npm - @ubiquity-os/plugin-sdk - Versions diffs - 3.8.4 → 3.9.0 - Mend

@ubiquity-os/plugin-sdk 3.8.4 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +47 -10
package/dist/configuration.d.mts +42 -19
package/dist/configuration.d.ts +42 -19
package/dist/configuration.js +430 -92
package/dist/configuration.mjs +428 -91
package/dist/{context-sqbr2o6i.d.mts → context-Dwl3aRX-.d.mts} +29 -0
package/dist/{context-BbEmsEct.d.ts → context-zLHgu52i.d.ts} +29 -0
package/dist/index.d.mts +3 -2
package/dist/index.d.ts +3 -2
package/dist/index.js +575 -224
package/dist/index.mjs +574 -223
package/dist/llm.d.mts +7 -43
package/dist/llm.d.ts +7 -43
package/dist/llm.js +175 -43
package/dist/llm.mjs +175 -43
package/dist/manifest.d.mts +2 -2
package/dist/manifest.d.ts +2 -2
package/dist/signature.js +3 -2
package/dist/signature.mjs +3 -2
package/package.json +7 -6

package/dist/index.mjs CHANGED Viewed

@@ -1,12 +1,79 @@
 // src/actions.ts
 import * as core from "@actions/core";
-import * as github2 from "@actions/github";
 import { Value as Value3 } from "@sinclair/typebox/value";
-import { LogReturn as LogReturn3, Logs } from "@ubiquity-os/ubiquity-os-logger";
+import { Logs } from "@ubiquity-os/ubiquity-os-logger";
+// src/error.ts
+import { LogReturn } from "@ubiquity-os/ubiquity-os-logger";
+function getErrorStatus(err) {
+  if (!err || typeof err !== "object") return null;
+  const candidate = err;
+  const directStatus = candidate.status ?? candidate.response?.status;
+  if (typeof directStatus === "number" && Number.isFinite(directStatus)) return directStatus;
+  if (typeof directStatus === "string" && directStatus.trim()) {
+    const parsed = Number.parseInt(directStatus, 10);
+    if (Number.isFinite(parsed)) return parsed;
+  }
+  if (err instanceof Error) {
+    const match = /LLM API error:\s*(\d{3})/i.exec(err.message);
+    if (match) {
+      const parsed = Number.parseInt(match[1], 10);
+      if (Number.isFinite(parsed)) return parsed;
+    }
+  }
+  return null;
+}
+function logByStatus(context, message, metadata) {
+  const status = getErrorStatus(metadata.err);
+  const payload = { ...metadata, ...status ? { status } : {} };
+  if (status && status >= 500) return context.logger.error(message, payload);
+  if (status && status >= 400) return context.logger.warn(message, payload);
+  if (status && status >= 300) return context.logger.debug(message, payload);
+  if (status && status >= 200) return context.logger.ok(message, payload);
+  if (status && status >= 100) return context.logger.info(message, payload);
+  return context.logger.error(message, payload);
+}
+function transformError(context, error) {
+  if (error instanceof LogReturn) {
+    return error;
+  }
+  if (error instanceof AggregateError) {
+    const message = error.errors.map((err) => {
+      if (err instanceof LogReturn) {
+        return err.logMessage.raw;
+      }
+      if (err instanceof Error) {
+        return err.message;
+      }
+      return String(err);
+    }).join("\n\n");
+    return logByStatus(context, message, { err: error });
+  }
+  if (error instanceof Error) {
+    return logByStatus(context, error.message, { err: error });
+  }
+  return logByStatus(context, String(error), { err: error });
+}
 // src/helpers/runtime-info.ts
-import github from "@actions/github";
 import { getRuntimeKey } from "hono/adapter";
+// src/helpers/github-context.ts
+import * as github from "@actions/github";
+function getGithubContext() {
+  const override = globalThis.__UOS_GITHUB_CONTEXT__;
+  if (override) {
+    return override;
+  }
+  const module = github;
+  const context = module.context ?? module.default?.context;
+  if (!context) {
+    throw new Error("GitHub context is unavailable.");
+  }
+  return context;
+}
+// src/helpers/runtime-info.ts
 var PluginRuntimeInfo = class _PluginRuntimeInfo {
   static _instance = null;
   _env = {};
@@ -54,10 +121,11 @@ var CfRuntimeInfo = class extends PluginRuntimeInfo {
 };
 var NodeRuntimeInfo = class extends PluginRuntimeInfo {
   get version() {
-    return github.context.sha;
+    return getGithubContext().sha;
   }
   get runUrl() {
-    return github.context.payload.repository ? `${github.context.payload.repository?.html_url}/actions/runs/${github.context.runId}` : "http://localhost";
+    const context = getGithubContext();
+    return context.payload.repository ? `${context.payload.repository?.html_url}/actions/runs/${context.runId}` : "http://localhost";
   }
 };
 var DenoRuntimeInfo = class extends PluginRuntimeInfo {
@@ -150,14 +218,75 @@ function getPluginOptions(options) {
 }
 // src/comment.ts
+var COMMAND_RESPONSE_KIND = "command-response";
+var COMMAND_RESPONSE_MARKER = `"commentKind": "${COMMAND_RESPONSE_KIND}"`;
+var COMMAND_RESPONSE_COMMENT_LIMIT = 50;
+var RECENT_COMMENTS_QUERY = (
+  /* GraphQL */
+  `
+  query ($owner: String!, $repo: String!, $number: Int!, $last: Int!) {
+    repository(owner: $owner, name: $repo) {
+      issueOrPullRequest(number: $number) {
+        __typename
+        ... on Issue {
+          comments(last: $last) {
+            nodes {
+              id
+              body
+              isMinimized
+              minimizedReason
+              author {
+                login
+              }
+            }
+          }
+        }
+        ... on PullRequest {
+          comments(last: $last) {
+            nodes {
+              id
+              body
+              isMinimized
+              minimizedReason
+              author {
+                login
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+`
+);
+var MINIMIZE_COMMENT_MUTATION = `
+  mutation($id: ID!, $classifier: ReportedContentClassifiers!) {
+    minimizeComment(input: { subjectId: $id, classifier: $classifier }) {
+      minimizedComment {
+        isMinimized
+        minimizedReason
+      }
+    }
+  }
+`;
+function logByStatus2(logger, message, status, metadata) {
+  const payload = { ...metadata, ...status ? { status } : {} };
+  if (status && status >= 500) return logger.error(message, payload);
+  if (status && status >= 400) return logger.warn(message, payload);
+  if (status && status >= 300) return logger.debug(message, payload);
+  if (status && status >= 200) return logger.ok(message, payload);
+  if (status && status >= 100) return logger.info(message, payload);
+  return logger.error(message, payload);
+}
 var CommentHandler = class _CommentHandler {
   static HEADER_NAME = "UbiquityOS";
   _lastCommentId = { reviewCommentId: null, issueCommentId: null };
-  async _updateIssueComment(context2, params) {
+  _commandResponsePolicyApplied = false;
+  async _updateIssueComment(context, params) {
     if (!this._lastCommentId.issueCommentId) {
-      throw context2.logger.error("issueCommentId is missing");
+      throw context.logger.error("issueCommentId is missing");
     }
-    const commentData = await context2.octokit.rest.issues.updateComment({
+    const commentData = await context.octokit.rest.issues.updateComment({
       owner: params.owner,
       repo: params.repo,
       comment_id: this._lastCommentId.issueCommentId,
@@ -165,11 +294,11 @@ var CommentHandler = class _CommentHandler {
     });
     return { ...commentData.data, issueNumber: params.issueNumber };
   }
-  async _updateReviewComment(context2, params) {
+  async _updateReviewComment(context, params) {
     if (!this._lastCommentId.reviewCommentId) {
-      throw context2.logger.error("reviewCommentId is missing");
+      throw context.logger.error("reviewCommentId is missing");
     }
-    const commentData = await context2.octokit.rest.pulls.updateReviewComment({
+    const commentData = await context.octokit.rest.pulls.updateReviewComment({
       owner: params.owner,
       repo: params.repo,
       comment_id: this._lastCommentId.reviewCommentId,
@@ -177,9 +306,9 @@ var CommentHandler = class _CommentHandler {
     });
     return { ...commentData.data, issueNumber: params.issueNumber };
   }
-  async _createNewComment(context2, params) {
+  async _createNewComment(context, params) {
     if (params.commentId) {
-      const commentData2 = await context2.octokit.rest.pulls.createReplyForReviewComment({
+      const commentData2 = await context.octokit.rest.pulls.createReplyForReviewComment({
         owner: params.owner,
         repo: params.repo,
         pull_number: params.issueNumber,
@@ -189,7 +318,7 @@ var CommentHandler = class _CommentHandler {
       this._lastCommentId.reviewCommentId = commentData2.data.id;
       return { ...commentData2.data, issueNumber: params.issueNumber };
     }
-    const commentData = await context2.octokit.rest.issues.createComment({
+    const commentData = await context.octokit.rest.issues.createComment({
       owner: params.owner,
       repo: params.repo,
       issue_number: params.issueNumber,
@@ -198,54 +327,142 @@ var CommentHandler = class _CommentHandler {
     this._lastCommentId.issueCommentId = commentData.data.id;
     return { ...commentData.data, issueNumber: params.issueNumber };
   }
-  _getIssueNumber(context2) {
-    if ("issue" in context2.payload) return context2.payload.issue.number;
-    if ("pull_request" in context2.payload) return context2.payload.pull_request.number;
-    if ("discussion" in context2.payload) return context2.payload.discussion.number;
+  _getIssueNumber(context) {
+    if ("issue" in context.payload) return context.payload.issue.number;
+    if ("pull_request" in context.payload) return context.payload.pull_request.number;
+    if ("discussion" in context.payload) return context.payload.discussion.number;
     return void 0;
   }
-  _getCommentId(context2) {
-    return "pull_request" in context2.payload && "comment" in context2.payload ? context2.payload.comment.id : void 0;
+  _getCommentId(context) {
+    return "pull_request" in context.payload && "comment" in context.payload ? context.payload.comment.id : void 0;
+  }
+  _getCommentNodeId(context) {
+    const payload = context.payload;
+    const nodeId = payload.comment?.node_id;
+    return typeof nodeId === "string" && nodeId.trim() ? nodeId : null;
   }
-  _extractIssueContext(context2) {
-    if (!("repository" in context2.payload) || !context2.payload.repository?.owner?.login) {
+  _extractIssueContext(context) {
+    if (!("repository" in context.payload) || !context.payload.repository?.owner?.login) {
       return null;
     }
-    const issueNumber = this._getIssueNumber(context2);
+    const issueNumber = this._getIssueNumber(context);
     if (!issueNumber) return null;
     return {
       issueNumber,
-      commentId: this._getCommentId(context2),
-      owner: context2.payload.repository.owner.login,
-      repo: context2.payload.repository.name
+      commentId: this._getCommentId(context),
+      owner: context.payload.repository.owner.login,
+      repo: context.payload.repository.name
+    };
+  }
+  _extractIssueLocator(context) {
+    if (!("issue" in context.payload) && !("pull_request" in context.payload)) {
+      return null;
+    }
+    const issueContext = this._extractIssueContext(context);
+    if (!issueContext) return null;
+    return {
+      owner: issueContext.owner,
+      repo: issueContext.repo,
+      issueNumber: issueContext.issueNumber
     };
   }
-  _processMessage(context2, message) {
+  _shouldApplyCommandResponsePolicy(context) {
+    return Boolean(context.command);
+  }
+  _isCommandResponseComment(body) {
+    return typeof body === "string" && body.includes(COMMAND_RESPONSE_MARKER);
+  }
+  _getGraphqlClient(context) {
+    const graphql = context.octokit.graphql;
+    return typeof graphql === "function" ? graphql : null;
+  }
+  async _fetchRecentComments(context, locator, last = COMMAND_RESPONSE_COMMENT_LIMIT) {
+    const graphql = this._getGraphqlClient(context);
+    if (!graphql) return [];
+    try {
+      const data = await graphql(RECENT_COMMENTS_QUERY, {
+        owner: locator.owner,
+        repo: locator.repo,
+        number: locator.issueNumber,
+        last
+      });
+      const nodes = data.repository?.issueOrPullRequest?.comments?.nodes ?? [];
+      return nodes.filter((node) => Boolean(node));
+    } catch (error) {
+      context.logger.debug("Failed to fetch recent comments (non-fatal)", { err: error });
+      return [];
+    }
+  }
+  _findPreviousCommandResponseComment(comments, currentCommentId) {
+    for (let idx = comments.length - 1; idx >= 0; idx -= 1) {
+      const comment = comments[idx];
+      if (!comment) continue;
+      if (currentCommentId && comment.id === currentCommentId) continue;
+      if (this._isCommandResponseComment(comment.body)) {
+        return comment;
+      }
+    }
+    return null;
+  }
+  async _minimizeComment(context, commentNodeId, classifier = "RESOLVED") {
+    const graphql = this._getGraphqlClient(context);
+    if (!graphql) return;
+    try {
+      await graphql(MINIMIZE_COMMENT_MUTATION, {
+        id: commentNodeId,
+        classifier
+      });
+    } catch (error) {
+      context.logger.debug("Failed to minimize comment (non-fatal)", { err: error, commentNodeId });
+    }
+  }
+  async _applyCommandResponsePolicy(context) {
+    if (this._commandResponsePolicyApplied) return;
+    this._commandResponsePolicyApplied = true;
+    if (!this._shouldApplyCommandResponsePolicy(context)) return;
+    const locator = this._extractIssueLocator(context);
+    const commentNodeId = this._getCommentNodeId(context);
+    const comments = locator ? await this._fetchRecentComments(context, locator) : [];
+    const current = commentNodeId ? comments.find((comment) => comment.id === commentNodeId) : null;
+    const isCurrentMinimized = current?.isMinimized ?? false;
+    if (commentNodeId && !isCurrentMinimized) {
+      await this._minimizeComment(context, commentNodeId);
+    }
+    const previous = this._findPreviousCommandResponseComment(comments, commentNodeId);
+    if (previous && !previous.isMinimized) {
+      await this._minimizeComment(context, previous.id);
+    }
+  }
+  _processMessage(context, message) {
     if (message instanceof Error) {
       const metadata2 = {
         message: message.message,
         name: message.name,
         stack: message.stack
       };
-      return { metadata: metadata2, logMessage: context2.logger.error(message.message).logMessage };
+      const status = getErrorStatus(message);
+      const logReturn = logByStatus2(context.logger, message.message, status, metadata2);
+      return { metadata: { ...metadata2, ...status ? { status } : {} }, logMessage: logReturn.logMessage };
     }
+    const stackLine = message.metadata?.error?.stack?.split("\n")[2];
+    const callerMatch = stackLine ? /at (\S+)/.exec(stackLine) : null;
     const metadata = message.metadata ? {
       ...message.metadata,
       message: message.metadata.message,
       stack: message.metadata.stack || message.metadata.error?.stack,
-      caller: message.metadata.caller || message.metadata.error?.stack?.split("\n")[2]?.match(/at (\S+)/)?.[1]
+      caller: message.metadata.caller || callerMatch?.[1]
     } : { ...message };
     return { metadata, logMessage: message.logMessage };
   }
-  _getInstigatorName(context2) {
-    if ("installation" in context2.payload && context2.payload.installation && "account" in context2.payload.installation && context2.payload.installation?.account?.name) {
-      return context2.payload.installation?.account?.name;
+  _getInstigatorName(context) {
+    if ("installation" in context.payload && context.payload.installation && "account" in context.payload.installation && context.payload.installation?.account?.name) {
+      return context.payload.installation?.account?.name;
     }
-    return context2.payload.sender?.login || _CommentHandler.HEADER_NAME;
+    return context.payload.sender?.login || _CommentHandler.HEADER_NAME;
   }
-  _createMetadataContent(context2, metadata) {
+  _createMetadataContent(context, metadata) {
     const jsonPretty = sanitizeMetadata(metadata);
-    const instigatorName = this._getInstigatorName(context2);
+    const instigatorName = this._getInstigatorName(context);
     const runUrl = PluginRuntimeInfo.getInstance().runUrl;
     const version = PluginRuntimeInfo.getInstance().version;
     const callingFnName = metadata.caller || "anonymous";
@@ -262,64 +479,46 @@ var CommentHandler = class _CommentHandler {
   /*
    * Creates the body for the comment, embeds the metadata and the header hidden in the body as well.
    */
-  createCommentBody(context2, message, options) {
-    return this._createCommentBody(context2, message, options);
+  createCommentBody(context, message, options) {
+    return this._createCommentBody(context, message, options);
   }
-  _createCommentBody(context2, message, options) {
-    const { metadata, logMessage } = this._processMessage(context2, message);
-    const { header, jsonPretty } = this._createMetadataContent(context2, metadata);
+  _createCommentBody(context, message, options) {
+    const { metadata, logMessage } = this._processMessage(context, message);
+    const shouldTagCommandResponse = options?.commentKind && typeof metadata === "object" && !("commentKind" in metadata);
+    const metadataWithKind = shouldTagCommandResponse ? { ...metadata, commentKind: options?.commentKind } : metadata;
+    const { header, jsonPretty } = this._createMetadataContent(context, metadataWithKind);
     const metadataContent = this._formatMetadataContent(logMessage, header, jsonPretty);
     return `${options?.raw ? logMessage?.raw : logMessage?.diff}
 ${metadataContent}
 `;
   }
-  async postComment(context2, message, options = { updateComment: true, raw: false }) {
-    const issueContext = this._extractIssueContext(context2);
+  async postComment(context, message, options = { updateComment: true, raw: false }) {
+    await this._applyCommandResponsePolicy(context);
+    const issueContext = this._extractIssueContext(context);
     if (!issueContext) {
-      context2.logger.info("Cannot post comment: missing issue context in payload");
+      context.logger.warn("Cannot post comment: missing issue context in payload");
       return null;
     }
-    const body = this._createCommentBody(context2, message, options);
+    const shouldTagCommandResponse = this._shouldApplyCommandResponsePolicy(context);
+    const body = this._createCommentBody(context, message, {
+      ...options,
+      commentKind: options.commentKind ?? (shouldTagCommandResponse ? COMMAND_RESPONSE_KIND : void 0)
+    });
     const { issueNumber, commentId, owner, repo } = issueContext;
     const params = { owner, repo, body, issueNumber };
     if (options.updateComment) {
-      if (this._lastCommentId.issueCommentId && !("pull_request" in context2.payload && "comment" in context2.payload)) {
-        return this._updateIssueComment(context2, params);
+      if (this._lastCommentId.issueCommentId && !("pull_request" in context.payload && "comment" in context.payload)) {
+        return this._updateIssueComment(context, params);
       }
-      if (this._lastCommentId.reviewCommentId && "pull_request" in context2.payload && "comment" in context2.payload) {
-        return this._updateReviewComment(context2, params);
+      if (this._lastCommentId.reviewCommentId && "pull_request" in context.payload && "comment" in context.payload) {
+        return this._updateReviewComment(context, params);
       }
     }
-    return this._createNewComment(context2, { ...params, commentId });
+    return this._createNewComment(context, { ...params, commentId });
   }
 };
-// src/error.ts
-import { LogReturn as LogReturn2 } from "@ubiquity-os/ubiquity-os-logger";
-function transformError(context2, error) {
-  let loggerError;
-  if (error instanceof AggregateError) {
-    loggerError = context2.logger.error(
-      error.errors.map((err) => {
-        if (err instanceof LogReturn2) {
-          return err.logMessage.raw;
-        } else if (err instanceof Error) {
-          return err.message;
-        } else {
-          return err;
-        }
-      }).join("\n\n"),
-      { error }
-    );
-  } else if (error instanceof Error || error instanceof LogReturn2) {
-    loggerError = error;
-  } else {
-    loggerError = context2.logger.error(String(error));
-  }
-  return loggerError;
-}
 // src/helpers/command.ts
 import { Value } from "@sinclair/typebox/value";
 function getCommand(inputs, pluginOptions) {
@@ -390,7 +589,7 @@ async function verifySignature(publicKeyPem, inputs, signature) {
       ref: inputs.ref,
       command: inputs.command
     };
-    const pemContents = publicKeyPem.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").trim();
+    const pemContents = publicKeyPem.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(/\s+/g, "");
     const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
     const publicKey = await crypto.subtle.importKey(
       "spki",
@@ -442,90 +641,110 @@ var inputSchema = T2.Object({
 });
 // src/actions.ts
-async function handleError(context2, pluginOptions, error) {
+async function handleError(context, pluginOptions, error) {
   console.error(error);
-  const loggerError = transformError(context2, error);
-  if (loggerError instanceof LogReturn3) {
-    core.setFailed(loggerError.logMessage.diff);
-  } else if (loggerError instanceof Error) {
-    core.setFailed(loggerError);
-  }
+  const loggerError = transformError(context, error);
+  core.setFailed(loggerError.logMessage.diff);
   if (pluginOptions.postCommentOnError && loggerError) {
-    await context2.commentHandler.postComment(context2, loggerError);
+    await context.commentHandler.postComment(context, loggerError);
   }
 }
-async function createActionsPlugin(handler, options) {
-  const pluginOptions = getPluginOptions(options);
-  const pluginGithubToken = process.env.PLUGIN_GITHUB_TOKEN;
-  if (!pluginGithubToken) {
+function getDispatchTokenOrFail(pluginOptions) {
+  if (!pluginOptions.returnDataToKernel) return null;
+  const token = process.env.PLUGIN_GITHUB_TOKEN;
+  if (!token) {
     core.setFailed("Error: PLUGIN_GITHUB_TOKEN env is not set");
-    return;
+    return null;
   }
-  const body = github2.context.payload.inputs;
+  return token;
+}
+async function getInputsOrFail(pluginOptions) {
+  const githubContext = getGithubContext();
+  const body = githubContext.payload.inputs;
   const inputSchemaErrors = [...Value3.Errors(inputSchema, body)];
   if (inputSchemaErrors.length) {
     console.dir(inputSchemaErrors, { depth: null });
     core.setFailed(`Error: Invalid inputs payload: ${inputSchemaErrors.map((o) => o.message).join(", ")}`);
-    return;
-  }
-  const signature = body.signature;
-  if (!pluginOptions.bypassSignatureVerification && !await verifySignature(pluginOptions.kernelPublicKey, body, signature)) {
-    core.setFailed(`Error: Invalid signature`);
-    return;
+    return null;
   }
-  const inputs = Value3.Decode(inputSchema, body);
-  let config;
-  if (pluginOptions.settingsSchema) {
-    try {
-      config = Value3.Decode(pluginOptions.settingsSchema, Value3.Default(pluginOptions.settingsSchema, inputs.settings));
-    } catch (e) {
-      console.dir(...Value3.Errors(pluginOptions.settingsSchema, inputs.settings), { depth: null });
-      core.setFailed(`Error: Invalid settings provided.`);
-      throw e;
+  if (!pluginOptions.bypassSignatureVerification) {
+    const signature = typeof body.signature === "string" ? body.signature : "";
+    if (!signature) {
+      core.setFailed("Error: Missing signature");
+      return null;
     }
-  } else {
-    config = inputs.settings;
-  }
-  let env;
-  if (pluginOptions.envSchema) {
-    try {
-      env = Value3.Decode(pluginOptions.envSchema, Value3.Default(pluginOptions.envSchema, process.env));
-    } catch (e) {
-      console.dir(...Value3.Errors(pluginOptions.envSchema, process.env), { depth: null });
-      core.setFailed(`Error: Invalid environment provided.`);
-      throw e;
+    const isValid = await verifySignature(pluginOptions.kernelPublicKey, body, signature);
+    if (!isValid) {
+      core.setFailed("Error: Invalid signature");
+      return null;
     }
-  } else {
-    env = process.env;
   }
-  const command = getCommand(inputs, pluginOptions);
-  const context2 = {
+  return Value3.Decode(inputSchema, body);
+}
+function decodeWithSchema(schema, value, errorMessage) {
+  if (!schema) {
+    return { value };
+  }
+  try {
+    return { value: Value3.Decode(schema, Value3.Default(schema, value)) };
+  } catch (error) {
+    console.dir(...Value3.Errors(schema, value), { depth: null });
+    const err = new Error(errorMessage);
+    err.cause = error;
+    return { value: null, error: err };
+  }
+}
+async function createActionsPlugin(handler, options) {
+  const pluginOptions = getPluginOptions(options);
+  const pluginGithubToken = getDispatchTokenOrFail(pluginOptions);
+  if (pluginOptions.returnDataToKernel && !pluginGithubToken) {
+    return;
+  }
+  const inputs = await getInputsOrFail(pluginOptions);
+  if (!inputs) {
+    return;
+  }
+  const context = {
     eventName: inputs.eventName,
     payload: inputs.eventPayload,
-    command,
+    command: null,
     authToken: inputs.authToken,
     ubiquityKernelToken: inputs.ubiquityKernelToken,
     octokit: new customOctokit({ auth: inputs.authToken }),
-    config,
-    env,
+    config: inputs.settings,
+    env: process.env,
     logger: new Logs(pluginOptions.logLevel),
     commentHandler: new CommentHandler()
   };
+  const configResult = decodeWithSchema(pluginOptions.settingsSchema, inputs.settings, "Error: Invalid settings provided.");
+  if (!configResult.value) {
+    await handleError(context, pluginOptions, configResult.error ?? new Error("Error: Invalid settings provided."));
+    return;
+  }
+  context.config = configResult.value;
+  const envResult = decodeWithSchema(pluginOptions.envSchema, process.env, "Error: Invalid environment provided.");
+  if (!envResult.value) {
+    await handleError(context, pluginOptions, envResult.error ?? new Error("Error: Invalid environment provided."));
+    return;
+  }
+  context.env = envResult.value;
   try {
-    const result = await handler(context2);
+    context.command = getCommand(inputs, pluginOptions);
+    const result = await handler(context);
     core.setOutput("result", result);
-    if (pluginOptions?.returnDataToKernel) {
+    if (pluginOptions.returnDataToKernel && pluginGithubToken) {
       await returnDataToKernel(pluginGithubToken, inputs.stateId, result);
     }
   } catch (error) {
-    await handleError(context2, pluginOptions, error);
+    await handleError(context, pluginOptions, error);
   }
 }
 async function returnDataToKernel(repoToken, stateId, output) {
+  const githubContext = getGithubContext();
   const octokit = new customOctokit({ auth: repoToken });
   await octokit.rest.repos.createDispatchEvent({
-    owner: github2.context.repo.owner,
-    repo: github2.context.repo.repo,
+    owner: githubContext.repo.owner,
+    repo: githubContext.repo.repo,
     event_type: "return-data-to-ubiquity-os-kernel",
     client_payload: {
       state_id: stateId,
@@ -587,107 +806,17 @@ function processSegment(segment, extraTags, shouldCollapseEmptyLines) {
   return s;
 }
-// src/llm/index.ts
-function normalizeBaseUrl(baseUrl) {
-  let normalized = baseUrl.trim();
-  while (normalized.endsWith("/")) {
-    normalized = normalized.slice(0, -1);
-  }
-  return normalized;
-}
-function getEnvString(name) {
-  if (typeof process === "undefined" || !process?.env) return "";
-  return String(process.env[name] ?? "").trim();
-}
-function getAiBaseUrl(options) {
-  if (typeof options.baseUrl === "string" && options.baseUrl.trim()) {
-    return normalizeBaseUrl(options.baseUrl);
-  }
-  const envBaseUrl = getEnvString("UBQ_AI_BASE_URL") || getEnvString("UBQ_AI_URL");
-  if (envBaseUrl) return normalizeBaseUrl(envBaseUrl);
-  return "https://ai.ubq.fi";
-}
-async function callLlm(options, input) {
-  const inputPayload = input;
-  const authToken = inputPayload.authToken;
-  const ubiquityKernelToken = inputPayload.ubiquityKernelToken;
-  const payload = inputPayload.payload ?? inputPayload.eventPayload;
-  const owner = payload?.repository?.owner?.login ?? "";
-  const repo = payload?.repository?.name ?? "";
-  const installationId = payload?.installation?.id;
-  if (!authToken) throw new Error("Missing authToken in inputs");
-  const isKernelTokenRequired = authToken.trim().startsWith("gh");
-  if (isKernelTokenRequired && !ubiquityKernelToken) {
-    throw new Error("Missing ubiquityKernelToken in inputs (kernel attestation is required for GitHub auth)");
-  }
-  const { baseUrl, model, stream: isStream, messages, ...rest } = options;
-  const url = `${getAiBaseUrl({ ...options, baseUrl })}/v1/chat/completions`;
-  const body = JSON.stringify({
-    ...rest,
-    ...model ? { model } : {},
-    messages,
-    stream: isStream ?? false
-  });
-  const headers = {
-    Authorization: `Bearer ${authToken}`,
-    "Content-Type": "application/json"
-  };
-  if (owner) headers["X-GitHub-Owner"] = owner;
-  if (repo) headers["X-GitHub-Repo"] = repo;
-  if (typeof installationId === "number" && Number.isFinite(installationId)) {
-    headers["X-GitHub-Installation-Id"] = String(installationId);
-  }
-  if (ubiquityKernelToken) {
-    headers["X-Ubiquity-Kernel-Token"] = ubiquityKernelToken;
-  }
-  const response = await fetch(url, { method: "POST", headers, body });
-  if (!response.ok) {
-    const err = await response.text();
-    throw new Error(`LLM API error: ${response.status} - ${err}`);
-  }
-  if (isStream) {
-    if (!response.body) {
-      throw new Error("LLM API error: missing response body for streaming request");
-    }
-    return parseSseStream(response.body);
-  }
-  return response.json();
-}
-async function* parseSseStream(body) {
-  const reader = body.getReader();
-  const decoder = new TextDecoder();
-  let buffer = "";
-  try {
-    while (true) {
-      const { value, done: isDone } = await reader.read();
-      if (isDone) break;
-      buffer += decoder.decode(value, { stream: true });
-      const events = buffer.split("\n\n");
-      buffer = events.pop() || "";
-      for (const event of events) {
-        if (event.startsWith("data: ")) {
-          const data = event.slice(6);
-          if (data === "[DONE]") return;
-          yield JSON.parse(data);
-        }
-      }
-    }
-  } finally {
-    reader.releaseLock();
-  }
-}
 // src/server.ts
 import { Value as Value4 } from "@sinclair/typebox/value";
 import { Logs as Logs2 } from "@ubiquity-os/ubiquity-os-logger";
 import { Hono } from "hono";
 import { env as honoEnv } from "hono/adapter";
 import { HTTPException } from "hono/http-exception";
-async function handleError2(context2, pluginOptions, error) {
+async function handleError2(context, pluginOptions, error) {
   console.error(error);
-  const loggerError = transformError(context2, error);
+  const loggerError = transformError(context, error);
   if (pluginOptions.postCommentOnError && loggerError) {
-    await context2.commentHandler.postComment(context2, loggerError);
+    await context.commentHandler.postComment(context, loggerError);
   }
   throw new HTTPException(500, { message: "Unexpected error" });
 }
@@ -738,7 +867,7 @@ function createPlugin(handler, manifest, options) {
     const workerName = new URL(inputs.ref).hostname.split(".")[0];
     PluginRuntimeInfo.getInstance({ ...env, CLOUDFLARE_WORKER_NAME: workerName });
     const command = getCommand(inputs, pluginOptions);
-    const context2 = {
+    const context = {
       eventName: inputs.eventName,
       payload: inputs.eventPayload,
       command,
@@ -751,14 +880,236 @@ function createPlugin(handler, manifest, options) {
       commentHandler: new CommentHandler()
     };
     try {
-      const result = await handler(context2);
+      const result = await handler(context);
       return ctx.json({ stateId: inputs.stateId, output: result ?? {} });
     } catch (error) {
-      await handleError2(context2, pluginOptions, error);
+      await handleError2(context, pluginOptions, error);
     }
   });
   return app;
 }
+// src/llm/index.ts
+var EMPTY_STRING = "";
+function normalizeBaseUrl(baseUrl) {
+  let normalized = baseUrl.trim();
+  while (normalized.endsWith("/")) {
+    normalized = normalized.slice(0, -1);
+  }
+  return normalized;
+}
+var MAX_LLM_RETRIES = 2;
+var RETRY_BACKOFF_MS = [250, 750];
+function getRetryDelayMs(attempt) {
+  return RETRY_BACKOFF_MS[Math.min(attempt, RETRY_BACKOFF_MS.length - 1)] ?? 750;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function getEnvString(name) {
+  if (typeof process === "undefined" || !process?.env) return EMPTY_STRING;
+  return String(process.env[name] ?? EMPTY_STRING).trim();
+}
+function normalizeToken(value) {
+  return typeof value === "string" ? value.trim() : EMPTY_STRING;
+}
+function isGitHubToken(token) {
+  return token.trim().startsWith("gh");
+}
+function getEnvTokenFromInput(input) {
+  if ("env" in input) {
+    const envValue = input.env;
+    if (envValue && typeof envValue === "object") {
+      const token = normalizeToken(envValue.UOS_AI_TOKEN);
+      if (token) return token;
+    }
+  }
+  return getEnvString("UOS_AI_TOKEN");
+}
+function resolveAuthToken(input, aiAuthToken) {
+  const explicit = normalizeToken(aiAuthToken);
+  if (explicit) return { token: explicit, isGitHub: isGitHubToken(explicit) };
+  const envToken = getEnvTokenFromInput(input);
+  if (envToken) return { token: envToken, isGitHub: isGitHubToken(envToken) };
+  const fallback = normalizeToken(input.authToken);
+  if (!fallback) {
+    const err = new Error("Missing auth token; set UOS_AI_TOKEN, pass aiAuthToken, or provide authToken in input");
+    err.status = 401;
+    throw err;
+  }
+  return { token: fallback, isGitHub: isGitHubToken(fallback) };
+}
+function getAiBaseUrl(options) {
+  if (typeof options.baseUrl === "string" && options.baseUrl.trim()) {
+    return normalizeBaseUrl(options.baseUrl);
+  }
+  const envBaseUrl = getEnvString("UOS_AI_URL");
+  if (envBaseUrl) return normalizeBaseUrl(envBaseUrl);
+  return "https://ai.ubq.fi";
+}
+async function callLlm(options, input) {
+  const { baseUrl, model, stream: isStream, messages, aiAuthToken, ...rest } = options;
+  const { token: authToken, isGitHub } = resolveAuthToken(input, aiAuthToken);
+  const kernelToken = "ubiquityKernelToken" in input ? input.ubiquityKernelToken : void 0;
+  const payload = getPayload(input);
+  const { owner, repo, installationId } = getRepoMetadata(payload);
+  ensureMessages(messages);
+  const url = buildAiUrl(options, baseUrl);
+  const body = JSON.stringify({
+    ...rest,
+    ...model ? { model } : {},
+    messages,
+    stream: isStream ?? false
+  });
+  const headers = buildHeaders(authToken, {
+    owner,
+    repo,
+    installationId,
+    ubiquityKernelToken: isGitHub ? kernelToken : void 0
+  });
+  const response = await fetchWithRetry(url, { method: "POST", headers, body }, MAX_LLM_RETRIES);
+  if (isStream) {
+    if (!response.body) {
+      throw new Error("LLM API error: missing response body for streaming request");
+    }
+    return parseSseStream(response.body);
+  }
+  const rawText = await response.text();
+  try {
+    return JSON.parse(rawText);
+  } catch (err) {
+    const preview = rawText ? rawText.slice(0, 1e3) : EMPTY_STRING;
+    const message = "LLM API error: failed to parse JSON response from server" + (preview ? `; response body (truncated): ${preview}` : EMPTY_STRING);
+    const error = new Error(message);
+    error.cause = err;
+    error.status = response.status;
+    throw error;
+  }
+}
+function ensureMessages(messages) {
+  if (!Array.isArray(messages) || messages.length === 0) {
+    const err = new Error("messages must be a non-empty array");
+    err.status = 400;
+    throw err;
+  }
+}
+function buildAiUrl(options, baseUrl) {
+  return `${getAiBaseUrl({ ...options, baseUrl })}/v1/chat/completions`;
+}
+async function fetchWithRetry(url, options, maxRetries) {
+  let attempt = 0;
+  let lastError;
+  while (attempt <= maxRetries) {
+    try {
+      const response = await fetch(url, options);
+      if (response.ok) return response;
+      throw await buildResponseError(response);
+    } catch (error) {
+      lastError = error;
+      if (!shouldRetryError(error, attempt, maxRetries)) throw error;
+      await sleep(getRetryDelayMs(attempt));
+      attempt += 1;
+    }
+  }
+  throw lastError ?? new Error("LLM API error: request failed after retries");
+}
+async function buildResponseError(response) {
+  const errText = await response.text();
+  const error = new Error(`LLM API error: ${response.status} - ${errText}`);
+  error.status = response.status;
+  return error;
+}
+function shouldRetryError(error, attempt, maxRetries) {
+  if (attempt >= maxRetries) return false;
+  const status = getErrorStatus2(error);
+  if (typeof status === "number") {
+    return status >= 500;
+  }
+  return true;
+}
+function getErrorStatus2(error) {
+  return typeof error?.status === "number" ? error.status : void 0;
+}
+function getPayload(input) {
+  if ("payload" in input) {
+    return input.payload;
+  }
+  return input.eventPayload;
+}
+function getRepoMetadata(payload) {
+  const repoPayload = payload;
+  return {
+    owner: repoPayload?.repository?.owner?.login ?? EMPTY_STRING,
+    repo: repoPayload?.repository?.name ?? EMPTY_STRING,
+    installationId: repoPayload?.installation?.id
+  };
+}
+function buildHeaders(authToken, options) {
+  const headers = {
+    Authorization: `Bearer ${authToken}`,
+    "Content-Type": "application/json"
+  };
+  if (options.owner) headers["X-GitHub-Owner"] = options.owner;
+  if (options.repo) headers["X-GitHub-Repo"] = options.repo;
+  if (typeof options.installationId === "number" && Number.isFinite(options.installationId)) {
+    headers["X-GitHub-Installation-Id"] = String(options.installationId);
+  }
+  if (options.ubiquityKernelToken) {
+    headers["X-Ubiquity-Kernel-Token"] = options.ubiquityKernelToken;
+  }
+  return headers;
+}
+async function* parseSseStream(body) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder();
+  let buffer = EMPTY_STRING;
+  try {
+    while (true) {
+      const { value, done: isDone } = await reader.read();
+      if (isDone) break;
+      buffer += decoder.decode(value, { stream: true });
+      const { events, remainder } = splitSseEvents(buffer);
+      buffer = remainder;
+      for (const event of events) {
+        const data = getEventData(event);
+        if (!data) continue;
+        if (data.trim() === "[DONE]") return;
+        yield parseEventData(data);
+      }
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
+function splitSseEvents(buffer) {
+  const normalized = buffer.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
+  const parts = normalized.split("\n\n");
+  const remainder = parts.pop() ?? EMPTY_STRING;
+  return { events: parts, remainder };
+}
+function getEventData(event) {
+  if (!event.trim()) return null;
+  const dataLines = event.split("\n").filter((line) => line.startsWith("data:"));
+  if (!dataLines.length) return null;
+  const data = dataLines.map((line) => line.startsWith("data: ") ? line.slice(6) : line.slice(5).replace(/^ /, EMPTY_STRING)).join("\n");
+  return data || null;
+}
+function parseEventData(data) {
+  try {
+    return JSON.parse(data);
+  } catch (error) {
+    if (data.includes("\n")) {
+      const collapsed = data.replace(/\n/g, EMPTY_STRING);
+      try {
+        return JSON.parse(collapsed);
+      } catch {
+      }
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    const preview = data.length > 200 ? `${data.slice(0, 200)}...` : data;
+    throw new Error(`LLM stream parse error: ${message}. Data: ${preview}`);
+  }
+}
 export {
   CommentHandler,
   callLlm,