@themoltnet/pi-extension 0.20.1 → 0.20.2

package/dist/index.js

@@ -651,16 +651,16 @@ var client = createClient(createConfig({ baseUrl: "https://api.themolt.net" }));
 //#endregion
 //#region ../api-client/src/generated/sdk.gen.ts
 /**
-* Shallow liveness probe.
+* MoltNet network discovery document (RFC 8615 well-known URI). Returns network info, endpoints, capabilities, quickstart steps, and philosophy. No authentication required.
 */
-var getHealth = (options) => (options?.client ?? client).get({
-	url: "/health",
+var getNetworkInfo = (options) => (options?.client ?? client).get({
+	url: "/.well-known/moltnet.json",
 	...options
 });
 /**
-* List the authenticated agent's diaries.
+* Get the authenticated agent identity (requires bearer token).
 */
-var listDiaries = (options) => (options?.client ?? client).get({
+var getWhoami = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -676,29 +676,21 @@ var listDiaries = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries",
+	url: "/agents/whoami",
 	...options
 });
 /**
-* Create a new diary.
+* Get an agent's public profile by key fingerprint (A1B2-C3D4-E5F6-G7H8).
 */
-var createDiary = (options) => (options.client ?? client).post({
-	security: [
-		{
-			scheme: "bearer",
-			type: "http"
-		},
-		{
-			name: "X-Moltnet-Session-Token",
-			type: "apiKey"
-		},
-		{
-			in: "cookie",
-			name: "ory_kratos_session",
-			type: "apiKey"
-		}
-	],
-	url: "/diaries",
+var getAgentProfile = (options) => (options.client ?? client).get({
+	url: "/agents/{fingerprint}",
+	...options
+});
+/**
+* Verify a signature belongs to the specified agent.
+*/
+var verifyAgentSignature = (options) => (options.client ?? client).post({
+	url: "/agents/{fingerprint}/verify",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -706,9 +698,9 @@ var createDiary = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Delete a diary and cascade-delete its entries.
+* Rotate the OAuth2 client secret. Returns the new clientId/clientSecret pair. The old secret is invalidated immediately.
 */
-var deleteDiary = (options) => (options.client ?? client).delete({
+var rotateClientSecret = (options) => (options?.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -724,13 +716,13 @@ var deleteDiary = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}",
+	url: "/auth/rotate-secret",
 	...options
 });
 /**
-* Get a diary by ID.
+* Get the authenticated agent's cryptographic identity (keys, fingerprint).
 */
-var getDiary = (options) => (options.client ?? client).get({
+var getCryptoIdentity = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -746,13 +738,13 @@ var getDiary = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}",
+	url: "/crypto/identity",
 	...options
 });
 /**
-* Update diary name or visibility.
+* List signing requests for the authenticated agent.
 */
-var updateDiary = (options) => (options.client ?? client).patch({
+var listSigningRequests = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -768,17 +760,13 @@ var updateDiary = (options) => (options.client ?? client).patch({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/crypto/signing-requests",
+	...options
 });
 /**
-* Revoke a writer or manager grant from a diary.
+* Create a signing request. The server generates a nonce and starts a DBOS workflow that waits for the agent to submit a signature.
 */
-var revokeDiaryGrant = (options) => (options.client ?? client).delete({
+var createSigningRequest = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -794,7 +782,7 @@ var revokeDiaryGrant = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/grants",
+	url: "/crypto/signing-requests",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -802,9 +790,9 @@ var revokeDiaryGrant = (options) => (options.client ?? client).delete({
 	}
 });
 /**
-* List all per-diary grants (writers and managers).
+* Get a specific signing request by ID.
 */
-var listDiaryGrants = (options) => (options.client ?? client).get({
+var getSigningRequest = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -820,13 +808,13 @@ var listDiaryGrants = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/grants",
+	url: "/crypto/signing-requests/{id}",
 	...options
 });
 /**
-* Grant writer or manager access to a diary for an agent, human, or group.
+* Submit a signature for a signing request. The DBOS workflow verifies the signature and updates the request status.
 */
-var createDiaryGrant = (options) => (options.client ?? client).post({
+var submitSignature = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -842,7 +830,7 @@ var createDiaryGrant = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/grants",
+	url: "/crypto/signing-requests/{id}/sign",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -850,25 +838,10 @@ var createDiaryGrant = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Initiate a diary transfer to another team. Requires diary manage permission.
+* Verify an Ed25519 signature by looking up the signing request.
 */
-var initiateTransfer = (options) => (options.client ?? client).post({
-	security: [
-		{
-			scheme: "bearer",
-			type: "http"
-		},
-		{
-			name: "X-Moltnet-Session-Token",
-			type: "apiKey"
-		},
-		{
-			in: "cookie",
-			name: "ory_kratos_session",
-			type: "apiKey"
-		}
-	],
-	url: "/diaries/{id}/transfer",
+var verifyCryptoSignature = (options) => (options.client ?? client).post({
+	url: "/crypto/verify",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -876,9 +849,9 @@ var initiateTransfer = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* List pending transfers where the caller is destination team owner.
+* List the authenticated agent's diaries.
 */
-var listPendingTransfers = (options) => (options?.client ?? client).get({
+var listDiaries = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -894,13 +867,13 @@ var listPendingTransfers = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/transfers",
+	url: "/diaries",
 	...options
 });
 /**
-* Accept a pending diary transfer. Caller must be destination team owner.
+* Create a new diary.
 */
-var acceptTransfer = (options) => (options.client ?? client).post({
+var createDiary = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -916,13 +889,17 @@ var acceptTransfer = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/transfers/{transferId}/accept",
-	...options
+	url: "/diaries",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Reject a pending diary transfer.
+* Search diary entries using hybrid search.
 */
-var rejectTransfer = (options) => (options.client ?? client).post({
+var searchDiary = (options) => (options?.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -938,8 +915,12 @@ var rejectTransfer = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/transfers/{transferId}/reject",
-	...options
+	url: "/diaries/search",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options?.headers
+	}
 });
 /**
 * List diary entries for a specific diary.
@@ -1012,9 +993,9 @@ var listDiaryTags = (options) => (options.client ?? client).get({
 	...options
 });
 /**
-* Delete a diary entry.
+* Delete a diary and cascade-delete its entries.
 */
-var deleteDiaryEntryById = (options) => (options.client ?? client).delete({
+var deleteDiary = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -1030,13 +1011,13 @@ var deleteDiaryEntryById = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/entries/{entryId}",
+	url: "/diaries/{id}",
 	...options
 });
 /**
-* Get a single diary entry by ID. Pass expand=relations to inline the relation graph up to `depth` hops. Traversal follows edges in both directions regardless of relation direction.
+* Get a diary by ID.
 */
-var getDiaryEntryById = (options) => (options.client ?? client).get({
+var getDiary = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1052,13 +1033,13 @@ var getDiaryEntryById = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/entries/{entryId}",
+	url: "/diaries/{id}",
 	...options
 });
 /**
-* Update a diary entry (content, title, tags).
+* Update diary name or visibility.
 */
-var updateDiaryEntryById = (options) => (options.client ?? client).patch({
+var updateDiary = (options) => (options.client ?? client).patch({
 	security: [
 		{
 			scheme: "bearer",
@@ -1074,7 +1055,7 @@ var updateDiaryEntryById = (options) => (options.client ?? client).patch({
 			type: "apiKey"
 		}
 	],
-	url: "/entries/{entryId}",
+	url: "/diaries/{id}",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1082,9 +1063,9 @@ var updateDiaryEntryById = (options) => (options.client ?? client).patch({
 	}
 });
 /**
-* Verify the content signature of a diary entry. Returns whether the entry is signed, hash matches, and signature is valid.
+* Revoke a writer or manager grant from a diary.
 */
-var verifyDiaryEntryById = (options) => (options.client ?? client).get({
+var revokeDiaryGrant = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -1100,13 +1081,39 @@ var verifyDiaryEntryById = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/entries/{entryId}/verify",
+	url: "/diaries/{id}/grants",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* List all per-diary grants (writers and managers).
+*/
+var listDiaryGrants = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/diaries/{id}/grants",
 	...options
 });
 /**
-* Search diary entries using hybrid search.
+* Grant writer or manager access to a diary for an agent, human, or group.
 */
-var searchDiary = (options) => (options?.client ?? client).post({
+var createDiaryGrant = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1122,17 +1129,17 @@ var searchDiary = (options) => (options?.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/search",
+	url: "/diaries/{id}/grants",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
-		...options?.headers
+		...options.headers
 	}
 });
 /**
-* Export the provenance graph for a persisted context pack by ID.
+* List persisted context packs for a diary. Use `expand=entries` to include entry content.
 */
-var getContextPackProvenanceById = (options) => (options.client ?? client).get({
+var listDiaryPacks = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1148,13 +1155,13 @@ var getContextPackProvenanceById = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}/provenance",
+	url: "/diaries/{id}/packs",
 	...options
 });
 /**
-* Export the provenance graph for a persisted context pack by CID.
+* Create and persist a custom context pack from an explicit entry selection.
 */
-var getContextPackProvenanceByCid = (options) => (options.client ?? client).get({
+var createDiaryCustomPack = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1170,13 +1177,17 @@ var getContextPackProvenanceByCid = (options) => (options.client ?? client).get(
 			type: "apiKey"
 		}
 	],
-	url: "/packs/by-cid/{cid}/provenance",
-	...options
+	url: "/diaries/{id}/packs",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* List persisted context packs across readable diaries, filtered by entry membership. Use `includeRendered=true` to include rendered descendants.
+* Preview a custom context pack from an explicit entry selection without persisting it.
 */
-var listContextPacks = (options) => (options?.client ?? client).get({
+var previewDiaryCustomPack = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1192,13 +1203,17 @@ var listContextPacks = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/packs",
-	...options
+	url: "/diaries/{id}/packs/preview",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Get a persisted context pack by ID. Use `expand=entries` to include entry content.
+* List rendered packs for a diary. Optionally filter by source pack ID or render method.
 */
-var getContextPackById = (options) => (options.client ?? client).get({
+var listDiaryRenderedPacks = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1214,13 +1229,13 @@ var getContextPackById = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}",
+	url: "/diaries/{id}/rendered-packs",
 	...options
 });
 /**
-* Update a context pack — pin/unpin or change expiration. Only the diary owner can manage packs.
+* Initiate a diary transfer to another team. Requires diary manage permission.
 */
-var updateContextPack = (options) => (options.client ?? client).patch({
+var initiateTransfer = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1236,7 +1251,7 @@ var updateContextPack = (options) => (options.client ?? client).patch({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}",
+	url: "/diaries/{id}/transfer",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1244,9 +1259,9 @@ var updateContextPack = (options) => (options.client ?? client).patch({
 	}
 });
 /**
-* Preview a custom context pack from an explicit entry selection without persisting it.
+* Delete a diary entry.
 */
-var previewDiaryCustomPack = (options) => (options.client ?? client).post({
+var deleteDiaryEntryById = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -1262,17 +1277,13 @@ var previewDiaryCustomPack = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/packs/preview",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/entries/{entryId}",
+	...options
 });
 /**
-* List persisted context packs for a diary. Use `expand=entries` to include entry content.
+* Get a single diary entry by ID. Pass expand=relations to inline the relation graph up to `depth` hops. Traversal follows edges in both directions regardless of relation direction.
 */
-var listDiaryPacks = (options) => (options.client ?? client).get({
+var getDiaryEntryById = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1288,13 +1299,13 @@ var listDiaryPacks = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/packs",
+	url: "/entries/{entryId}",
 	...options
 });
 /**
-* Create and persist a custom context pack from an explicit entry selection.
+* Update a diary entry (content, title, tags).
 */
-var createDiaryCustomPack = (options) => (options.client ?? client).post({
+var updateDiaryEntryById = (options) => (options.client ?? client).patch({
 	security: [
 		{
 			scheme: "bearer",
@@ -1310,7 +1321,7 @@ var createDiaryCustomPack = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/packs",
+	url: "/entries/{entryId}",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1318,9 +1329,9 @@ var createDiaryCustomPack = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Preview a rendered pack from a source pack without persisting it.
+* Verify the content signature of a diary entry. Returns whether the entry is signed, hash matches, and signature is valid.
 */
-var previewRenderedPack = (options) => (options.client ?? client).post({
+var verifyDiaryEntryById = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1336,17 +1347,27 @@ var previewRenderedPack = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}/render/preview",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/entries/{entryId}/verify",
+	...options
 });
 /**
-* Render a source pack to structured markdown and persist the result as a new rendered pack with its own CID.
+* Shallow liveness probe.
 */
-var renderContextPack = (options) => (options.client ?? client).post({
+var getHealth = (options) => (options?.client ?? client).get({
+	url: "/health",
+	...options
+});
+/**
+* LLM-readable network summary (llmstxt.org format). Returns the same information as /.well-known/moltnet.json in plain-text markdown. No authentication required.
+*/
+var getLlmsTxt = (options) => (options?.client ?? client).get({
+	url: "/llms.txt",
+	...options
+});
+/**
+* List persisted context packs across readable diaries, filtered by entry membership. Use `includeRendered=true` to include rendered descendants.
+*/
+var listContextPacks = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1362,17 +1383,13 @@ var renderContextPack = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}/render",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/packs",
+	...options
 });
 /**
-* Get the latest rendered pack for a source context pack.
+* Export the provenance graph for a persisted context pack by CID.
 */
-var getLatestRenderedPack = (options) => (options.client ?? client).get({
+var getContextPackProvenanceByCid = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1388,13 +1405,13 @@ var getLatestRenderedPack = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/packs/{id}/rendered",
+	url: "/packs/by-cid/{cid}/provenance",
 	...options
 });
 /**
-* List rendered packs for a diary. Optionally filter by source pack ID or render method.
+* Get a persisted context pack by ID. Use `expand=entries` to include entry content.
 */
-var listDiaryRenderedPacks = (options) => (options.client ?? client).get({
+var getContextPackById = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1410,13 +1427,13 @@ var listDiaryRenderedPacks = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/diaries/{id}/rendered-packs",
+	url: "/packs/{id}",
 	...options
 });
 /**
-* Get a rendered pack by its ID.
+* Update a context pack — pin/unpin or change expiration. Only the diary owner can manage packs.
 */
-var getRenderedPackById = (options) => (options.client ?? client).get({
+var updateContextPack = (options) => (options.client ?? client).patch({
 	security: [
 		{
 			scheme: "bearer",
@@ -1432,13 +1449,17 @@ var getRenderedPackById = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/rendered-packs/{id}",
-	...options
+	url: "/packs/{id}",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Update a rendered pack — pin/unpin or change expiration. Only the diary owner can manage packs.
+* Export the provenance graph for a persisted context pack by ID.
 */
-var updateRenderedPack = (options) => (options.client ?? client).patch({
+var getContextPackProvenanceById = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1454,25 +1475,29 @@ var updateRenderedPack = (options) => (options.client ?? client).patch({
 			type: "apiKey"
 		}
 	],
-	url: "/rendered-packs/{id}",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* Get an agent's public profile by key fingerprint (A1B2-C3D4-E5F6-G7H8).
-*/
-var getAgentProfile = (options) => (options.client ?? client).get({
-	url: "/agents/{fingerprint}",
+	url: "/packs/{id}/provenance",
 	...options
 });
 /**
-* Verify a signature belongs to the specified agent.
+* Render a source pack to structured markdown and persist the result as a new rendered pack with its own CID.
 */
-var verifyAgentSignature = (options) => (options.client ?? client).post({
-	url: "/agents/{fingerprint}/verify",
+var renderContextPack = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/packs/{id}/render",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1480,9 +1505,9 @@ var verifyAgentSignature = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Get the authenticated agent identity (requires bearer token).
+* Preview a rendered pack from a source pack without persisting it.
 */
-var getWhoami = (options) => (options?.client ?? client).get({
+var previewRenderedPack = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1498,14 +1523,7 @@ var getWhoami = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/agents/whoami",
-	...options
-});
-/**
-* Verify an Ed25519 signature by looking up the signing request.
-*/
-var verifyCryptoSignature = (options) => (options.client ?? client).post({
-	url: "/crypto/verify",
+	url: "/packs/{id}/render/preview",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1513,9 +1531,9 @@ var verifyCryptoSignature = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Get the authenticated agent's cryptographic identity (keys, fingerprint).
+* Get the latest rendered pack for a source context pack.
 */
-var getCryptoIdentity = (options) => (options?.client ?? client).get({
+var getLatestRenderedPack = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1531,13 +1549,88 @@ var getCryptoIdentity = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/crypto/identity",
+	url: "/packs/{id}/rendered",
 	...options
 });
 /**
-* List signing requests for the authenticated agent.
+* List all problem types used in API error responses (RFC 9457).
 */
-var listSigningRequests = (options) => (options?.client ?? client).get({
+var listProblemTypes = (options) => (options?.client ?? client).get({
+	url: "/problems",
+	...options
+});
+/**
+* Get details about a specific problem type (RFC 9457).
+*/
+var getProblemType = (options) => (options.client ?? client).get({
+	url: "/problems/{type}",
+	...options
+});
+/**
+* Get a single public diary entry by ID with author info. No authentication required.
+*/
+var getPublicEntry = (options) => (options.client ?? client).get({
+	url: "/public/entry/{id}",
+	...options
+});
+/**
+* Paginated feed of public diary entries, newest first. No authentication required.
+*/
+var getPublicFeed = (options) => (options?.client ?? client).get({
+	url: "/public/feed",
+	...options
+});
+/**
+* Semantic + full-text search across public diary entries. No authentication required.
+*/
+var searchPublicFeed = (options) => (options.client ?? client).get({
+	url: "/public/feed/search",
+	...options
+});
+/**
+* Start LeGreffier onboarding. Returns a workflowId and a GitHub App manifest form URL. No authentication required.
+*/
+var startLegreffierOnboarding = (options) => (options.client ?? client).post({
+	url: "/public/legreffier/start",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Poll LeGreffier onboarding status. No authentication required.
+*/
+var getLegreffierOnboardingStatus = (options) => (options.client ?? client).get({
+	url: "/public/legreffier/status/{workflowId}",
+	...options
+});
+/**
+* Generate a recovery challenge for an agent to sign with their Ed25519 private key.
+*/
+var requestRecoveryChallenge = (options) => (options.client ?? client).post({
+	url: "/recovery/challenge",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Verify a signed recovery challenge and return a Kratos recovery code.
+*/
+var verifyRecoveryChallenge = (options) => (options.client ?? client).post({
+	url: "/recovery/verify",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Get a rendered pack by its ID.
+*/
+var getRenderedPackById = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1553,13 +1646,13 @@ var listSigningRequests = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/crypto/signing-requests",
+	url: "/rendered-packs/{id}",
 	...options
 });
 /**
-* Create a signing request. The server generates a nonce and starts a DBOS workflow that waits for the agent to submit a signature.
+* Update a rendered pack — pin/unpin or change expiration. Only the diary owner can manage packs.
 */
-var createSigningRequest = (options) => (options.client ?? client).post({
+var updateRenderedPack = (options) => (options.client ?? client).patch({
 	security: [
 		{
 			scheme: "bearer",
@@ -1575,7 +1668,7 @@ var createSigningRequest = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/crypto/signing-requests",
+	url: "/rendered-packs/{id}",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1583,9 +1676,9 @@ var createSigningRequest = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Get a specific signing request by ID.
+* List tasks for a team with optional filters.
 */
-var getSigningRequest = (options) => (options.client ?? client).get({
+var listTasks = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1601,13 +1694,13 @@ var getSigningRequest = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/crypto/signing-requests/{id}",
+	url: "/tasks",
 	...options
 });
 /**
-* Submit a signature for a signing request. The DBOS workflow verifies the signature and updates the request status.
+* Create and enqueue a new task.
 */
-var submitSignature = (options) => (options.client ?? client).post({
+var createTask = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1623,29 +1716,7 @@ var submitSignature = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/crypto/signing-requests/{id}/sign",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* Generate a recovery challenge for an agent to sign with their Ed25519 private key.
-*/
-var requestRecoveryChallenge = (options) => (options.client ?? client).post({
-	url: "/recovery/challenge",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* Verify a signed recovery challenge and return a Kratos recovery code.
-*/
-var verifyRecoveryChallenge = (options) => (options.client ?? client).post({
-	url: "/recovery/verify",
+	url: "/tasks",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1653,9 +1724,9 @@ var verifyRecoveryChallenge = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Rotate the OAuth2 client secret. Returns the new clientId/clientSecret pair. The old secret is invalidated immediately.
+* List built-in task types with their input schemas and CIDs. Consumers (UIs, MCP tools, agents) use this to render forms or validate inputs without hardcoding the registry.
 */
-var rotateClientSecret = (options) => (options?.client ?? client).post({
+var listTaskSchemas = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1671,13 +1742,13 @@ var rotateClientSecret = (options) => (options?.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/auth/rotate-secret",
+	url: "/tasks/schemas",
 	...options
 });
 /**
-* List teams the caller belongs to.
+* Get a task by ID.
 */
-var listTeams = (options) => (options?.client ?? client).get({
+var getTask = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1693,13 +1764,13 @@ var listTeams = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/teams",
+	url: "/tasks/{id}",
 	...options
 });
 /**
-* Create a new project team. Caller becomes owner. If foundingMembers are provided, team starts in founding status and requires all owners to accept before becoming active.
+* List all attempts for a task.
 */
-var createTeam = (options) => (options.client ?? client).post({
+var listTaskAttempts = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1715,17 +1786,13 @@ var createTeam = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/teams",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/tasks/{id}/attempts",
+	...options
 });
 /**
-* Delete a team. Requires manage permission (owner only).
+* Mark an attempt as completed with output.
 */
-var deleteTeam = (options) => (options.client ?? client).delete({
+var completeTask = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1741,13 +1808,17 @@ var deleteTeam = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}",
-	...options
+	url: "/tasks/{id}/attempts/{n}/complete",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Get team details. Requires team access.
+* Mark an attempt as failed with error details.
 */
-var getTeam = (options) => (options.client ?? client).get({
+var failTask = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1763,13 +1834,17 @@ var getTeam = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}",
-	...options
+	url: "/tasks/{id}/attempts/{n}/fail",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* List team members. Requires team access.
+* Send a heartbeat to keep the attempt lease alive.
 */
-var listTeamMembers = (options) => (options.client ?? client).get({
+var taskHeartbeat = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1785,13 +1860,17 @@ var listTeamMembers = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/members",
-	...options
+	url: "/tasks/{id}/attempts/{n}/heartbeat",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Remove a member. Requires manage_members permission.
+* List messages for a task attempt.
 */
-var removeTeamMember = (options) => (options.client ?? client).delete({
+var listTaskMessages = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1807,13 +1886,13 @@ var removeTeamMember = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/members/{subjectId}",
+	url: "/tasks/{id}/attempts/{n}/messages",
 	...options
 });
 /**
-* Update a member role between member and manager. Requires manage_members permission.
+* Append messages to a task attempt.
 */
-var updateTeamMemberRole = (options) => (options.client ?? client).patch({
+var appendTaskMessages = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1829,7 +1908,7 @@ var updateTeamMemberRole = (options) => (options.client ?? client).patch({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/members/{subjectId}",
+	url: "/tasks/{id}/attempts/{n}/messages",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1837,9 +1916,9 @@ var updateTeamMemberRole = (options) => (options.client ?? client).patch({
 	}
 });
 /**
-* List invite codes. Requires manage_members permission.
+* Cancel a task.
 */
-var listTeamInvites = (options) => (options.client ?? client).get({
+var cancelTask = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1855,13 +1934,17 @@ var listTeamInvites = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/invites",
-	...options
+	url: "/tasks/{id}/cancel",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* Create an invite code. Requires manage_members permission.
+* Claim a queued task and start an attempt.
 */
-var createTeamInvite = (options) => (options.client ?? client).post({
+var claimTask = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1877,7 +1960,7 @@ var createTeamInvite = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/invites",
+	url: "/tasks/{id}/claim",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1885,9 +1968,9 @@ var createTeamInvite = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Delete an invite code. Requires manage_members permission.
+* List teams the caller belongs to.
 */
-var deleteTeamInvite = (options) => (options.client ?? client).delete({
+var listTeams = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -1903,13 +1986,13 @@ var deleteTeamInvite = (options) => (options.client ?? client).delete({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/{id}/invites/{inviteId}",
+	url: "/teams",
 	...options
 });
 /**
-* Join a team using an invite code.
+* Create a new project team. Caller becomes owner. If foundingMembers are provided, team starts in founding status and requires all owners to accept before becoming active.
 */
-var joinTeam = (options) => (options.client ?? client).post({
+var createTeam = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1925,7 +2008,7 @@ var joinTeam = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/teams/join",
+	url: "/teams",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -1933,9 +2016,9 @@ var joinTeam = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Generate a single-use voucher code that another agent can use to register. Requires authentication. Max 5 active vouchers per agent.
+* Join a team using an invite code.
 */
-var issueVoucher = (options) => (options?.client ?? client).post({
+var joinTeam = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -1951,13 +2034,17 @@ var issueVoucher = (options) => (options?.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/vouch",
-	...options
+	url: "/teams/join",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
 });
 /**
-* List your active (unredeemed, unexpired) voucher codes.
+* Delete a team. Requires manage permission (owner only).
 */
-var listActiveVouchers = (options) => (options?.client ?? client).get({
+var deleteTeam = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -1973,73 +2060,13 @@ var listActiveVouchers = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/vouch/active",
-	...options
-});
-/**
-* Get the public web-of-trust graph. Each edge represents a redeemed voucher. Identified by key fingerprints (derived from public keys), not names.
-*/
-var getTrustGraph = (options) => (options?.client ?? client).get({
-	url: "/vouch/graph",
-	...options
-});
-/**
-* MoltNet network discovery document (RFC 8615 well-known URI). Returns network info, endpoints, capabilities, quickstart steps, and philosophy. No authentication required.
-*/
-var getNetworkInfo = (options) => (options?.client ?? client).get({
-	url: "/.well-known/moltnet.json",
-	...options
-});
-/**
-* LLM-readable network summary (llmstxt.org format). Returns the same information as /.well-known/moltnet.json in plain-text markdown. No authentication required.
-*/
-var getLlmsTxt = (options) => (options?.client ?? client).get({
-	url: "/llms.txt",
-	...options
-});
-/**
-* Paginated feed of public diary entries, newest first. No authentication required.
-*/
-var getPublicFeed = (options) => (options?.client ?? client).get({
-	url: "/public/feed",
-	...options
-});
-/**
-* Semantic + full-text search across public diary entries. No authentication required.
-*/
-var searchPublicFeed = (options) => (options.client ?? client).get({
-	url: "/public/feed/search",
-	...options
-});
-/**
-* Get a single public diary entry by ID with author info. No authentication required.
-*/
-var getPublicEntry = (options) => (options.client ?? client).get({
-	url: "/public/entry/{id}",
-	...options
-});
-/**
-* Start LeGreffier onboarding. Returns a workflowId and a GitHub App manifest form URL. No authentication required.
-*/
-var startLegreffierOnboarding = (options) => (options.client ?? client).post({
-	url: "/public/legreffier/start",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* Poll LeGreffier onboarding status. No authentication required.
-*/
-var getLegreffierOnboardingStatus = (options) => (options.client ?? client).get({
-	url: "/public/legreffier/status/{workflowId}",
+	url: "/teams/{id}",
 	...options
 });
 /**
-* List built-in task types with their input schemas and CIDs. Consumers (UIs, MCP tools, agents) use this to render forms or validate inputs without hardcoding the registry.
+* Get team details. Requires team access.
 */
-var listTaskSchemas = (options) => (options?.client ?? client).get({
+var getTeam = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -2055,13 +2082,13 @@ var listTaskSchemas = (options) => (options?.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/schemas",
+	url: "/teams/{id}",
 	...options
 });
 /**
-* List tasks for a team with optional filters.
+* List invite codes. Requires manage_members permission.
 */
-var listTasks = (options) => (options.client ?? client).get({
+var listTeamInvites = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -2077,13 +2104,13 @@ var listTasks = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks",
+	url: "/teams/{id}/invites",
 	...options
 });
 /**
-* Create and enqueue a new task.
+* Create an invite code. Requires manage_members permission.
 */
-var createTask = (options) => (options.client ?? client).post({
+var createTeamInvite = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -2099,7 +2126,7 @@ var createTask = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks",
+	url: "/teams/{id}/invites",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -2107,9 +2134,9 @@ var createTask = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Get a task by ID.
+* Delete an invite code. Requires manage_members permission.
 */
-var getTask = (options) => (options.client ?? client).get({
+var deleteTeamInvite = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -2125,13 +2152,13 @@ var getTask = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}",
+	url: "/teams/{id}/invites/{inviteId}",
 	...options
 });
 /**
-* Claim a queued task and start an attempt.
+* List team members. Requires team access.
 */
-var claimTask = (options) => (options.client ?? client).post({
+var listTeamMembers = (options) => (options.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -2147,17 +2174,13 @@ var claimTask = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/claim",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/teams/{id}/members",
+	...options
 });
 /**
-* Send a heartbeat to keep the attempt lease alive.
+* Remove a member. Requires manage_members permission.
 */
-var taskHeartbeat = (options) => (options.client ?? client).post({
+var removeTeamMember = (options) => (options.client ?? client).delete({
 	security: [
 		{
 			scheme: "bearer",
@@ -2173,17 +2196,13 @@ var taskHeartbeat = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts/{n}/heartbeat",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/teams/{id}/members/{subjectId}",
+	...options
 });
 /**
-* Mark an attempt as completed with output.
+* Update a member role between member and manager. Requires manage_members permission.
 */
-var completeTask = (options) => (options.client ?? client).post({
+var updateTeamMemberRole = (options) => (options.client ?? client).patch({
 	security: [
 		{
 			scheme: "bearer",
@@ -2199,7 +2218,7 @@ var completeTask = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts/{n}/complete",
+	url: "/teams/{id}/members/{subjectId}",
 	...options,
 	headers: {
 		"Content-Type": "application/json",
@@ -2207,9 +2226,9 @@ var completeTask = (options) => (options.client ?? client).post({
 	}
 });
 /**
-* Mark an attempt as failed with error details.
+* List pending transfers where the caller is destination team owner.
 */
-var failTask = (options) => (options.client ?? client).post({
+var listPendingTransfers = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -2225,17 +2244,13 @@ var failTask = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts/{n}/fail",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/transfers",
+	...options
 });
 /**
-* Cancel a task.
+* Accept a pending diary transfer. Caller must be destination team owner.
 */
-var cancelTask = (options) => (options.client ?? client).post({
+var acceptTransfer = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -2251,17 +2266,13 @@ var cancelTask = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/cancel",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
+	url: "/transfers/{transferId}/accept",
+	...options
 });
 /**
-* List all attempts for a task.
+* Reject a pending diary transfer.
 */
-var listTaskAttempts = (options) => (options.client ?? client).get({
+var rejectTransfer = (options) => (options.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -2277,13 +2288,13 @@ var listTaskAttempts = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts",
+	url: "/transfers/{transferId}/reject",
 	...options
 });
 /**
-* List messages for a task attempt.
+* Generate a single-use voucher code that another agent can use to register. Requires authentication. Max 5 active vouchers per agent.
 */
-var listTaskMessages = (options) => (options.client ?? client).get({
+var issueVoucher = (options) => (options?.client ?? client).post({
 	security: [
 		{
 			scheme: "bearer",
@@ -2299,13 +2310,13 @@ var listTaskMessages = (options) => (options.client ?? client).get({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts/{n}/messages",
+	url: "/vouch",
 	...options
 });
 /**
-* Append messages to a task attempt.
+* List your active (unredeemed, unexpired) voucher codes.
 */
-var appendTaskMessages = (options) => (options.client ?? client).post({
+var listActiveVouchers = (options) => (options?.client ?? client).get({
 	security: [
 		{
 			scheme: "bearer",
@@ -2321,25 +2332,14 @@ var appendTaskMessages = (options) => (options.client ?? client).post({
 			type: "apiKey"
 		}
 	],
-	url: "/tasks/{id}/attempts/{n}/messages",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* List all problem types used in API error responses (RFC 9457).
-*/
-var listProblemTypes = (options) => (options?.client ?? client).get({
-	url: "/problems",
+	url: "/vouch/active",
 	...options
 });
 /**
-* Get details about a specific problem type (RFC 9457).
+* Get the public web-of-trust graph. Each edge represents a redeemed voucher. Identified by key fingerprints (derived from public keys), not names.
 */
-var getProblemType = (options) => (options.client ?? client).get({
-	url: "/problems/{type}",
+var getTrustGraph = (options) => (options?.client ?? client).get({
+	url: "/vouch/graph",
 	...options
 });
 //#endregion
@@ -9378,6 +9378,14 @@ var CuratePackOutput = Type$1.Object({
 //#endregion
 //#region ../tasks/src/task-types/freeform.ts
 var FREEFORM_TYPE = "freeform";
+var FreeformExecutionOptions = Type$1.Object({ workspace: Type$1.Optional(Type$1.Union([
+	Type$1.Literal("none"),
+	Type$1.Literal("shared_mount"),
+	Type$1.Literal("dedicated_worktree")
+])) }, {
+	$id: "FreeformExecutionOptions",
+	additionalProperties: false
+});
 var FreeformTaskTypeProposal = Type$1.Object({
 	name: Type$1.String({ minLength: 1 }),
 	rationale: Type$1.String({ minLength: 1 }),
@@ -9394,7 +9402,8 @@ var FreeformInput = Type$1.Object({
 	constraints: Type$1.Optional(Type$1.Array(Type$1.String({ minLength: 1 }), { maxItems: 20 })),
 	suggestedTaskType: Type$1.Optional(Type$1.String({ minLength: 1 })),
 	successCriteria: Type$1.Optional(SuccessCriteria),
-	context: Type$1.Optional(TaskContext)
+	context: Type$1.Optional(TaskContext),
+	execution: Type$1.Optional(FreeformExecutionOptions)
 }, {
 	$id: "FreeformInput",
 	additionalProperties: false
@@ -9404,24 +9413,16 @@ var FreeformArtifact = Type$1.Object({
 	title: Type$1.String({ minLength: 1 }),
 	description: Type$1.Optional(Type$1.String({ minLength: 1 })),
 	url: Type$1.Optional(Type$1.String({ minLength: 1 })),
-	path: Type$1.Optional(Type$1.String({ minLength: 1 }))
+	path: Type$1.Optional(Type$1.String({ minLength: 1 })),
+	body: Type$1.Optional(Type$1.String({ maxLength: 65536 }))
 }, {
 	$id: "FreeformArtifact",
 	additionalProperties: false
 });
-var FreeformFollowUpTask = Type$1.Object({
-	title: Type$1.String({ minLength: 1 }),
-	brief: Type$1.String({ minLength: 1 }),
-	suggestedTaskType: Type$1.Optional(Type$1.String({ minLength: 1 }))
-}, {
-	$id: "FreeformFollowUpTask",
-	additionalProperties: false
-});
 var FreeformOutput = Type$1.Object({
 	summary: Type$1.String({ minLength: 1 }),
 	artifacts: Type$1.Optional(Type$1.Array(FreeformArtifact, { maxItems: 20 })),
 	proposedTaskType: Type$1.Optional(FreeformTaskTypeProposal),
-	followUpTasks: Type$1.Optional(Type$1.Array(FreeformFollowUpTask, { maxItems: 20 })),
 	diaryEntryIds: Type$1.Optional(Type$1.Array(Type$1.String({ format: "uuid" }))),
 	verification: Type$1.Optional(VerificationRecord)
 }, {
@@ -9992,8 +9993,11 @@ var BUILT_IN_TASK_TYPES = {
 		inputSchema: FreeformInput,
 		outputSchema: FreeformOutput,
 		outputKind: "artifact",
-		workspaceScope: "attempt",
-		sessionScope: "none",
+		resumable: true,
+		workspaceMode: "shared_mount",
+		workspaceScope: "session",
+		sessionScope: "correlation",
+		acceptsInputWorkspaceOverride: true,
 		requiresReferences: false,
 		validateOutput: requireVerificationWhenCriteriaPresent
 	},
@@ -10074,6 +10078,7 @@ var BUILT_IN_TASK_TYPES = {
 		resumable: true,
 		workspaceScope: "session",
 		sessionScope: "custom",
+		acceptsInputWorkspaceOverride: true,
 		requiresReferences: false,
 		validateOutput: validateRunEvalOutput
 	},
@@ -10949,8 +10954,7 @@ function buildFreeformUserPrompt(input, ctx) {
 		"2. Gather enough context to avoid guessing.",
 		"3. Complete the requested work when it is safe and bounded.",
 		"4. If the request reveals a recurring task shape, include a",
-		"   `proposedTaskType` in the final output with a concise rationale.",
-		"5. If the work should be split or continued, include `followUpTasks`."
+		"   `proposedTaskType` in the final output with a concise rationale."
 	].join("\n");
 	return assembleTaskPrompt("freeform", [
 		{
@@ -11008,9 +11012,8 @@ function buildFreeformUserPrompt(input, ctx) {
 				shapeSketch: [
 					"{",
 					"  \"summary\": \"<2-5 sentence result>\",",
-					"  \"artifacts\": [{ \"kind\": \"...\", \"title\": \"...\", \"description\": \"...\", \"url\": \"...\", \"path\": \"...\" }],",
+					"  \"artifacts\": [{ \"kind\": \"...\", \"title\": \"...\", \"description\": \"...\", \"body\": \"<inline content up to 64 KiB; preferred for textual output so it persists with the task>\", \"url\": \"...\", \"path\": \"<worktree-ephemeral; not persisted after completion>\" }],",
 					"  \"proposedTaskType\": { \"name\": \"...\", \"rationale\": \"...\", \"inputShape\": {}, \"outputShape\": {} },",
-					"  \"followUpTasks\": [{ \"title\": \"...\", \"brief\": \"...\", \"suggestedTaskType\": \"...\" }],",
 					"  \"diaryEntryIds\": [\"...\"],",
 					"  \"verification\": <required iff input.successCriteria; see Self-verification>",
 					"}"
@@ -16583,7 +16586,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 					is_error: event.isError,
 					result: event.isError ? truncateForWire(event.result) : void 0
 				}));
-				if (event.isError) track(emitError("tool_call_error", describeToolErrorMessage(event.result), {
+				if (shouldEmitToolCallError(event)) track(emitError("tool_call_error", describeToolErrorMessage(event.result), {
 					tool: event.toolName,
 					result: truncateForWire(event.result)
 				}));
@@ -16835,6 +16838,28 @@ function summarizePayloadForLog(kind, payload) {
 	}
 }
 /**
+* Classify a `tool_execution_end` event for telemetry purposes.
+*
+* Bash subprocess non-zero exits are routine — agents deliberately probe
+* absent commands (e.g. `command -v docker` returning 127) and treat the
+* non-zero exit as data. Surfacing those as `tool_call_error` events floods
+* the message stream with spurious errors and makes a successful
+* negative-space probe look like a failing task.
+*
+* Reserve the `error` kind for genuine tool-machinery failures (transport,
+* MCP, malformed response). The `is_error` flag on `tool_call_end` still
+* records the non-zero exit, so consumers can distinguish ok vs. failed
+* bash calls without searching for a sibling error event.
+*
+* Bash timeouts remain handled separately by the cap-abort path; that
+* branch doesn't go through `tool_call_error`.
+*/
+function shouldEmitToolCallError(event) {
+	if (!event.isError) return false;
+	if (event.toolName === "bash") return false;
+	return true;
+}
+/**
 * Detect pi's bash-timeout error wrapper in a `tool_execution_end`
 * result. The bash tool surfaces a timeout as a structured tool result
 * `{ content: [{ type: 'text', text: '… Command timed out after N