@pixelzx/genesis 2026.5.9-1 → 2026.5.9-2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/dist/.buildstamp +1 -1
- package/dist/abort-0CA8dLfb.js +201 -0
- package/dist/abort-cutoff.runtime-DLrSrIKj.js +20 -0
- package/dist/abort-cutoff.runtime.js +1 -1
- package/dist/abort.runtime-CZs24Rqo.js +2 -0
- package/dist/abort.runtime.js +1 -1
- package/dist/accounts-B4zJe0Yq.js +104 -0
- package/dist/accounts-BLjPr3cU.js +2 -0
- package/dist/accounts-CvvmJTMr.js +107 -0
- package/dist/acp-cli-CLEGmnZG.js +2193 -0
- package/dist/acp-spawn-3sot_ro5.js +1093 -0
- package/dist/acp-spawn-Ssi3CAga.js +2 -0
- package/dist/acp-stateful-target-driver-BLAHVVvA.js +89 -0
- package/dist/action-agents-Dq0xDTDy.js +67 -0
- package/dist/action-focus-BcCDHjpm.js +132 -0
- package/dist/action-help-Dv0F-uYd.js +7 -0
- package/dist/action-info-DrvJBtYv.js +101 -0
- package/dist/action-kill-C0ctDBN6.js +33 -0
- package/dist/action-list-ifQSDER2.js +21 -0
- package/dist/action-log-DigSwoBN.js +30 -0
- package/dist/action-send-Fgxgzr1G.js +39 -0
- package/dist/action-spawn-CQ9o7O-c.js +47 -0
- package/dist/action-unfocus-CTw5MONo.js +29 -0
- package/dist/actions.runtime-C48NraIV.js +5 -0
- package/dist/actions.runtime-vPuYQMEP.js +18 -0
- package/dist/actions.runtime.js +1 -1
- package/dist/agent-DcF3DIOY.js +2 -0
- package/dist/agent-command-DFciA5wB.js +874 -0
- package/dist/agent-harness-runtime-DYaAPdEV.js +144 -0
- package/dist/agent-runner-utils-Mk9b9UU9.js +239 -0
- package/dist/agent-runner.runtime-BjFjcCHV.js +3455 -0
- package/dist/agent-runner.runtime.js +1 -1
- package/dist/agent-runtime-BMldiM3Y.js +18 -0
- package/dist/agents-CWjPyPsv.js +5 -0
- package/dist/agents-DVeZakyc.js +954 -0
- package/dist/agents.bindings-DIEj_i2u.js +2 -0
- package/dist/agents.command-shared-Dnz5T0nf.js +40 -0
- package/dist/aliases-BurIDhAz.js +96 -0
- package/dist/aliases-DRf5QKLd.js +2 -0
- package/dist/api-1odKgvPw.js +3 -0
- package/dist/api-B4QoV66o.js +4 -0
- package/dist/api-BVv3GELU.js +5 -0
- package/dist/api-CLi_q8yx.js +48 -0
- package/dist/api-DpTBPGPX.js +139 -0
- package/dist/apply-BTVGkXcq.js +508 -0
- package/dist/apply.runtime-CGa1bc-F.js +166 -0
- package/dist/apply.runtime-CMLd-Aow.js +2 -0
- package/dist/apply.runtime.js +1 -1
- package/dist/approval-gateway-resolver-9vElgdEH.js +29 -0
- package/dist/approval-gateway-runtime-BcR8gXqU.js +2 -0
- package/dist/approval-handler-runtime-BI7BobM2.js +439 -0
- package/dist/approval-native-runtime-Bz8Vy_5G.js +729 -0
- package/dist/assistant-identity-BamJmF6s.js +74 -0
- package/dist/attempt-execution.runtime-CCpDCgeC.js +509 -0
- package/dist/attempt-execution.runtime.js +1 -1
- package/dist/attempt-execution.shared-tYK6f1sA.js +22 -0
- package/dist/attempt.prompt-helpers-BD2qLk94.js +221 -0
- package/dist/attempt.tool-run-context-CVbNUM9c.js +933 -0
- package/dist/audit-D_CSTjWR.js +939 -0
- package/dist/audit-channel.collect.runtime.js +1 -1
- package/dist/audit-extra.async-wruNJd57.js +971 -0
- package/dist/audit-tool-policy-B9AcZJql.js +3 -0
- package/dist/audit.deep.runtime-D4eXtoCF.js +2 -0
- package/dist/audit.deep.runtime.js +1 -1
- package/dist/audit.nondeep.runtime--FJmBA_w.js +880 -0
- package/dist/audit.nondeep.runtime.js +1 -1
- package/dist/audit.runtime-D2oypbTV.js +7 -0
- package/dist/audit.runtime.js +1 -1
- package/dist/auth-CAY7RIm5.js +2 -0
- package/dist/auth-CRl0U5WO.js +383 -0
- package/dist/auth-choice-BWpQV6PB.js +3 -0
- package/dist/auth-choice-C44XKsb9.js +354 -0
- package/dist/auth-choice-CgtXS0UY.js +85 -0
- package/dist/auth-choice-inference-HLapN0yl.js +30 -0
- package/dist/auth-choice-legacy--d5CxMYA.js +2 -0
- package/dist/auth-choice-legacy-BiaOGRSa.js +40 -0
- package/dist/auth-choice-options-CxxsZ9AS.js +99 -0
- package/dist/auth-choice-prompt-Bs5HdLZo.js +2 -0
- package/dist/auth-choice-prompt-CIbZkP3q.js +37 -0
- package/dist/auth-choice.apply.api-providers-DFs_Hb7e.js +2 -0
- package/dist/auth-choice.plugin-providers.runtime.js +1 -1
- package/dist/auth-install-policy-D2XRHYp_.js +195 -0
- package/dist/auth-lp2EMTMM.js +177 -0
- package/dist/auth-order-CkBahFe_.js +96 -0
- package/dist/auth-order-CseGI6QD.js +2 -0
- package/dist/auth-sU9QFM3_.js +56 -0
- package/dist/backup-verify-B-Uoj-15.js +2 -0
- package/dist/bash-tools-Br73otxW.js +2824 -0
- package/dist/bash-tools-D8b6lPnl.js +3 -0
- package/dist/bash-tools.exec-runtime-C4MO_tR3.js +829 -0
- package/dist/binding-routing-_1GxTJvW.js +85 -0
- package/dist/binding-targets-BZi7Eaky.js +121 -0
- package/dist/bonjour-discovery-bYgCDFiV.js +2 -0
- package/dist/bridge-server-Z8a6wG_a.js +113 -0
- package/dist/browser-control-auth-b0i_ogzs.js +2 -0
- package/dist/browser-node-runtime-DIn0vNQP.js +12 -0
- package/dist/browser-profiles-RRJksKtC.js +2 -0
- package/dist/browser-runtime-CRmjM_eN.js +387 -0
- package/dist/browser-setup-tools-DfljsIaS.js +13 -0
- package/dist/build-BTY-zmOn.js +550 -0
- package/dist/build-info.json +3 -3
- package/dist/bundled/boot-md/handler.js +3 -3
- package/dist/bundled/session-memory/handler.js +1 -1
- package/dist/bundled-plugin-load-paths-BhceQF7C.js +2 -0
- package/dist/bundled-plugin-load-paths-ZWKh-Qtt.js +110 -0
- package/dist/call-83wQ4RK2.js +3 -0
- package/dist/call-CNGUHA4E.js +331 -0
- package/dist/call.runtime-BoeU6HlD.js +2 -0
- package/dist/call.runtime.js +1 -1
- package/dist/capability-cli-CjXZtiAN.js +1401 -0
- package/dist/catalog-provider-hbPYCIHb.js +40 -0
- package/dist/catchup-fi0A0X6G.js +300 -0
- package/dist/channel-BCyBYEZw.js +491 -0
- package/dist/channel-BollE3fK.js +226 -0
- package/dist/channel-C4iJHasO.js +1174 -0
- package/dist/channel-CZj1GE6c.js +350 -0
- package/dist/channel-DSf_WWeM.js +453 -0
- package/dist/channel-DZ1WMqes.js +297 -0
- package/dist/channel-Djz_Jz-P.js +1320 -0
- package/dist/channel-Vl5tW4wj.js +840 -0
- package/dist/channel-aCMKD2EU.js +595 -0
- package/dist/channel-add-wizard-CyaqyoMI.js +125 -0
- package/dist/channel-add-wizard-DBnqJQ7p.js +2 -0
- package/dist/channel-core-o2ga4Mn-.js +5 -0
- package/dist/channel-doctor-Bm067ZZ3.js +2 -0
- package/dist/channel-inbound-6EfM36fi.js +31 -0
- package/dist/channel-oGSbONXx.js +1100 -0
- package/dist/channel-plugin-resolution-7SkSLEid.js +2 -0
- package/dist/channel-plugin-resolution-D4rtoY6H.js +153 -0
- package/dist/channel-plugin-runtime-DDWX5ddg.js +771 -0
- package/dist/channel-runtime-BtLIK1S8.js +425 -0
- package/dist/channel-selection.runtime.js +1 -1
- package/dist/channel-setup-zPxdbm4p.js +1297 -0
- package/dist/channel-v7Nf8_kK.js +1802 -0
- package/dist/channel.runtime-1NdLQuo5.js +576 -0
- package/dist/channel.runtime-BXuA38HL.js +430 -0
- package/dist/channel.runtime-BZznmhpw.js +89 -0
- package/dist/channel.runtime-BcbP0aUr.js +2364 -0
- package/dist/channel.runtime-Cn9YkO17.js +109 -0
- package/dist/channel.runtime-sHzdaLSR.js +34702 -0
- package/dist/channel.runtime-u6CglHXP.js +4 -0
- package/dist/channel.runtime.js +1 -1
- package/dist/channel.setup-CQPT27he.js +10 -0
- package/dist/channels-Ca_GeBCA.js +733 -0
- package/dist/channels-cli-CYiAFi2L.js +268 -0
- package/dist/chat-B0obqfrE.js +2830 -0
- package/dist/chrome-Dmg8rOOy.js +1430 -0
- package/dist/clawbot-cli-D-wsbybZ.js +9 -0
- package/dist/clawhub-Bw_oroJ9.js +400 -0
- package/dist/cli/daemon-cli.js +4 -4
- package/dist/cli-Cjg5FoK6.js +3726 -0
- package/dist/cli-D7FnZRhN.js +72 -0
- package/dist/cli-DTzACUJ5.js +2 -0
- package/dist/cli-DVF0lmSY.js +683 -0
- package/dist/cli-DdosPr5g.js +2 -0
- package/dist/cli-DgBnKpnx.js +219 -0
- package/dist/cli-DlpFMnDe.js +154 -0
- package/dist/cli-okIxAXmr.js +2 -0
- package/dist/cli-runner-BYpLWLGt.js +286 -0
- package/dist/cli-runner.runtime-B7YAJHpe.js +3 -0
- package/dist/cli-runner.runtime-CJYMKi2e.js +4 -0
- package/dist/cli-runner.runtime.js +1 -1
- package/dist/cli-startup-metadata.json +2 -2
- package/dist/cli.runtime-BiQiuGK8.js +1261 -0
- package/dist/cli.runtime.js +1 -1
- package/dist/client-BR4n6hNI.js +713 -0
- package/dist/client-Cf24VXFt.js +138 -0
- package/dist/command-auth-ZFNGVZ1l.js +76 -0
- package/dist/command-config-resolution-CCxM48fG.js +23 -0
- package/dist/command-config-resolution-DZ8NuYpb.js +2 -0
- package/dist/command-config-resolution.runtime-y20A7eoR.js +2 -0
- package/dist/command-config-resolution.runtime.js +1 -1
- package/dist/command-execution-startup-C1Ev3Qnf.js +324 -0
- package/dist/command-registry-Cp0-uBvD.js +4 -0
- package/dist/command-registry-CroYLrbJ.js +9 -0
- package/dist/command-registry-core-DztPKtJK.js +101 -0
- package/dist/command-secret-gateway-C0FsXiNU.js +528 -0
- package/dist/command-status.runtime-BpBrSGUJ.js +87 -0
- package/dist/command-status.runtime.js +1 -1
- package/dist/commands-acp-B61b7ved.js +77 -0
- package/dist/commands-compact.runtime-BAdDkvwj.js +10 -0
- package/dist/commands-compact.runtime.js +1 -1
- package/dist/commands-core.runtime-DiHWuAG7.js +2 -0
- package/dist/commands-core.runtime.js +1 -1
- package/dist/commands-handlers.runtime-ChdtbbaM.js +4597 -0
- package/dist/commands-handlers.runtime.js +1 -1
- package/dist/commands-reset-hooks-Bo9O3p_A.js +133 -0
- package/dist/commands-status-CeLNHPM0.js +16 -0
- package/dist/commands-status.runtime-D_Vp1X5_.js +3 -0
- package/dist/commands-status.runtime.js +1 -1
- package/dist/commands-subagents-control.runtime-C33ckfAv.js +2 -0
- package/dist/commands-subagents-control.runtime-D4DhHEiT.js +3 -0
- package/dist/commands-subagents-control.runtime.js +1 -1
- package/dist/commands-system-prompt-COv58JTi.js +158 -0
- package/dist/commands-system-prompt-HKOihaLK.js +2 -0
- package/dist/commands.runtime-h71EVKOi.js +166 -0
- package/dist/commands.runtime.js +1 -1
- package/dist/compact-BrCra5F3.js +1118 -0
- package/dist/compact.runtime-C6SrtJTz.js +12 -0
- package/dist/compact.runtime.js +1 -1
- package/dist/completion-cli-BX2HZrZU.js +328 -0
- package/dist/config-BFLj-fNN.js +252 -0
- package/dist/config-cli-ygapqOMa.js +1078 -0
- package/dist/config-guard-CoUcOZzd.js +96 -0
- package/dist/config-runtime-CLrwW_R_.js +32 -0
- package/dist/configure-Bl4YQ3CH.js +2 -0
- package/dist/configure-D16Few58.js +1252 -0
- package/dist/connect-options-BhC5UQTi.js +699 -0
- package/dist/control-auth-DNFuULZ1.js +125 -0
- package/dist/control-service-UtrnNZR4.js +156 -0
- package/dist/control-ui/assets/agents-DvMlgG1V.js +1052 -0
- package/dist/control-ui/assets/canvas-n9LriwKt.js +269 -0
- package/dist/control-ui/assets/channels-DiFCgzI2.js +463 -0
- package/dist/control-ui/assets/cron-BPgeIAkW.js +933 -0
- package/dist/control-ui/assets/debug-DW6L_hJj.js +94 -0
- package/dist/control-ui/assets/index-LsGgCPs6.js +6359 -0
- package/dist/control-ui/assets/instances-CvJ3A1Hk.js +57 -0
- package/dist/control-ui/assets/nodes-WvplPOYf.js +436 -0
- package/dist/control-ui/assets/plugins-Bu6UEyqM.js +273 -0
- package/dist/control-ui/assets/sessions-CMg95Rmr.js +306 -0
- package/dist/control-ui/assets/skills-XJc5GCFP.js +323 -0
- package/dist/control-ui/assets/wallet-Cw-Xn1wM.js +199 -0
- package/dist/control-ui/index.html +1 -1
- package/dist/control-ui-DfR_528y.js +1043 -0
- package/dist/conversation-id-C8dzBOdB.js +38 -0
- package/dist/conversation-id-CsqecVo_.js +235 -0
- package/dist/conversation-runtime-nAoayMyf.js +31 -0
- package/dist/core-CewPep95.js +275 -0
- package/dist/create-B052IquP.js +80 -0
- package/dist/cron-cli-zkpMAfTa.js +713 -0
- package/dist/daemon-cli-B3QX8ho4.js +12 -0
- package/dist/daemon-install-DqGQoyX8.js +64 -0
- package/dist/daemon-install-auth-profiles-source.runtime.js +1 -1
- package/dist/daemon-install-auth-profiles-store.runtime.js +1 -1
- package/dist/dashboard-BHjSY3mb.js +81 -0
- package/dist/dashboard-DPXhsRCR.js +2 -0
- package/dist/delegate-CCK4c0Zl.js +64 -0
- package/dist/deliver-B3LmnUEH.js +3 -0
- package/dist/deliver-BtMUmRpU.js +747 -0
- package/dist/deliver-runtime-kfTsrh0Z.js +2 -0
- package/dist/delivery-logger.runtime.js +1 -1
- package/dist/delivery-outbound.runtime-xnjEUWIK.js +6 -0
- package/dist/delivery-outbound.runtime.js +1 -1
- package/dist/delivery-subagent-registry.runtime.js +1 -1
- package/dist/delivery-target.runtime.js +1 -1
- package/dist/delivery.runtime-oNtWo0h9.js +253 -0
- package/dist/delivery.runtime.js +1 -1
- package/dist/detached-task-runtime-CS3nu1g5.js +73 -0
- package/dist/devices-cli-hnRL_EgB.js +498 -0
- package/dist/diagnostic-support-export-D6sq6qBF.js +533 -0
- package/dist/diagnostics-dGMDmEaj.js +154 -0
- package/dist/direct-dm-B7MAseXX.js +64 -0
- package/dist/directive-handling.fast-lane-BDZzb1c3.js +66 -0
- package/dist/directive-handling.impl-B0Q4GVor.js +703 -0
- package/dist/directive-handling.impl-KM-ESmbb.js +2 -0
- package/dist/directive-handling.model-selection-C0cUvkUH.js +114 -0
- package/dist/directive-handling.persist.runtime-D2vtbPoj.js +215 -0
- package/dist/directive-handling.persist.runtime.js +1 -1
- package/dist/directory-cli-XqCKO3DH.js +240 -0
- package/dist/discovery-nb8lOKiX.js +2 -0
- package/dist/dispatch-BOAQ60sx.js +1131 -0
- package/dist/dispatch-acp-CVrFiJ5o.js +981 -0
- package/dist/dispatch-acp-manager.runtime-olnQhwR-.js +3 -0
- package/dist/dispatch-acp-manager.runtime.js +1 -1
- package/dist/dispatch-acp-media.runtime-DX-wMzpn.js +4 -0
- package/dist/dispatch-acp-media.runtime.js +1 -1
- package/dist/dispatch-acp-session.runtime-Ua4EFiic.js +2 -0
- package/dist/dispatch-acp-session.runtime.js +1 -1
- package/dist/dispatch-acp.runtime-7SbVXQLP.js +19 -0
- package/dist/dispatch-acp.runtime.js +1 -1
- package/dist/doctor-auth-DY23Lbzo.js +172 -0
- package/dist/doctor-auth-legacy-oauth-FXycT3rW.js +2 -0
- package/dist/doctor-completion-opJf8E_C.js +2 -0
- package/dist/doctor-config-flow-2JYaVE0-.js +420 -0
- package/dist/doctor-config-preflight-4x2uv9Hb.js +63 -0
- package/dist/doctor-config-preflight-B07ImAVz.js +2 -0
- package/dist/doctor-cron-B5LdOuxR.js +678 -0
- package/dist/doctor-device-pairing-DpTPdaEl.js +307 -0
- package/dist/doctor-gateway-daemon-flow-Bu454-sh.js +250 -0
- package/dist/doctor-gateway-health-DLc2lC6v.js +63 -0
- package/dist/doctor-gateway-services-nfS_weBB.js +316 -0
- package/dist/doctor-health-DbSdggc-.js +59 -0
- package/dist/doctor-health-contributions-QsszyyOf.js +493 -0
- package/dist/doctor-memory-search-BJzkDQFO.js +372 -0
- package/dist/doctor-prompter-ItZHriXT.js +56 -0
- package/dist/doctor-sandbox-DlwDnh9l.js +194 -0
- package/dist/doctor-security-BcgUbdDE.js +210 -0
- package/dist/doctor-startup-channel-maintenance-CSm0kVp7.js +17 -0
- package/dist/doctor-state-migrations-CzuIt_kk.js +2 -0
- package/dist/doctor-ui-CqARev-u.js +96 -0
- package/dist/doctor-update-BEHmv8Xq.js +58 -0
- package/dist/doctor-workspace-WOSsr97h.js +2 -0
- package/dist/doctor-workspace-status-q0x2fhBz.js +75 -0
- package/dist/dreaming-BNUWuUDR.js +1574 -0
- package/dist/dreaming-narrative-Bj2DXV1n.js +595 -0
- package/dist/embedded-gateway-stub.runtime-BIiprD37.js +9 -0
- package/dist/embedded-gateway-stub.runtime.js +1 -1
- package/dist/embedding-provider-DDJVhG6s.js +118 -0
- package/dist/embeddings-BcBUDrld.js +215 -0
- package/dist/embeddings-http-CATnDu-1.js +205 -0
- package/dist/empty-allowlist-scan-6JAE1WAj.js +94 -0
- package/dist/empty-allowlist-scan-Cc7fIEP1.js +2 -0
- package/dist/entry.js +3 -3
- package/dist/exec-approval-forwarder.runtime-XneENX4R.js +3 -0
- package/dist/exec-approval-forwarder.runtime.js +1 -1
- package/dist/exec-approvals-cli-bVkpe5kn.js +498 -0
- package/dist/exec-defaults-C7MUEVh_.js +2 -0
- package/dist/exec-defaults-D1yvsTtz.js +67 -0
- package/dist/exec-safe-bins-CMXTNkuu.js +2 -0
- package/dist/exec-safe-bins-c1SitPNh.js +148 -0
- package/dist/execute.runtime-CHn6LmBk.js +1366 -0
- package/dist/execute.runtime.js +1 -1
- package/dist/extensionAPI.js +3 -3
- package/dist/extensions/active-memory/index.js +3 -3
- package/dist/extensions/alibaba/index.js +1 -1
- package/dist/extensions/alibaba/video-generation-provider.js +1 -1
- package/dist/extensions/arcee/index.js +2 -2
- package/dist/extensions/bluebubbles/api.js +3 -3
- package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
- package/dist/extensions/browser/browser-bridge.js +1 -1
- package/dist/extensions/browser/browser-config.js +4 -4
- package/dist/extensions/browser/browser-control-auth.js +2 -2
- package/dist/extensions/browser/browser-doctor.js +2 -2
- package/dist/extensions/browser/browser-maintenance.js +2 -2
- package/dist/extensions/browser/browser-profiles.js +2 -2
- package/dist/extensions/browser/browser-runtime-api.js +11 -11
- package/dist/extensions/browser/index.js +1 -1
- package/dist/extensions/browser/plugin-registration.js +1 -1
- package/dist/extensions/browser/register.runtime.js +3 -3
- package/dist/extensions/browser/runtime-api.js +12 -12
- package/dist/extensions/browser/test-support.js +1 -1
- package/dist/extensions/byteplus/index.js +3 -3
- package/dist/extensions/byteplus/video-generation-provider.js +1 -1
- package/dist/extensions/chutes/index.js +4 -4
- package/dist/extensions/cloudflare-ai-gateway/api.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/catalog-provider.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/index.js +2 -2
- package/dist/extensions/comfy/image-generation-provider.js +2 -2
- package/dist/extensions/comfy/index.js +5 -5
- package/dist/extensions/comfy/music-generation-provider.js +1 -1
- package/dist/extensions/comfy/video-generation-provider.js +2 -2
- package/dist/extensions/comfy/workflow-runtime.js +1 -1
- package/dist/extensions/deepseek/index.js +1 -1
- package/dist/extensions/device-pair/api.js +2 -2
- package/dist/extensions/device-pair/index.js +4 -4
- package/dist/extensions/device-pair/notify.js +1 -1
- package/dist/extensions/device-pair/pair-command-approve.js +1 -1
- package/dist/extensions/device-pair/qr-image.js +2 -2
- package/dist/extensions/fal/image-generation-provider.js +1 -1
- package/dist/extensions/fal/index.js +3 -3
- package/dist/extensions/fal/provider-registration.js +1 -1
- package/dist/extensions/fal/test-api.js +2 -2
- package/dist/extensions/fal/video-generation-provider.js +1 -1
- package/dist/extensions/fireworks/index.js +1 -1
- package/dist/extensions/github-copilot/api.js +1 -1
- package/dist/extensions/github-copilot/auth.js +1 -1
- package/dist/extensions/github-copilot/embeddings.js +1 -1
- package/dist/extensions/github-copilot/index.js +4 -4
- package/dist/extensions/github-copilot/login.js +1 -1
- package/dist/extensions/github-copilot/register.runtime.js +2 -2
- package/dist/extensions/google-meet/index.js +6 -6
- package/dist/extensions/groq/index.js +1 -1
- package/dist/extensions/groq/media-understanding-provider.js +1 -1
- package/dist/extensions/groq/test-api.js +1 -1
- package/dist/extensions/huggingface/index.js +1 -1
- package/dist/extensions/image-generation-core/api.js +2 -2
- package/dist/extensions/imessage/api.js +4 -4
- package/dist/extensions/imessage/channel-plugin-api.js +1 -1
- package/dist/extensions/imessage/runtime-api.js +5 -5
- package/dist/extensions/imessage/test-api.js +1 -1
- package/dist/extensions/irc/api.js +2 -2
- package/dist/extensions/irc/channel-plugin-api.js +1 -1
- package/dist/extensions/kilocode/index.js +1 -1
- package/dist/extensions/kimi-coding/index.js +2 -2
- package/dist/extensions/line/api.js +2 -2
- package/dist/extensions/line/channel-plugin-api.js +1 -1
- package/dist/extensions/line/contract-api.js +1 -1
- package/dist/extensions/line/runtime-api.js +4 -4
- package/dist/extensions/line/setup-api.js +1 -1
- package/dist/extensions/litellm/index.js +1 -1
- package/dist/extensions/llm-task/index.js +2 -2
- package/dist/extensions/lmstudio/api.js +2 -2
- package/dist/extensions/lmstudio/index.js +3 -3
- package/dist/extensions/lmstudio/memory-embedding-adapter.js +1 -1
- package/dist/extensions/lmstudio/runtime-api.js +1 -1
- package/dist/extensions/lobster/index.js +3 -3
- package/dist/extensions/lobster/runtime-api.js +1 -1
- package/dist/extensions/mattermost/api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
- package/dist/extensions/mattermost/policy-api.js +1 -1
- package/dist/extensions/mattermost/runtime-api.js +7 -7
- package/dist/extensions/mattermost/slash-route-api.js +1 -1
- package/dist/extensions/media-understanding-core/runtime-api.js +2 -2
- package/dist/extensions/memory-core/api.js +1 -1
- package/dist/extensions/memory-core/cli-metadata.js +2 -2
- package/dist/extensions/memory-core/index.js +3 -3
- package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
- package/dist/extensions/memory-lancedb/index.js +1 -1
- package/dist/extensions/memory-wiki/cli-metadata.js +1 -1
- package/dist/extensions/memory-wiki/index.js +1 -1
- package/dist/extensions/microsoft/index.js +1 -1
- package/dist/extensions/microsoft/speech-provider.js +1 -1
- package/dist/extensions/microsoft/test-api.js +1 -1
- package/dist/extensions/microsoft-foundry/auth.js +1 -1
- package/dist/extensions/microsoft-foundry/cli.js +1 -1
- package/dist/extensions/microsoft-foundry/index.js +1 -1
- package/dist/extensions/microsoft-foundry/onboard.js +2 -2
- package/dist/extensions/microsoft-foundry/provider.js +1 -1
- package/dist/extensions/microsoft-foundry/runtime.js +1 -1
- package/dist/extensions/microsoft-foundry/shared-runtime.js +2 -2
- package/dist/extensions/microsoft-foundry/shared.js +1 -1
- package/dist/extensions/minimax/image-generation-provider.js +1 -1
- package/dist/extensions/minimax/index.js +6 -6
- package/dist/extensions/minimax/media-understanding-provider.js +1 -1
- package/dist/extensions/minimax/music-generation-provider.js +1 -1
- package/dist/extensions/minimax/oauth.js +1 -1
- package/dist/extensions/minimax/oauth.runtime.js +1 -1
- package/dist/extensions/minimax/provider-registration.js +1 -1
- package/dist/extensions/minimax/speech-provider.js +1 -1
- package/dist/extensions/minimax/test-api.js +4 -4
- package/dist/extensions/minimax/video-generation-provider.js +1 -1
- package/dist/extensions/mistral/index.js +2 -2
- package/dist/extensions/mistral/media-understanding-provider.js +1 -1
- package/dist/extensions/mistral/test-api.js +1 -1
- package/dist/extensions/moonshot/index.js +2 -2
- package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
- package/dist/extensions/moonshot/test-api.js +1 -1
- package/dist/extensions/msteams/api.js +1 -1
- package/dist/extensions/msteams/channel-plugin-api.js +1 -1
- package/dist/extensions/msteams/runtime-api.js +4 -4
- package/dist/extensions/msteams/test-api.js +1 -1
- package/dist/extensions/nextcloud-talk/api.js +1 -1
- package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
- package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
- package/dist/extensions/nvidia/index.js +1 -1
- package/dist/extensions/ollama/api.js +3 -3
- package/dist/extensions/ollama/index.js +9 -9
- package/dist/extensions/ollama/runtime-api.js +2 -2
- package/dist/extensions/ollama/web-search-provider.js +1 -1
- package/dist/extensions/openai/api.js +2 -2
- package/dist/extensions/openai/image-generation-provider.js +1 -1
- package/dist/extensions/openai/index.js +6 -6
- package/dist/extensions/openai/media-understanding-provider.js +1 -1
- package/dist/extensions/openai/openai-codex-provider.js +1 -1
- package/dist/extensions/openai/openai-provider.js +1 -1
- package/dist/extensions/openai/register.runtime.js +4 -4
- package/dist/extensions/openai/test-api.js +3 -3
- package/dist/extensions/openai/video-generation-provider.js +1 -1
- package/dist/extensions/opencode/index.js +2 -2
- package/dist/extensions/opencode/media-understanding-provider.js +1 -1
- package/dist/extensions/opencode-go/index.js +2 -2
- package/dist/extensions/opencode-go/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/api.js +1 -1
- package/dist/extensions/openrouter/image-generation-provider.js +1 -1
- package/dist/extensions/openrouter/index.js +4 -4
- package/dist/extensions/openrouter/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/register.runtime.js +3 -3
- package/dist/extensions/openrouter/test-api.js +2 -2
- package/dist/extensions/openshell/index.js +3 -3
- package/dist/extensions/qianfan/index.js +1 -1
- package/dist/extensions/qwen/index.js +3 -3
- package/dist/extensions/qwen/media-understanding-provider.js +1 -1
- package/dist/extensions/qwen/test-api.js +2 -2
- package/dist/extensions/qwen/video-generation-provider.js +1 -1
- package/dist/extensions/runway/index.js +1 -1
- package/dist/extensions/runway/video-generation-provider.js +1 -1
- package/dist/extensions/signal/api.js +6 -6
- package/dist/extensions/signal/channel-plugin-api.js +1 -1
- package/dist/extensions/signal/reaction-runtime-api.js +1 -1
- package/dist/extensions/signal/runtime-api.js +9 -9
- package/dist/extensions/skill-workshop/api.js +1 -1
- package/dist/extensions/skill-workshop/index.js +2 -2
- package/dist/extensions/speech-core/runtime-api.js +1 -1
- package/dist/extensions/stepfun/index.js +2 -2
- package/dist/extensions/synology-chat/api.js +1 -1
- package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
- package/dist/extensions/synthetic/index.js +1 -1
- package/dist/extensions/talk-voice/index.js +1 -1
- package/dist/extensions/tencent/index.js +2 -2
- package/dist/extensions/thread-ownership/index.js +1 -1
- package/dist/extensions/tlon/api.js +2 -2
- package/dist/extensions/tlon/channel-plugin-api.js +1 -1
- package/dist/extensions/tlon/runtime-api.js +1 -1
- package/dist/extensions/tlon/test-api.js +1 -1
- package/dist/extensions/together/index.js +2 -2
- package/dist/extensions/together/video-generation-provider.js +1 -1
- package/dist/extensions/twitch/api.js +1 -1
- package/dist/extensions/twitch/channel-plugin-api.js +1 -1
- package/dist/extensions/twitch/setup-plugin-api.js +1 -1
- package/dist/extensions/venice/index.js +1 -1
- package/dist/extensions/vercel-ai-gateway/index.js +1 -1
- package/dist/extensions/voice-call/index.js +1 -1
- package/dist/extensions/voice-call/runtime-entry.js +1 -1
- package/dist/extensions/volcengine/index.js +2 -2
- package/dist/extensions/vydra/image-generation-provider.js +1 -1
- package/dist/extensions/vydra/index.js +4 -4
- package/dist/extensions/vydra/video-generation-provider.js +1 -1
- package/dist/extensions/xai/api.js +2 -2
- package/dist/extensions/xai/code-execution.js +2 -2
- package/dist/extensions/xai/image-generation-provider.js +1 -1
- package/dist/extensions/xai/index.js +6 -6
- package/dist/extensions/xai/speech-provider.js +1 -1
- package/dist/extensions/xai/tts.js +1 -1
- package/dist/extensions/xai/video-generation-provider.js +1 -1
- package/dist/extensions/xai/x-search.js +2 -2
- package/dist/extensions/xiaomi/index.js +1 -1
- package/dist/extensions/zai/index.js +2 -2
- package/dist/extensions/zai/media-understanding-provider.js +1 -1
- package/dist/extensions/zai/test-api.js +1 -1
- package/dist/extensions/zalo/api.js +3 -3
- package/dist/extensions/zalo/channel-plugin-api.js +1 -1
- package/dist/extensions/zalo/runtime-api.js +2 -2
- package/dist/extensions/zalo/setup-api.js +2 -2
- package/dist/extensions/zalouser/api.js +3 -3
- package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
- package/dist/extensions/zalouser/runtime-api.js +7 -7
- package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
- package/dist/extensions/zalouser/test-api.js +1 -1
- package/dist/fallbacks-BWfTkiI4.js +31 -0
- package/dist/fallbacks-C9KDYKs_.js +2 -0
- package/dist/fallbacks-shared-DfTzBfq1.js +111 -0
- package/dist/format-CqMlnPqV.js +245 -0
- package/dist/gateway-CkxkzVZN.js +115 -0
- package/dist/gateway-cli-hF08SMoD.js +1283 -0
- package/dist/gateway-discovery-targets-BilYS9ha.js +42 -0
- package/dist/gateway-install-token-CZq3-WaX.js +141 -0
- package/dist/gateway-rpc-yH-iFPPG.js +14 -0
- package/dist/gateway-rpc.runtime-Bxb1dLu2.js +23 -0
- package/dist/gateway-rpc.runtime.js +1 -1
- package/dist/gateway-runtime-DSIAuM0M.js +15 -0
- package/dist/gateway-status-B3SqIStn.js +584 -0
- package/dist/genesis-tools-DzgSb3vd.js +9144 -0
- package/dist/genesis-tools.runtime-BkPuepHE.js +2 -0
- package/dist/genesis-tools.runtime.js +1 -1
- package/dist/get-reply-ChN4EIDm.js +3879 -0
- package/dist/get-reply-from-config.runtime-cgmM6iLA.js +2 -0
- package/dist/get-reply-from-config.runtime.js +1 -1
- package/dist/gmail-watcher-lifecycle-8oetrTVi.js +2 -0
- package/dist/gmail-watcher-lifecycle-CJJGDUP5.js +191 -0
- package/dist/graph-users-BjskkPXl.js +1337 -0
- package/dist/health-BcGQpWhR.js +3 -0
- package/dist/health-C_ieY9Kj.js +469 -0
- package/dist/health-route-CwpATAjq.js +41 -0
- package/dist/health-route-yxKlxzM8.js +2 -0
- package/dist/health-style-_j6EAcB7.js +2 -0
- package/dist/heartbeat-runner-BATl6sLG.js +5 -0
- package/dist/heartbeat-runner-LDUrUqCE.js +1292 -0
- package/dist/heartbeat-runner.runtime-DsuMWPNt.js +4 -0
- package/dist/heartbeat-runner.runtime.js +1 -1
- package/dist/hooks-cli-CEYDwXFE.js +433 -0
- package/dist/hooks-status-Cqby6WVW.js +86 -0
- package/dist/image-fallbacks-CqQR3jWU.js +31 -0
- package/dist/image-fallbacks-Nt-2QyCg.js +2 -0
- package/dist/image-generation-core-DEiEJhEK.js +18 -0
- package/dist/image-generation-core.auth.runtime.js +1 -1
- package/dist/image-generation-provider-BHKIJcjv.js +63 -0
- package/dist/image-generation-provider-BVsvNzI_.js +228 -0
- package/dist/image-generation-provider-CpH4lCyW.js +137 -0
- package/dist/image-generation-provider-Ct1lT0uf.js +157 -0
- package/dist/image-generation-provider-DPRew87B.js +95 -0
- package/dist/image-generation-provider-DgCga9KE.js +274 -0
- package/dist/image-generation-provider-DgFuHosU.js +529 -0
- package/dist/image-runtime-2qfUy_eg.js +9 -0
- package/dist/inbound-reply-dispatch-B798MCBn.js +73 -0
- package/dist/inbound.runtime-BzROcnJN.js +3 -0
- package/dist/inbound.runtime-DmyBUa6W.js +4 -0
- package/dist/inbound.runtime.js +1 -1
- package/dist/index.js +2 -2
- package/dist/infra-runtime-D3zS_Fs_.js +39 -0
- package/dist/init-Cgs_Y5r2.js +59 -0
- package/dist/install-CNyKkmoe.js +726 -0
- package/dist/install-Cr1XiFcK.js +190 -0
- package/dist/install-security-scan-DkBMNG01.js +26 -0
- package/dist/install-security-scan.runtime-RflYyKMz.js +671 -0
- package/dist/install-security-scan.runtime.js +1 -1
- package/dist/install.runtime-BxrmrGNn.js +27 -0
- package/dist/install.runtime-Cwxpe69l.js +2 -0
- package/dist/install.runtime-Czxp-yhT.js +12 -0
- package/dist/install.runtime.js +1 -1
- package/dist/jobs-Dd5apK1w.js +734 -0
- package/dist/legacy-tools-by-sender-BBxdN6rr.js +95 -0
- package/dist/legacy-tools-by-sender-jW8LxMcX.js +2 -0
- package/dist/library-CHfLQeCR.js +45 -0
- package/dist/lifecycle-lQvUNIhu.js +229 -0
- package/dist/lifecycle-zNuWSrCz.js +571 -0
- package/dist/lifecycle.runtime-ByIupJ19.js +2 -0
- package/dist/lifecycle.runtime.js +1 -1
- package/dist/list-C3XOJSpa.js +2 -0
- package/dist/list-Cc1XrqqF.js +1212 -0
- package/dist/list-D7rUonSE.js +131 -0
- package/dist/list-xlj8z1FQ.js +2 -0
- package/dist/list.probe-DxROY_f3.js +419 -0
- package/dist/live-model-switch-BKj-o0qi.js +336 -0
- package/dist/llm-slug-generator-Dgp800fh.js +79 -0
- package/dist/llm-slug-generator.js +1 -1
- package/dist/load-config-BLj62YjO.js +35 -0
- package/dist/loader-CbjGl9Hl.js +222 -0
- package/dist/local-dispatch.runtime-DRwpFW1C.js +8 -0
- package/dist/local-dispatch.runtime.js +1 -1
- package/dist/login-xTSVvkH1.js +108 -0
- package/dist/logs-cli-DxgJIioY.js +265 -0
- package/dist/logs-cli.runtime-Bokfw6xX.js +2 -0
- package/dist/logs-cli.runtime.js +1 -1
- package/dist/main-session-restart-recovery-BGtEwwC7.js +206 -0
- package/dist/managed-image-attachments-CdnUvv4i.js +635 -0
- package/dist/managed-image-attachments-DGoeEEK0.js +2 -0
- package/dist/manager-By98-8j7.js +2057 -0
- package/dist/manager-DoYtM2M_.js +2 -0
- package/dist/markdown-to-line-BAow3FG2.js +790 -0
- package/dist/mcp/plugin-tools-serve.js +1 -1
- package/dist/mcp-cli-CzbNPbAu.js +725 -0
- package/dist/mcp-http-3955tCu1.js +529 -0
- package/dist/media-runtime-DPuaOh-W.js +329 -0
- package/dist/media-understanding-DMGc6bUS.js +85 -0
- package/dist/media-understanding-provider-BFjdxO9-.js +21 -0
- package/dist/media-understanding-provider-BN0_ZWCk.js +13 -0
- package/dist/media-understanding-provider-Bc8inzhb.js +69 -0
- package/dist/media-understanding-provider-BjOG0qfv.js +85 -0
- package/dist/media-understanding-provider-BpUWx7YV.js +12 -0
- package/dist/media-understanding-provider-CDvqr0Ha.js +18 -0
- package/dist/media-understanding-provider-DOPCCOGb.js +37 -0
- package/dist/media-understanding-provider-DOVnR49K.js +18 -0
- package/dist/media-understanding-provider-Dyw_vjd1.js +28 -0
- package/dist/media-understanding-provider-t-_UaQgo.js +12 -0
- package/dist/media-understanding-runtime-CloZxX3k.js +2 -0
- package/dist/memory-core-host-runtime-cli-D7VcUd8Q.js +9 -0
- package/dist/memory-embedding-adapter-DryAyE08.js +123 -0
- package/dist/memory-host-search-BAD700R9.js +12 -0
- package/dist/memory-host-search.runtime.js +1 -1
- package/dist/message-action-runner-COx-ZvZd.js +1407 -0
- package/dist/message-action-runner-fdG6pGAZ.js +2 -0
- package/dist/message-actions-Dp5oy-Id.js +143 -0
- package/dist/message-format-C6vUBf1L.js +328 -0
- package/dist/message-o2dPGRzs.js +232 -0
- package/dist/message.config.runtime.js +1 -1
- package/dist/message.gateway.runtime-56NMl6zr.js +2 -0
- package/dist/message.gateway.runtime.js +1 -1
- package/dist/model-picker-CmKXNo9I.js +3 -0
- package/dist/model-picker-RwmF8BB2.js +559 -0
- package/dist/model-picker.runtime-C7NZbfGO.js +15 -0
- package/dist/model-picker.runtime.js +1 -1
- package/dist/model-selection-V3vSY372.js +213 -0
- package/dist/models-auth-status-CIvClfyB.js +201 -0
- package/dist/models-cli-BnImTHDJ.js +219 -0
- package/dist/models.fetch-CSjF93kV.js +518 -0
- package/dist/monitor-B6C1jpvZ.js +671 -0
- package/dist/monitor-CD_A25Rx.js +788 -0
- package/dist/monitor-DbpDtT91.js +1661 -0
- package/dist/monitor-DvkiboRC.js +1459 -0
- package/dist/monitor-auth-eDhrUf09.js +207 -0
- package/dist/monitor-processing-3UY_U9hP.js +1974 -0
- package/dist/monitor-v7YjMH5B.js +2 -0
- package/dist/monitor-yj-MViK6.js +1237 -0
- package/dist/monitor.runtime-K9_4KdMD.js +2 -0
- package/dist/monitor.runtime.js +1 -1
- package/dist/monitor.webhook-DIIuOtEd.js +180 -0
- package/dist/msteams-6tpdLYYt.js +35 -0
- package/dist/music-generation-provider-DLsuTyhN.js +63 -0
- package/dist/music-generation-provider-DURtvZ5B.js +170 -0
- package/dist/native-hook-relay-DVfxqsON.js +519 -0
- package/dist/nextcloud-talk-DyYXCJLV.js +17 -0
- package/dist/node-cli-XV5Mq4R5.js +2506 -0
- package/dist/nodes-cli-CkCLLSNL.js +1046 -0
- package/dist/nodes-utils-Cvyl5QAh.js +84 -0
- package/dist/nodes.helpers-DYk79sWL.js +34 -0
- package/dist/notify-CzYxngwD.js +315 -0
- package/dist/oauth-CDxZvq5B.js +152 -0
- package/dist/oauth-CemxANpL.js +75 -0
- package/dist/oauth-DfB1vcWQ.js +139 -0
- package/dist/oauth-fpxNVPrl.js +2 -0
- package/dist/oauth-tls-preflight-BcNy7dKB.js +2 -0
- package/dist/oauth.flow-DbJmBCPq.js +3 -0
- package/dist/oauth.flow-jarh1FJh.js +45 -0
- package/dist/onboard-4gvN93s8.js +316 -0
- package/dist/onboard-D0lkvRs5.js +632 -0
- package/dist/onboard-channels-B31xMIuZ.js +3 -0
- package/dist/onboard-channels-BEkUvYCF.js +2 -0
- package/dist/onboard-config-DvU9Ngti.js +2 -0
- package/dist/onboard-custom-BitaTI2J.js +271 -0
- package/dist/onboard-custom-a9DbHTUT.js +3 -0
- package/dist/onboard-helpers-BHi-aRMH.js +204 -0
- package/dist/onboard-helpers-elKh6zBN.js +6 -0
- package/dist/onboard-hooks-Cr15MeKN.js +52 -0
- package/dist/onboard-remote-Cng1yalR.js +2 -0
- package/dist/onboard-remote-DXV2D8eg.js +193 -0
- package/dist/onboard-search-B0OW2KL3.js +323 -0
- package/dist/onboard-skills-BdzrRAcj.js +134 -0
- package/dist/onboard-skills-CNwXUb0I.js +2 -0
- package/dist/onboarding-plugin-install-DRFjmslc.js +406 -0
- package/dist/open-policy-allowfrom-C084Puwf.js +2 -0
- package/dist/open-policy-allowfrom-Dg0zzuWw.js +101 -0
- package/dist/openai-codex-provider-DC5MRZgN.js +472 -0
- package/dist/openai-http-DPekQzlm.js +500 -0
- package/dist/openai-provider-BAc1xw8U.js +313 -0
- package/dist/opencode-rrH9GPhY.js +35 -0
- package/dist/openresponses-http-KuBtyTB9.js +1128 -0
- package/dist/operator-approvals-client-Ck6tSehQ.js +68 -0
- package/dist/outbound-runtime-Dquu18jb.js +5 -0
- package/dist/outbound.runtime-C4fvxQG0.js +2 -0
- package/dist/outbound.runtime.js +1 -1
- package/dist/pair-command-approve-DXxc-bF6.js +44 -0
- package/dist/persistent-bindings.lifecycle-DHLMOTbE.js +2 -0
- package/dist/persistent-bindings.lifecycle-FgyzapQO.js +85 -0
- package/dist/pi-embedded-DX9kTXHk.js +4 -0
- package/dist/pi-embedded-c1fYxGY_.js +2905 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-EnaEhBV7.js +23 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime.js +1 -1
- package/dist/pi-embedded.runtime-BF21n0BD.js +4 -0
- package/dist/pi-embedded.runtime.js +1 -1
- package/dist/pi-tool-definition-adapter-IAoWm6mw.js +217 -0
- package/dist/pi-tools-C_f4UUql.js +1057 -0
- package/dist/pi-tools.before-tool-call-OMTQuo2Y.js +2 -0
- package/dist/pi-tools.before-tool-call-Yjb1AzLr.js +433 -0
- package/dist/plugin-Bqw6iIhd.js +12195 -0
- package/dist/plugin-enabled-Dws5rJhZ.js +140 -0
- package/dist/plugin-install-BQn7pUma.js +115 -0
- package/dist/plugin-install-config-policy-BM-_U7I2.js +137 -0
- package/dist/plugin-install-iU6yvmd2.js +2 -0
- package/dist/plugin-install-plan-D11M-SSH.js +50 -0
- package/dist/plugin-registration-BlawgUJq.js +23 -0
- package/dist/plugin-registry-BS1ql5am.js +3 -0
- package/dist/plugin-registry-DQYacxoR.js +2 -0
- package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
- package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
- package/dist/plugin-sdk/acp-runtime.js +3 -3
- package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
- package/dist/plugin-sdk/agent-harness.js +7 -7
- package/dist/plugin-sdk/agent-runtime.js +2 -2
- package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
- package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
- package/dist/plugin-sdk/approval-runtime.js +1 -1
- package/dist/plugin-sdk/browser-node-runtime.js +4 -4
- package/dist/plugin-sdk/browser-setup-tools.js +3 -3
- package/dist/plugin-sdk/browser-support.js +7 -7
- package/dist/plugin-sdk/channel-core.js +2 -2
- package/dist/plugin-sdk/channel-inbound.js +3 -3
- package/dist/plugin-sdk/command-auth.js +2 -2
- package/dist/plugin-sdk/command-status-runtime.js +1 -1
- package/dist/plugin-sdk/compat.js +1 -1
- package/dist/plugin-sdk/config-runtime.js +3 -3
- package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
- package/dist/plugin-sdk/conversation-runtime.js +4 -4
- package/dist/plugin-sdk/core.js +2 -2
- package/dist/plugin-sdk/direct-dm.js +1 -1
- package/dist/plugin-sdk/gateway-runtime.js +3 -3
- package/dist/plugin-sdk/image-generation-core.js +2 -2
- package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
- package/dist/plugin-sdk/index.js +1 -1
- package/dist/plugin-sdk/infra-runtime.js +2 -2
- package/dist/plugin-sdk/irc.js +2 -2
- package/dist/plugin-sdk/matrix.js +1 -1
- package/dist/plugin-sdk/mattermost.js +2 -2
- package/dist/plugin-sdk/media-runtime.js +5 -5
- package/dist/plugin-sdk/media-understanding-runtime.js +2 -2
- package/dist/plugin-sdk/media-understanding.js +2 -2
- package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
- package/dist/plugin-sdk/memory-core.js +2 -2
- package/dist/plugin-sdk/memory-host-search.js +1 -1
- package/dist/plugin-sdk/msteams.js +3 -3
- package/dist/plugin-sdk/nextcloud-talk.js +2 -2
- package/dist/plugin-sdk/nostr.js +1 -1
- package/dist/plugin-sdk/opencode.js +1 -1
- package/dist/plugin-sdk/outbound-runtime.js +2 -2
- package/dist/plugin-sdk/provider-auth-api-key.js +2 -2
- package/dist/plugin-sdk/provider-auth-login.js +1 -1
- package/dist/plugin-sdk/provider-auth.js +2 -2
- package/dist/plugin-sdk/provider-entry.js +1 -1
- package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
- package/dist/plugin-sdk/reply-runtime.js +4 -4
- package/dist/plugin-sdk/runtime-doctor.js +1 -1
- package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
- package/dist/plugin-sdk/runtime.js +3 -3
- package/dist/plugin-sdk/sandbox.js +1 -1
- package/dist/plugin-sdk/session-store-runtime.js +1 -1
- package/dist/plugin-sdk/session-visibility.js +1 -1
- package/dist/plugin-sdk/skill-commands-runtime.js +1 -1
- package/dist/plugin-sdk/src/config/types.browser.d.ts +1 -1
- package/dist/plugin-sdk/testing.js +4 -4
- package/dist/plugin-sdk/tlon.js +1 -1
- package/dist/plugin-sdk/zalo.js +1 -1
- package/dist/plugin-sdk/zalouser.js +1 -1
- package/dist/plugin-service-VZSLJ4oI.js +2892 -0
- package/dist/plugins/runtime/index.js +1 -1
- package/dist/plugins-cli-UR8WqrIq.js +584 -0
- package/dist/plugins-command-helpers-D799dbVj.js +107 -0
- package/dist/plugins-install-persist-D_HU3Frx.js +133 -0
- package/dist/plugins-update-command-BTBJuQMC.js +1057 -0
- package/dist/policy-9PlwCZVI.js +328 -0
- package/dist/postinstall-inventory.json +854 -850
- package/dist/prepare.runtime-BWs6JC5C.js +815 -0
- package/dist/prepare.runtime.js +1 -1
- package/dist/preview-warnings-Xd3ZVG_C.js +120 -0
- package/dist/probe-BvnxVXPF.js +2 -0
- package/dist/probe-CVdSkKEj.js +241 -0
- package/dist/probe-CdbOHCqk.js +45 -0
- package/dist/probe-CgIZN3nP.js +1443 -0
- package/dist/probe-Cj5gwplO.js +74 -0
- package/dist/probe-D4pJKTVi.js +2 -0
- package/dist/probe-DOpn9xW4.js +243 -0
- package/dist/probe-Dhgk7ek6.js +2205 -0
- package/dist/probe-auth-Nvl_FRXO.js +3 -0
- package/dist/program-BOie7Vt-.js +111 -0
- package/dist/program-context-ChxdxCOu.js +2 -0
- package/dist/prompt-select-styled-BoqQDWM7.js +20 -0
- package/dist/protocol-AGt54mci.js +2335 -0
- package/dist/provider-D_uxch_F.js +70 -0
- package/dist/provider-api-key-auth-DQcZiZii.js +114 -0
- package/dist/provider-api-key-auth.runtime.js +1 -1
- package/dist/provider-auth-C983Ir3i.js +46 -0
- package/dist/provider-auth-api-key-DTSUklSr.js +5 -0
- package/dist/provider-auth-choice-B5hkZbf_.js +228 -0
- package/dist/provider-auth-choice-preference-CJRv4tMl.js +27 -0
- package/dist/provider-auth-choices-BgUKYeKC.js +2 -0
- package/dist/provider-auth-guidance-CXc99WzE.js +2 -0
- package/dist/provider-auth-login-O3Sm0KwV.js +8 -0
- package/dist/provider-auth-login.runtime-CbaRtloJ.js +267 -0
- package/dist/provider-auth-login.runtime.js +1 -1
- package/dist/provider-dispatcher-DWf9-i4h.js +22 -0
- package/dist/provider-dispatcher-Difz51Qf.js +2 -0
- package/dist/provider-entry-D0S4gpr-.js +106 -0
- package/dist/provider-flow-f_IA_ktZ.js +148 -0
- package/dist/provider-install-catalog-Cg32-zFa.js +108 -0
- package/dist/provider-model-defaults-ChOCI1XD.js +6 -0
- package/dist/provider-registration-DReJwyYv.js +37 -0
- package/dist/provider-registration-DuuV27JS.js +218 -0
- package/dist/proxy-cli-CqFZNmxT.js +44 -0
- package/dist/proxy-cli.runtime-CAFc4tCs.js +372 -0
- package/dist/proxy-cli.runtime.js +1 -1
- package/dist/pw-ai-Dre6YylS.js +2511 -0
- package/dist/qr-cli-CKjl5y9P.js +349 -0
- package/dist/qr-cli-HA7KcboU.js +2 -0
- package/dist/qr-image-BEyM3usD.js +2 -0
- package/dist/queue-18j62oEc.js +409 -0
- package/dist/reaction-runtime-api-Byb7aNNv.js +116 -0
- package/dist/reactions-DKjkdDpt.js +998 -0
- package/dist/read-best-effort-config.runtime.js +1 -1
- package/dist/read-capability-L5JQpwus.js +412 -0
- package/dist/register-service-commands-DgcOFNfd.js +71 -0
- package/dist/register.agent-D8O3Pej1.js +248 -0
- package/dist/register.backup-B_r2LOYK.js +64 -0
- package/dist/register.configure-DnJuRHEh.js +15 -0
- package/dist/register.maintenance-3aZxhWJa.js +363 -0
- package/dist/register.message-BXlGRk2N.js +329 -0
- package/dist/register.onboard-CqjGOMl-.js +81 -0
- package/dist/register.runtime-BnKRhWSR.js +81 -0
- package/dist/register.runtime.js +1 -1
- package/dist/register.setup-CuhKuyzn.js +150 -0
- package/dist/register.status-health-sessions-C5DzZa1_.js +1215 -0
- package/dist/register.subclis-CR1fpSTT.js +3 -0
- package/dist/register.subclis-D_uws2t_.js +29 -0
- package/dist/register.subclis-core-AHoaC6VW.js +249 -0
- package/dist/register.wallet-BiFJeDsS.js +159 -0
- package/dist/repair-sequencing-BSAmIx7i.js +145 -0
- package/dist/reply-dispatch-runtime-Ceu-bJO-.js +13 -0
- package/dist/reply-media-paths.runtime-BQcpYv4W.js +2 -0
- package/dist/reply-media-paths.runtime-DpCr5Ul0.js +146 -0
- package/dist/reply-media-paths.runtime.js +1 -1
- package/dist/reply-runtime-BCvhbO0n.js +11 -0
- package/dist/reply.runtime-Dq49ajK8.js +2 -0
- package/dist/reply.runtime.js +1 -1
- package/dist/resolve-k9X8xwXZ.js +259 -0
- package/dist/response-generator-F0uPL6Wb.js +175 -0
- package/dist/restart-health-B3BG9cWC.js +2 -0
- package/dist/restart-health-Blxs74k_.js +202 -0
- package/dist/root-help-ChzMvc3A.js +44 -0
- package/dist/route-reply-C8iN0qJY.js +162 -0
- package/dist/route-reply.runtime-B2lAB1-b.js +2 -0
- package/dist/route-reply.runtime.js +1 -1
- package/dist/routes-CJ7e3-3_.js +3341 -0
- package/dist/routes-CSpmwUOo.js +2 -0
- package/dist/rpc-zrzVsr7U.js +61 -0
- package/dist/rpc.runtime-BoWSTfbK.js +21 -0
- package/dist/rpc.runtime.js +1 -1
- package/dist/run-auth-profile.runtime-CmWR2ACc.js +2 -0
- package/dist/run-auth-profile.runtime.js +1 -1
- package/dist/run-context.runtime.js +1 -1
- package/dist/run-delivery.runtime-gMcYNNDu.js +530 -0
- package/dist/run-delivery.runtime.js +1 -1
- package/dist/run-embedded.runtime-Y7BR9y48.js +4 -0
- package/dist/run-embedded.runtime.js +1 -1
- package/dist/run-execution-cli.runtime-gnM2Ql9w.js +4 -0
- package/dist/run-execution-cli.runtime.js +1 -1
- package/dist/run-executor.runtime-CrBblsnd.js +277 -0
- package/dist/run-executor.runtime.js +1 -1
- package/dist/run-external-content.runtime.js +1 -1
- package/dist/run-main-TmL9-_zs.js +567 -0
- package/dist/run-model-catalog.runtime.js +1 -1
- package/dist/run-subagent-registry.runtime-CWsqAYYP.js +2 -0
- package/dist/run-subagent-registry.runtime.js +1 -1
- package/dist/run-wait-D3KzpvQq.js +135 -0
- package/dist/runner-DUtC35j2.js +966 -0
- package/dist/runner.entries-0ZSu_nTv.js +604 -0
- package/dist/runtime-CxubLXjp.js +72 -0
- package/dist/runtime-DSuaai8P.js +263 -0
- package/dist/runtime-DnDt_3OQ.js +116 -0
- package/dist/runtime-DrHUjQ1Q.js +973 -0
- package/dist/runtime-_ZEfYaU0.js +9 -0
- package/dist/runtime-api-BO9T0HM6.js +9 -0
- package/dist/runtime-api-D05_vaS-.js +9 -0
- package/dist/runtime-api-DP5brVhK.js +4 -0
- package/dist/runtime-api-Y1Y0XFaX.js +14 -0
- package/dist/runtime-embedded-pi.runtime-zFbq7SGM.js +2 -0
- package/dist/runtime-embedded-pi.runtime.js +1 -1
- package/dist/runtime-entry-BxV0KsK8.js +2769 -0
- package/dist/runtime-internal-BhujhdGc.js +2 -0
- package/dist/runtime-manifest.runtime.js +1 -1
- package/dist/runtime-options-DPOGEX8m.js +275 -0
- package/dist/runtime-pB6_767d.js +2 -0
- package/dist/runtime-prepare.runtime-DCMh017y.js +80 -0
- package/dist/runtime-prepare.runtime.js +1 -1
- package/dist/runtime-registry-loader-BnT6zi1m.js +2 -0
- package/dist/runtime-schema-BkQ2RaAT.js +27796 -0
- package/dist/runtime-web-tools-BUdYGMsD.js +1477 -0
- package/dist/runtime-web-tools-fallback.runtime.js +1 -1
- package/dist/runtime-web-tools-manifest.runtime.js +1 -1
- package/dist/runtime-web-tools-public-artifacts.runtime.js +1 -1
- package/dist/sandbox-CHm2nn70.js +1156 -0
- package/dist/sandbox-E_kshBRj.js +3 -0
- package/dist/sandbox-cli-DQy0IvU6.js +450 -0
- package/dist/scan-BHrX6xlw.js +2 -0
- package/dist/scan-YCM3NZ4a.js +523 -0
- package/dist/secrets-cli-DiJDMvpu.js +2101 -0
- package/dist/security-cli-DKW-eR9G.js +486 -0
- package/dist/selection-CKyD2Dph.js +7736 -0
- package/dist/selection-Dg3WfJp4.js +2 -0
- package/dist/send-Cwx2NC_E.js +156 -0
- package/dist/send-DfVrE6Nj.js +102 -0
- package/dist/send.runtime-RHU8DLUa.js +2 -0
- package/dist/send.runtime.js +1 -1
- package/dist/server-CVac_8eO.js +77 -0
- package/dist/server-DK60xdj1.js +13 -0
- package/dist/server-context-DH1UPelC.js +847 -0
- package/dist/server-context-DSP_jNKo.js +2 -0
- package/dist/server-node-events-CQkjKwDW.js +481 -0
- package/dist/server-plugin-bootstrap-CWkKWsmU.js +11535 -0
- package/dist/server-plugin-bootstrap-DtuLv1Z0.js +2 -0
- package/dist/server-restart-sentinel-BqlD_fdp.js +697 -0
- package/dist/server.impl-y2ki-U8R.js +12822 -0
- package/dist/session-BmhZ0w1g.js +48 -0
- package/dist/session-archive.runtime.js +1 -1
- package/dist/session-envelope-CcfhPnpN.js +18 -0
- package/dist/session-key-B4usxD24.js +65 -0
- package/dist/session-kill-http-CBVZRf5-.js +110 -0
- package/dist/session-meta-BboKGMtd.js +109 -0
- package/dist/session-override-BOwEVLnz.js +106 -0
- package/dist/session-reset-model.runtime-ZTv_T7lt.js +133 -0
- package/dist/session-reset-model.runtime.js +1 -1
- package/dist/session-reset-service-EkGOtdE8.js +471 -0
- package/dist/session-route-BGqKLpT1.js +93 -0
- package/dist/session-status.runtime-8fW2zaxe.js +2 -0
- package/dist/session-status.runtime.js +1 -1
- package/dist/session-store-DgAh1suS.js +126 -0
- package/dist/session-store.runtime-JjCOtrjx.js +2 -0
- package/dist/session-store.runtime.js +1 -1
- package/dist/session-subagent-reactivation.runtime-Ds5c0djG.js +2 -0
- package/dist/session-subagent-reactivation.runtime.js +1 -1
- package/dist/session-tab-registry-DkVIf7hV.js +581 -0
- package/dist/session-updates-Cv75xqmY.js +236 -0
- package/dist/session-updates.runtime-B8c11iw1.js +2 -0
- package/dist/session-updates.runtime.js +1 -1
- package/dist/session-utils-CuzGvD11.js +1006 -0
- package/dist/session-visibility-C3JCU9JN.js +147 -0
- package/dist/sessions-CxqBNE-J.js +2 -0
- package/dist/sessions-DNlJETOX.js +48 -0
- package/dist/sessions-DaSeSXOJ.js +281 -0
- package/dist/sessions-Dm6k-udS.js +16 -0
- package/dist/sessions-helpers-DOb5IrRm.js +304 -0
- package/dist/sessions-history-http-CupOgqEu.js +383 -0
- package/dist/sessions-patch-CzbJpzmm.js +309 -0
- package/dist/sessions-resolve-jfzejD6e.js +174 -0
- package/dist/sessions.runtime-BVhaNHoj.js +2 -0
- package/dist/sessions.runtime.js +1 -1
- package/dist/setup-C_cEOif3.js +495 -0
- package/dist/setup-DafKIWc2.js +421 -0
- package/dist/setup-api-CaIoRGbW.js +29 -0
- package/dist/setup-core-DHSQ96hI.js +171 -0
- package/dist/setup-core-SSEJmQpZ.js +176 -0
- package/dist/setup-surface-C6FileLV.js +219 -0
- package/dist/setup-surface-GihBDZa6.js +403 -0
- package/dist/setup-surface-biZwah-0.js +286 -0
- package/dist/setup.finalize-ch5XUfVx.js +539 -0
- package/dist/setup.gateway-config-ueuag32X.js +250 -0
- package/dist/shared--9pW5Ce7.js +76 -0
- package/dist/shared-BHLRlMoM.js +217 -0
- package/dist/shared-BbFyx9G1.js +121 -0
- package/dist/shared-CiA5BTBf.js +198 -0
- package/dist/shared-runtime-9X8j5_KJ.js +7 -0
- package/dist/skill-commands-X1nUEOXX.js +83 -0
- package/dist/skill-commands.runtime-t_xMebUt.js +2 -0
- package/dist/skill-commands.runtime.js +1 -1
- package/dist/skills-clawhub-Qqd5npos.js +275 -0
- package/dist/skills-cli-D1XXa0XQ.js +370 -0
- package/dist/skills-install-Dub1fmyK.js +605 -0
- package/dist/skills-snapshot.runtime-jMF9Gla8.js +7 -0
- package/dist/skills-snapshot.runtime.js +1 -1
- package/dist/slash-state-C4SKy5al.js +1911 -0
- package/dist/speech-provider-DN4EL6mY.js +209 -0
- package/dist/speech-provider-DiHqRzvg.js +216 -0
- package/dist/speech-provider-I6DuR7ih.js +170 -0
- package/dist/src-CvAKVqK5.js +3974 -0
- package/dist/stage-sandbox-media.runtime-D3i8uZyP.js +232 -0
- package/dist/stage-sandbox-media.runtime.js +1 -1
- package/dist/stale-plugin-config-DjXhX5ro.js +103 -0
- package/dist/stale-plugin-config-OQnSe4DX.js +2 -0
- package/dist/startup-context-BCZp-nrD.js +312 -0
- package/dist/state-migrations-w5G6NV2T.js +820 -0
- package/dist/status-BHUXDOxB.js +190 -0
- package/dist/status-Bj0PB_BB.js +209 -0
- package/dist/status-CoR6bPDI.js +2 -0
- package/dist/status-DF3nzErU.js +3 -0
- package/dist/status-DYRFWBUr.js +2 -0
- package/dist/status-QjQ5fLJG.js +397 -0
- package/dist/status-RapY_a8v.js +62 -0
- package/dist/status-all-C5dOpSTJ.js +498 -0
- package/dist/status-json-Ch8iLhXc.js +14 -0
- package/dist/status-json-command-j0_mDLvG.js +84 -0
- package/dist/status-message-DZWQePYx.js +466 -0
- package/dist/status-message.runtime-uc5V05rB.js +6 -0
- package/dist/status-message.runtime.js +1 -1
- package/dist/status-queue.runtime-DCiv2--4.js +2 -0
- package/dist/status-queue.runtime.js +1 -1
- package/dist/status-runtime-shared-ZMmwbQgo.js +257 -0
- package/dist/status-subagents.runtime-BtzPnPQK.js +18 -0
- package/dist/status-subagents.runtime.js +1 -1
- package/dist/status-text-DWp3FqTV.js +237 -0
- package/dist/status.agent-local-BOqQC7TE.js +58 -0
- package/dist/status.command.text-runtime-BGajGa6I.js +15 -0
- package/dist/status.gateway-connection.runtime-oVziBbXJ.js +2 -0
- package/dist/status.gateway-connection.runtime.js +1 -1
- package/dist/status.gateway-probe-uIu3L-Rn.js +16 -0
- package/dist/status.gather-K0BR9xLt.js +2 -0
- package/dist/status.gather-vx7VGIBO.js +292 -0
- package/dist/status.link-channel-A9hhIWyV.js +35 -0
- package/dist/status.node-mode-Be4WLZXV.js +32 -0
- package/dist/status.node-mode-Blnsadww.js +2 -0
- package/dist/status.runtime-B2ripBxv.js +2 -0
- package/dist/status.runtime-Bo7TFvUE.js +2 -0
- package/dist/status.runtime.js +1 -1
- package/dist/status.scan-BiRMUkAL.js +65 -0
- package/dist/status.scan-overview-CHPUBwXN.js +379 -0
- package/dist/status.scan.deps.runtime.js +1 -1
- package/dist/status.scan.fast-json-B17v4E7m.js +132 -0
- package/dist/status.scan.fast-json-DnHV6-FY.js +2 -0
- package/dist/status.scan.runtime-DkG5vIQz.js +409 -0
- package/dist/status.scan.runtime.js +1 -1
- package/dist/status.summary-B-dxNuw4.js +2 -0
- package/dist/status.summary-BUa9nTjl.js +214 -0
- package/dist/status.update-Dk3S_7Lg.js +79 -0
- package/dist/status.update-XYGUXSP7.js +2 -0
- package/dist/store-B0wUii0o.js +910 -0
- package/dist/store-C6gzhrUl.js +4 -0
- package/dist/store.runtime-zFzaCgaN.js +2 -0
- package/dist/store.runtime.js +1 -1
- package/dist/stream-BGF6sIIj.js +664 -0
- package/dist/subagent-announce-cxSxcEpf.js +351 -0
- package/dist/subagent-announce-delivery-DWWzFpRW.js +726 -0
- package/dist/subagent-announce-output-BifyE5eI.js +364 -0
- package/dist/subagent-capabilities-AF6T_57k.js +251 -0
- package/dist/subagent-control-CdZhtCp9.js +506 -0
- package/dist/subagent-control.runtime-DBV8B-6z.js +3 -0
- package/dist/subagent-control.runtime.js +1 -1
- package/dist/subagent-followup.runtime-BPnUQG2q.js +68 -0
- package/dist/subagent-followup.runtime.js +1 -1
- package/dist/subagent-orphan-recovery-BmhbSEPM.js +305 -0
- package/dist/subagent-registry-BPOTEL9f.js +1753 -0
- package/dist/subagent-registry-DksKb1R4.js +3 -0
- package/dist/subagent-registry.runtime.js +1 -1
- package/dist/subagent-spawn-CtYFn2NM.js +1005 -0
- package/dist/supervisor-B-cWweJz.js +704 -0
- package/dist/supervisor-log.runtime.js +1 -1
- package/dist/system-cli-C_3trUzR.js +59 -0
- package/dist/systemd-linger-Bp7RlUum.js +2 -0
- package/dist/target-id-Ujv5hNZO.js +107 -0
- package/dist/targets-Rv4LtIoh.js +67 -0
- package/dist/targets.runtime.js +1 -1
- package/dist/task-executor-DjPeHczG.js +360 -0
- package/dist/task-owner-access-CMLLG2vh.js +74 -0
- package/dist/task-registry-Q3Cl90mj.js +2366 -0
- package/dist/task-registry-delivery-runtime-BSuaWdpl.js +2 -0
- package/dist/task-registry-delivery-runtime-DWCwND9H.js +3 -0
- package/dist/task-registry.maintenance-CvZuHZTV.js +416 -0
- package/dist/task-registry.maintenance-IDjkL8Np.js +2 -0
- package/dist/telegram/token.js +2 -2
- package/dist/testing-CNkQ39ew.js +575 -0
- package/dist/text-report-DVIG_L7b.js +587 -0
- package/dist/tool-auth-shared-De65N_fJ.js +90 -0
- package/dist/tool-policy-pipeline-Cwo7nErU.js +109 -0
- package/dist/tool-resolution-s05uymkY.js +90 -0
- package/dist/tools-effective-inventory--jk1GD1B.js +152 -0
- package/dist/tools-invoke-http-Bkpw98PK.js +206 -0
- package/dist/transcript-YAj-FvLG.js +312 -0
- package/dist/transcript-resolve.runtime-4NCOnX42.js +2 -0
- package/dist/transcript-resolve.runtime.js +1 -1
- package/dist/transcript.runtime-CoUyn9fx.js +2 -0
- package/dist/transcript.runtime.js +1 -1
- package/dist/trash-Bj9oW0g5.js +24 -0
- package/dist/tts-Cnj91x3B.js +64 -0
- package/dist/tui-cli-63sm8eVE.js +4575 -0
- package/dist/uninstall-9nOSf4s_.js +185 -0
- package/dist/update-DlxQL9Iy.js +1282 -0
- package/dist/update-cli-C_DkYNQx.js +1759 -0
- package/dist/update-runner-xWl321w2.js +1892 -0
- package/dist/update-startup-DDtqVzgO.js +331 -0
- package/dist/update-startup-DN0IlVjY.js +2 -0
- package/dist/upgrade-CROnI5RX.js +1226 -0
- package/dist/video-generation-provider-B8mxQJBe.js +271 -0
- package/dist/video-generation-provider-BmWUZDy3.js +78 -0
- package/dist/video-generation-provider-BnHoRhgc.js +254 -0
- package/dist/video-generation-provider-BzbQU0_O2.js +77 -0
- package/dist/video-generation-provider-C4a6Fid4.js +64 -0
- package/dist/video-generation-provider-CPKiG6d-.js +287 -0
- package/dist/video-generation-provider-Cvb0pnUY.js +221 -0
- package/dist/video-generation-provider-D40zcMSN.js +264 -0
- package/dist/video-generation-provider-DahQjVLx.js +118 -0
- package/dist/video-generation-provider-Ni3qeKHD.js +187 -0
- package/dist/video-generation-provider-VpDrag9H.js +281 -0
- package/dist/video-generation-task-status-D_6OimZH.js +163 -0
- package/dist/wait-for-idle-before-flush-jjJHjLe9.js +5986 -0
- package/dist/web-search-provider-CX_JSUqp.js +163 -0
- package/dist/webhooks-cli-BgTQ_P6o.js +321 -0
- package/dist/wizard-models-BXxRio-w.js +161 -0
- package/dist/workflow-runtime-D62ZaRZf.js +485 -0
- package/package.json +1 -1
- package/dist/abort-OiNnhIeU.js +0 -201
- package/dist/abort-cutoff.runtime-e5msXazz.js +0 -20
- package/dist/abort.runtime-32L7to00.js +0 -2
- package/dist/accounts-14lAXeAz.js +0 -107
- package/dist/accounts-LZBr-w-R.js +0 -2
- package/dist/accounts-Qds94ljJ.js +0 -104
- package/dist/acp-cli-Dpw7BGfH.js +0 -2193
- package/dist/acp-spawn-CY9aGxXS.js +0 -1093
- package/dist/acp-spawn-_f_fT2de.js +0 -2
- package/dist/acp-stateful-target-driver-CCR0BYbj.js +0 -89
- package/dist/action-agents-EpYpAn3c.js +0 -67
- package/dist/action-focus-B3Ps1mmc.js +0 -132
- package/dist/action-help-BGFH_VTi.js +0 -7
- package/dist/action-info-C8TaNUkA.js +0 -101
- package/dist/action-kill-DGSI5rAr.js +0 -33
- package/dist/action-list-mDthFZbQ.js +0 -21
- package/dist/action-log-BP5nomP5.js +0 -30
- package/dist/action-send-Bh2FybD3.js +0 -39
- package/dist/action-spawn-Dn0I3O5l.js +0 -47
- package/dist/action-unfocus-BC9BBJec.js +0 -29
- package/dist/actions.runtime-DbK3OvjW.js +0 -5
- package/dist/actions.runtime-ydCDe6F7.js +0 -18
- package/dist/agent-2o2eoVoy.js +0 -2
- package/dist/agent-command-DmyA9z8R.js +0 -874
- package/dist/agent-harness-runtime-B5rFeVnf.js +0 -144
- package/dist/agent-runner-utils-DZOonqcp.js +0 -239
- package/dist/agent-runner.runtime-ByRVf3ri.js +0 -3455
- package/dist/agent-runtime-CHO-MdDI.js +0 -18
- package/dist/agents-9L9SuCcn.js +0 -5
- package/dist/agents-WtBMKDwO.js +0 -954
- package/dist/agents.bindings-DUCT7yry.js +0 -2
- package/dist/agents.command-shared-BBhswYB6.js +0 -40
- package/dist/aliases-BbVKhonh.js +0 -96
- package/dist/aliases-CZ5oBftl.js +0 -2
- package/dist/api-BWDQZArS.js +0 -48
- package/dist/api-HqzZCzSZ.js +0 -5
- package/dist/api-YyjQX3CK.js +0 -3
- package/dist/api-aioOoaX8.js +0 -139
- package/dist/api-mhcwEPke.js +0 -4
- package/dist/apply-D-o-D5ae.js +0 -508
- package/dist/apply.runtime-BkZiuui8.js +0 -166
- package/dist/apply.runtime-BnL-LuiS.js +0 -2
- package/dist/approval-gateway-resolver-ZfVZSqSY.js +0 -29
- package/dist/approval-gateway-runtime-B3klmuhM.js +0 -2
- package/dist/approval-handler-runtime-B9-1ZE2m.js +0 -439
- package/dist/approval-native-runtime-Dc47eE28.js +0 -729
- package/dist/assistant-identity-BJGlR731.js +0 -74
- package/dist/attempt-execution.runtime-Dvb3Lr4C.js +0 -509
- package/dist/attempt-execution.shared-CrrA0Anh.js +0 -22
- package/dist/attempt.prompt-helpers-D42OSEcl.js +0 -221
- package/dist/attempt.tool-run-context-fDOIg6kt.js +0 -933
- package/dist/audit-B2pydz3g.js +0 -939
- package/dist/audit-extra.async-nI09atn6.js +0 -971
- package/dist/audit-tool-policy-BKWAS6yU.js +0 -3
- package/dist/audit.deep.runtime-aPovRAts.js +0 -2
- package/dist/audit.nondeep.runtime-BvrCJl4U.js +0 -880
- package/dist/audit.runtime-b0S_gQ96.js +0 -7
- package/dist/auth-BN2154e0.js +0 -383
- package/dist/auth-CAbEo0kO.js +0 -56
- package/dist/auth-D2nGJuio.js +0 -2
- package/dist/auth-ZHjpnQ6q.js +0 -177
- package/dist/auth-choice-BSXGTESF.js +0 -354
- package/dist/auth-choice-C5CTX499.js +0 -85
- package/dist/auth-choice-C9-7i28N.js +0 -3
- package/dist/auth-choice-inference-s8zdsYr7.js +0 -30
- package/dist/auth-choice-legacy-CCxoDHuP.js +0 -40
- package/dist/auth-choice-legacy-DDkk2RCn.js +0 -2
- package/dist/auth-choice-options-BIa3PkrG.js +0 -99
- package/dist/auth-choice-prompt-3zAPptyB.js +0 -2
- package/dist/auth-choice-prompt-CVXaEZMS.js +0 -37
- package/dist/auth-choice.apply.api-providers-CWgqsayF.js +0 -2
- package/dist/auth-install-policy-ISsAgDw3.js +0 -195
- package/dist/auth-order-CAYi780T.js +0 -2
- package/dist/auth-order-Db_WKPjd.js +0 -96
- package/dist/backup-verify-CdOAmzAS.js +0 -2
- package/dist/bash-tools-DBpdfhbT.js +0 -3
- package/dist/bash-tools-qdz1BvUq.js +0 -2824
- package/dist/bash-tools.exec-runtime-BxYRaGWr.js +0 -829
- package/dist/binding-routing-C5KQ4aMB.js +0 -85
- package/dist/binding-targets-B21rWX8y.js +0 -121
- package/dist/bonjour-discovery-DdJwp8BR.js +0 -2
- package/dist/bridge-server-Cd9HIyEM.js +0 -113
- package/dist/browser-control-auth-CqUfrmnh.js +0 -2
- package/dist/browser-node-runtime-C_gi-Hxh.js +0 -12
- package/dist/browser-profiles-B3PNUxu6.js +0 -2
- package/dist/browser-runtime-CKNoYQQT.js +0 -387
- package/dist/browser-setup-tools-BS6MamG8.js +0 -13
- package/dist/build-MUrq4SZe.js +0 -550
- package/dist/bundled-plugin-load-paths-PGID9xSk.js +0 -2
- package/dist/bundled-plugin-load-paths-gO3UWVBf.js +0 -110
- package/dist/call-4ZLbcShk.js +0 -3
- package/dist/call-CnVwqvc-.js +0 -331
- package/dist/call.runtime-P3tmnPlm.js +0 -2
- package/dist/capability-cli-Dsf3kVxU.js +0 -1401
- package/dist/catalog-provider-BbeVG9BX.js +0 -40
- package/dist/catchup-DIWi6bFP.js +0 -300
- package/dist/channel-Bd4WBT1e.js +0 -491
- package/dist/channel-BjZJYYzo.js +0 -297
- package/dist/channel-BxGYV6Zd.js +0 -840
- package/dist/channel-CLQBCnlI.js +0 -350
- package/dist/channel-CSWAj5aC.js +0 -226
- package/dist/channel-CbZZjPYz.js +0 -1100
- package/dist/channel-Cd2ZsgQ2.js +0 -453
- package/dist/channel-CfyL5j9F.js +0 -595
- package/dist/channel-Dblz16CA.js +0 -1174
- package/dist/channel-Dklq7HwR.js +0 -1802
- package/dist/channel-JMpXfym9.js +0 -1320
- package/dist/channel-add-wizard-BZxYZDO9.js +0 -125
- package/dist/channel-add-wizard-CaHT24zz.js +0 -2
- package/dist/channel-core-5nOGNjtf.js +0 -5
- package/dist/channel-doctor-BJW7bTGQ.js +0 -2
- package/dist/channel-inbound-BWxr-ADn.js +0 -31
- package/dist/channel-plugin-resolution-BPeYeZA8.js +0 -2
- package/dist/channel-plugin-resolution-BlBNIB2a.js +0 -153
- package/dist/channel-plugin-runtime-DbNUeRTy.js +0 -771
- package/dist/channel-runtime-B3OHY6mP.js +0 -425
- package/dist/channel-setup-Ds6mtf4v.js +0 -1297
- package/dist/channel.runtime-BJpm5f_F.js +0 -109
- package/dist/channel.runtime-Bj_EgjGh.js +0 -430
- package/dist/channel.runtime-CQlCIZX3.js +0 -2364
- package/dist/channel.runtime-M9ynpc3S.js +0 -34702
- package/dist/channel.runtime-SFS4pZM1.js +0 -576
- package/dist/channel.runtime-ZW6QViZZ.js +0 -4
- package/dist/channel.runtime-_XulV4EX.js +0 -89
- package/dist/channel.setup-WsdWwhwp.js +0 -10
- package/dist/channels-DGKW1oDr.js +0 -733
- package/dist/channels-cli-BlDYocQE.js +0 -268
- package/dist/chat-Dw8GHjpf.js +0 -2830
- package/dist/chrome-CpgPgeb8.js +0 -1181
- package/dist/clawbot-cli-0H08qQ39.js +0 -9
- package/dist/clawhub-B8vQZp2O.js +0 -400
- package/dist/cli-BqWXkeUs.js +0 -72
- package/dist/cli-DHl3RmiM.js +0 -2
- package/dist/cli-DvG2clNo.js +0 -219
- package/dist/cli-GgpzGzY-.js +0 -683
- package/dist/cli-H3X3Abhi.js +0 -2
- package/dist/cli-I_U18Zj7.js +0 -3726
- package/dist/cli-N7s4V_Ac.js +0 -154
- package/dist/cli-Q34b38_6.js +0 -2
- package/dist/cli-runner-D87jhfwM.js +0 -286
- package/dist/cli-runner.runtime-B53dwXf1.js +0 -4
- package/dist/cli-runner.runtime-CXPtmCqJ.js +0 -3
- package/dist/cli.runtime-DmBLxGrW.js +0 -1261
- package/dist/client-Bm9vKmhX.js +0 -138
- package/dist/client-CDLetywx.js +0 -713
- package/dist/command-auth-CvC6ZhtG.js +0 -76
- package/dist/command-config-resolution-Do83X_Bp.js +0 -23
- package/dist/command-config-resolution-pVG6FoqP.js +0 -2
- package/dist/command-config-resolution.runtime-kEVcfMZm.js +0 -2
- package/dist/command-execution-startup-IAvWVwb_.js +0 -305
- package/dist/command-registry-BdK4qesS.js +0 -9
- package/dist/command-registry-ClR7_y_z.js +0 -4
- package/dist/command-registry-core-B60OtQ9I.js +0 -101
- package/dist/command-secret-gateway-CvREjM9H.js +0 -528
- package/dist/command-status.runtime-3XmhZqmG.js +0 -87
- package/dist/commands-acp-BYABMzhY.js +0 -77
- package/dist/commands-compact.runtime-C3J3UER-.js +0 -10
- package/dist/commands-core.runtime-DFdJh60s.js +0 -2
- package/dist/commands-handlers.runtime-DCdcViLH.js +0 -4597
- package/dist/commands-reset-hooks-DLnWb1Va.js +0 -133
- package/dist/commands-status-CEF7Mp6D.js +0 -16
- package/dist/commands-status.runtime-zP6s0nfh.js +0 -3
- package/dist/commands-subagents-control.runtime-BSWumf8c.js +0 -2
- package/dist/commands-subagents-control.runtime-Dy4sppYu.js +0 -3
- package/dist/commands-system-prompt-BYonuxzQ.js +0 -158
- package/dist/commands-system-prompt-C6TjY3rz.js +0 -2
- package/dist/commands.runtime-DTd3pO4m.js +0 -166
- package/dist/compact-DeHVeOYR.js +0 -1118
- package/dist/compact.runtime-DO9qQwQU.js +0 -12
- package/dist/completion-cli-Deus3b8-.js +0 -328
- package/dist/config-Bw5Kew-v.js +0 -252
- package/dist/config-cli-DFB3iuKb.js +0 -1078
- package/dist/config-guard-t7jywPR-.js +0 -96
- package/dist/config-runtime-Bt88vmOj.js +0 -32
- package/dist/configure-CQIKpSbu.js +0 -1252
- package/dist/configure-DOc4NeXh.js +0 -2
- package/dist/connect-options-COnDbzRx.js +0 -699
- package/dist/control-auth-Cn5YR5wo.js +0 -125
- package/dist/control-service-BN9tjmGf.js +0 -156
- package/dist/control-ui/assets/agents-CZUIyxEM.js +0 -1052
- package/dist/control-ui/assets/canvas-Dm7T865D.js +0 -269
- package/dist/control-ui/assets/channels-CiPvudJA.js +0 -463
- package/dist/control-ui/assets/cron-B14-kw5R.js +0 -933
- package/dist/control-ui/assets/debug-CmDZanup.js +0 -94
- package/dist/control-ui/assets/index-DhGuBeJ2.js +0 -6359
- package/dist/control-ui/assets/instances-VaZKj4g5.js +0 -57
- package/dist/control-ui/assets/nodes-OYjiryo2.js +0 -436
- package/dist/control-ui/assets/plugins-PP89PB4Q.js +0 -273
- package/dist/control-ui/assets/sessions-i9hJdgF0.js +0 -306
- package/dist/control-ui/assets/skills-BbUBXFNS.js +0 -323
- package/dist/control-ui/assets/wallet-Olr48I33.js +0 -199
- package/dist/control-ui-BJSryFYU.js +0 -1043
- package/dist/conversation-id-DUC83-Xa.js +0 -235
- package/dist/conversation-id-G--VoHRy.js +0 -38
- package/dist/conversation-runtime-BgY9C2BO.js +0 -31
- package/dist/core-v4f7bXWW.js +0 -275
- package/dist/create-C26klqm6.js +0 -80
- package/dist/cron-cli-nedGNJU0.js +0 -713
- package/dist/daemon-cli-COmc1YwZ.js +0 -12
- package/dist/daemon-install-BOPAEUyR.js +0 -64
- package/dist/delegate-DEFh3qEB.js +0 -64
- package/dist/deliver-BFyI54_G.js +0 -747
- package/dist/deliver-CbT0UmtQ.js +0 -3
- package/dist/deliver-runtime-DOskrGHp.js +0 -2
- package/dist/delivery-outbound.runtime-CYJH20qm.js +0 -6
- package/dist/delivery.runtime-Bc8givN7.js +0 -253
- package/dist/detached-task-runtime-qIh7q5y5.js +0 -73
- package/dist/devices-cli-CVodCsvr.js +0 -498
- package/dist/diagnostic-support-export-8ChBfjDE.js +0 -533
- package/dist/diagnostics-Bk94MOXQ.js +0 -154
- package/dist/direct-dm-CHkFU7It.js +0 -64
- package/dist/directive-handling.fast-lane-BS0-sUhG.js +0 -66
- package/dist/directive-handling.impl-B1lfwgo8.js +0 -2
- package/dist/directive-handling.impl-E4GHiSw4.js +0 -703
- package/dist/directive-handling.model-selection-CbeBlSGR.js +0 -114
- package/dist/directive-handling.persist.runtime-BbOq7k7q.js +0 -215
- package/dist/directory-cli-APPOcabH.js +0 -240
- package/dist/discovery-CWThCB8j.js +0 -2
- package/dist/dispatch-BUIn3xT5.js +0 -1131
- package/dist/dispatch-acp-CauXB0Yh.js +0 -981
- package/dist/dispatch-acp-manager.runtime-B8MJ8ECj.js +0 -3
- package/dist/dispatch-acp-media.runtime-B1Y3Y1XZ.js +0 -4
- package/dist/dispatch-acp-session.runtime-DyC5raRj.js +0 -2
- package/dist/dispatch-acp.runtime-vchRvLDX.js +0 -19
- package/dist/doctor-auth-2TMwkvdZ.js +0 -172
- package/dist/doctor-auth-legacy-oauth-BrYdrsbD.js +0 -2
- package/dist/doctor-completion-8OcoxUsx.js +0 -2
- package/dist/doctor-config-flow-WxpaZx3C.js +0 -420
- package/dist/doctor-config-preflight-BaF4urE-.js +0 -63
- package/dist/doctor-config-preflight-DZtMnKmU.js +0 -2
- package/dist/doctor-cron-B2u67rGg.js +0 -678
- package/dist/doctor-device-pairing-ChWlWNdm.js +0 -307
- package/dist/doctor-gateway-daemon-flow-CSmhkG4A.js +0 -250
- package/dist/doctor-gateway-health-DYiucwjE.js +0 -63
- package/dist/doctor-gateway-services-D_PD0loN.js +0 -316
- package/dist/doctor-health-BInF5NOz.js +0 -59
- package/dist/doctor-health-contributions-C6TfTHDb.js +0 -493
- package/dist/doctor-memory-search-Cg2YmLfu.js +0 -372
- package/dist/doctor-prompter-DqkSAPwY.js +0 -56
- package/dist/doctor-sandbox-BjgX5g3i.js +0 -194
- package/dist/doctor-security-T7us9uYd.js +0 -210
- package/dist/doctor-startup-channel-maintenance-64W6Pwei.js +0 -17
- package/dist/doctor-state-migrations-C9RkcS_g.js +0 -2
- package/dist/doctor-ui-zOuoVLme.js +0 -96
- package/dist/doctor-update-sAD6RCVl.js +0 -58
- package/dist/doctor-workspace-k-oOpOeQ.js +0 -2
- package/dist/doctor-workspace-status-BAyT2p1j.js +0 -75
- package/dist/dreaming-0_evepvy.js +0 -1574
- package/dist/dreaming-narrative-BAEykAPD.js +0 -595
- package/dist/embedded-gateway-stub.runtime-CQXHNoef.js +0 -9
- package/dist/embedding-provider-D77jg3jO.js +0 -118
- package/dist/embeddings-D-kGtEij.js +0 -215
- package/dist/embeddings-http-CAfo13K3.js +0 -205
- package/dist/empty-allowlist-scan-1Cp5AShv.js +0 -94
- package/dist/empty-allowlist-scan-BI-ys6De.js +0 -2
- package/dist/exec-approval-forwarder.runtime-maLuSa-B.js +0 -3
- package/dist/exec-approvals-cli-BzYJkBAZ.js +0 -498
- package/dist/exec-defaults-BT1qVb9h.js +0 -67
- package/dist/exec-defaults-dNWVx7dc.js +0 -2
- package/dist/exec-safe-bins--gFVDDdV.js +0 -2
- package/dist/exec-safe-bins-eiLrQcAD.js +0 -148
- package/dist/execute.runtime-DJzB1HB8.js +0 -1366
- package/dist/fallbacks-BH4cdaV7.js +0 -2
- package/dist/fallbacks-BSBpnXa4.js +0 -31
- package/dist/fallbacks-shared-Clt3TsQ_.js +0 -111
- package/dist/format-4zWzhU8Q.js +0 -245
- package/dist/gateway-BGXRwNec.js +0 -115
- package/dist/gateway-cli-CzwyLwg1.js +0 -1325
- package/dist/gateway-discovery-targets-4C__L2V_.js +0 -42
- package/dist/gateway-install-token-CDZxlaDX.js +0 -141
- package/dist/gateway-rpc-BY3Oto7p.js +0 -14
- package/dist/gateway-rpc.runtime-BXWIEwJ2.js +0 -23
- package/dist/gateway-runtime-DRwUkgHW.js +0 -15
- package/dist/gateway-status-BpWDiRPo.js +0 -584
- package/dist/genesis-tools-C_polEcn.js +0 -9144
- package/dist/genesis-tools.runtime-wlLaYkmW.js +0 -2
- package/dist/get-reply-Djbscb0p.js +0 -3879
- package/dist/get-reply-from-config.runtime-c_yymFNc.js +0 -2
- package/dist/gmail-watcher-lifecycle-Be-CadK5.js +0 -191
- package/dist/gmail-watcher-lifecycle-ggzxPr2v.js +0 -2
- package/dist/graph-users-DGzo2oi0.js +0 -1337
- package/dist/health-BOIX5Hyd.js +0 -469
- package/dist/health-DgxS2kKr.js +0 -3
- package/dist/health-style-BpmhVr6t.js +0 -2
- package/dist/heartbeat-runner-CwIewAFM.js +0 -5
- package/dist/heartbeat-runner-DZWvlc6O.js +0 -1292
- package/dist/heartbeat-runner.runtime-Bvwexwm3.js +0 -4
- package/dist/hooks-cli-B__N8nFC.js +0 -433
- package/dist/hooks-status-BZmM-4uk.js +0 -86
- package/dist/image-fallbacks-ARdMNyk9.js +0 -2
- package/dist/image-fallbacks-B5f-IPre.js +0 -31
- package/dist/image-generation-core-DdJI4glx.js +0 -18
- package/dist/image-generation-provider-CnjSM2cp.js +0 -63
- package/dist/image-generation-provider-DMDKtyjs.js +0 -157
- package/dist/image-generation-provider-DSGaFXvB.js +0 -95
- package/dist/image-generation-provider-DWLTDUWA.js +0 -228
- package/dist/image-generation-provider-Dpt9Cxhe.js +0 -529
- package/dist/image-generation-provider-SOqiP_8D.js +0 -274
- package/dist/image-generation-provider-hTILgvEs.js +0 -137
- package/dist/image-runtime-Cw6KnPyI.js +0 -9
- package/dist/inbound-reply-dispatch-B3FKSrdM.js +0 -73
- package/dist/inbound.runtime-BEVTM-H0.js +0 -3
- package/dist/inbound.runtime-bre1AEdv.js +0 -4
- package/dist/infra-runtime-D40sSUCf.js +0 -39
- package/dist/init-D--934lj.js +0 -59
- package/dist/install-BPmIu7Fr.js +0 -726
- package/dist/install-BPzQAw9w.js +0 -190
- package/dist/install-security-scan-BI9eIS4d.js +0 -26
- package/dist/install-security-scan.runtime-CZdmIMiU.js +0 -671
- package/dist/install.runtime-CzO5O86f.js +0 -27
- package/dist/install.runtime-DSFCCJsH.js +0 -12
- package/dist/install.runtime-MU60vpuj.js +0 -2
- package/dist/jobs-BfZ4AGS3.js +0 -734
- package/dist/legacy-tools-by-sender-Cob0vuXU.js +0 -2
- package/dist/legacy-tools-by-sender-sXGvvdwZ.js +0 -95
- package/dist/library-DJ6vMjlq.js +0 -45
- package/dist/lifecycle-C4_KEIsv.js +0 -571
- package/dist/lifecycle-DvgTG8pk.js +0 -229
- package/dist/lifecycle.runtime-D1DCL-wO.js +0 -2
- package/dist/list-BXLV65Gc.js +0 -1212
- package/dist/list-Bso59rT0.js +0 -2
- package/dist/list-C27fOWdB.js +0 -2
- package/dist/list-_dDCEcd-.js +0 -131
- package/dist/list.probe-7PH4qvJj.js +0 -419
- package/dist/live-model-switch-Dzwoi72R.js +0 -336
- package/dist/llm-slug-generator-63kdm2OR.js +0 -79
- package/dist/load-config-C_aH0rca.js +0 -35
- package/dist/loader-PS-t7z4_.js +0 -222
- package/dist/local-dispatch.runtime-DB4L69Z-.js +0 -8
- package/dist/login-BYQtsezq.js +0 -108
- package/dist/logs-cli-D7lfZhM7.js +0 -265
- package/dist/logs-cli.runtime-CFyJZr7R.js +0 -2
- package/dist/main-session-restart-recovery-CN8gSmXd.js +0 -206
- package/dist/managed-image-attachments-BHpzxWpi.js +0 -635
- package/dist/managed-image-attachments-ynrnuzaN.js +0 -2
- package/dist/manager-BHdBsJ-4.js +0 -2057
- package/dist/manager-BbEguv55.js +0 -2
- package/dist/markdown-to-line-CvZX649M.js +0 -790
- package/dist/mcp-cli-Bm36vIZ8.js +0 -725
- package/dist/mcp-http-BAkamHPJ.js +0 -529
- package/dist/media-runtime-xDvelqeF.js +0 -329
- package/dist/media-understanding-D2f1Sw5u.js +0 -85
- package/dist/media-understanding-provider-B5zBHITx.js +0 -13
- package/dist/media-understanding-provider-BF9f8Kc2.js +0 -12
- package/dist/media-understanding-provider-BO0XCNzy.js +0 -28
- package/dist/media-understanding-provider-Cvz4Q6U8.js +0 -18
- package/dist/media-understanding-provider-DDAuhJ_N.js +0 -12
- package/dist/media-understanding-provider-DrmrHvoA.js +0 -85
- package/dist/media-understanding-provider-DvNmD55z.js +0 -18
- package/dist/media-understanding-provider-LIShWYb1.js +0 -21
- package/dist/media-understanding-provider-bTDblFEB.js +0 -37
- package/dist/media-understanding-provider-zMirTfGH.js +0 -69
- package/dist/media-understanding-runtime-D4TZ-fjJ.js +0 -2
- package/dist/memory-core-host-runtime-cli-Km35Eu66.js +0 -9
- package/dist/memory-embedding-adapter-LQFGssCg.js +0 -123
- package/dist/memory-host-search-D37_7MYw.js +0 -12
- package/dist/message-Dw1Q1vDW.js +0 -232
- package/dist/message-action-runner-5i2YKy26.js +0 -1407
- package/dist/message-action-runner-rouTQpow.js +0 -2
- package/dist/message-actions-CIGFQT75.js +0 -143
- package/dist/message-format-CKLFXoR1.js +0 -328
- package/dist/message.gateway.runtime-CsFUD3Xo.js +0 -2
- package/dist/model-picker-B4VYxzEq.js +0 -559
- package/dist/model-picker-CDUdNkfe.js +0 -3
- package/dist/model-picker.runtime-Vbq_0Nyf.js +0 -15
- package/dist/model-selection-DP4Zcp8n.js +0 -213
- package/dist/models-auth-status-D1KCepQd.js +0 -201
- package/dist/models-cli-Btj5FdA8.js +0 -219
- package/dist/models.fetch-kJPiR3kv.js +0 -518
- package/dist/monitor-BtGV4rhd.js +0 -1237
- package/dist/monitor-C_AtnL_B.js +0 -1459
- package/dist/monitor-CzrunYzr.js +0 -788
- package/dist/monitor-DVyns958.js +0 -671
- package/dist/monitor-Dl3Dgkhr.js +0 -1661
- package/dist/monitor-Dlvc68h5.js +0 -2
- package/dist/monitor-auth-tgR858Ie.js +0 -207
- package/dist/monitor-processing-vrwGp4ey.js +0 -1974
- package/dist/monitor.runtime-4gL93IXG.js +0 -2
- package/dist/monitor.webhook-BY6fnY01.js +0 -180
- package/dist/msteams-C_BTrDSD.js +0 -35
- package/dist/music-generation-provider-DS5qzKbp.js +0 -63
- package/dist/music-generation-provider-ETSXorR4.js +0 -170
- package/dist/native-hook-relay-BV_VTu1a.js +0 -519
- package/dist/nextcloud-talk-DAV3h79e.js +0 -17
- package/dist/node-cli-BMyfOX1d.js +0 -2506
- package/dist/nodes-cli-C7o6W-57.js +0 -1046
- package/dist/nodes-utils-CkcInlXX.js +0 -84
- package/dist/nodes.helpers-DlttpHIF.js +0 -34
- package/dist/notify-BPswoXqd.js +0 -315
- package/dist/oauth-BMW6Uu6d.js +0 -152
- package/dist/oauth-C57IxcVb.js +0 -139
- package/dist/oauth-Cos3_Tm8.js +0 -2
- package/dist/oauth-DLhqzpsA.js +0 -75
- package/dist/oauth-tls-preflight-7onGTMCp.js +0 -2
- package/dist/oauth.flow-B5sXe4f9.js +0 -45
- package/dist/oauth.flow-C4SGDpVk.js +0 -3
- package/dist/onboard-D2DJ5gYK.js +0 -632
- package/dist/onboard-azFxOPDQ.js +0 -316
- package/dist/onboard-channels-B_8hae58.js +0 -3
- package/dist/onboard-channels-CYYkzN3n.js +0 -2
- package/dist/onboard-config-Dkx9PDJF.js +0 -2
- package/dist/onboard-custom-DBWwn7bA.js +0 -3
- package/dist/onboard-custom-DqPCa9g_.js +0 -271
- package/dist/onboard-helpers-9F1luARe.js +0 -204
- package/dist/onboard-helpers-B35AFfng.js +0 -6
- package/dist/onboard-hooks-scqbQ_0u.js +0 -52
- package/dist/onboard-remote-3Yoz22Ua.js +0 -2
- package/dist/onboard-remote-DJNTDiWN.js +0 -193
- package/dist/onboard-search-88CSSNZj.js +0 -323
- package/dist/onboard-skills-4FG47R9v.js +0 -2
- package/dist/onboard-skills-DszLde1e.js +0 -134
- package/dist/onboarding-plugin-install-R2Wv8ogP.js +0 -406
- package/dist/open-policy-allowfrom-Bb8cflPm.js +0 -101
- package/dist/open-policy-allowfrom-D6Pt5lcH.js +0 -2
- package/dist/openai-codex-provider-Sn6gnpPy.js +0 -472
- package/dist/openai-http-RiSW6RCL.js +0 -500
- package/dist/openai-provider-C5WiV_oK.js +0 -313
- package/dist/opencode-BEf3DHS_.js +0 -35
- package/dist/openresponses-http-uihsQrWI.js +0 -1128
- package/dist/operator-approvals-client-CVnzkwJp.js +0 -68
- package/dist/outbound-runtime-C8CZBjjK.js +0 -5
- package/dist/outbound.runtime-Bu1pCn2b.js +0 -2
- package/dist/pair-command-approve-VnlhalEu.js +0 -44
- package/dist/persistent-bindings.lifecycle-CkZa5ZSw.js +0 -85
- package/dist/persistent-bindings.lifecycle-JneetERl.js +0 -2
- package/dist/pi-embedded-4mJWzgw8.js +0 -4
- package/dist/pi-embedded-Cbd5cHT-.js +0 -2905
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-Cc6L30ZZ.js +0 -23
- package/dist/pi-embedded.runtime-hOBxsSX2.js +0 -4
- package/dist/pi-tool-definition-adapter-BQ6J-gI3.js +0 -217
- package/dist/pi-tools-mrYKf_w5.js +0 -1057
- package/dist/pi-tools.before-tool-call-Bcu1s6dd.js +0 -2
- package/dist/pi-tools.before-tool-call-Bp_y436W.js +0 -433
- package/dist/plugin-C0AG4DfO.js +0 -12195
- package/dist/plugin-enabled-6QWARqV2.js +0 -140
- package/dist/plugin-install-CNvOZufr.js +0 -115
- package/dist/plugin-install-DQ_puPBW.js +0 -2
- package/dist/plugin-install-config-policy-CrdLAK6J.js +0 -137
- package/dist/plugin-install-plan-BlGsFyaK.js +0 -50
- package/dist/plugin-registration-BOWb2A5S.js +0 -23
- package/dist/plugin-registry-Dvz3pMfk.js +0 -3
- package/dist/plugin-registry-WynVAGXW.js +0 -2
- package/dist/plugin-service-CoZBvaKW.js +0 -2892
- package/dist/plugins-cli-DYqIZxn-.js +0 -584
- package/dist/plugins-command-helpers-B9R6gAMK.js +0 -107
- package/dist/plugins-install-persist-B9psaQNp.js +0 -133
- package/dist/plugins-update-command-n-54MoUJ.js +0 -1057
- package/dist/policy-CGIs0Whl.js +0 -328
- package/dist/prepare.runtime-GJ3FP8zv.js +0 -815
- package/dist/preview-warnings-C1sLJw-y.js +0 -120
- package/dist/probe-B0uel_53.js +0 -2
- package/dist/probe-BMLDcZ32.js +0 -241
- package/dist/probe-Bav-QtgY.js +0 -243
- package/dist/probe-BiwA57vj.js +0 -74
- package/dist/probe-Ci_3ht33.js +0 -2205
- package/dist/probe-D8pMlDSU.js +0 -1443
- package/dist/probe-DezLtnJj.js +0 -2
- package/dist/probe-Dt1gxKms.js +0 -45
- package/dist/probe-auth-DlhTwb46.js +0 -3
- package/dist/program-S6C78I73.js +0 -111
- package/dist/program-context-Ds8uJ5_0.js +0 -2
- package/dist/prompt-select-styled-bIPy-fsG.js +0 -20
- package/dist/protocol-C83jsm03.js +0 -2335
- package/dist/provider-CwjDoVuI.js +0 -70
- package/dist/provider-api-key-auth-DJsXnAsJ.js +0 -114
- package/dist/provider-auth-5weS24pb.js +0 -46
- package/dist/provider-auth-api-key-xONPO54i.js +0 -5
- package/dist/provider-auth-choice-BU6Uu-NM.js +0 -228
- package/dist/provider-auth-choice-preference-CjLBlWwT.js +0 -27
- package/dist/provider-auth-choices-Cae9lEV6.js +0 -2
- package/dist/provider-auth-guidance-2WFCZas6.js +0 -2
- package/dist/provider-auth-login-Dx6MBNVR.js +0 -8
- package/dist/provider-auth-login.runtime-DPU3bX7X.js +0 -267
- package/dist/provider-dispatcher-C5E193P9.js +0 -22
- package/dist/provider-dispatcher-DRpaBVoI.js +0 -2
- package/dist/provider-entry-CMWmgrzY.js +0 -106
- package/dist/provider-flow-B_lCjxh6.js +0 -148
- package/dist/provider-install-catalog-CHnjnVn4.js +0 -108
- package/dist/provider-model-defaults-6YyFItrt.js +0 -6
- package/dist/provider-registration-Cz_Sa6aj.js +0 -218
- package/dist/provider-registration-oDE3wvPW.js +0 -37
- package/dist/proxy-cli-5dsD8slb.js +0 -44
- package/dist/proxy-cli.runtime-DtOAaJyi.js +0 -372
- package/dist/pw-ai-CuxAxPAK.js +0 -2511
- package/dist/qr-cli-BGy1EdFR.js +0 -2
- package/dist/qr-cli-D1N1qj4a.js +0 -349
- package/dist/qr-image-CfoAOgi7.js +0 -2
- package/dist/queue-SeTgQ4v1.js +0 -409
- package/dist/reaction-runtime-api-CCX6OLTi.js +0 -116
- package/dist/reactions-HriS4Lzd.js +0 -998
- package/dist/read-capability-CugyApjs.js +0 -412
- package/dist/register-service-commands-Bm3YW4mf.js +0 -71
- package/dist/register.agent-C_sWjcmM.js +0 -248
- package/dist/register.backup-D2H0YOM2.js +0 -64
- package/dist/register.configure-CDV38g-s.js +0 -15
- package/dist/register.maintenance-HM6XlAmr.js +0 -438
- package/dist/register.message-CppmF8Fq.js +0 -329
- package/dist/register.onboard-DVw5tTxy.js +0 -81
- package/dist/register.runtime-Bv_g58Z3.js +0 -81
- package/dist/register.setup-DrYBirHr.js +0 -150
- package/dist/register.status-health-sessions-D_BlsslT.js +0 -1215
- package/dist/register.subclis-B_mIsoj1.js +0 -29
- package/dist/register.subclis-cEgJqD-F.js +0 -3
- package/dist/register.subclis-core-9Vbv6pXL.js +0 -249
- package/dist/register.wallet-B8SZqXvK.js +0 -159
- package/dist/repair-sequencing-CHE8lZBR.js +0 -145
- package/dist/reply-dispatch-runtime-D2iW6oyM.js +0 -13
- package/dist/reply-media-paths.runtime-Cbeuxf6S.js +0 -2
- package/dist/reply-media-paths.runtime-Ce0sUqmz.js +0 -146
- package/dist/reply-runtime-DbZbTyRR.js +0 -11
- package/dist/reply.runtime-HZt78rs1.js +0 -2
- package/dist/resolve-cTAHXgZf.js +0 -259
- package/dist/response-generator-I1Txyrne.js +0 -175
- package/dist/restart-health-COnZzsKp.js +0 -202
- package/dist/restart-health-eI6OqLsK.js +0 -2
- package/dist/root-help-JJCwZUWN.js +0 -44
- package/dist/route-reply-Ceh8EGzd.js +0 -162
- package/dist/route-reply.runtime-CnrZS4em.js +0 -2
- package/dist/routes-8SM2K3mV.js +0 -3341
- package/dist/routes-CdA2B5Ih.js +0 -2
- package/dist/rpc-BjIUGNvJ.js +0 -61
- package/dist/rpc.runtime-DrJSFwsT.js +0 -21
- package/dist/run-auth-profile.runtime-DWQ2cTlZ.js +0 -2
- package/dist/run-delivery.runtime-r8f_tOSs.js +0 -530
- package/dist/run-embedded.runtime-cWFV7jeB.js +0 -4
- package/dist/run-execution-cli.runtime-Cb_A5ZXZ.js +0 -4
- package/dist/run-executor.runtime-cIKt7XT8.js +0 -277
- package/dist/run-main-Dkeo211Q.js +0 -516
- package/dist/run-subagent-registry.runtime-D3RJ_VVd.js +0 -2
- package/dist/run-wait-BNHvcVAx.js +0 -135
- package/dist/runner-BYC9AI6n.js +0 -966
- package/dist/runner.entries-RQHPJQlO.js +0 -604
- package/dist/runtime-7KFT5Wnl.js +0 -263
- package/dist/runtime-CAnPdqA9.js +0 -973
- package/dist/runtime-JujtR8I6.js +0 -72
- package/dist/runtime-PfHASyBB.js +0 -9
- package/dist/runtime-ZRlD3E9S.js +0 -2
- package/dist/runtime-api-BH3mTSpX.js +0 -9
- package/dist/runtime-api-DWMVXYzi.js +0 -9
- package/dist/runtime-api-ejyh_z6Z.js +0 -14
- package/dist/runtime-api-m8CybWFK.js +0 -4
- package/dist/runtime-embedded-pi.runtime-C-IVwtTs.js +0 -2
- package/dist/runtime-entry-C05y9IWz.js +0 -2769
- package/dist/runtime-fpqEiCAz.js +0 -116
- package/dist/runtime-internal-Dfyi8iby.js +0 -2
- package/dist/runtime-options-CL-8UQhL.js +0 -275
- package/dist/runtime-prepare.runtime-CP3YZRq0.js +0 -80
- package/dist/runtime-registry-loader-C03Ol6U_.js +0 -2
- package/dist/runtime-schema-CQHEAWIe.js +0 -27796
- package/dist/runtime-web-tools-DX1a8FUK.js +0 -1477
- package/dist/sandbox-DjctEHje.js +0 -1156
- package/dist/sandbox-F3gPY6yS.js +0 -3
- package/dist/sandbox-cli-BSvKQdGK.js +0 -450
- package/dist/scan-CLP9mf6Q.js +0 -523
- package/dist/scan-D_J6FOI2.js +0 -2
- package/dist/secrets-cli-DSSo4ZAV.js +0 -2101
- package/dist/security-cli-BrgxYyHT.js +0 -486
- package/dist/selection-BLnL3CIA.js +0 -7736
- package/dist/selection-Bopczn8T.js +0 -2
- package/dist/send-BKyU3kY5.js +0 -156
- package/dist/send-BtiJkfWW.js +0 -102
- package/dist/send.runtime-DF-vTxbI.js +0 -2
- package/dist/server-BLWOFAVH.js +0 -13
- package/dist/server-CcSf1M9y.js +0 -77
- package/dist/server-context-9-okJgp8.js +0 -2
- package/dist/server-context-BFPsolSM.js +0 -847
- package/dist/server-node-events-9U-zD3f7.js +0 -481
- package/dist/server-plugin-bootstrap-Br17f8OG.js +0 -11535
- package/dist/server-plugin-bootstrap-v7VjtrnR.js +0 -2
- package/dist/server-restart-sentinel-CRSWqLu5.js +0 -697
- package/dist/server.impl-CUbtVPLf.js +0 -12822
- package/dist/session-DAybdZjw.js +0 -48
- package/dist/session-envelope-CiS8YBeP.js +0 -18
- package/dist/session-key-D68MvGwI.js +0 -65
- package/dist/session-kill-http-AYORP5Al.js +0 -110
- package/dist/session-meta-DiXSQVi7.js +0 -109
- package/dist/session-override-BSDJ8_ze.js +0 -106
- package/dist/session-reset-model.runtime-DY4_Jb5l.js +0 -133
- package/dist/session-reset-service-B8-SYOa3.js +0 -471
- package/dist/session-route-DCD8YOOS.js +0 -93
- package/dist/session-status.runtime-DT5nKTVP.js +0 -2
- package/dist/session-store-DKe1sTca.js +0 -126
- package/dist/session-store.runtime-BT09hrcf.js +0 -2
- package/dist/session-subagent-reactivation.runtime-moOExxRG.js +0 -2
- package/dist/session-tab-registry-6CK-3LZT.js +0 -581
- package/dist/session-updates-BthqeByC.js +0 -236
- package/dist/session-updates.runtime-DVIwMwM2.js +0 -2
- package/dist/session-utils-D3S2x7za.js +0 -1006
- package/dist/session-visibility-BOaiW8-B.js +0 -147
- package/dist/sessions-CPxZnP4C.js +0 -2
- package/dist/sessions-CRZaJLRB.js +0 -281
- package/dist/sessions-CenAwEJA.js +0 -48
- package/dist/sessions-helpers-D54klZ0N.js +0 -304
- package/dist/sessions-history-http-CSvtpCvi.js +0 -383
- package/dist/sessions-patch-B19xMHkL.js +0 -309
- package/dist/sessions-q9vEmfIg.js +0 -16
- package/dist/sessions-resolve-DVmdzrE3.js +0 -174
- package/dist/sessions.runtime-B7jlBz2G.js +0 -2
- package/dist/setup-CUfiTgI2.js +0 -421
- package/dist/setup-D6ihayO1.js +0 -495
- package/dist/setup-api-9s67oXlp.js +0 -29
- package/dist/setup-core-C99fpLlr.js +0 -176
- package/dist/setup-core-DaClXvq0.js +0 -171
- package/dist/setup-surface-D525KEVY.js +0 -403
- package/dist/setup-surface-Dp8-7oqb.js +0 -219
- package/dist/setup-surface-MTokVtpC.js +0 -286
- package/dist/setup.finalize-C-itcXZh.js +0 -539
- package/dist/setup.gateway-config-CtF_uR41.js +0 -250
- package/dist/shared-0_Njvu-4.js +0 -76
- package/dist/shared-CINoi8DP.js +0 -121
- package/dist/shared-CU_QI-su.js +0 -198
- package/dist/shared-runtime-9k_uwoVc.js +0 -7
- package/dist/shared-zk2nFjiQ.js +0 -217
- package/dist/skill-commands-Lr9mozPh.js +0 -83
- package/dist/skill-commands.runtime-Ccrr5sDP.js +0 -2
- package/dist/skills-clawhub-CoxSpq-t.js +0 -275
- package/dist/skills-cli-B1nEXYxf.js +0 -370
- package/dist/skills-install-CEyr4Q-0.js +0 -605
- package/dist/skills-snapshot.runtime-sRNT0SD9.js +0 -7
- package/dist/slash-state-BuwOIYbQ.js +0 -1911
- package/dist/speech-provider-9X-lk7rt.js +0 -209
- package/dist/speech-provider-C-hGxBbz.js +0 -170
- package/dist/speech-provider-D7FCMXvu.js +0 -216
- package/dist/src-gxqtPkSN.js +0 -3974
- package/dist/stage-sandbox-media.runtime-xcawVs24.js +0 -232
- package/dist/stale-plugin-config-B8toKRW8.js +0 -103
- package/dist/stale-plugin-config-DVSwZdEN.js +0 -2
- package/dist/startup-context-D63-imDC.js +0 -312
- package/dist/state-migrations-DSr9JHsF.js +0 -820
- package/dist/status-9obFamZT.js +0 -190
- package/dist/status-BLqb-tK5.js +0 -2
- package/dist/status-Cj4HleBk.js +0 -3
- package/dist/status-CrgOhrg3.js +0 -2
- package/dist/status-Cv1wtqRZ.js +0 -62
- package/dist/status-DJ8qQBGJ.js +0 -209
- package/dist/status-KZK7NRWz.js +0 -397
- package/dist/status-all-DC3fCVvo.js +0 -498
- package/dist/status-json-Bjfa0-_5.js +0 -14
- package/dist/status-json-command-C1RdwAgR.js +0 -84
- package/dist/status-message-D7mxoFt4.js +0 -466
- package/dist/status-message.runtime-dzziJRO-.js +0 -6
- package/dist/status-queue.runtime-C10WJezD.js +0 -2
- package/dist/status-runtime-shared-CeOsrR35.js +0 -257
- package/dist/status-subagents.runtime-BMBErdMe.js +0 -18
- package/dist/status-text-ByBEK9so.js +0 -237
- package/dist/status.agent-local-BTmtArDP.js +0 -58
- package/dist/status.command.text-runtime-DJ8gaett.js +0 -15
- package/dist/status.gateway-connection.runtime-DkseUSEe.js +0 -2
- package/dist/status.gateway-probe-DMp_6M2v.js +0 -16
- package/dist/status.gather-BTPHTrHG.js +0 -2
- package/dist/status.gather-DSIUKAm8.js +0 -292
- package/dist/status.link-channel-F-n80oQz.js +0 -35
- package/dist/status.node-mode-DsEoChD0.js +0 -32
- package/dist/status.node-mode-GE_T0IDV.js +0 -2
- package/dist/status.runtime-ivZORZbF.js +0 -2
- package/dist/status.runtime-jws8sBty.js +0 -2
- package/dist/status.scan-DauR-WY5.js +0 -65
- package/dist/status.scan-overview-Dpo0T83_.js +0 -379
- package/dist/status.scan.fast-json-Bf4asO-s.js +0 -2
- package/dist/status.scan.fast-json-CmZ53rDy.js +0 -132
- package/dist/status.scan.runtime-CD7rhB8Y.js +0 -409
- package/dist/status.summary-BVBb43IU.js +0 -214
- package/dist/status.summary-BsoP31Ak.js +0 -2
- package/dist/status.update-CHdoxDYF.js +0 -2
- package/dist/status.update-FoMyXtJt.js +0 -79
- package/dist/store-t_e6UeQl.js +0 -910
- package/dist/store-z-qNX5aX.js +0 -4
- package/dist/store.runtime-DP2Pprik.js +0 -2
- package/dist/stream-kpMWhVzc.js +0 -664
- package/dist/subagent-announce-DuNuyqJY.js +0 -351
- package/dist/subagent-announce-delivery-B4UiR8AX.js +0 -726
- package/dist/subagent-announce-output-X7dAFWpV.js +0 -364
- package/dist/subagent-capabilities-Br1FQ2Ar.js +0 -251
- package/dist/subagent-control-CwADDJMF.js +0 -506
- package/dist/subagent-control.runtime-CJp0aK6O.js +0 -3
- package/dist/subagent-followup.runtime-DgCRHo-P.js +0 -68
- package/dist/subagent-orphan-recovery-DPaND0LA.js +0 -305
- package/dist/subagent-registry-BIAzu8LD.js +0 -1753
- package/dist/subagent-registry-Z8SdU9lH.js +0 -3
- package/dist/subagent-spawn-DIKeFu9r.js +0 -1005
- package/dist/supervisor-BwVXGbW1.js +0 -704
- package/dist/system-cli-O5gzFbKg.js +0 -59
- package/dist/systemd-linger-CH5Ywx8A.js +0 -2
- package/dist/target-id-DEEWnLPz.js +0 -107
- package/dist/targets-BqOfjrX_.js +0 -67
- package/dist/task-executor-BGncFMoh.js +0 -360
- package/dist/task-owner-access-DQYVI-In.js +0 -74
- package/dist/task-registry-8GSAuUDF.js +0 -2366
- package/dist/task-registry-delivery-runtime-661R5b9C.js +0 -3
- package/dist/task-registry-delivery-runtime-BCICoM3b.js +0 -2
- package/dist/task-registry.maintenance-CPSvCCES.js +0 -416
- package/dist/task-registry.maintenance-CYEycEiH.js +0 -2
- package/dist/testing-BALbxnoY.js +0 -575
- package/dist/text-report-C31JmnxT.js +0 -587
- package/dist/tool-auth-shared-lOvNDLXS.js +0 -90
- package/dist/tool-policy-pipeline-CSh3Mr8c.js +0 -109
- package/dist/tool-resolution-BxjrmKBb.js +0 -90
- package/dist/tools-effective-inventory-DGNt7lW2.js +0 -152
- package/dist/tools-invoke-http-Dj-ReJVx.js +0 -206
- package/dist/transcript-DK8bLOGQ.js +0 -312
- package/dist/transcript-resolve.runtime-CCOPZ5SW.js +0 -2
- package/dist/transcript.runtime-nYO6HglP.js +0 -2
- package/dist/trash-CdL58JhS.js +0 -24
- package/dist/tts-CpqgN8Lc.js +0 -64
- package/dist/tui-cli-drmGvmS6.js +0 -4575
- package/dist/uninstall-CYlyPrRR.js +0 -185
- package/dist/update-YjxOXm5D.js +0 -1282
- package/dist/update-cli-BfhENNCG.js +0 -1759
- package/dist/update-runner-Dnc4hBQd.js +0 -1892
- package/dist/update-startup-DSnY9P3k.js +0 -331
- package/dist/update-startup-DnApgs_7.js +0 -2
- package/dist/upgrade-DGTmkfQr.js +0 -1226
- package/dist/video-generation-provider-24yLqnSZ.js +0 -254
- package/dist/video-generation-provider-8j4PNLKE.js +0 -118
- package/dist/video-generation-provider-DDwLRLiR.js +0 -187
- package/dist/video-generation-provider-DGJe4N-c.js +0 -271
- package/dist/video-generation-provider-DLMLF7z-2.js +0 -77
- package/dist/video-generation-provider-D_T2R-Mh.js +0 -287
- package/dist/video-generation-provider-DcNUjls_.js +0 -78
- package/dist/video-generation-provider-Dl6j6XIE.js +0 -281
- package/dist/video-generation-provider-DnVDR0yx.js +0 -221
- package/dist/video-generation-provider-oE8-W2xN.js +0 -64
- package/dist/video-generation-provider-weeKqmY-.js +0 -264
- package/dist/video-generation-task-status-CQ9vf0P1.js +0 -163
- package/dist/wait-for-idle-before-flush-XCTsu7bq.js +0 -5986
- package/dist/web-search-provider-Cm90v9So.js +0 -163
- package/dist/webhooks-cli-DbinLpWK.js +0 -321
- package/dist/wizard-models-CYnCrGUS.js +0 -161
- package/dist/workflow-runtime-DmHRkMvf.js +0 -485
- /package/dist/{agent-list-vf9Q1JYA.js → agent-list-BG1HT1uV.js} +0 -0
- /package/dist/{agents.bindings-Bem54JDr.js → agents.bindings-BsKwP-M1.js} +0 -0
- /package/dist/{agents.config-Bf4IE_jt.js → agents.config-BcQjdDjt.js} +0 -0
- /package/dist/{audit-channel.collect.runtime-4SDS3d6l.js → audit-channel.collect.runtime-Da2LJFzJ.js} +0 -0
- /package/dist/{audit-tool-policy-DfW-Bg35.js → audit-tool-policy-Bp9Sm0oc.js} +0 -0
- /package/dist/{auth-choice.apply.api-providers-Dr-BX6uo.js → auth-choice.apply.api-providers-nfkY6hL9.js} +0 -0
- /package/dist/{auth-choice.plugin-providers.runtime-DJ50fpMo.js → auth-choice.plugin-providers.runtime-CKKBgy5E.js} +0 -0
- /package/dist/{auth-surface-resolution-CPavr6ne.js → auth-surface-resolution-C5xRC0i_.js} +0 -0
- /package/dist/{backup-verify-BBzQn06f.js → backup-verify-DeZBme1Z.js} +0 -0
- /package/dist/{bonjour-discovery-BCuBu3eC.js → bonjour-discovery-DVp0CY5y.js} +0 -0
- /package/dist/{browser-open-DJ4t4o6e.js → browser-open-BmFZAtQZ.js} +0 -0
- /package/dist/{channel-account-context-CxskCBia.js → channel-account-context-08pGSfVf.js} +0 -0
- /package/dist/{channel-capabilities-CGqnrmrr.js → channel-capabilities-bO3yWqgu.js} +0 -0
- /package/dist/{channel-doctor-C29LMDyi.js → channel-doctor-DROap4LU.js} +0 -0
- /package/dist/{channel-plugin-blockers-Db1JoUT3.js → channel-plugin-blockers-DS3H1CnV.js} +0 -0
- /package/dist/{channel-selection.runtime-CFTt0ATQ.js → channel-selection.runtime-C8I-oIhj.js} +0 -0
- /package/dist/{channels-status-issues-BvyaX7fu.js → channels-status-issues-DhD0yasL.js} +0 -0
- /package/dist/{channels-table-DGrWByle.js → channels-table-CdaaJWDE.js} +0 -0
- /package/dist/{close-reason-DPozo0RR.js → close-reason-DCEn5ZLO.js} +0 -0
- /package/dist/{config-2LFRVjdy.js → config-DGZhYDuc.js} +0 -0
- /package/dist/{config-mutation-state-DvELg9U3.js → config-mutation-state-4dXmSxXo.js} +0 -0
- /package/dist/{config-validation-Gz3XLWkk.js → config-validation-Bx_ufkz3.js} +0 -0
- /package/dist/{configured-DHBUKT37.js → configured-LOSXYOON.js} +0 -0
- /package/dist/{control-ui-assets-Bn4WlmDz.js → control-ui-assets-_5qLV7Of.js} +0 -0
- /package/dist/{coverage-BgPvdovz.js → coverage-BW7REo8f.js} +0 -0
- /package/dist/{daemon-install-auth-profiles-source.runtime-1VDwhrxW.js → daemon-install-auth-profiles-source.runtime-CT6HhS4a.js} +0 -0
- /package/dist/{daemon-install-auth-profiles-store.runtime-DX6klKlD.js → daemon-install-auth-profiles-store.runtime-Bmt-S1Th.js} +0 -0
- /package/dist/{delivery-logger.runtime-QED0YWeh.js → delivery-logger.runtime-aZc6eYH6.js} +0 -0
- /package/dist/{delivery-subagent-registry.runtime-BzWcJLcF.js → delivery-subagent-registry.runtime-DbsJlOPs.js} +0 -0
- /package/dist/{delivery-target.runtime-MCOBBchX.js → delivery-target.runtime-CJ2AFZQF.js} +0 -0
- /package/dist/{discovery-DGW2-MLa.js → discovery-CrxVb47K.js} +0 -0
- /package/dist/{doctor-auth-legacy-oauth-BV7C6Vfj.js → doctor-auth-legacy-oauth-CQ-450U8.js} +0 -0
- /package/dist/{doctor-bootstrap-size-PW5cPiSq.js → doctor-bootstrap-size-DFMO-0_2.js} +0 -0
- /package/dist/{doctor-browser-DcQUu327.js → doctor-browser-DAmWk-ym.js} +0 -0
- /package/dist/{doctor-bundled-plugin-runtime-deps-D1esrgeQ.js → doctor-bundled-plugin-runtime-deps-DL8egd0z.js} +0 -0
- /package/dist/{doctor-claude-cli-B4BZv-kG.js → doctor-claude-cli-D8n8fZH1.js} +0 -0
- /package/dist/{doctor-completion-WKgtPjbK.js → doctor-completion-DlF2_ta4.js} +0 -0
- /package/dist/{doctor-config-analysis-BQdKpP5K.js → doctor-config-analysis-G4qApgNB.js} +0 -0
- /package/dist/{doctor-install-DmjLfve4.js → doctor-install-BMLurFXg.js} +0 -0
- /package/dist/{doctor-platform-notes-R_SxZdMz.js → doctor-platform-notes-DclB4xTp.js} +0 -0
- /package/dist/{doctor-plugin-manifests-CA7lPt_x.js → doctor-plugin-manifests-Df-R6NRK.js} +0 -0
- /package/dist/{doctor-repair-mode-DUDOaIhC.js → doctor-repair-mode-DjA0yOsO.js} +0 -0
- /package/dist/{doctor-session-locks-Dx6vj6mm.js → doctor-session-locks-nnNg0XQt.js} +0 -0
- /package/dist/{doctor-state-integrity-BQo15whd.js → doctor-state-integrity-mZ-atajo.js} +0 -0
- /package/dist/{doctor-workspace-BIyTt_M_.js → doctor-workspace-CC8n4W1s.js} +0 -0
- /package/dist/{gateway-lock-BaykvnC-.js → gateway-lock-BJ54teSG.js} +0 -0
- /package/dist/{gateway-presence-Dut8sl-J.js → gateway-presence-Ck83hwdf.js} +0 -0
- /package/dist/{gmail-setup-utils-ZOTbsJFv.js → gmail-setup-utils-CJA4K3ai.js} +0 -0
- /package/dist/{health-format-B2qc32Pr.js → health-format-lZouXkHr.js} +0 -0
- /package/dist/{health-style-BbCs1Yab.js → health-style-L-8YpdOF.js} +0 -0
- /package/dist/{help-CwxpeDY5.js → help-B0u4yzRF.js} +0 -0
- /package/dist/{helpers-LcBHwWZc.js → helpers-_-TEHOc6.js} +0 -0
- /package/dist/{http-endpoint-helpers-BNftqeoQ.js → http-endpoint-helpers-C9HFCAZ9.js} +0 -0
- /package/dist/{image-CAZ8XAQL.js → image-B6bNXdin.js} +0 -0
- /package/dist/{image-generation-core.auth.runtime-0Qo_H5K_.js → image-generation-core.auth.runtime-B9u67AkK.js} +0 -0
- /package/dist/{includes-scan-DoynIeya.js → includes-scan-C2pgYVb9.js} +0 -0
- /package/dist/{input-allowlist-c0bB2eKy.js → input-allowlist-BOaar9sV.js} +0 -0
- /package/dist/{install-package-dir-DPpzkcTy.js → install-package-dir-DBuZueA5.js} +0 -0
- /package/dist/{install-target-DVcgbidG.js → install-target-CIbvCu-L.js} +0 -0
- /package/dist/{ipv4-DMxATcV1.js → ipv4-x_VPPHNE.js} +0 -0
- /package/dist/{lifecycle-startup-gLhpfLB7.js → lifecycle-startup-irALz7cL.js} +0 -0
- /package/dist/{log-tail-9Hz1lmAo.js → log-tail-X0OPkkt2.js} +0 -0
- /package/dist/{memory-host-search.runtime-HNAskOxX.js → memory-host-search.runtime-DDlULx33.js} +0 -0
- /package/dist/{message.config.runtime-Cso6MvT8.js → message.config.runtime-Cn6_nzb5.js} +0 -0
- /package/dist/{models-http-x7qxTDsp.js → models-http-C485AWr-.js} +0 -0
- /package/dist/{node-service-BJUuDPKK.js → node-service-DoJ8Y9pv.js} +0 -0
- /package/dist/{object-PDLz41ub.js → object-Bx7kd36S.js} +0 -0
- /package/dist/{onboard-config-izAl6gwz.js → onboard-config-CqQvgsYa.js} +0 -0
- /package/dist/{onboard-core-auth-flags-BMxne6w7.js → onboard-core-auth-flags-__K0sJjJ.js} +0 -0
- /package/dist/{onboard-custom-config-3QJEWGL0.js → onboard-custom-config-BWwqk5fe.js} +0 -0
- /package/dist/{package-update-utils-DE_n1gKX.js → package-update-utils-CCxatoo6.js} +0 -0
- /package/dist/{pairing-cli-d6AhyJBm.js → pairing-cli-D-FUyZEV.js} +0 -0
- /package/dist/{parse-log-line-LslQCpUT.js → parse-log-line-DoA9bQrQ.js} +0 -0
- /package/dist/{paths-Cg-jfcZN.js → paths-BJ5uczC1.js} +0 -0
- /package/dist/{ports-Ce2qG4x8.js → ports-CC9fm-fy.js} +0 -0
- /package/dist/{probe-auth-Bn7VL9ZR.js → probe-auth-DFrZGBYH.js} +0 -0
- /package/dist/{probe-target-BSlPhDks.js → probe-target-Chki0Xkk.js} +0 -0
- /package/dist/{program-context-Kgd1rM3u.js → program-context-zMhdBPNy.js} +0 -0
- /package/dist/{provider-api-key-auth.runtime-VgQwNphE.js → provider-api-key-auth.runtime-BmxvYpks.js} +0 -0
- /package/dist/{provider-auth-choices-BCbf2yRh.js → provider-auth-choices-BB5yTDNn.js} +0 -0
- /package/dist/{provider-auth-guidance-BWdK-ykC.js → provider-auth-guidance-CP_5xA8Y.js} +0 -0
- /package/dist/{provider-openai-codex-oauth-tls-DtZu90G7.js → provider-openai-codex-oauth-tls-DerZ1cTV.js} +0 -0
- /package/dist/{push-apns-BciQnS_A.js → push-apns-BvvTQGNo.js} +0 -0
- /package/dist/{read-best-effort-config.runtime-qVYHl7Xo.js → read-best-effort-config.runtime-C5T0K31f.js} +0 -0
- /package/dist/{root-help-metadata-ekl-JjpR.js → root-help-metadata-DfEC0ws2.js} +0 -0
- /package/dist/{run-context.runtime-4WGT7JBj.js → run-context.runtime-QbU7trk9.js} +0 -0
- /package/dist/{run-external-content.runtime-D3JPvjLm.js → run-external-content.runtime-pkNsrLtO.js} +0 -0
- /package/dist/{run-id-R6ObHP3v.js → run-id-DWJ95pBN.js} +0 -0
- /package/dist/{run-model-catalog.runtime-BggglNcs.js → run-model-catalog.runtime-CAcKERDC.js} +0 -0
- /package/dist/{run-session-state-BaNj_GaS.js → run-session-state-XlO-wc3A.js} +0 -0
- /package/dist/{runtime-manifest.runtime-Ddvsb5G5.js → runtime-manifest.runtime-DHHRd6iG.js} +0 -0
- /package/dist/{runtime-registry-loader-9HAwLW0h.js → runtime-registry-loader-Bzjy_HHi.js} +0 -0
- /package/dist/{runtime-web-channel-plugin-DVDCKmzx.js → runtime-web-channel-plugin-Dl8enKc3.js} +0 -0
- /package/dist/{runtime-web-tools-fallback.runtime-Brdq0-xZ.js → runtime-web-tools-fallback.runtime-BCaVKJOn.js} +0 -0
- /package/dist/{runtime-web-tools-manifest.runtime-BRmjTDGh.js → runtime-web-tools-manifest.runtime-3ureBtOs.js} +0 -0
- /package/dist/{runtime-web-tools-public-artifacts.runtime-DsVQgFR8.js → runtime-web-tools-public-artifacts.runtime-7kYkuMoy.js} +0 -0
- /package/dist/{schedule-ZSZnEiFe.js → schedule-Beb3GOcH.js} +0 -0
- /package/dist/{server-startup-log-Eplhdcpt.js → server-startup-log-VzrHGqrP.js} +0 -0
- /package/dist/{server-startup-memory-DyQIirmI.js → server-startup-memory-C5BZZa9k.js} +0 -0
- /package/dist/{server-tailscale-DgAyhovj.js → server-tailscale-DpU6qzPY.js} +0 -0
- /package/dist/{service-CO5U35OJ.js → service-BTZwpGci.js} +0 -0
- /package/dist/{services-DNIJn8xg.js → services-BeY15lKe.js} +0 -0
- /package/dist/{session-archive.runtime-rUFw8vE3.js → session-archive.runtime-kZWDRugt.js} +0 -0
- /package/dist/{setup-launch-env-DCjAfCDq.js → setup-launch-env-CgNfSFCy.js} +0 -0
- /package/dist/{setup.plugin-config-DyOBe14m.js → setup.plugin-config-EEmTDTvp.js} +0 -0
- /package/dist/{setup.secret-input-Drr2LKMe.js → setup.secret-input-DnGWpeX9.js} +0 -0
- /package/dist/{skill-scanner-B4yjTBTL.js → skill-scanner-CTCiX7W7.js} +0 -0
- /package/dist/{ssh-config-QI5SlOa1.js → ssh-config-dpF9FXUa.js} +0 -0
- /package/dist/{status-D3Yk4ckb.js → status-BmXT7hzH.js} +0 -0
- /package/dist/{status.format-bwV75oQh.js → status.format-D83pj6zB.js} +0 -0
- /package/dist/{status.gateway-connection-B0HsKKf1.js → status.gateway-connection-Dni-CXUg.js} +0 -0
- /package/dist/{status.scan.deps.runtime-inl0xzZH.js → status.scan.deps.runtime-DyhPcxBc.js} +0 -0
- /package/dist/{subagent-followup-hints-rwiRTQ4_.js → subagent-followup-hints-DCvZ8pkz.js} +0 -0
- /package/dist/{supervisor-log.runtime-gvNK9Wct.js → supervisor-log.runtime-B9_WwWul.js} +0 -0
- /package/dist/{systemd-linger-BH3QL_N0.js → systemd-linger-D0Pquvmk.js} +0 -0
- /package/dist/{targets.runtime-BWbu7FiA.js → targets.runtime-CfoMqGAv.js} +0 -0
- /package/dist/{task-registry.audit.shared-B9InRDQ7.js → task-registry.audit.shared-WSawIHtV.js} +0 -0
- /package/dist/{text-format-J_bO4oMX.js → text-format-Ck1rxlbh.js} +0 -0
- /package/dist/{types-cKnUNBos.js → types-CFl4vCLB.js} +0 -0
- /package/dist/{update-check-BOB550De.js → update-check-BErCzWUb.js} +0 -0
- /package/dist/{workspace-D6DmbfYx.js → workspace-NJH7qx4x.js} +0 -0
|
@@ -0,0 +1,2101 @@
|
|
|
1
|
+
import { i as formatErrorMessage } from "./errors-Jbvi20TW.js";
|
|
2
|
+
import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, d as normalizeStringifiedOptionalString, s as normalizeOptionalLowercaseString } from "./string-coerce-C1IzJjqi.js";
|
|
3
|
+
import { f as resolveConfigDir, l as isRecord, m as resolveUserPath } from "./utils-DaGfogP-.js";
|
|
4
|
+
import { n as defaultRuntime } from "./runtime-CQ7eH0le.js";
|
|
5
|
+
import { t as formatDocsLink } from "./links-DmsJCU7L.js";
|
|
6
|
+
import { r as theme } from "./theme-BrRleVfL.js";
|
|
7
|
+
import { _ as resolveStateDir } from "./paths-DmR9mjUX.js";
|
|
8
|
+
import { a as coerceSecretRef, p as resolveSecretInputRef } from "./types.secrets-ews2W8BF.js";
|
|
9
|
+
import { a as formatExecSecretRefIdValidationMessage, c as isValidSecretProviderAlias, l as resolveDefaultSecretProviderAlias, o as isValidExecSecretRefId, u as secretRefKey } from "./ref-contract-GkHI8jyU.js";
|
|
10
|
+
import { t as danger } from "./globals-C5IxqXPj.js";
|
|
11
|
+
import { t as runTasksWithConcurrency } from "./run-with-concurrency-jYHyKOXI.js";
|
|
12
|
+
import { a as parseEnvValue, i as parseDotPath, l as writeTextFileAtomic, n as isNonEmptyString, s as toDotPath } from "./shared-DqD6V-gu.js";
|
|
13
|
+
import { a as resolveSecretRefValue, o as resolveSecretRefValues, r as isProviderScopedSecretResolutionError } from "./resolve-DeAojonS.js";
|
|
14
|
+
import { t as isSafeExecutableValue } from "./exec-safety-DmOD5trD.js";
|
|
15
|
+
import { w as SecretProviderSchema } from "./zod-schema.core--iz7S8Y4.js";
|
|
16
|
+
import { r as createConfigIO } from "./io-CRiu9qZr.js";
|
|
17
|
+
import { c as normalizeAgentId } from "./session-key-EpIbK3Oz.js";
|
|
18
|
+
import { r as normalizeProviderId } from "./provider-id-BLh32HP1.js";
|
|
19
|
+
import { r as listKnownSecretEnvVarNames, t as getProviderEnvVars } from "./provider-env-vars-CEaBLk-N.js";
|
|
20
|
+
import { _ as resolveAgentConfig, g as listAgentIds, x as resolveDefaultAgentId, y as resolveAgentDir } from "./agent-scope-CDjZLqNk.js";
|
|
21
|
+
import { n as getPath, r as setPathCreateStrict, t as deletePathStrict } from "./path-utils-DPIN5oO-.js";
|
|
22
|
+
import { a as listAuthProfileSecretTargetEntries, c as resolvePlanTargetAgainstRegistry, n as discoverConfigSecretTargets, t as discoverAuthProfileSecretTargets } from "./target-registry-C7n9-LgM.js";
|
|
23
|
+
import "./config-BfVmr1uB.js";
|
|
24
|
+
import { l as resolveAuthStorePath } from "./source-check-DseWz2_m.js";
|
|
25
|
+
import { c as loadAuthProfileStoreForSecretsRuntime, m as loadPersistedAuthProfileStore, p as coercePersistedAuthProfileStore } from "./store-B7lQCF9k.js";
|
|
26
|
+
import { f as isSecretRefHeaderValueMarker, u as isNonSecretApiKeyMarker } from "./model-auth-markers-fwjZQJ4n.js";
|
|
27
|
+
import "./model-selection-BJS5Z_AY.js";
|
|
28
|
+
import "./auth-profiles-Dw91z8M7.js";
|
|
29
|
+
import { a as prepareSecretsRuntimeSnapshot } from "./runtime-DSuaai8P.js";
|
|
30
|
+
import { n as hasConfiguredPlaintextSecretValue, r as isExpectedResolvedSecretValue, t as assertExpectedResolvedSecretValue } from "./secret-value-CmclQ8Lx.js";
|
|
31
|
+
import { n as callGatewayFromCli, t as addGatewayClientOptions } from "./gateway-rpc-yH-iFPPG.js";
|
|
32
|
+
import fs from "node:fs";
|
|
33
|
+
import path from "node:path";
|
|
34
|
+
import os from "node:os";
|
|
35
|
+
import { isDeepStrictEqual } from "node:util";
|
|
36
|
+
import { confirm, select, text } from "@clack/prompts";
|
|
37
|
+
//#region src/secrets/auth-profiles-scan.ts
|
|
38
|
+
function getAuthProfileFieldName(pathPattern) {
|
|
39
|
+
const segments = pathPattern.split(".").filter(Boolean);
|
|
40
|
+
return segments[segments.length - 1] ?? "";
|
|
41
|
+
}
|
|
42
|
+
const AUTH_PROFILE_FIELD_SPEC_BY_TYPE = (() => {
|
|
43
|
+
const defaults = {
|
|
44
|
+
api_key: {
|
|
45
|
+
valueField: "key",
|
|
46
|
+
refField: "keyRef"
|
|
47
|
+
},
|
|
48
|
+
token: {
|
|
49
|
+
valueField: "token",
|
|
50
|
+
refField: "tokenRef"
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
for (const target of listAuthProfileSecretTargetEntries()) {
|
|
54
|
+
if (!target.authProfileType) continue;
|
|
55
|
+
defaults[target.authProfileType] = {
|
|
56
|
+
valueField: getAuthProfileFieldName(target.pathPattern),
|
|
57
|
+
refField: target.refPathPattern !== void 0 ? getAuthProfileFieldName(target.refPathPattern) : defaults[target.authProfileType].refField
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
return defaults;
|
|
61
|
+
})();
|
|
62
|
+
function getAuthProfileFieldSpec(type) {
|
|
63
|
+
return AUTH_PROFILE_FIELD_SPEC_BY_TYPE[type];
|
|
64
|
+
}
|
|
65
|
+
function toSecretCredentialVisit(params) {
|
|
66
|
+
const spec = getAuthProfileFieldSpec(params.kind);
|
|
67
|
+
return {
|
|
68
|
+
kind: params.kind,
|
|
69
|
+
profileId: params.profileId,
|
|
70
|
+
provider: params.provider,
|
|
71
|
+
profile: params.profile,
|
|
72
|
+
valueField: spec.valueField,
|
|
73
|
+
refField: spec.refField,
|
|
74
|
+
value: params.profile[spec.valueField],
|
|
75
|
+
refValue: params.profile[spec.refField]
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
function* iterateAuthProfileCredentials(profiles) {
|
|
79
|
+
for (const [profileId, value] of Object.entries(profiles)) {
|
|
80
|
+
if (!isRecord(value) || !isNonEmptyString(value.provider)) continue;
|
|
81
|
+
const provider = value.provider;
|
|
82
|
+
if (value.type === "api_key" || value.type === "token") {
|
|
83
|
+
yield toSecretCredentialVisit({
|
|
84
|
+
kind: value.type,
|
|
85
|
+
profileId,
|
|
86
|
+
provider,
|
|
87
|
+
profile: value
|
|
88
|
+
});
|
|
89
|
+
continue;
|
|
90
|
+
}
|
|
91
|
+
if (value.type === "oauth") yield {
|
|
92
|
+
kind: "oauth",
|
|
93
|
+
profileId,
|
|
94
|
+
provider,
|
|
95
|
+
profile: value,
|
|
96
|
+
hasAccess: isNonEmptyString(value.access),
|
|
97
|
+
hasRefresh: isNonEmptyString(value.refresh)
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
//#endregion
|
|
102
|
+
//#region src/secrets/config-io.ts
|
|
103
|
+
const silentConfigIoLogger = {
|
|
104
|
+
error: () => {},
|
|
105
|
+
warn: () => {}
|
|
106
|
+
};
|
|
107
|
+
function createSecretsConfigIO(params) {
|
|
108
|
+
return createConfigIO({
|
|
109
|
+
env: params.env,
|
|
110
|
+
logger: silentConfigIoLogger
|
|
111
|
+
});
|
|
112
|
+
}
|
|
113
|
+
//#endregion
|
|
114
|
+
//#region src/secrets/exec-resolution-policy.ts
|
|
115
|
+
function selectRefsForExecPolicy(params) {
|
|
116
|
+
const refsToResolve = [];
|
|
117
|
+
const skippedExecRefs = [];
|
|
118
|
+
for (const ref of params.refs) {
|
|
119
|
+
if (ref.source === "exec" && !params.allowExec) {
|
|
120
|
+
skippedExecRefs.push(ref);
|
|
121
|
+
continue;
|
|
122
|
+
}
|
|
123
|
+
refsToResolve.push(ref);
|
|
124
|
+
}
|
|
125
|
+
return {
|
|
126
|
+
refsToResolve,
|
|
127
|
+
skippedExecRefs
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
function getSkippedExecRefStaticError(params) {
|
|
131
|
+
const id = params.ref.id.trim();
|
|
132
|
+
const refLabel = `${params.ref.source}:${params.ref.provider}:${id}`;
|
|
133
|
+
if (!id) return "Error: Secret reference id is empty.";
|
|
134
|
+
if (!isValidExecSecretRefId(id)) return `Error: ${formatExecSecretRefIdValidationMessage()} (ref: ${refLabel}).`;
|
|
135
|
+
const providerConfig = params.config.secrets?.providers?.[params.ref.provider];
|
|
136
|
+
if (!providerConfig) return `Error: Secret provider "${params.ref.provider}" is not configured (ref: ${refLabel}).`;
|
|
137
|
+
if (providerConfig.source !== params.ref.source) return `Error: Secret provider "${params.ref.provider}" has source "${providerConfig.source}" but ref requests "${params.ref.source}".`;
|
|
138
|
+
return null;
|
|
139
|
+
}
|
|
140
|
+
//#endregion
|
|
141
|
+
//#region src/secrets/plan.ts
|
|
142
|
+
const FORBIDDEN_PATH_SEGMENTS = new Set([
|
|
143
|
+
"__proto__",
|
|
144
|
+
"prototype",
|
|
145
|
+
"constructor"
|
|
146
|
+
]);
|
|
147
|
+
function isObjectRecord(value) {
|
|
148
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
149
|
+
}
|
|
150
|
+
function isSecretProviderConfigShape(value) {
|
|
151
|
+
return SecretProviderSchema.safeParse(value).success;
|
|
152
|
+
}
|
|
153
|
+
function hasForbiddenPathSegment(segments) {
|
|
154
|
+
return segments.some((segment) => FORBIDDEN_PATH_SEGMENTS.has(segment));
|
|
155
|
+
}
|
|
156
|
+
function resolveValidatedPlanTarget(candidate) {
|
|
157
|
+
if (typeof candidate.type !== "string" || !candidate.type.trim()) return null;
|
|
158
|
+
const path = typeof candidate.path === "string" ? candidate.path.trim() : "";
|
|
159
|
+
if (!path) return null;
|
|
160
|
+
const segments = Array.isArray(candidate.pathSegments) && candidate.pathSegments.length > 0 ? candidate.pathSegments.map((segment) => segment.trim()).filter(Boolean) : parseDotPath(path);
|
|
161
|
+
if (segments.length === 0 || hasForbiddenPathSegment(segments) || path !== toDotPath(segments)) return null;
|
|
162
|
+
return resolvePlanTargetAgainstRegistry({
|
|
163
|
+
type: candidate.type,
|
|
164
|
+
pathSegments: segments,
|
|
165
|
+
providerId: candidate.providerId,
|
|
166
|
+
accountId: candidate.accountId
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
function isSecretsApplyPlan(value) {
|
|
170
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) return false;
|
|
171
|
+
const typed = value;
|
|
172
|
+
if (typed.version !== 1 || typed.protocolVersion !== 1 || !Array.isArray(typed.targets)) return false;
|
|
173
|
+
for (const target of typed.targets) {
|
|
174
|
+
if (!target || typeof target !== "object") return false;
|
|
175
|
+
const candidate = target;
|
|
176
|
+
const ref = candidate.ref;
|
|
177
|
+
const resolved = resolveValidatedPlanTarget({
|
|
178
|
+
type: candidate.type,
|
|
179
|
+
path: candidate.path,
|
|
180
|
+
pathSegments: candidate.pathSegments,
|
|
181
|
+
agentId: candidate.agentId,
|
|
182
|
+
providerId: candidate.providerId,
|
|
183
|
+
accountId: candidate.accountId,
|
|
184
|
+
authProfileProvider: candidate.authProfileProvider
|
|
185
|
+
});
|
|
186
|
+
if (typeof candidate.path !== "string" || !candidate.path.trim() || candidate.pathSegments !== void 0 && !Array.isArray(candidate.pathSegments) || !resolved || !ref || typeof ref !== "object" || ref.source !== "env" && ref.source !== "file" && ref.source !== "exec" || typeof ref.provider !== "string" || ref.provider.trim().length === 0 || typeof ref.id !== "string" || ref.id.trim().length === 0 || ref.source === "exec" && !isValidExecSecretRefId(ref.id)) return false;
|
|
187
|
+
if (resolved.entry.configFile === "auth-profiles.json") {
|
|
188
|
+
if (typeof candidate.agentId !== "string" || candidate.agentId.trim().length === 0) return false;
|
|
189
|
+
if (candidate.authProfileProvider !== void 0 && (typeof candidate.authProfileProvider !== "string" || candidate.authProfileProvider.trim().length === 0)) return false;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
if (typed.providerUpserts !== void 0) {
|
|
193
|
+
if (!isObjectRecord(typed.providerUpserts)) return false;
|
|
194
|
+
for (const [providerAlias, providerValue] of Object.entries(typed.providerUpserts)) {
|
|
195
|
+
if (!isValidSecretProviderAlias(providerAlias)) return false;
|
|
196
|
+
if (!isSecretProviderConfigShape(providerValue)) return false;
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
if (typed.providerDeletes !== void 0) {
|
|
200
|
+
if (!Array.isArray(typed.providerDeletes) || typed.providerDeletes.some((providerAlias) => typeof providerAlias !== "string" || !isValidSecretProviderAlias(providerAlias))) return false;
|
|
201
|
+
}
|
|
202
|
+
return true;
|
|
203
|
+
}
|
|
204
|
+
function normalizeSecretsPlanOptions(options) {
|
|
205
|
+
return {
|
|
206
|
+
scrubEnv: options?.scrubEnv ?? true,
|
|
207
|
+
scrubAuthProfilesForProviderTargets: options?.scrubAuthProfilesForProviderTargets ?? true,
|
|
208
|
+
scrubLegacyAuthJson: options?.scrubLegacyAuthJson ?? true
|
|
209
|
+
};
|
|
210
|
+
}
|
|
211
|
+
//#endregion
|
|
212
|
+
//#region src/secrets/auth-store-paths.ts
|
|
213
|
+
function listAuthProfileStorePaths$1(config, stateDir) {
|
|
214
|
+
const paths = /* @__PURE__ */ new Set();
|
|
215
|
+
paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
|
|
216
|
+
const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
|
|
217
|
+
if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
218
|
+
if (!entry.isDirectory()) continue;
|
|
219
|
+
paths.add(path.join(agentsRoot, entry.name, "agent", "auth-profiles.json"));
|
|
220
|
+
}
|
|
221
|
+
for (const agentId of listAgentIds(config)) {
|
|
222
|
+
if (agentId === "main") {
|
|
223
|
+
paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
|
|
224
|
+
continue;
|
|
225
|
+
}
|
|
226
|
+
const agentDir = resolveAgentDir(config, agentId);
|
|
227
|
+
paths.add(resolveUserPath(resolveAuthStorePath(agentDir)));
|
|
228
|
+
}
|
|
229
|
+
return [...paths];
|
|
230
|
+
}
|
|
231
|
+
//#endregion
|
|
232
|
+
//#region src/secrets/storage-scan.ts
|
|
233
|
+
function isJsonObject(value) {
|
|
234
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
235
|
+
}
|
|
236
|
+
function parseEnvAssignmentValue(raw) {
|
|
237
|
+
return parseEnvValue(raw);
|
|
238
|
+
}
|
|
239
|
+
function listAuthProfileStorePaths(config, stateDir) {
|
|
240
|
+
return listAuthProfileStorePaths$1(config, stateDir);
|
|
241
|
+
}
|
|
242
|
+
function listLegacyAuthJsonPaths(stateDir) {
|
|
243
|
+
const out = [];
|
|
244
|
+
const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
|
|
245
|
+
if (!fs.existsSync(agentsRoot)) return out;
|
|
246
|
+
for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
247
|
+
if (!entry.isDirectory()) continue;
|
|
248
|
+
const candidate = path.join(agentsRoot, entry.name, "agent", "auth.json");
|
|
249
|
+
if (fs.existsSync(candidate)) out.push(candidate);
|
|
250
|
+
}
|
|
251
|
+
return out;
|
|
252
|
+
}
|
|
253
|
+
function resolveActiveAgentDir(stateDir, env = process.env) {
|
|
254
|
+
const override = env.GENESIS_AGENT_DIR?.trim() || env.PI_CODING_AGENT_DIR?.trim();
|
|
255
|
+
if (override) return resolveUserPath(override);
|
|
256
|
+
return path.join(resolveUserPath(stateDir), "agents", "main", "agent");
|
|
257
|
+
}
|
|
258
|
+
function listAgentModelsJsonPaths(config, stateDir, env = process.env) {
|
|
259
|
+
const resolvedStateDir = resolveUserPath(stateDir);
|
|
260
|
+
const paths = /* @__PURE__ */ new Set();
|
|
261
|
+
paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
|
|
262
|
+
paths.add(path.join(resolveActiveAgentDir(stateDir, env), "models.json"));
|
|
263
|
+
const agentsRoot = path.join(resolvedStateDir, "agents");
|
|
264
|
+
if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
265
|
+
if (!entry.isDirectory()) continue;
|
|
266
|
+
paths.add(path.join(agentsRoot, entry.name, "agent", "models.json"));
|
|
267
|
+
}
|
|
268
|
+
for (const agentId of listAgentIds(config)) {
|
|
269
|
+
if (agentId === "main") {
|
|
270
|
+
paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
|
|
271
|
+
continue;
|
|
272
|
+
}
|
|
273
|
+
const agentDir = resolveAgentDir(config, agentId);
|
|
274
|
+
paths.add(path.join(resolveUserPath(agentDir), "models.json"));
|
|
275
|
+
}
|
|
276
|
+
return [...paths];
|
|
277
|
+
}
|
|
278
|
+
function readJsonObjectIfExists(filePath, options = {}) {
|
|
279
|
+
if (!fs.existsSync(filePath)) return { value: null };
|
|
280
|
+
try {
|
|
281
|
+
const stats = fs.statSync(filePath);
|
|
282
|
+
if (options.requireRegularFile && !stats.isFile()) return {
|
|
283
|
+
value: null,
|
|
284
|
+
error: `Refusing to read non-regular file: ${filePath}`
|
|
285
|
+
};
|
|
286
|
+
if (typeof options.maxBytes === "number" && Number.isFinite(options.maxBytes) && options.maxBytes >= 0 && stats.size > options.maxBytes) return {
|
|
287
|
+
value: null,
|
|
288
|
+
error: `Refusing to read oversized JSON (${stats.size} bytes): ${filePath}`
|
|
289
|
+
};
|
|
290
|
+
const raw = fs.readFileSync(filePath, "utf8");
|
|
291
|
+
const parsed = JSON.parse(raw);
|
|
292
|
+
if (!isJsonObject(parsed)) return { value: null };
|
|
293
|
+
return { value: parsed };
|
|
294
|
+
} catch (err) {
|
|
295
|
+
return {
|
|
296
|
+
value: null,
|
|
297
|
+
error: formatErrorMessage(err)
|
|
298
|
+
};
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
//#endregion
|
|
302
|
+
//#region src/secrets/apply.ts
|
|
303
|
+
function planContainsExecReferences(plan) {
|
|
304
|
+
if (plan.targets.some((target) => target.ref.source === "exec")) return true;
|
|
305
|
+
return Object.values(plan.providerUpserts ?? {}).some((provider) => provider.source === "exec");
|
|
306
|
+
}
|
|
307
|
+
function resolveTarget(target) {
|
|
308
|
+
const resolved = resolveValidatedPlanTarget(target);
|
|
309
|
+
if (!resolved) throw new Error(`Invalid plan target path for ${target.type}: ${target.path}`);
|
|
310
|
+
return resolved;
|
|
311
|
+
}
|
|
312
|
+
function scrubEnvRaw(raw, migratedValues, allowedEnvKeys) {
|
|
313
|
+
if (migratedValues.size === 0 || allowedEnvKeys.size === 0) return {
|
|
314
|
+
nextRaw: raw,
|
|
315
|
+
removed: 0
|
|
316
|
+
};
|
|
317
|
+
const lines = raw.split(/\r?\n/);
|
|
318
|
+
const nextLines = [];
|
|
319
|
+
let removed = 0;
|
|
320
|
+
for (const line of lines) {
|
|
321
|
+
const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
|
|
322
|
+
if (!match) {
|
|
323
|
+
nextLines.push(line);
|
|
324
|
+
continue;
|
|
325
|
+
}
|
|
326
|
+
const envKey = match[1] ?? "";
|
|
327
|
+
if (!allowedEnvKeys.has(envKey)) {
|
|
328
|
+
nextLines.push(line);
|
|
329
|
+
continue;
|
|
330
|
+
}
|
|
331
|
+
const parsedValue = parseEnvAssignmentValue(match[2] ?? "");
|
|
332
|
+
if (migratedValues.has(parsedValue)) {
|
|
333
|
+
removed += 1;
|
|
334
|
+
continue;
|
|
335
|
+
}
|
|
336
|
+
nextLines.push(line);
|
|
337
|
+
}
|
|
338
|
+
const hadTrailingNewline = raw.endsWith("\n");
|
|
339
|
+
const joined = nextLines.join("\n");
|
|
340
|
+
return {
|
|
341
|
+
nextRaw: hadTrailingNewline || joined.length === 0 ? `${joined}${joined.endsWith("\n") ? "" : "\n"}` : joined,
|
|
342
|
+
removed
|
|
343
|
+
};
|
|
344
|
+
}
|
|
345
|
+
function applyProviderPlanMutations(params) {
|
|
346
|
+
const currentProviders = isRecord(params.config.secrets?.providers) ? structuredClone(params.config.secrets?.providers) : {};
|
|
347
|
+
let changed = false;
|
|
348
|
+
for (const providerAlias of params.deletes ?? []) {
|
|
349
|
+
if (!Object.prototype.hasOwnProperty.call(currentProviders, providerAlias)) continue;
|
|
350
|
+
delete currentProviders[providerAlias];
|
|
351
|
+
changed = true;
|
|
352
|
+
}
|
|
353
|
+
for (const [providerAlias, providerConfig] of Object.entries(params.upserts ?? {})) {
|
|
354
|
+
const previous = currentProviders[providerAlias];
|
|
355
|
+
if (isDeepStrictEqual(previous, providerConfig)) continue;
|
|
356
|
+
currentProviders[providerAlias] = structuredClone(providerConfig);
|
|
357
|
+
changed = true;
|
|
358
|
+
}
|
|
359
|
+
if (!changed) return false;
|
|
360
|
+
params.config.secrets ??= {};
|
|
361
|
+
if (Object.keys(currentProviders).length === 0) {
|
|
362
|
+
if ("providers" in params.config.secrets) delete params.config.secrets.providers;
|
|
363
|
+
return true;
|
|
364
|
+
}
|
|
365
|
+
params.config.secrets.providers = currentProviders;
|
|
366
|
+
return true;
|
|
367
|
+
}
|
|
368
|
+
async function projectPlanState(params) {
|
|
369
|
+
const { snapshot, writeOptions } = await createSecretsConfigIO({ env: params.env }).readConfigFileSnapshotForWrite();
|
|
370
|
+
if (!snapshot.valid) throw new Error("Cannot apply secrets plan: config is invalid.");
|
|
371
|
+
const options = normalizeSecretsPlanOptions(params.plan.options);
|
|
372
|
+
const nextConfig = structuredClone(snapshot.config);
|
|
373
|
+
const stateDir = resolveStateDir(params.env, os.homedir);
|
|
374
|
+
const changedFiles = /* @__PURE__ */ new Set();
|
|
375
|
+
const warnings = [];
|
|
376
|
+
const configPath = resolveUserPath(snapshot.path);
|
|
377
|
+
if (applyProviderPlanMutations({
|
|
378
|
+
config: nextConfig,
|
|
379
|
+
upserts: params.plan.providerUpserts,
|
|
380
|
+
deletes: params.plan.providerDeletes
|
|
381
|
+
})) changedFiles.add(configPath);
|
|
382
|
+
const targetMutations = applyConfigTargetMutations({
|
|
383
|
+
planTargets: params.plan.targets,
|
|
384
|
+
nextConfig,
|
|
385
|
+
stateDir,
|
|
386
|
+
authStoreByPath: /* @__PURE__ */ new Map(),
|
|
387
|
+
changedFiles
|
|
388
|
+
});
|
|
389
|
+
if (targetMutations.configChanged) changedFiles.add(configPath);
|
|
390
|
+
const authStoreByPath = scrubAuthStoresForProviderTargets({
|
|
391
|
+
nextConfig,
|
|
392
|
+
stateDir,
|
|
393
|
+
providerTargets: targetMutations.providerTargets,
|
|
394
|
+
scrubbedValues: targetMutations.scrubbedValues,
|
|
395
|
+
authStoreByPath: targetMutations.authStoreByPath,
|
|
396
|
+
changedFiles,
|
|
397
|
+
warnings,
|
|
398
|
+
enabled: options.scrubAuthProfilesForProviderTargets
|
|
399
|
+
});
|
|
400
|
+
const authJsonByPath = scrubLegacyAuthJsonStores({
|
|
401
|
+
stateDir,
|
|
402
|
+
changedFiles,
|
|
403
|
+
enabled: options.scrubLegacyAuthJson
|
|
404
|
+
});
|
|
405
|
+
const envRawByPath = scrubEnvFiles({
|
|
406
|
+
env: params.env,
|
|
407
|
+
scrubbedValues: targetMutations.scrubbedValues,
|
|
408
|
+
changedFiles,
|
|
409
|
+
enabled: options.scrubEnv
|
|
410
|
+
});
|
|
411
|
+
const checkFullRuntime = params.write ? changedFiles.size > 0 : params.allowExecInDryRun;
|
|
412
|
+
const validation = await validateProjectedSecretsState({
|
|
413
|
+
env: params.env,
|
|
414
|
+
nextConfig,
|
|
415
|
+
resolvedTargets: targetMutations.resolvedTargets,
|
|
416
|
+
authStoreByPath,
|
|
417
|
+
write: params.write,
|
|
418
|
+
allowExecInDryRun: params.allowExecInDryRun,
|
|
419
|
+
checkFullRuntime
|
|
420
|
+
});
|
|
421
|
+
return {
|
|
422
|
+
nextConfig,
|
|
423
|
+
configPath,
|
|
424
|
+
configWriteOptions: writeOptions,
|
|
425
|
+
authStoreByPath,
|
|
426
|
+
authJsonByPath,
|
|
427
|
+
envRawByPath,
|
|
428
|
+
changedFiles,
|
|
429
|
+
warnings,
|
|
430
|
+
refsChecked: validation.refsChecked,
|
|
431
|
+
skippedExecRefs: validation.skippedExecRefs,
|
|
432
|
+
resolvabilityComplete: validation.resolvabilityComplete
|
|
433
|
+
};
|
|
434
|
+
}
|
|
435
|
+
function applyConfigTargetMutations(params) {
|
|
436
|
+
const resolvedTargets = params.planTargets.map((target) => ({
|
|
437
|
+
target,
|
|
438
|
+
resolved: resolveTarget(target)
|
|
439
|
+
}));
|
|
440
|
+
const scrubbedValues = /* @__PURE__ */ new Set();
|
|
441
|
+
const providerTargets = /* @__PURE__ */ new Set();
|
|
442
|
+
let configChanged = false;
|
|
443
|
+
for (const { target, resolved } of resolvedTargets) {
|
|
444
|
+
if (resolved.entry.configFile === "auth-profiles.json") {
|
|
445
|
+
if (applyAuthProfileTargetMutation({
|
|
446
|
+
target,
|
|
447
|
+
resolved,
|
|
448
|
+
nextConfig: params.nextConfig,
|
|
449
|
+
stateDir: params.stateDir,
|
|
450
|
+
authStoreByPath: params.authStoreByPath,
|
|
451
|
+
scrubbedValues
|
|
452
|
+
})) {
|
|
453
|
+
const agentId = (target.agentId ?? "").trim();
|
|
454
|
+
if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${target.path}.`);
|
|
455
|
+
params.changedFiles.add(resolveAuthStorePathForAgent({
|
|
456
|
+
nextConfig: params.nextConfig,
|
|
457
|
+
stateDir: params.stateDir,
|
|
458
|
+
agentId
|
|
459
|
+
}));
|
|
460
|
+
}
|
|
461
|
+
continue;
|
|
462
|
+
}
|
|
463
|
+
const targetPathSegments = resolved.pathSegments;
|
|
464
|
+
if (resolved.entry.secretShape === "sibling_ref") {
|
|
465
|
+
const previous = getPath(params.nextConfig, targetPathSegments);
|
|
466
|
+
if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
|
|
467
|
+
const refPathSegments = resolved.refPathSegments;
|
|
468
|
+
if (!refPathSegments) throw new Error(`Missing sibling ref path for target ${target.type}.`);
|
|
469
|
+
const wroteRef = setPathCreateStrict(params.nextConfig, refPathSegments, target.ref);
|
|
470
|
+
const deletedLegacy = deletePathStrict(params.nextConfig, targetPathSegments);
|
|
471
|
+
if (wroteRef || deletedLegacy) configChanged = true;
|
|
472
|
+
continue;
|
|
473
|
+
}
|
|
474
|
+
const previous = getPath(params.nextConfig, targetPathSegments);
|
|
475
|
+
if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
|
|
476
|
+
if (setPathCreateStrict(params.nextConfig, targetPathSegments, target.ref)) configChanged = true;
|
|
477
|
+
if (resolved.entry.trackProviderShadowing && resolved.providerId) providerTargets.add(normalizeProviderId(resolved.providerId));
|
|
478
|
+
}
|
|
479
|
+
return {
|
|
480
|
+
resolvedTargets,
|
|
481
|
+
scrubbedValues,
|
|
482
|
+
providerTargets,
|
|
483
|
+
configChanged,
|
|
484
|
+
authStoreByPath: params.authStoreByPath
|
|
485
|
+
};
|
|
486
|
+
}
|
|
487
|
+
function scrubAuthStoresForProviderTargets(params) {
|
|
488
|
+
if (!params.enabled || params.providerTargets.size === 0) return params.authStoreByPath;
|
|
489
|
+
for (const authStorePath of listAuthProfileStorePaths(params.nextConfig, params.stateDir)) {
|
|
490
|
+
const parsed = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
|
|
491
|
+
if (!parsed || !isRecord(parsed.profiles)) continue;
|
|
492
|
+
const nextStore = structuredClone(parsed);
|
|
493
|
+
const profiles = nextStore.profiles;
|
|
494
|
+
if (!isRecord(profiles)) continue;
|
|
495
|
+
let mutated = false;
|
|
496
|
+
for (const profile of iterateAuthProfileCredentials(profiles)) {
|
|
497
|
+
const provider = normalizeProviderId(profile.provider);
|
|
498
|
+
if (!params.providerTargets.has(provider)) continue;
|
|
499
|
+
if (profile.kind === "api_key" || profile.kind === "token") {
|
|
500
|
+
if (isNonEmptyString(profile.value)) params.scrubbedValues.add(profile.value.trim());
|
|
501
|
+
if (profile.valueField in profile.profile) {
|
|
502
|
+
delete profile.profile[profile.valueField];
|
|
503
|
+
mutated = true;
|
|
504
|
+
}
|
|
505
|
+
if (profile.refField in profile.profile) {
|
|
506
|
+
delete profile.profile[profile.refField];
|
|
507
|
+
mutated = true;
|
|
508
|
+
}
|
|
509
|
+
continue;
|
|
510
|
+
}
|
|
511
|
+
if (profile.kind === "oauth" && (profile.hasAccess || profile.hasRefresh)) params.warnings.push(`Provider "${provider}" has OAuth credentials in ${authStorePath}; those still take precedence and are out of scope for static SecretRef migration.`);
|
|
512
|
+
}
|
|
513
|
+
if (mutated) {
|
|
514
|
+
params.authStoreByPath.set(authStorePath, nextStore);
|
|
515
|
+
params.changedFiles.add(authStorePath);
|
|
516
|
+
}
|
|
517
|
+
}
|
|
518
|
+
return params.authStoreByPath;
|
|
519
|
+
}
|
|
520
|
+
function ensureMutableAuthStore(store) {
|
|
521
|
+
const next = store ? structuredClone(store) : {};
|
|
522
|
+
const profiles = isRecord(next.profiles) ? next.profiles : {};
|
|
523
|
+
if (typeof next.version !== "number" || !Number.isFinite(next.version)) next.version = 1;
|
|
524
|
+
return {
|
|
525
|
+
...next,
|
|
526
|
+
profiles
|
|
527
|
+
};
|
|
528
|
+
}
|
|
529
|
+
function resolveAuthStoreForTarget(params) {
|
|
530
|
+
const agentId = (params.target.agentId ?? "").trim();
|
|
531
|
+
if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${params.target.path}.`);
|
|
532
|
+
const authStorePath = resolveAuthStorePathForAgent({
|
|
533
|
+
nextConfig: params.nextConfig,
|
|
534
|
+
stateDir: params.stateDir,
|
|
535
|
+
agentId
|
|
536
|
+
});
|
|
537
|
+
const loaded = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
|
|
538
|
+
const store = ensureMutableAuthStore(isRecord(loaded) ? loaded : void 0);
|
|
539
|
+
params.authStoreByPath.set(authStorePath, store);
|
|
540
|
+
return {
|
|
541
|
+
path: authStorePath,
|
|
542
|
+
store
|
|
543
|
+
};
|
|
544
|
+
}
|
|
545
|
+
function resolveAuthStorePathForAgent(params) {
|
|
546
|
+
const normalizedAgentId = normalizeAgentId(params.agentId);
|
|
547
|
+
const configuredAgentDir = resolveAgentConfig(params.nextConfig, normalizedAgentId)?.agentDir?.trim();
|
|
548
|
+
if (configuredAgentDir) return resolveUserPath(resolveAuthStorePath(configuredAgentDir));
|
|
549
|
+
return path.join(resolveUserPath(params.stateDir), "agents", normalizedAgentId, "agent", "auth-profiles.json");
|
|
550
|
+
}
|
|
551
|
+
function ensureAuthProfileContainer(params) {
|
|
552
|
+
let changed = false;
|
|
553
|
+
const profilePathSegments = params.resolved.pathSegments.slice(0, 2);
|
|
554
|
+
const profileId = profilePathSegments[1];
|
|
555
|
+
if (!profileId) throw new Error(`Invalid auth profile target path: ${params.target.path}`);
|
|
556
|
+
const current = getPath(params.store, profilePathSegments);
|
|
557
|
+
const expectedType = params.resolved.entry.authProfileType;
|
|
558
|
+
if (isRecord(current)) {
|
|
559
|
+
if (expectedType && typeof current.type === "string" && current.type !== expectedType) throw new Error(`Auth profile "${profileId}" type mismatch for ${params.target.path}: expected "${expectedType}", got "${current.type}".`);
|
|
560
|
+
if (!isNonEmptyString(current.provider) && isNonEmptyString(params.target.authProfileProvider)) {
|
|
561
|
+
const wroteProvider = setPathCreateStrict(params.store, [...profilePathSegments, "provider"], params.target.authProfileProvider);
|
|
562
|
+
changed = changed || wroteProvider;
|
|
563
|
+
}
|
|
564
|
+
return changed;
|
|
565
|
+
}
|
|
566
|
+
if (!expectedType) throw new Error(`Auth profile target ${params.target.path} is missing auth profile type metadata.`);
|
|
567
|
+
const provider = (params.target.authProfileProvider ?? "").trim();
|
|
568
|
+
if (!provider) throw new Error(`Cannot create auth profile "${profileId}" for ${params.target.path} without authProfileProvider.`);
|
|
569
|
+
const wroteProfile = setPathCreateStrict(params.store, profilePathSegments, {
|
|
570
|
+
type: expectedType,
|
|
571
|
+
provider
|
|
572
|
+
});
|
|
573
|
+
changed = changed || wroteProfile;
|
|
574
|
+
return changed;
|
|
575
|
+
}
|
|
576
|
+
function applyAuthProfileTargetMutation(params) {
|
|
577
|
+
if (params.resolved.entry.configFile !== "auth-profiles.json") return false;
|
|
578
|
+
const { store } = resolveAuthStoreForTarget({
|
|
579
|
+
target: params.target,
|
|
580
|
+
nextConfig: params.nextConfig,
|
|
581
|
+
stateDir: params.stateDir,
|
|
582
|
+
authStoreByPath: params.authStoreByPath
|
|
583
|
+
});
|
|
584
|
+
let changed = ensureAuthProfileContainer({
|
|
585
|
+
target: params.target,
|
|
586
|
+
resolved: params.resolved,
|
|
587
|
+
store
|
|
588
|
+
});
|
|
589
|
+
const targetPathSegments = params.resolved.pathSegments;
|
|
590
|
+
if (params.resolved.entry.secretShape === "sibling_ref") {
|
|
591
|
+
const previous = getPath(store, targetPathSegments);
|
|
592
|
+
if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
|
|
593
|
+
const refPathSegments = params.resolved.refPathSegments;
|
|
594
|
+
if (!refPathSegments) throw new Error(`Missing sibling ref path for auth-profiles target ${params.target.path}.`);
|
|
595
|
+
const wroteRef = setPathCreateStrict(store, refPathSegments, params.target.ref);
|
|
596
|
+
const deletedPlaintext = deletePathStrict(store, targetPathSegments);
|
|
597
|
+
changed = changed || wroteRef || deletedPlaintext;
|
|
598
|
+
return changed;
|
|
599
|
+
}
|
|
600
|
+
const previous = getPath(store, targetPathSegments);
|
|
601
|
+
if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
|
|
602
|
+
const wroteRef = setPathCreateStrict(store, targetPathSegments, params.target.ref);
|
|
603
|
+
changed = changed || wroteRef;
|
|
604
|
+
return changed;
|
|
605
|
+
}
|
|
606
|
+
function scrubLegacyAuthJsonStores(params) {
|
|
607
|
+
const authJsonByPath = /* @__PURE__ */ new Map();
|
|
608
|
+
if (!params.enabled) return authJsonByPath;
|
|
609
|
+
for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
|
|
610
|
+
const parsed = readJsonObjectIfExists(authJsonPath).value;
|
|
611
|
+
if (!parsed) continue;
|
|
612
|
+
let mutated = false;
|
|
613
|
+
const nextParsed = structuredClone(parsed);
|
|
614
|
+
for (const [providerId, value] of Object.entries(nextParsed)) {
|
|
615
|
+
if (!isRecord(value)) continue;
|
|
616
|
+
if (value.type === "api_key" && isNonEmptyString(value.key)) {
|
|
617
|
+
delete nextParsed[providerId];
|
|
618
|
+
mutated = true;
|
|
619
|
+
}
|
|
620
|
+
}
|
|
621
|
+
if (mutated) {
|
|
622
|
+
authJsonByPath.set(authJsonPath, nextParsed);
|
|
623
|
+
params.changedFiles.add(authJsonPath);
|
|
624
|
+
}
|
|
625
|
+
}
|
|
626
|
+
return authJsonByPath;
|
|
627
|
+
}
|
|
628
|
+
function scrubEnvFiles(params) {
|
|
629
|
+
const envRawByPath = /* @__PURE__ */ new Map();
|
|
630
|
+
if (!params.enabled || params.scrubbedValues.size === 0) return envRawByPath;
|
|
631
|
+
const envPath = path.join(resolveConfigDir(params.env, os.homedir), ".env");
|
|
632
|
+
if (!fs.existsSync(envPath)) return envRawByPath;
|
|
633
|
+
const current = fs.readFileSync(envPath, "utf8");
|
|
634
|
+
const scrubbed = scrubEnvRaw(current, params.scrubbedValues, new Set(listKnownSecretEnvVarNames()));
|
|
635
|
+
if (scrubbed.removed > 0 && scrubbed.nextRaw !== current) {
|
|
636
|
+
envRawByPath.set(envPath, scrubbed.nextRaw);
|
|
637
|
+
params.changedFiles.add(envPath);
|
|
638
|
+
}
|
|
639
|
+
return envRawByPath;
|
|
640
|
+
}
|
|
641
|
+
async function validateProjectedSecretsState(params) {
|
|
642
|
+
const cache = {};
|
|
643
|
+
let refsChecked = 0;
|
|
644
|
+
let skippedExecRefs = 0;
|
|
645
|
+
for (const { target, resolved: resolvedTarget } of params.resolvedTargets) {
|
|
646
|
+
if (!params.write && target.ref.source === "exec" && !params.allowExecInDryRun) {
|
|
647
|
+
skippedExecRefs += 1;
|
|
648
|
+
const staticError = getSkippedExecRefStaticError({
|
|
649
|
+
ref: target.ref,
|
|
650
|
+
config: params.nextConfig
|
|
651
|
+
});
|
|
652
|
+
if (staticError) throw new Error(staticError);
|
|
653
|
+
continue;
|
|
654
|
+
}
|
|
655
|
+
const resolved = await resolveSecretRefValue(target.ref, {
|
|
656
|
+
config: params.nextConfig,
|
|
657
|
+
env: params.env,
|
|
658
|
+
cache
|
|
659
|
+
});
|
|
660
|
+
refsChecked += 1;
|
|
661
|
+
assertExpectedResolvedSecretValue({
|
|
662
|
+
value: resolved,
|
|
663
|
+
expected: resolvedTarget.entry.expectedResolvedValue,
|
|
664
|
+
errorMessage: resolvedTarget.entry.expectedResolvedValue === "string" ? `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not a non-empty string.` : `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not string/object.`
|
|
665
|
+
});
|
|
666
|
+
}
|
|
667
|
+
const authStoreLookup = /* @__PURE__ */ new Map();
|
|
668
|
+
for (const [authStorePath, store] of params.authStoreByPath.entries()) authStoreLookup.set(resolveUserPath(authStorePath), store);
|
|
669
|
+
if (params.checkFullRuntime) await prepareSecretsRuntimeSnapshot({
|
|
670
|
+
config: params.nextConfig,
|
|
671
|
+
env: params.env,
|
|
672
|
+
includeAuthStoreRefs: params.write || params.authStoreByPath.size > 0,
|
|
673
|
+
loadAuthStore: (agentDir) => {
|
|
674
|
+
const storePath = resolveUserPath(resolveAuthStorePath(agentDir));
|
|
675
|
+
const override = authStoreLookup.get(storePath);
|
|
676
|
+
if (override) return coercePersistedAuthProfileStore(structuredClone(override)) ?? {
|
|
677
|
+
version: 1,
|
|
678
|
+
profiles: {}
|
|
679
|
+
};
|
|
680
|
+
return loadAuthProfileStoreForSecretsRuntime(agentDir);
|
|
681
|
+
}
|
|
682
|
+
});
|
|
683
|
+
return {
|
|
684
|
+
refsChecked,
|
|
685
|
+
skippedExecRefs,
|
|
686
|
+
resolvabilityComplete: params.write || params.allowExecInDryRun || skippedExecRefs === 0
|
|
687
|
+
};
|
|
688
|
+
}
|
|
689
|
+
function captureFileSnapshot(pathname) {
|
|
690
|
+
if (!fs.existsSync(pathname)) return {
|
|
691
|
+
existed: false,
|
|
692
|
+
content: "",
|
|
693
|
+
mode: 384
|
|
694
|
+
};
|
|
695
|
+
const stat = fs.statSync(pathname);
|
|
696
|
+
return {
|
|
697
|
+
existed: true,
|
|
698
|
+
content: fs.readFileSync(pathname, "utf8"),
|
|
699
|
+
mode: stat.mode & 511
|
|
700
|
+
};
|
|
701
|
+
}
|
|
702
|
+
function restoreFileSnapshot(pathname, snapshot) {
|
|
703
|
+
if (!snapshot.existed) {
|
|
704
|
+
if (fs.existsSync(pathname)) fs.rmSync(pathname, { force: true });
|
|
705
|
+
return;
|
|
706
|
+
}
|
|
707
|
+
writeTextFileAtomic(pathname, snapshot.content, snapshot.mode || 384);
|
|
708
|
+
}
|
|
709
|
+
function toJsonWrite(pathname, value) {
|
|
710
|
+
return {
|
|
711
|
+
path: pathname,
|
|
712
|
+
content: `${JSON.stringify(value, null, 2)}\n`,
|
|
713
|
+
mode: 384
|
|
714
|
+
};
|
|
715
|
+
}
|
|
716
|
+
async function runSecretsApply(params) {
|
|
717
|
+
const env = params.env ?? process.env;
|
|
718
|
+
const write = params.write === true;
|
|
719
|
+
const allowExec = Boolean(params.allowExec);
|
|
720
|
+
if (write && planContainsExecReferences(params.plan) && !allowExec) throw new Error("Plan contains exec SecretRefs/providers. Re-run with --allow-exec.");
|
|
721
|
+
const allowExecInDryRun = write ? true : allowExec;
|
|
722
|
+
const projected = await projectPlanState({
|
|
723
|
+
plan: params.plan,
|
|
724
|
+
env,
|
|
725
|
+
write,
|
|
726
|
+
allowExecInDryRun
|
|
727
|
+
});
|
|
728
|
+
const changedFiles = [...projected.changedFiles].toSorted();
|
|
729
|
+
if (!write) return {
|
|
730
|
+
mode: "dry-run",
|
|
731
|
+
changed: changedFiles.length > 0,
|
|
732
|
+
changedFiles,
|
|
733
|
+
checks: {
|
|
734
|
+
resolvability: true,
|
|
735
|
+
resolvabilityComplete: projected.resolvabilityComplete
|
|
736
|
+
},
|
|
737
|
+
refsChecked: projected.refsChecked,
|
|
738
|
+
skippedExecRefs: projected.skippedExecRefs,
|
|
739
|
+
warningCount: projected.warnings.length,
|
|
740
|
+
warnings: projected.warnings
|
|
741
|
+
};
|
|
742
|
+
if (changedFiles.length === 0) return {
|
|
743
|
+
mode: "write",
|
|
744
|
+
changed: false,
|
|
745
|
+
changedFiles: [],
|
|
746
|
+
checks: {
|
|
747
|
+
resolvability: true,
|
|
748
|
+
resolvabilityComplete: true
|
|
749
|
+
},
|
|
750
|
+
refsChecked: projected.refsChecked,
|
|
751
|
+
skippedExecRefs: 0,
|
|
752
|
+
warningCount: projected.warnings.length,
|
|
753
|
+
warnings: projected.warnings
|
|
754
|
+
};
|
|
755
|
+
const io = createSecretsConfigIO({ env });
|
|
756
|
+
const snapshots = /* @__PURE__ */ new Map();
|
|
757
|
+
const capture = (pathname) => {
|
|
758
|
+
if (!snapshots.has(pathname)) snapshots.set(pathname, captureFileSnapshot(pathname));
|
|
759
|
+
};
|
|
760
|
+
capture(projected.configPath);
|
|
761
|
+
const writes = [];
|
|
762
|
+
for (const [pathname, value] of projected.authStoreByPath.entries()) {
|
|
763
|
+
capture(pathname);
|
|
764
|
+
writes.push(toJsonWrite(pathname, value));
|
|
765
|
+
}
|
|
766
|
+
for (const [pathname, value] of projected.authJsonByPath.entries()) {
|
|
767
|
+
capture(pathname);
|
|
768
|
+
writes.push(toJsonWrite(pathname, value));
|
|
769
|
+
}
|
|
770
|
+
for (const [pathname, raw] of projected.envRawByPath.entries()) {
|
|
771
|
+
capture(pathname);
|
|
772
|
+
writes.push({
|
|
773
|
+
path: pathname,
|
|
774
|
+
content: raw,
|
|
775
|
+
mode: 384
|
|
776
|
+
});
|
|
777
|
+
}
|
|
778
|
+
try {
|
|
779
|
+
await io.writeConfigFile(projected.nextConfig, projected.configWriteOptions);
|
|
780
|
+
for (const write of writes) writeTextFileAtomic(write.path, write.content, write.mode);
|
|
781
|
+
} catch (err) {
|
|
782
|
+
for (const [pathname, snapshot] of snapshots.entries()) try {
|
|
783
|
+
restoreFileSnapshot(pathname, snapshot);
|
|
784
|
+
} catch {}
|
|
785
|
+
throw new Error(`Secrets apply failed: ${String(err)}`, { cause: err });
|
|
786
|
+
}
|
|
787
|
+
return {
|
|
788
|
+
mode: "write",
|
|
789
|
+
changed: changedFiles.length > 0,
|
|
790
|
+
changedFiles,
|
|
791
|
+
checks: {
|
|
792
|
+
resolvability: true,
|
|
793
|
+
resolvabilityComplete: true
|
|
794
|
+
},
|
|
795
|
+
refsChecked: projected.refsChecked,
|
|
796
|
+
skippedExecRefs: 0,
|
|
797
|
+
warningCount: projected.warnings.length,
|
|
798
|
+
warnings: projected.warnings
|
|
799
|
+
};
|
|
800
|
+
}
|
|
801
|
+
//#endregion
|
|
802
|
+
//#region src/secrets/audit.ts
|
|
803
|
+
const REF_RESOLVE_FALLBACK_CONCURRENCY = 8;
|
|
804
|
+
const MAX_AUDIT_MODELS_JSON_BYTES = 5 * 1024 * 1024;
|
|
805
|
+
const ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES = new Set([
|
|
806
|
+
"authorization",
|
|
807
|
+
"proxy-authorization",
|
|
808
|
+
"x-api-key",
|
|
809
|
+
"api-key",
|
|
810
|
+
"apikey",
|
|
811
|
+
"x-auth-token",
|
|
812
|
+
"auth-token",
|
|
813
|
+
"x-access-token",
|
|
814
|
+
"access-token",
|
|
815
|
+
"x-secret-key",
|
|
816
|
+
"secret-key"
|
|
817
|
+
]);
|
|
818
|
+
const SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS = [
|
|
819
|
+
"api-key",
|
|
820
|
+
"apikey",
|
|
821
|
+
"token",
|
|
822
|
+
"secret",
|
|
823
|
+
"password",
|
|
824
|
+
"credential"
|
|
825
|
+
];
|
|
826
|
+
function isLikelySensitiveModelProviderHeaderName(value) {
|
|
827
|
+
const normalized = normalizeLowercaseStringOrEmpty(value);
|
|
828
|
+
if (!normalized) return false;
|
|
829
|
+
if (ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES.has(normalized)) return true;
|
|
830
|
+
return SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS.some((fragment) => normalized.includes(fragment));
|
|
831
|
+
}
|
|
832
|
+
function addFinding(collector, finding) {
|
|
833
|
+
collector.findings.push(finding);
|
|
834
|
+
}
|
|
835
|
+
function collectProviderRefPath(collector, providerId, configPath) {
|
|
836
|
+
const key = normalizeProviderId(providerId);
|
|
837
|
+
const existing = collector.configProviderRefPaths.get(key);
|
|
838
|
+
if (existing) {
|
|
839
|
+
existing.push(configPath);
|
|
840
|
+
return;
|
|
841
|
+
}
|
|
842
|
+
collector.configProviderRefPaths.set(key, [configPath]);
|
|
843
|
+
}
|
|
844
|
+
function trackAuthProviderState(collector, provider, mode) {
|
|
845
|
+
const key = normalizeProviderId(provider);
|
|
846
|
+
const existing = collector.authProviderState.get(key);
|
|
847
|
+
if (existing) {
|
|
848
|
+
existing.hasUsableStaticOrOAuth = true;
|
|
849
|
+
existing.modes.add(mode);
|
|
850
|
+
return;
|
|
851
|
+
}
|
|
852
|
+
collector.authProviderState.set(key, {
|
|
853
|
+
hasUsableStaticOrOAuth: true,
|
|
854
|
+
modes: new Set([mode])
|
|
855
|
+
});
|
|
856
|
+
}
|
|
857
|
+
function collectEnvPlaintext(params) {
|
|
858
|
+
if (!fs.existsSync(params.envPath)) return;
|
|
859
|
+
params.collector.filesScanned.add(params.envPath);
|
|
860
|
+
const knownKeys = new Set(listKnownSecretEnvVarNames());
|
|
861
|
+
const lines = fs.readFileSync(params.envPath, "utf8").split(/\r?\n/);
|
|
862
|
+
for (const line of lines) {
|
|
863
|
+
const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
|
|
864
|
+
if (!match) continue;
|
|
865
|
+
const key = match[1] ?? "";
|
|
866
|
+
if (!knownKeys.has(key)) continue;
|
|
867
|
+
if (!parseEnvAssignmentValue(match[2] ?? "")) continue;
|
|
868
|
+
addFinding(params.collector, {
|
|
869
|
+
code: "PLAINTEXT_FOUND",
|
|
870
|
+
severity: "warn",
|
|
871
|
+
file: params.envPath,
|
|
872
|
+
jsonPath: `$env.${key}`,
|
|
873
|
+
message: `Potential secret found in .env (${key}).`
|
|
874
|
+
});
|
|
875
|
+
}
|
|
876
|
+
}
|
|
877
|
+
function collectConfigSecrets(params) {
|
|
878
|
+
const defaults = params.config.secrets?.defaults;
|
|
879
|
+
for (const target of discoverConfigSecretTargets(params.config)) {
|
|
880
|
+
if (!target.entry.includeInAudit) continue;
|
|
881
|
+
const { ref } = resolveSecretInputRef({
|
|
882
|
+
value: target.value,
|
|
883
|
+
refValue: target.refValue,
|
|
884
|
+
defaults
|
|
885
|
+
});
|
|
886
|
+
if (ref) {
|
|
887
|
+
params.collector.refAssignments.push({
|
|
888
|
+
file: params.configPath,
|
|
889
|
+
path: target.path,
|
|
890
|
+
ref,
|
|
891
|
+
expected: target.entry.expectedResolvedValue,
|
|
892
|
+
provider: target.providerId
|
|
893
|
+
});
|
|
894
|
+
if (target.entry.trackProviderShadowing && target.providerId) collectProviderRefPath(params.collector, target.providerId, target.path);
|
|
895
|
+
continue;
|
|
896
|
+
}
|
|
897
|
+
const hasPlaintext = hasConfiguredPlaintextSecretValue(target.value, target.entry.expectedResolvedValue);
|
|
898
|
+
if (target.entry.id === "models.providers.*.headers.*" && !isLikelySensitiveModelProviderHeaderName(target.pathSegments.at(-1) ?? "")) continue;
|
|
899
|
+
if (!hasPlaintext) continue;
|
|
900
|
+
addFinding(params.collector, {
|
|
901
|
+
code: "PLAINTEXT_FOUND",
|
|
902
|
+
severity: "warn",
|
|
903
|
+
file: params.configPath,
|
|
904
|
+
jsonPath: target.path,
|
|
905
|
+
message: `${target.path} is stored as plaintext.`,
|
|
906
|
+
provider: target.providerId
|
|
907
|
+
});
|
|
908
|
+
}
|
|
909
|
+
}
|
|
910
|
+
function collectAuthStoreSecrets(params) {
|
|
911
|
+
if (!fs.existsSync(params.authStorePath)) return;
|
|
912
|
+
params.collector.filesScanned.add(params.authStorePath);
|
|
913
|
+
const parsedResult = readJsonObjectIfExists(params.authStorePath);
|
|
914
|
+
if (parsedResult.error) {
|
|
915
|
+
addFinding(params.collector, {
|
|
916
|
+
code: "REF_UNRESOLVED",
|
|
917
|
+
severity: "error",
|
|
918
|
+
file: params.authStorePath,
|
|
919
|
+
jsonPath: "<root>",
|
|
920
|
+
message: `Invalid JSON in auth-profiles store: ${parsedResult.error}`
|
|
921
|
+
});
|
|
922
|
+
return;
|
|
923
|
+
}
|
|
924
|
+
const parsed = parsedResult.value;
|
|
925
|
+
if (!parsed || !isRecord(parsed.profiles)) return;
|
|
926
|
+
for (const entry of iterateAuthProfileCredentials(parsed.profiles)) {
|
|
927
|
+
if (entry.kind === "api_key" || entry.kind === "token") {
|
|
928
|
+
const { ref } = resolveSecretInputRef({
|
|
929
|
+
value: entry.value,
|
|
930
|
+
refValue: entry.refValue,
|
|
931
|
+
defaults: params.defaults
|
|
932
|
+
});
|
|
933
|
+
if (ref) {
|
|
934
|
+
params.collector.refAssignments.push({
|
|
935
|
+
file: params.authStorePath,
|
|
936
|
+
path: `profiles.${entry.profileId}.${entry.valueField}`,
|
|
937
|
+
ref,
|
|
938
|
+
expected: "string",
|
|
939
|
+
provider: entry.provider
|
|
940
|
+
});
|
|
941
|
+
trackAuthProviderState(params.collector, entry.provider, entry.kind);
|
|
942
|
+
}
|
|
943
|
+
if (isNonEmptyString(entry.value)) {
|
|
944
|
+
addFinding(params.collector, {
|
|
945
|
+
code: "PLAINTEXT_FOUND",
|
|
946
|
+
severity: "warn",
|
|
947
|
+
file: params.authStorePath,
|
|
948
|
+
jsonPath: `profiles.${entry.profileId}.${entry.valueField}`,
|
|
949
|
+
message: entry.kind === "api_key" ? "Auth profile API key is stored as plaintext." : "Auth profile token is stored as plaintext.",
|
|
950
|
+
provider: entry.provider,
|
|
951
|
+
profileId: entry.profileId
|
|
952
|
+
});
|
|
953
|
+
trackAuthProviderState(params.collector, entry.provider, entry.kind);
|
|
954
|
+
}
|
|
955
|
+
continue;
|
|
956
|
+
}
|
|
957
|
+
if (entry.hasAccess || entry.hasRefresh) {
|
|
958
|
+
addFinding(params.collector, {
|
|
959
|
+
code: "LEGACY_RESIDUE",
|
|
960
|
+
severity: "info",
|
|
961
|
+
file: params.authStorePath,
|
|
962
|
+
jsonPath: `profiles.${entry.profileId}`,
|
|
963
|
+
message: "OAuth credentials are present (out of scope for static SecretRef migration).",
|
|
964
|
+
provider: entry.provider,
|
|
965
|
+
profileId: entry.profileId
|
|
966
|
+
});
|
|
967
|
+
trackAuthProviderState(params.collector, entry.provider, "oauth");
|
|
968
|
+
}
|
|
969
|
+
}
|
|
970
|
+
}
|
|
971
|
+
function collectAuthJsonResidue(params) {
|
|
972
|
+
for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
|
|
973
|
+
params.collector.filesScanned.add(authJsonPath);
|
|
974
|
+
const parsedResult = readJsonObjectIfExists(authJsonPath);
|
|
975
|
+
if (parsedResult.error) {
|
|
976
|
+
addFinding(params.collector, {
|
|
977
|
+
code: "REF_UNRESOLVED",
|
|
978
|
+
severity: "error",
|
|
979
|
+
file: authJsonPath,
|
|
980
|
+
jsonPath: "<root>",
|
|
981
|
+
message: `Invalid JSON in legacy auth.json: ${parsedResult.error}`
|
|
982
|
+
});
|
|
983
|
+
continue;
|
|
984
|
+
}
|
|
985
|
+
const parsed = parsedResult.value;
|
|
986
|
+
if (!parsed) continue;
|
|
987
|
+
for (const [providerId, value] of Object.entries(parsed)) {
|
|
988
|
+
if (!isRecord(value)) continue;
|
|
989
|
+
if (value.type === "api_key" && isNonEmptyString(value.key)) addFinding(params.collector, {
|
|
990
|
+
code: "LEGACY_RESIDUE",
|
|
991
|
+
severity: "warn",
|
|
992
|
+
file: authJsonPath,
|
|
993
|
+
jsonPath: providerId,
|
|
994
|
+
message: "Legacy auth.json contains static api_key credentials.",
|
|
995
|
+
provider: providerId
|
|
996
|
+
});
|
|
997
|
+
}
|
|
998
|
+
}
|
|
999
|
+
}
|
|
1000
|
+
function collectModelsJsonSecrets(params) {
|
|
1001
|
+
if (!fs.existsSync(params.modelsJsonPath)) return;
|
|
1002
|
+
params.collector.filesScanned.add(params.modelsJsonPath);
|
|
1003
|
+
const parsedResult = readJsonObjectIfExists(params.modelsJsonPath, {
|
|
1004
|
+
requireRegularFile: true,
|
|
1005
|
+
maxBytes: MAX_AUDIT_MODELS_JSON_BYTES
|
|
1006
|
+
});
|
|
1007
|
+
if (parsedResult.error) {
|
|
1008
|
+
addFinding(params.collector, {
|
|
1009
|
+
code: "REF_UNRESOLVED",
|
|
1010
|
+
severity: "error",
|
|
1011
|
+
file: params.modelsJsonPath,
|
|
1012
|
+
jsonPath: "<root>",
|
|
1013
|
+
message: `Invalid JSON in models.json: ${parsedResult.error}`
|
|
1014
|
+
});
|
|
1015
|
+
return;
|
|
1016
|
+
}
|
|
1017
|
+
const parsed = parsedResult.value;
|
|
1018
|
+
if (!parsed || !isRecord(parsed.providers)) return;
|
|
1019
|
+
for (const [providerId, providerValue] of Object.entries(parsed.providers)) {
|
|
1020
|
+
if (!isRecord(providerValue)) continue;
|
|
1021
|
+
const apiKey = providerValue.apiKey;
|
|
1022
|
+
if (coerceSecretRef(apiKey)) addFinding(params.collector, {
|
|
1023
|
+
code: "REF_UNRESOLVED",
|
|
1024
|
+
severity: "error",
|
|
1025
|
+
file: params.modelsJsonPath,
|
|
1026
|
+
jsonPath: `providers.${providerId}.apiKey`,
|
|
1027
|
+
message: "models.json contains an unresolved SecretRef object; regenerate models.json.",
|
|
1028
|
+
provider: providerId
|
|
1029
|
+
});
|
|
1030
|
+
else if (isNonEmptyString(apiKey) && !isNonSecretApiKeyMarker(apiKey)) addFinding(params.collector, {
|
|
1031
|
+
code: "PLAINTEXT_FOUND",
|
|
1032
|
+
severity: "warn",
|
|
1033
|
+
file: params.modelsJsonPath,
|
|
1034
|
+
jsonPath: `providers.${providerId}.apiKey`,
|
|
1035
|
+
message: "models.json provider apiKey is stored as plaintext.",
|
|
1036
|
+
provider: providerId
|
|
1037
|
+
});
|
|
1038
|
+
const headers = isRecord(providerValue.headers) ? providerValue.headers : void 0;
|
|
1039
|
+
if (!headers) continue;
|
|
1040
|
+
for (const [headerKey, headerValue] of Object.entries(headers)) {
|
|
1041
|
+
const headerPath = `providers.${providerId}.headers.${headerKey}`;
|
|
1042
|
+
if (coerceSecretRef(headerValue)) {
|
|
1043
|
+
addFinding(params.collector, {
|
|
1044
|
+
code: "REF_UNRESOLVED",
|
|
1045
|
+
severity: "error",
|
|
1046
|
+
file: params.modelsJsonPath,
|
|
1047
|
+
jsonPath: headerPath,
|
|
1048
|
+
message: "models.json contains an unresolved SecretRef object for provider headers; regenerate models.json.",
|
|
1049
|
+
provider: providerId
|
|
1050
|
+
});
|
|
1051
|
+
continue;
|
|
1052
|
+
}
|
|
1053
|
+
if (!isNonEmptyString(headerValue)) continue;
|
|
1054
|
+
if (isSecretRefHeaderValueMarker(headerValue)) continue;
|
|
1055
|
+
if (!isLikelySensitiveModelProviderHeaderName(headerKey)) continue;
|
|
1056
|
+
addFinding(params.collector, {
|
|
1057
|
+
code: "PLAINTEXT_FOUND",
|
|
1058
|
+
severity: "warn",
|
|
1059
|
+
file: params.modelsJsonPath,
|
|
1060
|
+
jsonPath: headerPath,
|
|
1061
|
+
message: "models.json provider header value is stored as plaintext.",
|
|
1062
|
+
provider: providerId
|
|
1063
|
+
});
|
|
1064
|
+
}
|
|
1065
|
+
}
|
|
1066
|
+
}
|
|
1067
|
+
async function collectUnresolvedRefFindings(params) {
|
|
1068
|
+
const cache = {};
|
|
1069
|
+
const refsByProvider = /* @__PURE__ */ new Map();
|
|
1070
|
+
const skippedRefKeys = /* @__PURE__ */ new Set();
|
|
1071
|
+
let refsChecked = 0;
|
|
1072
|
+
let skippedExecRefs = 0;
|
|
1073
|
+
for (const assignment of params.collector.refAssignments) {
|
|
1074
|
+
const providerKey = `${assignment.ref.source}:${assignment.ref.provider}`;
|
|
1075
|
+
let refsForProvider = refsByProvider.get(providerKey);
|
|
1076
|
+
if (!refsForProvider) {
|
|
1077
|
+
refsForProvider = /* @__PURE__ */ new Map();
|
|
1078
|
+
refsByProvider.set(providerKey, refsForProvider);
|
|
1079
|
+
}
|
|
1080
|
+
refsForProvider.set(secretRefKey(assignment.ref), assignment.ref);
|
|
1081
|
+
}
|
|
1082
|
+
const resolvedByRefKey = /* @__PURE__ */ new Map();
|
|
1083
|
+
const errorsByRefKey = /* @__PURE__ */ new Map();
|
|
1084
|
+
for (const refsForProvider of refsByProvider.values()) {
|
|
1085
|
+
const refs = [...refsForProvider.values()];
|
|
1086
|
+
const selectedRefs = selectRefsForExecPolicy({
|
|
1087
|
+
refs,
|
|
1088
|
+
allowExec: params.allowExec
|
|
1089
|
+
});
|
|
1090
|
+
if (selectedRefs.skippedExecRefs.length > 0) {
|
|
1091
|
+
skippedExecRefs += selectedRefs.skippedExecRefs.length;
|
|
1092
|
+
for (const ref of selectedRefs.skippedExecRefs) {
|
|
1093
|
+
skippedRefKeys.add(secretRefKey(ref));
|
|
1094
|
+
const staticError = getSkippedExecRefStaticError({
|
|
1095
|
+
ref,
|
|
1096
|
+
config: params.config
|
|
1097
|
+
});
|
|
1098
|
+
if (staticError) errorsByRefKey.set(secretRefKey(ref), new Error(staticError));
|
|
1099
|
+
}
|
|
1100
|
+
}
|
|
1101
|
+
if (selectedRefs.refsToResolve.length === 0) continue;
|
|
1102
|
+
refsChecked += selectedRefs.refsToResolve.length;
|
|
1103
|
+
const provider = refs[0]?.provider;
|
|
1104
|
+
try {
|
|
1105
|
+
const resolved = await resolveSecretRefValues(selectedRefs.refsToResolve, {
|
|
1106
|
+
config: params.config,
|
|
1107
|
+
env: params.env,
|
|
1108
|
+
cache
|
|
1109
|
+
});
|
|
1110
|
+
for (const [key, value] of resolved.entries()) resolvedByRefKey.set(key, value);
|
|
1111
|
+
continue;
|
|
1112
|
+
} catch (err) {
|
|
1113
|
+
if (provider && isProviderScopedSecretResolutionError(err)) {
|
|
1114
|
+
for (const ref of selectedRefs.refsToResolve) errorsByRefKey.set(secretRefKey(ref), err);
|
|
1115
|
+
continue;
|
|
1116
|
+
}
|
|
1117
|
+
}
|
|
1118
|
+
const fallback = await runTasksWithConcurrency({
|
|
1119
|
+
tasks: selectedRefs.refsToResolve.map((ref) => async () => ({
|
|
1120
|
+
key: secretRefKey(ref),
|
|
1121
|
+
resolved: await resolveSecretRefValue(ref, {
|
|
1122
|
+
config: params.config,
|
|
1123
|
+
env: params.env,
|
|
1124
|
+
cache
|
|
1125
|
+
})
|
|
1126
|
+
})),
|
|
1127
|
+
limit: Math.min(REF_RESOLVE_FALLBACK_CONCURRENCY, selectedRefs.refsToResolve.length),
|
|
1128
|
+
errorMode: "continue",
|
|
1129
|
+
onTaskError: (error, index) => {
|
|
1130
|
+
const ref = selectedRefs.refsToResolve[index];
|
|
1131
|
+
if (!ref) return;
|
|
1132
|
+
errorsByRefKey.set(secretRefKey(ref), error);
|
|
1133
|
+
}
|
|
1134
|
+
});
|
|
1135
|
+
for (const result of fallback.results) {
|
|
1136
|
+
if (!result) continue;
|
|
1137
|
+
resolvedByRefKey.set(result.key, result.resolved);
|
|
1138
|
+
}
|
|
1139
|
+
}
|
|
1140
|
+
for (const assignment of params.collector.refAssignments) {
|
|
1141
|
+
const key = secretRefKey(assignment.ref);
|
|
1142
|
+
if (skippedRefKeys.has(key) && !errorsByRefKey.has(key)) continue;
|
|
1143
|
+
const resolveErr = errorsByRefKey.get(key);
|
|
1144
|
+
if (resolveErr) {
|
|
1145
|
+
addFinding(params.collector, {
|
|
1146
|
+
code: "REF_UNRESOLVED",
|
|
1147
|
+
severity: "error",
|
|
1148
|
+
file: assignment.file,
|
|
1149
|
+
jsonPath: assignment.path,
|
|
1150
|
+
message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (${formatErrorMessage(resolveErr)}).`,
|
|
1151
|
+
provider: assignment.provider
|
|
1152
|
+
});
|
|
1153
|
+
continue;
|
|
1154
|
+
}
|
|
1155
|
+
if (!resolvedByRefKey.has(key)) {
|
|
1156
|
+
addFinding(params.collector, {
|
|
1157
|
+
code: "REF_UNRESOLVED",
|
|
1158
|
+
severity: "error",
|
|
1159
|
+
file: assignment.file,
|
|
1160
|
+
jsonPath: assignment.path,
|
|
1161
|
+
message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is missing).`,
|
|
1162
|
+
provider: assignment.provider
|
|
1163
|
+
});
|
|
1164
|
+
continue;
|
|
1165
|
+
}
|
|
1166
|
+
if (!isExpectedResolvedSecretValue(resolvedByRefKey.get(key), assignment.expected)) addFinding(params.collector, {
|
|
1167
|
+
code: "REF_UNRESOLVED",
|
|
1168
|
+
severity: "error",
|
|
1169
|
+
file: assignment.file,
|
|
1170
|
+
jsonPath: assignment.path,
|
|
1171
|
+
message: assignment.expected === "string" ? `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a non-empty string).` : `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a string/object).`,
|
|
1172
|
+
provider: assignment.provider
|
|
1173
|
+
});
|
|
1174
|
+
}
|
|
1175
|
+
return {
|
|
1176
|
+
refsChecked,
|
|
1177
|
+
skippedExecRefs
|
|
1178
|
+
};
|
|
1179
|
+
}
|
|
1180
|
+
function collectShadowingFindings(collector) {
|
|
1181
|
+
for (const [provider, paths] of collector.configProviderRefPaths.entries()) {
|
|
1182
|
+
const authState = collector.authProviderState.get(provider);
|
|
1183
|
+
if (!authState?.hasUsableStaticOrOAuth) continue;
|
|
1184
|
+
const modeText = [...authState.modes].join("/");
|
|
1185
|
+
for (const configPath of paths) addFinding(collector, {
|
|
1186
|
+
code: "REF_SHADOWED",
|
|
1187
|
+
severity: "warn",
|
|
1188
|
+
file: "genesis.json",
|
|
1189
|
+
jsonPath: configPath,
|
|
1190
|
+
message: `Auth profile credentials (${modeText}) take precedence for provider "${provider}", so this config ref may never be used.`,
|
|
1191
|
+
provider
|
|
1192
|
+
});
|
|
1193
|
+
}
|
|
1194
|
+
}
|
|
1195
|
+
function summarizeFindings(findings) {
|
|
1196
|
+
return {
|
|
1197
|
+
plaintextCount: findings.filter((entry) => entry.code === "PLAINTEXT_FOUND").length,
|
|
1198
|
+
unresolvedRefCount: findings.filter((entry) => entry.code === "REF_UNRESOLVED").length,
|
|
1199
|
+
shadowedRefCount: findings.filter((entry) => entry.code === "REF_SHADOWED").length,
|
|
1200
|
+
legacyResidueCount: findings.filter((entry) => entry.code === "LEGACY_RESIDUE").length
|
|
1201
|
+
};
|
|
1202
|
+
}
|
|
1203
|
+
async function runSecretsAudit(params = {}) {
|
|
1204
|
+
const env = params.env ?? process.env;
|
|
1205
|
+
const allowExec = Boolean(params.allowExec);
|
|
1206
|
+
const snapshot = await createSecretsConfigIO({ env }).readConfigFileSnapshot();
|
|
1207
|
+
const configPath = resolveUserPath(snapshot.path);
|
|
1208
|
+
const defaults = snapshot.valid ? snapshot.config.secrets?.defaults : void 0;
|
|
1209
|
+
const collector = {
|
|
1210
|
+
findings: [],
|
|
1211
|
+
refAssignments: [],
|
|
1212
|
+
configProviderRefPaths: /* @__PURE__ */ new Map(),
|
|
1213
|
+
authProviderState: /* @__PURE__ */ new Map(),
|
|
1214
|
+
filesScanned: new Set([configPath])
|
|
1215
|
+
};
|
|
1216
|
+
const stateDir = resolveStateDir(env, os.homedir);
|
|
1217
|
+
const envPath = path.join(resolveConfigDir(env, os.homedir), ".env");
|
|
1218
|
+
const config = snapshot.valid ? snapshot.config : {};
|
|
1219
|
+
let resolution = {
|
|
1220
|
+
refsChecked: 0,
|
|
1221
|
+
skippedExecRefs: 0,
|
|
1222
|
+
resolvabilityComplete: true
|
|
1223
|
+
};
|
|
1224
|
+
if (snapshot.valid) {
|
|
1225
|
+
collectConfigSecrets({
|
|
1226
|
+
config,
|
|
1227
|
+
configPath,
|
|
1228
|
+
collector
|
|
1229
|
+
});
|
|
1230
|
+
for (const authStorePath of listAuthProfileStorePaths(config, stateDir)) collectAuthStoreSecrets({
|
|
1231
|
+
authStorePath,
|
|
1232
|
+
collector,
|
|
1233
|
+
defaults
|
|
1234
|
+
});
|
|
1235
|
+
for (const modelsJsonPath of listAgentModelsJsonPaths(config, stateDir, env)) collectModelsJsonSecrets({
|
|
1236
|
+
modelsJsonPath,
|
|
1237
|
+
collector
|
|
1238
|
+
});
|
|
1239
|
+
const unresolvedRefResult = await collectUnresolvedRefFindings({
|
|
1240
|
+
collector,
|
|
1241
|
+
config,
|
|
1242
|
+
env,
|
|
1243
|
+
allowExec
|
|
1244
|
+
});
|
|
1245
|
+
resolution = {
|
|
1246
|
+
refsChecked: unresolvedRefResult.refsChecked,
|
|
1247
|
+
skippedExecRefs: unresolvedRefResult.skippedExecRefs,
|
|
1248
|
+
resolvabilityComplete: unresolvedRefResult.skippedExecRefs === 0
|
|
1249
|
+
};
|
|
1250
|
+
collectShadowingFindings(collector);
|
|
1251
|
+
} else addFinding(collector, {
|
|
1252
|
+
code: "REF_UNRESOLVED",
|
|
1253
|
+
severity: "error",
|
|
1254
|
+
file: configPath,
|
|
1255
|
+
jsonPath: "<root>",
|
|
1256
|
+
message: "Config is invalid; cannot validate secret references reliably."
|
|
1257
|
+
});
|
|
1258
|
+
collectEnvPlaintext({
|
|
1259
|
+
envPath,
|
|
1260
|
+
collector
|
|
1261
|
+
});
|
|
1262
|
+
collectAuthJsonResidue({
|
|
1263
|
+
stateDir,
|
|
1264
|
+
collector
|
|
1265
|
+
});
|
|
1266
|
+
const summary = summarizeFindings(collector.findings);
|
|
1267
|
+
return {
|
|
1268
|
+
version: 1,
|
|
1269
|
+
status: summary.unresolvedRefCount > 0 ? "unresolved" : collector.findings.length > 0 ? "findings" : "clean",
|
|
1270
|
+
resolution,
|
|
1271
|
+
filesScanned: [...collector.filesScanned].toSorted(),
|
|
1272
|
+
summary,
|
|
1273
|
+
findings: collector.findings
|
|
1274
|
+
};
|
|
1275
|
+
}
|
|
1276
|
+
function resolveSecretsAuditExitCode(report, check) {
|
|
1277
|
+
if (report.summary.unresolvedRefCount > 0) return 2;
|
|
1278
|
+
if (check && report.findings.length > 0) return 1;
|
|
1279
|
+
return 0;
|
|
1280
|
+
}
|
|
1281
|
+
//#endregion
|
|
1282
|
+
//#region src/secrets/configure-plan.ts
|
|
1283
|
+
function getSecretProviders$1(config) {
|
|
1284
|
+
if (!isRecord(config.secrets?.providers)) return {};
|
|
1285
|
+
return config.secrets.providers;
|
|
1286
|
+
}
|
|
1287
|
+
function configureCandidateSortKey(candidate) {
|
|
1288
|
+
if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${candidate.agentId ?? ""}:${candidate.path}`;
|
|
1289
|
+
return `genesis:${candidate.path}`;
|
|
1290
|
+
}
|
|
1291
|
+
function resolveAuthProfileProvider(store, pathSegments) {
|
|
1292
|
+
const profileId = pathSegments[1];
|
|
1293
|
+
if (!profileId) return;
|
|
1294
|
+
const profile = store.profiles?.[profileId];
|
|
1295
|
+
if (!isRecord(profile) || typeof profile.provider !== "string") return;
|
|
1296
|
+
const provider = profile.provider.trim();
|
|
1297
|
+
return provider.length > 0 ? provider : void 0;
|
|
1298
|
+
}
|
|
1299
|
+
function buildConfigureCandidatesForScope(params) {
|
|
1300
|
+
const authoredConfig = params.authoredGenesisConfig ?? params.config;
|
|
1301
|
+
const hasPathInAuthoredConfig = (pathSegments) => hasPath(authoredConfig, pathSegments);
|
|
1302
|
+
const genesisCandidates = discoverConfigSecretTargets(params.config).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
|
|
1303
|
+
const resolved = resolveSecretInputRef({
|
|
1304
|
+
value: entry.value,
|
|
1305
|
+
refValue: entry.refValue,
|
|
1306
|
+
defaults: params.config.secrets?.defaults
|
|
1307
|
+
});
|
|
1308
|
+
const pathExists = hasPathInAuthoredConfig(entry.pathSegments);
|
|
1309
|
+
const refPathExists = entry.refPathSegments ? hasPathInAuthoredConfig(entry.refPathSegments) : false;
|
|
1310
|
+
return Object.assign({
|
|
1311
|
+
type: entry.entry.targetType,
|
|
1312
|
+
path: entry.path,
|
|
1313
|
+
pathSegments: [...entry.pathSegments],
|
|
1314
|
+
label: entry.path,
|
|
1315
|
+
configFile: `genesis.json`,
|
|
1316
|
+
expectedResolvedValue: entry.entry.expectedResolvedValue
|
|
1317
|
+
}, resolved.ref ? { existingRef: resolved.ref } : {}, pathExists || refPathExists ? {} : { isDerived: true }, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {});
|
|
1318
|
+
});
|
|
1319
|
+
const authCandidates = params.authProfiles === void 0 ? [] : discoverAuthProfileSecretTargets(params.authProfiles.store).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
|
|
1320
|
+
const authProfiles = params.authProfiles;
|
|
1321
|
+
if (!authProfiles) throw new Error("Missing auth profile scope for configure candidate discovery.");
|
|
1322
|
+
const authProfileProvider = resolveAuthProfileProvider(authProfiles.store, entry.pathSegments);
|
|
1323
|
+
const resolved = resolveSecretInputRef({
|
|
1324
|
+
value: entry.value,
|
|
1325
|
+
refValue: entry.refValue,
|
|
1326
|
+
defaults: params.config.secrets?.defaults
|
|
1327
|
+
});
|
|
1328
|
+
return Object.assign({
|
|
1329
|
+
type: entry.entry.targetType,
|
|
1330
|
+
path: entry.path,
|
|
1331
|
+
pathSegments: [...entry.pathSegments],
|
|
1332
|
+
label: `${entry.path} (auth profile, agent ${authProfiles.agentId})`,
|
|
1333
|
+
configFile: `auth-profiles.json`,
|
|
1334
|
+
expectedResolvedValue: entry.entry.expectedResolvedValue
|
|
1335
|
+
}, resolved.ref ? { existingRef: resolved.ref } : {}, { agentId: authProfiles.agentId }, authProfileProvider ? { authProfileProvider } : {});
|
|
1336
|
+
});
|
|
1337
|
+
return [...genesisCandidates, ...authCandidates].toSorted((a, b) => configureCandidateSortKey(a).localeCompare(configureCandidateSortKey(b)));
|
|
1338
|
+
}
|
|
1339
|
+
function hasPath(root, segments) {
|
|
1340
|
+
if (segments.length === 0) return false;
|
|
1341
|
+
let cursor = root;
|
|
1342
|
+
for (let index = 0; index < segments.length; index += 1) {
|
|
1343
|
+
const segment = segments[index] ?? "";
|
|
1344
|
+
if (Array.isArray(cursor)) {
|
|
1345
|
+
if (!/^\d+$/.test(segment)) return false;
|
|
1346
|
+
const parsedIndex = Number.parseInt(segment, 10);
|
|
1347
|
+
if (!Number.isFinite(parsedIndex) || parsedIndex < 0 || parsedIndex >= cursor.length) return false;
|
|
1348
|
+
if (index === segments.length - 1) return true;
|
|
1349
|
+
cursor = cursor[parsedIndex];
|
|
1350
|
+
continue;
|
|
1351
|
+
}
|
|
1352
|
+
if (!isRecord(cursor)) return false;
|
|
1353
|
+
if (!Object.prototype.hasOwnProperty.call(cursor, segment)) return false;
|
|
1354
|
+
if (index === segments.length - 1) return true;
|
|
1355
|
+
cursor = cursor[segment];
|
|
1356
|
+
}
|
|
1357
|
+
return false;
|
|
1358
|
+
}
|
|
1359
|
+
function collectConfigureProviderChanges(params) {
|
|
1360
|
+
const originalProviders = getSecretProviders$1(params.original);
|
|
1361
|
+
const nextProviders = getSecretProviders$1(params.next);
|
|
1362
|
+
const upserts = {};
|
|
1363
|
+
const deletes = [];
|
|
1364
|
+
for (const [providerAlias, nextProviderConfig] of Object.entries(nextProviders)) {
|
|
1365
|
+
const current = originalProviders[providerAlias];
|
|
1366
|
+
if (isDeepStrictEqual(current, nextProviderConfig)) continue;
|
|
1367
|
+
upserts[providerAlias] = structuredClone(nextProviderConfig);
|
|
1368
|
+
}
|
|
1369
|
+
for (const providerAlias of Object.keys(originalProviders)) if (!Object.prototype.hasOwnProperty.call(nextProviders, providerAlias)) deletes.push(providerAlias);
|
|
1370
|
+
return {
|
|
1371
|
+
upserts,
|
|
1372
|
+
deletes: deletes.toSorted()
|
|
1373
|
+
};
|
|
1374
|
+
}
|
|
1375
|
+
function hasConfigurePlanChanges(params) {
|
|
1376
|
+
return params.selectedTargets.size > 0 || Object.keys(params.providerChanges.upserts).length > 0 || params.providerChanges.deletes.length > 0;
|
|
1377
|
+
}
|
|
1378
|
+
function buildSecretsConfigurePlan(params) {
|
|
1379
|
+
return {
|
|
1380
|
+
version: 1,
|
|
1381
|
+
protocolVersion: 1,
|
|
1382
|
+
generatedAt: params.generatedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
1383
|
+
generatedBy: "genesis secrets configure",
|
|
1384
|
+
targets: [...params.selectedTargets.values()].map((entry) => Object.assign({
|
|
1385
|
+
type: entry.type,
|
|
1386
|
+
path: entry.path,
|
|
1387
|
+
pathSegments: [...entry.pathSegments],
|
|
1388
|
+
ref: entry.ref
|
|
1389
|
+
}, entry.agentId ? { agentId: entry.agentId } : {}, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {}, entry.authProfileProvider ? { authProfileProvider: entry.authProfileProvider } : {})),
|
|
1390
|
+
...Object.keys(params.providerChanges.upserts).length > 0 ? { providerUpserts: params.providerChanges.upserts } : {},
|
|
1391
|
+
...params.providerChanges.deletes.length > 0 ? { providerDeletes: params.providerChanges.deletes } : {},
|
|
1392
|
+
options: {
|
|
1393
|
+
scrubEnv: true,
|
|
1394
|
+
scrubAuthProfilesForProviderTargets: true,
|
|
1395
|
+
scrubLegacyAuthJson: true
|
|
1396
|
+
}
|
|
1397
|
+
};
|
|
1398
|
+
}
|
|
1399
|
+
//#endregion
|
|
1400
|
+
//#region src/secrets/configure.ts
|
|
1401
|
+
const ENV_NAME_PATTERN = /^[A-Z][A-Z0-9_]{0,127}$/;
|
|
1402
|
+
const WINDOWS_ABS_PATH_PATTERN = /^[A-Za-z]:[\\/]/;
|
|
1403
|
+
const WINDOWS_UNC_PATH_PATTERN = /^\\\\[^\\]+\\[^\\]+/;
|
|
1404
|
+
function isAbsolutePathValue(value) {
|
|
1405
|
+
return path.isAbsolute(value) || WINDOWS_ABS_PATH_PATTERN.test(value) || WINDOWS_UNC_PATH_PATTERN.test(value);
|
|
1406
|
+
}
|
|
1407
|
+
function parseCsv(value) {
|
|
1408
|
+
return value.split(",").map((entry) => entry.trim()).filter((entry) => entry.length > 0);
|
|
1409
|
+
}
|
|
1410
|
+
function parseOptionalPositiveInt(value, max) {
|
|
1411
|
+
const trimmed = value.trim();
|
|
1412
|
+
if (!trimmed) return;
|
|
1413
|
+
if (!/^\d+$/.test(trimmed)) return;
|
|
1414
|
+
const parsed = Number.parseInt(trimmed, 10);
|
|
1415
|
+
if (!Number.isFinite(parsed) || parsed <= 0 || parsed > max) return;
|
|
1416
|
+
return parsed;
|
|
1417
|
+
}
|
|
1418
|
+
function getSecretProviders(config) {
|
|
1419
|
+
if (!isRecord(config.secrets?.providers)) return {};
|
|
1420
|
+
return config.secrets.providers;
|
|
1421
|
+
}
|
|
1422
|
+
function setSecretProvider(config, providerAlias, providerConfig) {
|
|
1423
|
+
config.secrets ??= {};
|
|
1424
|
+
if (!isRecord(config.secrets.providers)) config.secrets.providers = {};
|
|
1425
|
+
config.secrets.providers[providerAlias] = providerConfig;
|
|
1426
|
+
}
|
|
1427
|
+
function removeSecretProvider(config, providerAlias) {
|
|
1428
|
+
if (!isRecord(config.secrets?.providers)) return false;
|
|
1429
|
+
const providers = config.secrets.providers;
|
|
1430
|
+
if (!Object.prototype.hasOwnProperty.call(providers, providerAlias)) return false;
|
|
1431
|
+
delete providers[providerAlias];
|
|
1432
|
+
if (Object.keys(providers).length === 0) delete config.secrets?.providers;
|
|
1433
|
+
if (isRecord(config.secrets?.defaults)) {
|
|
1434
|
+
const defaults = config.secrets.defaults;
|
|
1435
|
+
if (defaults?.env === providerAlias) delete defaults.env;
|
|
1436
|
+
if (defaults?.file === providerAlias) delete defaults.file;
|
|
1437
|
+
if (defaults?.exec === providerAlias) delete defaults.exec;
|
|
1438
|
+
if (defaults && defaults.env === void 0 && defaults.file === void 0 && defaults.exec === void 0) delete config.secrets?.defaults;
|
|
1439
|
+
}
|
|
1440
|
+
return true;
|
|
1441
|
+
}
|
|
1442
|
+
function providerHint(provider) {
|
|
1443
|
+
if (provider.source === "env") return provider.allowlist?.length ? `env (${provider.allowlist.length} allowlisted)` : "env";
|
|
1444
|
+
if (provider.source === "file") return `file (${provider.mode ?? "json"})`;
|
|
1445
|
+
return `exec (${provider.jsonOnly === false ? "json+text" : "json"})`;
|
|
1446
|
+
}
|
|
1447
|
+
function toSourceChoices(config) {
|
|
1448
|
+
const hasSource = (source) => Object.values(config.secrets?.providers ?? {}).some((provider) => provider?.source === source);
|
|
1449
|
+
const choices = [{
|
|
1450
|
+
value: "env",
|
|
1451
|
+
label: "env"
|
|
1452
|
+
}];
|
|
1453
|
+
if (hasSource("file")) choices.push({
|
|
1454
|
+
value: "file",
|
|
1455
|
+
label: "file"
|
|
1456
|
+
});
|
|
1457
|
+
if (hasSource("exec")) choices.push({
|
|
1458
|
+
value: "exec",
|
|
1459
|
+
label: "exec"
|
|
1460
|
+
});
|
|
1461
|
+
return choices;
|
|
1462
|
+
}
|
|
1463
|
+
function assertNoCancel(value, message) {
|
|
1464
|
+
if (typeof value === "symbol") throw new Error(message);
|
|
1465
|
+
return value;
|
|
1466
|
+
}
|
|
1467
|
+
const AUTH_PROFILE_ID_PATTERN = /^[A-Za-z0-9:_-]{1,128}$/;
|
|
1468
|
+
function validateEnvNameCsv(value) {
|
|
1469
|
+
const entries = parseCsv(value);
|
|
1470
|
+
for (const entry of entries) if (!ENV_NAME_PATTERN.test(entry)) return `Invalid env name: ${entry}`;
|
|
1471
|
+
}
|
|
1472
|
+
async function promptEnvNameCsv(params) {
|
|
1473
|
+
return parseCsv(assertNoCancel(await text({
|
|
1474
|
+
message: params.message,
|
|
1475
|
+
initialValue: params.initialValue,
|
|
1476
|
+
validate: (value) => validateEnvNameCsv(value ?? "")
|
|
1477
|
+
}), "Secrets configure cancelled.") ?? "");
|
|
1478
|
+
}
|
|
1479
|
+
async function promptOptionalPositiveInt(params) {
|
|
1480
|
+
return parseOptionalPositiveInt(normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1481
|
+
message: params.message,
|
|
1482
|
+
initialValue: params.initialValue === void 0 ? "" : String(params.initialValue),
|
|
1483
|
+
validate: (value) => {
|
|
1484
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1485
|
+
if (!trimmed) return;
|
|
1486
|
+
if (parseOptionalPositiveInt(trimmed, params.max) === void 0) return `Must be an integer between 1 and ${params.max}`;
|
|
1487
|
+
}
|
|
1488
|
+
}), "Secrets configure cancelled.")) ?? "", params.max);
|
|
1489
|
+
}
|
|
1490
|
+
function configureCandidateKey(candidate) {
|
|
1491
|
+
if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${normalizeOptionalString(candidate.agentId) ?? ""}:${candidate.path}`;
|
|
1492
|
+
return `genesis:${candidate.path}`;
|
|
1493
|
+
}
|
|
1494
|
+
function hasSourceChoice(sourceChoices, source) {
|
|
1495
|
+
return sourceChoices.some((entry) => entry.value === source);
|
|
1496
|
+
}
|
|
1497
|
+
function resolveCandidateProviderHint(candidate) {
|
|
1498
|
+
return normalizeOptionalLowercaseString(candidate.authProfileProvider) ?? normalizeOptionalLowercaseString(candidate.providerId);
|
|
1499
|
+
}
|
|
1500
|
+
function resolveSuggestedEnvSecretId(candidate) {
|
|
1501
|
+
const hintedProvider = resolveCandidateProviderHint(candidate);
|
|
1502
|
+
if (!hintedProvider) return;
|
|
1503
|
+
const envCandidates = getProviderEnvVars(hintedProvider);
|
|
1504
|
+
if (!Array.isArray(envCandidates) || envCandidates.length === 0) return;
|
|
1505
|
+
return envCandidates[0];
|
|
1506
|
+
}
|
|
1507
|
+
function resolveConfigureAgentId(config, explicitAgentId) {
|
|
1508
|
+
const knownAgentIds = new Set(listAgentIds(config));
|
|
1509
|
+
if (!explicitAgentId) return resolveDefaultAgentId(config);
|
|
1510
|
+
const normalized = normalizeAgentId(explicitAgentId);
|
|
1511
|
+
if (knownAgentIds.has(normalized)) return normalized;
|
|
1512
|
+
const known = [...knownAgentIds].toSorted().join(", ");
|
|
1513
|
+
throw new Error(`Unknown agent id "${explicitAgentId}". Known agents: ${known || "none configured"}.`);
|
|
1514
|
+
}
|
|
1515
|
+
function loadAuthProfileStoreForConfigure(params) {
|
|
1516
|
+
return loadPersistedAuthProfileStore(resolveAgentDir(params.config, params.agentId)) ?? {
|
|
1517
|
+
version: 1,
|
|
1518
|
+
profiles: {}
|
|
1519
|
+
};
|
|
1520
|
+
}
|
|
1521
|
+
async function promptNewAuthProfileCandidate(agentId) {
|
|
1522
|
+
const profileId = assertNoCancel(await text({
|
|
1523
|
+
message: "Auth profile id",
|
|
1524
|
+
validate: (value) => {
|
|
1525
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1526
|
+
if (!trimmed) return "Required";
|
|
1527
|
+
if (!AUTH_PROFILE_ID_PATTERN.test(trimmed)) return "Use letters/numbers/\":\"/\"_\"/\"-\" only.";
|
|
1528
|
+
}
|
|
1529
|
+
}), "Secrets configure cancelled.");
|
|
1530
|
+
const credentialType = assertNoCancel(await select({
|
|
1531
|
+
message: "Auth profile credential type",
|
|
1532
|
+
options: [{
|
|
1533
|
+
value: "api_key",
|
|
1534
|
+
label: "api_key (key/keyRef)"
|
|
1535
|
+
}, {
|
|
1536
|
+
value: "token",
|
|
1537
|
+
label: "token (token/tokenRef)"
|
|
1538
|
+
}]
|
|
1539
|
+
}), "Secrets configure cancelled.");
|
|
1540
|
+
const provider = assertNoCancel(await text({
|
|
1541
|
+
message: "Provider id",
|
|
1542
|
+
validate: (value) => normalizeStringifiedOptionalString(value) ? void 0 : "Required"
|
|
1543
|
+
}), "Secrets configure cancelled.");
|
|
1544
|
+
const profileIdTrimmed = normalizeStringifiedOptionalString(profileId) ?? "";
|
|
1545
|
+
const providerTrimmed = normalizeStringifiedOptionalString(provider) ?? "";
|
|
1546
|
+
if (credentialType === "token") return {
|
|
1547
|
+
type: "auth-profiles.token.token",
|
|
1548
|
+
path: `profiles.${profileIdTrimmed}.token`,
|
|
1549
|
+
pathSegments: [
|
|
1550
|
+
"profiles",
|
|
1551
|
+
profileIdTrimmed,
|
|
1552
|
+
"token"
|
|
1553
|
+
],
|
|
1554
|
+
label: `profiles.${profileIdTrimmed}.token (auth profile, agent ${agentId})`,
|
|
1555
|
+
configFile: "auth-profiles.json",
|
|
1556
|
+
agentId,
|
|
1557
|
+
authProfileProvider: providerTrimmed,
|
|
1558
|
+
expectedResolvedValue: "string"
|
|
1559
|
+
};
|
|
1560
|
+
return {
|
|
1561
|
+
type: "auth-profiles.api_key.key",
|
|
1562
|
+
path: `profiles.${profileIdTrimmed}.key`,
|
|
1563
|
+
pathSegments: [
|
|
1564
|
+
"profiles",
|
|
1565
|
+
profileIdTrimmed,
|
|
1566
|
+
"key"
|
|
1567
|
+
],
|
|
1568
|
+
label: `profiles.${profileIdTrimmed}.key (auth profile, agent ${agentId})`,
|
|
1569
|
+
configFile: "auth-profiles.json",
|
|
1570
|
+
agentId,
|
|
1571
|
+
authProfileProvider: providerTrimmed,
|
|
1572
|
+
expectedResolvedValue: "string"
|
|
1573
|
+
};
|
|
1574
|
+
}
|
|
1575
|
+
async function promptProviderAlias(params) {
|
|
1576
|
+
return normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1577
|
+
message: "Provider alias",
|
|
1578
|
+
initialValue: "default",
|
|
1579
|
+
validate: (value) => {
|
|
1580
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1581
|
+
if (!trimmed) return "Required";
|
|
1582
|
+
if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
|
|
1583
|
+
if (params.existingAliases.has(trimmed)) return "Alias already exists";
|
|
1584
|
+
}
|
|
1585
|
+
}), "Secrets configure cancelled.")) ?? "";
|
|
1586
|
+
}
|
|
1587
|
+
async function promptProviderSource(initial) {
|
|
1588
|
+
return assertNoCancel(await select({
|
|
1589
|
+
message: "Provider source",
|
|
1590
|
+
options: [
|
|
1591
|
+
{
|
|
1592
|
+
value: "env",
|
|
1593
|
+
label: "env"
|
|
1594
|
+
},
|
|
1595
|
+
{
|
|
1596
|
+
value: "file",
|
|
1597
|
+
label: "file"
|
|
1598
|
+
},
|
|
1599
|
+
{
|
|
1600
|
+
value: "exec",
|
|
1601
|
+
label: "exec"
|
|
1602
|
+
}
|
|
1603
|
+
],
|
|
1604
|
+
initialValue: initial
|
|
1605
|
+
}), "Secrets configure cancelled.");
|
|
1606
|
+
}
|
|
1607
|
+
async function promptEnvProvider(base) {
|
|
1608
|
+
const allowlist = await promptEnvNameCsv({
|
|
1609
|
+
message: "Env allowlist (comma-separated, blank for unrestricted)",
|
|
1610
|
+
initialValue: base?.allowlist?.join(",") ?? ""
|
|
1611
|
+
});
|
|
1612
|
+
return {
|
|
1613
|
+
source: "env",
|
|
1614
|
+
...allowlist.length > 0 ? { allowlist } : {}
|
|
1615
|
+
};
|
|
1616
|
+
}
|
|
1617
|
+
async function promptFileProvider(base) {
|
|
1618
|
+
const filePath = assertNoCancel(await text({
|
|
1619
|
+
message: "File path (absolute)",
|
|
1620
|
+
initialValue: base?.path ?? "",
|
|
1621
|
+
validate: (value) => {
|
|
1622
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1623
|
+
if (!trimmed) return "Required";
|
|
1624
|
+
if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
|
|
1625
|
+
}
|
|
1626
|
+
}), "Secrets configure cancelled.");
|
|
1627
|
+
const mode = assertNoCancel(await select({
|
|
1628
|
+
message: "File mode",
|
|
1629
|
+
options: [{
|
|
1630
|
+
value: "json",
|
|
1631
|
+
label: "json"
|
|
1632
|
+
}, {
|
|
1633
|
+
value: "singleValue",
|
|
1634
|
+
label: "singleValue"
|
|
1635
|
+
}],
|
|
1636
|
+
initialValue: base?.mode ?? "json"
|
|
1637
|
+
}), "Secrets configure cancelled.");
|
|
1638
|
+
const timeoutMs = await promptOptionalPositiveInt({
|
|
1639
|
+
message: "Timeout ms (blank for default)",
|
|
1640
|
+
initialValue: base?.timeoutMs,
|
|
1641
|
+
max: 12e4
|
|
1642
|
+
});
|
|
1643
|
+
const maxBytes = await promptOptionalPositiveInt({
|
|
1644
|
+
message: "Max bytes (blank for default)",
|
|
1645
|
+
initialValue: base?.maxBytes,
|
|
1646
|
+
max: 20 * 1024 * 1024
|
|
1647
|
+
});
|
|
1648
|
+
const allowInsecurePath = assertNoCancel(await confirm({
|
|
1649
|
+
message: "Allow insecure file path checks?",
|
|
1650
|
+
initialValue: base?.allowInsecurePath ?? false
|
|
1651
|
+
}), "Secrets configure cancelled.");
|
|
1652
|
+
return {
|
|
1653
|
+
source: "file",
|
|
1654
|
+
path: normalizeStringifiedOptionalString(filePath) ?? "",
|
|
1655
|
+
mode,
|
|
1656
|
+
...timeoutMs ? { timeoutMs } : {},
|
|
1657
|
+
...maxBytes ? { maxBytes } : {},
|
|
1658
|
+
...allowInsecurePath ? { allowInsecurePath: true } : {}
|
|
1659
|
+
};
|
|
1660
|
+
}
|
|
1661
|
+
async function parseArgsInput(rawValue) {
|
|
1662
|
+
const trimmed = rawValue.trim();
|
|
1663
|
+
if (!trimmed) return;
|
|
1664
|
+
const parsed = JSON.parse(trimmed);
|
|
1665
|
+
if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) throw new Error("args must be a JSON array of strings");
|
|
1666
|
+
return parsed;
|
|
1667
|
+
}
|
|
1668
|
+
async function promptExecProvider(base) {
|
|
1669
|
+
const command = assertNoCancel(await text({
|
|
1670
|
+
message: "Command path (absolute)",
|
|
1671
|
+
initialValue: base?.command ?? "",
|
|
1672
|
+
validate: (value) => {
|
|
1673
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1674
|
+
if (!trimmed) return "Required";
|
|
1675
|
+
if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
|
|
1676
|
+
if (!isSafeExecutableValue(trimmed)) return "Command value is not allowed";
|
|
1677
|
+
}
|
|
1678
|
+
}), "Secrets configure cancelled.");
|
|
1679
|
+
const argsRaw = assertNoCancel(await text({
|
|
1680
|
+
message: "Args JSON array (blank for none)",
|
|
1681
|
+
initialValue: JSON.stringify(base?.args ?? []),
|
|
1682
|
+
validate: (value) => {
|
|
1683
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1684
|
+
if (!trimmed) return;
|
|
1685
|
+
try {
|
|
1686
|
+
const parsed = JSON.parse(trimmed);
|
|
1687
|
+
if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) return "Must be a JSON array of strings";
|
|
1688
|
+
return;
|
|
1689
|
+
} catch {
|
|
1690
|
+
return "Must be valid JSON";
|
|
1691
|
+
}
|
|
1692
|
+
}
|
|
1693
|
+
}), "Secrets configure cancelled.");
|
|
1694
|
+
const timeoutMs = await promptOptionalPositiveInt({
|
|
1695
|
+
message: "Timeout ms (blank for default)",
|
|
1696
|
+
initialValue: base?.timeoutMs,
|
|
1697
|
+
max: 12e4
|
|
1698
|
+
});
|
|
1699
|
+
const noOutputTimeoutMs = await promptOptionalPositiveInt({
|
|
1700
|
+
message: "No-output timeout ms (blank for default)",
|
|
1701
|
+
initialValue: base?.noOutputTimeoutMs,
|
|
1702
|
+
max: 12e4
|
|
1703
|
+
});
|
|
1704
|
+
const maxOutputBytes = await promptOptionalPositiveInt({
|
|
1705
|
+
message: "Max output bytes (blank for default)",
|
|
1706
|
+
initialValue: base?.maxOutputBytes,
|
|
1707
|
+
max: 20 * 1024 * 1024
|
|
1708
|
+
});
|
|
1709
|
+
const jsonOnly = assertNoCancel(await confirm({
|
|
1710
|
+
message: "Require JSON-only response?",
|
|
1711
|
+
initialValue: base?.jsonOnly ?? true
|
|
1712
|
+
}), "Secrets configure cancelled.");
|
|
1713
|
+
const passEnv = await promptEnvNameCsv({
|
|
1714
|
+
message: "Pass-through env vars (comma-separated, blank for none)",
|
|
1715
|
+
initialValue: base?.passEnv?.join(",") ?? ""
|
|
1716
|
+
});
|
|
1717
|
+
const trustedDirsRaw = assertNoCancel(await text({
|
|
1718
|
+
message: "Trusted dirs (comma-separated absolute paths, blank for none)",
|
|
1719
|
+
initialValue: base?.trustedDirs?.join(",") ?? "",
|
|
1720
|
+
validate: (value) => {
|
|
1721
|
+
const entries = parseCsv(value ?? "");
|
|
1722
|
+
for (const entry of entries) if (!isAbsolutePathValue(entry)) return `Trusted dir must be absolute: ${entry}`;
|
|
1723
|
+
}
|
|
1724
|
+
}), "Secrets configure cancelled.");
|
|
1725
|
+
const allowInsecurePath = assertNoCancel(await confirm({
|
|
1726
|
+
message: "Allow insecure command path checks?",
|
|
1727
|
+
initialValue: base?.allowInsecurePath ?? false
|
|
1728
|
+
}), "Secrets configure cancelled.");
|
|
1729
|
+
const allowSymlinkCommand = assertNoCancel(await confirm({
|
|
1730
|
+
message: "Allow symlink command path?",
|
|
1731
|
+
initialValue: base?.allowSymlinkCommand ?? false
|
|
1732
|
+
}), "Secrets configure cancelled.");
|
|
1733
|
+
const args = await parseArgsInput(normalizeStringifiedOptionalString(argsRaw) ?? "");
|
|
1734
|
+
const trustedDirs = parseCsv(trustedDirsRaw ?? "");
|
|
1735
|
+
return {
|
|
1736
|
+
source: "exec",
|
|
1737
|
+
command: normalizeStringifiedOptionalString(command) ?? "",
|
|
1738
|
+
...args && args.length > 0 ? { args } : {},
|
|
1739
|
+
...timeoutMs ? { timeoutMs } : {},
|
|
1740
|
+
...noOutputTimeoutMs ? { noOutputTimeoutMs } : {},
|
|
1741
|
+
...maxOutputBytes ? { maxOutputBytes } : {},
|
|
1742
|
+
...jsonOnly ? { jsonOnly } : { jsonOnly: false },
|
|
1743
|
+
...passEnv.length > 0 ? { passEnv } : {},
|
|
1744
|
+
...trustedDirs.length > 0 ? { trustedDirs } : {},
|
|
1745
|
+
...allowInsecurePath ? { allowInsecurePath: true } : {},
|
|
1746
|
+
...allowSymlinkCommand ? { allowSymlinkCommand: true } : {},
|
|
1747
|
+
...isRecord(base?.env) ? { env: base.env } : {}
|
|
1748
|
+
};
|
|
1749
|
+
}
|
|
1750
|
+
async function promptProviderConfig(source, current) {
|
|
1751
|
+
if (source === "env") return await promptEnvProvider(current?.source === "env" ? current : void 0);
|
|
1752
|
+
if (source === "file") return await promptFileProvider(current?.source === "file" ? current : void 0);
|
|
1753
|
+
return await promptExecProvider(current?.source === "exec" ? current : void 0);
|
|
1754
|
+
}
|
|
1755
|
+
async function configureProvidersInteractive(config) {
|
|
1756
|
+
while (true) {
|
|
1757
|
+
const providers = getSecretProviders(config);
|
|
1758
|
+
const providerEntries = Object.entries(providers).toSorted(([left], [right]) => left.localeCompare(right));
|
|
1759
|
+
const actionOptions = [{
|
|
1760
|
+
value: "add",
|
|
1761
|
+
label: "Add provider",
|
|
1762
|
+
hint: "Define a new env/file/exec provider"
|
|
1763
|
+
}];
|
|
1764
|
+
if (providerEntries.length > 0) {
|
|
1765
|
+
actionOptions.push({
|
|
1766
|
+
value: "edit",
|
|
1767
|
+
label: "Edit provider",
|
|
1768
|
+
hint: "Update an existing provider"
|
|
1769
|
+
});
|
|
1770
|
+
actionOptions.push({
|
|
1771
|
+
value: "remove",
|
|
1772
|
+
label: "Remove provider",
|
|
1773
|
+
hint: "Delete a provider alias"
|
|
1774
|
+
});
|
|
1775
|
+
}
|
|
1776
|
+
actionOptions.push({
|
|
1777
|
+
value: "continue",
|
|
1778
|
+
label: "Continue",
|
|
1779
|
+
hint: "Move to credential mapping"
|
|
1780
|
+
});
|
|
1781
|
+
const action = assertNoCancel(await select({
|
|
1782
|
+
message: providerEntries.length > 0 ? "Configure secret providers" : "Configure secret providers (only env refs are available until file/exec providers are added)",
|
|
1783
|
+
options: actionOptions
|
|
1784
|
+
}), "Secrets configure cancelled.");
|
|
1785
|
+
if (action === "continue") return;
|
|
1786
|
+
if (action === "add") {
|
|
1787
|
+
const source = await promptProviderSource();
|
|
1788
|
+
setSecretProvider(config, await promptProviderAlias({ existingAliases: new Set(providerEntries.map(([providerAlias]) => providerAlias)) }), await promptProviderConfig(source));
|
|
1789
|
+
continue;
|
|
1790
|
+
}
|
|
1791
|
+
if (action === "edit") {
|
|
1792
|
+
const alias = assertNoCancel(await select({
|
|
1793
|
+
message: "Select provider to edit",
|
|
1794
|
+
options: providerEntries.map(([providerAlias, providerConfig]) => ({
|
|
1795
|
+
value: providerAlias,
|
|
1796
|
+
label: providerAlias,
|
|
1797
|
+
hint: providerHint(providerConfig)
|
|
1798
|
+
}))
|
|
1799
|
+
}), "Secrets configure cancelled.");
|
|
1800
|
+
const current = providers[alias];
|
|
1801
|
+
if (!current) continue;
|
|
1802
|
+
const nextProviderConfig = await promptProviderConfig(await promptProviderSource(current.source), current);
|
|
1803
|
+
if (!isDeepStrictEqual(current, nextProviderConfig)) setSecretProvider(config, alias, nextProviderConfig);
|
|
1804
|
+
continue;
|
|
1805
|
+
}
|
|
1806
|
+
if (action === "remove") {
|
|
1807
|
+
const alias = assertNoCancel(await select({
|
|
1808
|
+
message: "Select provider to remove",
|
|
1809
|
+
options: providerEntries.map(([providerAlias, providerConfig]) => ({
|
|
1810
|
+
value: providerAlias,
|
|
1811
|
+
label: providerAlias,
|
|
1812
|
+
hint: providerHint(providerConfig)
|
|
1813
|
+
}))
|
|
1814
|
+
}), "Secrets configure cancelled.");
|
|
1815
|
+
if (assertNoCancel(await confirm({
|
|
1816
|
+
message: `Remove provider "${alias}"?`,
|
|
1817
|
+
initialValue: false
|
|
1818
|
+
}), "Secrets configure cancelled.")) removeSecretProvider(config, alias);
|
|
1819
|
+
}
|
|
1820
|
+
}
|
|
1821
|
+
}
|
|
1822
|
+
async function runSecretsConfigureInteractive(params = {}) {
|
|
1823
|
+
if (!process.stdin.isTTY) throw new Error("secrets configure requires an interactive TTY.");
|
|
1824
|
+
if (params.providersOnly && params.skipProviderSetup) throw new Error("Cannot combine --providers-only with --skip-provider-setup.");
|
|
1825
|
+
const env = params.env ?? process.env;
|
|
1826
|
+
const allowExecInPreflight = Boolean(params.allowExecInPreflight);
|
|
1827
|
+
const { snapshot } = await createSecretsConfigIO({ env }).readConfigFileSnapshotForWrite();
|
|
1828
|
+
if (!snapshot.valid) throw new Error("Cannot run interactive secrets configure because config is invalid.");
|
|
1829
|
+
const stagedConfig = structuredClone(snapshot.config);
|
|
1830
|
+
if (!params.skipProviderSetup) await configureProvidersInteractive(stagedConfig);
|
|
1831
|
+
const providerChanges = collectConfigureProviderChanges({
|
|
1832
|
+
original: snapshot.config,
|
|
1833
|
+
next: stagedConfig
|
|
1834
|
+
});
|
|
1835
|
+
const selectedByPath = /* @__PURE__ */ new Map();
|
|
1836
|
+
if (!params.providersOnly) {
|
|
1837
|
+
const configureAgentId = resolveConfigureAgentId(snapshot.config, params.agentId);
|
|
1838
|
+
const authStore = loadAuthProfileStoreForConfigure({
|
|
1839
|
+
config: snapshot.config,
|
|
1840
|
+
agentId: configureAgentId
|
|
1841
|
+
});
|
|
1842
|
+
const candidates = buildConfigureCandidatesForScope({
|
|
1843
|
+
config: stagedConfig,
|
|
1844
|
+
authoredGenesisConfig: snapshot.resolved,
|
|
1845
|
+
authProfiles: {
|
|
1846
|
+
agentId: configureAgentId,
|
|
1847
|
+
store: authStore
|
|
1848
|
+
}
|
|
1849
|
+
});
|
|
1850
|
+
if (candidates.length === 0) throw new Error("No configurable secret-bearing fields found for this agent scope.");
|
|
1851
|
+
const sourceChoices = toSourceChoices(stagedConfig);
|
|
1852
|
+
const hasDerivedCandidates = candidates.some((candidate) => candidate.isDerived === true);
|
|
1853
|
+
let showDerivedCandidates = false;
|
|
1854
|
+
while (true) {
|
|
1855
|
+
const visibleCandidates = showDerivedCandidates ? candidates : candidates.filter((candidate) => candidate.isDerived !== true);
|
|
1856
|
+
const options = visibleCandidates.map((candidate) => ({
|
|
1857
|
+
value: configureCandidateKey(candidate),
|
|
1858
|
+
label: candidate.label,
|
|
1859
|
+
hint: [candidate.configFile === "auth-profiles.json" ? "auth-profiles.json" : "genesis.json", candidate.isDerived === true ? "derived" : void 0].filter(Boolean).join(" | ")
|
|
1860
|
+
}));
|
|
1861
|
+
options.push({
|
|
1862
|
+
value: "__create_auth_profile__",
|
|
1863
|
+
label: "Create auth profile mapping",
|
|
1864
|
+
hint: `Add a new auth-profiles target for agent ${configureAgentId}`
|
|
1865
|
+
});
|
|
1866
|
+
if (hasDerivedCandidates) options.push({
|
|
1867
|
+
value: "__toggle_derived__",
|
|
1868
|
+
label: showDerivedCandidates ? "Hide derived targets" : "Show derived targets",
|
|
1869
|
+
hint: showDerivedCandidates ? "Show only fields authored directly in config" : "Include normalized/derived aliases"
|
|
1870
|
+
});
|
|
1871
|
+
if (selectedByPath.size > 0) options.unshift({
|
|
1872
|
+
value: "__done__",
|
|
1873
|
+
label: "Done",
|
|
1874
|
+
hint: "Finish and run preflight"
|
|
1875
|
+
});
|
|
1876
|
+
const selectedPath = assertNoCancel(await select({
|
|
1877
|
+
message: "Select credential field",
|
|
1878
|
+
options
|
|
1879
|
+
}), "Secrets configure cancelled.");
|
|
1880
|
+
if (selectedPath === "__done__") break;
|
|
1881
|
+
if (selectedPath === "__create_auth_profile__") {
|
|
1882
|
+
const createdCandidate = await promptNewAuthProfileCandidate(configureAgentId);
|
|
1883
|
+
const key = configureCandidateKey(createdCandidate);
|
|
1884
|
+
const existingIndex = candidates.findIndex((entry) => configureCandidateKey(entry) === key);
|
|
1885
|
+
if (existingIndex >= 0) candidates[existingIndex] = createdCandidate;
|
|
1886
|
+
else candidates.push(createdCandidate);
|
|
1887
|
+
continue;
|
|
1888
|
+
}
|
|
1889
|
+
if (selectedPath === "__toggle_derived__") {
|
|
1890
|
+
showDerivedCandidates = !showDerivedCandidates;
|
|
1891
|
+
continue;
|
|
1892
|
+
}
|
|
1893
|
+
const candidate = visibleCandidates.find((entry) => configureCandidateKey(entry) === selectedPath);
|
|
1894
|
+
if (!candidate) throw new Error(`Unknown configure target: ${selectedPath}`);
|
|
1895
|
+
const candidateKey = configureCandidateKey(candidate);
|
|
1896
|
+
const existingRef = selectedByPath.get(candidateKey)?.ref ?? candidate.existingRef;
|
|
1897
|
+
const source = assertNoCancel(await select({
|
|
1898
|
+
message: "Secret source",
|
|
1899
|
+
options: sourceChoices,
|
|
1900
|
+
initialValue: existingRef && hasSourceChoice(sourceChoices, existingRef.source) ? existingRef.source : void 0
|
|
1901
|
+
}), "Secrets configure cancelled.");
|
|
1902
|
+
const defaultAlias = resolveDefaultSecretProviderAlias(stagedConfig, source, { preferFirstProviderForSource: true });
|
|
1903
|
+
const providerAlias = normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1904
|
+
message: "Provider alias",
|
|
1905
|
+
initialValue: existingRef?.source === source ? existingRef.provider : defaultAlias,
|
|
1906
|
+
validate: (value) => {
|
|
1907
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1908
|
+
if (!trimmed) return "Required";
|
|
1909
|
+
if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
|
|
1910
|
+
}
|
|
1911
|
+
}), "Secrets configure cancelled.")) ?? "";
|
|
1912
|
+
let suggestedId = existingRef?.source === source ? existingRef.id : void 0;
|
|
1913
|
+
if (!suggestedId && source === "env") suggestedId = resolveSuggestedEnvSecretId(candidate);
|
|
1914
|
+
if (!suggestedId && source === "file") {
|
|
1915
|
+
const configuredProvider = stagedConfig.secrets?.providers?.[providerAlias];
|
|
1916
|
+
if (configuredProvider?.source === "file" && configuredProvider.mode === "singleValue") suggestedId = "value";
|
|
1917
|
+
}
|
|
1918
|
+
const ref = {
|
|
1919
|
+
source,
|
|
1920
|
+
provider: providerAlias,
|
|
1921
|
+
id: normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1922
|
+
message: "Secret id",
|
|
1923
|
+
initialValue: suggestedId,
|
|
1924
|
+
validate: (value) => {
|
|
1925
|
+
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1926
|
+
if (!trimmed) return "Required";
|
|
1927
|
+
if (source === "exec" && !isValidExecSecretRefId(trimmed)) return formatExecSecretRefIdValidationMessage();
|
|
1928
|
+
}
|
|
1929
|
+
}), "Secrets configure cancelled.")) ?? ""
|
|
1930
|
+
};
|
|
1931
|
+
if (ref.source === "exec" && !allowExecInPreflight) {
|
|
1932
|
+
const staticError = getSkippedExecRefStaticError({
|
|
1933
|
+
ref,
|
|
1934
|
+
config: stagedConfig
|
|
1935
|
+
});
|
|
1936
|
+
if (staticError) throw new Error(staticError);
|
|
1937
|
+
} else assertExpectedResolvedSecretValue({
|
|
1938
|
+
value: await resolveSecretRefValue(ref, {
|
|
1939
|
+
config: stagedConfig,
|
|
1940
|
+
env
|
|
1941
|
+
}),
|
|
1942
|
+
expected: candidate.expectedResolvedValue,
|
|
1943
|
+
errorMessage: candidate.expectedResolvedValue === "string" ? `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a non-empty string.` : `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a supported value type.`
|
|
1944
|
+
});
|
|
1945
|
+
const next = {
|
|
1946
|
+
...candidate,
|
|
1947
|
+
ref
|
|
1948
|
+
};
|
|
1949
|
+
selectedByPath.set(candidateKey, next);
|
|
1950
|
+
if (!assertNoCancel(await confirm({
|
|
1951
|
+
message: "Configure another credential?",
|
|
1952
|
+
initialValue: true
|
|
1953
|
+
}), "Secrets configure cancelled.")) break;
|
|
1954
|
+
}
|
|
1955
|
+
}
|
|
1956
|
+
if (!hasConfigurePlanChanges({
|
|
1957
|
+
selectedTargets: selectedByPath,
|
|
1958
|
+
providerChanges
|
|
1959
|
+
})) throw new Error("No secrets changes were selected.");
|
|
1960
|
+
const plan = buildSecretsConfigurePlan({
|
|
1961
|
+
selectedTargets: selectedByPath,
|
|
1962
|
+
providerChanges
|
|
1963
|
+
});
|
|
1964
|
+
return {
|
|
1965
|
+
plan,
|
|
1966
|
+
preflight: await runSecretsApply({
|
|
1967
|
+
plan,
|
|
1968
|
+
env,
|
|
1969
|
+
write: false,
|
|
1970
|
+
allowExec: allowExecInPreflight
|
|
1971
|
+
})
|
|
1972
|
+
};
|
|
1973
|
+
}
|
|
1974
|
+
//#endregion
|
|
1975
|
+
//#region src/cli/secrets-cli.ts
|
|
1976
|
+
function readPlanFile(pathname) {
|
|
1977
|
+
const raw = fs.readFileSync(pathname, "utf8");
|
|
1978
|
+
const parsed = JSON.parse(raw);
|
|
1979
|
+
if (!isSecretsApplyPlan(parsed)) throw new Error(`Invalid secrets plan file: ${pathname}`);
|
|
1980
|
+
return parsed;
|
|
1981
|
+
}
|
|
1982
|
+
function registerSecretsCli(program) {
|
|
1983
|
+
const secrets = program.command("secrets").description("Secrets runtime controls").addHelpText("after", () => `\n${theme.muted("Docs:")} ${formatDocsLink("/gateway/security", "docs.genesis.ai/gateway/security")}\n`);
|
|
1984
|
+
addGatewayClientOptions(secrets.command("reload").description("Re-resolve secret references and atomically swap runtime snapshot").option("--json", "Output JSON", false)).action(async (opts) => {
|
|
1985
|
+
try {
|
|
1986
|
+
const result = await callGatewayFromCli("secrets.reload", opts, void 0, { expectFinal: false });
|
|
1987
|
+
if (opts.json) {
|
|
1988
|
+
defaultRuntime.writeJson(result);
|
|
1989
|
+
return;
|
|
1990
|
+
}
|
|
1991
|
+
const warningCount = Number(result?.warningCount ?? 0);
|
|
1992
|
+
if (Number.isFinite(warningCount) && warningCount > 0) {
|
|
1993
|
+
defaultRuntime.log(`Secrets reloaded with ${warningCount} warning(s).`);
|
|
1994
|
+
return;
|
|
1995
|
+
}
|
|
1996
|
+
defaultRuntime.log("Secrets reloaded.");
|
|
1997
|
+
} catch (err) {
|
|
1998
|
+
defaultRuntime.error(danger(String(err)));
|
|
1999
|
+
defaultRuntime.exit(1);
|
|
2000
|
+
}
|
|
2001
|
+
});
|
|
2002
|
+
secrets.command("audit").description("Audit plaintext secrets, unresolved refs, and precedence drift").option("--check", "Exit non-zero when findings are present", false).option("--allow-exec", "Allow exec SecretRef resolution during audit (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
|
|
2003
|
+
try {
|
|
2004
|
+
const report = await runSecretsAudit({ allowExec: Boolean(opts.allowExec) });
|
|
2005
|
+
if (opts.json) defaultRuntime.writeJson(report);
|
|
2006
|
+
else {
|
|
2007
|
+
defaultRuntime.log(`Secrets audit: ${report.status}. plaintext=${report.summary.plaintextCount}, unresolved=${report.summary.unresolvedRefCount}, shadowed=${report.summary.shadowedRefCount}, legacy=${report.summary.legacyResidueCount}.`);
|
|
2008
|
+
if (report.findings.length > 0) {
|
|
2009
|
+
for (const finding of report.findings.slice(0, 20)) defaultRuntime.log(`- [${finding.code}] ${finding.file}:${finding.jsonPath} ${finding.message}`);
|
|
2010
|
+
if (report.findings.length > 20) defaultRuntime.log(`... ${report.findings.length - 20} more finding(s).`);
|
|
2011
|
+
}
|
|
2012
|
+
if (report.resolution.skippedExecRefs > 0) defaultRuntime.log(`Audit note: skipped ${report.resolution.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during audit.`);
|
|
2013
|
+
}
|
|
2014
|
+
const exitCode = resolveSecretsAuditExitCode(report, Boolean(opts.check));
|
|
2015
|
+
if (exitCode !== 0) defaultRuntime.exit(exitCode);
|
|
2016
|
+
} catch (err) {
|
|
2017
|
+
defaultRuntime.error(danger(String(err)));
|
|
2018
|
+
defaultRuntime.exit(2);
|
|
2019
|
+
}
|
|
2020
|
+
});
|
|
2021
|
+
secrets.command("configure").description("Interactive secrets helper (provider setup + SecretRef mapping + preflight)").option("--apply", "Apply changes immediately after preflight", false).option("--yes", "Skip apply confirmation prompt", false).option("--providers-only", "Configure secrets.providers only, skip credential mapping", false).option("--skip-provider-setup", "Skip provider setup and only map credential fields to existing providers", false).option("--agent <id>", "Agent id for auth-profiles targets (default: configured default agent)").option("--allow-exec", "Allow exec SecretRef preflight checks (may execute provider commands)", false).option("--plan-out <path>", "Write generated plan JSON to a file").option("--json", "Output JSON", false).action(async (opts) => {
|
|
2022
|
+
try {
|
|
2023
|
+
const configured = await runSecretsConfigureInteractive({
|
|
2024
|
+
providersOnly: Boolean(opts.providersOnly),
|
|
2025
|
+
skipProviderSetup: Boolean(opts.skipProviderSetup),
|
|
2026
|
+
agentId: typeof opts.agent === "string" ? opts.agent : void 0,
|
|
2027
|
+
allowExecInPreflight: Boolean(opts.allowExec)
|
|
2028
|
+
});
|
|
2029
|
+
if (opts.planOut) fs.writeFileSync(opts.planOut, `${JSON.stringify(configured.plan, null, 2)}\n`, "utf8");
|
|
2030
|
+
if (opts.json) defaultRuntime.writeJson({
|
|
2031
|
+
plan: configured.plan,
|
|
2032
|
+
preflight: configured.preflight
|
|
2033
|
+
});
|
|
2034
|
+
else {
|
|
2035
|
+
defaultRuntime.log(`Preflight: changed=${configured.preflight.changed}, files=${configured.preflight.changedFiles.length}, warnings=${configured.preflight.warningCount}.`);
|
|
2036
|
+
if (configured.preflight.warningCount > 0) for (const warning of configured.preflight.warnings) defaultRuntime.log(`- warning: ${warning}`);
|
|
2037
|
+
if (!configured.preflight.checks.resolvabilityComplete && configured.preflight.skippedExecRefs > 0) defaultRuntime.log(`Preflight note: skipped ${configured.preflight.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during preflight.`);
|
|
2038
|
+
const providerUpserts = Object.keys(configured.plan.providerUpserts ?? {}).length;
|
|
2039
|
+
const providerDeletes = configured.plan.providerDeletes?.length ?? 0;
|
|
2040
|
+
defaultRuntime.log(`Plan: targets=${configured.plan.targets.length}, providerUpserts=${providerUpserts}, providerDeletes=${providerDeletes}.`);
|
|
2041
|
+
if (opts.planOut) defaultRuntime.log(`Plan written to ${opts.planOut}`);
|
|
2042
|
+
}
|
|
2043
|
+
let shouldApply = Boolean(opts.apply);
|
|
2044
|
+
if (!shouldApply && !opts.json) {
|
|
2045
|
+
const approved = await confirm({
|
|
2046
|
+
message: "Apply this plan now?",
|
|
2047
|
+
initialValue: true
|
|
2048
|
+
});
|
|
2049
|
+
if (typeof approved === "boolean") shouldApply = approved;
|
|
2050
|
+
}
|
|
2051
|
+
if (shouldApply) {
|
|
2052
|
+
if (Boolean(opts.apply) && !opts.yes && !opts.json) {
|
|
2053
|
+
if (await confirm({
|
|
2054
|
+
message: "This migration is one-way for migrated plaintext values. Continue with apply?",
|
|
2055
|
+
initialValue: true
|
|
2056
|
+
}) !== true) {
|
|
2057
|
+
defaultRuntime.log("Apply cancelled.");
|
|
2058
|
+
return;
|
|
2059
|
+
}
|
|
2060
|
+
}
|
|
2061
|
+
const result = await runSecretsApply({
|
|
2062
|
+
plan: configured.plan,
|
|
2063
|
+
write: true,
|
|
2064
|
+
allowExec: Boolean(opts.allowExec)
|
|
2065
|
+
});
|
|
2066
|
+
if (opts.json) {
|
|
2067
|
+
defaultRuntime.writeJson(result);
|
|
2068
|
+
return;
|
|
2069
|
+
}
|
|
2070
|
+
defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
|
|
2071
|
+
}
|
|
2072
|
+
} catch (err) {
|
|
2073
|
+
defaultRuntime.error(danger(String(err)));
|
|
2074
|
+
defaultRuntime.exit(1);
|
|
2075
|
+
}
|
|
2076
|
+
});
|
|
2077
|
+
secrets.command("apply").description("Apply a previously generated secrets plan").requiredOption("--from <path>", "Path to plan JSON").option("--dry-run", "Validate/preflight only", false).option("--allow-exec", "Allow exec SecretRef checks (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
|
|
2078
|
+
try {
|
|
2079
|
+
const result = await runSecretsApply({
|
|
2080
|
+
plan: readPlanFile(opts.from),
|
|
2081
|
+
write: !opts.dryRun,
|
|
2082
|
+
allowExec: Boolean(opts.allowExec)
|
|
2083
|
+
});
|
|
2084
|
+
if (opts.json) {
|
|
2085
|
+
defaultRuntime.writeJson(result);
|
|
2086
|
+
return;
|
|
2087
|
+
}
|
|
2088
|
+
if (opts.dryRun) {
|
|
2089
|
+
defaultRuntime.log(result.changed ? `Secrets apply dry run: ${result.changedFiles.length} file(s) would change.` : "Secrets apply dry run: no changes.");
|
|
2090
|
+
if (!result.checks.resolvabilityComplete && result.skippedExecRefs > 0) defaultRuntime.log(`Secrets apply dry-run note: skipped ${result.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during dry-run.`);
|
|
2091
|
+
return;
|
|
2092
|
+
}
|
|
2093
|
+
defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
|
|
2094
|
+
} catch (err) {
|
|
2095
|
+
defaultRuntime.error(danger(String(err)));
|
|
2096
|
+
defaultRuntime.exit(1);
|
|
2097
|
+
}
|
|
2098
|
+
});
|
|
2099
|
+
}
|
|
2100
|
+
//#endregion
|
|
2101
|
+
export { registerSecretsCli };
|