@trenchwork/coder 1.3.0

package/dist/core/rewind.js

@@ -0,0 +1,25 @@
+/**
+ * /rewind preview + result text. Pure + emoji-free (the UX contract §9 bans
+ * chrome emoji, and the legacy fileChangeTracker.getRevertSummary/revertAllChanges
+ * strings use 📋/⏪ + hardcode "/revert confirm" — so the Ink shell builds its
+ * own copy here and only calls revertAllChanges for the actual file restore).
+ */
+export function rewindPreviewLines(items) {
+    const n = items.length;
+    const lines = [`Rewind restores ${n} file${n === 1 ? '' : 's'} to the state before this run:`, ''];
+    for (const it of items) {
+        lines.push(it.existedBefore ? `  ${it.relPath} (restore)` : `  ${it.relPath} (delete — created this run)`);
+    }
+    lines.push('');
+    lines.push('Run /rewind confirm to restore them.');
+    return lines;
+}
+export function rewindResultLine(restored, deleted) {
+    const parts = [];
+    if (restored > 0)
+        parts.push(`${restored} file${restored === 1 ? '' : 's'} restored`);
+    if (deleted > 0)
+        parts.push(`${deleted} file${deleted === 1 ? '' : 's'} deleted`);
+    return parts.length ? `Rewound: ${parts.join(', ')}.` : 'Nothing to rewind.';
+}
+//# sourceMappingURL=rewind.js.map

package/dist/core/rewind.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rewind.js","sourceRoot":"","sources":["../../src/core/rewind.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,MAAM,UAAU,kBAAkB,CAAC,KAAmB;IACpD,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;IACvB,MAAM,KAAK,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnG,KAAK,MAAM,EAAE,IAAI,KAAK,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,OAAO,YAAY,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,OAAO,8BAA8B,CAAC,CAAC;IAC7G,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAgB,EAAE,OAAe;IAChE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,QAAQ,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC;IACtF,IAAI,OAAO,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,QAAQ,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAClF,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC;AAC/E,CAAC"}

package/dist/core/schemaValidator.d.ts

@@ -0,0 +1,49 @@
+import type { JSONSchemaObject } from './types.js';
+/**
+ * Enhanced validation error with structured error information
+ */
+export declare class ToolArgumentValidationError extends Error {
+    readonly issues: readonly string[];
+    readonly toolName: string;
+    constructor(toolName: string, issues: string[]);
+}
+/**
+ * Runtime type guards for tool argument validation
+ */
+export declare namespace TypeGuards {
+    /**
+     * Type guard for string values
+     */
+    function isString(value: unknown): value is string;
+    /**
+     * Type guard for number values
+     */
+    function isNumber(value: unknown): value is number;
+    /**
+     * Type guard for boolean values
+     */
+    function isBoolean(value: unknown): value is boolean;
+    /**
+     * Type guard for array values
+     */
+    function isArray(value: unknown): value is unknown[];
+    /**
+     * Type guard for object values
+     */
+    function isObject(value: unknown): value is Record<string, unknown>;
+    /**
+     * Type guard for non-null values
+     */
+    function isNotNull(value: unknown): value is NonNullable<unknown>;
+    /**
+     * Type guard for enum values
+     */
+    function isEnum<T extends string>(value: unknown, enumValues: readonly T[]): value is T;
+}
+/**
+ * Coerce loosely-typed tool arguments into their declared schema types.
+ * This makes tools resilient to providers that emit boolean/number values as strings.
+ */
+export declare function coerceToolArguments(schema: JSONSchemaObject | undefined, args: Record<string, unknown>): Record<string, unknown>;
+export declare function validateToolArguments(toolName: string, schema: JSONSchemaObject | undefined, args: Record<string, unknown>): void;
+//# sourceMappingURL=schemaValidator.d.ts.map

package/dist/core/schemaValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/core/schemaValidator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAmB,gBAAgB,EAAsB,MAAM,YAAY,CAAC;AAExF;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,KAAK;IACpD,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;gBAEd,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;CAM/C;AAED;;GAEG;AACH,yBAAiB,UAAU,CAAC;IAC1B;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAExD;IAED;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAExD;IAED;;OAEG;IACH,SAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,OAAO,CAE1D;IAED;;OAEG;IACH,SAAgB,OAAO,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,OAAO,EAAE,CAE1D;IAED;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAEzE;IAED;;OAEG;IACH,SAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,WAAW,CAAC,OAAO,CAAC,CAEvE;IAED;;OAEG;IACH,SAAgB,MAAM,CAAC,CAAC,SAAS,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC,CAE7F;CACF;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,gBAAgB,GAAG,SAAS,EACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAiCzB;AAoCD,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,gBAAgB,GAAG,SAAS,EACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,IAAI,CA6BN"}

package/dist/core/schemaValidator.js

@@ -0,0 +1,234 @@
+/**
+ * Enhanced validation error with structured error information
+ */
+export class ToolArgumentValidationError extends Error {
+    issues;
+    toolName;
+    constructor(toolName, issues) {
+        super(formatMessage(toolName, issues));
+        this.name = 'ToolArgumentValidationError';
+        this.issues = issues;
+        this.toolName = toolName;
+    }
+}
+/**
+ * Runtime type guards for tool argument validation
+ */
+export var TypeGuards;
+(function (TypeGuards) {
+    /**
+     * Type guard for string values
+     */
+    function isString(value) {
+        return typeof value === 'string';
+    }
+    TypeGuards.isString = isString;
+    /**
+     * Type guard for number values
+     */
+    function isNumber(value) {
+        return typeof value === 'number' && !Number.isNaN(value);
+    }
+    TypeGuards.isNumber = isNumber;
+    /**
+     * Type guard for boolean values
+     */
+    function isBoolean(value) {
+        return typeof value === 'boolean';
+    }
+    TypeGuards.isBoolean = isBoolean;
+    /**
+     * Type guard for array values
+     */
+    function isArray(value) {
+        return Array.isArray(value);
+    }
+    TypeGuards.isArray = isArray;
+    /**
+     * Type guard for object values
+     */
+    function isObject(value) {
+        return typeof value === 'object' && value !== null && !Array.isArray(value);
+    }
+    TypeGuards.isObject = isObject;
+    /**
+     * Type guard for non-null values
+     */
+    function isNotNull(value) {
+        return value !== undefined && value !== null;
+    }
+    TypeGuards.isNotNull = isNotNull;
+    /**
+     * Type guard for enum values
+     */
+    function isEnum(value, enumValues) {
+        return TypeGuards.isString(value) && enumValues.includes(value);
+    }
+    TypeGuards.isEnum = isEnum;
+})(TypeGuards || (TypeGuards = {}));
+/**
+ * Coerce loosely-typed tool arguments into their declared schema types.
+ * This makes tools resilient to providers that emit boolean/number values as strings.
+ */
+export function coerceToolArguments(schema, args) {
+    if (!schema || schema.type !== 'object' || !schema.properties) {
+        return args;
+    }
+    const coerced = { ...args };
+    for (const [key, definition] of Object.entries(schema.properties)) {
+        if (!Object.hasOwn(args, key)) {
+            continue;
+        }
+        const value = args[key];
+        if (value === undefined || value === null) {
+            continue;
+        }
+        switch (definition.type) {
+            case 'boolean': {
+                const normalized = coerceBoolean(value);
+                coerced[key] = normalized;
+                break;
+            }
+            case 'number': {
+                const normalized = coerceNumber(value);
+                coerced[key] = normalized;
+                break;
+            }
+            default:
+                break;
+        }
+    }
+    return coerced;
+}
+function coerceBoolean(value) {
+    if (typeof value === 'boolean') {
+        return value;
+    }
+    if (typeof value === 'number') {
+        if (value === 1)
+            return true;
+        if (value === 0)
+            return false;
+    }
+    if (typeof value === 'string') {
+        const trimmed = value.trim().toLowerCase();
+        if (trimmed === 'true' || trimmed === '1')
+            return true;
+        if (trimmed === 'false' || trimmed === '0')
+            return false;
+    }
+    return value;
+}
+function coerceNumber(value) {
+    if (typeof value === 'number') {
+        // Reject NaN, Infinity, and -Infinity
+        if (!Number.isFinite(value)) {
+            return value; // Return as-is to fail validation
+        }
+        return value;
+    }
+    if (typeof value === 'string' && value.trim().length > 0) {
+        const parsed = Number(value);
+        // Only accept finite numbers
+        if (Number.isFinite(parsed)) {
+            return parsed;
+        }
+    }
+    return value;
+}
+export function validateToolArguments(toolName, schema, args) {
+    if (!schema || schema.type !== 'object') {
+        return;
+    }
+    const errors = [];
+    const properties = schema.properties ?? {};
+    const required = Array.isArray(schema.required) ? schema.required : [];
+    for (const property of required) {
+        if (!hasArgument(args, property)) {
+            errors.push(`Missing required property "${property}".`);
+        }
+    }
+    for (const [key, value] of Object.entries(args)) {
+        const definition = properties[key];
+        if (!definition) {
+            // Silently ignore unknown properties - models sometimes hallucinate extra params
+            // This is more lenient than strict JSON schema validation but prevents errors
+            // when models pass extra parameters that don't affect tool behavior
+            continue;
+        }
+        validateSchemaProperty(definition, value, key, errors);
+    }
+    if (errors.length) {
+        throw new ToolArgumentValidationError(toolName, errors);
+    }
+}
+function validateSchemaProperty(definition, value, path, errors) {
+    switch (definition.type) {
+        case 'string': {
+            if (typeof value !== 'string') {
+                errors.push(`Argument "${path}" must be a string.`);
+                return;
+            }
+            if (definition.enum && !definition.enum.includes(value)) {
+                errors.push(`Argument "${path}" must be one of: ${definition.enum.map((entry) => `"${entry}"`).join(', ')}.`);
+            }
+            if (typeof definition.minLength === 'number' && value.length < definition.minLength) {
+                errors.push(`Argument "${path}" must be at least ${definition.minLength} character${definition.minLength === 1 ? '' : 's'} long.`);
+            }
+            return;
+        }
+        case 'number': {
+            if (typeof value !== 'number' || !Number.isFinite(value)) {
+                errors.push(`Argument "${path}" must be a finite number.`);
+                return;
+            }
+            // Validate minimum constraint
+            if (typeof definition.minimum === 'number' && value < definition.minimum) {
+                errors.push(`Argument "${path}" must be at least ${definition.minimum}.`);
+            }
+            // Validate maximum constraint
+            if (typeof definition.maximum === 'number' && value > definition.maximum) {
+                errors.push(`Argument "${path}" must be at most ${definition.maximum}.`);
+            }
+            return;
+        }
+        case 'boolean': {
+            if (typeof value !== 'boolean') {
+                errors.push(`Argument "${path}" must be a boolean.`);
+            }
+            return;
+        }
+        case 'array': {
+            if (!Array.isArray(value)) {
+                errors.push(`Argument "${path}" must be an array.`);
+                return;
+            }
+            validateArrayItems(definition, value, path, errors);
+            return;
+        }
+        default:
+            return;
+    }
+}
+function validateArrayItems(definition, value, path, errors) {
+    const itemSchema = definition.items;
+    if (!itemSchema) {
+        return;
+    }
+    for (let index = 0; index < value.length; index += 1) {
+        const entry = value[index];
+        validateSchemaProperty(itemSchema, entry, `${path}[${index}]`, errors);
+    }
+}
+function hasArgument(args, key) {
+    if (!Object.hasOwn(args, key)) {
+        return false;
+    }
+    const value = args[key];
+    return value !== undefined && value !== null;
+}
+function formatMessage(toolName, issues) {
+    const detail = issues.join(' ');
+    return `Invalid arguments for "${toolName}": ${detail}`;
+}
+//# sourceMappingURL=schemaValidator.js.map

package/dist/core/schemaValidator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemaValidator.js","sourceRoot":"","sources":["../../src/core/schemaValidator.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAC3C,MAAM,CAAoB;IAC1B,QAAQ,CAAS;IAE1B,YAAY,QAAgB,EAAE,MAAgB;QAC5C,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;QAC1C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,KAAW,UAAU,CAiD1B;AAjDD,WAAiB,UAAU;IACzB;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAc;QACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC;IACnC,CAAC;IAFe,mBAAQ,WAEvB,CAAA;IAED;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAc;QACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3D,CAAC;IAFe,mBAAQ,WAEvB,CAAA;IAED;;OAEG;IACH,SAAgB,SAAS,CAAC,KAAc;QACtC,OAAO,OAAO,KAAK,KAAK,SAAS,CAAC;IACpC,CAAC;IAFe,oBAAS,YAExB,CAAA;IAED;;OAEG;IACH,SAAgB,OAAO,CAAC,KAAc;QACpC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAFe,kBAAO,UAEtB,CAAA;IAED;;OAEG;IACH,SAAgB,QAAQ,CAAC,KAAc;QACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IAFe,mBAAQ,WAEvB,CAAA;IAED;;OAEG;IACH,SAAgB,SAAS,CAAC,KAAc;QACtC,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;IAC/C,CAAC;IAFe,oBAAS,YAExB,CAAA;IAED;;OAEG;IACH,SAAgB,MAAM,CAAmB,KAAc,EAAE,UAAwB;QAC/E,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAU,CAAC,CAAC;IACvE,CAAC;IAFe,iBAAM,SAErB,CAAA;AACH,CAAC,EAjDgB,UAAU,KAAV,UAAU,QAiD1B;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAoC,EACpC,IAA6B;IAE7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAA4B,EAAE,GAAG,IAAI,EAAE,CAAC;IAErD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC1C,SAAS;QACX,CAAC;QAED,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;YACxB,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;gBAC1B,MAAM;YACR,CAAC;YACD,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;gBACvC,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;gBAC1B,MAAM;YACR,CAAC;YACD;gBACE,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,KAAK,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,KAAK,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IAChC,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACvD,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,KAAK,CAAC;IAC3D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,sCAAsC;QACtC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC,CAAC,kCAAkC;QAClD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7B,6BAA6B;QAC7B,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,QAAgB,EAChB,MAAoC,EACpC,IAA6B;IAE7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvE,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,8BAA8B,QAAQ,IAAI,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,iFAAiF;YACjF,8EAA8E;YAC9E,oEAAoE;YACpE,SAAS;QACX,CAAC;QACD,sBAAsB,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,2BAA2B,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,UAA8B,EAC9B,KAAc,EACd,IAAY,EACZ,MAAgB;IAEhB,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;QACxB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,qBAAqB,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YACD,IAAI,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CACT,aAAa,IAAI,qBAAqB,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACjG,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,UAAU,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,SAAS,EAAE,CAAC;gBACpF,MAAM,CAAC,IAAI,CACT,aAAa,IAAI,sBAAsB,UAAU,CAAC,SAAS,aACzD,UAAU,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACpC,QAAQ,CACT,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzD,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,4BAA4B,CAAC,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,8BAA8B;YAC9B,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;gBACzE,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,sBAAsB,UAAU,CAAC,OAAO,GAAG,CAAC,CAAC;YAC5E,CAAC;YACD,8BAA8B;YAC9B,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;gBACzE,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,qBAAqB,UAAU,CAAC,OAAO,GAAG,CAAC,CAAC;YAC3E,CAAC;YACD,OAAO;QACT,CAAC;QACD,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,sBAAsB,CAAC,CAAC;YACvD,CAAC;YACD,OAAO;QACT,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,qBAAqB,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YACD,kBAAkB,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QACD;YACE,OAAO;IACX,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CACzB,UAA2B,EAC3B,KAAgB,EAChB,IAAY,EACZ,MAAgB;IAEhB,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IAED,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,sBAAsB,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,MAAM,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAA6B,EAAE,GAAW;IAC7D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,MAAgB;IACvD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChC,OAAO,0BAA0B,QAAQ,MAAM,MAAM,EAAE,CAAC;AAC1D,CAAC"}

package/dist/core/secretStore.d.ts

@@ -0,0 +1,59 @@
+import type { ProviderId } from './types.js';
+export type SecretName = 'DEEPSEEK_API_KEY' | 'TAVILY_API_KEY';
+export interface SecretDefinition {
+    id: SecretName;
+    label: string;
+    description: string;
+    envVar: SecretName;
+    providers: ProviderId[];
+}
+export declare class MissingSecretError extends Error {
+    readonly secret: SecretDefinition;
+    constructor(secret: SecretDefinition);
+}
+export declare function listSecretDefinitions(): SecretDefinition[];
+export declare function getSecretDefinition(id: SecretName): SecretDefinition | null;
+export declare function getSecretValue(id: SecretName): string | null;
+/**
+ * Load all stored secrets into process.env at startup.
+ * This ensures secrets are available before any provider checks.
+ *
+ * IMPORTANT: Stored secrets always take precedence over environment variables
+ * for provider API keys. This ensures keys set via /secrets are used even if
+ * the user has old/stale keys exported in their shell environment.
+ */
+export declare function loadAllSecrets(): void;
+export declare function setSecretValue(id: SecretName, rawValue: string): void;
+/**
+ * Route a raw `/key` argument to the secret it sets, by prefix or explicit
+ * provider word. DeepSeek keys are `sk-…`, Tavily keys are `tvly-…`, so a bare
+ * key self-identifies; `/key tavily <k>` / `/key deepseek <k>` force it. Bare
+ * keys with no known prefix default to DeepSeek (back-compat — that was the
+ * only key `/key` ever set). Returns null for an empty/blank argument.
+ */
+export declare function classifyKeyEntry(raw: string): {
+    id: SecretName;
+    value: string;
+} | null;
+export declare function maskSecret(value: string): string;
+export declare function ensureSecretForProvider(provider: ProviderId): string;
+export declare function getSecretDefinitionForProvider(provider: ProviderId): SecretDefinition | null;
+/**
+ * Sanitize error messages to remove potential API keys and secrets.
+ * This prevents accidental token leakage in logs, error reports, and console output.
+ *
+ * @param message - The error message or string to sanitize
+ * @returns The sanitized string with secrets replaced by [REDACTED]
+ */
+export declare function sanitizeErrorMessage(message: string): string;
+/**
+ * Sanitize an Error object's message and stack trace.
+ * Returns a new error message string with secrets removed.
+ */
+export declare function sanitizeError(error: Error): string;
+/**
+ * Create a safe error message from an unknown error value.
+ * Ensures no secrets are leaked regardless of error type.
+ */
+export declare function safeErrorMessage(error: unknown): string;
+//# sourceMappingURL=secretStore.d.ts.map

package/dist/core/secretStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretStore.d.ts","sourceRoot":"","sources":["../../src/core/secretStore.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,MAAM,UAAU,GAClB,kBAAkB,GAClB,gBAAgB,CAAC;AAErB,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,UAAU,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,SAAS,EAAE,UAAU,EAAE,CAAC;CACzB;AA2BD,qBAAa,kBAAmB,SAAQ,KAAK;aACf,MAAM,EAAE,gBAAgB;gBAAxB,MAAM,EAAE,gBAAgB;CAIrD;AAED,wBAAgB,qBAAqB,IAAI,gBAAgB,EAAE,CAE1D;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,UAAU,GAAG,gBAAgB,GAAG,IAAI,CAE3E;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAkB5D;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAYrC;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUrE;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAetF;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUhD;AAED,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,CAQpE;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,UAAU,GAAG,gBAAgB,GAAG,IAAI,CAE5F;AAmED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA4B5D;AAoCD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAQlD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAQvD"}

package/dist/core/secretStore.js

@@ -0,0 +1,278 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, join, resolve } from 'node:path';
+const SECRET_DEFINITIONS = [
+    {
+        id: 'DEEPSEEK_API_KEY',
+        label: 'DeepSeek API Key',
+        description: 'Required to run DeepSeek Reasoner or Chat models.',
+        envVar: 'DEEPSEEK_API_KEY',
+        providers: ['deepseek'],
+    },
+    {
+        id: 'TAVILY_API_KEY',
+        label: 'Tavily API Key',
+        description: 'Required: WebSearch and WebExtract provider. Get yours at https://tavily.com',
+        envVar: 'TAVILY_API_KEY',
+        providers: [],
+    },
+];
+const envAgiHome = process.env['TRENCHWORK_HOME'];
+const SECRET_DIR = envAgiHome ? resolve(envAgiHome) : join(homedir(), '.trenchwork');
+const SECRET_FILE = join(SECRET_DIR, 'secrets.json');
+export class MissingSecretError extends Error {
+    secret;
+    constructor(secret) {
+        super(`${secret.label} is not configured.`);
+        this.secret = secret;
+        this.name = 'MissingSecretError';
+    }
+}
+export function listSecretDefinitions() {
+    return [...SECRET_DEFINITIONS];
+}
+export function getSecretDefinition(id) {
+    return SECRET_DEFINITIONS.find((entry) => entry.id === id) ?? null;
+}
+export function getSecretValue(id) {
+    const envValue = sanitize(process.env[id]);
+    if (envValue) {
+        return envValue;
+    }
+    const store = readSecretStore();
+    const storedValue = sanitize(store[id]);
+    if (!storedValue) {
+        // Project Glasswing: no API key is baked into the source. A keyless
+        // DeepSeek default used to live here; it shipped in the npm `dist/` and
+        // git history — a secret inside the design. Credentials are now resolved
+        // at runtime by the provider (user key, or an operator proxy).
+        return null;
+    }
+    process.env[id] = storedValue;
+    return storedValue;
+}
+/**
+ * Load all stored secrets into process.env at startup.
+ * This ensures secrets are available before any provider checks.
+ *
+ * IMPORTANT: Stored secrets always take precedence over environment variables
+ * for provider API keys. This ensures keys set via /secrets are used even if
+ * the user has old/stale keys exported in their shell environment.
+ */
+export function loadAllSecrets() {
+    const store = readSecretStore();
+    for (const definition of SECRET_DEFINITIONS) {
+        const storedValue = sanitize(store[definition.id]);
+        if (storedValue) {
+            // Always use stored value for API keys to ensure /secrets takes precedence
+            // over potentially stale environment variables
+            process.env[definition.id] = storedValue;
+        }
+        // No baked-in DeepSeek default (Project Glasswing — secrets never ship in
+        // source). The provider resolves credentials at runtime.
+    }
+}
+export function setSecretValue(id, rawValue) {
+    const value = sanitize(rawValue);
+    if (!value) {
+        throw new Error('Secret value cannot be blank.');
+    }
+    const store = readSecretStore();
+    store[id] = value;
+    writeSecretStore(store);
+    process.env[id] = value;
+}
+/**
+ * Route a raw `/key` argument to the secret it sets, by prefix or explicit
+ * provider word. DeepSeek keys are `sk-…`, Tavily keys are `tvly-…`, so a bare
+ * key self-identifies; `/key tavily <k>` / `/key deepseek <k>` force it. Bare
+ * keys with no known prefix default to DeepSeek (back-compat — that was the
+ * only key `/key` ever set). Returns null for an empty/blank argument.
+ */
+export function classifyKeyEntry(raw) {
+    const trimmed = (raw || '').trim();
+    if (!trimmed)
+        return null;
+    const parts = trimmed.split(/\s+/);
+    const lead = (parts[0] || '').toLowerCase();
+    if (lead === 'tavily' || lead === 'tvly' || lead === 'search') {
+        const value = parts.slice(1).join(' ').trim();
+        return value ? { id: 'TAVILY_API_KEY', value } : null;
+    }
+    if (lead === 'deepseek' || lead === 'ds') {
+        const value = parts.slice(1).join(' ').trim();
+        return value ? { id: 'DEEPSEEK_API_KEY', value } : null;
+    }
+    if (/^tvly-/i.test(trimmed))
+        return { id: 'TAVILY_API_KEY', value: trimmed };
+    return { id: 'DEEPSEEK_API_KEY', value: trimmed };
+}
+export function maskSecret(value) {
+    if (!value) {
+        return '';
+    }
+    if (value.length <= 4) {
+        return '*'.repeat(value.length);
+    }
+    const suffix = value.slice(-4);
+    const prefix = '*'.repeat(Math.max(0, value.length - 4));
+    return `${prefix}${suffix}`;
+}
+export function ensureSecretForProvider(provider) {
+    const definition = findDefinitionForProvider(provider);
+    const value = getSecretValue(definition.id);
+    if (!value) {
+        throw new MissingSecretError(definition);
+    }
+    process.env[definition.envVar] = value;
+    return value;
+}
+export function getSecretDefinitionForProvider(provider) {
+    return SECRET_DEFINITIONS.find((entry) => entry.providers.includes(provider)) ?? null;
+}
+function readSecretStore() {
+    if (!existsSync(SECRET_FILE)) {
+        return {};
+    }
+    try {
+        const content = readFileSync(SECRET_FILE, 'utf8');
+        const parsed = JSON.parse(content);
+        if (parsed && typeof parsed === 'object') {
+            return parsed;
+        }
+    }
+    catch {
+        return {};
+    }
+    return {};
+}
+function writeSecretStore(store) {
+    const directory = dirname(SECRET_FILE);
+    // Same posture as auth.ts: 0o700 on the dir, 0o600 on the file. The
+    // payload contains DeepSeek / Tavily / etc. API keys; on shared boxes
+    // anything looser leaves them readable to other local users.
+    mkdirSync(directory, { recursive: true, mode: 0o700 });
+    const payload = JSON.stringify(store, null, 2);
+    // Atomic write: stage to a tmp file then rename. Without this, two
+    // concurrent CLIs writing the secret store at the same moment can
+    // produce a half-written file that subsequent reads parse as `{}`.
+    const tmp = `${SECRET_FILE}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmp, `${payload}
+`, { mode: 0o600 });
+    renameSync(tmp, SECRET_FILE);
+}
+function findDefinitionForProvider(provider) {
+    const definition = getSecretDefinitionForProvider(provider);
+    if (!definition) {
+        throw new Error(`No secret configuration for provider "${provider}".`);
+    }
+    return definition;
+}
+function sanitize(value) {
+    if (typeof value !== 'string') {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length ? trimmed : null;
+}
+// ============================================================================
+// Secret Sanitization for Error Messages
+// ============================================================================
+/**
+ * Known API key patterns to detect and sanitize in error messages.
+ * These patterns match common API key formats from various providers.
+ */
+const API_KEY_PATTERNS = [
+    /Bearer\s+[A-Za-z0-9_.-]{20,}/gi,
+    /x-api-key['":\s]+[A-Za-z0-9_.-]{20,}/gi,
+    /[?&](?:key|api_key|apiKey|api-key|token|access_token)=([A-Za-z0-9_.-]{16,})/gi,
+    /sk-[a-f0-9]{32,}/gi,
+    /(?:api[_-]?key|token|secret|password|credential)['"]?\s*[:=]\s*['"]?([A-Za-z0-9_.-]{20,})['"]?/gi,
+];
+/**
+ * Sanitize error messages to remove potential API keys and secrets.
+ * This prevents accidental token leakage in logs, error reports, and console output.
+ *
+ * @param message - The error message or string to sanitize
+ * @returns The sanitized string with secrets replaced by [REDACTED]
+ */
+export function sanitizeErrorMessage(message) {
+    if (!message || typeof message !== 'string') {
+        return message;
+    }
+    let sanitized = message;
+    // Apply all API key patterns
+    for (const pattern of API_KEY_PATTERNS) {
+        // Reset lastIndex for global patterns
+        pattern.lastIndex = 0;
+        sanitized = sanitized.replace(pattern, (match) => {
+            // For patterns with capture groups, try to preserve context
+            if (match.includes('=') || match.includes(':')) {
+                const separator = match.includes('=') ? '=' : ':';
+                const parts = match.split(separator);
+                if (parts.length === 2) {
+                    return `${parts[0]}${separator}[REDACTED]`;
+                }
+            }
+            return '[REDACTED]';
+        });
+    }
+    // Additionally sanitize any env var values that are currently loaded
+    sanitized = sanitizeAgainstLoadedSecrets(sanitized);
+    return sanitized;
+}
+/**
+ * Sanitize a string against currently loaded secret values.
+ * This catches any secrets that might not match the pattern-based detection.
+ */
+function sanitizeAgainstLoadedSecrets(message) {
+    const secretNames = [
+        'DEEPSEEK_API_KEY',
+        'TAVILY_API_KEY',
+    ];
+    let sanitized = message;
+    for (const name of secretNames) {
+        const value = process.env[name];
+        if (value && value.length >= 4) {
+            // Only sanitize if the value appears in the message
+            // Use a case-sensitive exact match to avoid false positives
+            if (sanitized.includes(value)) {
+                sanitized = sanitized.split(value).join('[REDACTED]');
+            }
+            // Also sanitize partial matches (first 8 chars + last 4 chars pattern)
+            if (value.length >= 12) {
+                const partialPattern = `${value.substring(0, 8)}...${value.substring(value.length - 4)}`;
+                if (sanitized.includes(partialPattern)) {
+                    sanitized = sanitized.split(partialPattern).join('[REDACTED_PARTIAL]');
+                }
+            }
+        }
+    }
+    return sanitized;
+}
+/**
+ * Sanitize an Error object's message and stack trace.
+ * Returns a new error message string with secrets removed.
+ */
+export function sanitizeError(error) {
+    const message = sanitizeErrorMessage(error.message);
+    const stack = error.stack ? sanitizeErrorMessage(error.stack) : '';
+    if (stack && stack !== message) {
+        return `${message}\n${stack}`;
+    }
+    return message;
+}
+/**
+ * Create a safe error message from an unknown error value.
+ * Ensures no secrets are leaked regardless of error type.
+ */
+export function safeErrorMessage(error) {
+    if (error instanceof Error) {
+        return sanitizeErrorMessage(error.message);
+    }
+    if (typeof error === 'string') {
+        return sanitizeErrorMessage(error);
+    }
+    return 'Unknown error occurred';
+}
+//# sourceMappingURL=secretStore.js.map