@qwen-code/qwen-code 0.18.3-preview.0 → 0.18.4-preview.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (508) hide show
  1. package/README.md +64 -492
  2. package/bundled/loop/SKILL.md +53 -26
  3. package/bundled/loop/SKILL.test.ts +67 -0
  4. package/bundled/qc-helper/docs/configuration/settings.md +25 -18
  5. package/bundled/qc-helper/docs/extension/introduction.md +38 -0
  6. package/bundled/qc-helper/docs/features/channels/_meta.ts +1 -0
  7. package/bundled/qc-helper/docs/features/channels/overview.md +4 -4
  8. package/bundled/qc-helper/docs/features/channels/qqbot.md +179 -0
  9. package/bundled/qc-helper/docs/features/commands.md +49 -0
  10. package/bundled/qc-helper/docs/features/followup-suggestions.md +10 -6
  11. package/bundled/qc-helper/docs/features/hooks.md +6 -3
  12. package/bundled/qc-helper/docs/features/status-line.md +4 -2
  13. package/bundled/qc-helper/docs/qwen-serve.md +9 -4
  14. package/bundled/qc-helper/docs/reference/keyboard-shortcuts.md +11 -5
  15. package/bundled/qc-helper/docs/support/troubleshooting.md +5 -0
  16. package/chunks/{agent-X42UKL4M.js → agent-PPGQVSZN.js} +24 -23
  17. package/chunks/{agent-headless-7FQ7NX6G.js → agent-headless-5SGQIWGS.js} +24 -23
  18. package/chunks/{anthropicContentGenerator-KLBHYGH6.js → anthropicContentGenerator-OLOGBVLP.js} +4 -4
  19. package/chunks/{askUserQuestion-QPZXR3UO.js → askUserQuestion-ANRVSBIJ.js} +2 -2
  20. package/chunks/{ca-RK4QPLIX.js → ca-K6MD665I.js} +42 -2
  21. package/chunks/chunk-2ES3D3TW.js +1026 -0
  22. package/chunks/{chunk-O4PICXES.js → chunk-2MPVVENX.js} +14 -6
  23. package/chunks/{chunk-BJ5HQ23U.js → chunk-4HMWGHPP.js} +9 -10
  24. package/chunks/{chunk-SFRV6BGY.js → chunk-4TW2JM5Q.js} +3 -3
  25. package/chunks/{chunk-ZOFNJQNJ.js → chunk-7GX7XYZU.js} +3 -3
  26. package/chunks/{chunk-VIEIRAK3.js → chunk-7OCZ77KA.js} +4 -2
  27. package/chunks/{chunk-3U2ZIZDP.js → chunk-A6OKBLUA.js} +732 -617
  28. package/chunks/{chunk-RTTAC5VW.js → chunk-AQDPHFDZ.js} +1 -1
  29. package/chunks/{chunk-U62OHNQR.js → chunk-BR6DF3Y4.js} +6 -6
  30. package/chunks/{chunk-IDYDPBBN.js → chunk-DZCZZPCY.js} +3 -3
  31. package/chunks/{chunk-ZMIBJS45.js → chunk-E5SRTXRG.js} +1 -1
  32. package/chunks/{chunk-FIQECJTQ.js → chunk-F6FP3URI.js} +1 -1
  33. package/chunks/{chunk-IQHSD7K5.js → chunk-FPZF3BNV.js} +1 -1
  34. package/chunks/{chunk-NNIYWQIS.js → chunk-HU3RKEK2.js} +2 -1
  35. package/chunks/{chunk-HA2UEYZP.js → chunk-IKOWINH4.js} +7 -4
  36. package/chunks/{chunk-JHSQY3J5.js → chunk-IS4QOHTV.js} +6 -5
  37. package/chunks/{chunk-MN5RAXVB.js → chunk-IUEQOXOI.js} +18 -6
  38. package/chunks/{chunk-CPVI5J2L.js → chunk-JIJBNW4A.js} +1 -1
  39. package/chunks/{chunk-ZNUMXPNK.js → chunk-JJHY7NAD.js} +7 -3
  40. package/chunks/{chunk-YJDVHAGL.js → chunk-JN6FVOPP.js} +2 -2
  41. package/chunks/{chunk-P5CE42XM.js → chunk-JP3LQIMW.js} +1046 -293
  42. package/chunks/{chunk-VU6A2OBJ.js → chunk-JXQ23SNT.js} +217 -219
  43. package/chunks/{chunk-WPTCDQN6.js → chunk-M5VYHAHT.js} +2 -2
  44. package/chunks/{chunk-VFW7VM7A.js → chunk-MP436DDQ.js} +131009 -128408
  45. package/chunks/{chunk-LXYWINWF.js → chunk-N5QHMPZU.js} +1 -1
  46. package/chunks/{chunk-LYSND7KR.js → chunk-PTGKSUUJ.js} +2 -2
  47. package/chunks/{chunk-6X6PTTH3.js → chunk-VNMHFAZ3.js} +24 -12
  48. package/chunks/{chunk-LYRSMKLS.js → chunk-VWPDSQZY.js} +2 -2
  49. package/chunks/{chunk-B4ZF2KSI.js → chunk-WWU2KUSR.js} +2 -2
  50. package/chunks/{chunk-QP4R5FTG.js → chunk-Z7XXFPGP.js} +4 -3
  51. package/chunks/{chunk-TW522KN6.js → chunk-ZTQ26VBE.js} +13 -6
  52. package/chunks/{computer-use-WHPP33BI.js → computer-use-LPHSGISW.js} +24 -23
  53. package/chunks/contextCommand-SQPW6JX7.js +54 -0
  54. package/chunks/{cron-create-DQKRQMCP.js → cron-create-OKGQO6GX.js} +6 -6
  55. package/chunks/{cron-delete-DOFPHFTI.js → cron-delete-DTJP7L6O.js} +6 -6
  56. package/chunks/{cron-list-RCVOO3CB.js → cron-list-VKZUASFG.js} +24 -10
  57. package/chunks/{de-FGPM4KW5.js → de-K2F3T3TR.js} +41 -1
  58. package/chunks/{dist-2UCAYOX7.js → dist-BD27IA3L.js} +16 -5
  59. package/chunks/{dist-33LHH26D.js → dist-KIYB7DQW.js} +1 -1
  60. package/chunks/{dist-UH7CYT7F.js → dist-OLC6NBSB.js} +51 -10
  61. package/chunks/dist-QFFZWACU.js +2136 -0
  62. package/chunks/{dist-KF43SZZV.js → dist-QUSDBLAK.js} +1 -1
  63. package/chunks/{edit-V22UFE4F.js → edit-OPGWEYXB.js} +26 -27
  64. package/chunks/{en-VP6XPGEC.js → en-KGSAKBJP.js} +232 -0
  65. package/chunks/{enter-worktree-HYS5U3QO.js → enter-worktree-JLFLU22E.js} +24 -23
  66. package/chunks/{enterPlanMode-UR2KPB4Y.js → enterPlanMode-JFBUNYML.js} +47 -23
  67. package/chunks/{exit-worktree-JNIUZIZ3.js → exit-worktree-NU64ZZRI.js} +191 -41
  68. package/chunks/{exitPlanMode-NJY3Y6XQ.js → exitPlanMode-UR6YQE64.js} +81 -43
  69. package/chunks/{fr-ATYBVCLT.js → fr-2CAQEOK6.js} +41 -1
  70. package/chunks/{geminiContentGenerator-SDUMCYHD.js → geminiContentGenerator-KUVZXCGX.js} +4 -4
  71. package/chunks/{glob-Z6UYFZCH.js → glob-RNX6IBFD.js} +26 -24
  72. package/chunks/{grep-WHWDB2HD.js → grep-5GUNAZFX.js} +96 -43
  73. package/chunks/{ja-W2QEA2OI.js → ja-QWL7V6OJ.js} +41 -1
  74. package/chunks/{keychain-token-storage-QSTRHKKL.js → keychain-token-storage-ALKQXYJQ.js} +2 -2
  75. package/chunks/loop-wakeup-RX6YIUSG.js +167 -0
  76. package/chunks/{ls-TRD77UTS.js → ls-6PLNWHMU.js} +3 -3
  77. package/chunks/{lsp-2VFWQPZS.js → lsp-3HFQU4OF.js} +2 -2
  78. package/chunks/{monitor-F4V4YEE4.js → monitor-LYHRV6SR.js} +24 -23
  79. package/chunks/{notebook-edit-P45433KC.js → notebook-edit-B5FEP65B.js} +25 -26
  80. package/chunks/{openaiContentGenerator-DRXB5MSN.js → openaiContentGenerator-XYMMXZFG.js} +12 -11
  81. package/chunks/{pt-ZKEWJFBW.js → pt-2SPOLMAY.js} +41 -1
  82. package/chunks/{qwenContentGenerator-3XZMXLHX.js → qwenContentGenerator-QWPW3P7K.js} +26 -25
  83. package/chunks/{qwenOAuth2-KK433U33.js → qwenOAuth2-XWC5SU63.js} +4 -4
  84. package/chunks/{read-file-WQPROSSJ.js → read-file-ROEHCU4A.js} +9 -8
  85. package/chunks/{ripGrep-EAE7GW6T.js → ripGrep-YBPCCX22.js} +24 -23
  86. package/chunks/{ru-VEKTPJ74.js → ru-35IVJTEH.js} +41 -1
  87. package/chunks/{scheduler-WCMRRLYM.js → scheduler-NIQSNCLH.js} +24 -23
  88. package/chunks/{send-message-QZOC5GA2.js → send-message-IIT3SHA7.js} +2 -2
  89. package/chunks/{serve-BVDNMP5D.js → serve-GME2SMSV.js} +1249 -279
  90. package/chunks/{shell-W4LWEOQL.js → shell-E7NADQBV.js} +24 -23
  91. package/chunks/{skill-VTJI4OPM.js → skill-WVYNAGWW.js} +11 -10
  92. package/chunks/{src-E42UOH5I.js → src-4HJAM36V.js} +137 -59
  93. package/chunks/{syntheticOutput-WJSUK4SZ.js → syntheticOutput-H67FYXU7.js} +3 -3
  94. package/chunks/{task-create-GGSC27HO.js → task-create-OVXHSHAI.js} +7 -7
  95. package/chunks/{task-list-EDHHHSK4.js → task-list-QUUCQJ3U.js} +6 -6
  96. package/chunks/{task-stop-WR5PDVZY.js → task-stop-WA5DMTKK.js} +2 -2
  97. package/chunks/{task-update-UR7NUHBV.js → task-update-PC5427TI.js} +7 -7
  98. package/chunks/{team-create-OAGMFFDJ.js → team-create-BOSQOS35.js} +26 -25
  99. package/chunks/{team-delete-FC33URJK.js → team-delete-ZTEMYRJ3.js} +6 -6
  100. package/chunks/{todoWrite-GO2ME7ZV.js → todoWrite-J6L6ELD6.js} +4 -4
  101. package/chunks/{tool-search-XZPD5EPI.js → tool-search-PPLILX5J.js} +9 -8
  102. package/chunks/{web-fetch-NLLATYIL.js → web-fetch-6XLPPTP7.js} +5 -5
  103. package/chunks/{workflow-AIC3XOX5.js → workflow-CDROZNXC.js} +242 -39
  104. package/chunks/{write-file-6GIRRW43.js → write-file-QY4X7MMO.js} +26 -27
  105. package/chunks/{zh-TW-6YFNCKTA.js → zh-TW-BSG6BUWK.js} +232 -2
  106. package/chunks/{zh-OIXDDQHB.js → zh-X4KM6MTW.js} +233 -0
  107. package/cli.js +10735 -5708
  108. package/examples/agent/agents/diary.md +1 -1
  109. package/examples/mcp-server/qwen-extension.json +8 -1
  110. package/examples/starter/agents/diary.md +1 -1
  111. package/locales/ca.js +67 -2
  112. package/locales/de.js +68 -2
  113. package/locales/en.js +304 -0
  114. package/locales/fr.js +69 -2
  115. package/locales/ja.js +65 -2
  116. package/locales/pt.js +67 -2
  117. package/locales/ru.js +68 -2
  118. package/locales/zh-TW.js +288 -2
  119. package/locales/zh.js +288 -0
  120. package/package.json +4 -3
  121. package/web-shell/assets/KaTeX_AMS-Regular-BQhdFMY1.woff2 +0 -0
  122. package/web-shell/assets/KaTeX_AMS-Regular-DMm9YOAa.woff +0 -0
  123. package/web-shell/assets/KaTeX_AMS-Regular-DRggAlZN.ttf +0 -0
  124. package/web-shell/assets/KaTeX_Caligraphic-Bold-ATXxdsX0.ttf +0 -0
  125. package/web-shell/assets/KaTeX_Caligraphic-Bold-BEiXGLvX.woff +0 -0
  126. package/web-shell/assets/KaTeX_Caligraphic-Bold-Dq_IR9rO.woff2 +0 -0
  127. package/web-shell/assets/KaTeX_Caligraphic-Regular-CTRA-rTL.woff +0 -0
  128. package/web-shell/assets/KaTeX_Caligraphic-Regular-Di6jR-x-.woff2 +0 -0
  129. package/web-shell/assets/KaTeX_Caligraphic-Regular-wX97UBjC.ttf +0 -0
  130. package/web-shell/assets/KaTeX_Fraktur-Bold-BdnERNNW.ttf +0 -0
  131. package/web-shell/assets/KaTeX_Fraktur-Bold-BsDP51OF.woff +0 -0
  132. package/web-shell/assets/KaTeX_Fraktur-Bold-CL6g_b3V.woff2 +0 -0
  133. package/web-shell/assets/KaTeX_Fraktur-Regular-CB_wures.ttf +0 -0
  134. package/web-shell/assets/KaTeX_Fraktur-Regular-CTYiF6lA.woff2 +0 -0
  135. package/web-shell/assets/KaTeX_Fraktur-Regular-Dxdc4cR9.woff +0 -0
  136. package/web-shell/assets/KaTeX_Main-Bold-Cx986IdX.woff2 +0 -0
  137. package/web-shell/assets/KaTeX_Main-Bold-Jm3AIy58.woff +0 -0
  138. package/web-shell/assets/KaTeX_Main-Bold-waoOVXN0.ttf +0 -0
  139. package/web-shell/assets/KaTeX_Main-BoldItalic-DxDJ3AOS.woff2 +0 -0
  140. package/web-shell/assets/KaTeX_Main-BoldItalic-DzxPMmG6.ttf +0 -0
  141. package/web-shell/assets/KaTeX_Main-BoldItalic-SpSLRI95.woff +0 -0
  142. package/web-shell/assets/KaTeX_Main-Italic-3WenGoN9.ttf +0 -0
  143. package/web-shell/assets/KaTeX_Main-Italic-BMLOBm91.woff +0 -0
  144. package/web-shell/assets/KaTeX_Main-Italic-NWA7e6Wa.woff2 +0 -0
  145. package/web-shell/assets/KaTeX_Main-Regular-B22Nviop.woff2 +0 -0
  146. package/web-shell/assets/KaTeX_Main-Regular-Dr94JaBh.woff +0 -0
  147. package/web-shell/assets/KaTeX_Main-Regular-ypZvNtVU.ttf +0 -0
  148. package/web-shell/assets/KaTeX_Math-BoldItalic-B3XSjfu4.ttf +0 -0
  149. package/web-shell/assets/KaTeX_Math-BoldItalic-CZnvNsCZ.woff2 +0 -0
  150. package/web-shell/assets/KaTeX_Math-BoldItalic-iY-2wyZ7.woff +0 -0
  151. package/web-shell/assets/KaTeX_Math-Italic-DA0__PXp.woff +0 -0
  152. package/web-shell/assets/KaTeX_Math-Italic-flOr_0UB.ttf +0 -0
  153. package/web-shell/assets/KaTeX_Math-Italic-t53AETM-.woff2 +0 -0
  154. package/web-shell/assets/KaTeX_SansSerif-Bold-CFMepnvq.ttf +0 -0
  155. package/web-shell/assets/KaTeX_SansSerif-Bold-D1sUS0GD.woff2 +0 -0
  156. package/web-shell/assets/KaTeX_SansSerif-Bold-DbIhKOiC.woff +0 -0
  157. package/web-shell/assets/KaTeX_SansSerif-Italic-C3H0VqGB.woff2 +0 -0
  158. package/web-shell/assets/KaTeX_SansSerif-Italic-DN2j7dab.woff +0 -0
  159. package/web-shell/assets/KaTeX_SansSerif-Italic-YYjJ1zSn.ttf +0 -0
  160. package/web-shell/assets/KaTeX_SansSerif-Regular-BNo7hRIc.ttf +0 -0
  161. package/web-shell/assets/KaTeX_SansSerif-Regular-CS6fqUqJ.woff +0 -0
  162. package/web-shell/assets/KaTeX_SansSerif-Regular-DDBCnlJ7.woff2 +0 -0
  163. package/web-shell/assets/KaTeX_Script-Regular-C5JkGWo-.ttf +0 -0
  164. package/web-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 +0 -0
  165. package/web-shell/assets/KaTeX_Script-Regular-D5yQViql.woff +0 -0
  166. package/web-shell/assets/KaTeX_Size1-Regular-C195tn64.woff +0 -0
  167. package/web-shell/assets/KaTeX_Size1-Regular-Dbsnue_I.ttf +0 -0
  168. package/web-shell/assets/KaTeX_Size1-Regular-mCD8mA8B.woff2 +0 -0
  169. package/web-shell/assets/KaTeX_Size2-Regular-B7gKUWhC.ttf +0 -0
  170. package/web-shell/assets/KaTeX_Size2-Regular-Dy4dx90m.woff2 +0 -0
  171. package/web-shell/assets/KaTeX_Size2-Regular-oD1tc_U0.woff +0 -0
  172. package/web-shell/assets/KaTeX_Size3-Regular-CTq5MqoE.woff +0 -0
  173. package/web-shell/assets/KaTeX_Size3-Regular-DgpXs0kz.ttf +0 -0
  174. package/web-shell/assets/KaTeX_Size4-Regular-BF-4gkZK.woff +0 -0
  175. package/web-shell/assets/KaTeX_Size4-Regular-DWFBv043.ttf +0 -0
  176. package/web-shell/assets/KaTeX_Size4-Regular-Dl5lxZxV.woff2 +0 -0
  177. package/web-shell/assets/KaTeX_Typewriter-Regular-C0xS9mPB.woff +0 -0
  178. package/web-shell/assets/KaTeX_Typewriter-Regular-CO6r4hn1.woff2 +0 -0
  179. package/web-shell/assets/KaTeX_Typewriter-Regular-D3Ib7_Hf.ttf +0 -0
  180. package/web-shell/assets/abap-DsBKuouk.js +1 -0
  181. package/web-shell/assets/actionscript-3-D_z4Izcz.js +1 -0
  182. package/web-shell/assets/ada-727ZlQH0.js +1 -0
  183. package/web-shell/assets/andromeeda-C3khCPGq.js +1 -0
  184. package/web-shell/assets/angular-html-LfdN0zeE.js +1 -0
  185. package/web-shell/assets/angular-ts-CKsD7JZE.js +1 -0
  186. package/web-shell/assets/apache-Dn00JSTd.js +1 -0
  187. package/web-shell/assets/apex-COJ4H7py.js +1 -0
  188. package/web-shell/assets/apl-BBq3IX1j.js +1 -0
  189. package/web-shell/assets/applescript-Bu5BbsvL.js +1 -0
  190. package/web-shell/assets/ara-7O62HKoU.js +1 -0
  191. package/web-shell/assets/arc-CRFN10gD.js +1 -0
  192. package/web-shell/assets/architectureDiagram-3BPJPVTR-IRlu1CpH.js +36 -0
  193. package/web-shell/assets/asciidoc-BPT9niGB.js +1 -0
  194. package/web-shell/assets/asm-Dhn9LcZ4.js +1 -0
  195. package/web-shell/assets/astro-CqkE3fuf.js +1 -0
  196. package/web-shell/assets/aurora-x-D-2ljcwZ.js +1 -0
  197. package/web-shell/assets/awk-eg146-Ew.js +1 -0
  198. package/web-shell/assets/ayu-dark-Cv9koXgw.js +1 -0
  199. package/web-shell/assets/ballerina-Du268qiB.js +1 -0
  200. package/web-shell/assets/bat-fje9CFhw.js +1 -0
  201. package/web-shell/assets/beancount-BwXTMy5W.js +1 -0
  202. package/web-shell/assets/berry-3xVqZejG.js +1 -0
  203. package/web-shell/assets/bibtex-xW4inM5L.js +1 -0
  204. package/web-shell/assets/bicep-DHo0CJ0O.js +1 -0
  205. package/web-shell/assets/blade-a8OxSdnT.js +1 -0
  206. package/web-shell/assets/blockDiagram-GPEHLZMM-htIZ6iw8.js +132 -0
  207. package/web-shell/assets/bsl-Dgyn0ogV.js +1 -0
  208. package/web-shell/assets/c-C3t2pwGQ.js +1 -0
  209. package/web-shell/assets/c4Diagram-AAUBKEIU-A2GoRq3O.js +10 -0
  210. package/web-shell/assets/cadence-DNquZEk8.js +1 -0
  211. package/web-shell/assets/cairo--RitsXJZ.js +1 -0
  212. package/web-shell/assets/catppuccin-frappe-CD_QflpE.js +1 -0
  213. package/web-shell/assets/catppuccin-latte-DRW-0cLl.js +1 -0
  214. package/web-shell/assets/catppuccin-macchiato-C-_shW-Y.js +1 -0
  215. package/web-shell/assets/catppuccin-mocha-LGGdnPYs.js +1 -0
  216. package/web-shell/assets/channel-WwImfsc7.js +1 -0
  217. package/web-shell/assets/chunk-2J33WTMH-CdP2AC6u.js +1 -0
  218. package/web-shell/assets/chunk-4BX2VUAB-DrA07nW2.js +1 -0
  219. package/web-shell/assets/chunk-55IACEB6-CFGnVU2f.js +1 -0
  220. package/web-shell/assets/chunk-727SXJPM-BTMkq3Tk.js +206 -0
  221. package/web-shell/assets/chunk-AQP2D5EJ-C9sYg04Z.js +231 -0
  222. package/web-shell/assets/chunk-FMBD7UC4-Cag-cj6I.js +15 -0
  223. package/web-shell/assets/chunk-ND2GUHAM-CDSTFoR7.js +1 -0
  224. package/web-shell/assets/chunk-QZHKN3VN-CN9Z6oOs.js +1 -0
  225. package/web-shell/assets/clarity-BHOwM8T6.js +1 -0
  226. package/web-shell/assets/classDiagram-4FO5ZUOK-CJKQYFeJ.js +1 -0
  227. package/web-shell/assets/classDiagram-v2-Q7XG4LA2-CJKQYFeJ.js +1 -0
  228. package/web-shell/assets/clojure-DxSadP1t.js +1 -0
  229. package/web-shell/assets/cmake-DbXoA79R.js +1 -0
  230. package/web-shell/assets/cobol-PTqiYgYu.js +1 -0
  231. package/web-shell/assets/codeowners-Bp6g37R7.js +1 -0
  232. package/web-shell/assets/codeql-sacFqUAJ.js +1 -0
  233. package/web-shell/assets/coffee-dyiR41kL.js +1 -0
  234. package/web-shell/assets/common-lisp-C7gG9l05.js +1 -0
  235. package/web-shell/assets/coq-Dsg_Bt_b.js +1 -0
  236. package/web-shell/assets/cose-bilkent-S5V4N54A-DuN9j8Du.js +1 -0
  237. package/web-shell/assets/cpp-BksuvNSY.js +1 -0
  238. package/web-shell/assets/crystal-DtDmRg-F.js +1 -0
  239. package/web-shell/assets/csharp-D9R-vmeu.js +1 -0
  240. package/web-shell/assets/css-BPhBrDlE.js +1 -0
  241. package/web-shell/assets/csv-B0qRVHPH.js +1 -0
  242. package/web-shell/assets/cue-DtFQj3wx.js +1 -0
  243. package/web-shell/assets/cypher-m2LEI-9-.js +1 -0
  244. package/web-shell/assets/cytoscape.esm-CUqq0XTU.js +331 -0
  245. package/web-shell/assets/d-BoXegm-a.js +1 -0
  246. package/web-shell/assets/dagre-BM42HDAG-ByCWe45f.js +4 -0
  247. package/web-shell/assets/dark-plus-C3mMm8J8.js +1 -0
  248. package/web-shell/assets/dart-B9wLZaAG.js +1 -0
  249. package/web-shell/assets/dax-ClGRhx96.js +1 -0
  250. package/web-shell/assets/defaultLocale-DX6XiGOO.js +1 -0
  251. package/web-shell/assets/desktop-DEIpsLCJ.js +1 -0
  252. package/web-shell/assets/diagram-2AECGRRQ-eWyU_pKZ.js +43 -0
  253. package/web-shell/assets/diagram-5GNKFQAL-0Bfu3Fq5.js +10 -0
  254. package/web-shell/assets/diagram-KO2AKTUF-B6KBKkQP.js +3 -0
  255. package/web-shell/assets/diagram-LMA3HP47-TToDmeA_.js +24 -0
  256. package/web-shell/assets/diagram-OG6HWLK6-CQCkC2Yx.js +24 -0
  257. package/web-shell/assets/diff-BgYniUM_.js +1 -0
  258. package/web-shell/assets/docker-COcR7UxN.js +1 -0
  259. package/web-shell/assets/dotenv-BjQB5zDj.js +1 -0
  260. package/web-shell/assets/dracula-BzJJZx-M.js +1 -0
  261. package/web-shell/assets/dracula-soft-BXkSAIEj.js +1 -0
  262. package/web-shell/assets/dream-maker-C-nORZOA.js +1 -0
  263. package/web-shell/assets/edge-D5gP-w-T.js +1 -0
  264. package/web-shell/assets/elixir-CLiX3zqd.js +1 -0
  265. package/web-shell/assets/elm-CmHSxxaM.js +1 -0
  266. package/web-shell/assets/emacs-lisp-BX77sIaO.js +1 -0
  267. package/web-shell/assets/erDiagram-TEJ5UH35-Cm9ls1iB.js +85 -0
  268. package/web-shell/assets/erb-BYTLMnw6.js +1 -0
  269. package/web-shell/assets/erlang-B-DoSBHF.js +1 -0
  270. package/web-shell/assets/everforest-dark-BgDCqdQA.js +1 -0
  271. package/web-shell/assets/everforest-light-C8M2exoo.js +1 -0
  272. package/web-shell/assets/fennel-bCA53EVm.js +1 -0
  273. package/web-shell/assets/fish-w-ucz2PV.js +1 -0
  274. package/web-shell/assets/flowDiagram-I6XJVG4X-Dyoz80Pv.js +162 -0
  275. package/web-shell/assets/fluent-Dayu4EKP.js +1 -0
  276. package/web-shell/assets/fortran-fixed-form-TqA4NnZg.js +1 -0
  277. package/web-shell/assets/fortran-free-form-DKXYxT9g.js +1 -0
  278. package/web-shell/assets/fsharp-XplgxFYe.js +1 -0
  279. package/web-shell/assets/ganttDiagram-6RSMTGT7-Cfut9yaU.js +292 -0
  280. package/web-shell/assets/gdresource-BHYsBjWJ.js +1 -0
  281. package/web-shell/assets/gdscript-DfxzS6Rs.js +1 -0
  282. package/web-shell/assets/gdshader-SKMF96pI.js +1 -0
  283. package/web-shell/assets/genie-ajMbGru0.js +1 -0
  284. package/web-shell/assets/gherkin--30QC5Em.js +1 -0
  285. package/web-shell/assets/git-commit-i4q6IMui.js +1 -0
  286. package/web-shell/assets/git-rebase-B-v9cOL2.js +1 -0
  287. package/web-shell/assets/gitGraphDiagram-PVQCEYII-BCuJdlfD.js +106 -0
  288. package/web-shell/assets/github-dark-DHJKELXO.js +1 -0
  289. package/web-shell/assets/github-dark-default-Cuk6v7N8.js +1 -0
  290. package/web-shell/assets/github-dark-dimmed-DH5Ifo-i.js +1 -0
  291. package/web-shell/assets/github-dark-high-contrast-E3gJ1_iC.js +1 -0
  292. package/web-shell/assets/github-light-DAi9KRSo.js +1 -0
  293. package/web-shell/assets/github-light-default-D7oLnXFd.js +1 -0
  294. package/web-shell/assets/github-light-high-contrast-BfjtVDDH.js +1 -0
  295. package/web-shell/assets/gleam-B430Bg39.js +1 -0
  296. package/web-shell/assets/glimmer-js-D-cwc0-E.js +1 -0
  297. package/web-shell/assets/glimmer-ts-pgjy16dm.js +1 -0
  298. package/web-shell/assets/glsl-DBO2IWDn.js +1 -0
  299. package/web-shell/assets/gnuplot-CM8KxXT1.js +1 -0
  300. package/web-shell/assets/go-B1SYOhNW.js +1 -0
  301. package/web-shell/assets/graph-qsFoMdT2.js +1 -0
  302. package/web-shell/assets/graphql-cDcHW_If.js +1 -0
  303. package/web-shell/assets/groovy-DkBy-JyN.js +1 -0
  304. package/web-shell/assets/hack-D1yCygmZ.js +1 -0
  305. package/web-shell/assets/haml-B2EZWmdv.js +1 -0
  306. package/web-shell/assets/handlebars-BQGss363.js +1 -0
  307. package/web-shell/assets/haskell-BILxekzW.js +1 -0
  308. package/web-shell/assets/haxe-C5wWYbrZ.js +1 -0
  309. package/web-shell/assets/hcl-HzYwdGDm.js +1 -0
  310. package/web-shell/assets/hjson-T-Tgc4AT.js +1 -0
  311. package/web-shell/assets/hlsl-ifBTmRxC.js +1 -0
  312. package/web-shell/assets/houston-DnULxvSX.js +1 -0
  313. package/web-shell/assets/html-C2L_23MC.js +1 -0
  314. package/web-shell/assets/html-derivative-CSfWNPLT.js +1 -0
  315. package/web-shell/assets/http-FRrOvY1W.js +1 -0
  316. package/web-shell/assets/hxml-TIA70rKU.js +1 -0
  317. package/web-shell/assets/hy-BMj5Y0dO.js +1 -0
  318. package/web-shell/assets/imba-bv_oIlVt.js +1 -0
  319. package/web-shell/assets/index-BDZiTAkl.css +1 -0
  320. package/web-shell/assets/index-DaebdpHq.js +516 -0
  321. package/web-shell/assets/infoDiagram-5YYISTIA-CXKxF2VL.js +2 -0
  322. package/web-shell/assets/ini-BjABl1g7.js +1 -0
  323. package/web-shell/assets/init-Gi6I4Gst.js +1 -0
  324. package/web-shell/assets/ishikawaDiagram-YF4QCWOH-DE7HWSU8.js +70 -0
  325. package/web-shell/assets/java-xI-RfyKK.js +1 -0
  326. package/web-shell/assets/javascript-ySlJ1b_l.js +1 -0
  327. package/web-shell/assets/jinja-DGy0s7-h.js +1 -0
  328. package/web-shell/assets/jison-BqZprYcd.js +1 -0
  329. package/web-shell/assets/journeyDiagram-JHISSGLW-D__YUfds.js +139 -0
  330. package/web-shell/assets/json-BQoSv7ci.js +1 -0
  331. package/web-shell/assets/json5-w8dY5SsB.js +1 -0
  332. package/web-shell/assets/jsonc-TU54ms6u.js +1 -0
  333. package/web-shell/assets/jsonl-DREVFZK8.js +1 -0
  334. package/web-shell/assets/jsonnet-BfivnA6A.js +1 -0
  335. package/web-shell/assets/jssm-P4WzXJd0.js +1 -0
  336. package/web-shell/assets/jsx-BAng5TT0.js +1 -0
  337. package/web-shell/assets/julia-BBuGR-5E.js +1 -0
  338. package/web-shell/assets/kanagawa-dragon-CkXjmgJE.js +1 -0
  339. package/web-shell/assets/kanagawa-lotus-CfQXZHmo.js +1 -0
  340. package/web-shell/assets/kanagawa-wave-DWedfzmr.js +1 -0
  341. package/web-shell/assets/kanban-definition-UN3LZRKU-D82R169M.js +89 -0
  342. package/web-shell/assets/kotlin-B5lbUyaz.js +1 -0
  343. package/web-shell/assets/kusto-mebxcVVE.js +1 -0
  344. package/web-shell/assets/laserwave-DUszq2jm.js +1 -0
  345. package/web-shell/assets/latex-C-cWTeAZ.js +1 -0
  346. package/web-shell/assets/layout-CNYaLpI5.js +1 -0
  347. package/web-shell/assets/lean-XBlWyCtg.js +1 -0
  348. package/web-shell/assets/less-BfCpw3nA.js +1 -0
  349. package/web-shell/assets/light-plus-B7mTdjB0.js +1 -0
  350. package/web-shell/assets/linear-DpyMbKqT.js +1 -0
  351. package/web-shell/assets/liquid-D3W5UaiH.js +1 -0
  352. package/web-shell/assets/log-Cc5clBb7.js +1 -0
  353. package/web-shell/assets/logo-IuBKFhSY.js +1 -0
  354. package/web-shell/assets/lua-CvWAzNxB.js +1 -0
  355. package/web-shell/assets/luau-Du5NY7AG.js +1 -0
  356. package/web-shell/assets/make-Bvotw-X0.js +1 -0
  357. package/web-shell/assets/markdown-UIAJJxZW.js +1 -0
  358. package/web-shell/assets/marko-z0MBrx5-.js +1 -0
  359. package/web-shell/assets/material-theme-D5KoaKCx.js +1 -0
  360. package/web-shell/assets/material-theme-darker-BfHTSMKl.js +1 -0
  361. package/web-shell/assets/material-theme-lighter-B0m2ddpp.js +1 -0
  362. package/web-shell/assets/material-theme-ocean-CyktbL80.js +1 -0
  363. package/web-shell/assets/material-theme-palenight-Csfq5Kiy.js +1 -0
  364. package/web-shell/assets/matlab-D9-PGadD.js +1 -0
  365. package/web-shell/assets/mdc-DB_EDNY_.js +1 -0
  366. package/web-shell/assets/mdx-sdHcTMYB.js +1 -0
  367. package/web-shell/assets/mermaid-Ci6OQyBP.js +1 -0
  368. package/web-shell/assets/mermaid.core-D1KEFDhn.js +309 -0
  369. package/web-shell/assets/min-dark-CafNBF8u.js +1 -0
  370. package/web-shell/assets/min-light-CTRr51gU.js +1 -0
  371. package/web-shell/assets/mindmap-definition-RKZ34NQL-BwVUFGFE.js +96 -0
  372. package/web-shell/assets/mipsasm-BC5c_5Pe.js +1 -0
  373. package/web-shell/assets/mojo-Tz6hzZYG.js +1 -0
  374. package/web-shell/assets/monokai-D4h5O-jR.js +1 -0
  375. package/web-shell/assets/move-DB_GagMm.js +1 -0
  376. package/web-shell/assets/narrat-DLbgOhZU.js +1 -0
  377. package/web-shell/assets/nextflow-B0XVJmRM.js +1 -0
  378. package/web-shell/assets/nginx-D_VnBJ67.js +1 -0
  379. package/web-shell/assets/night-owl-C39BiMTA.js +1 -0
  380. package/web-shell/assets/nim-ZlGxZxc3.js +1 -0
  381. package/web-shell/assets/nix-shcSOmrb.js +1 -0
  382. package/web-shell/assets/nord-Ddv68eIx.js +1 -0
  383. package/web-shell/assets/nushell-D4Tzg5kh.js +1 -0
  384. package/web-shell/assets/objective-c-Deuh7S70.js +1 -0
  385. package/web-shell/assets/objective-cpp-BUEGK8hf.js +1 -0
  386. package/web-shell/assets/ocaml-BNioltXt.js +1 -0
  387. package/web-shell/assets/one-dark-pro-GBQ2dnAY.js +1 -0
  388. package/web-shell/assets/one-light-PoHY5YXO.js +1 -0
  389. package/web-shell/assets/ordinal-Cboi1Yqb.js +1 -0
  390. package/web-shell/assets/pascal-JqZropPD.js +1 -0
  391. package/web-shell/assets/perl-CHQXSrWU.js +1 -0
  392. package/web-shell/assets/php-B5ebYQev.js +1 -0
  393. package/web-shell/assets/pieDiagram-4H26LBE5-BO_qoEGx.js +30 -0
  394. package/web-shell/assets/plastic-3e1v2bzS.js +1 -0
  395. package/web-shell/assets/plsql-LKU2TuZ1.js +1 -0
  396. package/web-shell/assets/po-BFLt1xDp.js +1 -0
  397. package/web-shell/assets/poimandres-CS3Unz2-.js +1 -0
  398. package/web-shell/assets/polar-DKykz6zU.js +1 -0
  399. package/web-shell/assets/postcss-B3ZDOciz.js +1 -0
  400. package/web-shell/assets/powerquery-CSHBycmS.js +1 -0
  401. package/web-shell/assets/powershell-BIEUsx6d.js +1 -0
  402. package/web-shell/assets/prisma-B48N-Iqd.js +1 -0
  403. package/web-shell/assets/prolog-BY-TUvya.js +1 -0
  404. package/web-shell/assets/proto-zocC4JxJ.js +1 -0
  405. package/web-shell/assets/pug-CM9l7STV.js +1 -0
  406. package/web-shell/assets/puppet-Cza_XSSt.js +1 -0
  407. package/web-shell/assets/purescript-Bg-kzb6g.js +1 -0
  408. package/web-shell/assets/python-DhUJRlN_.js +1 -0
  409. package/web-shell/assets/qml-D8XfuvdV.js +1 -0
  410. package/web-shell/assets/qmldir-C8lEn-DE.js +1 -0
  411. package/web-shell/assets/qss-DhMKtDLN.js +1 -0
  412. package/web-shell/assets/quadrantDiagram-W4KKPZXB-Cx0ZaWPo.js +7 -0
  413. package/web-shell/assets/r-CwjWoCRV.js +1 -0
  414. package/web-shell/assets/racket-CzouJOBO.js +1 -0
  415. package/web-shell/assets/raku-B1bQXN8T.js +1 -0
  416. package/web-shell/assets/razor-CNLDkMZG.js +1 -0
  417. package/web-shell/assets/red-bN70gL4F.js +1 -0
  418. package/web-shell/assets/reg-5LuOXUq_.js +1 -0
  419. package/web-shell/assets/regexp-DWJ3fJO_.js +1 -0
  420. package/web-shell/assets/rel-DJlmqQ1C.js +1 -0
  421. package/web-shell/assets/requirementDiagram-4Y6WPE33-BJPXejOA.js +84 -0
  422. package/web-shell/assets/riscv-QhoSD0DR.js +1 -0
  423. package/web-shell/assets/rose-pine-CmCqftbK.js +1 -0
  424. package/web-shell/assets/rose-pine-dawn-Ds-gbosJ.js +1 -0
  425. package/web-shell/assets/rose-pine-moon-CjDtw9vr.js +1 -0
  426. package/web-shell/assets/rst-4NLicBqY.js +1 -0
  427. package/web-shell/assets/ruby-DeZ3UC14.js +1 -0
  428. package/web-shell/assets/rust-Be6lgOlo.js +1 -0
  429. package/web-shell/assets/sankeyDiagram-5OEKKPKP-C1xeIL9i.js +40 -0
  430. package/web-shell/assets/sas-BmTFh92c.js +1 -0
  431. package/web-shell/assets/sass-BJ4Li9vH.js +1 -0
  432. package/web-shell/assets/scala-DQVVAn-B.js +1 -0
  433. package/web-shell/assets/scheme-BJGe-b2p.js +1 -0
  434. package/web-shell/assets/scss-C31hgJw-.js +1 -0
  435. package/web-shell/assets/sdbl-BLhTXw86.js +1 -0
  436. package/web-shell/assets/sequenceDiagram-3UESZ5HK-CSYKQUjf.js +162 -0
  437. package/web-shell/assets/shaderlab-B7qAK45m.js +1 -0
  438. package/web-shell/assets/shellscript-atvbtKCR.js +1 -0
  439. package/web-shell/assets/shellsession-C_rIy8kc.js +1 -0
  440. package/web-shell/assets/slack-dark-BthQWCQV.js +1 -0
  441. package/web-shell/assets/slack-ochin-DqwNpetd.js +1 -0
  442. package/web-shell/assets/smalltalk-DkLiglaE.js +1 -0
  443. package/web-shell/assets/snazzy-light-Bw305WKR.js +1 -0
  444. package/web-shell/assets/solarized-dark-DXbdFlpD.js +1 -0
  445. package/web-shell/assets/solarized-light-L9t79GZl.js +1 -0
  446. package/web-shell/assets/solidity-C1w2a3ep.js +1 -0
  447. package/web-shell/assets/soy-C-lX7w71.js +1 -0
  448. package/web-shell/assets/sparql-bYkjHRlG.js +1 -0
  449. package/web-shell/assets/splunk-Cf8iN4DR.js +1 -0
  450. package/web-shell/assets/sql-COK4E0Yg.js +1 -0
  451. package/web-shell/assets/ssh-config-BknIz3MU.js +1 -0
  452. package/web-shell/assets/stata-DorPZHa4.js +1 -0
  453. package/web-shell/assets/stateDiagram-AJRCARHV-d9hiHlAW.js +1 -0
  454. package/web-shell/assets/stateDiagram-v2-BHNVJYJU-DgReoybQ.js +1 -0
  455. package/web-shell/assets/stylus-BeQkCIfX.js +1 -0
  456. package/web-shell/assets/svelte-MSaWC3Je.js +1 -0
  457. package/web-shell/assets/swift-BSxZ-RaX.js +1 -0
  458. package/web-shell/assets/synthwave-84-CbfX1IO0.js +1 -0
  459. package/web-shell/assets/system-verilog-C7L56vO4.js +1 -0
  460. package/web-shell/assets/systemd-CUnW07Te.js +1 -0
  461. package/web-shell/assets/talonscript-C1XDQQGZ.js +1 -0
  462. package/web-shell/assets/tasl-CQjiPCtT.js +1 -0
  463. package/web-shell/assets/tcl-DQ1-QYvQ.js +1 -0
  464. package/web-shell/assets/templ-dwX3ZSMB.js +1 -0
  465. package/web-shell/assets/terraform-BbSNqyBO.js +1 -0
  466. package/web-shell/assets/tex-rYs2v40G.js +1 -0
  467. package/web-shell/assets/timeline-definition-PNZ67QCA-BhCBkq8k.js +120 -0
  468. package/web-shell/assets/tokyo-night-DBQeEorK.js +1 -0
  469. package/web-shell/assets/toml-CB2ApiWb.js +1 -0
  470. package/web-shell/assets/ts-tags-CipyTH0X.js +1 -0
  471. package/web-shell/assets/tsv-B_m7g4N7.js +1 -0
  472. package/web-shell/assets/tsx-B6W0miNI.js +1 -0
  473. package/web-shell/assets/turtle-BMR_PYu6.js +1 -0
  474. package/web-shell/assets/twig-NC5TFiHP.js +1 -0
  475. package/web-shell/assets/typescript-Dj6nwHGl.js +1 -0
  476. package/web-shell/assets/typespec-BpWG_bgh.js +1 -0
  477. package/web-shell/assets/typst-BVUVsWT6.js +1 -0
  478. package/web-shell/assets/v-CAQ2eGtk.js +1 -0
  479. package/web-shell/assets/vala-BFOHcciG.js +1 -0
  480. package/web-shell/assets/vb-CdO5JTpU.js +1 -0
  481. package/web-shell/assets/vennDiagram-CIIHVFJN-DPPFWp_y.js +34 -0
  482. package/web-shell/assets/verilog-CJaU5se_.js +1 -0
  483. package/web-shell/assets/vesper-BEBZ7ncR.js +1 -0
  484. package/web-shell/assets/vhdl-DYoNaHQp.js +1 -0
  485. package/web-shell/assets/viml-m4uW47V2.js +1 -0
  486. package/web-shell/assets/vitesse-black-Bkuqu6BP.js +1 -0
  487. package/web-shell/assets/vitesse-dark-D0r3Knsf.js +1 -0
  488. package/web-shell/assets/vitesse-light-CVO1_9PV.js +1 -0
  489. package/web-shell/assets/vue-BuYVFjOK.js +1 -0
  490. package/web-shell/assets/vue-html-xdeiXROB.js +1 -0
  491. package/web-shell/assets/vyper-nyqBNV6O.js +1 -0
  492. package/web-shell/assets/wardley-L42UT6IY-CcOUIgXY.js +173 -0
  493. package/web-shell/assets/wardleyDiagram-YWT4CUSO-p7oR5X7r.js +78 -0
  494. package/web-shell/assets/wasm-C6j12Q_x.js +1 -0
  495. package/web-shell/assets/wasm-CG6Dc4jp.js +1 -0
  496. package/web-shell/assets/wenyan-7A4Fjokl.js +1 -0
  497. package/web-shell/assets/wgsl-CB0Krxn9.js +1 -0
  498. package/web-shell/assets/wikitext-DCE3LsBG.js +1 -0
  499. package/web-shell/assets/wolfram-C3FkfJm5.js +1 -0
  500. package/web-shell/assets/xml-e3z08dGr.js +1 -0
  501. package/web-shell/assets/xsl-Dd0NUgwM.js +1 -0
  502. package/web-shell/assets/xychartDiagram-2RQKCTM6-Dfr7-SEy.js +7 -0
  503. package/web-shell/assets/yaml-CVw76BM1.js +1 -0
  504. package/web-shell/assets/zenscript-HnGAYVZD.js +1 -0
  505. package/web-shell/assets/zig-BVz_zdnA.js +1 -0
  506. package/web-shell/index.html +23 -0
  507. package/chunks/chunk-C64WAJOC.js +0 -117
  508. package/chunks/contextCommand-WP7BU7IY.js +0 -53
@@ -63,10 +63,11 @@ import {
63
63
  getNpmVersion,
64
64
  getSettingDefinition,
65
65
  isNotCurrentlyGeneratingCancelError,
66
+ isWorkspaceTrusted,
66
67
  loadSettings,
67
68
  mapDomainErrorToErrorKind,
68
69
  reloadEnvironment
69
- } from "./chunk-3U2ZIZDP.js";
70
+ } from "./chunk-A6OKBLUA.js";
70
71
  import {
71
72
  ClientSideConnection,
72
73
  PROTOCOL_VERSION,
@@ -77,13 +78,14 @@ import {
77
78
  SUPPORTED_LANGUAGES,
78
79
  writeStderrLine,
79
80
  writeStdoutLine
80
- } from "./chunk-6X6PTTH3.js";
81
+ } from "./chunk-VNMHFAZ3.js";
81
82
  import {
82
83
  ALL_PROVIDERS,
83
84
  APPROVAL_MODES,
84
85
  BTW_MAX_INPUT_LENGTH,
85
86
  BuiltinAgentRegistry,
86
87
  Client,
88
+ ExtensionManager,
87
89
  SessionService,
88
90
  ShellExecutionService,
89
91
  StandardFileSystemService,
@@ -98,32 +100,36 @@ import {
98
100
  applyProviderInstallPlan,
99
101
  buildInstallPlan,
100
102
  canUseRipgrep,
103
+ checkForExtensionUpdate,
101
104
  detectLineEnding,
102
105
  encodeTextFileContent,
103
106
  findProviderById,
104
107
  getDefaultModelIds,
105
108
  glob,
106
109
  loadIgnoreRules,
110
+ parseInstallSource,
111
+ redactUrlCredentials,
107
112
  require_once,
108
113
  resolveBaseUrl,
114
+ resolveBundleDir,
109
115
  shouldShowStep,
110
116
  writeWorkspaceContextFile
111
- } from "./chunk-VFW7VM7A.js";
117
+ } from "./chunk-MP436DDQ.js";
112
118
  import "./chunk-K5PGHDBN.js";
113
- import "./chunk-VIEIRAK3.js";
114
- import "./chunk-O4PICXES.js";
115
- import "./chunk-TW522KN6.js";
116
- import "./chunk-BJ5HQ23U.js";
117
- import "./chunk-SFRV6BGY.js";
118
- import "./chunk-ZOFNJQNJ.js";
119
- import "./chunk-WPTCDQN6.js";
120
- import "./chunk-OMX7CUOE.js";
119
+ import "./chunk-7GX7XYZU.js";
120
+ import "./chunk-7OCZ77KA.js";
121
+ import "./chunk-2ES3D3TW.js";
122
+ import "./chunk-2MPVVENX.js";
123
+ import "./chunk-ZTQ26VBE.js";
124
+ import "./chunk-4HMWGHPP.js";
125
+ import "./chunk-4TW2JM5Q.js";
126
+ import "./chunk-M5VYHAHT.js";
121
127
  import "./chunk-MLZQVCF3.js";
122
128
  import "./chunk-LD2XBG6Z.js";
123
- import "./chunk-CPVI5J2L.js";
124
- import "./chunk-ZMIBJS45.js";
129
+ import "./chunk-JIJBNW4A.js";
130
+ import "./chunk-E5SRTXRG.js";
125
131
  import "./chunk-77WXWU44.js";
126
- import "./chunk-B4ZF2KSI.js";
132
+ import "./chunk-WWU2KUSR.js";
127
133
  import {
128
134
  DAEMON_TRACEPARENT_META_KEY,
129
135
  DAEMON_TRACESTATE_META_KEY,
@@ -154,14 +160,15 @@ import {
154
160
  resolveTelemetrySettings,
155
161
  shutdownTelemetry,
156
162
  withDaemonRequestSpan
157
- } from "./chunk-P5CE42XM.js";
163
+ } from "./chunk-JP3LQIMW.js";
158
164
  import "./chunk-3PJXIDKI.js";
159
165
  import "./chunk-UWCTAVOD.js";
160
166
  import "./chunk-OFEVLU4C.js";
161
- import "./chunk-IQHSD7K5.js";
162
- import "./chunk-LYRSMKLS.js";
163
- import "./chunk-RTTAC5VW.js";
164
- import "./chunk-ZNUMXPNK.js";
167
+ import "./chunk-OMX7CUOE.js";
168
+ import "./chunk-FPZF3BNV.js";
169
+ import "./chunk-VWPDSQZY.js";
170
+ import "./chunk-AQDPHFDZ.js";
171
+ import "./chunk-JJHY7NAD.js";
165
172
  import {
166
173
  QwenOAuth2Client,
167
174
  QwenOAuthPollError,
@@ -170,15 +177,15 @@ import {
170
177
  isDeviceAuthorizationSuccess,
171
178
  isDeviceTokenPending,
172
179
  isDeviceTokenSuccess
173
- } from "./chunk-IDYDPBBN.js";
174
- import "./chunk-FIQECJTQ.js";
180
+ } from "./chunk-DZCZZPCY.js";
181
+ import "./chunk-F6FP3URI.js";
175
182
  import "./chunk-64WXLC72.js";
176
- import "./chunk-LXYWINWF.js";
183
+ import "./chunk-N5QHMPZU.js";
177
184
  import {
178
185
  detectRuntime,
179
186
  redactProxyCredentials
180
- } from "./chunk-NNIYWQIS.js";
181
- import "./chunk-LYSND7KR.js";
187
+ } from "./chunk-HU3RKEK2.js";
188
+ import "./chunk-PTGKSUUJ.js";
182
189
  import "./chunk-55ZMG67I.js";
183
190
  import {
184
191
  import_websocket_server
@@ -187,7 +194,7 @@ import "./chunk-5IFG2VC4.js";
187
194
  import {
188
195
  Storage,
189
196
  updateSymlink
190
- } from "./chunk-HA2UEYZP.js";
197
+ } from "./chunk-IKOWINH4.js";
191
198
  import "./chunk-ZERZSAZL.js";
192
199
  import {
193
200
  require_src
@@ -9239,11 +9246,11 @@ var require_mime_types = __commonJS({
9239
9246
  return exts[0];
9240
9247
  }
9241
9248
  __name(extension, "extension");
9242
- function lookup(path14) {
9243
- if (!path14 || typeof path14 !== "string") {
9249
+ function lookup(path15) {
9250
+ if (!path15 || typeof path15 !== "string") {
9244
9251
  return false;
9245
9252
  }
9246
- var extension2 = extname("x." + path14).toLowerCase().slice(1);
9253
+ var extension2 = extname("x." + path15).toLowerCase().slice(1);
9247
9254
  if (!extension2) {
9248
9255
  return false;
9249
9256
  }
@@ -10374,13 +10381,13 @@ var require_view = __commonJS({
10374
10381
  "use strict";
10375
10382
  init_esbuild_shims();
10376
10383
  var debug = require_src()("express:view");
10377
- var path14 = __require("node:path");
10384
+ var path15 = __require("node:path");
10378
10385
  var fs7 = __require("node:fs");
10379
- var dirname5 = path14.dirname;
10380
- var basename3 = path14.basename;
10381
- var extname = path14.extname;
10382
- var join6 = path14.join;
10383
- var resolve6 = path14.resolve;
10386
+ var dirname6 = path15.dirname;
10387
+ var basename3 = path15.basename;
10388
+ var extname = path15.extname;
10389
+ var join7 = path15.join;
10390
+ var resolve6 = path15.resolve;
10384
10391
  module.exports = View;
10385
10392
  function View(name, options) {
10386
10393
  var opts = options || {};
@@ -10410,17 +10417,17 @@ var require_view = __commonJS({
10410
10417
  }
10411
10418
  __name(View, "View");
10412
10419
  View.prototype.lookup = /* @__PURE__ */ __name(function lookup(name) {
10413
- var path15;
10420
+ var path16;
10414
10421
  var roots = [].concat(this.root);
10415
10422
  debug('lookup "%s"', name);
10416
- for (var i = 0; i < roots.length && !path15; i++) {
10423
+ for (var i = 0; i < roots.length && !path16; i++) {
10417
10424
  var root = roots[i];
10418
10425
  var loc = resolve6(root, name);
10419
- var dir = dirname5(loc);
10426
+ var dir = dirname6(loc);
10420
10427
  var file = basename3(loc);
10421
- path15 = this.resolve(dir, file);
10428
+ path16 = this.resolve(dir, file);
10422
10429
  }
10423
- return path15;
10430
+ return path16;
10424
10431
  }, "lookup");
10425
10432
  View.prototype.render = /* @__PURE__ */ __name(function render(options, callback) {
10426
10433
  var sync = true;
@@ -10442,21 +10449,21 @@ var require_view = __commonJS({
10442
10449
  }, "render");
10443
10450
  View.prototype.resolve = /* @__PURE__ */ __name(function resolve7(dir, file) {
10444
10451
  var ext = this.ext;
10445
- var path15 = join6(dir, file);
10446
- var stat = tryStat(path15);
10452
+ var path16 = join7(dir, file);
10453
+ var stat = tryStat(path16);
10447
10454
  if (stat && stat.isFile()) {
10448
- return path15;
10455
+ return path16;
10449
10456
  }
10450
- path15 = join6(dir, basename3(file, ext), "index" + ext);
10451
- stat = tryStat(path15);
10457
+ path16 = join7(dir, basename3(file, ext), "index" + ext);
10458
+ stat = tryStat(path16);
10452
10459
  if (stat && stat.isFile()) {
10453
- return path15;
10460
+ return path16;
10454
10461
  }
10455
10462
  }, "resolve");
10456
- function tryStat(path15) {
10457
- debug('stat "%s"', path15);
10463
+ function tryStat(path16) {
10464
+ debug('stat "%s"', path16);
10458
10465
  try {
10459
- return fs7.statSync(path15);
10466
+ return fs7.statSync(path16);
10460
10467
  } catch (e) {
10461
10468
  return void 0;
10462
10469
  }
@@ -11646,9 +11653,9 @@ var require_dist2 = __commonJS({
11646
11653
  function consume(endType) {
11647
11654
  const tokens2 = [];
11648
11655
  while (true) {
11649
- const path14 = it.text();
11650
- if (path14)
11651
- tokens2.push({ type: "text", value: encodePath(path14) });
11656
+ const path15 = it.text();
11657
+ if (path15)
11658
+ tokens2.push({ type: "text", value: encodePath(path15) });
11652
11659
  const param = it.tryConsume("PARAM");
11653
11660
  if (param) {
11654
11661
  tokens2.push({
@@ -11682,16 +11689,16 @@ var require_dist2 = __commonJS({
11682
11689
  return new TokenData(tokens);
11683
11690
  }
11684
11691
  __name(parse, "parse");
11685
- function compile(path14, options = {}) {
11692
+ function compile(path15, options = {}) {
11686
11693
  const { encode = encodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
11687
- const data = path14 instanceof TokenData ? path14 : parse(path14, options);
11694
+ const data = path15 instanceof TokenData ? path15 : parse(path15, options);
11688
11695
  const fn = tokensToFunction(data.tokens, delimiter, encode);
11689
- return /* @__PURE__ */ __name(function path15(data2 = {}) {
11690
- const [path16, ...missing] = fn(data2);
11696
+ return /* @__PURE__ */ __name(function path16(data2 = {}) {
11697
+ const [path17, ...missing] = fn(data2);
11691
11698
  if (missing.length) {
11692
11699
  throw new TypeError(`Missing parameters: ${missing.join(", ")}`);
11693
11700
  }
11694
- return path16;
11701
+ return path17;
11695
11702
  }, "path");
11696
11703
  }
11697
11704
  __name(compile, "compile");
@@ -11750,9 +11757,9 @@ var require_dist2 = __commonJS({
11750
11757
  };
11751
11758
  }
11752
11759
  __name(tokenToFunction, "tokenToFunction");
11753
- function match(path14, options = {}) {
11760
+ function match(path15, options = {}) {
11754
11761
  const { decode = decodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
11755
- const { regexp, keys } = pathToRegexp(path14, options);
11762
+ const { regexp, keys } = pathToRegexp(path15, options);
11756
11763
  const decoders = keys.map((key) => {
11757
11764
  if (decode === false)
11758
11765
  return NOOP_VALUE;
@@ -11764,7 +11771,7 @@ var require_dist2 = __commonJS({
11764
11771
  const m = regexp.exec(input);
11765
11772
  if (!m)
11766
11773
  return false;
11767
- const path15 = m[0];
11774
+ const path16 = m[0];
11768
11775
  const params = /* @__PURE__ */ Object.create(null);
11769
11776
  for (let i = 1; i < m.length; i++) {
11770
11777
  if (m[i] === void 0)
@@ -11773,17 +11780,17 @@ var require_dist2 = __commonJS({
11773
11780
  const decoder = decoders[i - 1];
11774
11781
  params[key.name] = decoder(m[i]);
11775
11782
  }
11776
- return { path: path15, params };
11783
+ return { path: path16, params };
11777
11784
  }, "match");
11778
11785
  }
11779
11786
  __name(match, "match");
11780
- function pathToRegexp(path14, options = {}) {
11787
+ function pathToRegexp(path15, options = {}) {
11781
11788
  const { delimiter = DEFAULT_DELIMITER, end = true, sensitive = false, trailing = true } = options;
11782
11789
  const keys = [];
11783
11790
  const sources = [];
11784
11791
  const flags = sensitive ? "" : "i";
11785
- const paths = Array.isArray(path14) ? path14 : [path14];
11786
- const items = paths.map((path15) => path15 instanceof TokenData ? path15 : parse(path15, options));
11792
+ const paths = Array.isArray(path15) ? path15 : [path15];
11793
+ const items = paths.map((path16) => path16 instanceof TokenData ? path16 : parse(path16, options));
11787
11794
  for (const { tokens } of items) {
11788
11795
  for (const seq of flatten(tokens, 0, [])) {
11789
11796
  const regexp2 = sequenceToRegExp(seq, delimiter, keys);
@@ -11901,18 +11908,18 @@ var require_layer = __commonJS({
11901
11908
  var TRAILING_SLASH_REGEXP = /\/+$/;
11902
11909
  var MATCHING_GROUP_REGEXP = /\((?:\?<(.*?)>)?(?!\?)/g;
11903
11910
  module.exports = Layer;
11904
- function Layer(path14, options, fn) {
11911
+ function Layer(path15, options, fn) {
11905
11912
  if (!(this instanceof Layer)) {
11906
- return new Layer(path14, options, fn);
11913
+ return new Layer(path15, options, fn);
11907
11914
  }
11908
- debug("new %o", path14);
11915
+ debug("new %o", path15);
11909
11916
  const opts = options || {};
11910
11917
  this.handle = fn;
11911
11918
  this.keys = [];
11912
11919
  this.name = fn.name || "<anonymous>";
11913
11920
  this.params = void 0;
11914
11921
  this.path = void 0;
11915
- this.slash = path14 === "/" && opts.end === false;
11922
+ this.slash = path15 === "/" && opts.end === false;
11916
11923
  function matcher(_path) {
11917
11924
  if (_path instanceof RegExp) {
11918
11925
  const keys = [];
@@ -11952,7 +11959,7 @@ var require_layer = __commonJS({
11952
11959
  });
11953
11960
  }
11954
11961
  __name(matcher, "matcher");
11955
- this.matchers = Array.isArray(path14) ? path14.map(matcher) : [matcher(path14)];
11962
+ this.matchers = Array.isArray(path15) ? path15.map(matcher) : [matcher(path15)];
11956
11963
  }
11957
11964
  __name(Layer, "Layer");
11958
11965
  Layer.prototype.handleError = /* @__PURE__ */ __name(function handleError(error2, req, res, next) {
@@ -11993,9 +12000,9 @@ var require_layer = __commonJS({
11993
12000
  next(err);
11994
12001
  }
11995
12002
  }, "handleRequest");
11996
- Layer.prototype.match = /* @__PURE__ */ __name(function match(path14) {
12003
+ Layer.prototype.match = /* @__PURE__ */ __name(function match(path15) {
11997
12004
  let match2;
11998
- if (path14 != null) {
12005
+ if (path15 != null) {
11999
12006
  if (this.slash) {
12000
12007
  this.params = {};
12001
12008
  this.path = "";
@@ -12003,7 +12010,7 @@ var require_layer = __commonJS({
12003
12010
  }
12004
12011
  let i = 0;
12005
12012
  while (!match2 && i < this.matchers.length) {
12006
- match2 = this.matchers[i](path14);
12013
+ match2 = this.matchers[i](path15);
12007
12014
  i++;
12008
12015
  }
12009
12016
  }
@@ -12032,13 +12039,13 @@ var require_layer = __commonJS({
12032
12039
  }
12033
12040
  }
12034
12041
  __name(decodeParam, "decodeParam");
12035
- function loosen(path14) {
12036
- if (path14 instanceof RegExp || path14 === "/") {
12037
- return path14;
12042
+ function loosen(path15) {
12043
+ if (path15 instanceof RegExp || path15 === "/") {
12044
+ return path15;
12038
12045
  }
12039
- return Array.isArray(path14) ? path14.map(function(p) {
12046
+ return Array.isArray(path15) ? path15.map(function(p) {
12040
12047
  return loosen(p);
12041
- }) : String(path14).replace(TRAILING_SLASH_REGEXP, "");
12048
+ }) : String(path15).replace(TRAILING_SLASH_REGEXP, "");
12042
12049
  }
12043
12050
  __name(loosen, "loosen");
12044
12051
  }
@@ -12056,9 +12063,9 @@ var require_route = __commonJS({
12056
12063
  var flatten = Array.prototype.flat;
12057
12064
  var methods = METHODS.map((method) => method.toLowerCase());
12058
12065
  module.exports = Route;
12059
- function Route(path14) {
12060
- debug("new %o", path14);
12061
- this.path = path14;
12066
+ function Route(path15) {
12067
+ debug("new %o", path15);
12068
+ this.path = path15;
12062
12069
  this.stack = [];
12063
12070
  this.methods = /* @__PURE__ */ Object.create(null);
12064
12071
  }
@@ -12271,8 +12278,8 @@ var require_router = __commonJS({
12271
12278
  if (++sync > 100) {
12272
12279
  return setImmediate(next, err);
12273
12280
  }
12274
- const path14 = getPathname(req);
12275
- if (path14 == null) {
12281
+ const path15 = getPathname(req);
12282
+ if (path15 == null) {
12276
12283
  return done(layerError);
12277
12284
  }
12278
12285
  let layer;
@@ -12280,7 +12287,7 @@ var require_router = __commonJS({
12280
12287
  let route;
12281
12288
  while (match !== true && idx < stack.length) {
12282
12289
  layer = stack[idx++];
12283
- match = matchLayer(layer, path14);
12290
+ match = matchLayer(layer, path15);
12284
12291
  route = layer.route;
12285
12292
  if (typeof match !== "boolean") {
12286
12293
  layerError = layerError || match;
@@ -12318,19 +12325,19 @@ var require_router = __commonJS({
12318
12325
  } else if (route) {
12319
12326
  layer.handleRequest(req, res, next);
12320
12327
  } else {
12321
- trimPrefix(layer, layerError, layerPath, path14);
12328
+ trimPrefix(layer, layerError, layerPath, path15);
12322
12329
  }
12323
12330
  sync = 0;
12324
12331
  });
12325
12332
  }
12326
12333
  __name(next, "next");
12327
- function trimPrefix(layer, layerError, layerPath, path14) {
12334
+ function trimPrefix(layer, layerError, layerPath, path15) {
12328
12335
  if (layerPath.length !== 0) {
12329
- if (layerPath !== path14.substring(0, layerPath.length)) {
12336
+ if (layerPath !== path15.substring(0, layerPath.length)) {
12330
12337
  next(layerError);
12331
12338
  return;
12332
12339
  }
12333
- const c = path14[layerPath.length];
12340
+ const c = path15[layerPath.length];
12334
12341
  if (c && c !== "/") {
12335
12342
  next(layerError);
12336
12343
  return;
@@ -12355,7 +12362,7 @@ var require_router = __commonJS({
12355
12362
  }, "handle");
12356
12363
  Router.prototype.use = /* @__PURE__ */ __name(function use(handler) {
12357
12364
  let offset = 0;
12358
- let path14 = "/";
12365
+ let path15 = "/";
12359
12366
  if (typeof handler !== "function") {
12360
12367
  let arg = handler;
12361
12368
  while (Array.isArray(arg) && arg.length !== 0) {
@@ -12363,7 +12370,7 @@ var require_router = __commonJS({
12363
12370
  }
12364
12371
  if (typeof arg !== "function") {
12365
12372
  offset = 1;
12366
- path14 = handler;
12373
+ path15 = handler;
12367
12374
  }
12368
12375
  }
12369
12376
  const callbacks = flatten.call(slice.call(arguments, offset), Infinity);
@@ -12375,8 +12382,8 @@ var require_router = __commonJS({
12375
12382
  if (typeof fn !== "function") {
12376
12383
  throw new TypeError("argument handler must be a function");
12377
12384
  }
12378
- debug("use %o %s", path14, fn.name || "<anonymous>");
12379
- const layer = new Layer(path14, {
12385
+ debug("use %o %s", path15, fn.name || "<anonymous>");
12386
+ const layer = new Layer(path15, {
12380
12387
  sensitive: this.caseSensitive,
12381
12388
  strict: false,
12382
12389
  end: false
@@ -12386,9 +12393,9 @@ var require_router = __commonJS({
12386
12393
  }
12387
12394
  return this;
12388
12395
  }, "use");
12389
- Router.prototype.route = /* @__PURE__ */ __name(function route(path14) {
12390
- const route2 = new Route(path14);
12391
- const layer = new Layer(path14, {
12396
+ Router.prototype.route = /* @__PURE__ */ __name(function route(path15) {
12397
+ const route2 = new Route(path15);
12398
+ const layer = new Layer(path15, {
12392
12399
  sensitive: this.caseSensitive,
12393
12400
  strict: this.strict,
12394
12401
  end: true
@@ -12402,8 +12409,8 @@ var require_router = __commonJS({
12402
12409
  return route2;
12403
12410
  }, "route");
12404
12411
  methods.concat("all").forEach(function(method) {
12405
- Router.prototype[method] = function(path14) {
12406
- const route = this.route(path14);
12412
+ Router.prototype[method] = function(path15) {
12413
+ const route = this.route(path15);
12407
12414
  route[method].apply(route, slice.call(arguments, 1));
12408
12415
  return this;
12409
12416
  };
@@ -12435,9 +12442,9 @@ var require_router = __commonJS({
12435
12442
  return fqdnIndex !== -1 ? url.substring(0, url.indexOf("/", 3 + fqdnIndex)) : void 0;
12436
12443
  }
12437
12444
  __name(getProtohost, "getProtohost");
12438
- function matchLayer(layer, path14) {
12445
+ function matchLayer(layer, path15) {
12439
12446
  try {
12440
- return layer.match(path14);
12447
+ return layer.match(path15);
12441
12448
  } catch (err) {
12442
12449
  return err;
12443
12450
  }
@@ -12675,7 +12682,7 @@ var require_application = __commonJS({
12675
12682
  }, "handle");
12676
12683
  app.use = /* @__PURE__ */ __name(function use(fn) {
12677
12684
  var offset = 0;
12678
- var path14 = "/";
12685
+ var path15 = "/";
12679
12686
  if (typeof fn !== "function") {
12680
12687
  var arg = fn;
12681
12688
  while (Array.isArray(arg) && arg.length !== 0) {
@@ -12683,7 +12690,7 @@ var require_application = __commonJS({
12683
12690
  }
12684
12691
  if (typeof arg !== "function") {
12685
12692
  offset = 1;
12686
- path14 = fn;
12693
+ path15 = fn;
12687
12694
  }
12688
12695
  }
12689
12696
  var fns = flatten.call(slice.call(arguments, offset), Infinity);
@@ -12693,12 +12700,12 @@ var require_application = __commonJS({
12693
12700
  var router = this.router;
12694
12701
  fns.forEach(function(fn2) {
12695
12702
  if (!fn2 || !fn2.handle || !fn2.set) {
12696
- return router.use(path14, fn2);
12703
+ return router.use(path15, fn2);
12697
12704
  }
12698
- debug(".use app under %s", path14);
12699
- fn2.mountpath = path14;
12705
+ debug(".use app under %s", path15);
12706
+ fn2.mountpath = path15;
12700
12707
  fn2.parent = this;
12701
- router.use(path14, /* @__PURE__ */ __name(function mounted_app(req, res, next) {
12708
+ router.use(path15, /* @__PURE__ */ __name(function mounted_app(req, res, next) {
12702
12709
  var orig = req.app;
12703
12710
  fn2.handle(req, res, function(err) {
12704
12711
  Object.setPrototypeOf(req, orig.request);
@@ -12710,8 +12717,8 @@ var require_application = __commonJS({
12710
12717
  }, this);
12711
12718
  return this;
12712
12719
  }, "use");
12713
- app.route = /* @__PURE__ */ __name(function route(path14) {
12714
- return this.router.route(path14);
12720
+ app.route = /* @__PURE__ */ __name(function route(path15) {
12721
+ return this.router.route(path15);
12715
12722
  }, "route");
12716
12723
  app.engine = /* @__PURE__ */ __name(function engine(ext, fn) {
12717
12724
  if (typeof fn !== "function") {
@@ -12754,7 +12761,7 @@ var require_application = __commonJS({
12754
12761
  }
12755
12762
  return this;
12756
12763
  }, "set");
12757
- app.path = /* @__PURE__ */ __name(function path14() {
12764
+ app.path = /* @__PURE__ */ __name(function path15() {
12758
12765
  return this.parent ? this.parent.path() + this.mountpath : "";
12759
12766
  }, "path");
12760
12767
  app.enabled = /* @__PURE__ */ __name(function enabled(setting) {
@@ -12770,17 +12777,17 @@ var require_application = __commonJS({
12770
12777
  return this.set(setting, false);
12771
12778
  }, "disable");
12772
12779
  methods.forEach(function(method) {
12773
- app[method] = function(path14) {
12780
+ app[method] = function(path15) {
12774
12781
  if (method === "get" && arguments.length === 1) {
12775
- return this.set(path14);
12782
+ return this.set(path15);
12776
12783
  }
12777
- var route = this.route(path14);
12784
+ var route = this.route(path15);
12778
12785
  route[method].apply(route, slice.call(arguments, 1));
12779
12786
  return this;
12780
12787
  };
12781
12788
  });
12782
- app.all = /* @__PURE__ */ __name(function all(path14) {
12783
- var route = this.route(path14);
12789
+ app.all = /* @__PURE__ */ __name(function all(path15) {
12790
+ var route = this.route(path15);
12784
12791
  var args = slice.call(arguments, 1);
12785
12792
  for (var i = 0; i < methods.length; i++) {
12786
12793
  route[methods[i]].apply(route, args);
@@ -13750,7 +13757,7 @@ var require_request = __commonJS({
13750
13757
  var subdomains2 = !isIP2(hostname) ? hostname.split(".").reverse() : [hostname];
13751
13758
  return subdomains2.slice(offset);
13752
13759
  }, "subdomains"));
13753
- defineGetter(req, "path", /* @__PURE__ */ __name(function path14() {
13760
+ defineGetter(req, "path", /* @__PURE__ */ __name(function path15() {
13754
13761
  return parse(this).pathname;
13755
13762
  }, "path"));
13756
13763
  defineGetter(req, "host", /* @__PURE__ */ __name(function host() {
@@ -13973,8 +13980,8 @@ var require_content_disposition = __commonJS({
13973
13980
  this.parameters = parameters;
13974
13981
  }
13975
13982
  __name(ContentDisposition, "ContentDisposition");
13976
- function basename3(path14) {
13977
- const normalized = path14.replaceAll("\\", "/");
13983
+ function basename3(path15) {
13984
+ const normalized = path15.replaceAll("\\", "/");
13978
13985
  let end = normalized.length;
13979
13986
  while (end > 0 && normalized[end - 1] === "/") {
13980
13987
  end--;
@@ -14234,28 +14241,28 @@ var require_send = __commonJS({
14234
14241
  var ms = require_ms();
14235
14242
  var onFinished = require_on_finished();
14236
14243
  var parseRange = require_range_parser();
14237
- var path14 = __require("path");
14244
+ var path15 = __require("path");
14238
14245
  var statuses = require_statuses();
14239
14246
  var Stream = __require("stream");
14240
14247
  var util = __require("util");
14241
- var extname = path14.extname;
14242
- var join6 = path14.join;
14243
- var normalize = path14.normalize;
14244
- var resolve6 = path14.resolve;
14245
- var sep4 = path14.sep;
14248
+ var extname = path15.extname;
14249
+ var join7 = path15.join;
14250
+ var normalize = path15.normalize;
14251
+ var resolve6 = path15.resolve;
14252
+ var sep4 = path15.sep;
14246
14253
  var BYTES_RANGE_REGEXP = /^ *bytes=/;
14247
14254
  var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1e3;
14248
14255
  var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
14249
14256
  module.exports = send;
14250
- function send(req, path15, options) {
14251
- return new SendStream(req, path15, options);
14257
+ function send(req, path16, options) {
14258
+ return new SendStream(req, path16, options);
14252
14259
  }
14253
14260
  __name(send, "send");
14254
- function SendStream(req, path15, options) {
14261
+ function SendStream(req, path16, options) {
14255
14262
  Stream.call(this);
14256
14263
  var opts = options || {};
14257
14264
  this.options = opts;
14258
- this.path = path15;
14265
+ this.path = path16;
14259
14266
  this.req = req;
14260
14267
  this._acceptRanges = opts.acceptRanges !== void 0 ? Boolean(opts.acceptRanges) : true;
14261
14268
  this._cacheControl = opts.cacheControl !== void 0 ? Boolean(opts.cacheControl) : true;
@@ -14370,10 +14377,10 @@ var require_send = __commonJS({
14370
14377
  var lastModified = this.res.getHeader("Last-Modified");
14371
14378
  return parseHttpDate(lastModified) <= parseHttpDate(ifRange);
14372
14379
  }, "isRangeFresh");
14373
- SendStream.prototype.redirect = /* @__PURE__ */ __name(function redirect(path15) {
14380
+ SendStream.prototype.redirect = /* @__PURE__ */ __name(function redirect(path16) {
14374
14381
  var res = this.res;
14375
14382
  if (hasListeners(this, "directory")) {
14376
- this.emit("directory", res, path15);
14383
+ this.emit("directory", res, path16);
14377
14384
  return;
14378
14385
  }
14379
14386
  if (this.hasTrailingSlash()) {
@@ -14393,38 +14400,38 @@ var require_send = __commonJS({
14393
14400
  SendStream.prototype.pipe = /* @__PURE__ */ __name(function pipe(res) {
14394
14401
  var root = this._root;
14395
14402
  this.res = res;
14396
- var path15 = decode(this.path);
14397
- if (path15 === -1) {
14403
+ var path16 = decode(this.path);
14404
+ if (path16 === -1) {
14398
14405
  this.error(400);
14399
14406
  return res;
14400
14407
  }
14401
- if (~path15.indexOf("\0")) {
14408
+ if (~path16.indexOf("\0")) {
14402
14409
  this.error(400);
14403
14410
  return res;
14404
14411
  }
14405
14412
  var parts;
14406
14413
  if (root !== null) {
14407
- if (path15) {
14408
- path15 = normalize("." + sep4 + path15);
14414
+ if (path16) {
14415
+ path16 = normalize("." + sep4 + path16);
14409
14416
  }
14410
- if (UP_PATH_REGEXP.test(path15)) {
14411
- debug('malicious path "%s"', path15);
14417
+ if (UP_PATH_REGEXP.test(path16)) {
14418
+ debug('malicious path "%s"', path16);
14412
14419
  this.error(403);
14413
14420
  return res;
14414
14421
  }
14415
- parts = path15.split(sep4);
14416
- path15 = normalize(join6(root, path15));
14422
+ parts = path16.split(sep4);
14423
+ path16 = normalize(join7(root, path16));
14417
14424
  } else {
14418
- if (UP_PATH_REGEXP.test(path15)) {
14419
- debug('malicious path "%s"', path15);
14425
+ if (UP_PATH_REGEXP.test(path16)) {
14426
+ debug('malicious path "%s"', path16);
14420
14427
  this.error(403);
14421
14428
  return res;
14422
14429
  }
14423
- parts = normalize(path15).split(sep4);
14424
- path15 = resolve6(path15);
14430
+ parts = normalize(path16).split(sep4);
14431
+ path16 = resolve6(path16);
14425
14432
  }
14426
14433
  if (containsDotFile(parts)) {
14427
- debug('%s dotfile "%s"', this._dotfiles, path15);
14434
+ debug('%s dotfile "%s"', this._dotfiles, path16);
14428
14435
  switch (this._dotfiles) {
14429
14436
  case "allow":
14430
14437
  break;
@@ -14438,13 +14445,13 @@ var require_send = __commonJS({
14438
14445
  }
14439
14446
  }
14440
14447
  if (this._index.length && this.hasTrailingSlash()) {
14441
- this.sendIndex(path15);
14448
+ this.sendIndex(path16);
14442
14449
  return res;
14443
14450
  }
14444
- this.sendFile(path15);
14451
+ this.sendFile(path16);
14445
14452
  return res;
14446
14453
  }, "pipe");
14447
- SendStream.prototype.send = /* @__PURE__ */ __name(function send2(path15, stat) {
14454
+ SendStream.prototype.send = /* @__PURE__ */ __name(function send2(path16, stat) {
14448
14455
  var len = stat.size;
14449
14456
  var options = this.options;
14450
14457
  var opts = {};
@@ -14456,9 +14463,9 @@ var require_send = __commonJS({
14456
14463
  this.headersAlreadySent();
14457
14464
  return;
14458
14465
  }
14459
- debug('pipe "%s"', path15);
14460
- this.setHeader(path15, stat);
14461
- this.type(path15);
14466
+ debug('pipe "%s"', path16);
14467
+ this.setHeader(path16, stat);
14468
+ this.type(path16);
14462
14469
  if (this.isConditionalGET()) {
14463
14470
  if (this.isPreconditionFailure()) {
14464
14471
  this.error(412);
@@ -14507,28 +14514,28 @@ var require_send = __commonJS({
14507
14514
  res.end();
14508
14515
  return;
14509
14516
  }
14510
- this.stream(path15, opts);
14517
+ this.stream(path16, opts);
14511
14518
  }, "send");
14512
- SendStream.prototype.sendFile = /* @__PURE__ */ __name(function sendFile(path15) {
14519
+ SendStream.prototype.sendFile = /* @__PURE__ */ __name(function sendFile(path16) {
14513
14520
  var i = 0;
14514
14521
  var self = this;
14515
- debug('stat "%s"', path15);
14516
- fs7.stat(path15, /* @__PURE__ */ __name(function onstat(err, stat) {
14517
- var pathEndsWithSep = path15[path15.length - 1] === sep4;
14518
- if (err && err.code === "ENOENT" && !extname(path15) && !pathEndsWithSep) {
14522
+ debug('stat "%s"', path16);
14523
+ fs7.stat(path16, /* @__PURE__ */ __name(function onstat(err, stat) {
14524
+ var pathEndsWithSep = path16[path16.length - 1] === sep4;
14525
+ if (err && err.code === "ENOENT" && !extname(path16) && !pathEndsWithSep) {
14519
14526
  return next(err);
14520
14527
  }
14521
14528
  if (err) return self.onStatError(err);
14522
- if (stat.isDirectory()) return self.redirect(path15);
14529
+ if (stat.isDirectory()) return self.redirect(path16);
14523
14530
  if (pathEndsWithSep) return self.error(404);
14524
- self.emit("file", path15, stat);
14525
- self.send(path15, stat);
14531
+ self.emit("file", path16, stat);
14532
+ self.send(path16, stat);
14526
14533
  }, "onstat"));
14527
14534
  function next(err) {
14528
14535
  if (self._extensions.length <= i) {
14529
14536
  return err ? self.onStatError(err) : self.error(404);
14530
14537
  }
14531
- var p = path15 + "." + self._extensions[i++];
14538
+ var p = path16 + "." + self._extensions[i++];
14532
14539
  debug('stat "%s"', p);
14533
14540
  fs7.stat(p, function(err2, stat) {
14534
14541
  if (err2) return next(err2);
@@ -14539,7 +14546,7 @@ var require_send = __commonJS({
14539
14546
  }
14540
14547
  __name(next, "next");
14541
14548
  }, "sendFile");
14542
- SendStream.prototype.sendIndex = /* @__PURE__ */ __name(function sendIndex(path15) {
14549
+ SendStream.prototype.sendIndex = /* @__PURE__ */ __name(function sendIndex(path16) {
14543
14550
  var i = -1;
14544
14551
  var self = this;
14545
14552
  function next(err) {
@@ -14547,7 +14554,7 @@ var require_send = __commonJS({
14547
14554
  if (err) return self.onStatError(err);
14548
14555
  return self.error(404);
14549
14556
  }
14550
- var p = join6(path15, self._index[i]);
14557
+ var p = join7(path16, self._index[i]);
14551
14558
  debug('stat "%s"', p);
14552
14559
  fs7.stat(p, function(err2, stat) {
14553
14560
  if (err2) return next(err2);
@@ -14559,10 +14566,10 @@ var require_send = __commonJS({
14559
14566
  __name(next, "next");
14560
14567
  next();
14561
14568
  }, "sendIndex");
14562
- SendStream.prototype.stream = /* @__PURE__ */ __name(function stream(path15, options) {
14569
+ SendStream.prototype.stream = /* @__PURE__ */ __name(function stream(path16, options) {
14563
14570
  var self = this;
14564
14571
  var res = this.res;
14565
- var stream2 = fs7.createReadStream(path15, options);
14572
+ var stream2 = fs7.createReadStream(path16, options);
14566
14573
  this.emit("stream", stream2);
14567
14574
  stream2.pipe(res);
14568
14575
  function cleanup() {
@@ -14578,17 +14585,17 @@ var require_send = __commonJS({
14578
14585
  self.emit("end");
14579
14586
  }, "onend"));
14580
14587
  }, "stream");
14581
- SendStream.prototype.type = /* @__PURE__ */ __name(function type(path15) {
14588
+ SendStream.prototype.type = /* @__PURE__ */ __name(function type(path16) {
14582
14589
  var res = this.res;
14583
14590
  if (res.getHeader("Content-Type")) return;
14584
- var ext = extname(path15);
14591
+ var ext = extname(path16);
14585
14592
  var type2 = mime.contentType(ext) || "application/octet-stream";
14586
14593
  debug("content-type %s", type2);
14587
14594
  res.setHeader("Content-Type", type2);
14588
14595
  }, "type");
14589
- SendStream.prototype.setHeader = /* @__PURE__ */ __name(function setHeader(path15, stat) {
14596
+ SendStream.prototype.setHeader = /* @__PURE__ */ __name(function setHeader(path16, stat) {
14590
14597
  var res = this.res;
14591
- this.emit("headers", res, path15, stat);
14598
+ this.emit("headers", res, path16, stat);
14592
14599
  if (this._acceptRanges && !res.getHeader("Accept-Ranges")) {
14593
14600
  debug("accept ranges");
14594
14601
  res.setHeader("Accept-Ranges", "bytes");
@@ -14652,9 +14659,9 @@ var require_send = __commonJS({
14652
14659
  return err instanceof Error ? createError(status, err, { expose: false }) : createError(status, err);
14653
14660
  }
14654
14661
  __name(createHttpError, "createHttpError");
14655
- function decode(path15) {
14662
+ function decode(path16) {
14656
14663
  try {
14657
- return decodeURIComponent(path15);
14664
+ return decodeURIComponent(path16);
14658
14665
  } catch (err) {
14659
14666
  return -1;
14660
14667
  }
@@ -14809,7 +14816,7 @@ var require_response = __commonJS({
14809
14816
  var http = __require("node:http");
14810
14817
  var onFinished = require_on_finished();
14811
14818
  var mime = require_mime_types();
14812
- var path14 = __require("node:path");
14819
+ var path15 = __require("node:path");
14813
14820
  var pathIsAbsolute = __require("node:path").isAbsolute;
14814
14821
  var statuses = require_statuses();
14815
14822
  var sign = require_cookie_signature().sign;
@@ -14818,8 +14825,8 @@ var require_response = __commonJS({
14818
14825
  var setCharset = require_utils2().setCharset;
14819
14826
  var cookie = require_cookie();
14820
14827
  var send = require_send();
14821
- var extname = path14.extname;
14822
- var resolve6 = path14.resolve;
14828
+ var extname = path15.extname;
14829
+ var resolve6 = path15.resolve;
14823
14830
  var vary = require_vary();
14824
14831
  var { Buffer: Buffer2 } = __require("node:buffer");
14825
14832
  var res = Object.create(http.ServerResponse.prototype);
@@ -14965,26 +14972,26 @@ var require_response = __commonJS({
14965
14972
  this.type("txt");
14966
14973
  return this.send(body);
14967
14974
  }, "sendStatus");
14968
- res.sendFile = /* @__PURE__ */ __name(function sendFile(path15, options, callback) {
14975
+ res.sendFile = /* @__PURE__ */ __name(function sendFile(path16, options, callback) {
14969
14976
  var done = callback;
14970
14977
  var req = this.req;
14971
14978
  var res2 = this;
14972
14979
  var next = req.next;
14973
14980
  var opts = options || {};
14974
- if (!path15) {
14981
+ if (!path16) {
14975
14982
  throw new TypeError("path argument is required to res.sendFile");
14976
14983
  }
14977
- if (typeof path15 !== "string") {
14984
+ if (typeof path16 !== "string") {
14978
14985
  throw new TypeError("path must be a string to res.sendFile");
14979
14986
  }
14980
14987
  if (typeof options === "function") {
14981
14988
  done = options;
14982
14989
  opts = {};
14983
14990
  }
14984
- if (!opts.root && !pathIsAbsolute(path15)) {
14991
+ if (!opts.root && !pathIsAbsolute(path16)) {
14985
14992
  throw new TypeError("path must be absolute or specify root to res.sendFile");
14986
14993
  }
14987
- var pathname = encodeURI(path15);
14994
+ var pathname = encodeURI(path16);
14988
14995
  opts.etag = this.app.enabled("etag");
14989
14996
  var file = send(req, pathname, opts);
14990
14997
  sendfile(res2, file, opts, function(err) {
@@ -14995,7 +15002,7 @@ var require_response = __commonJS({
14995
15002
  }
14996
15003
  });
14997
15004
  }, "sendFile");
14998
- res.download = /* @__PURE__ */ __name(function download(path15, filename, options, callback) {
15005
+ res.download = /* @__PURE__ */ __name(function download(path16, filename, options, callback) {
14999
15006
  var done = callback;
15000
15007
  var name = filename;
15001
15008
  var opts = options || null;
@@ -15012,7 +15019,7 @@ var require_response = __commonJS({
15012
15019
  opts = filename;
15013
15020
  }
15014
15021
  var headers = {
15015
- "Content-Disposition": contentDisposition(name || path15)
15022
+ "Content-Disposition": contentDisposition(name || path16)
15016
15023
  };
15017
15024
  if (opts && opts.headers) {
15018
15025
  var keys = Object.keys(opts.headers);
@@ -15025,7 +15032,7 @@ var require_response = __commonJS({
15025
15032
  }
15026
15033
  opts = Object.create(opts);
15027
15034
  opts.headers = headers;
15028
- var fullPath = !opts.root ? resolve6(path15) : path15;
15035
+ var fullPath = !opts.root ? resolve6(path16) : path16;
15029
15036
  return this.sendFile(fullPath, opts, done);
15030
15037
  }, "download");
15031
15038
  res.contentType = res.type = /* @__PURE__ */ __name(function contentType(type) {
@@ -15318,11 +15325,11 @@ var require_serve_static = __commonJS({
15318
15325
  }
15319
15326
  var forwardError = !fallthrough;
15320
15327
  var originalUrl = parseUrl.original(req);
15321
- var path14 = parseUrl(req).pathname;
15322
- if (path14 === "/" && originalUrl.pathname.substr(-1) !== "/") {
15323
- path14 = "";
15328
+ var path15 = parseUrl(req).pathname;
15329
+ if (path15 === "/" && originalUrl.pathname.substr(-1) !== "/") {
15330
+ path15 = "";
15324
15331
  }
15325
- var stream = send(req, path14, opts);
15332
+ var stream = send(req, path15, opts);
15326
15333
  stream.on("directory", onDirectory);
15327
15334
  if (setHeaders) {
15328
15335
  stream.on("headers", setHeaders);
@@ -15442,10 +15449,10 @@ init_esbuild_shims();
15442
15449
 
15443
15450
  // packages/cli/src/serve/server.ts
15444
15451
  init_esbuild_shims();
15445
- var import_express = __toESM(require_express2(), 1);
15452
+ var import_express2 = __toESM(require_express2(), 1);
15446
15453
  import * as crypto from "node:crypto";
15447
15454
  import * as net from "node:net";
15448
- import * as path12 from "node:path";
15455
+ import * as path13 from "node:path";
15449
15456
 
15450
15457
  // packages/cli/src/serve/auth.ts
15451
15458
  init_esbuild_shims();
@@ -17267,7 +17274,8 @@ __name(createSpawnChannelFactory, "createSpawnChannelFactory");
17267
17274
  var defaultSpawnChannelFactory = createSpawnChannelFactory();
17268
17275
  var KILL_HARD_DEADLINE_MS = 1e4;
17269
17276
  var SCRUBBED_CHILD_ENV_KEYS = /* @__PURE__ */ new Set([
17270
- "QWEN_SERVER_TOKEN"
17277
+ "QWEN_SERVER_TOKEN",
17278
+ "QWEN_CODE_SIMPLE"
17271
17279
  ]);
17272
17280
  function scrubChildEnv(source, scrubbed, overrides) {
17273
17281
  const childEnv = { ...source };
@@ -17334,6 +17342,10 @@ import { randomUUID as randomUUID2 } from "node:crypto";
17334
17342
  import { promises as fs } from "node:fs";
17335
17343
  import * as path from "node:path";
17336
17344
 
17345
+ // packages/acp-bridge/src/daemonEventTypes.ts
17346
+ init_esbuild_shims();
17347
+ var MID_TURN_MESSAGE_INJECTED_EVENT = "mid_turn_message_injected";
17348
+
17337
17349
  // packages/acp-bridge/src/internal/stderrLine.ts
17338
17350
  init_esbuild_shims();
17339
17351
  function writeStderrLine2(message) {
@@ -17407,7 +17419,6 @@ function sliceLineRange(content, startLine, endLine) {
17407
17419
  return content.slice(offset, end > offset ? end - 1 : end);
17408
17420
  }
17409
17421
  __name(sliceLineRange, "sliceLineRange");
17410
- var MID_TURN_MESSAGE_INJECTED_EVENT = "mid_turn_message_injected";
17411
17422
  var BridgeClient = class {
17412
17423
  constructor(resolveEntry, resolvePendingRestoreEvents, mediator, permissionTimeoutMs, maxPendingPerSession, fileSystem, onModelPromoted, onModePromoted) {
17413
17424
  this.resolveEntry = resolveEntry;
@@ -18628,7 +18639,14 @@ function createAcpSessionBridge(opts) {
18628
18639
  );
18629
18640
  }
18630
18641
  const permissionTimeoutRaw = opts.permissionResponseTimeoutMs ?? DEFAULT_PERMISSION_TIMEOUT_MS;
18631
- const permissionTimeoutMs = permissionTimeoutRaw > 0 && Number.isFinite(permissionTimeoutRaw) ? permissionTimeoutRaw : 0;
18642
+ const permissionTimeoutMs = permissionTimeoutRaw > 0 && Number.isFinite(permissionTimeoutRaw) ? (
18643
+ // Clamp to 2^31-1: Node treats setTimeout delays larger than
18644
+ // this as 1ms (TimeoutOverflowWarning), which would make a
18645
+ // huge "effectively never" timeout cancel prompts almost
18646
+ // immediately — the opposite of intent. Mirrors the sibling
18647
+ // `resolvePositiveFiniteMs` / `resolvedChannelIdleTimeoutMs`.
18648
+ Math.min(permissionTimeoutRaw, 2147483647)
18649
+ ) : 0;
18632
18650
  const maxPendingRaw = opts.maxPendingPermissionsPerSession ?? DEFAULT_MAX_PENDING_PER_SESSION;
18633
18651
  const maxPendingPerSession = maxPendingRaw > 0 && Number.isFinite(maxPendingRaw) ? maxPendingRaw : Infinity;
18634
18652
  const maxPendingPromptsRaw = opts.maxPendingPromptsPerSession ?? DEFAULT_MAX_PENDING_PROMPTS_PER_SESSION;
@@ -18662,6 +18680,12 @@ function createAcpSessionBridge(opts) {
18662
18680
  DEFAULT_SESSION_IDLE_TIMEOUT_MS
18663
18681
  );
18664
18682
  let sessionReaper;
18683
+ let lastActivityTimestamp = null;
18684
+ let activePromptCounter = 0;
18685
+ function touchActivity() {
18686
+ lastActivityTimestamp = Date.now();
18687
+ }
18688
+ __name(touchActivity, "touchActivity");
18665
18689
  function resolvePositiveFiniteMs(raw, fallback) {
18666
18690
  if (raw === void 0) return fallback;
18667
18691
  return raw > 0 && Number.isFinite(raw) ? Math.min(raw, 2147483647) : 0;
@@ -18924,6 +18948,11 @@ function createAcpSessionBridge(opts) {
18924
18948
  });
18925
18949
  } catch {
18926
18950
  }
18951
+ if (sessEntry.promptActive) {
18952
+ sessEntry.promptActive = false;
18953
+ activePromptCounter--;
18954
+ touchActivity();
18955
+ }
18927
18956
  byId.delete(sid);
18928
18957
  telemetry.metrics?.sessionLifecycle("die");
18929
18958
  info.client.markSessionClosed(sid);
@@ -19121,6 +19150,12 @@ function createAcpSessionBridge(opts) {
19121
19150
  }
19122
19151
  return void 0;
19123
19152
  }, "channelInfoForEntry");
19153
+ const assertLivePromptEntry = /* @__PURE__ */ __name((sessionId, entry) => {
19154
+ const info = channelInfoForEntry(entry);
19155
+ if (byId.get(sessionId) !== entry || !info || info.isDying) {
19156
+ throw new SessionNotFoundError(sessionId);
19157
+ }
19158
+ }, "assertLivePromptEntry");
19124
19159
  const getChannelClosedReject = /* @__PURE__ */ __name((info) => {
19125
19160
  if (!info.statusClosedReject) {
19126
19161
  info.statusClosedReject = info.channel.exited.then(() => {
@@ -19321,6 +19356,7 @@ function createAcpSessionBridge(opts) {
19321
19356
  };
19322
19357
  ci.sessionIds.add(entry.sessionId);
19323
19358
  byId.set(entry.sessionId, entry);
19359
+ touchActivity();
19324
19360
  telemetry.metrics?.sessionLifecycle("spawn");
19325
19361
  ci.client.drainEarlyEvents(entry.sessionId, entry);
19326
19362
  return entry;
@@ -19571,6 +19607,11 @@ function createAcpSessionBridge(opts) {
19571
19607
  }
19572
19608
  permissionMediator.forgetSession(sessionId);
19573
19609
  entry.pendingPermissionIds.clear();
19610
+ if (entry.promptActive) {
19611
+ entry.promptActive = false;
19612
+ activePromptCounter--;
19613
+ touchActivity();
19614
+ }
19574
19615
  byId.delete(sessionId);
19575
19616
  telemetry.metrics?.sessionLifecycle("close");
19576
19617
  ci?.client.markSessionClosed(sessionId);
@@ -19644,6 +19685,15 @@ function createAcpSessionBridge(opts) {
19644
19685
  get sessionCount() {
19645
19686
  return byId.size;
19646
19687
  },
19688
+ get activePromptCount() {
19689
+ return activePromptCounter;
19690
+ },
19691
+ get lastActivityAt() {
19692
+ return lastActivityTimestamp;
19693
+ },
19694
+ get idleSinceMs() {
19695
+ return lastActivityTimestamp !== null ? Date.now() - lastActivityTimestamp : null;
19696
+ },
19647
19697
  isChannelLive() {
19648
19698
  return !!liveChannelInfo();
19649
19699
  },
@@ -19784,6 +19834,7 @@ function createAcpSessionBridge(opts) {
19784
19834
  if (signal?.aborted) {
19785
19835
  throw new DOMException("Prompt aborted", "AbortError");
19786
19836
  }
19837
+ assertLivePromptEntry(sessionId, entry);
19787
19838
  const requestedRetry = req.retry === true;
19788
19839
  const isRetry = requestedRetry && entry.retryAllowed;
19789
19840
  entry.retryAllowed = false;
@@ -19805,7 +19856,9 @@ function createAcpSessionBridge(opts) {
19805
19856
  return copy;
19806
19857
  })();
19807
19858
  entry.promptActive = true;
19859
+ activePromptCounter++;
19808
19860
  entry.sessionLastSeenAt = Date.now();
19861
+ touchActivity();
19809
19862
  if (originatorClientId === void 0) {
19810
19863
  delete entry.activePromptOriginatorClientId;
19811
19864
  } else {
@@ -19821,13 +19874,21 @@ function createAcpSessionBridge(opts) {
19821
19874
  );
19822
19875
  }
19823
19876
  } catch (echoErr) {
19824
- entry.promptActive = false;
19825
19877
  delete entry.activePromptOriginatorClientId;
19878
+ if (entry.promptActive) {
19879
+ entry.promptActive = false;
19880
+ activePromptCounter--;
19881
+ touchActivity();
19882
+ }
19826
19883
  throw echoErr;
19827
19884
  }
19828
19885
  const promptPromise = entry.connection.prompt(promptRequest).finally(() => {
19829
- entry.promptActive = false;
19830
- entry.sessionLastSeenAt = Date.now();
19886
+ if (entry.promptActive) {
19887
+ entry.promptActive = false;
19888
+ activePromptCounter--;
19889
+ entry.sessionLastSeenAt = Date.now();
19890
+ touchActivity();
19891
+ }
19831
19892
  delete entry.activePromptOriginatorClientId;
19832
19893
  if (entry.clientIds.size === 0 && entry.events.subscriberCount === 0 && byId.has(sessionId)) {
19833
19894
  void closeSessionImpl(sessionId, void 0, {
@@ -20090,11 +20151,13 @@ function createAcpSessionBridge(opts) {
20090
20151
  initTimeoutMs,
20091
20152
  "branchSession"
20092
20153
  );
20093
- if (!result || typeof result.newSessionId !== "string" || typeof result.title !== "string") {
20154
+ if (!result || typeof result.newSessionId !== "string") {
20094
20155
  throw new Error(
20095
20156
  `branchSession: agent returned invalid response: ${JSON.stringify(result)}`
20096
20157
  );
20097
20158
  }
20159
+ const rawBranchName = result.displayName ?? result.title;
20160
+ const branchDisplayName = typeof rawBranchName === "string" ? rawBranchName : result.newSessionId.slice(0, 8);
20098
20161
  let restored;
20099
20162
  try {
20100
20163
  restored = await restoreSession("resume", {
@@ -20119,11 +20182,11 @@ function createAcpSessionBridge(opts) {
20119
20182
  throw restoreErr;
20120
20183
  }
20121
20184
  const newEntry = byId.get(result.newSessionId);
20122
- if (newEntry) newEntry.displayName = result.title;
20185
+ if (newEntry) newEntry.displayName = branchDisplayName;
20123
20186
  const eventData = {
20124
20187
  sourceSessionId: sessionId,
20125
20188
  newSessionId: result.newSessionId,
20126
- displayName: result.title
20189
+ displayName: branchDisplayName
20127
20190
  };
20128
20191
  const branchEnvelope = {
20129
20192
  type: "session_branched",
@@ -20134,10 +20197,10 @@ function createAcpSessionBridge(opts) {
20134
20197
  broadcastWorkspaceEvent(branchEnvelope, sessionId);
20135
20198
  return {
20136
20199
  ...restored,
20137
- title: result.title,
20200
+ displayName: branchDisplayName,
20138
20201
  forkedFrom: {
20139
20202
  sessionId,
20140
- title: entry.displayName ?? sessionId.slice(0, 8)
20203
+ displayName: entry.displayName ?? sessionId.slice(0, 8)
20141
20204
  }
20142
20205
  };
20143
20206
  });
@@ -20173,6 +20236,24 @@ function createAcpSessionBridge(opts) {
20173
20236
  writeStderrLine2(
20174
20237
  `qwen serve: updated session metadata ${JSON.stringify(sessionId)} displayName=${entry.displayName === void 0 ? "cleared" : "set"}` + (context?.clientId ? ` by client ${JSON.stringify(context.clientId)}` : "")
20175
20238
  );
20239
+ if (nextDisplayName) {
20240
+ entry.connection.extMethod(SERVE_CONTROL_EXT_METHODS.sessionTitle, {
20241
+ sessionId,
20242
+ displayName: nextDisplayName,
20243
+ titleSource: "manual"
20244
+ }).then((res) => {
20245
+ const r = res;
20246
+ if (r && r.persisted === false) {
20247
+ writeStderrLine2(
20248
+ `qwen serve: displayName for ${sessionId} was not persisted (recording service unavailable)`
20249
+ );
20250
+ }
20251
+ }).catch((err) => {
20252
+ writeStderrLine2(
20253
+ `qwen serve: failed to persist displayName for ${sessionId}: ${err instanceof Error ? err.message : String(err)}`
20254
+ );
20255
+ });
20256
+ }
20176
20257
  try {
20177
20258
  entry.events.publish({
20178
20259
  type: "session_metadata_updated",
@@ -20384,6 +20465,54 @@ function createAcpSessionBridge(opts) {
20384
20465
  () => createIdleWorkspaceExtensionsStatus(boundWorkspace)
20385
20466
  );
20386
20467
  },
20468
+ async refreshExtensionsForAllSessions(data) {
20469
+ const sessions = Array.from(byId.values());
20470
+ const results = await Promise.all(
20471
+ sessions.map(async (entry) => {
20472
+ const info = channelInfoForEntry(entry);
20473
+ if (!info || info.isDying) {
20474
+ return { refreshed: 0, failed: 0 };
20475
+ }
20476
+ try {
20477
+ await Promise.race([
20478
+ withTimeout(
20479
+ entry.connection.extMethod(
20480
+ SERVE_CONTROL_EXT_METHODS.workspaceExtensionsRefresh,
20481
+ { sessionId: entry.sessionId }
20482
+ ),
20483
+ 3e4,
20484
+ SERVE_CONTROL_EXT_METHODS.workspaceExtensionsRefresh
20485
+ ),
20486
+ getTransportClosedReject(entry)
20487
+ ]);
20488
+ return { refreshed: 1, failed: 0 };
20489
+ } catch (err) {
20490
+ writeServeDebugLine(
20491
+ `refreshExtensions: session ${entry.sessionId} failed: ${err instanceof Error ? err.message : String(err)}`
20492
+ );
20493
+ return { refreshed: 0, failed: 1 };
20494
+ }
20495
+ })
20496
+ );
20497
+ const refreshed = results.reduce(
20498
+ (sum, result) => sum + result.refreshed,
20499
+ 0
20500
+ );
20501
+ const failed = results.reduce((sum, result) => sum + result.failed, 0);
20502
+ if (refreshed > 0 || failed > 0 || data?.status !== void 0) {
20503
+ broadcastWorkspaceEvent({
20504
+ type: "extensions_changed",
20505
+ data: { ...data, refreshed, failed }
20506
+ });
20507
+ }
20508
+ return { refreshed, failed };
20509
+ },
20510
+ broadcastExtensionsChanged(data) {
20511
+ broadcastWorkspaceEvent({
20512
+ type: "extensions_changed",
20513
+ data
20514
+ });
20515
+ },
20387
20516
  async setSessionModel(sessionId, req, context) {
20388
20517
  const entry = byId.get(sessionId);
20389
20518
  if (!entry) throw new SessionNotFoundError(sessionId);
@@ -20993,6 +21122,11 @@ function createAcpSessionBridge(opts) {
20993
21122
  }
20994
21123
  permissionMediator.forgetSession(sessionId);
20995
21124
  entry.pendingPermissionIds.clear();
21125
+ if (entry.promptActive) {
21126
+ entry.promptActive = false;
21127
+ activePromptCounter--;
21128
+ touchActivity();
21129
+ }
20996
21130
  if (defaultEntry === entry) defaultEntry = void 0;
20997
21131
  byId.delete(sessionId);
20998
21132
  telemetry.metrics?.sessionLifecycle("die");
@@ -23728,7 +23862,7 @@ var AcpDispatcher = class {
23728
23862
  sessions: result.sessions.map((s) => ({
23729
23863
  sessionId: s.sessionId,
23730
23864
  cwd: s.workspaceCwd,
23731
- title: s.title,
23865
+ title: s.displayName,
23732
23866
  updatedAt: s.updatedAt
23733
23867
  })),
23734
23868
  ...result.nextCursor != null ? { nextCursor: result.nextCursor } : {}
@@ -25828,7 +25962,7 @@ var WS_READ_METHODS = /* @__PURE__ */ new Set([
25828
25962
  function mountAcpHttp(app, bridge, opts) {
25829
25963
  const enabled = opts.enabled ?? process.env["QWEN_SERVE_ACP_HTTP"] !== "0";
25830
25964
  if (!enabled) return void 0;
25831
- const path14 = opts.path ?? "/acp";
25965
+ const path15 = opts.path ?? "/acp";
25832
25966
  const dispatcher = new AcpDispatcher(
25833
25967
  bridge,
25834
25968
  opts.boundWorkspace,
@@ -25850,7 +25984,7 @@ function mountAcpHttp(app, bridge, opts) {
25850
25984
  },
25851
25985
  opts.maxConnections
25852
25986
  );
25853
- app.post(path14, async (req, res) => {
25987
+ app.post(path15, async (req, res) => {
25854
25988
  const ct = req.headers["content-type"];
25855
25989
  if (!ct || !ct.startsWith("application/json")) {
25856
25990
  res.status(415).json({ error: "Content-Type must be application/json" });
@@ -25954,7 +26088,7 @@ function mountAcpHttp(app, bridge, opts) {
25954
26088
  );
25955
26089
  });
25956
26090
  });
25957
- app.get(path14, (req, res) => {
26091
+ app.get(path15, (req, res) => {
25958
26092
  const accept = req.headers["accept"] ?? "";
25959
26093
  if (!accept.includes("text/event-stream")) {
25960
26094
  res.status(406).json({ error: "Accept header must include text/event-stream" });
@@ -26030,7 +26164,7 @@ function mountAcpHttp(app, bridge, opts) {
26030
26164
  }
26031
26165
  );
26032
26166
  });
26033
- app.delete(path14, (req, res) => {
26167
+ app.delete(path15, (req, res) => {
26034
26168
  const connectionId = headerOf(req, ACP_CONNECTION_HEADER);
26035
26169
  if (!connectionId) {
26036
26170
  res.status(400).json({ error: "Missing Acp-Connection-Id" });
@@ -26063,7 +26197,7 @@ function mountAcpHttp(app, bridge, opts) {
26063
26197
  socket.destroy();
26064
26198
  return;
26065
26199
  }
26066
- if (url.pathname !== path14) {
26200
+ if (url.pathname !== path15) {
26067
26201
  socket.destroy();
26068
26202
  return;
26069
26203
  }
@@ -26298,7 +26432,7 @@ function mountAcpHttp(app, bridge, opts) {
26298
26432
  });
26299
26433
  }, "upgradeListener");
26300
26434
  httpServer.on("upgrade", upgradeListener);
26301
- writeStderrLine(`qwen serve: /acp WebSocket transport enabled on ${path14}`);
26435
+ writeStderrLine(`qwen serve: /acp WebSocket transport enabled on ${path15}`);
26302
26436
  }
26303
26437
  __name(setupWebSocket, "setupWebSocket");
26304
26438
  return {
@@ -27678,16 +27812,116 @@ function getDemoHtml(_port) {
27678
27812
  }
27679
27813
  __name(getDemoHtml, "getDemoHtml");
27680
27814
 
27815
+ // packages/cli/src/serve/webShellStatic.ts
27816
+ init_esbuild_shims();
27817
+ var import_express = __toESM(require_express2(), 1);
27818
+ import { existsSync } from "node:fs";
27819
+ import * as path6 from "node:path";
27820
+ import { fileURLToPath } from "node:url";
27821
+ var WEB_SHELL_CSP = [
27822
+ "default-src 'self'",
27823
+ "script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'",
27824
+ "style-src 'self' 'unsafe-inline'",
27825
+ "font-src 'self' data:",
27826
+ "img-src 'self' data: blob:",
27827
+ "connect-src 'self'",
27828
+ "worker-src 'self' blob:",
27829
+ // base-uri does NOT fall back to default-src; lock it so an injected <base>
27830
+ // (the SPA renders AI-generated markdown) cannot repoint relative URLs to an
27831
+ // attacker origin.
27832
+ "base-uri 'none'",
27833
+ "frame-ancestors 'none'"
27834
+ ].join("; ");
27835
+ function resolveWebShellDir() {
27836
+ const selfDir = path6.dirname(fileURLToPath(import.meta.url));
27837
+ const hasShell = /* @__PURE__ */ __name((dir2) => existsSync(path6.join(dir2, "index.html")) && existsSync(path6.join(dir2, "assets")), "hasShell");
27838
+ const bundled = path6.join(resolveBundleDir(import.meta.url), "web-shell");
27839
+ if (hasShell(bundled)) return bundled;
27840
+ let dir = selfDir;
27841
+ for (let i = 0; i < 10; i++) {
27842
+ const candidate = path6.join(dir, "packages", "web-shell", "dist");
27843
+ if (hasShell(candidate)) return candidate;
27844
+ const parent = path6.dirname(dir);
27845
+ if (parent === dir) break;
27846
+ dir = parent;
27847
+ }
27848
+ return void 0;
27849
+ }
27850
+ __name(resolveWebShellDir, "resolveWebShellDir");
27851
+ function isDocumentNavigation(req) {
27852
+ const fetchMode = req.headers["sec-fetch-mode"];
27853
+ const fetchDest = req.headers["sec-fetch-dest"];
27854
+ const accept = req.headers.accept ?? "";
27855
+ return fetchMode === "navigate" || fetchDest === "document" || accept.trim().toLowerCase().startsWith("text/html");
27856
+ }
27857
+ __name(isDocumentNavigation, "isDocumentNavigation");
27858
+ function createSendIndex(webShellDir) {
27859
+ const indexPath = path6.join(webShellDir, "index.html");
27860
+ return (res) => {
27861
+ res.status(200).set("Content-Security-Policy", WEB_SHELL_CSP).set("X-Frame-Options", "DENY").set("X-Content-Type-Options", "nosniff").set("Referrer-Policy", "no-referrer").set(
27862
+ "Permissions-Policy",
27863
+ "camera=(), microphone=(), geolocation=(), payment=()"
27864
+ ).set("Cache-Control", "no-cache");
27865
+ res.sendFile(indexPath, { cacheControl: false }, (err) => {
27866
+ if (!err) return;
27867
+ writeStderrLine(
27868
+ `qwen serve: Web Shell index send failed: ${err instanceof Error ? err.message : String(err)}`
27869
+ );
27870
+ if (!res.headersSent) {
27871
+ res.status(500).type("text/plain").send("Failed to load Web Shell");
27872
+ } else {
27873
+ res.end();
27874
+ }
27875
+ });
27876
+ };
27877
+ }
27878
+ __name(createSendIndex, "createSendIndex");
27879
+ function mountWebShellAssets(app, webShellDir) {
27880
+ const sendIndex = createSendIndex(webShellDir);
27881
+ app.use(
27882
+ "/assets",
27883
+ import_express.default.static(path6.join(webShellDir, "assets"), {
27884
+ index: false,
27885
+ immutable: true,
27886
+ maxAge: "1y"
27887
+ })
27888
+ );
27889
+ app.use("/assets", (req, res) => {
27890
+ if (isServeDebugMode()) {
27891
+ writeStderrLine(
27892
+ `qwen serve: Web Shell asset not found: ${req.originalUrl}`
27893
+ );
27894
+ }
27895
+ res.status(404).type("text/plain").send("Not found");
27896
+ });
27897
+ app.get("/", (_req, res) => sendIndex(res));
27898
+ }
27899
+ __name(mountWebShellAssets, "mountWebShellAssets");
27900
+ function mountWebShellSpaFallback(app, webShellDir) {
27901
+ const sendIndex = createSendIndex(webShellDir);
27902
+ app.use((req, res, next) => {
27903
+ if (req.method !== "GET" && req.method !== "HEAD") return next();
27904
+ if (!isDocumentNavigation(req)) return next();
27905
+ if (isServeDebugMode()) {
27906
+ writeStderrLine(
27907
+ `qwen serve: Web Shell SPA fallback served for ${req.method} ${req.originalUrl}`
27908
+ );
27909
+ }
27910
+ sendIndex(res);
27911
+ });
27912
+ }
27913
+ __name(mountWebShellSpaFallback, "mountWebShellSpaFallback");
27914
+
27681
27915
  // packages/cli/src/serve/fs/index.ts
27682
27916
  init_esbuild_shims();
27683
27917
 
27684
27918
  // packages/cli/src/serve/fs/policy.ts
27685
27919
  init_esbuild_shims();
27686
- import * as path6 from "node:path";
27920
+ import * as path7 from "node:path";
27687
27921
  var MAX_READ_BYTES = 256 * 1024;
27688
27922
  var MAX_WRITE_BYTES = 5 * 1024 * 1024;
27689
27923
  function shouldIgnore(absolute, boundWorkspace, ignore, kind = "file") {
27690
- const rel = path6.relative(boundWorkspace, absolute);
27924
+ const rel = path7.relative(boundWorkspace, absolute);
27691
27925
  if (rel === "" || rel.startsWith("..")) return { ignored: false };
27692
27926
  const fileFilter = ignore.getFileFilter();
27693
27927
  const dirFilter = ignore.getDirectoryFilter();
@@ -27759,7 +27993,7 @@ __name(detectBinary, "detectBinary");
27759
27993
  // packages/cli/src/serve/fs/audit.ts
27760
27994
  init_esbuild_shims();
27761
27995
  import { createHash as createHash3 } from "node:crypto";
27762
- import * as path7 from "node:path";
27996
+ import * as path8 from "node:path";
27763
27997
  var FS_ACCESS_EVENT_TYPE = "fs.access";
27764
27998
  var FS_DENIED_EVENT_TYPE = "fs.denied";
27765
27999
  function hashPath(absolute) {
@@ -27768,8 +28002,8 @@ function hashPath(absolute) {
27768
28002
  __name(hashPath, "hashPath");
27769
28003
  var CROSS_DRIVE_RELPATH = "<cross-drive>";
27770
28004
  function relForAudit(raw, boundWorkspace) {
27771
- const rel = path7.isAbsolute(raw) ? path7.relative(boundWorkspace, raw) : raw;
27772
- return path7.isAbsolute(rel) ? CROSS_DRIVE_RELPATH : rel;
28005
+ const rel = path8.isAbsolute(raw) ? path8.relative(boundWorkspace, raw) : raw;
28006
+ return path8.isAbsolute(rel) ? CROSS_DRIVE_RELPATH : rel;
27773
28007
  }
27774
28008
  __name(relForAudit, "relForAudit");
27775
28009
  function rawPathsEnabled() {
@@ -27807,7 +28041,7 @@ function createAuditPublisher(deps) {
27807
28041
  });
27808
28042
  },
27809
28043
  recordDenied(ctx, record) {
27810
- const probe = path7.isAbsolute(record.input) ? record.input : path7.resolve(boundWorkspace, record.input);
28044
+ const probe = path8.isAbsolute(record.input) ? record.input : path8.resolve(boundWorkspace, record.input);
27811
28045
  const payload = {
27812
28046
  kind: FS_DENIED_EVENT_TYPE,
27813
28047
  intent: record.intent,
@@ -27841,7 +28075,7 @@ __name(createAuditPublisher, "createAuditPublisher");
27841
28075
  init_esbuild_shims();
27842
28076
  import { createHash as createHash4, randomBytes } from "node:crypto";
27843
28077
  import { promises as fsp2 } from "node:fs";
27844
- import * as path8 from "node:path";
28078
+ import * as path9 from "node:path";
27845
28079
  function createWorkspaceFileSystemFactory(deps) {
27846
28080
  const boundWorkspace = canonicalizeWorkspace(deps.boundWorkspace);
27847
28081
  const ignore = deps.ignore ?? loadIgnoreRules({
@@ -28022,7 +28256,7 @@ var WorkspaceFileSystemImpl = class {
28022
28256
  const entries = [];
28023
28257
  const dir = await fsp2.opendir(p);
28024
28258
  for await (const d of dir) {
28025
- const childAbs = path8.join(p, d.name);
28259
+ const childAbs = path9.join(p, d.name);
28026
28260
  const kind = kindFromStatLike(d);
28027
28261
  const verdict = shouldIgnore(
28028
28262
  childAbs,
@@ -28058,7 +28292,7 @@ var WorkspaceFileSystemImpl = class {
28058
28292
  `glob pattern may not contain '..' segments: ${pattern}`
28059
28293
  );
28060
28294
  }
28061
- if (path8.isAbsolute(pattern) || /^[A-Za-z]:[\\/]/.test(pattern) || pattern.startsWith("\\\\") || pattern.startsWith("//")) {
28295
+ if (path9.isAbsolute(pattern) || /^[A-Za-z]:[\\/]/.test(pattern) || pattern.startsWith("\\\\") || pattern.startsWith("//")) {
28062
28296
  throw new FsError(
28063
28297
  "parse_error",
28064
28298
  `glob pattern must be workspace-relative: ${pattern}`,
@@ -28071,7 +28305,7 @@ var WorkspaceFileSystemImpl = class {
28071
28305
  cwdReal = cwd;
28072
28306
  } else {
28073
28307
  try {
28074
- cwdReal = await fsp2.realpath(path8.resolve(cwd));
28308
+ cwdReal = await fsp2.realpath(path9.resolve(cwd));
28075
28309
  } catch (err) {
28076
28310
  const code = err?.code;
28077
28311
  if (code === "ENOENT") {
@@ -28105,7 +28339,7 @@ var WorkspaceFileSystemImpl = class {
28105
28339
  let transientErrorCount = 0;
28106
28340
  for (const hit of matches) {
28107
28341
  if (out.length >= max) break;
28108
- const absolute = path8.resolve(hit);
28342
+ const absolute = path9.resolve(hit);
28109
28343
  let canonical;
28110
28344
  try {
28111
28345
  canonical = await fsp2.realpath(absolute);
@@ -28120,8 +28354,8 @@ var WorkspaceFileSystemImpl = class {
28120
28354
  }
28121
28355
  continue;
28122
28356
  }
28123
- const rel = path8.relative(this.deps.boundWorkspace, canonical);
28124
- if (rel.startsWith("..") || path8.isAbsolute(rel)) {
28357
+ const rel = path9.relative(this.deps.boundWorkspace, canonical);
28358
+ if (rel.startsWith("..") || path9.isAbsolute(rel)) {
28125
28359
  escapedCount += 1;
28126
28360
  continue;
28127
28361
  }
@@ -28727,7 +28961,7 @@ function mergeWriteMeta(existing, opts) {
28727
28961
  __name(mergeWriteMeta, "mergeWriteMeta");
28728
28962
  async function atomicWriteTextResolvedFile(input) {
28729
28963
  const target = input.target;
28730
- const parent = path8.dirname(target);
28964
+ const parent = path9.dirname(target);
28731
28965
  const parentStat = await fsp2.lstat(parent);
28732
28966
  if (parentStat.isSymbolicLink()) {
28733
28967
  throw new FsError("symlink_escape", `parent path is a symlink: ${parent}`, {
@@ -28740,9 +28974,9 @@ async function atomicWriteTextResolvedFile(input) {
28740
28974
  `parent path is not a directory: ${parent}`
28741
28975
  );
28742
28976
  }
28743
- const tmpPath = path8.join(
28977
+ const tmpPath = path9.join(
28744
28978
  parent,
28745
- `.${path8.basename(target)}.${process.pid}.${randomBytes(6).toString("hex")}.tmp`
28979
+ `.${path9.basename(target)}.${process.pid}.${randomBytes(6).toString("hex")}.tmp`
28746
28980
  );
28747
28981
  let tempLive = false;
28748
28982
  let tempHandle;
@@ -29110,7 +29344,7 @@ __name(buildWriteMeta, "buildWriteMeta");
29110
29344
 
29111
29345
  // packages/cli/src/serve/routes/workspaceFileRead.ts
29112
29346
  init_esbuild_shims();
29113
- import * as path9 from "node:path";
29347
+ import * as path10 from "node:path";
29114
29348
  var MAX_LIST_ENTRIES = 2e3;
29115
29349
  var MAX_FILE_LINE_LIMIT = 2e3;
29116
29350
  var DEFAULT_FILE_BYTES_MAX_BYTES = 64 * 1024;
@@ -29441,9 +29675,9 @@ function workspaceRelative(req, resolved) {
29441
29675
  if (!boundWorkspace) {
29442
29676
  throw new Error("bound workspace is not configured");
29443
29677
  }
29444
- const rel = path9.relative(boundWorkspace, resolved);
29678
+ const rel = path10.relative(boundWorkspace, resolved);
29445
29679
  if (rel === "") return ".";
29446
- return path9.sep === "/" ? rel : rel.split(path9.sep).join("/");
29680
+ return path10.sep === "/" ? rel : rel.split(path10.sep).join("/");
29447
29681
  }
29448
29682
  __name(workspaceRelative, "workspaceRelative");
29449
29683
  function registerWorkspaceFileReadRoutes(app, deps) {
@@ -29682,7 +29916,7 @@ __name(registerWorkspaceFileWriteRoutes, "registerWorkspaceFileWriteRoutes");
29682
29916
  // packages/cli/src/serve/workspace-service/index.ts
29683
29917
  init_esbuild_shims();
29684
29918
  import { promises as fs5, constants as fsConstants } from "node:fs";
29685
- import * as path10 from "node:path";
29919
+ import * as path11 from "node:path";
29686
29920
  async function canonicalizeExistingAncestor(inputPath) {
29687
29921
  let current = inputPath;
29688
29922
  while (true) {
@@ -29693,7 +29927,7 @@ async function canonicalizeExistingAncestor(inputPath) {
29693
29927
  if (code !== "ENOENT" && code !== "ENOTDIR" && code !== "ELOOP") {
29694
29928
  throw err;
29695
29929
  }
29696
- const parent = path10.dirname(current);
29930
+ const parent = path11.dirname(current);
29697
29931
  if (parent === current) throw err;
29698
29932
  current = parent;
29699
29933
  }
@@ -29702,9 +29936,9 @@ async function canonicalizeExistingAncestor(inputPath) {
29702
29936
  __name(canonicalizeExistingAncestor, "canonicalizeExistingAncestor");
29703
29937
  async function verifyParentPostOpen(target, wsCanonical, _fh) {
29704
29938
  const parentCanonical = await canonicalizeExistingAncestor(
29705
- path10.dirname(target)
29939
+ path11.dirname(target)
29706
29940
  );
29707
- const within = parentCanonical === wsCanonical || parentCanonical.startsWith(wsCanonical + path10.sep);
29941
+ const within = parentCanonical === wsCanonical || parentCanonical.startsWith(wsCanonical + path11.sep);
29708
29942
  if (within) return;
29709
29943
  throw new WorkspaceInitSymlinkError(
29710
29944
  target,
@@ -29722,6 +29956,7 @@ function createDaemonWorkspaceService(deps) {
29722
29956
  persistDisabledTools,
29723
29957
  queryWorkspaceStatus,
29724
29958
  invokeWorkspaceCommand,
29959
+ refreshExtensionsForAllSessions: refreshExtensionsForAllSessionsOnBridge,
29725
29960
  publishWorkspaceEvent
29726
29961
  } = deps;
29727
29962
  return {
@@ -29833,16 +30068,16 @@ function createDaemonWorkspaceService(deps) {
29833
30068
  },
29834
30069
  async initWorkspace(ctx, opts) {
29835
30070
  const filename = contextFilename;
29836
- const target = path10.resolve(boundWorkspace, filename);
29837
- const withinWorkspace = target === boundWorkspace || target.startsWith(boundWorkspace + path10.sep);
30071
+ const target = path11.resolve(boundWorkspace, filename);
30072
+ const withinWorkspace = target === boundWorkspace || target.startsWith(boundWorkspace + path11.sep);
29838
30073
  if (!withinWorkspace) {
29839
30074
  throw new WorkspaceInitPathEscapeError(filename, boundWorkspace);
29840
30075
  }
29841
30076
  const wsCanonical = await fs5.realpath(boundWorkspace);
29842
30077
  const parentCanonical = await canonicalizeExistingAncestor(
29843
- path10.dirname(target)
30078
+ path11.dirname(target)
29844
30079
  );
29845
- const parentWithinWorkspace = parentCanonical === wsCanonical || parentCanonical.startsWith(wsCanonical + path10.sep);
30080
+ const parentWithinWorkspace = parentCanonical === wsCanonical || parentCanonical.startsWith(wsCanonical + path11.sep);
29846
30081
  if (!parentWithinWorkspace) {
29847
30082
  throw new WorkspaceInitSymlinkError(
29848
30083
  target,
@@ -30094,6 +30329,19 @@ function createDaemonWorkspaceService(deps) {
30094
30329
  sessionsSkipped,
30095
30330
  childError
30096
30331
  };
30332
+ },
30333
+ async refreshExtensionsForAllSessions() {
30334
+ try {
30335
+ if (!refreshExtensionsForAllSessionsOnBridge) {
30336
+ throw new Error("refreshExtensionsForAllSessions is not wired");
30337
+ }
30338
+ return await refreshExtensionsForAllSessionsOnBridge();
30339
+ } catch (err) {
30340
+ writeStderrLine(
30341
+ `qwen serve: refreshExtensionsForAllSessions failed: ${err instanceof Error ? err.message : String(err)}`
30342
+ );
30343
+ return { refreshed: 0, failed: 1 };
30344
+ }
30097
30345
  }
30098
30346
  };
30099
30347
  }
@@ -30327,7 +30575,7 @@ __name(registerWorkspaceSettingsRoutes, "registerWorkspaceSettingsRoutes");
30327
30575
  // packages/cli/src/serve/routes/a2uiAction.ts
30328
30576
  init_esbuild_shims();
30329
30577
  import * as fsp3 from "node:fs/promises";
30330
- import * as path11 from "node:path";
30578
+ import * as path12 from "node:path";
30331
30579
  var A2UI_MIME = "application/a2ui+json";
30332
30580
  var ACTION_TOOL = "action";
30333
30581
  var CALL_TIMEOUT_MS = 15e3;
@@ -30338,7 +30586,7 @@ __name(usableServerConfig, "usableServerConfig");
30338
30586
  async function findFromSettingsFile(workspaceCwd) {
30339
30587
  try {
30340
30588
  const raw = await fsp3.readFile(
30341
- path11.join(workspaceCwd, ".qwen", "settings.json"),
30589
+ path12.join(workspaceCwd, ".qwen", "settings.json"),
30342
30590
  "utf8"
30343
30591
  );
30344
30592
  const settings = JSON.parse(raw);
@@ -30466,8 +30714,8 @@ init_esbuild_shims();
30466
30714
  var MAX_BUCKETS = 1e4;
30467
30715
  var GC_REQUEST_INTERVAL = 1e3;
30468
30716
  var GC_TIMER_INTERVAL_MS = 5 * 60 * 1e3;
30469
- function resolveTier(method, path14) {
30470
- const p = path14.endsWith("/") && path14.length > 1 ? path14.slice(0, -1) : path14;
30717
+ function resolveTier(method, path15) {
30718
+ const p = path15.endsWith("/") && path15.length > 1 ? path15.slice(0, -1) : path15;
30471
30719
  if (method === "OPTIONS") return null;
30472
30720
  if ((method === "GET" || method === "HEAD") && (p === "/health" || p === "/demo"))
30473
30721
  return null;
@@ -30759,7 +31007,7 @@ async function listWorkspaceSessionsForResponse(bridge, workspaceCwd, options) {
30759
31007
  workspaceCwd: item.cwd,
30760
31008
  createdAt: item.startTime,
30761
31009
  updatedAt: new Date(item.mtime).toISOString(),
30762
- title: item.customTitle ?? item.prompt,
31010
+ displayName: item.customTitle || item.prompt,
30763
31011
  clientCount: 0,
30764
31012
  hasActivePrompt: false
30765
31013
  });
@@ -30772,7 +31020,7 @@ async function listWorkspaceSessionsForResponse(bridge, workspaceCwd, options) {
30772
31020
  ...existing,
30773
31021
  ...live,
30774
31022
  createdAt: existing.createdAt,
30775
- title: live.title ?? existing.title,
31023
+ displayName: live.displayName ?? existing.displayName,
30776
31024
  updatedAt: live.updatedAt ?? existing.updatedAt,
30777
31025
  clientCount: live.clientCount,
30778
31026
  hasActivePrompt: live.hasActivePrompt
@@ -30894,25 +31142,61 @@ function parseIPv6FirstHextet(host) {
30894
31142
  return Number.parseInt(first, 16);
30895
31143
  }
30896
31144
  __name(parseIPv6FirstHextet, "parseIPv6FirstHextet");
31145
+ function parseLegacyIPv4Part(value, max) {
31146
+ let parsed;
31147
+ if (/^0x[0-9a-f]+$/i.test(value)) {
31148
+ parsed = Number.parseInt(value.slice(2), 16);
31149
+ } else if (/^0[0-7]+$/.test(value)) {
31150
+ parsed = Number.parseInt(value, 8);
31151
+ } else if (/^[0-9]+$/.test(value)) {
31152
+ parsed = Number.parseInt(value, 10);
31153
+ } else {
31154
+ return void 0;
31155
+ }
31156
+ return parsed <= max ? parsed : void 0;
31157
+ }
31158
+ __name(parseLegacyIPv4Part, "parseLegacyIPv4Part");
31159
+ function parseLegacyIPv4Host(host) {
31160
+ const parts = host.split(".");
31161
+ if (parts.length < 1 || parts.length > 4 || parts.some((part) => !part)) {
31162
+ return void 0;
31163
+ }
31164
+ const maxLastPart = [4294967295, 16777215, 65535, 255][parts.length - 1];
31165
+ if (maxLastPart === void 0) return void 0;
31166
+ const parsed = parts.map(
31167
+ (part, index) => parseLegacyIPv4Part(part, index === parts.length - 1 ? maxLastPart : 255)
31168
+ );
31169
+ if (parsed.some((part) => part === void 0)) return void 0;
31170
+ const values = parsed;
31171
+ const numeric = values.length === 1 ? values[0] : values.length === 2 ? values[0] * 16777216 + values[1] : values.length === 3 ? values[0] * 16777216 + values[1] * 65536 + values[2] : values[0] * 16777216 + values[1] * 65536 + values[2] * 256 + values[3];
31172
+ return [
31173
+ Math.floor(numeric / 16777216) & 255,
31174
+ Math.floor(numeric / 65536) & 255,
31175
+ Math.floor(numeric / 256) & 255,
31176
+ numeric & 255
31177
+ ].join(".");
31178
+ }
31179
+ __name(parseLegacyIPv4Host, "parseLegacyIPv4Host");
30897
31180
  function isBlockedAuthProviderHost(hostname) {
30898
31181
  const stripped = hostname.endsWith(".") ? hostname.slice(0, -1) : hostname;
30899
31182
  const host = stripped.toLowerCase();
30900
31183
  if (host === "localhost" || host.endsWith(".localhost")) return true;
30901
31184
  const bareHost = host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
30902
- const ipVersion = net.isIP(bareHost);
31185
+ const blocklistHost = parseLegacyIPv4Host(bareHost) ?? bareHost;
31186
+ const ipVersion = net.isIP(blocklistHost);
30903
31187
  if (ipVersion === 4) {
30904
- const parts = bareHost.split(".").map((part) => Number(part));
31188
+ const parts = blocklistHost.split(".").map((part) => Number(part));
30905
31189
  const [a, b] = parts;
30906
31190
  return a === 0 || a === 10 || a === 127 || a === 100 && b !== void 0 && b >= 64 && b <= 127 || a === 169 && b === 254 || a === 172 && b !== void 0 && b >= 16 && b <= 31 || a === 192 && b === 168;
30907
31191
  }
30908
31192
  if (ipVersion === 6) {
30909
- if (bareHost === "::" || bareHost === "::1") return true;
30910
- const firstHextet = parseIPv6FirstHextet(bareHost);
31193
+ if (blocklistHost === "::" || blocklistHost === "::1") return true;
31194
+ const firstHextet = parseIPv6FirstHextet(blocklistHost);
30911
31195
  if (firstHextet !== void 0 && (firstHextet >= 65152 && firstHextet <= 65215 || (firstHextet & 65024) === 64512)) {
30912
31196
  return true;
30913
31197
  }
30914
- if (bareHost.startsWith("::ffff:")) {
30915
- const suffix = bareHost.slice("::ffff:".length);
31198
+ if (blocklistHost.startsWith("::ffff:")) {
31199
+ const suffix = blocklistHost.slice("::ffff:".length);
30916
31200
  if (net.isIP(suffix) === 4) {
30917
31201
  return isBlockedAuthProviderHost(suffix);
30918
31202
  }
@@ -31004,17 +31288,17 @@ function parseAuthProviderInstallRequest(body, options) {
31004
31288
  }
31005
31289
  __name(parseAuthProviderInstallRequest, "parseAuthProviderInstallRequest");
31006
31290
  function resolveDaemonTelemetryRoute(req) {
31007
- const path14 = req.path.replace(/\/$/, "") || "/";
31008
- if (req.method === "POST" && path14 === "/session") {
31291
+ const path15 = req.path.replace(/\/$/, "") || "/";
31292
+ if (req.method === "POST" && path15 === "/session") {
31009
31293
  return { route: "POST /session" };
31010
31294
  }
31011
- if (req.method === "POST" && path14 === "/sessions/delete") {
31295
+ if (req.method === "POST" && path15 === "/sessions/delete") {
31012
31296
  return { route: "POST /sessions/delete" };
31013
31297
  }
31014
- if (req.method === "GET" && path14 === "/daemon/status") {
31298
+ if (req.method === "GET" && path15 === "/daemon/status") {
31015
31299
  return { route: "GET /daemon/status" };
31016
31300
  }
31017
- const sessionAction = path14.match(
31301
+ const sessionAction = path15.match(
31018
31302
  /^\/session\/([^/]+)\/(load|resume|prompt|cancel|recap|btw|mid-turn-message|model|shell|detach|rewind|approval-mode|language|a2ui-action)$/
31019
31303
  );
31020
31304
  const sessionActionId = sessionAction?.[1];
@@ -31025,14 +31309,14 @@ function resolveDaemonTelemetryRoute(req) {
31025
31309
  sessionId: sessionActionId
31026
31310
  };
31027
31311
  }
31028
- const sessionMetadata = path14.match(/^\/session\/([^/]+)\/metadata$/);
31312
+ const sessionMetadata = path15.match(/^\/session\/([^/]+)\/metadata$/);
31029
31313
  if (sessionMetadata?.[1] && req.method === "PATCH") {
31030
31314
  return {
31031
31315
  route: "PATCH /session/:id/metadata",
31032
31316
  sessionId: sessionMetadata[1]
31033
31317
  };
31034
31318
  }
31035
- const sessionPermission = path14.match(
31319
+ const sessionPermission = path15.match(
31036
31320
  /^\/session\/([^/]+)\/permission\/([^/]+)$/
31037
31321
  );
31038
31322
  if (sessionPermission?.[1] && sessionPermission?.[2] && req.method === "POST") {
@@ -31043,7 +31327,7 @@ function resolveDaemonTelemetryRoute(req) {
31043
31327
  ...rawRequestId.length <= MAX_CLIENT_ID_LENGTH2 && CLIENT_ID_RE2.test(rawRequestId) ? { permissionRequestId: rawRequestId } : {}
31044
31328
  };
31045
31329
  }
31046
- const globalPermission = path14.match(/^\/permission\/([^/]+)$/);
31330
+ const globalPermission = path15.match(/^\/permission\/([^/]+)$/);
31047
31331
  if (globalPermission?.[1] && req.method === "POST") {
31048
31332
  const rawRequestId = globalPermission[1];
31049
31333
  return {
@@ -31051,45 +31335,45 @@ function resolveDaemonTelemetryRoute(req) {
31051
31335
  ...rawRequestId.length <= MAX_CLIENT_ID_LENGTH2 && CLIENT_ID_RE2.test(rawRequestId) ? { permissionRequestId: rawRequestId } : {}
31052
31336
  };
31053
31337
  }
31054
- const deleteSession = path14.match(/^\/session\/([^/]+)$/);
31338
+ const deleteSession = path15.match(/^\/session\/([^/]+)$/);
31055
31339
  const deleteSessionId = deleteSession?.[1];
31056
31340
  if (deleteSessionId && req.method === "DELETE") {
31057
31341
  return { route: "DELETE /session/:id", sessionId: deleteSessionId };
31058
31342
  }
31059
- if (req.method === "GET" && /^\/workspace\/[^/]+\/sessions$/.test(path14)) {
31343
+ if (req.method === "GET" && /^\/workspace\/[^/]+\/sessions$/.test(path15)) {
31060
31344
  return { route: "GET /workspace/:id/sessions" };
31061
31345
  }
31062
- if (req.method === "POST" && path14 === "/workspace/init") {
31346
+ if (req.method === "POST" && path15 === "/workspace/init") {
31063
31347
  return { route: "POST /workspace/init" };
31064
31348
  }
31065
- if (req.method === "POST" && path14 === "/workspace/reload") {
31349
+ if (req.method === "POST" && path15 === "/workspace/reload") {
31066
31350
  return { route: "POST /workspace/reload" };
31067
31351
  }
31068
- const mcpRestart = path14.match(/^\/workspace\/mcp\/([^/]+)\/restart$/);
31352
+ const mcpRestart = path15.match(/^\/workspace\/mcp\/([^/]+)\/restart$/);
31069
31353
  if (mcpRestart?.[1] && req.method === "POST") {
31070
31354
  return { route: "POST /workspace/mcp/:server/restart" };
31071
31355
  }
31072
- if (req.method === "POST" && path14 === "/workspace/mcp/servers") {
31356
+ if (req.method === "POST" && path15 === "/workspace/mcp/servers") {
31073
31357
  return { route: "POST /workspace/mcp/servers" };
31074
31358
  }
31075
- const mcpDelete = path14.match(/^\/workspace\/mcp\/servers\/([^/]+)$/);
31359
+ const mcpDelete = path15.match(/^\/workspace\/mcp\/servers\/([^/]+)$/);
31076
31360
  if (mcpDelete?.[1] && req.method === "DELETE") {
31077
31361
  return { route: "DELETE /workspace/mcp/servers/:name" };
31078
31362
  }
31079
- if (req.method === "POST" && path14 === "/workspace/auth/device-flow") {
31363
+ if (req.method === "POST" && path15 === "/workspace/auth/device-flow") {
31080
31364
  return { route: "POST /workspace/auth/device-flow" };
31081
31365
  }
31082
- const deviceFlowDelete = path14.match(
31366
+ const deviceFlowDelete = path15.match(
31083
31367
  /^\/workspace\/auth\/device-flow\/([^/]+)$/
31084
31368
  );
31085
31369
  if (deviceFlowDelete?.[1] && req.method === "DELETE") {
31086
31370
  return { route: "DELETE /workspace/auth/device-flow/:id" };
31087
31371
  }
31088
- const toolEnable = path14.match(/^\/workspace\/tools\/([^/]+)\/enable$/);
31372
+ const toolEnable = path15.match(/^\/workspace\/tools\/([^/]+)\/enable$/);
31089
31373
  if (toolEnable?.[1] && req.method === "POST") {
31090
31374
  return { route: "POST /workspace/tools/:name/enable" };
31091
31375
  }
31092
- if (path14 === "/workspace/settings") {
31376
+ if (path15 === "/workspace/settings") {
31093
31377
  if (req.method === "GET") return { route: "GET /workspace/settings" };
31094
31378
  if (req.method === "POST") return { route: "POST /workspace/settings" };
31095
31379
  }
@@ -31171,7 +31455,7 @@ function advertisedMaxPendingPromptsPerSession(value) {
31171
31455
  }
31172
31456
  __name(advertisedMaxPendingPromptsPerSession, "advertisedMaxPendingPromptsPerSession");
31173
31457
  function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31174
- const app = (0, import_express.default)();
31458
+ const app = (0, import_express2.default)();
31175
31459
  const boundWorkspace = deps.boundWorkspace ?? canonicalizeWorkspace(opts.workspace ?? process.cwd());
31176
31460
  if (!deps.fsFactory && !deps.bridge && !warnedDefaultTrust) {
31177
31461
  warnedDefaultTrust = true;
@@ -31190,6 +31474,7 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31190
31474
  maxSessions: opts.maxSessions,
31191
31475
  maxPendingPromptsPerSession: opts.maxPendingPromptsPerSession,
31192
31476
  eventRingSize: opts.eventRingSize,
31477
+ permissionResponseTimeoutMs: opts.permissionResponseTimeoutMs,
31193
31478
  boundWorkspace,
31194
31479
  sessionShellCommandEnabled,
31195
31480
  // Wire the production status provider so direct embeds / tests
@@ -31280,8 +31565,291 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31280
31565
  }),
31281
31566
  queryWorkspaceStatus: /* @__PURE__ */ __name((method, idle) => bridge.queryWorkspaceStatus(method, idle), "queryWorkspaceStatus"),
31282
31567
  invokeWorkspaceCommand: /* @__PURE__ */ __name((method, params, invokeOpts) => bridge.invokeWorkspaceCommand(method, params, invokeOpts), "invokeWorkspaceCommand"),
31568
+ refreshExtensionsForAllSessions: /* @__PURE__ */ __name(() => bridge.refreshExtensionsForAllSessions(), "refreshExtensionsForAllSessions"),
31283
31569
  publishWorkspaceEvent: /* @__PURE__ */ __name((event) => bridge.publishWorkspaceEvent(event), "publishWorkspaceEvent")
31284
31570
  });
31571
+ let extensionInstallQueue = Promise.resolve();
31572
+ let extensionInstallQueueDepth = 0;
31573
+ const MAX_EXTENSION_INSTALL_QUEUE_DEPTH = 10;
31574
+ const enqueueExtensionInstall = /* @__PURE__ */ __name(async (run) => {
31575
+ if (extensionInstallQueueDepth >= MAX_EXTENSION_INSTALL_QUEUE_DEPTH) {
31576
+ throw new Error("Extension operation queue is full");
31577
+ }
31578
+ extensionInstallQueueDepth += 1;
31579
+ const next = extensionInstallQueue.then(run, run).finally(() => {
31580
+ extensionInstallQueueDepth -= 1;
31581
+ });
31582
+ extensionInstallQueue = next.catch(() => void 0);
31583
+ return next;
31584
+ }, "enqueueExtensionInstall");
31585
+ const EXTENSION_MUTATION_TIMEOUT_MS = 12e4;
31586
+ const EXTENSION_REFRESH_TIMEOUT_MS = 3e4;
31587
+ const isExtensionQueueFullError = /* @__PURE__ */ __name((err) => err instanceof Error && err.message === "Extension operation queue is full", "isExtensionQueueFullError");
31588
+ const sendExtensionQueueFull = /* @__PURE__ */ __name((res) => {
31589
+ res.status(429).json({
31590
+ error: "Extension operation queue is full",
31591
+ code: "extension_queue_full"
31592
+ });
31593
+ }, "sendExtensionQueueFull");
31594
+ const withExtensionTimeout = /* @__PURE__ */ __name(async (promise, timeoutMs, operation) => await new Promise((resolve6, reject) => {
31595
+ const timeout = setTimeout(() => {
31596
+ reject(new Error(`${operation} timed out after ${timeoutMs}ms`));
31597
+ }, timeoutMs);
31598
+ promise.then(
31599
+ (value) => {
31600
+ clearTimeout(timeout);
31601
+ resolve6(value);
31602
+ },
31603
+ (err) => {
31604
+ clearTimeout(timeout);
31605
+ reject(err);
31606
+ }
31607
+ );
31608
+ }), "withExtensionTimeout");
31609
+ const createExtensionManager = /* @__PURE__ */ __name(() => new ExtensionManager({
31610
+ workspaceDir: boundWorkspace,
31611
+ isWorkspaceTrusted: !!isWorkspaceTrusted(
31612
+ loadSettings(boundWorkspace).merged
31613
+ ),
31614
+ requestConsent: /* @__PURE__ */ __name(() => Promise.resolve(), "requestConsent"),
31615
+ requestSetting: /* @__PURE__ */ __name(async (setting) => {
31616
+ throw new Error(
31617
+ `Extension setting "${setting.envVar}" requires interactive configuration and is not supported over the daemon install endpoint.`
31618
+ );
31619
+ }, "requestSetting"),
31620
+ requestChoicePlugin: /* @__PURE__ */ __name(async () => {
31621
+ throw new Error(
31622
+ "Marketplace plugin selection is not supported over the daemon install endpoint. Specify a plugin name in the source."
31623
+ );
31624
+ }, "requestChoicePlugin")
31625
+ }), "createExtensionManager");
31626
+ const validateExtensionMutationClient = /* @__PURE__ */ __name((req, res, route) => {
31627
+ const clientId = parseAndValidateWorkspaceClientId(req, res, bridge);
31628
+ if (clientId === null) return false;
31629
+ if (clientId === void 0) {
31630
+ res.status(400).json({
31631
+ error: "Missing X-Qwen-Client-Id header",
31632
+ code: "missing_client_id"
31633
+ });
31634
+ return false;
31635
+ }
31636
+ buildWorkspaceCtx(req, route, clientId);
31637
+ return true;
31638
+ }, "validateExtensionMutationClient");
31639
+ const parseExtensionScope = /* @__PURE__ */ __name((body, res) => {
31640
+ const scope = body["scope"];
31641
+ if (scope !== "user" && scope !== "workspace") {
31642
+ res.status(400).json({ error: '`scope` must be either "user" or "workspace"' });
31643
+ return null;
31644
+ }
31645
+ return scope === "user" ? "User" /* User */ : "Workspace" /* Workspace */;
31646
+ }, "parseExtensionScope");
31647
+ const parseExtensionRegistryUrl = /* @__PURE__ */ __name((value, res) => {
31648
+ let parsed;
31649
+ try {
31650
+ parsed = new URL(value);
31651
+ } catch {
31652
+ res.status(400).json({ error: "`registry` must be a valid URL" });
31653
+ return null;
31654
+ }
31655
+ if (parsed.protocol !== "https:") {
31656
+ res.status(400).json({ error: "`registry` must use https" });
31657
+ return null;
31658
+ }
31659
+ if (parsed.username || parsed.password) {
31660
+ res.status(400).json({ error: "`registry` must not include credentials" });
31661
+ return null;
31662
+ }
31663
+ if (isBlockedAuthProviderHost(parsed.hostname)) {
31664
+ res.status(400).json({ error: "`registry` host is not allowed" });
31665
+ return null;
31666
+ }
31667
+ return parsed.toString().replace(/\/$/, "");
31668
+ }, "parseExtensionRegistryUrl");
31669
+ const parsePotentialSourceUrl = /* @__PURE__ */ __name((source) => {
31670
+ if (/^[a-zA-Z]:[\\/]/.test(source)) return null;
31671
+ try {
31672
+ return new URL(source);
31673
+ } catch {
31674
+ const sshMatch = /^(?:[^@]+@)?(\[[^\]]+\]|[^:]+):/.exec(source);
31675
+ if (!sshMatch?.[1]) return null;
31676
+ try {
31677
+ return new URL(`ssh://${sshMatch[1]}`);
31678
+ } catch {
31679
+ return null;
31680
+ }
31681
+ }
31682
+ }, "parsePotentialSourceUrl");
31683
+ const validateExtensionSourceHost = /* @__PURE__ */ __name((source, res) => {
31684
+ const parsed = parsePotentialSourceUrl(source);
31685
+ if (!parsed) return true;
31686
+ if (parsed.username || parsed.password) {
31687
+ res.status(400).json({ error: "`source` must not include credentials" });
31688
+ return false;
31689
+ }
31690
+ if (isBlockedAuthProviderHost(parsed.hostname)) {
31691
+ res.status(400).json({ error: "`source` host is not allowed" });
31692
+ return false;
31693
+ }
31694
+ if (parsed.protocol !== "https:" && parsed.protocol !== "ssh:") {
31695
+ res.status(400).json({ error: "`source` must use https or ssh" });
31696
+ return false;
31697
+ }
31698
+ return true;
31699
+ }, "validateExtensionSourceHost");
31700
+ const validateExtensionSourceMetadata = /* @__PURE__ */ __name((installMetadata) => {
31701
+ if (installMetadata.type !== "git") return true;
31702
+ const parsed = parsePotentialSourceUrl(installMetadata.source);
31703
+ return !!parsed && (parsed.protocol === "https:" || parsed.protocol === "ssh:") && !isBlockedAuthProviderHost(parsed.hostname);
31704
+ }, "validateExtensionSourceMetadata");
31705
+ const findLoadedExtension = /* @__PURE__ */ __name((extensionManager, extensionName) => {
31706
+ const requested = extensionName.toLowerCase();
31707
+ const extensions = extensionManager.getLoadedExtensions();
31708
+ const byName = extensions.find(
31709
+ (extension) => extension.name.toLowerCase() === requested
31710
+ );
31711
+ if (byName) return byName;
31712
+ if (!extensionName.includes("://") && !extensionName.includes("@")) {
31713
+ return void 0;
31714
+ }
31715
+ return extensions.find(
31716
+ (extension) => extension.installMetadata?.source?.toLowerCase() === requested
31717
+ );
31718
+ }, "findLoadedExtension");
31719
+ const runQueuedExtensionMutation = /* @__PURE__ */ __name((operation, failureContext, res, run) => {
31720
+ if (extensionInstallQueueDepth >= MAX_EXTENSION_INSTALL_QUEUE_DEPTH) {
31721
+ sendExtensionQueueFull(res);
31722
+ return;
31723
+ }
31724
+ res.status(202).json({ accepted: true });
31725
+ void enqueueExtensionInstall(async () => {
31726
+ try {
31727
+ const extensionManager = createExtensionManager();
31728
+ await extensionManager.refreshCache();
31729
+ const event = await withExtensionTimeout(
31730
+ run(extensionManager),
31731
+ EXTENSION_MUTATION_TIMEOUT_MS,
31732
+ `extension ${operation}`
31733
+ );
31734
+ extensionsStatusCache = void 0;
31735
+ try {
31736
+ const result = await bridge.refreshExtensionsForAllSessions(event);
31737
+ writeStderrLine(
31738
+ `qwen serve: extensions ${operation}: refreshed ${result.refreshed} session(s), ${result.failed} failed`
31739
+ );
31740
+ } catch (refreshErr) {
31741
+ const message = redactUrlCredentials(
31742
+ refreshErr instanceof Error ? refreshErr.message : String(refreshErr)
31743
+ );
31744
+ try {
31745
+ bridge.broadcastExtensionsChanged({
31746
+ ...event,
31747
+ refreshed: 0,
31748
+ failed: 1,
31749
+ error: message.slice(0, 500)
31750
+ });
31751
+ } catch (broadcastErr) {
31752
+ writeStderrLine(
31753
+ `qwen serve: extensions ${operation}: failed to broadcast refresh failure: ${broadcastErr instanceof Error ? redactUrlCredentials(broadcastErr.message) : String(broadcastErr)}`
31754
+ );
31755
+ }
31756
+ writeStderrLine(
31757
+ `qwen serve: extensions ${operation}: mutation succeeded but refresh failed: ${message}`
31758
+ );
31759
+ }
31760
+ } catch (err) {
31761
+ const message = redactUrlCredentials(
31762
+ err instanceof Error ? err.message : String(err)
31763
+ );
31764
+ try {
31765
+ bridge.broadcastExtensionsChanged({
31766
+ status: "failed",
31767
+ ...failureContext.source ? { source: redactUrlCredentials(failureContext.source) } : {},
31768
+ ...failureContext.name ? { name: failureContext.name } : {},
31769
+ refreshed: 0,
31770
+ failed: 0,
31771
+ error: message.slice(0, 500)
31772
+ });
31773
+ } catch (broadcastErr) {
31774
+ writeStderrLine(
31775
+ `qwen serve: extensions ${operation}: failed to broadcast failure: ${broadcastErr instanceof Error ? redactUrlCredentials(broadcastErr.message) : String(broadcastErr)}`
31776
+ );
31777
+ }
31778
+ try {
31779
+ writeStderrLine(
31780
+ `qwen serve: extensions ${operation}: background task failed: ${message}`
31781
+ );
31782
+ } catch {
31783
+ }
31784
+ }
31785
+ }).catch((err) => {
31786
+ try {
31787
+ writeStderrLine(
31788
+ `qwen serve: extensions ${operation}: queued task failed: ${err instanceof Error ? err.message : String(err)}`
31789
+ );
31790
+ } catch {
31791
+ }
31792
+ });
31793
+ }, "runQueuedExtensionMutation");
31794
+ let extensionsStatusCache;
31795
+ const buildLocalExtensionsStatus = /* @__PURE__ */ __name(async () => {
31796
+ const now = Date.now();
31797
+ if (extensionsStatusCache && extensionsStatusCache.expiresAt > now) {
31798
+ return extensionsStatusCache.value;
31799
+ }
31800
+ const extensionManager = createExtensionManager();
31801
+ await extensionManager.refreshCache();
31802
+ const entries = extensionManager.getLoadedExtensions().map((ext) => {
31803
+ const capabilities = {
31804
+ mcpServerCount: ext.mcpServers ? Object.keys(ext.mcpServers).length : 0,
31805
+ skillCount: ext.skills?.length ?? 0,
31806
+ agentCount: ext.agents?.length ?? 0,
31807
+ hookCount: ext.hooks ? Object.values(ext.hooks).reduce(
31808
+ (sum, defs) => sum + (defs?.length ?? 0),
31809
+ 0
31810
+ ) : 0,
31811
+ commandCount: ext.commands?.length ?? 0,
31812
+ contextFileCount: ext.contextFiles.length,
31813
+ channelCount: ext.channels ? Object.keys(ext.channels).length : 0,
31814
+ hasSettings: (ext.settings?.length ?? 0) > 0
31815
+ };
31816
+ return {
31817
+ kind: "extension",
31818
+ id: ext.id,
31819
+ name: ext.name,
31820
+ ...ext.displayName ? { displayName: ext.displayName } : {},
31821
+ version: ext.version,
31822
+ isActive: ext.isActive,
31823
+ path: ext.path,
31824
+ ...ext.installMetadata?.source ? { source: redactUrlCredentials(ext.installMetadata.source) } : {},
31825
+ ...ext.installMetadata?.type ? { installType: ext.installMetadata.type } : {},
31826
+ ...ext.installMetadata?.originSource ? { originSource: ext.installMetadata.originSource } : {},
31827
+ ...ext.installMetadata?.ref ? { ref: ext.installMetadata.ref } : {},
31828
+ ...ext.installMetadata?.autoUpdate !== void 0 ? { autoUpdate: ext.installMetadata.autoUpdate } : {},
31829
+ updateState: ext.installMetadata ? "unknown" : "not updatable",
31830
+ capabilities,
31831
+ details: {
31832
+ mcpServers: ext.mcpServers ? Object.keys(ext.mcpServers) : [],
31833
+ commands: ext.commands ?? [],
31834
+ skills: ext.skills?.map((skill) => skill.name) ?? [],
31835
+ agents: ext.agents?.map((agent) => agent.name) ?? [],
31836
+ contextFiles: ext.contextFiles,
31837
+ settings: ext.resolvedSettings?.map((setting) => setting.name) ?? []
31838
+ }
31839
+ };
31840
+ });
31841
+ const status = {
31842
+ v: STATUS_SCHEMA_VERSION,
31843
+ workspaceCwd: boundWorkspace,
31844
+ initialized: true,
31845
+ extensions: entries
31846
+ };
31847
+ extensionsStatusCache = {
31848
+ expiresAt: now + 2e3,
31849
+ value: status
31850
+ };
31851
+ return status;
31852
+ }, "buildLocalExtensionsStatus");
31285
31853
  if (opts.allowOrigins && opts.allowOrigins.length > 0) {
31286
31854
  const parsedAllowOrigins = parseAllowOriginPatterns(opts.allowOrigins);
31287
31855
  if (parsedAllowOrigins.allowAny && !opts.token) {
@@ -31315,10 +31883,17 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31315
31883
  return;
31316
31884
  }
31317
31885
  try {
31886
+ const lastActivity = bridge.lastActivityAt;
31887
+ const now = Date.now();
31318
31888
  res.status(200).json({
31319
31889
  status: "ok",
31320
31890
  sessions: bridge.sessionCount,
31321
31891
  pendingPermissions: bridge.pendingPermissionCount,
31892
+ activePrompts: bridge.activePromptCount,
31893
+ connectedClients: getActiveSseCount(),
31894
+ channelAlive: bridge.isChannelLive(),
31895
+ lastActivityAt: lastActivity !== null ? new Date(lastActivity).toISOString() : null,
31896
+ idleSinceMs: lastActivity !== null ? now - lastActivity : null,
31322
31897
  ...rateLimiter ? { rateLimitHits: rateLimiter.getHitCounts() } : {}
31323
31898
  });
31324
31899
  } catch (err) {
@@ -31370,6 +31945,10 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31370
31945
  next();
31371
31946
  });
31372
31947
  }
31948
+ const webShellDir = opts.serveWebShell !== false ? deps.webShellDir : void 0;
31949
+ if (webShellDir) {
31950
+ mountWebShellAssets(app, webShellDir);
31951
+ }
31373
31952
  app.use(bearerAuth(opts.token));
31374
31953
  let rateLimiter;
31375
31954
  if (opts.rateLimit) {
@@ -31387,16 +31966,16 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31387
31966
  { tier, key: key.slice(0, 64) }
31388
31967
  );
31389
31968
  } : void 0,
31390
- onError: daemonLog ? (err, path14) => {
31969
+ onError: daemonLog ? (err, path15) => {
31391
31970
  daemonLog.warn(
31392
31971
  `rate limiter error (fail-open): ${err instanceof Error ? err.message : String(err)}`,
31393
- { path: path14 }
31972
+ { path: path15 }
31394
31973
  );
31395
31974
  } : void 0
31396
31975
  });
31397
31976
  app.use(rateLimiter.middleware);
31398
31977
  }
31399
- app.use(import_express.default.json({ limit: "10mb" }));
31978
+ app.use(import_express2.default.json({ limit: "10mb" }));
31400
31979
  app.use(
31401
31980
  (err, _req, res, next) => {
31402
31981
  if (sendJsonBodyParserError(res, err)) return;
@@ -31594,12 +32173,376 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31594
32173
  });
31595
32174
  app.get("/workspace/extensions", async (req, res) => {
31596
32175
  try {
31597
- const ctx = buildWorkspaceCtx(req, "GET /workspace/extensions");
31598
- res.status(200).json(await workspace.getWorkspaceExtensionsStatus(ctx));
32176
+ buildWorkspaceCtx(req, "GET /workspace/extensions");
32177
+ res.status(200).json(await buildLocalExtensionsStatus());
31599
32178
  } catch (err) {
31600
32179
  sendBridgeError(res, err, { route: "GET /workspace/extensions" });
31601
32180
  }
31602
32181
  });
32182
+ app.post(
32183
+ "/workspace/extensions/install",
32184
+ mutate({ strict: true }),
32185
+ async (req, res) => {
32186
+ try {
32187
+ if (!validateExtensionMutationClient(
32188
+ req,
32189
+ res,
32190
+ "POST /workspace/extensions/install"
32191
+ )) {
32192
+ return;
32193
+ }
32194
+ const body = safeBody(req);
32195
+ const source = body["source"];
32196
+ const ref = body["ref"];
32197
+ const autoUpdate = body["autoUpdate"];
32198
+ const allowPreRelease = body["allowPreRelease"];
32199
+ const registry = body["registry"];
32200
+ const consent = body["consent"];
32201
+ if (!source || typeof source !== "string") {
32202
+ res.status(400).json({ error: "Missing or invalid source" });
32203
+ return;
32204
+ }
32205
+ if (ref !== void 0 && (typeof ref !== "string" || ref === "")) {
32206
+ res.status(400).json({ error: "`ref` must be a string" });
32207
+ return;
32208
+ }
32209
+ if (typeof ref === "string" && ref.startsWith("-")) {
32210
+ res.status(400).json({ error: '`ref` must not start with "-"' });
32211
+ return;
32212
+ }
32213
+ if (autoUpdate !== void 0 && typeof autoUpdate !== "boolean") {
32214
+ res.status(400).json({ error: "`autoUpdate` must be a boolean" });
32215
+ return;
32216
+ }
32217
+ if (allowPreRelease !== void 0 && typeof allowPreRelease !== "boolean") {
32218
+ res.status(400).json({ error: "`allowPreRelease` must be a boolean" });
32219
+ return;
32220
+ }
32221
+ if (registry !== void 0 && typeof registry !== "string") {
32222
+ res.status(400).json({ error: "`registry` must be a string" });
32223
+ return;
32224
+ }
32225
+ const registryUrl = registry !== void 0 ? parseExtensionRegistryUrl(registry, res) : void 0;
32226
+ if (registryUrl === null) return;
32227
+ if (consent !== true) {
32228
+ res.status(400).json({
32229
+ error: "Extension installation requires explicit consent"
32230
+ });
32231
+ return;
32232
+ }
32233
+ if (!validateExtensionSourceHost(source, res)) {
32234
+ return;
32235
+ }
32236
+ runQueuedExtensionMutation(
32237
+ "install",
32238
+ { source },
32239
+ res,
32240
+ async (extensionManager) => {
32241
+ const installMetadata = await parseInstallSource(source);
32242
+ if (installMetadata.type !== "git" && installMetadata.type !== "github-release" && installMetadata.type !== "npm") {
32243
+ throw new Error(
32244
+ "Only GitHub, Git, and npm extension installs are supported over the daemon endpoint."
32245
+ );
32246
+ }
32247
+ if (installMetadata.type === "npm" && ref) {
32248
+ throw new Error("--ref is not applicable for npm extensions.");
32249
+ }
32250
+ if (installMetadata.type !== "npm" && registry) {
32251
+ throw new Error(
32252
+ "--registry is only applicable for npm extensions."
32253
+ );
32254
+ }
32255
+ if (!validateExtensionSourceMetadata(installMetadata)) {
32256
+ throw new Error("`source` host is not allowed");
32257
+ }
32258
+ if (installMetadata.type === "npm" && registryUrl) {
32259
+ installMetadata.registryUrl = registryUrl;
32260
+ }
32261
+ const extension = await extensionManager.installExtension(
32262
+ { ...installMetadata, ref, autoUpdate, allowPreRelease },
32263
+ () => Promise.resolve()
32264
+ );
32265
+ return {
32266
+ status: "installed",
32267
+ source,
32268
+ name: extension.name,
32269
+ version: extension.config.version
32270
+ };
32271
+ }
32272
+ );
32273
+ } catch (err) {
32274
+ sendBridgeError(res, err, {
32275
+ route: "POST /workspace/extensions/install"
32276
+ });
32277
+ }
32278
+ }
32279
+ );
32280
+ app.post(
32281
+ "/workspace/extensions/check-updates",
32282
+ mutate({ strict: true }),
32283
+ async (req, res) => {
32284
+ try {
32285
+ if (!validateExtensionMutationClient(
32286
+ req,
32287
+ res,
32288
+ "POST /workspace/extensions/check-updates"
32289
+ )) {
32290
+ return;
32291
+ }
32292
+ const states = await enqueueExtensionInstall(
32293
+ async () => withExtensionTimeout(
32294
+ (async () => {
32295
+ const extensionManager = createExtensionManager();
32296
+ await extensionManager.refreshCache();
32297
+ const updateStates = {};
32298
+ await extensionManager.checkForAllExtensionUpdates(
32299
+ (name, state) => {
32300
+ updateStates[name] = state;
32301
+ }
32302
+ );
32303
+ return updateStates;
32304
+ })(),
32305
+ EXTENSION_REFRESH_TIMEOUT_MS,
32306
+ "extension update check"
32307
+ )
32308
+ );
32309
+ res.status(200).json({ states });
32310
+ } catch (err) {
32311
+ if (isExtensionQueueFullError(err)) {
32312
+ sendExtensionQueueFull(res);
32313
+ return;
32314
+ }
32315
+ sendBridgeError(res, err, {
32316
+ route: "POST /workspace/extensions/check-updates"
32317
+ });
32318
+ }
32319
+ }
32320
+ );
32321
+ app.post(
32322
+ "/workspace/extensions/refresh",
32323
+ mutate({ strict: true }),
32324
+ async (req, res) => {
32325
+ try {
32326
+ if (!validateExtensionMutationClient(
32327
+ req,
32328
+ res,
32329
+ "POST /workspace/extensions/refresh"
32330
+ )) {
32331
+ return;
32332
+ }
32333
+ const result = await enqueueExtensionInstall(
32334
+ async () => withExtensionTimeout(
32335
+ workspace.refreshExtensionsForAllSessions(),
32336
+ EXTENSION_REFRESH_TIMEOUT_MS,
32337
+ "extension refresh"
32338
+ )
32339
+ );
32340
+ res.status(200).json(result);
32341
+ } catch (err) {
32342
+ if (isExtensionQueueFullError(err)) {
32343
+ sendExtensionQueueFull(res);
32344
+ return;
32345
+ }
32346
+ sendBridgeError(res, err, {
32347
+ route: "POST /workspace/extensions/refresh"
32348
+ });
32349
+ }
32350
+ }
32351
+ );
32352
+ app.post(
32353
+ "/workspace/extensions/:name/enable",
32354
+ mutate({ strict: true }),
32355
+ async (req, res) => {
32356
+ try {
32357
+ if (!validateExtensionMutationClient(
32358
+ req,
32359
+ res,
32360
+ "POST /workspace/extensions/:name/enable"
32361
+ )) {
32362
+ return;
32363
+ }
32364
+ const name = req.params["name"];
32365
+ if (!name) {
32366
+ res.status(400).json({ error: "Missing extension name" });
32367
+ return;
32368
+ }
32369
+ const scope = parseExtensionScope(safeBody(req), res);
32370
+ if (scope === null) return;
32371
+ runQueuedExtensionMutation(
32372
+ "enable",
32373
+ { name },
32374
+ res,
32375
+ async (extensionManager) => {
32376
+ const extension = findLoadedExtension(extensionManager, name);
32377
+ if (!extension) {
32378
+ throw new Error(`Extension "${name}" not found`);
32379
+ }
32380
+ await extensionManager.enableExtension(
32381
+ extension.name,
32382
+ scope,
32383
+ boundWorkspace
32384
+ );
32385
+ return { status: "enabled", name: extension.name };
32386
+ }
32387
+ );
32388
+ } catch (err) {
32389
+ sendBridgeError(res, err, {
32390
+ route: "POST /workspace/extensions/:name/enable"
32391
+ });
32392
+ }
32393
+ }
32394
+ );
32395
+ app.post(
32396
+ "/workspace/extensions/:name/disable",
32397
+ mutate({ strict: true }),
32398
+ async (req, res) => {
32399
+ try {
32400
+ if (!validateExtensionMutationClient(
32401
+ req,
32402
+ res,
32403
+ "POST /workspace/extensions/:name/disable"
32404
+ )) {
32405
+ return;
32406
+ }
32407
+ const name = req.params["name"];
32408
+ if (!name) {
32409
+ res.status(400).json({ error: "Missing extension name" });
32410
+ return;
32411
+ }
32412
+ const scope = parseExtensionScope(safeBody(req), res);
32413
+ if (scope === null) return;
32414
+ runQueuedExtensionMutation(
32415
+ "disable",
32416
+ { name },
32417
+ res,
32418
+ async (extensionManager) => {
32419
+ const extension = findLoadedExtension(extensionManager, name);
32420
+ if (!extension) {
32421
+ throw new Error(`Extension "${name}" not found`);
32422
+ }
32423
+ await extensionManager.disableExtension(
32424
+ extension.name,
32425
+ scope,
32426
+ boundWorkspace
32427
+ );
32428
+ return { status: "disabled", name: extension.name };
32429
+ }
32430
+ );
32431
+ } catch (err) {
32432
+ sendBridgeError(res, err, {
32433
+ route: "POST /workspace/extensions/:name/disable"
32434
+ });
32435
+ }
32436
+ }
32437
+ );
32438
+ app.post(
32439
+ "/workspace/extensions/:name/update",
32440
+ mutate({ strict: true }),
32441
+ async (req, res) => {
32442
+ try {
32443
+ if (!validateExtensionMutationClient(
32444
+ req,
32445
+ res,
32446
+ "POST /workspace/extensions/:name/update"
32447
+ )) {
32448
+ return;
32449
+ }
32450
+ const name = req.params["name"];
32451
+ if (!name) {
32452
+ res.status(400).json({ error: "Missing extension name" });
32453
+ return;
32454
+ }
32455
+ runQueuedExtensionMutation(
32456
+ "update",
32457
+ { name },
32458
+ res,
32459
+ async (extensionManager) => {
32460
+ const extension = findLoadedExtension(extensionManager, name);
32461
+ if (!extension) {
32462
+ throw new Error(`Extension "${name}" not found`);
32463
+ }
32464
+ let updateError;
32465
+ const updateState = await withExtensionTimeout(
32466
+ checkForExtensionUpdate(extension, extensionManager).catch(
32467
+ (err) => {
32468
+ updateError = err;
32469
+ return "error" /* ERROR */;
32470
+ }
32471
+ ),
32472
+ EXTENSION_REFRESH_TIMEOUT_MS,
32473
+ "extension update check"
32474
+ );
32475
+ if (updateState === "error" /* ERROR */) {
32476
+ const message = updateError === void 0 ? void 0 : redactUrlCredentials(
32477
+ updateError instanceof Error ? updateError.message : String(updateError)
32478
+ );
32479
+ throw new Error(
32480
+ `Update check failed for extension "${extension.name}"${message ? `: ${message}` : ""}`
32481
+ );
32482
+ }
32483
+ if (updateState !== "update available" /* UPDATE_AVAILABLE */) {
32484
+ throw new Error(`Extension "${extension.name}" has no update`);
32485
+ }
32486
+ const info = await extensionManager.updateExtension(
32487
+ extension,
32488
+ updateState,
32489
+ () => void 0
32490
+ );
32491
+ return {
32492
+ status: "updated",
32493
+ name: extension.name,
32494
+ ...info?.updatedVersion ? { version: info.updatedVersion } : {}
32495
+ };
32496
+ }
32497
+ );
32498
+ } catch (err) {
32499
+ sendBridgeError(res, err, {
32500
+ route: "POST /workspace/extensions/:name/update"
32501
+ });
32502
+ }
32503
+ }
32504
+ );
32505
+ app.delete(
32506
+ "/workspace/extensions/:name",
32507
+ mutate({ strict: true }),
32508
+ async (req, res) => {
32509
+ try {
32510
+ if (!validateExtensionMutationClient(
32511
+ req,
32512
+ res,
32513
+ "DELETE /workspace/extensions/:name"
32514
+ )) {
32515
+ return;
32516
+ }
32517
+ const name = req.params["name"];
32518
+ if (!name) {
32519
+ res.status(400).json({ error: "Missing extension name" });
32520
+ return;
32521
+ }
32522
+ runQueuedExtensionMutation(
32523
+ "uninstall",
32524
+ { name },
32525
+ res,
32526
+ async (extensionManager) => {
32527
+ const extension = findLoadedExtension(extensionManager, name);
32528
+ if (!extension) {
32529
+ throw new Error(`Extension "${name}" not found`);
32530
+ }
32531
+ await extensionManager.uninstallExtension(
32532
+ extension.name,
32533
+ false,
32534
+ boundWorkspace
32535
+ );
32536
+ return { status: "uninstalled", name: extension.name };
32537
+ }
32538
+ );
32539
+ } catch (err) {
32540
+ sendBridgeError(res, err, {
32541
+ route: "DELETE /workspace/extensions/:name"
32542
+ });
32543
+ }
32544
+ }
32545
+ );
31603
32546
  registerWorkspaceFileReadRoutes(app, {
31604
32547
  parseClientId: parseClientIdHeader
31605
32548
  });
@@ -31826,7 +32769,7 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
31826
32769
  return;
31827
32770
  }
31828
32771
  const cwd = hasCwd ? body["cwd"] : boundWorkspace;
31829
- if (!path12.isAbsolute(cwd)) {
32772
+ if (!path13.isAbsolute(cwd)) {
31830
32773
  res.status(400).json({ error: "`cwd` must be an absolute path when provided" });
31831
32774
  return;
31832
32775
  }
@@ -32370,15 +33313,6 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
32370
33313
  { displayName },
32371
33314
  clientId !== void 0 ? { clientId } : void 0
32372
33315
  );
32373
- if (displayName !== void 0) {
32374
- try {
32375
- await new SessionService(boundWorkspace).renameSession(
32376
- sessionId,
32377
- displayName
32378
- );
32379
- } catch {
32380
- }
32381
- }
32382
33316
  res.status(200).json({ sessionId, ...effective });
32383
33317
  } catch (err) {
32384
33318
  sendBridgeError(res, err, {
@@ -32389,7 +33323,7 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
32389
33323
  });
32390
33324
  app.get("/workspace/:id/sessions", async (req, res) => {
32391
33325
  const workspaceCwd = req.params["id"] ?? "";
32392
- if (!path12.isAbsolute(workspaceCwd)) {
33326
+ if (!path13.isAbsolute(workspaceCwd)) {
32393
33327
  res.status(400).json({ error: "`:id` must decode to an absolute workspace path" });
32394
33328
  return;
32395
33329
  }
@@ -33289,6 +34223,9 @@ function createServeApp(opts, getPort = () => opts.port, deps = {}) {
33289
34223
  if (acpHandleRef.current) {
33290
34224
  app.locals["acpHandle"] = acpHandleRef.current;
33291
34225
  }
34226
+ if (webShellDir) {
34227
+ mountWebShellSpaFallback(app, webShellDir);
34228
+ }
33292
34229
  app.use(
33293
34230
  (err, _req, res, _next) => {
33294
34231
  if (sendJsonBodyParserError(res, err)) return;
@@ -33355,7 +34292,7 @@ function parseOptionalWorkspaceCwd2(body, boundWorkspace, res) {
33355
34292
  return void 0;
33356
34293
  }
33357
34294
  const cwd = hasCwd ? body["cwd"] : boundWorkspace;
33358
- if (!path12.isAbsolute(cwd)) {
34295
+ if (!path13.isAbsolute(cwd)) {
33359
34296
  res.status(400).json({ error: "`cwd` must be an absolute path when provided" });
33360
34297
  return void 0;
33361
34298
  }
@@ -33917,7 +34854,7 @@ __name(errorPayload, "errorPayload");
33917
34854
  // packages/cli/src/serve/runQwenServe.ts
33918
34855
  init_esbuild_shims();
33919
34856
  import * as fs6 from "node:fs";
33920
- import * as path13 from "node:path";
34857
+ import * as path14 from "node:path";
33921
34858
 
33922
34859
  // packages/cli/src/serve/permissionAudit.ts
33923
34860
  init_esbuild_shims();
@@ -34382,7 +35319,7 @@ async function runQwenServe(optsIn, deps = {}) {
34382
35319
  );
34383
35320
  }
34384
35321
  const rawWorkspace = opts.workspace ?? process.cwd();
34385
- if (!path13.isAbsolute(rawWorkspace)) {
35322
+ if (!path14.isAbsolute(rawWorkspace)) {
34386
35323
  throw new Error(
34387
35324
  `Invalid --workspace "${rawWorkspace}": must be an absolute path.`
34388
35325
  );
@@ -34456,6 +35393,13 @@ async function runQwenServe(optsIn, deps = {}) {
34456
35393
  );
34457
35394
  }
34458
35395
  }
35396
+ if (opts.permissionResponseTimeoutMs !== void 0) {
35397
+ if (!Number.isFinite(opts.permissionResponseTimeoutMs) || !Number.isInteger(opts.permissionResponseTimeoutMs) || opts.permissionResponseTimeoutMs < 0) {
35398
+ throw new TypeError(
35399
+ `Invalid permissionResponseTimeoutMs: ${opts.permissionResponseTimeoutMs}. Must be a non-negative integer (milliseconds, 0 = disabled / wait forever).`
35400
+ );
35401
+ }
35402
+ }
34459
35403
  const inheritedNoPool = process.env["QWEN_SERVE_NO_MCP_POOL"] === "1";
34460
35404
  if (opts.mcpPoolActive === void 0 && inheritedNoPool) {
34461
35405
  opts.mcpPoolActive = false;
@@ -34567,6 +35511,7 @@ async function runQwenServe(optsIn, deps = {}) {
34567
35511
  ...opts.channelIdleTimeoutMs !== void 0 ? { channelIdleTimeoutMs: opts.channelIdleTimeoutMs } : {},
34568
35512
  ...opts.sessionReapIntervalMs !== void 0 ? { sessionReapIntervalMs: opts.sessionReapIntervalMs } : {},
34569
35513
  ...opts.sessionIdleTimeoutMs !== void 0 ? { sessionIdleTimeoutMs: opts.sessionIdleTimeoutMs } : {},
35514
+ ...opts.permissionResponseTimeoutMs !== void 0 ? { permissionResponseTimeoutMs: opts.permissionResponseTimeoutMs } : {},
34570
35515
  boundWorkspace,
34571
35516
  sessionShellCommandEnabled,
34572
35517
  childEnvOverrides,
@@ -34628,6 +35573,7 @@ async function runQwenServe(optsIn, deps = {}) {
34628
35573
  }), "reloadDaemonEnv"),
34629
35574
  queryWorkspaceStatus: /* @__PURE__ */ __name((method, idle) => bridge.queryWorkspaceStatus(method, idle), "queryWorkspaceStatus"),
34630
35575
  invokeWorkspaceCommand: /* @__PURE__ */ __name((method, params, invokeOpts) => bridge.invokeWorkspaceCommand(method, params, invokeOpts), "invokeWorkspaceCommand"),
35576
+ refreshExtensionsForAllSessions: /* @__PURE__ */ __name(() => bridge.refreshExtensionsForAllSessions(), "refreshExtensionsForAllSessions"),
34631
35577
  publishWorkspaceEvent: /* @__PURE__ */ __name((event) => bridge.publishWorkspaceEvent(event), "publishWorkspaceEvent")
34632
35578
  });
34633
35579
  registerDaemonGaugeCallbacks({
@@ -34636,8 +35582,30 @@ async function runQwenServe(optsIn, deps = {}) {
34636
35582
  heapUsed: /* @__PURE__ */ __name(() => process.memoryUsage().heapUsed, "heapUsed")
34637
35583
  });
34638
35584
  let actualPort = opts.port;
35585
+ const webShellDir = opts.serveWebShell === false ? void 0 : resolveWebShellDir();
35586
+ if (opts.serveWebShell !== false) {
35587
+ if (!webShellDir) {
35588
+ writeStderrLine(
35589
+ "qwen serve: Web Shell assets not found; serving API only. Build the web-shell workspace (npm run build) or pass --no-web to silence this."
35590
+ );
35591
+ } else {
35592
+ writeStderrLine(`qwen serve: Web Shell UI served from ${webShellDir}`);
35593
+ if (!isLoopbackBind(opts.hostname)) {
35594
+ writeStderrLine(
35595
+ "qwen serve: Web Shell UI is served WITHOUT auth on a non-loopback bind (the static shell has no secrets; the API stays token-gated). Pass --no-web to disable the UI."
35596
+ );
35597
+ if (!opts.allowOrigins || opts.allowOrigins.length === 0) {
35598
+ writeStderrLine(
35599
+ "qwen serve: without --allow-origin the Web Shell is read-only on a non-loopback bind \u2014 same-origin POSTs are blocked by CORS (403). Pass --allow-origin <origin> or front it with a same-origin proxy."
35600
+ );
35601
+ }
35602
+ }
35603
+ }
35604
+ }
35605
+ const webShellMounted = !!webShellDir;
34639
35606
  const app = createServeApp(opts, () => actualPort, {
34640
35607
  bridge,
35608
+ webShellDir,
34641
35609
  boundWorkspace,
34642
35610
  qwenCodeVersion: cliVersion,
34643
35611
  fsFactory,
@@ -34752,6 +35720,8 @@ async function runQwenServe(optsIn, deps = {}) {
34752
35720
  server,
34753
35721
  url,
34754
35722
  bridge,
35723
+ webShellMounted,
35724
+ resolvedToken: token,
34755
35725
  close: /* @__PURE__ */ __name(() => {
34756
35726
  if (closePromise) return closePromise;
34757
35727
  closePromise = new Promise((res, rej) => {