npm - airaknit - Versions diffs - 1.1.2-rc.9 - Mend

airaknit 1.1.2-rc.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (440) hide show

package/LICENSE +84 -0
package/README.md +202 -0
package/bin/airaknit +9 -0
package/bin/airaknit-project +14 -0
package/bin/kanna +9 -0
package/dist/client/assets/CompactSummaryMessage-Yw0BDWEJ.js +1 -0
package/dist/client/assets/ExitPlanModeMessage-DIdkQ4uF.js +1 -0
package/dist/client/assets/LocalFilePreviewDialog-DQx2eiCc.js +3 -0
package/dist/client/assets/LocalProjectsSection-C4xlWkgS.js +1 -0
package/dist/client/assets/TextMessage-B5G39DEJ.js +1 -0
package/dist/client/assets/UserMessage-CIkWk-0L.js +1 -0
package/dist/client/assets/_basePickBy-CVrAFfnZ.js +1 -0
package/dist/client/assets/_baseUniq-JL-aaF4P.js +1 -0
package/dist/client/assets/arc-B07zg7ol.js +1 -0
package/dist/client/assets/architecture-YZFGNWBL-PSLVJL3p.js +1 -0
package/dist/client/assets/architectureDiagram-Q4EWVU46-DfWIF1G_.js +36 -0
package/dist/client/assets/array-BGFCBI0e.js +1 -0
package/dist/client/assets/blockDiagram-DXYQGD6D-CzwIeo_B.js +132 -0
package/dist/client/assets/bundle-mjs-BDE2gWbQ.js +1 -0
package/dist/client/assets/button-DO50qOGv.js +1 -0
package/dist/client/assets/c4Diagram-AHTNJAMY-CR8DCQRE.js +10 -0
package/dist/client/assets/channel-Dj-UUfaF.js +1 -0
package/dist/client/assets/chunk-2KRD3SAO-dznP-cn8.js +1 -0
package/dist/client/assets/chunk-336JU56O-Dqss5Vu6.js +2 -0
package/dist/client/assets/chunk-426QAEUC-CEKis_0_.js +1 -0
package/dist/client/assets/chunk-4BX2VUAB-BYOv0Gm1.js +1 -0
package/dist/client/assets/chunk-4TB4RGXK-BxzubH5S.js +206 -0
package/dist/client/assets/chunk-55IACEB6-BSlTj03a.js +1 -0
package/dist/client/assets/chunk-5FUZZQ4R-9Au93Bi1.js +62 -0
package/dist/client/assets/chunk-5PVQY5BW-BhksHFEZ.js +2 -0
package/dist/client/assets/chunk-67CJDMHE-BFwhz-8t.js +1 -0
package/dist/client/assets/chunk-7N4EOEYR-BDUPds87.js +1 -0
package/dist/client/assets/chunk-AA7GKIK3-CEWTdyXO.js +1 -0
package/dist/client/assets/chunk-BO2N2NFS-D0LvxnhU.js +103 -0
package/dist/client/assets/chunk-BSJP7CBP-BNJnK6sq.js +1 -0
package/dist/client/assets/chunk-Bj-mKKzh.js +1 -0
package/dist/client/assets/chunk-CIAEETIT-CYhfoCeN.js +1 -0
package/dist/client/assets/chunk-EDXVE4YY-C5ovJLc0.js +1 -0
package/dist/client/assets/chunk-ENJZ2VHE-HOhYaeGr.js +10 -0
package/dist/client/assets/chunk-FMBD7UC4-BLCiKcAQ.js +15 -0
package/dist/client/assets/chunk-FOC6F5B3-B6GtY2ek.js +1 -0
package/dist/client/assets/chunk-ICPOFSXX-DPoIZoC5.js +122 -0
package/dist/client/assets/chunk-K5T4RW27-BsKN63rv.js +94 -0
package/dist/client/assets/chunk-KGLVRYIC-BUGn9uuY.js +1 -0
package/dist/client/assets/chunk-LIHQZDEY-DhaZyo03.js +1 -0
package/dist/client/assets/chunk-ORNJ4GCN-DlpeeJyi.js +1 -0
package/dist/client/assets/chunk-OYMX7WX6-Dc9q7aYA.js +231 -0
package/dist/client/assets/chunk-QZHKN3VN-BEdrPoSb.js +1 -0
package/dist/client/assets/chunk-U2HBQHQK-CIB3Bjjd.js +70 -0
package/dist/client/assets/chunk-X2U36JSP-CtB-o8Yp.js +1 -0
package/dist/client/assets/chunk-XPW4576I-C6iHhX_8.js +32 -0
package/dist/client/assets/chunk-YZCP3GAM-CTmKr6ZH.js +1 -0
package/dist/client/assets/chunk-ZZ45TVLE-BgU8A2RF.js +1 -0
package/dist/client/assets/classDiagram-6PBFFD2Q-Bqk5e679.js +1 -0
package/dist/client/assets/classDiagram-v2-HSJHXN6E-6pSaZOkC.js +1 -0
package/dist/client/assets/client-BrKWI4CM.js +1 -0
package/dist/client/assets/client-CGgNRU9w.js +1 -0
package/dist/client/assets/client-DMSLRzg9.js +6 -0
package/dist/client/assets/clone-DWcL7whJ.js +1 -0
package/dist/client/assets/cose-bilkent-S5V4N54A-CrV5wsV_.js +1 -0
package/dist/client/assets/cytoscape.esm--aLzKuep.js +321 -0
package/dist/client/assets/dagre-CuRxWcrj.js +1 -0
package/dist/client/assets/dagre-KV5264BT-BIDiVnkA.js +4 -0
package/dist/client/assets/defaultLocale-CRZydyG6.js +1 -0
package/dist/client/assets/diagram-5BDNPKRD-i1kjKRCB.js +10 -0
package/dist/client/assets/diagram-G4DWMVQ6-9ZSLuhbl.js +24 -0
package/dist/client/assets/diagram-MMDJMWI5-B4_CUjgv.js +43 -0
package/dist/client/assets/diagram-TYMM5635-Ct5eTGS8.js +24 -0
package/dist/client/assets/dist-CuB4kiSK.js +1 -0
package/dist/client/assets/erDiagram-SMLLAGMA-Cy38ercc.js +85 -0
package/dist/client/assets/flowDiagram-DWJPFMVM-CZKuYl0V.js +162 -0
package/dist/client/assets/ganttDiagram-T4ZO3ILL-DLPjCh7a.js +292 -0
package/dist/client/assets/gitGraph-7Q5UKJZL-DqbrtEp9.js +1 -0
package/dist/client/assets/gitGraphDiagram-UUTBAWPF-BoRBkDhQ.js +106 -0
package/dist/client/assets/graphlib-BcQ6qlQh.js +1 -0
package/dist/client/assets/highlighted-body-OFNGDK62-BEpBVDTX.js +1 -0
package/dist/client/assets/index-CetCiuqP.js +105 -0
package/dist/client/assets/index-N29Mip7A.css +1 -0
package/dist/client/assets/info-OMHHGYJF-D98DRBJX.js +1 -0
package/dist/client/assets/infoDiagram-42DDH7IO-BAcdTWbt.js +2 -0
package/dist/client/assets/init-B8gtcn7T.js +1 -0
package/dist/client/assets/isArrayLikeObject-D8SJFmkN.js +1 -0
package/dist/client/assets/isEmpty-BF3YX5Jk.js +1 -0
package/dist/client/assets/ishikawaDiagram-UXIWVN3A-Ynu2VKdC.js +70 -0
package/dist/client/assets/journeyDiagram-VCZTEJTY-BjfhQaN3.js +139 -0
package/dist/client/assets/jsx-runtime-CyI9ICYU.js +1 -0
package/dist/client/assets/kanban-definition-6JOO6SKY-JLXH9zUJ.js +89 -0
package/dist/client/assets/katex-B94qP8b6.js +265 -0
package/dist/client/assets/lib--QVjyxmL.js +29 -0
package/dist/client/assets/lib-B6rgJiZ9.js +1 -0
package/dist/client/assets/line-DCrYfLBn.js +1 -0
package/dist/client/assets/linear-_4upLmeo.js +1 -0
package/dist/client/assets/mermaid-GHXKKRXX-rwJHYUmW.js +1 -0
package/dist/client/assets/mermaid-parser.core-KZinfW8o.js +4 -0
package/dist/client/assets/mermaid.core-QqY9gSNe.js +11 -0
package/dist/client/assets/mindmap-definition-QFDTVHPH-TWgHDAzp.js +96 -0
package/dist/client/assets/ordinal-CCj7PWgZ.js +1 -0
package/dist/client/assets/packet-4T2RLAQJ-DEvfkn3F.js +1 -0
package/dist/client/assets/path-DZF-JdEe.js +1 -0
package/dist/client/assets/pie-ZZUOXDRM-72e6WVjb.js +1 -0
package/dist/client/assets/pieDiagram-DEJITSTG-Cl8PCsoj.js +30 -0
package/dist/client/assets/preload-helper-rov5CBGT.js +1 -0
package/dist/client/assets/pty-client-DZ27IS00.js +1 -0
package/dist/client/assets/ptyInstancesStore-D9ag7SYd.js +1 -0
package/dist/client/assets/quadrantDiagram-34T5L4WZ-CHyVGp9E.js +7 -0
package/dist/client/assets/radar-PYXPWWZC-Cp7xd_EY.js +1 -0
package/dist/client/assets/react-CClhXMB2.js +1 -0
package/dist/client/assets/react-Dd6D81m0.js +1 -0
package/dist/client/assets/react-dom--G6_6fQ_.js +1 -0
package/dist/client/assets/requirementDiagram-MS252O5E-DaanG2iM.js +84 -0
package/dist/client/assets/rough.esm-BsmKo2S5.js +1 -0
package/dist/client/assets/sankeyDiagram-XADWPNL6-B_fhLY36.js +10 -0
package/dist/client/assets/sequenceDiagram-FGHM5R23-C5FNrveI.js +157 -0
package/dist/client/assets/src-DeTlMJAU.js +1 -0
package/dist/client/assets/stateDiagram-FHFEXIEX-nTTcdjjQ.js +1 -0
package/dist/client/assets/stateDiagram-v2-QKLJ7IA2-Dw0632j_.js +1 -0
package/dist/client/assets/timeline-definition-GMOUNBTQ-DkQV1yP8.js +120 -0
package/dist/client/assets/treeView-SZITEDCU-ZLIgC7_K.js +1 -0
package/dist/client/assets/treemap-W4RFUUIX-BqaMbB6N.js +1 -0
package/dist/client/assets/uiIdentityOverlay-Ba7GNj7m.js +1 -0
package/dist/client/assets/vennDiagram-DHZGUBPP-DbZ2xgs6.js +34 -0
package/dist/client/assets/wardley-RL74JXVD-DXQS8zf4.js +1 -0
package/dist/client/assets/wardleyDiagram-NUSXRM2D-BzCJ6MAu.js +20 -0
package/dist/client/assets/xychartDiagram-5P7HB3ND-BSlFecop.js +7 -0
package/dist/client/favicon.png +0 -0
package/dist/client/favicon.svg +15 -0
package/dist/client/fonts/body-medium.woff2 +0 -0
package/dist/client/fonts/body-regular-italic.woff2 +0 -0
package/dist/client/fonts/body-regular.woff2 +0 -0
package/dist/client/fonts/body-semibold.woff2 +0 -0
package/dist/client/index.html +31 -0
package/dist/client/manifest.webmanifest +12 -0
package/dist/client/sw.js +32 -0
package/package.json +122 -0
package/src/nats/auth-callout/callout-config.test.ts +93 -0
package/src/nats/auth-callout/callout-config.ts +109 -0
package/src/nats/auth-callout/callout.integration.test.ts +332 -0
package/src/nats/auth-callout/keys.ts +103 -0
package/src/nats/auth-callout/responder.ts +241 -0
package/src/nats/auth-callout/scope-policy.test.ts +159 -0
package/src/nats/auth-callout/scope-policy.ts +210 -0
package/src/nats/auth-callout/token.test.ts +163 -0
package/src/nats/auth-callout/token.ts +157 -0
package/src/nats/nats-daemon-callout.ts +194 -0
package/src/nats/nats-daemon.test.ts +77 -0
package/src/nats/nats-daemon.ts +50 -0
package/src/nats/nats-token.test.ts +61 -0
package/src/nats/nats-token.ts +59 -0
package/src/runner/coordination-mcp-integration.test.ts +134 -0
package/src/runner/nats-coordination-client.test.ts +49 -0
package/src/runner/nats-coordination-client.ts +94 -0
package/src/runner/runner-agent.test.ts +469 -0
package/src/runner/runner-agent.ts +453 -0
package/src/runner/runner-credential.test.ts +93 -0
package/src/runner/runner-credential.ts +82 -0
package/src/runner/runner-nats.test.ts +495 -0
package/src/runner/runner-nats.ts +323 -0
package/src/runner/runner-pair.test.ts +107 -0
package/src/runner/runner-pair.ts +81 -0
package/src/runner/runner.test.ts +135 -0
package/src/runner/runner.ts +212 -0
package/src/runner/turn-factories.test.ts +97 -0
package/src/runner/turn-factories.ts +475 -0
package/src/server/agent-config-journey.test.ts +106 -0
package/src/server/agent.ts +8 -0
package/src/server/auto-continue/auth-error-detector.ts +66 -0
package/src/server/auto-continue/limit-detector.ts +194 -0
package/src/server/bm25.test.ts +92 -0
package/src/server/bm25.ts +101 -0
package/src/server/chat-events-jetstream.test.ts +135 -0
package/src/server/claude-harness.ts +360 -0
package/src/server/claude-pty/agent-normalizers.ts +309 -0
package/src/server/claude-pty/auth.test.ts +38 -0
package/src/server/claude-pty/auth.ts +32 -0
package/src/server/claude-pty/claude-session-registry.adapter.ts +81 -0
package/src/server/claude-pty/claude-session-registry.test.ts +149 -0
package/src/server/claude-pty/driver.test.ts +902 -0
package/src/server/claude-pty/driver.ts +807 -0
package/src/server/claude-pty/jsonl-path.adapter.ts +57 -0
package/src/server/claude-pty/jsonl-path.test.ts +114 -0
package/src/server/claude-pty/jsonl-to-event.test.ts +241 -0
package/src/server/claude-pty/jsonl-to-event.ts +174 -0
package/src/server/claude-pty/output-ring.test.ts +35 -0
package/src/server/claude-pty/output-ring.ts +25 -0
package/src/server/claude-pty/parity-matrix.test.ts +227 -0
package/src/server/claude-pty/pid-registry.adapter.ts +135 -0
package/src/server/claude-pty/pid-registry.test.ts +122 -0
package/src/server/claude-pty/preflight/binary-fingerprint.adapter.ts +20 -0
package/src/server/claude-pty/preflight/binary-fingerprint.test.ts +32 -0
package/src/server/claude-pty/pty-instance-registry.test.ts +177 -0
package/src/server/claude-pty/pty-instance-registry.ts +166 -0
package/src/server/claude-pty/pty-memory-sampler.adapter.test.ts +103 -0
package/src/server/claude-pty/pty-memory-sampler.adapter.ts +85 -0
package/src/server/claude-pty/pty-process.adapter.ts +66 -0
package/src/server/claude-pty/pty-process.test.ts +49 -0
package/src/server/claude-pty/resolve-binary.adapter.ts +106 -0
package/src/server/claude-pty/resolve-binary.test.ts +118 -0
package/src/server/claude-pty/runtime-dir.adapter.ts +19 -0
package/src/server/claude-pty/settings-writer.adapter.ts +27 -0
package/src/server/claude-pty/settings-writer.test.ts +22 -0
package/src/server/claude-pty/smoke-test-io.adapter.ts +28 -0
package/src/server/claude-pty/smoke-test.test.ts +191 -0
package/src/server/claude-pty/smoke-test.ts +185 -0
package/src/server/claude-pty/subagent-orchestrator.ts +887 -0
package/src/server/claude-pty/tool-callback.ts +274 -0
package/src/server/claude-pty/tui-control.test.ts +272 -0
package/src/server/claude-pty/tui-control.ts +182 -0
package/src/server/claude-pty/tui-source.adapter.test.ts +360 -0
package/src/server/claude-pty/tui-source.adapter.ts +343 -0
package/src/server/claude-pty/tunnel-gateway.ts +12 -0
package/src/server/claude-pty-mcp/canonical-args.ts +15 -0
package/src/server/claude-pty-mcp/fs-stat.adapter.ts +8 -0
package/src/server/claude-pty-mcp/history-primer.ts +90 -0
package/src/server/claude-pty-mcp/http-server.adapter.ts +33 -0
package/src/server/claude-pty-mcp/mcp-http.ts +177 -0
package/src/server/claude-pty-mcp/mcp.ts +412 -0
package/src/server/claude-pty-mcp/mention-parser.ts +25 -0
package/src/server/claude-pty-mcp/paths.ts +24 -0
package/src/server/claude-pty-mcp/permission-gate.ts +243 -0
package/src/server/claude-pty-mcp/terminal-pid-registry.adapter.ts +107 -0
package/src/server/claude-pty-mcp/tools/ask-user-question.test.ts +119 -0
package/src/server/claude-pty-mcp/tools/ask-user-question.ts +61 -0
package/src/server/claude-pty-mcp/tools/bash.adapter.ts +76 -0
package/src/server/claude-pty-mcp/tools/bash.test.ts +56 -0
package/src/server/claude-pty-mcp/tools/delegate-subagent.test.ts +155 -0
package/src/server/claude-pty-mcp/tools/delegate-subagent.ts +111 -0
package/src/server/claude-pty-mcp/tools/edit.adapter.ts +95 -0
package/src/server/claude-pty-mcp/tools/edit.test.ts +93 -0
package/src/server/claude-pty-mcp/tools/exit-plan-mode.test.ts +61 -0
package/src/server/claude-pty-mcp/tools/exit-plan-mode.ts +50 -0
package/src/server/claude-pty-mcp/tools/glob.adapter.ts +86 -0
package/src/server/claude-pty-mcp/tools/glob.test.ts +61 -0
package/src/server/claude-pty-mcp/tools/grep.adapter.ts +126 -0
package/src/server/claude-pty-mcp/tools/grep.test.ts +62 -0
package/src/server/claude-pty-mcp/tools/read.adapter.ts +58 -0
package/src/server/claude-pty-mcp/tools/read.test.ts +62 -0
package/src/server/claude-pty-mcp/tools/tool-callback-shim.ts +42 -0
package/src/server/claude-pty-mcp/tools/webfetch.test.ts +81 -0
package/src/server/claude-pty-mcp/tools/webfetch.ts +82 -0
package/src/server/claude-pty-mcp/tools/websearch.test.ts +40 -0
package/src/server/claude-pty-mcp/tools/websearch.ts +42 -0
package/src/server/claude-pty-mcp/tools/write.adapter.ts +60 -0
package/src/server/claude-pty-mcp/tools/write.test.ts +52 -0
package/src/server/claude-pty-mcp/uploads.adapter.ts +98 -0
package/src/server/claude-pty-mcp/uploads.ts +38 -0
package/src/server/claude-turn.test.ts +176 -0
package/src/server/cli-runtime.test.ts +456 -0
package/src/server/cli-runtime.ts +374 -0
package/src/server/cli-supervisor.ts +81 -0
package/src/server/cli.ts +78 -0
package/src/server/client-log-forwarder.test.ts +74 -0
package/src/server/client-log-forwarder.ts +75 -0
package/src/server/codex-app-server-protocol.ts +449 -0
package/src/server/codex-app-server.test.ts +2990 -0
package/src/server/codex-app-server.ts +1713 -0
package/src/server/coordination-integration.test.ts +63 -0
package/src/server/coordination-mcp.test.ts +149 -0
package/src/server/coordination-mcp.ts +197 -0
package/src/server/delegation-coordinator.test.ts +675 -0
package/src/server/delegation-coordinator.ts +454 -0
package/src/server/discovery.test.ts +211 -0
package/src/server/discovery.ts +301 -0
package/src/server/event-store-agent-config.test.ts +124 -0
package/src/server/event-store-coordination.test.ts +149 -0
package/src/server/event-store-profile.test.ts +132 -0
package/src/server/event-store-repo.test.ts +154 -0
package/src/server/event-store-runner-team.test.ts +104 -0
package/src/server/event-store.test.ts +342 -0
package/src/server/event-store.ts +2208 -0
package/src/server/events.ts +379 -0
package/src/server/extension-router.test.ts +183 -0
package/src/server/extension-router.ts +114 -0
package/src/server/extensions/agents/server.test.ts +191 -0
package/src/server/extensions/agents/server.ts +108 -0
package/src/server/extensions/c3/server.test.ts +284 -0
package/src/server/extensions/c3/server.ts +212 -0
package/src/server/extensions/code/server.test.ts +200 -0
package/src/server/extensions/code/server.ts +150 -0
package/src/server/extensions.config.ts +10 -0
package/src/server/external-open.ts +69 -0
package/src/server/generate-fork-context.ts +58 -0
package/src/server/generate-merge-context.test.ts +290 -0
package/src/server/generate-merge-context.ts +141 -0
package/src/server/generate-title.ts +36 -0
package/src/server/git-clone-policy.test.ts +138 -0
package/src/server/git-clone-policy.ts +27 -0
package/src/server/harness-types.ts +1 -0
package/src/server/journey-verification.test.ts +640 -0
package/src/server/journey-verification.ts +195 -0
package/src/server/machine-name.ts +22 -0
package/src/server/nats-auth.test.ts +92 -0
package/src/server/nats-auth.ts +6 -0
package/src/server/nats-bind-guard.test.ts +71 -0
package/src/server/nats-bind-guard.ts +42 -0
package/src/server/nats-bridge.test.ts +141 -0
package/src/server/nats-bridge.ts +111 -0
package/src/server/nats-connector.test.ts +56 -0
package/src/server/nats-connector.ts +71 -0
package/src/server/nats-daemon-manager.test.ts +76 -0
package/src/server/nats-daemon-manager.ts +174 -0
package/src/server/nats-publisher.test.ts +356 -0
package/src/server/nats-publisher.ts +271 -0
package/src/server/nats-responders.test.ts +1018 -0
package/src/server/nats-responders.ts +925 -0
package/src/server/nats-streams.test.ts +112 -0
package/src/server/nats-streams.ts +129 -0
package/src/server/oauth-pool/oauth-responders.ts +185 -0
package/src/server/oauth-pool/oauth-settings-store.ts +173 -0
package/src/server/oauth-pool/oauth-token-pool.ts +303 -0
package/src/server/orchestration.test.ts +1063 -0
package/src/server/orchestration.ts +716 -0
package/src/server/pairing-endpoints.test.ts +171 -0
package/src/server/pairing-store.test.ts +154 -0
package/src/server/pairing-store.ts +124 -0
package/src/server/paths.ts +27 -0
package/src/server/pr3-liveness.test.ts +252 -0
package/src/server/process-utils.ts +10 -0
package/src/server/project-cli.ts +180 -0
package/src/server/provider-catalog.test.ts +177 -0
package/src/server/provider-catalog.ts +146 -0
package/src/server/pty-responders.ts +345 -0
package/src/server/push-notifications.test.ts +234 -0
package/src/server/push-notifications.ts +188 -0
package/src/server/quick-response.test.ts +196 -0
package/src/server/quick-response.ts +154 -0
package/src/server/read-models-agent-config.test.ts +59 -0
package/src/server/read-models-coordination.test.ts +69 -0
package/src/server/read-models.test.ts +332 -0
package/src/server/read-models.ts +258 -0
package/src/server/repo-journey.test.ts +96 -0
package/src/server/repo-manager.test.ts +118 -0
package/src/server/repo-manager.ts +97 -0
package/src/server/repo-status.test.ts +54 -0
package/src/server/repo-status.ts +82 -0
package/src/server/restart.test.ts +27 -0
package/src/server/restart.ts +30 -0
package/src/server/runner-incompatible-gate.test.ts +383 -0
package/src/server/runner-manager.test.ts +72 -0
package/src/server/runner-manager.ts +312 -0
package/src/server/runner-pairing-urls.test.ts +59 -0
package/src/server/runner-pairing-urls.ts +67 -0
package/src/server/runner-proxy.test.ts +456 -0
package/src/server/runner-proxy.ts +494 -0
package/src/server/runner-router.test.ts +429 -0
package/src/server/runner-router.ts +212 -0
package/src/server/runner-routing.test.ts +584 -0
package/src/server/runtime-registry.test.ts +436 -0
package/src/server/runtime-registry.ts +307 -0
package/src/server/sandbox-health.test.ts +127 -0
package/src/server/sandbox-health.ts +94 -0
package/src/server/sandbox-journey.test.ts +232 -0
package/src/server/sandbox-manager.test.ts +146 -0
package/src/server/sandbox-manager.ts +159 -0
package/src/server/server.test.ts +287 -0
package/src/server/server.ts +1108 -0
package/src/server/session-discovery.test.ts +129 -0
package/src/server/session-discovery.ts +475 -0
package/src/server/session-index.test.ts +362 -0
package/src/server/session-index.ts +119 -0
package/src/server/session-seed.ts +288 -0
package/src/server/share.test.ts +108 -0
package/src/server/share.ts +113 -0
package/src/server/skill-discovery.test.ts +201 -0
package/src/server/skill-discovery.ts +77 -0
package/src/server/storage/test-helpers.ts +67 -0
package/src/server/terminal-manager.test.ts +309 -0
package/src/server/terminal-manager.ts +354 -0
package/src/server/transcript-consumer.test.ts +339 -0
package/src/server/transcript-consumer.ts +162 -0
package/src/server/transcript-search.test.ts +193 -0
package/src/server/transcript-search.ts +83 -0
package/src/server/transcript-utils.ts +52 -0
package/src/server/update-manager.test.ts +107 -0
package/src/server/update-manager.ts +230 -0
package/src/server/workflow-engine.test.ts +251 -0
package/src/server/workflow-engine.ts +169 -0
package/src/server/workflow-mcp.ts +49 -0
package/src/server/workflow-store.test.ts +155 -0
package/src/server/workflow-store.ts +139 -0
package/src/server/workspace-agent-integration.test.ts +167 -0
package/src/server/workspace-agent-routes.test.ts +127 -0
package/src/server/workspace-agent-routes.ts +89 -0
package/src/server/workspace-agent.test.ts +103 -0
package/src/server/workspace-agent.ts +102 -0
package/src/server/workspace-cli.test.ts +79 -0
package/src/server/workspace-config-manager.test.ts +109 -0
package/src/server/workspace-config-manager.ts +83 -0
package/src/server/workspace-directory-policy.test.ts +109 -0
package/src/server/workspace-directory-policy.ts +56 -0
package/src/shared/agent-config-types.ts +25 -0
package/src/shared/branding.test.ts +42 -0
package/src/shared/branding.ts +54 -0
package/src/shared/compression.test.ts +85 -0
package/src/shared/compression.ts +42 -0
package/src/shared/coordination-store.test.ts +24 -0
package/src/shared/coordination-store.ts +26 -0
package/src/shared/dev-ports.test.ts +84 -0
package/src/shared/dev-ports.ts +100 -0
package/src/shared/extension-types.ts +45 -0
package/src/shared/fork-presets.ts +54 -0
package/src/shared/harness-types.test.ts +15 -0
package/src/shared/harness-types.ts +21 -0
package/src/shared/log-sink.test.ts +112 -0
package/src/shared/log-sink.ts +185 -0
package/src/shared/mention-pattern.ts +7 -0
package/src/shared/merge-presets.ts +41 -0
package/src/shared/nats-subjects.test.ts +61 -0
package/src/shared/nats-subjects.ts +131 -0
package/src/shared/permission-policy.ts +136 -0
package/src/shared/ports.ts +3 -0
package/src/shared/preset-types.ts +15 -0
package/src/shared/profile-types.ts +49 -0
package/src/shared/projectFileUrl.ts +36 -0
package/src/shared/protocol.ts +153 -0
package/src/shared/pty-instance.ts +43 -0
package/src/shared/puggy/diagnostics/result.ts +18 -0
package/src/shared/puggy/expressions/evaluate.ts +292 -0
package/src/shared/puggy/index.test.ts +101 -0
package/src/shared/puggy/index.ts +69 -0
package/src/shared/puggy/parser/ast.ts +110 -0
package/src/shared/puggy/parser/parser.ts +624 -0
package/src/shared/puggy/renderer/html.ts +447 -0
package/src/shared/runner-protocol.test.ts +277 -0
package/src/shared/runner-protocol.ts +210 -0
package/src/shared/runner-team-types.ts +73 -0
package/src/shared/runtime-types.ts +48 -0
package/src/shared/sandbox-types.ts +53 -0
package/src/shared/tailwind-build.test.ts +12 -0
package/src/shared/tinkaria-system-prompt.ts +101 -0
package/src/shared/tools.test.ts +335 -0
package/src/shared/tools.ts +397 -0
package/src/shared/transcript-entries.ts +27 -0
package/src/shared/transcript-render.test.ts +225 -0
package/src/shared/transcript-render.ts +467 -0
package/src/shared/types.ts +1031 -0
package/src/shared/vite-config.test.ts +47 -0
package/src/shared/web-context.test.ts +110 -0
package/src/shared/web-context.ts +76 -0
package/src/shared/workflow-types.ts +51 -0
package/src/shared/workspace-types.ts +100 -0

package/src/server/nats-streams.test.ts ADDED Viewed

@@ -0,0 +1,112 @@
+import { afterEach, describe, test, expect } from "bun:test"
+import { NatsServer } from "@lagz0ne/nats-embedded"
+import { connect, type NatsConnection } from "@nats-io/transport-node"
+import { jetstreamManager } from "@nats-io/jetstream"
+import { Kvm } from "@nats-io/kv"
+import {
+  ensureTerminalEventsStream,
+  TERMINAL_EVENTS_STREAM,
+} from "./nats-streams"
+import { KV_BUCKET, snapshotKvKey } from "../shared/nats-subjects"
+let server: NatsServer | null = null
+let nc: NatsConnection | null = null
+afterEach(async () => {
+  if (nc) {
+    await nc.drain()
+    nc = null
+  }
+  if (server) {
+    await server.stop()
+    server = null
+  }
+})
+describe("nats-streams", () => {
+  test("ensureTerminalEventsStream creates the stream", async () => {
+    server = await NatsServer.start({ jetstream: true })
+    nc = await connect({ servers: server.url })
+    await ensureTerminalEventsStream(nc)
+    const jsm = await jetstreamManager(nc)
+    const info = await jsm.streams.info(TERMINAL_EVENTS_STREAM)
+    expect(info.config.name).toBe(TERMINAL_EVENTS_STREAM)
+    expect(info.config.subjects).toContain("runtime.evt.terminal.>")
+    expect(info.config.storage).toBe("memory")
+  })
+  test("ensureTerminalEventsStream is idempotent", async () => {
+    server = await NatsServer.start({ jetstream: true })
+    nc = await connect({ servers: server.url })
+    await ensureTerminalEventsStream(nc)
+    await ensureTerminalEventsStream(nc)
+    const jsm = await jetstreamManager(nc)
+    const info = await jsm.streams.info(TERMINAL_EVENTS_STREAM)
+    expect(info.config.name).toBe(TERMINAL_EVENTS_STREAM)
+  })
+  test("stream retains published terminal events", async () => {
+    server = await NatsServer.start({ jetstream: true })
+    nc = await connect({ servers: server.url })
+    await ensureTerminalEventsStream(nc)
+    const jsm = await jetstreamManager(nc)
+    const encoder = new TextEncoder()
+    // Publish a terminal event
+    const { jetstream } = await import("@nats-io/jetstream")
+    const js = jetstream(nc)
+    await js.publish(
+      "runtime.evt.terminal.term-1",
+      encoder.encode(JSON.stringify({ type: "terminal.output", terminalId: "term-1", data: "hello" }))
+    )
+    const info = await jsm.streams.info(TERMINAL_EVENTS_STREAM)
+    expect(info.state.messages).toBe(1)
+  })
+})
+describe("KV snapshot bucket", () => {
+  test("can create and read from runtime_snapshots bucket", async () => {
+    server = await NatsServer.start({ jetstream: true })
+    nc = await connect({ servers: server.url })
+    const kvm = new Kvm(nc)
+    const kv = await kvm.create(KV_BUCKET)
+    const encoder = new TextEncoder()
+    await kv.put("sidebar", encoder.encode(JSON.stringify({ workspaceGroups: [] })))
+    const entry = await kv.get("sidebar")
+    expect(entry).not.toBeNull()
+    expect(entry!.json() as Record<string, unknown>).toEqual({ workspaceGroups: [] })
+  })
+  test("kv dedup: identical puts create new revisions", async () => {
+    server = await NatsServer.start({ jetstream: true })
+    nc = await connect({ servers: server.url })
+    const kvm = new Kvm(nc)
+    const kv = await kvm.create(KV_BUCKET)
+    const encoder = new TextEncoder()
+    const data = encoder.encode(JSON.stringify({ test: true }))
+    const rev1 = await kv.put("test-key", data)
+    const rev2 = await kv.put("test-key", data)
+    // NATS KV creates new revision even for identical values
+    // (server-side dedup in publisher prevents this)
+    expect(rev2).toBeGreaterThan(rev1)
+  })
+  test("snapshotKvKey maps topics correctly", () => {
+    expect(snapshotKvKey({ type: "sidebar" })).toBe("sidebar")
+    expect(snapshotKvKey({ type: "local-workspaces" })).toBe("local-workspaces")
+    expect(snapshotKvKey({ type: "chat", chatId: "abc" })).toBe("chat.abc")
+    expect(snapshotKvKey({ type: "terminal", terminalId: "t1" })).toBe("terminal.t1")
+  })
+})

package/src/server/nats-streams.ts ADDED Viewed

@@ -0,0 +1,129 @@
+import { jetstreamManager, RetentionPolicy, StorageType } from "@nats-io/jetstream"
+import { Kvm } from "@nats-io/kv"
+import type { NatsConnection } from "@nats-io/transport-node"
+import { ALL_TERMINAL_EVENTS, ALL_CHAT_MESSAGE_EVENTS, CHAT_MESSAGE_EVENTS_STREAM_NAME, ALL_WORKSPACE_COORDINATION_EVENTS, WORKSPACE_COORDINATION_EVENTS_STREAM_NAME, ALL_SANDBOX_EVENTS, SANDBOX_EVENTS_STREAM_NAME } from "../shared/nats-subjects"
+import { RUNNER_EVENTS_STREAM, ALL_RUNNER_EVENTS, RUNNER_REGISTRY_BUCKET } from "../shared/runner-protocol"
+import { LOG_PREFIX } from "../shared/branding"
+export const TERMINAL_EVENTS_STREAM = "KANNA_TERMINAL_EVENTS"
+export const CHAT_MESSAGE_EVENTS_STREAM = CHAT_MESSAGE_EVENTS_STREAM_NAME
+interface StreamConfig {
+  name: string
+  subjects: string[]
+  max_age_ns: number
+  max_msgs: number
+  max_bytes: number
+  storage?: StorageType
+}
+const FIVE_MINUTES_NS = 5 * 60 * 1_000_000_000
+const THIRTY_MINUTES_NS = 30 * 60 * 1_000_000_000
+async function ensureStream(nc: NatsConnection, config: StreamConfig): Promise<void> {
+  const jsm = await jetstreamManager(nc)
+  const streamConfig = {
+    name: config.name,
+    subjects: config.subjects,
+    retention: RetentionPolicy.Limits,
+    storage: config.storage ?? StorageType.Memory,
+    max_age: config.max_age_ns,
+    max_msgs: config.max_msgs,
+    max_bytes: config.max_bytes,
+  }
+  try {
+    await jsm.streams.info(config.name)
+    await jsm.streams.update(config.name, streamConfig)
+    console.warn(LOG_PREFIX, `JetStream stream ${config.name} updated`)
+  } catch {
+    // info() throws when stream doesn't exist — safe to create.
+    // Any other error will surface from add().
+    await jsm.streams.add(streamConfig)
+    console.warn(LOG_PREFIX, `JetStream stream ${config.name} created`)
+  }
+}
+/** Creates or updates the JetStream stream for terminal events (memory-backed, 5 min / 10K msg retention). */
+export function ensureTerminalEventsStream(nc: NatsConnection): Promise<void> {
+  return ensureStream(nc, {
+    name: TERMINAL_EVENTS_STREAM,
+    subjects: [ALL_TERMINAL_EVENTS],
+    max_age_ns: FIVE_MINUTES_NS,
+    max_msgs: 10_000,
+    max_bytes: 64 * 1024 * 1024,
+  })
+}
+/** Creates or updates the JetStream stream for chat message events (memory-backed, 30 min / 50K msg retention). */
+export function ensureChatMessageStream(nc: NatsConnection): Promise<void> {
+  return ensureStream(nc, {
+    name: CHAT_MESSAGE_EVENTS_STREAM,
+    subjects: [ALL_CHAT_MESSAGE_EVENTS],
+    max_age_ns: THIRTY_MINUTES_NS,
+    max_msgs: 50_000,
+    max_bytes: 128 * 1024 * 1024,
+  })
+}
+/** Creates or updates the JetStream stream for runner turn events (file-backed, 30 min / 50K msg retention). */
+export function ensureRunnerEventsStream(nc: NatsConnection): Promise<void> {
+  return ensureStream(nc, {
+    name: RUNNER_EVENTS_STREAM,
+    subjects: [ALL_RUNNER_EVENTS],
+    max_age_ns: THIRTY_MINUTES_NS,
+    max_msgs: 50_000,
+    max_bytes: 128 * 1024 * 1024,
+    storage: StorageType.File,
+  })
+}
+/** Creates or updates the JetStream stream for project coordination events (file-backed, 24h / 100K msg retention). */
+export function ensureWorkspaceCoordinationStream(nc: NatsConnection): Promise<void> {
+  return ensureStream(nc, {
+    name: WORKSPACE_COORDINATION_EVENTS_STREAM_NAME,
+    subjects: [ALL_WORKSPACE_COORDINATION_EVENTS],
+    max_age_ns: 24 * 60 * 60 * 1_000_000_000,
+    max_msgs: 100_000,
+    max_bytes: 256 * 1024 * 1024,
+    storage: StorageType.File,
+  })
+}
+/** Creates or updates the JetStream stream for sandbox events (memory-backed, 5 min / 5K msg retention). */
+export function ensureSandboxEventsStream(nc: NatsConnection): Promise<void> {
+  return ensureStream(nc, {
+    name: SANDBOX_EVENTS_STREAM_NAME,
+    subjects: [ALL_SANDBOX_EVENTS],
+    max_age_ns: FIVE_MINUTES_NS,
+    max_msgs: 5_000,
+    max_bytes: 10 * 1024 * 1024,
+  })
+}
+/**
+ * Ensure the runner registry KV bucket exists.
+ *
+ * Called by the server (server-admin connection) at startup so that spawned
+ * runners — whose NATS scope does not include STREAM.CREATE — can open the
+ * bucket immediately without needing to create it themselves.
+ *
+ * Stage D: narrow the runner's $JS.API.> pub allow to the specific subjects
+ * needed for kvm.open + kvStore.put once the exact set is empirically confirmed.
+ */
+export async function ensureRunnerRegistryBucket(nc: NatsConnection): Promise<void> {
+  const kvm = new Kvm(nc)
+  try {
+    // Create with idempotent semantics: if the bucket already exists the
+    // underlying STREAM.CREATE call is treated as an update by nats-server.
+    await kvm.create(RUNNER_REGISTRY_BUCKET, {
+      max_bytes: 1024 * 1024,
+    })
+    console.warn(LOG_PREFIX, `Runner registry KV bucket '${RUNNER_REGISTRY_BUCKET}' ready`)
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err)
+    console.warn(LOG_PREFIX, `Runner registry KV bucket ensure failed: ${message}`)
+    throw err
+  }
+}

package/src/server/oauth-pool/oauth-responders.ts ADDED Viewed

@@ -0,0 +1,185 @@
+/**
+ * OAuth pool NATS responders.
+ *
+ * Subjects (request/reply under `runtime.cmd.oauth.*`):
+ *   - oauth.list                         -> { ok, settings }
+ *   - oauth.add { label, token, maxConcurrent? }  -> { ok, entry }
+ *   - oauth.remove { id }                -> { ok, removed }
+ *   - oauth.update { id, label?, maxConcurrent? } -> { ok, entry }
+ *   - oauth.setConcurrencyDefault { value } -> { ok }
+ *
+ * Change broadcast: `runtime.evt.oauth.changed` carries snapshot after
+ * mutations so clients can refresh without re-requesting.
+ *
+ * Token values are returned with full secret material — UI only renders
+ * masked previews. Same posture as kanna; tinkaria runs on operator's own
+ * machine.
+ */
+import type { NatsConnection, Subscription } from "@nats-io/transport-node"
+import { compressPayload, decompressPayload } from "../../shared/compression"
+import {
+  ALL_OAUTH_COMMANDS,
+  oauthChangedSubject,
+} from "../../shared/nats-subjects"
+import type { ClaudeAuthSettings, OAuthTokenEntry } from "../../shared/types"
+import {
+  OAUTH_TOKEN_LABEL_MAX,
+  OAUTH_TOKEN_MAX_CONCURRENT_MAX,
+  OAUTH_TOKEN_MAX_CONCURRENT_MIN,
+  OAUTH_TOKEN_VALUE_MAX,
+} from "../../shared/types"
+import type { OAuthSettingsStore } from "./oauth-settings-store"
+const LOG_PREFIX = "[oauth-pool]"
+const encoder = new TextEncoder()
+const decoder = new TextDecoder()
+function encode(data: unknown): Uint8Array {
+  return compressPayload(encoder.encode(JSON.stringify(data)))
+}
+async function decode(data: Uint8Array): Promise<unknown> {
+  const raw = await decompressPayload(data)
+  return JSON.parse(decoder.decode(raw))
+}
+export interface OAuthResponderDeps {
+  nc: NatsConnection
+  store: OAuthSettingsStore
+}
+export interface OAuthResponderHandle {
+  dispose(): void
+}
+interface CommandResult {
+  ok: boolean
+  error?: string
+  settings?: ClaudeAuthSettings
+  entry?: OAuthTokenEntry
+  removed?: boolean
+}
+export function registerOAuthResponders(deps: OAuthResponderDeps): OAuthResponderHandle {
+  const { nc, store } = deps
+  const sub: Subscription = nc.subscribe(ALL_OAUTH_COMMANDS)
+  ;(async () => {
+    for await (const msg of sub) {
+      const subject = msg.subject
+      const type = subject.replace(/^runtime\.cmd\./, "")
+      let payload: Record<string, unknown> = {}
+      try {
+        payload = (await decode(msg.data)) as Record<string, unknown>
+      } catch {
+        msg.respond?.(encode({ ok: false, error: "invalid JSON payload" } satisfies CommandResult))
+        continue
+      }
+      try {
+        const result = await dispatch(type, payload, store)
+        if (result.ok && type !== "oauth.list") {
+          try {
+            nc.publish(oauthChangedSubject(), encode({ settings: store.getSnapshot() }))
+          } catch (err) {
+            console.warn(LOG_PREFIX, "changed publish failed:", err instanceof Error ? err.message : String(err))
+          }
+        }
+        msg.respond?.(encode(result))
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err)
+        console.warn(LOG_PREFIX, `responder error for ${type}: ${message}`)
+        msg.respond?.(encode({ ok: false, error: message } satisfies CommandResult))
+      }
+    }
+  })().catch((err) => {
+    console.warn(LOG_PREFIX, "responder loop terminated:", err instanceof Error ? err.message : String(err))
+  })
+  return {
+    dispose() {
+      sub.unsubscribe()
+    },
+  }
+}
+async function dispatch(
+  type: string,
+  payload: Record<string, unknown>,
+  store: OAuthSettingsStore,
+): Promise<CommandResult> {
+  switch (type) {
+    case "oauth.list":
+      return { ok: true, settings: store.getSnapshot() }
+    case "oauth.add": {
+      const label = requireString(payload, "label").trim()
+      const token = requireString(payload, "token")
+      if (label.length === 0 || label.length > OAUTH_TOKEN_LABEL_MAX) {
+        return { ok: false, error: `label must be 1..${OAUTH_TOKEN_LABEL_MAX} chars` }
+      }
+      if (token.length === 0 || token.length > OAUTH_TOKEN_VALUE_MAX) {
+        return { ok: false, error: `token must be 1..${OAUTH_TOKEN_VALUE_MAX} chars` }
+      }
+      const maxConcurrent = normalizeMaxConcurrent(payload.maxConcurrent)
+      if (maxConcurrent === "invalid") {
+        return { ok: false, error: `maxConcurrent must be in [${OAUTH_TOKEN_MAX_CONCURRENT_MIN}, ${OAUTH_TOKEN_MAX_CONCURRENT_MAX}]` }
+      }
+      const entry = await store.addToken({
+        label,
+        token,
+        ...(maxConcurrent !== undefined ? { maxConcurrent } : {}),
+      })
+      return { ok: true, entry }
+    }
+    case "oauth.remove": {
+      const id = requireString(payload, "id")
+      const removed = await store.removeToken(id)
+      return { ok: true, removed }
+    }
+    case "oauth.update": {
+      const id = requireString(payload, "id")
+      const patch: { label?: string; maxConcurrent?: number | null } = {}
+      if (typeof payload.label === "string") patch.label = payload.label
+      if (payload.maxConcurrent === null) patch.maxConcurrent = null
+      else if (typeof payload.maxConcurrent === "number") {
+        const v = normalizeMaxConcurrent(payload.maxConcurrent)
+        if (v === "invalid") return { ok: false, error: "maxConcurrent out of range" }
+        if (v !== undefined) patch.maxConcurrent = v
+      }
+      const entry = await store.updateToken(id, patch)
+      if (!entry) return { ok: false, error: `unknown token id: ${id}` }
+      return { ok: true, entry }
+    }
+    case "oauth.setConcurrencyDefault": {
+      const value = payload.value
+      if (typeof value !== "number" || value < OAUTH_TOKEN_MAX_CONCURRENT_MIN || value > OAUTH_TOKEN_MAX_CONCURRENT_MAX) {
+        return { ok: false, error: `value must be in [${OAUTH_TOKEN_MAX_CONCURRENT_MIN}, ${OAUTH_TOKEN_MAX_CONCURRENT_MAX}]` }
+      }
+      await store.setConcurrencyDefault(value)
+      return { ok: true }
+    }
+    default:
+      return { ok: false, error: `unknown oauth command: ${type}` }
+  }
+}
+function requireString(payload: Record<string, unknown>, field: string): string {
+  const value = payload[field]
+  if (typeof value !== "string") {
+    throw new Error(`missing required string field: ${field}`)
+  }
+  return value
+}
+function normalizeMaxConcurrent(raw: unknown): number | undefined | "invalid" {
+  if (raw === undefined || raw === null) return undefined
+  if (typeof raw !== "number" || !Number.isFinite(raw)) return "invalid"
+  const rounded = Math.round(raw)
+  if (rounded < OAUTH_TOKEN_MAX_CONCURRENT_MIN || rounded > OAUTH_TOKEN_MAX_CONCURRENT_MAX) return "invalid"
+  return rounded
+}

package/src/server/oauth-pool/oauth-settings-store.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { promises as fs } from "fs"
+import path from "path"
+import { homedir } from "os"
+import {
+  CLAUDE_AUTH_DEFAULTS,
+  type ClaudeAuthSettings,
+  type OAuthTokenEntry,
+  type OAuthTokenStatus,
+} from "../../shared/types"
+import type { TokenStatusPatch } from "./oauth-token-pool"
+const FILE_NAME = "oauth-tokens.json"
+function defaultDir(): string {
+  return path.join(homedir(), ".tinkaria")
+}
+function isValidStatus(value: unknown): value is OAuthTokenStatus {
+  return value === "active" || value === "limited" || value === "error" || value === "disabled"
+}
+function normalizeEntry(raw: unknown): OAuthTokenEntry | null {
+  if (!raw || typeof raw !== "object") return null
+  const r = raw as Record<string, unknown>
+  if (typeof r.id !== "string" || typeof r.label !== "string" || typeof r.token !== "string") return null
+  const status = isValidStatus(r.status) ? r.status : "active"
+  const out: OAuthTokenEntry = {
+    id: r.id,
+    label: r.label,
+    token: r.token,
+    status,
+    limitedUntil: typeof r.limitedUntil === "number" ? r.limitedUntil : null,
+    lastUsedAt: typeof r.lastUsedAt === "number" ? r.lastUsedAt : null,
+    lastErrorAt: typeof r.lastErrorAt === "number" ? r.lastErrorAt : null,
+    lastErrorMessage: typeof r.lastErrorMessage === "string" ? r.lastErrorMessage : null,
+    addedAt: typeof r.addedAt === "number" ? r.addedAt : Date.now(),
+  }
+  if (typeof r.maxConcurrent === "number" && Number.isFinite(r.maxConcurrent)) {
+    out.maxConcurrent = r.maxConcurrent
+  }
+  return out
+}
+function normalizeSettings(raw: unknown): ClaudeAuthSettings {
+  if (!raw || typeof raw !== "object") return { ...CLAUDE_AUTH_DEFAULTS, tokens: [] }
+  const r = raw as Record<string, unknown>
+  const tokensRaw = Array.isArray(r.tokens) ? r.tokens : []
+  const tokens = tokensRaw.map(normalizeEntry).filter((t): t is OAuthTokenEntry => t !== null)
+  const concurrencyDefault = typeof r.concurrencyDefault === "number" && Number.isFinite(r.concurrencyDefault)
+    ? r.concurrencyDefault
+    : CLAUDE_AUTH_DEFAULTS.concurrencyDefault
+  return { tokens, concurrencyDefault }
+}
+export class OAuthSettingsStore {
+  private readonly filePath: string
+  private cached: ClaudeAuthSettings = { ...CLAUDE_AUTH_DEFAULTS, tokens: [] }
+  private writeChain: Promise<void> = Promise.resolve()
+  private loaded = false
+  constructor(dataDir = defaultDir()) {
+    this.filePath = path.join(dataDir, FILE_NAME)
+  }
+  async load(): Promise<void> {
+    try {
+      const raw = await fs.readFile(this.filePath, "utf8")
+      const parsed = JSON.parse(raw)
+      this.cached = normalizeSettings(parsed)
+    } catch (err) {
+      const e = err as NodeJS.ErrnoException
+      if (e.code !== "ENOENT") {
+        console.warn("[oauth-pool] failed to load tokens:", e.message)
+      }
+      this.cached = { ...CLAUDE_AUTH_DEFAULTS, tokens: [] }
+    }
+    this.loaded = true
+  }
+  getSnapshot(): ClaudeAuthSettings {
+    return { tokens: [...this.cached.tokens], concurrencyDefault: this.cached.concurrencyDefault }
+  }
+  getTokens(): OAuthTokenEntry[] {
+    return [...this.cached.tokens]
+  }
+  getConcurrencyDefault(): number {
+    return this.cached.concurrencyDefault
+  }
+  async addToken(input: { label: string; token: string; maxConcurrent?: number }): Promise<OAuthTokenEntry> {
+    if (!this.loaded) await this.load()
+    const entry: OAuthTokenEntry = {
+      id: cryptoRandomId(),
+      label: input.label.trim(),
+      token: input.token,
+      status: "active",
+      limitedUntil: null,
+      lastUsedAt: null,
+      lastErrorAt: null,
+      lastErrorMessage: null,
+      addedAt: Date.now(),
+    }
+    if (typeof input.maxConcurrent === "number") entry.maxConcurrent = input.maxConcurrent
+    this.cached = { ...this.cached, tokens: [...this.cached.tokens, entry] }
+    await this.persist()
+    return entry
+  }
+  async removeToken(id: string): Promise<boolean> {
+    if (!this.loaded) await this.load()
+    const next = this.cached.tokens.filter((t) => t.id !== id)
+    if (next.length === this.cached.tokens.length) return false
+    this.cached = { ...this.cached, tokens: next }
+    await this.persist()
+    return true
+  }
+  async updateToken(id: string, patch: { label?: string; maxConcurrent?: number | null }): Promise<OAuthTokenEntry | null> {
+    if (!this.loaded) await this.load()
+    let updated: OAuthTokenEntry | null = null
+    const next = this.cached.tokens.map((t) => {
+      if (t.id !== id) return t
+      const merged: OAuthTokenEntry = { ...t }
+      if (typeof patch.label === "string") merged.label = patch.label.trim()
+      if (patch.maxConcurrent === null) delete merged.maxConcurrent
+      else if (typeof patch.maxConcurrent === "number") merged.maxConcurrent = patch.maxConcurrent
+      updated = merged
+      return merged
+    })
+    if (!updated) return null
+    this.cached = { ...this.cached, tokens: next }
+    await this.persist()
+    return updated
+  }
+  async setConcurrencyDefault(value: number): Promise<void> {
+    if (!this.loaded) await this.load()
+    this.cached = { ...this.cached, concurrencyDefault: value }
+    await this.persist()
+  }
+  /** Used by OAuthTokenPool writeStatus callback. Persists asynchronously. */
+  mutateTokenStatus(id: string, patch: TokenStatusPatch): void {
+    const next = this.cached.tokens.map((t) => {
+      if (t.id !== id) return t
+      return { ...t, ...patch }
+    })
+    this.cached = { ...this.cached, tokens: next }
+    this.writeChain = this.writeChain.then(() => this.writeFile()).catch((err) => {
+      console.warn("[oauth-pool] status write failed:", err instanceof Error ? err.message : String(err))
+    })
+  }
+  private async persist(): Promise<void> {
+    this.writeChain = this.writeChain.then(() => this.writeFile())
+    await this.writeChain
+  }
+  private async writeFile(): Promise<void> {
+    await fs.mkdir(path.dirname(this.filePath), { recursive: true })
+    const tmp = `${this.filePath}.tmp`
+    await fs.writeFile(tmp, JSON.stringify(this.cached, null, 2), "utf8")
+    await fs.rename(tmp, this.filePath)
+  }
+}
+function cryptoRandomId(): string {
+  const arr = new Uint8Array(16)
+  crypto.getRandomValues(arr)
+  return Array.from(arr, (b) => b.toString(16).padStart(2, "0")).join("")
+}