npm - @noxsoft/anima - Versions diffs - 2.0.2 → 2.0.4 - Mend

@noxsoft/anima 2.0.2 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (829) hide show

package/README.md +1260 -28
package/dist/accounts-Bth3PpPD.js +260 -0
package/dist/accounts-D8CPKNkN.js +259 -0
package/dist/acp-cli-ByK6lS6c.js +1081 -0
package/dist/acp-cli-CaQCjIw4.js +1084 -0
package/dist/agent-BgIkqd3F.js +725 -0
package/dist/agent-N5BDcge4.js +725 -0
package/dist/agent-events-COH7NDW2.js +182 -0
package/dist/agent-scope-CPphqq-U.js +452 -0
package/dist/agent-scope-DZgptr9J.js +452 -0
package/dist/agent-scope-cj2QCT6R.js +112 -0
package/dist/agents-NEudYMdg.js +774 -0
package/dist/agents.config-Bujs-NIy.js +182 -0
package/dist/agents.config-jp7OLssr.js +182 -0
package/dist/argv-BMZMiW7v.js +73 -0
package/dist/audit-C-UJhfdv.js +2401 -0
package/dist/audit-CeCO7SK5.js +2401 -0
package/dist/auth-BNZsOHGF.js +648 -0
package/dist/auth-DMPZWzEa.js +639 -0
package/dist/auth-choice-5VnaGMD-.js +2681 -0
package/dist/auth-choice-DA2k4vs8.js +2681 -0
package/dist/auth-health-B7FqA26_.js +149 -0
package/dist/auth-health-VO_MPqVX.js +149 -0
package/dist/auth-profiles-BDrNYX_n.js +1564 -0
package/dist/auth-profiles-CxSHydjn.js +2689 -0
package/dist/banner-BtDZPRzi.js +294 -0
package/dist/browser-cli-8yQMpxb8.js +1679 -0
package/dist/browser-cli-Czg3JtDH.js +1676 -0
package/dist/build-info.json +3 -3
package/dist/bundled/boot-md/handler.js +16 -16
package/dist/bundled/bootstrap-extra-files/handler.js +4 -4
package/dist/bundled/command-logger/handler.js +1 -1
package/dist/bundled/session-memory/handler.js +5 -5
package/dist/call-BIzCaKZb.js +282 -0
package/dist/call-BYDpTVCZ.js +282 -0
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/catalog-CqKiUgu6.js +185 -0
package/dist/catalog-DMfEg-oK.js +185 -0
package/dist/channel-options-BrtCtyrT.js +32 -0
package/dist/channel-options-CO21Gl8p.js +33 -0
package/dist/channel-selection-Bbm1lq3P.js +51 -0
package/dist/channel-selection-CqcX7Ocw.js +51 -0
package/dist/channel-web-DrsT6OAE.js +2162 -0
package/dist/channels-cli-Juyh1S6n.js +1304 -0
package/dist/channels-cli-zNvi1m5c.js +1306 -0
package/dist/channels-status-issues-CqzqshW4.js +18 -0
package/dist/channels-status-issues-DdJdO866.js +18 -0
package/dist/chrome-C4dOMO8z.js +1601 -0
package/dist/chrome-DdcDzAtH.js +1629 -0
package/dist/chrome-U3DRzjJD.js +1601 -0
package/dist/chunk-D2nLsrEW.js +348 -0
package/dist/clack-prompter-BI3RDW5w.js +92 -0
package/dist/clack-prompter-Dwr1m_IZ.js +92 -0
package/dist/cli/daemon-cli.js +1 -1
package/dist/cli-C3cpDaz8.js +99 -0
package/dist/cli-CjWUGdGC.js +101 -0
package/dist/cli-session-BVjY_XrW.js +5463 -0
package/dist/cli-session-gtuYN2Iq.js +5408 -0
package/dist/client-Dswwze5_.js +1692 -0
package/dist/client-LRKFjo4A.js +1692 -0
package/dist/clipboard-BZKS9O1u.js +31 -0
package/dist/clipboard-DES8b1AM.js +31 -0
package/dist/command-format-CP1YTNCl.js +52 -0
package/dist/command-format-CVL4K5cj.js +52 -0
package/dist/command-format-G6N2zghg.js +38 -0
package/dist/command-registry-BBvNvysr.js +248 -0
package/dist/commands-AZ3n8Y2c.js +726 -0
package/dist/commands-BMnD_QRY.js +726 -0
package/dist/commands-registry-cFqZ6Ib4.js +766 -0
package/dist/commands-registry-q13H7ng5.js +766 -0
package/dist/common-CX5458fH.js +287 -0
package/dist/common-DJbnT8ws.js +287 -0
package/dist/completion-cli-BADRBcIl.js +432 -0
package/dist/completion-cli-DMQgiObF.js +431 -0
package/dist/config-CU-Axg8P.js +5704 -0
package/dist/config-DaqbUdkI.js +5705 -0
package/dist/config-cli-BPlbwiuA.js +244 -0
package/dist/config-cli-DXgZJkPU.js +247 -0
package/dist/config-guard-Ba49JNds.js +76 -0
package/dist/config-guard-Cu0qMKZJ.js +93 -0
package/dist/config-kVVm5EYV.js +6523 -0
package/dist/config-sync-CzLnLTXt.js +91 -0
package/dist/config-sync-DuydxPWx.js +91 -0
package/dist/configure-CHgacLyi.js +960 -0
package/dist/configure-DfHXDa1L.js +959 -0
package/dist/context-DzgXOckU.js +60 -0
package/dist/control-service-8_wKHwBa.js +72 -0
package/dist/control-service-BtL1Jto_.js +72 -0
package/dist/cron-cli-BCzSR2c0.js +448 -0
package/dist/cron-cli-CCWNkykU.js +451 -0
package/dist/daemon-cli-Bjkbu9Vy.js +565 -0
package/dist/daemon-cli-CmlHcC1J.js +566 -0
package/dist/daemon-cli.js +16 -16
package/dist/daemon-runtime-C0tz7VAC.js +460 -0
package/dist/daemon-runtime-rUTqCVwJ.js +460 -0
package/dist/deliver-BBggsviM.js +1097 -0
package/dist/deliver-CePITOl8.js +1162 -0
package/dist/deliver-DFnVaetP.js +1097 -0
package/dist/delivery-queue-BJQK3oh5.js +220 -0
package/dist/deps-CeEKhrp7.js +42 -0
package/dist/devices-cli-DQrDMrZH.js +198 -0
package/dist/devices-cli-Oe-A1Dv0.js +195 -0
package/dist/diagnostics-DxMFrBLO.js +35 -0
package/dist/diagnostics-m79ZlMmZ.js +35 -0
package/dist/directory-cli-BL6h8cGF.js +246 -0
package/dist/directory-cli-Cjgmi_sj.js +243 -0
package/dist/dispatcher-DAFbQM-c.js +100 -0
package/dist/dispatcher-DNd40gUn.js +100 -0
package/dist/dist-CqDI82ei.js +929 -0
package/dist/dist-DnHRxR5U.js +929 -0
package/dist/dns-cli-CFtV3BXK.js +200 -0
package/dist/dns-cli-NyIHvQ5S.js +197 -0
package/dist/dock-BdXLb5oY.js +753 -0
package/dist/dock-jYICmNcI.js +753 -0
package/dist/docs-cli-CrOaIK_H.js +161 -0
package/dist/docs-cli-D_cmJDSr.js +159 -0
package/dist/doctor-BpGxKrBl.js +1815 -0
package/dist/doctor-D12wNQPU.js +1813 -0
package/dist/doctor-completion-DeOfofek.js +92 -0
package/dist/doctor-completion-DwjqdEcK.js +92 -0
package/dist/doctor-config-flow-BI3mpkbd.js +1232 -0
package/dist/doctor-config-flow-wMHheFkC.js +1232 -0
package/dist/engine-BCtL-AMw.js +563 -0
package/dist/engine-Bk_UT413.js +563 -0
package/dist/entry.js +5 -5
package/dist/env-v6411I8h.js +32 -0
package/dist/exec-B7sUS164.js +1167 -0
package/dist/exec-approvals-CroGJRUg.js +1221 -0
package/dist/exec-approvals-cli-BTxF_RsH.js +371 -0
package/dist/exec-approvals-cli-n1gyGwH2.js +368 -0
package/dist/exec-mhSykkaa.js +255 -0
package/dist/extensionAPI.js +3 -3
package/dist/frontmatter-BmHq0vRD.js +204 -0
package/dist/gateway-cli-DDBadlrS.js +19971 -0
package/dist/gateway-cli-IZNkOMBe.js +19972 -0
package/dist/gateway-rpc-Dtx8HN-n.js +28 -0
package/dist/gateway-rpc-L2PVSqGj.js +28 -0
package/dist/github-copilot-auth-DKyqDaGU.js +1418 -0
package/dist/github-copilot-auth-DXpOMSd3.js +1418 -0
package/dist/gmail-setup-utils-BKNczIJ9.js +428 -0
package/dist/gmail-setup-utils-co0ppccC.js +428 -0
package/dist/health-Bm8ZTvC3.js +1253 -0
package/dist/health-DUf1gt4E.js +1258 -0
package/dist/health-format-BksT6F68.js +208 -0
package/dist/health-format-uzh1xYLD.js +208 -0
package/dist/heartbeat-visibility-1TJb1Zao.js +98 -0
package/dist/heartbeat-visibility-CwodtdcX.js +98 -0
package/dist/help-format-C6cv_aZp.js +17 -0
package/dist/helpers-N-uSFKOn.js +10 -0
package/dist/hooks-cli-1POsXqOl.js +993 -0
package/dist/hooks-cli-BGjILbze.js +991 -0
package/dist/hooks-status-DE07n5RC.js +356 -0
package/dist/hooks-status-Du-d1jde.js +356 -0
package/dist/image-ops-B_AYV3tp.js +541 -0
package/dist/image-ops-Bp0C6Mvr.js +541 -0
package/dist/index.js +82 -82
package/dist/init-9A0s7bWG.js +122 -0
package/dist/init-DoyCHJDC.js +122 -0
package/dist/installs-D1C9wHAq.js +383 -0
package/dist/installs-Dh4dHayM.js +383 -0
package/dist/ipv4-DCItfaJo.js +1964 -0
package/dist/ipv4-DSOUVx0i.js +1964 -0
package/dist/lanes-BvSnHq2h.js +232 -0
package/dist/lifecycle-core-BY4WIf9g.js +388 -0
package/dist/lifecycle-core-TQKyXO-6.js +387 -0
package/dist/links-CNu_8RZl.js +15 -0
package/dist/links-D2tt2ouh.js +15 -0
package/dist/llm-slug-generator.js +4 -4
package/dist/logging-BIeRw0WR.js +15 -0
package/dist/logging-C7lb3Vjc.js +15 -0
package/dist/login-DXWKewA2.js +59 -0
package/dist/login-Fhh4uWmf.js +61 -0
package/dist/login-pPs3UO38.js +61 -0
package/dist/login-qr-CevLD8cV.js +326 -0
package/dist/login-qr-GF2JMIy-.js +323 -0
package/dist/login-qr-ZYYKD6Yt.js +321 -0
package/dist/logs-cli-CzXbX8HZ.js +242 -0
package/dist/logs-cli-D9ngH9PF.js +245 -0
package/dist/manager-BD5rA3w0.js +3244 -0
package/dist/manager-BDPgBQSH.js +3246 -0
package/dist/manager-DRWMWM--.js +3244 -0
package/dist/manifest-registry-DbvPaBXY.js +748 -0
package/dist/manifest-registry-kHX_MFa1.js +748 -0
package/dist/markdown-tables-CqwihY2m.js +347 -0
package/dist/markdown-tables-DJV7eAJZ.js +348 -0
package/dist/media-lUqN-0O9.js +1342 -0
package/dist/memory-cli-BLXSpgnN.js +868 -0
package/dist/memory-cli-BcGVkkRJ.js +869 -0
package/dist/message-channel-D_jIO87f.js +110 -0
package/dist/migrate-BpVOar4L.js +157 -0
package/dist/migrate-CkgGDkWy.js +157 -0
package/dist/model-selection-Cqt6aJ0G.js +2691 -0
package/dist/models-CExsNQPH.js +2510 -0
package/dist/models-cli-Ba3Jmwev.js +2739 -0
package/dist/models-cli-iDAlsbL2.js +258 -0
package/dist/net-0A_zcaQD.js +218 -0
package/dist/node-cli-ATmwCXIk.js +1319 -0
package/dist/node-cli-DYFR_V25.js +1322 -0
package/dist/node-service-CN4LqR1A.js +67 -0
package/dist/node-service-CWt3MdSC.js +67 -0
package/dist/nodes-cli-BeVmhTz3.js +1197 -0
package/dist/nodes-cli-QeJIfa18.js +1200 -0
package/dist/nodes-screen-DHyWAlla.js +234 -0
package/dist/nodes-screen-qs3jRBPk.js +234 -0
package/dist/note-CSlg2BnB.js +73 -0
package/dist/note-Ctvglhp1.js +73 -0
package/dist/npm-registry-spec-DQd4M22q.js +351 -0
package/dist/npm-registry-spec-PxisIMts.js +351 -0
package/dist/onboard-DeruD10m.js +1166 -0
package/dist/onboard-SAcu5N6N.js +1165 -0
package/dist/onboard-channels-C4iSfFXR.js +672 -0
package/dist/onboard-channels-oVTVgoyg.js +672 -0
package/dist/onboard-helpers-B8roRwLP.js +365 -0
package/dist/onboard-helpers-Dgh26hgP.js +365 -0
package/dist/onboarding-Bi-ac8we.js +911 -0
package/dist/onboarding-C2gjB2u8.js +910 -0
package/dist/orchestrator-DlbAYMQP.js +357 -0
package/dist/orchestrator-DlwVRVDA.js +357 -0
package/dist/outbound-CkKgc6iR.js +2062 -0
package/dist/outbound-Vfm5yDh3.js +214 -0
package/dist/outbound-bs_VK51X.js +214 -0
package/dist/outbound-send-deps-DDjiMfEL.js +55 -0
package/dist/pairing-cli-CJYeuEik.js +118 -0
package/dist/pairing-cli-mqopHI8s.js +121 -0
package/dist/pairing-store-BsXzUDPv.js +388 -0
package/dist/pairing-store-DoNj00-X.js +388 -0
package/dist/path-env-C_xpiG8l.js +89 -0
package/dist/path-env-DSSMHu5A.js +89 -0
package/dist/paths-B1vRVCad.js +126 -0
package/dist/paths-BMuHNFxg.js +238 -0
package/dist/paths-BXQQzXGQ.js +129 -0
package/dist/paths-Buw_geoe.js +54 -0
package/dist/paths-DA9WYabg.js +222 -0
package/dist/paths-DfQGx0_k.js +129 -0
package/dist/pi-auth-json-DOPW3e4X.js +78 -0
package/dist/pi-auth-json-MruLmI_X.js +82 -0
package/dist/pi-auth-json-lae_wwwo.js +80 -0
package/dist/pi-model-discovery-7q0GxMrp.js +3 -0
package/dist/pi-tools.policy-Csmla32P.js +200 -0
package/dist/pi-tools.policy-xYdDLEv9.js +200 -0
package/dist/plugin-auto-enable-CViVVWgg.js +282 -0
package/dist/plugin-auto-enable-CjZ238UI.js +282 -0
package/dist/plugin-registry-B4Aw2hzq.js +32 -0
package/dist/plugin-registry-DW81arxW.js +32 -0
package/dist/plugin-sdk/cli/cli-name.d.ts +1 -1
package/dist/plugin-sdk/config/paths.d.ts +2 -2
package/dist/plugin-sdk/index.js +7 -7
package/dist/plugins-DhcGAPDB.js +38 -0
package/dist/plugins-DtghNRtM.js +168 -0
package/dist/plugins-cli-4vWTmOAb.js +736 -0
package/dist/plugins-cli-CdTMbP0X.js +734 -0
package/dist/polls-D6eCdatA.js +1343 -0
package/dist/ports-BtZx-JKD.js +96 -0
package/dist/ports-C8bKN8s0.js +96 -0
package/dist/ports-DHiKnPRX.js +344 -0
package/dist/ports-vd93M_Pt.js +317 -0
package/dist/program-CX3aUVeb.js +176 -0
package/dist/program-context-BPos0ivo.js +496 -0
package/dist/progress-oiAjiiNi.js +133 -0
package/dist/prompt-style-Cm4wOtKm.js +9 -0
package/dist/pw-ai-4QbK5YFe.js +1865 -0
package/dist/pw-ai-BWz3Cxt7.js +1868 -0
package/dist/pw-ai-C83HBue2.js +1867 -0
package/dist/qmd-manager-BcMeZiGD.js +938 -0
package/dist/qmd-manager-CPypGJ0P.js +935 -0
package/dist/qmd-manager-CRrSkfia.js +937 -0
package/dist/register.agent-DDY8KJhn.js +265 -0
package/dist/register.agent-DKawm-9d.js +1003 -0
package/dist/register.anima-CEWUo29k.js +193 -0
package/dist/register.anima-DBWz2rk_.js +193 -0
package/dist/register.configure-BX67qV8k.js +103 -0
package/dist/register.configure-CWsySuiq.js +101 -0
package/dist/register.maintenance-0k-ZNhDg.js +543 -0
package/dist/register.maintenance-BIwx1fzX.js +543 -0
package/dist/register.message-CXPsoakA.js +657 -0
package/dist/register.message-DA3jvfgI.js +660 -0
package/dist/register.onboard-C4HG7Hqv.js +170 -0
package/dist/register.onboard-GOpdif-j.js +170 -0
package/dist/register.setup-B17vZT7C.js +175 -0
package/dist/register.setup-GJyUDCqh.js +175 -0
package/dist/register.status-health-sessions-D5876dGx.js +313 -0
package/dist/register.status-health-sessions-lOewVIZR.js +142 -0
package/dist/register.subclis-Dwnujj5C.js +255 -0
package/dist/reply-CR5T_oQJ.js +32212 -0
package/dist/reply-prefix-BcrS4Umd.js +100 -0
package/dist/reply-prefix-Btb5o2NH.js +100 -0
package/dist/reply-r089HuRA.js +32212 -0
package/dist/routes-B4czFzIb.js +1820 -0
package/dist/routes-ucJWAk5O.js +1820 -0
package/dist/rpc-BnKxnQ0v.js +70 -0
package/dist/rpc-DgE-xnyx.js +70 -0
package/dist/run-main-B74kv84C.js +371 -0
package/dist/runtime-guard-CKFdts2L.js +60 -0
package/dist/sandbox-CJTS3er6.js +858 -0
package/dist/sandbox-DBSiVHt_.js +859 -0
package/dist/sandbox-cli-CrkjyU5M.js +461 -0
package/dist/sandbox-cli-D1r5y6Sz.js +458 -0
package/dist/security-cli-BZUdnkhn.js +462 -0
package/dist/security-cli-DS09ebvA.js +465 -0
package/dist/server-context-C0xZbYhg.js +824 -0
package/dist/server-context-DVh2z7om.js +824 -0
package/dist/server-node-events-bu9lpkMH.js +233 -0
package/dist/server-node-events-i1Rrww31.js +231 -0
package/dist/service-CJJwLEor.js +642 -0
package/dist/service-DxLxBhaU.js +642 -0
package/dist/service-audit-DB4Y3Ekp.js +488 -0
package/dist/service-audit-M8y4TXVb.js +488 -0
package/dist/session-CGxOLFs2.js +179 -0
package/dist/session-DTTbdKb0.js +181 -0
package/dist/session-cost-usage-FcdJl9c3.js +600 -0
package/dist/session-cost-usage-qdfsGU2a.js +600 -0
package/dist/session-yOhWcsD2.js +181 -0
package/dist/sessions-B-Cu7JZq.js +1296 -0
package/dist/sessions-BgLN4KFr.js +180 -0
package/dist/sessions-CnRjwdVr.js +1296 -0
package/dist/sessions-wRKla1Qh.js +2038 -0
package/dist/shared-DS3UaJSP.js +66 -0
package/dist/shared-DxNHzky3.js +77 -0
package/dist/shared-Qpt4hUDi.js +66 -0
package/dist/shared-kzrojZ1B.js +77 -0
package/dist/skill-scanner-DLJji5Ye.js +263 -0
package/dist/skills-BWFIEp4j.js +807 -0
package/dist/skills-DV4zKdCx.js +808 -0
package/dist/skills-cli-BY53ILm2.js +289 -0
package/dist/skills-cli-CO3gxl8A.js +286 -0
package/dist/skills-status-DX5pcqY3.js +166 -0
package/dist/skills-status-zhcKzGkp.js +166 -0
package/dist/sqlite-B6MojU1I.js +321 -0
package/dist/sqlite-CuprTGR7.js +453 -0
package/dist/sqlite-dzD-jMjs.js +368 -0
package/dist/start-Cu3aLoSf.js +297 -0
package/dist/start-Dz7tMAl8.js +296 -0
package/dist/status-CaSxhxfV.js +2132 -0
package/dist/status-D2C0JCX3.js +2137 -0
package/dist/status-DlFMsQzh.js +27 -0
package/dist/status-G0CITnKR.js +27 -0
package/dist/status.update-CHjhVxJY.js +79 -0
package/dist/status.update-DVFelehi.js +79 -0
package/dist/subagent-registry-3Xb4el-8.js +14 -0
package/dist/subagent-registry-CdSjz14I.js +2760 -0
package/dist/subagent-registry-DNDhbHWi.js +2759 -0
package/dist/subsystem-DfKstnEK.js +860 -0
package/dist/system-cli-B5mt0FWa.js +82 -0
package/dist/system-cli-Dg3UQ3Zz.js +79 -0
package/dist/systemd-B43AvOGx.js +452 -0
package/dist/systemd-RpPE0XGg.js +452 -0
package/dist/systemd-hints-DMJT-Bbc.js +36 -0
package/dist/systemd-hints-vRInKcz9.js +36 -0
package/dist/systemd-linger-Dzyxqsod.js +75 -0
package/dist/systemd-linger-EujbmI5A.js +75 -0
package/dist/table-DhXHfRX2.js +279 -0
package/dist/table-bWCLW-3P.js +279 -0
package/dist/timeout-Ddn-5kAO.js +232 -0
package/dist/tokens-3psI_Qk2.js +14 -0
package/dist/tokens-BaM53PEx.js +14 -0
package/dist/trash-Bmxs1Rnm.js +23 -0
package/dist/trash-C39a6hKA.js +23 -0
package/dist/tui-BHgBWhHE.js +3894 -0
package/dist/tui-cli-B9Sq5-cC.js +50 -0
package/dist/tui-cli-Dw7v4JoJ.js +47 -0
package/dist/tui-mUwDwqvd.js +3894 -0
package/dist/update-DF0GHG0j.js +317 -0
package/dist/update-DoZLVjva.js +317 -0
package/dist/update-check-Bt1dVPVN.js +400 -0
package/dist/update-check-D5qAKes7.js +400 -0
package/dist/update-cli-BNu2Oi7H.js +1105 -0
package/dist/update-cli-D36AmALA.js +1105 -0
package/dist/update-runner-CNQQaTwA.js +894 -0
package/dist/update-runner-CvxZmbu-.js +894 -0
package/dist/usage-BGCwNnjk.js +4516 -0
package/dist/utils-DZ8pnOD5.js +243 -0
package/dist/web-B5QG839O.js +46842 -0
package/dist/web-Cmnvk9v0.js +2203 -0
package/dist/web-Cv2KnTnL.js +63 -0
package/dist/webhooks-cli-B6y89Pj_.js +319 -0
package/dist/webhooks-cli-BDzHON4w.js +316 -0
package/dist/whatsapp-actions-C_5MwVxM.js +45 -0
package/dist/whatsapp-actions-hgYA12To.js +53 -0
package/dist/whatsapp-actions-zTiVOoOV.js +49 -0
package/dist/widearea-dns-BeIdnISJ.js +127 -0
package/dist/widearea-dns-CF1gxpJ-.js +127 -0
package/dist/workspace-DLna1IxR.js +649 -0
package/dist/ws-log-Q4wO1Ztb.js +267 -0
package/dist/ws-log-xF0kxDzp.js +267 -0
package/package.json +1 -2
package/dist/accounts-Cc5E4IDO.js +0 -260
package/dist/accounts-CcVrwKqv.js +0 -259
package/dist/acp-cli-DvphOKuh.js +0 -1081
package/dist/acp-cli-p28pQ65a.js +0 -1084
package/dist/agent-Cj7uDJaZ.js +0 -725
package/dist/agent-Cuj9-2sT.js +0 -725
package/dist/agent-events-BEBQsyE5.js +0 -182
package/dist/agent-scope-BVf4aSwY.js +0 -112
package/dist/agent-scope-OZi7lb8S.js +0 -452
package/dist/agent-scope-V1bi9OYL.js +0 -452
package/dist/agents-BUWqn_Ui.js +0 -774
package/dist/agents.config-Dvo2ULxs.js +0 -182
package/dist/agents.config-d6H0_3oj.js +0 -182
package/dist/argv-DqUHKf0o.js +0 -73
package/dist/audit-C6okOOSh.js +0 -2401
package/dist/audit-VWjIdwC7.js +0 -2401
package/dist/auth-91o2YM96.js +0 -648
package/dist/auth-choice-CAmACV13.js +0 -2681
package/dist/auth-choice-p3SeHPj2.js +0 -2681
package/dist/auth-health-B_jXrWe6.js +0 -149
package/dist/auth-health-DCicUKYR.js +0 -149
package/dist/auth-lZ26wsbN.js +0 -639
package/dist/auth-profiles-CCDD56dU.js +0 -1564
package/dist/auth-profiles-DxI8L7bs.js +0 -2689
package/dist/banner-Cohn04J6.js +0 -294
package/dist/browser-cli-DANzjztE.js +0 -1676
package/dist/browser-cli-WjsVH741.js +0 -1679
package/dist/call-BAHvlu2G.js +0 -282
package/dist/call-Ct7EGP_L.js +0 -282
package/dist/catalog-BAayBt1L.js +0 -185
package/dist/catalog-BNsf97BM.js +0 -185
package/dist/channel-options-Dx9nPlX8.js +0 -33
package/dist/channel-options-ZdvXrTGs.js +0 -32
package/dist/channel-selection-CujyiWGM.js +0 -51
package/dist/channel-selection-DfGpCyh2.js +0 -51
package/dist/channel-web-CC0hkgkR.js +0 -2162
package/dist/channels-cli-D7lNBpIb.js +0 -1304
package/dist/channels-cli-DUPG8WDv.js +0 -1306
package/dist/channels-status-issues-DBc1pU_R.js +0 -18
package/dist/channels-status-issues-DjO9MHIG.js +0 -18
package/dist/chrome-Bi6iZ5sG.js +0 -1601
package/dist/chrome-DNSv7Cpy.js +0 -1629
package/dist/chrome-DScZx4Lk.js +0 -1601
package/dist/chunk-mxPVo000.js +0 -348
package/dist/clack-prompter-B0kl7shw.js +0 -92
package/dist/clack-prompter-B1YxZdRy.js +0 -92
package/dist/cli-CfHUkOD0.js +0 -101
package/dist/cli-ClMrIh6l.js +0 -99
package/dist/cli-session-BkPTd9Pk.js +0 -5463
package/dist/cli-session-Dd8DKb5a.js +0 -5408
package/dist/client-C1avc0vD.js +0 -1692
package/dist/client-CC94YZrT.js +0 -1692
package/dist/clipboard-B2fBy8tG.js +0 -31
package/dist/clipboard-BbGnZskJ.js +0 -31
package/dist/command-format-Clp46jkj.js +0 -38
package/dist/command-format-DELazozB.js +0 -52
package/dist/command-format-SkzzRqR1.js +0 -52
package/dist/command-registry-DZ4hkmA0.js +0 -248
package/dist/commands-DtYZJSPn.js +0 -568
package/dist/commands-Dujk1JmY.js +0 -568
package/dist/commands-registry-Bd0xbvwG.js +0 -766
package/dist/commands-registry-DYfRSVF3.js +0 -766
package/dist/common-D6bu0zHC.js +0 -287
package/dist/common-zW9Y2P1B.js +0 -287
package/dist/completion-cli-tSe7Pmqm.js +0 -431
package/dist/completion-cli-vn4IScs5.js +0 -432
package/dist/config-C8rUDJXY.js +0 -5704
package/dist/config-CLZ_XGVw.js +0 -6523
package/dist/config-SY8M0kM_.js +0 -5705
package/dist/config-cli-1V7D2Wsw.js +0 -247
package/dist/config-cli-CjWEC81L.js +0 -244
package/dist/config-guard-BW2gpKj_.js +0 -93
package/dist/config-guard-BvxuzHpo.js +0 -76
package/dist/config-sync-CoIIbEOe.js +0 -91
package/dist/config-sync-DvAttep0.js +0 -91
package/dist/configure-Bf0oupCE.js +0 -959
package/dist/configure-DRM-7zFf.js +0 -960
package/dist/context-D5iEFzv9.js +0 -60
package/dist/control-service-C8m8F9pr.js +0 -72
package/dist/control-service-DKotCWCg.js +0 -72
package/dist/cron-cli-DB_FLYHD.js +0 -448
package/dist/cron-cli-bxm5lrrO.js +0 -451
package/dist/daemon-cli-1LsOnICv.js +0 -566
package/dist/daemon-cli-CC2NrJ7a.js +0 -565
package/dist/daemon-runtime-BXZhtBL9.js +0 -460
package/dist/daemon-runtime-DW4USC7r.js +0 -460
package/dist/deliver-B4HuPwJA.js +0 -1162
package/dist/deliver-LiY5oL52.js +0 -1097
package/dist/deliver-xrmk7xjh.js +0 -1097
package/dist/delivery-queue-TnQykYsg.js +0 -220
package/dist/deps-CMMOiOsF.js +0 -42
package/dist/devices-cli-Be5he2SA.js +0 -195
package/dist/devices-cli-z6ecoFe9.js +0 -198
package/dist/diagnostics-Dj75aEHN.js +0 -35
package/dist/diagnostics-DlIw6fqD.js +0 -35
package/dist/directory-cli-CEy-0nxj.js +0 -243
package/dist/directory-cli-DpzKcigr.js +0 -246
package/dist/dispatcher-10Shiuz3.js +0 -100
package/dist/dispatcher-3Jae6AiW.js +0 -100
package/dist/dns-cli-Bat1pkc-.js +0 -200
package/dist/dns-cli-NohNyEo0.js +0 -197
package/dist/dock-DbxBBv30.js +0 -753
package/dist/dock-cPBY4qGl.js +0 -753
package/dist/docs-cli-BWp6p-Tq.js +0 -161
package/dist/docs-cli-x22FnZfL.js +0 -159
package/dist/doctor-BrT5m_on.js +0 -1815
package/dist/doctor-Pp2HVnjM.js +0 -1813
package/dist/doctor-completion-DNTimX9o.js +0 -92
package/dist/doctor-completion-ylN9QAJ6.js +0 -92
package/dist/doctor-config-flow-D1w3700T.js +0 -1232
package/dist/doctor-config-flow-Dq50iE1R.js +0 -1232
package/dist/engine-B9avUJL5.js +0 -563
package/dist/engine-BiUQ25D4.js +0 -563
package/dist/env-0lJfCPsw.js +0 -32
package/dist/exec-BenD3A5l.js +0 -1167
package/dist/exec-Bv3pyjeM.js +0 -255
package/dist/exec-approvals-CdLmKX2R.js +0 -1221
package/dist/exec-approvals-cli-DXfV6G8H.js +0 -368
package/dist/exec-approvals-cli-J2cZs10o.js +0 -371
package/dist/frontmatter-YijVi0FQ.js +0 -204
package/dist/gateway-cli-DOAbA0pc.js +0 -19972
package/dist/gateway-cli-QpWtBhQy.js +0 -19971
package/dist/gateway-rpc-DJKBil9s.js +0 -28
package/dist/gateway-rpc-DVterpLP.js +0 -28
package/dist/github-copilot-auth-4IUFp669.js +0 -1418
package/dist/github-copilot-auth-C9E0IROs.js +0 -1418
package/dist/gmail-setup-utils-BPo_LkKI.js +0 -428
package/dist/gmail-setup-utils-D3Yqgor7.js +0 -428
package/dist/health-BeZnqp6m.js +0 -1258
package/dist/health-Cn2OoVWZ.js +0 -1253
package/dist/health-format-CdP99j3Y.js +0 -208
package/dist/health-format-JEChH08S.js +0 -208
package/dist/heartbeat-visibility-BL3WAchI.js +0 -98
package/dist/heartbeat-visibility-CQ9QimI7.js +0 -98
package/dist/help-format-Dl4bsrLI.js +0 -17
package/dist/helpers-ZKNRexvX.js +0 -10
package/dist/hooks-cli-D99hXt7K.js +0 -991
package/dist/hooks-cli-DMB8RiEO.js +0 -993
package/dist/hooks-status-B-e96dZj.js +0 -356
package/dist/hooks-status-C_9sE0ox.js +0 -356
package/dist/image-ops-Dlt3T7th.js +0 -541
package/dist/image-ops-omlvdfah.js +0 -541
package/dist/init-Bm04RagW.js +0 -122
package/dist/init-CaJBf4p1.js +0 -122
package/dist/installs-C2iMRBVz.js +0 -383
package/dist/installs-D-cPGdCw.js +0 -383
package/dist/ipv4-Bf7NS3QU.js +0 -1964
package/dist/ipv4-wWNs8IH_.js +0 -1964
package/dist/lanes-CNxj3tit.js +0 -232
package/dist/lifecycle-core-B_7XRcvF.js +0 -388
package/dist/lifecycle-core-By83PVAK.js +0 -387
package/dist/links-BfjHVTB_.js +0 -15
package/dist/links-DPGe0OHw.js +0 -15
package/dist/logging-DB6BQmhi.js +0 -15
package/dist/logging-mcb66J0p.js +0 -15
package/dist/login-BDCg6D0N.js +0 -61
package/dist/login-BDfnbjnZ.js +0 -59
package/dist/login-BqH1itcg.js +0 -61
package/dist/login-qr-CyOw3R4r.js +0 -321
package/dist/login-qr-D8ECtb72.js +0 -323
package/dist/login-qr-RnR7e4Bw.js +0 -326
package/dist/logs-cli--j89L74J.js +0 -245
package/dist/logs-cli-DpEMg_Gq.js +0 -242
package/dist/manager-B4OyvcxT.js +0 -3244
package/dist/manager-Cqc1CeH7.js +0 -3246
package/dist/manager-DUyQPFvj.js +0 -3244
package/dist/manifest-registry-CW1zCyRF.js +0 -748
package/dist/manifest-registry-D4lM2RdV.js +0 -748
package/dist/markdown-tables-BT1X6jqH.js +0 -347
package/dist/markdown-tables-DHgOK2vI.js +0 -348
package/dist/media-THyainiE.js +0 -1342
package/dist/memory-cli-BKocCWXM.js +0 -868
package/dist/memory-cli-Jmma-xI_.js +0 -869
package/dist/message-channel-dSTVVCyX.js +0 -110
package/dist/migrate-BR6iAIjO.js +0 -157
package/dist/migrate-D0EcMs0f.js +0 -157
package/dist/model-selection-YcSr9CgC.js +0 -2691
package/dist/models-1vUQBVfw.js +0 -2510
package/dist/models-cli-BK3BwUhL.js +0 -2739
package/dist/models-cli-DECrM8oA.js +0 -258
package/dist/net-B5lXhYLV.js +0 -218
package/dist/node-cli-cLHUNpPD.js +0 -1319
package/dist/node-cli-fO7Y132S.js +0 -1322
package/dist/node-service-BFxHJsno.js +0 -67
package/dist/node-service-DUnan4uK.js +0 -67
package/dist/nodes-cli-BCq35E6N.js +0 -1200
package/dist/nodes-cli-vD7MwAKP.js +0 -1197
package/dist/nodes-screen-1YiLkqr5.js +0 -234
package/dist/nodes-screen-DZeD8hE5.js +0 -234
package/dist/note-Bi8Wb8DV.js +0 -73
package/dist/note-uiuPxhyX.js +0 -73
package/dist/npm-registry-spec-B-XIShkB.js +0 -351
package/dist/npm-registry-spec-za3itb5Y.js +0 -351
package/dist/onboard-Ds6w_sWo.js +0 -1165
package/dist/onboard-SAVx3bp4.js +0 -1166
package/dist/onboard-channels-Cg_EkBa4.js +0 -672
package/dist/onboard-channels-D7NbA55V.js +0 -672
package/dist/onboard-helpers-DO_hgZb9.js +0 -365
package/dist/onboard-helpers-_XgJgeqh.js +0 -365
package/dist/onboarding-3hLmDd0r.js +0 -911
package/dist/onboarding-B4LKLsbU.js +0 -910
package/dist/orchestrator-BKzmyBWy.js +0 -357
package/dist/orchestrator-BN3QCz2s.js +0 -357
package/dist/outbound-BgA9hNlP.js +0 -2062
package/dist/outbound-CjdvVhUI.js +0 -214
package/dist/outbound-DOGe6qb2.js +0 -214
package/dist/outbound-send-deps-Du5aBpd7.js +0 -55
package/dist/pairing-cli-2vnyg_Nd.js +0 -118
package/dist/pairing-cli-BH1KQtNV.js +0 -121
package/dist/pairing-store-DJz_9Gv0.js +0 -388
package/dist/pairing-store-DmOzxcuk.js +0 -388
package/dist/path-env-Bu6k0jDQ.js +0 -89
package/dist/path-env-C0zQSjw8.js +0 -89
package/dist/paths-BTc4nk-6.js +0 -126
package/dist/paths-BgUi2Z2G.js +0 -54
package/dist/paths-C6VCWKo3.js +0 -238
package/dist/paths-CCxa0o9c.js +0 -222
package/dist/paths-CxRf2rBG.js +0 -129
package/dist/paths-hcX1Gqg5.js +0 -129
package/dist/pi-auth-json-B68R7q7_.js +0 -82
package/dist/pi-auth-json-CR0jXAgq.js +0 -78
package/dist/pi-auth-json-ZYzi3nxs.js +0 -80
package/dist/pi-model-discovery-Cxs4pvC2.js +0 -3
package/dist/pi-tools.policy-D81U5xy0.js +0 -200
package/dist/pi-tools.policy-DSHkkb5b.js +0 -200
package/dist/plugin-auto-enable-CxF4bpDN.js +0 -282
package/dist/plugin-auto-enable-jNaAeyEh.js +0 -282
package/dist/plugin-registry-C7XWotZG.js +0 -32
package/dist/plugin-registry-DcUCbGax.js +0 -32
package/dist/plugins-B362e77G.js +0 -168
package/dist/plugins-CmSUIUNi.js +0 -38
package/dist/plugins-cli-BsCEnoQ7.js +0 -734
package/dist/plugins-cli-QSIsMUG7.js +0 -736
package/dist/polls-CItfB1H8.js +0 -1343
package/dist/ports-BVLMN1Sr.js +0 -96
package/dist/ports-CqLSlU6Z.js +0 -317
package/dist/ports-D94CwCrv.js +0 -344
package/dist/ports-D_NHthOz.js +0 -96
package/dist/program-DkJHjI0R.js +0 -176
package/dist/program-context-DnyGM2SC.js +0 -496
package/dist/progress-Bek_GyWS.js +0 -133
package/dist/prompt-style-lu0clOOE.js +0 -9
package/dist/pw-ai-BLVMuSLv.js +0 -1867
package/dist/pw-ai-DZJWEF_f.js +0 -1865
package/dist/pw-ai-dzf-ptcn.js +0 -1868
package/dist/qmd-manager-Cur_Ekn0.js +0 -937
package/dist/qmd-manager-DNAUuwjK.js +0 -938
package/dist/qmd-manager-DepEoASu.js +0 -935
package/dist/register.agent-CSWvzOkR.js +0 -265
package/dist/register.agent-UeH2NXmH.js +0 -1003
package/dist/register.anima-DOdee0dh.js +0 -193
package/dist/register.anima-HHDWsz6r.js +0 -193
package/dist/register.configure-CSJFxdz9.js +0 -103
package/dist/register.configure-D84Fvcz4.js +0 -101
package/dist/register.maintenance-B3pvNbZb.js +0 -543
package/dist/register.maintenance-BKVOwkw6.js +0 -543
package/dist/register.message-BAO6CPl2.js +0 -657
package/dist/register.message-OXoOKE_6.js +0 -660
package/dist/register.onboard-BK_ixVmD.js +0 -170
package/dist/register.onboard-cfCaPx6j.js +0 -170
package/dist/register.setup-BGfDnzph.js +0 -175
package/dist/register.setup-Y-Q74M-0.js +0 -175
package/dist/register.status-health-sessions-CT14eitH.js +0 -142
package/dist/register.status-health-sessions-TfZMzAUn.js +0 -313
package/dist/register.subclis-BZwdlNHC.js +0 -255
package/dist/reply-mlsExaZm.js +0 -32212
package/dist/reply-prefix-B0CfR4bM.js +0 -100
package/dist/reply-prefix-w4a39ybC.js +0 -100
package/dist/reply-qalRISe_.js +0 -32212
package/dist/routes-CENsHJyg.js +0 -1820
package/dist/routes-DO0HqW2e.js +0 -1820
package/dist/rpc-C0pjNhBi.js +0 -70
package/dist/rpc-DZ44PIXE.js +0 -70
package/dist/run-main-BMpKw8Mp.js +0 -371
package/dist/runtime-guard-BSUFiAQV.js +0 -60
package/dist/sandbox-BIGfMYEI.js +0 -858
package/dist/sandbox-DxP3IpUP.js +0 -859
package/dist/sandbox-cli-DtLGH8sL.js +0 -461
package/dist/sandbox-cli-_Tg7lfJ_.js +0 -458
package/dist/security-cli-BRwgbedo.js +0 -462
package/dist/security-cli-D3bSuyZt.js +0 -465
package/dist/server-context-49XFFxFg.js +0 -824
package/dist/server-context-LrlgrZzS.js +0 -824
package/dist/server-node-events-Dm52i7NW.js +0 -231
package/dist/server-node-events-QX523UyF.js +0 -233
package/dist/service-BNVpYcQe.js +0 -642
package/dist/service-D56aMXUB.js +0 -642
package/dist/service-audit-D0X_XAB2.js +0 -488
package/dist/service-audit-qmf6XMmP.js +0 -488
package/dist/session-CrQQLLhx.js +0 -179
package/dist/session-LocsOOWJ.js +0 -181
package/dist/session-Vlce2BAT.js +0 -181
package/dist/session-cost-usage-BwiTZuKl.js +0 -600
package/dist/session-cost-usage-DT9YNXTJ.js +0 -600
package/dist/sessions-BfV53TbG.js +0 -1296
package/dist/sessions-BimpX_km.js +0 -180
package/dist/sessions-DcXpzig0.js +0 -1296
package/dist/sessions-Wd18dukK.js +0 -2038
package/dist/shared-Bsr69u_7.js +0 -77
package/dist/shared-Cgly1vPb.js +0 -66
package/dist/shared-JOo05hST.js +0 -66
package/dist/shared-f7dvQsi7.js +0 -77
package/dist/skill-scanner-CkaVLABv.js +0 -263
package/dist/skills-B-G7UHOa.js +0 -808
package/dist/skills-B5LQx4lT.js +0 -807
package/dist/skills-cli-DUGe2ZWW.js +0 -286
package/dist/skills-cli-DtOk0bvK.js +0 -289
package/dist/skills-status-Clq9ZnYu.js +0 -166
package/dist/skills-status-JQluhU-P.js +0 -166
package/dist/sqlite-BukcjdJa.js +0 -321
package/dist/sqlite-CGcOZZ0C.js +0 -368
package/dist/sqlite-Ck6f9KWc.js +0 -453
package/dist/start--xmSFepB.js +0 -372
package/dist/start-BdlZbqrr.js +0 -371
package/dist/status-BgoeFm6g.js +0 -2137
package/dist/status-BjjDrUq7.js +0 -27
package/dist/status-Ct0DgOZ-.js +0 -2132
package/dist/status-RA_uNmK0.js +0 -27
package/dist/status.update-BjOH3GlS.js +0 -79
package/dist/status.update-DLU1qBf0.js +0 -79
package/dist/subagent-registry-9RLdKxES.js +0 -2760
package/dist/subagent-registry-Byuex3zp.js +0 -2759
package/dist/subagent-registry-DOBunBYS.js +0 -14
package/dist/subsystem-Dowf8fSU.js +0 -860
package/dist/system-cli-C5oBpzni.js +0 -79
package/dist/system-cli-DXNKD_Id.js +0 -82
package/dist/systemd-BSrHDyeU.js +0 -452
package/dist/systemd-By5xdSB4.js +0 -452
package/dist/systemd-hints-BtjL_5Rh.js +0 -36
package/dist/systemd-hints-sJmr6cjb.js +0 -36
package/dist/systemd-linger-CTmV2Gci.js +0 -75
package/dist/systemd-linger-CmyqQkeC.js +0 -75
package/dist/table-BL0lJzsm.js +0 -279
package/dist/table-DoiRPsn0.js +0 -279
package/dist/timeout-CswI_K-U.js +0 -232
package/dist/tokens-C-X7wDKj.js +0 -14
package/dist/tokens-DkvqA72p.js +0 -14
package/dist/trash-BJLK1vMn.js +0 -23
package/dist/trash-_x5UZ94k.js +0 -23
package/dist/tui-BHjxDFZC.js +0 -3894
package/dist/tui-CgOocwN8.js +0 -3894
package/dist/tui-cli-5ANH8dE5.js +0 -47
package/dist/tui-cli-BQ4P-JW_.js +0 -50
package/dist/update-LFgxHHPd.js +0 -317
package/dist/update-TxptCqk7.js +0 -317
package/dist/update-check-CWc7YXmc.js +0 -400
package/dist/update-check-IhlWaui6.js +0 -400
package/dist/update-cli-PtXU62w7.js +0 -1105
package/dist/update-cli-Va0EtETG.js +0 -1105
package/dist/update-runner-BLeKFkiB.js +0 -894
package/dist/update-runner-Iuzpc-_y.js +0 -894
package/dist/usage-ApGvBLVg.js +0 -4516
package/dist/utils-Bsw__U-F.js +0 -243
package/dist/web-B6_Ky60G.js +0 -63
package/dist/web-EZLQEWXY.js +0 -46842
package/dist/web-pec8YJUX.js +0 -2203
package/dist/webhooks-cli-BYQKTHTp.js +0 -319
package/dist/webhooks-cli-C2_xtsUQ.js +0 -316
package/dist/whatsapp-actions-C72VCq8f.js +0 -49
package/dist/whatsapp-actions-Ck9Uv0Nw.js +0 -45
package/dist/whatsapp-actions-D0reTj2k.js +0 -53
package/dist/widearea-dns-B6ocX23x.js +0 -127
package/dist/widearea-dns-NsEUNYwz.js +0 -127
package/dist/workspace-Dcfoy5JJ.js +0 -649
package/dist/ws-log-N8R5MvGE.js +0 -267
package/dist/ws-log-gwFxPxj5.js +0 -267
/package/dist/{auto-update-CUeF99gI.js → auto-update-CpF0fycd.js} +0 -0
/package/dist/{auto-update-cgkp9ZTJ.js → auto-update-DNWdO7uF.js} +0 -0
/package/dist/{brew-CVZkr0GU.js → brew-nqf_MiE4.js} +0 -0
/package/dist/{budget-DxYQSekw.js → budget-CPedI-qW.js} +0 -0
/package/dist/{budget-BWBp8Res.js → budget-CRpvqDRX.js} +0 -0
/package/dist/{cli-utils-DtAxdCte.js → cli-utils-C1YHVD4o.js} +0 -0
/package/dist/{command-options-CSbuuqHr.js → command-options-BbponVnw.js} +0 -0
/package/dist/{command-options-Cp1tf96a.js → command-options-s0gnvXnS.js} +0 -0
/package/dist/{constants-O8yBqCBv.js → constants-Dhb6zSIV.js} +0 -0
/package/dist/{dangerous-tools-5ObDWy1N.js → dangerous-tools-DGTtJ_JR.js} +0 -0
/package/dist/{dangerous-tools-Jwr7jqNw.js → dangerous-tools-DxrfTOfT.js} +0 -0
/package/dist/{delivery-queue-B6IHz4Ry.js → delivery-queue-Bxm0nzw7.js} +0 -0
/package/dist/{display-BDOsXu8F.js → display-Jy3UdGzA.js} +0 -0
/package/dist/{errors-CHow2wtt.js → errors-CKaCqKga.js} +0 -0
/package/dist/{exec-BizYYQgP.js → exec-DDmuVVNq.js} +0 -0
/package/dist/{format-Mq6iU0_5.js → format-ByEjgyTF.js} +0 -0
/package/dist/{format-duration-DhWzz_5b.js → format-duration-Aaj5tjJd.js} +0 -0
/package/dist/{format-relative-C6kUHuOj.js → format-relative-79_Y1n2Y.js} +0 -0
/package/dist/{help-format-DUBI91Ti.js → help-format-BMKzarov.js} +0 -0
/package/dist/{helpers-eJFa4K6r.js → helpers-DpEB9Mh0.js} +0 -0
/package/dist/{helpers-DLgbkcEn.js → helpers-FMld9sBT.js} +0 -0
/package/dist/{input-provenance-DJBdpeKk.js → input-provenance-Cy_KnBlP.js} +0 -0
/package/dist/{is-main-Dt9DTcH1.js → is-main-yjaVwMtJ.js} +0 -0
/package/dist/{loader-l2OBdJ8x.js → loader-Br7Vr0zn.js} +0 -0
/package/dist/{loader-BoYxRfcW.js → loader-CkmOrXcC.js} +0 -0
/package/dist/{logging-BdnOSVPD.js → logging-CY-Q5cwf.js} +0 -0
/package/dist/{message-channel-w4F2b2F6.js → message-channel-dua8OOGJ.js} +0 -0
/package/dist/{mime-B1ZoR53M.js → mime-CBg4KybI.js} +0 -0
/package/dist/{model-param-b-DPwyNGn8.js → model-param-b-DW9f0NN8.js} +0 -0
/package/dist/{node-match-8XZnaid6.js → node-match-BV8bTBd4.js} +0 -0
/package/dist/{normalize-GDK8JTNW.js → normalize-_lmlBOW9.js} +0 -0
/package/dist/{openclaw-root-C85WMnVV.js → openclaw-root-JPvmPTf7.js} +0 -0
/package/dist/{outbound-send-deps-ANnAhImn.js → outbound-send-deps-BfUvuWGa.js} +0 -0
/package/dist/{parse-6-2MDhdT.js → parse-CZRwKocn.js} +0 -0
/package/dist/{parse-log-line-Bqh1SSzC.js → parse-log-line-CvrZEK6A.js} +0 -0
/package/dist/{parse-log-line-DUZCjXbl.js → parse-log-line-mLdat0AH.js} +0 -0
/package/dist/{parse-port-BKB9Exlg.js → parse-port-BSOOdo7I.js} +0 -0
/package/dist/{parse-port-DrfvwwiL.js → parse-port-Y0NK62x1.js} +0 -0
/package/dist/{parse-timeout-Di_tcEmi.js → parse-timeout-DVPQ3n9j.js} +0 -0
/package/dist/{paths-DcVEkYX5.js → paths-DHjlJ6cn.js} +0 -0
/package/dist/{pi-model-discovery-DsRqYJLy.js → pi-model-discovery-DzEIEgHL.js} +0 -0
/package/dist/{plugins-CDJw924T.js → plugins-D6PBOdkn.js} +0 -0
/package/dist/{program-context-Bvn8046-.js → program-context-Q1hkT73c.js} +0 -0
/package/dist/{progress-CbZ2D53A.js → progress-C9Ha1NJh.js} +0 -0
/package/dist/{prompt-style-DKy6qQxR.js → prompt-style-DQi8j03a.js} +0 -0
/package/dist/{prompts-BI__va99.js → prompts-BEHxUC3w.js} +0 -0
/package/dist/{prompts-_dDWkCAz.js → prompts-CSOhuiqe.js} +0 -0
/package/dist/{queue-D_u34pbL.js → queue-BJGo7kAB.js} +0 -0
/package/dist/{queue-PG591iID.js → queue-DYgUbdoq.js} +0 -0
/package/dist/{redact-ClVwO7Nn.js → redact-CyKvdFrg.js} +0 -0
/package/dist/{registry-Bs_DJK9E.js → registry-C5MAYD4V.js} +0 -0
/package/dist/{registry-D_zlP1U-.js → registry-CRrXXVs0.js} +0 -0
/package/dist/{requirements-BzZxj2Wu.js → requirements-CGkxTCu4.js} +0 -0
/package/dist/{requirements-DIW1svgA.js → requirements-CIDaOcbO.js} +0 -0
/package/dist/{runtime-guard-DeOXA_86.js → runtime-guard-nL3Lp8T-.js} +0 -0
/package/dist/{secret-equal-Dghy3xsA.js → secret-equal-DJpmLXlG.js} +0 -0
/package/dist/{send-BhAfdGII.js → send-CTcxgDDU.js} +0 -0
/package/dist/{send-ga9udK1_.js → send-DPezUR3-.js} +0 -0
/package/dist/{send-C2t9xpXI.js → send-DZQTaG7-.js} +0 -0
/package/dist/{send-DigO-i9j.js → send-VDff2gra.js} +0 -0
/package/dist/{send-Dz2BDHll.js → send-bgQNV8d1.js} +0 -0
/package/dist/{session-key-BGiG_JcT.js → session-key-CQT-NR6w.js} +0 -0
/package/dist/{shell-argv-CAq1mLa2.js → shell-argv-n9IueeJQ.js} +0 -0
/package/dist/{skill-scanner-Coo4QoCd.js → skill-scanner-o6NgVMD9.js} +0 -0
/package/dist/{status-CMnlcBVc.js → status-C53kTIXF.js} +0 -0
/package/dist/{status-tDZPwewW.js → status-CZDDA_Sy.js} +0 -0
/package/dist/{system-run-command-X9lDJIy0.js → system-run-command-BCjUffN9.js} +0 -0
/package/dist/{system-run-command-DGk7dwQP.js → system-run-command-CqAqKL9K.js} +0 -0
/package/dist/{tailnet-CuiNECdL.js → tailnet-Ciwjv243.js} +0 -0
/package/dist/{templates-CeYJjVzw.js → templates-37RKpACb.js} +0 -0
/package/dist/{templates-I3Z0xplD.js → templates-DPalk30o.js} +0 -0
/package/dist/{thinking-BXEswx1X.js → thinking-2hxwmvTl.js} +0 -0
/package/dist/{transcript-events-C1hdue6u.js → transcript-events-Bp7fGnwv.js} +0 -0
/package/dist/{transcript-tools-DuyYOkUq.js → transcript-tools-D4Lbxlka.js} +0 -0
/package/dist/{usage-format-BAirWUSO.js → usage-format-6Uar63S0.js} +0 -0
/package/dist/{utils-C9sj30YY.js → utils-DT8uXjFS.js} +0 -0
/package/dist/{wsl-CqyuRvtM.js → wsl-CrPvx2kZ.js} +0 -0
/package/dist/{wsl-ymJYvc9Q.js → wsl-UvJ5dHah.js} +0 -0

package/dist/audit-C-UJhfdv.js ADDED Viewed

@@ -0,0 +1,2401 @@
+import { g as resolveStateDir, m as resolveOAuthDir, o as resolveConfigPath } from "./paths-BMuHNFxg.js";
+import { l as normalizeAgentId } from "./session-key-DxcgHezu.js";
+import { n as runExec } from "./exec-mhSykkaa.js";
+import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-CPphqq-U.js";
+import { t as formatCliCommand } from "./command-format-CVL4K5cj.js";
+import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, r as createConfigIO } from "./config-DaqbUdkI.js";
+import { a as MANIFEST_KEY, l as normalizePluginsConfig } from "./manifest-registry-kHX_MFa1.js";
+import { n as formatErrorMessage } from "./errors-Cojm0Kl7.js";
+import { _ as resolveToolProfilePolicy, c as resolveSandboxConfigForAgent, u as resolveSandboxToolPolicyForAgent } from "./sandbox-DBSiVHt_.js";
+import { i as resolveGatewayAuth } from "./auth-BNZsOHGF.js";
+import { a as resolveProfile, i as resolveBrowserConfig, m as resolveBrowserControlAuth } from "./server-context-C0xZbYhg.js";
+import { i as loadWorkspaceSkillEntries } from "./skills-DV4zKdCx.js";
+import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-D_jIO87f.js";
+import { n as listChannelPlugins, r as normalizeChannelId } from "./plugins-DhcGAPDB.js";
+import { i as readChannelAllowFromStore } from "./pairing-store-BsXzUDPv.js";
+import { t as GatewayClient } from "./client-LRKFjo4A.js";
+import { t as buildGatewayConnectionDetails } from "./call-BYDpTVCZ.js";
+import { n as isToolAllowedByPolicies } from "./pi-tools.policy-Csmla32P.js";
+import { n as DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "./dangerous-tools-DGTtJ_JR.js";
+import { t as resolveChannelDefaultAccountId } from "./helpers-DpEB9Mh0.js";
+import { n as extensionUsesSkippedScannerPath, r as isPathInside, t as scanDirectoryWithSummary } from "./skill-scanner-o6NgVMD9.js";
+import { t as inferParamBFromIdOrName } from "./model-param-b-DW9f0NN8.js";
+import os from "node:os";
+import path from "node:path";
+import JSON5 from "json5";
+import * as fs$1 from "node:fs/promises";
+import fs from "node:fs/promises";
+import { randomUUID } from "node:crypto";
+//#region src/gateway/probe.ts
+async function probeGateway(opts) {
+	const startedAt = Date.now();
+	const instanceId = randomUUID();
+	let connectLatencyMs = null;
+	let connectError = null;
+	let close = null;
+	return await new Promise((resolve) => {
+		let settled = false;
+		const settle = (result) => {
+			if (settled) return;
+			settled = true;
+			clearTimeout(timer);
+			client.stop();
+			resolve({
+				url: opts.url,
+				...result
+			});
+		};
+		const client = new GatewayClient({
+			url: opts.url,
+			token: opts.auth?.token,
+			password: opts.auth?.password,
+			clientName: GATEWAY_CLIENT_NAMES.CLI,
+			clientVersion: "dev",
+			mode: GATEWAY_CLIENT_MODES.PROBE,
+			instanceId,
+			onConnectError: (err) => {
+				connectError = formatErrorMessage(err);
+			},
+			onClose: (code, reason) => {
+				close = {
+					code,
+					reason
+				};
+			},
+			onHelloOk: async () => {
+				connectLatencyMs = Date.now() - startedAt;
+				try {
+					const [health, status, presence, configSnapshot] = await Promise.all([
+						client.request("health"),
+						client.request("status"),
+						client.request("system-presence"),
+						client.request("config.get", {})
+					]);
+					settle({
+						ok: true,
+						connectLatencyMs,
+						error: null,
+						close,
+						health,
+						status,
+						presence: Array.isArray(presence) ? presence : null,
+						configSnapshot
+					});
+				} catch (err) {
+					settle({
+						ok: false,
+						connectLatencyMs,
+						error: formatErrorMessage(err),
+						close,
+						health: null,
+						status: null,
+						presence: null,
+						configSnapshot: null
+					});
+				}
+			}
+		});
+		const timer = setTimeout(() => {
+			settle({
+				ok: false,
+				connectLatencyMs,
+				error: connectError ? `connect failed: ${connectError}` : "timeout",
+				close,
+				health: null,
+				status: null,
+				presence: null,
+				configSnapshot: null
+			});
+		}, Math.max(250, opts.timeoutMs));
+		client.start();
+	});
+}
+//#endregion
+//#region src/gateway/node-command-policy.ts
+const CANVAS_COMMANDS = [
+	"canvas.present",
+	"canvas.hide",
+	"canvas.navigate",
+	"canvas.eval",
+	"canvas.snapshot",
+	"canvas.a2ui.push",
+	"canvas.a2ui.pushJSONL",
+	"canvas.a2ui.reset"
+];
+const CAMERA_COMMANDS = ["camera.list"];
+const CAMERA_DANGEROUS_COMMANDS = ["camera.snap", "camera.clip"];
+const SCREEN_DANGEROUS_COMMANDS = ["screen.record"];
+const LOCATION_COMMANDS = ["location.get"];
+const DEVICE_COMMANDS = ["device.info", "device.status"];
+const CONTACTS_COMMANDS = ["contacts.search"];
+const CONTACTS_DANGEROUS_COMMANDS = ["contacts.add"];
+const CALENDAR_COMMANDS = ["calendar.events"];
+const CALENDAR_DANGEROUS_COMMANDS = ["calendar.add"];
+const REMINDERS_COMMANDS = ["reminders.list"];
+const REMINDERS_DANGEROUS_COMMANDS = ["reminders.add"];
+const PHOTOS_COMMANDS = ["photos.latest"];
+const MOTION_COMMANDS = ["motion.activity", "motion.pedometer"];
+const SMS_DANGEROUS_COMMANDS = ["sms.send"];
+const IOS_SYSTEM_COMMANDS = ["system.notify"];
+const SYSTEM_COMMANDS = [
+	"system.run",
+	"system.which",
+	"system.notify",
+	"browser.proxy"
+];
+const DEFAULT_DANGEROUS_NODE_COMMANDS = [
+	...CAMERA_DANGEROUS_COMMANDS,
+	...SCREEN_DANGEROUS_COMMANDS,
+	...CONTACTS_DANGEROUS_COMMANDS,
+	...CALENDAR_DANGEROUS_COMMANDS,
+	...REMINDERS_DANGEROUS_COMMANDS,
+	...SMS_DANGEROUS_COMMANDS
+];
+const PLATFORM_DEFAULTS = {
+	ios: [
+		...CANVAS_COMMANDS,
+		...CAMERA_COMMANDS,
+		...LOCATION_COMMANDS,
+		...DEVICE_COMMANDS,
+		...CONTACTS_COMMANDS,
+		...CALENDAR_COMMANDS,
+		...REMINDERS_COMMANDS,
+		...PHOTOS_COMMANDS,
+		...MOTION_COMMANDS,
+		...IOS_SYSTEM_COMMANDS
+	],
+	android: [
+		...CANVAS_COMMANDS,
+		...CAMERA_COMMANDS,
+		...LOCATION_COMMANDS,
+		...DEVICE_COMMANDS,
+		...CONTACTS_COMMANDS,
+		...CALENDAR_COMMANDS,
+		...REMINDERS_COMMANDS,
+		...PHOTOS_COMMANDS,
+		...MOTION_COMMANDS
+	],
+	macos: [
+		...CANVAS_COMMANDS,
+		...CAMERA_COMMANDS,
+		...LOCATION_COMMANDS,
+		...DEVICE_COMMANDS,
+		...CONTACTS_COMMANDS,
+		...CALENDAR_COMMANDS,
+		...REMINDERS_COMMANDS,
+		...PHOTOS_COMMANDS,
+		...MOTION_COMMANDS,
+		...SYSTEM_COMMANDS
+	],
+	linux: [...SYSTEM_COMMANDS],
+	windows: [...SYSTEM_COMMANDS],
+	unknown: [
+		...CANVAS_COMMANDS,
+		...CAMERA_COMMANDS,
+		...LOCATION_COMMANDS,
+		...SYSTEM_COMMANDS
+	]
+};
+function normalizePlatformId(platform, deviceFamily) {
+	const raw = (platform ?? "").trim().toLowerCase();
+	if (raw.startsWith("ios")) return "ios";
+	if (raw.startsWith("android")) return "android";
+	if (raw.startsWith("mac")) return "macos";
+	if (raw.startsWith("darwin")) return "macos";
+	if (raw.startsWith("win")) return "windows";
+	if (raw.startsWith("linux")) return "linux";
+	const family = (deviceFamily ?? "").trim().toLowerCase();
+	if (family.includes("iphone") || family.includes("ipad") || family.includes("ios")) return "ios";
+	if (family.includes("android")) return "android";
+	if (family.includes("mac")) return "macos";
+	if (family.includes("windows")) return "windows";
+	if (family.includes("linux")) return "linux";
+	return "unknown";
+}
+function resolveNodeCommandAllowlist(cfg, node) {
+	const base = PLATFORM_DEFAULTS[normalizePlatformId(node?.platform, node?.deviceFamily)] ?? PLATFORM_DEFAULTS.unknown;
+	const extra = cfg.gateway?.nodes?.allowCommands ?? [];
+	const deny = new Set(cfg.gateway?.nodes?.denyCommands ?? []);
+	const allow = new Set([...base, ...extra].map((cmd) => cmd.trim()).filter(Boolean));
+	for (const blocked of deny) {
+		const trimmed = blocked.trim();
+		if (trimmed) allow.delete(trimmed);
+	}
+	return allow;
+}
+function isNodeCommandAllowed(params) {
+	const command = params.command.trim();
+	if (!command) return {
+		ok: false,
+		reason: "command required"
+	};
+	if (!params.allowlist.has(command)) return {
+		ok: false,
+		reason: "command not allowlisted"
+	};
+	if (Array.isArray(params.declaredCommands) && params.declaredCommands.length > 0) {
+		if (!params.declaredCommands.includes(command)) return {
+			ok: false,
+			reason: "command not declared by node"
+		};
+	} else return {
+		ok: false,
+		reason: "node did not declare commands"
+	};
+	return { ok: true };
+}
+//#endregion
+//#region src/gateway/probe-auth.ts
+function resolveGatewayProbeAuth(params) {
+	const env = params.env ?? process.env;
+	const authToken = params.cfg.gateway?.auth?.token;
+	const authPassword = params.cfg.gateway?.auth?.password;
+	const remote = params.cfg.gateway?.remote;
+	return {
+		token: params.mode === "remote" ? typeof remote?.token === "string" && remote.token.trim() ? remote.token.trim() : void 0 : env.ANIMA_GATEWAY_TOKEN?.trim() || (typeof authToken === "string" && authToken.trim() ? authToken.trim() : void 0),
+		password: env.ANIMA_GATEWAY_PASSWORD?.trim() || (params.mode === "remote" ? typeof remote?.password === "string" && remote.password.trim() ? remote.password.trim() : void 0 : typeof authPassword === "string" && authPassword.trim() ? authPassword.trim() : void 0)
+	};
+}
+//#endregion
+//#region src/config/commands.ts
+function resolveAutoDefault(providerId) {
+	const id = normalizeChannelId(providerId);
+	if (!id) return false;
+	if (id === "discord" || id === "telegram") return true;
+	if (id === "slack") return false;
+	return false;
+}
+function resolveNativeSkillsEnabled(params) {
+	const { providerId, providerSetting, globalSetting } = params;
+	const setting = providerSetting === void 0 ? globalSetting : providerSetting;
+	if (setting === true) return true;
+	if (setting === false) return false;
+	return resolveAutoDefault(providerId);
+}
+function resolveNativeCommandsEnabled(params) {
+	const { providerId, providerSetting, globalSetting } = params;
+	const setting = providerSetting === void 0 ? globalSetting : providerSetting;
+	if (setting === true) return true;
+	if (setting === false) return false;
+	return resolveAutoDefault(providerId);
+}
+//#endregion
+//#region src/security/audit-channel.ts
+function normalizeAllowFromList$1(list) {
+	if (!Array.isArray(list)) return [];
+	return list.map((v) => String(v).trim()).filter(Boolean);
+}
+function normalizeTelegramAllowFromEntry(raw) {
+	return (typeof raw === "string" ? raw : typeof raw === "number" ? String(raw) : "").trim().replace(/^(telegram|tg):/i, "").trim();
+}
+function isNumericTelegramUserId(raw) {
+	return /^\d+$/.test(raw);
+}
+function classifyChannelWarningSeverity(message) {
+	const s = message.toLowerCase();
+	if (s.includes("dms: open") || s.includes("grouppolicy=\"open\"") || s.includes("dmpolicy=\"open\"")) return "critical";
+	if (s.includes("allows any") || s.includes("anyone can dm") || s.includes("public")) return "critical";
+	if (s.includes("locked") || s.includes("disabled")) return "info";
+	return "warn";
+}
+async function collectChannelSecurityFindings(params) {
+	const findings = [];
+	const coerceNativeSetting = (value) => {
+		if (value === true) return true;
+		if (value === false) return false;
+		if (value === "auto") return "auto";
+	};
+	const warnDmPolicy = async (input) => {
+		const policyPath = input.policyPath ?? `${input.allowFromPath}policy`;
+		const configAllowFrom = normalizeAllowFromList$1(input.allowFrom);
+		const hasWildcard = configAllowFrom.includes("*");
+		const dmScope = params.cfg.session?.dmScope ?? "main";
+		const storeAllowFrom = await readChannelAllowFromStore(input.provider).catch(() => []);
+		const normalizeEntry = input.normalizeEntry ?? ((value) => value);
+		const normalizedCfg = configAllowFrom.filter((value) => value !== "*").map((value) => normalizeEntry(value)).map((value) => value.trim()).filter(Boolean);
+		const normalizedStore = storeAllowFrom.map((value) => normalizeEntry(value)).map((value) => value.trim()).filter(Boolean);
+		const allowCount = Array.from(new Set([...normalizedCfg, ...normalizedStore])).length;
+		const isMultiUserDm = hasWildcard || allowCount > 1;
+		if (input.dmPolicy === "open") {
+			const allowFromKey = `${input.allowFromPath}allowFrom`;
+			findings.push({
+				checkId: `channels.${input.provider}.dm.open`,
+				severity: "critical",
+				title: `${input.label} DMs are open`,
+				detail: `${policyPath}="open" allows anyone to DM the bot.`,
+				remediation: `Use pairing/allowlist; if you really need open DMs, ensure ${allowFromKey} includes "*".`
+			});
+			if (!hasWildcard) findings.push({
+				checkId: `channels.${input.provider}.dm.open_invalid`,
+				severity: "warn",
+				title: `${input.label} DM config looks inconsistent`,
+				detail: `"open" requires ${allowFromKey} to include "*".`
+			});
+		}
+		if (input.dmPolicy === "disabled") {
+			findings.push({
+				checkId: `channels.${input.provider}.dm.disabled`,
+				severity: "info",
+				title: `${input.label} DMs are disabled`,
+				detail: `${policyPath}="disabled" ignores inbound DMs.`
+			});
+			return;
+		}
+		if (dmScope === "main" && isMultiUserDm) findings.push({
+			checkId: `channels.${input.provider}.dm.scope_main_multiuser`,
+			severity: "warn",
+			title: `${input.label} DMs share the main session`,
+			detail: "Multiple DM senders currently share the main session, which can leak context across users.",
+			remediation: "Run: " + formatCliCommand("anima config set session.dmScope \"per-channel-peer\"") + " (or \"per-account-channel-peer\" for multi-account channels) to isolate DM sessions per sender."
+		});
+	};
+	for (const plugin of params.plugins) {
+		if (!plugin.security) continue;
+		const accountIds = plugin.config.listAccountIds(params.cfg);
+		const defaultAccountId = resolveChannelDefaultAccountId({
+			plugin,
+			cfg: params.cfg,
+			accountIds
+		});
+		const account = plugin.config.resolveAccount(params.cfg, defaultAccountId);
+		if (!(plugin.config.isEnabled ? plugin.config.isEnabled(account, params.cfg) : true)) continue;
+		if (!(plugin.config.isConfigured ? await plugin.config.isConfigured(account, params.cfg) : true)) continue;
+		if (plugin.id === "discord") {
+			const discordCfg = account?.config ?? {};
+			const nativeEnabled = resolveNativeCommandsEnabled({
+				providerId: "discord",
+				providerSetting: coerceNativeSetting(discordCfg.commands?.native),
+				globalSetting: params.cfg.commands?.native
+			});
+			const nativeSkillsEnabled = resolveNativeSkillsEnabled({
+				providerId: "discord",
+				providerSetting: coerceNativeSetting(discordCfg.commands?.nativeSkills),
+				globalSetting: params.cfg.commands?.nativeSkills
+			});
+			if (nativeEnabled || nativeSkillsEnabled) {
+				const defaultGroupPolicy = params.cfg.channels?.defaults?.groupPolicy;
+				const groupPolicy = discordCfg.groupPolicy ?? defaultGroupPolicy ?? "allowlist";
+				const guildEntries = discordCfg.guilds ?? {};
+				const guildsConfigured = Object.keys(guildEntries).length > 0;
+				const hasAnyUserAllowlist = Object.values(guildEntries).some((guild) => {
+					if (!guild || typeof guild !== "object") return false;
+					const g = guild;
+					if (Array.isArray(g.users) && g.users.length > 0) return true;
+					const channels = g.channels;
+					if (!channels || typeof channels !== "object") return false;
+					return Object.values(channels).some((channel) => {
+						if (!channel || typeof channel !== "object") return false;
+						const c = channel;
+						return Array.isArray(c.users) && c.users.length > 0;
+					});
+				});
+				const dmAllowFromRaw = discordCfg.dm?.allowFrom;
+				const dmAllowFrom = Array.isArray(dmAllowFromRaw) ? dmAllowFromRaw : [];
+				const storeAllowFrom = await readChannelAllowFromStore("discord").catch(() => []);
+				const ownerAllowFromConfigured = normalizeAllowFromList$1([...dmAllowFrom, ...storeAllowFrom]).length > 0;
+				const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
+				if (!useAccessGroups && groupPolicy !== "disabled" && guildsConfigured && !hasAnyUserAllowlist) findings.push({
+					checkId: "channels.discord.commands.native.unrestricted",
+					severity: "critical",
+					title: "Discord slash commands are unrestricted",
+					detail: "commands.useAccessGroups=false disables sender allowlists for Discord slash commands unless a per-guild/channel users allowlist is configured; with no users allowlist, any user in allowed guild channels can invoke /… commands.",
+					remediation: "Set commands.useAccessGroups=true (recommended), or configure channels.discord.guilds.<id>.users (or channels.discord.guilds.<id>.channels.<channel>.users)."
+				});
+				else if (useAccessGroups && groupPolicy !== "disabled" && guildsConfigured && !ownerAllowFromConfigured && !hasAnyUserAllowlist) findings.push({
+					checkId: "channels.discord.commands.native.no_allowlists",
+					severity: "warn",
+					title: "Discord slash commands have no allowlists",
+					detail: "Discord slash commands are enabled, but neither an owner allowFrom list nor any per-guild/channel users allowlist is configured; /… commands will be rejected for everyone.",
+					remediation: "Add your user id to channels.discord.allowFrom (or approve yourself via pairing), or configure channels.discord.guilds.<id>.users."
+				});
+			}
+		}
+		if (plugin.id === "slack") {
+			const slackCfg = account?.config ?? {};
+			const nativeEnabled = resolveNativeCommandsEnabled({
+				providerId: "slack",
+				providerSetting: coerceNativeSetting(slackCfg.commands?.native),
+				globalSetting: params.cfg.commands?.native
+			});
+			const nativeSkillsEnabled = resolveNativeSkillsEnabled({
+				providerId: "slack",
+				providerSetting: coerceNativeSetting(slackCfg.commands?.nativeSkills),
+				globalSetting: params.cfg.commands?.nativeSkills
+			});
+			if (nativeEnabled || nativeSkillsEnabled || slackCfg.slashCommand?.enabled === true) if (!(params.cfg.commands?.useAccessGroups !== false)) findings.push({
+				checkId: "channels.slack.commands.slash.useAccessGroups_off",
+				severity: "critical",
+				title: "Slack slash commands bypass access groups",
+				detail: "Slack slash/native commands are enabled while commands.useAccessGroups=false; this can allow unrestricted /… command execution from channels/users you didn't explicitly authorize.",
+				remediation: "Set commands.useAccessGroups=true (recommended)."
+			});
+			else {
+				const allowFromRaw = account?.config?.allowFrom;
+				const legacyAllowFromRaw = account?.dm?.allowFrom;
+				const allowFrom = Array.isArray(allowFromRaw) ? allowFromRaw : Array.isArray(legacyAllowFromRaw) ? legacyAllowFromRaw : [];
+				const storeAllowFrom = await readChannelAllowFromStore("slack").catch(() => []);
+				const ownerAllowFromConfigured = normalizeAllowFromList$1([...allowFrom, ...storeAllowFrom]).length > 0;
+				const channels = slackCfg.channels ?? {};
+				const hasAnyChannelUsersAllowlist = Object.values(channels).some((value) => {
+					if (!value || typeof value !== "object") return false;
+					const channel = value;
+					return Array.isArray(channel.users) && channel.users.length > 0;
+				});
+				if (!ownerAllowFromConfigured && !hasAnyChannelUsersAllowlist) findings.push({
+					checkId: "channels.slack.commands.slash.no_allowlists",
+					severity: "warn",
+					title: "Slack slash commands have no allowlists",
+					detail: "Slack slash/native commands are enabled, but neither an owner allowFrom list nor any channels.<id>.users allowlist is configured; /… commands will be rejected for everyone.",
+					remediation: "Approve yourself via pairing (recommended), or set channels.slack.allowFrom and/or channels.slack.channels.<id>.users."
+				});
+			}
+		}
+		const dmPolicy = plugin.security.resolveDmPolicy?.({
+			cfg: params.cfg,
+			accountId: defaultAccountId,
+			account
+		});
+		if (dmPolicy) await warnDmPolicy({
+			label: plugin.meta.label ?? plugin.id,
+			provider: plugin.id,
+			dmPolicy: dmPolicy.policy,
+			allowFrom: dmPolicy.allowFrom,
+			policyPath: dmPolicy.policyPath,
+			allowFromPath: dmPolicy.allowFromPath,
+			normalizeEntry: dmPolicy.normalizeEntry
+		});
+		if (plugin.security.collectWarnings) {
+			const warnings = await plugin.security.collectWarnings({
+				cfg: params.cfg,
+				accountId: defaultAccountId,
+				account
+			});
+			for (const message of warnings ?? []) {
+				const trimmed = String(message).trim();
+				if (!trimmed) continue;
+				findings.push({
+					checkId: `channels.${plugin.id}.warning.${findings.length + 1}`,
+					severity: classifyChannelWarningSeverity(trimmed),
+					title: `${plugin.meta.label ?? plugin.id} security warning`,
+					detail: trimmed.replace(/^-\s*/, "")
+				});
+			}
+		}
+		if (plugin.id === "telegram") {
+			if (!(params.cfg.commands?.text !== false)) continue;
+			const telegramCfg = account?.config ?? {};
+			const defaultGroupPolicy = params.cfg.channels?.defaults?.groupPolicy;
+			const groupPolicy = telegramCfg.groupPolicy ?? defaultGroupPolicy ?? "allowlist";
+			const groups = telegramCfg.groups;
+			const groupsConfigured = Boolean(groups) && Object.keys(groups ?? {}).length > 0;
+			if (!(groupPolicy === "open" || groupPolicy === "allowlist" && groupsConfigured)) continue;
+			const storeAllowFrom = await readChannelAllowFromStore("telegram").catch(() => []);
+			const storeHasWildcard = storeAllowFrom.some((v) => String(v).trim() === "*");
+			const invalidTelegramAllowFromEntries = /* @__PURE__ */ new Set();
+			for (const entry of storeAllowFrom) {
+				const normalized = normalizeTelegramAllowFromEntry(entry);
+				if (!normalized || normalized === "*") continue;
+				if (!isNumericTelegramUserId(normalized)) invalidTelegramAllowFromEntries.add(normalized);
+			}
+			const groupAllowFrom = Array.isArray(telegramCfg.groupAllowFrom) ? telegramCfg.groupAllowFrom : [];
+			const groupAllowFromHasWildcard = groupAllowFrom.some((v) => String(v).trim() === "*");
+			for (const entry of groupAllowFrom) {
+				const normalized = normalizeTelegramAllowFromEntry(entry);
+				if (!normalized || normalized === "*") continue;
+				if (!isNumericTelegramUserId(normalized)) invalidTelegramAllowFromEntries.add(normalized);
+			}
+			const dmAllowFrom = Array.isArray(telegramCfg.allowFrom) ? telegramCfg.allowFrom : [];
+			for (const entry of dmAllowFrom) {
+				const normalized = normalizeTelegramAllowFromEntry(entry);
+				if (!normalized || normalized === "*") continue;
+				if (!isNumericTelegramUserId(normalized)) invalidTelegramAllowFromEntries.add(normalized);
+			}
+			const anyGroupOverride = Boolean(groups && Object.values(groups).some((value) => {
+				if (!value || typeof value !== "object") return false;
+				const group = value;
+				const allowFrom = Array.isArray(group.allowFrom) ? group.allowFrom : [];
+				if (allowFrom.length > 0) {
+					for (const entry of allowFrom) {
+						const normalized = normalizeTelegramAllowFromEntry(entry);
+						if (!normalized || normalized === "*") continue;
+						if (!isNumericTelegramUserId(normalized)) invalidTelegramAllowFromEntries.add(normalized);
+					}
+					return true;
+				}
+				const topics = group.topics;
+				if (!topics || typeof topics !== "object") return false;
+				return Object.values(topics).some((topicValue) => {
+					if (!topicValue || typeof topicValue !== "object") return false;
+					const topic = topicValue;
+					const topicAllow = Array.isArray(topic.allowFrom) ? topic.allowFrom : [];
+					for (const entry of topicAllow) {
+						const normalized = normalizeTelegramAllowFromEntry(entry);
+						if (!normalized || normalized === "*") continue;
+						if (!isNumericTelegramUserId(normalized)) invalidTelegramAllowFromEntries.add(normalized);
+					}
+					return topicAllow.length > 0;
+				});
+			}));
+			const hasAnySenderAllowlist = storeAllowFrom.length > 0 || groupAllowFrom.length > 0 || anyGroupOverride;
+			if (invalidTelegramAllowFromEntries.size > 0) {
+				const examples = Array.from(invalidTelegramAllowFromEntries).slice(0, 5);
+				const more = invalidTelegramAllowFromEntries.size > examples.length ? ` (+${invalidTelegramAllowFromEntries.size - examples.length} more)` : "";
+				findings.push({
+					checkId: "channels.telegram.allowFrom.invalid_entries",
+					severity: "warn",
+					title: "Telegram allowlist contains non-numeric entries",
+					detail: `Telegram sender authorization requires numeric Telegram user IDs. Found non-numeric allowFrom entries: ${examples.join(", ")}${more}.`,
+					remediation: "Replace @username entries with numeric Telegram user IDs (use onboarding to resolve), then re-run the audit."
+				});
+			}
+			if (storeHasWildcard || groupAllowFromHasWildcard) {
+				findings.push({
+					checkId: "channels.telegram.groups.allowFrom.wildcard",
+					severity: "critical",
+					title: "Telegram group allowlist contains wildcard",
+					detail: "Telegram group sender allowlist contains \"*\", which allows any group member to run /… commands and control directives.",
+					remediation: "Remove \"*\" from channels.telegram.groupAllowFrom and pairing store; prefer explicit numeric Telegram user IDs."
+				});
+				continue;
+			}
+			if (!hasAnySenderAllowlist) {
+				const providerSetting = telegramCfg.commands?.nativeSkills;
+				const skillsEnabled = resolveNativeSkillsEnabled({
+					providerId: "telegram",
+					providerSetting,
+					globalSetting: params.cfg.commands?.nativeSkills
+				});
+				findings.push({
+					checkId: "channels.telegram.groups.allowFrom.missing",
+					severity: "critical",
+					title: "Telegram group commands have no sender allowlist",
+					detail: `Telegram group access is enabled but no sender allowlist is configured; this allows any group member to invoke /… commands` + (skillsEnabled ? " (including skill commands)." : "."),
+					remediation: "Approve yourself via pairing (recommended), or set channels.telegram.groupAllowFrom (or per-group groups.<id>.allowFrom)."
+				});
+			}
+		}
+	}
+	return findings;
+}
+//#endregion
+//#region src/security/audit-extra.sync.ts
+const SMALL_MODEL_PARAM_B_MAX = 300;
+function summarizeGroupPolicy(cfg) {
+	const channels = cfg.channels;
+	if (!channels || typeof channels !== "object") return {
+		open: 0,
+		allowlist: 0,
+		other: 0
+	};
+	let open = 0;
+	let allowlist = 0;
+	let other = 0;
+	for (const value of Object.values(channels)) {
+		if (!value || typeof value !== "object") continue;
+		const policy = value.groupPolicy;
+		if (policy === "open") open += 1;
+		else if (policy === "allowlist") allowlist += 1;
+		else other += 1;
+	}
+	return {
+		open,
+		allowlist,
+		other
+	};
+}
+function isProbablySyncedPath(p) {
+	const s = p.toLowerCase();
+	return s.includes("icloud") || s.includes("dropbox") || s.includes("google drive") || s.includes("googledrive") || s.includes("onedrive");
+}
+function looksLikeEnvRef(value) {
+	const v = value.trim();
+	return v.startsWith("${") && v.endsWith("}");
+}
+function isGatewayRemotelyExposed(cfg) {
+	if ((typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback") !== "loopback") return true;
+	const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
+	return tailscaleMode === "serve" || tailscaleMode === "funnel";
+}
+function addModel(models, raw, source) {
+	if (typeof raw !== "string") return;
+	const id = raw.trim();
+	if (!id) return;
+	models.push({
+		id,
+		source
+	});
+}
+function collectModels(cfg) {
+	const out = [];
+	addModel(out, cfg.agents?.defaults?.model?.primary, "agents.defaults.model.primary");
+	for (const f of cfg.agents?.defaults?.model?.fallbacks ?? []) addModel(out, f, "agents.defaults.model.fallbacks");
+	addModel(out, cfg.agents?.defaults?.imageModel?.primary, "agents.defaults.imageModel.primary");
+	for (const f of cfg.agents?.defaults?.imageModel?.fallbacks ?? []) addModel(out, f, "agents.defaults.imageModel.fallbacks");
+	const list = Array.isArray(cfg.agents?.list) ? cfg.agents?.list : [];
+	for (const agent of list ?? []) {
+		if (!agent || typeof agent !== "object") continue;
+		const id = typeof agent.id === "string" ? agent.id : "";
+		const model = agent.model;
+		if (typeof model === "string") addModel(out, model, `agents.list.${id}.model`);
+		else if (model && typeof model === "object") {
+			addModel(out, model.primary, `agents.list.${id}.model.primary`);
+			const fallbacks = model.fallbacks;
+			if (Array.isArray(fallbacks)) for (const f of fallbacks) addModel(out, f, `agents.list.${id}.model.fallbacks`);
+		}
+	}
+	return out;
+}
+const LEGACY_MODEL_PATTERNS = [
+	{
+		id: "openai.gpt35",
+		re: /\bgpt-3\.5\b/i,
+		label: "GPT-3.5 family"
+	},
+	{
+		id: "anthropic.claude2",
+		re: /\bclaude-(instant|2)\b/i,
+		label: "Claude 2/Instant family"
+	},
+	{
+		id: "openai.gpt4_legacy",
+		re: /\bgpt-4-(0314|0613)\b/i,
+		label: "Legacy GPT-4 snapshots"
+	}
+];
+const WEAK_TIER_MODEL_PATTERNS = [{
+	id: "anthropic.haiku",
+	re: /\bhaiku\b/i,
+	label: "Haiku tier (smaller model)"
+}];
+function isGptModel(id) {
+	return /\bgpt-/i.test(id);
+}
+function isGpt5OrHigher(id) {
+	return /\bgpt-5(?:\b|[.-])/i.test(id);
+}
+function isClaudeModel(id) {
+	return /\bclaude-/i.test(id);
+}
+function isClaude45OrHigher(id) {
+	return /\bclaude-[^\s/]*?(?:-4-?(?:[5-9]|[1-9]\d)\b|4\.(?:[5-9]|[1-9]\d)\b|-[5-9](?:\b|[.-]))/i.test(id);
+}
+function extractAgentIdFromSource(source) {
+	return source.match(/^agents\.list\.([^.]*)\./)?.[1] ?? null;
+}
+function unionAllow$1(base, extra) {
+	if (!Array.isArray(extra) || extra.length === 0) return base;
+	if (!Array.isArray(base) || base.length === 0) return Array.from(new Set(["*", ...extra]));
+	return Array.from(new Set([...base, ...extra]));
+}
+function pickToolPolicy$1(config) {
+	if (!config) return null;
+	const allow = Array.isArray(config.allow) ? unionAllow$1(config.allow, config.alsoAllow) : Array.isArray(config.alsoAllow) && config.alsoAllow.length > 0 ? unionAllow$1(void 0, config.alsoAllow) : void 0;
+	const deny = Array.isArray(config.deny) ? config.deny : void 0;
+	if (!allow && !deny) return null;
+	return {
+		allow,
+		deny
+	};
+}
+function hasConfiguredDockerConfig(docker) {
+	if (!docker || typeof docker !== "object") return false;
+	return Object.values(docker).some((value) => value !== void 0);
+}
+function normalizeNodeCommand(value) {
+	return typeof value === "string" ? value.trim() : "";
+}
+function listKnownNodeCommands(cfg) {
+	const baseCfg = {
+		...cfg,
+		gateway: {
+			...cfg.gateway,
+			nodes: {
+				...cfg.gateway?.nodes,
+				denyCommands: []
+			}
+		}
+	};
+	const out = /* @__PURE__ */ new Set();
+	for (const platform of [
+		"ios",
+		"android",
+		"macos",
+		"linux",
+		"windows",
+		"unknown"
+	]) {
+		const allow = resolveNodeCommandAllowlist(baseCfg, { platform });
+		for (const cmd of allow) {
+			const normalized = normalizeNodeCommand(cmd);
+			if (normalized) out.add(normalized);
+		}
+	}
+	return out;
+}
+function looksLikeNodeCommandPattern(value) {
+	if (!value) return false;
+	if (/[?*[\]{}(),|]/.test(value)) return true;
+	if (value.startsWith("/") || value.endsWith("/") || value.startsWith("^") || value.endsWith("$")) return true;
+	return /\s/.test(value) || value.includes("group:");
+}
+function resolveToolPolicies$1(params) {
+	const policies = [];
+	const profilePolicy = resolveToolProfilePolicy(params.agentTools?.profile ?? params.cfg.tools?.profile);
+	if (profilePolicy) policies.push(profilePolicy);
+	const globalPolicy = pickToolPolicy$1(params.cfg.tools ?? void 0);
+	if (globalPolicy) policies.push(globalPolicy);
+	const agentPolicy = pickToolPolicy$1(params.agentTools);
+	if (agentPolicy) policies.push(agentPolicy);
+	if (params.sandboxMode === "all") {
+		const sandboxPolicy = resolveSandboxToolPolicyForAgent(params.cfg, params.agentId ?? void 0);
+		policies.push(sandboxPolicy);
+	}
+	return policies;
+}
+function hasWebSearchKey(cfg, env) {
+	const search = cfg.tools?.web?.search;
+	return Boolean(search?.apiKey || search?.perplexity?.apiKey || env.BRAVE_API_KEY || env.PERPLEXITY_API_KEY || env.OPENROUTER_API_KEY);
+}
+function isWebSearchEnabled(cfg, env) {
+	const enabled = cfg.tools?.web?.search?.enabled;
+	if (enabled === false) return false;
+	if (enabled === true) return true;
+	return hasWebSearchKey(cfg, env);
+}
+function isWebFetchEnabled(cfg) {
+	if (cfg.tools?.web?.fetch?.enabled === false) return false;
+	return true;
+}
+function isBrowserEnabled(cfg) {
+	try {
+		return resolveBrowserConfig(cfg.browser, cfg).enabled;
+	} catch {
+		return true;
+	}
+}
+function listGroupPolicyOpen(cfg) {
+	const out = [];
+	const channels = cfg.channels;
+	if (!channels || typeof channels !== "object") return out;
+	for (const [channelId, value] of Object.entries(channels)) {
+		if (!value || typeof value !== "object") continue;
+		const section = value;
+		if (section.groupPolicy === "open") out.push(`channels.${channelId}.groupPolicy`);
+		const accounts = section.accounts;
+		if (accounts && typeof accounts === "object") for (const [accountId, accountVal] of Object.entries(accounts)) {
+			if (!accountVal || typeof accountVal !== "object") continue;
+			if (accountVal.groupPolicy === "open") out.push(`channels.${channelId}.accounts.${accountId}.groupPolicy`);
+		}
+	}
+	return out;
+}
+function collectAttackSurfaceSummaryFindings(cfg) {
+	const group = summarizeGroupPolicy(cfg);
+	const elevated = cfg.tools?.elevated?.enabled !== false;
+	const webhooksEnabled = cfg.hooks?.enabled === true;
+	const internalHooksEnabled = cfg.hooks?.internal?.enabled === true;
+	const browserEnabled = cfg.browser?.enabled ?? true;
+	return [{
+		checkId: "summary.attack_surface",
+		severity: "info",
+		title: "Attack surface summary",
+		detail: `groups: open=${group.open}, allowlist=${group.allowlist}\ntools.elevated: ${elevated ? "enabled" : "disabled"}\nhooks.webhooks: ${webhooksEnabled ? "enabled" : "disabled"}\nhooks.internal: ${internalHooksEnabled ? "enabled" : "disabled"}\nbrowser control: ${browserEnabled ? "enabled" : "disabled"}`
+	}];
+}
+function collectSyncedFolderFindings(params) {
+	const findings = [];
+	if (isProbablySyncedPath(params.stateDir) || isProbablySyncedPath(params.configPath)) findings.push({
+		checkId: "fs.synced_dir",
+		severity: "warn",
+		title: "State/config path looks like a synced folder",
+		detail: `stateDir=${params.stateDir}, configPath=${params.configPath}. Synced folders (iCloud/Dropbox/OneDrive/Google Drive) can leak tokens and transcripts onto other devices.`,
+		remediation: `Keep ANIMA_STATE_DIR on a local-only volume and re-run "${formatCliCommand("anima security audit --fix")}".`
+	});
+	return findings;
+}
+function collectSecretsInConfigFindings(cfg) {
+	const findings = [];
+	const password = typeof cfg.gateway?.auth?.password === "string" ? cfg.gateway.auth.password.trim() : "";
+	if (password && !looksLikeEnvRef(password)) findings.push({
+		checkId: "config.secrets.gateway_password_in_config",
+		severity: "warn",
+		title: "Gateway password is stored in config",
+		detail: "gateway.auth.password is set in the config file; prefer environment variables for secrets when possible.",
+		remediation: "Prefer ANIMA_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk."
+	});
+	const hooksToken = typeof cfg.hooks?.token === "string" ? cfg.hooks.token.trim() : "";
+	if (cfg.hooks?.enabled === true && hooksToken && !looksLikeEnvRef(hooksToken)) findings.push({
+		checkId: "config.secrets.hooks_token_in_config",
+		severity: "info",
+		title: "Hooks token is stored in config",
+		detail: "hooks.token is set in the config file; keep config perms tight and treat it like an API secret."
+	});
+	return findings;
+}
+function collectHooksHardeningFindings(cfg, env = process.env) {
+	const findings = [];
+	if (cfg.hooks?.enabled !== true) return findings;
+	const token = typeof cfg.hooks?.token === "string" ? cfg.hooks.token.trim() : "";
+	if (token && token.length < 24) findings.push({
+		checkId: "hooks.token_too_short",
+		severity: "warn",
+		title: "Hooks token looks short",
+		detail: `hooks.token is ${token.length} chars; prefer a long random token.`
+	});
+	const gatewayAuth = resolveGatewayAuth({
+		authConfig: cfg.gateway?.auth,
+		tailscaleMode: cfg.gateway?.tailscale?.mode ?? "off",
+		env
+	});
+	const animaGatewayToken = typeof env.ANIMA_GATEWAY_TOKEN === "string" && env.ANIMA_GATEWAY_TOKEN.trim() ? env.ANIMA_GATEWAY_TOKEN.trim() : null;
+	const gatewayToken = gatewayAuth.mode === "token" && typeof gatewayAuth.token === "string" && gatewayAuth.token.trim() ? gatewayAuth.token.trim() : animaGatewayToken ? animaGatewayToken : null;
+	if (token && gatewayToken && token === gatewayToken) findings.push({
+		checkId: "hooks.token_reuse_gateway_token",
+		severity: "warn",
+		title: "Hooks token reuses the Gateway token",
+		detail: "hooks.token matches gateway.auth token; compromise of hooks expands blast radius to the Gateway API.",
+		remediation: "Use a separate hooks.token dedicated to hook ingress."
+	});
+	if ((typeof cfg.hooks?.path === "string" ? cfg.hooks.path.trim() : "") === "/") findings.push({
+		checkId: "hooks.path_root",
+		severity: "critical",
+		title: "Hooks base path is '/'",
+		detail: "hooks.path='/' would shadow other HTTP endpoints and is unsafe.",
+		remediation: "Use a dedicated path like '/hooks'."
+	});
+	const allowRequestSessionKey = cfg.hooks?.allowRequestSessionKey === true;
+	const defaultSessionKey = typeof cfg.hooks?.defaultSessionKey === "string" ? cfg.hooks.defaultSessionKey.trim() : "";
+	const allowedPrefixes = Array.isArray(cfg.hooks?.allowedSessionKeyPrefixes) ? cfg.hooks.allowedSessionKeyPrefixes.map((prefix) => prefix.trim()).filter((prefix) => prefix.length > 0) : [];
+	const remoteExposure = isGatewayRemotelyExposed(cfg);
+	if (!defaultSessionKey) findings.push({
+		checkId: "hooks.default_session_key_unset",
+		severity: "warn",
+		title: "hooks.defaultSessionKey is not configured",
+		detail: "Hook agent runs without explicit sessionKey use generated per-request keys. Set hooks.defaultSessionKey to keep hook ingress scoped to a known session.",
+		remediation: "Set hooks.defaultSessionKey (for example, \"hook:ingress\")."
+	});
+	if (allowRequestSessionKey) findings.push({
+		checkId: "hooks.request_session_key_enabled",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "External hook payloads may override sessionKey",
+		detail: "hooks.allowRequestSessionKey=true allows `/hooks/agent` callers to choose the session key. Treat hook token holders as full-trust unless you also restrict prefixes.",
+		remediation: "Set hooks.allowRequestSessionKey=false (recommended) or constrain hooks.allowedSessionKeyPrefixes."
+	});
+	if (allowRequestSessionKey && allowedPrefixes.length === 0) findings.push({
+		checkId: "hooks.request_session_key_prefixes_missing",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "Request sessionKey override is enabled without prefix restrictions",
+		detail: "hooks.allowRequestSessionKey=true and hooks.allowedSessionKeyPrefixes is unset/empty, so request payloads can target arbitrary session key shapes.",
+		remediation: "Set hooks.allowedSessionKeyPrefixes (for example, [\"hook:\"]) or disable request overrides."
+	});
+	return findings;
+}
+function collectGatewayHttpSessionKeyOverrideFindings(cfg) {
+	const findings = [];
+	const chatCompletionsEnabled = cfg.gateway?.http?.endpoints?.chatCompletions?.enabled === true;
+	const responsesEnabled = cfg.gateway?.http?.endpoints?.responses?.enabled === true;
+	if (!chatCompletionsEnabled && !responsesEnabled) return findings;
+	const enabledEndpoints = [chatCompletionsEnabled ? "/v1/chat/completions" : null, responsesEnabled ? "/v1/responses" : null].filter((entry) => Boolean(entry));
+	findings.push({
+		checkId: "gateway.http.session_key_override_enabled",
+		severity: "info",
+		title: "HTTP API session-key override is enabled",
+		detail: `${enabledEndpoints.join(", ")} accept x-anima-session-key for per-request session routing. Treat API credential holders as trusted principals.`
+	});
+	return findings;
+}
+function collectSandboxDockerNoopFindings(cfg) {
+	const findings = [];
+	const configuredPaths = [];
+	const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : [];
+	const defaultsSandbox = cfg.agents?.defaults?.sandbox;
+	const hasDefaultDocker = hasConfiguredDockerConfig(defaultsSandbox?.docker);
+	const defaultMode = defaultsSandbox?.mode ?? "off";
+	const hasAnySandboxEnabledAgent = agents.some((entry) => {
+		if (!entry || typeof entry !== "object" || typeof entry.id !== "string") return false;
+		return resolveSandboxConfigForAgent(cfg, entry.id).mode !== "off";
+	});
+	if (hasDefaultDocker && defaultMode === "off" && !hasAnySandboxEnabledAgent) configuredPaths.push("agents.defaults.sandbox.docker");
+	for (const entry of agents) {
+		if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
+		if (!hasConfiguredDockerConfig(entry.sandbox?.docker)) continue;
+		if (resolveSandboxConfigForAgent(cfg, entry.id).mode === "off") configuredPaths.push(`agents.list.${entry.id}.sandbox.docker`);
+	}
+	if (configuredPaths.length === 0) return findings;
+	findings.push({
+		checkId: "sandbox.docker_config_mode_off",
+		severity: "warn",
+		title: "Sandbox docker settings configured while sandbox mode is off",
+		detail: "These docker settings will not take effect until sandbox mode is enabled:\n" + configuredPaths.map((entry) => `- ${entry}`).join("\n"),
+		remediation: "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) where needed, or remove unused docker settings."
+	});
+	return findings;
+}
+function collectNodeDenyCommandPatternFindings(cfg) {
+	const findings = [];
+	const denyListRaw = cfg.gateway?.nodes?.denyCommands;
+	if (!Array.isArray(denyListRaw) || denyListRaw.length === 0) return findings;
+	const denyList = denyListRaw.map(normalizeNodeCommand).filter(Boolean);
+	if (denyList.length === 0) return findings;
+	const knownCommands = listKnownNodeCommands(cfg);
+	const patternLike = denyList.filter((entry) => looksLikeNodeCommandPattern(entry));
+	const unknownExact = denyList.filter((entry) => !looksLikeNodeCommandPattern(entry) && !knownCommands.has(entry));
+	if (patternLike.length === 0 && unknownExact.length === 0) return findings;
+	const detailParts = [];
+	if (patternLike.length > 0) detailParts.push(`Pattern-like entries (not supported by exact matching): ${patternLike.join(", ")}`);
+	if (unknownExact.length > 0) detailParts.push(`Unknown command names (not in defaults/allowCommands): ${unknownExact.join(", ")}`);
+	const examples = Array.from(knownCommands).slice(0, 8);
+	findings.push({
+		checkId: "gateway.nodes.deny_commands_ineffective",
+		severity: "warn",
+		title: "Some gateway.nodes.denyCommands entries are ineffective",
+		detail: "gateway.nodes.denyCommands uses exact command-name matching only.\n" + detailParts.map((entry) => `- ${entry}`).join("\n"),
+		remediation: `Use exact command names (for example: ${examples.join(", ")}). If you need broader restrictions, remove risky commands from allowCommands/default workflows.`
+	});
+	return findings;
+}
+function collectMinimalProfileOverrideFindings(cfg) {
+	const findings = [];
+	if (cfg.tools?.profile !== "minimal") return findings;
+	const overrides = (cfg.agents?.list ?? []).filter((entry) => {
+		return Boolean(entry && typeof entry === "object" && typeof entry.id === "string" && entry.tools?.profile && entry.tools.profile !== "minimal");
+	}).map((entry) => `${entry.id}=${entry.tools?.profile}`);
+	if (overrides.length === 0) return findings;
+	findings.push({
+		checkId: "tools.profile_minimal_overridden",
+		severity: "warn",
+		title: "Global tools.profile=minimal is overridden by agent profiles",
+		detail: "Global minimal profile is set, but these agent profiles take precedence:\n" + overrides.map((entry) => `- agents.list.${entry}`).join("\n"),
+		remediation: "Set those agents to `tools.profile=\"minimal\"` (or remove the agent override) if you want minimal tools enforced globally."
+	});
+	return findings;
+}
+function collectModelHygieneFindings(cfg) {
+	const findings = [];
+	const models = collectModels(cfg);
+	if (models.length === 0) return findings;
+	const weakMatches = /* @__PURE__ */ new Map();
+	const addWeakMatch = (model, source, reason) => {
+		const key = `${model}@@${source}`;
+		const existing = weakMatches.get(key);
+		if (!existing) {
+			weakMatches.set(key, {
+				model,
+				source,
+				reasons: [reason]
+			});
+			return;
+		}
+		if (!existing.reasons.includes(reason)) existing.reasons.push(reason);
+	};
+	for (const entry of models) {
+		for (const pat of WEAK_TIER_MODEL_PATTERNS) if (pat.re.test(entry.id)) {
+			addWeakMatch(entry.id, entry.source, pat.label);
+			break;
+		}
+		if (isGptModel(entry.id) && !isGpt5OrHigher(entry.id)) addWeakMatch(entry.id, entry.source, "Below GPT-5 family");
+		if (isClaudeModel(entry.id) && !isClaude45OrHigher(entry.id)) addWeakMatch(entry.id, entry.source, "Below Claude 4.5");
+	}
+	const matches = [];
+	for (const entry of models) for (const pat of LEGACY_MODEL_PATTERNS) if (pat.re.test(entry.id)) {
+		matches.push({
+			model: entry.id,
+			source: entry.source,
+			reason: pat.label
+		});
+		break;
+	}
+	if (matches.length > 0) {
+		const lines = matches.slice(0, 12).map((m) => `- ${m.model} (${m.reason}) @ ${m.source}`).join("\n");
+		const more = matches.length > 12 ? `\n…${matches.length - 12} more` : "";
+		findings.push({
+			checkId: "models.legacy",
+			severity: "warn",
+			title: "Some configured models look legacy",
+			detail: "Older/legacy models can be less robust against prompt injection and tool misuse.\n" + lines + more,
+			remediation: "Prefer modern, instruction-hardened models for any bot that can run tools."
+		});
+	}
+	if (weakMatches.size > 0) {
+		const lines = Array.from(weakMatches.values()).slice(0, 12).map((m) => `- ${m.model} (${m.reasons.join("; ")}) @ ${m.source}`).join("\n");
+		const more = weakMatches.size > 12 ? `\n…${weakMatches.size - 12} more` : "";
+		findings.push({
+			checkId: "models.weak_tier",
+			severity: "warn",
+			title: "Some configured models are below recommended tiers",
+			detail: "Smaller/older models are generally more susceptible to prompt injection and tool misuse.\n" + lines + more,
+			remediation: "Use the latest, top-tier model for any bot with tools or untrusted inboxes. Avoid Haiku tiers; prefer GPT-5+ and Claude 4.5+."
+		});
+	}
+	return findings;
+}
+function collectSmallModelRiskFindings(params) {
+	const findings = [];
+	const models = collectModels(params.cfg).filter((entry) => !entry.source.includes("imageModel"));
+	if (models.length === 0) return findings;
+	const smallModels = models.map((entry) => {
+		const paramB = inferParamBFromIdOrName(entry.id);
+		if (!paramB || paramB > SMALL_MODEL_PARAM_B_MAX) return null;
+		return {
+			...entry,
+			paramB
+		};
+	}).filter((entry) => Boolean(entry));
+	if (smallModels.length === 0) return findings;
+	let hasUnsafe = false;
+	const modelLines = [];
+	const exposureSet = /* @__PURE__ */ new Set();
+	for (const entry of smallModels) {
+		const agentId = extractAgentIdFromSource(entry.source);
+		const sandboxMode = resolveSandboxConfigForAgent(params.cfg, agentId ?? void 0).mode;
+		const agentTools = agentId && params.cfg.agents?.list ? params.cfg.agents.list.find((agent) => agent?.id === agentId)?.tools : void 0;
+		const policies = resolveToolPolicies$1({
+			cfg: params.cfg,
+			agentTools,
+			sandboxMode,
+			agentId
+		});
+		const exposed = [];
+		if (isWebSearchEnabled(params.cfg, params.env)) {
+			if (isToolAllowedByPolicies("web_search", policies)) exposed.push("web_search");
+		}
+		if (isWebFetchEnabled(params.cfg)) {
+			if (isToolAllowedByPolicies("web_fetch", policies)) exposed.push("web_fetch");
+		}
+		if (isBrowserEnabled(params.cfg)) {
+			if (isToolAllowedByPolicies("browser", policies)) exposed.push("browser");
+		}
+		for (const tool of exposed) exposureSet.add(tool);
+		const sandboxLabel = sandboxMode === "all" ? "sandbox=all" : `sandbox=${sandboxMode}`;
+		const exposureLabel = exposed.length > 0 ? ` web=[${exposed.join(", ")}]` : " web=[off]";
+		const safe = sandboxMode === "all" && exposed.length === 0;
+		if (!safe) hasUnsafe = true;
+		const statusLabel = safe ? "ok" : "unsafe";
+		modelLines.push(`- ${entry.id} (${entry.paramB}B) @ ${entry.source} (${statusLabel}; ${sandboxLabel};${exposureLabel})`);
+	}
+	const exposureList = Array.from(exposureSet);
+	const exposureDetail = exposureList.length > 0 ? `Uncontrolled input tools allowed: ${exposureList.join(", ")}.` : "No web/browser tools detected for these models.";
+	findings.push({
+		checkId: "models.small_params",
+		severity: hasUnsafe ? "critical" : "info",
+		title: "Small models require sandboxing and web tools disabled",
+		detail: `Small models (<=${SMALL_MODEL_PARAM_B_MAX}B params) detected:\n` + modelLines.join("\n") + `\n` + exposureDetail + "\nSmall models are not recommended for untrusted inputs.",
+		remediation: "If you must use small models, enable sandboxing for all sessions (agents.defaults.sandbox.mode=\"all\") and disable web_search/web_fetch/browser (tools.deny=[\"group:web\",\"browser\"])."
+	});
+	return findings;
+}
+function collectExposureMatrixFindings(cfg) {
+	const findings = [];
+	const openGroups = listGroupPolicyOpen(cfg);
+	if (openGroups.length === 0) return findings;
+	if (cfg.tools?.elevated?.enabled !== false) findings.push({
+		checkId: "security.exposure.open_groups_with_elevated",
+		severity: "critical",
+		title: "Open groupPolicy with elevated tools enabled",
+		detail: `Found groupPolicy="open" at:\n${openGroups.map((p) => `- ${p}`).join("\n")}\nWith tools.elevated enabled, a prompt injection in those rooms can become a high-impact incident.`,
+		remediation: `Set groupPolicy="allowlist" and keep elevated allowlists extremely tight.`
+	});
+	return findings;
+}
+//#endregion
+//#region src/config/includes-scan.ts
+function listDirectIncludes(parsed) {
+	const out = [];
+	const visit = (value) => {
+		if (!value) return;
+		if (Array.isArray(value)) {
+			for (const item of value) visit(item);
+			return;
+		}
+		if (typeof value !== "object") return;
+		const rec = value;
+		const includeVal = rec[INCLUDE_KEY];
+		if (typeof includeVal === "string") out.push(includeVal);
+		else if (Array.isArray(includeVal)) {
+			for (const item of includeVal) if (typeof item === "string") out.push(item);
+		}
+		for (const v of Object.values(rec)) visit(v);
+	};
+	visit(parsed);
+	return out;
+}
+function resolveIncludePath(baseConfigPath, includePath) {
+	return path.normalize(path.isAbsolute(includePath) ? includePath : path.resolve(path.dirname(baseConfigPath), includePath));
+}
+async function collectIncludePathsRecursive(params) {
+	const visited = /* @__PURE__ */ new Set();
+	const result = [];
+	const walk = async (basePath, parsed, depth) => {
+		if (depth > MAX_INCLUDE_DEPTH) return;
+		for (const raw of listDirectIncludes(parsed)) {
+			const resolved = resolveIncludePath(basePath, raw);
+			if (visited.has(resolved)) continue;
+			visited.add(resolved);
+			result.push(resolved);
+			const rawText = await fs$1.readFile(resolved, "utf-8").catch(() => null);
+			if (!rawText) continue;
+			const nestedParsed = (() => {
+				try {
+					return JSON5.parse(rawText);
+				} catch {
+					return null;
+				}
+			})();
+			if (nestedParsed) await walk(resolved, nestedParsed, depth + 1);
+		}
+	};
+	await walk(params.configPath, params.parsed, 0);
+	return result;
+}
+//#endregion
+//#region src/security/windows-acl.ts
+const INHERIT_FLAGS = new Set([
+	"I",
+	"OI",
+	"CI",
+	"IO",
+	"NP"
+]);
+const WORLD_PRINCIPALS = new Set([
+	"everyone",
+	"users",
+	"builtin\\users",
+	"authenticated users",
+	"nt authority\\authenticated users"
+]);
+const TRUSTED_BASE = new Set([
+	"nt authority\\system",
+	"system",
+	"builtin\\administrators",
+	"creator owner"
+]);
+const WORLD_SUFFIXES = ["\\users", "\\authenticated users"];
+const TRUSTED_SUFFIXES = ["\\administrators", "\\system"];
+const normalize = (value) => value.trim().toLowerCase();
+function resolveWindowsUserPrincipal(env) {
+	const username = env?.USERNAME?.trim() || os.userInfo().username?.trim();
+	if (!username) return null;
+	const domain = env?.USERDOMAIN?.trim();
+	return domain ? `${domain}\\${username}` : username;
+}
+function buildTrustedPrincipals(env) {
+	const trusted = new Set(TRUSTED_BASE);
+	const principal = resolveWindowsUserPrincipal(env);
+	if (principal) {
+		trusted.add(normalize(principal));
+		const userOnly = principal.split("\\").at(-1);
+		if (userOnly) trusted.add(normalize(userOnly));
+	}
+	return trusted;
+}
+function classifyPrincipal(principal, env) {
+	const normalized = normalize(principal);
+	if (buildTrustedPrincipals(env).has(normalized) || TRUSTED_SUFFIXES.some((s) => normalized.endsWith(s))) return "trusted";
+	if (WORLD_PRINCIPALS.has(normalized) || WORLD_SUFFIXES.some((s) => normalized.endsWith(s))) return "world";
+	return "group";
+}
+function rightsFromTokens(tokens) {
+	const upper = tokens.join("").toUpperCase();
+	const canWrite = upper.includes("F") || upper.includes("M") || upper.includes("W") || upper.includes("D");
+	return {
+		canRead: upper.includes("F") || upper.includes("M") || upper.includes("R"),
+		canWrite
+	};
+}
+function parseIcaclsOutput(output, targetPath) {
+	const entries = [];
+	const normalizedTarget = targetPath.trim();
+	const lowerTarget = normalizedTarget.toLowerCase();
+	const quotedTarget = `"${normalizedTarget}"`;
+	const quotedLower = quotedTarget.toLowerCase();
+	for (const rawLine of output.split(/\r?\n/)) {
+		const line = rawLine.trimEnd();
+		if (!line.trim()) continue;
+		const trimmed = line.trim();
+		const lower = trimmed.toLowerCase();
+		if (lower.startsWith("successfully processed") || lower.startsWith("processed") || lower.startsWith("failed processing") || lower.startsWith("no mapping between account names")) continue;
+		let entry = trimmed;
+		if (lower.startsWith(lowerTarget)) entry = trimmed.slice(normalizedTarget.length).trim();
+		else if (lower.startsWith(quotedLower)) entry = trimmed.slice(quotedTarget.length).trim();
+		if (!entry) continue;
+		const idx = entry.indexOf(":");
+		if (idx === -1) continue;
+		const principal = entry.slice(0, idx).trim();
+		const rawRights = entry.slice(idx + 1).trim();
+		const tokens = rawRights.match(/\(([^)]+)\)/g)?.map((token) => token.slice(1, -1).trim()).filter(Boolean) ?? [];
+		if (tokens.some((token) => token.toUpperCase() === "DENY")) continue;
+		const rights = tokens.filter((token) => !INHERIT_FLAGS.has(token.toUpperCase()));
+		if (rights.length === 0) continue;
+		const { canRead, canWrite } = rightsFromTokens(rights);
+		entries.push({
+			principal,
+			rights,
+			rawRights,
+			canRead,
+			canWrite
+		});
+	}
+	return entries;
+}
+function summarizeWindowsAcl(entries, env) {
+	const trusted = [];
+	const untrustedWorld = [];
+	const untrustedGroup = [];
+	for (const entry of entries) {
+		const classification = classifyPrincipal(entry.principal, env);
+		if (classification === "trusted") trusted.push(entry);
+		else if (classification === "world") untrustedWorld.push(entry);
+		else untrustedGroup.push(entry);
+	}
+	return {
+		trusted,
+		untrustedWorld,
+		untrustedGroup
+	};
+}
+async function inspectWindowsAcl(targetPath, opts) {
+	const exec = opts?.exec ?? runExec;
+	try {
+		const { stdout, stderr } = await exec("icacls", [targetPath]);
+		const entries = parseIcaclsOutput(`${stdout}\n${stderr}`.trim(), targetPath);
+		const { trusted, untrustedWorld, untrustedGroup } = summarizeWindowsAcl(entries, opts?.env);
+		return {
+			ok: true,
+			entries,
+			trusted,
+			untrustedWorld,
+			untrustedGroup
+		};
+	} catch (err) {
+		return {
+			ok: false,
+			entries: [],
+			trusted: [],
+			untrustedWorld: [],
+			untrustedGroup: [],
+			error: String(err)
+		};
+	}
+}
+function formatWindowsAclSummary(summary) {
+	if (!summary.ok) return "unknown";
+	const untrusted = [...summary.untrustedWorld, ...summary.untrustedGroup];
+	if (untrusted.length === 0) return "trusted-only";
+	return untrusted.map((entry) => `${entry.principal}:${entry.rawRights}`).join(", ");
+}
+function formatIcaclsResetCommand(targetPath, opts) {
+	const user = resolveWindowsUserPrincipal(opts.env) ?? "%USERNAME%";
+	const grant = opts.isDir ? "(OI)(CI)F" : "F";
+	return `icacls "${targetPath}" /inheritance:r /grant:r "${user}:${grant}" /grant:r "SYSTEM:${grant}"`;
+}
+function createIcaclsResetCommand(targetPath, opts) {
+	const user = resolveWindowsUserPrincipal(opts.env);
+	if (!user) return null;
+	const grant = opts.isDir ? "(OI)(CI)F" : "F";
+	return {
+		command: "icacls",
+		args: [
+			targetPath,
+			"/inheritance:r",
+			"/grant:r",
+			`${user}:${grant}`,
+			"/grant:r",
+			`SYSTEM:${grant}`
+		],
+		display: formatIcaclsResetCommand(targetPath, opts)
+	};
+}
+//#endregion
+//#region src/security/audit-fs.ts
+async function safeStat(targetPath) {
+	try {
+		const lst = await fs.lstat(targetPath);
+		return {
+			ok: true,
+			isSymlink: lst.isSymbolicLink(),
+			isDir: lst.isDirectory(),
+			mode: typeof lst.mode === "number" ? lst.mode : null,
+			uid: typeof lst.uid === "number" ? lst.uid : null,
+			gid: typeof lst.gid === "number" ? lst.gid : null
+		};
+	} catch (err) {
+		return {
+			ok: false,
+			isSymlink: false,
+			isDir: false,
+			mode: null,
+			uid: null,
+			gid: null,
+			error: String(err)
+		};
+	}
+}
+async function inspectPathPermissions(targetPath, opts) {
+	const st = await safeStat(targetPath);
+	if (!st.ok) return {
+		ok: false,
+		isSymlink: false,
+		isDir: false,
+		mode: null,
+		bits: null,
+		source: "unknown",
+		worldWritable: false,
+		groupWritable: false,
+		worldReadable: false,
+		groupReadable: false,
+		error: st.error
+	};
+	const bits = modeBits(st.mode);
+	if ((opts?.platform ?? process.platform) === "win32") {
+		const acl = await inspectWindowsAcl(targetPath, {
+			env: opts?.env,
+			exec: opts?.exec
+		});
+		if (!acl.ok) return {
+			ok: true,
+			isSymlink: st.isSymlink,
+			isDir: st.isDir,
+			mode: st.mode,
+			bits,
+			source: "unknown",
+			worldWritable: false,
+			groupWritable: false,
+			worldReadable: false,
+			groupReadable: false,
+			error: acl.error
+		};
+		return {
+			ok: true,
+			isSymlink: st.isSymlink,
+			isDir: st.isDir,
+			mode: st.mode,
+			bits,
+			source: "windows-acl",
+			worldWritable: acl.untrustedWorld.some((entry) => entry.canWrite),
+			groupWritable: acl.untrustedGroup.some((entry) => entry.canWrite),
+			worldReadable: acl.untrustedWorld.some((entry) => entry.canRead),
+			groupReadable: acl.untrustedGroup.some((entry) => entry.canRead),
+			aclSummary: formatWindowsAclSummary(acl)
+		};
+	}
+	return {
+		ok: true,
+		isSymlink: st.isSymlink,
+		isDir: st.isDir,
+		mode: st.mode,
+		bits,
+		source: "posix",
+		worldWritable: isWorldWritable(bits),
+		groupWritable: isGroupWritable(bits),
+		worldReadable: isWorldReadable(bits),
+		groupReadable: isGroupReadable(bits)
+	};
+}
+function formatPermissionDetail(targetPath, perms) {
+	if (perms.source === "windows-acl") return `${targetPath} acl=${perms.aclSummary ?? "unknown"}`;
+	return `${targetPath} mode=${formatOctal(perms.bits)}`;
+}
+function formatPermissionRemediation(params) {
+	if (params.perms.source === "windows-acl") return formatIcaclsResetCommand(params.targetPath, {
+		isDir: params.isDir,
+		env: params.env
+	});
+	return `chmod ${params.posixMode.toString(8).padStart(3, "0")} ${params.targetPath}`;
+}
+function modeBits(mode) {
+	if (mode == null) return null;
+	return mode & 511;
+}
+function formatOctal(bits) {
+	if (bits == null) return "unknown";
+	return bits.toString(8).padStart(3, "0");
+}
+function isWorldWritable(bits) {
+	if (bits == null) return false;
+	return (bits & 2) !== 0;
+}
+function isGroupWritable(bits) {
+	if (bits == null) return false;
+	return (bits & 16) !== 0;
+}
+function isWorldReadable(bits) {
+	if (bits == null) return false;
+	return (bits & 4) !== 0;
+}
+function isGroupReadable(bits) {
+	if (bits == null) return false;
+	return (bits & 32) !== 0;
+}
+//#endregion
+//#region src/security/audit-extra.async.ts
+/**
+* Asynchronous security audit collector functions.
+*
+* These functions perform I/O (filesystem, config reads) to detect security issues.
+*/
+function expandTilde(p, env) {
+	if (!p.startsWith("~")) return p;
+	const home = typeof env.HOME === "string" && env.HOME.trim() ? env.HOME.trim() : null;
+	if (!home) return null;
+	if (p === "~") return home;
+	if (p.startsWith("~/") || p.startsWith("~\\")) return path.join(home, p.slice(2));
+	return null;
+}
+async function readPluginManifestExtensions(pluginPath) {
+	const manifestPath = path.join(pluginPath, "package.json");
+	const raw = await fs.readFile(manifestPath, "utf-8").catch(() => "");
+	if (!raw.trim()) return [];
+	const extensions = JSON.parse(raw)?.[MANIFEST_KEY]?.extensions;
+	if (!Array.isArray(extensions)) return [];
+	return extensions.map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
+}
+function listWorkspaceDirs(cfg) {
+	const dirs = /* @__PURE__ */ new Set();
+	const list = cfg.agents?.list;
+	if (Array.isArray(list)) {
+		for (const entry of list) if (entry && typeof entry === "object" && typeof entry.id === "string") dirs.add(resolveAgentWorkspaceDir(cfg, entry.id));
+	}
+	dirs.add(resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg)));
+	return [...dirs];
+}
+function formatCodeSafetyDetails(findings, rootDir) {
+	return findings.map((finding) => {
+		const relPath = path.relative(rootDir, finding.file);
+		const normalizedPath = (relPath && relPath !== "." && !relPath.startsWith("..") ? relPath : path.basename(finding.file)).replaceAll("\\", "/");
+		return `  - [${finding.ruleId}] ${finding.message} (${normalizedPath}:${finding.line})`;
+	}).join("\n");
+}
+function unionAllow(base, extra) {
+	if (!Array.isArray(extra) || extra.length === 0) return base;
+	if (!Array.isArray(base) || base.length === 0) return Array.from(new Set(["*", ...extra]));
+	return Array.from(new Set([...base, ...extra]));
+}
+function pickToolPolicy(config) {
+	if (!config) return;
+	const allow = Array.isArray(config.allow) ? unionAllow(config.allow, config.alsoAllow) : Array.isArray(config.alsoAllow) && config.alsoAllow.length > 0 ? unionAllow(void 0, config.alsoAllow) : void 0;
+	const deny = Array.isArray(config.deny) ? config.deny : void 0;
+	if (!allow && !deny) return;
+	return {
+		allow,
+		deny
+	};
+}
+function resolveToolPolicies(params) {
+	const policies = [
+		resolveToolProfilePolicy(params.agentTools?.profile ?? params.cfg.tools?.profile),
+		pickToolPolicy(params.cfg.tools ?? void 0),
+		pickToolPolicy(params.agentTools)
+	];
+	if (params.sandboxMode === "all") policies.push(resolveSandboxToolPolicyForAgent(params.cfg, params.agentId ?? void 0));
+	return policies;
+}
+function normalizePluginIdSet(entries) {
+	return new Set(entries.map((entry) => entry.trim().toLowerCase()).filter(Boolean));
+}
+function resolveEnabledExtensionPluginIds(params) {
+	const normalized = normalizePluginsConfig(params.cfg.plugins);
+	if (!normalized.enabled) return [];
+	const allowSet = normalizePluginIdSet(normalized.allow);
+	const denySet = normalizePluginIdSet(normalized.deny);
+	const entryById = /* @__PURE__ */ new Map();
+	for (const [id, entry] of Object.entries(normalized.entries)) entryById.set(id.trim().toLowerCase(), entry);
+	const enabled = [];
+	for (const id of params.pluginDirs) {
+		const normalizedId = id.trim().toLowerCase();
+		if (!normalizedId) continue;
+		if (denySet.has(normalizedId)) continue;
+		if (allowSet.size > 0 && !allowSet.has(normalizedId)) continue;
+		if (entryById.get(normalizedId)?.enabled === false) continue;
+		enabled.push(normalizedId);
+	}
+	return enabled;
+}
+function collectAllowEntries(config) {
+	const out = [];
+	if (Array.isArray(config?.allow)) out.push(...config.allow);
+	if (Array.isArray(config?.alsoAllow)) out.push(...config.alsoAllow);
+	return out.map((entry) => entry.trim().toLowerCase()).filter(Boolean);
+}
+function hasExplicitPluginAllow(params) {
+	return params.allowEntries.some((entry) => entry === "group:plugins" || params.enabledPluginIds.has(entry));
+}
+function hasProviderPluginAllow(params) {
+	if (!params.byProvider) return false;
+	for (const policy of Object.values(params.byProvider)) if (hasExplicitPluginAllow({
+		allowEntries: collectAllowEntries(policy),
+		enabledPluginIds: params.enabledPluginIds
+	})) return true;
+	return false;
+}
+async function collectPluginsTrustFindings(params) {
+	const findings = [];
+	const extensionsDir = path.join(params.stateDir, "extensions");
+	const st = await safeStat(extensionsDir);
+	if (!st.ok || !st.isDir) return findings;
+	const pluginDirs = (await fs.readdir(extensionsDir, { withFileTypes: true }).catch(() => [])).filter((e) => e.isDirectory()).map((e) => e.name).filter(Boolean);
+	if (pluginDirs.length === 0) return findings;
+	const allow = params.cfg.plugins?.allow;
+	if (!(Array.isArray(allow) && allow.length > 0)) {
+		const hasString = (value) => typeof value === "string" && value.trim().length > 0;
+		const hasAccountStringKey = (account, key) => Boolean(account && typeof account === "object" && hasString(account[key]));
+		const discordConfigured = hasString(params.cfg.channels?.discord?.token) || Boolean(params.cfg.channels?.discord?.accounts && Object.values(params.cfg.channels.discord.accounts).some((a) => hasAccountStringKey(a, "token"))) || hasString(process.env.DISCORD_BOT_TOKEN);
+		const telegramConfigured = hasString(params.cfg.channels?.telegram?.botToken) || hasString(params.cfg.channels?.telegram?.tokenFile) || Boolean(params.cfg.channels?.telegram?.accounts && Object.values(params.cfg.channels.telegram.accounts).some((a) => hasAccountStringKey(a, "botToken") || hasAccountStringKey(a, "tokenFile"))) || hasString(process.env.TELEGRAM_BOT_TOKEN);
+		const slackConfigured = hasString(params.cfg.channels?.slack?.botToken) || hasString(params.cfg.channels?.slack?.appToken) || Boolean(params.cfg.channels?.slack?.accounts && Object.values(params.cfg.channels.slack.accounts).some((a) => hasAccountStringKey(a, "botToken") || hasAccountStringKey(a, "appToken"))) || hasString(process.env.SLACK_BOT_TOKEN) || hasString(process.env.SLACK_APP_TOKEN);
+		const skillCommandsLikelyExposed = discordConfigured && resolveNativeSkillsEnabled({
+			providerId: "discord",
+			providerSetting: params.cfg.channels?.discord?.commands?.nativeSkills,
+			globalSetting: params.cfg.commands?.nativeSkills
+		}) || telegramConfigured && resolveNativeSkillsEnabled({
+			providerId: "telegram",
+			providerSetting: params.cfg.channels?.telegram?.commands?.nativeSkills,
+			globalSetting: params.cfg.commands?.nativeSkills
+		}) || slackConfigured && resolveNativeSkillsEnabled({
+			providerId: "slack",
+			providerSetting: params.cfg.channels?.slack?.commands?.nativeSkills,
+			globalSetting: params.cfg.commands?.nativeSkills
+		});
+		findings.push({
+			checkId: "plugins.extensions_no_allowlist",
+			severity: skillCommandsLikelyExposed ? "critical" : "warn",
+			title: "Extensions exist but plugins.allow is not set",
+			detail: `Found ${pluginDirs.length} extension(s) under ${extensionsDir}. Without plugins.allow, any discovered plugin id may load (depending on config and plugin behavior).` + (skillCommandsLikelyExposed ? "\nNative skill commands are enabled on at least one configured chat surface; treat unpinned/unallowlisted extensions as high risk." : ""),
+			remediation: "Set plugins.allow to an explicit list of plugin ids you trust."
+		});
+	}
+	const enabledExtensionPluginIds = resolveEnabledExtensionPluginIds({
+		cfg: params.cfg,
+		pluginDirs
+	});
+	if (enabledExtensionPluginIds.length > 0) {
+		const enabledPluginSet = new Set(enabledExtensionPluginIds);
+		const contexts = [{ label: "default" }];
+		for (const entry of params.cfg.agents?.list ?? []) {
+			if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
+			contexts.push({
+				label: `agents.list.${entry.id}`,
+				agentId: entry.id,
+				tools: entry.tools
+			});
+		}
+		const permissiveContexts = [];
+		for (const context of contexts) {
+			const profile = context.tools?.profile ?? params.cfg.tools?.profile;
+			const restrictiveProfile = Boolean(resolveToolProfilePolicy(profile));
+			const sandboxMode = resolveSandboxConfigForAgent(params.cfg, context.agentId).mode;
+			const broadPolicy = isToolAllowedByPolicies("__anima_plugin_probe__", resolveToolPolicies({
+				cfg: params.cfg,
+				agentTools: context.tools,
+				sandboxMode,
+				agentId: context.agentId
+			}));
+			const explicitPluginAllow = !restrictiveProfile && (hasExplicitPluginAllow({
+				allowEntries: collectAllowEntries(params.cfg.tools),
+				enabledPluginIds: enabledPluginSet
+			}) || hasProviderPluginAllow({
+				byProvider: params.cfg.tools?.byProvider,
+				enabledPluginIds: enabledPluginSet
+			}) || hasExplicitPluginAllow({
+				allowEntries: collectAllowEntries(context.tools),
+				enabledPluginIds: enabledPluginSet
+			}) || hasProviderPluginAllow({
+				byProvider: context.tools?.byProvider,
+				enabledPluginIds: enabledPluginSet
+			}));
+			if (broadPolicy || explicitPluginAllow) permissiveContexts.push(context.label);
+		}
+		if (permissiveContexts.length > 0) findings.push({
+			checkId: "plugins.tools_reachable_permissive_policy",
+			severity: "warn",
+			title: "Extension plugin tools may be reachable under permissive tool policy",
+			detail: `Enabled extension plugins: ${enabledExtensionPluginIds.join(", ")}.\nPermissive tool policy contexts:\n${permissiveContexts.map((entry) => `- ${entry}`).join("\n")}`,
+			remediation: "Use restrictive profiles (`minimal`/`coding`) or explicit tool allowlists that exclude plugin tools for agents handling untrusted input."
+		});
+	}
+	return findings;
+}
+async function collectIncludeFilePermFindings(params) {
+	const findings = [];
+	if (!params.configSnapshot.exists) return findings;
+	const configPath = params.configSnapshot.path;
+	const includePaths = await collectIncludePathsRecursive({
+		configPath,
+		parsed: params.configSnapshot.parsed
+	});
+	if (includePaths.length === 0) return findings;
+	for (const p of includePaths) {
+		const perms = await inspectPathPermissions(p, {
+			env: params.env,
+			platform: params.platform,
+			exec: params.execIcacls
+		});
+		if (!perms.ok) continue;
+		if (perms.worldWritable || perms.groupWritable) findings.push({
+			checkId: "fs.config_include.perms_writable",
+			severity: "critical",
+			title: "Config include file is writable by others",
+			detail: `${formatPermissionDetail(p, perms)}; another user could influence your effective config.`,
+			remediation: formatPermissionRemediation({
+				targetPath: p,
+				perms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (perms.worldReadable) findings.push({
+			checkId: "fs.config_include.perms_world_readable",
+			severity: "critical",
+			title: "Config include file is world-readable",
+			detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: p,
+				perms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (perms.groupReadable) findings.push({
+			checkId: "fs.config_include.perms_group_readable",
+			severity: "warn",
+			title: "Config include file is group-readable",
+			detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: p,
+				perms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+	}
+	return findings;
+}
+async function collectStateDeepFilesystemFindings(params) {
+	const findings = [];
+	const oauthDir = resolveOAuthDir(params.env, params.stateDir);
+	const oauthPerms = await inspectPathPermissions(oauthDir, {
+		env: params.env,
+		platform: params.platform,
+		exec: params.execIcacls
+	});
+	if (oauthPerms.ok && oauthPerms.isDir) {
+		if (oauthPerms.worldWritable || oauthPerms.groupWritable) findings.push({
+			checkId: "fs.credentials_dir.perms_writable",
+			severity: "critical",
+			title: "Credentials dir is writable by others",
+			detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; another user could drop/modify credential files.`,
+			remediation: formatPermissionRemediation({
+				targetPath: oauthDir,
+				perms: oauthPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+		else if (oauthPerms.groupReadable || oauthPerms.worldReadable) findings.push({
+			checkId: "fs.credentials_dir.perms_readable",
+			severity: "warn",
+			title: "Credentials dir is readable by others",
+			detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; credentials and allowlists can be sensitive.`,
+			remediation: formatPermissionRemediation({
+				targetPath: oauthDir,
+				perms: oauthPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+	}
+	const agentIds = Array.isArray(params.cfg.agents?.list) ? params.cfg.agents?.list.map((a) => a && typeof a === "object" && typeof a.id === "string" ? a.id.trim() : "").filter(Boolean) : [];
+	const defaultAgentId = resolveDefaultAgentId(params.cfg);
+	const ids = Array.from(new Set([defaultAgentId, ...agentIds])).map((id) => normalizeAgentId(id));
+	for (const agentId of ids) {
+		const agentDir = path.join(params.stateDir, "agents", agentId, "agent");
+		const authPath = path.join(agentDir, "auth-profiles.json");
+		const authPerms = await inspectPathPermissions(authPath, {
+			env: params.env,
+			platform: params.platform,
+			exec: params.execIcacls
+		});
+		if (authPerms.ok) {
+			if (authPerms.worldWritable || authPerms.groupWritable) findings.push({
+				checkId: "fs.auth_profiles.perms_writable",
+				severity: "critical",
+				title: "auth-profiles.json is writable by others",
+				detail: `${formatPermissionDetail(authPath, authPerms)}; another user could inject credentials.`,
+				remediation: formatPermissionRemediation({
+					targetPath: authPath,
+					perms: authPerms,
+					isDir: false,
+					posixMode: 384,
+					env: params.env
+				})
+			});
+			else if (authPerms.worldReadable || authPerms.groupReadable) findings.push({
+				checkId: "fs.auth_profiles.perms_readable",
+				severity: "warn",
+				title: "auth-profiles.json is readable by others",
+				detail: `${formatPermissionDetail(authPath, authPerms)}; auth-profiles.json contains API keys and OAuth tokens.`,
+				remediation: formatPermissionRemediation({
+					targetPath: authPath,
+					perms: authPerms,
+					isDir: false,
+					posixMode: 384,
+					env: params.env
+				})
+			});
+		}
+		const storePath = path.join(params.stateDir, "agents", agentId, "sessions", "sessions.json");
+		const storePerms = await inspectPathPermissions(storePath, {
+			env: params.env,
+			platform: params.platform,
+			exec: params.execIcacls
+		});
+		if (storePerms.ok) {
+			if (storePerms.worldReadable || storePerms.groupReadable) findings.push({
+				checkId: "fs.sessions_store.perms_readable",
+				severity: "warn",
+				title: "sessions.json is readable by others",
+				detail: `${formatPermissionDetail(storePath, storePerms)}; routing and transcript metadata can be sensitive.`,
+				remediation: formatPermissionRemediation({
+					targetPath: storePath,
+					perms: storePerms,
+					isDir: false,
+					posixMode: 384,
+					env: params.env
+				})
+			});
+		}
+	}
+	const logFile = typeof params.cfg.logging?.file === "string" ? params.cfg.logging.file.trim() : "";
+	if (logFile) {
+		const expanded = logFile.startsWith("~") ? expandTilde(logFile, params.env) : logFile;
+		if (expanded) {
+			const logPath = path.resolve(expanded);
+			const logPerms = await inspectPathPermissions(logPath, {
+				env: params.env,
+				platform: params.platform,
+				exec: params.execIcacls
+			});
+			if (logPerms.ok) {
+				if (logPerms.worldReadable || logPerms.groupReadable) findings.push({
+					checkId: "fs.log_file.perms_readable",
+					severity: "warn",
+					title: "Log file is readable by others",
+					detail: `${formatPermissionDetail(logPath, logPerms)}; logs can contain private messages and tool output.`,
+					remediation: formatPermissionRemediation({
+						targetPath: logPath,
+						perms: logPerms,
+						isDir: false,
+						posixMode: 384,
+						env: params.env
+					})
+				});
+			}
+		}
+	}
+	return findings;
+}
+async function readConfigSnapshotForAudit(params) {
+	return await createConfigIO({
+		env: params.env,
+		configPath: params.configPath
+	}).readConfigFileSnapshot();
+}
+async function collectPluginsCodeSafetyFindings(params) {
+	const findings = [];
+	const extensionsDir = path.join(params.stateDir, "extensions");
+	const st = await safeStat(extensionsDir);
+	if (!st.ok || !st.isDir) return findings;
+	const pluginDirs = (await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => {
+		findings.push({
+			checkId: "plugins.code_safety.scan_failed",
+			severity: "warn",
+			title: "Plugin extensions directory scan failed",
+			detail: `Static code scan could not list extensions directory: ${String(err)}`,
+			remediation: "Check file permissions and plugin layout, then rerun `anima security audit --deep`."
+		});
+		return [];
+	})).filter((e) => e.isDirectory()).map((e) => e.name);
+	for (const pluginName of pluginDirs) {
+		const pluginPath = path.join(extensionsDir, pluginName);
+		const extensionEntries = await readPluginManifestExtensions(pluginPath).catch(() => []);
+		const forcedScanEntries = [];
+		const escapedEntries = [];
+		for (const entry of extensionEntries) {
+			const resolvedEntry = path.resolve(pluginPath, entry);
+			if (!isPathInside(pluginPath, resolvedEntry)) {
+				escapedEntries.push(entry);
+				continue;
+			}
+			if (extensionUsesSkippedScannerPath(entry)) findings.push({
+				checkId: "plugins.code_safety.entry_path",
+				severity: "warn",
+				title: `Plugin "${pluginName}" entry path is hidden or node_modules`,
+				detail: `Extension entry "${entry}" points to a hidden or node_modules path. Deep code scan will cover this entry explicitly, but review this path choice carefully.`,
+				remediation: "Prefer extension entrypoints under normal source paths like dist/ or src/."
+			});
+			forcedScanEntries.push(resolvedEntry);
+		}
+		if (escapedEntries.length > 0) findings.push({
+			checkId: "plugins.code_safety.entry_escape",
+			severity: "critical",
+			title: `Plugin "${pluginName}" has extension entry path traversal`,
+			detail: `Found extension entries that escape the plugin directory:\n${escapedEntries.map((entry) => `  - ${entry}`).join("\n")}`,
+			remediation: "Update the plugin manifest so all anima.extensions entries stay inside the plugin directory."
+		});
+		const summary = await scanDirectoryWithSummary(pluginPath, { includeFiles: forcedScanEntries }).catch((err) => {
+			findings.push({
+				checkId: "plugins.code_safety.scan_failed",
+				severity: "warn",
+				title: `Plugin "${pluginName}" code scan failed`,
+				detail: `Static code scan could not complete: ${String(err)}`,
+				remediation: "Check file permissions and plugin layout, then rerun `anima security audit --deep`."
+			});
+			return null;
+		});
+		if (!summary) continue;
+		if (summary.critical > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "critical"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "critical",
+				title: `Plugin "${pluginName}" contains dangerous code patterns`,
+				detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: "Review the plugin source code carefully before use. If untrusted, remove the plugin from your Anima extensions state directory."
+			});
+		} else if (summary.warn > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "warn"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "warn",
+				title: `Plugin "${pluginName}" contains suspicious code patterns`,
+				detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: `Review the flagged code to ensure it is intentional and safe.`
+			});
+		}
+	}
+	return findings;
+}
+async function collectInstalledSkillsCodeSafetyFindings(params) {
+	const findings = [];
+	const pluginExtensionsDir = path.join(params.stateDir, "extensions");
+	const scannedSkillDirs = /* @__PURE__ */ new Set();
+	const workspaceDirs = listWorkspaceDirs(params.cfg);
+	for (const workspaceDir of workspaceDirs) {
+		const entries = loadWorkspaceSkillEntries(workspaceDir, { config: params.cfg });
+		for (const entry of entries) {
+			if (entry.skill.source === "anima-bundled") continue;
+			const skillDir = path.resolve(entry.skill.baseDir);
+			if (isPathInside(pluginExtensionsDir, skillDir)) continue;
+			if (scannedSkillDirs.has(skillDir)) continue;
+			scannedSkillDirs.add(skillDir);
+			const skillName = entry.skill.name;
+			const summary = await scanDirectoryWithSummary(skillDir).catch((err) => {
+				findings.push({
+					checkId: "skills.code_safety.scan_failed",
+					severity: "warn",
+					title: `Skill "${skillName}" code scan failed`,
+					detail: `Static code scan could not complete for ${skillDir}: ${String(err)}`,
+					remediation: "Check file permissions and skill layout, then rerun `anima security audit --deep`."
+				});
+				return null;
+			});
+			if (!summary) continue;
+			if (summary.critical > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "critical"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "critical",
+					title: `Skill "${skillName}" contains dangerous code patterns`,
+					detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: `Review the skill source code before use. If untrusted, remove "${skillDir}".`
+				});
+			} else if (summary.warn > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "warn"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "warn",
+					title: `Skill "${skillName}" contains suspicious code patterns`,
+					detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: "Review flagged lines to ensure the behavior is intentional and safe."
+				});
+			}
+		}
+	}
+	return findings;
+}
+//#endregion
+//#region src/security/audit.ts
+function countBySeverity(findings) {
+	let critical = 0;
+	let warn = 0;
+	let info = 0;
+	for (const f of findings) if (f.severity === "critical") critical += 1;
+	else if (f.severity === "warn") warn += 1;
+	else info += 1;
+	return {
+		critical,
+		warn,
+		info
+	};
+}
+function normalizeAllowFromList(list) {
+	if (!Array.isArray(list)) return [];
+	return list.map((v) => String(v).trim()).filter(Boolean);
+}
+async function collectFilesystemFindings(params) {
+	const findings = [];
+	const stateDirPerms = await inspectPathPermissions(params.stateDir, {
+		env: params.env,
+		platform: params.platform,
+		exec: params.execIcacls
+	});
+	if (stateDirPerms.ok) {
+		if (stateDirPerms.isSymlink) findings.push({
+			checkId: "fs.state_dir.symlink",
+			severity: "warn",
+			title: "State dir is a symlink",
+			detail: `${params.stateDir} is a symlink; treat this as an extra trust boundary.`
+		});
+		if (stateDirPerms.worldWritable) findings.push({
+			checkId: "fs.state_dir.perms_world_writable",
+			severity: "critical",
+			title: "State dir is world-writable",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Anima state.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+		else if (stateDirPerms.groupWritable) findings.push({
+			checkId: "fs.state_dir.perms_group_writable",
+			severity: "warn",
+			title: "State dir is group-writable",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Anima state.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+		else if (stateDirPerms.groupReadable || stateDirPerms.worldReadable) findings.push({
+			checkId: "fs.state_dir.perms_readable",
+			severity: "warn",
+			title: "State dir is readable by others",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; consider restricting to 700.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+	}
+	const configPerms = await inspectPathPermissions(params.configPath, {
+		env: params.env,
+		platform: params.platform,
+		exec: params.execIcacls
+	});
+	if (configPerms.ok) {
+		if (configPerms.isSymlink) findings.push({
+			checkId: "fs.config.symlink",
+			severity: "warn",
+			title: "Config file is a symlink",
+			detail: `${params.configPath} is a symlink; make sure you trust its target.`
+		});
+		if (configPerms.worldWritable || configPerms.groupWritable) findings.push({
+			checkId: "fs.config.perms_writable",
+			severity: "critical",
+			title: "Config file is writable by others",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; another user could change gateway/auth/tool policies.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (configPerms.worldReadable) findings.push({
+			checkId: "fs.config.perms_world_readable",
+			severity: "critical",
+			title: "Config file is world-readable",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (configPerms.groupReadable) findings.push({
+			checkId: "fs.config.perms_group_readable",
+			severity: "warn",
+			title: "Config file is group-readable",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+	}
+	return findings;
+}
+function collectGatewayConfigFindings(cfg, env) {
+	const findings = [];
+	const bind = typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback";
+	const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
+	const auth = resolveGatewayAuth({
+		authConfig: cfg.gateway?.auth,
+		tailscaleMode,
+		env
+	});
+	const controlUiEnabled = cfg.gateway?.controlUi?.enabled !== false;
+	const trustedProxies = Array.isArray(cfg.gateway?.trustedProxies) ? cfg.gateway.trustedProxies : [];
+	const hasToken = typeof auth.token === "string" && auth.token.trim().length > 0;
+	const hasPassword = typeof auth.password === "string" && auth.password.trim().length > 0;
+	const hasSharedSecret = auth.mode === "token" && hasToken || auth.mode === "password" && hasPassword;
+	const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
+	const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
+	const gatewayToolsAllowRaw = Array.isArray(cfg.gateway?.tools?.allow) ? cfg.gateway?.tools?.allow : [];
+	const gatewayToolsAllow = new Set(gatewayToolsAllowRaw.map((v) => typeof v === "string" ? v.trim().toLowerCase() : "").filter(Boolean));
+	const reenabledOverHttp = DEFAULT_GATEWAY_HTTP_TOOL_DENY.filter((name) => gatewayToolsAllow.has(name));
+	if (reenabledOverHttp.length > 0) {
+		const extraRisk = bind !== "loopback" || tailscaleMode === "funnel";
+		findings.push({
+			checkId: "gateway.tools_invoke_http.dangerous_allow",
+			severity: extraRisk ? "critical" : "warn",
+			title: "Gateway HTTP /tools/invoke re-enables dangerous tools",
+			detail: `gateway.tools.allow includes ${reenabledOverHttp.join(", ")} which removes them from the default HTTP deny list. This can allow remote session spawning / control-plane actions via HTTP and increases RCE blast radius if the gateway is reachable.`,
+			remediation: "Remove these entries from gateway.tools.allow (recommended). If you keep them enabled, keep gateway.bind loopback-only (or tailnet-only), restrict network exposure, and treat the gateway token/password as full-admin."
+		});
+	}
+	if (bind !== "loopback" && !hasSharedSecret && auth.mode !== "trusted-proxy") findings.push({
+		checkId: "gateway.bind_no_auth",
+		severity: "critical",
+		title: "Gateway binds beyond loopback without auth",
+		detail: `gateway.bind="${bind}" but no gateway.auth token/password is configured.`,
+		remediation: `Set gateway.auth (token recommended) or bind to loopback.`
+	});
+	if (bind === "loopback" && controlUiEnabled && trustedProxies.length === 0) findings.push({
+		checkId: "gateway.trusted_proxies_missing",
+		severity: "warn",
+		title: "Reverse proxy headers are not trusted",
+		detail: "gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.",
+		remediation: "Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only."
+	});
+	if (bind === "loopback" && controlUiEnabled && !hasGatewayAuth) findings.push({
+		checkId: "gateway.loopback_no_auth",
+		severity: "critical",
+		title: "Gateway auth missing on loopback",
+		detail: "gateway.bind is loopback but no gateway auth secret is configured. If the Control UI is exposed through a reverse proxy, unauthenticated access is possible.",
+		remediation: "Set gateway.auth (token recommended) or keep the Control UI local-only."
+	});
+	if (tailscaleMode === "funnel") findings.push({
+		checkId: "gateway.tailscale_funnel",
+		severity: "critical",
+		title: "Tailscale Funnel exposure enabled",
+		detail: `gateway.tailscale.mode="funnel" exposes the Gateway publicly; keep auth strict and treat it as internet-facing.`,
+		remediation: `Prefer tailscale.mode="serve" (tailnet-only) or set tailscale.mode="off".`
+	});
+	else if (tailscaleMode === "serve") findings.push({
+		checkId: "gateway.tailscale_serve",
+		severity: "info",
+		title: "Tailscale Serve exposure enabled",
+		detail: `gateway.tailscale.mode="serve" exposes the Gateway to your tailnet (loopback behind Tailscale).`
+	});
+	if (cfg.gateway?.controlUi?.allowInsecureAuth === true) findings.push({
+		checkId: "gateway.control_ui.insecure_auth",
+		severity: "critical",
+		title: "Control UI allows insecure HTTP auth",
+		detail: "gateway.controlUi.allowInsecureAuth=true allows token-only auth over HTTP and skips device identity.",
+		remediation: "Disable it or switch to HTTPS (Tailscale Serve) or localhost."
+	});
+	if (cfg.gateway?.controlUi?.dangerouslyDisableDeviceAuth === true) findings.push({
+		checkId: "gateway.control_ui.device_auth_disabled",
+		severity: "critical",
+		title: "DANGEROUS: Control UI device auth disabled",
+		detail: "gateway.controlUi.dangerouslyDisableDeviceAuth=true disables device identity checks for the Control UI.",
+		remediation: "Disable it unless you are in a short-lived break-glass scenario."
+	});
+	const token = typeof auth.token === "string" && auth.token.trim().length > 0 ? auth.token.trim() : null;
+	if (auth.mode === "token" && token && token.length < 24) findings.push({
+		checkId: "gateway.token_too_short",
+		severity: "warn",
+		title: "Gateway token looks short",
+		detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
+	});
+	if (auth.mode === "trusted-proxy") {
+		const trustedProxies = cfg.gateway?.trustedProxies ?? [];
+		const trustedProxyConfig = cfg.gateway?.auth?.trustedProxy;
+		findings.push({
+			checkId: "gateway.trusted_proxy_auth",
+			severity: "critical",
+			title: "Trusted-proxy auth mode enabled",
+			detail: "gateway.auth.mode=\"trusted-proxy\" delegates authentication to a reverse proxy. Ensure your proxy (Pomerium, Caddy, nginx) handles auth correctly and that gateway.trustedProxies only contains IPs of your actual proxy servers.",
+			remediation: "Verify: (1) Your proxy terminates TLS and authenticates users. (2) gateway.trustedProxies is restricted to proxy IPs only. (3) Direct access to the Gateway port is blocked by firewall. See /gateway/trusted-proxy-auth for setup guidance."
+		});
+		if (trustedProxies.length === 0) findings.push({
+			checkId: "gateway.trusted_proxy_no_proxies",
+			severity: "critical",
+			title: "Trusted-proxy auth enabled but no trusted proxies configured",
+			detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.trustedProxies is empty. All requests will be rejected.",
+			remediation: "Set gateway.trustedProxies to the IP(s) of your reverse proxy."
+		});
+		if (!trustedProxyConfig?.userHeader) findings.push({
+			checkId: "gateway.trusted_proxy_no_user_header",
+			severity: "critical",
+			title: "Trusted-proxy auth missing userHeader config",
+			detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.auth.trustedProxy.userHeader is not configured.",
+			remediation: "Set gateway.auth.trustedProxy.userHeader to the header name your proxy uses (e.g., \"x-forwarded-user\", \"x-pomerium-claim-email\")."
+		});
+		if ((trustedProxyConfig?.allowUsers ?? []).length === 0) findings.push({
+			checkId: "gateway.trusted_proxy_no_allowlist",
+			severity: "warn",
+			title: "Trusted-proxy auth allows all authenticated users",
+			detail: "gateway.auth.trustedProxy.allowUsers is empty, so any user authenticated by your proxy can access the Gateway.",
+			remediation: "Consider setting gateway.auth.trustedProxy.allowUsers to restrict access to specific users (e.g., [\"nick@example.com\"])."
+		});
+	}
+	if (bind !== "loopback" && auth.mode !== "trusted-proxy" && !cfg.gateway?.auth?.rateLimit) findings.push({
+		checkId: "gateway.auth_no_rate_limit",
+		severity: "warn",
+		title: "No auth rate limiting configured",
+		detail: "gateway.bind is not loopback but no gateway.auth.rateLimit is configured. Without rate limiting, brute-force auth attacks are not mitigated.",
+		remediation: "Set gateway.auth.rateLimit (e.g. { maxAttempts: 10, windowMs: 60000, lockoutMs: 300000 })."
+	});
+	return findings;
+}
+function collectBrowserControlFindings(cfg, env) {
+	const findings = [];
+	let resolved;
+	try {
+		resolved = resolveBrowserConfig(cfg.browser, cfg);
+	} catch (err) {
+		findings.push({
+			checkId: "browser.control_invalid_config",
+			severity: "warn",
+			title: "Browser control config looks invalid",
+			detail: String(err),
+			remediation: `Fix browser.cdpUrl in ${resolveConfigPath()} and re-run "${formatCliCommand("anima security audit --deep")}".`
+		});
+		return findings;
+	}
+	if (!resolved.enabled) return findings;
+	const browserAuth = resolveBrowserControlAuth(cfg, env);
+	if (!browserAuth.token && !browserAuth.password) findings.push({
+		checkId: "browser.control_no_auth",
+		severity: "critical",
+		title: "Browser control has no auth",
+		detail: "Browser control HTTP routes are enabled but no gateway.auth token/password is configured. Any local process (or SSRF to loopback) can call browser control endpoints.",
+		remediation: "Set gateway.auth.token (recommended) or gateway.auth.password so browser control HTTP routes require authentication. Restarting the gateway will auto-generate gateway.auth.token when browser control is enabled."
+	});
+	for (const name of Object.keys(resolved.profiles)) {
+		const profile = resolveProfile(resolved, name);
+		if (!profile || profile.cdpIsLoopback) continue;
+		let url;
+		try {
+			url = new URL(profile.cdpUrl);
+		} catch {
+			continue;
+		}
+		if (url.protocol === "http:") findings.push({
+			checkId: "browser.remote_cdp_http",
+			severity: "warn",
+			title: "Remote CDP uses HTTP",
+			detail: `browser profile "${name}" uses http CDP (${profile.cdpUrl}); this is OK only if it's tailnet-only or behind an encrypted tunnel.`,
+			remediation: `Prefer HTTPS/TLS or a tailnet-only endpoint for remote CDP.`
+		});
+	}
+	return findings;
+}
+function collectLoggingFindings(cfg) {
+	if (cfg.logging?.redactSensitive !== "off") return [];
+	return [{
+		checkId: "logging.redact_off",
+		severity: "warn",
+		title: "Tool summary redaction is disabled",
+		detail: `logging.redactSensitive="off" can leak secrets into logs and status output.`,
+		remediation: `Set logging.redactSensitive="tools".`
+	}];
+}
+function collectElevatedFindings(cfg) {
+	const findings = [];
+	const enabled = cfg.tools?.elevated?.enabled;
+	const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
+	const anyAllowFromKeys = Object.keys(allowFrom).length > 0;
+	if (enabled === false) return findings;
+	if (!anyAllowFromKeys) return findings;
+	for (const [provider, list] of Object.entries(allowFrom)) {
+		const normalized = normalizeAllowFromList(list);
+		if (normalized.includes("*")) findings.push({
+			checkId: `tools.elevated.allowFrom.${provider}.wildcard`,
+			severity: "critical",
+			title: "Elevated exec allowlist contains wildcard",
+			detail: `tools.elevated.allowFrom.${provider} includes "*" which effectively approves everyone on that channel for elevated mode.`
+		});
+		else if (normalized.length > 25) findings.push({
+			checkId: `tools.elevated.allowFrom.${provider}.large`,
+			severity: "warn",
+			title: "Elevated exec allowlist is large",
+			detail: `tools.elevated.allowFrom.${provider} has ${normalized.length} entries; consider tightening elevated access.`
+		});
+	}
+	return findings;
+}
+async function maybeProbeGateway(params) {
+	const url = buildGatewayConnectionDetails({ config: params.cfg }).url;
+	const isRemoteMode = params.cfg.gateway?.mode === "remote";
+	const remoteUrlRaw = typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url.trim() : "";
+	const auth = !isRemoteMode || isRemoteMode && !remoteUrlRaw ? resolveGatewayProbeAuth({
+		cfg: params.cfg,
+		mode: "local"
+	}) : resolveGatewayProbeAuth({
+		cfg: params.cfg,
+		mode: "remote"
+	});
+	const res = await params.probe({
+		url,
+		auth,
+		timeoutMs: params.timeoutMs
+	}).catch((err) => ({
+		ok: false,
+		url,
+		connectLatencyMs: null,
+		error: String(err),
+		close: null,
+		health: null,
+		status: null,
+		presence: null,
+		configSnapshot: null
+	}));
+	return { gateway: {
+		attempted: true,
+		url,
+		ok: res.ok,
+		error: res.ok ? null : res.error,
+		close: res.close ? {
+			code: res.close.code,
+			reason: res.close.reason
+		} : null
+	} };
+}
+async function runSecurityAudit(opts) {
+	const findings = [];
+	const cfg = opts.config;
+	const env = opts.env ?? process.env;
+	const platform = opts.platform ?? process.platform;
+	const execIcacls = opts.execIcacls;
+	const stateDir = opts.stateDir ?? resolveStateDir(env);
+	const configPath = opts.configPath ?? resolveConfigPath(env, stateDir);
+	findings.push(...collectAttackSurfaceSummaryFindings(cfg));
+	findings.push(...collectSyncedFolderFindings({
+		stateDir,
+		configPath
+	}));
+	findings.push(...collectGatewayConfigFindings(cfg, env));
+	findings.push(...collectBrowserControlFindings(cfg, env));
+	findings.push(...collectLoggingFindings(cfg));
+	findings.push(...collectElevatedFindings(cfg));
+	findings.push(...collectHooksHardeningFindings(cfg, env));
+	findings.push(...collectGatewayHttpSessionKeyOverrideFindings(cfg));
+	findings.push(...collectSandboxDockerNoopFindings(cfg));
+	findings.push(...collectNodeDenyCommandPatternFindings(cfg));
+	findings.push(...collectMinimalProfileOverrideFindings(cfg));
+	findings.push(...collectSecretsInConfigFindings(cfg));
+	findings.push(...collectModelHygieneFindings(cfg));
+	findings.push(...collectSmallModelRiskFindings({
+		cfg,
+		env
+	}));
+	findings.push(...collectExposureMatrixFindings(cfg));
+	const configSnapshot = opts.includeFilesystem !== false ? await readConfigSnapshotForAudit({
+		env,
+		configPath
+	}).catch(() => null) : null;
+	if (opts.includeFilesystem !== false) {
+		findings.push(...await collectFilesystemFindings({
+			stateDir,
+			configPath,
+			env,
+			platform,
+			execIcacls
+		}));
+		if (configSnapshot) findings.push(...await collectIncludeFilePermFindings({
+			configSnapshot,
+			env,
+			platform,
+			execIcacls
+		}));
+		findings.push(...await collectStateDeepFilesystemFindings({
+			cfg,
+			env,
+			stateDir,
+			platform,
+			execIcacls
+		}));
+		findings.push(...await collectPluginsTrustFindings({
+			cfg,
+			stateDir
+		}));
+		if (opts.deep === true) {
+			findings.push(...await collectPluginsCodeSafetyFindings({ stateDir }));
+			findings.push(...await collectInstalledSkillsCodeSafetyFindings({
+				cfg,
+				stateDir
+			}));
+		}
+	}
+	if (opts.includeChannelSecurity !== false) {
+		const plugins = opts.plugins ?? listChannelPlugins();
+		findings.push(...await collectChannelSecurityFindings({
+			cfg,
+			plugins
+		}));
+	}
+	const deep = opts.deep === true ? await maybeProbeGateway({
+		cfg,
+		timeoutMs: Math.max(250, opts.deepTimeoutMs ?? 5e3),
+		probe: opts.probeGatewayFn ?? probeGateway
+	}) : void 0;
+	if (deep?.gateway?.attempted && !deep.gateway.ok) findings.push({
+		checkId: "gateway.probe_failed",
+		severity: "warn",
+		title: "Gateway probe failed (deep)",
+		detail: deep.gateway.error ?? "gateway unreachable",
+		remediation: `Run "${formatCliCommand("anima status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("anima security audit --deep")}".`
+	});
+	const summary = countBySeverity(findings);
+	return {
+		ts: Date.now(),
+		summary,
+		findings,
+		deep
+	};
+}
+//#endregion
+export { resolveGatewayProbeAuth as a, probeGateway as c, collectIncludePathsRecursive as i, createIcaclsResetCommand as n, isNodeCommandAllowed as o, formatIcaclsResetCommand as r, resolveNodeCommandAllowlist as s, runSecurityAudit as t };