@pixelzx/genesis 2026.6.29 → 2026.7.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/.buildstamp +1 -1
- package/dist/abort-cutoff.runtime-Cfv6I4gf.js +20 -0
- package/dist/abort-cutoff.runtime.js +1 -1
- package/dist/abort-xF_zj8_u.js +201 -0
- package/dist/abort.runtime-JUukGuW3.js +2 -0
- package/dist/abort.runtime.js +1 -1
- package/dist/accounts-C0jW92It.js +104 -0
- package/dist/accounts-C2ZexWg6.js +107 -0
- package/dist/accounts-tEPx6Fnd.js +2 -0
- package/dist/acp-cli-De2oyz3e.js +2217 -0
- package/dist/acp-spawn-7VB8ie8I.js +1042 -0
- package/dist/acp-spawn-C6VfLE4o.js +2 -0
- package/dist/acp-stateful-target-driver-ctUymwnI.js +89 -0
- package/dist/action-agents-Dy45TQ9X.js +67 -0
- package/dist/action-focus-hzygEAz5.js +132 -0
- package/dist/action-help-D1h2Czko.js +7 -0
- package/dist/action-info-EDBi7fre.js +101 -0
- package/dist/action-kill-CBNgmCsz.js +33 -0
- package/dist/action-list-C6KC8Ulv.js +21 -0
- package/dist/action-log-C0R9AwnB.js +30 -0
- package/dist/action-send-DZw27QoS.js +39 -0
- package/dist/action-spawn-BXEOYBEH.js +47 -0
- package/dist/action-unfocus-DWFUpr-g.js +29 -0
- package/dist/actions.runtime-1HHNbwPa.js +5 -0
- package/dist/actions.runtime-GFSX3jST.js +18 -0
- package/dist/actions.runtime.js +1 -1
- package/dist/agent-CU42dfye.js +2 -0
- package/dist/agent-command-Baehh2jJ.js +874 -0
- package/dist/agent-harness-runtime-Bmln4mlS.js +144 -0
- package/dist/agent-runner-utils-xPwHxFwc.js +239 -0
- package/dist/agent-runner.runtime-BBx0eqAs.js +3443 -0
- package/dist/agent-runner.runtime.js +1 -1
- package/dist/agent-runtime-mKUGZmYk.js +18 -0
- package/dist/agents-C_kp6PcN.js +954 -0
- package/dist/agents-D7-4l9xG.js +5 -0
- package/dist/agents.command-shared-j4Ht1HMt.js +40 -0
- package/dist/aliases-BR-85AbT.js +96 -0
- package/dist/aliases-DH4MEghL.js +2 -0
- package/dist/api-7axT1c4t.js +4 -0
- package/dist/api-8dcgPyEO.js +139 -0
- package/dist/api-BWV-Ja5Y.js +48 -0
- package/dist/api-C6Dl-nsC.js +3 -0
- package/dist/api-CeoOTFsR.js +5 -0
- package/dist/apply-DFpc3-ic.js +508 -0
- package/dist/apply.runtime-BpuwcltB.js +166 -0
- package/dist/apply.runtime-CyFkfilC.js +2 -0
- package/dist/apply.runtime.js +1 -1
- package/dist/approval-gateway-resolver-B5iZVyl3.js +29 -0
- package/dist/approval-gateway-runtime-DJMhFL8_.js +2 -0
- package/dist/approval-handler-runtime-CvlNyTSd.js +439 -0
- package/dist/approval-native-runtime-DIP1UVwF.js +729 -0
- package/dist/attempt-execution.runtime-Dnj7Dunz.js +509 -0
- package/dist/attempt-execution.runtime.js +1 -1
- package/dist/attempt-execution.shared-CJLlmxzq.js +22 -0
- package/dist/attempt.prompt-helpers-yXlkhGj_.js +206 -0
- package/dist/attempt.tool-run-context-DplnP36r.js +933 -0
- package/dist/audit-CP153cHC.js +939 -0
- package/dist/audit-channel.collect.runtime.js +1 -1
- package/dist/audit-extra.async-B52PswlQ.js +971 -0
- package/dist/audit-tool-policy-CMwmd8Xs.js +3 -0
- package/dist/audit.deep.runtime-BC4XWNSr.js +2 -0
- package/dist/audit.deep.runtime.js +1 -1
- package/dist/audit.nondeep.runtime-Dvng3qfA.js +880 -0
- package/dist/audit.nondeep.runtime.js +1 -1
- package/dist/audit.runtime-BPEAdYYt.js +7 -0
- package/dist/audit.runtime.js +1 -1
- package/dist/auth-CGB_0fnH.js +550 -0
- package/dist/auth-DXk-SISv.js +56 -0
- package/dist/auth-_41Zyvnc.js +2 -0
- package/dist/auth-bH95QjyV.js +177 -0
- package/dist/auth-choice-Bn-ygZZg.js +3 -0
- package/dist/auth-choice-CmUhzrUA.js +85 -0
- package/dist/auth-order-Cnl7fD4m.js +2 -0
- package/dist/auth-order-DTEvHo9G.js +139 -0
- package/dist/bash-tools-E5RKIMX4.js +2853 -0
- package/dist/bash-tools-n2uf-L6x.js +3 -0
- package/dist/bash-tools.exec-runtime-BSErqAOv.js +823 -0
- package/dist/binding-routing-MxZZJi7B.js +85 -0
- package/dist/binding-targets-DOjf91v9.js +121 -0
- package/dist/bridge-server-C9sdVkxe.js +113 -0
- package/dist/browser-control-auth-Ds_CXo7-.js +2 -0
- package/dist/browser-node-runtime-CrrZhgmT.js +12 -0
- package/dist/browser-profiles-DSq_VuWU.js +2 -0
- package/dist/browser-runtime-D3bUe2ki.js +387 -0
- package/dist/browser-setup-tools-BzBeI9sr.js +13 -0
- package/dist/build-BQ7uMjfi.js +550 -0
- package/dist/build-info.json +3 -3
- package/dist/bundled/boot-md/handler.js +3 -3
- package/dist/bundled/session-memory/handler.js +1 -1
- package/dist/call-C5EHc2Ve.js +3 -0
- package/dist/call-DgFhP0IB.js +330 -0
- package/dist/call.runtime-CBWpY5ek.js +2 -0
- package/dist/call.runtime.js +1 -1
- package/dist/capability-cli-CF-5WxGW.js +1401 -0
- package/dist/catalog-provider-BefDFS32.js +40 -0
- package/dist/catchup-DEgTzUZf.js +300 -0
- package/dist/channel-B9Z1yOBL.js +1100 -0
- package/dist/channel-BQalh8q5.js +1320 -0
- package/dist/channel-B_D0qB8f.js +297 -0
- package/dist/channel-CveiiHEq.js +226 -0
- package/dist/channel-DPRWC_X5.js +1802 -0
- package/dist/channel-DTNwXKB7.js +350 -0
- package/dist/channel-DsWHOdeO.js +840 -0
- package/dist/channel-IYn5sG7l.js +453 -0
- package/dist/channel-MwEUOERy.js +1174 -0
- package/dist/channel-add-wizard-De4DNba-.js +125 -0
- package/dist/channel-add-wizard-v9JYw-20.js +2 -0
- package/dist/channel-core-C3RFVpjy.js +5 -0
- package/dist/channel-geAqqK_e.js +491 -0
- package/dist/channel-inbound-BRCAVWH1.js +31 -0
- package/dist/channel-plugin-resolution-BYpxL2mS.js +2 -0
- package/dist/channel-plugin-resolution-Jy5eA_cD.js +153 -0
- package/dist/channel-plugin-runtime-B7guFbbq.js +771 -0
- package/dist/channel-runtime-B2HmUto-.js +425 -0
- package/dist/channel-selection.runtime.js +1 -1
- package/dist/channel-setup-DmnWuvUU.js +1297 -0
- package/dist/channel-zfFLswBu.js +595 -0
- package/dist/channel.runtime-60XStiek.js +2364 -0
- package/dist/channel.runtime-BK8atBx7.js +430 -0
- package/dist/channel.runtime-CjfgGDJR.js +576 -0
- package/dist/channel.runtime-Cuc72hD3.js +89 -0
- package/dist/channel.runtime-D4i6q9PJ.js +4 -0
- package/dist/channel.runtime-mLdKu3mE.js +42398 -0
- package/dist/channel.runtime.js +1 -1
- package/dist/channel.setup-BxdBjfQG.js +10 -0
- package/dist/channel2.runtime-DhBM75gc.js +109 -0
- package/dist/channel2.runtime.js +1 -1
- package/dist/channels-YP0r9T7z.js +733 -0
- package/dist/channels-cli-BA8x-0ie.js +268 -0
- package/dist/chat-C-K_PnVS.js +2830 -0
- package/dist/clawbot-cli-CcTWZznd.js +9 -0
- package/dist/clawhub-Dg91MiOl.js +400 -0
- package/dist/cli/daemon-cli.js +3 -3
- package/dist/cli-B9pz-wec.js +2 -0
- package/dist/cli-BDqmMCNa.js +219 -0
- package/dist/cli-BnjgRW4w.js +154 -0
- package/dist/cli-C6O2LqdN.js +683 -0
- package/dist/cli-CFANcv9h.js +2 -0
- package/dist/cli-D9yBNX96.js +3726 -0
- package/dist/cli-e4V7ix51.js +2 -0
- package/dist/cli-oSszUBF4.js +72 -0
- package/dist/cli-runner-ziqCSXFY.js +286 -0
- package/dist/cli-runner.runtime-B-P8SxLi.js +4 -0
- package/dist/cli-runner.runtime-BmqwbMTX.js +3 -0
- package/dist/cli-runner.runtime.js +1 -1
- package/dist/cli-startup-metadata.json +2 -2
- package/dist/cli.runtime-4isBQRbc.js +1261 -0
- package/dist/cli.runtime.js +1 -1
- package/dist/client-CcimlPth.js +138 -0
- package/dist/client-DQsu_IXu.js +723 -0
- package/dist/command-auth-BWQO7kca.js +76 -0
- package/dist/command-config-resolution-ClTknI2S.js +2 -0
- package/dist/command-config-resolution-CrkcVij4.js +23 -0
- package/dist/command-config-resolution.runtime-D6B4s-Uv.js +2 -0
- package/dist/command-config-resolution.runtime.js +1 -1
- package/dist/command-execution-startup-CQcKEDhz.js +324 -0
- package/dist/command-registry-B_U-oRjT.js +4 -0
- package/dist/command-registry-CJ8y08cJ.js +9 -0
- package/dist/command-registry-core-CjYDA5Hb.js +106 -0
- package/dist/command-secret-gateway-BN5JN_4V.js +528 -0
- package/dist/command-status.runtime-BwGSaGwK.js +87 -0
- package/dist/command-status.runtime.js +1 -1
- package/dist/commands-acp-Di5EZJSo.js +77 -0
- package/dist/commands-compact.runtime-Dm1rBnbf.js +10 -0
- package/dist/commands-compact.runtime.js +1 -1
- package/dist/commands-core.runtime-DjL6pkWU.js +2 -0
- package/dist/commands-core.runtime.js +1 -1
- package/dist/commands-handlers.runtime-C8uzW3Za.js +4599 -0
- package/dist/commands-handlers.runtime.js +1 -1
- package/dist/commands-reset-hooks-7h-poKws.js +135 -0
- package/dist/commands-status-D_wsDlQe.js +16 -0
- package/dist/commands-status.runtime-BYT0Y8Xk.js +3 -0
- package/dist/commands-status.runtime.js +1 -1
- package/dist/commands-subagents-control.runtime-BozyiWar.js +3 -0
- package/dist/commands-subagents-control.runtime-DDCzt8Ub.js +2 -0
- package/dist/commands-subagents-control.runtime.js +1 -1
- package/dist/commands-system-prompt-ClkTGvNr.js +157 -0
- package/dist/commands-system-prompt-qRoqhQKL.js +2 -0
- package/dist/commands.runtime-DdZErCma.js +167 -0
- package/dist/commands.runtime.js +1 -1
- package/dist/compact-BCs9ORLb.js +1096 -0
- package/dist/compact.runtime-DvG7GWYV.js +12 -0
- package/dist/compact.runtime.js +1 -1
- package/dist/completion-cli-C4J7V5YR.js +328 -0
- package/dist/config-B0uPLzV0.js +252 -0
- package/dist/config-cli-Bt8euI41.js +1078 -0
- package/dist/config-guard-DUDovz1_.js +96 -0
- package/dist/config-runtime-BnYU3hOw.js +32 -0
- package/dist/configure-BIB6QKXD.js +2 -0
- package/dist/configure-DuXRvaw-.js +1252 -0
- package/dist/connect-options-DdLRs3mC.js +699 -0
- package/dist/control-auth-BboB6-Q9.js +125 -0
- package/dist/control-service-zISWiuJ_.js +156 -0
- package/dist/control-ui/assets/agents-JC5PtqrV.js +1125 -0
- package/dist/control-ui/assets/canvas-BOLwH2XE.js +274 -0
- package/dist/control-ui/assets/channel-config-extras-DndsWi2n.js +2 -0
- package/dist/control-ui/assets/channels-DehEkmqb.js +198 -0
- package/dist/control-ui/assets/contacts-CuFuG0IF.js +49 -0
- package/dist/control-ui/assets/cron-DOmGA0e5.js +250 -0
- package/dist/control-ui/assets/de-CJg8xmlK.js +2 -0
- package/dist/control-ui/assets/debug-BmuUKCSJ.js +94 -0
- package/dist/control-ui/assets/es-C4Q-2wY3.js +2 -0
- package/dist/control-ui/assets/fr-C8HMIYz8.js +2 -0
- package/dist/control-ui/assets/i18n-Cc8tlfvD.js +3 -0
- package/dist/control-ui/assets/id-Cfarvm3I.js +2 -0
- package/dist/control-ui/assets/index-rW3Q6M8T.js +5981 -0
- package/dist/control-ui/assets/instances-Cx7hEWzW.js +57 -0
- package/dist/control-ui/assets/ja-JP-F9ReJBkI.js +2 -0
- package/dist/control-ui/assets/ko-COLp1JKa.js +2 -0
- package/dist/control-ui/assets/logs-DB-Z5vcW.js +74 -0
- package/dist/control-ui/assets/mcp-Cpcduudl.js +417 -0
- package/dist/control-ui/assets/memory-DnzEGr6j.js +50 -0
- package/dist/control-ui/assets/memory-graph-DyR9Uhz0.js +30 -0
- package/dist/control-ui/assets/models-DiDA_80_.js +86 -0
- package/dist/control-ui/assets/nodes-DBKCXfee.js +654 -0
- package/dist/control-ui/assets/pl-BYPzLeb4.js +2 -0
- package/dist/control-ui/assets/plugins-CwfOfaNX.js +259 -0
- package/dist/control-ui/assets/presenter-5bq6-zJE.js +2 -0
- package/dist/control-ui/assets/pt-BR-DTBFbuCo.js +2 -0
- package/dist/control-ui/assets/sessions-B32pl2IK.js +56 -0
- package/dist/control-ui/assets/skills-UF7TyQK4.js +294 -0
- package/dist/control-ui/assets/skills-shared-B74z1P-E.js +11 -0
- package/dist/control-ui/assets/th-CIjDBcNT.js +2 -0
- package/dist/control-ui/assets/tr-NCpkXtTg.js +2 -0
- package/dist/control-ui/assets/uk-DvS1vsmH.js +2 -0
- package/dist/control-ui/assets/wallet-RKPn2MRs.js +302 -0
- package/dist/control-ui/assets/zh-CN-SfnMOQr0.js +2 -0
- package/dist/control-ui/assets/zh-TW-CkQgNjXi.js +2 -0
- package/dist/control-ui/index.html +2 -2
- package/dist/control-ui-CKQ17fcd.js +1043 -0
- package/dist/conversation-id-BzYtax7n.js +235 -0
- package/dist/conversation-id-HBz3v6j3.js +38 -0
- package/dist/conversation-runtime-CkcxSb_S.js +31 -0
- package/dist/core-DxVEjt5f.js +275 -0
- package/dist/create-B9OOGa90.js +80 -0
- package/dist/cron-cli-CAkqablA.js +713 -0
- package/dist/daemon-cli-CCC_5IkN.js +12 -0
- package/dist/dashboard-Bqpn6xD_.js +81 -0
- package/dist/dashboard-Cd6TkhpW.js +2 -0
- package/dist/delegate-D7D8iTtT.js +64 -0
- package/dist/deliver-I8Ifd1yR.js +3 -0
- package/dist/deliver-Zphc65zr.js +747 -0
- package/dist/deliver-runtime-DQyfYkCs.js +2 -0
- package/dist/delivery-outbound.runtime-Bs9x6LSS.js +6 -0
- package/dist/delivery-outbound.runtime.js +1 -1
- package/dist/delivery.runtime-Cx3qn7Hc.js +253 -0
- package/dist/delivery.runtime.js +1 -1
- package/dist/detached-task-runtime-D2jixP5C.js +73 -0
- package/dist/devices-cli-CMnaKl01.js +498 -0
- package/dist/diagnostics-B8Z9UWlG.js +154 -0
- package/dist/direct-dm-c4Qb2Nzg.js +64 -0
- package/dist/directive-handling.fast-lane-DuuCgCI2.js +66 -0
- package/dist/directive-handling.impl-BiJain1b.js +2 -0
- package/dist/directive-handling.impl-CYw76-Ag.js +703 -0
- package/dist/directive-handling.model-selection-BNnOIh0D.js +114 -0
- package/dist/directive-handling.persist.runtime-DWnMoAjn.js +215 -0
- package/dist/directive-handling.persist.runtime.js +1 -1
- package/dist/directory-cli-CinbUxv4.js +240 -0
- package/dist/dispatch-acp-BL2QahHP.js +981 -0
- package/dist/dispatch-acp-manager.runtime-CynWPlJS.js +3 -0
- package/dist/dispatch-acp-manager.runtime.js +1 -1
- package/dist/dispatch-acp-media.runtime-CrC5nXXy.js +4 -0
- package/dist/dispatch-acp-media.runtime.js +1 -1
- package/dist/dispatch-acp-session.runtime-C_GFMR0r.js +2 -0
- package/dist/dispatch-acp-session.runtime.js +1 -1
- package/dist/dispatch-acp.runtime-OwR8G8Qt.js +19 -0
- package/dist/dispatch-acp.runtime.js +1 -1
- package/dist/dispatch-r6Uv7puk.js +1131 -0
- package/dist/doctor-config-flow-BQjLEW5b.js +420 -0
- package/dist/doctor-config-preflight-B3VVSleh.js +63 -0
- package/dist/doctor-config-preflight-BBOEq7ti.js +2 -0
- package/dist/doctor-device-pairing-GsLelCah.js +307 -0
- package/dist/doctor-gateway-daemon-flow-Bj6Y5WoB.js +250 -0
- package/dist/doctor-gateway-health-D7WY6zgb.js +63 -0
- package/dist/doctor-health-C9GRQaPA.js +59 -0
- package/dist/doctor-health-contributions-Dk9ho6TO.js +493 -0
- package/dist/doctor-prompter-Ct6Jv52M.js +56 -0
- package/dist/doctor-sandbox-DAb-mQpy.js +194 -0
- package/dist/doctor-state-migrations-36dXc9ct.js +2 -0
- package/dist/doctor-workspace-status-CJCfWEI6.js +75 -0
- package/dist/dreaming-_hTKF5lN.js +1582 -0
- package/dist/dreaming-narrative-D5XTDttN.js +596 -0
- package/dist/embedded-gateway-stub.runtime-CEmoodA9.js +9 -0
- package/dist/embedded-gateway-stub.runtime.js +1 -1
- package/dist/embedding-provider-B9F-kCH3.js +118 -0
- package/dist/embeddings-BCVqTyaZ.js +215 -0
- package/dist/embeddings-http-CCsd7vWB.js +205 -0
- package/dist/entry.js +2 -2
- package/dist/exec-approval-forwarder.runtime-CMniJyXX.js +3 -0
- package/dist/exec-approval-forwarder.runtime.js +1 -1
- package/dist/exec-approvals-cli-ClDMlOmM.js +498 -0
- package/dist/exec-defaults-BWb7bhoE.js +2 -0
- package/dist/exec-defaults-CE8PArh-.js +67 -0
- package/dist/execute.runtime-Bhup95bB.js +1359 -0
- package/dist/execute.runtime.js +1 -1
- package/dist/extensionAPI.js +3 -3
- package/dist/extensions/active-memory/index.js +3 -3
- package/dist/extensions/alibaba/index.js +1 -1
- package/dist/extensions/alibaba/video-generation-provider.js +1 -1
- package/dist/extensions/arcee/index.js +2 -2
- package/dist/extensions/bluebubbles/api.js +3 -3
- package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
- package/dist/extensions/browser/browser-bridge.js +1 -1
- package/dist/extensions/browser/browser-config.js +4 -4
- package/dist/extensions/browser/browser-control-auth.js +2 -2
- package/dist/extensions/browser/browser-doctor.js +2 -2
- package/dist/extensions/browser/browser-maintenance.js +2 -2
- package/dist/extensions/browser/browser-profiles.js +2 -2
- package/dist/extensions/browser/browser-runtime-api.js +10 -10
- package/dist/extensions/browser/index.js +1 -1
- package/dist/extensions/browser/plugin-registration.js +1 -1
- package/dist/extensions/browser/register.runtime.js +3 -3
- package/dist/extensions/browser/runtime-api.js +11 -11
- package/dist/extensions/browser/test-support.js +1 -1
- package/dist/extensions/byteplus/index.js +3 -3
- package/dist/extensions/byteplus/video-generation-provider.js +1 -1
- package/dist/extensions/chutes/index.js +4 -4
- package/dist/extensions/cloudflare-ai-gateway/api.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/catalog-provider.js +1 -1
- package/dist/extensions/cloudflare-ai-gateway/index.js +2 -2
- package/dist/extensions/comfy/image-generation-provider.js +2 -2
- package/dist/extensions/comfy/index.js +5 -5
- package/dist/extensions/comfy/music-generation-provider.js +1 -1
- package/dist/extensions/comfy/video-generation-provider.js +2 -2
- package/dist/extensions/comfy/workflow-runtime.js +1 -1
- package/dist/extensions/deepseek/index.js +1 -1
- package/dist/extensions/device-pair/api.js +2 -2
- package/dist/extensions/device-pair/index.js +4 -4
- package/dist/extensions/device-pair/notify.js +1 -1
- package/dist/extensions/device-pair/pair-command-approve.js +1 -1
- package/dist/extensions/device-pair/qr-image.js +2 -2
- package/dist/extensions/fal/image-generation-provider.js +1 -1
- package/dist/extensions/fal/index.js +3 -3
- package/dist/extensions/fal/provider-registration.js +1 -1
- package/dist/extensions/fal/test-api.js +2 -2
- package/dist/extensions/fal/video-generation-provider.js +1 -1
- package/dist/extensions/fireworks/index.js +1 -1
- package/dist/extensions/github-copilot/api.js +1 -1
- package/dist/extensions/github-copilot/auth.js +1 -1
- package/dist/extensions/github-copilot/embeddings.js +1 -1
- package/dist/extensions/github-copilot/index.js +4 -4
- package/dist/extensions/github-copilot/login.js +1 -1
- package/dist/extensions/github-copilot/register.runtime.js +2 -2
- package/dist/extensions/google-meet/index.js +6 -6
- package/dist/extensions/groq/index.js +1 -1
- package/dist/extensions/groq/media-understanding-provider.js +1 -1
- package/dist/extensions/groq/test-api.js +1 -1
- package/dist/extensions/huggingface/index.js +1 -1
- package/dist/extensions/image-generation-core/api.js +2 -2
- package/dist/extensions/imessage/api.js +4 -4
- package/dist/extensions/imessage/channel-plugin-api.js +1 -1
- package/dist/extensions/imessage/runtime-api.js +5 -5
- package/dist/extensions/imessage/test-api.js +1 -1
- package/dist/extensions/irc/api.js +2 -2
- package/dist/extensions/irc/channel-plugin-api.js +1 -1
- package/dist/extensions/kilocode/index.js +1 -1
- package/dist/extensions/kimi-coding/index.js +2 -2
- package/dist/extensions/line/api.js +2 -2
- package/dist/extensions/line/channel-plugin-api.js +1 -1
- package/dist/extensions/line/contract-api.js +1 -1
- package/dist/extensions/line/runtime-api.js +4 -4
- package/dist/extensions/line/setup-api.js +1 -1
- package/dist/extensions/litellm/index.js +1 -1
- package/dist/extensions/llm-task/index.js +2 -2
- package/dist/extensions/lmstudio/api.js +2 -2
- package/dist/extensions/lmstudio/index.js +3 -3
- package/dist/extensions/lmstudio/memory-embedding-adapter.js +1 -1
- package/dist/extensions/lmstudio/runtime-api.js +1 -1
- package/dist/extensions/lobster/index.js +3 -3
- package/dist/extensions/lobster/runtime-api.js +1 -1
- package/dist/extensions/mattermost/api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
- package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
- package/dist/extensions/mattermost/policy-api.js +1 -1
- package/dist/extensions/mattermost/runtime-api.js +7 -7
- package/dist/extensions/mattermost/slash-route-api.js +1 -1
- package/dist/extensions/media-understanding-core/runtime-api.js +2 -2
- package/dist/extensions/memory-core/api.js +1 -1
- package/dist/extensions/memory-core/cli-metadata.js +2 -2
- package/dist/extensions/memory-core/index.js +3 -3
- package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
- package/dist/extensions/memory-lancedb/index.js +1 -1
- package/dist/extensions/memory-wiki/cli-metadata.js +1 -1
- package/dist/extensions/memory-wiki/index.js +1 -1
- package/dist/extensions/microsoft/index.js +1 -1
- package/dist/extensions/microsoft/speech-provider.js +1 -1
- package/dist/extensions/microsoft/test-api.js +1 -1
- package/dist/extensions/microsoft-foundry/auth.js +1 -1
- package/dist/extensions/microsoft-foundry/cli.js +1 -1
- package/dist/extensions/microsoft-foundry/index.js +1 -1
- package/dist/extensions/microsoft-foundry/onboard.js +2 -2
- package/dist/extensions/microsoft-foundry/provider.js +1 -1
- package/dist/extensions/microsoft-foundry/runtime.js +1 -1
- package/dist/extensions/microsoft-foundry/shared-runtime.js +2 -2
- package/dist/extensions/microsoft-foundry/shared.js +1 -1
- package/dist/extensions/minimax/image-generation-provider.js +1 -1
- package/dist/extensions/minimax/index.js +6 -6
- package/dist/extensions/minimax/media-understanding-provider.js +1 -1
- package/dist/extensions/minimax/music-generation-provider.js +1 -1
- package/dist/extensions/minimax/oauth.js +1 -1
- package/dist/extensions/minimax/oauth.runtime.js +1 -1
- package/dist/extensions/minimax/provider-registration.js +1 -1
- package/dist/extensions/minimax/speech-provider.js +1 -1
- package/dist/extensions/minimax/test-api.js +4 -4
- package/dist/extensions/minimax/video-generation-provider.js +1 -1
- package/dist/extensions/mistral/index.js +2 -2
- package/dist/extensions/mistral/media-understanding-provider.js +1 -1
- package/dist/extensions/mistral/test-api.js +1 -1
- package/dist/extensions/moonshot/index.js +2 -2
- package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
- package/dist/extensions/moonshot/test-api.js +1 -1
- package/dist/extensions/msteams/api.js +1 -1
- package/dist/extensions/msteams/channel-plugin-api.js +1 -1
- package/dist/extensions/msteams/runtime-api.js +4 -4
- package/dist/extensions/msteams/test-api.js +1 -1
- package/dist/extensions/nextcloud-talk/api.js +1 -1
- package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
- package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
- package/dist/extensions/nvidia/index.js +1 -1
- package/dist/extensions/ollama/api.js +3 -3
- package/dist/extensions/ollama/index.js +9 -9
- package/dist/extensions/ollama/runtime-api.js +2 -2
- package/dist/extensions/ollama/web-search-provider.js +1 -1
- package/dist/extensions/openai/api.js +2 -2
- package/dist/extensions/openai/image-generation-provider.js +1 -1
- package/dist/extensions/openai/index.js +6 -6
- package/dist/extensions/openai/media-understanding-provider.js +1 -1
- package/dist/extensions/openai/openai-codex-provider.js +1 -1
- package/dist/extensions/openai/openai-provider.js +1 -1
- package/dist/extensions/openai/register.runtime.js +4 -4
- package/dist/extensions/openai/test-api.js +3 -3
- package/dist/extensions/openai/video-generation-provider.js +1 -1
- package/dist/extensions/opencode/index.js +2 -2
- package/dist/extensions/opencode/media-understanding-provider.js +1 -1
- package/dist/extensions/opencode-go/index.js +2 -2
- package/dist/extensions/opencode-go/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/api.js +1 -1
- package/dist/extensions/openrouter/image-generation-provider.js +1 -1
- package/dist/extensions/openrouter/index.js +4 -4
- package/dist/extensions/openrouter/media-understanding-provider.js +1 -1
- package/dist/extensions/openrouter/register.runtime.js +3 -3
- package/dist/extensions/openrouter/test-api.js +2 -2
- package/dist/extensions/openshell/index.js +3 -3
- package/dist/extensions/qianfan/index.js +1 -1
- package/dist/extensions/qwen/index.js +3 -3
- package/dist/extensions/qwen/media-understanding-provider.js +1 -1
- package/dist/extensions/qwen/test-api.js +2 -2
- package/dist/extensions/qwen/video-generation-provider.js +1 -1
- package/dist/extensions/runway/index.js +1 -1
- package/dist/extensions/runway/video-generation-provider.js +1 -1
- package/dist/extensions/signal/api.js +6 -6
- package/dist/extensions/signal/channel-plugin-api.js +1 -1
- package/dist/extensions/signal/reaction-runtime-api.js +1 -1
- package/dist/extensions/signal/runtime-api.js +9 -9
- package/dist/extensions/skill-workshop/api.js +1 -1
- package/dist/extensions/skill-workshop/index.js +2 -2
- package/dist/extensions/speech-core/runtime-api.js +1 -1
- package/dist/extensions/stepfun/index.js +2 -2
- package/dist/extensions/synology-chat/api.js +1 -1
- package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
- package/dist/extensions/synthetic/index.js +1 -1
- package/dist/extensions/talk-voice/index.js +1 -1
- package/dist/extensions/tencent/index.js +2 -2
- package/dist/extensions/thread-ownership/index.js +1 -1
- package/dist/extensions/tlon/api.js +2 -2
- package/dist/extensions/tlon/channel-plugin-api.js +1 -1
- package/dist/extensions/tlon/runtime-api.js +1 -1
- package/dist/extensions/tlon/test-api.js +1 -1
- package/dist/extensions/together/index.js +2 -2
- package/dist/extensions/together/video-generation-provider.js +1 -1
- package/dist/extensions/twitch/api.js +1 -1
- package/dist/extensions/twitch/channel-plugin-api.js +1 -1
- package/dist/extensions/twitch/setup-plugin-api.js +1 -1
- package/dist/extensions/venice/index.js +1 -1
- package/dist/extensions/vercel-ai-gateway/index.js +1 -1
- package/dist/extensions/voice-call/index.js +1 -1
- package/dist/extensions/voice-call/runtime-entry.js +1 -1
- package/dist/extensions/volcengine/index.js +2 -2
- package/dist/extensions/vydra/image-generation-provider.js +1 -1
- package/dist/extensions/vydra/index.js +4 -4
- package/dist/extensions/vydra/video-generation-provider.js +1 -1
- package/dist/extensions/xai/api.js +2 -2
- package/dist/extensions/xai/code-execution.js +2 -2
- package/dist/extensions/xai/image-generation-provider.js +1 -1
- package/dist/extensions/xai/index.js +6 -6
- package/dist/extensions/xai/speech-provider.js +1 -1
- package/dist/extensions/xai/tts.js +1 -1
- package/dist/extensions/xai/video-generation-provider.js +1 -1
- package/dist/extensions/xai/x-search.js +2 -2
- package/dist/extensions/xiaomi/index.js +1 -1
- package/dist/extensions/zai/index.js +2 -2
- package/dist/extensions/zai/media-understanding-provider.js +1 -1
- package/dist/extensions/zai/test-api.js +1 -1
- package/dist/extensions/zalo/api.js +3 -3
- package/dist/extensions/zalo/channel-plugin-api.js +1 -1
- package/dist/extensions/zalo/runtime-api.js +2 -2
- package/dist/extensions/zalo/setup-api.js +2 -2
- package/dist/extensions/zalouser/api.js +3 -3
- package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
- package/dist/extensions/zalouser/runtime-api.js +7 -7
- package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
- package/dist/extensions/zalouser/test-api.js +1 -1
- package/dist/fallbacks-7zSQjTV3.js +31 -0
- package/dist/fallbacks-CZiqVR5O.js +2 -0
- package/dist/fallbacks-shared-ChkX-wC9.js +111 -0
- package/dist/gateway-CHyZ16Py.js +115 -0
- package/dist/gateway-cli-Ddf-bjxV.js +1283 -0
- package/dist/gateway-rpc-DksPpMA7.js +14 -0
- package/dist/gateway-rpc.runtime-BKaQsdOu.js +23 -0
- package/dist/gateway-rpc.runtime.js +1 -1
- package/dist/gateway-runtime-Ca4l5F_e.js +15 -0
- package/dist/gateway-status-CTPWttLS.js +584 -0
- package/dist/genesis-tools-Bkxp7zlI.js +9435 -0
- package/dist/genesis-tools.runtime-BCkQJQBx.js +2 -0
- package/dist/genesis-tools.runtime.js +1 -1
- package/dist/get-reply-HzKdsGO7.js +3946 -0
- package/dist/get-reply-from-config.runtime-C5ISSvQ1.js +2 -0
- package/dist/get-reply-from-config.runtime.js +1 -1
- package/dist/gmail-watcher-lifecycle-BYRHDXCT.js +2 -0
- package/dist/graph-users-BVVUU02O.js +1337 -0
- package/dist/health-3Ot3RyLe.js +420 -0
- package/dist/health-B1Ww7M60.js +3 -0
- package/dist/health-route--L24U5vY.js +2 -0
- package/dist/health-route-DQ3RbNHQ.js +41 -0
- package/dist/hooks-cli-CsJbTM0O.js +433 -0
- package/dist/http-endpoint-helpers-D5HkMFwp.js +41 -0
- package/dist/http-utils-LFOvdepz.js +924 -0
- package/dist/image-fallbacks--ElXneWp.js +31 -0
- package/dist/image-fallbacks-D3vJILOu.js +2 -0
- package/dist/image-generation-core-DasXukAP.js +18 -0
- package/dist/image-generation-core.auth.runtime.js +1 -1
- package/dist/image-generation-provider-BUYDznhO.js +157 -0
- package/dist/image-generation-provider-CZsEm9qP.js +137 -0
- package/dist/image-generation-provider-DfAtOfEj.js +95 -0
- package/dist/image-generation-provider-Dksuo9OZ.js +529 -0
- package/dist/image-generation-provider-TlVk_XqK.js +63 -0
- package/dist/image-generation-provider-YwugArNw.js +274 -0
- package/dist/image-generation-provider-bWlq5yUE.js +228 -0
- package/dist/image-runtime-CswgJNvs.js +9 -0
- package/dist/inbound-reply-dispatch-B7wRXjgc.js +73 -0
- package/dist/inbound.runtime-Bw0JSbxR.js +4 -0
- package/dist/inbound.runtime-DjvZZHXI.js +3 -0
- package/dist/inbound.runtime.js +1 -1
- package/dist/index.js +2 -2
- package/dist/infra-runtime-CBfd1WMP.js +38 -0
- package/dist/init-D0hOJH3x.js +59 -0
- package/dist/install-CYvCH-s3.js +726 -0
- package/dist/install-security-scan-B7ZoC2Vw.js +26 -0
- package/dist/install-security-scan.runtime-iZsF-J1u.js +671 -0
- package/dist/install-security-scan.runtime.js +1 -1
- package/dist/install.runtime-BAqg9YWO.js +27 -0
- package/dist/install.runtime-Cc9Bf7A6.js +12 -0
- package/dist/install.runtime.js +1 -1
- package/dist/jobs-BIi6klWl.js +729 -0
- package/dist/library-oLeJ7WB2.js +45 -0
- package/dist/lifecycle-CeE5vcbI.js +571 -0
- package/dist/lifecycle-CqOQyQkN.js +229 -0
- package/dist/lifecycle.runtime-3bkEDR0o.js +2 -0
- package/dist/lifecycle.runtime.js +1 -1
- package/dist/list-C3cLeCpB.js +2 -0
- package/dist/list-CcZ_ONLT.js +2 -0
- package/dist/list-DUXsFAZJ.js +1212 -0
- package/dist/list-gnrIqPtd.js +131 -0
- package/dist/list.probe-BwRgShwM.js +419 -0
- package/dist/live-model-switch-CWgg2Ggb.js +336 -0
- package/dist/llm-slug-generator-BkDTThCe.js +79 -0
- package/dist/llm-slug-generator.js +1 -1
- package/dist/load-config-CfZQrUUz.js +35 -0
- package/dist/loader-DsEya2Rd.js +222 -0
- package/dist/local-dispatch.runtime-CtXGZ70F.js +8 -0
- package/dist/local-dispatch.runtime.js +1 -1
- package/dist/login-M0JiZwmc.js +108 -0
- package/dist/logs-cli-zd_9yCKn.js +265 -0
- package/dist/logs-cli.runtime-BWvHh5zg.js +2 -0
- package/dist/logs-cli.runtime.js +1 -1
- package/dist/main-session-restart-recovery-Bnvjo9E1.js +206 -0
- package/dist/managed-image-attachments-Cib67JTY.js +2 -0
- package/dist/managed-image-attachments-Pl-_Wh-s.js +635 -0
- package/dist/manager-CfFNGdWA.js +2057 -0
- package/dist/manager-TXSNaq3B.js +2 -0
- package/dist/markdown-to-line-C83mDLjZ.js +790 -0
- package/dist/mcp/plugin-tools-serve.js +1 -1
- package/dist/mcp-cli-CNy5N1fa.js +725 -0
- package/dist/mcp-http-Cp3nlyRC.js +529 -0
- package/dist/mcp-oauth-embedded.runtime-Bg_5jTnW.js +111 -0
- package/dist/mcp-oauth-embedded.runtime.js +1 -0
- package/dist/media-runtime-BetXjDy_.js +329 -0
- package/dist/media-understanding-PrCTBqs6.js +85 -0
- package/dist/media-understanding-provider-BOJyh6FF.js +85 -0
- package/dist/media-understanding-provider-BQqWS6FP.js +18 -0
- package/dist/media-understanding-provider-BVI5_wpJ.js +12 -0
- package/dist/media-understanding-provider-BvANUUsD.js +37 -0
- package/dist/media-understanding-provider-CmJsqky4.js +69 -0
- package/dist/media-understanding-provider-D160isav.js +28 -0
- package/dist/media-understanding-provider-DLdtS2i0.js +12 -0
- package/dist/media-understanding-provider-DbYma1pc.js +21 -0
- package/dist/media-understanding-provider-DgKlDcus.js +18 -0
- package/dist/media-understanding-provider-Dt4kGn2a.js +13 -0
- package/dist/media-understanding-runtime-7Pt0cFob.js +2 -0
- package/dist/memory-core-host-runtime-cli-BegfMQ60.js +9 -0
- package/dist/memory-embedding-adapter-bqPa42NQ.js +123 -0
- package/dist/memory-host-search-595fbsH5.js +12 -0
- package/dist/memory-host-search.runtime.js +1 -1
- package/dist/message-BEIYueeC.js +232 -0
- package/dist/message-action-runner-BMAw7gfU.js +2 -0
- package/dist/message-action-runner-DbqkVVXA.js +1407 -0
- package/dist/message-actions-CagfUya_.js +143 -0
- package/dist/message.config.runtime.js +1 -1
- package/dist/message.gateway.runtime-8N00rzUd.js +2 -0
- package/dist/message.gateway.runtime.js +1 -1
- package/dist/method-scopes-TWVLEUXZ.js +239 -0
- package/dist/model-picker-DJQ_lN5J.js +3 -0
- package/dist/model-picker-f_kmCGgt.js +559 -0
- package/dist/model-picker.runtime-Bua1ZV3T.js +15 -0
- package/dist/model-picker.runtime.js +1 -1
- package/dist/model-selection-DRe0f5zo.js +212 -0
- package/dist/models-auth-status-dUVFT_f1.js +217 -0
- package/dist/models-cli-VqeddndJ.js +271 -0
- package/dist/models-http-PC5-c2lS.js +92 -0
- package/dist/models.fetch-CsIbuvYn.js +518 -0
- package/dist/monitor-BgwZHXAs.js +2 -0
- package/dist/monitor-BrGXztev.js +1661 -0
- package/dist/monitor-DXqHkIkY.js +788 -0
- package/dist/monitor-DoS0pnRS.js +671 -0
- package/dist/monitor-SUo0OdqH.js +1459 -0
- package/dist/monitor-auth-BjLpAGxu.js +207 -0
- package/dist/monitor-hVTP1bQv.js +1237 -0
- package/dist/monitor-processing-CIokCAUz.js +1974 -0
- package/dist/monitor.runtime-BU4RKNXx.js +2 -0
- package/dist/monitor.runtime.js +1 -1
- package/dist/monitor.webhook-DaTTjWrL.js +180 -0
- package/dist/msteams-CmdWCuQl.js +35 -0
- package/dist/music-generation-provider-D1C-gv82.js +63 -0
- package/dist/music-generation-provider-Da4aNlMi.js +170 -0
- package/dist/native-hook-relay-Crk4McKb.js +519 -0
- package/dist/nextcloud-talk-D23cNPfx.js +17 -0
- package/dist/node-cli-DQ2FAUD5.js +2276 -0
- package/dist/nodes-cli-rSfhRw3_.js +1046 -0
- package/dist/nodes-utils-DlayGjaD.js +84 -0
- package/dist/nodes.helpers-DDUs18Tb.js +34 -0
- package/dist/notify-BSOvLWmd.js +315 -0
- package/dist/oauth-CMgJwuws.js +2 -0
- package/dist/oauth-CkVdnYWF.js +152 -0
- package/dist/oauth-DyK5hAZs.js +139 -0
- package/dist/oauth-OBOUymgi.js +75 -0
- package/dist/oauth.flow-BLoyN3lV.js +3 -0
- package/dist/oauth.flow-DH06lWCO.js +45 -0
- package/dist/onboard-C-WpjREP.js +316 -0
- package/dist/onboard-CpNpQ0N8.js +70 -0
- package/dist/onboard-channels-BeLqCc-3.js +2 -0
- package/dist/onboard-channels-DvKo0QB_.js +3 -0
- package/dist/onboard-custom-BXb7qIWz.js +3 -0
- package/dist/onboard-custom-ClkyPqIy.js +271 -0
- package/dist/onboard-helpers-BSqq4yEX.js +204 -0
- package/dist/onboard-helpers-Cw8cHMwk.js +6 -0
- package/dist/onboard-interactive-CIJMPUNi.js +24 -0
- package/dist/onboard-non-interactive-CCGFunM1.js +635 -0
- package/dist/onboard-remote-BIFjzB0v.js +193 -0
- package/dist/onboard-remote-DdfKS44K.js +2 -0
- package/dist/onboard-skills-C9Oz7pMM.js +134 -0
- package/dist/onboard-skills-DFZIuIBM.js +2 -0
- package/dist/onboard-ygfHgwjs.js +2 -0
- package/dist/onboarding-plugin-install-CSJX8VZv.js +406 -0
- package/dist/openai-codex-provider-ChrCVEw6.js +472 -0
- package/dist/openai-http-V8-EZ-Tx.js +500 -0
- package/dist/openai-provider-CBFc7f3l.js +313 -0
- package/dist/opencode-D8fX4akZ.js +35 -0
- package/dist/openresponses-http-B2Z5eD7p.js +1128 -0
- package/dist/operator-approvals-client-DcLaJSYz.js +68 -0
- package/dist/outbound-runtime-BcayPyTD.js +5 -0
- package/dist/outbound.runtime-BioZr0Xk.js +2 -0
- package/dist/outbound.runtime.js +1 -1
- package/dist/pair-command-approve-CKQ5PFPa.js +44 -0
- package/dist/persistent-bindings.lifecycle-Cc3nJyXl.js +2 -0
- package/dist/persistent-bindings.lifecycle-DMUm3wFX.js +85 -0
- package/dist/pi-bundle-mcp-runtime-BxuXFq8N.js +2 -0
- package/dist/pi-bundle-mcp-runtime-ZvnA7GLK.js +854 -0
- package/dist/pi-bundle-mcp-tools-Cq0oKMGx.js +108 -0
- package/dist/pi-embedded-DLQZrdL6.js +2905 -0
- package/dist/pi-embedded-kfFiSGXN.js +4 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-DRkY_7mg.js +23 -0
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime.js +1 -1
- package/dist/pi-embedded.runtime-DXAilonb.js +4 -0
- package/dist/pi-embedded.runtime.js +1 -1
- package/dist/pi-tool-definition-adapter-D5M4iVmd.js +229 -0
- package/dist/pi-tools-CymfaKhy.js +1118 -0
- package/dist/pi-tools.before-tool-call-CBjigYgQ.js +2 -0
- package/dist/pi-tools.before-tool-call-CrhLIm2q.js +433 -0
- package/dist/plugin-DJ_g-ddv.js +12195 -0
- package/dist/plugin-enabled-CqvTLQjg.js +140 -0
- package/dist/plugin-install-DwdyYiEf.js +115 -0
- package/dist/plugin-install-config-policy-BGQ3WzJO.js +137 -0
- package/dist/plugin-install-ldcXmOz8.js +2 -0
- package/dist/plugin-install-plan-DXvNElN2.js +50 -0
- package/dist/plugin-registration-awDDNZjN.js +23 -0
- package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
- package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
- package/dist/plugin-sdk/acp-runtime.js +3 -3
- package/dist/plugin-sdk/agent-harness-runtime.js +6 -6
- package/dist/plugin-sdk/agent-harness.js +7 -7
- package/dist/plugin-sdk/agent-runtime.js +2 -2
- package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
- package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
- package/dist/plugin-sdk/approval-runtime.js +1 -1
- package/dist/plugin-sdk/browser-node-runtime.js +4 -4
- package/dist/plugin-sdk/browser-setup-tools.js +3 -3
- package/dist/plugin-sdk/browser-support.js +7 -7
- package/dist/plugin-sdk/channel-core.js +2 -2
- package/dist/plugin-sdk/channel-inbound.js +3 -3
- package/dist/plugin-sdk/command-auth.js +2 -2
- package/dist/plugin-sdk/command-status-runtime.js +1 -1
- package/dist/plugin-sdk/compat.js +1 -1
- package/dist/plugin-sdk/config-runtime.js +3 -3
- package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
- package/dist/plugin-sdk/conversation-runtime.js +4 -4
- package/dist/plugin-sdk/core.js +2 -2
- package/dist/plugin-sdk/direct-dm.js +1 -1
- package/dist/plugin-sdk/gateway-runtime.js +3 -3
- package/dist/plugin-sdk/image-generation-core.js +2 -2
- package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
- package/dist/plugin-sdk/index.js +1 -1
- package/dist/plugin-sdk/infra-runtime.js +2 -2
- package/dist/plugin-sdk/irc.js +2 -2
- package/dist/plugin-sdk/matrix.js +1 -1
- package/dist/plugin-sdk/mattermost.js +2 -2
- package/dist/plugin-sdk/media-runtime.js +5 -5
- package/dist/plugin-sdk/media-understanding-runtime.js +2 -2
- package/dist/plugin-sdk/media-understanding.js +2 -2
- package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
- package/dist/plugin-sdk/memory-core.js +2 -2
- package/dist/plugin-sdk/memory-host-search.js +1 -1
- package/dist/plugin-sdk/msteams.js +3 -3
- package/dist/plugin-sdk/nextcloud-talk.js +2 -2
- package/dist/plugin-sdk/nostr.js +1 -1
- package/dist/plugin-sdk/opencode.js +1 -1
- package/dist/plugin-sdk/outbound-runtime.js +2 -2
- package/dist/plugin-sdk/provider-auth-api-key.js +2 -2
- package/dist/plugin-sdk/provider-auth-login.js +1 -1
- package/dist/plugin-sdk/provider-auth.js +2 -2
- package/dist/plugin-sdk/provider-entry.js +1 -1
- package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
- package/dist/plugin-sdk/reply-runtime.js +4 -4
- package/dist/plugin-sdk/runtime-doctor.js +1 -1
- package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
- package/dist/plugin-sdk/runtime.js +3 -3
- package/dist/plugin-sdk/sandbox.js +1 -1
- package/dist/plugin-sdk/session-store-runtime.js +1 -1
- package/dist/plugin-sdk/session-visibility.js +1 -1
- package/dist/plugin-sdk/skill-commands-runtime.js +1 -1
- package/dist/plugin-sdk/src/config/types.mcp.d.ts +13 -0
- package/dist/plugin-sdk/src/gateway/protocol/index.d.ts +29 -3
- package/dist/plugin-sdk/src/gateway/protocol/schema/mcp.d.ts +52 -0
- package/dist/plugin-sdk/src/gateway/protocol/schema/protocol-schemas.d.ts +52 -0
- package/dist/plugin-sdk/src/gateway/protocol/schema/types.d.ts +8 -0
- package/dist/plugin-sdk/testing.js +4 -4
- package/dist/plugin-sdk/tlon.js +1 -1
- package/dist/plugin-sdk/zalo.js +1 -1
- package/dist/plugin-sdk/zalouser.js +1 -1
- package/dist/plugin-service-Bcg-shsL.js +2893 -0
- package/dist/plugins/runtime/index.js +1 -1
- package/dist/plugins-cli-CUZMkYFB.js +584 -0
- package/dist/plugins-command-helpers-BGFL7yp7.js +107 -0
- package/dist/plugins-install-persist-Cp8tSsno.js +133 -0
- package/dist/plugins-update-command-Ds_N9qES.js +1057 -0
- package/dist/policy-DIf26_n6.js +328 -0
- package/dist/postinstall-inventory.json +711 -709
- package/dist/prepare.runtime-DCLXK1uq.js +807 -0
- package/dist/prepare.runtime.js +1 -1
- package/dist/probe-0w9S79sF.js +45 -0
- package/dist/probe-B1L2nZVS.js +243 -0
- package/dist/probe-BQT29JH7.js +74 -0
- package/dist/probe-CB6KR9ri.js +240 -0
- package/dist/probe-CWtFr2jl.js +2 -0
- package/dist/probe-CcBuLmYT.js +2205 -0
- package/dist/probe-DYqlJBSk.js +2 -0
- package/dist/probe-_IUalbC8.js +1443 -0
- package/dist/program-sXJs6Lyj.js +111 -0
- package/dist/prompt-select-styled-jucMgA5f.js +20 -0
- package/dist/protocol-DgMCJAA_.js +2586 -0
- package/dist/provider-BSqWTcoz.js +70 -0
- package/dist/provider-api-key-auth-C92t3JTu.js +131 -0
- package/dist/provider-api-key-auth.runtime.js +1 -1
- package/dist/provider-auth-api-key-zf0PU9U_.js +5 -0
- package/dist/provider-auth-choice-palZRKPG.js +228 -0
- package/dist/provider-auth-hCEy91hA.js +46 -0
- package/dist/provider-auth-login-D4MC4bs_.js +8 -0
- package/dist/provider-auth-login.runtime.js +1 -1
- package/dist/provider-dispatcher-9z9Dw59_.js +2 -0
- package/dist/provider-dispatcher-DyQNST2Z.js +22 -0
- package/dist/provider-entry-DZDgzWTU.js +106 -0
- package/dist/provider-model-defaults-DC1PMV0H.js +6 -0
- package/dist/provider-registration-BSHUosM7.js +218 -0
- package/dist/provider-registration-CA9-PRDk.js +37 -0
- package/dist/qr-cli-Dwc3sjiV.js +2 -0
- package/dist/qr-cli-hTiyQbbK.js +349 -0
- package/dist/qr-image-BDoVY1GF.js +2 -0
- package/dist/queue-BljsBBtU.js +409 -0
- package/dist/reaction-runtime-api-Q9NHKbpw.js +116 -0
- package/dist/reactions-DGczAFsd.js +998 -0
- package/dist/read-capability-YFf_CDLF.js +412 -0
- package/dist/register-service-commands-Dxwl01rR.js +71 -0
- package/dist/register.agent-Drovpr_f.js +248 -0
- package/dist/register.configure-BzQtmjqp.js +15 -0
- package/dist/register.maintenance-PRykY6qq.js +363 -0
- package/dist/register.message-Dw6OLnap.js +329 -0
- package/dist/register.onboard-CB7aqo8I.js +88 -0
- package/dist/register.runtime-5QpZP1PI.js +81 -0
- package/dist/register.runtime.js +1 -1
- package/dist/register.setup-GLc__3H1.js +150 -0
- package/dist/register.status-health-sessions-DuQnS6V7.js +1215 -0
- package/dist/register.subclis-Bupq6ckp.js +3 -0
- package/dist/register.subclis-Df0YvsXg.js +29 -0
- package/dist/register.subclis-core-CK63Nor4.js +249 -0
- package/dist/reply-dispatch-runtime-D63ANCTQ.js +13 -0
- package/dist/reply-media-paths.runtime-C6-V86g1.js +146 -0
- package/dist/reply-media-paths.runtime-Cmms8y5S.js +2 -0
- package/dist/reply-media-paths.runtime.js +1 -1
- package/dist/reply-runtime-CLq8xugv.js +10 -0
- package/dist/reply.runtime-FitoWYiX.js +2 -0
- package/dist/reply.runtime.js +1 -1
- package/dist/resolve-BHmKuinY.js +259 -0
- package/dist/response-generator-BxzbAKHi.js +175 -0
- package/dist/restart-health-CNE6ENF8.js +202 -0
- package/dist/restart-health-DriNCEEo.js +2 -0
- package/dist/root-help-BsG62TUK.js +44 -0
- package/dist/route-reply-EPkWewCQ.js +162 -0
- package/dist/route-reply.runtime-Rem8ixbJ.js +2 -0
- package/dist/route-reply.runtime.js +1 -1
- package/dist/routes-B8SmZM_C.js +3341 -0
- package/dist/routes-CVtIuQaj.js +2 -0
- package/dist/rpc-AJw8-VEF.js +61 -0
- package/dist/rpc.runtime-NzXXr3IH.js +21 -0
- package/dist/rpc.runtime.js +1 -1
- package/dist/run-auth-profile.runtime-DrFMFMa5.js +2 -0
- package/dist/run-auth-profile.runtime.js +1 -1
- package/dist/run-delivery.runtime-DDc5pTuc.js +530 -0
- package/dist/run-delivery.runtime.js +1 -1
- package/dist/run-embedded.runtime-BlLE0DKl.js +4 -0
- package/dist/run-embedded.runtime.js +1 -1
- package/dist/run-execution-cli.runtime-Dx9bn2nL.js +4 -0
- package/dist/run-execution-cli.runtime.js +1 -1
- package/dist/run-executor.runtime-Bx0-xr66.js +277 -0
- package/dist/run-executor.runtime.js +1 -1
- package/dist/run-main-Q7WXDun9.js +567 -0
- package/dist/run-subagent-registry.runtime-DN441nGA.js +2 -0
- package/dist/run-subagent-registry.runtime.js +1 -1
- package/dist/run-wait-DOOBZLr5.js +135 -0
- package/dist/runner-B8D0Coak.js +966 -0
- package/dist/runner.entries-DZUGr24v.js +604 -0
- package/dist/runtime-B56xKFjA.js +9 -0
- package/dist/runtime-BshnyUPo.js +116 -0
- package/dist/runtime-CnTeeNB7.js +72 -0
- package/dist/runtime-D--xK0Me.js +961 -0
- package/dist/runtime-DFBduVee.js +2 -0
- package/dist/runtime-api-BGOAhjcp.js +9 -0
- package/dist/runtime-api-CcUMXjjy.js +14 -0
- package/dist/runtime-api-L9lB-rDz.js +4 -0
- package/dist/runtime-api-ap0gPIKQ.js +9 -0
- package/dist/runtime-co7Um4tt.js +263 -0
- package/dist/runtime-embedded-pi.runtime-CQ5TsVlh.js +2 -0
- package/dist/runtime-embedded-pi.runtime.js +1 -1
- package/dist/runtime-entry-g38-J35c.js +2769 -0
- package/dist/runtime-internal-DwAoh64o.js +2 -0
- package/dist/runtime-manifest.runtime.js +1 -1
- package/dist/runtime-options-CtF_gotz.js +275 -0
- package/dist/runtime-prepare.runtime-DAaAh4tU.js +80 -0
- package/dist/runtime-prepare.runtime.js +1 -1
- package/dist/runtime-schema-7aqYdEly.js +28599 -0
- package/dist/runtime-web-tools-DpTEm5uJ.js +1477 -0
- package/dist/runtime-web-tools-fallback.runtime.js +1 -1
- package/dist/runtime-web-tools-manifest.runtime.js +1 -1
- package/dist/runtime-web-tools-public-artifacts.runtime.js +1 -1
- package/dist/sandbox-DjUUwvID.js +3 -0
- package/dist/sandbox-IL2pQunA.js +1156 -0
- package/dist/sandbox-cli-C75oWfKU.js +450 -0
- package/dist/scan-BmfJ_GUd.js +2 -0
- package/dist/scan-BwUXPVa4.js +523 -0
- package/dist/secrets-cli-Byrmt5p3.js +2101 -0
- package/dist/security-cli-Cb_qzWSU.js +486 -0
- package/dist/selection-BaZ-7Sz6.js +2 -0
- package/dist/selection-C8rwxPqg.js +7743 -0
- package/dist/send-C3Ht9Buu.js +102 -0
- package/dist/send-NpRBz3rn.js +156 -0
- package/dist/send.runtime-Buvd_P2p.js +2 -0
- package/dist/send.runtime.js +1 -1
- package/dist/server-B8tim7RO.js +13 -0
- package/dist/server-ClAvfJJm.js +77 -0
- package/dist/server-context-Dl7OQ56d.js +2 -0
- package/dist/server-context-F2Jh0JBO.js +847 -0
- package/dist/server-node-events-Db8SbNO0.js +474 -0
- package/dist/server-plugin-bootstrap-DxpFA7AU.js +13703 -0
- package/dist/server-plugin-bootstrap-t6Z_tN0J.js +2 -0
- package/dist/server-restart-sentinel-VLhFJOy5.js +684 -0
- package/dist/server.impl-BNDZK6Lv.js +12804 -0
- package/dist/session-BThNEh5u.js +48 -0
- package/dist/session-archive.runtime.js +1 -1
- package/dist/session-envelope-tBfpcRRu.js +18 -0
- package/dist/session-key-De2wQZ8k.js +65 -0
- package/dist/session-kill-http-C35_XMK_.js +110 -0
- package/dist/session-meta-Bpv85XpZ.js +109 -0
- package/dist/session-override-dIx8boay.js +106 -0
- package/dist/session-reset-model.runtime-BY5KYxcY.js +133 -0
- package/dist/session-reset-model.runtime.js +1 -1
- package/dist/session-reset-service-Cs7o8vTZ.js +497 -0
- package/dist/session-route-DwjrtcvV.js +93 -0
- package/dist/session-status.runtime-Cp9hECfs.js +2 -0
- package/dist/session-status.runtime.js +1 -1
- package/dist/session-store-DT5H5NRv.js +126 -0
- package/dist/session-store.runtime-CoRuKMfZ.js +2 -0
- package/dist/session-store.runtime.js +1 -1
- package/dist/session-subagent-reactivation.runtime-3hC6cwVh.js +2 -0
- package/dist/session-subagent-reactivation.runtime.js +1 -1
- package/dist/session-tab-registry-BHn1P3lZ.js +581 -0
- package/dist/session-updates-CHKrFM9H.js +236 -0
- package/dist/session-updates.runtime-CqylTFnb.js +2 -0
- package/dist/session-updates.runtime.js +1 -1
- package/dist/session-utils-otyfumhD.js +1009 -0
- package/dist/session-visibility-C5yhLdDZ.js +147 -0
- package/dist/sessions-BjHLgqjt.js +2 -0
- package/dist/sessions-C1_80mqv.js +48 -0
- package/dist/sessions-DjIcw5uP.js +281 -0
- package/dist/sessions-helpers-C_xGZAo7.js +305 -0
- package/dist/sessions-history-http-CQ-Ga5H3.js +371 -0
- package/dist/sessions-patch-XzBTc4fY.js +309 -0
- package/dist/sessions-resolve-CF4QOXiX.js +174 -0
- package/dist/sessions-w6UJYMea.js +16 -0
- package/dist/sessions.runtime-CEV3VtEH.js +2 -0
- package/dist/sessions.runtime.js +1 -1
- package/dist/setup-BrkQiUrj.js +421 -0
- package/dist/setup-D218KRK6.js +636 -0
- package/dist/setup-api-BvHlVezg.js +29 -0
- package/dist/setup-core-BjceveVY.js +171 -0
- package/dist/setup-core-CxDIk2Qq.js +176 -0
- package/dist/setup-surface-6hnrFGJ3.js +286 -0
- package/dist/setup-surface-BBDyg26_.js +219 -0
- package/dist/setup-surface-HREO9zEo.js +403 -0
- package/dist/setup.finalize-CAJxf_Mm.js +547 -0
- package/dist/setup.gateway-config-g6JfCjT4.js +250 -0
- package/dist/shared-CJ2_38Ar.js +198 -0
- package/dist/shared-CecRnN5i.js +76 -0
- package/dist/shared-G254rWzJ.js +217 -0
- package/dist/shared-Zan1S92i.js +121 -0
- package/dist/shared-runtime-CKzUXuwN.js +7 -0
- package/dist/skill-commands-DWC_vZ-J.js +83 -0
- package/dist/skill-commands.runtime-BMmD4lyW.js +2 -0
- package/dist/skill-commands.runtime.js +1 -1
- package/dist/skills-install-Bpfq1PgX.js +605 -0
- package/dist/skills-snapshot.runtime-uSs9vmlj.js +7 -0
- package/dist/skills-snapshot.runtime.js +1 -1
- package/dist/slash-state-EXy1B2EX.js +1911 -0
- package/dist/speech-provider-CcbYv8ap.js +216 -0
- package/dist/speech-provider-Cr1h-_-X.js +170 -0
- package/dist/speech-provider-Gif_hcpc.js +209 -0
- package/dist/src-Dda8Fvmo.js +3974 -0
- package/dist/stage-sandbox-media.runtime-_FkeTCA0.js +232 -0
- package/dist/stage-sandbox-media.runtime.js +1 -1
- package/dist/startup-context-BLtyYbKu.js +312 -0
- package/dist/state-migrations-BXYrr3Hc.js +820 -0
- package/dist/status-B1RXiDvc.js +3 -0
- package/dist/status-B4tnoXkV.js +2 -0
- package/dist/status-BWXZC-dF.js +2 -0
- package/dist/status-CUZkKe39.js +62 -0
- package/dist/status-DNnTegVL.js +395 -0
- package/dist/status-G3Z29Cb_.js +190 -0
- package/dist/status-all-pjolmMGB.js +498 -0
- package/dist/status-json-BKR5uVlE.js +14 -0
- package/dist/status-json-command-DuIQ8dNz.js +82 -0
- package/dist/status-message-CZyHmUQr.js +466 -0
- package/dist/status-message.runtime-C1I59_ay.js +6 -0
- package/dist/status-message.runtime.js +1 -1
- package/dist/status-n2SrcSeP.js +209 -0
- package/dist/status-queue.runtime-k2kdii3C.js +2 -0
- package/dist/status-queue.runtime.js +1 -1
- package/dist/status-runtime-shared-9akPh3OB.js +241 -0
- package/dist/status-subagents.runtime-C-2-94r7.js +18 -0
- package/dist/status-subagents.runtime.js +1 -1
- package/dist/status-text-DY-AMW7D.js +237 -0
- package/dist/status.gateway-connection.runtime-CGwlyVSQ.js +2 -0
- package/dist/status.gateway-connection.runtime.js +1 -1
- package/dist/status.gather-C17tVkff.js +2 -0
- package/dist/status.gather-CGXwFKnq.js +292 -0
- package/dist/status.runtime-DdcRs0mC.js +2 -0
- package/dist/status.runtime-L3R8cOql.js +2 -0
- package/dist/status.runtime.js +1 -1
- package/dist/status.scan-BSIqJF_S.js +65 -0
- package/dist/status.scan-overview-CbwLYoIT.js +379 -0
- package/dist/status.scan.fast-json-BnpfFSN8.js +2 -0
- package/dist/status.scan.fast-json-W54JDFUy.js +132 -0
- package/dist/status.summary-CeaTG93y.js +2 -0
- package/dist/status.summary-LPaYBiqB.js +200 -0
- package/dist/store-BtHVDH2Q.js +910 -0
- package/dist/store-Qn6Vf7Ma.js +4 -0
- package/dist/store.runtime-Dd3L_GjJ.js +2 -0
- package/dist/store.runtime.js +1 -1
- package/dist/stream-CImPPcyN.js +664 -0
- package/dist/subagent-announce-Dn5xl49E.js +351 -0
- package/dist/subagent-announce-delivery-CpVHT0KZ.js +726 -0
- package/dist/subagent-announce-output-Ba8GDqQZ.js +364 -0
- package/dist/subagent-capabilities-DN1kjzNE.js +251 -0
- package/dist/subagent-control-Clm3gsra.js +506 -0
- package/dist/subagent-control.runtime-D9vrLexA.js +3 -0
- package/dist/subagent-control.runtime.js +1 -1
- package/dist/subagent-followup.runtime-OlILj5hg.js +68 -0
- package/dist/subagent-followup.runtime.js +1 -1
- package/dist/subagent-orphan-recovery-Dqi7ktSy.js +305 -0
- package/dist/subagent-registry-BfT1dA_H.js +3 -0
- package/dist/subagent-registry-DsOeyo6i.js +1753 -0
- package/dist/subagent-registry.runtime.js +1 -1
- package/dist/subagent-spawn-IMKDJ_Ai.js +1005 -0
- package/dist/supervisor-DgpKTzey.js +704 -0
- package/dist/supervisor-log.runtime.js +1 -1
- package/dist/system-cli-QcbUPgUP.js +43 -0
- package/dist/targets-rJXMe19f.js +67 -0
- package/dist/targets.runtime.js +1 -1
- package/dist/task-executor-CT_QfGPJ.js +360 -0
- package/dist/task-owner-access-Bm14vxJa.js +74 -0
- package/dist/task-registry-D6gK7iIt.js +2357 -0
- package/dist/task-registry-delivery-runtime-CDAeASdU.js +2 -0
- package/dist/task-registry-delivery-runtime-CeWw5kdc.js +3 -0
- package/dist/task-registry.maintenance-B5hpULqB.js +416 -0
- package/dist/task-registry.maintenance-DZFQCCjc.js +2 -0
- package/dist/telegram/token.js +2 -2
- package/dist/testing-B2Y0vJ76.js +575 -0
- package/dist/text-report-0Q8c04if.js +549 -0
- package/dist/tool-auth-shared-Ca0wddYT.js +90 -0
- package/dist/tool-policy-pipeline-BLtvEs31.js +109 -0
- package/dist/tool-resolution-CHcj9HdC.js +90 -0
- package/dist/tools-effective-inventory-Giuks2Dt.js +152 -0
- package/dist/tools-invoke-http-FlaWbmCS.js +206 -0
- package/dist/transcript-resolve.runtime-wnJiuCEb.js +2 -0
- package/dist/transcript-resolve.runtime.js +1 -1
- package/dist/transcript-yKXsllQ2.js +312 -0
- package/dist/transcript.runtime-CmcFZQq0.js +2 -0
- package/dist/transcript.runtime.js +1 -1
- package/dist/trash-BzlpkaUi.js +24 -0
- package/dist/tts-BG_1G2S6.js +64 -0
- package/dist/tui-cli-B9Emgd5Q.js +4585 -0
- package/dist/uninstall-B6U2msaD.js +185 -0
- package/dist/update-BjKPsXUk.js +1282 -0
- package/dist/update-cli-ln47pDmA.js +1759 -0
- package/dist/update-startup-Xs6Edz-d.js +2 -0
- package/dist/upgrade-Ctu4zfU3.js +1226 -0
- package/dist/video-generation-provider-B0W1RcQj.js +264 -0
- package/dist/video-generation-provider-B2XcJK8B.js +221 -0
- package/dist/video-generation-provider-BJt8-Jzh.js +254 -0
- package/dist/video-generation-provider-Bsz88Y8I.js +78 -0
- package/dist/video-generation-provider-CmN0n1aP.js +271 -0
- package/dist/video-generation-provider-DKFpHGWz.js +64 -0
- package/dist/video-generation-provider-LgYMFJAm.js +281 -0
- package/dist/video-generation-provider-j1OQMvjr2.js +77 -0
- package/dist/video-generation-provider-lI_tgIiA.js +287 -0
- package/dist/video-generation-provider-uVzVbp2s.js +118 -0
- package/dist/video-generation-provider-xQ4AZkeK.js +187 -0
- package/dist/video-generation-task-status-AzBxxMK4.js +163 -0
- package/dist/wait-for-idle-before-flush-D4a3dGVX.js +6025 -0
- package/dist/web-search-provider-Bt8NRG25.js +163 -0
- package/dist/wizard-models-DpLispoG.js +334 -0
- package/dist/workflow-runtime-C0jGj382.js +485 -0
- package/package.json +1 -1
- package/dist/abort-CvJN6IMd.js +0 -201
- package/dist/abort-cutoff.runtime-oLWHRfE6.js +0 -20
- package/dist/abort.runtime-DAzGHIa2.js +0 -2
- package/dist/accounts-B3aTKIO4.js +0 -104
- package/dist/accounts-BwigO-9Q.js +0 -2
- package/dist/accounts-CdLNyXHa.js +0 -107
- package/dist/acp-cli-DQz79rl7.js +0 -2217
- package/dist/acp-spawn-Bbs_m3VF.js +0 -2
- package/dist/acp-spawn-CTMewMbn.js +0 -1042
- package/dist/acp-stateful-target-driver-D4VaoZPV.js +0 -89
- package/dist/action-agents-DFmhHVfJ.js +0 -67
- package/dist/action-focus-Dx08tcy-.js +0 -132
- package/dist/action-help-hQl_vyPP.js +0 -7
- package/dist/action-info-JmXoHEPD.js +0 -101
- package/dist/action-kill-BcGm94a1.js +0 -33
- package/dist/action-list-BtDTTljd.js +0 -21
- package/dist/action-log-CzNEUTkF.js +0 -30
- package/dist/action-send-BVjcdCrr.js +0 -39
- package/dist/action-spawn-Cn0JgaO1.js +0 -47
- package/dist/action-unfocus-c1Uu4T8u.js +0 -29
- package/dist/actions.runtime-Cmrr3s-z.js +0 -5
- package/dist/actions.runtime-XCeILsBA.js +0 -18
- package/dist/agent-CS1XdimC.js +0 -2
- package/dist/agent-command-BiLxDWtx.js +0 -874
- package/dist/agent-harness-runtime-bunUaGg7.js +0 -144
- package/dist/agent-runner-utils-BFkEZbb9.js +0 -239
- package/dist/agent-runner.runtime-DUtejeBt.js +0 -3443
- package/dist/agent-runtime-CQG_IBlM.js +0 -18
- package/dist/agents-DArnaFQV.js +0 -954
- package/dist/agents-jSVdSQr5.js +0 -5
- package/dist/agents.command-shared-cZa4UKga.js +0 -40
- package/dist/aliases-BrquU2aa.js +0 -96
- package/dist/aliases-OQzPD6Kz.js +0 -2
- package/dist/api-BXtBpymk.js +0 -5
- package/dist/api-CGMqDBcv.js +0 -3
- package/dist/api-CNr0UyHW.js +0 -139
- package/dist/api-DIKi1Ni8.js +0 -4
- package/dist/api-i4W2Wwd4.js +0 -48
- package/dist/apply-oUSa2Pf0.js +0 -508
- package/dist/apply.runtime-BLCi2Ivv.js +0 -166
- package/dist/apply.runtime-D_hTG_Y0.js +0 -2
- package/dist/approval-gateway-resolver-D2iqmJiq.js +0 -29
- package/dist/approval-gateway-runtime-C1pBe7Fx.js +0 -2
- package/dist/approval-handler-runtime-Zf1fCWk1.js +0 -439
- package/dist/approval-native-runtime-C0zvGwfB.js +0 -729
- package/dist/attempt-execution.runtime-Cu16wO9j.js +0 -509
- package/dist/attempt-execution.shared-BY_ARPh1.js +0 -22
- package/dist/attempt.prompt-helpers-C3qMNvxE.js +0 -206
- package/dist/attempt.tool-run-context-M11pca0b.js +0 -933
- package/dist/audit-DF-0hnr9.js +0 -939
- package/dist/audit-extra.async-BbZcluVr.js +0 -971
- package/dist/audit-tool-policy-C0lIM9Fp.js +0 -3
- package/dist/audit.deep.runtime-CXjulrWI.js +0 -2
- package/dist/audit.nondeep.runtime-nu5XTu7N.js +0 -880
- package/dist/audit.runtime-DYyjmKuk.js +0 -7
- package/dist/auth-CzjcgD0-.js +0 -177
- package/dist/auth-DE-yY2QL.js +0 -550
- package/dist/auth-DLmN64Y_.js +0 -2
- package/dist/auth-DQw5zHDJ.js +0 -56
- package/dist/auth-choice-CXWHXiQK.js +0 -3
- package/dist/auth-choice-DGMF0dBk.js +0 -85
- package/dist/auth-order-CP3BJeex.js +0 -2
- package/dist/auth-order-DQHJAKY8.js +0 -139
- package/dist/bash-tools-DUxUia5q.js +0 -3
- package/dist/bash-tools-_AgECrXf.js +0 -2853
- package/dist/bash-tools.exec-runtime-CVOp5fHn.js +0 -823
- package/dist/binding-routing-D7ruDbx0.js +0 -85
- package/dist/binding-targets-BZWuOcR0.js +0 -121
- package/dist/bridge-server-C4WpUTaE.js +0 -113
- package/dist/browser-control-auth-CmYxtkaH.js +0 -2
- package/dist/browser-node-runtime-BLHYH8YL.js +0 -12
- package/dist/browser-profiles-Cawo818z.js +0 -2
- package/dist/browser-runtime-LzhODwuG.js +0 -387
- package/dist/browser-setup-tools-CTgOb29b.js +0 -13
- package/dist/build-AqzTQK3J.js +0 -550
- package/dist/call-J2wbwzLi.js +0 -330
- package/dist/call-S0AZ899k.js +0 -3
- package/dist/call.runtime-CyP2bdv0.js +0 -2
- package/dist/capability-cli-6jHIuGQe.js +0 -1401
- package/dist/catalog-provider-RQJYkKkq.js +0 -40
- package/dist/catchup-CN5lM9nn.js +0 -300
- package/dist/channel-4jggmldw.js +0 -453
- package/dist/channel-8osltyJD.js +0 -840
- package/dist/channel-B-P45jvy.js +0 -595
- package/dist/channel-BIV8BnjO.js +0 -1802
- package/dist/channel-CXUPhx7m.js +0 -297
- package/dist/channel-ChWfDzLg.js +0 -226
- package/dist/channel-DMCOcmaZ.js +0 -491
- package/dist/channel-DT5I65Xv.js +0 -1174
- package/dist/channel-_mt8OaDA.js +0 -1320
- package/dist/channel-add-wizard-BLjklZ70.js +0 -2
- package/dist/channel-add-wizard-C3BysW2-.js +0 -125
- package/dist/channel-cbqIqIvi.js +0 -1100
- package/dist/channel-core-CcHrOJQl.js +0 -5
- package/dist/channel-inbound-gJZ5fy8s.js +0 -31
- package/dist/channel-plugin-resolution-BNbz8s_s.js +0 -153
- package/dist/channel-plugin-resolution-Bey1o2RL.js +0 -2
- package/dist/channel-plugin-runtime-CFVplMXF.js +0 -771
- package/dist/channel-runtime-D2fhnXNT.js +0 -425
- package/dist/channel-setup-BzbhDDrt.js +0 -1297
- package/dist/channel-twNI9g5j.js +0 -350
- package/dist/channel.runtime-B7RAHQNT.js +0 -430
- package/dist/channel.runtime-BIcoI6bq.js +0 -2364
- package/dist/channel.runtime-Ci_26egi.js +0 -576
- package/dist/channel.runtime-CzTNZfZz.js +0 -89
- package/dist/channel.runtime-D0qkeWVB.js +0 -4
- package/dist/channel.runtime-D_9taoyr.js +0 -42398
- package/dist/channel.setup-Ck6-6alN.js +0 -10
- package/dist/channel2.runtime-CzLs-yVz.js +0 -109
- package/dist/channels-C3tEEndo.js +0 -733
- package/dist/channels-cli-1vvCRqai.js +0 -268
- package/dist/chat-9N_9QPkq.js +0 -2830
- package/dist/clawbot-cli-CySj7xP4.js +0 -9
- package/dist/clawhub-DRNYT4Ih.js +0 -400
- package/dist/cli-2nlB-dHJ.js +0 -154
- package/dist/cli-7dTpJC3M.js +0 -2
- package/dist/cli-BGMFTnb1.js +0 -683
- package/dist/cli-BNYLM-n-.js +0 -219
- package/dist/cli-Bj3CMawx.js +0 -2
- package/dist/cli-C26tWLBw.js +0 -3726
- package/dist/cli-dB2d6i0x.js +0 -72
- package/dist/cli-fZ6nZozk.js +0 -2
- package/dist/cli-runner-DkUWaw3u.js +0 -286
- package/dist/cli-runner.runtime-Bdu8GaIU.js +0 -4
- package/dist/cli-runner.runtime-D35_WwIC.js +0 -3
- package/dist/cli.runtime-D0ZdkRoZ.js +0 -1261
- package/dist/client-BLrVaUap.js +0 -723
- package/dist/client-JSnNx9t8.js +0 -138
- package/dist/command-auth-vH98jyU8.js +0 -76
- package/dist/command-config-resolution-B-U-WZy5.js +0 -23
- package/dist/command-config-resolution-ByjKlaVl.js +0 -2
- package/dist/command-config-resolution.runtime-Wv85AlQo.js +0 -2
- package/dist/command-execution-startup-DtBNBU06.js +0 -324
- package/dist/command-registry-Bu9yJGC5.js +0 -4
- package/dist/command-registry-CuME9hky.js +0 -9
- package/dist/command-registry-core-Bk9WAOxq.js +0 -106
- package/dist/command-secret-gateway-BWnLmfo1.js +0 -528
- package/dist/command-status.runtime-DHRozViO.js +0 -87
- package/dist/commands-acp-CnxVcX4s.js +0 -77
- package/dist/commands-compact.runtime-DKZYaee9.js +0 -10
- package/dist/commands-core.runtime-CXYQlfla.js +0 -2
- package/dist/commands-handlers.runtime-BFqsQ9UV.js +0 -4599
- package/dist/commands-reset-hooks-C-P5vfWa.js +0 -135
- package/dist/commands-status-DBC5I7yG.js +0 -16
- package/dist/commands-status.runtime-BgK6raz4.js +0 -3
- package/dist/commands-subagents-control.runtime-CY4xaq28.js +0 -3
- package/dist/commands-subagents-control.runtime-z9tchzCP.js +0 -2
- package/dist/commands-system-prompt-BNtFvxmr.js +0 -157
- package/dist/commands-system-prompt-CHVjFzQO.js +0 -2
- package/dist/commands.runtime-BAsTu7s5.js +0 -167
- package/dist/compact-Ddu8hZfc.js +0 -1096
- package/dist/compact.runtime-GpkxTJxx.js +0 -12
- package/dist/completion-cli-BNte3Dj6.js +0 -328
- package/dist/config-Cvu5tnrW.js +0 -252
- package/dist/config-cli-BlZB5tV-.js +0 -1078
- package/dist/config-guard-Ca-1hhke.js +0 -96
- package/dist/config-runtime-AtYct3A3.js +0 -32
- package/dist/configure-CiGtXggx.js +0 -2
- package/dist/configure-DDqC8LYD.js +0 -1252
- package/dist/connect-options-BbJfh_Oy.js +0 -699
- package/dist/control-auth-B2Jsq2zv.js +0 -125
- package/dist/control-service-B5OxTjPP.js +0 -156
- package/dist/control-ui/assets/agents-CfLnBH4t.js +0 -1125
- package/dist/control-ui/assets/canvas-pj-aGbeH.js +0 -274
- package/dist/control-ui/assets/channel-config-extras-sj_UXv9J.js +0 -2
- package/dist/control-ui/assets/channels-BelCW9hw.js +0 -198
- package/dist/control-ui/assets/contacts-B-2gb_ua.js +0 -49
- package/dist/control-ui/assets/cron-B6-26cyp.js +0 -250
- package/dist/control-ui/assets/de-DOykxjSu.js +0 -2
- package/dist/control-ui/assets/debug-B5MO5d0M.js +0 -94
- package/dist/control-ui/assets/es-BTwWEPGm.js +0 -2
- package/dist/control-ui/assets/fr-DVRwR98L.js +0 -2
- package/dist/control-ui/assets/i18n-BPOQLrbx.js +0 -3
- package/dist/control-ui/assets/id-BSBAUAzK.js +0 -2
- package/dist/control-ui/assets/index-CmdvEIGH.js +0 -5981
- package/dist/control-ui/assets/instances-uygO1ZKq.js +0 -57
- package/dist/control-ui/assets/ja-JP-BiD5eOfG.js +0 -2
- package/dist/control-ui/assets/ko-BNgLBJdW.js +0 -2
- package/dist/control-ui/assets/logs-GdE34D7D.js +0 -74
- package/dist/control-ui/assets/mcp-472P8M4F.js +0 -380
- package/dist/control-ui/assets/memory-Dvp5YUvN.js +0 -50
- package/dist/control-ui/assets/memory-graph-B27rN_e7.js +0 -30
- package/dist/control-ui/assets/models-C88CYx1F.js +0 -86
- package/dist/control-ui/assets/nodes-CUXTunGj.js +0 -654
- package/dist/control-ui/assets/pl-DrVcqC4t.js +0 -2
- package/dist/control-ui/assets/plugins-D3upvVMU.js +0 -259
- package/dist/control-ui/assets/presenter-DSvbCagf.js +0 -2
- package/dist/control-ui/assets/pt-BR-BXlBG1WX.js +0 -2
- package/dist/control-ui/assets/sessions-BzVDlJpI.js +0 -56
- package/dist/control-ui/assets/skills-DQD9wvlO.js +0 -294
- package/dist/control-ui/assets/skills-shared-B-3kgWg3.js +0 -11
- package/dist/control-ui/assets/th-DjtYmyBR.js +0 -2
- package/dist/control-ui/assets/tr-I0LYx0Ew.js +0 -2
- package/dist/control-ui/assets/uk-xilwRRzQ.js +0 -2
- package/dist/control-ui/assets/wallet-DWa9gqqg.js +0 -302
- package/dist/control-ui/assets/zh-CN-DHz_bYy_.js +0 -2
- package/dist/control-ui/assets/zh-TW-LvBbVYeU.js +0 -2
- package/dist/control-ui-Djt0XDNa.js +0 -1043
- package/dist/conversation-id-BTqKksIo.js +0 -38
- package/dist/conversation-id-DzarUmXD.js +0 -235
- package/dist/conversation-runtime-DbbmwXgr.js +0 -31
- package/dist/core-CYiHLgHk.js +0 -275
- package/dist/create-DN7NWqCZ.js +0 -80
- package/dist/cron-cli-Dyd_7f_N.js +0 -713
- package/dist/daemon-cli-DT5GXTxV.js +0 -12
- package/dist/dashboard-BtYlqUpN.js +0 -2
- package/dist/dashboard-DwroM17M.js +0 -81
- package/dist/delegate-CBLxnP3N.js +0 -64
- package/dist/deliver-BedUVIQP.js +0 -747
- package/dist/deliver-DPvG5Qo8.js +0 -3
- package/dist/deliver-runtime-DZlx42y2.js +0 -2
- package/dist/delivery-outbound.runtime-Dyo6zcqN.js +0 -6
- package/dist/delivery.runtime-CmuJYXg1.js +0 -253
- package/dist/detached-task-runtime-DWSrAiuI.js +0 -73
- package/dist/devices-cli-CrGc8ckS.js +0 -498
- package/dist/diagnostics-CzNM2oo3.js +0 -154
- package/dist/direct-dm-Cy7dY7RF.js +0 -64
- package/dist/directive-handling.fast-lane-Vuy-nG2-.js +0 -66
- package/dist/directive-handling.impl-DrE_GeZR.js +0 -2
- package/dist/directive-handling.impl-KH2zUp6M.js +0 -703
- package/dist/directive-handling.model-selection-BiW8QHW-.js +0 -114
- package/dist/directive-handling.persist.runtime-VLCtMqO5.js +0 -215
- package/dist/directory-cli-DQRcL8xw.js +0 -240
- package/dist/dispatch-Dew5dCZ_.js +0 -1131
- package/dist/dispatch-acp-CvCVNtsu.js +0 -981
- package/dist/dispatch-acp-manager.runtime-DBTAUi2i.js +0 -3
- package/dist/dispatch-acp-media.runtime-Bq9nReBk.js +0 -4
- package/dist/dispatch-acp-session.runtime-CKts6zqY.js +0 -2
- package/dist/dispatch-acp.runtime-Cw1tjQKP.js +0 -19
- package/dist/doctor-config-flow-C1S8B_sg.js +0 -420
- package/dist/doctor-config-preflight-DH_iBFHQ.js +0 -2
- package/dist/doctor-config-preflight-nRntMTIC.js +0 -63
- package/dist/doctor-device-pairing-C9OfTAUh.js +0 -307
- package/dist/doctor-gateway-daemon-flow-CS1gl0S3.js +0 -250
- package/dist/doctor-gateway-health-DzKV435y.js +0 -63
- package/dist/doctor-health-DNiEej9S.js +0 -59
- package/dist/doctor-health-contributions-BxgcjAL5.js +0 -493
- package/dist/doctor-prompter-T7JdMaQG.js +0 -56
- package/dist/doctor-sandbox-C9h2a5Uu.js +0 -194
- package/dist/doctor-state-migrations-BPuF54_Y.js +0 -2
- package/dist/doctor-workspace-status-C3jLUkHt.js +0 -75
- package/dist/dreaming-CiOm27X0.js +0 -1582
- package/dist/dreaming-narrative-C8m64g44.js +0 -596
- package/dist/embedded-gateway-stub.runtime-Di2s5bLl.js +0 -9
- package/dist/embedding-provider-QRMp19Ph.js +0 -118
- package/dist/embeddings-Cwg0dHC_.js +0 -215
- package/dist/embeddings-http-DbBwgwsH.js +0 -205
- package/dist/exec-approval-forwarder.runtime-BNGZQkhU.js +0 -3
- package/dist/exec-approvals-cli-DiBWd6eL.js +0 -498
- package/dist/exec-defaults-B5NE8OtM.js +0 -2
- package/dist/exec-defaults-Dy3ej-Rk.js +0 -67
- package/dist/execute.runtime-cy0XQXc7.js +0 -1359
- package/dist/fallbacks-Bjq0H75u.js +0 -31
- package/dist/fallbacks-C3dys5Ff.js +0 -2
- package/dist/fallbacks-shared-4iQjz5v5.js +0 -111
- package/dist/gateway-BxIfReRV.js +0 -115
- package/dist/gateway-cli-Czx2Ub57.js +0 -1283
- package/dist/gateway-rpc-CdXoDE6_.js +0 -14
- package/dist/gateway-rpc.runtime-DXFVTu-I.js +0 -23
- package/dist/gateway-runtime-DoElJuBU.js +0 -15
- package/dist/gateway-status-DtdmlnK6.js +0 -584
- package/dist/genesis-tools-vU91jnMS.js +0 -9435
- package/dist/genesis-tools.runtime-Dfpi37K0.js +0 -2
- package/dist/get-reply-DTtxw9Xp.js +0 -3946
- package/dist/get-reply-from-config.runtime-CB9EeF1Q.js +0 -2
- package/dist/gmail-watcher-lifecycle-JbKGb-1A.js +0 -2
- package/dist/graph-users-CoF5XRS_.js +0 -1337
- package/dist/health-CLRWQEVB.js +0 -3
- package/dist/health-DvTtpVIw.js +0 -420
- package/dist/health-route-8H3Sy8RI.js +0 -41
- package/dist/health-route-CHLAMCYm.js +0 -2
- package/dist/hooks-cli-D2AeKlrf.js +0 -433
- package/dist/http-endpoint-helpers-CG3AcjuK.js +0 -41
- package/dist/http-utils-L02eBAVo.js +0 -924
- package/dist/image-fallbacks-Cy-kcJR5.js +0 -2
- package/dist/image-fallbacks-DoQoUiR7.js +0 -31
- package/dist/image-generation-core-CEg4KACr.js +0 -18
- package/dist/image-generation-provider-B4tW_Kj3.js +0 -274
- package/dist/image-generation-provider-B72nmoos.js +0 -157
- package/dist/image-generation-provider-D9v0PADz.js +0 -63
- package/dist/image-generation-provider-DLYGDzST.js +0 -228
- package/dist/image-generation-provider-DYu8ZWBs.js +0 -529
- package/dist/image-generation-provider-jp6l2Jls.js +0 -95
- package/dist/image-generation-provider-qr08iqKe.js +0 -137
- package/dist/image-runtime-DRQcRKzy.js +0 -9
- package/dist/inbound-reply-dispatch-jQhsUF0f.js +0 -73
- package/dist/inbound.runtime-CCnJwfdz.js +0 -3
- package/dist/inbound.runtime-DwsGti2x.js +0 -4
- package/dist/infra-runtime-DwRkDuXF.js +0 -38
- package/dist/init-DwpSUAfi.js +0 -59
- package/dist/install-DwDt01Fk.js +0 -726
- package/dist/install-security-scan-Cq0N2AQi.js +0 -26
- package/dist/install-security-scan.runtime-DWlSCQbQ.js +0 -671
- package/dist/install.runtime-CWnOXdy4.js +0 -27
- package/dist/install.runtime-DPA5lA9o.js +0 -12
- package/dist/jobs-D9IyaUDB.js +0 -729
- package/dist/library-mAKEzoAM.js +0 -45
- package/dist/lifecycle-BUTglQLK.js +0 -229
- package/dist/lifecycle-Csd_mbv2.js +0 -571
- package/dist/lifecycle.runtime-1wfzPGwQ.js +0 -2
- package/dist/list-5rTtE3qu.js +0 -2
- package/dist/list-BCYNIOw6.js +0 -2
- package/dist/list-DyQGXU4h.js +0 -1212
- package/dist/list-DzN4dO0z.js +0 -131
- package/dist/list.probe-BQZZbfvC.js +0 -419
- package/dist/live-model-switch-DqJLIA4J.js +0 -336
- package/dist/llm-slug-generator-BWH-YxyP.js +0 -79
- package/dist/load-config-CISXosI1.js +0 -35
- package/dist/loader-DlmWqYuM.js +0 -222
- package/dist/local-dispatch.runtime-BdXedbsx.js +0 -8
- package/dist/login-DX18Qaag.js +0 -108
- package/dist/logs-cli-YcX3NrQk.js +0 -265
- package/dist/logs-cli.runtime-4RNOEP9S.js +0 -2
- package/dist/main-session-restart-recovery-DxOWdFCG.js +0 -206
- package/dist/managed-image-attachments-BjnlRyZi.js +0 -2
- package/dist/managed-image-attachments-CgE1Q1Bu.js +0 -635
- package/dist/manager-CvrwzOap.js +0 -2
- package/dist/manager-DIyzKDRT.js +0 -2057
- package/dist/markdown-to-line-BzCikJ_W.js +0 -790
- package/dist/mcp-cli-HFkNRDTk.js +0 -725
- package/dist/mcp-http-BpymCnig.js +0 -529
- package/dist/media-runtime-awxrKlof.js +0 -329
- package/dist/media-understanding-CYk-TBlo.js +0 -85
- package/dist/media-understanding-provider-BFl9PvK0.js +0 -18
- package/dist/media-understanding-provider-BbHedlHI.js +0 -69
- package/dist/media-understanding-provider-C4hkphxA.js +0 -28
- package/dist/media-understanding-provider-CIJApc3Q.js +0 -85
- package/dist/media-understanding-provider-CMRfrvoW.js +0 -37
- package/dist/media-understanding-provider-D8MwbDYK.js +0 -12
- package/dist/media-understanding-provider-DPZ3M0zL.js +0 -21
- package/dist/media-understanding-provider-DnFHplle.js +0 -13
- package/dist/media-understanding-provider-O3o8RDTO.js +0 -12
- package/dist/media-understanding-provider-WmKhdAeP.js +0 -18
- package/dist/media-understanding-runtime-DiWkY8O9.js +0 -2
- package/dist/memory-core-host-runtime-cli-D1OEhnrF.js +0 -9
- package/dist/memory-embedding-adapter-Ll4TtjDC.js +0 -123
- package/dist/memory-host-search-BzpJFHpD.js +0 -12
- package/dist/message-action-runner-CMY-upve.js +0 -1407
- package/dist/message-action-runner-DySHa6EF.js +0 -2
- package/dist/message-actions-B9LTXVEy.js +0 -143
- package/dist/message-kmB-ZdwF.js +0 -232
- package/dist/message.gateway.runtime-CKp6wO2c.js +0 -2
- package/dist/method-scopes-D_AZ7OsK.js +0 -235
- package/dist/model-picker-D20JpfyM.js +0 -559
- package/dist/model-picker-Dpin9dw4.js +0 -3
- package/dist/model-picker.runtime-B19j-xJa.js +0 -15
- package/dist/model-selection-BDK7dEju.js +0 -212
- package/dist/models-auth-status-CWD5blQY.js +0 -217
- package/dist/models-cli-qKl_DDX9.js +0 -271
- package/dist/models-http-DruY6N81.js +0 -92
- package/dist/models.fetch-2geG13AQ.js +0 -518
- package/dist/monitor-Ba7ejkS8.js +0 -671
- package/dist/monitor-BaVaWrC7.js +0 -2
- package/dist/monitor-C35OWSe9.js +0 -1661
- package/dist/monitor-Cl9di7UV.js +0 -788
- package/dist/monitor-CyNHlr3x.js +0 -1237
- package/dist/monitor-DfSNLX9p.js +0 -1459
- package/dist/monitor-auth-Bar1iwPD.js +0 -207
- package/dist/monitor-processing-DOC1o7D2.js +0 -1974
- package/dist/monitor.runtime-CzFqZGY2.js +0 -2
- package/dist/monitor.webhook-Bim0zewE.js +0 -180
- package/dist/msteams-BqQ_sRgm.js +0 -35
- package/dist/music-generation-provider-Bac-UFIO.js +0 -63
- package/dist/music-generation-provider-fPGrO1gg.js +0 -170
- package/dist/native-hook-relay-CiXmqOtV.js +0 -519
- package/dist/nextcloud-talk-ByistOQj.js +0 -17
- package/dist/node-cli-BWtbe5nd.js +0 -2276
- package/dist/nodes-cli-DuzsL0Gb.js +0 -1046
- package/dist/nodes-utils-oVtp9rVI.js +0 -84
- package/dist/nodes.helpers-DJ1lCjQx.js +0 -34
- package/dist/notify-Xz011HiU.js +0 -315
- package/dist/oauth-B9WR0gWL.js +0 -75
- package/dist/oauth-BpJKd6mz.js +0 -2
- package/dist/oauth-BqiriUcs.js +0 -139
- package/dist/oauth-Dl3zSXWU.js +0 -152
- package/dist/oauth.flow-CIweZ0Wo.js +0 -45
- package/dist/oauth.flow-YT9WcJAP.js +0 -3
- package/dist/onboard-CJcg9WIT.js +0 -2
- package/dist/onboard-DrfmoxpG.js +0 -316
- package/dist/onboard-SSBg2BsM.js +0 -70
- package/dist/onboard-channels-B-jq5k4w.js +0 -2
- package/dist/onboard-channels-Dg4UVNnl.js +0 -3
- package/dist/onboard-custom-DDY7T8Mb.js +0 -3
- package/dist/onboard-custom-buJ3Vz5C.js +0 -271
- package/dist/onboard-helpers-D-z22ggH.js +0 -204
- package/dist/onboard-helpers-DU-hRKeY.js +0 -6
- package/dist/onboard-interactive-C8tFz_EJ.js +0 -24
- package/dist/onboard-non-interactive-ZnR63QNa.js +0 -635
- package/dist/onboard-remote-B6KxBZY_.js +0 -193
- package/dist/onboard-remote-BrblbI6u.js +0 -2
- package/dist/onboard-skills-BaEg-lmj.js +0 -2
- package/dist/onboard-skills-BuFtX13Z.js +0 -134
- package/dist/onboarding-plugin-install-CNIcGqAI.js +0 -406
- package/dist/openai-codex-provider-6aTYk3jp.js +0 -472
- package/dist/openai-http-Wkidi3o4.js +0 -500
- package/dist/openai-provider-w1PV_KGr.js +0 -313
- package/dist/opencode-SEOw9RYv.js +0 -35
- package/dist/openresponses-http-BkPjGHMn.js +0 -1128
- package/dist/operator-approvals-client-xj8FFWPH.js +0 -68
- package/dist/outbound-runtime-D7qdGq1B.js +0 -5
- package/dist/outbound.runtime-riknu3Rg.js +0 -2
- package/dist/pair-command-approve-CRig33Ea.js +0 -44
- package/dist/persistent-bindings.lifecycle-BhVLGVlI.js +0 -2
- package/dist/persistent-bindings.lifecycle-CVWzaSA9.js +0 -85
- package/dist/pi-bundle-mcp-runtime-CEwlOt28.js +0 -2
- package/dist/pi-bundle-mcp-runtime-DS32_bKh.js +0 -829
- package/dist/pi-bundle-mcp-tools-MVePSeQp.js +0 -108
- package/dist/pi-embedded-Dh5naw-j.js +0 -4
- package/dist/pi-embedded-S0ld6lbd.js +0 -2905
- package/dist/pi-embedded-subscribe.handlers.compaction.runtime-61zYwcVi.js +0 -23
- package/dist/pi-embedded.runtime-BeWYEwSt.js +0 -4
- package/dist/pi-tool-definition-adapter-MgnP-0c4.js +0 -229
- package/dist/pi-tools-DyVcSRei.js +0 -1118
- package/dist/pi-tools.before-tool-call-BZ1PLh46.js +0 -433
- package/dist/pi-tools.before-tool-call-DSgr_Sjd.js +0 -2
- package/dist/plugin-DoXrlTHe.js +0 -12195
- package/dist/plugin-enabled-CCAWKL0j.js +0 -140
- package/dist/plugin-install-D9RUigrW.js +0 -2
- package/dist/plugin-install-DRc2KTWx.js +0 -115
- package/dist/plugin-install-config-policy-CtKZaMAw.js +0 -137
- package/dist/plugin-install-plan-BeNfwB5V.js +0 -50
- package/dist/plugin-registration-COZcclAr.js +0 -23
- package/dist/plugin-service-Cu_nlZmO.js +0 -2893
- package/dist/plugins-cli-qkT7VGd9.js +0 -584
- package/dist/plugins-command-helpers-DvRgKfV0.js +0 -107
- package/dist/plugins-install-persist-CZWXaz5s.js +0 -133
- package/dist/plugins-update-command-qKTcfS44.js +0 -1057
- package/dist/policy-CxwHwL56.js +0 -328
- package/dist/prepare.runtime-BhO3ot9P.js +0 -807
- package/dist/probe-4IiQQG_7.js +0 -2
- package/dist/probe-89jd9VHi.js +0 -1443
- package/dist/probe-B2Uw_PN-.js +0 -2205
- package/dist/probe-B4ekJ-Xv.js +0 -74
- package/dist/probe-B9hiEFIU.js +0 -2
- package/dist/probe-CDrkDwhe.js +0 -240
- package/dist/probe-Ct62B_e4.js +0 -45
- package/dist/probe-pLHVFHK6.js +0 -243
- package/dist/program-HFwaDGDa.js +0 -111
- package/dist/prompt-select-styled-BL_pKMTB.js +0 -20
- package/dist/protocol-C9LrRIRp.js +0 -2515
- package/dist/provider-D4RPFEas.js +0 -70
- package/dist/provider-api-key-auth-DxE3Ubaz.js +0 -131
- package/dist/provider-auth-94YJgYBI.js +0 -46
- package/dist/provider-auth-api-key-D9d3vpbu.js +0 -5
- package/dist/provider-auth-choice-C1kxCG8d.js +0 -228
- package/dist/provider-auth-login-DSy_0CmF.js +0 -8
- package/dist/provider-dispatcher-C81eCA-H.js +0 -22
- package/dist/provider-dispatcher-puinwYaq.js +0 -2
- package/dist/provider-entry-CR0Z4V2Y.js +0 -106
- package/dist/provider-model-defaults-CY1F7Q3c.js +0 -6
- package/dist/provider-registration-C3cLloFb.js +0 -37
- package/dist/provider-registration-CU67AJCU.js +0 -218
- package/dist/qr-cli-BdX_FFlu.js +0 -349
- package/dist/qr-cli-C5253ud8.js +0 -2
- package/dist/qr-image-BQnl-2Hz.js +0 -2
- package/dist/queue-IehGWtWc.js +0 -409
- package/dist/reaction-runtime-api-95Ou_vSC.js +0 -116
- package/dist/reactions-DZizt8LI.js +0 -998
- package/dist/read-capability-w1W5sKua.js +0 -412
- package/dist/register-service-commands-DMNQ-id4.js +0 -71
- package/dist/register.agent-CQOBdXob.js +0 -248
- package/dist/register.configure-C8yC_SYa.js +0 -15
- package/dist/register.maintenance-CSIY47OO.js +0 -363
- package/dist/register.message-g5yjxPxU.js +0 -329
- package/dist/register.onboard-U3SrMpHb.js +0 -88
- package/dist/register.runtime-BMuRf7KD.js +0 -81
- package/dist/register.setup-DOBsdUvr.js +0 -150
- package/dist/register.status-health-sessions-p_3FnJtp.js +0 -1215
- package/dist/register.subclis-CNkq2TdW.js +0 -29
- package/dist/register.subclis-P3ru4E6I.js +0 -3
- package/dist/register.subclis-core-D5N5ewgp.js +0 -249
- package/dist/reply-dispatch-runtime-B8TMhGSo.js +0 -13
- package/dist/reply-media-paths.runtime-Bv-VQY1O.js +0 -2
- package/dist/reply-media-paths.runtime-qZYIzFEg.js +0 -146
- package/dist/reply-runtime-Ba_5YKEX.js +0 -10
- package/dist/reply.runtime-CvlE6uYh.js +0 -2
- package/dist/resolve-DxTN302S.js +0 -259
- package/dist/response-generator-Be1_-xjF.js +0 -175
- package/dist/restart-health-CV-Nm1lw.js +0 -202
- package/dist/restart-health-DywY1594.js +0 -2
- package/dist/root-help-oR4nv8N9.js +0 -44
- package/dist/route-reply-Dn9zmIdM.js +0 -162
- package/dist/route-reply.runtime-DkwtG2qY.js +0 -2
- package/dist/routes-ClkLAuU2.js +0 -3341
- package/dist/routes-cv4VrQu1.js +0 -2
- package/dist/rpc-05cw0vNh.js +0 -61
- package/dist/rpc.runtime-DhFlfCMB.js +0 -21
- package/dist/run-auth-profile.runtime-Bflh0AxI.js +0 -2
- package/dist/run-delivery.runtime-B_9TxqQA.js +0 -530
- package/dist/run-embedded.runtime-V68HvJT8.js +0 -4
- package/dist/run-execution-cli.runtime-9NpwQ1uu.js +0 -4
- package/dist/run-executor.runtime-CX2Emb4e.js +0 -277
- package/dist/run-main-xnrI4i-W.js +0 -567
- package/dist/run-subagent-registry.runtime-CEgCR8-w.js +0 -2
- package/dist/run-wait-By6jGhn0.js +0 -135
- package/dist/runner-Vhfg_kYp.js +0 -966
- package/dist/runner.entries-DWptWo_Q.js +0 -604
- package/dist/runtime-COXB-OZq.js +0 -263
- package/dist/runtime-Cfcvlsp1.js +0 -2
- package/dist/runtime-D0MD5Uyv.js +0 -9
- package/dist/runtime-D2DhV36f.js +0 -961
- package/dist/runtime-D9CBb5Na.js +0 -72
- package/dist/runtime-api-C_o5iE1W.js +0 -9
- package/dist/runtime-api-Cws6dHRG.js +0 -14
- package/dist/runtime-api-D8EKRzzw.js +0 -4
- package/dist/runtime-api-DUw04nys.js +0 -9
- package/dist/runtime-embedded-pi.runtime-Ckdld_Ij.js +0 -2
- package/dist/runtime-entry-BaLt5V4d.js +0 -2769
- package/dist/runtime-internal-Dga3dvsC.js +0 -2
- package/dist/runtime-l0B7QFL3.js +0 -116
- package/dist/runtime-options-DwYzxb7U.js +0 -275
- package/dist/runtime-prepare.runtime-D6bMmoTn.js +0 -80
- package/dist/runtime-schema-BDGFtL0_.js +0 -28599
- package/dist/runtime-web-tools-DlattYEh.js +0 -1477
- package/dist/sandbox-B0HW_QP3.js +0 -1156
- package/dist/sandbox-D2w77M7D.js +0 -3
- package/dist/sandbox-cli-DhrLokzO.js +0 -450
- package/dist/scan-BWFQXm24.js +0 -523
- package/dist/scan-CrfOpA-h.js +0 -2
- package/dist/secrets-cli-TxHWzJzS.js +0 -2101
- package/dist/security-cli-DIvsGk3X.js +0 -486
- package/dist/selection-CHTqBz4F.js +0 -2
- package/dist/selection-D_K-9r-x.js +0 -7743
- package/dist/send-DE7hu875.js +0 -156
- package/dist/send-TkldUWcX.js +0 -102
- package/dist/send.runtime-CZI1JWw8.js +0 -2
- package/dist/server-B8xhfNfn.js +0 -77
- package/dist/server-Cz40q0g2.js +0 -13
- package/dist/server-context-B7rWJ2gB.js +0 -847
- package/dist/server-context-yutVechl.js +0 -2
- package/dist/server-node-events-VPwgJoKG.js +0 -474
- package/dist/server-plugin-bootstrap-Dy78XA3J.js +0 -2
- package/dist/server-plugin-bootstrap-N59qJvH4.js +0 -13355
- package/dist/server-restart-sentinel-Zjl16hJh.js +0 -684
- package/dist/server.impl-DpFPnl5_.js +0 -12798
- package/dist/session-DQK4G2N-.js +0 -48
- package/dist/session-envelope-uG-4XV0X.js +0 -18
- package/dist/session-key-CTestOWs.js +0 -65
- package/dist/session-kill-http-o34Xk0D1.js +0 -110
- package/dist/session-meta-B_6JKgd3.js +0 -109
- package/dist/session-override-BJXIc7UA.js +0 -106
- package/dist/session-reset-model.runtime-DFT-FJW1.js +0 -133
- package/dist/session-reset-service-C0ScpWIE.js +0 -497
- package/dist/session-route-UusYWQ_M.js +0 -93
- package/dist/session-status.runtime-DJV2WJZM.js +0 -2
- package/dist/session-store-COzyfYG2.js +0 -126
- package/dist/session-store.runtime-CQHXgM_Z.js +0 -2
- package/dist/session-subagent-reactivation.runtime-yyMT_MgO.js +0 -2
- package/dist/session-tab-registry-Bkd33PY1.js +0 -581
- package/dist/session-updates-Dl4GafMW.js +0 -236
- package/dist/session-updates.runtime-bHYRFXxm.js +0 -2
- package/dist/session-utils-Dkaj_4dZ.js +0 -1009
- package/dist/session-visibility-BOYOn-Gu.js +0 -147
- package/dist/sessions-D3eFfsPH.js +0 -281
- package/dist/sessions-DAup1AeE.js +0 -16
- package/dist/sessions-helpers-DlsDzSXL.js +0 -305
- package/dist/sessions-history-http--8biogY1.js +0 -371
- package/dist/sessions-kO7Dit6B.js +0 -48
- package/dist/sessions-patch-BlUpBepz.js +0 -309
- package/dist/sessions-resolve-DPWviaDr.js +0 -174
- package/dist/sessions-uVaHa5mC.js +0 -2
- package/dist/sessions.runtime-CHJDx6Rg.js +0 -2
- package/dist/setup-COcb42YZ.js +0 -636
- package/dist/setup-DX-d8t6q.js +0 -421
- package/dist/setup-api-Ddfd033_.js +0 -29
- package/dist/setup-core-Bsasst9Y.js +0 -176
- package/dist/setup-core-CWmsLaJv.js +0 -171
- package/dist/setup-surface-CTZ5CnX4.js +0 -219
- package/dist/setup-surface-D2c6jlaM.js +0 -403
- package/dist/setup-surface-Dazv-gzK.js +0 -286
- package/dist/setup.finalize-DSSoTSsd.js +0 -547
- package/dist/setup.gateway-config-bJqXJA3E.js +0 -250
- package/dist/shared-C-DELFhh.js +0 -217
- package/dist/shared-DOOnkgfw.js +0 -198
- package/dist/shared-DfVOpp8r.js +0 -121
- package/dist/shared-nGZZHrFV.js +0 -76
- package/dist/shared-runtime-lVwJld87.js +0 -7
- package/dist/skill-commands-Crg6g_xc.js +0 -83
- package/dist/skill-commands.runtime-Dx9JZPVm.js +0 -2
- package/dist/skills-install-B1RJkjel.js +0 -605
- package/dist/skills-snapshot.runtime-1fnPk6SF.js +0 -7
- package/dist/slash-state-CwgTzmc8.js +0 -1911
- package/dist/speech-provider-BEjGmdRi.js +0 -170
- package/dist/speech-provider-DU0xib0M.js +0 -209
- package/dist/speech-provider-jexKB2Fl.js +0 -216
- package/dist/src-CbfkGwGz.js +0 -3974
- package/dist/stage-sandbox-media.runtime-BzOf-LsJ.js +0 -232
- package/dist/startup-context-acV-bzAJ.js +0 -312
- package/dist/state-migrations-DlUY4b3i.js +0 -820
- package/dist/status-0ozKjOYe.js +0 -190
- package/dist/status-BFMr1TH_.js +0 -395
- package/dist/status-C0tUFjWh.js +0 -2
- package/dist/status-DgyADd4G.js +0 -209
- package/dist/status-Dql1aIFE.js +0 -62
- package/dist/status-L2NtbOry.js +0 -3
- package/dist/status-all-DK98dFQa.js +0 -498
- package/dist/status-json-OEukc0cF.js +0 -14
- package/dist/status-json-command-BWv0zt8E.js +0 -82
- package/dist/status-message-DuKO-hzh.js +0 -466
- package/dist/status-message.runtime-BnLXbVHh.js +0 -6
- package/dist/status-queue.runtime-DXdIwJaQ.js +0 -2
- package/dist/status-runtime-shared-DBMTXWTZ.js +0 -241
- package/dist/status-subagents.runtime-VTEVgOJj.js +0 -18
- package/dist/status-text-Cx0Esdj6.js +0 -237
- package/dist/status-xjF4vxou.js +0 -2
- package/dist/status.gateway-connection.runtime-BT6XfoLV.js +0 -2
- package/dist/status.gather-CF5qlFAG.js +0 -292
- package/dist/status.gather-L0QGMaC4.js +0 -2
- package/dist/status.runtime-BwFzOfxj.js +0 -2
- package/dist/status.runtime-DYi_nOHT.js +0 -2
- package/dist/status.scan-CflamBc9.js +0 -65
- package/dist/status.scan-overview-pGpvYksm.js +0 -379
- package/dist/status.scan.fast-json-BbMvHncK.js +0 -132
- package/dist/status.scan.fast-json-D39u21tI.js +0 -2
- package/dist/status.summary-CKh5Legf.js +0 -2
- package/dist/status.summary-DVdS-4Fj.js +0 -200
- package/dist/store-DgajP9Em.js +0 -4
- package/dist/store-tuisxHpf.js +0 -910
- package/dist/store.runtime-Bw5wLKnD.js +0 -2
- package/dist/stream-CWqBQkS6.js +0 -664
- package/dist/subagent-announce-Df9ABEaq.js +0 -351
- package/dist/subagent-announce-delivery-B5xYlVwu.js +0 -726
- package/dist/subagent-announce-output-JQ-I1Kmk.js +0 -364
- package/dist/subagent-capabilities-DFXCYxt0.js +0 -251
- package/dist/subagent-control-CMaKDVuG.js +0 -506
- package/dist/subagent-control.runtime-CgBRjo3Q.js +0 -3
- package/dist/subagent-followup.runtime-Be2c3jkr.js +0 -68
- package/dist/subagent-orphan-recovery-B4jHKSis.js +0 -305
- package/dist/subagent-registry-CjLI6fcV.js +0 -3
- package/dist/subagent-registry-CruvknDh.js +0 -1753
- package/dist/subagent-spawn-C-9kmYik.js +0 -1005
- package/dist/supervisor-DaRbw4Gw.js +0 -704
- package/dist/system-cli-Cmv7YV3z.js +0 -43
- package/dist/targets-DGdlJYMl.js +0 -67
- package/dist/task-executor-DbusuL0w.js +0 -360
- package/dist/task-owner-access-DNC_BT5l.js +0 -74
- package/dist/task-registry-CKDRlfmp.js +0 -2357
- package/dist/task-registry-delivery-runtime-DX6tjuwQ.js +0 -3
- package/dist/task-registry-delivery-runtime-Ge4fS1Fa.js +0 -2
- package/dist/task-registry.maintenance-DhjCTf6L.js +0 -416
- package/dist/task-registry.maintenance-DyX6m_7s.js +0 -2
- package/dist/testing-BecnXPE0.js +0 -575
- package/dist/text-report-BW3t_i75.js +0 -549
- package/dist/tool-auth-shared-DWrecN7g.js +0 -90
- package/dist/tool-policy-pipeline-CA61tNc_.js +0 -109
- package/dist/tool-resolution-BRHtzc7Q.js +0 -90
- package/dist/tools-effective-inventory-CLJ3nPbB.js +0 -152
- package/dist/tools-invoke-http-DWbJzMo3.js +0 -206
- package/dist/transcript-CEK104A6.js +0 -312
- package/dist/transcript-resolve.runtime-D4I8B--1.js +0 -2
- package/dist/transcript.runtime-ClNMqLSP.js +0 -2
- package/dist/trash-CvOmDpdP.js +0 -24
- package/dist/tts-vEtIfdGN.js +0 -64
- package/dist/tui-cli-BuQzKTYR.js +0 -4585
- package/dist/uninstall-BQ_d8nQ4.js +0 -185
- package/dist/update-D8foEnSw.js +0 -1282
- package/dist/update-cli-DB-VQaie.js +0 -1759
- package/dist/update-startup-D-n1C8A0.js +0 -2
- package/dist/upgrade-DPhvhHXF.js +0 -1226
- package/dist/video-generation-provider-5v5lTL00.js +0 -287
- package/dist/video-generation-provider-BGtbUYJd.js +0 -64
- package/dist/video-generation-provider-BlOdvaLh.js +0 -118
- package/dist/video-generation-provider-CR_fRJ8m.js +0 -187
- package/dist/video-generation-provider-CVUs00hp.js +0 -264
- package/dist/video-generation-provider-CtstiCCO.js +0 -271
- package/dist/video-generation-provider-DDQjPRYO.js +0 -254
- package/dist/video-generation-provider-DLy7AvTJ.js +0 -281
- package/dist/video-generation-provider-DNnNMvS9.js +0 -221
- package/dist/video-generation-provider-vzf0PQXj2.js +0 -77
- package/dist/video-generation-provider-zINiw3aL.js +0 -78
- package/dist/video-generation-task-status-DWUrjc4T.js +0 -163
- package/dist/wait-for-idle-before-flush-BBwcUWtb.js +0 -5985
- package/dist/web-search-provider-BkIzoc2Y.js +0 -163
- package/dist/wizard-models-B5HIywox.js +0 -334
- package/dist/workflow-runtime-tvBeQSK9.js +0 -485
- /package/dist/{audit-channel.collect.runtime-BAKyzn52.js → audit-channel.collect.runtime-CevlIQ6K.js} +0 -0
- /package/dist/{audit-tool-policy-Ftr0W8Wl.js → audit-tool-policy-DTodxIZf.js} +0 -0
- /package/dist/{channel-selection.runtime-CsQ0qN21.js → channel-selection.runtime-DAkF_DgO.js} +0 -0
- /package/dist/{close-reason-DNwBM4qe.js → close-reason-BPuKI4th.js} +0 -0
- /package/dist/{configured-B8XGIYz-.js → configured-C-0r4Pk2.js} +0 -0
- /package/dist/{diagnostic-support-export-CuIJulCK.js → diagnostic-support-export-C8cpJRWi.js} +0 -0
- /package/dist/{gmail-watcher-lifecycle-BoWMgpeT.js → gmail-watcher-lifecycle-DrTbIr0m.js} +0 -0
- /package/dist/{image-BwAofy0f.js → image-LNALiqnF.js} +0 -0
- /package/dist/{image-generation-core.auth.runtime-B6BpHP6V.js → image-generation-core.auth.runtime-hzZbX1YD.js} +0 -0
- /package/dist/{input-allowlist-zDKNs6OG.js → input-allowlist-Bn8hssyM.js} +0 -0
- /package/dist/{install-target-FXMkL80i.js → install-target-C0Dg_4Un.js} +0 -0
- /package/dist/{memory-host-search.runtime-Vfck_NLf.js → memory-host-search.runtime-CAejVWZB.js} +0 -0
- /package/dist/{message.config.runtime-Df8nVSE4.js → message.config.runtime-CAG3eLmF.js} +0 -0
- /package/dist/{paths-BdDCK0XP.js → paths-BrPnd-v6.js} +0 -0
- /package/dist/{provider-api-key-auth.runtime-fT4D2dQt.js → provider-api-key-auth.runtime-YLpiRoM3.js} +0 -0
- /package/dist/{provider-auth-login.runtime-EnfK3WTr.js → provider-auth-login.runtime-BwDEPbY4.js} +0 -0
- /package/dist/{push-apns-DoMbCgqq.js → push-apns-UUwkJMxt.js} +0 -0
- /package/dist/{runtime-manifest.runtime-CuqWbJ5G.js → runtime-manifest.runtime-D8BuqQCR.js} +0 -0
- /package/dist/{runtime-web-channel-plugin-ChmPPl7a.js → runtime-web-channel-plugin-Dx1GGPSD.js} +0 -0
- /package/dist/{runtime-web-tools-fallback.runtime-B3fmu7s0.js → runtime-web-tools-fallback.runtime-_nNCUNAT.js} +0 -0
- /package/dist/{runtime-web-tools-manifest.runtime-CpiYM000.js → runtime-web-tools-manifest.runtime-BaeloEzn.js} +0 -0
- /package/dist/{runtime-web-tools-public-artifacts.runtime-BBNdsUv5.js → runtime-web-tools-public-artifacts.runtime-DOdl6CAd.js} +0 -0
- /package/dist/{server-startup-log-DXJn1EgH.js → server-startup-log-BUk3dEm6.js} +0 -0
- /package/dist/{server-startup-memory-C4d9ImgC.js → server-startup-memory-C3gdaomJ.js} +0 -0
- /package/dist/{server-tailscale-DeNCXYBr.js → server-tailscale-C0DsqL5N.js} +0 -0
- /package/dist/{services-m8_503l9.js → services-CiBabvAX.js} +0 -0
- /package/dist/{session-archive.runtime-DDhx1bOA.js → session-archive.runtime-BIqBKdzI.js} +0 -0
- /package/dist/{setup.node-config-BXET5GZk.js → setup.node-config-BlJDbu4T.js} +0 -0
- /package/dist/{setup.plugin-config-CgBJMtZ8.js → setup.plugin-config-CCP7nrfy.js} +0 -0
- /package/dist/{skill-scanner-cEm04-3B.js → skill-scanner-DnqZE6Fh.js} +0 -0
- /package/dist/{ssh-config-BfxhRhPu.js → ssh-config-wfp8-I37.js} +0 -0
- /package/dist/{supervisor-log.runtime-BdagMpUZ.js → supervisor-log.runtime-DYzbopV7.js} +0 -0
- /package/dist/{targets.runtime-BS4UWyk2.js → targets.runtime-1fn-rTlI.js} +0 -0
- /package/dist/{update-startup-D69inLEd.js → update-startup-DW61ftJW.js} +0 -0
|
@@ -1,2101 +0,0 @@
|
|
|
1
|
-
import { i as formatErrorMessage } from "./errors-CufR9eHH.js";
|
|
2
|
-
import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, d as normalizeStringifiedOptionalString, s as normalizeOptionalLowercaseString } from "./string-coerce-DPP_aYVc.js";
|
|
3
|
-
import { f as resolveConfigDir, l as isRecord, m as resolveUserPath } from "./utils-CWrkFsp0.js";
|
|
4
|
-
import { n as defaultRuntime } from "./runtime-DDkDH9fa.js";
|
|
5
|
-
import { t as formatDocsLink } from "./links-C1-jbHJx.js";
|
|
6
|
-
import { r as theme } from "./theme-DD6pQv2_.js";
|
|
7
|
-
import { _ as resolveStateDir } from "./paths-Bv2rGpO9.js";
|
|
8
|
-
import { a as coerceSecretRef, p as resolveSecretInputRef } from "./types.secrets-BbgGt42I.js";
|
|
9
|
-
import { a as formatExecSecretRefIdValidationMessage, c as isValidSecretProviderAlias, l as resolveDefaultSecretProviderAlias, o as isValidExecSecretRefId, u as secretRefKey } from "./ref-contract-D_WmZ91C.js";
|
|
10
|
-
import { t as danger } from "./globals-wYf9_gv5.js";
|
|
11
|
-
import { t as runTasksWithConcurrency } from "./run-with-concurrency-BPqtfY7o.js";
|
|
12
|
-
import { a as parseEnvValue, i as parseDotPath, l as writeTextFileAtomic, n as isNonEmptyString, s as toDotPath } from "./shared-BdNvMmVL.js";
|
|
13
|
-
import { a as resolveSecretRefValue, o as resolveSecretRefValues, r as isProviderScopedSecretResolutionError } from "./resolve-DFimFdgC.js";
|
|
14
|
-
import { t as isSafeExecutableValue } from "./exec-safety-C4kppa_m.js";
|
|
15
|
-
import { w as SecretProviderSchema } from "./zod-schema.core-CoFhKG_K.js";
|
|
16
|
-
import { r as createConfigIO } from "./io-Cy5vajWd.js";
|
|
17
|
-
import { c as normalizeAgentId } from "./session-key-CI3KvTQC.js";
|
|
18
|
-
import { r as normalizeProviderId } from "./provider-id--dmcBtHB.js";
|
|
19
|
-
import { r as listKnownSecretEnvVarNames, t as getProviderEnvVars } from "./provider-env-vars-DDxo5bUJ.js";
|
|
20
|
-
import { _ as resolveAgentConfig, g as listAgentIds, x as resolveDefaultAgentId, y as resolveAgentDir } from "./agent-scope-BUYwVohk.js";
|
|
21
|
-
import { n as getPath, r as setPathCreateStrict, t as deletePathStrict } from "./path-utils-CJ35S4Ql.js";
|
|
22
|
-
import { a as listAuthProfileSecretTargetEntries, c as resolvePlanTargetAgainstRegistry, n as discoverConfigSecretTargets, t as discoverAuthProfileSecretTargets } from "./target-registry-BrTvhqBU.js";
|
|
23
|
-
import "./config-DYHZ3jG1.js";
|
|
24
|
-
import { l as resolveAuthStorePath } from "./source-check-Bgh7ZOgP.js";
|
|
25
|
-
import { c as loadAuthProfileStoreForSecretsRuntime, m as loadPersistedAuthProfileStore, p as coercePersistedAuthProfileStore } from "./store-DOYGPxaT.js";
|
|
26
|
-
import { f as isSecretRefHeaderValueMarker, u as isNonSecretApiKeyMarker } from "./model-auth-markers-BcKRdtpE.js";
|
|
27
|
-
import "./model-selection-D-mV4REq.js";
|
|
28
|
-
import "./auth-profiles-COE8qycx.js";
|
|
29
|
-
import { a as prepareSecretsRuntimeSnapshot } from "./runtime-COXB-OZq.js";
|
|
30
|
-
import { n as hasConfiguredPlaintextSecretValue, r as isExpectedResolvedSecretValue, t as assertExpectedResolvedSecretValue } from "./secret-value-B-Ge_gY8.js";
|
|
31
|
-
import { n as callGatewayFromCli, t as addGatewayClientOptions } from "./gateway-rpc-CdXoDE6_.js";
|
|
32
|
-
import fs from "node:fs";
|
|
33
|
-
import path from "node:path";
|
|
34
|
-
import os from "node:os";
|
|
35
|
-
import { isDeepStrictEqual } from "node:util";
|
|
36
|
-
import { confirm, select, text } from "@clack/prompts";
|
|
37
|
-
//#region src/secrets/auth-profiles-scan.ts
|
|
38
|
-
function getAuthProfileFieldName(pathPattern) {
|
|
39
|
-
const segments = pathPattern.split(".").filter(Boolean);
|
|
40
|
-
return segments[segments.length - 1] ?? "";
|
|
41
|
-
}
|
|
42
|
-
const AUTH_PROFILE_FIELD_SPEC_BY_TYPE = (() => {
|
|
43
|
-
const defaults = {
|
|
44
|
-
api_key: {
|
|
45
|
-
valueField: "key",
|
|
46
|
-
refField: "keyRef"
|
|
47
|
-
},
|
|
48
|
-
token: {
|
|
49
|
-
valueField: "token",
|
|
50
|
-
refField: "tokenRef"
|
|
51
|
-
}
|
|
52
|
-
};
|
|
53
|
-
for (const target of listAuthProfileSecretTargetEntries()) {
|
|
54
|
-
if (!target.authProfileType) continue;
|
|
55
|
-
defaults[target.authProfileType] = {
|
|
56
|
-
valueField: getAuthProfileFieldName(target.pathPattern),
|
|
57
|
-
refField: target.refPathPattern !== void 0 ? getAuthProfileFieldName(target.refPathPattern) : defaults[target.authProfileType].refField
|
|
58
|
-
};
|
|
59
|
-
}
|
|
60
|
-
return defaults;
|
|
61
|
-
})();
|
|
62
|
-
function getAuthProfileFieldSpec(type) {
|
|
63
|
-
return AUTH_PROFILE_FIELD_SPEC_BY_TYPE[type];
|
|
64
|
-
}
|
|
65
|
-
function toSecretCredentialVisit(params) {
|
|
66
|
-
const spec = getAuthProfileFieldSpec(params.kind);
|
|
67
|
-
return {
|
|
68
|
-
kind: params.kind,
|
|
69
|
-
profileId: params.profileId,
|
|
70
|
-
provider: params.provider,
|
|
71
|
-
profile: params.profile,
|
|
72
|
-
valueField: spec.valueField,
|
|
73
|
-
refField: spec.refField,
|
|
74
|
-
value: params.profile[spec.valueField],
|
|
75
|
-
refValue: params.profile[spec.refField]
|
|
76
|
-
};
|
|
77
|
-
}
|
|
78
|
-
function* iterateAuthProfileCredentials(profiles) {
|
|
79
|
-
for (const [profileId, value] of Object.entries(profiles)) {
|
|
80
|
-
if (!isRecord(value) || !isNonEmptyString(value.provider)) continue;
|
|
81
|
-
const provider = value.provider;
|
|
82
|
-
if (value.type === "api_key" || value.type === "token") {
|
|
83
|
-
yield toSecretCredentialVisit({
|
|
84
|
-
kind: value.type,
|
|
85
|
-
profileId,
|
|
86
|
-
provider,
|
|
87
|
-
profile: value
|
|
88
|
-
});
|
|
89
|
-
continue;
|
|
90
|
-
}
|
|
91
|
-
if (value.type === "oauth") yield {
|
|
92
|
-
kind: "oauth",
|
|
93
|
-
profileId,
|
|
94
|
-
provider,
|
|
95
|
-
profile: value,
|
|
96
|
-
hasAccess: isNonEmptyString(value.access),
|
|
97
|
-
hasRefresh: isNonEmptyString(value.refresh)
|
|
98
|
-
};
|
|
99
|
-
}
|
|
100
|
-
}
|
|
101
|
-
//#endregion
|
|
102
|
-
//#region src/secrets/config-io.ts
|
|
103
|
-
const silentConfigIoLogger = {
|
|
104
|
-
error: () => {},
|
|
105
|
-
warn: () => {}
|
|
106
|
-
};
|
|
107
|
-
function createSecretsConfigIO(params) {
|
|
108
|
-
return createConfigIO({
|
|
109
|
-
env: params.env,
|
|
110
|
-
logger: silentConfigIoLogger
|
|
111
|
-
});
|
|
112
|
-
}
|
|
113
|
-
//#endregion
|
|
114
|
-
//#region src/secrets/exec-resolution-policy.ts
|
|
115
|
-
function selectRefsForExecPolicy(params) {
|
|
116
|
-
const refsToResolve = [];
|
|
117
|
-
const skippedExecRefs = [];
|
|
118
|
-
for (const ref of params.refs) {
|
|
119
|
-
if (ref.source === "exec" && !params.allowExec) {
|
|
120
|
-
skippedExecRefs.push(ref);
|
|
121
|
-
continue;
|
|
122
|
-
}
|
|
123
|
-
refsToResolve.push(ref);
|
|
124
|
-
}
|
|
125
|
-
return {
|
|
126
|
-
refsToResolve,
|
|
127
|
-
skippedExecRefs
|
|
128
|
-
};
|
|
129
|
-
}
|
|
130
|
-
function getSkippedExecRefStaticError(params) {
|
|
131
|
-
const id = params.ref.id.trim();
|
|
132
|
-
const refLabel = `${params.ref.source}:${params.ref.provider}:${id}`;
|
|
133
|
-
if (!id) return "Error: Secret reference id is empty.";
|
|
134
|
-
if (!isValidExecSecretRefId(id)) return `Error: ${formatExecSecretRefIdValidationMessage()} (ref: ${refLabel}).`;
|
|
135
|
-
const providerConfig = params.config.secrets?.providers?.[params.ref.provider];
|
|
136
|
-
if (!providerConfig) return `Error: Secret provider "${params.ref.provider}" is not configured (ref: ${refLabel}).`;
|
|
137
|
-
if (providerConfig.source !== params.ref.source) return `Error: Secret provider "${params.ref.provider}" has source "${providerConfig.source}" but ref requests "${params.ref.source}".`;
|
|
138
|
-
return null;
|
|
139
|
-
}
|
|
140
|
-
//#endregion
|
|
141
|
-
//#region src/secrets/plan.ts
|
|
142
|
-
const FORBIDDEN_PATH_SEGMENTS = new Set([
|
|
143
|
-
"__proto__",
|
|
144
|
-
"prototype",
|
|
145
|
-
"constructor"
|
|
146
|
-
]);
|
|
147
|
-
function isObjectRecord(value) {
|
|
148
|
-
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
149
|
-
}
|
|
150
|
-
function isSecretProviderConfigShape(value) {
|
|
151
|
-
return SecretProviderSchema.safeParse(value).success;
|
|
152
|
-
}
|
|
153
|
-
function hasForbiddenPathSegment(segments) {
|
|
154
|
-
return segments.some((segment) => FORBIDDEN_PATH_SEGMENTS.has(segment));
|
|
155
|
-
}
|
|
156
|
-
function resolveValidatedPlanTarget(candidate) {
|
|
157
|
-
if (typeof candidate.type !== "string" || !candidate.type.trim()) return null;
|
|
158
|
-
const path = typeof candidate.path === "string" ? candidate.path.trim() : "";
|
|
159
|
-
if (!path) return null;
|
|
160
|
-
const segments = Array.isArray(candidate.pathSegments) && candidate.pathSegments.length > 0 ? candidate.pathSegments.map((segment) => segment.trim()).filter(Boolean) : parseDotPath(path);
|
|
161
|
-
if (segments.length === 0 || hasForbiddenPathSegment(segments) || path !== toDotPath(segments)) return null;
|
|
162
|
-
return resolvePlanTargetAgainstRegistry({
|
|
163
|
-
type: candidate.type,
|
|
164
|
-
pathSegments: segments,
|
|
165
|
-
providerId: candidate.providerId,
|
|
166
|
-
accountId: candidate.accountId
|
|
167
|
-
});
|
|
168
|
-
}
|
|
169
|
-
function isSecretsApplyPlan(value) {
|
|
170
|
-
if (!value || typeof value !== "object" || Array.isArray(value)) return false;
|
|
171
|
-
const typed = value;
|
|
172
|
-
if (typed.version !== 1 || typed.protocolVersion !== 1 || !Array.isArray(typed.targets)) return false;
|
|
173
|
-
for (const target of typed.targets) {
|
|
174
|
-
if (!target || typeof target !== "object") return false;
|
|
175
|
-
const candidate = target;
|
|
176
|
-
const ref = candidate.ref;
|
|
177
|
-
const resolved = resolveValidatedPlanTarget({
|
|
178
|
-
type: candidate.type,
|
|
179
|
-
path: candidate.path,
|
|
180
|
-
pathSegments: candidate.pathSegments,
|
|
181
|
-
agentId: candidate.agentId,
|
|
182
|
-
providerId: candidate.providerId,
|
|
183
|
-
accountId: candidate.accountId,
|
|
184
|
-
authProfileProvider: candidate.authProfileProvider
|
|
185
|
-
});
|
|
186
|
-
if (typeof candidate.path !== "string" || !candidate.path.trim() || candidate.pathSegments !== void 0 && !Array.isArray(candidate.pathSegments) || !resolved || !ref || typeof ref !== "object" || ref.source !== "env" && ref.source !== "file" && ref.source !== "exec" || typeof ref.provider !== "string" || ref.provider.trim().length === 0 || typeof ref.id !== "string" || ref.id.trim().length === 0 || ref.source === "exec" && !isValidExecSecretRefId(ref.id)) return false;
|
|
187
|
-
if (resolved.entry.configFile === "auth-profiles.json") {
|
|
188
|
-
if (typeof candidate.agentId !== "string" || candidate.agentId.trim().length === 0) return false;
|
|
189
|
-
if (candidate.authProfileProvider !== void 0 && (typeof candidate.authProfileProvider !== "string" || candidate.authProfileProvider.trim().length === 0)) return false;
|
|
190
|
-
}
|
|
191
|
-
}
|
|
192
|
-
if (typed.providerUpserts !== void 0) {
|
|
193
|
-
if (!isObjectRecord(typed.providerUpserts)) return false;
|
|
194
|
-
for (const [providerAlias, providerValue] of Object.entries(typed.providerUpserts)) {
|
|
195
|
-
if (!isValidSecretProviderAlias(providerAlias)) return false;
|
|
196
|
-
if (!isSecretProviderConfigShape(providerValue)) return false;
|
|
197
|
-
}
|
|
198
|
-
}
|
|
199
|
-
if (typed.providerDeletes !== void 0) {
|
|
200
|
-
if (!Array.isArray(typed.providerDeletes) || typed.providerDeletes.some((providerAlias) => typeof providerAlias !== "string" || !isValidSecretProviderAlias(providerAlias))) return false;
|
|
201
|
-
}
|
|
202
|
-
return true;
|
|
203
|
-
}
|
|
204
|
-
function normalizeSecretsPlanOptions(options) {
|
|
205
|
-
return {
|
|
206
|
-
scrubEnv: options?.scrubEnv ?? true,
|
|
207
|
-
scrubAuthProfilesForProviderTargets: options?.scrubAuthProfilesForProviderTargets ?? true,
|
|
208
|
-
scrubLegacyAuthJson: options?.scrubLegacyAuthJson ?? true
|
|
209
|
-
};
|
|
210
|
-
}
|
|
211
|
-
//#endregion
|
|
212
|
-
//#region src/secrets/auth-store-paths.ts
|
|
213
|
-
function listAuthProfileStorePaths$1(config, stateDir) {
|
|
214
|
-
const paths = /* @__PURE__ */ new Set();
|
|
215
|
-
paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
|
|
216
|
-
const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
|
|
217
|
-
if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
218
|
-
if (!entry.isDirectory()) continue;
|
|
219
|
-
paths.add(path.join(agentsRoot, entry.name, "agent", "auth-profiles.json"));
|
|
220
|
-
}
|
|
221
|
-
for (const agentId of listAgentIds(config)) {
|
|
222
|
-
if (agentId === "main") {
|
|
223
|
-
paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"));
|
|
224
|
-
continue;
|
|
225
|
-
}
|
|
226
|
-
const agentDir = resolveAgentDir(config, agentId);
|
|
227
|
-
paths.add(resolveUserPath(resolveAuthStorePath(agentDir)));
|
|
228
|
-
}
|
|
229
|
-
return [...paths];
|
|
230
|
-
}
|
|
231
|
-
//#endregion
|
|
232
|
-
//#region src/secrets/storage-scan.ts
|
|
233
|
-
function isJsonObject(value) {
|
|
234
|
-
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
235
|
-
}
|
|
236
|
-
function parseEnvAssignmentValue(raw) {
|
|
237
|
-
return parseEnvValue(raw);
|
|
238
|
-
}
|
|
239
|
-
function listAuthProfileStorePaths(config, stateDir) {
|
|
240
|
-
return listAuthProfileStorePaths$1(config, stateDir);
|
|
241
|
-
}
|
|
242
|
-
function listLegacyAuthJsonPaths(stateDir) {
|
|
243
|
-
const out = [];
|
|
244
|
-
const agentsRoot = path.join(resolveUserPath(stateDir), "agents");
|
|
245
|
-
if (!fs.existsSync(agentsRoot)) return out;
|
|
246
|
-
for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
247
|
-
if (!entry.isDirectory()) continue;
|
|
248
|
-
const candidate = path.join(agentsRoot, entry.name, "agent", "auth.json");
|
|
249
|
-
if (fs.existsSync(candidate)) out.push(candidate);
|
|
250
|
-
}
|
|
251
|
-
return out;
|
|
252
|
-
}
|
|
253
|
-
function resolveActiveAgentDir(stateDir, env = process.env) {
|
|
254
|
-
const override = env.GENESIS_AGENT_DIR?.trim() || env.PI_CODING_AGENT_DIR?.trim();
|
|
255
|
-
if (override) return resolveUserPath(override);
|
|
256
|
-
return path.join(resolveUserPath(stateDir), "agents", "main", "agent");
|
|
257
|
-
}
|
|
258
|
-
function listAgentModelsJsonPaths(config, stateDir, env = process.env) {
|
|
259
|
-
const resolvedStateDir = resolveUserPath(stateDir);
|
|
260
|
-
const paths = /* @__PURE__ */ new Set();
|
|
261
|
-
paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
|
|
262
|
-
paths.add(path.join(resolveActiveAgentDir(stateDir, env), "models.json"));
|
|
263
|
-
const agentsRoot = path.join(resolvedStateDir, "agents");
|
|
264
|
-
if (fs.existsSync(agentsRoot)) for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) {
|
|
265
|
-
if (!entry.isDirectory()) continue;
|
|
266
|
-
paths.add(path.join(agentsRoot, entry.name, "agent", "models.json"));
|
|
267
|
-
}
|
|
268
|
-
for (const agentId of listAgentIds(config)) {
|
|
269
|
-
if (agentId === "main") {
|
|
270
|
-
paths.add(path.join(resolvedStateDir, "agents", "main", "agent", "models.json"));
|
|
271
|
-
continue;
|
|
272
|
-
}
|
|
273
|
-
const agentDir = resolveAgentDir(config, agentId);
|
|
274
|
-
paths.add(path.join(resolveUserPath(agentDir), "models.json"));
|
|
275
|
-
}
|
|
276
|
-
return [...paths];
|
|
277
|
-
}
|
|
278
|
-
function readJsonObjectIfExists(filePath, options = {}) {
|
|
279
|
-
if (!fs.existsSync(filePath)) return { value: null };
|
|
280
|
-
try {
|
|
281
|
-
const stats = fs.statSync(filePath);
|
|
282
|
-
if (options.requireRegularFile && !stats.isFile()) return {
|
|
283
|
-
value: null,
|
|
284
|
-
error: `Refusing to read non-regular file: ${filePath}`
|
|
285
|
-
};
|
|
286
|
-
if (typeof options.maxBytes === "number" && Number.isFinite(options.maxBytes) && options.maxBytes >= 0 && stats.size > options.maxBytes) return {
|
|
287
|
-
value: null,
|
|
288
|
-
error: `Refusing to read oversized JSON (${stats.size} bytes): ${filePath}`
|
|
289
|
-
};
|
|
290
|
-
const raw = fs.readFileSync(filePath, "utf8");
|
|
291
|
-
const parsed = JSON.parse(raw);
|
|
292
|
-
if (!isJsonObject(parsed)) return { value: null };
|
|
293
|
-
return { value: parsed };
|
|
294
|
-
} catch (err) {
|
|
295
|
-
return {
|
|
296
|
-
value: null,
|
|
297
|
-
error: formatErrorMessage(err)
|
|
298
|
-
};
|
|
299
|
-
}
|
|
300
|
-
}
|
|
301
|
-
//#endregion
|
|
302
|
-
//#region src/secrets/apply.ts
|
|
303
|
-
function planContainsExecReferences(plan) {
|
|
304
|
-
if (plan.targets.some((target) => target.ref.source === "exec")) return true;
|
|
305
|
-
return Object.values(plan.providerUpserts ?? {}).some((provider) => provider.source === "exec");
|
|
306
|
-
}
|
|
307
|
-
function resolveTarget(target) {
|
|
308
|
-
const resolved = resolveValidatedPlanTarget(target);
|
|
309
|
-
if (!resolved) throw new Error(`Invalid plan target path for ${target.type}: ${target.path}`);
|
|
310
|
-
return resolved;
|
|
311
|
-
}
|
|
312
|
-
function scrubEnvRaw(raw, migratedValues, allowedEnvKeys) {
|
|
313
|
-
if (migratedValues.size === 0 || allowedEnvKeys.size === 0) return {
|
|
314
|
-
nextRaw: raw,
|
|
315
|
-
removed: 0
|
|
316
|
-
};
|
|
317
|
-
const lines = raw.split(/\r?\n/);
|
|
318
|
-
const nextLines = [];
|
|
319
|
-
let removed = 0;
|
|
320
|
-
for (const line of lines) {
|
|
321
|
-
const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
|
|
322
|
-
if (!match) {
|
|
323
|
-
nextLines.push(line);
|
|
324
|
-
continue;
|
|
325
|
-
}
|
|
326
|
-
const envKey = match[1] ?? "";
|
|
327
|
-
if (!allowedEnvKeys.has(envKey)) {
|
|
328
|
-
nextLines.push(line);
|
|
329
|
-
continue;
|
|
330
|
-
}
|
|
331
|
-
const parsedValue = parseEnvAssignmentValue(match[2] ?? "");
|
|
332
|
-
if (migratedValues.has(parsedValue)) {
|
|
333
|
-
removed += 1;
|
|
334
|
-
continue;
|
|
335
|
-
}
|
|
336
|
-
nextLines.push(line);
|
|
337
|
-
}
|
|
338
|
-
const hadTrailingNewline = raw.endsWith("\n");
|
|
339
|
-
const joined = nextLines.join("\n");
|
|
340
|
-
return {
|
|
341
|
-
nextRaw: hadTrailingNewline || joined.length === 0 ? `${joined}${joined.endsWith("\n") ? "" : "\n"}` : joined,
|
|
342
|
-
removed
|
|
343
|
-
};
|
|
344
|
-
}
|
|
345
|
-
function applyProviderPlanMutations(params) {
|
|
346
|
-
const currentProviders = isRecord(params.config.secrets?.providers) ? structuredClone(params.config.secrets?.providers) : {};
|
|
347
|
-
let changed = false;
|
|
348
|
-
for (const providerAlias of params.deletes ?? []) {
|
|
349
|
-
if (!Object.prototype.hasOwnProperty.call(currentProviders, providerAlias)) continue;
|
|
350
|
-
delete currentProviders[providerAlias];
|
|
351
|
-
changed = true;
|
|
352
|
-
}
|
|
353
|
-
for (const [providerAlias, providerConfig] of Object.entries(params.upserts ?? {})) {
|
|
354
|
-
const previous = currentProviders[providerAlias];
|
|
355
|
-
if (isDeepStrictEqual(previous, providerConfig)) continue;
|
|
356
|
-
currentProviders[providerAlias] = structuredClone(providerConfig);
|
|
357
|
-
changed = true;
|
|
358
|
-
}
|
|
359
|
-
if (!changed) return false;
|
|
360
|
-
params.config.secrets ??= {};
|
|
361
|
-
if (Object.keys(currentProviders).length === 0) {
|
|
362
|
-
if ("providers" in params.config.secrets) delete params.config.secrets.providers;
|
|
363
|
-
return true;
|
|
364
|
-
}
|
|
365
|
-
params.config.secrets.providers = currentProviders;
|
|
366
|
-
return true;
|
|
367
|
-
}
|
|
368
|
-
async function projectPlanState(params) {
|
|
369
|
-
const { snapshot, writeOptions } = await createSecretsConfigIO({ env: params.env }).readConfigFileSnapshotForWrite();
|
|
370
|
-
if (!snapshot.valid) throw new Error("Cannot apply secrets plan: config is invalid.");
|
|
371
|
-
const options = normalizeSecretsPlanOptions(params.plan.options);
|
|
372
|
-
const nextConfig = structuredClone(snapshot.config);
|
|
373
|
-
const stateDir = resolveStateDir(params.env, os.homedir);
|
|
374
|
-
const changedFiles = /* @__PURE__ */ new Set();
|
|
375
|
-
const warnings = [];
|
|
376
|
-
const configPath = resolveUserPath(snapshot.path);
|
|
377
|
-
if (applyProviderPlanMutations({
|
|
378
|
-
config: nextConfig,
|
|
379
|
-
upserts: params.plan.providerUpserts,
|
|
380
|
-
deletes: params.plan.providerDeletes
|
|
381
|
-
})) changedFiles.add(configPath);
|
|
382
|
-
const targetMutations = applyConfigTargetMutations({
|
|
383
|
-
planTargets: params.plan.targets,
|
|
384
|
-
nextConfig,
|
|
385
|
-
stateDir,
|
|
386
|
-
authStoreByPath: /* @__PURE__ */ new Map(),
|
|
387
|
-
changedFiles
|
|
388
|
-
});
|
|
389
|
-
if (targetMutations.configChanged) changedFiles.add(configPath);
|
|
390
|
-
const authStoreByPath = scrubAuthStoresForProviderTargets({
|
|
391
|
-
nextConfig,
|
|
392
|
-
stateDir,
|
|
393
|
-
providerTargets: targetMutations.providerTargets,
|
|
394
|
-
scrubbedValues: targetMutations.scrubbedValues,
|
|
395
|
-
authStoreByPath: targetMutations.authStoreByPath,
|
|
396
|
-
changedFiles,
|
|
397
|
-
warnings,
|
|
398
|
-
enabled: options.scrubAuthProfilesForProviderTargets
|
|
399
|
-
});
|
|
400
|
-
const authJsonByPath = scrubLegacyAuthJsonStores({
|
|
401
|
-
stateDir,
|
|
402
|
-
changedFiles,
|
|
403
|
-
enabled: options.scrubLegacyAuthJson
|
|
404
|
-
});
|
|
405
|
-
const envRawByPath = scrubEnvFiles({
|
|
406
|
-
env: params.env,
|
|
407
|
-
scrubbedValues: targetMutations.scrubbedValues,
|
|
408
|
-
changedFiles,
|
|
409
|
-
enabled: options.scrubEnv
|
|
410
|
-
});
|
|
411
|
-
const checkFullRuntime = params.write ? changedFiles.size > 0 : params.allowExecInDryRun;
|
|
412
|
-
const validation = await validateProjectedSecretsState({
|
|
413
|
-
env: params.env,
|
|
414
|
-
nextConfig,
|
|
415
|
-
resolvedTargets: targetMutations.resolvedTargets,
|
|
416
|
-
authStoreByPath,
|
|
417
|
-
write: params.write,
|
|
418
|
-
allowExecInDryRun: params.allowExecInDryRun,
|
|
419
|
-
checkFullRuntime
|
|
420
|
-
});
|
|
421
|
-
return {
|
|
422
|
-
nextConfig,
|
|
423
|
-
configPath,
|
|
424
|
-
configWriteOptions: writeOptions,
|
|
425
|
-
authStoreByPath,
|
|
426
|
-
authJsonByPath,
|
|
427
|
-
envRawByPath,
|
|
428
|
-
changedFiles,
|
|
429
|
-
warnings,
|
|
430
|
-
refsChecked: validation.refsChecked,
|
|
431
|
-
skippedExecRefs: validation.skippedExecRefs,
|
|
432
|
-
resolvabilityComplete: validation.resolvabilityComplete
|
|
433
|
-
};
|
|
434
|
-
}
|
|
435
|
-
function applyConfigTargetMutations(params) {
|
|
436
|
-
const resolvedTargets = params.planTargets.map((target) => ({
|
|
437
|
-
target,
|
|
438
|
-
resolved: resolveTarget(target)
|
|
439
|
-
}));
|
|
440
|
-
const scrubbedValues = /* @__PURE__ */ new Set();
|
|
441
|
-
const providerTargets = /* @__PURE__ */ new Set();
|
|
442
|
-
let configChanged = false;
|
|
443
|
-
for (const { target, resolved } of resolvedTargets) {
|
|
444
|
-
if (resolved.entry.configFile === "auth-profiles.json") {
|
|
445
|
-
if (applyAuthProfileTargetMutation({
|
|
446
|
-
target,
|
|
447
|
-
resolved,
|
|
448
|
-
nextConfig: params.nextConfig,
|
|
449
|
-
stateDir: params.stateDir,
|
|
450
|
-
authStoreByPath: params.authStoreByPath,
|
|
451
|
-
scrubbedValues
|
|
452
|
-
})) {
|
|
453
|
-
const agentId = (target.agentId ?? "").trim();
|
|
454
|
-
if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${target.path}.`);
|
|
455
|
-
params.changedFiles.add(resolveAuthStorePathForAgent({
|
|
456
|
-
nextConfig: params.nextConfig,
|
|
457
|
-
stateDir: params.stateDir,
|
|
458
|
-
agentId
|
|
459
|
-
}));
|
|
460
|
-
}
|
|
461
|
-
continue;
|
|
462
|
-
}
|
|
463
|
-
const targetPathSegments = resolved.pathSegments;
|
|
464
|
-
if (resolved.entry.secretShape === "sibling_ref") {
|
|
465
|
-
const previous = getPath(params.nextConfig, targetPathSegments);
|
|
466
|
-
if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
|
|
467
|
-
const refPathSegments = resolved.refPathSegments;
|
|
468
|
-
if (!refPathSegments) throw new Error(`Missing sibling ref path for target ${target.type}.`);
|
|
469
|
-
const wroteRef = setPathCreateStrict(params.nextConfig, refPathSegments, target.ref);
|
|
470
|
-
const deletedLegacy = deletePathStrict(params.nextConfig, targetPathSegments);
|
|
471
|
-
if (wroteRef || deletedLegacy) configChanged = true;
|
|
472
|
-
continue;
|
|
473
|
-
}
|
|
474
|
-
const previous = getPath(params.nextConfig, targetPathSegments);
|
|
475
|
-
if (isNonEmptyString(previous)) scrubbedValues.add(previous.trim());
|
|
476
|
-
if (setPathCreateStrict(params.nextConfig, targetPathSegments, target.ref)) configChanged = true;
|
|
477
|
-
if (resolved.entry.trackProviderShadowing && resolved.providerId) providerTargets.add(normalizeProviderId(resolved.providerId));
|
|
478
|
-
}
|
|
479
|
-
return {
|
|
480
|
-
resolvedTargets,
|
|
481
|
-
scrubbedValues,
|
|
482
|
-
providerTargets,
|
|
483
|
-
configChanged,
|
|
484
|
-
authStoreByPath: params.authStoreByPath
|
|
485
|
-
};
|
|
486
|
-
}
|
|
487
|
-
function scrubAuthStoresForProviderTargets(params) {
|
|
488
|
-
if (!params.enabled || params.providerTargets.size === 0) return params.authStoreByPath;
|
|
489
|
-
for (const authStorePath of listAuthProfileStorePaths(params.nextConfig, params.stateDir)) {
|
|
490
|
-
const parsed = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
|
|
491
|
-
if (!parsed || !isRecord(parsed.profiles)) continue;
|
|
492
|
-
const nextStore = structuredClone(parsed);
|
|
493
|
-
const profiles = nextStore.profiles;
|
|
494
|
-
if (!isRecord(profiles)) continue;
|
|
495
|
-
let mutated = false;
|
|
496
|
-
for (const profile of iterateAuthProfileCredentials(profiles)) {
|
|
497
|
-
const provider = normalizeProviderId(profile.provider);
|
|
498
|
-
if (!params.providerTargets.has(provider)) continue;
|
|
499
|
-
if (profile.kind === "api_key" || profile.kind === "token") {
|
|
500
|
-
if (isNonEmptyString(profile.value)) params.scrubbedValues.add(profile.value.trim());
|
|
501
|
-
if (profile.valueField in profile.profile) {
|
|
502
|
-
delete profile.profile[profile.valueField];
|
|
503
|
-
mutated = true;
|
|
504
|
-
}
|
|
505
|
-
if (profile.refField in profile.profile) {
|
|
506
|
-
delete profile.profile[profile.refField];
|
|
507
|
-
mutated = true;
|
|
508
|
-
}
|
|
509
|
-
continue;
|
|
510
|
-
}
|
|
511
|
-
if (profile.kind === "oauth" && (profile.hasAccess || profile.hasRefresh)) params.warnings.push(`Provider "${provider}" has OAuth credentials in ${authStorePath}; those still take precedence and are out of scope for static SecretRef migration.`);
|
|
512
|
-
}
|
|
513
|
-
if (mutated) {
|
|
514
|
-
params.authStoreByPath.set(authStorePath, nextStore);
|
|
515
|
-
params.changedFiles.add(authStorePath);
|
|
516
|
-
}
|
|
517
|
-
}
|
|
518
|
-
return params.authStoreByPath;
|
|
519
|
-
}
|
|
520
|
-
function ensureMutableAuthStore(store) {
|
|
521
|
-
const next = store ? structuredClone(store) : {};
|
|
522
|
-
const profiles = isRecord(next.profiles) ? next.profiles : {};
|
|
523
|
-
if (typeof next.version !== "number" || !Number.isFinite(next.version)) next.version = 1;
|
|
524
|
-
return {
|
|
525
|
-
...next,
|
|
526
|
-
profiles
|
|
527
|
-
};
|
|
528
|
-
}
|
|
529
|
-
function resolveAuthStoreForTarget(params) {
|
|
530
|
-
const agentId = (params.target.agentId ?? "").trim();
|
|
531
|
-
if (!agentId) throw new Error(`Missing required agentId for auth-profiles target ${params.target.path}.`);
|
|
532
|
-
const authStorePath = resolveAuthStorePathForAgent({
|
|
533
|
-
nextConfig: params.nextConfig,
|
|
534
|
-
stateDir: params.stateDir,
|
|
535
|
-
agentId
|
|
536
|
-
});
|
|
537
|
-
const loaded = params.authStoreByPath.get(authStorePath) ?? readJsonObjectIfExists(authStorePath).value;
|
|
538
|
-
const store = ensureMutableAuthStore(isRecord(loaded) ? loaded : void 0);
|
|
539
|
-
params.authStoreByPath.set(authStorePath, store);
|
|
540
|
-
return {
|
|
541
|
-
path: authStorePath,
|
|
542
|
-
store
|
|
543
|
-
};
|
|
544
|
-
}
|
|
545
|
-
function resolveAuthStorePathForAgent(params) {
|
|
546
|
-
const normalizedAgentId = normalizeAgentId(params.agentId);
|
|
547
|
-
const configuredAgentDir = resolveAgentConfig(params.nextConfig, normalizedAgentId)?.agentDir?.trim();
|
|
548
|
-
if (configuredAgentDir) return resolveUserPath(resolveAuthStorePath(configuredAgentDir));
|
|
549
|
-
return path.join(resolveUserPath(params.stateDir), "agents", normalizedAgentId, "agent", "auth-profiles.json");
|
|
550
|
-
}
|
|
551
|
-
function ensureAuthProfileContainer(params) {
|
|
552
|
-
let changed = false;
|
|
553
|
-
const profilePathSegments = params.resolved.pathSegments.slice(0, 2);
|
|
554
|
-
const profileId = profilePathSegments[1];
|
|
555
|
-
if (!profileId) throw new Error(`Invalid auth profile target path: ${params.target.path}`);
|
|
556
|
-
const current = getPath(params.store, profilePathSegments);
|
|
557
|
-
const expectedType = params.resolved.entry.authProfileType;
|
|
558
|
-
if (isRecord(current)) {
|
|
559
|
-
if (expectedType && typeof current.type === "string" && current.type !== expectedType) throw new Error(`Auth profile "${profileId}" type mismatch for ${params.target.path}: expected "${expectedType}", got "${current.type}".`);
|
|
560
|
-
if (!isNonEmptyString(current.provider) && isNonEmptyString(params.target.authProfileProvider)) {
|
|
561
|
-
const wroteProvider = setPathCreateStrict(params.store, [...profilePathSegments, "provider"], params.target.authProfileProvider);
|
|
562
|
-
changed = changed || wroteProvider;
|
|
563
|
-
}
|
|
564
|
-
return changed;
|
|
565
|
-
}
|
|
566
|
-
if (!expectedType) throw new Error(`Auth profile target ${params.target.path} is missing auth profile type metadata.`);
|
|
567
|
-
const provider = (params.target.authProfileProvider ?? "").trim();
|
|
568
|
-
if (!provider) throw new Error(`Cannot create auth profile "${profileId}" for ${params.target.path} without authProfileProvider.`);
|
|
569
|
-
const wroteProfile = setPathCreateStrict(params.store, profilePathSegments, {
|
|
570
|
-
type: expectedType,
|
|
571
|
-
provider
|
|
572
|
-
});
|
|
573
|
-
changed = changed || wroteProfile;
|
|
574
|
-
return changed;
|
|
575
|
-
}
|
|
576
|
-
function applyAuthProfileTargetMutation(params) {
|
|
577
|
-
if (params.resolved.entry.configFile !== "auth-profiles.json") return false;
|
|
578
|
-
const { store } = resolveAuthStoreForTarget({
|
|
579
|
-
target: params.target,
|
|
580
|
-
nextConfig: params.nextConfig,
|
|
581
|
-
stateDir: params.stateDir,
|
|
582
|
-
authStoreByPath: params.authStoreByPath
|
|
583
|
-
});
|
|
584
|
-
let changed = ensureAuthProfileContainer({
|
|
585
|
-
target: params.target,
|
|
586
|
-
resolved: params.resolved,
|
|
587
|
-
store
|
|
588
|
-
});
|
|
589
|
-
const targetPathSegments = params.resolved.pathSegments;
|
|
590
|
-
if (params.resolved.entry.secretShape === "sibling_ref") {
|
|
591
|
-
const previous = getPath(store, targetPathSegments);
|
|
592
|
-
if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
|
|
593
|
-
const refPathSegments = params.resolved.refPathSegments;
|
|
594
|
-
if (!refPathSegments) throw new Error(`Missing sibling ref path for auth-profiles target ${params.target.path}.`);
|
|
595
|
-
const wroteRef = setPathCreateStrict(store, refPathSegments, params.target.ref);
|
|
596
|
-
const deletedPlaintext = deletePathStrict(store, targetPathSegments);
|
|
597
|
-
changed = changed || wroteRef || deletedPlaintext;
|
|
598
|
-
return changed;
|
|
599
|
-
}
|
|
600
|
-
const previous = getPath(store, targetPathSegments);
|
|
601
|
-
if (isNonEmptyString(previous)) params.scrubbedValues.add(previous.trim());
|
|
602
|
-
const wroteRef = setPathCreateStrict(store, targetPathSegments, params.target.ref);
|
|
603
|
-
changed = changed || wroteRef;
|
|
604
|
-
return changed;
|
|
605
|
-
}
|
|
606
|
-
function scrubLegacyAuthJsonStores(params) {
|
|
607
|
-
const authJsonByPath = /* @__PURE__ */ new Map();
|
|
608
|
-
if (!params.enabled) return authJsonByPath;
|
|
609
|
-
for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
|
|
610
|
-
const parsed = readJsonObjectIfExists(authJsonPath).value;
|
|
611
|
-
if (!parsed) continue;
|
|
612
|
-
let mutated = false;
|
|
613
|
-
const nextParsed = structuredClone(parsed);
|
|
614
|
-
for (const [providerId, value] of Object.entries(nextParsed)) {
|
|
615
|
-
if (!isRecord(value)) continue;
|
|
616
|
-
if (value.type === "api_key" && isNonEmptyString(value.key)) {
|
|
617
|
-
delete nextParsed[providerId];
|
|
618
|
-
mutated = true;
|
|
619
|
-
}
|
|
620
|
-
}
|
|
621
|
-
if (mutated) {
|
|
622
|
-
authJsonByPath.set(authJsonPath, nextParsed);
|
|
623
|
-
params.changedFiles.add(authJsonPath);
|
|
624
|
-
}
|
|
625
|
-
}
|
|
626
|
-
return authJsonByPath;
|
|
627
|
-
}
|
|
628
|
-
function scrubEnvFiles(params) {
|
|
629
|
-
const envRawByPath = /* @__PURE__ */ new Map();
|
|
630
|
-
if (!params.enabled || params.scrubbedValues.size === 0) return envRawByPath;
|
|
631
|
-
const envPath = path.join(resolveConfigDir(params.env, os.homedir), ".env");
|
|
632
|
-
if (!fs.existsSync(envPath)) return envRawByPath;
|
|
633
|
-
const current = fs.readFileSync(envPath, "utf8");
|
|
634
|
-
const scrubbed = scrubEnvRaw(current, params.scrubbedValues, new Set(listKnownSecretEnvVarNames()));
|
|
635
|
-
if (scrubbed.removed > 0 && scrubbed.nextRaw !== current) {
|
|
636
|
-
envRawByPath.set(envPath, scrubbed.nextRaw);
|
|
637
|
-
params.changedFiles.add(envPath);
|
|
638
|
-
}
|
|
639
|
-
return envRawByPath;
|
|
640
|
-
}
|
|
641
|
-
async function validateProjectedSecretsState(params) {
|
|
642
|
-
const cache = {};
|
|
643
|
-
let refsChecked = 0;
|
|
644
|
-
let skippedExecRefs = 0;
|
|
645
|
-
for (const { target, resolved: resolvedTarget } of params.resolvedTargets) {
|
|
646
|
-
if (!params.write && target.ref.source === "exec" && !params.allowExecInDryRun) {
|
|
647
|
-
skippedExecRefs += 1;
|
|
648
|
-
const staticError = getSkippedExecRefStaticError({
|
|
649
|
-
ref: target.ref,
|
|
650
|
-
config: params.nextConfig
|
|
651
|
-
});
|
|
652
|
-
if (staticError) throw new Error(staticError);
|
|
653
|
-
continue;
|
|
654
|
-
}
|
|
655
|
-
const resolved = await resolveSecretRefValue(target.ref, {
|
|
656
|
-
config: params.nextConfig,
|
|
657
|
-
env: params.env,
|
|
658
|
-
cache
|
|
659
|
-
});
|
|
660
|
-
refsChecked += 1;
|
|
661
|
-
assertExpectedResolvedSecretValue({
|
|
662
|
-
value: resolved,
|
|
663
|
-
expected: resolvedTarget.entry.expectedResolvedValue,
|
|
664
|
-
errorMessage: resolvedTarget.entry.expectedResolvedValue === "string" ? `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not a non-empty string.` : `Ref ${target.ref.source}:${target.ref.provider}:${target.ref.id} is not string/object.`
|
|
665
|
-
});
|
|
666
|
-
}
|
|
667
|
-
const authStoreLookup = /* @__PURE__ */ new Map();
|
|
668
|
-
for (const [authStorePath, store] of params.authStoreByPath.entries()) authStoreLookup.set(resolveUserPath(authStorePath), store);
|
|
669
|
-
if (params.checkFullRuntime) await prepareSecretsRuntimeSnapshot({
|
|
670
|
-
config: params.nextConfig,
|
|
671
|
-
env: params.env,
|
|
672
|
-
includeAuthStoreRefs: params.write || params.authStoreByPath.size > 0,
|
|
673
|
-
loadAuthStore: (agentDir) => {
|
|
674
|
-
const storePath = resolveUserPath(resolveAuthStorePath(agentDir));
|
|
675
|
-
const override = authStoreLookup.get(storePath);
|
|
676
|
-
if (override) return coercePersistedAuthProfileStore(structuredClone(override)) ?? {
|
|
677
|
-
version: 1,
|
|
678
|
-
profiles: {}
|
|
679
|
-
};
|
|
680
|
-
return loadAuthProfileStoreForSecretsRuntime(agentDir);
|
|
681
|
-
}
|
|
682
|
-
});
|
|
683
|
-
return {
|
|
684
|
-
refsChecked,
|
|
685
|
-
skippedExecRefs,
|
|
686
|
-
resolvabilityComplete: params.write || params.allowExecInDryRun || skippedExecRefs === 0
|
|
687
|
-
};
|
|
688
|
-
}
|
|
689
|
-
function captureFileSnapshot(pathname) {
|
|
690
|
-
if (!fs.existsSync(pathname)) return {
|
|
691
|
-
existed: false,
|
|
692
|
-
content: "",
|
|
693
|
-
mode: 384
|
|
694
|
-
};
|
|
695
|
-
const stat = fs.statSync(pathname);
|
|
696
|
-
return {
|
|
697
|
-
existed: true,
|
|
698
|
-
content: fs.readFileSync(pathname, "utf8"),
|
|
699
|
-
mode: stat.mode & 511
|
|
700
|
-
};
|
|
701
|
-
}
|
|
702
|
-
function restoreFileSnapshot(pathname, snapshot) {
|
|
703
|
-
if (!snapshot.existed) {
|
|
704
|
-
if (fs.existsSync(pathname)) fs.rmSync(pathname, { force: true });
|
|
705
|
-
return;
|
|
706
|
-
}
|
|
707
|
-
writeTextFileAtomic(pathname, snapshot.content, snapshot.mode || 384);
|
|
708
|
-
}
|
|
709
|
-
function toJsonWrite(pathname, value) {
|
|
710
|
-
return {
|
|
711
|
-
path: pathname,
|
|
712
|
-
content: `${JSON.stringify(value, null, 2)}\n`,
|
|
713
|
-
mode: 384
|
|
714
|
-
};
|
|
715
|
-
}
|
|
716
|
-
async function runSecretsApply(params) {
|
|
717
|
-
const env = params.env ?? process.env;
|
|
718
|
-
const write = params.write === true;
|
|
719
|
-
const allowExec = Boolean(params.allowExec);
|
|
720
|
-
if (write && planContainsExecReferences(params.plan) && !allowExec) throw new Error("Plan contains exec SecretRefs/providers. Re-run with --allow-exec.");
|
|
721
|
-
const allowExecInDryRun = write ? true : allowExec;
|
|
722
|
-
const projected = await projectPlanState({
|
|
723
|
-
plan: params.plan,
|
|
724
|
-
env,
|
|
725
|
-
write,
|
|
726
|
-
allowExecInDryRun
|
|
727
|
-
});
|
|
728
|
-
const changedFiles = [...projected.changedFiles].toSorted();
|
|
729
|
-
if (!write) return {
|
|
730
|
-
mode: "dry-run",
|
|
731
|
-
changed: changedFiles.length > 0,
|
|
732
|
-
changedFiles,
|
|
733
|
-
checks: {
|
|
734
|
-
resolvability: true,
|
|
735
|
-
resolvabilityComplete: projected.resolvabilityComplete
|
|
736
|
-
},
|
|
737
|
-
refsChecked: projected.refsChecked,
|
|
738
|
-
skippedExecRefs: projected.skippedExecRefs,
|
|
739
|
-
warningCount: projected.warnings.length,
|
|
740
|
-
warnings: projected.warnings
|
|
741
|
-
};
|
|
742
|
-
if (changedFiles.length === 0) return {
|
|
743
|
-
mode: "write",
|
|
744
|
-
changed: false,
|
|
745
|
-
changedFiles: [],
|
|
746
|
-
checks: {
|
|
747
|
-
resolvability: true,
|
|
748
|
-
resolvabilityComplete: true
|
|
749
|
-
},
|
|
750
|
-
refsChecked: projected.refsChecked,
|
|
751
|
-
skippedExecRefs: 0,
|
|
752
|
-
warningCount: projected.warnings.length,
|
|
753
|
-
warnings: projected.warnings
|
|
754
|
-
};
|
|
755
|
-
const io = createSecretsConfigIO({ env });
|
|
756
|
-
const snapshots = /* @__PURE__ */ new Map();
|
|
757
|
-
const capture = (pathname) => {
|
|
758
|
-
if (!snapshots.has(pathname)) snapshots.set(pathname, captureFileSnapshot(pathname));
|
|
759
|
-
};
|
|
760
|
-
capture(projected.configPath);
|
|
761
|
-
const writes = [];
|
|
762
|
-
for (const [pathname, value] of projected.authStoreByPath.entries()) {
|
|
763
|
-
capture(pathname);
|
|
764
|
-
writes.push(toJsonWrite(pathname, value));
|
|
765
|
-
}
|
|
766
|
-
for (const [pathname, value] of projected.authJsonByPath.entries()) {
|
|
767
|
-
capture(pathname);
|
|
768
|
-
writes.push(toJsonWrite(pathname, value));
|
|
769
|
-
}
|
|
770
|
-
for (const [pathname, raw] of projected.envRawByPath.entries()) {
|
|
771
|
-
capture(pathname);
|
|
772
|
-
writes.push({
|
|
773
|
-
path: pathname,
|
|
774
|
-
content: raw,
|
|
775
|
-
mode: 384
|
|
776
|
-
});
|
|
777
|
-
}
|
|
778
|
-
try {
|
|
779
|
-
await io.writeConfigFile(projected.nextConfig, projected.configWriteOptions);
|
|
780
|
-
for (const write of writes) writeTextFileAtomic(write.path, write.content, write.mode);
|
|
781
|
-
} catch (err) {
|
|
782
|
-
for (const [pathname, snapshot] of snapshots.entries()) try {
|
|
783
|
-
restoreFileSnapshot(pathname, snapshot);
|
|
784
|
-
} catch {}
|
|
785
|
-
throw new Error(`Secrets apply failed: ${String(err)}`, { cause: err });
|
|
786
|
-
}
|
|
787
|
-
return {
|
|
788
|
-
mode: "write",
|
|
789
|
-
changed: changedFiles.length > 0,
|
|
790
|
-
changedFiles,
|
|
791
|
-
checks: {
|
|
792
|
-
resolvability: true,
|
|
793
|
-
resolvabilityComplete: true
|
|
794
|
-
},
|
|
795
|
-
refsChecked: projected.refsChecked,
|
|
796
|
-
skippedExecRefs: 0,
|
|
797
|
-
warningCount: projected.warnings.length,
|
|
798
|
-
warnings: projected.warnings
|
|
799
|
-
};
|
|
800
|
-
}
|
|
801
|
-
//#endregion
|
|
802
|
-
//#region src/secrets/audit.ts
|
|
803
|
-
const REF_RESOLVE_FALLBACK_CONCURRENCY = 8;
|
|
804
|
-
const MAX_AUDIT_MODELS_JSON_BYTES = 5 * 1024 * 1024;
|
|
805
|
-
const ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES = new Set([
|
|
806
|
-
"authorization",
|
|
807
|
-
"proxy-authorization",
|
|
808
|
-
"x-api-key",
|
|
809
|
-
"api-key",
|
|
810
|
-
"apikey",
|
|
811
|
-
"x-auth-token",
|
|
812
|
-
"auth-token",
|
|
813
|
-
"x-access-token",
|
|
814
|
-
"access-token",
|
|
815
|
-
"x-secret-key",
|
|
816
|
-
"secret-key"
|
|
817
|
-
]);
|
|
818
|
-
const SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS = [
|
|
819
|
-
"api-key",
|
|
820
|
-
"apikey",
|
|
821
|
-
"token",
|
|
822
|
-
"secret",
|
|
823
|
-
"password",
|
|
824
|
-
"credential"
|
|
825
|
-
];
|
|
826
|
-
function isLikelySensitiveModelProviderHeaderName(value) {
|
|
827
|
-
const normalized = normalizeLowercaseStringOrEmpty(value);
|
|
828
|
-
if (!normalized) return false;
|
|
829
|
-
if (ALWAYS_SENSITIVE_MODEL_PROVIDER_HEADER_NAMES.has(normalized)) return true;
|
|
830
|
-
return SENSITIVE_MODEL_PROVIDER_HEADER_NAME_FRAGMENTS.some((fragment) => normalized.includes(fragment));
|
|
831
|
-
}
|
|
832
|
-
function addFinding(collector, finding) {
|
|
833
|
-
collector.findings.push(finding);
|
|
834
|
-
}
|
|
835
|
-
function collectProviderRefPath(collector, providerId, configPath) {
|
|
836
|
-
const key = normalizeProviderId(providerId);
|
|
837
|
-
const existing = collector.configProviderRefPaths.get(key);
|
|
838
|
-
if (existing) {
|
|
839
|
-
existing.push(configPath);
|
|
840
|
-
return;
|
|
841
|
-
}
|
|
842
|
-
collector.configProviderRefPaths.set(key, [configPath]);
|
|
843
|
-
}
|
|
844
|
-
function trackAuthProviderState(collector, provider, mode) {
|
|
845
|
-
const key = normalizeProviderId(provider);
|
|
846
|
-
const existing = collector.authProviderState.get(key);
|
|
847
|
-
if (existing) {
|
|
848
|
-
existing.hasUsableStaticOrOAuth = true;
|
|
849
|
-
existing.modes.add(mode);
|
|
850
|
-
return;
|
|
851
|
-
}
|
|
852
|
-
collector.authProviderState.set(key, {
|
|
853
|
-
hasUsableStaticOrOAuth: true,
|
|
854
|
-
modes: new Set([mode])
|
|
855
|
-
});
|
|
856
|
-
}
|
|
857
|
-
function collectEnvPlaintext(params) {
|
|
858
|
-
if (!fs.existsSync(params.envPath)) return;
|
|
859
|
-
params.collector.filesScanned.add(params.envPath);
|
|
860
|
-
const knownKeys = new Set(listKnownSecretEnvVarNames());
|
|
861
|
-
const lines = fs.readFileSync(params.envPath, "utf8").split(/\r?\n/);
|
|
862
|
-
for (const line of lines) {
|
|
863
|
-
const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)$/);
|
|
864
|
-
if (!match) continue;
|
|
865
|
-
const key = match[1] ?? "";
|
|
866
|
-
if (!knownKeys.has(key)) continue;
|
|
867
|
-
if (!parseEnvAssignmentValue(match[2] ?? "")) continue;
|
|
868
|
-
addFinding(params.collector, {
|
|
869
|
-
code: "PLAINTEXT_FOUND",
|
|
870
|
-
severity: "warn",
|
|
871
|
-
file: params.envPath,
|
|
872
|
-
jsonPath: `$env.${key}`,
|
|
873
|
-
message: `Potential secret found in .env (${key}).`
|
|
874
|
-
});
|
|
875
|
-
}
|
|
876
|
-
}
|
|
877
|
-
function collectConfigSecrets(params) {
|
|
878
|
-
const defaults = params.config.secrets?.defaults;
|
|
879
|
-
for (const target of discoverConfigSecretTargets(params.config)) {
|
|
880
|
-
if (!target.entry.includeInAudit) continue;
|
|
881
|
-
const { ref } = resolveSecretInputRef({
|
|
882
|
-
value: target.value,
|
|
883
|
-
refValue: target.refValue,
|
|
884
|
-
defaults
|
|
885
|
-
});
|
|
886
|
-
if (ref) {
|
|
887
|
-
params.collector.refAssignments.push({
|
|
888
|
-
file: params.configPath,
|
|
889
|
-
path: target.path,
|
|
890
|
-
ref,
|
|
891
|
-
expected: target.entry.expectedResolvedValue,
|
|
892
|
-
provider: target.providerId
|
|
893
|
-
});
|
|
894
|
-
if (target.entry.trackProviderShadowing && target.providerId) collectProviderRefPath(params.collector, target.providerId, target.path);
|
|
895
|
-
continue;
|
|
896
|
-
}
|
|
897
|
-
const hasPlaintext = hasConfiguredPlaintextSecretValue(target.value, target.entry.expectedResolvedValue);
|
|
898
|
-
if (target.entry.id === "models.providers.*.headers.*" && !isLikelySensitiveModelProviderHeaderName(target.pathSegments.at(-1) ?? "")) continue;
|
|
899
|
-
if (!hasPlaintext) continue;
|
|
900
|
-
addFinding(params.collector, {
|
|
901
|
-
code: "PLAINTEXT_FOUND",
|
|
902
|
-
severity: "warn",
|
|
903
|
-
file: params.configPath,
|
|
904
|
-
jsonPath: target.path,
|
|
905
|
-
message: `${target.path} is stored as plaintext.`,
|
|
906
|
-
provider: target.providerId
|
|
907
|
-
});
|
|
908
|
-
}
|
|
909
|
-
}
|
|
910
|
-
function collectAuthStoreSecrets(params) {
|
|
911
|
-
if (!fs.existsSync(params.authStorePath)) return;
|
|
912
|
-
params.collector.filesScanned.add(params.authStorePath);
|
|
913
|
-
const parsedResult = readJsonObjectIfExists(params.authStorePath);
|
|
914
|
-
if (parsedResult.error) {
|
|
915
|
-
addFinding(params.collector, {
|
|
916
|
-
code: "REF_UNRESOLVED",
|
|
917
|
-
severity: "error",
|
|
918
|
-
file: params.authStorePath,
|
|
919
|
-
jsonPath: "<root>",
|
|
920
|
-
message: `Invalid JSON in auth-profiles store: ${parsedResult.error}`
|
|
921
|
-
});
|
|
922
|
-
return;
|
|
923
|
-
}
|
|
924
|
-
const parsed = parsedResult.value;
|
|
925
|
-
if (!parsed || !isRecord(parsed.profiles)) return;
|
|
926
|
-
for (const entry of iterateAuthProfileCredentials(parsed.profiles)) {
|
|
927
|
-
if (entry.kind === "api_key" || entry.kind === "token") {
|
|
928
|
-
const { ref } = resolveSecretInputRef({
|
|
929
|
-
value: entry.value,
|
|
930
|
-
refValue: entry.refValue,
|
|
931
|
-
defaults: params.defaults
|
|
932
|
-
});
|
|
933
|
-
if (ref) {
|
|
934
|
-
params.collector.refAssignments.push({
|
|
935
|
-
file: params.authStorePath,
|
|
936
|
-
path: `profiles.${entry.profileId}.${entry.valueField}`,
|
|
937
|
-
ref,
|
|
938
|
-
expected: "string",
|
|
939
|
-
provider: entry.provider
|
|
940
|
-
});
|
|
941
|
-
trackAuthProviderState(params.collector, entry.provider, entry.kind);
|
|
942
|
-
}
|
|
943
|
-
if (isNonEmptyString(entry.value)) {
|
|
944
|
-
addFinding(params.collector, {
|
|
945
|
-
code: "PLAINTEXT_FOUND",
|
|
946
|
-
severity: "warn",
|
|
947
|
-
file: params.authStorePath,
|
|
948
|
-
jsonPath: `profiles.${entry.profileId}.${entry.valueField}`,
|
|
949
|
-
message: entry.kind === "api_key" ? "Auth profile API key is stored as plaintext." : "Auth profile token is stored as plaintext.",
|
|
950
|
-
provider: entry.provider,
|
|
951
|
-
profileId: entry.profileId
|
|
952
|
-
});
|
|
953
|
-
trackAuthProviderState(params.collector, entry.provider, entry.kind);
|
|
954
|
-
}
|
|
955
|
-
continue;
|
|
956
|
-
}
|
|
957
|
-
if (entry.hasAccess || entry.hasRefresh) {
|
|
958
|
-
addFinding(params.collector, {
|
|
959
|
-
code: "LEGACY_RESIDUE",
|
|
960
|
-
severity: "info",
|
|
961
|
-
file: params.authStorePath,
|
|
962
|
-
jsonPath: `profiles.${entry.profileId}`,
|
|
963
|
-
message: "OAuth credentials are present (out of scope for static SecretRef migration).",
|
|
964
|
-
provider: entry.provider,
|
|
965
|
-
profileId: entry.profileId
|
|
966
|
-
});
|
|
967
|
-
trackAuthProviderState(params.collector, entry.provider, "oauth");
|
|
968
|
-
}
|
|
969
|
-
}
|
|
970
|
-
}
|
|
971
|
-
function collectAuthJsonResidue(params) {
|
|
972
|
-
for (const authJsonPath of listLegacyAuthJsonPaths(params.stateDir)) {
|
|
973
|
-
params.collector.filesScanned.add(authJsonPath);
|
|
974
|
-
const parsedResult = readJsonObjectIfExists(authJsonPath);
|
|
975
|
-
if (parsedResult.error) {
|
|
976
|
-
addFinding(params.collector, {
|
|
977
|
-
code: "REF_UNRESOLVED",
|
|
978
|
-
severity: "error",
|
|
979
|
-
file: authJsonPath,
|
|
980
|
-
jsonPath: "<root>",
|
|
981
|
-
message: `Invalid JSON in legacy auth.json: ${parsedResult.error}`
|
|
982
|
-
});
|
|
983
|
-
continue;
|
|
984
|
-
}
|
|
985
|
-
const parsed = parsedResult.value;
|
|
986
|
-
if (!parsed) continue;
|
|
987
|
-
for (const [providerId, value] of Object.entries(parsed)) {
|
|
988
|
-
if (!isRecord(value)) continue;
|
|
989
|
-
if (value.type === "api_key" && isNonEmptyString(value.key)) addFinding(params.collector, {
|
|
990
|
-
code: "LEGACY_RESIDUE",
|
|
991
|
-
severity: "warn",
|
|
992
|
-
file: authJsonPath,
|
|
993
|
-
jsonPath: providerId,
|
|
994
|
-
message: "Legacy auth.json contains static api_key credentials.",
|
|
995
|
-
provider: providerId
|
|
996
|
-
});
|
|
997
|
-
}
|
|
998
|
-
}
|
|
999
|
-
}
|
|
1000
|
-
function collectModelsJsonSecrets(params) {
|
|
1001
|
-
if (!fs.existsSync(params.modelsJsonPath)) return;
|
|
1002
|
-
params.collector.filesScanned.add(params.modelsJsonPath);
|
|
1003
|
-
const parsedResult = readJsonObjectIfExists(params.modelsJsonPath, {
|
|
1004
|
-
requireRegularFile: true,
|
|
1005
|
-
maxBytes: MAX_AUDIT_MODELS_JSON_BYTES
|
|
1006
|
-
});
|
|
1007
|
-
if (parsedResult.error) {
|
|
1008
|
-
addFinding(params.collector, {
|
|
1009
|
-
code: "REF_UNRESOLVED",
|
|
1010
|
-
severity: "error",
|
|
1011
|
-
file: params.modelsJsonPath,
|
|
1012
|
-
jsonPath: "<root>",
|
|
1013
|
-
message: `Invalid JSON in models.json: ${parsedResult.error}`
|
|
1014
|
-
});
|
|
1015
|
-
return;
|
|
1016
|
-
}
|
|
1017
|
-
const parsed = parsedResult.value;
|
|
1018
|
-
if (!parsed || !isRecord(parsed.providers)) return;
|
|
1019
|
-
for (const [providerId, providerValue] of Object.entries(parsed.providers)) {
|
|
1020
|
-
if (!isRecord(providerValue)) continue;
|
|
1021
|
-
const apiKey = providerValue.apiKey;
|
|
1022
|
-
if (coerceSecretRef(apiKey)) addFinding(params.collector, {
|
|
1023
|
-
code: "REF_UNRESOLVED",
|
|
1024
|
-
severity: "error",
|
|
1025
|
-
file: params.modelsJsonPath,
|
|
1026
|
-
jsonPath: `providers.${providerId}.apiKey`,
|
|
1027
|
-
message: "models.json contains an unresolved SecretRef object; regenerate models.json.",
|
|
1028
|
-
provider: providerId
|
|
1029
|
-
});
|
|
1030
|
-
else if (isNonEmptyString(apiKey) && !isNonSecretApiKeyMarker(apiKey)) addFinding(params.collector, {
|
|
1031
|
-
code: "PLAINTEXT_FOUND",
|
|
1032
|
-
severity: "warn",
|
|
1033
|
-
file: params.modelsJsonPath,
|
|
1034
|
-
jsonPath: `providers.${providerId}.apiKey`,
|
|
1035
|
-
message: "models.json provider apiKey is stored as plaintext.",
|
|
1036
|
-
provider: providerId
|
|
1037
|
-
});
|
|
1038
|
-
const headers = isRecord(providerValue.headers) ? providerValue.headers : void 0;
|
|
1039
|
-
if (!headers) continue;
|
|
1040
|
-
for (const [headerKey, headerValue] of Object.entries(headers)) {
|
|
1041
|
-
const headerPath = `providers.${providerId}.headers.${headerKey}`;
|
|
1042
|
-
if (coerceSecretRef(headerValue)) {
|
|
1043
|
-
addFinding(params.collector, {
|
|
1044
|
-
code: "REF_UNRESOLVED",
|
|
1045
|
-
severity: "error",
|
|
1046
|
-
file: params.modelsJsonPath,
|
|
1047
|
-
jsonPath: headerPath,
|
|
1048
|
-
message: "models.json contains an unresolved SecretRef object for provider headers; regenerate models.json.",
|
|
1049
|
-
provider: providerId
|
|
1050
|
-
});
|
|
1051
|
-
continue;
|
|
1052
|
-
}
|
|
1053
|
-
if (!isNonEmptyString(headerValue)) continue;
|
|
1054
|
-
if (isSecretRefHeaderValueMarker(headerValue)) continue;
|
|
1055
|
-
if (!isLikelySensitiveModelProviderHeaderName(headerKey)) continue;
|
|
1056
|
-
addFinding(params.collector, {
|
|
1057
|
-
code: "PLAINTEXT_FOUND",
|
|
1058
|
-
severity: "warn",
|
|
1059
|
-
file: params.modelsJsonPath,
|
|
1060
|
-
jsonPath: headerPath,
|
|
1061
|
-
message: "models.json provider header value is stored as plaintext.",
|
|
1062
|
-
provider: providerId
|
|
1063
|
-
});
|
|
1064
|
-
}
|
|
1065
|
-
}
|
|
1066
|
-
}
|
|
1067
|
-
async function collectUnresolvedRefFindings(params) {
|
|
1068
|
-
const cache = {};
|
|
1069
|
-
const refsByProvider = /* @__PURE__ */ new Map();
|
|
1070
|
-
const skippedRefKeys = /* @__PURE__ */ new Set();
|
|
1071
|
-
let refsChecked = 0;
|
|
1072
|
-
let skippedExecRefs = 0;
|
|
1073
|
-
for (const assignment of params.collector.refAssignments) {
|
|
1074
|
-
const providerKey = `${assignment.ref.source}:${assignment.ref.provider}`;
|
|
1075
|
-
let refsForProvider = refsByProvider.get(providerKey);
|
|
1076
|
-
if (!refsForProvider) {
|
|
1077
|
-
refsForProvider = /* @__PURE__ */ new Map();
|
|
1078
|
-
refsByProvider.set(providerKey, refsForProvider);
|
|
1079
|
-
}
|
|
1080
|
-
refsForProvider.set(secretRefKey(assignment.ref), assignment.ref);
|
|
1081
|
-
}
|
|
1082
|
-
const resolvedByRefKey = /* @__PURE__ */ new Map();
|
|
1083
|
-
const errorsByRefKey = /* @__PURE__ */ new Map();
|
|
1084
|
-
for (const refsForProvider of refsByProvider.values()) {
|
|
1085
|
-
const refs = [...refsForProvider.values()];
|
|
1086
|
-
const selectedRefs = selectRefsForExecPolicy({
|
|
1087
|
-
refs,
|
|
1088
|
-
allowExec: params.allowExec
|
|
1089
|
-
});
|
|
1090
|
-
if (selectedRefs.skippedExecRefs.length > 0) {
|
|
1091
|
-
skippedExecRefs += selectedRefs.skippedExecRefs.length;
|
|
1092
|
-
for (const ref of selectedRefs.skippedExecRefs) {
|
|
1093
|
-
skippedRefKeys.add(secretRefKey(ref));
|
|
1094
|
-
const staticError = getSkippedExecRefStaticError({
|
|
1095
|
-
ref,
|
|
1096
|
-
config: params.config
|
|
1097
|
-
});
|
|
1098
|
-
if (staticError) errorsByRefKey.set(secretRefKey(ref), new Error(staticError));
|
|
1099
|
-
}
|
|
1100
|
-
}
|
|
1101
|
-
if (selectedRefs.refsToResolve.length === 0) continue;
|
|
1102
|
-
refsChecked += selectedRefs.refsToResolve.length;
|
|
1103
|
-
const provider = refs[0]?.provider;
|
|
1104
|
-
try {
|
|
1105
|
-
const resolved = await resolveSecretRefValues(selectedRefs.refsToResolve, {
|
|
1106
|
-
config: params.config,
|
|
1107
|
-
env: params.env,
|
|
1108
|
-
cache
|
|
1109
|
-
});
|
|
1110
|
-
for (const [key, value] of resolved.entries()) resolvedByRefKey.set(key, value);
|
|
1111
|
-
continue;
|
|
1112
|
-
} catch (err) {
|
|
1113
|
-
if (provider && isProviderScopedSecretResolutionError(err)) {
|
|
1114
|
-
for (const ref of selectedRefs.refsToResolve) errorsByRefKey.set(secretRefKey(ref), err);
|
|
1115
|
-
continue;
|
|
1116
|
-
}
|
|
1117
|
-
}
|
|
1118
|
-
const fallback = await runTasksWithConcurrency({
|
|
1119
|
-
tasks: selectedRefs.refsToResolve.map((ref) => async () => ({
|
|
1120
|
-
key: secretRefKey(ref),
|
|
1121
|
-
resolved: await resolveSecretRefValue(ref, {
|
|
1122
|
-
config: params.config,
|
|
1123
|
-
env: params.env,
|
|
1124
|
-
cache
|
|
1125
|
-
})
|
|
1126
|
-
})),
|
|
1127
|
-
limit: Math.min(REF_RESOLVE_FALLBACK_CONCURRENCY, selectedRefs.refsToResolve.length),
|
|
1128
|
-
errorMode: "continue",
|
|
1129
|
-
onTaskError: (error, index) => {
|
|
1130
|
-
const ref = selectedRefs.refsToResolve[index];
|
|
1131
|
-
if (!ref) return;
|
|
1132
|
-
errorsByRefKey.set(secretRefKey(ref), error);
|
|
1133
|
-
}
|
|
1134
|
-
});
|
|
1135
|
-
for (const result of fallback.results) {
|
|
1136
|
-
if (!result) continue;
|
|
1137
|
-
resolvedByRefKey.set(result.key, result.resolved);
|
|
1138
|
-
}
|
|
1139
|
-
}
|
|
1140
|
-
for (const assignment of params.collector.refAssignments) {
|
|
1141
|
-
const key = secretRefKey(assignment.ref);
|
|
1142
|
-
if (skippedRefKeys.has(key) && !errorsByRefKey.has(key)) continue;
|
|
1143
|
-
const resolveErr = errorsByRefKey.get(key);
|
|
1144
|
-
if (resolveErr) {
|
|
1145
|
-
addFinding(params.collector, {
|
|
1146
|
-
code: "REF_UNRESOLVED",
|
|
1147
|
-
severity: "error",
|
|
1148
|
-
file: assignment.file,
|
|
1149
|
-
jsonPath: assignment.path,
|
|
1150
|
-
message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (${formatErrorMessage(resolveErr)}).`,
|
|
1151
|
-
provider: assignment.provider
|
|
1152
|
-
});
|
|
1153
|
-
continue;
|
|
1154
|
-
}
|
|
1155
|
-
if (!resolvedByRefKey.has(key)) {
|
|
1156
|
-
addFinding(params.collector, {
|
|
1157
|
-
code: "REF_UNRESOLVED",
|
|
1158
|
-
severity: "error",
|
|
1159
|
-
file: assignment.file,
|
|
1160
|
-
jsonPath: assignment.path,
|
|
1161
|
-
message: `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is missing).`,
|
|
1162
|
-
provider: assignment.provider
|
|
1163
|
-
});
|
|
1164
|
-
continue;
|
|
1165
|
-
}
|
|
1166
|
-
if (!isExpectedResolvedSecretValue(resolvedByRefKey.get(key), assignment.expected)) addFinding(params.collector, {
|
|
1167
|
-
code: "REF_UNRESOLVED",
|
|
1168
|
-
severity: "error",
|
|
1169
|
-
file: assignment.file,
|
|
1170
|
-
jsonPath: assignment.path,
|
|
1171
|
-
message: assignment.expected === "string" ? `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a non-empty string).` : `Failed to resolve ${assignment.ref.source}:${assignment.ref.provider}:${assignment.ref.id} (resolved value is not a string/object).`,
|
|
1172
|
-
provider: assignment.provider
|
|
1173
|
-
});
|
|
1174
|
-
}
|
|
1175
|
-
return {
|
|
1176
|
-
refsChecked,
|
|
1177
|
-
skippedExecRefs
|
|
1178
|
-
};
|
|
1179
|
-
}
|
|
1180
|
-
function collectShadowingFindings(collector) {
|
|
1181
|
-
for (const [provider, paths] of collector.configProviderRefPaths.entries()) {
|
|
1182
|
-
const authState = collector.authProviderState.get(provider);
|
|
1183
|
-
if (!authState?.hasUsableStaticOrOAuth) continue;
|
|
1184
|
-
const modeText = [...authState.modes].join("/");
|
|
1185
|
-
for (const configPath of paths) addFinding(collector, {
|
|
1186
|
-
code: "REF_SHADOWED",
|
|
1187
|
-
severity: "warn",
|
|
1188
|
-
file: "genesis.json",
|
|
1189
|
-
jsonPath: configPath,
|
|
1190
|
-
message: `Auth profile credentials (${modeText}) take precedence for provider "${provider}", so this config ref may never be used.`,
|
|
1191
|
-
provider
|
|
1192
|
-
});
|
|
1193
|
-
}
|
|
1194
|
-
}
|
|
1195
|
-
function summarizeFindings(findings) {
|
|
1196
|
-
return {
|
|
1197
|
-
plaintextCount: findings.filter((entry) => entry.code === "PLAINTEXT_FOUND").length,
|
|
1198
|
-
unresolvedRefCount: findings.filter((entry) => entry.code === "REF_UNRESOLVED").length,
|
|
1199
|
-
shadowedRefCount: findings.filter((entry) => entry.code === "REF_SHADOWED").length,
|
|
1200
|
-
legacyResidueCount: findings.filter((entry) => entry.code === "LEGACY_RESIDUE").length
|
|
1201
|
-
};
|
|
1202
|
-
}
|
|
1203
|
-
async function runSecretsAudit(params = {}) {
|
|
1204
|
-
const env = params.env ?? process.env;
|
|
1205
|
-
const allowExec = Boolean(params.allowExec);
|
|
1206
|
-
const snapshot = await createSecretsConfigIO({ env }).readConfigFileSnapshot();
|
|
1207
|
-
const configPath = resolveUserPath(snapshot.path);
|
|
1208
|
-
const defaults = snapshot.valid ? snapshot.config.secrets?.defaults : void 0;
|
|
1209
|
-
const collector = {
|
|
1210
|
-
findings: [],
|
|
1211
|
-
refAssignments: [],
|
|
1212
|
-
configProviderRefPaths: /* @__PURE__ */ new Map(),
|
|
1213
|
-
authProviderState: /* @__PURE__ */ new Map(),
|
|
1214
|
-
filesScanned: new Set([configPath])
|
|
1215
|
-
};
|
|
1216
|
-
const stateDir = resolveStateDir(env, os.homedir);
|
|
1217
|
-
const envPath = path.join(resolveConfigDir(env, os.homedir), ".env");
|
|
1218
|
-
const config = snapshot.valid ? snapshot.config : {};
|
|
1219
|
-
let resolution = {
|
|
1220
|
-
refsChecked: 0,
|
|
1221
|
-
skippedExecRefs: 0,
|
|
1222
|
-
resolvabilityComplete: true
|
|
1223
|
-
};
|
|
1224
|
-
if (snapshot.valid) {
|
|
1225
|
-
collectConfigSecrets({
|
|
1226
|
-
config,
|
|
1227
|
-
configPath,
|
|
1228
|
-
collector
|
|
1229
|
-
});
|
|
1230
|
-
for (const authStorePath of listAuthProfileStorePaths(config, stateDir)) collectAuthStoreSecrets({
|
|
1231
|
-
authStorePath,
|
|
1232
|
-
collector,
|
|
1233
|
-
defaults
|
|
1234
|
-
});
|
|
1235
|
-
for (const modelsJsonPath of listAgentModelsJsonPaths(config, stateDir, env)) collectModelsJsonSecrets({
|
|
1236
|
-
modelsJsonPath,
|
|
1237
|
-
collector
|
|
1238
|
-
});
|
|
1239
|
-
const unresolvedRefResult = await collectUnresolvedRefFindings({
|
|
1240
|
-
collector,
|
|
1241
|
-
config,
|
|
1242
|
-
env,
|
|
1243
|
-
allowExec
|
|
1244
|
-
});
|
|
1245
|
-
resolution = {
|
|
1246
|
-
refsChecked: unresolvedRefResult.refsChecked,
|
|
1247
|
-
skippedExecRefs: unresolvedRefResult.skippedExecRefs,
|
|
1248
|
-
resolvabilityComplete: unresolvedRefResult.skippedExecRefs === 0
|
|
1249
|
-
};
|
|
1250
|
-
collectShadowingFindings(collector);
|
|
1251
|
-
} else addFinding(collector, {
|
|
1252
|
-
code: "REF_UNRESOLVED",
|
|
1253
|
-
severity: "error",
|
|
1254
|
-
file: configPath,
|
|
1255
|
-
jsonPath: "<root>",
|
|
1256
|
-
message: "Config is invalid; cannot validate secret references reliably."
|
|
1257
|
-
});
|
|
1258
|
-
collectEnvPlaintext({
|
|
1259
|
-
envPath,
|
|
1260
|
-
collector
|
|
1261
|
-
});
|
|
1262
|
-
collectAuthJsonResidue({
|
|
1263
|
-
stateDir,
|
|
1264
|
-
collector
|
|
1265
|
-
});
|
|
1266
|
-
const summary = summarizeFindings(collector.findings);
|
|
1267
|
-
return {
|
|
1268
|
-
version: 1,
|
|
1269
|
-
status: summary.unresolvedRefCount > 0 ? "unresolved" : collector.findings.length > 0 ? "findings" : "clean",
|
|
1270
|
-
resolution,
|
|
1271
|
-
filesScanned: [...collector.filesScanned].toSorted(),
|
|
1272
|
-
summary,
|
|
1273
|
-
findings: collector.findings
|
|
1274
|
-
};
|
|
1275
|
-
}
|
|
1276
|
-
function resolveSecretsAuditExitCode(report, check) {
|
|
1277
|
-
if (report.summary.unresolvedRefCount > 0) return 2;
|
|
1278
|
-
if (check && report.findings.length > 0) return 1;
|
|
1279
|
-
return 0;
|
|
1280
|
-
}
|
|
1281
|
-
//#endregion
|
|
1282
|
-
//#region src/secrets/configure-plan.ts
|
|
1283
|
-
function getSecretProviders$1(config) {
|
|
1284
|
-
if (!isRecord(config.secrets?.providers)) return {};
|
|
1285
|
-
return config.secrets.providers;
|
|
1286
|
-
}
|
|
1287
|
-
function configureCandidateSortKey(candidate) {
|
|
1288
|
-
if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${candidate.agentId ?? ""}:${candidate.path}`;
|
|
1289
|
-
return `genesis:${candidate.path}`;
|
|
1290
|
-
}
|
|
1291
|
-
function resolveAuthProfileProvider(store, pathSegments) {
|
|
1292
|
-
const profileId = pathSegments[1];
|
|
1293
|
-
if (!profileId) return;
|
|
1294
|
-
const profile = store.profiles?.[profileId];
|
|
1295
|
-
if (!isRecord(profile) || typeof profile.provider !== "string") return;
|
|
1296
|
-
const provider = profile.provider.trim();
|
|
1297
|
-
return provider.length > 0 ? provider : void 0;
|
|
1298
|
-
}
|
|
1299
|
-
function buildConfigureCandidatesForScope(params) {
|
|
1300
|
-
const authoredConfig = params.authoredGenesisConfig ?? params.config;
|
|
1301
|
-
const hasPathInAuthoredConfig = (pathSegments) => hasPath(authoredConfig, pathSegments);
|
|
1302
|
-
const genesisCandidates = discoverConfigSecretTargets(params.config).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
|
|
1303
|
-
const resolved = resolveSecretInputRef({
|
|
1304
|
-
value: entry.value,
|
|
1305
|
-
refValue: entry.refValue,
|
|
1306
|
-
defaults: params.config.secrets?.defaults
|
|
1307
|
-
});
|
|
1308
|
-
const pathExists = hasPathInAuthoredConfig(entry.pathSegments);
|
|
1309
|
-
const refPathExists = entry.refPathSegments ? hasPathInAuthoredConfig(entry.refPathSegments) : false;
|
|
1310
|
-
return Object.assign({
|
|
1311
|
-
type: entry.entry.targetType,
|
|
1312
|
-
path: entry.path,
|
|
1313
|
-
pathSegments: [...entry.pathSegments],
|
|
1314
|
-
label: entry.path,
|
|
1315
|
-
configFile: `genesis.json`,
|
|
1316
|
-
expectedResolvedValue: entry.entry.expectedResolvedValue
|
|
1317
|
-
}, resolved.ref ? { existingRef: resolved.ref } : {}, pathExists || refPathExists ? {} : { isDerived: true }, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {});
|
|
1318
|
-
});
|
|
1319
|
-
const authCandidates = params.authProfiles === void 0 ? [] : discoverAuthProfileSecretTargets(params.authProfiles.store).filter((entry) => entry.entry.includeInConfigure).map((entry) => {
|
|
1320
|
-
const authProfiles = params.authProfiles;
|
|
1321
|
-
if (!authProfiles) throw new Error("Missing auth profile scope for configure candidate discovery.");
|
|
1322
|
-
const authProfileProvider = resolveAuthProfileProvider(authProfiles.store, entry.pathSegments);
|
|
1323
|
-
const resolved = resolveSecretInputRef({
|
|
1324
|
-
value: entry.value,
|
|
1325
|
-
refValue: entry.refValue,
|
|
1326
|
-
defaults: params.config.secrets?.defaults
|
|
1327
|
-
});
|
|
1328
|
-
return Object.assign({
|
|
1329
|
-
type: entry.entry.targetType,
|
|
1330
|
-
path: entry.path,
|
|
1331
|
-
pathSegments: [...entry.pathSegments],
|
|
1332
|
-
label: `${entry.path} (auth profile, agent ${authProfiles.agentId})`,
|
|
1333
|
-
configFile: `auth-profiles.json`,
|
|
1334
|
-
expectedResolvedValue: entry.entry.expectedResolvedValue
|
|
1335
|
-
}, resolved.ref ? { existingRef: resolved.ref } : {}, { agentId: authProfiles.agentId }, authProfileProvider ? { authProfileProvider } : {});
|
|
1336
|
-
});
|
|
1337
|
-
return [...genesisCandidates, ...authCandidates].toSorted((a, b) => configureCandidateSortKey(a).localeCompare(configureCandidateSortKey(b)));
|
|
1338
|
-
}
|
|
1339
|
-
function hasPath(root, segments) {
|
|
1340
|
-
if (segments.length === 0) return false;
|
|
1341
|
-
let cursor = root;
|
|
1342
|
-
for (let index = 0; index < segments.length; index += 1) {
|
|
1343
|
-
const segment = segments[index] ?? "";
|
|
1344
|
-
if (Array.isArray(cursor)) {
|
|
1345
|
-
if (!/^\d+$/.test(segment)) return false;
|
|
1346
|
-
const parsedIndex = Number.parseInt(segment, 10);
|
|
1347
|
-
if (!Number.isFinite(parsedIndex) || parsedIndex < 0 || parsedIndex >= cursor.length) return false;
|
|
1348
|
-
if (index === segments.length - 1) return true;
|
|
1349
|
-
cursor = cursor[parsedIndex];
|
|
1350
|
-
continue;
|
|
1351
|
-
}
|
|
1352
|
-
if (!isRecord(cursor)) return false;
|
|
1353
|
-
if (!Object.prototype.hasOwnProperty.call(cursor, segment)) return false;
|
|
1354
|
-
if (index === segments.length - 1) return true;
|
|
1355
|
-
cursor = cursor[segment];
|
|
1356
|
-
}
|
|
1357
|
-
return false;
|
|
1358
|
-
}
|
|
1359
|
-
function collectConfigureProviderChanges(params) {
|
|
1360
|
-
const originalProviders = getSecretProviders$1(params.original);
|
|
1361
|
-
const nextProviders = getSecretProviders$1(params.next);
|
|
1362
|
-
const upserts = {};
|
|
1363
|
-
const deletes = [];
|
|
1364
|
-
for (const [providerAlias, nextProviderConfig] of Object.entries(nextProviders)) {
|
|
1365
|
-
const current = originalProviders[providerAlias];
|
|
1366
|
-
if (isDeepStrictEqual(current, nextProviderConfig)) continue;
|
|
1367
|
-
upserts[providerAlias] = structuredClone(nextProviderConfig);
|
|
1368
|
-
}
|
|
1369
|
-
for (const providerAlias of Object.keys(originalProviders)) if (!Object.prototype.hasOwnProperty.call(nextProviders, providerAlias)) deletes.push(providerAlias);
|
|
1370
|
-
return {
|
|
1371
|
-
upserts,
|
|
1372
|
-
deletes: deletes.toSorted()
|
|
1373
|
-
};
|
|
1374
|
-
}
|
|
1375
|
-
function hasConfigurePlanChanges(params) {
|
|
1376
|
-
return params.selectedTargets.size > 0 || Object.keys(params.providerChanges.upserts).length > 0 || params.providerChanges.deletes.length > 0;
|
|
1377
|
-
}
|
|
1378
|
-
function buildSecretsConfigurePlan(params) {
|
|
1379
|
-
return {
|
|
1380
|
-
version: 1,
|
|
1381
|
-
protocolVersion: 1,
|
|
1382
|
-
generatedAt: params.generatedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
1383
|
-
generatedBy: "genesis secrets configure",
|
|
1384
|
-
targets: [...params.selectedTargets.values()].map((entry) => Object.assign({
|
|
1385
|
-
type: entry.type,
|
|
1386
|
-
path: entry.path,
|
|
1387
|
-
pathSegments: [...entry.pathSegments],
|
|
1388
|
-
ref: entry.ref
|
|
1389
|
-
}, entry.agentId ? { agentId: entry.agentId } : {}, entry.providerId ? { providerId: entry.providerId } : {}, entry.accountId ? { accountId: entry.accountId } : {}, entry.authProfileProvider ? { authProfileProvider: entry.authProfileProvider } : {})),
|
|
1390
|
-
...Object.keys(params.providerChanges.upserts).length > 0 ? { providerUpserts: params.providerChanges.upserts } : {},
|
|
1391
|
-
...params.providerChanges.deletes.length > 0 ? { providerDeletes: params.providerChanges.deletes } : {},
|
|
1392
|
-
options: {
|
|
1393
|
-
scrubEnv: true,
|
|
1394
|
-
scrubAuthProfilesForProviderTargets: true,
|
|
1395
|
-
scrubLegacyAuthJson: true
|
|
1396
|
-
}
|
|
1397
|
-
};
|
|
1398
|
-
}
|
|
1399
|
-
//#endregion
|
|
1400
|
-
//#region src/secrets/configure.ts
|
|
1401
|
-
const ENV_NAME_PATTERN = /^[A-Z][A-Z0-9_]{0,127}$/;
|
|
1402
|
-
const WINDOWS_ABS_PATH_PATTERN = /^[A-Za-z]:[\\/]/;
|
|
1403
|
-
const WINDOWS_UNC_PATH_PATTERN = /^\\\\[^\\]+\\[^\\]+/;
|
|
1404
|
-
function isAbsolutePathValue(value) {
|
|
1405
|
-
return path.isAbsolute(value) || WINDOWS_ABS_PATH_PATTERN.test(value) || WINDOWS_UNC_PATH_PATTERN.test(value);
|
|
1406
|
-
}
|
|
1407
|
-
function parseCsv(value) {
|
|
1408
|
-
return value.split(",").map((entry) => entry.trim()).filter((entry) => entry.length > 0);
|
|
1409
|
-
}
|
|
1410
|
-
function parseOptionalPositiveInt(value, max) {
|
|
1411
|
-
const trimmed = value.trim();
|
|
1412
|
-
if (!trimmed) return;
|
|
1413
|
-
if (!/^\d+$/.test(trimmed)) return;
|
|
1414
|
-
const parsed = Number.parseInt(trimmed, 10);
|
|
1415
|
-
if (!Number.isFinite(parsed) || parsed <= 0 || parsed > max) return;
|
|
1416
|
-
return parsed;
|
|
1417
|
-
}
|
|
1418
|
-
function getSecretProviders(config) {
|
|
1419
|
-
if (!isRecord(config.secrets?.providers)) return {};
|
|
1420
|
-
return config.secrets.providers;
|
|
1421
|
-
}
|
|
1422
|
-
function setSecretProvider(config, providerAlias, providerConfig) {
|
|
1423
|
-
config.secrets ??= {};
|
|
1424
|
-
if (!isRecord(config.secrets.providers)) config.secrets.providers = {};
|
|
1425
|
-
config.secrets.providers[providerAlias] = providerConfig;
|
|
1426
|
-
}
|
|
1427
|
-
function removeSecretProvider(config, providerAlias) {
|
|
1428
|
-
if (!isRecord(config.secrets?.providers)) return false;
|
|
1429
|
-
const providers = config.secrets.providers;
|
|
1430
|
-
if (!Object.prototype.hasOwnProperty.call(providers, providerAlias)) return false;
|
|
1431
|
-
delete providers[providerAlias];
|
|
1432
|
-
if (Object.keys(providers).length === 0) delete config.secrets?.providers;
|
|
1433
|
-
if (isRecord(config.secrets?.defaults)) {
|
|
1434
|
-
const defaults = config.secrets.defaults;
|
|
1435
|
-
if (defaults?.env === providerAlias) delete defaults.env;
|
|
1436
|
-
if (defaults?.file === providerAlias) delete defaults.file;
|
|
1437
|
-
if (defaults?.exec === providerAlias) delete defaults.exec;
|
|
1438
|
-
if (defaults && defaults.env === void 0 && defaults.file === void 0 && defaults.exec === void 0) delete config.secrets?.defaults;
|
|
1439
|
-
}
|
|
1440
|
-
return true;
|
|
1441
|
-
}
|
|
1442
|
-
function providerHint(provider) {
|
|
1443
|
-
if (provider.source === "env") return provider.allowlist?.length ? `env (${provider.allowlist.length} allowlisted)` : "env";
|
|
1444
|
-
if (provider.source === "file") return `file (${provider.mode ?? "json"})`;
|
|
1445
|
-
return `exec (${provider.jsonOnly === false ? "json+text" : "json"})`;
|
|
1446
|
-
}
|
|
1447
|
-
function toSourceChoices(config) {
|
|
1448
|
-
const hasSource = (source) => Object.values(config.secrets?.providers ?? {}).some((provider) => provider?.source === source);
|
|
1449
|
-
const choices = [{
|
|
1450
|
-
value: "env",
|
|
1451
|
-
label: "env"
|
|
1452
|
-
}];
|
|
1453
|
-
if (hasSource("file")) choices.push({
|
|
1454
|
-
value: "file",
|
|
1455
|
-
label: "file"
|
|
1456
|
-
});
|
|
1457
|
-
if (hasSource("exec")) choices.push({
|
|
1458
|
-
value: "exec",
|
|
1459
|
-
label: "exec"
|
|
1460
|
-
});
|
|
1461
|
-
return choices;
|
|
1462
|
-
}
|
|
1463
|
-
function assertNoCancel(value, message) {
|
|
1464
|
-
if (typeof value === "symbol") throw new Error(message);
|
|
1465
|
-
return value;
|
|
1466
|
-
}
|
|
1467
|
-
const AUTH_PROFILE_ID_PATTERN = /^[A-Za-z0-9:_-]{1,128}$/;
|
|
1468
|
-
function validateEnvNameCsv(value) {
|
|
1469
|
-
const entries = parseCsv(value);
|
|
1470
|
-
for (const entry of entries) if (!ENV_NAME_PATTERN.test(entry)) return `Invalid env name: ${entry}`;
|
|
1471
|
-
}
|
|
1472
|
-
async function promptEnvNameCsv(params) {
|
|
1473
|
-
return parseCsv(assertNoCancel(await text({
|
|
1474
|
-
message: params.message,
|
|
1475
|
-
initialValue: params.initialValue,
|
|
1476
|
-
validate: (value) => validateEnvNameCsv(value ?? "")
|
|
1477
|
-
}), "Secrets configure cancelled.") ?? "");
|
|
1478
|
-
}
|
|
1479
|
-
async function promptOptionalPositiveInt(params) {
|
|
1480
|
-
return parseOptionalPositiveInt(normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1481
|
-
message: params.message,
|
|
1482
|
-
initialValue: params.initialValue === void 0 ? "" : String(params.initialValue),
|
|
1483
|
-
validate: (value) => {
|
|
1484
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1485
|
-
if (!trimmed) return;
|
|
1486
|
-
if (parseOptionalPositiveInt(trimmed, params.max) === void 0) return `Must be an integer between 1 and ${params.max}`;
|
|
1487
|
-
}
|
|
1488
|
-
}), "Secrets configure cancelled.")) ?? "", params.max);
|
|
1489
|
-
}
|
|
1490
|
-
function configureCandidateKey(candidate) {
|
|
1491
|
-
if (candidate.configFile === "auth-profiles.json") return `auth-profiles:${normalizeOptionalString(candidate.agentId) ?? ""}:${candidate.path}`;
|
|
1492
|
-
return `genesis:${candidate.path}`;
|
|
1493
|
-
}
|
|
1494
|
-
function hasSourceChoice(sourceChoices, source) {
|
|
1495
|
-
return sourceChoices.some((entry) => entry.value === source);
|
|
1496
|
-
}
|
|
1497
|
-
function resolveCandidateProviderHint(candidate) {
|
|
1498
|
-
return normalizeOptionalLowercaseString(candidate.authProfileProvider) ?? normalizeOptionalLowercaseString(candidate.providerId);
|
|
1499
|
-
}
|
|
1500
|
-
function resolveSuggestedEnvSecretId(candidate) {
|
|
1501
|
-
const hintedProvider = resolveCandidateProviderHint(candidate);
|
|
1502
|
-
if (!hintedProvider) return;
|
|
1503
|
-
const envCandidates = getProviderEnvVars(hintedProvider);
|
|
1504
|
-
if (!Array.isArray(envCandidates) || envCandidates.length === 0) return;
|
|
1505
|
-
return envCandidates[0];
|
|
1506
|
-
}
|
|
1507
|
-
function resolveConfigureAgentId(config, explicitAgentId) {
|
|
1508
|
-
const knownAgentIds = new Set(listAgentIds(config));
|
|
1509
|
-
if (!explicitAgentId) return resolveDefaultAgentId(config);
|
|
1510
|
-
const normalized = normalizeAgentId(explicitAgentId);
|
|
1511
|
-
if (knownAgentIds.has(normalized)) return normalized;
|
|
1512
|
-
const known = [...knownAgentIds].toSorted().join(", ");
|
|
1513
|
-
throw new Error(`Unknown agent id "${explicitAgentId}". Known agents: ${known || "none configured"}.`);
|
|
1514
|
-
}
|
|
1515
|
-
function loadAuthProfileStoreForConfigure(params) {
|
|
1516
|
-
return loadPersistedAuthProfileStore(resolveAgentDir(params.config, params.agentId)) ?? {
|
|
1517
|
-
version: 1,
|
|
1518
|
-
profiles: {}
|
|
1519
|
-
};
|
|
1520
|
-
}
|
|
1521
|
-
async function promptNewAuthProfileCandidate(agentId) {
|
|
1522
|
-
const profileId = assertNoCancel(await text({
|
|
1523
|
-
message: "Auth profile id",
|
|
1524
|
-
validate: (value) => {
|
|
1525
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1526
|
-
if (!trimmed) return "Required";
|
|
1527
|
-
if (!AUTH_PROFILE_ID_PATTERN.test(trimmed)) return "Use letters/numbers/\":\"/\"_\"/\"-\" only.";
|
|
1528
|
-
}
|
|
1529
|
-
}), "Secrets configure cancelled.");
|
|
1530
|
-
const credentialType = assertNoCancel(await select({
|
|
1531
|
-
message: "Auth profile credential type",
|
|
1532
|
-
options: [{
|
|
1533
|
-
value: "api_key",
|
|
1534
|
-
label: "api_key (key/keyRef)"
|
|
1535
|
-
}, {
|
|
1536
|
-
value: "token",
|
|
1537
|
-
label: "token (token/tokenRef)"
|
|
1538
|
-
}]
|
|
1539
|
-
}), "Secrets configure cancelled.");
|
|
1540
|
-
const provider = assertNoCancel(await text({
|
|
1541
|
-
message: "Provider id",
|
|
1542
|
-
validate: (value) => normalizeStringifiedOptionalString(value) ? void 0 : "Required"
|
|
1543
|
-
}), "Secrets configure cancelled.");
|
|
1544
|
-
const profileIdTrimmed = normalizeStringifiedOptionalString(profileId) ?? "";
|
|
1545
|
-
const providerTrimmed = normalizeStringifiedOptionalString(provider) ?? "";
|
|
1546
|
-
if (credentialType === "token") return {
|
|
1547
|
-
type: "auth-profiles.token.token",
|
|
1548
|
-
path: `profiles.${profileIdTrimmed}.token`,
|
|
1549
|
-
pathSegments: [
|
|
1550
|
-
"profiles",
|
|
1551
|
-
profileIdTrimmed,
|
|
1552
|
-
"token"
|
|
1553
|
-
],
|
|
1554
|
-
label: `profiles.${profileIdTrimmed}.token (auth profile, agent ${agentId})`,
|
|
1555
|
-
configFile: "auth-profiles.json",
|
|
1556
|
-
agentId,
|
|
1557
|
-
authProfileProvider: providerTrimmed,
|
|
1558
|
-
expectedResolvedValue: "string"
|
|
1559
|
-
};
|
|
1560
|
-
return {
|
|
1561
|
-
type: "auth-profiles.api_key.key",
|
|
1562
|
-
path: `profiles.${profileIdTrimmed}.key`,
|
|
1563
|
-
pathSegments: [
|
|
1564
|
-
"profiles",
|
|
1565
|
-
profileIdTrimmed,
|
|
1566
|
-
"key"
|
|
1567
|
-
],
|
|
1568
|
-
label: `profiles.${profileIdTrimmed}.key (auth profile, agent ${agentId})`,
|
|
1569
|
-
configFile: "auth-profiles.json",
|
|
1570
|
-
agentId,
|
|
1571
|
-
authProfileProvider: providerTrimmed,
|
|
1572
|
-
expectedResolvedValue: "string"
|
|
1573
|
-
};
|
|
1574
|
-
}
|
|
1575
|
-
async function promptProviderAlias(params) {
|
|
1576
|
-
return normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1577
|
-
message: "Provider alias",
|
|
1578
|
-
initialValue: "default",
|
|
1579
|
-
validate: (value) => {
|
|
1580
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1581
|
-
if (!trimmed) return "Required";
|
|
1582
|
-
if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
|
|
1583
|
-
if (params.existingAliases.has(trimmed)) return "Alias already exists";
|
|
1584
|
-
}
|
|
1585
|
-
}), "Secrets configure cancelled.")) ?? "";
|
|
1586
|
-
}
|
|
1587
|
-
async function promptProviderSource(initial) {
|
|
1588
|
-
return assertNoCancel(await select({
|
|
1589
|
-
message: "Provider source",
|
|
1590
|
-
options: [
|
|
1591
|
-
{
|
|
1592
|
-
value: "env",
|
|
1593
|
-
label: "env"
|
|
1594
|
-
},
|
|
1595
|
-
{
|
|
1596
|
-
value: "file",
|
|
1597
|
-
label: "file"
|
|
1598
|
-
},
|
|
1599
|
-
{
|
|
1600
|
-
value: "exec",
|
|
1601
|
-
label: "exec"
|
|
1602
|
-
}
|
|
1603
|
-
],
|
|
1604
|
-
initialValue: initial
|
|
1605
|
-
}), "Secrets configure cancelled.");
|
|
1606
|
-
}
|
|
1607
|
-
async function promptEnvProvider(base) {
|
|
1608
|
-
const allowlist = await promptEnvNameCsv({
|
|
1609
|
-
message: "Env allowlist (comma-separated, blank for unrestricted)",
|
|
1610
|
-
initialValue: base?.allowlist?.join(",") ?? ""
|
|
1611
|
-
});
|
|
1612
|
-
return {
|
|
1613
|
-
source: "env",
|
|
1614
|
-
...allowlist.length > 0 ? { allowlist } : {}
|
|
1615
|
-
};
|
|
1616
|
-
}
|
|
1617
|
-
async function promptFileProvider(base) {
|
|
1618
|
-
const filePath = assertNoCancel(await text({
|
|
1619
|
-
message: "File path (absolute)",
|
|
1620
|
-
initialValue: base?.path ?? "",
|
|
1621
|
-
validate: (value) => {
|
|
1622
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1623
|
-
if (!trimmed) return "Required";
|
|
1624
|
-
if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
|
|
1625
|
-
}
|
|
1626
|
-
}), "Secrets configure cancelled.");
|
|
1627
|
-
const mode = assertNoCancel(await select({
|
|
1628
|
-
message: "File mode",
|
|
1629
|
-
options: [{
|
|
1630
|
-
value: "json",
|
|
1631
|
-
label: "json"
|
|
1632
|
-
}, {
|
|
1633
|
-
value: "singleValue",
|
|
1634
|
-
label: "singleValue"
|
|
1635
|
-
}],
|
|
1636
|
-
initialValue: base?.mode ?? "json"
|
|
1637
|
-
}), "Secrets configure cancelled.");
|
|
1638
|
-
const timeoutMs = await promptOptionalPositiveInt({
|
|
1639
|
-
message: "Timeout ms (blank for default)",
|
|
1640
|
-
initialValue: base?.timeoutMs,
|
|
1641
|
-
max: 12e4
|
|
1642
|
-
});
|
|
1643
|
-
const maxBytes = await promptOptionalPositiveInt({
|
|
1644
|
-
message: "Max bytes (blank for default)",
|
|
1645
|
-
initialValue: base?.maxBytes,
|
|
1646
|
-
max: 20 * 1024 * 1024
|
|
1647
|
-
});
|
|
1648
|
-
const allowInsecurePath = assertNoCancel(await confirm({
|
|
1649
|
-
message: "Allow insecure file path checks?",
|
|
1650
|
-
initialValue: base?.allowInsecurePath ?? false
|
|
1651
|
-
}), "Secrets configure cancelled.");
|
|
1652
|
-
return {
|
|
1653
|
-
source: "file",
|
|
1654
|
-
path: normalizeStringifiedOptionalString(filePath) ?? "",
|
|
1655
|
-
mode,
|
|
1656
|
-
...timeoutMs ? { timeoutMs } : {},
|
|
1657
|
-
...maxBytes ? { maxBytes } : {},
|
|
1658
|
-
...allowInsecurePath ? { allowInsecurePath: true } : {}
|
|
1659
|
-
};
|
|
1660
|
-
}
|
|
1661
|
-
async function parseArgsInput(rawValue) {
|
|
1662
|
-
const trimmed = rawValue.trim();
|
|
1663
|
-
if (!trimmed) return;
|
|
1664
|
-
const parsed = JSON.parse(trimmed);
|
|
1665
|
-
if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) throw new Error("args must be a JSON array of strings");
|
|
1666
|
-
return parsed;
|
|
1667
|
-
}
|
|
1668
|
-
async function promptExecProvider(base) {
|
|
1669
|
-
const command = assertNoCancel(await text({
|
|
1670
|
-
message: "Command path (absolute)",
|
|
1671
|
-
initialValue: base?.command ?? "",
|
|
1672
|
-
validate: (value) => {
|
|
1673
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1674
|
-
if (!trimmed) return "Required";
|
|
1675
|
-
if (!isAbsolutePathValue(trimmed)) return "Must be an absolute path";
|
|
1676
|
-
if (!isSafeExecutableValue(trimmed)) return "Command value is not allowed";
|
|
1677
|
-
}
|
|
1678
|
-
}), "Secrets configure cancelled.");
|
|
1679
|
-
const argsRaw = assertNoCancel(await text({
|
|
1680
|
-
message: "Args JSON array (blank for none)",
|
|
1681
|
-
initialValue: JSON.stringify(base?.args ?? []),
|
|
1682
|
-
validate: (value) => {
|
|
1683
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1684
|
-
if (!trimmed) return;
|
|
1685
|
-
try {
|
|
1686
|
-
const parsed = JSON.parse(trimmed);
|
|
1687
|
-
if (!Array.isArray(parsed) || !parsed.every((entry) => typeof entry === "string")) return "Must be a JSON array of strings";
|
|
1688
|
-
return;
|
|
1689
|
-
} catch {
|
|
1690
|
-
return "Must be valid JSON";
|
|
1691
|
-
}
|
|
1692
|
-
}
|
|
1693
|
-
}), "Secrets configure cancelled.");
|
|
1694
|
-
const timeoutMs = await promptOptionalPositiveInt({
|
|
1695
|
-
message: "Timeout ms (blank for default)",
|
|
1696
|
-
initialValue: base?.timeoutMs,
|
|
1697
|
-
max: 12e4
|
|
1698
|
-
});
|
|
1699
|
-
const noOutputTimeoutMs = await promptOptionalPositiveInt({
|
|
1700
|
-
message: "No-output timeout ms (blank for default)",
|
|
1701
|
-
initialValue: base?.noOutputTimeoutMs,
|
|
1702
|
-
max: 12e4
|
|
1703
|
-
});
|
|
1704
|
-
const maxOutputBytes = await promptOptionalPositiveInt({
|
|
1705
|
-
message: "Max output bytes (blank for default)",
|
|
1706
|
-
initialValue: base?.maxOutputBytes,
|
|
1707
|
-
max: 20 * 1024 * 1024
|
|
1708
|
-
});
|
|
1709
|
-
const jsonOnly = assertNoCancel(await confirm({
|
|
1710
|
-
message: "Require JSON-only response?",
|
|
1711
|
-
initialValue: base?.jsonOnly ?? true
|
|
1712
|
-
}), "Secrets configure cancelled.");
|
|
1713
|
-
const passEnv = await promptEnvNameCsv({
|
|
1714
|
-
message: "Pass-through env vars (comma-separated, blank for none)",
|
|
1715
|
-
initialValue: base?.passEnv?.join(",") ?? ""
|
|
1716
|
-
});
|
|
1717
|
-
const trustedDirsRaw = assertNoCancel(await text({
|
|
1718
|
-
message: "Trusted dirs (comma-separated absolute paths, blank for none)",
|
|
1719
|
-
initialValue: base?.trustedDirs?.join(",") ?? "",
|
|
1720
|
-
validate: (value) => {
|
|
1721
|
-
const entries = parseCsv(value ?? "");
|
|
1722
|
-
for (const entry of entries) if (!isAbsolutePathValue(entry)) return `Trusted dir must be absolute: ${entry}`;
|
|
1723
|
-
}
|
|
1724
|
-
}), "Secrets configure cancelled.");
|
|
1725
|
-
const allowInsecurePath = assertNoCancel(await confirm({
|
|
1726
|
-
message: "Allow insecure command path checks?",
|
|
1727
|
-
initialValue: base?.allowInsecurePath ?? false
|
|
1728
|
-
}), "Secrets configure cancelled.");
|
|
1729
|
-
const allowSymlinkCommand = assertNoCancel(await confirm({
|
|
1730
|
-
message: "Allow symlink command path?",
|
|
1731
|
-
initialValue: base?.allowSymlinkCommand ?? false
|
|
1732
|
-
}), "Secrets configure cancelled.");
|
|
1733
|
-
const args = await parseArgsInput(normalizeStringifiedOptionalString(argsRaw) ?? "");
|
|
1734
|
-
const trustedDirs = parseCsv(trustedDirsRaw ?? "");
|
|
1735
|
-
return {
|
|
1736
|
-
source: "exec",
|
|
1737
|
-
command: normalizeStringifiedOptionalString(command) ?? "",
|
|
1738
|
-
...args && args.length > 0 ? { args } : {},
|
|
1739
|
-
...timeoutMs ? { timeoutMs } : {},
|
|
1740
|
-
...noOutputTimeoutMs ? { noOutputTimeoutMs } : {},
|
|
1741
|
-
...maxOutputBytes ? { maxOutputBytes } : {},
|
|
1742
|
-
...jsonOnly ? { jsonOnly } : { jsonOnly: false },
|
|
1743
|
-
...passEnv.length > 0 ? { passEnv } : {},
|
|
1744
|
-
...trustedDirs.length > 0 ? { trustedDirs } : {},
|
|
1745
|
-
...allowInsecurePath ? { allowInsecurePath: true } : {},
|
|
1746
|
-
...allowSymlinkCommand ? { allowSymlinkCommand: true } : {},
|
|
1747
|
-
...isRecord(base?.env) ? { env: base.env } : {}
|
|
1748
|
-
};
|
|
1749
|
-
}
|
|
1750
|
-
async function promptProviderConfig(source, current) {
|
|
1751
|
-
if (source === "env") return await promptEnvProvider(current?.source === "env" ? current : void 0);
|
|
1752
|
-
if (source === "file") return await promptFileProvider(current?.source === "file" ? current : void 0);
|
|
1753
|
-
return await promptExecProvider(current?.source === "exec" ? current : void 0);
|
|
1754
|
-
}
|
|
1755
|
-
async function configureProvidersInteractive(config) {
|
|
1756
|
-
while (true) {
|
|
1757
|
-
const providers = getSecretProviders(config);
|
|
1758
|
-
const providerEntries = Object.entries(providers).toSorted(([left], [right]) => left.localeCompare(right));
|
|
1759
|
-
const actionOptions = [{
|
|
1760
|
-
value: "add",
|
|
1761
|
-
label: "Add provider",
|
|
1762
|
-
hint: "Define a new env/file/exec provider"
|
|
1763
|
-
}];
|
|
1764
|
-
if (providerEntries.length > 0) {
|
|
1765
|
-
actionOptions.push({
|
|
1766
|
-
value: "edit",
|
|
1767
|
-
label: "Edit provider",
|
|
1768
|
-
hint: "Update an existing provider"
|
|
1769
|
-
});
|
|
1770
|
-
actionOptions.push({
|
|
1771
|
-
value: "remove",
|
|
1772
|
-
label: "Remove provider",
|
|
1773
|
-
hint: "Delete a provider alias"
|
|
1774
|
-
});
|
|
1775
|
-
}
|
|
1776
|
-
actionOptions.push({
|
|
1777
|
-
value: "continue",
|
|
1778
|
-
label: "Continue",
|
|
1779
|
-
hint: "Move to credential mapping"
|
|
1780
|
-
});
|
|
1781
|
-
const action = assertNoCancel(await select({
|
|
1782
|
-
message: providerEntries.length > 0 ? "Configure secret providers" : "Configure secret providers (only env refs are available until file/exec providers are added)",
|
|
1783
|
-
options: actionOptions
|
|
1784
|
-
}), "Secrets configure cancelled.");
|
|
1785
|
-
if (action === "continue") return;
|
|
1786
|
-
if (action === "add") {
|
|
1787
|
-
const source = await promptProviderSource();
|
|
1788
|
-
setSecretProvider(config, await promptProviderAlias({ existingAliases: new Set(providerEntries.map(([providerAlias]) => providerAlias)) }), await promptProviderConfig(source));
|
|
1789
|
-
continue;
|
|
1790
|
-
}
|
|
1791
|
-
if (action === "edit") {
|
|
1792
|
-
const alias = assertNoCancel(await select({
|
|
1793
|
-
message: "Select provider to edit",
|
|
1794
|
-
options: providerEntries.map(([providerAlias, providerConfig]) => ({
|
|
1795
|
-
value: providerAlias,
|
|
1796
|
-
label: providerAlias,
|
|
1797
|
-
hint: providerHint(providerConfig)
|
|
1798
|
-
}))
|
|
1799
|
-
}), "Secrets configure cancelled.");
|
|
1800
|
-
const current = providers[alias];
|
|
1801
|
-
if (!current) continue;
|
|
1802
|
-
const nextProviderConfig = await promptProviderConfig(await promptProviderSource(current.source), current);
|
|
1803
|
-
if (!isDeepStrictEqual(current, nextProviderConfig)) setSecretProvider(config, alias, nextProviderConfig);
|
|
1804
|
-
continue;
|
|
1805
|
-
}
|
|
1806
|
-
if (action === "remove") {
|
|
1807
|
-
const alias = assertNoCancel(await select({
|
|
1808
|
-
message: "Select provider to remove",
|
|
1809
|
-
options: providerEntries.map(([providerAlias, providerConfig]) => ({
|
|
1810
|
-
value: providerAlias,
|
|
1811
|
-
label: providerAlias,
|
|
1812
|
-
hint: providerHint(providerConfig)
|
|
1813
|
-
}))
|
|
1814
|
-
}), "Secrets configure cancelled.");
|
|
1815
|
-
if (assertNoCancel(await confirm({
|
|
1816
|
-
message: `Remove provider "${alias}"?`,
|
|
1817
|
-
initialValue: false
|
|
1818
|
-
}), "Secrets configure cancelled.")) removeSecretProvider(config, alias);
|
|
1819
|
-
}
|
|
1820
|
-
}
|
|
1821
|
-
}
|
|
1822
|
-
async function runSecretsConfigureInteractive(params = {}) {
|
|
1823
|
-
if (!process.stdin.isTTY) throw new Error("secrets configure requires an interactive TTY.");
|
|
1824
|
-
if (params.providersOnly && params.skipProviderSetup) throw new Error("Cannot combine --providers-only with --skip-provider-setup.");
|
|
1825
|
-
const env = params.env ?? process.env;
|
|
1826
|
-
const allowExecInPreflight = Boolean(params.allowExecInPreflight);
|
|
1827
|
-
const { snapshot } = await createSecretsConfigIO({ env }).readConfigFileSnapshotForWrite();
|
|
1828
|
-
if (!snapshot.valid) throw new Error("Cannot run interactive secrets configure because config is invalid.");
|
|
1829
|
-
const stagedConfig = structuredClone(snapshot.config);
|
|
1830
|
-
if (!params.skipProviderSetup) await configureProvidersInteractive(stagedConfig);
|
|
1831
|
-
const providerChanges = collectConfigureProviderChanges({
|
|
1832
|
-
original: snapshot.config,
|
|
1833
|
-
next: stagedConfig
|
|
1834
|
-
});
|
|
1835
|
-
const selectedByPath = /* @__PURE__ */ new Map();
|
|
1836
|
-
if (!params.providersOnly) {
|
|
1837
|
-
const configureAgentId = resolveConfigureAgentId(snapshot.config, params.agentId);
|
|
1838
|
-
const authStore = loadAuthProfileStoreForConfigure({
|
|
1839
|
-
config: snapshot.config,
|
|
1840
|
-
agentId: configureAgentId
|
|
1841
|
-
});
|
|
1842
|
-
const candidates = buildConfigureCandidatesForScope({
|
|
1843
|
-
config: stagedConfig,
|
|
1844
|
-
authoredGenesisConfig: snapshot.resolved,
|
|
1845
|
-
authProfiles: {
|
|
1846
|
-
agentId: configureAgentId,
|
|
1847
|
-
store: authStore
|
|
1848
|
-
}
|
|
1849
|
-
});
|
|
1850
|
-
if (candidates.length === 0) throw new Error("No configurable secret-bearing fields found for this agent scope.");
|
|
1851
|
-
const sourceChoices = toSourceChoices(stagedConfig);
|
|
1852
|
-
const hasDerivedCandidates = candidates.some((candidate) => candidate.isDerived === true);
|
|
1853
|
-
let showDerivedCandidates = false;
|
|
1854
|
-
while (true) {
|
|
1855
|
-
const visibleCandidates = showDerivedCandidates ? candidates : candidates.filter((candidate) => candidate.isDerived !== true);
|
|
1856
|
-
const options = visibleCandidates.map((candidate) => ({
|
|
1857
|
-
value: configureCandidateKey(candidate),
|
|
1858
|
-
label: candidate.label,
|
|
1859
|
-
hint: [candidate.configFile === "auth-profiles.json" ? "auth-profiles.json" : "genesis.json", candidate.isDerived === true ? "derived" : void 0].filter(Boolean).join(" | ")
|
|
1860
|
-
}));
|
|
1861
|
-
options.push({
|
|
1862
|
-
value: "__create_auth_profile__",
|
|
1863
|
-
label: "Create auth profile mapping",
|
|
1864
|
-
hint: `Add a new auth-profiles target for agent ${configureAgentId}`
|
|
1865
|
-
});
|
|
1866
|
-
if (hasDerivedCandidates) options.push({
|
|
1867
|
-
value: "__toggle_derived__",
|
|
1868
|
-
label: showDerivedCandidates ? "Hide derived targets" : "Show derived targets",
|
|
1869
|
-
hint: showDerivedCandidates ? "Show only fields authored directly in config" : "Include normalized/derived aliases"
|
|
1870
|
-
});
|
|
1871
|
-
if (selectedByPath.size > 0) options.unshift({
|
|
1872
|
-
value: "__done__",
|
|
1873
|
-
label: "Done",
|
|
1874
|
-
hint: "Finish and run preflight"
|
|
1875
|
-
});
|
|
1876
|
-
const selectedPath = assertNoCancel(await select({
|
|
1877
|
-
message: "Select credential field",
|
|
1878
|
-
options
|
|
1879
|
-
}), "Secrets configure cancelled.");
|
|
1880
|
-
if (selectedPath === "__done__") break;
|
|
1881
|
-
if (selectedPath === "__create_auth_profile__") {
|
|
1882
|
-
const createdCandidate = await promptNewAuthProfileCandidate(configureAgentId);
|
|
1883
|
-
const key = configureCandidateKey(createdCandidate);
|
|
1884
|
-
const existingIndex = candidates.findIndex((entry) => configureCandidateKey(entry) === key);
|
|
1885
|
-
if (existingIndex >= 0) candidates[existingIndex] = createdCandidate;
|
|
1886
|
-
else candidates.push(createdCandidate);
|
|
1887
|
-
continue;
|
|
1888
|
-
}
|
|
1889
|
-
if (selectedPath === "__toggle_derived__") {
|
|
1890
|
-
showDerivedCandidates = !showDerivedCandidates;
|
|
1891
|
-
continue;
|
|
1892
|
-
}
|
|
1893
|
-
const candidate = visibleCandidates.find((entry) => configureCandidateKey(entry) === selectedPath);
|
|
1894
|
-
if (!candidate) throw new Error(`Unknown configure target: ${selectedPath}`);
|
|
1895
|
-
const candidateKey = configureCandidateKey(candidate);
|
|
1896
|
-
const existingRef = selectedByPath.get(candidateKey)?.ref ?? candidate.existingRef;
|
|
1897
|
-
const source = assertNoCancel(await select({
|
|
1898
|
-
message: "Secret source",
|
|
1899
|
-
options: sourceChoices,
|
|
1900
|
-
initialValue: existingRef && hasSourceChoice(sourceChoices, existingRef.source) ? existingRef.source : void 0
|
|
1901
|
-
}), "Secrets configure cancelled.");
|
|
1902
|
-
const defaultAlias = resolveDefaultSecretProviderAlias(stagedConfig, source, { preferFirstProviderForSource: true });
|
|
1903
|
-
const providerAlias = normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1904
|
-
message: "Provider alias",
|
|
1905
|
-
initialValue: existingRef?.source === source ? existingRef.provider : defaultAlias,
|
|
1906
|
-
validate: (value) => {
|
|
1907
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1908
|
-
if (!trimmed) return "Required";
|
|
1909
|
-
if (!isValidSecretProviderAlias(trimmed)) return "Must match /^[a-z][a-z0-9_-]{0,63}$/";
|
|
1910
|
-
}
|
|
1911
|
-
}), "Secrets configure cancelled.")) ?? "";
|
|
1912
|
-
let suggestedId = existingRef?.source === source ? existingRef.id : void 0;
|
|
1913
|
-
if (!suggestedId && source === "env") suggestedId = resolveSuggestedEnvSecretId(candidate);
|
|
1914
|
-
if (!suggestedId && source === "file") {
|
|
1915
|
-
const configuredProvider = stagedConfig.secrets?.providers?.[providerAlias];
|
|
1916
|
-
if (configuredProvider?.source === "file" && configuredProvider.mode === "singleValue") suggestedId = "value";
|
|
1917
|
-
}
|
|
1918
|
-
const ref = {
|
|
1919
|
-
source,
|
|
1920
|
-
provider: providerAlias,
|
|
1921
|
-
id: normalizeStringifiedOptionalString(assertNoCancel(await text({
|
|
1922
|
-
message: "Secret id",
|
|
1923
|
-
initialValue: suggestedId,
|
|
1924
|
-
validate: (value) => {
|
|
1925
|
-
const trimmed = normalizeStringifiedOptionalString(value) ?? "";
|
|
1926
|
-
if (!trimmed) return "Required";
|
|
1927
|
-
if (source === "exec" && !isValidExecSecretRefId(trimmed)) return formatExecSecretRefIdValidationMessage();
|
|
1928
|
-
}
|
|
1929
|
-
}), "Secrets configure cancelled.")) ?? ""
|
|
1930
|
-
};
|
|
1931
|
-
if (ref.source === "exec" && !allowExecInPreflight) {
|
|
1932
|
-
const staticError = getSkippedExecRefStaticError({
|
|
1933
|
-
ref,
|
|
1934
|
-
config: stagedConfig
|
|
1935
|
-
});
|
|
1936
|
-
if (staticError) throw new Error(staticError);
|
|
1937
|
-
} else assertExpectedResolvedSecretValue({
|
|
1938
|
-
value: await resolveSecretRefValue(ref, {
|
|
1939
|
-
config: stagedConfig,
|
|
1940
|
-
env
|
|
1941
|
-
}),
|
|
1942
|
-
expected: candidate.expectedResolvedValue,
|
|
1943
|
-
errorMessage: candidate.expectedResolvedValue === "string" ? `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a non-empty string.` : `Ref ${ref.source}:${ref.provider}:${ref.id} did not resolve to a supported value type.`
|
|
1944
|
-
});
|
|
1945
|
-
const next = {
|
|
1946
|
-
...candidate,
|
|
1947
|
-
ref
|
|
1948
|
-
};
|
|
1949
|
-
selectedByPath.set(candidateKey, next);
|
|
1950
|
-
if (!assertNoCancel(await confirm({
|
|
1951
|
-
message: "Configure another credential?",
|
|
1952
|
-
initialValue: true
|
|
1953
|
-
}), "Secrets configure cancelled.")) break;
|
|
1954
|
-
}
|
|
1955
|
-
}
|
|
1956
|
-
if (!hasConfigurePlanChanges({
|
|
1957
|
-
selectedTargets: selectedByPath,
|
|
1958
|
-
providerChanges
|
|
1959
|
-
})) throw new Error("No secrets changes were selected.");
|
|
1960
|
-
const plan = buildSecretsConfigurePlan({
|
|
1961
|
-
selectedTargets: selectedByPath,
|
|
1962
|
-
providerChanges
|
|
1963
|
-
});
|
|
1964
|
-
return {
|
|
1965
|
-
plan,
|
|
1966
|
-
preflight: await runSecretsApply({
|
|
1967
|
-
plan,
|
|
1968
|
-
env,
|
|
1969
|
-
write: false,
|
|
1970
|
-
allowExec: allowExecInPreflight
|
|
1971
|
-
})
|
|
1972
|
-
};
|
|
1973
|
-
}
|
|
1974
|
-
//#endregion
|
|
1975
|
-
//#region src/cli/secrets-cli.ts
|
|
1976
|
-
function readPlanFile(pathname) {
|
|
1977
|
-
const raw = fs.readFileSync(pathname, "utf8");
|
|
1978
|
-
const parsed = JSON.parse(raw);
|
|
1979
|
-
if (!isSecretsApplyPlan(parsed)) throw new Error(`Invalid secrets plan file: ${pathname}`);
|
|
1980
|
-
return parsed;
|
|
1981
|
-
}
|
|
1982
|
-
function registerSecretsCli(program) {
|
|
1983
|
-
const secrets = program.command("secrets").description("Secrets runtime controls").addHelpText("after", () => `\n${theme.muted("Docs:")} ${formatDocsLink("/gateway/security", "genesis.pixelzx.com/docs/gateway/security")}\n`);
|
|
1984
|
-
addGatewayClientOptions(secrets.command("reload").description("Re-resolve secret references and atomically swap runtime snapshot").option("--json", "Output JSON", false)).action(async (opts) => {
|
|
1985
|
-
try {
|
|
1986
|
-
const result = await callGatewayFromCli("secrets.reload", opts, void 0, { expectFinal: false });
|
|
1987
|
-
if (opts.json) {
|
|
1988
|
-
defaultRuntime.writeJson(result);
|
|
1989
|
-
return;
|
|
1990
|
-
}
|
|
1991
|
-
const warningCount = Number(result?.warningCount ?? 0);
|
|
1992
|
-
if (Number.isFinite(warningCount) && warningCount > 0) {
|
|
1993
|
-
defaultRuntime.log(`Secrets reloaded with ${warningCount} warning(s).`);
|
|
1994
|
-
return;
|
|
1995
|
-
}
|
|
1996
|
-
defaultRuntime.log("Secrets reloaded.");
|
|
1997
|
-
} catch (err) {
|
|
1998
|
-
defaultRuntime.error(danger(String(err)));
|
|
1999
|
-
defaultRuntime.exit(1);
|
|
2000
|
-
}
|
|
2001
|
-
});
|
|
2002
|
-
secrets.command("audit").description("Audit plaintext secrets, unresolved refs, and precedence drift").option("--check", "Exit non-zero when findings are present", false).option("--allow-exec", "Allow exec SecretRef resolution during audit (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
|
|
2003
|
-
try {
|
|
2004
|
-
const report = await runSecretsAudit({ allowExec: Boolean(opts.allowExec) });
|
|
2005
|
-
if (opts.json) defaultRuntime.writeJson(report);
|
|
2006
|
-
else {
|
|
2007
|
-
defaultRuntime.log(`Secrets audit: ${report.status}. plaintext=${report.summary.plaintextCount}, unresolved=${report.summary.unresolvedRefCount}, shadowed=${report.summary.shadowedRefCount}, legacy=${report.summary.legacyResidueCount}.`);
|
|
2008
|
-
if (report.findings.length > 0) {
|
|
2009
|
-
for (const finding of report.findings.slice(0, 20)) defaultRuntime.log(`- [${finding.code}] ${finding.file}:${finding.jsonPath} ${finding.message}`);
|
|
2010
|
-
if (report.findings.length > 20) defaultRuntime.log(`... ${report.findings.length - 20} more finding(s).`);
|
|
2011
|
-
}
|
|
2012
|
-
if (report.resolution.skippedExecRefs > 0) defaultRuntime.log(`Audit note: skipped ${report.resolution.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during audit.`);
|
|
2013
|
-
}
|
|
2014
|
-
const exitCode = resolveSecretsAuditExitCode(report, Boolean(opts.check));
|
|
2015
|
-
if (exitCode !== 0) defaultRuntime.exit(exitCode);
|
|
2016
|
-
} catch (err) {
|
|
2017
|
-
defaultRuntime.error(danger(String(err)));
|
|
2018
|
-
defaultRuntime.exit(2);
|
|
2019
|
-
}
|
|
2020
|
-
});
|
|
2021
|
-
secrets.command("configure").description("Interactive secrets helper (provider setup + SecretRef mapping + preflight)").option("--apply", "Apply changes immediately after preflight", false).option("--yes", "Skip apply confirmation prompt", false).option("--providers-only", "Configure secrets.providers only, skip credential mapping", false).option("--skip-provider-setup", "Skip provider setup and only map credential fields to existing providers", false).option("--agent <id>", "Agent id for auth-profiles targets (default: configured default agent)").option("--allow-exec", "Allow exec SecretRef preflight checks (may execute provider commands)", false).option("--plan-out <path>", "Write generated plan JSON to a file").option("--json", "Output JSON", false).action(async (opts) => {
|
|
2022
|
-
try {
|
|
2023
|
-
const configured = await runSecretsConfigureInteractive({
|
|
2024
|
-
providersOnly: Boolean(opts.providersOnly),
|
|
2025
|
-
skipProviderSetup: Boolean(opts.skipProviderSetup),
|
|
2026
|
-
agentId: typeof opts.agent === "string" ? opts.agent : void 0,
|
|
2027
|
-
allowExecInPreflight: Boolean(opts.allowExec)
|
|
2028
|
-
});
|
|
2029
|
-
if (opts.planOut) fs.writeFileSync(opts.planOut, `${JSON.stringify(configured.plan, null, 2)}\n`, "utf8");
|
|
2030
|
-
if (opts.json) defaultRuntime.writeJson({
|
|
2031
|
-
plan: configured.plan,
|
|
2032
|
-
preflight: configured.preflight
|
|
2033
|
-
});
|
|
2034
|
-
else {
|
|
2035
|
-
defaultRuntime.log(`Preflight: changed=${configured.preflight.changed}, files=${configured.preflight.changedFiles.length}, warnings=${configured.preflight.warningCount}.`);
|
|
2036
|
-
if (configured.preflight.warningCount > 0) for (const warning of configured.preflight.warnings) defaultRuntime.log(`- warning: ${warning}`);
|
|
2037
|
-
if (!configured.preflight.checks.resolvabilityComplete && configured.preflight.skippedExecRefs > 0) defaultRuntime.log(`Preflight note: skipped ${configured.preflight.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during preflight.`);
|
|
2038
|
-
const providerUpserts = Object.keys(configured.plan.providerUpserts ?? {}).length;
|
|
2039
|
-
const providerDeletes = configured.plan.providerDeletes?.length ?? 0;
|
|
2040
|
-
defaultRuntime.log(`Plan: targets=${configured.plan.targets.length}, providerUpserts=${providerUpserts}, providerDeletes=${providerDeletes}.`);
|
|
2041
|
-
if (opts.planOut) defaultRuntime.log(`Plan written to ${opts.planOut}`);
|
|
2042
|
-
}
|
|
2043
|
-
let shouldApply = Boolean(opts.apply);
|
|
2044
|
-
if (!shouldApply && !opts.json) {
|
|
2045
|
-
const approved = await confirm({
|
|
2046
|
-
message: "Apply this plan now?",
|
|
2047
|
-
initialValue: true
|
|
2048
|
-
});
|
|
2049
|
-
if (typeof approved === "boolean") shouldApply = approved;
|
|
2050
|
-
}
|
|
2051
|
-
if (shouldApply) {
|
|
2052
|
-
if (Boolean(opts.apply) && !opts.yes && !opts.json) {
|
|
2053
|
-
if (await confirm({
|
|
2054
|
-
message: "This migration is one-way for migrated plaintext values. Continue with apply?",
|
|
2055
|
-
initialValue: true
|
|
2056
|
-
}) !== true) {
|
|
2057
|
-
defaultRuntime.log("Apply cancelled.");
|
|
2058
|
-
return;
|
|
2059
|
-
}
|
|
2060
|
-
}
|
|
2061
|
-
const result = await runSecretsApply({
|
|
2062
|
-
plan: configured.plan,
|
|
2063
|
-
write: true,
|
|
2064
|
-
allowExec: Boolean(opts.allowExec)
|
|
2065
|
-
});
|
|
2066
|
-
if (opts.json) {
|
|
2067
|
-
defaultRuntime.writeJson(result);
|
|
2068
|
-
return;
|
|
2069
|
-
}
|
|
2070
|
-
defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
|
|
2071
|
-
}
|
|
2072
|
-
} catch (err) {
|
|
2073
|
-
defaultRuntime.error(danger(String(err)));
|
|
2074
|
-
defaultRuntime.exit(1);
|
|
2075
|
-
}
|
|
2076
|
-
});
|
|
2077
|
-
secrets.command("apply").description("Apply a previously generated secrets plan").requiredOption("--from <path>", "Path to plan JSON").option("--dry-run", "Validate/preflight only", false).option("--allow-exec", "Allow exec SecretRef checks (may execute provider commands)", false).option("--json", "Output JSON", false).action(async (opts) => {
|
|
2078
|
-
try {
|
|
2079
|
-
const result = await runSecretsApply({
|
|
2080
|
-
plan: readPlanFile(opts.from),
|
|
2081
|
-
write: !opts.dryRun,
|
|
2082
|
-
allowExec: Boolean(opts.allowExec)
|
|
2083
|
-
});
|
|
2084
|
-
if (opts.json) {
|
|
2085
|
-
defaultRuntime.writeJson(result);
|
|
2086
|
-
return;
|
|
2087
|
-
}
|
|
2088
|
-
if (opts.dryRun) {
|
|
2089
|
-
defaultRuntime.log(result.changed ? `Secrets apply dry run: ${result.changedFiles.length} file(s) would change.` : "Secrets apply dry run: no changes.");
|
|
2090
|
-
if (!result.checks.resolvabilityComplete && result.skippedExecRefs > 0) defaultRuntime.log(`Secrets apply dry-run note: skipped ${result.skippedExecRefs} exec SecretRef resolvability check(s). Re-run with --allow-exec to execute exec providers during dry-run.`);
|
|
2091
|
-
return;
|
|
2092
|
-
}
|
|
2093
|
-
defaultRuntime.log(result.changed ? `Secrets applied. Updated ${result.changedFiles.length} file(s).` : "Secrets apply: no changes.");
|
|
2094
|
-
} catch (err) {
|
|
2095
|
-
defaultRuntime.error(danger(String(err)));
|
|
2096
|
-
defaultRuntime.exit(1);
|
|
2097
|
-
}
|
|
2098
|
-
});
|
|
2099
|
-
}
|
|
2100
|
-
//#endregion
|
|
2101
|
-
export { registerSecretsCli };
|