@sentry/junior 0.4.1 → 0.5.0

package/dist/{chunk-OZFXD5IG.js → chunk-BKYYVLVN.js}

@@ -9,604 +9,225 @@ import {
   discoverProjectRoots
 } from "./chunk-Z5E25LRN.js";
 
-// src/chat/config.ts
-var MIN_AGENT_TURN_TIMEOUT_MS = 10 * 1e3;
-var DEFAULT_AGENT_TURN_TIMEOUT_MS = 12 * 60 * 1e3;
-var DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS = 800;
-var TURN_TIMEOUT_BUFFER_SECONDS = 20;
-function parseAgentTurnTimeoutMs(rawValue, maxTimeoutMs) {
-  const value = Number.parseInt(rawValue ?? "", 10);
-  if (Number.isNaN(value)) {
-    return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(DEFAULT_AGENT_TURN_TIMEOUT_MS, maxTimeoutMs));
-  }
-  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(value, maxTimeoutMs));
+// src/chat/plugins/registry.ts
+import { readFileSync, readdirSync, statSync } from "fs";
+import path2 from "path";
+import { parse as parseYaml } from "yaml";
+
+// src/chat/home.ts
+import fs from "fs";
+import path from "path";
+function homeDir() {
+  return resolveHomeDir();
 }
-function resolveQueueCallbackMaxDurationSeconds() {
-  const value = Number.parseInt(process.env.QUEUE_CALLBACK_MAX_DURATION_SECONDS ?? "", 10);
-  if (Number.isNaN(value) || value <= 0) {
-    return DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS;
+function unique(values) {
+  return [...new Set(values)];
+}
+function pathExists(targetPath) {
+  try {
+    fs.accessSync(targetPath);
+    return true;
+  } catch {
+    return false;
   }
-  return value;
 }
-function resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds) {
-  const budgetSeconds = queueCallbackMaxDurationSeconds - TURN_TIMEOUT_BUFFER_SECONDS;
-  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, budgetSeconds * 1e3);
+function hasAnyDataMarkers(appDir) {
+  return pathExists(path.join(appDir, "SOUL.md"));
 }
-function buildBotConfig() {
-  const queueCallbackMaxDurationSeconds = resolveQueueCallbackMaxDurationSeconds();
-  const maxTurnTimeoutMs = resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds);
-  return {
-    userName: process.env.JUNIOR_BOT_NAME ?? "junior",
-    modelId: process.env.AI_MODEL ?? "anthropic/claude-sonnet-4.6",
-    fastModelId: process.env.AI_FAST_MODEL ?? process.env.AI_MODEL ?? "anthropic/claude-haiku-4.5",
-    turnTimeoutMs: parseAgentTurnTimeoutMs(process.env.AGENT_TURN_TIMEOUT_MS, maxTurnTimeoutMs)
-  };
+function scoreAppCandidate(appDir) {
+  let score = 0;
+  if (pathExists(path.join(appDir, "SOUL.md"))) {
+    score += 4;
+  }
+  if (pathExists(path.join(appDir, "ABOUT.md"))) {
+    score += 2;
+  }
+  if (pathExists(path.join(appDir, "skills"))) {
+    score += 1;
+  }
+  if (pathExists(path.join(appDir, "plugins"))) {
+    score += 1;
+  }
+  return score;
 }
-var botConfig = buildBotConfig();
-function toOptionalTrimmed(value) {
-  if (!value) {
-    return void 0;
+function resolveCandidateAppDirs(cwd, projectRoots) {
+  const roots = projectRoots ?? discoverProjectRoots(cwd);
+  const resolved = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const root of roots) {
+    const appDir = path.resolve(root, "app");
+    if (!pathExists(appDir)) {
+      continue;
+    }
+    if (seen.has(appDir)) {
+      continue;
+    }
+    seen.add(appDir);
+    resolved.push(appDir);
   }
-  const trimmed = value.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
+  return resolved;
 }
-function getSlackBotToken() {
-  return toOptionalTrimmed(process.env.SLACK_BOT_TOKEN) ?? toOptionalTrimmed(process.env.SLACK_BOT_USER_TOKEN);
+function resolveHomeDir(cwd = process.cwd(), options) {
+  const resolvedCwd = path.resolve(cwd);
+  const directApp = path.resolve(resolvedCwd, "app");
+  if (pathExists(directApp) && hasAnyDataMarkers(directApp)) {
+    return directApp;
+  }
+  const candidates = resolveCandidateAppDirs(resolvedCwd, options?.projectRoots);
+  if (candidates.length === 0) {
+    return directApp;
+  }
+  candidates.sort((left, right) => {
+    const leftScore = scoreAppCandidate(left);
+    const rightScore = scoreAppCandidate(right);
+    if (leftScore !== rightScore) {
+      return rightScore - leftScore;
+    }
+    const leftDistance = path.relative(resolvedCwd, left).split(path.sep).length;
+    const rightDistance = path.relative(resolvedCwd, right).split(path.sep).length;
+    if (leftDistance !== rightDistance) {
+      return leftDistance - rightDistance;
+    }
+    return left.localeCompare(right);
+  });
+  return candidates[0];
 }
-function getSlackSigningSecret() {
-  return toOptionalTrimmed(process.env.SLACK_SIGNING_SECRET);
+function resolveContentRoots(subdir) {
+  if (subdir === "data") {
+    return [homeDir()];
+  }
+  if (subdir === "skills") {
+    return [path.join(homeDir(), "skills"), path.resolve(process.cwd(), "skills")];
+  }
+  return [path.join(homeDir(), "plugins")];
 }
-function getSlackClientId() {
-  return toOptionalTrimmed(process.env.SLACK_CLIENT_ID);
+function dataRoots() {
+  return unique(resolveContentRoots("data"));
 }
-function getSlackClientSecret() {
-  return toOptionalTrimmed(process.env.SLACK_CLIENT_SECRET);
+function skillRoots() {
+  return unique(resolveContentRoots("skills"));
 }
-function hasRedisConfig() {
-  return Boolean(process.env.REDIS_URL);
+function pluginRoots() {
+  return unique(resolveContentRoots("plugins"));
+}
+function soulPathCandidates() {
+  const candidates = dataRoots().map((root) => path.join(root, "SOUL.md"));
+  return unique(candidates);
 }
 
-// src/chat/state.ts
-import { createRedisState } from "@chat-adapter/state-redis";
-import { createMemoryState } from "@chat-adapter/state-memory";
-var MIN_LOCK_TTL_MS = 1e3 * 60 * 5;
-var QUEUE_INGRESS_DEDUP_PREFIX = "junior:queue_ingress";
-var QUEUE_MESSAGE_PROCESSING_PREFIX = "junior:queue_message";
-var AGENT_TURN_SESSION_PREFIX = "junior:agent_turn_session";
-var QUEUE_MESSAGE_PROCESSING_TTL_MS = 30 * 60 * 1e3;
-var QUEUE_MESSAGE_COMPLETED_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
-var QUEUE_MESSAGE_FAILED_TTL_MS = 6 * 60 * 60 * 1e3;
-var AGENT_TURN_SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
-var CLAIM_OR_RECLAIM_PROCESSING_SCRIPT = `
-  local key = KEYS[1]
-  local nowMs = tonumber(ARGV[1])
-  local ttlMs = tonumber(ARGV[2])
-  local payload = ARGV[3]
-  local current = redis.call("get", key)
-
-  if not current then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 1
-  end
-
-  local ok, parsed = pcall(cjson.decode, current)
-  if not ok or type(parsed) ~= "table" then
-    return 0
-  end
-
-  local status = parsed["status"]
-  if status == "failed" then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 3
-  end
-  if status ~= "processing" then
-    return 0
-  end
-
-  local updatedAtMs = tonumber(parsed["updatedAtMs"])
-  if not updatedAtMs then
-    return 0
-  end
-
-  if updatedAtMs + ttlMs < nowMs then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 2
-  end
-
-  return 0
-`;
-var UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT = `
-  local key = KEYS[1]
-  local ownerToken = ARGV[1]
-  local ttlMs = tonumber(ARGV[2])
-  local payload = ARGV[3]
-  local current = redis.call("get", key)
-
-  if not current then
-    return 0
-  end
-
-  local ok, parsed = pcall(cjson.decode, current)
-  if not ok or type(parsed) ~= "table" then
-    return 0
-  end
-
-  local currentOwner = parsed["ownerToken"]
-  local status = parsed["status"]
-  if currentOwner ~= ownerToken then
-    return 0
-  end
-  if status ~= "processing" then
-    return 0
-  end
+// src/chat/plugins/github-app-broker.ts
+import { createPrivateKey, createSign, randomUUID } from "crypto";
 
-  redis.call("set", key, payload, "PX", ttlMs)
-  return 1
-`;
-function createQueuedStateAdapter(base) {
-  const acquireLock = async (threadId, ttlMs) => {
-    const effectiveTtlMs = Math.max(ttlMs, MIN_LOCK_TTL_MS);
-    const lock = await base.acquireLock(threadId, effectiveTtlMs);
-    return lock;
-  };
-  return {
-    connect: () => base.connect(),
-    disconnect: () => base.disconnect(),
-    subscribe: (threadId) => base.subscribe(threadId),
-    unsubscribe: (threadId) => base.unsubscribe(threadId),
-    isSubscribed: (threadId) => base.isSubscribed(threadId),
-    acquireLock,
-    releaseLock: (lock) => base.releaseLock(lock),
-    extendLock: (lock, ttlMs) => base.extendLock(lock, Math.max(ttlMs, MIN_LOCK_TTL_MS)),
-    get: (key) => base.get(key),
-    set: (key, value, ttlMs) => base.set(key, value, ttlMs),
-    setIfNotExists: (key, value, ttlMs) => base.setIfNotExists(key, value, ttlMs),
-    delete: (key) => base.delete(key)
-  };
+// src/chat/plugins/auth-token-placeholder.ts
+var DEFAULT_PLACEHOLDERS = {
+  "oauth-bearer": "host_managed_credential",
+  "github-app": "ghp_host_managed_credential"
+};
+function resolveAuthTokenPlaceholder(credentials) {
+  return credentials.authTokenPlaceholder?.trim() || DEFAULT_PLACEHOLDERS[credentials.type];
 }
-function createStateAdapter() {
-  if (process.env.JUNIOR_STATE_ADAPTER?.trim().toLowerCase() === "memory") {
-    _redisStateAdapter = void 0;
-    return createQueuedStateAdapter(createMemoryState());
+
+// src/chat/plugins/github-app-broker.ts
+var MAX_LEASE_MS = 60 * 60 * 1e3;
+function normalizeTargetScope(target) {
+  const owner = target?.owner?.trim().toLowerCase();
+  const repo = target?.repo?.trim().toLowerCase();
+  if (!owner || !repo) {
+    return "all";
   }
-  if (!hasRedisConfig()) {
-    throw new Error("REDIS_URL is required for durable Slack thread state");
-  }
-  const redisState = createRedisState({
-    url: process.env.REDIS_URL
-  });
-  _redisStateAdapter = redisState;
-  return createQueuedStateAdapter(redisState);
-}
-var _stateAdapter;
-var _redisStateAdapter;
-function getRedisStateAdapter() {
-  if (!_redisStateAdapter) {
-    getStateAdapter();
-  }
-  if (!_redisStateAdapter) {
-    throw new Error("Redis state adapter is unavailable for this runtime");
-  }
-  return _redisStateAdapter;
+  return `${owner}/${repo}`;
 }
-function queueMessageKey(rawKey) {
-  return `${QUEUE_MESSAGE_PROCESSING_PREFIX}:${rawKey}`;
+function base64Url(input) {
+  return Buffer.from(input).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function parseQueueMessageState(value) {
-  if (typeof value !== "string") {
-    return void 0;
+function normalizePrivateKey(raw) {
+  let normalized = raw.trim();
+  if (normalized.startsWith('"') && normalized.endsWith('"') || normalized.startsWith("'") && normalized.endsWith("'")) {
+    normalized = normalized.slice(1, -1);
   }
-  try {
-    const parsed = JSON.parse(value);
-    if (!parsed || parsed.status !== "processing" && parsed.status !== "completed" && parsed.status !== "failed" || typeof parsed.updatedAtMs !== "number") {
-      return void 0;
+  normalized = normalized.replace(/\r\n/g, "\n");
+  if (normalized.includes("\\n")) {
+    normalized = normalized.replace(/\\n/g, "\n");
+  }
+  if (!normalized.includes("-----BEGIN")) {
+    try {
+      const decoded = Buffer.from(normalized, "base64").toString("utf8").trim();
+      if (decoded.includes("-----BEGIN")) {
+        normalized = decoded;
+      }
+    } catch {
     }
-    return {
-      status: parsed.status,
-      updatedAtMs: parsed.updatedAtMs,
-      ...typeof parsed.ownerToken === "string" ? { ownerToken: parsed.ownerToken } : {},
-      ...typeof parsed.queueMessageId === "string" ? { queueMessageId: parsed.queueMessageId } : {},
-      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {}
-    };
-  } catch {
-    return void 0;
   }
+  return normalized;
 }
-function agentTurnSessionKey(conversationId, sessionId) {
-  return `${AGENT_TURN_SESSION_PREFIX}:${conversationId}:${sessionId}`;
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-function parseAgentTurnSessionCheckpoint(value) {
-  if (typeof value !== "string") {
-    return void 0;
+function getPrivateKey(envName) {
+  const raw = process.env[envName];
+  if (!raw) {
+    throw new Error(`Missing ${envName}`);
   }
+  const normalized = normalizePrivateKey(raw);
+  let key;
   try {
-    const parsed = JSON.parse(value);
-    if (!isRecord(parsed)) {
-      return void 0;
-    }
-    const status = parsed.state;
-    if (status !== "running" && status !== "awaiting_resume" && status !== "completed" && status !== "failed") {
-      return void 0;
-    }
-    const conversationId = parsed.conversationId;
-    const sessionId = parsed.sessionId;
-    const sliceId = parsed.sliceId;
-    const checkpointVersion = parsed.checkpointVersion;
-    const updatedAtMs = parsed.updatedAtMs;
-    if (typeof conversationId !== "string" || typeof sessionId !== "string" || typeof sliceId !== "number" || typeof checkpointVersion !== "number" || typeof updatedAtMs !== "number") {
-      return void 0;
-    }
-    return {
-      checkpointVersion,
-      conversationId,
-      sessionId,
-      sliceId,
-      state: status,
-      updatedAtMs,
-      piMessages: Array.isArray(parsed.piMessages) ? parsed.piMessages : [],
-      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {},
-      ...typeof parsed.resumedFromSliceId === "number" ? { resumedFromSliceId: parsed.resumedFromSliceId } : {}
-    };
+    key = createPrivateKey({ key: normalized, format: "pem" });
   } catch {
-    return void 0;
-  }
-}
-function getStateAdapter() {
-  if (!_stateAdapter) {
-    _stateAdapter = createStateAdapter();
-  }
-  return _stateAdapter;
-}
-async function disconnectStateAdapter() {
-  if (!_stateAdapter) {
-    return;
+    throw new Error(
+      `Invalid ${envName}: expected a PEM-encoded RSA private key (raw PEM, escaped newlines, or base64-encoded PEM)`
+    );
   }
-  try {
-    await _stateAdapter.disconnect();
-  } finally {
-    _stateAdapter = void 0;
-    _redisStateAdapter = void 0;
+  if (key.asymmetricKeyType !== "rsa") {
+    throw new Error(
+      `Invalid ${envName}: GitHub App signing requires an RSA private key`
+    );
   }
+  return key;
 }
-async function claimQueueIngressDedup(rawKey, ttlMs) {
-  await getStateAdapter().connect();
-  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
-  const result = await getRedisStateAdapter().getClient().set(key, "1", {
-    NX: true,
-    PX: ttlMs
-  });
-  return result === "OK";
-}
-async function hasQueueIngressDedup(rawKey) {
-  await getStateAdapter().connect();
-  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
-  const value = await getRedisStateAdapter().getClient().get(key);
-  return typeof value === "string" && value.length > 0;
-}
-async function getQueueMessageProcessingState(rawKey) {
-  await getStateAdapter().connect();
-  const state = await getStateAdapter().get(queueMessageKey(rawKey));
-  return parseQueueMessageState(state);
+function createAppJwt(appId, privateKeyEnv) {
+  const now = Math.floor(Date.now() / 1e3);
+  const header = { alg: "RS256", typ: "JWT" };
+  const payload = { iat: now - 60, exp: now + 9 * 60, iss: appId };
+  const encodedHeader = base64Url(JSON.stringify(header));
+  const encodedPayload = base64Url(JSON.stringify(payload));
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  const signer = createSign("RSA-SHA256");
+  signer.update(signingInput);
+  signer.end();
+  const signature = signer.sign(getPrivateKey(privateKeyEnv)).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+  return `${signingInput}.${signature}`;
 }
-async function acquireQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const key = queueMessageKey(args.rawKey);
-  const nowMs = Date.now();
-  const payload = JSON.stringify({
-    status: "processing",
-    updatedAtMs: nowMs,
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(CLAIM_OR_RECLAIM_PROCESSING_SCRIPT, {
-    keys: [key],
-    arguments: [String(nowMs), String(QUEUE_MESSAGE_PROCESSING_TTL_MS), payload]
+async function githubRequest(apiBase, path3, params) {
+  const response = await fetch(`${apiBase}${path3}`, {
+    method: params.method ?? "GET",
+    headers: {
+      Accept: "application/vnd.github+json",
+      Authorization: `Bearer ${params.token}`,
+      "X-GitHub-Api-Version": "2022-11-28",
+      ...params.body ? { "Content-Type": "application/json" } : {}
+    },
+    ...params.body ? { body: JSON.stringify(params.body) } : {}
   });
-  if (result === 1) {
-    return "acquired";
-  }
-  if (result === 2) {
-    return "reclaimed";
+  const text = await response.text();
+  let parsed = void 0;
+  if (text) {
+    try {
+      parsed = JSON.parse(text);
+    } catch {
+      parsed = void 0;
+    }
   }
-  if (result === 3) {
-    return "recovered";
+  if (!response.ok) {
+    const message = parsed && typeof parsed === "object" && "message" in parsed && typeof parsed.message === "string" ? parsed.message : `GitHub API error ${response.status}`;
+    throw new Error(message);
   }
-  return "blocked";
-}
-async function refreshQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const nowMs = Date.now();
-  const payload = JSON.stringify({
-    status: "processing",
-    updatedAtMs: nowMs,
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [args.ownerToken, String(QUEUE_MESSAGE_PROCESSING_TTL_MS), payload]
-  });
-  return result === 1;
-}
-async function completeQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const payload = JSON.stringify({
-    status: "completed",
-    updatedAtMs: Date.now(),
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [args.ownerToken, String(QUEUE_MESSAGE_COMPLETED_TTL_MS), payload]
-  });
-  return result === 1;
-}
-async function failQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const payload = JSON.stringify({
-    status: "failed",
-    updatedAtMs: Date.now(),
-    ownerToken: args.ownerToken,
-    errorMessage: args.errorMessage,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [args.ownerToken, String(QUEUE_MESSAGE_FAILED_TTL_MS), payload]
-  });
-  return result === 1;
+  return parsed;
 }
-async function getAgentTurnSessionCheckpoint(conversationId, sessionId) {
-  await getStateAdapter().connect();
-  const value = await getStateAdapter().get(agentTurnSessionKey(conversationId, sessionId));
-  return parseAgentTurnSessionCheckpoint(value);
-}
-async function upsertAgentTurnSessionCheckpoint(args) {
-  await getStateAdapter().connect();
-  const existing = await getAgentTurnSessionCheckpoint(args.conversationId, args.sessionId);
-  const checkpoint = {
-    checkpointVersion: (existing?.checkpointVersion ?? 0) + 1,
-    conversationId: args.conversationId,
-    sessionId: args.sessionId,
-    sliceId: args.sliceId,
-    state: args.state,
-    updatedAtMs: Date.now(),
-    piMessages: Array.isArray(args.piMessages) ? args.piMessages : [],
-    ...args.errorMessage ? { errorMessage: args.errorMessage } : {},
-    ...typeof args.resumedFromSliceId === "number" ? { resumedFromSliceId: args.resumedFromSliceId } : {}
-  };
-  const ttlMs = Math.max(1, args.ttlMs ?? AGENT_TURN_SESSION_TTL_MS);
-  await getStateAdapter().set(agentTurnSessionKey(args.conversationId, args.sessionId), JSON.stringify(checkpoint), ttlMs);
-  return checkpoint;
-}
-
-// src/chat/sandbox/runtime-dependency-snapshots.ts
-import { createHash } from "crypto";
-import { Sandbox } from "@vercel/sandbox";
-
-// src/chat/plugins/registry.ts
-import { readFileSync, readdirSync, statSync } from "fs";
-import path2 from "path";
-import { parse as parseYaml } from "yaml";
-
-// src/chat/home.ts
-import fs from "fs";
-import path from "path";
-function homeDir() {
-  return resolveHomeDir();
-}
-function unique(values) {
-  return [...new Set(values)];
-}
-function pathExists(targetPath) {
-  try {
-    fs.accessSync(targetPath);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function hasAnyDataMarkers(appDir) {
-  return pathExists(path.join(appDir, "SOUL.md"));
-}
-function scoreAppCandidate(appDir) {
-  let score = 0;
-  if (pathExists(path.join(appDir, "SOUL.md"))) {
-    score += 4;
-  }
-  if (pathExists(path.join(appDir, "ABOUT.md"))) {
-    score += 2;
-  }
-  if (pathExists(path.join(appDir, "skills"))) {
-    score += 1;
-  }
-  if (pathExists(path.join(appDir, "plugins"))) {
-    score += 1;
-  }
-  return score;
-}
-function resolveCandidateAppDirs(cwd, projectRoots) {
-  const roots = projectRoots ?? discoverProjectRoots(cwd);
-  const resolved = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const root of roots) {
-    const appDir = path.resolve(root, "app");
-    if (!pathExists(appDir)) {
-      continue;
-    }
-    if (seen.has(appDir)) {
-      continue;
-    }
-    seen.add(appDir);
-    resolved.push(appDir);
-  }
-  return resolved;
-}
-function resolveHomeDir(cwd = process.cwd(), options) {
-  const resolvedCwd = path.resolve(cwd);
-  const directApp = path.resolve(resolvedCwd, "app");
-  if (pathExists(directApp) && hasAnyDataMarkers(directApp)) {
-    return directApp;
-  }
-  const candidates = resolveCandidateAppDirs(resolvedCwd, options?.projectRoots);
-  if (candidates.length === 0) {
-    return directApp;
-  }
-  candidates.sort((left, right) => {
-    const leftScore = scoreAppCandidate(left);
-    const rightScore = scoreAppCandidate(right);
-    if (leftScore !== rightScore) {
-      return rightScore - leftScore;
-    }
-    const leftDistance = path.relative(resolvedCwd, left).split(path.sep).length;
-    const rightDistance = path.relative(resolvedCwd, right).split(path.sep).length;
-    if (leftDistance !== rightDistance) {
-      return leftDistance - rightDistance;
-    }
-    return left.localeCompare(right);
-  });
-  return candidates[0];
-}
-function resolveContentRoots(subdir) {
-  if (subdir === "data") {
-    return [homeDir()];
-  }
-  if (subdir === "skills") {
-    return [path.join(homeDir(), "skills"), path.resolve(process.cwd(), "skills")];
-  }
-  return [path.join(homeDir(), "plugins")];
-}
-function dataRoots() {
-  return unique(resolveContentRoots("data"));
-}
-function skillRoots() {
-  return unique(resolveContentRoots("skills"));
-}
-function pluginRoots() {
-  return unique(resolveContentRoots("plugins"));
-}
-function soulPathCandidates() {
-  const candidates = dataRoots().map((root) => path.join(root, "SOUL.md"));
-  return unique(candidates);
-}
-
-// src/chat/plugins/github-app-broker.ts
-import { createPrivateKey, createSign, randomUUID } from "crypto";
-
-// src/chat/plugins/auth-token-placeholder.ts
-var DEFAULT_PLACEHOLDERS = {
-  "oauth-bearer": "host_managed_credential",
-  "github-app": "ghp_host_managed_credential"
-};
-function resolveAuthTokenPlaceholder(credentials) {
-  return credentials.authTokenPlaceholder?.trim() || DEFAULT_PLACEHOLDERS[credentials.type];
-}
-
-// src/chat/plugins/github-app-broker.ts
-var MAX_LEASE_MS = 60 * 60 * 1e3;
-function normalizeTargetScope(target) {
-  const owner = target?.owner?.trim().toLowerCase();
-  const repo = target?.repo?.trim().toLowerCase();
-  if (!owner || !repo) {
-    return "all";
-  }
-  return `${owner}/${repo}`;
-}
-function base64Url(input) {
-  return Buffer.from(input).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function normalizePrivateKey(raw) {
-  let normalized = raw.trim();
-  if (normalized.startsWith('"') && normalized.endsWith('"') || normalized.startsWith("'") && normalized.endsWith("'")) {
-    normalized = normalized.slice(1, -1);
-  }
-  normalized = normalized.replace(/\r\n/g, "\n");
-  if (normalized.includes("\\n")) {
-    normalized = normalized.replace(/\\n/g, "\n");
-  }
-  if (!normalized.includes("-----BEGIN")) {
-    try {
-      const decoded = Buffer.from(normalized, "base64").toString("utf8").trim();
-      if (decoded.includes("-----BEGIN")) {
-        normalized = decoded;
-      }
-    } catch {
-    }
-  }
-  return normalized;
-}
-function getPrivateKey(envName) {
-  const raw = process.env[envName];
-  if (!raw) {
-    throw new Error(`Missing ${envName}`);
-  }
-  const normalized = normalizePrivateKey(raw);
-  let key;
-  try {
-    key = createPrivateKey({ key: normalized, format: "pem" });
-  } catch {
-    throw new Error(
-      `Invalid ${envName}: expected a PEM-encoded RSA private key (raw PEM, escaped newlines, or base64-encoded PEM)`
-    );
-  }
-  if (key.asymmetricKeyType !== "rsa") {
-    throw new Error(
-      `Invalid ${envName}: GitHub App signing requires an RSA private key`
-    );
-  }
-  return key;
-}
-function createAppJwt(appId, privateKeyEnv) {
-  const now = Math.floor(Date.now() / 1e3);
-  const header = { alg: "RS256", typ: "JWT" };
-  const payload = { iat: now - 60, exp: now + 9 * 60, iss: appId };
-  const encodedHeader = base64Url(JSON.stringify(header));
-  const encodedPayload = base64Url(JSON.stringify(payload));
-  const signingInput = `${encodedHeader}.${encodedPayload}`;
-  const signer = createSign("RSA-SHA256");
-  signer.update(signingInput);
-  signer.end();
-  const signature = signer.sign(getPrivateKey(privateKeyEnv)).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-  return `${signingInput}.${signature}`;
-}
-async function githubRequest(apiBase, path3, params) {
-  const response = await fetch(`${apiBase}${path3}`, {
-    method: params.method ?? "GET",
-    headers: {
-      Accept: "application/vnd.github+json",
-      Authorization: `Bearer ${params.token}`,
-      "X-GitHub-Api-Version": "2022-11-28",
-      ...params.body ? { "Content-Type": "application/json" } : {}
-    },
-    ...params.body ? { body: JSON.stringify(params.body) } : {}
-  });
-  const text = await response.text();
-  let parsed = void 0;
-  if (text) {
-    try {
-      parsed = JSON.parse(text);
-    } catch {
-      parsed = void 0;
-    }
-  }
-  if (!response.ok) {
-    const message = parsed && typeof parsed === "object" && "message" in parsed && typeof parsed.message === "string" ? parsed.message : `GitHub API error ${response.status}`;
-    throw new Error(message);
-  }
-  return parsed;
-}
-function capabilityToPermissions(capability, pluginName) {
-  if (capability === `${pluginName}.issues.read`) {
-    return { issues: "read" };
-  }
-  if (capability === `${pluginName}.issues.write` || capability === `${pluginName}.issues.comment` || capability === `${pluginName}.labels.write`) {
-    return { issues: "write" };
-  }
-  throw new Error(`Unsupported GitHub capability: ${capability}`);
+function capabilityToPermissions(capability, pluginName) {
+  if (capability === `${pluginName}.issues.read`) {
+    return { issues: "read" };
+  }
+  if (capability === `${pluginName}.issues.write` || capability === `${pluginName}.issues.comment` || capability === `${pluginName}.labels.write`) {
+    return { issues: "write" };
+  }
+  throw new Error(`Unsupported GitHub capability: ${capability}`);
 }
 function createGitHubAppBroker(manifest, credentials) {
   const tokenCache = /* @__PURE__ */ new Map();
@@ -1525,119 +1146,498 @@ function loadPlugins() {
 function ensurePluginsLoaded() {
   loadPlugins();
 }
-loadPlugins();
-function getPluginCapabilityProviders() {
-  ensurePluginsLoaded();
-  return pluginDefinitions.map((plugin) => ({
-    provider: plugin.manifest.name,
-    capabilities: [...plugin.manifest.capabilities],
-    configKeys: [...plugin.manifest.configKeys],
-    ...plugin.manifest.target ? { target: { ...plugin.manifest.target } } : {}
-  }));
+loadPlugins();
+function getPluginCapabilityProviders() {
+  ensurePluginsLoaded();
+  return pluginDefinitions.map((plugin) => ({
+    provider: plugin.manifest.name,
+    capabilities: [...plugin.manifest.capabilities],
+    configKeys: [...plugin.manifest.configKeys],
+    ...plugin.manifest.target ? { target: { ...plugin.manifest.target } } : {}
+  }));
+}
+function getPluginProviders() {
+  ensurePluginsLoaded();
+  return [...pluginDefinitions];
+}
+function getPluginRuntimeDependencies() {
+  ensurePluginsLoaded();
+  const seen = /* @__PURE__ */ new Set();
+  const deps = [];
+  for (const plugin of pluginDefinitions) {
+    for (const dep of plugin.manifest.runtimeDependencies ?? []) {
+      const key = dep.type === "npm" ? `${dep.type}:${dep.package}:${dep.version}` : "package" in dep ? `${dep.type}:package:${dep.package}` : `${dep.type}:url:${dep.url}:${dep.sha256}`;
+      if (seen.has(key)) {
+        continue;
+      }
+      seen.add(key);
+      deps.push(dep);
+    }
+  }
+  return deps.sort((left, right) => {
+    if (left.type !== right.type) {
+      return left.type.localeCompare(right.type);
+    }
+    const leftIdentity = "package" in left ? `package:${left.package}` : `url:${left.url}:${left.sha256}`;
+    const rightIdentity = "package" in right ? `package:${right.package}` : `url:${right.url}:${right.sha256}`;
+    if (leftIdentity !== rightIdentity) {
+      return leftIdentity.localeCompare(rightIdentity);
+    }
+    if (left.type === "npm" && right.type === "npm") {
+      return left.version.localeCompare(right.version);
+    }
+    return 0;
+  });
+}
+function getPluginRuntimePostinstall() {
+  ensurePluginsLoaded();
+  const commands = [];
+  for (const plugin of pluginDefinitions) {
+    for (const command of plugin.manifest.runtimePostinstall ?? []) {
+      commands.push({
+        cmd: command.cmd,
+        ...command.args ? { args: [...command.args] } : {},
+        ...command.sudo !== void 0 ? { sudo: command.sudo } : {}
+      });
+    }
+  }
+  return commands;
+}
+function getPluginOAuthConfig(provider) {
+  ensurePluginsLoaded();
+  const plugin = pluginsByName.get(provider);
+  if (!plugin?.manifest.oauth) return void 0;
+  const oauth = plugin.manifest.oauth;
+  return {
+    clientIdEnv: oauth.clientIdEnv,
+    clientSecretEnv: oauth.clientSecretEnv,
+    authorizeEndpoint: oauth.authorizeEndpoint,
+    tokenEndpoint: oauth.tokenEndpoint,
+    ...oauth.scope ? { scope: oauth.scope } : {},
+    ...oauth.authorizeParams ? { authorizeParams: { ...oauth.authorizeParams } } : {},
+    ...oauth.tokenAuthMethod ? { tokenAuthMethod: oauth.tokenAuthMethod } : {},
+    ...oauth.tokenExtraHeaders ? { tokenExtraHeaders: { ...oauth.tokenExtraHeaders } } : {},
+    callbackPath: `/api/oauth/callback/${plugin.manifest.name}`
+  };
+}
+function getPluginSkillRoots() {
+  ensurePluginsLoaded();
+  return [
+    .../* @__PURE__ */ new Set([
+      ...pluginDefinitions.map((plugin) => plugin.skillsDir),
+      ...packageSkillRoots
+    ])
+  ];
+}
+function isPluginProvider(provider) {
+  ensurePluginsLoaded();
+  return pluginsByName.has(provider);
+}
+function createPluginBroker(provider, deps) {
+  ensurePluginsLoaded();
+  const plugin = pluginsByName.get(provider);
+  if (!plugin) {
+    throw new Error(`Unknown plugin provider: "${provider}"`);
+  }
+  const { credentials, name } = plugin.manifest;
+  if (!credentials) {
+    throw new Error(`Provider "${name}" has no credentials configured`);
+  }
+  let broker;
+  if (credentials.type === "oauth-bearer") {
+    broker = createOAuthBearerBroker(plugin.manifest, credentials, deps);
+  } else if (credentials.type === "github-app") {
+    broker = createGitHubAppBroker(plugin.manifest, credentials);
+  } else {
+    throw new Error(`Unsupported credentials type for plugin "${name}"`);
+  }
+  setSpanAttributes({
+    "app.plugin.name": name,
+    "app.plugin.capabilities": plugin.manifest.capabilities,
+    "app.plugin.has_oauth": Boolean(plugin.manifest.oauth)
+  });
+  return broker;
+}
+
+// src/chat/config.ts
+var MIN_AGENT_TURN_TIMEOUT_MS = 10 * 1e3;
+var DEFAULT_AGENT_TURN_TIMEOUT_MS = 12 * 60 * 1e3;
+var DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS = 800;
+var TURN_TIMEOUT_BUFFER_SECONDS = 20;
+function parseAgentTurnTimeoutMs(rawValue, maxTimeoutMs) {
+  const value = Number.parseInt(rawValue ?? "", 10);
+  if (Number.isNaN(value)) {
+    return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(DEFAULT_AGENT_TURN_TIMEOUT_MS, maxTimeoutMs));
+  }
+  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(value, maxTimeoutMs));
+}
+function resolveQueueCallbackMaxDurationSeconds() {
+  const value = Number.parseInt(process.env.QUEUE_CALLBACK_MAX_DURATION_SECONDS ?? "", 10);
+  if (Number.isNaN(value) || value <= 0) {
+    return DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS;
+  }
+  return value;
+}
+function resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds) {
+  const budgetSeconds = queueCallbackMaxDurationSeconds - TURN_TIMEOUT_BUFFER_SECONDS;
+  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, budgetSeconds * 1e3);
+}
+function buildBotConfig() {
+  const queueCallbackMaxDurationSeconds = resolveQueueCallbackMaxDurationSeconds();
+  const maxTurnTimeoutMs = resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds);
+  return {
+    userName: process.env.JUNIOR_BOT_NAME ?? "junior",
+    modelId: process.env.AI_MODEL ?? "anthropic/claude-sonnet-4.6",
+    fastModelId: process.env.AI_FAST_MODEL ?? process.env.AI_MODEL ?? "anthropic/claude-haiku-4.5",
+    turnTimeoutMs: parseAgentTurnTimeoutMs(process.env.AGENT_TURN_TIMEOUT_MS, maxTurnTimeoutMs)
+  };
+}
+var botConfig = buildBotConfig();
+function toOptionalTrimmed(value) {
+  if (!value) {
+    return void 0;
+  }
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function getSlackBotToken() {
+  return toOptionalTrimmed(process.env.SLACK_BOT_TOKEN) ?? toOptionalTrimmed(process.env.SLACK_BOT_USER_TOKEN);
+}
+function getSlackSigningSecret() {
+  return toOptionalTrimmed(process.env.SLACK_SIGNING_SECRET);
+}
+function getSlackClientId() {
+  return toOptionalTrimmed(process.env.SLACK_CLIENT_ID);
+}
+function getSlackClientSecret() {
+  return toOptionalTrimmed(process.env.SLACK_CLIENT_SECRET);
+}
+function hasRedisConfig() {
+  return Boolean(process.env.REDIS_URL);
+}
+
+// src/chat/state.ts
+import { createRedisState } from "@chat-adapter/state-redis";
+import { createMemoryState } from "@chat-adapter/state-memory";
+var MIN_LOCK_TTL_MS = 1e3 * 60 * 5;
+var QUEUE_INGRESS_DEDUP_PREFIX = "junior:queue_ingress";
+var QUEUE_MESSAGE_PROCESSING_PREFIX = "junior:queue_message";
+var AGENT_TURN_SESSION_PREFIX = "junior:agent_turn_session";
+var QUEUE_MESSAGE_PROCESSING_TTL_MS = 30 * 60 * 1e3;
+var QUEUE_MESSAGE_COMPLETED_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
+var QUEUE_MESSAGE_FAILED_TTL_MS = 6 * 60 * 60 * 1e3;
+var AGENT_TURN_SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
+var CLAIM_OR_RECLAIM_PROCESSING_SCRIPT = `
+  local key = KEYS[1]
+  local nowMs = tonumber(ARGV[1])
+  local ttlMs = tonumber(ARGV[2])
+  local payload = ARGV[3]
+  local current = redis.call("get", key)
+
+  if not current then
+    redis.call("set", key, payload, "PX", ttlMs)
+    return 1
+  end
+
+  local ok, parsed = pcall(cjson.decode, current)
+  if not ok or type(parsed) ~= "table" then
+    return 0
+  end
+
+  local status = parsed["status"]
+  if status == "failed" then
+    redis.call("set", key, payload, "PX", ttlMs)
+    return 3
+  end
+  if status ~= "processing" then
+    return 0
+  end
+
+  local updatedAtMs = tonumber(parsed["updatedAtMs"])
+  if not updatedAtMs then
+    return 0
+  end
+
+  if updatedAtMs + ttlMs < nowMs then
+    redis.call("set", key, payload, "PX", ttlMs)
+    return 2
+  end
+
+  return 0
+`;
+var UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT = `
+  local key = KEYS[1]
+  local ownerToken = ARGV[1]
+  local ttlMs = tonumber(ARGV[2])
+  local payload = ARGV[3]
+  local current = redis.call("get", key)
+
+  if not current then
+    return 0
+  end
+
+  local ok, parsed = pcall(cjson.decode, current)
+  if not ok or type(parsed) ~= "table" then
+    return 0
+  end
+
+  local currentOwner = parsed["ownerToken"]
+  local status = parsed["status"]
+  if currentOwner ~= ownerToken then
+    return 0
+  end
+  if status ~= "processing" then
+    return 0
+  end
+
+  redis.call("set", key, payload, "PX", ttlMs)
+  return 1
+`;
+function createQueuedStateAdapter(base) {
+  const acquireLock = async (threadId, ttlMs) => {
+    const effectiveTtlMs = Math.max(ttlMs, MIN_LOCK_TTL_MS);
+    const lock = await base.acquireLock(threadId, effectiveTtlMs);
+    return lock;
+  };
+  return {
+    connect: () => base.connect(),
+    disconnect: () => base.disconnect(),
+    subscribe: (threadId) => base.subscribe(threadId),
+    unsubscribe: (threadId) => base.unsubscribe(threadId),
+    isSubscribed: (threadId) => base.isSubscribed(threadId),
+    acquireLock,
+    releaseLock: (lock) => base.releaseLock(lock),
+    extendLock: (lock, ttlMs) => base.extendLock(lock, Math.max(ttlMs, MIN_LOCK_TTL_MS)),
+    get: (key) => base.get(key),
+    set: (key, value, ttlMs) => base.set(key, value, ttlMs),
+    setIfNotExists: (key, value, ttlMs) => base.setIfNotExists(key, value, ttlMs),
+    delete: (key) => base.delete(key)
+  };
+}
+function createStateAdapter() {
+  if (process.env.JUNIOR_STATE_ADAPTER?.trim().toLowerCase() === "memory") {
+    _redisStateAdapter = void 0;
+    return createQueuedStateAdapter(createMemoryState());
+  }
+  if (!hasRedisConfig()) {
+    throw new Error("REDIS_URL is required for durable Slack thread state");
+  }
+  const redisState = createRedisState({
+    url: process.env.REDIS_URL
+  });
+  _redisStateAdapter = redisState;
+  return createQueuedStateAdapter(redisState);
+}
+var _stateAdapter;
+var _redisStateAdapter;
+function getRedisStateAdapter() {
+  if (!_redisStateAdapter) {
+    getStateAdapter();
+  }
+  if (!_redisStateAdapter) {
+    throw new Error("Redis state adapter is unavailable for this runtime");
+  }
+  return _redisStateAdapter;
+}
+function queueMessageKey(rawKey) {
+  return `${QUEUE_MESSAGE_PROCESSING_PREFIX}:${rawKey}`;
+}
+function parseQueueMessageState(value) {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  try {
+    const parsed = JSON.parse(value);
+    if (!parsed || parsed.status !== "processing" && parsed.status !== "completed" && parsed.status !== "failed" || typeof parsed.updatedAtMs !== "number") {
+      return void 0;
+    }
+    return {
+      status: parsed.status,
+      updatedAtMs: parsed.updatedAtMs,
+      ...typeof parsed.ownerToken === "string" ? { ownerToken: parsed.ownerToken } : {},
+      ...typeof parsed.queueMessageId === "string" ? { queueMessageId: parsed.queueMessageId } : {},
+      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {}
+    };
+  } catch {
+    return void 0;
+  }
+}
+function agentTurnSessionKey(conversationId, sessionId) {
+  return `${AGENT_TURN_SESSION_PREFIX}:${conversationId}:${sessionId}`;
 }
-function getPluginProviders() {
-  ensurePluginsLoaded();
-  return [...pluginDefinitions];
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
 }
-function getPluginRuntimeDependencies() {
-  ensurePluginsLoaded();
-  const seen = /* @__PURE__ */ new Set();
-  const deps = [];
-  for (const plugin of pluginDefinitions) {
-    for (const dep of plugin.manifest.runtimeDependencies ?? []) {
-      const key = dep.type === "npm" ? `${dep.type}:${dep.package}:${dep.version}` : "package" in dep ? `${dep.type}:package:${dep.package}` : `${dep.type}:url:${dep.url}:${dep.sha256}`;
-      if (seen.has(key)) {
-        continue;
-      }
-      seen.add(key);
-      deps.push(dep);
-    }
+function parseAgentTurnSessionCheckpoint(value) {
+  if (typeof value !== "string") {
+    return void 0;
   }
-  return deps.sort((left, right) => {
-    if (left.type !== right.type) {
-      return left.type.localeCompare(right.type);
+  try {
+    const parsed = JSON.parse(value);
+    if (!isRecord(parsed)) {
+      return void 0;
     }
-    const leftIdentity = "package" in left ? `package:${left.package}` : `url:${left.url}:${left.sha256}`;
-    const rightIdentity = "package" in right ? `package:${right.package}` : `url:${right.url}:${right.sha256}`;
-    if (leftIdentity !== rightIdentity) {
-      return leftIdentity.localeCompare(rightIdentity);
+    const status = parsed.state;
+    if (status !== "running" && status !== "awaiting_resume" && status !== "completed" && status !== "failed") {
+      return void 0;
     }
-    if (left.type === "npm" && right.type === "npm") {
-      return left.version.localeCompare(right.version);
+    const conversationId = parsed.conversationId;
+    const sessionId = parsed.sessionId;
+    const sliceId = parsed.sliceId;
+    const checkpointVersion = parsed.checkpointVersion;
+    const updatedAtMs = parsed.updatedAtMs;
+    if (typeof conversationId !== "string" || typeof sessionId !== "string" || typeof sliceId !== "number" || typeof checkpointVersion !== "number" || typeof updatedAtMs !== "number") {
+      return void 0;
     }
-    return 0;
-  });
+    return {
+      checkpointVersion,
+      conversationId,
+      sessionId,
+      sliceId,
+      state: status,
+      updatedAtMs,
+      piMessages: Array.isArray(parsed.piMessages) ? parsed.piMessages : [],
+      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {},
+      ...typeof parsed.resumedFromSliceId === "number" ? { resumedFromSliceId: parsed.resumedFromSliceId } : {}
+    };
+  } catch {
+    return void 0;
+  }
 }
-function getPluginRuntimePostinstall() {
-  ensurePluginsLoaded();
-  const commands = [];
-  for (const plugin of pluginDefinitions) {
-    for (const command of plugin.manifest.runtimePostinstall ?? []) {
-      commands.push({
-        cmd: command.cmd,
-        ...command.args ? { args: [...command.args] } : {},
-        ...command.sudo !== void 0 ? { sudo: command.sudo } : {}
-      });
-    }
+function getStateAdapter() {
+  if (!_stateAdapter) {
+    _stateAdapter = createStateAdapter();
   }
-  return commands;
+  return _stateAdapter;
 }
-function getPluginOAuthConfig(provider) {
-  ensurePluginsLoaded();
-  const plugin = pluginsByName.get(provider);
-  if (!plugin?.manifest.oauth) return void 0;
-  const oauth = plugin.manifest.oauth;
-  return {
-    clientIdEnv: oauth.clientIdEnv,
-    clientSecretEnv: oauth.clientSecretEnv,
-    authorizeEndpoint: oauth.authorizeEndpoint,
-    tokenEndpoint: oauth.tokenEndpoint,
-    ...oauth.scope ? { scope: oauth.scope } : {},
-    ...oauth.authorizeParams ? { authorizeParams: { ...oauth.authorizeParams } } : {},
-    ...oauth.tokenAuthMethod ? { tokenAuthMethod: oauth.tokenAuthMethod } : {},
-    ...oauth.tokenExtraHeaders ? { tokenExtraHeaders: { ...oauth.tokenExtraHeaders } } : {},
-    callbackPath: `/api/oauth/callback/${plugin.manifest.name}`
-  };
+async function disconnectStateAdapter() {
+  if (!_stateAdapter) {
+    return;
+  }
+  try {
+    await _stateAdapter.disconnect();
+  } finally {
+    _stateAdapter = void 0;
+    _redisStateAdapter = void 0;
+  }
 }
-function getPluginSkillRoots() {
-  ensurePluginsLoaded();
-  return [
-    .../* @__PURE__ */ new Set([
-      ...pluginDefinitions.map((plugin) => plugin.skillsDir),
-      ...packageSkillRoots
-    ])
-  ];
+async function claimQueueIngressDedup(rawKey, ttlMs) {
+  await getStateAdapter().connect();
+  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
+  const result = await getRedisStateAdapter().getClient().set(key, "1", {
+    NX: true,
+    PX: ttlMs
+  });
+  return result === "OK";
 }
-function isPluginProvider(provider) {
-  ensurePluginsLoaded();
-  return pluginsByName.has(provider);
+async function hasQueueIngressDedup(rawKey) {
+  await getStateAdapter().connect();
+  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
+  const value = await getRedisStateAdapter().getClient().get(key);
+  return typeof value === "string" && value.length > 0;
 }
-function createPluginBroker(provider, deps) {
-  ensurePluginsLoaded();
-  const plugin = pluginsByName.get(provider);
-  if (!plugin) {
-    throw new Error(`Unknown plugin provider: "${provider}"`);
+async function getQueueMessageProcessingState(rawKey) {
+  await getStateAdapter().connect();
+  const state = await getStateAdapter().get(queueMessageKey(rawKey));
+  return parseQueueMessageState(state);
+}
+async function acquireQueueMessageProcessingOwnership(args) {
+  await getStateAdapter().connect();
+  const key = queueMessageKey(args.rawKey);
+  const nowMs = Date.now();
+  const payload = JSON.stringify({
+    status: "processing",
+    updatedAtMs: nowMs,
+    ownerToken: args.ownerToken,
+    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
+  });
+  const result = await getRedisStateAdapter().getClient().eval(CLAIM_OR_RECLAIM_PROCESSING_SCRIPT, {
+    keys: [key],
+    arguments: [String(nowMs), String(QUEUE_MESSAGE_PROCESSING_TTL_MS), payload]
+  });
+  if (result === 1) {
+    return "acquired";
   }
-  const { credentials, name } = plugin.manifest;
-  if (!credentials) {
-    throw new Error(`Provider "${name}" has no credentials configured`);
+  if (result === 2) {
+    return "reclaimed";
   }
-  let broker;
-  if (credentials.type === "oauth-bearer") {
-    broker = createOAuthBearerBroker(plugin.manifest, credentials, deps);
-  } else if (credentials.type === "github-app") {
-    broker = createGitHubAppBroker(plugin.manifest, credentials);
-  } else {
-    throw new Error(`Unsupported credentials type for plugin "${name}"`);
+  if (result === 3) {
+    return "recovered";
   }
-  setSpanAttributes({
-    "app.plugin.name": name,
-    "app.plugin.capabilities": plugin.manifest.capabilities,
-    "app.plugin.has_oauth": Boolean(plugin.manifest.oauth)
+  return "blocked";
+}
+async function refreshQueueMessageProcessingOwnership(args) {
+  await getStateAdapter().connect();
+  const nowMs = Date.now();
+  const payload = JSON.stringify({
+    status: "processing",
+    updatedAtMs: nowMs,
+    ownerToken: args.ownerToken,
+    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
   });
-  return broker;
+  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
+    keys: [queueMessageKey(args.rawKey)],
+    arguments: [args.ownerToken, String(QUEUE_MESSAGE_PROCESSING_TTL_MS), payload]
+  });
+  return result === 1;
+}
+async function completeQueueMessageProcessingOwnership(args) {
+  await getStateAdapter().connect();
+  const payload = JSON.stringify({
+    status: "completed",
+    updatedAtMs: Date.now(),
+    ownerToken: args.ownerToken,
+    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
+  });
+  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
+    keys: [queueMessageKey(args.rawKey)],
+    arguments: [args.ownerToken, String(QUEUE_MESSAGE_COMPLETED_TTL_MS), payload]
+  });
+  return result === 1;
+}
+async function failQueueMessageProcessingOwnership(args) {
+  await getStateAdapter().connect();
+  const payload = JSON.stringify({
+    status: "failed",
+    updatedAtMs: Date.now(),
+    ownerToken: args.ownerToken,
+    errorMessage: args.errorMessage,
+    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
+  });
+  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
+    keys: [queueMessageKey(args.rawKey)],
+    arguments: [args.ownerToken, String(QUEUE_MESSAGE_FAILED_TTL_MS), payload]
+  });
+  return result === 1;
+}
+async function getAgentTurnSessionCheckpoint(conversationId, sessionId) {
+  await getStateAdapter().connect();
+  const value = await getStateAdapter().get(agentTurnSessionKey(conversationId, sessionId));
+  return parseAgentTurnSessionCheckpoint(value);
+}
+async function upsertAgentTurnSessionCheckpoint(args) {
+  await getStateAdapter().connect();
+  const existing = await getAgentTurnSessionCheckpoint(args.conversationId, args.sessionId);
+  const checkpoint = {
+    checkpointVersion: (existing?.checkpointVersion ?? 0) + 1,
+    conversationId: args.conversationId,
+    sessionId: args.sessionId,
+    sliceId: args.sliceId,
+    state: args.state,
+    updatedAtMs: Date.now(),
+    piMessages: Array.isArray(args.piMessages) ? args.piMessages : [],
+    ...args.errorMessage ? { errorMessage: args.errorMessage } : {},
+    ...typeof args.resumedFromSliceId === "number" ? { resumedFromSliceId: args.resumedFromSliceId } : {}
+  };
+  const ttlMs = Math.max(1, args.ttlMs ?? AGENT_TURN_SESSION_TTL_MS);
+  await getStateAdapter().set(agentTurnSessionKey(args.conversationId, args.sessionId), JSON.stringify(checkpoint), ttlMs);
+  return checkpoint;
 }
 
+// src/chat/sandbox/runtime-dependency-snapshots.ts
+import { createHash } from "crypto";
+import { Sandbox } from "@vercel/sandbox";
+
 // src/chat/sandbox/paths.ts
 function normalizeWorkspaceRoot(input) {
   const candidate = (input ?? "").trim();
@@ -2202,6 +2202,8 @@ export {
   parseOAuthTokenResponse,
   getPluginCapabilityProviders,
   getPluginProviders,
+  getPluginRuntimeDependencies,
+  getPluginRuntimePostinstall,
   getPluginOAuthConfig,
   getPluginSkillRoots,
   isPluginProvider,