@pixelzx/genesis 2026.6.29 → 2026.7.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1769) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/.buildstamp +1 -1
  3. package/dist/abort-cutoff.runtime-Cfv6I4gf.js +20 -0
  4. package/dist/abort-cutoff.runtime.js +1 -1
  5. package/dist/abort-xF_zj8_u.js +201 -0
  6. package/dist/abort.runtime-JUukGuW3.js +2 -0
  7. package/dist/abort.runtime.js +1 -1
  8. package/dist/accounts-C0jW92It.js +104 -0
  9. package/dist/accounts-C2ZexWg6.js +107 -0
  10. package/dist/accounts-tEPx6Fnd.js +2 -0
  11. package/dist/acp-cli-De2oyz3e.js +2217 -0
  12. package/dist/acp-spawn-7VB8ie8I.js +1042 -0
  13. package/dist/acp-spawn-C6VfLE4o.js +2 -0
  14. package/dist/acp-stateful-target-driver-ctUymwnI.js +89 -0
  15. package/dist/action-agents-Dy45TQ9X.js +67 -0
  16. package/dist/action-focus-hzygEAz5.js +132 -0
  17. package/dist/action-help-D1h2Czko.js +7 -0
  18. package/dist/action-info-EDBi7fre.js +101 -0
  19. package/dist/action-kill-CBNgmCsz.js +33 -0
  20. package/dist/action-list-C6KC8Ulv.js +21 -0
  21. package/dist/action-log-C0R9AwnB.js +30 -0
  22. package/dist/action-send-DZw27QoS.js +39 -0
  23. package/dist/action-spawn-BXEOYBEH.js +47 -0
  24. package/dist/action-unfocus-DWFUpr-g.js +29 -0
  25. package/dist/actions.runtime-1HHNbwPa.js +5 -0
  26. package/dist/actions.runtime-GFSX3jST.js +18 -0
  27. package/dist/actions.runtime.js +1 -1
  28. package/dist/agent-CU42dfye.js +2 -0
  29. package/dist/agent-command-Baehh2jJ.js +874 -0
  30. package/dist/agent-harness-runtime-Bmln4mlS.js +144 -0
  31. package/dist/agent-runner-utils-xPwHxFwc.js +239 -0
  32. package/dist/agent-runner.runtime-BBx0eqAs.js +3443 -0
  33. package/dist/agent-runner.runtime.js +1 -1
  34. package/dist/agent-runtime-mKUGZmYk.js +18 -0
  35. package/dist/agents-C_kp6PcN.js +954 -0
  36. package/dist/agents-D7-4l9xG.js +5 -0
  37. package/dist/agents.command-shared-j4Ht1HMt.js +40 -0
  38. package/dist/aliases-BR-85AbT.js +96 -0
  39. package/dist/aliases-DH4MEghL.js +2 -0
  40. package/dist/api-7axT1c4t.js +4 -0
  41. package/dist/api-8dcgPyEO.js +139 -0
  42. package/dist/api-BWV-Ja5Y.js +48 -0
  43. package/dist/api-C6Dl-nsC.js +3 -0
  44. package/dist/api-CeoOTFsR.js +5 -0
  45. package/dist/apply-DFpc3-ic.js +508 -0
  46. package/dist/apply.runtime-BpuwcltB.js +166 -0
  47. package/dist/apply.runtime-CyFkfilC.js +2 -0
  48. package/dist/apply.runtime.js +1 -1
  49. package/dist/approval-gateway-resolver-B5iZVyl3.js +29 -0
  50. package/dist/approval-gateway-runtime-DJMhFL8_.js +2 -0
  51. package/dist/approval-handler-runtime-CvlNyTSd.js +439 -0
  52. package/dist/approval-native-runtime-DIP1UVwF.js +729 -0
  53. package/dist/attempt-execution.runtime-Dnj7Dunz.js +509 -0
  54. package/dist/attempt-execution.runtime.js +1 -1
  55. package/dist/attempt-execution.shared-CJLlmxzq.js +22 -0
  56. package/dist/attempt.prompt-helpers-yXlkhGj_.js +206 -0
  57. package/dist/attempt.tool-run-context-DplnP36r.js +933 -0
  58. package/dist/audit-CP153cHC.js +939 -0
  59. package/dist/audit-channel.collect.runtime.js +1 -1
  60. package/dist/audit-extra.async-B52PswlQ.js +971 -0
  61. package/dist/audit-tool-policy-CMwmd8Xs.js +3 -0
  62. package/dist/audit.deep.runtime-BC4XWNSr.js +2 -0
  63. package/dist/audit.deep.runtime.js +1 -1
  64. package/dist/audit.nondeep.runtime-Dvng3qfA.js +880 -0
  65. package/dist/audit.nondeep.runtime.js +1 -1
  66. package/dist/audit.runtime-BPEAdYYt.js +7 -0
  67. package/dist/audit.runtime.js +1 -1
  68. package/dist/auth-CGB_0fnH.js +550 -0
  69. package/dist/auth-DXk-SISv.js +56 -0
  70. package/dist/auth-_41Zyvnc.js +2 -0
  71. package/dist/auth-bH95QjyV.js +177 -0
  72. package/dist/auth-choice-Bn-ygZZg.js +3 -0
  73. package/dist/auth-choice-CmUhzrUA.js +85 -0
  74. package/dist/auth-order-Cnl7fD4m.js +2 -0
  75. package/dist/auth-order-DTEvHo9G.js +139 -0
  76. package/dist/bash-tools-E5RKIMX4.js +2853 -0
  77. package/dist/bash-tools-n2uf-L6x.js +3 -0
  78. package/dist/bash-tools.exec-runtime-BSErqAOv.js +823 -0
  79. package/dist/binding-routing-MxZZJi7B.js +85 -0
  80. package/dist/binding-targets-DOjf91v9.js +121 -0
  81. package/dist/bridge-server-C9sdVkxe.js +113 -0
  82. package/dist/browser-control-auth-Ds_CXo7-.js +2 -0
  83. package/dist/browser-node-runtime-CrrZhgmT.js +12 -0
  84. package/dist/browser-profiles-DSq_VuWU.js +2 -0
  85. package/dist/browser-runtime-D3bUe2ki.js +387 -0
  86. package/dist/browser-setup-tools-BzBeI9sr.js +13 -0
  87. package/dist/build-BQ7uMjfi.js +550 -0
  88. package/dist/build-info.json +3 -3
  89. package/dist/bundled/boot-md/handler.js +3 -3
  90. package/dist/bundled/session-memory/handler.js +1 -1
  91. package/dist/call-C5EHc2Ve.js +3 -0
  92. package/dist/call-DgFhP0IB.js +330 -0
  93. package/dist/call.runtime-CBWpY5ek.js +2 -0
  94. package/dist/call.runtime.js +1 -1
  95. package/dist/capability-cli-CF-5WxGW.js +1401 -0
  96. package/dist/catalog-provider-BefDFS32.js +40 -0
  97. package/dist/catchup-DEgTzUZf.js +300 -0
  98. package/dist/channel-B9Z1yOBL.js +1100 -0
  99. package/dist/channel-BQalh8q5.js +1320 -0
  100. package/dist/channel-B_D0qB8f.js +297 -0
  101. package/dist/channel-CveiiHEq.js +226 -0
  102. package/dist/channel-DPRWC_X5.js +1802 -0
  103. package/dist/channel-DTNwXKB7.js +350 -0
  104. package/dist/channel-DsWHOdeO.js +840 -0
  105. package/dist/channel-IYn5sG7l.js +453 -0
  106. package/dist/channel-MwEUOERy.js +1174 -0
  107. package/dist/channel-add-wizard-De4DNba-.js +125 -0
  108. package/dist/channel-add-wizard-v9JYw-20.js +2 -0
  109. package/dist/channel-core-C3RFVpjy.js +5 -0
  110. package/dist/channel-geAqqK_e.js +491 -0
  111. package/dist/channel-inbound-BRCAVWH1.js +31 -0
  112. package/dist/channel-plugin-resolution-BYpxL2mS.js +2 -0
  113. package/dist/channel-plugin-resolution-Jy5eA_cD.js +153 -0
  114. package/dist/channel-plugin-runtime-B7guFbbq.js +771 -0
  115. package/dist/channel-runtime-B2HmUto-.js +425 -0
  116. package/dist/channel-selection.runtime.js +1 -1
  117. package/dist/channel-setup-DmnWuvUU.js +1297 -0
  118. package/dist/channel-zfFLswBu.js +595 -0
  119. package/dist/channel.runtime-60XStiek.js +2364 -0
  120. package/dist/channel.runtime-BK8atBx7.js +430 -0
  121. package/dist/channel.runtime-CjfgGDJR.js +576 -0
  122. package/dist/channel.runtime-Cuc72hD3.js +89 -0
  123. package/dist/channel.runtime-D4i6q9PJ.js +4 -0
  124. package/dist/channel.runtime-mLdKu3mE.js +42398 -0
  125. package/dist/channel.runtime.js +1 -1
  126. package/dist/channel.setup-BxdBjfQG.js +10 -0
  127. package/dist/channel2.runtime-DhBM75gc.js +109 -0
  128. package/dist/channel2.runtime.js +1 -1
  129. package/dist/channels-YP0r9T7z.js +733 -0
  130. package/dist/channels-cli-BA8x-0ie.js +268 -0
  131. package/dist/chat-C-K_PnVS.js +2830 -0
  132. package/dist/clawbot-cli-CcTWZznd.js +9 -0
  133. package/dist/clawhub-Dg91MiOl.js +400 -0
  134. package/dist/cli/daemon-cli.js +3 -3
  135. package/dist/cli-B9pz-wec.js +2 -0
  136. package/dist/cli-BDqmMCNa.js +219 -0
  137. package/dist/cli-BnjgRW4w.js +154 -0
  138. package/dist/cli-C6O2LqdN.js +683 -0
  139. package/dist/cli-CFANcv9h.js +2 -0
  140. package/dist/cli-D9yBNX96.js +3726 -0
  141. package/dist/cli-e4V7ix51.js +2 -0
  142. package/dist/cli-oSszUBF4.js +72 -0
  143. package/dist/cli-runner-ziqCSXFY.js +286 -0
  144. package/dist/cli-runner.runtime-B-P8SxLi.js +4 -0
  145. package/dist/cli-runner.runtime-BmqwbMTX.js +3 -0
  146. package/dist/cli-runner.runtime.js +1 -1
  147. package/dist/cli-startup-metadata.json +2 -2
  148. package/dist/cli.runtime-4isBQRbc.js +1261 -0
  149. package/dist/cli.runtime.js +1 -1
  150. package/dist/client-CcimlPth.js +138 -0
  151. package/dist/client-DQsu_IXu.js +723 -0
  152. package/dist/command-auth-BWQO7kca.js +76 -0
  153. package/dist/command-config-resolution-ClTknI2S.js +2 -0
  154. package/dist/command-config-resolution-CrkcVij4.js +23 -0
  155. package/dist/command-config-resolution.runtime-D6B4s-Uv.js +2 -0
  156. package/dist/command-config-resolution.runtime.js +1 -1
  157. package/dist/command-execution-startup-CQcKEDhz.js +324 -0
  158. package/dist/command-registry-B_U-oRjT.js +4 -0
  159. package/dist/command-registry-CJ8y08cJ.js +9 -0
  160. package/dist/command-registry-core-CjYDA5Hb.js +106 -0
  161. package/dist/command-secret-gateway-BN5JN_4V.js +528 -0
  162. package/dist/command-status.runtime-BwGSaGwK.js +87 -0
  163. package/dist/command-status.runtime.js +1 -1
  164. package/dist/commands-acp-Di5EZJSo.js +77 -0
  165. package/dist/commands-compact.runtime-Dm1rBnbf.js +10 -0
  166. package/dist/commands-compact.runtime.js +1 -1
  167. package/dist/commands-core.runtime-DjL6pkWU.js +2 -0
  168. package/dist/commands-core.runtime.js +1 -1
  169. package/dist/commands-handlers.runtime-C8uzW3Za.js +4599 -0
  170. package/dist/commands-handlers.runtime.js +1 -1
  171. package/dist/commands-reset-hooks-7h-poKws.js +135 -0
  172. package/dist/commands-status-D_wsDlQe.js +16 -0
  173. package/dist/commands-status.runtime-BYT0Y8Xk.js +3 -0
  174. package/dist/commands-status.runtime.js +1 -1
  175. package/dist/commands-subagents-control.runtime-BozyiWar.js +3 -0
  176. package/dist/commands-subagents-control.runtime-DDCzt8Ub.js +2 -0
  177. package/dist/commands-subagents-control.runtime.js +1 -1
  178. package/dist/commands-system-prompt-ClkTGvNr.js +157 -0
  179. package/dist/commands-system-prompt-qRoqhQKL.js +2 -0
  180. package/dist/commands.runtime-DdZErCma.js +167 -0
  181. package/dist/commands.runtime.js +1 -1
  182. package/dist/compact-BCs9ORLb.js +1096 -0
  183. package/dist/compact.runtime-DvG7GWYV.js +12 -0
  184. package/dist/compact.runtime.js +1 -1
  185. package/dist/completion-cli-C4J7V5YR.js +328 -0
  186. package/dist/config-B0uPLzV0.js +252 -0
  187. package/dist/config-cli-Bt8euI41.js +1078 -0
  188. package/dist/config-guard-DUDovz1_.js +96 -0
  189. package/dist/config-runtime-BnYU3hOw.js +32 -0
  190. package/dist/configure-BIB6QKXD.js +2 -0
  191. package/dist/configure-DuXRvaw-.js +1252 -0
  192. package/dist/connect-options-DdLRs3mC.js +699 -0
  193. package/dist/control-auth-BboB6-Q9.js +125 -0
  194. package/dist/control-service-zISWiuJ_.js +156 -0
  195. package/dist/control-ui/assets/agents-JC5PtqrV.js +1125 -0
  196. package/dist/control-ui/assets/canvas-BOLwH2XE.js +274 -0
  197. package/dist/control-ui/assets/channel-config-extras-DndsWi2n.js +2 -0
  198. package/dist/control-ui/assets/channels-DehEkmqb.js +198 -0
  199. package/dist/control-ui/assets/contacts-CuFuG0IF.js +49 -0
  200. package/dist/control-ui/assets/cron-DOmGA0e5.js +250 -0
  201. package/dist/control-ui/assets/de-CJg8xmlK.js +2 -0
  202. package/dist/control-ui/assets/debug-BmuUKCSJ.js +94 -0
  203. package/dist/control-ui/assets/es-C4Q-2wY3.js +2 -0
  204. package/dist/control-ui/assets/fr-C8HMIYz8.js +2 -0
  205. package/dist/control-ui/assets/i18n-Cc8tlfvD.js +3 -0
  206. package/dist/control-ui/assets/id-Cfarvm3I.js +2 -0
  207. package/dist/control-ui/assets/index-rW3Q6M8T.js +5981 -0
  208. package/dist/control-ui/assets/instances-Cx7hEWzW.js +57 -0
  209. package/dist/control-ui/assets/ja-JP-F9ReJBkI.js +2 -0
  210. package/dist/control-ui/assets/ko-COLp1JKa.js +2 -0
  211. package/dist/control-ui/assets/logs-DB-Z5vcW.js +74 -0
  212. package/dist/control-ui/assets/mcp-Cpcduudl.js +417 -0
  213. package/dist/control-ui/assets/memory-DnzEGr6j.js +50 -0
  214. package/dist/control-ui/assets/memory-graph-DyR9Uhz0.js +30 -0
  215. package/dist/control-ui/assets/models-DiDA_80_.js +86 -0
  216. package/dist/control-ui/assets/nodes-DBKCXfee.js +654 -0
  217. package/dist/control-ui/assets/pl-BYPzLeb4.js +2 -0
  218. package/dist/control-ui/assets/plugins-CwfOfaNX.js +259 -0
  219. package/dist/control-ui/assets/presenter-5bq6-zJE.js +2 -0
  220. package/dist/control-ui/assets/pt-BR-DTBFbuCo.js +2 -0
  221. package/dist/control-ui/assets/sessions-B32pl2IK.js +56 -0
  222. package/dist/control-ui/assets/skills-UF7TyQK4.js +294 -0
  223. package/dist/control-ui/assets/skills-shared-B74z1P-E.js +11 -0
  224. package/dist/control-ui/assets/th-CIjDBcNT.js +2 -0
  225. package/dist/control-ui/assets/tr-NCpkXtTg.js +2 -0
  226. package/dist/control-ui/assets/uk-DvS1vsmH.js +2 -0
  227. package/dist/control-ui/assets/wallet-RKPn2MRs.js +302 -0
  228. package/dist/control-ui/assets/zh-CN-SfnMOQr0.js +2 -0
  229. package/dist/control-ui/assets/zh-TW-CkQgNjXi.js +2 -0
  230. package/dist/control-ui/index.html +2 -2
  231. package/dist/control-ui-CKQ17fcd.js +1043 -0
  232. package/dist/conversation-id-BzYtax7n.js +235 -0
  233. package/dist/conversation-id-HBz3v6j3.js +38 -0
  234. package/dist/conversation-runtime-CkcxSb_S.js +31 -0
  235. package/dist/core-DxVEjt5f.js +275 -0
  236. package/dist/create-B9OOGa90.js +80 -0
  237. package/dist/cron-cli-CAkqablA.js +713 -0
  238. package/dist/daemon-cli-CCC_5IkN.js +12 -0
  239. package/dist/dashboard-Bqpn6xD_.js +81 -0
  240. package/dist/dashboard-Cd6TkhpW.js +2 -0
  241. package/dist/delegate-D7D8iTtT.js +64 -0
  242. package/dist/deliver-I8Ifd1yR.js +3 -0
  243. package/dist/deliver-Zphc65zr.js +747 -0
  244. package/dist/deliver-runtime-DQyfYkCs.js +2 -0
  245. package/dist/delivery-outbound.runtime-Bs9x6LSS.js +6 -0
  246. package/dist/delivery-outbound.runtime.js +1 -1
  247. package/dist/delivery.runtime-Cx3qn7Hc.js +253 -0
  248. package/dist/delivery.runtime.js +1 -1
  249. package/dist/detached-task-runtime-D2jixP5C.js +73 -0
  250. package/dist/devices-cli-CMnaKl01.js +498 -0
  251. package/dist/diagnostics-B8Z9UWlG.js +154 -0
  252. package/dist/direct-dm-c4Qb2Nzg.js +64 -0
  253. package/dist/directive-handling.fast-lane-DuuCgCI2.js +66 -0
  254. package/dist/directive-handling.impl-BiJain1b.js +2 -0
  255. package/dist/directive-handling.impl-CYw76-Ag.js +703 -0
  256. package/dist/directive-handling.model-selection-BNnOIh0D.js +114 -0
  257. package/dist/directive-handling.persist.runtime-DWnMoAjn.js +215 -0
  258. package/dist/directive-handling.persist.runtime.js +1 -1
  259. package/dist/directory-cli-CinbUxv4.js +240 -0
  260. package/dist/dispatch-acp-BL2QahHP.js +981 -0
  261. package/dist/dispatch-acp-manager.runtime-CynWPlJS.js +3 -0
  262. package/dist/dispatch-acp-manager.runtime.js +1 -1
  263. package/dist/dispatch-acp-media.runtime-CrC5nXXy.js +4 -0
  264. package/dist/dispatch-acp-media.runtime.js +1 -1
  265. package/dist/dispatch-acp-session.runtime-C_GFMR0r.js +2 -0
  266. package/dist/dispatch-acp-session.runtime.js +1 -1
  267. package/dist/dispatch-acp.runtime-OwR8G8Qt.js +19 -0
  268. package/dist/dispatch-acp.runtime.js +1 -1
  269. package/dist/dispatch-r6Uv7puk.js +1131 -0
  270. package/dist/doctor-config-flow-BQjLEW5b.js +420 -0
  271. package/dist/doctor-config-preflight-B3VVSleh.js +63 -0
  272. package/dist/doctor-config-preflight-BBOEq7ti.js +2 -0
  273. package/dist/doctor-device-pairing-GsLelCah.js +307 -0
  274. package/dist/doctor-gateway-daemon-flow-Bj6Y5WoB.js +250 -0
  275. package/dist/doctor-gateway-health-D7WY6zgb.js +63 -0
  276. package/dist/doctor-health-C9GRQaPA.js +59 -0
  277. package/dist/doctor-health-contributions-Dk9ho6TO.js +493 -0
  278. package/dist/doctor-prompter-Ct6Jv52M.js +56 -0
  279. package/dist/doctor-sandbox-DAb-mQpy.js +194 -0
  280. package/dist/doctor-state-migrations-36dXc9ct.js +2 -0
  281. package/dist/doctor-workspace-status-CJCfWEI6.js +75 -0
  282. package/dist/dreaming-_hTKF5lN.js +1582 -0
  283. package/dist/dreaming-narrative-D5XTDttN.js +596 -0
  284. package/dist/embedded-gateway-stub.runtime-CEmoodA9.js +9 -0
  285. package/dist/embedded-gateway-stub.runtime.js +1 -1
  286. package/dist/embedding-provider-B9F-kCH3.js +118 -0
  287. package/dist/embeddings-BCVqTyaZ.js +215 -0
  288. package/dist/embeddings-http-CCsd7vWB.js +205 -0
  289. package/dist/entry.js +2 -2
  290. package/dist/exec-approval-forwarder.runtime-CMniJyXX.js +3 -0
  291. package/dist/exec-approval-forwarder.runtime.js +1 -1
  292. package/dist/exec-approvals-cli-ClDMlOmM.js +498 -0
  293. package/dist/exec-defaults-BWb7bhoE.js +2 -0
  294. package/dist/exec-defaults-CE8PArh-.js +67 -0
  295. package/dist/execute.runtime-Bhup95bB.js +1359 -0
  296. package/dist/execute.runtime.js +1 -1
  297. package/dist/extensionAPI.js +3 -3
  298. package/dist/extensions/active-memory/index.js +3 -3
  299. package/dist/extensions/alibaba/index.js +1 -1
  300. package/dist/extensions/alibaba/video-generation-provider.js +1 -1
  301. package/dist/extensions/arcee/index.js +2 -2
  302. package/dist/extensions/bluebubbles/api.js +3 -3
  303. package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
  304. package/dist/extensions/browser/browser-bridge.js +1 -1
  305. package/dist/extensions/browser/browser-config.js +4 -4
  306. package/dist/extensions/browser/browser-control-auth.js +2 -2
  307. package/dist/extensions/browser/browser-doctor.js +2 -2
  308. package/dist/extensions/browser/browser-maintenance.js +2 -2
  309. package/dist/extensions/browser/browser-profiles.js +2 -2
  310. package/dist/extensions/browser/browser-runtime-api.js +10 -10
  311. package/dist/extensions/browser/index.js +1 -1
  312. package/dist/extensions/browser/plugin-registration.js +1 -1
  313. package/dist/extensions/browser/register.runtime.js +3 -3
  314. package/dist/extensions/browser/runtime-api.js +11 -11
  315. package/dist/extensions/browser/test-support.js +1 -1
  316. package/dist/extensions/byteplus/index.js +3 -3
  317. package/dist/extensions/byteplus/video-generation-provider.js +1 -1
  318. package/dist/extensions/chutes/index.js +4 -4
  319. package/dist/extensions/cloudflare-ai-gateway/api.js +1 -1
  320. package/dist/extensions/cloudflare-ai-gateway/catalog-provider.js +1 -1
  321. package/dist/extensions/cloudflare-ai-gateway/index.js +2 -2
  322. package/dist/extensions/comfy/image-generation-provider.js +2 -2
  323. package/dist/extensions/comfy/index.js +5 -5
  324. package/dist/extensions/comfy/music-generation-provider.js +1 -1
  325. package/dist/extensions/comfy/video-generation-provider.js +2 -2
  326. package/dist/extensions/comfy/workflow-runtime.js +1 -1
  327. package/dist/extensions/deepseek/index.js +1 -1
  328. package/dist/extensions/device-pair/api.js +2 -2
  329. package/dist/extensions/device-pair/index.js +4 -4
  330. package/dist/extensions/device-pair/notify.js +1 -1
  331. package/dist/extensions/device-pair/pair-command-approve.js +1 -1
  332. package/dist/extensions/device-pair/qr-image.js +2 -2
  333. package/dist/extensions/fal/image-generation-provider.js +1 -1
  334. package/dist/extensions/fal/index.js +3 -3
  335. package/dist/extensions/fal/provider-registration.js +1 -1
  336. package/dist/extensions/fal/test-api.js +2 -2
  337. package/dist/extensions/fal/video-generation-provider.js +1 -1
  338. package/dist/extensions/fireworks/index.js +1 -1
  339. package/dist/extensions/github-copilot/api.js +1 -1
  340. package/dist/extensions/github-copilot/auth.js +1 -1
  341. package/dist/extensions/github-copilot/embeddings.js +1 -1
  342. package/dist/extensions/github-copilot/index.js +4 -4
  343. package/dist/extensions/github-copilot/login.js +1 -1
  344. package/dist/extensions/github-copilot/register.runtime.js +2 -2
  345. package/dist/extensions/google-meet/index.js +6 -6
  346. package/dist/extensions/groq/index.js +1 -1
  347. package/dist/extensions/groq/media-understanding-provider.js +1 -1
  348. package/dist/extensions/groq/test-api.js +1 -1
  349. package/dist/extensions/huggingface/index.js +1 -1
  350. package/dist/extensions/image-generation-core/api.js +2 -2
  351. package/dist/extensions/imessage/api.js +4 -4
  352. package/dist/extensions/imessage/channel-plugin-api.js +1 -1
  353. package/dist/extensions/imessage/runtime-api.js +5 -5
  354. package/dist/extensions/imessage/test-api.js +1 -1
  355. package/dist/extensions/irc/api.js +2 -2
  356. package/dist/extensions/irc/channel-plugin-api.js +1 -1
  357. package/dist/extensions/kilocode/index.js +1 -1
  358. package/dist/extensions/kimi-coding/index.js +2 -2
  359. package/dist/extensions/line/api.js +2 -2
  360. package/dist/extensions/line/channel-plugin-api.js +1 -1
  361. package/dist/extensions/line/contract-api.js +1 -1
  362. package/dist/extensions/line/runtime-api.js +4 -4
  363. package/dist/extensions/line/setup-api.js +1 -1
  364. package/dist/extensions/litellm/index.js +1 -1
  365. package/dist/extensions/llm-task/index.js +2 -2
  366. package/dist/extensions/lmstudio/api.js +2 -2
  367. package/dist/extensions/lmstudio/index.js +3 -3
  368. package/dist/extensions/lmstudio/memory-embedding-adapter.js +1 -1
  369. package/dist/extensions/lmstudio/runtime-api.js +1 -1
  370. package/dist/extensions/lobster/index.js +3 -3
  371. package/dist/extensions/lobster/runtime-api.js +1 -1
  372. package/dist/extensions/mattermost/api.js +1 -1
  373. package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
  374. package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
  375. package/dist/extensions/mattermost/policy-api.js +1 -1
  376. package/dist/extensions/mattermost/runtime-api.js +7 -7
  377. package/dist/extensions/mattermost/slash-route-api.js +1 -1
  378. package/dist/extensions/media-understanding-core/runtime-api.js +2 -2
  379. package/dist/extensions/memory-core/api.js +1 -1
  380. package/dist/extensions/memory-core/cli-metadata.js +2 -2
  381. package/dist/extensions/memory-core/index.js +3 -3
  382. package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
  383. package/dist/extensions/memory-lancedb/index.js +1 -1
  384. package/dist/extensions/memory-wiki/cli-metadata.js +1 -1
  385. package/dist/extensions/memory-wiki/index.js +1 -1
  386. package/dist/extensions/microsoft/index.js +1 -1
  387. package/dist/extensions/microsoft/speech-provider.js +1 -1
  388. package/dist/extensions/microsoft/test-api.js +1 -1
  389. package/dist/extensions/microsoft-foundry/auth.js +1 -1
  390. package/dist/extensions/microsoft-foundry/cli.js +1 -1
  391. package/dist/extensions/microsoft-foundry/index.js +1 -1
  392. package/dist/extensions/microsoft-foundry/onboard.js +2 -2
  393. package/dist/extensions/microsoft-foundry/provider.js +1 -1
  394. package/dist/extensions/microsoft-foundry/runtime.js +1 -1
  395. package/dist/extensions/microsoft-foundry/shared-runtime.js +2 -2
  396. package/dist/extensions/microsoft-foundry/shared.js +1 -1
  397. package/dist/extensions/minimax/image-generation-provider.js +1 -1
  398. package/dist/extensions/minimax/index.js +6 -6
  399. package/dist/extensions/minimax/media-understanding-provider.js +1 -1
  400. package/dist/extensions/minimax/music-generation-provider.js +1 -1
  401. package/dist/extensions/minimax/oauth.js +1 -1
  402. package/dist/extensions/minimax/oauth.runtime.js +1 -1
  403. package/dist/extensions/minimax/provider-registration.js +1 -1
  404. package/dist/extensions/minimax/speech-provider.js +1 -1
  405. package/dist/extensions/minimax/test-api.js +4 -4
  406. package/dist/extensions/minimax/video-generation-provider.js +1 -1
  407. package/dist/extensions/mistral/index.js +2 -2
  408. package/dist/extensions/mistral/media-understanding-provider.js +1 -1
  409. package/dist/extensions/mistral/test-api.js +1 -1
  410. package/dist/extensions/moonshot/index.js +2 -2
  411. package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
  412. package/dist/extensions/moonshot/test-api.js +1 -1
  413. package/dist/extensions/msteams/api.js +1 -1
  414. package/dist/extensions/msteams/channel-plugin-api.js +1 -1
  415. package/dist/extensions/msteams/runtime-api.js +4 -4
  416. package/dist/extensions/msteams/test-api.js +1 -1
  417. package/dist/extensions/nextcloud-talk/api.js +1 -1
  418. package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
  419. package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
  420. package/dist/extensions/nvidia/index.js +1 -1
  421. package/dist/extensions/ollama/api.js +3 -3
  422. package/dist/extensions/ollama/index.js +9 -9
  423. package/dist/extensions/ollama/runtime-api.js +2 -2
  424. package/dist/extensions/ollama/web-search-provider.js +1 -1
  425. package/dist/extensions/openai/api.js +2 -2
  426. package/dist/extensions/openai/image-generation-provider.js +1 -1
  427. package/dist/extensions/openai/index.js +6 -6
  428. package/dist/extensions/openai/media-understanding-provider.js +1 -1
  429. package/dist/extensions/openai/openai-codex-provider.js +1 -1
  430. package/dist/extensions/openai/openai-provider.js +1 -1
  431. package/dist/extensions/openai/register.runtime.js +4 -4
  432. package/dist/extensions/openai/test-api.js +3 -3
  433. package/dist/extensions/openai/video-generation-provider.js +1 -1
  434. package/dist/extensions/opencode/index.js +2 -2
  435. package/dist/extensions/opencode/media-understanding-provider.js +1 -1
  436. package/dist/extensions/opencode-go/index.js +2 -2
  437. package/dist/extensions/opencode-go/media-understanding-provider.js +1 -1
  438. package/dist/extensions/openrouter/api.js +1 -1
  439. package/dist/extensions/openrouter/image-generation-provider.js +1 -1
  440. package/dist/extensions/openrouter/index.js +4 -4
  441. package/dist/extensions/openrouter/media-understanding-provider.js +1 -1
  442. package/dist/extensions/openrouter/register.runtime.js +3 -3
  443. package/dist/extensions/openrouter/test-api.js +2 -2
  444. package/dist/extensions/openshell/index.js +3 -3
  445. package/dist/extensions/qianfan/index.js +1 -1
  446. package/dist/extensions/qwen/index.js +3 -3
  447. package/dist/extensions/qwen/media-understanding-provider.js +1 -1
  448. package/dist/extensions/qwen/test-api.js +2 -2
  449. package/dist/extensions/qwen/video-generation-provider.js +1 -1
  450. package/dist/extensions/runway/index.js +1 -1
  451. package/dist/extensions/runway/video-generation-provider.js +1 -1
  452. package/dist/extensions/signal/api.js +6 -6
  453. package/dist/extensions/signal/channel-plugin-api.js +1 -1
  454. package/dist/extensions/signal/reaction-runtime-api.js +1 -1
  455. package/dist/extensions/signal/runtime-api.js +9 -9
  456. package/dist/extensions/skill-workshop/api.js +1 -1
  457. package/dist/extensions/skill-workshop/index.js +2 -2
  458. package/dist/extensions/speech-core/runtime-api.js +1 -1
  459. package/dist/extensions/stepfun/index.js +2 -2
  460. package/dist/extensions/synology-chat/api.js +1 -1
  461. package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
  462. package/dist/extensions/synthetic/index.js +1 -1
  463. package/dist/extensions/talk-voice/index.js +1 -1
  464. package/dist/extensions/tencent/index.js +2 -2
  465. package/dist/extensions/thread-ownership/index.js +1 -1
  466. package/dist/extensions/tlon/api.js +2 -2
  467. package/dist/extensions/tlon/channel-plugin-api.js +1 -1
  468. package/dist/extensions/tlon/runtime-api.js +1 -1
  469. package/dist/extensions/tlon/test-api.js +1 -1
  470. package/dist/extensions/together/index.js +2 -2
  471. package/dist/extensions/together/video-generation-provider.js +1 -1
  472. package/dist/extensions/twitch/api.js +1 -1
  473. package/dist/extensions/twitch/channel-plugin-api.js +1 -1
  474. package/dist/extensions/twitch/setup-plugin-api.js +1 -1
  475. package/dist/extensions/venice/index.js +1 -1
  476. package/dist/extensions/vercel-ai-gateway/index.js +1 -1
  477. package/dist/extensions/voice-call/index.js +1 -1
  478. package/dist/extensions/voice-call/runtime-entry.js +1 -1
  479. package/dist/extensions/volcengine/index.js +2 -2
  480. package/dist/extensions/vydra/image-generation-provider.js +1 -1
  481. package/dist/extensions/vydra/index.js +4 -4
  482. package/dist/extensions/vydra/video-generation-provider.js +1 -1
  483. package/dist/extensions/xai/api.js +2 -2
  484. package/dist/extensions/xai/code-execution.js +2 -2
  485. package/dist/extensions/xai/image-generation-provider.js +1 -1
  486. package/dist/extensions/xai/index.js +6 -6
  487. package/dist/extensions/xai/speech-provider.js +1 -1
  488. package/dist/extensions/xai/tts.js +1 -1
  489. package/dist/extensions/xai/video-generation-provider.js +1 -1
  490. package/dist/extensions/xai/x-search.js +2 -2
  491. package/dist/extensions/xiaomi/index.js +1 -1
  492. package/dist/extensions/zai/index.js +2 -2
  493. package/dist/extensions/zai/media-understanding-provider.js +1 -1
  494. package/dist/extensions/zai/test-api.js +1 -1
  495. package/dist/extensions/zalo/api.js +3 -3
  496. package/dist/extensions/zalo/channel-plugin-api.js +1 -1
  497. package/dist/extensions/zalo/runtime-api.js +2 -2
  498. package/dist/extensions/zalo/setup-api.js +2 -2
  499. package/dist/extensions/zalouser/api.js +3 -3
  500. package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
  501. package/dist/extensions/zalouser/runtime-api.js +7 -7
  502. package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
  503. package/dist/extensions/zalouser/test-api.js +1 -1
  504. package/dist/fallbacks-7zSQjTV3.js +31 -0
  505. package/dist/fallbacks-CZiqVR5O.js +2 -0
  506. package/dist/fallbacks-shared-ChkX-wC9.js +111 -0
  507. package/dist/gateway-CHyZ16Py.js +115 -0
  508. package/dist/gateway-cli-Ddf-bjxV.js +1283 -0
  509. package/dist/gateway-rpc-DksPpMA7.js +14 -0
  510. package/dist/gateway-rpc.runtime-BKaQsdOu.js +23 -0
  511. package/dist/gateway-rpc.runtime.js +1 -1
  512. package/dist/gateway-runtime-Ca4l5F_e.js +15 -0
  513. package/dist/gateway-status-CTPWttLS.js +584 -0
  514. package/dist/genesis-tools-Bkxp7zlI.js +9435 -0
  515. package/dist/genesis-tools.runtime-BCkQJQBx.js +2 -0
  516. package/dist/genesis-tools.runtime.js +1 -1
  517. package/dist/get-reply-HzKdsGO7.js +3946 -0
  518. package/dist/get-reply-from-config.runtime-C5ISSvQ1.js +2 -0
  519. package/dist/get-reply-from-config.runtime.js +1 -1
  520. package/dist/gmail-watcher-lifecycle-BYRHDXCT.js +2 -0
  521. package/dist/graph-users-BVVUU02O.js +1337 -0
  522. package/dist/health-3Ot3RyLe.js +420 -0
  523. package/dist/health-B1Ww7M60.js +3 -0
  524. package/dist/health-route--L24U5vY.js +2 -0
  525. package/dist/health-route-DQ3RbNHQ.js +41 -0
  526. package/dist/hooks-cli-CsJbTM0O.js +433 -0
  527. package/dist/http-endpoint-helpers-D5HkMFwp.js +41 -0
  528. package/dist/http-utils-LFOvdepz.js +924 -0
  529. package/dist/image-fallbacks--ElXneWp.js +31 -0
  530. package/dist/image-fallbacks-D3vJILOu.js +2 -0
  531. package/dist/image-generation-core-DasXukAP.js +18 -0
  532. package/dist/image-generation-core.auth.runtime.js +1 -1
  533. package/dist/image-generation-provider-BUYDznhO.js +157 -0
  534. package/dist/image-generation-provider-CZsEm9qP.js +137 -0
  535. package/dist/image-generation-provider-DfAtOfEj.js +95 -0
  536. package/dist/image-generation-provider-Dksuo9OZ.js +529 -0
  537. package/dist/image-generation-provider-TlVk_XqK.js +63 -0
  538. package/dist/image-generation-provider-YwugArNw.js +274 -0
  539. package/dist/image-generation-provider-bWlq5yUE.js +228 -0
  540. package/dist/image-runtime-CswgJNvs.js +9 -0
  541. package/dist/inbound-reply-dispatch-B7wRXjgc.js +73 -0
  542. package/dist/inbound.runtime-Bw0JSbxR.js +4 -0
  543. package/dist/inbound.runtime-DjvZZHXI.js +3 -0
  544. package/dist/inbound.runtime.js +1 -1
  545. package/dist/index.js +2 -2
  546. package/dist/infra-runtime-CBfd1WMP.js +38 -0
  547. package/dist/init-D0hOJH3x.js +59 -0
  548. package/dist/install-CYvCH-s3.js +726 -0
  549. package/dist/install-security-scan-B7ZoC2Vw.js +26 -0
  550. package/dist/install-security-scan.runtime-iZsF-J1u.js +671 -0
  551. package/dist/install-security-scan.runtime.js +1 -1
  552. package/dist/install.runtime-BAqg9YWO.js +27 -0
  553. package/dist/install.runtime-Cc9Bf7A6.js +12 -0
  554. package/dist/install.runtime.js +1 -1
  555. package/dist/jobs-BIi6klWl.js +729 -0
  556. package/dist/library-oLeJ7WB2.js +45 -0
  557. package/dist/lifecycle-CeE5vcbI.js +571 -0
  558. package/dist/lifecycle-CqOQyQkN.js +229 -0
  559. package/dist/lifecycle.runtime-3bkEDR0o.js +2 -0
  560. package/dist/lifecycle.runtime.js +1 -1
  561. package/dist/list-C3cLeCpB.js +2 -0
  562. package/dist/list-CcZ_ONLT.js +2 -0
  563. package/dist/list-DUXsFAZJ.js +1212 -0
  564. package/dist/list-gnrIqPtd.js +131 -0
  565. package/dist/list.probe-BwRgShwM.js +419 -0
  566. package/dist/live-model-switch-CWgg2Ggb.js +336 -0
  567. package/dist/llm-slug-generator-BkDTThCe.js +79 -0
  568. package/dist/llm-slug-generator.js +1 -1
  569. package/dist/load-config-CfZQrUUz.js +35 -0
  570. package/dist/loader-DsEya2Rd.js +222 -0
  571. package/dist/local-dispatch.runtime-CtXGZ70F.js +8 -0
  572. package/dist/local-dispatch.runtime.js +1 -1
  573. package/dist/login-M0JiZwmc.js +108 -0
  574. package/dist/logs-cli-zd_9yCKn.js +265 -0
  575. package/dist/logs-cli.runtime-BWvHh5zg.js +2 -0
  576. package/dist/logs-cli.runtime.js +1 -1
  577. package/dist/main-session-restart-recovery-Bnvjo9E1.js +206 -0
  578. package/dist/managed-image-attachments-Cib67JTY.js +2 -0
  579. package/dist/managed-image-attachments-Pl-_Wh-s.js +635 -0
  580. package/dist/manager-CfFNGdWA.js +2057 -0
  581. package/dist/manager-TXSNaq3B.js +2 -0
  582. package/dist/markdown-to-line-C83mDLjZ.js +790 -0
  583. package/dist/mcp/plugin-tools-serve.js +1 -1
  584. package/dist/mcp-cli-CNy5N1fa.js +725 -0
  585. package/dist/mcp-http-Cp3nlyRC.js +529 -0
  586. package/dist/mcp-oauth-embedded.runtime-Bg_5jTnW.js +111 -0
  587. package/dist/mcp-oauth-embedded.runtime.js +1 -0
  588. package/dist/media-runtime-BetXjDy_.js +329 -0
  589. package/dist/media-understanding-PrCTBqs6.js +85 -0
  590. package/dist/media-understanding-provider-BOJyh6FF.js +85 -0
  591. package/dist/media-understanding-provider-BQqWS6FP.js +18 -0
  592. package/dist/media-understanding-provider-BVI5_wpJ.js +12 -0
  593. package/dist/media-understanding-provider-BvANUUsD.js +37 -0
  594. package/dist/media-understanding-provider-CmJsqky4.js +69 -0
  595. package/dist/media-understanding-provider-D160isav.js +28 -0
  596. package/dist/media-understanding-provider-DLdtS2i0.js +12 -0
  597. package/dist/media-understanding-provider-DbYma1pc.js +21 -0
  598. package/dist/media-understanding-provider-DgKlDcus.js +18 -0
  599. package/dist/media-understanding-provider-Dt4kGn2a.js +13 -0
  600. package/dist/media-understanding-runtime-7Pt0cFob.js +2 -0
  601. package/dist/memory-core-host-runtime-cli-BegfMQ60.js +9 -0
  602. package/dist/memory-embedding-adapter-bqPa42NQ.js +123 -0
  603. package/dist/memory-host-search-595fbsH5.js +12 -0
  604. package/dist/memory-host-search.runtime.js +1 -1
  605. package/dist/message-BEIYueeC.js +232 -0
  606. package/dist/message-action-runner-BMAw7gfU.js +2 -0
  607. package/dist/message-action-runner-DbqkVVXA.js +1407 -0
  608. package/dist/message-actions-CagfUya_.js +143 -0
  609. package/dist/message.config.runtime.js +1 -1
  610. package/dist/message.gateway.runtime-8N00rzUd.js +2 -0
  611. package/dist/message.gateway.runtime.js +1 -1
  612. package/dist/method-scopes-TWVLEUXZ.js +239 -0
  613. package/dist/model-picker-DJQ_lN5J.js +3 -0
  614. package/dist/model-picker-f_kmCGgt.js +559 -0
  615. package/dist/model-picker.runtime-Bua1ZV3T.js +15 -0
  616. package/dist/model-picker.runtime.js +1 -1
  617. package/dist/model-selection-DRe0f5zo.js +212 -0
  618. package/dist/models-auth-status-dUVFT_f1.js +217 -0
  619. package/dist/models-cli-VqeddndJ.js +271 -0
  620. package/dist/models-http-PC5-c2lS.js +92 -0
  621. package/dist/models.fetch-CsIbuvYn.js +518 -0
  622. package/dist/monitor-BgwZHXAs.js +2 -0
  623. package/dist/monitor-BrGXztev.js +1661 -0
  624. package/dist/monitor-DXqHkIkY.js +788 -0
  625. package/dist/monitor-DoS0pnRS.js +671 -0
  626. package/dist/monitor-SUo0OdqH.js +1459 -0
  627. package/dist/monitor-auth-BjLpAGxu.js +207 -0
  628. package/dist/monitor-hVTP1bQv.js +1237 -0
  629. package/dist/monitor-processing-CIokCAUz.js +1974 -0
  630. package/dist/monitor.runtime-BU4RKNXx.js +2 -0
  631. package/dist/monitor.runtime.js +1 -1
  632. package/dist/monitor.webhook-DaTTjWrL.js +180 -0
  633. package/dist/msteams-CmdWCuQl.js +35 -0
  634. package/dist/music-generation-provider-D1C-gv82.js +63 -0
  635. package/dist/music-generation-provider-Da4aNlMi.js +170 -0
  636. package/dist/native-hook-relay-Crk4McKb.js +519 -0
  637. package/dist/nextcloud-talk-D23cNPfx.js +17 -0
  638. package/dist/node-cli-DQ2FAUD5.js +2276 -0
  639. package/dist/nodes-cli-rSfhRw3_.js +1046 -0
  640. package/dist/nodes-utils-DlayGjaD.js +84 -0
  641. package/dist/nodes.helpers-DDUs18Tb.js +34 -0
  642. package/dist/notify-BSOvLWmd.js +315 -0
  643. package/dist/oauth-CMgJwuws.js +2 -0
  644. package/dist/oauth-CkVdnYWF.js +152 -0
  645. package/dist/oauth-DyK5hAZs.js +139 -0
  646. package/dist/oauth-OBOUymgi.js +75 -0
  647. package/dist/oauth.flow-BLoyN3lV.js +3 -0
  648. package/dist/oauth.flow-DH06lWCO.js +45 -0
  649. package/dist/onboard-C-WpjREP.js +316 -0
  650. package/dist/onboard-CpNpQ0N8.js +70 -0
  651. package/dist/onboard-channels-BeLqCc-3.js +2 -0
  652. package/dist/onboard-channels-DvKo0QB_.js +3 -0
  653. package/dist/onboard-custom-BXb7qIWz.js +3 -0
  654. package/dist/onboard-custom-ClkyPqIy.js +271 -0
  655. package/dist/onboard-helpers-BSqq4yEX.js +204 -0
  656. package/dist/onboard-helpers-Cw8cHMwk.js +6 -0
  657. package/dist/onboard-interactive-CIJMPUNi.js +24 -0
  658. package/dist/onboard-non-interactive-CCGFunM1.js +635 -0
  659. package/dist/onboard-remote-BIFjzB0v.js +193 -0
  660. package/dist/onboard-remote-DdfKS44K.js +2 -0
  661. package/dist/onboard-skills-C9Oz7pMM.js +134 -0
  662. package/dist/onboard-skills-DFZIuIBM.js +2 -0
  663. package/dist/onboard-ygfHgwjs.js +2 -0
  664. package/dist/onboarding-plugin-install-CSJX8VZv.js +406 -0
  665. package/dist/openai-codex-provider-ChrCVEw6.js +472 -0
  666. package/dist/openai-http-V8-EZ-Tx.js +500 -0
  667. package/dist/openai-provider-CBFc7f3l.js +313 -0
  668. package/dist/opencode-D8fX4akZ.js +35 -0
  669. package/dist/openresponses-http-B2Z5eD7p.js +1128 -0
  670. package/dist/operator-approvals-client-DcLaJSYz.js +68 -0
  671. package/dist/outbound-runtime-BcayPyTD.js +5 -0
  672. package/dist/outbound.runtime-BioZr0Xk.js +2 -0
  673. package/dist/outbound.runtime.js +1 -1
  674. package/dist/pair-command-approve-CKQ5PFPa.js +44 -0
  675. package/dist/persistent-bindings.lifecycle-Cc3nJyXl.js +2 -0
  676. package/dist/persistent-bindings.lifecycle-DMUm3wFX.js +85 -0
  677. package/dist/pi-bundle-mcp-runtime-BxuXFq8N.js +2 -0
  678. package/dist/pi-bundle-mcp-runtime-ZvnA7GLK.js +854 -0
  679. package/dist/pi-bundle-mcp-tools-Cq0oKMGx.js +108 -0
  680. package/dist/pi-embedded-DLQZrdL6.js +2905 -0
  681. package/dist/pi-embedded-kfFiSGXN.js +4 -0
  682. package/dist/pi-embedded-subscribe.handlers.compaction.runtime-DRkY_7mg.js +23 -0
  683. package/dist/pi-embedded-subscribe.handlers.compaction.runtime.js +1 -1
  684. package/dist/pi-embedded.runtime-DXAilonb.js +4 -0
  685. package/dist/pi-embedded.runtime.js +1 -1
  686. package/dist/pi-tool-definition-adapter-D5M4iVmd.js +229 -0
  687. package/dist/pi-tools-CymfaKhy.js +1118 -0
  688. package/dist/pi-tools.before-tool-call-CBjigYgQ.js +2 -0
  689. package/dist/pi-tools.before-tool-call-CrhLIm2q.js +433 -0
  690. package/dist/plugin-DJ_g-ddv.js +12195 -0
  691. package/dist/plugin-enabled-CqvTLQjg.js +140 -0
  692. package/dist/plugin-install-DwdyYiEf.js +115 -0
  693. package/dist/plugin-install-config-policy-BGQ3WzJO.js +137 -0
  694. package/dist/plugin-install-ldcXmOz8.js +2 -0
  695. package/dist/plugin-install-plan-DXvNElN2.js +50 -0
  696. package/dist/plugin-registration-awDDNZjN.js +23 -0
  697. package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
  698. package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
  699. package/dist/plugin-sdk/acp-runtime.js +3 -3
  700. package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
  701. package/dist/plugin-sdk/agent-harness.js +7 -7
  702. package/dist/plugin-sdk/agent-runtime.js +2 -2
  703. package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
  704. package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
  705. package/dist/plugin-sdk/approval-runtime.js +1 -1
  706. package/dist/plugin-sdk/browser-node-runtime.js +4 -4
  707. package/dist/plugin-sdk/browser-setup-tools.js +3 -3
  708. package/dist/plugin-sdk/browser-support.js +7 -7
  709. package/dist/plugin-sdk/channel-core.js +2 -2
  710. package/dist/plugin-sdk/channel-inbound.js +3 -3
  711. package/dist/plugin-sdk/command-auth.js +2 -2
  712. package/dist/plugin-sdk/command-status-runtime.js +1 -1
  713. package/dist/plugin-sdk/compat.js +1 -1
  714. package/dist/plugin-sdk/config-runtime.js +3 -3
  715. package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
  716. package/dist/plugin-sdk/conversation-runtime.js +4 -4
  717. package/dist/plugin-sdk/core.js +2 -2
  718. package/dist/plugin-sdk/direct-dm.js +1 -1
  719. package/dist/plugin-sdk/gateway-runtime.js +3 -3
  720. package/dist/plugin-sdk/image-generation-core.js +2 -2
  721. package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
  722. package/dist/plugin-sdk/index.js +1 -1
  723. package/dist/plugin-sdk/infra-runtime.js +2 -2
  724. package/dist/plugin-sdk/irc.js +2 -2
  725. package/dist/plugin-sdk/matrix.js +1 -1
  726. package/dist/plugin-sdk/mattermost.js +2 -2
  727. package/dist/plugin-sdk/media-runtime.js +5 -5
  728. package/dist/plugin-sdk/media-understanding-runtime.js +2 -2
  729. package/dist/plugin-sdk/media-understanding.js +2 -2
  730. package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
  731. package/dist/plugin-sdk/memory-core.js +2 -2
  732. package/dist/plugin-sdk/memory-host-search.js +1 -1
  733. package/dist/plugin-sdk/msteams.js +3 -3
  734. package/dist/plugin-sdk/nextcloud-talk.js +2 -2
  735. package/dist/plugin-sdk/nostr.js +1 -1
  736. package/dist/plugin-sdk/opencode.js +1 -1
  737. package/dist/plugin-sdk/outbound-runtime.js +2 -2
  738. package/dist/plugin-sdk/provider-auth-api-key.js +2 -2
  739. package/dist/plugin-sdk/provider-auth-login.js +1 -1
  740. package/dist/plugin-sdk/provider-auth.js +2 -2
  741. package/dist/plugin-sdk/provider-entry.js +1 -1
  742. package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
  743. package/dist/plugin-sdk/reply-runtime.js +4 -4
  744. package/dist/plugin-sdk/runtime-doctor.js +1 -1
  745. package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
  746. package/dist/plugin-sdk/runtime.js +3 -3
  747. package/dist/plugin-sdk/sandbox.js +1 -1
  748. package/dist/plugin-sdk/session-store-runtime.js +1 -1
  749. package/dist/plugin-sdk/session-visibility.js +1 -1
  750. package/dist/plugin-sdk/skill-commands-runtime.js +1 -1
  751. package/dist/plugin-sdk/src/config/types.mcp.d.ts +13 -0
  752. package/dist/plugin-sdk/src/gateway/protocol/index.d.ts +29 -3
  753. package/dist/plugin-sdk/src/gateway/protocol/schema/mcp.d.ts +52 -0
  754. package/dist/plugin-sdk/src/gateway/protocol/schema/protocol-schemas.d.ts +52 -0
  755. package/dist/plugin-sdk/src/gateway/protocol/schema/types.d.ts +8 -0
  756. package/dist/plugin-sdk/testing.js +4 -4
  757. package/dist/plugin-sdk/tlon.js +1 -1
  758. package/dist/plugin-sdk/zalo.js +1 -1
  759. package/dist/plugin-sdk/zalouser.js +1 -1
  760. package/dist/plugin-service-Bcg-shsL.js +2893 -0
  761. package/dist/plugins/runtime/index.js +1 -1
  762. package/dist/plugins-cli-CUZMkYFB.js +584 -0
  763. package/dist/plugins-command-helpers-BGFL7yp7.js +107 -0
  764. package/dist/plugins-install-persist-Cp8tSsno.js +133 -0
  765. package/dist/plugins-update-command-Ds_N9qES.js +1057 -0
  766. package/dist/policy-DIf26_n6.js +328 -0
  767. package/dist/postinstall-inventory.json +711 -709
  768. package/dist/prepare.runtime-DCLXK1uq.js +807 -0
  769. package/dist/prepare.runtime.js +1 -1
  770. package/dist/probe-0w9S79sF.js +45 -0
  771. package/dist/probe-B1L2nZVS.js +243 -0
  772. package/dist/probe-BQT29JH7.js +74 -0
  773. package/dist/probe-CB6KR9ri.js +240 -0
  774. package/dist/probe-CWtFr2jl.js +2 -0
  775. package/dist/probe-CcBuLmYT.js +2205 -0
  776. package/dist/probe-DYqlJBSk.js +2 -0
  777. package/dist/probe-_IUalbC8.js +1443 -0
  778. package/dist/program-sXJs6Lyj.js +111 -0
  779. package/dist/prompt-select-styled-jucMgA5f.js +20 -0
  780. package/dist/protocol-DgMCJAA_.js +2586 -0
  781. package/dist/provider-BSqWTcoz.js +70 -0
  782. package/dist/provider-api-key-auth-C92t3JTu.js +131 -0
  783. package/dist/provider-api-key-auth.runtime.js +1 -1
  784. package/dist/provider-auth-api-key-zf0PU9U_.js +5 -0
  785. package/dist/provider-auth-choice-palZRKPG.js +228 -0
  786. package/dist/provider-auth-hCEy91hA.js +46 -0
  787. package/dist/provider-auth-login-D4MC4bs_.js +8 -0
  788. package/dist/provider-auth-login.runtime.js +1 -1
  789. package/dist/provider-dispatcher-9z9Dw59_.js +2 -0
  790. package/dist/provider-dispatcher-DyQNST2Z.js +22 -0
  791. package/dist/provider-entry-DZDgzWTU.js +106 -0
  792. package/dist/provider-model-defaults-DC1PMV0H.js +6 -0
  793. package/dist/provider-registration-BSHUosM7.js +218 -0
  794. package/dist/provider-registration-CA9-PRDk.js +37 -0
  795. package/dist/qr-cli-Dwc3sjiV.js +2 -0
  796. package/dist/qr-cli-hTiyQbbK.js +349 -0
  797. package/dist/qr-image-BDoVY1GF.js +2 -0
  798. package/dist/queue-BljsBBtU.js +409 -0
  799. package/dist/reaction-runtime-api-Q9NHKbpw.js +116 -0
  800. package/dist/reactions-DGczAFsd.js +998 -0
  801. package/dist/read-capability-YFf_CDLF.js +412 -0
  802. package/dist/register-service-commands-Dxwl01rR.js +71 -0
  803. package/dist/register.agent-Drovpr_f.js +248 -0
  804. package/dist/register.configure-BzQtmjqp.js +15 -0
  805. package/dist/register.maintenance-PRykY6qq.js +363 -0
  806. package/dist/register.message-Dw6OLnap.js +329 -0
  807. package/dist/register.onboard-CB7aqo8I.js +88 -0
  808. package/dist/register.runtime-5QpZP1PI.js +81 -0
  809. package/dist/register.runtime.js +1 -1
  810. package/dist/register.setup-GLc__3H1.js +150 -0
  811. package/dist/register.status-health-sessions-DuQnS6V7.js +1215 -0
  812. package/dist/register.subclis-Bupq6ckp.js +3 -0
  813. package/dist/register.subclis-Df0YvsXg.js +29 -0
  814. package/dist/register.subclis-core-CK63Nor4.js +249 -0
  815. package/dist/reply-dispatch-runtime-D63ANCTQ.js +13 -0
  816. package/dist/reply-media-paths.runtime-C6-V86g1.js +146 -0
  817. package/dist/reply-media-paths.runtime-Cmms8y5S.js +2 -0
  818. package/dist/reply-media-paths.runtime.js +1 -1
  819. package/dist/reply-runtime-CLq8xugv.js +10 -0
  820. package/dist/reply.runtime-FitoWYiX.js +2 -0
  821. package/dist/reply.runtime.js +1 -1
  822. package/dist/resolve-BHmKuinY.js +259 -0
  823. package/dist/response-generator-BxzbAKHi.js +175 -0
  824. package/dist/restart-health-CNE6ENF8.js +202 -0
  825. package/dist/restart-health-DriNCEEo.js +2 -0
  826. package/dist/root-help-BsG62TUK.js +44 -0
  827. package/dist/route-reply-EPkWewCQ.js +162 -0
  828. package/dist/route-reply.runtime-Rem8ixbJ.js +2 -0
  829. package/dist/route-reply.runtime.js +1 -1
  830. package/dist/routes-B8SmZM_C.js +3341 -0
  831. package/dist/routes-CVtIuQaj.js +2 -0
  832. package/dist/rpc-AJw8-VEF.js +61 -0
  833. package/dist/rpc.runtime-NzXXr3IH.js +21 -0
  834. package/dist/rpc.runtime.js +1 -1
  835. package/dist/run-auth-profile.runtime-DrFMFMa5.js +2 -0
  836. package/dist/run-auth-profile.runtime.js +1 -1
  837. package/dist/run-delivery.runtime-DDc5pTuc.js +530 -0
  838. package/dist/run-delivery.runtime.js +1 -1
  839. package/dist/run-embedded.runtime-BlLE0DKl.js +4 -0
  840. package/dist/run-embedded.runtime.js +1 -1
  841. package/dist/run-execution-cli.runtime-Dx9bn2nL.js +4 -0
  842. package/dist/run-execution-cli.runtime.js +1 -1
  843. package/dist/run-executor.runtime-Bx0-xr66.js +277 -0
  844. package/dist/run-executor.runtime.js +1 -1
  845. package/dist/run-main-Q7WXDun9.js +567 -0
  846. package/dist/run-subagent-registry.runtime-DN441nGA.js +2 -0
  847. package/dist/run-subagent-registry.runtime.js +1 -1
  848. package/dist/run-wait-DOOBZLr5.js +135 -0
  849. package/dist/runner-B8D0Coak.js +966 -0
  850. package/dist/runner.entries-DZUGr24v.js +604 -0
  851. package/dist/runtime-B56xKFjA.js +9 -0
  852. package/dist/runtime-BshnyUPo.js +116 -0
  853. package/dist/runtime-CnTeeNB7.js +72 -0
  854. package/dist/runtime-D--xK0Me.js +961 -0
  855. package/dist/runtime-DFBduVee.js +2 -0
  856. package/dist/runtime-api-BGOAhjcp.js +9 -0
  857. package/dist/runtime-api-CcUMXjjy.js +14 -0
  858. package/dist/runtime-api-L9lB-rDz.js +4 -0
  859. package/dist/runtime-api-ap0gPIKQ.js +9 -0
  860. package/dist/runtime-co7Um4tt.js +263 -0
  861. package/dist/runtime-embedded-pi.runtime-CQ5TsVlh.js +2 -0
  862. package/dist/runtime-embedded-pi.runtime.js +1 -1
  863. package/dist/runtime-entry-g38-J35c.js +2769 -0
  864. package/dist/runtime-internal-DwAoh64o.js +2 -0
  865. package/dist/runtime-manifest.runtime.js +1 -1
  866. package/dist/runtime-options-CtF_gotz.js +275 -0
  867. package/dist/runtime-prepare.runtime-DAaAh4tU.js +80 -0
  868. package/dist/runtime-prepare.runtime.js +1 -1
  869. package/dist/runtime-schema-7aqYdEly.js +28599 -0
  870. package/dist/runtime-web-tools-DpTEm5uJ.js +1477 -0
  871. package/dist/runtime-web-tools-fallback.runtime.js +1 -1
  872. package/dist/runtime-web-tools-manifest.runtime.js +1 -1
  873. package/dist/runtime-web-tools-public-artifacts.runtime.js +1 -1
  874. package/dist/sandbox-DjUUwvID.js +3 -0
  875. package/dist/sandbox-IL2pQunA.js +1156 -0
  876. package/dist/sandbox-cli-C75oWfKU.js +450 -0
  877. package/dist/scan-BmfJ_GUd.js +2 -0
  878. package/dist/scan-BwUXPVa4.js +523 -0
  879. package/dist/secrets-cli-Byrmt5p3.js +2101 -0
  880. package/dist/security-cli-Cb_qzWSU.js +486 -0
  881. package/dist/selection-BaZ-7Sz6.js +2 -0
  882. package/dist/selection-C8rwxPqg.js +7743 -0
  883. package/dist/send-C3Ht9Buu.js +102 -0
  884. package/dist/send-NpRBz3rn.js +156 -0
  885. package/dist/send.runtime-Buvd_P2p.js +2 -0
  886. package/dist/send.runtime.js +1 -1
  887. package/dist/server-B8tim7RO.js +13 -0
  888. package/dist/server-ClAvfJJm.js +77 -0
  889. package/dist/server-context-Dl7OQ56d.js +2 -0
  890. package/dist/server-context-F2Jh0JBO.js +847 -0
  891. package/dist/server-node-events-Db8SbNO0.js +474 -0
  892. package/dist/server-plugin-bootstrap-DxpFA7AU.js +13703 -0
  893. package/dist/server-plugin-bootstrap-t6Z_tN0J.js +2 -0
  894. package/dist/server-restart-sentinel-VLhFJOy5.js +684 -0
  895. package/dist/server.impl-BNDZK6Lv.js +12804 -0
  896. package/dist/session-BThNEh5u.js +48 -0
  897. package/dist/session-archive.runtime.js +1 -1
  898. package/dist/session-envelope-tBfpcRRu.js +18 -0
  899. package/dist/session-key-De2wQZ8k.js +65 -0
  900. package/dist/session-kill-http-C35_XMK_.js +110 -0
  901. package/dist/session-meta-Bpv85XpZ.js +109 -0
  902. package/dist/session-override-dIx8boay.js +106 -0
  903. package/dist/session-reset-model.runtime-BY5KYxcY.js +133 -0
  904. package/dist/session-reset-model.runtime.js +1 -1
  905. package/dist/session-reset-service-Cs7o8vTZ.js +497 -0
  906. package/dist/session-route-DwjrtcvV.js +93 -0
  907. package/dist/session-status.runtime-Cp9hECfs.js +2 -0
  908. package/dist/session-status.runtime.js +1 -1
  909. package/dist/session-store-DT5H5NRv.js +126 -0
  910. package/dist/session-store.runtime-CoRuKMfZ.js +2 -0
  911. package/dist/session-store.runtime.js +1 -1
  912. package/dist/session-subagent-reactivation.runtime-3hC6cwVh.js +2 -0
  913. package/dist/session-subagent-reactivation.runtime.js +1 -1
  914. package/dist/session-tab-registry-BHn1P3lZ.js +581 -0
  915. package/dist/session-updates-CHKrFM9H.js +236 -0
  916. package/dist/session-updates.runtime-CqylTFnb.js +2 -0
  917. package/dist/session-updates.runtime.js +1 -1
  918. package/dist/session-utils-otyfumhD.js +1009 -0
  919. package/dist/session-visibility-C5yhLdDZ.js +147 -0
  920. package/dist/sessions-BjHLgqjt.js +2 -0
  921. package/dist/sessions-C1_80mqv.js +48 -0
  922. package/dist/sessions-DjIcw5uP.js +281 -0
  923. package/dist/sessions-helpers-C_xGZAo7.js +305 -0
  924. package/dist/sessions-history-http-CQ-Ga5H3.js +371 -0
  925. package/dist/sessions-patch-XzBTc4fY.js +309 -0
  926. package/dist/sessions-resolve-CF4QOXiX.js +174 -0
  927. package/dist/sessions-w6UJYMea.js +16 -0
  928. package/dist/sessions.runtime-CEV3VtEH.js +2 -0
  929. package/dist/sessions.runtime.js +1 -1
  930. package/dist/setup-BrkQiUrj.js +421 -0
  931. package/dist/setup-D218KRK6.js +636 -0
  932. package/dist/setup-api-BvHlVezg.js +29 -0
  933. package/dist/setup-core-BjceveVY.js +171 -0
  934. package/dist/setup-core-CxDIk2Qq.js +176 -0
  935. package/dist/setup-surface-6hnrFGJ3.js +286 -0
  936. package/dist/setup-surface-BBDyg26_.js +219 -0
  937. package/dist/setup-surface-HREO9zEo.js +403 -0
  938. package/dist/setup.finalize-CAJxf_Mm.js +547 -0
  939. package/dist/setup.gateway-config-g6JfCjT4.js +250 -0
  940. package/dist/shared-CJ2_38Ar.js +198 -0
  941. package/dist/shared-CecRnN5i.js +76 -0
  942. package/dist/shared-G254rWzJ.js +217 -0
  943. package/dist/shared-Zan1S92i.js +121 -0
  944. package/dist/shared-runtime-CKzUXuwN.js +7 -0
  945. package/dist/skill-commands-DWC_vZ-J.js +83 -0
  946. package/dist/skill-commands.runtime-BMmD4lyW.js +2 -0
  947. package/dist/skill-commands.runtime.js +1 -1
  948. package/dist/skills-install-Bpfq1PgX.js +605 -0
  949. package/dist/skills-snapshot.runtime-uSs9vmlj.js +7 -0
  950. package/dist/skills-snapshot.runtime.js +1 -1
  951. package/dist/slash-state-EXy1B2EX.js +1911 -0
  952. package/dist/speech-provider-CcbYv8ap.js +216 -0
  953. package/dist/speech-provider-Cr1h-_-X.js +170 -0
  954. package/dist/speech-provider-Gif_hcpc.js +209 -0
  955. package/dist/src-Dda8Fvmo.js +3974 -0
  956. package/dist/stage-sandbox-media.runtime-_FkeTCA0.js +232 -0
  957. package/dist/stage-sandbox-media.runtime.js +1 -1
  958. package/dist/startup-context-BLtyYbKu.js +312 -0
  959. package/dist/state-migrations-BXYrr3Hc.js +820 -0
  960. package/dist/status-B1RXiDvc.js +3 -0
  961. package/dist/status-B4tnoXkV.js +2 -0
  962. package/dist/status-BWXZC-dF.js +2 -0
  963. package/dist/status-CUZkKe39.js +62 -0
  964. package/dist/status-DNnTegVL.js +395 -0
  965. package/dist/status-G3Z29Cb_.js +190 -0
  966. package/dist/status-all-pjolmMGB.js +498 -0
  967. package/dist/status-json-BKR5uVlE.js +14 -0
  968. package/dist/status-json-command-DuIQ8dNz.js +82 -0
  969. package/dist/status-message-CZyHmUQr.js +466 -0
  970. package/dist/status-message.runtime-C1I59_ay.js +6 -0
  971. package/dist/status-message.runtime.js +1 -1
  972. package/dist/status-n2SrcSeP.js +209 -0
  973. package/dist/status-queue.runtime-k2kdii3C.js +2 -0
  974. package/dist/status-queue.runtime.js +1 -1
  975. package/dist/status-runtime-shared-9akPh3OB.js +241 -0
  976. package/dist/status-subagents.runtime-C-2-94r7.js +18 -0
  977. package/dist/status-subagents.runtime.js +1 -1
  978. package/dist/status-text-DY-AMW7D.js +237 -0
  979. package/dist/status.gateway-connection.runtime-CGwlyVSQ.js +2 -0
  980. package/dist/status.gateway-connection.runtime.js +1 -1
  981. package/dist/status.gather-C17tVkff.js +2 -0
  982. package/dist/status.gather-CGXwFKnq.js +292 -0
  983. package/dist/status.runtime-DdcRs0mC.js +2 -0
  984. package/dist/status.runtime-L3R8cOql.js +2 -0
  985. package/dist/status.runtime.js +1 -1
  986. package/dist/status.scan-BSIqJF_S.js +65 -0
  987. package/dist/status.scan-overview-CbwLYoIT.js +379 -0
  988. package/dist/status.scan.fast-json-BnpfFSN8.js +2 -0
  989. package/dist/status.scan.fast-json-W54JDFUy.js +132 -0
  990. package/dist/status.summary-CeaTG93y.js +2 -0
  991. package/dist/status.summary-LPaYBiqB.js +200 -0
  992. package/dist/store-BtHVDH2Q.js +910 -0
  993. package/dist/store-Qn6Vf7Ma.js +4 -0
  994. package/dist/store.runtime-Dd3L_GjJ.js +2 -0
  995. package/dist/store.runtime.js +1 -1
  996. package/dist/stream-CImPPcyN.js +664 -0
  997. package/dist/subagent-announce-Dn5xl49E.js +351 -0
  998. package/dist/subagent-announce-delivery-CpVHT0KZ.js +726 -0
  999. package/dist/subagent-announce-output-Ba8GDqQZ.js +364 -0
  1000. package/dist/subagent-capabilities-DN1kjzNE.js +251 -0
  1001. package/dist/subagent-control-Clm3gsra.js +506 -0
  1002. package/dist/subagent-control.runtime-D9vrLexA.js +3 -0
  1003. package/dist/subagent-control.runtime.js +1 -1
  1004. package/dist/subagent-followup.runtime-OlILj5hg.js +68 -0
  1005. package/dist/subagent-followup.runtime.js +1 -1
  1006. package/dist/subagent-orphan-recovery-Dqi7ktSy.js +305 -0
  1007. package/dist/subagent-registry-BfT1dA_H.js +3 -0
  1008. package/dist/subagent-registry-DsOeyo6i.js +1753 -0
  1009. package/dist/subagent-registry.runtime.js +1 -1
  1010. package/dist/subagent-spawn-IMKDJ_Ai.js +1005 -0
  1011. package/dist/supervisor-DgpKTzey.js +704 -0
  1012. package/dist/supervisor-log.runtime.js +1 -1
  1013. package/dist/system-cli-QcbUPgUP.js +43 -0
  1014. package/dist/targets-rJXMe19f.js +67 -0
  1015. package/dist/targets.runtime.js +1 -1
  1016. package/dist/task-executor-CT_QfGPJ.js +360 -0
  1017. package/dist/task-owner-access-Bm14vxJa.js +74 -0
  1018. package/dist/task-registry-D6gK7iIt.js +2357 -0
  1019. package/dist/task-registry-delivery-runtime-CDAeASdU.js +2 -0
  1020. package/dist/task-registry-delivery-runtime-CeWw5kdc.js +3 -0
  1021. package/dist/task-registry.maintenance-B5hpULqB.js +416 -0
  1022. package/dist/task-registry.maintenance-DZFQCCjc.js +2 -0
  1023. package/dist/telegram/token.js +2 -2
  1024. package/dist/testing-B2Y0vJ76.js +575 -0
  1025. package/dist/text-report-0Q8c04if.js +549 -0
  1026. package/dist/tool-auth-shared-Ca0wddYT.js +90 -0
  1027. package/dist/tool-policy-pipeline-BLtvEs31.js +109 -0
  1028. package/dist/tool-resolution-CHcj9HdC.js +90 -0
  1029. package/dist/tools-effective-inventory-Giuks2Dt.js +152 -0
  1030. package/dist/tools-invoke-http-FlaWbmCS.js +206 -0
  1031. package/dist/transcript-resolve.runtime-wnJiuCEb.js +2 -0
  1032. package/dist/transcript-resolve.runtime.js +1 -1
  1033. package/dist/transcript-yKXsllQ2.js +312 -0
  1034. package/dist/transcript.runtime-CmcFZQq0.js +2 -0
  1035. package/dist/transcript.runtime.js +1 -1
  1036. package/dist/trash-BzlpkaUi.js +24 -0
  1037. package/dist/tts-BG_1G2S6.js +64 -0
  1038. package/dist/tui-cli-B9Emgd5Q.js +4585 -0
  1039. package/dist/uninstall-B6U2msaD.js +185 -0
  1040. package/dist/update-BjKPsXUk.js +1282 -0
  1041. package/dist/update-cli-ln47pDmA.js +1759 -0
  1042. package/dist/update-startup-Xs6Edz-d.js +2 -0
  1043. package/dist/upgrade-Ctu4zfU3.js +1226 -0
  1044. package/dist/video-generation-provider-B0W1RcQj.js +264 -0
  1045. package/dist/video-generation-provider-B2XcJK8B.js +221 -0
  1046. package/dist/video-generation-provider-BJt8-Jzh.js +254 -0
  1047. package/dist/video-generation-provider-Bsz88Y8I.js +78 -0
  1048. package/dist/video-generation-provider-CmN0n1aP.js +271 -0
  1049. package/dist/video-generation-provider-DKFpHGWz.js +64 -0
  1050. package/dist/video-generation-provider-LgYMFJAm.js +281 -0
  1051. package/dist/video-generation-provider-j1OQMvjr2.js +77 -0
  1052. package/dist/video-generation-provider-lI_tgIiA.js +287 -0
  1053. package/dist/video-generation-provider-uVzVbp2s.js +118 -0
  1054. package/dist/video-generation-provider-xQ4AZkeK.js +187 -0
  1055. package/dist/video-generation-task-status-AzBxxMK4.js +163 -0
  1056. package/dist/wait-for-idle-before-flush-D4a3dGVX.js +6025 -0
  1057. package/dist/web-search-provider-Bt8NRG25.js +163 -0
  1058. package/dist/wizard-models-DpLispoG.js +334 -0
  1059. package/dist/workflow-runtime-C0jGj382.js +485 -0
  1060. package/package.json +1 -1
  1061. package/dist/abort-CvJN6IMd.js +0 -201
  1062. package/dist/abort-cutoff.runtime-oLWHRfE6.js +0 -20
  1063. package/dist/abort.runtime-DAzGHIa2.js +0 -2
  1064. package/dist/accounts-B3aTKIO4.js +0 -104
  1065. package/dist/accounts-BwigO-9Q.js +0 -2
  1066. package/dist/accounts-CdLNyXHa.js +0 -107
  1067. package/dist/acp-cli-DQz79rl7.js +0 -2217
  1068. package/dist/acp-spawn-Bbs_m3VF.js +0 -2
  1069. package/dist/acp-spawn-CTMewMbn.js +0 -1042
  1070. package/dist/acp-stateful-target-driver-D4VaoZPV.js +0 -89
  1071. package/dist/action-agents-DFmhHVfJ.js +0 -67
  1072. package/dist/action-focus-Dx08tcy-.js +0 -132
  1073. package/dist/action-help-hQl_vyPP.js +0 -7
  1074. package/dist/action-info-JmXoHEPD.js +0 -101
  1075. package/dist/action-kill-BcGm94a1.js +0 -33
  1076. package/dist/action-list-BtDTTljd.js +0 -21
  1077. package/dist/action-log-CzNEUTkF.js +0 -30
  1078. package/dist/action-send-BVjcdCrr.js +0 -39
  1079. package/dist/action-spawn-Cn0JgaO1.js +0 -47
  1080. package/dist/action-unfocus-c1Uu4T8u.js +0 -29
  1081. package/dist/actions.runtime-Cmrr3s-z.js +0 -5
  1082. package/dist/actions.runtime-XCeILsBA.js +0 -18
  1083. package/dist/agent-CS1XdimC.js +0 -2
  1084. package/dist/agent-command-BiLxDWtx.js +0 -874
  1085. package/dist/agent-harness-runtime-bunUaGg7.js +0 -144
  1086. package/dist/agent-runner-utils-BFkEZbb9.js +0 -239
  1087. package/dist/agent-runner.runtime-DUtejeBt.js +0 -3443
  1088. package/dist/agent-runtime-CQG_IBlM.js +0 -18
  1089. package/dist/agents-DArnaFQV.js +0 -954
  1090. package/dist/agents-jSVdSQr5.js +0 -5
  1091. package/dist/agents.command-shared-cZa4UKga.js +0 -40
  1092. package/dist/aliases-BrquU2aa.js +0 -96
  1093. package/dist/aliases-OQzPD6Kz.js +0 -2
  1094. package/dist/api-BXtBpymk.js +0 -5
  1095. package/dist/api-CGMqDBcv.js +0 -3
  1096. package/dist/api-CNr0UyHW.js +0 -139
  1097. package/dist/api-DIKi1Ni8.js +0 -4
  1098. package/dist/api-i4W2Wwd4.js +0 -48
  1099. package/dist/apply-oUSa2Pf0.js +0 -508
  1100. package/dist/apply.runtime-BLCi2Ivv.js +0 -166
  1101. package/dist/apply.runtime-D_hTG_Y0.js +0 -2
  1102. package/dist/approval-gateway-resolver-D2iqmJiq.js +0 -29
  1103. package/dist/approval-gateway-runtime-C1pBe7Fx.js +0 -2
  1104. package/dist/approval-handler-runtime-Zf1fCWk1.js +0 -439
  1105. package/dist/approval-native-runtime-C0zvGwfB.js +0 -729
  1106. package/dist/attempt-execution.runtime-Cu16wO9j.js +0 -509
  1107. package/dist/attempt-execution.shared-BY_ARPh1.js +0 -22
  1108. package/dist/attempt.prompt-helpers-C3qMNvxE.js +0 -206
  1109. package/dist/attempt.tool-run-context-M11pca0b.js +0 -933
  1110. package/dist/audit-DF-0hnr9.js +0 -939
  1111. package/dist/audit-extra.async-BbZcluVr.js +0 -971
  1112. package/dist/audit-tool-policy-C0lIM9Fp.js +0 -3
  1113. package/dist/audit.deep.runtime-CXjulrWI.js +0 -2
  1114. package/dist/audit.nondeep.runtime-nu5XTu7N.js +0 -880
  1115. package/dist/audit.runtime-DYyjmKuk.js +0 -7
  1116. package/dist/auth-CzjcgD0-.js +0 -177
  1117. package/dist/auth-DE-yY2QL.js +0 -550
  1118. package/dist/auth-DLmN64Y_.js +0 -2
  1119. package/dist/auth-DQw5zHDJ.js +0 -56
  1120. package/dist/auth-choice-CXWHXiQK.js +0 -3
  1121. package/dist/auth-choice-DGMF0dBk.js +0 -85
  1122. package/dist/auth-order-CP3BJeex.js +0 -2
  1123. package/dist/auth-order-DQHJAKY8.js +0 -139
  1124. package/dist/bash-tools-DUxUia5q.js +0 -3
  1125. package/dist/bash-tools-_AgECrXf.js +0 -2853
  1126. package/dist/bash-tools.exec-runtime-CVOp5fHn.js +0 -823
  1127. package/dist/binding-routing-D7ruDbx0.js +0 -85
  1128. package/dist/binding-targets-BZWuOcR0.js +0 -121
  1129. package/dist/bridge-server-C4WpUTaE.js +0 -113
  1130. package/dist/browser-control-auth-CmYxtkaH.js +0 -2
  1131. package/dist/browser-node-runtime-BLHYH8YL.js +0 -12
  1132. package/dist/browser-profiles-Cawo818z.js +0 -2
  1133. package/dist/browser-runtime-LzhODwuG.js +0 -387
  1134. package/dist/browser-setup-tools-CTgOb29b.js +0 -13
  1135. package/dist/build-AqzTQK3J.js +0 -550
  1136. package/dist/call-J2wbwzLi.js +0 -330
  1137. package/dist/call-S0AZ899k.js +0 -3
  1138. package/dist/call.runtime-CyP2bdv0.js +0 -2
  1139. package/dist/capability-cli-6jHIuGQe.js +0 -1401
  1140. package/dist/catalog-provider-RQJYkKkq.js +0 -40
  1141. package/dist/catchup-CN5lM9nn.js +0 -300
  1142. package/dist/channel-4jggmldw.js +0 -453
  1143. package/dist/channel-8osltyJD.js +0 -840
  1144. package/dist/channel-B-P45jvy.js +0 -595
  1145. package/dist/channel-BIV8BnjO.js +0 -1802
  1146. package/dist/channel-CXUPhx7m.js +0 -297
  1147. package/dist/channel-ChWfDzLg.js +0 -226
  1148. package/dist/channel-DMCOcmaZ.js +0 -491
  1149. package/dist/channel-DT5I65Xv.js +0 -1174
  1150. package/dist/channel-_mt8OaDA.js +0 -1320
  1151. package/dist/channel-add-wizard-BLjklZ70.js +0 -2
  1152. package/dist/channel-add-wizard-C3BysW2-.js +0 -125
  1153. package/dist/channel-cbqIqIvi.js +0 -1100
  1154. package/dist/channel-core-CcHrOJQl.js +0 -5
  1155. package/dist/channel-inbound-gJZ5fy8s.js +0 -31
  1156. package/dist/channel-plugin-resolution-BNbz8s_s.js +0 -153
  1157. package/dist/channel-plugin-resolution-Bey1o2RL.js +0 -2
  1158. package/dist/channel-plugin-runtime-CFVplMXF.js +0 -771
  1159. package/dist/channel-runtime-D2fhnXNT.js +0 -425
  1160. package/dist/channel-setup-BzbhDDrt.js +0 -1297
  1161. package/dist/channel-twNI9g5j.js +0 -350
  1162. package/dist/channel.runtime-B7RAHQNT.js +0 -430
  1163. package/dist/channel.runtime-BIcoI6bq.js +0 -2364
  1164. package/dist/channel.runtime-Ci_26egi.js +0 -576
  1165. package/dist/channel.runtime-CzTNZfZz.js +0 -89
  1166. package/dist/channel.runtime-D0qkeWVB.js +0 -4
  1167. package/dist/channel.runtime-D_9taoyr.js +0 -42398
  1168. package/dist/channel.setup-Ck6-6alN.js +0 -10
  1169. package/dist/channel2.runtime-CzLs-yVz.js +0 -109
  1170. package/dist/channels-C3tEEndo.js +0 -733
  1171. package/dist/channels-cli-1vvCRqai.js +0 -268
  1172. package/dist/chat-9N_9QPkq.js +0 -2830
  1173. package/dist/clawbot-cli-CySj7xP4.js +0 -9
  1174. package/dist/clawhub-DRNYT4Ih.js +0 -400
  1175. package/dist/cli-2nlB-dHJ.js +0 -154
  1176. package/dist/cli-7dTpJC3M.js +0 -2
  1177. package/dist/cli-BGMFTnb1.js +0 -683
  1178. package/dist/cli-BNYLM-n-.js +0 -219
  1179. package/dist/cli-Bj3CMawx.js +0 -2
  1180. package/dist/cli-C26tWLBw.js +0 -3726
  1181. package/dist/cli-dB2d6i0x.js +0 -72
  1182. package/dist/cli-fZ6nZozk.js +0 -2
  1183. package/dist/cli-runner-DkUWaw3u.js +0 -286
  1184. package/dist/cli-runner.runtime-Bdu8GaIU.js +0 -4
  1185. package/dist/cli-runner.runtime-D35_WwIC.js +0 -3
  1186. package/dist/cli.runtime-D0ZdkRoZ.js +0 -1261
  1187. package/dist/client-BLrVaUap.js +0 -723
  1188. package/dist/client-JSnNx9t8.js +0 -138
  1189. package/dist/command-auth-vH98jyU8.js +0 -76
  1190. package/dist/command-config-resolution-B-U-WZy5.js +0 -23
  1191. package/dist/command-config-resolution-ByjKlaVl.js +0 -2
  1192. package/dist/command-config-resolution.runtime-Wv85AlQo.js +0 -2
  1193. package/dist/command-execution-startup-DtBNBU06.js +0 -324
  1194. package/dist/command-registry-Bu9yJGC5.js +0 -4
  1195. package/dist/command-registry-CuME9hky.js +0 -9
  1196. package/dist/command-registry-core-Bk9WAOxq.js +0 -106
  1197. package/dist/command-secret-gateway-BWnLmfo1.js +0 -528
  1198. package/dist/command-status.runtime-DHRozViO.js +0 -87
  1199. package/dist/commands-acp-CnxVcX4s.js +0 -77
  1200. package/dist/commands-compact.runtime-DKZYaee9.js +0 -10
  1201. package/dist/commands-core.runtime-CXYQlfla.js +0 -2
  1202. package/dist/commands-handlers.runtime-BFqsQ9UV.js +0 -4599
  1203. package/dist/commands-reset-hooks-C-P5vfWa.js +0 -135
  1204. package/dist/commands-status-DBC5I7yG.js +0 -16
  1205. package/dist/commands-status.runtime-BgK6raz4.js +0 -3
  1206. package/dist/commands-subagents-control.runtime-CY4xaq28.js +0 -3
  1207. package/dist/commands-subagents-control.runtime-z9tchzCP.js +0 -2
  1208. package/dist/commands-system-prompt-BNtFvxmr.js +0 -157
  1209. package/dist/commands-system-prompt-CHVjFzQO.js +0 -2
  1210. package/dist/commands.runtime-BAsTu7s5.js +0 -167
  1211. package/dist/compact-Ddu8hZfc.js +0 -1096
  1212. package/dist/compact.runtime-GpkxTJxx.js +0 -12
  1213. package/dist/completion-cli-BNte3Dj6.js +0 -328
  1214. package/dist/config-Cvu5tnrW.js +0 -252
  1215. package/dist/config-cli-BlZB5tV-.js +0 -1078
  1216. package/dist/config-guard-Ca-1hhke.js +0 -96
  1217. package/dist/config-runtime-AtYct3A3.js +0 -32
  1218. package/dist/configure-CiGtXggx.js +0 -2
  1219. package/dist/configure-DDqC8LYD.js +0 -1252
  1220. package/dist/connect-options-BbJfh_Oy.js +0 -699
  1221. package/dist/control-auth-B2Jsq2zv.js +0 -125
  1222. package/dist/control-service-B5OxTjPP.js +0 -156
  1223. package/dist/control-ui/assets/agents-CfLnBH4t.js +0 -1125
  1224. package/dist/control-ui/assets/canvas-pj-aGbeH.js +0 -274
  1225. package/dist/control-ui/assets/channel-config-extras-sj_UXv9J.js +0 -2
  1226. package/dist/control-ui/assets/channels-BelCW9hw.js +0 -198
  1227. package/dist/control-ui/assets/contacts-B-2gb_ua.js +0 -49
  1228. package/dist/control-ui/assets/cron-B6-26cyp.js +0 -250
  1229. package/dist/control-ui/assets/de-DOykxjSu.js +0 -2
  1230. package/dist/control-ui/assets/debug-B5MO5d0M.js +0 -94
  1231. package/dist/control-ui/assets/es-BTwWEPGm.js +0 -2
  1232. package/dist/control-ui/assets/fr-DVRwR98L.js +0 -2
  1233. package/dist/control-ui/assets/i18n-BPOQLrbx.js +0 -3
  1234. package/dist/control-ui/assets/id-BSBAUAzK.js +0 -2
  1235. package/dist/control-ui/assets/index-CmdvEIGH.js +0 -5981
  1236. package/dist/control-ui/assets/instances-uygO1ZKq.js +0 -57
  1237. package/dist/control-ui/assets/ja-JP-BiD5eOfG.js +0 -2
  1238. package/dist/control-ui/assets/ko-BNgLBJdW.js +0 -2
  1239. package/dist/control-ui/assets/logs-GdE34D7D.js +0 -74
  1240. package/dist/control-ui/assets/mcp-472P8M4F.js +0 -380
  1241. package/dist/control-ui/assets/memory-Dvp5YUvN.js +0 -50
  1242. package/dist/control-ui/assets/memory-graph-B27rN_e7.js +0 -30
  1243. package/dist/control-ui/assets/models-C88CYx1F.js +0 -86
  1244. package/dist/control-ui/assets/nodes-CUXTunGj.js +0 -654
  1245. package/dist/control-ui/assets/pl-DrVcqC4t.js +0 -2
  1246. package/dist/control-ui/assets/plugins-D3upvVMU.js +0 -259
  1247. package/dist/control-ui/assets/presenter-DSvbCagf.js +0 -2
  1248. package/dist/control-ui/assets/pt-BR-BXlBG1WX.js +0 -2
  1249. package/dist/control-ui/assets/sessions-BzVDlJpI.js +0 -56
  1250. package/dist/control-ui/assets/skills-DQD9wvlO.js +0 -294
  1251. package/dist/control-ui/assets/skills-shared-B-3kgWg3.js +0 -11
  1252. package/dist/control-ui/assets/th-DjtYmyBR.js +0 -2
  1253. package/dist/control-ui/assets/tr-I0LYx0Ew.js +0 -2
  1254. package/dist/control-ui/assets/uk-xilwRRzQ.js +0 -2
  1255. package/dist/control-ui/assets/wallet-DWa9gqqg.js +0 -302
  1256. package/dist/control-ui/assets/zh-CN-DHz_bYy_.js +0 -2
  1257. package/dist/control-ui/assets/zh-TW-LvBbVYeU.js +0 -2
  1258. package/dist/control-ui-Djt0XDNa.js +0 -1043
  1259. package/dist/conversation-id-BTqKksIo.js +0 -38
  1260. package/dist/conversation-id-DzarUmXD.js +0 -235
  1261. package/dist/conversation-runtime-DbbmwXgr.js +0 -31
  1262. package/dist/core-CYiHLgHk.js +0 -275
  1263. package/dist/create-DN7NWqCZ.js +0 -80
  1264. package/dist/cron-cli-Dyd_7f_N.js +0 -713
  1265. package/dist/daemon-cli-DT5GXTxV.js +0 -12
  1266. package/dist/dashboard-BtYlqUpN.js +0 -2
  1267. package/dist/dashboard-DwroM17M.js +0 -81
  1268. package/dist/delegate-CBLxnP3N.js +0 -64
  1269. package/dist/deliver-BedUVIQP.js +0 -747
  1270. package/dist/deliver-DPvG5Qo8.js +0 -3
  1271. package/dist/deliver-runtime-DZlx42y2.js +0 -2
  1272. package/dist/delivery-outbound.runtime-Dyo6zcqN.js +0 -6
  1273. package/dist/delivery.runtime-CmuJYXg1.js +0 -253
  1274. package/dist/detached-task-runtime-DWSrAiuI.js +0 -73
  1275. package/dist/devices-cli-CrGc8ckS.js +0 -498
  1276. package/dist/diagnostics-CzNM2oo3.js +0 -154
  1277. package/dist/direct-dm-Cy7dY7RF.js +0 -64
  1278. package/dist/directive-handling.fast-lane-Vuy-nG2-.js +0 -66
  1279. package/dist/directive-handling.impl-DrE_GeZR.js +0 -2
  1280. package/dist/directive-handling.impl-KH2zUp6M.js +0 -703
  1281. package/dist/directive-handling.model-selection-BiW8QHW-.js +0 -114
  1282. package/dist/directive-handling.persist.runtime-VLCtMqO5.js +0 -215
  1283. package/dist/directory-cli-DQRcL8xw.js +0 -240
  1284. package/dist/dispatch-Dew5dCZ_.js +0 -1131
  1285. package/dist/dispatch-acp-CvCVNtsu.js +0 -981
  1286. package/dist/dispatch-acp-manager.runtime-DBTAUi2i.js +0 -3
  1287. package/dist/dispatch-acp-media.runtime-Bq9nReBk.js +0 -4
  1288. package/dist/dispatch-acp-session.runtime-CKts6zqY.js +0 -2
  1289. package/dist/dispatch-acp.runtime-Cw1tjQKP.js +0 -19
  1290. package/dist/doctor-config-flow-C1S8B_sg.js +0 -420
  1291. package/dist/doctor-config-preflight-DH_iBFHQ.js +0 -2
  1292. package/dist/doctor-config-preflight-nRntMTIC.js +0 -63
  1293. package/dist/doctor-device-pairing-C9OfTAUh.js +0 -307
  1294. package/dist/doctor-gateway-daemon-flow-CS1gl0S3.js +0 -250
  1295. package/dist/doctor-gateway-health-DzKV435y.js +0 -63
  1296. package/dist/doctor-health-DNiEej9S.js +0 -59
  1297. package/dist/doctor-health-contributions-BxgcjAL5.js +0 -493
  1298. package/dist/doctor-prompter-T7JdMaQG.js +0 -56
  1299. package/dist/doctor-sandbox-C9h2a5Uu.js +0 -194
  1300. package/dist/doctor-state-migrations-BPuF54_Y.js +0 -2
  1301. package/dist/doctor-workspace-status-C3jLUkHt.js +0 -75
  1302. package/dist/dreaming-CiOm27X0.js +0 -1582
  1303. package/dist/dreaming-narrative-C8m64g44.js +0 -596
  1304. package/dist/embedded-gateway-stub.runtime-Di2s5bLl.js +0 -9
  1305. package/dist/embedding-provider-QRMp19Ph.js +0 -118
  1306. package/dist/embeddings-Cwg0dHC_.js +0 -215
  1307. package/dist/embeddings-http-DbBwgwsH.js +0 -205
  1308. package/dist/exec-approval-forwarder.runtime-BNGZQkhU.js +0 -3
  1309. package/dist/exec-approvals-cli-DiBWd6eL.js +0 -498
  1310. package/dist/exec-defaults-B5NE8OtM.js +0 -2
  1311. package/dist/exec-defaults-Dy3ej-Rk.js +0 -67
  1312. package/dist/execute.runtime-cy0XQXc7.js +0 -1359
  1313. package/dist/fallbacks-Bjq0H75u.js +0 -31
  1314. package/dist/fallbacks-C3dys5Ff.js +0 -2
  1315. package/dist/fallbacks-shared-4iQjz5v5.js +0 -111
  1316. package/dist/gateway-BxIfReRV.js +0 -115
  1317. package/dist/gateway-cli-Czx2Ub57.js +0 -1283
  1318. package/dist/gateway-rpc-CdXoDE6_.js +0 -14
  1319. package/dist/gateway-rpc.runtime-DXFVTu-I.js +0 -23
  1320. package/dist/gateway-runtime-DoElJuBU.js +0 -15
  1321. package/dist/gateway-status-DtdmlnK6.js +0 -584
  1322. package/dist/genesis-tools-vU91jnMS.js +0 -9435
  1323. package/dist/genesis-tools.runtime-Dfpi37K0.js +0 -2
  1324. package/dist/get-reply-DTtxw9Xp.js +0 -3946
  1325. package/dist/get-reply-from-config.runtime-CB9EeF1Q.js +0 -2
  1326. package/dist/gmail-watcher-lifecycle-JbKGb-1A.js +0 -2
  1327. package/dist/graph-users-CoF5XRS_.js +0 -1337
  1328. package/dist/health-CLRWQEVB.js +0 -3
  1329. package/dist/health-DvTtpVIw.js +0 -420
  1330. package/dist/health-route-8H3Sy8RI.js +0 -41
  1331. package/dist/health-route-CHLAMCYm.js +0 -2
  1332. package/dist/hooks-cli-D2AeKlrf.js +0 -433
  1333. package/dist/http-endpoint-helpers-CG3AcjuK.js +0 -41
  1334. package/dist/http-utils-L02eBAVo.js +0 -924
  1335. package/dist/image-fallbacks-Cy-kcJR5.js +0 -2
  1336. package/dist/image-fallbacks-DoQoUiR7.js +0 -31
  1337. package/dist/image-generation-core-CEg4KACr.js +0 -18
  1338. package/dist/image-generation-provider-B4tW_Kj3.js +0 -274
  1339. package/dist/image-generation-provider-B72nmoos.js +0 -157
  1340. package/dist/image-generation-provider-D9v0PADz.js +0 -63
  1341. package/dist/image-generation-provider-DLYGDzST.js +0 -228
  1342. package/dist/image-generation-provider-DYu8ZWBs.js +0 -529
  1343. package/dist/image-generation-provider-jp6l2Jls.js +0 -95
  1344. package/dist/image-generation-provider-qr08iqKe.js +0 -137
  1345. package/dist/image-runtime-DRQcRKzy.js +0 -9
  1346. package/dist/inbound-reply-dispatch-jQhsUF0f.js +0 -73
  1347. package/dist/inbound.runtime-CCnJwfdz.js +0 -3
  1348. package/dist/inbound.runtime-DwsGti2x.js +0 -4
  1349. package/dist/infra-runtime-DwRkDuXF.js +0 -38
  1350. package/dist/init-DwpSUAfi.js +0 -59
  1351. package/dist/install-DwDt01Fk.js +0 -726
  1352. package/dist/install-security-scan-Cq0N2AQi.js +0 -26
  1353. package/dist/install-security-scan.runtime-DWlSCQbQ.js +0 -671
  1354. package/dist/install.runtime-CWnOXdy4.js +0 -27
  1355. package/dist/install.runtime-DPA5lA9o.js +0 -12
  1356. package/dist/jobs-D9IyaUDB.js +0 -729
  1357. package/dist/library-mAKEzoAM.js +0 -45
  1358. package/dist/lifecycle-BUTglQLK.js +0 -229
  1359. package/dist/lifecycle-Csd_mbv2.js +0 -571
  1360. package/dist/lifecycle.runtime-1wfzPGwQ.js +0 -2
  1361. package/dist/list-5rTtE3qu.js +0 -2
  1362. package/dist/list-BCYNIOw6.js +0 -2
  1363. package/dist/list-DyQGXU4h.js +0 -1212
  1364. package/dist/list-DzN4dO0z.js +0 -131
  1365. package/dist/list.probe-BQZZbfvC.js +0 -419
  1366. package/dist/live-model-switch-DqJLIA4J.js +0 -336
  1367. package/dist/llm-slug-generator-BWH-YxyP.js +0 -79
  1368. package/dist/load-config-CISXosI1.js +0 -35
  1369. package/dist/loader-DlmWqYuM.js +0 -222
  1370. package/dist/local-dispatch.runtime-BdXedbsx.js +0 -8
  1371. package/dist/login-DX18Qaag.js +0 -108
  1372. package/dist/logs-cli-YcX3NrQk.js +0 -265
  1373. package/dist/logs-cli.runtime-4RNOEP9S.js +0 -2
  1374. package/dist/main-session-restart-recovery-DxOWdFCG.js +0 -206
  1375. package/dist/managed-image-attachments-BjnlRyZi.js +0 -2
  1376. package/dist/managed-image-attachments-CgE1Q1Bu.js +0 -635
  1377. package/dist/manager-CvrwzOap.js +0 -2
  1378. package/dist/manager-DIyzKDRT.js +0 -2057
  1379. package/dist/markdown-to-line-BzCikJ_W.js +0 -790
  1380. package/dist/mcp-cli-HFkNRDTk.js +0 -725
  1381. package/dist/mcp-http-BpymCnig.js +0 -529
  1382. package/dist/media-runtime-awxrKlof.js +0 -329
  1383. package/dist/media-understanding-CYk-TBlo.js +0 -85
  1384. package/dist/media-understanding-provider-BFl9PvK0.js +0 -18
  1385. package/dist/media-understanding-provider-BbHedlHI.js +0 -69
  1386. package/dist/media-understanding-provider-C4hkphxA.js +0 -28
  1387. package/dist/media-understanding-provider-CIJApc3Q.js +0 -85
  1388. package/dist/media-understanding-provider-CMRfrvoW.js +0 -37
  1389. package/dist/media-understanding-provider-D8MwbDYK.js +0 -12
  1390. package/dist/media-understanding-provider-DPZ3M0zL.js +0 -21
  1391. package/dist/media-understanding-provider-DnFHplle.js +0 -13
  1392. package/dist/media-understanding-provider-O3o8RDTO.js +0 -12
  1393. package/dist/media-understanding-provider-WmKhdAeP.js +0 -18
  1394. package/dist/media-understanding-runtime-DiWkY8O9.js +0 -2
  1395. package/dist/memory-core-host-runtime-cli-D1OEhnrF.js +0 -9
  1396. package/dist/memory-embedding-adapter-Ll4TtjDC.js +0 -123
  1397. package/dist/memory-host-search-BzpJFHpD.js +0 -12
  1398. package/dist/message-action-runner-CMY-upve.js +0 -1407
  1399. package/dist/message-action-runner-DySHa6EF.js +0 -2
  1400. package/dist/message-actions-B9LTXVEy.js +0 -143
  1401. package/dist/message-kmB-ZdwF.js +0 -232
  1402. package/dist/message.gateway.runtime-CKp6wO2c.js +0 -2
  1403. package/dist/method-scopes-D_AZ7OsK.js +0 -235
  1404. package/dist/model-picker-D20JpfyM.js +0 -559
  1405. package/dist/model-picker-Dpin9dw4.js +0 -3
  1406. package/dist/model-picker.runtime-B19j-xJa.js +0 -15
  1407. package/dist/model-selection-BDK7dEju.js +0 -212
  1408. package/dist/models-auth-status-CWD5blQY.js +0 -217
  1409. package/dist/models-cli-qKl_DDX9.js +0 -271
  1410. package/dist/models-http-DruY6N81.js +0 -92
  1411. package/dist/models.fetch-2geG13AQ.js +0 -518
  1412. package/dist/monitor-Ba7ejkS8.js +0 -671
  1413. package/dist/monitor-BaVaWrC7.js +0 -2
  1414. package/dist/monitor-C35OWSe9.js +0 -1661
  1415. package/dist/monitor-Cl9di7UV.js +0 -788
  1416. package/dist/monitor-CyNHlr3x.js +0 -1237
  1417. package/dist/monitor-DfSNLX9p.js +0 -1459
  1418. package/dist/monitor-auth-Bar1iwPD.js +0 -207
  1419. package/dist/monitor-processing-DOC1o7D2.js +0 -1974
  1420. package/dist/monitor.runtime-CzFqZGY2.js +0 -2
  1421. package/dist/monitor.webhook-Bim0zewE.js +0 -180
  1422. package/dist/msteams-BqQ_sRgm.js +0 -35
  1423. package/dist/music-generation-provider-Bac-UFIO.js +0 -63
  1424. package/dist/music-generation-provider-fPGrO1gg.js +0 -170
  1425. package/dist/native-hook-relay-CiXmqOtV.js +0 -519
  1426. package/dist/nextcloud-talk-ByistOQj.js +0 -17
  1427. package/dist/node-cli-BWtbe5nd.js +0 -2276
  1428. package/dist/nodes-cli-DuzsL0Gb.js +0 -1046
  1429. package/dist/nodes-utils-oVtp9rVI.js +0 -84
  1430. package/dist/nodes.helpers-DJ1lCjQx.js +0 -34
  1431. package/dist/notify-Xz011HiU.js +0 -315
  1432. package/dist/oauth-B9WR0gWL.js +0 -75
  1433. package/dist/oauth-BpJKd6mz.js +0 -2
  1434. package/dist/oauth-BqiriUcs.js +0 -139
  1435. package/dist/oauth-Dl3zSXWU.js +0 -152
  1436. package/dist/oauth.flow-CIweZ0Wo.js +0 -45
  1437. package/dist/oauth.flow-YT9WcJAP.js +0 -3
  1438. package/dist/onboard-CJcg9WIT.js +0 -2
  1439. package/dist/onboard-DrfmoxpG.js +0 -316
  1440. package/dist/onboard-SSBg2BsM.js +0 -70
  1441. package/dist/onboard-channels-B-jq5k4w.js +0 -2
  1442. package/dist/onboard-channels-Dg4UVNnl.js +0 -3
  1443. package/dist/onboard-custom-DDY7T8Mb.js +0 -3
  1444. package/dist/onboard-custom-buJ3Vz5C.js +0 -271
  1445. package/dist/onboard-helpers-D-z22ggH.js +0 -204
  1446. package/dist/onboard-helpers-DU-hRKeY.js +0 -6
  1447. package/dist/onboard-interactive-C8tFz_EJ.js +0 -24
  1448. package/dist/onboard-non-interactive-ZnR63QNa.js +0 -635
  1449. package/dist/onboard-remote-B6KxBZY_.js +0 -193
  1450. package/dist/onboard-remote-BrblbI6u.js +0 -2
  1451. package/dist/onboard-skills-BaEg-lmj.js +0 -2
  1452. package/dist/onboard-skills-BuFtX13Z.js +0 -134
  1453. package/dist/onboarding-plugin-install-CNIcGqAI.js +0 -406
  1454. package/dist/openai-codex-provider-6aTYk3jp.js +0 -472
  1455. package/dist/openai-http-Wkidi3o4.js +0 -500
  1456. package/dist/openai-provider-w1PV_KGr.js +0 -313
  1457. package/dist/opencode-SEOw9RYv.js +0 -35
  1458. package/dist/openresponses-http-BkPjGHMn.js +0 -1128
  1459. package/dist/operator-approvals-client-xj8FFWPH.js +0 -68
  1460. package/dist/outbound-runtime-D7qdGq1B.js +0 -5
  1461. package/dist/outbound.runtime-riknu3Rg.js +0 -2
  1462. package/dist/pair-command-approve-CRig33Ea.js +0 -44
  1463. package/dist/persistent-bindings.lifecycle-BhVLGVlI.js +0 -2
  1464. package/dist/persistent-bindings.lifecycle-CVWzaSA9.js +0 -85
  1465. package/dist/pi-bundle-mcp-runtime-CEwlOt28.js +0 -2
  1466. package/dist/pi-bundle-mcp-runtime-DS32_bKh.js +0 -829
  1467. package/dist/pi-bundle-mcp-tools-MVePSeQp.js +0 -108
  1468. package/dist/pi-embedded-Dh5naw-j.js +0 -4
  1469. package/dist/pi-embedded-S0ld6lbd.js +0 -2905
  1470. package/dist/pi-embedded-subscribe.handlers.compaction.runtime-61zYwcVi.js +0 -23
  1471. package/dist/pi-embedded.runtime-BeWYEwSt.js +0 -4
  1472. package/dist/pi-tool-definition-adapter-MgnP-0c4.js +0 -229
  1473. package/dist/pi-tools-DyVcSRei.js +0 -1118
  1474. package/dist/pi-tools.before-tool-call-BZ1PLh46.js +0 -433
  1475. package/dist/pi-tools.before-tool-call-DSgr_Sjd.js +0 -2
  1476. package/dist/plugin-DoXrlTHe.js +0 -12195
  1477. package/dist/plugin-enabled-CCAWKL0j.js +0 -140
  1478. package/dist/plugin-install-D9RUigrW.js +0 -2
  1479. package/dist/plugin-install-DRc2KTWx.js +0 -115
  1480. package/dist/plugin-install-config-policy-CtKZaMAw.js +0 -137
  1481. package/dist/plugin-install-plan-BeNfwB5V.js +0 -50
  1482. package/dist/plugin-registration-COZcclAr.js +0 -23
  1483. package/dist/plugin-service-Cu_nlZmO.js +0 -2893
  1484. package/dist/plugins-cli-qkT7VGd9.js +0 -584
  1485. package/dist/plugins-command-helpers-DvRgKfV0.js +0 -107
  1486. package/dist/plugins-install-persist-CZWXaz5s.js +0 -133
  1487. package/dist/plugins-update-command-qKTcfS44.js +0 -1057
  1488. package/dist/policy-CxwHwL56.js +0 -328
  1489. package/dist/prepare.runtime-BhO3ot9P.js +0 -807
  1490. package/dist/probe-4IiQQG_7.js +0 -2
  1491. package/dist/probe-89jd9VHi.js +0 -1443
  1492. package/dist/probe-B2Uw_PN-.js +0 -2205
  1493. package/dist/probe-B4ekJ-Xv.js +0 -74
  1494. package/dist/probe-B9hiEFIU.js +0 -2
  1495. package/dist/probe-CDrkDwhe.js +0 -240
  1496. package/dist/probe-Ct62B_e4.js +0 -45
  1497. package/dist/probe-pLHVFHK6.js +0 -243
  1498. package/dist/program-HFwaDGDa.js +0 -111
  1499. package/dist/prompt-select-styled-BL_pKMTB.js +0 -20
  1500. package/dist/protocol-C9LrRIRp.js +0 -2515
  1501. package/dist/provider-D4RPFEas.js +0 -70
  1502. package/dist/provider-api-key-auth-DxE3Ubaz.js +0 -131
  1503. package/dist/provider-auth-94YJgYBI.js +0 -46
  1504. package/dist/provider-auth-api-key-D9d3vpbu.js +0 -5
  1505. package/dist/provider-auth-choice-C1kxCG8d.js +0 -228
  1506. package/dist/provider-auth-login-DSy_0CmF.js +0 -8
  1507. package/dist/provider-dispatcher-C81eCA-H.js +0 -22
  1508. package/dist/provider-dispatcher-puinwYaq.js +0 -2
  1509. package/dist/provider-entry-CR0Z4V2Y.js +0 -106
  1510. package/dist/provider-model-defaults-CY1F7Q3c.js +0 -6
  1511. package/dist/provider-registration-C3cLloFb.js +0 -37
  1512. package/dist/provider-registration-CU67AJCU.js +0 -218
  1513. package/dist/qr-cli-BdX_FFlu.js +0 -349
  1514. package/dist/qr-cli-C5253ud8.js +0 -2
  1515. package/dist/qr-image-BQnl-2Hz.js +0 -2
  1516. package/dist/queue-IehGWtWc.js +0 -409
  1517. package/dist/reaction-runtime-api-95Ou_vSC.js +0 -116
  1518. package/dist/reactions-DZizt8LI.js +0 -998
  1519. package/dist/read-capability-w1W5sKua.js +0 -412
  1520. package/dist/register-service-commands-DMNQ-id4.js +0 -71
  1521. package/dist/register.agent-CQOBdXob.js +0 -248
  1522. package/dist/register.configure-C8yC_SYa.js +0 -15
  1523. package/dist/register.maintenance-CSIY47OO.js +0 -363
  1524. package/dist/register.message-g5yjxPxU.js +0 -329
  1525. package/dist/register.onboard-U3SrMpHb.js +0 -88
  1526. package/dist/register.runtime-BMuRf7KD.js +0 -81
  1527. package/dist/register.setup-DOBsdUvr.js +0 -150
  1528. package/dist/register.status-health-sessions-p_3FnJtp.js +0 -1215
  1529. package/dist/register.subclis-CNkq2TdW.js +0 -29
  1530. package/dist/register.subclis-P3ru4E6I.js +0 -3
  1531. package/dist/register.subclis-core-D5N5ewgp.js +0 -249
  1532. package/dist/reply-dispatch-runtime-B8TMhGSo.js +0 -13
  1533. package/dist/reply-media-paths.runtime-Bv-VQY1O.js +0 -2
  1534. package/dist/reply-media-paths.runtime-qZYIzFEg.js +0 -146
  1535. package/dist/reply-runtime-Ba_5YKEX.js +0 -10
  1536. package/dist/reply.runtime-CvlE6uYh.js +0 -2
  1537. package/dist/resolve-DxTN302S.js +0 -259
  1538. package/dist/response-generator-Be1_-xjF.js +0 -175
  1539. package/dist/restart-health-CV-Nm1lw.js +0 -202
  1540. package/dist/restart-health-DywY1594.js +0 -2
  1541. package/dist/root-help-oR4nv8N9.js +0 -44
  1542. package/dist/route-reply-Dn9zmIdM.js +0 -162
  1543. package/dist/route-reply.runtime-DkwtG2qY.js +0 -2
  1544. package/dist/routes-ClkLAuU2.js +0 -3341
  1545. package/dist/routes-cv4VrQu1.js +0 -2
  1546. package/dist/rpc-05cw0vNh.js +0 -61
  1547. package/dist/rpc.runtime-DhFlfCMB.js +0 -21
  1548. package/dist/run-auth-profile.runtime-Bflh0AxI.js +0 -2
  1549. package/dist/run-delivery.runtime-B_9TxqQA.js +0 -530
  1550. package/dist/run-embedded.runtime-V68HvJT8.js +0 -4
  1551. package/dist/run-execution-cli.runtime-9NpwQ1uu.js +0 -4
  1552. package/dist/run-executor.runtime-CX2Emb4e.js +0 -277
  1553. package/dist/run-main-xnrI4i-W.js +0 -567
  1554. package/dist/run-subagent-registry.runtime-CEgCR8-w.js +0 -2
  1555. package/dist/run-wait-By6jGhn0.js +0 -135
  1556. package/dist/runner-Vhfg_kYp.js +0 -966
  1557. package/dist/runner.entries-DWptWo_Q.js +0 -604
  1558. package/dist/runtime-COXB-OZq.js +0 -263
  1559. package/dist/runtime-Cfcvlsp1.js +0 -2
  1560. package/dist/runtime-D0MD5Uyv.js +0 -9
  1561. package/dist/runtime-D2DhV36f.js +0 -961
  1562. package/dist/runtime-D9CBb5Na.js +0 -72
  1563. package/dist/runtime-api-C_o5iE1W.js +0 -9
  1564. package/dist/runtime-api-Cws6dHRG.js +0 -14
  1565. package/dist/runtime-api-D8EKRzzw.js +0 -4
  1566. package/dist/runtime-api-DUw04nys.js +0 -9
  1567. package/dist/runtime-embedded-pi.runtime-Ckdld_Ij.js +0 -2
  1568. package/dist/runtime-entry-BaLt5V4d.js +0 -2769
  1569. package/dist/runtime-internal-Dga3dvsC.js +0 -2
  1570. package/dist/runtime-l0B7QFL3.js +0 -116
  1571. package/dist/runtime-options-DwYzxb7U.js +0 -275
  1572. package/dist/runtime-prepare.runtime-D6bMmoTn.js +0 -80
  1573. package/dist/runtime-schema-BDGFtL0_.js +0 -28599
  1574. package/dist/runtime-web-tools-DlattYEh.js +0 -1477
  1575. package/dist/sandbox-B0HW_QP3.js +0 -1156
  1576. package/dist/sandbox-D2w77M7D.js +0 -3
  1577. package/dist/sandbox-cli-DhrLokzO.js +0 -450
  1578. package/dist/scan-BWFQXm24.js +0 -523
  1579. package/dist/scan-CrfOpA-h.js +0 -2
  1580. package/dist/secrets-cli-TxHWzJzS.js +0 -2101
  1581. package/dist/security-cli-DIvsGk3X.js +0 -486
  1582. package/dist/selection-CHTqBz4F.js +0 -2
  1583. package/dist/selection-D_K-9r-x.js +0 -7743
  1584. package/dist/send-DE7hu875.js +0 -156
  1585. package/dist/send-TkldUWcX.js +0 -102
  1586. package/dist/send.runtime-CZI1JWw8.js +0 -2
  1587. package/dist/server-B8xhfNfn.js +0 -77
  1588. package/dist/server-Cz40q0g2.js +0 -13
  1589. package/dist/server-context-B7rWJ2gB.js +0 -847
  1590. package/dist/server-context-yutVechl.js +0 -2
  1591. package/dist/server-node-events-VPwgJoKG.js +0 -474
  1592. package/dist/server-plugin-bootstrap-Dy78XA3J.js +0 -2
  1593. package/dist/server-plugin-bootstrap-N59qJvH4.js +0 -13355
  1594. package/dist/server-restart-sentinel-Zjl16hJh.js +0 -684
  1595. package/dist/server.impl-DpFPnl5_.js +0 -12798
  1596. package/dist/session-DQK4G2N-.js +0 -48
  1597. package/dist/session-envelope-uG-4XV0X.js +0 -18
  1598. package/dist/session-key-CTestOWs.js +0 -65
  1599. package/dist/session-kill-http-o34Xk0D1.js +0 -110
  1600. package/dist/session-meta-B_6JKgd3.js +0 -109
  1601. package/dist/session-override-BJXIc7UA.js +0 -106
  1602. package/dist/session-reset-model.runtime-DFT-FJW1.js +0 -133
  1603. package/dist/session-reset-service-C0ScpWIE.js +0 -497
  1604. package/dist/session-route-UusYWQ_M.js +0 -93
  1605. package/dist/session-status.runtime-DJV2WJZM.js +0 -2
  1606. package/dist/session-store-COzyfYG2.js +0 -126
  1607. package/dist/session-store.runtime-CQHXgM_Z.js +0 -2
  1608. package/dist/session-subagent-reactivation.runtime-yyMT_MgO.js +0 -2
  1609. package/dist/session-tab-registry-Bkd33PY1.js +0 -581
  1610. package/dist/session-updates-Dl4GafMW.js +0 -236
  1611. package/dist/session-updates.runtime-bHYRFXxm.js +0 -2
  1612. package/dist/session-utils-Dkaj_4dZ.js +0 -1009
  1613. package/dist/session-visibility-BOYOn-Gu.js +0 -147
  1614. package/dist/sessions-D3eFfsPH.js +0 -281
  1615. package/dist/sessions-DAup1AeE.js +0 -16
  1616. package/dist/sessions-helpers-DlsDzSXL.js +0 -305
  1617. package/dist/sessions-history-http--8biogY1.js +0 -371
  1618. package/dist/sessions-kO7Dit6B.js +0 -48
  1619. package/dist/sessions-patch-BlUpBepz.js +0 -309
  1620. package/dist/sessions-resolve-DPWviaDr.js +0 -174
  1621. package/dist/sessions-uVaHa5mC.js +0 -2
  1622. package/dist/sessions.runtime-CHJDx6Rg.js +0 -2
  1623. package/dist/setup-COcb42YZ.js +0 -636
  1624. package/dist/setup-DX-d8t6q.js +0 -421
  1625. package/dist/setup-api-Ddfd033_.js +0 -29
  1626. package/dist/setup-core-Bsasst9Y.js +0 -176
  1627. package/dist/setup-core-CWmsLaJv.js +0 -171
  1628. package/dist/setup-surface-CTZ5CnX4.js +0 -219
  1629. package/dist/setup-surface-D2c6jlaM.js +0 -403
  1630. package/dist/setup-surface-Dazv-gzK.js +0 -286
  1631. package/dist/setup.finalize-DSSoTSsd.js +0 -547
  1632. package/dist/setup.gateway-config-bJqXJA3E.js +0 -250
  1633. package/dist/shared-C-DELFhh.js +0 -217
  1634. package/dist/shared-DOOnkgfw.js +0 -198
  1635. package/dist/shared-DfVOpp8r.js +0 -121
  1636. package/dist/shared-nGZZHrFV.js +0 -76
  1637. package/dist/shared-runtime-lVwJld87.js +0 -7
  1638. package/dist/skill-commands-Crg6g_xc.js +0 -83
  1639. package/dist/skill-commands.runtime-Dx9JZPVm.js +0 -2
  1640. package/dist/skills-install-B1RJkjel.js +0 -605
  1641. package/dist/skills-snapshot.runtime-1fnPk6SF.js +0 -7
  1642. package/dist/slash-state-CwgTzmc8.js +0 -1911
  1643. package/dist/speech-provider-BEjGmdRi.js +0 -170
  1644. package/dist/speech-provider-DU0xib0M.js +0 -209
  1645. package/dist/speech-provider-jexKB2Fl.js +0 -216
  1646. package/dist/src-CbfkGwGz.js +0 -3974
  1647. package/dist/stage-sandbox-media.runtime-BzOf-LsJ.js +0 -232
  1648. package/dist/startup-context-acV-bzAJ.js +0 -312
  1649. package/dist/state-migrations-DlUY4b3i.js +0 -820
  1650. package/dist/status-0ozKjOYe.js +0 -190
  1651. package/dist/status-BFMr1TH_.js +0 -395
  1652. package/dist/status-C0tUFjWh.js +0 -2
  1653. package/dist/status-DgyADd4G.js +0 -209
  1654. package/dist/status-Dql1aIFE.js +0 -62
  1655. package/dist/status-L2NtbOry.js +0 -3
  1656. package/dist/status-all-DK98dFQa.js +0 -498
  1657. package/dist/status-json-OEukc0cF.js +0 -14
  1658. package/dist/status-json-command-BWv0zt8E.js +0 -82
  1659. package/dist/status-message-DuKO-hzh.js +0 -466
  1660. package/dist/status-message.runtime-BnLXbVHh.js +0 -6
  1661. package/dist/status-queue.runtime-DXdIwJaQ.js +0 -2
  1662. package/dist/status-runtime-shared-DBMTXWTZ.js +0 -241
  1663. package/dist/status-subagents.runtime-VTEVgOJj.js +0 -18
  1664. package/dist/status-text-Cx0Esdj6.js +0 -237
  1665. package/dist/status-xjF4vxou.js +0 -2
  1666. package/dist/status.gateway-connection.runtime-BT6XfoLV.js +0 -2
  1667. package/dist/status.gather-CF5qlFAG.js +0 -292
  1668. package/dist/status.gather-L0QGMaC4.js +0 -2
  1669. package/dist/status.runtime-BwFzOfxj.js +0 -2
  1670. package/dist/status.runtime-DYi_nOHT.js +0 -2
  1671. package/dist/status.scan-CflamBc9.js +0 -65
  1672. package/dist/status.scan-overview-pGpvYksm.js +0 -379
  1673. package/dist/status.scan.fast-json-BbMvHncK.js +0 -132
  1674. package/dist/status.scan.fast-json-D39u21tI.js +0 -2
  1675. package/dist/status.summary-CKh5Legf.js +0 -2
  1676. package/dist/status.summary-DVdS-4Fj.js +0 -200
  1677. package/dist/store-DgajP9Em.js +0 -4
  1678. package/dist/store-tuisxHpf.js +0 -910
  1679. package/dist/store.runtime-Bw5wLKnD.js +0 -2
  1680. package/dist/stream-CWqBQkS6.js +0 -664
  1681. package/dist/subagent-announce-Df9ABEaq.js +0 -351
  1682. package/dist/subagent-announce-delivery-B5xYlVwu.js +0 -726
  1683. package/dist/subagent-announce-output-JQ-I1Kmk.js +0 -364
  1684. package/dist/subagent-capabilities-DFXCYxt0.js +0 -251
  1685. package/dist/subagent-control-CMaKDVuG.js +0 -506
  1686. package/dist/subagent-control.runtime-CgBRjo3Q.js +0 -3
  1687. package/dist/subagent-followup.runtime-Be2c3jkr.js +0 -68
  1688. package/dist/subagent-orphan-recovery-B4jHKSis.js +0 -305
  1689. package/dist/subagent-registry-CjLI6fcV.js +0 -3
  1690. package/dist/subagent-registry-CruvknDh.js +0 -1753
  1691. package/dist/subagent-spawn-C-9kmYik.js +0 -1005
  1692. package/dist/supervisor-DaRbw4Gw.js +0 -704
  1693. package/dist/system-cli-Cmv7YV3z.js +0 -43
  1694. package/dist/targets-DGdlJYMl.js +0 -67
  1695. package/dist/task-executor-DbusuL0w.js +0 -360
  1696. package/dist/task-owner-access-DNC_BT5l.js +0 -74
  1697. package/dist/task-registry-CKDRlfmp.js +0 -2357
  1698. package/dist/task-registry-delivery-runtime-DX6tjuwQ.js +0 -3
  1699. package/dist/task-registry-delivery-runtime-Ge4fS1Fa.js +0 -2
  1700. package/dist/task-registry.maintenance-DhjCTf6L.js +0 -416
  1701. package/dist/task-registry.maintenance-DyX6m_7s.js +0 -2
  1702. package/dist/testing-BecnXPE0.js +0 -575
  1703. package/dist/text-report-BW3t_i75.js +0 -549
  1704. package/dist/tool-auth-shared-DWrecN7g.js +0 -90
  1705. package/dist/tool-policy-pipeline-CA61tNc_.js +0 -109
  1706. package/dist/tool-resolution-BRHtzc7Q.js +0 -90
  1707. package/dist/tools-effective-inventory-CLJ3nPbB.js +0 -152
  1708. package/dist/tools-invoke-http-DWbJzMo3.js +0 -206
  1709. package/dist/transcript-CEK104A6.js +0 -312
  1710. package/dist/transcript-resolve.runtime-D4I8B--1.js +0 -2
  1711. package/dist/transcript.runtime-ClNMqLSP.js +0 -2
  1712. package/dist/trash-CvOmDpdP.js +0 -24
  1713. package/dist/tts-vEtIfdGN.js +0 -64
  1714. package/dist/tui-cli-BuQzKTYR.js +0 -4585
  1715. package/dist/uninstall-BQ_d8nQ4.js +0 -185
  1716. package/dist/update-D8foEnSw.js +0 -1282
  1717. package/dist/update-cli-DB-VQaie.js +0 -1759
  1718. package/dist/update-startup-D-n1C8A0.js +0 -2
  1719. package/dist/upgrade-DPhvhHXF.js +0 -1226
  1720. package/dist/video-generation-provider-5v5lTL00.js +0 -287
  1721. package/dist/video-generation-provider-BGtbUYJd.js +0 -64
  1722. package/dist/video-generation-provider-BlOdvaLh.js +0 -118
  1723. package/dist/video-generation-provider-CR_fRJ8m.js +0 -187
  1724. package/dist/video-generation-provider-CVUs00hp.js +0 -264
  1725. package/dist/video-generation-provider-CtstiCCO.js +0 -271
  1726. package/dist/video-generation-provider-DDQjPRYO.js +0 -254
  1727. package/dist/video-generation-provider-DLy7AvTJ.js +0 -281
  1728. package/dist/video-generation-provider-DNnNMvS9.js +0 -221
  1729. package/dist/video-generation-provider-vzf0PQXj2.js +0 -77
  1730. package/dist/video-generation-provider-zINiw3aL.js +0 -78
  1731. package/dist/video-generation-task-status-DWUrjc4T.js +0 -163
  1732. package/dist/wait-for-idle-before-flush-BBwcUWtb.js +0 -5985
  1733. package/dist/web-search-provider-BkIzoc2Y.js +0 -163
  1734. package/dist/wizard-models-B5HIywox.js +0 -334
  1735. package/dist/workflow-runtime-tvBeQSK9.js +0 -485
  1736. /package/dist/{audit-channel.collect.runtime-BAKyzn52.js → audit-channel.collect.runtime-CevlIQ6K.js} +0 -0
  1737. /package/dist/{audit-tool-policy-Ftr0W8Wl.js → audit-tool-policy-DTodxIZf.js} +0 -0
  1738. /package/dist/{channel-selection.runtime-CsQ0qN21.js → channel-selection.runtime-DAkF_DgO.js} +0 -0
  1739. /package/dist/{close-reason-DNwBM4qe.js → close-reason-BPuKI4th.js} +0 -0
  1740. /package/dist/{configured-B8XGIYz-.js → configured-C-0r4Pk2.js} +0 -0
  1741. /package/dist/{diagnostic-support-export-CuIJulCK.js → diagnostic-support-export-C8cpJRWi.js} +0 -0
  1742. /package/dist/{gmail-watcher-lifecycle-BoWMgpeT.js → gmail-watcher-lifecycle-DrTbIr0m.js} +0 -0
  1743. /package/dist/{image-BwAofy0f.js → image-LNALiqnF.js} +0 -0
  1744. /package/dist/{image-generation-core.auth.runtime-B6BpHP6V.js → image-generation-core.auth.runtime-hzZbX1YD.js} +0 -0
  1745. /package/dist/{input-allowlist-zDKNs6OG.js → input-allowlist-Bn8hssyM.js} +0 -0
  1746. /package/dist/{install-target-FXMkL80i.js → install-target-C0Dg_4Un.js} +0 -0
  1747. /package/dist/{memory-host-search.runtime-Vfck_NLf.js → memory-host-search.runtime-CAejVWZB.js} +0 -0
  1748. /package/dist/{message.config.runtime-Df8nVSE4.js → message.config.runtime-CAG3eLmF.js} +0 -0
  1749. /package/dist/{paths-BdDCK0XP.js → paths-BrPnd-v6.js} +0 -0
  1750. /package/dist/{provider-api-key-auth.runtime-fT4D2dQt.js → provider-api-key-auth.runtime-YLpiRoM3.js} +0 -0
  1751. /package/dist/{provider-auth-login.runtime-EnfK3WTr.js → provider-auth-login.runtime-BwDEPbY4.js} +0 -0
  1752. /package/dist/{push-apns-DoMbCgqq.js → push-apns-UUwkJMxt.js} +0 -0
  1753. /package/dist/{runtime-manifest.runtime-CuqWbJ5G.js → runtime-manifest.runtime-D8BuqQCR.js} +0 -0
  1754. /package/dist/{runtime-web-channel-plugin-ChmPPl7a.js → runtime-web-channel-plugin-Dx1GGPSD.js} +0 -0
  1755. /package/dist/{runtime-web-tools-fallback.runtime-B3fmu7s0.js → runtime-web-tools-fallback.runtime-_nNCUNAT.js} +0 -0
  1756. /package/dist/{runtime-web-tools-manifest.runtime-CpiYM000.js → runtime-web-tools-manifest.runtime-BaeloEzn.js} +0 -0
  1757. /package/dist/{runtime-web-tools-public-artifacts.runtime-BBNdsUv5.js → runtime-web-tools-public-artifacts.runtime-DOdl6CAd.js} +0 -0
  1758. /package/dist/{server-startup-log-DXJn1EgH.js → server-startup-log-BUk3dEm6.js} +0 -0
  1759. /package/dist/{server-startup-memory-C4d9ImgC.js → server-startup-memory-C3gdaomJ.js} +0 -0
  1760. /package/dist/{server-tailscale-DeNCXYBr.js → server-tailscale-C0DsqL5N.js} +0 -0
  1761. /package/dist/{services-m8_503l9.js → services-CiBabvAX.js} +0 -0
  1762. /package/dist/{session-archive.runtime-DDhx1bOA.js → session-archive.runtime-BIqBKdzI.js} +0 -0
  1763. /package/dist/{setup.node-config-BXET5GZk.js → setup.node-config-BlJDbu4T.js} +0 -0
  1764. /package/dist/{setup.plugin-config-CgBJMtZ8.js → setup.plugin-config-CCP7nrfy.js} +0 -0
  1765. /package/dist/{skill-scanner-cEm04-3B.js → skill-scanner-DnqZE6Fh.js} +0 -0
  1766. /package/dist/{ssh-config-BfxhRhPu.js → ssh-config-wfp8-I37.js} +0 -0
  1767. /package/dist/{supervisor-log.runtime-BdagMpUZ.js → supervisor-log.runtime-DYzbopV7.js} +0 -0
  1768. /package/dist/{targets.runtime-BS4UWyk2.js → targets.runtime-1fn-rTlI.js} +0 -0
  1769. /package/dist/{update-startup-D69inLEd.js → update-startup-DW61ftJW.js} +0 -0
@@ -1,939 +0,0 @@
1
- import { a as normalizeLowercaseStringOrEmpty, s as normalizeOptionalLowercaseString } from "./string-coerce-DPP_aYVc.js";
2
- import { t as formatCliCommand } from "./command-format-B3Q5KD9o.js";
3
- import { _ as resolveStateDir, o as resolveConfigPath } from "./paths-Bv2rGpO9.js";
4
- import { o as hasConfiguredSecretInput } from "./types.secrets-BbgGt42I.js";
5
- import { n as formatPermissionRemediation, r as inspectPathPermissions, t as formatPermissionDetail } from "./audit-fs-CAyAtdeX.js";
6
- import { n as resolveGatewayAuth } from "./auth-resolve-CcailHTH.js";
7
- import { n as asNullableRecord } from "./record-coerce-CMKPGWB_.js";
8
- import { t as DEFAULT_AGENT_ID } from "./session-key-CI3KvTQC.js";
9
- import { i as normalizeTrustedSafeBinDirs, o as listRiskyConfiguredSafeBins } from "./exec-safe-bin-trust-DMrCONj2.js";
10
- import { b as resolveAgentWorkspaceDir, x as resolveDefaultAgentId } from "./agent-scope-BUYwVohk.js";
11
- import { i as resolveSandboxConfigForAgent } from "./config-DwJUHdf0.js";
12
- import { u as isInterpreterLikeAllowlistPattern } from "./exec-approvals-allowlist-BBW7JMg0.js";
13
- import { i as resolveMergedSafeBinProfileFixtures, n as listInterpreterLikeSafeBins } from "./exec-safe-bin-runtime-policy-DUcKpnC_.js";
14
- import { l as loadExecApprovals } from "./exec-approvals-D0DTIzDT.js";
15
- import { n as collectCoreInsecureOrDangerousFlags, t as collectEnabledInsecureOrDangerousFlags } from "./dangerous-config-flags-Drbk-drI.js";
16
- import { t as DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "./dangerous-tools-DTsU-3_q.js";
17
- import path from "node:path";
18
- import { isIP } from "node:net";
19
- //#region src/security/audit-deep-code-safety.ts
20
- let auditDeepModulePromise;
21
- async function loadAuditDeepModule() {
22
- auditDeepModulePromise ??= import("./audit.deep.runtime-CXjulrWI.js");
23
- return await auditDeepModulePromise;
24
- }
25
- async function collectDeepCodeSafetyFindings(params) {
26
- if (!params.deep) return [];
27
- const auditDeep = await loadAuditDeepModule();
28
- return [...await auditDeep.collectPluginsCodeSafetyFindings({
29
- stateDir: params.stateDir,
30
- summaryCache: params.summaryCache
31
- }), ...await auditDeep.collectInstalledSkillsCodeSafetyFindings({
32
- cfg: params.cfg,
33
- stateDir: params.stateDir,
34
- summaryCache: params.summaryCache
35
- })];
36
- }
37
- //#endregion
38
- //#region src/security/audit-deep-probe-findings.ts
39
- function collectDeepProbeFindings(params) {
40
- const findings = [];
41
- if (params.deep?.gateway?.attempted && !params.deep.gateway.ok) findings.push({
42
- checkId: "gateway.probe_failed",
43
- severity: "warn",
44
- title: "Gateway probe failed (deep)",
45
- detail: params.deep.gateway.error ?? "gateway unreachable",
46
- remediation: `Run "${formatCliCommand("genesis status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("genesis security audit --deep")}".`
47
- });
48
- if (params.authWarning) findings.push({
49
- checkId: "gateway.probe_auth_secretref_unavailable",
50
- severity: "warn",
51
- title: "Gateway probe auth SecretRef is unavailable",
52
- detail: params.authWarning,
53
- remediation: `Set GENESIS_GATEWAY_TOKEN/GENESIS_GATEWAY_PASSWORD in this shell or resolve the external secret provider, then re-run "${formatCliCommand("genesis security audit --deep")}".`
54
- });
55
- return findings;
56
- }
57
- //#endregion
58
- //#region src/security/audit-gateway-config.ts
59
- function hasNonEmptyString(value) {
60
- return typeof value === "string" && value.trim().length > 0;
61
- }
62
- function collectGatewayConfigFindings$1(cfg, sourceConfig, env, options = {}) {
63
- const findings = [];
64
- const bind = typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback";
65
- const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
66
- const auth = resolveGatewayAuth({
67
- authConfig: cfg.gateway?.auth,
68
- tailscaleMode,
69
- env
70
- });
71
- const controlUiEnabled = cfg.gateway?.controlUi?.enabled !== false;
72
- const controlUiAllowedOrigins = (cfg.gateway?.controlUi?.allowedOrigins ?? []).map((value) => value.trim()).filter(Boolean);
73
- const dangerouslyAllowHostHeaderOriginFallback = cfg.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true;
74
- const trustedProxies = Array.isArray(cfg.gateway?.trustedProxies) ? cfg.gateway.trustedProxies : [];
75
- const hasToken = typeof auth.token === "string" && auth.token.trim().length > 0;
76
- const hasPassword = typeof auth.password === "string" && auth.password.trim().length > 0;
77
- const envTokenConfigured = hasNonEmptyString(env.GENESIS_GATEWAY_TOKEN);
78
- const envPasswordConfigured = hasNonEmptyString(env.GENESIS_GATEWAY_PASSWORD);
79
- const tokenConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.token, sourceConfig.secrets?.defaults);
80
- const passwordConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.password, sourceConfig.secrets?.defaults);
81
- const remoteTokenConfigured = hasConfiguredSecretInput(sourceConfig.gateway?.remote?.token, sourceConfig.secrets?.defaults);
82
- const explicitAuthMode = sourceConfig.gateway?.auth?.mode;
83
- const tokenCanWin = hasToken || envTokenConfigured || tokenConfiguredFromConfig || remoteTokenConfigured;
84
- const passwordCanWin = explicitAuthMode === "password" || explicitAuthMode !== "token" && explicitAuthMode !== "none" && explicitAuthMode !== "trusted-proxy" && !tokenCanWin;
85
- const tokenConfigured = tokenCanWin;
86
- const passwordConfigured = hasPassword || passwordCanWin && (envPasswordConfigured || passwordConfiguredFromConfig);
87
- const hasSharedSecret = explicitAuthMode === "token" ? tokenConfigured : explicitAuthMode === "password" ? passwordConfigured : explicitAuthMode === "none" || explicitAuthMode === "trusted-proxy" ? false : tokenConfigured || passwordConfigured;
88
- const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
89
- const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
90
- const allowRealIpFallback = cfg.gateway?.allowRealIpFallback === true;
91
- const mdnsMode = cfg.discovery?.mdns?.mode ?? "minimal";
92
- const gatewayToolsAllowRaw = Array.isArray(cfg.gateway?.tools?.allow) ? cfg.gateway?.tools?.allow : [];
93
- const gatewayToolsAllow = new Set(gatewayToolsAllowRaw.map((v) => normalizeOptionalLowercaseString(v) ?? "").filter(Boolean));
94
- const reenabledOverHttp = DEFAULT_GATEWAY_HTTP_TOOL_DENY.filter((name) => gatewayToolsAllow.has(name));
95
- if (reenabledOverHttp.length > 0) {
96
- const extraRisk = bind !== "loopback" || tailscaleMode === "funnel";
97
- findings.push({
98
- checkId: "gateway.tools_invoke_http.dangerous_allow",
99
- severity: extraRisk ? "critical" : "warn",
100
- title: "Gateway HTTP /tools/invoke re-enables dangerous tools",
101
- detail: `gateway.tools.allow includes ${reenabledOverHttp.join(", ")} which removes them from the default HTTP deny list. This can allow remote session spawning / control-plane actions via HTTP and increases RCE blast radius if the gateway is reachable.`,
102
- remediation: "Remove these entries from gateway.tools.allow (recommended). If you keep them enabled, keep gateway.bind loopback-only (or tailnet-only), restrict network exposure, and treat the gateway token/password as full-admin."
103
- });
104
- }
105
- if (bind !== "loopback" && !hasSharedSecret && auth.mode !== "trusted-proxy") findings.push({
106
- checkId: "gateway.bind_no_auth",
107
- severity: "critical",
108
- title: "Gateway binds beyond loopback without auth",
109
- detail: `gateway.bind="${bind}" but no gateway.auth token/password is configured.`,
110
- remediation: `Set gateway.auth (token recommended) or bind to loopback.`
111
- });
112
- if (bind === "loopback" && controlUiEnabled && trustedProxies.length === 0) findings.push({
113
- checkId: "gateway.trusted_proxies_missing",
114
- severity: "warn",
115
- title: "Reverse proxy headers are not trusted",
116
- detail: "gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.",
117
- remediation: "Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only."
118
- });
119
- if (bind === "loopback" && controlUiEnabled && !hasGatewayAuth) findings.push({
120
- checkId: "gateway.loopback_no_auth",
121
- severity: "critical",
122
- title: "Gateway auth missing on loopback",
123
- detail: "gateway.bind is loopback but no gateway auth secret is configured. If the Control UI is exposed through a reverse proxy, unauthenticated access is possible.",
124
- remediation: "Set gateway.auth (token recommended) or keep the Control UI local-only."
125
- });
126
- if (bind !== "loopback" && controlUiEnabled && controlUiAllowedOrigins.length === 0 && !dangerouslyAllowHostHeaderOriginFallback) findings.push({
127
- checkId: "gateway.control_ui.allowed_origins_required",
128
- severity: "critical",
129
- title: "Non-loopback Control UI missing explicit allowed origins",
130
- detail: "Control UI is enabled on a non-loopback bind but gateway.controlUi.allowedOrigins is empty. Strict origin policy requires explicit allowed origins for non-loopback deployments.",
131
- remediation: "Set gateway.controlUi.allowedOrigins to full trusted origins (for example https://control.example.com). If your deployment intentionally relies on Host-header origin fallback, set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true."
132
- });
133
- if (controlUiAllowedOrigins.includes("*")) {
134
- const exposed = bind !== "loopback";
135
- findings.push({
136
- checkId: "gateway.control_ui.allowed_origins_wildcard",
137
- severity: exposed ? "critical" : "warn",
138
- title: "Control UI allowed origins contains wildcard",
139
- detail: "gateway.controlUi.allowedOrigins includes \"*\" which means allow any browser origin for Control UI/WebChat requests. This disables origin allowlisting and should be treated as an intentional allow-all policy.",
140
- remediation: "Replace wildcard origins with explicit trusted origins (for example https://control.example.com). Do not use \"*\" outside tightly controlled local testing."
141
- });
142
- }
143
- if (dangerouslyAllowHostHeaderOriginFallback) {
144
- const exposed = bind !== "loopback";
145
- findings.push({
146
- checkId: "gateway.control_ui.host_header_origin_fallback",
147
- severity: exposed ? "critical" : "warn",
148
- title: "DANGEROUS: Host-header origin fallback enabled",
149
- detail: "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true enables Host-header origin fallback for Control UI/WebChat websocket checks and weakens DNS rebinding protections.",
150
- remediation: "Disable gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback and configure explicit gateway.controlUi.allowedOrigins."
151
- });
152
- }
153
- if (allowRealIpFallback) {
154
- const hasNonLoopbackTrustedProxy = trustedProxies.some((proxy) => !isStrictLoopbackTrustedProxyEntry(proxy));
155
- const exposed = bind !== "loopback" || auth.mode === "trusted-proxy" && hasNonLoopbackTrustedProxy;
156
- findings.push({
157
- checkId: "gateway.real_ip_fallback_enabled",
158
- severity: exposed ? "critical" : "warn",
159
- title: "X-Real-IP fallback is enabled",
160
- detail: "gateway.allowRealIpFallback=true trusts X-Real-IP when trusted proxies omit X-Forwarded-For. Misconfigured proxies that forward client-supplied X-Real-IP can spoof source IP and local-client checks.",
161
- remediation: "Keep gateway.allowRealIpFallback=false (default). Only enable this when your trusted proxy always overwrites X-Real-IP and cannot provide X-Forwarded-For."
162
- });
163
- }
164
- if (mdnsMode === "full") {
165
- const exposed = bind !== "loopback";
166
- findings.push({
167
- checkId: "discovery.mdns_full_mode",
168
- severity: exposed ? "critical" : "warn",
169
- title: "mDNS full mode can leak host metadata",
170
- detail: "discovery.mdns.mode=\"full\" publishes cliPath/sshPort in local-network TXT records. This can reveal usernames, filesystem layout, and management ports.",
171
- remediation: "Prefer discovery.mdns.mode=\"minimal\" (recommended) or \"off\", especially when gateway.bind is not loopback."
172
- });
173
- }
174
- if (tailscaleMode === "funnel") findings.push({
175
- checkId: "gateway.tailscale_funnel",
176
- severity: "critical",
177
- title: "Tailscale Funnel exposure enabled",
178
- detail: `gateway.tailscale.mode="funnel" exposes the Gateway publicly; keep auth strict and treat it as internet-facing.`,
179
- remediation: `Prefer tailscale.mode="serve" (tailnet-only) or set tailscale.mode="off".`
180
- });
181
- else if (tailscaleMode === "serve") findings.push({
182
- checkId: "gateway.tailscale_serve",
183
- severity: "info",
184
- title: "Tailscale Serve exposure enabled",
185
- detail: `gateway.tailscale.mode="serve" exposes the Gateway to your tailnet (loopback behind Tailscale).`
186
- });
187
- if (cfg.gateway?.controlUi?.allowInsecureAuth === true) findings.push({
188
- checkId: "gateway.control_ui.insecure_auth",
189
- severity: "warn",
190
- title: "Control UI insecure auth toggle enabled",
191
- detail: "gateway.controlUi.allowInsecureAuth=true does not bypass secure context or device identity checks; only dangerouslyDisableDeviceAuth disables Control UI device identity checks.",
192
- remediation: "Disable it or switch to HTTPS (Tailscale Serve) or localhost."
193
- });
194
- if (cfg.gateway?.controlUi?.dangerouslyDisableDeviceAuth === true) findings.push({
195
- checkId: "gateway.control_ui.device_auth_disabled",
196
- severity: "critical",
197
- title: "DANGEROUS: Control UI device auth disabled",
198
- detail: "gateway.controlUi.dangerouslyDisableDeviceAuth=true disables device identity checks for the Control UI.",
199
- remediation: "Disable it unless you are in a short-lived break-glass scenario."
200
- });
201
- const enabledDangerousFlags = (options.collectDangerousConfigFlags ?? collectCoreInsecureOrDangerousFlags)(cfg);
202
- if (enabledDangerousFlags.length > 0) findings.push({
203
- checkId: "config.insecure_or_dangerous_flags",
204
- severity: "warn",
205
- title: "Insecure or dangerous config flags enabled",
206
- detail: `Detected ${enabledDangerousFlags.length} enabled flag(s): ${enabledDangerousFlags.join(", ")}.`,
207
- remediation: "Disable these flags when not actively debugging, or keep deployment scoped to trusted/local-only networks."
208
- });
209
- const token = typeof auth.token === "string" && auth.token.trim().length > 0 ? auth.token.trim() : null;
210
- if (auth.mode === "token" && token && token.length < 24) findings.push({
211
- checkId: "gateway.token_too_short",
212
- severity: "warn",
213
- title: "Gateway token looks short",
214
- detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
215
- });
216
- if (auth.mode === "trusted-proxy") {
217
- const trustedProxies = cfg.gateway?.trustedProxies ?? [];
218
- const trustedProxyConfig = cfg.gateway?.auth?.trustedProxy;
219
- findings.push({
220
- checkId: "gateway.trusted_proxy_auth",
221
- severity: "critical",
222
- title: "Trusted-proxy auth mode enabled",
223
- detail: "gateway.auth.mode=\"trusted-proxy\" delegates authentication to a reverse proxy. Ensure your proxy (Pomerium, Caddy, nginx) handles auth correctly and that gateway.trustedProxies only contains IPs of your actual proxy servers.",
224
- remediation: "Verify: (1) Your proxy terminates TLS and authenticates users. (2) gateway.trustedProxies is restricted to proxy IPs only. (3) Direct access to the Gateway port is blocked by firewall. See /gateway/trusted-proxy-auth for setup guidance."
225
- });
226
- if (trustedProxies.length === 0) findings.push({
227
- checkId: "gateway.trusted_proxy_no_proxies",
228
- severity: "critical",
229
- title: "Trusted-proxy auth enabled but no trusted proxies configured",
230
- detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.trustedProxies is empty. All requests will be rejected.",
231
- remediation: "Set gateway.trustedProxies to the IP(s) of your reverse proxy."
232
- });
233
- if (!trustedProxyConfig?.userHeader) findings.push({
234
- checkId: "gateway.trusted_proxy_no_user_header",
235
- severity: "critical",
236
- title: "Trusted-proxy auth missing userHeader config",
237
- detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.auth.trustedProxy.userHeader is not configured.",
238
- remediation: "Set gateway.auth.trustedProxy.userHeader to the header name your proxy uses (e.g., \"x-forwarded-user\", \"x-pomerium-claim-email\")."
239
- });
240
- if ((trustedProxyConfig?.allowUsers ?? []).length === 0) findings.push({
241
- checkId: "gateway.trusted_proxy_no_allowlist",
242
- severity: "warn",
243
- title: "Trusted-proxy auth allows all authenticated users",
244
- detail: "gateway.auth.trustedProxy.allowUsers is empty, so any user authenticated by your proxy can access the Gateway.",
245
- remediation: "Consider setting gateway.auth.trustedProxy.allowUsers to restrict access to specific users (e.g., [\"nick@example.com\"])."
246
- });
247
- }
248
- if (bind !== "loopback" && auth.mode !== "trusted-proxy" && !cfg.gateway?.auth?.rateLimit) findings.push({
249
- checkId: "gateway.auth_no_rate_limit",
250
- severity: "warn",
251
- title: "No auth rate limiting configured",
252
- detail: "gateway.bind is not loopback but no gateway.auth.rateLimit is configured. Without rate limiting, brute-force auth attacks are not mitigated.",
253
- remediation: "Set gateway.auth.rateLimit (e.g. { maxAttempts: 10, windowMs: 60000, lockoutMs: 300000 })."
254
- });
255
- return findings;
256
- }
257
- function isStrictLoopbackTrustedProxyEntry(entry) {
258
- const candidate = entry.trim();
259
- if (!candidate) return false;
260
- if (!candidate.includes("/")) return candidate === "127.0.0.1" || candidate.toLowerCase() === "::1";
261
- const [rawIp, rawPrefix] = candidate.split("/", 2);
262
- if (!rawIp || !rawPrefix) return false;
263
- const ipVersion = isIP(rawIp.trim());
264
- const prefix = Number.parseInt(rawPrefix.trim(), 10);
265
- if (!Number.isInteger(prefix)) return false;
266
- if (ipVersion === 4) return rawIp.trim() === "127.0.0.1" && prefix === 32;
267
- if (ipVersion === 6) return prefix === 128 && normalizeLowercaseStringOrEmpty(rawIp) === "::1";
268
- return false;
269
- }
270
- //#endregion
271
- //#region src/security/audit.ts
272
- let channelPluginsModulePromise;
273
- let auditNonDeepModulePromise;
274
- let auditChannelModulePromise;
275
- let pluginRegistryLoaderModulePromise;
276
- let pluginMetadataRegistryLoaderModulePromise;
277
- let pluginAutoEnableModulePromise;
278
- let channelPluginIdsModulePromise;
279
- let pluginRuntimeModulePromise;
280
- let gatewayProbeDepsPromise;
281
- async function loadChannelPlugins() {
282
- channelPluginsModulePromise ??= import("./plugins-B7TKDMOk.js");
283
- return await channelPluginsModulePromise;
284
- }
285
- async function loadAuditNonDeepModule() {
286
- auditNonDeepModulePromise ??= import("./audit.nondeep.runtime-nu5XTu7N.js");
287
- return await auditNonDeepModulePromise;
288
- }
289
- async function loadAuditChannelModule() {
290
- auditChannelModulePromise ??= import("./audit-channel.collect.runtime-BAKyzn52.js");
291
- return await auditChannelModulePromise;
292
- }
293
- async function loadPluginRegistryLoaderModule() {
294
- pluginRegistryLoaderModulePromise ??= import("./runtime-registry-loader-DHX02F_x.js");
295
- return await pluginRegistryLoaderModulePromise;
296
- }
297
- async function loadPluginMetadataRegistryLoaderModule() {
298
- pluginMetadataRegistryLoaderModulePromise ??= import("./metadata-registry-loader-DoROdqpX.js");
299
- return await pluginMetadataRegistryLoaderModulePromise;
300
- }
301
- async function loadPluginAutoEnableModule() {
302
- pluginAutoEnableModulePromise ??= import("./plugin-auto-enable-DCg4los-.js");
303
- return await pluginAutoEnableModulePromise;
304
- }
305
- async function loadChannelPluginIdsModule() {
306
- channelPluginIdsModulePromise ??= import("./channel-plugin-ids-Cn9RIujJ.js");
307
- return await channelPluginIdsModulePromise;
308
- }
309
- async function loadPluginRuntimeModule() {
310
- pluginRuntimeModulePromise ??= import("./runtime-C8eBcrXm.js");
311
- return await pluginRuntimeModulePromise;
312
- }
313
- async function loadGatewayProbeDeps() {
314
- gatewayProbeDepsPromise ??= Promise.all([
315
- import("./call-S0AZ899k.js"),
316
- import("./probe-auth-e_Wg1enf.js"),
317
- import("./probe-4IiQQG_7.js")
318
- ]).then(([callModule, probeAuthModule, probeModule]) => ({
319
- buildGatewayConnectionDetails: callModule.buildGatewayConnectionDetails,
320
- resolveGatewayProbeAuthSafe: probeAuthModule.resolveGatewayProbeAuthSafe,
321
- resolveGatewayProbeTarget: probeAuthModule.resolveGatewayProbeTarget,
322
- probeGateway: probeModule.probeGateway
323
- }));
324
- return await gatewayProbeDepsPromise;
325
- }
326
- function countBySeverity(findings) {
327
- let critical = 0;
328
- let warn = 0;
329
- let info = 0;
330
- for (const f of findings) if (f.severity === "critical") critical += 1;
331
- else if (f.severity === "warn") warn += 1;
332
- else info += 1;
333
- return {
334
- critical,
335
- warn,
336
- info
337
- };
338
- }
339
- function normalizeAllowFromList(list) {
340
- if (!Array.isArray(list)) return [];
341
- return list.map((v) => String(v).trim()).filter(Boolean);
342
- }
343
- async function collectFilesystemFindings(params) {
344
- const findings = [];
345
- const stateDirPerms = await inspectPathPermissions(params.stateDir, {
346
- env: params.env,
347
- platform: params.platform,
348
- exec: params.execIcacls
349
- });
350
- if (stateDirPerms.ok) {
351
- if (stateDirPerms.isSymlink) findings.push({
352
- checkId: "fs.state_dir.symlink",
353
- severity: "warn",
354
- title: "State dir is a symlink",
355
- detail: `${params.stateDir} is a symlink; treat this as an extra trust boundary.`
356
- });
357
- if (stateDirPerms.worldWritable) findings.push({
358
- checkId: "fs.state_dir.perms_world_writable",
359
- severity: "critical",
360
- title: "State dir is world-writable",
361
- detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Genesis state.`,
362
- remediation: formatPermissionRemediation({
363
- targetPath: params.stateDir,
364
- perms: stateDirPerms,
365
- isDir: true,
366
- posixMode: 448,
367
- env: params.env
368
- })
369
- });
370
- else if (stateDirPerms.groupWritable) findings.push({
371
- checkId: "fs.state_dir.perms_group_writable",
372
- severity: "warn",
373
- title: "State dir is group-writable",
374
- detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Genesis state.`,
375
- remediation: formatPermissionRemediation({
376
- targetPath: params.stateDir,
377
- perms: stateDirPerms,
378
- isDir: true,
379
- posixMode: 448,
380
- env: params.env
381
- })
382
- });
383
- else if (stateDirPerms.groupReadable || stateDirPerms.worldReadable) findings.push({
384
- checkId: "fs.state_dir.perms_readable",
385
- severity: "warn",
386
- title: "State dir is readable by others",
387
- detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; consider restricting to 700.`,
388
- remediation: formatPermissionRemediation({
389
- targetPath: params.stateDir,
390
- perms: stateDirPerms,
391
- isDir: true,
392
- posixMode: 448,
393
- env: params.env
394
- })
395
- });
396
- }
397
- const configPerms = await inspectPathPermissions(params.configPath, {
398
- env: params.env,
399
- platform: params.platform,
400
- exec: params.execIcacls
401
- });
402
- if (configPerms.ok) {
403
- const skipReadablePermWarnings = configPerms.isSymlink;
404
- if (configPerms.isSymlink) findings.push({
405
- checkId: "fs.config.symlink",
406
- severity: "warn",
407
- title: "Config file is a symlink",
408
- detail: `${params.configPath} is a symlink; make sure you trust its target.`
409
- });
410
- if (configPerms.worldWritable || configPerms.groupWritable) findings.push({
411
- checkId: "fs.config.perms_writable",
412
- severity: "critical",
413
- title: "Config file is writable by others",
414
- detail: `${formatPermissionDetail(params.configPath, configPerms)}; another user could change gateway/auth/tool policies.`,
415
- remediation: formatPermissionRemediation({
416
- targetPath: params.configPath,
417
- perms: configPerms,
418
- isDir: false,
419
- posixMode: 384,
420
- env: params.env
421
- })
422
- });
423
- else if (!skipReadablePermWarnings && configPerms.worldReadable) findings.push({
424
- checkId: "fs.config.perms_world_readable",
425
- severity: "critical",
426
- title: "Config file is world-readable",
427
- detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
428
- remediation: formatPermissionRemediation({
429
- targetPath: params.configPath,
430
- perms: configPerms,
431
- isDir: false,
432
- posixMode: 384,
433
- env: params.env
434
- })
435
- });
436
- else if (!skipReadablePermWarnings && configPerms.groupReadable) findings.push({
437
- checkId: "fs.config.perms_group_readable",
438
- severity: "warn",
439
- title: "Config file is group-readable",
440
- detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
441
- remediation: formatPermissionRemediation({
442
- targetPath: params.configPath,
443
- perms: configPerms,
444
- isDir: false,
445
- posixMode: 384,
446
- env: params.env
447
- })
448
- });
449
- }
450
- return findings;
451
- }
452
- function collectGatewayConfigFindings(cfg, sourceConfig, env) {
453
- return collectGatewayConfigFindings$1(cfg, sourceConfig, env, { collectDangerousConfigFlags: collectEnabledInsecureOrDangerousFlags });
454
- }
455
- async function collectPluginSecurityAuditFindings(context) {
456
- const { getActivePluginRegistry } = await loadPluginRuntimeModule();
457
- let collectors = getActivePluginRegistry()?.securityAuditCollectors ?? [];
458
- if (collectors.length === 0) {
459
- const { applyPluginAutoEnable } = await loadPluginAutoEnableModule();
460
- const autoEnabled = applyPluginAutoEnable({
461
- config: context.sourceConfig,
462
- env: context.env
463
- });
464
- const requestedPluginIds = /* @__PURE__ */ new Set();
465
- for (const pluginId of Object.keys(autoEnabled.autoEnabledReasons)) {
466
- const normalized = pluginId.trim();
467
- if (normalized) requestedPluginIds.add(normalized);
468
- }
469
- for (const pluginId of autoEnabled.config.plugins?.allow ?? []) {
470
- if (typeof pluginId !== "string") continue;
471
- const normalized = pluginId.trim();
472
- if (normalized) requestedPluginIds.add(normalized);
473
- }
474
- for (const [pluginId, entry] of Object.entries(autoEnabled.config.plugins?.entries ?? {})) {
475
- if (entry?.enabled === false) continue;
476
- const normalized = pluginId.trim();
477
- if (normalized) requestedPluginIds.add(normalized);
478
- }
479
- if (context.includeChannelSecurity && context.plugins !== void 0) {
480
- const { resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
481
- const auditedChannelPluginIds = new Set(context.plugins.map((plugin) => plugin.id));
482
- for (const pluginId of resolveConfiguredChannelPluginIds({
483
- config: autoEnabled.config,
484
- activationSourceConfig: context.sourceConfig,
485
- workspaceDir: context.workspaceDir,
486
- env: context.env
487
- })) if (auditedChannelPluginIds.has(pluginId)) requestedPluginIds.delete(pluginId);
488
- }
489
- if (requestedPluginIds.size === 0) return [];
490
- collectors = (await loadPluginMetadataRegistryLoaderModule()).loadPluginMetadataRegistrySnapshot({
491
- config: autoEnabled.config,
492
- activationSourceConfig: context.sourceConfig,
493
- env: context.env,
494
- workspaceDir: context.workspaceDir,
495
- onlyPluginIds: [...requestedPluginIds]
496
- }).securityAuditCollectors ?? [];
497
- }
498
- return (await Promise.all(collectors.map(async (entry) => {
499
- try {
500
- return await entry.collector({
501
- config: context.cfg,
502
- sourceConfig: context.sourceConfig,
503
- env: context.env,
504
- stateDir: context.stateDir,
505
- configPath: context.configPath
506
- });
507
- } catch (err) {
508
- return [{
509
- checkId: `plugins.${entry.pluginId}.security_audit_failed`,
510
- severity: "warn",
511
- title: "Plugin security audit collector failed",
512
- detail: `${entry.pluginId}: ${String(err)}`
513
- }];
514
- }
515
- }))).flat();
516
- }
517
- function collectLoggingFindings(cfg) {
518
- if (cfg.logging?.redactSensitive !== "off") return [];
519
- return [{
520
- checkId: "logging.redact_off",
521
- severity: "warn",
522
- title: "Tool summary redaction is disabled",
523
- detail: `logging.redactSensitive="off" can leak secrets into logs and status output.`,
524
- remediation: `Set logging.redactSensitive="tools".`
525
- }];
526
- }
527
- function collectElevatedFindings(cfg) {
528
- const findings = [];
529
- const enabled = cfg.tools?.elevated?.enabled;
530
- const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
531
- const anyAllowFromKeys = Object.keys(allowFrom).length > 0;
532
- if (enabled === false) return findings;
533
- if (!anyAllowFromKeys) return findings;
534
- for (const [provider, list] of Object.entries(allowFrom)) {
535
- const normalized = normalizeAllowFromList(list);
536
- if (normalized.includes("*")) findings.push({
537
- checkId: `tools.elevated.allowFrom.${provider}.wildcard`,
538
- severity: "critical",
539
- title: "Elevated exec allowlist contains wildcard",
540
- detail: `tools.elevated.allowFrom.${provider} includes "*" which effectively approves everyone on that channel for elevated mode.`
541
- });
542
- else if (normalized.length > 25) findings.push({
543
- checkId: `tools.elevated.allowFrom.${provider}.large`,
544
- severity: "warn",
545
- title: "Elevated exec allowlist is large",
546
- detail: `tools.elevated.allowFrom.${provider} has ${normalized.length} entries; consider tightening elevated access.`
547
- });
548
- }
549
- return findings;
550
- }
551
- function collectExecRuntimeFindings(cfg) {
552
- const findings = [];
553
- const globalExecHost = cfg.tools?.exec?.host;
554
- const globalStrictInlineEval = cfg.tools?.exec?.strictInlineEval === true;
555
- const defaultSandboxMode = resolveSandboxConfigForAgent(cfg).mode;
556
- const defaultHostIsExplicitSandbox = globalExecHost === "sandbox";
557
- const approvals = loadExecApprovals();
558
- if (defaultHostIsExplicitSandbox && defaultSandboxMode === "off") findings.push({
559
- checkId: "tools.exec.host_sandbox_no_sandbox_defaults",
560
- severity: "warn",
561
- title: "Exec host is sandbox but sandbox mode is off",
562
- detail: "tools.exec.host is explicitly set to sandbox while agents.defaults.sandbox.mode=off. In this mode, exec fails closed because no sandbox runtime is available.",
563
- remediation: "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) or set tools.exec.host to \"gateway\" with approvals."
564
- });
565
- const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : [];
566
- const riskyAgents = agents.filter((entry) => entry && typeof entry === "object" && typeof entry.id === "string" && entry.tools?.exec?.host === "sandbox" && resolveSandboxConfigForAgent(cfg, entry.id).mode === "off").map((entry) => entry.id).slice(0, 5);
567
- if (riskyAgents.length > 0) findings.push({
568
- checkId: "tools.exec.host_sandbox_no_sandbox_agents",
569
- severity: "warn",
570
- title: "Agent exec host uses sandbox while sandbox mode is off",
571
- detail: `agents.list.*.tools.exec.host is set to sandbox for: ${riskyAgents.join(", ")}. With sandbox mode off, exec fails closed for those agents.`,
572
- remediation: "Enable sandbox mode for these agents (`agents.list[].sandbox.mode`) or set their tools.exec.host to \"gateway\"."
573
- });
574
- const effectiveExecScopes = Array.from(new Map([{
575
- id: DEFAULT_AGENT_ID,
576
- security: cfg.tools?.exec?.security ?? "deny",
577
- host: cfg.tools?.exec?.host ?? "auto"
578
- }, ...agents.filter((entry) => Boolean(entry) && typeof entry === "object" && typeof entry.id === "string").map((entry) => ({
579
- id: entry.id,
580
- security: entry.tools?.exec?.security ?? cfg.tools?.exec?.security ?? "deny",
581
- host: entry.tools?.exec?.host ?? cfg.tools?.exec?.host ?? "auto"
582
- }))].map((entry) => [entry.id, entry])).values());
583
- const fullExecScopes = effectiveExecScopes.filter((entry) => entry.security === "full");
584
- const execEnabledScopes = effectiveExecScopes.filter((entry) => entry.security !== "deny");
585
- const openExecSurfacePaths = collectOpenExecSurfacePaths(cfg);
586
- if (fullExecScopes.length > 0) findings.push({
587
- checkId: "tools.exec.security_full_configured",
588
- severity: openExecSurfacePaths.length > 0 ? "critical" : "warn",
589
- title: "Exec security=full is configured",
590
- detail: `Full exec trust is enabled for: ${fullExecScopes.map((entry) => entry.id).join(", ")}.` + (openExecSurfacePaths.length > 0 ? ` Open channel access was also detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}` : ""),
591
- remediation: "Prefer tools.exec.security=\"allowlist\" with ask prompts, and reserve \"full\" for tightly scoped break-glass agents only."
592
- });
593
- if (openExecSurfacePaths.length > 0 && execEnabledScopes.length > 0) findings.push({
594
- checkId: "security.exposure.open_channels_with_exec",
595
- severity: fullExecScopes.length > 0 ? "critical" : "warn",
596
- title: "Open channels can reach exec-enabled agents",
597
- detail: `Open DM/group access detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}\nExec-enabled scopes:\n${execEnabledScopes.map((entry) => `- ${entry.id}: security=${entry.security}, host=${entry.host}`).join("\n")}`,
598
- remediation: "Tighten dmPolicy/groupPolicy to pairing or allowlist, or disable exec for agents reachable from shared/public channels."
599
- });
600
- const autoAllowSkillsHits = collectAutoAllowSkillsHits(approvals);
601
- if (autoAllowSkillsHits.length > 0) findings.push({
602
- checkId: "tools.exec.auto_allow_skills_enabled",
603
- severity: "warn",
604
- title: "autoAllowSkills is enabled for exec approvals",
605
- detail: `Implicit skill-bin allowlisting is enabled at:\n${autoAllowSkillsHits.map((entry) => `- ${entry}`).join("\n")}\nThis widens host exec trust beyond explicit manual allowlist entries.`,
606
- remediation: "Disable autoAllowSkills in exec approvals and keep manual allowlists tight when you need explicit host-exec trust."
607
- });
608
- const interpreterAllowlistHits = collectInterpreterAllowlistHits({
609
- approvals,
610
- strictInlineEvalForAgentId: (agentId) => {
611
- if (!agentId || agentId === "*" || agentId === "main") return globalStrictInlineEval;
612
- return agents.find((entry) => entry?.id === agentId)?.tools?.exec?.strictInlineEval === true || globalStrictInlineEval;
613
- }
614
- });
615
- if (interpreterAllowlistHits.length > 0) findings.push({
616
- checkId: "tools.exec.allowlist_interpreter_without_strict_inline_eval",
617
- severity: "warn",
618
- title: "Interpreter allowlist entries are missing strictInlineEval hardening",
619
- detail: `Interpreter/runtime allowlist entries were found without strictInlineEval enabled:\n${interpreterAllowlistHits.map((entry) => `- ${entry}`).join("\n")}`,
620
- remediation: "Set tools.exec.strictInlineEval=true (or per-agent tools.exec.strictInlineEval=true) when allowlisting interpreters like python, node, ruby, perl, php, lua, or osascript."
621
- });
622
- const normalizeConfiguredSafeBins = (entries) => {
623
- if (!Array.isArray(entries)) return [];
624
- return Array.from(new Set(entries.map((entry) => normalizeOptionalLowercaseString(entry) ?? "").filter((entry) => entry.length > 0))).toSorted();
625
- };
626
- const normalizeConfiguredTrustedDirs = (entries) => {
627
- if (!Array.isArray(entries)) return [];
628
- return normalizeTrustedSafeBinDirs(entries.filter((entry) => typeof entry === "string"));
629
- };
630
- const classifyRiskySafeBinTrustedDir = (entry) => {
631
- const raw = entry.trim();
632
- if (!raw) return null;
633
- if (!path.isAbsolute(raw)) return "relative path (trust boundary depends on process cwd)";
634
- const normalized = path.resolve(raw).replace(/\\/g, "/").toLowerCase();
635
- if (normalized === "/tmp" || normalized.startsWith("/tmp/") || normalized === "/var/tmp" || normalized.startsWith("/var/tmp/") || normalized === "/private/tmp" || normalized.startsWith("/private/tmp/")) return "temporary directory is mutable and easy to poison";
636
- if (normalized === "/usr/local/bin" || normalized === "/opt/homebrew/bin" || normalized === "/opt/local/bin" || normalized === "/home/linuxbrew/.linuxbrew/bin") return "package-manager bin directory (often user-writable)";
637
- if (normalized.startsWith("/users/") || normalized.startsWith("/home/") || normalized.includes("/.local/bin")) return "home-scoped bin directory (typically user-writable)";
638
- if (/^[a-z]:\/users\//.test(normalized)) return "home-scoped bin directory (typically user-writable)";
639
- return null;
640
- };
641
- const globalExec = cfg.tools?.exec;
642
- const riskyTrustedDirHits = [];
643
- const collectRiskyTrustedDirHits = (scopePath, entries) => {
644
- for (const entry of normalizeConfiguredTrustedDirs(entries)) {
645
- const reason = classifyRiskySafeBinTrustedDir(entry);
646
- if (!reason) continue;
647
- riskyTrustedDirHits.push(`- ${scopePath}.safeBinTrustedDirs: ${entry} (${reason})`);
648
- }
649
- };
650
- collectRiskyTrustedDirHits("tools.exec", globalExec?.safeBinTrustedDirs);
651
- for (const entry of agents) {
652
- if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
653
- collectRiskyTrustedDirHits(`agents.list.${entry.id}.tools.exec`, entry.tools?.exec?.safeBinTrustedDirs);
654
- }
655
- const interpreterHits = [];
656
- const riskySemanticSafeBinHits = [];
657
- const globalSafeBins = normalizeConfiguredSafeBins(globalExec?.safeBins);
658
- if (globalSafeBins.length > 0) {
659
- const merged = resolveMergedSafeBinProfileFixtures({ global: globalExec }) ?? {};
660
- const interpreters = listInterpreterLikeSafeBins(globalSafeBins).filter((bin) => !merged[bin]);
661
- if (interpreters.length > 0) interpreterHits.push(`- tools.exec.safeBins: ${interpreters.join(", ")}`);
662
- for (const hit of listRiskyConfiguredSafeBins(globalSafeBins)) riskySemanticSafeBinHits.push(`- tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
663
- }
664
- for (const entry of agents) {
665
- if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
666
- const agentExec = entry.tools?.exec;
667
- const agentSafeBins = normalizeConfiguredSafeBins(agentExec?.safeBins);
668
- if (agentSafeBins.length === 0) continue;
669
- const merged = resolveMergedSafeBinProfileFixtures({
670
- global: globalExec,
671
- local: agentExec
672
- }) ?? {};
673
- const interpreters = listInterpreterLikeSafeBins(agentSafeBins).filter((bin) => !merged[bin]);
674
- if (interpreters.length === 0) {
675
- for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
676
- continue;
677
- }
678
- interpreterHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${interpreters.join(", ")}`);
679
- for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
680
- }
681
- if (interpreterHits.length > 0) findings.push({
682
- checkId: "tools.exec.safe_bins_interpreter_unprofiled",
683
- severity: "warn",
684
- title: "safeBins includes interpreter/runtime binaries without explicit profiles",
685
- detail: `Detected interpreter-like safeBins entries missing explicit profiles:\n${interpreterHits.join("\n")}\nThese entries can turn safeBins into a broad execution surface when used with permissive argv profiles.`,
686
- remediation: "Remove interpreter/runtime bins from safeBins (prefer allowlist entries) or define hardened tools.exec.safeBinProfiles.<bin> rules."
687
- });
688
- if (riskySemanticSafeBinHits.length > 0) findings.push({
689
- checkId: "tools.exec.safe_bins_broad_behavior",
690
- severity: "warn",
691
- title: "safeBins includes binaries with broader semantics than low-risk stream filters",
692
- detail: `Detected risky safeBins entries:\n${riskySemanticSafeBinHits.join("\n")}\nThese tools expose semantics that do not fit the low-risk stdin-filter fast path.`,
693
- remediation: "Remove these binaries from safeBins and prefer explicit allowlist entries or approval-gated execution."
694
- });
695
- if (riskyTrustedDirHits.length > 0) findings.push({
696
- checkId: "tools.exec.safe_bin_trusted_dirs_risky",
697
- severity: "warn",
698
- title: "safeBinTrustedDirs includes risky mutable directories",
699
- detail: `Detected risky safeBinTrustedDirs entries:\n${riskyTrustedDirHits.slice(0, 10).join("\n")}` + (riskyTrustedDirHits.length > 10 ? `\n- +${riskyTrustedDirHits.length - 10} more entries.` : ""),
700
- remediation: "Prefer root-owned immutable bins, keep default trust dirs (/bin, /usr/bin), and avoid trusting temporary/home/package-manager paths unless tightly controlled."
701
- });
702
- return findings;
703
- }
704
- function collectOpenExecSurfacePaths(cfg) {
705
- const channels = asNullableRecord(cfg.channels);
706
- if (!channels) return [];
707
- const hits = /* @__PURE__ */ new Set();
708
- const seen = /* @__PURE__ */ new WeakSet();
709
- const visit = (value, scope) => {
710
- const record = asNullableRecord(value);
711
- if (!record || seen.has(record)) return;
712
- seen.add(record);
713
- if (record.groupPolicy === "open") hits.add(`${scope}.groupPolicy`);
714
- if (record.dmPolicy === "open") hits.add(`${scope}.dmPolicy`);
715
- for (const [key, nested] of Object.entries(record)) {
716
- if (key === "groups" || key === "accounts" || key === "dms") {
717
- visit(nested, `${scope}.${key}`);
718
- continue;
719
- }
720
- if (asNullableRecord(nested)) visit(nested, `${scope}.${key}`);
721
- }
722
- };
723
- for (const [channelId, channelValue] of Object.entries(channels)) visit(channelValue, `channels.${channelId}`);
724
- return Array.from(hits).toSorted();
725
- }
726
- function collectAutoAllowSkillsHits(approvals) {
727
- const hits = [];
728
- if (approvals.defaults?.autoAllowSkills === true) hits.push("defaults.autoAllowSkills");
729
- for (const [agentId, agent] of Object.entries(approvals.agents ?? {})) if (agent?.autoAllowSkills === true) hits.push(`agents.${agentId}.autoAllowSkills`);
730
- return hits;
731
- }
732
- function collectInterpreterAllowlistHits(params) {
733
- const hits = [];
734
- for (const [agentId, agent] of Object.entries(params.approvals.agents ?? {})) {
735
- if (!agent || params.strictInlineEvalForAgentId(agentId)) continue;
736
- for (const entry of agent.allowlist ?? []) {
737
- if (!isInterpreterLikeAllowlistPattern(entry.pattern)) continue;
738
- hits.push(`agents.${agentId}.allowlist: ${entry.pattern}`);
739
- }
740
- }
741
- return hits;
742
- }
743
- async function maybeProbeGateway(params) {
744
- const { buildGatewayConnectionDetails, resolveGatewayProbeAuthSafe, resolveGatewayProbeTarget } = await loadGatewayProbeDeps();
745
- const url = buildGatewayConnectionDetails({ config: params.cfg }).url;
746
- const probeTarget = resolveGatewayProbeTarget(params.cfg);
747
- const authResolution = resolveGatewayProbeAuthSafe({
748
- cfg: params.cfg,
749
- env: params.env,
750
- mode: probeTarget.mode,
751
- explicitAuth: params.explicitAuth
752
- });
753
- const res = await params.probe({
754
- url,
755
- auth: authResolution.auth,
756
- timeoutMs: params.timeoutMs
757
- }).catch((err) => ({
758
- ok: false,
759
- url,
760
- connectLatencyMs: null,
761
- error: String(err),
762
- close: null,
763
- health: null,
764
- status: null,
765
- presence: null,
766
- configSnapshot: null
767
- }));
768
- if (authResolution.warning && !res.ok) res.error = res.error ? `${res.error}; ${authResolution.warning}` : authResolution.warning;
769
- return {
770
- deep: { gateway: {
771
- attempted: true,
772
- url,
773
- ok: res.ok,
774
- error: res.ok ? null : res.error,
775
- close: res.close ? {
776
- code: res.close.code,
777
- reason: res.close.reason
778
- } : null
779
- } },
780
- authWarning: authResolution.warning
781
- };
782
- }
783
- async function createAuditExecutionContext(opts) {
784
- const cfg = opts.config;
785
- const sourceConfig = opts.sourceConfig ?? opts.config;
786
- const env = opts.env ?? process.env;
787
- const platform = opts.platform ?? process.platform;
788
- const includeFilesystem = opts.includeFilesystem !== false;
789
- const includeChannelSecurity = opts.includeChannelSecurity !== false;
790
- const deep = opts.deep === true;
791
- const deepTimeoutMs = Math.max(250, opts.deepTimeoutMs ?? 5e3);
792
- const stateDir = opts.stateDir ?? resolveStateDir(env);
793
- const configPath = opts.configPath ?? resolveConfigPath(env, stateDir);
794
- const workspaceDir = opts.workspaceDir ?? resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg));
795
- const { readConfigSnapshotForAudit } = await loadAuditNonDeepModule();
796
- const configSnapshot = includeFilesystem ? opts.configSnapshot !== void 0 ? opts.configSnapshot : await readConfigSnapshotForAudit({
797
- env,
798
- configPath
799
- }).catch(() => null) : null;
800
- return {
801
- cfg,
802
- sourceConfig,
803
- env,
804
- platform,
805
- includeFilesystem,
806
- includeChannelSecurity,
807
- deep,
808
- deepTimeoutMs,
809
- stateDir,
810
- configPath,
811
- execIcacls: opts.execIcacls,
812
- execDockerRawFn: opts.execDockerRawFn,
813
- probeGatewayFn: opts.probeGatewayFn,
814
- plugins: opts.plugins,
815
- workspaceDir,
816
- configSnapshot,
817
- codeSafetySummaryCache: opts.codeSafetySummaryCache ?? /* @__PURE__ */ new Map(),
818
- deepProbeAuth: opts.deepProbeAuth
819
- };
820
- }
821
- async function runSecurityAudit(opts) {
822
- const findings = [];
823
- const context = await createAuditExecutionContext(opts);
824
- const { cfg, env, platform, stateDir, configPath } = context;
825
- const auditNonDeep = await loadAuditNonDeepModule();
826
- findings.push(...auditNonDeep.collectAttackSurfaceSummaryFindings(cfg));
827
- findings.push(...auditNonDeep.collectSyncedFolderFindings({
828
- stateDir,
829
- configPath
830
- }));
831
- findings.push(...collectGatewayConfigFindings(cfg, context.sourceConfig, env));
832
- findings.push(...await collectPluginSecurityAuditFindings(context));
833
- findings.push(...collectLoggingFindings(cfg));
834
- findings.push(...collectElevatedFindings(cfg));
835
- findings.push(...collectExecRuntimeFindings(cfg));
836
- findings.push(...auditNonDeep.collectHooksHardeningFindings(cfg, env));
837
- findings.push(...auditNonDeep.collectGatewayHttpNoAuthFindings(cfg, env));
838
- findings.push(...auditNonDeep.collectGatewayHttpSessionKeyOverrideFindings(cfg));
839
- findings.push(...auditNonDeep.collectSandboxDockerNoopFindings(cfg));
840
- findings.push(...auditNonDeep.collectSandboxDangerousConfigFindings(cfg));
841
- findings.push(...auditNonDeep.collectNodeDenyCommandPatternFindings(cfg));
842
- findings.push(...auditNonDeep.collectNodeDangerousAllowCommandFindings(cfg));
843
- findings.push(...auditNonDeep.collectMinimalProfileOverrideFindings(cfg));
844
- findings.push(...auditNonDeep.collectSecretsInConfigFindings(cfg));
845
- findings.push(...auditNonDeep.collectModelHygieneFindings(cfg));
846
- findings.push(...auditNonDeep.collectSmallModelRiskFindings({
847
- cfg,
848
- env
849
- }));
850
- findings.push(...auditNonDeep.collectExposureMatrixFindings(cfg));
851
- findings.push(...auditNonDeep.collectLikelyMultiUserSetupFindings(cfg));
852
- if (context.includeFilesystem) {
853
- findings.push(...await collectFilesystemFindings({
854
- stateDir,
855
- configPath,
856
- env,
857
- platform,
858
- execIcacls: context.execIcacls
859
- }));
860
- if (context.configSnapshot) findings.push(...await auditNonDeep.collectIncludeFilePermFindings({
861
- configSnapshot: context.configSnapshot,
862
- env,
863
- platform,
864
- execIcacls: context.execIcacls
865
- }));
866
- findings.push(...await auditNonDeep.collectStateDeepFilesystemFindings({
867
- cfg,
868
- env,
869
- stateDir,
870
- platform,
871
- execIcacls: context.execIcacls
872
- }));
873
- findings.push(...await auditNonDeep.collectWorkspaceSkillSymlinkEscapeFindings({ cfg }));
874
- findings.push(...await auditNonDeep.collectSandboxBrowserHashLabelFindings({ execDockerRawFn: context.execDockerRawFn }));
875
- findings.push(...await auditNonDeep.collectPluginsTrustFindings({
876
- cfg,
877
- stateDir
878
- }));
879
- findings.push(...await collectDeepCodeSafetyFindings({
880
- cfg,
881
- stateDir,
882
- deep: context.deep,
883
- summaryCache: context.codeSafetySummaryCache
884
- }));
885
- }
886
- let shouldAuditChannelSecurity = false;
887
- if (context.includeChannelSecurity) if (context.plugins !== void 0) shouldAuditChannelSecurity = true;
888
- else {
889
- const { hasConfiguredChannelsForReadOnlyScope, resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
890
- shouldAuditChannelSecurity = hasConfiguredChannelsForReadOnlyScope({
891
- config: cfg,
892
- activationSourceConfig: context.sourceConfig,
893
- workspaceDir: context.workspaceDir,
894
- env
895
- }) || resolveConfiguredChannelPluginIds({
896
- config: cfg,
897
- activationSourceConfig: context.sourceConfig,
898
- workspaceDir: context.workspaceDir,
899
- env
900
- }).length > 0;
901
- }
902
- if (shouldAuditChannelSecurity) {
903
- if (context.plugins === void 0) (await loadPluginRegistryLoaderModule()).ensurePluginRegistryLoaded({
904
- scope: "configured-channels",
905
- config: cfg,
906
- activationSourceConfig: context.sourceConfig,
907
- workspaceDir: context.workspaceDir,
908
- env
909
- });
910
- const channelPlugins = context.plugins ?? (await loadChannelPlugins()).listChannelPlugins();
911
- const { collectChannelSecurityFindings } = await loadAuditChannelModule();
912
- findings.push(...await collectChannelSecurityFindings({
913
- cfg,
914
- sourceConfig: context.sourceConfig,
915
- plugins: channelPlugins
916
- }));
917
- }
918
- const deepProbeResult = context.deep ? await maybeProbeGateway({
919
- cfg,
920
- env,
921
- timeoutMs: context.deepTimeoutMs,
922
- probe: context.probeGatewayFn ?? (await loadGatewayProbeDeps()).probeGateway,
923
- explicitAuth: context.deepProbeAuth
924
- }) : void 0;
925
- const deep = deepProbeResult?.deep;
926
- findings.push(...collectDeepProbeFindings({
927
- deep,
928
- authWarning: deepProbeResult?.authWarning
929
- }));
930
- const summary = countBySeverity(findings);
931
- return {
932
- ts: Date.now(),
933
- summary,
934
- findings,
935
- deep
936
- };
937
- }
938
- //#endregion
939
- export { runSecurityAudit as t };