npm - @pan-sec/notebooklm-mcp - Versions diffs - 2026.3.2 → 2026.4.0 - Mend

@pan-sec/notebooklm-mcp 2026.3.2 → 2026.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (466) hide show

package/dist/auth/auth-manager.d.ts +0 -1
package/dist/auth/auth-manager.js +0 -1
package/dist/auth/mcp-auth.d.ts +0 -1
package/dist/auth/mcp-auth.js +0 -1
package/dist/compliance/alert-manager.d.ts +6 -2
package/dist/compliance/alert-manager.js +40 -10
package/dist/compliance/breach-detection.d.ts +0 -1
package/dist/compliance/breach-detection.js +0 -1
package/dist/compliance/change-log.d.ts +13 -1
package/dist/compliance/change-log.js +82 -16
package/dist/compliance/compliance-logger.d.ts +29 -3
package/dist/compliance/compliance-logger.js +90 -27
package/dist/compliance/compliance-tools.d.ts +0 -1
package/dist/compliance/compliance-tools.js +0 -1
package/dist/compliance/consent-manager.d.ts +0 -1
package/dist/compliance/consent-manager.js +0 -1
package/dist/compliance/dashboard.d.ts +4 -3
package/dist/compliance/dashboard.js +11 -8
package/dist/compliance/data-classification.d.ts +0 -1
package/dist/compliance/data-classification.js +0 -1
package/dist/compliance/data-erasure.d.ts +0 -1
package/dist/compliance/data-erasure.js +0 -1
package/dist/compliance/data-export.d.ts +0 -1
package/dist/compliance/data-export.js +0 -1
package/dist/compliance/data-inventory.d.ts +0 -1
package/dist/compliance/data-inventory.js +0 -1
package/dist/compliance/dsar-handler.d.ts +0 -1
package/dist/compliance/dsar-handler.js +0 -1
package/dist/compliance/evidence-collector.d.ts +0 -1
package/dist/compliance/evidence-collector.js +4 -2
package/dist/compliance/health-monitor.d.ts +0 -1
package/dist/compliance/health-monitor.js +0 -1
package/dist/compliance/incident-manager.d.ts +0 -1
package/dist/compliance/incident-manager.js +0 -1
package/dist/compliance/index.d.ts +0 -1
package/dist/compliance/index.js +0 -1
package/dist/compliance/policy-docs.d.ts +0 -1
package/dist/compliance/policy-docs.js +0 -1
package/dist/compliance/privacy-notice-text.d.ts +0 -1
package/dist/compliance/privacy-notice-text.js +0 -1
package/dist/compliance/privacy-notice.d.ts +0 -1
package/dist/compliance/privacy-notice.js +0 -1
package/dist/compliance/report-generator.d.ts +7 -1
package/dist/compliance/report-generator.js +116 -34
package/dist/compliance/retention-engine.d.ts +0 -1
package/dist/compliance/retention-engine.js +0 -1
package/dist/compliance/siem-exporter.d.ts +26 -2
package/dist/compliance/siem-exporter.js +89 -24
package/dist/compliance/types.d.ts +0 -1
package/dist/compliance/types.js +0 -1
package/dist/config.d.ts +0 -1
package/dist/config.js +2 -3
package/dist/errors.d.ts +0 -1
package/dist/errors.js +0 -1
package/dist/events/event-emitter.d.ts +9 -1
package/dist/events/event-emitter.js +47 -8
package/dist/events/event-types.d.ts +0 -1
package/dist/events/event-types.js +8 -2
package/dist/gemini/gemini-client.d.ts +0 -1
package/dist/gemini/gemini-client.js +237 -45
package/dist/gemini/index.d.ts +0 -1
package/dist/gemini/index.js +0 -1
package/dist/gemini/pdf-chunker.d.ts +0 -1
package/dist/gemini/pdf-chunker.js +60 -35
package/dist/gemini/types.d.ts +0 -1
package/dist/gemini/types.js +0 -1
package/dist/index.d.ts +0 -1
package/dist/index.js +74 -10
package/dist/library/notebook-library.d.ts +30 -2
package/dist/library/notebook-library.js +345 -85
package/dist/library/types.d.ts +0 -1
package/dist/library/types.js +0 -1
package/dist/logging/index.d.ts +0 -1
package/dist/logging/index.js +0 -1
package/dist/logging/query-logger.d.ts +20 -1
package/dist/logging/query-logger.js +104 -21
package/dist/notebook-creation/audio-manager.d.ts +0 -1
package/dist/notebook-creation/audio-manager.js +111 -20
package/dist/notebook-creation/browser-options.d.ts +0 -1
package/dist/notebook-creation/browser-options.js +0 -1
package/dist/notebook-creation/data-table-manager.d.ts +7 -1
package/dist/notebook-creation/data-table-manager.js +59 -3
package/dist/notebook-creation/dom-scripts.d.ts +0 -1
package/dist/notebook-creation/dom-scripts.js +0 -1
package/dist/notebook-creation/errors.d.ts +0 -1
package/dist/notebook-creation/errors.js +0 -1
package/dist/notebook-creation/index.d.ts +0 -1
package/dist/notebook-creation/index.js +0 -1
package/dist/notebook-creation/notebook-creator.d.ts +9 -1
package/dist/notebook-creation/notebook-creator.js +50 -1
package/dist/notebook-creation/notebook-nav.d.ts +0 -1
package/dist/notebook-creation/notebook-nav.js +21 -6
package/dist/notebook-creation/notebook-sync.d.ts +14 -2
package/dist/notebook-creation/notebook-sync.js +124 -35
package/dist/notebook-creation/selectors.d.ts +0 -1
package/dist/notebook-creation/selectors.js +6 -4
package/dist/notebook-creation/source-manager.d.ts +29 -2
package/dist/notebook-creation/source-manager.js +0 -0
package/dist/notebook-creation/types.d.ts +0 -1
package/dist/notebook-creation/types.js +0 -1
package/dist/notebook-creation/video-manager.d.ts +0 -1
package/dist/notebook-creation/video-manager.js +91 -15
package/dist/observability/metrics.d.ts +0 -1
package/dist/observability/metrics.js +0 -1
package/dist/quota/index.d.ts +0 -1
package/dist/quota/index.js +0 -1
package/dist/quota/quota-manager.d.ts +59 -4
package/dist/quota/quota-manager.js +195 -46
package/dist/resources/resource-handlers.d.ts +0 -1
package/dist/resources/resource-handlers.js +33 -3
package/dist/session/browser-session.d.ts +0 -1
package/dist/session/browser-session.js +0 -1
package/dist/session/session-manager.d.ts +0 -1
package/dist/session/session-manager.js +0 -1
package/dist/session/session-timeout.d.ts +0 -1
package/dist/session/session-timeout.js +0 -1
package/dist/session/shared-context-manager.d.ts +0 -1
package/dist/session/shared-context-manager.js +0 -1
package/dist/tools/annotations.d.ts +0 -1
package/dist/tools/annotations.js +0 -1
package/dist/tools/definitions/ask-question.d.ts +6 -3
package/dist/tools/definitions/ask-question.js +12 -8
package/dist/tools/definitions/chat-history.d.ts +0 -1
package/dist/tools/definitions/chat-history.js +1 -1
package/dist/tools/definitions/data-tables.d.ts +0 -1
package/dist/tools/definitions/data-tables.js +4 -1
package/dist/tools/definitions/gemini.d.ts +0 -1
package/dist/tools/definitions/gemini.js +14 -7
package/dist/tools/definitions/notebook-management.d.ts +0 -1
package/dist/tools/definitions/notebook-management.js +7 -2
package/dist/tools/definitions/query-history.d.ts +0 -1
package/dist/tools/definitions/query-history.js +0 -1
package/dist/tools/definitions/session-management.d.ts +0 -1
package/dist/tools/definitions/session-management.js +0 -1
package/dist/tools/definitions/system.d.ts +0 -1
package/dist/tools/definitions/system.js +32 -12
package/dist/tools/definitions/video.d.ts +0 -1
package/dist/tools/definitions/video.js +6 -3
package/dist/tools/definitions.d.ts +0 -1
package/dist/tools/definitions.js +0 -1
package/dist/tools/handlers/ask-question.d.ts +0 -1
package/dist/tools/handlers/ask-question.js +47 -18
package/dist/tools/handlers/audio-video.d.ts +0 -1
package/dist/tools/handlers/audio-video.js +0 -1
package/dist/tools/handlers/auth.d.ts +0 -1
package/dist/tools/handlers/auth.js +0 -1
package/dist/tools/handlers/error-utils.d.ts +0 -1
package/dist/tools/handlers/error-utils.js +0 -1
package/dist/tools/handlers/gemini.d.ts +0 -1
package/dist/tools/handlers/gemini.js +0 -1
package/dist/tools/handlers/index.d.ts +0 -1
package/dist/tools/handlers/index.js +0 -1
package/dist/tools/handlers/notebook-creation.d.ts +0 -1
package/dist/tools/handlers/notebook-creation.js +16 -1
package/dist/tools/handlers/notebook-management.d.ts +0 -1
package/dist/tools/handlers/notebook-management.js +7 -2
package/dist/tools/handlers/session-management.d.ts +0 -1
package/dist/tools/handlers/session-management.js +0 -1
package/dist/tools/handlers/system.d.ts +0 -1
package/dist/tools/handlers/system.js +0 -1
package/dist/tools/handlers/types.d.ts +0 -1
package/dist/tools/handlers/types.js +0 -1
package/dist/tools/handlers/webhooks.d.ts +0 -1
package/dist/tools/handlers/webhooks.js +0 -1
package/dist/tools/icons.d.ts +0 -1
package/dist/tools/icons.js +0 -1
package/dist/tools/index.d.ts +0 -1
package/dist/tools/index.js +0 -1
package/dist/types.d.ts +0 -1
package/dist/types.js +0 -1
package/dist/utils/audit-logger.d.ts +11 -1
package/dist/utils/audit-logger.js +189 -21
package/dist/utils/cleanup-manager.d.ts +0 -1
package/dist/utils/cleanup-manager.js +0 -1
package/dist/utils/cli-handler.d.ts +0 -1
package/dist/utils/cli-handler.js +0 -1
package/dist/utils/crypto.d.ts +18 -9
package/dist/utils/crypto.js +93 -28
package/dist/utils/file-lock.d.ts +15 -1
package/dist/utils/file-lock.js +67 -59
package/dist/utils/file-permissions.d.ts +0 -1
package/dist/utils/file-permissions.js +35 -7
package/dist/utils/logger.d.ts +0 -1
package/dist/utils/logger.js +0 -1
package/dist/utils/page-utils.d.ts +0 -1
package/dist/utils/page-utils.js +32 -28
package/dist/utils/response-validator.d.ts +0 -1
package/dist/utils/response-validator.js +18 -15
package/dist/utils/secrets-scanner.d.ts +0 -1
package/dist/utils/secrets-scanner.js +32 -7
package/dist/utils/secure-memory.d.ts +34 -16
package/dist/utils/secure-memory.js +40 -25
package/dist/utils/security.d.ts +0 -1
package/dist/utils/security.js +66 -39
package/dist/utils/settings-manager.d.ts +9 -1
package/dist/utils/settings-manager.js +45 -2
package/dist/utils/stealth-utils.d.ts +0 -1
package/dist/utils/stealth-utils.js +11 -9
package/dist/webhooks/index.d.ts +0 -1
package/dist/webhooks/index.js +0 -1
package/dist/webhooks/types.d.ts +0 -1
package/dist/webhooks/types.js +0 -1
package/dist/webhooks/webhook-dispatcher.d.ts +0 -1
package/dist/webhooks/webhook-dispatcher.js +0 -1
package/package.json +5 -4
package/dist/auth/auth-manager.d.ts.map +0 -1
package/dist/auth/auth-manager.js.map +0 -1
package/dist/auth/mcp-auth.d.ts.map +0 -1
package/dist/auth/mcp-auth.js.map +0 -1
package/dist/compliance/alert-manager.d.ts.map +0 -1
package/dist/compliance/alert-manager.js.map +0 -1
package/dist/compliance/breach-detection.d.ts.map +0 -1
package/dist/compliance/breach-detection.js.map +0 -1
package/dist/compliance/change-log.d.ts.map +0 -1
package/dist/compliance/change-log.js.map +0 -1
package/dist/compliance/compliance-logger.d.ts.map +0 -1
package/dist/compliance/compliance-logger.js.map +0 -1
package/dist/compliance/compliance-tools.d.ts.map +0 -1
package/dist/compliance/compliance-tools.js.map +0 -1
package/dist/compliance/consent-manager.d.ts.map +0 -1
package/dist/compliance/consent-manager.js.map +0 -1
package/dist/compliance/dashboard.d.ts.map +0 -1
package/dist/compliance/dashboard.js.map +0 -1
package/dist/compliance/data-classification.d.ts.map +0 -1
package/dist/compliance/data-classification.js.map +0 -1
package/dist/compliance/data-erasure.d.ts.map +0 -1
package/dist/compliance/data-erasure.js.map +0 -1
package/dist/compliance/data-export.d.ts.map +0 -1
package/dist/compliance/data-export.js.map +0 -1
package/dist/compliance/data-inventory.d.ts.map +0 -1
package/dist/compliance/data-inventory.js.map +0 -1
package/dist/compliance/dsar-handler.d.ts.map +0 -1
package/dist/compliance/dsar-handler.js.map +0 -1
package/dist/compliance/evidence-collector.d.ts.map +0 -1
package/dist/compliance/evidence-collector.js.map +0 -1
package/dist/compliance/health-monitor.d.ts.map +0 -1
package/dist/compliance/health-monitor.js.map +0 -1
package/dist/compliance/incident-manager.d.ts.map +0 -1
package/dist/compliance/incident-manager.js.map +0 -1
package/dist/compliance/index.d.ts.map +0 -1
package/dist/compliance/index.js.map +0 -1
package/dist/compliance/policy-docs.d.ts.map +0 -1
package/dist/compliance/policy-docs.js.map +0 -1
package/dist/compliance/privacy-notice-text.d.ts.map +0 -1
package/dist/compliance/privacy-notice-text.js.map +0 -1
package/dist/compliance/privacy-notice.d.ts.map +0 -1
package/dist/compliance/privacy-notice.js.map +0 -1
package/dist/compliance/report-generator.d.ts.map +0 -1
package/dist/compliance/report-generator.js.map +0 -1
package/dist/compliance/retention-engine.d.ts.map +0 -1
package/dist/compliance/retention-engine.js.map +0 -1
package/dist/compliance/siem-exporter.d.ts.map +0 -1
package/dist/compliance/siem-exporter.js.map +0 -1
package/dist/compliance/types.d.ts.map +0 -1
package/dist/compliance/types.js.map +0 -1
package/dist/config.d.ts.map +0 -1
package/dist/config.js.map +0 -1
package/dist/errors.d.ts.map +0 -1
package/dist/errors.js.map +0 -1
package/dist/events/event-emitter.d.ts.map +0 -1
package/dist/events/event-emitter.js.map +0 -1
package/dist/events/event-types.d.ts.map +0 -1
package/dist/events/event-types.js.map +0 -1
package/dist/gemini/gemini-client.d.ts.map +0 -1
package/dist/gemini/gemini-client.js.map +0 -1
package/dist/gemini/index.d.ts.map +0 -1
package/dist/gemini/index.js.map +0 -1
package/dist/gemini/pdf-chunker.d.ts.map +0 -1
package/dist/gemini/pdf-chunker.js.map +0 -1
package/dist/gemini/types.d.ts.map +0 -1
package/dist/gemini/types.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/library/notebook-library.d.ts.map +0 -1
package/dist/library/notebook-library.js.map +0 -1
package/dist/library/types.d.ts.map +0 -1
package/dist/library/types.js.map +0 -1
package/dist/logging/index.d.ts.map +0 -1
package/dist/logging/index.js.map +0 -1
package/dist/logging/query-logger.d.ts.map +0 -1
package/dist/logging/query-logger.js.map +0 -1
package/dist/notebook-creation/audio-manager.d.ts.map +0 -1
package/dist/notebook-creation/audio-manager.js.map +0 -1
package/dist/notebook-creation/browser-options.d.ts.map +0 -1
package/dist/notebook-creation/browser-options.js.map +0 -1
package/dist/notebook-creation/data-table-manager.d.ts.map +0 -1
package/dist/notebook-creation/data-table-manager.js.map +0 -1
package/dist/notebook-creation/discover-creation-flow.d.ts +0 -2
package/dist/notebook-creation/discover-creation-flow.d.ts.map +0 -1
package/dist/notebook-creation/discover-creation-flow.js +0 -177
package/dist/notebook-creation/discover-creation-flow.js.map +0 -1
package/dist/notebook-creation/discover-quota.d.ts +0 -2
package/dist/notebook-creation/discover-quota.d.ts.map +0 -1
package/dist/notebook-creation/discover-quota.js +0 -194
package/dist/notebook-creation/discover-quota.js.map +0 -1
package/dist/notebook-creation/discover-source-dialog.d.ts +0 -8
package/dist/notebook-creation/discover-source-dialog.d.ts.map +0 -1
package/dist/notebook-creation/discover-source-dialog.js +0 -134
package/dist/notebook-creation/discover-source-dialog.js.map +0 -1
package/dist/notebook-creation/discover-sources.d.ts +0 -8
package/dist/notebook-creation/discover-sources.d.ts.map +0 -1
package/dist/notebook-creation/discover-sources.js +0 -272
package/dist/notebook-creation/discover-sources.js.map +0 -1
package/dist/notebook-creation/discover-text-input.d.ts +0 -7
package/dist/notebook-creation/discover-text-input.d.ts.map +0 -1
package/dist/notebook-creation/discover-text-input.js +0 -135
package/dist/notebook-creation/discover-text-input.js.map +0 -1
package/dist/notebook-creation/dom-scripts.d.ts.map +0 -1
package/dist/notebook-creation/dom-scripts.js.map +0 -1
package/dist/notebook-creation/errors.d.ts.map +0 -1
package/dist/notebook-creation/errors.js.map +0 -1
package/dist/notebook-creation/index.d.ts.map +0 -1
package/dist/notebook-creation/index.js.map +0 -1
package/dist/notebook-creation/notebook-creator.d.ts.map +0 -1
package/dist/notebook-creation/notebook-creator.js.map +0 -1
package/dist/notebook-creation/notebook-nav.d.ts.map +0 -1
package/dist/notebook-creation/notebook-nav.js.map +0 -1
package/dist/notebook-creation/notebook-sync.d.ts.map +0 -1
package/dist/notebook-creation/notebook-sync.js.map +0 -1
package/dist/notebook-creation/run-discovery.d.ts +0 -11
package/dist/notebook-creation/run-discovery.d.ts.map +0 -1
package/dist/notebook-creation/run-discovery.js +0 -151
package/dist/notebook-creation/run-discovery.js.map +0 -1
package/dist/notebook-creation/selector-discovery.d.ts +0 -65
package/dist/notebook-creation/selector-discovery.d.ts.map +0 -1
package/dist/notebook-creation/selector-discovery.js +0 -414
package/dist/notebook-creation/selector-discovery.js.map +0 -1
package/dist/notebook-creation/selectors.d.ts.map +0 -1
package/dist/notebook-creation/selectors.js.map +0 -1
package/dist/notebook-creation/selectors.ts +0 -112
package/dist/notebook-creation/source-manager.d.ts.map +0 -1
package/dist/notebook-creation/source-manager.js.map +0 -1
package/dist/notebook-creation/test-create.d.ts +0 -8
package/dist/notebook-creation/test-create.d.ts.map +0 -1
package/dist/notebook-creation/test-create.js +0 -72
package/dist/notebook-creation/test-create.js.map +0 -1
package/dist/notebook-creation/types.d.ts.map +0 -1
package/dist/notebook-creation/types.js.map +0 -1
package/dist/notebook-creation/video-manager.d.ts.map +0 -1
package/dist/notebook-creation/video-manager.js.map +0 -1
package/dist/observability/metrics.d.ts.map +0 -1
package/dist/observability/metrics.js.map +0 -1
package/dist/quota/index.d.ts.map +0 -1
package/dist/quota/index.js.map +0 -1
package/dist/quota/quota-manager.d.ts.map +0 -1
package/dist/quota/quota-manager.js.map +0 -1
package/dist/resources/resource-handlers.d.ts.map +0 -1
package/dist/resources/resource-handlers.js.map +0 -1
package/dist/session/browser-session.d.ts.map +0 -1
package/dist/session/browser-session.js.map +0 -1
package/dist/session/session-manager.d.ts.map +0 -1
package/dist/session/session-manager.js.map +0 -1
package/dist/session/session-timeout.d.ts.map +0 -1
package/dist/session/session-timeout.js.map +0 -1
package/dist/session/shared-context-manager.d.ts.map +0 -1
package/dist/session/shared-context-manager.js.map +0 -1
package/dist/tools/annotations.d.ts.map +0 -1
package/dist/tools/annotations.js.map +0 -1
package/dist/tools/definitions/ask-question.d.ts.map +0 -1
package/dist/tools/definitions/ask-question.js.map +0 -1
package/dist/tools/definitions/chat-history.d.ts.map +0 -1
package/dist/tools/definitions/chat-history.js.map +0 -1
package/dist/tools/definitions/data-tables.d.ts.map +0 -1
package/dist/tools/definitions/data-tables.js.map +0 -1
package/dist/tools/definitions/gemini.d.ts.map +0 -1
package/dist/tools/definitions/gemini.js.map +0 -1
package/dist/tools/definitions/notebook-management.d.ts.map +0 -1
package/dist/tools/definitions/notebook-management.js.map +0 -1
package/dist/tools/definitions/query-history.d.ts.map +0 -1
package/dist/tools/definitions/query-history.js.map +0 -1
package/dist/tools/definitions/session-management.d.ts.map +0 -1
package/dist/tools/definitions/session-management.js.map +0 -1
package/dist/tools/definitions/system.d.ts.map +0 -1
package/dist/tools/definitions/system.js.map +0 -1
package/dist/tools/definitions/video.d.ts.map +0 -1
package/dist/tools/definitions/video.js.map +0 -1
package/dist/tools/definitions.d.ts.map +0 -1
package/dist/tools/definitions.js.map +0 -1
package/dist/tools/handlers/ask-question.d.ts.map +0 -1
package/dist/tools/handlers/ask-question.js.map +0 -1
package/dist/tools/handlers/audio-video.d.ts.map +0 -1
package/dist/tools/handlers/audio-video.js.map +0 -1
package/dist/tools/handlers/auth.d.ts.map +0 -1
package/dist/tools/handlers/auth.js.map +0 -1
package/dist/tools/handlers/error-utils.d.ts.map +0 -1
package/dist/tools/handlers/error-utils.js.map +0 -1
package/dist/tools/handlers/gemini.d.ts.map +0 -1
package/dist/tools/handlers/gemini.js.map +0 -1
package/dist/tools/handlers/index.d.ts.map +0 -1
package/dist/tools/handlers/index.js.map +0 -1
package/dist/tools/handlers/notebook-creation.d.ts.map +0 -1
package/dist/tools/handlers/notebook-creation.js.map +0 -1
package/dist/tools/handlers/notebook-management.d.ts.map +0 -1
package/dist/tools/handlers/notebook-management.js.map +0 -1
package/dist/tools/handlers/session-management.d.ts.map +0 -1
package/dist/tools/handlers/session-management.js.map +0 -1
package/dist/tools/handlers/system.d.ts.map +0 -1
package/dist/tools/handlers/system.js.map +0 -1
package/dist/tools/handlers/types.d.ts.map +0 -1
package/dist/tools/handlers/types.js.map +0 -1
package/dist/tools/handlers/webhooks.d.ts.map +0 -1
package/dist/tools/handlers/webhooks.js.map +0 -1
package/dist/tools/handlers.d.ts +0 -666
package/dist/tools/handlers.d.ts.map +0 -1
package/dist/tools/handlers.js +0 -2929
package/dist/tools/handlers.js.map +0 -1
package/dist/tools/icons.d.ts.map +0 -1
package/dist/tools/icons.js.map +0 -1
package/dist/tools/index.d.ts.map +0 -1
package/dist/tools/index.js.map +0 -1
package/dist/types.d.ts.map +0 -1
package/dist/types.js.map +0 -1
package/dist/utils/audit-logger.d.ts.map +0 -1
package/dist/utils/audit-logger.js.map +0 -1
package/dist/utils/cert-pinning.d.ts +0 -97
package/dist/utils/cert-pinning.d.ts.map +0 -1
package/dist/utils/cert-pinning.js +0 -328
package/dist/utils/cert-pinning.js.map +0 -1
package/dist/utils/cleanup-manager.d.ts.map +0 -1
package/dist/utils/cleanup-manager.js.map +0 -1
package/dist/utils/cli-handler.d.ts.map +0 -1
package/dist/utils/cli-handler.js.map +0 -1
package/dist/utils/crypto.d.ts.map +0 -1
package/dist/utils/crypto.js.map +0 -1
package/dist/utils/file-lock.d.ts.map +0 -1
package/dist/utils/file-lock.js.map +0 -1
package/dist/utils/file-permissions.d.ts.map +0 -1
package/dist/utils/file-permissions.js.map +0 -1
package/dist/utils/logger.d.ts.map +0 -1
package/dist/utils/logger.js.map +0 -1
package/dist/utils/page-utils.d.ts.map +0 -1
package/dist/utils/page-utils.js.map +0 -1
package/dist/utils/response-validator.d.ts.map +0 -1
package/dist/utils/response-validator.js.map +0 -1
package/dist/utils/secrets-scanner.d.ts.map +0 -1
package/dist/utils/secrets-scanner.js.map +0 -1
package/dist/utils/secure-memory.d.ts.map +0 -1
package/dist/utils/secure-memory.js.map +0 -1
package/dist/utils/security.d.ts.map +0 -1
package/dist/utils/security.js.map +0 -1
package/dist/utils/settings-manager.d.ts.map +0 -1
package/dist/utils/settings-manager.js.map +0 -1
package/dist/utils/stealth-utils.d.ts.map +0 -1
package/dist/utils/stealth-utils.js.map +0 -1
package/dist/utils/tool-validation.d.ts +0 -93
package/dist/utils/tool-validation.d.ts.map +0 -1
package/dist/utils/tool-validation.js +0 -277
package/dist/utils/tool-validation.js.map +0 -1
package/dist/webhooks/index.d.ts.map +0 -1
package/dist/webhooks/index.js.map +0 -1
package/dist/webhooks/types.d.ts.map +0 -1
package/dist/webhooks/types.js.map +0 -1
package/dist/webhooks/webhook-dispatcher.d.ts.map +0 -1
package/dist/webhooks/webhook-dispatcher.js.map +0 -1
package/docs/COMPLIANCE-SPEC.md +0 -1452
package/docs/MCP-DIRECTORY-LISTINGS.md +0 -91
package/docs/SECURITY-FORK-OPPORTUNITIES.md +0 -79
package/docs/SECURITY_IMPLEMENTATION_PLAN.md +0 -437
package/docs/archive/ISSUES-legacy-2026-04-24.md +0 -644
package/docs/configuration.md +0 -94
package/docs/dependency-risk.md +0 -25
package/docs/improvement-sprint-2026.2.10.md +0 -210
package/docs/testing-runbook.md +0 -166
package/docs/tools.md +0 -34
package/docs/troubleshooting.md +0 -59
package/docs/usage-guide.md +0 -246

package/dist/notebook-creation/video-manager.js CHANGED Viewed

@@ -16,6 +16,29 @@
  */
 import { log } from "../utils/logger.js";
 import { randomDelay } from "../utils/stealth-utils.js";
+/**
+ * Allowlisted style values. Single source of truth used to validate untrusted
+ * input before it is passed into the page context (prevents attribute-selector
+ * injection in selectStyle).
+ */
+const VALID_VIDEO_STYLES = [
+    "auto-select",
+    "custom",
+    "classic",
+    "whiteboard",
+    "kawaii",
+    "anime",
+    "watercolour",
+    "retro-print",
+    "heritage",
+    "paper-craft",
+];
+/**
+ * Allowlisted format values. Single source of truth used to validate untrusted
+ * input before it is passed into the page context (prevents attribute-selector
+ * injection in selectFormat).
+ */
+const VALID_VIDEO_FORMATS = ["explainer", "brief"];
 export class VideoManager {
     authManager;
     contextManager;
@@ -117,6 +140,18 @@ export class VideoManager {
                     item.classList?.contains("shimmer-green")) {
                     return { status: "generating", progress: 0 };
                 }
+                // Detect an explicit failure state on THIS artifact before assuming ready.
+                // A failed generation leaves a non-shimmer artifact, which would otherwise be
+                // misreported as "ready". Scope the check to the matched item only — a page-global
+                // alert query could match unrelated UI. Class names are best-effort (unconfirmed
+                // by live inspection); [role="alert"]/error child is the locale-independent signal.
+                const hasErrorChild = !!item.querySelector('[role="alert"], .error-state, .artifact-error');
+                if (hasErrorChild ||
+                    item.classList?.contains("error-state") ||
+                    item.classList?.contains("artifact-error") ||
+                    item.classList?.contains("failed")) {
+                    return { status: "failed" };
+                }
                 // Otherwise it's ready
                 return { status: "ready" };
             }
@@ -181,17 +216,28 @@ export class VideoManager {
      * Select a video format in the dialog (Explainer or Brief)
      */
     async selectFormat(page, format) {
+        // Validate against the allowlist BEFORE the value crosses into the page
+        // context. Without this, a value containing `"]` could break out of the
+        // attribute selector below (selector injection).
+        if (!VALID_VIDEO_FORMATS.includes(format)) {
+            log.warning(`video-manager: ignoring non-allowlisted format "${format}"`);
+            return false;
+        }
         return await page.evaluate((fmt) => {
             const browser = globalThis;
             // Format is in mat-radio-group.tile-group
             const radioGroup = browser.document.querySelector("mat-radio-group.tile-group");
             if (!radioGroup)
                 return false;
-            // Primary: value attribute (locale-independent if Angular Material uses stable values)
-            const byValue = radioGroup.querySelector(`[value="${fmt}"]`);
-            if (byValue) {
-                byValue.click();
-                return true;
+            // Primary: value attribute (locale-independent if Angular Material uses stable values).
+            // Iterate radio options and compare values with === rather than building a
+            // selector from the value, so untrusted text can never alter the selector.
+            const options = Array.from(radioGroup.querySelectorAll("[value]"));
+            for (const option of options) {
+                if (option.getAttribute?.("value") === fmt) {
+                    option.click();
+                    return true;
+                }
             }
             // Fallback: text match (English only — may not work in non-English locales,
             // but selectFormat is best-effort; generation will use default format if this fails)
@@ -210,17 +256,28 @@ export class VideoManager {
      * Select a video style in the dialog carousel
      */
     async selectStyle(page, style) {
+        // Validate against the allowlist BEFORE the value crosses into the page
+        // context. Without this, a value containing `"]` could break out of the
+        // attribute selector below (selector injection).
+        if (!VALID_VIDEO_STYLES.includes(style)) {
+            log.warning(`video-manager: ignoring non-allowlisted style "${style}"`);
+            return false;
+        }
         return await page.evaluate((styleName) => {
             const browser = globalThis;
             // Style is in mat-radio-group.carousel-group
             const radioGroup = browser.document.querySelector("mat-radio-group.carousel-group");
             if (!radioGroup)
                 return false;
-            // Primary: value attribute (locale-independent)
-            const byValue = radioGroup.querySelector(`[value="${styleName}"]`);
-            if (byValue) {
-                byValue.click();
-                return true;
+            // Primary: value attribute (locale-independent).
+            // Iterate radio options and compare values with === rather than building a
+            // selector from the value, so untrusted text can never alter the selector.
+            const options = Array.from(radioGroup.querySelectorAll("[value]"));
+            for (const option of options) {
+                if (option.getAttribute?.("value") === styleName) {
+                    option.click();
+                    return true;
+                }
             }
             // Fallback: text match (English only — style labels are translated in non-English UIs,
             // but selectStyle is best-effort; generation will use default style if this fails)
@@ -243,14 +300,26 @@ export class VideoManager {
     async clickDialogGenerate(page) {
         return await page.evaluate(() => {
             const browser = globalThis;
-            // Primary: button in mat-dialog-actions
+            // Primary: the primary-color action button inside mat-dialog-actions.
+            // NEVER blindly click the FIRST button — Material dialogs conventionally place
+            // Cancel/Close first and the primary action last, so clicking [0] can hit Cancel
+            // and silently abort generation. Match the primary-color class/attribute first,
+            // then fall back to the LAST enabled button within the actions container.
             const dialogActions = browser.document.querySelector("mat-dialog-actions");
             if (dialogActions) {
-                const btn = dialogActions.querySelector("button");
-                if (btn) {
-                    btn.click();
+                const primaryInActions = dialogActions.querySelector('button.button-color--primary, button[color="primary"]');
+                if (primaryInActions) {
+                    primaryInActions.click();
                     return true;
                 }
+                const actionButtons = Array.from(dialogActions.querySelectorAll("button"));
+                for (let i = actionButtons.length - 1; i >= 0; i--) {
+                    const button = actionButtons[i];
+                    if (!button.disabled) {
+                        button.click();
+                        return true;
+                    }
+                }
             }
             // Fallback: button with primary color in any dialog
             const primaryBtn = browser.document.querySelector('.dialog-actions button, button.button-color--primary');
@@ -341,6 +410,14 @@ export class VideoManager {
             await randomDelay(500, 800);
             // Check if generation started
             const newStatus = await this.checkVideoStatusInternal(page);
+            if (newStatus.status === "failed") {
+                log.warning("  Video generation reported a failed state");
+                return {
+                    success: false,
+                    status: newStatus,
+                    error: "Video generation failed.",
+                };
+            }
             if (newStatus.status === "generating" || newStatus.status === "ready") {
                 log.success(`  Video generation ${newStatus.status === "ready" ? "completed" : "started"}`);
                 return { success: true, status: newStatus };
@@ -388,4 +465,3 @@ export class VideoManager {
         }
     }
 }
-//# sourceMappingURL=video-manager.js.map

package/dist/observability/metrics.d.ts CHANGED Viewed

@@ -16,4 +16,3 @@ export declare class MetricsRegistry {
     reset(): void;
 }
 export declare function getMetricsRegistry(): MetricsRegistry;
-//# sourceMappingURL=metrics.d.ts.map

package/dist/observability/metrics.js CHANGED Viewed

@@ -32,4 +32,3 @@ const metrics = new MetricsRegistry();
 export function getMetricsRegistry() {
     return metrics;
 }
-//# sourceMappingURL=metrics.js.map

package/dist/quota/index.d.ts CHANGED Viewed

@@ -5,4 +5,3 @@
  * usage tracking, and limit enforcement.
  */
 export { QuotaManager, getQuotaManager, type LicenseTier, type QuotaLimits, type QuotaUsage, type QuotaSettings, } from "./quota-manager.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/quota/index.js CHANGED Viewed

@@ -5,4 +5,3 @@
  * usage tracking, and limit enforcement.
  */
 export { QuotaManager, getQuotaManager, } from "./quota-manager.js";
-//# sourceMappingURL=index.js.map

package/dist/quota/quota-manager.d.ts CHANGED Viewed

@@ -31,6 +31,17 @@ export declare class QuotaManager {
      * Load settings from disk or create defaults
      */
     private loadSettings;
+    /**
+     * Validate and sanitise an untrusted (user-writable) settings object.
+     *
+     * The quota.json file is user-writable, so a tampered or stale file must not
+     * be able to disable enforcement (e.g. by setting limits to 1e12/0/strings or
+     * omitting usage fields, which would otherwise yield NaN comparisons). Tier is
+     * constrained to a known key (falls back to "unknown"); limits are ALWAYS
+     * derived from TIER_LIMITS[tier] and never trusted from disk; usage fields are
+     * coerced to finite numbers and defaulted when missing.
+     */
+    private validateSettings;
     /**
      * Get default settings
      */
@@ -40,9 +51,17 @@ export declare class QuotaManager {
      */
     private saveSettings;
     /**
-     * Reset daily query counters when the date changes and persist the rollover.
-     */
-    private rolloverIfNeeded;
+     * Effective (rolled-over) query count for TODAY, computed WITHOUT mutating or
+     * persisting settings. If the stored lastQueryDate is not today, the count is
+     * treated as 0 (the day has rolled over) but no write occurs — persisting the
+     * rollover is the exclusive responsibility of incrementQueryCountAtomic /
+     * checkAndReserveQuery (see I285). Shared by all readers (getStatus,
+     * getDetailedStatus, updateQuotaMetrics, canMakeQuery) so they never report a
+     * stale pre-rollover count.
+     */
+    private effectiveQueriesUsedToday;
+    /** Percentage guard: avoid NaN/Infinity when the limit is zero or invalid. */
+    private static safePercent;
     private evaluateWithTimeout;
     /**
      * Detect license tier from NotebookLM UI
@@ -106,6 +125,16 @@ export declare class QuotaManager {
     getUsage(): QuotaUsage;
     /**
      * Increment notebook count
+     *
+     * Uses the same withLock(settingsPath) transaction as
+     * incrementQueryCountAtomic (reload-under-lock → increment → persist) so the
+     * notebook counter shares ONE concurrency mechanism with the query counters
+     * (no separate ad-hoc promise queue). The lock provides mutual exclusion and
+     * the reload-under-lock prevents lost updates across concurrent callers;
+     * strict FIFO ordering is not required for a counter.
+     *
+     * Fail-soft contract preserved: this method logs and resolves on error rather
+     * than rejecting, since external callers may not catch.
      */
     incrementNotebookCount(): Promise<void>;
     /**
@@ -120,6 +149,33 @@ export declare class QuotaManager {
      * It reloads settings from disk before incrementing to ensure accuracy.
      */
     incrementQueryCountAtomic(): Promise<void>;
+    /**
+     * Atomically check the daily quota and reserve (increment) a slot in a single
+     * locked, disk-reloaded transaction.
+     *
+     * This closes the TOCTOU window where concurrent sessions/processes all pass a
+     * stale in-memory check (canMakeQuery) and then increment only after the slow
+     * browser query completes, collectively exceeding the daily limit. The slot is
+     * reserved up front, BEFORE the query runs.
+     *
+     * Returns { allowed, reason? }. Callers MUST run the query only when allowed,
+     * and call releaseReservation() if the query subsequently fails.
+     */
+    checkAndReserveQuery(): Promise<{
+        allowed: boolean;
+        reason?: string;
+    }>;
+    /**
+     * Release a previously reserved query slot (e.g. when the query failed after
+     * reservation in checkAndReserveQuery). Atomic and floored at zero so it can
+     * never underflow.
+     */
+    releaseReservation(): Promise<void>;
+    /**
+     * Persist current settings to disk while a file lock is already held.
+     * Mirrors the write performed inside incrementQueryCountAtomic.
+     */
+    private persistWithLockHeld;
     /**
      * Refresh settings from disk with file locking
      *
@@ -194,4 +250,3 @@ export declare class QuotaManager {
     };
 }
 export declare function getQuotaManager(): QuotaManager;
-//# sourceMappingURL=quota-manager.d.ts.map

package/dist/quota/quota-manager.js CHANGED Viewed

@@ -39,8 +39,16 @@ const TIER_LIMITS = {
     },
 };
 const MAX_REASONABLE_QUERIES = 10000;
+const MAX_REASONABLE_NOTEBOOKS = 100000;
 const PAGE_EVALUATE_TIMEOUT_MS = 30000;
-let notebookIncrementQueue = Promise.resolve();
+/** Type guard: is the given string a known license tier? */
+function isKnownTier(tier) {
+    return typeof tier === "string" && Object.prototype.hasOwnProperty.call(TIER_LIMITS, tier);
+}
+/** Always derive limits from the authoritative tier table (never trust on-disk limits). */
+function deriveLimitsForTier(tier) {
+    return { ...TIER_LIMITS[tier] };
+}
 export class QuotaManager {
     settings;
     settingsPath;
@@ -55,9 +63,10 @@ export class QuotaManager {
         try {
             if (fs.existsSync(this.settingsPath)) {
                 const data = fs.readFileSync(this.settingsPath, "utf-8");
-                const loaded = JSON.parse(data);
-                log.info(`📊 Loaded quota settings (tier: ${loaded.tier})`);
-                return loaded;
+                const parsed = JSON.parse(data);
+                const validated = this.validateSettings(parsed);
+                log.info(`📊 Loaded quota settings (tier: ${validated.tier})`);
+                return validated;
             }
         }
         catch (error) {
@@ -66,6 +75,57 @@ export class QuotaManager {
         // Return defaults
         return this.getDefaultSettings();
     }
+    /**
+     * Validate and sanitise an untrusted (user-writable) settings object.
+     *
+     * The quota.json file is user-writable, so a tampered or stale file must not
+     * be able to disable enforcement (e.g. by setting limits to 1e12/0/strings or
+     * omitting usage fields, which would otherwise yield NaN comparisons). Tier is
+     * constrained to a known key (falls back to "unknown"); limits are ALWAYS
+     * derived from TIER_LIMITS[tier] and never trusted from disk; usage fields are
+     * coerced to finite numbers and defaulted when missing.
+     */
+    validateSettings(parsed) {
+        if (!parsed || typeof parsed !== "object") {
+            log.warning("⚠️ Quota settings file is not an object; using defaults");
+            return this.getDefaultSettings();
+        }
+        const obj = parsed;
+        const defaults = this.getDefaultSettings();
+        // Tier must be a known key, otherwise fall back to a safe default.
+        let tier = "unknown";
+        if (isKnownTier(obj.tier)) {
+            tier = obj.tier;
+        }
+        else if (obj.tier !== undefined) {
+            log.warning(`⚠️ Unknown tier "${String(obj.tier)}" in quota settings; falling back to "unknown"`);
+        }
+        // CRUCIAL: derive limits from the tier table, never trust on-disk values.
+        const limits = deriveLimitsForTier(tier);
+        const rawUsage = obj.usage && typeof obj.usage === "object"
+            ? obj.usage
+            : {};
+        const coerceCount = (value, max) => {
+            const n = Number(value);
+            if (!Number.isFinite(n) || n < 0)
+                return 0;
+            return Math.min(Math.floor(n), max);
+        };
+        const queriesUsedToday = coerceCount(rawUsage.queriesUsedToday, MAX_REASONABLE_QUERIES);
+        const notebooks = coerceCount(rawUsage.notebooks, MAX_REASONABLE_NOTEBOOKS);
+        const lastQueryDate = typeof rawUsage.lastQueryDate === "string" && rawUsage.lastQueryDate.length > 0
+            ? rawUsage.lastQueryDate
+            : defaults.usage.lastQueryDate;
+        const lastUpdated = typeof rawUsage.lastUpdated === "string" && rawUsage.lastUpdated.length > 0
+            ? rawUsage.lastUpdated
+            : defaults.usage.lastUpdated;
+        return {
+            tier,
+            limits,
+            usage: { notebooks, queriesUsedToday, lastQueryDate, lastUpdated },
+            autoDetected: typeof obj.autoDetected === "boolean" ? obj.autoDetected : false,
+        };
+    }
     /**
      * Get default settings
      */
@@ -100,18 +160,25 @@ export class QuotaManager {
         }
     }
     /**
-     * Reset daily query counters when the date changes and persist the rollover.
+     * Effective (rolled-over) query count for TODAY, computed WITHOUT mutating or
+     * persisting settings. If the stored lastQueryDate is not today, the count is
+     * treated as 0 (the day has rolled over) but no write occurs — persisting the
+     * rollover is the exclusive responsibility of incrementQueryCountAtomic /
+     * checkAndReserveQuery (see I285). Shared by all readers (getStatus,
+     * getDetailedStatus, updateQuotaMetrics, canMakeQuery) so they never report a
+     * stale pre-rollover count.
      */
-    rolloverIfNeeded() {
+    effectiveQueriesUsedToday() {
         const today = new Date().toISOString().split("T")[0];
-        if (this.settings.usage.lastQueryDate === today) {
-            return false;
-        }
-        this.settings.usage.queriesUsedToday = 0;
-        this.settings.usage.lastQueryDate = today;
-        this.settings.usage.lastUpdated = new Date().toISOString();
-        this.saveSettings();
-        return true;
+        return this.settings.usage.lastQueryDate === today
+            ? this.settings.usage.queriesUsedToday
+            : 0;
+    }
+    /** Percentage guard: avoid NaN/Infinity when the limit is zero or invalid. */
+    static safePercent(used, limit) {
+        if (!Number.isFinite(limit) || limit <= 0)
+            return 0;
+        return Math.round((used / limit) * 100);
     }
     async evaluateWithTimeout(page, fn, timeoutMs = PAGE_EVALUATE_TIMEOUT_MS) {
         let timeout;
@@ -203,11 +270,15 @@ export class QuotaManager {
     async extractSourceLimitFromDialog(page) {
         const limitInfo = await this.evaluateWithTimeout(page, () => {
             const browser = globalThis;
-            // Look for X/Y pattern
+            // Look for the "X / Y" source-count pattern, but ONLY accept a KNOWN
+            // source limit (50/300/600). A broad /\d+\/\d+/ matches any unrelated
+            // fraction on the page (timestamps, "3/5 steps", etc.), which previously
+            // let an arbitrary number through as the source limit and misdetected the
+            // tier upward. Mirror the whitelist used by detectTierFromPage.
             const allText = browser.document.body.innerText;
-            const match = allText.match(/(\d+)\s*\/\s*(\d+)/);
+            const match = allText.match(/\b(\d+)\s*\/\s*(50|300|600)\b/);
             if (match) {
-                return parseInt(match[2], 10); // Return the limit (Y in X/Y)
+                return parseInt(match[2], 10); // Return the whitelisted limit (Y in X/Y)
             }
             return null;
         });
@@ -381,11 +452,16 @@ export class QuotaManager {
         // Try to extract query usage from UI
         const queryUsage = await this.extractQueryUsageFromUI(page);
         if (queryUsage) {
-            // Update local tracking with Google's numbers
+            // Update local tracking with Google's numbers.
             this.settings.usage.queriesUsedToday = Math.min(queryUsage.used, MAX_REASONABLE_QUERIES);
-            this.settings.limits.queriesPerDay = queryUsage.limit;
+            // Scraped page numbers are untrusted: a spoofed/injected page (e.g.
+            // "0/999999") must never raise the enforced daily limit above the
+            // documented value for the detected tier. Treat the scraped limit only as
+            // a hint and clamp it to the tier's authoritative ceiling.
+            const tierCeiling = deriveLimitsForTier(this.settings.tier).queriesPerDay;
+            this.settings.limits.queriesPerDay = Math.min(Math.max(1, queryUsage.limit), tierCeiling);
             this.settings.usage.lastQueryDate = new Date().toISOString().split("T")[0];
-            log.info(`  Synced query usage from Google: ${this.settings.usage.queriesUsedToday}/${queryUsage.limit}`);
+            log.info(`  Synced query usage from Google: ${this.settings.usage.queriesUsedToday}/${this.settings.limits.queriesPerDay}`);
         }
         // Check for rate limit
         const rateLimitDetected = await this.checkForRateLimitError(page);
@@ -451,24 +527,29 @@ export class QuotaManager {
     }
     /**
      * Increment notebook count
+     *
+     * Uses the same withLock(settingsPath) transaction as
+     * incrementQueryCountAtomic (reload-under-lock → increment → persist) so the
+     * notebook counter shares ONE concurrency mechanism with the query counters
+     * (no separate ad-hoc promise queue). The lock provides mutual exclusion and
+     * the reload-under-lock prevents lost updates across concurrent callers;
+     * strict FIFO ordering is not required for a counter.
+     *
+     * Fail-soft contract preserved: this method logs and resolves on error rather
+     * than rejecting, since external callers may not catch.
      */
-    incrementNotebookCount() {
-        notebookIncrementQueue = notebookIncrementQueue
-            .catch((error) => {
-            log.error(`❌ Notebook increment queue recovered from prior failure: ${error}`);
-        })
-            .then(async () => {
+    async incrementNotebookCount() {
+        try {
             await withLock(this.settingsPath, async () => {
                 this.settings = this.loadSettings();
                 this.settings.usage.notebooks++;
                 this.settings.usage.lastUpdated = new Date().toISOString();
                 this.saveSettings();
             });
-        })
-            .catch((error) => {
+        }
+        catch (error) {
             log.error(`❌ Could not increment notebook count: ${error}`);
-        });
-        return notebookIncrementQueue;
+        }
     }
     /**
      * Increment query count (synchronous, for backwards compatibility)
@@ -520,6 +601,71 @@ export class QuotaManager {
             }
         });
     }
+    /**
+     * Atomically check the daily quota and reserve (increment) a slot in a single
+     * locked, disk-reloaded transaction.
+     *
+     * This closes the TOCTOU window where concurrent sessions/processes all pass a
+     * stale in-memory check (canMakeQuery) and then increment only after the slow
+     * browser query completes, collectively exceeding the daily limit. The slot is
+     * reserved up front, BEFORE the query runs.
+     *
+     * Returns { allowed, reason? }. Callers MUST run the query only when allowed,
+     * and call releaseReservation() if the query subsequently fails.
+     */
+    async checkAndReserveQuery() {
+        return await withLock(this.settingsPath, async () => {
+            // Reload latest settings from disk (another process may have updated).
+            this.settings = this.loadSettings();
+            const today = new Date().toISOString().split("T")[0];
+            // Reset if new day (mirror incrementQueryCountAtomic rollover idiom).
+            if (this.settings.usage.lastQueryDate !== today) {
+                this.settings.usage.queriesUsedToday = 0;
+                this.settings.usage.lastQueryDate = today;
+            }
+            // CRUCIAL: derive the limit from the tier table, never trust on-disk limit.
+            const limit = deriveLimitsForTier(this.settings.tier).queriesPerDay;
+            if (this.settings.usage.queriesUsedToday >= limit) {
+                getMetricsRegistry().increment("quota_query_denials_total", { tier: this.settings.tier });
+                this.updateQuotaMetrics();
+                return {
+                    allowed: false,
+                    reason: `Daily query limit reached (${this.settings.usage.queriesUsedToday}/${limit}). Try again tomorrow or upgrade your plan.`,
+                };
+            }
+            // Reserve the slot now, before the query runs.
+            this.settings.usage.queriesUsedToday += 1;
+            this.settings.usage.lastUpdated = new Date().toISOString();
+            this.updateQuotaMetrics();
+            this.persistWithLockHeld();
+            return { allowed: true };
+        });
+    }
+    /**
+     * Release a previously reserved query slot (e.g. when the query failed after
+     * reservation in checkAndReserveQuery). Atomic and floored at zero so it can
+     * never underflow.
+     */
+    async releaseReservation() {
+        await withLock(this.settingsPath, async () => {
+            this.settings = this.loadSettings();
+            this.settings.usage.queriesUsedToday = Math.max(0, this.settings.usage.queriesUsedToday - 1);
+            this.settings.usage.lastUpdated = new Date().toISOString();
+            this.updateQuotaMetrics();
+            this.persistWithLockHeld();
+        });
+    }
+    /**
+     * Persist current settings to disk while a file lock is already held.
+     * Mirrors the write performed inside incrementQueryCountAtomic.
+     */
+    persistWithLockHeld() {
+        const dir = path.dirname(this.settingsPath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+        }
+        fs.writeFileSync(this.settingsPath, JSON.stringify(this.settings, null, 2), { mode: 0o600 });
+    }
     /**
      * Refresh settings from disk with file locking
      *
@@ -568,10 +714,7 @@ export class QuotaManager {
     canMakeQuery() {
         // Pure read: determine effective count without mutating settings.
         // Rollover mutation is handled exclusively in incrementQueryCountAtomic (I285).
-        const today = new Date().toISOString().split("T")[0];
-        const queriesUsedToday = this.settings.usage.lastQueryDate === today
-            ? this.settings.usage.queriesUsedToday
-            : 0; // New day — treat count as 0 without persisting
+        const queriesUsedToday = this.effectiveQueriesUsedToday();
         const { queriesPerDay: limit } = this.settings.limits;
         if (queriesUsedToday >= limit) {
             getMetricsRegistry().increment("quota_query_denials_total", { tier: this.settings.tier });
@@ -588,32 +731,35 @@ export class QuotaManager {
         this.updateQuotaMetrics(queriesUsedToday);
         return { allowed: true };
     }
-    updateQuotaMetrics(queriesUsedToday = this.settings.usage.queriesUsedToday) {
+    updateQuotaMetrics(queriesUsedToday = this.effectiveQueriesUsedToday()) {
         const { tier, limits } = this.settings;
         const registry = getMetricsRegistry();
         registry.setGauge("quota_queries_used", queriesUsedToday, { tier });
         registry.setGauge("quota_queries_limit", limits.queriesPerDay, { tier });
-        registry.setGauge("quota_queries_percent", Math.round((queriesUsedToday / limits.queriesPerDay) * 100), { tier });
+        registry.setGauge("quota_queries_percent", QuotaManager.safePercent(queriesUsedToday, limits.queriesPerDay), { tier });
     }
     /**
      * Get quota status summary
      */
     getStatus() {
         const { tier, limits, usage } = this.settings;
+        // Use the effective (rolled-over) count so getStatus never reports a stale
+        // pre-rollover figure; guard all percentages against a zero/invalid limit.
+        const queriesUsedToday = this.effectiveQueriesUsedToday();
         return {
             tier,
             notebooks: {
                 used: usage.notebooks,
                 limit: limits.notebooks,
-                percent: Math.round((usage.notebooks / limits.notebooks) * 100),
+                percent: QuotaManager.safePercent(usage.notebooks, limits.notebooks),
             },
             sources: {
                 limit: limits.sourcesPerNotebook,
             },
             queries: {
-                used: usage.queriesUsedToday,
+                used: queriesUsedToday,
                 limit: limits.queriesPerDay,
-                percent: Math.round((usage.queriesUsedToday / limits.queriesPerDay) * 100),
+                percent: QuotaManager.safePercent(queriesUsedToday, limits.queriesPerDay),
             },
         };
     }
@@ -622,12 +768,16 @@ export class QuotaManager {
      * Used to provide visibility to users about when to stop querying for the day
      */
     getDetailedStatus() {
-        this.rolloverIfNeeded();
+        // Pure read of the effective (rolled-over) count — consistent with
+        // getStatus/canMakeQuery. Rollover is NOT persisted here; that is the
+        // exclusive responsibility of incrementQueryCountAtomic/checkAndReserveQuery
+        // (I285), so this reader no longer mutates+persists the rollover.
         const { tier, limits, usage } = this.settings;
-        const queriesRemaining = limits.queriesPerDay - usage.queriesUsedToday;
-        const queriesPercentUsed = Math.round((usage.queriesUsedToday / limits.queriesPerDay) * 100);
+        const queriesUsedToday = this.effectiveQueriesUsedToday();
+        const queriesRemaining = limits.queriesPerDay - queriesUsedToday;
+        const queriesPercentUsed = QuotaManager.safePercent(queriesUsedToday, limits.queriesPerDay);
         const notebooksRemaining = limits.notebooks - usage.notebooks;
-        const notebooksPercentUsed = Math.round((usage.notebooks / limits.notebooks) * 100);
+        const notebooksPercentUsed = QuotaManager.safePercent(usage.notebooks, limits.notebooks);
         // Calculate next reset time (midnight local time)
         const tomorrow = new Date();
         tomorrow.setDate(tomorrow.getDate() + 1);
@@ -635,7 +785,7 @@ export class QuotaManager {
         // Build warnings list
         const warnings = [];
         if (queriesRemaining <= 0) {
-            warnings.push(`CRITICAL: Daily query limit reached (${usage.queriesUsedToday}/${limits.queriesPerDay}). Wait until tomorrow or upgrade your plan.`);
+            warnings.push(`CRITICAL: Daily query limit reached (${queriesUsedToday}/${limits.queriesPerDay}). Wait until tomorrow or upgrade your plan.`);
         }
         else if (queriesRemaining <= 5) {
             warnings.push(`CRITICAL: Only ${queriesRemaining} queries remaining today! Consider stopping soon.`);
@@ -652,7 +802,7 @@ export class QuotaManager {
         return {
             tier,
             queries: {
-                used: usage.queriesUsedToday,
+                used: queriesUsedToday,
                 limit: limits.queriesPerDay,
                 remaining: queriesRemaining,
                 percentUsed: queriesPercentUsed,
@@ -680,4 +830,3 @@ export function getQuotaManager() {
     }
     return quotaManagerInstance;
 }
-//# sourceMappingURL=quota-manager.js.map

package/dist/resources/resource-handlers.d.ts CHANGED Viewed

@@ -19,4 +19,3 @@ export declare class ResourceHandlers {
      */
     private buildCompletion;
 }
-//# sourceMappingURL=resource-handlers.d.ts.map