@ninemind/agentgem 0.2.0 → 0.3.0

package/README.md

@@ -39,7 +39,9 @@ call exactly the same thing.
   larger agents with a single re-resolved lock, not a pile of overlapping config.
 - **Workflow-aware recommendations** — [Analyze](docs/analyze.md) scans your agent's
   session history to see which skills, MCP servers, and hooks you actually use, and
-  suggests ready-to-build Gems grouped by recurring workflow.
+  suggests ready-to-build Gems grouped by recurring workflow. It also **distills brand-new
+  draft skills** from the procedures you repeat by hand — review them and fold them
+  straight into a Gem.
 - **Deploy targets** — Eve and OpenAI Sandbox (code-gen), Flue (materialize, deployable to
   Cloudflare), and Bedrock AgentCore (managed backend); code-gen targets share a common
   `compose` step.

package/dist/gem/acpRecommender.js

@@ -5,11 +5,9 @@
 // cluster/name/justify a Gem. The agent only ranks and explains — its output is
 // re-validated against the inventory (the source of truth), and any failure
 // degrades to a deterministic frequency-based recommendation. Never throws.
-import { spawn } from "node:child_process";
-import { mkdirSync } from "node:fs";
 import { join } from "node:path";
-import { Readable, Writable } from "node:stream";
 import { agentgemHome } from "../resolveDir.js";
+import { connectAcpAdapter } from "./acpSession.js";
 // Instructions are a boolean on ProjectSelection, not a named include.
 const SELECTABLE = ["skill", "mcp_server", "hook"];
 // Pinned Claude ACP adapter (npm: @agentclientprotocol/claude-agent-acp).
@@ -21,8 +19,10 @@ export const CLAUDE_AGENT = { id: "claude-code", name: "Claude Code", command: [
 // over the JSON brief, so its cwd is irrelevant to the result.
 export function analysisWorkspace() { return join(agentgemHome(), ".agentgem", "analysis"); }
 let testConnectFn = null;
-/** Test-only seam: route recommendWorkflow through an in-process fake agent. */
+/** Test-only seam: route recommendWorkflow + distillWorkflow through an in-process fake agent. */
 export function setConnectFnForTests(fn) { testConnectFn = fn; }
+/** The active test connect fn (or null). distillWorkflow shares this seam. */
+export function currentTestConnectFn() { return testConnectFn; }
 // ── Deterministic analysis (fallback + the agent's baseline) ─────────────────
 // One frequency-based candidate. Multi-candidate splitting is the agent's value-add;
 // the deterministic fallback stays a single coherent Gem.
@@ -49,7 +49,7 @@ export function deterministicAnalysis(signal) {
             include,
             confidence: "medium",
         }] : [];
-    return { candidates, gaps };
+    return { candidates, gaps, distilled: [] };
 }
 /**
  * Map a validated candidate to a GemSelection. Global artifacts (root===null)
@@ -154,7 +154,7 @@ export function validateAnalysis(raw, inv, signal) {
     if (!candidates.length)
         return fallback;
     const gaps = Array.isArray(obj.gaps) ? obj.gaps.filter((g) => typeof g === "string") : fallback.gaps;
-    return { candidates, gaps };
+    return { candidates, gaps, distilled: [] };
 }
 // ── The agent run ────────────────────────────────────────────────────────────
 const GROUNDING = (signalJson, inventoryJson) => `You recommend reusable "Gems" — bundles of installed artifacts for a recurring workflow.\n` +
@@ -226,78 +226,34 @@ export async function recommendWorkflow(signal, inv, opts = {}) {
     }
 }
 /**
- * Real connect: spawn the ACP adapter and bridge stdio via the SDK. Wrapped so
- * the rest of the module is SDK-agnostic. Mirrors agentback console-chat's
- * defaultConnectFn, minus the workspace PATH walk and permission routing — this
- * agent runs in plan mode and we auto-deny any permission request.
- *
- * NEEDS LIVE VALIDATION: stdio bridging + set_mode against claude-agent-acp.
+ * Real connect: route through the shared adapter plumbing in plan mode with
+ * permissions auto-denied (the recommender must never run tools), aggregating
+ * only the agent's message text into a string.
  */
 export const defaultConnectFn = async (descriptor) => {
-    const { client, ndJsonStream } = await import("@agentclientprotocol/sdk");
-    const [bin, ...args] = descriptor.command;
-    const child = spawn(bin, args, { stdio: ["pipe", "pipe", "inherit"], env: process.env });
-    await new Promise((resolve, reject) => {
-        child.once("spawn", () => resolve());
-        child.once("error", (e) => reject(new Error(`failed to spawn ${bin}: ${e.message}`)));
-    });
-    const app = client({ name: "agentgem-workflow-recommender" });
-    // Auto-deny any permission request — the recommender must not run tools.
-    app.onRequest?.("session/request_permission", async () => ({ outcome: { outcome: "cancelled" } }));
-    const input = Readable.toWeb(child.stdout);
-    const output = Writable.toWeb(child.stdin);
-    const connection = app.connect(ndJsonStream(output, input));
-    const agentCtx = connection.agent;
+    const raw = await connectAcpAdapter(descriptor, { clientName: "agentgem-workflow-recommender", permission: "deny" });
     const ctx = {
         async open(cwd) {
-            try {
-                mkdirSync(cwd, { recursive: true });
-            }
-            catch { /* best-effort */ }
-            const session = await agentCtx.buildSession(cwd).start();
-            const sessionId = session.sessionId;
+            const session = await raw.open(cwd);
             return {
-                async setMode(mode) {
-                    try {
-                        await agentCtx.request("session/set_mode", { sessionId, modeId: mode });
-                    }
-                    catch { /* best-effort */ }
-                },
+                setMode: (mode) => session.setMode(mode),
                 async promptText(text, onDelta) {
                     let out = "";
-                    void session.prompt(text);
-                    for (;;) {
-                        const msg = await session.nextUpdate();
-                        if (msg.kind === "stop")
-                            break;
-                        if (msg.kind === "session_update" && msg.update?.sessionUpdate === "agent_message_chunk") {
-                            const block = msg.update.content;
+                    await session.prompt(text, (u) => {
+                        const update = u;
+                        if (update?.sessionUpdate === "agent_message_chunk") {
+                            const block = update.content;
                             if (block?.type === "text" && typeof block.text === "string") {
                                 out += block.text;
                                 onDelta?.(block.text);
                             }
                         }
-                    }
+                    });
                     return out;
                 },
-                dispose() { try {
-                    session.dispose?.();
-                }
-                catch { /* ignore */ } },
+                dispose: () => session.dispose(),
             };
         },
     };
-    return {
-        ctx,
-        close: () => {
-            try {
-                connection.close();
-            }
-            catch { /* ignore */ }
-            try {
-                child.kill();
-            }
-            catch { /* ignore */ }
-        },
-    };
+    return { ctx, close: raw.close };
 };

package/dist/gem/acpRun.js

@@ -0,0 +1,156 @@
+// src/gem/acpRun.ts
+//
+// Runs a materialized Gem by driving a locally-installed ACP coding agent (Claude)
+// against a task, and captures what the agent DID — its message text plus the
+// trace of tool invocations. This is the trust-inversion of acpRecommender:
+//   recommender                     runner (here)
+//   ───────────                     ─────────────
+//   neutral analysisWorkspace()  →  the materialized testbed dir
+//   mode "plan" (never edits)    →  a tool-capable mode (agent uses the Gem)
+//   captures agent_message_chunk →  also captures tool_call updates
+//
+// As with the recommender, the SDK details live behind a single connectFn seam so
+// tests inject a plain fake. Unlike the recommender there is no deterministic
+// fallback — a failed run is a real outcome the caller (e.g. verification) needs,
+// so we never throw: failures surface as { ok:false, error }.
+//
+// NOTE (consolidation): the ACP façade is duplicated from acpRecommender on purpose
+// while this path is prototyped. Once both are proven, the two connectFns should be
+// unified into a shared acpSession module.
+import { connectAcpAdapter } from "./acpSession.js";
+import { selectRunBackend, envPermission } from "./sandbox.js"; // values used at call-time (safe ESM cycle)
+export function createAccumulator() {
+    return { text: "", toolCalls: [] };
+}
+export function applyUpdate(acc, update, handlers) {
+    switch (update.sessionUpdate) {
+        case "agent_message_chunk": {
+            const block = update.content;
+            if (block?.type === "text" && typeof block.text === "string") {
+                acc.text += block.text;
+                handlers?.onDelta?.(block.text);
+            }
+            return;
+        }
+        case "tool_call": {
+            if (!update.toolCallId)
+                return;
+            const tool = {
+                toolCallId: update.toolCallId,
+                title: update.title ?? "",
+                kind: update.kind,
+                status: update.status,
+            };
+            acc.toolCalls.push(tool);
+            handlers?.onToolCall?.(tool); // fires once, on start — final status lands in the result
+            return;
+        }
+        case "tool_call_update": {
+            const existing = acc.toolCalls.find((t) => t.toolCallId === update.toolCallId);
+            if (!existing)
+                return; // update for a tool we never saw start — ignore
+            if (update.status !== undefined)
+                existing.status = update.status;
+            if (update.kind !== undefined)
+                existing.kind = update.kind;
+            if (update.title !== undefined && update.title !== "")
+                existing.title = update.title;
+            return;
+        }
+        default:
+            return;
+    }
+}
+// Pinned Claude ACP adapter, same binary the recommender spawns.
+export const CLAUDE_RUN_AGENT = { id: "claude-code", name: "Claude Code", command: ["claude-agent-acp"] };
+// The default non-plan mode: lets the agent actually invoke the Gem's tools. The
+// recommender pins "plan"; the runner pins its counterpart so the trust-inversion
+// is explicit rather than incidental.
+export const DEFAULT_RUN_MODE = "default";
+// Default prompt timeout. Generous — a real Gem run can drive the agent through
+// several tool calls — but bounded so a wedged agent can't hang the caller.
+export const DEFAULT_RUN_TIMEOUT_MS = 300_000;
+function withTimeout(p, ms) {
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => reject(new Error(`agent run timed out after ${ms}ms`)), ms);
+        p.then((v) => { clearTimeout(timer); resolve(v); }, (e) => { clearTimeout(timer); reject(e); });
+    });
+}
+// Test seam: route runGemWithAgent through an in-process fake agent (mirrors
+// acpRecommender.setConnectFnForTests). Lets the REST/SSE surface be exercised
+// without spawning a real coding agent.
+let testConnectFn = null;
+export function setRunConnectFnForTests(fn) { testConnectFn = fn; }
+/** True when a fake agent is injected — callers skip adapter resolution/fetch. */
+export function hasTestConnectFn() { return testConnectFn !== null; }
+/**
+ * Drive a local ACP agent against `task` inside the already-materialized `dir`,
+ * returning what it did. Never throws — connection/spawn failures come back as
+ * { ok:false, error }.
+ */
+export async function runGemWithAgent(opts) {
+    const explicit = opts.connectFn ?? testConnectFn;
+    const selected = explicit ? null : selectRunBackend(opts.dir);
+    const connectFn = explicit ?? selected.connectFn;
+    const sandbox = selected
+        ? { backend: selected.backend.id, isolated: selected.backend.isolated }
+        : { backend: "injected", isolated: false };
+    const mode = opts.mode ?? DEFAULT_RUN_MODE;
+    const timeoutMs = opts.timeoutMs ?? DEFAULT_RUN_TIMEOUT_MS;
+    let conn = null;
+    let handle = null;
+    try {
+        conn = await connectFn(opts.descriptor ?? CLAUDE_RUN_AGENT, null);
+        handle = await conn.ctx.open(opts.dir); // the testbed dir — NOT a neutral one
+        await handle.setMode(mode); // tool-capable — the agent uses the Gem
+        const result = await withTimeout(handle.prompt(opts.task, opts.onDelta, opts.onToolCall), timeoutMs);
+        return { ok: true, result, sandbox };
+    }
+    catch (err) {
+        return { ok: false, result: { text: "", toolCalls: [] }, error: err.message, sandbox };
+    }
+    finally {
+        try {
+            handle?.dispose();
+        }
+        catch { /* ignore */ }
+        try {
+            conn?.close();
+        }
+        catch { /* ignore */ }
+    }
+}
+/**
+ * The shared run-session façade: connect the ACP adapter with an explicit permission
+ * policy and fold each update into a RunResult via applyUpdate, capturing the tool
+ * trace. Backends in sandbox.ts call this with a wrapped descriptor (isolated => "allow")
+ * or the raw descriptor (child-spawn => env policy).
+ *
+ * SECURITY: On the isolated path (macos-seatbelt / linux-bubblewrap), auto-allow is
+ * safe by default — the OS-native FS boundary bounds the blast radius to the run dir
+ * and temp. On the child-spawn fallback, permission is "deny" unless
+ * AGENTGEM_GEM_RUN_AUTOALLOW=1 is set (env escape hatch, retained for trusted local
+ * sessions). Combined with the loopback origin guard and the server-derived run dir,
+ * this keeps a malicious browser tab from driving a fully-permissioned local agent.
+ */
+export async function connectRunSession(descriptor, permission, _app) {
+    const raw = await connectAcpAdapter(descriptor, { clientName: "agentgem-gem-runner", permission });
+    const ctx = {
+        async open(cwd) {
+            const session = await raw.open(cwd);
+            return {
+                setMode: (mode) => session.setMode(mode),
+                async prompt(text, onDelta, onToolCall) {
+                    const acc = createAccumulator();
+                    await session.prompt(text, (u) => applyUpdate(acc, (u ?? {}), { onDelta, onToolCall }));
+                    return acc;
+                },
+                dispose: () => session.dispose(),
+            };
+        },
+    };
+    return { ctx, close: raw.close };
+}
+// Back-compat: the unsandboxed child-spawn connect, env-gated via the single source of
+// truth for the auto-allow flag (shared with sandbox.ts's child-spawn backend).
+export const defaultRunConnectFn = (descriptor, app) => connectRunSession(descriptor, envPermission(), app);

package/dist/gem/acpSession.js

@@ -0,0 +1,79 @@
+// src/gem/acpSession.ts
+//
+// The shared ACP adapter plumbing used by BOTH the workflow recommender and the
+// Gem runner: spawn the adapter binary, bridge stdio via the SDK, build a session,
+// set its mode, and pump session updates until the turn stops. The two callers
+// differ only in permission policy (deny vs allow) and how they fold updates
+// (text-only string vs structured RunResult), so those stay in the callers — this
+// module owns the boilerplate that was previously copy-pasted between them.
+//
+// NEEDS LIVE VALIDATION: stdio bridging against the real ACP adapter (covered by
+// the runner + recommender live smokes, since both now route through here).
+import { spawn } from "node:child_process";
+import { mkdirSync } from "node:fs";
+import { Readable, Writable } from "node:stream";
+export async function connectAcpAdapter(descriptor, opts) {
+    const { client, ndJsonStream, PROTOCOL_VERSION } = await import("@agentclientprotocol/sdk");
+    const [bin, ...args] = descriptor.command;
+    const child = spawn(bin, args, { stdio: ["pipe", "pipe", "inherit"], env: process.env });
+    await new Promise((resolve, reject) => {
+        child.once("spawn", () => resolve());
+        child.once("error", (e) => reject(new Error(`failed to spawn ${bin}: ${e.message}`)));
+    });
+    const app = client({ name: opts.clientName });
+    const reply = opts.permission === "allow"
+        ? { outcome: { outcome: "selected", optionId: "allow" } }
+        : { outcome: { outcome: "cancelled" } };
+    app.onRequest?.("session/request_permission", async () => reply);
+    const input = Readable.toWeb(child.stdout);
+    const output = Writable.toWeb(child.stdin);
+    const connection = app.connect(ndJsonStream(output, input));
+    const agentCtx = connection.agent;
+    // ACP requires an `initialize` handshake before any session/new. claude-agent-acp
+    // tolerated skipping it; codex-acp strictly rejects session/new with "Not
+    // initialized" (-32603) without it. We advertise no client capabilities we don't
+    // implement (no fs/terminal handlers) — both adapters write files directly.
+    await agentCtx.request("initialize", { protocolVersion: PROTOCOL_VERSION });
+    return {
+        async open(cwd) {
+            try {
+                mkdirSync(cwd, { recursive: true });
+            }
+            catch { /* best-effort */ }
+            const session = await agentCtx.buildSession(cwd).start();
+            const sessionId = session.sessionId;
+            return {
+                async setMode(mode) {
+                    try {
+                        await agentCtx.request("session/set_mode", { sessionId, modeId: mode });
+                    }
+                    catch { /* best-effort */ }
+                },
+                async prompt(text, onUpdate) {
+                    void session.prompt(text);
+                    for (;;) {
+                        const msg = await session.nextUpdate();
+                        if (msg.kind === "stop")
+                            break;
+                        if (msg.kind === "session_update")
+                            onUpdate(msg.update);
+                    }
+                },
+                dispose() { try {
+                    session.dispose?.();
+                }
+                catch { /* ignore */ } },
+            };
+        },
+        close: () => {
+            try {
+                connection.close();
+            }
+            catch { /* ignore */ }
+            try {
+                child.kill();
+            }
+            catch { /* ignore */ }
+        },
+    };
+}

package/dist/gem/analysisCache.js

@@ -10,7 +10,11 @@ import { join, dirname } from "node:path";
 import { agentgemHome } from "../resolveDir.js";
 const MAX_ENTRIES = 50;
 function cachePath() { return join(agentgemHome(), ".agentgem", "analysis-cache.json"); }
-/** A cheap validity token: transcript count + newest mtime. New/updated session → new token. */
+// Bump on any change to what an analysis result contains (the token is otherwise
+// content-blind). v2 = the payload now carries the `distilled` track, so v1 entries
+// (which lack it) must not be served (proposal §8).
+const TOKEN_VERSION = "v2";
+/** A cheap validity token: version + transcript count + newest mtime. New/updated session → new token. */
 export function transcriptToken(paths) {
     let maxMs = 0;
     for (const p of paths) {
@@ -21,7 +25,7 @@ export function transcriptToken(paths) {
         }
         catch { /* gone — ignore */ }
     }
-    return `${paths.length}:${Math.round(maxMs)}`;
+    return `${TOKEN_VERSION}:${paths.length}:${Math.round(maxMs)}`;
 }
 function readAll() {
     try {

package/dist/gem/archive.js

@@ -86,6 +86,14 @@ export function writeGemArchive(gem, opts = {}) {
             if (place(path, JSON.stringify(body, null, 2), a.name, "mcp_server"))
                 artifacts.push({ type: "mcp_server", name: a.name, path });
         }
+        else if (a.type === "channel") {
+            const path = `channels/${withExt(seg, ".json")}`;
+            const body = { platform: a.platform, secretRefs: a.secretRefs };
+            if (a.description !== undefined)
+                body.description = a.description;
+            if (place(path, JSON.stringify(body, null, 2), a.name, "channel"))
+                artifacts.push({ type: "channel", name: a.name, path });
+        }
         else {
             const path = `hooks/${withExt(seg, ".json")}`;
             const body = { event: a.event, config: a.config };
@@ -159,6 +167,15 @@ export function readGemArchive(files) {
                 a.secretRefs = o.secretRefs;
             return a;
         }
+        if (e.type === "channel") {
+            const o = JSON.parse(body(e.path));
+            const a = { type: "channel", name: e.name, platform: o.platform, secretRefs: o.secretRefs };
+            if (o.description !== undefined)
+                a.description = o.description;
+            return a;
+        }
+        if (e.type !== "hook")
+            throw new Error(`unknown artifact type '${e.type}' in manifest`);
         const o = JSON.parse(body(e.path));
         const a = { type: "hook", name: e.name, event: o.event, config: o.config };
         if (o.matcher !== undefined)

package/dist/gem/binPath.js

@@ -0,0 +1,9 @@
+// src/gem/binPath.ts
+// Leaf helper: is `binName` resolvable on the current PATH? Shared by the adapter
+// resolver (runGem) and the sandbox backend availability checks (sandbox), so neither
+// hard-codes an absolute install path for a tool that distros place in different dirs.
+import { existsSync } from "node:fs";
+import { delimiter, join } from "node:path";
+export function binOnPath(binName) {
+    return (process.env.PATH ?? "").split(delimiter).some((d) => d && existsSync(join(d, binName)));
+}

package/dist/gem/buildGem.js

@@ -1,4 +1,5 @@
 import { redactMcpConfig } from "./redact.js";
+import { makeChannelArtifact } from "./channels.js";
 export function buildGem(inventory, selection, opts = {}) {
     const artifacts = [];
     const projects = inventory.projects ?? [];
@@ -68,9 +69,11 @@ export function buildGem(inventory, selection, opts = {}) {
     });
     artifacts.length = 0;
     artifacts.push(...guarded);
+    for (const ch of opts.channels ?? [])
+        artifacts.push(makeChannelArtifact(ch.platform, ch.name));
     const requiredSecrets = [];
     for (const a of artifacts) {
-        if ((a.type === "mcp_server" || a.type === "hook") && a.secretRefs) {
+        if ((a.type === "mcp_server" || a.type === "hook" || a.type === "channel") && a.secretRefs) {
             for (const ref of a.secretRefs)
                 requiredSecrets.push({ name: ref.name, artifact: a.name, location: ref.location });
         }

package/dist/gem/channels.js

@@ -0,0 +1,29 @@
+export const CHANNEL_REGISTRY = {
+    slack: { platform: "slack", label: "Slack", eveImport: "eve/channels/slack", factory: "slackChannel", secrets: ["SLACK_BOT_TOKEN", "SLACK_SIGNING_SECRET"] },
+    telegram: { platform: "telegram", label: "Telegram", eveImport: "eve/channels/telegram", factory: "telegramChannel", secrets: ["TELEGRAM_BOT_TOKEN", "TELEGRAM_WEBHOOK_SECRET_TOKEN"] },
+    discord: { platform: "discord", label: "Discord", eveImport: "eve/channels/discord", factory: "discordChannel", secrets: ["DISCORD_BOT_TOKEN", "DISCORD_PUBLIC_KEY", "DISCORD_APPLICATION_ID"] },
+    teams: { platform: "teams", label: "Microsoft Teams", eveImport: "eve/channels/teams", factory: "teamsChannel", secrets: ["MICROSOFT_APP_ID", "MICROSOFT_APP_PASSWORD", "MICROSOFT_TENANT_ID"] },
+    twilio: { platform: "twilio", label: "Twilio", eveImport: "eve/channels/twilio", factory: "twilioChannel", secrets: ["TWILIO_ACCOUNT_SID", "TWILIO_AUTH_TOKEN"] },
+    github: { platform: "github", label: "GitHub", eveImport: "eve/channels/github", factory: "githubChannel", secrets: ["GITHUB_APP_ID", "GITHUB_APP_PRIVATE_KEY", "GITHUB_WEBHOOK_SECRET"] },
+};
+// The agent/channels/<name>.ts file Eve materialization emits. Eve channel factories read their
+// secrets from the environment, so the scaffold is the import + a zero-arg factory default export.
+// NOTE: twilioChannel() requires an `allowFrom` config; its scaffold includes the minimal required arg.
+export function channelScaffold(platform) {
+    const spec = CHANNEL_REGISTRY[platform];
+    const envComment = `// Reads ${spec.secrets.join(", ")} from the environment (set them as project env vars).\n// See https://vercel.com/docs/eve/concepts#channels\n`;
+    if (platform === "twilio") {
+        return (`import { ${spec.factory} } from ${JSON.stringify(spec.eveImport)};\n\n` +
+            envComment +
+            `export default ${spec.factory}({\n  allowFrom: "*", // restrict to your Twilio numbers in production\n});\n`);
+    }
+    return (`import { ${spec.factory} } from ${JSON.stringify(spec.eveImport)};\n\n` +
+        envComment +
+        `export default ${spec.factory}();\n`);
+}
+// Build a neutral channel artifact, resolving the platform's env-var secrets into secretRefs.
+export function makeChannelArtifact(platform, name) {
+    const spec = CHANNEL_REGISTRY[platform];
+    const secretRefs = spec.secrets.map((s) => ({ name: s, location: `env.${s}` }));
+    return { type: "channel", name: name ?? platform, platform, secretRefs };
+}

package/dist/gem/credentials.js

@@ -6,6 +6,7 @@
 import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { agentgemHome } from "../resolveDir.js";
+import { InvalidInputError } from "./inputError.js";
 // Only these keys may be set/persisted via the API — never arbitrary env vars.
 export const CREDENTIAL_KEYS = ["ANTHROPIC_API_KEY", "VERCEL_TOKEN", "CLOUDFLARE_API_TOKEN"];
 export function credentialsEnvPath(home = agentgemHome()) {
@@ -16,9 +17,9 @@ export function credentialsEnvPath(home = agentgemHome()) {
 export function setCredential(key, value, home = agentgemHome()) {
     const v = value.trim();
     if (!v)
-        throw new Error("credential value is empty");
+        throw new InvalidInputError("credential value is empty");
     if (/[\r\n]/.test(v))
-        throw new Error("credential value must be a single line");
+        throw new InvalidInputError("credential value must be a single line");
     process.env[key] = v;
     const abs = credentialsEnvPath(home);
     const kept = (existsSync(abs) ? readFileSync(abs, "utf8") : "")