npm - @probelabs/visor - Versions diffs - 0.1.182-ee → 0.1.183-ee - Mend

@probelabs/visor 0.1.182-ee → 0.1.183-ee

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/dist/sdk/github-auth-BJQBLK2V.mjs ADDED Viewed

@@ -0,0 +1,196 @@
+import {
+  init_logger,
+  logger
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import {
+  __esm
+} from "./chunk-J7LXIPZS.mjs";
+// src/github-auth.ts
+import { Octokit } from "@octokit/rest";
+import * as fs from "fs";
+import * as path from "path";
+async function createAuthenticatedOctokit(options) {
+  const { token, appId, installationId, owner, repo } = options;
+  const privateKey = options.privateKey ? resolvePrivateKey(options.privateKey) : void 0;
+  if (appId && privateKey) {
+    const { createAppAuth } = await import("@octokit/auth-app");
+    let finalInstallationId;
+    if (installationId) {
+      finalInstallationId = parseInt(installationId, 10);
+      if (isNaN(finalInstallationId) || finalInstallationId <= 0) {
+        throw new Error("Invalid installation-id. It must be a positive integer.");
+      }
+    }
+    if (!finalInstallationId && owner && repo) {
+      const appOctokit = new Octokit({
+        authStrategy: createAppAuth,
+        auth: { appId, privateKey }
+      });
+      try {
+        const { data: installation } = await appOctokit.rest.apps.getRepoInstallation({
+          owner,
+          repo
+        });
+        finalInstallationId = installation.id;
+      } catch {
+        throw new Error(
+          "GitHub App installation ID could not be auto-detected. Provide --github-installation-id or ensure the app is installed on the repository."
+        );
+      }
+    }
+    if (!finalInstallationId) {
+      throw new Error(
+        "GitHub App installation ID is required. Provide --github-installation-id or set owner/repo for auto-detection."
+      );
+    }
+    const octokit = new Octokit({
+      authStrategy: createAppAuth,
+      auth: {
+        appId,
+        privateKey,
+        installationId: finalInstallationId
+      }
+    });
+    const authResult = await octokit.auth({ type: "installation" });
+    return {
+      octokit,
+      authType: "github-app",
+      token: authResult.token
+    };
+  }
+  if (token) {
+    return {
+      octokit: new Octokit({ auth: token }),
+      authType: "token",
+      token
+    };
+  }
+  return void 0;
+}
+function resolveAuthFromEnvironment() {
+  return {
+    token: process.env.GITHUB_TOKEN || process.env.GH_TOKEN,
+    appId: process.env.GITHUB_APP_ID,
+    privateKey: process.env.GITHUB_APP_PRIVATE_KEY,
+    installationId: process.env.GITHUB_APP_INSTALLATION_ID,
+    owner: process.env.GITHUB_REPOSITORY_OWNER || process.env.GITHUB_REPOSITORY?.split("/")[0],
+    repo: process.env.GITHUB_REPOSITORY?.split("/")[1]
+  };
+}
+function resolvePrivateKey(keyOrPath) {
+  if (keyOrPath.includes("-----BEGIN")) {
+    return keyOrPath;
+  }
+  const resolved = path.resolve(keyOrPath);
+  if (fs.existsSync(resolved)) {
+    return fs.readFileSync(resolved, "utf8");
+  }
+  return keyOrPath;
+}
+function injectGitHubCredentials(token) {
+  process.env.GITHUB_TOKEN = token;
+  process.env.GH_TOKEN = token;
+  const currentCount = parseInt(process.env.GIT_CONFIG_COUNT || "0", 10);
+  let base;
+  if (_authBase === void 0) {
+    base = currentCount;
+  } else if (_lastWrittenCount !== void 0 && currentCount !== _lastWrittenCount) {
+    base = currentCount;
+  } else {
+    base = _authBase;
+  }
+  _authBase = base;
+  const authUrl = `https://x-access-token:${token}@github.com/`;
+  process.env[`GIT_CONFIG_KEY_${base}`] = `url.${authUrl}.insteadOf`;
+  process.env[`GIT_CONFIG_VALUE_${base}`] = "https://github.com/";
+  process.env[`GIT_CONFIG_KEY_${base + 1}`] = `url.${authUrl}.insteadOf`;
+  process.env[`GIT_CONFIG_VALUE_${base + 1}`] = "git@github.com:";
+  const newCount = base + 2;
+  process.env.GIT_CONFIG_COUNT = String(newCount);
+  _lastWrittenCount = newCount;
+}
+function markTokenFresh() {
+  const token = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;
+  if (token) {
+    _cachedAppToken = { token, generatedAt: Date.now() };
+  }
+}
+async function refreshGitHubCredentials() {
+  const appId = process.env.GITHUB_APP_ID;
+  const privateKey = process.env.GITHUB_APP_PRIVATE_KEY;
+  if (!appId || !privateKey) return;
+  const now = Date.now();
+  if (_cachedAppToken && now - _cachedAppToken.generatedAt < TOKEN_REFRESH_MS) {
+    return;
+  }
+  try {
+    const opts = resolveAuthFromEnvironment();
+    const result = await createAuthenticatedOctokit(opts);
+    if (result && result.authType === "github-app") {
+      injectGitHubCredentials(result.token);
+      _cachedAppToken = { token: result.token, generatedAt: now };
+      logger.debug("[github-auth] Refreshed GitHub App installation token");
+    }
+  } catch (err) {
+    const age = _cachedAppToken ? `${Math.round((now - _cachedAppToken.generatedAt) / 6e4)}min old` : "no cached token";
+    logger.warn(
+      `[github-auth] Failed to refresh GitHub App token (${age}): ${err instanceof Error ? err.message : String(err)}. Child processes may fail with authentication errors.`
+    );
+  }
+}
+function startTokenRefreshTimer() {
+  if (_refreshTimer) return;
+  const appId = process.env.GITHUB_APP_ID;
+  const privateKey = process.env.GITHUB_APP_PRIVATE_KEY;
+  if (!appId || !privateKey) return;
+  _refreshTimer = setInterval(() => {
+    refreshGitHubCredentials().catch((err) => {
+      logger.warn(
+        `[github-auth] Background token refresh failed: ${err instanceof Error ? err.message : String(err)}`
+      );
+    });
+  }, TIMER_INTERVAL_MS);
+  _refreshTimer.unref();
+  logger.debug("[github-auth] Background token refresh timer started (every 30 min)");
+}
+function stopTokenRefreshTimer() {
+  if (_refreshTimer) {
+    clearInterval(_refreshTimer);
+    _refreshTimer = void 0;
+    logger.debug("[github-auth] Background token refresh timer stopped");
+  }
+}
+function _testSetCachedToken(token, generatedAt) {
+  if (token) {
+    _cachedAppToken = { token, generatedAt: generatedAt ?? Date.now() };
+  } else {
+    _cachedAppToken = void 0;
+  }
+}
+function _testGetCachedToken() {
+  return _cachedAppToken;
+}
+var _authBase, _lastWrittenCount, _cachedAppToken, TOKEN_REFRESH_MS, _refreshTimer, TIMER_INTERVAL_MS;
+var init_github_auth = __esm({
+  "src/github-auth.ts"() {
+    init_logger();
+    TOKEN_REFRESH_MS = 45 * 60 * 1e3;
+    TIMER_INTERVAL_MS = 30 * 60 * 1e3;
+  }
+});
+init_github_auth();
+export {
+  _testGetCachedToken,
+  _testSetCachedToken,
+  createAuthenticatedOctokit,
+  injectGitHubCredentials,
+  markTokenFresh,
+  refreshGitHubCredentials,
+  resolveAuthFromEnvironment,
+  resolvePrivateKey,
+  startTokenRefreshTimer,
+  stopTokenRefreshTimer
+};
+//# sourceMappingURL=github-auth-BJQBLK2V.mjs.map

package/dist/sdk/github-auth-BJQBLK2V.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/github-auth.ts"],"sourcesContent":["import { Octokit } from '@octokit/rest';\nimport * as fs from 'fs';\nimport * as path from 'path';\nimport { logger } from './logger';\n\n/**\n * Options for GitHub authentication.\n * Supports both personal access token and GitHub App authentication.\n */\nexport interface GitHubAuthOptions {\n /** Personal access token or fine-grained token */\n token?: string;\n /** GitHub App ID */\n appId?: string;\n /** GitHub App private key (PEM content or file path) */\n privateKey?: string;\n /** GitHub App installation ID (auto-detected if omitted) */\n installationId?: string;\n /** Repository owner (for auto-detecting installation ID) */\n owner?: string;\n /** Repository name (for auto-detecting installation ID) */\n repo?: string;\n}\n\n/**\n * Result of successful GitHub authentication.\n */\nexport interface GitHubAuthResult {\n /** Authenticated Octokit instance */\n octokit: Octokit;\n /** Authentication method used */\n authType: 'github-app' | 'token';\n /** Raw token string for environment propagation */\n token: string;\n}\n\n/**\n * Create an authenticated Octokit instance.\n * Returns undefined if no credentials are provided (auth is optional in CLI mode).\n *\n * For token auth: uses the token directly.\n * For GitHub App auth: creates JWT-authenticated client, resolves installation ID,\n * then extracts an installation access token for environment propagation.\n */\nexport async function createAuthenticatedOctokit(\n options: GitHubAuthOptions\n): Promise<GitHubAuthResult | undefined> {\n const { token, appId, installationId, owner, repo } = options;\n const privateKey = options.privateKey ? resolvePrivateKey(options.privateKey) : undefined;\n\n // Prefer GitHub App authentication if app credentials are provided\n if (appId && privateKey) {\n const { createAppAuth } = await import('@octokit/auth-app');\n\n let finalInstallationId: number | undefined;\n\n if (installationId) {\n finalInstallationId = parseInt(installationId, 10);\n if (isNaN(finalInstallationId) || finalInstallationId <= 0) {\n throw new Error('Invalid installation-id. It must be a positive integer.');\n }\n }\n\n // Auto-detect installation ID if not provided\n if (!finalInstallationId && owner && repo) {\n const appOctokit = new Octokit({\n authStrategy: createAppAuth,\n auth: { appId, privateKey },\n });\n\n try {\n const { data: installation } = await appOctokit.rest.apps.getRepoInstallation({\n owner,\n repo,\n });\n finalInstallationId = installation.id;\n } catch {\n throw new Error(\n 'GitHub App installation ID could not be auto-detected. ' +\n 'Provide --github-installation-id or ensure the app is installed on the repository.'\n );\n }\n }\n\n if (!finalInstallationId) {\n throw new Error(\n 'GitHub App installation ID is required. Provide --github-installation-id or set owner/repo for auto-detection.'\n );\n }\n\n // Create the authenticated Octokit instance\n const octokit = new Octokit({\n authStrategy: createAppAuth,\n auth: {\n appId,\n privateKey,\n installationId: finalInstallationId,\n },\n });\n\n // Extract the installation access token for environment propagation\n const authResult = (await octokit.auth({ type: 'installation' })) as { token: string };\n\n return {\n octokit,\n authType: 'github-app',\n token: authResult.token,\n };\n }\n\n // Fall back to token authentication\n if (token) {\n return {\n octokit: new Octokit({ auth: token }),\n authType: 'token',\n token,\n };\n }\n\n // No credentials provided\n return undefined;\n}\n\n/**\n * Resolve GitHub auth options from environment variables.\n * Used as fallback when no explicit CLI arguments are provided.\n */\nexport function resolveAuthFromEnvironment(): GitHubAuthOptions {\n return {\n token: process.env.GITHUB_TOKEN || process.env.GH_TOKEN,\n appId: process.env.GITHUB_APP_ID,\n privateKey: process.env.GITHUB_APP_PRIVATE_KEY,\n installationId: process.env.GITHUB_APP_INSTALLATION_ID,\n owner: process.env.GITHUB_REPOSITORY_OWNER || process.env.GITHUB_REPOSITORY?.split('/')[0],\n repo: process.env.GITHUB_REPOSITORY?.split('/')[1],\n };\n}\n\n/**\n * Resolve private key — supports both inline PEM content and file paths.\n */\nexport function resolvePrivateKey(keyOrPath: string): string {\n if (keyOrPath.includes('-----BEGIN')) {\n return keyOrPath;\n }\n const resolved = path.resolve(keyOrPath);\n if (fs.existsSync(resolved)) {\n return fs.readFileSync(resolved, 'utf8');\n }\n // Return as-is and let the auth library handle errors\n return keyOrPath;\n}\n\n// Track our auth entries position so repeated calls replace instead of stacking.\n// _authBase: the GIT_CONFIG index where our 2 auth entries start.\n// _lastWrittenCount: what we last set GIT_CONFIG_COUNT to (detects external changes).\nlet _authBase: number | undefined;\nlet _lastWrittenCount: number | undefined;\n\n/**\n * Inject GitHub credentials into process.env for child processes.\n *\n * Sets GITHUB_TOKEN/GH_TOKEN for gh CLI, and configures git HTTPS auth\n * via GIT_CONFIG_COUNT/KEY/VALUE env vars so `git clone`, `git push`, etc.\n * work automatically against github.com without any local git config.\n *\n * Uses git's GIT_CONFIG_COUNT mechanism (git 2.31+, March 2021):\n * - No temp files or global config mutation\n * - Inherited by all child processes automatically\n * - Works regardless of local git configuration\n *\n * Safe to call multiple times (e.g. on token refresh) — replaces previous entries.\n */\nexport function injectGitHubCredentials(token: string): void {\n // Set for gh CLI and general GitHub API usage\n process.env.GITHUB_TOKEN = token;\n process.env.GH_TOKEN = token;\n\n const currentCount = parseInt(process.env.GIT_CONFIG_COUNT || '0', 10);\n\n // Determine where to write our 2 auth entries:\n // - First call: append after any pre-existing entries\n // - Subsequent calls with unchanged count: overwrite at same position\n // - If count changed externally: someone added entries, append after them\n let base: number;\n if (_authBase === undefined) {\n base = currentCount;\n } else if (_lastWrittenCount !== undefined && currentCount !== _lastWrittenCount) {\n base = currentCount;\n } else {\n base = _authBase;\n }\n _authBase = base;\n\n // Configure git HTTPS auth via url.<base>.insteadOf\n const authUrl = `https://x-access-token:${token}@github.com/`;\n\n // Rewrite HTTPS URLs\n process.env[`GIT_CONFIG_KEY_${base}`] = `url.${authUrl}.insteadOf`;\n process.env[`GIT_CONFIG_VALUE_${base}`] = 'https://github.com/';\n\n // Rewrite SSH-style URLs (git@github.com:org/repo)\n process.env[`GIT_CONFIG_KEY_${base + 1}`] = `url.${authUrl}.insteadOf`;\n process.env[`GIT_CONFIG_VALUE_${base + 1}`] = 'git@github.com:';\n\n const newCount = base + 2;\n process.env.GIT_CONFIG_COUNT = String(newCount);\n _lastWrittenCount = newCount;\n}\n\n/**\n * Mark the current token as freshly generated (for use after initial startup auth).\n * Prevents the first refreshGitHubCredentials() call from unnecessarily regenerating.\n */\nexport function markTokenFresh(): void {\n const token = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;\n if (token) {\n _cachedAppToken = { token, generatedAt: Date.now() };\n }\n}\n\n// Cached token with generation timestamp for expiry checks\nlet _cachedAppToken: { token: string; generatedAt: number } | undefined;\n\n// Installation tokens live 1 hour; refresh after 45 minutes.\n// Using 45 min (not 50) leaves a 15-minute buffer for long-running tasks\n// that start right before a refresh cycle.\nconst TOKEN_REFRESH_MS = 45 * 60 * 1000;\n\n// Background refresh timer\nlet _refreshTimer: ReturnType<typeof setInterval> | undefined;\n\n// How often the background timer checks (30 minutes)\nconst TIMER_INTERVAL_MS = 30 * 60 * 1000;\n\n/**\n * Refresh GitHub App installation credentials if they are about to expire.\n *\n * No-op when:\n * - No GitHub App credentials are configured (GITHUB_APP_ID + GITHUB_APP_PRIVATE_KEY)\n * - The current token was generated less than 45 minutes ago\n *\n * Call this before each execution in long-running processes (Slack bot, scheduler)\n * to ensure child processes always have a valid token for git/gh operations.\n */\nexport async function refreshGitHubCredentials(): Promise<void> {\n // Quick check: do we have App credentials?\n const appId = process.env.GITHUB_APP_ID;\n const privateKey = process.env.GITHUB_APP_PRIVATE_KEY;\n if (!appId || !privateKey) return;\n\n // Skip if cached token is still fresh\n const now = Date.now();\n if (_cachedAppToken && now - _cachedAppToken.generatedAt < TOKEN_REFRESH_MS) {\n return;\n }\n\n try {\n const opts = resolveAuthFromEnvironment();\n const result = await createAuthenticatedOctokit(opts);\n if (result && result.authType === 'github-app') {\n injectGitHubCredentials(result.token);\n _cachedAppToken = { token: result.token, generatedAt: now };\n logger.debug('[github-auth] Refreshed GitHub App installation token');\n }\n } catch (err) {\n const age = _cachedAppToken\n ? `${Math.round((now - _cachedAppToken.generatedAt) / 60000)}min old`\n : 'no cached token';\n logger.warn(\n `[github-auth] Failed to refresh GitHub App token (${age}): ${err instanceof Error ? err.message : String(err)}. ` +\n 'Child processes may fail with authentication errors.'\n );\n }\n}\n\n/**\n * Start a background timer that refreshes GitHub App tokens every 30 minutes.\n *\n * This ensures tokens stay fresh even during long-running tasks (e.g., an engineer\n * task that takes 40+ minutes). Without this, a token generated at startup could\n * expire mid-execution of a child process.\n *\n * The timer is unref'd so it doesn't prevent Node from exiting.\n * Call stopTokenRefreshTimer() on shutdown.\n */\nexport function startTokenRefreshTimer(): void {\n if (_refreshTimer) return; // Already running\n\n // Only start if we have App credentials\n const appId = process.env.GITHUB_APP_ID;\n const privateKey = process.env.GITHUB_APP_PRIVATE_KEY;\n if (!appId || !privateKey) return;\n\n _refreshTimer = setInterval(() => {\n refreshGitHubCredentials().catch(err => {\n logger.warn(\n `[github-auth] Background token refresh failed: ${err instanceof Error ? err.message : String(err)}`\n );\n });\n }, TIMER_INTERVAL_MS);\n\n // Don't prevent Node from exiting\n _refreshTimer.unref();\n\n logger.debug('[github-auth] Background token refresh timer started (every 30 min)');\n}\n\n/**\n * Stop the background token refresh timer.\n */\nexport function stopTokenRefreshTimer(): void {\n if (_refreshTimer) {\n clearInterval(_refreshTimer);\n _refreshTimer = undefined;\n logger.debug('[github-auth] Background token refresh timer stopped');\n }\n}\n\n/** Visible for testing: override the cached token state. */\nexport function _testSetCachedToken(token: string | undefined, generatedAt?: number): void {\n if (token) {\n _cachedAppToken = { token, generatedAt: generatedAt ?? Date.now() };\n } else {\n _cachedAppToken = undefined;\n }\n}\n\n/** Visible for testing: get the current cached token info. */\nexport function _testGetCachedToken(): { token: string; generatedAt: number } | undefined {\n return _cachedAppToken;\n}\n"],"mappings":";;;;;;;;;;AAAA,SAAS,eAAe;AACxB,YAAY,QAAQ;AACpB,YAAY,UAAU;AA0CtB,eAAsB,2BACpB,SACuC;AACvC,QAAM,EAAE,OAAO,OAAO,gBAAgB,OAAO,KAAK,IAAI;AACtD,QAAM,aAAa,QAAQ,aAAa,kBAAkB,QAAQ,UAAU,IAAI;AAGhF,MAAI,SAAS,YAAY;AACvB,UAAM,EAAE,cAAc,IAAI,MAAM,OAAO,mBAAmB;AAE1D,QAAI;AAEJ,QAAI,gBAAgB;AAClB,4BAAsB,SAAS,gBAAgB,EAAE;AACjD,UAAI,MAAM,mBAAmB,KAAK,uBAAuB,GAAG;AAC1D,cAAM,IAAI,MAAM,yDAAyD;AAAA,MAC3E;AAAA,IACF;AAGA,QAAI,CAAC,uBAAuB,SAAS,MAAM;AACzC,YAAM,aAAa,IAAI,QAAQ;AAAA,QAC7B,cAAc;AAAA,QACd,MAAM,EAAE,OAAO,WAAW;AAAA,MAC5B,CAAC;AAED,UAAI;AACF,cAAM,EAAE,MAAM,aAAa,IAAI,MAAM,WAAW,KAAK,KAAK,oBAAoB;AAAA,UAC5E;AAAA,UACA;AAAA,QACF,CAAC;AACD,8BAAsB,aAAa;AAAA,MACrC,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QAEF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,qBAAqB;AACxB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,UAAM,UAAU,IAAI,QAAQ;AAAA,MAC1B,cAAc;AAAA,MACd,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAGD,UAAM,aAAc,MAAM,QAAQ,KAAK,EAAE,MAAM,eAAe,CAAC;AAE/D,WAAO;AAAA,MACL;AAAA,MACA,UAAU;AAAA,MACV,OAAO,WAAW;AAAA,IACpB;AAAA,EACF;AAGA,MAAI,OAAO;AACT,WAAO;AAAA,MACL,SAAS,IAAI,QAAQ,EAAE,MAAM,MAAM,CAAC;AAAA,MACpC,UAAU;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAGA,SAAO;AACT;AAMO,SAAS,6BAAgD;AAC9D,SAAO;AAAA,IACL,OAAO,QAAQ,IAAI,gBAAgB,QAAQ,IAAI;AAAA,IAC/C,OAAO,QAAQ,IAAI;AAAA,IACnB,YAAY,QAAQ,IAAI;AAAA,IACxB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,OAAO,QAAQ,IAAI,2BAA2B,QAAQ,IAAI,mBAAmB,MAAM,GAAG,EAAE,CAAC;AAAA,IACzF,MAAM,QAAQ,IAAI,mBAAmB,MAAM,GAAG,EAAE,CAAC;AAAA,EACnD;AACF;AAKO,SAAS,kBAAkB,WAA2B;AAC3D,MAAI,UAAU,SAAS,YAAY,GAAG;AACpC,WAAO;AAAA,EACT;AACA,QAAM,WAAgB,aAAQ,SAAS;AACvC,MAAO,cAAW,QAAQ,GAAG;AAC3B,WAAU,gBAAa,UAAU,MAAM;AAAA,EACzC;AAEA,SAAO;AACT;AAsBO,SAAS,wBAAwB,OAAqB;AAE3D,UAAQ,IAAI,eAAe;AAC3B,UAAQ,IAAI,WAAW;AAEvB,QAAM,eAAe,SAAS,QAAQ,IAAI,oBAAoB,KAAK,EAAE;AAMrE,MAAI;AACJ,MAAI,cAAc,QAAW;AAC3B,WAAO;AAAA,EACT,WAAW,sBAAsB,UAAa,iBAAiB,mBAAmB;AAChF,WAAO;AAAA,EACT,OAAO;AACL,WAAO;AAAA,EACT;AACA,cAAY;AAGZ,QAAM,UAAU,0BAA0B,KAAK;AAG/C,UAAQ,IAAI,kBAAkB,IAAI,EAAE,IAAI,OAAO,OAAO;AACtD,UAAQ,IAAI,oBAAoB,IAAI,EAAE,IAAI;AAG1C,UAAQ,IAAI,kBAAkB,OAAO,CAAC,EAAE,IAAI,OAAO,OAAO;AAC1D,UAAQ,IAAI,oBAAoB,OAAO,CAAC,EAAE,IAAI;AAE9C,QAAM,WAAW,OAAO;AACxB,UAAQ,IAAI,mBAAmB,OAAO,QAAQ;AAC9C,sBAAoB;AACtB;AAMO,SAAS,iBAAuB;AACrC,QAAM,QAAQ,QAAQ,IAAI,gBAAgB,QAAQ,IAAI;AACtD,MAAI,OAAO;AACT,sBAAkB,EAAE,OAAO,aAAa,KAAK,IAAI,EAAE;AAAA,EACrD;AACF;AA0BA,eAAsB,2BAA0C;AAE9D,QAAM,QAAQ,QAAQ,IAAI;AAC1B,QAAM,aAAa,QAAQ,IAAI;AAC/B,MAAI,CAAC,SAAS,CAAC,WAAY;AAG3B,QAAM,MAAM,KAAK,IAAI;AACrB,MAAI,mBAAmB,MAAM,gBAAgB,cAAc,kBAAkB;AAC3E;AAAA,EACF;AAEA,MAAI;AACF,UAAM,OAAO,2BAA2B;AACxC,UAAM,SAAS,MAAM,2BAA2B,IAAI;AACpD,QAAI,UAAU,OAAO,aAAa,cAAc;AAC9C,8BAAwB,OAAO,KAAK;AACpC,wBAAkB,EAAE,OAAO,OAAO,OAAO,aAAa,IAAI;AAC1D,aAAO,MAAM,uDAAuD;AAAA,IACtE;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,MAAM,kBACR,GAAG,KAAK,OAAO,MAAM,gBAAgB,eAAe,GAAK,CAAC,YAC1D;AACJ,WAAO;AAAA,MACL,qDAAqD,GAAG,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IAEhH;AAAA,EACF;AACF;AAYO,SAAS,yBAA+B;AAC7C,MAAI,cAAe;AAGnB,QAAM,QAAQ,QAAQ,IAAI;AAC1B,QAAM,aAAa,QAAQ,IAAI;AAC/B,MAAI,CAAC,SAAS,CAAC,WAAY;AAE3B,kBAAgB,YAAY,MAAM;AAChC,6BAAyB,EAAE,MAAM,SAAO;AACtC,aAAO;AAAA,QACL,kDAAkD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,MACpG;AAAA,IACF,CAAC;AAAA,EACH,GAAG,iBAAiB;AAGpB,gBAAc,MAAM;AAEpB,SAAO,MAAM,qEAAqE;AACpF;AAKO,SAAS,wBAA8B;AAC5C,MAAI,eAAe;AACjB,kBAAc,aAAa;AAC3B,oBAAgB;AAChB,WAAO,MAAM,sDAAsD;AAAA,EACrE;AACF;AAGO,SAAS,oBAAoB,OAA2B,aAA4B;AACzF,MAAI,OAAO;AACT,sBAAkB,EAAE,OAAO,aAAa,eAAe,KAAK,IAAI,EAAE;AAAA,EACpE,OAAO;AACL,sBAAkB;AAAA,EACpB;AACF;AAGO,SAAS,sBAA0E;AACxF,SAAO;AACT;AA3UA,IA4JI,WACA,mBAiEA,iBAKE,kBAGF,eAGE;AAzON;AAAA;AAGA;AAgOA,IAAM,mBAAmB,KAAK,KAAK;AAMnC,IAAM,oBAAoB,KAAK,KAAK;AAAA;AAAA;","names":[]}

package/dist/sdk/{github-frontend-L3F5JXPJ.mjs → github-frontend-DECYOBRN.mjs} RENAMED Viewed

@@ -5,21 +5,21 @@ import {
 import {
   failure_condition_evaluator_exports,
   init_failure_condition_evaluator
-} from "./chunk-DHETLQIX.mjs";
-import "./chunk-7ERVRLDV.mjs";
+} from "./chunk-GA2TYKSR.mjs";
+import "./chunk-XOAEKFKB.mjs";
 import {
   generateShortHumanId,
   init_human_id
-} from "./chunk-QXT47ZHR.mjs";
-import "./chunk-34QX63WK.mjs";
+} from "./chunk-G7GSN3SK.mjs";
+import "./chunk-FWWLD555.mjs";
 import "./chunk-25IC7KXZ.mjs";
 import "./chunk-LW3INISN.mjs";
-import "./chunk-UFHOIB3R.mjs";
+import "./chunk-RI4ONH5X.mjs";
 import {
   init_logger,
   logger
-} from "./chunk-FT3I25QV.mjs";
-import "./chunk-UCMJJ3IM.mjs";
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
 import {
   __esm,
   __export,
@@ -1391,4 +1391,4 @@ init_github_frontend();
 export {
   GitHubFrontend
 };
-//# sourceMappingURL=github-frontend-L3F5JXPJ.mjs.map
+//# sourceMappingURL=github-frontend-DECYOBRN.mjs.map

package/dist/sdk/{github-frontend-KGV2R5Z6.mjs → github-frontend-TZRBOQCN.mjs} RENAMED Viewed

@@ -5,12 +5,12 @@ import {
 import {
   failure_condition_evaluator_exports,
   init_failure_condition_evaluator
-} from "./chunk-U6K5SK7X.mjs";
-import "./chunk-3JFK6KCD.mjs";
+} from "./chunk-V45TITKX.mjs";
+import "./chunk-TFUQ2D5L.mjs";
 import {
   generateShortHumanId,
   init_human_id
-} from "./chunk-6VVXKXTI.mjs";
+} from "./chunk-MFXPJUUE.mjs";
 import "./chunk-34QX63WK.mjs";
 import "./chunk-25IC7KXZ.mjs";
 import "./chunk-LW3INISN.mjs";
@@ -1391,4 +1391,4 @@ init_github_frontend();
 export {
   GitHubFrontend
 };
-//# sourceMappingURL=github-frontend-KGV2R5Z6.mjs.map
+//# sourceMappingURL=github-frontend-TZRBOQCN.mjs.map

package/dist/sdk/{host-QBJ7TOWG.mjs → host-CFM2ASDI.mjs} RENAMED Viewed

@@ -24,10 +24,10 @@ var init_host = __esm({
             const { NdjsonSink } = await import("./ndjson-sink-FD2PSXGD.mjs");
             this.frontends.push(new NdjsonSink(spec.config));
           } else if (spec.name === "github") {
-            const { GitHubFrontend } = await import("./github-frontend-L3F5JXPJ.mjs");
+            const { GitHubFrontend } = await import("./github-frontend-DECYOBRN.mjs");
             this.frontends.push(new GitHubFrontend());
           } else if (spec.name === "slack") {
-            const { SlackFrontend } = await import("./slack-frontend-BPWXNIHE.mjs");
+            const { SlackFrontend } = await import("./slack-frontend-DF5VL4OF.mjs");
             this.frontends.push(new SlackFrontend(spec.config));
           } else if (spec.name === "tui") {
             const { TuiFrontend } = await import("./tui-frontend-T56PZB67.mjs");
@@ -45,7 +45,7 @@ var init_host = __esm({
             const { TeamsFrontend } = await import("./teams-frontend-DNW5GZP3.mjs");
             this.frontends.push(new TeamsFrontend(spec.config));
           } else if (spec.name === "a2a") {
-            const { A2AFrontend } = await import("./a2a-frontend-4LP3MLTS.mjs");
+            const { A2AFrontend } = await import("./a2a-frontend-5YDHFQXD.mjs");
             this.frontends.push(new A2AFrontend(spec.config));
           } else {
             this.log.warn(`[FrontendsHost] Unknown frontend '${spec.name}', skipping`);
@@ -84,4 +84,4 @@ export {
   FrontendsHost,
   isActiveFrontend
 };
-//# sourceMappingURL=host-QBJ7TOWG.mjs.map
+//# sourceMappingURL=host-CFM2ASDI.mjs.map

package/dist/sdk/{host-X5ZZCEWN.mjs → host-T4LNVU2H.mjs} RENAMED Viewed

@@ -24,7 +24,7 @@ var init_host = __esm({
             const { NdjsonSink } = await import("./ndjson-sink-FD2PSXGD.mjs");
             this.frontends.push(new NdjsonSink(spec.config));
           } else if (spec.name === "github") {
-            const { GitHubFrontend } = await import("./github-frontend-KGV2R5Z6.mjs");
+            const { GitHubFrontend } = await import("./github-frontend-TZRBOQCN.mjs");
             this.frontends.push(new GitHubFrontend());
           } else if (spec.name === "slack") {
             const { SlackFrontend } = await import("./slack-frontend-BPWXNIHE.mjs");
@@ -45,7 +45,7 @@ var init_host = __esm({
             const { TeamsFrontend } = await import("./teams-frontend-DNW5GZP3.mjs");
             this.frontends.push(new TeamsFrontend(spec.config));
           } else if (spec.name === "a2a") {
-            const { A2AFrontend } = await import("./a2a-frontend-MU5EO2HZ.mjs");
+            const { A2AFrontend } = await import("./a2a-frontend-6LWBIPMS.mjs");
             this.frontends.push(new A2AFrontend(spec.config));
           } else {
             this.log.warn(`[FrontendsHost] Unknown frontend '${spec.name}', skipping`);
@@ -84,4 +84,4 @@ export {
   FrontendsHost,
   isActiveFrontend
 };
-//# sourceMappingURL=host-X5ZZCEWN.mjs.map
+//# sourceMappingURL=host-T4LNVU2H.mjs.map

package/dist/sdk/{knex-store-QCEW4I4R.mjs → knex-store-OEWSZEBY.mjs} RENAMED Viewed

@@ -1,8 +1,8 @@
 import {
   init_logger,
   logger
-} from "./chunk-FT3I25QV.mjs";
-import "./chunk-UCMJJ3IM.mjs";
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
 import {
   __esm,
   __require
@@ -524,4 +524,4 @@ init_knex_store();
 export {
   KnexStoreBackend
 };
-//# sourceMappingURL=knex-store-QCEW4I4R.mjs.map
+//# sourceMappingURL=knex-store-OEWSZEBY.mjs.map

package/dist/sdk/lazy-otel-5RDTVS5L.mjs ADDED Viewed

@@ -0,0 +1,24 @@
+import {
+  DiagConsoleLogger,
+  DiagLogLevel,
+  SpanKind,
+  SpanStatusCode,
+  context,
+  diag,
+  init_lazy_otel,
+  metrics,
+  trace
+} from "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_lazy_otel();
+export {
+  DiagConsoleLogger,
+  DiagLogLevel,
+  SpanKind,
+  SpanStatusCode,
+  context,
+  diag,
+  metrics,
+  trace
+};
+//# sourceMappingURL=lazy-otel-5RDTVS5L.mjs.map

package/dist/sdk/liquid-extensions-E3AKRX7P.mjs ADDED Viewed

@@ -0,0 +1,25 @@
+import {
+  ReadFileTag,
+  configureLiquidWithExtensions,
+  createExtendedLiquid,
+  init_liquid_extensions,
+  sanitizeLabel,
+  sanitizeLabelList,
+  withPermissionsContext
+} from "./chunk-4BN2XI4X.mjs";
+import "./chunk-25IC7KXZ.mjs";
+import "./chunk-LW3INISN.mjs";
+import "./chunk-RI4ONH5X.mjs";
+import "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_liquid_extensions();
+export {
+  ReadFileTag,
+  configureLiquidWithExtensions,
+  createExtendedLiquid,
+  sanitizeLabel,
+  sanitizeLabelList,
+  withPermissionsContext
+};
+//# sourceMappingURL=liquid-extensions-E3AKRX7P.mjs.map

package/dist/sdk/{loader-ZNKKJEZ3.mjs → loader-WRGI244P.mjs} RENAMED Viewed

@@ -1,8 +1,8 @@
 import {
   init_logger,
   logger_exports
-} from "./chunk-FT3I25QV.mjs";
-import "./chunk-UCMJJ3IM.mjs";
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
 import {
   __esm,
   __toCommonJS
@@ -45,7 +45,7 @@ async function loadEnterprisePolicyEngine(config) {
         "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
       );
     }
-    const { OpaPolicyEngine } = await import("./opa-policy-engine-QCSSIMUF.mjs");
+    const { OpaPolicyEngine } = await import("./opa-policy-engine-IVMCGVNA.mjs");
     const engine = new OpaPolicyEngine(config);
     await engine.initialize(config);
     return engine;
@@ -73,7 +73,7 @@ async function loadEnterpriseStoreBackend(driver, storageConfig, haConfig) {
       "[visor:enterprise] License has expired but is within the 72-hour grace period. Please renew your license."
     );
   }
-  const { KnexStoreBackend } = await import("./knex-store-QCEW4I4R.mjs");
+  const { KnexStoreBackend } = await import("./knex-store-OEWSZEBY.mjs");
   return new KnexStoreBackend(driver, storageConfig, haConfig);
 }
 var init_loader = __esm({
@@ -86,4 +86,4 @@ export {
   loadEnterprisePolicyEngine,
   loadEnterpriseStoreBackend
 };
-//# sourceMappingURL=loader-ZNKKJEZ3.mjs.map
+//# sourceMappingURL=loader-WRGI244P.mjs.map

package/dist/sdk/memory-store-OHUIXCWJ.mjs ADDED Viewed

@@ -0,0 +1,12 @@
+import {
+  MemoryStore,
+  init_memory_store
+} from "./chunk-RI4ONH5X.mjs";
+import "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_memory_store();
+export {
+  MemoryStore
+};
+//# sourceMappingURL=memory-store-OHUIXCWJ.mjs.map

package/dist/sdk/metrics-MYUPQBBV.mjs ADDED Viewed

@@ -0,0 +1,41 @@
+import {
+  addDiagramBlock,
+  addFailIfTriggered,
+  addIssues,
+  decActiveCheck,
+  getRunAiCalls,
+  getTestMetricsSnapshot,
+  incActiveCheck,
+  init_metrics,
+  recordAiCall,
+  recordCheckDuration,
+  recordForEachDuration,
+  recordProviderDuration,
+  recordRunAiCalls,
+  recordRunDuration,
+  recordRunStart,
+  resetRunAiCalls,
+  resetTestMetricsSnapshot
+} from "./chunk-FWWLD555.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_metrics();
+export {
+  addDiagramBlock,
+  addFailIfTriggered,
+  addIssues,
+  decActiveCheck,
+  getRunAiCalls,
+  getTestMetricsSnapshot,
+  incActiveCheck,
+  recordAiCall,
+  recordCheckDuration,
+  recordForEachDuration,
+  recordProviderDuration,
+  recordRunAiCalls,
+  recordRunDuration,
+  recordRunStart,
+  resetRunAiCalls,
+  resetTestMetricsSnapshot
+};
+//# sourceMappingURL=metrics-MYUPQBBV.mjs.map

package/dist/sdk/{opa-policy-engine-QCSSIMUF.mjs → opa-policy-engine-IVMCGVNA.mjs} RENAMED Viewed

@@ -1,8 +1,8 @@
 import {
   init_logger,
   logger_exports
-} from "./chunk-FT3I25QV.mjs";
-import "./chunk-UCMJJ3IM.mjs";
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
 import {
   __esm,
   __require,
@@ -652,4 +652,4 @@ init_opa_policy_engine();
 export {
   OpaPolicyEngine
 };
-//# sourceMappingURL=opa-policy-engine-QCSSIMUF.mjs.map
+//# sourceMappingURL=opa-policy-engine-IVMCGVNA.mjs.map

package/dist/sdk/prompt-state-LN57DQF3.mjs ADDED Viewed

@@ -0,0 +1,16 @@
+import {
+  PromptStateManager,
+  getPromptStateManager,
+  init_prompt_state,
+  resetPromptStateManager
+} from "./chunk-MEB2TTIE.mjs";
+import "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_prompt_state();
+export {
+  PromptStateManager,
+  getPromptStateManager,
+  resetPromptStateManager
+};
+//# sourceMappingURL=prompt-state-LN57DQF3.mjs.map

package/dist/sdk/renderer-schema-BT2IXMLW.mjs ADDED Viewed

@@ -0,0 +1,51 @@
+import {
+  init_logger,
+  logger
+} from "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import {
+  __esm
+} from "./chunk-J7LXIPZS.mjs";
+// src/state-machine/dispatch/renderer-schema.ts
+async function loadRendererSchema(name) {
+  try {
+    const fs = await import("fs/promises");
+    const path = await import("path");
+    const sanitized = String(name).replace(/[^a-zA-Z0-9-]/g, "");
+    if (!sanitized) return void 0;
+    const candidates = [
+      // When bundled with ncc, __dirname is dist/ and output/ is at dist/output/
+      path.join(__dirname, "output", sanitized, "schema.json"),
+      // When running from source, __dirname is src/state-machine/dispatch/ and output/ is at output/
+      path.join(__dirname, "..", "..", "output", sanitized, "schema.json"),
+      // When running from a checkout with output/ folder copied to CWD
+      path.join(process.cwd(), "output", sanitized, "schema.json"),
+      // Fallback: cwd/dist/output/
+      path.join(process.cwd(), "dist", "output", sanitized, "schema.json")
+    ];
+    for (const p of candidates) {
+      try {
+        const raw = await fs.readFile(p, "utf-8");
+        return JSON.parse(raw);
+      } catch {
+      }
+    }
+  } catch (e) {
+    try {
+      logger.warn(`[schema-loader] Failed to load renderer schema '${name}': ${String(e)}`);
+    } catch {
+    }
+  }
+  return void 0;
+}
+var init_renderer_schema = __esm({
+  "src/state-machine/dispatch/renderer-schema.ts"() {
+    init_logger();
+  }
+});
+init_renderer_schema();
+export {
+  loadRendererSchema
+};
+//# sourceMappingURL=renderer-schema-BT2IXMLW.mjs.map

package/dist/sdk/renderer-schema-BT2IXMLW.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/state-machine/dispatch/renderer-schema.ts"],"sourcesContent":["import { logger } from '../../logger';\n\n/**\n * Load a built-in JSON Schema for a named renderer (e.g., \"code-review\",\n * \"issue-assistant\", \"overview\", \"plain\"). Returns undefined when not found.\n *\n * Mirrors template resolution in template-renderer.ts, but targets schema.json.\n */\nexport async function loadRendererSchema(name: string): Promise<any | undefined> {\n try {\n const fs = await import('fs/promises');\n const path = await import('path');\n const sanitized = String(name).replace(/[^a-zA-Z0-9-]/g, '');\n if (!sanitized) return undefined;\n\n const candidates = [\n // When bundled with ncc, __dirname is dist/ and output/ is at dist/output/\n path.join(__dirname, 'output', sanitized, 'schema.json'),\n // When running from source, __dirname is src/state-machine/dispatch/ and output/ is at output/\n path.join(__dirname, '..', '..', 'output', sanitized, 'schema.json'),\n // When running from a checkout with output/ folder copied to CWD\n path.join(process.cwd(), 'output', sanitized, 'schema.json'),\n // Fallback: cwd/dist/output/\n path.join(process.cwd(), 'dist', 'output', sanitized, 'schema.json'),\n ];\n\n for (const p of candidates) {\n try {\n const raw = await fs.readFile(p, 'utf-8');\n return JSON.parse(raw);\n } catch {}\n }\n } catch (e) {\n try {\n logger.warn(`[schema-loader] Failed to load renderer schema '${name}': ${String(e)}`);\n } catch {}\n }\n return undefined;\n}\n"],"mappings":";;;;;;;;;;AAQA,eAAsB,mBAAmB,MAAwC;AAC/E,MAAI;AACF,UAAM,KAAK,MAAM,OAAO,aAAa;AACrC,UAAM,OAAO,MAAM,OAAO,MAAM;AAChC,UAAM,YAAY,OAAO,IAAI,EAAE,QAAQ,kBAAkB,EAAE;AAC3D,QAAI,CAAC,UAAW,QAAO;AAEvB,UAAM,aAAa;AAAA;AAAA,MAEjB,KAAK,KAAK,WAAW,UAAU,WAAW,aAAa;AAAA;AAAA,MAEvD,KAAK,KAAK,WAAW,MAAM,MAAM,UAAU,WAAW,aAAa;AAAA;AAAA,MAEnE,KAAK,KAAK,QAAQ,IAAI,GAAG,UAAU,WAAW,aAAa;AAAA;AAAA,MAE3D,KAAK,KAAK,QAAQ,IAAI,GAAG,QAAQ,UAAU,WAAW,aAAa;AAAA,IACrE;AAEA,eAAW,KAAK,YAAY;AAC1B,UAAI;AACF,cAAM,MAAM,MAAM,GAAG,SAAS,GAAG,OAAO;AACxC,eAAO,KAAK,MAAM,GAAG;AAAA,MACvB,QAAQ;AAAA,MAAC;AAAA,IACX;AAAA,EACF,SAAS,GAAG;AACV,QAAI;AACF,aAAO,KAAK,mDAAmD,IAAI,MAAM,OAAO,CAAC,CAAC,EAAE;AAAA,IACtF,QAAQ;AAAA,IAAC;AAAA,EACX;AACA,SAAO;AACT;AAtCA;AAAA;AAAA;AAAA;AAAA;","names":[]}

package/dist/sdk/routing-H2PQ57OA.mjs ADDED Viewed

@@ -0,0 +1,26 @@
+import {
+  checkLoopBudget,
+  evaluateGoto,
+  evaluateTransitions,
+  handleRouting,
+  init_routing
+} from "./chunk-WKLJ57WF.mjs";
+import "./chunk-GA2TYKSR.mjs";
+import "./chunk-XOAEKFKB.mjs";
+import "./chunk-G7GSN3SK.mjs";
+import "./chunk-FWWLD555.mjs";
+import "./chunk-4BN2XI4X.mjs";
+import "./chunk-25IC7KXZ.mjs";
+import "./chunk-LW3INISN.mjs";
+import "./chunk-RI4ONH5X.mjs";
+import "./chunk-ZPYODGYA.mjs";
+import "./chunk-B2OUZAWY.mjs";
+import "./chunk-J7LXIPZS.mjs";
+init_routing();
+export {
+  checkLoopBudget,
+  evaluateGoto,
+  evaluateTransitions,
+  handleRouting
+};
+//# sourceMappingURL=routing-H2PQ57OA.mjs.map

package/dist/sdk/{routing-CVQT4KHX.mjs → routing-JMZ7HDCC.mjs} RENAMED Viewed

@@ -4,10 +4,10 @@ import {
   evaluateTransitions,
   handleRouting,
   init_routing
-} from "./chunk-ANUT54HW.mjs";
-import "./chunk-DHETLQIX.mjs";
-import "./chunk-7ERVRLDV.mjs";
-import "./chunk-QXT47ZHR.mjs";
+} from "./chunk-NPSLGKXB.mjs";
+import "./chunk-V45TITKX.mjs";
+import "./chunk-TFUQ2D5L.mjs";
+import "./chunk-MFXPJUUE.mjs";
 import "./chunk-34QX63WK.mjs";
 import "./chunk-PQWZ6NFL.mjs";
 import "./chunk-25IC7KXZ.mjs";
@@ -23,4 +23,4 @@ export {
   evaluateTransitions,
   handleRouting
 };
-//# sourceMappingURL=routing-CVQT4KHX.mjs.map
+//# sourceMappingURL=routing-JMZ7HDCC.mjs.map