@riotprompt/riotprompt 0.0.20 → 1.0.0

package/dist/{cli.cjs → cli.js}

@@ -1,46 +1,29 @@
 #!/usr/bin/env node
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-require("dotenv/config");
-const commander = require("commander");
-const cardigantime = require("@theunwalked/cardigantime");
-const zod = require("zod");
-const fs$1 = require("fs/promises");
-const path = require("path");
-require("zod-to-json-schema");
-const crypto = require("crypto");
-require("tiktoken");
-const fastXmlParser = require("fast-xml-parser");
-const OpenAI = require("openai");
-const Anthropic = require("@anthropic-ai/sdk");
-const generativeAi = require("@google/generative-ai");
-const fs = require("fs");
-const glob = require("glob");
-function _interopNamespaceDefault(e) {
-  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
-  if (e) {
-    for (const k in e) {
-      if (k !== "default") {
-        const d = Object.getOwnPropertyDescriptor(e, k);
-        Object.defineProperty(n, k, d.get ? d : {
-          enumerable: true,
-          get: () => e[k]
-        });
-      }
-    }
-  }
-  n.default = e;
-  return Object.freeze(n);
-}
-const fs__namespace$1 = /* @__PURE__ */ _interopNamespaceDefault(fs$1);
-const path__namespace = /* @__PURE__ */ _interopNamespaceDefault(path);
-const fs__namespace = /* @__PURE__ */ _interopNamespaceDefault(fs);
-const ConfigSchema = zod.z.object({
-  defaultModel: zod.z.string().default("gpt-4").describe("Default model to use for formatting"),
-  promptsDir: zod.z.string().default(".").describe("Directory containing prompts"),
-  outputDir: zod.z.string().optional().describe("Directory to output formatted prompts")
+import "dotenv/config";
+import { Command } from "commander";
+import { create as create$7 } from "@theunwalked/cardigantime";
+import { z } from "zod";
+import Logging from "@fjell/logging";
+import * as path from "path";
+import path__default from "path";
+import { SafeRegex } from "@theunwalked/pressurelid";
+import "zod-to-json-schema";
+import "tiktoken";
+import { XMLParser } from "fast-xml-parser";
+import OpenAI from "openai";
+import Anthropic from "@anthropic-ai/sdk";
+import { GoogleGenerativeAI } from "@google/generative-ai";
+import { createSafeError as createSafeError$1 } from "@theunwalked/spotclean";
+import { glob } from "glob";
+import * as fs from "fs";
+import crypto from "crypto";
+import * as fs$1 from "fs/promises";
+const ConfigSchema = z.object({
+  defaultModel: z.string().default("gpt-4").describe("Default model to use for formatting"),
+  promptsDir: z.string().default(".").describe("Directory containing prompts"),
+  outputDir: z.string().optional().describe("Directory to output formatted prompts")
 });
-const ParametersSchema = zod.z.record(zod.z.string(), zod.z.union([zod.z.string(), zod.z.number(), zod.z.boolean(), zod.z.array(zod.z.union([zod.z.string(), zod.z.number(), zod.z.boolean()]))]));
+const ParametersSchema = z.record(z.string(), z.union([z.string(), z.number(), z.boolean(), z.array(z.union([z.string(), z.number(), z.boolean()]))]));
 const apply = (text, parameters) => {
   if (!parameters) {
     return text;
@@ -67,12 +50,12 @@ const apply = (text, parameters) => {
     }
   });
 };
-zod.z.object({
-  text: zod.z.string(),
-  weight: zod.z.number().optional()
+z.object({
+  text: z.string(),
+  weight: z.number().optional()
 });
-const WeightedOptionsSchema = zod.z.object({
-  weight: zod.z.number().optional(),
+const WeightedOptionsSchema = z.object({
+  weight: z.number().optional(),
   parameters: ParametersSchema.optional()
 });
 const create$6 = (text, options = {}) => {
@@ -87,10 +70,10 @@ const create$5 = (text, options = {}) => {
   const weightedOptions = WeightedOptionsSchema.parse(options);
   return create$6(text, weightedOptions);
 };
-const SectionOptionsSchema = zod.z.object({
-  title: zod.z.string().optional(),
-  weight: zod.z.number().optional(),
-  itemWeight: zod.z.number().optional(),
+const SectionOptionsSchema = z.object({
+  title: z.string().optional(),
+  weight: z.number().optional(),
+  itemWeight: z.number().optional(),
   parameters: ParametersSchema.optional().default({})
 });
 const create$4 = (options = {}) => {
@@ -245,19 +228,60 @@ const DEFAULT_FORMAT_OPTIONS = {
   sectionTitleProperty: DEFAULT_SECTION_TITLE_PROPERTY,
   sectionDepth: 0
 };
-const DEFAULT_LOGGER = {
-  name: "default",
-  debug: (message, ...args) => console.debug(message, ...args),
-  info: (message, ...args) => console.info(message, ...args),
-  warn: (message, ...args) => console.warn(message, ...args),
-  error: (message, ...args) => console.error(message, ...args),
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  verbose: (message, ...args) => {
-  },
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  silly: (message, ...args) => {
+const LibLogger = Logging.getLogger("@theunwalked/riotprompt");
+function createSilentLogger(name) {
+  return {
+    name,
+    debug: () => {
+    },
+    info: () => {
+    },
+    warn: () => {
+    },
+    error: () => {
+    },
+    verbose: () => {
+    },
+    silly: () => {
+    },
+    get: (...components) => createSilentLogger(`${name}:${components.join(":")}`)
+  };
+}
+const SILENT_LOGGER = createSilentLogger("silent");
+const isLoggingEnabled = () => {
+  return process.env.RIOTPROMPT_LOGGING === "true" || process.env.DEBUG?.includes("riotprompt") || process.env.NODE_ENV === "development";
+};
+function createLoggerFromFjell(fjellLogger, name) {
+  return {
+    name,
+    debug: (message, ...args) => fjellLogger.debug(message, ...args),
+    info: (message, ...args) => fjellLogger.info(message, ...args),
+    warn: (message, ...args) => fjellLogger.warning(message, ...args),
+    error: (message, ...args) => fjellLogger.error(message, ...args),
+    verbose: (message, ...args) => fjellLogger.debug(message, ...args),
+    // Map to debug
+    silly: (message, ...args) => fjellLogger.debug(message, ...args),
+    // Map to debug
+    get: (...components) => {
+      const childLogger = fjellLogger.get(...components);
+      return createLoggerFromFjell(childLogger, `${name}:${components.join(":")}`);
+    }
+  };
+}
+const FJELL_LOGGER = {
+  name: "fjell",
+  debug: (message, ...args) => LibLogger.debug(message, ...args),
+  info: (message, ...args) => LibLogger.info(message, ...args),
+  warn: (message, ...args) => LibLogger.warning(message, ...args),
+  error: (message, ...args) => LibLogger.error(message, ...args),
+  verbose: (message, ...args) => LibLogger.debug(message, ...args),
+  silly: (message, ...args) => LibLogger.debug(message, ...args),
+  get: (...components) => {
+    const childLogger = LibLogger.get(...components);
+    return createLoggerFromFjell(childLogger, components.join(":"));
   }
 };
+const DEFAULT_LOGGER = isLoggingEnabled() ? FJELL_LOGGER : SILENT_LOGGER;
 const wrapLogger = (toWrap, name) => {
   const requiredMethods = ["debug", "info", "warn", "error", "verbose", "silly"];
   const missingMethods = requiredMethods.filter((method) => typeof toWrap[method] !== "function");
@@ -274,13 +298,14 @@ const wrapLogger = (toWrap, name) => {
     else if (level === "silly") toWrap.silly(message, ...args);
   };
   return {
-    name: "wrapped",
+    name: name || "wrapped",
     debug: (message, ...args) => log("debug", message, ...args),
     info: (message, ...args) => log("info", message, ...args),
     warn: (message, ...args) => log("warn", message, ...args),
     error: (message, ...args) => log("error", message, ...args),
     verbose: (message, ...args) => log("verbose", message, ...args),
-    silly: (message, ...args) => log("silly", message, ...args)
+    silly: (message, ...args) => log("silly", message, ...args),
+    get: (...components) => wrapLogger(toWrap, name ? `${name}:${components.join(":")}` : components.join(":"))
   };
 };
 class ModelRegistry {
@@ -486,18 +511,18 @@ const stringifyJSON = function(obj, visited = /* @__PURE__ */ new Set()) {
   }
   return "";
 };
-const SectionSeparatorSchema = zod.z.enum(["tag", "markdown"]);
-const SectionTitlePropertySchema = zod.z.enum(["title", "name"]);
-const FormatOptionsSchema = zod.z.object({
+const SectionSeparatorSchema = z.enum(["tag", "markdown"]);
+const SectionTitlePropertySchema = z.enum(["title", "name"]);
+const FormatOptionsSchema = z.object({
   sectionSeparator: SectionSeparatorSchema,
-  sectionIndentation: zod.z.boolean(),
+  sectionIndentation: z.boolean(),
   sectionTitleProperty: SectionTitlePropertySchema,
-  sectionTitlePrefix: zod.z.string().optional(),
-  sectionTitleSeparator: zod.z.string().optional(),
-  sectionDepth: zod.z.number().default(0)
+  sectionTitlePrefix: z.string().optional(),
+  sectionTitleSeparator: z.string().optional(),
+  sectionDepth: z.number().default(0)
 });
-const OptionSchema = zod.z.object({
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
+const OptionSchema = z.object({
+  logger: z.any().optional().default(DEFAULT_LOGGER),
   formatOptions: FormatOptionsSchema.partial().optional().default(DEFAULT_FORMAT_OPTIONS)
 });
 function isSection(obj) {
@@ -622,22 +647,22 @@ ${formattedItems}`;
     formatArray
   };
 };
-zod.z.object({
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
+z.object({
+  logger: z.any().optional().default(DEFAULT_LOGGER),
   parameters: ParametersSchema.optional().default({})
 });
 const create$1 = (params) => {
   const log = params.log || console.log;
   const exists = async (path2) => {
     try {
-      await fs__namespace.promises.stat(path2);
+      await fs.promises.stat(path2);
       return true;
     } catch (error) {
       return false;
     }
   };
   const isDirectory2 = async (path2) => {
-    const stats = await fs__namespace.promises.stat(path2);
+    const stats = await fs.promises.stat(path2);
     if (!stats.isDirectory()) {
       log(`${path2} is not a directory`);
       return false;
@@ -645,7 +670,7 @@ const create$1 = (params) => {
     return true;
   };
   const isFile = async (path2) => {
-    const stats = await fs__namespace.promises.stat(path2);
+    const stats = await fs.promises.stat(path2);
     if (!stats.isFile()) {
       log(`${path2} is not a file`);
       return false;
@@ -654,7 +679,7 @@ const create$1 = (params) => {
   };
   const isReadable = async (path2) => {
     try {
-      await fs__namespace.promises.access(path2, fs__namespace.constants.R_OK);
+      await fs.promises.access(path2, fs.constants.R_OK);
     } catch (error) {
       log(`${path2} is not readable: %s %s`, error.message, error.stack);
       return false;
@@ -663,7 +688,7 @@ const create$1 = (params) => {
   };
   const isWritable = async (path2) => {
     try {
-      await fs__namespace.promises.access(path2, fs__namespace.constants.W_OK);
+      await fs.promises.access(path2, fs.constants.W_OK);
     } catch (error) {
       log(`${path2} is not writable: %s %s`, error.message, error.stack);
       return false;
@@ -681,23 +706,23 @@ const create$1 = (params) => {
   };
   const createDirectory = async (path2) => {
     try {
-      await fs__namespace.promises.mkdir(path2, { recursive: true });
+      await fs.promises.mkdir(path2, { recursive: true });
     } catch (mkdirError) {
       throw new Error(`Failed to create output directory ${path2}: ${mkdirError.message} ${mkdirError.stack}`);
     }
   };
   const readFile = async (path2, encoding) => {
-    return await fs__namespace.promises.readFile(path2, { encoding });
+    return await fs.promises.readFile(path2, { encoding });
   };
   const writeFile = async (path2, data, encoding) => {
-    await fs__namespace.promises.writeFile(path2, data, { encoding });
+    await fs.promises.writeFile(path2, data, { encoding });
   };
   const forEachFileIn = async (directory, callback, options = { pattern: "*.*" }) => {
     try {
       let filesProcessed = 0;
-      const files = await glob.glob(options.pattern, { cwd: directory, nodir: true });
+      const files = await glob(options.pattern, { cwd: directory, nodir: true });
       for (const file of files) {
-        await callback(path.join(directory, file));
+        await callback(path__default.join(directory, file));
         filesProcessed++;
         if (options.limit && filesProcessed >= options.limit) {
           log(`Reached limit of ${options.limit} files, stopping`);
@@ -709,14 +734,14 @@ const create$1 = (params) => {
     }
   };
   const readStream = async (path2) => {
-    return fs__namespace.createReadStream(path2);
+    return fs.createReadStream(path2);
   };
   const hashFile = async (path2, length) => {
     const file = await readFile(path2, "utf8");
     return crypto.createHash("sha256").update(file).digest("hex").slice(0, length);
   };
   const listFiles = async (directory) => {
-    return await fs__namespace.promises.readdir(directory);
+    return await fs.promises.readdir(directory);
   };
   return {
     exists,
@@ -736,11 +761,268 @@ const create$1 = (params) => {
     listFiles
   };
 };
-const OptionsSchema = zod.z.object({
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
-  ignorePatterns: zod.z.array(zod.z.string()).optional().default(DEFAULT_IGNORE_PATTERNS),
+const DEFAULT_CONFIG = {
+  enabled: true,
+  logLevel: "warning",
+  includeContext: true,
+  maxContextSize: 1e3
+};
+class SecurityAuditLogger {
+  config;
+  logger;
+  eventCount = /* @__PURE__ */ new Map();
+  constructor(config = {}, logger) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+    this.logger = wrapLogger(logger || DEFAULT_LOGGER, "SecurityAudit");
+  }
+  /**
+   * Log a security event
+   */
+  log(event) {
+    if (!this.config.enabled) return;
+    const fullEvent = {
+      ...event,
+      timestamp: /* @__PURE__ */ new Date(),
+      context: this.sanitizeContext(event.context)
+    };
+    const count = this.eventCount.get(event.type) || 0;
+    this.eventCount.set(event.type, count + 1);
+    this.config.onEvent?.(fullEvent);
+    if (!this.shouldLog(event.severity)) return;
+    const logMessage = this.formatEvent(fullEvent);
+    switch (event.severity) {
+      case "critical":
+        this.logger.error(`[CRITICAL] ${logMessage}`);
+        break;
+      case "error":
+        this.logger.error(logMessage);
+        break;
+      case "warning":
+        this.logger.warn(logMessage);
+        break;
+      case "info":
+        this.logger.info(logMessage);
+        break;
+    }
+  }
+  /**
+   * Convenience methods for common events
+   */
+  pathTraversalBlocked(path2, reason) {
+    this.log({
+      type: "path_traversal_blocked",
+      severity: "warning",
+      message: `Path traversal attempt blocked: ${reason}`,
+      context: { attemptedPath: this.sanitizePath(path2) }
+    });
+  }
+  pathValidationFailed(path2, reason) {
+    this.log({
+      type: "path_validation_failed",
+      severity: "warning",
+      message: `Path validation failed: ${reason}`,
+      context: { attemptedPath: this.sanitizePath(path2) }
+    });
+  }
+  toolValidationFailed(toolName, reason) {
+    this.log({
+      type: "tool_validation_failed",
+      severity: "warning",
+      message: `Tool parameter validation failed for "${toolName}": ${reason}`,
+      context: { toolName }
+    });
+  }
+  toolExecutionBlocked(toolName, reason) {
+    this.log({
+      type: "tool_execution_blocked",
+      severity: "error",
+      message: `Tool execution blocked for "${toolName}": ${reason}`,
+      context: { toolName }
+    });
+  }
+  toolTimeout(toolName, timeoutMs) {
+    this.log({
+      type: "tool_timeout",
+      severity: "warning",
+      message: `Tool "${toolName}" timed out after ${timeoutMs}ms`,
+      context: { toolName, timeoutMs }
+    });
+  }
+  secretRedacted(source) {
+    this.log({
+      type: "secret_redacted",
+      severity: "info",
+      message: `Sensitive data redacted from ${source}`,
+      context: { source }
+    });
+  }
+  apiKeyUsed(provider) {
+    this.log({
+      type: "api_key_used",
+      severity: "info",
+      message: `API key accessed for provider: ${provider}`,
+      context: { provider }
+    });
+  }
+  deserializationFailed(source, reason) {
+    this.log({
+      type: "deserialization_failed",
+      severity: "warning",
+      message: `Deserialization failed from ${source}: ${reason}`,
+      context: { source }
+    });
+  }
+  regexTimeout(pattern, timeoutMs) {
+    this.log({
+      type: "regex_timeout",
+      severity: "warning",
+      message: `Regex operation timed out after ${timeoutMs}ms`,
+      context: { patternLength: pattern.length, timeoutMs }
+    });
+  }
+  requestTimeout(operation, timeoutMs) {
+    this.log({
+      type: "request_timeout",
+      severity: "warning",
+      message: `Operation "${operation}" timed out after ${timeoutMs}ms`,
+      context: { operation, timeoutMs }
+    });
+  }
+  rateLimitExceeded(resource, limit) {
+    this.log({
+      type: "rate_limit_exceeded",
+      severity: "warning",
+      message: `Rate limit exceeded for ${resource}: limit is ${limit}`,
+      context: { resource, limit }
+    });
+  }
+  /**
+   * Get event statistics
+   */
+  getStats() {
+    return new Map(this.eventCount);
+  }
+  /**
+   * Get total event count
+   */
+  getTotalEventCount() {
+    let total = 0;
+    for (const count of this.eventCount.values()) {
+      total += count;
+    }
+    return total;
+  }
+  /**
+   * Reset statistics
+   */
+  resetStats() {
+    this.eventCount.clear();
+  }
+  /**
+   * Check if any events of a specific type have been logged
+   */
+  hasEventsOfType(type) {
+    return (this.eventCount.get(type) || 0) > 0;
+  }
+  /**
+   * Get count for a specific event type
+   */
+  getEventCount(type) {
+    return this.eventCount.get(type) || 0;
+  }
+  shouldLog(severity) {
+    const levels = ["info", "warning", "error", "critical"];
+    const configLevel = levels.indexOf(this.config.logLevel === "all" ? "info" : this.config.logLevel);
+    const eventLevel = levels.indexOf(severity);
+    return eventLevel >= configLevel;
+  }
+  formatEvent(event) {
+    let message = `[${event.type}] ${event.message}`;
+    if (this.config.includeContext && event.context) {
+      message += ` | Context: ${JSON.stringify(event.context)}`;
+    }
+    return message;
+  }
+  sanitizeContext(context) {
+    if (!context || !this.config.includeContext) return void 0;
+    const sanitized = {};
+    let size = 0;
+    for (const [key, value] of Object.entries(context)) {
+      const stringValue = String(value);
+      if (size + stringValue.length > this.config.maxContextSize) break;
+      if (this.looksLikeSensitiveKey(key)) {
+        sanitized[key] = "[REDACTED]";
+      } else {
+        sanitized[key] = value;
+      }
+      size += stringValue.length;
+    }
+    return sanitized;
+  }
+  sanitizePath(path2) {
+    const parts = path2.split(/[/\\]/);
+    const lastPart = parts[parts.length - 1];
+    return `.../${lastPart} (${path2.length} chars)`;
+  }
+  looksLikeSensitiveKey(key) {
+    const sensitivePatterns = [
+      /key/i,
+      /secret/i,
+      /password/i,
+      /token/i,
+      /auth/i,
+      /credential/i
+    ];
+    return sensitivePatterns.some((p) => p.test(key));
+  }
+}
+let globalAuditLogger = null;
+function getAuditLogger() {
+  if (!globalAuditLogger) {
+    globalAuditLogger = new SecurityAuditLogger();
+  }
+  return globalAuditLogger;
+}
+function createSafeError(error, context) {
+  const err = error instanceof Error ? error : new Error(String(error));
+  return createSafeError$1(err, context);
+}
+const OptionsSchema = z.object({
+  logger: z.any().optional().default(DEFAULT_LOGGER),
+  ignorePatterns: z.array(z.string()).optional().default(DEFAULT_IGNORE_PATTERNS),
   parameters: ParametersSchema.optional().default({})
 });
+function createSafeIgnorePatterns(patterns, logger) {
+  const auditLogger = getAuditLogger();
+  const safeRegex = new SafeRegex({
+    maxLength: 500,
+    timeoutMs: 1e3,
+    onBlock: (message, pattern) => {
+      logger.warn(`Blocked unsafe ignore pattern: ${message}`, { patternLength: pattern.length });
+      auditLogger.log({
+        type: "regex_blocked",
+        severity: "warning",
+        message: `Blocked unsafe regex pattern: ${message}`,
+        context: { patternLength: pattern.length }
+      });
+    },
+    onWarning: (message, _pattern) => {
+      logger.debug(`Regex warning: ${message}`);
+    }
+  });
+  return patterns.map((pattern) => {
+    const result = safeRegex.create(pattern, "i");
+    if (result.safe && result.regex) {
+      return result.regex;
+    }
+    const globResult = safeRegex.globToRegex(pattern);
+    if (globResult.safe && globResult.regex) {
+      return globResult.regex;
+    }
+    logger.warn(`Invalid or unsafe ignore pattern "${pattern}": ${result.error || globResult.error}`);
+    return null;
+  }).filter((regex) => regex !== null);
+}
 function extractFirstHeader(markdownText) {
   const headerRegex = /^(#{1,6})\s+(.+?)(?:\n|$)/m;
   const match = markdownText.match(headerRegex);
@@ -783,10 +1065,10 @@ const create = (loaderOptions) => {
     const storage = create$1({ log: logger.debug });
     for (const contextDir of contextDirectories) {
       try {
-        const dirName = path.basename(contextDir);
+        const dirName = path__default.basename(contextDir);
         logger.debug(`Processing context directory ${dirName}`);
         let mainContextSection;
-        const contextFile = path.join(contextDir, "context.md");
+        const contextFile = path__default.join(contextDir, "context.md");
         if (await storage.exists(contextFile)) {
           logger.debug(`Found context.md file in ${contextDir}`);
           const mainContextContent = await storage.readFile(contextFile, "utf8");
@@ -802,22 +1084,15 @@ const create = (loaderOptions) => {
           mainContextSection = create$4({ ...sectionOptions, title: dirName });
         }
         const files = await storage.listFiles(contextDir);
-        const ignorePatternsRegex = ignorePatterns.map((pattern) => {
-          try {
-            return new RegExp(pattern, "i");
-          } catch (error) {
-            logger.error(`Invalid ignore pattern: ${pattern}`, { error });
-            return /(?!)/;
-          }
-        });
+        const ignorePatternsRegex = createSafeIgnorePatterns(ignorePatterns, logger);
         const filteredFiles = files.filter((file) => {
-          const fullPath = path.join(contextDir, file);
+          const fullPath = path__default.join(contextDir, file);
           return !ignorePatternsRegex.some((regex) => regex.test(file) || regex.test(fullPath));
         });
         for (const file of filteredFiles) {
           if (file === "context.md") continue;
           logger.debug(`Processing file ${file} in ${contextDir}`);
-          const filePath = path.join(contextDir, file);
+          const filePath = path__default.join(contextDir, file);
           if (await storage.isFile(filePath)) {
             const fileContent = await storage.readFile(filePath, "utf8");
             let sectionName = file;
@@ -836,7 +1111,8 @@ const create = (loaderOptions) => {
         }
         contextSections.push(mainContextSection);
       } catch (error) {
-        logger.error(`Error processing context directory ${contextDir}: ${error}`);
+        const safeError = createSafeError(error, { operation: "load", directory: path__default.basename(contextDir) });
+        logger.error(`Error processing context directory: ${safeError.message}`);
       }
     }
     return contextSections;
@@ -845,107 +1121,108 @@ const create = (loaderOptions) => {
     load
   };
 };
-zod.z.object({
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
-  configDirs: zod.z.array(zod.z.string()).default(["./overrides"]),
-  overrides: zod.z.boolean().default(false),
+z.object({
+  logger: z.any().optional().default(DEFAULT_LOGGER),
+  configDirs: z.array(z.string()).default(["./overrides"]),
+  overrides: z.boolean().default(false),
   parameters: ParametersSchema.optional().default({})
 });
-zod.z.object({
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
-  basePath: zod.z.string(),
-  overridePaths: zod.z.array(zod.z.string()).optional().default(["./"]),
-  overrides: zod.z.boolean().optional().default(false),
+z.object({
+  logger: z.any().optional().default(DEFAULT_LOGGER),
+  basePath: z.string(),
+  overridePaths: z.array(z.string()).optional().default(["./"]),
+  overrides: z.boolean().optional().default(false),
   parameters: ParametersSchema.optional().default({})
 });
-zod.z.object({
-  model: zod.z.string(),
-  formatter: zod.z.any().optional(),
-  trackContext: zod.z.boolean().optional().default(true),
-  deduplicateContext: zod.z.boolean().optional().default(true)
+Logging.getLogger("@theunwalked/riotprompt");
+z.object({
+  model: z.string(),
+  formatter: z.any().optional(),
+  trackContext: z.boolean().optional().default(true),
+  deduplicateContext: z.boolean().optional().default(true)
 });
-zod.z.object({
-  name: zod.z.string().min(1),
-  description: zod.z.string().min(1),
-  parameters: zod.z.object({
-    type: zod.z.literal("object"),
-    properties: zod.z.record(zod.z.string(), zod.z.any()).default({}),
+z.object({
+  name: z.string().min(1),
+  description: z.string().min(1),
+  parameters: z.object({
+    type: z.literal("object"),
+    properties: z.record(z.string(), z.any()).default({}),
     // Allow any parameter structure
-    required: zod.z.array(zod.z.string()).optional()
+    required: z.array(z.string()).optional()
   }).passthrough(),
   // Allow additional fields
-  execute: zod.z.custom(
+  execute: z.custom(
     (val) => typeof val === "function",
     { message: "execute must be a function" }
   ),
-  category: zod.z.string().optional(),
-  cost: zod.z.enum(["cheap", "moderate", "expensive"]).optional(),
-  examples: zod.z.array(zod.z.object({
-    scenario: zod.z.string(),
-    params: zod.z.any(),
-    expectedResult: zod.z.string()
+  category: z.string().optional(),
+  cost: z.enum(["cheap", "moderate", "expensive"]).optional(),
+  examples: z.array(z.object({
+    scenario: z.string(),
+    params: z.any(),
+    expectedResult: z.string()
   })).optional()
 }).passthrough();
-const ContentItemSchema = zod.z.union([
-  zod.z.string(),
+const ContentItemSchema = z.union([
+  z.string(),
   // Simple string content
-  zod.z.object({
-    content: zod.z.string(),
-    title: zod.z.string().optional(),
-    weight: zod.z.number().optional()
+  z.object({
+    content: z.string(),
+    title: z.string().optional(),
+    weight: z.number().optional()
   }),
-  zod.z.object({
-    path: zod.z.string(),
-    title: zod.z.string().optional(),
-    weight: zod.z.number().optional()
+  z.object({
+    path: z.string(),
+    title: z.string().optional(),
+    weight: z.number().optional()
   }),
-  zod.z.object({
-    directories: zod.z.array(zod.z.string()),
-    title: zod.z.string().optional(),
-    weight: zod.z.number().optional()
+  z.object({
+    directories: z.array(z.string()),
+    title: z.string().optional(),
+    weight: z.number().optional()
   })
 ]);
-zod.z.object({
+z.object({
   // Core settings
-  basePath: zod.z.string(),
-  logger: zod.z.any().optional().default(DEFAULT_LOGGER),
-  overridePaths: zod.z.array(zod.z.string()).optional().default(["./"]),
-  overrides: zod.z.boolean().optional().default(false),
+  basePath: z.string(),
+  logger: z.any().optional().default(DEFAULT_LOGGER),
+  overridePaths: z.array(z.string()).optional().default(["./"]),
+  overrides: z.boolean().optional().default(false),
   parameters: ParametersSchema.optional().default({}),
   // Content sections
   persona: ContentItemSchema.optional(),
-  instructions: zod.z.array(ContentItemSchema).optional().default([]),
-  content: zod.z.array(ContentItemSchema).optional().default([]),
-  context: zod.z.array(ContentItemSchema).optional().default([]),
+  instructions: z.array(ContentItemSchema).optional().default([]),
+  content: z.array(ContentItemSchema).optional().default([]),
+  context: z.array(ContentItemSchema).optional().default([]),
   // Advanced prompting sections
-  constraints: zod.z.array(ContentItemSchema).optional().default([]),
-  tone: zod.z.array(ContentItemSchema).optional().default([]),
-  examples: zod.z.array(ContentItemSchema).optional().default([]),
-  reasoning: zod.z.array(ContentItemSchema).optional().default([]),
-  responseFormat: zod.z.array(ContentItemSchema).optional().default([]),
-  recap: zod.z.array(ContentItemSchema).optional().default([]),
-  safeguards: zod.z.array(ContentItemSchema).optional().default([]),
-  schema: zod.z.any().optional(),
+  constraints: z.array(ContentItemSchema).optional().default([]),
+  tone: z.array(ContentItemSchema).optional().default([]),
+  examples: z.array(ContentItemSchema).optional().default([]),
+  reasoning: z.array(ContentItemSchema).optional().default([]),
+  responseFormat: z.array(ContentItemSchema).optional().default([]),
+  recap: z.array(ContentItemSchema).optional().default([]),
+  safeguards: z.array(ContentItemSchema).optional().default([]),
+  schema: z.any().optional(),
   // Can be string path, JSON object, or Zod schema
   // Templates and inheritance
-  extends: zod.z.string().optional(),
+  extends: z.string().optional(),
   // Extend another recipe
-  template: zod.z.string().optional(),
+  template: z.string().optional(),
   // Generic template name
   // Tool integration
-  tools: zod.z.any().optional(),
+  tools: z.any().optional(),
   // Tool[] | ToolRegistry
-  toolGuidance: zod.z.union([
-    zod.z.enum(["auto", "minimal", "detailed"]),
-    zod.z.object({
-      strategy: zod.z.enum(["adaptive", "prescriptive", "minimal"]),
-      includeExamples: zod.z.boolean().optional(),
-      explainWhenToUse: zod.z.boolean().optional(),
-      includeCategories: zod.z.boolean().optional(),
-      customInstructions: zod.z.string().optional()
+  toolGuidance: z.union([
+    z.enum(["auto", "minimal", "detailed"]),
+    z.object({
+      strategy: z.enum(["adaptive", "prescriptive", "minimal"]),
+      includeExamples: z.boolean().optional(),
+      explainWhenToUse: z.boolean().optional(),
+      includeCategories: z.boolean().optional(),
+      customInstructions: z.string().optional()
     })
   ]).optional(),
-  toolCategories: zod.z.array(zod.z.string()).optional()
+  toolCategories: z.array(z.string()).optional()
 });
 const toJSON = (prompt) => {
   return JSON.stringify(prompt, null, 2);
@@ -1087,7 +1364,7 @@ const parseNodeToSection = (node) => {
   return section;
 };
 const fromXML = (xmlString) => {
-  const parser = new fastXmlParser.XMLParser({
+  const parser = new XMLParser({
     ignoreAttributes: false,
     attributeNamePrefix: "@_",
     preserveOrder: true,
@@ -1129,18 +1406,18 @@ const fromXML = (xmlString) => {
   });
 };
 const saveToDirectory = async (prompt, basePath) => {
-  await fs__namespace$1.mkdir(basePath, { recursive: true });
+  await fs$1.mkdir(basePath, { recursive: true });
   if (prompt.persona) {
-    await saveSection(prompt.persona, path__namespace.join(basePath, "persona"));
+    await saveSection(prompt.persona, path.join(basePath, "persona"));
   }
   if (prompt.instructions) {
-    await saveSection(prompt.instructions, path__namespace.join(basePath, "instructions"));
+    await saveSection(prompt.instructions, path.join(basePath, "instructions"));
   }
   if (prompt.contexts) {
-    await saveSection(prompt.contexts, path__namespace.join(basePath, "context"));
+    await saveSection(prompt.contexts, path.join(basePath, "context"));
   }
   if (prompt.contents) {
-    await saveSection(prompt.contents, path__namespace.join(basePath, "content"));
+    await saveSection(prompt.contents, path.join(basePath, "content"));
   }
 };
 const saveSection = async (section, targetPath) => {
@@ -1152,20 +1429,20 @@ const saveSection = async (section, targetPath) => {
       if (typeof item === "string") return item;
       return item.text;
     }).join("\n\n");
-    await fs__namespace$1.writeFile(`${targetPath}.md`, content);
+    await fs$1.writeFile(`${targetPath}.md`, content);
     return;
   }
-  await fs__namespace$1.mkdir(targetPath, { recursive: true });
+  await fs$1.mkdir(targetPath, { recursive: true });
   for (let i = 0; i < section.items.length; i++) {
     const item = section.items[i];
     if (typeof item === "object" && "items" in item) {
       const subTitle = item.title || `part-${i + 1}`;
-      const subPath = path__namespace.join(targetPath, subTitle);
+      const subPath = path.join(targetPath, subTitle);
       await saveSection(item, subPath);
     } else {
       const fileName = `item-${i + 1}.md`;
       const content = typeof item === "string" ? item : item.text;
-      await fs__namespace$1.writeFile(path__namespace.join(targetPath, fileName), content);
+      await fs$1.writeFile(path.join(targetPath, fileName), content);
     }
   }
 };
@@ -1258,7 +1535,7 @@ class GeminiProvider {
   async execute(request, options = {}) {
     const apiKey = options.apiKey || process.env.GEMINI_API_KEY;
     if (!apiKey) throw new Error("Gemini API key is required");
-    const genAI = new generativeAi.GoogleGenerativeAI(apiKey);
+    const genAI = new GoogleGenerativeAI(apiKey);
     const modelName = options.model || request.model || "gemini-1.5-pro";
     const generationConfig = {};
     if (request.responseFormat?.type === "json_schema") {
@@ -1364,8 +1641,170 @@ const execute = async (request, options = {}) => {
   const manager = new ExecutionManager();
   return manager.execute(request, options);
 };
-const program = new commander.Command();
-const configManager = cardigantime.create({
+const PathSecurityConfigSchema = z.object({
+  enabled: z.boolean().optional().default(true),
+  basePaths: z.array(z.string()).optional().default([]),
+  allowAbsolute: z.boolean().optional().default(false),
+  allowSymlinks: z.boolean().optional().default(false),
+  denyPatterns: z.array(z.string()).optional().default([
+    "\\.\\.",
+    // Parent directory
+    "~",
+    // Home directory expansion
+    "\\$\\{"
+    // Variable expansion
+  ])
+});
+const ToolSecurityConfigSchema = z.object({
+  enabled: z.boolean().optional().default(true),
+  validateParams: z.boolean().optional().default(true),
+  sandboxExecution: z.boolean().optional().default(false),
+  allowedTools: z.array(z.string()).optional(),
+  deniedTools: z.array(z.string()).optional().default([]),
+  maxExecutionTime: z.number().optional().default(3e4),
+  // 30 seconds
+  maxConcurrentCalls: z.number().optional().default(10)
+});
+const SecretSecurityConfigSchema = z.object({
+  enabled: z.boolean().optional().default(true),
+  redactInLogs: z.boolean().optional().default(true),
+  redactInErrors: z.boolean().optional().default(true),
+  patterns: z.array(z.instanceof(RegExp)).optional().default([
+    /api[_-]?key[\s:="']+[\w-]+/gi,
+    /password[\s:="']+[\w-]+/gi,
+    /Bearer\s+[\w-]+/gi,
+    /sk-[a-zA-Z0-9]{48,}/g,
+    /AKIA[0-9A-Z]{16}/g
+    // AWS Access Key
+  ]),
+  customPatterns: z.array(z.instanceof(RegExp)).optional().default([])
+});
+const LogSecurityConfigSchema = z.object({
+  enabled: z.boolean().optional().default(true),
+  auditSecurityEvents: z.boolean().optional().default(true),
+  sanitizeStackTraces: z.boolean().optional().default(true),
+  maxContentLength: z.number().optional().default(1e4)
+});
+const TimeoutConfigSchema = z.object({
+  enabled: z.boolean().optional().default(true),
+  defaultTimeout: z.number().optional().default(3e4),
+  llmTimeout: z.number().optional().default(12e4),
+  // 2 minutes for LLM calls
+  toolTimeout: z.number().optional().default(3e4),
+  fileTimeout: z.number().optional().default(5e3)
+});
+function createDefaultPathSecurityConfig() {
+  return PathSecurityConfigSchema.parse({});
+}
+function createDefaultToolSecurityConfig() {
+  return ToolSecurityConfigSchema.parse({});
+}
+function createDefaultSecretSecurityConfig() {
+  return SecretSecurityConfigSchema.parse({});
+}
+function createDefaultLogSecurityConfig() {
+  return LogSecurityConfigSchema.parse({});
+}
+function createDefaultTimeoutConfig() {
+  return TimeoutConfigSchema.parse({});
+}
+const SecurityConfigSchema = z.object({
+  paths: PathSecurityConfigSchema.optional().default(createDefaultPathSecurityConfig),
+  tools: ToolSecurityConfigSchema.optional().default(createDefaultToolSecurityConfig),
+  secrets: SecretSecurityConfigSchema.optional().default(createDefaultSecretSecurityConfig),
+  logging: LogSecurityConfigSchema.optional().default(createDefaultLogSecurityConfig),
+  timeouts: TimeoutConfigSchema.optional().default(createDefaultTimeoutConfig)
+});
+SecurityConfigSchema.parse({});
+const SERIALIZATION_LIMITS = {
+  maxContentLength: 1e6,
+  // 1MB per message
+  maxArgumentsLength: 1e5,
+  // 100KB for tool arguments
+  maxMessages: 1e4,
+  // 10k messages per conversation
+  maxContextItems: 1e3,
+  // 1k context items
+  maxStringLength: 100,
+  // 100 chars for names/ids
+  maxToolCalls: 100
+  // 100 tool calls per message
+};
+const ToolCallSchema = z.object({
+  id: z.string().max(SERIALIZATION_LIMITS.maxStringLength),
+  type: z.literal("function"),
+  function: z.object({
+    name: z.string().max(SERIALIZATION_LIMITS.maxStringLength),
+    arguments: z.string().max(SERIALIZATION_LIMITS.maxArgumentsLength)
+  })
+});
+const ConversationMessageSchema = z.object({
+  role: z.enum(["system", "user", "assistant", "tool"]),
+  content: z.string().nullable().refine(
+    (val) => val === null || val.length <= SERIALIZATION_LIMITS.maxContentLength,
+    { message: `Content exceeds maximum length of ${SERIALIZATION_LIMITS.maxContentLength}` }
+  ),
+  name: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional(),
+  tool_calls: z.array(ToolCallSchema).max(SERIALIZATION_LIMITS.maxToolCalls).optional(),
+  tool_call_id: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional()
+});
+const ConversationMetadataSchema = z.object({
+  model: z.string().max(SERIALIZATION_LIMITS.maxStringLength),
+  created: z.string().datetime(),
+  lastModified: z.string().datetime(),
+  messageCount: z.number().int().nonnegative(),
+  toolCallCount: z.number().int().nonnegative()
+});
+z.object({
+  // Optional version for forward compatibility
+  version: z.string().optional(),
+  messages: z.array(ConversationMessageSchema).max(SERIALIZATION_LIMITS.maxMessages),
+  metadata: ConversationMetadataSchema,
+  contextProvided: z.array(z.string().max(1e3)).max(SERIALIZATION_LIMITS.maxContextItems).optional()
+});
+z.object({
+  version: z.string().optional(),
+  persona: z.any().optional(),
+  instructions: z.any().optional(),
+  contexts: z.any().optional(),
+  content: z.any().optional()
+});
+z.object({
+  id: z.string().max(200),
+  metadata: z.object({
+    startTime: z.union([z.string().datetime(), z.date()]),
+    endTime: z.union([z.string().datetime(), z.date()]).optional(),
+    duration: z.number().nonnegative().optional(),
+    model: z.string().max(SERIALIZATION_LIMITS.maxStringLength),
+    template: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional(),
+    userContext: z.record(z.string(), z.any()).optional()
+  }),
+  prompt: z.object({
+    persona: z.string().optional(),
+    instructions: z.string().optional(),
+    content: z.array(z.string()).optional(),
+    context: z.array(z.string()).optional()
+  }).optional(),
+  messages: z.array(z.object({
+    index: z.number().int().nonnegative(),
+    timestamp: z.string(),
+    role: z.string(),
+    content: z.string().nullable(),
+    tool_calls: z.array(ToolCallSchema).optional(),
+    tool_call_id: z.string().optional(),
+    metadata: z.record(z.string(), z.any()).optional()
+  })).max(SERIALIZATION_LIMITS.maxMessages),
+  summary: z.object({
+    totalMessages: z.number().int().nonnegative(),
+    totalTokens: z.number().int().nonnegative().optional(),
+    toolCallsExecuted: z.number().int().nonnegative(),
+    iterations: z.number().int().nonnegative(),
+    finalOutput: z.string().optional(),
+    success: z.boolean()
+  })
+});
+const program = new Command();
+const configManager = create$7({
   configShape: ConfigSchema.shape,
   defaults: {
     configDirectory: process.cwd(),
@@ -1375,7 +1814,7 @@ const configManager = cardigantime.create({
 program.name("riotprompt").description("CLI tool for analyzing and processing prompts").version("0.0.1");
 async function isDirectory(path2) {
   try {
-    const stat = await fs__namespace$1.stat(path2);
+    const stat = await fs$1.stat(path2);
     return stat.isDirectory();
   } catch {
     return false;
@@ -1383,7 +1822,7 @@ async function isDirectory(path2) {
 }
 async function fileExists(path2) {
   try {
-    await fs__namespace$1.access(path2);
+    await fs$1.access(path2);
     return true;
   } catch {
     return false;
@@ -1394,8 +1833,8 @@ async function loadPromptFromDirectory(absolutePromptPath) {
   let instructionsSection;
   let contextSection;
   const loader = create();
-  const personaDir = path__namespace.join(absolutePromptPath, "persona");
-  const personaFile = path__namespace.join(absolutePromptPath, "persona.md");
+  const personaDir = path.join(absolutePromptPath, "persona");
+  const personaFile = path.join(absolutePromptPath, "persona.md");
   if (await isDirectory(personaDir)) {
     console.log("Loading persona from directory...");
     const personaSections = await loader.load([personaDir]);
@@ -1407,14 +1846,14 @@ async function loadPromptFromDirectory(absolutePromptPath) {
     }
   } else if (await fileExists(personaFile)) {
     console.log("Loading persona from file...");
-    const personaContent = await fs__namespace$1.readFile(personaFile, "utf-8");
+    const personaContent = await fs$1.readFile(personaFile, "utf-8");
     personaSection = create$4({ title: "Persona" });
     personaSection.add(create$5(personaContent));
   } else {
     console.log("No persona found, skipping.");
   }
-  const instructionsDir = path__namespace.join(absolutePromptPath, "instructions");
-  const instructionsFile = path__namespace.join(absolutePromptPath, "instructions.md");
+  const instructionsDir = path.join(absolutePromptPath, "instructions");
+  const instructionsFile = path.join(absolutePromptPath, "instructions.md");
   if (await isDirectory(instructionsDir)) {
     console.log("Loading instructions from directory...");
     const instructionSections = await loader.load([instructionsDir]);
@@ -1426,14 +1865,14 @@ async function loadPromptFromDirectory(absolutePromptPath) {
     }
   } else if (await fileExists(instructionsFile)) {
     console.log("Loading instructions from file...");
-    const instructionsContent = await fs__namespace$1.readFile(instructionsFile, "utf-8");
+    const instructionsContent = await fs$1.readFile(instructionsFile, "utf-8");
     instructionsSection = create$4({ title: "Instructions" });
     instructionsSection.add(create$5(instructionsContent));
   }
   if (!instructionsSection) {
     throw new Error("instructions (directory or .md file) is required.");
   }
-  const contextDir = path__namespace.join(absolutePromptPath, "context");
+  const contextDir = path.join(absolutePromptPath, "context");
   if (await isDirectory(contextDir)) {
     console.log("Loading context from directory...");
     const contextSections = await loader.load([contextDir]);
@@ -1454,14 +1893,14 @@ async function loadPromptFromDirectory(absolutePromptPath) {
 }
 async function createAction(promptName, options) {
   try {
-    const basePath = path__namespace.resolve(options.path, promptName);
+    const basePath = path.resolve(options.path, promptName);
     if (await fileExists(basePath)) {
       console.error(`Error: Directory ${basePath} already exists.`);
       process.exit(1);
     }
     if (options.import) {
       console.log(`Importing prompt from ${options.import} to ${basePath}...`);
-      const content = await fs__namespace$1.readFile(options.import, "utf-8");
+      const content = await fs$1.readFile(options.import, "utf-8");
       let prompt;
       if (options.import.endsWith(".json")) {
         prompt = fromJSON(content);
@@ -1474,23 +1913,23 @@ async function createAction(promptName, options) {
       console.log(`Successfully imported to ${basePath}`);
     } else {
       console.log(`Creating prompt structure at ${basePath}...`);
-      await fs__namespace$1.mkdir(basePath, { recursive: true });
+      await fs$1.mkdir(basePath, { recursive: true });
       const personaText = options.persona || "You are a helpful AI assistant.";
-      await fs__namespace$1.writeFile(path__namespace.join(basePath, "persona.md"), personaText);
+      await fs$1.writeFile(path.join(basePath, "persona.md"), personaText);
       console.log("Created persona.md");
       const instructionsText = options.instructions || "Please analyze the following request.";
-      await fs__namespace$1.writeFile(path__namespace.join(basePath, "instructions.md"), instructionsText);
+      await fs$1.writeFile(path.join(basePath, "instructions.md"), instructionsText);
       console.log("Created instructions.md");
       if (options.context) {
-        const contextDir = path__namespace.join(basePath, "context");
-        await fs__namespace$1.mkdir(contextDir);
-        await fs__namespace$1.writeFile(path__namespace.join(contextDir, "README.md"), "Place context files (json, md, txt) in this directory.");
+        const contextDir = path.join(basePath, "context");
+        await fs$1.mkdir(contextDir);
+        await fs$1.writeFile(path.join(contextDir, "README.md"), "Place context files (json, md, txt) in this directory.");
         console.log("Created context directory");
       }
       console.log(`
 Prompt '${promptName}' created successfully!`);
     }
-    console.log(`Run 'riotprompt process ${path__namespace.join(options.path, promptName)}' to test it.`);
+    console.log(`Run 'riotprompt process ${path.join(options.path, promptName)}' to test it.`);
   } catch (error) {
     console.error("Error creating prompt:", error);
     process.exit(1);
@@ -1502,7 +1941,7 @@ async function processAction(promptPath, options) {
     const modelName = options.model || config.defaultModel;
     console.log(`Processing prompt from: ${promptPath}`);
     console.log(`Using model: ${modelName}`);
-    const absolutePromptPath = path__namespace.resolve(promptPath);
+    const absolutePromptPath = path.resolve(promptPath);
     if (!await fileExists(absolutePromptPath)) {
       console.error(`Error: Prompt path not found at ${absolutePromptPath}`);
       process.exit(1);
@@ -1511,7 +1950,7 @@ async function processAction(promptPath, options) {
     if (await isDirectory(absolutePromptPath)) {
       prompt = await loadPromptFromDirectory(absolutePromptPath);
     } else {
-      const content = await fs__namespace$1.readFile(absolutePromptPath, "utf-8");
+      const content = await fs$1.readFile(absolutePromptPath, "utf-8");
       if (absolutePromptPath.endsWith(".json")) {
         prompt = fromJSON(content);
       } else if (absolutePromptPath.endsWith(".xml")) {
@@ -1538,7 +1977,7 @@ ${m.content}`).join("\n\n");
       }
     }
     if (options.output) {
-      await fs__namespace$1.writeFile(options.output, output);
+      await fs$1.writeFile(options.output, output);
       console.log(`Output written to ${options.output}`);
     } else {
       console.log("\n--- Result ---\n");
@@ -1555,7 +1994,7 @@ async function executeAction(promptPath, options) {
     const modelName = options.model || config.defaultModel;
     console.log(`Executing prompt from: ${promptPath}`);
     console.log(`Using model: ${modelName}`);
-    const absolutePromptPath = path__namespace.resolve(promptPath);
+    const absolutePromptPath = path.resolve(promptPath);
     if (!await fileExists(absolutePromptPath)) {
       console.error(`Error: Prompt path not found at ${absolutePromptPath}`);
       process.exit(1);
@@ -1564,7 +2003,7 @@ async function executeAction(promptPath, options) {
     if (await isDirectory(absolutePromptPath)) {
       prompt = await loadPromptFromDirectory(absolutePromptPath);
     } else {
-      const content = await fs__namespace$1.readFile(absolutePromptPath, "utf-8");
+      const content = await fs$1.readFile(absolutePromptPath, "utf-8");
       if (absolutePromptPath.endsWith(".json")) {
         prompt = fromJSON(content);
       } else if (absolutePromptPath.endsWith(".xml")) {
@@ -1602,16 +2041,19 @@ async function main() {
   program.command("execute <promptPath>").description("Execute a prompt using an LLM provider").option("-m, --model <model>", "Model to use (e.g., gpt-4, claude-3-opus, gemini-1.5-pro)").option("-k, --key <key>", "API Key (overrides env vars)").option("-t, --temperature <number>", "Temperature (0-1)", parseFloat).option("--max-tokens <number>", "Max tokens", parseInt).action(executeAction);
   await program.parseAsync();
 }
-if (typeof require !== "undefined" && require.main === module) {
+const isRunningAsCLI = process.argv[1] && (process.argv[1].endsWith("cli.js") || process.argv[1].endsWith("cli.ts")) && !process.argv[1].includes("vitest") && !process.argv[1].includes("node_modules");
+if (isRunningAsCLI) {
   main().catch((err) => {
     console.error(err);
     process.exit(1);
   });
 }
-exports.createAction = createAction;
-exports.executeAction = executeAction;
-exports.fileExists = fileExists;
-exports.isDirectory = isDirectory;
-exports.loadPromptFromDirectory = loadPromptFromDirectory;
-exports.main = main;
-exports.processAction = processAction;
+export {
+  createAction,
+  executeAction,
+  fileExists,
+  isDirectory,
+  loadPromptFromDirectory,
+  main,
+  processAction
+};