@quireco/cli 0.0.8 → 0.0.9

package/dist/cli-vr0Pht7B.mjs

@@ -1,2519 +0,0 @@
-import { createMain, defineCommand, runCommand, showUsage } from "citty";
-import { isCancel, log, note, spinner, text } from "@clack/prompts";
-import { loginGitHubCopilot, loginOpenAICodex } from "@earendil-works/pi-ai/oauth";
-import { AuthStorage } from "@earendil-works/pi-coding-agent";
-import { execFile, spawn } from "node:child_process";
-import pc from "picocolors";
-import { homedir } from "node:os";
-import { basename, dirname, join, relative, resolve } from "node:path";
-import "@earendil-works/pi-ai";
-import "@earendil-works/pi-ai/openai-completions";
-import { access, constants, mkdir, readFile, unlink, writeFile } from "node:fs/promises";
-import { closeSync, existsSync, fsyncSync, mkdirSync, openSync, readFileSync, readdirSync, renameSync, writeFileSync } from "node:fs";
-import { Type } from "@sinclair/typebox";
-import { Value } from "@sinclair/typebox/value";
-import { promisify } from "node:util";
-import { createHash, randomBytes } from "node:crypto";
-import { cwd } from "process";
-//#region src/auth/open-browser.ts
-async function openBrowser(url) {
-	const command = browserCommand(url);
-	if (command === null) return false;
-	return new Promise((resolve) => {
-		const child = spawn(command.command, command.args, {
-			detached: true,
-			stdio: "ignore",
-			shell: false
-		});
-		child.once("error", () => resolve(false));
-		child.once("spawn", () => {
-			child.unref();
-			resolve(true);
-		});
-	});
-}
-function browserCommand(url) {
-	if (process.platform === "darwin") return {
-		command: "open",
-		args: [url]
-	};
-	if (process.platform === "win32") return {
-		command: "cmd",
-		args: [
-			"/c",
-			"start",
-			"",
-			url
-		]
-	};
-	return {
-		command: "xdg-open",
-		args: [url]
-	};
-}
-//#endregion
-//#region src/exit-codes.ts
-const ExitCode = {
-	Success: 0,
-	InternalError: 1,
-	InvalidInput: 2,
-	AuthFailure: 10,
-	NetworkFailure: 11
-};
-var CliError = class extends Error {
-	constructor(message, exitCode = ExitCode.InternalError) {
-		super(message);
-		this.exitCode = exitCode;
-		this.name = "CliError";
-	}
-};
-function readExitCode(error) {
-	return error instanceof CliError ? error.exitCode : ExitCode.InternalError;
-}
-function toOneLineError(error) {
-	return (error instanceof Error ? error.message : String(error)).replace(/\s+/g, " ").trim() || "unknown error";
-}
-//#endregion
-//#region src/output.ts
-function writeLine(output, message = "") {
-	output?.write(`${message}\n`);
-}
-function writeJson(output, value) {
-	writeLine(output, JSON.stringify(value));
-}
-const color = {
-	heading(value) {
-		return pc.bold(value);
-	},
-	label(value) {
-		return pc.gray(value);
-	},
-	success(value) {
-		return pc.green(value);
-	},
-	warn(value) {
-		return pc.yellow(value);
-	},
-	error(value) {
-		return pc.red(value);
-	},
-	info(value) {
-		return pc.cyan(value);
-	},
-	path(value) {
-		return pc.dim(value);
-	},
-	command(value) {
-		return pc.cyan(value);
-	},
-	value(value) {
-		return pc.bold(value);
-	}
-};
-//#endregion
-//#region src/auth/constants.ts
-const QUIRE_API_TOKEN_ENV = "QUIRE_API_TOKEN";
-const QUIRE_API_TOKEN_TYPE = "QuireApiKey";
-//#endregion
-//#region src/utils/runtime.ts
-function isRecord(value) {
-	return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function readString(value) {
-	return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-//#endregion
-//#region src/auth/api.ts
-const CLIENT_ID = "quire-cli";
-const DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
-var HttpError = class extends CliError {
-	constructor(message, status, body, code) {
-		super(message, status === 401 || status === 403 ? ExitCode.AuthFailure : ExitCode.NetworkFailure);
-		this.status = status;
-		this.body = body;
-		this.code = code;
-		this.name = "HttpError";
-	}
-};
-function readApiBaseUrl(value = process.env.QUIRE_API_URL ?? "http://localhost:3000") {
-	return normalizeApiBaseUrl(value);
-}
-function normalizeApiBaseUrl(value) {
-	try {
-		const url = new URL(value);
-		url.pathname = url.pathname.replace(/\/+$/, "");
-		url.search = "";
-		url.hash = "";
-		return url.toString().replace(/\/$/, "");
-	} catch {
-		throw new CliError(`Invalid Quire API URL: ${value}`, ExitCode.InvalidInput);
-	}
-}
-async function requestDeviceCode(options) {
-	return parseDeviceCodeResponse((await requestJson({
-		url: authUrl(options.apiBaseUrl, "/device/code"),
-		fetchFn: options.fetchFn,
-		init: {
-			method: "POST",
-			headers: jsonHeaders(),
-			body: JSON.stringify({
-				client_id: CLIENT_ID,
-				...options.scope === void 0 ? {} : { scope: options.scope }
-			})
-		}
-	})).body);
-}
-async function requestDeviceToken(options) {
-	return parseDeviceTokenResponse((await requestJson({
-		url: authUrl(options.apiBaseUrl, "/device/token"),
-		fetchFn: options.fetchFn,
-		init: {
-			method: "POST",
-			headers: jsonHeaders(),
-			body: JSON.stringify({
-				grant_type: DEVICE_GRANT_TYPE,
-				device_code: options.deviceCode,
-				client_id: CLIENT_ID
-			})
-		}
-	})).body);
-}
-async function fetchCurrentSession(options) {
-	const response = await requestJson({
-		url: authUrl(options.apiBaseUrl, "/get-session"),
-		fetchFn: options.fetchFn,
-		init: {
-			method: "GET",
-			headers: {
-				Accept: "application/json",
-				...authHeaders(options)
-			}
-		}
-	});
-	const refreshedAccessToken = response.response.headers.get("set-auth-token") ?? void 0;
-	return {
-		data: parseCurrentSession(response.body),
-		...refreshedAccessToken === void 0 ? {} : { refreshedAccessToken }
-	};
-}
-async function fetchModelSourceBrokerStatus(options) {
-	return parseModelSourceBrokerStatus((await requestJson({
-		url: apiUrl(options.apiBaseUrl, "/api/model-sources"),
-		fetchFn: options.fetchFn,
-		init: {
-			method: "GET",
-			headers: {
-				Accept: "application/json",
-				...authHeaders(options),
-				"User-Agent": "quire-cli"
-			}
-		}
-	})).body);
-}
-function authUrl(apiBaseUrl, path) {
-	return apiUrl(apiBaseUrl, `/api/auth${path}`);
-}
-function apiUrl(apiBaseUrl, path) {
-	return new URL(path, apiBaseUrl).toString();
-}
-function jsonHeaders() {
-	return {
-		Accept: "application/json",
-		"Content-Type": "application/json",
-		"User-Agent": "quire-cli"
-	};
-}
-function authHeaders(credentials) {
-	if (credentials.tokenType === "QuireApiKey") return { "X-Quire-API-Key": credentials.accessToken };
-	return { Authorization: `Bearer ${credentials.accessToken}` };
-}
-async function requestJson(options) {
-	let response;
-	try {
-		response = await (options.fetchFn ?? fetch)(options.url, options.init);
-	} catch (error) {
-		throw new CliError(`Could not reach Quire API: ${error instanceof Error ? error.message : String(error)}`, ExitCode.NetworkFailure);
-	}
-	const body = await readResponseBody(response);
-	if (!response.ok) {
-		const { code, description } = readErrorBody(body);
-		throw new HttpError(description ?? `Quire API request failed with HTTP ${response.status}`, response.status, body, code);
-	}
-	return {
-		body,
-		response
-	};
-}
-async function readResponseBody(response) {
-	const text = await response.text();
-	if (!text) return null;
-	try {
-		return JSON.parse(text);
-	} catch {
-		return text;
-	}
-}
-function readErrorBody(body) {
-	if (!isRecord(body)) return {};
-	return {
-		code: typeof body.error === "string" ? body.error : void 0,
-		description: typeof body.error_description === "string" ? body.error_description : typeof body.message === "string" ? body.message : void 0
-	};
-}
-function parseDeviceCodeResponse(value) {
-	if (!isRecord(value)) throw new CliError("Quire API returned an invalid device code response", ExitCode.NetworkFailure);
-	const response = {
-		device_code: value.device_code,
-		user_code: value.user_code,
-		verification_uri: value.verification_uri,
-		verification_uri_complete: value.verification_uri_complete,
-		expires_in: value.expires_in,
-		interval: value.interval
-	};
-	if (typeof response.device_code !== "string" || typeof response.user_code !== "string" || typeof response.verification_uri !== "string" || typeof response.verification_uri_complete !== "string" || typeof response.expires_in !== "number" || typeof response.interval !== "number") throw new CliError("Quire API returned an invalid device code response", ExitCode.NetworkFailure);
-	return response;
-}
-function parseDeviceTokenResponse(value) {
-	if (!isRecord(value) || typeof value.access_token !== "string") throw new CliError("Quire API returned an invalid device token response", ExitCode.NetworkFailure);
-	if (value.expires_in !== void 0 && typeof value.expires_in !== "number") throw new CliError("Quire API returned an invalid device token response", ExitCode.NetworkFailure);
-	if (value.scope !== void 0 && typeof value.scope !== "string") throw new CliError("Quire API returned an invalid device token response", ExitCode.NetworkFailure);
-	return {
-		access_token: value.access_token,
-		token_type: typeof value.token_type === "string" ? value.token_type : "Bearer",
-		...value.expires_in === void 0 ? {} : { expires_in: value.expires_in },
-		...value.scope === void 0 ? {} : { scope: value.scope }
-	};
-}
-function parseCurrentSession(value) {
-	if (value === null) return null;
-	if (!isRecord(value) || !isRecord(value.session) || !isRecord(value.user)) throw new CliError("Quire API returned an invalid session response", ExitCode.NetworkFailure);
-	if (typeof value.session.id !== "string" || typeof value.user.id !== "string") throw new CliError("Quire API returned an invalid session response", ExitCode.NetworkFailure);
-	if (value.user.email !== void 0 && value.user.email !== null && typeof value.user.email !== "string") throw new CliError("Quire API returned an invalid session response", ExitCode.NetworkFailure);
-	if (value.user.name !== void 0 && value.user.name !== null && typeof value.user.name !== "string") throw new CliError("Quire API returned an invalid session response", ExitCode.NetworkFailure);
-	return {
-		session: {
-			id: value.session.id,
-			...typeof value.session.expiresAt === "string" ? { expiresAt: value.session.expiresAt } : {}
-		},
-		user: {
-			id: value.user.id,
-			...value.user.email === void 0 ? {} : { email: value.user.email },
-			...value.user.name === void 0 ? {} : { name: value.user.name }
-		}
-	};
-}
-function parseModelSourceBrokerStatus(value) {
-	if (!isRecord(value) || !Array.isArray(value.selectedOrder)) throw new CliError("Quire API returned an invalid model-source status response", ExitCode.NetworkFailure);
-	const resolvedAvailability = value.resolvedAvailability;
-	if (!isRecord(resolvedAvailability)) throw new CliError("Quire API returned an invalid model-source status response", ExitCode.NetworkFailure);
-	const status = resolvedAvailability.status;
-	const reason = resolvedAvailability.reason;
-	const selectedProviderMode = resolvedAvailability.mode;
-	const requiredNextAction = resolvedAvailability.nextAction;
-	if (status !== "available" && status !== "unavailable" || typeof reason !== "string" || selectedProviderMode !== null && typeof selectedProviderMode !== "string" || requiredNextAction !== null && typeof requiredNextAction !== "string" || !value.selectedOrder.every((mode) => typeof mode === "string")) throw new CliError("Quire API returned an invalid model-source status response", ExitCode.NetworkFailure);
-	const actor = readActor(value);
-	return {
-		...actor === void 0 ? {} : { actor },
-		available: status === "available",
-		status,
-		selectedProviderMode,
-		selectedOrder: value.selectedOrder,
-		reason,
-		requiredNextAction,
-		requiredBalance: readWalletRequiredBalance(value),
-		remainingBalance: readWalletRemainingBalance(value),
-		recentUsage: readRecentUsage(value)
-	};
-}
-function readActor(value) {
-	const actor = value.actor;
-	if (!isRecord(actor)) return;
-	const actorType = actor.actorType;
-	if (actorType !== "user_session" && actorType !== "api_key") return;
-	return {
-		actorType,
-		actorId: typeof actor.actorId === "string" ? actor.actorId : null,
-		environmentId: typeof actor.environmentId === "string" ? actor.environmentId : null,
-		environmentName: typeof actor.environmentName === "string" ? actor.environmentName : null,
-		triggerSource: typeof actor.triggerSource === "string" ? actor.triggerSource : null
-	};
-}
-function readWalletRequiredBalance(value) {
-	const source = readFirstSource(value);
-	const requiredBalance = (isRecord(source?.wallet) ? source.wallet : null)?.requiredBalance;
-	return typeof requiredBalance === "number" && Number.isFinite(requiredBalance) ? requiredBalance : null;
-}
-function readWalletRemainingBalance(value) {
-	const source = readFirstSource(value);
-	const wallet = isRecord(source?.wallet) ? source.wallet : null;
-	const remaining = (isRecord(wallet?.balance) ? wallet.balance : null)?.remaining;
-	return typeof remaining === "number" && Number.isFinite(remaining) ? remaining : null;
-}
-function readFirstSource(value) {
-	if (!Array.isArray(value.sources)) return null;
-	const [source] = value.sources;
-	return isRecord(source) ? source : null;
-}
-function readRecentUsage(value) {
-	if (!Array.isArray(value.recentUsage)) return [];
-	return value.recentUsage.flatMap((event) => {
-		if (!isRecord(event)) return [];
-		if (typeof event.modelId !== "string" || typeof event.status !== "string" || typeof event.totalTokens !== "number" || typeof event.createdAt !== "string") return [];
-		return [{
-			modelId: event.modelId,
-			status: event.status,
-			totalTokens: event.totalTokens,
-			runId: typeof event.runId === "string" ? event.runId : null,
-			createdAt: event.createdAt
-		}];
-	});
-}
-//#endregion
-//#region src/auth/store.ts
-function defaultAuthPath(env = process.env) {
-	if (env.QUIRE_AUTH_FILE) return resolve(env.QUIRE_AUTH_FILE);
-	return join(resolve(env.QUIRE_HOME ?? join(homedir(), ".quire")), "auth.json");
-}
-function createAuthStore(path = defaultAuthPath()) {
-	async function get() {
-		try {
-			const contents = await readFile(path, "utf8");
-			return parseStoredCredentials(JSON.parse(contents));
-		} catch {
-			return null;
-		}
-	}
-	async function set(credentials) {
-		await mkdir(dirname(path), {
-			recursive: true,
-			mode: 448
-		});
-		await writeFile(path, `${JSON.stringify(credentials, null, 2)}\n`, { mode: 384 });
-	}
-	async function clear() {
-		try {
-			await unlink(path);
-		} catch {}
-	}
-	return {
-		path,
-		get,
-		set,
-		clear
-	};
-}
-const authStore = createAuthStore();
-async function resolveAuthCredentials(options = {}) {
-	const env = options.env ?? process.env;
-	const apiToken = env[QUIRE_API_TOKEN_ENV]?.trim();
-	if (apiToken) return createStoredCredentials({
-		apiBaseUrl: readApiBaseUrl(env.QUIRE_API_URL),
-		accessToken: apiToken,
-		tokenType: QUIRE_API_TOKEN_TYPE,
-		user: {
-			id: "api-token",
-			name: "API token"
-		}
-	});
-	return (options.store ?? authStore).get();
-}
-function createStoredCredentials(input) {
-	const now = input.now ?? /* @__PURE__ */ new Date();
-	const timestamp = now.toISOString();
-	const expiresAt = input.expiresAt ?? expiresAtFromSeconds(input.expiresIn, now);
-	return {
-		version: 1,
-		apiBaseUrl: input.apiBaseUrl,
-		accessToken: input.accessToken,
-		tokenType: input.tokenType ?? "Bearer",
-		...expiresAt === void 0 ? {} : { expiresAt },
-		...input.user === void 0 ? {} : { user: input.user },
-		createdAt: timestamp,
-		updatedAt: timestamp
-	};
-}
-function updateStoredCredentials(credentials, input) {
-	return {
-		...credentials,
-		accessToken: input.accessToken ?? credentials.accessToken,
-		tokenType: input.tokenType ?? credentials.tokenType,
-		...input.expiresAt === void 0 ? {} : { expiresAt: input.expiresAt },
-		...input.user === void 0 ? {} : { user: input.user },
-		updatedAt: (input.now ?? /* @__PURE__ */ new Date()).toISOString()
-	};
-}
-function expiresAtFromSeconds(expiresIn, now) {
-	return typeof expiresIn === "number" ? new Date(now.getTime() + expiresIn * 1e3).toISOString() : void 0;
-}
-function parseStoredCredentials(value) {
-	if (!isRecord(value)) return null;
-	if (value.version !== 1 || typeof value.apiBaseUrl !== "string" || typeof value.accessToken !== "string" || typeof value.tokenType !== "string" || typeof value.createdAt !== "string" || typeof value.updatedAt !== "string") return null;
-	if (value.expiresAt !== void 0 && typeof value.expiresAt !== "string") return null;
-	const user = parseStoredUser(value.user);
-	if (value.user !== void 0 && user === null) return null;
-	return {
-		version: 1,
-		apiBaseUrl: value.apiBaseUrl,
-		accessToken: value.accessToken,
-		tokenType: value.tokenType,
-		...value.expiresAt === void 0 ? {} : { expiresAt: value.expiresAt },
-		...user === void 0 || user === null ? {} : { user },
-		createdAt: value.createdAt,
-		updatedAt: value.updatedAt
-	};
-}
-function parseStoredUser(value) {
-	if (value === void 0) return;
-	if (!isRecord(value) || typeof value.id !== "string") return null;
-	if (value.email !== void 0 && value.email !== null && typeof value.email !== "string") return null;
-	if (value.name !== void 0 && value.name !== null && typeof value.name !== "string") return null;
-	return {
-		id: value.id,
-		...value.email === void 0 ? {} : { email: value.email },
-		...value.name === void 0 ? {} : { name: value.name }
-	};
-}
-//#endregion
-//#region src/pipeline/quire-model-provider.ts
-const PI_CODEX_MODEL_PROVIDER = "openai-codex";
-const PI_GITHUB_COPILOT_MODEL_PROVIDER = "github-copilot";
-const PI_GITHUB_COPILOT_MODEL_ID = "gpt-5.5";
-const QUIRE_MODEL_AUTH_PATH_ENV = "QUIRE_MODEL_AUTH_PATH";
-function readQuireModelAuthPath() {
-	const envPath = process.env[QUIRE_MODEL_AUTH_PATH_ENV]?.trim();
-	return envPath && envPath.length > 0 ? envPath : join(homedir(), ".quire", "model-auth.json");
-}
-//#endregion
-//#region src/commands/connect.ts
-const CHATGPT_MANUAL_CODE_PROMPT = "Paste the localhost redirect URL from your browser";
-const CHATGPT_MANUAL_CODE_PLACEHOLDER = "http://localhost:1455/auth/callback?code=...";
-const connectCommand = defineCommand({
-	meta: {
-		name: "connect",
-		description: "Connect local provider accounts used by Quire investigations."
-	},
-	subCommands: {
-		chatgpt: defineCommand({
-			meta: {
-				name: "chatgpt",
-				description: "Connect ChatGPT/Codex subscription auth for local investigations."
-			},
-			args: {
-				"no-open": {
-					type: "boolean",
-					description: "Print the authorization URL without trying to open a browser."
-				},
-				json: {
-					type: "boolean",
-					description: "Print machine-readable connection state to stdout."
-				}
-			},
-			async run({ args }) {
-				await runConnectChatgpt({
-					noOpen: args["no-open"] === true,
-					json: args.json === true
-				});
-			}
-		}),
-		copilot: defineCommand({
-			meta: {
-				name: "copilot",
-				alias: "github",
-				description: "Connect GitHub Copilot subscription auth for local investigations."
-			},
-			args: {
-				"github-enterprise": {
-					type: "string",
-					description: "GitHub Enterprise URL/domain for Copilot login. Omit or pass an empty value for github.com."
-				},
-				"no-open": {
-					type: "boolean",
-					description: "Print the device authorization URL without trying to open a browser."
-				},
-				json: {
-					type: "boolean",
-					description: "Print machine-readable connection state to stdout."
-				}
-			},
-			async run({ args }) {
-				await runConnectCopilot({
-					githubEnterprise: args["github-enterprise"],
-					noOpen: args["no-open"] === true,
-					json: args.json === true
-				});
-			}
-		})
-	}
-});
-async function runConnectChatgpt(options = {}) {
-	const stdout = options.io?.stdout ?? process.stdout;
-	const stderr = options.io?.stderr ?? process.stderr;
-	const modelAuthPath = options.modelAuthPath ?? readQuireModelAuthPath();
-	const modelAuthStorage = options.modelAuthStorage ?? AuthStorage.create(modelAuthPath);
-	const loginChatgpt = options.loginChatgpt ?? loginOpenAICodex;
-	const promptOutput = options.json === true ? stderr : stdout;
-	const promptForInput = options.promptForLine ?? ((message, promptOptions) => promptForLine(message, promptOutput, promptOptions));
-	let launchAttempt;
-	if (options.json !== true) {
-		log.step("Connect ChatGPT for local Quire investigations", {
-			output: stdout,
-			spacing: 0
-		});
-		log.message("Quire will use local Codex subscription auth before Quire Credits.", {
-			output: stdout,
-			spacing: 0,
-			withGuide: true
-		});
-	}
-	const credentials = await loginChatgpt({
-		originator: "quire",
-		onAuth: (info) => {
-			const authOutput = options.json === true ? stderr : stdout;
-			if (options.json === true) {
-				writeLine(authOutput, `${color.label("Authorization URL")}: ${info.url}`);
-				if (info.instructions) writeLine(authOutput, info.instructions);
-			} else writeChatgptAuthorizationNote(authOutput, info.url, info.instructions);
-			if (options.noOpen === true) return;
-			launchAttempt = (async () => {
-				let opened = false;
-				try {
-					opened = await (options.opener ?? openBrowser)(info.url);
-				} catch {
-					opened = false;
-				}
-				if (opened) log.success("Opened ChatGPT authorization in your browser.", {
-					output: stderr,
-					spacing: 0
-				});
-				else log.warn("Could not open a browser automatically. Open the authorization URL manually.", {
-					output: stderr,
-					spacing: 0
-				});
-			})();
-		},
-		onPrompt: async (prompt) => {
-			return promptForInput(prompt.placeholder ? `${prompt.message} (${prompt.placeholder})` : prompt.message);
-		},
-		onManualCodeInput: async () => {
-			await launchAttempt;
-			if (options.json !== true) log.message([
-				"Complete ChatGPT authorization in the browser.",
-				"When it redirects to localhost, the page may fail to load in a VM.",
-				"Copy the full address-bar URL and paste it below."
-			], {
-				output: promptOutput,
-				spacing: 0,
-				withGuide: true
-			});
-			return promptForInput(CHATGPT_MANUAL_CODE_PROMPT, { placeholder: CHATGPT_MANUAL_CODE_PLACEHOLDER });
-		},
-		onProgress: (message) => {
-			writeLine(stderr, message);
-		}
-	});
-	modelAuthStorage.set(PI_CODEX_MODEL_PROVIDER, oauthCredential(credentials));
-	if (options.json === true) {
-		writeJson(stdout, {
-			connected: true,
-			provider: PI_CODEX_MODEL_PROVIDER,
-			authPath: modelAuthPath,
-			source: "quire_model_auth"
-		});
-		return;
-	}
-	log.success("ChatGPT connected for local Quire investigations.", { output: stdout });
-}
-function writeChatgptAuthorizationNote(output, url, instructions) {
-	const lines = [
-		"If you're in a VM or remote shell, browser launch may not work.",
-		"Open the sign-in URL below in your local browser.",
-		"After signing in, ChatGPT will redirect to localhost.",
-		"Copy that final localhost URL back into this terminal."
-	];
-	if (instructions) lines.push("", instructions);
-	note(lines.join("\n"), "ChatGPT authorization", { output });
-	writeLine(output);
-	writeLine(output, `${color.label("Open")}: ${terminalLink("ChatGPT authorization", url, output)}`);
-	writeLine(output, color.label("Sign-in URL to paste into your browser:"));
-	writeLine(output, url);
-	writeLine(output);
-}
-function terminalLink(label, url, output) {
-	if (!isInteractiveOutput(output)) return label;
-	return `\u001B]8;;${url}\u001B\\${label}\u001B]8;;\u001B\\`;
-}
-function isInteractiveOutput(output) {
-	return Boolean(output && "isTTY" in output && output.isTTY === true && process.env.TERM !== "dumb" && process.env.CI !== "true");
-}
-async function runConnectCopilot(options = {}) {
-	const stdout = options.io?.stdout ?? process.stdout;
-	const stderr = options.io?.stderr ?? process.stderr;
-	const modelAuthPath = options.modelAuthPath ?? readQuireModelAuthPath();
-	const modelAuthStorage = options.modelAuthStorage ?? AuthStorage.create(modelAuthPath);
-	const loginCopilot = options.loginCopilot ?? loginGitHubCopilot;
-	const promptOutput = options.json === true ? stderr : stdout;
-	const promptForInput = options.promptForLine ?? ((message) => promptForLine(message, promptOutput));
-	if (options.json !== true) {
-		log.step("Connect GitHub Copilot for local Quire investigations", {
-			output: stdout,
-			spacing: 0
-		});
-		log.message(`Quire will use local GitHub Copilot auth with ${PI_GITHUB_COPILOT_MODEL_ID} before Quire Credits.`, {
-			output: stdout,
-			spacing: 0,
-			withGuide: true
-		});
-	}
-	let usedEnterpriseFlag = false;
-	const credentials = await loginCopilot({
-		onAuth: (url, instructions) => {
-			const authOutput = options.json === true ? stderr : stdout;
-			writeLine(authOutput, `${color.label("Authorization URL")}: ${url}`);
-			if (instructions) writeLine(authOutput, instructions);
-			if (options.noOpen === true) return;
-			(async () => {
-				let opened = false;
-				try {
-					opened = await (options.opener ?? openBrowser)(url);
-				} catch {
-					opened = false;
-				}
-				if (opened) log.success("Opened GitHub Copilot authorization in your browser.", {
-					output: stderr,
-					spacing: 0
-				});
-				else log.warn("Could not open a browser automatically. Open the authorization URL manually.", {
-					output: stderr,
-					spacing: 0
-				});
-			})();
-		},
-		onPrompt: async (prompt) => {
-			if (options.githubEnterprise !== void 0 && !usedEnterpriseFlag && isGithubEnterprisePrompt(prompt)) {
-				usedEnterpriseFlag = true;
-				return options.githubEnterprise;
-			}
-			return promptForInput(prompt.placeholder ? `${prompt.message} (${prompt.placeholder})` : prompt.message);
-		},
-		onProgress: (message) => {
-			writeLine(stderr, message);
-		}
-	});
-	modelAuthStorage.set(PI_GITHUB_COPILOT_MODEL_PROVIDER, oauthCredential(credentials));
-	if (options.json === true) {
-		writeJson(stdout, {
-			connected: true,
-			provider: PI_GITHUB_COPILOT_MODEL_PROVIDER,
-			model: PI_GITHUB_COPILOT_MODEL_ID,
-			authPath: modelAuthPath,
-			source: "quire_model_auth"
-		});
-		return;
-	}
-	log.success("GitHub Copilot connected for local Quire investigations.", { output: stdout });
-}
-function oauthCredential(credentials) {
-	return {
-		type: "oauth",
-		...credentials
-	};
-}
-function isGithubEnterprisePrompt(prompt) {
-	return /github enterprise/i.test(prompt.message);
-}
-async function promptForLine(message, output = process.stdout, options = {}) {
-	const value = await text({
-		message,
-		placeholder: options.placeholder,
-		input: process.stdin,
-		output
-	});
-	if (isCancel(value)) throw new CliError("Authorization input was cancelled.", ExitCode.InvalidInput);
-	return value;
-}
-//#endregion
-//#region src/commands/continue.ts
-const continueCommand = defineCommand({
-	meta: {
-		name: "continue",
-		alias: "resume",
-		description: "Continue a previous Quire investigation with more context."
-	},
-	args: {
-		run: {
-			type: "positional",
-			description: "Run id or run directory to continue.",
-			required: true
-		},
-		prompt: {
-			type: "positional",
-			description: "Additional context or instruction for the continued run.",
-			required: false
-		},
-		stdin: {
-			type: "boolean",
-			description: "Reserved for the rebuilt continuation command."
-		},
-		json: {
-			type: "boolean",
-			description: "Reserved for the rebuilt continuation command."
-		},
-		watch: {
-			type: "boolean",
-			description: "Reserved for the rebuilt continuation command."
-		},
-		detach: {
-			type: "boolean",
-			description: "Reserved for the rebuilt continuation command."
-		},
-		headed: {
-			type: "boolean",
-			description: "Reserved for the rebuilt continuation command."
-		}
-	},
-	async run({ args }) {
-		await runContinue({
-			run: readRequiredString$1(args.run, "run"),
-			prompt: readOptionalString$2(args.prompt),
-			stdin: args.stdin === true,
-			json: args.json === true,
-			watch: args.watch === true,
-			detach: args.detach === true,
-			headed: args.headed === true
-		});
-	}
-});
-async function runContinue(_options) {
-	throw new CliError("Investigation continuation is intentionally a clean-slate learning stub on this branch. Rebuild it after the run protocol and investigate command.", ExitCode.InternalError);
-}
-function readRequiredString$1(value, name) {
-	if (typeof value === "string" && value.length > 0) return value;
-	throw new CliError(`Missing required ${name}.`, ExitCode.InvalidInput);
-}
-function readOptionalString$2(value) {
-	return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-//#endregion
-//#region src/doctor/render.ts
-const SECTION_TITLES = {
-	identity: "Identity",
-	workspace: "Workspace",
-	runs: "Runs"
-};
-const SECTION_ORDER = [
-	"identity",
-	"workspace",
-	"runs"
-];
-const GLYPHS = {
-	pass: color.success("✓"),
-	warn: color.warn("!"),
-	fail: color.error("✗")
-};
-function renderDoctorReport(output, report, strict = false) {
-	writeLine(output, color.heading("Quire doctor"));
-	writeLine(output);
-	for (const section of SECTION_ORDER) {
-		const checks = report.checks.filter((check) => check.section === section);
-		if (checks.length === 0) continue;
-		writeLine(output, color.heading(SECTION_TITLES[section]));
-		for (const check of checks) {
-			writeLine(output, `  ${GLYPHS[check.severity]} ${check.message}`);
-			if (check.fix !== void 0) writeLine(output, `    ${color.label("→")} ${color.command(check.fix.command)}`);
-		}
-		writeLine(output);
-	}
-	writeLine(output, formatSummary(report, strict));
-}
-function formatSummary(report, strict) {
-	const { warn, fail } = report.summary;
-	if (fail === 0 && warn === 0) return "All checks passed.";
-	const parts = [];
-	if (fail > 0) parts.push(`${fail} ${pluralize(fail, "failure", "failures")}`);
-	if (warn > 0) parts.push(`${warn} ${pluralize(warn, "warning", "warnings")}`);
-	const sentence = `${parts.join(", ")}.`;
-	if (fail === 0 && warn > 0 && !strict) return `${sentence} Run with --strict to fail on warnings.`;
-	return sentence;
-}
-function pluralize(count, singular, plural) {
-	return count === 1 ? singular : plural;
-}
-//#endregion
-//#region src/schema/environment.ts
-const VerificationCommandSchema = Type.Object({
-	command: Type.String({ minLength: 1 }),
-	purpose: Type.Optional(Type.String({ minLength: 1 }))
-}, { additionalProperties: false });
-const WebTargetSchema = Type.Object({
-	kind: Type.Literal("web"),
-	url: Type.String({ minLength: 1 }),
-	description: Type.Optional(Type.String({ minLength: 1 })),
-	entrypoint: Type.Optional(Type.String({ minLength: 1 })),
-	readOnly: Type.Optional(Type.Boolean()),
-	codePaths: Type.Optional(Type.Array(Type.String({ minLength: 1 }))),
-	verify: Type.Optional(Type.Array(VerificationCommandSchema))
-}, { additionalProperties: false });
-const EnvironmentFileSchema = Type.Object({
-	version: Type.Literal(2),
-	defaultTarget: Type.Optional(Type.String({ minLength: 1 })),
-	targets: Type.Record(Type.String({ minLength: 1 }), WebTargetSchema)
-}, { additionalProperties: false });
-function environmentFilePath(repoPath) {
-	return join(repoPath, ".quire", "environment.json");
-}
-function sanitizeTargetName(value) {
-	const sanitized = value.trim().toLowerCase().replace(/[^a-z0-9._-]+/g, "-");
-	if (sanitized.length === 0 || sanitized === "." || sanitized === "..") throw new EnvironmentError("schema_violation", "Invalid environment name", {
-		fieldPath: "/target",
-		filePath: ""
-	});
-	return sanitized;
-}
-var EnvironmentError = class extends Error {
-	code;
-	fieldPath;
-	filePath;
-	constructor(code, message, options) {
-		super(`${message} at ${options.fieldPath}`, { cause: options.cause });
-		this.name = "EnvironmentError";
-		this.code = code;
-		this.fieldPath = options.fieldPath;
-		this.filePath = options.filePath;
-	}
-};
-function loadEnvironment(repoPath, targetName) {
-	const filePath = environmentFilePath(repoPath);
-	if (!existsSync(filePath)) throw new EnvironmentError("missing_file", "Missing .quire/environment.json", {
-		fieldPath: "/",
-		filePath
-	});
-	let parsed;
-	try {
-		parsed = JSON.parse(readFileSync(filePath, "utf8"));
-	} catch (error) {
-		throw new EnvironmentError("malformed_json", "Malformed environment JSON", {
-			fieldPath: "/",
-			filePath,
-			cause: error
-		});
-	}
-	if (!Value.Check(EnvironmentFileSchema, parsed)) {
-		const firstError = Value.Errors(EnvironmentFileSchema, parsed).First();
-		const fieldPath = normalizeFieldPath(firstError?.path);
-		throw new EnvironmentError("schema_violation", firstError?.message ?? "Environment schema validation failed", {
-			fieldPath,
-			filePath
-		});
-	}
-	return resolveEnvironmentTarget(parsed, targetName, filePath);
-}
-function isMobileEnvironment(env) {
-	return env.app.kind === "mobile";
-}
-function isWebEnvironment(env) {
-	return env.app.kind === "web";
-}
-function environmentBaseUrl(env) {
-	return isWebEnvironment(env) ? env.app.url : void 0;
-}
-function resolveEnvironmentTarget(env, requestedTarget, filePath) {
-	const targetName = requestedTarget ?? env.defaultTarget ?? Object.keys(env.targets)[0];
-	if (targetName === void 0) throw new EnvironmentError("schema_violation", "Environment must define at least one target", {
-		fieldPath: "/targets",
-		filePath
-	});
-	const sanitizedTargetName = sanitizeTargetName(targetName);
-	const target = env.targets[sanitizedTargetName] ?? env.targets[targetName];
-	if (target === void 0) throw new EnvironmentError("schema_violation", `Unknown target ${targetName}`, {
-		fieldPath: `/targets/${sanitizedTargetName}`,
-		filePath
-	});
-	return {
-		version: 2,
-		targetName: sanitizedTargetName,
-		app: {
-			...target,
-			baseUrl: target.url
-		}
-	};
-}
-function normalizeFieldPath(path) {
-	if (path === void 0 || path === "") return "/";
-	return path;
-}
-//#endregion
-//#region src/run-dir.ts
-function createRunDir(repoPath, options = {}) {
-	const workspaceKey = workspaceKeyForRepoPath(resolve(repoPath));
-	const runsRoot = resolve(options.runsRoot ?? defaultRunsRoot());
-	const runId = options.runId ?? formatRunId(options.now ?? /* @__PURE__ */ new Date());
-	const root = join(runsRoot, workspaceKey, runId);
-	const paths = runDirPaths(root);
-	mkdirSync(paths.evidence, {
-		recursive: true,
-		mode: 448
-	});
-	return {
-		runId,
-		workspaceKey,
-		runsRoot,
-		root,
-		paths
-	};
-}
-function runStatusPath(runPath) {
-	return join(resolve(runPath), "status.json");
-}
-function runProgressPath(runPath) {
-	return join(resolve(runPath), "progress.jsonl");
-}
-function runAgentSessionPath(runPath) {
-	return join(resolve(runPath), "agent-session.jsonl");
-}
-function runHandoffPath(runPath) {
-	return join(resolve(runPath), "handoff.md");
-}
-function runDirPaths(root) {
-	const evidence = join(root, "evidence");
-	return {
-		status: runStatusPath(root),
-		progress: runProgressPath(root),
-		agentSession: runAgentSessionPath(root),
-		handoff: runHandoffPath(root),
-		evidence,
-		screenshots: join(evidence, "screenshots"),
-		video: join(evidence, "video"),
-		trace: join(evidence, "trace"),
-		console: join(evidence, "console"),
-		network: join(evidence, "network"),
-		harnessSessions: join(root, ".harness-sessions")
-	};
-}
-function defaultRunsRoot(env = process.env) {
-	if (env.QUIRE_RUNS_DIR !== void 0 && env.QUIRE_RUNS_DIR.length > 0) return resolve(env.QUIRE_RUNS_DIR);
-	return join(resolve(env.QUIRE_HOME ?? join(homedir(), ".quire")), "runs");
-}
-function workspaceKeyForRepoPath(repoPath) {
-	const resolvedRepoPath = resolve(repoPath);
-	return `${sanitizeWorkspaceName(basename(resolvedRepoPath) ?? "workspace")}-${createHash("sha256").update(resolvedRepoPath, "utf8").digest("hex").slice(0, 10)}`;
-}
-function formatRunId(date) {
-	return [
-		date.getFullYear().toString().padStart(4, "0"),
-		(date.getMonth() + 1).toString().padStart(2, "0"),
-		date.getDate().toString().padStart(2, "0"),
-		"-",
-		date.getHours().toString().padStart(2, "0"),
-		date.getMinutes().toString().padStart(2, "0"),
-		date.getSeconds().toString().padStart(2, "0"),
-		"-",
-		date.getMilliseconds().toString().padStart(3, "0"),
-		"-",
-		randomBytes(3).toString("hex")
-	].join("");
-}
-function sanitizeWorkspaceName(value) {
-	return value.toLowerCase().replace(/[^a-z0-9._-]+/g, "-").replace(/^-+|-+$/g, "") ?? "workspace";
-}
-//#endregion
-//#region src/run-status.ts
-function updateRunStatus(runPath, patch) {
-	const existing = readRunStatus(runPath);
-	if (existing === void 0) throw new CliError(`Run status not found: ${runPath}`, ExitCode.InvalidInput);
-	const timestamp = (patch.now ?? /* @__PURE__ */ new Date()).toISOString();
-	const nextStatus = patch.status ?? existing.status;
-	const status = {
-		...existing,
-		...definedPatch(patch),
-		status: nextStatus,
-		updatedAt: timestamp,
-		...nextStatus === "running" && existing.startedAt === void 0 ? { startedAt: timestamp } : {},
-		...isTerminalRunStatus(nextStatus) && existing.completedAt === void 0 ? { completedAt: timestamp } : {}
-	};
-	writeStatus(runStatusPath(runPath), status);
-	return status;
-}
-function readRunStatus(runPath) {
-	const filePath = runStatusPath(runPath);
-	if (!existsSync(filePath)) return;
-	try {
-		return parseRunStatus(JSON.parse(readFileSync(filePath, "utf8")));
-	} catch {
-		return;
-	}
-}
-function readFreshRunStatus(runPath) {
-	const status = readRequiredRunStatus(runPath);
-	if (status.status === "queued" && !isPidAlive(status.pid)) {
-		if (existsSync(runHandoffPath(runPath))) return updateRunStatus(runPath, { status: "completed" });
-		return updateRunStatus(runPath, {
-			status: "stale",
-			error: "Worker process exited before marking the run as running."
-		});
-	}
-	if ((status.status === "running" || status.status === "canceling") && !isPidAlive(status.pid)) {
-		if (existsSync(runHandoffPath(runPath))) return updateRunStatus(runPath, { status: "completed" });
-		return updateRunStatus(runPath, {
-			status: status.status === "canceling" ? "canceled" : "stale",
-			error: status.status === "canceling" ? void 0 : "Worker process is no longer running."
-		});
-	}
-	return status;
-}
-function readRequiredRunStatus(runPath) {
-	const status = readRunStatus(runPath);
-	if (status === void 0) throw new CliError(`Run status not found: ${runPath}`, ExitCode.InvalidInput);
-	return status;
-}
-function listRunStatuses(options = {}) {
-	const runsRoot = resolve(options.runsRoot ?? defaultRunsRoot());
-	if (!existsSync(runsRoot)) return [];
-	return readdirSync(runsRoot, { withFileTypes: true }).filter((workspaceEntry) => workspaceEntry.isDirectory()).flatMap((workspaceEntry) => {
-		const workspacePath = join(runsRoot, workspaceEntry.name);
-		return readdirSync(workspacePath, { withFileTypes: true }).filter((runEntry) => runEntry.isDirectory()).map((runEntry) => readRunStatus(join(workspacePath, runEntry.name))).filter((status) => status !== void 0);
-	}).map((status) => readFreshRunStatus(status.runPath)).sort((left, right) => right.createdAt.localeCompare(left.createdAt));
-}
-function isTerminalRunStatus(status) {
-	return status === "completed" || status === "failed" || status === "canceled" || status === "stale";
-}
-function isPidAlive(pid) {
-	if (pid === void 0 || !Number.isInteger(pid) || pid <= 0) return false;
-	try {
-		process.kill(pid, 0);
-		return true;
-	} catch (error) {
-		return isRecord(error) && error.code === "EPERM";
-	}
-}
-function writeStatus(filePath, status) {
-	mkdirSync(dirname(filePath), {
-		recursive: true,
-		mode: 448
-	});
-	const tempPath = join(dirname(filePath), `.${process.pid}-${Date.now()}-${Math.random().toString(16).slice(2)}.status.tmp`);
-	writeFileSync(tempPath, `${JSON.stringify(status, null, 2)}\n`, { mode: 384 });
-	fsyncFile(tempPath);
-	renameSync(tempPath, filePath);
-	fsyncDirectory(dirname(filePath));
-}
-function fsyncFile(filePath) {
-	const file = openSync(filePath, "r");
-	try {
-		fsyncSync(file);
-	} finally {
-		closeSync(file);
-	}
-}
-function fsyncDirectory(directoryPath) {
-	try {
-		const directory = openSync(directoryPath, "r");
-		try {
-			fsyncSync(directory);
-		} finally {
-			closeSync(directory);
-		}
-	} catch {}
-}
-function definedPatch(patch) {
-	const { now: _now, ...rest } = patch;
-	return Object.fromEntries(Object.entries(rest).filter((entry) => {
-		const [, value] = entry;
-		return value !== void 0;
-	}));
-}
-function parseRunStatus(value) {
-	if (!isRecord(value)) return;
-	if (value.version !== 1 || typeof value.runId !== "string" || typeof value.workspaceKey !== "string" || typeof value.runPath !== "string" || typeof value.repoPath !== "string" || !isRunStatusName(value.status) || typeof value.createdAt !== "string" || typeof value.updatedAt !== "string") return;
-	return {
-		version: 1,
-		runId: value.runId,
-		workspaceKey: value.workspaceKey,
-		runPath: value.runPath,
-		files: parseRunStatusFiles(value.files),
-		repoPath: value.repoPath,
-		status: value.status,
-		createdAt: value.createdAt,
-		updatedAt: value.updatedAt,
-		...typeof value.pid === "number" ? { pid: value.pid } : {},
-		...typeof value.startedAt === "string" ? { startedAt: value.startedAt } : {},
-		...typeof value.completedAt === "string" ? { completedAt: value.completedAt } : {},
-		...value.modelUsage === void 0 ? {} : { modelUsage: value.modelUsage },
-		...value.agent === void 0 ? {} : { agent: value.agent },
-		...value.sync === void 0 ? {} : { sync: value.sync },
-		...typeof value.error === "string" ? { error: value.error } : {}
-	};
-}
-function parseRunStatusFiles(value) {
-	if (isRecord(value) && typeof value.status === "string" && typeof value.progress === "string" && typeof value.agentSession === "string" && typeof value.handoff === "string" && typeof value.evidence === "string") return {
-		status: value.status,
-		progress: value.progress,
-		agentSession: value.agentSession,
-		handoff: value.handoff,
-		evidence: value.evidence
-	};
-	return {
-		status: "status.json",
-		progress: "progress.jsonl",
-		agentSession: "agent-session.jsonl",
-		handoff: "handoff.md",
-		evidence: "evidence"
-	};
-}
-function isRunStatusName(value) {
-	return value === "queued" || value === "running" || value === "canceling" || value === "completed" || value === "failed" || value === "canceled" || value === "stale";
-}
-//#endregion
-//#region src/doctor/checks.ts
-const execFileAsync = promisify(execFile);
-function createDoctorContext(overrides = {}) {
-	return {
-		cwd: resolve(overrides.cwd ?? process.cwd()),
-		runsRoot: resolve(overrides.runsRoot ?? defaultRunsRoot()),
-		authStore: overrides.authStore ?? authStore,
-		fetchFn: overrides.fetchFn ?? fetch,
-		execFn: overrides.execFn ?? defaultExecFn,
-		probeTimeoutMs: overrides.probeTimeoutMs ?? 2e3
-	};
-}
-async function defaultExecFn(file, args, options) {
-	const result = await execFileAsync(file, [...args], {
-		timeout: options?.timeout ?? 5e3,
-		encoding: "utf8"
-	});
-	return {
-		stdout: result.stdout ?? "",
-		stderr: result.stderr ?? ""
-	};
-}
-async function checkAuthPresent(context) {
-	const credentials = await resolveAuthCredentials({ store: context.authStore });
-	if (credentials === null) return { result: {
-		id: "auth.present",
-		section: "identity",
-		severity: "fail",
-		message: "No Quire credentials on this machine.",
-		fix: { command: "quire login" }
-	} };
-	return {
-		result: {
-			id: "auth.present",
-			section: "identity",
-			severity: "pass",
-			message: "Credentials present."
-		},
-		auth: {
-			apiBaseUrl: credentials.apiBaseUrl,
-			accessToken: credentials.accessToken,
-			tokenType: credentials.tokenType,
-			...credentials.user === void 0 ? {} : { user: credentials.user }
-		}
-	};
-}
-async function checkAuthValid(context, auth) {
-	if (auth.tokenType === "QuireApiKey") try {
-		return { result: {
-			id: "auth.valid",
-			section: "identity",
-			severity: "pass",
-			message: `API token valid for ${(await fetchModelSourceBrokerStatus({
-				apiBaseUrl: auth.apiBaseUrl,
-				accessToken: auth.accessToken,
-				tokenType: auth.tokenType,
-				fetchFn: context.fetchFn
-			})).actor?.environmentName ?? "remote agent environment"}.`
-		} };
-	} catch (error) {
-		return { result: {
-			id: "auth.valid",
-			section: "identity",
-			severity: "fail",
-			message: `Could not validate Quire API token: ${toMessage(error)}`,
-			fix: { command: "Set QUIRE_API_TOKEN to an active token from Quire settings" }
-		} };
-	}
-	try {
-		const lookup = await fetchCurrentSession({
-			apiBaseUrl: auth.apiBaseUrl,
-			accessToken: auth.accessToken,
-			tokenType: auth.tokenType,
-			fetchFn: context.fetchFn
-		});
-		if (lookup.data === null) return { result: {
-			id: "auth.valid",
-			section: "identity",
-			severity: "fail",
-			message: "Stored credentials were rejected by Quire.",
-			fix: { command: "quire login" }
-		} };
-		const user = lookup.data.user;
-		return {
-			result: {
-				id: "auth.valid",
-				section: "identity",
-				severity: "pass",
-				message: `Logged in as ${formatUser$2(user)}.`
-			},
-			user
-		};
-	} catch (error) {
-		return { result: {
-			id: "auth.valid",
-			section: "identity",
-			severity: "fail",
-			message: `Could not validate Quire session: ${toMessage(error)}`,
-			fix: { command: "quire login" }
-		} };
-	}
-}
-async function checkAuthBroker(context, auth) {
-	try {
-		return brokerToCheckResult(await fetchModelSourceBrokerStatus({
-			apiBaseUrl: auth.apiBaseUrl,
-			accessToken: auth.accessToken,
-			tokenType: auth.tokenType,
-			fetchFn: context.fetchFn
-		}));
-	} catch (error) {
-		return {
-			id: "auth.broker",
-			section: "identity",
-			severity: "warn",
-			message: `Could not read model-source status: ${toMessage(error)}`
-		};
-	}
-}
-function brokerToCheckResult(status) {
-	if (status.requiredNextAction !== null) return {
-		id: "auth.broker",
-		section: "identity",
-		severity: "fail",
-		message: `Model broker requires action: ${status.requiredNextAction}.`,
-		fix: { command: "quire whoami --json" }
-	};
-	if (!status.available) return {
-		id: "auth.broker",
-		section: "identity",
-		severity: "warn",
-		message: `Model broker unavailable (${status.reason}).`
-	};
-	return {
-		id: "auth.broker",
-		section: "identity",
-		severity: "pass",
-		message: `Model broker available (${status.selectedProviderMode ?? "default"}).`
-	};
-}
-function checkEnvironment(context) {
-	try {
-		const environment = loadEnvironment(context.cwd);
-		return {
-			presence: {
-				id: "env.present",
-				section: "workspace",
-				severity: "pass",
-				message: ".quire/environment.json found."
-			},
-			validity: {
-				id: "env.valid",
-				section: "workspace",
-				severity: "pass",
-				message: `Target: ${describeTarget(environment)}.`
-			},
-			env: { environment }
-		};
-	} catch (error) {
-		if (error instanceof EnvironmentError && error.code === "missing_file") return { presence: {
-			id: "env.present",
-			section: "workspace",
-			severity: "fail",
-			message: "No .quire/environment.json in this workspace.",
-			fix: { command: "quire setup" }
-		} };
-		return {
-			presence: {
-				id: "env.present",
-				section: "workspace",
-				severity: "pass",
-				message: ".quire/environment.json found."
-			},
-			validity: {
-				id: "env.valid",
-				section: "workspace",
-				severity: "fail",
-				message: error instanceof EnvironmentError ? `Invalid environment: ${error.message}` : `Could not read environment: ${toMessage(error)}`,
-				fix: { command: "quire setup" }
-			}
-		};
-	}
-}
-function describeTarget(environment) {
-	if (isMobileEnvironment(environment)) return `mobile/${environment.app.platform ?? "unknown"} → ${environment.app.appId ?? environment.app.appPath ?? "unspecified"}`;
-	return `web → ${environmentBaseUrl(environment) ?? "unspecified"}`;
-}
-async function checkWebReachable(context, baseUrl) {
-	const started = Date.now();
-	try {
-		const response = await fetchWithTimeout(context.fetchFn, baseUrl, { method: "HEAD" }, context.probeTimeoutMs);
-		const elapsed = Date.now() - started;
-		if (!response.ok) return {
-			id: "target.web.reachable",
-			section: "workspace",
-			severity: "warn",
-			message: `Target responded with HTTP ${response.status} (${elapsed}ms).`
-		};
-		return {
-			id: "target.web.reachable",
-			section: "workspace",
-			severity: "pass",
-			message: `Target reachable (${response.status}, ${elapsed}ms).`
-		};
-	} catch (error) {
-		return {
-			id: "target.web.reachable",
-			section: "workspace",
-			severity: "fail",
-			message: `Target unreachable: ${toMessage(error)}`
-		};
-	}
-}
-async function checkMobileDevice(context, app) {
-	const provider = app.provider ?? "local";
-	if (provider === "local") {
-		if (app.platform === "ios") return [await checkIosSimulator(context, app)];
-		if (app.platform === "android") return [await checkAndroidDevice(context, app)];
-		return [{
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "warn",
-			message: "Mobile platform not specified."
-		}];
-	}
-	if (provider === "appium") return [await checkAppiumServer(context, app)];
-	return [{
-		id: "target.mobile.device",
-		section: "workspace",
-		severity: "pass",
-		message: `Provider ${provider} configured; remote device checks deferred.`
-	}];
-}
-async function checkIosSimulator(context, app) {
-	try {
-		const { stdout } = await context.execFn("xcrun", [
-			"simctl",
-			"list",
-			"devices",
-			"booted",
-			"-j"
-		], { timeout: context.probeTimeoutMs });
-		const parsed = parseSimctlBooted(stdout);
-		if (parsed.length === 0) return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "fail",
-			message: "No booted iOS simulator found.",
-			fix: { command: "xcrun simctl boot \"iPhone 15\"" }
-		};
-		if (app.device !== void 0 && !parsed.some((entry) => matchesIosDevice(entry, app.device))) return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "warn",
-			message: `Configured device ${app.device} is not currently booted.`,
-			fix: { command: `xcrun simctl boot "${app.device}"` }
-		};
-		return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "pass",
-			message: `iOS simulator booted: ${parsed.map((entry) => entry.name).join(", ")}.`
-		};
-	} catch (error) {
-		return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "fail",
-			message: `xcrun simctl failed: ${toMessage(error)}`
-		};
-	}
-}
-async function checkAndroidDevice(context, app) {
-	try {
-		const { stdout } = await context.execFn("adb", ["devices"], { timeout: context.probeTimeoutMs });
-		const devices = parseAdbDevices(stdout);
-		if (devices.length === 0) return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "fail",
-			message: "No connected Android devices.",
-			fix: { command: "adb devices" }
-		};
-		if (app.device !== void 0 && !devices.includes(app.device)) return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "warn",
-			message: `Configured device ${app.device} is not in adb devices.`
-		};
-		return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "pass",
-			message: `Android device(s) available: ${devices.join(", ")}.`
-		};
-	} catch (error) {
-		return {
-			id: "target.mobile.device",
-			section: "workspace",
-			severity: "fail",
-			message: `adb failed: ${toMessage(error)}`
-		};
-	}
-}
-async function checkAppiumServer(context, app) {
-	if (app.appiumUrl === void 0) return {
-		id: "target.mobile.appium",
-		section: "workspace",
-		severity: "fail",
-		message: "Appium provider configured without appiumUrl."
-	};
-	try {
-		const response = await fetchWithTimeout(context.fetchFn, `${stripTrailingSlash(app.appiumUrl)}/status`, { method: "GET" }, context.probeTimeoutMs);
-		if (!response.ok) return {
-			id: "target.mobile.appium",
-			section: "workspace",
-			severity: "fail",
-			message: `Appium /status returned HTTP ${response.status}.`
-		};
-		return {
-			id: "target.mobile.appium",
-			section: "workspace",
-			severity: "pass",
-			message: `Appium server reachable at ${app.appiumUrl}.`
-		};
-	} catch (error) {
-		return {
-			id: "target.mobile.appium",
-			section: "workspace",
-			severity: "fail",
-			message: `Appium server unreachable: ${toMessage(error)}`
-		};
-	}
-}
-function checkMobileAppPath(app) {
-	if (app.appPath === void 0) return {
-		id: "target.mobile.appPath",
-		section: "workspace",
-		severity: "warn",
-		message: "appPath not set; agent-mobile will not auto-install."
-	};
-	if (!existsSync(app.appPath)) return {
-		id: "target.mobile.appPath",
-		section: "workspace",
-		severity: "fail",
-		message: `appPath does not exist: ${app.appPath}.`
-	};
-	return {
-		id: "target.mobile.appPath",
-		section: "workspace",
-		severity: "pass",
-		message: `appPath exists: ${app.appPath}.`
-	};
-}
-async function checkRunsRoot(context) {
-	try {
-		await mkdir(context.runsRoot, {
-			recursive: true,
-			mode: 448
-		});
-		await access(context.runsRoot, constants.W_OK);
-		return {
-			id: "runs.rootWritable",
-			section: "runs",
-			severity: "pass",
-			message: `Runs root writable (${context.runsRoot}).`
-		};
-	} catch (error) {
-		return {
-			id: "runs.rootWritable",
-			section: "runs",
-			severity: "fail",
-			message: `Runs root not writable: ${toMessage(error)}`
-		};
-	}
-}
-function checkStuckRuns(context) {
-	try {
-		const workspaceKey = workspaceKeyForRepoPath(context.cwd);
-		const stuck = listRunStatuses({
-			cwd: context.cwd,
-			runsRoot: context.runsRoot
-		}).filter((status) => status.workspaceKey === workspaceKey && (status.status === "running" || status.status === "canceling") && !isPidAlive(status.pid));
-		if (stuck.length === 0) return {
-			id: "runs.stuck",
-			section: "runs",
-			severity: "pass",
-			message: "No stuck runs."
-		};
-		const first = stuck[0];
-		if (first === void 0) return {
-			id: "runs.stuck",
-			section: "runs",
-			severity: "pass",
-			message: "No stuck runs."
-		};
-		return {
-			id: "runs.stuck",
-			section: "runs",
-			severity: "warn",
-			message: `${stuck.length} stuck run(s); first: ${first.runId}.`,
-			fix: { command: `quire runs cancel ${first.runId}` }
-		};
-	} catch (error) {
-		return {
-			id: "runs.stuck",
-			section: "runs",
-			severity: "warn",
-			message: `Could not inspect run statuses: ${toMessage(error)}`
-		};
-	}
-}
-async function fetchWithTimeout(fetchFn, url, init, timeoutMs) {
-	return fetchFn(url, {
-		...init,
-		signal: AbortSignal.timeout(timeoutMs)
-	});
-}
-function stripTrailingSlash(value) {
-	return value.endsWith("/") ? value.slice(0, -1) : value;
-}
-function formatUser$2(user) {
-	if (user.email !== void 0 && user.email !== null && user.email.length > 0) return user.email;
-	if (user.name !== void 0 && user.name !== null && user.name.length > 0) return user.name;
-	return user.id;
-}
-function toMessage(error) {
-	return error instanceof Error ? error.message : String(error);
-}
-function parseSimctlBooted(stdout) {
-	try {
-		const devices = JSON.parse(stdout).devices ?? {};
-		const entries = [];
-		for (const list of Object.values(devices)) {
-			if (!Array.isArray(list)) continue;
-			for (const device of list) if (typeof device === "object" && device !== null && device.state === "Booted" && typeof device.name === "string" && typeof device.udid === "string") entries.push({
-				name: device.name,
-				udid: device.udid
-			});
-		}
-		return entries;
-	} catch {
-		return [];
-	}
-}
-function matchesIosDevice(entry, device) {
-	if (device === void 0) return true;
-	return entry.udid === device || entry.name === device;
-}
-function parseAdbDevices(stdout) {
-	return stdout.split("\n").slice(1).map((line) => line.trim()).filter((line) => line.length > 0 && !line.startsWith("*")).map((line) => line.split(/\s+/)[0]).filter((id) => id !== void 0 && id.length > 0 && id !== "List");
-}
-//#endregion
-//#region src/doctor/runner.ts
-async function runDoctor(overrides = {}) {
-	const context = createDoctorContext(overrides);
-	const [identityResults, workspaceResults, runsResults] = await Promise.all([
-		runIdentitySection(context),
-		runWorkspaceSection(context),
-		runRunsSection(context)
-	]);
-	return buildReport([
-		...identityResults,
-		...workspaceResults,
-		...runsResults
-	]);
-}
-async function runIdentitySection(context) {
-	const results = [];
-	const presence = await checkAuthPresent(context);
-	results.push(presence.result);
-	if (presence.auth === void 0) return results;
-	const validity = await checkAuthValid(context, presence.auth);
-	results.push(validity.result);
-	if (validity.result.severity === "fail") return results;
-	results.push(await checkAuthBroker(context, presence.auth));
-	return results;
-}
-async function runWorkspaceSection(context) {
-	const env = checkEnvironment(context);
-	const results = [env.presence];
-	if (env.validity !== void 0) results.push(env.validity);
-	if (env.env === void 0) return results;
-	if (isWebEnvironment(env.env.environment)) {
-		results.push(await checkWebReachable(context, env.env.environment.app.baseUrl));
-		return results;
-	}
-	if (isMobileEnvironment(env.env.environment)) {
-		const app = env.env.environment.app;
-		results.push(...await checkMobileDevice(context, app));
-		results.push(checkMobileAppPath(app));
-	}
-	return results;
-}
-async function runRunsSection(context) {
-	return [await checkRunsRoot(context), checkStuckRuns(context)];
-}
-function buildReport(results) {
-	const summary = {
-		pass: 0,
-		warn: 0,
-		fail: 0
-	};
-	for (const result of results) summary[result.severity] += 1;
-	return {
-		ok: summary.fail === 0,
-		summary,
-		checks: results
-	};
-}
-function isFailingReport(report, options = {}) {
-	if (report.summary.fail > 0) return true;
-	return options.strict === true && report.summary.warn > 0;
-}
-//#endregion
-//#region src/commands/doctor.ts
-const doctorCommand = defineCommand({
-	meta: {
-		name: "doctor",
-		description: "Diagnose Quire setup: auth, workspace target, and run state."
-	},
-	args: {
-		json: {
-			type: "boolean",
-			description: "Emit the doctor report as JSON."
-		},
-		strict: {
-			type: "boolean",
-			description: "Exit non-zero on warnings as well as failures."
-		}
-	},
-	async run({ args }) {
-		await runDoctorCommand({
-			json: args.json === true,
-			strict: args.strict === true
-		});
-	}
-});
-async function runDoctorCommand(options = {}) {
-	const stdout = options.io?.stdout ?? process.stdout;
-	const report = await withDoctorSpinner(startDoctorSpinner(options, stdout), () => runDoctor(options.context ?? {}));
-	if (options.json === true) writeJson(stdout, report);
-	else renderDoctorReport(stdout, report, options.strict === true);
-	if (isFailingReport(report, { strict: options.strict === true })) process.exitCode = 1;
-	return report;
-}
-function startDoctorSpinner(options, output) {
-	if (options.json === true) return;
-	const doctorSpinner = spinner({ output: output ?? process.stdout });
-	doctorSpinner.start("Checking Quire setup");
-	return doctorSpinner;
-}
-async function withDoctorSpinner(doctorSpinner, callback) {
-	try {
-		return await callback();
-	} finally {
-		doctorSpinner?.clear();
-	}
-}
-//#endregion
-//#region src/utils/command-args.ts
-function readOptionalString$1(value) {
-	return readString(value);
-}
-//#endregion
-//#region src/commands/env.ts
-const envCommand = defineCommand({
-	meta: {
-		name: "env",
-		description: "Show the workspace target configuration Quire uses for investigations."
-	},
-	args: {
-		json: {
-			type: "boolean",
-			description: "Print the environment as JSON."
-		},
-		target: {
-			type: "string",
-			description: "Show a named target from .quire/environment.json.",
-			valueHint: "name"
-		}
-	},
-	async run({ args }) {
-		await runEnvPrint({
-			json: args.json === true,
-			target: readOptionalString$1(args.target)
-		});
-	},
-	subCommands: { show: defineCommand({
-		meta: {
-			name: "show",
-			description: "Show the current workspace target configuration."
-		},
-		args: {
-			json: {
-				type: "boolean",
-				description: "Print the environment as JSON."
-			},
-			target: {
-				type: "string",
-				description: "Show a named target from .quire/environment.json.",
-				valueHint: "name"
-			}
-		},
-		async run({ args }) {
-			await runEnvPrint({
-				json: args.json === true,
-				target: readOptionalString$1(args.target)
-			});
-		}
-	}) }
-});
-async function runEnvPrint(options = {}) {
-	const cwd = resolve(options.cwd ?? process.cwd());
-	const stdout = options.io?.stdout ?? process.stdout;
-	const env = readEnvIfPresent(cwd, normalizeTargetName(options.target, cwd));
-	if (env === null) {
-		if (options.json === true) writeJson(stdout, null);
-		else {
-			log.warn(`No ${formatEnvironmentPath(cwd)} in this workspace.`, {
-				output: stdout,
-				spacing: 0
-			});
-			log.message(`Create one with ${color.command("quire setup")}.`, {
-				output: stdout,
-				spacing: 0,
-				withGuide: true
-			});
-		}
-		return null;
-	}
-	if (options.json === true) {
-		writeJson(stdout, env);
-		return env;
-	}
-	log.success("Quire environment", {
-		output: stdout,
-		spacing: 0
-	});
-	writeLine(stdout, `${color.label("Path")}: ${color.path(formatEnvironmentPath(cwd))}`);
-	for (const line of describeEnvironment(env)) writeLine(stdout, line);
-	return env;
-}
-function readEnvIfPresent(cwd, target) {
-	try {
-		return loadEnvironment(cwd, target);
-	} catch (error) {
-		if (error instanceof EnvironmentError && error.code === "missing_file") return null;
-		if (error instanceof EnvironmentError) throw environmentCliError(error, target, cwd);
-		throw error;
-	}
-}
-function formatEnvironmentPath(cwd) {
-	const path = environmentFilePath(cwd);
-	const rel = relative(cwd, path);
-	return rel.startsWith("..") || rel.startsWith("/") ? path : rel;
-}
-function normalizeTargetName(target, cwd) {
-	if (target === void 0) return;
-	try {
-		return sanitizeTargetName(target);
-	} catch (error) {
-		if (error instanceof EnvironmentError) throw environmentCliError(error, target, cwd);
-		throw error;
-	}
-}
-function environmentCliError(error, target, cwd) {
-	if (error.code === "schema_violation" && error.filePath.length === 0) return new CliError(`Invalid target name: ${target ?? ""}`, ExitCode.InvalidInput);
-	const relPath = error.filePath.length === 0 ? "environment configuration" : formatEnvironmentPath(cwd);
-	return new CliError(`${error.message} in ${relPath}`, ExitCode.InvalidInput);
-}
-function describeEnvironment(env) {
-	const baseUrl = isWebEnvironment(env) ? env.app.url : "(unset)";
-	const lines = [
-		`${color.label("Target")}: ${color.value(env.targetName)}`,
-		`${color.label("Kind")}: ${color.value(env.app.kind)}`,
-		`${color.label("URL")}: ${baseUrl}`
-	];
-	if (!isWebEnvironment(env)) return lines;
-	if (env.app.description !== void 0) lines.push(`${color.label("Description")}: ${env.app.description}`);
-	if (env.app.entrypoint !== void 0) lines.push(`${color.label("Entrypoint")}: ${env.app.entrypoint}`);
-	if (env.app.readOnly !== void 0) lines.push(`${color.label("Read only")}: ${String(env.app.readOnly)}`);
-	return lines;
-}
-//#endregion
-//#region src/commands/investigate.ts
-const investigationCommandSchema = {
-	version: 1,
-	command: "quire investigate",
-	description: "Investigation command learning stub. Rebuild the implementation from the guide.",
-	status: "not_implemented",
-	arguments: [
-		{
-			name: "prompt",
-			type: "string",
-			positional: true,
-			requiredUnless: "--stdin",
-			description: "Natural-language investigation query."
-		},
-		{
-			name: "--stdin",
-			type: "boolean",
-			description: "Read additional plain-text investigation context from stdin."
-		},
-		{
-			name: "--json",
-			type: "boolean",
-			description: "Reserved for the rebuilt command's machine-readable start handle."
-		},
-		{
-			name: "--watch",
-			type: "boolean",
-			description: "Reserved for the rebuilt command's attached run watcher."
-		},
-		{
-			name: "--detach",
-			type: "boolean",
-			description: "Reserved for the rebuilt command's detached run mode."
-		},
-		{
-			name: "--url",
-			type: "string",
-			description: "Reserved for the rebuilt command's web target override."
-		},
-		{
-			name: "--target",
-			type: "string",
-			description: "Reserved for the rebuilt command's named target selection."
-		},
-		{
-			name: "--schema",
-			type: "boolean",
-			description: "Print this machine-readable invocation schema and exit."
-		}
-	]
-};
-const investigateCommand = defineCommand({
-	meta: {
-		name: "investigate",
-		alias: "ask",
-		description: "Investigate a question against the current workspace."
-	},
-	args: {
-		prompt: {
-			type: "positional",
-			description: "Natural-language investigation query.",
-			required: false
-		},
-		url: {
-			type: "string",
-			description: "Reserved for the rebuilt web target override.",
-			valueHint: "url"
-		},
-		target: {
-			type: "string",
-			description: "Reserved for the rebuilt named target selection.",
-			valueHint: "name"
-		},
-		stdin: {
-			type: "boolean",
-			description: "Read additional plain-text investigation context from stdin."
-		},
-		json: {
-			type: "boolean",
-			description: "Reserved for the rebuilt JSON start handle."
-		},
-		watch: {
-			type: "boolean",
-			description: "Reserved for the rebuilt run watcher."
-		},
-		detach: {
-			type: "boolean",
-			description: "Reserved for the rebuilt detached run mode."
-		},
-		headed: {
-			type: "boolean",
-			description: "Reserved for the rebuilt browser tooling."
-		},
-		schema: {
-			type: "boolean",
-			description: "Emit the machine-readable investigation invocation schema and exit."
-		}
-	},
-	async run({ args }) {
-		if (args.schema === true) {
-			writeInvestigationCommandSchema();
-			return;
-		}
-		await runInvestigate({
-			query: readOptionalString(args.prompt),
-			target: readOptionalString(args.target),
-			url: readOptionalString(args.url),
-			stdin: args.stdin === true,
-			json: args.json === true,
-			watch: args.watch === true,
-			detach: args.detach === true,
-			headed: args.headed === true
-		});
-	}
-});
-function writeInvestigationCommandSchema(options = {}) {
-	writeJson(options.io?.stdout ?? process.stdout, investigationCommandSchema);
-}
-async function runInvestigate(_options) {
-	createRunDir(cwd());
-}
-function readOptionalString(value) {
-	return typeof value === "string" && value.length > 0 ? value : void 0;
-}
-//#endregion
-//#region src/auth/device-flow.ts
-var DeviceAuthError = class extends CliError {
-	constructor(message, code) {
-		super(message, ExitCode.AuthFailure);
-		this.code = code;
-		this.name = "DeviceAuthError";
-	}
-};
-async function pollForToken(options) {
-	const sleep = options.sleep ?? defaultSleep;
-	const now = options.now ?? Date.now;
-	const expiresAt = now() + options.expiresIn * 1e3;
-	let interval = Math.max(options.interval, 1);
-	while (now() < expiresAt) try {
-		return await (options.requestToken?.() ?? requestDeviceToken({
-			apiBaseUrl: options.apiBaseUrl,
-			deviceCode: options.deviceCode,
-			fetchFn: options.fetchFn
-		}));
-	} catch (error) {
-		const code = readDevicePollErrorCode(error);
-		if (code === void 0) throw error;
-		if (code === "authorization_pending") {
-			options.onStatus?.(code, interval);
-			await sleep(interval * 1e3);
-			continue;
-		}
-		if (code === "slow_down") {
-			interval += 5;
-			options.onStatus?.(code, interval);
-			await sleep(interval * 1e3);
-			continue;
-		}
-		throw new DeviceAuthError(deviceErrorMessage(code), code);
-	}
-	throw new DeviceAuthError(deviceErrorMessage("expired_token"), "expired_token");
-}
-function readDevicePollErrorCode(error) {
-	if (error instanceof DeviceAuthError) return error.code;
-	if (error instanceof HttpError && isDevicePollErrorCode(error.code)) return error.code;
-}
-function isDevicePollErrorCode(value) {
-	return value === "authorization_pending" || value === "slow_down" || value === "access_denied" || value === "expired_token" || value === "invalid_grant";
-}
-function deviceErrorMessage(code) {
-	switch (code) {
-		case "access_denied": return "Device login was denied in the browser.";
-		case "expired_token": return "Device login code expired. Run `quire login` again.";
-		case "invalid_grant": return "Device login code is invalid. Run `quire login` again.";
-		case "authorization_pending": return "Device login is still waiting for browser approval.";
-		case "slow_down": return "Device login polling was too frequent.";
-	}
-}
-function defaultSleep(ms) {
-	return new Promise((resolve) => setTimeout(resolve, ms));
-}
-//#endregion
-//#region src/commands/login.ts
-const loginCommand = defineCommand({
-	meta: {
-		name: "login",
-		description: "Authenticate this machine with Quire using browser device authorization."
-	},
-	args: {
-		"api-url": {
-			type: "string",
-			description: "Quire web app base URL. Defaults to QUIRE_API_URL or https://quire.sh.",
-			valueHint: "url"
-		},
-		"no-open": {
-			type: "boolean",
-			description: "Print the device URL without trying to open a browser."
-		}
-	},
-	async run({ args }) {
-		await runLogin({
-			apiBaseUrl: readApiBaseUrl(args["api-url"]),
-			noOpen: args["no-open"] === true
-		});
-	}
-});
-async function runLogin(options) {
-	const store = options.store ?? authStore;
-	const stdout = options.io?.stdout ?? process.stdout;
-	const stderr = options.io?.stderr ?? process.stderr;
-	const device = await (options.requestCode?.() ?? requestDeviceCode({
-		apiBaseUrl: options.apiBaseUrl,
-		fetchFn: options.fetchFn
-	}));
-	log.step("Authorize Quire CLI", {
-		output: stdout,
-		spacing: 0
-	});
-	log.message([`${color.label("Open")}: ${device.verification_uri}`, `${color.label("Code")}: ${color.value(device.user_code)}`], {
-		output: stdout,
-		spacing: 0,
-		withGuide: true
-	});
-	if (options.noOpen !== true) if (await (options.opener ?? openBrowser)(device.verification_uri_complete)) log.success("Opened browser for Quire authorization.", {
-		output: stderr,
-		spacing: 0
-	});
-	else log.warn("Could not open a browser automatically. Open the URL above.", {
-		output: stderr,
-		spacing: 0
-	});
-	log.info("Waiting for browser approval...", {
-		output: stderr,
-		spacing: 0
-	});
-	const token = await (options.pollToken?.() ?? pollForToken({
-		apiBaseUrl: options.apiBaseUrl,
-		deviceCode: device.device_code,
-		interval: device.interval,
-		expiresIn: device.expires_in,
-		fetchFn: options.fetchFn,
-		sleep: options.sleep,
-		onStatus(status, nextInterval) {
-			if (status === "slow_down") log.warn(`Server asked Quire to slow down; polling every ${nextInterval}s.`, {
-				output: stderr,
-				spacing: 0
-			});
-		}
-	}));
-	const sessionLookup = await (options.getSession?.(token.access_token) ?? fetchCurrentSession({
-		apiBaseUrl: options.apiBaseUrl,
-		accessToken: token.access_token,
-		tokenType: token.token_type,
-		fetchFn: options.fetchFn
-	}));
-	const session = sessionLookup.data;
-	if (session === null) throw new CliError("Login succeeded but Quire could not read the current account.", ExitCode.AuthFailure);
-	const credentials = createStoredCredentials({
-		apiBaseUrl: options.apiBaseUrl,
-		accessToken: sessionLookup.refreshedAccessToken ?? token.access_token,
-		tokenType: token.token_type,
-		expiresAt: session.session.expiresAt,
-		expiresIn: token.expires_in,
-		user: session.user
-	});
-	await store.set(credentials);
-	log.success(`Logged in as ${color.value(formatUser$1(session.user))}.`, { output: stdout });
-}
-function formatUser$1(user) {
-	if (user.name && user.email && user.name !== user.email) return `${user.name} <${user.email}>`;
-	return user.email ?? user.name ?? user.id;
-}
-//#endregion
-//#region src/commands/logout.ts
-const logoutCommand = defineCommand({
-	meta: {
-		name: "logout",
-		description: "Remove stored Quire CLI credentials from this machine."
-	},
-	async run() {
-		await runLogout({});
-	}
-});
-async function runLogout(options) {
-	const store = options.store ?? authStore;
-	const stdout = options.io?.stdout ?? process.stdout;
-	const existing = await store.get();
-	await store.clear();
-	if (existing === null) log.info("Already logged out.", {
-		output: stdout,
-		spacing: 0
-	});
-	else log.success("Logged out of Quire.", {
-		output: stdout,
-		spacing: 0
-	});
-}
-//#endregion
-//#region src/commands/runs.ts
-const runsCommand = defineCommand({
-	meta: {
-		name: "runs",
-		description: "Inspect, watch, and stop durable Quire investigation runs."
-	},
-	subCommands: {
-		status: defineCommand({
-			meta: {
-				name: "status",
-				description: "Reserved for the rebuilt investigation run status command."
-			},
-			args: {
-				run: {
-					type: "positional",
-					description: "Run id or run directory.",
-					required: true
-				},
-				json: {
-					type: "boolean",
-					description: "Emit status JSON."
-				}
-			},
-			async run({ args }) {
-				await runStatus(readRequiredString(args.run, "run"), { json: args.json === true });
-			}
-		}),
-		watch: defineCommand({
-			meta: {
-				name: "watch",
-				description: "Reserved for the rebuilt investigation run watcher."
-			},
-			args: { run: {
-				type: "positional",
-				description: "Run id or run directory.",
-				required: true
-			} },
-			async run({ args }) {
-				await watchRun(readRequiredString(args.run, "run"));
-			}
-		}),
-		cancel: defineCommand({
-			meta: {
-				name: "cancel",
-				description: "Reserved for the rebuilt investigation run cancel command."
-			},
-			args: {
-				run: {
-					type: "positional",
-					description: "Run id or run directory.",
-					required: true
-				},
-				json: {
-					type: "boolean",
-					description: "Emit status JSON after the cancel request."
-				}
-			},
-			async run({ args }) {
-				await cancelRun(readRequiredString(args.run, "run"), { json: args.json === true });
-			}
-		}),
-		list: defineCommand({
-			meta: {
-				name: "list",
-				description: "Reserved for the rebuilt investigation run list command."
-			},
-			args: { json: {
-				type: "boolean",
-				description: "Emit run status JSON."
-			} },
-			async run({ args }) {
-				await listRuns({ json: args.json === true });
-			}
-		})
-	}
-});
-async function runStatus(run, options = {}) {
-	const status = {
-		runId: run,
-		status: "not_implemented"
-	};
-	if (options.json === true) {
-		writeJson(options.io?.stdout ?? process.stdout, status);
-		return status;
-	}
-	throw notImplemented("runs status");
-}
-async function watchRun(run) {
-	throw notImplemented(`runs watch ${run}`);
-}
-async function cancelRun(run, options = {}) {
-	const status = {
-		runId: run,
-		status: "not_implemented"
-	};
-	if (options.json === true) {
-		writeJson(options.io?.stdout ?? process.stdout, status);
-		return status;
-	}
-	throw notImplemented("runs cancel");
-}
-async function listRuns(options = {}) {
-	if (options.json === true) {
-		writeJson(options.io?.stdout ?? process.stdout, []);
-		return [];
-	}
-	throw notImplemented("runs list");
-}
-function notImplemented(command) {
-	return new CliError(`${command} is intentionally a clean-slate learning stub on this branch. Rebuild it from the implementation guide.`, ExitCode.InternalError);
-}
-function readRequiredString(value, name) {
-	if (typeof value === "string" && value.length > 0) return value;
-	throw new CliError(`Missing required ${name}.`, ExitCode.InvalidInput);
-}
-//#endregion
-//#region src/commands/setup.ts
-const SETUP_URL = "https://quire.sh/agent-setup";
-const AGENT_SETUP_PROMPT = `Set up this repository for Quire investigations.
-
-Please load and follow the Quire agent setup instructions from ${SETUP_URL}.
-
-Inspect the project, create the smallest useful .quire/environment.json launch brief, update AGENTS.md with concise run and verification instructions for future agents, then run quire doctor if available and report anything still blocked.`;
-const setupCommand = defineCommand({
-	meta: {
-		name: "setup",
-		description: "Prepare this workspace for Quire investigations."
-	},
-	async run() {
-		await runSetup();
-	}
-});
-async function runSetup(options = {}) {
-	const stdout = options.io?.stdout ?? process.stdout;
-	log.step("Set up Quire for this workspace", {
-		output: stdout,
-		spacing: 0
-	});
-	log.message([`Open ${color.info(SETUP_URL)} to load the Quire setup skill, or copy this prompt into your coding agent like Claude Code, Codex, Pi, or Amp:`], {
-		output: stdout,
-		spacing: 0,
-		withGuide: true
-	});
-	writeLine(stdout);
-	writeLine(stdout, color.label("--- copy prompt ---"));
-	writeLine(stdout, AGENT_SETUP_PROMPT);
-	writeLine(stdout, color.label("--- end prompt ---"));
-}
-//#endregion
-//#region src/commands/whoami.ts
-const whoamiCommand = defineCommand({
-	meta: {
-		name: "whoami",
-		alias: "me",
-		description: "Print the Quire account for the stored CLI credentials."
-	},
-	args: { json: {
-		type: "boolean",
-		description: "Print machine-readable account state to stdout."
-	} },
-	async run({ args }) {
-		await runWhoami({ json: args.json === true });
-	}
-});
-async function runWhoami(options) {
-	const store = options.store ?? authStore;
-	const stdout = options.io?.stdout ?? process.stdout;
-	const credentials = await resolveAuthCredentials({ store });
-	if (credentials === null) {
-		if (options.json === true) writeJson(stdout, { authenticated: false });
-		throw new CliError("Not logged in. Run `quire login`.", ExitCode.AuthFailure);
-	}
-	if (credentials.tokenType === "QuireApiKey") {
-		const modelSourceBroker = await withProfileSpinner(startProfileSpinner(options, stdout), () => readModelSourceBrokerStatus({
-			accessToken: credentials.accessToken,
-			tokenType: credentials.tokenType,
-			apiBaseUrl: credentials.apiBaseUrl,
-			fetchFn: options.fetchFn,
-			getModelSourceBrokerStatus: options.getModelSourceBrokerStatus
-		}));
-		const actor = modelSourceBroker?.actor ?? null;
-		if (options.json === true) {
-			writeJson(stdout, {
-				authenticated: true,
-				authMethod: "api_token",
-				apiBaseUrl: credentials.apiBaseUrl,
-				actor,
-				modelSourceBroker
-			});
-			return;
-		}
-		writeWhoamiSummary(stdout, {
-			title: `Authenticated with API token for ${formatActor(actor)}.`,
-			modelSourceBroker
-		});
-		return;
-	}
-	const profile = await withProfileSpinner(startProfileSpinner(options, stdout), async () => {
-		const sessionLookup = await (options.getSession?.(credentials.accessToken) ?? fetchCurrentSession({
-			apiBaseUrl: credentials.apiBaseUrl,
-			accessToken: credentials.accessToken,
-			tokenType: credentials.tokenType,
-			fetchFn: options.fetchFn
-		}));
-		const session = sessionLookup.data;
-		if (session === null) {
-			await store.clear();
-			throw new CliError("Stored Quire credentials are no longer valid. Run `quire login`.", ExitCode.AuthFailure);
-		}
-		const refreshedCredentials = updateStoredCredentials(credentials, {
-			accessToken: sessionLookup.refreshedAccessToken,
-			expiresAt: session.session.expiresAt,
-			user: session.user
-		});
-		await store.set(refreshedCredentials);
-		return {
-			refreshedCredentials,
-			session,
-			modelSourceBroker: await readModelSourceBrokerStatus({
-				accessToken: refreshedCredentials.accessToken,
-				tokenType: refreshedCredentials.tokenType,
-				apiBaseUrl: refreshedCredentials.apiBaseUrl,
-				fetchFn: options.fetchFn,
-				getModelSourceBrokerStatus: options.getModelSourceBrokerStatus
-			})
-		};
-	});
-	if (options.json === true) {
-		writeJson(stdout, {
-			authenticated: true,
-			apiBaseUrl: profile.refreshedCredentials.apiBaseUrl,
-			user: profile.session.user,
-			session: profile.session.session,
-			modelSourceBroker: profile.modelSourceBroker
-		});
-		return;
-	}
-	writeWhoamiSummary(stdout, {
-		title: `Logged in as ${color.value(formatUser(profile.session.user))}.`,
-		modelSourceBroker: profile.modelSourceBroker
-	});
-}
-function startProfileSpinner(options, output) {
-	if (options.json === true) return;
-	const profileSpinner = spinner({ output: output ?? process.stdout });
-	profileSpinner.start("Loading profile");
-	return profileSpinner;
-}
-async function withProfileSpinner(profileSpinner, callback) {
-	try {
-		return await callback();
-	} finally {
-		profileSpinner?.clear();
-	}
-}
-async function readModelSourceBrokerStatus(options) {
-	try {
-		return await (options.getModelSourceBrokerStatus?.(options.accessToken, options.apiBaseUrl) ?? fetchModelSourceBrokerStatus({
-			apiBaseUrl: options.apiBaseUrl,
-			accessToken: options.accessToken,
-			tokenType: options.tokenType,
-			fetchFn: options.fetchFn
-		}));
-	} catch {
-		return null;
-	}
-}
-function formatActor(actor) {
-	return actor?.environmentName ?? actor?.triggerSource ?? "remote agent environment";
-}
-function formatUser(user) {
-	if (user.name && user.email && user.name !== user.email) return `${user.name} <${user.email}>`;
-	return user.email ?? user.name ?? user.id;
-}
-function writeWhoamiSummary(output, profile) {
-	log.success(profile.title, {
-		output: output ?? process.stdout,
-		spacing: 0
-	});
-	writeWalletBalance(output, profile.modelSourceBroker);
-}
-function writeWalletBalance(output, status) {
-	if (status?.remainingBalance === null || status?.remainingBalance === void 0) return;
-	log.message(`${color.label("Quire Wallet")}: ${color.value(formatWalletBalance(status.remainingBalance))}`, {
-		output: output ?? process.stdout,
-		spacing: 0,
-		withGuide: true
-	});
-}
-function formatWalletBalance(value) {
-	return new Intl.NumberFormat("en-US", {
-		style: "currency",
-		currency: "USD",
-		maximumFractionDigits: 2
-	}).format(value);
-}
-//#endregion
-//#region package.json
-var version$1 = "0.0.6";
-//#endregion
-//#region src/cli.ts
-const subCommands = {
-	login: loginCommand,
-	logout: logoutCommand,
-	whoami: whoamiCommand,
-	connect: connectCommand,
-	continue: continueCommand,
-	doctor: doctorCommand,
-	env: envCommand,
-	investigate: investigateCommand,
-	runs: runsCommand,
-	setup: setupCommand
-};
-const subCommandAliases = new Set([
-	"ask",
-	"me",
-	"resume"
-]);
-const cli = defineCommand({
-	meta: {
-		name: "quire",
-		version: version$1,
-		description: "Triage and investigation specialist for software teams and coding agents."
-	},
-	subCommands,
-	async run({ cmd, rawArgs }) {
-		if (rawArgs.length === 0) await showUsage(cmd);
-	}
-});
-const runMain = createMain(cli);
-async function main(rawArgs = process.argv.slice(2)) {
-	const commandArgs = normalizeRawArgs(rawArgs);
-	if (shouldUseCittyBuiltinHandling(commandArgs)) {
-		await runMain({ rawArgs: commandArgs });
-		return;
-	}
-	try {
-		await runCommand(cli, { rawArgs: commandArgs });
-	} catch (error) {
-		writeCliError(error, commandArgs);
-	}
-}
-function shouldUseCittyBuiltinHandling(rawArgs) {
-	return rawArgs.length === 0 || rawArgs.some((arg) => arg === "--help" || arg === "-h") || isVersionRequest(rawArgs);
-}
-function isVersionRequest(rawArgs) {
-	return rawArgs.length === 1 && (rawArgs[0] === "--version" || rawArgs[0] === "-v");
-}
-function normalizeRawArgs(rawArgs) {
-	const first = rawArgs[0];
-	if (first === void 0 || first.startsWith("-") || isSubCommandName(first)) return rawArgs;
-	return ["investigate", ...rawArgs];
-}
-function isSubCommandName(name) {
-	return Object.hasOwn(subCommands, name) || subCommandAliases.has(name);
-}
-function writeCliError(error, rawArgs) {
-	const message = toOneLineError(error);
-	const exitCode = readExitCode(error);
-	if (wantsJsonError(rawArgs)) console.error(JSON.stringify({ error: {
-		message,
-		exitCode
-	} }));
-	else console.error(`${color.error("Error")}: ${message}`);
-	process.exitCode = exitCode;
-}
-function wantsJsonError(rawArgs) {
-	return rawArgs.includes("--json");
-}
-//#endregion
-export { ExitCode as i, main as n, CliError as r, cli as t };