@probelabs/visor 0.1.174-ee → 0.1.174

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/dist/index.js +23 -1840
  2. package/dist/output/traces/run-2026-03-09T15-44-30-340Z.ndjson +138 -0
  3. package/dist/output/traces/run-2026-03-09T15-45-10-778Z.ndjson +2280 -0
  4. package/dist/sdk/a2a-frontend-5L6H7ZVF.mjs +1658 -0
  5. package/dist/sdk/a2a-frontend-5L6H7ZVF.mjs.map +1 -0
  6. package/dist/sdk/check-provider-registry-UM762L7S.mjs +30 -0
  7. package/dist/sdk/{check-provider-registry-53C2ZIXJ.mjs → check-provider-registry-YVQI4IOR.mjs} +2 -2
  8. package/dist/sdk/chunk-EP7PQ4IX.mjs +45016 -0
  9. package/dist/sdk/{chunk-GKSSG5IM.mjs.map → chunk-EP7PQ4IX.mjs.map} +1 -1
  10. package/dist/sdk/{chunk-GKSSG5IM.mjs → chunk-I6GKXMQ5.mjs} +9 -9
  11. package/dist/sdk/chunk-I6GKXMQ5.mjs.map +1 -0
  12. package/dist/sdk/chunk-UTBSBJFV.mjs +739 -0
  13. package/dist/sdk/chunk-UTBSBJFV.mjs.map +1 -0
  14. package/dist/sdk/chunk-YEARBXYT.mjs +1502 -0
  15. package/dist/sdk/chunk-YEARBXYT.mjs.map +1 -0
  16. package/dist/sdk/chunk-ZI3SEHWA.mjs +516 -0
  17. package/dist/sdk/chunk-ZI3SEHWA.mjs.map +1 -0
  18. package/dist/sdk/failure-condition-evaluator-4O6BTC4Q.mjs +18 -0
  19. package/dist/sdk/github-frontend-UXL73NKB.mjs +1386 -0
  20. package/dist/sdk/github-frontend-UXL73NKB.mjs.map +1 -0
  21. package/dist/sdk/{host-LRWIKURZ.mjs → host-KJTXX76P.mjs} +3 -3
  22. package/dist/sdk/routing-AWYB2YX3.mjs +26 -0
  23. package/dist/sdk/{schedule-tool-5KDBDCFO.mjs → schedule-tool-IEY2CFLU.mjs} +2 -2
  24. package/dist/sdk/schedule-tool-IEY2CFLU.mjs.map +1 -0
  25. package/dist/sdk/schedule-tool-SGCYDSHL.mjs +36 -0
  26. package/dist/sdk/schedule-tool-SGCYDSHL.mjs.map +1 -0
  27. package/dist/sdk/schedule-tool-handler-5QVUZ5EZ.mjs +40 -0
  28. package/dist/sdk/schedule-tool-handler-5QVUZ5EZ.mjs.map +1 -0
  29. package/dist/sdk/{schedule-tool-handler-MUF5V36L.mjs → schedule-tool-handler-HMEGLYJF.mjs} +2 -2
  30. package/dist/sdk/schedule-tool-handler-HMEGLYJF.mjs.map +1 -0
  31. package/dist/sdk/sdk.js +281 -1655
  32. package/dist/sdk/sdk.js.map +1 -1
  33. package/dist/sdk/sdk.mjs +4 -4
  34. package/dist/sdk/trace-helpers-6TEWG7RK.mjs +29 -0
  35. package/dist/sdk/trace-helpers-6TEWG7RK.mjs.map +1 -0
  36. package/dist/sdk/workflow-check-provider-7VNIO6L5.mjs +30 -0
  37. package/dist/sdk/workflow-check-provider-7VNIO6L5.mjs.map +1 -0
  38. package/dist/sdk/{workflow-check-provider-RQUCBAYY.mjs → workflow-check-provider-VJ7VIMCQ.mjs} +2 -2
  39. package/dist/sdk/workflow-check-provider-VJ7VIMCQ.mjs.map +1 -0
  40. package/dist/traces/run-2026-03-09T15-44-30-340Z.ndjson +138 -0
  41. package/dist/traces/run-2026-03-09T15-45-10-778Z.ndjson +2280 -0
  42. package/package.json +1 -1
  43. package/dist/sdk/knex-store-QCEW4I4R.mjs +0 -527
  44. package/dist/sdk/knex-store-QCEW4I4R.mjs.map +0 -1
  45. package/dist/sdk/loader-Q7K76ZIY.mjs +0 -89
  46. package/dist/sdk/loader-Q7K76ZIY.mjs.map +0 -1
  47. package/dist/sdk/opa-policy-engine-QCSSIMUF.mjs +0 -655
  48. package/dist/sdk/opa-policy-engine-QCSSIMUF.mjs.map +0 -1
  49. package/dist/sdk/validator-XTZJZZJH.mjs +0 -134
  50. package/dist/sdk/validator-XTZJZZJH.mjs.map +0 -1
  51. /package/dist/sdk/{check-provider-registry-53C2ZIXJ.mjs.map → check-provider-registry-UM762L7S.mjs.map} +0 -0
  52. /package/dist/sdk/{schedule-tool-5KDBDCFO.mjs.map → check-provider-registry-YVQI4IOR.mjs.map} +0 -0
  53. /package/dist/sdk/{schedule-tool-handler-MUF5V36L.mjs.map → failure-condition-evaluator-4O6BTC4Q.mjs.map} +0 -0
  54. /package/dist/sdk/{host-LRWIKURZ.mjs.map → host-KJTXX76P.mjs.map} +0 -0
  55. /package/dist/sdk/{workflow-check-provider-RQUCBAYY.mjs.map → routing-AWYB2YX3.mjs.map} +0 -0
package/dist/sdk/sdk.js CHANGED
@@ -704,7 +704,7 @@ var require_package = __commonJS({
704
704
  "package.json"(exports2, module2) {
705
705
  module2.exports = {
706
706
  name: "@probelabs/visor",
707
- version: "0.1.42",
707
+ version: "0.1.174",
708
708
  main: "dist/index.js",
709
709
  bin: {
710
710
  visor: "./dist/index.js"
@@ -1152,11 +1152,11 @@ function getTracer() {
1152
1152
  }
1153
1153
  async function withActiveSpan(name, attrs, fn) {
1154
1154
  const tracer = getTracer();
1155
- return await new Promise((resolve19, reject) => {
1155
+ return await new Promise((resolve15, reject) => {
1156
1156
  const callback = async (span) => {
1157
1157
  try {
1158
1158
  const res = await fn(span);
1159
- resolve19(res);
1159
+ resolve15(res);
1160
1160
  } catch (err) {
1161
1161
  try {
1162
1162
  if (err instanceof Error) span.recordException(err);
@@ -1281,19 +1281,19 @@ function __getOrCreateNdjsonPath() {
1281
1281
  try {
1282
1282
  if (process.env.VISOR_TELEMETRY_SINK && process.env.VISOR_TELEMETRY_SINK !== "file")
1283
1283
  return null;
1284
- const path33 = require("path");
1285
- const fs29 = require("fs");
1284
+ const path29 = require("path");
1285
+ const fs25 = require("fs");
1286
1286
  if (process.env.VISOR_FALLBACK_TRACE_FILE) {
1287
1287
  __ndjsonPath = process.env.VISOR_FALLBACK_TRACE_FILE;
1288
- const dir = path33.dirname(__ndjsonPath);
1289
- if (!fs29.existsSync(dir)) fs29.mkdirSync(dir, { recursive: true });
1288
+ const dir = path29.dirname(__ndjsonPath);
1289
+ if (!fs25.existsSync(dir)) fs25.mkdirSync(dir, { recursive: true });
1290
1290
  return __ndjsonPath;
1291
1291
  }
1292
- const outDir = process.env.VISOR_TRACE_DIR || path33.join(process.cwd(), "output", "traces");
1293
- if (!fs29.existsSync(outDir)) fs29.mkdirSync(outDir, { recursive: true });
1292
+ const outDir = process.env.VISOR_TRACE_DIR || path29.join(process.cwd(), "output", "traces");
1293
+ if (!fs25.existsSync(outDir)) fs25.mkdirSync(outDir, { recursive: true });
1294
1294
  if (!__ndjsonPath) {
1295
1295
  const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
1296
- __ndjsonPath = path33.join(outDir, `${ts}.ndjson`);
1296
+ __ndjsonPath = path29.join(outDir, `${ts}.ndjson`);
1297
1297
  }
1298
1298
  return __ndjsonPath;
1299
1299
  } catch {
@@ -1302,11 +1302,11 @@ function __getOrCreateNdjsonPath() {
1302
1302
  }
1303
1303
  function _appendRunMarker() {
1304
1304
  try {
1305
- const fs29 = require("fs");
1305
+ const fs25 = require("fs");
1306
1306
  const p = __getOrCreateNdjsonPath();
1307
1307
  if (!p) return;
1308
1308
  const line = { name: "visor.run", attributes: { started: true } };
1309
- fs29.appendFileSync(p, JSON.stringify(line) + "\n", "utf8");
1309
+ fs25.appendFileSync(p, JSON.stringify(line) + "\n", "utf8");
1310
1310
  } catch {
1311
1311
  }
1312
1312
  }
@@ -3393,7 +3393,7 @@ var init_failure_condition_evaluator = __esm({
3393
3393
  */
3394
3394
  evaluateExpression(condition, context2) {
3395
3395
  try {
3396
- const normalize8 = (expr) => {
3396
+ const normalize4 = (expr) => {
3397
3397
  const trimmed = expr.trim();
3398
3398
  if (!/[\n;]/.test(trimmed)) return trimmed;
3399
3399
  const parts = trimmed.split(/[\n;]+/).map((s) => s.trim()).filter((s) => s.length > 0 && !s.startsWith("//"));
@@ -3551,7 +3551,7 @@ var init_failure_condition_evaluator = __esm({
3551
3551
  try {
3552
3552
  exec2 = this.sandbox.compile(`return (${raw});`);
3553
3553
  } catch {
3554
- const normalizedExpr = normalize8(condition);
3554
+ const normalizedExpr = normalize4(condition);
3555
3555
  exec2 = this.sandbox.compile(`return (${normalizedExpr});`);
3556
3556
  }
3557
3557
  const result = exec2(scope).run();
@@ -3934,9 +3934,9 @@ function configureLiquidWithExtensions(liquid) {
3934
3934
  });
3935
3935
  liquid.registerFilter("get", (obj, pathExpr) => {
3936
3936
  if (obj == null) return void 0;
3937
- const path33 = typeof pathExpr === "string" ? pathExpr : String(pathExpr || "");
3938
- if (!path33) return obj;
3939
- const parts = path33.split(".");
3937
+ const path29 = typeof pathExpr === "string" ? pathExpr : String(pathExpr || "");
3938
+ if (!path29) return obj;
3939
+ const parts = path29.split(".");
3940
3940
  let cur = obj;
3941
3941
  for (const p of parts) {
3942
3942
  if (cur == null) return void 0;
@@ -4055,9 +4055,9 @@ function configureLiquidWithExtensions(liquid) {
4055
4055
  }
4056
4056
  }
4057
4057
  const defaultRole = typeof rolesCfg.default === "string" && rolesCfg.default.trim() ? rolesCfg.default.trim() : void 0;
4058
- const getNested = (obj, path33) => {
4059
- if (!obj || !path33) return void 0;
4060
- const parts = path33.split(".");
4058
+ const getNested = (obj, path29) => {
4059
+ if (!obj || !path29) return void 0;
4060
+ const parts = path29.split(".");
4061
4061
  let cur = obj;
4062
4062
  for (const p of parts) {
4063
4063
  if (cur == null) return void 0;
@@ -6609,8 +6609,8 @@ var init_dependency_gating = __esm({
6609
6609
  async function renderTemplateContent(checkId, checkConfig, reviewSummary) {
6610
6610
  try {
6611
6611
  const { createExtendedLiquid: createExtendedLiquid2 } = await Promise.resolve().then(() => (init_liquid_extensions(), liquid_extensions_exports));
6612
- const fs29 = await import("fs/promises");
6613
- const path33 = await import("path");
6612
+ const fs25 = await import("fs/promises");
6613
+ const path29 = await import("path");
6614
6614
  const schemaRaw = checkConfig.schema || "plain";
6615
6615
  const schema = typeof schemaRaw === "string" ? schemaRaw : "code-review";
6616
6616
  let templateContent;
@@ -6618,24 +6618,24 @@ async function renderTemplateContent(checkId, checkConfig, reviewSummary) {
6618
6618
  templateContent = String(checkConfig.template.content);
6619
6619
  } else if (checkConfig.template && checkConfig.template.file) {
6620
6620
  const file = String(checkConfig.template.file);
6621
- const resolved = path33.resolve(process.cwd(), file);
6622
- templateContent = await fs29.readFile(resolved, "utf-8");
6621
+ const resolved = path29.resolve(process.cwd(), file);
6622
+ templateContent = await fs25.readFile(resolved, "utf-8");
6623
6623
  } else if (schema && schema !== "plain") {
6624
6624
  const sanitized = String(schema).replace(/[^a-zA-Z0-9-]/g, "");
6625
6625
  if (sanitized) {
6626
6626
  const candidatePaths = [
6627
- path33.join(__dirname, "output", sanitized, "template.liquid"),
6627
+ path29.join(__dirname, "output", sanitized, "template.liquid"),
6628
6628
  // bundled: dist/output/
6629
- path33.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
6629
+ path29.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
6630
6630
  // source: output/
6631
- path33.join(process.cwd(), "output", sanitized, "template.liquid"),
6631
+ path29.join(process.cwd(), "output", sanitized, "template.liquid"),
6632
6632
  // fallback: cwd/output/
6633
- path33.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
6633
+ path29.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
6634
6634
  // fallback: cwd/dist/output/
6635
6635
  ];
6636
6636
  for (const p of candidatePaths) {
6637
6637
  try {
6638
- templateContent = await fs29.readFile(p, "utf-8");
6638
+ templateContent = await fs25.readFile(p, "utf-8");
6639
6639
  if (templateContent) break;
6640
6640
  } catch {
6641
6641
  }
@@ -7040,7 +7040,7 @@ async function processDiffWithOutline(diffContent) {
7040
7040
  }
7041
7041
  try {
7042
7042
  const originalProbePath = process.env.PROBE_PATH;
7043
- const fs29 = require("fs");
7043
+ const fs25 = require("fs");
7044
7044
  const possiblePaths = [
7045
7045
  // Relative to current working directory (most common in production)
7046
7046
  path6.join(process.cwd(), "node_modules/@probelabs/probe/bin/probe-binary"),
@@ -7051,7 +7051,7 @@ async function processDiffWithOutline(diffContent) {
7051
7051
  ];
7052
7052
  let probeBinaryPath;
7053
7053
  for (const candidatePath of possiblePaths) {
7054
- if (fs29.existsSync(candidatePath)) {
7054
+ if (fs25.existsSync(candidatePath)) {
7055
7055
  probeBinaryPath = candidatePath;
7056
7056
  break;
7057
7057
  }
@@ -7158,7 +7158,7 @@ async function renderMermaidToPng(mermaidCode) {
7158
7158
  if (chromiumPath) {
7159
7159
  env.PUPPETEER_EXECUTABLE_PATH = chromiumPath;
7160
7160
  }
7161
- const result = await new Promise((resolve19) => {
7161
+ const result = await new Promise((resolve15) => {
7162
7162
  const proc = (0, import_child_process.spawn)(
7163
7163
  "npx",
7164
7164
  [
@@ -7188,13 +7188,13 @@ async function renderMermaidToPng(mermaidCode) {
7188
7188
  });
7189
7189
  proc.on("close", (code) => {
7190
7190
  if (code === 0) {
7191
- resolve19({ success: true });
7191
+ resolve15({ success: true });
7192
7192
  } else {
7193
- resolve19({ success: false, error: stderr || `Exit code ${code}` });
7193
+ resolve15({ success: false, error: stderr || `Exit code ${code}` });
7194
7194
  }
7195
7195
  });
7196
7196
  proc.on("error", (err) => {
7197
- resolve19({ success: false, error: err.message });
7197
+ resolve15({ success: false, error: err.message });
7198
7198
  });
7199
7199
  });
7200
7200
  if (!result.success) {
@@ -8356,8 +8356,8 @@ ${schemaString}`);
8356
8356
  }
8357
8357
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8358
8358
  try {
8359
- const fs29 = require("fs");
8360
- const path33 = require("path");
8359
+ const fs25 = require("fs");
8360
+ const path29 = require("path");
8361
8361
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8362
8362
  const provider = this.config.provider || "auto";
8363
8363
  const model = this.config.model || "default";
@@ -8471,20 +8471,20 @@ ${"=".repeat(60)}
8471
8471
  `;
8472
8472
  readableVersion += `${"=".repeat(60)}
8473
8473
  `;
8474
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8475
- if (!fs29.existsSync(debugArtifactsDir)) {
8476
- fs29.mkdirSync(debugArtifactsDir, { recursive: true });
8474
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8475
+ if (!fs25.existsSync(debugArtifactsDir)) {
8476
+ fs25.mkdirSync(debugArtifactsDir, { recursive: true });
8477
8477
  }
8478
- const debugFile = path33.join(
8478
+ const debugFile = path29.join(
8479
8479
  debugArtifactsDir,
8480
8480
  `prompt-${_checkName || "unknown"}-${timestamp}.json`
8481
8481
  );
8482
- fs29.writeFileSync(debugFile, debugJson, "utf-8");
8483
- const readableFile = path33.join(
8482
+ fs25.writeFileSync(debugFile, debugJson, "utf-8");
8483
+ const readableFile = path29.join(
8484
8484
  debugArtifactsDir,
8485
8485
  `prompt-${_checkName || "unknown"}-${timestamp}.txt`
8486
8486
  );
8487
- fs29.writeFileSync(readableFile, readableVersion, "utf-8");
8487
+ fs25.writeFileSync(readableFile, readableVersion, "utf-8");
8488
8488
  log(`
8489
8489
  \u{1F4BE} Full debug info saved to:`);
8490
8490
  log(` JSON: ${debugFile}`);
@@ -8522,8 +8522,8 @@ ${"=".repeat(60)}
8522
8522
  log(`\u{1F4E4} Response length: ${response.length} characters`);
8523
8523
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8524
8524
  try {
8525
- const fs29 = require("fs");
8526
- const path33 = require("path");
8525
+ const fs25 = require("fs");
8526
+ const path29 = require("path");
8527
8527
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8528
8528
  const agentAny2 = agent;
8529
8529
  let fullHistory = [];
@@ -8534,8 +8534,8 @@ ${"=".repeat(60)}
8534
8534
  } else if (agentAny2._messages) {
8535
8535
  fullHistory = agentAny2._messages;
8536
8536
  }
8537
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8538
- const sessionBase = path33.join(
8537
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8538
+ const sessionBase = path29.join(
8539
8539
  debugArtifactsDir,
8540
8540
  `session-${_checkName || "unknown"}-${timestamp}`
8541
8541
  );
@@ -8547,7 +8547,7 @@ ${"=".repeat(60)}
8547
8547
  schema: effectiveSchema,
8548
8548
  totalMessages: fullHistory.length
8549
8549
  };
8550
- fs29.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
8550
+ fs25.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
8551
8551
  let readable = `=============================================================
8552
8552
  `;
8553
8553
  readable += `COMPLETE AI SESSION HISTORY (AFTER RESPONSE)
@@ -8574,7 +8574,7 @@ ${"=".repeat(60)}
8574
8574
  `;
8575
8575
  readable += content + "\n";
8576
8576
  });
8577
- fs29.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
8577
+ fs25.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
8578
8578
  log(`\u{1F4BE} Complete session history saved:`);
8579
8579
  log(` - Contains ALL ${fullHistory.length} messages (prompts + responses)`);
8580
8580
  } catch (error) {
@@ -8583,11 +8583,11 @@ ${"=".repeat(60)}
8583
8583
  }
8584
8584
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8585
8585
  try {
8586
- const fs29 = require("fs");
8587
- const path33 = require("path");
8586
+ const fs25 = require("fs");
8587
+ const path29 = require("path");
8588
8588
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8589
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8590
- const responseFile = path33.join(
8589
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8590
+ const responseFile = path29.join(
8591
8591
  debugArtifactsDir,
8592
8592
  `response-${_checkName || "unknown"}-${timestamp}.txt`
8593
8593
  );
@@ -8620,7 +8620,7 @@ ${"=".repeat(60)}
8620
8620
  `;
8621
8621
  responseContent += `${"=".repeat(60)}
8622
8622
  `;
8623
- fs29.writeFileSync(responseFile, responseContent, "utf-8");
8623
+ fs25.writeFileSync(responseFile, responseContent, "utf-8");
8624
8624
  log(`\u{1F4BE} Response saved to: ${responseFile}`);
8625
8625
  } catch (error) {
8626
8626
  log(`\u26A0\uFE0F Could not save response file: ${error}`);
@@ -8636,9 +8636,9 @@ ${"=".repeat(60)}
8636
8636
  await agentAny._telemetryConfig.shutdown();
8637
8637
  log(`\u{1F4CA} OpenTelemetry trace saved to: ${agentAny._traceFilePath}`);
8638
8638
  if (process.env.GITHUB_ACTIONS) {
8639
- const fs29 = require("fs");
8640
- if (fs29.existsSync(agentAny._traceFilePath)) {
8641
- const stats = fs29.statSync(agentAny._traceFilePath);
8639
+ const fs25 = require("fs");
8640
+ if (fs25.existsSync(agentAny._traceFilePath)) {
8641
+ const stats = fs25.statSync(agentAny._traceFilePath);
8642
8642
  console.log(
8643
8643
  `::notice title=AI Trace Saved::${agentAny._traceFilePath} (${stats.size} bytes)`
8644
8644
  );
@@ -8851,9 +8851,9 @@ ${schemaString}`);
8851
8851
  const model = this.config.model || "default";
8852
8852
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8853
8853
  try {
8854
- const fs29 = require("fs");
8855
- const path33 = require("path");
8856
- const os3 = require("os");
8854
+ const fs25 = require("fs");
8855
+ const path29 = require("path");
8856
+ const os2 = require("os");
8857
8857
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8858
8858
  const debugData = {
8859
8859
  timestamp,
@@ -8925,19 +8925,19 @@ ${"=".repeat(60)}
8925
8925
  `;
8926
8926
  readableVersion += `${"=".repeat(60)}
8927
8927
  `;
8928
- const tempDir = os3.tmpdir();
8929
- const promptFile = path33.join(tempDir, `visor-prompt-${timestamp}.txt`);
8930
- fs29.writeFileSync(promptFile, prompt, "utf-8");
8928
+ const tempDir = os2.tmpdir();
8929
+ const promptFile = path29.join(tempDir, `visor-prompt-${timestamp}.txt`);
8930
+ fs25.writeFileSync(promptFile, prompt, "utf-8");
8931
8931
  log(`
8932
8932
  \u{1F4BE} Prompt saved to: ${promptFile}`);
8933
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8933
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8934
8934
  try {
8935
- const base = path33.join(
8935
+ const base = path29.join(
8936
8936
  debugArtifactsDir,
8937
8937
  `prompt-${_checkName || "unknown"}-${timestamp}`
8938
8938
  );
8939
- fs29.writeFileSync(base + ".json", debugJson, "utf-8");
8940
- fs29.writeFileSync(base + ".summary.txt", readableVersion, "utf-8");
8939
+ fs25.writeFileSync(base + ".json", debugJson, "utf-8");
8940
+ fs25.writeFileSync(base + ".summary.txt", readableVersion, "utf-8");
8941
8941
  log(`
8942
8942
  \u{1F4BE} Full debug info saved to directory: ${debugArtifactsDir}`);
8943
8943
  } catch {
@@ -8987,8 +8987,8 @@ $ ${cliCommand}
8987
8987
  log(`\u{1F4E4} Response length: ${response.length} characters`);
8988
8988
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8989
8989
  try {
8990
- const fs29 = require("fs");
8991
- const path33 = require("path");
8990
+ const fs25 = require("fs");
8991
+ const path29 = require("path");
8992
8992
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8993
8993
  const agentAny = agent;
8994
8994
  let fullHistory = [];
@@ -8999,8 +8999,8 @@ $ ${cliCommand}
8999
8999
  } else if (agentAny._messages) {
9000
9000
  fullHistory = agentAny._messages;
9001
9001
  }
9002
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
9003
- const sessionBase = path33.join(
9002
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
9003
+ const sessionBase = path29.join(
9004
9004
  debugArtifactsDir,
9005
9005
  `session-${_checkName || "unknown"}-${timestamp}`
9006
9006
  );
@@ -9012,7 +9012,7 @@ $ ${cliCommand}
9012
9012
  schema: effectiveSchema,
9013
9013
  totalMessages: fullHistory.length
9014
9014
  };
9015
- fs29.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
9015
+ fs25.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
9016
9016
  let readable = `=============================================================
9017
9017
  `;
9018
9018
  readable += `COMPLETE AI SESSION HISTORY (AFTER RESPONSE)
@@ -9039,7 +9039,7 @@ ${"=".repeat(60)}
9039
9039
  `;
9040
9040
  readable += content + "\n";
9041
9041
  });
9042
- fs29.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
9042
+ fs25.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
9043
9043
  log(`\u{1F4BE} Complete session history saved:`);
9044
9044
  log(` - Contains ALL ${fullHistory.length} messages (prompts + responses)`);
9045
9045
  } catch (error) {
@@ -9048,11 +9048,11 @@ ${"=".repeat(60)}
9048
9048
  }
9049
9049
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
9050
9050
  try {
9051
- const fs29 = require("fs");
9052
- const path33 = require("path");
9051
+ const fs25 = require("fs");
9052
+ const path29 = require("path");
9053
9053
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
9054
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
9055
- const responseFile = path33.join(
9054
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
9055
+ const responseFile = path29.join(
9056
9056
  debugArtifactsDir,
9057
9057
  `response-${_checkName || "unknown"}-${timestamp}.txt`
9058
9058
  );
@@ -9085,7 +9085,7 @@ ${"=".repeat(60)}
9085
9085
  `;
9086
9086
  responseContent += `${"=".repeat(60)}
9087
9087
  `;
9088
- fs29.writeFileSync(responseFile, responseContent, "utf-8");
9088
+ fs25.writeFileSync(responseFile, responseContent, "utf-8");
9089
9089
  log(`\u{1F4BE} Response saved to: ${responseFile}`);
9090
9090
  } catch (error) {
9091
9091
  log(`\u26A0\uFE0F Could not save response file: ${error}`);
@@ -9103,9 +9103,9 @@ ${"=".repeat(60)}
9103
9103
  await telemetry.shutdown();
9104
9104
  log(`\u{1F4CA} OpenTelemetry trace saved to: ${traceFilePath}`);
9105
9105
  if (process.env.GITHUB_ACTIONS) {
9106
- const fs29 = require("fs");
9107
- if (fs29.existsSync(traceFilePath)) {
9108
- const stats = fs29.statSync(traceFilePath);
9106
+ const fs25 = require("fs");
9107
+ if (fs25.existsSync(traceFilePath)) {
9108
+ const stats = fs25.statSync(traceFilePath);
9109
9109
  console.log(
9110
9110
  `::notice title=AI Trace Saved::OpenTelemetry trace file size: ${stats.size} bytes`
9111
9111
  );
@@ -9143,8 +9143,8 @@ ${"=".repeat(60)}
9143
9143
  * Load schema content from schema files or inline definitions
9144
9144
  */
9145
9145
  async loadSchemaContent(schema) {
9146
- const fs29 = require("fs").promises;
9147
- const path33 = require("path");
9146
+ const fs25 = require("fs").promises;
9147
+ const path29 = require("path");
9148
9148
  if (typeof schema === "object" && schema !== null) {
9149
9149
  log("\u{1F4CB} Using inline schema object from configuration");
9150
9150
  return JSON.stringify(schema);
@@ -9157,14 +9157,14 @@ ${"=".repeat(60)}
9157
9157
  }
9158
9158
  } catch {
9159
9159
  }
9160
- if ((schema.startsWith("./") || schema.includes(".json")) && !path33.isAbsolute(schema)) {
9160
+ if ((schema.startsWith("./") || schema.includes(".json")) && !path29.isAbsolute(schema)) {
9161
9161
  if (schema.includes("..") || schema.includes("\0")) {
9162
9162
  throw new Error("Invalid schema path: path traversal not allowed");
9163
9163
  }
9164
9164
  try {
9165
- const schemaPath = path33.resolve(process.cwd(), schema);
9165
+ const schemaPath = path29.resolve(process.cwd(), schema);
9166
9166
  log(`\u{1F4CB} Loading custom schema from file: ${schemaPath}`);
9167
- const schemaContent = await fs29.readFile(schemaPath, "utf-8");
9167
+ const schemaContent = await fs25.readFile(schemaPath, "utf-8");
9168
9168
  return schemaContent.trim();
9169
9169
  } catch (error) {
9170
9170
  throw new Error(
@@ -9178,22 +9178,22 @@ ${"=".repeat(60)}
9178
9178
  }
9179
9179
  const candidatePaths = [
9180
9180
  // GitHub Action bundle location
9181
- path33.join(__dirname, "output", sanitizedSchemaName, "schema.json"),
9181
+ path29.join(__dirname, "output", sanitizedSchemaName, "schema.json"),
9182
9182
  // Historical fallback when src/output was inadvertently bundled as output1/
9183
- path33.join(__dirname, "output1", sanitizedSchemaName, "schema.json"),
9183
+ path29.join(__dirname, "output1", sanitizedSchemaName, "schema.json"),
9184
9184
  // Local dev (repo root)
9185
- path33.join(process.cwd(), "output", sanitizedSchemaName, "schema.json")
9185
+ path29.join(process.cwd(), "output", sanitizedSchemaName, "schema.json")
9186
9186
  ];
9187
9187
  for (const schemaPath of candidatePaths) {
9188
9188
  try {
9189
- const schemaContent = await fs29.readFile(schemaPath, "utf-8");
9189
+ const schemaContent = await fs25.readFile(schemaPath, "utf-8");
9190
9190
  return schemaContent.trim();
9191
9191
  } catch {
9192
9192
  }
9193
9193
  }
9194
- const distPath = path33.join(__dirname, "output", sanitizedSchemaName, "schema.json");
9195
- const distAltPath = path33.join(__dirname, "output1", sanitizedSchemaName, "schema.json");
9196
- const cwdPath = path33.join(process.cwd(), "output", sanitizedSchemaName, "schema.json");
9194
+ const distPath = path29.join(__dirname, "output", sanitizedSchemaName, "schema.json");
9195
+ const distAltPath = path29.join(__dirname, "output1", sanitizedSchemaName, "schema.json");
9196
+ const cwdPath = path29.join(process.cwd(), "output", sanitizedSchemaName, "schema.json");
9197
9197
  throw new Error(
9198
9198
  `Failed to load schema '${sanitizedSchemaName}'. Tried: ${distPath}, ${distAltPath}, and ${cwdPath}. Ensure build copies 'output/' into dist (build:cli), or provide a custom schema file/path.`
9199
9199
  );
@@ -9435,7 +9435,7 @@ ${"=".repeat(60)}
9435
9435
  * Generate mock response for testing
9436
9436
  */
9437
9437
  async generateMockResponse(_prompt, _checkName, _schema) {
9438
- await new Promise((resolve19) => setTimeout(resolve19, 500));
9438
+ await new Promise((resolve15) => setTimeout(resolve15, 500));
9439
9439
  const name = (_checkName || "").toLowerCase();
9440
9440
  if (name.includes("extract-facts")) {
9441
9441
  const arr = Array.from({ length: 6 }, (_, i) => ({
@@ -9796,7 +9796,7 @@ var init_command_executor = __esm({
9796
9796
  * Execute command with stdin input
9797
9797
  */
9798
9798
  executeWithStdin(command, options) {
9799
- return new Promise((resolve19, reject) => {
9799
+ return new Promise((resolve15, reject) => {
9800
9800
  const childProcess = (0, import_child_process2.exec)(
9801
9801
  command,
9802
9802
  {
@@ -9808,7 +9808,7 @@ var init_command_executor = __esm({
9808
9808
  if (error && error.killed && (error.code === "ETIMEDOUT" || error.signal === "SIGTERM")) {
9809
9809
  reject(new Error(`Command timed out after ${options.timeout || 3e4}ms`));
9810
9810
  } else {
9811
- resolve19({
9811
+ resolve15({
9812
9812
  stdout: stdout || "",
9813
9813
  stderr: stderr || "",
9814
9814
  exitCode: error ? error.code || 1 : 0
@@ -18575,17 +18575,17 @@ var init_workflow_check_provider = __esm({
18575
18575
  * so it can be executed by the state machine as a nested workflow.
18576
18576
  */
18577
18577
  async loadWorkflowFromConfigPath(sourcePath, baseDir) {
18578
- const path33 = require("path");
18579
- const fs29 = require("fs");
18578
+ const path29 = require("path");
18579
+ const fs25 = require("fs");
18580
18580
  const yaml5 = require("js-yaml");
18581
- const resolved = path33.isAbsolute(sourcePath) ? sourcePath : path33.resolve(baseDir, sourcePath);
18582
- if (!fs29.existsSync(resolved)) {
18581
+ const resolved = path29.isAbsolute(sourcePath) ? sourcePath : path29.resolve(baseDir, sourcePath);
18582
+ if (!fs25.existsSync(resolved)) {
18583
18583
  throw new Error(`Workflow config not found at: ${resolved}`);
18584
18584
  }
18585
- const rawContent = fs29.readFileSync(resolved, "utf8");
18585
+ const rawContent = fs25.readFileSync(resolved, "utf8");
18586
18586
  const rawData = yaml5.load(rawContent);
18587
18587
  if (rawData.imports && Array.isArray(rawData.imports)) {
18588
- const configDir = path33.dirname(resolved);
18588
+ const configDir = path29.dirname(resolved);
18589
18589
  for (const source of rawData.imports) {
18590
18590
  const results = await this.registry.import(source, {
18591
18591
  basePath: configDir,
@@ -18615,8 +18615,8 @@ ${errors}`);
18615
18615
  if (!steps || Object.keys(steps).length === 0) {
18616
18616
  throw new Error(`Config '${resolved}' does not contain any steps to execute as a workflow`);
18617
18617
  }
18618
- const id = path33.basename(resolved).replace(/\.(ya?ml)$/i, "");
18619
- const name = loaded.name || `Workflow from ${path33.basename(resolved)}`;
18618
+ const id = path29.basename(resolved).replace(/\.(ya?ml)$/i, "");
18619
+ const name = loaded.name || `Workflow from ${path29.basename(resolved)}`;
18620
18620
  const workflowDef = {
18621
18621
  id,
18622
18622
  name,
@@ -19425,8 +19425,8 @@ async function createStoreBackend(storageConfig, haConfig) {
19425
19425
  case "mssql": {
19426
19426
  try {
19427
19427
  const loaderPath = "../../enterprise/loader";
19428
- const { loadEnterpriseStoreBackend: loadEnterpriseStoreBackend2 } = await import(loaderPath);
19429
- return await loadEnterpriseStoreBackend2(driver, storageConfig, haConfig);
19428
+ const { loadEnterpriseStoreBackend } = await import(loaderPath);
19429
+ return await loadEnterpriseStoreBackend(driver, storageConfig, haConfig);
19430
19430
  } catch (err) {
19431
19431
  const msg = err instanceof Error ? err.message : String(err);
19432
19432
  logger.error(`[StoreFactory] Failed to load enterprise ${driver} backend: ${msg}`);
@@ -22114,7 +22114,7 @@ var init_mcp_custom_sse_server = __esm({
22114
22114
  * Returns the actual bound port number
22115
22115
  */
22116
22116
  async start() {
22117
- return new Promise((resolve19, reject) => {
22117
+ return new Promise((resolve15, reject) => {
22118
22118
  try {
22119
22119
  this.server = import_http.default.createServer((req, res) => {
22120
22120
  this.handleRequest(req, res).catch((error) => {
@@ -22148,7 +22148,7 @@ var init_mcp_custom_sse_server = __esm({
22148
22148
  );
22149
22149
  }
22150
22150
  this.startKeepalive();
22151
- resolve19(this.port);
22151
+ resolve15(this.port);
22152
22152
  });
22153
22153
  } catch (error) {
22154
22154
  reject(error);
@@ -22211,7 +22211,7 @@ var init_mcp_custom_sse_server = __esm({
22211
22211
  logger.debug(
22212
22212
  `[CustomToolsSSEServer:${this.sessionId}] Grace period before stop: ${waitMs}ms (activeToolCalls=${this.activeToolCalls})`
22213
22213
  );
22214
- await new Promise((resolve19) => setTimeout(resolve19, waitMs));
22214
+ await new Promise((resolve15) => setTimeout(resolve15, waitMs));
22215
22215
  }
22216
22216
  }
22217
22217
  if (this.activeToolCalls > 0) {
@@ -22220,7 +22220,7 @@ var init_mcp_custom_sse_server = __esm({
22220
22220
  `[CustomToolsSSEServer:${this.sessionId}] Waiting for ${this.activeToolCalls} active tool call(s) before stop`
22221
22221
  );
22222
22222
  while (this.activeToolCalls > 0 && Date.now() - startedAt < effectiveDrainTimeoutMs) {
22223
- await new Promise((resolve19) => setTimeout(resolve19, 250));
22223
+ await new Promise((resolve15) => setTimeout(resolve15, 250));
22224
22224
  }
22225
22225
  if (this.activeToolCalls > 0) {
22226
22226
  logger.warn(
@@ -22245,21 +22245,21 @@ var init_mcp_custom_sse_server = __esm({
22245
22245
  }
22246
22246
  this.connections.clear();
22247
22247
  if (this.server) {
22248
- await new Promise((resolve19, reject) => {
22248
+ await new Promise((resolve15, reject) => {
22249
22249
  const timeout = setTimeout(() => {
22250
22250
  if (this.debug) {
22251
22251
  logger.debug(
22252
22252
  `[CustomToolsSSEServer:${this.sessionId}] Force closing server after timeout`
22253
22253
  );
22254
22254
  }
22255
- this.server?.close(() => resolve19());
22255
+ this.server?.close(() => resolve15());
22256
22256
  }, 5e3);
22257
22257
  this.server.close((error) => {
22258
22258
  clearTimeout(timeout);
22259
22259
  if (error) {
22260
22260
  reject(error);
22261
22261
  } else {
22262
- resolve19();
22262
+ resolve15();
22263
22263
  }
22264
22264
  });
22265
22265
  });
@@ -22709,7 +22709,7 @@ var init_mcp_custom_sse_server = __esm({
22709
22709
  logger.warn(
22710
22710
  `[CustomToolsSSEServer:${this.sessionId}] Tool ${toolName} failed (attempt ${attempt + 1}/${retryCount + 1}): ${errorMsg}. Retrying in ${delay}ms`
22711
22711
  );
22712
- await new Promise((resolve19) => setTimeout(resolve19, delay));
22712
+ await new Promise((resolve15) => setTimeout(resolve15, delay));
22713
22713
  attempt++;
22714
22714
  }
22715
22715
  }
@@ -23101,9 +23101,9 @@ var init_ai_check_provider = __esm({
23101
23101
  } else {
23102
23102
  resolvedPath = import_path8.default.resolve(process.cwd(), str);
23103
23103
  }
23104
- const fs29 = require("fs").promises;
23104
+ const fs25 = require("fs").promises;
23105
23105
  try {
23106
- const stat2 = await fs29.stat(resolvedPath);
23106
+ const stat2 = await fs25.stat(resolvedPath);
23107
23107
  return stat2.isFile();
23108
23108
  } catch {
23109
23109
  return hasFileExtension && (isRelativePath || isAbsolutePath || hasPathSeparators);
@@ -29205,14 +29205,14 @@ var require_util = __commonJS({
29205
29205
  }
29206
29206
  const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80;
29207
29207
  let origin = url.origin != null ? url.origin : `${url.protocol}//${url.hostname}:${port}`;
29208
- let path33 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
29208
+ let path29 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
29209
29209
  if (origin.endsWith("/")) {
29210
29210
  origin = origin.substring(0, origin.length - 1);
29211
29211
  }
29212
- if (path33 && !path33.startsWith("/")) {
29213
- path33 = `/${path33}`;
29212
+ if (path29 && !path29.startsWith("/")) {
29213
+ path29 = `/${path29}`;
29214
29214
  }
29215
- url = new URL(origin + path33);
29215
+ url = new URL(origin + path29);
29216
29216
  }
29217
29217
  return url;
29218
29218
  }
@@ -30826,20 +30826,20 @@ var require_parseParams = __commonJS({
30826
30826
  var require_basename = __commonJS({
30827
30827
  "node_modules/@fastify/busboy/lib/utils/basename.js"(exports2, module2) {
30828
30828
  "use strict";
30829
- module2.exports = function basename4(path33) {
30830
- if (typeof path33 !== "string") {
30829
+ module2.exports = function basename4(path29) {
30830
+ if (typeof path29 !== "string") {
30831
30831
  return "";
30832
30832
  }
30833
- for (var i = path33.length - 1; i >= 0; --i) {
30834
- switch (path33.charCodeAt(i)) {
30833
+ for (var i = path29.length - 1; i >= 0; --i) {
30834
+ switch (path29.charCodeAt(i)) {
30835
30835
  case 47:
30836
30836
  // '/'
30837
30837
  case 92:
30838
- path33 = path33.slice(i + 1);
30839
- return path33 === ".." || path33 === "." ? "" : path33;
30838
+ path29 = path29.slice(i + 1);
30839
+ return path29 === ".." || path29 === "." ? "" : path29;
30840
30840
  }
30841
30841
  }
30842
- return path33 === ".." || path33 === "." ? "" : path33;
30842
+ return path29 === ".." || path29 === "." ? "" : path29;
30843
30843
  };
30844
30844
  }
30845
30845
  });
@@ -31843,11 +31843,11 @@ var require_util2 = __commonJS({
31843
31843
  var assert = require("assert");
31844
31844
  var { isUint8Array } = require("util/types");
31845
31845
  var supportedHashes = [];
31846
- var crypto9;
31846
+ var crypto7;
31847
31847
  try {
31848
- crypto9 = require("crypto");
31848
+ crypto7 = require("crypto");
31849
31849
  const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
31850
- supportedHashes = crypto9.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
31850
+ supportedHashes = crypto7.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
31851
31851
  } catch {
31852
31852
  }
31853
31853
  function responseURL(response) {
@@ -32124,7 +32124,7 @@ var require_util2 = __commonJS({
32124
32124
  }
32125
32125
  }
32126
32126
  function bytesMatch(bytes, metadataList) {
32127
- if (crypto9 === void 0) {
32127
+ if (crypto7 === void 0) {
32128
32128
  return true;
32129
32129
  }
32130
32130
  const parsedMetadata = parseMetadata(metadataList);
@@ -32139,7 +32139,7 @@ var require_util2 = __commonJS({
32139
32139
  for (const item of metadata) {
32140
32140
  const algorithm = item.algo;
32141
32141
  const expectedValue = item.hash;
32142
- let actualValue = crypto9.createHash(algorithm).update(bytes).digest("base64");
32142
+ let actualValue = crypto7.createHash(algorithm).update(bytes).digest("base64");
32143
32143
  if (actualValue[actualValue.length - 1] === "=") {
32144
32144
  if (actualValue[actualValue.length - 2] === "=") {
32145
32145
  actualValue = actualValue.slice(0, -2);
@@ -32232,8 +32232,8 @@ var require_util2 = __commonJS({
32232
32232
  function createDeferredPromise() {
32233
32233
  let res;
32234
32234
  let rej;
32235
- const promise = new Promise((resolve19, reject) => {
32236
- res = resolve19;
32235
+ const promise = new Promise((resolve15, reject) => {
32236
+ res = resolve15;
32237
32237
  rej = reject;
32238
32238
  });
32239
32239
  return { promise, resolve: res, reject: rej };
@@ -33486,8 +33486,8 @@ var require_body = __commonJS({
33486
33486
  var { parseMIMEType, serializeAMimeType } = require_dataURL();
33487
33487
  var random;
33488
33488
  try {
33489
- const crypto9 = require("crypto");
33490
- random = (max) => crypto9.randomInt(0, max);
33489
+ const crypto7 = require("crypto");
33490
+ random = (max) => crypto7.randomInt(0, max);
33491
33491
  } catch {
33492
33492
  random = (max) => Math.floor(Math.random(max));
33493
33493
  }
@@ -33738,8 +33738,8 @@ Content-Type: ${value.type || "application/octet-stream"}\r
33738
33738
  });
33739
33739
  }
33740
33740
  });
33741
- const busboyResolve = new Promise((resolve19, reject) => {
33742
- busboy.on("finish", resolve19);
33741
+ const busboyResolve = new Promise((resolve15, reject) => {
33742
+ busboy.on("finish", resolve15);
33743
33743
  busboy.on("error", (err) => reject(new TypeError(err)));
33744
33744
  });
33745
33745
  if (this.body !== null) for await (const chunk of consumeBody(this[kState].body)) busboy.write(chunk);
@@ -33870,7 +33870,7 @@ var require_request = __commonJS({
33870
33870
  }
33871
33871
  var Request2 = class _Request {
33872
33872
  constructor(origin, {
33873
- path: path33,
33873
+ path: path29,
33874
33874
  method,
33875
33875
  body,
33876
33876
  headers,
@@ -33884,11 +33884,11 @@ var require_request = __commonJS({
33884
33884
  throwOnError,
33885
33885
  expectContinue
33886
33886
  }, handler) {
33887
- if (typeof path33 !== "string") {
33887
+ if (typeof path29 !== "string") {
33888
33888
  throw new InvalidArgumentError("path must be a string");
33889
- } else if (path33[0] !== "/" && !(path33.startsWith("http://") || path33.startsWith("https://")) && method !== "CONNECT") {
33889
+ } else if (path29[0] !== "/" && !(path29.startsWith("http://") || path29.startsWith("https://")) && method !== "CONNECT") {
33890
33890
  throw new InvalidArgumentError("path must be an absolute URL or start with a slash");
33891
- } else if (invalidPathRegex.exec(path33) !== null) {
33891
+ } else if (invalidPathRegex.exec(path29) !== null) {
33892
33892
  throw new InvalidArgumentError("invalid request path");
33893
33893
  }
33894
33894
  if (typeof method !== "string") {
@@ -33951,7 +33951,7 @@ var require_request = __commonJS({
33951
33951
  this.completed = false;
33952
33952
  this.aborted = false;
33953
33953
  this.upgrade = upgrade || null;
33954
- this.path = query ? util.buildURL(path33, query) : path33;
33954
+ this.path = query ? util.buildURL(path29, query) : path29;
33955
33955
  this.origin = origin;
33956
33956
  this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent;
33957
33957
  this.blocking = blocking == null ? false : blocking;
@@ -34273,9 +34273,9 @@ var require_dispatcher_base = __commonJS({
34273
34273
  }
34274
34274
  close(callback) {
34275
34275
  if (callback === void 0) {
34276
- return new Promise((resolve19, reject) => {
34276
+ return new Promise((resolve15, reject) => {
34277
34277
  this.close((err, data) => {
34278
- return err ? reject(err) : resolve19(data);
34278
+ return err ? reject(err) : resolve15(data);
34279
34279
  });
34280
34280
  });
34281
34281
  }
@@ -34313,12 +34313,12 @@ var require_dispatcher_base = __commonJS({
34313
34313
  err = null;
34314
34314
  }
34315
34315
  if (callback === void 0) {
34316
- return new Promise((resolve19, reject) => {
34316
+ return new Promise((resolve15, reject) => {
34317
34317
  this.destroy(err, (err2, data) => {
34318
34318
  return err2 ? (
34319
34319
  /* istanbul ignore next: should never error */
34320
34320
  reject(err2)
34321
- ) : resolve19(data);
34321
+ ) : resolve15(data);
34322
34322
  });
34323
34323
  });
34324
34324
  }
@@ -34959,9 +34959,9 @@ var require_RedirectHandler = __commonJS({
34959
34959
  return this.handler.onHeaders(statusCode, headers, resume, statusText);
34960
34960
  }
34961
34961
  const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)));
34962
- const path33 = search ? `${pathname}${search}` : pathname;
34962
+ const path29 = search ? `${pathname}${search}` : pathname;
34963
34963
  this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin);
34964
- this.opts.path = path33;
34964
+ this.opts.path = path29;
34965
34965
  this.opts.origin = origin;
34966
34966
  this.opts.maxRedirections = 0;
34967
34967
  this.opts.query = null;
@@ -35380,16 +35380,16 @@ var require_client = __commonJS({
35380
35380
  return this[kNeedDrain] < 2;
35381
35381
  }
35382
35382
  async [kClose]() {
35383
- return new Promise((resolve19) => {
35383
+ return new Promise((resolve15) => {
35384
35384
  if (!this[kSize]) {
35385
- resolve19(null);
35385
+ resolve15(null);
35386
35386
  } else {
35387
- this[kClosedResolve] = resolve19;
35387
+ this[kClosedResolve] = resolve15;
35388
35388
  }
35389
35389
  });
35390
35390
  }
35391
35391
  async [kDestroy](err) {
35392
- return new Promise((resolve19) => {
35392
+ return new Promise((resolve15) => {
35393
35393
  const requests = this[kQueue].splice(this[kPendingIdx]);
35394
35394
  for (let i = 0; i < requests.length; i++) {
35395
35395
  const request = requests[i];
@@ -35400,7 +35400,7 @@ var require_client = __commonJS({
35400
35400
  this[kClosedResolve]();
35401
35401
  this[kClosedResolve] = null;
35402
35402
  }
35403
- resolve19();
35403
+ resolve15();
35404
35404
  };
35405
35405
  if (this[kHTTP2Session] != null) {
35406
35406
  util.destroy(this[kHTTP2Session], err);
@@ -35980,7 +35980,7 @@ var require_client = __commonJS({
35980
35980
  });
35981
35981
  }
35982
35982
  try {
35983
- const socket = await new Promise((resolve19, reject) => {
35983
+ const socket = await new Promise((resolve15, reject) => {
35984
35984
  client[kConnector]({
35985
35985
  host,
35986
35986
  hostname,
@@ -35992,7 +35992,7 @@ var require_client = __commonJS({
35992
35992
  if (err) {
35993
35993
  reject(err);
35994
35994
  } else {
35995
- resolve19(socket2);
35995
+ resolve15(socket2);
35996
35996
  }
35997
35997
  });
35998
35998
  });
@@ -36203,7 +36203,7 @@ var require_client = __commonJS({
36203
36203
  writeH2(client, client[kHTTP2Session], request);
36204
36204
  return;
36205
36205
  }
36206
- const { body, method, path: path33, host, upgrade, headers, blocking, reset } = request;
36206
+ const { body, method, path: path29, host, upgrade, headers, blocking, reset } = request;
36207
36207
  const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
36208
36208
  if (body && typeof body.read === "function") {
36209
36209
  body.read(0);
@@ -36253,7 +36253,7 @@ var require_client = __commonJS({
36253
36253
  if (blocking) {
36254
36254
  socket[kBlocking] = true;
36255
36255
  }
36256
- let header = `${method} ${path33} HTTP/1.1\r
36256
+ let header = `${method} ${path29} HTTP/1.1\r
36257
36257
  `;
36258
36258
  if (typeof host === "string") {
36259
36259
  header += `host: ${host}\r
@@ -36316,7 +36316,7 @@ upgrade: ${upgrade}\r
36316
36316
  return true;
36317
36317
  }
36318
36318
  function writeH2(client, session, request) {
36319
- const { body, method, path: path33, host, upgrade, expectContinue, signal, headers: reqHeaders } = request;
36319
+ const { body, method, path: path29, host, upgrade, expectContinue, signal, headers: reqHeaders } = request;
36320
36320
  let headers;
36321
36321
  if (typeof reqHeaders === "string") headers = Request2[kHTTP2CopyHeaders](reqHeaders.trim());
36322
36322
  else headers = reqHeaders;
@@ -36359,7 +36359,7 @@ upgrade: ${upgrade}\r
36359
36359
  });
36360
36360
  return true;
36361
36361
  }
36362
- headers[HTTP2_HEADER_PATH] = path33;
36362
+ headers[HTTP2_HEADER_PATH] = path29;
36363
36363
  headers[HTTP2_HEADER_SCHEME] = "https";
36364
36364
  const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
36365
36365
  if (body && typeof body.read === "function") {
@@ -36616,12 +36616,12 @@ upgrade: ${upgrade}\r
36616
36616
  cb();
36617
36617
  }
36618
36618
  }
36619
- const waitForDrain = () => new Promise((resolve19, reject) => {
36619
+ const waitForDrain = () => new Promise((resolve15, reject) => {
36620
36620
  assert(callback === null);
36621
36621
  if (socket[kError]) {
36622
36622
  reject(socket[kError]);
36623
36623
  } else {
36624
- callback = resolve19;
36624
+ callback = resolve15;
36625
36625
  }
36626
36626
  });
36627
36627
  if (client[kHTTPConnVersion] === "h2") {
@@ -36967,8 +36967,8 @@ var require_pool_base = __commonJS({
36967
36967
  if (this[kQueue].isEmpty()) {
36968
36968
  return Promise.all(this[kClients].map((c) => c.close()));
36969
36969
  } else {
36970
- return new Promise((resolve19) => {
36971
- this[kClosedResolve] = resolve19;
36970
+ return new Promise((resolve15) => {
36971
+ this[kClosedResolve] = resolve15;
36972
36972
  });
36973
36973
  }
36974
36974
  }
@@ -37546,7 +37546,7 @@ var require_readable = __commonJS({
37546
37546
  if (this.closed) {
37547
37547
  return Promise.resolve(null);
37548
37548
  }
37549
- return new Promise((resolve19, reject) => {
37549
+ return new Promise((resolve15, reject) => {
37550
37550
  const signalListenerCleanup = signal ? util.addAbortListener(signal, () => {
37551
37551
  this.destroy();
37552
37552
  }) : noop;
@@ -37555,7 +37555,7 @@ var require_readable = __commonJS({
37555
37555
  if (signal && signal.aborted) {
37556
37556
  reject(signal.reason || Object.assign(new Error("The operation was aborted"), { name: "AbortError" }));
37557
37557
  } else {
37558
- resolve19(null);
37558
+ resolve15(null);
37559
37559
  }
37560
37560
  }).on("error", noop).on("data", function(chunk) {
37561
37561
  limit -= chunk.length;
@@ -37577,11 +37577,11 @@ var require_readable = __commonJS({
37577
37577
  throw new TypeError("unusable");
37578
37578
  }
37579
37579
  assert(!stream[kConsume]);
37580
- return new Promise((resolve19, reject) => {
37580
+ return new Promise((resolve15, reject) => {
37581
37581
  stream[kConsume] = {
37582
37582
  type,
37583
37583
  stream,
37584
- resolve: resolve19,
37584
+ resolve: resolve15,
37585
37585
  reject,
37586
37586
  length: 0,
37587
37587
  body: []
@@ -37616,12 +37616,12 @@ var require_readable = __commonJS({
37616
37616
  }
37617
37617
  }
37618
37618
  function consumeEnd(consume2) {
37619
- const { type, body, resolve: resolve19, stream, length } = consume2;
37619
+ const { type, body, resolve: resolve15, stream, length } = consume2;
37620
37620
  try {
37621
37621
  if (type === "text") {
37622
- resolve19(toUSVString(Buffer.concat(body)));
37622
+ resolve15(toUSVString(Buffer.concat(body)));
37623
37623
  } else if (type === "json") {
37624
- resolve19(JSON.parse(Buffer.concat(body)));
37624
+ resolve15(JSON.parse(Buffer.concat(body)));
37625
37625
  } else if (type === "arrayBuffer") {
37626
37626
  const dst = new Uint8Array(length);
37627
37627
  let pos = 0;
@@ -37629,12 +37629,12 @@ var require_readable = __commonJS({
37629
37629
  dst.set(buf, pos);
37630
37630
  pos += buf.byteLength;
37631
37631
  }
37632
- resolve19(dst.buffer);
37632
+ resolve15(dst.buffer);
37633
37633
  } else if (type === "blob") {
37634
37634
  if (!Blob2) {
37635
37635
  Blob2 = require("buffer").Blob;
37636
37636
  }
37637
- resolve19(new Blob2(body, { type: stream[kContentType] }));
37637
+ resolve15(new Blob2(body, { type: stream[kContentType] }));
37638
37638
  }
37639
37639
  consumeFinish(consume2);
37640
37640
  } catch (err) {
@@ -37891,9 +37891,9 @@ var require_api_request = __commonJS({
37891
37891
  };
37892
37892
  function request(opts, callback) {
37893
37893
  if (callback === void 0) {
37894
- return new Promise((resolve19, reject) => {
37894
+ return new Promise((resolve15, reject) => {
37895
37895
  request.call(this, opts, (err, data) => {
37896
- return err ? reject(err) : resolve19(data);
37896
+ return err ? reject(err) : resolve15(data);
37897
37897
  });
37898
37898
  });
37899
37899
  }
@@ -38066,9 +38066,9 @@ var require_api_stream = __commonJS({
38066
38066
  };
38067
38067
  function stream(opts, factory, callback) {
38068
38068
  if (callback === void 0) {
38069
- return new Promise((resolve19, reject) => {
38069
+ return new Promise((resolve15, reject) => {
38070
38070
  stream.call(this, opts, factory, (err, data) => {
38071
- return err ? reject(err) : resolve19(data);
38071
+ return err ? reject(err) : resolve15(data);
38072
38072
  });
38073
38073
  });
38074
38074
  }
@@ -38349,9 +38349,9 @@ var require_api_upgrade = __commonJS({
38349
38349
  };
38350
38350
  function upgrade(opts, callback) {
38351
38351
  if (callback === void 0) {
38352
- return new Promise((resolve19, reject) => {
38352
+ return new Promise((resolve15, reject) => {
38353
38353
  upgrade.call(this, opts, (err, data) => {
38354
- return err ? reject(err) : resolve19(data);
38354
+ return err ? reject(err) : resolve15(data);
38355
38355
  });
38356
38356
  });
38357
38357
  }
@@ -38440,9 +38440,9 @@ var require_api_connect = __commonJS({
38440
38440
  };
38441
38441
  function connect(opts, callback) {
38442
38442
  if (callback === void 0) {
38443
- return new Promise((resolve19, reject) => {
38443
+ return new Promise((resolve15, reject) => {
38444
38444
  connect.call(this, opts, (err, data) => {
38445
- return err ? reject(err) : resolve19(data);
38445
+ return err ? reject(err) : resolve15(data);
38446
38446
  });
38447
38447
  });
38448
38448
  }
@@ -38602,20 +38602,20 @@ var require_mock_utils = __commonJS({
38602
38602
  }
38603
38603
  return true;
38604
38604
  }
38605
- function safeUrl(path33) {
38606
- if (typeof path33 !== "string") {
38607
- return path33;
38605
+ function safeUrl(path29) {
38606
+ if (typeof path29 !== "string") {
38607
+ return path29;
38608
38608
  }
38609
- const pathSegments = path33.split("?");
38609
+ const pathSegments = path29.split("?");
38610
38610
  if (pathSegments.length !== 2) {
38611
- return path33;
38611
+ return path29;
38612
38612
  }
38613
38613
  const qp = new URLSearchParams(pathSegments.pop());
38614
38614
  qp.sort();
38615
38615
  return [...pathSegments, qp.toString()].join("?");
38616
38616
  }
38617
- function matchKey(mockDispatch2, { path: path33, method, body, headers }) {
38618
- const pathMatch = matchValue(mockDispatch2.path, path33);
38617
+ function matchKey(mockDispatch2, { path: path29, method, body, headers }) {
38618
+ const pathMatch = matchValue(mockDispatch2.path, path29);
38619
38619
  const methodMatch = matchValue(mockDispatch2.method, method);
38620
38620
  const bodyMatch = typeof mockDispatch2.body !== "undefined" ? matchValue(mockDispatch2.body, body) : true;
38621
38621
  const headersMatch = matchHeaders(mockDispatch2, headers);
@@ -38633,7 +38633,7 @@ var require_mock_utils = __commonJS({
38633
38633
  function getMockDispatch(mockDispatches, key) {
38634
38634
  const basePath = key.query ? buildURL(key.path, key.query) : key.path;
38635
38635
  const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath;
38636
- let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path33 }) => matchValue(safeUrl(path33), resolvedPath));
38636
+ let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path29 }) => matchValue(safeUrl(path29), resolvedPath));
38637
38637
  if (matchedMockDispatches.length === 0) {
38638
38638
  throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`);
38639
38639
  }
@@ -38670,9 +38670,9 @@ var require_mock_utils = __commonJS({
38670
38670
  }
38671
38671
  }
38672
38672
  function buildKey(opts) {
38673
- const { path: path33, method, body, headers, query } = opts;
38673
+ const { path: path29, method, body, headers, query } = opts;
38674
38674
  return {
38675
- path: path33,
38675
+ path: path29,
38676
38676
  method,
38677
38677
  body,
38678
38678
  headers,
@@ -39121,10 +39121,10 @@ var require_pending_interceptors_formatter = __commonJS({
39121
39121
  }
39122
39122
  format(pendingInterceptors) {
39123
39123
  const withPrettyHeaders = pendingInterceptors.map(
39124
- ({ method, path: path33, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
39124
+ ({ method, path: path29, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
39125
39125
  Method: method,
39126
39126
  Origin: origin,
39127
- Path: path33,
39127
+ Path: path29,
39128
39128
  "Status code": statusCode,
39129
39129
  Persistent: persist ? "\u2705" : "\u274C",
39130
39130
  Invocations: timesInvoked,
@@ -42065,7 +42065,7 @@ var require_fetch = __commonJS({
42065
42065
  async function dispatch({ body }) {
42066
42066
  const url = requestCurrentURL(request);
42067
42067
  const agent = fetchParams.controller.dispatcher;
42068
- return new Promise((resolve19, reject) => agent.dispatch(
42068
+ return new Promise((resolve15, reject) => agent.dispatch(
42069
42069
  {
42070
42070
  path: url.pathname + url.search,
42071
42071
  origin: url.origin,
@@ -42141,7 +42141,7 @@ var require_fetch = __commonJS({
42141
42141
  }
42142
42142
  }
42143
42143
  }
42144
- resolve19({
42144
+ resolve15({
42145
42145
  status,
42146
42146
  statusText,
42147
42147
  headersList: headers[kHeadersList],
@@ -42184,7 +42184,7 @@ var require_fetch = __commonJS({
42184
42184
  const val = headersList[n + 1].toString("latin1");
42185
42185
  headers[kHeadersList].append(key, val);
42186
42186
  }
42187
- resolve19({
42187
+ resolve15({
42188
42188
  status,
42189
42189
  statusText: STATUS_CODES[status],
42190
42190
  headersList: headers[kHeadersList],
@@ -43745,8 +43745,8 @@ var require_util6 = __commonJS({
43745
43745
  }
43746
43746
  }
43747
43747
  }
43748
- function validateCookiePath(path33) {
43749
- for (const char of path33) {
43748
+ function validateCookiePath(path29) {
43749
+ for (const char of path29) {
43750
43750
  const code = char.charCodeAt(0);
43751
43751
  if (code < 33 || char === ";") {
43752
43752
  throw new Error("Invalid cookie path");
@@ -44543,9 +44543,9 @@ var require_connection = __commonJS({
44543
44543
  channels.open = diagnosticsChannel.channel("undici:websocket:open");
44544
44544
  channels.close = diagnosticsChannel.channel("undici:websocket:close");
44545
44545
  channels.socketError = diagnosticsChannel.channel("undici:websocket:socket_error");
44546
- var crypto9;
44546
+ var crypto7;
44547
44547
  try {
44548
- crypto9 = require("crypto");
44548
+ crypto7 = require("crypto");
44549
44549
  } catch {
44550
44550
  }
44551
44551
  function establishWebSocketConnection(url, protocols, ws, onEstablish, options) {
@@ -44564,7 +44564,7 @@ var require_connection = __commonJS({
44564
44564
  const headersList = new Headers(options.headers)[kHeadersList];
44565
44565
  request.headersList = headersList;
44566
44566
  }
44567
- const keyValue = crypto9.randomBytes(16).toString("base64");
44567
+ const keyValue = crypto7.randomBytes(16).toString("base64");
44568
44568
  request.headersList.append("sec-websocket-key", keyValue);
44569
44569
  request.headersList.append("sec-websocket-version", "13");
44570
44570
  for (const protocol of protocols) {
@@ -44593,7 +44593,7 @@ var require_connection = __commonJS({
44593
44593
  return;
44594
44594
  }
44595
44595
  const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
44596
- const digest = crypto9.createHash("sha1").update(keyValue + uid).digest("base64");
44596
+ const digest = crypto7.createHash("sha1").update(keyValue + uid).digest("base64");
44597
44597
  if (secWSAccept !== digest) {
44598
44598
  failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
44599
44599
  return;
@@ -44673,9 +44673,9 @@ var require_frame = __commonJS({
44673
44673
  "node_modules/undici/lib/websocket/frame.js"(exports2, module2) {
44674
44674
  "use strict";
44675
44675
  var { maxUnsigned16Bit } = require_constants5();
44676
- var crypto9;
44676
+ var crypto7;
44677
44677
  try {
44678
- crypto9 = require("crypto");
44678
+ crypto7 = require("crypto");
44679
44679
  } catch {
44680
44680
  }
44681
44681
  var WebsocketFrameSend = class {
@@ -44684,7 +44684,7 @@ var require_frame = __commonJS({
44684
44684
  */
44685
44685
  constructor(data) {
44686
44686
  this.frameData = data;
44687
- this.maskKey = crypto9.randomBytes(4);
44687
+ this.maskKey = crypto7.randomBytes(4);
44688
44688
  }
44689
44689
  createFrame(opcode) {
44690
44690
  const bodyLength = this.frameData?.byteLength ?? 0;
@@ -45426,11 +45426,11 @@ var require_undici = __commonJS({
45426
45426
  if (typeof opts.path !== "string") {
45427
45427
  throw new InvalidArgumentError("invalid opts.path");
45428
45428
  }
45429
- let path33 = opts.path;
45429
+ let path29 = opts.path;
45430
45430
  if (!opts.path.startsWith("/")) {
45431
- path33 = `/${path33}`;
45431
+ path29 = `/${path29}`;
45432
45432
  }
45433
- url = new URL(util.parseOrigin(url).origin + path33);
45433
+ url = new URL(util.parseOrigin(url).origin + path29);
45434
45434
  } else {
45435
45435
  if (!opts) {
45436
45436
  opts = typeof url === "object" ? url : {};
@@ -45999,7 +45999,7 @@ var init_mcp_check_provider = __esm({
45999
45999
  logger.warn(
46000
46000
  `MCP ${transportName} failed (attempt ${attempt + 1}/${maxRetries + 1}), retrying in ${delay}ms: ${error instanceof Error ? error.message : String(error)}`
46001
46001
  );
46002
- await new Promise((resolve19) => setTimeout(resolve19, delay));
46002
+ await new Promise((resolve15) => setTimeout(resolve15, delay));
46003
46003
  attempt += 1;
46004
46004
  } finally {
46005
46005
  try {
@@ -46292,7 +46292,7 @@ async function acquirePromptLock() {
46292
46292
  );
46293
46293
  }, 1e4);
46294
46294
  try {
46295
- await new Promise((resolve19) => waiters.push(resolve19));
46295
+ await new Promise((resolve15) => waiters.push(resolve15));
46296
46296
  } finally {
46297
46297
  clearInterval(reminder);
46298
46298
  const waitedMs = Date.now() - queuedAt;
@@ -46311,7 +46311,7 @@ function releasePromptLock() {
46311
46311
  }
46312
46312
  async function interactivePrompt(options) {
46313
46313
  await acquirePromptLock();
46314
- return new Promise((resolve19, reject) => {
46314
+ return new Promise((resolve15, reject) => {
46315
46315
  const dbg = process.env.VISOR_DEBUG === "true";
46316
46316
  try {
46317
46317
  if (dbg) {
@@ -46398,12 +46398,12 @@ async function interactivePrompt(options) {
46398
46398
  };
46399
46399
  const finish = (value) => {
46400
46400
  cleanup();
46401
- resolve19(value);
46401
+ resolve15(value);
46402
46402
  };
46403
46403
  if (options.timeout && options.timeout > 0) {
46404
46404
  timeoutId = setTimeout(() => {
46405
46405
  cleanup();
46406
- if (defaultValue !== void 0) return resolve19(defaultValue);
46406
+ if (defaultValue !== void 0) return resolve15(defaultValue);
46407
46407
  return reject(new Error("Input timeout"));
46408
46408
  }, options.timeout);
46409
46409
  }
@@ -46535,7 +46535,7 @@ async function interactivePrompt(options) {
46535
46535
  });
46536
46536
  }
46537
46537
  async function simplePrompt(prompt) {
46538
- return new Promise((resolve19) => {
46538
+ return new Promise((resolve15) => {
46539
46539
  const rl = readline.createInterface({
46540
46540
  input: process.stdin,
46541
46541
  output: process.stdout
@@ -46551,7 +46551,7 @@ async function simplePrompt(prompt) {
46551
46551
  rl.question(`${prompt}
46552
46552
  > `, (answer) => {
46553
46553
  rl.close();
46554
- resolve19(answer.trim());
46554
+ resolve15(answer.trim());
46555
46555
  });
46556
46556
  });
46557
46557
  }
@@ -46719,7 +46719,7 @@ function isStdinAvailable() {
46719
46719
  return !process.stdin.isTTY;
46720
46720
  }
46721
46721
  async function readStdin(timeout, maxSize = 1024 * 1024) {
46722
- return new Promise((resolve19, reject) => {
46722
+ return new Promise((resolve15, reject) => {
46723
46723
  let data = "";
46724
46724
  let timeoutId;
46725
46725
  if (timeout) {
@@ -46746,7 +46746,7 @@ async function readStdin(timeout, maxSize = 1024 * 1024) {
46746
46746
  };
46747
46747
  const onEnd = () => {
46748
46748
  cleanup();
46749
- resolve19(data.trim());
46749
+ resolve15(data.trim());
46750
46750
  };
46751
46751
  const onError = (err) => {
46752
46752
  cleanup();
@@ -51446,23 +51446,23 @@ __export(renderer_schema_exports, {
51446
51446
  });
51447
51447
  async function loadRendererSchema(name) {
51448
51448
  try {
51449
- const fs29 = await import("fs/promises");
51450
- const path33 = await import("path");
51449
+ const fs25 = await import("fs/promises");
51450
+ const path29 = await import("path");
51451
51451
  const sanitized = String(name).replace(/[^a-zA-Z0-9-]/g, "");
51452
51452
  if (!sanitized) return void 0;
51453
51453
  const candidates = [
51454
51454
  // When bundled with ncc, __dirname is dist/ and output/ is at dist/output/
51455
- path33.join(__dirname, "output", sanitized, "schema.json"),
51455
+ path29.join(__dirname, "output", sanitized, "schema.json"),
51456
51456
  // When running from source, __dirname is src/state-machine/dispatch/ and output/ is at output/
51457
- path33.join(__dirname, "..", "..", "output", sanitized, "schema.json"),
51457
+ path29.join(__dirname, "..", "..", "output", sanitized, "schema.json"),
51458
51458
  // When running from a checkout with output/ folder copied to CWD
51459
- path33.join(process.cwd(), "output", sanitized, "schema.json"),
51459
+ path29.join(process.cwd(), "output", sanitized, "schema.json"),
51460
51460
  // Fallback: cwd/dist/output/
51461
- path33.join(process.cwd(), "dist", "output", sanitized, "schema.json")
51461
+ path29.join(process.cwd(), "dist", "output", sanitized, "schema.json")
51462
51462
  ];
51463
51463
  for (const p of candidates) {
51464
51464
  try {
51465
- const raw = await fs29.readFile(p, "utf-8");
51465
+ const raw = await fs25.readFile(p, "utf-8");
51466
51466
  return JSON.parse(raw);
51467
51467
  } catch {
51468
51468
  }
@@ -53907,8 +53907,8 @@ function updateStats2(results, state, isForEachIteration = false) {
53907
53907
  async function renderTemplateContent2(checkId, checkConfig, reviewSummary) {
53908
53908
  try {
53909
53909
  const { createExtendedLiquid: createExtendedLiquid2 } = await Promise.resolve().then(() => (init_liquid_extensions(), liquid_extensions_exports));
53910
- const fs29 = await import("fs/promises");
53911
- const path33 = await import("path");
53910
+ const fs25 = await import("fs/promises");
53911
+ const path29 = await import("path");
53912
53912
  const schemaRaw = checkConfig.schema || "plain";
53913
53913
  const schema = typeof schemaRaw === "string" && !schemaRaw.includes("{{") && !schemaRaw.includes("{%") ? schemaRaw : typeof schemaRaw === "object" ? "code-review" : "plain";
53914
53914
  let templateContent;
@@ -53917,27 +53917,27 @@ async function renderTemplateContent2(checkId, checkConfig, reviewSummary) {
53917
53917
  logger.debug(`[LevelDispatch] Using inline template for ${checkId}`);
53918
53918
  } else if (checkConfig.template && checkConfig.template.file) {
53919
53919
  const file = String(checkConfig.template.file);
53920
- const resolved = path33.resolve(process.cwd(), file);
53921
- templateContent = await fs29.readFile(resolved, "utf-8");
53920
+ const resolved = path29.resolve(process.cwd(), file);
53921
+ templateContent = await fs25.readFile(resolved, "utf-8");
53922
53922
  logger.debug(`[LevelDispatch] Using template file for ${checkId}: ${resolved}`);
53923
53923
  } else if (schema && schema !== "plain") {
53924
53924
  const sanitized = String(schema).replace(/[^a-zA-Z0-9-]/g, "");
53925
53925
  if (sanitized) {
53926
53926
  const candidatePaths = [
53927
- path33.join(__dirname, "output", sanitized, "template.liquid"),
53927
+ path29.join(__dirname, "output", sanitized, "template.liquid"),
53928
53928
  // bundled: dist/output/
53929
- path33.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
53929
+ path29.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
53930
53930
  // source (from state-machine/states)
53931
- path33.join(__dirname, "..", "..", "..", "output", sanitized, "template.liquid"),
53931
+ path29.join(__dirname, "..", "..", "..", "output", sanitized, "template.liquid"),
53932
53932
  // source (alternate)
53933
- path33.join(process.cwd(), "output", sanitized, "template.liquid"),
53933
+ path29.join(process.cwd(), "output", sanitized, "template.liquid"),
53934
53934
  // fallback: cwd/output/
53935
- path33.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
53935
+ path29.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
53936
53936
  // fallback: cwd/dist/output/
53937
53937
  ];
53938
53938
  for (const p of candidatePaths) {
53939
53939
  try {
53940
- templateContent = await fs29.readFile(p, "utf-8");
53940
+ templateContent = await fs25.readFile(p, "utf-8");
53941
53941
  if (templateContent) {
53942
53942
  logger.debug(`[LevelDispatch] Using schema template for ${checkId}: ${p}`);
53943
53943
  break;
@@ -56077,8 +56077,8 @@ var init_workspace_manager = __esm({
56077
56077
  );
56078
56078
  if (this.cleanupRequested && this.activeOperations === 0) {
56079
56079
  logger.debug(`[Workspace] All references released, proceeding with deferred cleanup`);
56080
- for (const resolve19 of this.cleanupResolvers) {
56081
- resolve19();
56080
+ for (const resolve15 of this.cleanupResolvers) {
56081
+ resolve15();
56082
56082
  }
56083
56083
  this.cleanupResolvers = [];
56084
56084
  }
@@ -56257,19 +56257,19 @@ var init_workspace_manager = __esm({
56257
56257
  );
56258
56258
  this.cleanupRequested = true;
56259
56259
  await Promise.race([
56260
- new Promise((resolve19) => {
56260
+ new Promise((resolve15) => {
56261
56261
  if (this.activeOperations === 0) {
56262
- resolve19();
56262
+ resolve15();
56263
56263
  } else {
56264
- this.cleanupResolvers.push(resolve19);
56264
+ this.cleanupResolvers.push(resolve15);
56265
56265
  }
56266
56266
  }),
56267
- new Promise((resolve19) => {
56267
+ new Promise((resolve15) => {
56268
56268
  setTimeout(() => {
56269
56269
  logger.warn(
56270
56270
  `[Workspace] Cleanup timeout after ${timeout}ms, proceeding anyway (${this.activeOperations} operations still active)`
56271
56271
  );
56272
- resolve19();
56272
+ resolve15();
56273
56273
  }, timeout);
56274
56274
  })
56275
56275
  ]);
@@ -56663,8 +56663,8 @@ var init_fair_concurrency_limiter = __esm({
56663
56663
  );
56664
56664
  const queuedAt = Date.now();
56665
56665
  const effectiveTimeout = queueTimeout ?? 12e4;
56666
- return new Promise((resolve19, reject) => {
56667
- const entry = { resolve: resolve19, reject, queuedAt };
56666
+ return new Promise((resolve15, reject) => {
56667
+ const entry = { resolve: resolve15, reject, queuedAt };
56668
56668
  entry.reminder = setInterval(() => {
56669
56669
  const waited = Math.round((Date.now() - queuedAt) / 1e3);
56670
56670
  const curQueued = this._totalQueued();
@@ -56971,1380 +56971,6 @@ var init_build_engine_context = __esm({
56971
56971
  }
56972
56972
  });
56973
56973
 
56974
- // src/policy/default-engine.ts
56975
- var DefaultPolicyEngine;
56976
- var init_default_engine = __esm({
56977
- "src/policy/default-engine.ts"() {
56978
- "use strict";
56979
- DefaultPolicyEngine = class {
56980
- async initialize(_config) {
56981
- }
56982
- async evaluateCheckExecution(_checkId, _checkConfig) {
56983
- return { allowed: true };
56984
- }
56985
- async evaluateToolInvocation(_serverName, _methodName, _transport) {
56986
- return { allowed: true };
56987
- }
56988
- async evaluateCapabilities(_checkId, _capabilities) {
56989
- return { allowed: true };
56990
- }
56991
- async shutdown() {
56992
- }
56993
- };
56994
- }
56995
- });
56996
-
56997
- // src/enterprise/license/validator.ts
56998
- var validator_exports = {};
56999
- __export(validator_exports, {
57000
- LicenseValidator: () => LicenseValidator
57001
- });
57002
- var crypto3, fs21, path26, LicenseValidator;
57003
- var init_validator = __esm({
57004
- "src/enterprise/license/validator.ts"() {
57005
- "use strict";
57006
- crypto3 = __toESM(require("crypto"));
57007
- fs21 = __toESM(require("fs"));
57008
- path26 = __toESM(require("path"));
57009
- LicenseValidator = class _LicenseValidator {
57010
- /** Ed25519 public key for license verification (PEM format). */
57011
- static PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAI/Zd08EFmgIdrDm/HXd0l3/5GBt7R1PrdvhdmEXhJlU=\n-----END PUBLIC KEY-----\n";
57012
- cache = null;
57013
- static CACHE_TTL = 5 * 60 * 1e3;
57014
- // 5 minutes
57015
- static GRACE_PERIOD = 72 * 3600 * 1e3;
57016
- // 72 hours after expiry
57017
- /**
57018
- * Load and validate license from environment or file.
57019
- *
57020
- * Resolution order:
57021
- * 1. VISOR_LICENSE env var (JWT string)
57022
- * 2. VISOR_LICENSE_FILE env var (path to file)
57023
- * 3. .visor-license in project root (cwd)
57024
- * 4. .visor-license in ~/.config/visor/
57025
- */
57026
- async loadAndValidate() {
57027
- if (this.cache && Date.now() - this.cache.validatedAt < _LicenseValidator.CACHE_TTL) {
57028
- return this.cache.payload;
57029
- }
57030
- const token = this.resolveToken();
57031
- if (!token) return null;
57032
- const payload = this.verifyAndDecode(token);
57033
- if (!payload) return null;
57034
- this.cache = { payload, validatedAt: Date.now() };
57035
- return payload;
57036
- }
57037
- /** Check if a specific feature is licensed */
57038
- hasFeature(feature) {
57039
- if (!this.cache) return false;
57040
- return this.cache.payload.features.includes(feature);
57041
- }
57042
- /** Check if license is valid (with grace period) */
57043
- isValid() {
57044
- if (!this.cache) return false;
57045
- const now = Date.now();
57046
- const expiryMs = this.cache.payload.exp * 1e3;
57047
- return now < expiryMs + _LicenseValidator.GRACE_PERIOD;
57048
- }
57049
- /** Check if the license is within its grace period (expired but still valid) */
57050
- isInGracePeriod() {
57051
- if (!this.cache) return false;
57052
- const now = Date.now();
57053
- const expiryMs = this.cache.payload.exp * 1e3;
57054
- return now >= expiryMs && now < expiryMs + _LicenseValidator.GRACE_PERIOD;
57055
- }
57056
- resolveToken() {
57057
- if (process.env.VISOR_LICENSE) {
57058
- return process.env.VISOR_LICENSE.trim();
57059
- }
57060
- if (process.env.VISOR_LICENSE_FILE) {
57061
- const resolved = path26.resolve(process.env.VISOR_LICENSE_FILE);
57062
- const home2 = process.env.HOME || process.env.USERPROFILE || "";
57063
- const allowedPrefixes = [path26.normalize(process.cwd())];
57064
- if (home2) allowedPrefixes.push(path26.normalize(path26.join(home2, ".config", "visor")));
57065
- let realPath;
57066
- try {
57067
- realPath = fs21.realpathSync(resolved);
57068
- } catch {
57069
- return null;
57070
- }
57071
- const isSafe = allowedPrefixes.some(
57072
- (prefix) => realPath === prefix || realPath.startsWith(prefix + path26.sep)
57073
- );
57074
- if (!isSafe) return null;
57075
- return this.readFile(realPath);
57076
- }
57077
- const cwdPath = path26.join(process.cwd(), ".visor-license");
57078
- const cwdToken = this.readFile(cwdPath);
57079
- if (cwdToken) return cwdToken;
57080
- const home = process.env.HOME || process.env.USERPROFILE || "";
57081
- if (home) {
57082
- const configPath = path26.join(home, ".config", "visor", ".visor-license");
57083
- const configToken = this.readFile(configPath);
57084
- if (configToken) return configToken;
57085
- }
57086
- return null;
57087
- }
57088
- readFile(filePath) {
57089
- try {
57090
- return fs21.readFileSync(filePath, "utf-8").trim();
57091
- } catch {
57092
- return null;
57093
- }
57094
- }
57095
- verifyAndDecode(token) {
57096
- try {
57097
- const parts = token.split(".");
57098
- if (parts.length !== 3) return null;
57099
- const [headerB64, payloadB64, signatureB64] = parts;
57100
- const header = JSON.parse(Buffer.from(headerB64, "base64url").toString());
57101
- if (header.alg !== "EdDSA") return null;
57102
- const data = `${headerB64}.${payloadB64}`;
57103
- const signature = Buffer.from(signatureB64, "base64url");
57104
- const publicKey = crypto3.createPublicKey(_LicenseValidator.PUBLIC_KEY);
57105
- if (publicKey.asymmetricKeyType !== "ed25519") {
57106
- return null;
57107
- }
57108
- const isValid = crypto3.verify(null, Buffer.from(data), publicKey, signature);
57109
- if (!isValid) return null;
57110
- const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
57111
- if (!payload.org || !Array.isArray(payload.features) || typeof payload.exp !== "number" || typeof payload.iat !== "number" || !payload.sub) {
57112
- return null;
57113
- }
57114
- const now = Date.now();
57115
- const expiryMs = payload.exp * 1e3;
57116
- if (now >= expiryMs + _LicenseValidator.GRACE_PERIOD) {
57117
- return null;
57118
- }
57119
- return payload;
57120
- } catch {
57121
- return null;
57122
- }
57123
- }
57124
- };
57125
- }
57126
- });
57127
-
57128
- // src/enterprise/policy/opa-compiler.ts
57129
- var fs22, path27, os2, crypto4, import_child_process8, OpaCompiler;
57130
- var init_opa_compiler = __esm({
57131
- "src/enterprise/policy/opa-compiler.ts"() {
57132
- "use strict";
57133
- fs22 = __toESM(require("fs"));
57134
- path27 = __toESM(require("path"));
57135
- os2 = __toESM(require("os"));
57136
- crypto4 = __toESM(require("crypto"));
57137
- import_child_process8 = require("child_process");
57138
- OpaCompiler = class _OpaCompiler {
57139
- static CACHE_DIR = path27.join(os2.tmpdir(), "visor-opa-cache");
57140
- /**
57141
- * Resolve the input paths to WASM bytes.
57142
- *
57143
- * Strategy:
57144
- * 1. If any path is a .wasm file, read it directly
57145
- * 2. If a directory contains policy.wasm, read it
57146
- * 3. Otherwise, collect all .rego files and auto-compile via `opa build`
57147
- */
57148
- async resolveWasmBytes(paths) {
57149
- const regoFiles = [];
57150
- for (const p of paths) {
57151
- const resolved = path27.resolve(p);
57152
- if (path27.normalize(resolved).includes("..")) {
57153
- throw new Error(`Policy path contains traversal sequences: ${p}`);
57154
- }
57155
- if (resolved.endsWith(".wasm") && fs22.existsSync(resolved)) {
57156
- return fs22.readFileSync(resolved);
57157
- }
57158
- if (!fs22.existsSync(resolved)) continue;
57159
- const stat2 = fs22.statSync(resolved);
57160
- if (stat2.isDirectory()) {
57161
- const wasmCandidate = path27.join(resolved, "policy.wasm");
57162
- if (fs22.existsSync(wasmCandidate)) {
57163
- return fs22.readFileSync(wasmCandidate);
57164
- }
57165
- const files = fs22.readdirSync(resolved);
57166
- for (const f of files) {
57167
- if (f.endsWith(".rego")) {
57168
- regoFiles.push(path27.join(resolved, f));
57169
- }
57170
- }
57171
- } else if (resolved.endsWith(".rego")) {
57172
- regoFiles.push(resolved);
57173
- }
57174
- }
57175
- if (regoFiles.length === 0) {
57176
- throw new Error(
57177
- `OPA WASM evaluator: no .wasm bundle or .rego files found in: ${paths.join(", ")}`
57178
- );
57179
- }
57180
- return this.compileRego(regoFiles);
57181
- }
57182
- /**
57183
- * Auto-compile .rego files to a WASM bundle using the `opa` CLI.
57184
- *
57185
- * Caches the compiled bundle based on a content hash of all input .rego files
57186
- * so subsequent runs skip compilation if policies haven't changed.
57187
- */
57188
- compileRego(regoFiles) {
57189
- try {
57190
- (0, import_child_process8.execFileSync)("opa", ["version"], { stdio: "pipe" });
57191
- } catch {
57192
- throw new Error(
57193
- "OPA CLI (`opa`) not found on PATH. Install it from https://www.openpolicyagent.org/docs/latest/#running-opa\nOr pre-compile your .rego files: opa build -t wasm -e visor -o bundle.tar.gz " + regoFiles.join(" ")
57194
- );
57195
- }
57196
- const hash = crypto4.createHash("sha256");
57197
- for (const f of regoFiles.sort()) {
57198
- hash.update(fs22.readFileSync(f));
57199
- hash.update(f);
57200
- }
57201
- const cacheKey = hash.digest("hex").slice(0, 16);
57202
- const cacheDir = _OpaCompiler.CACHE_DIR;
57203
- const cachedWasm = path27.join(cacheDir, `${cacheKey}.wasm`);
57204
- if (fs22.existsSync(cachedWasm)) {
57205
- return fs22.readFileSync(cachedWasm);
57206
- }
57207
- fs22.mkdirSync(cacheDir, { recursive: true });
57208
- const bundleTar = path27.join(cacheDir, `${cacheKey}-bundle.tar.gz`);
57209
- try {
57210
- const args = [
57211
- "build",
57212
- "-t",
57213
- "wasm",
57214
- "-e",
57215
- "visor",
57216
- // entrypoint: the visor package tree
57217
- "-o",
57218
- bundleTar,
57219
- ...regoFiles
57220
- ];
57221
- (0, import_child_process8.execFileSync)("opa", args, {
57222
- stdio: "pipe",
57223
- timeout: 3e4
57224
- });
57225
- } catch (err) {
57226
- const stderr = err?.stderr?.toString() || "";
57227
- throw new Error(
57228
- `Failed to compile .rego files to WASM:
57229
- ${stderr}
57230
- Ensure your .rego files are valid and the \`opa\` CLI is installed.`
57231
- );
57232
- }
57233
- try {
57234
- (0, import_child_process8.execFileSync)("tar", ["-xzf", bundleTar, "-C", cacheDir, "/policy.wasm"], {
57235
- stdio: "pipe"
57236
- });
57237
- const extractedWasm = path27.join(cacheDir, "policy.wasm");
57238
- if (fs22.existsSync(extractedWasm)) {
57239
- fs22.renameSync(extractedWasm, cachedWasm);
57240
- }
57241
- } catch {
57242
- try {
57243
- (0, import_child_process8.execFileSync)("tar", ["-xzf", bundleTar, "-C", cacheDir, "policy.wasm"], {
57244
- stdio: "pipe"
57245
- });
57246
- const extractedWasm = path27.join(cacheDir, "policy.wasm");
57247
- if (fs22.existsSync(extractedWasm)) {
57248
- fs22.renameSync(extractedWasm, cachedWasm);
57249
- }
57250
- } catch (err2) {
57251
- throw new Error(`Failed to extract policy.wasm from OPA bundle: ${err2?.message || err2}`);
57252
- }
57253
- }
57254
- try {
57255
- fs22.unlinkSync(bundleTar);
57256
- } catch {
57257
- }
57258
- if (!fs22.existsSync(cachedWasm)) {
57259
- throw new Error("OPA build succeeded but policy.wasm was not found in the bundle");
57260
- }
57261
- return fs22.readFileSync(cachedWasm);
57262
- }
57263
- };
57264
- }
57265
- });
57266
-
57267
- // src/enterprise/policy/opa-wasm-evaluator.ts
57268
- var fs23, path28, OpaWasmEvaluator;
57269
- var init_opa_wasm_evaluator = __esm({
57270
- "src/enterprise/policy/opa-wasm-evaluator.ts"() {
57271
- "use strict";
57272
- fs23 = __toESM(require("fs"));
57273
- path28 = __toESM(require("path"));
57274
- init_opa_compiler();
57275
- OpaWasmEvaluator = class {
57276
- policy = null;
57277
- dataDocument = {};
57278
- compiler = new OpaCompiler();
57279
- async initialize(rulesPath) {
57280
- const paths = Array.isArray(rulesPath) ? rulesPath : [rulesPath];
57281
- const wasmBytes = await this.compiler.resolveWasmBytes(paths);
57282
- try {
57283
- const { createRequire } = require("module");
57284
- const runtimeRequire = createRequire(__filename);
57285
- const opaWasm = runtimeRequire("@open-policy-agent/opa-wasm");
57286
- const loadPolicy = opaWasm.loadPolicy || opaWasm.default?.loadPolicy;
57287
- if (!loadPolicy) {
57288
- throw new Error("loadPolicy not found in @open-policy-agent/opa-wasm");
57289
- }
57290
- this.policy = await loadPolicy(wasmBytes);
57291
- } catch (err) {
57292
- if (err?.code === "MODULE_NOT_FOUND" || err?.code === "ERR_MODULE_NOT_FOUND") {
57293
- throw new Error(
57294
- "OPA WASM evaluator requires @open-policy-agent/opa-wasm. Install it with: npm install @open-policy-agent/opa-wasm"
57295
- );
57296
- }
57297
- throw err;
57298
- }
57299
- }
57300
- /**
57301
- * Load external data from a JSON file to use as the OPA data document.
57302
- * The loaded data will be passed to `policy.setData()` during evaluation,
57303
- * making it available in Rego via `data.<key>`.
57304
- */
57305
- loadData(dataPath) {
57306
- const resolved = path28.resolve(dataPath);
57307
- if (path28.normalize(resolved).includes("..")) {
57308
- throw new Error(`Data path contains traversal sequences: ${dataPath}`);
57309
- }
57310
- if (!fs23.existsSync(resolved)) {
57311
- throw new Error(`OPA data file not found: ${resolved}`);
57312
- }
57313
- const stat2 = fs23.statSync(resolved);
57314
- if (stat2.size > 10 * 1024 * 1024) {
57315
- throw new Error(`OPA data file exceeds 10MB limit: ${resolved} (${stat2.size} bytes)`);
57316
- }
57317
- const raw = fs23.readFileSync(resolved, "utf-8");
57318
- try {
57319
- const parsed = JSON.parse(raw);
57320
- if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
57321
- throw new Error("OPA data file must contain a JSON object (not an array or primitive)");
57322
- }
57323
- this.dataDocument = parsed;
57324
- } catch (err) {
57325
- if (err.message.startsWith("OPA data file must")) {
57326
- throw err;
57327
- }
57328
- throw new Error(`Failed to parse OPA data file ${resolved}: ${err.message}`);
57329
- }
57330
- }
57331
- async evaluate(input) {
57332
- if (!this.policy) {
57333
- throw new Error("OPA WASM evaluator not initialized");
57334
- }
57335
- this.policy.setData(this.dataDocument);
57336
- const resultSet = this.policy.evaluate(input);
57337
- if (Array.isArray(resultSet) && resultSet.length > 0) {
57338
- return resultSet[0].result;
57339
- }
57340
- return void 0;
57341
- }
57342
- async shutdown() {
57343
- if (this.policy) {
57344
- if (typeof this.policy.close === "function") {
57345
- try {
57346
- this.policy.close();
57347
- } catch {
57348
- }
57349
- } else if (typeof this.policy.free === "function") {
57350
- try {
57351
- this.policy.free();
57352
- } catch {
57353
- }
57354
- }
57355
- }
57356
- this.policy = null;
57357
- }
57358
- };
57359
- }
57360
- });
57361
-
57362
- // src/enterprise/policy/opa-http-evaluator.ts
57363
- var OpaHttpEvaluator;
57364
- var init_opa_http_evaluator = __esm({
57365
- "src/enterprise/policy/opa-http-evaluator.ts"() {
57366
- "use strict";
57367
- OpaHttpEvaluator = class {
57368
- baseUrl;
57369
- timeout;
57370
- constructor(baseUrl, timeout = 5e3) {
57371
- let parsed;
57372
- try {
57373
- parsed = new URL(baseUrl);
57374
- } catch {
57375
- throw new Error(`OPA HTTP evaluator: invalid URL: ${baseUrl}`);
57376
- }
57377
- if (!["http:", "https:"].includes(parsed.protocol)) {
57378
- throw new Error(
57379
- `OPA HTTP evaluator: url must use http:// or https:// protocol, got: ${baseUrl}`
57380
- );
57381
- }
57382
- const hostname = parsed.hostname;
57383
- if (this.isBlockedHostname(hostname)) {
57384
- throw new Error(
57385
- `OPA HTTP evaluator: url must not point to internal, loopback, or private network addresses`
57386
- );
57387
- }
57388
- this.baseUrl = baseUrl.replace(/\/+$/, "");
57389
- this.timeout = timeout;
57390
- }
57391
- /**
57392
- * Check if a hostname is blocked due to SSRF concerns.
57393
- *
57394
- * Blocks:
57395
- * - Loopback addresses (127.x.x.x, localhost, 0.0.0.0, ::1)
57396
- * - Link-local addresses (169.254.x.x)
57397
- * - Private networks (10.x.x.x, 172.16-31.x.x, 192.168.x.x)
57398
- * - IPv6 unique local addresses (fd00::/8)
57399
- * - Cloud metadata services (*.internal)
57400
- */
57401
- isBlockedHostname(hostname) {
57402
- if (!hostname) return true;
57403
- const normalized = hostname.toLowerCase().replace(/^\[|\]$/g, "");
57404
- if (normalized === "metadata.google.internal" || normalized.endsWith(".internal")) {
57405
- return true;
57406
- }
57407
- if (normalized === "localhost" || normalized === "localhost.localdomain") {
57408
- return true;
57409
- }
57410
- if (normalized === "::1" || normalized === "0:0:0:0:0:0:0:1") {
57411
- return true;
57412
- }
57413
- const ipv4Pattern = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
57414
- const ipv4Match = normalized.match(ipv4Pattern);
57415
- if (ipv4Match) {
57416
- const octets = ipv4Match.slice(1, 5).map(Number);
57417
- if (octets.some((octet) => octet > 255)) {
57418
- return false;
57419
- }
57420
- const [a, b] = octets;
57421
- if (a === 127) {
57422
- return true;
57423
- }
57424
- if (a === 0) {
57425
- return true;
57426
- }
57427
- if (a === 169 && b === 254) {
57428
- return true;
57429
- }
57430
- if (a === 10) {
57431
- return true;
57432
- }
57433
- if (a === 172 && b >= 16 && b <= 31) {
57434
- return true;
57435
- }
57436
- if (a === 192 && b === 168) {
57437
- return true;
57438
- }
57439
- }
57440
- if (normalized.startsWith("fd") || normalized.startsWith("fc")) {
57441
- return true;
57442
- }
57443
- if (normalized.startsWith("fe80:")) {
57444
- return true;
57445
- }
57446
- return false;
57447
- }
57448
- /**
57449
- * Evaluate a policy rule against an input document via OPA REST API.
57450
- *
57451
- * @param input - The input document to evaluate
57452
- * @param rulePath - OPA rule path (e.g., 'visor/check/execute')
57453
- * @returns The result object from OPA, or undefined on error
57454
- */
57455
- async evaluate(input, rulePath) {
57456
- const encodedPath = rulePath.split("/").map((s) => encodeURIComponent(s)).join("/");
57457
- const url = `${this.baseUrl}/v1/data/${encodedPath}`;
57458
- const controller = new AbortController();
57459
- const timer = setTimeout(() => controller.abort(), this.timeout);
57460
- try {
57461
- const response = await fetch(url, {
57462
- method: "POST",
57463
- headers: { "Content-Type": "application/json" },
57464
- body: JSON.stringify({ input }),
57465
- signal: controller.signal
57466
- });
57467
- if (!response.ok) {
57468
- throw new Error(`OPA HTTP ${response.status}: ${response.statusText}`);
57469
- }
57470
- let body;
57471
- try {
57472
- body = await response.json();
57473
- } catch (jsonErr) {
57474
- throw new Error(
57475
- `OPA HTTP evaluator: failed to parse JSON response: ${jsonErr instanceof Error ? jsonErr.message : String(jsonErr)}`
57476
- );
57477
- }
57478
- return body?.result;
57479
- } finally {
57480
- clearTimeout(timer);
57481
- }
57482
- }
57483
- async shutdown() {
57484
- }
57485
- };
57486
- }
57487
- });
57488
-
57489
- // src/enterprise/policy/policy-input-builder.ts
57490
- var PolicyInputBuilder;
57491
- var init_policy_input_builder = __esm({
57492
- "src/enterprise/policy/policy-input-builder.ts"() {
57493
- "use strict";
57494
- PolicyInputBuilder = class {
57495
- roles;
57496
- actor;
57497
- repository;
57498
- pullRequest;
57499
- constructor(policyConfig, actor, repository, pullRequest) {
57500
- this.roles = policyConfig.roles || {};
57501
- this.actor = actor;
57502
- this.repository = repository;
57503
- this.pullRequest = pullRequest;
57504
- }
57505
- /** Resolve which roles apply to the current actor. */
57506
- resolveRoles() {
57507
- const matched = [];
57508
- for (const [roleName, roleConfig] of Object.entries(this.roles)) {
57509
- let identityMatch = false;
57510
- if (roleConfig.author_association && this.actor.authorAssociation && roleConfig.author_association.includes(this.actor.authorAssociation)) {
57511
- identityMatch = true;
57512
- }
57513
- if (!identityMatch && roleConfig.users && this.actor.login && roleConfig.users.includes(this.actor.login)) {
57514
- identityMatch = true;
57515
- }
57516
- if (!identityMatch && roleConfig.slack_users && this.actor.slack?.userId && roleConfig.slack_users.includes(this.actor.slack.userId)) {
57517
- identityMatch = true;
57518
- }
57519
- if (!identityMatch && roleConfig.emails && this.actor.slack?.email) {
57520
- const actorEmail = this.actor.slack.email.toLowerCase();
57521
- if (roleConfig.emails.some((e) => e.toLowerCase() === actorEmail)) {
57522
- identityMatch = true;
57523
- }
57524
- }
57525
- if (!identityMatch) continue;
57526
- if (roleConfig.slack_channels && roleConfig.slack_channels.length > 0) {
57527
- if (!this.actor.slack?.channelId || !roleConfig.slack_channels.includes(this.actor.slack.channelId)) {
57528
- continue;
57529
- }
57530
- }
57531
- matched.push(roleName);
57532
- }
57533
- return matched;
57534
- }
57535
- buildActor() {
57536
- return {
57537
- authorAssociation: this.actor.authorAssociation,
57538
- login: this.actor.login,
57539
- roles: this.resolveRoles(),
57540
- isLocalMode: this.actor.isLocalMode,
57541
- ...this.actor.slack && { slack: this.actor.slack }
57542
- };
57543
- }
57544
- forCheckExecution(check) {
57545
- return {
57546
- scope: "check.execute",
57547
- check: {
57548
- id: check.id,
57549
- type: check.type,
57550
- group: check.group,
57551
- tags: check.tags,
57552
- criticality: check.criticality,
57553
- sandbox: check.sandbox,
57554
- policy: check.policy
57555
- },
57556
- actor: this.buildActor(),
57557
- repository: this.repository,
57558
- pullRequest: this.pullRequest
57559
- };
57560
- }
57561
- forToolInvocation(serverName, methodName, transport) {
57562
- return {
57563
- scope: "tool.invoke",
57564
- tool: { serverName, methodName, transport },
57565
- actor: this.buildActor(),
57566
- repository: this.repository,
57567
- pullRequest: this.pullRequest
57568
- };
57569
- }
57570
- forCapabilityResolve(checkId, capabilities) {
57571
- return {
57572
- scope: "capability.resolve",
57573
- check: { id: checkId, type: "ai" },
57574
- capability: capabilities,
57575
- actor: this.buildActor(),
57576
- repository: this.repository,
57577
- pullRequest: this.pullRequest
57578
- };
57579
- }
57580
- };
57581
- }
57582
- });
57583
-
57584
- // src/enterprise/policy/opa-policy-engine.ts
57585
- var opa_policy_engine_exports = {};
57586
- __export(opa_policy_engine_exports, {
57587
- OpaPolicyEngine: () => OpaPolicyEngine
57588
- });
57589
- var OpaPolicyEngine;
57590
- var init_opa_policy_engine = __esm({
57591
- "src/enterprise/policy/opa-policy-engine.ts"() {
57592
- "use strict";
57593
- init_opa_wasm_evaluator();
57594
- init_opa_http_evaluator();
57595
- init_policy_input_builder();
57596
- OpaPolicyEngine = class {
57597
- evaluator = null;
57598
- fallback;
57599
- timeout;
57600
- config;
57601
- inputBuilder = null;
57602
- logger = null;
57603
- constructor(config) {
57604
- this.config = config;
57605
- this.fallback = config.fallback || "deny";
57606
- this.timeout = config.timeout || 5e3;
57607
- }
57608
- async initialize(config) {
57609
- try {
57610
- this.logger = (init_logger(), __toCommonJS(logger_exports)).logger;
57611
- } catch {
57612
- }
57613
- const actor = {
57614
- authorAssociation: process.env.VISOR_AUTHOR_ASSOCIATION,
57615
- login: process.env.VISOR_AUTHOR_LOGIN || process.env.GITHUB_ACTOR,
57616
- isLocalMode: !process.env.GITHUB_ACTIONS
57617
- };
57618
- const repo = {
57619
- owner: process.env.GITHUB_REPOSITORY_OWNER,
57620
- name: process.env.GITHUB_REPOSITORY?.split("/")[1],
57621
- branch: process.env.GITHUB_HEAD_REF,
57622
- baseBranch: process.env.GITHUB_BASE_REF,
57623
- event: process.env.GITHUB_EVENT_NAME
57624
- };
57625
- const prNum = process.env.GITHUB_PR_NUMBER ? parseInt(process.env.GITHUB_PR_NUMBER, 10) : void 0;
57626
- const pullRequest = {
57627
- number: prNum !== void 0 && Number.isFinite(prNum) ? prNum : void 0
57628
- };
57629
- this.inputBuilder = new PolicyInputBuilder(config, actor, repo, pullRequest);
57630
- if (config.engine === "local") {
57631
- if (!config.rules) {
57632
- throw new Error("OPA local mode requires `policy.rules` path to .wasm or .rego files");
57633
- }
57634
- const wasm = new OpaWasmEvaluator();
57635
- await wasm.initialize(config.rules);
57636
- if (config.data) {
57637
- wasm.loadData(config.data);
57638
- }
57639
- this.evaluator = wasm;
57640
- } else if (config.engine === "remote") {
57641
- if (!config.url) {
57642
- throw new Error("OPA remote mode requires `policy.url` pointing to OPA server");
57643
- }
57644
- this.evaluator = new OpaHttpEvaluator(config.url, this.timeout);
57645
- } else {
57646
- this.evaluator = null;
57647
- }
57648
- }
57649
- /**
57650
- * Update actor/repo/PR context (e.g., after PR info becomes available).
57651
- * Called by the enterprise loader when engine context is enriched.
57652
- */
57653
- setActorContext(actor, repo, pullRequest) {
57654
- this.inputBuilder = new PolicyInputBuilder(this.config, actor, repo, pullRequest);
57655
- }
57656
- async evaluateCheckExecution(checkId, checkConfig) {
57657
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57658
- const cfg = checkConfig && typeof checkConfig === "object" ? checkConfig : {};
57659
- const policyOverride = cfg.policy;
57660
- const input = this.inputBuilder.forCheckExecution({
57661
- id: checkId,
57662
- type: cfg.type || "ai",
57663
- group: cfg.group,
57664
- tags: cfg.tags,
57665
- criticality: cfg.criticality,
57666
- sandbox: cfg.sandbox,
57667
- policy: policyOverride
57668
- });
57669
- return this.doEvaluate(input, this.resolveRulePath("check.execute", policyOverride?.rule));
57670
- }
57671
- async evaluateToolInvocation(serverName, methodName, transport) {
57672
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57673
- const input = this.inputBuilder.forToolInvocation(serverName, methodName, transport);
57674
- return this.doEvaluate(input, "visor/tool/invoke");
57675
- }
57676
- async evaluateCapabilities(checkId, capabilities) {
57677
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57678
- const input = this.inputBuilder.forCapabilityResolve(checkId, capabilities);
57679
- return this.doEvaluate(input, "visor/capability/resolve");
57680
- }
57681
- async shutdown() {
57682
- if (this.evaluator && "shutdown" in this.evaluator) {
57683
- await this.evaluator.shutdown();
57684
- }
57685
- this.evaluator = null;
57686
- this.inputBuilder = null;
57687
- }
57688
- resolveRulePath(defaultScope, override) {
57689
- if (override) {
57690
- return override.startsWith("visor/") ? override : `visor/${override}`;
57691
- }
57692
- return `visor/${defaultScope.replace(/\./g, "/")}`;
57693
- }
57694
- async doEvaluate(input, rulePath) {
57695
- try {
57696
- this.logger?.debug(`[PolicyEngine] Evaluating ${rulePath}`, JSON.stringify(input));
57697
- let timer;
57698
- const timeoutPromise = new Promise((_resolve, reject) => {
57699
- timer = setTimeout(() => reject(new Error("policy evaluation timeout")), this.timeout);
57700
- });
57701
- try {
57702
- const result = await Promise.race([this.rawEvaluate(input, rulePath), timeoutPromise]);
57703
- const decision = this.parseDecision(result);
57704
- if (!decision.allowed && this.fallback === "warn") {
57705
- decision.allowed = true;
57706
- decision.warn = true;
57707
- decision.reason = `audit: ${decision.reason || "policy denied"}`;
57708
- }
57709
- this.logger?.debug(
57710
- `[PolicyEngine] Decision for ${rulePath}: allowed=${decision.allowed}, warn=${decision.warn || false}, reason=${decision.reason || "none"}`
57711
- );
57712
- return decision;
57713
- } finally {
57714
- if (timer) clearTimeout(timer);
57715
- }
57716
- } catch (err) {
57717
- const msg = err instanceof Error ? err.message : String(err);
57718
- this.logger?.warn(`[PolicyEngine] Evaluation failed for ${rulePath}: ${msg}`);
57719
- return {
57720
- allowed: this.fallback === "allow" || this.fallback === "warn",
57721
- warn: this.fallback === "warn" ? true : void 0,
57722
- reason: `policy evaluation failed, fallback=${this.fallback}`
57723
- };
57724
- }
57725
- }
57726
- async rawEvaluate(input, rulePath) {
57727
- if (this.evaluator instanceof OpaWasmEvaluator) {
57728
- const result = await this.evaluator.evaluate(input);
57729
- return this.navigateWasmResult(result, rulePath);
57730
- }
57731
- return this.evaluator.evaluate(input, rulePath);
57732
- }
57733
- /**
57734
- * Navigate nested OPA WASM result tree to reach the specific rule's output.
57735
- * The WASM entrypoint `-e visor` means the result root IS the visor package,
57736
- * so we strip the `visor/` prefix and walk the remaining segments.
57737
- */
57738
- navigateWasmResult(result, rulePath) {
57739
- if (!result || typeof result !== "object") return result;
57740
- const segments = rulePath.replace(/^visor\//, "").split("/");
57741
- let current = result;
57742
- for (const seg of segments) {
57743
- if (current && typeof current === "object" && seg in current) {
57744
- current = current[seg];
57745
- } else {
57746
- return void 0;
57747
- }
57748
- }
57749
- return current;
57750
- }
57751
- parseDecision(result) {
57752
- if (result === void 0 || result === null) {
57753
- return {
57754
- allowed: this.fallback === "allow" || this.fallback === "warn",
57755
- warn: this.fallback === "warn" ? true : void 0,
57756
- reason: this.fallback === "warn" ? "audit: no policy result" : "no policy result"
57757
- };
57758
- }
57759
- const allowed = result.allowed !== false;
57760
- const decision = {
57761
- allowed,
57762
- reason: result.reason
57763
- };
57764
- if (result.capabilities) {
57765
- decision.capabilities = result.capabilities;
57766
- }
57767
- return decision;
57768
- }
57769
- };
57770
- }
57771
- });
57772
-
57773
- // src/enterprise/scheduler/knex-store.ts
57774
- var knex_store_exports = {};
57775
- __export(knex_store_exports, {
57776
- KnexStoreBackend: () => KnexStoreBackend
57777
- });
57778
- function toNum(val) {
57779
- if (val === null || val === void 0) return void 0;
57780
- return typeof val === "string" ? parseInt(val, 10) : val;
57781
- }
57782
- function safeJsonParse2(value) {
57783
- if (!value) return void 0;
57784
- try {
57785
- return JSON.parse(value);
57786
- } catch {
57787
- return void 0;
57788
- }
57789
- }
57790
- function fromTriggerRow2(row) {
57791
- return {
57792
- id: row.id,
57793
- creatorId: row.creator_id,
57794
- creatorContext: row.creator_context ?? void 0,
57795
- creatorName: row.creator_name ?? void 0,
57796
- description: row.description ?? void 0,
57797
- channels: safeJsonParse2(row.channels),
57798
- fromUsers: safeJsonParse2(row.from_users),
57799
- fromBots: row.from_bots === true || row.from_bots === 1,
57800
- contains: safeJsonParse2(row.contains),
57801
- matchPattern: row.match_pattern ?? void 0,
57802
- threads: row.threads,
57803
- workflow: row.workflow,
57804
- inputs: safeJsonParse2(row.inputs),
57805
- outputContext: safeJsonParse2(row.output_context),
57806
- status: row.status,
57807
- enabled: row.enabled === true || row.enabled === 1,
57808
- createdAt: toNum(row.created_at)
57809
- };
57810
- }
57811
- function toTriggerInsertRow(trigger) {
57812
- return {
57813
- id: trigger.id,
57814
- creator_id: trigger.creatorId,
57815
- creator_context: trigger.creatorContext ?? null,
57816
- creator_name: trigger.creatorName ?? null,
57817
- description: trigger.description ?? null,
57818
- channels: trigger.channels ? JSON.stringify(trigger.channels) : null,
57819
- from_users: trigger.fromUsers ? JSON.stringify(trigger.fromUsers) : null,
57820
- from_bots: trigger.fromBots,
57821
- contains: trigger.contains ? JSON.stringify(trigger.contains) : null,
57822
- match_pattern: trigger.matchPattern ?? null,
57823
- threads: trigger.threads,
57824
- workflow: trigger.workflow,
57825
- inputs: trigger.inputs ? JSON.stringify(trigger.inputs) : null,
57826
- output_context: trigger.outputContext ? JSON.stringify(trigger.outputContext) : null,
57827
- status: trigger.status,
57828
- enabled: trigger.enabled,
57829
- created_at: trigger.createdAt
57830
- };
57831
- }
57832
- function fromDbRow2(row) {
57833
- return {
57834
- id: row.id,
57835
- creatorId: row.creator_id,
57836
- creatorContext: row.creator_context ?? void 0,
57837
- creatorName: row.creator_name ?? void 0,
57838
- timezone: row.timezone,
57839
- schedule: row.schedule_expr,
57840
- runAt: toNum(row.run_at),
57841
- isRecurring: row.is_recurring === true || row.is_recurring === 1,
57842
- originalExpression: row.original_expression,
57843
- workflow: row.workflow ?? void 0,
57844
- workflowInputs: safeJsonParse2(row.workflow_inputs),
57845
- outputContext: safeJsonParse2(row.output_context),
57846
- status: row.status,
57847
- createdAt: toNum(row.created_at),
57848
- lastRunAt: toNum(row.last_run_at),
57849
- nextRunAt: toNum(row.next_run_at),
57850
- runCount: row.run_count,
57851
- failureCount: row.failure_count,
57852
- lastError: row.last_error ?? void 0,
57853
- previousResponse: row.previous_response ?? void 0
57854
- };
57855
- }
57856
- function toInsertRow(schedule) {
57857
- return {
57858
- id: schedule.id,
57859
- creator_id: schedule.creatorId,
57860
- creator_context: schedule.creatorContext ?? null,
57861
- creator_name: schedule.creatorName ?? null,
57862
- timezone: schedule.timezone,
57863
- schedule_expr: schedule.schedule,
57864
- run_at: schedule.runAt ?? null,
57865
- is_recurring: schedule.isRecurring,
57866
- original_expression: schedule.originalExpression,
57867
- workflow: schedule.workflow ?? null,
57868
- workflow_inputs: schedule.workflowInputs ? JSON.stringify(schedule.workflowInputs) : null,
57869
- output_context: schedule.outputContext ? JSON.stringify(schedule.outputContext) : null,
57870
- status: schedule.status,
57871
- created_at: schedule.createdAt,
57872
- last_run_at: schedule.lastRunAt ?? null,
57873
- next_run_at: schedule.nextRunAt ?? null,
57874
- run_count: schedule.runCount,
57875
- failure_count: schedule.failureCount,
57876
- last_error: schedule.lastError ?? null,
57877
- previous_response: schedule.previousResponse ?? null
57878
- };
57879
- }
57880
- var fs24, path29, import_uuid2, KnexStoreBackend;
57881
- var init_knex_store = __esm({
57882
- "src/enterprise/scheduler/knex-store.ts"() {
57883
- "use strict";
57884
- fs24 = __toESM(require("fs"));
57885
- path29 = __toESM(require("path"));
57886
- import_uuid2 = require("uuid");
57887
- init_logger();
57888
- KnexStoreBackend = class {
57889
- knex = null;
57890
- driver;
57891
- connection;
57892
- constructor(driver, storageConfig, _haConfig) {
57893
- this.driver = driver;
57894
- this.connection = storageConfig.connection || {};
57895
- }
57896
- async initialize() {
57897
- const { createRequire } = require("module");
57898
- const runtimeRequire = createRequire(__filename);
57899
- let knexFactory;
57900
- try {
57901
- knexFactory = runtimeRequire("knex");
57902
- } catch (err) {
57903
- const code = err?.code;
57904
- if (code === "MODULE_NOT_FOUND" || code === "ERR_MODULE_NOT_FOUND") {
57905
- throw new Error(
57906
- "knex is required for PostgreSQL/MySQL/MSSQL schedule storage. Install it with: npm install knex"
57907
- );
57908
- }
57909
- throw err;
57910
- }
57911
- const clientMap = {
57912
- postgresql: "pg",
57913
- mysql: "mysql2",
57914
- mssql: "tedious"
57915
- };
57916
- const client = clientMap[this.driver];
57917
- let connection;
57918
- if (this.connection.connection_string) {
57919
- connection = this.connection.connection_string;
57920
- } else if (this.driver === "mssql") {
57921
- connection = this.buildMssqlConnection();
57922
- } else {
57923
- connection = this.buildStandardConnection();
57924
- }
57925
- this.knex = knexFactory({
57926
- client,
57927
- connection,
57928
- pool: {
57929
- min: this.connection.pool?.min ?? 0,
57930
- max: this.connection.pool?.max ?? 10
57931
- }
57932
- });
57933
- await this.migrateSchema();
57934
- logger.info(`[KnexStore] Initialized (${this.driver})`);
57935
- }
57936
- buildStandardConnection() {
57937
- return {
57938
- host: this.connection.host || "localhost",
57939
- port: this.connection.port,
57940
- database: this.connection.database || "visor",
57941
- user: this.connection.user,
57942
- password: this.connection.password,
57943
- ssl: this.resolveSslConfig()
57944
- };
57945
- }
57946
- buildMssqlConnection() {
57947
- const ssl = this.connection.ssl;
57948
- const sslEnabled = ssl === true || typeof ssl === "object" && ssl.enabled !== false;
57949
- return {
57950
- server: this.connection.host || "localhost",
57951
- port: this.connection.port,
57952
- database: this.connection.database || "visor",
57953
- user: this.connection.user,
57954
- password: this.connection.password,
57955
- options: {
57956
- encrypt: sslEnabled,
57957
- trustServerCertificate: typeof ssl === "object" ? ssl.reject_unauthorized === false : !sslEnabled
57958
- }
57959
- };
57960
- }
57961
- resolveSslConfig() {
57962
- const ssl = this.connection.ssl;
57963
- if (ssl === false || ssl === void 0) return false;
57964
- if (ssl === true) return { rejectUnauthorized: true };
57965
- if (ssl.enabled === false) return false;
57966
- const result = {
57967
- rejectUnauthorized: ssl.reject_unauthorized !== false
57968
- };
57969
- if (ssl.ca) {
57970
- const caPath = this.validateSslPath(ssl.ca, "CA certificate");
57971
- result.ca = fs24.readFileSync(caPath, "utf8");
57972
- }
57973
- if (ssl.cert) {
57974
- const certPath = this.validateSslPath(ssl.cert, "client certificate");
57975
- result.cert = fs24.readFileSync(certPath, "utf8");
57976
- }
57977
- if (ssl.key) {
57978
- const keyPath = this.validateSslPath(ssl.key, "client key");
57979
- result.key = fs24.readFileSync(keyPath, "utf8");
57980
- }
57981
- return result;
57982
- }
57983
- validateSslPath(filePath, label) {
57984
- const resolved = path29.resolve(filePath);
57985
- if (resolved !== path29.normalize(resolved)) {
57986
- throw new Error(`SSL ${label} path contains invalid sequences: ${filePath}`);
57987
- }
57988
- if (!fs24.existsSync(resolved)) {
57989
- throw new Error(`SSL ${label} not found: ${filePath}`);
57990
- }
57991
- return resolved;
57992
- }
57993
- async shutdown() {
57994
- if (this.knex) {
57995
- await this.knex.destroy();
57996
- this.knex = null;
57997
- }
57998
- }
57999
- async migrateSchema() {
58000
- const knex = this.getKnex();
58001
- const exists = await knex.schema.hasTable("schedules");
58002
- if (!exists) {
58003
- await knex.schema.createTable("schedules", (table) => {
58004
- table.string("id", 36).primary();
58005
- table.string("creator_id", 255).notNullable().index();
58006
- table.string("creator_context", 255);
58007
- table.string("creator_name", 255);
58008
- table.string("timezone", 64).notNullable().defaultTo("UTC");
58009
- table.string("schedule_expr", 255);
58010
- table.bigInteger("run_at");
58011
- table.boolean("is_recurring").notNullable();
58012
- table.text("original_expression");
58013
- table.string("workflow", 255);
58014
- table.text("workflow_inputs");
58015
- table.text("output_context");
58016
- table.string("status", 20).notNullable().index();
58017
- table.bigInteger("created_at").notNullable();
58018
- table.bigInteger("last_run_at");
58019
- table.bigInteger("next_run_at");
58020
- table.integer("run_count").notNullable().defaultTo(0);
58021
- table.integer("failure_count").notNullable().defaultTo(0);
58022
- table.text("last_error");
58023
- table.text("previous_response");
58024
- table.index(["status", "next_run_at"]);
58025
- });
58026
- }
58027
- const triggersExist = await knex.schema.hasTable("message_triggers");
58028
- if (!triggersExist) {
58029
- await knex.schema.createTable("message_triggers", (table) => {
58030
- table.string("id", 36).primary();
58031
- table.string("creator_id", 255).notNullable().index();
58032
- table.string("creator_context", 255);
58033
- table.string("creator_name", 255);
58034
- table.text("description");
58035
- table.text("channels");
58036
- table.text("from_users");
58037
- table.boolean("from_bots").notNullable().defaultTo(false);
58038
- table.text("contains");
58039
- table.text("match_pattern");
58040
- table.string("threads", 20).notNullable().defaultTo("any");
58041
- table.string("workflow", 255).notNullable();
58042
- table.text("inputs");
58043
- table.text("output_context");
58044
- table.string("status", 20).notNullable().defaultTo("active").index();
58045
- table.boolean("enabled").notNullable().defaultTo(true);
58046
- table.bigInteger("created_at").notNullable();
58047
- });
58048
- }
58049
- const locksExist = await knex.schema.hasTable("scheduler_locks");
58050
- if (!locksExist) {
58051
- await knex.schema.createTable("scheduler_locks", (table) => {
58052
- table.string("lock_id", 255).primary();
58053
- table.string("node_id", 255).notNullable();
58054
- table.string("lock_token", 36).notNullable();
58055
- table.bigInteger("acquired_at").notNullable();
58056
- table.bigInteger("expires_at").notNullable();
58057
- });
58058
- }
58059
- }
58060
- getKnex() {
58061
- if (!this.knex) {
58062
- throw new Error("[KnexStore] Not initialized. Call initialize() first.");
58063
- }
58064
- return this.knex;
58065
- }
58066
- // --- CRUD ---
58067
- async create(schedule) {
58068
- const knex = this.getKnex();
58069
- const newSchedule = {
58070
- ...schedule,
58071
- id: (0, import_uuid2.v4)(),
58072
- createdAt: Date.now(),
58073
- runCount: 0,
58074
- failureCount: 0,
58075
- status: "active"
58076
- };
58077
- await knex("schedules").insert(toInsertRow(newSchedule));
58078
- logger.info(`[KnexStore] Created schedule ${newSchedule.id} for user ${newSchedule.creatorId}`);
58079
- return newSchedule;
58080
- }
58081
- async importSchedule(schedule) {
58082
- const knex = this.getKnex();
58083
- const existing = await knex("schedules").where("id", schedule.id).first();
58084
- if (existing) return;
58085
- await knex("schedules").insert(toInsertRow(schedule));
58086
- }
58087
- async get(id) {
58088
- const knex = this.getKnex();
58089
- const row = await knex("schedules").where("id", id).first();
58090
- return row ? fromDbRow2(row) : void 0;
58091
- }
58092
- async update(id, patch) {
58093
- const knex = this.getKnex();
58094
- const existing = await knex("schedules").where("id", id).first();
58095
- if (!existing) return void 0;
58096
- const current = fromDbRow2(existing);
58097
- const updated = { ...current, ...patch, id: current.id };
58098
- const row = toInsertRow(updated);
58099
- delete row.id;
58100
- await knex("schedules").where("id", id).update(row);
58101
- return updated;
58102
- }
58103
- async delete(id) {
58104
- const knex = this.getKnex();
58105
- const deleted = await knex("schedules").where("id", id).del();
58106
- if (deleted > 0) {
58107
- logger.info(`[KnexStore] Deleted schedule ${id}`);
58108
- return true;
58109
- }
58110
- return false;
58111
- }
58112
- // --- Queries ---
58113
- async getByCreator(creatorId) {
58114
- const knex = this.getKnex();
58115
- const rows = await knex("schedules").where("creator_id", creatorId);
58116
- return rows.map((r) => fromDbRow2(r));
58117
- }
58118
- async getActiveSchedules() {
58119
- const knex = this.getKnex();
58120
- const rows = await knex("schedules").where("status", "active");
58121
- return rows.map((r) => fromDbRow2(r));
58122
- }
58123
- async getDueSchedules(now) {
58124
- const ts = now ?? Date.now();
58125
- const knex = this.getKnex();
58126
- const bFalse = this.driver === "mssql" ? 0 : false;
58127
- const bTrue = this.driver === "mssql" ? 1 : true;
58128
- const rows = await knex("schedules").where("status", "active").andWhere(function() {
58129
- this.where(function() {
58130
- this.where("is_recurring", bFalse).whereNotNull("run_at").where("run_at", "<=", ts);
58131
- }).orWhere(function() {
58132
- this.where("is_recurring", bTrue).whereNotNull("next_run_at").where("next_run_at", "<=", ts);
58133
- });
58134
- });
58135
- return rows.map((r) => fromDbRow2(r));
58136
- }
58137
- async findByWorkflow(creatorId, workflowName) {
58138
- const knex = this.getKnex();
58139
- const escaped = workflowName.toLowerCase().replace(/[%_\\]/g, "\\$&");
58140
- const pattern = `%${escaped}%`;
58141
- const rows = await knex("schedules").where("creator_id", creatorId).where("status", "active").whereRaw("LOWER(workflow) LIKE ? ESCAPE '\\'", [pattern]);
58142
- return rows.map((r) => fromDbRow2(r));
58143
- }
58144
- async getAll() {
58145
- const knex = this.getKnex();
58146
- const rows = await knex("schedules");
58147
- return rows.map((r) => fromDbRow2(r));
58148
- }
58149
- async getStats() {
58150
- const knex = this.getKnex();
58151
- const boolTrue = this.driver === "mssql" ? "1" : "true";
58152
- const boolFalse = this.driver === "mssql" ? "0" : "false";
58153
- const result = await knex("schedules").select(
58154
- knex.raw("COUNT(*) as total"),
58155
- knex.raw("SUM(CASE WHEN status = 'active' THEN 1 ELSE 0 END) as active"),
58156
- knex.raw("SUM(CASE WHEN status = 'paused' THEN 1 ELSE 0 END) as paused"),
58157
- knex.raw("SUM(CASE WHEN status = 'completed' THEN 1 ELSE 0 END) as completed"),
58158
- knex.raw("SUM(CASE WHEN status = 'failed' THEN 1 ELSE 0 END) as failed"),
58159
- knex.raw(`SUM(CASE WHEN is_recurring = ${boolTrue} THEN 1 ELSE 0 END) as recurring`),
58160
- knex.raw(`SUM(CASE WHEN is_recurring = ${boolFalse} THEN 1 ELSE 0 END) as one_time`)
58161
- ).first();
58162
- return {
58163
- total: Number(result.total) || 0,
58164
- active: Number(result.active) || 0,
58165
- paused: Number(result.paused) || 0,
58166
- completed: Number(result.completed) || 0,
58167
- failed: Number(result.failed) || 0,
58168
- recurring: Number(result.recurring) || 0,
58169
- oneTime: Number(result.one_time) || 0
58170
- };
58171
- }
58172
- async validateLimits(creatorId, isRecurring, limits) {
58173
- const knex = this.getKnex();
58174
- if (limits.maxGlobal) {
58175
- const result = await knex("schedules").count("* as cnt").first();
58176
- if (Number(result?.cnt) >= limits.maxGlobal) {
58177
- throw new Error(`Global schedule limit reached (${limits.maxGlobal})`);
58178
- }
58179
- }
58180
- if (limits.maxPerUser) {
58181
- const result = await knex("schedules").where("creator_id", creatorId).count("* as cnt").first();
58182
- if (Number(result?.cnt) >= limits.maxPerUser) {
58183
- throw new Error(`You have reached the maximum number of schedules (${limits.maxPerUser})`);
58184
- }
58185
- }
58186
- if (isRecurring && limits.maxRecurringPerUser) {
58187
- const bTrue = this.driver === "mssql" ? 1 : true;
58188
- const result = await knex("schedules").where("creator_id", creatorId).where("is_recurring", bTrue).count("* as cnt").first();
58189
- if (Number(result?.cnt) >= limits.maxRecurringPerUser) {
58190
- throw new Error(
58191
- `You have reached the maximum number of recurring schedules (${limits.maxRecurringPerUser})`
58192
- );
58193
- }
58194
- }
58195
- }
58196
- // --- HA Distributed Locking (via scheduler_locks table) ---
58197
- async tryAcquireLock(lockId, nodeId, ttlSeconds) {
58198
- const knex = this.getKnex();
58199
- const now = Date.now();
58200
- const expiresAt = now + ttlSeconds * 1e3;
58201
- const token = (0, import_uuid2.v4)();
58202
- const updated = await knex("scheduler_locks").where("lock_id", lockId).where("expires_at", "<", now).update({
58203
- node_id: nodeId,
58204
- lock_token: token,
58205
- acquired_at: now,
58206
- expires_at: expiresAt
58207
- });
58208
- if (updated > 0) return token;
58209
- try {
58210
- await knex("scheduler_locks").insert({
58211
- lock_id: lockId,
58212
- node_id: nodeId,
58213
- lock_token: token,
58214
- acquired_at: now,
58215
- expires_at: expiresAt
58216
- });
58217
- return token;
58218
- } catch {
58219
- return null;
58220
- }
58221
- }
58222
- async releaseLock(lockId, lockToken) {
58223
- const knex = this.getKnex();
58224
- await knex("scheduler_locks").where("lock_id", lockId).where("lock_token", lockToken).del();
58225
- }
58226
- async renewLock(lockId, lockToken, ttlSeconds) {
58227
- const knex = this.getKnex();
58228
- const now = Date.now();
58229
- const expiresAt = now + ttlSeconds * 1e3;
58230
- const updated = await knex("scheduler_locks").where("lock_id", lockId).where("lock_token", lockToken).update({ acquired_at: now, expires_at: expiresAt });
58231
- return updated > 0;
58232
- }
58233
- async flush() {
58234
- }
58235
- // --- Message Trigger CRUD ---
58236
- async createTrigger(trigger) {
58237
- const knex = this.getKnex();
58238
- const newTrigger = {
58239
- ...trigger,
58240
- id: (0, import_uuid2.v4)(),
58241
- createdAt: Date.now()
58242
- };
58243
- await knex("message_triggers").insert(toTriggerInsertRow(newTrigger));
58244
- logger.info(`[KnexStore] Created trigger ${newTrigger.id} for user ${newTrigger.creatorId}`);
58245
- return newTrigger;
58246
- }
58247
- async getTrigger(id) {
58248
- const knex = this.getKnex();
58249
- const row = await knex("message_triggers").where("id", id).first();
58250
- return row ? fromTriggerRow2(row) : void 0;
58251
- }
58252
- async updateTrigger(id, patch) {
58253
- const knex = this.getKnex();
58254
- const existing = await knex("message_triggers").where("id", id).first();
58255
- if (!existing) return void 0;
58256
- const current = fromTriggerRow2(existing);
58257
- const updated = {
58258
- ...current,
58259
- ...patch,
58260
- id: current.id,
58261
- createdAt: current.createdAt
58262
- };
58263
- const row = toTriggerInsertRow(updated);
58264
- delete row.id;
58265
- await knex("message_triggers").where("id", id).update(row);
58266
- return updated;
58267
- }
58268
- async deleteTrigger(id) {
58269
- const knex = this.getKnex();
58270
- const deleted = await knex("message_triggers").where("id", id).del();
58271
- if (deleted > 0) {
58272
- logger.info(`[KnexStore] Deleted trigger ${id}`);
58273
- return true;
58274
- }
58275
- return false;
58276
- }
58277
- async getTriggersByCreator(creatorId) {
58278
- const knex = this.getKnex();
58279
- const rows = await knex("message_triggers").where("creator_id", creatorId);
58280
- return rows.map((r) => fromTriggerRow2(r));
58281
- }
58282
- async getActiveTriggers() {
58283
- const knex = this.getKnex();
58284
- const rows = await knex("message_triggers").where("status", "active").where("enabled", this.driver === "mssql" ? 1 : true);
58285
- return rows.map((r) => fromTriggerRow2(r));
58286
- }
58287
- };
58288
- }
58289
- });
58290
-
58291
- // src/enterprise/loader.ts
58292
- var loader_exports = {};
58293
- __export(loader_exports, {
58294
- loadEnterprisePolicyEngine: () => loadEnterprisePolicyEngine,
58295
- loadEnterpriseStoreBackend: () => loadEnterpriseStoreBackend
58296
- });
58297
- async function loadEnterprisePolicyEngine(config) {
58298
- try {
58299
- const { LicenseValidator: LicenseValidator2 } = await Promise.resolve().then(() => (init_validator(), validator_exports));
58300
- const validator = new LicenseValidator2();
58301
- const license = await validator.loadAndValidate();
58302
- if (!license || !validator.hasFeature("policy")) {
58303
- return new DefaultPolicyEngine();
58304
- }
58305
- if (validator.isInGracePeriod()) {
58306
- console.warn(
58307
- "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
58308
- );
58309
- }
58310
- const { OpaPolicyEngine: OpaPolicyEngine2 } = await Promise.resolve().then(() => (init_opa_policy_engine(), opa_policy_engine_exports));
58311
- const engine = new OpaPolicyEngine2(config);
58312
- await engine.initialize(config);
58313
- return engine;
58314
- } catch (err) {
58315
- const msg = err instanceof Error ? err.message : String(err);
58316
- try {
58317
- const { logger: logger2 } = (init_logger(), __toCommonJS(logger_exports));
58318
- logger2.warn(`[PolicyEngine] Enterprise policy init failed, falling back to default: ${msg}`);
58319
- } catch {
58320
- }
58321
- return new DefaultPolicyEngine();
58322
- }
58323
- }
58324
- async function loadEnterpriseStoreBackend(driver, storageConfig, haConfig) {
58325
- const { LicenseValidator: LicenseValidator2 } = await Promise.resolve().then(() => (init_validator(), validator_exports));
58326
- const validator = new LicenseValidator2();
58327
- const license = await validator.loadAndValidate();
58328
- if (!license || !validator.hasFeature("scheduler-sql")) {
58329
- throw new Error(
58330
- `The ${driver} schedule storage driver requires a Visor Enterprise license with the 'scheduler-sql' feature. Please upgrade or use driver: 'sqlite' (default).`
58331
- );
58332
- }
58333
- if (validator.isInGracePeriod()) {
58334
- console.warn(
58335
- "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
58336
- );
58337
- }
58338
- const { KnexStoreBackend: KnexStoreBackend2 } = await Promise.resolve().then(() => (init_knex_store(), knex_store_exports));
58339
- return new KnexStoreBackend2(driver, storageConfig, haConfig);
58340
- }
58341
- var init_loader = __esm({
58342
- "src/enterprise/loader.ts"() {
58343
- "use strict";
58344
- init_default_engine();
58345
- }
58346
- });
58347
-
58348
56974
  // src/event-bus/event-bus.ts
58349
56975
  var event_bus_exports = {};
58350
56976
  __export(event_bus_exports, {
@@ -59251,8 +57877,8 @@ ${content}
59251
57877
  * Sleep utility
59252
57878
  */
59253
57879
  sleep(ms) {
59254
- return new Promise((resolve19) => {
59255
- const t = setTimeout(resolve19, ms);
57880
+ return new Promise((resolve15) => {
57881
+ const t = setTimeout(resolve15, ms);
59256
57882
  if (typeof t.unref === "function") {
59257
57883
  try {
59258
57884
  t.unref();
@@ -59537,8 +58163,8 @@ ${end}`);
59537
58163
  async updateGroupedComment(ctx, comments, group, changedIds) {
59538
58164
  const existingLock = this.updateLocks.get(group);
59539
58165
  let resolveLock;
59540
- const ourLock = new Promise((resolve19) => {
59541
- resolveLock = resolve19;
58166
+ const ourLock = new Promise((resolve15) => {
58167
+ resolveLock = resolve15;
59542
58168
  });
59543
58169
  this.updateLocks.set(group, ourLock);
59544
58170
  try {
@@ -59869,7 +58495,7 @@ ${blocks}
59869
58495
  * Sleep utility for enforcing delays
59870
58496
  */
59871
58497
  sleep(ms) {
59872
- return new Promise((resolve19) => setTimeout(resolve19, ms));
58498
+ return new Promise((resolve15) => setTimeout(resolve15, ms));
59873
58499
  }
59874
58500
  };
59875
58501
  }
@@ -61716,11 +60342,11 @@ var require_request3 = __commonJS({
61716
60342
  "use strict";
61717
60343
  var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
61718
60344
  function adopt(value) {
61719
- return value instanceof P ? value : new P(function(resolve19) {
61720
- resolve19(value);
60345
+ return value instanceof P ? value : new P(function(resolve15) {
60346
+ resolve15(value);
61721
60347
  });
61722
60348
  }
61723
- return new (P || (P = Promise))(function(resolve19, reject) {
60349
+ return new (P || (P = Promise))(function(resolve15, reject) {
61724
60350
  function fulfilled(value) {
61725
60351
  try {
61726
60352
  step(generator.next(value));
@@ -61736,7 +60362,7 @@ var require_request3 = __commonJS({
61736
60362
  }
61737
60363
  }
61738
60364
  function step(result) {
61739
- result.done ? resolve19(result.value) : adopt(result.value).then(fulfilled, rejected);
60365
+ result.done ? resolve15(result.value) : adopt(result.value).then(fulfilled, rejected);
61740
60366
  }
61741
60367
  step((generator = generator.apply(thisArg, _arguments || [])).next());
61742
60368
  });
@@ -61760,9 +60386,9 @@ var require_request3 = __commonJS({
61760
60386
  HttpMethod2["PATCH"] = "PATCH";
61761
60387
  })(HttpMethod = exports2.HttpMethod || (exports2.HttpMethod = {}));
61762
60388
  var SvixRequest = class {
61763
- constructor(method, path33) {
60389
+ constructor(method, path29) {
61764
60390
  this.method = method;
61765
- this.path = path33;
60391
+ this.path = path29;
61766
60392
  this.queryParams = {};
61767
60393
  this.headerParams = {};
61768
60394
  }
@@ -61865,7 +60491,7 @@ var require_request3 = __commonJS({
61865
60491
  }
61866
60492
  function sendWithRetry(url, init, retryScheduleInMs, nextInterval = 50, triesLeft = 2, fetchImpl = fetch, retryCount = 1) {
61867
60493
  return __awaiter(this, void 0, void 0, function* () {
61868
- const sleep = (interval) => new Promise((resolve19) => setTimeout(resolve19, interval));
60494
+ const sleep = (interval) => new Promise((resolve15) => setTimeout(resolve15, interval));
61869
60495
  try {
61870
60496
  const response = yield fetchImpl(url, init);
61871
60497
  if (triesLeft <= 0 || response.status < 500) {
@@ -70939,7 +69565,7 @@ ${message}`;
70939
69565
  });
70940
69566
 
70941
69567
  // src/agent-protocol/task-store.ts
70942
- function safeJsonParse3(value) {
69568
+ function safeJsonParse2(value) {
70943
69569
  if (!value) return void 0;
70944
69570
  try {
70945
69571
  return JSON.parse(value);
@@ -70956,12 +69582,12 @@ function taskRowToAgentTask(row) {
70956
69582
  context_id: row.context_id,
70957
69583
  status: {
70958
69584
  state: row.state,
70959
- message: safeJsonParse3(row.status_message),
69585
+ message: safeJsonParse2(row.status_message),
70960
69586
  timestamp: row.updated_at
70961
69587
  },
70962
- artifacts: safeJsonParse3(row.artifacts) ?? [],
70963
- history: safeJsonParse3(row.history) ?? [],
70964
- metadata: safeJsonParse3(row.request_metadata),
69588
+ artifacts: safeJsonParse2(row.artifacts) ?? [],
69589
+ history: safeJsonParse2(row.history) ?? [],
69590
+ metadata: safeJsonParse2(row.request_metadata),
70965
69591
  workflow_id: row.workflow_id ?? void 0
70966
69592
  };
70967
69593
  }
@@ -71198,7 +69824,7 @@ var init_task_store = __esm({
71198
69824
  const db = this.getDb();
71199
69825
  const row = db.prepare("SELECT artifacts FROM agent_tasks WHERE id = ?").get(taskId);
71200
69826
  if (!row) throw new TaskNotFoundError(taskId);
71201
- const artifacts = safeJsonParse3(row.artifacts) ?? [];
69827
+ const artifacts = safeJsonParse2(row.artifacts) ?? [];
71202
69828
  artifacts.push(artifact);
71203
69829
  db.prepare("UPDATE agent_tasks SET artifacts = ?, updated_at = ? WHERE id = ?").run(
71204
69830
  JSON.stringify(artifacts),
@@ -71210,7 +69836,7 @@ var init_task_store = __esm({
71210
69836
  const db = this.getDb();
71211
69837
  const row = db.prepare("SELECT history FROM agent_tasks WHERE id = ?").get(taskId);
71212
69838
  if (!row) throw new TaskNotFoundError(taskId);
71213
- const history = safeJsonParse3(row.history) ?? [];
69839
+ const history = safeJsonParse2(row.history) ?? [];
71214
69840
  history.push(message);
71215
69841
  db.prepare("UPDATE agent_tasks SET history = ?, updated_at = ? WHERE id = ?").run(
71216
69842
  JSON.stringify(history),
@@ -71722,13 +70348,13 @@ __export(a2a_frontend_exports, {
71722
70348
  resultToArtifacts: () => resultToArtifacts
71723
70349
  });
71724
70350
  function readJsonBody(req) {
71725
- return new Promise((resolve19, reject) => {
70351
+ return new Promise((resolve15, reject) => {
71726
70352
  const chunks = [];
71727
70353
  req.on("data", (chunk) => chunks.push(chunk));
71728
70354
  req.on("end", () => {
71729
70355
  try {
71730
70356
  const body = Buffer.concat(chunks).toString("utf8");
71731
- resolve19(body ? JSON.parse(body) : {});
70357
+ resolve15(body ? JSON.parse(body) : {});
71732
70358
  } catch {
71733
70359
  reject(new ParseError("Malformed JSON body"));
71734
70360
  }
@@ -71971,12 +70597,12 @@ var init_a2a_frontend = __esm({
71971
70597
  }
71972
70598
  const port = this.config.port ?? 9e3;
71973
70599
  const host = this.config.host ?? "0.0.0.0";
71974
- await new Promise((resolve19) => {
70600
+ await new Promise((resolve15) => {
71975
70601
  this.server.listen(port, host, () => {
71976
70602
  const addr = this.server.address();
71977
70603
  this._boundPort = typeof addr === "object" && addr ? addr.port : port;
71978
70604
  logger.info(`A2A server listening on ${host}:${this._boundPort}`);
71979
- resolve19();
70605
+ resolve15();
71980
70606
  });
71981
70607
  });
71982
70608
  if (this.agentCard) {
@@ -72000,8 +70626,8 @@ var init_a2a_frontend = __esm({
72000
70626
  }
72001
70627
  this.streamManager.shutdown();
72002
70628
  if (this.server) {
72003
- await new Promise((resolve19, reject) => {
72004
- this.server.close((err) => err ? reject(err) : resolve19());
70629
+ await new Promise((resolve15, reject) => {
70630
+ this.server.close((err) => err ? reject(err) : resolve15());
72005
70631
  });
72006
70632
  this.server = null;
72007
70633
  }
@@ -72718,15 +71344,15 @@ function serializeRunState(state) {
72718
71344
  ])
72719
71345
  };
72720
71346
  }
72721
- var path32, fs28, StateMachineExecutionEngine;
71347
+ var path28, fs24, StateMachineExecutionEngine;
72722
71348
  var init_state_machine_execution_engine = __esm({
72723
71349
  "src/state-machine-execution-engine.ts"() {
72724
71350
  "use strict";
72725
71351
  init_runner();
72726
71352
  init_logger();
72727
71353
  init_sandbox_manager();
72728
- path32 = __toESM(require("path"));
72729
- fs28 = __toESM(require("fs"));
71354
+ path28 = __toESM(require("path"));
71355
+ fs24 = __toESM(require("fs"));
72730
71356
  StateMachineExecutionEngine = class _StateMachineExecutionEngine {
72731
71357
  workingDirectory;
72732
71358
  executionContext;
@@ -72958,8 +71584,8 @@ var init_state_machine_execution_engine = __esm({
72958
71584
  logger.debug(
72959
71585
  `[PolicyEngine] Loading enterprise policy engine (engine=${configWithTagFilter.policy.engine})`
72960
71586
  );
72961
- const { loadEnterprisePolicyEngine: loadEnterprisePolicyEngine2 } = await Promise.resolve().then(() => (init_loader(), loader_exports));
72962
- context2.policyEngine = await loadEnterprisePolicyEngine2(configWithTagFilter.policy);
71587
+ const { loadEnterprisePolicyEngine } = await import("./enterprise/loader");
71588
+ context2.policyEngine = await loadEnterprisePolicyEngine(configWithTagFilter.policy);
72963
71589
  logger.debug(
72964
71590
  `[PolicyEngine] Initialized: ${context2.policyEngine?.constructor?.name || "unknown"}`
72965
71591
  );
@@ -73113,9 +71739,9 @@ var init_state_machine_execution_engine = __esm({
73113
71739
  }
73114
71740
  const checkId = String(ev?.checkId || "unknown");
73115
71741
  const threadKey = ev?.threadKey || (channel && threadTs ? `${channel}:${threadTs}` : "session");
73116
- const baseDir = process.env.VISOR_SNAPSHOT_DIR || path32.resolve(process.cwd(), ".visor", "snapshots");
73117
- fs28.mkdirSync(baseDir, { recursive: true });
73118
- const filePath = path32.join(baseDir, `${threadKey}-${checkId}.json`);
71742
+ const baseDir = process.env.VISOR_SNAPSHOT_DIR || path28.resolve(process.cwd(), ".visor", "snapshots");
71743
+ fs24.mkdirSync(baseDir, { recursive: true });
71744
+ const filePath = path28.join(baseDir, `${threadKey}-${checkId}.json`);
73119
71745
  await this.saveSnapshotToFile(filePath);
73120
71746
  logger.info(`[Snapshot] Saved run snapshot: ${filePath}`);
73121
71747
  try {
@@ -73256,7 +71882,7 @@ var init_state_machine_execution_engine = __esm({
73256
71882
  * Does not include secrets. Intended for debugging and future resume support.
73257
71883
  */
73258
71884
  async saveSnapshotToFile(filePath) {
73259
- const fs29 = await import("fs/promises");
71885
+ const fs25 = await import("fs/promises");
73260
71886
  const ctx = this._lastContext;
73261
71887
  const runner = this._lastRunner;
73262
71888
  if (!ctx || !runner) {
@@ -73276,14 +71902,14 @@ var init_state_machine_execution_engine = __esm({
73276
71902
  journal: entries,
73277
71903
  requestedChecks: ctx.requestedChecks || []
73278
71904
  };
73279
- await fs29.writeFile(filePath, JSON.stringify(payload, null, 2), "utf8");
71905
+ await fs25.writeFile(filePath, JSON.stringify(payload, null, 2), "utf8");
73280
71906
  }
73281
71907
  /**
73282
71908
  * Load a snapshot JSON from file and return it. Resume support can build on this.
73283
71909
  */
73284
71910
  async loadSnapshotFromFile(filePath) {
73285
- const fs29 = await import("fs/promises");
73286
- const raw = await fs29.readFile(filePath, "utf8");
71911
+ const fs25 = await import("fs/promises");
71912
+ const raw = await fs25.readFile(filePath, "utf8");
73287
71913
  return JSON.parse(raw);
73288
71914
  }
73289
71915
  /**