agent-insights 0.0.9 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +206 -98
- package/dist/cli.js.map +1 -1
- package/dist/index.js +68 -24
- package/dist/index.js.map +1 -1
- package/package.json +2 -1
package/dist/index.js
CHANGED
|
@@ -334,6 +334,12 @@ function getAdapter(id) {
|
|
|
334
334
|
import { mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
|
|
335
335
|
import { dirname as dirname3 } from "path";
|
|
336
336
|
|
|
337
|
+
// src/config/analyzer.ts
|
|
338
|
+
var DEFAULT_ANALYZER_URL = "https://agent-insights.labs.vercel.dev";
|
|
339
|
+
function getAnalyzerUrl() {
|
|
340
|
+
return process.env.AGENT_INSIGHTS_ANALYZER_URL || DEFAULT_ANALYZER_URL;
|
|
341
|
+
}
|
|
342
|
+
|
|
337
343
|
// src/config/paths.ts
|
|
338
344
|
import { homedir as homedir3 } from "os";
|
|
339
345
|
import { join as join3 } from "path";
|
|
@@ -346,6 +352,9 @@ function configFile() {
|
|
|
346
352
|
function authFile() {
|
|
347
353
|
return join3(configRoot(), "auth.json");
|
|
348
354
|
}
|
|
355
|
+
function bypassSecretFile() {
|
|
356
|
+
return join3(configRoot(), "bypass-secret");
|
|
357
|
+
}
|
|
349
358
|
function sessionCacheDir() {
|
|
350
359
|
return join3(configRoot(), "session-cache");
|
|
351
360
|
}
|
|
@@ -382,7 +391,7 @@ function defaultConfig() {
|
|
|
382
391
|
},
|
|
383
392
|
sessionAnalysis: {
|
|
384
393
|
enabled: false,
|
|
385
|
-
analyzerUrl:
|
|
394
|
+
analyzerUrl: getAnalyzerUrl(),
|
|
386
395
|
githubIssueRepo: "vercel-labs/agent-insights"
|
|
387
396
|
},
|
|
388
397
|
agents: {
|
|
@@ -441,7 +450,7 @@ function mergeConfig(base, patch) {
|
|
|
441
450
|
}
|
|
442
451
|
|
|
443
452
|
// src/transcript/store.ts
|
|
444
|
-
import { readFile as
|
|
453
|
+
import { readFile as readFile6 } from "fs/promises";
|
|
445
454
|
import { put } from "@vercel/blob";
|
|
446
455
|
|
|
447
456
|
// src/auth/store.ts
|
|
@@ -504,9 +513,9 @@ async function saveAuth(state) {
|
|
|
504
513
|
}
|
|
505
514
|
}
|
|
506
515
|
async function clearAuth() {
|
|
507
|
-
const { unlink } = await import("fs/promises");
|
|
516
|
+
const { unlink: unlink2 } = await import("fs/promises");
|
|
508
517
|
try {
|
|
509
|
-
await
|
|
518
|
+
await unlink2(authFile());
|
|
510
519
|
} catch (err) {
|
|
511
520
|
if (err.code !== "ENOENT") throw err;
|
|
512
521
|
}
|
|
@@ -535,6 +544,28 @@ async function getValidToken() {
|
|
|
535
544
|
}
|
|
536
545
|
}
|
|
537
546
|
|
|
547
|
+
// src/config/bypass.ts
|
|
548
|
+
import { chmod as chmod2, mkdir as mkdir5, readFile as readFile5, unlink, writeFile as writeFile5 } from "fs/promises";
|
|
549
|
+
import { dirname as dirname5 } from "path";
|
|
550
|
+
async function loadBypassSecret() {
|
|
551
|
+
const fromEnv = process.env.AGENT_INSIGHTS_BYPASS_SECRET || process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
|
|
552
|
+
if (fromEnv) return fromEnv;
|
|
553
|
+
try {
|
|
554
|
+
const raw = (await readFile5(bypassSecretFile(), "utf8")).trim();
|
|
555
|
+
return raw || void 0;
|
|
556
|
+
} catch (err) {
|
|
557
|
+
if (err.code === "ENOENT") return void 0;
|
|
558
|
+
throw err;
|
|
559
|
+
}
|
|
560
|
+
}
|
|
561
|
+
async function withBypassHeader(headers) {
|
|
562
|
+
const secret = await loadBypassSecret();
|
|
563
|
+
if (secret) {
|
|
564
|
+
headers["x-vercel-protection-bypass"] = secret;
|
|
565
|
+
}
|
|
566
|
+
return headers;
|
|
567
|
+
}
|
|
568
|
+
|
|
538
569
|
// src/transcript/store.ts
|
|
539
570
|
var NoopTranscriptStore = class {
|
|
540
571
|
async upload() {
|
|
@@ -552,7 +583,7 @@ var BlobTranscriptStore = class {
|
|
|
552
583
|
token;
|
|
553
584
|
prefix;
|
|
554
585
|
async upload(input) {
|
|
555
|
-
const body = await
|
|
586
|
+
const body = await readFile6(input.transcriptPath);
|
|
556
587
|
const requestedPath = buildPathname(
|
|
557
588
|
this.prefix,
|
|
558
589
|
input.userHash,
|
|
@@ -583,19 +614,16 @@ var AnalyzerTranscriptStore = class {
|
|
|
583
614
|
"transcript store: not logged in \u2014 run `agent-insights login`"
|
|
584
615
|
);
|
|
585
616
|
}
|
|
586
|
-
const body = await
|
|
617
|
+
const body = await readFile6(input.transcriptPath);
|
|
587
618
|
const url = new URL("/api/sessions/upload", this.analyzerUrl).toString();
|
|
588
|
-
const
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
"x-agent": input.agent,
|
|
595
|
-
"x-user-hash": input.userHash
|
|
596
|
-
},
|
|
597
|
-
body
|
|
619
|
+
const headers = await withBypassHeader({
|
|
620
|
+
authorization: `Bearer ${token}`,
|
|
621
|
+
"content-type": "application/jsonl",
|
|
622
|
+
"x-session-id": input.sessionId,
|
|
623
|
+
"x-agent": input.agent,
|
|
624
|
+
"x-user-hash": input.userHash
|
|
598
625
|
});
|
|
626
|
+
const res = await fetch(url, { method: "POST", headers, body });
|
|
599
627
|
if (!res.ok) {
|
|
600
628
|
const text = await res.text().catch(() => "");
|
|
601
629
|
throw new Error(
|
|
@@ -613,27 +641,43 @@ var AnalyzerTranscriptStore = class {
|
|
|
613
641
|
};
|
|
614
642
|
}
|
|
615
643
|
async ping() {
|
|
616
|
-
|
|
644
|
+
const token = await getValidToken();
|
|
645
|
+
if (!token) {
|
|
617
646
|
return {
|
|
618
647
|
ok: false,
|
|
619
|
-
reason: "
|
|
648
|
+
reason: "not logged in \u2014 run `agent-insights login`"
|
|
620
649
|
};
|
|
621
650
|
}
|
|
622
|
-
|
|
623
|
-
|
|
651
|
+
try {
|
|
652
|
+
const url = new URL("/api/sessions/upload", this.analyzerUrl).toString();
|
|
653
|
+
const headers = await withBypassHeader({
|
|
654
|
+
authorization: `Bearer ${token}`
|
|
655
|
+
});
|
|
656
|
+
const res = await fetch(url, { method: "POST", headers });
|
|
657
|
+
if (res.status === 400) return { ok: true };
|
|
658
|
+
if (res.status === 401 || res.status === 403) {
|
|
659
|
+
const ct = res.headers.get("content-type") ?? "";
|
|
660
|
+
if (ct.includes("text/html")) {
|
|
661
|
+
return {
|
|
662
|
+
ok: false,
|
|
663
|
+
reason: "blocked by Vercel deployment protection \u2014 set a bypass secret via `agent-insights init --bypass-secret <secret>`"
|
|
664
|
+
};
|
|
665
|
+
}
|
|
666
|
+
return { ok: false, reason: `analyzer rejected token (${res.status})` };
|
|
667
|
+
}
|
|
668
|
+
return { ok: false, reason: `unexpected status ${res.status}` };
|
|
669
|
+
} catch (err) {
|
|
624
670
|
return {
|
|
625
671
|
ok: false,
|
|
626
|
-
reason:
|
|
672
|
+
reason: `analyzer unreachable: ${err.message}`
|
|
627
673
|
};
|
|
628
674
|
}
|
|
629
|
-
return { ok: true };
|
|
630
675
|
}
|
|
631
676
|
};
|
|
632
677
|
function createTranscriptStore(cfg) {
|
|
633
678
|
if (cfg.type === "none") return new NoopTranscriptStore();
|
|
634
679
|
if (cfg.type === "analyzer") {
|
|
635
|
-
|
|
636
|
-
return new AnalyzerTranscriptStore(analyzerUrl);
|
|
680
|
+
return new AnalyzerTranscriptStore(getAnalyzerUrl());
|
|
637
681
|
}
|
|
638
682
|
const token = process.env[cfg.tokenEnv];
|
|
639
683
|
if (!token) {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/privacy/hash.ts","../src/privacy/sanitize.ts","../src/adapters/claude-code.ts","../src/adapters/cursor.ts","../src/adapters/registry.ts","../src/config/config.ts","../src/config/paths.ts","../src/transcript/store.ts","../src/auth/store.ts","../src/auth/oauth.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\n/**\n * Stable SHA-256 hash of a value, hex-encoded.\n *\n * Used to anonymize usernames, repo remote URLs, workspace paths, and\n * session identifiers before they leave the machine.\n */\nexport function sha256(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n/** Short prefix of `sha256(value)` for human-readable dashboards. */\nexport function shortHash(value: string, length = 12): string {\n return sha256(value).slice(0, length);\n}\n","/**\n * Keys that must never appear in any payload that leaves the machine.\n *\n * Matching is case-insensitive and snake_case/camelCase agnostic — we strip a\n * key if its normalized form equals one of these values.\n */\nconst FORBIDDEN_KEYS: ReadonlySet<string> = new Set([\n \"prompt\",\n \"prompts\",\n \"message\",\n \"messages\",\n \"content\",\n \"text\",\n \"transcript\",\n \"toolinput\",\n \"input\",\n \"arguments\",\n \"args\",\n \"params\",\n \"file\",\n \"filecontent\",\n \"filecontents\",\n \"diff\",\n \"patch\",\n \"secret\",\n \"secrets\",\n \"token\",\n \"apikey\",\n \"authorization\",\n \"password\",\n \"credentials\",\n]);\n\nconst MAX_STRING_LENGTH = 256;\n\n/** Allowed primitive value types in sanitized metadata. */\nexport type SanitizedPrimitive = string | number | boolean | null;\n\nfunction normalizeKey(key: string): string {\n return key.toLowerCase().replace(/[_\\-\\s]/g, \"\");\n}\n\nfunction truncate(value: string): string {\n if (value.length <= MAX_STRING_LENGTH) return value;\n return `${value.slice(0, MAX_STRING_LENGTH)}…[truncated]`;\n}\n\nfunction sanitizePrimitive(value: unknown): SanitizedPrimitive | undefined {\n if (value === null) return null;\n switch (typeof value) {\n case \"string\":\n return truncate(value);\n case \"number\":\n return Number.isFinite(value) ? value : null;\n case \"boolean\":\n return value;\n default:\n return undefined;\n }\n}\n\n/**\n * Recursively remove forbidden keys from an arbitrary payload.\n *\n * Returned shape:\n * - Objects keep allowed primitive fields (truncated to {@link MAX_STRING_LENGTH}).\n * - Arrays keep allowed primitive elements; nested objects/arrays are recursed.\n * - Non-primitive, non-container values (functions, symbols, Buffers, …) are dropped.\n */\nexport function sanitize(input: unknown): unknown {\n return sanitizeInner(input);\n}\n\nfunction sanitizeInner(value: unknown): unknown {\n if (Array.isArray(value)) {\n const out: unknown[] = [];\n for (const item of value) {\n const sanitizedItem = sanitizeInner(item);\n if (sanitizedItem !== undefined) {\n out.push(sanitizedItem);\n }\n }\n return out;\n }\n\n if (value && typeof value === \"object\") {\n const out: Record<string, unknown> = {};\n for (const [rawKey, rawValue] of Object.entries(value)) {\n if (FORBIDDEN_KEYS.has(normalizeKey(rawKey))) {\n continue;\n }\n if (rawValue && typeof rawValue === \"object\") {\n out[rawKey] = sanitizeInner(rawValue);\n } else {\n const primitive = sanitizePrimitive(rawValue);\n if (primitive !== undefined) {\n out[rawKey] = primitive;\n }\n }\n }\n return out;\n }\n\n return sanitizePrimitive(value);\n}\n\nexport const __testing = { FORBIDDEN_KEYS, normalizeKey };\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\nconst HOOK_MAP: Record<string, AgentEventType> = {\n SessionStart: \"session.start\",\n SessionEnd: \"session.end\",\n UserPromptSubmit: \"user.prompt.submit\",\n PreToolUse: \"tool.start\",\n PostToolUse: \"tool.end\",\n PostToolUseFailure: \"tool.failure\",\n PermissionRequest: \"permission.request\",\n PermissionDenied: \"permission.denied\",\n SubagentStart: \"subagent.start\",\n SubagentStop: \"subagent.end\",\n Stop: \"agent.stop\",\n Notification: \"notification\",\n PreCompact: \"context.compact.start\",\n PostCompact: \"context.compact.end\",\n};\n\nexport const CLAUDE_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype ClaudeHookEntry = {\n type: \"command\";\n command: string;\n};\n\ntype ClaudeSettings = {\n hooks?: Record<string, ClaudeHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const claudeCodeAdapter: Adapter = {\n id: \"claude-code\",\n agent: \"claude-code\",\n label: \"Claude Code\",\n settingsFile: \".claude/settings.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n const sessionId =\n asString(data[\"session_id\"]) ?? asString(data[\"sessionId\"]);\n const toolName =\n asString(data[\"tool_name\"]) ??\n asString(data[\"toolName\"]) ??\n asString((data[\"tool\"] as Record<string, unknown> | undefined)?.[\"name\"]);\n const transcriptPath =\n asString(data[\"transcript_path\"]) ?? asString(data[\"transcriptPath\"]);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n const next: ClaudeSettings = { ...(settings ?? {}) };\n const hooks: Record<string, ClaudeHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CLAUDE_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({\n type: \"command\",\n command: `${HOOK_COMMAND_NAME} hook ${event}`,\n });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<ClaudeSettings>(\n resolveClaudePath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveClaudePath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".claude\", \"settings.json\")\n : join(repoRoot, \".claude\", \"settings.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\n/**\n * Cursor native hook names (camelCase) → common schema. Reference:\n * https://cursor.com/docs/hooks\n */\nconst HOOK_MAP: Record<string, AgentEventType> = {\n sessionStart: \"session.start\",\n sessionEnd: \"session.end\",\n beforeSubmitPrompt: \"user.prompt.submit\",\n preToolUse: \"tool.start\",\n postToolUse: \"tool.end\",\n postToolUseFailure: \"tool.failure\",\n subagentStart: \"subagent.start\",\n subagentStop: \"subagent.end\",\n stop: \"agent.stop\",\n preCompact: \"context.compact.start\",\n // Additional events — mapped to existing schema types\n beforeShellExecution: \"tool.start\",\n afterShellExecution: \"tool.end\",\n afterFileEdit: \"tool.end\",\n workspaceOpen: \"session.start\",\n};\n\nexport const CURSOR_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype CursorHookEntry = {\n command: string;\n};\n\ntype CursorHooksConfig = {\n /** Cursor expects schema version 1 at the top level. */\n version?: number;\n hooks?: Record<string, CursorHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const cursorAdapter: Adapter = {\n id: \"cursor\",\n agent: \"cursor\",\n label: \"Cursor\",\n settingsFile: \".cursor/hooks.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n // Cursor uses `session_id` in payloads and is identical to `conversation_id`.\n const sessionId =\n asString(data[\"session_id\"]) ??\n asString(data[\"sessionId\"]) ??\n asString(data[\"conversation_id\"]);\n const toolName = asString(data[\"tool_name\"]) ?? asString(data[\"toolName\"]);\n\n // transcript_path is confirmed in all Cursor hook payloads.\n const transcriptPath =\n asString(data[\"transcript_path\"]) ??\n asString(data[\"transcriptPath\"]) ??\n asString(process.env.CURSOR_TRANSCRIPT_PATH);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n const next: CursorHooksConfig = {\n version: 1,\n ...(settings ?? {}),\n };\n const hooks: Record<string, CursorHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CURSOR_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({ command: `${HOOK_COMMAND_NAME} hook ${event}` });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<CursorHooksConfig>(\n resolveCursorPath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveCursorPath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".cursor\", \"hooks.json\")\n : join(repoRoot, \".cursor\", \"hooks.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { claudeCodeAdapter } from \"./claude-code.js\";\nimport { cursorAdapter } from \"./cursor.js\";\nimport type { Adapter, AgentId } from \"./types.js\";\n\nexport const adapters: Record<AgentId, Adapter> = {\n \"claude-code\": claudeCodeAdapter,\n cursor: cursorAdapter,\n};\n\nexport const adapterList: ReadonlyArray<Adapter> = Object.values(adapters);\n\nexport function getAdapter(id: AgentId): Adapter {\n return adapters[id];\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { configFile, logsDir, sessionCacheDir } from \"./paths.js\";\n\nexport type ExporterConfig = {\n type: \"otlp\";\n endpoint: string;\n headers: Record<string, string>;\n dataset: string;\n};\n\nexport type HooksScope = \"global\" | \"local\";\n\nexport type TranscriptStoreConfig =\n | {\n /** Upload via analyzer API using AGENT_INSIGHTS_API_KEY (preferred). */\n type: \"analyzer\";\n }\n | {\n /** Direct upload with a Blob RW token (legacy / advanced). */\n type: \"blob\";\n tokenEnv: string;\n prefix: string;\n }\n | {\n type: \"none\";\n };\n\nexport type SessionAnalysisConfig = {\n /** Server-side enablement; user opts in via `userConsent.sessionAnalysis`. */\n enabled: boolean;\n /** Analyzer endpoint base URL. CLI POSTs to `${analyzerUrl}/api/sessions`. */\n analyzerUrl: string;\n /** GitHub repo for pre-filled new-issue URLs (display only; constructed by analyzer). */\n githubIssueRepo: string;\n};\n\nexport type AgentConfig = {\n enabled: boolean;\n};\n\nexport type AgentInsightsConfig = {\n version: 1;\n enabled: boolean;\n /** Where agent hook entries are written. Default `global` (user home). */\n hooksScope: HooksScope;\n vercel: {\n team: string;\n project: string;\n };\n userConsent: {\n eventTelemetry: boolean;\n transcriptSync: boolean;\n sessionAnalysis: boolean;\n };\n exporter: ExporterConfig;\n transcriptStore: TranscriptStoreConfig;\n sessionAnalysis: SessionAnalysisConfig;\n agents: Record<\"claudeCode\" | \"cursor\", AgentConfig>;\n privacy: {\n capturePrompts: false;\n captureMessages: false;\n captureToolInputs: false;\n captureFileContents: false;\n };\n};\n\nexport function defaultConfig(): AgentInsightsConfig {\n return {\n version: 1,\n enabled: true,\n hooksScope: \"global\",\n vercel: {\n team: \"vercel-labs\",\n project: \"agent-insights\",\n },\n userConsent: {\n eventTelemetry: false,\n transcriptSync: false,\n sessionAnalysis: false,\n },\n exporter: {\n type: \"otlp\",\n endpoint: process.env.AGENT_INSIGHTS_OTEL_ENDPOINT ?? \"\",\n headers: {},\n dataset: \"agent-insights\",\n },\n transcriptStore: {\n // Upload via the analyzer using the SiwV bearer token — no client-side\n // Blob token required. Set `transcriptStore.type` to \"blob\" in\n // config.json to switch to direct uploads with BLOB_READ_WRITE_TOKEN.\n type: \"analyzer\",\n },\n sessionAnalysis: {\n enabled: false,\n analyzerUrl: process.env.AGENT_INSIGHTS_ANALYZER_URL ?? \"\",\n githubIssueRepo: \"vercel-labs/agent-insights\",\n },\n agents: {\n claudeCode: { enabled: false },\n cursor: { enabled: false },\n },\n privacy: {\n capturePrompts: false,\n captureMessages: false,\n captureToolInputs: false,\n captureFileContents: false,\n },\n };\n}\n\nexport async function loadConfig(): Promise<AgentInsightsConfig | undefined> {\n try {\n const raw = await readFile(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AgentInsightsConfig>;\n return mergeConfig(defaultConfig(), parsed);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveConfig(cfg: AgentInsightsConfig): Promise<void> {\n await ensureDirs();\n await writeFile(configFile(), `${JSON.stringify(cfg, null, 2)}\\n`, \"utf8\");\n}\n\nexport async function ensureDirs(): Promise<void> {\n await mkdir(dirname(configFile()), { recursive: true });\n await mkdir(sessionCacheDir(), { recursive: true });\n await mkdir(logsDir(), { recursive: true });\n}\n\nfunction mergeConfig(\n base: AgentInsightsConfig,\n patch: Partial<AgentInsightsConfig>,\n): AgentInsightsConfig {\n return {\n ...base,\n ...patch,\n vercel: { ...base.vercel, ...(patch.vercel ?? {}) },\n userConsent: { ...base.userConsent, ...(patch.userConsent ?? {}) },\n exporter: { ...base.exporter, ...(patch.exporter ?? {}) },\n transcriptStore: (patch.transcriptStore ??\n base.transcriptStore) as TranscriptStoreConfig,\n sessionAnalysis: {\n ...base.sessionAnalysis,\n ...(patch.sessionAnalysis ?? {}),\n },\n agents: {\n claudeCode: {\n ...base.agents.claudeCode,\n ...(patch.agents?.claudeCode ?? {}),\n },\n cursor: { ...base.agents.cursor, ...(patch.agents?.cursor ?? {}) },\n },\n privacy: base.privacy,\n };\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\n/** Root directory for agent-insights state. Honors `AGENT_INSIGHTS_HOME`. */\nexport function configRoot(): string {\n return process.env.AGENT_INSIGHTS_HOME ?? join(homedir(), \".agent-insights\");\n}\n\nexport function configFile(): string {\n return join(configRoot(), \"config.json\");\n}\n\n/** API key storage (`chmod 600`). Not checked into git. */\nexport function credentialsFile(): string {\n return join(configRoot(), \"credentials.json\");\n}\n\n/** OAuth token storage (`chmod 600`). Not checked into git. */\nexport function authFile(): string {\n return join(configRoot(), \"auth.json\");\n}\n\nexport function sessionCacheDir(): string {\n return join(configRoot(), \"session-cache\");\n}\n\nexport function logsDir(): string {\n return join(configRoot(), \"logs\");\n}\n\nexport const CLAUDE_SETTINGS_FILE = \".claude/settings.json\";\nexport const CURSOR_HOOKS_FILE = \".cursor/hooks.json\";\n\n/** User-level Claude Code settings (hooks apply in every repo). */\nexport function claudeUserSettingsPath(): string {\n return join(homedir(), \".claude\", \"settings.json\");\n}\n\n/** User-level Cursor hooks (hooks apply in every project). */\nexport function cursorUserHooksPath(): string {\n return join(homedir(), \".cursor\", \"hooks.json\");\n}\n","import { readFile } from \"node:fs/promises\";\nimport { put } from \"@vercel/blob\";\nimport { getValidToken } from \"../auth/store.js\";\nimport type { TranscriptStoreConfig } from \"../config/config.js\";\n\nexport type TranscriptUploadInput = {\n /** Absolute path on disk to the transcript file. */\n transcriptPath: string;\n /** SHA256-hashed user identifier. Used in the upload pathname. */\n userHash: string;\n /** Session identifier supplied by the agent. */\n sessionId: string;\n /** Agent name (e.g. \"claude-code\"). */\n agent: string;\n};\n\nexport type TranscriptUploadResult = {\n pathname: string;\n url: string;\n size: number;\n};\n\nexport interface TranscriptStore {\n upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult>;\n /** Lightweight health check used by `doctor`. */\n ping(): Promise<{ ok: true } | { ok: false; reason: string }>;\n}\n\nclass NoopTranscriptStore implements TranscriptStore {\n async upload(): Promise<TranscriptUploadResult> {\n throw new Error(\"transcript store disabled (transcriptStore.type=none)\");\n }\n async ping(): Promise<{ ok: false; reason: string }> {\n return { ok: false, reason: \"transcript store disabled\" };\n }\n}\n\nclass BlobTranscriptStore implements TranscriptStore {\n constructor(\n private readonly token: string,\n private readonly prefix: string,\n ) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const body = await readFile(input.transcriptPath);\n const requestedPath = buildPathname(\n this.prefix,\n input.userHash,\n input.sessionId,\n );\n const blob = await put(requestedPath, body, {\n access: \"private\",\n token: this.token,\n contentType: \"application/jsonl\",\n addRandomSuffix: true,\n });\n return { pathname: blob.pathname, url: blob.url, size: body.byteLength };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.token) return { ok: false, reason: \"missing token\" };\n return { ok: true };\n }\n}\n\n/**\n * Uploads transcripts via the analyzer's POST /api/sessions/upload endpoint\n * using the Sign-in-with-Vercel bearer token. The analyzer then proxies the\n * write to Vercel Blob with its own server-side credentials, so this client\n * does not need a Blob read/write token.\n */\nclass AnalyzerTranscriptStore implements TranscriptStore {\n constructor(private readonly analyzerUrl: string) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const token = await getValidToken();\n if (!token) {\n throw new Error(\n \"transcript store: not logged in — run `agent-insights login`\",\n );\n }\n const body = await readFile(input.transcriptPath);\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const res = await fetch(url, {\n method: \"POST\",\n headers: {\n authorization: `Bearer ${token}`,\n \"content-type\": \"application/jsonl\",\n \"x-session-id\": input.sessionId,\n \"x-agent\": input.agent,\n \"x-user-hash\": input.userHash,\n },\n body,\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `transcript upload failed (${res.status}): ${text || res.statusText}`,\n );\n }\n const json = (await res.json()) as {\n ok: boolean;\n blobUrl?: string;\n pathname?: string;\n size?: number;\n error?: string;\n };\n if (!json.ok || !json.blobUrl || !json.pathname) {\n throw new Error(`transcript upload error: ${json.error ?? \"unknown\"}`);\n }\n return {\n pathname: json.pathname,\n url: json.blobUrl,\n size: json.size ?? body.byteLength,\n };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.analyzerUrl) {\n return {\n ok: false,\n reason: \"analyzer URL not set (AGENT_INSIGHTS_ANALYZER_URL)\",\n };\n }\n const token = await getValidToken();\n if (!token) {\n return {\n ok: false,\n reason: \"not logged in — run `agent-insights login`\",\n };\n }\n return { ok: true };\n }\n}\n\nexport function createTranscriptStore(\n cfg: TranscriptStoreConfig,\n): TranscriptStore {\n if (cfg.type === \"none\") return new NoopTranscriptStore();\n if (cfg.type === \"analyzer\") {\n const analyzerUrl = process.env.AGENT_INSIGHTS_ANALYZER_URL ?? \"\";\n return new AnalyzerTranscriptStore(analyzerUrl);\n }\n // type === \"blob\"\n const token = process.env[cfg.tokenEnv];\n if (!token) {\n throw new Error(\n `transcript store: env ${cfg.tokenEnv} is not set — run \\`agent-insights init --force\\` to switch to analyzer-proxied uploads (no token required), or \\`vercel env pull .env.local\\` to keep direct Blob uploads`,\n );\n }\n return new BlobTranscriptStore(token, cfg.prefix);\n}\n\nfunction buildPathname(\n prefix: string,\n userHash: string,\n sessionId: string,\n): string {\n const safePrefix = prefix.endsWith(\"/\") ? prefix : `${prefix}/`;\n const safeSession = encodeURIComponent(sessionId);\n return `${safePrefix}${userHash}/${safeSession}/transcript.jsonl`;\n}\n","import { chmod, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { mkdir } from \"node:fs/promises\";\nimport { authFile } from \"../config/paths.js\";\nimport { refreshAccessToken } from \"./oauth.js\";\n\nexport type AuthState = {\n accessToken: string;\n refreshToken?: string;\n /** Unix epoch milliseconds when the access token expires. */\n expiresAt: number;\n};\n\n/** How many ms before expiry we proactively refresh. */\nconst REFRESH_BUFFER_MS = 60_000;\n\nexport async function loadAuth(): Promise<AuthState | undefined> {\n try {\n const raw = await readFile(authFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AuthState>;\n if (typeof parsed.accessToken === \"string\" && parsed.accessToken.length > 0) {\n return parsed as AuthState;\n }\n return undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveAuth(state: AuthState): Promise<void> {\n const path = authFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(state, null, 2)}\\n`, {\n encoding: \"utf8\",\n mode: 0o600,\n });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows doesn't support chmod — ignore\n }\n}\n\nexport async function clearAuth(): Promise<void> {\n const { unlink } = await import(\"node:fs/promises\");\n try {\n await unlink(authFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Returns a valid access token, refreshing silently if needed.\n * Returns `undefined` if not logged in or refresh fails (caller should prompt login).\n */\nexport async function getValidToken(): Promise<string | undefined> {\n const auth = await loadAuth();\n if (!auth) return undefined;\n\n const needsRefresh = Date.now() >= auth.expiresAt - REFRESH_BUFFER_MS;\n if (!needsRefresh) return auth.accessToken;\n\n if (!auth.refreshToken) {\n // Access token expired, no refresh token — clear and force re-login\n await clearAuth();\n return undefined;\n }\n\n try {\n const tokens = await refreshAccessToken(auth.refreshToken);\n const refreshed: AuthState = {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? auth.refreshToken,\n expiresAt: Date.now() + tokens.expires_in * 1000,\n };\n await saveAuth(refreshed);\n return refreshed.accessToken;\n } catch {\n // Refresh failed (revoked, expired beyond 30 days) — clear and force re-login\n await clearAuth();\n return undefined;\n }\n}\n","import { createHash, randomBytes } from \"node:crypto\";\nimport { exec } from \"node:child_process\";\nimport { createServer } from \"node:http\";\nimport { platform } from \"node:os\";\n\n// ---------------------------------------------------------------------------\n// OAuth app config — Sign-in-with-Vercel client ID (public, not a secret).\n// Override at runtime via AGENT_INSIGHTS_CLIENT_ID env var.\n// ---------------------------------------------------------------------------\nexport const CLIENT_ID =\n process.env.AGENT_INSIGHTS_CLIENT_ID ?? \"cl_TxqqNFTHcF9kEtM48LBFsYfwjhJ9T8sz\";\n\nconst AUTH_ENDPOINT = \"https://vercel.com/oauth/authorize\";\nconst TOKEN_ENDPOINT = \"https://api.vercel.com/login/oauth/token\";\nconst USERINFO_ENDPOINT = \"https://api.vercel.com/login/oauth/userinfo\";\nconst REVOKE_ENDPOINT = \"https://api.vercel.com/login/oauth/token/revoke\";\n\n// Fixed port — must match the redirect URI registered in the OAuth app.\nconst CALLBACK_PORT = 9797;\nexport const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}/callback`;\n\nconst SCOPES = \"openid email profile offline_access\";\n\nexport type TokenResponse = {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n token_type: string;\n id_token?: string;\n};\n\nexport type UserInfo = {\n sub: string;\n email: string;\n email_verified: boolean;\n name?: string;\n preferred_username?: string;\n picture?: string;\n};\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\nfunction generateCodeVerifier(): string {\n return randomBytes(48).toString(\"base64url\");\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n return createHash(\"sha256\").update(verifier).digest(\"base64url\");\n}\n\nfunction generateState(): string {\n return randomBytes(16).toString(\"hex\");\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code + PKCE flow\n// ---------------------------------------------------------------------------\n\nexport type AuthCodeResult =\n | { status: \"success\"; code: string; state: string }\n | { status: \"error\"; message: string };\n\n/**\n * Starts a localhost callback server, opens the Vercel authorization URL in\n * the browser, and waits for the redirect with the auth code.\n * Resolves (or rejects after timeout) when Vercel redirects back.\n */\nexport async function startPkceFlow(timeoutMs = 120_000): Promise<{\n code: string;\n codeVerifier: string;\n}> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const authUrl = new URL(AUTH_ENDPOINT);\n authUrl.searchParams.set(\"client_id\", CLIENT_ID);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"redirect_uri\", REDIRECT_URI);\n authUrl.searchParams.set(\"scope\", SCOPES);\n authUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n authUrl.searchParams.set(\"state\", state);\n\n const url = authUrl.toString();\n const codePromise = listenForCallback(state, timeoutMs);\n openBrowser(url);\n // Always print the URL — browser open may fail silently\n process.stderr.write(`\\nIf the browser did not open, visit:\\n ${url}\\n\\n`);\n\n const code = await codePromise;\n return { code, codeVerifier };\n}\n\nfunction listenForCallback(\n expectedState: string,\n timeoutMs: number,\n): Promise<string> {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost:${CALLBACK_PORT}`);\n if (url.pathname !== \"/callback\") {\n res.writeHead(404, { connection: \"close\" });\n res.end(\"Not found\");\n return;\n }\n\n const code = url.searchParams.get(\"code\");\n const returnedState = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n\n const html = (msg: string) =>\n `<html><body style=\"font-family:sans-serif;text-align:center;padding:80px\">` +\n `<h2>${msg}</h2><p>You can close this tab.</p></body></html>`;\n\n // Tell the browser to drop the socket so the server can shut down cleanly\n // and Node's event loop can exit once the callback returns.\n const headers = { \"content-type\": \"text/html\", connection: \"close\" };\n\n const finish = (\n next: () => void,\n body: string,\n status: number,\n ): void => {\n res.writeHead(status, headers);\n res.end(body, () => {\n clearTimeout(timer);\n server.closeAllConnections?.();\n server.close();\n next();\n });\n };\n\n if (error) {\n finish(\n () => reject(new Error(`OAuth error: ${error}`)),\n html(`Login failed: ${error}`),\n 400,\n );\n return;\n }\n\n if (returnedState !== expectedState) {\n finish(\n () => reject(new Error(\"State mismatch — possible CSRF\")),\n html(\"Invalid state parameter — please try again.\"),\n 400,\n );\n return;\n }\n\n if (!code) {\n finish(\n () => reject(new Error(\"No code in callback\")),\n html(\"No authorization code received.\"),\n 400,\n );\n return;\n }\n\n finish(\n () => resolve(code),\n html(\"✓ Logged in! You can close this tab.\"),\n 200,\n );\n });\n\n const timer = setTimeout(() => {\n server.closeAllConnections?.();\n server.close();\n reject(new Error(\"Login timed out — no response within 2 minutes.\"));\n }, timeoutMs);\n timer.unref();\n\n server.listen(CALLBACK_PORT, \"127.0.0.1\", () => {\n // Server is ready; browser will be opened by caller\n });\n\n server.on(\"error\", (err: NodeJS.ErrnoException) => {\n clearTimeout(timer);\n if (err.code === \"EADDRINUSE\") {\n reject(\n new Error(\n `Port ${CALLBACK_PORT} is already in use. Close any other agent-insights login process and try again.`,\n ),\n );\n } else {\n reject(err);\n }\n });\n });\n}\n\n// ---------------------------------------------------------------------------\n// Token exchange\n// ---------------------------------------------------------------------------\n\nexport async function exchangeCodeForToken(\n code: string,\n codeVerifier: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: CLIENT_ID,\n code,\n code_verifier: codeVerifier,\n redirect_uri: REDIRECT_URI,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token exchange failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function refreshAccessToken(\n refreshToken: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: CLIENT_ID,\n refresh_token: refreshToken,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token refresh failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function revokeToken(token: string): Promise<void> {\n await fetch(REVOKE_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({ token }),\n }).catch(() => {\n // best-effort — don't fail logout if revocation fails\n });\n}\n\nexport async function fetchUserInfo(accessToken: string): Promise<UserInfo> {\n const res = await fetch(USERINFO_ENDPOINT, {\n headers: { authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n throw new Error(`Failed to fetch user info (${res.status})`);\n }\n return res.json() as Promise<UserInfo>;\n}\n\n/** Open a URL in the system browser. Fails silently — callers always print the URL too. */\nexport function openBrowser(url: string): void {\n const os = platform();\n let cmd: string;\n if (os === \"darwin\") cmd = `open \"${url}\"`;\n else if (os === \"win32\") cmd = `start \"\" \"${url}\"`;\n else cmd = `xdg-open \"${url}\"`;\n\n // Detach + unref so the child doesn't keep the event loop alive after login.\n const child = exec(cmd);\n child.on(\"error\", () => {\n // Silently ignore — caller has already printed the URL\n });\n child.unref();\n}\n"],"mappings":";;;AAAA,SAAS,kBAAkB;AAQpB,SAAS,OAAO,OAAuB;AAC5C,SAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAChE;AAGO,SAAS,UAAU,OAAe,SAAS,IAAY;AAC5D,SAAO,OAAO,KAAK,EAAE,MAAM,GAAG,MAAM;AACtC;;;ACTA,IAAM,iBAAsC,oBAAI,IAAI;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,oBAAoB;AAK1B,SAAS,aAAa,KAAqB;AACzC,SAAO,IAAI,YAAY,EAAE,QAAQ,YAAY,EAAE;AACjD;AAEA,SAAS,SAAS,OAAuB;AACvC,MAAI,MAAM,UAAU,kBAAmB,QAAO;AAC9C,SAAO,GAAG,MAAM,MAAM,GAAG,iBAAiB,CAAC;AAC7C;AAEA,SAAS,kBAAkB,OAAgD;AACzE,MAAI,UAAU,KAAM,QAAO;AAC3B,UAAQ,OAAO,OAAO;AAAA,IACpB,KAAK;AACH,aAAO,SAAS,KAAK;AAAA,IACvB,KAAK;AACH,aAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AAAA,IAC1C,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAUO,SAAS,SAAS,OAAyB;AAChD,SAAO,cAAc,KAAK;AAC5B;AAEA,SAAS,cAAc,OAAyB;AAC9C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,MAAiB,CAAC;AACxB,eAAW,QAAQ,OAAO;AACxB,YAAM,gBAAgB,cAAc,IAAI;AACxC,UAAI,kBAAkB,QAAW;AAC/B,YAAI,KAAK,aAAa;AAAA,MACxB;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAI,eAAe,IAAI,aAAa,MAAM,CAAC,GAAG;AAC5C;AAAA,MACF;AACA,UAAI,YAAY,OAAO,aAAa,UAAU;AAC5C,YAAI,MAAM,IAAI,cAAc,QAAQ;AAAA,MACtC,OAAO;AACL,cAAM,YAAY,kBAAkB,QAAQ;AAC5C,YAAI,cAAc,QAAW;AAC3B,cAAI,MAAM,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO,kBAAkB,KAAK;AAChC;;;ACxGA,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY;AAK9B,IAAM,oBAAoB;AAE1B,IAAM,WAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,kBAAkB;AAAA,EAClB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,aAAa;AACf;AAEO,IAAM,qBAA4C,OAAO,KAAK,QAAQ;AAYtE,IAAM,oBAA6B;AAAA,EACxC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAO,SAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAC9B,UAAM,YACJ,SAAS,KAAK,YAAY,CAAC,KAAK,SAAS,KAAK,WAAW,CAAC;AAC5D,UAAM,WACJ,SAAS,KAAK,WAAW,CAAC,KAC1B,SAAS,KAAK,UAAU,CAAC,KACzB,SAAU,KAAK,MAAM,IAA4C,MAAM,CAAC;AAC1E,UAAM,iBACJ,SAAS,KAAK,iBAAiB,CAAC,KAAK,SAAS,KAAK,gBAAgB,CAAC;AAEtE,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,UAAM,OAAuB,EAAE,GAAI,YAAY,CAAC,EAAG;AACnD,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK;AAAA,QACZ,MAAM;AAAA,QACN,SAAS,GAAG,iBAAiB,SAAS,KAAK;AAAA,MAC7C,CAAC;AACD,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAM,MAAM,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAM;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAM,uBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACb,KAAK,QAAQ,GAAG,WAAW,eAAe,IAC1C,KAAK,UAAU,WAAW,eAAe;AAC/C;AAEA,SAAS,uBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAG,iBAAiB,OAAO;AACnD;AAEA,eAAe,SAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAM,SAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACjJA,SAAS,SAAAA,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,WAAAC,UAAS,QAAAC,aAAY;AAK9B,IAAMC,qBAAoB;AAM1B,IAAMC,YAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,YAAY;AAAA;AAAA,EAEZ,sBAAsB;AAAA,EACtB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,eAAe;AACjB;AAEO,IAAM,qBAA4C,OAAO,KAAKA,SAAQ;AAatE,IAAM,gBAAyB;AAAA,EACpC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAOA,UAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9B,UAAM,YACJC,UAAS,KAAK,YAAY,CAAC,KAC3BA,UAAS,KAAK,WAAW,CAAC,KAC1BA,UAAS,KAAK,iBAAiB,CAAC;AAClC,UAAM,WAAWA,UAAS,KAAK,WAAW,CAAC,KAAKA,UAAS,KAAK,UAAU,CAAC;AAGzE,UAAM,iBACJA,UAAS,KAAK,iBAAiB,CAAC,KAChCA,UAAS,KAAK,gBAAgB,CAAC,KAC/BA,UAAS,QAAQ,IAAI,sBAAsB;AAE7C,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMC,UAA4B,IAAI;AACvD,UAAM,OAA0B;AAAA,MAC9B,SAAS;AAAA,MACT,GAAI,YAAY,CAAC;AAAA,IACnB;AACA,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK,EAAE,SAAS,GAAGJ,kBAAiB,SAAS,KAAK,GAAG,CAAC;AAC/D,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAMN,OAAMI,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAMF,WAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMO,UAA4B,IAAI;AACvD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAMR,WAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAMO;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAMC,wBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACbL,MAAKF,SAAQ,GAAG,WAAW,YAAY,IACvCE,MAAK,UAAU,WAAW,YAAY;AAC5C;AAEA,SAASK,wBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAGJ,kBAAiB,OAAO;AACnD;AAEA,eAAeG,UAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMR,UAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAASO,UAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACvJO,IAAM,WAAqC;AAAA,EAChD,eAAe;AAAA,EACf,QAAQ;AACV;AAEO,IAAM,cAAsC,OAAO,OAAO,QAAQ;AAElE,SAAS,WAAW,IAAsB;AAC/C,SAAO,SAAS,EAAE;AACpB;;;ACbA,SAAS,SAAAG,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;;;ACDxB,SAAS,WAAAC,gBAAe;AACxB,SAAS,QAAAC,aAAY;AAGd,SAAS,aAAqB;AACnC,SAAO,QAAQ,IAAI,uBAAuBA,MAAKD,SAAQ,GAAG,iBAAiB;AAC7E;AAEO,SAAS,aAAqB;AACnC,SAAOC,MAAK,WAAW,GAAG,aAAa;AACzC;AAQO,SAAS,WAAmB;AACjC,SAAOC,MAAK,WAAW,GAAG,WAAW;AACvC;AAEO,SAAS,kBAA0B;AACxC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,UAAkB;AAChC,SAAOA,MAAK,WAAW,GAAG,MAAM;AAClC;;;ADuCO,SAAS,gBAAqC;AACnD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA,aAAa;AAAA,MACX,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,IACnB;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,QAAQ,IAAI,gCAAgC;AAAA,MACtD,SAAS,CAAC;AAAA,MACV,SAAS;AAAA,IACX;AAAA,IACA,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIf,MAAM;AAAA,IACR;AAAA,IACA,iBAAiB;AAAA,MACf,SAAS;AAAA,MACT,aAAa,QAAQ,IAAI,+BAA+B;AAAA,MACxD,iBAAiB;AAAA,IACnB;AAAA,IACA,QAAQ;AAAA,MACN,YAAY,EAAE,SAAS,MAAM;AAAA,MAC7B,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,mBAAmB;AAAA,MACnB,qBAAqB;AAAA,IACvB;AAAA,EACF;AACF;AAEA,eAAsB,aAAuD;AAC3E,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,WAAW,GAAG,MAAM;AAC/C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,YAAY,cAAc,GAAG,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,WAAW,KAAyC;AACxE,QAAM,WAAW;AACjB,QAAMC,WAAU,WAAW,GAAG,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAC3E;AAEA,eAAsB,aAA4B;AAChD,QAAMC,OAAMC,SAAQ,WAAW,CAAC,GAAG,EAAE,WAAW,KAAK,CAAC;AACtD,QAAMD,OAAM,gBAAgB,GAAG,EAAE,WAAW,KAAK,CAAC;AAClD,QAAMA,OAAM,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C;AAEA,SAAS,YACP,MACA,OACqB;AACrB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,IACH,QAAQ,EAAE,GAAG,KAAK,QAAQ,GAAI,MAAM,UAAU,CAAC,EAAG;AAAA,IAClD,aAAa,EAAE,GAAG,KAAK,aAAa,GAAI,MAAM,eAAe,CAAC,EAAG;AAAA,IACjE,UAAU,EAAE,GAAG,KAAK,UAAU,GAAI,MAAM,YAAY,CAAC,EAAG;AAAA,IACxD,iBAAkB,MAAM,mBACtB,KAAK;AAAA,IACP,iBAAiB;AAAA,MACf,GAAG,KAAK;AAAA,MACR,GAAI,MAAM,mBAAmB,CAAC;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,MACN,YAAY;AAAA,QACV,GAAG,KAAK,OAAO;AAAA,QACf,GAAI,MAAM,QAAQ,cAAc,CAAC;AAAA,MACnC;AAAA,MACA,QAAQ,EAAE,GAAG,KAAK,OAAO,QAAQ,GAAI,MAAM,QAAQ,UAAU,CAAC,EAAG;AAAA,IACnE;AAAA,IACA,SAAS,KAAK;AAAA,EAChB;AACF;;;AE9JA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,WAAW;;;ACDpB,SAAS,OAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,SAAAC,cAAa;;;ACFtB,SAAS,cAAAC,aAAY,mBAAmB;AACxC,SAAS,YAAY;AACrB,SAAS,oBAAoB;AAC7B,SAAS,gBAAgB;AAMlB,IAAM,YACX,QAAQ,IAAI,4BAA4B;AAG1C,IAAM,iBAAiB;AAKvB,IAAM,gBAAgB;AACf,IAAM,eAAe,oBAAoB,aAAa;AA0M7D,eAAsB,mBACpB,cACwB;AACxB,QAAM,MAAM,MAAM,MAAM,gBAAgB;AAAA,IACtC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,IAAI,EAAE;AAAA,EACjE;AACA,SAAO,IAAI,KAAK;AAClB;;;ADhOA,IAAM,oBAAoB;AAE1B,eAAsB,WAA2C;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,SAAS,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QAAI,OAAO,OAAO,gBAAgB,YAAY,OAAO,YAAY,SAAS,GAAG;AAC3E,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,SAAS,OAAiC;AAC9D,QAAM,OAAO,SAAS;AACtB,QAAMC,OAAMC,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,QAAMC,WAAU,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM;AAAA,IAC3D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,MAAI;AACF,UAAM,MAAM,MAAM,GAAK;AAAA,EACzB,QAAQ;AAAA,EAER;AACF;AAEA,eAAsB,YAA2B;AAC/C,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,aAAkB;AAClD,MAAI;AACF,UAAM,OAAO,SAAS,CAAC;AAAA,EACzB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAMA,eAAsB,gBAA6C;AACjE,QAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,KAAM,QAAO;AAElB,QAAM,eAAe,KAAK,IAAI,KAAK,KAAK,YAAY;AACpD,MAAI,CAAC,aAAc,QAAO,KAAK;AAE/B,MAAI,CAAC,KAAK,cAAc;AAEtB,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,KAAK,YAAY;AACzD,UAAM,YAAuB;AAAA,MAC3B,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO,iBAAiB,KAAK;AAAA,MAC3C,WAAW,KAAK,IAAI,IAAI,OAAO,aAAa;AAAA,IAC9C;AACA,UAAM,SAAS,SAAS;AACxB,WAAO,UAAU;AAAA,EACnB,QAAQ;AAEN,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AACF;;;ADxDA,IAAM,sBAAN,MAAqD;AAAA,EACnD,MAAM,SAA0C;AAC9C,UAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAAA,EACA,MAAM,OAA+C;AACnD,WAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B;AAAA,EAC1D;AACF;AAEA,IAAM,sBAAN,MAAqD;AAAA,EACnD,YACmB,OACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,OAAO,OAA+D;AAC1E,UAAM,OAAO,MAAMC,UAAS,MAAM,cAAc;AAChD,UAAM,gBAAgB;AAAA,MACpB,KAAK;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AACA,UAAM,OAAO,MAAM,IAAI,eAAe,MAAM;AAAA,MAC1C,QAAQ;AAAA,MACR,OAAO,KAAK;AAAA,MACZ,aAAa;AAAA,MACb,iBAAiB;AAAA,IACnB,CAAC;AACD,WAAO,EAAE,UAAU,KAAK,UAAU,KAAK,KAAK,KAAK,MAAM,KAAK,WAAW;AAAA,EACzE;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,MAAO,QAAO,EAAE,IAAI,OAAO,QAAQ,gBAAgB;AAC7D,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAQA,IAAM,0BAAN,MAAyD;AAAA,EACvD,YAA6B,aAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA,EAE7B,MAAM,OAAO,OAA+D;AAC1E,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,OAAO,MAAMA,UAAS,MAAM,cAAc;AAChD,UAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,eAAe,UAAU,KAAK;AAAA,QAC9B,gBAAgB;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,WAAW,MAAM;AAAA,QACjB,eAAe,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,YAAM,IAAI;AAAA,QACR,6BAA6B,IAAI,MAAM,MAAM,QAAQ,IAAI,UAAU;AAAA,MACrE;AAAA,IACF;AACA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAO7B,QAAI,CAAC,KAAK,MAAM,CAAC,KAAK,WAAW,CAAC,KAAK,UAAU;AAC/C,YAAM,IAAI,MAAM,4BAA4B,KAAK,SAAS,SAAS,EAAE;AAAA,IACvE;AACA,WAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,KAAK,KAAK;AAAA,MACV,MAAM,KAAK,QAAQ,KAAK;AAAA,IAC1B;AAAA,EACF;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AACA,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AACA,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAEO,SAAS,sBACd,KACiB;AACjB,MAAI,IAAI,SAAS,OAAQ,QAAO,IAAI,oBAAoB;AACxD,MAAI,IAAI,SAAS,YAAY;AAC3B,UAAM,cAAc,QAAQ,IAAI,+BAA+B;AAC/D,WAAO,IAAI,wBAAwB,WAAW;AAAA,EAChD;AAEA,QAAM,QAAQ,QAAQ,IAAI,IAAI,QAAQ;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR,yBAAyB,IAAI,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,IAAI,oBAAoB,OAAO,IAAI,MAAM;AAClD;AAEA,SAAS,cACP,QACA,UACA,WACQ;AACR,QAAM,aAAa,OAAO,SAAS,GAAG,IAAI,SAAS,GAAG,MAAM;AAC5D,QAAM,cAAc,mBAAmB,SAAS;AAChD,SAAO,GAAG,UAAU,GAAG,QAAQ,IAAI,WAAW;AAChD;","names":["mkdir","readFile","writeFile","homedir","dirname","join","HOOK_COMMAND_NAME","HOOK_MAP","asString","readJson","isAgentInsightsCommand","mkdir","readFile","writeFile","dirname","homedir","join","join","readFile","writeFile","mkdir","dirname","readFile","readFile","writeFile","dirname","mkdir","createHash","readFile","mkdir","dirname","writeFile","readFile"]}
|
|
1
|
+
{"version":3,"sources":["../src/privacy/hash.ts","../src/privacy/sanitize.ts","../src/adapters/claude-code.ts","../src/adapters/cursor.ts","../src/adapters/registry.ts","../src/config/config.ts","../src/config/analyzer.ts","../src/config/paths.ts","../src/transcript/store.ts","../src/auth/store.ts","../src/auth/oauth.ts","../src/config/bypass.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\n/**\n * Stable SHA-256 hash of a value, hex-encoded.\n *\n * Used to anonymize usernames, repo remote URLs, workspace paths, and\n * session identifiers before they leave the machine.\n */\nexport function sha256(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n/** Short prefix of `sha256(value)` for human-readable dashboards. */\nexport function shortHash(value: string, length = 12): string {\n return sha256(value).slice(0, length);\n}\n","/**\n * Keys that must never appear in any payload that leaves the machine.\n *\n * Matching is case-insensitive and snake_case/camelCase agnostic — we strip a\n * key if its normalized form equals one of these values.\n */\nconst FORBIDDEN_KEYS: ReadonlySet<string> = new Set([\n \"prompt\",\n \"prompts\",\n \"message\",\n \"messages\",\n \"content\",\n \"text\",\n \"transcript\",\n \"toolinput\",\n \"input\",\n \"arguments\",\n \"args\",\n \"params\",\n \"file\",\n \"filecontent\",\n \"filecontents\",\n \"diff\",\n \"patch\",\n \"secret\",\n \"secrets\",\n \"token\",\n \"apikey\",\n \"authorization\",\n \"password\",\n \"credentials\",\n]);\n\nconst MAX_STRING_LENGTH = 256;\n\n/** Allowed primitive value types in sanitized metadata. */\nexport type SanitizedPrimitive = string | number | boolean | null;\n\nfunction normalizeKey(key: string): string {\n return key.toLowerCase().replace(/[_\\-\\s]/g, \"\");\n}\n\nfunction truncate(value: string): string {\n if (value.length <= MAX_STRING_LENGTH) return value;\n return `${value.slice(0, MAX_STRING_LENGTH)}…[truncated]`;\n}\n\nfunction sanitizePrimitive(value: unknown): SanitizedPrimitive | undefined {\n if (value === null) return null;\n switch (typeof value) {\n case \"string\":\n return truncate(value);\n case \"number\":\n return Number.isFinite(value) ? value : null;\n case \"boolean\":\n return value;\n default:\n return undefined;\n }\n}\n\n/**\n * Recursively remove forbidden keys from an arbitrary payload.\n *\n * Returned shape:\n * - Objects keep allowed primitive fields (truncated to {@link MAX_STRING_LENGTH}).\n * - Arrays keep allowed primitive elements; nested objects/arrays are recursed.\n * - Non-primitive, non-container values (functions, symbols, Buffers, …) are dropped.\n */\nexport function sanitize(input: unknown): unknown {\n return sanitizeInner(input);\n}\n\nfunction sanitizeInner(value: unknown): unknown {\n if (Array.isArray(value)) {\n const out: unknown[] = [];\n for (const item of value) {\n const sanitizedItem = sanitizeInner(item);\n if (sanitizedItem !== undefined) {\n out.push(sanitizedItem);\n }\n }\n return out;\n }\n\n if (value && typeof value === \"object\") {\n const out: Record<string, unknown> = {};\n for (const [rawKey, rawValue] of Object.entries(value)) {\n if (FORBIDDEN_KEYS.has(normalizeKey(rawKey))) {\n continue;\n }\n if (rawValue && typeof rawValue === \"object\") {\n out[rawKey] = sanitizeInner(rawValue);\n } else {\n const primitive = sanitizePrimitive(rawValue);\n if (primitive !== undefined) {\n out[rawKey] = primitive;\n }\n }\n }\n return out;\n }\n\n return sanitizePrimitive(value);\n}\n\nexport const __testing = { FORBIDDEN_KEYS, normalizeKey };\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\nconst HOOK_MAP: Record<string, AgentEventType> = {\n SessionStart: \"session.start\",\n SessionEnd: \"session.end\",\n UserPromptSubmit: \"user.prompt.submit\",\n PreToolUse: \"tool.start\",\n PostToolUse: \"tool.end\",\n PostToolUseFailure: \"tool.failure\",\n PermissionRequest: \"permission.request\",\n PermissionDenied: \"permission.denied\",\n SubagentStart: \"subagent.start\",\n SubagentStop: \"subagent.end\",\n Stop: \"agent.stop\",\n Notification: \"notification\",\n PreCompact: \"context.compact.start\",\n PostCompact: \"context.compact.end\",\n};\n\nexport const CLAUDE_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype ClaudeHookEntry = {\n type: \"command\";\n command: string;\n};\n\ntype ClaudeSettings = {\n hooks?: Record<string, ClaudeHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const claudeCodeAdapter: Adapter = {\n id: \"claude-code\",\n agent: \"claude-code\",\n label: \"Claude Code\",\n settingsFile: \".claude/settings.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n const sessionId =\n asString(data[\"session_id\"]) ?? asString(data[\"sessionId\"]);\n const toolName =\n asString(data[\"tool_name\"]) ??\n asString(data[\"toolName\"]) ??\n asString((data[\"tool\"] as Record<string, unknown> | undefined)?.[\"name\"]);\n const transcriptPath =\n asString(data[\"transcript_path\"]) ?? asString(data[\"transcriptPath\"]);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n const next: ClaudeSettings = { ...(settings ?? {}) };\n const hooks: Record<string, ClaudeHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CLAUDE_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({\n type: \"command\",\n command: `${HOOK_COMMAND_NAME} hook ${event}`,\n });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveClaudePath(repoRoot, scope);\n const settings = await readJson<ClaudeSettings>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<ClaudeSettings>(\n resolveClaudePath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveClaudePath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".claude\", \"settings.json\")\n : join(repoRoot, \".claude\", \"settings.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nimport type { HooksScope } from \"../config/config.js\";\nimport type { AgentEventType } from \"../types.js\";\nimport type { Adapter, HookPayload, MappedEvent } from \"./types.js\";\n\nconst HOOK_COMMAND_NAME = \"agent-insights\";\n\n/**\n * Cursor native hook names (camelCase) → common schema. Reference:\n * https://cursor.com/docs/hooks\n */\nconst HOOK_MAP: Record<string, AgentEventType> = {\n sessionStart: \"session.start\",\n sessionEnd: \"session.end\",\n beforeSubmitPrompt: \"user.prompt.submit\",\n preToolUse: \"tool.start\",\n postToolUse: \"tool.end\",\n postToolUseFailure: \"tool.failure\",\n subagentStart: \"subagent.start\",\n subagentStop: \"subagent.end\",\n stop: \"agent.stop\",\n preCompact: \"context.compact.start\",\n // Additional events — mapped to existing schema types\n beforeShellExecution: \"tool.start\",\n afterShellExecution: \"tool.end\",\n afterFileEdit: \"tool.end\",\n workspaceOpen: \"session.start\",\n};\n\nexport const CURSOR_HOOK_EVENTS: ReadonlyArray<string> = Object.keys(HOOK_MAP);\n\ntype CursorHookEntry = {\n command: string;\n};\n\ntype CursorHooksConfig = {\n /** Cursor expects schema version 1 at the top level. */\n version?: number;\n hooks?: Record<string, CursorHookEntry[]>;\n [key: string]: unknown;\n};\n\nexport const cursorAdapter: Adapter = {\n id: \"cursor\",\n agent: \"cursor\",\n label: \"Cursor\",\n settingsFile: \".cursor/hooks.json\",\n\n map(payload: HookPayload): MappedEvent | undefined {\n const type = HOOK_MAP[payload.event];\n if (!type) return undefined;\n\n const data = payload.data ?? {};\n // Cursor uses `session_id` in payloads and is identical to `conversation_id`.\n const sessionId =\n asString(data[\"session_id\"]) ??\n asString(data[\"sessionId\"]) ??\n asString(data[\"conversation_id\"]);\n const toolName = asString(data[\"tool_name\"]) ?? asString(data[\"toolName\"]);\n\n // transcript_path is confirmed in all Cursor hook payloads.\n const transcriptPath =\n asString(data[\"transcript_path\"]) ??\n asString(data[\"transcriptPath\"]) ??\n asString(process.env.CURSOR_TRANSCRIPT_PATH);\n\n return {\n type,\n ...(sessionId !== undefined ? { sessionId } : {}),\n ...(toolName !== undefined ? { toolName } : {}),\n ...(transcriptPath !== undefined ? { transcriptPath } : {}),\n };\n },\n\n async install(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n const next: CursorHooksConfig = {\n version: 1,\n ...(settings ?? {}),\n };\n const hooks: Record<string, CursorHookEntry[]> = { ...(next.hooks ?? {}) };\n\n for (const event of CURSOR_HOOK_EVENTS) {\n const existing = (hooks[event] ?? []).filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n existing.push({ command: `${HOOK_COMMAND_NAME} hook ${event}` });\n hooks[event] = existing;\n }\n\n next.hooks = hooks;\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(next, null, 2)}\\n`, \"utf8\");\n return { written: true, path };\n },\n\n async uninstall(repoRoot: string, scope: HooksScope = \"global\") {\n const path = resolveCursorPath(repoRoot, scope);\n const settings = await readJson<CursorHooksConfig>(path);\n if (!settings?.hooks) return { removed: false, path };\n const hooks = { ...settings.hooks };\n let touched = false;\n for (const [event, entries] of Object.entries(hooks)) {\n const filtered = entries.filter(\n (h) => !isAgentInsightsCommand(h.command),\n );\n if (filtered.length !== entries.length) touched = true;\n if (filtered.length === 0) {\n delete hooks[event];\n } else {\n hooks[event] = filtered;\n }\n }\n settings.hooks = hooks;\n await writeFile(path, `${JSON.stringify(settings, null, 2)}\\n`, \"utf8\");\n return { removed: touched, path };\n },\n\n async isInstalled(repoRoot: string, scope: HooksScope = \"global\") {\n const settings = await readJson<CursorHooksConfig>(\n resolveCursorPath(repoRoot, scope),\n );\n if (!settings?.hooks) return false;\n return Object.values(settings.hooks).some((entries) =>\n entries.some((h) => isAgentInsightsCommand(h.command)),\n );\n },\n};\n\nfunction resolveCursorPath(repoRoot: string, scope: HooksScope): string {\n return scope === \"global\"\n ? join(homedir(), \".cursor\", \"hooks.json\")\n : join(repoRoot, \".cursor\", \"hooks.json\");\n}\n\nfunction isAgentInsightsCommand(cmd: string | undefined): boolean {\n if (!cmd) return false;\n return cmd.startsWith(`${HOOK_COMMAND_NAME} hook`);\n}\n\nasync function readJson<T>(path: string): Promise<T | undefined> {\n try {\n const raw = await readFile(path, \"utf8\");\n return JSON.parse(raw) as T;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nfunction asString(v: unknown): string | undefined {\n return typeof v === \"string\" && v.length > 0 ? v : undefined;\n}\n","import { claudeCodeAdapter } from \"./claude-code.js\";\nimport { cursorAdapter } from \"./cursor.js\";\nimport type { Adapter, AgentId } from \"./types.js\";\n\nexport const adapters: Record<AgentId, Adapter> = {\n \"claude-code\": claudeCodeAdapter,\n cursor: cursorAdapter,\n};\n\nexport const adapterList: ReadonlyArray<Adapter> = Object.values(adapters);\n\nexport function getAdapter(id: AgentId): Adapter {\n return adapters[id];\n}\n","import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { getAnalyzerUrl } from \"./analyzer.js\";\nimport { configFile, logsDir, sessionCacheDir } from \"./paths.js\";\n\nexport type ExporterConfig = {\n type: \"otlp\";\n endpoint: string;\n headers: Record<string, string>;\n dataset: string;\n};\n\nexport type HooksScope = \"global\" | \"local\";\n\nexport type TranscriptStoreConfig =\n | {\n /** Upload via analyzer API using AGENT_INSIGHTS_API_KEY (preferred). */\n type: \"analyzer\";\n }\n | {\n /** Direct upload with a Blob RW token (legacy / advanced). */\n type: \"blob\";\n tokenEnv: string;\n prefix: string;\n }\n | {\n type: \"none\";\n };\n\nexport type SessionAnalysisConfig = {\n /** Server-side enablement; user opts in via `userConsent.sessionAnalysis`. */\n enabled: boolean;\n /** Analyzer endpoint base URL. CLI POSTs to `${analyzerUrl}/api/sessions`. */\n analyzerUrl: string;\n /** GitHub repo for pre-filled new-issue URLs (display only; constructed by analyzer). */\n githubIssueRepo: string;\n};\n\nexport type AgentConfig = {\n enabled: boolean;\n};\n\nexport type AgentInsightsConfig = {\n version: 1;\n enabled: boolean;\n /** Where agent hook entries are written. Default `global` (user home). */\n hooksScope: HooksScope;\n vercel: {\n team: string;\n project: string;\n };\n userConsent: {\n eventTelemetry: boolean;\n transcriptSync: boolean;\n sessionAnalysis: boolean;\n };\n exporter: ExporterConfig;\n transcriptStore: TranscriptStoreConfig;\n sessionAnalysis: SessionAnalysisConfig;\n agents: Record<\"claudeCode\" | \"cursor\", AgentConfig>;\n privacy: {\n capturePrompts: false;\n captureMessages: false;\n captureToolInputs: false;\n captureFileContents: false;\n };\n};\n\nexport function defaultConfig(): AgentInsightsConfig {\n return {\n version: 1,\n enabled: true,\n hooksScope: \"global\",\n vercel: {\n team: \"vercel-labs\",\n project: \"agent-insights\",\n },\n userConsent: {\n eventTelemetry: false,\n transcriptSync: false,\n sessionAnalysis: false,\n },\n exporter: {\n type: \"otlp\",\n endpoint: process.env.AGENT_INSIGHTS_OTEL_ENDPOINT ?? \"\",\n headers: {},\n dataset: \"agent-insights\",\n },\n transcriptStore: {\n // Upload via the analyzer using the SiwV bearer token — no client-side\n // Blob token required. Set `transcriptStore.type` to \"blob\" in\n // config.json to switch to direct uploads with BLOB_READ_WRITE_TOKEN.\n type: \"analyzer\",\n },\n sessionAnalysis: {\n enabled: false,\n analyzerUrl: getAnalyzerUrl(),\n githubIssueRepo: \"vercel-labs/agent-insights\",\n },\n agents: {\n claudeCode: { enabled: false },\n cursor: { enabled: false },\n },\n privacy: {\n capturePrompts: false,\n captureMessages: false,\n captureToolInputs: false,\n captureFileContents: false,\n },\n };\n}\n\nexport async function loadConfig(): Promise<AgentInsightsConfig | undefined> {\n try {\n const raw = await readFile(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AgentInsightsConfig>;\n return mergeConfig(defaultConfig(), parsed);\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveConfig(cfg: AgentInsightsConfig): Promise<void> {\n await ensureDirs();\n await writeFile(configFile(), `${JSON.stringify(cfg, null, 2)}\\n`, \"utf8\");\n}\n\nexport async function ensureDirs(): Promise<void> {\n await mkdir(dirname(configFile()), { recursive: true });\n await mkdir(sessionCacheDir(), { recursive: true });\n await mkdir(logsDir(), { recursive: true });\n}\n\nfunction mergeConfig(\n base: AgentInsightsConfig,\n patch: Partial<AgentInsightsConfig>,\n): AgentInsightsConfig {\n return {\n ...base,\n ...patch,\n vercel: { ...base.vercel, ...(patch.vercel ?? {}) },\n userConsent: { ...base.userConsent, ...(patch.userConsent ?? {}) },\n exporter: { ...base.exporter, ...(patch.exporter ?? {}) },\n transcriptStore: (patch.transcriptStore ??\n base.transcriptStore) as TranscriptStoreConfig,\n sessionAnalysis: {\n ...base.sessionAnalysis,\n ...(patch.sessionAnalysis ?? {}),\n },\n agents: {\n claudeCode: {\n ...base.agents.claudeCode,\n ...(patch.agents?.claudeCode ?? {}),\n },\n cursor: { ...base.agents.cursor, ...(patch.agents?.cursor ?? {}) },\n },\n privacy: base.privacy,\n };\n}\n","/**\n * Production analyzer deployment. Override via AGENT_INSIGHTS_ANALYZER_URL\n * for local/dev/staging analyzers.\n */\nexport const DEFAULT_ANALYZER_URL = \"https://agent-insights.labs.vercel.dev\";\n\n/** Resolve the analyzer base URL: env var if set, otherwise the prod default. */\nexport function getAnalyzerUrl(): string {\n return process.env.AGENT_INSIGHTS_ANALYZER_URL || DEFAULT_ANALYZER_URL;\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\n/** Root directory for agent-insights state. Honors `AGENT_INSIGHTS_HOME`. */\nexport function configRoot(): string {\n return process.env.AGENT_INSIGHTS_HOME ?? join(homedir(), \".agent-insights\");\n}\n\nexport function configFile(): string {\n return join(configRoot(), \"config.json\");\n}\n\n/** API key storage (`chmod 600`). Not checked into git. */\nexport function credentialsFile(): string {\n return join(configRoot(), \"credentials.json\");\n}\n\n/** OAuth token storage (`chmod 600`). Not checked into git. */\nexport function authFile(): string {\n return join(configRoot(), \"auth.json\");\n}\n\n/** Vercel deployment-protection bypass secret (`chmod 600`). */\nexport function bypassSecretFile(): string {\n return join(configRoot(), \"bypass-secret\");\n}\n\nexport function sessionCacheDir(): string {\n return join(configRoot(), \"session-cache\");\n}\n\nexport function logsDir(): string {\n return join(configRoot(), \"logs\");\n}\n\nexport const CLAUDE_SETTINGS_FILE = \".claude/settings.json\";\nexport const CURSOR_HOOKS_FILE = \".cursor/hooks.json\";\n\n/** User-level Claude Code settings (hooks apply in every repo). */\nexport function claudeUserSettingsPath(): string {\n return join(homedir(), \".claude\", \"settings.json\");\n}\n\n/** User-level Cursor hooks (hooks apply in every project). */\nexport function cursorUserHooksPath(): string {\n return join(homedir(), \".cursor\", \"hooks.json\");\n}\n","import { readFile } from \"node:fs/promises\";\nimport { put } from \"@vercel/blob\";\nimport { getValidToken } from \"../auth/store.js\";\nimport { getAnalyzerUrl } from \"../config/analyzer.js\";\nimport { withBypassHeader } from \"../config/bypass.js\";\nimport type { TranscriptStoreConfig } from \"../config/config.js\";\n\nexport type TranscriptUploadInput = {\n /** Absolute path on disk to the transcript file. */\n transcriptPath: string;\n /** SHA256-hashed user identifier. Used in the upload pathname. */\n userHash: string;\n /** Session identifier supplied by the agent. */\n sessionId: string;\n /** Agent name (e.g. \"claude-code\"). */\n agent: string;\n};\n\nexport type TranscriptUploadResult = {\n pathname: string;\n url: string;\n size: number;\n};\n\nexport interface TranscriptStore {\n upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult>;\n /** Lightweight health check used by `doctor`. */\n ping(): Promise<{ ok: true } | { ok: false; reason: string }>;\n}\n\nclass NoopTranscriptStore implements TranscriptStore {\n async upload(): Promise<TranscriptUploadResult> {\n throw new Error(\"transcript store disabled (transcriptStore.type=none)\");\n }\n async ping(): Promise<{ ok: false; reason: string }> {\n return { ok: false, reason: \"transcript store disabled\" };\n }\n}\n\nclass BlobTranscriptStore implements TranscriptStore {\n constructor(\n private readonly token: string,\n private readonly prefix: string,\n ) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const body = await readFile(input.transcriptPath);\n const requestedPath = buildPathname(\n this.prefix,\n input.userHash,\n input.sessionId,\n );\n const blob = await put(requestedPath, body, {\n access: \"private\",\n token: this.token,\n contentType: \"application/jsonl\",\n addRandomSuffix: true,\n });\n return { pathname: blob.pathname, url: blob.url, size: body.byteLength };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n if (!this.token) return { ok: false, reason: \"missing token\" };\n return { ok: true };\n }\n}\n\n/**\n * Uploads transcripts via the analyzer's POST /api/sessions/upload endpoint\n * using the Sign-in-with-Vercel bearer token. The analyzer then proxies the\n * write to Vercel Blob with its own server-side credentials, so this client\n * does not need a Blob read/write token.\n */\nclass AnalyzerTranscriptStore implements TranscriptStore {\n constructor(private readonly analyzerUrl: string) {}\n\n async upload(input: TranscriptUploadInput): Promise<TranscriptUploadResult> {\n const token = await getValidToken();\n if (!token) {\n throw new Error(\n \"transcript store: not logged in — run `agent-insights login`\",\n );\n }\n const body = await readFile(input.transcriptPath);\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const headers = await withBypassHeader({\n authorization: `Bearer ${token}`,\n \"content-type\": \"application/jsonl\",\n \"x-session-id\": input.sessionId,\n \"x-agent\": input.agent,\n \"x-user-hash\": input.userHash,\n });\n const res = await fetch(url, { method: \"POST\", headers, body });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `transcript upload failed (${res.status}): ${text || res.statusText}`,\n );\n }\n const json = (await res.json()) as {\n ok: boolean;\n blobUrl?: string;\n pathname?: string;\n size?: number;\n error?: string;\n };\n if (!json.ok || !json.blobUrl || !json.pathname) {\n throw new Error(`transcript upload error: ${json.error ?? \"unknown\"}`);\n }\n return {\n pathname: json.pathname,\n url: json.blobUrl,\n size: json.size ?? body.byteLength,\n };\n }\n\n async ping(): Promise<{ ok: true } | { ok: false; reason: string }> {\n const token = await getValidToken();\n if (!token) {\n return {\n ok: false,\n reason: \"not logged in — run `agent-insights login`\",\n };\n }\n // Try the actual upload endpoint with an intentionally bad request — a\n // healthy analyzer responds 400 (missing headers); a protection wall\n // responds 401/403 with HTML; an unreachable host throws.\n try {\n const url = new URL(\"/api/sessions/upload\", this.analyzerUrl).toString();\n const headers = await withBypassHeader({\n authorization: `Bearer ${token}`,\n });\n const res = await fetch(url, { method: \"POST\", headers });\n if (res.status === 400) return { ok: true };\n if (res.status === 401 || res.status === 403) {\n const ct = res.headers.get(\"content-type\") ?? \"\";\n if (ct.includes(\"text/html\")) {\n return {\n ok: false,\n reason:\n \"blocked by Vercel deployment protection — set a bypass secret via `agent-insights init --bypass-secret <secret>`\",\n };\n }\n return { ok: false, reason: `analyzer rejected token (${res.status})` };\n }\n return { ok: false, reason: `unexpected status ${res.status}` };\n } catch (err) {\n return {\n ok: false,\n reason: `analyzer unreachable: ${(err as Error).message}`,\n };\n }\n }\n}\n\nexport function createTranscriptStore(\n cfg: TranscriptStoreConfig,\n): TranscriptStore {\n if (cfg.type === \"none\") return new NoopTranscriptStore();\n if (cfg.type === \"analyzer\") {\n return new AnalyzerTranscriptStore(getAnalyzerUrl());\n }\n // type === \"blob\"\n const token = process.env[cfg.tokenEnv];\n if (!token) {\n throw new Error(\n `transcript store: env ${cfg.tokenEnv} is not set — run \\`agent-insights init --force\\` to switch to analyzer-proxied uploads (no token required), or \\`vercel env pull .env.local\\` to keep direct Blob uploads`,\n );\n }\n return new BlobTranscriptStore(token, cfg.prefix);\n}\n\nfunction buildPathname(\n prefix: string,\n userHash: string,\n sessionId: string,\n): string {\n const safePrefix = prefix.endsWith(\"/\") ? prefix : `${prefix}/`;\n const safeSession = encodeURIComponent(sessionId);\n return `${safePrefix}${userHash}/${safeSession}/transcript.jsonl`;\n}\n","import { chmod, readFile, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { mkdir } from \"node:fs/promises\";\nimport { authFile } from \"../config/paths.js\";\nimport { refreshAccessToken } from \"./oauth.js\";\n\nexport type AuthState = {\n accessToken: string;\n refreshToken?: string;\n /** Unix epoch milliseconds when the access token expires. */\n expiresAt: number;\n};\n\n/** How many ms before expiry we proactively refresh. */\nconst REFRESH_BUFFER_MS = 60_000;\n\nexport async function loadAuth(): Promise<AuthState | undefined> {\n try {\n const raw = await readFile(authFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<AuthState>;\n if (typeof parsed.accessToken === \"string\" && parsed.accessToken.length > 0) {\n return parsed as AuthState;\n }\n return undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveAuth(state: AuthState): Promise<void> {\n const path = authFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, `${JSON.stringify(state, null, 2)}\\n`, {\n encoding: \"utf8\",\n mode: 0o600,\n });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows doesn't support chmod — ignore\n }\n}\n\nexport async function clearAuth(): Promise<void> {\n const { unlink } = await import(\"node:fs/promises\");\n try {\n await unlink(authFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Returns a valid access token, refreshing silently if needed.\n * Returns `undefined` if not logged in or refresh fails (caller should prompt login).\n */\nexport async function getValidToken(): Promise<string | undefined> {\n const auth = await loadAuth();\n if (!auth) return undefined;\n\n const needsRefresh = Date.now() >= auth.expiresAt - REFRESH_BUFFER_MS;\n if (!needsRefresh) return auth.accessToken;\n\n if (!auth.refreshToken) {\n // Access token expired, no refresh token — clear and force re-login\n await clearAuth();\n return undefined;\n }\n\n try {\n const tokens = await refreshAccessToken(auth.refreshToken);\n const refreshed: AuthState = {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? auth.refreshToken,\n expiresAt: Date.now() + tokens.expires_in * 1000,\n };\n await saveAuth(refreshed);\n return refreshed.accessToken;\n } catch {\n // Refresh failed (revoked, expired beyond 30 days) — clear and force re-login\n await clearAuth();\n return undefined;\n }\n}\n","import { createHash, randomBytes } from \"node:crypto\";\nimport { exec } from \"node:child_process\";\nimport { createServer } from \"node:http\";\nimport { platform } from \"node:os\";\n\n// ---------------------------------------------------------------------------\n// OAuth app config — Sign-in-with-Vercel client ID (public, not a secret).\n// Override at runtime via AGENT_INSIGHTS_CLIENT_ID env var.\n// ---------------------------------------------------------------------------\nexport const CLIENT_ID =\n process.env.AGENT_INSIGHTS_CLIENT_ID ?? \"cl_TxqqNFTHcF9kEtM48LBFsYfwjhJ9T8sz\";\n\nconst AUTH_ENDPOINT = \"https://vercel.com/oauth/authorize\";\nconst TOKEN_ENDPOINT = \"https://api.vercel.com/login/oauth/token\";\nconst USERINFO_ENDPOINT = \"https://api.vercel.com/login/oauth/userinfo\";\nconst REVOKE_ENDPOINT = \"https://api.vercel.com/login/oauth/token/revoke\";\n\n// Fixed port — must match the redirect URI registered in the OAuth app.\nconst CALLBACK_PORT = 9797;\nexport const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}/callback`;\n\nconst SCOPES = \"openid email profile offline_access\";\n\nexport type TokenResponse = {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n token_type: string;\n id_token?: string;\n};\n\nexport type UserInfo = {\n sub: string;\n email: string;\n email_verified: boolean;\n name?: string;\n preferred_username?: string;\n picture?: string;\n};\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\nfunction generateCodeVerifier(): string {\n return randomBytes(48).toString(\"base64url\");\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n return createHash(\"sha256\").update(verifier).digest(\"base64url\");\n}\n\nfunction generateState(): string {\n return randomBytes(16).toString(\"hex\");\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code + PKCE flow\n// ---------------------------------------------------------------------------\n\nexport type AuthCodeResult =\n | { status: \"success\"; code: string; state: string }\n | { status: \"error\"; message: string };\n\n/**\n * Starts a localhost callback server, opens the Vercel authorization URL in\n * the browser, and waits for the redirect with the auth code.\n * Resolves (or rejects after timeout) when Vercel redirects back.\n */\nexport async function startPkceFlow(timeoutMs = 120_000): Promise<{\n code: string;\n codeVerifier: string;\n}> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const authUrl = new URL(AUTH_ENDPOINT);\n authUrl.searchParams.set(\"client_id\", CLIENT_ID);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"redirect_uri\", REDIRECT_URI);\n authUrl.searchParams.set(\"scope\", SCOPES);\n authUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n authUrl.searchParams.set(\"state\", state);\n\n const url = authUrl.toString();\n const codePromise = listenForCallback(state, timeoutMs);\n openBrowser(url);\n // Always print the URL — browser open may fail silently\n process.stderr.write(`\\nIf the browser did not open, visit:\\n ${url}\\n\\n`);\n\n const code = await codePromise;\n return { code, codeVerifier };\n}\n\nfunction listenForCallback(\n expectedState: string,\n timeoutMs: number,\n): Promise<string> {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost:${CALLBACK_PORT}`);\n if (url.pathname !== \"/callback\") {\n res.writeHead(404, { connection: \"close\" });\n res.end(\"Not found\");\n return;\n }\n\n const code = url.searchParams.get(\"code\");\n const returnedState = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n\n const html = (msg: string) =>\n `<html><body style=\"font-family:sans-serif;text-align:center;padding:80px\">` +\n `<h2>${msg}</h2><p>You can close this tab.</p></body></html>`;\n\n // Tell the browser to drop the socket so the server can shut down cleanly\n // and Node's event loop can exit once the callback returns.\n const headers = { \"content-type\": \"text/html\", connection: \"close\" };\n\n const finish = (\n next: () => void,\n body: string,\n status: number,\n ): void => {\n res.writeHead(status, headers);\n res.end(body, () => {\n clearTimeout(timer);\n server.closeAllConnections?.();\n server.close();\n next();\n });\n };\n\n if (error) {\n finish(\n () => reject(new Error(`OAuth error: ${error}`)),\n html(`Login failed: ${error}`),\n 400,\n );\n return;\n }\n\n if (returnedState !== expectedState) {\n finish(\n () => reject(new Error(\"State mismatch — possible CSRF\")),\n html(\"Invalid state parameter — please try again.\"),\n 400,\n );\n return;\n }\n\n if (!code) {\n finish(\n () => reject(new Error(\"No code in callback\")),\n html(\"No authorization code received.\"),\n 400,\n );\n return;\n }\n\n finish(\n () => resolve(code),\n html(\"✓ Logged in! You can close this tab.\"),\n 200,\n );\n });\n\n const timer = setTimeout(() => {\n server.closeAllConnections?.();\n server.close();\n reject(new Error(\"Login timed out — no response within 2 minutes.\"));\n }, timeoutMs);\n timer.unref();\n\n server.listen(CALLBACK_PORT, \"127.0.0.1\", () => {\n // Server is ready; browser will be opened by caller\n });\n\n server.on(\"error\", (err: NodeJS.ErrnoException) => {\n clearTimeout(timer);\n if (err.code === \"EADDRINUSE\") {\n reject(\n new Error(\n `Port ${CALLBACK_PORT} is already in use. Close any other agent-insights login process and try again.`,\n ),\n );\n } else {\n reject(err);\n }\n });\n });\n}\n\n// ---------------------------------------------------------------------------\n// Token exchange\n// ---------------------------------------------------------------------------\n\nexport async function exchangeCodeForToken(\n code: string,\n codeVerifier: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: CLIENT_ID,\n code,\n code_verifier: codeVerifier,\n redirect_uri: REDIRECT_URI,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token exchange failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function refreshAccessToken(\n refreshToken: string,\n): Promise<TokenResponse> {\n const res = await fetch(TOKEN_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: CLIENT_ID,\n refresh_token: refreshToken,\n }),\n });\n if (!res.ok) {\n const body = await res.text();\n throw new Error(`Token refresh failed (${res.status}): ${body}`);\n }\n return res.json() as Promise<TokenResponse>;\n}\n\nexport async function revokeToken(token: string): Promise<void> {\n await fetch(REVOKE_ENDPOINT, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({ token }),\n }).catch(() => {\n // best-effort — don't fail logout if revocation fails\n });\n}\n\nexport async function fetchUserInfo(accessToken: string): Promise<UserInfo> {\n const res = await fetch(USERINFO_ENDPOINT, {\n headers: { authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n throw new Error(`Failed to fetch user info (${res.status})`);\n }\n return res.json() as Promise<UserInfo>;\n}\n\n/** Open a URL in the system browser. Fails silently — callers always print the URL too. */\nexport function openBrowser(url: string): void {\n const os = platform();\n let cmd: string;\n if (os === \"darwin\") cmd = `open \"${url}\"`;\n else if (os === \"win32\") cmd = `start \"\" \"${url}\"`;\n else cmd = `xdg-open \"${url}\"`;\n\n // Detach + unref so the child doesn't keep the event loop alive after login.\n const child = exec(cmd);\n child.on(\"error\", () => {\n // Silently ignore — caller has already printed the URL\n });\n child.unref();\n}\n","import { chmod, mkdir, readFile, unlink, writeFile } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\nimport { bypassSecretFile } from \"./paths.js\";\n\n/**\n * Resolve the Vercel deployment-protection bypass secret.\n * Precedence:\n * 1. `AGENT_INSIGHTS_BYPASS_SECRET` (explicit override)\n * 2. `VERCEL_AUTOMATION_BYPASS_SECRET` (Vercel's standard env)\n * 3. `~/.agent-insights/bypass-secret` (set via `agent-insights init`)\n */\nexport async function loadBypassSecret(): Promise<string | undefined> {\n const fromEnv =\n process.env.AGENT_INSIGHTS_BYPASS_SECRET ||\n process.env.VERCEL_AUTOMATION_BYPASS_SECRET;\n if (fromEnv) return fromEnv;\n\n try {\n const raw = (await readFile(bypassSecretFile(), \"utf8\")).trim();\n return raw || undefined;\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code === \"ENOENT\") return undefined;\n throw err;\n }\n}\n\nexport async function saveBypassSecret(secret: string): Promise<void> {\n const path = bypassSecretFile();\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, secret.trim(), { encoding: \"utf8\", mode: 0o600 });\n try {\n await chmod(path, 0o600);\n } catch {\n // Windows — ignore.\n }\n}\n\nexport async function clearBypassSecret(): Promise<void> {\n try {\n await unlink(bypassSecretFile());\n } catch (err) {\n if ((err as NodeJS.ErrnoException).code !== \"ENOENT\") throw err;\n }\n}\n\n/**\n * Add the `x-vercel-protection-bypass` header onto an existing headers\n * object if a secret is configured. Mutates and returns the input.\n */\nexport async function withBypassHeader<T extends Record<string, string>>(\n headers: T,\n): Promise<T> {\n const secret = await loadBypassSecret();\n if (secret) {\n (headers as Record<string, string>)[\"x-vercel-protection-bypass\"] = secret;\n }\n return headers;\n}\n"],"mappings":";;;AAAA,SAAS,kBAAkB;AAQpB,SAAS,OAAO,OAAuB;AAC5C,SAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAChE;AAGO,SAAS,UAAU,OAAe,SAAS,IAAY;AAC5D,SAAO,OAAO,KAAK,EAAE,MAAM,GAAG,MAAM;AACtC;;;ACTA,IAAM,iBAAsC,oBAAI,IAAI;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,oBAAoB;AAK1B,SAAS,aAAa,KAAqB;AACzC,SAAO,IAAI,YAAY,EAAE,QAAQ,YAAY,EAAE;AACjD;AAEA,SAAS,SAAS,OAAuB;AACvC,MAAI,MAAM,UAAU,kBAAmB,QAAO;AAC9C,SAAO,GAAG,MAAM,MAAM,GAAG,iBAAiB,CAAC;AAC7C;AAEA,SAAS,kBAAkB,OAAgD;AACzE,MAAI,UAAU,KAAM,QAAO;AAC3B,UAAQ,OAAO,OAAO;AAAA,IACpB,KAAK;AACH,aAAO,SAAS,KAAK;AAAA,IACvB,KAAK;AACH,aAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AAAA,IAC1C,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAUO,SAAS,SAAS,OAAyB;AAChD,SAAO,cAAc,KAAK;AAC5B;AAEA,SAAS,cAAc,OAAyB;AAC9C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,MAAiB,CAAC;AACxB,eAAW,QAAQ,OAAO;AACxB,YAAM,gBAAgB,cAAc,IAAI;AACxC,UAAI,kBAAkB,QAAW;AAC/B,YAAI,KAAK,aAAa;AAAA,MACxB;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAI,eAAe,IAAI,aAAa,MAAM,CAAC,GAAG;AAC5C;AAAA,MACF;AACA,UAAI,YAAY,OAAO,aAAa,UAAU;AAC5C,YAAI,MAAM,IAAI,cAAc,QAAQ;AAAA,MACtC,OAAO;AACL,cAAM,YAAY,kBAAkB,QAAQ;AAC5C,YAAI,cAAc,QAAW;AAC3B,cAAI,MAAM,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO,kBAAkB,KAAK;AAChC;;;ACxGA,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY;AAK9B,IAAM,oBAAoB;AAE1B,IAAM,WAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,kBAAkB;AAAA,EAClB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,aAAa;AACf;AAEO,IAAM,qBAA4C,OAAO,KAAK,QAAQ;AAYtE,IAAM,oBAA6B;AAAA,EACxC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAO,SAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAC9B,UAAM,YACJ,SAAS,KAAK,YAAY,CAAC,KAAK,SAAS,KAAK,WAAW,CAAC;AAC5D,UAAM,WACJ,SAAS,KAAK,WAAW,CAAC,KAC1B,SAAS,KAAK,UAAU,CAAC,KACzB,SAAU,KAAK,MAAM,IAA4C,MAAM,CAAC;AAC1E,UAAM,iBACJ,SAAS,KAAK,iBAAiB,CAAC,KAAK,SAAS,KAAK,gBAAgB,CAAC;AAEtE,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,UAAM,OAAuB,EAAE,GAAI,YAAY,CAAC,EAAG;AACnD,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK;AAAA,QACZ,MAAM;AAAA,QACN,SAAS,GAAG,iBAAiB,SAAS,KAAK;AAAA,MAC7C,CAAC;AACD,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAM,MAAM,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAM,SAAyB,IAAI;AACpD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAAC,uBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAM,UAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAM;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAM,uBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACb,KAAK,QAAQ,GAAG,WAAW,eAAe,IAC1C,KAAK,UAAU,WAAW,eAAe;AAC/C;AAEA,SAAS,uBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAG,iBAAiB,OAAO;AACnD;AAEA,eAAe,SAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAM,SAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACjJA,SAAS,SAAAA,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,WAAAC,UAAS,QAAAC,aAAY;AAK9B,IAAMC,qBAAoB;AAM1B,IAAMC,YAA2C;AAAA,EAC/C,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,MAAM;AAAA,EACN,YAAY;AAAA;AAAA,EAEZ,sBAAsB;AAAA,EACtB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,eAAe;AACjB;AAEO,IAAM,qBAA4C,OAAO,KAAKA,SAAQ;AAatE,IAAM,gBAAyB;AAAA,EACpC,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,cAAc;AAAA,EAEd,IAAI,SAA+C;AACjD,UAAM,OAAOA,UAAS,QAAQ,KAAK;AACnC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9B,UAAM,YACJC,UAAS,KAAK,YAAY,CAAC,KAC3BA,UAAS,KAAK,WAAW,CAAC,KAC1BA,UAAS,KAAK,iBAAiB,CAAC;AAClC,UAAM,WAAWA,UAAS,KAAK,WAAW,CAAC,KAAKA,UAAS,KAAK,UAAU,CAAC;AAGzE,UAAM,iBACJA,UAAS,KAAK,iBAAiB,CAAC,KAChCA,UAAS,KAAK,gBAAgB,CAAC,KAC/BA,UAAS,QAAQ,IAAI,sBAAsB;AAE7C,WAAO;AAAA,MACL;AAAA,MACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,MAC/C,GAAI,aAAa,SAAY,EAAE,SAAS,IAAI,CAAC;AAAA,MAC7C,GAAI,mBAAmB,SAAY,EAAE,eAAe,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,UAAkB,QAAoB,UAAU;AAC5D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMC,UAA4B,IAAI;AACvD,UAAM,OAA0B;AAAA,MAC9B,SAAS;AAAA,MACT,GAAI,YAAY,CAAC;AAAA,IACnB;AACA,UAAM,QAA2C,EAAE,GAAI,KAAK,SAAS,CAAC,EAAG;AAEzE,eAAW,SAAS,oBAAoB;AACtC,YAAM,YAAY,MAAM,KAAK,KAAK,CAAC,GAAG;AAAA,QACpC,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,eAAS,KAAK,EAAE,SAAS,GAAGJ,kBAAiB,SAAS,KAAK,GAAG,CAAC;AAC/D,YAAM,KAAK,IAAI;AAAA,IACjB;AAEA,SAAK,QAAQ;AACb,UAAMN,OAAMI,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,UAAMF,WAAU,MAAM,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAClE,WAAO,EAAE,SAAS,MAAM,KAAK;AAAA,EAC/B;AAAA,EAEA,MAAM,UAAU,UAAkB,QAAoB,UAAU;AAC9D,UAAM,OAAO,kBAAkB,UAAU,KAAK;AAC9C,UAAM,WAAW,MAAMO,UAA4B,IAAI;AACvD,QAAI,CAAC,UAAU,MAAO,QAAO,EAAE,SAAS,OAAO,KAAK;AACpD,UAAM,QAAQ,EAAE,GAAG,SAAS,MAAM;AAClC,QAAI,UAAU;AACd,eAAW,CAAC,OAAO,OAAO,KAAK,OAAO,QAAQ,KAAK,GAAG;AACpD,YAAM,WAAW,QAAQ;AAAA,QACvB,CAAC,MAAM,CAACC,wBAAuB,EAAE,OAAO;AAAA,MAC1C;AACA,UAAI,SAAS,WAAW,QAAQ,OAAQ,WAAU;AAClD,UAAI,SAAS,WAAW,GAAG;AACzB,eAAO,MAAM,KAAK;AAAA,MACpB,OAAO;AACL,cAAM,KAAK,IAAI;AAAA,MACjB;AAAA,IACF;AACA,aAAS,QAAQ;AACjB,UAAMR,WAAU,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AACtE,WAAO,EAAE,SAAS,SAAS,KAAK;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY,UAAkB,QAAoB,UAAU;AAChE,UAAM,WAAW,MAAMO;AAAA,MACrB,kBAAkB,UAAU,KAAK;AAAA,IACnC;AACA,QAAI,CAAC,UAAU,MAAO,QAAO;AAC7B,WAAO,OAAO,OAAO,SAAS,KAAK,EAAE;AAAA,MAAK,CAAC,YACzC,QAAQ,KAAK,CAAC,MAAMC,wBAAuB,EAAE,OAAO,CAAC;AAAA,IACvD;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,UAAkB,OAA2B;AACtE,SAAO,UAAU,WACbL,MAAKF,SAAQ,GAAG,WAAW,YAAY,IACvCE,MAAK,UAAU,WAAW,YAAY;AAC5C;AAEA,SAASK,wBAAuB,KAAkC;AAChE,MAAI,CAAC,IAAK,QAAO;AACjB,SAAO,IAAI,WAAW,GAAGJ,kBAAiB,OAAO;AACnD;AAEA,eAAeG,UAAY,MAAsC;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMR,UAAS,MAAM,MAAM;AACvC,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,SAASO,UAAS,GAAgC;AAChD,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS,IAAI,IAAI;AACrD;;;ACvJO,IAAM,WAAqC;AAAA,EAChD,eAAe;AAAA,EACf,QAAQ;AACV;AAEO,IAAM,cAAsC,OAAO,OAAO,QAAQ;AAElE,SAAS,WAAW,IAAsB;AAC/C,SAAO,SAAS,EAAE;AACpB;;;ACbA,SAAS,SAAAG,QAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;;;ACGjB,IAAM,uBAAuB;AAG7B,SAAS,iBAAyB;AACvC,SAAO,QAAQ,IAAI,+BAA+B;AACpD;;;ACTA,SAAS,WAAAC,gBAAe;AACxB,SAAS,QAAAC,aAAY;AAGd,SAAS,aAAqB;AACnC,SAAO,QAAQ,IAAI,uBAAuBA,MAAKD,SAAQ,GAAG,iBAAiB;AAC7E;AAEO,SAAS,aAAqB;AACnC,SAAOC,MAAK,WAAW,GAAG,aAAa;AACzC;AAQO,SAAS,WAAmB;AACjC,SAAOC,MAAK,WAAW,GAAG,WAAW;AACvC;AAGO,SAAS,mBAA2B;AACzC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,kBAA0B;AACxC,SAAOA,MAAK,WAAW,GAAG,eAAe;AAC3C;AAEO,SAAS,UAAkB;AAChC,SAAOA,MAAK,WAAW,GAAG,MAAM;AAClC;;;AFmCO,SAAS,gBAAqC;AACnD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA,aAAa;AAAA,MACX,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,IACnB;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,QAAQ,IAAI,gCAAgC;AAAA,MACtD,SAAS,CAAC;AAAA,MACV,SAAS;AAAA,IACX;AAAA,IACA,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIf,MAAM;AAAA,IACR;AAAA,IACA,iBAAiB;AAAA,MACf,SAAS;AAAA,MACT,aAAa,eAAe;AAAA,MAC5B,iBAAiB;AAAA,IACnB;AAAA,IACA,QAAQ;AAAA,MACN,YAAY,EAAE,SAAS,MAAM;AAAA,MAC7B,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,mBAAmB;AAAA,MACnB,qBAAqB;AAAA,IACvB;AAAA,EACF;AACF;AAEA,eAAsB,aAAuD;AAC3E,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,WAAW,GAAG,MAAM;AAC/C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,YAAY,cAAc,GAAG,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,WAAW,KAAyC;AACxE,QAAM,WAAW;AACjB,QAAMC,WAAU,WAAW,GAAG,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,MAAM;AAC3E;AAEA,eAAsB,aAA4B;AAChD,QAAMC,OAAMC,SAAQ,WAAW,CAAC,GAAG,EAAE,WAAW,KAAK,CAAC;AACtD,QAAMD,OAAM,gBAAgB,GAAG,EAAE,WAAW,KAAK,CAAC;AAClD,QAAMA,OAAM,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C;AAEA,SAAS,YACP,MACA,OACqB;AACrB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,IACH,QAAQ,EAAE,GAAG,KAAK,QAAQ,GAAI,MAAM,UAAU,CAAC,EAAG;AAAA,IAClD,aAAa,EAAE,GAAG,KAAK,aAAa,GAAI,MAAM,eAAe,CAAC,EAAG;AAAA,IACjE,UAAU,EAAE,GAAG,KAAK,UAAU,GAAI,MAAM,YAAY,CAAC,EAAG;AAAA,IACxD,iBAAkB,MAAM,mBACtB,KAAK;AAAA,IACP,iBAAiB;AAAA,MACf,GAAG,KAAK;AAAA,MACR,GAAI,MAAM,mBAAmB,CAAC;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,MACN,YAAY;AAAA,QACV,GAAG,KAAK,OAAO;AAAA,QACf,GAAI,MAAM,QAAQ,cAAc,CAAC;AAAA,MACnC;AAAA,MACA,QAAQ,EAAE,GAAG,KAAK,OAAO,QAAQ,GAAI,MAAM,QAAQ,UAAU,CAAC,EAAG;AAAA,IACnE;AAAA,IACA,SAAS,KAAK;AAAA,EAChB;AACF;;;AG/JA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,WAAW;;;ACDpB,SAAS,OAAO,YAAAC,WAAU,aAAAC,kBAAiB;AAC3C,SAAS,WAAAC,gBAAe;AACxB,SAAS,SAAAC,cAAa;;;ACFtB,SAAS,cAAAC,aAAY,mBAAmB;AACxC,SAAS,YAAY;AACrB,SAAS,oBAAoB;AAC7B,SAAS,gBAAgB;AAMlB,IAAM,YACX,QAAQ,IAAI,4BAA4B;AAG1C,IAAM,iBAAiB;AAKvB,IAAM,gBAAgB;AACf,IAAM,eAAe,oBAAoB,aAAa;AA0M7D,eAAsB,mBACpB,cACwB;AACxB,QAAM,MAAM,MAAM,MAAM,gBAAgB;AAAA,IACtC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,IAAI,EAAE;AAAA,EACjE;AACA,SAAO,IAAI,KAAK;AAClB;;;ADhOA,IAAM,oBAAoB;AAE1B,eAAsB,WAA2C;AAC/D,MAAI;AACF,UAAM,MAAM,MAAMC,UAAS,SAAS,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QAAI,OAAO,OAAO,gBAAgB,YAAY,OAAO,YAAY,SAAS,GAAG;AAC3E,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,SAAS,OAAiC;AAC9D,QAAM,OAAO,SAAS;AACtB,QAAMC,OAAMC,SAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,QAAMC,WAAU,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM;AAAA,IAC3D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,MAAI;AACF,UAAM,MAAM,MAAM,GAAK;AAAA,EACzB,QAAQ;AAAA,EAER;AACF;AAEA,eAAsB,YAA2B;AAC/C,QAAM,EAAE,QAAAC,QAAO,IAAI,MAAM,OAAO,aAAkB;AAClD,MAAI;AACF,UAAMA,QAAO,SAAS,CAAC;AAAA,EACzB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,OAAM;AAAA,EAC9D;AACF;AAMA,eAAsB,gBAA6C;AACjE,QAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,KAAM,QAAO;AAElB,QAAM,eAAe,KAAK,IAAI,KAAK,KAAK,YAAY;AACpD,MAAI,CAAC,aAAc,QAAO,KAAK;AAE/B,MAAI,CAAC,KAAK,cAAc;AAEtB,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,KAAK,YAAY;AACzD,UAAM,YAAuB;AAAA,MAC3B,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO,iBAAiB,KAAK;AAAA,MAC3C,WAAW,KAAK,IAAI,IAAI,OAAO,aAAa;AAAA,IAC9C;AACA,UAAM,SAAS,SAAS;AACxB,WAAO,UAAU;AAAA,EACnB,QAAQ;AAEN,UAAM,UAAU;AAChB,WAAO;AAAA,EACT;AACF;;;AEpFA,SAAS,SAAAC,QAAO,SAAAC,QAAO,YAAAC,WAAU,QAAQ,aAAAC,kBAAiB;AAC1D,SAAS,WAAAC,gBAAe;AAUxB,eAAsB,mBAAgD;AACpE,QAAM,UACJ,QAAQ,IAAI,gCACZ,QAAQ,IAAI;AACd,MAAI,QAAS,QAAO;AAEpB,MAAI;AACF,UAAM,OAAO,MAAMC,UAAS,iBAAiB,GAAG,MAAM,GAAG,KAAK;AAC9D,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAK,IAA8B,SAAS,SAAU,QAAO;AAC7D,UAAM;AAAA,EACR;AACF;AAyBA,eAAsB,iBACpB,SACY;AACZ,QAAM,SAAS,MAAM,iBAAiB;AACtC,MAAI,QAAQ;AACV,IAAC,QAAmC,4BAA4B,IAAI;AAAA,EACtE;AACA,SAAO;AACT;;;AH3BA,IAAM,sBAAN,MAAqD;AAAA,EACnD,MAAM,SAA0C;AAC9C,UAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAAA,EACA,MAAM,OAA+C;AACnD,WAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B;AAAA,EAC1D;AACF;AAEA,IAAM,sBAAN,MAAqD;AAAA,EACnD,YACmB,OACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,OAAO,OAA+D;AAC1E,UAAM,OAAO,MAAMC,UAAS,MAAM,cAAc;AAChD,UAAM,gBAAgB;AAAA,MACpB,KAAK;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AACA,UAAM,OAAO,MAAM,IAAI,eAAe,MAAM;AAAA,MAC1C,QAAQ;AAAA,MACR,OAAO,KAAK;AAAA,MACZ,aAAa;AAAA,MACb,iBAAiB;AAAA,IACnB,CAAC;AACD,WAAO,EAAE,UAAU,KAAK,UAAU,KAAK,KAAK,KAAK,MAAM,KAAK,WAAW;AAAA,EACzE;AAAA,EAEA,MAAM,OAA8D;AAClE,QAAI,CAAC,KAAK,MAAO,QAAO,EAAE,IAAI,OAAO,QAAQ,gBAAgB;AAC7D,WAAO,EAAE,IAAI,KAAK;AAAA,EACpB;AACF;AAQA,IAAM,0BAAN,MAAyD;AAAA,EACvD,YAA6B,aAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA,EAE7B,MAAM,OAAO,OAA+D;AAC1E,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,OAAO,MAAMA,UAAS,MAAM,cAAc;AAChD,UAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,UAAM,UAAU,MAAM,iBAAiB;AAAA,MACrC,eAAe,UAAU,KAAK;AAAA,MAC9B,gBAAgB;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW,MAAM;AAAA,MACjB,eAAe,MAAM;AAAA,IACvB,CAAC;AACD,UAAM,MAAM,MAAM,MAAM,KAAK,EAAE,QAAQ,QAAQ,SAAS,KAAK,CAAC;AAC9D,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,YAAM,IAAI;AAAA,QACR,6BAA6B,IAAI,MAAM,MAAM,QAAQ,IAAI,UAAU;AAAA,MACrE;AAAA,IACF;AACA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAO7B,QAAI,CAAC,KAAK,MAAM,CAAC,KAAK,WAAW,CAAC,KAAK,UAAU;AAC/C,YAAM,IAAI,MAAM,4BAA4B,KAAK,SAAS,SAAS,EAAE;AAAA,IACvE;AACA,WAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,KAAK,KAAK;AAAA,MACV,MAAM,KAAK,QAAQ,KAAK;AAAA,IAC1B;AAAA,EACF;AAAA,EAEA,MAAM,OAA8D;AAClE,UAAM,QAAQ,MAAM,cAAc;AAClC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ;AAAA,MACV;AAAA,IACF;AAIA,QAAI;AACF,YAAM,MAAM,IAAI,IAAI,wBAAwB,KAAK,WAAW,EAAE,SAAS;AACvE,YAAM,UAAU,MAAM,iBAAiB;AAAA,QACrC,eAAe,UAAU,KAAK;AAAA,MAChC,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,KAAK,EAAE,QAAQ,QAAQ,QAAQ,CAAC;AACxD,UAAI,IAAI,WAAW,IAAK,QAAO,EAAE,IAAI,KAAK;AAC1C,UAAI,IAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC5C,cAAM,KAAK,IAAI,QAAQ,IAAI,cAAc,KAAK;AAC9C,YAAI,GAAG,SAAS,WAAW,GAAG;AAC5B,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,QACE;AAAA,UACJ;AAAA,QACF;AACA,eAAO,EAAE,IAAI,OAAO,QAAQ,4BAA4B,IAAI,MAAM,IAAI;AAAA,MACxE;AACA,aAAO,EAAE,IAAI,OAAO,QAAQ,qBAAqB,IAAI,MAAM,GAAG;AAAA,IAChE,SAAS,KAAK;AACZ,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,QAAQ,yBAA0B,IAAc,OAAO;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,sBACd,KACiB;AACjB,MAAI,IAAI,SAAS,OAAQ,QAAO,IAAI,oBAAoB;AACxD,MAAI,IAAI,SAAS,YAAY;AAC3B,WAAO,IAAI,wBAAwB,eAAe,CAAC;AAAA,EACrD;AAEA,QAAM,QAAQ,QAAQ,IAAI,IAAI,QAAQ;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR,yBAAyB,IAAI,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,IAAI,oBAAoB,OAAO,IAAI,MAAM;AAClD;AAEA,SAAS,cACP,QACA,UACA,WACQ;AACR,QAAM,aAAa,OAAO,SAAS,GAAG,IAAI,SAAS,GAAG,MAAM;AAC5D,QAAM,cAAc,mBAAmB,SAAS;AAChD,SAAO,GAAG,UAAU,GAAG,QAAQ,IAAI,WAAW;AAChD;","names":["mkdir","readFile","writeFile","homedir","dirname","join","HOOK_COMMAND_NAME","HOOK_MAP","asString","readJson","isAgentInsightsCommand","mkdir","readFile","writeFile","dirname","homedir","join","join","readFile","writeFile","mkdir","dirname","readFile","readFile","writeFile","dirname","mkdir","createHash","readFile","mkdir","dirname","writeFile","unlink","chmod","mkdir","readFile","writeFile","dirname","readFile","readFile"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-insights",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.12",
|
|
4
4
|
"description": "CLI for AI coding agent lifecycle observability — Claude Code and Cursor hooks → Vercel Blob + optional Slack/GitHub feedback loop.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"claude-code",
|
|
@@ -48,6 +48,7 @@
|
|
|
48
48
|
"node": ">=20"
|
|
49
49
|
},
|
|
50
50
|
"dependencies": {
|
|
51
|
+
"@inquirer/prompts": "^8.4.3",
|
|
51
52
|
"@vercel/blob": "^2.4.0",
|
|
52
53
|
"commander": "^14.0.0",
|
|
53
54
|
"kleur": "^4.1.5"
|