npm - @sentry/junior - Versions diffs - 0.8.0 → 0.9.1 - Mend

@sentry/junior 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/chunk-7GLBFSWP.js +839 -0
package/dist/{chunk-OGLG4WAL.js → chunk-JNHYSCAO.js} +11346 -9421
package/dist/{chunk-Z5E25LRN.js → chunk-KCLEEKYX.js} +124 -17
package/dist/{chunk-NNYZHUWR.js → chunk-T7BIFBYH.js} +15 -6
package/dist/chunk-UPCIISWE.js +678 -0
package/dist/chunk-VM3CPAZF.js +448 -0
package/dist/chunk-ZBWWHP6Q.js +1436 -0
package/dist/{chunk-PY4AI2GZ.js → chunk-ZW4OVKF5.js} +376 -79
package/dist/cli/check.js +4 -2
package/dist/cli/snapshot-warmup.js +7 -6
package/dist/handlers/queue-callback.js +7 -7
package/dist/handlers/router.d.ts +1 -0
package/dist/handlers/router.js +523 -85
package/dist/handlers/webhooks.js +2 -2
package/dist/next-config.js +1 -1
package/dist/production-PPQEQOPO.js +15 -0
package/package.json +12 -14
package/dist/bot-7SE3TX37.js +0 -19
package/dist/chunk-H3ZG43WE.js +0 -330
package/dist/chunk-KT5HARSN.js +0 -164
package/dist/chunk-RKOO42TW.js +0 -1797
package/dist/chunk-VW26MOSO.js +0 -522

package/dist/chunk-RKOO42TW.js DELETED Viewed

@@ -1,1797 +0,0 @@
-import {
-  discoverInstalledPluginPackageContent,
-  discoverProjectRoots
-} from "./chunk-Z5E25LRN.js";
-import {
-  logInfo,
-  logWarn,
-  setSpanAttributes,
-  withSpan
-} from "./chunk-PY4AI2GZ.js";
-import {
-  parsePluginManifest
-} from "./chunk-VW26MOSO.js";
-// src/chat/plugins/registry.ts
-import { readFileSync, readdirSync, statSync } from "fs";
-import path2 from "path";
-// src/chat/home.ts
-import fs from "fs";
-import path from "path";
-function homeDir() {
-  return resolveHomeDir();
-}
-function unique(values) {
-  return [...new Set(values)];
-}
-function pathExists(targetPath) {
-  try {
-    fs.accessSync(targetPath);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function hasAnyDataMarkers(appDir) {
-  return pathExists(path.join(appDir, "SOUL.md")) || pathExists(path.join(appDir, "ABOUT.md"));
-}
-function scoreAppCandidate(appDir) {
-  let score = 0;
-  if (pathExists(path.join(appDir, "SOUL.md"))) {
-    score += 4;
-  }
-  if (pathExists(path.join(appDir, "ABOUT.md"))) {
-    score += 2;
-  }
-  if (pathExists(path.join(appDir, "skills"))) {
-    score += 1;
-  }
-  if (pathExists(path.join(appDir, "plugins"))) {
-    score += 1;
-  }
-  return score;
-}
-function resolveCandidateAppDirs(cwd, projectRoots) {
-  const roots = projectRoots ?? discoverProjectRoots(cwd);
-  const resolved = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const root of roots) {
-    const appDir = path.resolve(root, "app");
-    if (!pathExists(appDir)) {
-      continue;
-    }
-    if (seen.has(appDir)) {
-      continue;
-    }
-    seen.add(appDir);
-    resolved.push(appDir);
-  }
-  return resolved;
-}
-function resolveHomeDir(cwd = process.cwd(), options) {
-  const resolvedCwd = path.resolve(cwd);
-  const directApp = path.resolve(resolvedCwd, "app");
-  if (pathExists(directApp) && hasAnyDataMarkers(directApp)) {
-    return directApp;
-  }
-  const candidates = resolveCandidateAppDirs(
-    resolvedCwd,
-    options?.projectRoots
-  );
-  if (candidates.length === 0) {
-    return directApp;
-  }
-  candidates.sort((left, right) => {
-    const leftScore = scoreAppCandidate(left);
-    const rightScore = scoreAppCandidate(right);
-    if (leftScore !== rightScore) {
-      return rightScore - leftScore;
-    }
-    const leftDistance = path.relative(resolvedCwd, left).split(path.sep).length;
-    const rightDistance = path.relative(resolvedCwd, right).split(path.sep).length;
-    if (leftDistance !== rightDistance) {
-      return leftDistance - rightDistance;
-    }
-    return left.localeCompare(right);
-  });
-  return candidates[0];
-}
-function resolveContentRoots(subdir) {
-  if (subdir === "data") {
-    return [homeDir()];
-  }
-  return [path.join(homeDir(), subdir)];
-}
-function dataRoots() {
-  return unique(resolveContentRoots("data"));
-}
-function skillRoots() {
-  return unique(resolveContentRoots("skills"));
-}
-function pluginRoots() {
-  return unique(resolveContentRoots("plugins"));
-}
-function soulPathCandidates() {
-  const candidates = dataRoots().map((root) => path.join(root, "SOUL.md"));
-  return unique(candidates);
-}
-function aboutPathCandidates() {
-  const candidates = dataRoots().map((root) => path.join(root, "ABOUT.md"));
-  return unique(candidates);
-}
-// src/chat/plugins/github-app-broker.ts
-import { createPrivateKey, createSign, randomUUID } from "crypto";
-// src/chat/plugins/auth-token-placeholder.ts
-var DEFAULT_PLACEHOLDERS = {
-  "oauth-bearer": "host_managed_credential",
-  "github-app": "ghp_host_managed_credential"
-};
-function resolveAuthTokenPlaceholder(credentials) {
-  return credentials.authTokenPlaceholder?.trim() || DEFAULT_PLACEHOLDERS[credentials.type];
-}
-// src/chat/plugins/github-app-broker.ts
-var MAX_LEASE_MS = 60 * 60 * 1e3;
-function normalizeTargetScope(target) {
-  const owner = target?.owner?.trim().toLowerCase();
-  const repo = target?.repo?.trim().toLowerCase();
-  if (!owner || !repo) {
-    return "all";
-  }
-  return `${owner}/${repo}`;
-}
-function base64Url(input) {
-  return Buffer.from(input).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function normalizePrivateKey(raw) {
-  let normalized = raw.trim();
-  if (normalized.startsWith('"') && normalized.endsWith('"') || normalized.startsWith("'") && normalized.endsWith("'")) {
-    normalized = normalized.slice(1, -1);
-  }
-  normalized = normalized.replace(/\r\n/g, "\n");
-  if (normalized.includes("\\n")) {
-    normalized = normalized.replace(/\\n/g, "\n");
-  }
-  if (!normalized.includes("-----BEGIN")) {
-    try {
-      const decoded = Buffer.from(normalized, "base64").toString("utf8").trim();
-      if (decoded.includes("-----BEGIN")) {
-        normalized = decoded;
-      }
-    } catch {
-    }
-  }
-  return normalized;
-}
-function getPrivateKey(envName) {
-  const raw = process.env[envName];
-  if (!raw) {
-    throw new Error(`Missing ${envName}`);
-  }
-  const normalized = normalizePrivateKey(raw);
-  let key;
-  try {
-    key = createPrivateKey({ key: normalized, format: "pem" });
-  } catch {
-    throw new Error(
-      `Invalid ${envName}: expected a PEM-encoded RSA private key (raw PEM, escaped newlines, or base64-encoded PEM)`
-    );
-  }
-  if (key.asymmetricKeyType !== "rsa") {
-    throw new Error(
-      `Invalid ${envName}: GitHub App signing requires an RSA private key`
-    );
-  }
-  return key;
-}
-function createAppJwt(appId, privateKeyEnv) {
-  const now = Math.floor(Date.now() / 1e3);
-  const header = { alg: "RS256", typ: "JWT" };
-  const payload = { iat: now - 60, exp: now + 9 * 60, iss: appId };
-  const encodedHeader = base64Url(JSON.stringify(header));
-  const encodedPayload = base64Url(JSON.stringify(payload));
-  const signingInput = `${encodedHeader}.${encodedPayload}`;
-  const signer = createSign("RSA-SHA256");
-  signer.update(signingInput);
-  signer.end();
-  const signature = signer.sign(getPrivateKey(privateKeyEnv)).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-  return `${signingInput}.${signature}`;
-}
-async function githubRequest(apiBase, path3, params) {
-  const response = await fetch(`${apiBase}${path3}`, {
-    method: params.method ?? "GET",
-    headers: {
-      Accept: "application/vnd.github+json",
-      Authorization: `Bearer ${params.token}`,
-      "X-GitHub-Api-Version": "2022-11-28",
-      ...params.body ? { "Content-Type": "application/json" } : {}
-    },
-    ...params.body ? { body: JSON.stringify(params.body) } : {}
-  });
-  const text = await response.text();
-  let parsed = void 0;
-  if (text) {
-    try {
-      parsed = JSON.parse(text);
-    } catch {
-      parsed = void 0;
-    }
-  }
-  if (!response.ok) {
-    const message = parsed && typeof parsed === "object" && "message" in parsed && typeof parsed.message === "string" ? parsed.message : `GitHub API error ${response.status}`;
-    throw new Error(message);
-  }
-  return parsed;
-}
-function capabilityToPermissions(capability, pluginName) {
-  if (capability === `${pluginName}.issues.read`) {
-    return { issues: "read" };
-  }
-  if (capability === `${pluginName}.issues.write` || capability === `${pluginName}.issues.comment` || capability === `${pluginName}.labels.write`) {
-    return { issues: "write" };
-  }
-  throw new Error(`Unsupported GitHub capability: ${capability}`);
-}
-function createGitHubAppBroker(manifest, credentials) {
-  const tokenCache = /* @__PURE__ */ new Map();
-  const provider = manifest.name;
-  const {
-    apiDomains,
-    apiHeaders,
-    authTokenEnv,
-    appIdEnv,
-    privateKeyEnv,
-    installationIdEnv
-  } = credentials;
-  const apiBase = `https://${apiDomains[0]}`;
-  const placeholder = resolveAuthTokenPlaceholder(credentials);
-  return {
-    async issue(input) {
-      const permissions = capabilityToPermissions(input.capability, provider);
-      const appId = process.env[appIdEnv];
-      if (!appId) {
-        throw new Error(`Missing ${appIdEnv}`);
-      }
-      const installationIdRaw = process.env[installationIdEnv]?.trim();
-      if (!installationIdRaw) {
-        throw new Error(`Missing ${installationIdEnv}`);
-      }
-      const installationId = Number(installationIdRaw);
-      if (!Number.isFinite(installationId)) {
-        throw new Error(`Invalid ${installationIdEnv}`);
-      }
-      const targetScope = normalizeTargetScope(input.target);
-      const cacheKey = `${installationId}:${input.capability}:${targetScope}`;
-      const cached = tokenCache.get(cacheKey);
-      const now = Date.now();
-      if (cached && cached.expiresAt - now > 2 * 60 * 1e3) {
-        return {
-          id: randomUUID(),
-          provider,
-          capability: input.capability,
-          env: { [authTokenEnv]: placeholder },
-          headerTransforms: apiDomains.map((domain) => ({
-            domain,
-            headers: {
-              ...apiHeaders ?? {},
-              Authorization: `Bearer ${cached.token}`
-            }
-          })),
-          expiresAt: new Date(cached.expiresAt).toISOString(),
-          metadata: {
-            installationId: String(cached.installationId),
-            targetScope,
-            reason: input.reason
-          }
-        };
-      }
-      const appJwt = createAppJwt(appId, privateKeyEnv);
-      const repositoryName = input.target?.repo?.trim().toLowerCase();
-      const tokenRequestBody = {
-        permissions
-      };
-      if (repositoryName) {
-        tokenRequestBody.repositories = [repositoryName];
-      }
-      const accessTokenResponse = await githubRequest(apiBase, `/app/installations/${installationId}/access_tokens`, {
-        method: "POST",
-        token: appJwt,
-        body: tokenRequestBody
-      });
-      const providerExpiresAtMs = Date.parse(accessTokenResponse.expires_at);
-      const expiresAtMs = Math.min(
-        providerExpiresAtMs,
-        Date.now() + MAX_LEASE_MS
-      );
-      tokenCache.set(cacheKey, {
-        installationId,
-        token: accessTokenResponse.token,
-        expiresAt: expiresAtMs
-      });
-      return {
-        id: randomUUID(),
-        provider,
-        capability: input.capability,
-        env: { [authTokenEnv]: placeholder },
-        headerTransforms: apiDomains.map((domain) => ({
-          domain,
-          headers: {
-            ...apiHeaders ?? {},
-            Authorization: `Bearer ${accessTokenResponse.token}`
-          }
-        })),
-        expiresAt: new Date(expiresAtMs).toISOString(),
-        metadata: {
-          installationId: String(installationId),
-          targetScope,
-          reason: input.reason
-        }
-      };
-    }
-  };
-}
-// src/chat/plugins/oauth-bearer-broker.ts
-import { randomUUID as randomUUID2 } from "crypto";
-// src/chat/credentials/broker.ts
-var CredentialUnavailableError = class extends Error {
-  provider;
-  constructor(provider, message) {
-    super(message);
-    this.name = "CredentialUnavailableError";
-    this.provider = provider;
-  }
-};
-// src/chat/plugins/oauth-request.ts
-var DEFAULT_TOKEN_CONTENT_TYPE = "application/x-www-form-urlencoded";
-function requireNonEmptyTokenField(data, field) {
-  const value = data[field];
-  if (typeof value !== "string" || !value.trim()) {
-    throw new Error(`OAuth token response missing ${field}`);
-  }
-  return value;
-}
-function contentTypeToBody(contentType, payload) {
-  const mediaType = contentType.split(";", 1)[0]?.trim().toLowerCase();
-  if (!mediaType || mediaType === DEFAULT_TOKEN_CONTENT_TYPE) {
-    return new URLSearchParams(payload);
-  }
-  if (mediaType === "application/json" || mediaType.endsWith("+json")) {
-    return JSON.stringify(payload);
-  }
-  throw new Error(`Unsupported OAuth token Content-Type: ${contentType}`);
-}
-function buildOAuthTokenRequest(input) {
-  const headers = new Headers({ Accept: "application/json" });
-  for (const [name, value] of Object.entries(input.tokenExtraHeaders ?? {})) {
-    headers.set(name, value);
-  }
-  if (!headers.has("Content-Type")) {
-    headers.set("Content-Type", DEFAULT_TOKEN_CONTENT_TYPE);
-  }
-  const payload = { ...input.payload };
-  if (input.tokenAuthMethod === "basic") {
-    headers.set(
-      "Authorization",
-      `Basic ${Buffer.from(`${input.clientId}:${input.clientSecret}`).toString("base64")}`
-    );
-  } else {
-    payload.client_id = input.clientId;
-    payload.client_secret = input.clientSecret;
-  }
-  const contentType = headers.get("Content-Type") ?? DEFAULT_TOKEN_CONTENT_TYPE;
-  const serializedHeaders = {};
-  headers.forEach((value, key) => {
-    serializedHeaders[key] = value;
-  });
-  return {
-    headers: serializedHeaders,
-    body: contentTypeToBody(contentType, payload)
-  };
-}
-function parseOAuthTokenResponse(data) {
-  const accessToken = requireNonEmptyTokenField(data, "access_token");
-  const refreshToken = requireNonEmptyTokenField(data, "refresh_token");
-  const expiresIn = data.expires_in;
-  if (expiresIn === void 0) {
-    return { accessToken, refreshToken };
-  }
-  if (typeof expiresIn !== "number" || !Number.isFinite(expiresIn) || expiresIn <= 0) {
-    throw new Error("OAuth token response returned invalid expires_in");
-  }
-  return {
-    accessToken,
-    refreshToken,
-    expiresAt: Date.now() + expiresIn * 1e3
-  };
-}
-// src/chat/plugins/oauth-bearer-broker.ts
-var MAX_LEASE_MS2 = 60 * 60 * 1e3;
-var REFRESH_BUFFER_MS = 5 * 60 * 1e3;
-async function refreshAccessToken(refreshToken, oauth) {
-  const clientId = process.env[oauth.clientIdEnv]?.trim();
-  const clientSecret = process.env[oauth.clientSecretEnv]?.trim();
-  if (!clientId || !clientSecret) {
-    throw new Error(
-      `Missing ${oauth.clientIdEnv} or ${oauth.clientSecretEnv} for token refresh`
-    );
-  }
-  const request = buildOAuthTokenRequest({
-    clientId,
-    clientSecret,
-    payload: {
-      grant_type: "refresh_token",
-      refresh_token: refreshToken
-    },
-    tokenAuthMethod: oauth.tokenAuthMethod,
-    tokenExtraHeaders: oauth.tokenExtraHeaders
-  });
-  const response = await fetch(oauth.tokenEndpoint, {
-    method: "POST",
-    headers: request.headers,
-    body: request.body
-  });
-  if (!response.ok) {
-    throw new Error(`Token refresh failed: ${response.status}`);
-  }
-  const data = await response.json();
-  return parseOAuthTokenResponse(data);
-}
-function getLeaseExpiry(expiresAt) {
-  return expiresAt ? Math.min(expiresAt, Date.now() + MAX_LEASE_MS2) : Date.now() + MAX_LEASE_MS2;
-}
-function createOAuthBearerBroker(manifest, credentials, deps) {
-  const provider = manifest.name;
-  const supportedCapabilities = new Set(manifest.capabilities);
-  const { apiDomains, apiHeaders, authTokenEnv } = credentials;
-  const authTokenPlaceholder = resolveAuthTokenPlaceholder(credentials);
-  function buildLease(token, capability, expiresAtMs, reason) {
-    return {
-      id: randomUUID2(),
-      provider,
-      capability,
-      env: { [authTokenEnv]: authTokenPlaceholder },
-      headerTransforms: apiDomains.map((domain) => ({
-        domain,
-        headers: { ...apiHeaders ?? {}, Authorization: `Bearer ${token}` }
-      })),
-      expiresAt: new Date(expiresAtMs).toISOString(),
-      metadata: { reason }
-    };
-  }
-  return {
-    async issue(input) {
-      if (!supportedCapabilities.has(input.capability)) {
-        throw new Error(
-          `Unsupported ${provider} capability: ${input.capability}`
-        );
-      }
-      const envToken = process.env[authTokenEnv]?.trim();
-      const oauth = manifest.oauth;
-      if (!oauth) {
-        if (envToken) {
-          return buildLease(
-            envToken,
-            input.capability,
-            Date.now() + MAX_LEASE_MS2,
-            input.reason
-          );
-        }
-        throw new CredentialUnavailableError(
-          provider,
-          `No ${provider} credentials available.`
-        );
-      }
-      if (input.requesterId) {
-        const stored = await deps.userTokenStore.get(
-          input.requesterId,
-          provider
-        );
-        if (stored) {
-          const now = Date.now();
-          if (stored.expiresAt !== void 0 && stored.expiresAt - now < REFRESH_BUFFER_MS) {
-            try {
-              const refreshed = await refreshAccessToken(
-                stored.refreshToken,
-                oauth
-              );
-              await deps.userTokenStore.set(
-                input.requesterId,
-                provider,
-                refreshed
-              );
-              return buildLease(
-                refreshed.accessToken,
-                input.capability,
-                getLeaseExpiry(refreshed.expiresAt),
-                input.reason
-              );
-            } catch {
-              if (stored.expiresAt > Date.now()) {
-                return buildLease(
-                  stored.accessToken,
-                  input.capability,
-                  getLeaseExpiry(stored.expiresAt),
-                  input.reason
-                );
-              }
-              throw new CredentialUnavailableError(
-                provider,
-                `Your ${provider} connection has expired.`
-              );
-            }
-          }
-          if (stored.expiresAt === void 0 || stored.expiresAt > Date.now()) {
-            return buildLease(
-              stored.accessToken,
-              input.capability,
-              getLeaseExpiry(stored.expiresAt),
-              input.reason
-            );
-          }
-          throw new CredentialUnavailableError(
-            provider,
-            `Your ${provider} connection has expired.`
-          );
-        }
-        throw new CredentialUnavailableError(
-          provider,
-          `No ${provider} credentials available.`
-        );
-      }
-      if (envToken) {
-        return buildLease(
-          envToken,
-          input.capability,
-          getLeaseExpiry(),
-          input.reason
-        );
-      }
-      throw new CredentialUnavailableError(
-        provider,
-        `No ${provider} credentials available.`
-      );
-    }
-  };
-}
-// src/chat/plugins/registry.ts
-var pluginDefinitions = [];
-var capabilityToPlugin = /* @__PURE__ */ new Map();
-var pluginConfigKeys = /* @__PURE__ */ new Set();
-var pluginsByName = /* @__PURE__ */ new Map();
-var packageSkillRoots = /* @__PURE__ */ new Set();
-var pluginsLoaded = false;
-function registerPluginManifest(raw, pluginDir) {
-  const manifest = parsePluginManifest(raw, pluginDir);
-  if (pluginsByName.has(manifest.name)) {
-    return;
-  }
-  for (const cap of manifest.capabilities) {
-    if (capabilityToPlugin.has(cap)) {
-      throw new Error(
-        `Duplicate capability "${cap}" in plugin "${manifest.name}"`
-      );
-    }
-  }
-  const definition = {
-    manifest,
-    dir: pluginDir,
-    skillsDir: path2.join(pluginDir, "skills")
-  };
-  pluginDefinitions.push(definition);
-  pluginsByName.set(manifest.name, definition);
-  for (const cap of manifest.capabilities) {
-    capabilityToPlugin.set(cap, definition);
-  }
-  for (const key of manifest.configKeys) {
-    pluginConfigKeys.add(key);
-  }
-}
-function loadPlugins() {
-  if (pluginsLoaded) return;
-  pluginsLoaded = true;
-  const packagedContent = discoverInstalledPluginPackageContent();
-  const localRoots = pluginRoots();
-  const roots = [...localRoots, ...packagedContent.manifestRoots];
-  for (const pluginsRoot of roots) {
-    let entries;
-    let rootStat;
-    try {
-      rootStat = statSync(pluginsRoot);
-    } catch (error) {
-      logWarn(
-        "plugin_root_read_failed",
-        {},
-        {
-          "file.directory": pluginsRoot,
-          "error.message": error instanceof Error ? error.message : String(error)
-        },
-        "Failed to read plugin root"
-      );
-      continue;
-    }
-    if (rootStat.isDirectory()) {
-      const manifestPath = path2.join(pluginsRoot, "plugin.yaml");
-      let hasRootManifest = false;
-      try {
-        hasRootManifest = statSync(manifestPath).isFile();
-      } catch {
-        hasRootManifest = false;
-      }
-      if (hasRootManifest) {
-        const rawRootManifest = readFileSync(manifestPath, "utf8");
-        registerPluginManifest(rawRootManifest, pluginsRoot);
-        continue;
-      }
-    }
-    try {
-      entries = readdirSync(pluginsRoot);
-    } catch (error) {
-      logWarn(
-        "plugin_root_read_failed",
-        {},
-        {
-          "file.directory": pluginsRoot,
-          "error.message": error instanceof Error ? error.message : String(error)
-        },
-        "Failed to read plugin root"
-      );
-      continue;
-    }
-    for (const entry of entries.sort()) {
-      const pluginDir = path2.join(pluginsRoot, entry);
-      try {
-        const stat = statSync(pluginDir);
-        if (!stat.isDirectory()) continue;
-      } catch {
-        continue;
-      }
-      const manifestPath = path2.join(pluginDir, "plugin.yaml");
-      let raw;
-      try {
-        raw = readFileSync(manifestPath, "utf8");
-      } catch {
-        continue;
-      }
-      registerPluginManifest(raw, pluginDir);
-    }
-  }
-  for (const skillRoot of packagedContent.skillRoots) {
-    packageSkillRoots.add(skillRoot);
-  }
-  logInfo(
-    "plugins_loaded",
-    {},
-    {
-      "file.directories": [...localRoots, ...packagedContent.manifestRoots],
-      "app.plugin.count": pluginDefinitions.length,
-      "app.plugin.names": pluginDefinitions.map((plugin) => plugin.manifest.name).sort(),
-      "app.plugin.package_skill_roots": [...packageSkillRoots].sort()
-    },
-    "Loaded plugins"
-  );
-}
-function ensurePluginsLoaded() {
-  loadPlugins();
-}
-loadPlugins();
-function getPluginCapabilityProviders() {
-  ensurePluginsLoaded();
-  return pluginDefinitions.map((plugin) => ({
-    provider: plugin.manifest.name,
-    capabilities: [...plugin.manifest.capabilities],
-    configKeys: [...plugin.manifest.configKeys],
-    ...plugin.manifest.target ? { target: { ...plugin.manifest.target } } : {}
-  }));
-}
-function getPluginProviders() {
-  ensurePluginsLoaded();
-  return [...pluginDefinitions];
-}
-function getPluginRuntimeDependencies() {
-  ensurePluginsLoaded();
-  const seen = /* @__PURE__ */ new Set();
-  const deps = [];
-  for (const plugin of pluginDefinitions) {
-    for (const dep of plugin.manifest.runtimeDependencies ?? []) {
-      const key = dep.type === "npm" ? `${dep.type}:${dep.package}:${dep.version}` : "package" in dep ? `${dep.type}:package:${dep.package}` : `${dep.type}:url:${dep.url}:${dep.sha256}`;
-      if (seen.has(key)) {
-        continue;
-      }
-      seen.add(key);
-      deps.push(dep);
-    }
-  }
-  return deps.sort((left, right) => {
-    if (left.type !== right.type) {
-      return left.type.localeCompare(right.type);
-    }
-    const leftIdentity = "package" in left ? `package:${left.package}` : `url:${left.url}:${left.sha256}`;
-    const rightIdentity = "package" in right ? `package:${right.package}` : `url:${right.url}:${right.sha256}`;
-    if (leftIdentity !== rightIdentity) {
-      return leftIdentity.localeCompare(rightIdentity);
-    }
-    if (left.type === "npm" && right.type === "npm") {
-      return left.version.localeCompare(right.version);
-    }
-    return 0;
-  });
-}
-function getPluginRuntimePostinstall() {
-  ensurePluginsLoaded();
-  const commands = [];
-  for (const plugin of pluginDefinitions) {
-    for (const command of plugin.manifest.runtimePostinstall ?? []) {
-      commands.push({
-        cmd: command.cmd,
-        ...command.args ? { args: [...command.args] } : {},
-        ...command.sudo !== void 0 ? { sudo: command.sudo } : {}
-      });
-    }
-  }
-  return commands;
-}
-function getPluginOAuthConfig(provider) {
-  ensurePluginsLoaded();
-  const plugin = pluginsByName.get(provider);
-  if (!plugin?.manifest.oauth) return void 0;
-  const oauth = plugin.manifest.oauth;
-  return {
-    clientIdEnv: oauth.clientIdEnv,
-    clientSecretEnv: oauth.clientSecretEnv,
-    authorizeEndpoint: oauth.authorizeEndpoint,
-    tokenEndpoint: oauth.tokenEndpoint,
-    ...oauth.scope ? { scope: oauth.scope } : {},
-    ...oauth.authorizeParams ? { authorizeParams: { ...oauth.authorizeParams } } : {},
-    ...oauth.tokenAuthMethod ? { tokenAuthMethod: oauth.tokenAuthMethod } : {},
-    ...oauth.tokenExtraHeaders ? { tokenExtraHeaders: { ...oauth.tokenExtraHeaders } } : {},
-    callbackPath: `/api/oauth/callback/${plugin.manifest.name}`
-  };
-}
-function getPluginSkillRoots() {
-  ensurePluginsLoaded();
-  return [
-    .../* @__PURE__ */ new Set([
-      ...pluginDefinitions.map((plugin) => plugin.skillsDir),
-      ...packageSkillRoots
-    ])
-  ];
-}
-function isPluginProvider(provider) {
-  ensurePluginsLoaded();
-  return pluginsByName.has(provider);
-}
-function createPluginBroker(provider, deps) {
-  ensurePluginsLoaded();
-  const plugin = pluginsByName.get(provider);
-  if (!plugin) {
-    throw new Error(`Unknown plugin provider: "${provider}"`);
-  }
-  const { credentials, name } = plugin.manifest;
-  if (!credentials) {
-    throw new Error(`Provider "${name}" has no credentials configured`);
-  }
-  let broker;
-  if (credentials.type === "oauth-bearer") {
-    broker = createOAuthBearerBroker(plugin.manifest, credentials, deps);
-  } else if (credentials.type === "github-app") {
-    broker = createGitHubAppBroker(plugin.manifest, credentials);
-  } else {
-    throw new Error(`Unsupported credentials type for plugin "${name}"`);
-  }
-  setSpanAttributes({
-    "app.plugin.name": name,
-    "app.plugin.capabilities": plugin.manifest.capabilities,
-    "app.plugin.has_oauth": Boolean(plugin.manifest.oauth)
-  });
-  return broker;
-}
-// src/chat/config.ts
-var MIN_AGENT_TURN_TIMEOUT_MS = 10 * 1e3;
-var DEFAULT_AGENT_TURN_TIMEOUT_MS = 12 * 60 * 1e3;
-var DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS = 800;
-var TURN_TIMEOUT_BUFFER_SECONDS = 20;
-function parseAgentTurnTimeoutMs(rawValue, maxTimeoutMs) {
-  const value = Number.parseInt(rawValue ?? "", 10);
-  if (Number.isNaN(value)) {
-    return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(DEFAULT_AGENT_TURN_TIMEOUT_MS, maxTimeoutMs));
-  }
-  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, Math.min(value, maxTimeoutMs));
-}
-function resolveQueueCallbackMaxDurationSeconds() {
-  const value = Number.parseInt(process.env.QUEUE_CALLBACK_MAX_DURATION_SECONDS ?? "", 10);
-  if (Number.isNaN(value) || value <= 0) {
-    return DEFAULT_QUEUE_CALLBACK_MAX_DURATION_SECONDS;
-  }
-  return value;
-}
-function resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds) {
-  const budgetSeconds = queueCallbackMaxDurationSeconds - TURN_TIMEOUT_BUFFER_SECONDS;
-  return Math.max(MIN_AGENT_TURN_TIMEOUT_MS, budgetSeconds * 1e3);
-}
-function buildBotConfig() {
-  const queueCallbackMaxDurationSeconds = resolveQueueCallbackMaxDurationSeconds();
-  const maxTurnTimeoutMs = resolveMaxTurnTimeoutMs(queueCallbackMaxDurationSeconds);
-  return {
-    userName: process.env.JUNIOR_BOT_NAME ?? "junior",
-    modelId: process.env.AI_MODEL ?? "anthropic/claude-sonnet-4.6",
-    fastModelId: process.env.AI_FAST_MODEL ?? process.env.AI_MODEL ?? "anthropic/claude-haiku-4.5",
-    turnTimeoutMs: parseAgentTurnTimeoutMs(process.env.AGENT_TURN_TIMEOUT_MS, maxTurnTimeoutMs)
-  };
-}
-var botConfig = buildBotConfig();
-function toOptionalTrimmed(value) {
-  if (!value) {
-    return void 0;
-  }
-  const trimmed = value.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
-}
-function getSlackBotToken() {
-  return toOptionalTrimmed(process.env.SLACK_BOT_TOKEN) ?? toOptionalTrimmed(process.env.SLACK_BOT_USER_TOKEN);
-}
-function getSlackSigningSecret() {
-  return toOptionalTrimmed(process.env.SLACK_SIGNING_SECRET);
-}
-function getSlackClientId() {
-  return toOptionalTrimmed(process.env.SLACK_CLIENT_ID);
-}
-function getSlackClientSecret() {
-  return toOptionalTrimmed(process.env.SLACK_CLIENT_SECRET);
-}
-function hasRedisConfig() {
-  return Boolean(process.env.REDIS_URL);
-}
-// src/chat/state.ts
-import { createRedisState } from "@chat-adapter/state-redis";
-import { createMemoryState } from "@chat-adapter/state-memory";
-var MIN_LOCK_TTL_MS = 1e3 * 60 * 5;
-var QUEUE_INGRESS_DEDUP_PREFIX = "junior:queue_ingress";
-var QUEUE_MESSAGE_PROCESSING_PREFIX = "junior:queue_message";
-var AGENT_TURN_SESSION_PREFIX = "junior:agent_turn_session";
-var QUEUE_MESSAGE_PROCESSING_TTL_MS = 30 * 60 * 1e3;
-var QUEUE_MESSAGE_COMPLETED_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
-var QUEUE_MESSAGE_FAILED_TTL_MS = 6 * 60 * 60 * 1e3;
-var AGENT_TURN_SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
-var CLAIM_OR_RECLAIM_PROCESSING_SCRIPT = `
-  local key = KEYS[1]
-  local nowMs = tonumber(ARGV[1])
-  local ttlMs = tonumber(ARGV[2])
-  local payload = ARGV[3]
-  local current = redis.call("get", key)
-  if not current then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 1
-  end
-  local ok, parsed = pcall(cjson.decode, current)
-  if not ok or type(parsed) ~= "table" then
-    return 0
-  end
-  local status = parsed["status"]
-  if status == "failed" then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 3
-  end
-  if status ~= "processing" then
-    return 0
-  end
-  local updatedAtMs = tonumber(parsed["updatedAtMs"])
-  if not updatedAtMs then
-    return 0
-  end
-  if updatedAtMs + ttlMs < nowMs then
-    redis.call("set", key, payload, "PX", ttlMs)
-    return 2
-  end
-  return 0
-`;
-var UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT = `
-  local key = KEYS[1]
-  local ownerToken = ARGV[1]
-  local ttlMs = tonumber(ARGV[2])
-  local payload = ARGV[3]
-  local current = redis.call("get", key)
-  if not current then
-    return 0
-  end
-  local ok, parsed = pcall(cjson.decode, current)
-  if not ok or type(parsed) ~= "table" then
-    return 0
-  end
-  local currentOwner = parsed["ownerToken"]
-  local status = parsed["status"]
-  if currentOwner ~= ownerToken then
-    return 0
-  end
-  if status ~= "processing" then
-    return 0
-  end
-  redis.call("set", key, payload, "PX", ttlMs)
-  return 1
-`;
-function createQueuedStateAdapter(base) {
-  const acquireLock = async (threadId, ttlMs) => {
-    const effectiveTtlMs = Math.max(ttlMs, MIN_LOCK_TTL_MS);
-    const lock = await base.acquireLock(threadId, effectiveTtlMs);
-    return lock;
-  };
-  return {
-    appendToList: (key, value, options) => base.appendToList(key, value, options),
-    connect: () => base.connect(),
-    disconnect: () => base.disconnect(),
-    subscribe: (threadId) => base.subscribe(threadId),
-    unsubscribe: (threadId) => base.unsubscribe(threadId),
-    isSubscribed: (threadId) => base.isSubscribed(threadId),
-    acquireLock,
-    releaseLock: (lock) => base.releaseLock(lock),
-    extendLock: (lock, ttlMs) => base.extendLock(lock, Math.max(ttlMs, MIN_LOCK_TTL_MS)),
-    forceReleaseLock: (threadId) => base.forceReleaseLock(threadId),
-    get: (key) => base.get(key),
-    getList: (key) => base.getList(key),
-    set: (key, value, ttlMs) => base.set(key, value, ttlMs),
-    setIfNotExists: (key, value, ttlMs) => base.setIfNotExists(key, value, ttlMs),
-    delete: (key) => base.delete(key)
-  };
-}
-function createStateAdapter() {
-  if (process.env.JUNIOR_STATE_ADAPTER?.trim().toLowerCase() === "memory") {
-    _redisStateAdapter = void 0;
-    return createQueuedStateAdapter(createMemoryState());
-  }
-  if (!hasRedisConfig()) {
-    throw new Error("REDIS_URL is required for durable Slack thread state");
-  }
-  const redisState = createRedisState({
-    url: process.env.REDIS_URL
-  });
-  _redisStateAdapter = redisState;
-  return createQueuedStateAdapter(redisState);
-}
-var _stateAdapter;
-var _redisStateAdapter;
-function getRedisStateAdapter() {
-  if (!_redisStateAdapter) {
-    getStateAdapter();
-  }
-  if (!_redisStateAdapter) {
-    throw new Error("Redis state adapter is unavailable for this runtime");
-  }
-  return _redisStateAdapter;
-}
-function queueMessageKey(rawKey) {
-  return `${QUEUE_MESSAGE_PROCESSING_PREFIX}:${rawKey}`;
-}
-function parseQueueMessageState(value) {
-  if (typeof value !== "string") {
-    return void 0;
-  }
-  try {
-    const parsed = JSON.parse(value);
-    if (!parsed || parsed.status !== "processing" && parsed.status !== "completed" && parsed.status !== "failed" || typeof parsed.updatedAtMs !== "number") {
-      return void 0;
-    }
-    return {
-      status: parsed.status,
-      updatedAtMs: parsed.updatedAtMs,
-      ...typeof parsed.ownerToken === "string" ? { ownerToken: parsed.ownerToken } : {},
-      ...typeof parsed.queueMessageId === "string" ? { queueMessageId: parsed.queueMessageId } : {},
-      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {}
-    };
-  } catch {
-    return void 0;
-  }
-}
-function agentTurnSessionKey(conversationId, sessionId) {
-  return `${AGENT_TURN_SESSION_PREFIX}:${conversationId}:${sessionId}`;
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-function parseAgentTurnSessionCheckpoint(value) {
-  if (typeof value !== "string") {
-    return void 0;
-  }
-  try {
-    const parsed = JSON.parse(value);
-    if (!isRecord(parsed)) {
-      return void 0;
-    }
-    const status = parsed.state;
-    if (status !== "running" && status !== "awaiting_resume" && status !== "completed" && status !== "failed") {
-      return void 0;
-    }
-    const conversationId = parsed.conversationId;
-    const sessionId = parsed.sessionId;
-    const sliceId = parsed.sliceId;
-    const checkpointVersion = parsed.checkpointVersion;
-    const updatedAtMs = parsed.updatedAtMs;
-    if (typeof conversationId !== "string" || typeof sessionId !== "string" || typeof sliceId !== "number" || typeof checkpointVersion !== "number" || typeof updatedAtMs !== "number") {
-      return void 0;
-    }
-    return {
-      checkpointVersion,
-      conversationId,
-      sessionId,
-      sliceId,
-      state: status,
-      updatedAtMs,
-      piMessages: Array.isArray(parsed.piMessages) ? parsed.piMessages : [],
-      ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {},
-      ...typeof parsed.resumedFromSliceId === "number" ? { resumedFromSliceId: parsed.resumedFromSliceId } : {}
-    };
-  } catch {
-    return void 0;
-  }
-}
-function getStateAdapter() {
-  if (!_stateAdapter) {
-    _stateAdapter = createStateAdapter();
-  }
-  return _stateAdapter;
-}
-async function disconnectStateAdapter() {
-  if (!_stateAdapter) {
-    return;
-  }
-  try {
-    await _stateAdapter.disconnect();
-  } finally {
-    _stateAdapter = void 0;
-    _redisStateAdapter = void 0;
-  }
-}
-async function claimQueueIngressDedup(rawKey, ttlMs) {
-  await getStateAdapter().connect();
-  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
-  const result = await getRedisStateAdapter().getClient().set(key, "1", {
-    NX: true,
-    PX: ttlMs
-  });
-  return result === "OK";
-}
-async function hasQueueIngressDedup(rawKey) {
-  await getStateAdapter().connect();
-  const key = `${QUEUE_INGRESS_DEDUP_PREFIX}:${rawKey}`;
-  const value = await getRedisStateAdapter().getClient().get(key);
-  return typeof value === "string" && value.length > 0;
-}
-async function getQueueMessageProcessingState(rawKey) {
-  await getStateAdapter().connect();
-  const state = await getStateAdapter().get(queueMessageKey(rawKey));
-  return parseQueueMessageState(state);
-}
-async function acquireQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const key = queueMessageKey(args.rawKey);
-  const nowMs = Date.now();
-  const payload = JSON.stringify({
-    status: "processing",
-    updatedAtMs: nowMs,
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(CLAIM_OR_RECLAIM_PROCESSING_SCRIPT, {
-    keys: [key],
-    arguments: [
-      String(nowMs),
-      String(QUEUE_MESSAGE_PROCESSING_TTL_MS),
-      payload
-    ]
-  });
-  if (result === 1) {
-    return "acquired";
-  }
-  if (result === 2) {
-    return "reclaimed";
-  }
-  if (result === 3) {
-    return "recovered";
-  }
-  return "blocked";
-}
-async function refreshQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const nowMs = Date.now();
-  const payload = JSON.stringify({
-    status: "processing",
-    updatedAtMs: nowMs,
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [
-      args.ownerToken,
-      String(QUEUE_MESSAGE_PROCESSING_TTL_MS),
-      payload
-    ]
-  });
-  return result === 1;
-}
-async function completeQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const payload = JSON.stringify({
-    status: "completed",
-    updatedAtMs: Date.now(),
-    ownerToken: args.ownerToken,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [
-      args.ownerToken,
-      String(QUEUE_MESSAGE_COMPLETED_TTL_MS),
-      payload
-    ]
-  });
-  return result === 1;
-}
-async function failQueueMessageProcessingOwnership(args) {
-  await getStateAdapter().connect();
-  const payload = JSON.stringify({
-    status: "failed",
-    updatedAtMs: Date.now(),
-    ownerToken: args.ownerToken,
-    errorMessage: args.errorMessage,
-    ...args.queueMessageId ? { queueMessageId: args.queueMessageId } : {}
-  });
-  const result = await getRedisStateAdapter().getClient().eval(UPDATE_PROCESSING_STATE_IF_OWNER_SCRIPT, {
-    keys: [queueMessageKey(args.rawKey)],
-    arguments: [
-      args.ownerToken,
-      String(QUEUE_MESSAGE_FAILED_TTL_MS),
-      payload
-    ]
-  });
-  return result === 1;
-}
-async function getAgentTurnSessionCheckpoint(conversationId, sessionId) {
-  await getStateAdapter().connect();
-  const value = await getStateAdapter().get(
-    agentTurnSessionKey(conversationId, sessionId)
-  );
-  return parseAgentTurnSessionCheckpoint(value);
-}
-async function upsertAgentTurnSessionCheckpoint(args) {
-  await getStateAdapter().connect();
-  const existing = await getAgentTurnSessionCheckpoint(
-    args.conversationId,
-    args.sessionId
-  );
-  const checkpoint = {
-    checkpointVersion: (existing?.checkpointVersion ?? 0) + 1,
-    conversationId: args.conversationId,
-    sessionId: args.sessionId,
-    sliceId: args.sliceId,
-    state: args.state,
-    updatedAtMs: Date.now(),
-    piMessages: Array.isArray(args.piMessages) ? args.piMessages : [],
-    ...args.errorMessage ? { errorMessage: args.errorMessage } : {},
-    ...typeof args.resumedFromSliceId === "number" ? { resumedFromSliceId: args.resumedFromSliceId } : {}
-  };
-  const ttlMs = Math.max(1, args.ttlMs ?? AGENT_TURN_SESSION_TTL_MS);
-  await getStateAdapter().set(
-    agentTurnSessionKey(args.conversationId, args.sessionId),
-    JSON.stringify(checkpoint),
-    ttlMs
-  );
-  return checkpoint;
-}
-// src/chat/sandbox/runtime-dependency-snapshots.ts
-import { createHash } from "crypto";
-import { Sandbox } from "@vercel/sandbox";
-// src/chat/sandbox/paths.ts
-function normalizeWorkspaceRoot(input) {
-  const candidate = (input ?? "").trim();
-  if (!candidate) {
-    return "/vercel/sandbox";
-  }
-  const normalized = candidate.replace(/\/+$/, "");
-  return normalized.startsWith("/") ? normalized : `/${normalized}`;
-}
-var SANDBOX_WORKSPACE_ROOT = normalizeWorkspaceRoot(process.env.VERCEL_SANDBOX_WORKSPACE_DIR);
-var SANDBOX_SKILLS_ROOT = `${SANDBOX_WORKSPACE_ROOT}/skills`;
-function sandboxSkillDir(skillName) {
-  return `${SANDBOX_SKILLS_ROOT}/${skillName}`;
-}
-// src/chat/sandbox/runtime-dependency-snapshots.ts
-var SNAPSHOT_CACHE_PREFIX = "junior:sandbox_snapshot_profile";
-var SNAPSHOT_LOCK_PREFIX = "junior:sandbox_snapshot_lock";
-var SNAPSHOT_PROFILE_VERSION = 1;
-var SNAPSHOT_CACHE_TTL_MS = 30 * 24 * 60 * 60 * 1e3;
-var SNAPSHOT_BUILD_LOCK_TTL_MS = 10 * 60 * 1e3;
-var SNAPSHOT_WAIT_FOR_LOCK_MS = SNAPSHOT_BUILD_LOCK_TTL_MS + 30 * 1e3;
-var DEFAULT_FLOATING_DEP_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1e3;
-function sleep(ms) {
-  return new Promise((resolve) => {
-    setTimeout(resolve, ms);
-  });
-}
-function profileCacheKey(profileHash) {
-  return `${SNAPSHOT_CACHE_PREFIX}:${profileHash}`;
-}
-function profileLockKey(profileHash) {
-  return `${SNAPSHOT_LOCK_PREFIX}:${profileHash}`;
-}
-function isExactNpmVersion(version) {
-  return /^\d+\.\d+\.\d+(?:[-+][a-z0-9.]+)?$/i.test(version.trim());
-}
-function hasFloatingSelector(dep) {
-  return dep.type === "npm" && !isExactNpmVersion(dep.version);
-}
-function parseFloatingDepMaxAgeMs() {
-  const raw = process.env.SANDBOX_SNAPSHOT_FLOATING_MAX_AGE_MS;
-  if (!raw?.trim()) {
-    return DEFAULT_FLOATING_DEP_MAX_AGE_MS;
-  }
-  const parsed = Number.parseInt(raw, 10);
-  if (!Number.isFinite(parsed) || parsed < 0) {
-    return DEFAULT_FLOATING_DEP_MAX_AGE_MS;
-  }
-  return parsed;
-}
-function buildDependencyProfile(runtime) {
-  const dependencies = getPluginRuntimeDependencies();
-  const postinstall = getPluginRuntimePostinstall();
-  if (dependencies.length === 0 && postinstall.length === 0) {
-    return null;
-  }
-  const rebuildEpoch = process.env.SANDBOX_SNAPSHOT_REBUILD_EPOCH?.trim() ?? "";
-  const hasFloatingVersions = dependencies.some((dep) => hasFloatingSelector(dep)) || postinstall.length > 0;
-  const hashInput = JSON.stringify({
-    version: SNAPSHOT_PROFILE_VERSION,
-    runtime,
-    rebuildEpoch,
-    dependencies,
-    postinstall
-  });
-  const profileHash = createHash("sha256").update(hashInput).digest("hex");
-  return {
-    profileHash,
-    dependencyCount: dependencies.length,
-    hasFloatingVersions,
-    dependencies,
-    postinstall
-  };
-}
-function getRuntimeDependencyProfileHash(runtime) {
-  return buildDependencyProfile(runtime)?.profileHash;
-}
-function shouldRebuildCachedSnapshot(profile, cached) {
-  if (!profile.hasFloatingVersions) {
-    return false;
-  }
-  const maxAgeMs = parseFloatingDepMaxAgeMs();
-  if (maxAgeMs === 0) {
-    return true;
-  }
-  return Date.now() - cached.createdAtMs > maxAgeMs;
-}
-async function getCachedSnapshot(profileHash) {
-  try {
-    const state = getStateAdapter();
-    await state.connect();
-    const raw = await state.get(profileCacheKey(profileHash));
-    if (typeof raw !== "string") {
-      return null;
-    }
-    const parsed = JSON.parse(raw);
-    if (!parsed || typeof parsed !== "object" || typeof parsed.profileHash !== "string" || typeof parsed.snapshotId !== "string" || typeof parsed.runtime !== "string" || typeof parsed.createdAtMs !== "number" || typeof parsed.dependencyCount !== "number") {
-      return null;
-    }
-    return parsed;
-  } catch {
-    return null;
-  }
-}
-async function setCachedSnapshot(entry) {
-  const state = getStateAdapter();
-  await state.connect();
-  await state.set(
-    profileCacheKey(entry.profileHash),
-    JSON.stringify(entry),
-    SNAPSHOT_CACHE_TTL_MS
-  );
-}
-async function withSnapshotSpan(name, op, attributes, callback) {
-  return await withSpan(name, op, {}, callback, attributes);
-}
-async function runOrThrow(sandbox, params, label) {
-  const result = await sandbox.runCommand(params);
-  if (result.exitCode === 0) {
-    return;
-  }
-  const stderr = (await result.stderr()).trim();
-  const stdout = (await result.stdout()).trim();
-  const detail = stderr || stdout || "command failed";
-  throw new Error(`${label} failed: ${detail}`);
-}
-async function tryRun(sandbox, params) {
-  const result = await sandbox.runCommand(params);
-  if (result.exitCode === 0) {
-    return { ok: true };
-  }
-  const stderr = (await result.stderr()).trim();
-  const stdout = (await result.stdout()).trim();
-  return { ok: false, detail: stderr || stdout || "command failed" };
-}
-async function installGhCliViaDnf(sandbox) {
-  const direct = await tryRun(sandbox, {
-    cmd: "dnf",
-    args: ["install", "-y", "gh"],
-    sudo: true
-  });
-  if (direct.ok) {
-    return;
-  }
-  const dnf5Repo = await tryRun(sandbox, {
-    cmd: "dnf",
-    args: [
-      "config-manager",
-      "addrepo",
-      "--from-repofile=https://cli.github.com/packages/rpm/gh-cli.repo"
-    ],
-    sudo: true
-  });
-  if (!dnf5Repo.ok) {
-    await runOrThrow(
-      sandbox,
-      {
-        cmd: "dnf",
-        args: ["install", "-y", "dnf-command(config-manager)"],
-        sudo: true
-      },
-      "dnf install dnf-command(config-manager)"
-    );
-    await runOrThrow(
-      sandbox,
-      {
-        cmd: "dnf",
-        args: [
-          "config-manager",
-          "--add-repo",
-          "https://cli.github.com/packages/rpm/gh-cli.repo"
-        ],
-        sudo: true
-      },
-      "dnf config-manager --add-repo gh-cli.repo"
-    );
-  }
-  await runOrThrow(
-    sandbox,
-    {
-      cmd: "dnf",
-      args: ["install", "-y", "gh", "--repo", "gh-cli"],
-      sudo: true
-    },
-    "dnf install gh --repo gh-cli"
-  );
-}
-function runtimeDependencyFilePath(url, sha256) {
-  let urlBasename = "package.rpm";
-  try {
-    const pathname = new URL(url).pathname;
-    const segments = pathname.split("/").filter(Boolean);
-    const candidate = segments[segments.length - 1];
-    if (candidate) {
-      urlBasename = candidate;
-    }
-  } catch {
-  }
-  const sanitizedBasename = urlBasename.replace(/[^a-zA-Z0-9._-]/g, "_");
-  return `/tmp/junior-runtime-${sha256.slice(0, 12)}-${sanitizedBasename}`;
-}
-async function installRuntimeDependencies(sandbox, deps) {
-  const systemDeps = deps.filter(
-    (dep) => dep.type === "system"
-  );
-  const npmPackages = deps.filter(
-    (dep) => dep.type === "npm"
-  ).map((dep) => `${dep.package}@${dep.version}`);
-  if (systemDeps.length > 0) {
-    await withSnapshotSpan(
-      "sandbox.snapshot.install_system",
-      "sandbox.snapshot.install.system",
-      {
-        "app.sandbox.snapshot.install.system_count": systemDeps.length
-      },
-      async () => {
-        for (const dep of systemDeps) {
-          if ("url" in dep) {
-            const rpmPath = runtimeDependencyFilePath(dep.url, dep.sha256);
-            await runOrThrow(
-              sandbox,
-              {
-                cmd: "curl",
-                args: ["-fsSL", dep.url, "-o", rpmPath]
-              },
-              `curl download ${dep.url}`
-            );
-            const checksumResult = await sandbox.runCommand({
-              cmd: "sha256sum",
-              args: [rpmPath]
-            });
-            const checksumStdout = (await checksumResult.stdout()).trim();
-            const checksumStderr = (await checksumResult.stderr()).trim();
-            if (checksumResult.exitCode !== 0) {
-              throw new Error(
-                `sha256sum failed: ${checksumStderr || checksumStdout || "command failed"}`
-              );
-            }
-            const actualChecksum = checksumStdout.split(/\s+/)[0]?.toLowerCase();
-            if (!actualChecksum) {
-              throw new Error("sha256sum produced empty output");
-            }
-            if (actualChecksum !== dep.sha256) {
-              throw new Error(
-                `checksum mismatch for ${dep.url}: expected ${dep.sha256}, got ${actualChecksum}`
-              );
-            }
-            await runOrThrow(
-              sandbox,
-              {
-                cmd: "dnf",
-                args: ["install", "-y", rpmPath],
-                sudo: true
-              },
-              `dnf install ${dep.url}`
-            );
-            continue;
-          }
-          if (dep.package === "gh") {
-            await installGhCliViaDnf(sandbox);
-            continue;
-          }
-          await runOrThrow(
-            sandbox,
-            {
-              cmd: "dnf",
-              args: ["install", "-y", dep.package],
-              sudo: true
-            },
-            `dnf install ${dep.package}`
-          );
-        }
-      }
-    );
-  }
-  if (npmPackages.length > 0) {
-    await withSnapshotSpan(
-      "sandbox.snapshot.install_npm",
-      "sandbox.snapshot.install.npm",
-      {
-        "app.sandbox.snapshot.install.npm_count": npmPackages.length
-      },
-      async () => {
-        await runOrThrow(
-          sandbox,
-          {
-            cmd: "npm",
-            args: [
-              "install",
-              "--global",
-              "--prefix",
-              `${SANDBOX_WORKSPACE_ROOT}/.junior`,
-              ...npmPackages
-            ]
-          },
-          "npm install"
-        );
-      }
-    );
-  }
-}
-async function runRuntimePostinstall(sandbox, commands) {
-  if (commands.length === 0) {
-    return;
-  }
-  await withSnapshotSpan(
-    "sandbox.snapshot.runtime_postinstall",
-    "sandbox.snapshot.runtime_postinstall",
-    {
-      "app.sandbox.snapshot.runtime_postinstall.count": commands.length
-    },
-    async () => {
-      for (const command of commands) {
-        const invocation = [
-          JSON.stringify(command.cmd),
-          ...(command.args ?? []).map((arg) => JSON.stringify(arg))
-        ].join(" ");
-        const pathPrefix = `${SANDBOX_WORKSPACE_ROOT}/.junior/bin:$PATH`;
-        await runOrThrow(
-          sandbox,
-          {
-            cmd: "bash",
-            args: ["-lc", `export PATH="${pathPrefix}" && ${invocation}`],
-            ...command.sudo !== void 0 ? { sudo: command.sudo } : {}
-          },
-          `runtime-postinstall ${command.cmd}`
-        );
-      }
-    }
-  );
-}
-async function createDependencySnapshot(profile, runtime, timeoutMs) {
-  return await withSnapshotSpan(
-    "sandbox.snapshot.build",
-    "sandbox.snapshot.build",
-    {
-      "app.sandbox.runtime": runtime,
-      "app.sandbox.snapshot.dependency_count": profile.dependencyCount
-    },
-    async () => {
-      const sandbox = await Sandbox.create({
-        timeout: timeoutMs,
-        runtime
-      });
-      try {
-        await installRuntimeDependencies(sandbox, profile.dependencies);
-        await runRuntimePostinstall(sandbox, profile.postinstall);
-        return await withSnapshotSpan(
-          "sandbox.snapshot.capture",
-          "sandbox.snapshot.capture",
-          {
-            "app.sandbox.snapshot.dependency_count": profile.dependencyCount
-          },
-          async () => {
-            const snapshot = await sandbox.snapshot();
-            return snapshot.snapshotId;
-          }
-        );
-      } finally {
-        try {
-          await sandbox.stop({ blocking: true });
-        } catch {
-        }
-      }
-    }
-  );
-}
-async function withBuildLock(profileHash, callback, canUseCachedSnapshot, hooks) {
-  const state = getStateAdapter();
-  await state.connect();
-  const lockKey = profileLockKey(profileHash);
-  const tryAcquireLock = async () => await state.acquireLock(lockKey, SNAPSHOT_BUILD_LOCK_TTL_MS);
-  let lock = await tryAcquireLock();
-  if (lock) {
-    try {
-      const result = await callback();
-      return {
-        snapshotId: result.snapshotId,
-        source: result.source,
-        waitedForLock: false
-      };
-    } finally {
-      await state.releaseLock(lock);
-    }
-  }
-  return await withSnapshotSpan(
-    "sandbox.snapshot.lock_wait",
-    "sandbox.snapshot.lock_wait",
-    {
-      "app.sandbox.snapshot.profile_hash": profileHash
-    },
-    async () => {
-      await hooks?.onWaitingForLock?.();
-      const waitUntil = Date.now() + SNAPSHOT_WAIT_FOR_LOCK_MS;
-      while (Date.now() < waitUntil) {
-        const cached2 = await getCachedSnapshot(profileHash);
-        if (cached2?.snapshotId && canUseCachedSnapshot(cached2)) {
-          return {
-            snapshotId: cached2.snapshotId,
-            source: "wait_cache",
-            waitedForLock: true
-          };
-        }
-        lock = await tryAcquireLock();
-        if (lock) {
-          try {
-            const result = await callback();
-            return {
-              snapshotId: result.snapshotId,
-              source: result.source,
-              waitedForLock: true
-            };
-          } finally {
-            await state.releaseLock(lock);
-          }
-        }
-        await sleep(500);
-      }
-      const cached = await getCachedSnapshot(profileHash);
-      if (cached?.snapshotId && canUseCachedSnapshot(cached)) {
-        return {
-          snapshotId: cached.snapshotId,
-          source: "wait_cache",
-          waitedForLock: true
-        };
-      }
-      throw new Error("Timed out waiting for snapshot build lock");
-    }
-  );
-}
-function toResolveOutcome(forceRebuild, source, waitedForLock) {
-  if (source === "built") {
-    return forceRebuild ? "forced_rebuild" : "rebuilt";
-  }
-  if (waitedForLock || source === "wait_cache") {
-    return "cache_hit_after_lock_wait";
-  }
-  return "cache_hit";
-}
-function getRebuildReason(params) {
-  if (params.forceRebuild) {
-    return params.staleSnapshotId ? "snapshot_missing" : "force_rebuild";
-  }
-  if (params.cached?.snapshotId && params.shouldRebuildCached) {
-    return "floating_stale";
-  }
-  if (!params.cached?.snapshotId) {
-    return "cache_miss";
-  }
-  return void 0;
-}
-async function resolveRuntimeDependencySnapshot(params) {
-  return await withSnapshotSpan(
-    "sandbox.snapshot.resolve",
-    "sandbox.snapshot.resolve",
-    {
-      "app.sandbox.runtime": params.runtime,
-      "app.sandbox.snapshot.force_rebuild": Boolean(params.forceRebuild)
-    },
-    async () => {
-      await params.onProgress?.("resolve_start");
-      const resolveStartedAtMs = Date.now();
-      const profile = buildDependencyProfile(params.runtime);
-      if (!profile) {
-        return {
-          dependencyCount: 0,
-          cacheHit: false,
-          resolveOutcome: "no_profile"
-        };
-      }
-      const cached = await getCachedSnapshot(profile.profileHash);
-      const cachedNeedsRebuild = Boolean(
-        cached?.snapshotId && shouldRebuildCachedSnapshot(profile, cached)
-      );
-      if (!params.forceRebuild && cached?.snapshotId && !cachedNeedsRebuild) {
-        await params.onProgress?.("cache_hit");
-        return {
-          snapshotId: cached.snapshotId,
-          profileHash: profile.profileHash,
-          dependencyCount: profile.dependencyCount,
-          cacheHit: true,
-          resolveOutcome: "cache_hit"
-        };
-      }
-      const rebuildReason = getRebuildReason({
-        forceRebuild: params.forceRebuild,
-        staleSnapshotId: params.staleSnapshotId,
-        cached,
-        shouldRebuildCached: cachedNeedsRebuild
-      });
-      const canUseCachedSnapshot = (candidate) => {
-        if (params.forceRebuild) {
-          if (params.staleSnapshotId) {
-            return candidate.snapshotId !== params.staleSnapshotId;
-          }
-          return candidate.createdAtMs > resolveStartedAtMs;
-        }
-        return !shouldRebuildCachedSnapshot(profile, candidate);
-      };
-      const lockResult = await withBuildLock(
-        profile.profileHash,
-        async () => {
-          const latest = await getCachedSnapshot(profile.profileHash);
-          if (latest?.snapshotId && canUseCachedSnapshot(latest)) {
-            await params.onProgress?.("cache_hit");
-            return {
-              snapshotId: latest.snapshotId,
-              source: "callback_cache"
-            };
-          }
-          await params.onProgress?.("building_snapshot");
-          const nextSnapshotId = await createDependencySnapshot(
-            profile,
-            params.runtime,
-            params.timeoutMs
-          );
-          await setCachedSnapshot({
-            profileHash: profile.profileHash,
-            snapshotId: nextSnapshotId,
-            runtime: params.runtime,
-            createdAtMs: Date.now(),
-            dependencyCount: profile.dependencyCount
-          });
-          await params.onProgress?.("build_complete");
-          return { snapshotId: nextSnapshotId, source: "built" };
-        },
-        canUseCachedSnapshot,
-        {
-          onWaitingForLock: async () => {
-            await params.onProgress?.("waiting_for_lock");
-          }
-        }
-      );
-      return {
-        snapshotId: lockResult.snapshotId,
-        profileHash: profile.profileHash,
-        dependencyCount: profile.dependencyCount,
-        cacheHit: lockResult.source !== "built",
-        resolveOutcome: toResolveOutcome(
-          Boolean(params.forceRebuild),
-          lockResult.source,
-          lockResult.waitedForLock
-        ),
-        ...rebuildReason ? { rebuildReason } : {}
-      };
-    }
-  );
-}
-function isSnapshotMissingError(error) {
-  const searchable = error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();
-  return searchable.includes("snapshot") && (searchable.includes("not found") || searchable.includes("unknown") || searchable.includes("404"));
-}
-export {
-  homeDir,
-  skillRoots,
-  soulPathCandidates,
-  aboutPathCandidates,
-  resolveAuthTokenPlaceholder,
-  CredentialUnavailableError,
-  buildOAuthTokenRequest,
-  parseOAuthTokenResponse,
-  getPluginCapabilityProviders,
-  getPluginProviders,
-  getPluginRuntimeDependencies,
-  getPluginRuntimePostinstall,
-  getPluginOAuthConfig,
-  getPluginSkillRoots,
-  isPluginProvider,
-  createPluginBroker,
-  botConfig,
-  getSlackBotToken,
-  getSlackSigningSecret,
-  getSlackClientId,
-  getSlackClientSecret,
-  getStateAdapter,
-  disconnectStateAdapter,
-  claimQueueIngressDedup,
-  hasQueueIngressDedup,
-  getQueueMessageProcessingState,
-  acquireQueueMessageProcessingOwnership,
-  refreshQueueMessageProcessingOwnership,
-  completeQueueMessageProcessingOwnership,
-  failQueueMessageProcessingOwnership,
-  getAgentTurnSessionCheckpoint,
-  upsertAgentTurnSessionCheckpoint,
-  SANDBOX_WORKSPACE_ROOT,
-  SANDBOX_SKILLS_ROOT,
-  sandboxSkillDir,
-  getRuntimeDependencyProfileHash,
-  resolveRuntimeDependencySnapshot,
-  isSnapshotMissingError
-};