@ouro.bot/cli 0.1.0-alpha.8 → 0.1.0-alpha.81

package/dist/heart/cross-chat-delivery.js

@@ -0,0 +1,146 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deliverCrossChatMessage = deliverCrossChatMessage;
+const types_1 = require("../mind/friends/types");
+const runtime_1 = require("../nerves/runtime");
+function buildPendingEnvelope(request, agentName, now) {
+    return {
+        from: agentName,
+        friendId: request.friendId,
+        channel: request.channel,
+        key: request.key,
+        content: request.content,
+        timestamp: now,
+    };
+}
+function queueForLater(request, deps, detail) {
+    deps.queuePending(buildPendingEnvelope(request, deps.agentName, (deps.now ?? Date.now)()));
+    return {
+        status: "queued_for_later",
+        detail,
+    };
+}
+function isExplicitlyAuthorized(request) {
+    return request.intent === "explicit_cross_chat"
+        && Boolean(request.authorizingSession)
+        && (0, types_1.isTrustedLevel)(request.authorizingSession?.trustLevel);
+}
+async function deliverCrossChatMessage(request, deps) {
+    (0, runtime_1.emitNervesEvent)({
+        component: "engine",
+        event: "engine.cross_chat_delivery_start",
+        message: "resolving cross-chat delivery",
+        meta: {
+            friendId: request.friendId,
+            channel: request.channel,
+            key: request.key,
+            intent: request.intent,
+            authorizingTrustLevel: request.authorizingSession?.trustLevel ?? null,
+        },
+    });
+    if (request.intent === "generic_outreach") {
+        const result = queueForLater(request, deps, "generic outreach stays queued until the target session is next active");
+        (0, runtime_1.emitNervesEvent)({
+            component: "engine",
+            event: "engine.cross_chat_delivery_end",
+            message: "queued generic outreach for later delivery",
+            meta: {
+                friendId: request.friendId,
+                channel: request.channel,
+                key: request.key,
+                status: result.status,
+            },
+        });
+        return result;
+    }
+    if (!isExplicitlyAuthorized(request)) {
+        const result = {
+            status: "blocked",
+            detail: "explicit cross-chat delivery requires a trusted asking session",
+        };
+        (0, runtime_1.emitNervesEvent)({
+            level: "warn",
+            component: "engine",
+            event: "engine.cross_chat_delivery_end",
+            message: "blocked explicit cross-chat delivery",
+            meta: {
+                friendId: request.friendId,
+                channel: request.channel,
+                key: request.key,
+                status: result.status,
+            },
+        });
+        return result;
+    }
+    const deliverer = deps.deliverers?.[request.channel];
+    if (!deliverer) {
+        const result = queueForLater(request, deps, "live delivery unavailable right now; queued for the next active turn");
+        (0, runtime_1.emitNervesEvent)({
+            component: "engine",
+            event: "engine.cross_chat_delivery_end",
+            message: "queued explicit cross-chat delivery because no live deliverer was available",
+            meta: {
+                friendId: request.friendId,
+                channel: request.channel,
+                key: request.key,
+                status: result.status,
+            },
+        });
+        return result;
+    }
+    try {
+        const direct = await deliverer(request);
+        if (direct.status === "delivered_now" || direct.status === "blocked" || direct.status === "failed") {
+            const result = {
+                status: direct.status,
+                detail: direct.detail,
+            };
+            (0, runtime_1.emitNervesEvent)({
+                level: result.status === "failed" ? "error" : result.status === "blocked" ? "warn" : "info",
+                component: "engine",
+                event: "engine.cross_chat_delivery_end",
+                message: "completed direct cross-chat delivery resolution",
+                meta: {
+                    friendId: request.friendId,
+                    channel: request.channel,
+                    key: request.key,
+                    status: result.status,
+                },
+            });
+            return result;
+        }
+        const result = queueForLater(request, deps, direct.detail.trim() || "live delivery unavailable right now; queued for the next active turn");
+        (0, runtime_1.emitNervesEvent)({
+            component: "engine",
+            event: "engine.cross_chat_delivery_end",
+            message: "queued explicit cross-chat delivery after adapter reported unavailability",
+            meta: {
+                friendId: request.friendId,
+                channel: request.channel,
+                key: request.key,
+                status: result.status,
+            },
+        });
+        return result;
+    }
+    catch (error) {
+        const result = {
+            status: "failed",
+            detail: error instanceof Error ? error.message : String(error),
+        };
+        (0, runtime_1.emitNervesEvent)({
+            level: "error",
+            component: "engine",
+            event: "engine.cross_chat_delivery_end",
+            message: "cross-chat delivery threw unexpectedly",
+            meta: {
+                friendId: request.friendId,
+                channel: request.channel,
+                key: request.key,
+                status: result.status,
+                reason: result.detail,
+            },
+        });
+        return result;
+    }
+}

package/dist/heart/daemon/agent-discovery.js

@@ -0,0 +1,81 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.listEnabledBundleAgents = listEnabledBundleAgents;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const identity_1 = require("../identity");
+const runtime_1 = require("../../nerves/runtime");
+function listEnabledBundleAgents(options = {}) {
+    const bundlesRoot = options.bundlesRoot ?? (0, identity_1.getAgentBundlesRoot)();
+    const readdirSync = options.readdirSync ?? fs.readdirSync;
+    const readFileSync = options.readFileSync ?? fs.readFileSync;
+    let entries;
+    try {
+        entries = readdirSync(bundlesRoot, { withFileTypes: true });
+    }
+    catch {
+        (0, runtime_1.emitNervesEvent)({
+            level: "warn",
+            component: "daemon",
+            event: "daemon.agent_discovery_failed",
+            message: "failed to read bundle root for daemon agent discovery",
+            meta: { bundlesRoot },
+        });
+        return [];
+    }
+    const discovered = [];
+    for (const entry of entries) {
+        if (!entry.isDirectory() || !entry.name.endsWith(".ouro"))
+            continue;
+        const agentName = entry.name.slice(0, -5);
+        const configPath = path.join(bundlesRoot, entry.name, "agent.json");
+        let enabled = true;
+        try {
+            const raw = readFileSync(configPath, "utf-8");
+            const parsed = JSON.parse(raw);
+            if (typeof parsed.enabled === "boolean") {
+                enabled = parsed.enabled;
+            }
+        }
+        catch {
+            continue;
+        }
+        if (enabled) {
+            discovered.push(agentName);
+        }
+    }
+    return discovered.sort((left, right) => left.localeCompare(right));
+}

package/dist/heart/daemon/auth-flow.js

@@ -0,0 +1,430 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readAgentConfigForAgent = readAgentConfigForAgent;
+exports.writeAgentProviderSelection = writeAgentProviderSelection;
+exports.loadAgentSecrets = loadAgentSecrets;
+exports.writeProviderCredentials = writeProviderCredentials;
+exports.writeAgentModel = writeAgentModel;
+exports.collectRuntimeAuthCredentials = collectRuntimeAuthCredentials;
+exports.resolveHatchCredentials = resolveHatchCredentials;
+exports.runRuntimeAuthFlow = runRuntimeAuthFlow;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const runtime_1 = require("../../nerves/runtime");
+const identity_1 = require("../identity");
+const ANTHROPIC_SETUP_TOKEN_PREFIX = "sk-ant-oat01-";
+const ANTHROPIC_SETUP_TOKEN_MIN_LENGTH = 80;
+const DEFAULT_SECRETS_TEMPLATE = {
+    providers: {
+        azure: {
+            modelName: "gpt-4o-mini",
+            apiKey: "",
+            endpoint: "",
+            deployment: "",
+            apiVersion: "2025-04-01-preview",
+        },
+        minimax: {
+            model: "minimax-text-01",
+            apiKey: "",
+        },
+        anthropic: {
+            model: "claude-opus-4-6",
+            setupToken: "",
+        },
+        "openai-codex": {
+            model: "gpt-5.4",
+            oauthAccessToken: "",
+        },
+        "github-copilot": {
+            model: "claude-sonnet-4.6",
+            githubToken: "",
+            baseUrl: "",
+        },
+    },
+    teams: {
+        clientId: "",
+        clientSecret: "",
+        tenantId: "",
+    },
+    oauth: {
+        graphConnectionName: "graph",
+        adoConnectionName: "ado",
+        githubConnectionName: "",
+    },
+    teamsChannel: {
+        skipConfirmation: true,
+        port: 3978,
+    },
+    integrations: {
+        perplexityApiKey: "",
+        openaiEmbeddingsApiKey: "",
+    },
+};
+function deepMerge(defaults, partial) {
+    const result = { ...defaults };
+    for (const key of Object.keys(partial)) {
+        const left = result[key];
+        const right = partial[key];
+        if (right !== null &&
+            typeof right === "object" &&
+            !Array.isArray(right) &&
+            left !== null &&
+            typeof left === "object" &&
+            !Array.isArray(left)) {
+            result[key] = deepMerge(left, right);
+            continue;
+        }
+        result[key] = right;
+    }
+    return result;
+}
+function readJsonRecord(filePath, label) {
+    try {
+        const raw = fs.readFileSync(filePath, "utf8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            throw new Error("expected object");
+        }
+        return parsed;
+    }
+    catch (error) {
+        throw new Error(`Failed to read ${label} at ${filePath}: ${String(error)}`);
+    }
+}
+function readAgentConfigForAgent(agentName, bundlesRoot = (0, identity_1.getAgentBundlesRoot)()) {
+    const configPath = path.join(bundlesRoot, `${agentName}.ouro`, "agent.json");
+    const parsed = readJsonRecord(configPath, "agent config");
+    const provider = parsed.provider;
+    if (provider !== "azure" &&
+        provider !== "anthropic" &&
+        provider !== "minimax" &&
+        provider !== "openai-codex" &&
+        provider !== "github-copilot") {
+        throw new Error(`agent.json at ${configPath} has unsupported provider '${String(provider)}'`);
+    }
+    return {
+        configPath,
+        config: parsed,
+    };
+}
+function writeAgentProviderSelection(agentName, provider, bundlesRoot = (0, identity_1.getAgentBundlesRoot)()) {
+    const { configPath, config } = readAgentConfigForAgent(agentName, bundlesRoot);
+    const nextConfig = { ...config, provider };
+    fs.writeFileSync(configPath, `${JSON.stringify(nextConfig, null, 2)}\n`, "utf8");
+    (0, runtime_1.emitNervesEvent)({
+        component: "daemon",
+        event: "daemon.auth_provider_selected",
+        message: "updated agent provider selection after auth flow",
+        meta: { agentName, provider, configPath },
+    });
+    return configPath;
+}
+function resolveAgentSecretsPath(agentName, deps = {}) {
+    if (deps.secretsRoot)
+        return path.join(deps.secretsRoot, agentName, "secrets.json");
+    const homeDir = deps.homeDir ?? os.homedir();
+    return (0, identity_1.getAgentSecretsPath)(agentName).replace(os.homedir(), homeDir);
+}
+function loadAgentSecrets(agentName, deps = {}) {
+    const secretsPath = resolveAgentSecretsPath(agentName, deps);
+    const secretsDir = path.dirname(secretsPath);
+    fs.mkdirSync(secretsDir, { recursive: true });
+    let onDisk = {};
+    try {
+        onDisk = readJsonRecord(secretsPath, "secrets config");
+    }
+    catch (error) {
+        const message = error.message;
+        if (!message.includes("ENOENT"))
+            throw error;
+    }
+    return {
+        secretsPath,
+        secrets: deepMerge(DEFAULT_SECRETS_TEMPLATE, onDisk),
+    };
+}
+function writeSecrets(secretsPath, secrets) {
+    fs.writeFileSync(secretsPath, `${JSON.stringify(secrets, null, 2)}\n`, "utf8");
+}
+function writeProviderCredentials(agentName, provider, credentials, deps = {}) {
+    const { secretsPath, secrets } = loadAgentSecrets(agentName, deps);
+    applyCredentials(secrets, provider, credentials);
+    writeSecrets(secretsPath, secrets);
+    return { secretsPath, secrets };
+}
+const MODEL_FIELD = {
+    azure: "modelName",
+    minimax: "model",
+    anthropic: "model",
+    "openai-codex": "model",
+    "github-copilot": "model",
+};
+function writeAgentModel(agentName, modelName, deps = {}) {
+    const { config } = readAgentConfigForAgent(agentName, deps.bundlesRoot);
+    const provider = config.provider;
+    const { secretsPath, secrets } = loadAgentSecrets(agentName, deps);
+    const providerSecrets = secrets.providers[provider];
+    /* v8 ignore next -- fallback: all known providers are in MODEL_FIELD @preserve */
+    const fieldName = MODEL_FIELD[provider] ?? "model";
+    /* v8 ignore next -- defensive: fieldName always exists in template @preserve */
+    const previousModel = providerSecrets[fieldName] ?? "";
+    providerSecrets[fieldName] = modelName;
+    writeSecrets(secretsPath, secrets);
+    return { secretsPath, provider, previousModel };
+}
+function readCodexAccessToken(homeDir) {
+    const authPath = path.join(homeDir, ".codex", "auth.json");
+    try {
+        const raw = fs.readFileSync(authPath, "utf8");
+        const parsed = JSON.parse(raw);
+        const token = parsed?.tokens?.access_token;
+        return typeof token === "string" ? token.trim() : "";
+    }
+    catch {
+        return "";
+    }
+}
+function ensurePromptInput(promptInput, provider) {
+    if (promptInput)
+        return promptInput;
+    throw new Error(`No prompt input is available for ${provider} authentication.`);
+}
+function validateAnthropicToken(token) {
+    const trimmed = token.trim();
+    if (!trimmed) {
+        throw new Error("No Anthropic setup token was provided.");
+    }
+    if (!trimmed.startsWith(ANTHROPIC_SETUP_TOKEN_PREFIX)) {
+        throw new Error(`Invalid Anthropic setup token format. Expected prefix ${ANTHROPIC_SETUP_TOKEN_PREFIX}.`);
+    }
+    if (trimmed.length < ANTHROPIC_SETUP_TOKEN_MIN_LENGTH) {
+        throw new Error("Anthropic setup token looks too short.");
+    }
+    return trimmed;
+}
+async function collectRuntimeAuthCredentials(input, deps) {
+    const spawnSync = deps.spawnSync ?? child_process_1.spawnSync;
+    const homeDir = deps.homeDir ?? os.homedir();
+    if (input.provider === "github-copilot") {
+        let token = process.env.GH_TOKEN?.trim() || "";
+        if (!token) {
+            const result = spawnSync("gh", ["auth", "token"], { encoding: "utf8" });
+            token = (result.status === 0 && result.stdout ? result.stdout.trim() : "");
+        }
+        if (!token) {
+            (0, runtime_1.emitNervesEvent)({
+                component: "daemon",
+                event: "daemon.auth_gh_login_start",
+                message: "starting gh auth login for runtime auth",
+                meta: { agentName: input.agentName },
+            });
+            const loginResult = spawnSync("gh", ["auth", "login"], { stdio: "inherit" });
+            if (loginResult.status !== 0) {
+                throw new Error("'gh auth login' failed. Install the GitHub CLI (gh) and try again.");
+            }
+            const retryResult = spawnSync("gh", ["auth", "token"], { encoding: "utf8" });
+            /* v8 ignore next -- branch: retry after login always succeeds in tests @preserve */
+            token = (retryResult.status === 0 && retryResult.stdout ? retryResult.stdout.trim() : "");
+            /* v8 ignore next -- defensive: gh auth login succeeded but token still missing @preserve */
+            if (!token) {
+                throw new Error("gh auth login completed but no token was found. Run `gh auth login` and try again.");
+            }
+        }
+        const response = await fetch("https://api.github.com/copilot_internal/user", {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+        if (!response.ok) {
+            throw new Error(`GitHub Copilot endpoint discovery failed (HTTP ${response.status}). Ensure your GitHub account has Copilot access.`);
+        }
+        const body = await response.json();
+        const baseUrl = body?.endpoints?.api;
+        /* v8 ignore next -- defensive: valid response but missing endpoints field @preserve */
+        if (!baseUrl) {
+            throw new Error("GitHub Copilot endpoint discovery returned no endpoints.api. Ensure your GitHub account has Copilot access.");
+        }
+        return { githubToken: token, baseUrl };
+    }
+    if (input.provider === "openai-codex") {
+        let token = readCodexAccessToken(homeDir);
+        if (!token) {
+            (0, runtime_1.emitNervesEvent)({
+                component: "daemon",
+                event: "daemon.auth_codex_login_start",
+                message: "starting codex login for runtime auth",
+                meta: { agentName: input.agentName },
+            });
+            const result = spawnSync("codex", ["login"], { stdio: "inherit" });
+            if (result.error) {
+                throw new Error(`Failed to run 'codex login': ${result.error.message}`);
+            }
+            if (result.status !== 0) {
+                throw new Error(`'codex login' exited with status ${result.status}.`);
+            }
+            token = readCodexAccessToken(homeDir);
+            if (!token) {
+                throw new Error("Codex login completed but no token was found in ~/.codex/auth.json. Re-run `codex login` and try again.");
+            }
+        }
+        return { oauthAccessToken: token };
+    }
+    if (input.provider === "anthropic") {
+        (0, runtime_1.emitNervesEvent)({
+            component: "daemon",
+            event: "daemon.auth_claude_setup_start",
+            message: "starting claude setup-token for runtime auth",
+            meta: { agentName: input.agentName },
+        });
+        const result = spawnSync("claude", ["setup-token"], { stdio: "inherit" });
+        if (result.error) {
+            throw new Error(`Failed to run 'claude setup-token': ${result.error.message}`);
+        }
+        if (result.status !== 0) {
+            throw new Error(`'claude setup-token' exited with status ${result.status}.`);
+        }
+        const prompt = ensurePromptInput(input.promptInput, input.provider);
+        const setupToken = validateAnthropicToken(await prompt("Paste the setup token from `claude setup-token`: "));
+        return { setupToken };
+    }
+    if (input.provider === "minimax") {
+        const prompt = ensurePromptInput(input.promptInput, input.provider);
+        const apiKey = (await prompt("MiniMax API key: ")).trim();
+        if (!apiKey)
+            throw new Error("MiniMax API key is required.");
+        return { apiKey };
+    }
+    const prompt = ensurePromptInput(input.promptInput, input.provider);
+    const apiKey = (await prompt("Azure API key: ")).trim();
+    const endpoint = (await prompt("Azure endpoint: ")).trim();
+    const deployment = (await prompt("Azure deployment: ")).trim();
+    if (!apiKey || !endpoint || !deployment) {
+        throw new Error("Azure API key, endpoint, and deployment are required.");
+    }
+    return { apiKey, endpoint, deployment };
+}
+async function resolveHatchCredentials(input) {
+    const prompt = input.promptInput;
+    const credentials = { ...(input.credentials ?? {}) };
+    if (input.provider === "github-copilot" && !credentials.githubToken && input.runAuthFlow) {
+        const result = await input.runAuthFlow({
+            agentName: input.agentName,
+            provider: "github-copilot",
+            promptInput: prompt,
+        });
+        Object.assign(credentials, result.credentials);
+    }
+    if (input.provider === "anthropic" && !credentials.setupToken && input.runAuthFlow) {
+        const result = await input.runAuthFlow({
+            agentName: input.agentName,
+            provider: "anthropic",
+            promptInput: prompt,
+        });
+        Object.assign(credentials, result.credentials);
+    }
+    if (input.provider === "anthropic" && !credentials.setupToken && prompt) {
+        credentials.setupToken = await prompt("Anthropic setup-token: ");
+    }
+    if (input.provider === "openai-codex" && !credentials.oauthAccessToken && input.runAuthFlow) {
+        const result = await input.runAuthFlow({
+            agentName: input.agentName,
+            provider: "openai-codex",
+            promptInput: prompt,
+        });
+        Object.assign(credentials, result.credentials);
+    }
+    if (input.provider === "openai-codex" && !credentials.oauthAccessToken && prompt) {
+        credentials.oauthAccessToken = await prompt("OpenAI Codex OAuth token: ");
+    }
+    if (input.provider === "minimax" && !credentials.apiKey && prompt) {
+        credentials.apiKey = await prompt("MiniMax API key: ");
+    }
+    if (input.provider === "azure") {
+        if (!credentials.apiKey && prompt)
+            credentials.apiKey = await prompt("Azure API key: ");
+        if (!credentials.endpoint && prompt)
+            credentials.endpoint = await prompt("Azure endpoint: ");
+        if (!credentials.deployment && prompt)
+            credentials.deployment = await prompt("Azure deployment: ");
+    }
+    return credentials;
+}
+function applyCredentials(secrets, provider, credentials) {
+    if (provider === "anthropic") {
+        secrets.providers.anthropic.setupToken = credentials.setupToken.trim();
+        return;
+    }
+    if (provider === "github-copilot") {
+        secrets.providers["github-copilot"].githubToken = credentials.githubToken.trim();
+        secrets.providers["github-copilot"].baseUrl = credentials.baseUrl.trim();
+        return;
+    }
+    if (provider === "openai-codex") {
+        secrets.providers["openai-codex"].oauthAccessToken = credentials.oauthAccessToken.trim();
+        return;
+    }
+    if (provider === "minimax") {
+        secrets.providers.minimax.apiKey = credentials.apiKey.trim();
+        return;
+    }
+    secrets.providers.azure.apiKey = credentials.apiKey.trim();
+    secrets.providers.azure.endpoint = credentials.endpoint.trim();
+    secrets.providers.azure.deployment = credentials.deployment.trim();
+}
+async function runRuntimeAuthFlow(input, deps = {}) {
+    (0, runtime_1.emitNervesEvent)({
+        component: "daemon",
+        event: "daemon.auth_flow_start",
+        message: "starting runtime auth flow",
+        meta: { agentName: input.agentName, provider: input.provider },
+    });
+    const homeDir = deps.homeDir ?? os.homedir();
+    const credentials = await collectRuntimeAuthCredentials(input, deps);
+    const { secretsPath } = writeProviderCredentials(input.agentName, input.provider, credentials, { homeDir });
+    (0, runtime_1.emitNervesEvent)({
+        component: "daemon",
+        event: "daemon.auth_flow_end",
+        message: "completed runtime auth flow",
+        meta: { agentName: input.agentName, provider: input.provider, secretsPath },
+    });
+    return {
+        agentName: input.agentName,
+        provider: input.provider,
+        secretsPath,
+        message: `authenticated ${input.agentName} with ${input.provider}`,
+        credentials,
+    };
+}