@pixelzx/genesis 2026.5.9-1 → 2026.5.9-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1975) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/.buildstamp +1 -1
  3. package/dist/abort-0CA8dLfb.js +201 -0
  4. package/dist/abort-cutoff.runtime-DLrSrIKj.js +20 -0
  5. package/dist/abort-cutoff.runtime.js +1 -1
  6. package/dist/abort.runtime-CZs24Rqo.js +2 -0
  7. package/dist/abort.runtime.js +1 -1
  8. package/dist/accounts-B4zJe0Yq.js +104 -0
  9. package/dist/accounts-BLjPr3cU.js +2 -0
  10. package/dist/accounts-CvvmJTMr.js +107 -0
  11. package/dist/acp-cli-CLEGmnZG.js +2193 -0
  12. package/dist/acp-spawn-3sot_ro5.js +1093 -0
  13. package/dist/acp-spawn-Ssi3CAga.js +2 -0
  14. package/dist/acp-stateful-target-driver-BLAHVVvA.js +89 -0
  15. package/dist/action-agents-Dq0xDTDy.js +67 -0
  16. package/dist/action-focus-BcCDHjpm.js +132 -0
  17. package/dist/action-help-Dv0F-uYd.js +7 -0
  18. package/dist/action-info-DrvJBtYv.js +101 -0
  19. package/dist/action-kill-C0ctDBN6.js +33 -0
  20. package/dist/action-list-ifQSDER2.js +21 -0
  21. package/dist/action-log-DigSwoBN.js +30 -0
  22. package/dist/action-send-Fgxgzr1G.js +39 -0
  23. package/dist/action-spawn-CQ9o7O-c.js +47 -0
  24. package/dist/action-unfocus-CTw5MONo.js +29 -0
  25. package/dist/actions.runtime-C48NraIV.js +5 -0
  26. package/dist/actions.runtime-vPuYQMEP.js +18 -0
  27. package/dist/actions.runtime.js +1 -1
  28. package/dist/agent-DcF3DIOY.js +2 -0
  29. package/dist/agent-command-DFciA5wB.js +874 -0
  30. package/dist/agent-harness-runtime-DYaAPdEV.js +144 -0
  31. package/dist/agent-runner-utils-Mk9b9UU9.js +239 -0
  32. package/dist/agent-runner.runtime-BjFjcCHV.js +3455 -0
  33. package/dist/agent-runner.runtime.js +1 -1
  34. package/dist/agent-runtime-BMldiM3Y.js +18 -0
  35. package/dist/agents-CWjPyPsv.js +5 -0
  36. package/dist/agents-DVeZakyc.js +954 -0
  37. package/dist/agents.bindings-DIEj_i2u.js +2 -0
  38. package/dist/agents.command-shared-Dnz5T0nf.js +40 -0
  39. package/dist/aliases-BurIDhAz.js +96 -0
  40. package/dist/aliases-DRf5QKLd.js +2 -0
  41. package/dist/api-1odKgvPw.js +3 -0
  42. package/dist/api-B4QoV66o.js +4 -0
  43. package/dist/api-BVv3GELU.js +5 -0
  44. package/dist/api-CLi_q8yx.js +48 -0
  45. package/dist/api-DpTBPGPX.js +139 -0
  46. package/dist/apply-BTVGkXcq.js +508 -0
  47. package/dist/apply.runtime-CGa1bc-F.js +166 -0
  48. package/dist/apply.runtime-CMLd-Aow.js +2 -0
  49. package/dist/apply.runtime.js +1 -1
  50. package/dist/approval-gateway-resolver-9vElgdEH.js +29 -0
  51. package/dist/approval-gateway-runtime-BcR8gXqU.js +2 -0
  52. package/dist/approval-handler-runtime-BI7BobM2.js +439 -0
  53. package/dist/approval-native-runtime-Bz8Vy_5G.js +729 -0
  54. package/dist/assistant-identity-BamJmF6s.js +74 -0
  55. package/dist/attempt-execution.runtime-CCpDCgeC.js +509 -0
  56. package/dist/attempt-execution.runtime.js +1 -1
  57. package/dist/attempt-execution.shared-tYK6f1sA.js +22 -0
  58. package/dist/attempt.prompt-helpers-BD2qLk94.js +221 -0
  59. package/dist/attempt.tool-run-context-CVbNUM9c.js +933 -0
  60. package/dist/audit-D_CSTjWR.js +939 -0
  61. package/dist/audit-channel.collect.runtime.js +1 -1
  62. package/dist/audit-extra.async-wruNJd57.js +971 -0
  63. package/dist/audit-tool-policy-B9AcZJql.js +3 -0
  64. package/dist/audit.deep.runtime-D4eXtoCF.js +2 -0
  65. package/dist/audit.deep.runtime.js +1 -1
  66. package/dist/audit.nondeep.runtime--FJmBA_w.js +880 -0
  67. package/dist/audit.nondeep.runtime.js +1 -1
  68. package/dist/audit.runtime-D2oypbTV.js +7 -0
  69. package/dist/audit.runtime.js +1 -1
  70. package/dist/auth-CAY7RIm5.js +2 -0
  71. package/dist/auth-CRl0U5WO.js +383 -0
  72. package/dist/auth-choice-BWpQV6PB.js +3 -0
  73. package/dist/auth-choice-C44XKsb9.js +354 -0
  74. package/dist/auth-choice-CgtXS0UY.js +85 -0
  75. package/dist/auth-choice-inference-HLapN0yl.js +30 -0
  76. package/dist/auth-choice-legacy--d5CxMYA.js +2 -0
  77. package/dist/auth-choice-legacy-BiaOGRSa.js +40 -0
  78. package/dist/auth-choice-options-CxxsZ9AS.js +99 -0
  79. package/dist/auth-choice-prompt-Bs5HdLZo.js +2 -0
  80. package/dist/auth-choice-prompt-CIbZkP3q.js +37 -0
  81. package/dist/auth-choice.apply.api-providers-DFs_Hb7e.js +2 -0
  82. package/dist/auth-choice.plugin-providers.runtime.js +1 -1
  83. package/dist/auth-install-policy-D2XRHYp_.js +195 -0
  84. package/dist/auth-lp2EMTMM.js +177 -0
  85. package/dist/auth-order-CkBahFe_.js +96 -0
  86. package/dist/auth-order-CseGI6QD.js +2 -0
  87. package/dist/auth-sU9QFM3_.js +56 -0
  88. package/dist/backup-verify-B-Uoj-15.js +2 -0
  89. package/dist/bash-tools-Br73otxW.js +2824 -0
  90. package/dist/bash-tools-D8b6lPnl.js +3 -0
  91. package/dist/bash-tools.exec-runtime-C4MO_tR3.js +829 -0
  92. package/dist/binding-routing-_1GxTJvW.js +85 -0
  93. package/dist/binding-targets-BZi7Eaky.js +121 -0
  94. package/dist/bonjour-discovery-bYgCDFiV.js +2 -0
  95. package/dist/bridge-server-Z8a6wG_a.js +113 -0
  96. package/dist/browser-control-auth-b0i_ogzs.js +2 -0
  97. package/dist/browser-node-runtime-DIn0vNQP.js +12 -0
  98. package/dist/browser-profiles-RRJksKtC.js +2 -0
  99. package/dist/browser-runtime-CRmjM_eN.js +387 -0
  100. package/dist/browser-setup-tools-DfljsIaS.js +13 -0
  101. package/dist/build-BTY-zmOn.js +550 -0
  102. package/dist/build-info.json +3 -3
  103. package/dist/bundled/boot-md/handler.js +3 -3
  104. package/dist/bundled/session-memory/handler.js +1 -1
  105. package/dist/bundled-plugin-load-paths-BhceQF7C.js +2 -0
  106. package/dist/bundled-plugin-load-paths-ZWKh-Qtt.js +110 -0
  107. package/dist/call-83wQ4RK2.js +3 -0
  108. package/dist/call-CNGUHA4E.js +331 -0
  109. package/dist/call.runtime-BoeU6HlD.js +2 -0
  110. package/dist/call.runtime.js +1 -1
  111. package/dist/capability-cli-CjXZtiAN.js +1401 -0
  112. package/dist/catalog-provider-hbPYCIHb.js +40 -0
  113. package/dist/catchup-fi0A0X6G.js +300 -0
  114. package/dist/channel-BCyBYEZw.js +491 -0
  115. package/dist/channel-BollE3fK.js +226 -0
  116. package/dist/channel-C4iJHasO.js +1174 -0
  117. package/dist/channel-CZj1GE6c.js +350 -0
  118. package/dist/channel-DSf_WWeM.js +453 -0
  119. package/dist/channel-DZ1WMqes.js +297 -0
  120. package/dist/channel-Djz_Jz-P.js +1320 -0
  121. package/dist/channel-Vl5tW4wj.js +840 -0
  122. package/dist/channel-aCMKD2EU.js +595 -0
  123. package/dist/channel-add-wizard-CyaqyoMI.js +125 -0
  124. package/dist/channel-add-wizard-DBnqJQ7p.js +2 -0
  125. package/dist/channel-core-o2ga4Mn-.js +5 -0
  126. package/dist/channel-doctor-Bm067ZZ3.js +2 -0
  127. package/dist/channel-inbound-6EfM36fi.js +31 -0
  128. package/dist/channel-oGSbONXx.js +1100 -0
  129. package/dist/channel-plugin-resolution-7SkSLEid.js +2 -0
  130. package/dist/channel-plugin-resolution-D4rtoY6H.js +153 -0
  131. package/dist/channel-plugin-runtime-DDWX5ddg.js +771 -0
  132. package/dist/channel-runtime-BtLIK1S8.js +425 -0
  133. package/dist/channel-selection.runtime.js +1 -1
  134. package/dist/channel-setup-zPxdbm4p.js +1297 -0
  135. package/dist/channel-v7Nf8_kK.js +1802 -0
  136. package/dist/channel.runtime-1NdLQuo5.js +576 -0
  137. package/dist/channel.runtime-BXuA38HL.js +430 -0
  138. package/dist/channel.runtime-BZznmhpw.js +89 -0
  139. package/dist/channel.runtime-BcbP0aUr.js +2364 -0
  140. package/dist/channel.runtime-Cn9YkO17.js +109 -0
  141. package/dist/channel.runtime-sHzdaLSR.js +34702 -0
  142. package/dist/channel.runtime-u6CglHXP.js +4 -0
  143. package/dist/channel.runtime.js +1 -1
  144. package/dist/channel.setup-CQPT27he.js +10 -0
  145. package/dist/channels-Ca_GeBCA.js +733 -0
  146. package/dist/channels-cli-CYiAFi2L.js +268 -0
  147. package/dist/chat-B0obqfrE.js +2830 -0
  148. package/dist/chrome-Dmg8rOOy.js +1430 -0
  149. package/dist/clawbot-cli-D-wsbybZ.js +9 -0
  150. package/dist/clawhub-Bw_oroJ9.js +400 -0
  151. package/dist/cli/daemon-cli.js +4 -4
  152. package/dist/cli-Cjg5FoK6.js +3726 -0
  153. package/dist/cli-D7FnZRhN.js +72 -0
  154. package/dist/cli-DTzACUJ5.js +2 -0
  155. package/dist/cli-DVF0lmSY.js +683 -0
  156. package/dist/cli-DdosPr5g.js +2 -0
  157. package/dist/cli-DgBnKpnx.js +219 -0
  158. package/dist/cli-DlpFMnDe.js +154 -0
  159. package/dist/cli-okIxAXmr.js +2 -0
  160. package/dist/cli-runner-BYpLWLGt.js +286 -0
  161. package/dist/cli-runner.runtime-B7YAJHpe.js +3 -0
  162. package/dist/cli-runner.runtime-CJYMKi2e.js +4 -0
  163. package/dist/cli-runner.runtime.js +1 -1
  164. package/dist/cli-startup-metadata.json +2 -2
  165. package/dist/cli.runtime-BiQiuGK8.js +1261 -0
  166. package/dist/cli.runtime.js +1 -1
  167. package/dist/client-BR4n6hNI.js +713 -0
  168. package/dist/client-Cf24VXFt.js +138 -0
  169. package/dist/command-auth-ZFNGVZ1l.js +76 -0
  170. package/dist/command-config-resolution-CCxM48fG.js +23 -0
  171. package/dist/command-config-resolution-DZ8NuYpb.js +2 -0
  172. package/dist/command-config-resolution.runtime-y20A7eoR.js +2 -0
  173. package/dist/command-config-resolution.runtime.js +1 -1
  174. package/dist/command-execution-startup-C1Ev3Qnf.js +324 -0
  175. package/dist/command-registry-Cp0-uBvD.js +4 -0
  176. package/dist/command-registry-CroYLrbJ.js +9 -0
  177. package/dist/command-registry-core-DztPKtJK.js +101 -0
  178. package/dist/command-secret-gateway-C0FsXiNU.js +528 -0
  179. package/dist/command-status.runtime-BpBrSGUJ.js +87 -0
  180. package/dist/command-status.runtime.js +1 -1
  181. package/dist/commands-acp-B61b7ved.js +77 -0
  182. package/dist/commands-compact.runtime-BAdDkvwj.js +10 -0
  183. package/dist/commands-compact.runtime.js +1 -1
  184. package/dist/commands-core.runtime-DiHWuAG7.js +2 -0
  185. package/dist/commands-core.runtime.js +1 -1
  186. package/dist/commands-handlers.runtime-ChdtbbaM.js +4597 -0
  187. package/dist/commands-handlers.runtime.js +1 -1
  188. package/dist/commands-reset-hooks-Bo9O3p_A.js +133 -0
  189. package/dist/commands-status-CeLNHPM0.js +16 -0
  190. package/dist/commands-status.runtime-D_Vp1X5_.js +3 -0
  191. package/dist/commands-status.runtime.js +1 -1
  192. package/dist/commands-subagents-control.runtime-C33ckfAv.js +2 -0
  193. package/dist/commands-subagents-control.runtime-D4DhHEiT.js +3 -0
  194. package/dist/commands-subagents-control.runtime.js +1 -1
  195. package/dist/commands-system-prompt-COv58JTi.js +158 -0
  196. package/dist/commands-system-prompt-HKOihaLK.js +2 -0
  197. package/dist/commands.runtime-h71EVKOi.js +166 -0
  198. package/dist/commands.runtime.js +1 -1
  199. package/dist/compact-BrCra5F3.js +1118 -0
  200. package/dist/compact.runtime-C6SrtJTz.js +12 -0
  201. package/dist/compact.runtime.js +1 -1
  202. package/dist/completion-cli-BX2HZrZU.js +328 -0
  203. package/dist/config-BFLj-fNN.js +252 -0
  204. package/dist/config-cli-ygapqOMa.js +1078 -0
  205. package/dist/config-guard-CoUcOZzd.js +96 -0
  206. package/dist/config-runtime-CLrwW_R_.js +32 -0
  207. package/dist/configure-Bl4YQ3CH.js +2 -0
  208. package/dist/configure-D16Few58.js +1252 -0
  209. package/dist/connect-options-BhC5UQTi.js +699 -0
  210. package/dist/control-auth-DNFuULZ1.js +125 -0
  211. package/dist/control-service-UtrnNZR4.js +156 -0
  212. package/dist/control-ui/assets/agents-DvMlgG1V.js +1052 -0
  213. package/dist/control-ui/assets/canvas-n9LriwKt.js +269 -0
  214. package/dist/control-ui/assets/channels-DiFCgzI2.js +463 -0
  215. package/dist/control-ui/assets/cron-BPgeIAkW.js +933 -0
  216. package/dist/control-ui/assets/debug-DW6L_hJj.js +94 -0
  217. package/dist/control-ui/assets/index-LsGgCPs6.js +6359 -0
  218. package/dist/control-ui/assets/instances-CvJ3A1Hk.js +57 -0
  219. package/dist/control-ui/assets/nodes-WvplPOYf.js +436 -0
  220. package/dist/control-ui/assets/plugins-Bu6UEyqM.js +273 -0
  221. package/dist/control-ui/assets/sessions-CMg95Rmr.js +306 -0
  222. package/dist/control-ui/assets/skills-XJc5GCFP.js +323 -0
  223. package/dist/control-ui/assets/wallet-Cw-Xn1wM.js +199 -0
  224. package/dist/control-ui/index.html +1 -1
  225. package/dist/control-ui-DfR_528y.js +1043 -0
  226. package/dist/conversation-id-C8dzBOdB.js +38 -0
  227. package/dist/conversation-id-CsqecVo_.js +235 -0
  228. package/dist/conversation-runtime-nAoayMyf.js +31 -0
  229. package/dist/core-CewPep95.js +275 -0
  230. package/dist/create-B052IquP.js +80 -0
  231. package/dist/cron-cli-zkpMAfTa.js +713 -0
  232. package/dist/daemon-cli-B3QX8ho4.js +12 -0
  233. package/dist/daemon-install-DqGQoyX8.js +64 -0
  234. package/dist/daemon-install-auth-profiles-source.runtime.js +1 -1
  235. package/dist/daemon-install-auth-profiles-store.runtime.js +1 -1
  236. package/dist/dashboard-BHjSY3mb.js +81 -0
  237. package/dist/dashboard-DPXhsRCR.js +2 -0
  238. package/dist/delegate-CCK4c0Zl.js +64 -0
  239. package/dist/deliver-B3LmnUEH.js +3 -0
  240. package/dist/deliver-BtMUmRpU.js +747 -0
  241. package/dist/deliver-runtime-kfTsrh0Z.js +2 -0
  242. package/dist/delivery-logger.runtime.js +1 -1
  243. package/dist/delivery-outbound.runtime-xnjEUWIK.js +6 -0
  244. package/dist/delivery-outbound.runtime.js +1 -1
  245. package/dist/delivery-subagent-registry.runtime.js +1 -1
  246. package/dist/delivery-target.runtime.js +1 -1
  247. package/dist/delivery.runtime-oNtWo0h9.js +253 -0
  248. package/dist/delivery.runtime.js +1 -1
  249. package/dist/detached-task-runtime-CS3nu1g5.js +73 -0
  250. package/dist/devices-cli-hnRL_EgB.js +498 -0
  251. package/dist/diagnostic-support-export-D6sq6qBF.js +533 -0
  252. package/dist/diagnostics-dGMDmEaj.js +154 -0
  253. package/dist/direct-dm-B7MAseXX.js +64 -0
  254. package/dist/directive-handling.fast-lane-BDZzb1c3.js +66 -0
  255. package/dist/directive-handling.impl-B0Q4GVor.js +703 -0
  256. package/dist/directive-handling.impl-KM-ESmbb.js +2 -0
  257. package/dist/directive-handling.model-selection-C0cUvkUH.js +114 -0
  258. package/dist/directive-handling.persist.runtime-D2vtbPoj.js +215 -0
  259. package/dist/directive-handling.persist.runtime.js +1 -1
  260. package/dist/directory-cli-XqCKO3DH.js +240 -0
  261. package/dist/discovery-nb8lOKiX.js +2 -0
  262. package/dist/dispatch-BOAQ60sx.js +1131 -0
  263. package/dist/dispatch-acp-CVrFiJ5o.js +981 -0
  264. package/dist/dispatch-acp-manager.runtime-olnQhwR-.js +3 -0
  265. package/dist/dispatch-acp-manager.runtime.js +1 -1
  266. package/dist/dispatch-acp-media.runtime-DX-wMzpn.js +4 -0
  267. package/dist/dispatch-acp-media.runtime.js +1 -1
  268. package/dist/dispatch-acp-session.runtime-Ua4EFiic.js +2 -0
  269. package/dist/dispatch-acp-session.runtime.js +1 -1
  270. package/dist/dispatch-acp.runtime-7SbVXQLP.js +19 -0
  271. package/dist/dispatch-acp.runtime.js +1 -1
  272. package/dist/doctor-auth-DY23Lbzo.js +172 -0
  273. package/dist/doctor-auth-legacy-oauth-FXycT3rW.js +2 -0
  274. package/dist/doctor-completion-opJf8E_C.js +2 -0
  275. package/dist/doctor-config-flow-2JYaVE0-.js +420 -0
  276. package/dist/doctor-config-preflight-4x2uv9Hb.js +63 -0
  277. package/dist/doctor-config-preflight-B07ImAVz.js +2 -0
  278. package/dist/doctor-cron-B5LdOuxR.js +678 -0
  279. package/dist/doctor-device-pairing-DpTPdaEl.js +307 -0
  280. package/dist/doctor-gateway-daemon-flow-Bu454-sh.js +250 -0
  281. package/dist/doctor-gateway-health-DLc2lC6v.js +63 -0
  282. package/dist/doctor-gateway-services-nfS_weBB.js +316 -0
  283. package/dist/doctor-health-DbSdggc-.js +59 -0
  284. package/dist/doctor-health-contributions-QsszyyOf.js +493 -0
  285. package/dist/doctor-memory-search-BJzkDQFO.js +372 -0
  286. package/dist/doctor-prompter-ItZHriXT.js +56 -0
  287. package/dist/doctor-sandbox-DlwDnh9l.js +194 -0
  288. package/dist/doctor-security-BcgUbdDE.js +210 -0
  289. package/dist/doctor-startup-channel-maintenance-CSm0kVp7.js +17 -0
  290. package/dist/doctor-state-migrations-CzuIt_kk.js +2 -0
  291. package/dist/doctor-ui-CqARev-u.js +96 -0
  292. package/dist/doctor-update-BEHmv8Xq.js +58 -0
  293. package/dist/doctor-workspace-WOSsr97h.js +2 -0
  294. package/dist/doctor-workspace-status-q0x2fhBz.js +75 -0
  295. package/dist/dreaming-BNUWuUDR.js +1574 -0
  296. package/dist/dreaming-narrative-Bj2DXV1n.js +595 -0
  297. package/dist/embedded-gateway-stub.runtime-BIiprD37.js +9 -0
  298. package/dist/embedded-gateway-stub.runtime.js +1 -1
  299. package/dist/embedding-provider-DDJVhG6s.js +118 -0
  300. package/dist/embeddings-BcBUDrld.js +215 -0
  301. package/dist/embeddings-http-CATnDu-1.js +205 -0
  302. package/dist/empty-allowlist-scan-6JAE1WAj.js +94 -0
  303. package/dist/empty-allowlist-scan-Cc7fIEP1.js +2 -0
  304. package/dist/entry.js +3 -3
  305. package/dist/exec-approval-forwarder.runtime-XneENX4R.js +3 -0
  306. package/dist/exec-approval-forwarder.runtime.js +1 -1
  307. package/dist/exec-approvals-cli-bVkpe5kn.js +498 -0
  308. package/dist/exec-defaults-C7MUEVh_.js +2 -0
  309. package/dist/exec-defaults-D1yvsTtz.js +67 -0
  310. package/dist/exec-safe-bins-CMXTNkuu.js +2 -0
  311. package/dist/exec-safe-bins-c1SitPNh.js +148 -0
  312. package/dist/execute.runtime-CHn6LmBk.js +1366 -0
  313. package/dist/execute.runtime.js +1 -1
  314. package/dist/extensionAPI.js +3 -3
  315. package/dist/extensions/active-memory/index.js +3 -3
  316. package/dist/extensions/alibaba/index.js +1 -1
  317. package/dist/extensions/alibaba/video-generation-provider.js +1 -1
  318. package/dist/extensions/arcee/index.js +2 -2
  319. package/dist/extensions/bluebubbles/api.js +3 -3
  320. package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
  321. package/dist/extensions/browser/browser-bridge.js +1 -1
  322. package/dist/extensions/browser/browser-config.js +4 -4
  323. package/dist/extensions/browser/browser-control-auth.js +2 -2
  324. package/dist/extensions/browser/browser-doctor.js +2 -2
  325. package/dist/extensions/browser/browser-maintenance.js +2 -2
  326. package/dist/extensions/browser/browser-profiles.js +2 -2
  327. package/dist/extensions/browser/browser-runtime-api.js +11 -11
  328. package/dist/extensions/browser/index.js +1 -1
  329. package/dist/extensions/browser/plugin-registration.js +1 -1
  330. package/dist/extensions/browser/register.runtime.js +3 -3
  331. package/dist/extensions/browser/runtime-api.js +12 -12
  332. package/dist/extensions/browser/test-support.js +1 -1
  333. package/dist/extensions/byteplus/index.js +3 -3
  334. package/dist/extensions/byteplus/video-generation-provider.js +1 -1
  335. package/dist/extensions/chutes/index.js +4 -4
  336. package/dist/extensions/cloudflare-ai-gateway/api.js +1 -1
  337. package/dist/extensions/cloudflare-ai-gateway/catalog-provider.js +1 -1
  338. package/dist/extensions/cloudflare-ai-gateway/index.js +2 -2
  339. package/dist/extensions/comfy/image-generation-provider.js +2 -2
  340. package/dist/extensions/comfy/index.js +5 -5
  341. package/dist/extensions/comfy/music-generation-provider.js +1 -1
  342. package/dist/extensions/comfy/video-generation-provider.js +2 -2
  343. package/dist/extensions/comfy/workflow-runtime.js +1 -1
  344. package/dist/extensions/deepseek/index.js +1 -1
  345. package/dist/extensions/device-pair/api.js +2 -2
  346. package/dist/extensions/device-pair/index.js +4 -4
  347. package/dist/extensions/device-pair/notify.js +1 -1
  348. package/dist/extensions/device-pair/pair-command-approve.js +1 -1
  349. package/dist/extensions/device-pair/qr-image.js +2 -2
  350. package/dist/extensions/fal/image-generation-provider.js +1 -1
  351. package/dist/extensions/fal/index.js +3 -3
  352. package/dist/extensions/fal/provider-registration.js +1 -1
  353. package/dist/extensions/fal/test-api.js +2 -2
  354. package/dist/extensions/fal/video-generation-provider.js +1 -1
  355. package/dist/extensions/fireworks/index.js +1 -1
  356. package/dist/extensions/github-copilot/api.js +1 -1
  357. package/dist/extensions/github-copilot/auth.js +1 -1
  358. package/dist/extensions/github-copilot/embeddings.js +1 -1
  359. package/dist/extensions/github-copilot/index.js +4 -4
  360. package/dist/extensions/github-copilot/login.js +1 -1
  361. package/dist/extensions/github-copilot/register.runtime.js +2 -2
  362. package/dist/extensions/google-meet/index.js +6 -6
  363. package/dist/extensions/groq/index.js +1 -1
  364. package/dist/extensions/groq/media-understanding-provider.js +1 -1
  365. package/dist/extensions/groq/test-api.js +1 -1
  366. package/dist/extensions/huggingface/index.js +1 -1
  367. package/dist/extensions/image-generation-core/api.js +2 -2
  368. package/dist/extensions/imessage/api.js +4 -4
  369. package/dist/extensions/imessage/channel-plugin-api.js +1 -1
  370. package/dist/extensions/imessage/runtime-api.js +5 -5
  371. package/dist/extensions/imessage/test-api.js +1 -1
  372. package/dist/extensions/irc/api.js +2 -2
  373. package/dist/extensions/irc/channel-plugin-api.js +1 -1
  374. package/dist/extensions/kilocode/index.js +1 -1
  375. package/dist/extensions/kimi-coding/index.js +2 -2
  376. package/dist/extensions/line/api.js +2 -2
  377. package/dist/extensions/line/channel-plugin-api.js +1 -1
  378. package/dist/extensions/line/contract-api.js +1 -1
  379. package/dist/extensions/line/runtime-api.js +4 -4
  380. package/dist/extensions/line/setup-api.js +1 -1
  381. package/dist/extensions/litellm/index.js +1 -1
  382. package/dist/extensions/llm-task/index.js +2 -2
  383. package/dist/extensions/lmstudio/api.js +2 -2
  384. package/dist/extensions/lmstudio/index.js +3 -3
  385. package/dist/extensions/lmstudio/memory-embedding-adapter.js +1 -1
  386. package/dist/extensions/lmstudio/runtime-api.js +1 -1
  387. package/dist/extensions/lobster/index.js +3 -3
  388. package/dist/extensions/lobster/runtime-api.js +1 -1
  389. package/dist/extensions/mattermost/api.js +1 -1
  390. package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
  391. package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
  392. package/dist/extensions/mattermost/policy-api.js +1 -1
  393. package/dist/extensions/mattermost/runtime-api.js +7 -7
  394. package/dist/extensions/mattermost/slash-route-api.js +1 -1
  395. package/dist/extensions/media-understanding-core/runtime-api.js +2 -2
  396. package/dist/extensions/memory-core/api.js +1 -1
  397. package/dist/extensions/memory-core/cli-metadata.js +2 -2
  398. package/dist/extensions/memory-core/index.js +3 -3
  399. package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
  400. package/dist/extensions/memory-lancedb/index.js +1 -1
  401. package/dist/extensions/memory-wiki/cli-metadata.js +1 -1
  402. package/dist/extensions/memory-wiki/index.js +1 -1
  403. package/dist/extensions/microsoft/index.js +1 -1
  404. package/dist/extensions/microsoft/speech-provider.js +1 -1
  405. package/dist/extensions/microsoft/test-api.js +1 -1
  406. package/dist/extensions/microsoft-foundry/auth.js +1 -1
  407. package/dist/extensions/microsoft-foundry/cli.js +1 -1
  408. package/dist/extensions/microsoft-foundry/index.js +1 -1
  409. package/dist/extensions/microsoft-foundry/onboard.js +2 -2
  410. package/dist/extensions/microsoft-foundry/provider.js +1 -1
  411. package/dist/extensions/microsoft-foundry/runtime.js +1 -1
  412. package/dist/extensions/microsoft-foundry/shared-runtime.js +2 -2
  413. package/dist/extensions/microsoft-foundry/shared.js +1 -1
  414. package/dist/extensions/minimax/image-generation-provider.js +1 -1
  415. package/dist/extensions/minimax/index.js +6 -6
  416. package/dist/extensions/minimax/media-understanding-provider.js +1 -1
  417. package/dist/extensions/minimax/music-generation-provider.js +1 -1
  418. package/dist/extensions/minimax/oauth.js +1 -1
  419. package/dist/extensions/minimax/oauth.runtime.js +1 -1
  420. package/dist/extensions/minimax/provider-registration.js +1 -1
  421. package/dist/extensions/minimax/speech-provider.js +1 -1
  422. package/dist/extensions/minimax/test-api.js +4 -4
  423. package/dist/extensions/minimax/video-generation-provider.js +1 -1
  424. package/dist/extensions/mistral/index.js +2 -2
  425. package/dist/extensions/mistral/media-understanding-provider.js +1 -1
  426. package/dist/extensions/mistral/test-api.js +1 -1
  427. package/dist/extensions/moonshot/index.js +2 -2
  428. package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
  429. package/dist/extensions/moonshot/test-api.js +1 -1
  430. package/dist/extensions/msteams/api.js +1 -1
  431. package/dist/extensions/msteams/channel-plugin-api.js +1 -1
  432. package/dist/extensions/msteams/runtime-api.js +4 -4
  433. package/dist/extensions/msteams/test-api.js +1 -1
  434. package/dist/extensions/nextcloud-talk/api.js +1 -1
  435. package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
  436. package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
  437. package/dist/extensions/nvidia/index.js +1 -1
  438. package/dist/extensions/ollama/api.js +3 -3
  439. package/dist/extensions/ollama/index.js +9 -9
  440. package/dist/extensions/ollama/runtime-api.js +2 -2
  441. package/dist/extensions/ollama/web-search-provider.js +1 -1
  442. package/dist/extensions/openai/api.js +2 -2
  443. package/dist/extensions/openai/image-generation-provider.js +1 -1
  444. package/dist/extensions/openai/index.js +6 -6
  445. package/dist/extensions/openai/media-understanding-provider.js +1 -1
  446. package/dist/extensions/openai/openai-codex-provider.js +1 -1
  447. package/dist/extensions/openai/openai-provider.js +1 -1
  448. package/dist/extensions/openai/register.runtime.js +4 -4
  449. package/dist/extensions/openai/test-api.js +3 -3
  450. package/dist/extensions/openai/video-generation-provider.js +1 -1
  451. package/dist/extensions/opencode/index.js +2 -2
  452. package/dist/extensions/opencode/media-understanding-provider.js +1 -1
  453. package/dist/extensions/opencode-go/index.js +2 -2
  454. package/dist/extensions/opencode-go/media-understanding-provider.js +1 -1
  455. package/dist/extensions/openrouter/api.js +1 -1
  456. package/dist/extensions/openrouter/image-generation-provider.js +1 -1
  457. package/dist/extensions/openrouter/index.js +4 -4
  458. package/dist/extensions/openrouter/media-understanding-provider.js +1 -1
  459. package/dist/extensions/openrouter/register.runtime.js +3 -3
  460. package/dist/extensions/openrouter/test-api.js +2 -2
  461. package/dist/extensions/openshell/index.js +3 -3
  462. package/dist/extensions/qianfan/index.js +1 -1
  463. package/dist/extensions/qwen/index.js +3 -3
  464. package/dist/extensions/qwen/media-understanding-provider.js +1 -1
  465. package/dist/extensions/qwen/test-api.js +2 -2
  466. package/dist/extensions/qwen/video-generation-provider.js +1 -1
  467. package/dist/extensions/runway/index.js +1 -1
  468. package/dist/extensions/runway/video-generation-provider.js +1 -1
  469. package/dist/extensions/signal/api.js +6 -6
  470. package/dist/extensions/signal/channel-plugin-api.js +1 -1
  471. package/dist/extensions/signal/reaction-runtime-api.js +1 -1
  472. package/dist/extensions/signal/runtime-api.js +9 -9
  473. package/dist/extensions/skill-workshop/api.js +1 -1
  474. package/dist/extensions/skill-workshop/index.js +2 -2
  475. package/dist/extensions/speech-core/runtime-api.js +1 -1
  476. package/dist/extensions/stepfun/index.js +2 -2
  477. package/dist/extensions/synology-chat/api.js +1 -1
  478. package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
  479. package/dist/extensions/synthetic/index.js +1 -1
  480. package/dist/extensions/talk-voice/index.js +1 -1
  481. package/dist/extensions/tencent/index.js +2 -2
  482. package/dist/extensions/thread-ownership/index.js +1 -1
  483. package/dist/extensions/tlon/api.js +2 -2
  484. package/dist/extensions/tlon/channel-plugin-api.js +1 -1
  485. package/dist/extensions/tlon/runtime-api.js +1 -1
  486. package/dist/extensions/tlon/test-api.js +1 -1
  487. package/dist/extensions/together/index.js +2 -2
  488. package/dist/extensions/together/video-generation-provider.js +1 -1
  489. package/dist/extensions/twitch/api.js +1 -1
  490. package/dist/extensions/twitch/channel-plugin-api.js +1 -1
  491. package/dist/extensions/twitch/setup-plugin-api.js +1 -1
  492. package/dist/extensions/venice/index.js +1 -1
  493. package/dist/extensions/vercel-ai-gateway/index.js +1 -1
  494. package/dist/extensions/voice-call/index.js +1 -1
  495. package/dist/extensions/voice-call/runtime-entry.js +1 -1
  496. package/dist/extensions/volcengine/index.js +2 -2
  497. package/dist/extensions/vydra/image-generation-provider.js +1 -1
  498. package/dist/extensions/vydra/index.js +4 -4
  499. package/dist/extensions/vydra/video-generation-provider.js +1 -1
  500. package/dist/extensions/xai/api.js +2 -2
  501. package/dist/extensions/xai/code-execution.js +2 -2
  502. package/dist/extensions/xai/image-generation-provider.js +1 -1
  503. package/dist/extensions/xai/index.js +6 -6
  504. package/dist/extensions/xai/speech-provider.js +1 -1
  505. package/dist/extensions/xai/tts.js +1 -1
  506. package/dist/extensions/xai/video-generation-provider.js +1 -1
  507. package/dist/extensions/xai/x-search.js +2 -2
  508. package/dist/extensions/xiaomi/index.js +1 -1
  509. package/dist/extensions/zai/index.js +2 -2
  510. package/dist/extensions/zai/media-understanding-provider.js +1 -1
  511. package/dist/extensions/zai/test-api.js +1 -1
  512. package/dist/extensions/zalo/api.js +3 -3
  513. package/dist/extensions/zalo/channel-plugin-api.js +1 -1
  514. package/dist/extensions/zalo/runtime-api.js +2 -2
  515. package/dist/extensions/zalo/setup-api.js +2 -2
  516. package/dist/extensions/zalouser/api.js +3 -3
  517. package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
  518. package/dist/extensions/zalouser/runtime-api.js +7 -7
  519. package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
  520. package/dist/extensions/zalouser/test-api.js +1 -1
  521. package/dist/fallbacks-BWfTkiI4.js +31 -0
  522. package/dist/fallbacks-C9KDYKs_.js +2 -0
  523. package/dist/fallbacks-shared-DfTzBfq1.js +111 -0
  524. package/dist/format-CqMlnPqV.js +245 -0
  525. package/dist/gateway-CkxkzVZN.js +115 -0
  526. package/dist/gateway-cli-hF08SMoD.js +1283 -0
  527. package/dist/gateway-discovery-targets-BilYS9ha.js +42 -0
  528. package/dist/gateway-install-token-CZq3-WaX.js +141 -0
  529. package/dist/gateway-rpc-yH-iFPPG.js +14 -0
  530. package/dist/gateway-rpc.runtime-Bxb1dLu2.js +23 -0
  531. package/dist/gateway-rpc.runtime.js +1 -1
  532. package/dist/gateway-runtime-DSIAuM0M.js +15 -0
  533. package/dist/gateway-status-B3SqIStn.js +584 -0
  534. package/dist/genesis-tools-DzgSb3vd.js +9144 -0
  535. package/dist/genesis-tools.runtime-BkPuepHE.js +2 -0
  536. package/dist/genesis-tools.runtime.js +1 -1
  537. package/dist/get-reply-ChN4EIDm.js +3879 -0
  538. package/dist/get-reply-from-config.runtime-cgmM6iLA.js +2 -0
  539. package/dist/get-reply-from-config.runtime.js +1 -1
  540. package/dist/gmail-watcher-lifecycle-8oetrTVi.js +2 -0
  541. package/dist/gmail-watcher-lifecycle-CJJGDUP5.js +191 -0
  542. package/dist/graph-users-BjskkPXl.js +1337 -0
  543. package/dist/health-BcGQpWhR.js +3 -0
  544. package/dist/health-C_ieY9Kj.js +469 -0
  545. package/dist/health-route-CwpATAjq.js +41 -0
  546. package/dist/health-route-yxKlxzM8.js +2 -0
  547. package/dist/health-style-_j6EAcB7.js +2 -0
  548. package/dist/heartbeat-runner-BATl6sLG.js +5 -0
  549. package/dist/heartbeat-runner-LDUrUqCE.js +1292 -0
  550. package/dist/heartbeat-runner.runtime-DsuMWPNt.js +4 -0
  551. package/dist/heartbeat-runner.runtime.js +1 -1
  552. package/dist/hooks-cli-CEYDwXFE.js +433 -0
  553. package/dist/hooks-status-Cqby6WVW.js +86 -0
  554. package/dist/image-fallbacks-CqQR3jWU.js +31 -0
  555. package/dist/image-fallbacks-Nt-2QyCg.js +2 -0
  556. package/dist/image-generation-core-DEiEJhEK.js +18 -0
  557. package/dist/image-generation-core.auth.runtime.js +1 -1
  558. package/dist/image-generation-provider-BHKIJcjv.js +63 -0
  559. package/dist/image-generation-provider-BVsvNzI_.js +228 -0
  560. package/dist/image-generation-provider-CpH4lCyW.js +137 -0
  561. package/dist/image-generation-provider-Ct1lT0uf.js +157 -0
  562. package/dist/image-generation-provider-DPRew87B.js +95 -0
  563. package/dist/image-generation-provider-DgCga9KE.js +274 -0
  564. package/dist/image-generation-provider-DgFuHosU.js +529 -0
  565. package/dist/image-runtime-2qfUy_eg.js +9 -0
  566. package/dist/inbound-reply-dispatch-B798MCBn.js +73 -0
  567. package/dist/inbound.runtime-BzROcnJN.js +3 -0
  568. package/dist/inbound.runtime-DmyBUa6W.js +4 -0
  569. package/dist/inbound.runtime.js +1 -1
  570. package/dist/index.js +2 -2
  571. package/dist/infra-runtime-D3zS_Fs_.js +39 -0
  572. package/dist/init-Cgs_Y5r2.js +59 -0
  573. package/dist/install-CNyKkmoe.js +726 -0
  574. package/dist/install-Cr1XiFcK.js +190 -0
  575. package/dist/install-security-scan-DkBMNG01.js +26 -0
  576. package/dist/install-security-scan.runtime-RflYyKMz.js +671 -0
  577. package/dist/install-security-scan.runtime.js +1 -1
  578. package/dist/install.runtime-BxrmrGNn.js +27 -0
  579. package/dist/install.runtime-Cwxpe69l.js +2 -0
  580. package/dist/install.runtime-Czxp-yhT.js +12 -0
  581. package/dist/install.runtime.js +1 -1
  582. package/dist/jobs-Dd5apK1w.js +734 -0
  583. package/dist/legacy-tools-by-sender-BBxdN6rr.js +95 -0
  584. package/dist/legacy-tools-by-sender-jW8LxMcX.js +2 -0
  585. package/dist/library-CHfLQeCR.js +45 -0
  586. package/dist/lifecycle-lQvUNIhu.js +229 -0
  587. package/dist/lifecycle-zNuWSrCz.js +571 -0
  588. package/dist/lifecycle.runtime-ByIupJ19.js +2 -0
  589. package/dist/lifecycle.runtime.js +1 -1
  590. package/dist/list-C3XOJSpa.js +2 -0
  591. package/dist/list-Cc1XrqqF.js +1212 -0
  592. package/dist/list-D7rUonSE.js +131 -0
  593. package/dist/list-xlj8z1FQ.js +2 -0
  594. package/dist/list.probe-DxROY_f3.js +419 -0
  595. package/dist/live-model-switch-BKj-o0qi.js +336 -0
  596. package/dist/llm-slug-generator-Dgp800fh.js +79 -0
  597. package/dist/llm-slug-generator.js +1 -1
  598. package/dist/load-config-BLj62YjO.js +35 -0
  599. package/dist/loader-CbjGl9Hl.js +222 -0
  600. package/dist/local-dispatch.runtime-DRwpFW1C.js +8 -0
  601. package/dist/local-dispatch.runtime.js +1 -1
  602. package/dist/login-xTSVvkH1.js +108 -0
  603. package/dist/logs-cli-DxgJIioY.js +265 -0
  604. package/dist/logs-cli.runtime-Bokfw6xX.js +2 -0
  605. package/dist/logs-cli.runtime.js +1 -1
  606. package/dist/main-session-restart-recovery-BGtEwwC7.js +206 -0
  607. package/dist/managed-image-attachments-CdnUvv4i.js +635 -0
  608. package/dist/managed-image-attachments-DGoeEEK0.js +2 -0
  609. package/dist/manager-By98-8j7.js +2057 -0
  610. package/dist/manager-DoYtM2M_.js +2 -0
  611. package/dist/markdown-to-line-BAow3FG2.js +790 -0
  612. package/dist/mcp/plugin-tools-serve.js +1 -1
  613. package/dist/mcp-cli-CzbNPbAu.js +725 -0
  614. package/dist/mcp-http-3955tCu1.js +529 -0
  615. package/dist/media-runtime-DPuaOh-W.js +329 -0
  616. package/dist/media-understanding-DMGc6bUS.js +85 -0
  617. package/dist/media-understanding-provider-BFjdxO9-.js +21 -0
  618. package/dist/media-understanding-provider-BN0_ZWCk.js +13 -0
  619. package/dist/media-understanding-provider-Bc8inzhb.js +69 -0
  620. package/dist/media-understanding-provider-BjOG0qfv.js +85 -0
  621. package/dist/media-understanding-provider-BpUWx7YV.js +12 -0
  622. package/dist/media-understanding-provider-CDvqr0Ha.js +18 -0
  623. package/dist/media-understanding-provider-DOPCCOGb.js +37 -0
  624. package/dist/media-understanding-provider-DOVnR49K.js +18 -0
  625. package/dist/media-understanding-provider-Dyw_vjd1.js +28 -0
  626. package/dist/media-understanding-provider-t-_UaQgo.js +12 -0
  627. package/dist/media-understanding-runtime-CloZxX3k.js +2 -0
  628. package/dist/memory-core-host-runtime-cli-D7VcUd8Q.js +9 -0
  629. package/dist/memory-embedding-adapter-DryAyE08.js +123 -0
  630. package/dist/memory-host-search-BAD700R9.js +12 -0
  631. package/dist/memory-host-search.runtime.js +1 -1
  632. package/dist/message-action-runner-COx-ZvZd.js +1407 -0
  633. package/dist/message-action-runner-fdG6pGAZ.js +2 -0
  634. package/dist/message-actions-Dp5oy-Id.js +143 -0
  635. package/dist/message-format-C6vUBf1L.js +328 -0
  636. package/dist/message-o2dPGRzs.js +232 -0
  637. package/dist/message.config.runtime.js +1 -1
  638. package/dist/message.gateway.runtime-56NMl6zr.js +2 -0
  639. package/dist/message.gateway.runtime.js +1 -1
  640. package/dist/model-picker-CmKXNo9I.js +3 -0
  641. package/dist/model-picker-RwmF8BB2.js +559 -0
  642. package/dist/model-picker.runtime-C7NZbfGO.js +15 -0
  643. package/dist/model-picker.runtime.js +1 -1
  644. package/dist/model-selection-V3vSY372.js +213 -0
  645. package/dist/models-auth-status-CIvClfyB.js +201 -0
  646. package/dist/models-cli-BnImTHDJ.js +219 -0
  647. package/dist/models.fetch-CSjF93kV.js +518 -0
  648. package/dist/monitor-B6C1jpvZ.js +671 -0
  649. package/dist/monitor-CD_A25Rx.js +788 -0
  650. package/dist/monitor-DbpDtT91.js +1661 -0
  651. package/dist/monitor-DvkiboRC.js +1459 -0
  652. package/dist/monitor-auth-eDhrUf09.js +207 -0
  653. package/dist/monitor-processing-3UY_U9hP.js +1974 -0
  654. package/dist/monitor-v7YjMH5B.js +2 -0
  655. package/dist/monitor-yj-MViK6.js +1237 -0
  656. package/dist/monitor.runtime-K9_4KdMD.js +2 -0
  657. package/dist/monitor.runtime.js +1 -1
  658. package/dist/monitor.webhook-DIIuOtEd.js +180 -0
  659. package/dist/msteams-6tpdLYYt.js +35 -0
  660. package/dist/music-generation-provider-DLsuTyhN.js +63 -0
  661. package/dist/music-generation-provider-DURtvZ5B.js +170 -0
  662. package/dist/native-hook-relay-DVfxqsON.js +519 -0
  663. package/dist/nextcloud-talk-DyYXCJLV.js +17 -0
  664. package/dist/node-cli-XV5Mq4R5.js +2506 -0
  665. package/dist/nodes-cli-CkCLLSNL.js +1046 -0
  666. package/dist/nodes-utils-Cvyl5QAh.js +84 -0
  667. package/dist/nodes.helpers-DYk79sWL.js +34 -0
  668. package/dist/notify-CzYxngwD.js +315 -0
  669. package/dist/oauth-CDxZvq5B.js +152 -0
  670. package/dist/oauth-CemxANpL.js +75 -0
  671. package/dist/oauth-DfB1vcWQ.js +139 -0
  672. package/dist/oauth-fpxNVPrl.js +2 -0
  673. package/dist/oauth-tls-preflight-BcNy7dKB.js +2 -0
  674. package/dist/oauth.flow-DbJmBCPq.js +3 -0
  675. package/dist/oauth.flow-jarh1FJh.js +45 -0
  676. package/dist/onboard-4gvN93s8.js +316 -0
  677. package/dist/onboard-D0lkvRs5.js +632 -0
  678. package/dist/onboard-channels-B31xMIuZ.js +3 -0
  679. package/dist/onboard-channels-BEkUvYCF.js +2 -0
  680. package/dist/onboard-config-DvU9Ngti.js +2 -0
  681. package/dist/onboard-custom-BitaTI2J.js +271 -0
  682. package/dist/onboard-custom-a9DbHTUT.js +3 -0
  683. package/dist/onboard-helpers-BHi-aRMH.js +204 -0
  684. package/dist/onboard-helpers-elKh6zBN.js +6 -0
  685. package/dist/onboard-hooks-Cr15MeKN.js +52 -0
  686. package/dist/onboard-remote-Cng1yalR.js +2 -0
  687. package/dist/onboard-remote-DXV2D8eg.js +193 -0
  688. package/dist/onboard-search-B0OW2KL3.js +323 -0
  689. package/dist/onboard-skills-BdzrRAcj.js +134 -0
  690. package/dist/onboard-skills-CNwXUb0I.js +2 -0
  691. package/dist/onboarding-plugin-install-DRFjmslc.js +406 -0
  692. package/dist/open-policy-allowfrom-C084Puwf.js +2 -0
  693. package/dist/open-policy-allowfrom-Dg0zzuWw.js +101 -0
  694. package/dist/openai-codex-provider-DC5MRZgN.js +472 -0
  695. package/dist/openai-http-DPekQzlm.js +500 -0
  696. package/dist/openai-provider-BAc1xw8U.js +313 -0
  697. package/dist/opencode-rrH9GPhY.js +35 -0
  698. package/dist/openresponses-http-KuBtyTB9.js +1128 -0
  699. package/dist/operator-approvals-client-Ck6tSehQ.js +68 -0
  700. package/dist/outbound-runtime-Dquu18jb.js +5 -0
  701. package/dist/outbound.runtime-C4fvxQG0.js +2 -0
  702. package/dist/outbound.runtime.js +1 -1
  703. package/dist/pair-command-approve-DXxc-bF6.js +44 -0
  704. package/dist/persistent-bindings.lifecycle-DHLMOTbE.js +2 -0
  705. package/dist/persistent-bindings.lifecycle-FgyzapQO.js +85 -0
  706. package/dist/pi-embedded-DX9kTXHk.js +4 -0
  707. package/dist/pi-embedded-c1fYxGY_.js +2905 -0
  708. package/dist/pi-embedded-subscribe.handlers.compaction.runtime-EnaEhBV7.js +23 -0
  709. package/dist/pi-embedded-subscribe.handlers.compaction.runtime.js +1 -1
  710. package/dist/pi-embedded.runtime-BF21n0BD.js +4 -0
  711. package/dist/pi-embedded.runtime.js +1 -1
  712. package/dist/pi-tool-definition-adapter-IAoWm6mw.js +217 -0
  713. package/dist/pi-tools-C_f4UUql.js +1057 -0
  714. package/dist/pi-tools.before-tool-call-OMTQuo2Y.js +2 -0
  715. package/dist/pi-tools.before-tool-call-Yjb1AzLr.js +433 -0
  716. package/dist/plugin-Bqw6iIhd.js +12195 -0
  717. package/dist/plugin-enabled-Dws5rJhZ.js +140 -0
  718. package/dist/plugin-install-BQn7pUma.js +115 -0
  719. package/dist/plugin-install-config-policy-BM-_U7I2.js +137 -0
  720. package/dist/plugin-install-iU6yvmd2.js +2 -0
  721. package/dist/plugin-install-plan-D11M-SSH.js +50 -0
  722. package/dist/plugin-registration-BlawgUJq.js +23 -0
  723. package/dist/plugin-registry-BS1ql5am.js +3 -0
  724. package/dist/plugin-registry-DQYacxoR.js +2 -0
  725. package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
  726. package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
  727. package/dist/plugin-sdk/acp-runtime.js +3 -3
  728. package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
  729. package/dist/plugin-sdk/agent-harness.js +7 -7
  730. package/dist/plugin-sdk/agent-runtime.js +2 -2
  731. package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
  732. package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
  733. package/dist/plugin-sdk/approval-runtime.js +1 -1
  734. package/dist/plugin-sdk/browser-node-runtime.js +4 -4
  735. package/dist/plugin-sdk/browser-setup-tools.js +3 -3
  736. package/dist/plugin-sdk/browser-support.js +7 -7
  737. package/dist/plugin-sdk/channel-core.js +2 -2
  738. package/dist/plugin-sdk/channel-inbound.js +3 -3
  739. package/dist/plugin-sdk/command-auth.js +2 -2
  740. package/dist/plugin-sdk/command-status-runtime.js +1 -1
  741. package/dist/plugin-sdk/compat.js +1 -1
  742. package/dist/plugin-sdk/config-runtime.js +3 -3
  743. package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
  744. package/dist/plugin-sdk/conversation-runtime.js +4 -4
  745. package/dist/plugin-sdk/core.js +2 -2
  746. package/dist/plugin-sdk/direct-dm.js +1 -1
  747. package/dist/plugin-sdk/gateway-runtime.js +3 -3
  748. package/dist/plugin-sdk/image-generation-core.js +2 -2
  749. package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
  750. package/dist/plugin-sdk/index.js +1 -1
  751. package/dist/plugin-sdk/infra-runtime.js +2 -2
  752. package/dist/plugin-sdk/irc.js +2 -2
  753. package/dist/plugin-sdk/matrix.js +1 -1
  754. package/dist/plugin-sdk/mattermost.js +2 -2
  755. package/dist/plugin-sdk/media-runtime.js +5 -5
  756. package/dist/plugin-sdk/media-understanding-runtime.js +2 -2
  757. package/dist/plugin-sdk/media-understanding.js +2 -2
  758. package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
  759. package/dist/plugin-sdk/memory-core.js +2 -2
  760. package/dist/plugin-sdk/memory-host-search.js +1 -1
  761. package/dist/plugin-sdk/msteams.js +3 -3
  762. package/dist/plugin-sdk/nextcloud-talk.js +2 -2
  763. package/dist/plugin-sdk/nostr.js +1 -1
  764. package/dist/plugin-sdk/opencode.js +1 -1
  765. package/dist/plugin-sdk/outbound-runtime.js +2 -2
  766. package/dist/plugin-sdk/provider-auth-api-key.js +2 -2
  767. package/dist/plugin-sdk/provider-auth-login.js +1 -1
  768. package/dist/plugin-sdk/provider-auth.js +2 -2
  769. package/dist/plugin-sdk/provider-entry.js +1 -1
  770. package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
  771. package/dist/plugin-sdk/reply-runtime.js +4 -4
  772. package/dist/plugin-sdk/runtime-doctor.js +1 -1
  773. package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
  774. package/dist/plugin-sdk/runtime.js +3 -3
  775. package/dist/plugin-sdk/sandbox.js +1 -1
  776. package/dist/plugin-sdk/session-store-runtime.js +1 -1
  777. package/dist/plugin-sdk/session-visibility.js +1 -1
  778. package/dist/plugin-sdk/skill-commands-runtime.js +1 -1
  779. package/dist/plugin-sdk/src/config/types.browser.d.ts +1 -1
  780. package/dist/plugin-sdk/testing.js +4 -4
  781. package/dist/plugin-sdk/tlon.js +1 -1
  782. package/dist/plugin-sdk/zalo.js +1 -1
  783. package/dist/plugin-sdk/zalouser.js +1 -1
  784. package/dist/plugin-service-VZSLJ4oI.js +2892 -0
  785. package/dist/plugins/runtime/index.js +1 -1
  786. package/dist/plugins-cli-UR8WqrIq.js +584 -0
  787. package/dist/plugins-command-helpers-D799dbVj.js +107 -0
  788. package/dist/plugins-install-persist-D_HU3Frx.js +133 -0
  789. package/dist/plugins-update-command-BTBJuQMC.js +1057 -0
  790. package/dist/policy-9PlwCZVI.js +328 -0
  791. package/dist/postinstall-inventory.json +854 -850
  792. package/dist/prepare.runtime-BWs6JC5C.js +815 -0
  793. package/dist/prepare.runtime.js +1 -1
  794. package/dist/preview-warnings-Xd3ZVG_C.js +120 -0
  795. package/dist/probe-BvnxVXPF.js +2 -0
  796. package/dist/probe-CVdSkKEj.js +241 -0
  797. package/dist/probe-CdbOHCqk.js +45 -0
  798. package/dist/probe-CgIZN3nP.js +1443 -0
  799. package/dist/probe-Cj5gwplO.js +74 -0
  800. package/dist/probe-D4pJKTVi.js +2 -0
  801. package/dist/probe-DOpn9xW4.js +243 -0
  802. package/dist/probe-Dhgk7ek6.js +2205 -0
  803. package/dist/probe-auth-Nvl_FRXO.js +3 -0
  804. package/dist/program-BOie7Vt-.js +111 -0
  805. package/dist/program-context-ChxdxCOu.js +2 -0
  806. package/dist/prompt-select-styled-BoqQDWM7.js +20 -0
  807. package/dist/protocol-AGt54mci.js +2335 -0
  808. package/dist/provider-D_uxch_F.js +70 -0
  809. package/dist/provider-api-key-auth-DQcZiZii.js +114 -0
  810. package/dist/provider-api-key-auth.runtime.js +1 -1
  811. package/dist/provider-auth-C983Ir3i.js +46 -0
  812. package/dist/provider-auth-api-key-DTSUklSr.js +5 -0
  813. package/dist/provider-auth-choice-B5hkZbf_.js +228 -0
  814. package/dist/provider-auth-choice-preference-CJRv4tMl.js +27 -0
  815. package/dist/provider-auth-choices-BgUKYeKC.js +2 -0
  816. package/dist/provider-auth-guidance-CXc99WzE.js +2 -0
  817. package/dist/provider-auth-login-O3Sm0KwV.js +8 -0
  818. package/dist/provider-auth-login.runtime-CbaRtloJ.js +267 -0
  819. package/dist/provider-auth-login.runtime.js +1 -1
  820. package/dist/provider-dispatcher-DWf9-i4h.js +22 -0
  821. package/dist/provider-dispatcher-Difz51Qf.js +2 -0
  822. package/dist/provider-entry-D0S4gpr-.js +106 -0
  823. package/dist/provider-flow-f_IA_ktZ.js +148 -0
  824. package/dist/provider-install-catalog-Cg32-zFa.js +108 -0
  825. package/dist/provider-model-defaults-ChOCI1XD.js +6 -0
  826. package/dist/provider-registration-DReJwyYv.js +37 -0
  827. package/dist/provider-registration-DuuV27JS.js +218 -0
  828. package/dist/proxy-cli-CqFZNmxT.js +44 -0
  829. package/dist/proxy-cli.runtime-CAFc4tCs.js +372 -0
  830. package/dist/proxy-cli.runtime.js +1 -1
  831. package/dist/pw-ai-Dre6YylS.js +2511 -0
  832. package/dist/qr-cli-CKjl5y9P.js +349 -0
  833. package/dist/qr-cli-HA7KcboU.js +2 -0
  834. package/dist/qr-image-BEyM3usD.js +2 -0
  835. package/dist/queue-18j62oEc.js +409 -0
  836. package/dist/reaction-runtime-api-Byb7aNNv.js +116 -0
  837. package/dist/reactions-DKjkdDpt.js +998 -0
  838. package/dist/read-best-effort-config.runtime.js +1 -1
  839. package/dist/read-capability-L5JQpwus.js +412 -0
  840. package/dist/register-service-commands-DgcOFNfd.js +71 -0
  841. package/dist/register.agent-D8O3Pej1.js +248 -0
  842. package/dist/register.backup-B_r2LOYK.js +64 -0
  843. package/dist/register.configure-DnJuRHEh.js +15 -0
  844. package/dist/register.maintenance-3aZxhWJa.js +363 -0
  845. package/dist/register.message-BXlGRk2N.js +329 -0
  846. package/dist/register.onboard-CqjGOMl-.js +81 -0
  847. package/dist/register.runtime-BnKRhWSR.js +81 -0
  848. package/dist/register.runtime.js +1 -1
  849. package/dist/register.setup-CuhKuyzn.js +150 -0
  850. package/dist/register.status-health-sessions-C5DzZa1_.js +1215 -0
  851. package/dist/register.subclis-CR1fpSTT.js +3 -0
  852. package/dist/register.subclis-D_uws2t_.js +29 -0
  853. package/dist/register.subclis-core-AHoaC6VW.js +249 -0
  854. package/dist/register.wallet-BiFJeDsS.js +159 -0
  855. package/dist/repair-sequencing-BSAmIx7i.js +145 -0
  856. package/dist/reply-dispatch-runtime-Ceu-bJO-.js +13 -0
  857. package/dist/reply-media-paths.runtime-BQcpYv4W.js +2 -0
  858. package/dist/reply-media-paths.runtime-DpCr5Ul0.js +146 -0
  859. package/dist/reply-media-paths.runtime.js +1 -1
  860. package/dist/reply-runtime-BCvhbO0n.js +11 -0
  861. package/dist/reply.runtime-Dq49ajK8.js +2 -0
  862. package/dist/reply.runtime.js +1 -1
  863. package/dist/resolve-k9X8xwXZ.js +259 -0
  864. package/dist/response-generator-F0uPL6Wb.js +175 -0
  865. package/dist/restart-health-B3BG9cWC.js +2 -0
  866. package/dist/restart-health-Blxs74k_.js +202 -0
  867. package/dist/root-help-ChzMvc3A.js +44 -0
  868. package/dist/route-reply-C8iN0qJY.js +162 -0
  869. package/dist/route-reply.runtime-B2lAB1-b.js +2 -0
  870. package/dist/route-reply.runtime.js +1 -1
  871. package/dist/routes-CJ7e3-3_.js +3341 -0
  872. package/dist/routes-CSpmwUOo.js +2 -0
  873. package/dist/rpc-zrzVsr7U.js +61 -0
  874. package/dist/rpc.runtime-BoWSTfbK.js +21 -0
  875. package/dist/rpc.runtime.js +1 -1
  876. package/dist/run-auth-profile.runtime-CmWR2ACc.js +2 -0
  877. package/dist/run-auth-profile.runtime.js +1 -1
  878. package/dist/run-context.runtime.js +1 -1
  879. package/dist/run-delivery.runtime-gMcYNNDu.js +530 -0
  880. package/dist/run-delivery.runtime.js +1 -1
  881. package/dist/run-embedded.runtime-Y7BR9y48.js +4 -0
  882. package/dist/run-embedded.runtime.js +1 -1
  883. package/dist/run-execution-cli.runtime-gnM2Ql9w.js +4 -0
  884. package/dist/run-execution-cli.runtime.js +1 -1
  885. package/dist/run-executor.runtime-CrBblsnd.js +277 -0
  886. package/dist/run-executor.runtime.js +1 -1
  887. package/dist/run-external-content.runtime.js +1 -1
  888. package/dist/run-main-TmL9-_zs.js +567 -0
  889. package/dist/run-model-catalog.runtime.js +1 -1
  890. package/dist/run-subagent-registry.runtime-CWsqAYYP.js +2 -0
  891. package/dist/run-subagent-registry.runtime.js +1 -1
  892. package/dist/run-wait-D3KzpvQq.js +135 -0
  893. package/dist/runner-DUtC35j2.js +966 -0
  894. package/dist/runner.entries-0ZSu_nTv.js +604 -0
  895. package/dist/runtime-CxubLXjp.js +72 -0
  896. package/dist/runtime-DSuaai8P.js +263 -0
  897. package/dist/runtime-DnDt_3OQ.js +116 -0
  898. package/dist/runtime-DrHUjQ1Q.js +973 -0
  899. package/dist/runtime-_ZEfYaU0.js +9 -0
  900. package/dist/runtime-api-BO9T0HM6.js +9 -0
  901. package/dist/runtime-api-D05_vaS-.js +9 -0
  902. package/dist/runtime-api-DP5brVhK.js +4 -0
  903. package/dist/runtime-api-Y1Y0XFaX.js +14 -0
  904. package/dist/runtime-embedded-pi.runtime-zFbq7SGM.js +2 -0
  905. package/dist/runtime-embedded-pi.runtime.js +1 -1
  906. package/dist/runtime-entry-BxV0KsK8.js +2769 -0
  907. package/dist/runtime-internal-BhujhdGc.js +2 -0
  908. package/dist/runtime-manifest.runtime.js +1 -1
  909. package/dist/runtime-options-DPOGEX8m.js +275 -0
  910. package/dist/runtime-pB6_767d.js +2 -0
  911. package/dist/runtime-prepare.runtime-DCMh017y.js +80 -0
  912. package/dist/runtime-prepare.runtime.js +1 -1
  913. package/dist/runtime-registry-loader-BnT6zi1m.js +2 -0
  914. package/dist/runtime-schema-BkQ2RaAT.js +27796 -0
  915. package/dist/runtime-web-tools-BUdYGMsD.js +1477 -0
  916. package/dist/runtime-web-tools-fallback.runtime.js +1 -1
  917. package/dist/runtime-web-tools-manifest.runtime.js +1 -1
  918. package/dist/runtime-web-tools-public-artifacts.runtime.js +1 -1
  919. package/dist/sandbox-CHm2nn70.js +1156 -0
  920. package/dist/sandbox-E_kshBRj.js +3 -0
  921. package/dist/sandbox-cli-DQy0IvU6.js +450 -0
  922. package/dist/scan-BHrX6xlw.js +2 -0
  923. package/dist/scan-YCM3NZ4a.js +523 -0
  924. package/dist/secrets-cli-DiJDMvpu.js +2101 -0
  925. package/dist/security-cli-DKW-eR9G.js +486 -0
  926. package/dist/selection-CKyD2Dph.js +7736 -0
  927. package/dist/selection-Dg3WfJp4.js +2 -0
  928. package/dist/send-Cwx2NC_E.js +156 -0
  929. package/dist/send-DfVrE6Nj.js +102 -0
  930. package/dist/send.runtime-RHU8DLUa.js +2 -0
  931. package/dist/send.runtime.js +1 -1
  932. package/dist/server-CVac_8eO.js +77 -0
  933. package/dist/server-DK60xdj1.js +13 -0
  934. package/dist/server-context-DH1UPelC.js +847 -0
  935. package/dist/server-context-DSP_jNKo.js +2 -0
  936. package/dist/server-node-events-CQkjKwDW.js +481 -0
  937. package/dist/server-plugin-bootstrap-CWkKWsmU.js +11535 -0
  938. package/dist/server-plugin-bootstrap-DtuLv1Z0.js +2 -0
  939. package/dist/server-restart-sentinel-BqlD_fdp.js +697 -0
  940. package/dist/server.impl-y2ki-U8R.js +12822 -0
  941. package/dist/session-BmhZ0w1g.js +48 -0
  942. package/dist/session-archive.runtime.js +1 -1
  943. package/dist/session-envelope-CcfhPnpN.js +18 -0
  944. package/dist/session-key-B4usxD24.js +65 -0
  945. package/dist/session-kill-http-CBVZRf5-.js +110 -0
  946. package/dist/session-meta-BboKGMtd.js +109 -0
  947. package/dist/session-override-BOwEVLnz.js +106 -0
  948. package/dist/session-reset-model.runtime-ZTv_T7lt.js +133 -0
  949. package/dist/session-reset-model.runtime.js +1 -1
  950. package/dist/session-reset-service-EkGOtdE8.js +471 -0
  951. package/dist/session-route-BGqKLpT1.js +93 -0
  952. package/dist/session-status.runtime-8fW2zaxe.js +2 -0
  953. package/dist/session-status.runtime.js +1 -1
  954. package/dist/session-store-DgAh1suS.js +126 -0
  955. package/dist/session-store.runtime-JjCOtrjx.js +2 -0
  956. package/dist/session-store.runtime.js +1 -1
  957. package/dist/session-subagent-reactivation.runtime-Ds5c0djG.js +2 -0
  958. package/dist/session-subagent-reactivation.runtime.js +1 -1
  959. package/dist/session-tab-registry-DkVIf7hV.js +581 -0
  960. package/dist/session-updates-Cv75xqmY.js +236 -0
  961. package/dist/session-updates.runtime-B8c11iw1.js +2 -0
  962. package/dist/session-updates.runtime.js +1 -1
  963. package/dist/session-utils-CuzGvD11.js +1006 -0
  964. package/dist/session-visibility-C3JCU9JN.js +147 -0
  965. package/dist/sessions-CxqBNE-J.js +2 -0
  966. package/dist/sessions-DNlJETOX.js +48 -0
  967. package/dist/sessions-DaSeSXOJ.js +281 -0
  968. package/dist/sessions-Dm6k-udS.js +16 -0
  969. package/dist/sessions-helpers-DOb5IrRm.js +304 -0
  970. package/dist/sessions-history-http-CupOgqEu.js +383 -0
  971. package/dist/sessions-patch-CzbJpzmm.js +309 -0
  972. package/dist/sessions-resolve-jfzejD6e.js +174 -0
  973. package/dist/sessions.runtime-BVhaNHoj.js +2 -0
  974. package/dist/sessions.runtime.js +1 -1
  975. package/dist/setup-C_cEOif3.js +495 -0
  976. package/dist/setup-DafKIWc2.js +421 -0
  977. package/dist/setup-api-CaIoRGbW.js +29 -0
  978. package/dist/setup-core-DHSQ96hI.js +171 -0
  979. package/dist/setup-core-SSEJmQpZ.js +176 -0
  980. package/dist/setup-surface-C6FileLV.js +219 -0
  981. package/dist/setup-surface-GihBDZa6.js +403 -0
  982. package/dist/setup-surface-biZwah-0.js +286 -0
  983. package/dist/setup.finalize-ch5XUfVx.js +539 -0
  984. package/dist/setup.gateway-config-ueuag32X.js +250 -0
  985. package/dist/shared--9pW5Ce7.js +76 -0
  986. package/dist/shared-BHLRlMoM.js +217 -0
  987. package/dist/shared-BbFyx9G1.js +121 -0
  988. package/dist/shared-CiA5BTBf.js +198 -0
  989. package/dist/shared-runtime-9X8j5_KJ.js +7 -0
  990. package/dist/skill-commands-X1nUEOXX.js +83 -0
  991. package/dist/skill-commands.runtime-t_xMebUt.js +2 -0
  992. package/dist/skill-commands.runtime.js +1 -1
  993. package/dist/skills-clawhub-Qqd5npos.js +275 -0
  994. package/dist/skills-cli-D1XXa0XQ.js +370 -0
  995. package/dist/skills-install-Dub1fmyK.js +605 -0
  996. package/dist/skills-snapshot.runtime-jMF9Gla8.js +7 -0
  997. package/dist/skills-snapshot.runtime.js +1 -1
  998. package/dist/slash-state-C4SKy5al.js +1911 -0
  999. package/dist/speech-provider-DN4EL6mY.js +209 -0
  1000. package/dist/speech-provider-DiHqRzvg.js +216 -0
  1001. package/dist/speech-provider-I6DuR7ih.js +170 -0
  1002. package/dist/src-CvAKVqK5.js +3974 -0
  1003. package/dist/stage-sandbox-media.runtime-D3i8uZyP.js +232 -0
  1004. package/dist/stage-sandbox-media.runtime.js +1 -1
  1005. package/dist/stale-plugin-config-DjXhX5ro.js +103 -0
  1006. package/dist/stale-plugin-config-OQnSe4DX.js +2 -0
  1007. package/dist/startup-context-BCZp-nrD.js +312 -0
  1008. package/dist/state-migrations-w5G6NV2T.js +820 -0
  1009. package/dist/status-BHUXDOxB.js +190 -0
  1010. package/dist/status-Bj0PB_BB.js +209 -0
  1011. package/dist/status-CoR6bPDI.js +2 -0
  1012. package/dist/status-DF3nzErU.js +3 -0
  1013. package/dist/status-DYRFWBUr.js +2 -0
  1014. package/dist/status-QjQ5fLJG.js +397 -0
  1015. package/dist/status-RapY_a8v.js +62 -0
  1016. package/dist/status-all-C5dOpSTJ.js +498 -0
  1017. package/dist/status-json-Ch8iLhXc.js +14 -0
  1018. package/dist/status-json-command-j0_mDLvG.js +84 -0
  1019. package/dist/status-message-DZWQePYx.js +466 -0
  1020. package/dist/status-message.runtime-uc5V05rB.js +6 -0
  1021. package/dist/status-message.runtime.js +1 -1
  1022. package/dist/status-queue.runtime-DCiv2--4.js +2 -0
  1023. package/dist/status-queue.runtime.js +1 -1
  1024. package/dist/status-runtime-shared-ZMmwbQgo.js +257 -0
  1025. package/dist/status-subagents.runtime-BtzPnPQK.js +18 -0
  1026. package/dist/status-subagents.runtime.js +1 -1
  1027. package/dist/status-text-DWp3FqTV.js +237 -0
  1028. package/dist/status.agent-local-BOqQC7TE.js +58 -0
  1029. package/dist/status.command.text-runtime-BGajGa6I.js +15 -0
  1030. package/dist/status.gateway-connection.runtime-oVziBbXJ.js +2 -0
  1031. package/dist/status.gateway-connection.runtime.js +1 -1
  1032. package/dist/status.gateway-probe-uIu3L-Rn.js +16 -0
  1033. package/dist/status.gather-K0BR9xLt.js +2 -0
  1034. package/dist/status.gather-vx7VGIBO.js +292 -0
  1035. package/dist/status.link-channel-A9hhIWyV.js +35 -0
  1036. package/dist/status.node-mode-Be4WLZXV.js +32 -0
  1037. package/dist/status.node-mode-Blnsadww.js +2 -0
  1038. package/dist/status.runtime-B2ripBxv.js +2 -0
  1039. package/dist/status.runtime-Bo7TFvUE.js +2 -0
  1040. package/dist/status.runtime.js +1 -1
  1041. package/dist/status.scan-BiRMUkAL.js +65 -0
  1042. package/dist/status.scan-overview-CHPUBwXN.js +379 -0
  1043. package/dist/status.scan.deps.runtime.js +1 -1
  1044. package/dist/status.scan.fast-json-B17v4E7m.js +132 -0
  1045. package/dist/status.scan.fast-json-DnHV6-FY.js +2 -0
  1046. package/dist/status.scan.runtime-DkG5vIQz.js +409 -0
  1047. package/dist/status.scan.runtime.js +1 -1
  1048. package/dist/status.summary-B-dxNuw4.js +2 -0
  1049. package/dist/status.summary-BUa9nTjl.js +214 -0
  1050. package/dist/status.update-Dk3S_7Lg.js +79 -0
  1051. package/dist/status.update-XYGUXSP7.js +2 -0
  1052. package/dist/store-B0wUii0o.js +910 -0
  1053. package/dist/store-C6gzhrUl.js +4 -0
  1054. package/dist/store.runtime-zFzaCgaN.js +2 -0
  1055. package/dist/store.runtime.js +1 -1
  1056. package/dist/stream-BGF6sIIj.js +664 -0
  1057. package/dist/subagent-announce-cxSxcEpf.js +351 -0
  1058. package/dist/subagent-announce-delivery-DWWzFpRW.js +726 -0
  1059. package/dist/subagent-announce-output-BifyE5eI.js +364 -0
  1060. package/dist/subagent-capabilities-AF6T_57k.js +251 -0
  1061. package/dist/subagent-control-CdZhtCp9.js +506 -0
  1062. package/dist/subagent-control.runtime-DBV8B-6z.js +3 -0
  1063. package/dist/subagent-control.runtime.js +1 -1
  1064. package/dist/subagent-followup.runtime-BPnUQG2q.js +68 -0
  1065. package/dist/subagent-followup.runtime.js +1 -1
  1066. package/dist/subagent-orphan-recovery-BmhbSEPM.js +305 -0
  1067. package/dist/subagent-registry-BPOTEL9f.js +1753 -0
  1068. package/dist/subagent-registry-DksKb1R4.js +3 -0
  1069. package/dist/subagent-registry.runtime.js +1 -1
  1070. package/dist/subagent-spawn-CtYFn2NM.js +1005 -0
  1071. package/dist/supervisor-B-cWweJz.js +704 -0
  1072. package/dist/supervisor-log.runtime.js +1 -1
  1073. package/dist/system-cli-C_3trUzR.js +59 -0
  1074. package/dist/systemd-linger-Bp7RlUum.js +2 -0
  1075. package/dist/target-id-Ujv5hNZO.js +107 -0
  1076. package/dist/targets-Rv4LtIoh.js +67 -0
  1077. package/dist/targets.runtime.js +1 -1
  1078. package/dist/task-executor-DjPeHczG.js +360 -0
  1079. package/dist/task-owner-access-CMLLG2vh.js +74 -0
  1080. package/dist/task-registry-Q3Cl90mj.js +2366 -0
  1081. package/dist/task-registry-delivery-runtime-BSuaWdpl.js +2 -0
  1082. package/dist/task-registry-delivery-runtime-DWCwND9H.js +3 -0
  1083. package/dist/task-registry.maintenance-CvZuHZTV.js +416 -0
  1084. package/dist/task-registry.maintenance-IDjkL8Np.js +2 -0
  1085. package/dist/telegram/token.js +2 -2
  1086. package/dist/testing-CNkQ39ew.js +575 -0
  1087. package/dist/text-report-DVIG_L7b.js +587 -0
  1088. package/dist/tool-auth-shared-De65N_fJ.js +90 -0
  1089. package/dist/tool-policy-pipeline-Cwo7nErU.js +109 -0
  1090. package/dist/tool-resolution-s05uymkY.js +90 -0
  1091. package/dist/tools-effective-inventory--jk1GD1B.js +152 -0
  1092. package/dist/tools-invoke-http-Bkpw98PK.js +206 -0
  1093. package/dist/transcript-YAj-FvLG.js +312 -0
  1094. package/dist/transcript-resolve.runtime-4NCOnX42.js +2 -0
  1095. package/dist/transcript-resolve.runtime.js +1 -1
  1096. package/dist/transcript.runtime-CoUyn9fx.js +2 -0
  1097. package/dist/transcript.runtime.js +1 -1
  1098. package/dist/trash-Bj9oW0g5.js +24 -0
  1099. package/dist/tts-Cnj91x3B.js +64 -0
  1100. package/dist/tui-cli-63sm8eVE.js +4575 -0
  1101. package/dist/uninstall-9nOSf4s_.js +185 -0
  1102. package/dist/update-DlxQL9Iy.js +1282 -0
  1103. package/dist/update-cli-C_DkYNQx.js +1759 -0
  1104. package/dist/update-runner-xWl321w2.js +1892 -0
  1105. package/dist/update-startup-DDtqVzgO.js +331 -0
  1106. package/dist/update-startup-DN0IlVjY.js +2 -0
  1107. package/dist/upgrade-CROnI5RX.js +1226 -0
  1108. package/dist/video-generation-provider-B8mxQJBe.js +271 -0
  1109. package/dist/video-generation-provider-BmWUZDy3.js +78 -0
  1110. package/dist/video-generation-provider-BnHoRhgc.js +254 -0
  1111. package/dist/video-generation-provider-BzbQU0_O2.js +77 -0
  1112. package/dist/video-generation-provider-C4a6Fid4.js +64 -0
  1113. package/dist/video-generation-provider-CPKiG6d-.js +287 -0
  1114. package/dist/video-generation-provider-Cvb0pnUY.js +221 -0
  1115. package/dist/video-generation-provider-D40zcMSN.js +264 -0
  1116. package/dist/video-generation-provider-DahQjVLx.js +118 -0
  1117. package/dist/video-generation-provider-Ni3qeKHD.js +187 -0
  1118. package/dist/video-generation-provider-VpDrag9H.js +281 -0
  1119. package/dist/video-generation-task-status-D_6OimZH.js +163 -0
  1120. package/dist/wait-for-idle-before-flush-jjJHjLe9.js +5986 -0
  1121. package/dist/web-search-provider-CX_JSUqp.js +163 -0
  1122. package/dist/webhooks-cli-BgTQ_P6o.js +321 -0
  1123. package/dist/wizard-models-BXxRio-w.js +161 -0
  1124. package/dist/workflow-runtime-D62ZaRZf.js +485 -0
  1125. package/package.json +1 -1
  1126. package/dist/abort-OiNnhIeU.js +0 -201
  1127. package/dist/abort-cutoff.runtime-e5msXazz.js +0 -20
  1128. package/dist/abort.runtime-32L7to00.js +0 -2
  1129. package/dist/accounts-14lAXeAz.js +0 -107
  1130. package/dist/accounts-LZBr-w-R.js +0 -2
  1131. package/dist/accounts-Qds94ljJ.js +0 -104
  1132. package/dist/acp-cli-Dpw7BGfH.js +0 -2193
  1133. package/dist/acp-spawn-CY9aGxXS.js +0 -1093
  1134. package/dist/acp-spawn-_f_fT2de.js +0 -2
  1135. package/dist/acp-stateful-target-driver-CCR0BYbj.js +0 -89
  1136. package/dist/action-agents-EpYpAn3c.js +0 -67
  1137. package/dist/action-focus-B3Ps1mmc.js +0 -132
  1138. package/dist/action-help-BGFH_VTi.js +0 -7
  1139. package/dist/action-info-C8TaNUkA.js +0 -101
  1140. package/dist/action-kill-DGSI5rAr.js +0 -33
  1141. package/dist/action-list-mDthFZbQ.js +0 -21
  1142. package/dist/action-log-BP5nomP5.js +0 -30
  1143. package/dist/action-send-Bh2FybD3.js +0 -39
  1144. package/dist/action-spawn-Dn0I3O5l.js +0 -47
  1145. package/dist/action-unfocus-BC9BBJec.js +0 -29
  1146. package/dist/actions.runtime-DbK3OvjW.js +0 -5
  1147. package/dist/actions.runtime-ydCDe6F7.js +0 -18
  1148. package/dist/agent-2o2eoVoy.js +0 -2
  1149. package/dist/agent-command-DmyA9z8R.js +0 -874
  1150. package/dist/agent-harness-runtime-B5rFeVnf.js +0 -144
  1151. package/dist/agent-runner-utils-DZOonqcp.js +0 -239
  1152. package/dist/agent-runner.runtime-ByRVf3ri.js +0 -3455
  1153. package/dist/agent-runtime-CHO-MdDI.js +0 -18
  1154. package/dist/agents-9L9SuCcn.js +0 -5
  1155. package/dist/agents-WtBMKDwO.js +0 -954
  1156. package/dist/agents.bindings-DUCT7yry.js +0 -2
  1157. package/dist/agents.command-shared-BBhswYB6.js +0 -40
  1158. package/dist/aliases-BbVKhonh.js +0 -96
  1159. package/dist/aliases-CZ5oBftl.js +0 -2
  1160. package/dist/api-BWDQZArS.js +0 -48
  1161. package/dist/api-HqzZCzSZ.js +0 -5
  1162. package/dist/api-YyjQX3CK.js +0 -3
  1163. package/dist/api-aioOoaX8.js +0 -139
  1164. package/dist/api-mhcwEPke.js +0 -4
  1165. package/dist/apply-D-o-D5ae.js +0 -508
  1166. package/dist/apply.runtime-BkZiuui8.js +0 -166
  1167. package/dist/apply.runtime-BnL-LuiS.js +0 -2
  1168. package/dist/approval-gateway-resolver-ZfVZSqSY.js +0 -29
  1169. package/dist/approval-gateway-runtime-B3klmuhM.js +0 -2
  1170. package/dist/approval-handler-runtime-B9-1ZE2m.js +0 -439
  1171. package/dist/approval-native-runtime-Dc47eE28.js +0 -729
  1172. package/dist/assistant-identity-BJGlR731.js +0 -74
  1173. package/dist/attempt-execution.runtime-Dvb3Lr4C.js +0 -509
  1174. package/dist/attempt-execution.shared-CrrA0Anh.js +0 -22
  1175. package/dist/attempt.prompt-helpers-D42OSEcl.js +0 -221
  1176. package/dist/attempt.tool-run-context-fDOIg6kt.js +0 -933
  1177. package/dist/audit-B2pydz3g.js +0 -939
  1178. package/dist/audit-extra.async-nI09atn6.js +0 -971
  1179. package/dist/audit-tool-policy-BKWAS6yU.js +0 -3
  1180. package/dist/audit.deep.runtime-aPovRAts.js +0 -2
  1181. package/dist/audit.nondeep.runtime-BvrCJl4U.js +0 -880
  1182. package/dist/audit.runtime-b0S_gQ96.js +0 -7
  1183. package/dist/auth-BN2154e0.js +0 -383
  1184. package/dist/auth-CAbEo0kO.js +0 -56
  1185. package/dist/auth-D2nGJuio.js +0 -2
  1186. package/dist/auth-ZHjpnQ6q.js +0 -177
  1187. package/dist/auth-choice-BSXGTESF.js +0 -354
  1188. package/dist/auth-choice-C5CTX499.js +0 -85
  1189. package/dist/auth-choice-C9-7i28N.js +0 -3
  1190. package/dist/auth-choice-inference-s8zdsYr7.js +0 -30
  1191. package/dist/auth-choice-legacy-CCxoDHuP.js +0 -40
  1192. package/dist/auth-choice-legacy-DDkk2RCn.js +0 -2
  1193. package/dist/auth-choice-options-BIa3PkrG.js +0 -99
  1194. package/dist/auth-choice-prompt-3zAPptyB.js +0 -2
  1195. package/dist/auth-choice-prompt-CVXaEZMS.js +0 -37
  1196. package/dist/auth-choice.apply.api-providers-CWgqsayF.js +0 -2
  1197. package/dist/auth-install-policy-ISsAgDw3.js +0 -195
  1198. package/dist/auth-order-CAYi780T.js +0 -2
  1199. package/dist/auth-order-Db_WKPjd.js +0 -96
  1200. package/dist/backup-verify-CdOAmzAS.js +0 -2
  1201. package/dist/bash-tools-DBpdfhbT.js +0 -3
  1202. package/dist/bash-tools-qdz1BvUq.js +0 -2824
  1203. package/dist/bash-tools.exec-runtime-BxYRaGWr.js +0 -829
  1204. package/dist/binding-routing-C5KQ4aMB.js +0 -85
  1205. package/dist/binding-targets-B21rWX8y.js +0 -121
  1206. package/dist/bonjour-discovery-DdJwp8BR.js +0 -2
  1207. package/dist/bridge-server-Cd9HIyEM.js +0 -113
  1208. package/dist/browser-control-auth-CqUfrmnh.js +0 -2
  1209. package/dist/browser-node-runtime-C_gi-Hxh.js +0 -12
  1210. package/dist/browser-profiles-B3PNUxu6.js +0 -2
  1211. package/dist/browser-runtime-CKNoYQQT.js +0 -387
  1212. package/dist/browser-setup-tools-BS6MamG8.js +0 -13
  1213. package/dist/build-MUrq4SZe.js +0 -550
  1214. package/dist/bundled-plugin-load-paths-PGID9xSk.js +0 -2
  1215. package/dist/bundled-plugin-load-paths-gO3UWVBf.js +0 -110
  1216. package/dist/call-4ZLbcShk.js +0 -3
  1217. package/dist/call-CnVwqvc-.js +0 -331
  1218. package/dist/call.runtime-P3tmnPlm.js +0 -2
  1219. package/dist/capability-cli-Dsf3kVxU.js +0 -1401
  1220. package/dist/catalog-provider-BbeVG9BX.js +0 -40
  1221. package/dist/catchup-DIWi6bFP.js +0 -300
  1222. package/dist/channel-Bd4WBT1e.js +0 -491
  1223. package/dist/channel-BjZJYYzo.js +0 -297
  1224. package/dist/channel-BxGYV6Zd.js +0 -840
  1225. package/dist/channel-CLQBCnlI.js +0 -350
  1226. package/dist/channel-CSWAj5aC.js +0 -226
  1227. package/dist/channel-CbZZjPYz.js +0 -1100
  1228. package/dist/channel-Cd2ZsgQ2.js +0 -453
  1229. package/dist/channel-CfyL5j9F.js +0 -595
  1230. package/dist/channel-Dblz16CA.js +0 -1174
  1231. package/dist/channel-Dklq7HwR.js +0 -1802
  1232. package/dist/channel-JMpXfym9.js +0 -1320
  1233. package/dist/channel-add-wizard-BZxYZDO9.js +0 -125
  1234. package/dist/channel-add-wizard-CaHT24zz.js +0 -2
  1235. package/dist/channel-core-5nOGNjtf.js +0 -5
  1236. package/dist/channel-doctor-BJW7bTGQ.js +0 -2
  1237. package/dist/channel-inbound-BWxr-ADn.js +0 -31
  1238. package/dist/channel-plugin-resolution-BPeYeZA8.js +0 -2
  1239. package/dist/channel-plugin-resolution-BlBNIB2a.js +0 -153
  1240. package/dist/channel-plugin-runtime-DbNUeRTy.js +0 -771
  1241. package/dist/channel-runtime-B3OHY6mP.js +0 -425
  1242. package/dist/channel-setup-Ds6mtf4v.js +0 -1297
  1243. package/dist/channel.runtime-BJpm5f_F.js +0 -109
  1244. package/dist/channel.runtime-Bj_EgjGh.js +0 -430
  1245. package/dist/channel.runtime-CQlCIZX3.js +0 -2364
  1246. package/dist/channel.runtime-M9ynpc3S.js +0 -34702
  1247. package/dist/channel.runtime-SFS4pZM1.js +0 -576
  1248. package/dist/channel.runtime-ZW6QViZZ.js +0 -4
  1249. package/dist/channel.runtime-_XulV4EX.js +0 -89
  1250. package/dist/channel.setup-WsdWwhwp.js +0 -10
  1251. package/dist/channels-DGKW1oDr.js +0 -733
  1252. package/dist/channels-cli-BlDYocQE.js +0 -268
  1253. package/dist/chat-Dw8GHjpf.js +0 -2830
  1254. package/dist/chrome-CpgPgeb8.js +0 -1181
  1255. package/dist/clawbot-cli-0H08qQ39.js +0 -9
  1256. package/dist/clawhub-B8vQZp2O.js +0 -400
  1257. package/dist/cli-BqWXkeUs.js +0 -72
  1258. package/dist/cli-DHl3RmiM.js +0 -2
  1259. package/dist/cli-DvG2clNo.js +0 -219
  1260. package/dist/cli-GgpzGzY-.js +0 -683
  1261. package/dist/cli-H3X3Abhi.js +0 -2
  1262. package/dist/cli-I_U18Zj7.js +0 -3726
  1263. package/dist/cli-N7s4V_Ac.js +0 -154
  1264. package/dist/cli-Q34b38_6.js +0 -2
  1265. package/dist/cli-runner-D87jhfwM.js +0 -286
  1266. package/dist/cli-runner.runtime-B53dwXf1.js +0 -4
  1267. package/dist/cli-runner.runtime-CXPtmCqJ.js +0 -3
  1268. package/dist/cli.runtime-DmBLxGrW.js +0 -1261
  1269. package/dist/client-Bm9vKmhX.js +0 -138
  1270. package/dist/client-CDLetywx.js +0 -713
  1271. package/dist/command-auth-CvC6ZhtG.js +0 -76
  1272. package/dist/command-config-resolution-Do83X_Bp.js +0 -23
  1273. package/dist/command-config-resolution-pVG6FoqP.js +0 -2
  1274. package/dist/command-config-resolution.runtime-kEVcfMZm.js +0 -2
  1275. package/dist/command-execution-startup-IAvWVwb_.js +0 -305
  1276. package/dist/command-registry-BdK4qesS.js +0 -9
  1277. package/dist/command-registry-ClR7_y_z.js +0 -4
  1278. package/dist/command-registry-core-B60OtQ9I.js +0 -101
  1279. package/dist/command-secret-gateway-CvREjM9H.js +0 -528
  1280. package/dist/command-status.runtime-3XmhZqmG.js +0 -87
  1281. package/dist/commands-acp-BYABMzhY.js +0 -77
  1282. package/dist/commands-compact.runtime-C3J3UER-.js +0 -10
  1283. package/dist/commands-core.runtime-DFdJh60s.js +0 -2
  1284. package/dist/commands-handlers.runtime-DCdcViLH.js +0 -4597
  1285. package/dist/commands-reset-hooks-DLnWb1Va.js +0 -133
  1286. package/dist/commands-status-CEF7Mp6D.js +0 -16
  1287. package/dist/commands-status.runtime-zP6s0nfh.js +0 -3
  1288. package/dist/commands-subagents-control.runtime-BSWumf8c.js +0 -2
  1289. package/dist/commands-subagents-control.runtime-Dy4sppYu.js +0 -3
  1290. package/dist/commands-system-prompt-BYonuxzQ.js +0 -158
  1291. package/dist/commands-system-prompt-C6TjY3rz.js +0 -2
  1292. package/dist/commands.runtime-DTd3pO4m.js +0 -166
  1293. package/dist/compact-DeHVeOYR.js +0 -1118
  1294. package/dist/compact.runtime-DO9qQwQU.js +0 -12
  1295. package/dist/completion-cli-Deus3b8-.js +0 -328
  1296. package/dist/config-Bw5Kew-v.js +0 -252
  1297. package/dist/config-cli-DFB3iuKb.js +0 -1078
  1298. package/dist/config-guard-t7jywPR-.js +0 -96
  1299. package/dist/config-runtime-Bt88vmOj.js +0 -32
  1300. package/dist/configure-CQIKpSbu.js +0 -1252
  1301. package/dist/configure-DOc4NeXh.js +0 -2
  1302. package/dist/connect-options-COnDbzRx.js +0 -699
  1303. package/dist/control-auth-Cn5YR5wo.js +0 -125
  1304. package/dist/control-service-BN9tjmGf.js +0 -156
  1305. package/dist/control-ui/assets/agents-CZUIyxEM.js +0 -1052
  1306. package/dist/control-ui/assets/canvas-Dm7T865D.js +0 -269
  1307. package/dist/control-ui/assets/channels-CiPvudJA.js +0 -463
  1308. package/dist/control-ui/assets/cron-B14-kw5R.js +0 -933
  1309. package/dist/control-ui/assets/debug-CmDZanup.js +0 -94
  1310. package/dist/control-ui/assets/index-DhGuBeJ2.js +0 -6359
  1311. package/dist/control-ui/assets/instances-VaZKj4g5.js +0 -57
  1312. package/dist/control-ui/assets/nodes-OYjiryo2.js +0 -436
  1313. package/dist/control-ui/assets/plugins-PP89PB4Q.js +0 -273
  1314. package/dist/control-ui/assets/sessions-i9hJdgF0.js +0 -306
  1315. package/dist/control-ui/assets/skills-BbUBXFNS.js +0 -323
  1316. package/dist/control-ui/assets/wallet-Olr48I33.js +0 -199
  1317. package/dist/control-ui-BJSryFYU.js +0 -1043
  1318. package/dist/conversation-id-DUC83-Xa.js +0 -235
  1319. package/dist/conversation-id-G--VoHRy.js +0 -38
  1320. package/dist/conversation-runtime-BgY9C2BO.js +0 -31
  1321. package/dist/core-v4f7bXWW.js +0 -275
  1322. package/dist/create-C26klqm6.js +0 -80
  1323. package/dist/cron-cli-nedGNJU0.js +0 -713
  1324. package/dist/daemon-cli-COmc1YwZ.js +0 -12
  1325. package/dist/daemon-install-BOPAEUyR.js +0 -64
  1326. package/dist/delegate-DEFh3qEB.js +0 -64
  1327. package/dist/deliver-BFyI54_G.js +0 -747
  1328. package/dist/deliver-CbT0UmtQ.js +0 -3
  1329. package/dist/deliver-runtime-DOskrGHp.js +0 -2
  1330. package/dist/delivery-outbound.runtime-CYJH20qm.js +0 -6
  1331. package/dist/delivery.runtime-Bc8givN7.js +0 -253
  1332. package/dist/detached-task-runtime-qIh7q5y5.js +0 -73
  1333. package/dist/devices-cli-CVodCsvr.js +0 -498
  1334. package/dist/diagnostic-support-export-8ChBfjDE.js +0 -533
  1335. package/dist/diagnostics-Bk94MOXQ.js +0 -154
  1336. package/dist/direct-dm-CHkFU7It.js +0 -64
  1337. package/dist/directive-handling.fast-lane-BS0-sUhG.js +0 -66
  1338. package/dist/directive-handling.impl-B1lfwgo8.js +0 -2
  1339. package/dist/directive-handling.impl-E4GHiSw4.js +0 -703
  1340. package/dist/directive-handling.model-selection-CbeBlSGR.js +0 -114
  1341. package/dist/directive-handling.persist.runtime-BbOq7k7q.js +0 -215
  1342. package/dist/directory-cli-APPOcabH.js +0 -240
  1343. package/dist/discovery-CWThCB8j.js +0 -2
  1344. package/dist/dispatch-BUIn3xT5.js +0 -1131
  1345. package/dist/dispatch-acp-CauXB0Yh.js +0 -981
  1346. package/dist/dispatch-acp-manager.runtime-B8MJ8ECj.js +0 -3
  1347. package/dist/dispatch-acp-media.runtime-B1Y3Y1XZ.js +0 -4
  1348. package/dist/dispatch-acp-session.runtime-DyC5raRj.js +0 -2
  1349. package/dist/dispatch-acp.runtime-vchRvLDX.js +0 -19
  1350. package/dist/doctor-auth-2TMwkvdZ.js +0 -172
  1351. package/dist/doctor-auth-legacy-oauth-BrYdrsbD.js +0 -2
  1352. package/dist/doctor-completion-8OcoxUsx.js +0 -2
  1353. package/dist/doctor-config-flow-WxpaZx3C.js +0 -420
  1354. package/dist/doctor-config-preflight-BaF4urE-.js +0 -63
  1355. package/dist/doctor-config-preflight-DZtMnKmU.js +0 -2
  1356. package/dist/doctor-cron-B2u67rGg.js +0 -678
  1357. package/dist/doctor-device-pairing-ChWlWNdm.js +0 -307
  1358. package/dist/doctor-gateway-daemon-flow-CSmhkG4A.js +0 -250
  1359. package/dist/doctor-gateway-health-DYiucwjE.js +0 -63
  1360. package/dist/doctor-gateway-services-D_PD0loN.js +0 -316
  1361. package/dist/doctor-health-BInF5NOz.js +0 -59
  1362. package/dist/doctor-health-contributions-C6TfTHDb.js +0 -493
  1363. package/dist/doctor-memory-search-Cg2YmLfu.js +0 -372
  1364. package/dist/doctor-prompter-DqkSAPwY.js +0 -56
  1365. package/dist/doctor-sandbox-BjgX5g3i.js +0 -194
  1366. package/dist/doctor-security-T7us9uYd.js +0 -210
  1367. package/dist/doctor-startup-channel-maintenance-64W6Pwei.js +0 -17
  1368. package/dist/doctor-state-migrations-C9RkcS_g.js +0 -2
  1369. package/dist/doctor-ui-zOuoVLme.js +0 -96
  1370. package/dist/doctor-update-sAD6RCVl.js +0 -58
  1371. package/dist/doctor-workspace-k-oOpOeQ.js +0 -2
  1372. package/dist/doctor-workspace-status-BAyT2p1j.js +0 -75
  1373. package/dist/dreaming-0_evepvy.js +0 -1574
  1374. package/dist/dreaming-narrative-BAEykAPD.js +0 -595
  1375. package/dist/embedded-gateway-stub.runtime-CQXHNoef.js +0 -9
  1376. package/dist/embedding-provider-D77jg3jO.js +0 -118
  1377. package/dist/embeddings-D-kGtEij.js +0 -215
  1378. package/dist/embeddings-http-CAfo13K3.js +0 -205
  1379. package/dist/empty-allowlist-scan-1Cp5AShv.js +0 -94
  1380. package/dist/empty-allowlist-scan-BI-ys6De.js +0 -2
  1381. package/dist/exec-approval-forwarder.runtime-maLuSa-B.js +0 -3
  1382. package/dist/exec-approvals-cli-BzYJkBAZ.js +0 -498
  1383. package/dist/exec-defaults-BT1qVb9h.js +0 -67
  1384. package/dist/exec-defaults-dNWVx7dc.js +0 -2
  1385. package/dist/exec-safe-bins--gFVDDdV.js +0 -2
  1386. package/dist/exec-safe-bins-eiLrQcAD.js +0 -148
  1387. package/dist/execute.runtime-DJzB1HB8.js +0 -1366
  1388. package/dist/fallbacks-BH4cdaV7.js +0 -2
  1389. package/dist/fallbacks-BSBpnXa4.js +0 -31
  1390. package/dist/fallbacks-shared-Clt3TsQ_.js +0 -111
  1391. package/dist/format-4zWzhU8Q.js +0 -245
  1392. package/dist/gateway-BGXRwNec.js +0 -115
  1393. package/dist/gateway-cli-CzwyLwg1.js +0 -1325
  1394. package/dist/gateway-discovery-targets-4C__L2V_.js +0 -42
  1395. package/dist/gateway-install-token-CDZxlaDX.js +0 -141
  1396. package/dist/gateway-rpc-BY3Oto7p.js +0 -14
  1397. package/dist/gateway-rpc.runtime-BXWIEwJ2.js +0 -23
  1398. package/dist/gateway-runtime-DRwUkgHW.js +0 -15
  1399. package/dist/gateway-status-BpWDiRPo.js +0 -584
  1400. package/dist/genesis-tools-C_polEcn.js +0 -9144
  1401. package/dist/genesis-tools.runtime-wlLaYkmW.js +0 -2
  1402. package/dist/get-reply-Djbscb0p.js +0 -3879
  1403. package/dist/get-reply-from-config.runtime-c_yymFNc.js +0 -2
  1404. package/dist/gmail-watcher-lifecycle-Be-CadK5.js +0 -191
  1405. package/dist/gmail-watcher-lifecycle-ggzxPr2v.js +0 -2
  1406. package/dist/graph-users-DGzo2oi0.js +0 -1337
  1407. package/dist/health-BOIX5Hyd.js +0 -469
  1408. package/dist/health-DgxS2kKr.js +0 -3
  1409. package/dist/health-style-BpmhVr6t.js +0 -2
  1410. package/dist/heartbeat-runner-CwIewAFM.js +0 -5
  1411. package/dist/heartbeat-runner-DZWvlc6O.js +0 -1292
  1412. package/dist/heartbeat-runner.runtime-Bvwexwm3.js +0 -4
  1413. package/dist/hooks-cli-B__N8nFC.js +0 -433
  1414. package/dist/hooks-status-BZmM-4uk.js +0 -86
  1415. package/dist/image-fallbacks-ARdMNyk9.js +0 -2
  1416. package/dist/image-fallbacks-B5f-IPre.js +0 -31
  1417. package/dist/image-generation-core-DdJI4glx.js +0 -18
  1418. package/dist/image-generation-provider-CnjSM2cp.js +0 -63
  1419. package/dist/image-generation-provider-DMDKtyjs.js +0 -157
  1420. package/dist/image-generation-provider-DSGaFXvB.js +0 -95
  1421. package/dist/image-generation-provider-DWLTDUWA.js +0 -228
  1422. package/dist/image-generation-provider-Dpt9Cxhe.js +0 -529
  1423. package/dist/image-generation-provider-SOqiP_8D.js +0 -274
  1424. package/dist/image-generation-provider-hTILgvEs.js +0 -137
  1425. package/dist/image-runtime-Cw6KnPyI.js +0 -9
  1426. package/dist/inbound-reply-dispatch-B3FKSrdM.js +0 -73
  1427. package/dist/inbound.runtime-BEVTM-H0.js +0 -3
  1428. package/dist/inbound.runtime-bre1AEdv.js +0 -4
  1429. package/dist/infra-runtime-D40sSUCf.js +0 -39
  1430. package/dist/init-D--934lj.js +0 -59
  1431. package/dist/install-BPmIu7Fr.js +0 -726
  1432. package/dist/install-BPzQAw9w.js +0 -190
  1433. package/dist/install-security-scan-BI9eIS4d.js +0 -26
  1434. package/dist/install-security-scan.runtime-CZdmIMiU.js +0 -671
  1435. package/dist/install.runtime-CzO5O86f.js +0 -27
  1436. package/dist/install.runtime-DSFCCJsH.js +0 -12
  1437. package/dist/install.runtime-MU60vpuj.js +0 -2
  1438. package/dist/jobs-BfZ4AGS3.js +0 -734
  1439. package/dist/legacy-tools-by-sender-Cob0vuXU.js +0 -2
  1440. package/dist/legacy-tools-by-sender-sXGvvdwZ.js +0 -95
  1441. package/dist/library-DJ6vMjlq.js +0 -45
  1442. package/dist/lifecycle-C4_KEIsv.js +0 -571
  1443. package/dist/lifecycle-DvgTG8pk.js +0 -229
  1444. package/dist/lifecycle.runtime-D1DCL-wO.js +0 -2
  1445. package/dist/list-BXLV65Gc.js +0 -1212
  1446. package/dist/list-Bso59rT0.js +0 -2
  1447. package/dist/list-C27fOWdB.js +0 -2
  1448. package/dist/list-_dDCEcd-.js +0 -131
  1449. package/dist/list.probe-7PH4qvJj.js +0 -419
  1450. package/dist/live-model-switch-Dzwoi72R.js +0 -336
  1451. package/dist/llm-slug-generator-63kdm2OR.js +0 -79
  1452. package/dist/load-config-C_aH0rca.js +0 -35
  1453. package/dist/loader-PS-t7z4_.js +0 -222
  1454. package/dist/local-dispatch.runtime-DB4L69Z-.js +0 -8
  1455. package/dist/login-BYQtsezq.js +0 -108
  1456. package/dist/logs-cli-D7lfZhM7.js +0 -265
  1457. package/dist/logs-cli.runtime-CFyJZr7R.js +0 -2
  1458. package/dist/main-session-restart-recovery-CN8gSmXd.js +0 -206
  1459. package/dist/managed-image-attachments-BHpzxWpi.js +0 -635
  1460. package/dist/managed-image-attachments-ynrnuzaN.js +0 -2
  1461. package/dist/manager-BHdBsJ-4.js +0 -2057
  1462. package/dist/manager-BbEguv55.js +0 -2
  1463. package/dist/markdown-to-line-CvZX649M.js +0 -790
  1464. package/dist/mcp-cli-Bm36vIZ8.js +0 -725
  1465. package/dist/mcp-http-BAkamHPJ.js +0 -529
  1466. package/dist/media-runtime-xDvelqeF.js +0 -329
  1467. package/dist/media-understanding-D2f1Sw5u.js +0 -85
  1468. package/dist/media-understanding-provider-B5zBHITx.js +0 -13
  1469. package/dist/media-understanding-provider-BF9f8Kc2.js +0 -12
  1470. package/dist/media-understanding-provider-BO0XCNzy.js +0 -28
  1471. package/dist/media-understanding-provider-Cvz4Q6U8.js +0 -18
  1472. package/dist/media-understanding-provider-DDAuhJ_N.js +0 -12
  1473. package/dist/media-understanding-provider-DrmrHvoA.js +0 -85
  1474. package/dist/media-understanding-provider-DvNmD55z.js +0 -18
  1475. package/dist/media-understanding-provider-LIShWYb1.js +0 -21
  1476. package/dist/media-understanding-provider-bTDblFEB.js +0 -37
  1477. package/dist/media-understanding-provider-zMirTfGH.js +0 -69
  1478. package/dist/media-understanding-runtime-D4TZ-fjJ.js +0 -2
  1479. package/dist/memory-core-host-runtime-cli-Km35Eu66.js +0 -9
  1480. package/dist/memory-embedding-adapter-LQFGssCg.js +0 -123
  1481. package/dist/memory-host-search-D37_7MYw.js +0 -12
  1482. package/dist/message-Dw1Q1vDW.js +0 -232
  1483. package/dist/message-action-runner-5i2YKy26.js +0 -1407
  1484. package/dist/message-action-runner-rouTQpow.js +0 -2
  1485. package/dist/message-actions-CIGFQT75.js +0 -143
  1486. package/dist/message-format-CKLFXoR1.js +0 -328
  1487. package/dist/message.gateway.runtime-CsFUD3Xo.js +0 -2
  1488. package/dist/model-picker-B4VYxzEq.js +0 -559
  1489. package/dist/model-picker-CDUdNkfe.js +0 -3
  1490. package/dist/model-picker.runtime-Vbq_0Nyf.js +0 -15
  1491. package/dist/model-selection-DP4Zcp8n.js +0 -213
  1492. package/dist/models-auth-status-D1KCepQd.js +0 -201
  1493. package/dist/models-cli-Btj5FdA8.js +0 -219
  1494. package/dist/models.fetch-kJPiR3kv.js +0 -518
  1495. package/dist/monitor-BtGV4rhd.js +0 -1237
  1496. package/dist/monitor-C_AtnL_B.js +0 -1459
  1497. package/dist/monitor-CzrunYzr.js +0 -788
  1498. package/dist/monitor-DVyns958.js +0 -671
  1499. package/dist/monitor-Dl3Dgkhr.js +0 -1661
  1500. package/dist/monitor-Dlvc68h5.js +0 -2
  1501. package/dist/monitor-auth-tgR858Ie.js +0 -207
  1502. package/dist/monitor-processing-vrwGp4ey.js +0 -1974
  1503. package/dist/monitor.runtime-4gL93IXG.js +0 -2
  1504. package/dist/monitor.webhook-BY6fnY01.js +0 -180
  1505. package/dist/msteams-C_BTrDSD.js +0 -35
  1506. package/dist/music-generation-provider-DS5qzKbp.js +0 -63
  1507. package/dist/music-generation-provider-ETSXorR4.js +0 -170
  1508. package/dist/native-hook-relay-BV_VTu1a.js +0 -519
  1509. package/dist/nextcloud-talk-DAV3h79e.js +0 -17
  1510. package/dist/node-cli-BMyfOX1d.js +0 -2506
  1511. package/dist/nodes-cli-C7o6W-57.js +0 -1046
  1512. package/dist/nodes-utils-CkcInlXX.js +0 -84
  1513. package/dist/nodes.helpers-DlttpHIF.js +0 -34
  1514. package/dist/notify-BPswoXqd.js +0 -315
  1515. package/dist/oauth-BMW6Uu6d.js +0 -152
  1516. package/dist/oauth-C57IxcVb.js +0 -139
  1517. package/dist/oauth-Cos3_Tm8.js +0 -2
  1518. package/dist/oauth-DLhqzpsA.js +0 -75
  1519. package/dist/oauth-tls-preflight-7onGTMCp.js +0 -2
  1520. package/dist/oauth.flow-B5sXe4f9.js +0 -45
  1521. package/dist/oauth.flow-C4SGDpVk.js +0 -3
  1522. package/dist/onboard-D2DJ5gYK.js +0 -632
  1523. package/dist/onboard-azFxOPDQ.js +0 -316
  1524. package/dist/onboard-channels-B_8hae58.js +0 -3
  1525. package/dist/onboard-channels-CYYkzN3n.js +0 -2
  1526. package/dist/onboard-config-Dkx9PDJF.js +0 -2
  1527. package/dist/onboard-custom-DBWwn7bA.js +0 -3
  1528. package/dist/onboard-custom-DqPCa9g_.js +0 -271
  1529. package/dist/onboard-helpers-9F1luARe.js +0 -204
  1530. package/dist/onboard-helpers-B35AFfng.js +0 -6
  1531. package/dist/onboard-hooks-scqbQ_0u.js +0 -52
  1532. package/dist/onboard-remote-3Yoz22Ua.js +0 -2
  1533. package/dist/onboard-remote-DJNTDiWN.js +0 -193
  1534. package/dist/onboard-search-88CSSNZj.js +0 -323
  1535. package/dist/onboard-skills-4FG47R9v.js +0 -2
  1536. package/dist/onboard-skills-DszLde1e.js +0 -134
  1537. package/dist/onboarding-plugin-install-R2Wv8ogP.js +0 -406
  1538. package/dist/open-policy-allowfrom-Bb8cflPm.js +0 -101
  1539. package/dist/open-policy-allowfrom-D6Pt5lcH.js +0 -2
  1540. package/dist/openai-codex-provider-Sn6gnpPy.js +0 -472
  1541. package/dist/openai-http-RiSW6RCL.js +0 -500
  1542. package/dist/openai-provider-C5WiV_oK.js +0 -313
  1543. package/dist/opencode-BEf3DHS_.js +0 -35
  1544. package/dist/openresponses-http-uihsQrWI.js +0 -1128
  1545. package/dist/operator-approvals-client-CVnzkwJp.js +0 -68
  1546. package/dist/outbound-runtime-C8CZBjjK.js +0 -5
  1547. package/dist/outbound.runtime-Bu1pCn2b.js +0 -2
  1548. package/dist/pair-command-approve-VnlhalEu.js +0 -44
  1549. package/dist/persistent-bindings.lifecycle-CkZa5ZSw.js +0 -85
  1550. package/dist/persistent-bindings.lifecycle-JneetERl.js +0 -2
  1551. package/dist/pi-embedded-4mJWzgw8.js +0 -4
  1552. package/dist/pi-embedded-Cbd5cHT-.js +0 -2905
  1553. package/dist/pi-embedded-subscribe.handlers.compaction.runtime-Cc6L30ZZ.js +0 -23
  1554. package/dist/pi-embedded.runtime-hOBxsSX2.js +0 -4
  1555. package/dist/pi-tool-definition-adapter-BQ6J-gI3.js +0 -217
  1556. package/dist/pi-tools-mrYKf_w5.js +0 -1057
  1557. package/dist/pi-tools.before-tool-call-Bcu1s6dd.js +0 -2
  1558. package/dist/pi-tools.before-tool-call-Bp_y436W.js +0 -433
  1559. package/dist/plugin-C0AG4DfO.js +0 -12195
  1560. package/dist/plugin-enabled-6QWARqV2.js +0 -140
  1561. package/dist/plugin-install-CNvOZufr.js +0 -115
  1562. package/dist/plugin-install-DQ_puPBW.js +0 -2
  1563. package/dist/plugin-install-config-policy-CrdLAK6J.js +0 -137
  1564. package/dist/plugin-install-plan-BlGsFyaK.js +0 -50
  1565. package/dist/plugin-registration-BOWb2A5S.js +0 -23
  1566. package/dist/plugin-registry-Dvz3pMfk.js +0 -3
  1567. package/dist/plugin-registry-WynVAGXW.js +0 -2
  1568. package/dist/plugin-service-CoZBvaKW.js +0 -2892
  1569. package/dist/plugins-cli-DYqIZxn-.js +0 -584
  1570. package/dist/plugins-command-helpers-B9R6gAMK.js +0 -107
  1571. package/dist/plugins-install-persist-B9psaQNp.js +0 -133
  1572. package/dist/plugins-update-command-n-54MoUJ.js +0 -1057
  1573. package/dist/policy-CGIs0Whl.js +0 -328
  1574. package/dist/prepare.runtime-GJ3FP8zv.js +0 -815
  1575. package/dist/preview-warnings-C1sLJw-y.js +0 -120
  1576. package/dist/probe-B0uel_53.js +0 -2
  1577. package/dist/probe-BMLDcZ32.js +0 -241
  1578. package/dist/probe-Bav-QtgY.js +0 -243
  1579. package/dist/probe-BiwA57vj.js +0 -74
  1580. package/dist/probe-Ci_3ht33.js +0 -2205
  1581. package/dist/probe-D8pMlDSU.js +0 -1443
  1582. package/dist/probe-DezLtnJj.js +0 -2
  1583. package/dist/probe-Dt1gxKms.js +0 -45
  1584. package/dist/probe-auth-DlhTwb46.js +0 -3
  1585. package/dist/program-S6C78I73.js +0 -111
  1586. package/dist/program-context-Ds8uJ5_0.js +0 -2
  1587. package/dist/prompt-select-styled-bIPy-fsG.js +0 -20
  1588. package/dist/protocol-C83jsm03.js +0 -2335
  1589. package/dist/provider-CwjDoVuI.js +0 -70
  1590. package/dist/provider-api-key-auth-DJsXnAsJ.js +0 -114
  1591. package/dist/provider-auth-5weS24pb.js +0 -46
  1592. package/dist/provider-auth-api-key-xONPO54i.js +0 -5
  1593. package/dist/provider-auth-choice-BU6Uu-NM.js +0 -228
  1594. package/dist/provider-auth-choice-preference-CjLBlWwT.js +0 -27
  1595. package/dist/provider-auth-choices-Cae9lEV6.js +0 -2
  1596. package/dist/provider-auth-guidance-2WFCZas6.js +0 -2
  1597. package/dist/provider-auth-login-Dx6MBNVR.js +0 -8
  1598. package/dist/provider-auth-login.runtime-DPU3bX7X.js +0 -267
  1599. package/dist/provider-dispatcher-C5E193P9.js +0 -22
  1600. package/dist/provider-dispatcher-DRpaBVoI.js +0 -2
  1601. package/dist/provider-entry-CMWmgrzY.js +0 -106
  1602. package/dist/provider-flow-B_lCjxh6.js +0 -148
  1603. package/dist/provider-install-catalog-CHnjnVn4.js +0 -108
  1604. package/dist/provider-model-defaults-6YyFItrt.js +0 -6
  1605. package/dist/provider-registration-Cz_Sa6aj.js +0 -218
  1606. package/dist/provider-registration-oDE3wvPW.js +0 -37
  1607. package/dist/proxy-cli-5dsD8slb.js +0 -44
  1608. package/dist/proxy-cli.runtime-DtOAaJyi.js +0 -372
  1609. package/dist/pw-ai-CuxAxPAK.js +0 -2511
  1610. package/dist/qr-cli-BGy1EdFR.js +0 -2
  1611. package/dist/qr-cli-D1N1qj4a.js +0 -349
  1612. package/dist/qr-image-CfoAOgi7.js +0 -2
  1613. package/dist/queue-SeTgQ4v1.js +0 -409
  1614. package/dist/reaction-runtime-api-CCX6OLTi.js +0 -116
  1615. package/dist/reactions-HriS4Lzd.js +0 -998
  1616. package/dist/read-capability-CugyApjs.js +0 -412
  1617. package/dist/register-service-commands-Bm3YW4mf.js +0 -71
  1618. package/dist/register.agent-C_sWjcmM.js +0 -248
  1619. package/dist/register.backup-D2H0YOM2.js +0 -64
  1620. package/dist/register.configure-CDV38g-s.js +0 -15
  1621. package/dist/register.maintenance-HM6XlAmr.js +0 -438
  1622. package/dist/register.message-CppmF8Fq.js +0 -329
  1623. package/dist/register.onboard-DVw5tTxy.js +0 -81
  1624. package/dist/register.runtime-Bv_g58Z3.js +0 -81
  1625. package/dist/register.setup-DrYBirHr.js +0 -150
  1626. package/dist/register.status-health-sessions-D_BlsslT.js +0 -1215
  1627. package/dist/register.subclis-B_mIsoj1.js +0 -29
  1628. package/dist/register.subclis-cEgJqD-F.js +0 -3
  1629. package/dist/register.subclis-core-9Vbv6pXL.js +0 -249
  1630. package/dist/register.wallet-B8SZqXvK.js +0 -159
  1631. package/dist/repair-sequencing-CHE8lZBR.js +0 -145
  1632. package/dist/reply-dispatch-runtime-D2iW6oyM.js +0 -13
  1633. package/dist/reply-media-paths.runtime-Cbeuxf6S.js +0 -2
  1634. package/dist/reply-media-paths.runtime-Ce0sUqmz.js +0 -146
  1635. package/dist/reply-runtime-DbZbTyRR.js +0 -11
  1636. package/dist/reply.runtime-HZt78rs1.js +0 -2
  1637. package/dist/resolve-cTAHXgZf.js +0 -259
  1638. package/dist/response-generator-I1Txyrne.js +0 -175
  1639. package/dist/restart-health-COnZzsKp.js +0 -202
  1640. package/dist/restart-health-eI6OqLsK.js +0 -2
  1641. package/dist/root-help-JJCwZUWN.js +0 -44
  1642. package/dist/route-reply-Ceh8EGzd.js +0 -162
  1643. package/dist/route-reply.runtime-CnrZS4em.js +0 -2
  1644. package/dist/routes-8SM2K3mV.js +0 -3341
  1645. package/dist/routes-CdA2B5Ih.js +0 -2
  1646. package/dist/rpc-BjIUGNvJ.js +0 -61
  1647. package/dist/rpc.runtime-DrJSFwsT.js +0 -21
  1648. package/dist/run-auth-profile.runtime-DWQ2cTlZ.js +0 -2
  1649. package/dist/run-delivery.runtime-r8f_tOSs.js +0 -530
  1650. package/dist/run-embedded.runtime-cWFV7jeB.js +0 -4
  1651. package/dist/run-execution-cli.runtime-Cb_A5ZXZ.js +0 -4
  1652. package/dist/run-executor.runtime-cIKt7XT8.js +0 -277
  1653. package/dist/run-main-Dkeo211Q.js +0 -516
  1654. package/dist/run-subagent-registry.runtime-D3RJ_VVd.js +0 -2
  1655. package/dist/run-wait-BNHvcVAx.js +0 -135
  1656. package/dist/runner-BYC9AI6n.js +0 -966
  1657. package/dist/runner.entries-RQHPJQlO.js +0 -604
  1658. package/dist/runtime-7KFT5Wnl.js +0 -263
  1659. package/dist/runtime-CAnPdqA9.js +0 -973
  1660. package/dist/runtime-JujtR8I6.js +0 -72
  1661. package/dist/runtime-PfHASyBB.js +0 -9
  1662. package/dist/runtime-ZRlD3E9S.js +0 -2
  1663. package/dist/runtime-api-BH3mTSpX.js +0 -9
  1664. package/dist/runtime-api-DWMVXYzi.js +0 -9
  1665. package/dist/runtime-api-ejyh_z6Z.js +0 -14
  1666. package/dist/runtime-api-m8CybWFK.js +0 -4
  1667. package/dist/runtime-embedded-pi.runtime-C-IVwtTs.js +0 -2
  1668. package/dist/runtime-entry-C05y9IWz.js +0 -2769
  1669. package/dist/runtime-fpqEiCAz.js +0 -116
  1670. package/dist/runtime-internal-Dfyi8iby.js +0 -2
  1671. package/dist/runtime-options-CL-8UQhL.js +0 -275
  1672. package/dist/runtime-prepare.runtime-CP3YZRq0.js +0 -80
  1673. package/dist/runtime-registry-loader-C03Ol6U_.js +0 -2
  1674. package/dist/runtime-schema-CQHEAWIe.js +0 -27796
  1675. package/dist/runtime-web-tools-DX1a8FUK.js +0 -1477
  1676. package/dist/sandbox-DjctEHje.js +0 -1156
  1677. package/dist/sandbox-F3gPY6yS.js +0 -3
  1678. package/dist/sandbox-cli-BSvKQdGK.js +0 -450
  1679. package/dist/scan-CLP9mf6Q.js +0 -523
  1680. package/dist/scan-D_J6FOI2.js +0 -2
  1681. package/dist/secrets-cli-DSSo4ZAV.js +0 -2101
  1682. package/dist/security-cli-BrgxYyHT.js +0 -486
  1683. package/dist/selection-BLnL3CIA.js +0 -7736
  1684. package/dist/selection-Bopczn8T.js +0 -2
  1685. package/dist/send-BKyU3kY5.js +0 -156
  1686. package/dist/send-BtiJkfWW.js +0 -102
  1687. package/dist/send.runtime-DF-vTxbI.js +0 -2
  1688. package/dist/server-BLWOFAVH.js +0 -13
  1689. package/dist/server-CcSf1M9y.js +0 -77
  1690. package/dist/server-context-9-okJgp8.js +0 -2
  1691. package/dist/server-context-BFPsolSM.js +0 -847
  1692. package/dist/server-node-events-9U-zD3f7.js +0 -481
  1693. package/dist/server-plugin-bootstrap-Br17f8OG.js +0 -11535
  1694. package/dist/server-plugin-bootstrap-v7VjtrnR.js +0 -2
  1695. package/dist/server-restart-sentinel-CRSWqLu5.js +0 -697
  1696. package/dist/server.impl-CUbtVPLf.js +0 -12822
  1697. package/dist/session-DAybdZjw.js +0 -48
  1698. package/dist/session-envelope-CiS8YBeP.js +0 -18
  1699. package/dist/session-key-D68MvGwI.js +0 -65
  1700. package/dist/session-kill-http-AYORP5Al.js +0 -110
  1701. package/dist/session-meta-DiXSQVi7.js +0 -109
  1702. package/dist/session-override-BSDJ8_ze.js +0 -106
  1703. package/dist/session-reset-model.runtime-DY4_Jb5l.js +0 -133
  1704. package/dist/session-reset-service-B8-SYOa3.js +0 -471
  1705. package/dist/session-route-DCD8YOOS.js +0 -93
  1706. package/dist/session-status.runtime-DT5nKTVP.js +0 -2
  1707. package/dist/session-store-DKe1sTca.js +0 -126
  1708. package/dist/session-store.runtime-BT09hrcf.js +0 -2
  1709. package/dist/session-subagent-reactivation.runtime-moOExxRG.js +0 -2
  1710. package/dist/session-tab-registry-6CK-3LZT.js +0 -581
  1711. package/dist/session-updates-BthqeByC.js +0 -236
  1712. package/dist/session-updates.runtime-DVIwMwM2.js +0 -2
  1713. package/dist/session-utils-D3S2x7za.js +0 -1006
  1714. package/dist/session-visibility-BOaiW8-B.js +0 -147
  1715. package/dist/sessions-CPxZnP4C.js +0 -2
  1716. package/dist/sessions-CRZaJLRB.js +0 -281
  1717. package/dist/sessions-CenAwEJA.js +0 -48
  1718. package/dist/sessions-helpers-D54klZ0N.js +0 -304
  1719. package/dist/sessions-history-http-CSvtpCvi.js +0 -383
  1720. package/dist/sessions-patch-B19xMHkL.js +0 -309
  1721. package/dist/sessions-q9vEmfIg.js +0 -16
  1722. package/dist/sessions-resolve-DVmdzrE3.js +0 -174
  1723. package/dist/sessions.runtime-B7jlBz2G.js +0 -2
  1724. package/dist/setup-CUfiTgI2.js +0 -421
  1725. package/dist/setup-D6ihayO1.js +0 -495
  1726. package/dist/setup-api-9s67oXlp.js +0 -29
  1727. package/dist/setup-core-C99fpLlr.js +0 -176
  1728. package/dist/setup-core-DaClXvq0.js +0 -171
  1729. package/dist/setup-surface-D525KEVY.js +0 -403
  1730. package/dist/setup-surface-Dp8-7oqb.js +0 -219
  1731. package/dist/setup-surface-MTokVtpC.js +0 -286
  1732. package/dist/setup.finalize-C-itcXZh.js +0 -539
  1733. package/dist/setup.gateway-config-CtF_uR41.js +0 -250
  1734. package/dist/shared-0_Njvu-4.js +0 -76
  1735. package/dist/shared-CINoi8DP.js +0 -121
  1736. package/dist/shared-CU_QI-su.js +0 -198
  1737. package/dist/shared-runtime-9k_uwoVc.js +0 -7
  1738. package/dist/shared-zk2nFjiQ.js +0 -217
  1739. package/dist/skill-commands-Lr9mozPh.js +0 -83
  1740. package/dist/skill-commands.runtime-Ccrr5sDP.js +0 -2
  1741. package/dist/skills-clawhub-CoxSpq-t.js +0 -275
  1742. package/dist/skills-cli-B1nEXYxf.js +0 -370
  1743. package/dist/skills-install-CEyr4Q-0.js +0 -605
  1744. package/dist/skills-snapshot.runtime-sRNT0SD9.js +0 -7
  1745. package/dist/slash-state-BuwOIYbQ.js +0 -1911
  1746. package/dist/speech-provider-9X-lk7rt.js +0 -209
  1747. package/dist/speech-provider-C-hGxBbz.js +0 -170
  1748. package/dist/speech-provider-D7FCMXvu.js +0 -216
  1749. package/dist/src-gxqtPkSN.js +0 -3974
  1750. package/dist/stage-sandbox-media.runtime-xcawVs24.js +0 -232
  1751. package/dist/stale-plugin-config-B8toKRW8.js +0 -103
  1752. package/dist/stale-plugin-config-DVSwZdEN.js +0 -2
  1753. package/dist/startup-context-D63-imDC.js +0 -312
  1754. package/dist/state-migrations-DSr9JHsF.js +0 -820
  1755. package/dist/status-9obFamZT.js +0 -190
  1756. package/dist/status-BLqb-tK5.js +0 -2
  1757. package/dist/status-Cj4HleBk.js +0 -3
  1758. package/dist/status-CrgOhrg3.js +0 -2
  1759. package/dist/status-Cv1wtqRZ.js +0 -62
  1760. package/dist/status-DJ8qQBGJ.js +0 -209
  1761. package/dist/status-KZK7NRWz.js +0 -397
  1762. package/dist/status-all-DC3fCVvo.js +0 -498
  1763. package/dist/status-json-Bjfa0-_5.js +0 -14
  1764. package/dist/status-json-command-C1RdwAgR.js +0 -84
  1765. package/dist/status-message-D7mxoFt4.js +0 -466
  1766. package/dist/status-message.runtime-dzziJRO-.js +0 -6
  1767. package/dist/status-queue.runtime-C10WJezD.js +0 -2
  1768. package/dist/status-runtime-shared-CeOsrR35.js +0 -257
  1769. package/dist/status-subagents.runtime-BMBErdMe.js +0 -18
  1770. package/dist/status-text-ByBEK9so.js +0 -237
  1771. package/dist/status.agent-local-BTmtArDP.js +0 -58
  1772. package/dist/status.command.text-runtime-DJ8gaett.js +0 -15
  1773. package/dist/status.gateway-connection.runtime-DkseUSEe.js +0 -2
  1774. package/dist/status.gateway-probe-DMp_6M2v.js +0 -16
  1775. package/dist/status.gather-BTPHTrHG.js +0 -2
  1776. package/dist/status.gather-DSIUKAm8.js +0 -292
  1777. package/dist/status.link-channel-F-n80oQz.js +0 -35
  1778. package/dist/status.node-mode-DsEoChD0.js +0 -32
  1779. package/dist/status.node-mode-GE_T0IDV.js +0 -2
  1780. package/dist/status.runtime-ivZORZbF.js +0 -2
  1781. package/dist/status.runtime-jws8sBty.js +0 -2
  1782. package/dist/status.scan-DauR-WY5.js +0 -65
  1783. package/dist/status.scan-overview-Dpo0T83_.js +0 -379
  1784. package/dist/status.scan.fast-json-Bf4asO-s.js +0 -2
  1785. package/dist/status.scan.fast-json-CmZ53rDy.js +0 -132
  1786. package/dist/status.scan.runtime-CD7rhB8Y.js +0 -409
  1787. package/dist/status.summary-BVBb43IU.js +0 -214
  1788. package/dist/status.summary-BsoP31Ak.js +0 -2
  1789. package/dist/status.update-CHdoxDYF.js +0 -2
  1790. package/dist/status.update-FoMyXtJt.js +0 -79
  1791. package/dist/store-t_e6UeQl.js +0 -910
  1792. package/dist/store-z-qNX5aX.js +0 -4
  1793. package/dist/store.runtime-DP2Pprik.js +0 -2
  1794. package/dist/stream-kpMWhVzc.js +0 -664
  1795. package/dist/subagent-announce-DuNuyqJY.js +0 -351
  1796. package/dist/subagent-announce-delivery-B4UiR8AX.js +0 -726
  1797. package/dist/subagent-announce-output-X7dAFWpV.js +0 -364
  1798. package/dist/subagent-capabilities-Br1FQ2Ar.js +0 -251
  1799. package/dist/subagent-control-CwADDJMF.js +0 -506
  1800. package/dist/subagent-control.runtime-CJp0aK6O.js +0 -3
  1801. package/dist/subagent-followup.runtime-DgCRHo-P.js +0 -68
  1802. package/dist/subagent-orphan-recovery-DPaND0LA.js +0 -305
  1803. package/dist/subagent-registry-BIAzu8LD.js +0 -1753
  1804. package/dist/subagent-registry-Z8SdU9lH.js +0 -3
  1805. package/dist/subagent-spawn-DIKeFu9r.js +0 -1005
  1806. package/dist/supervisor-BwVXGbW1.js +0 -704
  1807. package/dist/system-cli-O5gzFbKg.js +0 -59
  1808. package/dist/systemd-linger-CH5Ywx8A.js +0 -2
  1809. package/dist/target-id-DEEWnLPz.js +0 -107
  1810. package/dist/targets-BqOfjrX_.js +0 -67
  1811. package/dist/task-executor-BGncFMoh.js +0 -360
  1812. package/dist/task-owner-access-DQYVI-In.js +0 -74
  1813. package/dist/task-registry-8GSAuUDF.js +0 -2366
  1814. package/dist/task-registry-delivery-runtime-661R5b9C.js +0 -3
  1815. package/dist/task-registry-delivery-runtime-BCICoM3b.js +0 -2
  1816. package/dist/task-registry.maintenance-CPSvCCES.js +0 -416
  1817. package/dist/task-registry.maintenance-CYEycEiH.js +0 -2
  1818. package/dist/testing-BALbxnoY.js +0 -575
  1819. package/dist/text-report-C31JmnxT.js +0 -587
  1820. package/dist/tool-auth-shared-lOvNDLXS.js +0 -90
  1821. package/dist/tool-policy-pipeline-CSh3Mr8c.js +0 -109
  1822. package/dist/tool-resolution-BxjrmKBb.js +0 -90
  1823. package/dist/tools-effective-inventory-DGNt7lW2.js +0 -152
  1824. package/dist/tools-invoke-http-Dj-ReJVx.js +0 -206
  1825. package/dist/transcript-DK8bLOGQ.js +0 -312
  1826. package/dist/transcript-resolve.runtime-CCOPZ5SW.js +0 -2
  1827. package/dist/transcript.runtime-nYO6HglP.js +0 -2
  1828. package/dist/trash-CdL58JhS.js +0 -24
  1829. package/dist/tts-CpqgN8Lc.js +0 -64
  1830. package/dist/tui-cli-drmGvmS6.js +0 -4575
  1831. package/dist/uninstall-CYlyPrRR.js +0 -185
  1832. package/dist/update-YjxOXm5D.js +0 -1282
  1833. package/dist/update-cli-BfhENNCG.js +0 -1759
  1834. package/dist/update-runner-Dnc4hBQd.js +0 -1892
  1835. package/dist/update-startup-DSnY9P3k.js +0 -331
  1836. package/dist/update-startup-DnApgs_7.js +0 -2
  1837. package/dist/upgrade-DGTmkfQr.js +0 -1226
  1838. package/dist/video-generation-provider-24yLqnSZ.js +0 -254
  1839. package/dist/video-generation-provider-8j4PNLKE.js +0 -118
  1840. package/dist/video-generation-provider-DDwLRLiR.js +0 -187
  1841. package/dist/video-generation-provider-DGJe4N-c.js +0 -271
  1842. package/dist/video-generation-provider-DLMLF7z-2.js +0 -77
  1843. package/dist/video-generation-provider-D_T2R-Mh.js +0 -287
  1844. package/dist/video-generation-provider-DcNUjls_.js +0 -78
  1845. package/dist/video-generation-provider-Dl6j6XIE.js +0 -281
  1846. package/dist/video-generation-provider-DnVDR0yx.js +0 -221
  1847. package/dist/video-generation-provider-oE8-W2xN.js +0 -64
  1848. package/dist/video-generation-provider-weeKqmY-.js +0 -264
  1849. package/dist/video-generation-task-status-CQ9vf0P1.js +0 -163
  1850. package/dist/wait-for-idle-before-flush-XCTsu7bq.js +0 -5986
  1851. package/dist/web-search-provider-Cm90v9So.js +0 -163
  1852. package/dist/webhooks-cli-DbinLpWK.js +0 -321
  1853. package/dist/wizard-models-CYnCrGUS.js +0 -161
  1854. package/dist/workflow-runtime-DmHRkMvf.js +0 -485
  1855. /package/dist/{agent-list-vf9Q1JYA.js → agent-list-BG1HT1uV.js} +0 -0
  1856. /package/dist/{agents.bindings-Bem54JDr.js → agents.bindings-BsKwP-M1.js} +0 -0
  1857. /package/dist/{agents.config-Bf4IE_jt.js → agents.config-BcQjdDjt.js} +0 -0
  1858. /package/dist/{audit-channel.collect.runtime-4SDS3d6l.js → audit-channel.collect.runtime-Da2LJFzJ.js} +0 -0
  1859. /package/dist/{audit-tool-policy-DfW-Bg35.js → audit-tool-policy-Bp9Sm0oc.js} +0 -0
  1860. /package/dist/{auth-choice.apply.api-providers-Dr-BX6uo.js → auth-choice.apply.api-providers-nfkY6hL9.js} +0 -0
  1861. /package/dist/{auth-choice.plugin-providers.runtime-DJ50fpMo.js → auth-choice.plugin-providers.runtime-CKKBgy5E.js} +0 -0
  1862. /package/dist/{auth-surface-resolution-CPavr6ne.js → auth-surface-resolution-C5xRC0i_.js} +0 -0
  1863. /package/dist/{backup-verify-BBzQn06f.js → backup-verify-DeZBme1Z.js} +0 -0
  1864. /package/dist/{bonjour-discovery-BCuBu3eC.js → bonjour-discovery-DVp0CY5y.js} +0 -0
  1865. /package/dist/{browser-open-DJ4t4o6e.js → browser-open-BmFZAtQZ.js} +0 -0
  1866. /package/dist/{channel-account-context-CxskCBia.js → channel-account-context-08pGSfVf.js} +0 -0
  1867. /package/dist/{channel-capabilities-CGqnrmrr.js → channel-capabilities-bO3yWqgu.js} +0 -0
  1868. /package/dist/{channel-doctor-C29LMDyi.js → channel-doctor-DROap4LU.js} +0 -0
  1869. /package/dist/{channel-plugin-blockers-Db1JoUT3.js → channel-plugin-blockers-DS3H1CnV.js} +0 -0
  1870. /package/dist/{channel-selection.runtime-CFTt0ATQ.js → channel-selection.runtime-C8I-oIhj.js} +0 -0
  1871. /package/dist/{channels-status-issues-BvyaX7fu.js → channels-status-issues-DhD0yasL.js} +0 -0
  1872. /package/dist/{channels-table-DGrWByle.js → channels-table-CdaaJWDE.js} +0 -0
  1873. /package/dist/{close-reason-DPozo0RR.js → close-reason-DCEn5ZLO.js} +0 -0
  1874. /package/dist/{config-2LFRVjdy.js → config-DGZhYDuc.js} +0 -0
  1875. /package/dist/{config-mutation-state-DvELg9U3.js → config-mutation-state-4dXmSxXo.js} +0 -0
  1876. /package/dist/{config-validation-Gz3XLWkk.js → config-validation-Bx_ufkz3.js} +0 -0
  1877. /package/dist/{configured-DHBUKT37.js → configured-LOSXYOON.js} +0 -0
  1878. /package/dist/{control-ui-assets-Bn4WlmDz.js → control-ui-assets-_5qLV7Of.js} +0 -0
  1879. /package/dist/{coverage-BgPvdovz.js → coverage-BW7REo8f.js} +0 -0
  1880. /package/dist/{daemon-install-auth-profiles-source.runtime-1VDwhrxW.js → daemon-install-auth-profiles-source.runtime-CT6HhS4a.js} +0 -0
  1881. /package/dist/{daemon-install-auth-profiles-store.runtime-DX6klKlD.js → daemon-install-auth-profiles-store.runtime-Bmt-S1Th.js} +0 -0
  1882. /package/dist/{delivery-logger.runtime-QED0YWeh.js → delivery-logger.runtime-aZc6eYH6.js} +0 -0
  1883. /package/dist/{delivery-subagent-registry.runtime-BzWcJLcF.js → delivery-subagent-registry.runtime-DbsJlOPs.js} +0 -0
  1884. /package/dist/{delivery-target.runtime-MCOBBchX.js → delivery-target.runtime-CJ2AFZQF.js} +0 -0
  1885. /package/dist/{discovery-DGW2-MLa.js → discovery-CrxVb47K.js} +0 -0
  1886. /package/dist/{doctor-auth-legacy-oauth-BV7C6Vfj.js → doctor-auth-legacy-oauth-CQ-450U8.js} +0 -0
  1887. /package/dist/{doctor-bootstrap-size-PW5cPiSq.js → doctor-bootstrap-size-DFMO-0_2.js} +0 -0
  1888. /package/dist/{doctor-browser-DcQUu327.js → doctor-browser-DAmWk-ym.js} +0 -0
  1889. /package/dist/{doctor-bundled-plugin-runtime-deps-D1esrgeQ.js → doctor-bundled-plugin-runtime-deps-DL8egd0z.js} +0 -0
  1890. /package/dist/{doctor-claude-cli-B4BZv-kG.js → doctor-claude-cli-D8n8fZH1.js} +0 -0
  1891. /package/dist/{doctor-completion-WKgtPjbK.js → doctor-completion-DlF2_ta4.js} +0 -0
  1892. /package/dist/{doctor-config-analysis-BQdKpP5K.js → doctor-config-analysis-G4qApgNB.js} +0 -0
  1893. /package/dist/{doctor-install-DmjLfve4.js → doctor-install-BMLurFXg.js} +0 -0
  1894. /package/dist/{doctor-platform-notes-R_SxZdMz.js → doctor-platform-notes-DclB4xTp.js} +0 -0
  1895. /package/dist/{doctor-plugin-manifests-CA7lPt_x.js → doctor-plugin-manifests-Df-R6NRK.js} +0 -0
  1896. /package/dist/{doctor-repair-mode-DUDOaIhC.js → doctor-repair-mode-DjA0yOsO.js} +0 -0
  1897. /package/dist/{doctor-session-locks-Dx6vj6mm.js → doctor-session-locks-nnNg0XQt.js} +0 -0
  1898. /package/dist/{doctor-state-integrity-BQo15whd.js → doctor-state-integrity-mZ-atajo.js} +0 -0
  1899. /package/dist/{doctor-workspace-BIyTt_M_.js → doctor-workspace-CC8n4W1s.js} +0 -0
  1900. /package/dist/{gateway-lock-BaykvnC-.js → gateway-lock-BJ54teSG.js} +0 -0
  1901. /package/dist/{gateway-presence-Dut8sl-J.js → gateway-presence-Ck83hwdf.js} +0 -0
  1902. /package/dist/{gmail-setup-utils-ZOTbsJFv.js → gmail-setup-utils-CJA4K3ai.js} +0 -0
  1903. /package/dist/{health-format-B2qc32Pr.js → health-format-lZouXkHr.js} +0 -0
  1904. /package/dist/{health-style-BbCs1Yab.js → health-style-L-8YpdOF.js} +0 -0
  1905. /package/dist/{help-CwxpeDY5.js → help-B0u4yzRF.js} +0 -0
  1906. /package/dist/{helpers-LcBHwWZc.js → helpers-_-TEHOc6.js} +0 -0
  1907. /package/dist/{http-endpoint-helpers-BNftqeoQ.js → http-endpoint-helpers-C9HFCAZ9.js} +0 -0
  1908. /package/dist/{image-CAZ8XAQL.js → image-B6bNXdin.js} +0 -0
  1909. /package/dist/{image-generation-core.auth.runtime-0Qo_H5K_.js → image-generation-core.auth.runtime-B9u67AkK.js} +0 -0
  1910. /package/dist/{includes-scan-DoynIeya.js → includes-scan-C2pgYVb9.js} +0 -0
  1911. /package/dist/{input-allowlist-c0bB2eKy.js → input-allowlist-BOaar9sV.js} +0 -0
  1912. /package/dist/{install-package-dir-DPpzkcTy.js → install-package-dir-DBuZueA5.js} +0 -0
  1913. /package/dist/{install-target-DVcgbidG.js → install-target-CIbvCu-L.js} +0 -0
  1914. /package/dist/{ipv4-DMxATcV1.js → ipv4-x_VPPHNE.js} +0 -0
  1915. /package/dist/{lifecycle-startup-gLhpfLB7.js → lifecycle-startup-irALz7cL.js} +0 -0
  1916. /package/dist/{log-tail-9Hz1lmAo.js → log-tail-X0OPkkt2.js} +0 -0
  1917. /package/dist/{memory-host-search.runtime-HNAskOxX.js → memory-host-search.runtime-DDlULx33.js} +0 -0
  1918. /package/dist/{message.config.runtime-Cso6MvT8.js → message.config.runtime-Cn6_nzb5.js} +0 -0
  1919. /package/dist/{models-http-x7qxTDsp.js → models-http-C485AWr-.js} +0 -0
  1920. /package/dist/{node-service-BJUuDPKK.js → node-service-DoJ8Y9pv.js} +0 -0
  1921. /package/dist/{object-PDLz41ub.js → object-Bx7kd36S.js} +0 -0
  1922. /package/dist/{onboard-config-izAl6gwz.js → onboard-config-CqQvgsYa.js} +0 -0
  1923. /package/dist/{onboard-core-auth-flags-BMxne6w7.js → onboard-core-auth-flags-__K0sJjJ.js} +0 -0
  1924. /package/dist/{onboard-custom-config-3QJEWGL0.js → onboard-custom-config-BWwqk5fe.js} +0 -0
  1925. /package/dist/{package-update-utils-DE_n1gKX.js → package-update-utils-CCxatoo6.js} +0 -0
  1926. /package/dist/{pairing-cli-d6AhyJBm.js → pairing-cli-D-FUyZEV.js} +0 -0
  1927. /package/dist/{parse-log-line-LslQCpUT.js → parse-log-line-DoA9bQrQ.js} +0 -0
  1928. /package/dist/{paths-Cg-jfcZN.js → paths-BJ5uczC1.js} +0 -0
  1929. /package/dist/{ports-Ce2qG4x8.js → ports-CC9fm-fy.js} +0 -0
  1930. /package/dist/{probe-auth-Bn7VL9ZR.js → probe-auth-DFrZGBYH.js} +0 -0
  1931. /package/dist/{probe-target-BSlPhDks.js → probe-target-Chki0Xkk.js} +0 -0
  1932. /package/dist/{program-context-Kgd1rM3u.js → program-context-zMhdBPNy.js} +0 -0
  1933. /package/dist/{provider-api-key-auth.runtime-VgQwNphE.js → provider-api-key-auth.runtime-BmxvYpks.js} +0 -0
  1934. /package/dist/{provider-auth-choices-BCbf2yRh.js → provider-auth-choices-BB5yTDNn.js} +0 -0
  1935. /package/dist/{provider-auth-guidance-BWdK-ykC.js → provider-auth-guidance-CP_5xA8Y.js} +0 -0
  1936. /package/dist/{provider-openai-codex-oauth-tls-DtZu90G7.js → provider-openai-codex-oauth-tls-DerZ1cTV.js} +0 -0
  1937. /package/dist/{push-apns-BciQnS_A.js → push-apns-BvvTQGNo.js} +0 -0
  1938. /package/dist/{read-best-effort-config.runtime-qVYHl7Xo.js → read-best-effort-config.runtime-C5T0K31f.js} +0 -0
  1939. /package/dist/{root-help-metadata-ekl-JjpR.js → root-help-metadata-DfEC0ws2.js} +0 -0
  1940. /package/dist/{run-context.runtime-4WGT7JBj.js → run-context.runtime-QbU7trk9.js} +0 -0
  1941. /package/dist/{run-external-content.runtime-D3JPvjLm.js → run-external-content.runtime-pkNsrLtO.js} +0 -0
  1942. /package/dist/{run-id-R6ObHP3v.js → run-id-DWJ95pBN.js} +0 -0
  1943. /package/dist/{run-model-catalog.runtime-BggglNcs.js → run-model-catalog.runtime-CAcKERDC.js} +0 -0
  1944. /package/dist/{run-session-state-BaNj_GaS.js → run-session-state-XlO-wc3A.js} +0 -0
  1945. /package/dist/{runtime-manifest.runtime-Ddvsb5G5.js → runtime-manifest.runtime-DHHRd6iG.js} +0 -0
  1946. /package/dist/{runtime-registry-loader-9HAwLW0h.js → runtime-registry-loader-Bzjy_HHi.js} +0 -0
  1947. /package/dist/{runtime-web-channel-plugin-DVDCKmzx.js → runtime-web-channel-plugin-Dl8enKc3.js} +0 -0
  1948. /package/dist/{runtime-web-tools-fallback.runtime-Brdq0-xZ.js → runtime-web-tools-fallback.runtime-BCaVKJOn.js} +0 -0
  1949. /package/dist/{runtime-web-tools-manifest.runtime-BRmjTDGh.js → runtime-web-tools-manifest.runtime-3ureBtOs.js} +0 -0
  1950. /package/dist/{runtime-web-tools-public-artifacts.runtime-DsVQgFR8.js → runtime-web-tools-public-artifacts.runtime-7kYkuMoy.js} +0 -0
  1951. /package/dist/{schedule-ZSZnEiFe.js → schedule-Beb3GOcH.js} +0 -0
  1952. /package/dist/{server-startup-log-Eplhdcpt.js → server-startup-log-VzrHGqrP.js} +0 -0
  1953. /package/dist/{server-startup-memory-DyQIirmI.js → server-startup-memory-C5BZZa9k.js} +0 -0
  1954. /package/dist/{server-tailscale-DgAyhovj.js → server-tailscale-DpU6qzPY.js} +0 -0
  1955. /package/dist/{service-CO5U35OJ.js → service-BTZwpGci.js} +0 -0
  1956. /package/dist/{services-DNIJn8xg.js → services-BeY15lKe.js} +0 -0
  1957. /package/dist/{session-archive.runtime-rUFw8vE3.js → session-archive.runtime-kZWDRugt.js} +0 -0
  1958. /package/dist/{setup-launch-env-DCjAfCDq.js → setup-launch-env-CgNfSFCy.js} +0 -0
  1959. /package/dist/{setup.plugin-config-DyOBe14m.js → setup.plugin-config-EEmTDTvp.js} +0 -0
  1960. /package/dist/{setup.secret-input-Drr2LKMe.js → setup.secret-input-DnGWpeX9.js} +0 -0
  1961. /package/dist/{skill-scanner-B4yjTBTL.js → skill-scanner-CTCiX7W7.js} +0 -0
  1962. /package/dist/{ssh-config-QI5SlOa1.js → ssh-config-dpF9FXUa.js} +0 -0
  1963. /package/dist/{status-D3Yk4ckb.js → status-BmXT7hzH.js} +0 -0
  1964. /package/dist/{status.format-bwV75oQh.js → status.format-D83pj6zB.js} +0 -0
  1965. /package/dist/{status.gateway-connection-B0HsKKf1.js → status.gateway-connection-Dni-CXUg.js} +0 -0
  1966. /package/dist/{status.scan.deps.runtime-inl0xzZH.js → status.scan.deps.runtime-DyhPcxBc.js} +0 -0
  1967. /package/dist/{subagent-followup-hints-rwiRTQ4_.js → subagent-followup-hints-DCvZ8pkz.js} +0 -0
  1968. /package/dist/{supervisor-log.runtime-gvNK9Wct.js → supervisor-log.runtime-B9_WwWul.js} +0 -0
  1969. /package/dist/{systemd-linger-BH3QL_N0.js → systemd-linger-D0Pquvmk.js} +0 -0
  1970. /package/dist/{targets.runtime-BWbu7FiA.js → targets.runtime-CfoMqGAv.js} +0 -0
  1971. /package/dist/{task-registry.audit.shared-B9InRDQ7.js → task-registry.audit.shared-WSawIHtV.js} +0 -0
  1972. /package/dist/{text-format-J_bO4oMX.js → text-format-Ck1rxlbh.js} +0 -0
  1973. /package/dist/{types-cKnUNBos.js → types-CFl4vCLB.js} +0 -0
  1974. /package/dist/{update-check-BOB550De.js → update-check-BErCzWUb.js} +0 -0
  1975. /package/dist/{workspace-D6DmbfYx.js → workspace-NJH7qx4x.js} +0 -0
@@ -1,2101 +0,0 @@
1
- import { i as formatErrorMessage } from "./errors-Jbvi20TW.js";
2
- import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, d as normalizeStringifiedOptionalString, s as normalizeOptionalLowercaseString } from "./string-coerce-C1IzJjqi.js";
3
- import { f as resolveConfigDir, l as isRecord, m as resolveUserPath } from "./utils-DaGfogP-.js";
4
- import { n as defaultRuntime } from "./runtime-CQ7eH0le.js";
5
- import { t as formatDocsLink } from "./links-DmsJCU7L.js";
6
- import { r as theme } from "./theme-BrRleVfL.js";
7
- import { _ as resolveStateDir } from "./paths-DmR9mjUX.js";
8
- import { a as coerceSecretRef, p as resolveSecretInputRef } from "./types.secrets-ews2W8BF.js";
9
- import { a as formatExecSecretRefIdValidationMessage, c as isValidSecretProviderAlias, l as resolveDefaultSecretProviderAlias, o as isValidExecSecretRefId, u as secretRefKey } from "./ref-contract-GkHI8jyU.js";
10
- import { t as danger } from "./globals-C5IxqXPj.js";
11
- import { t as runTasksWithConcurrency } from "./run-with-concurrency-jYHyKOXI.js";
12
- import { a as parseEnvValue, i as parseDotPath, l as writeTextFileAtomic, n as isNonEmptyString, s as toDotPath } from "./shared-DqD6V-gu.js";
13
- import { a as resolveSecretRefValue, o as resolveSecretRefValues, r as isProviderScopedSecretResolutionError } from "./resolve-DeAojonS.js";
14
- import { t as isSafeExecutableValue } from "./exec-safety-DmOD5trD.js";
15
- import { w as SecretProviderSchema } from "./zod-schema.core--iz7S8Y4.js";
16
- import { r as createConfigIO } from "./io-CRiu9qZr.js";
17
- import { c as normalizeAgentId } from "./session-key-EpIbK3Oz.js";
18
- import { r as normalizeProviderId } from "./provider-id-BLh32HP1.js";
19
- import { r as listKnownSecretEnvVarNames, t as getProviderEnvVars } from "./provider-env-vars-CEaBLk-N.js";
20
- import { _ as resolveAgentConfig, g as listAgentIds, x as resolveDefaultAgentId, y as resolveAgentDir } from "./agent-scope-CDjZLqNk.js";
21
- import { n as getPath, r as setPathCreateStrict, t as deletePathStrict } from "./path-utils-DPIN5oO-.js";
22
- import { a as listAuthProfileSecretTargetEntries, c as resolvePlanTargetAgainstRegistry, n as discoverConfigSecretTargets, t as discoverAuthProfileSecretTargets } from "./target-registry-C7n9-LgM.js";
23
- import "./config-BfVmr1uB.js";
24
- import { l as resolveAuthStorePath } from "./source-check-DseWz2_m.js";
25
- import { c as loadAuthProfileStoreForSecretsRuntime, m as loadPersistedAuthProfileStore, p as coercePersistedAuthProfileStore } from "./store-B7lQCF9k.js";
26
- import { f as isSecretRefHeaderValueMarker, u as isNonSecretApiKeyMarker } from "./model-auth-markers-fwjZQJ4n.js";
27
- import "./model-selection-BJS5Z_AY.js";
28
- import "./auth-profiles-Dw91z8M7.js";
29
- import { a as prepareSecretsRuntimeSnapshot } from "./runtime-7KFT5Wnl.js";
30
- import { n as hasConfiguredPlaintextSecretValue, r as isExpectedResolvedSecretValue, t as assertExpectedResolvedSecretValue } from "./secret-value-CmclQ8Lx.js";
31
- import { n as callGatewayFromCli, t as addGatewayClientOptions } from "./gateway-rpc-BY3Oto7p.js";
32
- import fs from "node:fs";
33
- import path from "node:path";
34
- import os from "node:os";
35
- import { isDeepStrictEqual } from "node:util";
36
- import { confirm, select, text } from "@clack/prompts";
37
- //#region src/secrets/auth-profiles-scan.ts
38
- function getAuthProfileFieldName(pathPattern) {
39
- const segments = pathPattern.split(".").filter(Boolean);
40
- return segments[segments.length - 1] ?? "";
41
- }
42
- const AUTH_PROFILE_FIELD_SPEC_BY_TYPE = (() => {
43
- const defaults = {
44
- api_key: {
45
- valueField: "key",
46
- refField: "keyRef"
47
- },
48
- token: {
49
- valueField: "token",
50
- refField: "tokenRef"
51
- }
52
- };
53
- for (const target of listAuthProfileSecretTargetEntries()) {
54
- if (!target.authProfileType) continue;
55
- defaults[target.authProfileType] = {
56
- valueField: getAuthProfileFieldName(target.pathPattern),
57
- refField: target.refPathPattern !== void 0 ? getAuthProfileFieldName(target.refPathPattern) : defaults[target.authProfileType].refField
58
- };
59
- }
60
- return defaults;
61
- })();
62
- function getAuthProfileFieldSpec(type) {
63
- return AUTH_PROFILE_FIELD_SPEC_BY_TYPE[type];
64
- }
65
- function toSecretCredentialVisit(params) {
66
- const spec = getAuthProfileFieldSpec(params.kind);
67
- return {
68
- kind: params.kind,
69
- profileId: params.profileId,
70
- provider: params.provider,
71
- profile: params.profile,
72
- valueField: spec.valueField,
73
- refField: spec.refField,
74
- value: params.profile[spec.valueField],
75
- refValue: params.profile[spec.refField]
76
- };
77
- }
78
- function* iterateAuthProfileCredentials(profiles) {
79
- for (const [profileId, value] of Object.entries(profiles)) {
80
- if (!isRecord(value) || !isNonEmptyString(value.provider)) continue;
81
- const provider = value.provider;
82
- if (value.type === "api_key" || value.type === "token") {
83
- yield toSecretCredentialVisit({
84
- kind: value.type,
85
- profileId,
86
- provider,
87
- profile: value
88
- });
89
- continue;
90
- }
91
- if (value.type === "oauth") yield {
92
- kind: "oauth",
93
- profileId,
94
- provider,
95
- profile: value,
96
- hasAccess: isNonEmptyString(value.access),
97
- hasRefresh: isNonEmptyString(value.refresh)
98
- };
99
- }
100
- }
101
- //#endregion
102
- //#region src/secrets/config-io.ts
103
- const silentConfigIoLogger = {
104
- error: () => {},
105
- warn: () => {}
106
- };
107
- function createSecretsConfigIO(params) {
108
- return createConfigIO({
109
- env: params.env,
110
- logger: silentConfigIoLogger
111
- });
112
- }
113
- //#endregion
114
- //#region src/secrets/exec-resolution-policy.ts
115
- function selectRefsForExecPolicy(params) {
116
- const refsToResolve = [];
117
- const skippedExecRefs = [];
118
- for (const ref of params.refs) {
119
- if (ref.source === "exec" && !params.allowExec) {
120
- skippedExecRefs.push(ref);
121
- continue;
122
- }
123
- refsToResolve.push(ref);
124
- }
125
- return {
126
- refsToResolve,
127
- skippedExecRefs
128
- };
129
- }
130
- function getSkippedExecRefStaticError(params) {
131
- const id = params.ref.id.trim();
132
- const refLabel = `${params.ref.source}:${params.ref.provider}:${id}`;
133
- if (!id) return "Error: Secret reference id is empty.";
134
- if (!isValidExecSecretRefId(id)) return `Error: ${formatExecSecretRefIdValidationMessage()} (ref: ${refLabel}).`;
135
- const providerConfig = params.config.secrets?.providers?.[params.ref.provider];
136
- if (!providerConfig) return `Error: Secret provider "${params.ref.provider}" is not configured (ref: ${refLabel}).`;
137
- if (providerConfig.source !== params.ref.source) return `Error: Secret provider "${params.ref.provider}" has source "${providerConfig.source}" but ref requests "${params.ref.source}".`;
138
- return null;
139
- }
140
- //#endregion
141
- //#region src/secrets/plan.ts
142
- const FORBIDDEN_PATH_SEGMENTS = new Set([
143
- "__proto__",
144
- "prototype",
145
- "constructor"
146
- ]);
147
- function isObjectRecord(value) {
148
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
149
- }
150
- function isSecretProviderConfigShape(value) {
151
- return SecretProviderSchema.safeParse(value).success;
152
- }
153
- function hasForbiddenPathSegment(segments) {
154
- return segments.some((segment) => FORBIDDEN_PATH_SEGMENTS.has(segment));
155
- }
156
- function resolveValidatedPlanTarget(candidate) {
157
- if (typeof candidate.type !== "string" || !candidate.type.trim()) return null;
158
- const path = typeof candidate.path === "string" ? candidate.path.trim() : "";
159
- if (!path) return null;
160
- const segments = Array.isArray(candidate.pathSegments) && candidate.pathSegments.length > 0 ? candidate.pathSegments.map((segment) => segment.trim()).filter(Boolean) : parseDotPath(path);
161
- if (segments.length === 0 || hasForbiddenPathSegment(segments) || path !== toDotPath(segments)) return null;
162
- return resolvePlanTargetAgainstRegistry({
163
- type: candidate.type,
164
- pathSegments: segments,
165
- providerId: candidate.providerId,
166
- accountId: candidate.accountId
167
- });
168
- }
169
- function isSecretsApplyPlan(value) {
170
- if (!value || typeof value !== "object" || Array.isArray(value)) return false;
171
- const typed = value;
172
- if (typed.version !== 1 || typed.protocolVersion !== 1 || !Array.isArray(typed.targets)) return false;
173
- for (const target of typed.targets) {
174
- if (!target || typeof target !== "object") return false;
175
- const candidate = target;
176
- const ref = candidate.ref;
177
- const resolved = resolveValidatedPlanTarget({
178
- type: candidate.type,
179
- path: candidate.path,
180
- pathSegments: candidate.pathSegments,
181
- agentId: candidate.agentId,
182
- providerId: candidate.providerId,
183
- accountId: candidate.accountId,
184
- authProfileProvider: candidate.authProfileProvider
185
- });
186
- if (typeof candidate.path !== "string" || !candidate.path.trim() || candidate.pathSegments !== void 0 && !Array.isArray(candidate.pathSegments) || !resolved || !ref || typeof ref !== "object" || ref.source !== "env" && ref.source !== "file" && ref.source !== "exec" || typeof ref.provider !== "string" || ref.provider.trim().length === 0 || typeof ref.id !== "string" || ref.id.trim().length === 0 || ref.source === "exec" && !isValidExecSecretRefId(ref.id)) return false;
187
- if (resolved.entry.configFile === "auth-profiles.json") {
188
- if (typeof candidate.agentId !== "string" || candidate.agentId.trim().length === 0) return false;
189
- if (candidate.authProfileProvider !== void 0 && (typeof candidate.authProfileProvider !== "string" || candidate.authProfileProvider.trim().length === 0)) return false;
190
- }
191
- }
192
- if (typed.providerUpserts !== void 0) {
193
- if (!isObjectRecord(typed.providerUpserts)) return false;
194
- for (const [providerAlias, providerValue] of Object.entries(typed.providerUpserts)) {
195
- if (!isValidSecretProviderAlias(providerAlias)) return false;
196
- if (!isSecretProviderConfigShape(providerValue)) return false;
197
- }
198
- }
199
- if (typed.providerDeletes !== void 0) {
200
- if (!Array.isArray(typed.providerDeletes) || typed.providerDeletes.some((providerAlias) => typeof providerAlias !== "string" || !isValidSecretProviderAlias(providerAlias))) return false;
201
- }
202
- return true;
203
- }
204
- function normalizeSecretsPlanOptions(options) {
205
- return {
206
- scrubEnv: options?.scrubEnv ?? true,
207
- scrubAuthProfilesForProviderTargets: options?.scrubAuthProfilesForProviderTargets ?? true,
208
- scrubLegacyAuthJson: options?.scrubLegacyAuthJson ?? true
209
- };
210
- }
211
- //#endregion
212
- //#region src/secrets/auth-store-paths.ts
213
- function listAuthProfileStorePaths$1(config, stateDir) {
214
- const paths = /* @__PURE__ */ new Set();
215
- paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
216
- const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
217
- if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
218
- if (!entry.isDirectory()) continue;
219
- paths.add(path.join(agentsRoot, entry.name, "agent", "auth-profiles.json"));
220
- }
221
- for (const agentId of listAgentIds(config)) {
222
- if (agentId === "main") {
223
- paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
224
- continue;
225
- }
226
- const agentDir = resolveAgentDir(config, agentId);
227
- paths.add(resolveUserPath(resolveAuthStorePath(agentDir)));
228
- }
229
- return [...paths];
230
- }
231
- //#endregion
232
- //#region src/secrets/storage-scan.ts
233
- function isJsonObject(value) {
234
- return typeof value === "object" && value !== null && !Array.isArray(value);
235
- }
236
- function parseEnvAssignmentValue(raw) {
237
- return parseEnvValue(raw);
238
- }
239
- function listAuthProfileStorePaths(config, stateDir) {
240
- return listAuthProfileStorePaths$1(config, stateDir);
241
- }
242
- function listLegacyAuthJsonPaths(stateDir) {
243
- const out = [];
244
- const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
245
- if (!fs.existsSync(agentsRoot)) return out;
246
- for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
247
- if (!entry.isDirectory()) continue;
248
- const candidate = path.join(agentsRoot, entry.name, "agent", "auth.json");
249
- if (fs.existsSync(candidate)) out.push(candidate);
250
- }
251
- return out;
252
- }
253
- function resolveActiveAgentDir(stateDir, env = process.env) {
254
- const override = env.GENESIS_AGENT_DIR?.trim() || env.PI_CODING_AGENT_DIR?.trim();
255
- if (override) return resolveUserPath(override);
256
- return path.join(resolveUserPath(stateDir), "agents", "main", "agent");
257
- }
258
- function listAgentModelsJsonPaths(config, stateDir, env = process.env) {
259
- const resolvedStateDir = resolveUserPath(stateDir);
260
- const paths = /* @__PURE__ */ new Set();
261
- paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
262
- paths.add(path.join(resolveActiveAgentDir(stateDir, env), "models.json"));
263
- const agentsRoot = path.join(resolvedStateDir, "agents");
264
- if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
265
- if (!entry.isDirectory()) continue;
266
- paths.add(path.join(agentsRoot, entry.name, "agent", "models.json"));
267
- }
268
- for (const agentId of listAgentIds(config)) {
269
- if (agentId === "main") {
270
- paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
271
- continue;
272
- }
273
- const agentDir = resolveAgentDir(config, agentId);
274
- paths.add(path.join(resolveUserPath(agentDir), "models.json"));
275
- }
276
- return [...paths];
277
- }
278
- function readJsonObjectIfExists(filePath, options = {}) {
279
- if (!fs.existsSync(filePath)) return { value: null };
280
- try {
281
- const stats = fs.statSync(filePath);
282
- if (options.requireRegularFile && !stats.isFile()) return {
283
- value: null,
284
- error: `Refusing to read non-regular file: ${filePath}`
285
- };
286
- if (typeof options.maxBytes === "number" && Number.isFinite(options.maxBytes) && options.maxBytes >= 0 && stats.size > options.maxBytes) return {
287
- value: null,
288
- error: `Refusing to read oversized JSON (${stats.size} bytes): ${filePath}`
289
- };
290
- const raw = fs.readFileSync(filePath, "utf8");
291
- const parsed = JSON.parse(raw);
292
- if (!isJsonObject(parsed)) return { value: null };
293
- return { value: parsed };
294
- } catch (err) {
295
- return {
296
- value: null,
297
- error: formatErrorMessage(err)
298
- };
299
- }
300
- }
301
- //#endregion
302
- //#region src/secrets/apply.ts
303
- function planContainsExecReferences(plan) {
304
- if (plan.targets.some((target) => target.ref.source === "exec")) return true;
305
- return Object.values(plan.providerUpserts ?? {}).some((provider) => provider.source === "exec");
306
- }
307
- function resolveTarget(target) {
308
- const resolved = resolveValidatedPlanTarget(target);
309
- if (!resolved) throw new Error(`Invalid plan target path for ${target.type}: ${target.path}`);
310
- return resolved;
311
- }
312
- function scrubEnvRaw(raw, migratedValues, allowedEnvKeys) {
313
- if (migratedValues.size === 0 || allowedEnvKeys.size === 0) return {
314
- nextRaw: raw,
315
- removed: 0
316
- };
317
- const lines = raw.split(/\r?\n/);
318
- const nextLines = [];
319
- let removed = 0;
320
- for (const line of lines) {
321
- const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
322
- if (!match) {
323
- nextLines.push(line);
324
- continue;
325
- }
326
- const envKey = match[1] ?? "";
327
- if (!allowedEnvKeys.has(envKey)) {
328
- nextLines.push(line);
329
- continue;
330
- }
331
- const parsedValue = parseEnvAssignmentValue(match[2] ?? "");
332
- if (migratedValues.has(parsedValue)) {
333
- removed += 1;
334
- continue;
335
- }
336
- nextLines.push(line);
337
- }
338
- const hadTrailingNewline = raw.endsWith("\n");
339
- const joined = nextLines.join("\n");
340
- return {
341
- nextRaw: hadTrailingNewline || joined.length === 0 ? `${joined}${joined.endsWith("\n") ? "" : "\n"}` : joined,
342
- removed
343
- };
344
- }
345
- function applyProviderPlanMutations(params) {
346
- const currentProviders = isRecord(params.config.secrets?.providers) ? structuredClone(params.config.secrets?.providers) : {};
347
- let changed = false;
348
- for (const providerAlias of params.deletes ?? []) {
349
- if (!Object.prototype.hasOwnProperty.call(currentProviders, providerAlias)) continue;
350
- delete currentProviders[providerAlias];
351
- changed = true;
352
- }
353
- for (const [providerAlias, providerConfig] of Object.entries(params.upserts ?? {})) {
354
- const previous = currentProviders[providerAlias];
355
- if (isDeepStrictEqual(previous, providerConfig)) continue;
356
- currentProviders[providerAlias] = structuredClone(providerConfig);
357
- changed = true;
358
- }
359
- if (!changed) return false;
360
- params.config.secrets ??= {};
361
- if (Object.keys(currentProviders).length === 0) {
362
- if ("providers" in params.config.secrets) delete params.config.secrets.providers;
363
- return true;
364
- }
365
- params.config.secrets.providers = currentProviders;
366
- return true;
367
- }
368
- async function projectPlanState(params) {
369
- const { snapshot, writeOptions } = await createSecretsConfigIO({ env: params.env }).readConfigFileSnapshotForWrite();
370
- if (!snapshot.valid) throw new Error("Cannot apply secrets plan: config is invalid.");
371
- const options = normalizeSecretsPlanOptions(params.plan.options);
372
- const nextConfig = structuredClone(snapshot.config);
373
- const stateDir = resolveStateDir(params.env, os.homedir);
374
- const changedFiles = /* @__PURE__ */ new Set();
375
- const warnings = [];
376
- const configPath = resolveUserPath(snapshot.path);
377
- if (applyProviderPlanMutations({
378
- config: nextConfig,
379
- upserts: params.plan.providerUpserts,
380
- deletes: params.plan.providerDeletes
381
- })) changedFiles.add(configPath);
382
- const targetMutations = applyConfigTargetMutations({
383
- planTargets: params.plan.targets,
384
- nextConfig,
385
- stateDir,
386
- authStoreByPath: /* @__PURE__ */ new Map(),
387
- changedFiles
388
- });
389
- if (targetMutations.configChanged) changedFiles.add(configPath);
390
- const authStoreByPath = scrubAuthStoresForProviderTargets({
391
- nextConfig,
392
- stateDir,
393
- providerTargets: targetMutations.providerTargets,
394
- scrubbedValues: targetMutations.scrubbedValues,
395
- authStoreByPath: targetMutations.authStoreByPath,
396
- changedFiles,
397
- warnings,
398
- enabled: options.scrubAuthProfilesForProviderTargets
399
- });
400
- const authJsonByPath = scrubLegacyAuthJsonStores({
401
- stateDir,
402
- changedFiles,
403
- enabled: options.scrubLegacyAuthJson
404
- });
405
- const envRawByPath = scrubEnvFiles({
406
- env: params.env,
407
- scrubbedValues: targetMutations.scrubbedValues,
408
- changedFiles,
409
- enabled: options.scrubEnv
410
- });
411
- const checkFullRuntime = params.write ? changedFiles.size > 0 : params.allowExecInDryRun;
412
- const validation = await validateProjectedSecretsState({
413
- env: params.env,
414
- nextConfig,
415
- resolvedTargets: targetMutations.resolvedTargets,
416
- authStoreByPath,
417
- write: params.write,
418
- allowExecInDryRun: params.allowExecInDryRun,
419
- checkFullRuntime
420
- });
421
- return {
422
- nextConfig,
423
- configPath,
424
- configWriteOptions: writeOptions,
425
- authStoreByPath,
426
- authJsonByPath,
427
- envRawByPath,
428
- changedFiles,
429
- warnings,
430
- refsChecked: validation.refsChecked,
431
- skippedExecRefs: validation.skippedExecRefs,
432
- resolvabilityComplete: validation.resolvabilityComplete
433
- };
434
- }
435
- function applyConfigTargetMutations(params) {
436
- const resolvedTargets = params.planTargets.map((target) => ({
437
- target,
438
- resolved: resolveTarget(target)
439
- }));
440
- const scrubbedValues = /* @__PURE__ */ new Set();
441
- const providerTargets = /* @__PURE__ */ new Set();
442
- let configChanged = false;
443
- for (const { target, resolved } of resolvedTargets) {
444
- if (resolved.entry.configFile === "auth-profiles.json") {
445
- if (applyAuthProfileTargetMutation({
446
- target,
447
- resolved,
448
- nextConfig: params.nextConfig,
449
- stateDir: params.stateDir,
450
- authStoreByPath: params.authStoreByPath,
451
- scrubbedValues
452
- })) {
453
- const agentId = (target.agentId ?? "").trim();
454
- if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${target.path}.`);
455
- params.changedFiles.add(resolveAuthStorePathForAgent({
456
- nextConfig: params.nextConfig,
457
- stateDir: params.stateDir,
458
- agentId
459
- }));
460
- }
461
- continue;
462
- }
463
- const targetPathSegments = resolved.pathSegments;
464
- if (resolved.entry.secretShape === "sibling_ref") {
465
- const previous = getPath(params.nextConfig, targetPathSegments);
466
- if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
467
- const refPathSegments = resolved.refPathSegments;
468
- if (!refPathSegments) throw new Error(`Missing sibling ref path for target ${target.type}.`);
469
- const wroteRef = setPathCreateStrict(params.nextConfig, refPathSegments, target.ref);
470
- const deletedLegacy = deletePathStrict(params.nextConfig, targetPathSegments);
471
- if (wroteRef || deletedLegacy) configChanged = true;
472
- continue;
473
- }
474
- const previous = getPath(params.nextConfig, targetPathSegments);
475
- if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
476
- if (setPathCreateStrict(params.nextConfig, targetPathSegments, target.ref)) configChanged = true;
477
- if (resolved.entry.trackProviderShadowing && resolved.providerId) providerTargets.add(normalizeProviderId(resolved.providerId));
478
- }
479
- return {
480
- resolvedTargets,
481
- scrubbedValues,
482
- providerTargets,
483
- configChanged,
484
- authStoreByPath: params.authStoreByPath
485
- };
486
- }
487
- function scrubAuthStoresForProviderTargets(params) {
488
- if (!params.enabled || params.providerTargets.size === 0) return params.authStoreByPath;
489
- for (const authStorePath of listAuthProfileStorePaths(params.nextConfig, params.stateDir)) {
490
- const parsed = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
491
- if (!parsed || !isRecord(parsed.profiles)) continue;
492
- const nextStore = structuredClone(parsed);
493
- const profiles = nextStore.profiles;
494
- if (!isRecord(profiles)) continue;
495
- let mutated = false;
496
- for (const profile of iterateAuthProfileCredentials(profiles)) {
497
- const provider = normalizeProviderId(profile.provider);
498
- if (!params.providerTargets.has(provider)) continue;
499
- if (profile.kind === "api_key" || profile.kind === "token") {
500
- if (isNonEmptyString(profile.value)) params.scrubbedValues.add(profile.value.trim());
501
- if (profile.valueField in profile.profile) {
502
- delete profile.profile[profile.valueField];
503
- mutated = true;
504
- }
505
- if (profile.refField in profile.profile) {
506
- delete profile.profile[profile.refField];
507
- mutated = true;
508
- }
509
- continue;
510
- }
511
- if (profile.kind === "oauth" && (profile.hasAccess || profile.hasRefresh)) params.warnings.push(`Provider "${provider}" has OAuth credentials in ${authStorePath}; those still take precedence and are out of scope for static SecretRef migration.`);
512
- }
513
- if (mutated) {
514
- params.authStoreByPath.set(authStorePath, nextStore);
515
- params.changedFiles.add(authStorePath);
516
- }
517
- }
518
- return params.authStoreByPath;
519
- }
520
- function ensureMutableAuthStore(store) {
521
- const next = store ? structuredClone(store) : {};
522
- const profiles = isRecord(next.profiles) ? next.profiles : {};
523
- if (typeof next.version !== "number" || !Number.isFinite(next.version)) next.version = 1;
524
- return {
525
- ...next,
526
- profiles
527
- };
528
- }
529
- function resolveAuthStoreForTarget(params) {
530
- const agentId = (params.target.agentId ?? "").trim();
531
- if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${params.target.path}.`);
532
- const authStorePath = resolveAuthStorePathForAgent({
533
- nextConfig: params.nextConfig,
534
- stateDir: params.stateDir,
535
- agentId
536
- });
537
- const loaded = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
538
- const store = ensureMutableAuthStore(isRecord(loaded) ? loaded : void 0);
539
- params.authStoreByPath.set(authStorePath, store);
540
- return {
541
- path: authStorePath,
542
- store
543
- };
544
- }
545
- function resolveAuthStorePathForAgent(params) {
546
- const normalizedAgentId = normalizeAgentId(params.agentId);
547
- const configuredAgentDir = resolveAgentConfig(params.nextConfig, normalizedAgentId)?.agentDir?.trim();
548
- if (configuredAgentDir) return resolveUserPath(resolveAuthStorePath(configuredAgentDir));
549
- return path.join(resolveUserPath(params.stateDir), "agents", normalizedAgentId, "agent", "auth-profiles.json");
550
- }
551
- function ensureAuthProfileContainer(params) {
552
- let changed = false;
553
- const profilePathSegments = params.resolved.pathSegments.slice(0, 2);
554
- const profileId = profilePathSegments[1];
555
- if (!profileId) throw new Error(`Invalid auth profile target path: ${params.target.path}`);
556
- const current = getPath(params.store, profilePathSegments);
557
- const expectedType = params.resolved.entry.authProfileType;
558
- if (isRecord(current)) {
559
- if (expectedType && typeof current.type === "string" && current.type !== expectedType) throw new Error(`Auth profile "${profileId}" type mismatch for ${params.target.path}: expected "${expectedType}", got "${current.type}".`);
560
- if (!isNonEmptyString(current.provider) && isNonEmptyString(params.target.authProfileProvider)) {
561
- const wroteProvider = setPathCreateStrict(params.store, [...profilePathSegments, "provider"], params.target.authProfileProvider);
562
- changed = changed || wroteProvider;
563
- }
564
- return changed;
565
- }
566
- if (!expectedType) throw new Error(`Auth profile target ${params.target.path} is missing auth profile type metadata.`);
567
- const provider = (params.target.authProfileProvider ?? "").trim();
568
- if (!provider) throw new Error(`Cannot create auth profile "${profileId}" for ${params.target.path} without authProfileProvider.`);
569
- const wroteProfile = setPathCreateStrict(params.store, profilePathSegments, {
570
- type: expectedType,
571
- provider
572
- });
573
- changed = changed || wroteProfile;
574
- return changed;
575
- }
576
- function applyAuthProfileTargetMutation(params) {
577
- if (params.resolved.entry.configFile !== "auth-profiles.json") return false;
578
- const { store } = resolveAuthStoreForTarget({
579
- target: params.target,
580
- nextConfig: params.nextConfig,
581
- stateDir: params.stateDir,
582
- authStoreByPath: params.authStoreByPath
583
- });
584
- let changed = ensureAuthProfileContainer({
585
- target: params.target,
586
- resolved: params.resolved,
587
- store
588
- });
589
- const targetPathSegments = params.resolved.pathSegments;
590
- if (params.resolved.entry.secretShape === "sibling_ref") {
591
- const previous = getPath(store, targetPathSegments);
592
- if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
593
- const refPathSegments = params.resolved.refPathSegments;
594
- if (!refPathSegments) throw new Error(`Missing sibling ref path for auth-profiles target ${params.target.path}.`);
595
- const wroteRef = setPathCreateStrict(store, refPathSegments, params.target.ref);
596
- const deletedPlaintext = deletePathStrict(store, targetPathSegments);
597
- changed = changed || wroteRef || deletedPlaintext;
598
- return changed;
599
- }
600
- const previous = getPath(store, targetPathSegments);
601
- if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
602
- const wroteRef = setPathCreateStrict(store, targetPathSegments, params.target.ref);
603
- changed = changed || wroteRef;
604
- return changed;
605
- }
606
- function scrubLegacyAuthJsonStores(params) {
607
- const authJsonByPath = /* @__PURE__ */ new Map();
608
- if (!params.enabled) return authJsonByPath;
609
- for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
610
- const parsed = readJsonObjectIfExists(authJsonPath).value;
611
- if (!parsed) continue;
612
- let mutated = false;
613
- const nextParsed = structuredClone(parsed);
614
- for (const [providerId, value] of Object.entries(nextParsed)) {
615
- if (!isRecord(value)) continue;
616
- if (value.type === "api_key" && isNonEmptyString(value.key)) {
617
- delete nextParsed[providerId];
618
- mutated = true;
619
- }
620
- }
621
- if (mutated) {
622
- authJsonByPath.set(authJsonPath, nextParsed);
623
- params.changedFiles.add(authJsonPath);
624
- }
625
- }
626
- return authJsonByPath;
627
- }
628
- function scrubEnvFiles(params) {
629
- const envRawByPath = /* @__PURE__ */ new Map();
630
- if (!params.enabled || params.scrubbedValues.size === 0) return envRawByPath;
631
- const envPath = path.join(resolveConfigDir(params.env, os.homedir), ".env");
632
- if (!fs.existsSync(envPath)) return envRawByPath;
633
- const current = fs.readFileSync(envPath, "utf8");
634
- const scrubbed = scrubEnvRaw(current, params.scrubbedValues, new Set(listKnownSecretEnvVarNames()));
635
- if (scrubbed.removed > 0 && scrubbed.nextRaw !== current) {
636
- envRawByPath.set(envPath, scrubbed.nextRaw);
637
- params.changedFiles.add(envPath);
638
- }
639
- return envRawByPath;
640
- }
641
- async function validateProjectedSecretsState(params) {
642
- const cache = {};
643
- let refsChecked = 0;
644
- let skippedExecRefs = 0;
645
- for (const { target, resolved: resolvedTarget } of params.resolvedTargets) {
646
- if (!params.write && target.ref.source === "exec" && !params.allowExecInDryRun) {
647
- skippedExecRefs += 1;
648
- const staticError = getSkippedExecRefStaticError({
649
- ref: target.ref,
650
- config: params.nextConfig
651
- });
652
- if (staticError) throw new Error(staticError);
653
- continue;
654
- }
655
- const resolved = await resolveSecretRefValue(target.ref, {
656
- config: params.nextConfig,
657
- env: params.env,
658
- cache
659
- });
660
- refsChecked += 1;
661
- assertExpectedResolvedSecretValue({
662
- value: resolved,
663
- expected: resolvedTarget.entry.expectedResolvedValue,
664
- errorMessage: resolvedTarget.entry.expectedResolvedValue === "string" ? `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not a non-empty string.` : `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not string/object.`
665
- });
666
- }
667
- const authStoreLookup = /* @__PURE__ */ new Map();
668
- for (const [authStorePath, store] of params.authStoreByPath.entries()) authStoreLookup.set(resolveUserPath(authStorePath), store);
669
- if (params.checkFullRuntime) await prepareSecretsRuntimeSnapshot({
670
- config: params.nextConfig,
671
- env: params.env,
672
- includeAuthStoreRefs: params.write || params.authStoreByPath.size > 0,
673
- loadAuthStore: (agentDir) => {
674
- const storePath = resolveUserPath(resolveAuthStorePath(agentDir));
675
- const override = authStoreLookup.get(storePath);
676
- if (override) return coercePersistedAuthProfileStore(structuredClone(override)) ?? {
677
- version: 1,
678
- profiles: {}
679
- };
680
- return loadAuthProfileStoreForSecretsRuntime(agentDir);
681
- }
682
- });
683
- return {
684
- refsChecked,
685
- skippedExecRefs,
686
- resolvabilityComplete: params.write || params.allowExecInDryRun || skippedExecRefs === 0
687
- };
688
- }
689
- function captureFileSnapshot(pathname) {
690
- if (!fs.existsSync(pathname)) return {
691
- existed: false,
692
- content: "",
693
- mode: 384
694
- };
695
- const stat = fs.statSync(pathname);
696
- return {
697
- existed: true,
698
- content: fs.readFileSync(pathname, "utf8"),
699
- mode: stat.mode & 511
700
- };
701
- }
702
- function restoreFileSnapshot(pathname, snapshot) {
703
- if (!snapshot.existed) {
704
- if (fs.existsSync(pathname)) fs.rmSync(pathname, { force: true });
705
- return;
706
- }
707
- writeTextFileAtomic(pathname, snapshot.content, snapshot.mode || 384);
708
- }
709
- function toJsonWrite(pathname, value) {
710
- return {
711
- path: pathname,
712
- content: `${JSON.stringify(value, null, 2)}\n`,
713
- mode: 384
714
- };
715
- }
716
- async function runSecretsApply(params) {
717
- const env = params.env ?? process.env;
718
- const write = params.write === true;
719
- const allowExec = Boolean(params.allowExec);
720
- if (write && planContainsExecReferences(params.plan) && !allowExec) throw new Error("Plan contains exec SecretRefs/providers. Re-run with --allow-exec.");
721
- const allowExecInDryRun = write ? true : allowExec;
722
- const projected = await projectPlanState({
723
- plan: params.plan,
724
- env,
725
- write,
726
- allowExecInDryRun
727
- });
728
- const changedFiles = [...projected.changedFiles].toSorted();
729
- if (!write) return {
730
- mode: "dry-run",
731
- changed: changedFiles.length > 0,
732
- changedFiles,
733
- checks: {
734
- resolvability: true,
735
- resolvabilityComplete: projected.resolvabilityComplete
736
- },
737
- refsChecked: projected.refsChecked,
738
- skippedExecRefs: projected.skippedExecRefs,
739
- warningCount: projected.warnings.length,
740
- warnings: projected.warnings
741
- };
742
- if (changedFiles.length === 0) return {
743
- mode: "write",
744
- changed: false,
745
- changedFiles: [],
746
- checks: {
747
- resolvability: true,
748
- resolvabilityComplete: true
749
- },
750
- refsChecked: projected.refsChecked,
751
- skippedExecRefs: 0,
752
- warningCount: projected.warnings.length,
753
- warnings: projected.warnings
754
- };
755
- const io = createSecretsConfigIO({ env });
756
- const snapshots = /* @__PURE__ */ new Map();
757
- const capture = (pathname) => {
758
- if (!snapshots.has(pathname)) snapshots.set(pathname, captureFileSnapshot(pathname));
759
- };
760
- capture(projected.configPath);
761
- const writes = [];
762
- for (const [pathname, value] of projected.authStoreByPath.entries()) {
763
- capture(pathname);
764
- writes.push(toJsonWrite(pathname, value));
765
- }
766
- for (const [pathname, value] of projected.authJsonByPath.entries()) {
767
- capture(pathname);
768
- writes.push(toJsonWrite(pathname, value));
769
- }
770
- for (const [pathname, raw] of projected.envRawByPath.entries()) {
771
- capture(pathname);
772
- writes.push({
773
- path: pathname,
774
- content: raw,
775
- mode: 384
776
- });
777
- }
778
- try {
779
- await io.writeConfigFile(projected.nextConfig, projected.configWriteOptions);
780
- for (const write of writes) writeTextFileAtomic(write.path, write.content, write.mode);
781
- } catch (err) {
782
- for (const [pathname, snapshot] of snapshots.entries()) try {
783
- restoreFileSnapshot(pathname, snapshot);
784
- } catch {}
785
- throw new Error(`Secrets apply failed: ${String(err)}`, { cause: err });
786
- }
787
- return {
788
- mode: "write",
789
- changed: changedFiles.length > 0,
790
- changedFiles,
791
- checks: {
792
- resolvability: true,
793
- resolvabilityComplete: true
794
- },
795
- refsChecked: projected.refsChecked,
796
- skippedExecRefs: 0,
797
- warningCount: projected.warnings.length,
798
- warnings: projected.warnings
799
- };
800
- }
801
- //#endregion
802
- //#region src/secrets/audit.ts
803
- const REF_RESOLVE_FALLBACK_CONCURRENCY = 8;
804
- const MAX_AUDIT_MODELS_JSON_BYTES = 5 * 1024 * 1024;
805
- const ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES = new Set([
806
- "authorization",
807
- "proxy-authorization",
808
- "x-api-key",
809
- "api-key",
810
- "apikey",
811
- "x-auth-token",
812
- "auth-token",
813
- "x-access-token",
814
- "access-token",
815
- "x-secret-key",
816
- "secret-key"
817
- ]);
818
- const SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS = [
819
- "api-key",
820
- "apikey",
821
- "token",
822
- "secret",
823
- "password",
824
- "credential"
825
- ];
826
- function isLikelySensitiveModelProviderHeaderName(value) {
827
- const normalized = normalizeLowercaseStringOrEmpty(value);
828
- if (!normalized) return false;
829
- if (ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES.has(normalized)) return true;
830
- return SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS.some((fragment) => normalized.includes(fragment));
831
- }
832
- function addFinding(collector, finding) {
833
- collector.findings.push(finding);
834
- }
835
- function collectProviderRefPath(collector, providerId, configPath) {
836
- const key = normalizeProviderId(providerId);
837
- const existing = collector.configProviderRefPaths.get(key);
838
- if (existing) {
839
- existing.push(configPath);
840
- return;
841
- }
842
- collector.configProviderRefPaths.set(key, [configPath]);
843
- }
844
- function trackAuthProviderState(collector, provider, mode) {
845
- const key = normalizeProviderId(provider);
846
- const existing = collector.authProviderState.get(key);
847
- if (existing) {
848
- existing.hasUsableStaticOrOAuth = true;
849
- existing.modes.add(mode);
850
- return;
851
- }
852
- collector.authProviderState.set(key, {
853
- hasUsableStaticOrOAuth: true,
854
- modes: new Set([mode])
855
- });
856
- }
857
- function collectEnvPlaintext(params) {
858
- if (!fs.existsSync(params.envPath)) return;
859
- params.collector.filesScanned.add(params.envPath);
860
- const knownKeys = new Set(listKnownSecretEnvVarNames());
861
- const lines = fs.readFileSync(params.envPath, "utf8").split(/\r?\n/);
862
- for (const line of lines) {
863
- const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
864
- if (!match) continue;
865
- const key = match[1] ?? "";
866
- if (!knownKeys.has(key)) continue;
867
- if (!parseEnvAssignmentValue(match[2] ?? "")) continue;
868
- addFinding(params.collector, {
869
- code: "PLAINTEXT_FOUND",
870
- severity: "warn",
871
- file: params.envPath,
872
- jsonPath: `$env.${key}`,
873
- message: `Potential secret found in .env (${key}).`
874
- });
875
- }
876
- }
877
- function collectConfigSecrets(params) {
878
- const defaults = params.config.secrets?.defaults;
879
- for (const target of discoverConfigSecretTargets(params.config)) {
880
- if (!target.entry.includeInAudit) continue;
881
- const { ref } = resolveSecretInputRef({
882
- value: target.value,
883
- refValue: target.refValue,
884
- defaults
885
- });
886
- if (ref) {
887
- params.collector.refAssignments.push({
888
- file: params.configPath,
889
- path: target.path,
890
- ref,
891
- expected: target.entry.expectedResolvedValue,
892
- provider: target.providerId
893
- });
894
- if (target.entry.trackProviderShadowing && target.providerId) collectProviderRefPath(params.collector, target.providerId, target.path);
895
- continue;
896
- }
897
- const hasPlaintext = hasConfiguredPlaintextSecretValue(target.value, target.entry.expectedResolvedValue);
898
- if (target.entry.id === "models.providers.*.headers.*" && !isLikelySensitiveModelProviderHeaderName(target.pathSegments.at(-1) ?? "")) continue;
899
- if (!hasPlaintext) continue;
900
- addFinding(params.collector, {
901
- code: "PLAINTEXT_FOUND",
902
- severity: "warn",
903
- file: params.configPath,
904
- jsonPath: target.path,
905
- message: `${target.path} is stored as plaintext.`,
906
- provider: target.providerId
907
- });
908
- }
909
- }
910
- function collectAuthStoreSecrets(params) {
911
- if (!fs.existsSync(params.authStorePath)) return;
912
- params.collector.filesScanned.add(params.authStorePath);
913
- const parsedResult = readJsonObjectIfExists(params.authStorePath);
914
- if (parsedResult.error) {
915
- addFinding(params.collector, {
916
- code: "REF_UNRESOLVED",
917
- severity: "error",
918
- file: params.authStorePath,
919
- jsonPath: "<root>",
920
- message: `Invalid JSON in auth-profiles store: ${parsedResult.error}`
921
- });
922
- return;
923
- }
924
- const parsed = parsedResult.value;
925
- if (!parsed || !isRecord(parsed.profiles)) return;
926
- for (const entry of iterateAuthProfileCredentials(parsed.profiles)) {
927
- if (entry.kind === "api_key" || entry.kind === "token") {
928
- const { ref } = resolveSecretInputRef({
929
- value: entry.value,
930
- refValue: entry.refValue,
931
- defaults: params.defaults
932
- });
933
- if (ref) {
934
- params.collector.refAssignments.push({
935
- file: params.authStorePath,
936
- path: `profiles.${entry.profileId}.${entry.valueField}`,
937
- ref,
938
- expected: "string",
939
- provider: entry.provider
940
- });
941
- trackAuthProviderState(params.collector, entry.provider, entry.kind);
942
- }
943
- if (isNonEmptyString(entry.value)) {
944
- addFinding(params.collector, {
945
- code: "PLAINTEXT_FOUND",
946
- severity: "warn",
947
- file: params.authStorePath,
948
- jsonPath: `profiles.${entry.profileId}.${entry.valueField}`,
949
- message: entry.kind === "api_key" ? "Auth profile API key is stored as plaintext." : "Auth profile token is stored as plaintext.",
950
- provider: entry.provider,
951
- profileId: entry.profileId
952
- });
953
- trackAuthProviderState(params.collector, entry.provider, entry.kind);
954
- }
955
- continue;
956
- }
957
- if (entry.hasAccess || entry.hasRefresh) {
958
- addFinding(params.collector, {
959
- code: "LEGACY_RESIDUE",
960
- severity: "info",
961
- file: params.authStorePath,
962
- jsonPath: `profiles.${entry.profileId}`,
963
- message: "OAuth credentials are present (out of scope for static SecretRef migration).",
964
- provider: entry.provider,
965
- profileId: entry.profileId
966
- });
967
- trackAuthProviderState(params.collector, entry.provider, "oauth");
968
- }
969
- }
970
- }
971
- function collectAuthJsonResidue(params) {
972
- for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
973
- params.collector.filesScanned.add(authJsonPath);
974
- const parsedResult = readJsonObjectIfExists(authJsonPath);
975
- if (parsedResult.error) {
976
- addFinding(params.collector, {
977
- code: "REF_UNRESOLVED",
978
- severity: "error",
979
- file: authJsonPath,
980
- jsonPath: "<root>",
981
- message: `Invalid JSON in legacy auth.json: ${parsedResult.error}`
982
- });
983
- continue;
984
- }
985
- const parsed = parsedResult.value;
986
- if (!parsed) continue;
987
- for (const [providerId, value] of Object.entries(parsed)) {
988
- if (!isRecord(value)) continue;
989
- if (value.type === "api_key" && isNonEmptyString(value.key)) addFinding(params.collector, {
990
- code: "LEGACY_RESIDUE",
991
- severity: "warn",
992
- file: authJsonPath,
993
- jsonPath: providerId,
994
- message: "Legacy auth.json contains static api_key credentials.",
995
- provider: providerId
996
- });
997
- }
998
- }
999
- }
1000
- function collectModelsJsonSecrets(params) {
1001
- if (!fs.existsSync(params.modelsJsonPath)) return;
1002
- params.collector.filesScanned.add(params.modelsJsonPath);
1003
- const parsedResult = readJsonObjectIfExists(params.modelsJsonPath, {
1004
- requireRegularFile: true,
1005
- maxBytes: MAX_AUDIT_MODELS_JSON_BYTES
1006
- });
1007
- if (parsedResult.error) {
1008
- addFinding(params.collector, {
1009
- code: "REF_UNRESOLVED",
1010
- severity: "error",
1011
- file: params.modelsJsonPath,
1012
- jsonPath: "<root>",
1013
- message: `Invalid JSON in models.json: ${parsedResult.error}`
1014
- });
1015
- return;
1016
- }
1017
- const parsed = parsedResult.value;
1018
- if (!parsed || !isRecord(parsed.providers)) return;
1019
- for (const [providerId, providerValue] of Object.entries(parsed.providers)) {
1020
- if (!isRecord(providerValue)) continue;
1021
- const apiKey = providerValue.apiKey;
1022
- if (coerceSecretRef(apiKey)) addFinding(params.collector, {
1023
- code: "REF_UNRESOLVED",
1024
- severity: "error",
1025
- file: params.modelsJsonPath,
1026
- jsonPath: `providers.${providerId}.apiKey`,
1027
- message: "models.json contains an unresolved SecretRef object; regenerate models.json.",
1028
- provider: providerId
1029
- });
1030
- else if (isNonEmptyString(apiKey) && !isNonSecretApiKeyMarker(apiKey)) addFinding(params.collector, {
1031
- code: "PLAINTEXT_FOUND",
1032
- severity: "warn",
1033
- file: params.modelsJsonPath,
1034
- jsonPath: `providers.${providerId}.apiKey`,
1035
- message: "models.json provider apiKey is stored as plaintext.",
1036
- provider: providerId
1037
- });
1038
- const headers = isRecord(providerValue.headers) ? providerValue.headers : void 0;
1039
- if (!headers) continue;
1040
- for (const [headerKey, headerValue] of Object.entries(headers)) {
1041
- const headerPath = `providers.${providerId}.headers.${headerKey}`;
1042
- if (coerceSecretRef(headerValue)) {
1043
- addFinding(params.collector, {
1044
- code: "REF_UNRESOLVED",
1045
- severity: "error",
1046
- file: params.modelsJsonPath,
1047
- jsonPath: headerPath,
1048
- message: "models.json contains an unresolved SecretRef object for provider headers; regenerate models.json.",
1049
- provider: providerId
1050
- });
1051
- continue;
1052
- }
1053
- if (!isNonEmptyString(headerValue)) continue;
1054
- if (isSecretRefHeaderValueMarker(headerValue)) continue;
1055
- if (!isLikelySensitiveModelProviderHeaderName(headerKey)) continue;
1056
- addFinding(params.collector, {
1057
- code: "PLAINTEXT_FOUND",
1058
- severity: "warn",
1059
- file: params.modelsJsonPath,
1060
- jsonPath: headerPath,
1061
- message: "models.json provider header value is stored as plaintext.",
1062
- provider: providerId
1063
- });
1064
- }
1065
- }
1066
- }
1067
- async function collectUnresolvedRefFindings(params) {
1068
- const cache = {};
1069
- const refsByProvider = /* @__PURE__ */ new Map();
1070
- const skippedRefKeys = /* @__PURE__ */ new Set();
1071
- let refsChecked = 0;
1072
- let skippedExecRefs = 0;
1073
- for (const assignment of params.collector.refAssignments) {
1074
- const providerKey = `${assignment.ref.source}:${assignment.ref.provider}`;
1075
- let refsForProvider = refsByProvider.get(providerKey);
1076
- if (!refsForProvider) {
1077
- refsForProvider = /* @__PURE__ */ new Map();
1078
- refsByProvider.set(providerKey, refsForProvider);
1079
- }
1080
- refsForProvider.set(secretRefKey(assignment.ref), assignment.ref);
1081
- }
1082
- const resolvedByRefKey = /* @__PURE__ */ new Map();
1083
- const errorsByRefKey = /* @__PURE__ */ new Map();
1084
- for (const refsForProvider of refsByProvider.values()) {
1085
- const refs = [...refsForProvider.values()];
1086
- const selectedRefs = selectRefsForExecPolicy({
1087
- refs,
1088
- allowExec: params.allowExec
1089
- });
1090
- if (selectedRefs.skippedExecRefs.length > 0) {
1091
- skippedExecRefs += selectedRefs.skippedExecRefs.length;
1092
- for (const ref of selectedRefs.skippedExecRefs) {
1093
- skippedRefKeys.add(secretRefKey(ref));
1094
- const staticError = getSkippedExecRefStaticError({
1095
- ref,
1096
- config: params.config
1097
- });
1098
- if (staticError) errorsByRefKey.set(secretRefKey(ref), new Error(staticError));
1099
- }
1100
- }
1101
- if (selectedRefs.refsToResolve.length === 0) continue;
1102
- refsChecked += selectedRefs.refsToResolve.length;
1103
- const provider = refs[0]?.provider;
1104
- try {
1105
- const resolved = await resolveSecretRefValues(selectedRefs.refsToResolve, {
1106
- config: params.config,
1107
- env: params.env,
1108
- cache
1109
- });
1110
- for (const [key, value] of resolved.entries()) resolvedByRefKey.set(key, value);
1111
- continue;
1112
- } catch (err) {
1113
- if (provider && isProviderScopedSecretResolutionError(err)) {
1114
- for (const ref of selectedRefs.refsToResolve) errorsByRefKey.set(secretRefKey(ref), err);
1115
- continue;
1116
- }
1117
- }
1118
- const fallback = await runTasksWithConcurrency({
1119
- tasks: selectedRefs.refsToResolve.map((ref) => async () => ({
1120
- key: secretRefKey(ref),
1121
- resolved: await resolveSecretRefValue(ref, {
1122
- config: params.config,
1123
- env: params.env,
1124
- cache
1125
- })
1126
- })),
1127
- limit: Math.min(REF_RESOLVE_FALLBACK_CONCURRENCY, selectedRefs.refsToResolve.length),
1128
- errorMode: "continue",
1129
- onTaskError: (error, index) => {
1130
- const ref = selectedRefs.refsToResolve[index];
1131
- if (!ref) return;
1132
- errorsByRefKey.set(secretRefKey(ref), error);
1133
- }
1134
- });
1135
- for (const result of fallback.results) {
1136
- if (!result) continue;
1137
- resolvedByRefKey.set(result.key, result.resolved);
1138
- }
1139
- }
1140
- for (const assignment of params.collector.refAssignments) {
1141
- const key = secretRefKey(assignment.ref);
1142
- if (skippedRefKeys.has(key) && !errorsByRefKey.has(key)) continue;
1143
- const resolveErr = errorsByRefKey.get(key);
1144
- if (resolveErr) {
1145
- addFinding(params.collector, {
1146
- code: "REF_UNRESOLVED",
1147
- severity: "error",
1148
- file: assignment.file,
1149
- jsonPath: assignment.path,
1150
- message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (${formatErrorMessage(resolveErr)}).`,
1151
- provider: assignment.provider
1152
- });
1153
- continue;
1154
- }
1155
- if (!resolvedByRefKey.has(key)) {
1156
- addFinding(params.collector, {
1157
- code: "REF_UNRESOLVED",
1158
- severity: "error",
1159
- file: assignment.file,
1160
- jsonPath: assignment.path,
1161
- message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is missing).`,
1162
- provider: assignment.provider
1163
- });
1164
- continue;
1165
- }
1166
- if (!isExpectedResolvedSecretValue(resolvedByRefKey.get(key), assignment.expected)) addFinding(params.collector, {
1167
- code: "REF_UNRESOLVED",
1168
- severity: "error",
1169
- file: assignment.file,
1170
- jsonPath: assignment.path,
1171
- message: assignment.expected === "string" ? `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a non-empty string).` : `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a string/object).`,
1172
- provider: assignment.provider
1173
- });
1174
- }
1175
- return {
1176
- refsChecked,
1177
- skippedExecRefs
1178
- };
1179
- }
1180
- function collectShadowingFindings(collector) {
1181
- for (const [provider, paths] of collector.configProviderRefPaths.entries()) {
1182
- const authState = collector.authProviderState.get(provider);
1183
- if (!authState?.hasUsableStaticOrOAuth) continue;
1184
- const modeText = [...authState.modes].join("/");
1185
- for (const configPath of paths) addFinding(collector, {
1186
- code: "REF_SHADOWED",
1187
- severity: "warn",
1188
- file: "genesis.json",
1189
- jsonPath: configPath,
1190
- message: `Auth profile credentials (${modeText}) take precedence for provider "${provider}", so this config ref may never be used.`,
1191
- provider
1192
- });
1193
- }
1194
- }
1195
- function summarizeFindings(findings) {
1196
- return {
1197
- plaintextCount: findings.filter((entry) => entry.code === "PLAINTEXT_FOUND").length,
1198
- unresolvedRefCount: findings.filter((entry) => entry.code === "REF_UNRESOLVED").length,
1199
- shadowedRefCount: findings.filter((entry) => entry.code === "REF_SHADOWED").length,
1200
- legacyResidueCount: findings.filter((entry) => entry.code === "LEGACY_RESIDUE").length
1201
- };
1202
- }
1203
- async function runSecretsAudit(params = {}) {
1204
- const env = params.env ?? process.env;
1205
- const allowExec = Boolean(params.allowExec);
1206
- const snapshot = await createSecretsConfigIO({ env }).readConfigFileSnapshot();
1207
- const configPath = resolveUserPath(snapshot.path);
1208
- const defaults = snapshot.valid ? snapshot.config.secrets?.defaults : void 0;
1209
- const collector = {
1210
- findings: [],
1211
- refAssignments: [],
1212
- configProviderRefPaths: /* @__PURE__ */ new Map(),
1213
- authProviderState: /* @__PURE__ */ new Map(),
1214
- filesScanned: new Set([configPath])
1215
- };
1216
- const stateDir = resolveStateDir(env, os.homedir);
1217
- const envPath = path.join(resolveConfigDir(env, os.homedir), ".env");
1218
- const config = snapshot.valid ? snapshot.config : {};
1219
- let resolution = {
1220
- refsChecked: 0,
1221
- skippedExecRefs: 0,
1222
- resolvabilityComplete: true
1223
- };
1224
- if (snapshot.valid) {
1225
- collectConfigSecrets({
1226
- config,
1227
- configPath,
1228
- collector
1229
- });
1230
- for (const authStorePath of listAuthProfileStorePaths(config, stateDir)) collectAuthStoreSecrets({
1231
- authStorePath,
1232
- collector,
1233
- defaults
1234
- });
1235
- for (const modelsJsonPath of listAgentModelsJsonPaths(config, stateDir, env)) collectModelsJsonSecrets({
1236
- modelsJsonPath,
1237
- collector
1238
- });
1239
- const unresolvedRefResult = await collectUnresolvedRefFindings({
1240
- collector,
1241
- config,
1242
- env,
1243
- allowExec
1244
- });
1245
- resolution = {
1246
- refsChecked: unresolvedRefResult.refsChecked,
1247
- skippedExecRefs: unresolvedRefResult.skippedExecRefs,
1248
- resolvabilityComplete: unresolvedRefResult.skippedExecRefs === 0
1249
- };
1250
- collectShadowingFindings(collector);
1251
- } else addFinding(collector, {
1252
- code: "REF_UNRESOLVED",
1253
- severity: "error",
1254
- file: configPath,
1255
- jsonPath: "<root>",
1256
- message: "Config is invalid; cannot validate secret references reliably."
1257
- });
1258
- collectEnvPlaintext({
1259
- envPath,
1260
- collector
1261
- });
1262
- collectAuthJsonResidue({
1263
- stateDir,
1264
- collector
1265
- });
1266
- const summary = summarizeFindings(collector.findings);
1267
- return {
1268
- version: 1,
1269
- status: summary.unresolvedRefCount > 0 ? "unresolved" : collector.findings.length > 0 ? "findings" : "clean",
1270
- resolution,
1271
- filesScanned: [...collector.filesScanned].toSorted(),
1272
- summary,
1273
- findings: collector.findings
1274
- };
1275
- }
1276
- function resolveSecretsAuditExitCode(report, check) {
1277
- if (report.summary.unresolvedRefCount > 0) return 2;
1278
- if (check && report.findings.length > 0) return 1;
1279
- return 0;
1280
- }
1281
- //#endregion
1282
- //#region src/secrets/configure-plan.ts
1283
- function getSecretProviders$1(config) {
1284
- if (!isRecord(config.secrets?.providers)) return {};
1285
- return config.secrets.providers;
1286
- }
1287
- function configureCandidateSortKey(candidate) {
1288
- if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${candidate.agentId ?? ""}:${candidate.path}`;
1289
- return `genesis:${candidate.path}`;
1290
- }
1291
- function resolveAuthProfileProvider(store, pathSegments) {
1292
- const profileId = pathSegments[1];
1293
- if (!profileId) return;
1294
- const profile = store.profiles?.[profileId];
1295
- if (!isRecord(profile) || typeof profile.provider !== "string") return;
1296
- const provider = profile.provider.trim();
1297
- return provider.length > 0 ? provider : void 0;
1298
- }
1299
- function buildConfigureCandidatesForScope(params) {
1300
- const authoredConfig = params.authoredGenesisConfig ?? params.config;
1301
- const hasPathInAuthoredConfig = (pathSegments) => hasPath(authoredConfig, pathSegments);
1302
- const genesisCandidates = discoverConfigSecretTargets(params.config).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
1303
- const resolved = resolveSecretInputRef({
1304
- value: entry.value,
1305
- refValue: entry.refValue,
1306
- defaults: params.config.secrets?.defaults
1307
- });
1308
- const pathExists = hasPathInAuthoredConfig(entry.pathSegments);
1309
- const refPathExists = entry.refPathSegments ? hasPathInAuthoredConfig(entry.refPathSegments) : false;
1310
- return Object.assign({
1311
- type: entry.entry.targetType,
1312
- path: entry.path,
1313
- pathSegments: [...entry.pathSegments],
1314
- label: entry.path,
1315
- configFile: `genesis.json`,
1316
- expectedResolvedValue: entry.entry.expectedResolvedValue
1317
- }, resolved.ref ? { existingRef: resolved.ref } : {}, pathExists || refPathExists ? {} : { isDerived: true }, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {});
1318
- });
1319
- const authCandidates = params.authProfiles === void 0 ? [] : discoverAuthProfileSecretTargets(params.authProfiles.store).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
1320
- const authProfiles = params.authProfiles;
1321
- if (!authProfiles) throw new Error("Missing auth profile scope for configure candidate discovery.");
1322
- const authProfileProvider = resolveAuthProfileProvider(authProfiles.store, entry.pathSegments);
1323
- const resolved = resolveSecretInputRef({
1324
- value: entry.value,
1325
- refValue: entry.refValue,
1326
- defaults: params.config.secrets?.defaults
1327
- });
1328
- return Object.assign({
1329
- type: entry.entry.targetType,
1330
- path: entry.path,
1331
- pathSegments: [...entry.pathSegments],
1332
- label: `${entry.path} (auth profile, agent ${authProfiles.agentId})`,
1333
- configFile: `auth-profiles.json`,
1334
- expectedResolvedValue: entry.entry.expectedResolvedValue
1335
- }, resolved.ref ? { existingRef: resolved.ref } : {}, { agentId: authProfiles.agentId }, authProfileProvider ? { authProfileProvider } : {});
1336
- });
1337
- return [...genesisCandidates, ...authCandidates].toSorted((a, b) => configureCandidateSortKey(a).localeCompare(configureCandidateSortKey(b)));
1338
- }
1339
- function hasPath(root, segments) {
1340
- if (segments.length === 0) return false;
1341
- let cursor = root;
1342
- for (let index = 0; index < segments.length; index += 1) {
1343
- const segment = segments[index] ?? "";
1344
- if (Array.isArray(cursor)) {
1345
- if (!/^\d+$/.test(segment)) return false;
1346
- const parsedIndex = Number.parseInt(segment, 10);
1347
- if (!Number.isFinite(parsedIndex) || parsedIndex < 0 || parsedIndex >= cursor.length) return false;
1348
- if (index === segments.length - 1) return true;
1349
- cursor = cursor[parsedIndex];
1350
- continue;
1351
- }
1352
- if (!isRecord(cursor)) return false;
1353
- if (!Object.prototype.hasOwnProperty.call(cursor, segment)) return false;
1354
- if (index === segments.length - 1) return true;
1355
- cursor = cursor[segment];
1356
- }
1357
- return false;
1358
- }
1359
- function collectConfigureProviderChanges(params) {
1360
- const originalProviders = getSecretProviders$1(params.original);
1361
- const nextProviders = getSecretProviders$1(params.next);
1362
- const upserts = {};
1363
- const deletes = [];
1364
- for (const [providerAlias, nextProviderConfig] of Object.entries(nextProviders)) {
1365
- const current = originalProviders[providerAlias];
1366
- if (isDeepStrictEqual(current, nextProviderConfig)) continue;
1367
- upserts[providerAlias] = structuredClone(nextProviderConfig);
1368
- }
1369
- for (const providerAlias of Object.keys(originalProviders)) if (!Object.prototype.hasOwnProperty.call(nextProviders, providerAlias)) deletes.push(providerAlias);
1370
- return {
1371
- upserts,
1372
- deletes: deletes.toSorted()
1373
- };
1374
- }
1375
- function hasConfigurePlanChanges(params) {
1376
- return params.selectedTargets.size > 0 || Object.keys(params.providerChanges.upserts).length > 0 || params.providerChanges.deletes.length > 0;
1377
- }
1378
- function buildSecretsConfigurePlan(params) {
1379
- return {
1380
- version: 1,
1381
- protocolVersion: 1,
1382
- generatedAt: params.generatedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
1383
- generatedBy: "genesis secrets configure",
1384
- targets: [...params.selectedTargets.values()].map((entry) => Object.assign({
1385
- type: entry.type,
1386
- path: entry.path,
1387
- pathSegments: [...entry.pathSegments],
1388
- ref: entry.ref
1389
- }, entry.agentId ? { agentId: entry.agentId } : {}, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {}, entry.authProfileProvider ? { authProfileProvider: entry.authProfileProvider } : {})),
1390
- ...Object.keys(params.providerChanges.upserts).length > 0 ? { providerUpserts: params.providerChanges.upserts } : {},
1391
- ...params.providerChanges.deletes.length > 0 ? { providerDeletes: params.providerChanges.deletes } : {},
1392
- options: {
1393
- scrubEnv: true,
1394
- scrubAuthProfilesForProviderTargets: true,
1395
- scrubLegacyAuthJson: true
1396
- }
1397
- };
1398
- }
1399
- //#endregion
1400
- //#region src/secrets/configure.ts
1401
- const ENV_NAME_PATTERN = /^[A-Z][A-Z0-9_]{0,127}$/;
1402
- const WINDOWS_ABS_PATH_PATTERN = /^[A-Za-z]:[\\/]/;
1403
- const WINDOWS_UNC_PATH_PATTERN = /^\\\\[^\\]+\\[^\\]+/;
1404
- function isAbsolutePathValue(value) {
1405
- return path.isAbsolute(value) || WINDOWS_ABS_PATH_PATTERN.test(value) || WINDOWS_UNC_PATH_PATTERN.test(value);
1406
- }
1407
- function parseCsv(value) {
1408
- return value.split(",").map((entry) => entry.trim()).filter((entry) => entry.length > 0);
1409
- }
1410
- function parseOptionalPositiveInt(value, max) {
1411
- const trimmed = value.trim();
1412
- if (!trimmed) return;
1413
- if (!/^\d+$/.test(trimmed)) return;
1414
- const parsed = Number.parseInt(trimmed, 10);
1415
- if (!Number.isFinite(parsed) || parsed <= 0 || parsed > max) return;
1416
- return parsed;
1417
- }
1418
- function getSecretProviders(config) {
1419
- if (!isRecord(config.secrets?.providers)) return {};
1420
- return config.secrets.providers;
1421
- }
1422
- function setSecretProvider(config, providerAlias, providerConfig) {
1423
- config.secrets ??= {};
1424
- if (!isRecord(config.secrets.providers)) config.secrets.providers = {};
1425
- config.secrets.providers[providerAlias] = providerConfig;
1426
- }
1427
- function removeSecretProvider(config, providerAlias) {
1428
- if (!isRecord(config.secrets?.providers)) return false;
1429
- const providers = config.secrets.providers;
1430
- if (!Object.prototype.hasOwnProperty.call(providers, providerAlias)) return false;
1431
- delete providers[providerAlias];
1432
- if (Object.keys(providers).length === 0) delete config.secrets?.providers;
1433
- if (isRecord(config.secrets?.defaults)) {
1434
- const defaults = config.secrets.defaults;
1435
- if (defaults?.env === providerAlias) delete defaults.env;
1436
- if (defaults?.file === providerAlias) delete defaults.file;
1437
- if (defaults?.exec === providerAlias) delete defaults.exec;
1438
- if (defaults && defaults.env === void 0 && defaults.file === void 0 && defaults.exec === void 0) delete config.secrets?.defaults;
1439
- }
1440
- return true;
1441
- }
1442
- function providerHint(provider) {
1443
- if (provider.source === "env") return provider.allowlist?.length ? `env (${provider.allowlist.length} allowlisted)` : "env";
1444
- if (provider.source === "file") return `file (${provider.mode ?? "json"})`;
1445
- return `exec (${provider.jsonOnly === false ? "json+text" : "json"})`;
1446
- }
1447
- function toSourceChoices(config) {
1448
- const hasSource = (source) => Object.values(config.secrets?.providers ?? {}).some((provider) => provider?.source === source);
1449
- const choices = [{
1450
- value: "env",
1451
- label: "env"
1452
- }];
1453
- if (hasSource("file")) choices.push({
1454
- value: "file",
1455
- label: "file"
1456
- });
1457
- if (hasSource("exec")) choices.push({
1458
- value: "exec",
1459
- label: "exec"
1460
- });
1461
- return choices;
1462
- }
1463
- function assertNoCancel(value, message) {
1464
- if (typeof value === "symbol") throw new Error(message);
1465
- return value;
1466
- }
1467
- const AUTH_PROFILE_ID_PATTERN = /^[A-Za-z0-9:_-]{1,128}$/;
1468
- function validateEnvNameCsv(value) {
1469
- const entries = parseCsv(value);
1470
- for (const entry of entries) if (!ENV_NAME_PATTERN.test(entry)) return `Invalid env name: ${entry}`;
1471
- }
1472
- async function promptEnvNameCsv(params) {
1473
- return parseCsv(assertNoCancel(await text({
1474
- message: params.message,
1475
- initialValue: params.initialValue,
1476
- validate: (value) => validateEnvNameCsv(value ?? "")
1477
- }), "Secrets configure cancelled.") ?? "");
1478
- }
1479
- async function promptOptionalPositiveInt(params) {
1480
- return parseOptionalPositiveInt(normalizeStringifiedOptionalString(assertNoCancel(await text({
1481
- message: params.message,
1482
- initialValue: params.initialValue === void 0 ? "" : String(params.initialValue),
1483
- validate: (value) => {
1484
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1485
- if (!trimmed) return;
1486
- if (parseOptionalPositiveInt(trimmed, params.max) === void 0) return `Must be an integer between 1 and ${params.max}`;
1487
- }
1488
- }), "Secrets configure cancelled.")) ?? "", params.max);
1489
- }
1490
- function configureCandidateKey(candidate) {
1491
- if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${normalizeOptionalString(candidate.agentId) ?? ""}:${candidate.path}`;
1492
- return `genesis:${candidate.path}`;
1493
- }
1494
- function hasSourceChoice(sourceChoices, source) {
1495
- return sourceChoices.some((entry) => entry.value === source);
1496
- }
1497
- function resolveCandidateProviderHint(candidate) {
1498
- return normalizeOptionalLowercaseString(candidate.authProfileProvider) ?? normalizeOptionalLowercaseString(candidate.providerId);
1499
- }
1500
- function resolveSuggestedEnvSecretId(candidate) {
1501
- const hintedProvider = resolveCandidateProviderHint(candidate);
1502
- if (!hintedProvider) return;
1503
- const envCandidates = getProviderEnvVars(hintedProvider);
1504
- if (!Array.isArray(envCandidates) || envCandidates.length === 0) return;
1505
- return envCandidates[0];
1506
- }
1507
- function resolveConfigureAgentId(config, explicitAgentId) {
1508
- const knownAgentIds = new Set(listAgentIds(config));
1509
- if (!explicitAgentId) return resolveDefaultAgentId(config);
1510
- const normalized = normalizeAgentId(explicitAgentId);
1511
- if (knownAgentIds.has(normalized)) return normalized;
1512
- const known = [...knownAgentIds].toSorted().join(", ");
1513
- throw new Error(`Unknown agent id "${explicitAgentId}". Known agents: ${known || "none configured"}.`);
1514
- }
1515
- function loadAuthProfileStoreForConfigure(params) {
1516
- return loadPersistedAuthProfileStore(resolveAgentDir(params.config, params.agentId)) ?? {
1517
- version: 1,
1518
- profiles: {}
1519
- };
1520
- }
1521
- async function promptNewAuthProfileCandidate(agentId) {
1522
- const profileId = assertNoCancel(await text({
1523
- message: "Auth profile id",
1524
- validate: (value) => {
1525
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1526
- if (!trimmed) return "Required";
1527
- if (!AUTH_PROFILE_ID_PATTERN.test(trimmed)) return "Use letters/numbers/\":\"/\"_\"/\"-\" only.";
1528
- }
1529
- }), "Secrets configure cancelled.");
1530
- const credentialType = assertNoCancel(await select({
1531
- message: "Auth profile credential type",
1532
- options: [{
1533
- value: "api_key",
1534
- label: "api_key (key/keyRef)"
1535
- }, {
1536
- value: "token",
1537
- label: "token (token/tokenRef)"
1538
- }]
1539
- }), "Secrets configure cancelled.");
1540
- const provider = assertNoCancel(await text({
1541
- message: "Provider id",
1542
- validate: (value) => normalizeStringifiedOptionalString(value) ? void 0 : "Required"
1543
- }), "Secrets configure cancelled.");
1544
- const profileIdTrimmed = normalizeStringifiedOptionalString(profileId) ?? "";
1545
- const providerTrimmed = normalizeStringifiedOptionalString(provider) ?? "";
1546
- if (credentialType === "token") return {
1547
- type: "auth-profiles.token.token",
1548
- path: `profiles.${profileIdTrimmed}.token`,
1549
- pathSegments: [
1550
- "profiles",
1551
- profileIdTrimmed,
1552
- "token"
1553
- ],
1554
- label: `profiles.${profileIdTrimmed}.token (auth profile, agent ${agentId})`,
1555
- configFile: "auth-profiles.json",
1556
- agentId,
1557
- authProfileProvider: providerTrimmed,
1558
- expectedResolvedValue: "string"
1559
- };
1560
- return {
1561
- type: "auth-profiles.api_key.key",
1562
- path: `profiles.${profileIdTrimmed}.key`,
1563
- pathSegments: [
1564
- "profiles",
1565
- profileIdTrimmed,
1566
- "key"
1567
- ],
1568
- label: `profiles.${profileIdTrimmed}.key (auth profile, agent ${agentId})`,
1569
- configFile: "auth-profiles.json",
1570
- agentId,
1571
- authProfileProvider: providerTrimmed,
1572
- expectedResolvedValue: "string"
1573
- };
1574
- }
1575
- async function promptProviderAlias(params) {
1576
- return normalizeStringifiedOptionalString(assertNoCancel(await text({
1577
- message: "Provider alias",
1578
- initialValue: "default",
1579
- validate: (value) => {
1580
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1581
- if (!trimmed) return "Required";
1582
- if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
1583
- if (params.existingAliases.has(trimmed)) return "Alias already exists";
1584
- }
1585
- }), "Secrets configure cancelled.")) ?? "";
1586
- }
1587
- async function promptProviderSource(initial) {
1588
- return assertNoCancel(await select({
1589
- message: "Provider source",
1590
- options: [
1591
- {
1592
- value: "env",
1593
- label: "env"
1594
- },
1595
- {
1596
- value: "file",
1597
- label: "file"
1598
- },
1599
- {
1600
- value: "exec",
1601
- label: "exec"
1602
- }
1603
- ],
1604
- initialValue: initial
1605
- }), "Secrets configure cancelled.");
1606
- }
1607
- async function promptEnvProvider(base) {
1608
- const allowlist = await promptEnvNameCsv({
1609
- message: "Env allowlist (comma-separated, blank for unrestricted)",
1610
- initialValue: base?.allowlist?.join(",") ?? ""
1611
- });
1612
- return {
1613
- source: "env",
1614
- ...allowlist.length > 0 ? { allowlist } : {}
1615
- };
1616
- }
1617
- async function promptFileProvider(base) {
1618
- const filePath = assertNoCancel(await text({
1619
- message: "File path (absolute)",
1620
- initialValue: base?.path ?? "",
1621
- validate: (value) => {
1622
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1623
- if (!trimmed) return "Required";
1624
- if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
1625
- }
1626
- }), "Secrets configure cancelled.");
1627
- const mode = assertNoCancel(await select({
1628
- message: "File mode",
1629
- options: [{
1630
- value: "json",
1631
- label: "json"
1632
- }, {
1633
- value: "singleValue",
1634
- label: "singleValue"
1635
- }],
1636
- initialValue: base?.mode ?? "json"
1637
- }), "Secrets configure cancelled.");
1638
- const timeoutMs = await promptOptionalPositiveInt({
1639
- message: "Timeout ms (blank for default)",
1640
- initialValue: base?.timeoutMs,
1641
- max: 12e4
1642
- });
1643
- const maxBytes = await promptOptionalPositiveInt({
1644
- message: "Max bytes (blank for default)",
1645
- initialValue: base?.maxBytes,
1646
- max: 20 * 1024 * 1024
1647
- });
1648
- const allowInsecurePath = assertNoCancel(await confirm({
1649
- message: "Allow insecure file path checks?",
1650
- initialValue: base?.allowInsecurePath ?? false
1651
- }), "Secrets configure cancelled.");
1652
- return {
1653
- source: "file",
1654
- path: normalizeStringifiedOptionalString(filePath) ?? "",
1655
- mode,
1656
- ...timeoutMs ? { timeoutMs } : {},
1657
- ...maxBytes ? { maxBytes } : {},
1658
- ...allowInsecurePath ? { allowInsecurePath: true } : {}
1659
- };
1660
- }
1661
- async function parseArgsInput(rawValue) {
1662
- const trimmed = rawValue.trim();
1663
- if (!trimmed) return;
1664
- const parsed = JSON.parse(trimmed);
1665
- if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) throw new Error("args must be a JSON array of strings");
1666
- return parsed;
1667
- }
1668
- async function promptExecProvider(base) {
1669
- const command = assertNoCancel(await text({
1670
- message: "Command path (absolute)",
1671
- initialValue: base?.command ?? "",
1672
- validate: (value) => {
1673
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1674
- if (!trimmed) return "Required";
1675
- if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
1676
- if (!isSafeExecutableValue(trimmed)) return "Command value is not allowed";
1677
- }
1678
- }), "Secrets configure cancelled.");
1679
- const argsRaw = assertNoCancel(await text({
1680
- message: "Args JSON array (blank for none)",
1681
- initialValue: JSON.stringify(base?.args ?? []),
1682
- validate: (value) => {
1683
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1684
- if (!trimmed) return;
1685
- try {
1686
- const parsed = JSON.parse(trimmed);
1687
- if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) return "Must be a JSON array of strings";
1688
- return;
1689
- } catch {
1690
- return "Must be valid JSON";
1691
- }
1692
- }
1693
- }), "Secrets configure cancelled.");
1694
- const timeoutMs = await promptOptionalPositiveInt({
1695
- message: "Timeout ms (blank for default)",
1696
- initialValue: base?.timeoutMs,
1697
- max: 12e4
1698
- });
1699
- const noOutputTimeoutMs = await promptOptionalPositiveInt({
1700
- message: "No-output timeout ms (blank for default)",
1701
- initialValue: base?.noOutputTimeoutMs,
1702
- max: 12e4
1703
- });
1704
- const maxOutputBytes = await promptOptionalPositiveInt({
1705
- message: "Max output bytes (blank for default)",
1706
- initialValue: base?.maxOutputBytes,
1707
- max: 20 * 1024 * 1024
1708
- });
1709
- const jsonOnly = assertNoCancel(await confirm({
1710
- message: "Require JSON-only response?",
1711
- initialValue: base?.jsonOnly ?? true
1712
- }), "Secrets configure cancelled.");
1713
- const passEnv = await promptEnvNameCsv({
1714
- message: "Pass-through env vars (comma-separated, blank for none)",
1715
- initialValue: base?.passEnv?.join(",") ?? ""
1716
- });
1717
- const trustedDirsRaw = assertNoCancel(await text({
1718
- message: "Trusted dirs (comma-separated absolute paths, blank for none)",
1719
- initialValue: base?.trustedDirs?.join(",") ?? "",
1720
- validate: (value) => {
1721
- const entries = parseCsv(value ?? "");
1722
- for (const entry of entries) if (!isAbsolutePathValue(entry)) return `Trusted dir must be absolute: ${entry}`;
1723
- }
1724
- }), "Secrets configure cancelled.");
1725
- const allowInsecurePath = assertNoCancel(await confirm({
1726
- message: "Allow insecure command path checks?",
1727
- initialValue: base?.allowInsecurePath ?? false
1728
- }), "Secrets configure cancelled.");
1729
- const allowSymlinkCommand = assertNoCancel(await confirm({
1730
- message: "Allow symlink command path?",
1731
- initialValue: base?.allowSymlinkCommand ?? false
1732
- }), "Secrets configure cancelled.");
1733
- const args = await parseArgsInput(normalizeStringifiedOptionalString(argsRaw) ?? "");
1734
- const trustedDirs = parseCsv(trustedDirsRaw ?? "");
1735
- return {
1736
- source: "exec",
1737
- command: normalizeStringifiedOptionalString(command) ?? "",
1738
- ...args && args.length > 0 ? { args } : {},
1739
- ...timeoutMs ? { timeoutMs } : {},
1740
- ...noOutputTimeoutMs ? { noOutputTimeoutMs } : {},
1741
- ...maxOutputBytes ? { maxOutputBytes } : {},
1742
- ...jsonOnly ? { jsonOnly } : { jsonOnly: false },
1743
- ...passEnv.length > 0 ? { passEnv } : {},
1744
- ...trustedDirs.length > 0 ? { trustedDirs } : {},
1745
- ...allowInsecurePath ? { allowInsecurePath: true } : {},
1746
- ...allowSymlinkCommand ? { allowSymlinkCommand: true } : {},
1747
- ...isRecord(base?.env) ? { env: base.env } : {}
1748
- };
1749
- }
1750
- async function promptProviderConfig(source, current) {
1751
- if (source === "env") return await promptEnvProvider(current?.source === "env" ? current : void 0);
1752
- if (source === "file") return await promptFileProvider(current?.source === "file" ? current : void 0);
1753
- return await promptExecProvider(current?.source === "exec" ? current : void 0);
1754
- }
1755
- async function configureProvidersInteractive(config) {
1756
- while (true) {
1757
- const providers = getSecretProviders(config);
1758
- const providerEntries = Object.entries(providers).toSorted(([left], [right]) => left.localeCompare(right));
1759
- const actionOptions = [{
1760
- value: "add",
1761
- label: "Add provider",
1762
- hint: "Define a new env/file/exec provider"
1763
- }];
1764
- if (providerEntries.length > 0) {
1765
- actionOptions.push({
1766
- value: "edit",
1767
- label: "Edit provider",
1768
- hint: "Update an existing provider"
1769
- });
1770
- actionOptions.push({
1771
- value: "remove",
1772
- label: "Remove provider",
1773
- hint: "Delete a provider alias"
1774
- });
1775
- }
1776
- actionOptions.push({
1777
- value: "continue",
1778
- label: "Continue",
1779
- hint: "Move to credential mapping"
1780
- });
1781
- const action = assertNoCancel(await select({
1782
- message: providerEntries.length > 0 ? "Configure secret providers" : "Configure secret providers (only env refs are available until file/exec providers are added)",
1783
- options: actionOptions
1784
- }), "Secrets configure cancelled.");
1785
- if (action === "continue") return;
1786
- if (action === "add") {
1787
- const source = await promptProviderSource();
1788
- setSecretProvider(config, await promptProviderAlias({ existingAliases: new Set(providerEntries.map(([providerAlias]) => providerAlias)) }), await promptProviderConfig(source));
1789
- continue;
1790
- }
1791
- if (action === "edit") {
1792
- const alias = assertNoCancel(await select({
1793
- message: "Select provider to edit",
1794
- options: providerEntries.map(([providerAlias, providerConfig]) => ({
1795
- value: providerAlias,
1796
- label: providerAlias,
1797
- hint: providerHint(providerConfig)
1798
- }))
1799
- }), "Secrets configure cancelled.");
1800
- const current = providers[alias];
1801
- if (!current) continue;
1802
- const nextProviderConfig = await promptProviderConfig(await promptProviderSource(current.source), current);
1803
- if (!isDeepStrictEqual(current, nextProviderConfig)) setSecretProvider(config, alias, nextProviderConfig);
1804
- continue;
1805
- }
1806
- if (action === "remove") {
1807
- const alias = assertNoCancel(await select({
1808
- message: "Select provider to remove",
1809
- options: providerEntries.map(([providerAlias, providerConfig]) => ({
1810
- value: providerAlias,
1811
- label: providerAlias,
1812
- hint: providerHint(providerConfig)
1813
- }))
1814
- }), "Secrets configure cancelled.");
1815
- if (assertNoCancel(await confirm({
1816
- message: `Remove provider "${alias}"?`,
1817
- initialValue: false
1818
- }), "Secrets configure cancelled.")) removeSecretProvider(config, alias);
1819
- }
1820
- }
1821
- }
1822
- async function runSecretsConfigureInteractive(params = {}) {
1823
- if (!process.stdin.isTTY) throw new Error("secrets configure requires an interactive TTY.");
1824
- if (params.providersOnly && params.skipProviderSetup) throw new Error("Cannot combine --providers-only with --skip-provider-setup.");
1825
- const env = params.env ?? process.env;
1826
- const allowExecInPreflight = Boolean(params.allowExecInPreflight);
1827
- const { snapshot } = await createSecretsConfigIO({ env }).readConfigFileSnapshotForWrite();
1828
- if (!snapshot.valid) throw new Error("Cannot run interactive secrets configure because config is invalid.");
1829
- const stagedConfig = structuredClone(snapshot.config);
1830
- if (!params.skipProviderSetup) await configureProvidersInteractive(stagedConfig);
1831
- const providerChanges = collectConfigureProviderChanges({
1832
- original: snapshot.config,
1833
- next: stagedConfig
1834
- });
1835
- const selectedByPath = /* @__PURE__ */ new Map();
1836
- if (!params.providersOnly) {
1837
- const configureAgentId = resolveConfigureAgentId(snapshot.config, params.agentId);
1838
- const authStore = loadAuthProfileStoreForConfigure({
1839
- config: snapshot.config,
1840
- agentId: configureAgentId
1841
- });
1842
- const candidates = buildConfigureCandidatesForScope({
1843
- config: stagedConfig,
1844
- authoredGenesisConfig: snapshot.resolved,
1845
- authProfiles: {
1846
- agentId: configureAgentId,
1847
- store: authStore
1848
- }
1849
- });
1850
- if (candidates.length === 0) throw new Error("No configurable secret-bearing fields found for this agent scope.");
1851
- const sourceChoices = toSourceChoices(stagedConfig);
1852
- const hasDerivedCandidates = candidates.some((candidate) => candidate.isDerived === true);
1853
- let showDerivedCandidates = false;
1854
- while (true) {
1855
- const visibleCandidates = showDerivedCandidates ? candidates : candidates.filter((candidate) => candidate.isDerived !== true);
1856
- const options = visibleCandidates.map((candidate) => ({
1857
- value: configureCandidateKey(candidate),
1858
- label: candidate.label,
1859
- hint: [candidate.configFile === "auth-profiles.json" ? "auth-profiles.json" : "genesis.json", candidate.isDerived === true ? "derived" : void 0].filter(Boolean).join(" | ")
1860
- }));
1861
- options.push({
1862
- value: "__create_auth_profile__",
1863
- label: "Create auth profile mapping",
1864
- hint: `Add a new auth-profiles target for agent ${configureAgentId}`
1865
- });
1866
- if (hasDerivedCandidates) options.push({
1867
- value: "__toggle_derived__",
1868
- label: showDerivedCandidates ? "Hide derived targets" : "Show derived targets",
1869
- hint: showDerivedCandidates ? "Show only fields authored directly in config" : "Include normalized/derived aliases"
1870
- });
1871
- if (selectedByPath.size > 0) options.unshift({
1872
- value: "__done__",
1873
- label: "Done",
1874
- hint: "Finish and run preflight"
1875
- });
1876
- const selectedPath = assertNoCancel(await select({
1877
- message: "Select credential field",
1878
- options
1879
- }), "Secrets configure cancelled.");
1880
- if (selectedPath === "__done__") break;
1881
- if (selectedPath === "__create_auth_profile__") {
1882
- const createdCandidate = await promptNewAuthProfileCandidate(configureAgentId);
1883
- const key = configureCandidateKey(createdCandidate);
1884
- const existingIndex = candidates.findIndex((entry) => configureCandidateKey(entry) === key);
1885
- if (existingIndex >= 0) candidates[existingIndex] = createdCandidate;
1886
- else candidates.push(createdCandidate);
1887
- continue;
1888
- }
1889
- if (selectedPath === "__toggle_derived__") {
1890
- showDerivedCandidates = !showDerivedCandidates;
1891
- continue;
1892
- }
1893
- const candidate = visibleCandidates.find((entry) => configureCandidateKey(entry) === selectedPath);
1894
- if (!candidate) throw new Error(`Unknown configure target: ${selectedPath}`);
1895
- const candidateKey = configureCandidateKey(candidate);
1896
- const existingRef = selectedByPath.get(candidateKey)?.ref ?? candidate.existingRef;
1897
- const source = assertNoCancel(await select({
1898
- message: "Secret source",
1899
- options: sourceChoices,
1900
- initialValue: existingRef && hasSourceChoice(sourceChoices, existingRef.source) ? existingRef.source : void 0
1901
- }), "Secrets configure cancelled.");
1902
- const defaultAlias = resolveDefaultSecretProviderAlias(stagedConfig, source, { preferFirstProviderForSource: true });
1903
- const providerAlias = normalizeStringifiedOptionalString(assertNoCancel(await text({
1904
- message: "Provider alias",
1905
- initialValue: existingRef?.source === source ? existingRef.provider : defaultAlias,
1906
- validate: (value) => {
1907
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1908
- if (!trimmed) return "Required";
1909
- if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
1910
- }
1911
- }), "Secrets configure cancelled.")) ?? "";
1912
- let suggestedId = existingRef?.source === source ? existingRef.id : void 0;
1913
- if (!suggestedId && source === "env") suggestedId = resolveSuggestedEnvSecretId(candidate);
1914
- if (!suggestedId && source === "file") {
1915
- const configuredProvider = stagedConfig.secrets?.providers?.[providerAlias];
1916
- if (configuredProvider?.source === "file" && configuredProvider.mode === "singleValue") suggestedId = "value";
1917
- }
1918
- const ref = {
1919
- source,
1920
- provider: providerAlias,
1921
- id: normalizeStringifiedOptionalString(assertNoCancel(await text({
1922
- message: "Secret id",
1923
- initialValue: suggestedId,
1924
- validate: (value) => {
1925
- const trimmed = normalizeStringifiedOptionalString(value) ?? "";
1926
- if (!trimmed) return "Required";
1927
- if (source === "exec" && !isValidExecSecretRefId(trimmed)) return formatExecSecretRefIdValidationMessage();
1928
- }
1929
- }), "Secrets configure cancelled.")) ?? ""
1930
- };
1931
- if (ref.source === "exec" && !allowExecInPreflight) {
1932
- const staticError = getSkippedExecRefStaticError({
1933
- ref,
1934
- config: stagedConfig
1935
- });
1936
- if (staticError) throw new Error(staticError);
1937
- } else assertExpectedResolvedSecretValue({
1938
- value: await resolveSecretRefValue(ref, {
1939
- config: stagedConfig,
1940
- env
1941
- }),
1942
- expected: candidate.expectedResolvedValue,
1943
- errorMessage: candidate.expectedResolvedValue === "string" ? `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a non-empty string.` : `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a supported value type.`
1944
- });
1945
- const next = {
1946
- ...candidate,
1947
- ref
1948
- };
1949
- selectedByPath.set(candidateKey, next);
1950
- if (!assertNoCancel(await confirm({
1951
- message: "Configure another credential?",
1952
- initialValue: true
1953
- }), "Secrets configure cancelled.")) break;
1954
- }
1955
- }
1956
- if (!hasConfigurePlanChanges({
1957
- selectedTargets: selectedByPath,
1958
- providerChanges
1959
- })) throw new Error("No secrets changes were selected.");
1960
- const plan = buildSecretsConfigurePlan({
1961
- selectedTargets: selectedByPath,
1962
- providerChanges
1963
- });
1964
- return {
1965
- plan,
1966
- preflight: await runSecretsApply({
1967
- plan,
1968
- env,
1969
- write: false,
1970
- allowExec: allowExecInPreflight
1971
- })
1972
- };
1973
- }
1974
- //#endregion
1975
- //#region src/cli/secrets-cli.ts
1976
- function readPlanFile(pathname) {
1977
- const raw = fs.readFileSync(pathname, "utf8");
1978
- const parsed = JSON.parse(raw);
1979
- if (!isSecretsApplyPlan(parsed)) throw new Error(`Invalid secrets plan file: ${pathname}`);
1980
- return parsed;
1981
- }
1982
- function registerSecretsCli(program) {
1983
- const secrets = program.command("secrets").description("Secrets runtime controls").addHelpText("after", () => `\n${theme.muted("Docs:")} ${formatDocsLink("/gateway/security", "docs.genesis.ai/gateway/security")}\n`);
1984
- addGatewayClientOptions(secrets.command("reload").description("Re-resolve secret references and atomically swap runtime snapshot").option("--json", "Output JSON", false)).action(async (opts) => {
1985
- try {
1986
- const result = await callGatewayFromCli("secrets.reload", opts, void 0, { expectFinal: false });
1987
- if (opts.json) {
1988
- defaultRuntime.writeJson(result);
1989
- return;
1990
- }
1991
- const warningCount = Number(result?.warningCount ?? 0);
1992
- if (Number.isFinite(warningCount) && warningCount > 0) {
1993
- defaultRuntime.log(`Secrets reloaded with ${warningCount} warning(s).`);
1994
- return;
1995
- }
1996
- defaultRuntime.log("Secrets reloaded.");
1997
- } catch (err) {
1998
- defaultRuntime.error(danger(String(err)));
1999
- defaultRuntime.exit(1);
2000
- }
2001
- });
2002
- secrets.command("audit").description("Audit plaintext secrets, unresolved refs, and precedence drift").option("--check", "Exit non-zero when findings are present", false).option("--allow-exec", "Allow exec SecretRef resolution during audit (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
2003
- try {
2004
- const report = await runSecretsAudit({ allowExec: Boolean(opts.allowExec) });
2005
- if (opts.json) defaultRuntime.writeJson(report);
2006
- else {
2007
- defaultRuntime.log(`Secrets audit: ${report.status}. plaintext=${report.summary.plaintextCount}, unresolved=${report.summary.unresolvedRefCount}, shadowed=${report.summary.shadowedRefCount}, legacy=${report.summary.legacyResidueCount}.`);
2008
- if (report.findings.length > 0) {
2009
- for (const finding of report.findings.slice(0, 20)) defaultRuntime.log(`- [${finding.code}] ${finding.file}:${finding.jsonPath} ${finding.message}`);
2010
- if (report.findings.length > 20) defaultRuntime.log(`... ${report.findings.length - 20} more finding(s).`);
2011
- }
2012
- if (report.resolution.skippedExecRefs > 0) defaultRuntime.log(`Audit note: skipped ${report.resolution.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during audit.`);
2013
- }
2014
- const exitCode = resolveSecretsAuditExitCode(report, Boolean(opts.check));
2015
- if (exitCode !== 0) defaultRuntime.exit(exitCode);
2016
- } catch (err) {
2017
- defaultRuntime.error(danger(String(err)));
2018
- defaultRuntime.exit(2);
2019
- }
2020
- });
2021
- secrets.command("configure").description("Interactive secrets helper (provider setup + SecretRef mapping + preflight)").option("--apply", "Apply changes immediately after preflight", false).option("--yes", "Skip apply confirmation prompt", false).option("--providers-only", "Configure secrets.providers only, skip credential mapping", false).option("--skip-provider-setup", "Skip provider setup and only map credential fields to existing providers", false).option("--agent <id>", "Agent id for auth-profiles targets (default: configured default agent)").option("--allow-exec", "Allow exec SecretRef preflight checks (may execute provider commands)", false).option("--plan-out <path>", "Write generated plan JSON to a file").option("--json", "Output JSON", false).action(async (opts) => {
2022
- try {
2023
- const configured = await runSecretsConfigureInteractive({
2024
- providersOnly: Boolean(opts.providersOnly),
2025
- skipProviderSetup: Boolean(opts.skipProviderSetup),
2026
- agentId: typeof opts.agent === "string" ? opts.agent : void 0,
2027
- allowExecInPreflight: Boolean(opts.allowExec)
2028
- });
2029
- if (opts.planOut) fs.writeFileSync(opts.planOut, `${JSON.stringify(configured.plan, null, 2)}\n`, "utf8");
2030
- if (opts.json) defaultRuntime.writeJson({
2031
- plan: configured.plan,
2032
- preflight: configured.preflight
2033
- });
2034
- else {
2035
- defaultRuntime.log(`Preflight: changed=${configured.preflight.changed}, files=${configured.preflight.changedFiles.length}, warnings=${configured.preflight.warningCount}.`);
2036
- if (configured.preflight.warningCount > 0) for (const warning of configured.preflight.warnings) defaultRuntime.log(`- warning: ${warning}`);
2037
- if (!configured.preflight.checks.resolvabilityComplete && configured.preflight.skippedExecRefs > 0) defaultRuntime.log(`Preflight note: skipped ${configured.preflight.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during preflight.`);
2038
- const providerUpserts = Object.keys(configured.plan.providerUpserts ?? {}).length;
2039
- const providerDeletes = configured.plan.providerDeletes?.length ?? 0;
2040
- defaultRuntime.log(`Plan: targets=${configured.plan.targets.length}, providerUpserts=${providerUpserts}, providerDeletes=${providerDeletes}.`);
2041
- if (opts.planOut) defaultRuntime.log(`Plan written to ${opts.planOut}`);
2042
- }
2043
- let shouldApply = Boolean(opts.apply);
2044
- if (!shouldApply && !opts.json) {
2045
- const approved = await confirm({
2046
- message: "Apply this plan now?",
2047
- initialValue: true
2048
- });
2049
- if (typeof approved === "boolean") shouldApply = approved;
2050
- }
2051
- if (shouldApply) {
2052
- if (Boolean(opts.apply) && !opts.yes && !opts.json) {
2053
- if (await confirm({
2054
- message: "This migration is one-way for migrated plaintext values. Continue with apply?",
2055
- initialValue: true
2056
- }) !== true) {
2057
- defaultRuntime.log("Apply cancelled.");
2058
- return;
2059
- }
2060
- }
2061
- const result = await runSecretsApply({
2062
- plan: configured.plan,
2063
- write: true,
2064
- allowExec: Boolean(opts.allowExec)
2065
- });
2066
- if (opts.json) {
2067
- defaultRuntime.writeJson(result);
2068
- return;
2069
- }
2070
- defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
2071
- }
2072
- } catch (err) {
2073
- defaultRuntime.error(danger(String(err)));
2074
- defaultRuntime.exit(1);
2075
- }
2076
- });
2077
- secrets.command("apply").description("Apply a previously generated secrets plan").requiredOption("--from <path>", "Path to plan JSON").option("--dry-run", "Validate/preflight only", false).option("--allow-exec", "Allow exec SecretRef checks (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
2078
- try {
2079
- const result = await runSecretsApply({
2080
- plan: readPlanFile(opts.from),
2081
- write: !opts.dryRun,
2082
- allowExec: Boolean(opts.allowExec)
2083
- });
2084
- if (opts.json) {
2085
- defaultRuntime.writeJson(result);
2086
- return;
2087
- }
2088
- if (opts.dryRun) {
2089
- defaultRuntime.log(result.changed ? `Secrets apply dry run: ${result.changedFiles.length} file(s) would change.` : "Secrets apply dry run: no changes.");
2090
- if (!result.checks.resolvabilityComplete && result.skippedExecRefs > 0) defaultRuntime.log(`Secrets apply dry-run note: skipped ${result.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during dry-run.`);
2091
- return;
2092
- }
2093
- defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
2094
- } catch (err) {
2095
- defaultRuntime.error(danger(String(err)));
2096
- defaultRuntime.exit(1);
2097
- }
2098
- });
2099
- }
2100
- //#endregion
2101
- export { registerSecretsCli };