@posthog/wizard 2.10.4 → 2.12.0

package/dist/{readiness-Cep84RsR.js → agent-interface-D5W9BAB2.js}

@@ -1,9 +1,10 @@
 import { n as __require } from "./rolldown-runtime-B_-DWIq7.js";
-import { a as getLogFilePath, c as getUI, o as initLogFile, r as debug, s as logToFile } from "./debug-CyJ_3dTP.js";
-import { C as WIZARD_VARIANT_FLAG_KEY, S as WIZARD_VARIANTS, b as WIZARD_REMARK_EVENT_NAME, h as POSTHOG_PROPERTY_HEADER_PREFIX, n as analytics, p as POSTHOG_FLAG_HEADER_PREFIX, v as REMOTE_SKILLS_BASE_URL, x as WIZARD_USER_AGENT } from "./analytics-Cm6i5_gc.js";
-import { o as getLlmGatewayUrlFromHost } from "./setup-utils-CHojnr4N.js";
-import { n as ADDITIONAL_FEATURE_PROMPTS } from "./wizard-session-Db6R023m.js";
-import { n as registerCleanup, r as wizardAbort, t as WizardError } from "./wizard-abort-DKctLd33.js";
+import { A as POSTHOG_PROPERTY_HEADER_PREFIX, B as WIZARD_VARIANTS, L as WIZARD_REMARK_EVENT_NAME, O as POSTHOG_FLAG_HEADER_PREFIX, V as WIZARD_VARIANT_FLAG_KEY, a as getLogFilePath, c as getUI, o as initLogFile, r as debug, s as logToFile, z as WIZARD_USER_AGENT } from "./debug-Bkaqv1ab.js";
+import { i as WIZARD_YARA_REPORT_FILE, o as skillTmpPath } from "./paths-DJS47p5x.js";
+import { n as analytics } from "./analytics-DmD31Ssc.js";
+import { f as getLlmGatewayUrlFromHost } from "./setup-utils-Bv8z6HMb.js";
+import { n as ADDITIONAL_FEATURE_PROMPTS } from "./wizard-session-BcNJTl2I.js";
+import { n as registerCleanup, r as wizardAbort, t as WizardError } from "./wizard-abort-DfhWuzaw.js";
 import * as fs$1 from "fs";
 import fs from "fs";
 import path from "path";
@@ -174,6 +175,49 @@ const LINTING_TOOLS = [
 	"yamllint"
 ];
 //#endregion
+//#region src/lib/workflows/audit/types.ts
+/** Single source of truth for status glyph + color across audit views. */
+const AUDIT_SEVERITY_STYLE = {
+	pending: {
+		glyph: "◌",
+		color: "gray"
+	},
+	pass: {
+		glyph: "✔",
+		color: "green"
+	},
+	error: {
+		glyph: "✘",
+		color: "red"
+	},
+	warning: {
+		glyph: "⚠",
+		color: "yellow"
+	},
+	suggestion: {
+		glyph: "•",
+		color: "cyan"
+	}
+};
+const AUDIT_CHECKS_FILE = ".posthog-audit-checks.json";
+const AUDIT_REPORT_FILE = "posthog-audit-report.md";
+const AUDIT_CHECKS_KEY = "auditChecks";
+function getAuditChecks(session) {
+	const raw = session.frameworkContext[AUDIT_CHECKS_KEY];
+	return Array.isArray(raw) ? raw : [];
+}
+/**
+* Read the audit checks ledger off disk. Validation lives at write time —
+* every writer (`audit_seed_checks` / `audit_add_checks` / `audit_resolve_checks`
+* MCP tools, `seedAuditLedger`) zod-parses entries before the atomic write,
+* so by the time the file watcher fires we trust the shape and only guard
+* against the file not being a JSON array (corrupted / hand-edited / not yet
+* seeded).
+*/
+function coerceAuditChecks(parsed) {
+	return Array.isArray(parsed) ? parsed : [];
+}
+//#endregion
 //#region src/lib/wizard-tools.ts
 /**
 * Unified in-process MCP server for the PostHog wizard.
@@ -182,6 +226,8 @@ const LINTING_TOOLS = [
 * - check_env_keys: Check which env var keys exist in a .env file
 * - set_env_values: Create/update env vars in a .env file
 * - detect_package_manager: Detect the project's package manager(s)
+* - load_skill_menu / install_skill: Skill installation
+* - audit_seed_checks / audit_add_checks / audit_resolve_checks: Audit ledger ownership
 */
 let _sdkModule$1 = null;
 async function getSDKModule$1() {
@@ -216,7 +262,7 @@ async function fetchSkillMenu(skillsBaseUrl) {
 */
 function downloadSkill(skillEntry, installDir, skillsRoot) {
 	const skillDir = skillsRoot ? path.join(installDir, skillsRoot, skillEntry.id) : path.join(installDir, ".claude", "skills", skillEntry.id);
-	const tmpFile = `/tmp/posthog-skill-${skillEntry.id}.zip`;
+	const tmpFile = skillTmpPath(skillEntry.id);
 	try {
 		fs.mkdirSync(skillDir, { recursive: true });
 		execFileSync("curl", [
@@ -231,6 +277,7 @@ function downloadSkill(skillEntry, installDir, skillsRoot) {
 			"-d",
 			skillDir
 		], { timeout: 3e4 });
+		fs.writeFileSync(path.join(skillDir, ".posthog-wizard"), "");
 		try {
 			fs.unlinkSync(tmpFile);
 		} catch {}
@@ -320,6 +367,122 @@ function mergeEnvValues(content, values) {
 	}
 	return result;
 }
+const AUDIT_STATUSES = [
+	"pending",
+	"pass",
+	"error",
+	"warning",
+	"suggestion"
+];
+const auditCheckSchema = z.object({
+	id: z.string().min(1),
+	area: z.string().min(1),
+	label: z.string().min(1),
+	status: z.enum(AUDIT_STATUSES),
+	file: z.string().optional(),
+	details: z.string().optional()
+});
+const auditUpdateSchema = z.object({
+	id: z.string().min(1),
+	status: z.enum(AUDIT_STATUSES),
+	file: z.string().optional(),
+	details: z.string().optional()
+});
+/**
+* Atomically write JSON: write to .tmp then rename. The rename is what bumps
+* the file's mtime, which is what the UI's file watcher polls on.
+*/
+function writeLedgerAtomic(targetPath, checks) {
+	const tmpPath = `${targetPath}.tmp`;
+	fs.writeFileSync(tmpPath, JSON.stringify(checks, null, 2), "utf8");
+	fs.renameSync(tmpPath, targetPath);
+}
+/**
+* Apply a batch of patches to the ledger by id. Returns the new array and the
+* list of update ids that didn't match any existing check.
+*/
+function applyAuditUpdates(current, updates) {
+	const byId = new Map(current.map((c) => [c.id, c]));
+	const unknown = [];
+	for (const u of updates) {
+		const existing = byId.get(u.id);
+		if (!existing) {
+			unknown.push(u.id);
+			continue;
+		}
+		byId.set(u.id, {
+			...existing,
+			status: u.status,
+			...u.file !== void 0 ? { file: u.file } : {},
+			...u.details !== void 0 ? { details: u.details } : {}
+		});
+	}
+	return {
+		next: current.map((c) => byId.get(c.id) ?? c),
+		unknown
+	};
+}
+/**
+* Append new checks to a seeded ledger. Duplicate ids are reported without
+* mutating the current ledger, including duplicates inside the additions.
+*/
+function applyAuditAdditions(current, additions) {
+	const existingIds = new Set(current.map((c) => c.id));
+	const additionIds = /* @__PURE__ */ new Set();
+	const duplicates = [];
+	for (const check of additions) {
+		if (existingIds.has(check.id) || additionIds.has(check.id)) {
+			duplicates.push(check.id);
+			continue;
+		}
+		additionIds.add(check.id);
+	}
+	if (duplicates.length > 0) return {
+		next: current,
+		duplicates
+	};
+	return {
+		next: [...current, ...additions],
+		duplicates: []
+	};
+}
+function readLedger(targetPath) {
+	if (!fs.existsSync(targetPath)) return [];
+	try {
+		return coerceAuditChecks(JSON.parse(fs.readFileSync(targetPath, "utf8")));
+	} catch {
+		return [];
+	}
+}
+function appendAuditChecksToLedger(targetPath, additions) {
+	if (!fs.existsSync(targetPath)) return {
+		ok: false,
+		reason: "missing-ledger"
+	};
+	const { next, duplicates } = applyAuditAdditions(readLedger(targetPath), additions);
+	if (duplicates.length > 0) return {
+		ok: false,
+		reason: "duplicate-ids",
+		ids: duplicates
+	};
+	writeLedgerAtomic(targetPath, next);
+	return {
+		ok: true,
+		added: additions.length
+	};
+}
+/**
+* Single async mutex shared by audit tools — guarantees a read-modify-write
+* cycle on the ledger is atomic across concurrent tool calls (e.g. future subagents).
+*/
+function makeMutex() {
+	let chain = Promise.resolve();
+	return async function run(fn) {
+		const next = chain.then(() => fn());
+		chain = next.catch(() => void 0);
+		return next;
+	};
+}
 const SERVER_NAME = "wizard-tools";
 /**
 * Create the unified in-process MCP server with all wizard tools.
@@ -334,101 +497,162 @@ async function createWizardToolsServer(options) {
 	if (menu) cachedSkillMenu = menu.categories;
 	const keys = Object.keys(cachedSkillMenu);
 	if (keys.length > 0) categoryNames = keys;
+	const checkEnvKeys = tool("check_env_keys", "Check which environment variable keys are present or missing in a .env file. Never reveals values.", {
+		filePath: z.string().describe("Path to the .env file, relative to the project root"),
+		keys: z.array(z.string()).describe("Environment variable key names to check")
+	}, (args) => {
+		const resolved = resolveEnvPath(workingDirectory, args.filePath);
+		logToFile(`check_env_keys: ${resolved}, keys: ${args.keys.join(", ")}`);
+		const existingKeys = fs.existsSync(resolved) ? parseEnvKeys(fs.readFileSync(resolved, "utf8")) : /* @__PURE__ */ new Set();
+		const results = {};
+		for (const key of args.keys) results[key] = existingKeys.has(key) ? "present" : "missing";
+		return { content: [{
+			type: "text",
+			text: JSON.stringify(results, null, 2)
+		}] };
+	});
+	const setEnvValues = tool("set_env_values", "Create or update environment variable keys in a .env file. Creates the file if it does not exist. Ensures .gitignore coverage.", {
+		filePath: z.string().describe("Path to the .env file, relative to the project root"),
+		values: z.record(z.string(), z.string()).describe("Key-value pairs to set")
+	}, (args) => {
+		const forbidden = Object.keys(args.values).find((k) => k.toUpperCase() === "POSTHOG_KEY");
+		if (forbidden) return {
+			content: [{
+				type: "text",
+				text: `Error: "${forbidden}" is not a valid PostHog env var name. Use the project-specific key name from your framework's integration guide (e.g. NEXT_PUBLIC_POSTHOG_PROJECT_TOKEN).`
+			}],
+			isError: true
+		};
+		const resolved = resolveEnvPath(workingDirectory, args.filePath);
+		logToFile(`set_env_values: ${resolved}, keys: ${Object.keys(args.values).join(", ")}`);
+		const content = mergeEnvValues(fs.existsSync(resolved) ? fs.readFileSync(resolved, "utf8") : "", args.values);
+		const dir = path.dirname(resolved);
+		if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+		fs.writeFileSync(resolved, content, "utf8");
+		ensureGitignoreCoverage(workingDirectory, path.basename(resolved));
+		return { content: [{
+			type: "text",
+			text: `Updated ${Object.keys(args.values).length} key(s) in ${args.filePath}`
+		}] };
+	});
+	const detectPM = tool("detect_package_manager", "Detect which package manager(s) the project uses. Returns the name, install command, and run command for each detected package manager. Call this before running any install commands.", {}, async () => {
+		logToFile(`detect_package_manager: scanning ${workingDirectory}`);
+		const result = await detectPackageManager(workingDirectory);
+		logToFile(`detect_package_manager: detected ${result.detected.length} package manager(s)`);
+		return { content: [{
+			type: "text",
+			text: JSON.stringify(result, null, 2)
+		}] };
+	});
+	const loadSkillMenu = tool("load_skill_menu", "Load available PostHog skills for a category. Returns skill IDs and names. Call this first, then use install_skill with the chosen ID.", { category: z.enum(categoryNames).describe("Skill category") }, (args) => {
+		const skills = cachedSkillMenu[args.category];
+		if (!skills || skills.length === 0) return {
+			content: [{
+				type: "text",
+				text: `No skills found for category "${args.category}".`
+			}],
+			isError: true
+		};
+		const menuText = skills.map((s) => `- ${s.id}: ${s.name}`).join("\n");
+		logToFile(`load_skill_menu: returning ${skills.length} skills for "${args.category}"`);
+		return { content: [{
+			type: "text",
+			text: menuText
+		}] };
+	});
+	const installSkill = tool("install_skill", "Download and install a PostHog skill by ID. Call load_skill_menu first to see available skills. Extracts the skill to .claude/skills/<skillId>/.", { skillId: z.string().describe("Skill ID from the skill menu (e.g., \"integration-nextjs-app-router\")") }, (args) => {
+		if (!/^[a-z0-9][a-z0-9_-]*$/.test(args.skillId)) return {
+			content: [{
+				type: "text",
+				text: "Error: skillId must be lowercase alphanumeric with hyphens."
+			}],
+			isError: true
+		};
+		const skill = Object.values(cachedSkillMenu).flat().find((s) => s.id === args.skillId);
+		if (!skill) return {
+			content: [{
+				type: "text",
+				text: `Error: skill "${args.skillId}" not found. Use load_skill_menu to see available skills.`
+			}],
+			isError: true
+		};
+		const result = downloadSkill(skill, workingDirectory);
+		if (result.success) return { content: [{
+			type: "text",
+			text: `Skill installed to .claude/skills/${args.skillId}/`
+		}] };
+		else return {
+			content: [{
+				type: "text",
+				text: `Error installing skill: ${result.error}`
+			}],
+			isError: true
+		};
+	});
+	const auditLedgerPath = path.join(workingDirectory, AUDIT_CHECKS_FILE);
+	const auditMutex = makeMutex();
 	return createSdkMcpServer({
 		name: SERVER_NAME,
 		version: "1.0.0",
 		tools: [
-			tool("check_env_keys", "Check which environment variable keys are present or missing in a .env file. Never reveals values.", {
-				filePath: z.string().describe("Path to the .env file, relative to the project root"),
-				keys: z.array(z.string()).describe("Environment variable key names to check")
-			}, (args) => {
-				const resolved = resolveEnvPath(workingDirectory, args.filePath);
-				logToFile(`check_env_keys: ${resolved}, keys: ${args.keys.join(", ")}`);
-				const existingKeys = fs.existsSync(resolved) ? parseEnvKeys(fs.readFileSync(resolved, "utf8")) : /* @__PURE__ */ new Set();
-				const results = {};
-				for (const key of args.keys) results[key] = existingKeys.has(key) ? "present" : "missing";
-				return { content: [{
-					type: "text",
-					text: JSON.stringify(results, null, 2)
-				}] };
-			}),
-			tool("set_env_values", "Create or update environment variable keys in a .env file. Creates the file if it does not exist. Ensures .gitignore coverage.", {
-				filePath: z.string().describe("Path to the .env file, relative to the project root"),
-				values: z.record(z.string(), z.string()).describe("Key-value pairs to set")
-			}, (args) => {
-				const forbidden = Object.keys(args.values).find((k) => k.toUpperCase() === "POSTHOG_KEY");
-				if (forbidden) return {
-					content: [{
+			checkEnvKeys,
+			setEnvValues,
+			detectPM,
+			loadSkillMenu,
+			installSkill,
+			tool("audit_seed_checks", "Seed the audit ledger at .posthog-audit-checks.json with the full set of pending checks. Call this once at the start of the audit. Atomically replaces any existing ledger.", { checks: z.array(auditCheckSchema).describe("Full pending checklist to write to the ledger") }, async (args) => {
+				return auditMutex(() => {
+					writeLedgerAtomic(auditLedgerPath, args.checks);
+					logToFile(`audit_seed_checks: wrote ${args.checks.length} entries`);
+					return { content: [{
 						type: "text",
-						text: `Error: "${forbidden}" is not a valid PostHog env var name. Use the project-specific key name from your framework's integration guide (e.g. NEXT_PUBLIC_POSTHOG_PROJECT_TOKEN).`
-					}],
-					isError: true
-				};
-				const resolved = resolveEnvPath(workingDirectory, args.filePath);
-				logToFile(`set_env_values: ${resolved}, keys: ${Object.keys(args.values).join(", ")}`);
-				const content = mergeEnvValues(fs.existsSync(resolved) ? fs.readFileSync(resolved, "utf8") : "", args.values);
-				const dir = path.dirname(resolved);
-				if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-				fs.writeFileSync(resolved, content, "utf8");
-				ensureGitignoreCoverage(workingDirectory, path.basename(resolved));
-				return { content: [{
-					type: "text",
-					text: `Updated ${Object.keys(args.values).length} key(s) in ${args.filePath}`
-				}] };
-			}),
-			tool("detect_package_manager", "Detect which package manager(s) the project uses. Returns the name, install command, and run command for each detected package manager. Call this before running any install commands.", {}, async () => {
-				logToFile(`detect_package_manager: scanning ${workingDirectory}`);
-				const result = await detectPackageManager(workingDirectory);
-				logToFile(`detect_package_manager: detected ${result.detected.length} package manager(s)`);
-				return { content: [{
-					type: "text",
-					text: JSON.stringify(result, null, 2)
-				}] };
+						text: `Seeded ${args.checks.length} audit checks.`
+					}] };
+				});
 			}),
-			tool("load_skill_menu", "Load available PostHog skills for a category. Returns skill IDs and names. Call this first, then use install_skill with the chosen ID.", { category: z.enum(categoryNames).describe("Skill category") }, (args) => {
-				const skills = cachedSkillMenu[args.category];
-				if (!skills || skills.length === 0) return {
-					content: [{
+			tool("audit_add_checks", "Append one or more pending checks to the existing audit ledger at .posthog-audit-checks.json. Call audit_seed_checks first. Atomically rejects duplicate ids without changing the ledger.", { checks: z.array(auditCheckSchema).min(1).describe("Additional checks to append to the existing ledger") }, async (args) => {
+				return auditMutex(() => {
+					const result = appendAuditChecksToLedger(auditLedgerPath, args.checks);
+					if (!result.ok) {
+						if (result.reason === "missing-ledger") return {
+							content: [{
+								type: "text",
+								text: "Error: audit ledger does not exist. Run audit_seed_checks first."
+							}],
+							isError: true
+						};
+						return {
+							content: [{
+								type: "text",
+								text: `Error: duplicate check id(s): ${result.ids.join(", ")}. Check ids must be unique.`
+							}],
+							isError: true
+						};
+					}
+					logToFile(`audit_add_checks: added ${result.added} entries`);
+					return { content: [{
 						type: "text",
-						text: `No skills found for category "${args.category}".`
-					}],
-					isError: true
-				};
-				const menuText = skills.map((s) => `- ${s.id}: ${s.name}`).join("\n");
-				logToFile(`load_skill_menu: returning ${skills.length} skills for "${args.category}"`);
-				return { content: [{
-					type: "text",
-					text: menuText
-				}] };
+						text: `Added ${result.added} audit check(s).`
+					}] };
+				});
 			}),
-			tool("install_skill", "Download and install a PostHog skill by ID. Call load_skill_menu first to see available skills. Extracts the skill to .claude/skills/<skillId>/.", { skillId: z.string().describe("Skill ID from the skill menu (e.g., \"integration-nextjs-app-router\")") }, (args) => {
-				if (!/^[a-z0-9][a-z0-9_-]*$/.test(args.skillId)) return {
-					content: [{
+			tool("audit_resolve_checks", "Resolve one or more audit checks by id. Patches each entry's status (and optional file/details) and writes the ledger back atomically. Concurrent calls serialize.", { updates: z.array(auditUpdateSchema).min(1).describe("Patches to apply, keyed by check id") }, async (args) => {
+				return auditMutex(() => {
+					const { next, unknown } = applyAuditUpdates(readLedger(auditLedgerPath), args.updates);
+					if (unknown.length > 0) return {
+						content: [{
+							type: "text",
+							text: `Error: unknown check id(s): ${unknown.join(", ")}. Run audit_seed_checks first or check the id.`
+						}],
+						isError: true
+					};
+					writeLedgerAtomic(auditLedgerPath, next);
+					logToFile(`audit_resolve_checks: applied ${args.updates.length} update(s)`);
+					return { content: [{
 						type: "text",
-						text: "Error: skillId must be lowercase alphanumeric with hyphens."
-					}],
-					isError: true
-				};
-				const skill = Object.values(cachedSkillMenu).flat().find((s) => s.id === args.skillId);
-				if (!skill) return {
-					content: [{
-						type: "text",
-						text: `Error: skill "${args.skillId}" not found. Use load_skill_menu to see available skills.`
-					}],
-					isError: true
-				};
-				const result = downloadSkill(skill, workingDirectory);
-				if (result.success) return { content: [{
-					type: "text",
-					text: `Skill installed to .claude/skills/${args.skillId}/`
-				}] };
-				else return {
-					content: [{
-						type: "text",
-						text: `Error installing skill: ${result.error}`
-					}],
-					isError: true
-				};
+						text: `Resolved ${args.updates.length} check(s).`
+					}] };
+				});
 			})
 		]
 	});
@@ -439,7 +663,10 @@ const WIZARD_TOOL_NAMES = [
 	`${SERVER_NAME}:set_env_values`,
 	`${SERVER_NAME}:detect_package_manager`,
 	`${SERVER_NAME}:load_skill_menu`,
-	`${SERVER_NAME}:install_skill`
+	`${SERVER_NAME}:install_skill`,
+	`${SERVER_NAME}:audit_seed_checks`,
+	`${SERVER_NAME}:audit_add_checks`,
+	`${SERVER_NAME}:audit_resolve_checks`
 ];
 //#endregion
 //#region src/lib/yara-scanner.ts
@@ -749,7 +976,6 @@ function formatScanReport() {
 	lines.push("");
 	return lines.join("\n");
 }
-const YARA_REPORT_PATH = "/tmp/posthog-wizard-yara-report.json";
 /** Write the scan report to a JSON file. Returns the file path, or null if no scans occurred. */
 function writeScanReport() {
 	if (scanCount === 0) return null;
@@ -762,12 +988,12 @@ function writeScanReport() {
 		violations: scanViolations
 	};
 	try {
-		fs.writeFileSync(YARA_REPORT_PATH, JSON.stringify(report, null, 2));
+		fs.writeFileSync(WIZARD_YARA_REPORT_FILE, JSON.stringify(report, null, 2));
 	} catch (err) {
 		logToFile("[YARA] Failed to write scan report:", err);
 		return null;
 	}
-	return YARA_REPORT_PATH;
+	return WIZARD_YARA_REPORT_FILE;
 }
 /** Timeout for synchronous scan hooks (PreToolUse, PostToolUse Write/Edit/Read) */
 const HOOK_TIMEOUT_MS = 60;
@@ -1187,10 +1413,13 @@ function buildWizardMetadata(flags = {}) {
 	return { ...(variantKey && WIZARD_VARIANTS[variantKey]) ?? WIZARD_VARIANTS["base"] };
 }
 /**
-* Build env for the SDK subprocess: process.env plus ANTHROPIC_CUSTOM_HEADERS from wizard metadata/flags.
+* Build env for the SDK subprocess: process.env plus ANTHROPIC_CUSTOM_HEADERS, which always
+* includes `x-posthog-use-bedrock-fallback: true` so the LLM gateway falls back to Bedrock on
+* Anthropic 5xx, plus any wizard metadata/flags.
 */
 function buildAgentEnv(wizardMetadata, wizardFlags) {
 	const headers = createCustomHeaders();
+	headers.add("x-posthog-use-bedrock-fallback", "true");
 	for (const [key, value] of Object.entries(wizardMetadata)) headers.add(key.startsWith("X-POSTHOG-PROPERTY-") ? key : `${POSTHOG_PROPERTY_HEADER_PREFIX}${key}`, value);
 	for (const [flagKey, variant] of Object.entries(wizardFlags)) {
 		if (!flagKey.toLowerCase().startsWith("wizard")) continue;
@@ -1496,8 +1725,6 @@ async function runAgent(agentConfig, prompt, options, spinner, config, middlewar
 		spinner.stop(successMessage);
 		return {};
 	};
-	let eventPlanWatcher;
-	let eventPlanInterval;
 	const abortController = new AbortController();
 	let abortReason = null;
 	try {
@@ -1508,6 +1735,7 @@ async function runAgent(agentConfig, prompt, options, spinner, config, middlewar
 			"Glob",
 			"Grep",
 			"Bash",
+			"Task",
 			"ListMcpResourcesTool",
 			"Skill",
 			...WIZARD_TOOL_NAMES
@@ -1586,31 +1814,6 @@ async function runAgent(agentConfig, prompt, options, spinner, config, middlewar
 				}
 			}
 		});
-		const eventPlanPath = path.join(agentConfig.workingDirectory, ".posthog-events.json");
-		const readEventPlan = () => {
-			try {
-				const content = fs$1.readFileSync(eventPlanPath, "utf-8");
-				const parsed = JSON.parse(content);
-				if (Array.isArray(parsed)) getUI().setEventPlan(parsed.map((e) => ({
-					name: e.name ?? e.event ?? "",
-					description: e.description ?? ""
-				})));
-			} catch {}
-		};
-		try {
-			eventPlanWatcher = fs$1.watch(eventPlanPath, () => readEventPlan());
-			readEventPlan();
-		} catch {
-			eventPlanInterval = setInterval(() => {
-				try {
-					fs$1.accessSync(eventPlanPath);
-					readEventPlan();
-					clearInterval(eventPlanInterval);
-					eventPlanInterval = void 0;
-					eventPlanWatcher = fs$1.watch(eventPlanPath, () => readEventPlan());
-				} catch {}
-			}, 1e3);
-		}
 		for await (const message of response) {
 			if (!loggedInitialContext && message.type === "assistant") {
 				const usage = message.message?.usage;
@@ -1744,8 +1947,6 @@ async function runAgent(agentConfig, prompt, options, spinner, config, middlewar
 		debug("Full error:", error);
 		throw error;
 	} finally {
-		eventPlanWatcher?.close();
-		if (eventPlanInterval) clearInterval(eventPlanInterval);
 		if (!receivedSuccessResult) {
 			const durationMs = Date.now() - startTime;
 			analytics.wizardCapture("agent aborted", {
@@ -1815,342 +2016,6 @@ function handleSDKMessage(message, options, spinner, collectedText, receivedSucc
 	}
 }
 //#endregion
-//#region src/lib/health-checks/statuspage.ts
-function mapIndicator(v) {
-	switch (v) {
-		case "none": return "healthy";
-		case "minor": return "degraded";
-		case "major":
-		case "critical": return "down";
-		default: return "degraded";
-	}
-}
-function mapComponentRaw(v) {
-	switch (v) {
-		case "operational": return "healthy";
-		case "degraded_performance":
-		case "under_maintenance": return "degraded";
-		case "partial_outage":
-		case "major_outage": return "down";
-		default: return "degraded";
-	}
-}
-function errResult$1(error) {
-	return {
-		status: "degraded",
-		error
-	};
-}
-async function fetchStatuspageIndicator(url, timeoutMs = 5e3) {
-	try {
-		const controller = new AbortController();
-		const tid = setTimeout(() => controller.abort(), timeoutMs);
-		const res = await fetch(url, { signal: controller.signal });
-		clearTimeout(tid);
-		if (!res.ok) return errResult$1(`HTTP ${res.status}`);
-		const indicator = (await res.json()).status?.indicator ?? null;
-		return {
-			status: mapIndicator(indicator),
-			rawIndicator: indicator ?? void 0
-		};
-	} catch (e) {
-		if (e instanceof Error && e.name === "AbortError") return errResult$1("Request timed out");
-		return errResult$1(e instanceof Error ? e.message : "Unknown error");
-	}
-}
-async function fetchStatuspageSummary(url, timeoutMs = 5e3) {
-	try {
-		const controller = new AbortController();
-		const tid = setTimeout(() => controller.abort(), timeoutMs);
-		const res = await fetch(url, { signal: controller.signal });
-		clearTimeout(tid);
-		if (!res.ok) return errResult$1(`HTTP ${res.status}`);
-		const data = await res.json();
-		const indicator = data.status?.indicator ?? null;
-		const overall = mapIndicator(indicator);
-		const affected = (data.components ?? []).map((c) => ({
-			name: c.name,
-			status: mapComponentRaw(c.status),
-			rawStatus: c.status
-		})).filter((c) => c.status !== "healthy");
-		return {
-			status: affected.length > 0 ? "degraded" : overall,
-			rawIndicator: indicator ?? void 0,
-			degradedOrDownComponents: affected.length > 0 ? affected : void 0
-		};
-	} catch (e) {
-		if (e instanceof Error && e.name === "AbortError") return errResult$1("Request timed out");
-		return errResult$1(e instanceof Error ? e.message : "Unknown error");
-	}
-}
-const checkAnthropicHealth = () => fetchStatuspageIndicator("https://status.claude.com/api/v2/status.json");
-const checkGithubHealth = () => fetchStatuspageIndicator("https://www.githubstatus.com/api/v2/status.json");
-const checkNpmOverallHealth = () => fetchStatuspageIndicator("https://status.npmjs.org/api/v2/status.json");
-const checkNpmComponentHealth = () => fetchStatuspageSummary("https://status.npmjs.org/api/v2/summary.json");
-const checkCloudflareOverallHealth = () => fetchStatuspageIndicator("https://www.cloudflarestatus.com/api/v2/status.json");
-const checkCloudflareComponentHealth = () => fetchStatuspageSummary("https://www.cloudflarestatus.com/api/v2/summary.json");
-//#endregion
-//#region src/lib/health-checks/incidentio.ts
-function mapIncidentImpact(impact) {
-	switch (impact) {
-		case "full_outage": return "down";
-		case "partial_outage":
-		case "degraded_performance": return "degraded";
-		default: return "degraded";
-	}
-}
-function mapComponentStatus(status) {
-	switch (status) {
-		case "operational": return "healthy";
-		case "full_outage": return "down";
-		case "partial_outage":
-		case "degraded_performance": return "degraded";
-		default: return "degraded";
-	}
-}
-function errResult(error) {
-	return {
-		status: "degraded",
-		error
-	};
-}
-const POSTHOG_STATUS_URL = "https://www.posthogstatus.com/api/v1/summary";
-async function fetchPosthogStatus(timeoutMs = 5e3) {
-	try {
-		const controller = new AbortController();
-		const tid = setTimeout(() => controller.abort(), timeoutMs);
-		const res = await fetch(POSTHOG_STATUS_URL, { signal: controller.signal });
-		clearTimeout(tid);
-		if (!res.ok) {
-			const err = errResult(`HTTP ${res.status}`);
-			return {
-				overall: err,
-				components: err
-			};
-		}
-		const incidents = (await res.json()).ongoing_incidents ?? [];
-		if (incidents.length === 0) return {
-			overall: { status: "healthy" },
-			components: { status: "healthy" }
-		};
-		let worstOverall = "degraded";
-		const affected = [];
-		for (const incident of incidents) {
-			if (mapIncidentImpact(incident.current_worst_impact) === "down") worstOverall = "down";
-			for (const comp of incident.affected_components ?? []) {
-				const compStatus = mapComponentStatus(comp.current_status);
-				if (compStatus !== "healthy") affected.push({
-					name: comp.group_name ? `${comp.group_name} — ${comp.name}` : comp.name,
-					status: compStatus,
-					rawStatus: comp.current_status
-				});
-			}
-		}
-		return {
-			overall: { status: worstOverall },
-			components: {
-				status: affected.length > 0 ? "degraded" : worstOverall,
-				degradedOrDownComponents: affected.length > 0 ? affected : void 0
-			}
-		};
-	} catch (e) {
-		if (e instanceof Error && e.name === "AbortError") {
-			const err = errResult("Request timed out");
-			return {
-				overall: err,
-				components: err
-			};
-		}
-		const err = errResult(e instanceof Error ? e.message : "Unknown error");
-		return {
-			overall: err,
-			components: err
-		};
-	}
-}
-let _cache = null;
-function getPosthogHealth() {
-	if (!_cache) _cache = fetchPosthogStatus();
-	return _cache;
-}
-const checkPosthogOverallHealth = async () => (await getPosthogHealth()).overall;
-const checkPosthogComponentHealth = async () => (await getPosthogHealth()).components;
-//#endregion
-//#region src/lib/health-checks/endpoints.ts
-function downResult(error) {
-	return {
-		status: "down",
-		error
-	};
-}
-async function fetchEndpointHealth(url, timeoutMs = 5e3, expectedStatus = 200) {
-	try {
-		const controller = new AbortController();
-		const tid = setTimeout(() => controller.abort(), timeoutMs);
-		const res = await fetch(url, { signal: controller.signal });
-		clearTimeout(tid);
-		if (res.status === expectedStatus) return {
-			status: "healthy",
-			rawIndicator: `HTTP ${res.status}`
-		};
-		return downResult(`HTTP ${res.status}`);
-	} catch (e) {
-		if (e instanceof Error && e.name === "AbortError") return downResult("Request timed out");
-		return downResult(e instanceof Error ? e.message : "Unknown error");
-	}
-}
-const checkLlmGatewayHealth = () => fetchEndpointHealth("https://gateway.us.posthog.com/_liveness");
-const checkMcpHealth = () => fetchEndpointHealth("https://mcp.posthog.com/");
-const checkGithubReleasesHealth = () => fetchEndpointHealth(`${REMOTE_SKILLS_BASE_URL}/skill-menu.json`);
-//#endregion
-//#region src/lib/health-checks/readiness.ts
-const SERVICE_LABELS = {
-	anthropic: "Anthropic",
-	posthogOverall: "PostHog",
-	posthogComponents: "PostHog (components)",
-	github: "GitHub",
-	npmOverall: "npm",
-	npmComponents: "npm (components)",
-	cloudflareOverall: "Cloudflare",
-	cloudflareComponents: "Cloudflare (components)",
-	llmGateway: "LLM Gateway",
-	mcp: "MCP",
-	githubReleases: "GitHub Releases"
-};
-/**
-* See README section "Health checks" for the full rationale.
-* Adjust these arrays to change what blocks a wizard run.
-*/
-const DEFAULT_WIZARD_READINESS_CONFIG = {
-	downBlocksRun: [
-		"anthropic",
-		"npmOverall",
-		"llmGateway",
-		"mcp",
-		"githubReleases"
-	],
-	degradedBlocksRun: ["anthropic"]
-};
-async function checkAllExternalServices() {
-	const [anthropic, posthogOverall, posthogComponents, github, npmOverall, npmComponents, cloudflareOverall, cloudflareComponents, llmGateway, mcp, githubReleases] = await Promise.all([
-		checkAnthropicHealth(),
-		checkPosthogOverallHealth(),
-		checkPosthogComponentHealth(),
-		checkGithubHealth(),
-		checkNpmOverallHealth(),
-		checkNpmComponentHealth(),
-		checkCloudflareOverallHealth(),
-		checkCloudflareComponentHealth(),
-		checkLlmGatewayHealth(),
-		checkMcpHealth(),
-		checkGithubReleasesHealth()
-	]);
-	return {
-		anthropic,
-		posthogOverall,
-		posthogComponents,
-		github,
-		npmOverall,
-		npmComponents,
-		cloudflareOverall,
-		cloudflareComponents,
-		llmGateway,
-		mcp,
-		githubReleases
-	};
-}
-function describeResult(label, h) {
-	const parts = [`${label}: ${h.status}`];
-	if (h.rawIndicator) parts.push(`indicator=${h.rawIndicator}`);
-	if (h.error) parts.push(h.error);
-	return parts.join(" — ");
-}
-const MAX_COMPONENT_NAMES = 8;
-function describeComponents(label, h) {
-	const affected = h.degradedOrDownComponents;
-	if (!affected || affected.length === 0) return `${label} components: all operational`;
-	const shown = affected.slice(0, MAX_COMPONENT_NAMES).map((c) => `${c.name} (${c.status})`);
-	const suffix = affected.length > MAX_COMPONENT_NAMES ? `, +${affected.length - MAX_COMPONENT_NAMES} more` : "";
-	return `${label} components impacted: ${shown.join(", ")}${suffix}`;
-}
-const READINESS_TIMEOUT_MS = 1e4;
-async function evaluateWizardReadiness(config = DEFAULT_WIZARD_READINESS_CONFIG) {
-	try {
-		const health = await Promise.race([checkAllExternalServices(), new Promise((resolve) => setTimeout(() => resolve(allUnknown("Health check timed out")), READINESS_TIMEOUT_MS))]);
-		const reasons = [];
-		for (const key of Object.keys(health)) {
-			const result = health[key];
-			const label = SERVICE_LABELS[key];
-			reasons.push(describeResult(label, result));
-			if ("degradedOrDownComponents" in result) reasons.push(describeComponents(label, result));
-		}
-		const blockingKeys = getBlockingServiceKeys(health, config);
-		if (blockingKeys.length > 0) {
-			logToFile(`[health-checks] blocked by: ${blockingKeys.join(", ")}`);
-			return {
-				decision: "no",
-				health,
-				reasons
-			};
-		}
-		if (Object.values(health).some((h) => h.status !== "healthy")) return {
-			decision: "yes_with_warnings",
-			health,
-			reasons
-		};
-		return {
-			decision: "yes",
-			health,
-			reasons
-		};
-	} catch (err) {
-		logToFile(`[health-checks] error: ${err instanceof Error ? err.message : err}`);
-		return {
-			decision: "yes",
-			health: allUnknown("Unexpected error"),
-			reasons: ["Health check failed unexpectedly — proceeding anyway"]
-		};
-	}
-}
-/** Keys that are component-level detail, not top-level services. */
-const COMPONENT_KEYS = [
-	"posthogComponents",
-	"npmComponents",
-	"cloudflareComponents"
-];
-/**
-* Get the keys of services that would block a wizard run per the given config.
-*/
-function getBlockingServiceKeys(health, config = DEFAULT_WIZARD_READINESS_CONFIG) {
-	return Object.keys(health).filter((key) => {
-		if (COMPONENT_KEYS.includes(key)) return false;
-		const result = health[key];
-		if (config.downBlocksRun.includes(key) && result.status === "down") return true;
-		if ((config.degradedBlocksRun ?? []).includes(key) && result.status !== "healthy") return true;
-		return false;
-	});
-}
-/** Build an AllServicesHealth where every service is Degraded with the given error. */
-function allUnknown(error) {
-	const base = {
-		status: "degraded",
-		error
-	};
-	return {
-		anthropic: base,
-		posthogOverall: base,
-		posthogComponents: { ...base },
-		github: base,
-		npmOverall: base,
-		npmComponents: { ...base },
-		cloudflareOverall: base,
-		cloudflareComponents: { ...base },
-		llmGateway: base,
-		mcp: base,
-		githubReleases: base
-	};
-}
-//#endregion
-export { backupAndFixClaudeSettings as a, initializeAgent as c, formatScanReport as d, writeScanReport as f, installSkillById as h, AgentSignals as i, restoreClaudeSettings as l, fetchSkillMenu as m, evaluateWizardReadiness as n, buildWizardMetadata as o, downloadSkill as p, getBlockingServiceKeys as r, checkAllSettingsConflicts as s, SERVICE_LABELS as t, runAgent as u };
+export { coerceAuditChecks as _, initializeAgent as a, formatScanReport as c, fetchSkillMenu as d, installSkillById as f, AUDIT_SEVERITY_STYLE as g, AUDIT_REPORT_FILE as h, checkAllSettingsConflicts as i, writeScanReport as l, AUDIT_CHECKS_KEY as m, backupAndFixClaudeSettings as n, restoreClaudeSettings as o, AUDIT_CHECKS_FILE as p, buildWizardMetadata as r, runAgent as s, AgentSignals as t, downloadSkill as u, getAuditChecks as v };
 
-//# sourceMappingURL=readiness-Cep84RsR.js.map
+//# sourceMappingURL=agent-interface-D5W9BAB2.js.map