@qwen-code/qwen-code 0.19.2 → 0.19.3-nightly.20260630.e00fe6a27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (286) hide show
  1. package/bundled/extension-creator/SKILL.md +357 -0
  2. package/bundled/loop/SKILL.md +21 -7
  3. package/bundled/loop/SKILL.test.ts +41 -0
  4. package/bundled/loop/loop-task-file.test.ts +1064 -0
  5. package/bundled/loop/loop-task-file.ts +404 -0
  6. package/bundled/loop/loop-tick-resolver.test.ts +665 -0
  7. package/bundled/loop/loop-tick-resolver.ts +347 -0
  8. package/bundled/qc-helper/SKILL.md +26 -19
  9. package/bundled/qc-helper/docs/configuration/auth.md +11 -11
  10. package/bundled/qc-helper/docs/configuration/model-providers.md +13 -13
  11. package/bundled/qc-helper/docs/configuration/settings.md +76 -75
  12. package/bundled/qc-helper/docs/features/channels/plugins.md +1 -1
  13. package/bundled/qc-helper/docs/features/commands.md +108 -77
  14. package/bundled/qc-helper/docs/features/hooks.md +6 -1
  15. package/bundled/qc-helper/docs/features/memory.md +52 -0
  16. package/bundled/qc-helper/docs/qwen-serve.md +24 -2
  17. package/bundled/qc-helper/docs/support/tos-privacy.md +16 -3
  18. package/bundled/qc-helper/docs/support/troubleshooting.md +6 -0
  19. package/chunks/{MaxSizedBox-7RERNLFK.js → MaxSizedBox-T5X5MN5Q.js} +29 -27
  20. package/chunks/{StandaloneSessionPicker-S22XBSN6.js → StandaloneSessionPicker-P3E3WTOQ.js} +42 -37
  21. package/chunks/{acpAgent-4MCETHF2.js → acpAgent-QEP6DXFW.js} +864 -175
  22. package/chunks/{agent-K3ENVYSB.js → agent-UDANDUF7.js} +24 -23
  23. package/chunks/{agent-headless-HO3V3A3A.js → agent-headless-KYVSZHSO.js} +24 -23
  24. package/chunks/{anthropicContentGenerator-E3TQ5XJJ.js → anthropicContentGenerator-KWSJAQ7B.js} +33 -12
  25. package/chunks/{artifact-tool-QA4KRO3B.js → artifact-tool-D2X7G3C3.js} +2 -2
  26. package/chunks/{askUserQuestion-HMWXW6VN.js → askUserQuestion-UGETICJQ.js} +2 -2
  27. package/chunks/{bridge-4LV2HBH2.js → bridge-X42LXPTA.js} +31 -30
  28. package/chunks/{ca-7WC7ELX6.js → ca-IUFWESZL.js} +1 -0
  29. package/chunks/{chunk-JXQ23SNT.js → chunk-2JKEQWDZ.js} +623 -78
  30. package/chunks/{chunk-2TJ3YN6Q.js → chunk-2RJA6J57.js} +416 -401
  31. package/chunks/{chunk-3UALQ56H.js → chunk-3227DZO4.js} +1 -1
  32. package/chunks/{chunk-BGUDAULQ.js → chunk-3CPCDXFR.js} +5 -5
  33. package/chunks/{chunk-5RVSM6NW.js → chunk-3HUHAQF3.js} +1 -1
  34. package/chunks/{chunk-D5E5TMYH.js → chunk-3M4W4U5G.js} +16 -2
  35. package/chunks/{chunk-DBZUXSSV.js → chunk-4X7NIEQJ.js} +3 -3
  36. package/chunks/chunk-5GOVVXEV.js +73 -0
  37. package/chunks/{chunk-2BAQ3ACS.js → chunk-5SM4VT6V.js} +405 -5
  38. package/chunks/{chunk-NYOHZYHM.js → chunk-5XQ4A26L.js} +45 -3
  39. package/chunks/{chunk-CI5O6SQL.js → chunk-6FKEVYCD.js} +4 -4
  40. package/chunks/{chunk-ZD3NW5KL.js → chunk-7LM4XHPE.js} +63 -9
  41. package/chunks/chunk-7UNP2XM7.js +840 -0
  42. package/chunks/{chunk-OQHQHJRK.js → chunk-ARYCHZ4B.js} +151 -4775
  43. package/chunks/chunk-BC3C4F3Q.js +40 -0
  44. package/chunks/{chunk-CGEGHF2C.js → chunk-BKXBARJZ.js} +1 -1
  45. package/chunks/chunk-BMFMJINR.js +45 -0
  46. package/chunks/chunk-BOJWHRMX.js +11273 -0
  47. package/chunks/{chunk-CGOMICBE.js → chunk-BSZEQNUA.js} +34 -1
  48. package/chunks/{chunk-OIC6S73E.js → chunk-BUUQ5HPX.js} +1 -1
  49. package/chunks/{chunk-2BIF2NVV.js → chunk-BVSVIN45.js} +2 -2
  50. package/chunks/{chunk-TOEGRAVX.js → chunk-BX5YO7UW.js} +17 -5
  51. package/chunks/{chunk-4W4T77MO.js → chunk-BXVWV4GI.js} +109 -6
  52. package/chunks/{chunk-VQRYPFCV.js → chunk-CYHVPQYT.js} +10 -460
  53. package/chunks/{chunk-PRYMDRBV.js → chunk-DDMOU62Q.js} +1 -1
  54. package/chunks/{chunk-S566HKUS.js → chunk-DHXWNSJA.js} +15 -1
  55. package/chunks/{chunk-F6XNTYNE.js → chunk-E6XQPQXW.js} +30 -307
  56. package/chunks/{chunk-QBZ22PQX.js → chunk-EWALXUAD.js} +3 -1
  57. package/chunks/{chunk-EL5IHQON.js → chunk-EWYQFWYF.js} +6 -27
  58. package/chunks/{chunk-HG6YKEBI.js → chunk-F2DOT6UZ.js} +161 -30
  59. package/chunks/{chunk-JTYRZODB.js → chunk-FOOIZCWL.js} +16 -7
  60. package/chunks/{chunk-EX4W6ZYG.js → chunk-G5G4TFZ7.js} +1 -1
  61. package/chunks/{chunk-EW6C27XX.js → chunk-GEHVIWAT.js} +9 -3
  62. package/chunks/chunk-HEVBZSXG.js +4923 -0
  63. package/chunks/chunk-HFQ2XSE7.js +690 -0
  64. package/chunks/{chunk-PF523XJX.js → chunk-HPGTGMP3.js} +1 -1
  65. package/chunks/{chunk-OTBK43JR.js → chunk-HYCC3XM3.js} +1 -1
  66. package/chunks/{chunk-TMBPDHXD.js → chunk-I4H7PRWQ.js} +1 -1
  67. package/chunks/{chunk-EEEZIVFJ.js → chunk-JOLIREYR.js} +1 -1
  68. package/chunks/{chunk-TZM5JIAX.js → chunk-JYPQTRA3.js} +10 -7
  69. package/chunks/chunk-K5XU6E4T.js +167 -0
  70. package/chunks/{chunk-BS64PXY3.js → chunk-KFVU7ODN.js} +1 -1
  71. package/chunks/{chunk-3RJ3ZPPR.js → chunk-KKQWC6WS.js} +7 -7
  72. package/chunks/{chunk-3QFE4OTE.js → chunk-LBW7NW7X.js} +4 -4
  73. package/chunks/{chunk-Z7XXFPGP.js → chunk-LDWTYE33.js} +1 -1
  74. package/chunks/{chunk-EXMX5YHG.js → chunk-LP5E4YIH.js} +1 -1
  75. package/chunks/{chunk-ZUAXI2OA.js → chunk-M2U5NM24.js} +188 -11366
  76. package/chunks/{chunk-I5T6PIBQ.js → chunk-MBV2CTRL.js} +1010 -925
  77. package/chunks/{chunk-5JZLXFPD.js → chunk-MTHMXSNT.js} +11 -11
  78. package/chunks/{chunk-FPACXT7T.js → chunk-MTJVHQDP.js} +534 -164
  79. package/chunks/chunk-NDOC6M5S.js +481 -0
  80. package/chunks/{chunk-HGNSRCRB.js → chunk-NL4C3H6C.js} +1 -1
  81. package/chunks/{chunk-GZCJS5WH.js → chunk-O2VBQ3Y2.js} +2 -2
  82. package/chunks/{chunk-UN3C6GOR.js → chunk-PPFWEV7G.js} +10 -108
  83. package/chunks/{chunk-RS4HRC75.js → chunk-QI2CFVRF.js} +85 -8
  84. package/chunks/{chunk-XU5P23GN.js → chunk-QLDPRILK.js} +3 -3
  85. package/chunks/chunk-QYUE6W3T.js +123 -0
  86. package/chunks/{chunk-USGMPVOY.js → chunk-R3LHDWF2.js} +21 -12
  87. package/chunks/{chunk-BNXANYLH.js → chunk-RD6YJJJ6.js} +81 -1
  88. package/chunks/{chunk-PXFFKNCO.js → chunk-RIP623NO.js} +4877 -2469
  89. package/chunks/{chunk-XKBP7M7A.js → chunk-RYBSUGOR.js} +142 -30
  90. package/chunks/{chunk-BG4BIP7F.js → chunk-SBBN4BWR.js} +4 -2
  91. package/chunks/{chunk-T2VDEFUU.js → chunk-SKQZZVAV.js} +2 -2
  92. package/chunks/{chunk-5R4SBCX6.js → chunk-SL5MOGQH.js} +3 -3
  93. package/chunks/chunk-SMXULRAN.js +37 -0
  94. package/chunks/{chunk-WA5OJGFL.js → chunk-SS6WJMQK.js} +363 -76
  95. package/chunks/{chunk-UAARVVBI.js → chunk-TNWFHGN6.js} +1 -1
  96. package/chunks/{chunk-I2RFAW6Q.js → chunk-TT6Q3EN4.js} +7 -5
  97. package/chunks/chunk-UAKXW3DN.js +30 -0
  98. package/chunks/{chunk-C4K3FEQ2.js → chunk-UX4SGCGN.js} +32 -3
  99. package/chunks/{chunk-J6AW7O5D.js → chunk-WHDQZHRU.js} +2 -2
  100. package/chunks/{chunk-WGAEWQTF.js → chunk-WN6K47NR.js} +1 -2
  101. package/chunks/{chunk-UAARJR2G.js → chunk-WQT5SOI6.js} +2 -2
  102. package/chunks/{chunk-VYFMN7C6.js → chunk-WUMVIRTN.js} +225 -37
  103. package/chunks/{chunk-R36VMVEP.js → chunk-XJMKOTVV.js} +5 -5
  104. package/chunks/{chunk-TXVGVZYR.js → chunk-XJYUPHRC.js} +3 -3
  105. package/chunks/{chunk-2JD55C6G.js → chunk-Y6YMRS3U.js} +2 -2
  106. package/chunks/{chunk-LLFFKXZZ.js → chunk-YALKC62D.js} +56 -29
  107. package/chunks/{chunk-GYZQA2FO.js → chunk-YLZJCUH6.js} +1 -1
  108. package/chunks/chunk-YTFBURQD.js +313 -0
  109. package/chunks/{chunk-KBXLIVWQ.js → chunk-ZFPRYHWR.js} +2 -2
  110. package/chunks/{chunk-X6EDWN44.js → chunk-ZP6UKOPB.js} +1 -1
  111. package/chunks/{computer-use-6BBRNT6S.js → computer-use-LF2S6LUZ.js} +103 -49
  112. package/chunks/{contextCommand-UJAJ6N57.js → contextCommand-VPX5UG55.js} +26 -25
  113. package/chunks/{cron-create-4KQE6YLH.js → cron-create-SKEY55RG.js} +4 -4
  114. package/chunks/{cron-delete-THME66UP.js → cron-delete-I3NAT32Z.js} +6 -6
  115. package/chunks/{cron-list-7A54SJ5N.js → cron-list-6XRRL6TH.js} +5 -5
  116. package/chunks/{daemon-status-provider-CSL3BUOY.js → daemon-status-provider-5JAWZS4V.js} +34 -34
  117. package/chunks/{de-ACHALDED.js → de-EOW5PVHF.js} +1 -0
  118. package/chunks/{dist-BD27IA3L.js → dist-4FCNM6KJ.js} +2 -2
  119. package/chunks/{dist-OD2FY543.js → dist-O3H4PABL.js} +2 -2
  120. package/chunks/{dist-BOOH5JWN.js → dist-SCAAUWPS.js} +18 -4
  121. package/chunks/{dist-QHJRBCMP.js → dist-UKPWQJCL.js} +44 -2
  122. package/chunks/{dist-QFFZWACU.js → dist-VD7HXTML.js} +20 -9
  123. package/chunks/{earlyInputCapture-X6KMCSHD.js → earlyInputCapture-7FRQMU4P.js} +25 -24
  124. package/chunks/{edit-7J6WXARF.js → edit-REKJDIRL.js} +68 -27
  125. package/chunks/{en-NCUBOJOY.js → en-HPWEJBTR.js} +8 -0
  126. package/chunks/{enter-worktree-KULCKJPJ.js → enter-worktree-GBKUDCD3.js} +24 -23
  127. package/chunks/{enterPlanMode-H2CIOLMH.js → enterPlanMode-WB3Y4FGT.js} +24 -23
  128. package/chunks/{errors-6G2JYR54.js → errors-2XJDYO3M.js} +26 -25
  129. package/chunks/{exit-worktree-ECBWBVC5.js → exit-worktree-KKC7O2ZV.js} +24 -23
  130. package/chunks/{exitPlanMode-DQV56GTW.js → exitPlanMode-7HMS3TF7.js} +24 -23
  131. package/chunks/{fast-path-35JJFS3C.js → fast-path-XVNIYWGG.js} +4 -4
  132. package/chunks/{fast-path-settings-TSVI53EB.js → fast-path-settings-UQLRFDQP.js} +3 -2
  133. package/chunks/{fr-GVKZ27MF.js → fr-BN5NKSAC.js} +1 -0
  134. package/chunks/{gemini-NDTG7WAX.js → gemini-U5TPU3IQ.js} +210 -104
  135. package/chunks/{geminiContentGenerator-XTG6SFLA.js → geminiContentGenerator-ZVWRHXOO.js} +4 -4
  136. package/chunks/{glob-SJ2JBZK4.js → glob-FEJWIH2W.js} +24 -23
  137. package/chunks/{grep-BRMWFEWR.js → grep-KMP25IIA.js} +24 -23
  138. package/chunks/{headlessSafetyWarnings-LJ6FJX77.js → headlessSafetyWarnings-5DEDET4M.js} +24 -23
  139. package/chunks/{initializer-P5AXF7PV.js → initializer-FJTACLOH.js} +31 -28
  140. package/chunks/{ja-FKZ2WZ4D.js → ja-7DEUB2TS.js} +1 -0
  141. package/chunks/{keychain-token-storage-CSYMNRPP.js → keychain-token-storage-YLMDLKXT.js} +2 -2
  142. package/chunks/{list-6COK34BP.js → list-SCQXYJUW.js} +32 -29
  143. package/chunks/{loadedSettingsAdapter-XIUTN245.js → loadedSettingsAdapter-P6KPNAG7.js} +30 -27
  144. package/chunks/{loop-wakeup-33GPXJLA.js → loop-wakeup-FYEQEJUA.js} +7 -7
  145. package/chunks/{ls-BYQY7RVV.js → ls-R5WP4BGZ.js} +4 -4
  146. package/chunks/{lsp-X54RO4IV.js → lsp-GSICJMMW.js} +2 -2
  147. package/chunks/{monitor-DH7KFSJV.js → monitor-JU3HHHVY.js} +24 -23
  148. package/chunks/nonInteractiveCli-IZEKUHU3.js +100 -0
  149. package/chunks/{notebook-edit-D4R4ZLMA.js → notebook-edit-YHY3Z2QQ.js} +52 -23
  150. package/chunks/{openaiContentGenerator-F74IPQ6E.js → openaiContentGenerator-4WUVA3Q2.js} +13 -12
  151. package/chunks/{pt-SY5NCFGR.js → pt-TNZRNLQB.js} +1 -0
  152. package/chunks/{qwenContentGenerator-ATTK5P4D.js → qwenContentGenerator-MVYYR44B.js} +26 -25
  153. package/chunks/{qwenOAuth2-K4AASPCV.js → qwenOAuth2-6HNGHALT.js} +5 -4
  154. package/chunks/{read-file-767G23OY.js → read-file-NABEO2X4.js} +8 -8
  155. package/chunks/{read-mcp-resource-I5HCZJ6X.js → read-mcp-resource-DQQW7H7T.js} +2 -2
  156. package/chunks/{ripGrep-4OMMGSWX.js → ripGrep-YXLK6UTX.js} +24 -23
  157. package/chunks/{ru-FWNXJG4F.js → ru-NIAUBKCN.js} +1 -0
  158. package/chunks/{run-qwen-serve-REKSTYRA.js → run-qwen-serve-4B5QBMLQ.js} +144 -41
  159. package/chunks/{scheduler-UNTFDQLG.js → scheduler-XAKIYBDL.js} +24 -23
  160. package/chunks/{send-message-2DAFXEYP.js → send-message-EE4TWKVU.js} +2 -2
  161. package/chunks/{serve-KZ56QB5S.js → serve-4RXVLUKD.js} +30 -28
  162. package/chunks/{server-BV5TZUMU.js → server-7PA5QGIA.js} +11037 -8747
  163. package/chunks/{session-OIBXFSGD.js → session-WNVWRYAH.js} +194 -57
  164. package/chunks/{settings-WJTCBIRA.js → settings-YJH32TFF.js} +30 -27
  165. package/chunks/{shell-WC52IBHW.js → shell-YFLABOS5.js} +24 -23
  166. package/chunks/{skill-U7F7JR4M.js → skill-N3J7FUAY.js} +38 -11
  167. package/chunks/{spawnChannel-EI2E5BCW.js → spawnChannel-D6WVMFZJ.js} +26 -25
  168. package/chunks/{src-4F6FBZFI.js → src-IU5GDBEH.js} +88 -28
  169. package/chunks/{startInteractiveUI-SFRVB3CE.js → startInteractiveUI-QIPQTRT4.js} +2784 -2474
  170. package/chunks/{syntheticOutput-PPS3HDVA.js → syntheticOutput-T5YHQ6S2.js} +3 -3
  171. package/chunks/{task-create-OUYCA553.js → task-create-BLY7RHXX.js} +6 -6
  172. package/chunks/{task-list-WAX7I2IA.js → task-list-3QUYNVYR.js} +5 -5
  173. package/chunks/{task-stop-CAIL6FNH.js → task-stop-U4RATK2V.js} +2 -2
  174. package/chunks/{task-update-AHEO5OUT.js → task-update-U54O7KJX.js} +6 -6
  175. package/chunks/{team-create-3WC7CIIW.js → team-create-TP4CLLM3.js} +24 -23
  176. package/chunks/{team-delete-HGHFG23B.js → team-delete-LKBYPASD.js} +5 -5
  177. package/chunks/{theme-manager-DICFCT3P.js → theme-manager-N2TBIBZT.js} +25 -24
  178. package/chunks/{todoWrite-IFBMN3FH.js → todoWrite-OYXKTVYN.js} +4 -4
  179. package/chunks/{tool-search-L5K7HLER.js → tool-search-GBBSICYB.js} +101 -16
  180. package/chunks/trustedFolders-F7TBU5CD.js +76 -0
  181. package/chunks/types-QX5C3CHJ.js +12 -0
  182. package/chunks/{validateNonInterActiveAuth-GCH4Z6KI.js → validateNonInterActiveAuth-EQDQPSMI.js} +55 -50
  183. package/chunks/{web-fetch-B5IIQ5TT.js → web-fetch-PCVCML2X.js} +29 -15
  184. package/chunks/{workflow-OB3AND7I.js → workflow-ANJ4FYBK.js} +32 -30
  185. package/chunks/{workspace-providers-status-ZIR5EPOO.js → workspace-providers-status-462QQKQM.js} +32 -29
  186. package/chunks/workspace-service-VTG4G6CW.js +75 -0
  187. package/chunks/{write-file-SEXBNDZM.js → write-file-3P3WMQQW.js} +63 -27
  188. package/chunks/{zh-RBEGQVQT.js → zh-5EUYXASN.js} +8 -0
  189. package/chunks/{zh-TW-QGAVRXT3.js → zh-TW-TR3XYGE5.js} +8 -0
  190. package/cli-entry.js +20 -9
  191. package/cli.js +6 -6
  192. package/locales/ca.js +2 -0
  193. package/locales/de.js +2 -0
  194. package/locales/en.js +14 -0
  195. package/locales/fr.js +2 -0
  196. package/locales/ja.js +1 -0
  197. package/locales/pt.js +2 -0
  198. package/locales/ru.js +2 -0
  199. package/locales/zh-TW.js +12 -0
  200. package/locales/zh.js +12 -0
  201. package/node_modules/@qwen-code/audio-capture/dist/index.d.ts +35 -0
  202. package/node_modules/@qwen-code/audio-capture/dist/index.js +48 -0
  203. package/node_modules/@qwen-code/audio-capture/dist/index.js.map +1 -0
  204. package/node_modules/@qwen-code/audio-capture/dist/platform.d.ts +7 -0
  205. package/node_modules/@qwen-code/audio-capture/dist/platform.js +18 -0
  206. package/node_modules/@qwen-code/audio-capture/dist/platform.js.map +1 -0
  207. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/LICENSE +21 -0
  208. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/README.md +58 -0
  209. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/SECURITY.md +5 -0
  210. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/bin.js +84 -0
  211. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/build-test.js +19 -0
  212. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/index.js +6 -0
  213. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/node-gyp-build.js +207 -0
  214. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/optional.js +7 -0
  215. package/node_modules/@qwen-code/audio-capture/node_modules/node-gyp-build/package.json +43 -0
  216. package/node_modules/@qwen-code/audio-capture/package.json +30 -0
  217. package/node_modules/@qwen-code/audio-capture/prebuilds/darwin-arm64/@qwen-code+audio-capture.node +0 -0
  218. package/node_modules/@qwen-code/audio-capture/prebuilds/darwin-x64/@qwen-code+audio-capture.node +0 -0
  219. package/node_modules/@qwen-code/audio-capture/prebuilds/linux-arm64/@qwen-code+audio-capture.node +0 -0
  220. package/node_modules/@qwen-code/audio-capture/prebuilds/linux-x64/@qwen-code+audio-capture.node +0 -0
  221. package/node_modules/@qwen-code/audio-capture/prebuilds/win32-x64/@qwen-code+audio-capture.node +0 -0
  222. package/package.json +18 -6
  223. package/patches/chrome-devtools-mcp+1.4.0.patch +31 -0
  224. package/postinstall.js +50 -0
  225. package/web-shell/assets/{arc-D_ae_Y9k.js → arc-DIemsO_F.js} +1 -1
  226. package/web-shell/assets/{architectureDiagram-3BPJPVTR-BMLRjppa.js → architectureDiagram-3BPJPVTR-CTlUvIQv.js} +1 -1
  227. package/web-shell/assets/{blockDiagram-GPEHLZMM-qVDQC8KL.js → blockDiagram-GPEHLZMM-DG0jmIZK.js} +1 -1
  228. package/web-shell/assets/{c4Diagram-AAUBKEIU-CxWS6MBd.js → c4Diagram-AAUBKEIU-WljDBi55.js} +1 -1
  229. package/web-shell/assets/channel-CbzRbdpA.js +1 -0
  230. package/web-shell/assets/{chunk-2J33WTMH-BtNuY5Yp.js → chunk-2J33WTMH-8nc6onr2.js} +1 -1
  231. package/web-shell/assets/{chunk-4BX2VUAB-BU-x368d.js → chunk-4BX2VUAB-EopXix8Z.js} +1 -1
  232. package/web-shell/assets/{chunk-55IACEB6-DRgTLvBu.js → chunk-55IACEB6-BE4Jz3N3.js} +1 -1
  233. package/web-shell/assets/{chunk-727SXJPM-D2aElv7q.js → chunk-727SXJPM-C_eErgDN.js} +1 -1
  234. package/web-shell/assets/{chunk-AQP2D5EJ-BwHCMRQ0.js → chunk-AQP2D5EJ-DFtVW-Is.js} +1 -1
  235. package/web-shell/assets/{chunk-FMBD7UC4-BMyPH-ku.js → chunk-FMBD7UC4-CJPyxIg9.js} +1 -1
  236. package/web-shell/assets/{chunk-ND2GUHAM-BNKTstUf.js → chunk-ND2GUHAM-Bk-xgj6M.js} +1 -1
  237. package/web-shell/assets/{chunk-QZHKN3VN-gD3vsFId.js → chunk-QZHKN3VN-p3Y4yaFB.js} +1 -1
  238. package/web-shell/assets/classDiagram-4FO5ZUOK-BFdyQ52h.js +1 -0
  239. package/web-shell/assets/classDiagram-v2-Q7XG4LA2-BFdyQ52h.js +1 -0
  240. package/web-shell/assets/{cose-bilkent-S5V4N54A-BG9FAsXE.js → cose-bilkent-S5V4N54A-BCMO6Js3.js} +1 -1
  241. package/web-shell/assets/{dagre-BM42HDAG-Cy1sR7om.js → dagre-BM42HDAG-DUMrwASf.js} +1 -1
  242. package/web-shell/assets/default-aEtf0G7-.svg +1 -0
  243. package/web-shell/assets/{diagram-2AECGRRQ-Bxi1I_Vu.js → diagram-2AECGRRQ-C5d7qJbL.js} +1 -1
  244. package/web-shell/assets/{diagram-5GNKFQAL-BGCJjO6y.js → diagram-5GNKFQAL-CjLzMhbT.js} +1 -1
  245. package/web-shell/assets/{diagram-KO2AKTUF-CMTeLXp7.js → diagram-KO2AKTUF-RCoNWeAm.js} +1 -1
  246. package/web-shell/assets/{diagram-LMA3HP47-BN1wyAGh.js → diagram-LMA3HP47-KThXjaNV.js} +1 -1
  247. package/web-shell/assets/{diagram-OG6HWLK6-UYSG_zcp.js → diagram-OG6HWLK6-DKsC2BWz.js} +1 -1
  248. package/web-shell/assets/{erDiagram-TEJ5UH35-DqXL08lw.js → erDiagram-TEJ5UH35-DJ2ukmq0.js} +1 -1
  249. package/web-shell/assets/{flowDiagram-I6XJVG4X-BPJ9SFji.js → flowDiagram-I6XJVG4X-zzqaARRX.js} +1 -1
  250. package/web-shell/assets/{ganttDiagram-6RSMTGT7-BEd9Pnms.js → ganttDiagram-6RSMTGT7-kFUg-gqT.js} +1 -1
  251. package/web-shell/assets/{gitGraphDiagram-PVQCEYII-DrNRH3oi.js → gitGraphDiagram-PVQCEYII-C6JnMVzD.js} +1 -1
  252. package/web-shell/assets/index-B3XUm7dw.js +713 -0
  253. package/web-shell/assets/index-CHmzAWys.css +5 -0
  254. package/web-shell/assets/{infoDiagram-5YYISTIA-CFYBrkVI.js → infoDiagram-5YYISTIA-XqPVhp89.js} +1 -1
  255. package/web-shell/assets/insert-DmRbh9Rv.svg +1 -0
  256. package/web-shell/assets/{ishikawaDiagram-YF4QCWOH-Dxsddth7.js → ishikawaDiagram-YF4QCWOH-D2k8sGpf.js} +1 -1
  257. package/web-shell/assets/{journeyDiagram-JHISSGLW-DxaDK80t.js → journeyDiagram-JHISSGLW-CQEST1GE.js} +1 -1
  258. package/web-shell/assets/{kanban-definition-UN3LZRKU-Q0jQCOct.js → kanban-definition-UN3LZRKU-DZ7kqVBC.js} +1 -1
  259. package/web-shell/assets/{linear-DGGM2kcP.js → linear-B6C_6q_E.js} +1 -1
  260. package/web-shell/assets/{mermaid.core-ByoxnWut.js → mermaid.core-CsyNP1qt.js} +5 -5
  261. package/web-shell/assets/{mindmap-definition-RKZ34NQL-C0ZseHsi.js → mindmap-definition-RKZ34NQL-B1VDIzJq.js} +1 -1
  262. package/web-shell/assets/{pieDiagram-4H26LBE5-MQXNhl5A.js → pieDiagram-4H26LBE5-DN0E7Jwu.js} +1 -1
  263. package/web-shell/assets/{quadrantDiagram-W4KKPZXB-DIR4ee2A.js → quadrantDiagram-W4KKPZXB-UKTQdHKm.js} +1 -1
  264. package/web-shell/assets/queue-DWpnpFgW.svg +1 -0
  265. package/web-shell/assets/{requirementDiagram-4Y6WPE33-BTR0UdYQ.js → requirementDiagram-4Y6WPE33-BRGceQvN.js} +1 -1
  266. package/web-shell/assets/{sankeyDiagram-5OEKKPKP-sfnhMELN.js → sankeyDiagram-5OEKKPKP-2DDyu41v.js} +1 -1
  267. package/web-shell/assets/{sequenceDiagram-3UESZ5HK-DXczHOHH.js → sequenceDiagram-3UESZ5HK-CT5iE8ZU.js} +1 -1
  268. package/web-shell/assets/{stateDiagram-AJRCARHV-DdE_KQFH.js → stateDiagram-AJRCARHV-CqMQ_s4G.js} +1 -1
  269. package/web-shell/assets/stateDiagram-v2-BHNVJYJU-CamhV5pM.js +1 -0
  270. package/web-shell/assets/{timeline-definition-PNZ67QCA-DIc61uE8.js → timeline-definition-PNZ67QCA-Di37QSZU.js} +1 -1
  271. package/web-shell/assets/{vennDiagram-CIIHVFJN-BF7ODmxB.js → vennDiagram-CIIHVFJN-DCXvpz5S.js} +1 -1
  272. package/web-shell/assets/{wardley-L42UT6IY-3pc1MEaw.js → wardley-L42UT6IY-CpUCk6OX.js} +1 -1
  273. package/web-shell/assets/{wardleyDiagram-YWT4CUSO-9jnPcZuP.js → wardleyDiagram-YWT4CUSO-D01pVEBg.js} +1 -1
  274. package/web-shell/assets/{xychartDiagram-2RQKCTM6-DcthaZK6.js → xychartDiagram-2RQKCTM6-DOu5JDoz.js} +1 -1
  275. package/web-shell/index.html +2 -2
  276. package/chunks/chunk-B6HQGTYR.js +0 -410
  277. package/chunks/chunk-R2BXK7SX.js +0 -13
  278. package/chunks/chunk-RKIZXJMB.js +0 -13
  279. package/chunks/nonInteractiveCli-7575LBXP.js +0 -91
  280. package/chunks/workspace-service-OM5D4OI2.js +0 -60
  281. package/web-shell/assets/channel-DYPNiTww.js +0 -1
  282. package/web-shell/assets/classDiagram-4FO5ZUOK-p_g25Tni.js +0 -1
  283. package/web-shell/assets/classDiagram-v2-Q7XG4LA2-p_g25Tni.js +0 -1
  284. package/web-shell/assets/index-CpOXWDPh.js +0 -714
  285. package/web-shell/assets/index-oVK7qhre.css +0 -5
  286. package/web-shell/assets/stateDiagram-v2-BHNVJYJU-BHUSEndU.js +0 -1
@@ -6,6 +6,15 @@ import {
6
6
  import {
7
7
  require_mime_db
8
8
  } from "./chunk-7RYW5LQV.js";
9
+ import {
10
+ CLIENT_MCP_OVER_WS_CONFIG_FLAG
11
+ } from "./chunk-EWALXUAD.js";
12
+ import {
13
+ MAX_WORKSPACE_PATH_LENGTH
14
+ } from "./chunk-SEZC2725.js";
15
+ import {
16
+ writeStderrLine
17
+ } from "./chunk-Y6Z2O3WR.js";
9
18
  import {
10
19
  require_once
11
20
  } from "./chunk-5P5XGNYH.js";
@@ -9060,11 +9069,11 @@ var require_mime_types = __commonJS({
9060
9069
  return exts[0];
9061
9070
  }
9062
9071
  __name(extension, "extension");
9063
- function lookup(path2) {
9064
- if (!path2 || typeof path2 !== "string") {
9072
+ function lookup(path3) {
9073
+ if (!path3 || typeof path3 !== "string") {
9065
9074
  return false;
9066
9075
  }
9067
- var extension2 = extname("x." + path2).toLowerCase().slice(1);
9076
+ var extension2 = extname("x." + path3).toLowerCase().slice(1);
9068
9077
  if (!extension2) {
9069
9078
  return false;
9070
9079
  }
@@ -10195,13 +10204,13 @@ var require_view = __commonJS({
10195
10204
  "use strict";
10196
10205
  init_esbuild_shims();
10197
10206
  var debug = require_src()("express:view");
10198
- var path2 = __require("node:path");
10207
+ var path3 = __require("node:path");
10199
10208
  var fs = __require("node:fs");
10200
- var dirname2 = path2.dirname;
10201
- var basename2 = path2.basename;
10202
- var extname = path2.extname;
10203
- var join2 = path2.join;
10204
- var resolve = path2.resolve;
10209
+ var dirname2 = path3.dirname;
10210
+ var basename2 = path3.basename;
10211
+ var extname = path3.extname;
10212
+ var join2 = path3.join;
10213
+ var resolve = path3.resolve;
10205
10214
  module.exports = View;
10206
10215
  function View(name, options) {
10207
10216
  var opts = options || {};
@@ -10231,17 +10240,17 @@ var require_view = __commonJS({
10231
10240
  }
10232
10241
  __name(View, "View");
10233
10242
  View.prototype.lookup = /* @__PURE__ */ __name(function lookup(name) {
10234
- var path3;
10243
+ var path4;
10235
10244
  var roots = [].concat(this.root);
10236
10245
  debug('lookup "%s"', name);
10237
- for (var i = 0; i < roots.length && !path3; i++) {
10246
+ for (var i = 0; i < roots.length && !path4; i++) {
10238
10247
  var root = roots[i];
10239
10248
  var loc = resolve(root, name);
10240
10249
  var dir = dirname2(loc);
10241
10250
  var file = basename2(loc);
10242
- path3 = this.resolve(dir, file);
10251
+ path4 = this.resolve(dir, file);
10243
10252
  }
10244
- return path3;
10253
+ return path4;
10245
10254
  }, "lookup");
10246
10255
  View.prototype.render = /* @__PURE__ */ __name(function render(options, callback) {
10247
10256
  var sync = true;
@@ -10263,21 +10272,21 @@ var require_view = __commonJS({
10263
10272
  }, "render");
10264
10273
  View.prototype.resolve = /* @__PURE__ */ __name(function resolve2(dir, file) {
10265
10274
  var ext = this.ext;
10266
- var path3 = join2(dir, file);
10267
- var stat = tryStat(path3);
10275
+ var path4 = join2(dir, file);
10276
+ var stat = tryStat(path4);
10268
10277
  if (stat && stat.isFile()) {
10269
- return path3;
10278
+ return path4;
10270
10279
  }
10271
- path3 = join2(dir, basename2(file, ext), "index" + ext);
10272
- stat = tryStat(path3);
10280
+ path4 = join2(dir, basename2(file, ext), "index" + ext);
10281
+ stat = tryStat(path4);
10273
10282
  if (stat && stat.isFile()) {
10274
- return path3;
10283
+ return path4;
10275
10284
  }
10276
10285
  }, "resolve");
10277
- function tryStat(path3) {
10278
- debug('stat "%s"', path3);
10286
+ function tryStat(path4) {
10287
+ debug('stat "%s"', path4);
10279
10288
  try {
10280
- return fs.statSync(path3);
10289
+ return fs.statSync(path4);
10281
10290
  } catch (e) {
10282
10291
  return void 0;
10283
10292
  }
@@ -11467,9 +11476,9 @@ var require_dist2 = __commonJS({
11467
11476
  function consume(endType) {
11468
11477
  const tokens2 = [];
11469
11478
  while (true) {
11470
- const path2 = it.text();
11471
- if (path2)
11472
- tokens2.push({ type: "text", value: encodePath(path2) });
11479
+ const path3 = it.text();
11480
+ if (path3)
11481
+ tokens2.push({ type: "text", value: encodePath(path3) });
11473
11482
  const param = it.tryConsume("PARAM");
11474
11483
  if (param) {
11475
11484
  tokens2.push({
@@ -11503,16 +11512,16 @@ var require_dist2 = __commonJS({
11503
11512
  return new TokenData(tokens);
11504
11513
  }
11505
11514
  __name(parse, "parse");
11506
- function compile(path2, options = {}) {
11515
+ function compile(path3, options = {}) {
11507
11516
  const { encode = encodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
11508
- const data = path2 instanceof TokenData ? path2 : parse(path2, options);
11517
+ const data = path3 instanceof TokenData ? path3 : parse(path3, options);
11509
11518
  const fn = tokensToFunction(data.tokens, delimiter, encode);
11510
- return /* @__PURE__ */ __name(function path3(data2 = {}) {
11511
- const [path4, ...missing] = fn(data2);
11519
+ return /* @__PURE__ */ __name(function path4(data2 = {}) {
11520
+ const [path5, ...missing] = fn(data2);
11512
11521
  if (missing.length) {
11513
11522
  throw new TypeError(`Missing parameters: ${missing.join(", ")}`);
11514
11523
  }
11515
- return path4;
11524
+ return path5;
11516
11525
  }, "path");
11517
11526
  }
11518
11527
  __name(compile, "compile");
@@ -11571,9 +11580,9 @@ var require_dist2 = __commonJS({
11571
11580
  };
11572
11581
  }
11573
11582
  __name(tokenToFunction, "tokenToFunction");
11574
- function match(path2, options = {}) {
11583
+ function match(path3, options = {}) {
11575
11584
  const { decode = decodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
11576
- const { regexp, keys } = pathToRegexp(path2, options);
11585
+ const { regexp, keys } = pathToRegexp(path3, options);
11577
11586
  const decoders = keys.map((key) => {
11578
11587
  if (decode === false)
11579
11588
  return NOOP_VALUE;
@@ -11585,7 +11594,7 @@ var require_dist2 = __commonJS({
11585
11594
  const m = regexp.exec(input);
11586
11595
  if (!m)
11587
11596
  return false;
11588
- const path3 = m[0];
11597
+ const path4 = m[0];
11589
11598
  const params = /* @__PURE__ */ Object.create(null);
11590
11599
  for (let i = 1; i < m.length; i++) {
11591
11600
  if (m[i] === void 0)
@@ -11594,17 +11603,17 @@ var require_dist2 = __commonJS({
11594
11603
  const decoder = decoders[i - 1];
11595
11604
  params[key.name] = decoder(m[i]);
11596
11605
  }
11597
- return { path: path3, params };
11606
+ return { path: path4, params };
11598
11607
  }, "match");
11599
11608
  }
11600
11609
  __name(match, "match");
11601
- function pathToRegexp(path2, options = {}) {
11610
+ function pathToRegexp(path3, options = {}) {
11602
11611
  const { delimiter = DEFAULT_DELIMITER, end = true, sensitive = false, trailing = true } = options;
11603
11612
  const keys = [];
11604
11613
  const sources = [];
11605
11614
  const flags = sensitive ? "" : "i";
11606
- const paths = Array.isArray(path2) ? path2 : [path2];
11607
- const items = paths.map((path3) => path3 instanceof TokenData ? path3 : parse(path3, options));
11615
+ const paths = Array.isArray(path3) ? path3 : [path3];
11616
+ const items = paths.map((path4) => path4 instanceof TokenData ? path4 : parse(path4, options));
11608
11617
  for (const { tokens } of items) {
11609
11618
  for (const seq of flatten(tokens, 0, [])) {
11610
11619
  const regexp2 = sequenceToRegExp(seq, delimiter, keys);
@@ -11722,18 +11731,18 @@ var require_layer = __commonJS({
11722
11731
  var TRAILING_SLASH_REGEXP = /\/+$/;
11723
11732
  var MATCHING_GROUP_REGEXP = /\((?:\?<(.*?)>)?(?!\?)/g;
11724
11733
  module.exports = Layer;
11725
- function Layer(path2, options, fn) {
11734
+ function Layer(path3, options, fn) {
11726
11735
  if (!(this instanceof Layer)) {
11727
- return new Layer(path2, options, fn);
11736
+ return new Layer(path3, options, fn);
11728
11737
  }
11729
- debug("new %o", path2);
11738
+ debug("new %o", path3);
11730
11739
  const opts = options || {};
11731
11740
  this.handle = fn;
11732
11741
  this.keys = [];
11733
11742
  this.name = fn.name || "<anonymous>";
11734
11743
  this.params = void 0;
11735
11744
  this.path = void 0;
11736
- this.slash = path2 === "/" && opts.end === false;
11745
+ this.slash = path3 === "/" && opts.end === false;
11737
11746
  function matcher(_path) {
11738
11747
  if (_path instanceof RegExp) {
11739
11748
  const keys = [];
@@ -11773,7 +11782,7 @@ var require_layer = __commonJS({
11773
11782
  });
11774
11783
  }
11775
11784
  __name(matcher, "matcher");
11776
- this.matchers = Array.isArray(path2) ? path2.map(matcher) : [matcher(path2)];
11785
+ this.matchers = Array.isArray(path3) ? path3.map(matcher) : [matcher(path3)];
11777
11786
  }
11778
11787
  __name(Layer, "Layer");
11779
11788
  Layer.prototype.handleError = /* @__PURE__ */ __name(function handleError(error, req, res, next) {
@@ -11814,9 +11823,9 @@ var require_layer = __commonJS({
11814
11823
  next(err);
11815
11824
  }
11816
11825
  }, "handleRequest");
11817
- Layer.prototype.match = /* @__PURE__ */ __name(function match(path2) {
11826
+ Layer.prototype.match = /* @__PURE__ */ __name(function match(path3) {
11818
11827
  let match2;
11819
- if (path2 != null) {
11828
+ if (path3 != null) {
11820
11829
  if (this.slash) {
11821
11830
  this.params = {};
11822
11831
  this.path = "";
@@ -11824,7 +11833,7 @@ var require_layer = __commonJS({
11824
11833
  }
11825
11834
  let i = 0;
11826
11835
  while (!match2 && i < this.matchers.length) {
11827
- match2 = this.matchers[i](path2);
11836
+ match2 = this.matchers[i](path3);
11828
11837
  i++;
11829
11838
  }
11830
11839
  }
@@ -11853,13 +11862,13 @@ var require_layer = __commonJS({
11853
11862
  }
11854
11863
  }
11855
11864
  __name(decodeParam, "decodeParam");
11856
- function loosen(path2) {
11857
- if (path2 instanceof RegExp || path2 === "/") {
11858
- return path2;
11865
+ function loosen(path3) {
11866
+ if (path3 instanceof RegExp || path3 === "/") {
11867
+ return path3;
11859
11868
  }
11860
- return Array.isArray(path2) ? path2.map(function(p) {
11869
+ return Array.isArray(path3) ? path3.map(function(p) {
11861
11870
  return loosen(p);
11862
- }) : String(path2).replace(TRAILING_SLASH_REGEXP, "");
11871
+ }) : String(path3).replace(TRAILING_SLASH_REGEXP, "");
11863
11872
  }
11864
11873
  __name(loosen, "loosen");
11865
11874
  }
@@ -11877,9 +11886,9 @@ var require_route = __commonJS({
11877
11886
  var flatten = Array.prototype.flat;
11878
11887
  var methods = METHODS.map((method) => method.toLowerCase());
11879
11888
  module.exports = Route;
11880
- function Route(path2) {
11881
- debug("new %o", path2);
11882
- this.path = path2;
11889
+ function Route(path3) {
11890
+ debug("new %o", path3);
11891
+ this.path = path3;
11883
11892
  this.stack = [];
11884
11893
  this.methods = /* @__PURE__ */ Object.create(null);
11885
11894
  }
@@ -12092,8 +12101,8 @@ var require_router = __commonJS({
12092
12101
  if (++sync > 100) {
12093
12102
  return setImmediate(next, err);
12094
12103
  }
12095
- const path2 = getPathname(req);
12096
- if (path2 == null) {
12104
+ const path3 = getPathname(req);
12105
+ if (path3 == null) {
12097
12106
  return done(layerError);
12098
12107
  }
12099
12108
  let layer;
@@ -12101,7 +12110,7 @@ var require_router = __commonJS({
12101
12110
  let route;
12102
12111
  while (match !== true && idx < stack.length) {
12103
12112
  layer = stack[idx++];
12104
- match = matchLayer(layer, path2);
12113
+ match = matchLayer(layer, path3);
12105
12114
  route = layer.route;
12106
12115
  if (typeof match !== "boolean") {
12107
12116
  layerError = layerError || match;
@@ -12139,19 +12148,19 @@ var require_router = __commonJS({
12139
12148
  } else if (route) {
12140
12149
  layer.handleRequest(req, res, next);
12141
12150
  } else {
12142
- trimPrefix(layer, layerError, layerPath, path2);
12151
+ trimPrefix(layer, layerError, layerPath, path3);
12143
12152
  }
12144
12153
  sync = 0;
12145
12154
  });
12146
12155
  }
12147
12156
  __name(next, "next");
12148
- function trimPrefix(layer, layerError, layerPath, path2) {
12157
+ function trimPrefix(layer, layerError, layerPath, path3) {
12149
12158
  if (layerPath.length !== 0) {
12150
- if (layerPath !== path2.substring(0, layerPath.length)) {
12159
+ if (layerPath !== path3.substring(0, layerPath.length)) {
12151
12160
  next(layerError);
12152
12161
  return;
12153
12162
  }
12154
- const c = path2[layerPath.length];
12163
+ const c = path3[layerPath.length];
12155
12164
  if (c && c !== "/") {
12156
12165
  next(layerError);
12157
12166
  return;
@@ -12176,7 +12185,7 @@ var require_router = __commonJS({
12176
12185
  }, "handle");
12177
12186
  Router.prototype.use = /* @__PURE__ */ __name(function use(handler) {
12178
12187
  let offset = 0;
12179
- let path2 = "/";
12188
+ let path3 = "/";
12180
12189
  if (typeof handler !== "function") {
12181
12190
  let arg = handler;
12182
12191
  while (Array.isArray(arg) && arg.length !== 0) {
@@ -12184,7 +12193,7 @@ var require_router = __commonJS({
12184
12193
  }
12185
12194
  if (typeof arg !== "function") {
12186
12195
  offset = 1;
12187
- path2 = handler;
12196
+ path3 = handler;
12188
12197
  }
12189
12198
  }
12190
12199
  const callbacks = flatten.call(slice.call(arguments, offset), Infinity);
@@ -12196,8 +12205,8 @@ var require_router = __commonJS({
12196
12205
  if (typeof fn !== "function") {
12197
12206
  throw new TypeError("argument handler must be a function");
12198
12207
  }
12199
- debug("use %o %s", path2, fn.name || "<anonymous>");
12200
- const layer = new Layer(path2, {
12208
+ debug("use %o %s", path3, fn.name || "<anonymous>");
12209
+ const layer = new Layer(path3, {
12201
12210
  sensitive: this.caseSensitive,
12202
12211
  strict: false,
12203
12212
  end: false
@@ -12207,9 +12216,9 @@ var require_router = __commonJS({
12207
12216
  }
12208
12217
  return this;
12209
12218
  }, "use");
12210
- Router.prototype.route = /* @__PURE__ */ __name(function route(path2) {
12211
- const route2 = new Route(path2);
12212
- const layer = new Layer(path2, {
12219
+ Router.prototype.route = /* @__PURE__ */ __name(function route(path3) {
12220
+ const route2 = new Route(path3);
12221
+ const layer = new Layer(path3, {
12213
12222
  sensitive: this.caseSensitive,
12214
12223
  strict: this.strict,
12215
12224
  end: true
@@ -12223,8 +12232,8 @@ var require_router = __commonJS({
12223
12232
  return route2;
12224
12233
  }, "route");
12225
12234
  methods.concat("all").forEach(function(method) {
12226
- Router.prototype[method] = function(path2) {
12227
- const route = this.route(path2);
12235
+ Router.prototype[method] = function(path3) {
12236
+ const route = this.route(path3);
12228
12237
  route[method].apply(route, slice.call(arguments, 1));
12229
12238
  return this;
12230
12239
  };
@@ -12256,9 +12265,9 @@ var require_router = __commonJS({
12256
12265
  return fqdnIndex !== -1 ? url.substring(0, url.indexOf("/", 3 + fqdnIndex)) : void 0;
12257
12266
  }
12258
12267
  __name(getProtohost, "getProtohost");
12259
- function matchLayer(layer, path2) {
12268
+ function matchLayer(layer, path3) {
12260
12269
  try {
12261
- return layer.match(path2);
12270
+ return layer.match(path3);
12262
12271
  } catch (err) {
12263
12272
  return err;
12264
12273
  }
@@ -12496,7 +12505,7 @@ var require_application = __commonJS({
12496
12505
  }, "handle");
12497
12506
  app.use = /* @__PURE__ */ __name(function use(fn) {
12498
12507
  var offset = 0;
12499
- var path2 = "/";
12508
+ var path3 = "/";
12500
12509
  if (typeof fn !== "function") {
12501
12510
  var arg = fn;
12502
12511
  while (Array.isArray(arg) && arg.length !== 0) {
@@ -12504,7 +12513,7 @@ var require_application = __commonJS({
12504
12513
  }
12505
12514
  if (typeof arg !== "function") {
12506
12515
  offset = 1;
12507
- path2 = fn;
12516
+ path3 = fn;
12508
12517
  }
12509
12518
  }
12510
12519
  var fns = flatten.call(slice.call(arguments, offset), Infinity);
@@ -12514,12 +12523,12 @@ var require_application = __commonJS({
12514
12523
  var router = this.router;
12515
12524
  fns.forEach(function(fn2) {
12516
12525
  if (!fn2 || !fn2.handle || !fn2.set) {
12517
- return router.use(path2, fn2);
12526
+ return router.use(path3, fn2);
12518
12527
  }
12519
- debug(".use app under %s", path2);
12520
- fn2.mountpath = path2;
12528
+ debug(".use app under %s", path3);
12529
+ fn2.mountpath = path3;
12521
12530
  fn2.parent = this;
12522
- router.use(path2, /* @__PURE__ */ __name(function mounted_app(req, res, next) {
12531
+ router.use(path3, /* @__PURE__ */ __name(function mounted_app(req, res, next) {
12523
12532
  var orig = req.app;
12524
12533
  fn2.handle(req, res, function(err) {
12525
12534
  Object.setPrototypeOf(req, orig.request);
@@ -12531,8 +12540,8 @@ var require_application = __commonJS({
12531
12540
  }, this);
12532
12541
  return this;
12533
12542
  }, "use");
12534
- app.route = /* @__PURE__ */ __name(function route(path2) {
12535
- return this.router.route(path2);
12543
+ app.route = /* @__PURE__ */ __name(function route(path3) {
12544
+ return this.router.route(path3);
12536
12545
  }, "route");
12537
12546
  app.engine = /* @__PURE__ */ __name(function engine(ext, fn) {
12538
12547
  if (typeof fn !== "function") {
@@ -12575,7 +12584,7 @@ var require_application = __commonJS({
12575
12584
  }
12576
12585
  return this;
12577
12586
  }, "set");
12578
- app.path = /* @__PURE__ */ __name(function path2() {
12587
+ app.path = /* @__PURE__ */ __name(function path3() {
12579
12588
  return this.parent ? this.parent.path() + this.mountpath : "";
12580
12589
  }, "path");
12581
12590
  app.enabled = /* @__PURE__ */ __name(function enabled(setting) {
@@ -12591,17 +12600,17 @@ var require_application = __commonJS({
12591
12600
  return this.set(setting, false);
12592
12601
  }, "disable");
12593
12602
  methods.forEach(function(method) {
12594
- app[method] = function(path2) {
12603
+ app[method] = function(path3) {
12595
12604
  if (method === "get" && arguments.length === 1) {
12596
- return this.set(path2);
12605
+ return this.set(path3);
12597
12606
  }
12598
- var route = this.route(path2);
12607
+ var route = this.route(path3);
12599
12608
  route[method].apply(route, slice.call(arguments, 1));
12600
12609
  return this;
12601
12610
  };
12602
12611
  });
12603
- app.all = /* @__PURE__ */ __name(function all(path2) {
12604
- var route = this.route(path2);
12612
+ app.all = /* @__PURE__ */ __name(function all(path3) {
12613
+ var route = this.route(path3);
12605
12614
  var args = slice.call(arguments, 1);
12606
12615
  for (var i = 0; i < methods.length; i++) {
12607
12616
  route[methods[i]].apply(route, args);
@@ -13571,7 +13580,7 @@ var require_request = __commonJS({
13571
13580
  var subdomains2 = !isIP(hostname) ? hostname.split(".").reverse() : [hostname];
13572
13581
  return subdomains2.slice(offset);
13573
13582
  }, "subdomains"));
13574
- defineGetter(req, "path", /* @__PURE__ */ __name(function path2() {
13583
+ defineGetter(req, "path", /* @__PURE__ */ __name(function path3() {
13575
13584
  return parse(this).pathname;
13576
13585
  }, "path"));
13577
13586
  defineGetter(req, "host", /* @__PURE__ */ __name(function host() {
@@ -13794,8 +13803,8 @@ var require_content_disposition = __commonJS({
13794
13803
  this.parameters = parameters;
13795
13804
  }
13796
13805
  __name(ContentDisposition, "ContentDisposition");
13797
- function basename2(path2) {
13798
- const normalized = path2.replaceAll("\\", "/");
13806
+ function basename2(path3) {
13807
+ const normalized = path3.replaceAll("\\", "/");
13799
13808
  let end = normalized.length;
13800
13809
  while (end > 0 && normalized[end - 1] === "/") {
13801
13810
  end--;
@@ -14055,28 +14064,28 @@ var require_send = __commonJS({
14055
14064
  var ms = require_ms();
14056
14065
  var onFinished = require_on_finished();
14057
14066
  var parseRange = require_range_parser();
14058
- var path2 = __require("path");
14067
+ var path3 = __require("path");
14059
14068
  var statuses = require_statuses();
14060
14069
  var Stream = __require("stream");
14061
14070
  var util = __require("util");
14062
- var extname = path2.extname;
14063
- var join2 = path2.join;
14064
- var normalize = path2.normalize;
14065
- var resolve = path2.resolve;
14066
- var sep = path2.sep;
14071
+ var extname = path3.extname;
14072
+ var join2 = path3.join;
14073
+ var normalize = path3.normalize;
14074
+ var resolve = path3.resolve;
14075
+ var sep = path3.sep;
14067
14076
  var BYTES_RANGE_REGEXP = /^ *bytes=/;
14068
14077
  var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1e3;
14069
14078
  var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
14070
14079
  module.exports = send;
14071
- function send(req, path3, options) {
14072
- return new SendStream(req, path3, options);
14080
+ function send(req, path4, options) {
14081
+ return new SendStream(req, path4, options);
14073
14082
  }
14074
14083
  __name(send, "send");
14075
- function SendStream(req, path3, options) {
14084
+ function SendStream(req, path4, options) {
14076
14085
  Stream.call(this);
14077
14086
  var opts = options || {};
14078
14087
  this.options = opts;
14079
- this.path = path3;
14088
+ this.path = path4;
14080
14089
  this.req = req;
14081
14090
  this._acceptRanges = opts.acceptRanges !== void 0 ? Boolean(opts.acceptRanges) : true;
14082
14091
  this._cacheControl = opts.cacheControl !== void 0 ? Boolean(opts.cacheControl) : true;
@@ -14191,10 +14200,10 @@ var require_send = __commonJS({
14191
14200
  var lastModified = this.res.getHeader("Last-Modified");
14192
14201
  return parseHttpDate(lastModified) <= parseHttpDate(ifRange);
14193
14202
  }, "isRangeFresh");
14194
- SendStream.prototype.redirect = /* @__PURE__ */ __name(function redirect(path3) {
14203
+ SendStream.prototype.redirect = /* @__PURE__ */ __name(function redirect(path4) {
14195
14204
  var res = this.res;
14196
14205
  if (hasListeners(this, "directory")) {
14197
- this.emit("directory", res, path3);
14206
+ this.emit("directory", res, path4);
14198
14207
  return;
14199
14208
  }
14200
14209
  if (this.hasTrailingSlash()) {
@@ -14214,38 +14223,38 @@ var require_send = __commonJS({
14214
14223
  SendStream.prototype.pipe = /* @__PURE__ */ __name(function pipe(res) {
14215
14224
  var root = this._root;
14216
14225
  this.res = res;
14217
- var path3 = decode(this.path);
14218
- if (path3 === -1) {
14226
+ var path4 = decode(this.path);
14227
+ if (path4 === -1) {
14219
14228
  this.error(400);
14220
14229
  return res;
14221
14230
  }
14222
- if (~path3.indexOf("\0")) {
14231
+ if (~path4.indexOf("\0")) {
14223
14232
  this.error(400);
14224
14233
  return res;
14225
14234
  }
14226
14235
  var parts;
14227
14236
  if (root !== null) {
14228
- if (path3) {
14229
- path3 = normalize("." + sep + path3);
14237
+ if (path4) {
14238
+ path4 = normalize("." + sep + path4);
14230
14239
  }
14231
- if (UP_PATH_REGEXP.test(path3)) {
14232
- debug('malicious path "%s"', path3);
14240
+ if (UP_PATH_REGEXP.test(path4)) {
14241
+ debug('malicious path "%s"', path4);
14233
14242
  this.error(403);
14234
14243
  return res;
14235
14244
  }
14236
- parts = path3.split(sep);
14237
- path3 = normalize(join2(root, path3));
14245
+ parts = path4.split(sep);
14246
+ path4 = normalize(join2(root, path4));
14238
14247
  } else {
14239
- if (UP_PATH_REGEXP.test(path3)) {
14240
- debug('malicious path "%s"', path3);
14248
+ if (UP_PATH_REGEXP.test(path4)) {
14249
+ debug('malicious path "%s"', path4);
14241
14250
  this.error(403);
14242
14251
  return res;
14243
14252
  }
14244
- parts = normalize(path3).split(sep);
14245
- path3 = resolve(path3);
14253
+ parts = normalize(path4).split(sep);
14254
+ path4 = resolve(path4);
14246
14255
  }
14247
14256
  if (containsDotFile(parts)) {
14248
- debug('%s dotfile "%s"', this._dotfiles, path3);
14257
+ debug('%s dotfile "%s"', this._dotfiles, path4);
14249
14258
  switch (this._dotfiles) {
14250
14259
  case "allow":
14251
14260
  break;
@@ -14259,13 +14268,13 @@ var require_send = __commonJS({
14259
14268
  }
14260
14269
  }
14261
14270
  if (this._index.length && this.hasTrailingSlash()) {
14262
- this.sendIndex(path3);
14271
+ this.sendIndex(path4);
14263
14272
  return res;
14264
14273
  }
14265
- this.sendFile(path3);
14274
+ this.sendFile(path4);
14266
14275
  return res;
14267
14276
  }, "pipe");
14268
- SendStream.prototype.send = /* @__PURE__ */ __name(function send2(path3, stat) {
14277
+ SendStream.prototype.send = /* @__PURE__ */ __name(function send2(path4, stat) {
14269
14278
  var len = stat.size;
14270
14279
  var options = this.options;
14271
14280
  var opts = {};
@@ -14277,9 +14286,9 @@ var require_send = __commonJS({
14277
14286
  this.headersAlreadySent();
14278
14287
  return;
14279
14288
  }
14280
- debug('pipe "%s"', path3);
14281
- this.setHeader(path3, stat);
14282
- this.type(path3);
14289
+ debug('pipe "%s"', path4);
14290
+ this.setHeader(path4, stat);
14291
+ this.type(path4);
14283
14292
  if (this.isConditionalGET()) {
14284
14293
  if (this.isPreconditionFailure()) {
14285
14294
  this.error(412);
@@ -14328,28 +14337,28 @@ var require_send = __commonJS({
14328
14337
  res.end();
14329
14338
  return;
14330
14339
  }
14331
- this.stream(path3, opts);
14340
+ this.stream(path4, opts);
14332
14341
  }, "send");
14333
- SendStream.prototype.sendFile = /* @__PURE__ */ __name(function sendFile(path3) {
14342
+ SendStream.prototype.sendFile = /* @__PURE__ */ __name(function sendFile(path4) {
14334
14343
  var i = 0;
14335
14344
  var self = this;
14336
- debug('stat "%s"', path3);
14337
- fs.stat(path3, /* @__PURE__ */ __name(function onstat(err, stat) {
14338
- var pathEndsWithSep = path3[path3.length - 1] === sep;
14339
- if (err && err.code === "ENOENT" && !extname(path3) && !pathEndsWithSep) {
14345
+ debug('stat "%s"', path4);
14346
+ fs.stat(path4, /* @__PURE__ */ __name(function onstat(err, stat) {
14347
+ var pathEndsWithSep = path4[path4.length - 1] === sep;
14348
+ if (err && err.code === "ENOENT" && !extname(path4) && !pathEndsWithSep) {
14340
14349
  return next(err);
14341
14350
  }
14342
14351
  if (err) return self.onStatError(err);
14343
- if (stat.isDirectory()) return self.redirect(path3);
14352
+ if (stat.isDirectory()) return self.redirect(path4);
14344
14353
  if (pathEndsWithSep) return self.error(404);
14345
- self.emit("file", path3, stat);
14346
- self.send(path3, stat);
14354
+ self.emit("file", path4, stat);
14355
+ self.send(path4, stat);
14347
14356
  }, "onstat"));
14348
14357
  function next(err) {
14349
14358
  if (self._extensions.length <= i) {
14350
14359
  return err ? self.onStatError(err) : self.error(404);
14351
14360
  }
14352
- var p = path3 + "." + self._extensions[i++];
14361
+ var p = path4 + "." + self._extensions[i++];
14353
14362
  debug('stat "%s"', p);
14354
14363
  fs.stat(p, function(err2, stat) {
14355
14364
  if (err2) return next(err2);
@@ -14360,7 +14369,7 @@ var require_send = __commonJS({
14360
14369
  }
14361
14370
  __name(next, "next");
14362
14371
  }, "sendFile");
14363
- SendStream.prototype.sendIndex = /* @__PURE__ */ __name(function sendIndex(path3) {
14372
+ SendStream.prototype.sendIndex = /* @__PURE__ */ __name(function sendIndex(path4) {
14364
14373
  var i = -1;
14365
14374
  var self = this;
14366
14375
  function next(err) {
@@ -14368,7 +14377,7 @@ var require_send = __commonJS({
14368
14377
  if (err) return self.onStatError(err);
14369
14378
  return self.error(404);
14370
14379
  }
14371
- var p = join2(path3, self._index[i]);
14380
+ var p = join2(path4, self._index[i]);
14372
14381
  debug('stat "%s"', p);
14373
14382
  fs.stat(p, function(err2, stat) {
14374
14383
  if (err2) return next(err2);
@@ -14380,10 +14389,10 @@ var require_send = __commonJS({
14380
14389
  __name(next, "next");
14381
14390
  next();
14382
14391
  }, "sendIndex");
14383
- SendStream.prototype.stream = /* @__PURE__ */ __name(function stream(path3, options) {
14392
+ SendStream.prototype.stream = /* @__PURE__ */ __name(function stream(path4, options) {
14384
14393
  var self = this;
14385
14394
  var res = this.res;
14386
- var stream2 = fs.createReadStream(path3, options);
14395
+ var stream2 = fs.createReadStream(path4, options);
14387
14396
  this.emit("stream", stream2);
14388
14397
  stream2.pipe(res);
14389
14398
  function cleanup() {
@@ -14399,17 +14408,17 @@ var require_send = __commonJS({
14399
14408
  self.emit("end");
14400
14409
  }, "onend"));
14401
14410
  }, "stream");
14402
- SendStream.prototype.type = /* @__PURE__ */ __name(function type(path3) {
14411
+ SendStream.prototype.type = /* @__PURE__ */ __name(function type(path4) {
14403
14412
  var res = this.res;
14404
14413
  if (res.getHeader("Content-Type")) return;
14405
- var ext = extname(path3);
14414
+ var ext = extname(path4);
14406
14415
  var type2 = mime.contentType(ext) || "application/octet-stream";
14407
14416
  debug("content-type %s", type2);
14408
14417
  res.setHeader("Content-Type", type2);
14409
14418
  }, "type");
14410
- SendStream.prototype.setHeader = /* @__PURE__ */ __name(function setHeader(path3, stat) {
14419
+ SendStream.prototype.setHeader = /* @__PURE__ */ __name(function setHeader(path4, stat) {
14411
14420
  var res = this.res;
14412
- this.emit("headers", res, path3, stat);
14421
+ this.emit("headers", res, path4, stat);
14413
14422
  if (this._acceptRanges && !res.getHeader("Accept-Ranges")) {
14414
14423
  debug("accept ranges");
14415
14424
  res.setHeader("Accept-Ranges", "bytes");
@@ -14473,9 +14482,9 @@ var require_send = __commonJS({
14473
14482
  return err instanceof Error ? createError(status, err, { expose: false }) : createError(status, err);
14474
14483
  }
14475
14484
  __name(createHttpError, "createHttpError");
14476
- function decode(path3) {
14485
+ function decode(path4) {
14477
14486
  try {
14478
- return decodeURIComponent(path3);
14487
+ return decodeURIComponent(path4);
14479
14488
  } catch (err) {
14480
14489
  return -1;
14481
14490
  }
@@ -14630,7 +14639,7 @@ var require_response = __commonJS({
14630
14639
  var http = __require("node:http");
14631
14640
  var onFinished = require_on_finished();
14632
14641
  var mime = require_mime_types();
14633
- var path2 = __require("node:path");
14642
+ var path3 = __require("node:path");
14634
14643
  var pathIsAbsolute = __require("node:path").isAbsolute;
14635
14644
  var statuses = require_statuses();
14636
14645
  var sign = require_cookie_signature().sign;
@@ -14639,8 +14648,8 @@ var require_response = __commonJS({
14639
14648
  var setCharset = require_utils2().setCharset;
14640
14649
  var cookie = require_cookie();
14641
14650
  var send = require_send();
14642
- var extname = path2.extname;
14643
- var resolve = path2.resolve;
14651
+ var extname = path3.extname;
14652
+ var resolve = path3.resolve;
14644
14653
  var vary = require_vary();
14645
14654
  var { Buffer: Buffer2 } = __require("node:buffer");
14646
14655
  var res = Object.create(http.ServerResponse.prototype);
@@ -14786,26 +14795,26 @@ var require_response = __commonJS({
14786
14795
  this.type("txt");
14787
14796
  return this.send(body);
14788
14797
  }, "sendStatus");
14789
- res.sendFile = /* @__PURE__ */ __name(function sendFile(path3, options, callback) {
14798
+ res.sendFile = /* @__PURE__ */ __name(function sendFile(path4, options, callback) {
14790
14799
  var done = callback;
14791
14800
  var req = this.req;
14792
14801
  var res2 = this;
14793
14802
  var next = req.next;
14794
14803
  var opts = options || {};
14795
- if (!path3) {
14804
+ if (!path4) {
14796
14805
  throw new TypeError("path argument is required to res.sendFile");
14797
14806
  }
14798
- if (typeof path3 !== "string") {
14807
+ if (typeof path4 !== "string") {
14799
14808
  throw new TypeError("path must be a string to res.sendFile");
14800
14809
  }
14801
14810
  if (typeof options === "function") {
14802
14811
  done = options;
14803
14812
  opts = {};
14804
14813
  }
14805
- if (!opts.root && !pathIsAbsolute(path3)) {
14814
+ if (!opts.root && !pathIsAbsolute(path4)) {
14806
14815
  throw new TypeError("path must be absolute or specify root to res.sendFile");
14807
14816
  }
14808
- var pathname = encodeURI(path3);
14817
+ var pathname = encodeURI(path4);
14809
14818
  opts.etag = this.app.enabled("etag");
14810
14819
  var file = send(req, pathname, opts);
14811
14820
  sendfile(res2, file, opts, function(err) {
@@ -14816,7 +14825,7 @@ var require_response = __commonJS({
14816
14825
  }
14817
14826
  });
14818
14827
  }, "sendFile");
14819
- res.download = /* @__PURE__ */ __name(function download(path3, filename, options, callback) {
14828
+ res.download = /* @__PURE__ */ __name(function download(path4, filename, options, callback) {
14820
14829
  var done = callback;
14821
14830
  var name = filename;
14822
14831
  var opts = options || null;
@@ -14833,7 +14842,7 @@ var require_response = __commonJS({
14833
14842
  opts = filename;
14834
14843
  }
14835
14844
  var headers = {
14836
- "Content-Disposition": contentDisposition(name || path3)
14845
+ "Content-Disposition": contentDisposition(name || path4)
14837
14846
  };
14838
14847
  if (opts && opts.headers) {
14839
14848
  var keys = Object.keys(opts.headers);
@@ -14846,7 +14855,7 @@ var require_response = __commonJS({
14846
14855
  }
14847
14856
  opts = Object.create(opts);
14848
14857
  opts.headers = headers;
14849
- var fullPath = !opts.root ? resolve(path3) : path3;
14858
+ var fullPath = !opts.root ? resolve(path4) : path4;
14850
14859
  return this.sendFile(fullPath, opts, done);
14851
14860
  }, "download");
14852
14861
  res.contentType = res.type = /* @__PURE__ */ __name(function contentType(type) {
@@ -15139,11 +15148,11 @@ var require_serve_static = __commonJS({
15139
15148
  }
15140
15149
  var forwardError = !fallthrough;
15141
15150
  var originalUrl = parseUrl.original(req);
15142
- var path2 = parseUrl(req).pathname;
15143
- if (path2 === "/" && originalUrl.pathname.substr(-1) !== "/") {
15144
- path2 = "";
15151
+ var path3 = parseUrl(req).pathname;
15152
+ if (path3 === "/" && originalUrl.pathname.substr(-1) !== "/") {
15153
+ path3 = "";
15145
15154
  }
15146
- var stream = send(req, path2, opts);
15155
+ var stream = send(req, path3, opts);
15147
15156
  stream.on("directory", onDirectory);
15148
15157
  if (setHeaders) {
15149
15158
  stream.on("headers", setHeaders);
@@ -16173,13 +16182,14 @@ function parseAllowOriginPatterns(raw) {
16173
16182
  } catch {
16174
16183
  throw new InvalidAllowOriginPatternError(entry, "not a parseable URL");
16175
16184
  }
16176
- if (parsed.origin !== entry) {
16185
+ const canonical = parsed.origin === "null" ? `${parsed.protocol}//${parsed.host}` : parsed.origin;
16186
+ if (canonical !== entry) {
16177
16187
  throw new InvalidAllowOriginPatternError(
16178
16188
  entry,
16179
- `expected the canonical origin ${JSON.stringify(parsed.origin)} without trailing slash, path, userinfo, or query`
16189
+ `expected the canonical origin ${JSON.stringify(canonical)} without trailing slash, path, userinfo, or query`
16180
16190
  );
16181
16191
  }
16182
- origins.add(parsed.origin.toLowerCase());
16192
+ origins.add(canonical.toLowerCase());
16183
16193
  }
16184
16194
  return { allowAny, origins };
16185
16195
  }
@@ -16308,6 +16318,98 @@ function createMutationGate(deps) {
16308
16318
  }
16309
16319
  __name(createMutationGate, "createMutationGate");
16310
16320
 
16321
+ // packages/cli/src/serve/acp-http/client-mcp-sender-registry.ts
16322
+ init_esbuild_shims();
16323
+ var ClientMcpSenderRegistry = class {
16324
+ static {
16325
+ __name(this, "ClientMcpSenderRegistry");
16326
+ }
16327
+ senders = /* @__PURE__ */ new Map();
16328
+ /**
16329
+ * Record a server's WS sender, owned by `owner` (the registering
16330
+ * connection's stable client id). Idempotent; last writer wins and takes
16331
+ * ownership, so the new owner's `delete` is the one that takes effect.
16332
+ */
16333
+ set(serverName, sender, owner) {
16334
+ this.senders.set(serverName, { sender, owner });
16335
+ }
16336
+ /**
16337
+ * Forget a server's WS sender — but only when `owner` still owns the entry.
16338
+ * Idempotent. The ownership guard stops a disconnecting connection from
16339
+ * clobbering an entry a later connection re-registered under the same name.
16340
+ */
16341
+ delete(serverName, owner) {
16342
+ if (this.senders.get(serverName)?.owner === owner) {
16343
+ this.senders.delete(serverName);
16344
+ }
16345
+ }
16346
+ /** Whether `owner` currently owns the entry for `serverName`. */
16347
+ owns(serverName, owner) {
16348
+ return this.senders.get(serverName)?.owner === owner;
16349
+ }
16350
+ /** Currently-registered server names (tests / accounting). */
16351
+ serverNames() {
16352
+ return [...this.senders.keys()];
16353
+ }
16354
+ /**
16355
+ * The {@link ClientMcpMessageSender} the bridge consumes. Returns a
16356
+ * `(payload) => Promise<payload>` bound to the named server, or `undefined`
16357
+ * when no client currently hosts it. The bridge passes a `JSONRPCMessage` as
16358
+ * `payload`; we keep the public type `unknown` to match the bridge's
16359
+ * SDK-free contract.
16360
+ */
16361
+ lookup = /* @__PURE__ */ __name((serverName) => {
16362
+ const entry = this.senders.get(serverName);
16363
+ if (!entry) return void 0;
16364
+ return (payload) => entry.sender(serverName, payload);
16365
+ }, "lookup");
16366
+ };
16367
+ function createClientMcpServerProvider(registry, bridge, originatorClientId) {
16368
+ return {
16369
+ async registerClientMcpServer(serverName, sendSdkMcpMessage) {
16370
+ registry.set(serverName, sendSdkMcpMessage, originatorClientId);
16371
+ try {
16372
+ const runtimeConfig = {
16373
+ // SDK-type so the child binds `SdkControlClientTransport`
16374
+ // (`isSdkMcpServerConfig`); the flag tells the child to KEEP the
16375
+ // type and bind `sendSdkMcpMessage` to the reverse ext-method.
16376
+ type: "sdk",
16377
+ [CLIENT_MCP_OVER_WS_CONFIG_FLAG]: true
16378
+ };
16379
+ const result = await bridge.addRuntimeMcpServer(
16380
+ serverName,
16381
+ runtimeConfig,
16382
+ originatorClientId
16383
+ );
16384
+ if (result.skipped) {
16385
+ registry.delete(serverName, originatorClientId);
16386
+ throw new Error(
16387
+ `runtime MCP add skipped: ${result.reason ?? "unknown"}`
16388
+ );
16389
+ }
16390
+ if (result.shadowedSettings) {
16391
+ await bridge.removeRuntimeMcpServer(serverName, originatorClientId).catch(() => {
16392
+ });
16393
+ throw new Error(
16394
+ `client MCP server '${serverName}' conflicts with a configured MCP server`
16395
+ );
16396
+ }
16397
+ return { toolCount: result.toolCount };
16398
+ } catch (err) {
16399
+ registry.delete(serverName, originatorClientId);
16400
+ throw err;
16401
+ }
16402
+ },
16403
+ async unregisterClientMcpServer(serverName) {
16404
+ if (!registry.owns(serverName, originatorClientId)) return;
16405
+ registry.delete(serverName, originatorClientId);
16406
+ await bridge.removeRuntimeMcpServer(serverName, originatorClientId).catch(() => {
16407
+ });
16408
+ }
16409
+ };
16410
+ }
16411
+ __name(createClientMcpServerProvider, "createClientMcpServerProvider");
16412
+
16311
16413
  // packages/cli/src/serve/capabilities.ts
16312
16414
  init_esbuild_shims();
16313
16415
  var SERVE_PROTOCOL_VERSION = "v1";
@@ -16367,6 +16469,7 @@ var SERVE_CAPABILITY_REGISTRY = {
16367
16469
  session_tasks: { since: "v1" },
16368
16470
  session_stats: { since: "v1" },
16369
16471
  session_lsp: { since: "v1" },
16472
+ session_status: { since: "v1" },
16370
16473
  session_close: { since: "v1" },
16371
16474
  session_metadata: { since: "v1" },
16372
16475
  // Daemon supports the MCP client guardrail surface: an in-process
@@ -16416,7 +16519,17 @@ var SERVE_CAPABILITY_REGISTRY = {
16416
16519
  // (`tools.disabled` is consulted at `Config` construction time).
16417
16520
  workspace_tool_toggle: { since: "v1" },
16418
16521
  workspace_settings: { since: "v1" },
16522
+ // `GET /workspace/permissions` is always available when this tag is
16523
+ // advertised. `POST /workspace/permissions` updates the active ACP
16524
+ // child and returns `permission_session_required` when no live ACP
16525
+ // session exists; the tag means the route contract exists, not that
16526
+ // the current daemon state can accept a write.
16419
16527
  workspace_permissions: { since: "v1" },
16528
+ workspace_voice: { since: "v1" },
16529
+ workspace_voice_transcription: { since: "v1", modes: ["batch"] },
16530
+ // Inspect bound workspace trust and request local operator action.
16531
+ // Remote clients cannot directly write trustedFolders.json.
16532
+ workspace_trust: { since: "v1" },
16420
16533
  // `POST /workspace/init` scaffolds an empty
16421
16534
  // `QWEN.md` (or whatever `getCurrentGeminiMdFilename()` returns) at
16422
16535
  // the bound workspace root. Body: `{force?: boolean}`. Default
@@ -16425,6 +16538,11 @@ var SERVE_CAPABILITY_REGISTRY = {
16425
16538
  // the file, the caller should follow up with
16426
16539
  // `POST /session/:id/prompt`.
16427
16540
  workspace_init: { since: "v1" },
16541
+ // `POST /workspace/setup-github` installs the fixed
16542
+ // qwen-code-action workflow set into the bound workspace after
16543
+ // explicit consent. The route reuses the interactive `/setup-github`
16544
+ // release lookup, workflow download, and `.gitignore` update logic.
16545
+ workspace_github_setup: { since: "v1" },
16428
16546
  // `POST /workspace/mcp/:server/restart` performs
16429
16547
  // a single-server MCP restart (disconnect + reconnect + rediscover)
16430
16548
  // through the ACP child's `McpClientManager`. Pre-checks the live
@@ -16517,6 +16635,21 @@ var SERVE_CAPABILITY_REGISTRY = {
16517
16635
  session_branch: { since: "v1" },
16518
16636
  rate_limit: { since: "v1" },
16519
16637
  workspace_reload: { since: "v1" },
16638
+ // Phase 2 "reverse tool channel" (issue #5626). A connected WS client (e.g.
16639
+ // the Chrome extension) can host an MCP server that the daemon's agent
16640
+ // calls by carrying `mcp_message` JSON-RPC frames over the daemon WS,
16641
+ // reusing the SDK-MCP-server control-plane pattern. Inbound WS frame types:
16642
+ // `mcp_register` { server }, `mcp_message` { id, server, payload }
16643
+ // (bidirectional, request/response correlated by `id`), `mcp_unregister`
16644
+ // { server }. Advertised CONDITIONALLY — only when the operator opts in
16645
+ // (the public contract is still settling per #5626), so clients pre-flight
16646
+ // this tag before attempting to register a client-hosted server.
16647
+ client_mcp_over_ws: { since: "v1" },
16648
+ // Plan C "CDP tunnel" (issue #5626): the daemon exposes a `/cdp` WebSocket
16649
+ // where a loopback puppeteer client (chrome-devtools-mcp) drives ONE real tab
16650
+ // via the extension's `chrome.debugger`, tunneled over `/acp` as `cdp_*`
16651
+ // frames. Advertised only when the operator opts in (contract still settling).
16652
+ cdp_tunnel_over_ws: { since: "v1" },
16520
16653
  // Daemon hosts the `/voice/stream` WebSocket: the browser captures audio and
16521
16654
  // streams raw PCM, the daemon transcribes server-side via the configured
16522
16655
  // `voiceModel` (credentials never reach the client). Advertised
@@ -16542,9 +16675,10 @@ var CONDITIONAL_SERVE_FEATURES = /* @__PURE__ */ new Map([
16542
16675
  (toggles) => typeof toggles.writerIdleTimeoutMs === "number" && toggles.writerIdleTimeoutMs > 0
16543
16676
  ],
16544
16677
  ["workspace_settings", (toggles) => toggles.persistSettingAvailable === true],
16678
+ ["workspace_voice", (toggles) => toggles.persistSettingAvailable === true],
16545
16679
  [
16546
- "workspace_permissions",
16547
- (toggles) => toggles.persistSettingAvailable === true
16680
+ "workspace_voice_transcription",
16681
+ (toggles) => toggles.voiceTranscriptionAvailable === true
16548
16682
  ],
16549
16683
  [
16550
16684
  "session_shell_command",
@@ -16552,6 +16686,8 @@ var CONDITIONAL_SERVE_FEATURES = /* @__PURE__ */ new Map([
16552
16686
  ],
16553
16687
  ["rate_limit", (toggles) => toggles.rateLimit === true],
16554
16688
  ["workspace_reload", (toggles) => toggles.reloadAvailable === true],
16689
+ ["client_mcp_over_ws", (toggles) => toggles.clientMcpOverWsEnabled === true],
16690
+ ["cdp_tunnel_over_ws", (toggles) => toggles.cdpTunnelOverWsEnabled === true],
16555
16691
  [
16556
16692
  // Advertised whenever the `/voice/stream` WS endpoint exists. A configured
16557
16693
  // token (or `--require-auth`) no longer suppresses it: browsers can't set
@@ -16594,13 +16730,229 @@ __name(getServeProtocolVersions, "getServeProtocolVersions");
16594
16730
  init_esbuild_shims();
16595
16731
  var CAPABILITIES_SCHEMA_VERSION = 1;
16596
16732
 
16733
+ // packages/cli/src/serve/server/request-helpers.ts
16734
+ init_esbuild_shims();
16735
+ import * as path2 from "node:path";
16736
+ function sendJsonBodyParserError(res, err) {
16737
+ if (err instanceof SyntaxError && "status" in err && err.status === 400) {
16738
+ res.status(400).json({ error: "Invalid JSON in request body" });
16739
+ return true;
16740
+ }
16741
+ if (err && typeof err === "object" && "status" in err && err.status === 413) {
16742
+ res.status(413).json({ error: "Request body too large (max 10 MB)" });
16743
+ return true;
16744
+ }
16745
+ return false;
16746
+ }
16747
+ __name(sendJsonBodyParserError, "sendJsonBodyParserError");
16748
+ var PROTOTYPE_POLLUTION_KEYS = /* @__PURE__ */ new Set([
16749
+ "__proto__",
16750
+ "constructor",
16751
+ "prototype"
16752
+ ]);
16753
+ var CLIENT_ID_HEADER = "x-qwen-client-id";
16754
+ var MAX_CLIENT_ID_LENGTH = 128;
16755
+ var MAX_TOOL_NAME_LENGTH = 256;
16756
+ var MAX_SERVER_NAME_LENGTH = 256;
16757
+ var CLIENT_ID_RE = /^[A-Za-z0-9._:-]+$/;
16758
+ var INVALID_PERMISSION_OUTCOME_ERROR = '`outcome` must be `{ outcome: "cancelled" }` or `{ outcome: "selected", optionId: string }`';
16759
+ function safeBody(req) {
16760
+ const raw = req.body;
16761
+ if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
16762
+ return /* @__PURE__ */ Object.create(null);
16763
+ }
16764
+ const out = /* @__PURE__ */ Object.create(null);
16765
+ for (const [key, value] of Object.entries(raw)) {
16766
+ if (PROTOTYPE_POLLUTION_KEYS.has(key)) continue;
16767
+ out[key] = value;
16768
+ }
16769
+ return out;
16770
+ }
16771
+ __name(safeBody, "safeBody");
16772
+ function parseOptionalWorkspaceCwd(body, boundWorkspace, res) {
16773
+ const hasCwd = "cwd" in body;
16774
+ if (hasCwd && typeof body["cwd"] !== "string") {
16775
+ res.status(400).json({ error: "`cwd` must be a string absolute path when provided" });
16776
+ return void 0;
16777
+ }
16778
+ if (hasCwd && body["cwd"].length > MAX_WORKSPACE_PATH_LENGTH) {
16779
+ res.status(400).json({
16780
+ error: `\`cwd\` exceeds the ${MAX_WORKSPACE_PATH_LENGTH}-character limit`
16781
+ });
16782
+ return void 0;
16783
+ }
16784
+ const cwd = hasCwd ? body["cwd"] : boundWorkspace;
16785
+ if (!path2.isAbsolute(cwd)) {
16786
+ res.status(400).json({ error: "`cwd` must be an absolute path when provided" });
16787
+ return void 0;
16788
+ }
16789
+ return cwd;
16790
+ }
16791
+ __name(parseOptionalWorkspaceCwd, "parseOptionalWorkspaceCwd");
16792
+ function requireSessionId(req, res) {
16793
+ const sessionId = req.params["id"];
16794
+ if (!sessionId) {
16795
+ res.status(400).json({ error: "`sessionId` route parameter is required" });
16796
+ return null;
16797
+ }
16798
+ return sessionId;
16799
+ }
16800
+ __name(requireSessionId, "requireSessionId");
16801
+ function parseClientIdHeader(req, res) {
16802
+ const raw = req.get(CLIENT_ID_HEADER);
16803
+ if (raw === void 0 || raw === "") return void 0;
16804
+ if (raw.length > MAX_CLIENT_ID_LENGTH || !CLIENT_ID_RE.test(raw)) {
16805
+ res.status(400).json({
16806
+ error: "`X-Qwen-Client-Id` must be a non-empty token of 128 characters or fewer",
16807
+ code: "invalid_client_id"
16808
+ });
16809
+ return null;
16810
+ }
16811
+ return raw;
16812
+ }
16813
+ __name(parseClientIdHeader, "parseClientIdHeader");
16814
+ function detectFromLoopback(req) {
16815
+ const addr = req.socket?.remoteAddress;
16816
+ if (typeof addr !== "string") return false;
16817
+ if (addr === "::1") return true;
16818
+ if (addr.startsWith("127.")) return true;
16819
+ if (addr.startsWith("::ffff:127.")) return true;
16820
+ return false;
16821
+ }
16822
+ __name(detectFromLoopback, "detectFromLoopback");
16823
+ function validateMcpRuntimeServerName(name, res) {
16824
+ if (typeof name !== "string" || name.length === 0) {
16825
+ res.status(400).json({
16826
+ error: "Server name is required and must be a non-empty string",
16827
+ code: "invalid_server_name"
16828
+ });
16829
+ return false;
16830
+ }
16831
+ if (name.length > MAX_SERVER_NAME_LENGTH) {
16832
+ res.status(400).json({
16833
+ error: `Server name exceeds ${MAX_SERVER_NAME_LENGTH}-character limit`,
16834
+ code: "invalid_server_name"
16835
+ });
16836
+ return false;
16837
+ }
16838
+ if (!/^[A-Za-z0-9_-]+$/.test(name)) {
16839
+ res.status(400).json({
16840
+ error: "Server name must contain only alphanumeric characters, underscores, and hyphens",
16841
+ code: "invalid_server_name"
16842
+ });
16843
+ return false;
16844
+ }
16845
+ if (name === "__proto__" || name === "constructor" || name === "prototype") {
16846
+ res.status(400).json({
16847
+ error: "Server name must not be a reserved JS property name",
16848
+ code: "invalid_server_name"
16849
+ });
16850
+ return false;
16851
+ }
16852
+ return true;
16853
+ }
16854
+ __name(validateMcpRuntimeServerName, "validateMcpRuntimeServerName");
16855
+ function parseAndValidateWorkspaceClientId(req, res, bridge) {
16856
+ const raw = parseClientIdHeader(req, res);
16857
+ if (raw === null || raw === void 0) return raw;
16858
+ if (!bridge.knownClientIds().has(raw)) {
16859
+ res.status(400).json({
16860
+ error: `Client id "${raw}" is not registered for this workspace`,
16861
+ code: "invalid_client_id",
16862
+ clientId: raw
16863
+ });
16864
+ return null;
16865
+ }
16866
+ return raw;
16867
+ }
16868
+ __name(parseAndValidateWorkspaceClientId, "parseAndValidateWorkspaceClientId");
16869
+ function createBuildWorkspaceCtx(boundWorkspace) {
16870
+ return (route, clientId) => ({
16871
+ originatorClientId: clientId,
16872
+ route,
16873
+ workspaceCwd: boundWorkspace
16874
+ });
16875
+ }
16876
+ __name(createBuildWorkspaceCtx, "createBuildWorkspaceCtx");
16877
+ function parsePermissionVoteBody(req, res) {
16878
+ const body = safeBody(req);
16879
+ const outcome = body["outcome"];
16880
+ if (!isValidOutcome(outcome)) {
16881
+ res.status(400).json({ error: INVALID_PERMISSION_OUTCOME_ERROR });
16882
+ return void 0;
16883
+ }
16884
+ return {
16885
+ ...body,
16886
+ outcome
16887
+ };
16888
+ }
16889
+ __name(parsePermissionVoteBody, "parsePermissionVoteBody");
16890
+ function isValidOutcome(raw) {
16891
+ if (typeof raw !== "object" || raw === null) return false;
16892
+ const obj = raw;
16893
+ if (obj["outcome"] === "cancelled") return true;
16894
+ return obj["outcome"] === "selected" && typeof obj["optionId"] === "string" && obj["optionId"].length > 0;
16895
+ }
16896
+ __name(isValidOutcome, "isValidOutcome");
16897
+ var MIN_QUERY_MAX_QUEUED = 16;
16898
+ var MAX_QUERY_MAX_QUEUED = 2048;
16899
+ function parseMaxQueuedQuery(raw, res) {
16900
+ if (raw === void 0) return void 0;
16901
+ if (typeof raw !== "string" || !/^\d+$/.test(raw)) {
16902
+ writeStderrLine(
16903
+ `qwen serve: rejected ?maxQueued ${safeLogValue(raw)} (not a decimal integer)`
16904
+ );
16905
+ res.status(400).json({
16906
+ error: "`maxQueued` must be a decimal integer",
16907
+ code: "invalid_max_queued"
16908
+ });
16909
+ return null;
16910
+ }
16911
+ const n = Number.parseInt(raw, 10);
16912
+ if (!Number.isFinite(n) || n < MIN_QUERY_MAX_QUEUED || n > MAX_QUERY_MAX_QUEUED) {
16913
+ writeStderrLine(
16914
+ `qwen serve: rejected ?maxQueued ${safeLogValue(raw)} (outside [${MIN_QUERY_MAX_QUEUED}, ${MAX_QUERY_MAX_QUEUED}])`
16915
+ );
16916
+ res.status(400).json({
16917
+ error: `\`maxQueued\` must be in [${MIN_QUERY_MAX_QUEUED}, ${MAX_QUERY_MAX_QUEUED}]`,
16918
+ code: "invalid_max_queued"
16919
+ });
16920
+ return null;
16921
+ }
16922
+ return n;
16923
+ }
16924
+ __name(parseMaxQueuedQuery, "parseMaxQueuedQuery");
16925
+ function safeLogValue(raw) {
16926
+ return JSON.stringify(String(raw)).slice(0, 82);
16927
+ }
16928
+ __name(safeLogValue, "safeLogValue");
16929
+ function parseLastEventId(raw) {
16930
+ if (typeof raw !== "string" || !/^\d+$/.test(raw)) {
16931
+ if (typeof raw === "string" && raw.length > 0) {
16932
+ writeStderrLine(
16933
+ `qwen serve: rejected Last-Event-ID ${safeLogValue(raw)} (not a decimal integer)`
16934
+ );
16935
+ }
16936
+ return void 0;
16937
+ }
16938
+ const n = Number.parseInt(raw, 10);
16939
+ if (!Number.isFinite(n) || n > Number.MAX_SAFE_INTEGER) {
16940
+ writeStderrLine(
16941
+ `qwen serve: rejected Last-Event-ID ${safeLogValue(raw)} (exceeds Number.MAX_SAFE_INTEGER)`
16942
+ );
16943
+ return void 0;
16944
+ }
16945
+ return n;
16946
+ }
16947
+ __name(parseLastEventId, "parseLastEventId");
16948
+
16597
16949
  // packages/cli/src/serve/rate-limit.ts
16598
16950
  init_esbuild_shims();
16599
16951
  var MAX_BUCKETS = 1e4;
16600
16952
  var GC_REQUEST_INTERVAL = 1e3;
16601
16953
  var GC_TIMER_INTERVAL_MS = 5 * 60 * 1e3;
16602
- function resolveTier(method, path2) {
16603
- const p = path2.endsWith("/") && path2.length > 1 ? path2.slice(0, -1) : path2;
16954
+ function resolveTier(method, path3) {
16955
+ const p = path3.endsWith("/") && path3.length > 1 ? path3.slice(0, -1) : path3;
16604
16956
  if (method === "OPTIONS") return null;
16605
16957
  if ((method === "GET" || method === "HEAD") && (p === "/health" || p === "/demo"))
16606
16958
  return null;
@@ -16615,8 +16967,6 @@ function resolveTier(method, path2) {
16615
16967
  return "read";
16616
16968
  }
16617
16969
  __name(resolveTier, "resolveTier");
16618
- var MAX_CLIENT_ID_LENGTH = 128;
16619
- var CLIENT_ID_RE = /^[A-Za-z0-9._:-]+$/;
16620
16970
  function normalizeIp(raw) {
16621
16971
  if (raw.startsWith("::ffff:")) {
16622
16972
  return raw.slice(7);
@@ -17288,10 +17638,30 @@ export {
17288
17638
  hostAllowlist,
17289
17639
  bearerAuth,
17290
17640
  createMutationGate,
17641
+ ClientMcpSenderRegistry,
17642
+ createClientMcpServerProvider,
17291
17643
  SERVE_CAPABILITY_REGISTRY,
17292
17644
  getAdvertisedServeFeatures,
17293
17645
  getServeProtocolVersions,
17294
17646
  CAPABILITIES_SCHEMA_VERSION,
17647
+ sendJsonBodyParserError,
17648
+ CLIENT_ID_HEADER,
17649
+ MAX_CLIENT_ID_LENGTH,
17650
+ MAX_TOOL_NAME_LENGTH,
17651
+ MAX_SERVER_NAME_LENGTH,
17652
+ CLIENT_ID_RE,
17653
+ safeBody,
17654
+ parseOptionalWorkspaceCwd,
17655
+ requireSessionId,
17656
+ parseClientIdHeader,
17657
+ detectFromLoopback,
17658
+ validateMcpRuntimeServerName,
17659
+ parseAndValidateWorkspaceClientId,
17660
+ createBuildWorkspaceCtx,
17661
+ parsePermissionVoteBody,
17662
+ parseMaxQueuedQuery,
17663
+ safeLogValue,
17664
+ parseLastEventId,
17295
17665
  createRateLimiter,
17296
17666
  setRateLimiter,
17297
17667
  getRateLimiter,