessToken ||
+                (tokenData.expiresAt - Date.now()) / 1000 <= 300)) {
+            if (!this._refreshInProgress) {
+                logMCPDebug(this.serverName, tokenData
+                    ? `XAA: access_token expiring, attempting silent exchange`
+                    : `XAA: no access_token yet, attempting silent exchange`);
+                this._refreshInProgress = this.xaaRefresh().finally(() => {
+                    this._refreshInProgress = undefined;
+                });
+            }
+            try {
+                const refreshed = await this._refreshInProgress;
+                if (refreshed)
+                    return refreshed;
+            }
+            catch (e) {
+                logMCPDebug(this.serverName, `XAA silent exchange failed: ${errorMessage(e)}`);
+            }
+            // Fall through. Either id_token isn't cached (xaaRefresh returned
+            // undefined) or the exchange errored. Normal path below handles both:
+            // !tokenData → undefined → 401 → needs-auth; expired → undefined → same.
+        }
+        if (!tokenData) {
+            logMCPDebug(this.serverName, `No token data found`);
+            return undefined;
+        }
+        // Check if token is expired
+        const expiresIn = (tokenData.expiresAt - Date.now()) / 1000;
+        // Step-up check: if a 403 insufficient_scope was detected and the current
+        // token doesn't have the requested scope, omit refresh_token below so the
+        // SDK skips refresh and falls through to the PKCE flow.
+        const currentScopes = tokenData.scope?.split(' ') ?? [];
+        const needsStepUp = this._pendingStepUpScope !== undefined &&
+            this._pendingStepUpScope.split(' ').some(s => !currentScopes.includes(s));
+        if (needsStepUp) {
+            logMCPDebug(this.serverName, `Step-up pending (${this._pendingStepUpScope}), omitting refresh_token`);
+        }
+        // If token is expired and we don't have a refresh token, return undefined
+        if (expiresIn <= 0 && !tokenData.refreshToken) {
+            logMCPDebug(this.serverName, `Token expired without refresh token`);
+            return undefined;
+        }
+        // If token is expired or about to expire (within 5 minutes) and we have a refresh token, refresh it proactively.
+        // This proactive refresh is a UX improvement - it avoids the latency of a failed request followed by token refresh.
+        // While MCP servers should return 401 for expired tokens (which triggers SDK-level refresh), proactively refreshing
+        // before expiry provides a smoother user experience.
+        // Skip when step-up is pending — refreshing can't elevate scope (RFC 6749 §6).
+        if (expiresIn <= 300 && tokenData.refreshToken && !needsStepUp) {
+            // Reuse existing refresh promise if one is in progress to prevent concurrent refreshes
+            if (!this._refreshInProgress) {
+                logMCPDebug(this.serverName, `Token expires in ${Math.floor(expiresIn)}s, attempting proactive refresh`);
+                this._refreshInProgress = this.refreshAuthorization(tokenData.refreshToken).finally(() => {
+                    this._refreshInProgress = undefined;
+                });
+            }
+            else {
+                logMCPDebug(this.serverName, `Token refresh already in progress, reusing existing promise`);
+            }
+            try {
+                const refreshed = await this._refreshInProgress;
+                if (refreshed) {
+                    logMCPDebug(this.serverName, `Token refreshed successfully`);
+                    return refreshed;
+                }
+                logMCPDebug(this.serverName, `Token refresh failed, returning current tokens`);
+            }
+            catch (error) {
+                logMCPDebug(this.serverName, `Token refresh error: ${errorMessage(error)}`);
+            }
+        }
+        // Return current tokens (may be expired if refresh failed or not needed yet)
+        const tokens = {
+            access_token: tokenData.accessToken,
+            refresh_token: needsStepUp ? undefined : tokenData.refreshToken,
+            expires_in: expiresIn,
+            scope: tokenData.scope,
+            token_type: 'Bearer',
+        };
+        logMCPDebug(this.serverName, `Returning tokens`);
+        logMCPDebug(this.serverName, `Token length: ${tokens.access_token?.length}`);
+        logMCPDebug(this.serverName, `Has refresh token: ${!!tokens.refresh_token}`);
+        logMCPDebug(this.serverName, `Expires in: ${Math.floor(expiresIn)}s`);
+        return tokens;
+    }
+    async saveTokens(tokens) {
+        this._pendingStepUpScope = undefined;
+        const storage = getSecureStorage();
+        const existingData = storage.read() || {};
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        logMCPDebug(this.serverName, `Saving tokens`);
+        logMCPDebug(this.serverName, `Token expires in: ${tokens.expires_in}`);
+        logMCPDebug(this.serverName, `Has refresh token: ${!!tokens.refresh_token}`);
+        const updatedData = {
+            ...existingData,
+            mcpOAuth: {
+                ...existingData.mcpOAuth,
+                [serverKey]: {
+                    ...existingData.mcpOAuth?.[serverKey],
+                    serverName: this.serverName,
+                    serverUrl: this.serverConfig.url,
+                    accessToken: tokens.access_token,
+                    refreshToken: tokens.refresh_token,
+                    expiresAt: Date.now() + (tokens.expires_in || 3600) * 1000,
+                    scope: tokens.scope,
+                },
+            },
+        };
+        storage.update(updatedData);
+    }
+    /**
+     * XAA silent refresh: cached id_token → Layer-2 exchange → new access_token.
+     * No browser.
+     *
+     * Returns undefined if the id_token is gone from cache — caller treats this
+     * as needs-interactive-reauth (transport will 401, CC surfaces it).
+     *
+     * On exchange failure, clears the id_token cache so the next interactive
+     * auth does a fresh IdP login (the cached id_token is likely stale/revoked).
+     *
+     * TODO(xaa-ga): add cross-process lockfile before GA. `_refreshInProgress`
+     * only dedupes within one process — two CC instances with expiring tokens
+     * both fire the full 4-request XAA chain and race on storage.update().
+     * Unlike inc-4829 the id_token is not single-use so both access_tokens
+     * stay valid (wasted round-trips + keychain write race, not brickage),
+     * but this is the shape CLAUDE.md flags under "Token/auth caching across
+     * process boundaries". Mirror refreshAuthorization()'s lockfile pattern.
+     */
+    async xaaRefresh() {
+        const idp = getXaaIdpSettings();
+        if (!idp)
+            return undefined; // config was removed mid-session
+        const idToken = getCachedIdpIdToken(idp.issuer);
+        if (!idToken) {
+            logMCPDebug(this.serverName, 'XAA: id_token not cached, needs interactive re-auth');
+            return undefined;
+        }
+        const clientId = this.serverConfig.oauth?.clientId;
+        const clientConfig = getMcpClientConfig(this.serverName, this.serverConfig);
+        if (!clientId || !clientConfig?.clientSecret) {
+            logMCPDebug(this.serverName, 'XAA: missing clientId or clientSecret in config — skipping silent refresh');
+            return undefined; // shouldn't happen if `mcp add` was correct
+        }
+        const idpClientSecret = getIdpClientSecret(idp.issuer);
+        // Discover IdP token endpoint. Could cache (fetchCache.ts already
+        // caches /.well-known/ requests), but OIDC metadata is cheap + idempotent.
+        // xaaRefresh is the silent tokens() path — soft-fail to undefined so the
+        // caller falls through to needs-authentication instead of throwing mid-connect.
+        let oidc;
+        try {
+            oidc = await discoverOidc(idp.issuer);
+        }
+        catch (e) {
+            logMCPDebug(this.serverName, `XAA: OIDC discovery failed in silent refresh: ${errorMessage(e)}`);
+            return undefined;
+        }
+        try {
+            const tokens = await performCrossAppAccess(this.serverConfig.url, {
+                clientId,
+                clientSecret: clientConfig.clientSecret,
+                idpClientId: idp.clientId,
+                idpClientSecret,
+                idpIdToken: idToken,
+                idpTokenEndpoint: oidc.token_endpoint,
+            }, this.serverName);
+            // Write directly (not via saveTokens) so clientId + clientSecret land in
+            // storage even when this is the first write for serverKey. saveTokens
+            // only spreads existing data; if no prior performMCPXaaAuth ran,
+            // revokeServerTokens would later read tokenData.clientId as undefined
+            // and send a client_id-less RFC 7009 request that strict ASes reject.
+            const storage = getSecureStorage();
+            const existingData = storage.read() || {};
+            const serverKey = getServerKey(this.serverName, this.serverConfig);
+            const prev = existingData.mcpOAuth?.[serverKey];
+            storage.update({
+                ...existingData,
+                mcpOAuth: {
+                    ...existingData.mcpOAuth,
+                    [serverKey]: {
+                        ...prev,
+                        serverName: this.serverName,
+                        serverUrl: this.serverConfig.url,
+                        accessToken: tokens.access_token,
+                        refreshToken: tokens.refresh_token ?? prev?.refreshToken,
+                        expiresAt: Date.now() + (tokens.expires_in || 3600) * 1000,
+                        scope: tokens.scope,
+                        clientId,
+                        clientSecret: clientConfig.clientSecret,
+                        discoveryState: {
+                            authorizationServerUrl: tokens.authorizationServerUrl,
+                        },
+                    },
+                },
+            });
+            return {
+                access_token: tokens.access_token,
+                token_type: 'Bearer',
+                expires_in: tokens.expires_in,
+                scope: tokens.scope,
+                refresh_token: tokens.refresh_token,
+            };
+        }
+        catch (e) {
+            if (e instanceof XaaTokenExchangeError && e.shouldClearIdToken) {
+                clearIdpIdToken(idp.issuer);
+                logMCPDebug(this.serverName, 'XAA: cleared id_token after exchange failure');
+            }
+            throw e;
+        }
+    }
+    async redirectToAuthorization(authorizationUrl) {
+        // Store the authorization URL
+        this._authorizationUrl = authorizationUrl.toString();
+        // Extract and store scopes from the authorization URL for later use in token exchange
+        const scopes = authorizationUrl.searchParams.get('scope');
+        logMCPDebug(this.serverName, `Authorization URL: ${redactSensitiveUrlParams(authorizationUrl.toString())}`);
+        logMCPDebug(this.serverName, `Scopes in URL: ${scopes || 'NOT FOUND'}`);
+        if (scopes) {
+            this._scopes = scopes;
+            logMCPDebug(this.serverName, `Captured scopes from authorization URL: ${scopes}`);
+        }
+        else {
+            // If no scope in URL, try to get it from metadata
+            const metadataScope = getScopeFromMetadata(this._metadata);
+            if (metadataScope) {
+                this._scopes = metadataScope;
+                logMCPDebug(this.serverName, `Using scopes from metadata: ${metadataScope}`);
+            }
+            else {
+                logMCPDebug(this.serverName, `No scopes available from URL or metadata`);
+            }
+        }
+        // Persist scope for step-up auth: only when the transport-attached provider
+        // (handleRedirection=false) receives a step-up 401. The SDK calls auth()
+        // which calls redirectToAuthorization with the new scope. We persist it
+        // so the next performMCPOAuthFlow can use it without an extra probe request.
+        // Guard with !handleRedirection to avoid persisting during normal auth flows
+        // (where the scope may come from metadata scopes_supported rather than a 401).
+        if (this._scopes && !this.handleRedirection) {
+            const storage = getSecureStorage();
+            const existingData = storage.read() || {};
+            const serverKey = getServerKey(this.serverName, this.serverConfig);
+            const existing = existingData.mcpOAuth?.[serverKey];
+            if (existing) {
+                existing.stepUpScope = this._scopes;
+                storage.update(existingData);
+                logMCPDebug(this.serverName, `Persisted step-up scope: ${this._scopes}`);
+            }
+        }
+        if (!this.handleRedirection) {
+            logMCPDebug(this.serverName, `Redirection handling is disabled, skipping redirect`);
+            return;
+        }
+        // Validate URL scheme for security
+        const urlString = authorizationUrl.toString();
+        if (!urlString.startsWith('http://') && !urlString.startsWith('https://')) {
+            throw new Error('Invalid authorization URL: must use http:// or https:// scheme');
+        }
+        logMCPDebug(this.serverName, `Redirecting to authorization URL`);
+        const redactedUrl = redactSensitiveUrlParams(urlString);
+        logMCPDebug(this.serverName, `Authorization URL: ${redactedUrl}`);
+        // Notify the UI about the authorization URL BEFORE opening the browser,
+        // so users can see the URL as a fallback if the browser fails to open
+        if (this.onAuthorizationUrlCallback) {
+            this.onAuthorizationUrlCallback(urlString);
+        }
+        if (!this.skipBrowserOpen) {
+            logMCPDebug(this.serverName, `Opening authorization URL: ${redactedUrl}`);
+            const success = await openBrowser(urlString);
+            if (!success) {
+                logMCPDebug(this.serverName, `Browser didn't open automatically. URL is shown in UI.`);
+            }
+        }
+        else {
+            logMCPDebug(this.serverName, `Skipping browser open (skipBrowserOpen=true). URL: ${redactedUrl}`);
+        }
+    }
+    async saveCodeVerifier(codeVerifier) {
+        logMCPDebug(this.serverName, `Saving code verifier`);
+        this._codeVerifier = codeVerifier;
+    }
+    async codeVerifier() {
+        if (!this._codeVerifier) {
+            logMCPDebug(this.serverName, `No code verifier saved`);
+            throw new Error('No code verifier saved');
+        }
+        logMCPDebug(this.serverName, `Returning code verifier`);
+        return this._codeVerifier;
+    }
+    async invalidateCredentials(scope) {
+        const storage = getSecureStorage();
+        const existingData = storage.read();
+        if (!existingData?.mcpOAuth)
+            return;
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        const tokenData = existingData.mcpOAuth[serverKey];
+        if (!tokenData)
+            return;
+        switch (scope) {
+            case 'all':
+                delete existingData.mcpOAuth[serverKey];
+                break;
+            case 'client':
+                tokenData.clientId = undefined;
+                tokenData.clientSecret = undefined;
+                break;
+            case 'tokens':
+                tokenData.accessToken = '';
+                tokenData.refreshToken = undefined;
+                tokenData.expiresAt = 0;
+                break;
+            case 'verifier':
+                this._codeVerifier = undefined;
+                return;
+            case 'discovery':
+                tokenData.discoveryState = undefined;
+                tokenData.stepUpScope = undefined;
+                break;
+        }
+        storage.update(existingData);
+        logMCPDebug(this.serverName, `Invalidated credentials (scope: ${scope})`);
+    }
+    async saveDiscoveryState(state) {
+        const storage = getSecureStorage();
+        const existingData = storage.read() || {};
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        logMCPDebug(this.serverName, `Saving discovery state (authServer: ${state.authorizationServerUrl})`);
+        // Persist only the URLs, NOT the full metadata blobs.
+        // authorizationServerMetadata alone is ~1.5-2KB per MCP server (every
+        // grant type, PKCE method, endpoint the IdP supports). On macOS the
+        // keychain write goes through `security -i` which has a 4096-byte stdin
+        // line limit — with hex encoding that's ~2013 bytes of JSON total. Two
+        // OAuth MCP servers persisting full metadata overflows it, corrupting
+        // the credential store (#30337). The SDK re-fetches missing metadata
+        // with one HTTP GET on the next auth — see node_modules/.../auth.js
+        // `cachedState.authorizationServerMetadata ?? await discover...`.
+        const updatedData = {
+            ...existingData,
+            mcpOAuth: {
+                ...existingData.mcpOAuth,
+                [serverKey]: {
+                    ...existingData.mcpOAuth?.[serverKey],
+                    serverName: this.serverName,
+                    serverUrl: this.serverConfig.url,
+                    accessToken: existingData.mcpOAuth?.[serverKey]?.accessToken || '',
+                    expiresAt: existingData.mcpOAuth?.[serverKey]?.expiresAt || 0,
+                    discoveryState: {
+                        authorizationServerUrl: state.authorizationServerUrl,
+                        resourceMetadataUrl: state.resourceMetadataUrl,
+                    },
+                },
+            },
+        };
+        storage.update(updatedData);
+    }
+    async discoveryState() {
+        const storage = getSecureStorage();
+        const data = storage.read();
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        const cached = data?.mcpOAuth?.[serverKey]?.discoveryState;
+        if (cached?.authorizationServerUrl) {
+            logMCPDebug(this.serverName, `Returning cached discovery state (authServer: ${cached.authorizationServerUrl})`);
+            return {
+                authorizationServerUrl: cached.authorizationServerUrl,
+                resourceMetadataUrl: cached.resourceMetadataUrl,
+                resourceMetadata: cached.resourceMetadata,
+                authorizationServerMetadata: cached.authorizationServerMetadata,
+            };
+        }
+        // Check config hint for direct metadata URL
+        const metadataUrl = this.serverConfig.oauth?.authServerMetadataUrl;
+        if (metadataUrl) {
+            logMCPDebug(this.serverName, `Fetching metadata from configured URL: ${metadataUrl}`);
+            try {
+                const metadata = await fetchAuthServerMetadata(this.serverName, this.serverConfig.url, metadataUrl);
+                if (metadata) {
+                    return {
+                        authorizationServerUrl: metadata.issuer,
+                        authorizationServerMetadata: metadata,
+                    };
+                }
+            }
+            catch (error) {
+                logMCPDebug(this.serverName, `Failed to fetch from configured metadata URL: ${errorMessage(error)}`);
+            }
+        }
+        return undefined;
+    }
+    async refreshAuthorization(refreshToken) {
+        const serverKey = getServerKey(this.serverName, this.serverConfig);
+        const claudeDir = getClaudeConfigHomeDir();
+        await mkdir(claudeDir, { recursive: true });
+        const sanitizedKey = serverKey.replace(/[^a-zA-Z0-9]/g, '_');
+        const lockfilePath = join(claudeDir, `mcp-refresh-${sanitizedKey}.lock`);
+        let release;
+        for (let retry = 0; retry < MAX_LOCK_RETRIES; retry++) {
+            try {
+                logMCPDebug(this.serverName, `Acquiring refresh lock (attempt ${retry + 1})`);
+                release = await lockfile.lock(lockfilePath, {
+                    realpath: false,
+                    onCompromised: () => {
+                        logMCPDebug(this.serverName, `Refresh lock was compromised`);
+                    },
+                });
+                logMCPDebug(this.serverName, `Acquired refresh lock`);
+                break;
+            }
+            catch (e) {
+                const code = getErrnoCode(e);
+                if (code === 'ELOCKED') {
+                    logMCPDebug(this.serverName, `Refresh lock held by another process, waiting (attempt ${retry + 1}/${MAX_LOCK_RETRIES})`);
+                    await sleep(1000 + Math.random() * 1000);
+                    continue;
+                }
+                logMCPDebug(this.serverName, `Failed to acquire refresh lock: ${code}, proceeding without lock`);
+                break;
+            }
+        }
+        if (!release) {
+            logMCPDebug(this.serverName, `Could not acquire refresh lock after ${MAX_LOCK_RETRIES} retries, proceeding without lock`);
+        }
+        try {
+            // Re-read tokens after acquiring lock — another process may have refreshed
+            clearKeychainCache();
+            const storage = getSecureStorage();
+            const data = storage.read();
+            const tokenData = data?.mcpOAuth?.[serverKey];
+            if (tokenData) {
+                const expiresIn = (tokenData.expiresAt - Date.now()) / 1000;
+                if (expiresIn > 300) {
+                    logMCPDebug(this.serverName, `Another process already refreshed tokens (expires in ${Math.floor(expiresIn)}s)`);
+                    return {
+                        access_token: tokenData.accessToken,
+                        refresh_token: tokenData.refreshToken,
+                        expires_in: expiresIn,
+                        scope: tokenData.scope,
+                        token_type: 'Bearer',
+                    };
+                }
+                // Use the freshest refresh token from storage
+                if (tokenData.refreshToken) {
+                    refreshToken = tokenData.refreshToken;
+                }
+            }
+            return await this._doRefresh(refreshToken);
+        }
+        finally {
+            if (release) {
+                try {
+                    await release();
+                    logMCPDebug(this.serverName, `Released refresh lock`);
+                }
+                catch {
+                    logMCPDebug(this.serverName, `Failed to release refresh lock`);
+                }
+            }
+        }
+    }
+    async _doRefresh(refreshToken) {
+        const MAX_ATTEMPTS = 3;
+        const mcpServerBaseUrl = getLoggingSafeMcpBaseUrl(this.serverConfig);
+        const emitRefreshEvent = (outcome, reason) => {
+            logEvent(outcome === 'success'
+                ? 'tengu_mcp_oauth_refresh_success'
+                : 'tengu_mcp_oauth_refresh_failure', {
+                transportType: this.serverConfig
+                    .type,
+                ...(mcpServerBaseUrl
+                    ? {
+                        mcpServerBaseUrl: mcpServerBaseUrl,
+                    }
+                    : {}),
+                ...(reason
+                    ? {
+                        reason: reason,
+                    }
+                    : {}),
+            });
+        };
+        for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+            try {
+                logMCPDebug(this.serverName, `Starting token refresh`);
+                const authFetch = createAuthFetch();
+                // Reuse cached metadata from the initial OAuth flow if available,
+                // since metadata (token endpoint URL, etc.) is static per auth server.
+                // Priority:
+                // 1. In-memory cache (same-session refreshes)
+                // 2. Persisted discovery state from initial auth (cross-session) —
+                //    avoids re-running RFC 9728 discovery on every refresh.
+                // 3. Full RFC 9728 → RFC 8414 re-discovery via fetchAuthServerMetadata.
+                let metadata = this._metadata;
+                if (!metadata) {
+                    const cached = await this.discoveryState();
+                    if (cached?.authorizationServerMetadata) {
+                        logMCPDebug(this.serverName, `Using persisted auth server metadata for refresh`);
+                        metadata = cached.authorizationServerMetadata;
+                    }
+                    else if (cached?.authorizationServerUrl) {
+                        logMCPDebug(this.serverName, `Re-discovering metadata from persisted auth server URL: ${cached.authorizationServerUrl}`);
+                        metadata = await discoverAuthorizationServerMetadata(cached.authorizationServerUrl, { fetchFn: authFetch });
+                    }
+                }
+                if (!metadata) {
+                    metadata = await fetchAuthServerMetadata(this.serverName, this.serverConfig.url, this.serverConfig.oauth?.authServerMetadataUrl, authFetch);
+                }
+                if (!metadata) {
+                    logMCPDebug(this.serverName, `Failed to discover OAuth metadata`);
+                    emitRefreshEvent('failure', 'metadata_discovery_failed');
+                    return undefined;
+                }
+                // Cache for future refreshes
+                this._metadata = metadata;
+                const clientInfo = await this.clientInformation();
+                if (!clientInfo) {
+                    logMCPDebug(this.serverName, `No client information available`);
+                    emitRefreshEvent('failure', 'no_client_info');
+                    return undefined;
+                }
+                const newTokens = await sdkRefreshAuthorization(new URL(this.serverConfig.url), {
+                    metadata,
+                    clientInformation: clientInfo,
+                    refreshToken,
+                    resource: new URL(this.serverConfig.url),
+                    fetchFn: authFetch,
+                });
+                if (newTokens) {
+                    logMCPDebug(this.serverName, `Token refresh successful`);
+                    await this.saveTokens(newTokens);
+                    emitRefreshEvent('success');
+                    return newTokens;
+                }
+                logMCPDebug(this.serverName, `Token refresh returned no tokens`);
+                emitRefreshEvent('failure', 'no_tokens_returned');
+                return undefined;
+            }
+            catch (error) {
+                // Invalid grant means the refresh token itself is invalid/revoked/expired.
+                // But another process may have already refreshed successfully — check first.
+                if (error instanceof InvalidGrantError) {
+                    logMCPDebug(this.serverName, `Token refresh failed with invalid_grant: ${error.message}`);
+                    clearKeychainCache();
+                    const storage = getSecureStorage();
+                    const data = storage.read();
+                    const serverKey = getServerKey(this.serverName, this.serverConfig);
+                    const tokenData = data?.mcpOAuth?.[serverKey];
+                    if (tokenData) {
+                        const expiresIn = (tokenData.expiresAt - Date.now()) / 1000;
+                        if (expiresIn > 300) {
+                            logMCPDebug(this.serverName, `Another process refreshed tokens, using those`);
+                            // Not emitted as success: this process did not perform a
+                            // refresh, and the winning process already emitted its own
+                            // success event. Emitting here would double-count.
+                            return {
+                                access_token: tokenData.accessToken,
+                                refresh_token: tokenData.refreshToken,
+                                expires_in: expiresIn,
+                                scope: tokenData.scope,
+                                token_type: 'Bearer',
+                            };
+                        }
+                    }
+                    logMCPDebug(this.serverName, `No valid tokens in storage, clearing stored tokens`);
+                    await this.invalidateCredentials('tokens');
+                    emitRefreshEvent('failure', 'invalid_grant');
+                    return undefined;
+                }
+                // Retry on timeouts or transient server errors
+                const isTimeoutError = error instanceof Error &&
+                    /timeout|timed out|etimedout|econnreset/i.test(error.message);
+                const isTransientServerError = error instanceof ServerError ||
+                    error instanceof TemporarilyUnavailableError ||
+                    error instanceof TooManyRequestsError;
+                const isRetryable = isTimeoutError || isTransientServerError;
+                if (!isRetryable || attempt >= MAX_ATTEMPTS) {
+                    logMCPDebug(this.serverName, `Token refresh failed: ${errorMessage(error)}`);
+                    emitRefreshEvent('failure', isRetryable ? 'transient_retries_exhausted' : 'request_failed');
+                    return undefined;
+                }
+                const delayMs = 1000 * Math.pow(2, attempt - 1); // 1s, 2s, 4s
+                logMCPDebug(this.serverName, `Token refresh failed, retrying in ${delayMs}ms (attempt ${attempt}/${MAX_ATTEMPTS})`);
+                await sleep(delayMs);
+            }
+        }
+        return undefined;
+    }
+}
+export async function readClientSecret() {
+    const envSecret = process.env.MCP_CLIENT_SECRET;
+    if (envSecret) {
+        return envSecret;
+    }
+    if (!process.stdin.isTTY) {
+        throw new Error('No TTY available to prompt for client secret. Set MCP_CLIENT_SECRET env var instead.');
+    }
+    return new Promise((resolve, reject) => {
+        process.stderr.write('Enter OAuth client secret: ');
+        process.stdin.setRawMode?.(true);
+        let secret = '';
+        const onData = (ch) => {
+            const c = ch.toString();
+            if (c === '\n' || c === '\r') {
+                process.stdin.setRawMode?.(false);
+                process.stdin.removeListener('data', onData);
+                process.stderr.write('\n');
+                resolve(secret);
+            }
+            else if (c === '\u0003') {
+                process.stdin.setRawMode?.(false);
+                process.stdin.removeListener('data', onData);
+                reject(new Error('Cancelled'));
+            }
+            else if (c === '\u007F' || c === '\b') {
+                secret = secret.slice(0, -1);
+            }
+            else {
+                secret += c;
+            }
+        };
+        process.stdin.on('data', onData);
+    });
+}
+export function saveMcpClientSecret(serverName, serverConfig, clientSecret) {
+    const storage = getSecureStorage();
+    const existingData = storage.read() || {};
+    const serverKey = getServerKey(serverName, serverConfig);
+    storage.update({
+        ...existingData,
+        mcpOAuthClientConfig: {
+            ...existingData.mcpOAuthClientConfig,
+            [serverKey]: { clientSecret },
+        },
+    });
+}
+export function clearMcpClientConfig(serverName, serverConfig) {
+    const storage = getSecureStorage();
+    const existingData = storage.read();
+    if (!existingData?.mcpOAuthClientConfig)
+        return;
+    const serverKey = getServerKey(serverName, serverConfig);
+    if (existingData.mcpOAuthClientConfig[serverKey]) {
+        delete existingData.mcpOAuthClientConfig[serverKey];
+        storage.update(existingData);
+    }
+}
+export function getMcpClientConfig(serverName, serverConfig) {
+    const storage = getSecureStorage();
+    const data = storage.read();
+    const serverKey = getServerKey(serverName, serverConfig);
+    return data?.mcpOAuthClientConfig?.[serverKey];
+}
+/**
+ * Safely extracts scope information from AuthorizationServerMetadata.
+ * The metadata can be either OAuthMetadata or OpenIdProviderDiscoveryMetadata,
+ * and different providers use different fields for scope information.
+ */
+function getScopeFromMetadata(metadata) {
+    if (!metadata)
+        return undefined;
+    // Try 'scope' first (non-standard but used by some providers)
+    if ('scope' in metadata && typeof metadata.scope === 'string') {
+        return metadata.scope;
+    }
+    // Try 'default_scope' (non-standard but used by some providers)
+    if ('default_scope' in metadata &&
+        typeof metadata.default_scope === 'string') {
+        return metadata.default_scope;
+    }
+    // Fall back to scopes_supported (standard OAuth 2.0 field)
+    if (metadata.scopes_supported && Array.isArray(metadata.scopes_supported)) {
+        return metadata.scopes_supported.join(' ');
+    }
+    return undefined;
+}