npm - @quanta-intellect/vessel-browser - Versions diffs - 0.1.18 → 0.1.19 - Mend

@quanta-intellect/vessel-browser 0.1.18 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +17 -0
package/out/main/index.js +922 -291
package/out/preload/index.js +13 -0
package/out/renderer/assets/{index-DAaJOss-.js → index-CKOT_IZt.js} +947 -209
package/out/renderer/assets/{index-DMd-y6tm.css → index-DwRZftNk.css} +110 -0
package/out/renderer/index.html +2 -2
package/package.json +1 -1

package/out/main/index.js CHANGED Viewed

@@ -4,11 +4,11 @@ const fs$1 = require("node:fs");
 const path = require("path");
 const fs = require("fs");
 const crypto = require("crypto");
+const crypto$1 = require("node:crypto");
+const path$1 = require("node:path");
 const Anthropic = require("@anthropic-ai/sdk");
 const OpenAI = require("openai");
 const zod = require("zod");
-const path$1 = require("node:path");
-const crypto$1 = require("node:crypto");
 const http = require("node:http");
 const os = require("node:os");
 const mcp_js = require("@modelcontextprotocol/sdk/server/mcp.js");
@@ -1228,7 +1228,7 @@ function subscribe$1(listener) {
     listeners$1.delete(listener);
   };
 }
-function addEntry(url, title) {
+function addEntry$1(url, title) {
   if (!url || url === "about:blank") return;
   load$1();
   const last = state$2.entries[0];
@@ -1991,7 +1991,7 @@ class TabManager {
       },
       onPageLoad: (pageUrl, wc) => {
         this.reapplyHighlights(pageUrl, wc);
-        addEntry(pageUrl, wc.getTitle());
+        addEntry$1(pageUrl, wc.getTitle());
       },
       onHighlightSelection: (wc) => this.captureHighlightFromPage(wc),
       onHighlightRemove: (url2, text) => this.removeHighlightByText(url2, text),
@@ -2349,6 +2349,12 @@ const Channels = {
   PREMIUM_PORTAL: "premium:portal",
   PREMIUM_RESET: "premium:reset",
   PREMIUM_UPDATE: "premium:update",
+  // Agent Credential Vault
+  VAULT_LIST: "vault:list",
+  VAULT_ADD: "vault:add",
+  VAULT_UPDATE: "vault:update",
+  VAULT_REMOVE: "vault:remove",
+  VAULT_AUDIT_LOG: "vault:audit-log",
   // Window controls
   WINDOW_MINIMIZE: "window:minimize",
   WINDOW_MAXIMIZE: "window:maximize",
@@ -3184,6 +3190,309 @@ function addIfPresent(target, key, value) {
     target[key] = value;
   }
 }
+const VERIFICATION_API = process.env.VESSEL_PREMIUM_API || "https://vesselpremium.quantaintellect.com";
+const FREE_TOOL_ITERATION_LIMIT = 50;
+const REVALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+const OFFLINE_GRACE_PERIOD_MS = 7 * 24 * 60 * 60 * 1e3;
+const PREMIUM_TOOLS = /* @__PURE__ */ new Set([
+  "screenshot",
+  "save_session",
+  "load_session",
+  "list_sessions",
+  "delete_session",
+  "flow_start",
+  "flow_advance",
+  "flow_status",
+  "flow_end",
+  "metrics",
+  "extract_table",
+  "vault_login",
+  "vault_status",
+  "vault_totp"
+]);
+function isPremium() {
+  const { premium } = loadSettings();
+  if (premium.status === "active" || premium.status === "trialing") {
+    return true;
+  }
+  if (premium.validatedAt && premium.status !== "free") {
+    const lastValidated = new Date(premium.validatedAt).getTime();
+    if (Date.now() - lastValidated < OFFLINE_GRACE_PERIOD_MS) {
+      return true;
+    }
+  }
+  return false;
+}
+function getPremiumState() {
+  return { ...loadSettings().premium };
+}
+function getEffectiveMaxIterations() {
+  if (isPremium()) {
+    return loadSettings().maxToolIterations || 200;
+  }
+  return FREE_TOOL_ITERATION_LIMIT;
+}
+function resetPremium() {
+  const fresh = {
+    status: "free",
+    customerId: "",
+    email: "",
+    validatedAt: "",
+    expiresAt: ""
+  };
+  setSetting("premium", fresh);
+  return fresh;
+}
+function isToolGated(toolName) {
+  return PREMIUM_TOOLS.has(toolName) && !isPremium();
+}
+async function getCheckoutUrl(email) {
+  try {
+    const params = new URLSearchParams();
+    if (email) params.set("email", email);
+    const res = await fetch(`${VERIFICATION_API}/checkout?${params}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" }
+    });
+    if (!res.ok) {
+      const body = await res.text();
+      return { ok: false, error: body || `HTTP ${res.status}` };
+    }
+    const { url } = await res.json();
+    return { ok: true, url };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : "Failed to create checkout"
+    };
+  }
+}
+async function getPortalUrl() {
+  const { premium } = loadSettings();
+  if (!premium.customerId) {
+    return { ok: false, error: "No active subscription" };
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/portal`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ customerId: premium.customerId })
+    });
+    if (!res.ok) {
+      return { ok: false, error: `HTTP ${res.status}` };
+    }
+    const { url } = await res.json();
+    return { ok: true, url };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : "Failed to get portal URL"
+    };
+  }
+}
+async function verifySubscription(emailOrCustomerId) {
+  const current = loadSettings().premium;
+  const identifier = emailOrCustomerId || current.customerId || current.email;
+  if (!identifier) {
+    return current;
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ identifier })
+    });
+    if (!res.ok) {
+      console.warn("[Vessel Premium] Verification API returned", res.status);
+      return current;
+    }
+    const data = await res.json();
+    const updated = {
+      status: data.status,
+      customerId: data.customerId,
+      email: data.email,
+      validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      expiresAt: data.expiresAt
+    };
+    setSetting("premium", updated);
+    return updated;
+  } catch (err) {
+    console.warn("[Vessel Premium] Verification failed:", err);
+    return current;
+  }
+}
+async function activateWithEmail(email) {
+  if (!email.trim()) {
+    return { ok: false, state: getPremiumState(), error: "Email is required" };
+  }
+  const state2 = await verifySubscription(email.trim());
+  if (state2.status === "active" || state2.status === "trialing") {
+    return { ok: true, state: state2 };
+  }
+  return {
+    ok: false,
+    state: state2,
+    error: state2.status === "canceled" ? "Subscription is canceled. Resubscribe to continue." : state2.status === "past_due" ? "Subscription payment is past due. Update your payment method." : "No active subscription found for this email."
+  };
+}
+let revalidationTimer = null;
+function startBackgroundRevalidation() {
+  if (revalidationTimer) return;
+  const { premium } = loadSettings();
+  if (premium.customerId || premium.email) {
+    const lastValidated = premium.validatedAt ? new Date(premium.validatedAt).getTime() : 0;
+    if (Date.now() - lastValidated > REVALIDATION_INTERVAL_MS) {
+      void verifySubscription();
+    }
+  }
+  revalidationTimer = setInterval(() => {
+    const { premium: p } = loadSettings();
+    if (p.customerId || p.email) {
+      void verifySubscription();
+    }
+  }, REVALIDATION_INTERVAL_MS);
+}
+function stopBackgroundRevalidation() {
+  if (revalidationTimer) {
+    clearInterval(revalidationTimer);
+    revalidationTimer = null;
+  }
+}
+const POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "phc_OMeM3P5cxJwl14lOKxYad0Yre52xvjNfkLEFnPtXyM";
+const POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
+const BATCH_INTERVAL_MS = 6e4;
+const MAX_BATCH_SIZE = 50;
+function getDeviceIdPath() {
+  return path.join(electron.app.getPath("userData"), ".vessel-device-id");
+}
+let deviceId = null;
+function getDeviceId() {
+  if (deviceId) return deviceId;
+  const idPath = getDeviceIdPath();
+  try {
+    deviceId = fs.readFileSync(idPath, "utf-8").trim();
+    if (deviceId) return deviceId;
+  } catch {
+  }
+  deviceId = crypto.randomUUID();
+  try {
+    fs.mkdirSync(path.dirname(idPath), { recursive: true });
+    fs.writeFileSync(idPath, deviceId, "utf-8");
+  } catch {
+  }
+  return deviceId;
+}
+let eventQueue = [];
+let flushTimer = null;
+let sessionStartedAt = null;
+function isEnabled() {
+  if (POSTHOG_API_KEY === "YOUR_POSTHOG_KEY_HERE") return false;
+  return loadSettings().telemetryEnabled !== false;
+}
+function trackEvent(event, properties = {}) {
+  if (!isEnabled()) return;
+  eventQueue.push({
+    event,
+    properties: {
+      ...properties,
+      premium_status: isPremium() ? "premium" : "free",
+      app_version: electron.app.getVersion(),
+      platform: process.platform,
+      arch: process.arch
+    },
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  if (eventQueue.length >= MAX_BATCH_SIZE) {
+    void flush();
+  }
+}
+function trackToolCall(toolName, pageType) {
+  trackEvent("tool_called", {
+    tool_name: toolName,
+    page_type: "unknown"
+  });
+}
+function trackProviderConfigured(providerId) {
+  trackEvent("provider_configured", {
+    provider_id: providerId
+  });
+}
+function trackSettingChanged(key) {
+  trackEvent("setting_changed", { setting_key: key });
+}
+function trackApprovalModeChanged(mode) {
+  trackEvent("approval_mode_changed", { mode });
+}
+function trackBookmarkAction(action) {
+  trackEvent("bookmark_action", { action });
+}
+function trackVaultAction(action) {
+  trackEvent("vault_action", { action });
+}
+function trackExtractionFailed(domain, reason) {
+  trackEvent("extraction_failed", { domain, reason });
+}
+function trackPremiumFunnel(step, context) {
+  trackEvent("premium_funnel", { step, ...context });
+}
+function startTelemetry() {
+  if (!isEnabled()) return;
+  sessionStartedAt = Date.now();
+  trackEvent("app_launched", {
+    electron_version: process.versions.electron,
+    chrome_version: process.versions.chrome
+  });
+  flushTimer = setInterval(() => {
+    void flush();
+  }, BATCH_INTERVAL_MS);
+}
+function stopTelemetry() {
+  if (sessionStartedAt) {
+    const durationMinutes = Math.round(
+      (Date.now() - sessionStartedAt) / 6e4
+    );
+    trackEvent("app_session_ended", {
+      duration_minutes: durationMinutes
+    });
+    sessionStartedAt = null;
+  }
+  if (flushTimer) {
+    clearInterval(flushTimer);
+    flushTimer = null;
+  }
+  void flush();
+}
+async function flush() {
+  if (eventQueue.length === 0) return;
+  if (!isEnabled()) {
+    eventQueue = [];
+    return;
+  }
+  const batch = eventQueue.splice(0);
+  const distinctId = getDeviceId();
+  const payload = {
+    api_key: POSTHOG_API_KEY,
+    batch: batch.map((e) => ({
+      event: e.event,
+      properties: {
+        distinct_id: distinctId,
+        ...e.properties
+      },
+      timestamp: e.timestamp
+    }))
+  };
+  try {
+    await fetch(`${POSTHOG_HOST}/batch`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload)
+    });
+  } catch {
+    if (eventQueue.length < MAX_BATCH_SIZE * 2) {
+      eventQueue.unshift(...batch);
+    }
+  }
+}
 const EMPTY_PAGE_CONTENT = {
   title: "",
   content: "",
@@ -3229,7 +3538,7 @@ const DIRECT_EXTRACTION_SCRIPT = String.raw`
   (function() {
     // Time budget: stop expensive DOM traversals after this many ms so heavy
     // pages (Newegg, Wikipedia, etc.) don't stall the agent for 30-60s+.
-    var BUDGET_MS = 5000;
+    var BUDGET_MS = 8000;
     var _budgetStart = performance.now();
     function withinBudget() {
       return (performance.now() - _budgetStart) < BUDGET_MS;
@@ -4088,7 +4397,7 @@ const SAFE_EXTRACTION_SCRIPT = String.raw`
 function delay(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
-const EXECUTE_SCRIPT_TIMEOUT_MS = 1500;
+const EXECUTE_SCRIPT_TIMEOUT_MS = 3e3;
 async function waitForDomReady(webContents, timeoutMs = 1500) {
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
@@ -4204,7 +4513,25 @@ function mergePageContent(candidates, webContents) {
     url: mergedBase.url || webContents.getURL() || ""
   };
 }
-const EXTRACT_TIMEOUT_MS = 8e3;
+const EXTRACT_TIMEOUT_BASE_MS = 12e3;
+const EXTRACT_TIMEOUT_MAX_MS = 2e4;
+async function estimateExtractionTimeout(webContents) {
+  try {
+    const elementCount = await executeScript(
+      webContents,
+      `(function() { try { return document.querySelectorAll('*').length; } catch { return 0; } })()`
+    );
+    if (typeof elementCount === "number" && elementCount > 5e3) {
+      const extra = Math.min(
+        EXTRACT_TIMEOUT_MAX_MS - EXTRACT_TIMEOUT_BASE_MS,
+        Math.ceil((elementCount - 5e3) / 2e3) * 1e3
+      );
+      return EXTRACT_TIMEOUT_BASE_MS + extra;
+    }
+  } catch {
+  }
+  return EXTRACT_TIMEOUT_BASE_MS;
+}
 async function extractContentInner(webContents) {
   await waitForDomReady(webContents);
   const [preloadResult, directResult, safeResult] = await Promise.all([
@@ -4219,20 +4546,29 @@ async function extractContentInner(webContents) {
 }
 async function extractContent(webContents) {
   try {
+    const timeoutMs = await estimateExtractionTimeout(webContents);
     return await Promise.race([
       extractContentInner(webContents),
       new Promise(
         (_, reject) => setTimeout(
           () => reject(new Error("extractContent timeout")),
-          EXTRACT_TIMEOUT_MS
+          timeoutMs
         )
       )
     ]);
-  } catch {
+  } catch (err) {
+    const url = webContents.getURL() || "";
+    let domain = "unknown";
+    try {
+      domain = new URL(url).hostname;
+    } catch {
+    }
+    const reason = err instanceof Error ? err.message : "unknown";
+    trackExtractionFailed(domain, reason);
     return {
       ...EMPTY_PAGE_CONTENT,
       title: webContents.getTitle() || "",
-      url: webContents.getURL() || ""
+      url
     };
   }
 }
@@ -4399,298 +4735,217 @@ function setMcpHealth(update) {
   if ("activePort" in update) {
     state$1.mcp.activePort = update.activePort ?? null;
   }
-  if ("endpoint" in update) {
-    state$1.mcp.endpoint = update.endpoint ?? null;
-  }
-  const prevStatus = state$1.mcp.status;
-  state$1.mcp.status = update.status;
-  state$1.mcp.message = update.message;
-  if (prevStatus !== state$1.mcp.status) {
-    for (const listener of mcpStatusChangeListeners) {
-      listener(state$1.mcp.status);
-    }
-  }
-}
-const VERIFICATION_API = process.env.VESSEL_PREMIUM_API || "https://vesselpremium.quantaintellect.com";
-const FREE_TOOL_ITERATION_LIMIT = 50;
-const REVALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
-const OFFLINE_GRACE_PERIOD_MS = 7 * 24 * 60 * 60 * 1e3;
-const PREMIUM_TOOLS = /* @__PURE__ */ new Set([
-  "screenshot",
-  "save_session",
-  "load_session",
-  "list_sessions",
-  "delete_session",
-  "flow_start",
-  "flow_advance",
-  "flow_status",
-  "flow_end",
-  "metrics",
-  "extract_table"
-]);
-function isPremium() {
-  const { premium } = loadSettings();
-  if (premium.status === "active" || premium.status === "trialing") {
-    return true;
-  }
-  if (premium.validatedAt && premium.status !== "free") {
-    const lastValidated = new Date(premium.validatedAt).getTime();
-    if (Date.now() - lastValidated < OFFLINE_GRACE_PERIOD_MS) {
-      return true;
-    }
-  }
-  return false;
-}
-function getPremiumState() {
-  return { ...loadSettings().premium };
-}
-function getEffectiveMaxIterations() {
-  if (isPremium()) {
-    return loadSettings().maxToolIterations || 200;
-  }
-  return FREE_TOOL_ITERATION_LIMIT;
-}
-function resetPremium() {
-  const fresh = {
-    status: "free",
-    customerId: "",
-    email: "",
-    validatedAt: "",
-    expiresAt: ""
-  };
-  setSetting("premium", fresh);
-  return fresh;
-}
-function isToolGated(toolName) {
-  return PREMIUM_TOOLS.has(toolName) && !isPremium();
-}
-async function getCheckoutUrl(email) {
-  try {
-    const params = new URLSearchParams();
-    if (email) params.set("email", email);
-    const res = await fetch(`${VERIFICATION_API}/checkout?${params}`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" }
-    });
-    if (!res.ok) {
-      const body = await res.text();
-      return { ok: false, error: body || `HTTP ${res.status}` };
-    }
-    const { url } = await res.json();
-    return { ok: true, url };
-  } catch (err) {
-    return {
-      ok: false,
-      error: err instanceof Error ? err.message : "Failed to create checkout"
-    };
-  }
-}
-async function getPortalUrl() {
-  const { premium } = loadSettings();
-  if (!premium.customerId) {
-    return { ok: false, error: "No active subscription" };
-  }
-  try {
-    const res = await fetch(`${VERIFICATION_API}/portal`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ customerId: premium.customerId })
-    });
-    if (!res.ok) {
-      return { ok: false, error: `HTTP ${res.status}` };
-    }
-    const { url } = await res.json();
-    return { ok: true, url };
-  } catch (err) {
-    return {
-      ok: false,
-      error: err instanceof Error ? err.message : "Failed to get portal URL"
-    };
-  }
-}
-async function verifySubscription(emailOrCustomerId) {
-  const current = loadSettings().premium;
-  const identifier = emailOrCustomerId || current.customerId || current.email;
-  if (!identifier) {
-    return current;
-  }
-  try {
-    const res = await fetch(`${VERIFICATION_API}/verify`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ identifier })
-    });
-    if (!res.ok) {
-      console.warn("[Vessel Premium] Verification API returned", res.status);
-      return current;
-    }
-    const data = await res.json();
-    const updated = {
-      status: data.status,
-      customerId: data.customerId,
-      email: data.email,
-      validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
-      expiresAt: data.expiresAt
-    };
-    setSetting("premium", updated);
-    return updated;
-  } catch (err) {
-    console.warn("[Vessel Premium] Verification failed:", err);
-    return current;
-  }
-}
-async function activateWithEmail(email) {
-  if (!email.trim()) {
-    return { ok: false, state: getPremiumState(), error: "Email is required" };
-  }
-  const state2 = await verifySubscription(email.trim());
-  if (state2.status === "active" || state2.status === "trialing") {
-    return { ok: true, state: state2 };
-  }
-  return {
-    ok: false,
-    state: state2,
-    error: state2.status === "canceled" ? "Subscription is canceled. Resubscribe to continue." : state2.status === "past_due" ? "Subscription payment is past due. Update your payment method." : "No active subscription found for this email."
-  };
-}
-let revalidationTimer = null;
-function startBackgroundRevalidation() {
-  if (revalidationTimer) return;
-  const { premium } = loadSettings();
-  if (premium.customerId || premium.email) {
-    const lastValidated = premium.validatedAt ? new Date(premium.validatedAt).getTime() : 0;
-    if (Date.now() - lastValidated > REVALIDATION_INTERVAL_MS) {
-      void verifySubscription();
-    }
-  }
-  revalidationTimer = setInterval(() => {
-    const { premium: p } = loadSettings();
-    if (p.customerId || p.email) {
-      void verifySubscription();
-    }
-  }, REVALIDATION_INTERVAL_MS);
-}
-function stopBackgroundRevalidation() {
-  if (revalidationTimer) {
-    clearInterval(revalidationTimer);
-    revalidationTimer = null;
-  }
-}
-const POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "phc_OMeM3P5cxJwl14lOKxYad0Yre52xvjNfkLEFnPtXyM";
-const POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
-const BATCH_INTERVAL_MS = 6e4;
-const MAX_BATCH_SIZE = 50;
-function getDeviceIdPath() {
-  return path.join(electron.app.getPath("userData"), ".vessel-device-id");
-}
-let deviceId = null;
-function getDeviceId() {
-  if (deviceId) return deviceId;
-  const idPath = getDeviceIdPath();
-  try {
-    deviceId = fs.readFileSync(idPath, "utf-8").trim();
-    if (deviceId) return deviceId;
-  } catch {
-  }
-  deviceId = crypto.randomUUID();
-  try {
-    fs.mkdirSync(path.dirname(idPath), { recursive: true });
-    fs.writeFileSync(idPath, deviceId, "utf-8");
-  } catch {
+  if ("endpoint" in update) {
+    state$1.mcp.endpoint = update.endpoint ?? null;
+  }
+  const prevStatus = state$1.mcp.status;
+  state$1.mcp.status = update.status;
+  state$1.mcp.message = update.message;
+  if (prevStatus !== state$1.mcp.status) {
+    for (const listener of mcpStatusChangeListeners) {
+      listener(state$1.mcp.status);
+    }
   }
-  return deviceId;
 }
-let eventQueue = [];
-let flushTimer = null;
-let sessionStartedAt = null;
-function isEnabled() {
-  if (POSTHOG_API_KEY === "YOUR_POSTHOG_KEY_HERE") return false;
-  return loadSettings().telemetryEnabled !== false;
+const VAULT_FILENAME = "vessel-vault.enc";
+const KEY_FILENAME = "vessel-vault.key";
+const ALGORITHM = "aes-256-gcm";
+const IV_LENGTH = 12;
+const AUTH_TAG_LENGTH = 16;
+let cachedEntries = null;
+function getVaultDir() {
+  return electron.app.getPath("userData");
 }
-function trackEvent(event, properties = {}) {
-  if (!isEnabled()) return;
-  eventQueue.push({
-    event,
-    properties: {
-      ...properties,
-      premium_status: isPremium() ? "premium" : "free",
-      app_version: electron.app.getVersion(),
-      platform: process.platform,
-      arch: process.arch
-    },
-    timestamp: (/* @__PURE__ */ new Date()).toISOString()
-  });
-  if (eventQueue.length >= MAX_BATCH_SIZE) {
-    void flush();
-  }
+function getVaultPath() {
+  return path$1.join(getVaultDir(), VAULT_FILENAME);
 }
-function trackToolCall(toolName, pageType) {
-  trackEvent("tool_called", {
-    tool_name: toolName,
-    page_type: "unknown"
-  });
+function getKeyPath() {
+  return path$1.join(getVaultDir(), KEY_FILENAME);
 }
-function trackProviderConfigured(providerId) {
-  trackEvent("provider_configured", {
-    provider_id: providerId
-  });
+function getOrCreateEncryptionKey() {
+  const keyPath = getKeyPath();
+  if (fs$1.existsSync(keyPath)) {
+    const encryptedKey = fs$1.readFileSync(keyPath);
+    if (electron.safeStorage.isEncryptionAvailable()) {
+      return electron.safeStorage.decryptString ? Buffer.from(electron.safeStorage.decryptString(encryptedKey), "utf-8") : encryptedKey;
+    }
+    return encryptedKey;
+  }
+  const key = crypto$1.randomBytes(32);
+  fs$1.mkdirSync(path$1.dirname(keyPath), { recursive: true });
+  if (electron.safeStorage.isEncryptionAvailable()) {
+    const encrypted = electron.safeStorage.encryptString(key.toString("utf-8"));
+    fs$1.writeFileSync(keyPath, encrypted);
+  } else {
+    fs$1.writeFileSync(keyPath, key);
+    fs$1.chmodSync(keyPath, 384);
+  }
+  return key;
 }
-function startTelemetry() {
-  if (!isEnabled()) return;
-  sessionStartedAt = Date.now();
-  trackEvent("app_launched", {
-    electron_version: process.versions.electron,
-    chrome_version: process.versions.chrome
+function encrypt(plaintext) {
+  const key = getOrCreateEncryptionKey();
+  const iv = crypto$1.randomBytes(IV_LENGTH);
+  const cipher = crypto$1.createCipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH
   });
-  flushTimer = setInterval(() => {
-    void flush();
-  }, BATCH_INTERVAL_MS);
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf-8"),
+    cipher.final()
+  ]);
+  const authTag = cipher.getAuthTag();
+  return Buffer.concat([iv, authTag, encrypted]);
+}
+function decrypt(data) {
+  const key = getOrCreateEncryptionKey();
+  const iv = data.subarray(0, IV_LENGTH);
+  const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const ciphertext = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+  const decipher = crypto$1.createDecipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH
+  });
+  decipher.setAuthTag(authTag);
+  return decipher.update(ciphertext, void 0, "utf-8") + decipher.final("utf-8");
 }
-function stopTelemetry() {
-  if (sessionStartedAt) {
-    const durationMinutes = Math.round(
-      (Date.now() - sessionStartedAt) / 6e4
-    );
-    trackEvent("app_session_ended", {
-      duration_minutes: durationMinutes
-    });
-    sessionStartedAt = null;
+function loadVault() {
+  if (cachedEntries) return cachedEntries;
+  const vaultPath = getVaultPath();
+  if (!fs$1.existsSync(vaultPath)) {
+    cachedEntries = [];
+    return cachedEntries;
   }
-  if (flushTimer) {
-    clearInterval(flushTimer);
-    flushTimer = null;
+  try {
+    const raw = fs$1.readFileSync(vaultPath);
+    const json = decrypt(raw);
+    cachedEntries = JSON.parse(json);
+    return cachedEntries;
+  } catch (err) {
+    console.error("[Vessel Vault] Failed to load vault:", err);
+    cachedEntries = [];
+    return cachedEntries;
+  }
+}
+function saveVault(entries) {
+  const json = JSON.stringify(entries, null, 2);
+  const encrypted = encrypt(json);
+  const vaultPath = getVaultPath();
+  fs$1.mkdirSync(path$1.dirname(vaultPath), { recursive: true });
+  fs$1.writeFileSync(vaultPath, encrypted);
+  fs$1.chmodSync(vaultPath, 384);
+  cachedEntries = entries;
+}
+function domainMatches(pattern, hostname) {
+  const p = pattern.toLowerCase().trim();
+  const h = hostname.toLowerCase().trim();
+  if (p === h) return true;
+  if (p.startsWith("*.")) {
+    const suffix = p.slice(2);
+    return h === suffix || h.endsWith("." + suffix);
   }
-  void flush();
+  return false;
 }
-async function flush() {
-  if (eventQueue.length === 0) return;
-  if (!isEnabled()) {
-    eventQueue = [];
-    return;
+function listEntries() {
+  return loadVault().map(({ password, totpSecret, ...rest }) => rest);
+}
+function findEntriesForDomain(url) {
+  let hostname;
+  try {
+    hostname = new URL(url).hostname;
+  } catch {
+    return [];
   }
-  const batch = eventQueue.splice(0);
-  const distinctId = getDeviceId();
-  const payload = {
-    api_key: POSTHOG_API_KEY,
-    batch: batch.map((e) => ({
-      event: e.event,
-      properties: {
-        distinct_id: distinctId,
-        ...e.properties
-      },
-      timestamp: e.timestamp
-    }))
+  return loadVault().filter((e) => domainMatches(e.domainPattern, hostname)).map(({ password, totpSecret, ...rest }) => rest);
+}
+function addEntry(entry) {
+  const entries = loadVault();
+  const newEntry = {
+    ...entry,
+    id: crypto$1.randomUUID(),
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    useCount: 0
   };
+  entries.push(newEntry);
+  saveVault(entries);
+  return newEntry;
+}
+function updateEntry(id, updates) {
+  const entries = loadVault();
+  const idx = entries.findIndex((e) => e.id === id);
+  if (idx === -1) return null;
+  entries[idx] = { ...entries[idx], ...updates };
+  saveVault(entries);
+  return entries[idx];
+}
+function removeEntry(id) {
+  const entries = loadVault();
+  const idx = entries.findIndex((e) => e.id === id);
+  if (idx === -1) return false;
+  entries.splice(idx, 1);
+  saveVault(entries);
+  return true;
+}
+function recordUsage(id) {
+  const entries = loadVault();
+  const entry = entries.find((e) => e.id === id);
+  if (!entry) return;
+  entry.lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
+  entry.useCount += 1;
+  saveVault(entries);
+}
+function getCredential(id) {
+  const entry = loadVault().find((e) => e.id === id);
+  if (!entry) return null;
+  return { username: entry.username, password: entry.password };
+}
+function getTotpSecret(id) {
+  const entry = loadVault().find((e) => e.id === id);
+  return entry?.totpSecret ?? null;
+}
+function generateTotpCode(secret) {
+  const epoch = Math.floor(Date.now() / 1e3);
+  const counter = Math.floor(epoch / 30);
+  const base32Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+  const cleanSecret = secret.replace(/[\s=-]/g, "").toUpperCase();
+  let bits = "";
+  for (const ch of cleanSecret) {
+    const val = base32Chars.indexOf(ch);
+    if (val === -1) continue;
+    bits += val.toString(2).padStart(5, "0");
+  }
+  const keyBytes = Buffer.alloc(Math.floor(bits.length / 8));
+  for (let i = 0; i < keyBytes.length; i++) {
+    keyBytes[i] = parseInt(bits.slice(i * 8, i * 8 + 8), 2);
+  }
+  const counterBuf = Buffer.alloc(8);
+  counterBuf.writeUInt32BE(Math.floor(counter / 4294967296), 0);
+  counterBuf.writeUInt32BE(counter & 4294967295, 4);
+  const hmac = crypto$1.createHmac("sha1", keyBytes).update(counterBuf).digest();
+  const offset = hmac[hmac.length - 1] & 15;
+  const code = (hmac[offset] & 127) << 24 | (hmac[offset + 1] & 255) << 16 | (hmac[offset + 2] & 255) << 8 | hmac[offset + 3] & 255;
+  return (code % 1e6).toString().padStart(6, "0");
+}
+const AUDIT_FILENAME = "vessel-vault-audit.jsonl";
+const MAX_ENTRIES = 1e3;
+function getAuditPath() {
+  return path$1.join(electron.app.getPath("userData"), AUDIT_FILENAME);
+}
+function appendAuditEntry(entry) {
   try {
-    await fetch(`${POSTHOG_HOST}/batch`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(payload)
-    });
-  } catch {
-    if (eventQueue.length < MAX_BATCH_SIZE * 2) {
-      eventQueue.unshift(...batch);
-    }
+    const auditPath = getAuditPath();
+    fs$1.mkdirSync(path$1.dirname(auditPath), { recursive: true });
+    fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n");
+  } catch (err) {
+    console.error("[Vessel Vault] Failed to write audit log:", err);
+  }
+}
+function readAuditLog(limit = 100) {
+  try {
+    const auditPath = getAuditPath();
+    if (!fs$1.existsSync(auditPath)) return [];
+    const lines = fs$1.readFileSync(auditPath, "utf-8").split("\n").filter((l) => l.trim());
+    return lines.slice(-Math.min(limit, MAX_ENTRIES)).map((line) => JSON.parse(line)).reverse();
+  } catch (err) {
+    console.error("[Vessel Vault] Failed to read audit log:", err);
+    return [];
   }
 }
 function isRichToolResult(value) {
@@ -4811,7 +5066,8 @@ class AnthropicProvider {
                 toolUseBlocks.push({
                   id: currentToolUse.id,
                   name: currentToolUse.name,
-                  input: {}
+                  input: {},
+                  _malformedArgs: currentToolUse.inputJson
                 });
               }
               currentToolUse = null;
@@ -4839,6 +5095,18 @@ class AnthropicProvider {
         }
         const toolResults = [];
         for (const tb of toolUseBlocks) {
+          if (tb._malformedArgs !== void 0) {
+            onChunk(`
+<<tool:${tb.name}:⚠ invalid args>>
+`);
+            toolResults.push({
+              type: "tool_result",
+              tool_use_id: tb.id,
+              content: `Error: Invalid JSON in tool arguments — could not parse. Please retry with valid JSON. Raw input: ${tb._malformedArgs.slice(0, 200)}`,
+              is_error: true
+            });
+            continue;
+          }
           const argSummary = tb.input.url || tb.input.text || tb.input.direction || "";
           onChunk(`
 <<tool:${tb.name}${argSummary ? ":" + argSummary : ""}>>
@@ -5103,10 +5371,12 @@ class OpenAICompatProvider {
         for (const tc of Object.values(toolCallAccums)) {
           if (!tc.id) tc.id = `call_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
         }
+        const malformedToolCalls = /* @__PURE__ */ new Set();
         for (const tc of toolCalls) {
           try {
             JSON.parse(tc.argsJson || "{}");
           } catch {
+            malformedToolCalls.add(tc.id);
             tc.argsJson = "{}";
           }
         }
@@ -5124,6 +5394,17 @@ class OpenAICompatProvider {
         messages.push(assistantMsg);
         if (toolCalls.length === 0) break;
         for (const tc of toolCalls) {
+          if (malformedToolCalls.has(tc.id)) {
+            onChunk(`
+<<tool:${tc.name}:⚠ invalid args>>
+`);
+            messages.push({
+              role: "tool",
+              tool_call_id: tc.id,
+              content: `Error: Invalid JSON in tool arguments. The arguments could not be parsed. Please retry with valid JSON.`
+            });
+            continue;
+          }
           let args = {};
           try {
             args = JSON.parse(tc.argsJson || "{}");
@@ -5134,7 +5415,7 @@ class OpenAICompatProvider {
             messages.push({
               role: "tool",
               tool_call_id: tc.id,
-              content: `Error: Invalid JSON in tool arguments. Please retry with valid JSON. Raw: ${tc.argsJson}`
+              content: `Error: Invalid JSON in tool arguments. Please retry with valid JSON.`
             });
             continue;
           }
@@ -13183,6 +13464,41 @@ Exception: ${result.exceptionDetails}`);
     }
   );
 }
+const sessionTrustedDomains = /* @__PURE__ */ new Set();
+async function requestConsent(request) {
+  const domain = request.domain.toLowerCase();
+  if (sessionTrustedDomains.has(domain)) {
+    return { approved: true, trustForSession: true };
+  }
+  const focusedWindow = electron.BrowserWindow.getFocusedWindow();
+  const { response } = await electron.dialog.showMessageBox(
+    focusedWindow ?? (electron.BrowserWindow.getAllWindows()[0] || null),
+    {
+      type: "question",
+      title: "Agent Credential Access",
+      message: `Agent wants to sign in to ${request.domain}`,
+      detail: [
+        `Credential: ${request.credentialLabel}`,
+        `Username: ${request.username}`,
+        "",
+        "The agent is requesting to fill a login form with stored credentials.",
+        "Credential values will NOT be sent to the AI provider."
+      ].join("\n"),
+      buttons: ["Deny", "Allow Once", "Allow for Session"],
+      defaultId: 1,
+      cancelId: 0,
+      noLink: true
+    }
+  );
+  if (response === 0) {
+    return { approved: false, trustForSession: false };
+  }
+  const trustForSession = response === 2;
+  if (trustForSession) {
+    sessionTrustedDomains.add(domain);
+  }
+  return { approved: true, trustForSession };
+}
 let httpServer = null;
 let mcpAuthToken = null;
 function asTextResponse(text) {
@@ -17332,6 +17648,244 @@ ${JSON.stringify(tableJson, null, 2)}`;
       );
     }
   );
+  server.registerTool(
+    "vessel_vault_status",
+    {
+      title: "Check Vault Credentials",
+      description: "Check whether stored credentials exist for a domain. Returns credential labels and usernames but NEVER password values. Use this before vault_login to verify credentials are available.",
+      inputSchema: {
+        domain: zod.z.string().describe(
+          "The domain to check credentials for (e.g. 'github.com'). If omitted, checks the active tab's domain."
+        ).optional()
+      }
+    },
+    async ({ domain }) => {
+      let targetDomain = domain;
+      if (!targetDomain) {
+        const tab = tabManager.getActiveTab();
+        if (!tab) return asTextResponse("Error: No active tab and no domain specified");
+        try {
+          targetDomain = new URL(tab.state.url).hostname;
+        } catch {
+          return asTextResponse("Error: Could not parse active tab URL");
+        }
+      }
+      const matches = findEntriesForDomain(
+        targetDomain.includes("://") ? targetDomain : `https://${targetDomain}`
+      );
+      if (matches.length === 0) {
+        return asTextResponse(
+          `No stored credentials found for ${targetDomain}. The user needs to add credentials in Settings > Agent Credential Vault before the agent can log in.`
+        );
+      }
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: matches[0].id,
+        credentialLabel: matches[0].label,
+        domain: targetDomain,
+        action: "status_check",
+        approved: true
+      });
+      const summary = matches.map((m) => `  - "${m.label}" (${m.username})`).join("\n");
+      return asTextResponse(
+        `Found ${matches.length} credential(s) for ${targetDomain}:
+${summary}
+Use vessel_vault_login to fill the login form. Credentials are filled directly — you will NOT see the password values.`
+      );
+    }
+  );
+  server.registerTool(
+    "vessel_vault_login",
+    {
+      title: "Fill Login with Vault Credentials",
+      description: "Fill a login form on the current page using stored credentials from the Agent Credential Vault. The credential values are filled directly into the page — they are NEVER returned in this response. The user will see a consent dialog before credentials are used.",
+      inputSchema: {
+        credential_label: zod.z.string().optional().describe(
+          "Label of the credential to use. If omitted, uses the first matching credential for the current domain."
+        ),
+        username_index: zod.z.number().optional().describe(
+          "Element index of the username/email input field from read_page."
+        ),
+        password_index: zod.z.number().optional().describe(
+          "Element index of the password input field from read_page."
+        ),
+        submit_after: zod.z.boolean().optional().describe(
+          "Whether to click the submit button after filling credentials. Defaults to false."
+        ),
+        submit_index: zod.z.number().optional().describe(
+          "Element index of the submit button. Required if submit_after is true."
+        )
+      }
+    },
+    async ({
+      credential_label,
+      username_index,
+      password_index,
+      submit_after,
+      submit_index
+    }) => {
+      const tab = tabManager.getActiveTab();
+      if (!tab) return asTextResponse("Error: No active tab");
+      const wc = tab.view.webContents;
+      let hostname;
+      try {
+        hostname = new URL(tab.state.url).hostname;
+      } catch {
+        return asTextResponse("Error: Could not parse active tab URL");
+      }
+      const matches = findEntriesForDomain(`https://${hostname}`);
+      if (matches.length === 0) {
+        return asTextResponse(
+          `No stored credentials for ${hostname}. The user needs to add credentials in Settings > Agent Credential Vault.`
+        );
+      }
+      const match = credential_label ? matches.find(
+        (m) => m.label.toLowerCase() === credential_label.toLowerCase()
+      ) : matches[0];
+      if (!match) {
+        return asTextResponse(
+          `No credential named "${credential_label}" found for ${hostname}. Available: ${matches.map((m) => m.label).join(", ")}`
+        );
+      }
+      const consent = await requestConsent({
+        credentialLabel: match.label,
+        username: match.username,
+        domain: hostname
+      });
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: match.id,
+        credentialLabel: match.label,
+        domain: hostname,
+        action: "login_fill",
+        approved: consent.approved
+      });
+      if (!consent.approved) {
+        return asTextResponse(
+          `User denied credential access for ${hostname}. The agent should not retry without being asked.`
+        );
+      }
+      const creds = getCredential(match.id);
+      if (!creds) {
+        return asTextResponse("Error: Credential not found in vault");
+      }
+      const results = [];
+      if (username_index != null) {
+        const usernameResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${username_index}, "value", ${JSON.stringify(creds.username)}) || "Error: interactByIndex not available"`
+        );
+        results.push(`Username: ${usernameResult}`);
+      }
+      if (password_index != null) {
+        const passwordResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${password_index}, "value", ${JSON.stringify(creds.password)}) || "Error: interactByIndex not available"`
+        );
+        results.push(`Password: ${passwordResult.replace(/Typed into:.*/, "Typed into: [password field]")}`);
+      }
+      recordUsage(match.id);
+      trackVaultAction("login_fill");
+      if (submit_after && submit_index != null) {
+        const submitResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${submit_index}, "click") || "Error: interactByIndex not available"`
+        );
+        results.push(`Submit: ${submitResult}`);
+      }
+      return asTextResponse(
+        [
+          `Login form filled for ${hostname} using credential "${match.label}".`,
+          ...results,
+          "",
+          "Note: Credential values were filled directly into the page. They are NOT included in this response."
+        ].join("\n")
+      );
+    }
+  );
+  server.registerTool(
+    "vessel_vault_totp",
+    {
+      title: "Fill TOTP Code from Vault",
+      description: "Generate a TOTP 2FA code from a stored secret and fill it into a code input field. The TOTP secret and generated code are NEVER returned — only filled directly into the page.",
+      inputSchema: {
+        credential_label: zod.z.string().optional().describe(
+          "Label of the credential whose TOTP secret to use. If omitted, uses the first matching credential with a TOTP secret."
+        ),
+        code_index: zod.z.number().describe(
+          "Element index of the TOTP/2FA code input field from read_page."
+        ),
+        submit_after: zod.z.boolean().optional().describe("Whether to click submit after filling the code."),
+        submit_index: zod.z.number().optional().describe("Element index of the submit button.")
+      }
+    },
+    async ({ credential_label, code_index, submit_after, submit_index }) => {
+      const tab = tabManager.getActiveTab();
+      if (!tab) return asTextResponse("Error: No active tab");
+      const wc = tab.view.webContents;
+      let hostname;
+      try {
+        hostname = new URL(tab.state.url).hostname;
+      } catch {
+        return asTextResponse("Error: Could not parse active tab URL");
+      }
+      const matches = findEntriesForDomain(`https://${hostname}`);
+      const match = credential_label ? matches.find(
+        (m) => m.label.toLowerCase() === credential_label.toLowerCase()
+      ) : matches.find((m) => {
+        const secret2 = getTotpSecret(m.id);
+        return secret2 != null;
+      });
+      if (!match) {
+        return asTextResponse(
+          `No credential with TOTP secret found for ${hostname}.`
+        );
+      }
+      const secret = getTotpSecret(match.id);
+      if (!secret) {
+        return asTextResponse(
+          `Credential "${match.label}" does not have a TOTP secret configured.`
+        );
+      }
+      const consent = await requestConsent({
+        credentialLabel: match.label,
+        username: match.username,
+        domain: hostname
+      });
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: match.id,
+        credentialLabel: match.label,
+        domain: hostname,
+        action: "totp_generate",
+        approved: consent.approved
+      });
+      if (!consent.approved) {
+        return asTextResponse(
+          `User denied TOTP access for ${hostname}.`
+        );
+      }
+      const code = generateTotpCode(secret);
+      const fillResult = await wc.executeJavaScript(
+        `window.__vessel?.interactByIndex?.(${code_index}, "value", ${JSON.stringify(code)}) || "Error: interactByIndex not available"`
+      );
+      recordUsage(match.id);
+      trackVaultAction("totp_fill");
+      const results = [`2FA code filled: ${fillResult.replace(/Typed into:.*/, "Typed into: [2FA field]")}`];
+      if (submit_after && submit_index != null) {
+        const submitResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${submit_index}, "click") || "Error: interactByIndex not available"`
+        );
+        results.push(`Submit: ${submitResult}`);
+      }
+      return asTextResponse(
+        [
+          `TOTP code filled for ${hostname} using credential "${match.label}".`,
+          ...results,
+          "",
+          "Note: The TOTP code was filled directly into the page. It is NOT included in this response."
+        ].join("\n")
+      );
+    }
+  );
   server.registerTool(
     "vessel_metrics",
     {
@@ -17648,6 +18202,16 @@ function stopMcpServer() {
   });
 }
 let activeChatProvider = null;
+function assertString(value, name) {
+  if (typeof value !== "string") throw new Error(`${name} must be a string`);
+}
+function assertOptionalString(value, name) {
+  if (value !== void 0 && typeof value !== "string") throw new Error(`${name} must be a string`);
+}
+function assertNumber(value, name) {
+  if (typeof value !== "number" || Number.isNaN(value)) throw new Error(`${name} must be a number`);
+}
+const VALID_APPROVAL_MODES = /* @__PURE__ */ new Set(["auto", "confirm-dangerous", "manual"]);
 function registerIpcHandlers(windowState, runtime2) {
   const { tabManager, chromeView, sidebarView, devtoolsPanelView, mainWindow } = windowState;
   const sendToRendererViews = (channel, ...args) => {
@@ -17672,6 +18236,8 @@ function registerIpcHandlers(windowState, runtime2) {
     layoutViews(windowState);
   });
   electron.ipcMain.handle(Channels.TAB_NAVIGATE, (_, id, url) => {
+    assertString(id, "tabId");
+    assertString(url, "url");
     tabManager.navigateTab(id, url);
   });
   electron.ipcMain.handle(Channels.TAB_BACK, (_, id) => {
@@ -17723,6 +18289,9 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   electron.ipcMain.handle(Channels.AI_FETCH_MODELS, async (_, config) => {
     try {
+      if (!config || typeof config !== "object" || !("id" in config)) {
+        return { ok: false, models: [], error: "Invalid provider configuration" };
+      }
       const models = await fetchProviderModels(config);
       return { ok: true, models };
     } catch (err) {
@@ -17766,6 +18335,7 @@ function registerIpcHandlers(windowState, runtime2) {
     windowState.sidebarView.setBounds({ x: 0, y: 0, width, height });
   });
   electron.ipcMain.handle(Channels.SIDEBAR_RESIZE, (_, width) => {
+    assertNumber(width, "width");
     const clamped = Math.max(240, Math.min(800, Math.round(width)));
     windowState.uiState.sidebarWidth = clamped;
     return clamped;
@@ -17789,11 +18359,13 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   electron.ipcMain.handle(Channels.SETTINGS_HEALTH_GET, () => getRuntimeHealth());
   electron.ipcMain.handle(Channels.SETTINGS_SET, async (_, key, value) => {
+    assertString(key, "key");
     if (!SETTABLE_KEYS.has(key)) {
       throw new Error(`Unknown setting key: ${key}`);
     }
     const settingsKey = key;
     const updatedSettings = setSetting(settingsKey, value);
+    trackSettingChanged(key);
     if (key === "approvalMode") {
       runtime2.setApprovalMode(value);
     }
@@ -17810,6 +18382,11 @@ function registerIpcHandlers(windowState, runtime2) {
   electron.ipcMain.handle(
     Channels.AGENT_SET_APPROVAL_MODE,
     (_, mode) => {
+      assertString(mode, "mode");
+      if (!VALID_APPROVAL_MODES.has(mode)) {
+        throw new Error(`Invalid approval mode: ${mode}`);
+      }
+      trackApprovalModeChanged(mode);
       setSetting("approvalMode", mode);
       return runtime2.setApprovalMode(mode);
     }
@@ -17840,17 +18417,23 @@ function registerIpcHandlers(windowState, runtime2) {
   electron.ipcMain.handle(
     Channels.FOLDER_CREATE,
     (_, name, summary) => {
+      trackBookmarkAction("folder_create");
       return createFolderWithSummary(name, summary);
     }
   );
   electron.ipcMain.handle(
     Channels.BOOKMARK_SAVE,
-    (_, url, title, folderId, note) => saveBookmark(url, title, folderId, note)
+    (_, url, title, folderId, note) => {
+      trackBookmarkAction("save");
+      return saveBookmark(url, title, folderId, note);
+    }
   );
   electron.ipcMain.handle(Channels.BOOKMARK_REMOVE, (_, id) => {
+    trackBookmarkAction("remove");
     return removeBookmark(id);
   });
   electron.ipcMain.handle(Channels.FOLDER_REMOVE, (_, id) => {
+    trackBookmarkAction("folder_remove");
     return removeFolder(id);
   });
   electron.ipcMain.handle(
@@ -18002,13 +18585,22 @@ function registerIpcHandlers(windowState, runtime2) {
     return getPremiumState();
   });
   electron.ipcMain.handle(Channels.PREMIUM_ACTIVATE, async (_, email) => {
+    assertString(email, "email");
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) {
+      return { ok: false, state: getPremiumState(), error: "Invalid email format" };
+    }
+    trackPremiumFunnel("activation_attempted");
     const result = await activateWithEmail(email);
     if (result.ok) {
+      trackPremiumFunnel("activation_succeeded", { status: result.state.status });
       sendToRendererViews(Channels.PREMIUM_UPDATE, result.state);
+    } else {
+      trackPremiumFunnel("activation_failed", { status: result.state.status });
     }
     return result;
   });
   electron.ipcMain.handle(Channels.PREMIUM_CHECKOUT, async (_, email) => {
+    trackPremiumFunnel("checkout_clicked");
     const result = await getCheckoutUrl(email);
     if (result.ok && result.url) {
       tabManager.createTab(result.url);
@@ -18016,17 +18608,56 @@ function registerIpcHandlers(windowState, runtime2) {
     return result;
   });
   electron.ipcMain.handle(Channels.PREMIUM_RESET, () => {
+    trackPremiumFunnel("reset");
     const state2 = resetPremium();
     sendToRendererViews(Channels.PREMIUM_UPDATE, state2);
     return state2;
   });
   electron.ipcMain.handle(Channels.PREMIUM_PORTAL, async () => {
+    trackPremiumFunnel("portal_opened");
     const result = await getPortalUrl();
     if (result.ok && result.url) {
       tabManager.createTab(result.url);
     }
     return result;
   });
+  electron.ipcMain.handle(Channels.VAULT_LIST, () => {
+    return listEntries();
+  });
+  electron.ipcMain.handle(
+    Channels.VAULT_ADD,
+    (_, entry) => {
+      if (!entry || typeof entry !== "object") throw new Error("Invalid vault entry");
+      assertString(entry.label, "label");
+      assertString(entry.domainPattern, "domainPattern");
+      assertString(entry.username, "username");
+      assertString(entry.password, "password");
+      if (!entry.label.trim() || !entry.domainPattern.trim() || !entry.username.trim() || !entry.password.trim()) {
+        throw new Error("Label, domain, username, and password are required");
+      }
+      assertOptionalString(entry.totpSecret, "totpSecret");
+      assertOptionalString(entry.notes, "notes");
+      trackVaultAction("credential_added");
+      const created = addEntry(entry);
+      return { id: created.id, label: created.label, domainPattern: created.domainPattern, username: created.username };
+    }
+  );
+  electron.ipcMain.handle(
+    Channels.VAULT_UPDATE,
+    (_, id, updates) => {
+      assertString(id, "id");
+      if (!updates || typeof updates !== "object") throw new Error("Invalid updates");
+      return updateEntry(id, updates) !== null;
+    }
+  );
+  electron.ipcMain.handle(Channels.VAULT_REMOVE, (_, id) => {
+    assertString(id, "id");
+    trackVaultAction("credential_removed");
+    return removeEntry(id);
+  });
+  electron.ipcMain.handle(Channels.VAULT_AUDIT_LOG, (_, limit) => {
+    return readAuditLog(limit);
+  });
   electron.ipcMain.handle(Channels.WINDOW_MINIMIZE, () => {
     mainWindow.minimize();
   });