@vtstech/pi-shared 1.0.3

package/format.js

@@ -0,0 +1,116 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// shared/format.ts
+var format_exports = {};
+__export(format_exports, {
+  bytesHuman: () => bytesHuman,
+  fail: () => fail,
+  fmtBytes: () => fmtBytes,
+  fmtDur: () => fmtDur,
+  info: () => info,
+  msHuman: () => msHuman,
+  ok: () => ok,
+  padRight: () => padRight,
+  pct: () => pct,
+  sanitizeForReport: () => sanitizeForReport,
+  section: () => section,
+  truncate: () => truncate,
+  warn: () => warn
+});
+module.exports = __toCommonJS(format_exports);
+function section(title) {
+  return `
+\u2500\u2500 ${title} ${"\u2500".repeat(Math.max(1, 60 - title.length - 4))}`;
+}
+function ok(msg) {
+  return `  \u2705 ${msg}`;
+}
+function fail(msg) {
+  return `  \u274C ${msg}`;
+}
+function warn(msg) {
+  return `  \u26A0\uFE0F  ${msg}`;
+}
+function info(msg) {
+  return `  \u2139\uFE0F  ${msg}`;
+}
+function bytesHuman(bytes) {
+  const units = ["B", "KB", "MB", "GB", "TB"];
+  let i = 0;
+  while (bytes >= 1024 && i < units.length - 1) {
+    bytes /= 1024;
+    i++;
+  }
+  return `${bytes.toFixed(1)}${units[i]}`;
+}
+function msHuman(ms) {
+  if (ms < 1e3) return `${ms.toFixed(0)}ms`;
+  if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+  return `${(ms / 6e4).toFixed(1)}m`;
+}
+function fmtBytes(b) {
+  if (b >= 1073741824) return `${(b / 1073741824).toFixed(1)}G`;
+  if (b >= 1048576) return `${(b / 1048576).toFixed(0)}M`;
+  return `${(b / 1024).toFixed(0)}K`;
+}
+function fmtDur(ms) {
+  if (ms < 1e3) return `${Math.round(ms)}ms`;
+  if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+  return `${Math.floor(ms / 6e4)}m${Math.round(ms % 6e4 / 1e3)}s`;
+}
+function pct(used, total) {
+  return `${(used / total * 100).toFixed(1)}%`;
+}
+function truncate(s, max) {
+  return s.length > max ? s.slice(0, max) + "..." : s;
+}
+function sanitizeForReport(s, maxLines = 40) {
+  let cleaned = s.replace(/^\s*```[a-zA-Z]*[ \t]*\n?/gm, "");
+  cleaned = cleaned.replace(/^\s*```[ \t]*\n?/gm, "");
+  cleaned = cleaned.replace(/\n{3,}/g, "\n\n").trim();
+  if (/<[a-z][\s\S]*>/i.test(cleaned) && cleaned.includes("</")) {
+    const firstLine = cleaned.split("\n")[0];
+    return truncate(firstLine, 200) + "\n  \u2139\uFE0F  (HTML response truncated)";
+  }
+  const lines = cleaned.split("\n");
+  if (lines.length > maxLines) {
+    cleaned = lines.slice(0, maxLines).join("\n") + `
+  \u2139\uFE0F  (truncated, ${lines.length - maxLines} more lines)`;
+  }
+  return cleaned;
+}
+function padRight(s, n) {
+  return s + " ".repeat(Math.max(0, n - s.length));
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  bytesHuman,
+  fail,
+  fmtBytes,
+  fmtDur,
+  info,
+  msHuman,
+  ok,
+  padRight,
+  pct,
+  sanitizeForReport,
+  section,
+  truncate,
+  warn
+});

package/index.js

@@ -0,0 +1,4 @@
+module.exports.format = require("./format");
+module.exports.ollama = require("./ollama");
+module.exports.security = require("./security");
+module.exports.types = require("./types");

package/ollama.js

@@ -0,0 +1,130 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// shared/ollama.ts
+var ollama_exports = {};
+__export(ollama_exports, {
+  MODELS_JSON_PATH: () => MODELS_JSON_PATH,
+  detectModelFamily: () => detectModelFamily,
+  fetchOllamaModels: () => fetchOllamaModels,
+  getOllamaBaseUrl: () => getOllamaBaseUrl,
+  isReasoningModel: () => isReasoningModel,
+  readModelsJson: () => readModelsJson,
+  writeModelsJson: () => writeModelsJson
+});
+module.exports = __toCommonJS(ollama_exports);
+var fs = __toESM(require("node:fs"));
+var path = __toESM(require("node:path"));
+var import_node_os = __toESM(require("node:os"));
+var MODELS_JSON_PATH = path.join(import_node_os.default.homedir(), ".pi", "agent", "models.json");
+function getOllamaBaseUrl() {
+  try {
+    if (fs.existsSync(MODELS_JSON_PATH)) {
+      const raw = fs.readFileSync(MODELS_JSON_PATH, "utf-8");
+      const config = JSON.parse(raw);
+      const baseUrl = config?.providers?.["ollama"]?.baseUrl;
+      if (baseUrl) {
+        return baseUrl.replace(/\/v1\/?$/, "");
+      }
+    }
+  } catch {
+  }
+  if (process.env.OLLAMA_HOST) {
+    return `http://${process.env.OLLAMA_HOST.replace(/^https?:\/\//, "")}`;
+  }
+  return "http://localhost:11434";
+}
+function readModelsJson() {
+  try {
+    if (fs.existsSync(MODELS_JSON_PATH)) {
+      const raw = fs.readFileSync(MODELS_JSON_PATH, "utf-8");
+      return JSON.parse(raw);
+    }
+  } catch {
+  }
+  return { providers: {} };
+}
+function writeModelsJson(data) {
+  const dir = path.dirname(MODELS_JSON_PATH);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  fs.writeFileSync(MODELS_JSON_PATH, JSON.stringify(data, null, 2) + "\n", "utf-8");
+}
+async function fetchOllamaModels(baseUrl) {
+  const res = await fetch(`${baseUrl}/api/tags`, {
+    signal: AbortSignal.timeout(5e3)
+  });
+  if (!res.ok) throw new Error(`Ollama returned ${res.status}`);
+  const data = await res.json();
+  return data.models ?? [];
+}
+function isReasoningModel(name) {
+  const lower = name.toLowerCase();
+  return lower.includes("deepseek-r1") || lower.includes("qwq") || lower.includes("o1") || lower.includes("o3") || lower.includes("think") || lower.includes("reason");
+}
+function detectModelFamily(modelName) {
+  const name = modelName.toLowerCase();
+  const families = [
+    ["qwen3.5", "qwen35"],
+    ["qwen3", "qwen3"],
+    ["qwen2.5", "qwen2"],
+    ["qwen2", "qwen2"],
+    ["qwen", "qwen2"],
+    ["llama3.3", "llama"],
+    ["llama3.2", "llama"],
+    ["llama3.1", "llama"],
+    ["llama3", "llama"],
+    ["llama", "llama"],
+    ["gemma3", "gemma3"],
+    ["gemma2", "gemma2"],
+    ["gemma", "gemma2"],
+    ["granite", "granite"],
+    ["dolphin", "dolphin"],
+    ["deepseek-r1", "deepseek-r1"],
+    ["deepseek", "deepseek"],
+    ["mistral", "qwen2"],
+    ["phi", "llama"],
+    ["tinyllama", "llama"],
+    ["codestral", "qwen2"]
+  ];
+  for (const [prefix, family] of families) {
+    if (name.includes(prefix)) return family;
+  }
+  return "unknown";
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  MODELS_JSON_PATH,
+  detectModelFamily,
+  fetchOllamaModels,
+  getOllamaBaseUrl,
+  isReasoningModel,
+  readModelsJson,
+  writeModelsJson
+});

package/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "@vtstech/pi-shared",
+  "version": "1.0.3",
+  "description": "Shared utilities for Pi Coding Agent extensions",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "keywords": ["pi-package", "pi-extensions"],
+  "license": "MIT",
+  "access": "public",
+  "author": "VTSTech",
+  "homepage": "https://www.vts-tech.org",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/VTSTech/pi-coding-agent"
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-coding-agent": ">=0.66"
+  }
+}

package/security.js

@@ -0,0 +1,383 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// shared/security.ts
+var security_exports = {};
+__export(security_exports, {
+  BLOCKED_COMMANDS: () => BLOCKED_COMMANDS,
+  BLOCKED_URL_PATTERNS: () => BLOCKED_URL_PATTERNS,
+  appendAuditEntry: () => appendAuditEntry,
+  checkBashToolInput: () => checkBashToolInput,
+  checkFileToolInput: () => checkFileToolInput,
+  checkHttpToolInput: () => checkHttpToolInput,
+  checkInjectionPatterns: () => checkInjectionPatterns,
+  isSafeUrl: () => isSafeUrl,
+  readRecentAuditEntries: () => readRecentAuditEntries,
+  sanitizeCommand: () => sanitizeCommand,
+  validatePath: () => validatePath
+});
+module.exports = __toCommonJS(security_exports);
+var fs = __toESM(require("node:fs"));
+var path = __toESM(require("node:path"));
+var import_node_os = __toESM(require("node:os"));
+var BLOCKED_COMMANDS = /* @__PURE__ */ new Set([
+  // System modification
+  "rm",
+  "rmdir",
+  "del",
+  "format",
+  "fdisk",
+  "mkfs",
+  "dd",
+  "shred",
+  "wipe",
+  "srm",
+  // Privilege escalation
+  "sudo",
+  "su",
+  "doas",
+  "pkexec",
+  "gksudo",
+  "kdesu",
+  // Network attacks
+  "nmap",
+  "nc",
+  "netcat",
+  "telnet",
+  "wget",
+  "curl",
+  "ssh",
+  "scp",
+  "sftp",
+  "rsync",
+  // Package management
+  "apt",
+  "apt-get",
+  "yum",
+  "dnf",
+  "pacman",
+  "pip",
+  "npm",
+  "yarn",
+  "cargo",
+  // Process control
+  "kill",
+  "killall",
+  "pkill",
+  "xkill",
+  "systemctl",
+  "service",
+  // User management
+  "useradd",
+  "userdel",
+  "usermod",
+  "passwd",
+  "adduser",
+  "deluser",
+  // Dangerous shell features
+  "exec",
+  "eval",
+  "source",
+  ".",
+  "alias",
+  // Filesystem
+  "mount",
+  "umount",
+  "chown",
+  "chmod",
+  "chattr",
+  "lsattr",
+  // Shell escapes
+  "vi",
+  "vim",
+  "nano",
+  "emacs",
+  "less",
+  "more",
+  "man"
+]);
+var BLOCKED_URL_PATTERNS = /* @__PURE__ */ new Set([
+  // Loopback
+  "localhost",
+  "127.0.0.1",
+  "0.0.0.0",
+  "::1",
+  // RFC1918 private ranges
+  "10.",
+  "192.168.",
+  "172.16.",
+  "172.17.",
+  "172.18.",
+  "172.19.",
+  "172.20.",
+  "172.21.",
+  "172.22.",
+  "172.23.",
+  "172.24.",
+  "172.25.",
+  "172.26.",
+  "172.27.",
+  "172.28.",
+  "172.29.",
+  "172.30.",
+  "172.31.",
+  // Cloud metadata endpoints
+  "169.254.169.254",
+  // Internal service patterns
+  "internal.",
+  "local.",
+  "private.",
+  "intranet."
+]);
+var CRITICAL_SYSTEM_DIRS = [
+  "/etc",
+  "/root",
+  "/var",
+  "/usr",
+  "/bin",
+  "/sbin",
+  "/boot",
+  "/dev",
+  "/proc",
+  "/sys"
+];
+function validatePath(filePath, allowedDirs) {
+  if (!filePath) return { valid: false, error: "Path cannot be empty" };
+  if (filePath.startsWith("\\\\")) {
+    return { valid: false, error: "UNC paths not allowed" };
+  }
+  if (filePath.includes("../") || filePath.includes("..\\")) {
+    return { valid: false, error: "Path traversal detected: parent directory access not allowed" };
+  }
+  let resolved;
+  try {
+    resolved = path.resolve(filePath);
+  } catch {
+    return { valid: false, error: "Invalid path format" };
+  }
+  for (const critical of CRITICAL_SYSTEM_DIRS) {
+    if (resolved.startsWith(critical + "/") || resolved === critical) {
+      return { valid: false, error: `Access to system directory denied: ${critical}` };
+    }
+  }
+  const sensitivePaths = [
+    "/etc/shadow",
+    "/etc/passwd",
+    "/.ssh/",
+    "/.gnupg/",
+    path.join(import_node_os.default.homedir(), ".ssh"),
+    path.join(import_node_os.default.homedir(), ".gnupg"),
+    path.join(import_node_os.default.homedir(), ".pi", "agent", "models.json")
+  ];
+  for (const sensitive of sensitivePaths) {
+    if (resolved.startsWith(sensitive) || resolved === sensitive) {
+      return { valid: false, error: `Access to sensitive path denied: ${sensitive}` };
+    }
+  }
+  const cwd = process.cwd();
+  const safePrefixes = ["/tmp", "/var/tmp", "/home", cwd];
+  for (const prefix of safePrefixes) {
+    if (resolved.startsWith(prefix)) return { valid: true, error: "" };
+  }
+  if (allowedDirs) {
+    for (const dir of allowedDirs) {
+      try {
+        const absDir = path.resolve(dir);
+        if (resolved.startsWith(absDir)) return { valid: true, error: "" };
+      } catch {
+      }
+    }
+  }
+  return { valid: false, error: `Path not in allowed directories: ${filePath}` };
+}
+function isSafeUrl(url, blockSsrf = true) {
+  if (!url) return { safe: false, error: "URL cannot be empty" };
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch (e) {
+    return { safe: false, error: `Invalid URL format: ${e.message}` };
+  }
+  const scheme = parsed.protocol.replace(":", "").toLowerCase();
+  if (scheme !== "http" && scheme !== "https") {
+    return { safe: false, error: `URL scheme not allowed: ${parsed.protocol}` };
+  }
+  if (!parsed.hostname) {
+    return { safe: false, error: "URL must have a hostname" };
+  }
+  const hostname = parsed.hostname.toLowerCase();
+  if (blockSsrf) {
+    for (const pattern of BLOCKED_URL_PATTERNS) {
+      if (hostname === pattern || hostname.endsWith("." + pattern) || hostname.startsWith(pattern)) {
+        return { safe: false, error: `SSRF protection: blocked hostname pattern '${pattern}'` };
+      }
+    }
+  }
+  return { safe: true, error: "" };
+}
+var INJECTION_PATTERNS = [
+  /;\s*\w+/,
+  // Command chaining
+  /\|\s*\w+/,
+  // Piping to another command
+  /&&\s*\w+/,
+  // AND chaining
+  /\|\|\s*\w+/,
+  // OR chaining
+  /`[^`]+`/,
+  // Command substitution (backticks)
+  /\$\([^)]+\)/,
+  // Command substitution ($())
+  /\$\{[^}]+\}/,
+  // Variable expansion
+  />\s*\S+/,
+  // Output redirection
+  /<\s*\S+/,
+  // Input redirection
+  /\|(?=[^\s|])/
+  // Bare pipe without space
+];
+function sanitizeCommand(command) {
+  if (!command) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  const parts = command.trim().split(/\s+/);
+  if (!parts.length) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  let baseCmd = parts[0].toLowerCase();
+  if (baseCmd.includes("/")) baseCmd = baseCmd.split("/").pop();
+  if (baseCmd.includes("\\")) baseCmd = baseCmd.split("\\").pop();
+  if (BLOCKED_COMMANDS.has(baseCmd)) {
+    return { isSafe: false, error: `Blocked command: ${baseCmd}`, command: "" };
+  }
+  const stripped = command.replace(/\n/g, " ").replace(/\r/g, " ");
+  if (stripped !== command) {
+    return { isSafe: false, error: "Newline characters detected: potential command injection", command: "" };
+  }
+  for (const pattern of INJECTION_PATTERNS) {
+    if (pattern.test(command)) {
+      return { isSafe: false, error: `Potential injection pattern detected`, command: "" };
+    }
+  }
+  return { isSafe: true, error: "", command };
+}
+var AUDIT_DIR = path.join(import_node_os.default.homedir(), ".pi", "agent");
+var AUDIT_LOG_PATH = path.join(AUDIT_DIR, "audit.log");
+function appendAuditEntry(entry) {
+  try {
+    if (!fs.existsSync(AUDIT_DIR)) {
+      fs.mkdirSync(AUDIT_DIR, { recursive: true });
+    }
+    const line = JSON.stringify(entry) + "\n";
+    fs.appendFileSync(AUDIT_LOG_PATH, line, "utf-8");
+  } catch {
+  }
+}
+function readRecentAuditEntries(count = 50) {
+  try {
+    if (!fs.existsSync(AUDIT_LOG_PATH)) return [];
+    const content = fs.readFileSync(AUDIT_LOG_PATH, "utf-8");
+    const lines = content.trim().split("\n");
+    const recent = lines.slice(-count);
+    return recent.map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return {};
+      }
+    });
+  } catch {
+    return [];
+  }
+}
+function checkBashToolInput(input) {
+  const command = input.command ?? input.cmd ?? "";
+  if (!command) return { safe: true, rule: "", detail: "" };
+  const result = sanitizeCommand(command);
+  if (!result.isSafe) {
+    return { safe: false, rule: "command_blocklist", detail: result.error };
+  }
+  return { safe: true, rule: "", detail: "" };
+}
+function checkFileToolInput(input) {
+  const filePaths = [
+    input.file_path,
+    input.path,
+    input.output_path,
+    input.filePath,
+    input.inputPath
+  ].filter((p) => typeof p === "string" && p.length > 0);
+  for (const filePath of filePaths) {
+    const result = validatePath(filePath);
+    if (!result.valid) {
+      return { safe: false, rule: "path_validation", detail: result.error };
+    }
+  }
+  return { safe: true, rule: "", detail: "" };
+}
+function checkHttpToolInput(input) {
+  const url = input.url ?? input.uri ?? input.endpoint ?? "";
+  if (!url) return { safe: true, rule: "", detail: "" };
+  const result = isSafeUrl(url);
+  if (!result.safe) {
+    return { safe: false, rule: "ssrf_protection", detail: result.error };
+  }
+  return { safe: true, rule: "", detail: "" };
+}
+function checkInjectionPatterns(input) {
+  const dangerousPatterns = [
+    /;\s*(rm|sudo|chmod|chown|mkfs|dd|shred)\b/,
+    /\|\s*(rm|sudo|chmod|shred|mkfs)\b/,
+    /\$\([^)]*\)/,
+    /`[^`]+`/
+  ];
+  for (const [key, value] of Object.entries(input)) {
+    if (typeof value !== "string") continue;
+    for (const pattern of dangerousPatterns) {
+      if (pattern.test(value)) {
+        return {
+          safe: false,
+          rule: "injection_detection",
+          detail: `Suspicious pattern in argument '${key}'`
+        };
+      }
+    }
+  }
+  return { safe: true, rule: "", detail: "" };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BLOCKED_COMMANDS,
+  BLOCKED_URL_PATTERNS,
+  appendAuditEntry,
+  checkBashToolInput,
+  checkFileToolInput,
+  checkHttpToolInput,
+  checkInjectionPatterns,
+  isSafeUrl,
+  readRecentAuditEntries,
+  sanitizeCommand,
+  validatePath
+});

package/types.js

@@ -0,0 +1,95 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// shared/types.ts
+var types_exports = {};
+__export(types_exports, {
+  EmptyResponseError: () => EmptyResponseError,
+  ModelTimeoutError: () => ModelTimeoutError,
+  OllamaConnectionError: () => OllamaConnectionError,
+  SecurityBlockError: () => SecurityBlockError,
+  ToolParseError: () => ToolParseError
+});
+module.exports = __toCommonJS(types_exports);
+var OllamaConnectionError = class extends Error {
+  constructor(message, cause) {
+    super(message);
+    /** The underlying error that caused this connection failure, if any. */
+    __publicField(this, "cause");
+    this.name = "OllamaConnectionError";
+    this.cause = cause;
+  }
+};
+var ModelTimeoutError = class extends Error {
+  constructor(model, timeoutMs) {
+    super(`Model ${model} timed out after ${timeoutMs}ms`);
+    /** The name of the model that timed out. */
+    __publicField(this, "model");
+    /** The timeout duration in milliseconds. */
+    __publicField(this, "timeoutMs");
+    this.name = "ModelTimeoutError";
+    this.model = model;
+    this.timeoutMs = timeoutMs;
+  }
+};
+var EmptyResponseError = class extends Error {
+  constructor(model, details) {
+    super(`Empty response from model ${model}: ${details}`);
+    /** The name of the model that returned an empty response. */
+    __publicField(this, "model");
+    /** Additional details about why the response was considered empty. */
+    __publicField(this, "details");
+    this.name = "EmptyResponseError";
+    this.model = model;
+    this.details = details;
+  }
+};
+var SecurityBlockError = class extends Error {
+  constructor(rule, detail, input) {
+    super(`[SECURITY] ${detail} (rule: ${rule})`);
+    /** The name of the security rule that was triggered. */
+    __publicField(this, "rule");
+    /** Detailed explanation of why the operation was blocked. */
+    __publicField(this, "detail");
+    /** The original input that was blocked. */
+    __publicField(this, "input");
+    this.name = "SecurityBlockError";
+    this.rule = rule;
+    this.detail = detail;
+    this.input = input;
+  }
+};
+var ToolParseError = class extends Error {
+  constructor(message, rawText) {
+    super(`Tool parse error: ${message}`);
+    /** The raw text that failed to parse. */
+    __publicField(this, "rawText");
+    this.name = "ToolParseError";
+    this.rawText = rawText;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  EmptyResponseError,
+  ModelTimeoutError,
+  OllamaConnectionError,
+  SecurityBlockError,
+  ToolParseError
+});