@probelabs/visor 0.1.176-ee → 0.1.176

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/dist/index.js +23 -1840
  2. package/dist/output/traces/run-2026-03-10T15-37-04-236Z.ndjson +138 -0
  3. package/dist/output/traces/run-2026-03-10T15-37-44-748Z.ndjson +2296 -0
  4. package/dist/sdk/a2a-frontend-W54ZZ32L.mjs +1658 -0
  5. package/dist/sdk/a2a-frontend-W54ZZ32L.mjs.map +1 -0
  6. package/dist/sdk/{check-provider-registry-X7WH3PXQ.mjs → check-provider-registry-7HSDAKHQ.mjs} +2 -2
  7. package/dist/sdk/check-provider-registry-MJYNLB37.mjs +30 -0
  8. package/dist/sdk/{chunk-KQAT6H3S.mjs → chunk-4E34HRCW.mjs} +9 -9
  9. package/dist/sdk/{chunk-KQAT6H3S.mjs.map → chunk-4E34HRCW.mjs.map} +1 -1
  10. package/dist/sdk/chunk-66PTDQAO.mjs +1502 -0
  11. package/dist/sdk/chunk-66PTDQAO.mjs.map +1 -0
  12. package/dist/sdk/chunk-R3FNZRE4.mjs +45194 -0
  13. package/dist/sdk/chunk-R3FNZRE4.mjs.map +1 -0
  14. package/dist/sdk/chunk-SEA2FWEC.mjs +739 -0
  15. package/dist/sdk/chunk-SEA2FWEC.mjs.map +1 -0
  16. package/dist/sdk/chunk-Y2DYDGGY.mjs +516 -0
  17. package/dist/sdk/chunk-Y2DYDGGY.mjs.map +1 -0
  18. package/dist/sdk/failure-condition-evaluator-RTT5SLVL.mjs +18 -0
  19. package/dist/sdk/github-frontend-C4GG62PI.mjs +1386 -0
  20. package/dist/sdk/github-frontend-C4GG62PI.mjs.map +1 -0
  21. package/dist/sdk/{host-LRWIKURZ.mjs → host-6GGO2BQE.mjs} +3 -3
  22. package/dist/sdk/routing-DXVYOXAS.mjs +26 -0
  23. package/dist/sdk/{schedule-tool-INVLVX3G.mjs → schedule-tool-GKKVOQB7.mjs} +2 -2
  24. package/dist/sdk/schedule-tool-GKKVOQB7.mjs.map +1 -0
  25. package/dist/sdk/schedule-tool-LL7XDILD.mjs +36 -0
  26. package/dist/sdk/schedule-tool-LL7XDILD.mjs.map +1 -0
  27. package/dist/sdk/{schedule-tool-handler-4SSRQXFJ.mjs → schedule-tool-handler-O3L2R5OJ.mjs} +2 -2
  28. package/dist/sdk/schedule-tool-handler-O3L2R5OJ.mjs.map +1 -0
  29. package/dist/sdk/schedule-tool-handler-ZZGJ3UFR.mjs +40 -0
  30. package/dist/sdk/schedule-tool-handler-ZZGJ3UFR.mjs.map +1 -0
  31. package/dist/sdk/sdk.js +281 -1655
  32. package/dist/sdk/sdk.js.map +1 -1
  33. package/dist/sdk/sdk.mjs +4 -4
  34. package/dist/sdk/trace-helpers-CECHXDLI.mjs +29 -0
  35. package/dist/sdk/trace-helpers-CECHXDLI.mjs.map +1 -0
  36. package/dist/sdk/{workflow-check-provider-IWZSZQ7N.mjs → workflow-check-provider-AX7IRQEZ.mjs} +2 -2
  37. package/dist/sdk/workflow-check-provider-AX7IRQEZ.mjs.map +1 -0
  38. package/dist/sdk/workflow-check-provider-HZQGJFOU.mjs +30 -0
  39. package/dist/sdk/workflow-check-provider-HZQGJFOU.mjs.map +1 -0
  40. package/dist/traces/run-2026-03-10T15-37-04-236Z.ndjson +138 -0
  41. package/dist/traces/run-2026-03-10T15-37-44-748Z.ndjson +2296 -0
  42. package/package.json +1 -1
  43. package/dist/sdk/knex-store-QCEW4I4R.mjs +0 -527
  44. package/dist/sdk/knex-store-QCEW4I4R.mjs.map +0 -1
  45. package/dist/sdk/loader-Q7K76ZIY.mjs +0 -89
  46. package/dist/sdk/loader-Q7K76ZIY.mjs.map +0 -1
  47. package/dist/sdk/opa-policy-engine-QCSSIMUF.mjs +0 -655
  48. package/dist/sdk/opa-policy-engine-QCSSIMUF.mjs.map +0 -1
  49. package/dist/sdk/validator-XTZJZZJH.mjs +0 -134
  50. package/dist/sdk/validator-XTZJZZJH.mjs.map +0 -1
  51. /package/dist/sdk/{check-provider-registry-X7WH3PXQ.mjs.map → check-provider-registry-7HSDAKHQ.mjs.map} +0 -0
  52. /package/dist/sdk/{schedule-tool-INVLVX3G.mjs.map → check-provider-registry-MJYNLB37.mjs.map} +0 -0
  53. /package/dist/sdk/{schedule-tool-handler-4SSRQXFJ.mjs.map → failure-condition-evaluator-RTT5SLVL.mjs.map} +0 -0
  54. /package/dist/sdk/{host-LRWIKURZ.mjs.map → host-6GGO2BQE.mjs.map} +0 -0
  55. /package/dist/sdk/{workflow-check-provider-IWZSZQ7N.mjs.map → routing-DXVYOXAS.mjs.map} +0 -0
package/dist/sdk/sdk.js CHANGED
@@ -704,7 +704,7 @@ var require_package = __commonJS({
704
704
  "package.json"(exports2, module2) {
705
705
  module2.exports = {
706
706
  name: "@probelabs/visor",
707
- version: "0.1.42",
707
+ version: "0.1.176",
708
708
  main: "dist/index.js",
709
709
  bin: {
710
710
  visor: "./dist/index.js"
@@ -1152,11 +1152,11 @@ function getTracer() {
1152
1152
  }
1153
1153
  async function withActiveSpan(name, attrs, fn) {
1154
1154
  const tracer = getTracer();
1155
- return await new Promise((resolve19, reject) => {
1155
+ return await new Promise((resolve15, reject) => {
1156
1156
  const callback = async (span) => {
1157
1157
  try {
1158
1158
  const res = await fn(span);
1159
- resolve19(res);
1159
+ resolve15(res);
1160
1160
  } catch (err) {
1161
1161
  try {
1162
1162
  if (err instanceof Error) span.recordException(err);
@@ -1281,19 +1281,19 @@ function __getOrCreateNdjsonPath() {
1281
1281
  try {
1282
1282
  if (process.env.VISOR_TELEMETRY_SINK && process.env.VISOR_TELEMETRY_SINK !== "file")
1283
1283
  return null;
1284
- const path33 = require("path");
1285
- const fs29 = require("fs");
1284
+ const path29 = require("path");
1285
+ const fs25 = require("fs");
1286
1286
  if (process.env.VISOR_FALLBACK_TRACE_FILE) {
1287
1287
  __ndjsonPath = process.env.VISOR_FALLBACK_TRACE_FILE;
1288
- const dir = path33.dirname(__ndjsonPath);
1289
- if (!fs29.existsSync(dir)) fs29.mkdirSync(dir, { recursive: true });
1288
+ const dir = path29.dirname(__ndjsonPath);
1289
+ if (!fs25.existsSync(dir)) fs25.mkdirSync(dir, { recursive: true });
1290
1290
  return __ndjsonPath;
1291
1291
  }
1292
- const outDir = process.env.VISOR_TRACE_DIR || path33.join(process.cwd(), "output", "traces");
1293
- if (!fs29.existsSync(outDir)) fs29.mkdirSync(outDir, { recursive: true });
1292
+ const outDir = process.env.VISOR_TRACE_DIR || path29.join(process.cwd(), "output", "traces");
1293
+ if (!fs25.existsSync(outDir)) fs25.mkdirSync(outDir, { recursive: true });
1294
1294
  if (!__ndjsonPath) {
1295
1295
  const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
1296
- __ndjsonPath = path33.join(outDir, `${ts}.ndjson`);
1296
+ __ndjsonPath = path29.join(outDir, `${ts}.ndjson`);
1297
1297
  }
1298
1298
  return __ndjsonPath;
1299
1299
  } catch {
@@ -1302,11 +1302,11 @@ function __getOrCreateNdjsonPath() {
1302
1302
  }
1303
1303
  function _appendRunMarker() {
1304
1304
  try {
1305
- const fs29 = require("fs");
1305
+ const fs25 = require("fs");
1306
1306
  const p = __getOrCreateNdjsonPath();
1307
1307
  if (!p) return;
1308
1308
  const line = { name: "visor.run", attributes: { started: true } };
1309
- fs29.appendFileSync(p, JSON.stringify(line) + "\n", "utf8");
1309
+ fs25.appendFileSync(p, JSON.stringify(line) + "\n", "utf8");
1310
1310
  } catch {
1311
1311
  }
1312
1312
  }
@@ -3393,7 +3393,7 @@ var init_failure_condition_evaluator = __esm({
3393
3393
  */
3394
3394
  evaluateExpression(condition, context2) {
3395
3395
  try {
3396
- const normalize8 = (expr) => {
3396
+ const normalize4 = (expr) => {
3397
3397
  const trimmed = expr.trim();
3398
3398
  if (!/[\n;]/.test(trimmed)) return trimmed;
3399
3399
  const parts = trimmed.split(/[\n;]+/).map((s) => s.trim()).filter((s) => s.length > 0 && !s.startsWith("//"));
@@ -3551,7 +3551,7 @@ var init_failure_condition_evaluator = __esm({
3551
3551
  try {
3552
3552
  exec2 = this.sandbox.compile(`return (${raw});`);
3553
3553
  } catch {
3554
- const normalizedExpr = normalize8(condition);
3554
+ const normalizedExpr = normalize4(condition);
3555
3555
  exec2 = this.sandbox.compile(`return (${normalizedExpr});`);
3556
3556
  }
3557
3557
  const result = exec2(scope).run();
@@ -3934,9 +3934,9 @@ function configureLiquidWithExtensions(liquid) {
3934
3934
  });
3935
3935
  liquid.registerFilter("get", (obj, pathExpr) => {
3936
3936
  if (obj == null) return void 0;
3937
- const path33 = typeof pathExpr === "string" ? pathExpr : String(pathExpr || "");
3938
- if (!path33) return obj;
3939
- const parts = path33.split(".");
3937
+ const path29 = typeof pathExpr === "string" ? pathExpr : String(pathExpr || "");
3938
+ if (!path29) return obj;
3939
+ const parts = path29.split(".");
3940
3940
  let cur = obj;
3941
3941
  for (const p of parts) {
3942
3942
  if (cur == null) return void 0;
@@ -4055,9 +4055,9 @@ function configureLiquidWithExtensions(liquid) {
4055
4055
  }
4056
4056
  }
4057
4057
  const defaultRole = typeof rolesCfg.default === "string" && rolesCfg.default.trim() ? rolesCfg.default.trim() : void 0;
4058
- const getNested = (obj, path33) => {
4059
- if (!obj || !path33) return void 0;
4060
- const parts = path33.split(".");
4058
+ const getNested = (obj, path29) => {
4059
+ if (!obj || !path29) return void 0;
4060
+ const parts = path29.split(".");
4061
4061
  let cur = obj;
4062
4062
  for (const p of parts) {
4063
4063
  if (cur == null) return void 0;
@@ -6609,8 +6609,8 @@ var init_dependency_gating = __esm({
6609
6609
  async function renderTemplateContent(checkId, checkConfig, reviewSummary) {
6610
6610
  try {
6611
6611
  const { createExtendedLiquid: createExtendedLiquid2 } = await Promise.resolve().then(() => (init_liquid_extensions(), liquid_extensions_exports));
6612
- const fs29 = await import("fs/promises");
6613
- const path33 = await import("path");
6612
+ const fs25 = await import("fs/promises");
6613
+ const path29 = await import("path");
6614
6614
  const schemaRaw = checkConfig.schema || "plain";
6615
6615
  const schema = typeof schemaRaw === "string" ? schemaRaw : "code-review";
6616
6616
  let templateContent;
@@ -6618,24 +6618,24 @@ async function renderTemplateContent(checkId, checkConfig, reviewSummary) {
6618
6618
  templateContent = String(checkConfig.template.content);
6619
6619
  } else if (checkConfig.template && checkConfig.template.file) {
6620
6620
  const file = String(checkConfig.template.file);
6621
- const resolved = path33.resolve(process.cwd(), file);
6622
- templateContent = await fs29.readFile(resolved, "utf-8");
6621
+ const resolved = path29.resolve(process.cwd(), file);
6622
+ templateContent = await fs25.readFile(resolved, "utf-8");
6623
6623
  } else if (schema && schema !== "plain") {
6624
6624
  const sanitized = String(schema).replace(/[^a-zA-Z0-9-]/g, "");
6625
6625
  if (sanitized) {
6626
6626
  const candidatePaths = [
6627
- path33.join(__dirname, "output", sanitized, "template.liquid"),
6627
+ path29.join(__dirname, "output", sanitized, "template.liquid"),
6628
6628
  // bundled: dist/output/
6629
- path33.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
6629
+ path29.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
6630
6630
  // source: output/
6631
- path33.join(process.cwd(), "output", sanitized, "template.liquid"),
6631
+ path29.join(process.cwd(), "output", sanitized, "template.liquid"),
6632
6632
  // fallback: cwd/output/
6633
- path33.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
6633
+ path29.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
6634
6634
  // fallback: cwd/dist/output/
6635
6635
  ];
6636
6636
  for (const p of candidatePaths) {
6637
6637
  try {
6638
- templateContent = await fs29.readFile(p, "utf-8");
6638
+ templateContent = await fs25.readFile(p, "utf-8");
6639
6639
  if (templateContent) break;
6640
6640
  } catch {
6641
6641
  }
@@ -7040,7 +7040,7 @@ async function processDiffWithOutline(diffContent) {
7040
7040
  }
7041
7041
  try {
7042
7042
  const originalProbePath = process.env.PROBE_PATH;
7043
- const fs29 = require("fs");
7043
+ const fs25 = require("fs");
7044
7044
  const possiblePaths = [
7045
7045
  // Relative to current working directory (most common in production)
7046
7046
  path6.join(process.cwd(), "node_modules/@probelabs/probe/bin/probe-binary"),
@@ -7051,7 +7051,7 @@ async function processDiffWithOutline(diffContent) {
7051
7051
  ];
7052
7052
  let probeBinaryPath;
7053
7053
  for (const candidatePath of possiblePaths) {
7054
- if (fs29.existsSync(candidatePath)) {
7054
+ if (fs25.existsSync(candidatePath)) {
7055
7055
  probeBinaryPath = candidatePath;
7056
7056
  break;
7057
7057
  }
@@ -7158,7 +7158,7 @@ async function renderMermaidToPng(mermaidCode) {
7158
7158
  if (chromiumPath) {
7159
7159
  env.PUPPETEER_EXECUTABLE_PATH = chromiumPath;
7160
7160
  }
7161
- const result = await new Promise((resolve19) => {
7161
+ const result = await new Promise((resolve15) => {
7162
7162
  const proc = (0, import_child_process.spawn)(
7163
7163
  "npx",
7164
7164
  [
@@ -7188,13 +7188,13 @@ async function renderMermaidToPng(mermaidCode) {
7188
7188
  });
7189
7189
  proc.on("close", (code) => {
7190
7190
  if (code === 0) {
7191
- resolve19({ success: true });
7191
+ resolve15({ success: true });
7192
7192
  } else {
7193
- resolve19({ success: false, error: stderr || `Exit code ${code}` });
7193
+ resolve15({ success: false, error: stderr || `Exit code ${code}` });
7194
7194
  }
7195
7195
  });
7196
7196
  proc.on("error", (err) => {
7197
- resolve19({ success: false, error: err.message });
7197
+ resolve15({ success: false, error: err.message });
7198
7198
  });
7199
7199
  });
7200
7200
  if (!result.success) {
@@ -8392,8 +8392,8 @@ ${schemaString}`);
8392
8392
  }
8393
8393
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8394
8394
  try {
8395
- const fs29 = require("fs");
8396
- const path33 = require("path");
8395
+ const fs25 = require("fs");
8396
+ const path29 = require("path");
8397
8397
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8398
8398
  const provider = this.config.provider || "auto";
8399
8399
  const model = this.config.model || "default";
@@ -8507,20 +8507,20 @@ ${"=".repeat(60)}
8507
8507
  `;
8508
8508
  readableVersion += `${"=".repeat(60)}
8509
8509
  `;
8510
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8511
- if (!fs29.existsSync(debugArtifactsDir)) {
8512
- fs29.mkdirSync(debugArtifactsDir, { recursive: true });
8510
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8511
+ if (!fs25.existsSync(debugArtifactsDir)) {
8512
+ fs25.mkdirSync(debugArtifactsDir, { recursive: true });
8513
8513
  }
8514
- const debugFile = path33.join(
8514
+ const debugFile = path29.join(
8515
8515
  debugArtifactsDir,
8516
8516
  `prompt-${_checkName || "unknown"}-${timestamp}.json`
8517
8517
  );
8518
- fs29.writeFileSync(debugFile, debugJson, "utf-8");
8519
- const readableFile = path33.join(
8518
+ fs25.writeFileSync(debugFile, debugJson, "utf-8");
8519
+ const readableFile = path29.join(
8520
8520
  debugArtifactsDir,
8521
8521
  `prompt-${_checkName || "unknown"}-${timestamp}.txt`
8522
8522
  );
8523
- fs29.writeFileSync(readableFile, readableVersion, "utf-8");
8523
+ fs25.writeFileSync(readableFile, readableVersion, "utf-8");
8524
8524
  log(`
8525
8525
  \u{1F4BE} Full debug info saved to:`);
8526
8526
  log(` JSON: ${debugFile}`);
@@ -8558,8 +8558,8 @@ ${"=".repeat(60)}
8558
8558
  log(`\u{1F4E4} Response length: ${response.length} characters`);
8559
8559
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8560
8560
  try {
8561
- const fs29 = require("fs");
8562
- const path33 = require("path");
8561
+ const fs25 = require("fs");
8562
+ const path29 = require("path");
8563
8563
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8564
8564
  const agentAny2 = agent;
8565
8565
  let fullHistory = [];
@@ -8570,8 +8570,8 @@ ${"=".repeat(60)}
8570
8570
  } else if (agentAny2._messages) {
8571
8571
  fullHistory = agentAny2._messages;
8572
8572
  }
8573
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8574
- const sessionBase = path33.join(
8573
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8574
+ const sessionBase = path29.join(
8575
8575
  debugArtifactsDir,
8576
8576
  `session-${_checkName || "unknown"}-${timestamp}`
8577
8577
  );
@@ -8583,7 +8583,7 @@ ${"=".repeat(60)}
8583
8583
  schema: effectiveSchema,
8584
8584
  totalMessages: fullHistory.length
8585
8585
  };
8586
- fs29.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
8586
+ fs25.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
8587
8587
  let readable = `=============================================================
8588
8588
  `;
8589
8589
  readable += `COMPLETE AI SESSION HISTORY (AFTER RESPONSE)
@@ -8610,7 +8610,7 @@ ${"=".repeat(60)}
8610
8610
  `;
8611
8611
  readable += content + "\n";
8612
8612
  });
8613
- fs29.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
8613
+ fs25.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
8614
8614
  log(`\u{1F4BE} Complete session history saved:`);
8615
8615
  log(` - Contains ALL ${fullHistory.length} messages (prompts + responses)`);
8616
8616
  } catch (error) {
@@ -8619,11 +8619,11 @@ ${"=".repeat(60)}
8619
8619
  }
8620
8620
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8621
8621
  try {
8622
- const fs29 = require("fs");
8623
- const path33 = require("path");
8622
+ const fs25 = require("fs");
8623
+ const path29 = require("path");
8624
8624
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8625
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8626
- const responseFile = path33.join(
8625
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8626
+ const responseFile = path29.join(
8627
8627
  debugArtifactsDir,
8628
8628
  `response-${_checkName || "unknown"}-${timestamp}.txt`
8629
8629
  );
@@ -8656,7 +8656,7 @@ ${"=".repeat(60)}
8656
8656
  `;
8657
8657
  responseContent += `${"=".repeat(60)}
8658
8658
  `;
8659
- fs29.writeFileSync(responseFile, responseContent, "utf-8");
8659
+ fs25.writeFileSync(responseFile, responseContent, "utf-8");
8660
8660
  log(`\u{1F4BE} Response saved to: ${responseFile}`);
8661
8661
  } catch (error) {
8662
8662
  log(`\u26A0\uFE0F Could not save response file: ${error}`);
@@ -8672,9 +8672,9 @@ ${"=".repeat(60)}
8672
8672
  await agentAny._telemetryConfig.shutdown();
8673
8673
  log(`\u{1F4CA} OpenTelemetry trace saved to: ${agentAny._traceFilePath}`);
8674
8674
  if (process.env.GITHUB_ACTIONS) {
8675
- const fs29 = require("fs");
8676
- if (fs29.existsSync(agentAny._traceFilePath)) {
8677
- const stats = fs29.statSync(agentAny._traceFilePath);
8675
+ const fs25 = require("fs");
8676
+ if (fs25.existsSync(agentAny._traceFilePath)) {
8677
+ const stats = fs25.statSync(agentAny._traceFilePath);
8678
8678
  console.log(
8679
8679
  `::notice title=AI Trace Saved::${agentAny._traceFilePath} (${stats.size} bytes)`
8680
8680
  );
@@ -8887,9 +8887,9 @@ ${schemaString}`);
8887
8887
  const model = this.config.model || "default";
8888
8888
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
8889
8889
  try {
8890
- const fs29 = require("fs");
8891
- const path33 = require("path");
8892
- const os3 = require("os");
8890
+ const fs25 = require("fs");
8891
+ const path29 = require("path");
8892
+ const os2 = require("os");
8893
8893
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
8894
8894
  const debugData = {
8895
8895
  timestamp,
@@ -8961,19 +8961,19 @@ ${"=".repeat(60)}
8961
8961
  `;
8962
8962
  readableVersion += `${"=".repeat(60)}
8963
8963
  `;
8964
- const tempDir = os3.tmpdir();
8965
- const promptFile = path33.join(tempDir, `visor-prompt-${timestamp}.txt`);
8966
- fs29.writeFileSync(promptFile, prompt, "utf-8");
8964
+ const tempDir = os2.tmpdir();
8965
+ const promptFile = path29.join(tempDir, `visor-prompt-${timestamp}.txt`);
8966
+ fs25.writeFileSync(promptFile, prompt, "utf-8");
8967
8967
  log(`
8968
8968
  \u{1F4BE} Prompt saved to: ${promptFile}`);
8969
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
8969
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
8970
8970
  try {
8971
- const base = path33.join(
8971
+ const base = path29.join(
8972
8972
  debugArtifactsDir,
8973
8973
  `prompt-${_checkName || "unknown"}-${timestamp}`
8974
8974
  );
8975
- fs29.writeFileSync(base + ".json", debugJson, "utf-8");
8976
- fs29.writeFileSync(base + ".summary.txt", readableVersion, "utf-8");
8975
+ fs25.writeFileSync(base + ".json", debugJson, "utf-8");
8976
+ fs25.writeFileSync(base + ".summary.txt", readableVersion, "utf-8");
8977
8977
  log(`
8978
8978
  \u{1F4BE} Full debug info saved to directory: ${debugArtifactsDir}`);
8979
8979
  } catch {
@@ -9023,8 +9023,8 @@ $ ${cliCommand}
9023
9023
  log(`\u{1F4E4} Response length: ${response.length} characters`);
9024
9024
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
9025
9025
  try {
9026
- const fs29 = require("fs");
9027
- const path33 = require("path");
9026
+ const fs25 = require("fs");
9027
+ const path29 = require("path");
9028
9028
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
9029
9029
  const agentAny = agent;
9030
9030
  let fullHistory = [];
@@ -9035,8 +9035,8 @@ $ ${cliCommand}
9035
9035
  } else if (agentAny._messages) {
9036
9036
  fullHistory = agentAny._messages;
9037
9037
  }
9038
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
9039
- const sessionBase = path33.join(
9038
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
9039
+ const sessionBase = path29.join(
9040
9040
  debugArtifactsDir,
9041
9041
  `session-${_checkName || "unknown"}-${timestamp}`
9042
9042
  );
@@ -9048,7 +9048,7 @@ $ ${cliCommand}
9048
9048
  schema: effectiveSchema,
9049
9049
  totalMessages: fullHistory.length
9050
9050
  };
9051
- fs29.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
9051
+ fs25.writeFileSync(sessionBase + ".json", JSON.stringify(sessionData, null, 2), "utf-8");
9052
9052
  let readable = `=============================================================
9053
9053
  `;
9054
9054
  readable += `COMPLETE AI SESSION HISTORY (AFTER RESPONSE)
@@ -9075,7 +9075,7 @@ ${"=".repeat(60)}
9075
9075
  `;
9076
9076
  readable += content + "\n";
9077
9077
  });
9078
- fs29.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
9078
+ fs25.writeFileSync(sessionBase + ".summary.txt", readable, "utf-8");
9079
9079
  log(`\u{1F4BE} Complete session history saved:`);
9080
9080
  log(` - Contains ALL ${fullHistory.length} messages (prompts + responses)`);
9081
9081
  } catch (error) {
@@ -9084,11 +9084,11 @@ ${"=".repeat(60)}
9084
9084
  }
9085
9085
  if (process.env.VISOR_DEBUG_AI_SESSIONS === "true") {
9086
9086
  try {
9087
- const fs29 = require("fs");
9088
- const path33 = require("path");
9087
+ const fs25 = require("fs");
9088
+ const path29 = require("path");
9089
9089
  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
9090
- const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path33.join(process.cwd(), "debug-artifacts");
9091
- const responseFile = path33.join(
9090
+ const debugArtifactsDir = process.env.VISOR_DEBUG_ARTIFACTS || path29.join(process.cwd(), "debug-artifacts");
9091
+ const responseFile = path29.join(
9092
9092
  debugArtifactsDir,
9093
9093
  `response-${_checkName || "unknown"}-${timestamp}.txt`
9094
9094
  );
@@ -9121,7 +9121,7 @@ ${"=".repeat(60)}
9121
9121
  `;
9122
9122
  responseContent += `${"=".repeat(60)}
9123
9123
  `;
9124
- fs29.writeFileSync(responseFile, responseContent, "utf-8");
9124
+ fs25.writeFileSync(responseFile, responseContent, "utf-8");
9125
9125
  log(`\u{1F4BE} Response saved to: ${responseFile}`);
9126
9126
  } catch (error) {
9127
9127
  log(`\u26A0\uFE0F Could not save response file: ${error}`);
@@ -9139,9 +9139,9 @@ ${"=".repeat(60)}
9139
9139
  await telemetry.shutdown();
9140
9140
  log(`\u{1F4CA} OpenTelemetry trace saved to: ${traceFilePath}`);
9141
9141
  if (process.env.GITHUB_ACTIONS) {
9142
- const fs29 = require("fs");
9143
- if (fs29.existsSync(traceFilePath)) {
9144
- const stats = fs29.statSync(traceFilePath);
9142
+ const fs25 = require("fs");
9143
+ if (fs25.existsSync(traceFilePath)) {
9144
+ const stats = fs25.statSync(traceFilePath);
9145
9145
  console.log(
9146
9146
  `::notice title=AI Trace Saved::OpenTelemetry trace file size: ${stats.size} bytes`
9147
9147
  );
@@ -9179,8 +9179,8 @@ ${"=".repeat(60)}
9179
9179
  * Load schema content from schema files or inline definitions
9180
9180
  */
9181
9181
  async loadSchemaContent(schema) {
9182
- const fs29 = require("fs").promises;
9183
- const path33 = require("path");
9182
+ const fs25 = require("fs").promises;
9183
+ const path29 = require("path");
9184
9184
  if (typeof schema === "object" && schema !== null) {
9185
9185
  log("\u{1F4CB} Using inline schema object from configuration");
9186
9186
  return JSON.stringify(schema);
@@ -9193,14 +9193,14 @@ ${"=".repeat(60)}
9193
9193
  }
9194
9194
  } catch {
9195
9195
  }
9196
- if ((schema.startsWith("./") || schema.includes(".json")) && !path33.isAbsolute(schema)) {
9196
+ if ((schema.startsWith("./") || schema.includes(".json")) && !path29.isAbsolute(schema)) {
9197
9197
  if (schema.includes("..") || schema.includes("\0")) {
9198
9198
  throw new Error("Invalid schema path: path traversal not allowed");
9199
9199
  }
9200
9200
  try {
9201
- const schemaPath = path33.resolve(process.cwd(), schema);
9201
+ const schemaPath = path29.resolve(process.cwd(), schema);
9202
9202
  log(`\u{1F4CB} Loading custom schema from file: ${schemaPath}`);
9203
- const schemaContent = await fs29.readFile(schemaPath, "utf-8");
9203
+ const schemaContent = await fs25.readFile(schemaPath, "utf-8");
9204
9204
  return schemaContent.trim();
9205
9205
  } catch (error) {
9206
9206
  throw new Error(
@@ -9214,22 +9214,22 @@ ${"=".repeat(60)}
9214
9214
  }
9215
9215
  const candidatePaths = [
9216
9216
  // GitHub Action bundle location
9217
- path33.join(__dirname, "output", sanitizedSchemaName, "schema.json"),
9217
+ path29.join(__dirname, "output", sanitizedSchemaName, "schema.json"),
9218
9218
  // Historical fallback when src/output was inadvertently bundled as output1/
9219
- path33.join(__dirname, "output1", sanitizedSchemaName, "schema.json"),
9219
+ path29.join(__dirname, "output1", sanitizedSchemaName, "schema.json"),
9220
9220
  // Local dev (repo root)
9221
- path33.join(process.cwd(), "output", sanitizedSchemaName, "schema.json")
9221
+ path29.join(process.cwd(), "output", sanitizedSchemaName, "schema.json")
9222
9222
  ];
9223
9223
  for (const schemaPath of candidatePaths) {
9224
9224
  try {
9225
- const schemaContent = await fs29.readFile(schemaPath, "utf-8");
9225
+ const schemaContent = await fs25.readFile(schemaPath, "utf-8");
9226
9226
  return schemaContent.trim();
9227
9227
  } catch {
9228
9228
  }
9229
9229
  }
9230
- const distPath = path33.join(__dirname, "output", sanitizedSchemaName, "schema.json");
9231
- const distAltPath = path33.join(__dirname, "output1", sanitizedSchemaName, "schema.json");
9232
- const cwdPath = path33.join(process.cwd(), "output", sanitizedSchemaName, "schema.json");
9230
+ const distPath = path29.join(__dirname, "output", sanitizedSchemaName, "schema.json");
9231
+ const distAltPath = path29.join(__dirname, "output1", sanitizedSchemaName, "schema.json");
9232
+ const cwdPath = path29.join(process.cwd(), "output", sanitizedSchemaName, "schema.json");
9233
9233
  throw new Error(
9234
9234
  `Failed to load schema '${sanitizedSchemaName}'. Tried: ${distPath}, ${distAltPath}, and ${cwdPath}. Ensure build copies 'output/' into dist (build:cli), or provide a custom schema file/path.`
9235
9235
  );
@@ -9471,7 +9471,7 @@ ${"=".repeat(60)}
9471
9471
  * Generate mock response for testing
9472
9472
  */
9473
9473
  async generateMockResponse(_prompt, _checkName, _schema) {
9474
- await new Promise((resolve19) => setTimeout(resolve19, 500));
9474
+ await new Promise((resolve15) => setTimeout(resolve15, 500));
9475
9475
  const name = (_checkName || "").toLowerCase();
9476
9476
  if (name.includes("extract-facts")) {
9477
9477
  const arr = Array.from({ length: 6 }, (_, i) => ({
@@ -9832,7 +9832,7 @@ var init_command_executor = __esm({
9832
9832
  * Execute command with stdin input
9833
9833
  */
9834
9834
  executeWithStdin(command, options) {
9835
- return new Promise((resolve19, reject) => {
9835
+ return new Promise((resolve15, reject) => {
9836
9836
  const childProcess = (0, import_child_process2.exec)(
9837
9837
  command,
9838
9838
  {
@@ -9844,7 +9844,7 @@ var init_command_executor = __esm({
9844
9844
  if (error && error.killed && (error.code === "ETIMEDOUT" || error.signal === "SIGTERM")) {
9845
9845
  reject(new Error(`Command timed out after ${options.timeout || 3e4}ms`));
9846
9846
  } else {
9847
- resolve19({
9847
+ resolve15({
9848
9848
  stdout: stdout || "",
9849
9849
  stderr: stderr || "",
9850
9850
  exitCode: error ? error.code || 1 : 0
@@ -18636,17 +18636,17 @@ var init_workflow_check_provider = __esm({
18636
18636
  * so it can be executed by the state machine as a nested workflow.
18637
18637
  */
18638
18638
  async loadWorkflowFromConfigPath(sourcePath, baseDir) {
18639
- const path33 = require("path");
18640
- const fs29 = require("fs");
18639
+ const path29 = require("path");
18640
+ const fs25 = require("fs");
18641
18641
  const yaml5 = require("js-yaml");
18642
- const resolved = path33.isAbsolute(sourcePath) ? sourcePath : path33.resolve(baseDir, sourcePath);
18643
- if (!fs29.existsSync(resolved)) {
18642
+ const resolved = path29.isAbsolute(sourcePath) ? sourcePath : path29.resolve(baseDir, sourcePath);
18643
+ if (!fs25.existsSync(resolved)) {
18644
18644
  throw new Error(`Workflow config not found at: ${resolved}`);
18645
18645
  }
18646
- const rawContent = fs29.readFileSync(resolved, "utf8");
18646
+ const rawContent = fs25.readFileSync(resolved, "utf8");
18647
18647
  const rawData = yaml5.load(rawContent);
18648
18648
  if (rawData.imports && Array.isArray(rawData.imports)) {
18649
- const configDir = path33.dirname(resolved);
18649
+ const configDir = path29.dirname(resolved);
18650
18650
  for (const source of rawData.imports) {
18651
18651
  const results = await this.registry.import(source, {
18652
18652
  basePath: configDir,
@@ -18676,8 +18676,8 @@ ${errors}`);
18676
18676
  if (!steps || Object.keys(steps).length === 0) {
18677
18677
  throw new Error(`Config '${resolved}' does not contain any steps to execute as a workflow`);
18678
18678
  }
18679
- const id = path33.basename(resolved).replace(/\.(ya?ml)$/i, "");
18680
- const name = loaded.name || `Workflow from ${path33.basename(resolved)}`;
18679
+ const id = path29.basename(resolved).replace(/\.(ya?ml)$/i, "");
18680
+ const name = loaded.name || `Workflow from ${path29.basename(resolved)}`;
18681
18681
  const workflowDef = {
18682
18682
  id,
18683
18683
  name,
@@ -19486,8 +19486,8 @@ async function createStoreBackend(storageConfig, haConfig) {
19486
19486
  case "mssql": {
19487
19487
  try {
19488
19488
  const loaderPath = "../../enterprise/loader";
19489
- const { loadEnterpriseStoreBackend: loadEnterpriseStoreBackend2 } = await import(loaderPath);
19490
- return await loadEnterpriseStoreBackend2(driver, storageConfig, haConfig);
19489
+ const { loadEnterpriseStoreBackend } = await import(loaderPath);
19490
+ return await loadEnterpriseStoreBackend(driver, storageConfig, haConfig);
19491
19491
  } catch (err) {
19492
19492
  const msg = err instanceof Error ? err.message : String(err);
19493
19493
  logger.error(`[StoreFactory] Failed to load enterprise ${driver} backend: ${msg}`);
@@ -22181,7 +22181,7 @@ var init_mcp_custom_sse_server = __esm({
22181
22181
  * Returns the actual bound port number
22182
22182
  */
22183
22183
  async start() {
22184
- return new Promise((resolve19, reject) => {
22184
+ return new Promise((resolve15, reject) => {
22185
22185
  try {
22186
22186
  this.server = import_http.default.createServer((req, res) => {
22187
22187
  this.handleRequest(req, res).catch((error) => {
@@ -22215,7 +22215,7 @@ var init_mcp_custom_sse_server = __esm({
22215
22215
  );
22216
22216
  }
22217
22217
  this.startKeepalive();
22218
- resolve19(this.port);
22218
+ resolve15(this.port);
22219
22219
  });
22220
22220
  } catch (error) {
22221
22221
  reject(error);
@@ -22278,7 +22278,7 @@ var init_mcp_custom_sse_server = __esm({
22278
22278
  logger.debug(
22279
22279
  `[CustomToolsSSEServer:${this.sessionId}] Grace period before stop: ${waitMs}ms (activeToolCalls=${this.activeToolCalls})`
22280
22280
  );
22281
- await new Promise((resolve19) => setTimeout(resolve19, waitMs));
22281
+ await new Promise((resolve15) => setTimeout(resolve15, waitMs));
22282
22282
  }
22283
22283
  }
22284
22284
  if (this.activeToolCalls > 0) {
@@ -22287,7 +22287,7 @@ var init_mcp_custom_sse_server = __esm({
22287
22287
  `[CustomToolsSSEServer:${this.sessionId}] Waiting for ${this.activeToolCalls} active tool call(s) before stop`
22288
22288
  );
22289
22289
  while (this.activeToolCalls > 0 && Date.now() - startedAt < effectiveDrainTimeoutMs) {
22290
- await new Promise((resolve19) => setTimeout(resolve19, 250));
22290
+ await new Promise((resolve15) => setTimeout(resolve15, 250));
22291
22291
  }
22292
22292
  if (this.activeToolCalls > 0) {
22293
22293
  logger.warn(
@@ -22312,21 +22312,21 @@ var init_mcp_custom_sse_server = __esm({
22312
22312
  }
22313
22313
  this.connections.clear();
22314
22314
  if (this.server) {
22315
- await new Promise((resolve19, reject) => {
22315
+ await new Promise((resolve15, reject) => {
22316
22316
  const timeout = setTimeout(() => {
22317
22317
  if (this.debug) {
22318
22318
  logger.debug(
22319
22319
  `[CustomToolsSSEServer:${this.sessionId}] Force closing server after timeout`
22320
22320
  );
22321
22321
  }
22322
- this.server?.close(() => resolve19());
22322
+ this.server?.close(() => resolve15());
22323
22323
  }, 5e3);
22324
22324
  this.server.close((error) => {
22325
22325
  clearTimeout(timeout);
22326
22326
  if (error) {
22327
22327
  reject(error);
22328
22328
  } else {
22329
- resolve19();
22329
+ resolve15();
22330
22330
  }
22331
22331
  });
22332
22332
  });
@@ -22783,7 +22783,7 @@ var init_mcp_custom_sse_server = __esm({
22783
22783
  logger.warn(
22784
22784
  `[CustomToolsSSEServer:${this.sessionId}] Tool ${toolName} failed (attempt ${attempt + 1}/${retryCount + 1}): ${errorMsg}. Retrying in ${delay}ms`
22785
22785
  );
22786
- await new Promise((resolve19) => setTimeout(resolve19, delay));
22786
+ await new Promise((resolve15) => setTimeout(resolve15, delay));
22787
22787
  attempt++;
22788
22788
  }
22789
22789
  }
@@ -23255,9 +23255,9 @@ var init_ai_check_provider = __esm({
23255
23255
  } else {
23256
23256
  resolvedPath = import_path8.default.resolve(process.cwd(), str);
23257
23257
  }
23258
- const fs29 = require("fs").promises;
23258
+ const fs25 = require("fs").promises;
23259
23259
  try {
23260
- const stat2 = await fs29.stat(resolvedPath);
23260
+ const stat2 = await fs25.stat(resolvedPath);
23261
23261
  return stat2.isFile();
23262
23262
  } catch {
23263
23263
  return hasFileExtension && (isRelativePath || isAbsolutePath || hasPathSeparators);
@@ -29408,14 +29408,14 @@ var require_util = __commonJS({
29408
29408
  }
29409
29409
  const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80;
29410
29410
  let origin = url.origin != null ? url.origin : `${url.protocol}//${url.hostname}:${port}`;
29411
- let path33 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
29411
+ let path29 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
29412
29412
  if (origin.endsWith("/")) {
29413
29413
  origin = origin.substring(0, origin.length - 1);
29414
29414
  }
29415
- if (path33 && !path33.startsWith("/")) {
29416
- path33 = `/${path33}`;
29415
+ if (path29 && !path29.startsWith("/")) {
29416
+ path29 = `/${path29}`;
29417
29417
  }
29418
- url = new URL(origin + path33);
29418
+ url = new URL(origin + path29);
29419
29419
  }
29420
29420
  return url;
29421
29421
  }
@@ -31029,20 +31029,20 @@ var require_parseParams = __commonJS({
31029
31029
  var require_basename = __commonJS({
31030
31030
  "node_modules/@fastify/busboy/lib/utils/basename.js"(exports2, module2) {
31031
31031
  "use strict";
31032
- module2.exports = function basename4(path33) {
31033
- if (typeof path33 !== "string") {
31032
+ module2.exports = function basename4(path29) {
31033
+ if (typeof path29 !== "string") {
31034
31034
  return "";
31035
31035
  }
31036
- for (var i = path33.length - 1; i >= 0; --i) {
31037
- switch (path33.charCodeAt(i)) {
31036
+ for (var i = path29.length - 1; i >= 0; --i) {
31037
+ switch (path29.charCodeAt(i)) {
31038
31038
  case 47:
31039
31039
  // '/'
31040
31040
  case 92:
31041
- path33 = path33.slice(i + 1);
31042
- return path33 === ".." || path33 === "." ? "" : path33;
31041
+ path29 = path29.slice(i + 1);
31042
+ return path29 === ".." || path29 === "." ? "" : path29;
31043
31043
  }
31044
31044
  }
31045
- return path33 === ".." || path33 === "." ? "" : path33;
31045
+ return path29 === ".." || path29 === "." ? "" : path29;
31046
31046
  };
31047
31047
  }
31048
31048
  });
@@ -32046,11 +32046,11 @@ var require_util2 = __commonJS({
32046
32046
  var assert = require("assert");
32047
32047
  var { isUint8Array } = require("util/types");
32048
32048
  var supportedHashes = [];
32049
- var crypto9;
32049
+ var crypto7;
32050
32050
  try {
32051
- crypto9 = require("crypto");
32051
+ crypto7 = require("crypto");
32052
32052
  const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
32053
- supportedHashes = crypto9.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
32053
+ supportedHashes = crypto7.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
32054
32054
  } catch {
32055
32055
  }
32056
32056
  function responseURL(response) {
@@ -32327,7 +32327,7 @@ var require_util2 = __commonJS({
32327
32327
  }
32328
32328
  }
32329
32329
  function bytesMatch(bytes, metadataList) {
32330
- if (crypto9 === void 0) {
32330
+ if (crypto7 === void 0) {
32331
32331
  return true;
32332
32332
  }
32333
32333
  const parsedMetadata = parseMetadata(metadataList);
@@ -32342,7 +32342,7 @@ var require_util2 = __commonJS({
32342
32342
  for (const item of metadata) {
32343
32343
  const algorithm = item.algo;
32344
32344
  const expectedValue = item.hash;
32345
- let actualValue = crypto9.createHash(algorithm).update(bytes).digest("base64");
32345
+ let actualValue = crypto7.createHash(algorithm).update(bytes).digest("base64");
32346
32346
  if (actualValue[actualValue.length - 1] === "=") {
32347
32347
  if (actualValue[actualValue.length - 2] === "=") {
32348
32348
  actualValue = actualValue.slice(0, -2);
@@ -32435,8 +32435,8 @@ var require_util2 = __commonJS({
32435
32435
  function createDeferredPromise() {
32436
32436
  let res;
32437
32437
  let rej;
32438
- const promise = new Promise((resolve19, reject) => {
32439
- res = resolve19;
32438
+ const promise = new Promise((resolve15, reject) => {
32439
+ res = resolve15;
32440
32440
  rej = reject;
32441
32441
  });
32442
32442
  return { promise, resolve: res, reject: rej };
@@ -33689,8 +33689,8 @@ var require_body = __commonJS({
33689
33689
  var { parseMIMEType, serializeAMimeType } = require_dataURL();
33690
33690
  var random;
33691
33691
  try {
33692
- const crypto9 = require("crypto");
33693
- random = (max) => crypto9.randomInt(0, max);
33692
+ const crypto7 = require("crypto");
33693
+ random = (max) => crypto7.randomInt(0, max);
33694
33694
  } catch {
33695
33695
  random = (max) => Math.floor(Math.random(max));
33696
33696
  }
@@ -33941,8 +33941,8 @@ Content-Type: ${value.type || "application/octet-stream"}\r
33941
33941
  });
33942
33942
  }
33943
33943
  });
33944
- const busboyResolve = new Promise((resolve19, reject) => {
33945
- busboy.on("finish", resolve19);
33944
+ const busboyResolve = new Promise((resolve15, reject) => {
33945
+ busboy.on("finish", resolve15);
33946
33946
  busboy.on("error", (err) => reject(new TypeError(err)));
33947
33947
  });
33948
33948
  if (this.body !== null) for await (const chunk of consumeBody(this[kState].body)) busboy.write(chunk);
@@ -34073,7 +34073,7 @@ var require_request = __commonJS({
34073
34073
  }
34074
34074
  var Request2 = class _Request {
34075
34075
  constructor(origin, {
34076
- path: path33,
34076
+ path: path29,
34077
34077
  method,
34078
34078
  body,
34079
34079
  headers,
@@ -34087,11 +34087,11 @@ var require_request = __commonJS({
34087
34087
  throwOnError,
34088
34088
  expectContinue
34089
34089
  }, handler) {
34090
- if (typeof path33 !== "string") {
34090
+ if (typeof path29 !== "string") {
34091
34091
  throw new InvalidArgumentError("path must be a string");
34092
- } else if (path33[0] !== "/" && !(path33.startsWith("http://") || path33.startsWith("https://")) && method !== "CONNECT") {
34092
+ } else if (path29[0] !== "/" && !(path29.startsWith("http://") || path29.startsWith("https://")) && method !== "CONNECT") {
34093
34093
  throw new InvalidArgumentError("path must be an absolute URL or start with a slash");
34094
- } else if (invalidPathRegex.exec(path33) !== null) {
34094
+ } else if (invalidPathRegex.exec(path29) !== null) {
34095
34095
  throw new InvalidArgumentError("invalid request path");
34096
34096
  }
34097
34097
  if (typeof method !== "string") {
@@ -34154,7 +34154,7 @@ var require_request = __commonJS({
34154
34154
  this.completed = false;
34155
34155
  this.aborted = false;
34156
34156
  this.upgrade = upgrade || null;
34157
- this.path = query ? util.buildURL(path33, query) : path33;
34157
+ this.path = query ? util.buildURL(path29, query) : path29;
34158
34158
  this.origin = origin;
34159
34159
  this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent;
34160
34160
  this.blocking = blocking == null ? false : blocking;
@@ -34476,9 +34476,9 @@ var require_dispatcher_base = __commonJS({
34476
34476
  }
34477
34477
  close(callback) {
34478
34478
  if (callback === void 0) {
34479
- return new Promise((resolve19, reject) => {
34479
+ return new Promise((resolve15, reject) => {
34480
34480
  this.close((err, data) => {
34481
- return err ? reject(err) : resolve19(data);
34481
+ return err ? reject(err) : resolve15(data);
34482
34482
  });
34483
34483
  });
34484
34484
  }
@@ -34516,12 +34516,12 @@ var require_dispatcher_base = __commonJS({
34516
34516
  err = null;
34517
34517
  }
34518
34518
  if (callback === void 0) {
34519
- return new Promise((resolve19, reject) => {
34519
+ return new Promise((resolve15, reject) => {
34520
34520
  this.destroy(err, (err2, data) => {
34521
34521
  return err2 ? (
34522
34522
  /* istanbul ignore next: should never error */
34523
34523
  reject(err2)
34524
- ) : resolve19(data);
34524
+ ) : resolve15(data);
34525
34525
  });
34526
34526
  });
34527
34527
  }
@@ -35162,9 +35162,9 @@ var require_RedirectHandler = __commonJS({
35162
35162
  return this.handler.onHeaders(statusCode, headers, resume, statusText);
35163
35163
  }
35164
35164
  const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)));
35165
- const path33 = search ? `${pathname}${search}` : pathname;
35165
+ const path29 = search ? `${pathname}${search}` : pathname;
35166
35166
  this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin);
35167
- this.opts.path = path33;
35167
+ this.opts.path = path29;
35168
35168
  this.opts.origin = origin;
35169
35169
  this.opts.maxRedirections = 0;
35170
35170
  this.opts.query = null;
@@ -35583,16 +35583,16 @@ var require_client = __commonJS({
35583
35583
  return this[kNeedDrain] < 2;
35584
35584
  }
35585
35585
  async [kClose]() {
35586
- return new Promise((resolve19) => {
35586
+ return new Promise((resolve15) => {
35587
35587
  if (!this[kSize]) {
35588
- resolve19(null);
35588
+ resolve15(null);
35589
35589
  } else {
35590
- this[kClosedResolve] = resolve19;
35590
+ this[kClosedResolve] = resolve15;
35591
35591
  }
35592
35592
  });
35593
35593
  }
35594
35594
  async [kDestroy](err) {
35595
- return new Promise((resolve19) => {
35595
+ return new Promise((resolve15) => {
35596
35596
  const requests = this[kQueue].splice(this[kPendingIdx]);
35597
35597
  for (let i = 0; i < requests.length; i++) {
35598
35598
  const request = requests[i];
@@ -35603,7 +35603,7 @@ var require_client = __commonJS({
35603
35603
  this[kClosedResolve]();
35604
35604
  this[kClosedResolve] = null;
35605
35605
  }
35606
- resolve19();
35606
+ resolve15();
35607
35607
  };
35608
35608
  if (this[kHTTP2Session] != null) {
35609
35609
  util.destroy(this[kHTTP2Session], err);
@@ -36183,7 +36183,7 @@ var require_client = __commonJS({
36183
36183
  });
36184
36184
  }
36185
36185
  try {
36186
- const socket = await new Promise((resolve19, reject) => {
36186
+ const socket = await new Promise((resolve15, reject) => {
36187
36187
  client[kConnector]({
36188
36188
  host,
36189
36189
  hostname,
@@ -36195,7 +36195,7 @@ var require_client = __commonJS({
36195
36195
  if (err) {
36196
36196
  reject(err);
36197
36197
  } else {
36198
- resolve19(socket2);
36198
+ resolve15(socket2);
36199
36199
  }
36200
36200
  });
36201
36201
  });
@@ -36406,7 +36406,7 @@ var require_client = __commonJS({
36406
36406
  writeH2(client, client[kHTTP2Session], request);
36407
36407
  return;
36408
36408
  }
36409
- const { body, method, path: path33, host, upgrade, headers, blocking, reset } = request;
36409
+ const { body, method, path: path29, host, upgrade, headers, blocking, reset } = request;
36410
36410
  const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
36411
36411
  if (body && typeof body.read === "function") {
36412
36412
  body.read(0);
@@ -36456,7 +36456,7 @@ var require_client = __commonJS({
36456
36456
  if (blocking) {
36457
36457
  socket[kBlocking] = true;
36458
36458
  }
36459
- let header = `${method} ${path33} HTTP/1.1\r
36459
+ let header = `${method} ${path29} HTTP/1.1\r
36460
36460
  `;
36461
36461
  if (typeof host === "string") {
36462
36462
  header += `host: ${host}\r
@@ -36519,7 +36519,7 @@ upgrade: ${upgrade}\r
36519
36519
  return true;
36520
36520
  }
36521
36521
  function writeH2(client, session, request) {
36522
- const { body, method, path: path33, host, upgrade, expectContinue, signal, headers: reqHeaders } = request;
36522
+ const { body, method, path: path29, host, upgrade, expectContinue, signal, headers: reqHeaders } = request;
36523
36523
  let headers;
36524
36524
  if (typeof reqHeaders === "string") headers = Request2[kHTTP2CopyHeaders](reqHeaders.trim());
36525
36525
  else headers = reqHeaders;
@@ -36562,7 +36562,7 @@ upgrade: ${upgrade}\r
36562
36562
  });
36563
36563
  return true;
36564
36564
  }
36565
- headers[HTTP2_HEADER_PATH] = path33;
36565
+ headers[HTTP2_HEADER_PATH] = path29;
36566
36566
  headers[HTTP2_HEADER_SCHEME] = "https";
36567
36567
  const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
36568
36568
  if (body && typeof body.read === "function") {
@@ -36819,12 +36819,12 @@ upgrade: ${upgrade}\r
36819
36819
  cb();
36820
36820
  }
36821
36821
  }
36822
- const waitForDrain = () => new Promise((resolve19, reject) => {
36822
+ const waitForDrain = () => new Promise((resolve15, reject) => {
36823
36823
  assert(callback === null);
36824
36824
  if (socket[kError]) {
36825
36825
  reject(socket[kError]);
36826
36826
  } else {
36827
- callback = resolve19;
36827
+ callback = resolve15;
36828
36828
  }
36829
36829
  });
36830
36830
  if (client[kHTTPConnVersion] === "h2") {
@@ -37170,8 +37170,8 @@ var require_pool_base = __commonJS({
37170
37170
  if (this[kQueue].isEmpty()) {
37171
37171
  return Promise.all(this[kClients].map((c) => c.close()));
37172
37172
  } else {
37173
- return new Promise((resolve19) => {
37174
- this[kClosedResolve] = resolve19;
37173
+ return new Promise((resolve15) => {
37174
+ this[kClosedResolve] = resolve15;
37175
37175
  });
37176
37176
  }
37177
37177
  }
@@ -37749,7 +37749,7 @@ var require_readable = __commonJS({
37749
37749
  if (this.closed) {
37750
37750
  return Promise.resolve(null);
37751
37751
  }
37752
- return new Promise((resolve19, reject) => {
37752
+ return new Promise((resolve15, reject) => {
37753
37753
  const signalListenerCleanup = signal ? util.addAbortListener(signal, () => {
37754
37754
  this.destroy();
37755
37755
  }) : noop;
@@ -37758,7 +37758,7 @@ var require_readable = __commonJS({
37758
37758
  if (signal && signal.aborted) {
37759
37759
  reject(signal.reason || Object.assign(new Error("The operation was aborted"), { name: "AbortError" }));
37760
37760
  } else {
37761
- resolve19(null);
37761
+ resolve15(null);
37762
37762
  }
37763
37763
  }).on("error", noop).on("data", function(chunk) {
37764
37764
  limit -= chunk.length;
@@ -37780,11 +37780,11 @@ var require_readable = __commonJS({
37780
37780
  throw new TypeError("unusable");
37781
37781
  }
37782
37782
  assert(!stream[kConsume]);
37783
- return new Promise((resolve19, reject) => {
37783
+ return new Promise((resolve15, reject) => {
37784
37784
  stream[kConsume] = {
37785
37785
  type,
37786
37786
  stream,
37787
- resolve: resolve19,
37787
+ resolve: resolve15,
37788
37788
  reject,
37789
37789
  length: 0,
37790
37790
  body: []
@@ -37819,12 +37819,12 @@ var require_readable = __commonJS({
37819
37819
  }
37820
37820
  }
37821
37821
  function consumeEnd(consume2) {
37822
- const { type, body, resolve: resolve19, stream, length } = consume2;
37822
+ const { type, body, resolve: resolve15, stream, length } = consume2;
37823
37823
  try {
37824
37824
  if (type === "text") {
37825
- resolve19(toUSVString(Buffer.concat(body)));
37825
+ resolve15(toUSVString(Buffer.concat(body)));
37826
37826
  } else if (type === "json") {
37827
- resolve19(JSON.parse(Buffer.concat(body)));
37827
+ resolve15(JSON.parse(Buffer.concat(body)));
37828
37828
  } else if (type === "arrayBuffer") {
37829
37829
  const dst = new Uint8Array(length);
37830
37830
  let pos = 0;
@@ -37832,12 +37832,12 @@ var require_readable = __commonJS({
37832
37832
  dst.set(buf, pos);
37833
37833
  pos += buf.byteLength;
37834
37834
  }
37835
- resolve19(dst.buffer);
37835
+ resolve15(dst.buffer);
37836
37836
  } else if (type === "blob") {
37837
37837
  if (!Blob2) {
37838
37838
  Blob2 = require("buffer").Blob;
37839
37839
  }
37840
- resolve19(new Blob2(body, { type: stream[kContentType] }));
37840
+ resolve15(new Blob2(body, { type: stream[kContentType] }));
37841
37841
  }
37842
37842
  consumeFinish(consume2);
37843
37843
  } catch (err) {
@@ -38094,9 +38094,9 @@ var require_api_request = __commonJS({
38094
38094
  };
38095
38095
  function request(opts, callback) {
38096
38096
  if (callback === void 0) {
38097
- return new Promise((resolve19, reject) => {
38097
+ return new Promise((resolve15, reject) => {
38098
38098
  request.call(this, opts, (err, data) => {
38099
- return err ? reject(err) : resolve19(data);
38099
+ return err ? reject(err) : resolve15(data);
38100
38100
  });
38101
38101
  });
38102
38102
  }
@@ -38269,9 +38269,9 @@ var require_api_stream = __commonJS({
38269
38269
  };
38270
38270
  function stream(opts, factory, callback) {
38271
38271
  if (callback === void 0) {
38272
- return new Promise((resolve19, reject) => {
38272
+ return new Promise((resolve15, reject) => {
38273
38273
  stream.call(this, opts, factory, (err, data) => {
38274
- return err ? reject(err) : resolve19(data);
38274
+ return err ? reject(err) : resolve15(data);
38275
38275
  });
38276
38276
  });
38277
38277
  }
@@ -38552,9 +38552,9 @@ var require_api_upgrade = __commonJS({
38552
38552
  };
38553
38553
  function upgrade(opts, callback) {
38554
38554
  if (callback === void 0) {
38555
- return new Promise((resolve19, reject) => {
38555
+ return new Promise((resolve15, reject) => {
38556
38556
  upgrade.call(this, opts, (err, data) => {
38557
- return err ? reject(err) : resolve19(data);
38557
+ return err ? reject(err) : resolve15(data);
38558
38558
  });
38559
38559
  });
38560
38560
  }
@@ -38643,9 +38643,9 @@ var require_api_connect = __commonJS({
38643
38643
  };
38644
38644
  function connect(opts, callback) {
38645
38645
  if (callback === void 0) {
38646
- return new Promise((resolve19, reject) => {
38646
+ return new Promise((resolve15, reject) => {
38647
38647
  connect.call(this, opts, (err, data) => {
38648
- return err ? reject(err) : resolve19(data);
38648
+ return err ? reject(err) : resolve15(data);
38649
38649
  });
38650
38650
  });
38651
38651
  }
@@ -38805,20 +38805,20 @@ var require_mock_utils = __commonJS({
38805
38805
  }
38806
38806
  return true;
38807
38807
  }
38808
- function safeUrl(path33) {
38809
- if (typeof path33 !== "string") {
38810
- return path33;
38808
+ function safeUrl(path29) {
38809
+ if (typeof path29 !== "string") {
38810
+ return path29;
38811
38811
  }
38812
- const pathSegments = path33.split("?");
38812
+ const pathSegments = path29.split("?");
38813
38813
  if (pathSegments.length !== 2) {
38814
- return path33;
38814
+ return path29;
38815
38815
  }
38816
38816
  const qp = new URLSearchParams(pathSegments.pop());
38817
38817
  qp.sort();
38818
38818
  return [...pathSegments, qp.toString()].join("?");
38819
38819
  }
38820
- function matchKey(mockDispatch2, { path: path33, method, body, headers }) {
38821
- const pathMatch = matchValue(mockDispatch2.path, path33);
38820
+ function matchKey(mockDispatch2, { path: path29, method, body, headers }) {
38821
+ const pathMatch = matchValue(mockDispatch2.path, path29);
38822
38822
  const methodMatch = matchValue(mockDispatch2.method, method);
38823
38823
  const bodyMatch = typeof mockDispatch2.body !== "undefined" ? matchValue(mockDispatch2.body, body) : true;
38824
38824
  const headersMatch = matchHeaders(mockDispatch2, headers);
@@ -38836,7 +38836,7 @@ var require_mock_utils = __commonJS({
38836
38836
  function getMockDispatch(mockDispatches, key) {
38837
38837
  const basePath = key.query ? buildURL(key.path, key.query) : key.path;
38838
38838
  const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath;
38839
- let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path33 }) => matchValue(safeUrl(path33), resolvedPath));
38839
+ let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path29 }) => matchValue(safeUrl(path29), resolvedPath));
38840
38840
  if (matchedMockDispatches.length === 0) {
38841
38841
  throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`);
38842
38842
  }
@@ -38873,9 +38873,9 @@ var require_mock_utils = __commonJS({
38873
38873
  }
38874
38874
  }
38875
38875
  function buildKey(opts) {
38876
- const { path: path33, method, body, headers, query } = opts;
38876
+ const { path: path29, method, body, headers, query } = opts;
38877
38877
  return {
38878
- path: path33,
38878
+ path: path29,
38879
38879
  method,
38880
38880
  body,
38881
38881
  headers,
@@ -39324,10 +39324,10 @@ var require_pending_interceptors_formatter = __commonJS({
39324
39324
  }
39325
39325
  format(pendingInterceptors) {
39326
39326
  const withPrettyHeaders = pendingInterceptors.map(
39327
- ({ method, path: path33, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
39327
+ ({ method, path: path29, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
39328
39328
  Method: method,
39329
39329
  Origin: origin,
39330
- Path: path33,
39330
+ Path: path29,
39331
39331
  "Status code": statusCode,
39332
39332
  Persistent: persist ? "\u2705" : "\u274C",
39333
39333
  Invocations: timesInvoked,
@@ -42268,7 +42268,7 @@ var require_fetch = __commonJS({
42268
42268
  async function dispatch({ body }) {
42269
42269
  const url = requestCurrentURL(request);
42270
42270
  const agent = fetchParams.controller.dispatcher;
42271
- return new Promise((resolve19, reject) => agent.dispatch(
42271
+ return new Promise((resolve15, reject) => agent.dispatch(
42272
42272
  {
42273
42273
  path: url.pathname + url.search,
42274
42274
  origin: url.origin,
@@ -42344,7 +42344,7 @@ var require_fetch = __commonJS({
42344
42344
  }
42345
42345
  }
42346
42346
  }
42347
- resolve19({
42347
+ resolve15({
42348
42348
  status,
42349
42349
  statusText,
42350
42350
  headersList: headers[kHeadersList],
@@ -42387,7 +42387,7 @@ var require_fetch = __commonJS({
42387
42387
  const val = headersList[n + 1].toString("latin1");
42388
42388
  headers[kHeadersList].append(key, val);
42389
42389
  }
42390
- resolve19({
42390
+ resolve15({
42391
42391
  status,
42392
42392
  statusText: STATUS_CODES[status],
42393
42393
  headersList: headers[kHeadersList],
@@ -43948,8 +43948,8 @@ var require_util6 = __commonJS({
43948
43948
  }
43949
43949
  }
43950
43950
  }
43951
- function validateCookiePath(path33) {
43952
- for (const char of path33) {
43951
+ function validateCookiePath(path29) {
43952
+ for (const char of path29) {
43953
43953
  const code = char.charCodeAt(0);
43954
43954
  if (code < 33 || char === ";") {
43955
43955
  throw new Error("Invalid cookie path");
@@ -44746,9 +44746,9 @@ var require_connection = __commonJS({
44746
44746
  channels.open = diagnosticsChannel.channel("undici:websocket:open");
44747
44747
  channels.close = diagnosticsChannel.channel("undici:websocket:close");
44748
44748
  channels.socketError = diagnosticsChannel.channel("undici:websocket:socket_error");
44749
- var crypto9;
44749
+ var crypto7;
44750
44750
  try {
44751
- crypto9 = require("crypto");
44751
+ crypto7 = require("crypto");
44752
44752
  } catch {
44753
44753
  }
44754
44754
  function establishWebSocketConnection(url, protocols, ws, onEstablish, options) {
@@ -44767,7 +44767,7 @@ var require_connection = __commonJS({
44767
44767
  const headersList = new Headers(options.headers)[kHeadersList];
44768
44768
  request.headersList = headersList;
44769
44769
  }
44770
- const keyValue = crypto9.randomBytes(16).toString("base64");
44770
+ const keyValue = crypto7.randomBytes(16).toString("base64");
44771
44771
  request.headersList.append("sec-websocket-key", keyValue);
44772
44772
  request.headersList.append("sec-websocket-version", "13");
44773
44773
  for (const protocol of protocols) {
@@ -44796,7 +44796,7 @@ var require_connection = __commonJS({
44796
44796
  return;
44797
44797
  }
44798
44798
  const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
44799
- const digest = crypto9.createHash("sha1").update(keyValue + uid).digest("base64");
44799
+ const digest = crypto7.createHash("sha1").update(keyValue + uid).digest("base64");
44800
44800
  if (secWSAccept !== digest) {
44801
44801
  failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
44802
44802
  return;
@@ -44876,9 +44876,9 @@ var require_frame = __commonJS({
44876
44876
  "node_modules/undici/lib/websocket/frame.js"(exports2, module2) {
44877
44877
  "use strict";
44878
44878
  var { maxUnsigned16Bit } = require_constants5();
44879
- var crypto9;
44879
+ var crypto7;
44880
44880
  try {
44881
- crypto9 = require("crypto");
44881
+ crypto7 = require("crypto");
44882
44882
  } catch {
44883
44883
  }
44884
44884
  var WebsocketFrameSend = class {
@@ -44887,7 +44887,7 @@ var require_frame = __commonJS({
44887
44887
  */
44888
44888
  constructor(data) {
44889
44889
  this.frameData = data;
44890
- this.maskKey = crypto9.randomBytes(4);
44890
+ this.maskKey = crypto7.randomBytes(4);
44891
44891
  }
44892
44892
  createFrame(opcode) {
44893
44893
  const bodyLength = this.frameData?.byteLength ?? 0;
@@ -45629,11 +45629,11 @@ var require_undici = __commonJS({
45629
45629
  if (typeof opts.path !== "string") {
45630
45630
  throw new InvalidArgumentError("invalid opts.path");
45631
45631
  }
45632
- let path33 = opts.path;
45632
+ let path29 = opts.path;
45633
45633
  if (!opts.path.startsWith("/")) {
45634
- path33 = `/${path33}`;
45634
+ path29 = `/${path29}`;
45635
45635
  }
45636
- url = new URL(util.parseOrigin(url).origin + path33);
45636
+ url = new URL(util.parseOrigin(url).origin + path29);
45637
45637
  } else {
45638
45638
  if (!opts) {
45639
45639
  opts = typeof url === "object" ? url : {};
@@ -46202,7 +46202,7 @@ var init_mcp_check_provider = __esm({
46202
46202
  logger.warn(
46203
46203
  `MCP ${transportName} failed (attempt ${attempt + 1}/${maxRetries + 1}), retrying in ${delay}ms: ${error instanceof Error ? error.message : String(error)}`
46204
46204
  );
46205
- await new Promise((resolve19) => setTimeout(resolve19, delay));
46205
+ await new Promise((resolve15) => setTimeout(resolve15, delay));
46206
46206
  attempt += 1;
46207
46207
  } finally {
46208
46208
  try {
@@ -46495,7 +46495,7 @@ async function acquirePromptLock() {
46495
46495
  );
46496
46496
  }, 1e4);
46497
46497
  try {
46498
- await new Promise((resolve19) => waiters.push(resolve19));
46498
+ await new Promise((resolve15) => waiters.push(resolve15));
46499
46499
  } finally {
46500
46500
  clearInterval(reminder);
46501
46501
  const waitedMs = Date.now() - queuedAt;
@@ -46514,7 +46514,7 @@ function releasePromptLock() {
46514
46514
  }
46515
46515
  async function interactivePrompt(options) {
46516
46516
  await acquirePromptLock();
46517
- return new Promise((resolve19, reject) => {
46517
+ return new Promise((resolve15, reject) => {
46518
46518
  const dbg = process.env.VISOR_DEBUG === "true";
46519
46519
  try {
46520
46520
  if (dbg) {
@@ -46601,12 +46601,12 @@ async function interactivePrompt(options) {
46601
46601
  };
46602
46602
  const finish = (value) => {
46603
46603
  cleanup();
46604
- resolve19(value);
46604
+ resolve15(value);
46605
46605
  };
46606
46606
  if (options.timeout && options.timeout > 0) {
46607
46607
  timeoutId = setTimeout(() => {
46608
46608
  cleanup();
46609
- if (defaultValue !== void 0) return resolve19(defaultValue);
46609
+ if (defaultValue !== void 0) return resolve15(defaultValue);
46610
46610
  return reject(new Error("Input timeout"));
46611
46611
  }, options.timeout);
46612
46612
  }
@@ -46738,7 +46738,7 @@ async function interactivePrompt(options) {
46738
46738
  });
46739
46739
  }
46740
46740
  async function simplePrompt(prompt) {
46741
- return new Promise((resolve19) => {
46741
+ return new Promise((resolve15) => {
46742
46742
  const rl = readline.createInterface({
46743
46743
  input: process.stdin,
46744
46744
  output: process.stdout
@@ -46754,7 +46754,7 @@ async function simplePrompt(prompt) {
46754
46754
  rl.question(`${prompt}
46755
46755
  > `, (answer) => {
46756
46756
  rl.close();
46757
- resolve19(answer.trim());
46757
+ resolve15(answer.trim());
46758
46758
  });
46759
46759
  });
46760
46760
  }
@@ -46922,7 +46922,7 @@ function isStdinAvailable() {
46922
46922
  return !process.stdin.isTTY;
46923
46923
  }
46924
46924
  async function readStdin(timeout, maxSize = 1024 * 1024) {
46925
- return new Promise((resolve19, reject) => {
46925
+ return new Promise((resolve15, reject) => {
46926
46926
  let data = "";
46927
46927
  let timeoutId;
46928
46928
  if (timeout) {
@@ -46949,7 +46949,7 @@ async function readStdin(timeout, maxSize = 1024 * 1024) {
46949
46949
  };
46950
46950
  const onEnd = () => {
46951
46951
  cleanup();
46952
- resolve19(data.trim());
46952
+ resolve15(data.trim());
46953
46953
  };
46954
46954
  const onError = (err) => {
46955
46955
  cleanup();
@@ -51649,23 +51649,23 @@ __export(renderer_schema_exports, {
51649
51649
  });
51650
51650
  async function loadRendererSchema(name) {
51651
51651
  try {
51652
- const fs29 = await import("fs/promises");
51653
- const path33 = await import("path");
51652
+ const fs25 = await import("fs/promises");
51653
+ const path29 = await import("path");
51654
51654
  const sanitized = String(name).replace(/[^a-zA-Z0-9-]/g, "");
51655
51655
  if (!sanitized) return void 0;
51656
51656
  const candidates = [
51657
51657
  // When bundled with ncc, __dirname is dist/ and output/ is at dist/output/
51658
- path33.join(__dirname, "output", sanitized, "schema.json"),
51658
+ path29.join(__dirname, "output", sanitized, "schema.json"),
51659
51659
  // When running from source, __dirname is src/state-machine/dispatch/ and output/ is at output/
51660
- path33.join(__dirname, "..", "..", "output", sanitized, "schema.json"),
51660
+ path29.join(__dirname, "..", "..", "output", sanitized, "schema.json"),
51661
51661
  // When running from a checkout with output/ folder copied to CWD
51662
- path33.join(process.cwd(), "output", sanitized, "schema.json"),
51662
+ path29.join(process.cwd(), "output", sanitized, "schema.json"),
51663
51663
  // Fallback: cwd/dist/output/
51664
- path33.join(process.cwd(), "dist", "output", sanitized, "schema.json")
51664
+ path29.join(process.cwd(), "dist", "output", sanitized, "schema.json")
51665
51665
  ];
51666
51666
  for (const p of candidates) {
51667
51667
  try {
51668
- const raw = await fs29.readFile(p, "utf-8");
51668
+ const raw = await fs25.readFile(p, "utf-8");
51669
51669
  return JSON.parse(raw);
51670
51670
  } catch {
51671
51671
  }
@@ -54110,8 +54110,8 @@ function updateStats2(results, state, isForEachIteration = false) {
54110
54110
  async function renderTemplateContent2(checkId, checkConfig, reviewSummary) {
54111
54111
  try {
54112
54112
  const { createExtendedLiquid: createExtendedLiquid2 } = await Promise.resolve().then(() => (init_liquid_extensions(), liquid_extensions_exports));
54113
- const fs29 = await import("fs/promises");
54114
- const path33 = await import("path");
54113
+ const fs25 = await import("fs/promises");
54114
+ const path29 = await import("path");
54115
54115
  const schemaRaw = checkConfig.schema || "plain";
54116
54116
  const schema = typeof schemaRaw === "string" && !schemaRaw.includes("{{") && !schemaRaw.includes("{%") ? schemaRaw : typeof schemaRaw === "object" ? "code-review" : "plain";
54117
54117
  let templateContent;
@@ -54120,27 +54120,27 @@ async function renderTemplateContent2(checkId, checkConfig, reviewSummary) {
54120
54120
  logger.debug(`[LevelDispatch] Using inline template for ${checkId}`);
54121
54121
  } else if (checkConfig.template && checkConfig.template.file) {
54122
54122
  const file = String(checkConfig.template.file);
54123
- const resolved = path33.resolve(process.cwd(), file);
54124
- templateContent = await fs29.readFile(resolved, "utf-8");
54123
+ const resolved = path29.resolve(process.cwd(), file);
54124
+ templateContent = await fs25.readFile(resolved, "utf-8");
54125
54125
  logger.debug(`[LevelDispatch] Using template file for ${checkId}: ${resolved}`);
54126
54126
  } else if (schema && schema !== "plain") {
54127
54127
  const sanitized = String(schema).replace(/[^a-zA-Z0-9-]/g, "");
54128
54128
  if (sanitized) {
54129
54129
  const candidatePaths = [
54130
- path33.join(__dirname, "output", sanitized, "template.liquid"),
54130
+ path29.join(__dirname, "output", sanitized, "template.liquid"),
54131
54131
  // bundled: dist/output/
54132
- path33.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
54132
+ path29.join(__dirname, "..", "..", "output", sanitized, "template.liquid"),
54133
54133
  // source (from state-machine/states)
54134
- path33.join(__dirname, "..", "..", "..", "output", sanitized, "template.liquid"),
54134
+ path29.join(__dirname, "..", "..", "..", "output", sanitized, "template.liquid"),
54135
54135
  // source (alternate)
54136
- path33.join(process.cwd(), "output", sanitized, "template.liquid"),
54136
+ path29.join(process.cwd(), "output", sanitized, "template.liquid"),
54137
54137
  // fallback: cwd/output/
54138
- path33.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
54138
+ path29.join(process.cwd(), "dist", "output", sanitized, "template.liquid")
54139
54139
  // fallback: cwd/dist/output/
54140
54140
  ];
54141
54141
  for (const p of candidatePaths) {
54142
54142
  try {
54143
- templateContent = await fs29.readFile(p, "utf-8");
54143
+ templateContent = await fs25.readFile(p, "utf-8");
54144
54144
  if (templateContent) {
54145
54145
  logger.debug(`[LevelDispatch] Using schema template for ${checkId}: ${p}`);
54146
54146
  break;
@@ -56280,8 +56280,8 @@ var init_workspace_manager = __esm({
56280
56280
  );
56281
56281
  if (this.cleanupRequested && this.activeOperations === 0) {
56282
56282
  logger.debug(`[Workspace] All references released, proceeding with deferred cleanup`);
56283
- for (const resolve19 of this.cleanupResolvers) {
56284
- resolve19();
56283
+ for (const resolve15 of this.cleanupResolvers) {
56284
+ resolve15();
56285
56285
  }
56286
56286
  this.cleanupResolvers = [];
56287
56287
  }
@@ -56460,19 +56460,19 @@ var init_workspace_manager = __esm({
56460
56460
  );
56461
56461
  this.cleanupRequested = true;
56462
56462
  await Promise.race([
56463
- new Promise((resolve19) => {
56463
+ new Promise((resolve15) => {
56464
56464
  if (this.activeOperations === 0) {
56465
- resolve19();
56465
+ resolve15();
56466
56466
  } else {
56467
- this.cleanupResolvers.push(resolve19);
56467
+ this.cleanupResolvers.push(resolve15);
56468
56468
  }
56469
56469
  }),
56470
- new Promise((resolve19) => {
56470
+ new Promise((resolve15) => {
56471
56471
  setTimeout(() => {
56472
56472
  logger.warn(
56473
56473
  `[Workspace] Cleanup timeout after ${timeout}ms, proceeding anyway (${this.activeOperations} operations still active)`
56474
56474
  );
56475
- resolve19();
56475
+ resolve15();
56476
56476
  }, timeout);
56477
56477
  })
56478
56478
  ]);
@@ -56866,8 +56866,8 @@ var init_fair_concurrency_limiter = __esm({
56866
56866
  );
56867
56867
  const queuedAt = Date.now();
56868
56868
  const effectiveTimeout = queueTimeout ?? 12e4;
56869
- return new Promise((resolve19, reject) => {
56870
- const entry = { resolve: resolve19, reject, queuedAt };
56869
+ return new Promise((resolve15, reject) => {
56870
+ const entry = { resolve: resolve15, reject, queuedAt };
56871
56871
  entry.reminder = setInterval(() => {
56872
56872
  const waited = Math.round((Date.now() - queuedAt) / 1e3);
56873
56873
  const curQueued = this._totalQueued();
@@ -57174,1380 +57174,6 @@ var init_build_engine_context = __esm({
57174
57174
  }
57175
57175
  });
57176
57176
 
57177
- // src/policy/default-engine.ts
57178
- var DefaultPolicyEngine;
57179
- var init_default_engine = __esm({
57180
- "src/policy/default-engine.ts"() {
57181
- "use strict";
57182
- DefaultPolicyEngine = class {
57183
- async initialize(_config) {
57184
- }
57185
- async evaluateCheckExecution(_checkId, _checkConfig) {
57186
- return { allowed: true };
57187
- }
57188
- async evaluateToolInvocation(_serverName, _methodName, _transport) {
57189
- return { allowed: true };
57190
- }
57191
- async evaluateCapabilities(_checkId, _capabilities) {
57192
- return { allowed: true };
57193
- }
57194
- async shutdown() {
57195
- }
57196
- };
57197
- }
57198
- });
57199
-
57200
- // src/enterprise/license/validator.ts
57201
- var validator_exports = {};
57202
- __export(validator_exports, {
57203
- LicenseValidator: () => LicenseValidator
57204
- });
57205
- var crypto3, fs21, path26, LicenseValidator;
57206
- var init_validator = __esm({
57207
- "src/enterprise/license/validator.ts"() {
57208
- "use strict";
57209
- crypto3 = __toESM(require("crypto"));
57210
- fs21 = __toESM(require("fs"));
57211
- path26 = __toESM(require("path"));
57212
- LicenseValidator = class _LicenseValidator {
57213
- /** Ed25519 public key for license verification (PEM format). */
57214
- static PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAI/Zd08EFmgIdrDm/HXd0l3/5GBt7R1PrdvhdmEXhJlU=\n-----END PUBLIC KEY-----\n";
57215
- cache = null;
57216
- static CACHE_TTL = 5 * 60 * 1e3;
57217
- // 5 minutes
57218
- static GRACE_PERIOD = 72 * 3600 * 1e3;
57219
- // 72 hours after expiry
57220
- /**
57221
- * Load and validate license from environment or file.
57222
- *
57223
- * Resolution order:
57224
- * 1. VISOR_LICENSE env var (JWT string)
57225
- * 2. VISOR_LICENSE_FILE env var (path to file)
57226
- * 3. .visor-license in project root (cwd)
57227
- * 4. .visor-license in ~/.config/visor/
57228
- */
57229
- async loadAndValidate() {
57230
- if (this.cache && Date.now() - this.cache.validatedAt < _LicenseValidator.CACHE_TTL) {
57231
- return this.cache.payload;
57232
- }
57233
- const token = this.resolveToken();
57234
- if (!token) return null;
57235
- const payload = this.verifyAndDecode(token);
57236
- if (!payload) return null;
57237
- this.cache = { payload, validatedAt: Date.now() };
57238
- return payload;
57239
- }
57240
- /** Check if a specific feature is licensed */
57241
- hasFeature(feature) {
57242
- if (!this.cache) return false;
57243
- return this.cache.payload.features.includes(feature);
57244
- }
57245
- /** Check if license is valid (with grace period) */
57246
- isValid() {
57247
- if (!this.cache) return false;
57248
- const now = Date.now();
57249
- const expiryMs = this.cache.payload.exp * 1e3;
57250
- return now < expiryMs + _LicenseValidator.GRACE_PERIOD;
57251
- }
57252
- /** Check if the license is within its grace period (expired but still valid) */
57253
- isInGracePeriod() {
57254
- if (!this.cache) return false;
57255
- const now = Date.now();
57256
- const expiryMs = this.cache.payload.exp * 1e3;
57257
- return now >= expiryMs && now < expiryMs + _LicenseValidator.GRACE_PERIOD;
57258
- }
57259
- resolveToken() {
57260
- if (process.env.VISOR_LICENSE) {
57261
- return process.env.VISOR_LICENSE.trim();
57262
- }
57263
- if (process.env.VISOR_LICENSE_FILE) {
57264
- const resolved = path26.resolve(process.env.VISOR_LICENSE_FILE);
57265
- const home2 = process.env.HOME || process.env.USERPROFILE || "";
57266
- const allowedPrefixes = [path26.normalize(process.cwd())];
57267
- if (home2) allowedPrefixes.push(path26.normalize(path26.join(home2, ".config", "visor")));
57268
- let realPath;
57269
- try {
57270
- realPath = fs21.realpathSync(resolved);
57271
- } catch {
57272
- return null;
57273
- }
57274
- const isSafe = allowedPrefixes.some(
57275
- (prefix) => realPath === prefix || realPath.startsWith(prefix + path26.sep)
57276
- );
57277
- if (!isSafe) return null;
57278
- return this.readFile(realPath);
57279
- }
57280
- const cwdPath = path26.join(process.cwd(), ".visor-license");
57281
- const cwdToken = this.readFile(cwdPath);
57282
- if (cwdToken) return cwdToken;
57283
- const home = process.env.HOME || process.env.USERPROFILE || "";
57284
- if (home) {
57285
- const configPath = path26.join(home, ".config", "visor", ".visor-license");
57286
- const configToken = this.readFile(configPath);
57287
- if (configToken) return configToken;
57288
- }
57289
- return null;
57290
- }
57291
- readFile(filePath) {
57292
- try {
57293
- return fs21.readFileSync(filePath, "utf-8").trim();
57294
- } catch {
57295
- return null;
57296
- }
57297
- }
57298
- verifyAndDecode(token) {
57299
- try {
57300
- const parts = token.split(".");
57301
- if (parts.length !== 3) return null;
57302
- const [headerB64, payloadB64, signatureB64] = parts;
57303
- const header = JSON.parse(Buffer.from(headerB64, "base64url").toString());
57304
- if (header.alg !== "EdDSA") return null;
57305
- const data = `${headerB64}.${payloadB64}`;
57306
- const signature = Buffer.from(signatureB64, "base64url");
57307
- const publicKey = crypto3.createPublicKey(_LicenseValidator.PUBLIC_KEY);
57308
- if (publicKey.asymmetricKeyType !== "ed25519") {
57309
- return null;
57310
- }
57311
- const isValid = crypto3.verify(null, Buffer.from(data), publicKey, signature);
57312
- if (!isValid) return null;
57313
- const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
57314
- if (!payload.org || !Array.isArray(payload.features) || typeof payload.exp !== "number" || typeof payload.iat !== "number" || !payload.sub) {
57315
- return null;
57316
- }
57317
- const now = Date.now();
57318
- const expiryMs = payload.exp * 1e3;
57319
- if (now >= expiryMs + _LicenseValidator.GRACE_PERIOD) {
57320
- return null;
57321
- }
57322
- return payload;
57323
- } catch {
57324
- return null;
57325
- }
57326
- }
57327
- };
57328
- }
57329
- });
57330
-
57331
- // src/enterprise/policy/opa-compiler.ts
57332
- var fs22, path27, os2, crypto4, import_child_process8, OpaCompiler;
57333
- var init_opa_compiler = __esm({
57334
- "src/enterprise/policy/opa-compiler.ts"() {
57335
- "use strict";
57336
- fs22 = __toESM(require("fs"));
57337
- path27 = __toESM(require("path"));
57338
- os2 = __toESM(require("os"));
57339
- crypto4 = __toESM(require("crypto"));
57340
- import_child_process8 = require("child_process");
57341
- OpaCompiler = class _OpaCompiler {
57342
- static CACHE_DIR = path27.join(os2.tmpdir(), "visor-opa-cache");
57343
- /**
57344
- * Resolve the input paths to WASM bytes.
57345
- *
57346
- * Strategy:
57347
- * 1. If any path is a .wasm file, read it directly
57348
- * 2. If a directory contains policy.wasm, read it
57349
- * 3. Otherwise, collect all .rego files and auto-compile via `opa build`
57350
- */
57351
- async resolveWasmBytes(paths) {
57352
- const regoFiles = [];
57353
- for (const p of paths) {
57354
- const resolved = path27.resolve(p);
57355
- if (path27.normalize(resolved).includes("..")) {
57356
- throw new Error(`Policy path contains traversal sequences: ${p}`);
57357
- }
57358
- if (resolved.endsWith(".wasm") && fs22.existsSync(resolved)) {
57359
- return fs22.readFileSync(resolved);
57360
- }
57361
- if (!fs22.existsSync(resolved)) continue;
57362
- const stat2 = fs22.statSync(resolved);
57363
- if (stat2.isDirectory()) {
57364
- const wasmCandidate = path27.join(resolved, "policy.wasm");
57365
- if (fs22.existsSync(wasmCandidate)) {
57366
- return fs22.readFileSync(wasmCandidate);
57367
- }
57368
- const files = fs22.readdirSync(resolved);
57369
- for (const f of files) {
57370
- if (f.endsWith(".rego")) {
57371
- regoFiles.push(path27.join(resolved, f));
57372
- }
57373
- }
57374
- } else if (resolved.endsWith(".rego")) {
57375
- regoFiles.push(resolved);
57376
- }
57377
- }
57378
- if (regoFiles.length === 0) {
57379
- throw new Error(
57380
- `OPA WASM evaluator: no .wasm bundle or .rego files found in: ${paths.join(", ")}`
57381
- );
57382
- }
57383
- return this.compileRego(regoFiles);
57384
- }
57385
- /**
57386
- * Auto-compile .rego files to a WASM bundle using the `opa` CLI.
57387
- *
57388
- * Caches the compiled bundle based on a content hash of all input .rego files
57389
- * so subsequent runs skip compilation if policies haven't changed.
57390
- */
57391
- compileRego(regoFiles) {
57392
- try {
57393
- (0, import_child_process8.execFileSync)("opa", ["version"], { stdio: "pipe" });
57394
- } catch {
57395
- throw new Error(
57396
- "OPA CLI (`opa`) not found on PATH. Install it from https://www.openpolicyagent.org/docs/latest/#running-opa\nOr pre-compile your .rego files: opa build -t wasm -e visor -o bundle.tar.gz " + regoFiles.join(" ")
57397
- );
57398
- }
57399
- const hash = crypto4.createHash("sha256");
57400
- for (const f of regoFiles.sort()) {
57401
- hash.update(fs22.readFileSync(f));
57402
- hash.update(f);
57403
- }
57404
- const cacheKey = hash.digest("hex").slice(0, 16);
57405
- const cacheDir = _OpaCompiler.CACHE_DIR;
57406
- const cachedWasm = path27.join(cacheDir, `${cacheKey}.wasm`);
57407
- if (fs22.existsSync(cachedWasm)) {
57408
- return fs22.readFileSync(cachedWasm);
57409
- }
57410
- fs22.mkdirSync(cacheDir, { recursive: true });
57411
- const bundleTar = path27.join(cacheDir, `${cacheKey}-bundle.tar.gz`);
57412
- try {
57413
- const args = [
57414
- "build",
57415
- "-t",
57416
- "wasm",
57417
- "-e",
57418
- "visor",
57419
- // entrypoint: the visor package tree
57420
- "-o",
57421
- bundleTar,
57422
- ...regoFiles
57423
- ];
57424
- (0, import_child_process8.execFileSync)("opa", args, {
57425
- stdio: "pipe",
57426
- timeout: 3e4
57427
- });
57428
- } catch (err) {
57429
- const stderr = err?.stderr?.toString() || "";
57430
- throw new Error(
57431
- `Failed to compile .rego files to WASM:
57432
- ${stderr}
57433
- Ensure your .rego files are valid and the \`opa\` CLI is installed.`
57434
- );
57435
- }
57436
- try {
57437
- (0, import_child_process8.execFileSync)("tar", ["-xzf", bundleTar, "-C", cacheDir, "/policy.wasm"], {
57438
- stdio: "pipe"
57439
- });
57440
- const extractedWasm = path27.join(cacheDir, "policy.wasm");
57441
- if (fs22.existsSync(extractedWasm)) {
57442
- fs22.renameSync(extractedWasm, cachedWasm);
57443
- }
57444
- } catch {
57445
- try {
57446
- (0, import_child_process8.execFileSync)("tar", ["-xzf", bundleTar, "-C", cacheDir, "policy.wasm"], {
57447
- stdio: "pipe"
57448
- });
57449
- const extractedWasm = path27.join(cacheDir, "policy.wasm");
57450
- if (fs22.existsSync(extractedWasm)) {
57451
- fs22.renameSync(extractedWasm, cachedWasm);
57452
- }
57453
- } catch (err2) {
57454
- throw new Error(`Failed to extract policy.wasm from OPA bundle: ${err2?.message || err2}`);
57455
- }
57456
- }
57457
- try {
57458
- fs22.unlinkSync(bundleTar);
57459
- } catch {
57460
- }
57461
- if (!fs22.existsSync(cachedWasm)) {
57462
- throw new Error("OPA build succeeded but policy.wasm was not found in the bundle");
57463
- }
57464
- return fs22.readFileSync(cachedWasm);
57465
- }
57466
- };
57467
- }
57468
- });
57469
-
57470
- // src/enterprise/policy/opa-wasm-evaluator.ts
57471
- var fs23, path28, OpaWasmEvaluator;
57472
- var init_opa_wasm_evaluator = __esm({
57473
- "src/enterprise/policy/opa-wasm-evaluator.ts"() {
57474
- "use strict";
57475
- fs23 = __toESM(require("fs"));
57476
- path28 = __toESM(require("path"));
57477
- init_opa_compiler();
57478
- OpaWasmEvaluator = class {
57479
- policy = null;
57480
- dataDocument = {};
57481
- compiler = new OpaCompiler();
57482
- async initialize(rulesPath) {
57483
- const paths = Array.isArray(rulesPath) ? rulesPath : [rulesPath];
57484
- const wasmBytes = await this.compiler.resolveWasmBytes(paths);
57485
- try {
57486
- const { createRequire } = require("module");
57487
- const runtimeRequire = createRequire(__filename);
57488
- const opaWasm = runtimeRequire("@open-policy-agent/opa-wasm");
57489
- const loadPolicy = opaWasm.loadPolicy || opaWasm.default?.loadPolicy;
57490
- if (!loadPolicy) {
57491
- throw new Error("loadPolicy not found in @open-policy-agent/opa-wasm");
57492
- }
57493
- this.policy = await loadPolicy(wasmBytes);
57494
- } catch (err) {
57495
- if (err?.code === "MODULE_NOT_FOUND" || err?.code === "ERR_MODULE_NOT_FOUND") {
57496
- throw new Error(
57497
- "OPA WASM evaluator requires @open-policy-agent/opa-wasm. Install it with: npm install @open-policy-agent/opa-wasm"
57498
- );
57499
- }
57500
- throw err;
57501
- }
57502
- }
57503
- /**
57504
- * Load external data from a JSON file to use as the OPA data document.
57505
- * The loaded data will be passed to `policy.setData()` during evaluation,
57506
- * making it available in Rego via `data.<key>`.
57507
- */
57508
- loadData(dataPath) {
57509
- const resolved = path28.resolve(dataPath);
57510
- if (path28.normalize(resolved).includes("..")) {
57511
- throw new Error(`Data path contains traversal sequences: ${dataPath}`);
57512
- }
57513
- if (!fs23.existsSync(resolved)) {
57514
- throw new Error(`OPA data file not found: ${resolved}`);
57515
- }
57516
- const stat2 = fs23.statSync(resolved);
57517
- if (stat2.size > 10 * 1024 * 1024) {
57518
- throw new Error(`OPA data file exceeds 10MB limit: ${resolved} (${stat2.size} bytes)`);
57519
- }
57520
- const raw = fs23.readFileSync(resolved, "utf-8");
57521
- try {
57522
- const parsed = JSON.parse(raw);
57523
- if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
57524
- throw new Error("OPA data file must contain a JSON object (not an array or primitive)");
57525
- }
57526
- this.dataDocument = parsed;
57527
- } catch (err) {
57528
- if (err.message.startsWith("OPA data file must")) {
57529
- throw err;
57530
- }
57531
- throw new Error(`Failed to parse OPA data file ${resolved}: ${err.message}`);
57532
- }
57533
- }
57534
- async evaluate(input) {
57535
- if (!this.policy) {
57536
- throw new Error("OPA WASM evaluator not initialized");
57537
- }
57538
- this.policy.setData(this.dataDocument);
57539
- const resultSet = this.policy.evaluate(input);
57540
- if (Array.isArray(resultSet) && resultSet.length > 0) {
57541
- return resultSet[0].result;
57542
- }
57543
- return void 0;
57544
- }
57545
- async shutdown() {
57546
- if (this.policy) {
57547
- if (typeof this.policy.close === "function") {
57548
- try {
57549
- this.policy.close();
57550
- } catch {
57551
- }
57552
- } else if (typeof this.policy.free === "function") {
57553
- try {
57554
- this.policy.free();
57555
- } catch {
57556
- }
57557
- }
57558
- }
57559
- this.policy = null;
57560
- }
57561
- };
57562
- }
57563
- });
57564
-
57565
- // src/enterprise/policy/opa-http-evaluator.ts
57566
- var OpaHttpEvaluator;
57567
- var init_opa_http_evaluator = __esm({
57568
- "src/enterprise/policy/opa-http-evaluator.ts"() {
57569
- "use strict";
57570
- OpaHttpEvaluator = class {
57571
- baseUrl;
57572
- timeout;
57573
- constructor(baseUrl, timeout = 5e3) {
57574
- let parsed;
57575
- try {
57576
- parsed = new URL(baseUrl);
57577
- } catch {
57578
- throw new Error(`OPA HTTP evaluator: invalid URL: ${baseUrl}`);
57579
- }
57580
- if (!["http:", "https:"].includes(parsed.protocol)) {
57581
- throw new Error(
57582
- `OPA HTTP evaluator: url must use http:// or https:// protocol, got: ${baseUrl}`
57583
- );
57584
- }
57585
- const hostname = parsed.hostname;
57586
- if (this.isBlockedHostname(hostname)) {
57587
- throw new Error(
57588
- `OPA HTTP evaluator: url must not point to internal, loopback, or private network addresses`
57589
- );
57590
- }
57591
- this.baseUrl = baseUrl.replace(/\/+$/, "");
57592
- this.timeout = timeout;
57593
- }
57594
- /**
57595
- * Check if a hostname is blocked due to SSRF concerns.
57596
- *
57597
- * Blocks:
57598
- * - Loopback addresses (127.x.x.x, localhost, 0.0.0.0, ::1)
57599
- * - Link-local addresses (169.254.x.x)
57600
- * - Private networks (10.x.x.x, 172.16-31.x.x, 192.168.x.x)
57601
- * - IPv6 unique local addresses (fd00::/8)
57602
- * - Cloud metadata services (*.internal)
57603
- */
57604
- isBlockedHostname(hostname) {
57605
- if (!hostname) return true;
57606
- const normalized = hostname.toLowerCase().replace(/^\[|\]$/g, "");
57607
- if (normalized === "metadata.google.internal" || normalized.endsWith(".internal")) {
57608
- return true;
57609
- }
57610
- if (normalized === "localhost" || normalized === "localhost.localdomain") {
57611
- return true;
57612
- }
57613
- if (normalized === "::1" || normalized === "0:0:0:0:0:0:0:1") {
57614
- return true;
57615
- }
57616
- const ipv4Pattern = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
57617
- const ipv4Match = normalized.match(ipv4Pattern);
57618
- if (ipv4Match) {
57619
- const octets = ipv4Match.slice(1, 5).map(Number);
57620
- if (octets.some((octet) => octet > 255)) {
57621
- return false;
57622
- }
57623
- const [a, b] = octets;
57624
- if (a === 127) {
57625
- return true;
57626
- }
57627
- if (a === 0) {
57628
- return true;
57629
- }
57630
- if (a === 169 && b === 254) {
57631
- return true;
57632
- }
57633
- if (a === 10) {
57634
- return true;
57635
- }
57636
- if (a === 172 && b >= 16 && b <= 31) {
57637
- return true;
57638
- }
57639
- if (a === 192 && b === 168) {
57640
- return true;
57641
- }
57642
- }
57643
- if (normalized.startsWith("fd") || normalized.startsWith("fc")) {
57644
- return true;
57645
- }
57646
- if (normalized.startsWith("fe80:")) {
57647
- return true;
57648
- }
57649
- return false;
57650
- }
57651
- /**
57652
- * Evaluate a policy rule against an input document via OPA REST API.
57653
- *
57654
- * @param input - The input document to evaluate
57655
- * @param rulePath - OPA rule path (e.g., 'visor/check/execute')
57656
- * @returns The result object from OPA, or undefined on error
57657
- */
57658
- async evaluate(input, rulePath) {
57659
- const encodedPath = rulePath.split("/").map((s) => encodeURIComponent(s)).join("/");
57660
- const url = `${this.baseUrl}/v1/data/${encodedPath}`;
57661
- const controller = new AbortController();
57662
- const timer = setTimeout(() => controller.abort(), this.timeout);
57663
- try {
57664
- const response = await fetch(url, {
57665
- method: "POST",
57666
- headers: { "Content-Type": "application/json" },
57667
- body: JSON.stringify({ input }),
57668
- signal: controller.signal
57669
- });
57670
- if (!response.ok) {
57671
- throw new Error(`OPA HTTP ${response.status}: ${response.statusText}`);
57672
- }
57673
- let body;
57674
- try {
57675
- body = await response.json();
57676
- } catch (jsonErr) {
57677
- throw new Error(
57678
- `OPA HTTP evaluator: failed to parse JSON response: ${jsonErr instanceof Error ? jsonErr.message : String(jsonErr)}`
57679
- );
57680
- }
57681
- return body?.result;
57682
- } finally {
57683
- clearTimeout(timer);
57684
- }
57685
- }
57686
- async shutdown() {
57687
- }
57688
- };
57689
- }
57690
- });
57691
-
57692
- // src/enterprise/policy/policy-input-builder.ts
57693
- var PolicyInputBuilder;
57694
- var init_policy_input_builder = __esm({
57695
- "src/enterprise/policy/policy-input-builder.ts"() {
57696
- "use strict";
57697
- PolicyInputBuilder = class {
57698
- roles;
57699
- actor;
57700
- repository;
57701
- pullRequest;
57702
- constructor(policyConfig, actor, repository, pullRequest) {
57703
- this.roles = policyConfig.roles || {};
57704
- this.actor = actor;
57705
- this.repository = repository;
57706
- this.pullRequest = pullRequest;
57707
- }
57708
- /** Resolve which roles apply to the current actor. */
57709
- resolveRoles() {
57710
- const matched = [];
57711
- for (const [roleName, roleConfig] of Object.entries(this.roles)) {
57712
- let identityMatch = false;
57713
- if (roleConfig.author_association && this.actor.authorAssociation && roleConfig.author_association.includes(this.actor.authorAssociation)) {
57714
- identityMatch = true;
57715
- }
57716
- if (!identityMatch && roleConfig.users && this.actor.login && roleConfig.users.includes(this.actor.login)) {
57717
- identityMatch = true;
57718
- }
57719
- if (!identityMatch && roleConfig.slack_users && this.actor.slack?.userId && roleConfig.slack_users.includes(this.actor.slack.userId)) {
57720
- identityMatch = true;
57721
- }
57722
- if (!identityMatch && roleConfig.emails && this.actor.slack?.email) {
57723
- const actorEmail = this.actor.slack.email.toLowerCase();
57724
- if (roleConfig.emails.some((e) => e.toLowerCase() === actorEmail)) {
57725
- identityMatch = true;
57726
- }
57727
- }
57728
- if (!identityMatch) continue;
57729
- if (roleConfig.slack_channels && roleConfig.slack_channels.length > 0) {
57730
- if (!this.actor.slack?.channelId || !roleConfig.slack_channels.includes(this.actor.slack.channelId)) {
57731
- continue;
57732
- }
57733
- }
57734
- matched.push(roleName);
57735
- }
57736
- return matched;
57737
- }
57738
- buildActor() {
57739
- return {
57740
- authorAssociation: this.actor.authorAssociation,
57741
- login: this.actor.login,
57742
- roles: this.resolveRoles(),
57743
- isLocalMode: this.actor.isLocalMode,
57744
- ...this.actor.slack && { slack: this.actor.slack }
57745
- };
57746
- }
57747
- forCheckExecution(check) {
57748
- return {
57749
- scope: "check.execute",
57750
- check: {
57751
- id: check.id,
57752
- type: check.type,
57753
- group: check.group,
57754
- tags: check.tags,
57755
- criticality: check.criticality,
57756
- sandbox: check.sandbox,
57757
- policy: check.policy
57758
- },
57759
- actor: this.buildActor(),
57760
- repository: this.repository,
57761
- pullRequest: this.pullRequest
57762
- };
57763
- }
57764
- forToolInvocation(serverName, methodName, transport) {
57765
- return {
57766
- scope: "tool.invoke",
57767
- tool: { serverName, methodName, transport },
57768
- actor: this.buildActor(),
57769
- repository: this.repository,
57770
- pullRequest: this.pullRequest
57771
- };
57772
- }
57773
- forCapabilityResolve(checkId, capabilities) {
57774
- return {
57775
- scope: "capability.resolve",
57776
- check: { id: checkId, type: "ai" },
57777
- capability: capabilities,
57778
- actor: this.buildActor(),
57779
- repository: this.repository,
57780
- pullRequest: this.pullRequest
57781
- };
57782
- }
57783
- };
57784
- }
57785
- });
57786
-
57787
- // src/enterprise/policy/opa-policy-engine.ts
57788
- var opa_policy_engine_exports = {};
57789
- __export(opa_policy_engine_exports, {
57790
- OpaPolicyEngine: () => OpaPolicyEngine
57791
- });
57792
- var OpaPolicyEngine;
57793
- var init_opa_policy_engine = __esm({
57794
- "src/enterprise/policy/opa-policy-engine.ts"() {
57795
- "use strict";
57796
- init_opa_wasm_evaluator();
57797
- init_opa_http_evaluator();
57798
- init_policy_input_builder();
57799
- OpaPolicyEngine = class {
57800
- evaluator = null;
57801
- fallback;
57802
- timeout;
57803
- config;
57804
- inputBuilder = null;
57805
- logger = null;
57806
- constructor(config) {
57807
- this.config = config;
57808
- this.fallback = config.fallback || "deny";
57809
- this.timeout = config.timeout || 5e3;
57810
- }
57811
- async initialize(config) {
57812
- try {
57813
- this.logger = (init_logger(), __toCommonJS(logger_exports)).logger;
57814
- } catch {
57815
- }
57816
- const actor = {
57817
- authorAssociation: process.env.VISOR_AUTHOR_ASSOCIATION,
57818
- login: process.env.VISOR_AUTHOR_LOGIN || process.env.GITHUB_ACTOR,
57819
- isLocalMode: !process.env.GITHUB_ACTIONS
57820
- };
57821
- const repo = {
57822
- owner: process.env.GITHUB_REPOSITORY_OWNER,
57823
- name: process.env.GITHUB_REPOSITORY?.split("/")[1],
57824
- branch: process.env.GITHUB_HEAD_REF,
57825
- baseBranch: process.env.GITHUB_BASE_REF,
57826
- event: process.env.GITHUB_EVENT_NAME
57827
- };
57828
- const prNum = process.env.GITHUB_PR_NUMBER ? parseInt(process.env.GITHUB_PR_NUMBER, 10) : void 0;
57829
- const pullRequest = {
57830
- number: prNum !== void 0 && Number.isFinite(prNum) ? prNum : void 0
57831
- };
57832
- this.inputBuilder = new PolicyInputBuilder(config, actor, repo, pullRequest);
57833
- if (config.engine === "local") {
57834
- if (!config.rules) {
57835
- throw new Error("OPA local mode requires `policy.rules` path to .wasm or .rego files");
57836
- }
57837
- const wasm = new OpaWasmEvaluator();
57838
- await wasm.initialize(config.rules);
57839
- if (config.data) {
57840
- wasm.loadData(config.data);
57841
- }
57842
- this.evaluator = wasm;
57843
- } else if (config.engine === "remote") {
57844
- if (!config.url) {
57845
- throw new Error("OPA remote mode requires `policy.url` pointing to OPA server");
57846
- }
57847
- this.evaluator = new OpaHttpEvaluator(config.url, this.timeout);
57848
- } else {
57849
- this.evaluator = null;
57850
- }
57851
- }
57852
- /**
57853
- * Update actor/repo/PR context (e.g., after PR info becomes available).
57854
- * Called by the enterprise loader when engine context is enriched.
57855
- */
57856
- setActorContext(actor, repo, pullRequest) {
57857
- this.inputBuilder = new PolicyInputBuilder(this.config, actor, repo, pullRequest);
57858
- }
57859
- async evaluateCheckExecution(checkId, checkConfig) {
57860
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57861
- const cfg = checkConfig && typeof checkConfig === "object" ? checkConfig : {};
57862
- const policyOverride = cfg.policy;
57863
- const input = this.inputBuilder.forCheckExecution({
57864
- id: checkId,
57865
- type: cfg.type || "ai",
57866
- group: cfg.group,
57867
- tags: cfg.tags,
57868
- criticality: cfg.criticality,
57869
- sandbox: cfg.sandbox,
57870
- policy: policyOverride
57871
- });
57872
- return this.doEvaluate(input, this.resolveRulePath("check.execute", policyOverride?.rule));
57873
- }
57874
- async evaluateToolInvocation(serverName, methodName, transport) {
57875
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57876
- const input = this.inputBuilder.forToolInvocation(serverName, methodName, transport);
57877
- return this.doEvaluate(input, "visor/tool/invoke");
57878
- }
57879
- async evaluateCapabilities(checkId, capabilities) {
57880
- if (!this.evaluator || !this.inputBuilder) return { allowed: true };
57881
- const input = this.inputBuilder.forCapabilityResolve(checkId, capabilities);
57882
- return this.doEvaluate(input, "visor/capability/resolve");
57883
- }
57884
- async shutdown() {
57885
- if (this.evaluator && "shutdown" in this.evaluator) {
57886
- await this.evaluator.shutdown();
57887
- }
57888
- this.evaluator = null;
57889
- this.inputBuilder = null;
57890
- }
57891
- resolveRulePath(defaultScope, override) {
57892
- if (override) {
57893
- return override.startsWith("visor/") ? override : `visor/${override}`;
57894
- }
57895
- return `visor/${defaultScope.replace(/\./g, "/")}`;
57896
- }
57897
- async doEvaluate(input, rulePath) {
57898
- try {
57899
- this.logger?.debug(`[PolicyEngine] Evaluating ${rulePath}`, JSON.stringify(input));
57900
- let timer;
57901
- const timeoutPromise = new Promise((_resolve, reject) => {
57902
- timer = setTimeout(() => reject(new Error("policy evaluation timeout")), this.timeout);
57903
- });
57904
- try {
57905
- const result = await Promise.race([this.rawEvaluate(input, rulePath), timeoutPromise]);
57906
- const decision = this.parseDecision(result);
57907
- if (!decision.allowed && this.fallback === "warn") {
57908
- decision.allowed = true;
57909
- decision.warn = true;
57910
- decision.reason = `audit: ${decision.reason || "policy denied"}`;
57911
- }
57912
- this.logger?.debug(
57913
- `[PolicyEngine] Decision for ${rulePath}: allowed=${decision.allowed}, warn=${decision.warn || false}, reason=${decision.reason || "none"}`
57914
- );
57915
- return decision;
57916
- } finally {
57917
- if (timer) clearTimeout(timer);
57918
- }
57919
- } catch (err) {
57920
- const msg = err instanceof Error ? err.message : String(err);
57921
- this.logger?.warn(`[PolicyEngine] Evaluation failed for ${rulePath}: ${msg}`);
57922
- return {
57923
- allowed: this.fallback === "allow" || this.fallback === "warn",
57924
- warn: this.fallback === "warn" ? true : void 0,
57925
- reason: `policy evaluation failed, fallback=${this.fallback}`
57926
- };
57927
- }
57928
- }
57929
- async rawEvaluate(input, rulePath) {
57930
- if (this.evaluator instanceof OpaWasmEvaluator) {
57931
- const result = await this.evaluator.evaluate(input);
57932
- return this.navigateWasmResult(result, rulePath);
57933
- }
57934
- return this.evaluator.evaluate(input, rulePath);
57935
- }
57936
- /**
57937
- * Navigate nested OPA WASM result tree to reach the specific rule's output.
57938
- * The WASM entrypoint `-e visor` means the result root IS the visor package,
57939
- * so we strip the `visor/` prefix and walk the remaining segments.
57940
- */
57941
- navigateWasmResult(result, rulePath) {
57942
- if (!result || typeof result !== "object") return result;
57943
- const segments = rulePath.replace(/^visor\//, "").split("/");
57944
- let current = result;
57945
- for (const seg of segments) {
57946
- if (current && typeof current === "object" && seg in current) {
57947
- current = current[seg];
57948
- } else {
57949
- return void 0;
57950
- }
57951
- }
57952
- return current;
57953
- }
57954
- parseDecision(result) {
57955
- if (result === void 0 || result === null) {
57956
- return {
57957
- allowed: this.fallback === "allow" || this.fallback === "warn",
57958
- warn: this.fallback === "warn" ? true : void 0,
57959
- reason: this.fallback === "warn" ? "audit: no policy result" : "no policy result"
57960
- };
57961
- }
57962
- const allowed = result.allowed !== false;
57963
- const decision = {
57964
- allowed,
57965
- reason: result.reason
57966
- };
57967
- if (result.capabilities) {
57968
- decision.capabilities = result.capabilities;
57969
- }
57970
- return decision;
57971
- }
57972
- };
57973
- }
57974
- });
57975
-
57976
- // src/enterprise/scheduler/knex-store.ts
57977
- var knex_store_exports = {};
57978
- __export(knex_store_exports, {
57979
- KnexStoreBackend: () => KnexStoreBackend
57980
- });
57981
- function toNum(val) {
57982
- if (val === null || val === void 0) return void 0;
57983
- return typeof val === "string" ? parseInt(val, 10) : val;
57984
- }
57985
- function safeJsonParse2(value) {
57986
- if (!value) return void 0;
57987
- try {
57988
- return JSON.parse(value);
57989
- } catch {
57990
- return void 0;
57991
- }
57992
- }
57993
- function fromTriggerRow2(row) {
57994
- return {
57995
- id: row.id,
57996
- creatorId: row.creator_id,
57997
- creatorContext: row.creator_context ?? void 0,
57998
- creatorName: row.creator_name ?? void 0,
57999
- description: row.description ?? void 0,
58000
- channels: safeJsonParse2(row.channels),
58001
- fromUsers: safeJsonParse2(row.from_users),
58002
- fromBots: row.from_bots === true || row.from_bots === 1,
58003
- contains: safeJsonParse2(row.contains),
58004
- matchPattern: row.match_pattern ?? void 0,
58005
- threads: row.threads,
58006
- workflow: row.workflow,
58007
- inputs: safeJsonParse2(row.inputs),
58008
- outputContext: safeJsonParse2(row.output_context),
58009
- status: row.status,
58010
- enabled: row.enabled === true || row.enabled === 1,
58011
- createdAt: toNum(row.created_at)
58012
- };
58013
- }
58014
- function toTriggerInsertRow(trigger) {
58015
- return {
58016
- id: trigger.id,
58017
- creator_id: trigger.creatorId,
58018
- creator_context: trigger.creatorContext ?? null,
58019
- creator_name: trigger.creatorName ?? null,
58020
- description: trigger.description ?? null,
58021
- channels: trigger.channels ? JSON.stringify(trigger.channels) : null,
58022
- from_users: trigger.fromUsers ? JSON.stringify(trigger.fromUsers) : null,
58023
- from_bots: trigger.fromBots,
58024
- contains: trigger.contains ? JSON.stringify(trigger.contains) : null,
58025
- match_pattern: trigger.matchPattern ?? null,
58026
- threads: trigger.threads,
58027
- workflow: trigger.workflow,
58028
- inputs: trigger.inputs ? JSON.stringify(trigger.inputs) : null,
58029
- output_context: trigger.outputContext ? JSON.stringify(trigger.outputContext) : null,
58030
- status: trigger.status,
58031
- enabled: trigger.enabled,
58032
- created_at: trigger.createdAt
58033
- };
58034
- }
58035
- function fromDbRow2(row) {
58036
- return {
58037
- id: row.id,
58038
- creatorId: row.creator_id,
58039
- creatorContext: row.creator_context ?? void 0,
58040
- creatorName: row.creator_name ?? void 0,
58041
- timezone: row.timezone,
58042
- schedule: row.schedule_expr,
58043
- runAt: toNum(row.run_at),
58044
- isRecurring: row.is_recurring === true || row.is_recurring === 1,
58045
- originalExpression: row.original_expression,
58046
- workflow: row.workflow ?? void 0,
58047
- workflowInputs: safeJsonParse2(row.workflow_inputs),
58048
- outputContext: safeJsonParse2(row.output_context),
58049
- status: row.status,
58050
- createdAt: toNum(row.created_at),
58051
- lastRunAt: toNum(row.last_run_at),
58052
- nextRunAt: toNum(row.next_run_at),
58053
- runCount: row.run_count,
58054
- failureCount: row.failure_count,
58055
- lastError: row.last_error ?? void 0,
58056
- previousResponse: row.previous_response ?? void 0
58057
- };
58058
- }
58059
- function toInsertRow(schedule) {
58060
- return {
58061
- id: schedule.id,
58062
- creator_id: schedule.creatorId,
58063
- creator_context: schedule.creatorContext ?? null,
58064
- creator_name: schedule.creatorName ?? null,
58065
- timezone: schedule.timezone,
58066
- schedule_expr: schedule.schedule,
58067
- run_at: schedule.runAt ?? null,
58068
- is_recurring: schedule.isRecurring,
58069
- original_expression: schedule.originalExpression,
58070
- workflow: schedule.workflow ?? null,
58071
- workflow_inputs: schedule.workflowInputs ? JSON.stringify(schedule.workflowInputs) : null,
58072
- output_context: schedule.outputContext ? JSON.stringify(schedule.outputContext) : null,
58073
- status: schedule.status,
58074
- created_at: schedule.createdAt,
58075
- last_run_at: schedule.lastRunAt ?? null,
58076
- next_run_at: schedule.nextRunAt ?? null,
58077
- run_count: schedule.runCount,
58078
- failure_count: schedule.failureCount,
58079
- last_error: schedule.lastError ?? null,
58080
- previous_response: schedule.previousResponse ?? null
58081
- };
58082
- }
58083
- var fs24, path29, import_uuid2, KnexStoreBackend;
58084
- var init_knex_store = __esm({
58085
- "src/enterprise/scheduler/knex-store.ts"() {
58086
- "use strict";
58087
- fs24 = __toESM(require("fs"));
58088
- path29 = __toESM(require("path"));
58089
- import_uuid2 = require("uuid");
58090
- init_logger();
58091
- KnexStoreBackend = class {
58092
- knex = null;
58093
- driver;
58094
- connection;
58095
- constructor(driver, storageConfig, _haConfig) {
58096
- this.driver = driver;
58097
- this.connection = storageConfig.connection || {};
58098
- }
58099
- async initialize() {
58100
- const { createRequire } = require("module");
58101
- const runtimeRequire = createRequire(__filename);
58102
- let knexFactory;
58103
- try {
58104
- knexFactory = runtimeRequire("knex");
58105
- } catch (err) {
58106
- const code = err?.code;
58107
- if (code === "MODULE_NOT_FOUND" || code === "ERR_MODULE_NOT_FOUND") {
58108
- throw new Error(
58109
- "knex is required for PostgreSQL/MySQL/MSSQL schedule storage. Install it with: npm install knex"
58110
- );
58111
- }
58112
- throw err;
58113
- }
58114
- const clientMap = {
58115
- postgresql: "pg",
58116
- mysql: "mysql2",
58117
- mssql: "tedious"
58118
- };
58119
- const client = clientMap[this.driver];
58120
- let connection;
58121
- if (this.connection.connection_string) {
58122
- connection = this.connection.connection_string;
58123
- } else if (this.driver === "mssql") {
58124
- connection = this.buildMssqlConnection();
58125
- } else {
58126
- connection = this.buildStandardConnection();
58127
- }
58128
- this.knex = knexFactory({
58129
- client,
58130
- connection,
58131
- pool: {
58132
- min: this.connection.pool?.min ?? 0,
58133
- max: this.connection.pool?.max ?? 10
58134
- }
58135
- });
58136
- await this.migrateSchema();
58137
- logger.info(`[KnexStore] Initialized (${this.driver})`);
58138
- }
58139
- buildStandardConnection() {
58140
- return {
58141
- host: this.connection.host || "localhost",
58142
- port: this.connection.port,
58143
- database: this.connection.database || "visor",
58144
- user: this.connection.user,
58145
- password: this.connection.password,
58146
- ssl: this.resolveSslConfig()
58147
- };
58148
- }
58149
- buildMssqlConnection() {
58150
- const ssl = this.connection.ssl;
58151
- const sslEnabled = ssl === true || typeof ssl === "object" && ssl.enabled !== false;
58152
- return {
58153
- server: this.connection.host || "localhost",
58154
- port: this.connection.port,
58155
- database: this.connection.database || "visor",
58156
- user: this.connection.user,
58157
- password: this.connection.password,
58158
- options: {
58159
- encrypt: sslEnabled,
58160
- trustServerCertificate: typeof ssl === "object" ? ssl.reject_unauthorized === false : !sslEnabled
58161
- }
58162
- };
58163
- }
58164
- resolveSslConfig() {
58165
- const ssl = this.connection.ssl;
58166
- if (ssl === false || ssl === void 0) return false;
58167
- if (ssl === true) return { rejectUnauthorized: true };
58168
- if (ssl.enabled === false) return false;
58169
- const result = {
58170
- rejectUnauthorized: ssl.reject_unauthorized !== false
58171
- };
58172
- if (ssl.ca) {
58173
- const caPath = this.validateSslPath(ssl.ca, "CA certificate");
58174
- result.ca = fs24.readFileSync(caPath, "utf8");
58175
- }
58176
- if (ssl.cert) {
58177
- const certPath = this.validateSslPath(ssl.cert, "client certificate");
58178
- result.cert = fs24.readFileSync(certPath, "utf8");
58179
- }
58180
- if (ssl.key) {
58181
- const keyPath = this.validateSslPath(ssl.key, "client key");
58182
- result.key = fs24.readFileSync(keyPath, "utf8");
58183
- }
58184
- return result;
58185
- }
58186
- validateSslPath(filePath, label) {
58187
- const resolved = path29.resolve(filePath);
58188
- if (resolved !== path29.normalize(resolved)) {
58189
- throw new Error(`SSL ${label} path contains invalid sequences: ${filePath}`);
58190
- }
58191
- if (!fs24.existsSync(resolved)) {
58192
- throw new Error(`SSL ${label} not found: ${filePath}`);
58193
- }
58194
- return resolved;
58195
- }
58196
- async shutdown() {
58197
- if (this.knex) {
58198
- await this.knex.destroy();
58199
- this.knex = null;
58200
- }
58201
- }
58202
- async migrateSchema() {
58203
- const knex = this.getKnex();
58204
- const exists = await knex.schema.hasTable("schedules");
58205
- if (!exists) {
58206
- await knex.schema.createTable("schedules", (table) => {
58207
- table.string("id", 36).primary();
58208
- table.string("creator_id", 255).notNullable().index();
58209
- table.string("creator_context", 255);
58210
- table.string("creator_name", 255);
58211
- table.string("timezone", 64).notNullable().defaultTo("UTC");
58212
- table.string("schedule_expr", 255);
58213
- table.bigInteger("run_at");
58214
- table.boolean("is_recurring").notNullable();
58215
- table.text("original_expression");
58216
- table.string("workflow", 255);
58217
- table.text("workflow_inputs");
58218
- table.text("output_context");
58219
- table.string("status", 20).notNullable().index();
58220
- table.bigInteger("created_at").notNullable();
58221
- table.bigInteger("last_run_at");
58222
- table.bigInteger("next_run_at");
58223
- table.integer("run_count").notNullable().defaultTo(0);
58224
- table.integer("failure_count").notNullable().defaultTo(0);
58225
- table.text("last_error");
58226
- table.text("previous_response");
58227
- table.index(["status", "next_run_at"]);
58228
- });
58229
- }
58230
- const triggersExist = await knex.schema.hasTable("message_triggers");
58231
- if (!triggersExist) {
58232
- await knex.schema.createTable("message_triggers", (table) => {
58233
- table.string("id", 36).primary();
58234
- table.string("creator_id", 255).notNullable().index();
58235
- table.string("creator_context", 255);
58236
- table.string("creator_name", 255);
58237
- table.text("description");
58238
- table.text("channels");
58239
- table.text("from_users");
58240
- table.boolean("from_bots").notNullable().defaultTo(false);
58241
- table.text("contains");
58242
- table.text("match_pattern");
58243
- table.string("threads", 20).notNullable().defaultTo("any");
58244
- table.string("workflow", 255).notNullable();
58245
- table.text("inputs");
58246
- table.text("output_context");
58247
- table.string("status", 20).notNullable().defaultTo("active").index();
58248
- table.boolean("enabled").notNullable().defaultTo(true);
58249
- table.bigInteger("created_at").notNullable();
58250
- });
58251
- }
58252
- const locksExist = await knex.schema.hasTable("scheduler_locks");
58253
- if (!locksExist) {
58254
- await knex.schema.createTable("scheduler_locks", (table) => {
58255
- table.string("lock_id", 255).primary();
58256
- table.string("node_id", 255).notNullable();
58257
- table.string("lock_token", 36).notNullable();
58258
- table.bigInteger("acquired_at").notNullable();
58259
- table.bigInteger("expires_at").notNullable();
58260
- });
58261
- }
58262
- }
58263
- getKnex() {
58264
- if (!this.knex) {
58265
- throw new Error("[KnexStore] Not initialized. Call initialize() first.");
58266
- }
58267
- return this.knex;
58268
- }
58269
- // --- CRUD ---
58270
- async create(schedule) {
58271
- const knex = this.getKnex();
58272
- const newSchedule = {
58273
- ...schedule,
58274
- id: (0, import_uuid2.v4)(),
58275
- createdAt: Date.now(),
58276
- runCount: 0,
58277
- failureCount: 0,
58278
- status: "active"
58279
- };
58280
- await knex("schedules").insert(toInsertRow(newSchedule));
58281
- logger.info(`[KnexStore] Created schedule ${newSchedule.id} for user ${newSchedule.creatorId}`);
58282
- return newSchedule;
58283
- }
58284
- async importSchedule(schedule) {
58285
- const knex = this.getKnex();
58286
- const existing = await knex("schedules").where("id", schedule.id).first();
58287
- if (existing) return;
58288
- await knex("schedules").insert(toInsertRow(schedule));
58289
- }
58290
- async get(id) {
58291
- const knex = this.getKnex();
58292
- const row = await knex("schedules").where("id", id).first();
58293
- return row ? fromDbRow2(row) : void 0;
58294
- }
58295
- async update(id, patch) {
58296
- const knex = this.getKnex();
58297
- const existing = await knex("schedules").where("id", id).first();
58298
- if (!existing) return void 0;
58299
- const current = fromDbRow2(existing);
58300
- const updated = { ...current, ...patch, id: current.id };
58301
- const row = toInsertRow(updated);
58302
- delete row.id;
58303
- await knex("schedules").where("id", id).update(row);
58304
- return updated;
58305
- }
58306
- async delete(id) {
58307
- const knex = this.getKnex();
58308
- const deleted = await knex("schedules").where("id", id).del();
58309
- if (deleted > 0) {
58310
- logger.info(`[KnexStore] Deleted schedule ${id}`);
58311
- return true;
58312
- }
58313
- return false;
58314
- }
58315
- // --- Queries ---
58316
- async getByCreator(creatorId) {
58317
- const knex = this.getKnex();
58318
- const rows = await knex("schedules").where("creator_id", creatorId);
58319
- return rows.map((r) => fromDbRow2(r));
58320
- }
58321
- async getActiveSchedules() {
58322
- const knex = this.getKnex();
58323
- const rows = await knex("schedules").where("status", "active");
58324
- return rows.map((r) => fromDbRow2(r));
58325
- }
58326
- async getDueSchedules(now) {
58327
- const ts = now ?? Date.now();
58328
- const knex = this.getKnex();
58329
- const bFalse = this.driver === "mssql" ? 0 : false;
58330
- const bTrue = this.driver === "mssql" ? 1 : true;
58331
- const rows = await knex("schedules").where("status", "active").andWhere(function() {
58332
- this.where(function() {
58333
- this.where("is_recurring", bFalse).whereNotNull("run_at").where("run_at", "<=", ts);
58334
- }).orWhere(function() {
58335
- this.where("is_recurring", bTrue).whereNotNull("next_run_at").where("next_run_at", "<=", ts);
58336
- });
58337
- });
58338
- return rows.map((r) => fromDbRow2(r));
58339
- }
58340
- async findByWorkflow(creatorId, workflowName) {
58341
- const knex = this.getKnex();
58342
- const escaped = workflowName.toLowerCase().replace(/[%_\\]/g, "\\$&");
58343
- const pattern = `%${escaped}%`;
58344
- const rows = await knex("schedules").where("creator_id", creatorId).where("status", "active").whereRaw("LOWER(workflow) LIKE ? ESCAPE '\\'", [pattern]);
58345
- return rows.map((r) => fromDbRow2(r));
58346
- }
58347
- async getAll() {
58348
- const knex = this.getKnex();
58349
- const rows = await knex("schedules");
58350
- return rows.map((r) => fromDbRow2(r));
58351
- }
58352
- async getStats() {
58353
- const knex = this.getKnex();
58354
- const boolTrue = this.driver === "mssql" ? "1" : "true";
58355
- const boolFalse = this.driver === "mssql" ? "0" : "false";
58356
- const result = await knex("schedules").select(
58357
- knex.raw("COUNT(*) as total"),
58358
- knex.raw("SUM(CASE WHEN status = 'active' THEN 1 ELSE 0 END) as active"),
58359
- knex.raw("SUM(CASE WHEN status = 'paused' THEN 1 ELSE 0 END) as paused"),
58360
- knex.raw("SUM(CASE WHEN status = 'completed' THEN 1 ELSE 0 END) as completed"),
58361
- knex.raw("SUM(CASE WHEN status = 'failed' THEN 1 ELSE 0 END) as failed"),
58362
- knex.raw(`SUM(CASE WHEN is_recurring = ${boolTrue} THEN 1 ELSE 0 END) as recurring`),
58363
- knex.raw(`SUM(CASE WHEN is_recurring = ${boolFalse} THEN 1 ELSE 0 END) as one_time`)
58364
- ).first();
58365
- return {
58366
- total: Number(result.total) || 0,
58367
- active: Number(result.active) || 0,
58368
- paused: Number(result.paused) || 0,
58369
- completed: Number(result.completed) || 0,
58370
- failed: Number(result.failed) || 0,
58371
- recurring: Number(result.recurring) || 0,
58372
- oneTime: Number(result.one_time) || 0
58373
- };
58374
- }
58375
- async validateLimits(creatorId, isRecurring, limits) {
58376
- const knex = this.getKnex();
58377
- if (limits.maxGlobal) {
58378
- const result = await knex("schedules").count("* as cnt").first();
58379
- if (Number(result?.cnt) >= limits.maxGlobal) {
58380
- throw new Error(`Global schedule limit reached (${limits.maxGlobal})`);
58381
- }
58382
- }
58383
- if (limits.maxPerUser) {
58384
- const result = await knex("schedules").where("creator_id", creatorId).count("* as cnt").first();
58385
- if (Number(result?.cnt) >= limits.maxPerUser) {
58386
- throw new Error(`You have reached the maximum number of schedules (${limits.maxPerUser})`);
58387
- }
58388
- }
58389
- if (isRecurring && limits.maxRecurringPerUser) {
58390
- const bTrue = this.driver === "mssql" ? 1 : true;
58391
- const result = await knex("schedules").where("creator_id", creatorId).where("is_recurring", bTrue).count("* as cnt").first();
58392
- if (Number(result?.cnt) >= limits.maxRecurringPerUser) {
58393
- throw new Error(
58394
- `You have reached the maximum number of recurring schedules (${limits.maxRecurringPerUser})`
58395
- );
58396
- }
58397
- }
58398
- }
58399
- // --- HA Distributed Locking (via scheduler_locks table) ---
58400
- async tryAcquireLock(lockId, nodeId, ttlSeconds) {
58401
- const knex = this.getKnex();
58402
- const now = Date.now();
58403
- const expiresAt = now + ttlSeconds * 1e3;
58404
- const token = (0, import_uuid2.v4)();
58405
- const updated = await knex("scheduler_locks").where("lock_id", lockId).where("expires_at", "<", now).update({
58406
- node_id: nodeId,
58407
- lock_token: token,
58408
- acquired_at: now,
58409
- expires_at: expiresAt
58410
- });
58411
- if (updated > 0) return token;
58412
- try {
58413
- await knex("scheduler_locks").insert({
58414
- lock_id: lockId,
58415
- node_id: nodeId,
58416
- lock_token: token,
58417
- acquired_at: now,
58418
- expires_at: expiresAt
58419
- });
58420
- return token;
58421
- } catch {
58422
- return null;
58423
- }
58424
- }
58425
- async releaseLock(lockId, lockToken) {
58426
- const knex = this.getKnex();
58427
- await knex("scheduler_locks").where("lock_id", lockId).where("lock_token", lockToken).del();
58428
- }
58429
- async renewLock(lockId, lockToken, ttlSeconds) {
58430
- const knex = this.getKnex();
58431
- const now = Date.now();
58432
- const expiresAt = now + ttlSeconds * 1e3;
58433
- const updated = await knex("scheduler_locks").where("lock_id", lockId).where("lock_token", lockToken).update({ acquired_at: now, expires_at: expiresAt });
58434
- return updated > 0;
58435
- }
58436
- async flush() {
58437
- }
58438
- // --- Message Trigger CRUD ---
58439
- async createTrigger(trigger) {
58440
- const knex = this.getKnex();
58441
- const newTrigger = {
58442
- ...trigger,
58443
- id: (0, import_uuid2.v4)(),
58444
- createdAt: Date.now()
58445
- };
58446
- await knex("message_triggers").insert(toTriggerInsertRow(newTrigger));
58447
- logger.info(`[KnexStore] Created trigger ${newTrigger.id} for user ${newTrigger.creatorId}`);
58448
- return newTrigger;
58449
- }
58450
- async getTrigger(id) {
58451
- const knex = this.getKnex();
58452
- const row = await knex("message_triggers").where("id", id).first();
58453
- return row ? fromTriggerRow2(row) : void 0;
58454
- }
58455
- async updateTrigger(id, patch) {
58456
- const knex = this.getKnex();
58457
- const existing = await knex("message_triggers").where("id", id).first();
58458
- if (!existing) return void 0;
58459
- const current = fromTriggerRow2(existing);
58460
- const updated = {
58461
- ...current,
58462
- ...patch,
58463
- id: current.id,
58464
- createdAt: current.createdAt
58465
- };
58466
- const row = toTriggerInsertRow(updated);
58467
- delete row.id;
58468
- await knex("message_triggers").where("id", id).update(row);
58469
- return updated;
58470
- }
58471
- async deleteTrigger(id) {
58472
- const knex = this.getKnex();
58473
- const deleted = await knex("message_triggers").where("id", id).del();
58474
- if (deleted > 0) {
58475
- logger.info(`[KnexStore] Deleted trigger ${id}`);
58476
- return true;
58477
- }
58478
- return false;
58479
- }
58480
- async getTriggersByCreator(creatorId) {
58481
- const knex = this.getKnex();
58482
- const rows = await knex("message_triggers").where("creator_id", creatorId);
58483
- return rows.map((r) => fromTriggerRow2(r));
58484
- }
58485
- async getActiveTriggers() {
58486
- const knex = this.getKnex();
58487
- const rows = await knex("message_triggers").where("status", "active").where("enabled", this.driver === "mssql" ? 1 : true);
58488
- return rows.map((r) => fromTriggerRow2(r));
58489
- }
58490
- };
58491
- }
58492
- });
58493
-
58494
- // src/enterprise/loader.ts
58495
- var loader_exports = {};
58496
- __export(loader_exports, {
58497
- loadEnterprisePolicyEngine: () => loadEnterprisePolicyEngine,
58498
- loadEnterpriseStoreBackend: () => loadEnterpriseStoreBackend
58499
- });
58500
- async function loadEnterprisePolicyEngine(config) {
58501
- try {
58502
- const { LicenseValidator: LicenseValidator2 } = await Promise.resolve().then(() => (init_validator(), validator_exports));
58503
- const validator = new LicenseValidator2();
58504
- const license = await validator.loadAndValidate();
58505
- if (!license || !validator.hasFeature("policy")) {
58506
- return new DefaultPolicyEngine();
58507
- }
58508
- if (validator.isInGracePeriod()) {
58509
- console.warn(
58510
- "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
58511
- );
58512
- }
58513
- const { OpaPolicyEngine: OpaPolicyEngine2 } = await Promise.resolve().then(() => (init_opa_policy_engine(), opa_policy_engine_exports));
58514
- const engine = new OpaPolicyEngine2(config);
58515
- await engine.initialize(config);
58516
- return engine;
58517
- } catch (err) {
58518
- const msg = err instanceof Error ? err.message : String(err);
58519
- try {
58520
- const { logger: logger2 } = (init_logger(), __toCommonJS(logger_exports));
58521
- logger2.warn(`[PolicyEngine] Enterprise policy init failed, falling back to default: ${msg}`);
58522
- } catch {
58523
- }
58524
- return new DefaultPolicyEngine();
58525
- }
58526
- }
58527
- async function loadEnterpriseStoreBackend(driver, storageConfig, haConfig) {
58528
- const { LicenseValidator: LicenseValidator2 } = await Promise.resolve().then(() => (init_validator(), validator_exports));
58529
- const validator = new LicenseValidator2();
58530
- const license = await validator.loadAndValidate();
58531
- if (!license || !validator.hasFeature("scheduler-sql")) {
58532
- throw new Error(
58533
- `The ${driver} schedule storage driver requires a Visor Enterprise license with the 'scheduler-sql' feature. Please upgrade or use driver: 'sqlite' (default).`
58534
- );
58535
- }
58536
- if (validator.isInGracePeriod()) {
58537
- console.warn(
58538
- "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
58539
- );
58540
- }
58541
- const { KnexStoreBackend: KnexStoreBackend2 } = await Promise.resolve().then(() => (init_knex_store(), knex_store_exports));
58542
- return new KnexStoreBackend2(driver, storageConfig, haConfig);
58543
- }
58544
- var init_loader = __esm({
58545
- "src/enterprise/loader.ts"() {
58546
- "use strict";
58547
- init_default_engine();
58548
- }
58549
- });
58550
-
58551
57177
  // src/event-bus/event-bus.ts
58552
57178
  var event_bus_exports = {};
58553
57179
  __export(event_bus_exports, {
@@ -59454,8 +58080,8 @@ ${content}
59454
58080
  * Sleep utility
59455
58081
  */
59456
58082
  sleep(ms) {
59457
- return new Promise((resolve19) => {
59458
- const t = setTimeout(resolve19, ms);
58083
+ return new Promise((resolve15) => {
58084
+ const t = setTimeout(resolve15, ms);
59459
58085
  if (typeof t.unref === "function") {
59460
58086
  try {
59461
58087
  t.unref();
@@ -59740,8 +58366,8 @@ ${end}`);
59740
58366
  async updateGroupedComment(ctx, comments, group, changedIds) {
59741
58367
  const existingLock = this.updateLocks.get(group);
59742
58368
  let resolveLock;
59743
- const ourLock = new Promise((resolve19) => {
59744
- resolveLock = resolve19;
58369
+ const ourLock = new Promise((resolve15) => {
58370
+ resolveLock = resolve15;
59745
58371
  });
59746
58372
  this.updateLocks.set(group, ourLock);
59747
58373
  try {
@@ -60072,7 +58698,7 @@ ${blocks}
60072
58698
  * Sleep utility for enforcing delays
60073
58699
  */
60074
58700
  sleep(ms) {
60075
- return new Promise((resolve19) => setTimeout(resolve19, ms));
58701
+ return new Promise((resolve15) => setTimeout(resolve15, ms));
60076
58702
  }
60077
58703
  };
60078
58704
  }
@@ -61919,11 +60545,11 @@ var require_request3 = __commonJS({
61919
60545
  "use strict";
61920
60546
  var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
61921
60547
  function adopt(value) {
61922
- return value instanceof P ? value : new P(function(resolve19) {
61923
- resolve19(value);
60548
+ return value instanceof P ? value : new P(function(resolve15) {
60549
+ resolve15(value);
61924
60550
  });
61925
60551
  }
61926
- return new (P || (P = Promise))(function(resolve19, reject) {
60552
+ return new (P || (P = Promise))(function(resolve15, reject) {
61927
60553
  function fulfilled(value) {
61928
60554
  try {
61929
60555
  step(generator.next(value));
@@ -61939,7 +60565,7 @@ var require_request3 = __commonJS({
61939
60565
  }
61940
60566
  }
61941
60567
  function step(result) {
61942
- result.done ? resolve19(result.value) : adopt(result.value).then(fulfilled, rejected);
60568
+ result.done ? resolve15(result.value) : adopt(result.value).then(fulfilled, rejected);
61943
60569
  }
61944
60570
  step((generator = generator.apply(thisArg, _arguments || [])).next());
61945
60571
  });
@@ -61963,9 +60589,9 @@ var require_request3 = __commonJS({
61963
60589
  HttpMethod2["PATCH"] = "PATCH";
61964
60590
  })(HttpMethod = exports2.HttpMethod || (exports2.HttpMethod = {}));
61965
60591
  var SvixRequest = class {
61966
- constructor(method, path33) {
60592
+ constructor(method, path29) {
61967
60593
  this.method = method;
61968
- this.path = path33;
60594
+ this.path = path29;
61969
60595
  this.queryParams = {};
61970
60596
  this.headerParams = {};
61971
60597
  }
@@ -62068,7 +60694,7 @@ var require_request3 = __commonJS({
62068
60694
  }
62069
60695
  function sendWithRetry(url, init, retryScheduleInMs, nextInterval = 50, triesLeft = 2, fetchImpl = fetch, retryCount = 1) {
62070
60696
  return __awaiter(this, void 0, void 0, function* () {
62071
- const sleep = (interval) => new Promise((resolve19) => setTimeout(resolve19, interval));
60697
+ const sleep = (interval) => new Promise((resolve15) => setTimeout(resolve15, interval));
62072
60698
  try {
62073
60699
  const response = yield fetchImpl(url, init);
62074
60700
  if (triesLeft <= 0 || response.status < 500) {
@@ -71142,7 +69768,7 @@ ${message}`;
71142
69768
  });
71143
69769
 
71144
69770
  // src/agent-protocol/task-store.ts
71145
- function safeJsonParse3(value) {
69771
+ function safeJsonParse2(value) {
71146
69772
  if (!value) return void 0;
71147
69773
  try {
71148
69774
  return JSON.parse(value);
@@ -71159,12 +69785,12 @@ function taskRowToAgentTask(row) {
71159
69785
  context_id: row.context_id,
71160
69786
  status: {
71161
69787
  state: row.state,
71162
- message: safeJsonParse3(row.status_message),
69788
+ message: safeJsonParse2(row.status_message),
71163
69789
  timestamp: row.updated_at
71164
69790
  },
71165
- artifacts: safeJsonParse3(row.artifacts) ?? [],
71166
- history: safeJsonParse3(row.history) ?? [],
71167
- metadata: safeJsonParse3(row.request_metadata),
69791
+ artifacts: safeJsonParse2(row.artifacts) ?? [],
69792
+ history: safeJsonParse2(row.history) ?? [],
69793
+ metadata: safeJsonParse2(row.request_metadata),
71168
69794
  workflow_id: row.workflow_id ?? void 0
71169
69795
  };
71170
69796
  }
@@ -71401,7 +70027,7 @@ var init_task_store = __esm({
71401
70027
  const db = this.getDb();
71402
70028
  const row = db.prepare("SELECT artifacts FROM agent_tasks WHERE id = ?").get(taskId);
71403
70029
  if (!row) throw new TaskNotFoundError(taskId);
71404
- const artifacts = safeJsonParse3(row.artifacts) ?? [];
70030
+ const artifacts = safeJsonParse2(row.artifacts) ?? [];
71405
70031
  artifacts.push(artifact);
71406
70032
  db.prepare("UPDATE agent_tasks SET artifacts = ?, updated_at = ? WHERE id = ?").run(
71407
70033
  JSON.stringify(artifacts),
@@ -71413,7 +70039,7 @@ var init_task_store = __esm({
71413
70039
  const db = this.getDb();
71414
70040
  const row = db.prepare("SELECT history FROM agent_tasks WHERE id = ?").get(taskId);
71415
70041
  if (!row) throw new TaskNotFoundError(taskId);
71416
- const history = safeJsonParse3(row.history) ?? [];
70042
+ const history = safeJsonParse2(row.history) ?? [];
71417
70043
  history.push(message);
71418
70044
  db.prepare("UPDATE agent_tasks SET history = ?, updated_at = ? WHERE id = ?").run(
71419
70045
  JSON.stringify(history),
@@ -71925,13 +70551,13 @@ __export(a2a_frontend_exports, {
71925
70551
  resultToArtifacts: () => resultToArtifacts
71926
70552
  });
71927
70553
  function readJsonBody(req) {
71928
- return new Promise((resolve19, reject) => {
70554
+ return new Promise((resolve15, reject) => {
71929
70555
  const chunks = [];
71930
70556
  req.on("data", (chunk) => chunks.push(chunk));
71931
70557
  req.on("end", () => {
71932
70558
  try {
71933
70559
  const body = Buffer.concat(chunks).toString("utf8");
71934
- resolve19(body ? JSON.parse(body) : {});
70560
+ resolve15(body ? JSON.parse(body) : {});
71935
70561
  } catch {
71936
70562
  reject(new ParseError("Malformed JSON body"));
71937
70563
  }
@@ -72174,12 +70800,12 @@ var init_a2a_frontend = __esm({
72174
70800
  }
72175
70801
  const port = this.config.port ?? 9e3;
72176
70802
  const host = this.config.host ?? "0.0.0.0";
72177
- await new Promise((resolve19) => {
70803
+ await new Promise((resolve15) => {
72178
70804
  this.server.listen(port, host, () => {
72179
70805
  const addr = this.server.address();
72180
70806
  this._boundPort = typeof addr === "object" && addr ? addr.port : port;
72181
70807
  logger.info(`A2A server listening on ${host}:${this._boundPort}`);
72182
- resolve19();
70808
+ resolve15();
72183
70809
  });
72184
70810
  });
72185
70811
  if (this.agentCard) {
@@ -72203,8 +70829,8 @@ var init_a2a_frontend = __esm({
72203
70829
  }
72204
70830
  this.streamManager.shutdown();
72205
70831
  if (this.server) {
72206
- await new Promise((resolve19, reject) => {
72207
- this.server.close((err) => err ? reject(err) : resolve19());
70832
+ await new Promise((resolve15, reject) => {
70833
+ this.server.close((err) => err ? reject(err) : resolve15());
72208
70834
  });
72209
70835
  this.server = null;
72210
70836
  }
@@ -72921,15 +71547,15 @@ function serializeRunState(state) {
72921
71547
  ])
72922
71548
  };
72923
71549
  }
72924
- var path32, fs28, StateMachineExecutionEngine;
71550
+ var path28, fs24, StateMachineExecutionEngine;
72925
71551
  var init_state_machine_execution_engine = __esm({
72926
71552
  "src/state-machine-execution-engine.ts"() {
72927
71553
  "use strict";
72928
71554
  init_runner();
72929
71555
  init_logger();
72930
71556
  init_sandbox_manager();
72931
- path32 = __toESM(require("path"));
72932
- fs28 = __toESM(require("fs"));
71557
+ path28 = __toESM(require("path"));
71558
+ fs24 = __toESM(require("fs"));
72933
71559
  StateMachineExecutionEngine = class _StateMachineExecutionEngine {
72934
71560
  workingDirectory;
72935
71561
  executionContext;
@@ -73161,8 +71787,8 @@ var init_state_machine_execution_engine = __esm({
73161
71787
  logger.debug(
73162
71788
  `[PolicyEngine] Loading enterprise policy engine (engine=${configWithTagFilter.policy.engine})`
73163
71789
  );
73164
- const { loadEnterprisePolicyEngine: loadEnterprisePolicyEngine2 } = await Promise.resolve().then(() => (init_loader(), loader_exports));
73165
- context2.policyEngine = await loadEnterprisePolicyEngine2(configWithTagFilter.policy);
71790
+ const { loadEnterprisePolicyEngine } = await import("./enterprise/loader");
71791
+ context2.policyEngine = await loadEnterprisePolicyEngine(configWithTagFilter.policy);
73166
71792
  logger.debug(
73167
71793
  `[PolicyEngine] Initialized: ${context2.policyEngine?.constructor?.name || "unknown"}`
73168
71794
  );
@@ -73316,9 +71942,9 @@ var init_state_machine_execution_engine = __esm({
73316
71942
  }
73317
71943
  const checkId = String(ev?.checkId || "unknown");
73318
71944
  const threadKey = ev?.threadKey || (channel && threadTs ? `${channel}:${threadTs}` : "session");
73319
- const baseDir = process.env.VISOR_SNAPSHOT_DIR || path32.resolve(process.cwd(), ".visor", "snapshots");
73320
- fs28.mkdirSync(baseDir, { recursive: true });
73321
- const filePath = path32.join(baseDir, `${threadKey}-${checkId}.json`);
71945
+ const baseDir = process.env.VISOR_SNAPSHOT_DIR || path28.resolve(process.cwd(), ".visor", "snapshots");
71946
+ fs24.mkdirSync(baseDir, { recursive: true });
71947
+ const filePath = path28.join(baseDir, `${threadKey}-${checkId}.json`);
73322
71948
  await this.saveSnapshotToFile(filePath);
73323
71949
  logger.info(`[Snapshot] Saved run snapshot: ${filePath}`);
73324
71950
  try {
@@ -73459,7 +72085,7 @@ var init_state_machine_execution_engine = __esm({
73459
72085
  * Does not include secrets. Intended for debugging and future resume support.
73460
72086
  */
73461
72087
  async saveSnapshotToFile(filePath) {
73462
- const fs29 = await import("fs/promises");
72088
+ const fs25 = await import("fs/promises");
73463
72089
  const ctx = this._lastContext;
73464
72090
  const runner = this._lastRunner;
73465
72091
  if (!ctx || !runner) {
@@ -73479,14 +72105,14 @@ var init_state_machine_execution_engine = __esm({
73479
72105
  journal: entries,
73480
72106
  requestedChecks: ctx.requestedChecks || []
73481
72107
  };
73482
- await fs29.writeFile(filePath, JSON.stringify(payload, null, 2), "utf8");
72108
+ await fs25.writeFile(filePath, JSON.stringify(payload, null, 2), "utf8");
73483
72109
  }
73484
72110
  /**
73485
72111
  * Load a snapshot JSON from file and return it. Resume support can build on this.
73486
72112
  */
73487
72113
  async loadSnapshotFromFile(filePath) {
73488
- const fs29 = await import("fs/promises");
73489
- const raw = await fs29.readFile(filePath, "utf8");
72114
+ const fs25 = await import("fs/promises");
72115
+ const raw = await fs25.readFile(filePath, "utf8");
73490
72116
  return JSON.parse(raw);
73491
72117
  }
73492
72118
  /**