@pixelzx/genesis 2026.6.28 → 2026.7.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/.buildstamp +1 -1
- package/dist/abort-cutoff.runtime-Cfv6I4gf.js +20 -0
- package/dist/abort-cutoff.runtime.js +1 -1
- package/dist/abort-xF_zj8_u.js +201 -0
- package/dist/abort.runtime-JUukGuW3.js +2 -0
- package/dist/abort.runtime.js +1 -1
- package/dist/accounts-C0jW92It.js +104 -0
- package/dist/accounts-C2ZexWg6.js +107 -0
- package/dist/accounts-tEPx6Fnd.js +2 -0
- package/dist/acp-cli-De2oyz3e.js +2217 -0
- package/dist/acp-spawn-7VB8ie8I.js +1042 -0
- package/dist/acp-spawn-C6VfLE4o.js +2 -0
- package/dist/acp-stateful-target-driver-ctUymwnI.js +89 -0
- package/dist/action-agents-Dy45TQ9X.js +67 -0
- package/dist/action-focus-hzygEAz5.js +132 -0
- package/dist/action-help-D1h2Czko.js +7 -0
- package/dist/action-info-EDBi7fre.js +101 -0
- package/dist/action-kill-CBNgmCsz.js +33 -0
- package/dist/action-list-C6KC8Ulv.js +21 -0
- package/dist/action-log-C0R9AwnB.js +30 -0
- package/dist/action-send-DZw27QoS.js +39 -0
- package/dist/action-spawn-BXEOYBEH.js +47 -0
- package/dist/action-unfocus-DWFUpr-g.js +29 -0
- package/dist/actions.runtime-1HHNbwPa.js +5 -0
- package/dist/actions.runtime-GFSX3jST.js +18 -0
- package/dist/actions.runtime.js +1 -1
- package/dist/agent-CU42dfye.js +2 -0
- package/dist/agent-command-Baehh2jJ.js +874 -0
- package/dist/agent-harness-runtime-Bmln4mlS.js +144 -0
- package/dist/agent-runner-utils-xPwHxFwc.js +239 -0
- package/dist/agent-runner.runtime-BBx0eqAs.js +3443 -0
- package/dist/agent-runner.runtime.js +1 -1
- package/dist/agent-runtime-mKUGZmYk.js +18 -0
- package/dist/agents-C_kp6PcN.js +954 -0
- package/dist/agents-D7-4l9xG.js +5 -0
- package/dist/agents.command-shared-j4Ht1HMt.js +40 -0
- package/dist/aliases-BR-85AbT.js +96 -0
- package/dist/aliases-DH4MEghL.js +2 -0
- package/dist/api-7axT1c4t.js +4 -0
- package/dist/api-8dcgPyEO.js +139 -0
- package/dist/api-BWV-Ja5Y.js +48 -0
- package/dist/api-C6Dl-nsC.js +3 -0
- package/dist/api-CeoOTFsR.js +5 -0
- package/dist/apply-DFpc3-ic.js +508 -0
- package/dist/apply.runtime-BpuwcltB.js +166 -0
- package/dist/apply.runtime-CyFkfilC.js +2 -0
- package/dist/apply.runtime.js +1 -1
- package/dist/approval-gateway-resolver-B5iZVyl3.js +29 -0
- package/dist/approval-gateway-runtime-DJMhFL8_.js +2 -0
- package/dist/approval-handler-runtime-CvlNyTSd.js +439 -0
- package/dist/approval-native-runtime-DIP1UVwF.js +729 -0
- package/dist/attempt-execution.runtime-Dnj7Dunz.js +509 -0
- package/dist/attempt-execution.runtime.js +1 -1
- package/dist/attempt-execution.shared-CJLlmxzq.js +22 -0
- package/dist/attempt.prompt-helpers-yXlkhGj_.js +206 -0
- package/dist/attempt.tool-run-context-DplnP36r.js +933 -0
- package/dist/audit-CP153cHC.js +939 -0
- package/dist/audit-channel.collect.runtime.js +1 -1
- package/dist/audit-extra.async-B52PswlQ.js +971 -0
- package/dist/audit-tool-policy-CMwmd8Xs.js +3 -0
- package/dist/audit.deep.runtime-BC4XWNSr.js +2 -0
- package/dist/audit.deep.runtime.js +1 -1
- package/dist/audit.nondeep.runtime-Dvng3qfA.js +880 -0
- package/dist/audit.nondeep.runtime.js +1 -1
- package/dist/audit.runtime-BPEAdYYt.js +7 -0
- package/dist/audit.runtime.js +1 -1
- package/dist/auth-CGB_0fnH.js +550 -0
- package/dist/auth-DXk-SISv.js +56 -0
- package/dist/auth-_41Zyvnc.js +2 -0
- package/dist/auth-bH95QjyV.js +177 -0
- package/dist/auth-choice-Bn-ygZZg.js +3 -0
- package/dist/auth-choice-CmUhzrUA.js +85 -0
- package/dist/auth-order-Cnl7fD4m.js +2 -0
- package/dist/auth-order-DTEvHo9G.js +139 -0
- package/dist/bash-tools-E5RKIMX4.js +2853 -0
- package/dist/bash-tools-n2uf-L6x.js +3 -0
- package/dist/bash-tools.exec-runtime-BSErqAOv.js +823 -0
- package/dist/binding-routing-MxZZJi7B.js +85 -0
- package/dist/binding-targets-DOjf91v9.js +121 -0
- package/dist/bridge-server-C9sdVkxe.js +113 -0
- package/dist/browser-control-auth-Ds_CXo7-.js +2 -0
- package/dist/browser-node-runtime-CrrZhgmT.js +12 -0
- package/dist/browser-profiles-DSq_VuWU.js +2 -0
- package/dist/browser-runtime-D3bUe2ki.js +387 -0
- package/dist/browser-setup-tools-BzBeI9sr.js +13 -0
- package/dist/build-BQ7uMjfi.js +550 -0
- package/dist/build-info.json +3 -3
- package/dist/bundled/boot-md/handler.js +3 -3
- package/dist/bundled/session-memory/handler.js +1 -1
- package/dist/call-C5EHc2Ve.js +3 -0
- package/dist/call-DgFhP0IB.js +330 -0
- package/dist/call.runtime-CBWpY5ek.js +2 -0
- package/dist/call.runtime.js +1 -1
- package/dist/capability-cli-CF-5WxGW.js +1401 -0
- package/dist/catalog-provider-BefDFS32.js +40 -0
- package/dist/catchup-DEgTzUZf.js +300 -0
- package/dist/channel-B9Z1yOBL.js +1100 -0
- package/dist/channel-BQalh8q5.js +1320 -0
- package/dist/channel-B_D0qB8f.js +297 -0
- package/dist/channel-CveiiHEq.js +226 -0
- package/dist/channel-DPRWC_X5.js +1802 -0
- package/dist/channel-DTNwXKB7.js +350 -0
- package/dist/channel-DsWHOdeO.js +840 -0
- package/dist/channel-IYn5sG7l.js +453 -0
- package/dist/channel-MwEUOERy.js +1174 -0
- package/dist/channel-add-wizard-De4DNba-.js +125 -0
- package/dist/channel-add-wizard-v9JYw-20.js +2 -0
- package/dist/channel-core-C3RFVpjy.js +5 -0
- package/dist/channel-geAqqK_e.js +491 -0
- package/dist/channel-inbound-BRCAVWH1.js +31 -0
- package/dist/channel-plugin-resolution-BYpxL2mS.js +2 -0
- package/dist/channel-plugin-resolution-Jy5eA_cD.js +153 -0
- package/dist/channel-plugin-runtime-B7guFbbq.js +771 -0
- package/dist/channel-runtime-B2HmUto-.js +425 -0
- package/dist/channel-selection.runtime.js +1 -1
- package/dist/channel-setup-DmnWuvUU.js +1297 -0
- package/dist/channel-zfFLswBu.js +595 -0
- package/dist/channel.runtime-60XStiek.js +2364 -0
- package/dist/channel.runtime-BK8atBx7.js +430 -0
- package/dist/channel.runtime-CjfgGDJR.js +576 -0
- package/dist/channel.runtime-Cuc72hD3.js +89 -0
- package/dist/channel.runtime-D4i6q9PJ.js +4 -0
- package/dist/channel.runtime-mLdKu3mE.js +42398 -0
- package/dist/channel.runtime.js +1 -1
- package/dist/channel.setup-BxdBjfQG.js +10 -0
- package/dist/channel2.runtime-DhBM75gc.js +109 -0
- package/dist/channel2.runtime.js +1 -1
- package/dist/channels-YP0r9T7z.js +733 -0
- package/dist/channels-cli-BA8x-0ie.js +268 -0
- package/dist/chat-C-K_PnVS.js +2830 -0
- package/dist/clawbot-cli-CcTWZznd.js +9 -0
- package/dist/clawhub-Dg91MiOl.js +400 -0
- package/dist/cli/daemon-cli.js +3 -3
- package/dist/cli-B9pz-wec.js +2 -0
- package/dist/cli-BDqmMCNa.js +219 -0
- package/dist/cli-BnjgRW4w.js +154 -0
- package/dist/cli-C6O2LqdN.js +683 -0
- package/dist/cli-CFANcv9h.js +2 -0
- package/dist/cli-D9yBNX96.js +3726 -0
- package/dist/cli-e4V7ix51.js +2 -0
- package/dist/cli-oSszUBF4.js +72 -0
- package/dist/cli-runner-ziqCSXFY.js +286 -0
- package/dist/cli-runner.runtime-B-P8SxLi.js +4 -0
- package/dist/cli-runner.runtime-BmqwbMTX.js +3 -0
- package/dist/cli-runner.runtime.js +1 -1
- package/dist/cli-startup-metadata.json +2 -2
- package/dist/cli.runtime-4isBQRbc.js +1261 -0
- package/dist/cli.runtime.js +1 -1
- package/dist/client-CcimlPth.js +138 -0
- package/dist/client-DQsu_IXu.js +723 -0
- package/dist/command-auth-BWQO7kca.js +76 -0
- package/dist/command-config-resolution-ClTknI2S.js +2 -0
- package/dist/command-config-resolution-CrkcVij4.js +23 -0
- package/dist/command-config-resolution.runtime-D6B4s-Uv.js +2 -0
- package/dist/command-config-resolution.runtime.js +1 -1
- package/dist/command-execution-startup-CQcKEDhz.js +324 -0
- package/dist/command-registry-B_U-oRjT.js +4 -0
- package/dist/command-registry-CJ8y08cJ.js +9 -0
- package/dist/command-registry-core-CjYDA5Hb.js +106 -0
- package/dist/command-secret-gateway-BN5JN_4V.js +528 -0
- package/dist/command-status.runtime-BwGSaGwK.js +87 -0
- package/dist/command-status.runtime.js +1 -1
- package/dist/commands-acp-Di5EZJSo.js +77 -0
- package/dist/commands-compact.runtime-Dm1rBnbf.js +10 -0
- package/dist/commands-compact.runtime.js +1 -1
- package/dist/commands-core.runtime-DjL6pkWU.js +2 -0
- package/dist/commands-core.runtime.js +1 -1
- package/dist/commands-handlers.runtime-C8uzW3Za.js +4599 -0
- package/dist/commands-handlers.runtime.js +1 -1
- package/dist/commands-reset-hooks-7h-poKws.js +135 -0
- package/dist/commands-status-D_wsDlQe.js +16 -0
- package/dist/commands-status.runtime-BYT0Y8Xk.js +3 -0
- package/dist/commands-status.runtime.js +1 -1
- package/dist/commands-subagents-control.runtime-BozyiWar.js +3 -0
- package/dist/commands-subagents-control.runtime-DDCzt8Ub.js +2 -0
- package/dist/commands-subagents-control.runtime.js +1 -1
- package/dist/commands-system-prompt-ClkTGvNr.js +157 -0
- package/dist/commands-system-prompt-qRoqhQKL.js +2 -0
- package/dist/commands.runtime-DdZErCma.js +167 -0
- package/dist/commands.runtime.js +1 -1
- package/dist/compact-BCs9ORLb.js +1096 -0
- package/dist/compact.runtime-DvG7GWYV.js +12 -0
- package/dist/compact.runtime.js +1 -1
- package/dist/completion-cli-C4J7V5YR.js +328 -0
- package/dist/config-B0uPLzV0.js +252 -0
- package/dist/config-cli-Bt8euI41.js +1078 -0
- package/dist/config-guard-DUDovz1_.js +96 -0
- package/dist/config-runtime-BnYU3hOw.js +32 -0
- package/dist/configure-BIB6QKXD.js +2 -0
- package/dist/configure-DuXRvaw-.js +1252 -0
- package/dist/connect-options-DdLRs3mC.js +699 -0
- package/dist/control-auth-BboB6-Q9.js +125 -0
- package/dist/control-service-zISWiuJ_.js +156 -0
- package/dist/control-ui/assets/agents-JC5PtqrV.js +1125 -0
- package/dist/control-ui/assets/canvas-BOLwH2XE.js +274 -0
- package/dist/control-ui/assets/channel-config-extras-DndsWi2n.js +2 -0
- package/dist/control-ui/assets/channels-DehEkmqb.js +198 -0
- package/dist/control-ui/assets/contacts-CuFuG0IF.js +49 -0
- package/dist/control-ui/assets/cron-DOmGA0e5.js +250 -0
- package/dist/control-ui/assets/de-CJg8xmlK.js +2 -0
- package/dist/control-ui/assets/debug-BmuUKCSJ.js +94 -0
- package/dist/control-ui/assets/es-C4Q-2wY3.js +2 -0
- package/dist/control-ui/assets/fr-C8HMIYz8.js +2 -0
- package/dist/control-ui/assets/i18n-Cc8tlfvD.js +3 -0
- package/dist/control-ui/assets/id-Cfarvm3I.js +2 -0
- package/dist/control-ui/assets/index-rW3Q6M8T.js +5981 -0
- package/dist/control-ui/assets/instances-Cx7hEWzW.js +57 -0
- package/dist/control-ui/assets/ja-JP-F9ReJBkI.js +2 -0
- package/dist/control-ui/assets/ko-COLp1JKa.js +2 -0
- package/dist/control-ui/assets/logs-DB-Z5vcW.js +74 -0
- package/dist/control-ui/assets/mcp-Cpcduudl.js +417 -0
- package/dist/control-ui/assets/memory-DnzEGr6j.js +50 -0
- package/dist/control-ui/assets/memory-graph-DyR9Uhz0.js +30 -0
- package/dist/control-ui/assets/models-DiDA_80_.js +86 -0
- package/dist/control-ui/assets/nodes-DBKCXfee.js +654 -0
- package/dist/control-ui/assets/pl-BYPzLeb4.js +2 -0
- package/dist/control-ui/assets/plugins-CwfOfaNX.js +259 -0
- package/dist/control-ui/assets/presenter-5bq6-zJE.js +2 -0
- package/dist/control-ui/assets/pt-BR-DTBFbuCo.js +2 -0
- package/dist/control-ui/assets/sessions-B32pl2IK.js +56 -0
- package/dist/control-ui/assets/skills-UF7TyQK4.js +294 -0
- package/dist/control-ui/assets/skills-shared-B74z1P-E.js +11 -0
- package/dist/control-ui/assets/th-CIjDBcNT.js +2 -0
- package/dist/control-ui/assets/tr-NCpkXtTg.js +2 -0
- package/dist/control-ui/assets/uk-DvS1vsmH.js +2 -0
- package/dist/control-ui/assets/wallet-RKPn2MRs.js +302 -0
- package/dist/control-ui/assets/zh-CN-SfnMOQr0.js +2 -0
- package/dist/control-ui/assets/zh-TW-CkQgNjXi.js +2 -0
- package/dist/control-ui/index.html +2 -2
- package/dist/control-ui-CKQ17fcd.js +1043 -0
- package/dist/conversation-id-BzYtax7n.js +235 -0
- package/dist/conversation-id-HBz3v6j3.js +38 -0
- package/dist/conversation-runtime-CkcxSb_S.js +31 -0
- package/dist/core-DxVEjt5f.js +275 -0
- package/dist/create-B9OOGa90.js +80 -0
- package/dist/cron-cli-CAkqablA.js +713 -0
- package/dist/daemon-cli-CCC_5IkN.js +12 -0
- package/dist/dashboard-Bqpn6xD_.js +81 -0
- package/dist/dashboard-Cd6TkhpW.js +2 -0
- package/dist/delegate-D7D8iTtT.js +64 -0
- package/dist/deliver-I8Ifd1yR.js +3 -0
- package/dist/deliver-Zphc65zr.js +747 -0
- package/dist/deliver-runtime-DQyfYkCs.js +2 -0
- package/dist/delivery-outbound.runtime-Bs9x6LSS.js +6 -0
- package/dist/delivery-outbound.runtime.js +1 -1
- package/dist/delivery.runtime-Cx3qn7Hc.js +253 -0
- package/dist/delivery.runtime.js +1 -1
- package/dist/detached-task-runtime-D2jixP5C.js +73 -0
- package/dist/devices-cli-CMnaKl01.js +498 -0
- package/dist/diagnostics-B8Z9UWlG.js +154 -0
- package/dist/direct-dm-c4Qb2Nzg.js +64 -0
- package/dist/directive-handling.fast-lane-DuuCgCI2.js +66 -0
- package/dist/directive-handling.impl-BiJain1b.js +2 -0
- package/dist/directive-handling.impl-CYw76-Ag.js +703 -0
- package/dist/directive-handling.model-selection-BNnOIh0D.js +114 -0
- package/dist/directive-handling.persist.runtime-DWnMoAjn.js +215 -0
- package/dist/directive-handling.persist.runtime.js +1 -1
- package/dist/directory-cli-CinbUxv4.js +240 -0
- package/dist/dispatch-acp-BL2QahHP.js +981 -0
- package/dist/dispatch-acp-manager.runtime-CynWPlJS.js +3 -0
- package/dist/dispatch-acp-manager.runtime.js +1 -1
- package/dist/dispatch-acp-media.runtime-CrC5nXXy.js +4 -0
- package/dist/dispatch-acp-media.runtime.js +1 -1
- package/dist/dispatch-acp-session.runtime-C_GFMR0r.js +2 -0
- package/dist/dispatch-acp-session.runtime.js +1 -1
- package/dist/dispatch-acp.runtime-OwR8G8Qt.js +19 -0
- package/dist/dispatch-acp.runtime.js +1 -1
- package/dist/dispatch-r6Uv7puk.js +1131 -0
- package/dist/doctor-config-flow-BQjLEW5b.js +420 -0
- package/dist/doctor-config-preflight-B3VVSleh.js +63 -0
- package/dist/doctor-config-preflight-BBOEq7ti.js +2 -0
- package/dist/doctor-device-pairing-GsLelCah.js +307 -0
- package/dist/doctor-gateway-daemon-flow-Bj6Y5WoB.js +250 -0
- package/dist/doctor-gateway-health-D7WY6zgb.js +63 -0
- package/dist/doctor-health-C9GRQaPA.js +59 -0
- package/dist/doctor-health-contributions-Dk9ho6TO.js +493 -0
- package/dist/doctor-prompter-Ct6Jv52M.js +56 -0
- package/dist/doctor-sandbox-DAb-mQpy.js +194 -0
- package/dist/doctor-state-migrations-36dXc9ct.js +2 -0
- package/dist/doctor-workspace-status-CJCfWEI6.js +75 -0
- package/dist/dreaming-_hTKF5lN.js +1582 -0
- package/dist/dreaming-narrative-D5XTDttN.js +596 -0
- package/dist/embedded-gateway-stub.runtime-CEmoodA9.js +9 -0
- package/dist/embedded-gateway-stub.runtime.js +1 -1
- package/dist/embedding-provider-B9F-kCH3.js +118 -0
- package/dist/embeddings-BCVqTyaZ.js +215 -0
- package/dist/embeddings-http-CCsd7vWB.js +205 -0
- package/dist/entry.js +2 -2
- package/dist/exec-approval-forwarder.runtime-CMniJyXX.js +3 -0
- package/dist/exec-approval-forwarder.runtime.js +1 -1
- package/dist/exec-approvals-cli-ClDMlOmM.js +498 -0
- package/dist/exec-defaults-BWb7bhoE.js +2 -0
- package/dist/exec-defaults-CE8PArh-.js +67 -0
- package/dist/execute.runtime-Bhup95bB.js +1359 -0
- package/dist/execute.runtime.js +1 -1
- package/dist/extensionAPI.js +3 -3
- package/dist/extensions/active-memory/index.js +3 -3
- package/dist/extensions/alibaba/index.js +1 -1
- package/dist/extensions/alibaba/video-generation-provider.js +1 -1
- package/dist/extensions/arcee/index.js +2 -2
- package/dist/extensions/bluebubbles/api.js +3 -3
- package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
- package/dist/extensions/browser/browser-bridge.js +1 -1
- package/dist/extensions/browser/browser-config.js +4 -4
- package/dist/extensions/browser/browser-control-auth.js +2 -2
- package/dist/extensions/browser/browser-doctor.js +2 -2
- package/dist/extensions/browser/browser-maintenance.js +2 -2
- package/dist/extensions/browser/browser-profiles.js +2 -2
- package/dist/extensions/browser/browser-runtime-api.js +10 -10
- package/dist/extensions/browser/index.js +1 -1
- package/dist/extensions/browser/plugin-registration.js +1 -1
- package/dist/extensions/browser/register.runtime.js +3 -3
- package/dist/extensions/browser/runtime-api.js +11 -11
- package/dist/extensions/browser/test-support.js +1 -1
- package/dist/extensions/byteplus/index.js +3 -3
- package/dist/extensions/byteplus/video-generation-provider.js +1 -1
- package/dist/extensions/chutes/index.js +4 -4
- package/dist/extensions/cloudflare-ai-gateway/api.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/catalog-provider.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/index.js +2 -2
- package/dist/extensions/comfy/image-generation-provider.js +2 -2
- package/dist/extensions/comfy/index.js +5 -5
- package/dist/extensions/comfy/music-generation-provider.js +1 -1
- package/dist/extensions/comfy/video-generation-provider.js +2 -2
- package/dist/extensions/comfy/workflow-runtime.js +1 -1
- package/dist/extensions/deepseek/index.js +1 -1
- package/dist/extensions/device-pair/api.js +2 -2
- package/dist/extensions/device-pair/index.js +4 -4
- package/dist/extensions/device-pair/notify.js +1 -1
- package/dist/extensions/device-pair/pair-command-approve.js +1 -1
- package/dist/extensions/device-pair/qr-image.js +2 -2
- package/dist/extensions/fal/image-generation-provider.js +1 -1
- package/dist/extensions/fal/index.js +3 -3
- package/dist/extensions/fal/provider-registration.js +1 -1
- package/dist/extensions/fal/test-api.js +2 -2
- package/dist/extensions/fal/video-generation-provider.js +1 -1
- package/dist/extensions/fireworks/index.js +1 -1
- package/dist/extensions/github-copilot/api.js +1 -1
- package/dist/extensions/github-copilot/auth.js +1 -1
- package/dist/extensions/github-copilot/embeddings.js +1 -1
- package/dist/extensions/github-copilot/index.js +4 -4
- package/dist/extensions/github-copilot/login.js +1 -1
- package/dist/extensions/github-copilot/register.runtime.js +2 -2
- package/dist/extensions/google-meet/index.js +6 -6
- package/dist/extensions/groq/index.js +1 -1
- package/dist/extensions/groq/media-understanding-provider.js +1 -1
- package/dist/extensions/groq/test-api.js +1 -1
- package/dist/extensions/huggingface/index.js +1 -1
- package/dist/extensions/image-generation-core/api.js +2 -2
- package/dist/extensions/imessage/api.js +4 -4
- package/dist/extensions/imessage/channel-plugin-api.js +1 -1
- package/dist/extensions/imessage/runtime-api.js +5 -5
- package/dist/extensions/imessage/test-api.js +1 -1
- package/dist/extensions/irc/api.js +2 -2
- package/dist/extensions/irc/channel-plugin-api.js +1 -1
- package/dist/extensions/kilocode/index.js +1 -1
- package/dist/extensions/kimi-coding/index.js +2 -2
- package/dist/extensions/line/api.js +2 -2
- package/dist/extensions/line/channel-plugin-api.js +1 -1
- package/dist/extensions/line/contract-api.js +1 -1
- package/dist/extensions/line/runtime-api.js +4 -4
- package/dist/extensions/line/setup-api.js +1 -1
- package/dist/extensions/litellm/index.js +1 -1
- package/dist/extensions/lmstudio/api.js +2 -2
- package/dist/extensions/lmstudio/index.js +3 -3
- package/dist/extensions/lmstudio/memory-embedding-adapter.js +1 -1
- package/dist/extensions/lmstudio/runtime-api.js +1 -1
- package/dist/extensions/lobster/runtime-api.js +1 -1
- package/dist/extensions/mattermost/api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
- package/dist/extensions/mattermost/policy-api.js +1 -1
- package/dist/extensions/mattermost/runtime-api.js +7 -7
- package/dist/extensions/mattermost/slash-route-api.js +1 -1
- package/dist/extensions/media-understanding-core/runtime-api.js +2 -2
- package/dist/extensions/memory-core/api.js +1 -1
- package/dist/extensions/memory-core/cli-metadata.js +2 -2
- package/dist/extensions/memory-core/index.js +3 -3
- package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
- package/dist/extensions/memory-lancedb/index.js +1 -1
- package/dist/extensions/memory-wiki/cli-metadata.js +1 -1
- package/dist/extensions/memory-wiki/index.js +1 -1
- package/dist/extensions/microsoft/index.js +1 -1
- package/dist/extensions/microsoft/speech-provider.js +1 -1
- package/dist/extensions/microsoft/test-api.js +1 -1
- package/dist/extensions/microsoft-foundry/auth.js +1 -1
- package/dist/extensions/microsoft-foundry/cli.js +1 -1
- package/dist/extensions/microsoft-foundry/index.js +1 -1
- package/dist/extensions/microsoft-foundry/onboard.js +2 -2
- package/dist/extensions/microsoft-foundry/provider.js +1 -1
- package/dist/extensions/microsoft-foundry/runtime.js +1 -1
- package/dist/extensions/microsoft-foundry/shared-runtime.js +2 -2
- package/dist/extensions/microsoft-foundry/shared.js +1 -1
- package/dist/extensions/minimax/image-generation-provider.js +1 -1
- package/dist/extensions/minimax/index.js +6 -6
- package/dist/extensions/minimax/media-understanding-provider.js +1 -1
- package/dist/extensions/minimax/music-generation-provider.js +1 -1
- package/dist/extensions/minimax/oauth.js +1 -1
- package/dist/extensions/minimax/oauth.runtime.js +1 -1
- package/dist/extensions/minimax/provider-registration.js +1 -1
- package/dist/extensions/minimax/speech-provider.js +1 -1
- package/dist/extensions/minimax/test-api.js +4 -4
- package/dist/extensions/minimax/video-generation-provider.js +1 -1
- package/dist/extensions/mistral/index.js +2 -2
- package/dist/extensions/mistral/media-understanding-provider.js +1 -1
- package/dist/extensions/mistral/test-api.js +1 -1
- package/dist/extensions/moonshot/index.js +2 -2
- package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
- package/dist/extensions/moonshot/test-api.js +1 -1
- package/dist/extensions/msteams/api.js +1 -1
- package/dist/extensions/msteams/channel-plugin-api.js +1 -1
- package/dist/extensions/msteams/runtime-api.js +4 -4
- package/dist/extensions/msteams/test-api.js +1 -1
- package/dist/extensions/nextcloud-talk/api.js +1 -1
- package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
- package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
- package/dist/extensions/nvidia/index.js +1 -1
- package/dist/extensions/ollama/api.js +3 -3
- package/dist/extensions/ollama/index.js +9 -9
- package/dist/extensions/ollama/runtime-api.js +2 -2
- package/dist/extensions/ollama/web-search-provider.js +1 -1
- package/dist/extensions/openai/api.js +2 -2
- package/dist/extensions/openai/image-generation-provider.js +1 -1
- package/dist/extensions/openai/index.js +6 -6
- package/dist/extensions/openai/media-understanding-provider.js +1 -1
- package/dist/extensions/openai/openai-codex-provider.js +1 -1
- package/dist/extensions/openai/openai-provider.js +1 -1
- package/dist/extensions/openai/register.runtime.js +4 -4
- package/dist/extensions/openai/test-api.js +3 -3
- package/dist/extensions/openai/video-generation-provider.js +1 -1
- package/dist/extensions/opencode/index.js +2 -2
- package/dist/extensions/opencode/media-understanding-provider.js +1 -1
- package/dist/extensions/opencode-go/index.js +2 -2
- package/dist/extensions/opencode-go/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/api.js +1 -1
- package/dist/extensions/openrouter/image-generation-provider.js +1 -1
- package/dist/extensions/openrouter/index.js +4 -4
- package/dist/extensions/openrouter/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/register.runtime.js +3 -3
- package/dist/extensions/openrouter/test-api.js +2 -2
- package/dist/extensions/openshell/index.js +3 -3
- package/dist/extensions/qianfan/index.js +1 -1
- package/dist/extensions/qwen/index.js +3 -3
- package/dist/extensions/qwen/media-understanding-provider.js +1 -1
- package/dist/extensions/qwen/test-api.js +2 -2
- package/dist/extensions/qwen/video-generation-provider.js +1 -1
- package/dist/extensions/runway/index.js +1 -1
- package/dist/extensions/runway/video-generation-provider.js +1 -1
- package/dist/extensions/signal/api.js +6 -6
- package/dist/extensions/signal/channel-plugin-api.js +1 -1
- package/dist/extensions/signal/reaction-runtime-api.js +1 -1
- package/dist/extensions/signal/runtime-api.js +9 -9
- package/dist/extensions/skill-workshop/api.js +1 -1
- package/dist/extensions/skill-workshop/index.js +2 -2
- package/dist/extensions/speech-core/runtime-api.js +1 -1
- package/dist/extensions/stepfun/index.js +2 -2
- package/dist/extensions/synology-chat/api.js +1 -1
- package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
- package/dist/extensions/synthetic/index.js +1 -1
- package/dist/extensions/talk-voice/index.js +1 -1
- package/dist/extensions/tencent/index.js +2 -2
- package/dist/extensions/thread-ownership/index.js +1 -1
- package/dist/extensions/tlon/api.js +2 -2
- package/dist/extensions/tlon/channel-plugin-api.js +1 -1
- package/dist/extensions/tlon/runtime-api.js +1 -1
- package/dist/extensions/tlon/test-api.js +1 -1
- package/dist/extensions/together/index.js +2 -2
- package/dist/extensions/together/video-generation-provider.js +1 -1
- package/dist/extensions/twitch/api.js +1 -1
- package/dist/extensions/twitch/channel-plugin-api.js +1 -1
- package/dist/extensions/twitch/setup-plugin-api.js +1 -1
- package/dist/extensions/venice/index.js +1 -1
- package/dist/extensions/vercel-ai-gateway/index.js +1 -1
- package/dist/extensions/voice-call/index.js +1 -1
- package/dist/extensions/voice-call/runtime-entry.js +1 -1
- package/dist/extensions/volcengine/index.js +2 -2
- package/dist/extensions/vydra/image-generation-provider.js +1 -1
- package/dist/extensions/vydra/index.js +4 -4
- package/dist/extensions/vydra/video-generation-provider.js +1 -1
- package/dist/extensions/xai/api.js +2 -2
- package/dist/extensions/xai/code-execution.js +2 -2
- package/dist/extensions/xai/image-generation-provider.js +1 -1
- package/dist/extensions/xai/index.js +6 -6
- package/dist/extensions/xai/speech-provider.js +1 -1
- package/dist/extensions/xai/tts.js +1 -1
- package/dist/extensions/xai/video-generation-provider.js +1 -1
- package/dist/extensions/xai/x-search.js +2 -2
- package/dist/extensions/xiaomi/index.js +1 -1
- package/dist/extensions/zai/index.js +2 -2
- package/dist/extensions/zai/media-understanding-provider.js +1 -1
- package/dist/extensions/zai/test-api.js +1 -1
- package/dist/extensions/zalo/api.js +3 -3
- package/dist/extensions/zalo/channel-plugin-api.js +1 -1
- package/dist/extensions/zalo/runtime-api.js +2 -2
- package/dist/extensions/zalo/setup-api.js +2 -2
- package/dist/extensions/zalouser/api.js +3 -3
- package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
- package/dist/extensions/zalouser/runtime-api.js +7 -7
- package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
- package/dist/extensions/zalouser/test-api.js +1 -1
- package/dist/fallbacks-7zSQjTV3.js +31 -0
- package/dist/fallbacks-CZiqVR5O.js +2 -0
- package/dist/fallbacks-shared-ChkX-wC9.js +111 -0
- package/dist/gateway-CHyZ16Py.js +115 -0
- package/dist/gateway-cli-Ddf-bjxV.js +1283 -0
- package/dist/gateway-rpc-DksPpMA7.js +14 -0
- package/dist/gateway-rpc.runtime-BKaQsdOu.js +23 -0
- package/dist/gateway-rpc.runtime.js +1 -1
- package/dist/gateway-runtime-Ca4l5F_e.js +15 -0
- package/dist/gateway-status-CTPWttLS.js +584 -0
- package/dist/genesis-tools-Bkxp7zlI.js +9435 -0
- package/dist/genesis-tools.runtime-BCkQJQBx.js +2 -0
- package/dist/genesis-tools.runtime.js +1 -1
- package/dist/get-reply-HzKdsGO7.js +3946 -0
- package/dist/get-reply-from-config.runtime-C5ISSvQ1.js +2 -0
- package/dist/get-reply-from-config.runtime.js +1 -1
- package/dist/gmail-watcher-lifecycle-BYRHDXCT.js +2 -0
- package/dist/graph-users-BVVUU02O.js +1337 -0
- package/dist/health-3Ot3RyLe.js +420 -0
- package/dist/health-B1Ww7M60.js +3 -0
- package/dist/health-route--L24U5vY.js +2 -0
- package/dist/health-route-DQ3RbNHQ.js +41 -0
- package/dist/hooks-cli-CsJbTM0O.js +433 -0
- package/dist/http-endpoint-helpers-D5HkMFwp.js +41 -0
- package/dist/http-utils-LFOvdepz.js +924 -0
- package/dist/image-fallbacks--ElXneWp.js +31 -0
- package/dist/image-fallbacks-D3vJILOu.js +2 -0
- package/dist/image-generation-core-DasXukAP.js +18 -0
- package/dist/image-generation-core.auth.runtime.js +1 -1
- package/dist/image-generation-provider-BUYDznhO.js +157 -0
- package/dist/image-generation-provider-CZsEm9qP.js +137 -0
- package/dist/image-generation-provider-DfAtOfEj.js +95 -0
- package/dist/image-generation-provider-Dksuo9OZ.js +529 -0
- package/dist/image-generation-provider-TlVk_XqK.js +63 -0
- package/dist/image-generation-provider-YwugArNw.js +274 -0
- package/dist/image-generation-provider-bWlq5yUE.js +228 -0
- package/dist/image-runtime-CswgJNvs.js +9 -0
- package/dist/inbound-reply-dispatch-B7wRXjgc.js +73 -0
- package/dist/inbound.runtime-Bw0JSbxR.js +4 -0
- package/dist/inbound.runtime-DjvZZHXI.js +3 -0
- package/dist/inbound.runtime.js +1 -1
- package/dist/index.js +2 -2
- package/dist/infra-runtime-CBfd1WMP.js +38 -0
- package/dist/init-D0hOJH3x.js +59 -0
- package/dist/install-CYvCH-s3.js +726 -0
- package/dist/install-security-scan-B7ZoC2Vw.js +26 -0
- package/dist/install-security-scan.runtime-iZsF-J1u.js +671 -0
- package/dist/install-security-scan.runtime.js +1 -1
- package/dist/install.runtime-BAqg9YWO.js +27 -0
- package/dist/install.runtime-Cc9Bf7A6.js +12 -0
- package/dist/install.runtime.js +1 -1
- package/dist/jobs-BIi6klWl.js +729 -0
- package/dist/library-oLeJ7WB2.js +45 -0
- package/dist/lifecycle-CeE5vcbI.js +571 -0
- package/dist/lifecycle-CqOQyQkN.js +229 -0
- package/dist/lifecycle.runtime-3bkEDR0o.js +2 -0
- package/dist/lifecycle.runtime.js +1 -1
- package/dist/list-C3cLeCpB.js +2 -0
- package/dist/list-CcZ_ONLT.js +2 -0
- package/dist/list-DUXsFAZJ.js +1212 -0
- package/dist/list-gnrIqPtd.js +131 -0
- package/dist/list.probe-BwRgShwM.js +419 -0
- package/dist/live-model-switch-CWgg2Ggb.js +336 -0
- package/dist/llm-slug-generator-BkDTThCe.js +79 -0
- package/dist/llm-slug-generator.js +1 -1
- package/dist/load-config-CfZQrUUz.js +35 -0
- package/dist/loader-DsEya2Rd.js +222 -0
- package/dist/local-dispatch.runtime-CtXGZ70F.js +8 -0
- package/dist/local-dispatch.runtime.js +1 -1
- package/dist/login-M0JiZwmc.js +108 -0
- package/dist/logs-cli-zd_9yCKn.js +265 -0
- package/dist/logs-cli.runtime-BWvHh5zg.js +2 -0
- package/dist/logs-cli.runtime.js +1 -1
- package/dist/main-session-restart-recovery-Bnvjo9E1.js +206 -0
- package/dist/managed-image-attachments-Cib67JTY.js +2 -0
- package/dist/managed-image-attachments-Pl-_Wh-s.js +635 -0
- package/dist/manager-CfFNGdWA.js +2057 -0
- package/dist/manager-TXSNaq3B.js +2 -0
- package/dist/markdown-to-line-C83mDLjZ.js +790 -0
- package/dist/mcp/plugin-tools-serve.js +1 -1
- package/dist/mcp-cli-CNy5N1fa.js +725 -0
- package/dist/mcp-http-Cp3nlyRC.js +529 -0
- package/dist/mcp-oauth-embedded.runtime-Bg_5jTnW.js +111 -0
- package/dist/mcp-oauth-embedded.runtime.js +1 -0
- package/dist/media-runtime-BetXjDy_.js +329 -0
- package/dist/media-understanding-PrCTBqs6.js +85 -0
- package/dist/media-understanding-provider-BOJyh6FF.js +85 -0
- package/dist/media-understanding-provider-BQqWS6FP.js +18 -0
- package/dist/media-understanding-provider-BVI5_wpJ.js +12 -0
- package/dist/media-understanding-provider-BvANUUsD.js +37 -0
- package/dist/media-understanding-provider-CmJsqky4.js +69 -0
- package/dist/media-understanding-provider-D160isav.js +28 -0
- package/dist/media-understanding-provider-DLdtS2i0.js +12 -0
- package/dist/media-understanding-provider-DbYma1pc.js +21 -0
- package/dist/media-understanding-provider-DgKlDcus.js +18 -0
- package/dist/media-understanding-provider-Dt4kGn2a.js +13 -0
- package/dist/media-understanding-runtime-7Pt0cFob.js +2 -0
- package/dist/memory-core-host-runtime-cli-BegfMQ60.js +9 -0
- package/dist/memory-embedding-adapter-bqPa42NQ.js +123 -0
- package/dist/memory-host-search-595fbsH5.js +12 -0
- package/dist/memory-host-search.runtime.js +1 -1
- package/dist/message-BEIYueeC.js +232 -0
- package/dist/message-action-runner-BMAw7gfU.js +2 -0
- package/dist/message-action-runner-DbqkVVXA.js +1407 -0
- package/dist/message-actions-CagfUya_.js +143 -0
- package/dist/message.config.runtime.js +1 -1
- package/dist/message.gateway.runtime-8N00rzUd.js +2 -0
- package/dist/message.gateway.runtime.js +1 -1
- package/dist/method-scopes-TWVLEUXZ.js +239 -0
- package/dist/model-picker-DJQ_lN5J.js +3 -0
- package/dist/model-picker-f_kmCGgt.js +559 -0
- package/dist/model-picker.runtime-Bua1ZV3T.js +15 -0
- package/dist/model-picker.runtime.js +1 -1
- package/dist/model-selection-DRe0f5zo.js +212 -0
- package/dist/models-auth-status-dUVFT_f1.js +217 -0
- package/dist/models-cli-VqeddndJ.js +271 -0
- package/dist/models-http-PC5-c2lS.js +92 -0
- package/dist/models.fetch-CsIbuvYn.js +518 -0
- package/dist/monitor-BgwZHXAs.js +2 -0
- package/dist/monitor-BrGXztev.js +1661 -0
- package/dist/monitor-DXqHkIkY.js +788 -0
- package/dist/monitor-DoS0pnRS.js +671 -0
- package/dist/monitor-SUo0OdqH.js +1459 -0
- package/dist/monitor-auth-BjLpAGxu.js +207 -0
- package/dist/monitor-hVTP1bQv.js +1237 -0
- package/dist/monitor-processing-CIokCAUz.js +1974 -0
- package/dist/monitor.runtime-BU4RKNXx.js +2 -0
- package/dist/monitor.runtime.js +1 -1
- package/dist/monitor.webhook-DaTTjWrL.js +180 -0
- package/dist/msteams-CmdWCuQl.js +35 -0
- package/dist/music-generation-provider-D1C-gv82.js +63 -0
- package/dist/music-generation-provider-Da4aNlMi.js +170 -0
- package/dist/native-hook-relay-Crk4McKb.js +519 -0
- package/dist/nextcloud-talk-D23cNPfx.js +17 -0
- package/dist/node-cli-DQ2FAUD5.js +2276 -0
- package/dist/nodes-cli-rSfhRw3_.js +1046 -0
- package/dist/nodes-utils-DlayGjaD.js +84 -0
- package/dist/nodes.helpers-DDUs18Tb.js +34 -0
- package/dist/notify-BSOvLWmd.js +315 -0
- package/dist/oauth-CMgJwuws.js +2 -0
- package/dist/oauth-CkVdnYWF.js +152 -0
- package/dist/oauth-DyK5hAZs.js +139 -0
- package/dist/oauth-OBOUymgi.js +75 -0
- package/dist/oauth.flow-BLoyN3lV.js +3 -0
- package/dist/oauth.flow-DH06lWCO.js +45 -0
- package/dist/onboard-C-WpjREP.js +316 -0
- package/dist/onboard-CpNpQ0N8.js +70 -0
- package/dist/onboard-channels-BeLqCc-3.js +2 -0
- package/dist/onboard-channels-DvKo0QB_.js +3 -0
- package/dist/onboard-custom-BXb7qIWz.js +3 -0
- package/dist/onboard-custom-ClkyPqIy.js +271 -0
- package/dist/onboard-helpers-BSqq4yEX.js +204 -0
- package/dist/onboard-helpers-Cw8cHMwk.js +6 -0
- package/dist/onboard-interactive-CIJMPUNi.js +24 -0
- package/dist/onboard-non-interactive-CCGFunM1.js +635 -0
- package/dist/onboard-remote-BIFjzB0v.js +193 -0
- package/dist/onboard-remote-DdfKS44K.js +2 -0
- package/dist/onboard-skills-C9Oz7pMM.js +134 -0
- package/dist/onboard-skills-DFZIuIBM.js +2 -0
- package/dist/onboard-ygfHgwjs.js +2 -0
- package/dist/onboarding-plugin-install-CSJX8VZv.js +406 -0
- package/dist/openai-codex-provider-ChrCVEw6.js +472 -0
- package/dist/openai-http-V8-EZ-Tx.js +500 -0
- package/dist/openai-provider-CBFc7f3l.js +313 -0
- package/dist/opencode-D8fX4akZ.js +35 -0
- package/dist/openresponses-http-B2Z5eD7p.js +1128 -0
- package/dist/operator-approvals-client-DcLaJSYz.js +68 -0
- package/dist/outbound-runtime-BcayPyTD.js +5 -0
- package/dist/outbound.runtime-BioZr0Xk.js +2 -0
- package/dist/outbound.runtime.js +1 -1
- package/dist/pair-command-approve-CKQ5PFPa.js +44 -0
- package/dist/persistent-bindings.lifecycle-Cc3nJyXl.js +2 -0
- package/dist/persistent-bindings.lifecycle-DMUm3wFX.js +85 -0
- package/dist/pi-bundle-mcp-runtime-BxuXFq8N.js +2 -0
- package/dist/pi-bundle-mcp-runtime-ZvnA7GLK.js +854 -0
- package/dist/pi-bundle-mcp-tools-Cq0oKMGx.js +108 -0
- package/dist/pi-embedded-DLQZrdL6.js +2905 -0
- package/dist/pi-embedded-kfFiSGXN.js +4 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-DRkY_7mg.js +23 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime.js +1 -1
- package/dist/pi-embedded.runtime-DXAilonb.js +4 -0
- package/dist/pi-embedded.runtime.js +1 -1
- package/dist/pi-tool-definition-adapter-D5M4iVmd.js +229 -0
- package/dist/pi-tools-CymfaKhy.js +1118 -0
- package/dist/pi-tools.before-tool-call-CBjigYgQ.js +2 -0
- package/dist/pi-tools.before-tool-call-CrhLIm2q.js +433 -0
- package/dist/plugin-DJ_g-ddv.js +12195 -0
- package/dist/plugin-enabled-CqvTLQjg.js +140 -0
- package/dist/plugin-install-DwdyYiEf.js +115 -0
- package/dist/plugin-install-config-policy-BGQ3WzJO.js +137 -0
- package/dist/plugin-install-ldcXmOz8.js +2 -0
- package/dist/plugin-install-plan-DXvNElN2.js +50 -0
- package/dist/plugin-registration-awDDNZjN.js +23 -0
- package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
- package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
- package/dist/plugin-sdk/acp-runtime.js +3 -3
- package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
- package/dist/plugin-sdk/agent-harness.js +7 -7
- package/dist/plugin-sdk/agent-runtime.js +2 -2
- package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
- package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
- package/dist/plugin-sdk/approval-runtime.js +1 -1
- package/dist/plugin-sdk/browser-node-runtime.js +4 -4
- package/dist/plugin-sdk/browser-setup-tools.js +3 -3
- package/dist/plugin-sdk/browser-support.js +7 -7
- package/dist/plugin-sdk/channel-core.js +2 -2
- package/dist/plugin-sdk/channel-inbound.js +3 -3
- package/dist/plugin-sdk/command-auth.js +2 -2
- package/dist/plugin-sdk/command-status-runtime.js +1 -1
- package/dist/plugin-sdk/compat.js +1 -1
- package/dist/plugin-sdk/config-runtime.js +3 -3
- package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
- package/dist/plugin-sdk/conversation-runtime.js +4 -4
- package/dist/plugin-sdk/core.js +2 -2
- package/dist/plugin-sdk/direct-dm.js +1 -1
- package/dist/plugin-sdk/gateway-runtime.js +3 -3
- package/dist/plugin-sdk/image-generation-core.js +2 -2
- package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
- package/dist/plugin-sdk/index.js +1 -1
- package/dist/plugin-sdk/infra-runtime.js +2 -2
- package/dist/plugin-sdk/irc.js +2 -2
- package/dist/plugin-sdk/matrix.js +1 -1
- package/dist/plugin-sdk/mattermost.js +2 -2
- package/dist/plugin-sdk/media-runtime.js +5 -5
- package/dist/plugin-sdk/media-understanding-runtime.js +2 -2
- package/dist/plugin-sdk/media-understanding.js +2 -2
- package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
- package/dist/plugin-sdk/memory-core.js +2 -2
- package/dist/plugin-sdk/memory-host-search.js +1 -1
- package/dist/plugin-sdk/msteams.js +3 -3
- package/dist/plugin-sdk/nextcloud-talk.js +2 -2
- package/dist/plugin-sdk/nostr.js +1 -1
- package/dist/plugin-sdk/opencode.js +1 -1
- package/dist/plugin-sdk/outbound-runtime.js +2 -2
- package/dist/plugin-sdk/provider-auth-api-key.js +2 -2
- package/dist/plugin-sdk/provider-auth-login.js +1 -1
- package/dist/plugin-sdk/provider-auth.js +2 -2
- package/dist/plugin-sdk/provider-entry.js +1 -1
- package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
- package/dist/plugin-sdk/reply-runtime.js +4 -4
- package/dist/plugin-sdk/runtime-doctor.js +1 -1
- package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
- package/dist/plugin-sdk/runtime.js +3 -3
- package/dist/plugin-sdk/sandbox.js +1 -1
- package/dist/plugin-sdk/session-store-runtime.js +1 -1
- package/dist/plugin-sdk/session-visibility.js +1 -1
- package/dist/plugin-sdk/skill-commands-runtime.js +1 -1
- package/dist/plugin-sdk/src/config/types.mcp.d.ts +13 -0
- package/dist/plugin-sdk/src/gateway/protocol/index.d.ts +29 -3
- package/dist/plugin-sdk/src/gateway/protocol/schema/mcp.d.ts +52 -0
- package/dist/plugin-sdk/src/gateway/protocol/schema/protocol-schemas.d.ts +52 -0
- package/dist/plugin-sdk/src/gateway/protocol/schema/types.d.ts +8 -0
- package/dist/plugin-sdk/testing.js +4 -4
- package/dist/plugin-sdk/tlon.js +1 -1
- package/dist/plugin-sdk/zalo.js +1 -1
- package/dist/plugin-sdk/zalouser.js +1 -1
- package/dist/plugin-service-Bcg-shsL.js +2893 -0
- package/dist/plugins/runtime/index.js +1 -1
- package/dist/plugins-cli-CUZMkYFB.js +584 -0
- package/dist/plugins-command-helpers-BGFL7yp7.js +107 -0
- package/dist/plugins-install-persist-Cp8tSsno.js +133 -0
- package/dist/plugins-update-command-Ds_N9qES.js +1057 -0
- package/dist/policy-DIf26_n6.js +328 -0
- package/dist/postinstall-inventory.json +711 -709
- package/dist/prepare.runtime-DCLXK1uq.js +807 -0
- package/dist/prepare.runtime.js +1 -1
- package/dist/probe-0w9S79sF.js +45 -0
- package/dist/probe-B1L2nZVS.js +243 -0
- package/dist/probe-BQT29JH7.js +74 -0
- package/dist/probe-CB6KR9ri.js +240 -0
- package/dist/probe-CWtFr2jl.js +2 -0
- package/dist/probe-CcBuLmYT.js +2205 -0
- package/dist/probe-DYqlJBSk.js +2 -0
- package/dist/probe-_IUalbC8.js +1443 -0
- package/dist/program-sXJs6Lyj.js +111 -0
- package/dist/prompt-select-styled-jucMgA5f.js +20 -0
- package/dist/protocol-DgMCJAA_.js +2586 -0
- package/dist/provider-BSqWTcoz.js +70 -0
- package/dist/provider-api-key-auth-C92t3JTu.js +131 -0
- package/dist/provider-api-key-auth.runtime.js +1 -1
- package/dist/provider-auth-api-key-zf0PU9U_.js +5 -0
- package/dist/provider-auth-choice-palZRKPG.js +228 -0
- package/dist/provider-auth-hCEy91hA.js +46 -0
- package/dist/provider-auth-login-D4MC4bs_.js +8 -0
- package/dist/provider-auth-login.runtime.js +1 -1
- package/dist/provider-dispatcher-9z9Dw59_.js +2 -0
- package/dist/provider-dispatcher-DyQNST2Z.js +22 -0
- package/dist/provider-entry-DZDgzWTU.js +106 -0
- package/dist/provider-model-defaults-DC1PMV0H.js +6 -0
- package/dist/provider-registration-BSHUosM7.js +218 -0
- package/dist/provider-registration-CA9-PRDk.js +37 -0
- package/dist/qr-cli-Dwc3sjiV.js +2 -0
- package/dist/qr-cli-hTiyQbbK.js +349 -0
- package/dist/qr-image-BDoVY1GF.js +2 -0
- package/dist/queue-BljsBBtU.js +409 -0
- package/dist/reaction-runtime-api-Q9NHKbpw.js +116 -0
- package/dist/reactions-DGczAFsd.js +998 -0
- package/dist/read-capability-YFf_CDLF.js +412 -0
- package/dist/register-service-commands-Dxwl01rR.js +71 -0
- package/dist/register.agent-Drovpr_f.js +248 -0
- package/dist/register.configure-BzQtmjqp.js +15 -0
- package/dist/register.maintenance-PRykY6qq.js +363 -0
- package/dist/register.message-Dw6OLnap.js +329 -0
- package/dist/register.onboard-CB7aqo8I.js +88 -0
- package/dist/register.runtime-5QpZP1PI.js +81 -0
- package/dist/register.runtime.js +1 -1
- package/dist/register.setup-GLc__3H1.js +150 -0
- package/dist/register.status-health-sessions-DuQnS6V7.js +1215 -0
- package/dist/register.subclis-Bupq6ckp.js +3 -0
- package/dist/register.subclis-Df0YvsXg.js +29 -0
- package/dist/register.subclis-core-CK63Nor4.js +249 -0
- package/dist/reply-dispatch-runtime-D63ANCTQ.js +13 -0
- package/dist/reply-media-paths.runtime-C6-V86g1.js +146 -0
- package/dist/reply-media-paths.runtime-Cmms8y5S.js +2 -0
- package/dist/reply-media-paths.runtime.js +1 -1
- package/dist/reply-runtime-CLq8xugv.js +10 -0
- package/dist/reply.runtime-FitoWYiX.js +2 -0
- package/dist/reply.runtime.js +1 -1
- package/dist/resolve-BHmKuinY.js +259 -0
- package/dist/response-generator-BxzbAKHi.js +175 -0
- package/dist/restart-health-CNE6ENF8.js +202 -0
- package/dist/restart-health-DriNCEEo.js +2 -0
- package/dist/root-help-BsG62TUK.js +44 -0
- package/dist/route-reply-EPkWewCQ.js +162 -0
- package/dist/route-reply.runtime-Rem8ixbJ.js +2 -0
- package/dist/route-reply.runtime.js +1 -1
- package/dist/routes-B8SmZM_C.js +3341 -0
- package/dist/routes-CVtIuQaj.js +2 -0
- package/dist/rpc-AJw8-VEF.js +61 -0
- package/dist/rpc.runtime-NzXXr3IH.js +21 -0
- package/dist/rpc.runtime.js +1 -1
- package/dist/run-auth-profile.runtime-DrFMFMa5.js +2 -0
- package/dist/run-auth-profile.runtime.js +1 -1
- package/dist/run-delivery.runtime-DDc5pTuc.js +530 -0
- package/dist/run-delivery.runtime.js +1 -1
- package/dist/run-embedded.runtime-BlLE0DKl.js +4 -0
- package/dist/run-embedded.runtime.js +1 -1
- package/dist/run-execution-cli.runtime-Dx9bn2nL.js +4 -0
- package/dist/run-execution-cli.runtime.js +1 -1
- package/dist/run-executor.runtime-Bx0-xr66.js +277 -0
- package/dist/run-executor.runtime.js +1 -1
- package/dist/run-main-Q7WXDun9.js +567 -0
- package/dist/run-subagent-registry.runtime-DN441nGA.js +2 -0
- package/dist/run-subagent-registry.runtime.js +1 -1
- package/dist/run-wait-DOOBZLr5.js +135 -0
- package/dist/runner-B8D0Coak.js +966 -0
- package/dist/runner.entries-DZUGr24v.js +604 -0
- package/dist/runtime-B56xKFjA.js +9 -0
- package/dist/runtime-BshnyUPo.js +116 -0
- package/dist/runtime-CnTeeNB7.js +72 -0
- package/dist/runtime-D--xK0Me.js +961 -0
- package/dist/runtime-DFBduVee.js +2 -0
- package/dist/runtime-api-BGOAhjcp.js +9 -0
- package/dist/runtime-api-CcUMXjjy.js +14 -0
- package/dist/runtime-api-L9lB-rDz.js +4 -0
- package/dist/runtime-api-ap0gPIKQ.js +9 -0
- package/dist/runtime-co7Um4tt.js +263 -0
- package/dist/runtime-embedded-pi.runtime-CQ5TsVlh.js +2 -0
- package/dist/runtime-embedded-pi.runtime.js +1 -1
- package/dist/runtime-entry-g38-J35c.js +2769 -0
- package/dist/runtime-internal-DwAoh64o.js +2 -0
- package/dist/runtime-manifest.runtime.js +1 -1
- package/dist/runtime-options-CtF_gotz.js +275 -0
- package/dist/runtime-prepare.runtime-DAaAh4tU.js +80 -0
- package/dist/runtime-prepare.runtime.js +1 -1
- package/dist/runtime-schema-7aqYdEly.js +28599 -0
- package/dist/runtime-web-tools-DpTEm5uJ.js +1477 -0
- package/dist/runtime-web-tools-fallback.runtime.js +1 -1
- package/dist/runtime-web-tools-manifest.runtime.js +1 -1
- package/dist/runtime-web-tools-public-artifacts.runtime.js +1 -1
- package/dist/sandbox-DjUUwvID.js +3 -0
- package/dist/sandbox-IL2pQunA.js +1156 -0
- package/dist/sandbox-cli-C75oWfKU.js +450 -0
- package/dist/scan-BmfJ_GUd.js +2 -0
- package/dist/scan-BwUXPVa4.js +523 -0
- package/dist/secrets-cli-Byrmt5p3.js +2101 -0
- package/dist/security-cli-Cb_qzWSU.js +486 -0
- package/dist/selection-BaZ-7Sz6.js +2 -0
- package/dist/selection-C8rwxPqg.js +7743 -0
- package/dist/send-C3Ht9Buu.js +102 -0
- package/dist/send-NpRBz3rn.js +156 -0
- package/dist/send.runtime-Buvd_P2p.js +2 -0
- package/dist/send.runtime.js +1 -1
- package/dist/server-B8tim7RO.js +13 -0
- package/dist/server-ClAvfJJm.js +77 -0
- package/dist/server-context-Dl7OQ56d.js +2 -0
- package/dist/server-context-F2Jh0JBO.js +847 -0
- package/dist/server-node-events-Db8SbNO0.js +474 -0
- package/dist/server-plugin-bootstrap-DxpFA7AU.js +13703 -0
- package/dist/server-plugin-bootstrap-t6Z_tN0J.js +2 -0
- package/dist/server-restart-sentinel-VLhFJOy5.js +684 -0
- package/dist/server.impl-BNDZK6Lv.js +12804 -0
- package/dist/session-BThNEh5u.js +48 -0
- package/dist/session-archive.runtime.js +1 -1
- package/dist/session-envelope-tBfpcRRu.js +18 -0
- package/dist/session-key-De2wQZ8k.js +65 -0
- package/dist/session-kill-http-C35_XMK_.js +110 -0
- package/dist/session-meta-Bpv85XpZ.js +109 -0
- package/dist/session-override-dIx8boay.js +106 -0
- package/dist/session-reset-model.runtime-BY5KYxcY.js +133 -0
- package/dist/session-reset-model.runtime.js +1 -1
- package/dist/session-reset-service-Cs7o8vTZ.js +497 -0
- package/dist/session-route-DwjrtcvV.js +93 -0
- package/dist/session-status.runtime-Cp9hECfs.js +2 -0
- package/dist/session-status.runtime.js +1 -1
- package/dist/session-store-DT5H5NRv.js +126 -0
- package/dist/session-store.runtime-CoRuKMfZ.js +2 -0
- package/dist/session-store.runtime.js +1 -1
- package/dist/session-subagent-reactivation.runtime-3hC6cwVh.js +2 -0
- package/dist/session-subagent-reactivation.runtime.js +1 -1
- package/dist/session-tab-registry-BHn1P3lZ.js +581 -0
- package/dist/session-updates-CHKrFM9H.js +236 -0
- package/dist/session-updates.runtime-CqylTFnb.js +2 -0
- package/dist/session-updates.runtime.js +1 -1
- package/dist/session-utils-otyfumhD.js +1009 -0
- package/dist/session-visibility-C5yhLdDZ.js +147 -0
- package/dist/sessions-BjHLgqjt.js +2 -0
- package/dist/sessions-C1_80mqv.js +48 -0
- package/dist/sessions-DjIcw5uP.js +281 -0
- package/dist/sessions-helpers-C_xGZAo7.js +305 -0
- package/dist/sessions-history-http-CQ-Ga5H3.js +371 -0
- package/dist/sessions-patch-XzBTc4fY.js +309 -0
- package/dist/sessions-resolve-CF4QOXiX.js +174 -0
- package/dist/sessions-w6UJYMea.js +16 -0
- package/dist/sessions.runtime-CEV3VtEH.js +2 -0
- package/dist/sessions.runtime.js +1 -1
- package/dist/setup-BrkQiUrj.js +421 -0
- package/dist/setup-D218KRK6.js +636 -0
- package/dist/setup-api-BvHlVezg.js +29 -0
- package/dist/setup-core-BjceveVY.js +171 -0
- package/dist/setup-core-CxDIk2Qq.js +176 -0
- package/dist/setup-surface-6hnrFGJ3.js +286 -0
- package/dist/setup-surface-BBDyg26_.js +219 -0
- package/dist/setup-surface-HREO9zEo.js +403 -0
- package/dist/setup.finalize-CAJxf_Mm.js +547 -0
- package/dist/setup.gateway-config-g6JfCjT4.js +250 -0
- package/dist/shared-CJ2_38Ar.js +198 -0
- package/dist/shared-CecRnN5i.js +76 -0
- package/dist/shared-G254rWzJ.js +217 -0
- package/dist/shared-Zan1S92i.js +121 -0
- package/dist/shared-runtime-CKzUXuwN.js +7 -0
- package/dist/skill-commands-DWC_vZ-J.js +83 -0
- package/dist/skill-commands.runtime-BMmD4lyW.js +2 -0
- package/dist/skill-commands.runtime.js +1 -1
- package/dist/skills-install-Bpfq1PgX.js +605 -0
- package/dist/skills-snapshot.runtime-uSs9vmlj.js +7 -0
- package/dist/skills-snapshot.runtime.js +1 -1
- package/dist/slash-state-EXy1B2EX.js +1911 -0
- package/dist/speech-provider-CcbYv8ap.js +216 -0
- package/dist/speech-provider-Cr1h-_-X.js +170 -0
- package/dist/speech-provider-Gif_hcpc.js +209 -0
- package/dist/src-Dda8Fvmo.js +3974 -0
- package/dist/stage-sandbox-media.runtime-_FkeTCA0.js +232 -0
- package/dist/stage-sandbox-media.runtime.js +1 -1
- package/dist/startup-context-BLtyYbKu.js +312 -0
- package/dist/state-migrations-BXYrr3Hc.js +820 -0
- package/dist/status-B1RXiDvc.js +3 -0
- package/dist/status-B4tnoXkV.js +2 -0
- package/dist/status-BWXZC-dF.js +2 -0
- package/dist/status-CUZkKe39.js +62 -0
- package/dist/status-DNnTegVL.js +395 -0
- package/dist/status-G3Z29Cb_.js +190 -0
- package/dist/status-all-pjolmMGB.js +498 -0
- package/dist/status-json-BKR5uVlE.js +14 -0
- package/dist/status-json-command-DuIQ8dNz.js +82 -0
- package/dist/status-message-CZyHmUQr.js +466 -0
- package/dist/status-message.runtime-C1I59_ay.js +6 -0
- package/dist/status-message.runtime.js +1 -1
- package/dist/status-n2SrcSeP.js +209 -0
- package/dist/status-queue.runtime-k2kdii3C.js +2 -0
- package/dist/status-queue.runtime.js +1 -1
- package/dist/status-runtime-shared-9akPh3OB.js +241 -0
- package/dist/status-subagents.runtime-C-2-94r7.js +18 -0
- package/dist/status-subagents.runtime.js +1 -1
- package/dist/status-text-DY-AMW7D.js +237 -0
- package/dist/status.gateway-connection.runtime-CGwlyVSQ.js +2 -0
- package/dist/status.gateway-connection.runtime.js +1 -1
- package/dist/status.gather-C17tVkff.js +2 -0
- package/dist/status.gather-CGXwFKnq.js +292 -0
- package/dist/status.runtime-DdcRs0mC.js +2 -0
- package/dist/status.runtime-L3R8cOql.js +2 -0
- package/dist/status.runtime.js +1 -1
- package/dist/status.scan-BSIqJF_S.js +65 -0
- package/dist/status.scan-overview-CbwLYoIT.js +379 -0
- package/dist/status.scan.fast-json-BnpfFSN8.js +2 -0
- package/dist/status.scan.fast-json-W54JDFUy.js +132 -0
- package/dist/status.summary-CeaTG93y.js +2 -0
- package/dist/status.summary-LPaYBiqB.js +200 -0
- package/dist/store-BtHVDH2Q.js +910 -0
- package/dist/store-Qn6Vf7Ma.js +4 -0
- package/dist/store.runtime-Dd3L_GjJ.js +2 -0
- package/dist/store.runtime.js +1 -1
- package/dist/stream-CImPPcyN.js +664 -0
- package/dist/subagent-announce-Dn5xl49E.js +351 -0
- package/dist/subagent-announce-delivery-CpVHT0KZ.js +726 -0
- package/dist/subagent-announce-output-Ba8GDqQZ.js +364 -0
- package/dist/subagent-capabilities-DN1kjzNE.js +251 -0
- package/dist/subagent-control-Clm3gsra.js +506 -0
- package/dist/subagent-control.runtime-D9vrLexA.js +3 -0
- package/dist/subagent-control.runtime.js +1 -1
- package/dist/subagent-followup.runtime-OlILj5hg.js +68 -0
- package/dist/subagent-followup.runtime.js +1 -1
- package/dist/subagent-orphan-recovery-Dqi7ktSy.js +305 -0
- package/dist/subagent-registry-BfT1dA_H.js +3 -0
- package/dist/subagent-registry-DsOeyo6i.js +1753 -0
- package/dist/subagent-registry.runtime.js +1 -1
- package/dist/subagent-spawn-IMKDJ_Ai.js +1005 -0
- package/dist/supervisor-DgpKTzey.js +704 -0
- package/dist/supervisor-log.runtime.js +1 -1
- package/dist/system-cli-QcbUPgUP.js +43 -0
- package/dist/targets-rJXMe19f.js +67 -0
- package/dist/targets.runtime.js +1 -1
- package/dist/task-executor-CT_QfGPJ.js +360 -0
- package/dist/task-owner-access-Bm14vxJa.js +74 -0
- package/dist/task-registry-D6gK7iIt.js +2357 -0
- package/dist/task-registry-delivery-runtime-CDAeASdU.js +2 -0
- package/dist/task-registry-delivery-runtime-CeWw5kdc.js +3 -0
- package/dist/task-registry.maintenance-B5hpULqB.js +416 -0
- package/dist/task-registry.maintenance-DZFQCCjc.js +2 -0
- package/dist/telegram/token.js +2 -2
- package/dist/testing-B2Y0vJ76.js +575 -0
- package/dist/text-report-0Q8c04if.js +549 -0
- package/dist/tool-auth-shared-Ca0wddYT.js +90 -0
- package/dist/tool-policy-pipeline-BLtvEs31.js +109 -0
- package/dist/tool-resolution-CHcj9HdC.js +90 -0
- package/dist/tools-effective-inventory-Giuks2Dt.js +152 -0
- package/dist/tools-invoke-http-FlaWbmCS.js +206 -0
- package/dist/transcript-resolve.runtime-wnJiuCEb.js +2 -0
- package/dist/transcript-resolve.runtime.js +1 -1
- package/dist/transcript-yKXsllQ2.js +312 -0
- package/dist/transcript.runtime-CmcFZQq0.js +2 -0
- package/dist/transcript.runtime.js +1 -1
- package/dist/trash-BzlpkaUi.js +24 -0
- package/dist/tts-BG_1G2S6.js +64 -0
- package/dist/tui-cli-B9Emgd5Q.js +4585 -0
- package/dist/uninstall-B6U2msaD.js +185 -0
- package/dist/update-BjKPsXUk.js +1282 -0
- package/dist/update-cli-ln47pDmA.js +1759 -0
- package/dist/update-startup-Xs6Edz-d.js +2 -0
- package/dist/upgrade-Ctu4zfU3.js +1226 -0
- package/dist/video-generation-provider-B0W1RcQj.js +264 -0
- package/dist/video-generation-provider-B2XcJK8B.js +221 -0
- package/dist/video-generation-provider-BJt8-Jzh.js +254 -0
- package/dist/video-generation-provider-Bsz88Y8I.js +78 -0
- package/dist/video-generation-provider-CmN0n1aP.js +271 -0
- package/dist/video-generation-provider-DKFpHGWz.js +64 -0
- package/dist/video-generation-provider-LgYMFJAm.js +281 -0
- package/dist/video-generation-provider-j1OQMvjr2.js +77 -0
- package/dist/video-generation-provider-lI_tgIiA.js +287 -0
- package/dist/video-generation-provider-uVzVbp2s.js +118 -0
- package/dist/video-generation-provider-xQ4AZkeK.js +187 -0
- package/dist/video-generation-task-status-AzBxxMK4.js +163 -0
- package/dist/wait-for-idle-before-flush-D4a3dGVX.js +6025 -0
- package/dist/web-search-provider-Bt8NRG25.js +163 -0
- package/dist/wizard-models-DpLispoG.js +334 -0
- package/dist/workflow-runtime-C0jGj382.js +485 -0
- package/package.json +1 -1
- package/dist/abort-DUTWX49H.js +0 -201
- package/dist/abort-cutoff.runtime-oLWHRfE6.js +0 -20
- package/dist/abort.runtime-B1CZPj3m.js +0 -2
- package/dist/accounts-DFJuQd32.js +0 -107
- package/dist/accounts-VbCry_MV.js +0 -104
- package/dist/accounts-ZduaK0fO.js +0 -2
- package/dist/acp-cli-Cyqn8a7z.js +0 -2217
- package/dist/acp-spawn-B1O0qwkN.js +0 -2
- package/dist/acp-spawn-C2eEj7wR.js +0 -1042
- package/dist/acp-stateful-target-driver-BKL2flGw.js +0 -89
- package/dist/action-agents-C9zs0A_N.js +0 -67
- package/dist/action-focus-Dj2trHbP.js +0 -132
- package/dist/action-help-ENFS-VRC.js +0 -7
- package/dist/action-info-IKxta-Me.js +0 -101
- package/dist/action-kill-CJGjsHX-.js +0 -33
- package/dist/action-list-ChLdMXon.js +0 -21
- package/dist/action-log-CdeugqCO.js +0 -30
- package/dist/action-send-BvUjnmVw.js +0 -39
- package/dist/action-spawn-Xq0DpbW7.js +0 -47
- package/dist/action-unfocus-DfcihOhT.js +0 -29
- package/dist/actions.runtime-CTjuTpQ1.js +0 -18
- package/dist/actions.runtime-Dp93aqpg.js +0 -5
- package/dist/agent-DQZeYp3u.js +0 -2
- package/dist/agent-command-CynPQd5_.js +0 -874
- package/dist/agent-harness-runtime-D9PrghSe.js +0 -144
- package/dist/agent-runner-utils-CwDT31Pp.js +0 -239
- package/dist/agent-runner.runtime-kH3GCoKg.js +0 -3443
- package/dist/agent-runtime-BSwK1sup.js +0 -18
- package/dist/agents-C9BmPj-C.js +0 -954
- package/dist/agents-CQQ7cNF9.js +0 -5
- package/dist/agents.command-shared-cZa4UKga.js +0 -40
- package/dist/aliases-B92uAzO2.js +0 -2
- package/dist/aliases-BZsZGqVQ.js +0 -96
- package/dist/api-CU22wCTp.js +0 -139
- package/dist/api-DD_eTeli.js +0 -5
- package/dist/api-DIKi1Ni8.js +0 -4
- package/dist/api-i4W2Wwd4.js +0 -48
- package/dist/api-sngIL0OQ.js +0 -3
- package/dist/apply-oUSa2Pf0.js +0 -508
- package/dist/apply.runtime-BLCi2Ivv.js +0 -166
- package/dist/apply.runtime-D_hTG_Y0.js +0 -2
- package/dist/approval-gateway-resolver-KouhItZO.js +0 -29
- package/dist/approval-gateway-runtime-D7CzOIgq.js +0 -2
- package/dist/approval-handler-runtime-CFvI_pZS.js +0 -439
- package/dist/approval-native-runtime-rl6s6chH.js +0 -729
- package/dist/attempt-execution.runtime-Ba87IenS.js +0 -509
- package/dist/attempt-execution.shared-BY_ARPh1.js +0 -22
- package/dist/attempt.prompt-helpers-BbBNMjqU.js +0 -206
- package/dist/attempt.tool-run-context-CLlg_9Gq.js +0 -933
- package/dist/audit-CQJwJFWH.js +0 -939
- package/dist/audit-extra.async-BbZcluVr.js +0 -971
- package/dist/audit-tool-policy-C0lIM9Fp.js +0 -3
- package/dist/audit.deep.runtime-CXjulrWI.js +0 -2
- package/dist/audit.nondeep.runtime-nu5XTu7N.js +0 -880
- package/dist/audit.runtime-CW5CY88A.js +0 -7
- package/dist/auth-CzjcgD0-.js +0 -177
- package/dist/auth-DFhah4e4.js +0 -2
- package/dist/auth-DQw5zHDJ.js +0 -56
- package/dist/auth-choice-CXWHXiQK.js +0 -3
- package/dist/auth-choice-DGMF0dBk.js +0 -85
- package/dist/auth-order-CMWxvLX4.js +0 -2
- package/dist/auth-order-D6mEMqD7.js +0 -139
- package/dist/auth-s-3q__5n.js +0 -550
- package/dist/bash-tools-BCSXSkhx.js +0 -2853
- package/dist/bash-tools-D2NO8-ph.js +0 -3
- package/dist/bash-tools.exec-runtime-CVOp5fHn.js +0 -823
- package/dist/binding-routing-DROXsDQk.js +0 -85
- package/dist/binding-targets-D33MkugL.js +0 -121
- package/dist/bridge-server-3gO7JmL_.js +0 -113
- package/dist/browser-control-auth-DS3Wwm1z.js +0 -2
- package/dist/browser-node-runtime-DkVkb3tt.js +0 -12
- package/dist/browser-profiles-Bk9dcXzv.js +0 -2
- package/dist/browser-runtime-dGM3ZeLa.js +0 -387
- package/dist/browser-setup-tools-DSgChJEe.js +0 -13
- package/dist/build-CjLf_jQl.js +0 -550
- package/dist/call-BxIEVH5N.js +0 -3
- package/dist/call-Dwj7PrNe.js +0 -330
- package/dist/call.runtime-mZvFxL4G.js +0 -2
- package/dist/capability-cli-C-6omBAD.js +0 -1401
- package/dist/catalog-provider-RQJYkKkq.js +0 -40
- package/dist/catchup-Dfw4DEMS.js +0 -300
- package/dist/channel-4YVnFcIj.js +0 -297
- package/dist/channel-BajDSspb.js +0 -1320
- package/dist/channel-BcS5ghfF.js +0 -840
- package/dist/channel-BlU_cVm0.js +0 -491
- package/dist/channel-BmZ19q9d.js +0 -453
- package/dist/channel-C4KfOdTm.js +0 -226
- package/dist/channel-C7LNJi1M.js +0 -595
- package/dist/channel-CFxTIjzU.js +0 -1174
- package/dist/channel-CYDnIh3Z.js +0 -350
- package/dist/channel-DBUj2Ysq.js +0 -1802
- package/dist/channel-DwWdEu7o.js +0 -1100
- package/dist/channel-add-wizard-BLjklZ70.js +0 -2
- package/dist/channel-add-wizard-C3BysW2-.js +0 -125
- package/dist/channel-core-VlXrdyfV.js +0 -5
- package/dist/channel-inbound-BzALE-tz.js +0 -31
- package/dist/channel-plugin-resolution-BNbz8s_s.js +0 -153
- package/dist/channel-plugin-resolution-Bey1o2RL.js +0 -2
- package/dist/channel-plugin-runtime-BMmEKuoC.js +0 -771
- package/dist/channel-runtime-BZXgyMUr.js +0 -425
- package/dist/channel-setup-BzbhDDrt.js +0 -1297
- package/dist/channel.runtime-2Kw88P7w.js +0 -576
- package/dist/channel.runtime-Bwnky7Bn.js +0 -2364
- package/dist/channel.runtime-CDvvT7UR.js +0 -4
- package/dist/channel.runtime-CgP4n1an.js +0 -430
- package/dist/channel.runtime-MJe9DoSG.js +0 -89
- package/dist/channel.runtime-f0WEEj3o.js +0 -42398
- package/dist/channel.setup-DaZBK_2E.js +0 -10
- package/dist/channel2.runtime-CfVIjEhU.js +0 -109
- package/dist/channels-Bq1GXmZX.js +0 -733
- package/dist/channels-cli-DzbssQ5L.js +0 -268
- package/dist/chat-CNZDzOWR.js +0 -2830
- package/dist/clawbot-cli-UIo3UVaj.js +0 -9
- package/dist/clawhub-DRNYT4Ih.js +0 -400
- package/dist/cli-2nlB-dHJ.js +0 -154
- package/dist/cli-7dTpJC3M.js +0 -2
- package/dist/cli-BGMFTnb1.js +0 -683
- package/dist/cli-BVKDWfwH.js +0 -72
- package/dist/cli-Bp52OQjs.js +0 -219
- package/dist/cli-C26tWLBw.js +0 -3726
- package/dist/cli-C_289Xdv.js +0 -2
- package/dist/cli-kOop_NSN.js +0 -2
- package/dist/cli-runner-CP51WTPf.js +0 -286
- package/dist/cli-runner.runtime-BtArNV63.js +0 -4
- package/dist/cli-runner.runtime-Dy1IJ7UX.js +0 -3
- package/dist/cli.runtime-2ilydgLb.js +0 -1261
- package/dist/client-BN8cDQr7.js +0 -723
- package/dist/client-Doc6u1up.js +0 -138
- package/dist/command-auth-oo_Iz0oe.js +0 -76
- package/dist/command-config-resolution-BNQbV_C6.js +0 -23
- package/dist/command-config-resolution-DIvkjwvj.js +0 -2
- package/dist/command-config-resolution.runtime-Dlk7LIJ8.js +0 -2
- package/dist/command-execution-startup-DtBNBU06.js +0 -324
- package/dist/command-registry-Dm8ohcSP.js +0 -4
- package/dist/command-registry-core-BxyHXEQ3.js +0 -106
- package/dist/command-registry-xVmA85-_.js +0 -9
- package/dist/command-secret-gateway-Dej2E5rP.js +0 -528
- package/dist/command-status.runtime-CWgNMJi1.js +0 -87
- package/dist/commands-acp-Ca0l7esb.js +0 -77
- package/dist/commands-compact.runtime-DBN1EALw.js +0 -10
- package/dist/commands-core.runtime-CXYQlfla.js +0 -2
- package/dist/commands-handlers.runtime-BrCljWio.js +0 -4599
- package/dist/commands-reset-hooks-C-P5vfWa.js +0 -135
- package/dist/commands-status-C0WYf99K.js +0 -16
- package/dist/commands-status.runtime-Czim-9LY.js +0 -3
- package/dist/commands-subagents-control.runtime-CgiW2mpD.js +0 -3
- package/dist/commands-subagents-control.runtime-oCqEcwa7.js +0 -2
- package/dist/commands-system-prompt-BQHZNtSZ.js +0 -157
- package/dist/commands-system-prompt-ClJDN8rr.js +0 -2
- package/dist/commands.runtime-DwmtsbUc.js +0 -167
- package/dist/compact-DDf0xr2o.js +0 -1096
- package/dist/compact.runtime-C4BZuDjJ.js +0 -12
- package/dist/completion-cli-85iaysB7.js +0 -328
- package/dist/config-CHPRDFh1.js +0 -252
- package/dist/config-cli-DSZ7DNtq.js +0 -1078
- package/dist/config-guard-Ca-1hhke.js +0 -96
- package/dist/config-runtime-AtYct3A3.js +0 -32
- package/dist/configure-BR6m0uoi.js +0 -1252
- package/dist/configure-CC09fyLr.js +0 -2
- package/dist/connect-options-HotLjDKX.js +0 -699
- package/dist/control-auth-CBtOUnsz.js +0 -125
- package/dist/control-service-D2A1PyZC.js +0 -156
- package/dist/control-ui/assets/agents-7cSPVJV0.js +0 -1125
- package/dist/control-ui/assets/canvas-IIhBIoAa.js +0 -274
- package/dist/control-ui/assets/channel-config-extras-sj_UXv9J.js +0 -2
- package/dist/control-ui/assets/channels-B4MTYg8u.js +0 -198
- package/dist/control-ui/assets/contacts-CSch1ckf.js +0 -49
- package/dist/control-ui/assets/cron-B548qeSj.js +0 -250
- package/dist/control-ui/assets/de-DOykxjSu.js +0 -2
- package/dist/control-ui/assets/debug-DERT6TQG.js +0 -94
- package/dist/control-ui/assets/es-BTwWEPGm.js +0 -2
- package/dist/control-ui/assets/fr-DVRwR98L.js +0 -2
- package/dist/control-ui/assets/i18n-BPOQLrbx.js +0 -3
- package/dist/control-ui/assets/id-BSBAUAzK.js +0 -2
- package/dist/control-ui/assets/index-C2CxJps0.js +0 -5981
- package/dist/control-ui/assets/instances-DwteyRRi.js +0 -57
- package/dist/control-ui/assets/ja-JP-BiD5eOfG.js +0 -2
- package/dist/control-ui/assets/ko-BNgLBJdW.js +0 -2
- package/dist/control-ui/assets/logs-GdE34D7D.js +0 -74
- package/dist/control-ui/assets/mcp-z76x2vB5.js +0 -380
- package/dist/control-ui/assets/memory-CsTbP2T4.js +0 -50
- package/dist/control-ui/assets/memory-graph-DbZEkTHJ.js +0 -30
- package/dist/control-ui/assets/models-j_tXq7Pe.js +0 -86
- package/dist/control-ui/assets/nodes-cxO9Enln.js +0 -654
- package/dist/control-ui/assets/pl-DrVcqC4t.js +0 -2
- package/dist/control-ui/assets/plugins-Rt--bQFn.js +0 -259
- package/dist/control-ui/assets/presenter-BiJsRhTg.js +0 -2
- package/dist/control-ui/assets/pt-BR-BXlBG1WX.js +0 -2
- package/dist/control-ui/assets/sessions-CP6r0JAQ.js +0 -56
- package/dist/control-ui/assets/skills-CMy2whFb.js +0 -294
- package/dist/control-ui/assets/skills-shared-B-3kgWg3.js +0 -11
- package/dist/control-ui/assets/th-DjtYmyBR.js +0 -2
- package/dist/control-ui/assets/tr-I0LYx0Ew.js +0 -2
- package/dist/control-ui/assets/uk-xilwRRzQ.js +0 -2
- package/dist/control-ui/assets/wallet-geRdfgso.js +0 -302
- package/dist/control-ui/assets/zh-CN-DHz_bYy_.js +0 -2
- package/dist/control-ui/assets/zh-TW-LvBbVYeU.js +0 -2
- package/dist/control-ui-Djt0XDNa.js +0 -1043
- package/dist/conversation-id-BwNpVXFJ.js +0 -235
- package/dist/conversation-id-CTAeVE9E.js +0 -38
- package/dist/conversation-runtime-D6miDW4s.js +0 -31
- package/dist/core-CYaV0wrq.js +0 -275
- package/dist/create-DN7NWqCZ.js +0 -80
- package/dist/cron-cli-BZacbTRu.js +0 -713
- package/dist/daemon-cli-BXtGpvAS.js +0 -12
- package/dist/dashboard-Ds7c6TJm.js +0 -2
- package/dist/dashboard-s1prqGuB.js +0 -81
- package/dist/delegate-nycMaKrd.js +0 -64
- package/dist/deliver-BedUVIQP.js +0 -747
- package/dist/deliver-DPvG5Qo8.js +0 -3
- package/dist/deliver-runtime-DZlx42y2.js +0 -2
- package/dist/delivery-outbound.runtime-Dyo6zcqN.js +0 -6
- package/dist/delivery.runtime-CmuJYXg1.js +0 -253
- package/dist/detached-task-runtime-DXFEjX_Y.js +0 -73
- package/dist/devices-cli-B2T4Rk-c.js +0 -498
- package/dist/diagnostics-669Ookpz.js +0 -154
- package/dist/direct-dm-Bwx0l0B5.js +0 -64
- package/dist/directive-handling.fast-lane-Vuy-nG2-.js +0 -66
- package/dist/directive-handling.impl-DrE_GeZR.js +0 -2
- package/dist/directive-handling.impl-KH2zUp6M.js +0 -703
- package/dist/directive-handling.model-selection-BiW8QHW-.js +0 -114
- package/dist/directive-handling.persist.runtime-VLCtMqO5.js +0 -215
- package/dist/directory-cli-DQRcL8xw.js +0 -240
- package/dist/dispatch-CVFq_KHF.js +0 -1131
- package/dist/dispatch-acp-AeVrqG1P.js +0 -981
- package/dist/dispatch-acp-manager.runtime-t90xTijh.js +0 -3
- package/dist/dispatch-acp-media.runtime-Bq9nReBk.js +0 -4
- package/dist/dispatch-acp-session.runtime-CKts6zqY.js +0 -2
- package/dist/dispatch-acp.runtime-CLS-txJr.js +0 -19
- package/dist/doctor-config-flow-C1S8B_sg.js +0 -420
- package/dist/doctor-config-preflight-DH_iBFHQ.js +0 -2
- package/dist/doctor-config-preflight-nRntMTIC.js +0 -63
- package/dist/doctor-device-pairing-rAiSum7F.js +0 -307
- package/dist/doctor-gateway-daemon-flow-BYlbRkfE.js +0 -250
- package/dist/doctor-gateway-health-DGaad6OP.js +0 -63
- package/dist/doctor-health-contributions-CYangAn3.js +0 -493
- package/dist/doctor-health-woICf2XW.js +0 -59
- package/dist/doctor-prompter-oNxd62XO.js +0 -56
- package/dist/doctor-sandbox-C9h2a5Uu.js +0 -194
- package/dist/doctor-state-migrations-BPuF54_Y.js +0 -2
- package/dist/doctor-workspace-status-DrOqBwKh.js +0 -75
- package/dist/dreaming-narrative-SeHukrla.js +0 -596
- package/dist/dreaming-qiznoCiH.js +0 -1582
- package/dist/embedded-gateway-stub.runtime-BiCMn9tm.js +0 -9
- package/dist/embedding-provider-QRMp19Ph.js +0 -118
- package/dist/embeddings-Cwg0dHC_.js +0 -215
- package/dist/embeddings-http-DbBwgwsH.js +0 -205
- package/dist/exec-approval-forwarder.runtime-BNGZQkhU.js +0 -3
- package/dist/exec-approvals-cli-BK9WM7tB.js +0 -498
- package/dist/exec-defaults-B5NE8OtM.js +0 -2
- package/dist/exec-defaults-Dy3ej-Rk.js +0 -67
- package/dist/execute.runtime-cy0XQXc7.js +0 -1359
- package/dist/fallbacks-BHahSac7.js +0 -31
- package/dist/fallbacks-CDP89dtv.js +0 -2
- package/dist/fallbacks-shared-h_ZN8Ugk.js +0 -111
- package/dist/gateway-ClYGJe6R.js +0 -115
- package/dist/gateway-cli-D5OEgdCv.js +0 -1283
- package/dist/gateway-rpc-Dk_z0RTG.js +0 -14
- package/dist/gateway-rpc.runtime-DcDI0Hq7.js +0 -23
- package/dist/gateway-runtime-BpOf_2ps.js +0 -15
- package/dist/gateway-status-BfT8gHrq.js +0 -584
- package/dist/genesis-tools-Dn3v15Cu.js +0 -9435
- package/dist/genesis-tools.runtime-BUKXOBx4.js +0 -2
- package/dist/get-reply-BOvlxgUu.js +0 -3946
- package/dist/get-reply-from-config.runtime-Cl8vSh_k.js +0 -2
- package/dist/gmail-watcher-lifecycle-JbKGb-1A.js +0 -2
- package/dist/graph-users-DvflifYV.js +0 -1337
- package/dist/health-B2xJjrkJ.js +0 -3
- package/dist/health-CWa-e_Y6.js +0 -420
- package/dist/health-route-CzxBmoPR.js +0 -41
- package/dist/health-route-Dhbg2HGJ.js +0 -2
- package/dist/hooks-cli-B08Wk2kj.js +0 -433
- package/dist/http-endpoint-helpers-CG3AcjuK.js +0 -41
- package/dist/http-utils-L02eBAVo.js +0 -924
- package/dist/image-fallbacks-DPTpHhw_.js +0 -2
- package/dist/image-fallbacks-DrcfSUln.js +0 -31
- package/dist/image-generation-core-CEg4KACr.js +0 -18
- package/dist/image-generation-provider-B4tW_Kj3.js +0 -274
- package/dist/image-generation-provider-B72nmoos.js +0 -157
- package/dist/image-generation-provider-D9v0PADz.js +0 -63
- package/dist/image-generation-provider-DLYGDzST.js +0 -228
- package/dist/image-generation-provider-DYu8ZWBs.js +0 -529
- package/dist/image-generation-provider-jp6l2Jls.js +0 -95
- package/dist/image-generation-provider-qr08iqKe.js +0 -137
- package/dist/image-runtime-DRQcRKzy.js +0 -9
- package/dist/inbound-reply-dispatch-D2K6Anyc.js +0 -73
- package/dist/inbound.runtime-CCnJwfdz.js +0 -3
- package/dist/inbound.runtime-DwsGti2x.js +0 -4
- package/dist/infra-runtime-Pu3jXc5f.js +0 -38
- package/dist/init-B2qJ52Z_.js +0 -59
- package/dist/install-DwDt01Fk.js +0 -726
- package/dist/install-security-scan-Cq0N2AQi.js +0 -26
- package/dist/install-security-scan.runtime-DWlSCQbQ.js +0 -671
- package/dist/install.runtime-CWnOXdy4.js +0 -27
- package/dist/install.runtime-DPA5lA9o.js +0 -12
- package/dist/jobs-D9IyaUDB.js +0 -729
- package/dist/library-JmPoINsm.js +0 -45
- package/dist/lifecycle-BRey6jez.js +0 -229
- package/dist/lifecycle-CvJT6tH9.js +0 -571
- package/dist/lifecycle.runtime-DJuQgwAu.js +0 -2
- package/dist/list-0KYh_6xs.js +0 -131
- package/dist/list-B1iP8wTX.js +0 -2
- package/dist/list-CewinhHi.js +0 -1212
- package/dist/list-DPm9exQP.js +0 -2
- package/dist/list.probe-M4jUIgk8.js +0 -419
- package/dist/live-model-switch-DqJLIA4J.js +0 -336
- package/dist/llm-slug-generator-CQiB4f0s.js +0 -79
- package/dist/load-config-oEWSSW5T.js +0 -35
- package/dist/loader-DlmWqYuM.js +0 -222
- package/dist/local-dispatch.runtime-rI2L9gZz.js +0 -8
- package/dist/login-DX18Qaag.js +0 -108
- package/dist/logs-cli-qUQbKPpd.js +0 -265
- package/dist/logs-cli.runtime-DZwxYUL2.js +0 -2
- package/dist/main-session-restart-recovery-Dw8zndAD.js +0 -206
- package/dist/managed-image-attachments-B_835Hjd.js +0 -635
- package/dist/managed-image-attachments-Dp_0diDL.js +0 -2
- package/dist/manager-CRmLomjS.js +0 -2
- package/dist/manager-yTOglQEH.js +0 -2057
- package/dist/markdown-to-line-D6Y5rN1y.js +0 -790
- package/dist/mcp-cli-DZi-FzRz.js +0 -725
- package/dist/mcp-http-DaXlqh6n.js +0 -529
- package/dist/media-runtime-awxrKlof.js +0 -329
- package/dist/media-understanding-CYk-TBlo.js +0 -85
- package/dist/media-understanding-provider-BFl9PvK0.js +0 -18
- package/dist/media-understanding-provider-BbHedlHI.js +0 -69
- package/dist/media-understanding-provider-C4hkphxA.js +0 -28
- package/dist/media-understanding-provider-CIJApc3Q.js +0 -85
- package/dist/media-understanding-provider-CMRfrvoW.js +0 -37
- package/dist/media-understanding-provider-D8MwbDYK.js +0 -12
- package/dist/media-understanding-provider-DPZ3M0zL.js +0 -21
- package/dist/media-understanding-provider-DnFHplle.js +0 -13
- package/dist/media-understanding-provider-O3o8RDTO.js +0 -12
- package/dist/media-understanding-provider-WmKhdAeP.js +0 -18
- package/dist/media-understanding-runtime-DiWkY8O9.js +0 -2
- package/dist/memory-core-host-runtime-cli-K2SeZLMj.js +0 -9
- package/dist/memory-embedding-adapter-Ll4TtjDC.js +0 -123
- package/dist/memory-host-search-BzpJFHpD.js +0 -12
- package/dist/message-Bk0q8DmN.js +0 -232
- package/dist/message-action-runner-BIi8DCoo.js +0 -2
- package/dist/message-action-runner-CmhjNg6K.js +0 -1407
- package/dist/message-actions-BDXFXc2E.js +0 -143
- package/dist/message.gateway.runtime-fPnMn6QV.js +0 -2
- package/dist/method-scopes-D_AZ7OsK.js +0 -235
- package/dist/model-picker-D20JpfyM.js +0 -559
- package/dist/model-picker-Dpin9dw4.js +0 -3
- package/dist/model-picker.runtime-B19j-xJa.js +0 -15
- package/dist/model-selection-BDK7dEju.js +0 -212
- package/dist/models-auth-status-0xcMbBhB.js +0 -217
- package/dist/models-cli-DuQZ09TC.js +0 -271
- package/dist/models-http-DruY6N81.js +0 -92
- package/dist/models.fetch-2geG13AQ.js +0 -518
- package/dist/monitor-2KbmBvHU.js +0 -2
- package/dist/monitor-B2yQJkAh.js +0 -1459
- package/dist/monitor-CD4mrtqF.js +0 -1661
- package/dist/monitor-CJ6A4Ro2.js +0 -788
- package/dist/monitor-D19pDt5p.js +0 -1237
- package/dist/monitor-GQtwMpZn.js +0 -671
- package/dist/monitor-auth-DJ9S4EQV.js +0 -207
- package/dist/monitor-processing-BMv5voti.js +0 -1974
- package/dist/monitor.runtime-GizvASio.js +0 -2
- package/dist/monitor.webhook-DzvH3io8.js +0 -180
- package/dist/msteams-7Jx25GW4.js +0 -35
- package/dist/music-generation-provider-Bac-UFIO.js +0 -63
- package/dist/music-generation-provider-fPGrO1gg.js +0 -170
- package/dist/native-hook-relay-DwgVW-el.js +0 -519
- package/dist/nextcloud-talk-gXnN0EKl.js +0 -17
- package/dist/node-cli-Bd8iT-US.js +0 -2276
- package/dist/nodes-cli-xAd3vxyV.js +0 -1046
- package/dist/nodes-utils-qg-Bmmy5.js +0 -84
- package/dist/nodes.helpers-B42Vi8VW.js +0 -34
- package/dist/notify-DArpzHFF.js +0 -315
- package/dist/oauth-B9WR0gWL.js +0 -75
- package/dist/oauth-BpJKd6mz.js +0 -2
- package/dist/oauth-BqiriUcs.js +0 -139
- package/dist/oauth-Dl3zSXWU.js +0 -152
- package/dist/oauth.flow-CIweZ0Wo.js +0 -45
- package/dist/oauth.flow-YT9WcJAP.js +0 -3
- package/dist/onboard-DKr9c-h5.js +0 -70
- package/dist/onboard-DrfmoxpG.js +0 -316
- package/dist/onboard-channels-B-jq5k4w.js +0 -2
- package/dist/onboard-channels-Dg4UVNnl.js +0 -3
- package/dist/onboard-custom-DDY7T8Mb.js +0 -3
- package/dist/onboard-custom-buJ3Vz5C.js +0 -271
- package/dist/onboard-f_tqlGVL.js +0 -2
- package/dist/onboard-helpers-Begz93UO.js +0 -6
- package/dist/onboard-helpers-Di14BUn2.js +0 -204
- package/dist/onboard-interactive-DjJo_FLY.js +0 -24
- package/dist/onboard-non-interactive-CgxwxSiw.js +0 -635
- package/dist/onboard-remote-BhcRxYvn.js +0 -2
- package/dist/onboard-remote-CEeT7hEZ.js +0 -193
- package/dist/onboard-skills-CTTUg6pf.js +0 -134
- package/dist/onboard-skills-DWTbOfH1.js +0 -2
- package/dist/onboarding-plugin-install-CNIcGqAI.js +0 -406
- package/dist/openai-codex-provider-6aTYk3jp.js +0 -472
- package/dist/openai-http-C2-8VSih.js +0 -500
- package/dist/openai-provider-w1PV_KGr.js +0 -313
- package/dist/opencode-SEOw9RYv.js +0 -35
- package/dist/openresponses-http-DgsTPUc1.js +0 -1128
- package/dist/operator-approvals-client-D1R6aLFV.js +0 -68
- package/dist/outbound-runtime-D7qdGq1B.js +0 -5
- package/dist/outbound.runtime-DDAlqr2n.js +0 -2
- package/dist/pair-command-approve-BqXU_u3_.js +0 -44
- package/dist/persistent-bindings.lifecycle-0cee5HeB.js +0 -85
- package/dist/persistent-bindings.lifecycle-DTgwTu9k.js +0 -2
- package/dist/pi-bundle-mcp-runtime-CEwlOt28.js +0 -2
- package/dist/pi-bundle-mcp-runtime-DS32_bKh.js +0 -829
- package/dist/pi-bundle-mcp-tools-MVePSeQp.js +0 -108
- package/dist/pi-embedded-BMKZLrrD.js +0 -2905
- package/dist/pi-embedded-C1_8L609.js +0 -4
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-61zYwcVi.js +0 -23
- package/dist/pi-embedded.runtime-CEcUCfnu.js +0 -4
- package/dist/pi-tool-definition-adapter-B1q4cAB_.js +0 -229
- package/dist/pi-tools-CE3UX10v.js +0 -1118
- package/dist/pi-tools.before-tool-call-BsMfbO7W.js +0 -433
- package/dist/pi-tools.before-tool-call-DGY-rj-6.js +0 -2
- package/dist/plugin-dDMX1n9i.js +0 -12195
- package/dist/plugin-enabled-CCcxlblr.js +0 -140
- package/dist/plugin-install-D9RUigrW.js +0 -2
- package/dist/plugin-install-DRc2KTWx.js +0 -115
- package/dist/plugin-install-config-policy-CtKZaMAw.js +0 -137
- package/dist/plugin-install-plan-BeNfwB5V.js +0 -50
- package/dist/plugin-registration-CTIg2xi-.js +0 -23
- package/dist/plugin-service-Byv2yfiX.js +0 -2893
- package/dist/plugins-cli-qkT7VGd9.js +0 -584
- package/dist/plugins-command-helpers-DvRgKfV0.js +0 -107
- package/dist/plugins-install-persist-CZWXaz5s.js +0 -133
- package/dist/plugins-update-command-qKTcfS44.js +0 -1057
- package/dist/policy-BK0iZFZM.js +0 -328
- package/dist/prepare.runtime-BMtgLZl1.js +0 -807
- package/dist/probe-Bj3sjcpc.js +0 -2205
- package/dist/probe-C6wNv6c4.js +0 -74
- package/dist/probe-CM5o3wKp.js +0 -240
- package/dist/probe-D3D0RoQl.js +0 -45
- package/dist/probe-DlY3dg7v.js +0 -2
- package/dist/probe-TN3P-dCa.js +0 -2
- package/dist/probe-pLHVFHK6.js +0 -243
- package/dist/probe-pZ61Idl1.js +0 -1443
- package/dist/program-TZ54mZzH.js +0 -111
- package/dist/prompt-select-styled-DFXPq9zJ.js +0 -20
- package/dist/protocol-CWEBsZbG.js +0 -2515
- package/dist/provider-D4RPFEas.js +0 -70
- package/dist/provider-api-key-auth-DxE3Ubaz.js +0 -131
- package/dist/provider-auth-94YJgYBI.js +0 -46
- package/dist/provider-auth-api-key-D9d3vpbu.js +0 -5
- package/dist/provider-auth-choice-C1kxCG8d.js +0 -228
- package/dist/provider-auth-login-DSy_0CmF.js +0 -8
- package/dist/provider-dispatcher-9FnI26kR.js +0 -2
- package/dist/provider-dispatcher-D30lsDyd.js +0 -22
- package/dist/provider-entry-CR0Z4V2Y.js +0 -106
- package/dist/provider-model-defaults-CY1F7Q3c.js +0 -6
- package/dist/provider-registration-C3cLloFb.js +0 -37
- package/dist/provider-registration-CU67AJCU.js +0 -218
- package/dist/qr-cli-CoEq74Fu.js +0 -2
- package/dist/qr-cli-DxaXK8T4.js +0 -349
- package/dist/qr-image-BQnl-2Hz.js +0 -2
- package/dist/queue-IehGWtWc.js +0 -409
- package/dist/reaction-runtime-api-CGWfmWqF.js +0 -116
- package/dist/reactions-D1tny1P_.js +0 -998
- package/dist/read-capability-w1W5sKua.js +0 -412
- package/dist/register-service-commands-D5181r0Q.js +0 -71
- package/dist/register.agent-DWwOD6q5.js +0 -248
- package/dist/register.configure-CZx6uXuU.js +0 -15
- package/dist/register.maintenance-1yV569VU.js +0 -363
- package/dist/register.message-DqosH9zI.js +0 -329
- package/dist/register.onboard-DBa5bh4F.js +0 -88
- package/dist/register.runtime-AUXvOvfy.js +0 -81
- package/dist/register.setup-1k0y27Bf.js +0 -150
- package/dist/register.status-health-sessions-3SuqckJe.js +0 -1215
- package/dist/register.subclis-1vwiREuy.js +0 -3
- package/dist/register.subclis-core-CoUcH7R2.js +0 -249
- package/dist/register.subclis-d6Uoake0.js +0 -29
- package/dist/reply-dispatch-runtime-B2jwG-ti.js +0 -13
- package/dist/reply-media-paths.runtime-Bv-VQY1O.js +0 -2
- package/dist/reply-media-paths.runtime-qZYIzFEg.js +0 -146
- package/dist/reply-runtime-BvyACHP_.js +0 -10
- package/dist/reply.runtime-B76FIMUm.js +0 -2
- package/dist/resolve-DxTN302S.js +0 -259
- package/dist/response-generator-Be1_-xjF.js +0 -175
- package/dist/restart-health-C1m4VgKE.js +0 -2
- package/dist/restart-health-CSxm-1Te.js +0 -202
- package/dist/root-help-Cw7ovqRO.js +0 -44
- package/dist/route-reply-Dn9zmIdM.js +0 -162
- package/dist/route-reply.runtime-DkwtG2qY.js +0 -2
- package/dist/routes-B9j5MeTj.js +0 -2
- package/dist/routes-BCJWRxzD.js +0 -3341
- package/dist/rpc-_zAZRj2-.js +0 -61
- package/dist/rpc.runtime-C3rwvN8O.js +0 -21
- package/dist/run-auth-profile.runtime-Bflh0AxI.js +0 -2
- package/dist/run-delivery.runtime-CXmj98lV.js +0 -530
- package/dist/run-embedded.runtime-yli8ukW0.js +0 -4
- package/dist/run-execution-cli.runtime-CjDLajis.js +0 -4
- package/dist/run-executor.runtime-SwHBKuy1.js +0 -277
- package/dist/run-main-DPHpfv1y.js +0 -567
- package/dist/run-subagent-registry.runtime-CWv2s5wn.js +0 -2
- package/dist/run-wait-CpSEiESO.js +0 -135
- package/dist/runner-Vhfg_kYp.js +0 -966
- package/dist/runner.entries-DWptWo_Q.js +0 -604
- package/dist/runtime-CMHLmvAl.js +0 -961
- package/dist/runtime-COXB-OZq.js +0 -263
- package/dist/runtime-Cfcvlsp1.js +0 -2
- package/dist/runtime-D9CBb5Na.js +0 -72
- package/dist/runtime-api-CLkOuqkP.js +0 -4
- package/dist/runtime-api-DgKObkOQ.js +0 -9
- package/dist/runtime-api-bWUB21Eg.js +0 -9
- package/dist/runtime-api-rryD3LXE.js +0 -14
- package/dist/runtime-embedded-pi.runtime-DuHPAbVt.js +0 -2
- package/dist/runtime-entry-BaLt5V4d.js +0 -2769
- package/dist/runtime-fF-k_rB8.js +0 -9
- package/dist/runtime-internal-By95Az_F.js +0 -2
- package/dist/runtime-l0B7QFL3.js +0 -116
- package/dist/runtime-options-BsxnM5Yt.js +0 -275
- package/dist/runtime-prepare.runtime-D6bMmoTn.js +0 -80
- package/dist/runtime-schema-P9TAqWy1.js +0 -28599
- package/dist/runtime-web-tools-DlattYEh.js +0 -1477
- package/dist/sandbox-B0HW_QP3.js +0 -1156
- package/dist/sandbox-D2w77M7D.js +0 -3
- package/dist/sandbox-cli-DhrLokzO.js +0 -450
- package/dist/scan-CKfozblZ.js +0 -2
- package/dist/scan-CVwpGz6x.js +0 -523
- package/dist/secrets-cli-pXjlA7bi.js +0 -2101
- package/dist/security-cli-ChIBksL4.js +0 -486
- package/dist/selection-CIX2NWC3.js +0 -7743
- package/dist/selection-FiKxtpP7.js +0 -2
- package/dist/send-13tmI7yl.js +0 -102
- package/dist/send-BudgB3Xv.js +0 -156
- package/dist/send.runtime-CWWkq3eQ.js +0 -2
- package/dist/server-CRbNiI2L.js +0 -13
- package/dist/server-DPwckotj.js +0 -77
- package/dist/server-context-DnmrGIHL.js +0 -847
- package/dist/server-context-GFvl1Fa1.js +0 -2
- package/dist/server-node-events-Boy823tY.js +0 -474
- package/dist/server-plugin-bootstrap-BEm4d2by.js +0 -2
- package/dist/server-plugin-bootstrap-BLp3Ri_D.js +0 -13355
- package/dist/server-restart-sentinel-D1dhBlz5.js +0 -684
- package/dist/server.impl-CuEQ_ANR.js +0 -12790
- package/dist/session-DQK4G2N-.js +0 -48
- package/dist/session-envelope-uG-4XV0X.js +0 -18
- package/dist/session-key-CTestOWs.js +0 -65
- package/dist/session-kill-http-CKkRPXTD.js +0 -110
- package/dist/session-meta-B_6JKgd3.js +0 -109
- package/dist/session-override-BJXIc7UA.js +0 -106
- package/dist/session-reset-model.runtime-DFT-FJW1.js +0 -133
- package/dist/session-reset-service-BI9uiJ1F.js +0 -497
- package/dist/session-route-Dy5b9CbY.js +0 -93
- package/dist/session-status.runtime-HByTPp-H.js +0 -2
- package/dist/session-store-COzyfYG2.js +0 -126
- package/dist/session-store.runtime-CQHXgM_Z.js +0 -2
- package/dist/session-subagent-reactivation.runtime-BOWBAfyc.js +0 -2
- package/dist/session-tab-registry-Ce31KjnI.js +0 -581
- package/dist/session-updates-Dl4GafMW.js +0 -236
- package/dist/session-updates.runtime-bHYRFXxm.js +0 -2
- package/dist/session-utils-Dkaj_4dZ.js +0 -1009
- package/dist/session-visibility-BB6i8ptT.js +0 -147
- package/dist/sessions-D3eFfsPH.js +0 -281
- package/dist/sessions-DAup1AeE.js +0 -16
- package/dist/sessions-helpers-DYP9dapI.js +0 -305
- package/dist/sessions-history-http-j8ZxsBAn.js +0 -371
- package/dist/sessions-kO7Dit6B.js +0 -48
- package/dist/sessions-patch-D4ye8mVh.js +0 -309
- package/dist/sessions-resolve-Bi2bj6c-.js +0 -174
- package/dist/sessions-uVaHa5mC.js +0 -2
- package/dist/sessions.runtime-VkodyiYI.js +0 -2
- package/dist/setup-DX-d8t6q.js +0 -421
- package/dist/setup-api-6GX_eeAs.js +0 -29
- package/dist/setup-core-BGUg4eV0.js +0 -171
- package/dist/setup-core-CpfGqHuS.js +0 -176
- package/dist/setup-hFAlSbTL.js +0 -636
- package/dist/setup-surface-DSvYQ0Mf.js +0 -219
- package/dist/setup-surface-DT8l0x7M.js +0 -403
- package/dist/setup-surface-gdmDKJFO.js +0 -286
- package/dist/setup.finalize-m_UzKyZ2.js +0 -547
- package/dist/setup.gateway-config-DHQ8eaxx.js +0 -250
- package/dist/shared-BY5yIWjE.js +0 -198
- package/dist/shared-BtY5n-4U.js +0 -76
- package/dist/shared-C-DELFhh.js +0 -217
- package/dist/shared-DPf8cDHL.js +0 -121
- package/dist/shared-runtime-lVwJld87.js +0 -7
- package/dist/skill-commands-Crg6g_xc.js +0 -83
- package/dist/skill-commands.runtime-Dx9JZPVm.js +0 -2
- package/dist/skills-install-B1RJkjel.js +0 -605
- package/dist/skills-snapshot.runtime-1fnPk6SF.js +0 -7
- package/dist/slash-state-j62N8ife.js +0 -1911
- package/dist/speech-provider-BEjGmdRi.js +0 -170
- package/dist/speech-provider-DU0xib0M.js +0 -209
- package/dist/speech-provider-jexKB2Fl.js +0 -216
- package/dist/src-BYHA6DRU.js +0 -3974
- package/dist/stage-sandbox-media.runtime-BzOf-LsJ.js +0 -232
- package/dist/startup-context-DZml_gZY.js +0 -312
- package/dist/state-migrations-DlUY4b3i.js +0 -820
- package/dist/status-BCr0D4CJ.js +0 -2
- package/dist/status-Bi8EbpXB.js +0 -395
- package/dist/status-CPAE20nX.js +0 -209
- package/dist/status-D-wIma3c.js +0 -3
- package/dist/status-DLmFJkIX.js +0 -2
- package/dist/status-DhpFLjkt.js +0 -190
- package/dist/status-Dql1aIFE.js +0 -62
- package/dist/status-all-AuiqtGQ-.js +0 -498
- package/dist/status-json-BUhA_seV.js +0 -14
- package/dist/status-json-command-Dk8RVvC9.js +0 -82
- package/dist/status-message-DuKO-hzh.js +0 -466
- package/dist/status-message.runtime-BnLXbVHh.js +0 -6
- package/dist/status-queue.runtime-DXdIwJaQ.js +0 -2
- package/dist/status-runtime-shared-BK7fklEl.js +0 -241
- package/dist/status-subagents.runtime-DkMpqnmP.js +0 -18
- package/dist/status-text-D71CoS-s.js +0 -237
- package/dist/status.gateway-connection.runtime-wWu8Kvt4.js +0 -2
- package/dist/status.gather-BlSA6D3i.js +0 -292
- package/dist/status.gather-akCtNgln.js +0 -2
- package/dist/status.runtime-BwFzOfxj.js +0 -2
- package/dist/status.runtime-tPHKyqSk.js +0 -2
- package/dist/status.scan-GF1UDZAB.js +0 -65
- package/dist/status.scan-overview-D1tTMWSi.js +0 -379
- package/dist/status.scan.fast-json-CoLBFhFk.js +0 -132
- package/dist/status.scan.fast-json-K69bqOGh.js +0 -2
- package/dist/status.summary-Bxh5WwsL.js +0 -200
- package/dist/status.summary-Cyr9PxeP.js +0 -2
- package/dist/store-DgajP9Em.js +0 -4
- package/dist/store-tuisxHpf.js +0 -910
- package/dist/store.runtime-Bw5wLKnD.js +0 -2
- package/dist/stream-CWqBQkS6.js +0 -664
- package/dist/subagent-announce-Dw7-i1-9.js +0 -351
- package/dist/subagent-announce-delivery-HYpoItCd.js +0 -726
- package/dist/subagent-announce-output-C7rcYYEc.js +0 -364
- package/dist/subagent-capabilities-DFXCYxt0.js +0 -251
- package/dist/subagent-control-Ds2GYpWL.js +0 -506
- package/dist/subagent-control.runtime-CgBRjo3Q.js +0 -3
- package/dist/subagent-followup.runtime-Cd8hCztp.js +0 -68
- package/dist/subagent-orphan-recovery-BgjubPqf.js +0 -305
- package/dist/subagent-registry-CgpGD3GV.js +0 -1753
- package/dist/subagent-registry-DxdVLcdG.js +0 -3
- package/dist/subagent-spawn-BWBNndsp.js +0 -1005
- package/dist/supervisor-DaRbw4Gw.js +0 -704
- package/dist/system-cli-DyBkQUQb.js +0 -43
- package/dist/targets-BadrXaG2.js +0 -67
- package/dist/task-executor-C7Wi33fD.js +0 -360
- package/dist/task-owner-access-yQv8xMco.js +0 -74
- package/dist/task-registry-W5mFPlZX.js +0 -2357
- package/dist/task-registry-delivery-runtime-cBNSvuGT.js +0 -3
- package/dist/task-registry-delivery-runtime-cJvq2BuY.js +0 -2
- package/dist/task-registry.maintenance-Buzo501v.js +0 -2
- package/dist/task-registry.maintenance-pJMW_7Am.js +0 -416
- package/dist/testing-Dw49ltmR.js +0 -575
- package/dist/text-report-CtyXY05r.js +0 -549
- package/dist/tool-auth-shared-DWrecN7g.js +0 -90
- package/dist/tool-policy-pipeline-CA61tNc_.js +0 -109
- package/dist/tool-resolution-BcUPtTtu.js +0 -90
- package/dist/tools-effective-inventory-CL0grjv4.js +0 -152
- package/dist/tools-invoke-http-BZ8xqe0f.js +0 -206
- package/dist/transcript-CEK104A6.js +0 -312
- package/dist/transcript-resolve.runtime-D4I8B--1.js +0 -2
- package/dist/transcript.runtime-ClNMqLSP.js +0 -2
- package/dist/trash-B6l1GwX9.js +0 -24
- package/dist/tts-vEtIfdGN.js +0 -64
- package/dist/tui-cli-BCn5UWwT.js +0 -4585
- package/dist/uninstall-BQ_d8nQ4.js +0 -185
- package/dist/update-D8foEnSw.js +0 -1282
- package/dist/update-cli-D8bMov5W.js +0 -1759
- package/dist/update-startup-D-n1C8A0.js +0 -2
- package/dist/upgrade-iRXz6ZP4.js +0 -1226
- package/dist/video-generation-provider-5v5lTL00.js +0 -287
- package/dist/video-generation-provider-BGtbUYJd.js +0 -64
- package/dist/video-generation-provider-BlOdvaLh.js +0 -118
- package/dist/video-generation-provider-CR_fRJ8m.js +0 -187
- package/dist/video-generation-provider-CVUs00hp.js +0 -264
- package/dist/video-generation-provider-CtstiCCO.js +0 -271
- package/dist/video-generation-provider-DDQjPRYO.js +0 -254
- package/dist/video-generation-provider-DLy7AvTJ.js +0 -281
- package/dist/video-generation-provider-DNnNMvS9.js +0 -221
- package/dist/video-generation-provider-vzf0PQXj2.js +0 -77
- package/dist/video-generation-provider-zINiw3aL.js +0 -78
- package/dist/video-generation-task-status-ESf4kR6F.js +0 -163
- package/dist/wait-for-idle-before-flush-C-_kVutK.js +0 -5985
- package/dist/web-search-provider-BkIzoc2Y.js +0 -163
- package/dist/wizard-models-jPGu0o7K.js +0 -334
- package/dist/workflow-runtime-tvBeQSK9.js +0 -485
- /package/dist/{audit-channel.collect.runtime-BAKyzn52.js → audit-channel.collect.runtime-CevlIQ6K.js} +0 -0
- /package/dist/{audit-tool-policy-Ftr0W8Wl.js → audit-tool-policy-DTodxIZf.js} +0 -0
- /package/dist/{channel-selection.runtime-CsQ0qN21.js → channel-selection.runtime-DAkF_DgO.js} +0 -0
- /package/dist/{close-reason-DNwBM4qe.js → close-reason-BPuKI4th.js} +0 -0
- /package/dist/{configured-B8XGIYz-.js → configured-C-0r4Pk2.js} +0 -0
- /package/dist/{diagnostic-support-export-CuIJulCK.js → diagnostic-support-export-C8cpJRWi.js} +0 -0
- /package/dist/{gmail-watcher-lifecycle-BoWMgpeT.js → gmail-watcher-lifecycle-DrTbIr0m.js} +0 -0
- /package/dist/{image-BwAofy0f.js → image-LNALiqnF.js} +0 -0
- /package/dist/{image-generation-core.auth.runtime-B6BpHP6V.js → image-generation-core.auth.runtime-hzZbX1YD.js} +0 -0
- /package/dist/{input-allowlist-zDKNs6OG.js → input-allowlist-Bn8hssyM.js} +0 -0
- /package/dist/{install-target-FXMkL80i.js → install-target-C0Dg_4Un.js} +0 -0
- /package/dist/{memory-host-search.runtime-Vfck_NLf.js → memory-host-search.runtime-CAejVWZB.js} +0 -0
- /package/dist/{message.config.runtime-Df8nVSE4.js → message.config.runtime-CAG3eLmF.js} +0 -0
- /package/dist/{paths-BdDCK0XP.js → paths-BrPnd-v6.js} +0 -0
- /package/dist/{provider-api-key-auth.runtime-fT4D2dQt.js → provider-api-key-auth.runtime-YLpiRoM3.js} +0 -0
- /package/dist/{provider-auth-login.runtime-EnfK3WTr.js → provider-auth-login.runtime-BwDEPbY4.js} +0 -0
- /package/dist/{push-apns-DoMbCgqq.js → push-apns-UUwkJMxt.js} +0 -0
- /package/dist/{runtime-manifest.runtime-CuqWbJ5G.js → runtime-manifest.runtime-D8BuqQCR.js} +0 -0
- /package/dist/{runtime-web-channel-plugin-ChmPPl7a.js → runtime-web-channel-plugin-Dx1GGPSD.js} +0 -0
- /package/dist/{runtime-web-tools-fallback.runtime-B3fmu7s0.js → runtime-web-tools-fallback.runtime-_nNCUNAT.js} +0 -0
- /package/dist/{runtime-web-tools-manifest.runtime-CpiYM000.js → runtime-web-tools-manifest.runtime-BaeloEzn.js} +0 -0
- /package/dist/{runtime-web-tools-public-artifacts.runtime-BBNdsUv5.js → runtime-web-tools-public-artifacts.runtime-DOdl6CAd.js} +0 -0
- /package/dist/{server-startup-log-DXJn1EgH.js → server-startup-log-BUk3dEm6.js} +0 -0
- /package/dist/{server-startup-memory-C4d9ImgC.js → server-startup-memory-C3gdaomJ.js} +0 -0
- /package/dist/{server-tailscale-DeNCXYBr.js → server-tailscale-C0DsqL5N.js} +0 -0
- /package/dist/{services-m8_503l9.js → services-CiBabvAX.js} +0 -0
- /package/dist/{session-archive.runtime-DDhx1bOA.js → session-archive.runtime-BIqBKdzI.js} +0 -0
- /package/dist/{setup.node-config-BXET5GZk.js → setup.node-config-BlJDbu4T.js} +0 -0
- /package/dist/{setup.plugin-config-CgBJMtZ8.js → setup.plugin-config-CCP7nrfy.js} +0 -0
- /package/dist/{skill-scanner-cEm04-3B.js → skill-scanner-DnqZE6Fh.js} +0 -0
- /package/dist/{ssh-config-BfxhRhPu.js → ssh-config-wfp8-I37.js} +0 -0
- /package/dist/{supervisor-log.runtime-BdagMpUZ.js → supervisor-log.runtime-DYzbopV7.js} +0 -0
- /package/dist/{targets.runtime-BS4UWyk2.js → targets.runtime-1fn-rTlI.js} +0 -0
- /package/dist/{update-startup-D69inLEd.js → update-startup-DW61ftJW.js} +0 -0
package/dist/audit-CQJwJFWH.js
DELETED
|
@@ -1,939 +0,0 @@
|
|
|
1
|
-
import { a as normalizeLowercaseStringOrEmpty, s as normalizeOptionalLowercaseString } from "./string-coerce-DPP_aYVc.js";
|
|
2
|
-
import { t as formatCliCommand } from "./command-format-B3Q5KD9o.js";
|
|
3
|
-
import { _ as resolveStateDir, o as resolveConfigPath } from "./paths-Bv2rGpO9.js";
|
|
4
|
-
import { o as hasConfiguredSecretInput } from "./types.secrets-BbgGt42I.js";
|
|
5
|
-
import { n as formatPermissionRemediation, r as inspectPathPermissions, t as formatPermissionDetail } from "./audit-fs-CAyAtdeX.js";
|
|
6
|
-
import { n as resolveGatewayAuth } from "./auth-resolve-CcailHTH.js";
|
|
7
|
-
import { n as asNullableRecord } from "./record-coerce-CMKPGWB_.js";
|
|
8
|
-
import { t as DEFAULT_AGENT_ID } from "./session-key-CI3KvTQC.js";
|
|
9
|
-
import { i as normalizeTrustedSafeBinDirs, o as listRiskyConfiguredSafeBins } from "./exec-safe-bin-trust-DMrCONj2.js";
|
|
10
|
-
import { b as resolveAgentWorkspaceDir, x as resolveDefaultAgentId } from "./agent-scope-BUYwVohk.js";
|
|
11
|
-
import { i as resolveSandboxConfigForAgent } from "./config-DwJUHdf0.js";
|
|
12
|
-
import { u as isInterpreterLikeAllowlistPattern } from "./exec-approvals-allowlist-BBW7JMg0.js";
|
|
13
|
-
import { i as resolveMergedSafeBinProfileFixtures, n as listInterpreterLikeSafeBins } from "./exec-safe-bin-runtime-policy-DUcKpnC_.js";
|
|
14
|
-
import { l as loadExecApprovals } from "./exec-approvals-D0DTIzDT.js";
|
|
15
|
-
import { n as collectCoreInsecureOrDangerousFlags, t as collectEnabledInsecureOrDangerousFlags } from "./dangerous-config-flags-Drbk-drI.js";
|
|
16
|
-
import { t as DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "./dangerous-tools-DTsU-3_q.js";
|
|
17
|
-
import path from "node:path";
|
|
18
|
-
import { isIP } from "node:net";
|
|
19
|
-
//#region src/security/audit-deep-code-safety.ts
|
|
20
|
-
let auditDeepModulePromise;
|
|
21
|
-
async function loadAuditDeepModule() {
|
|
22
|
-
auditDeepModulePromise ??= import("./audit.deep.runtime-CXjulrWI.js");
|
|
23
|
-
return await auditDeepModulePromise;
|
|
24
|
-
}
|
|
25
|
-
async function collectDeepCodeSafetyFindings(params) {
|
|
26
|
-
if (!params.deep) return [];
|
|
27
|
-
const auditDeep = await loadAuditDeepModule();
|
|
28
|
-
return [...await auditDeep.collectPluginsCodeSafetyFindings({
|
|
29
|
-
stateDir: params.stateDir,
|
|
30
|
-
summaryCache: params.summaryCache
|
|
31
|
-
}), ...await auditDeep.collectInstalledSkillsCodeSafetyFindings({
|
|
32
|
-
cfg: params.cfg,
|
|
33
|
-
stateDir: params.stateDir,
|
|
34
|
-
summaryCache: params.summaryCache
|
|
35
|
-
})];
|
|
36
|
-
}
|
|
37
|
-
//#endregion
|
|
38
|
-
//#region src/security/audit-deep-probe-findings.ts
|
|
39
|
-
function collectDeepProbeFindings(params) {
|
|
40
|
-
const findings = [];
|
|
41
|
-
if (params.deep?.gateway?.attempted && !params.deep.gateway.ok) findings.push({
|
|
42
|
-
checkId: "gateway.probe_failed",
|
|
43
|
-
severity: "warn",
|
|
44
|
-
title: "Gateway probe failed (deep)",
|
|
45
|
-
detail: params.deep.gateway.error ?? "gateway unreachable",
|
|
46
|
-
remediation: `Run "${formatCliCommand("genesis status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("genesis security audit --deep")}".`
|
|
47
|
-
});
|
|
48
|
-
if (params.authWarning) findings.push({
|
|
49
|
-
checkId: "gateway.probe_auth_secretref_unavailable",
|
|
50
|
-
severity: "warn",
|
|
51
|
-
title: "Gateway probe auth SecretRef is unavailable",
|
|
52
|
-
detail: params.authWarning,
|
|
53
|
-
remediation: `Set GENESIS_GATEWAY_TOKEN/GENESIS_GATEWAY_PASSWORD in this shell or resolve the external secret provider, then re-run "${formatCliCommand("genesis security audit --deep")}".`
|
|
54
|
-
});
|
|
55
|
-
return findings;
|
|
56
|
-
}
|
|
57
|
-
//#endregion
|
|
58
|
-
//#region src/security/audit-gateway-config.ts
|
|
59
|
-
function hasNonEmptyString(value) {
|
|
60
|
-
return typeof value === "string" && value.trim().length > 0;
|
|
61
|
-
}
|
|
62
|
-
function collectGatewayConfigFindings$1(cfg, sourceConfig, env, options = {}) {
|
|
63
|
-
const findings = [];
|
|
64
|
-
const bind = typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback";
|
|
65
|
-
const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
|
|
66
|
-
const auth = resolveGatewayAuth({
|
|
67
|
-
authConfig: cfg.gateway?.auth,
|
|
68
|
-
tailscaleMode,
|
|
69
|
-
env
|
|
70
|
-
});
|
|
71
|
-
const controlUiEnabled = cfg.gateway?.controlUi?.enabled !== false;
|
|
72
|
-
const controlUiAllowedOrigins = (cfg.gateway?.controlUi?.allowedOrigins ?? []).map((value) => value.trim()).filter(Boolean);
|
|
73
|
-
const dangerouslyAllowHostHeaderOriginFallback = cfg.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true;
|
|
74
|
-
const trustedProxies = Array.isArray(cfg.gateway?.trustedProxies) ? cfg.gateway.trustedProxies : [];
|
|
75
|
-
const hasToken = typeof auth.token === "string" && auth.token.trim().length > 0;
|
|
76
|
-
const hasPassword = typeof auth.password === "string" && auth.password.trim().length > 0;
|
|
77
|
-
const envTokenConfigured = hasNonEmptyString(env.GENESIS_GATEWAY_TOKEN);
|
|
78
|
-
const envPasswordConfigured = hasNonEmptyString(env.GENESIS_GATEWAY_PASSWORD);
|
|
79
|
-
const tokenConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.token, sourceConfig.secrets?.defaults);
|
|
80
|
-
const passwordConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.password, sourceConfig.secrets?.defaults);
|
|
81
|
-
const remoteTokenConfigured = hasConfiguredSecretInput(sourceConfig.gateway?.remote?.token, sourceConfig.secrets?.defaults);
|
|
82
|
-
const explicitAuthMode = sourceConfig.gateway?.auth?.mode;
|
|
83
|
-
const tokenCanWin = hasToken || envTokenConfigured || tokenConfiguredFromConfig || remoteTokenConfigured;
|
|
84
|
-
const passwordCanWin = explicitAuthMode === "password" || explicitAuthMode !== "token" && explicitAuthMode !== "none" && explicitAuthMode !== "trusted-proxy" && !tokenCanWin;
|
|
85
|
-
const tokenConfigured = tokenCanWin;
|
|
86
|
-
const passwordConfigured = hasPassword || passwordCanWin && (envPasswordConfigured || passwordConfiguredFromConfig);
|
|
87
|
-
const hasSharedSecret = explicitAuthMode === "token" ? tokenConfigured : explicitAuthMode === "password" ? passwordConfigured : explicitAuthMode === "none" || explicitAuthMode === "trusted-proxy" ? false : tokenConfigured || passwordConfigured;
|
|
88
|
-
const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
|
|
89
|
-
const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
|
|
90
|
-
const allowRealIpFallback = cfg.gateway?.allowRealIpFallback === true;
|
|
91
|
-
const mdnsMode = cfg.discovery?.mdns?.mode ?? "minimal";
|
|
92
|
-
const gatewayToolsAllowRaw = Array.isArray(cfg.gateway?.tools?.allow) ? cfg.gateway?.tools?.allow : [];
|
|
93
|
-
const gatewayToolsAllow = new Set(gatewayToolsAllowRaw.map((v) => normalizeOptionalLowercaseString(v) ?? "").filter(Boolean));
|
|
94
|
-
const reenabledOverHttp = DEFAULT_GATEWAY_HTTP_TOOL_DENY.filter((name) => gatewayToolsAllow.has(name));
|
|
95
|
-
if (reenabledOverHttp.length > 0) {
|
|
96
|
-
const extraRisk = bind !== "loopback" || tailscaleMode === "funnel";
|
|
97
|
-
findings.push({
|
|
98
|
-
checkId: "gateway.tools_invoke_http.dangerous_allow",
|
|
99
|
-
severity: extraRisk ? "critical" : "warn",
|
|
100
|
-
title: "Gateway HTTP /tools/invoke re-enables dangerous tools",
|
|
101
|
-
detail: `gateway.tools.allow includes ${reenabledOverHttp.join(", ")} which removes them from the default HTTP deny list. This can allow remote session spawning / control-plane actions via HTTP and increases RCE blast radius if the gateway is reachable.`,
|
|
102
|
-
remediation: "Remove these entries from gateway.tools.allow (recommended). If you keep them enabled, keep gateway.bind loopback-only (or tailnet-only), restrict network exposure, and treat the gateway token/password as full-admin."
|
|
103
|
-
});
|
|
104
|
-
}
|
|
105
|
-
if (bind !== "loopback" && !hasSharedSecret && auth.mode !== "trusted-proxy") findings.push({
|
|
106
|
-
checkId: "gateway.bind_no_auth",
|
|
107
|
-
severity: "critical",
|
|
108
|
-
title: "Gateway binds beyond loopback without auth",
|
|
109
|
-
detail: `gateway.bind="${bind}" but no gateway.auth token/password is configured.`,
|
|
110
|
-
remediation: `Set gateway.auth (token recommended) or bind to loopback.`
|
|
111
|
-
});
|
|
112
|
-
if (bind === "loopback" && controlUiEnabled && trustedProxies.length === 0) findings.push({
|
|
113
|
-
checkId: "gateway.trusted_proxies_missing",
|
|
114
|
-
severity: "warn",
|
|
115
|
-
title: "Reverse proxy headers are not trusted",
|
|
116
|
-
detail: "gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.",
|
|
117
|
-
remediation: "Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only."
|
|
118
|
-
});
|
|
119
|
-
if (bind === "loopback" && controlUiEnabled && !hasGatewayAuth) findings.push({
|
|
120
|
-
checkId: "gateway.loopback_no_auth",
|
|
121
|
-
severity: "critical",
|
|
122
|
-
title: "Gateway auth missing on loopback",
|
|
123
|
-
detail: "gateway.bind is loopback but no gateway auth secret is configured. If the Control UI is exposed through a reverse proxy, unauthenticated access is possible.",
|
|
124
|
-
remediation: "Set gateway.auth (token recommended) or keep the Control UI local-only."
|
|
125
|
-
});
|
|
126
|
-
if (bind !== "loopback" && controlUiEnabled && controlUiAllowedOrigins.length === 0 && !dangerouslyAllowHostHeaderOriginFallback) findings.push({
|
|
127
|
-
checkId: "gateway.control_ui.allowed_origins_required",
|
|
128
|
-
severity: "critical",
|
|
129
|
-
title: "Non-loopback Control UI missing explicit allowed origins",
|
|
130
|
-
detail: "Control UI is enabled on a non-loopback bind but gateway.controlUi.allowedOrigins is empty. Strict origin policy requires explicit allowed origins for non-loopback deployments.",
|
|
131
|
-
remediation: "Set gateway.controlUi.allowedOrigins to full trusted origins (for example https://control.example.com). If your deployment intentionally relies on Host-header origin fallback, set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true."
|
|
132
|
-
});
|
|
133
|
-
if (controlUiAllowedOrigins.includes("*")) {
|
|
134
|
-
const exposed = bind !== "loopback";
|
|
135
|
-
findings.push({
|
|
136
|
-
checkId: "gateway.control_ui.allowed_origins_wildcard",
|
|
137
|
-
severity: exposed ? "critical" : "warn",
|
|
138
|
-
title: "Control UI allowed origins contains wildcard",
|
|
139
|
-
detail: "gateway.controlUi.allowedOrigins includes \"*\" which means allow any browser origin for Control UI/WebChat requests. This disables origin allowlisting and should be treated as an intentional allow-all policy.",
|
|
140
|
-
remediation: "Replace wildcard origins with explicit trusted origins (for example https://control.example.com). Do not use \"*\" outside tightly controlled local testing."
|
|
141
|
-
});
|
|
142
|
-
}
|
|
143
|
-
if (dangerouslyAllowHostHeaderOriginFallback) {
|
|
144
|
-
const exposed = bind !== "loopback";
|
|
145
|
-
findings.push({
|
|
146
|
-
checkId: "gateway.control_ui.host_header_origin_fallback",
|
|
147
|
-
severity: exposed ? "critical" : "warn",
|
|
148
|
-
title: "DANGEROUS: Host-header origin fallback enabled",
|
|
149
|
-
detail: "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true enables Host-header origin fallback for Control UI/WebChat websocket checks and weakens DNS rebinding protections.",
|
|
150
|
-
remediation: "Disable gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback and configure explicit gateway.controlUi.allowedOrigins."
|
|
151
|
-
});
|
|
152
|
-
}
|
|
153
|
-
if (allowRealIpFallback) {
|
|
154
|
-
const hasNonLoopbackTrustedProxy = trustedProxies.some((proxy) => !isStrictLoopbackTrustedProxyEntry(proxy));
|
|
155
|
-
const exposed = bind !== "loopback" || auth.mode === "trusted-proxy" && hasNonLoopbackTrustedProxy;
|
|
156
|
-
findings.push({
|
|
157
|
-
checkId: "gateway.real_ip_fallback_enabled",
|
|
158
|
-
severity: exposed ? "critical" : "warn",
|
|
159
|
-
title: "X-Real-IP fallback is enabled",
|
|
160
|
-
detail: "gateway.allowRealIpFallback=true trusts X-Real-IP when trusted proxies omit X-Forwarded-For. Misconfigured proxies that forward client-supplied X-Real-IP can spoof source IP and local-client checks.",
|
|
161
|
-
remediation: "Keep gateway.allowRealIpFallback=false (default). Only enable this when your trusted proxy always overwrites X-Real-IP and cannot provide X-Forwarded-For."
|
|
162
|
-
});
|
|
163
|
-
}
|
|
164
|
-
if (mdnsMode === "full") {
|
|
165
|
-
const exposed = bind !== "loopback";
|
|
166
|
-
findings.push({
|
|
167
|
-
checkId: "discovery.mdns_full_mode",
|
|
168
|
-
severity: exposed ? "critical" : "warn",
|
|
169
|
-
title: "mDNS full mode can leak host metadata",
|
|
170
|
-
detail: "discovery.mdns.mode=\"full\" publishes cliPath/sshPort in local-network TXT records. This can reveal usernames, filesystem layout, and management ports.",
|
|
171
|
-
remediation: "Prefer discovery.mdns.mode=\"minimal\" (recommended) or \"off\", especially when gateway.bind is not loopback."
|
|
172
|
-
});
|
|
173
|
-
}
|
|
174
|
-
if (tailscaleMode === "funnel") findings.push({
|
|
175
|
-
checkId: "gateway.tailscale_funnel",
|
|
176
|
-
severity: "critical",
|
|
177
|
-
title: "Tailscale Funnel exposure enabled",
|
|
178
|
-
detail: `gateway.tailscale.mode="funnel" exposes the Gateway publicly; keep auth strict and treat it as internet-facing.`,
|
|
179
|
-
remediation: `Prefer tailscale.mode="serve" (tailnet-only) or set tailscale.mode="off".`
|
|
180
|
-
});
|
|
181
|
-
else if (tailscaleMode === "serve") findings.push({
|
|
182
|
-
checkId: "gateway.tailscale_serve",
|
|
183
|
-
severity: "info",
|
|
184
|
-
title: "Tailscale Serve exposure enabled",
|
|
185
|
-
detail: `gateway.tailscale.mode="serve" exposes the Gateway to your tailnet (loopback behind Tailscale).`
|
|
186
|
-
});
|
|
187
|
-
if (cfg.gateway?.controlUi?.allowInsecureAuth === true) findings.push({
|
|
188
|
-
checkId: "gateway.control_ui.insecure_auth",
|
|
189
|
-
severity: "warn",
|
|
190
|
-
title: "Control UI insecure auth toggle enabled",
|
|
191
|
-
detail: "gateway.controlUi.allowInsecureAuth=true does not bypass secure context or device identity checks; only dangerouslyDisableDeviceAuth disables Control UI device identity checks.",
|
|
192
|
-
remediation: "Disable it or switch to HTTPS (Tailscale Serve) or localhost."
|
|
193
|
-
});
|
|
194
|
-
if (cfg.gateway?.controlUi?.dangerouslyDisableDeviceAuth === true) findings.push({
|
|
195
|
-
checkId: "gateway.control_ui.device_auth_disabled",
|
|
196
|
-
severity: "critical",
|
|
197
|
-
title: "DANGEROUS: Control UI device auth disabled",
|
|
198
|
-
detail: "gateway.controlUi.dangerouslyDisableDeviceAuth=true disables device identity checks for the Control UI.",
|
|
199
|
-
remediation: "Disable it unless you are in a short-lived break-glass scenario."
|
|
200
|
-
});
|
|
201
|
-
const enabledDangerousFlags = (options.collectDangerousConfigFlags ?? collectCoreInsecureOrDangerousFlags)(cfg);
|
|
202
|
-
if (enabledDangerousFlags.length > 0) findings.push({
|
|
203
|
-
checkId: "config.insecure_or_dangerous_flags",
|
|
204
|
-
severity: "warn",
|
|
205
|
-
title: "Insecure or dangerous config flags enabled",
|
|
206
|
-
detail: `Detected ${enabledDangerousFlags.length} enabled flag(s): ${enabledDangerousFlags.join(", ")}.`,
|
|
207
|
-
remediation: "Disable these flags when not actively debugging, or keep deployment scoped to trusted/local-only networks."
|
|
208
|
-
});
|
|
209
|
-
const token = typeof auth.token === "string" && auth.token.trim().length > 0 ? auth.token.trim() : null;
|
|
210
|
-
if (auth.mode === "token" && token && token.length < 24) findings.push({
|
|
211
|
-
checkId: "gateway.token_too_short",
|
|
212
|
-
severity: "warn",
|
|
213
|
-
title: "Gateway token looks short",
|
|
214
|
-
detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
|
|
215
|
-
});
|
|
216
|
-
if (auth.mode === "trusted-proxy") {
|
|
217
|
-
const trustedProxies = cfg.gateway?.trustedProxies ?? [];
|
|
218
|
-
const trustedProxyConfig = cfg.gateway?.auth?.trustedProxy;
|
|
219
|
-
findings.push({
|
|
220
|
-
checkId: "gateway.trusted_proxy_auth",
|
|
221
|
-
severity: "critical",
|
|
222
|
-
title: "Trusted-proxy auth mode enabled",
|
|
223
|
-
detail: "gateway.auth.mode=\"trusted-proxy\" delegates authentication to a reverse proxy. Ensure your proxy (Pomerium, Caddy, nginx) handles auth correctly and that gateway.trustedProxies only contains IPs of your actual proxy servers.",
|
|
224
|
-
remediation: "Verify: (1) Your proxy terminates TLS and authenticates users. (2) gateway.trustedProxies is restricted to proxy IPs only. (3) Direct access to the Gateway port is blocked by firewall. See /gateway/trusted-proxy-auth for setup guidance."
|
|
225
|
-
});
|
|
226
|
-
if (trustedProxies.length === 0) findings.push({
|
|
227
|
-
checkId: "gateway.trusted_proxy_no_proxies",
|
|
228
|
-
severity: "critical",
|
|
229
|
-
title: "Trusted-proxy auth enabled but no trusted proxies configured",
|
|
230
|
-
detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.trustedProxies is empty. All requests will be rejected.",
|
|
231
|
-
remediation: "Set gateway.trustedProxies to the IP(s) of your reverse proxy."
|
|
232
|
-
});
|
|
233
|
-
if (!trustedProxyConfig?.userHeader) findings.push({
|
|
234
|
-
checkId: "gateway.trusted_proxy_no_user_header",
|
|
235
|
-
severity: "critical",
|
|
236
|
-
title: "Trusted-proxy auth missing userHeader config",
|
|
237
|
-
detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.auth.trustedProxy.userHeader is not configured.",
|
|
238
|
-
remediation: "Set gateway.auth.trustedProxy.userHeader to the header name your proxy uses (e.g., \"x-forwarded-user\", \"x-pomerium-claim-email\")."
|
|
239
|
-
});
|
|
240
|
-
if ((trustedProxyConfig?.allowUsers ?? []).length === 0) findings.push({
|
|
241
|
-
checkId: "gateway.trusted_proxy_no_allowlist",
|
|
242
|
-
severity: "warn",
|
|
243
|
-
title: "Trusted-proxy auth allows all authenticated users",
|
|
244
|
-
detail: "gateway.auth.trustedProxy.allowUsers is empty, so any user authenticated by your proxy can access the Gateway.",
|
|
245
|
-
remediation: "Consider setting gateway.auth.trustedProxy.allowUsers to restrict access to specific users (e.g., [\"nick@example.com\"])."
|
|
246
|
-
});
|
|
247
|
-
}
|
|
248
|
-
if (bind !== "loopback" && auth.mode !== "trusted-proxy" && !cfg.gateway?.auth?.rateLimit) findings.push({
|
|
249
|
-
checkId: "gateway.auth_no_rate_limit",
|
|
250
|
-
severity: "warn",
|
|
251
|
-
title: "No auth rate limiting configured",
|
|
252
|
-
detail: "gateway.bind is not loopback but no gateway.auth.rateLimit is configured. Without rate limiting, brute-force auth attacks are not mitigated.",
|
|
253
|
-
remediation: "Set gateway.auth.rateLimit (e.g. { maxAttempts: 10, windowMs: 60000, lockoutMs: 300000 })."
|
|
254
|
-
});
|
|
255
|
-
return findings;
|
|
256
|
-
}
|
|
257
|
-
function isStrictLoopbackTrustedProxyEntry(entry) {
|
|
258
|
-
const candidate = entry.trim();
|
|
259
|
-
if (!candidate) return false;
|
|
260
|
-
if (!candidate.includes("/")) return candidate === "127.0.0.1" || candidate.toLowerCase() === "::1";
|
|
261
|
-
const [rawIp, rawPrefix] = candidate.split("/", 2);
|
|
262
|
-
if (!rawIp || !rawPrefix) return false;
|
|
263
|
-
const ipVersion = isIP(rawIp.trim());
|
|
264
|
-
const prefix = Number.parseInt(rawPrefix.trim(), 10);
|
|
265
|
-
if (!Number.isInteger(prefix)) return false;
|
|
266
|
-
if (ipVersion === 4) return rawIp.trim() === "127.0.0.1" && prefix === 32;
|
|
267
|
-
if (ipVersion === 6) return prefix === 128 && normalizeLowercaseStringOrEmpty(rawIp) === "::1";
|
|
268
|
-
return false;
|
|
269
|
-
}
|
|
270
|
-
//#endregion
|
|
271
|
-
//#region src/security/audit.ts
|
|
272
|
-
let channelPluginsModulePromise;
|
|
273
|
-
let auditNonDeepModulePromise;
|
|
274
|
-
let auditChannelModulePromise;
|
|
275
|
-
let pluginRegistryLoaderModulePromise;
|
|
276
|
-
let pluginMetadataRegistryLoaderModulePromise;
|
|
277
|
-
let pluginAutoEnableModulePromise;
|
|
278
|
-
let channelPluginIdsModulePromise;
|
|
279
|
-
let pluginRuntimeModulePromise;
|
|
280
|
-
let gatewayProbeDepsPromise;
|
|
281
|
-
async function loadChannelPlugins() {
|
|
282
|
-
channelPluginsModulePromise ??= import("./plugins-B7TKDMOk.js");
|
|
283
|
-
return await channelPluginsModulePromise;
|
|
284
|
-
}
|
|
285
|
-
async function loadAuditNonDeepModule() {
|
|
286
|
-
auditNonDeepModulePromise ??= import("./audit.nondeep.runtime-nu5XTu7N.js");
|
|
287
|
-
return await auditNonDeepModulePromise;
|
|
288
|
-
}
|
|
289
|
-
async function loadAuditChannelModule() {
|
|
290
|
-
auditChannelModulePromise ??= import("./audit-channel.collect.runtime-BAKyzn52.js");
|
|
291
|
-
return await auditChannelModulePromise;
|
|
292
|
-
}
|
|
293
|
-
async function loadPluginRegistryLoaderModule() {
|
|
294
|
-
pluginRegistryLoaderModulePromise ??= import("./runtime-registry-loader-DHX02F_x.js");
|
|
295
|
-
return await pluginRegistryLoaderModulePromise;
|
|
296
|
-
}
|
|
297
|
-
async function loadPluginMetadataRegistryLoaderModule() {
|
|
298
|
-
pluginMetadataRegistryLoaderModulePromise ??= import("./metadata-registry-loader-DoROdqpX.js");
|
|
299
|
-
return await pluginMetadataRegistryLoaderModulePromise;
|
|
300
|
-
}
|
|
301
|
-
async function loadPluginAutoEnableModule() {
|
|
302
|
-
pluginAutoEnableModulePromise ??= import("./plugin-auto-enable-DCg4los-.js");
|
|
303
|
-
return await pluginAutoEnableModulePromise;
|
|
304
|
-
}
|
|
305
|
-
async function loadChannelPluginIdsModule() {
|
|
306
|
-
channelPluginIdsModulePromise ??= import("./channel-plugin-ids-Cn9RIujJ.js");
|
|
307
|
-
return await channelPluginIdsModulePromise;
|
|
308
|
-
}
|
|
309
|
-
async function loadPluginRuntimeModule() {
|
|
310
|
-
pluginRuntimeModulePromise ??= import("./runtime-C8eBcrXm.js");
|
|
311
|
-
return await pluginRuntimeModulePromise;
|
|
312
|
-
}
|
|
313
|
-
async function loadGatewayProbeDeps() {
|
|
314
|
-
gatewayProbeDepsPromise ??= Promise.all([
|
|
315
|
-
import("./call-BxIEVH5N.js"),
|
|
316
|
-
import("./probe-auth-e_Wg1enf.js"),
|
|
317
|
-
import("./probe-DlY3dg7v.js")
|
|
318
|
-
]).then(([callModule, probeAuthModule, probeModule]) => ({
|
|
319
|
-
buildGatewayConnectionDetails: callModule.buildGatewayConnectionDetails,
|
|
320
|
-
resolveGatewayProbeAuthSafe: probeAuthModule.resolveGatewayProbeAuthSafe,
|
|
321
|
-
resolveGatewayProbeTarget: probeAuthModule.resolveGatewayProbeTarget,
|
|
322
|
-
probeGateway: probeModule.probeGateway
|
|
323
|
-
}));
|
|
324
|
-
return await gatewayProbeDepsPromise;
|
|
325
|
-
}
|
|
326
|
-
function countBySeverity(findings) {
|
|
327
|
-
let critical = 0;
|
|
328
|
-
let warn = 0;
|
|
329
|
-
let info = 0;
|
|
330
|
-
for (const f of findings) if (f.severity === "critical") critical += 1;
|
|
331
|
-
else if (f.severity === "warn") warn += 1;
|
|
332
|
-
else info += 1;
|
|
333
|
-
return {
|
|
334
|
-
critical,
|
|
335
|
-
warn,
|
|
336
|
-
info
|
|
337
|
-
};
|
|
338
|
-
}
|
|
339
|
-
function normalizeAllowFromList(list) {
|
|
340
|
-
if (!Array.isArray(list)) return [];
|
|
341
|
-
return list.map((v) => String(v).trim()).filter(Boolean);
|
|
342
|
-
}
|
|
343
|
-
async function collectFilesystemFindings(params) {
|
|
344
|
-
const findings = [];
|
|
345
|
-
const stateDirPerms = await inspectPathPermissions(params.stateDir, {
|
|
346
|
-
env: params.env,
|
|
347
|
-
platform: params.platform,
|
|
348
|
-
exec: params.execIcacls
|
|
349
|
-
});
|
|
350
|
-
if (stateDirPerms.ok) {
|
|
351
|
-
if (stateDirPerms.isSymlink) findings.push({
|
|
352
|
-
checkId: "fs.state_dir.symlink",
|
|
353
|
-
severity: "warn",
|
|
354
|
-
title: "State dir is a symlink",
|
|
355
|
-
detail: `${params.stateDir} is a symlink; treat this as an extra trust boundary.`
|
|
356
|
-
});
|
|
357
|
-
if (stateDirPerms.worldWritable) findings.push({
|
|
358
|
-
checkId: "fs.state_dir.perms_world_writable",
|
|
359
|
-
severity: "critical",
|
|
360
|
-
title: "State dir is world-writable",
|
|
361
|
-
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Genesis state.`,
|
|
362
|
-
remediation: formatPermissionRemediation({
|
|
363
|
-
targetPath: params.stateDir,
|
|
364
|
-
perms: stateDirPerms,
|
|
365
|
-
isDir: true,
|
|
366
|
-
posixMode: 448,
|
|
367
|
-
env: params.env
|
|
368
|
-
})
|
|
369
|
-
});
|
|
370
|
-
else if (stateDirPerms.groupWritable) findings.push({
|
|
371
|
-
checkId: "fs.state_dir.perms_group_writable",
|
|
372
|
-
severity: "warn",
|
|
373
|
-
title: "State dir is group-writable",
|
|
374
|
-
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Genesis state.`,
|
|
375
|
-
remediation: formatPermissionRemediation({
|
|
376
|
-
targetPath: params.stateDir,
|
|
377
|
-
perms: stateDirPerms,
|
|
378
|
-
isDir: true,
|
|
379
|
-
posixMode: 448,
|
|
380
|
-
env: params.env
|
|
381
|
-
})
|
|
382
|
-
});
|
|
383
|
-
else if (stateDirPerms.groupReadable || stateDirPerms.worldReadable) findings.push({
|
|
384
|
-
checkId: "fs.state_dir.perms_readable",
|
|
385
|
-
severity: "warn",
|
|
386
|
-
title: "State dir is readable by others",
|
|
387
|
-
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; consider restricting to 700.`,
|
|
388
|
-
remediation: formatPermissionRemediation({
|
|
389
|
-
targetPath: params.stateDir,
|
|
390
|
-
perms: stateDirPerms,
|
|
391
|
-
isDir: true,
|
|
392
|
-
posixMode: 448,
|
|
393
|
-
env: params.env
|
|
394
|
-
})
|
|
395
|
-
});
|
|
396
|
-
}
|
|
397
|
-
const configPerms = await inspectPathPermissions(params.configPath, {
|
|
398
|
-
env: params.env,
|
|
399
|
-
platform: params.platform,
|
|
400
|
-
exec: params.execIcacls
|
|
401
|
-
});
|
|
402
|
-
if (configPerms.ok) {
|
|
403
|
-
const skipReadablePermWarnings = configPerms.isSymlink;
|
|
404
|
-
if (configPerms.isSymlink) findings.push({
|
|
405
|
-
checkId: "fs.config.symlink",
|
|
406
|
-
severity: "warn",
|
|
407
|
-
title: "Config file is a symlink",
|
|
408
|
-
detail: `${params.configPath} is a symlink; make sure you trust its target.`
|
|
409
|
-
});
|
|
410
|
-
if (configPerms.worldWritable || configPerms.groupWritable) findings.push({
|
|
411
|
-
checkId: "fs.config.perms_writable",
|
|
412
|
-
severity: "critical",
|
|
413
|
-
title: "Config file is writable by others",
|
|
414
|
-
detail: `${formatPermissionDetail(params.configPath, configPerms)}; another user could change gateway/auth/tool policies.`,
|
|
415
|
-
remediation: formatPermissionRemediation({
|
|
416
|
-
targetPath: params.configPath,
|
|
417
|
-
perms: configPerms,
|
|
418
|
-
isDir: false,
|
|
419
|
-
posixMode: 384,
|
|
420
|
-
env: params.env
|
|
421
|
-
})
|
|
422
|
-
});
|
|
423
|
-
else if (!skipReadablePermWarnings && configPerms.worldReadable) findings.push({
|
|
424
|
-
checkId: "fs.config.perms_world_readable",
|
|
425
|
-
severity: "critical",
|
|
426
|
-
title: "Config file is world-readable",
|
|
427
|
-
detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
|
|
428
|
-
remediation: formatPermissionRemediation({
|
|
429
|
-
targetPath: params.configPath,
|
|
430
|
-
perms: configPerms,
|
|
431
|
-
isDir: false,
|
|
432
|
-
posixMode: 384,
|
|
433
|
-
env: params.env
|
|
434
|
-
})
|
|
435
|
-
});
|
|
436
|
-
else if (!skipReadablePermWarnings && configPerms.groupReadable) findings.push({
|
|
437
|
-
checkId: "fs.config.perms_group_readable",
|
|
438
|
-
severity: "warn",
|
|
439
|
-
title: "Config file is group-readable",
|
|
440
|
-
detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
|
|
441
|
-
remediation: formatPermissionRemediation({
|
|
442
|
-
targetPath: params.configPath,
|
|
443
|
-
perms: configPerms,
|
|
444
|
-
isDir: false,
|
|
445
|
-
posixMode: 384,
|
|
446
|
-
env: params.env
|
|
447
|
-
})
|
|
448
|
-
});
|
|
449
|
-
}
|
|
450
|
-
return findings;
|
|
451
|
-
}
|
|
452
|
-
function collectGatewayConfigFindings(cfg, sourceConfig, env) {
|
|
453
|
-
return collectGatewayConfigFindings$1(cfg, sourceConfig, env, { collectDangerousConfigFlags: collectEnabledInsecureOrDangerousFlags });
|
|
454
|
-
}
|
|
455
|
-
async function collectPluginSecurityAuditFindings(context) {
|
|
456
|
-
const { getActivePluginRegistry } = await loadPluginRuntimeModule();
|
|
457
|
-
let collectors = getActivePluginRegistry()?.securityAuditCollectors ?? [];
|
|
458
|
-
if (collectors.length === 0) {
|
|
459
|
-
const { applyPluginAutoEnable } = await loadPluginAutoEnableModule();
|
|
460
|
-
const autoEnabled = applyPluginAutoEnable({
|
|
461
|
-
config: context.sourceConfig,
|
|
462
|
-
env: context.env
|
|
463
|
-
});
|
|
464
|
-
const requestedPluginIds = /* @__PURE__ */ new Set();
|
|
465
|
-
for (const pluginId of Object.keys(autoEnabled.autoEnabledReasons)) {
|
|
466
|
-
const normalized = pluginId.trim();
|
|
467
|
-
if (normalized) requestedPluginIds.add(normalized);
|
|
468
|
-
}
|
|
469
|
-
for (const pluginId of autoEnabled.config.plugins?.allow ?? []) {
|
|
470
|
-
if (typeof pluginId !== "string") continue;
|
|
471
|
-
const normalized = pluginId.trim();
|
|
472
|
-
if (normalized) requestedPluginIds.add(normalized);
|
|
473
|
-
}
|
|
474
|
-
for (const [pluginId, entry] of Object.entries(autoEnabled.config.plugins?.entries ?? {})) {
|
|
475
|
-
if (entry?.enabled === false) continue;
|
|
476
|
-
const normalized = pluginId.trim();
|
|
477
|
-
if (normalized) requestedPluginIds.add(normalized);
|
|
478
|
-
}
|
|
479
|
-
if (context.includeChannelSecurity && context.plugins !== void 0) {
|
|
480
|
-
const { resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
|
|
481
|
-
const auditedChannelPluginIds = new Set(context.plugins.map((plugin) => plugin.id));
|
|
482
|
-
for (const pluginId of resolveConfiguredChannelPluginIds({
|
|
483
|
-
config: autoEnabled.config,
|
|
484
|
-
activationSourceConfig: context.sourceConfig,
|
|
485
|
-
workspaceDir: context.workspaceDir,
|
|
486
|
-
env: context.env
|
|
487
|
-
})) if (auditedChannelPluginIds.has(pluginId)) requestedPluginIds.delete(pluginId);
|
|
488
|
-
}
|
|
489
|
-
if (requestedPluginIds.size === 0) return [];
|
|
490
|
-
collectors = (await loadPluginMetadataRegistryLoaderModule()).loadPluginMetadataRegistrySnapshot({
|
|
491
|
-
config: autoEnabled.config,
|
|
492
|
-
activationSourceConfig: context.sourceConfig,
|
|
493
|
-
env: context.env,
|
|
494
|
-
workspaceDir: context.workspaceDir,
|
|
495
|
-
onlyPluginIds: [...requestedPluginIds]
|
|
496
|
-
}).securityAuditCollectors ?? [];
|
|
497
|
-
}
|
|
498
|
-
return (await Promise.all(collectors.map(async (entry) => {
|
|
499
|
-
try {
|
|
500
|
-
return await entry.collector({
|
|
501
|
-
config: context.cfg,
|
|
502
|
-
sourceConfig: context.sourceConfig,
|
|
503
|
-
env: context.env,
|
|
504
|
-
stateDir: context.stateDir,
|
|
505
|
-
configPath: context.configPath
|
|
506
|
-
});
|
|
507
|
-
} catch (err) {
|
|
508
|
-
return [{
|
|
509
|
-
checkId: `plugins.${entry.pluginId}.security_audit_failed`,
|
|
510
|
-
severity: "warn",
|
|
511
|
-
title: "Plugin security audit collector failed",
|
|
512
|
-
detail: `${entry.pluginId}: ${String(err)}`
|
|
513
|
-
}];
|
|
514
|
-
}
|
|
515
|
-
}))).flat();
|
|
516
|
-
}
|
|
517
|
-
function collectLoggingFindings(cfg) {
|
|
518
|
-
if (cfg.logging?.redactSensitive !== "off") return [];
|
|
519
|
-
return [{
|
|
520
|
-
checkId: "logging.redact_off",
|
|
521
|
-
severity: "warn",
|
|
522
|
-
title: "Tool summary redaction is disabled",
|
|
523
|
-
detail: `logging.redactSensitive="off" can leak secrets into logs and status output.`,
|
|
524
|
-
remediation: `Set logging.redactSensitive="tools".`
|
|
525
|
-
}];
|
|
526
|
-
}
|
|
527
|
-
function collectElevatedFindings(cfg) {
|
|
528
|
-
const findings = [];
|
|
529
|
-
const enabled = cfg.tools?.elevated?.enabled;
|
|
530
|
-
const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
|
|
531
|
-
const anyAllowFromKeys = Object.keys(allowFrom).length > 0;
|
|
532
|
-
if (enabled === false) return findings;
|
|
533
|
-
if (!anyAllowFromKeys) return findings;
|
|
534
|
-
for (const [provider, list] of Object.entries(allowFrom)) {
|
|
535
|
-
const normalized = normalizeAllowFromList(list);
|
|
536
|
-
if (normalized.includes("*")) findings.push({
|
|
537
|
-
checkId: `tools.elevated.allowFrom.${provider}.wildcard`,
|
|
538
|
-
severity: "critical",
|
|
539
|
-
title: "Elevated exec allowlist contains wildcard",
|
|
540
|
-
detail: `tools.elevated.allowFrom.${provider} includes "*" which effectively approves everyone on that channel for elevated mode.`
|
|
541
|
-
});
|
|
542
|
-
else if (normalized.length > 25) findings.push({
|
|
543
|
-
checkId: `tools.elevated.allowFrom.${provider}.large`,
|
|
544
|
-
severity: "warn",
|
|
545
|
-
title: "Elevated exec allowlist is large",
|
|
546
|
-
detail: `tools.elevated.allowFrom.${provider} has ${normalized.length} entries; consider tightening elevated access.`
|
|
547
|
-
});
|
|
548
|
-
}
|
|
549
|
-
return findings;
|
|
550
|
-
}
|
|
551
|
-
function collectExecRuntimeFindings(cfg) {
|
|
552
|
-
const findings = [];
|
|
553
|
-
const globalExecHost = cfg.tools?.exec?.host;
|
|
554
|
-
const globalStrictInlineEval = cfg.tools?.exec?.strictInlineEval === true;
|
|
555
|
-
const defaultSandboxMode = resolveSandboxConfigForAgent(cfg).mode;
|
|
556
|
-
const defaultHostIsExplicitSandbox = globalExecHost === "sandbox";
|
|
557
|
-
const approvals = loadExecApprovals();
|
|
558
|
-
if (defaultHostIsExplicitSandbox && defaultSandboxMode === "off") findings.push({
|
|
559
|
-
checkId: "tools.exec.host_sandbox_no_sandbox_defaults",
|
|
560
|
-
severity: "warn",
|
|
561
|
-
title: "Exec host is sandbox but sandbox mode is off",
|
|
562
|
-
detail: "tools.exec.host is explicitly set to sandbox while agents.defaults.sandbox.mode=off. In this mode, exec fails closed because no sandbox runtime is available.",
|
|
563
|
-
remediation: "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) or set tools.exec.host to \"gateway\" with approvals."
|
|
564
|
-
});
|
|
565
|
-
const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : [];
|
|
566
|
-
const riskyAgents = agents.filter((entry) => entry && typeof entry === "object" && typeof entry.id === "string" && entry.tools?.exec?.host === "sandbox" && resolveSandboxConfigForAgent(cfg, entry.id).mode === "off").map((entry) => entry.id).slice(0, 5);
|
|
567
|
-
if (riskyAgents.length > 0) findings.push({
|
|
568
|
-
checkId: "tools.exec.host_sandbox_no_sandbox_agents",
|
|
569
|
-
severity: "warn",
|
|
570
|
-
title: "Agent exec host uses sandbox while sandbox mode is off",
|
|
571
|
-
detail: `agents.list.*.tools.exec.host is set to sandbox for: ${riskyAgents.join(", ")}. With sandbox mode off, exec fails closed for those agents.`,
|
|
572
|
-
remediation: "Enable sandbox mode for these agents (`agents.list[].sandbox.mode`) or set their tools.exec.host to \"gateway\"."
|
|
573
|
-
});
|
|
574
|
-
const effectiveExecScopes = Array.from(new Map([{
|
|
575
|
-
id: DEFAULT_AGENT_ID,
|
|
576
|
-
security: cfg.tools?.exec?.security ?? "deny",
|
|
577
|
-
host: cfg.tools?.exec?.host ?? "auto"
|
|
578
|
-
}, ...agents.filter((entry) => Boolean(entry) && typeof entry === "object" && typeof entry.id === "string").map((entry) => ({
|
|
579
|
-
id: entry.id,
|
|
580
|
-
security: entry.tools?.exec?.security ?? cfg.tools?.exec?.security ?? "deny",
|
|
581
|
-
host: entry.tools?.exec?.host ?? cfg.tools?.exec?.host ?? "auto"
|
|
582
|
-
}))].map((entry) => [entry.id, entry])).values());
|
|
583
|
-
const fullExecScopes = effectiveExecScopes.filter((entry) => entry.security === "full");
|
|
584
|
-
const execEnabledScopes = effectiveExecScopes.filter((entry) => entry.security !== "deny");
|
|
585
|
-
const openExecSurfacePaths = collectOpenExecSurfacePaths(cfg);
|
|
586
|
-
if (fullExecScopes.length > 0) findings.push({
|
|
587
|
-
checkId: "tools.exec.security_full_configured",
|
|
588
|
-
severity: openExecSurfacePaths.length > 0 ? "critical" : "warn",
|
|
589
|
-
title: "Exec security=full is configured",
|
|
590
|
-
detail: `Full exec trust is enabled for: ${fullExecScopes.map((entry) => entry.id).join(", ")}.` + (openExecSurfacePaths.length > 0 ? ` Open channel access was also detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}` : ""),
|
|
591
|
-
remediation: "Prefer tools.exec.security=\"allowlist\" with ask prompts, and reserve \"full\" for tightly scoped break-glass agents only."
|
|
592
|
-
});
|
|
593
|
-
if (openExecSurfacePaths.length > 0 && execEnabledScopes.length > 0) findings.push({
|
|
594
|
-
checkId: "security.exposure.open_channels_with_exec",
|
|
595
|
-
severity: fullExecScopes.length > 0 ? "critical" : "warn",
|
|
596
|
-
title: "Open channels can reach exec-enabled agents",
|
|
597
|
-
detail: `Open DM/group access detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}\nExec-enabled scopes:\n${execEnabledScopes.map((entry) => `- ${entry.id}: security=${entry.security}, host=${entry.host}`).join("\n")}`,
|
|
598
|
-
remediation: "Tighten dmPolicy/groupPolicy to pairing or allowlist, or disable exec for agents reachable from shared/public channels."
|
|
599
|
-
});
|
|
600
|
-
const autoAllowSkillsHits = collectAutoAllowSkillsHits(approvals);
|
|
601
|
-
if (autoAllowSkillsHits.length > 0) findings.push({
|
|
602
|
-
checkId: "tools.exec.auto_allow_skills_enabled",
|
|
603
|
-
severity: "warn",
|
|
604
|
-
title: "autoAllowSkills is enabled for exec approvals",
|
|
605
|
-
detail: `Implicit skill-bin allowlisting is enabled at:\n${autoAllowSkillsHits.map((entry) => `- ${entry}`).join("\n")}\nThis widens host exec trust beyond explicit manual allowlist entries.`,
|
|
606
|
-
remediation: "Disable autoAllowSkills in exec approvals and keep manual allowlists tight when you need explicit host-exec trust."
|
|
607
|
-
});
|
|
608
|
-
const interpreterAllowlistHits = collectInterpreterAllowlistHits({
|
|
609
|
-
approvals,
|
|
610
|
-
strictInlineEvalForAgentId: (agentId) => {
|
|
611
|
-
if (!agentId || agentId === "*" || agentId === "main") return globalStrictInlineEval;
|
|
612
|
-
return agents.find((entry) => entry?.id === agentId)?.tools?.exec?.strictInlineEval === true || globalStrictInlineEval;
|
|
613
|
-
}
|
|
614
|
-
});
|
|
615
|
-
if (interpreterAllowlistHits.length > 0) findings.push({
|
|
616
|
-
checkId: "tools.exec.allowlist_interpreter_without_strict_inline_eval",
|
|
617
|
-
severity: "warn",
|
|
618
|
-
title: "Interpreter allowlist entries are missing strictInlineEval hardening",
|
|
619
|
-
detail: `Interpreter/runtime allowlist entries were found without strictInlineEval enabled:\n${interpreterAllowlistHits.map((entry) => `- ${entry}`).join("\n")}`,
|
|
620
|
-
remediation: "Set tools.exec.strictInlineEval=true (or per-agent tools.exec.strictInlineEval=true) when allowlisting interpreters like python, node, ruby, perl, php, lua, or osascript."
|
|
621
|
-
});
|
|
622
|
-
const normalizeConfiguredSafeBins = (entries) => {
|
|
623
|
-
if (!Array.isArray(entries)) return [];
|
|
624
|
-
return Array.from(new Set(entries.map((entry) => normalizeOptionalLowercaseString(entry) ?? "").filter((entry) => entry.length > 0))).toSorted();
|
|
625
|
-
};
|
|
626
|
-
const normalizeConfiguredTrustedDirs = (entries) => {
|
|
627
|
-
if (!Array.isArray(entries)) return [];
|
|
628
|
-
return normalizeTrustedSafeBinDirs(entries.filter((entry) => typeof entry === "string"));
|
|
629
|
-
};
|
|
630
|
-
const classifyRiskySafeBinTrustedDir = (entry) => {
|
|
631
|
-
const raw = entry.trim();
|
|
632
|
-
if (!raw) return null;
|
|
633
|
-
if (!path.isAbsolute(raw)) return "relative path (trust boundary depends on process cwd)";
|
|
634
|
-
const normalized = path.resolve(raw).replace(/\\/g, "/").toLowerCase();
|
|
635
|
-
if (normalized === "/tmp" || normalized.startsWith("/tmp/") || normalized === "/var/tmp" || normalized.startsWith("/var/tmp/") || normalized === "/private/tmp" || normalized.startsWith("/private/tmp/")) return "temporary directory is mutable and easy to poison";
|
|
636
|
-
if (normalized === "/usr/local/bin" || normalized === "/opt/homebrew/bin" || normalized === "/opt/local/bin" || normalized === "/home/linuxbrew/.linuxbrew/bin") return "package-manager bin directory (often user-writable)";
|
|
637
|
-
if (normalized.startsWith("/users/") || normalized.startsWith("/home/") || normalized.includes("/.local/bin")) return "home-scoped bin directory (typically user-writable)";
|
|
638
|
-
if (/^[a-z]:\/users\//.test(normalized)) return "home-scoped bin directory (typically user-writable)";
|
|
639
|
-
return null;
|
|
640
|
-
};
|
|
641
|
-
const globalExec = cfg.tools?.exec;
|
|
642
|
-
const riskyTrustedDirHits = [];
|
|
643
|
-
const collectRiskyTrustedDirHits = (scopePath, entries) => {
|
|
644
|
-
for (const entry of normalizeConfiguredTrustedDirs(entries)) {
|
|
645
|
-
const reason = classifyRiskySafeBinTrustedDir(entry);
|
|
646
|
-
if (!reason) continue;
|
|
647
|
-
riskyTrustedDirHits.push(`- ${scopePath}.safeBinTrustedDirs: ${entry} (${reason})`);
|
|
648
|
-
}
|
|
649
|
-
};
|
|
650
|
-
collectRiskyTrustedDirHits("tools.exec", globalExec?.safeBinTrustedDirs);
|
|
651
|
-
for (const entry of agents) {
|
|
652
|
-
if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
|
|
653
|
-
collectRiskyTrustedDirHits(`agents.list.${entry.id}.tools.exec`, entry.tools?.exec?.safeBinTrustedDirs);
|
|
654
|
-
}
|
|
655
|
-
const interpreterHits = [];
|
|
656
|
-
const riskySemanticSafeBinHits = [];
|
|
657
|
-
const globalSafeBins = normalizeConfiguredSafeBins(globalExec?.safeBins);
|
|
658
|
-
if (globalSafeBins.length > 0) {
|
|
659
|
-
const merged = resolveMergedSafeBinProfileFixtures({ global: globalExec }) ?? {};
|
|
660
|
-
const interpreters = listInterpreterLikeSafeBins(globalSafeBins).filter((bin) => !merged[bin]);
|
|
661
|
-
if (interpreters.length > 0) interpreterHits.push(`- tools.exec.safeBins: ${interpreters.join(", ")}`);
|
|
662
|
-
for (const hit of listRiskyConfiguredSafeBins(globalSafeBins)) riskySemanticSafeBinHits.push(`- tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
|
|
663
|
-
}
|
|
664
|
-
for (const entry of agents) {
|
|
665
|
-
if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
|
|
666
|
-
const agentExec = entry.tools?.exec;
|
|
667
|
-
const agentSafeBins = normalizeConfiguredSafeBins(agentExec?.safeBins);
|
|
668
|
-
if (agentSafeBins.length === 0) continue;
|
|
669
|
-
const merged = resolveMergedSafeBinProfileFixtures({
|
|
670
|
-
global: globalExec,
|
|
671
|
-
local: agentExec
|
|
672
|
-
}) ?? {};
|
|
673
|
-
const interpreters = listInterpreterLikeSafeBins(agentSafeBins).filter((bin) => !merged[bin]);
|
|
674
|
-
if (interpreters.length === 0) {
|
|
675
|
-
for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
|
|
676
|
-
continue;
|
|
677
|
-
}
|
|
678
|
-
interpreterHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${interpreters.join(", ")}`);
|
|
679
|
-
for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
|
|
680
|
-
}
|
|
681
|
-
if (interpreterHits.length > 0) findings.push({
|
|
682
|
-
checkId: "tools.exec.safe_bins_interpreter_unprofiled",
|
|
683
|
-
severity: "warn",
|
|
684
|
-
title: "safeBins includes interpreter/runtime binaries without explicit profiles",
|
|
685
|
-
detail: `Detected interpreter-like safeBins entries missing explicit profiles:\n${interpreterHits.join("\n")}\nThese entries can turn safeBins into a broad execution surface when used with permissive argv profiles.`,
|
|
686
|
-
remediation: "Remove interpreter/runtime bins from safeBins (prefer allowlist entries) or define hardened tools.exec.safeBinProfiles.<bin> rules."
|
|
687
|
-
});
|
|
688
|
-
if (riskySemanticSafeBinHits.length > 0) findings.push({
|
|
689
|
-
checkId: "tools.exec.safe_bins_broad_behavior",
|
|
690
|
-
severity: "warn",
|
|
691
|
-
title: "safeBins includes binaries with broader semantics than low-risk stream filters",
|
|
692
|
-
detail: `Detected risky safeBins entries:\n${riskySemanticSafeBinHits.join("\n")}\nThese tools expose semantics that do not fit the low-risk stdin-filter fast path.`,
|
|
693
|
-
remediation: "Remove these binaries from safeBins and prefer explicit allowlist entries or approval-gated execution."
|
|
694
|
-
});
|
|
695
|
-
if (riskyTrustedDirHits.length > 0) findings.push({
|
|
696
|
-
checkId: "tools.exec.safe_bin_trusted_dirs_risky",
|
|
697
|
-
severity: "warn",
|
|
698
|
-
title: "safeBinTrustedDirs includes risky mutable directories",
|
|
699
|
-
detail: `Detected risky safeBinTrustedDirs entries:\n${riskyTrustedDirHits.slice(0, 10).join("\n")}` + (riskyTrustedDirHits.length > 10 ? `\n- +${riskyTrustedDirHits.length - 10} more entries.` : ""),
|
|
700
|
-
remediation: "Prefer root-owned immutable bins, keep default trust dirs (/bin, /usr/bin), and avoid trusting temporary/home/package-manager paths unless tightly controlled."
|
|
701
|
-
});
|
|
702
|
-
return findings;
|
|
703
|
-
}
|
|
704
|
-
function collectOpenExecSurfacePaths(cfg) {
|
|
705
|
-
const channels = asNullableRecord(cfg.channels);
|
|
706
|
-
if (!channels) return [];
|
|
707
|
-
const hits = /* @__PURE__ */ new Set();
|
|
708
|
-
const seen = /* @__PURE__ */ new WeakSet();
|
|
709
|
-
const visit = (value, scope) => {
|
|
710
|
-
const record = asNullableRecord(value);
|
|
711
|
-
if (!record || seen.has(record)) return;
|
|
712
|
-
seen.add(record);
|
|
713
|
-
if (record.groupPolicy === "open") hits.add(`${scope}.groupPolicy`);
|
|
714
|
-
if (record.dmPolicy === "open") hits.add(`${scope}.dmPolicy`);
|
|
715
|
-
for (const [key, nested] of Object.entries(record)) {
|
|
716
|
-
if (key === "groups" || key === "accounts" || key === "dms") {
|
|
717
|
-
visit(nested, `${scope}.${key}`);
|
|
718
|
-
continue;
|
|
719
|
-
}
|
|
720
|
-
if (asNullableRecord(nested)) visit(nested, `${scope}.${key}`);
|
|
721
|
-
}
|
|
722
|
-
};
|
|
723
|
-
for (const [channelId, channelValue] of Object.entries(channels)) visit(channelValue, `channels.${channelId}`);
|
|
724
|
-
return Array.from(hits).toSorted();
|
|
725
|
-
}
|
|
726
|
-
function collectAutoAllowSkillsHits(approvals) {
|
|
727
|
-
const hits = [];
|
|
728
|
-
if (approvals.defaults?.autoAllowSkills === true) hits.push("defaults.autoAllowSkills");
|
|
729
|
-
for (const [agentId, agent] of Object.entries(approvals.agents ?? {})) if (agent?.autoAllowSkills === true) hits.push(`agents.${agentId}.autoAllowSkills`);
|
|
730
|
-
return hits;
|
|
731
|
-
}
|
|
732
|
-
function collectInterpreterAllowlistHits(params) {
|
|
733
|
-
const hits = [];
|
|
734
|
-
for (const [agentId, agent] of Object.entries(params.approvals.agents ?? {})) {
|
|
735
|
-
if (!agent || params.strictInlineEvalForAgentId(agentId)) continue;
|
|
736
|
-
for (const entry of agent.allowlist ?? []) {
|
|
737
|
-
if (!isInterpreterLikeAllowlistPattern(entry.pattern)) continue;
|
|
738
|
-
hits.push(`agents.${agentId}.allowlist: ${entry.pattern}`);
|
|
739
|
-
}
|
|
740
|
-
}
|
|
741
|
-
return hits;
|
|
742
|
-
}
|
|
743
|
-
async function maybeProbeGateway(params) {
|
|
744
|
-
const { buildGatewayConnectionDetails, resolveGatewayProbeAuthSafe, resolveGatewayProbeTarget } = await loadGatewayProbeDeps();
|
|
745
|
-
const url = buildGatewayConnectionDetails({ config: params.cfg }).url;
|
|
746
|
-
const probeTarget = resolveGatewayProbeTarget(params.cfg);
|
|
747
|
-
const authResolution = resolveGatewayProbeAuthSafe({
|
|
748
|
-
cfg: params.cfg,
|
|
749
|
-
env: params.env,
|
|
750
|
-
mode: probeTarget.mode,
|
|
751
|
-
explicitAuth: params.explicitAuth
|
|
752
|
-
});
|
|
753
|
-
const res = await params.probe({
|
|
754
|
-
url,
|
|
755
|
-
auth: authResolution.auth,
|
|
756
|
-
timeoutMs: params.timeoutMs
|
|
757
|
-
}).catch((err) => ({
|
|
758
|
-
ok: false,
|
|
759
|
-
url,
|
|
760
|
-
connectLatencyMs: null,
|
|
761
|
-
error: String(err),
|
|
762
|
-
close: null,
|
|
763
|
-
health: null,
|
|
764
|
-
status: null,
|
|
765
|
-
presence: null,
|
|
766
|
-
configSnapshot: null
|
|
767
|
-
}));
|
|
768
|
-
if (authResolution.warning && !res.ok) res.error = res.error ? `${res.error}; ${authResolution.warning}` : authResolution.warning;
|
|
769
|
-
return {
|
|
770
|
-
deep: { gateway: {
|
|
771
|
-
attempted: true,
|
|
772
|
-
url,
|
|
773
|
-
ok: res.ok,
|
|
774
|
-
error: res.ok ? null : res.error,
|
|
775
|
-
close: res.close ? {
|
|
776
|
-
code: res.close.code,
|
|
777
|
-
reason: res.close.reason
|
|
778
|
-
} : null
|
|
779
|
-
} },
|
|
780
|
-
authWarning: authResolution.warning
|
|
781
|
-
};
|
|
782
|
-
}
|
|
783
|
-
async function createAuditExecutionContext(opts) {
|
|
784
|
-
const cfg = opts.config;
|
|
785
|
-
const sourceConfig = opts.sourceConfig ?? opts.config;
|
|
786
|
-
const env = opts.env ?? process.env;
|
|
787
|
-
const platform = opts.platform ?? process.platform;
|
|
788
|
-
const includeFilesystem = opts.includeFilesystem !== false;
|
|
789
|
-
const includeChannelSecurity = opts.includeChannelSecurity !== false;
|
|
790
|
-
const deep = opts.deep === true;
|
|
791
|
-
const deepTimeoutMs = Math.max(250, opts.deepTimeoutMs ?? 5e3);
|
|
792
|
-
const stateDir = opts.stateDir ?? resolveStateDir(env);
|
|
793
|
-
const configPath = opts.configPath ?? resolveConfigPath(env, stateDir);
|
|
794
|
-
const workspaceDir = opts.workspaceDir ?? resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg));
|
|
795
|
-
const { readConfigSnapshotForAudit } = await loadAuditNonDeepModule();
|
|
796
|
-
const configSnapshot = includeFilesystem ? opts.configSnapshot !== void 0 ? opts.configSnapshot : await readConfigSnapshotForAudit({
|
|
797
|
-
env,
|
|
798
|
-
configPath
|
|
799
|
-
}).catch(() => null) : null;
|
|
800
|
-
return {
|
|
801
|
-
cfg,
|
|
802
|
-
sourceConfig,
|
|
803
|
-
env,
|
|
804
|
-
platform,
|
|
805
|
-
includeFilesystem,
|
|
806
|
-
includeChannelSecurity,
|
|
807
|
-
deep,
|
|
808
|
-
deepTimeoutMs,
|
|
809
|
-
stateDir,
|
|
810
|
-
configPath,
|
|
811
|
-
execIcacls: opts.execIcacls,
|
|
812
|
-
execDockerRawFn: opts.execDockerRawFn,
|
|
813
|
-
probeGatewayFn: opts.probeGatewayFn,
|
|
814
|
-
plugins: opts.plugins,
|
|
815
|
-
workspaceDir,
|
|
816
|
-
configSnapshot,
|
|
817
|
-
codeSafetySummaryCache: opts.codeSafetySummaryCache ?? /* @__PURE__ */ new Map(),
|
|
818
|
-
deepProbeAuth: opts.deepProbeAuth
|
|
819
|
-
};
|
|
820
|
-
}
|
|
821
|
-
async function runSecurityAudit(opts) {
|
|
822
|
-
const findings = [];
|
|
823
|
-
const context = await createAuditExecutionContext(opts);
|
|
824
|
-
const { cfg, env, platform, stateDir, configPath } = context;
|
|
825
|
-
const auditNonDeep = await loadAuditNonDeepModule();
|
|
826
|
-
findings.push(...auditNonDeep.collectAttackSurfaceSummaryFindings(cfg));
|
|
827
|
-
findings.push(...auditNonDeep.collectSyncedFolderFindings({
|
|
828
|
-
stateDir,
|
|
829
|
-
configPath
|
|
830
|
-
}));
|
|
831
|
-
findings.push(...collectGatewayConfigFindings(cfg, context.sourceConfig, env));
|
|
832
|
-
findings.push(...await collectPluginSecurityAuditFindings(context));
|
|
833
|
-
findings.push(...collectLoggingFindings(cfg));
|
|
834
|
-
findings.push(...collectElevatedFindings(cfg));
|
|
835
|
-
findings.push(...collectExecRuntimeFindings(cfg));
|
|
836
|
-
findings.push(...auditNonDeep.collectHooksHardeningFindings(cfg, env));
|
|
837
|
-
findings.push(...auditNonDeep.collectGatewayHttpNoAuthFindings(cfg, env));
|
|
838
|
-
findings.push(...auditNonDeep.collectGatewayHttpSessionKeyOverrideFindings(cfg));
|
|
839
|
-
findings.push(...auditNonDeep.collectSandboxDockerNoopFindings(cfg));
|
|
840
|
-
findings.push(...auditNonDeep.collectSandboxDangerousConfigFindings(cfg));
|
|
841
|
-
findings.push(...auditNonDeep.collectNodeDenyCommandPatternFindings(cfg));
|
|
842
|
-
findings.push(...auditNonDeep.collectNodeDangerousAllowCommandFindings(cfg));
|
|
843
|
-
findings.push(...auditNonDeep.collectMinimalProfileOverrideFindings(cfg));
|
|
844
|
-
findings.push(...auditNonDeep.collectSecretsInConfigFindings(cfg));
|
|
845
|
-
findings.push(...auditNonDeep.collectModelHygieneFindings(cfg));
|
|
846
|
-
findings.push(...auditNonDeep.collectSmallModelRiskFindings({
|
|
847
|
-
cfg,
|
|
848
|
-
env
|
|
849
|
-
}));
|
|
850
|
-
findings.push(...auditNonDeep.collectExposureMatrixFindings(cfg));
|
|
851
|
-
findings.push(...auditNonDeep.collectLikelyMultiUserSetupFindings(cfg));
|
|
852
|
-
if (context.includeFilesystem) {
|
|
853
|
-
findings.push(...await collectFilesystemFindings({
|
|
854
|
-
stateDir,
|
|
855
|
-
configPath,
|
|
856
|
-
env,
|
|
857
|
-
platform,
|
|
858
|
-
execIcacls: context.execIcacls
|
|
859
|
-
}));
|
|
860
|
-
if (context.configSnapshot) findings.push(...await auditNonDeep.collectIncludeFilePermFindings({
|
|
861
|
-
configSnapshot: context.configSnapshot,
|
|
862
|
-
env,
|
|
863
|
-
platform,
|
|
864
|
-
execIcacls: context.execIcacls
|
|
865
|
-
}));
|
|
866
|
-
findings.push(...await auditNonDeep.collectStateDeepFilesystemFindings({
|
|
867
|
-
cfg,
|
|
868
|
-
env,
|
|
869
|
-
stateDir,
|
|
870
|
-
platform,
|
|
871
|
-
execIcacls: context.execIcacls
|
|
872
|
-
}));
|
|
873
|
-
findings.push(...await auditNonDeep.collectWorkspaceSkillSymlinkEscapeFindings({ cfg }));
|
|
874
|
-
findings.push(...await auditNonDeep.collectSandboxBrowserHashLabelFindings({ execDockerRawFn: context.execDockerRawFn }));
|
|
875
|
-
findings.push(...await auditNonDeep.collectPluginsTrustFindings({
|
|
876
|
-
cfg,
|
|
877
|
-
stateDir
|
|
878
|
-
}));
|
|
879
|
-
findings.push(...await collectDeepCodeSafetyFindings({
|
|
880
|
-
cfg,
|
|
881
|
-
stateDir,
|
|
882
|
-
deep: context.deep,
|
|
883
|
-
summaryCache: context.codeSafetySummaryCache
|
|
884
|
-
}));
|
|
885
|
-
}
|
|
886
|
-
let shouldAuditChannelSecurity = false;
|
|
887
|
-
if (context.includeChannelSecurity) if (context.plugins !== void 0) shouldAuditChannelSecurity = true;
|
|
888
|
-
else {
|
|
889
|
-
const { hasConfiguredChannelsForReadOnlyScope, resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
|
|
890
|
-
shouldAuditChannelSecurity = hasConfiguredChannelsForReadOnlyScope({
|
|
891
|
-
config: cfg,
|
|
892
|
-
activationSourceConfig: context.sourceConfig,
|
|
893
|
-
workspaceDir: context.workspaceDir,
|
|
894
|
-
env
|
|
895
|
-
}) || resolveConfiguredChannelPluginIds({
|
|
896
|
-
config: cfg,
|
|
897
|
-
activationSourceConfig: context.sourceConfig,
|
|
898
|
-
workspaceDir: context.workspaceDir,
|
|
899
|
-
env
|
|
900
|
-
}).length > 0;
|
|
901
|
-
}
|
|
902
|
-
if (shouldAuditChannelSecurity) {
|
|
903
|
-
if (context.plugins === void 0) (await loadPluginRegistryLoaderModule()).ensurePluginRegistryLoaded({
|
|
904
|
-
scope: "configured-channels",
|
|
905
|
-
config: cfg,
|
|
906
|
-
activationSourceConfig: context.sourceConfig,
|
|
907
|
-
workspaceDir: context.workspaceDir,
|
|
908
|
-
env
|
|
909
|
-
});
|
|
910
|
-
const channelPlugins = context.plugins ?? (await loadChannelPlugins()).listChannelPlugins();
|
|
911
|
-
const { collectChannelSecurityFindings } = await loadAuditChannelModule();
|
|
912
|
-
findings.push(...await collectChannelSecurityFindings({
|
|
913
|
-
cfg,
|
|
914
|
-
sourceConfig: context.sourceConfig,
|
|
915
|
-
plugins: channelPlugins
|
|
916
|
-
}));
|
|
917
|
-
}
|
|
918
|
-
const deepProbeResult = context.deep ? await maybeProbeGateway({
|
|
919
|
-
cfg,
|
|
920
|
-
env,
|
|
921
|
-
timeoutMs: context.deepTimeoutMs,
|
|
922
|
-
probe: context.probeGatewayFn ?? (await loadGatewayProbeDeps()).probeGateway,
|
|
923
|
-
explicitAuth: context.deepProbeAuth
|
|
924
|
-
}) : void 0;
|
|
925
|
-
const deep = deepProbeResult?.deep;
|
|
926
|
-
findings.push(...collectDeepProbeFindings({
|
|
927
|
-
deep,
|
|
928
|
-
authWarning: deepProbeResult?.authWarning
|
|
929
|
-
}));
|
|
930
|
-
const summary = countBySeverity(findings);
|
|
931
|
-
return {
|
|
932
|
-
ts: Date.now(),
|
|
933
|
-
summary,
|
|
934
|
-
findings,
|
|
935
|
-
deep
|
|
936
|
-
};
|
|
937
|
-
}
|
|
938
|
-
//#endregion
|
|
939
|
-
export { runSecurityAudit as t };
|