npm - @vellumai/credential-executor - Versions diffs - 0.4.55 → 0.4.57 - Mend

@vellumai/credential-executor 0.4.55 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (762) hide show

package/Dockerfile +6 -2
package/node_modules/@vellumai/ces-contracts/bun.lock +29 -0
package/node_modules/@vellumai/ces-contracts/package.json +24 -0
package/node_modules/@vellumai/ces-contracts/src/__tests__/contracts.test.ts +293 -0
package/node_modules/@vellumai/ces-contracts/src/__tests__/grants.test.ts +686 -0
package/node_modules/@vellumai/ces-contracts/src/error.ts +26 -0
package/node_modules/@vellumai/ces-contracts/src/grants.ts +184 -0
package/node_modules/@vellumai/ces-contracts/src/handles.ts +213 -0
package/node_modules/@vellumai/ces-contracts/src/index.ts +147 -0
package/node_modules/@vellumai/ces-contracts/src/rendering.ts +135 -0
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +511 -0
package/node_modules/@vellumai/ces-contracts/tsconfig.json +20 -0
package/node_modules/@vellumai/credential-storage/bun.lock +24 -0
package/node_modules/@vellumai/credential-storage/package.json +17 -0
package/node_modules/@vellumai/credential-storage/src/__tests__/package-boundary.test.ts +151 -0
package/node_modules/@vellumai/credential-storage/src/index.ts +213 -0
package/node_modules/@vellumai/credential-storage/src/oauth-runtime.ts +340 -0
package/node_modules/@vellumai/credential-storage/src/static-credentials.ts +365 -0
package/node_modules/@vellumai/credential-storage/tsconfig.json +20 -0
package/node_modules/@vellumai/egress-proxy/bun.lock +24 -0
package/node_modules/@vellumai/egress-proxy/package.json +17 -0
package/node_modules/@vellumai/egress-proxy/src/__tests__/package-boundary.test.ts +131 -0
package/node_modules/@vellumai/egress-proxy/src/index.ts +54 -0
package/node_modules/@vellumai/egress-proxy/src/session-core.ts +466 -0
package/node_modules/@vellumai/egress-proxy/src/types.ts +227 -0
package/node_modules/@vellumai/egress-proxy/tsconfig.json +20 -0
package/node_modules/zod/LICENSE +21 -0
package/node_modules/zod/README.md +208 -0
package/node_modules/zod/index.cjs +33 -0
package/node_modules/zod/index.d.cts +4 -0
package/node_modules/zod/index.d.ts +4 -0
package/node_modules/zod/index.js +4 -0
package/node_modules/zod/locales/index.cjs +17 -0
package/node_modules/zod/locales/index.d.cts +1 -0
package/node_modules/zod/locales/index.d.ts +1 -0
package/node_modules/zod/locales/index.js +1 -0
package/node_modules/zod/locales/package.json +6 -0
package/node_modules/zod/mini/index.cjs +32 -0
package/node_modules/zod/mini/index.d.cts +3 -0
package/node_modules/zod/mini/index.d.ts +3 -0
package/node_modules/zod/mini/index.js +3 -0
package/node_modules/zod/mini/package.json +6 -0
package/node_modules/zod/package.json +135 -0
package/node_modules/zod/src/index.ts +4 -0
package/node_modules/zod/src/locales/index.ts +1 -0
package/node_modules/zod/src/mini/index.ts +3 -0
package/node_modules/zod/src/v3/ZodError.ts +330 -0
package/node_modules/zod/src/v3/benchmarks/datetime.ts +58 -0
package/node_modules/zod/src/v3/benchmarks/discriminatedUnion.ts +80 -0
package/node_modules/zod/src/v3/benchmarks/index.ts +59 -0
package/node_modules/zod/src/v3/benchmarks/ipv4.ts +57 -0
package/node_modules/zod/src/v3/benchmarks/object.ts +69 -0
package/node_modules/zod/src/v3/benchmarks/primitives.ts +162 -0
package/node_modules/zod/src/v3/benchmarks/realworld.ts +63 -0
package/node_modules/zod/src/v3/benchmarks/string.ts +55 -0
package/node_modules/zod/src/v3/benchmarks/union.ts +80 -0
package/node_modules/zod/src/v3/errors.ts +13 -0
package/node_modules/zod/src/v3/external.ts +6 -0
package/node_modules/zod/src/v3/helpers/enumUtil.ts +17 -0
package/node_modules/zod/src/v3/helpers/errorUtil.ts +8 -0
package/node_modules/zod/src/v3/helpers/parseUtil.ts +176 -0
package/node_modules/zod/src/v3/helpers/partialUtil.ts +34 -0
package/node_modules/zod/src/v3/helpers/typeAliases.ts +2 -0
package/node_modules/zod/src/v3/helpers/util.ts +224 -0
package/node_modules/zod/src/v3/index.ts +4 -0
package/node_modules/zod/src/v3/locales/en.ts +124 -0
package/node_modules/zod/src/v3/standard-schema.ts +113 -0
package/node_modules/zod/src/v3/tests/Mocker.ts +54 -0
package/node_modules/zod/src/v3/tests/all-errors.test.ts +157 -0
package/node_modules/zod/src/v3/tests/anyunknown.test.ts +28 -0
package/node_modules/zod/src/v3/tests/array.test.ts +71 -0
package/node_modules/zod/src/v3/tests/async-parsing.test.ts +388 -0
package/node_modules/zod/src/v3/tests/async-refinements.test.ts +46 -0
package/node_modules/zod/src/v3/tests/base.test.ts +29 -0
package/node_modules/zod/src/v3/tests/bigint.test.ts +55 -0
package/node_modules/zod/src/v3/tests/branded.test.ts +53 -0
package/node_modules/zod/src/v3/tests/catch.test.ts +220 -0
package/node_modules/zod/src/v3/tests/coerce.test.ts +133 -0
package/node_modules/zod/src/v3/tests/complex.test.ts +70 -0
package/node_modules/zod/src/v3/tests/custom.test.ts +31 -0
package/node_modules/zod/src/v3/tests/date.test.ts +32 -0
package/node_modules/zod/src/v3/tests/deepmasking.test.ts +186 -0
package/node_modules/zod/src/v3/tests/default.test.ts +112 -0
package/node_modules/zod/src/v3/tests/description.test.ts +33 -0
package/node_modules/zod/src/v3/tests/discriminated-unions.test.ts +315 -0
package/node_modules/zod/src/v3/tests/enum.test.ts +80 -0
package/node_modules/zod/src/v3/tests/error.test.ts +551 -0
package/node_modules/zod/src/v3/tests/firstparty.test.ts +87 -0
package/node_modules/zod/src/v3/tests/firstpartyschematypes.test.ts +21 -0
package/node_modules/zod/src/v3/tests/function.test.ts +261 -0
package/node_modules/zod/src/v3/tests/generics.test.ts +48 -0
package/node_modules/zod/src/v3/tests/instanceof.test.ts +37 -0
package/node_modules/zod/src/v3/tests/intersection.test.ts +110 -0
package/node_modules/zod/src/v3/tests/language-server.source.ts +76 -0
package/node_modules/zod/src/v3/tests/language-server.test.ts +207 -0
package/node_modules/zod/src/v3/tests/literal.test.ts +36 -0
package/node_modules/zod/src/v3/tests/map.test.ts +110 -0
package/node_modules/zod/src/v3/tests/masking.test.ts +4 -0
package/node_modules/zod/src/v3/tests/mocker.test.ts +19 -0
package/node_modules/zod/src/v3/tests/nan.test.ts +24 -0
package/node_modules/zod/src/v3/tests/nativeEnum.test.ts +87 -0
package/node_modules/zod/src/v3/tests/nullable.test.ts +42 -0
package/node_modules/zod/src/v3/tests/number.test.ts +176 -0
package/node_modules/zod/src/v3/tests/object-augmentation.test.ts +29 -0
package/node_modules/zod/src/v3/tests/object-in-es5-env.test.ts +29 -0
package/node_modules/zod/src/v3/tests/object.test.ts +434 -0
package/node_modules/zod/src/v3/tests/optional.test.ts +42 -0
package/node_modules/zod/src/v3/tests/parseUtil.test.ts +23 -0
package/node_modules/zod/src/v3/tests/parser.test.ts +41 -0
package/node_modules/zod/src/v3/tests/partials.test.ts +243 -0
package/node_modules/zod/src/v3/tests/pickomit.test.ts +111 -0
package/node_modules/zod/src/v3/tests/pipeline.test.ts +29 -0
package/node_modules/zod/src/v3/tests/preprocess.test.ts +186 -0
package/node_modules/zod/src/v3/tests/primitive.test.ts +440 -0
package/node_modules/zod/src/v3/tests/promise.test.ts +90 -0
package/node_modules/zod/src/v3/tests/readonly.test.ts +194 -0
package/node_modules/zod/src/v3/tests/record.test.ts +171 -0
package/node_modules/zod/src/v3/tests/recursive.test.ts +197 -0
package/node_modules/zod/src/v3/tests/refine.test.ts +313 -0
package/node_modules/zod/src/v3/tests/safeparse.test.ts +27 -0
package/node_modules/zod/src/v3/tests/set.test.ts +142 -0
package/node_modules/zod/src/v3/tests/standard-schema.test.ts +83 -0
package/node_modules/zod/src/v3/tests/string.test.ts +916 -0
package/node_modules/zod/src/v3/tests/transformer.test.ts +233 -0
package/node_modules/zod/src/v3/tests/tuple.test.ts +90 -0
package/node_modules/zod/src/v3/tests/unions.test.ts +57 -0
package/node_modules/zod/src/v3/tests/validations.test.ts +133 -0
package/node_modules/zod/src/v3/tests/void.test.ts +15 -0
package/node_modules/zod/src/v3/types.ts +5138 -0
package/node_modules/zod/src/v4/classic/checks.ts +32 -0
package/node_modules/zod/src/v4/classic/coerce.ts +27 -0
package/node_modules/zod/src/v4/classic/compat.ts +70 -0
package/node_modules/zod/src/v4/classic/errors.ts +82 -0
package/node_modules/zod/src/v4/classic/external.ts +51 -0
package/node_modules/zod/src/v4/classic/from-json-schema.ts +643 -0
package/node_modules/zod/src/v4/classic/index.ts +5 -0
package/node_modules/zod/src/v4/classic/iso.ts +90 -0
package/node_modules/zod/src/v4/classic/parse.ts +82 -0
package/node_modules/zod/src/v4/classic/schemas.ts +2409 -0
package/node_modules/zod/src/v4/classic/tests/anyunknown.test.ts +26 -0
package/node_modules/zod/src/v4/classic/tests/apply.test.ts +59 -0
package/node_modules/zod/src/v4/classic/tests/array.test.ts +264 -0
package/node_modules/zod/src/v4/classic/tests/assignability.test.ts +210 -0
package/node_modules/zod/src/v4/classic/tests/async-parsing.test.ts +381 -0
package/node_modules/zod/src/v4/classic/tests/async-refinements.test.ts +68 -0
package/node_modules/zod/src/v4/classic/tests/base.test.ts +7 -0
package/node_modules/zod/src/v4/classic/tests/bigint.test.ts +54 -0
package/node_modules/zod/src/v4/classic/tests/brand.test.ts +106 -0
package/node_modules/zod/src/v4/classic/tests/catch.test.ts +276 -0
package/node_modules/zod/src/v4/classic/tests/coalesce.test.ts +20 -0
package/node_modules/zod/src/v4/classic/tests/codec-examples.test.ts +573 -0
package/node_modules/zod/src/v4/classic/tests/codec.test.ts +562 -0
package/node_modules/zod/src/v4/classic/tests/coerce.test.ts +160 -0
package/node_modules/zod/src/v4/classic/tests/continuability.test.ts +374 -0
package/node_modules/zod/src/v4/classic/tests/custom.test.ts +40 -0
package/node_modules/zod/src/v4/classic/tests/date.test.ts +62 -0
package/node_modules/zod/src/v4/classic/tests/datetime.test.ts +302 -0
package/node_modules/zod/src/v4/classic/tests/default.test.ts +365 -0
package/node_modules/zod/src/v4/classic/tests/describe-meta-checks.test.ts +27 -0
package/node_modules/zod/src/v4/classic/tests/description.test.ts +32 -0
package/node_modules/zod/src/v4/classic/tests/discriminated-unions.test.ts +661 -0
package/node_modules/zod/src/v4/classic/tests/enum.test.ts +285 -0
package/node_modules/zod/src/v4/classic/tests/error-utils.test.ts +595 -0
package/node_modules/zod/src/v4/classic/tests/error.test.ts +711 -0
package/node_modules/zod/src/v4/classic/tests/file.test.ts +96 -0
package/node_modules/zod/src/v4/classic/tests/firstparty.test.ts +179 -0
package/node_modules/zod/src/v4/classic/tests/fix-json-issue.test.ts +26 -0
package/node_modules/zod/src/v4/classic/tests/from-json-schema.test.ts +734 -0
package/node_modules/zod/src/v4/classic/tests/function.test.ts +360 -0
package/node_modules/zod/src/v4/classic/tests/generics.test.ts +72 -0
package/node_modules/zod/src/v4/classic/tests/hash.test.ts +68 -0
package/node_modules/zod/src/v4/classic/tests/index.test.ts +939 -0
package/node_modules/zod/src/v4/classic/tests/instanceof.test.ts +60 -0
package/node_modules/zod/src/v4/classic/tests/intersection.test.ts +198 -0
package/node_modules/zod/src/v4/classic/tests/json.test.ts +109 -0
package/node_modules/zod/src/v4/classic/tests/lazy.test.ts +227 -0
package/node_modules/zod/src/v4/classic/tests/literal.test.ts +117 -0
package/node_modules/zod/src/v4/classic/tests/map.test.ts +330 -0
package/node_modules/zod/src/v4/classic/tests/nan.test.ts +21 -0
package/node_modules/zod/src/v4/classic/tests/nested-refine.test.ts +168 -0
package/node_modules/zod/src/v4/classic/tests/nonoptional.test.ts +101 -0
package/node_modules/zod/src/v4/classic/tests/nullable.test.ts +22 -0
package/node_modules/zod/src/v4/classic/tests/number.test.ts +270 -0
package/node_modules/zod/src/v4/classic/tests/object.test.ts +640 -0
package/node_modules/zod/src/v4/classic/tests/optional.test.ts +223 -0
package/node_modules/zod/src/v4/classic/tests/partial.test.ts +427 -0
package/node_modules/zod/src/v4/classic/tests/pickomit.test.ts +211 -0
package/node_modules/zod/src/v4/classic/tests/pipe.test.ts +101 -0
package/node_modules/zod/src/v4/classic/tests/prefault.test.ts +74 -0
package/node_modules/zod/src/v4/classic/tests/preprocess.test.ts +282 -0
package/node_modules/zod/src/v4/classic/tests/primitive.test.ts +175 -0
package/node_modules/zod/src/v4/classic/tests/promise.test.ts +81 -0
package/node_modules/zod/src/v4/classic/tests/prototypes.test.ts +23 -0
package/node_modules/zod/src/v4/classic/tests/readonly.test.ts +252 -0
package/node_modules/zod/src/v4/classic/tests/record.test.ts +632 -0
package/node_modules/zod/src/v4/classic/tests/recursive-types.test.ts +582 -0
package/node_modules/zod/src/v4/classic/tests/refine.test.ts +570 -0
package/node_modules/zod/src/v4/classic/tests/registries.test.ts +243 -0
package/node_modules/zod/src/v4/classic/tests/set.test.ts +181 -0
package/node_modules/zod/src/v4/classic/tests/standard-schema.test.ts +134 -0
package/node_modules/zod/src/v4/classic/tests/string-formats.test.ts +125 -0
package/node_modules/zod/src/v4/classic/tests/string.test.ts +1175 -0
package/node_modules/zod/src/v4/classic/tests/stringbool.test.ts +106 -0
package/node_modules/zod/src/v4/classic/tests/template-literal.test.ts +771 -0
package/node_modules/zod/src/v4/classic/tests/to-json-schema-methods.test.ts +438 -0
package/node_modules/zod/src/v4/classic/tests/to-json-schema.test.ts +2990 -0
package/node_modules/zod/src/v4/classic/tests/transform.test.ts +361 -0
package/node_modules/zod/src/v4/classic/tests/tuple.test.ts +183 -0
package/node_modules/zod/src/v4/classic/tests/union.test.ts +219 -0
package/node_modules/zod/src/v4/classic/tests/url.test.ts +13 -0
package/node_modules/zod/src/v4/classic/tests/validations.test.ts +283 -0
package/node_modules/zod/src/v4/classic/tests/void.test.ts +12 -0
package/node_modules/zod/src/v4/core/api.ts +1798 -0
package/node_modules/zod/src/v4/core/checks.ts +1293 -0
package/node_modules/zod/src/v4/core/config.ts +15 -0
package/node_modules/zod/src/v4/core/core.ts +138 -0
package/node_modules/zod/src/v4/core/doc.ts +44 -0
package/node_modules/zod/src/v4/core/errors.ts +448 -0
package/node_modules/zod/src/v4/core/index.ts +16 -0
package/node_modules/zod/src/v4/core/json-schema-generator.ts +126 -0
package/node_modules/zod/src/v4/core/json-schema-processors.ts +667 -0
package/node_modules/zod/src/v4/core/json-schema.ts +147 -0
package/node_modules/zod/src/v4/core/parse.ts +195 -0
package/node_modules/zod/src/v4/core/regexes.ts +183 -0
package/node_modules/zod/src/v4/core/registries.ts +105 -0
package/node_modules/zod/src/v4/core/schemas.ts +4538 -0
package/node_modules/zod/src/v4/core/standard-schema.ts +159 -0
package/node_modules/zod/src/v4/core/tests/extend.test.ts +59 -0
package/node_modules/zod/src/v4/core/tests/index.test.ts +46 -0
package/node_modules/zod/src/v4/core/tests/locales/be.test.ts +124 -0
package/node_modules/zod/src/v4/core/tests/locales/en.test.ts +22 -0
package/node_modules/zod/src/v4/core/tests/locales/es.test.ts +181 -0
package/node_modules/zod/src/v4/core/tests/locales/he.test.ts +379 -0
package/node_modules/zod/src/v4/core/tests/locales/nl.test.ts +46 -0
package/node_modules/zod/src/v4/core/tests/locales/ru.test.ts +128 -0
package/node_modules/zod/src/v4/core/tests/locales/tr.test.ts +69 -0
package/node_modules/zod/src/v4/core/tests/locales/uz.test.ts +83 -0
package/node_modules/zod/src/v4/core/tests/record-constructor.test.ts +67 -0
package/node_modules/zod/src/v4/core/tests/recursive-tuples.test.ts +45 -0
package/node_modules/zod/src/v4/core/to-json-schema.ts +613 -0
package/node_modules/zod/src/v4/core/util.ts +966 -0
package/node_modules/zod/src/v4/core/versions.ts +5 -0
package/node_modules/zod/src/v4/core/zsf.ts +323 -0
package/node_modules/zod/src/v4/index.ts +4 -0
package/node_modules/zod/src/v4/locales/ar.ts +115 -0
package/node_modules/zod/src/v4/locales/az.ts +111 -0
package/node_modules/zod/src/v4/locales/be.ts +176 -0
package/node_modules/zod/src/v4/locales/bg.ts +128 -0
package/node_modules/zod/src/v4/locales/ca.ts +116 -0
package/node_modules/zod/src/v4/locales/cs.ts +118 -0
package/node_modules/zod/src/v4/locales/da.ts +123 -0
package/node_modules/zod/src/v4/locales/de.ts +116 -0
package/node_modules/zod/src/v4/locales/en.ts +119 -0
package/node_modules/zod/src/v4/locales/eo.ts +118 -0
package/node_modules/zod/src/v4/locales/es.ts +141 -0
package/node_modules/zod/src/v4/locales/fa.ts +126 -0
package/node_modules/zod/src/v4/locales/fi.ts +121 -0
package/node_modules/zod/src/v4/locales/fr-CA.ts +116 -0
package/node_modules/zod/src/v4/locales/fr.ts +116 -0
package/node_modules/zod/src/v4/locales/he.ts +246 -0
package/node_modules/zod/src/v4/locales/hu.ts +117 -0
package/node_modules/zod/src/v4/locales/hy.ts +164 -0
package/node_modules/zod/src/v4/locales/id.ts +115 -0
package/node_modules/zod/src/v4/locales/index.ts +49 -0
package/node_modules/zod/src/v4/locales/is.ts +119 -0
package/node_modules/zod/src/v4/locales/it.ts +116 -0
package/node_modules/zod/src/v4/locales/ja.ts +114 -0
package/node_modules/zod/src/v4/locales/ka.ts +123 -0
package/node_modules/zod/src/v4/locales/kh.ts +7 -0
package/node_modules/zod/src/v4/locales/km.ts +119 -0
package/node_modules/zod/src/v4/locales/ko.ts +121 -0
package/node_modules/zod/src/v4/locales/lt.ts +239 -0
package/node_modules/zod/src/v4/locales/mk.ts +118 -0
package/node_modules/zod/src/v4/locales/ms.ts +115 -0
package/node_modules/zod/src/v4/locales/nl.ts +121 -0
package/node_modules/zod/src/v4/locales/no.ts +116 -0
package/node_modules/zod/src/v4/locales/ota.ts +117 -0
package/node_modules/zod/src/v4/locales/pl.ts +118 -0
package/node_modules/zod/src/v4/locales/ps.ts +126 -0
package/node_modules/zod/src/v4/locales/pt.ts +116 -0
package/node_modules/zod/src/v4/locales/ru.ts +176 -0
package/node_modules/zod/src/v4/locales/sl.ts +118 -0
package/node_modules/zod/src/v4/locales/sv.ts +119 -0
package/node_modules/zod/src/v4/locales/ta.ts +118 -0
package/node_modules/zod/src/v4/locales/th.ts +119 -0
package/node_modules/zod/src/v4/locales/tr.ts +111 -0
package/node_modules/zod/src/v4/locales/ua.ts +7 -0
package/node_modules/zod/src/v4/locales/uk.ts +117 -0
package/node_modules/zod/src/v4/locales/ur.ts +119 -0
package/node_modules/zod/src/v4/locales/uz.ts +116 -0
package/node_modules/zod/src/v4/locales/vi.ts +117 -0
package/node_modules/zod/src/v4/locales/yo.ts +124 -0
package/node_modules/zod/src/v4/locales/zh-CN.ts +116 -0
package/node_modules/zod/src/v4/locales/zh-TW.ts +115 -0
package/node_modules/zod/src/v4/mini/checks.ts +32 -0
package/node_modules/zod/src/v4/mini/coerce.ts +27 -0
package/node_modules/zod/src/v4/mini/external.ts +40 -0
package/node_modules/zod/src/v4/mini/index.ts +3 -0
package/node_modules/zod/src/v4/mini/iso.ts +66 -0
package/node_modules/zod/src/v4/mini/parse.ts +14 -0
package/node_modules/zod/src/v4/mini/schemas.ts +1916 -0
package/node_modules/zod/src/v4/mini/tests/apply.test.ts +24 -0
package/node_modules/zod/src/v4/mini/tests/assignability.test.ts +129 -0
package/node_modules/zod/src/v4/mini/tests/brand.test.ts +94 -0
package/node_modules/zod/src/v4/mini/tests/checks.test.ts +144 -0
package/node_modules/zod/src/v4/mini/tests/codec.test.ts +529 -0
package/node_modules/zod/src/v4/mini/tests/computed.test.ts +36 -0
package/node_modules/zod/src/v4/mini/tests/error.test.ts +22 -0
package/node_modules/zod/src/v4/mini/tests/functions.test.ts +5 -0
package/node_modules/zod/src/v4/mini/tests/index.test.ts +963 -0
package/node_modules/zod/src/v4/mini/tests/number.test.ts +95 -0
package/node_modules/zod/src/v4/mini/tests/object.test.ts +227 -0
package/node_modules/zod/src/v4/mini/tests/prototypes.test.ts +43 -0
package/node_modules/zod/src/v4/mini/tests/recursive-types.test.ts +275 -0
package/node_modules/zod/src/v4/mini/tests/standard-schema.test.ts +50 -0
package/node_modules/zod/src/v4/mini/tests/string.test.ts +347 -0
package/node_modules/zod/src/v4-mini/index.ts +3 -0
package/node_modules/zod/v3/ZodError.cjs +138 -0
package/node_modules/zod/v3/ZodError.d.cts +164 -0
package/node_modules/zod/v3/ZodError.d.ts +164 -0
package/node_modules/zod/v3/ZodError.js +133 -0
package/node_modules/zod/v3/errors.cjs +17 -0
package/node_modules/zod/v3/errors.d.cts +5 -0
package/node_modules/zod/v3/errors.d.ts +5 -0
package/node_modules/zod/v3/errors.js +9 -0
package/node_modules/zod/v3/external.cjs +22 -0
package/node_modules/zod/v3/external.d.cts +6 -0
package/node_modules/zod/v3/external.d.ts +6 -0
package/node_modules/zod/v3/external.js +6 -0
package/node_modules/zod/v3/helpers/enumUtil.cjs +2 -0
package/node_modules/zod/v3/helpers/enumUtil.d.cts +8 -0
package/node_modules/zod/v3/helpers/enumUtil.d.ts +8 -0
package/node_modules/zod/v3/helpers/enumUtil.js +1 -0
package/node_modules/zod/v3/helpers/errorUtil.cjs +9 -0
package/node_modules/zod/v3/helpers/errorUtil.d.cts +9 -0
package/node_modules/zod/v3/helpers/errorUtil.d.ts +9 -0
package/node_modules/zod/v3/helpers/errorUtil.js +6 -0
package/node_modules/zod/v3/helpers/parseUtil.cjs +124 -0
package/node_modules/zod/v3/helpers/parseUtil.d.cts +78 -0
package/node_modules/zod/v3/helpers/parseUtil.d.ts +78 -0
package/node_modules/zod/v3/helpers/parseUtil.js +109 -0
package/node_modules/zod/v3/helpers/partialUtil.cjs +2 -0
package/node_modules/zod/v3/helpers/partialUtil.d.cts +8 -0
package/node_modules/zod/v3/helpers/partialUtil.d.ts +8 -0
package/node_modules/zod/v3/helpers/partialUtil.js +1 -0
package/node_modules/zod/v3/helpers/typeAliases.cjs +2 -0
package/node_modules/zod/v3/helpers/typeAliases.d.cts +2 -0
package/node_modules/zod/v3/helpers/typeAliases.d.ts +2 -0
package/node_modules/zod/v3/helpers/typeAliases.js +1 -0
package/node_modules/zod/v3/helpers/util.cjs +137 -0
package/node_modules/zod/v3/helpers/util.d.cts +85 -0
package/node_modules/zod/v3/helpers/util.d.ts +85 -0
package/node_modules/zod/v3/helpers/util.js +133 -0
package/node_modules/zod/v3/index.cjs +33 -0
package/node_modules/zod/v3/index.d.cts +4 -0
package/node_modules/zod/v3/index.d.ts +4 -0
package/node_modules/zod/v3/index.js +4 -0
package/node_modules/zod/v3/locales/en.cjs +112 -0
package/node_modules/zod/v3/locales/en.d.cts +3 -0
package/node_modules/zod/v3/locales/en.d.ts +3 -0
package/node_modules/zod/v3/locales/en.js +109 -0
package/node_modules/zod/v3/package.json +6 -0
package/node_modules/zod/v3/standard-schema.cjs +2 -0
package/node_modules/zod/v3/standard-schema.d.cts +102 -0
package/node_modules/zod/v3/standard-schema.d.ts +102 -0
package/node_modules/zod/v3/standard-schema.js +1 -0
package/node_modules/zod/v3/types.cjs +3777 -0
package/node_modules/zod/v3/types.d.cts +1034 -0
package/node_modules/zod/v3/types.d.ts +1034 -0
package/node_modules/zod/v3/types.js +3695 -0
package/node_modules/zod/v4/classic/checks.cjs +33 -0
package/node_modules/zod/v4/classic/checks.d.cts +1 -0
package/node_modules/zod/v4/classic/checks.d.ts +1 -0
package/node_modules/zod/v4/classic/checks.js +1 -0
package/node_modules/zod/v4/classic/coerce.cjs +47 -0
package/node_modules/zod/v4/classic/coerce.d.cts +17 -0
package/node_modules/zod/v4/classic/coerce.d.ts +17 -0
package/node_modules/zod/v4/classic/coerce.js +17 -0
package/node_modules/zod/v4/classic/compat.cjs +61 -0
package/node_modules/zod/v4/classic/compat.d.cts +50 -0
package/node_modules/zod/v4/classic/compat.d.ts +50 -0
package/node_modules/zod/v4/classic/compat.js +31 -0
package/node_modules/zod/v4/classic/errors.cjs +74 -0
package/node_modules/zod/v4/classic/errors.d.cts +30 -0
package/node_modules/zod/v4/classic/errors.d.ts +30 -0
package/node_modules/zod/v4/classic/errors.js +48 -0
package/node_modules/zod/v4/classic/external.cjs +73 -0
package/node_modules/zod/v4/classic/external.d.cts +15 -0
package/node_modules/zod/v4/classic/external.d.ts +15 -0
package/node_modules/zod/v4/classic/external.js +20 -0
package/node_modules/zod/v4/classic/from-json-schema.cjs +610 -0
package/node_modules/zod/v4/classic/from-json-schema.d.cts +12 -0
package/node_modules/zod/v4/classic/from-json-schema.d.ts +12 -0
package/node_modules/zod/v4/classic/from-json-schema.js +584 -0
package/node_modules/zod/v4/classic/index.cjs +33 -0
package/node_modules/zod/v4/classic/index.d.cts +4 -0
package/node_modules/zod/v4/classic/index.d.ts +4 -0
package/node_modules/zod/v4/classic/index.js +4 -0
package/node_modules/zod/v4/classic/iso.cjs +60 -0
package/node_modules/zod/v4/classic/iso.d.cts +22 -0
package/node_modules/zod/v4/classic/iso.d.ts +22 -0
package/node_modules/zod/v4/classic/iso.js +30 -0
package/node_modules/zod/v4/classic/package.json +6 -0
package/node_modules/zod/v4/classic/parse.cjs +41 -0
package/node_modules/zod/v4/classic/parse.d.cts +31 -0
package/node_modules/zod/v4/classic/parse.d.ts +31 -0
package/node_modules/zod/v4/classic/parse.js +15 -0
package/node_modules/zod/v4/classic/schemas.cjs +1272 -0
package/node_modules/zod/v4/classic/schemas.d.cts +739 -0
package/node_modules/zod/v4/classic/schemas.d.ts +739 -0
package/node_modules/zod/v4/classic/schemas.js +1157 -0
package/node_modules/zod/v4/core/api.cjs +1222 -0
package/node_modules/zod/v4/core/api.d.cts +304 -0
package/node_modules/zod/v4/core/api.d.ts +304 -0
package/node_modules/zod/v4/core/api.js +1082 -0
package/node_modules/zod/v4/core/checks.cjs +601 -0
package/node_modules/zod/v4/core/checks.d.cts +278 -0
package/node_modules/zod/v4/core/checks.d.ts +278 -0
package/node_modules/zod/v4/core/checks.js +575 -0
package/node_modules/zod/v4/core/core.cjs +83 -0
package/node_modules/zod/v4/core/core.d.cts +70 -0
package/node_modules/zod/v4/core/core.d.ts +70 -0
package/node_modules/zod/v4/core/core.js +76 -0
package/node_modules/zod/v4/core/doc.cjs +39 -0
package/node_modules/zod/v4/core/doc.d.cts +14 -0
package/node_modules/zod/v4/core/doc.d.ts +14 -0
package/node_modules/zod/v4/core/doc.js +35 -0
package/node_modules/zod/v4/core/errors.cjs +213 -0
package/node_modules/zod/v4/core/errors.d.cts +220 -0
package/node_modules/zod/v4/core/errors.d.ts +220 -0
package/node_modules/zod/v4/core/errors.js +182 -0
package/node_modules/zod/v4/core/index.cjs +47 -0
package/node_modules/zod/v4/core/index.d.cts +16 -0
package/node_modules/zod/v4/core/index.d.ts +16 -0
package/node_modules/zod/v4/core/index.js +16 -0
package/node_modules/zod/v4/core/json-schema-generator.cjs +99 -0
package/node_modules/zod/v4/core/json-schema-generator.d.cts +65 -0
package/node_modules/zod/v4/core/json-schema-generator.d.ts +65 -0
package/node_modules/zod/v4/core/json-schema-generator.js +95 -0
package/node_modules/zod/v4/core/json-schema-processors.cjs +648 -0
package/node_modules/zod/v4/core/json-schema-processors.d.cts +49 -0
package/node_modules/zod/v4/core/json-schema-processors.d.ts +49 -0
package/node_modules/zod/v4/core/json-schema-processors.js +605 -0
package/node_modules/zod/v4/core/json-schema.cjs +2 -0
package/node_modules/zod/v4/core/json-schema.d.cts +88 -0
package/node_modules/zod/v4/core/json-schema.d.ts +88 -0
package/node_modules/zod/v4/core/json-schema.js +1 -0
package/node_modules/zod/v4/core/package.json +6 -0
package/node_modules/zod/v4/core/parse.cjs +131 -0
package/node_modules/zod/v4/core/parse.d.cts +49 -0
package/node_modules/zod/v4/core/parse.d.ts +49 -0
package/node_modules/zod/v4/core/parse.js +93 -0
package/node_modules/zod/v4/core/regexes.cjs +166 -0
package/node_modules/zod/v4/core/regexes.d.cts +79 -0
package/node_modules/zod/v4/core/regexes.d.ts +79 -0
package/node_modules/zod/v4/core/regexes.js +133 -0
package/node_modules/zod/v4/core/registries.cjs +56 -0
package/node_modules/zod/v4/core/registries.d.cts +35 -0
package/node_modules/zod/v4/core/registries.d.ts +35 -0
package/node_modules/zod/v4/core/registries.js +51 -0
package/node_modules/zod/v4/core/schemas.cjs +2124 -0
package/node_modules/zod/v4/core/schemas.d.cts +1146 -0
package/node_modules/zod/v4/core/schemas.d.ts +1146 -0
package/node_modules/zod/v4/core/schemas.js +2093 -0
package/node_modules/zod/v4/core/standard-schema.cjs +2 -0
package/node_modules/zod/v4/core/standard-schema.d.cts +126 -0
package/node_modules/zod/v4/core/standard-schema.d.ts +126 -0
package/node_modules/zod/v4/core/standard-schema.js +1 -0
package/node_modules/zod/v4/core/to-json-schema.cjs +446 -0
package/node_modules/zod/v4/core/to-json-schema.d.cts +114 -0
package/node_modules/zod/v4/core/to-json-schema.d.ts +114 -0
package/node_modules/zod/v4/core/to-json-schema.js +437 -0
package/node_modules/zod/v4/core/util.cjs +710 -0
package/node_modules/zod/v4/core/util.d.cts +199 -0
package/node_modules/zod/v4/core/util.d.ts +199 -0
package/node_modules/zod/v4/core/util.js +651 -0
package/node_modules/zod/v4/core/versions.cjs +8 -0
package/node_modules/zod/v4/core/versions.d.cts +5 -0
package/node_modules/zod/v4/core/versions.d.ts +5 -0
package/node_modules/zod/v4/core/versions.js +5 -0
package/node_modules/zod/v4/index.cjs +22 -0
package/node_modules/zod/v4/index.d.cts +3 -0
package/node_modules/zod/v4/index.d.ts +3 -0
package/node_modules/zod/v4/index.js +3 -0
package/node_modules/zod/v4/locales/ar.cjs +133 -0
package/node_modules/zod/v4/locales/ar.d.cts +5 -0
package/node_modules/zod/v4/locales/ar.d.ts +4 -0
package/node_modules/zod/v4/locales/ar.js +106 -0
package/node_modules/zod/v4/locales/az.cjs +132 -0
package/node_modules/zod/v4/locales/az.d.cts +5 -0
package/node_modules/zod/v4/locales/az.d.ts +4 -0
package/node_modules/zod/v4/locales/az.js +105 -0
package/node_modules/zod/v4/locales/be.cjs +183 -0
package/node_modules/zod/v4/locales/be.d.cts +5 -0
package/node_modules/zod/v4/locales/be.d.ts +4 -0
package/node_modules/zod/v4/locales/be.js +156 -0
package/node_modules/zod/v4/locales/bg.cjs +147 -0
package/node_modules/zod/v4/locales/bg.d.cts +5 -0
package/node_modules/zod/v4/locales/bg.d.ts +4 -0
package/node_modules/zod/v4/locales/bg.js +120 -0
package/node_modules/zod/v4/locales/ca.cjs +134 -0
package/node_modules/zod/v4/locales/ca.d.cts +5 -0
package/node_modules/zod/v4/locales/ca.d.ts +4 -0
package/node_modules/zod/v4/locales/ca.js +107 -0
package/node_modules/zod/v4/locales/cs.cjs +138 -0
package/node_modules/zod/v4/locales/cs.d.cts +5 -0
package/node_modules/zod/v4/locales/cs.d.ts +4 -0
package/node_modules/zod/v4/locales/cs.js +111 -0
package/node_modules/zod/v4/locales/da.cjs +142 -0
package/node_modules/zod/v4/locales/da.d.cts +5 -0
package/node_modules/zod/v4/locales/da.d.ts +4 -0
package/node_modules/zod/v4/locales/da.js +115 -0
package/node_modules/zod/v4/locales/de.cjs +135 -0
package/node_modules/zod/v4/locales/de.d.cts +5 -0
package/node_modules/zod/v4/locales/de.d.ts +4 -0
package/node_modules/zod/v4/locales/de.js +108 -0
package/node_modules/zod/v4/locales/en.cjs +136 -0
package/node_modules/zod/v4/locales/en.d.cts +5 -0
package/node_modules/zod/v4/locales/en.d.ts +4 -0
package/node_modules/zod/v4/locales/en.js +109 -0
package/node_modules/zod/v4/locales/eo.cjs +136 -0
package/node_modules/zod/v4/locales/eo.d.cts +5 -0
package/node_modules/zod/v4/locales/eo.d.ts +4 -0
package/node_modules/zod/v4/locales/eo.js +109 -0
package/node_modules/zod/v4/locales/es.cjs +159 -0
package/node_modules/zod/v4/locales/es.d.cts +5 -0
package/node_modules/zod/v4/locales/es.d.ts +4 -0
package/node_modules/zod/v4/locales/es.js +132 -0
package/node_modules/zod/v4/locales/fa.cjs +141 -0
package/node_modules/zod/v4/locales/fa.d.cts +5 -0
package/node_modules/zod/v4/locales/fa.d.ts +4 -0
package/node_modules/zod/v4/locales/fa.js +114 -0
package/node_modules/zod/v4/locales/fi.cjs +139 -0
package/node_modules/zod/v4/locales/fi.d.cts +5 -0
package/node_modules/zod/v4/locales/fi.d.ts +4 -0
package/node_modules/zod/v4/locales/fi.js +112 -0
package/node_modules/zod/v4/locales/fr-CA.cjs +134 -0
package/node_modules/zod/v4/locales/fr-CA.d.cts +5 -0
package/node_modules/zod/v4/locales/fr-CA.d.ts +4 -0
package/node_modules/zod/v4/locales/fr-CA.js +107 -0
package/node_modules/zod/v4/locales/fr.cjs +135 -0
package/node_modules/zod/v4/locales/fr.d.cts +5 -0
package/node_modules/zod/v4/locales/fr.d.ts +4 -0
package/node_modules/zod/v4/locales/fr.js +108 -0
package/node_modules/zod/v4/locales/he.cjs +241 -0
package/node_modules/zod/v4/locales/he.d.cts +5 -0
package/node_modules/zod/v4/locales/he.d.ts +4 -0
package/node_modules/zod/v4/locales/he.js +214 -0
package/node_modules/zod/v4/locales/hu.cjs +135 -0
package/node_modules/zod/v4/locales/hu.d.cts +5 -0
package/node_modules/zod/v4/locales/hu.d.ts +4 -0
package/node_modules/zod/v4/locales/hu.js +108 -0
package/node_modules/zod/v4/locales/hy.cjs +174 -0
package/node_modules/zod/v4/locales/hy.d.cts +5 -0
package/node_modules/zod/v4/locales/hy.d.ts +4 -0
package/node_modules/zod/v4/locales/hy.js +147 -0
package/node_modules/zod/v4/locales/id.cjs +133 -0
package/node_modules/zod/v4/locales/id.d.cts +5 -0
package/node_modules/zod/v4/locales/id.d.ts +4 -0
package/node_modules/zod/v4/locales/id.js +106 -0
package/node_modules/zod/v4/locales/index.cjs +104 -0
package/node_modules/zod/v4/locales/index.d.cts +49 -0
package/node_modules/zod/v4/locales/index.d.ts +49 -0
package/node_modules/zod/v4/locales/index.js +49 -0
package/node_modules/zod/v4/locales/is.cjs +136 -0
package/node_modules/zod/v4/locales/is.d.cts +5 -0
package/node_modules/zod/v4/locales/is.d.ts +4 -0
package/node_modules/zod/v4/locales/is.js +109 -0
package/node_modules/zod/v4/locales/it.cjs +135 -0
package/node_modules/zod/v4/locales/it.d.cts +5 -0
package/node_modules/zod/v4/locales/it.d.ts +4 -0
package/node_modules/zod/v4/locales/it.js +108 -0
package/node_modules/zod/v4/locales/ja.cjs +134 -0
package/node_modules/zod/v4/locales/ja.d.cts +5 -0
package/node_modules/zod/v4/locales/ja.d.ts +4 -0
package/node_modules/zod/v4/locales/ja.js +107 -0
package/node_modules/zod/v4/locales/ka.cjs +139 -0
package/node_modules/zod/v4/locales/ka.d.cts +5 -0
package/node_modules/zod/v4/locales/ka.d.ts +4 -0
package/node_modules/zod/v4/locales/ka.js +112 -0
package/node_modules/zod/v4/locales/kh.cjs +12 -0
package/node_modules/zod/v4/locales/kh.d.cts +5 -0
package/node_modules/zod/v4/locales/kh.d.ts +5 -0
package/node_modules/zod/v4/locales/kh.js +5 -0
package/node_modules/zod/v4/locales/km.cjs +137 -0
package/node_modules/zod/v4/locales/km.d.cts +5 -0
package/node_modules/zod/v4/locales/km.d.ts +4 -0
package/node_modules/zod/v4/locales/km.js +110 -0
package/node_modules/zod/v4/locales/ko.cjs +138 -0
package/node_modules/zod/v4/locales/ko.d.cts +5 -0
package/node_modules/zod/v4/locales/ko.d.ts +4 -0
package/node_modules/zod/v4/locales/ko.js +111 -0
package/node_modules/zod/v4/locales/lt.cjs +230 -0
package/node_modules/zod/v4/locales/lt.d.cts +5 -0
package/node_modules/zod/v4/locales/lt.d.ts +4 -0
package/node_modules/zod/v4/locales/lt.js +203 -0
package/node_modules/zod/v4/locales/mk.cjs +136 -0
package/node_modules/zod/v4/locales/mk.d.cts +5 -0
package/node_modules/zod/v4/locales/mk.d.ts +4 -0
package/node_modules/zod/v4/locales/mk.js +109 -0
package/node_modules/zod/v4/locales/ms.cjs +134 -0
package/node_modules/zod/v4/locales/ms.d.cts +5 -0
package/node_modules/zod/v4/locales/ms.d.ts +4 -0
package/node_modules/zod/v4/locales/ms.js +107 -0
package/node_modules/zod/v4/locales/nl.cjs +137 -0
package/node_modules/zod/v4/locales/nl.d.cts +5 -0
package/node_modules/zod/v4/locales/nl.d.ts +4 -0
package/node_modules/zod/v4/locales/nl.js +110 -0
package/node_modules/zod/v4/locales/no.cjs +135 -0
package/node_modules/zod/v4/locales/no.d.cts +5 -0
package/node_modules/zod/v4/locales/no.d.ts +4 -0
package/node_modules/zod/v4/locales/no.js +108 -0
package/node_modules/zod/v4/locales/ota.cjs +136 -0
package/node_modules/zod/v4/locales/ota.d.cts +5 -0
package/node_modules/zod/v4/locales/ota.d.ts +4 -0
package/node_modules/zod/v4/locales/ota.js +109 -0
package/node_modules/zod/v4/locales/package.json +6 -0
package/node_modules/zod/v4/locales/pl.cjs +136 -0
package/node_modules/zod/v4/locales/pl.d.cts +5 -0
package/node_modules/zod/v4/locales/pl.d.ts +4 -0
package/node_modules/zod/v4/locales/pl.js +109 -0
package/node_modules/zod/v4/locales/ps.cjs +141 -0
package/node_modules/zod/v4/locales/ps.d.cts +5 -0
package/node_modules/zod/v4/locales/ps.d.ts +4 -0
package/node_modules/zod/v4/locales/ps.js +114 -0
package/node_modules/zod/v4/locales/pt.cjs +135 -0
package/node_modules/zod/v4/locales/pt.d.cts +5 -0
package/node_modules/zod/v4/locales/pt.d.ts +4 -0
package/node_modules/zod/v4/locales/pt.js +108 -0
package/node_modules/zod/v4/locales/ru.cjs +183 -0
package/node_modules/zod/v4/locales/ru.d.cts +5 -0
package/node_modules/zod/v4/locales/ru.d.ts +4 -0
package/node_modules/zod/v4/locales/ru.js +156 -0
package/node_modules/zod/v4/locales/sl.cjs +136 -0
package/node_modules/zod/v4/locales/sl.d.cts +5 -0
package/node_modules/zod/v4/locales/sl.d.ts +4 -0
package/node_modules/zod/v4/locales/sl.js +109 -0
package/node_modules/zod/v4/locales/sv.cjs +137 -0
package/node_modules/zod/v4/locales/sv.d.cts +5 -0
package/node_modules/zod/v4/locales/sv.d.ts +4 -0
package/node_modules/zod/v4/locales/sv.js +110 -0
package/node_modules/zod/v4/locales/ta.cjs +137 -0
package/node_modules/zod/v4/locales/ta.d.cts +5 -0
package/node_modules/zod/v4/locales/ta.d.ts +4 -0
package/node_modules/zod/v4/locales/ta.js +110 -0
package/node_modules/zod/v4/locales/th.cjs +137 -0
package/node_modules/zod/v4/locales/th.d.cts +5 -0
package/node_modules/zod/v4/locales/th.d.ts +4 -0
package/node_modules/zod/v4/locales/th.js +110 -0
package/node_modules/zod/v4/locales/tr.cjs +132 -0
package/node_modules/zod/v4/locales/tr.d.cts +5 -0
package/node_modules/zod/v4/locales/tr.d.ts +4 -0
package/node_modules/zod/v4/locales/tr.js +105 -0
package/node_modules/zod/v4/locales/ua.cjs +12 -0
package/node_modules/zod/v4/locales/ua.d.cts +5 -0
package/node_modules/zod/v4/locales/ua.d.ts +5 -0
package/node_modules/zod/v4/locales/ua.js +5 -0
package/node_modules/zod/v4/locales/uk.cjs +135 -0
package/node_modules/zod/v4/locales/uk.d.cts +5 -0
package/node_modules/zod/v4/locales/uk.d.ts +4 -0
package/node_modules/zod/v4/locales/uk.js +108 -0
package/node_modules/zod/v4/locales/ur.cjs +137 -0
package/node_modules/zod/v4/locales/ur.d.cts +5 -0
package/node_modules/zod/v4/locales/ur.d.ts +4 -0
package/node_modules/zod/v4/locales/ur.js +110 -0
package/node_modules/zod/v4/locales/uz.cjs +136 -0
package/node_modules/zod/v4/locales/uz.d.cts +5 -0
package/node_modules/zod/v4/locales/uz.d.ts +4 -0
package/node_modules/zod/v4/locales/uz.js +109 -0
package/node_modules/zod/v4/locales/vi.cjs +135 -0
package/node_modules/zod/v4/locales/vi.d.cts +5 -0
package/node_modules/zod/v4/locales/vi.d.ts +4 -0
package/node_modules/zod/v4/locales/vi.js +108 -0
package/node_modules/zod/v4/locales/yo.cjs +134 -0
package/node_modules/zod/v4/locales/yo.d.cts +5 -0
package/node_modules/zod/v4/locales/yo.d.ts +4 -0
package/node_modules/zod/v4/locales/yo.js +107 -0
package/node_modules/zod/v4/locales/zh-CN.cjs +136 -0
package/node_modules/zod/v4/locales/zh-CN.d.cts +5 -0
package/node_modules/zod/v4/locales/zh-CN.d.ts +4 -0
package/node_modules/zod/v4/locales/zh-CN.js +109 -0
package/node_modules/zod/v4/locales/zh-TW.cjs +134 -0
package/node_modules/zod/v4/locales/zh-TW.d.cts +5 -0
package/node_modules/zod/v4/locales/zh-TW.d.ts +4 -0
package/node_modules/zod/v4/locales/zh-TW.js +107 -0
package/node_modules/zod/v4/mini/checks.cjs +34 -0
package/node_modules/zod/v4/mini/checks.d.cts +1 -0
package/node_modules/zod/v4/mini/checks.d.ts +1 -0
package/node_modules/zod/v4/mini/checks.js +1 -0
package/node_modules/zod/v4/mini/coerce.cjs +52 -0
package/node_modules/zod/v4/mini/coerce.d.cts +7 -0
package/node_modules/zod/v4/mini/coerce.d.ts +7 -0
package/node_modules/zod/v4/mini/coerce.js +22 -0
package/node_modules/zod/v4/mini/external.cjs +63 -0
package/node_modules/zod/v4/mini/external.d.cts +12 -0
package/node_modules/zod/v4/mini/external.d.ts +12 -0
package/node_modules/zod/v4/mini/external.js +14 -0
package/node_modules/zod/v4/mini/index.cjs +32 -0
package/node_modules/zod/v4/mini/index.d.cts +3 -0
package/node_modules/zod/v4/mini/index.d.ts +3 -0
package/node_modules/zod/v4/mini/index.js +3 -0
package/node_modules/zod/v4/mini/iso.cjs +64 -0
package/node_modules/zod/v4/mini/iso.d.cts +22 -0
package/node_modules/zod/v4/mini/iso.d.ts +22 -0
package/node_modules/zod/v4/mini/iso.js +34 -0
package/node_modules/zod/v4/mini/package.json +6 -0
package/node_modules/zod/v4/mini/parse.cjs +16 -0
package/node_modules/zod/v4/mini/parse.d.cts +1 -0
package/node_modules/zod/v4/mini/parse.d.ts +1 -0
package/node_modules/zod/v4/mini/parse.js +1 -0
package/node_modules/zod/v4/mini/schemas.cjs +1046 -0
package/node_modules/zod/v4/mini/schemas.d.cts +427 -0
package/node_modules/zod/v4/mini/schemas.d.ts +427 -0
package/node_modules/zod/v4/mini/schemas.js +925 -0
package/node_modules/zod/v4/package.json +6 -0
package/node_modules/zod/v4-mini/index.cjs +32 -0
package/node_modules/zod/v4-mini/index.d.cts +3 -0
package/node_modules/zod/v4-mini/index.d.ts +3 -0
package/node_modules/zod/v4-mini/index.js +3 -0
package/node_modules/zod/v4-mini/package.json +6 -0
package/package.json +3 -2
package/src/__tests__/command-executor.test.ts +575 -60
package/src/__tests__/command-validator.test.ts +697 -0
package/src/__tests__/command-workspace.test.ts +30 -0
package/src/__tests__/grant-store.test.ts +151 -33
package/src/__tests__/http-executor.test.ts +106 -16
package/src/__tests__/http-policy.test.ts +121 -22
package/src/__tests__/local-materializers.test.ts +34 -0
package/src/__tests__/managed-integration.test.ts +633 -0
package/src/__tests__/managed-lazy-getters.test.ts +245 -0
package/src/__tests__/managed-materializers.test.ts +107 -38
package/src/__tests__/managed-rejection.test.ts +43 -0
package/src/__tests__/toolstore.test.ts +207 -18
package/src/__tests__/transport.test.ts +26 -6
package/src/commands/auth-adapters.ts +2 -2
package/src/commands/egress-hooks.ts +203 -0
package/src/commands/executor.ts +403 -87
package/src/commands/profiles.ts +4 -0
package/src/commands/validator.ts +267 -3
package/src/commands/workspace.ts +59 -21
package/src/grants/index.ts +1 -1
package/src/grants/persistent-store.ts +79 -17
package/src/grants/rpc-handlers.ts +67 -43
package/src/grants/temporary-store.ts +26 -19
package/src/http/executor.ts +170 -25
package/src/http/path-template.ts +75 -9
package/src/http/policy.ts +9 -27
package/src/index.ts +3 -0
package/src/main.ts +102 -43
package/src/managed-errors.ts +9 -0
package/src/managed-lazy-getters.ts +70 -0
package/src/managed-main.ts +193 -65
package/src/materializers/local-oauth-lookup.ts +97 -0
package/src/materializers/local-secure-key-backend.ts +309 -0
package/src/materializers/local-token-refresh.ts +263 -0
package/src/materializers/local.ts +21 -5
package/src/materializers/managed-platform.ts +50 -25
package/src/paths.ts +28 -10
package/src/server.ts +147 -11
package/src/subjects/managed.ts +33 -12
package/src/subjects/policy.ts +79 -0
package/src/toolstore/publish.ts +236 -7

package/src/materializers/local-secure-key-backend.ts ADDED Viewed

@@ -0,0 +1,309 @@
+/**
+ * CES-native SecureKeyBackend for **local mode only**.
+ *
+ * In local mode, CES runs as a child process of the assistant on the same
+ * machine as the same user and can read/write the assistant's encrypted key
+ * store file at `<vellumRoot>/protected/keys.enc`.
+ *
+ * This implementation replicates the encryption/decryption logic from the
+ * assistant's `encrypted-store.ts` without importing assistant-internal
+ * modules. Writes are needed for OAuth token refresh — when CES refreshes
+ * an expired access token, the new token must be persisted back to the
+ * encrypted store so subsequent reads (by both CES and the assistant)
+ * see the updated value.
+ *
+ * Two store formats are supported:
+ *
+ * - **v2 (primary):** AES-256-GCM with a random 32-byte key stored at
+ *   `<vellumRoot>/protected/store.key`. The key is machine-independent —
+ *   any process that can read the key file can decrypt the store.
+ *
+ * - **v1 (legacy):** AES-256-GCM with a key derived from machine-specific
+ *   entropy via PBKDF2. The derivation includes `userInfo().username` and
+ *   `userInfo().homedir`, so the key is only correct when CES runs as the
+ *   same OS user as the assistant.
+ *
+ * **Managed-mode restriction (v1 only):** For legacy v1 stores, the
+ * different container user identity produces a different PBKDF2-derived
+ * key, causing silent decryption failures. v2 stores use a
+ * UID-independent `store.key` file that can be shared via volume mount,
+ * removing this technical barrier. Managed deployments currently use
+ * `platform_oauth` handles exclusively as a policy choice (simpler
+ * lifecycle, centralized token management).
+ */
+import {
+  createCipheriv,
+  createDecipheriv,
+  pbkdf2Sync,
+  randomBytes,
+} from "node:crypto";
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { hostname, userInfo } from "node:os";
+import { dirname, join } from "node:path";
+import type {
+  SecureKeyBackend,
+  SecureKeyDeleteResult,
+} from "@vellumai/credential-storage";
+// ---------------------------------------------------------------------------
+// Constants (must match assistant/src/security/encrypted-store.ts)
+// ---------------------------------------------------------------------------
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32; // bytes (256 bits)
+const IV_LENGTH = 16; // bytes (128 bits)
+const AUTH_TAG_LENGTH = 16; // bytes
+const PBKDF2_ITERATIONS =
+  process.env.BUN_TEST === "1" ? 1 : 100_000;
+// ---------------------------------------------------------------------------
+// On-disk format (must match assistant/src/security/encrypted-store.ts)
+// ---------------------------------------------------------------------------
+interface EncryptedEntry {
+  iv: string;
+  tag: string;
+  data: string;
+}
+interface StoreFileV1 {
+  version: 1;
+  salt: string;
+  entries: Record<string, EncryptedEntry>;
+}
+interface StoreFileV2 {
+  version: 2;
+  entries: Record<string, EncryptedEntry>;
+}
+type StoreFile = StoreFileV1 | StoreFileV2;
+// ---------------------------------------------------------------------------
+// Store key file (v2 format)
+// ---------------------------------------------------------------------------
+const STORE_KEY_FILENAME = "store.key";
+/**
+ * Read the v2 store key file from `<vellumRoot>/protected/store.key`.
+ * Returns the raw 32-byte key buffer, or null if the file is missing,
+ * wrong size, or unreadable.
+ */
+function readStoreKey(vellumRoot: string): Buffer | null {
+  try {
+    const keyPath = join(vellumRoot, "protected", STORE_KEY_FILENAME);
+    if (!existsSync(keyPath)) return null;
+    const buf = readFileSync(keyPath);
+    if (buf.length !== KEY_LENGTH) return null;
+    return buf;
+  } catch {
+    return null;
+  }
+}
+// ---------------------------------------------------------------------------
+// Machine entropy (must match assistant/src/security/encrypted-store.ts)
+// ---------------------------------------------------------------------------
+function getMachineEntropy(): string {
+  const parts: string[] = [];
+  try {
+    parts.push(hostname());
+  } catch {
+    parts.push("unknown-host");
+  }
+  try {
+    parts.push(userInfo().username);
+  } catch {
+    parts.push("unknown-user");
+  }
+  parts.push(process.platform);
+  parts.push(process.arch);
+  try {
+    parts.push(userInfo().homedir);
+  } catch {
+    parts.push("/tmp");
+  }
+  return parts.join(":");
+}
+function deriveKey(salt: Buffer, entropyOverride?: string): Buffer {
+  const entropy = entropyOverride ?? getMachineEntropy();
+  return pbkdf2Sync(entropy, salt, PBKDF2_ITERATIONS, KEY_LENGTH, "sha512");
+}
+// ---------------------------------------------------------------------------
+// Decrypt
+// ---------------------------------------------------------------------------
+function decrypt(entry: EncryptedEntry, key: Buffer): string {
+  const iv = Buffer.from(entry.iv, "hex");
+  const tag = Buffer.from(entry.tag, "hex");
+  const data = Buffer.from(entry.data, "hex");
+  const decipher = createDecipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+  decipher.setAuthTag(tag);
+  const decrypted = Buffer.concat([decipher.update(data), decipher.final()]);
+  return decrypted.toString("utf-8");
+}
+function encrypt(plaintext: string, key: Buffer): EncryptedEntry {
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf-8"),
+    cipher.final(),
+  ]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("hex"),
+    tag: tag.toString("hex"),
+    data: encrypted.toString("hex"),
+  };
+}
+// ---------------------------------------------------------------------------
+// Store writer
+// ---------------------------------------------------------------------------
+function writeStore(store: StoreFile, storePath: string): void {
+  const protectedDir = dirname(storePath);
+  mkdirSync(protectedDir, { recursive: true });
+  // Atomic write: write to temp file then rename to avoid partial/corrupt writes.
+  const tmpPath = storePath + `.tmp.${process.pid}`;
+  writeFileSync(tmpPath, JSON.stringify(store, null, 2), { mode: 0o600 });
+  chmodSync(tmpPath, 0o600);
+  renameSync(tmpPath, storePath);
+}
+// ---------------------------------------------------------------------------
+// Store reader
+// ---------------------------------------------------------------------------
+function readStore(storePath: string): StoreFile | null {
+  try {
+    const raw = readFileSync(storePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed.entries !== "object") return null;
+    if (parsed.version === 1 && typeof parsed.salt === "string") {
+      return parsed as StoreFileV1;
+    }
+    if (parsed.version === 2) {
+      return parsed as StoreFileV2;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+// ---------------------------------------------------------------------------
+// Backend implementation
+// ---------------------------------------------------------------------------
+/**
+ * Create a SecureKeyBackend backed by the assistant's encrypted key store.
+ *
+ * Supports `get` and `set` operations. `set` is needed for persisting
+ * refreshed OAuth tokens. `delete` remains unsupported (returns "error")
+ * because CES never needs to remove keys.
+ *
+ * @param vellumRoot - The Vellum root directory (e.g. `~/.vellum`).
+ * @param options.entropyOverride - If provided, used instead of local
+ *   machine entropy for key derivation. In managed mode the CES sidecar
+ *   runs in a different container with a different hostname/user, so it
+ *   must use the assistant's entropy (read from the shared data mount)
+ *   to derive the same AES key.
+ * @param options.entropyGetter - If provided, called on each `get()`/`set()`
+ *   to lazily resolve entropy. This handles the startup race where the
+ *   entropy file may not exist at construction time but appears later.
+ *   Takes precedence over `entropyOverride`.
+ */
+export function createLocalSecureKeyBackend(
+  vellumRoot: string,
+  options?: { entropyOverride?: string; entropyGetter?: () => string | undefined },
+): SecureKeyBackend {
+  const storePath = join(vellumRoot, "protected", "keys.enc");
+  const staticEntropy = options?.entropyOverride;
+  const entropyGetter = options?.entropyGetter;
+  return {
+    async get(key: string): Promise<string | undefined> {
+      try {
+        const store = readStore(storePath);
+        if (!store) return undefined;
+        const entry = store.entries[key];
+        if (!entry) return undefined;
+        let aesKey: Buffer;
+        if (store.version === 2) {
+          const storeKey = readStoreKey(vellumRoot);
+          if (!storeKey) return undefined;
+          aesKey = storeKey;
+        } else {
+          // v1: derive key from machine entropy via PBKDF2
+          const entropy = entropyGetter?.() ?? staticEntropy;
+          const salt = Buffer.from(store.salt, "hex");
+          aesKey = deriveKey(salt, entropy);
+        }
+        return decrypt(entry, aesKey);
+      } catch {
+        return undefined;
+      }
+    },
+    // NOTE: read-modify-write without file locking. The atomic rename
+    // (writeStore) prevents corruption from partial writes, but concurrent
+    // set() calls can lose updates. The window is small in practice because
+    // CES serialises refresh via RefreshDeduplicator. File locking is a
+    // future improvement.
+    async set(key: string, value: string): Promise<boolean> {
+      try {
+        const store = readStore(storePath);
+        if (!store) return false;
+        let aesKey: Buffer;
+        if (store.version === 2) {
+          const storeKey = readStoreKey(vellumRoot);
+          if (!storeKey) return false;
+          aesKey = storeKey;
+        } else {
+          // v1: derive key from machine entropy via PBKDF2
+          const entropy = entropyGetter?.() ?? staticEntropy;
+          const salt = Buffer.from(store.salt, "hex");
+          aesKey = deriveKey(salt, entropy);
+        }
+        store.entries[key] = encrypt(value, aesKey);
+        writeStore(store, storePath);
+        return true;
+      } catch {
+        return false;
+      }
+    },
+    // CES never deletes keys — only reads and writes (for token refresh).
+    async delete(_key: string): Promise<SecureKeyDeleteResult> {
+      return "error";
+    },
+    async list(): Promise<string[]> {
+      try {
+        const store = readStore(storePath);
+        if (!store) return [];
+        return Object.keys(store.entries);
+      } catch {
+        return [];
+      }
+    },
+  };
+}

package/src/materializers/local-token-refresh.ts ADDED Viewed

@@ -0,0 +1,263 @@
+/**
+ * OAuth token refresh implementation for CES local mode.
+ *
+ * Performs the actual OAuth2 token refresh by:
+ * 1. Looking up the connection's provider and app configuration from the
+ *    assistant's SQLite database (read-only).
+ * 2. Retrieving the client secret from the secure-key backend.
+ * 3. Calling the provider's token endpoint with the refresh token.
+ * 4. Returning a `TokenRefreshResult` for the `LocalMaterialiser` to persist.
+ *
+ * This module does NOT import any assistant-internal modules. It queries
+ * the SQLite database directly (like `local-oauth-lookup.ts`) and performs
+ * the HTTP refresh call inline (replicating the logic from the assistant's
+ * `security/oauth2.ts:refreshOAuth2Token`).
+ */
+import Database from "bun:sqlite";
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import {
+  computeExpiresAt,
+  type SecureKeyBackend,
+  type TokenRefreshResult,
+} from "@vellumai/credential-storage";
+import type { TokenRefreshFn } from "./local.js";
+// ---------------------------------------------------------------------------
+// SQLite row shapes (match assistant schema without importing Drizzle)
+// ---------------------------------------------------------------------------
+interface OAuthConnectionRow {
+  id: string;
+  oauth_app_id: string;
+  provider_key: string;
+}
+interface OAuthAppRow {
+  id: string;
+  provider_key: string;
+  client_id: string;
+  client_secret_credential_path: string;
+}
+interface OAuthProviderRow {
+  provider_key: string;
+  token_url: string;
+  token_endpoint_auth_method: string | null;
+}
+// ---------------------------------------------------------------------------
+// Token endpoint auth method (matches assistant/src/security/oauth2.ts)
+// ---------------------------------------------------------------------------
+type TokenEndpointAuthMethod = "client_secret_basic" | "client_secret_post";
+// ---------------------------------------------------------------------------
+// Refresh config resolution
+// ---------------------------------------------------------------------------
+interface RefreshConfig {
+  tokenUrl: string;
+  clientId: string;
+  clientSecret?: string;
+  authMethod: TokenEndpointAuthMethod;
+}
+/**
+ * Resolve the OAuth refresh configuration for a connection by querying
+ * the assistant's SQLite database (read-only) and the secure-key backend.
+ */
+async function resolveRefreshConfig(
+  dbPath: string,
+  connectionId: string,
+  secureKeyBackend: SecureKeyBackend,
+): Promise<RefreshConfig | { error: string }> {
+  if (!existsSync(dbPath)) {
+    return { error: `Database not found at ${dbPath}` };
+  }
+  let db: Database | undefined;
+  try {
+    db = new Database(dbPath, { readonly: true });
+    // 1. Look up the connection to get oauth_app_id and provider_key
+    const conn = db
+      .query<OAuthConnectionRow, [string, string]>(
+        `SELECT id, oauth_app_id, provider_key FROM oauth_connections WHERE id = ? AND status = ? LIMIT 1`,
+      )
+      .get(connectionId, "active");
+    if (!conn) {
+      return { error: `No active OAuth connection found for "${connectionId}"` };
+    }
+    // 2. Look up the app to get client_id and client_secret_credential_path
+    const app = db
+      .query<OAuthAppRow, [string]>(
+        `SELECT id, provider_key, client_id, client_secret_credential_path FROM oauth_apps WHERE id = ? LIMIT 1`,
+      )
+      .get(conn.oauth_app_id);
+    if (!app) {
+      return { error: `No OAuth app found for connection "${connectionId}"` };
+    }
+    // 3. Look up the provider to get token_url and auth method
+    const provider = db
+      .query<OAuthProviderRow, [string]>(
+        `SELECT provider_key, token_url, token_endpoint_auth_method FROM oauth_providers WHERE provider_key = ? LIMIT 1`,
+      )
+      .get(conn.provider_key);
+    if (!provider) {
+      return { error: `No OAuth provider found for "${conn.provider_key}"` };
+    }
+    if (!provider.token_url || !app.client_id) {
+      return { error: `Missing OAuth2 refresh config for "${conn.provider_key}"` };
+    }
+    // 4. Retrieve the client secret from secure storage
+    const clientSecret = await secureKeyBackend.get(
+      app.client_secret_credential_path,
+    );
+    const authMethod = (provider.token_endpoint_auth_method as TokenEndpointAuthMethod | null) ?? "client_secret_post";
+    return {
+      tokenUrl: provider.token_url,
+      clientId: app.client_id,
+      clientSecret,
+      authMethod,
+    };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { error: `Failed to resolve refresh config: ${msg}` };
+  } finally {
+    db?.close();
+  }
+}
+// ---------------------------------------------------------------------------
+// HTTP token refresh (replicates assistant/src/security/oauth2.ts logic)
+// ---------------------------------------------------------------------------
+interface RefreshTokenResponse {
+  accessToken: string;
+  refreshToken?: string;
+  expiresIn?: number;
+}
+async function performTokenRefresh(
+  config: RefreshConfig,
+  refreshToken: string,
+): Promise<RefreshTokenResponse> {
+  const body: Record<string, string> = {
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+  };
+  const headers: Record<string, string> = {
+    "Content-Type": "application/x-www-form-urlencoded",
+  };
+  if (config.clientSecret && config.authMethod === "client_secret_basic") {
+    const credentials = Buffer.from(
+      `${config.clientId}:${config.clientSecret}`,
+    ).toString("base64");
+    headers["Authorization"] = `Basic ${credentials}`;
+  } else {
+    body.client_id = config.clientId;
+    if (config.clientSecret) {
+      body.client_secret = config.clientSecret;
+    }
+  }
+  const resp = await fetch(config.tokenUrl, {
+    method: "POST",
+    headers,
+    body: new URLSearchParams(body),
+  });
+  if (!resp.ok) {
+    const rawBody = await resp.text().catch(() => "");
+    let errorCode = "";
+    try {
+      const parsed = JSON.parse(rawBody) as Record<string, unknown>;
+      if (parsed.error) {
+        errorCode = String(parsed.error);
+      }
+    } catch {
+      // non-JSON response
+    }
+    const detail = errorCode
+      ? `HTTP ${resp.status}: ${errorCode}`
+      : `HTTP ${resp.status}`;
+    throw new Error(`OAuth2 token refresh failed (${detail})`);
+  }
+  const data = (await resp.json()) as Record<string, unknown>;
+  return {
+    accessToken: data.access_token as string,
+    refreshToken: (data.refresh_token as string | undefined) ?? refreshToken,
+    expiresIn: data.expires_in as number | undefined,
+  };
+}
+// ---------------------------------------------------------------------------
+// Public factory
+// ---------------------------------------------------------------------------
+/**
+ * Create a `TokenRefreshFn` for CES local mode.
+ *
+ * The returned function looks up OAuth configuration from the assistant's
+ * SQLite database (read-only) and performs the HTTP token refresh call.
+ * Token persistence is handled by the `LocalMaterialiser` after this
+ * function returns.
+ *
+ * @param vellumRoot - The Vellum root directory (e.g. `~/.vellum`).
+ * @param secureKeyBackend - Backend for retrieving the OAuth client secret.
+ */
+export function createLocalTokenRefreshFn(
+  vellumRoot: string,
+  secureKeyBackend: SecureKeyBackend,
+): TokenRefreshFn {
+  const dbPath = join(vellumRoot, "workspace", "data", "db", "assistant.db");
+  return async (
+    connectionId: string,
+    refreshToken: string,
+  ): Promise<TokenRefreshResult> => {
+    // 1. Resolve the refresh config from SQLite + secure storage
+    const config = await resolveRefreshConfig(
+      dbPath,
+      connectionId,
+      secureKeyBackend,
+    );
+    if ("error" in config) {
+      return { success: false, error: config.error };
+    }
+    // 2. Perform the HTTP token refresh
+    try {
+      const result = await performTokenRefresh(config, refreshToken);
+      const expiresAt = computeExpiresAt(result.expiresIn ?? null);
+      return {
+        success: true,
+        accessToken: result.accessToken,
+        expiresAt,
+        refreshToken: result.refreshToken,
+      };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return { success: false, error: message };
+    }
+  };
+}

package/src/materializers/local.ts CHANGED Viewed

@@ -22,6 +22,7 @@
  */
 import {
+  type InjectionTemplate,
   type SecureKeyBackend,
   type TokenRefreshResult,
   getStoredAccessToken,
@@ -55,6 +56,8 @@ export interface MaterialisedCredential {
   handleType: HandleType;
   /** For OAuth: the token expiry timestamp (null if unknown). */
   expiresAt?: number | null;
+  /** Injection templates from the credential metadata (local_static only). */
+  injectionTemplates?: InjectionTemplate[];
 }
 export type MaterialisationResult =
@@ -152,6 +155,7 @@ export class LocalMaterialiser {
       credential: {
         value: secretValue,
         handleType: HandleType.LocalStatic,
+        injectionTemplates: subject.metadata.injectionTemplates,
       },
     };
   }
@@ -181,11 +185,22 @@ export class LocalMaterialiser {
     }
     // 2. Check if the token is expired and needs refresh
-    if (
-      isTokenExpired(connection.expiresAt) &&
-      connection.hasRefreshToken
-    ) {
-      return this.refreshAndMaterialise(subject, connectionId);
+    if (connection.hasRefreshToken) {
+      // For refreshable tokens, use the proactive buffer so we can refresh
+      // before the token actually expires.
+      if (isTokenExpired(connection.expiresAt)) {
+        return this.refreshAndMaterialise(subject, connectionId);
+      }
+    } else {
+      // For non-refreshable tokens, check against the hard expiry — use
+      // every valid second rather than the 5-minute proactive buffer.
+      if (connection.expiresAt && Date.now() >= connection.expiresAt) {
+        return {
+          ok: false,
+          error: `Token for OAuth connection "${connectionId}" is expired and no refresh ` +
+            `token is available. Re-authorization required.`,
+        };
+      }
     }
     // 3. Token is valid — return it
@@ -263,6 +278,7 @@ export class LocalMaterialiser {
             connectionId,
             {
               accessToken: result.accessToken,
+              refreshToken: result.refreshToken,
               expiresIn: result.expiresAt
                 ? Math.floor((result.expiresAt - Date.now()) / 1000)
                 : null,