@percena/weft 0.4.0-next.2 → 0.4.0-next.3

package/dist/factory.js

@@ -1,5008 +0,0 @@
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-
-// ../packages/sources/dist/chunk-QOB7RMSO.js
-var init_chunk_QOB7RMSO = __esm({
-  "../packages/sources/dist/chunk-QOB7RMSO.js"() {
-    "use strict";
-  }
-});
-
-// ../packages/sources/dist/chunk-DGUM43GV.js
-var init_chunk_DGUM43GV = __esm({
-  "../packages/sources/dist/chunk-DGUM43GV.js"() {
-    "use strict";
-  }
-});
-
-// ../packages/adaptor/dist/chunk-DGUM43GV.js
-var __require3;
-var init_chunk_DGUM43GV2 = __esm({
-  "../packages/adaptor/dist/chunk-DGUM43GV.js"() {
-    "use strict";
-    __require3 = /* @__PURE__ */ ((x) => typeof __require !== "undefined" ? __require : typeof Proxy !== "undefined" ? new Proxy(x, {
-      get: (a, b) => (typeof __require !== "undefined" ? __require : a)[b]
-    }) : x)(function(x) {
-      if (typeof __require !== "undefined") return __require.apply(this, arguments);
-      throw Error('Dynamic require of "' + x + '" is not supported');
-    });
-  }
-});
-
-// ../packages/adaptor/dist/chunk-XW533RAZ.js
-var init_chunk_XW533RAZ = __esm({
-  "../packages/adaptor/dist/chunk-XW533RAZ.js"() {
-    "use strict";
-  }
-});
-
-// ../packages/runtime-core/dist/index.js
-var RUNTIME_KINDS = ["native-sdk", "app-server", "compatible-sdk", "cli-fallback"];
-function mapPermissionModeToCodexParams(mode) {
-  switch (mode) {
-    case "safe":
-      return { approvalPolicy: "untrusted", approvalsReviewer: "user", sandbox: "read-only" };
-    case "allow-all":
-      return { approvalPolicy: "never", approvalsReviewer: "user", sandbox: "danger-full-access" };
-    case "ask":
-    default:
-      return { approvalPolicy: "on-request", approvalsReviewer: "user", sandbox: "workspace-write" };
-  }
-}
-function mapCodexSandboxModeToSandboxPolicy(sandbox) {
-  if (sandbox === "read-only") return { type: "readOnly" };
-  if (sandbox === "danger-full-access") return { type: "dangerFullAccess" };
-  return { type: "workspaceWrite" };
-}
-var initialRuntimeState = {
-  status: "idle",
-  acceptedMessages: [],
-  queuedMessages: []
-};
-function reduceRuntimeState(state = initialRuntimeState, action) {
-  switch (action.type) {
-    case "preflight_start":
-      return { ...state, status: "preflighting", lastError: void 0 };
-    case "preflight_ok":
-      return { ...state, status: "ready", lastError: void 0 };
-    case "preflight_error":
-      return { ...state, status: "failed", lastError: action.error };
-    case "starting":
-      if (state.status === "ready" || state.status === "idle") {
-        return { ...state, status: "starting" };
-      }
-      return state;
-    case "send_message":
-      if (state.status === "running" || state.status === "waiting_for_permission") {
-        return {
-          ...state,
-          queuedMessages: [...state.queuedMessages, action.message]
-        };
-      }
-      return {
-        ...state,
-        status: "running",
-        acceptedMessages: [...state.acceptedMessages, action.message]
-      };
-    case "permission_request":
-      return {
-        ...state,
-        status: "waiting_for_permission",
-        waitingPermissionRequestId: action.requestId
-      };
-    case "permission_response":
-      return {
-        ...state,
-        status: "running",
-        waitingPermissionRequestId: void 0
-      };
-    case "turn_completed":
-      if (state.status === "running") {
-        return { ...state, status: "turn_completed" };
-      }
-      return state;
-    case "complete": {
-      if (state.status === "turn_completed") {
-        const [nextMessage2, ...remaining2] = state.queuedMessages;
-        if (nextMessage2) {
-          return {
-            ...state,
-            status: "running",
-            acceptedMessages: [...state.acceptedMessages, nextMessage2],
-            queuedMessages: remaining2
-          };
-        }
-        return { ...state, status: "ready" };
-      }
-      const [nextMessage, ...remaining] = state.queuedMessages;
-      if (nextMessage) {
-        return {
-          ...state,
-          status: "running",
-          acceptedMessages: [...state.acceptedMessages, nextMessage],
-          queuedMessages: remaining
-        };
-      }
-      return { ...state, status: "ready" };
-    }
-    case "abort":
-      return {
-        ...state,
-        status: "ready",
-        lastError: action.reason,
-        queuedMessages: [],
-        waitingPermissionRequestId: void 0
-      };
-    case "error":
-      return { ...state, status: "failed", lastError: action.error };
-    case "dispose":
-      return {
-        ...state,
-        status: "disposed",
-        queuedMessages: [],
-        waitingPermissionRequestId: void 0
-      };
-  }
-}
-function createRuntimeExtensionContext(context = {}) {
-  return {
-    policy: context.policy,
-    sources: context.sources ? { enabledSourceSlugs: unique(context.sources.enabledSourceSlugs) } : void 0,
-    skills: context.skills ? { activeSkillSlugs: unique(context.skills.activeSkillSlugs) } : void 0,
-    commandOrigin: context.commandOrigin,
-    hostServices: context.hostServices
-  };
-}
-function sanitizeProviderSourceTools(sourceTools) {
-  if (!sourceTools || sourceTools.length === 0) return [];
-  const sanitized = [];
-  for (const sourceTool of sourceTools) {
-    if (sourceTool.kind === "api-source") {
-      const defaultHeaders = sourceTool.defaultHeaders ? copyNonCredentialStringRecord(sourceTool.defaultHeaders) : void 0;
-      sanitized.push({
-        kind: "api-source",
-        sourceSlug: sourceTool.sourceSlug,
-        baseUrl: sourceTool.baseUrl,
-        authType: sourceTool.authType,
-        ...defaultHeaders && Object.keys(defaultHeaders).length > 0 ? { defaultHeaders } : {},
-        ...sourceTool.credentialRef ? { credentialRef: sanitizeSourceCredentialRef(sourceTool.credentialRef) } : {}
-      });
-      continue;
-    }
-    if (sourceTool.kind === "local-source") {
-      sanitized.push({
-        kind: "local-source",
-        sourceSlug: sourceTool.sourceSlug,
-        path: sourceTool.path,
-        ...sourceTool.format ? { format: sourceTool.format } : {}
-      });
-      continue;
-    }
-    if (sourceTool.kind === "mcp-server") {
-      const env = sourceTool.env ? copyNonCredentialStringRecord(sourceTool.env) : void 0;
-      const headers = sourceTool.headers ? copyNonCredentialStringRecord(sourceTool.headers) : void 0;
-      sanitized.push({
-        kind: "mcp-server",
-        sourceSlug: sourceTool.sourceSlug,
-        transport: sourceTool.transport,
-        ...sourceTool.url ? { url: sourceTool.url } : {},
-        ...sourceTool.command ? { command: sourceTool.command } : {},
-        ...sourceTool.args ? { args: sourceTool.args.filter((value) => typeof value === "string") } : {},
-        ...env && Object.keys(env).length > 0 ? { env } : {},
-        ...headers && Object.keys(headers).length > 0 ? { headers } : {},
-        ...sourceTool.credentialRef ? { credentialRef: sanitizeSourceCredentialRef(sourceTool.credentialRef) } : {}
-      });
-    }
-  }
-  return sanitized;
-}
-var sessionToolRequestCounter = 0;
-async function invokeSessionTool(options) {
-  const requestId = `session-tool-${++sessionToolRequestCounter}`;
-  const origin = originFromSessionToolRequest(options.request) ?? options.commandOrigin;
-  const policyDecision = await evaluateSessionToolPolicy(options, requestId);
-  const timelineRefs = [];
-  const append3 = (item) => {
-    const envelope = options.appendTimeline?.(item);
-    if (envelope) {
-      timelineRefs.push({ epoch: envelope.epoch, seq: envelope.seq });
-    }
-  };
-  if (policyDecision.decision !== "allow") {
-    const reason = policyDecision.decision === "deny" ? policyDecision.reason : policyDecision.reason;
-    append3({
-      type: "host_state_changed",
-      state: {
-        kind: "host_tool_denied",
-        requestId,
-        toolName: options.toolName,
-        reason
-      }
-    });
-    return {
-      ok: false,
-      requestId,
-      toolName: options.toolName,
-      origin,
-      policyDecision,
-      reason,
-      timelineRefs
-    };
-  }
-  append3({
-    type: "host_state_changed",
-    state: {
-      kind: "host_tool_invoked",
-      requestId,
-      toolName: options.toolName,
-      ...origin ? { origin } : {}
-    }
-  });
-  const callback = options.bridge[options.toolName];
-  if (!callback) {
-    const reason = `Session tool bridge callback is not registered: ${String(options.toolName)}`;
-    append3({
-      type: "host_state_changed",
-      state: {
-        kind: "host_tool_result",
-        requestId,
-        toolName: options.toolName,
-        ok: false,
-        reason
-      }
-    });
-    return {
-      ok: false,
-      requestId,
-      toolName: options.toolName,
-      origin,
-      policyDecision,
-      reason,
-      timelineRefs
-    };
-  }
-  try {
-    const result = await callback(options.request);
-    append3({
-      type: "host_state_changed",
-      state: {
-        kind: "host_tool_result",
-        requestId,
-        toolName: options.toolName,
-        ok: true
-      }
-    });
-    return {
-      ok: true,
-      requestId,
-      toolName: options.toolName,
-      origin,
-      policyDecision,
-      result,
-      timelineRefs
-    };
-  } catch (error) {
-    const reason = error instanceof Error ? error.message : String(error);
-    append3({
-      type: "host_state_changed",
-      state: {
-        kind: "host_tool_result",
-        requestId,
-        toolName: options.toolName,
-        ok: false,
-        reason
-      }
-    });
-    return {
-      ok: false,
-      requestId,
-      toolName: options.toolName,
-      origin,
-      policyDecision,
-      reason,
-      timelineRefs
-    };
-  }
-}
-async function evaluateSessionToolPolicy(options, requestId) {
-  if (!options.policy) return { decision: "allow" };
-  return options.policy({
-    toolName: `host.${String(options.toolName)}`,
-    input: recordFromSessionToolRequest(options.request),
-    toolIntent: { kind: "unknown", toolName: `host.${String(options.toolName)}` },
-    scope: { type: "session", sessionId: options.sessionId }
-  });
-}
-function originFromSessionToolRequest(request) {
-  const record = recordFromSessionToolRequest(request);
-  const origin = record.origin ?? record.commandOrigin;
-  return isCommandOrigin(origin) ? origin : void 0;
-}
-function recordFromSessionToolRequest(request) {
-  return request && typeof request === "object" ? { ...request } : {};
-}
-function isCommandOrigin(value) {
-  if (!value || typeof value !== "object") return false;
-  const type = value.type;
-  return type === "user" || type === "automation" || type === "scheduler" || type === "host" || type === "replay" || type === "system";
-}
-function unique(values) {
-  return [...new Set(values)];
-}
-function sanitizeSourceCredentialRef(credentialRef) {
-  return {
-    type: credentialRef.type,
-    sourceSlug: credentialRef.sourceSlug,
-    ...credentialRef.workspaceId ? { workspaceId: credentialRef.workspaceId } : {}
-  };
-}
-function copyStringRecord(record) {
-  return Object.fromEntries(
-    Object.entries(record).filter((entry) => typeof entry[0] === "string" && typeof entry[1] === "string")
-  );
-}
-function copyNonCredentialStringRecord(record) {
-  return Object.fromEntries(
-    Object.entries(copyStringRecord(record)).filter(([key]) => !isCredentialKey(key))
-  );
-}
-function isCredentialKey(key) {
-  const normalized = key.toLowerCase();
-  return normalized === "authorization" || normalized === "proxy-authorization" || normalized === "cookie" || normalized === "set-cookie" || normalized.includes("api-key") || normalized.includes("apikey") || normalized.includes("token") || normalized.includes("secret") || normalized.includes("password");
-}
-function findCandidate(candidates, kind) {
-  return candidates.find((candidate) => candidate.kind === kind);
-}
-function defaultRuntimeKindOrder(provider) {
-  if (provider === "codex") {
-    return ["app-server", "native-sdk", "compatible-sdk", "cli-fallback"];
-  }
-  return RUNTIME_KINDS;
-}
-function firstAvailableCandidate(candidates, provider) {
-  for (const kind of defaultRuntimeKindOrder(provider)) {
-    const candidate = findCandidate(candidates, kind);
-    if (candidate?.available) return candidate;
-  }
-  return void 0;
-}
-function selectRuntimeCandidate(options) {
-  const preferred = options.preferredRuntime ? findCandidate(options.candidates, options.preferredRuntime) : void 0;
-  if (preferred?.available) {
-    return { selected: preferred.kind, fallback: false };
-  }
-  if (preferred && options.allowFallback !== true) {
-    return {
-      fallback: false,
-      error: preferred.reason ?? `${preferred.kind} runtime is unavailable`
-    };
-  }
-  const selected = firstAvailableCandidate(options.candidates, options.provider);
-  if (!selected) {
-    return {
-      fallback: false,
-      error: options.candidates.map((candidate) => candidate.reason).filter(Boolean).join("; ") || "No runtime candidates are available"
-    };
-  }
-  const fallback = Boolean(preferred && selected.kind !== preferred.kind);
-  return {
-    selected: selected.kind,
-    fallback,
-    fallbackReason: fallback ? preferred?.reason ?? `${preferred?.kind ?? "preferred"} runtime is unavailable` : void 0
-  };
-}
-function createRuntimeCapabilityReport(options) {
-  const selection = selectRuntimeCandidate(options);
-  const extensionCapabilities = normalizeExtensionCapabilities(options.extensionCapabilities);
-  return {
-    provider: options.provider,
-    candidates: options.candidates,
-    preferredRuntime: options.preferredRuntime,
-    allowFallback: options.allowFallback === true,
-    auth: options.auth,
-    ...extensionCapabilities,
-    ...selection
-  };
-}
-function normalizeExtensionCapabilities(capabilities = {}) {
-  return {
-    policyCapabilities: capabilities.policy ?? {
-      supported: false,
-      modes: [],
-      approvals: false,
-      toolPolicy: false
-    },
-    sourceCapabilities: capabilities.sources ?? {
-      supported: false
-    },
-    skillCapabilities: capabilities.skills ?? {
-      supported: false
-    },
-    automationCapabilities: capabilities.automations ?? {
-      supported: false,
-      eventBus: false,
-      schedulerHost: false,
-      promptAction: false,
-      webhookAction: false
-    },
-    hostToolCapabilities: capabilities.hostTools ?? {
-      supported: false,
-      sessionTools: false,
-      workflowTransitions: false,
-      browserActions: false,
-      metadataWrites: false
-    }
-  };
-}
-
-// ../packages/timeline/dist/index.js
-function createTimelineSequencer(options) {
-  let seq = options.startSeq ?? 0;
-  const now = options.now ?? Date.now;
-  return {
-    append(item, rawRef2) {
-      seq += 1;
-      return appendTimelineItem({
-        sessionId: options.sessionId,
-        provider: options.provider,
-        epoch: options.epoch,
-        seq,
-        timestamp: now(),
-        item,
-        rawRef: rawRef2
-      });
-    }
-  };
-}
-function appendTimelineItem(envelope) {
-  return {
-    ...envelope,
-    rawRef: envelope.rawRef ? { ...envelope.rawRef } : void 0
-  };
-}
-function createTimelineCursor(cursor) {
-  return {
-    epoch: cursor.epoch,
-    afterSeq: cursor.afterSeq
-  };
-}
-function fetchTimeline(timeline, request = {}) {
-  const ordered = sortTimeline(timeline);
-  const cursor = request.cursor ?? cursorFromTimelineStart(ordered);
-  const items = ordered.filter((item) => item.epoch === cursor.epoch && item.seq > cursor.afterSeq).slice(0, request.limit);
-  const lastSeq = items.at(-1)?.seq ?? cursor.afterSeq;
-  const firstSeq = items[0]?.seq;
-  return {
-    items,
-    nextCursor: {
-      epoch: cursor.epoch,
-      afterSeq: lastSeq
-    },
-    hasGap: firstSeq !== void 0 && firstSeq > cursor.afterSeq + 1
-  };
-}
-function cursorFromTimelineStart(timeline) {
-  return {
-    epoch: timeline[0]?.epoch ?? "default",
-    afterSeq: 0
-  };
-}
-function sortTimeline(timeline) {
-  return [...timeline].sort((left, right) => {
-    if (left.epoch !== right.epoch) return left.epoch.localeCompare(right.epoch);
-    return left.seq - right.seq;
-  });
-}
-
-// ../packages/sources/dist/index.js
-init_chunk_QOB7RMSO();
-init_chunk_DGUM43GV();
-import { join, dirname } from "path";
-import { homedir as homedir2 } from "os";
-function createSourceActivationPlan(options) {
-  const requestedSourceSlugs = unique2(options.requestedSourceSlugs);
-  const states = new Map(options.sourceStates.map((source) => [source.sourceSlug, source]));
-  const activeSourceSlugs = [];
-  const authRequiredSourceSlugs = [];
-  const missingSourceSlugs = [];
-  const blockedSourceSlugs = [];
-  const timelineItems = [];
-  for (const sourceSlug of requestedSourceSlugs) {
-    const state = states.get(sourceSlug) ?? {
-      sourceSlug,
-      enabled: false,
-      authenticated: false,
-      status: "missing"
-    };
-    if (state.enabled && state.authenticated && state.status === "active") {
-      activeSourceSlugs.push(sourceSlug);
-    } else if (state.enabled && !state.authenticated) {
-      authRequiredSourceSlugs.push(sourceSlug);
-    } else if (state.status === "missing") {
-      missingSourceSlugs.push(sourceSlug);
-    } else {
-      blockedSourceSlugs.push(sourceSlug);
-    }
-    timelineItems.push({
-      type: "source_state_changed",
-      source: {
-        sourceSlug: state.sourceSlug,
-        status: state.status,
-        enabled: state.enabled,
-        authenticated: state.authenticated,
-        ...state.reason ? { reason: state.reason } : {}
-      }
-    });
-  }
-  return {
-    requestedSourceSlugs,
-    activeSourceSlugs,
-    authRequiredSourceSlugs,
-    missingSourceSlugs,
-    blockedSourceSlugs,
-    timelineItems
-  };
-}
-function unique2(values) {
-  return [...new Set(values)];
-}
-function createSourceToolAssemblyPlan(options) {
-  const bySlug = new Map(options.sources.map((source) => [source.config.slug, source]));
-  const tools = [];
-  const blockedSourceSlugs = [];
-  for (const sourceSlug of unique22(options.activeSourceSlugs)) {
-    const source = bySlug.get(sourceSlug);
-    if (!source) {
-      blockedSourceSlugs.push(sourceSlug);
-      continue;
-    }
-    const descriptor = descriptorFromSource(
-      source,
-      options.credentialRefs?.[sourceSlug],
-      options.allowedStdioEnvKeys ?? []
-    );
-    if (descriptor) {
-      tools.push(descriptor);
-    } else {
-      blockedSourceSlugs.push(sourceSlug);
-    }
-  }
-  return { tools, blockedSourceSlugs };
-}
-function descriptorFromSource(source, credentialRef, allowedStdioEnvKeys) {
-  const { config } = source;
-  if (config.type === "api" && config.api) {
-    return {
-      kind: "api-source",
-      sourceSlug: config.slug,
-      baseUrl: config.api.baseUrl,
-      authType: config.api.authType,
-      ...headersOption("defaultHeaders", config.api.defaultHeaders),
-      ...credentialRef ? { credentialRef } : {}
-    };
-  }
-  if (config.type === "local" && config.local) {
-    return {
-      kind: "local-source",
-      sourceSlug: config.slug,
-      path: config.local.path,
-      ...config.local.format ? { format: config.local.format } : {}
-    };
-  }
-  if (config.type === "mcp" && config.mcp) {
-    const transport = config.mcp.transport ?? "http";
-    return {
-      kind: "mcp-server",
-      sourceSlug: config.slug,
-      transport,
-      ...config.mcp.url ? { url: config.mcp.url } : {},
-      ...config.mcp.command ? { command: config.mcp.command } : {},
-      ...config.mcp.args ? { args: [...config.mcp.args] } : {},
-      ...transport === "stdio" ? { env: scrubEnv(config.mcp.env, allowedStdioEnvKeys) } : {},
-      ...transport !== "stdio" ? headersOption("headers", config.mcp.headers) : {},
-      ...credentialRef ? { credentialRef } : {}
-    };
-  }
-  return void 0;
-}
-function scrubEnv(env, allowedKeys) {
-  if (!env) return void 0;
-  const allowed = new Set(allowedKeys);
-  const scrubbed = Object.fromEntries(
-    Object.entries(env).filter(([key]) => allowed.has(key))
-  );
-  return Object.keys(scrubbed).length > 0 ? scrubbed : void 0;
-}
-function headersOption(key, headers) {
-  const scrubbed = scrubCredentialHeaders(headers);
-  return scrubbed ? { [key]: scrubbed } : {};
-}
-function scrubCredentialHeaders(headers) {
-  if (!headers) return void 0;
-  const scrubbed = Object.fromEntries(
-    Object.entries(headers).filter(([key]) => !isCredentialHeader(key))
-  );
-  return Object.keys(scrubbed).length > 0 ? scrubbed : void 0;
-}
-function isCredentialHeader(key) {
-  const normalized = key.toLowerCase();
-  return normalized === "authorization" || normalized === "proxy-authorization" || normalized === "cookie" || normalized === "set-cookie" || normalized.includes("api-key") || normalized.includes("apikey") || normalized.includes("token") || normalized.includes("secret");
-}
-function unique22(values) {
-  return [...new Set(values)];
-}
-function createSourceRuntimeAssemblyPlan(options) {
-  const activation = createSourceActivationPlan({
-    requestedSourceSlugs: options.requestedSourceSlugs,
-    sourceStates: options.sourceStates
-  });
-  const toolAssembly = createSourceToolAssemblyPlan({
-    activeSourceSlugs: activation.activeSourceSlugs,
-    sources: options.sources,
-    credentialRefs: options.credentialRefs,
-    allowedStdioEnvKeys: options.allowedStdioEnvKeys
-  });
-  return {
-    requestedSourceSlugs: activation.requestedSourceSlugs,
-    activeSourceSlugs: activation.activeSourceSlugs,
-    authRequiredSourceSlugs: activation.authRequiredSourceSlugs,
-    missingSourceSlugs: activation.missingSourceSlugs,
-    blockedSourceSlugs: unique3([
-      ...activation.blockedSourceSlugs,
-      ...toolAssembly.blockedSourceSlugs
-    ]),
-    toolBlockedSourceSlugs: toolAssembly.blockedSourceSlugs,
-    sourceTools: toolAssembly.tools,
-    timelineItems: activation.timelineItems
-  };
-}
-function unique3(values) {
-  return [...new Set(values)];
-}
-function createSourceRuntimeProviderOptions(options) {
-  const plan = createSourceRuntimeAssemblyPlan(options);
-  const sourceTools = sanitizeProviderSourceTools(
-    scrubProviderCredentialHeaders(plan.sourceTools)
-  );
-  return {
-    extensions: {
-      sources: {
-        enabledSourceSlugs: plan.activeSourceSlugs
-      }
-    },
-    sourceTools,
-    timelineItems: plan.timelineItems,
-    capabilityDegradation: {
-      authRequiredSourceSlugs: plan.authRequiredSourceSlugs,
-      missingSourceSlugs: plan.missingSourceSlugs,
-      blockedSourceSlugs: plan.blockedSourceSlugs,
-      toolBlockedSourceSlugs: plan.toolBlockedSourceSlugs
-    }
-  };
-}
-function scrubProviderCredentialHeaders(sourceTools) {
-  return sourceTools.map((sourceTool) => {
-    if (sourceTool.kind === "api-source" && sourceTool.defaultHeaders) {
-      const defaultHeaders = scrubCredentialHeaders2(sourceTool.defaultHeaders);
-      return {
-        ...sourceTool,
-        ...Object.keys(defaultHeaders).length > 0 ? { defaultHeaders } : { defaultHeaders: void 0 }
-      };
-    }
-    if (sourceTool.kind === "mcp-server" && sourceTool.headers) {
-      const headers = scrubCredentialHeaders2(sourceTool.headers);
-      return {
-        ...sourceTool,
-        ...Object.keys(headers).length > 0 ? { headers } : { headers: void 0 }
-      };
-    }
-    return sourceTool;
-  });
-}
-function scrubCredentialHeaders2(headers) {
-  const scrubbed = {};
-  for (const [key, value] of Object.entries(headers)) {
-    if (isCredentialHeader2(key)) continue;
-    scrubbed[key] = value;
-  }
-  return scrubbed;
-}
-function isCredentialHeader2(key) {
-  const normalized = key.toLowerCase();
-  return normalized === "authorization" || normalized === "proxy-authorization" || normalized === "cookie" || normalized === "set-cookie" || normalized.includes("api-key") || normalized.includes("apikey") || normalized.includes("token") || normalized.includes("secret");
-}
-var MAX_DOWNLOAD_SIZE = 50 * 1024 * 1024;
-var MAGIC = Buffer.from("WEFT01\0\0");
-var DEFAULT_PATH = join(homedir2(), ".weft", "credentials.enc");
-
-// ../packages/local-runtime/dist/chunk-BGP42L4K.js
-var PushAgentEventStream = class {
-  connected = false;
-  listeners = null;
-  connect(onEvent, onError, onClose) {
-    this.listeners = { onEvent, onError, onClose };
-    this.connected = true;
-  }
-  disconnect() {
-    this.listeners = null;
-    this.connected = false;
-  }
-  isConnected() {
-    return this.connected;
-  }
-  emit(event) {
-    this.listeners?.onEvent(event);
-  }
-  fail(error) {
-    this.listeners?.onError?.(error);
-  }
-  close() {
-    this.connected = false;
-    this.listeners?.onClose?.();
-  }
-};
-function parseJsonLine(line) {
-  const trimmed = line.trim();
-  if (!trimmed) return null;
-  try {
-    return JSON.parse(trimmed);
-  } catch {
-    return null;
-  }
-}
-function asRecord(value) {
-  return value && typeof value === "object" ? value : {};
-}
-function getText(value) {
-  return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-function normalizeUsage(raw) {
-  const inputTokens = typeof raw.input_tokens === "number" ? raw.input_tokens : typeof raw.inputTokens === "number" ? raw.inputTokens : 0;
-  const outputTokens = typeof raw.output_tokens === "number" ? raw.output_tokens : typeof raw.outputTokens === "number" ? raw.outputTokens : 0;
-  return { inputTokens, outputTokens };
-}
-function mapClaudeStreamJsonLine(line) {
-  const payload = asRecord(parseJsonLine(line));
-  const type = getText(payload.type);
-  if (!type) return [];
-  if (type === "system" && payload.subtype === "init") {
-    return [{ type: "status", message: "Claude session initialized" }];
-  }
-  if (type === "stream_event") {
-    const event = asRecord(payload.event);
-    if (event.type === "content_block_delta") {
-      const delta = asRecord(event.delta);
-      const text = getText(delta.text);
-      if (text) {
-        return [{
-          type: "text_delta",
-          text,
-          turnId: getText(asRecord(payload.message).id) ?? getText(payload.message_id) ?? "msg_1"
-        }];
-      }
-    }
-    return [];
-  }
-  if (type === "assistant") {
-    const message = asRecord(payload.message);
-    const turnId = getText(message.id);
-    const content = Array.isArray(message.content) ? message.content.map(asRecord) : [];
-    const events = [];
-    for (const item of content) {
-      if (item.type === "tool_use") {
-        const toolUseId = getText(item.id);
-        const toolName = getText(item.name);
-        if (toolUseId && toolName) {
-          events.push({
-            type: "tool_start",
-            toolName,
-            toolUseId,
-            input: asRecord(item.input),
-            turnId
-          });
-        }
-      } else if (item.type === "text") {
-        const text = getText(item.text);
-        if (text) {
-          events.push({
-            type: "text_complete",
-            text,
-            isIntermediate: message.stop_reason === "tool_use",
-            turnId
-          });
-        }
-      }
-    }
-    return events;
-  }
-  if (type === "result") {
-    if (payload.subtype && payload.subtype !== "success") {
-      return [{ type: "error", message: `Claude finished with ${String(payload.subtype)}` }, { type: "complete" }];
-    }
-    return [{ type: "complete", usage: normalizeUsage(asRecord(payload.usage)) }];
-  }
-  if (type === "error") {
-    return [{ type: "error", message: getText(payload.message) ?? "Claude stream error" }];
-  }
-  return [];
-}
-function mapCodexExecJsonLine(line) {
-  const payload = asRecord(parseJsonLine(line));
-  const type = getText(payload.type);
-  if (!type) return [];
-  if (type === "session.started" || type === "session_started" || type === "thread.started" || type === "thread_started") {
-    return [{ type: "status", message: "Codex session initialized" }];
-  }
-  if (type === "turn.started" || type === "turn_started") {
-    return [{ type: "status", message: "Codex turn started" }];
-  }
-  if (type === "item.started" || type === "item_started") {
-    const item = asRecord(payload.item);
-    const itemType = getText(item.type);
-    if (itemType === "command_execution" || itemType === "commandExecution") {
-      const toolUseId = getText(item.id) ?? getText(payload.item_id) ?? `tool-${Date.now()}`;
-      const command = getText(item.command);
-      return [{
-        type: "tool_start",
-        toolName: "Bash",
-        toolUseId,
-        input: command ? { command } : asRecord(item.arguments),
-        turnId: getText(payload.turn_id) ?? getText(payload.turnId)
-      }];
-    }
-    return [];
-  }
-  if (type === "item.completed" || type === "item_completed") {
-    const item = asRecord(payload.item);
-    const itemType = getText(item.type);
-    if (itemType === "agent_message" || itemType === "agentMessage") {
-      const text = getText(item.text) ?? getText(item.message);
-      return text ? [{
-        type: "text_complete",
-        text,
-        isIntermediate: false,
-        turnId: getText(payload.turn_id) ?? getText(payload.turnId) ?? getText(item.id)
-      }] : [];
-    }
-    if (itemType === "command_execution" || itemType === "commandExecution") {
-      const toolUseId = getText(item.id) ?? getText(payload.item_id) ?? `tool-${Date.now()}`;
-      const exitCode = typeof item.exit_code === "number" ? item.exit_code : typeof item.exitCode === "number" ? item.exitCode : 0;
-      return [{
-        type: "tool_result",
-        toolName: "Bash",
-        toolUseId,
-        result: getText(item.aggregated_output) ?? getText(item.aggregatedOutput) ?? getText(item.output) ?? "",
-        isError: exitCode !== 0 || item.is_error === true,
-        turnId: getText(payload.turn_id) ?? getText(payload.turnId)
-      }];
-    }
-    return [];
-  }
-  if (type === "agent_message_delta" || type === "message_delta" || type === "response.output_text.delta") {
-    const text = getText(payload.delta) ?? getText(payload.text);
-    return text ? [{ type: "text_delta", text }] : [];
-  }
-  if (type === "agent_message" || type === "message" || type === "response.output_text.done") {
-    const text = getText(payload.message) ?? getText(payload.text);
-    return text ? [{ type: "text_complete", text, isIntermediate: false }] : [];
-  }
-  if (type === "exec_command_begin" || type === "tool_call_begin") {
-    const toolUseId = getText(payload.call_id) ?? getText(payload.id) ?? `tool-${Date.now()}`;
-    const command = getText(payload.command);
-    return [{
-      type: "tool_start",
-      toolName: getText(payload.tool_name) ?? "Bash",
-      toolUseId,
-      input: command ? { command } : asRecord(payload.arguments)
-    }];
-  }
-  if (type === "exec_command_end" || type === "tool_call_end") {
-    const toolUseId = getText(payload.call_id) ?? getText(payload.id) ?? `tool-${Date.now()}`;
-    const exitCode = typeof payload.exit_code === "number" ? payload.exit_code : 0;
-    return [{
-      type: "tool_result",
-      toolName: getText(payload.tool_name) ?? "Bash",
-      toolUseId,
-      result: getText(payload.output) ?? getText(payload.result) ?? "",
-      isError: exitCode !== 0 || payload.is_error === true
-    }];
-  }
-  if (type === "turn_completed" || type === "turn.completed" || type === "task_complete" || type === "response.completed") {
-    return [{ type: "complete", usage: normalizeUsage(asRecord(payload.usage)) }];
-  }
-  if (type === "error") {
-    return [{ type: "error", message: getText(payload.message) ?? "Codex stream error" }];
-  }
-  return [];
-}
-function createLocalTimelineProjector(options) {
-  const sequencer = createTimelineSequencer(options);
-  let lastTurnId;
-  return {
-    project(event) {
-      const items = mapAgentEventToTimelineItems(event, lastTurnId);
-      const eventTurnId = turnIdFromAgentEvent(event);
-      const itemTurnId = items.map((item) => "turnId" in item ? item.turnId : void 0).find((turnId) => typeof turnId === "string");
-      if (eventTurnId ?? itemTurnId) lastTurnId = eventTurnId ?? itemTurnId;
-      return items.map((item) => append(sequencer, item, event.type));
-    }
-  };
-}
-function append(sequencer, item, providerEventType) {
-  return sequencer.append(item, { providerEventType });
-}
-function mapAgentEventToTimelineItems(event, lastTurnId) {
-  switch (event.type) {
-    case "status":
-    case "info":
-      return [{ type: "session_status", status: event.message }];
-    case "text_delta": {
-      const turnId = event.turnId ?? lastTurnId ?? "turn-local";
-      return [{
-        type: "assistant_message_delta",
-        text: event.text,
-        messageId: messageIdForTurn(turnId),
-        turnId
-      }];
-    }
-    case "text_complete": {
-      const turnId = event.turnId ?? lastTurnId ?? "turn-local";
-      return [{
-        type: "assistant_message",
-        text: event.text,
-        messageId: messageIdForTurn(turnId),
-        turnId
-      }];
-    }
-    case "reasoning_delta": {
-      const turnId = event.turnId ?? lastTurnId ?? "turn-local";
-      return [{
-        type: "assistant_message_delta",
-        text: event.text,
-        messageId: messageIdForTurn(turnId),
-        turnId
-      }];
-    }
-    case "reasoning": {
-      const turnId = event.turnId ?? lastTurnId ?? "turn-local";
-      return [{
-        type: "assistant_message",
-        text: event.text,
-        messageId: messageIdForTurn(turnId),
-        turnId
-      }];
-    }
-    case "tool_start":
-      return [{
-        type: "tool_call",
-        callId: event.toolUseId,
-        name: event.toolName,
-        status: "running",
-        detail: { input: event.input },
-        turnId: event.turnId
-      }];
-    case "tool_result":
-      return [{
-        type: "tool_result",
-        callId: event.toolUseId,
-        result: event.result,
-        isError: event.isError,
-        turnId: event.turnId
-      }];
-    case "permission_request":
-      return [{
-        type: "permission_requested",
-        request: {
-          requestId: event.requestId,
-          toolName: event.toolName,
-          input: { command: event.command },
-          reason: event.reason
-        }
-      }];
-    case "permission_response":
-      return [{
-        type: "permission_resolved",
-        requestId: event.requestId,
-        resolution: {
-          allowed: event.allowed,
-          remember: event.remember ?? false
-        }
-      }];
-    case "complete": {
-      const items = [];
-      if (lastTurnId) {
-        items.push({
-          type: "turn_completed",
-          turnId: lastTurnId,
-          usage: event.usage
-        });
-      }
-      items.push({ type: "session_status", status: "ready" });
-      return items;
-    }
-    case "error":
-      if (lastTurnId) {
-        return [{
-          type: "turn_failed",
-          turnId: lastTurnId,
-          error: { message: event.message }
-        }];
-      }
-      return [{ type: "session_status", status: "failed" }];
-    case "typed_error":
-      if (lastTurnId) {
-        return [{
-          type: "turn_failed",
-          turnId: lastTurnId,
-          error: event.error
-        }];
-      }
-      return [{ type: "session_status", status: "failed" }];
-    case "source_activated":
-      return [{
-        type: "source_state_changed",
-        source: {
-          sourceSlug: event.sourceSlug,
-          state: "active",
-          originalMessage: event.originalMessage
-        }
-      }];
-    case "usage_update":
-      return [{ type: "session_status", status: "usage_update" }];
-    case "working_directory_changed":
-      return [{
-        type: "session_status",
-        status: `working_directory:${event.workingDirectory}`
-      }];
-    case "compaction_started":
-      return [{ type: "compaction_started" }];
-    case "compaction_boundary":
-      return [{ type: "compaction_boundary", summary: event.summary }];
-    case "task_backgrounded":
-    case "shell_backgrounded":
-    case "task_progress":
-    case "task_completed":
-    case "shell_killed":
-    case "steer_undelivered":
-      return [{ type: "session_status", status: event.type }];
-    default:
-      return [];
-  }
-}
-function turnIdFromAgentEvent(event) {
-  if ("turnId" in event) return event.turnId;
-  return void 0;
-}
-function messageIdForTurn(turnId) {
-  return `${turnId}:assistant`;
-}
-
-// ../packages/adaptor/dist/chunk-DMO7RTY3.js
-import { execFile } from "child_process";
-import { spawn } from "child_process";
-import { createInterface } from "readline";
-var NESTED_AGENT_ENV_PREFIXES = [
-  "CLAUDECODE",
-  "CODEX_HOME",
-  // All CODEX_* prefix keys
-  "CODEX_",
-  "CLAUDE_CODE_ENTRYPOINT"
-];
-function shouldStripNestedAgentEnv(key) {
-  return NESTED_AGENT_ENV_PREFIXES.some(
-    (prefix) => key === prefix || key.startsWith(prefix + "_") || key.startsWith(prefix)
-  );
-}
-var CLAUDE_AGENT_SDK_CLIENT_APP = "weft/agent-bridge";
-function createSanitizedClaudeEnvironment(source = process.env) {
-  const env = {};
-  for (const [key, value] of Object.entries(source)) {
-    if (value !== void 0 && !shouldStripNestedAgentEnv(key)) {
-      env[key] = value;
-    }
-  }
-  env.CLAUDE_AGENT_SDK_CLIENT_APP = CLAUDE_AGENT_SDK_CLIENT_APP;
-  return env;
-}
-function resolveClaudeExecutable(env) {
-  return env.WEFT_CLAUDE_EXECUTABLE || void 0;
-}
-async function readClaudeAuth(executable, env) {
-  const resolvedEnv = env ?? createSanitizedClaudeEnvironment();
-  const claudeBin = executable ?? resolveClaudeExecutable(resolvedEnv) ?? "claude";
-  try {
-    const { stdout, exitCode } = await new Promise((resolve) => {
-      execFile(claudeBin, ["auth", "status", "--json"], { env: resolvedEnv }, (error, stdout2, stderr) => {
-        resolve({
-          stdout: stdout2?.toString() ?? "",
-          stderr: stderr?.toString() ?? "",
-          exitCode: error ? error.code ?? 1 : 0
-        });
-      });
-    });
-    if (exitCode !== 0) {
-      return {
-        mode: "provider-owned",
-        configured: false,
-        source: `${claudeBin} auth status --json`,
-        error: `Claude Code CLI returned exit code ${exitCode}. Ensure \`claude\` is on PATH or set WEFT_CLAUDE_EXECUTABLE.`
-      };
-    }
-    const status = JSON.parse(stdout);
-    return {
-      mode: "provider-owned",
-      configured: status.loggedIn === true,
-      source: `${claudeBin} auth status --json`,
-      method: status.authMethod,
-      provider: status.apiProvider,
-      accountPresent: Boolean(status.account)
-    };
-  } catch (err) {
-    return {
-      mode: "provider-owned",
-      configured: false,
-      source: `${claudeBin} auth status --json`,
-      error: `Claude Code auth detection failed: ${err.message}. Run \`claude\` and complete login, or set CLAUDE_CONFIG_DIR.`
-    };
-  }
-}
-var DEFAULT_REQUEST_TIMEOUT_MS = 1e4;
-var nextRpcId = 1;
-function makeRequest(method, params) {
-  return { jsonrpc: "2.0", id: nextRpcId++, method, params };
-}
-function resolveCodexExecutable(env) {
-  return env.WEFT_CODEX_EXECUTABLE || void 0;
-}
-function codexAuthFromResult(result, source) {
-  const requiresOpenaiAuth = result.requiresOpenaiAuth === true;
-  const accountPresent = Boolean(result.account);
-  const configured = !requiresOpenaiAuth || accountPresent;
-  return {
-    mode: "provider-owned",
-    configured,
-    source,
-    accountPresent,
-    requiresOpenaiAuth,
-    error: configured ? void 0 : codexAuthMissingMessage()
-  };
-}
-async function readCodexAuth(executable, env, requestTimeoutMs) {
-  const resolvedEnv = env ?? Object.fromEntries(
-    Object.entries(process.env).filter(([, v]) => v !== void 0)
-  );
-  const codexBin = executable ?? resolveCodexExecutable(resolvedEnv) ?? "codex";
-  const timeout = requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS;
-  const source = `${codexBin} app-server account/read`;
-  let proc = null;
-  try {
-    proc = spawn(codexBin, ["app-server"], {
-      env: resolvedEnv,
-      stdio: ["pipe", "pipe", "pipe"]
-    });
-  } catch (err) {
-    return {
-      mode: "provider-owned",
-      configured: false,
-      source,
-      error: `Codex auth detection failed: ${err.message}. Ensure \`codex\` is on PATH or set WEFT_CODEX_EXECUTABLE.`
-    };
-  }
-  const spawnError = new Promise((_, reject) => {
-    proc.on("error", (err) => {
-      reject(new Error(`Codex auth detection failed: ${err.message}. Ensure \`codex\` is on PATH or set WEFT_CODEX_EXECUTABLE.`));
-    });
-  });
-  try {
-    const rl = createInterface({ input: proc.stdout, crlfDelay: Infinity });
-    const writeMsg = (msg) => {
-      proc.stdin.write(JSON.stringify(msg) + "\n");
-    };
-    const readResponse = () => {
-      const linePromise = new Promise((resolve, reject) => {
-        const deadline = Date.now() + timeout;
-        const timer = setTimeout(() => {
-          reject(new Error(`Timeout waiting for Codex app-server response (${timeout}ms)`));
-        }, Math.max(0, deadline - Date.now()));
-        rl.once("line", (line) => {
-          clearTimeout(timer);
-          const trimmed = line.trim();
-          if (trimmed) {
-            try {
-              resolve(JSON.parse(trimmed));
-            } catch {
-              reject(new Error(`Invalid JSON-RPC response: ${trimmed}`));
-            }
-          }
-        });
-      });
-      return Promise.race([linePromise, spawnError]);
-    };
-    writeMsg(makeRequest("initialize", {
-      protocolVersion: "2025-03-26",
-      capabilities: {},
-      clientInfo: { name: "weft", title: "Weft", version: "0.1.0" }
-    }));
-    const initResp = await readResponse();
-    if (initResp.error) {
-      rl.close();
-      proc.kill();
-      return {
-        mode: "provider-owned",
-        configured: false,
-        source,
-        error: `Codex initialize failed: ${initResp.error.message}`
-      };
-    }
-    writeMsg({ jsonrpc: "2.0", method: "initialized", params: {} });
-    await new Promise((resolve) => setTimeout(resolve, 50));
-    writeMsg(makeRequest("account/read", { refreshToken: false }));
-    const accountResp = await readResponse();
-    rl.close();
-    proc.kill();
-    if (accountResp.error) {
-      return {
-        mode: "provider-owned",
-        configured: false,
-        source,
-        error: `Codex account/read failed: ${accountResp.error.message}`
-      };
-    }
-    return codexAuthFromResult(
-      accountResp.result,
-      source
-    );
-  } catch (err) {
-    try {
-      proc.kill();
-    } catch {
-    }
-    return {
-      mode: "provider-owned",
-      configured: false,
-      source,
-      error: `Codex auth detection failed: ${err.message}. Ensure \`codex\` is on PATH or set WEFT_CODEX_EXECUTABLE.`
-    };
-  }
-}
-function codexAuthMissingMessage() {
-  return "Codex authentication is not configured. Run `codex login` or set CODEX_HOME to a directory with valid auth.";
-}
-
-// ../packages/adaptor/dist/auth/index.js
-init_chunk_DGUM43GV2();
-
-// ../packages/local-runtime/dist/index.js
-import { spawn as spawn2 } from "child_process";
-import { createInterface as createInterface2 } from "readline";
-function createSessionId(provider) {
-  return `local-${provider}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
-}
-function cleanEnv(source) {
-  return Object.fromEntries(
-    Object.entries(source).filter((entry) => entry[1] !== void 0)
-  );
-}
-function mapClaudePermissionMode(mode) {
-  if (!mode) return void 0;
-  if (mode === "allow-all") return "bypassPermissions";
-  if (mode === "safe") return "plan";
-  return "default";
-}
-function buildLocalCliArgs(options, message) {
-  if (options.provider === "claude") {
-    const args2 = [
-      "-p",
-      "--output-format",
-      "stream-json",
-      "--include-partial-messages"
-    ];
-    if (options.model) args2.push("--model", options.model);
-    const effort = options.reasoningEffort ?? options.thinkingLevel;
-    if (effort) args2.push("--effort", effort);
-    const permissionMode = mapClaudePermissionMode(options.permissionMode);
-    if (permissionMode) args2.push("--permission-mode", permissionMode);
-    args2.push(message);
-    return args2;
-  }
-  const args = ["exec", "--json", "--cd", options.cwd];
-  if (options.model) args.push("--model", options.model);
-  if (options.reasoningEffort) args.push("--config", `model_reasoning_effort="${options.reasoningEffort}"`);
-  if (options.permissionMode) {
-    const codexParams = mapPermissionModeToCodexParams(options.permissionMode);
-    args.push("--config", `approval_policy="${codexParams.approvalPolicy}"`);
-    args.push("--sandbox", codexParams.sandbox);
-  }
-  args.push(message);
-  return args;
-}
-function optionsForSend(options, sendOptions) {
-  if (!sendOptions?.permissionMode) return options;
-  return {
-    ...options,
-    permissionMode: sendOptions.permissionMode
-  };
-}
-function mapProviderLine(provider, line) {
-  return provider === "claude" ? mapClaudeStreamJsonLine(line) : mapCodexExecJsonLine(line);
-}
-function createLocalAgentSession(options) {
-  const events = new PushAgentEventStream();
-  const sessionId = options.sessionId ?? createSessionId(options.provider);
-  let state = initialRuntimeState;
-  let proc = null;
-  const queuedSendOptions = [];
-  function dispatch(action) {
-    state = reduceRuntimeState(state, action);
-  }
-  async function preflight() {
-    dispatch({ type: "preflight_start" });
-    const auth = options.provider === "claude" ? await readClaudeAuth(options.executable, options.env ?? createSanitizedClaudeEnvironment()) : await readCodexAuth(options.executable, options.env, options.requestTimeoutMs);
-    if (auth.configured) {
-      dispatch({ type: "preflight_ok" });
-    } else {
-      dispatch({ type: "preflight_error", error: auth.error ?? `${options.provider} auth is not configured` });
-    }
-    return auth;
-  }
-  async function consumeStdout(stdout) {
-    const rl = createInterface2({ input: stdout, crlfDelay: Infinity });
-    let sawComplete = false;
-    for await (const line of rl) {
-      for (const event of mapProviderLine(options.provider, line)) {
-        if (event.type === "permission_request") {
-          dispatch({ type: "permission_request", requestId: event.requestId });
-        }
-        if (event.type === "complete") {
-          if (!sawComplete) dispatch({ type: "complete" });
-          sawComplete = true;
-        }
-        events.emit(event);
-      }
-    }
-    return sawComplete;
-  }
-  async function consumeStderr(stderr) {
-    const chunks = [];
-    for await (const chunk of stderr) {
-      chunks.push(chunk);
-    }
-    return Buffer.concat(chunks).toString();
-  }
-  async function runMessage(message, sendOptions, alreadyAccepted = false) {
-    if (!alreadyAccepted) {
-      dispatch({ type: "send_message", message });
-    }
-    const acceptedCountAfterCurrentMessage = state.acceptedMessages.length;
-    events.emit({ type: "status", message: `${options.provider} runtime running` });
-    const executable = options.executable ?? options.provider;
-    const args = buildLocalCliArgs(optionsForSend(options, sendOptions), message);
-    const env = options.provider === "claude" ? options.env ?? createSanitizedClaudeEnvironment() : options.env ?? cleanEnv(process.env);
-    try {
-      proc = spawn2(executable, args, {
-        cwd: options.cwd,
-        env,
-        stdio: ["ignore", "pipe", "pipe"]
-      });
-    } catch (err) {
-      const messageText = `${options.provider} runtime failed to start: ${err.message}`;
-      dispatch({ type: "error", error: messageText });
-      events.emit({ type: "error", message: messageText });
-      throw new Error(messageText);
-    }
-    const stderrPromise = consumeStderr(proc.stderr);
-    const sawComplete = await consumeStdout(proc.stdout);
-    const exitCode = await new Promise((resolve) => {
-      proc.on("close", (code) => resolve(code ?? 0));
-    });
-    const stderr = await stderrPromise;
-    if (exitCode !== 0) {
-      const messageText = stderr.trim() || `${options.provider} exited with code ${exitCode}`;
-      dispatch({ type: "error", error: messageText });
-      events.emit({ type: "error", message: messageText });
-      throw new Error(messageText);
-    }
-    if (!sawComplete && state.status === "running") {
-      dispatch({ type: "complete" });
-      events.emit({ type: "complete" });
-    }
-    const nextMessage = state.status === "running" ? state.acceptedMessages[acceptedCountAfterCurrentMessage] : void 0;
-    if (nextMessage !== void 0) {
-      await runMessage(nextMessage, queuedSendOptions.shift(), true);
-    }
-  }
-  async function sendMessage(message, sendOptions) {
-    if (state.status === "failed" || state.status === "disposed") {
-      throw new Error(state.lastError ?? `Runtime is ${state.status}`);
-    }
-    if (state.status === "running" || state.status === "waiting_for_permission") {
-      queuedSendOptions.push(sendOptions);
-      dispatch({ type: "send_message", message });
-      events.emit({ type: "status", message: `${options.provider} runtime queued message` });
-      return;
-    }
-    if (state.status === "idle") {
-      const auth = await preflight();
-      if (!auth.configured) {
-        throw new Error(auth.error ?? `${options.provider} auth is not configured`);
-      }
-    }
-    await runMessage(message, sendOptions);
-  }
-  return {
-    sessionId,
-    provider: options.provider,
-    events,
-    preflight,
-    getState() {
-      return state;
-    },
-    commands: {
-      sendMessage,
-      async abort(reason) {
-        proc?.kill();
-        proc = null;
-        queuedSendOptions.splice(0, queuedSendOptions.length);
-        dispatch({ type: "abort", reason });
-        events.emit({ type: "error", message: reason ?? "Aborted" });
-        events.emit({ type: "complete" });
-      },
-      async respondToPermission(_requestId, _allowed, _remember) {
-        dispatch({ type: "permission_response" });
-      },
-      async dispose() {
-        proc?.kill();
-        proc = null;
-        queuedSendOptions.splice(0, queuedSendOptions.length);
-        dispatch({ type: "dispose" });
-        events.close();
-      }
-    }
-  };
-}
-
-// ../packages/adaptor/dist/index.js
-init_chunk_XW533RAZ();
-init_chunk_DGUM43GV2();
-import bashParser from "bash-parser";
-import { existsSync as existsSync2, readFileSync, writeFileSync, renameSync, unlinkSync, appendFileSync, mkdirSync, statSync } from "fs";
-import { homedir as homedir22 } from "os";
-import { join as join4 } from "path";
-import { isContextOverflow } from "@mariozechner/pi-ai";
-var IS_DEV_RUNTIME = !!process.env.WEFT_DEV_RUNTIME;
-var debugEnabled = typeof process !== "undefined" && process.env?.WEFT_DEBUG === "1";
-function isCliJsonOnlyMode() {
-  return typeof process !== "undefined" && process.env?.WEFT_CLI_JSON_ONLY === "1";
-}
-function detectEnvironment() {
-  if (typeof process === "undefined") {
-    return "electron-renderer";
-  }
-  if (process.type === "browser") {
-    return "electron-main";
-  }
-  if (process.type === "renderer") {
-    return "electron-renderer";
-  }
-  return "cli";
-}
-var electronLog = null;
-var electronLogChecked = false;
-function getElectronLog() {
-  if (electronLogChecked) {
-    return electronLog ?? null;
-  }
-  electronLogChecked = true;
-  try {
-    const loaded = __require3("electron-log/main");
-    electronLog = loaded?.default ?? loaded ?? null;
-  } catch {
-    electronLog = null;
-  }
-  return electronLog ?? null;
-}
-function isDebugEnabled() {
-  if (isCliJsonOnlyMode()) return false;
-  return debugEnabled;
-}
-function safeStringify(obj) {
-  try {
-    return JSON.stringify(obj);
-  } catch {
-    const seen = /* @__PURE__ */ new WeakSet();
-    return JSON.stringify(obj, (_key, value) => {
-      if (typeof value === "object" && value !== null) {
-        if (seen.has(value)) {
-          return "[Circular]";
-        }
-        seen.add(value);
-      }
-      return value;
-    });
-  }
-}
-function formatMessage(scope, message, args) {
-  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-  const scopeStr = scope ? `[${scope}] ` : "";
-  const argsStr = args.length > 0 ? " " + args.map((a) => typeof a === "object" ? safeStringify(a) : String(a)).join(" ") : "";
-  return `${timestamp} ${scopeStr}${message}${argsStr}
-`;
-}
-function output(formatted) {
-  const env = detectEnvironment();
-  if (env === "electron-main") {
-    const log2 = getElectronLog();
-    log2?.info?.(formatted.trim());
-  }
-  if (env === "electron-renderer") {
-    console.log(formatted.trim());
-  } else if (typeof process !== "undefined" && process.stderr) {
-    process.stderr.write(formatted);
-  } else {
-    console.log(formatted.trim());
-  }
-}
-function createLogger(scope) {
-  const logWithLevel = (level, message, args) => {
-    if (!isDebugEnabled()) return;
-    const levelStr = level.toUpperCase().padEnd(5);
-    output(formatMessage(scope, `${levelStr} ${message}`, args));
-  };
-  return {
-    debug: (message, ...args) => logWithLevel("debug", message, args),
-    info: (message, ...args) => logWithLevel("info", message, args),
-    warn: (message, ...args) => logWithLevel("warn", message, args),
-    error: (message, ...args) => logWithLevel("error", message, args)
-  };
-}
-var IS_PACKAGED = process.argv.some((arg) => arg.includes("app.asar"));
-var INTERCEPTOR_LOGGING_ENABLED = !IS_PACKAGED;
-var DEBUG = INTERCEPTOR_LOGGING_ENABLED && (process.argv.includes("--debug") || process.env.WEFT_DEBUG === "1");
-var CONFIG_FILE = join4(homedir22(), ".weft", "config.json");
-var _sessionDir = process.env.WEFT_SESSION_DIR || null;
-var LOG_DIR = join4(homedir22(), ".weft", "logs");
-var LOG_FILE = join4(LOG_DIR, "interceptor.log");
-try {
-  if (!existsSync2(LOG_DIR)) {
-    mkdirSync(LOG_DIR, { recursive: true });
-  }
-} catch {
-}
-var MAX_LOG_AGE_MS = 24 * 60 * 60 * 1e3;
-try {
-  if (existsSync2(LOG_FILE)) {
-    const stat = statSync(LOG_FILE);
-    if (Date.now() - stat.mtimeMs > MAX_LOG_AGE_MS) {
-      const prevLog = LOG_FILE + ".prev";
-      renameSync(LOG_FILE, prevLog);
-    }
-  }
-} catch {
-}
-var MAX_ERROR_AGE_MS = 5 * 60 * 1e3;
-var log = createLogger("tool-matching");
-
-// ../packages/provider-claude/dist/index.js
-function createClaudeNativeSdkDriver(options) {
-  return new ClaudeNativeSdkDriver(options);
-}
-var ClaudeNativeSdkDriver = class {
-  constructor(options) {
-    this.options = options;
-  }
-  options;
-  activeQuery = null;
-  activeSequencer = null;
-  pendingPermissions = /* @__PURE__ */ new Map();
-  turnCounter = 0;
-  async sendMessage(input, sequencer) {
-    const turnId = input.options?.turnId ?? `claude-turn-${++this.turnCounter}`;
-    const queryRunner = await this.getQueryRunner();
-    this.activeSequencer = sequencer;
-    sequencer.append({ type: "turn_started", turnId }, { providerEventType: "claude-sdk:send_message" });
-    try {
-      const query = queryRunner({
-        prompt: input.message,
-        options: {
-          cwd: this.options.cwd,
-          model: input.options?.model ?? this.options.model,
-          effort: input.options?.reasoningEffort ?? this.options.reasoningEffort,
-          env: this.options.env,
-          includePartialMessages: true,
-          includeHookEvents: true,
-          ...sourceToolOptions(this.options.sourceTools),
-          ...mapPermissionMode(this.options.permissionMode),
-          canUseTool: (toolName, toolInput, context) => this.handleCanUseTool(toolName, toolInput, context, sequencer)
-        }
-      });
-      this.activeQuery = query;
-      for await (const message of query) {
-        this.projectSdkMessage(message, turnId, sequencer);
-      }
-    } catch (error) {
-      sequencer.append({
-        type: "turn_failed",
-        turnId,
-        error: { message: error instanceof Error ? error.message : String(error) }
-      }, { providerEventType: "claude-sdk:error" });
-      throw error;
-    } finally {
-      this.activeQuery = null;
-      this.activeSequencer = null;
-    }
-  }
-  async abort(reason) {
-    if (this.activeQuery?.interrupt) {
-      await this.activeQuery.interrupt();
-      return;
-    }
-    this.activeQuery?.close?.();
-    if (this.activeSequencer) {
-      this.activeSequencer.append({
-        type: "session_status",
-        status: reason ? `aborted: ${reason}` : "aborted"
-      }, { providerEventType: "claude-sdk:abort" });
-    }
-  }
-  async respondToPermission(requestId, allowed, remember) {
-    const pending = this.pendingPermissions.get(requestId);
-    if (!pending) return;
-    this.pendingPermissions.delete(requestId);
-    const resolution = { allowed, remember };
-    this.activeSequencer?.append({
-      type: "permission_resolved",
-      requestId,
-      resolution
-    }, { providerEventType: "claude-sdk:permission_response" });
-    pending.resolve(allowed ? { behavior: "allow", toolUseID: requestId, decisionClassification: remember ? "user_permanent" : "user_temporary" } : { behavior: "deny", message: "Permission denied by user", toolUseID: requestId, decisionClassification: "user_reject" });
-  }
-  async dispose() {
-    this.activeQuery?.close?.();
-    for (const [requestId, pending] of this.pendingPermissions) {
-      pending.resolve({ behavior: "deny", message: "Runtime disposed", toolUseID: requestId });
-    }
-    this.pendingPermissions.clear();
-  }
-  async getQueryRunner() {
-    if (this.options.query) return this.options.query;
-    const sdk = this.options.loadSdk ? await this.options.loadSdk() : await import("@anthropic-ai/claude-agent-sdk");
-    return sdk.query;
-  }
-  async handleCanUseTool(toolName, input, context, sequencer) {
-    const requestId = context.toolUseID || `${toolName}-${this.pendingPermissions.size + 1}`;
-    const policyDecision = await this.evaluatePolicy(toolName, input, requestId);
-    if (policyDecision.decision === "allow") {
-      return { behavior: "allow", toolUseID: requestId };
-    }
-    if (policyDecision.decision === "deny") {
-      sequencer.append({
-        type: "permission_resolved",
-        requestId,
-        resolution: { allowed: false, reason: policyDecision.reason }
-      }, { providerEventType: "claude-sdk:permission_denied" });
-      return { behavior: "deny", message: policyDecision.reason, toolUseID: requestId };
-    }
-    sequencer.append({
-      type: "permission_requested",
-      request: {
-        requestId,
-        toolName,
-        input,
-        reason: policyDecision.reason
-      }
-    }, { providerEventType: "claude-sdk:can_use_tool" });
-    return new Promise((resolve) => {
-      this.pendingPermissions.set(requestId, { resolve });
-      context.signal.addEventListener("abort", () => {
-        if (!this.pendingPermissions.delete(requestId)) return;
-        resolve({ behavior: "deny", message: "Permission request aborted", toolUseID: requestId });
-      }, { once: true });
-    });
-  }
-  async evaluatePolicy(toolName, input, requestId) {
-    if (!this.options.policy) return { decision: "allow" };
-    return this.options.policy({
-      toolName,
-      input,
-      toolIntent: normalizeRuntimeToolIntent(toolName, input),
-      scope: { type: "tool-call", callId: requestId }
-    });
-  }
-  projectSdkMessage(message, turnId, sequencer) {
-    const record = asRecord2(message);
-    const type = stringValue(record.type);
-    if (!type) return;
-    if (type === "stream_event") {
-      for (const item of projectStreamEvent(record, turnId)) {
-        sequencer.append(item, { providerEventType: "claude-sdk:stream_event" });
-      }
-      return;
-    }
-    if (type === "assistant") {
-      for (const item of projectAssistantMessage(record, turnId)) {
-        sequencer.append(item, { providerEventType: "claude-sdk:assistant" });
-      }
-      return;
-    }
-    if (type === "user") {
-      for (const item of projectUserMessage(record, turnId)) {
-        sequencer.append(item, { providerEventType: "claude-sdk:user" });
-      }
-      return;
-    }
-    if (type === "result") {
-      sequencer.append(projectResultMessage(record, turnId), { providerEventType: "claude-sdk:result" });
-      return;
-    }
-    if (type === "system") {
-      const status = projectSystemStatus(record);
-      if (status) sequencer.append(status, { providerEventType: `claude-sdk:system:${stringValue(record.subtype) ?? "unknown"}` });
-    }
-  }
-};
-function mapPermissionMode(mode) {
-  if (mode === "safe") return { permissionMode: "plan" };
-  if (mode === "allow-all") return { permissionMode: "bypassPermissions", allowDangerouslySkipPermissions: true };
-  return { permissionMode: "default" };
-}
-function sourceToolOptions(sourceTools) {
-  const mcpServers = mapClaudeMcpServers(sourceTools);
-  return mcpServers ? { mcpServers } : {};
-}
-function mapClaudeMcpServers(sourceTools) {
-  const servers = {};
-  for (const sourceTool of sanitizeProviderSourceTools(sourceTools)) {
-    if (sourceTool.kind !== "mcp-server") continue;
-    if (sourceTool.transport === "stdio" && sourceTool.command) {
-      servers[sourceTool.sourceSlug] = {
-        type: "stdio",
-        command: sourceTool.command,
-        ...sourceTool.args ? { args: sourceTool.args } : {},
-        ...sourceTool.env ? { env: sourceTool.env } : {}
-      };
-      continue;
-    }
-    if ((sourceTool.transport === "http" || sourceTool.transport === "sse") && sourceTool.url) {
-      servers[sourceTool.sourceSlug] = {
-        type: sourceTool.transport,
-        url: sourceTool.url,
-        ...sourceTool.headers ? { headers: sourceTool.headers } : {}
-      };
-    }
-  }
-  return Object.keys(servers).length > 0 ? servers : void 0;
-}
-function normalizeRuntimeToolIntent(toolName, input) {
-  if (toolName === "Bash") {
-    const command = String(input.command ?? "");
-    return {
-      kind: "bash",
-      command,
-      baseCommand: baseCommand(command)
-    };
-  }
-  if (["Write", "Edit", "MultiEdit", "NotebookEdit"].includes(toolName)) {
-    return {
-      kind: "file_write",
-      toolName,
-      path: String(input.file_path ?? input.path ?? "")
-    };
-  }
-  if (toolName === "MCP" || toolName.startsWith("mcp__")) {
-    return {
-      kind: "mcp",
-      name: String(input.name ?? input.toolName ?? input.tool ?? toolName)
-    };
-  }
-  if (toolName === "API") {
-    const url = input.url ? String(input.url) : void 0;
-    return {
-      kind: "api",
-      method: String(input.method ?? "GET").toUpperCase(),
-      path: pathFromUrl(url ?? String(input.path ?? "/")),
-      ...url ? { url } : {}
-    };
-  }
-  return { kind: "unknown", toolName };
-}
-function baseCommand(command) {
-  return command.trim().split(/\s+/)[0] ?? "";
-}
-function pathFromUrl(value) {
-  try {
-    return new URL(value).pathname;
-  } catch {
-    return value.startsWith("/") ? value : `/${value}`;
-  }
-}
-function projectStreamEvent(record, turnId) {
-  const event = asRecord2(record.event);
-  if (event.type !== "content_block_delta") return [];
-  const delta = asRecord2(event.delta);
-  const messageId = stringValue(record.uuid) ?? `${turnId}-partial`;
-  if (delta.type === "text_delta") {
-    return [{
-      type: "assistant_message_delta",
-      text: stringValue(delta.text) ?? "",
-      messageId,
-      turnId
-    }];
-  }
-  if (delta.type === "thinking_delta") {
-    return [{
-      type: "reasoning_delta",
-      text: stringValue(delta.thinking) ?? stringValue(delta.text) ?? "",
-      messageId,
-      turnId
-    }];
-  }
-  return [];
-}
-function projectAssistantMessage(record, turnId) {
-  const message = asRecord2(record.message);
-  const messageId = stringValue(record.uuid) ?? stringValue(message.id) ?? `${turnId}-assistant`;
-  const content = Array.isArray(message.content) ? message.content : [];
-  const items = [];
-  for (const block of content) {
-    const contentBlock = asRecord2(block);
-    if (contentBlock.type === "text") {
-      items.push({
-        type: "assistant_message",
-        text: stringValue(contentBlock.text) ?? "",
-        messageId,
-        turnId
-      });
-    } else if (contentBlock.type === "thinking") {
-      items.push({
-        type: "reasoning",
-        text: stringValue(contentBlock.thinking) ?? stringValue(contentBlock.text) ?? "",
-        messageId,
-        turnId
-      });
-    } else if (contentBlock.type === "tool_use") {
-      items.push({
-        type: "tool_call",
-        callId: stringValue(contentBlock.id) ?? `${messageId}-tool-${items.length}`,
-        name: stringValue(contentBlock.name) ?? "unknown",
-        status: "running",
-        detail: contentBlock.input,
-        turnId
-      });
-    }
-  }
-  return items;
-}
-function projectUserMessage(record, turnId) {
-  const message = asRecord2(record.message);
-  const content = Array.isArray(message.content) ? message.content : [];
-  const items = [];
-  for (const block of content) {
-    const contentBlock = asRecord2(block);
-    if (contentBlock.type !== "tool_result") continue;
-    items.push({
-      type: "tool_result",
-      callId: stringValue(contentBlock.tool_use_id) ?? "unknown",
-      result: normalizeToolResult(contentBlock.content),
-      isError: booleanValue(contentBlock.is_error),
-      turnId
-    });
-  }
-  return items;
-}
-function projectResultMessage(record, turnId) {
-  const subtype = stringValue(record.subtype);
-  if (subtype === "success") {
-    return {
-      type: "turn_completed",
-      turnId,
-      usage: record.usage
-    };
-  }
-  return {
-    type: "turn_failed",
-    turnId,
-    error: {
-      subtype,
-      errors: record.errors,
-      stopReason: record.stop_reason
-    }
-  };
-}
-function projectSystemStatus(record) {
-  const subtype = stringValue(record.subtype);
-  if (subtype === "status") {
-    return { type: "session_status", status: stringValue(record.status) ?? "unknown" };
-  }
-  if (subtype === "session_state_changed") {
-    return { type: "session_status", status: stringValue(record.state) ?? "unknown" };
-  }
-  if (subtype === "permission_denied") {
-    return {
-      type: "permission_resolved",
-      requestId: stringValue(record.tool_use_id) ?? "unknown",
-      resolution: {
-        allowed: false,
-        reason: stringValue(record.decision_reason) ?? stringValue(record.message)
-      }
-    };
-  }
-  return void 0;
-}
-function normalizeToolResult(content) {
-  if (!Array.isArray(content)) return content;
-  return content.map((item) => {
-    const record = asRecord2(item);
-    return record.type === "text" ? stringValue(record.text) ?? "" : record;
-  }).join("\n");
-}
-function asRecord2(value) {
-  return value && typeof value === "object" ? value : {};
-}
-function stringValue(value) {
-  return typeof value === "string" ? value : void 0;
-}
-function booleanValue(value) {
-  return typeof value === "boolean" ? value : void 0;
-}
-function createClaudeRuntimeCapabilityReport(options) {
-  const nativeAvailable = options.candidates.some((candidate) => candidate.kind === "native-sdk" && candidate.available);
-  return createRuntimeCapabilityReport({
-    provider: "claude",
-    candidates: options.candidates,
-    preferredRuntime: "native-sdk",
-    allowFallback: options.allowFallback,
-    auth: options.auth,
-    extensionCapabilities: {
-      policy: {
-        supported: true,
-        degraded: !nativeAvailable,
-        modes: ["safe", "ask", "allow-all"],
-        approvals: nativeAvailable,
-        toolPolicy: true,
-        reason: nativeAvailable ? void 0 : "CLI fallback cannot complete provider-native permission callbacks"
-      },
-      sources: {
-        supported: nativeAvailable,
-        registry: nativeAvailable,
-        mcpTools: nativeAvailable,
-        reason: nativeAvailable ? void 0 : "Source tools require native SDK or host MCP wiring"
-      },
-      skills: {
-        supported: nativeAvailable,
-        registry: nativeAvailable,
-        activationPlan: nativeAvailable,
-        scopedPolicy: nativeAvailable,
-        reason: nativeAvailable ? void 0 : "Skill activation is degraded in CLI fallback"
-      },
-      automations: {
-        supported: true,
-        degraded: !nativeAvailable,
-        eventBus: true,
-        schedulerHost: false,
-        promptAction: true,
-        webhookAction: false,
-        reason: nativeAvailable ? void 0 : "Automation hooks are degraded in CLI fallback"
-      },
-      hostTools: hostToolCapabilitiesFromExtensions(options.extensions)
-    }
-  });
-}
-function hostToolCapabilitiesFromExtensions(extensions) {
-  const sessionTools = extensions?.hostServices?.sessionTools;
-  if (!sessionTools) {
-    return {
-      supported: false,
-      sessionTools: false,
-      workflowTransitions: false,
-      browserActions: false,
-      metadataWrites: false
-    };
-  }
-  const workflowTransitions = Boolean(sessionTools.submitPlan);
-  const browserActions = Boolean(sessionTools.runBrowserAction);
-  const metadataWrites = Boolean(sessionTools.updateSessionMetadata);
-  const degraded = !workflowTransitions || !browserActions || !metadataWrites;
-  return {
-    supported: true,
-    degraded: degraded || void 0,
-    sessionTools: true,
-    workflowTransitions,
-    browserActions,
-    metadataWrites,
-    reason: degraded ? "Host session tool bridge is only partially attached" : void 0
-  };
-}
-function createClaudeProviderRuntime(options) {
-  const report = createClaudeRuntimeCapabilityReport(options);
-  const extensions = createRuntimeExtensionContext(options.extensions);
-  let runtimeDriver = options.driver;
-  const timeline = [];
-  const stream = new PushTimelineStream();
-  const baseSequencer = createTimelineSequencer({
-    sessionId: options.sessionId ?? "claude-session",
-    provider: "claude",
-    epoch: options.epoch ?? "default",
-    now: options.now
-  });
-  const sequencer = {
-    append(item, rawRef2) {
-      syncStateFromTimelineItem(item);
-      const envelope = baseSequencer.append(item, rawRef2);
-      timeline.push(envelope);
-      stream.emit(envelope);
-      return envelope;
-    }
-  };
-  let state = initialRuntimeState;
-  function dispatch(action) {
-    state = reduceRuntimeState(state, action);
-  }
-  function syncStateFromTimelineItem(item) {
-    if (item.type === "permission_requested") {
-      dispatch({ type: "permission_request", requestId: item.request.requestId });
-    }
-    if (item.type === "permission_resolved") {
-      dispatch({ type: "permission_response" });
-    }
-    if (item.type === "turn_completed") {
-      dispatch({ type: "turn_completed" });
-    }
-  }
-  function appendFailure(message) {
-    sequencer.append({
-      type: "turn_failed",
-      turnId: "provider-runtime",
-      error: { message }
-    });
-  }
-  function getDriver() {
-    if (runtimeDriver) return runtimeDriver;
-    if (report.selected === "cli-fallback") {
-      runtimeDriver = createClaudeCliFallbackDriver({
-        session: options.createCliFallbackSession?.() ?? createLocalAgentSession({
-          provider: "claude",
-          cwd: options.cwd,
-          sessionId: options.sessionId,
-          model: options.model,
-          thinkingLevel: options.reasoningEffort,
-          permissionMode: options.permissionMode,
-          executable: options.executable,
-          env: cleanEnv2(options.env)
-        }),
-        sessionId: options.sessionId ?? "claude-session",
-        epoch: options.epoch ?? "default",
-        now: options.now
-      });
-      return runtimeDriver;
-    }
-    if (report.selected !== "native-sdk") return void 0;
-    runtimeDriver = createClaudeNativeSdkDriver({
-      cwd: options.cwd,
-      model: options.model,
-      reasoningEffort: options.reasoningEffort,
-      env: options.env,
-      permissionMode: options.permissionMode,
-      policy: options.policy ?? extensions.policy?.hook,
-      sourceTools: options.sourceTools,
-      query: options.query,
-      loadSdk: options.loadSdk
-    });
-    return runtimeDriver;
-  }
-  return {
-    sessionId: options.sessionId ?? "claude-session",
-    provider: "claude",
-    runtimeKind: report.selected ?? "native-sdk",
-    events: stream,
-    commands: {
-      async sendMessage(message, sendOptions) {
-        const driver = getDriver();
-        if (!driver) {
-          const error = "Claude provider driver is not attached";
-          dispatch({ type: "error", error });
-          appendFailure(error);
-          throw new Error(error);
-        }
-        dispatch({ type: "send_message", message });
-        try {
-          await driver.sendMessage({
-            message,
-            options: sendOptions,
-            origin: sendOptions?.commandOrigin ?? extensions.commandOrigin
-          }, sequencer);
-          dispatch({ type: "complete" });
-        } catch (err) {
-          const error = err instanceof Error ? err.message : String(err);
-          dispatch({ type: "error", error });
-          appendFailure(error);
-          throw err;
-        }
-      },
-      async abort(reason) {
-        dispatch({ type: "abort", reason });
-        await runtimeDriver?.abort?.(reason);
-      },
-      async respondToPermission(requestId, allowed, remember) {
-        dispatch({ type: "permission_response" });
-        await runtimeDriver?.respondToPermission?.(requestId, allowed, remember);
-      },
-      async dispose() {
-        dispatch({ type: "dispose" });
-        stream.disconnect();
-        await runtimeDriver?.dispose?.();
-      }
-    },
-    async preflight() {
-      dispatch({ type: "preflight_ok" });
-      if (!report.selected) {
-        dispatch({ type: "preflight_error", error: report.error ?? "No runtime selected" });
-      }
-      sequencer.append({ type: "runtime_capability_report", report });
-      return report;
-    },
-    async fetchTimeline(request) {
-      if (!request.cursor && timeline.length === 0) {
-        return {
-          items: [],
-          nextCursor: createTimelineCursor({ epoch: options.epoch ?? "default", afterSeq: 0 }),
-          hasGap: false
-        };
-      }
-      return fetchTimeline(timeline, request);
-    },
-    getState() {
-      return state;
-    }
-  };
-}
-var PushTimelineStream = class {
-  listeners = /* @__PURE__ */ new Set();
-  connect(onEvent, onError, onClose) {
-    this.listeners.add({ onEvent, onError, onClose });
-  }
-  disconnect() {
-    this.listeners.clear();
-  }
-  isConnected() {
-    return this.listeners.size > 0;
-  }
-  emit(event) {
-    for (const listener of this.listeners) listener.onEvent(event);
-  }
-};
-function createClaudeCliFallbackDriver(options) {
-  const projector = createLocalTimelineProjector({
-    sessionId: options.sessionId,
-    provider: "claude",
-    epoch: options.epoch,
-    now: options.now
-  });
-  let connected = false;
-  let activeSequencer;
-  function connect(sequencer) {
-    activeSequencer = sequencer;
-    if (connected) return;
-    connected = true;
-    options.session.events.connect((event) => {
-      if (!activeSequencer) return;
-      for (const envelope of projector.project(event)) {
-        activeSequencer.append(envelope.item, envelope.rawRef);
-      }
-    });
-  }
-  return {
-    async sendMessage(input, sequencer) {
-      connect(sequencer);
-      await options.session.commands.sendMessage(input.message, input.options);
-    },
-    abort(reason) {
-      return options.session.commands.abort(reason);
-    },
-    respondToPermission(requestId, allowed, remember) {
-      return options.session.commands.respondToPermission(requestId, allowed, remember);
-    },
-    dispose() {
-      return options.session.commands.dispose();
-    }
-  };
-}
-function cleanEnv2(env) {
-  if (!env) return void 0;
-  return Object.fromEntries(
-    Object.entries(env).filter((entry) => entry[1] !== void 0)
-  );
-}
-
-// ../packages/provider-codex/dist/index.js
-import { Buffer as Buffer2 } from "buffer";
-import { spawn as spawn3 } from "child_process";
-import { createInterface as createInterface3 } from "readline";
-function createCodexAppServerDriver(options) {
-  let threadId = options.threadId;
-  let activeSequencer;
-  const pendingTurns = /* @__PURE__ */ new Map();
-  const pendingPermissions = /* @__PURE__ */ new Map();
-  const turnAliases = /* @__PURE__ */ new Map();
-  const commandTurnIds = /* @__PURE__ */ new Map();
-  const unsubscribeNotification = options.client.onNotification((notification) => {
-    if (!activeSequencer) return;
-    handleNotification(notification, activeSequencer, pendingTurns, turnAliases, commandTurnIds);
-  });
-  const unsubscribeRequest = options.client.onRequest(async (request) => {
-    if (!activeSequencer) return defaultRequestResponse(request);
-    return handleServerRequest(request, activeSequencer);
-  });
-  async function handleServerRequest(request, sequencer) {
-    if (request.method === "item/commandExecution/requestApproval") {
-      const params = asRecord3(request.params);
-      const requestId = stringValue2(params.approvalId) ?? stringValue2(params.itemId) ?? String(request.id);
-      const input = {
-        command: stringValue2(params.command),
-        cwd: stringValue2(params.cwd)
-      };
-      const decision = await evaluatePolicy(options.policy, {
-        toolName: "Bash",
-        input,
-        toolIntent: normalizeRuntimeToolIntent2("Bash", input),
-        scope: params.itemId ? { type: "tool-call", callId: String(params.itemId) } : void 0
-      });
-      return resolveApprovalDecision({
-        requestId,
-        toolName: "Bash",
-        input,
-        reason: stringValue2(params.reason) ?? decisionReason(decision),
-        decision,
-        sequencer
-      });
-    }
-    if (request.method === "item/fileChange/requestApproval") {
-      const params = asRecord3(request.params);
-      const requestId = stringValue2(params.approvalId) ?? stringValue2(params.itemId) ?? String(request.id);
-      const input = { changes: params.changes };
-      const decision = await evaluatePolicy(options.policy, {
-        toolName: "fileChange",
-        input,
-        toolIntent: normalizeRuntimeToolIntent2("fileChange", input),
-        scope: params.itemId ? { type: "tool-call", callId: String(params.itemId) } : void 0
-      });
-      return resolveApprovalDecision({
-        requestId,
-        toolName: "fileChange",
-        input,
-        reason: stringValue2(params.reason) ?? decisionReason(decision),
-        decision,
-        sequencer
-      });
-    }
-    return defaultRequestResponse(request);
-  }
-  function resolveApprovalDecision(args) {
-    if (args.decision.decision === "allow") {
-      return { decision: "accept" };
-    }
-    if (args.decision.decision === "deny") {
-      args.sequencer.append({
-        type: "permission_resolved",
-        requestId: args.requestId,
-        resolution: { allowed: false, reason: args.decision.reason }
-      });
-      return { decision: "decline" };
-    }
-    args.sequencer.append({
-      type: "permission_requested",
-      request: {
-        requestId: args.requestId,
-        toolName: args.toolName,
-        input: args.input,
-        reason: args.reason
-      }
-    }, rawRef("server_request"));
-    return new Promise((resolve) => {
-      pendingPermissions.set(args.requestId, { resolve });
-    });
-  }
-  return {
-    async sendMessage(input, sequencer) {
-      activeSequencer = sequencer;
-      if (!threadId) {
-        const response2 = await options.client.request("thread/start", {
-          cwd: options.cwd,
-          experimentalRawEvents: false,
-          persistExtendedHistory: false,
-          ...threadStartConfigParams({
-            model: input.options?.model ?? options.model,
-            reasoningEffort: input.options?.reasoningEffort ?? options.reasoningEffort,
-            sourceTools: options.sourceTools
-          }),
-          ...threadStartPermissionParams(options)
-        });
-        threadId = readThreadId(response2);
-      }
-      const response = await options.client.request("turn/start", {
-        threadId,
-        input: [{ type: "text", text: input.message, text_elements: [] }],
-        cwd: options.cwd,
-        ...turnStartPermissionParams(input.options?.permissionMode)
-      });
-      const providerTurnId = readTurnId(response);
-      if (!providerTurnId) return;
-      const timelineTurnId2 = input.options?.turnId ?? providerTurnId;
-      turnAliases.set(providerTurnId, timelineTurnId2);
-      await new Promise((resolve) => {
-        pendingTurns.set(providerTurnId, { resolve });
-      });
-    },
-    async respondToPermission(requestId, allowed, remember) {
-      const pending = pendingPermissions.get(requestId);
-      if (!pending) return;
-      pendingPermissions.delete(requestId);
-      activeSequencer?.append({
-        type: "permission_resolved",
-        requestId,
-        resolution: { allowed, remember }
-      });
-      pending.resolve({ decision: allowed ? remember ? "acceptForSession" : "accept" : "decline" });
-    },
-    async abort() {
-      for (const turn of pendingTurns.values()) {
-        turn.resolve();
-      }
-      pendingTurns.clear();
-    },
-    async dispose() {
-      unsubscribeNotification();
-      unsubscribeRequest();
-      pendingPermissions.clear();
-      pendingTurns.clear();
-    }
-  };
-}
-function threadStartPermissionParams(options) {
-  return {
-    ...options.approvalPolicy ? { approvalPolicy: options.approvalPolicy } : {},
-    ...options.approvalsReviewer ? { approvalsReviewer: options.approvalsReviewer } : {},
-    ...options.sandbox ? { sandbox: options.sandbox } : {}
-  };
-}
-function turnStartPermissionParams(permissionMode) {
-  const params = permissionMode ? mapPermissionModeToCodexParams(permissionMode) : void 0;
-  return params ? {
-    approvalPolicy: params.approvalPolicy,
-    approvalsReviewer: params.approvalsReviewer,
-    sandboxPolicy: mapCodexSandboxModeToSandboxPolicy(params.sandbox)
-  } : {};
-}
-function threadStartConfigParams(options) {
-  const config = {};
-  if (options.model) config.model = options.model;
-  if (options.reasoningEffort) config.model_reasoning_effort = options.reasoningEffort;
-  const sanitized = sanitizeProviderSourceTools(options.sourceTools);
-  if (sanitized.length > 0) config.weftSources = sanitized;
-  if (Object.keys(config).length === 0) return {};
-  return {
-    config
-  };
-}
-function normalizeRuntimeToolIntent2(toolName, input) {
-  if (toolName === "Bash") {
-    const command = String(input.command ?? "");
-    return {
-      kind: "bash",
-      command,
-      baseCommand: command.trim().split(/\s+/)[0] ?? ""
-    };
-  }
-  if (toolName === "fileChange") {
-    return {
-      kind: "file_write",
-      toolName,
-      path: pathFromFileChanges(input.changes)
-    };
-  }
-  if (toolName === "MCP") {
-    return {
-      kind: "mcp",
-      name: String(input.name ?? input.toolName ?? input.tool ?? "")
-    };
-  }
-  return { kind: "unknown", toolName };
-}
-function pathFromFileChanges(changes) {
-  if (!Array.isArray(changes)) return "";
-  const firstChange = asRecord3(changes[0]);
-  return stringValue2(firstChange.path) ?? stringValue2(firstChange.filePath) ?? "";
-}
-async function evaluatePolicy(policy, request) {
-  return policy?.(request) ?? { decision: "ask", reason: "Codex app-server requested approval" };
-}
-function handleNotification(notification, sequencer, pendingTurns, turnAliases, commandTurnIds) {
-  const params = asRecord3(notification.params);
-  if (notification.method === "turn/started") {
-    const providerTurnId = readTurnId(params);
-    if (providerTurnId) {
-      append2(sequencer, { type: "turn_started", turnId: timelineTurnId(providerTurnId, turnAliases) }, notification.method);
-    }
-    return;
-  }
-  if (notification.method === "item/agentMessage/delta") {
-    const providerTurnId = String(params.turnId ?? "codex-turn");
-    append2(sequencer, {
-      type: "assistant_message_delta",
-      text: String(params.delta ?? ""),
-      messageId: String(params.itemId ?? "codex-message"),
-      turnId: timelineTurnId(providerTurnId, turnAliases)
-    }, notification.method);
-    return;
-  }
-  if (notification.method === "item/started") {
-    const item = asRecord3(params.item);
-    const providerTurnId = String(params.turnId ?? "codex-turn");
-    const turnId = timelineTurnId(providerTurnId, turnAliases);
-    const timelineItem = toolCallFromThreadItem(item, turnId);
-    if (timelineItem?.type === "tool_call") commandTurnIds.set(timelineItem.callId, turnId);
-    if (timelineItem) append2(sequencer, timelineItem, notification.method);
-    return;
-  }
-  if (notification.method === "item/commandExecution/outputDelta") {
-    const callId = stringValue2(params.itemId) ?? stringValue2(params.callId) ?? stringValue2(params.id);
-    if (!callId) return;
-    const providerTurnId = String(params.turnId ?? "codex-turn");
-    const turnId = params.turnId ? timelineTurnId(providerTurnId, turnAliases) : commandTurnIds.get(callId) ?? timelineTurnId(providerTurnId, turnAliases);
-    commandTurnIds.set(callId, turnId);
-    const text = outputDeltaText(params);
-    if (!text) return;
-    append2(sequencer, {
-      type: "tool_output_delta",
-      callId,
-      text,
-      stream: stringValue2(params.stream),
-      turnId
-    }, notification.method);
-    return;
-  }
-  if (notification.method === "item/completed") {
-    const item = asRecord3(params.item);
-    const providerTurnId = String(params.turnId ?? "codex-turn");
-    const completedItems = completedTimelineItemsFromThreadItem(item, timelineTurnId(providerTurnId, turnAliases));
-    for (const item2 of completedItems) {
-      append2(sequencer, item2, notification.method);
-      if (item2.type === "tool_result") commandTurnIds.delete(item2.callId);
-    }
-    return;
-  }
-  if (notification.method === "turn/completed") {
-    const providerTurnId = readTurnId(params);
-    if (!providerTurnId) return;
-    append2(sequencer, { type: "turn_completed", turnId: timelineTurnId(providerTurnId, turnAliases) }, notification.method);
-    pendingTurns.get(providerTurnId)?.resolve();
-    pendingTurns.delete(providerTurnId);
-    turnAliases.delete(providerTurnId);
-  }
-}
-function timelineTurnId(providerTurnId, turnAliases) {
-  return turnAliases.get(providerTurnId) ?? providerTurnId;
-}
-function toolCallFromThreadItem(item, turnId) {
-  if (item.type === "commandExecution") {
-    return {
-      type: "tool_call",
-      callId: String(item.id ?? "command"),
-      name: "commandExecution",
-      status: "running",
-      detail: {
-        command: item.command,
-        cwd: item.cwd,
-        commandActions: item.commandActions
-      },
-      turnId
-    };
-  }
-  if (item.type === "mcpToolCall") {
-    return {
-      type: "tool_call",
-      callId: String(item.id ?? "mcp"),
-      name: `${String(item.server ?? "mcp")}.${String(item.tool ?? "tool")}`,
-      status: "running",
-      detail: item.arguments,
-      turnId
-    };
-  }
-  if (item.type === "dynamicToolCall") {
-    return {
-      type: "tool_call",
-      callId: String(item.id ?? "dynamic"),
-      name: `${String(item.namespace ?? "dynamic")}.${String(item.tool ?? "tool")}`,
-      status: "running",
-      detail: item.arguments,
-      turnId
-    };
-  }
-  if (item.type === "fileChange") {
-    return {
-      type: "tool_call",
-      callId: String(item.id ?? "file-change"),
-      name: "fileChange",
-      status: "running",
-      detail: item.changes,
-      turnId
-    };
-  }
-  return void 0;
-}
-function completedTimelineItemsFromThreadItem(item, turnId) {
-  if (item.type === "agentMessage") {
-    return [{
-      type: "assistant_message",
-      text: String(item.text ?? ""),
-      messageId: String(item.id ?? "codex-message"),
-      turnId
-    }];
-  }
-  if (item.type === "reasoning") {
-    const content = Array.isArray(item.content) ? item.content.join("\n") : "";
-    return [{
-      type: "reasoning",
-      text: content,
-      messageId: String(item.id ?? "codex-reasoning"),
-      turnId
-    }];
-  }
-  if (item.type === "commandExecution") {
-    return [{
-      type: "tool_result",
-      callId: String(item.id ?? "command"),
-      result: item.aggregatedOutput ?? "",
-      isError: item.exitCode !== void 0 && item.exitCode !== null && item.exitCode !== 0,
-      turnId
-    }];
-  }
-  if (item.type === "mcpToolCall") {
-    return [{
-      type: "tool_result",
-      callId: String(item.id ?? "mcp"),
-      result: item.error ?? item.result,
-      isError: Boolean(item.error),
-      turnId
-    }];
-  }
-  if (item.type === "dynamicToolCall") {
-    return [{
-      type: "tool_result",
-      callId: String(item.id ?? "dynamic"),
-      result: item.contentItems,
-      isError: item.success === false,
-      turnId
-    }];
-  }
-  if (item.type === "fileChange") {
-    return [{
-      type: "tool_result",
-      callId: String(item.id ?? "file-change"),
-      result: item.changes,
-      isError: item.status === "failed",
-      turnId
-    }];
-  }
-  return [];
-}
-function outputDeltaText(params) {
-  for (const key of ["delta", "text", "output", "chunk"]) {
-    const value = stringValue2(params[key]);
-    if (value) return value;
-  }
-  const deltaBase64 = stringValue2(params.deltaBase64);
-  if (!deltaBase64) return "";
-  return decodeBase64Text(deltaBase64);
-}
-function decodeBase64Text(value) {
-  try {
-    return Buffer2.from(value, "base64").toString("utf8");
-  } catch {
-    return "";
-  }
-}
-function append2(sequencer, item, providerEventType) {
-  sequencer.append(item, rawRef(providerEventType));
-}
-function rawRef(providerEventType) {
-  return { providerEventType };
-}
-function decisionReason(decision) {
-  return decision.decision === "ask" || decision.decision === "deny" ? decision.reason : void 0;
-}
-function readThreadId(response) {
-  const record = asRecord3(response);
-  const thread = asRecord3(record.thread);
-  const id = stringValue2(thread.id) ?? stringValue2(record.threadId);
-  if (!id) throw new Error("Codex app-server did not return a thread id");
-  return id;
-}
-function readTurnId(response) {
-  const record = asRecord3(response);
-  const turn = asRecord3(record.turn);
-  return stringValue2(turn.id) ?? stringValue2(record.turnId);
-}
-function defaultRequestResponse(request) {
-  if (request.method === "item/commandExecution/requestApproval") return { decision: "decline" };
-  if (request.method === "item/fileChange/requestApproval") return { decision: "decline" };
-  if (request.method === "item/permissions/requestApproval") return {
-    permissions: {
-      fileSystem: null,
-      network: null
-    },
-    scope: "turn"
-  };
-  return {};
-}
-function stringValue2(value) {
-  return typeof value === "string" ? value : void 0;
-}
-function asRecord3(value) {
-  return value && typeof value === "object" ? value : {};
-}
-var DEFAULT_REQUEST_TIMEOUT_MS2 = 1e4;
-function createCodexAppServerJsonRpcClient(options) {
-  const timeoutMs = options.requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS2;
-  const pending = /* @__PURE__ */ new Map();
-  const notificationHandlers = /* @__PURE__ */ new Set();
-  const requestHandlers = /* @__PURE__ */ new Set();
-  let nextId = 1;
-  const unsubscribeTransport = options.transport.onMessage((message) => {
-    void handleMessage(message);
-  });
-  function write(message) {
-    void options.transport.write(JSON.stringify(message));
-  }
-  async function request(method, params) {
-    const id = nextId++;
-    write({
-      jsonrpc: "2.0",
-      id,
-      method,
-      ...params === void 0 ? {} : { params }
-    });
-    return new Promise((resolve, reject) => {
-      const timer = setTimeout(() => {
-        pending.delete(id);
-        reject(new Error(`Codex app-server request timed out: ${method}`));
-      }, timeoutMs);
-      pending.set(id, { resolve, reject, timer });
-    });
-  }
-  async function handleMessage(message) {
-    const record = asRecord22(message);
-    if (typeof record.id === "number" && typeof record.method === "string") {
-      await handleServerRequest(record.id, {
-        id: record.id,
-        method: record.method,
-        params: record.params
-      });
-      return;
-    }
-    if (typeof record.id === "number") {
-      handleResponse(record);
-      return;
-    }
-    if (typeof record.method === "string") {
-      const notification = {
-        method: record.method,
-        params: record.params
-      };
-      for (const handler of notificationHandlers) handler(notification);
-    }
-  }
-  function handleResponse(response) {
-    const entry = pending.get(response.id);
-    if (!entry) return;
-    pending.delete(response.id);
-    clearTimeout(entry.timer);
-    if (response.error) {
-      entry.reject(new Error(response.error.message));
-      return;
-    }
-    entry.resolve(response.result);
-  }
-  async function handleServerRequest(id, request2) {
-    const handler = requestHandlers.values().next().value;
-    if (!handler) {
-      write({ jsonrpc: "2.0", id, result: {} });
-      return;
-    }
-    try {
-      const result = await handler(request2);
-      write({ jsonrpc: "2.0", id, result });
-    } catch (error) {
-      write({
-        jsonrpc: "2.0",
-        id,
-        error: {
-          code: -32e3,
-          message: error.message
-        }
-      });
-    }
-  }
-  return {
-    async initialize() {
-      await request("initialize", {
-        protocolVersion: "2025-03-26",
-        capabilities: {},
-        clientInfo: options.clientInfo ?? {
-          name: "weft",
-          title: "Weft",
-          version: "0.1.0"
-        }
-      });
-      write({ jsonrpc: "2.0", method: "initialized", params: {} });
-    },
-    request,
-    onNotification(handler) {
-      notificationHandlers.add(handler);
-      return () => notificationHandlers.delete(handler);
-    },
-    onRequest(handler) {
-      requestHandlers.add(handler);
-      return () => requestHandlers.delete(handler);
-    },
-    close() {
-      unsubscribeTransport();
-      for (const entry of pending.values()) {
-        clearTimeout(entry.timer);
-        entry.reject(new Error("Codex app-server client closed"));
-      }
-      pending.clear();
-      notificationHandlers.clear();
-      requestHandlers.clear();
-      options.transport.close?.();
-    }
-  };
-}
-async function createCodexAppServerSubprocessClient(options = {}) {
-  const transport = createNodeSubprocessTransport({
-    executable: options.executable ?? "codex",
-    args: options.args ?? ["app-server"],
-    env: options.env
-  });
-  const client = createCodexAppServerJsonRpcClient({
-    transport,
-    requestTimeoutMs: options.requestTimeoutMs
-  });
-  try {
-    await client.initialize();
-  } catch (error) {
-    client.close();
-    throw error;
-  }
-  return client;
-}
-function createNodeSubprocessTransport(options) {
-  const proc = spawn3(options.executable, options.args, {
-    stdio: ["pipe", "pipe", "pipe"],
-    env: options.env ?? process.env
-  });
-  const handlers = /* @__PURE__ */ new Set();
-  let closed = false;
-  if (!proc.stdout || !proc.stdin) {
-    throw new Error("Failed to create subprocess with piped stdio");
-  }
-  const rl = createInterface3({ input: proc.stdout });
-  rl.on("line", (line) => {
-    const trimmed = line.trim();
-    if (!trimmed) return;
-    try {
-      const message = JSON.parse(trimmed);
-      for (const handler of handlers) handler(message);
-    } catch {
-    }
-  });
-  return {
-    write(message) {
-      if (closed) return;
-      proc.stdin.write(`${message}
-`);
-    },
-    onMessage(handler) {
-      handlers.add(handler);
-      return () => handlers.delete(handler);
-    },
-    close() {
-      closed = true;
-      handlers.clear();
-      rl.close();
-      proc.kill();
-    }
-  };
-}
-function asRecord22(value) {
-  return value && typeof value === "object" ? value : {};
-}
-function createCodexRuntimeCapabilityReport(options) {
-  const appServerAvailable = options.candidates.some((candidate) => candidate.kind === "app-server" && candidate.available);
-  const nativeAvailable = options.candidates.some((candidate) => candidate.kind === "native-sdk" && candidate.available);
-  const strongRuntimeAvailable = appServerAvailable || nativeAvailable;
-  return createRuntimeCapabilityReport({
-    provider: "codex",
-    candidates: options.candidates,
-    preferredRuntime: "app-server",
-    allowFallback: options.allowFallback,
-    auth: options.auth,
-    extensionCapabilities: {
-      policy: {
-        supported: true,
-        degraded: !strongRuntimeAvailable,
-        modes: ["safe", "ask", "allow-all"],
-        approvals: strongRuntimeAvailable,
-        toolPolicy: true,
-        reason: strongRuntimeAvailable ? void 0 : "codex exec fallback cannot complete app-server approval callbacks"
-      },
-      sources: {
-        supported: strongRuntimeAvailable,
-        registry: strongRuntimeAvailable,
-        mcpTools: strongRuntimeAvailable,
-        reason: strongRuntimeAvailable ? void 0 : "Source tools require app-server, SDK, or host MCP wiring"
-      },
-      skills: {
-        supported: strongRuntimeAvailable,
-        registry: strongRuntimeAvailable,
-        activationPlan: strongRuntimeAvailable,
-        scopedPolicy: strongRuntimeAvailable,
-        reason: strongRuntimeAvailable ? void 0 : "Skill activation is degraded in CLI fallback"
-      },
-      automations: {
-        supported: true,
-        degraded: !strongRuntimeAvailable,
-        eventBus: true,
-        schedulerHost: false,
-        promptAction: true,
-        webhookAction: false,
-        reason: strongRuntimeAvailable ? void 0 : "Automation hooks are degraded in CLI fallback"
-      },
-      hostTools: hostToolCapabilitiesFromExtensions2(options.extensions)
-    }
-  });
-}
-function hostToolCapabilitiesFromExtensions2(extensions) {
-  const sessionTools = extensions?.hostServices?.sessionTools;
-  if (!sessionTools) {
-    return {
-      supported: false,
-      sessionTools: false,
-      workflowTransitions: false,
-      browserActions: false,
-      metadataWrites: false
-    };
-  }
-  const workflowTransitions = Boolean(sessionTools.submitPlan);
-  const browserActions = Boolean(sessionTools.runBrowserAction);
-  const metadataWrites = Boolean(sessionTools.updateSessionMetadata);
-  const degraded = !workflowTransitions || !browserActions || !metadataWrites;
-  return {
-    supported: true,
-    degraded: degraded || void 0,
-    sessionTools: true,
-    workflowTransitions,
-    browserActions,
-    metadataWrites,
-    reason: degraded ? "Host session tool bridge is only partially attached" : void 0
-  };
-}
-function createCodexProviderRuntime(options) {
-  const report = createCodexRuntimeCapabilityReport(options);
-  const extensions = createRuntimeExtensionContext(options.extensions);
-  let runtimeDriver = options.driver;
-  let ownedAppServerClient;
-  const timeline = [];
-  const stream = new PushTimelineStream2();
-  const baseSequencer = createTimelineSequencer({
-    sessionId: options.sessionId ?? "codex-session",
-    provider: "codex",
-    epoch: options.epoch ?? "default",
-    now: options.now
-  });
-  const sequencer = {
-    append(item, rawRef2) {
-      syncStateFromTimelineItem(item);
-      const envelope = baseSequencer.append(item, rawRef2);
-      timeline.push(envelope);
-      stream.emit(envelope);
-      return envelope;
-    }
-  };
-  let state = initialRuntimeState;
-  function dispatch(action) {
-    state = reduceRuntimeState(state, action);
-  }
-  function syncStateFromTimelineItem(item) {
-    if (item.type === "permission_requested") {
-      dispatch({ type: "permission_request", requestId: item.request.requestId });
-    }
-    if (item.type === "permission_resolved") {
-      dispatch({ type: "permission_response" });
-    }
-    if (item.type === "turn_completed") {
-      dispatch({ type: "turn_completed" });
-    }
-  }
-  function appendFailure(message) {
-    sequencer.append({
-      type: "turn_failed",
-      turnId: "provider-runtime",
-      error: { message }
-    });
-  }
-  async function getDriver() {
-    if (runtimeDriver) return runtimeDriver;
-    if (report.selected === "cli-fallback") {
-      runtimeDriver = createCodexCliFallbackDriver({
-        session: options.createCliFallbackSession?.() ?? createLocalAgentSession({
-          provider: "codex",
-          cwd: options.cwd,
-          sessionId: options.sessionId,
-          model: options.model,
-          reasoningEffort: options.reasoningEffort,
-          permissionMode: options.permissionMode,
-          executable: options.executable,
-          env: options.env
-        }),
-        sessionId: options.sessionId ?? "codex-session",
-        epoch: options.epoch ?? "default",
-        now: options.now
-      });
-      return runtimeDriver;
-    }
-    if (report.selected === "native-sdk") {
-      runtimeDriver = {
-        async sendMessage() {
-          throw new Error("Codex native SDK runtime is not yet implemented. Use app-server or cli-fallback instead.");
-        }
-      };
-      return runtimeDriver;
-    }
-    if (report.selected !== "app-server") return void 0;
-    const client = options.appServerClient ?? await (options.createAppServerClient?.() ?? createCodexAppServerSubprocessClient(options.appServerSubprocess));
-    if (!options.appServerClient) {
-      ownedAppServerClient = client;
-    }
-    runtimeDriver = createCodexAppServerDriver({
-      cwd: options.cwd,
-      client,
-      model: options.model,
-      reasoningEffort: options.reasoningEffort,
-      approvalPolicy: options.approvalPolicy,
-      approvalsReviewer: options.approvalsReviewer,
-      sandbox: options.sandbox,
-      policy: options.policy ?? extensions.policy?.hook,
-      sourceTools: options.sourceTools
-    });
-    return runtimeDriver;
-  }
-  return {
-    sessionId: options.sessionId ?? "codex-session",
-    provider: "codex",
-    runtimeKind: report.selected ?? "app-server",
-    events: stream,
-    commands: {
-      async sendMessage(message, sendOptions) {
-        const driver = await getDriver();
-        if (!driver) {
-          const error = "Codex provider driver is not attached";
-          dispatch({ type: "error", error });
-          appendFailure(error);
-          throw new Error(error);
-        }
-        dispatch({ type: "send_message", message });
-        try {
-          await driver.sendMessage({
-            message,
-            options: sendOptions,
-            origin: sendOptions?.commandOrigin ?? extensions.commandOrigin
-          }, sequencer);
-          dispatch({ type: "complete" });
-        } catch (err) {
-          const error = err instanceof Error ? err.message : String(err);
-          dispatch({ type: "error", error });
-          appendFailure(error);
-          throw err;
-        }
-      },
-      async abort(reason) {
-        dispatch({ type: "abort", reason });
-        await runtimeDriver?.abort?.(reason);
-      },
-      async respondToPermission(requestId, allowed, remember) {
-        dispatch({ type: "permission_response" });
-        await runtimeDriver?.respondToPermission?.(requestId, allowed, remember);
-      },
-      async dispose() {
-        dispatch({ type: "dispose" });
-        stream.disconnect();
-        await runtimeDriver?.dispose?.();
-        ownedAppServerClient?.close?.();
-      }
-    },
-    async preflight() {
-      dispatch({ type: "preflight_ok" });
-      if (!report.selected) {
-        dispatch({ type: "preflight_error", error: report.error ?? "No runtime selected" });
-      }
-      sequencer.append({ type: "runtime_capability_report", report });
-      return report;
-    },
-    async fetchTimeline(request) {
-      if (!request.cursor && timeline.length === 0) {
-        return {
-          items: [],
-          nextCursor: createTimelineCursor({ epoch: options.epoch ?? "default", afterSeq: 0 }),
-          hasGap: false
-        };
-      }
-      return fetchTimeline(timeline, request);
-    },
-    getState() {
-      return state;
-    }
-  };
-}
-var PushTimelineStream2 = class {
-  listeners = /* @__PURE__ */ new Set();
-  connect(onEvent, onError, onClose) {
-    this.listeners.add({ onEvent, onError, onClose });
-  }
-  disconnect() {
-    this.listeners.clear();
-  }
-  isConnected() {
-    return this.listeners.size > 0;
-  }
-  emit(event) {
-    for (const listener of this.listeners) listener.onEvent(event);
-  }
-};
-function createCodexCliFallbackDriver(options) {
-  const projector = createLocalTimelineProjector({
-    sessionId: options.sessionId,
-    provider: "codex",
-    epoch: options.epoch,
-    now: options.now
-  });
-  let connected = false;
-  let activeSequencer;
-  function connect(sequencer) {
-    activeSequencer = sequencer;
-    if (connected) return;
-    connected = true;
-    options.session.events.connect((event) => {
-      if (!activeSequencer) return;
-      for (const envelope of projector.project(event)) {
-        activeSequencer.append(envelope.item, envelope.rawRef);
-      }
-    });
-  }
-  return {
-    async sendMessage(input, sequencer) {
-      connect(sequencer);
-      await options.session.commands.sendMessage(input.message, input.options);
-    },
-    abort(reason) {
-      return options.session.commands.abort(reason);
-    },
-    respondToPermission(requestId, allowed, remember) {
-      return options.session.commands.respondToPermission(requestId, allowed, remember);
-    },
-    dispose() {
-      return options.session.commands.dispose();
-    }
-  };
-}
-
-// ../packages/client/dist/index.js
-var FlitroHttpClient = class {
-  baseUrl;
-  timeout;
-  apiKey;
-  tenantId;
-  onTokenExpired;
-  token;
-  constructor(options) {
-    this.baseUrl = options.baseUrl.replace(/\/$/, "");
-    this.timeout = options.timeout ?? 3e4;
-    this.apiKey = options.apiKey ?? "";
-    this.tenantId = options.tenantId ?? "";
-    this.token = options.token ?? "";
-    this.onTokenExpired = options.onTokenExpired;
-  }
-  /** Current Authorization bearer (scoped token wins over apiKey). */
-  getBearerToken() {
-    return this.token || this.apiKey;
-  }
-  /** Replace the scoped token (e.g. after a host-backend refresh). */
-  setToken(token) {
-    this.token = token;
-  }
-  buildHeaders() {
-    const headers = { "Content-Type": "application/json" };
-    const bearer = this.getBearerToken();
-    if (bearer) headers["Authorization"] = `Bearer ${bearer}`;
-    if (!this.token && this.tenantId) headers["X-Tenant-ID"] = this.tenantId;
-    return headers;
-  }
-  async preflight() {
-    return this.get("/v1/capabilities");
-  }
-  async health() {
-    return this.get("/v1/health");
-  }
-  async createSession(options) {
-    return this.post("/v1/sessions", {
-      title: options?.title ?? "Weft session",
-      model: options?.model,
-      skill_names: options?.skillNames,
-      mcp_server_names: options?.mcpServerNames
-    });
-  }
-  async getSession(sessionId) {
-    return this.get(`/v1/sessions/${encodeURIComponent(sessionId)}`);
-  }
-  async sendMessage(sessionId, message, options) {
-    const budget = options?.budget ? {
-      max_steps: options.budget.maxSteps,
-      max_tokens: options.budget.maxTokens,
-      max_wall_time_sec: options.budget.maxWallTimeSec
-    } : void 0;
-    return this.post(`/v1/sessions/${encodeURIComponent(sessionId)}/runs`, {
-      message,
-      model: options?.model,
-      skill_names: options?.skillNames,
-      mcp_server_names: options?.mcpServerNames,
-      tool_names: options?.toolNames,
-      approval_policy: options?.approvalPolicy,
-      execution_mode: options?.executionMode,
-      workspace_id: options?.workspaceId,
-      budget
-    });
-  }
-  async cancelRun(runId) {
-    return this.post(`/v1/runs/${encodeURIComponent(runId)}/cancel`, {});
-  }
-  async resumeTool(runId, resumeData) {
-    return this.post(
-      `/v1/runs/${encodeURIComponent(runId)}/resume-tool`,
-      { resume_data: resumeData }
-    );
-  }
-  async respondToPermission(sessionId, requestId, allowed, options) {
-    return this.post(
-      `/v1/sessions/${encodeURIComponent(sessionId)}/permission-response`,
-      { requestId, allowed, remember: options?.remember, text: options?.text, answer: options?.answer }
-    );
-  }
-  async patchSession(sessionId, patch) {
-    return this.patch(
-      `/v1/sessions/${encodeURIComponent(sessionId)}`,
-      patch
-    );
-  }
-  async listModels() {
-    return this.get("/v1/models");
-  }
-  async fetchTimeline(sessionId, afterSeq, limit) {
-    const params = new URLSearchParams();
-    if (afterSeq !== void 0) params.set("after_seq", String(afterSeq));
-    if (limit !== void 0) params.set("limit", String(limit));
-    const qs = params.toString();
-    const url = `/v1/sessions/${encodeURIComponent(sessionId)}/timeline/fetch${qs ? `?${qs}` : ""}`;
-    return this.get(url);
-  }
-  /** Returns the SSE stream URL for a session's canonical timeline. */
-  sessionTimelineUrl(sessionId) {
-    return `${this.baseUrl}/v1/sessions/${encodeURIComponent(sessionId)}/timeline`;
-  }
-  async get(path) {
-    return this.request("GET", path, void 0);
-  }
-  async post(path, body) {
-    return this.request("POST", path, body);
-  }
-  async patch(path, body) {
-    return this.request("PATCH", path, body);
-  }
-  async request(method, path, body, isRetry = false) {
-    const url = `${this.baseUrl}${path}`;
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), this.timeout);
-    try {
-      const response = await fetch(url, {
-        method,
-        headers: this.buildHeaders(),
-        body: body !== void 0 ? JSON.stringify(body) : void 0,
-        signal: controller.signal
-      });
-      if (response.status === 401 && this.token && this.onTokenExpired && !isRetry) {
-        const fresh = await this.onTokenExpired();
-        if (fresh) {
-          this.token = fresh;
-          return this.request(method, path, body, true);
-        }
-      }
-      if (!response.ok) {
-        let errorMsg = `Flitro HTTP ${response.status}`;
-        try {
-          const errBody = await response.json();
-          if (errBody.error) errorMsg = `${errorMsg}: ${errBody.error}`;
-        } catch {
-        }
-        throw new Error(errorMsg);
-      }
-      return response.json();
-    } finally {
-      clearTimeout(timer);
-    }
-  }
-};
-var FlitroFetchSseTimelineStream = class {
-  listeners = /* @__PURE__ */ new Set();
-  abortController = null;
-  connected = false;
-  disposed = false;
-  afterSeq;
-  reconnectAttempts = 0;
-  tokenOverride = "";
-  getBearerToken;
-  onTokenExpired;
-  options;
-  constructor(options) {
-    this.afterSeq = options.initialAfterSeq ?? 0;
-    this.getBearerToken = options.getBearerToken;
-    this.onTokenExpired = options.onTokenExpired;
-    this.options = {
-      url: options.url,
-      apiKey: options.apiKey ?? "",
-      tenantId: options.tenantId ?? "",
-      reconnectDelayMs: options.reconnectDelayMs ?? 1500,
-      maxReconnectAttempts: options.maxReconnectAttempts ?? 20,
-      initialAfterSeq: this.afterSeq,
-      now: options.now ?? (() => Date.now())
-    };
-  }
-  connect(onEvent, onError, onClose) {
-    this.disposed = false;
-    this.listeners.add({ onEvent, onError, onClose });
-    if (!this.connected) {
-      this.connected = true;
-      this.reconnectAttempts = 0;
-      this.startFetch();
-    }
-  }
-  disconnect() {
-    this.disposed = true;
-    this.connected = false;
-    this.abortController?.abort();
-    for (const listener of this.listeners) {
-      listener.onClose?.();
-    }
-    this.listeners.clear();
-  }
-  isConnected() {
-    return this.connected && !this.disposed;
-  }
-  buildUrl() {
-    let url = this.options.url;
-    if (this.afterSeq > 0) {
-      url += (url.includes("?") ? "&" : "?") + `after_seq=${this.afterSeq}`;
-    }
-    return url;
-  }
-  buildHeaders() {
-    const h = { Accept: "text/event-stream" };
-    const bearer = this.tokenOverride || this.getBearerToken?.() || this.options.apiKey;
-    if (bearer) h["Authorization"] = `Bearer ${bearer}`;
-    if (this.options.tenantId) h["X-Tenant-ID"] = this.options.tenantId;
-    return h;
-  }
-  async startFetch() {
-    if (this.disposed) return;
-    this.abortController = new AbortController();
-    try {
-      const response = await fetch(this.buildUrl(), {
-        headers: this.buildHeaders(),
-        signal: this.abortController.signal
-      });
-      if (response.status === 401 && this.onTokenExpired) {
-        const fresh = await this.onTokenExpired();
-        if (fresh) this.tokenOverride = fresh;
-      }
-      if (!response.ok || !response.body) {
-        throw new Error(`Flitro SSE: HTTP ${response.status}`);
-      }
-      this.reconnectAttempts = 0;
-      const reader = response.body.getReader();
-      const decoder = new TextDecoder();
-      let buffer = "";
-      while (true) {
-        const { done, value } = await reader.read();
-        if (done) break;
-        buffer += decoder.decode(value, { stream: true });
-        const envelopes = parseSseBuffer(buffer);
-        buffer = envelopes.remainder;
-        for (const envelope of envelopes.items) {
-          if (envelope.seq > this.afterSeq) {
-            this.afterSeq = envelope.seq;
-          }
-          for (const listener of this.listeners) {
-            listener.onEvent(envelope);
-          }
-        }
-      }
-      if (!this.disposed) {
-        this.connected = false;
-        this.scheduleReconnect();
-      }
-    } catch (err) {
-      if (this.disposed) return;
-      if (err instanceof Error && err.name === "AbortError") return;
-      this.connected = false;
-      this.scheduleReconnect();
-    }
-  }
-  scheduleReconnect() {
-    if (this.disposed) return;
-    if (this.reconnectAttempts >= this.options.maxReconnectAttempts) {
-      this.emitError(new Error(`Flitro SSE: max reconnect attempts reached`));
-      return;
-    }
-    this.reconnectAttempts++;
-    const delay = Math.min(this.options.reconnectDelayMs * this.reconnectAttempts, 3e4);
-    setTimeout(() => {
-      this.connected = true;
-      this.startFetch();
-    }, delay);
-  }
-  emitError(err) {
-    for (const listener of this.listeners) listener.onError?.(err);
-  }
-};
-function parseSseBuffer(buffer) {
-  const items = [];
-  const blocks = buffer.split("\n\n");
-  const remainder = blocks.pop() ?? "";
-  for (const block of blocks) {
-    let eventType = "";
-    let data = "";
-    for (const line of block.split("\n")) {
-      if (line.startsWith("event: ")) {
-        eventType = line.slice(7).trim();
-      } else if (line.startsWith("data: ")) {
-        data = line.slice(6).trim();
-      }
-    }
-    if (eventType === "timeline" && data) {
-      try {
-        items.push(JSON.parse(data));
-      } catch {
-      }
-    }
-  }
-  return { items, remainder };
-}
-function createFlitroTimelineStream(options) {
-  return new FlitroFetchSseTimelineStream(options);
-}
-
-// ../packages/provider-flitro/dist/index.js
-function mapPermissionModeToApprovalPolicy(mode) {
-  if (mode === "allow-all") return "auto";
-  if (mode === "safe") return "never";
-  if (mode === "ask") return "on-request";
-  return void 0;
-}
-function createFlitroDriver(options) {
-  let activeRunId;
-  return {
-    async sendMessage(input, _sequencer) {
-      const run = await options.client.sendMessage(
-        options.sessionId,
-        input.message,
-        {
-          model: input.options?.model ?? options.model,
-          skillNames: options.skillNames,
-          mcpServerNames: options.mcpServerNames,
-          // Per-message permission choice (from the chat panel selector) wins
-          // over the runtime's creation-time default.
-          approvalPolicy: mapPermissionModeToApprovalPolicy(input.options?.permissionMode) ?? options.approvalPolicy
-        }
-      );
-      activeRunId = run.run_id;
-    },
-    async abort(reason) {
-      if (activeRunId) {
-        await options.client.cancelRun(activeRunId).catch(() => {
-        });
-        activeRunId = void 0;
-      }
-    },
-    async respondToPermission(requestId, allowed, remember) {
-      await options.client.respondToPermission(options.sessionId, requestId, allowed, {
-        remember
-      });
-    },
-    async resumeTool(runId, resumeData) {
-      await options.client.resumeTool(runId, resumeData);
-    },
-    async dispose() {
-      if (activeRunId) {
-        await options.client.cancelRun(activeRunId).catch(() => {
-        });
-        activeRunId = void 0;
-      }
-    }
-  };
-}
-function createFlitroRuntimeCapabilityReport(options) {
-  const appServerAvailable = options.candidates.some((c) => c.kind === "app-server" && c.available);
-  return createRuntimeCapabilityReport({
-    provider: "flitro",
-    candidates: options.candidates,
-    preferredRuntime: "app-server",
-    allowFallback: options.allowFallback,
-    auth: options.auth,
-    extensionCapabilities: {
-      policy: {
-        supported: true,
-        degraded: !appServerAvailable || void 0,
-        modes: ["safe", "ask", "allow-all"],
-        approvals: appServerAvailable,
-        toolPolicy: appServerAvailable,
-        reason: appServerAvailable ? void 0 : "Flitro server is unavailable"
-      },
-      sources: {
-        supported: appServerAvailable,
-        registry: appServerAvailable,
-        mcpTools: appServerAvailable,
-        credentialGateway: false,
-        reason: appServerAvailable ? void 0 : "Source tools require a running Flitro server"
-      },
-      skills: {
-        supported: appServerAvailable,
-        registry: appServerAvailable,
-        activationPlan: appServerAvailable,
-        scopedPolicy: appServerAvailable,
-        reason: appServerAvailable ? void 0 : "Skill activation requires a running Flitro server"
-      },
-      automations: {
-        supported: appServerAvailable,
-        degraded: !appServerAvailable || void 0,
-        eventBus: appServerAvailable,
-        schedulerHost: appServerAvailable,
-        promptAction: appServerAvailable,
-        webhookAction: false,
-        reason: appServerAvailable ? void 0 : "Automations require a running Flitro server"
-      },
-      hostTools: {
-        supported: appServerAvailable,
-        sessionTools: false,
-        workflowTransitions: false,
-        browserActions: false,
-        metadataWrites: appServerAvailable
-      }
-    }
-  });
-}
-function createFlitroProviderRuntime(options) {
-  const report = createFlitroRuntimeCapabilityReport(options);
-  const extensions = createRuntimeExtensionContext(options.extensions);
-  const client = new FlitroHttpClient(options.server);
-  let resolvedSessionId = options.sessionId ?? "";
-  let epoch = options.epoch ?? (resolvedSessionId ? `flitro-${resolvedSessionId}` : "flitro-pending");
-  const now = options.now ?? (() => Date.now());
-  const timeline = [];
-  const seenTimelineKeys = /* @__PURE__ */ new Set();
-  const stream = new PushTimelineStream3();
-  let state = initialRuntimeState;
-  let runtimeDriver = options.driver;
-  let sseStream;
-  const pendingMessages = [];
-  function dispatch(action) {
-    state = reduceRuntimeState(state, action);
-  }
-  function syncStateFromEnvelope(envelope) {
-    const item = envelope.item;
-    if (item.type === "permission_requested") {
-      dispatch({ type: "permission_request", requestId: item.request.requestId });
-    } else if (item.type === "permission_resolved") {
-      dispatch({ type: "permission_response" });
-    } else if (item.type === "turn_completed") {
-      dispatch({ type: "turn_completed" });
-      dispatch({ type: "complete" });
-      void sendNextPendingMessage();
-    } else if (item.type === "turn_failed") {
-      const err = item.error;
-      dispatch({ type: "error", error: err?.message ?? "turn failed" });
-    } else if (item.type === "tool_suspended") {
-      dispatch({ type: "permission_request", requestId: `tool-suspend:${item.callId}` });
-    } else if (item.type === "tool_resumed") {
-      dispatch({ type: "permission_response" });
-    } else if (item.type === "session_status") {
-      if (item.status === "running") {
-        dispatch({ type: "starting" });
-      } else if (item.status === "ended") {
-        dispatch({ type: "abort" });
-      }
-    }
-  }
-  function appendEnvelope(envelope) {
-    if (envelope.seq > 0) {
-      const key = `${envelope.epoch || envelope.sessionId || "unknown"}:${envelope.seq}`;
-      if (seenTimelineKeys.has(key)) return;
-      seenTimelineKeys.add(key);
-    }
-    syncStateFromEnvelope(envelope);
-    timeline.push(envelope);
-    stream.emit(envelope);
-  }
-  function appendFailure(message) {
-    const item = { type: "turn_failed", turnId: "provider-runtime", error: { message } };
-    const envelope = {
-      sessionId: resolvedSessionId,
-      provider: "flitro",
-      seq: timeline.length + 1,
-      epoch,
-      timestamp: now(),
-      item
-    };
-    appendEnvelope(envelope);
-  }
-  function getDriver() {
-    if (runtimeDriver) return runtimeDriver;
-    runtimeDriver = createFlitroDriver({
-      client,
-      sessionId: resolvedSessionId,
-      model: options.model,
-      skillNames: options.skillNames,
-      mcpServerNames: options.mcpServerNames,
-      approvalPolicy: options.approvalPolicy
-    });
-    return runtimeDriver;
-  }
-  async function sendToFlitro(message, sendOptions) {
-    const driver = getDriver();
-    try {
-      await driver.sendMessage({ message, options: sendOptions }, {
-        append: (item, rawRef2) => {
-          const envelope = {
-            sessionId: resolvedSessionId,
-            provider: "flitro",
-            seq: timeline.length + 1,
-            epoch,
-            timestamp: now(),
-            item,
-            rawRef: rawRef2
-          };
-          appendEnvelope(envelope);
-          return envelope;
-        }
-      });
-    } catch (err) {
-      const error = err instanceof Error ? err.message : String(err);
-      dispatch({ type: "error", error });
-      appendFailure(error);
-      throw err;
-    }
-  }
-  async function sendNextPendingMessage() {
-    const next = pendingMessages.shift();
-    if (!next) return;
-    try {
-      await sendToFlitro(next.message, next.options);
-    } catch {
-    }
-  }
-  async function ensureSession() {
-    if (resolvedSessionId) return;
-    const session = await client.createSession({
-      model: options.model,
-      skillNames: options.skillNames,
-      mcpServerNames: options.mcpServerNames
-    });
-    resolvedSessionId = session.session_id;
-    if (!options.epoch) {
-      epoch = `flitro-${resolvedSessionId}`;
-    }
-    connectSse();
-  }
-  function connectSse() {
-    if (!resolvedSessionId || sseStream) return;
-    sseStream = createFlitroTimelineStream({
-      url: client.sessionTimelineUrl(resolvedSessionId),
-      apiKey: options.server.apiKey,
-      tenantId: options.server.tenantId,
-      // Scoped embed tokens rotate; always read the client's current bearer
-      // and propagate refreshed tokens back to it.
-      getBearerToken: () => client.getBearerToken(),
-      onTokenExpired: options.server.onTokenExpired ? async () => {
-        const fresh = await options.server.onTokenExpired?.();
-        if (fresh) client.setToken(fresh);
-        return fresh;
-      } : void 0
-    });
-    sseStream.connect(
-      // The client package types `item` as unknown; the server emits the
-      // canonical Weft envelope, so this is the narrowing point.
-      (envelope) => appendEnvelope(envelope),
-      (_err) => {
-      }
-    );
-  }
-  if (resolvedSessionId) {
-    connectSse();
-  }
-  return {
-    get sessionId() {
-      return resolvedSessionId;
-    },
-    provider: "flitro",
-    runtimeKind: report.selected ?? "app-server",
-    events: stream,
-    commands: {
-      async sendMessage(message, sendOptions) {
-        await ensureSession();
-        const shouldQueue = state.status === "running" || state.status === "waiting_for_permission";
-        dispatch({ type: "send_message", message });
-        if (shouldQueue) {
-          pendingMessages.push({ message, options: sendOptions });
-          return;
-        }
-        await sendToFlitro(message, sendOptions);
-      },
-      async abort(reason) {
-        dispatch({ type: "abort", reason });
-        pendingMessages.length = 0;
-        await runtimeDriver?.abort?.(reason);
-      },
-      async respondToPermission(requestId, allowed, remember) {
-        await getDriver().respondToPermission?.(requestId, allowed, remember);
-        dispatch({ type: "permission_response" });
-      },
-      async resumeTool(runId, resumeData) {
-        await getDriver().resumeTool?.(runId, resumeData);
-      },
-      async dispose() {
-        dispatch({ type: "dispose" });
-        pendingMessages.length = 0;
-        sseStream?.disconnect();
-        sseStream = void 0;
-        await runtimeDriver?.dispose?.();
-      }
-    },
-    async preflight() {
-      dispatch({ type: "preflight_start" });
-      if (!report.selected) {
-        dispatch({ type: "preflight_error", error: report.error ?? "No runtime selected" });
-      } else {
-        dispatch({ type: "preflight_ok" });
-      }
-      const capItem = { type: "runtime_capability_report", report };
-      const capEnvelope = {
-        sessionId: resolvedSessionId,
-        provider: "flitro",
-        seq: timeline.length + 1,
-        epoch,
-        timestamp: now(),
-        item: capItem
-      };
-      appendEnvelope(capEnvelope);
-      return report;
-    },
-    async fetchTimeline(request = {}) {
-      if (request.cursor?.epoch === epoch || !request.cursor) {
-        const localResult = fetchTimeline(timeline, request);
-        if (localResult.items.length > 0) return localResult;
-      }
-      if (resolvedSessionId) {
-        try {
-          const afterSeq = request.cursor?.afterSeq ?? 0;
-          const result = await client.fetchTimeline(resolvedSessionId, afterSeq, request.limit);
-          return {
-            items: result.items,
-            nextCursor: createTimelineCursor({
-              epoch: result.nextCursor.epoch,
-              afterSeq: result.nextCursor.afterSeq
-            }),
-            hasGap: result.hasGap
-          };
-        } catch {
-        }
-      }
-      return {
-        items: [],
-        nextCursor: createTimelineCursor({ epoch, afterSeq: 0 }),
-        hasGap: false
-      };
-    },
-    getState() {
-      return state;
-    }
-  };
-}
-var PushTimelineStream3 = class {
-  listeners = /* @__PURE__ */ new Set();
-  connect(onEvent, onError, onClose) {
-    this.listeners.add({ onEvent, onError, onClose });
-  }
-  disconnect() {
-    for (const l of this.listeners) l.onClose?.();
-    this.listeners.clear();
-  }
-  isConnected() {
-    return this.listeners.size > 0;
-  }
-  emit(event) {
-    for (const l of this.listeners) l.onEvent(event);
-  }
-};
-
-// ../packages/runtime-factory/dist/index.js
-function createHostAgentRuntime(options) {
-  const sourceRuntime = options.sourceRuntime ? createSourceRuntimeProviderOptions(options.sourceRuntime) : void 0;
-  const extensions = mergeExtensions(options.extensions, options.policy, sourceRuntime);
-  if (options.provider === "claude") {
-    return {
-      runtime: createClaudeProviderRuntime({
-        cwd: options.cwd,
-        sessionId: options.sessionId,
-        epoch: options.epoch,
-        now: options.now,
-        candidates: options.candidates,
-        auth: options.auth,
-        allowFallback: options.allowFallback,
-        extensions,
-        sourceTools: sourceRuntime?.sourceTools,
-        model: options.claude?.model ?? options.model,
-        reasoningEffort: options.claude?.reasoningEffort ?? options.reasoningEffort,
-        env: options.claude?.env,
-        permissionMode: options.claude?.permissionMode,
-        query: options.claude?.query,
-        loadSdk: options.claude?.loadSdk
-      }),
-      sourceRuntime
-    };
-  }
-  if (options.provider === "flitro") {
-    if (!options.flitro?.server) {
-      throw new Error('createHostAgentRuntime: flitro.server is required for provider="flitro"');
-    }
-    return {
-      runtime: createFlitroProviderRuntime({
-        server: options.flitro.server,
-        sessionId: options.sessionId,
-        epoch: options.epoch,
-        now: options.now,
-        candidates: options.candidates,
-        auth: options.auth,
-        allowFallback: options.allowFallback,
-        extensions,
-        model: options.flitro.model ?? options.model,
-        skillNames: options.flitro.skillNames,
-        mcpServerNames: options.flitro.mcpServerNames,
-        approvalPolicy: options.flitro.approvalPolicy
-      }),
-      sourceRuntime
-    };
-  }
-  return {
-    runtime: createCodexProviderRuntime({
-      cwd: options.cwd,
-      sessionId: options.sessionId,
-      epoch: options.epoch,
-      now: options.now,
-      candidates: options.candidates,
-      auth: options.auth,
-      allowFallback: options.allowFallback,
-      extensions,
-      sourceTools: sourceRuntime?.sourceTools,
-      appServerClient: options.codex?.appServerClient,
-      createAppServerClient: options.codex?.createAppServerClient,
-      model: options.codex?.model ?? options.model,
-      reasoningEffort: options.codex?.reasoningEffort ?? options.reasoningEffort,
-      permissionMode: options.codex?.permissionMode,
-      approvalPolicy: options.codex?.approvalPolicy,
-      approvalsReviewer: options.codex?.approvalsReviewer,
-      sandbox: options.codex?.sandbox,
-      appServerSubprocess: options.codex?.appServerSubprocess
-    }),
-    sourceRuntime
-  };
-}
-function createHostRuntimeController(options) {
-  const { runtime, sourceRuntime } = options;
-  const hostTimeline = [];
-  const hostTimelineEpoch = options.hostTimelineEpoch ?? `host:${runtime.sessionId}`;
-  const hostTimelineSequencer = createTimelineSequencer({
-    sessionId: runtime.sessionId,
-    provider: "host",
-    epoch: hostTimelineEpoch,
-    now: options.now
-  });
-  let sendCount = 0;
-  return {
-    sessionId: runtime.sessionId,
-    provider: runtime.provider,
-    runtimeKind: runtime.runtimeKind,
-    async preflight() {
-      const capabilityReport = await runtime.preflight();
-      return {
-        sessionId: runtime.sessionId,
-        provider: runtime.provider,
-        runtimeKind: runtime.runtimeKind,
-        state: runtime.getState(),
-        capabilityReport,
-        ...sourceRuntime ? { sourceRuntime } : {}
-      };
-    },
-    async sendMessage(request) {
-      await runtime.commands.sendMessage(request.message, {
-        ...request.turnId ? { turnId: request.turnId } : {},
-        ...request.model ? { model: request.model } : {},
-        ...request.reasoningEffort ? { reasoningEffort: request.reasoningEffort } : {},
-        ...request.permissionMode ? { permissionMode: request.permissionMode } : {},
-        ...request.commandOrigin ? { commandOrigin: request.commandOrigin } : {}
-      });
-      sendCount += 1;
-      return { ok: true, commandId: `send:${sendCount}` };
-    },
-    async abort(reason) {
-      await runtime.commands.abort(reason);
-      return { ok: true, commandId: "abort" };
-    },
-    async respondToPermission(request) {
-      await runtime.commands.respondToPermission(request.requestId, request.allowed, request.remember);
-      return { ok: true, commandId: `permission:${request.requestId}` };
-    },
-    invokeSessionTool(request) {
-      const bridge = options.sessionTools ?? {};
-      return invokeSessionTool({
-        sessionId: runtime.sessionId,
-        toolName: request.toolName,
-        request: request.request,
-        bridge,
-        policy: options.hostToolPolicy,
-        commandOrigin: request.commandOrigin,
-        appendTimeline(item) {
-          const envelope = hostTimelineSequencer.append(item);
-          hostTimeline.push(envelope);
-          return envelope;
-        }
-      });
-    },
-    async fetchTimeline(request = {}) {
-      if (request.cursor?.epoch === hostTimelineEpoch) {
-        return fetchTimeline(hostTimeline, request);
-      }
-      return runtime.fetchTimeline(request);
-    },
-    subscribe(onEvent, onError, onClose) {
-      runtime.events.connect(onEvent, onError, onClose);
-      return () => runtime.events.disconnect();
-    },
-    async dispose() {
-      await runtime.commands.dispose();
-      return { ok: true, commandId: "dispose" };
-    }
-  };
-}
-function mergeExtensions(base, policy, sourceRuntime) {
-  return {
-    ...base,
-    ...policy ? { policy } : {},
-    sources: sourceRuntime?.extensions.sources ?? base?.sources
-  };
-}
-
-// ../packages/host-services/dist/index.js
-import { createHash } from "crypto";
-import { createHash as createHash2 } from "crypto";
-import { createHash as createHash3 } from "crypto";
-import { watch, existsSync, readFileSync as readFileSync2 } from "fs";
-import { createHash as createHash4 } from "crypto";
-var DEFAULT_APPROVAL_TTL_MS = 12e4;
-function createPrivilegedExecutionBroker(options = {}) {
-  const pending = /* @__PURE__ */ new Map();
-  const now = options.now ?? Date.now;
-  const audit = options.audit ?? (() => void 0);
-  function auditEvent(event, timestamp = now()) {
-    audit({ ...event, timestamp });
-  }
-  return {
-    createRequest(input) {
-      const timestamp = now();
-      const approvalTtlMs = input.approvalTtlMs ?? options.approvalTtlMs ?? DEFAULT_APPROVAL_TTL_MS;
-      const policy = validatePrivilegedCommand(input.command);
-      const request = {
-        requestId: input.requestId,
-        sessionId: input.sessionId,
-        command: input.command,
-        commandHash: hashCommand(input.command),
-        reason: input.reason,
-        impact: input.impact,
-        approvalTtlMs,
-        createdAt: timestamp,
-        expiresAt: timestamp + approvalTtlMs,
-        policyAllowed: policy.allowed,
-        policyReason: policy.reason
-      };
-      pending.set(input.requestId, request);
-      auditEvent({
-        event: "privileged_request_created",
-        requestId: request.requestId,
-        sessionId: request.sessionId,
-        commandHash: request.commandHash,
-        policyAllowed: request.policyAllowed,
-        policyReason: request.policyReason
-      }, timestamp);
-      return request;
-    },
-    resolveApproval(requestId, approved, resolveOptions = {}) {
-      const timestamp = resolveOptions.now ?? now();
-      const request = pending.get(requestId);
-      if (!request) return { ok: false, reason: "not_found" };
-      pending.delete(requestId);
-      if (resolveOptions.expectedCommandHash && resolveOptions.expectedCommandHash !== request.commandHash) {
-        auditEvent({
-          event: "privileged_request_hash_mismatch",
-          requestId: request.requestId,
-          sessionId: request.sessionId,
-          commandHash: request.commandHash
-        }, timestamp);
-        return { ok: false, reason: "command_hash_mismatch" };
-      }
-      if (!request.policyAllowed) {
-        auditEvent({
-          event: "privileged_request_blocked_by_policy",
-          requestId: request.requestId,
-          sessionId: request.sessionId,
-          commandHash: request.commandHash,
-          policyAllowed: false,
-          policyReason: request.policyReason
-        }, timestamp);
-        return { ok: false, reason: "blocked_by_policy" };
-      }
-      if (timestamp > request.expiresAt) {
-        auditEvent({
-          event: "privileged_request_expired",
-          requestId: request.requestId,
-          sessionId: request.sessionId,
-          commandHash: request.commandHash
-        }, timestamp);
-        return { ok: false, reason: "expired" };
-      }
-      auditEvent({
-        event: approved ? "privileged_request_approved" : "privileged_request_denied",
-        requestId: request.requestId,
-        sessionId: request.sessionId,
-        commandHash: request.commandHash
-      }, timestamp);
-      return approved ? { ok: true, request } : { ok: false, reason: "blocked_by_policy" };
-    }
-  };
-}
-function hashCommand(command) {
-  return createHash("sha256").update(command, "utf8").digest("hex");
-}
-function validatePrivilegedCommand(command) {
-  const normalized = command.trim().toLowerCase();
-  const allowed = /^brew\s+install\s+--cask\s+\S+/.test(normalized) || /^brew\s+upgrade\s+--cask\s+\S+/.test(normalized) || /^installer\s+-pkg\s+\S+.*\s+-target\s+\//.test(normalized);
-  return allowed ? { allowed: true } : {
-    allowed: false,
-    reason: "Privileged execution policy only allows brew cask install/upgrade and installer -pkg -target / commands"
-  };
-}
-function stableHash(value) {
-  return createHash2("sha256").update(stableStringify(value), "utf8").digest("hex").slice(0, 16);
-}
-function stableStringify(value) {
-  if (Array.isArray(value)) {
-    return `[${value.map(stableStringify).join(",")}]`;
-  }
-  if (value && typeof value === "object") {
-    const entries = Object.entries(value).filter(([, entryValue]) => entryValue !== void 0).sort(([left], [right]) => left.localeCompare(right));
-    return `{${entries.map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue)}`).join(",")}}`;
-  }
-  return JSON.stringify(value);
-}
-function redactSecrets(text) {
-  const patterns = [
-    /(authorization\s*[:=]\s*)(bearer\s+)?[^\s,;]+/gi,
-    /(token\s*[:=]\s*)[^\s,;]+/gi,
-    /(api[_-]?key\s*[:=]\s*)[^\s,;]+/gi,
-    /(secret\s*[:=]\s*)[^\s,;]+/gi
-  ];
-  let redacted = false;
-  let output2 = text;
-  for (const pattern of patterns) {
-    output2 = output2.replace(pattern, (_match, ...args) => {
-      const prefix = typeof args[0] === "string" ? args[0] : "";
-      const optionalPrefix = typeof args[1] === "string" ? args[1] : "";
-      redacted = true;
-      return `${prefix}${optionalPrefix}[REDACTED]`;
-    });
-  }
-  return { text: output2, redacted };
-}
-function cloneCommandOrigin(origin) {
-  return { ...origin };
-}
-var DEFAULT_MAX_INLINE_BYTES = 60 * 1024;
-function createToolOutputPolicy(options = {}) {
-  const maxInlineBytes = options.maxInlineBytes ?? DEFAULT_MAX_INLINE_BYTES;
-  return {
-    process(input) {
-      const redaction = redactSecrets(input.text);
-      const byteLength = Buffer.byteLength(redaction.text, "utf8");
-      const shouldInline = byteLength <= maxInlineBytes;
-      if (shouldInline) {
-        return {
-          callId: input.callId,
-          toolName: input.toolName,
-          action: "inline",
-          byteLength,
-          redacted: redaction.redacted,
-          truncated: false,
-          inlineText: redaction.text,
-          ...input.intent ? { intent: input.intent } : {}
-        };
-      }
-      const truncated = truncateByBytes(redaction.text, maxInlineBytes);
-      const source = { ...input, text: redaction.text };
-      const summary = options.summarizer ? options.summarizer({ text: truncated, source }) : truncated;
-      return {
-        callId: input.callId,
-        toolName: input.toolName,
-        action: "artifact",
-        byteLength,
-        redacted: redaction.redacted,
-        truncated: true,
-        summary,
-        artifactRef: options.artifactRef?.(input) ?? `tool-output://${input.callId}`,
-        ...input.intent ? { intent: input.intent } : {}
-      };
-    }
-  };
-}
-function truncateByBytes(text, maxBytes) {
-  const buffer = Buffer.from(text, "utf8");
-  if (buffer.byteLength <= maxBytes) return text;
-  return buffer.subarray(0, maxBytes).toString("utf8");
-}
-function createSourceAuthoringPlan(input) {
-  const slug = slugify(input.serviceName);
-  const fallbackDecision = decideSourceBrowserFallback(input);
-  return {
-    recommendedPath: fallbackDecision ? "browser-fallback" : "source",
-    workspaceId: input.workspaceId,
-    ...input.purpose ? { purpose: input.purpose } : {},
-    source: {
-      id: `${slug}_planned`,
-      slug,
-      name: input.serviceName.trim(),
-      provider: slug
-    },
-    validationSteps: [
-      "validate_config",
-      "test_connection",
-      "verify_auth",
-      "write_guide",
-      "seed_read_only_policy"
-    ],
-    ...fallbackDecision ? { browserFallbackDecision: fallbackDecision } : {}
-  };
-}
-function decideSourceBrowserFallback(input) {
-  if (input.uiOnly || input.repeatable === false) {
-    return {
-      reason: "one_off_or_ui_only",
-      reusableSourceLater: true,
-      detail: "Prefer browser fallback for one-off or UI-only work; create a source later when the workflow becomes repeatable."
-    };
-  }
-  if (input.authReliability === "brittle") {
-    return {
-      reason: "brittle_auth",
-      reusableSourceLater: true,
-      detail: "Prefer browser fallback until source authentication is reliable enough to reuse."
-    };
-  }
-  if (input.structuredAccess === false) {
-    return {
-      reason: "not_structured",
-      reusableSourceLater: true,
-      detail: "Prefer browser fallback because the task does not need reusable structured access."
-    };
-  }
-  return void 0;
-}
-function slugify(value) {
-  const slug = value.trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
-  return slug || "source";
-}
-function expandWebhookTemplate(input) {
-  const variables = input.variables ?? {};
-  const secrets = input.secrets ?? {};
-  const receipts = /* @__PURE__ */ new Map();
-  const missing = /* @__PURE__ */ new Set();
-  const expanded = input.template.replace(/\$\{([A-Z0-9_]+)\}|\$([A-Z0-9_]+)/g, (match, braced, bare) => {
-    const name = braced ?? bare;
-    if (!name) return match;
-    if (Object.prototype.hasOwnProperty.call(secrets, name) && secrets[name] !== void 0) {
-      receipts.set(name, { name, found: true, source: "secret", redacted: true });
-      return String(secrets[name]);
-    }
-    if (Object.prototype.hasOwnProperty.call(variables, name) && variables[name] !== void 0) {
-      receipts.set(name, { name, found: true, source: "variable", redacted: false });
-      return String(variables[name]);
-    }
-    missing.add(name);
-    receipts.set(name, { name, found: false, redacted: false });
-    return match;
-  });
-  let redactedPreview = expanded;
-  for (const [name, value] of Object.entries(secrets)) {
-    if (!value) continue;
-    redactedPreview = redactedPreview.split(value).join("[REDACTED]");
-    if (!receipts.has(name)) {
-      receipts.set(name, { name, found: false, source: "secret", redacted: true });
-    }
-  }
-  return {
-    expanded,
-    redactedPreview,
-    missingVariables: [...missing].sort(),
-    variables: [...receipts.values()].sort((left, right) => left.name.localeCompare(right.name))
-  };
-}
-function createMessagingAccessPolicy(options = {}) {
-  const owners = new Set(options.owners ?? []);
-  const allowedSenders = new Set(options.allowedSenders ?? []);
-  const pendingSenders = new Set(options.pendingSenders ?? []);
-  return {
-    authorize(request) {
-      const commandOrigin = {
-        type: "remote",
-        channel: request.channel,
-        actorId: request.actorId
-      };
-      if (owners.has(request.actorId)) {
-        return { decision: "allow", reason: "owner", commandOrigin };
-      }
-      if (allowedSenders.has(request.actorId)) {
-        return { decision: "allow", reason: "sender_allowed", commandOrigin };
-      }
-      if (pendingSenders.has(request.actorId)) {
-        return { decision: "ask", reason: "sender_pending_approval", commandOrigin };
-      }
-      return { decision: "deny", reason: "sender_not_allowed", commandOrigin };
-    }
-  };
-}
-function createInMemoryAuditStore(options = {}) {
-  const now = options.now ?? Date.now;
-  const entries = [];
-  return {
-    async append(input) {
-      const seq = entries.length + 1;
-      const entry = {
-        ...cloneAuditEntryInput(input),
-        auditId: `audit:${seq}`,
-        seq,
-        timestamp: now()
-      };
-      entries.push(entry);
-      return {
-        auditId: entry.auditId,
-        seq: entry.seq,
-        timestamp: entry.timestamp,
-        entry: cloneAuditEntry(entry)
-      };
-    },
-    async list(filter = {}) {
-      return filterAuditEntries(entries, filter).map(cloneAuditEntry);
-    },
-    getSnapshot() {
-      return { entries: entries.map(cloneAuditEntry) };
-    }
-  };
-}
-function cloneAuditEntryInput(input) {
-  return {
-    ...input,
-    ...input.actor ? { actor: { ...input.actor } } : {},
-    ...input.metadata ? { metadata: { ...input.metadata } } : {}
-  };
-}
-function cloneAuditEntry(entry) {
-  return {
-    ...entry,
-    ...entry.actor ? { actor: { ...entry.actor } } : {},
-    ...entry.metadata ? { metadata: { ...entry.metadata } } : {}
-  };
-}
-function filterAuditEntries(entries, filter) {
-  return entries.filter((entry) => !filter.sessionId || entry.sessionId === filter.sessionId).filter((entry) => !filter.category || entry.category === filter.category).slice(0, filter.limit ?? Number.POSITIVE_INFINITY);
-}
-function createInMemoryArtifactStore(options = {}) {
-  const now = options.now ?? Date.now;
-  const artifacts = /* @__PURE__ */ new Map();
-  return {
-    async write(input) {
-      const redaction = redactSecrets(input.text);
-      const record = {
-        artifactRef: input.artifactRef,
-        ...input.sessionId ? { sessionId: input.sessionId } : {},
-        toolName: input.toolName,
-        contentType: input.contentType,
-        text: redaction.text,
-        byteLength: Buffer.byteLength(redaction.text, "utf8"),
-        redacted: redaction.redacted,
-        createdAt: now(),
-        ...input.metadata ? { metadata: { ...input.metadata } } : {}
-      };
-      artifacts.set(record.artifactRef, record);
-      return artifactReceipt(record);
-    },
-    async read(artifactRef) {
-      const record = artifacts.get(artifactRef);
-      return record ? cloneArtifactRecord(record) : void 0;
-    },
-    async list(filter = {}) {
-      return filterArtifactRecords([...artifacts.values()], filter).map(artifactReceipt);
-    },
-    getSnapshot() {
-      return {
-        artifacts: [...artifacts.values()].map(cloneArtifactRecord)
-      };
-    }
-  };
-}
-function filterArtifactRecords(records, filter) {
-  return records.filter((record) => !filter.sessionId || record.sessionId === filter.sessionId).filter((record) => !filter.toolName || record.toolName === filter.toolName).slice(0, filter.limit ?? Number.POSITIVE_INFINITY);
-}
-function artifactReceipt(record) {
-  return {
-    artifactRef: record.artifactRef,
-    ...record.sessionId ? { sessionId: record.sessionId } : {},
-    toolName: record.toolName,
-    contentType: record.contentType,
-    byteLength: record.byteLength,
-    redacted: record.redacted,
-    createdAt: record.createdAt,
-    ...record.metadata ? { metadata: { ...record.metadata } } : {}
-  };
-}
-function cloneArtifactRecord(record) {
-  return {
-    ...record,
-    ...record.metadata ? { metadata: { ...record.metadata } } : {}
-  };
-}
-function createInMemoryNotificationHost(options = {}) {
-  const now = options.now ?? Date.now;
-  const notifications = [];
-  let counter = 0;
-  return {
-    async notify(request) {
-      const redaction = redactSecrets(request.body ?? "");
-      const receipt = {
-        notificationId: `notification:${++counter}`,
-        ...request.sessionId ? { sessionId: request.sessionId } : {},
-        ...request.topicId ? { topicId: request.topicId } : {},
-        deliveredChannels: [...new Set(request.channels)],
-        title: request.title,
-        ...request.body !== void 0 ? { bodyPreview: redaction.text } : {},
-        severity: request.severity ?? "info",
-        redacted: redaction.redacted,
-        timestamp: now(),
-        ...request.origin ? { origin: cloneCommandOrigin(request.origin) } : {}
-      };
-      notifications.push(receipt);
-      return cloneNotificationReceipt(receipt);
-    },
-    getSnapshot() {
-      return { notifications: notifications.map(cloneNotificationReceipt) };
-    }
-  };
-}
-function cloneNotificationReceipt(receipt) {
-  return {
-    ...receipt,
-    deliveredChannels: [...receipt.deliveredChannels],
-    ...receipt.origin ? { origin: cloneCommandOrigin(receipt.origin) } : {}
-  };
-}
-function createMessagingBindingStore(options = {}) {
-  const now = options.now ?? Date.now;
-  const bindings = /* @__PURE__ */ new Map();
-  return {
-    async bindTopic(input) {
-      const timestamp = now();
-      const existing = bindings.get(input.bindingId);
-      const binding = {
-        bindingId: input.bindingId,
-        sessionId: input.sessionId,
-        channel: input.channel,
-        topicId: input.topicId,
-        ...input.actorId ? { actorId: input.actorId } : existing?.actorId ? { actorId: existing.actorId } : {},
-        createdAt: existing?.createdAt ?? timestamp,
-        updatedAt: timestamp,
-        ...input.metadata ? { metadata: { ...input.metadata } } : existing?.metadata ? { metadata: { ...existing.metadata } } : {}
-      };
-      bindings.set(binding.bindingId, binding);
-      return cloneTopicBinding(binding);
-    },
-    async resolveTopic(lookup) {
-      const binding = [...bindings.values()].find((candidate) => candidate.channel === lookup.channel && candidate.topicId === lookup.topicId);
-      return binding ? cloneTopicBinding(binding) : void 0;
-    },
-    async listBindings(filter = {}) {
-      return [...bindings.values()].filter((binding) => !filter.sessionId || binding.sessionId === filter.sessionId).filter((binding) => !filter.channel || binding.channel === filter.channel).map(cloneTopicBinding);
-    },
-    async unbindTopic(bindingId, unbindOptions = {}) {
-      if (!bindings.has(bindingId)) return { ok: false, bindingId, reason: "not_found" };
-      bindings.delete(bindingId);
-      return {
-        ok: true,
-        bindingId,
-        unboundAt: now(),
-        ...unbindOptions.actorId ? { actorId: unbindOptions.actorId } : {}
-      };
-    },
-    getSnapshot() {
-      return { bindings: [...bindings.values()].map(cloneTopicBinding) };
-    }
-  };
-}
-function cloneTopicBinding(binding) {
-  return {
-    ...binding,
-    ...binding.metadata ? { metadata: { ...binding.metadata } } : {}
-  };
-}
-var DEFAULT_SECRET_ENV_KEY_PATTERN = /(token|api[_-]?key|secret|password|passwd|credential|authorization|auth)$/i;
-function scrubLocalMcpEnvironment(env, options = {}) {
-  const keepKeys = new Set(options.keepKeys ?? []);
-  const removeKeyPattern = options.removeKeyPattern ?? DEFAULT_SECRET_ENV_KEY_PATTERN;
-  const scrubbed = {};
-  const redactedPreview = {};
-  const removedKeys = [];
-  for (const [key, value] of Object.entries(env)) {
-    if (value === void 0) continue;
-    if (!keepKeys.has(key) && removeKeyPattern.test(key)) {
-      removedKeys.push(key);
-      redactedPreview[key] = "[REDACTED]";
-      continue;
-    }
-    scrubbed[key] = value;
-    redactedPreview[key] = value;
-  }
-  removedKeys.sort();
-  return {
-    env: scrubbed,
-    removedKeys,
-    redactedPreview
-  };
-}
-function createConfigRecoveryReceipt(input) {
-  const migratedAliases = [...input.migratedAliases ?? []].sort();
-  const matcherIdsBackfilled = [...input.matcherIdsBackfilled ?? []].sort();
-  const body = {
-    configPath: input.configPath,
-    configKind: input.configKind,
-    problem: input.problem,
-    recovery: input.recovery,
-    defaultVersion: input.defaultVersion,
-    userConfigHash: input.userConfigHash,
-    migratedAliases,
-    matcherIdsBackfilled,
-    timestamp: input.timestamp
-  };
-  return {
-    ...body,
-    receiptId: `config-recovery:${stableHash(body)}`,
-    overwroteUserConfig: false,
-    migratedAliases,
-    matcherIdsBackfilled
-  };
-}
-function createResourceBundleSnapshot(input) {
-  const resources = [...input.resources].map((resource) => ({ ...resource })).sort((left, right) => left.path.localeCompare(right.path));
-  const body = {
-    workspaceId: input.workspaceId,
-    resources,
-    timestamp: input.timestamp
-  };
-  return {
-    snapshotId: `resource-bundle:${stableHash(body)}`,
-    workspaceId: input.workspaceId,
-    resourceCount: resources.length,
-    resources,
-    ...input.timestamp !== void 0 ? { timestamp: input.timestamp } : {}
-  };
-}
-function createConfigWatchEvent(input) {
-  const body = { ...input };
-  return {
-    ...body,
-    eventId: `config-watch:${stableHash(body)}`
-  };
-}
-var RUNTIME_KIND_ORDER = ["claude", "codex", "mcp", "cli"];
-function createToolRegistryVersion(input) {
-  const tools = [...input.tools].map((tool) => ({
-    ...tool,
-    ...tool.featureFlags ? { featureFlags: [...tool.featureFlags].sort() } : {},
-    runtimeSupport: { ...tool.runtimeSupport }
-  })).sort((left, right) => left.name.localeCompare(right.name));
-  const unsupported = collectRuntimeSupportGaps(tools, "unsupported");
-  const degraded = collectRuntimeSupportGaps(tools, "degraded");
-  const body = {
-    registryVersion: input.registryVersion,
-    tools
-  };
-  return {
-    registryId: `tool-registry:${stableHash(body)}`,
-    registryVersion: input.registryVersion,
-    toolCount: tools.length,
-    tools,
-    degraded,
-    unsupported
-  };
-}
-function collectRuntimeSupportGaps(tools, level) {
-  const gaps = [];
-  for (const tool of tools) {
-    const runtimeKinds = [...RUNTIME_KIND_ORDER].sort();
-    for (const runtimeKind of runtimeKinds) {
-      if (tool.runtimeSupport[runtimeKind] === level) {
-        gaps.push({ name: tool.name, runtimeKind });
-      }
-    }
-  }
-  return gaps;
-}
-function validateStatusConfig(config, file = "statuses.json") {
-  const errors = [];
-  const warnings = [];
-  const statusIds = /* @__PURE__ */ new Set();
-  config.statuses.forEach((status, index) => {
-    if (!status.id) {
-      errors.push({
-        file,
-        path: `statuses[${index}].id`,
-        message: "Status id is required",
-        severity: "error"
-      });
-      return;
-    }
-    if (statusIds.has(status.id)) {
-      errors.push({
-        file,
-        path: `statuses[${index}].id`,
-        message: "Status id must be unique",
-        severity: "error"
-      });
-      return;
-    }
-    statusIds.add(status.id);
-  });
-  const initial = config.statuses.find((status) => status.id === config.initialStatus);
-  if (!initial) {
-    errors.push({
-      file,
-      path: "initialStatus",
-      message: "Initial status is not defined",
-      severity: "error"
-    });
-  } else if (initial.terminal) {
-    errors.push({
-      file,
-      path: "initialStatus",
-      message: "Initial status cannot be terminal",
-      severity: "error"
-    });
-  }
-  for (const [index, transition] of (config.allowedTransitions ?? []).entries()) {
-    if (!statusIds.has(transition.from)) {
-      errors.push({
-        file,
-        path: `allowedTransitions[${index}].from`,
-        message: "Transition source status is not defined",
-        severity: "error"
-      });
-    }
-    if (!statusIds.has(transition.to)) {
-      errors.push({
-        file,
-        path: `allowedTransitions[${index}].to`,
-        message: "Transition target status is not defined",
-        severity: "error"
-      });
-    }
-  }
-  if (!config.statuses.some((status) => status.terminal)) {
-    warnings.push({
-      file,
-      path: "statuses",
-      message: "Status config has no terminal status",
-      severity: "warning",
-      suggestion: "Add at least one terminal status such as done or archived."
-    });
-  }
-  return {
-    valid: errors.length === 0,
-    errors,
-    warnings
-  };
-}
-function createInMemoryHostUtilityToolRegistry(options = {}) {
-  const now = options.now ?? Date.now;
-  const outputPolicy = options.outputPolicy ?? createToolOutputPolicy();
-  const tools = /* @__PURE__ */ new Map();
-  return {
-    register(input) {
-      tools.set(input.descriptor.name, cloneUtilityRegistration(input));
-    },
-    async execute(input) {
-      const startedAt = now();
-      const policyDecision = input.policyDecision ?? { decision: "allow" };
-      const descriptor = tools.get(input.toolName)?.descriptor;
-      if (policyDecision.decision !== "allow") {
-        return createUtilityReceipt({
-          input,
-          descriptor,
-          startedAt,
-          finishedAt: now(),
-          text: policyDecision.reason,
-          exitStatus: "denied",
-          policyDecision,
-          outputPolicy
-        });
-      }
-      const registration = tools.get(input.toolName);
-      if (!registration) {
-        return createUtilityReceipt({
-          input,
-          startedAt,
-          finishedAt: now(),
-          text: "host utility tool is not registered",
-          exitStatus: "unsupported",
-          policyDecision,
-          outputPolicy
-        });
-      }
-      try {
-        const result = await registration.handler(input.input, {
-          callId: input.callId,
-          ...input.commandOrigin ? { commandOrigin: cloneCommandOrigin(input.commandOrigin) } : {}
-        });
-        return createUtilityReceipt({
-          input,
-          descriptor: registration.descriptor,
-          startedAt,
-          finishedAt: now(),
-          text: result.text,
-          exitStatus: result.exitStatus ?? "success",
-          policyDecision,
-          outputPolicy,
-          metadata: result.metadata
-        });
-      } catch (error) {
-        return createUtilityReceipt({
-          input,
-          descriptor: registration.descriptor,
-          startedAt,
-          finishedAt: now(),
-          text: error instanceof Error ? error.message : String(error),
-          exitStatus: "failed",
-          policyDecision,
-          outputPolicy
-        });
-      }
-    },
-    capabilityReport() {
-      return createToolRegistryVersion({
-        registryVersion: options.registryVersion ?? "in-memory",
-        tools: [...tools.values()].map((tool) => tool.descriptor)
-      });
-    }
-  };
-}
-function createUtilityReceipt(input) {
-  const output2 = input.outputPolicy.process({
-    callId: input.input.callId,
-    toolName: input.input.toolName,
-    text: input.text,
-    intent: input.descriptor?.category
-  });
-  return {
-    toolName: input.input.toolName,
-    callId: input.input.callId,
-    inputDigest: `sha256:${createHash3("sha256").update(stableStringify(input.input.input), "utf8").digest("hex")}`,
-    executionMode: "host-service",
-    ...input.descriptor?.sandboxProfile ? { sandboxProfile: cloneSandboxProfile(input.descriptor.sandboxProfile) } : {},
-    output: output2,
-    durationMs: input.finishedAt - input.startedAt,
-    startedAt: input.startedAt,
-    finishedAt: input.finishedAt,
-    exitStatus: input.exitStatus,
-    policyDecision: { ...input.policyDecision },
-    ...input.input.commandOrigin ? { commandOrigin: cloneCommandOrigin(input.input.commandOrigin) } : {},
-    ...input.metadata ? { metadata: { ...input.metadata } } : {}
-  };
-}
-function cloneUtilityRegistration(input) {
-  return {
-    descriptor: cloneHostUtilityDescriptor(input.descriptor),
-    handler: input.handler
-  };
-}
-function cloneHostUtilityDescriptor(descriptor) {
-  return {
-    ...descriptor,
-    ...descriptor.featureFlags ? { featureFlags: [...descriptor.featureFlags] } : {},
-    runtimeSupport: { ...descriptor.runtimeSupport },
-    ...descriptor.sandboxProfile ? { sandboxProfile: cloneSandboxProfile(descriptor.sandboxProfile) } : {}
-  };
-}
-function cloneSandboxProfile(profile) {
-  return {
-    ...profile,
-    allowedRuntimes: [...profile.allowedRuntimes],
-    envScrubbedKeys: [...profile.envScrubbedKeys]
-  };
-}
-function createSecondaryLlmCallPolicy(options) {
-  const allowedModels = new Set(options.allowedModels);
-  const allowedAttachmentRoots = options.allowedAttachmentRoots ?? [];
-  return {
-    authorize(input) {
-      if (!allowedModels.has(input.model)) {
-        return { decision: "deny", reason: "model_not_allowed", model: input.model };
-      }
-      const inputBytes = Buffer.byteLength(input.prompt, "utf8");
-      if (inputBytes > options.maxInputBytes) {
-        return { decision: "deny", reason: "input_too_large", model: input.model };
-      }
-      const maxOutputBytes = input.maxOutputBytes ?? options.maxOutputBytes;
-      if (maxOutputBytes > options.maxOutputBytes) {
-        return { decision: "deny", reason: "output_too_large", model: input.model };
-      }
-      if ((input.attachments ?? []).some((path) => !isAllowedAttachmentPath(path, allowedAttachmentRoots))) {
-        return { decision: "deny", reason: "attachment_path_not_allowed", model: input.model };
-      }
-      return {
-        decision: "allow",
-        model: input.model,
-        inputBytes,
-        maxOutputBytes
-      };
-    }
-  };
-}
-function isAllowedAttachmentPath(path, allowedRoots) {
-  if (allowedRoots.length === 0) return false;
-  return allowedRoots.some((root) => path === root || path.startsWith(`${root.replace(/\/+$/, "")}/`));
-}
-function createInMemorySessionToolBridge(options = {}) {
-  const now = options.now ?? Date.now;
-  const sessions = /* @__PURE__ */ new Map();
-  const plans = [];
-  const browserActions = [];
-  const messages = [];
-  const spawnedSessions = [];
-  const sourceOperations = [];
-  const skillOperations = [];
-  const automationConfigOperations = [];
-  const scheduleOperations = [];
-  let generatedSessionCounter = 0;
-  let messageCounter = 0;
-  function ensureSession(sessionId) {
-    const id = sessionId ?? "default";
-    const existing = sessions.get(id);
-    if (existing) return existing;
-    const created = { sessionId: id };
-    sessions.set(id, created);
-    return created;
-  }
-  function nextSessionId() {
-    return options.nextSessionId?.() ?? `session-${++generatedSessionCounter}`;
-  }
-  const bridge = {
-    async submitPlan(request) {
-      ensureSession(request.sessionId);
-      plans.push({
-        sessionId: request.sessionId,
-        planRef: request.planRef,
-        ...request.origin ? { origin: request.origin } : {},
-        submittedAt: now()
-      });
-      return { accepted: true, planRef: request.planRef };
-    },
-    async runBrowserAction(request) {
-      const record = {
-        sessionId: request.sessionId,
-        action: request.action,
-        ...request.input !== void 0 ? { input: request.input } : {},
-        recordedAt: now()
-      };
-      ensureSession(request.sessionId);
-      browserActions.push(record);
-      return {
-        ok: true,
-        result: {
-          action: record.action,
-          ...record.input !== void 0 ? { input: record.input } : {},
-          recordedAt: record.recordedAt
-        }
-      };
-    },
-    async spawnSession(request) {
-      const sessionId = nextSessionId();
-      const record = {
-        sessionId,
-        ...request.parentSessionId ? { parentSessionId: request.parentSessionId } : {},
-        prompt: request.prompt,
-        ...request.model ? { model: request.model } : {},
-        ...request.commandOrigin ? { commandOrigin: request.commandOrigin } : {},
-        createdAt: now()
-      };
-      spawnedSessions.push(record);
-      sessions.set(sessionId, {
-        sessionId,
-        topic: request.prompt,
-        status: "created"
-      });
-      return { sessionId };
-    },
-    async sendSessionMessage(request) {
-      ensureSession(request.sessionId);
-      const commandId = `message:${++messageCounter}`;
-      messages.push({
-        sessionId: request.sessionId,
-        message: request.message,
-        ...request.attachments ? { attachments: cloneAttachments(request.attachments) } : {},
-        ...request.commandOrigin ? { commandOrigin: request.commandOrigin } : {},
-        commandId,
-        sentAt: now()
-      });
-      return { ok: true, commandId };
-    },
-    async updateSessionMetadata(request) {
-      const sessionId = request.sessionId ?? "default";
-      const current = ensureSession(sessionId);
-      const next = {
-        ...current,
-        sessionId,
-        ...request.labels ? { labels: uniqueSorted(request.labels) } : {},
-        ...request.status ? { status: request.status } : {},
-        ...request.flagged !== void 0 ? { flagged: request.flagged } : {},
-        ...request.topic ? { topic: request.topic } : {}
-      };
-      sessions.set(sessionId, next);
-      return cloneSession(next);
-    },
-    async listSessions(request) {
-      const labels = request.labels ?? [];
-      const filtered = [...sessions.values()].filter((session) => !request.status || session.status === request.status).filter((session) => labels.every((label) => session.labels?.includes(label))).sort((left, right) => String(left.sessionId ?? "").localeCompare(String(right.sessionId ?? ""))).slice(0, request.limit ?? Number.POSITIVE_INFINITY).map(cloneSession);
-      return { sessions: filtered };
-    },
-    // Sources CRUD (in-memory recording stubs)
-    async listSources(request) {
-      sourceOperations.push({ op: "listSources", request, ts: now() });
-      return { sources: [] };
-    },
-    async getSource(request) {
-      sourceOperations.push({ op: "getSource", request, ts: now() });
-      return { source: { slug: request.sourceSlug, name: request.sourceSlug, provider: "stub", type: "api", enabled: true } };
-    },
-    async createSource(request) {
-      sourceOperations.push({ op: "createSource", request, ts: now() });
-      return { ok: true, source: { slug: request.name.toLowerCase().replace(/\s+/g, "-"), name: request.name, provider: request.provider, type: request.type, enabled: request.enabled ?? true } };
-    },
-    async updateSource(request) {
-      sourceOperations.push({ op: "updateSource", request, ts: now() });
-      return { ok: true, source: { slug: request.sourceSlug, name: request.name ?? request.sourceSlug, provider: "stub", type: "api", enabled: request.enabled ?? true } };
-    },
-    async deleteSource(request) {
-      sourceOperations.push({ op: "deleteSource", request, ts: now() });
-      return { ok: true, sourceSlug: request.sourceSlug };
-    },
-    // Skills CRUD (in-memory recording stubs)
-    async listSkills(request) {
-      skillOperations.push({ op: "listSkills", request, ts: now() });
-      return { skills: [] };
-    },
-    async getSkill(request) {
-      skillOperations.push({ op: "getSkill", request, ts: now() });
-      return { skill: { slug: request.skillSlug, name: request.skillSlug, description: "stub", source: "workspace", content: "" } };
-    },
-    async createSkill(request) {
-      skillOperations.push({ op: "createSkill", request, ts: now() });
-      return { ok: true, skill: { slug: request.slug, name: request.name, description: request.description, source: "workspace" } };
-    },
-    async updateSkill(request) {
-      skillOperations.push({ op: "updateSkill", request, ts: now() });
-      return { ok: true, skill: { slug: request.skillSlug, name: request.name ?? request.skillSlug, description: request.description ?? "stub", source: "workspace" } };
-    },
-    async deleteSkill(request) {
-      skillOperations.push({ op: "deleteSkill", request, ts: now() });
-      return { ok: true, skillSlug: request.skillSlug };
-    },
-    // Automations Config (in-memory recording stubs)
-    async getAutomationsConfig(request) {
-      automationConfigOperations.push({ op: "getAutomationsConfig", request, ts: now() });
-      return { config: null, configPath: "/stub/automations.json" };
-    },
-    async updateAutomationsConfig(request) {
-      automationConfigOperations.push({ op: "updateAutomationsConfig", request, ts: now() });
-      return { ok: true, automationCount: 0, errors: [] };
-    },
-    // Scheduler (in-memory recording stubs)
-    async listSchedules(request) {
-      scheduleOperations.push({ op: "listSchedules", request, ts: now() });
-      return { schedules: [] };
-    },
-    async startSchedule(request) {
-      scheduleOperations.push({ op: "startSchedule", request, ts: now() });
-      return { schedulerId: request.schedulerId, state: "started", timestamp: now() };
-    },
-    async stopSchedule(request) {
-      scheduleOperations.push({ op: "stopSchedule", request, ts: now() });
-      return { ok: true, schedulerId: request.schedulerId, state: "stopped" };
-    },
-    ...options.queryLlm ? {
-      async queryLlm(request) {
-        return options.queryLlm(request);
-      }
-    } : {}
-  };
-  return {
-    bridge,
-    getSnapshot() {
-      return {
-        sessions: [...sessions.values()].map(cloneSession),
-        plans: plans.map((plan) => ({ ...plan })),
-        browserActions: browserActions.map((action) => ({ ...action })),
-        messages: messages.map((message) => ({
-          ...message,
-          ...message.attachments ? { attachments: cloneAttachments(message.attachments) } : {}
-        })),
-        spawnedSessions: spawnedSessions.map((session) => ({ ...session })),
-        sourceOperations: sourceOperations.map((op) => ({ ...op })),
-        skillOperations: skillOperations.map((op) => ({ ...op })),
-        automationConfigOperations: automationConfigOperations.map((op) => ({ ...op })),
-        scheduleOperations: scheduleOperations.map((op) => ({ ...op }))
-      };
-    }
-  };
-}
-function cloneSession(session) {
-  return {
-    ...session,
-    ...session.labels ? { labels: [...session.labels] } : {}
-  };
-}
-function cloneAttachments(attachments) {
-  return attachments.map((attachment) => ({ ...attachment }));
-}
-function uniqueSorted(values) {
-  return [...new Set(values)].sort();
-}
-function createConfigWatcherManager(options) {
-  const watchers = [];
-  const hashes = /* @__PURE__ */ new Map();
-  const debounceMs = options.debounceMs ?? 300;
-  const now = options.now ?? Date.now;
-  const debounceTimers = /* @__PURE__ */ new Map();
-  let active = false;
-  function hashFile(path) {
-    try {
-      if (!existsSync(path)) return void 0;
-      const content = readFileSync2(path, "utf-8");
-      return createHash4("sha256").update(content).digest("hex").slice(0, 16);
-    } catch {
-      return void 0;
-    }
-  }
-  function handleChange(file) {
-    const existing = debounceTimers.get(file.path);
-    if (existing) clearTimeout(existing);
-    debounceTimers.set(file.path, setTimeout(() => {
-      debounceTimers.delete(file.path);
-      if (!active) return;
-      const previousHash = hashes.get(file.path);
-      const nextHash = hashFile(file.path);
-      if (previousHash === nextHash) return;
-      let action;
-      if (!previousHash && nextHash) action = "created";
-      else if (previousHash && !nextHash) action = "deleted";
-      else action = "updated";
-      if (nextHash) {
-        hashes.set(file.path, nextHash);
-      } else {
-        hashes.delete(file.path);
-      }
-      options.callbacks.onConfigChange({
-        workspaceId: options.workspaceId,
-        configPath: file.path,
-        configKind: file.kind,
-        action,
-        source: "file_watcher",
-        timestamp: now(),
-        previousHash,
-        nextHash
-      });
-    }, debounceMs));
-  }
-  return {
-    get watching() {
-      return active;
-    },
-    start() {
-      if (active) return;
-      active = true;
-      for (const file of options.files) {
-        const initialHash = hashFile(file.path);
-        if (initialHash) hashes.set(file.path, initialHash);
-        try {
-          const watcher = watch(file.path, { persistent: false }, () => {
-            handleChange(file);
-          });
-          watcher.on("error", (err) => {
-            options.callbacks.onError?.(err);
-          });
-          watchers.push(watcher);
-        } catch {
-        }
-      }
-    },
-    stop() {
-      active = false;
-      for (const watcher of watchers) {
-        watcher.close();
-      }
-      watchers.length = 0;
-      for (const timer of debounceTimers.values()) {
-        clearTimeout(timer);
-      }
-      debounceTimers.clear();
-    }
-  };
-}
-export {
-  createConfigRecoveryReceipt,
-  createConfigWatchEvent,
-  createConfigWatcherManager,
-  createHostAgentRuntime,
-  createHostRuntimeController,
-  createInMemoryArtifactStore,
-  createInMemoryAuditStore,
-  createInMemoryHostUtilityToolRegistry,
-  createInMemoryNotificationHost,
-  createInMemorySessionToolBridge,
-  createMessagingAccessPolicy,
-  createMessagingBindingStore,
-  createPrivilegedExecutionBroker,
-  createResourceBundleSnapshot,
-  createSecondaryLlmCallPolicy,
-  createSourceAuthoringPlan,
-  createToolOutputPolicy,
-  createToolRegistryVersion,
-  expandWebhookTemplate,
-  scrubLocalMcpEnvironment,
-  validateStatusConfig
-};