@keystrokehq/cli 0.0.20 → 0.0.22

package/dist/schemas-D2zfmyC-.mjs

@@ -0,0 +1,671 @@
+#!/usr/bin/env node
+
+import { z } from "zod";
+//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/utils.js
+function extractDateElements(date) {
+	return {
+		second: date.getSeconds(),
+		minute: date.getMinutes(),
+		hour: date.getHours(),
+		day: date.getDate(),
+		month: date.getMonth(),
+		weekday: date.getDay(),
+		year: date.getFullYear()
+	};
+}
+function getDaysInMonth(year, month) {
+	return new Date(year, month + 1, 0).getDate();
+}
+function getDaysBetweenWeekdays(weekday1, weekday2) {
+	if (weekday1 <= weekday2) return weekday2 - weekday1;
+	return 6 - weekday1 + weekday2 + 1;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/cron.js
+var Cron = class {
+	constructor({ seconds, minutes, hours, days, months, weekdays }) {
+		if (!seconds || seconds.size === 0) throw new Error("There must be at least one allowed second.");
+		if (!minutes || minutes.size === 0) throw new Error("There must be at least one allowed minute.");
+		if (!hours || hours.size === 0) throw new Error("There must be at least one allowed hour.");
+		if (!months || months.size === 0) throw new Error("There must be at least one allowed month.");
+		if ((!weekdays || weekdays.size === 0) && (!days || days.size === 0)) throw new Error("There must be at least one allowed day or weekday.");
+		this.seconds = Array.from(seconds).sort((a, b) => a - b);
+		this.minutes = Array.from(minutes).sort((a, b) => a - b);
+		this.hours = Array.from(hours).sort((a, b) => a - b);
+		this.days = Array.from(days).sort((a, b) => a - b);
+		this.months = Array.from(months).sort((a, b) => a - b);
+		this.weekdays = Array.from(weekdays).sort((a, b) => a - b);
+		const validateData = (name, data, constraint) => {
+			if (data.some((x) => typeof x !== "number" || x % 1 !== 0 || x < constraint.min || x > constraint.max)) throw new Error(`${name} must only consist of integers which are within the range of ${constraint.min} and ${constraint.max}`);
+		};
+		validateData("seconds", this.seconds, {
+			min: 0,
+			max: 59
+		});
+		validateData("minutes", this.minutes, {
+			min: 0,
+			max: 59
+		});
+		validateData("hours", this.hours, {
+			min: 0,
+			max: 23
+		});
+		validateData("days", this.days, {
+			min: 1,
+			max: 31
+		});
+		validateData("months", this.months, {
+			min: 0,
+			max: 11
+		});
+		validateData("weekdays", this.weekdays, {
+			min: 0,
+			max: 6
+		});
+		this.reversed = {
+			seconds: this.seconds.map((x) => x).reverse(),
+			minutes: this.minutes.map((x) => x).reverse(),
+			hours: this.hours.map((x) => x).reverse(),
+			days: this.days.map((x) => x).reverse(),
+			months: this.months.map((x) => x).reverse(),
+			weekdays: this.weekdays.map((x) => x).reverse()
+		};
+	}
+	/**
+	* Find the next or previous hour, starting from the given start hour that matches the hour constraint.
+	* startHour itself might also be allowed.
+	*/
+	findAllowedHour(dir, startHour) {
+		return dir === "next" ? this.hours.find((x) => x >= startHour) : this.reversed.hours.find((x) => x <= startHour);
+	}
+	/**
+	* Find the next or previous minute, starting from the given start minute that matches the minute constraint.
+	* startMinute itself might also be allowed.
+	*/
+	findAllowedMinute(dir, startMinute) {
+		return dir === "next" ? this.minutes.find((x) => x >= startMinute) : this.reversed.minutes.find((x) => x <= startMinute);
+	}
+	/**
+	* Find the next or previous second, starting from the given start second that matches the second constraint.
+	* startSecond itself IS NOT allowed.
+	*/
+	findAllowedSecond(dir, startSecond) {
+		return dir === "next" ? this.seconds.find((x) => x > startSecond) : this.reversed.seconds.find((x) => x < startSecond);
+	}
+	/**
+	* Find the next or previous time, starting from the given start time that matches the hour, minute
+	* and second constraints. startTime itself might also be allowed.
+	*/
+	findAllowedTime(dir, startTime) {
+		let hour = this.findAllowedHour(dir, startTime.hour);
+		if (hour !== void 0) if (hour === startTime.hour) {
+			let minute = this.findAllowedMinute(dir, startTime.minute);
+			if (minute !== void 0) if (minute === startTime.minute) {
+				const second = this.findAllowedSecond(dir, startTime.second);
+				if (second !== void 0) return {
+					hour,
+					minute,
+					second
+				};
+				minute = this.findAllowedMinute(dir, dir === "next" ? startTime.minute + 1 : startTime.minute - 1);
+				if (minute !== void 0) return {
+					hour,
+					minute,
+					second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
+				};
+			} else return {
+				hour,
+				minute,
+				second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
+			};
+			hour = this.findAllowedHour(dir, dir === "next" ? startTime.hour + 1 : startTime.hour - 1);
+			if (hour !== void 0) return {
+				hour,
+				minute: dir === "next" ? this.minutes[0] : this.reversed.minutes[0],
+				second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
+			};
+		} else return {
+			hour,
+			minute: dir === "next" ? this.minutes[0] : this.reversed.minutes[0],
+			second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
+		};
+	}
+	/**
+	* Find the next or previous day in the given month, starting from the given startDay
+	* that matches either the day or the weekday constraint. startDay itself might also be allowed.
+	*/
+	findAllowedDayInMonth(dir, year, month, startDay) {
+		var _a, _b;
+		if (startDay < 1) throw new Error("startDay must not be smaller than 1.");
+		const daysInMonth = getDaysInMonth(year, month);
+		const daysRestricted = this.days.length !== 31;
+		const weekdaysRestricted = this.weekdays.length !== 7;
+		if (!daysRestricted && !weekdaysRestricted) {
+			if (startDay > daysInMonth) return dir === "next" ? void 0 : daysInMonth;
+			return startDay;
+		}
+		let allowedDayByDays;
+		if (daysRestricted) {
+			allowedDayByDays = dir === "next" ? this.days.find((x) => x >= startDay) : this.reversed.days.find((x) => x <= startDay);
+			if (allowedDayByDays !== void 0 && allowedDayByDays > daysInMonth) allowedDayByDays = void 0;
+		}
+		let allowedDayByWeekdays;
+		if (weekdaysRestricted) {
+			const startWeekday = new Date(year, month, startDay).getDay();
+			const nearestAllowedWeekday = dir === "next" ? (_a = this.weekdays.find((x) => x >= startWeekday)) !== null && _a !== void 0 ? _a : this.weekdays[0] : (_b = this.reversed.weekdays.find((x) => x <= startWeekday)) !== null && _b !== void 0 ? _b : this.reversed.weekdays[0];
+			if (nearestAllowedWeekday !== void 0) {
+				const daysBetweenWeekdays = dir === "next" ? getDaysBetweenWeekdays(startWeekday, nearestAllowedWeekday) : getDaysBetweenWeekdays(nearestAllowedWeekday, startWeekday);
+				allowedDayByWeekdays = dir === "next" ? startDay + daysBetweenWeekdays : startDay - daysBetweenWeekdays;
+				if (allowedDayByWeekdays > daysInMonth || allowedDayByWeekdays < 1) allowedDayByWeekdays = void 0;
+			}
+		}
+		if (allowedDayByDays !== void 0 && allowedDayByWeekdays !== void 0) return dir === "next" ? Math.min(allowedDayByDays, allowedDayByWeekdays) : Math.max(allowedDayByDays, allowedDayByWeekdays);
+		if (allowedDayByDays !== void 0) return allowedDayByDays;
+		if (allowedDayByWeekdays !== void 0) return allowedDayByWeekdays;
+	}
+	/** Gets the next date starting from the given start date or now. */
+	getNextDate(startDate = /* @__PURE__ */ new Date()) {
+		const startDateElements = extractDateElements(startDate);
+		let minYear = startDateElements.year;
+		let startIndexMonth = this.months.findIndex((x) => x >= startDateElements.month);
+		if (startIndexMonth === -1) {
+			startIndexMonth = 0;
+			minYear++;
+		}
+		const maxIterations = this.months.length * 5;
+		for (let i = 0; i < maxIterations; i++) {
+			const year = minYear + Math.floor((startIndexMonth + i) / this.months.length);
+			const month = this.months[(startIndexMonth + i) % this.months.length];
+			const isStartMonth = year === startDateElements.year && month === startDateElements.month;
+			let day = this.findAllowedDayInMonth("next", year, month, isStartMonth ? startDateElements.day : 1);
+			let isStartDay = isStartMonth && day === startDateElements.day;
+			if (day !== void 0 && isStartDay) {
+				const nextTime = this.findAllowedTime("next", startDateElements);
+				if (nextTime !== void 0) return new Date(year, month, day, nextTime.hour, nextTime.minute, nextTime.second);
+				day = this.findAllowedDayInMonth("next", year, month, day + 1);
+				isStartDay = false;
+			}
+			if (day !== void 0 && !isStartDay) return new Date(year, month, day, this.hours[0], this.minutes[0], this.seconds[0]);
+		}
+		throw new Error("No valid next date was found.");
+	}
+	/** Gets the specified amount of future dates starting from the given start date or now. */
+	getNextDates(amount, startDate) {
+		const dates = [];
+		let nextDate;
+		for (let i = 0; i < amount; i++) {
+			nextDate = this.getNextDate(nextDate !== null && nextDate !== void 0 ? nextDate : startDate);
+			dates.push(nextDate);
+		}
+		return dates;
+	}
+	/**
+	* Get an ES6 compatible iterator which iterates over the next dates starting from startDate or now.
+	* The iterator runs until the optional endDate is reached or forever.
+	*/
+	*getNextDatesIterator(startDate, endDate) {
+		let nextDate;
+		while (true) {
+			nextDate = this.getNextDate(nextDate !== null && nextDate !== void 0 ? nextDate : startDate);
+			if (endDate && endDate.getTime() < nextDate.getTime()) return;
+			yield nextDate;
+		}
+	}
+	/** Gets the previous date starting from the given start date or now. */
+	getPrevDate(startDate = /* @__PURE__ */ new Date()) {
+		const startDateElements = extractDateElements(startDate);
+		let maxYear = startDateElements.year;
+		let startIndexMonth = this.reversed.months.findIndex((x) => x <= startDateElements.month);
+		if (startIndexMonth === -1) {
+			startIndexMonth = 0;
+			maxYear--;
+		}
+		const maxIterations = this.reversed.months.length * 5;
+		for (let i = 0; i < maxIterations; i++) {
+			const year = maxYear - Math.floor((startIndexMonth + i) / this.reversed.months.length);
+			const month = this.reversed.months[(startIndexMonth + i) % this.reversed.months.length];
+			const isStartMonth = year === startDateElements.year && month === startDateElements.month;
+			let day = this.findAllowedDayInMonth("prev", year, month, isStartMonth ? startDateElements.day : getDaysInMonth(year, month));
+			let isStartDay = isStartMonth && day === startDateElements.day;
+			if (day !== void 0 && isStartDay) {
+				const prevTime = this.findAllowedTime("prev", startDateElements);
+				if (prevTime !== void 0) return new Date(year, month, day, prevTime.hour, prevTime.minute, prevTime.second);
+				if (day > 1) {
+					day = this.findAllowedDayInMonth("prev", year, month, day - 1);
+					isStartDay = false;
+				}
+			}
+			if (day !== void 0 && !isStartDay) return new Date(year, month, day, this.reversed.hours[0], this.reversed.minutes[0], this.reversed.seconds[0]);
+		}
+		throw new Error("No valid previous date was found.");
+	}
+	/** Gets the specified amount of previous dates starting from the given start date or now. */
+	getPrevDates(amount, startDate) {
+		const dates = [];
+		let prevDate;
+		for (let i = 0; i < amount; i++) {
+			prevDate = this.getPrevDate(prevDate !== null && prevDate !== void 0 ? prevDate : startDate);
+			dates.push(prevDate);
+		}
+		return dates;
+	}
+	/**
+	* Get an ES6 compatible iterator which iterates over the previous dates starting from startDate or now.
+	* The iterator runs until the optional endDate is reached or forever.
+	*/
+	*getPrevDatesIterator(startDate, endDate) {
+		let prevDate;
+		while (true) {
+			prevDate = this.getPrevDate(prevDate !== null && prevDate !== void 0 ? prevDate : startDate);
+			if (endDate && endDate.getTime() > prevDate.getTime()) return;
+			yield prevDate;
+		}
+	}
+	/** Returns true when there is a cron date at the given date. */
+	matchDate(date) {
+		const { second, minute, hour, day, month, weekday } = extractDateElements(date);
+		if (this.seconds.indexOf(second) === -1 || this.minutes.indexOf(minute) === -1 || this.hours.indexOf(hour) === -1 || this.months.indexOf(month) === -1) return false;
+		if (this.days.length !== 31 && this.weekdays.length !== 7) return this.days.indexOf(day) !== -1 || this.weekdays.indexOf(weekday) !== -1;
+		return this.days.indexOf(day) !== -1 && this.weekdays.indexOf(weekday) !== -1;
+	}
+};
+//#endregion
+//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/cron-parser.js
+const secondConstraint = {
+	min: 0,
+	max: 59
+};
+const minuteConstraint = {
+	min: 0,
+	max: 59
+};
+const hourConstraint = {
+	min: 0,
+	max: 23
+};
+const dayConstraint = {
+	min: 1,
+	max: 31
+};
+const monthConstraint = {
+	min: 1,
+	max: 12,
+	aliases: {
+		jan: "1",
+		feb: "2",
+		mar: "3",
+		apr: "4",
+		may: "5",
+		jun: "6",
+		jul: "7",
+		aug: "8",
+		sep: "9",
+		oct: "10",
+		nov: "11",
+		dec: "12"
+	}
+};
+const weekdayConstraint = {
+	min: 0,
+	max: 7,
+	aliases: {
+		mon: "1",
+		tue: "2",
+		wed: "3",
+		thu: "4",
+		fri: "5",
+		sat: "6",
+		sun: "7"
+	}
+};
+const timeNicknames = {
+	"@yearly": "0 0 1 1 *",
+	"@annually": "0 0 1 1 *",
+	"@monthly": "0 0 1 * *",
+	"@weekly": "0 0 * * 0",
+	"@daily": "0 0 * * *",
+	"@hourly": "0 * * * *",
+	"@minutely": "* * * * *"
+};
+function parseElement(element, constraint) {
+	const result = /* @__PURE__ */ new Set();
+	if (element === "*") {
+		for (let i = constraint.min; i <= constraint.max; i = i + 1) result.add(i);
+		return result;
+	}
+	const listElements = element.split(",");
+	if (listElements.length > 1) {
+		for (const listElement of listElements) {
+			const parsedListElement = parseElement(listElement, constraint);
+			for (const x of parsedListElement) result.add(x);
+		}
+		return result;
+	}
+	const parseSingleElement = (singleElement) => {
+		var _a, _b;
+		singleElement = (_b = (_a = constraint.aliases) === null || _a === void 0 ? void 0 : _a[singleElement.toLowerCase()]) !== null && _b !== void 0 ? _b : singleElement;
+		const parsedElement = Number.parseInt(singleElement, 10);
+		if (Number.isNaN(parsedElement)) throw new Error(`Failed to parse ${element}: ${singleElement} is NaN.`);
+		if (parsedElement < constraint.min || parsedElement > constraint.max) throw new Error(`Failed to parse ${element}: ${singleElement} is outside of constraint range of ${constraint.min} - ${constraint.max}.`);
+		return parsedElement;
+	};
+	const rangeSegments = /^(([0-9a-zA-Z]+)-([0-9a-zA-Z]+)|\*)(\/([0-9]+))?$/.exec(element);
+	if (rangeSegments === null) {
+		result.add(parseSingleElement(element));
+		return result;
+	}
+	let parsedStart = rangeSegments[1] === "*" ? constraint.min : parseSingleElement(rangeSegments[2]);
+	const parsedEnd = rangeSegments[1] === "*" ? constraint.max : parseSingleElement(rangeSegments[3]);
+	if (constraint === weekdayConstraint && parsedStart === 7 && parsedEnd !== 7) parsedStart = 0;
+	if (parsedStart > parsedEnd) throw new Error(`Failed to parse ${element}: Invalid range (start: ${parsedStart}, end: ${parsedEnd}).`);
+	const step = rangeSegments[5];
+	let parsedStep = 1;
+	if (step !== void 0) {
+		parsedStep = Number.parseInt(step, 10);
+		if (Number.isNaN(parsedStep)) throw new Error(`Failed to parse step: ${step} is NaN.`);
+		if (parsedStep < 1) throw new Error(`Failed to parse step: Expected ${step} to be greater than 0.`);
+	}
+	for (let i = parsedStart; i <= parsedEnd; i = i + parsedStep) result.add(i);
+	return result;
+}
+/** Parses a cron expression into a Cron instance. */
+function parseCronExpression(cronExpression) {
+	var _a;
+	if (typeof cronExpression !== "string") throw new TypeError("Invalid cron expression: must be of type string.");
+	cronExpression = (_a = timeNicknames[cronExpression.toLowerCase()]) !== null && _a !== void 0 ? _a : cronExpression;
+	const elements = cronExpression.split(" ").filter((elem) => elem.length > 0);
+	if (elements.length < 5 || elements.length > 6) throw new Error("Invalid cron expression: expected 5 or 6 elements.");
+	const rawSeconds = elements.length === 6 ? elements[0] : "0";
+	const rawMinutes = elements.length === 6 ? elements[1] : elements[0];
+	const rawHours = elements.length === 6 ? elements[2] : elements[1];
+	const rawDays = elements.length === 6 ? elements[3] : elements[2];
+	const rawMonths = elements.length === 6 ? elements[4] : elements[3];
+	const rawWeekdays = elements.length === 6 ? elements[5] : elements[4];
+	return new Cron({
+		seconds: parseElement(rawSeconds, secondConstraint),
+		minutes: parseElement(rawMinutes, minuteConstraint),
+		hours: parseElement(rawHours, hourConstraint),
+		days: parseElement(rawDays, dayConstraint),
+		months: new Set(Array.from(parseElement(rawMonths, monthConstraint)).map((x) => x - 1)),
+		weekdays: new Set(Array.from(parseElement(rawWeekdays, weekdayConstraint)).map((x) => x % 7))
+	});
+}
+//#endregion
+//#region ../../packages/core/src/shared/schema.ts
+const MAX_JSON_DEPTH = 20;
+function buildJsonValueSchema(depth) {
+	const primitives = z.union([
+		z.string(),
+		z.number(),
+		z.boolean(),
+		z.null()
+	]);
+	if (depth <= 0) return primitives;
+	const nested = buildJsonValueSchema(depth - 1);
+	return z.union([
+		primitives,
+		z.array(nested),
+		z.record(z.string(), nested)
+	]);
+}
+const jsonValueSchema = buildJsonValueSchema(MAX_JSON_DEPTH);
+const jsonSchemaObject = z.record(z.string(), jsonValueSchema);
+const anyZodSchemaSchema = z.custom((value) => value instanceof z.ZodType, "Expected a Zod schema");
+const zodObjectSchema = z.custom((value) => value instanceof z.ZodObject, "Expected a Zod object schema");
+/**
+* Creates a Zod schema that validates an object structurally by checking
+* for required properties. This avoids `instanceof` checks which fail
+* when class definitions are duplicated across bundle boundaries.
+*/
+function createStructuralSchema(requiredKeys, label) {
+	return z.custom((value) => value != null && (typeof value === "object" || typeof value === "function") && requiredKeys.every((key) => key in value), `Expected ${label}`);
+}
+function trimmedNonEmptyString(fieldName) {
+	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` });
+}
+/** Trimmed string with at least one character; no upper length limit. */
+function trimmedNonEmptyStringUnbounded(fieldName) {
+	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` });
+}
+/**
+* Non-empty trimmed string restricted to URL-safe characters.
+* Use for IDs (workflow, step, etc.) that must be safe in URLs, env vars, and as object keys.
+*/
+function idNoSpacesString(fieldName) {
+	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_-]+$/.test(s), { error: `${fieldName} must only contain letters, numbers, hyphens, and underscores` });
+}
+/**
+* Non-empty trimmed string for credential definition ids.
+* Allows namespaced ids such as `keystroke:slack` plus letters, numbers,
+* hyphens, and underscores.
+*/
+function credentialSetIdString(fieldName) {
+	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_:-]+$/.test(s), { error: `${fieldName} must only contain letters, numbers, hyphens, underscores, and colons` });
+}
+function optionalTrimmedNonEmptyString(fieldName) {
+	return trimmedNonEmptyString(fieldName).optional();
+}
+function descriptionString(fieldName) {
+	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(1024, { error: `${fieldName} cannot exceed 1024 characters` });
+}
+function optionalDescriptionString(fieldName) {
+	return descriptionString(fieldName).optional();
+}
+//#endregion
+//#region ../../packages/core/src/credential-set/constants.ts
+/**
+* Shared constants for the credential/connection system.
+* Defined in core (bottom of dependency chain) so all packages can import them.
+*/
+const CREDENTIAL_EXPOSURES = {
+	"user-runtime": "user-runtime",
+	"platform-only": "platform-only"
+};
+//#endregion
+//#region ../../packages/core/src/credential-set/schemas.ts
+const credentialSetProxyInjectionSchema = z.object({
+	/** Substitute placeholder in HTTP headers (default: true). */
+	headers: z.boolean().optional(),
+	/** Substitute placeholder in the HTTP Basic Auth credential (default: true). */
+	basicAuth: z.boolean().optional(),
+	/** Substitute placeholder in URL query params (default: false).
+	*  Use for APIs that authenticate via `?api_key=...` (Google Maps, OWM, etc.). */
+	queryParams: z.boolean().optional(),
+	/** Substitute placeholder in the HTTP request body (default: false).
+	*  Use for form-encoded auth payloads (Stripe, AWS SigV4 query, etc.). */
+	body: z.boolean().optional()
+});
+const credentialSetProxyConfigSchema = z.object({
+	/** Exact-match host allowlist (forwarded to SecretBuilder.allowHost). */
+	hosts: z.array(z.string().min(1)).optional(),
+	/** Wildcard host allowlist (forwarded to SecretBuilder.allowHostPattern).
+	*  Example: `["*.browserbase.com"]` covers any subdomain. */
+	hostPatterns: z.array(z.string().min(1)).optional(),
+	/** Per-scope substitution toggles. Omit to use SDK defaults. */
+	injection: credentialSetProxyInjectionSchema.optional()
+});
+const onCredentialRevokedSchema = z.enum(["fail", "retry-once"]);
+const credentialExposureSchema = z.enum([CREDENTIAL_EXPOSURES["user-runtime"], CREDENTIAL_EXPOSURES["platform-only"]]);
+const connectionMetadataConfigSchema = z.object({
+	id: credentialSetIdString("Credential connection id").optional(),
+	label: optionalTrimmedNonEmptyString("Credential connection label"),
+	description: optionalDescriptionString("Credential connection description"),
+	recommended: z.boolean().optional(),
+	advanced: z.boolean().optional(),
+	needsRawSecret: z.boolean().optional()
+});
+const connectionMetadataManifestSchema = connectionMetadataConfigSchema;
+const registeredDescriptorSchema = z.object({
+	id: trimmedNonEmptyString("Registered descriptor id"),
+	config: z.record(z.string(), z.unknown()).optional()
+});
+const registeredResolverDescriptorSchema = registeredDescriptorSchema.extend({ cacheMs: z.number().int().nonnegative().optional() });
+const manualConnectionConfigSchema = connectionMetadataConfigSchema.extend({
+	kind: z.literal("manual"),
+	input: zodObjectSchema.optional(),
+	instructions: z.string().min(1).optional(),
+	validate: z.function().optional()
+});
+const manualConnectionFieldManifestSchema = z.object({
+	key: z.string().min(1),
+	label: z.string().min(1),
+	description: z.string().min(1).optional(),
+	optional: z.boolean(),
+	secret: z.literal(true)
+});
+const manualConnectionConfigManifestSchema = connectionMetadataManifestSchema.extend({
+	kind: z.literal("manual"),
+	input: jsonSchemaObject.optional(),
+	fields: z.array(manualConnectionFieldManifestSchema).optional(),
+	generated: z.boolean().optional(),
+	instructions: z.string().min(1).optional()
+});
+/** Declarative form of `Vault` — strings typed against the credential set's
+* stored/auth schema keys at the {@link CredentialSetConfig} boundary; the Zod
+* schema here enforces non-empty strings only. `CredentialSet` itself performs
+* the schema-key membership check at construction time. */
+const vaultMappingSchema = z.object({
+	accessToken: z.string().min(1),
+	refreshToken: z.string().min(1).optional(),
+	instanceUrl: z.string().min(1).optional(),
+	raw: z.record(z.string().min(1), z.string().min(1)).optional()
+});
+/** Function form of `Vault` — an object pairing the access-token vault key
+*  (`accessTokenKey`) with the `build` function that computes the full vault
+*  write map. The explicit key keeps the disconnect path's revocation read
+*  reliable even when `build` transforms the access token. */
+const vaultMappingFnSchema = z.object({
+	accessTokenKey: z.string().min(1),
+	build: z.custom((val) => typeof val === "function", { message: "vault.build must be a function." })
+});
+/** Runtime shape of `Vault`. Accepts either the declarative mapping or the
+*  function-form object `{ accessTokenKey, build }`. */
+const vaultConfigSchema = z.union([vaultMappingSchema, vaultMappingFnSchema], { error: "vault must be a declarative mapping object or a `{ accessTokenKey, build }` object." });
+/** Manifest projection of `Vault` — declarative mappings serialize verbatim;
+* function-form mappings serialize as `{ kind: 'function', accessTokenKey }`
+* since closures are not manifest-safe but the access-token key is. */
+const vaultManifestSchema = z.discriminatedUnion("kind", [z.object({
+	kind: z.literal("declarative"),
+	accessToken: z.string().min(1),
+	refreshToken: z.string().min(1).optional(),
+	instanceUrl: z.string().min(1).optional(),
+	raw: z.record(z.string().min(1), z.string().min(1)).optional()
+}), z.object({
+	kind: z.literal("function"),
+	accessTokenKey: z.string().min(1)
+})]);
+const oauthConnectionConfigBaseSchema = z.object({
+	kind: z.literal("oauth"),
+	authUrl: z.string().url(),
+	tokenUrl: z.string().url(),
+	scopes: z.array(z.string()).readonly(),
+	revokeUrl: z.string().url().nullable().optional(),
+	tokenType: z.enum(["long-lived", "refreshable"]),
+	pkce: z.boolean().optional(),
+	/** Fallback token lifetime when the provider omits `expires_in`. Positive
+	*  integer seconds. Shared between config + manifest schemas (both extend
+	*  this base). */
+	defaultExpiresInSeconds: z.number().int().positive().optional()
+});
+const oauthConnectionConfigSchema = oauthConnectionConfigBaseSchema.extend({
+	...connectionMetadataConfigSchema.shape,
+	vault: vaultConfigSchema,
+	oauth: registeredDescriptorSchema.optional(),
+	buildAuthUrl: z.function().optional(),
+	exchangeCode: z.function().optional(),
+	refreshToken: z.function().optional(),
+	extractInstallationInfo: z.function().optional(),
+	validate: z.function().optional()
+});
+const oauthConnectionConfigManifestSchema = oauthConnectionConfigBaseSchema.extend({
+	...connectionMetadataManifestSchema.shape,
+	vault: vaultManifestSchema,
+	oauth: registeredDescriptorSchema.optional()
+});
+const credentialsExchangeConnectionConfigSchema = connectionMetadataConfigSchema.extend({
+	kind: z.literal("credentials-exchange"),
+	instructions: z.string().min(1).optional(),
+	input: zodObjectSchema
+}).extend({
+	exchange: z.function(),
+	rotate: z.function().optional(),
+	validate: z.function().optional()
+});
+/** Manifest projection of `CredentialsExchangeConnectionConfig` — only the
+*  declarative `input` schema (rendered as JSON Schema) and `instructions`
+*  copy survive serialization. The three hooks (`exchange`, `rotate`,
+*  `validate`) are runtime closures and are stripped. */
+const credentialsExchangeConnectionConfigManifestSchema = z.object({
+	kind: z.literal("credentials-exchange"),
+	...connectionMetadataManifestSchema.shape,
+	instructions: z.string().min(1).optional(),
+	input: jsonSchemaObject
+});
+const exchangeCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({
+	kind: z.literal("exchange"),
+	input: zodObjectSchema,
+	exchange: registeredDescriptorSchema
+});
+const exchangeCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({
+	kind: z.literal("exchange"),
+	input: jsonSchemaObject,
+	exchange: registeredDescriptorSchema
+});
+const dynamicCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({
+	kind: z.literal("dynamic"),
+	input: zodObjectSchema.optional(),
+	resolver: registeredResolverDescriptorSchema
+});
+const dynamicCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({
+	kind: z.literal("dynamic"),
+	input: jsonSchemaObject.optional(),
+	resolver: registeredResolverDescriptorSchema
+});
+const platformCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({ kind: z.literal("platform") });
+const platformCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({ kind: z.literal("platform") });
+const connectionConfigSchema = z.discriminatedUnion("kind", [
+	manualConnectionConfigSchema,
+	oauthConnectionConfigSchema,
+	credentialsExchangeConnectionConfigSchema,
+	exchangeCredentialConnectionConfigSchema,
+	dynamicCredentialConnectionConfigSchema,
+	platformCredentialConnectionConfigSchema
+]);
+/** Manifest projection of `ConnectionConfig` — declarative metadata only. */
+const connectionConfigManifestSchema = z.discriminatedUnion("kind", [
+	manualConnectionConfigManifestSchema,
+	oauthConnectionConfigManifestSchema,
+	credentialsExchangeConnectionConfigManifestSchema,
+	exchangeCredentialConnectionManifestSchema,
+	dynamicCredentialConnectionManifestSchema,
+	platformCredentialConnectionManifestSchema
+]);
+const CredentialSetManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("credentialSet"),
+	id: credentialSetIdString("Credential set id"),
+	name: trimmedNonEmptyString("Credential set name"),
+	description: optionalDescriptionString("Credential set description"),
+	auth: jsonSchemaObject,
+	exposure: credentialExposureSchema.optional(),
+	proxy: credentialSetProxyConfigSchema.optional(),
+	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
+	needsRawSecret: z.boolean().optional(),
+	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
+	onCredentialRevoked: onCredentialRevokedSchema.optional(),
+	connections: z.array(connectionConfigManifestSchema).optional()
+});
+z.object({
+	id: credentialSetIdString("Credential set id"),
+	name: optionalTrimmedNonEmptyString("Credential set name"),
+	description: optionalDescriptionString("Credential set description"),
+	auth: zodObjectSchema,
+	exposure: credentialExposureSchema.optional(),
+	proxy: credentialSetProxyConfigSchema.optional(),
+	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
+	needsRawSecret: z.boolean().optional(),
+	onCredentialRevoked: onCredentialRevokedSchema.optional(),
+	connections: z.array(connectionConfigSchema).readonly().optional()
+});
+//#endregion
+export { descriptionString as a, optionalDescriptionString as c, trimmedNonEmptyStringUnbounded as d, parseCronExpression as f, createStructuralSchema as i, optionalTrimmedNonEmptyString as l, credentialSetProxyConfigSchema as n, idNoSpacesString as o, anyZodSchemaSchema as r, jsonSchemaObject as s, CredentialSetManifestSchema as t, trimmedNonEmptyString as u };

package/dist/{skills-sync.handler-CYkCeuQn.mjs → skills-sync.handler-09mDbx5q.mjs}

@@ -2,7 +2,7 @@
 
 import { D as CliExitError, a as ui } from "./keystroke.mjs";
 import { i as writeJson, r as isJsonMode } from "./output-BWcVRt-T.mjs";
-import { i as UnknownSkillAgentError, n as resolveSkillInstallChoices, r as installKeystrokeAgentSkills, t as summarizeSkillInstall } from "./skill-installer-CYFshTBy.mjs";
+import { i as UnknownSkillAgentError, n as resolveSkillInstallChoices, r as installKeystrokeAgentSkills, t as summarizeSkillInstall } from "./skill-installer-Cm9hF6OB.mjs";
 import path from "node:path";
 //#region src/commands/skills/skills-sync.handler.ts
 async function handleSkillsSync(options, _ctx) {