archal 0.9.19 → 0.9.20

package/dist/commands/autoloop-pr-verification.cjs

@@ -0,0 +1,4227 @@
+const import_meta_url = require('url').pathToFileURL(__filename).href;
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/commands/autoloop-pr-verification.ts
+var autoloop_pr_verification_exports = {};
+__export(autoloop_pr_verification_exports, {
+  verifyFixResult: () => verifyFixResult,
+  verifyOpenFixPrPoll: () => verifyOpenFixPrPoll
+});
+module.exports = __toCommonJS(autoloop_pr_verification_exports);
+
+// ../packages/contracts/src/autoloop/layer-0.ts
+var AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_TYPES = [
+  "grade_summary",
+  "seed_summary",
+  "reproduction_summary",
+  "replay_plan",
+  "regression_pack",
+  "assertion_result",
+  "fix_summary"
+];
+var AUTOLOOP_INTERNAL_ONLY_ARTIFACT_TYPES = [
+  "source_snapshot",
+  "grade_payload",
+  "codex_prompt",
+  "codex_transcript",
+  "command_log",
+  "sandbox_bundle",
+  "rag_replay_package"
+];
+var AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_REDACTION_STATUSES = [
+  "redacted",
+  "not_required"
+];
+var AUTOLOOP_REDACTED_STATUS = "redacted";
+var AUTOLOOP_CUSTOMER_VISIBLE_VISIBILITY = "customer_visible";
+var AUTOLOOP_INTERNAL_VISIBILITY = "internal";
+var AUTOLOOP_CUSTOMER_VISIBLE_EVENT_TYPES = [
+  "grade.completed",
+  "seed.completed",
+  "reproduction.completed",
+  "fix.completed",
+  "autoloop_run.finalized"
+];
+var AGENT_STREAM_DELTA_EVENT_TYPE = "agent_stream.delta";
+var AGENT_STREAM_TRUNCATED_EVENT_TYPE = "agent_stream.truncated";
+var AGENT_STREAM_COMPLETED_EVENT_TYPE = "agent_stream.completed";
+var AUTOLOOP_EVENT_SEVERITIES = ["debug", "info", "warn", "error"];
+var AUTOLOOP_PHASES = ["queued", "grade", "seed", "reproduce", "fix_pr", "done"];
+var AUTOLOOP_ACTIVE_PHASES = ["grade", "seed", "reproduce", "fix_pr"];
+var AUTOLOOP_PHASE_HEALTH_STATUSES = [
+  "running",
+  "completed",
+  "stream_reconnect_recovered",
+  "stalled_no_artifact",
+  "timeout",
+  "failed"
+];
+var AUTOLOOP_TERMINAL_STATUSES = [
+  "running",
+  "succeeded",
+  "failed",
+  "blocked",
+  "cancelled"
+];
+var AUTOLOOP_CODEX_SESSION_EVENT_STATUSES = [
+  "queued",
+  "running",
+  "succeeded",
+  "failed",
+  "blocked"
+];
+var SOURCE_SNAPSHOT_EVENT_ACTIONS = ["created", "updated"];
+var AUTOLOOP_FIX_RESULT_STATUSES = [
+  "pr_open",
+  "checks_passing",
+  "blocked",
+  "failed"
+];
+var AUTOLOOP_CUSTOMER_SAFE_CONTROL_PLANE_MESSAGES = [
+  "databaseUrl is only supported for postgres and supabase trace sources",
+  "connectionSecretRef must be a secret reference, not a plaintext credential",
+  "connectionSecretRef must be an env: or AWS Secrets Manager reference",
+  "connectionSecretRef must be at most 500 characters",
+  "displayName must be a non-empty exact string",
+  "displayName cannot contain credential-shaped values",
+  "displayName must be at most 160 characters",
+  "repositoryFullName must be owner/repo",
+  "repositoryFullName must be at most 300 characters",
+  "sourceId must be a UUID",
+  "trace source filters and metadata cannot contain credential-shaped fields or values",
+  "trace source filters and metadata cannot contain prototype-polluting keys"
+];
+var MAX_AUTOLOOP_CONTINUATION_ARTIFACT_BYTES = 1024 * 1024;
+function manifestFieldIsExplicitlyFalse(record, camelKey) {
+  const snakeKey = camelKey.replace(/[A-Z]/g, (c) => `_${c.toLowerCase()}`);
+  return record[camelKey] === false || record[snakeKey] === false;
+}
+var LOCAL_AUTOLOOP_LEDGER_QUEUED_LEASE_MS = 10 * 60 * 1e3;
+var MAX_AGENT_STREAM_EVENT_METADATA_BYTES = 16 * 1024;
+
+// ../packages/contracts/src/autoloop/layer-1.ts
+var AUTOLOOP_ARTIFACT_TYPES = [
+  ...AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_TYPES,
+  ...AUTOLOOP_INTERNAL_ONLY_ARTIFACT_TYPES
+];
+var AUTOLOOP_REDACTION_STATUSES = [
+  "unreviewed",
+  AUTOLOOP_REDACTED_STATUS,
+  "not_required",
+  "blocked"
+];
+var AUTOLOOP_VISIBILITIES = [
+  AUTOLOOP_CUSTOMER_VISIBLE_VISIBILITY,
+  AUTOLOOP_INTERNAL_VISIBILITY
+];
+var AGENT_STREAM_EVENT_TYPES = [
+  AGENT_STREAM_DELTA_EVENT_TYPE,
+  AGENT_STREAM_TRUNCATED_EVENT_TYPE,
+  AGENT_STREAM_COMPLETED_EVENT_TYPE
+];
+var AUTOLOOP_CODEX_SESSION_STATUSES = [
+  "queued",
+  ...AUTOLOOP_TERMINAL_STATUSES
+];
+var AUTOLOOP_FIX_RUN_STATUSES = [
+  "not_started",
+  "running",
+  ...AUTOLOOP_FIX_RESULT_STATUSES
+];
+
+// ../packages/contracts/src/autoloop/layer-2.ts
+var AUTOLOOP_INTERNAL_ONLY_EVENT_TYPES = [
+  "worker.failed",
+  "codex_session.recorded",
+  "source_snapshot.created",
+  "source_snapshot.updated",
+  "autoloop_run.claimed",
+  "autoloop_run.retry_scheduled",
+  ...AGENT_STREAM_EVENT_TYPES
+];
+function autoloopRunCapabilitiesFromPostFixPayload(payload) {
+  return {
+    requiresCloneEvidence: !manifestFieldIsExplicitlyFalse(
+      payload,
+      "postFixReproduceCloneEvidenceExpected"
+    )
+  };
+}
+
+// ../packages/contracts/src/autoloop/layer-3.ts
+var AUTOLOOP_EVENT_TYPES = [
+  ...AUTOLOOP_CUSTOMER_VISIBLE_EVENT_TYPES,
+  ...AUTOLOOP_INTERNAL_ONLY_EVENT_TYPES
+];
+
+// ../packages/contracts/src/autoloop.ts
+var AUTOLOOP_CUSTOMER_SAFE_CONTROL_PLANE_MESSAGE_SET = new Set(AUTOLOOP_CUSTOMER_SAFE_CONTROL_PLANE_MESSAGES);
+var AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_TYPE_SET = new Set(
+  AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_TYPES
+);
+var AUTOLOOP_INTERNAL_ONLY_ARTIFACT_TYPE_SET = new Set(
+  AUTOLOOP_INTERNAL_ONLY_ARTIFACT_TYPES
+);
+var AUTOLOOP_ARTIFACT_TYPE_SET = new Set(AUTOLOOP_ARTIFACT_TYPES);
+var AUTOLOOP_PHASE_HEALTH_STATUS_SET = new Set(AUTOLOOP_PHASE_HEALTH_STATUSES);
+var AUTOLOOP_CODEX_SESSION_STATUS_SET = new Set(AUTOLOOP_CODEX_SESSION_STATUSES);
+var AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_REDACTION_STATUS_SET = new Set(
+  AUTOLOOP_CUSTOMER_VISIBLE_ARTIFACT_REDACTION_STATUSES
+);
+var AUTOLOOP_CUSTOMER_VISIBLE_EVENT_TYPE_SET = new Set(
+  AUTOLOOP_CUSTOMER_VISIBLE_EVENT_TYPES
+);
+var AUTOLOOP_INTERNAL_ONLY_EVENT_TYPE_SET = new Set(
+  AUTOLOOP_INTERNAL_ONLY_EVENT_TYPES
+);
+var AUTOLOOP_PHASE_SET = new Set(AUTOLOOP_PHASES);
+var AUTOLOOP_ACTIVE_PHASE_SET = new Set(AUTOLOOP_ACTIVE_PHASES);
+var AUTOLOOP_CODEX_SESSION_EVENT_STATUS_SET = new Set(
+  AUTOLOOP_CODEX_SESSION_EVENT_STATUSES
+);
+var AUTOLOOP_EVENT_TYPE_SET = new Set(AUTOLOOP_EVENT_TYPES);
+var AUTOLOOP_EVENT_SEVERITY_SET = new Set(AUTOLOOP_EVENT_SEVERITIES);
+var AUTOLOOP_VISIBILITY_SET = new Set(AUTOLOOP_VISIBILITIES);
+var AUTOLOOP_REDACTION_STATUS_SET = new Set(AUTOLOOP_REDACTION_STATUSES);
+var AUTOLOOP_TERMINAL_STATUS_SET = new Set(AUTOLOOP_TERMINAL_STATUSES);
+var SOURCE_SNAPSHOT_EVENT_ACTION_SET = new Set(SOURCE_SNAPSHOT_EVENT_ACTIONS);
+var AUTOLOOP_EXECUTION_POLICY_PHASE_COUNT = {
+  observe: 0,
+  grade: 1,
+  seed: 2,
+  reproduce: 3,
+  fix: AUTOLOOP_ACTIVE_PHASES.length
+};
+function assessAutoloopStoredFixPrEvidence(payload, input = {}) {
+  const localValidationStatus = autoloopFixPrEvidenceStringFromRecord(
+    payload,
+    "localValidationStatus",
+    "local_validation_status"
+  );
+  const fixQuality = payloadFixQuality(payload);
+  const postFixReproduction = autoloopPostFixReproductionEvidenceFromPayload(payload, input);
+  const prBodyQuality = payloadPrBodyQuality(payload);
+  const verifiedFixEvidence = {
+    localValidationStatus,
+    fixQuality,
+    postFixReproduction,
+    prBodyQuality
+  };
+  if (!postFixReproduction.passed) {
+    return {
+      passed: false,
+      reason: postFixReproduction.reason,
+      localValidationStatus,
+      fixQuality,
+      postFixReproduction,
+      prBodyQuality,
+      verifiedFixEvidence: null
+    };
+  }
+  if (fixQuality.status !== "passed") {
+    return {
+      passed: false,
+      reason: fixQuality.reason,
+      localValidationStatus,
+      fixQuality,
+      postFixReproduction,
+      prBodyQuality,
+      verifiedFixEvidence: null
+    };
+  }
+  if (prBodyQuality.status !== "passed") {
+    return {
+      passed: false,
+      reason: prBodyQuality.reason,
+      localValidationStatus,
+      fixQuality,
+      postFixReproduction,
+      prBodyQuality,
+      verifiedFixEvidence: null
+    };
+  }
+  return {
+    passed: true,
+    reason: "fix_pr_quality_passed",
+    localValidationStatus,
+    fixQuality,
+    postFixReproduction,
+    prBodyQuality,
+    verifiedFixEvidence
+  };
+}
+function autoloopPostFixReproductionEvidenceFromPayload(payload, input = {}) {
+  if (!isAutoloopFixPrEvidenceRecord(payload)) {
+    return failedAutoloopPostFixReproduction("postfix_reproduction_not_verified");
+  }
+  const status = autoloopFixPrEvidenceString(
+    payload["postFixReproduceStatus"] ?? payload["post_fix_reproduce_status"]
+  );
+  const reverified = autoloopFixPrEvidenceBoolean(
+    payload["reproductionReverified"] ?? payload["reproduction_reverified"]
+  );
+  const hasCloneEvidence = autoloopFixPrEvidenceBoolean(
+    payload["postFixReproduceHasCloneEvidence"] ?? payload["post_fix_reproduce_has_clone_evidence"]
+  ) === true;
+  const hasCriteriaEvidence = autoloopFixPrEvidenceBoolean(
+    payload["postFixReproduceHasCriteriaEvidence"] ?? payload["post_fix_reproduce_has_criteria_evidence"]
+  );
+  const identityMatchesPreFix = autoloopFixPrEvidenceBoolean(
+    payload["postFixReproduceIdentityMatchesPreFix"] ?? payload["post_fix_reproduce_identity_matches_pre_fix"] ?? payload["postFixReproduceReplayIdentityMatchesPreFix"] ?? payload["post_fix_reproduce_replay_identity_matches_pre_fix"]
+  );
+  const commitSha = autoloopFixPrEvidenceSha(
+    autoloopFixPrEvidenceString(
+      payload["postFixReproduceCommitSha"] ?? payload["post_fix_reproduce_commit_sha"]
+    )
+  );
+  const requiresCloneEvidence = autoloopRunCapabilitiesFromPostFixPayload(payload).requiresCloneEvidence;
+  const cloneEvidenceField = requiresCloneEvidence ? {} : { cloneEvidenceExpected: false };
+  if (status === "not_reproduced" && reverified === true && (!requiresCloneEvidence || hasCloneEvidence === true) && hasCriteriaEvidence === true && identityMatchesPreFix === true) {
+    if (!commitSha) {
+      return failedAutoloopPostFixReproduction("postfix_reproduction_commit_missing", {
+        status,
+        hasCloneEvidence,
+        hasCriteriaEvidence,
+        identityMatchesPreFix,
+        reproductionReverified: true,
+        ...cloneEvidenceField
+      });
+    }
+    if (input.expectedCommitSha && commitSha.toLowerCase() !== input.expectedCommitSha.toLowerCase()) {
+      return failedAutoloopPostFixReproduction("postfix_reproduction_commit_mismatch", {
+        status,
+        commitSha,
+        hasCloneEvidence,
+        hasCriteriaEvidence,
+        identityMatchesPreFix,
+        reproductionReverified: true,
+        ...cloneEvidenceField
+      });
+    }
+    return {
+      passed: true,
+      reason: "postfix_reproduction_passed",
+      status,
+      commitSha,
+      hasCloneEvidence,
+      hasCriteriaEvidence,
+      identityMatchesPreFix,
+      reproductionReverified: true,
+      ...cloneEvidenceField
+    };
+  }
+  if (status === "reproduced" || status === "flaky") {
+    return failedAutoloopPostFixReproduction("postfix_reproduction_still_failing", {
+      status,
+      commitSha
+    });
+  }
+  if (status === "not_reproduced" && requiresCloneEvidence && hasCloneEvidence !== true) {
+    return failedAutoloopPostFixReproduction("postfix_reproduction_clone_evidence_missing", {
+      status,
+      commitSha
+    });
+  }
+  if (status === "not_reproduced" && hasCriteriaEvidence !== true) {
+    return failedAutoloopPostFixReproduction("postfix_reproduction_criteria_evidence_missing", {
+      status,
+      commitSha,
+      hasCloneEvidence: true
+    });
+  }
+  if (status === "not_reproduced" && identityMatchesPreFix !== true) {
+    return failedAutoloopPostFixReproduction("postfix_reproduction_trace_mismatch", {
+      status,
+      commitSha,
+      hasCloneEvidence: true,
+      hasCriteriaEvidence: true,
+      identityMatchesPreFix: false,
+      reproductionReverified: reverified === true
+    });
+  }
+  if (status === "not_reproduced") {
+    return failedAutoloopPostFixReproduction(
+      autoloopFixPrEvidenceString(
+        payload["postFixReproduceReason"] ?? payload["post_fix_reproduce_reason"]
+      ) ?? "postfix_reproduction_not_verified",
+      {
+        status,
+        commitSha,
+        hasCloneEvidence: true,
+        hasCriteriaEvidence: true,
+        identityMatchesPreFix: true,
+        reproductionReverified: false
+      }
+    );
+  }
+  if (status !== null) {
+    return failedAutoloopPostFixReproduction(
+      autoloopFixPrEvidenceString(
+        payload["postFixReproduceReason"] ?? payload["post_fix_reproduce_reason"]
+      ) ?? "postfix_reproduction_not_verified",
+      { status, commitSha }
+    );
+  }
+  const nested = nestedAutoloopPostFixReproductionEvidence(
+    payload,
+    identityMatchesPreFix,
+    commitSha,
+    input
+  );
+  if (nested) return nested;
+  return failedAutoloopPostFixReproduction(
+    autoloopFixPrEvidenceString(
+      payload["postFixReproduceReason"] ?? payload["post_fix_reproduce_reason"]
+    ) ?? "postfix_reproduction_not_verified",
+    { status, commitSha }
+  );
+}
+function nestedAutoloopPostFixReproductionEvidence(payload, topLevelIdentityMatchesPreFix, commitSha, input) {
+  const reproduction = payload["postFixReproduction"] ?? payload["post_fix_reproduction"];
+  if (!isAutoloopFixPrEvidenceRecord(reproduction)) return null;
+  const attempts = reproduction["attempts"];
+  const commands = Array.isArray(reproduction["commands"]) ? reproduction["commands"] : [];
+  const hasEvidence = typeof attempts === "number" && attempts >= 1 && commands.length > 0;
+  const status = autoloopFixPrEvidenceString(reproduction["status"]);
+  const hasCloneEvidence = autoloopFixPrEvidenceBoolean(reproduction["hasCloneEvidence"]) === true;
+  const hasCriteriaEvidence = autoloopFixPrEvidenceBoolean(reproduction["hasCriteriaEvidence"]) === true;
+  const identityMatchesPreFix = autoloopFixPrEvidenceBoolean(
+    reproduction["replayIdentityMatchesPreFix"] ?? reproduction["identityMatchesPreFix"]
+  ) ?? topLevelIdentityMatchesPreFix ?? false;
+  const passedLegacyStatus = status === "passed" || status === "not_reproduced" && hasCloneEvidence && hasCriteriaEvidence;
+  if (passedLegacyStatus && hasEvidence) {
+    const legacyHasCloneEvidence = status === "passed" ? true : hasCloneEvidence;
+    const legacyHasCriteriaEvidence = status === "passed" ? true : hasCriteriaEvidence;
+    if (!identityMatchesPreFix) {
+      return failedAutoloopPostFixReproduction("postfix_reproduction_trace_mismatch", {
+        status,
+        commitSha,
+        hasCloneEvidence: legacyHasCloneEvidence,
+        hasCriteriaEvidence: legacyHasCriteriaEvidence,
+        identityMatchesPreFix: false,
+        reproductionReverified: true
+      });
+    }
+    if (!commitSha && input.expectedCommitSha) {
+      return failedAutoloopPostFixReproduction("postfix_reproduction_commit_missing", {
+        status,
+        hasCloneEvidence: legacyHasCloneEvidence,
+        hasCriteriaEvidence: legacyHasCriteriaEvidence,
+        identityMatchesPreFix,
+        reproductionReverified: true
+      });
+    }
+    if (input.expectedCommitSha && commitSha?.toLowerCase() !== input.expectedCommitSha.toLowerCase()) {
+      return failedAutoloopPostFixReproduction("postfix_reproduction_commit_mismatch", {
+        status,
+        commitSha,
+        hasCloneEvidence: legacyHasCloneEvidence,
+        hasCriteriaEvidence: legacyHasCriteriaEvidence,
+        identityMatchesPreFix,
+        reproductionReverified: true
+      });
+    }
+    return {
+      passed: true,
+      reason: "postfix_reproduction_passed",
+      status,
+      commitSha,
+      hasCloneEvidence: legacyHasCloneEvidence,
+      hasCriteriaEvidence: legacyHasCriteriaEvidence,
+      identityMatchesPreFix,
+      reproductionReverified: true
+    };
+  }
+  const reason = autoloopFixPrEvidenceString(reproduction["reason"]);
+  return reason ? failedAutoloopPostFixReproduction(reason, { status, commitSha }) : null;
+}
+function failedAutoloopPostFixReproduction(reason, evidence = {}) {
+  return {
+    passed: false,
+    reason,
+    status: evidence.status ?? null,
+    commitSha: evidence.commitSha ?? null,
+    hasCloneEvidence: evidence.hasCloneEvidence ?? false,
+    hasCriteriaEvidence: evidence.hasCriteriaEvidence ?? false,
+    identityMatchesPreFix: evidence.identityMatchesPreFix ?? false,
+    reproductionReverified: evidence.reproductionReverified ?? false
+  };
+}
+function payloadFixQuality(payload) {
+  if (!isAutoloopFixPrEvidenceRecord(payload)) {
+    return failedFixQuality("fix_quality_evidence_missing");
+  }
+  const quality = payload["fixQuality"] ?? payload["fix_quality"];
+  if (!isAutoloopFixPrEvidenceRecord(quality)) {
+    return failedFixQuality("fix_quality_evidence_missing");
+  }
+  const changedFiles = autoloopFixPrEvidenceStringArray(
+    quality["changedFiles"] ?? quality["changed_files"]
+  );
+  const sourceFiles = autoloopFixPrEvidenceStringArray(
+    quality["sourceFiles"] ?? quality["source_files"]
+  );
+  const implementationFiles = autoloopFixPrEvidenceStringArray(
+    quality["implementationFiles"] ?? quality["implementation_files"]
+  );
+  const regressionEvidence = autoloopFixPrEvidenceStringArray(
+    quality["regressionEvidence"] ?? quality["regression_evidence"]
+  );
+  const runtimeEntrypointFiles = autoloopFixPrEvidenceStringArray(
+    quality["runtimeEntrypointFiles"] ?? quality["runtime_entrypoint_files"]
+  );
+  const prDetailsPresent = autoloopFixPrEvidenceBoolean(quality["prDetailsPresent"] ?? quality["pr_details_present"]) ?? true;
+  if (quality["status"] !== "passed") {
+    return {
+      status: "failed",
+      reason: autoloopFixPrEvidenceString(quality["reason"]) ?? "fix_quality_evidence_failed",
+      changedFiles,
+      sourceFiles,
+      implementationFiles,
+      regressionEvidence,
+      runtimeEntrypointFiles,
+      prDetailsPresent
+    };
+  }
+  if (changedFiles.length === 0) return failedFixQuality("fix_quality_changed_files_missing");
+  if (sourceFiles.length === 0) {
+    return failedFixQuality("fix_quality_cosmetic_only_patch", { changedFiles });
+  }
+  if (implementationFiles.length === 0) {
+    return failedFixQuality("fix_quality_meaningful_diff_missing", { changedFiles, sourceFiles });
+  }
+  if (isDisallowedAutoloopEvalHarnessOnlyPatch(implementationFiles, runtimeEntrypointFiles)) {
+    return failedFixQuality("fix_quality_eval_harness_only_patch", {
+      changedFiles,
+      sourceFiles,
+      implementationFiles,
+      runtimeEntrypointFiles
+    });
+  }
+  if (regressionEvidence.length === 0) {
+    return failedFixQuality("fix_quality_regression_evidence_missing", {
+      changedFiles,
+      sourceFiles,
+      implementationFiles,
+      runtimeEntrypointFiles
+    });
+  }
+  if (!prDetailsPresent) {
+    return failedFixQuality("fix_quality_pr_details_missing", {
+      changedFiles,
+      sourceFiles,
+      implementationFiles,
+      regressionEvidence,
+      runtimeEntrypointFiles,
+      prDetailsPresent
+    });
+  }
+  return {
+    status: "passed",
+    reason: "fix_quality_passed",
+    changedFiles,
+    sourceFiles,
+    implementationFiles,
+    regressionEvidence,
+    runtimeEntrypointFiles,
+    prDetailsPresent
+  };
+}
+function payloadPrBodyQuality(payload) {
+  if (!isAutoloopFixPrEvidenceRecord(payload)) return failedPrBody("pr_body_evidence_missing");
+  const quality = payload["prBodyQuality"] ?? payload["pr_body_quality"];
+  if (!isAutoloopFixPrEvidenceRecord(quality)) return failedPrBody("pr_body_evidence_missing");
+  const status = quality["status"];
+  const reason = autoloopFixPrEvidenceString(quality["reason"]) ?? (status === "passed" ? "pr_body_passed" : "pr_body_evidence_failed");
+  const textLength = autoloopFixPrEvidenceNumber(quality["textLength"] ?? quality["text_length"]);
+  const wordCount = autoloopFixPrEvidenceNumber(quality["wordCount"] ?? quality["word_count"]);
+  if (status !== "passed") return failedPrBody(reason, textLength, wordCount);
+  if (textLength <= 0 || wordCount < 20) {
+    return failedPrBody("pr_body_not_human_readable", textLength, wordCount);
+  }
+  return { status: "passed", reason: "pr_body_passed", textLength, wordCount };
+}
+function failedFixQuality(reason, evidence = {}) {
+  return {
+    status: "failed",
+    reason,
+    changedFiles: evidence.changedFiles ?? [],
+    sourceFiles: evidence.sourceFiles ?? [],
+    implementationFiles: evidence.implementationFiles ?? [],
+    regressionEvidence: evidence.regressionEvidence ?? [],
+    runtimeEntrypointFiles: evidence.runtimeEntrypointFiles ?? [],
+    prDetailsPresent: evidence.prDetailsPresent ?? false
+  };
+}
+function failedPrBody(reason, textLength = 0, wordCount = 0) {
+  return { status: "failed", reason, textLength, wordCount };
+}
+function autoloopFixPrEvidenceStringFromRecord(payload, camelCaseKey, snakeCaseKey) {
+  if (!isAutoloopFixPrEvidenceRecord(payload)) return null;
+  return autoloopFixPrEvidenceString(payload[camelCaseKey] ?? payload[snakeCaseKey]);
+}
+function autoloopFixPrEvidenceStringArray(value) {
+  if (!Array.isArray(value)) return [];
+  return value.filter((entry) => typeof entry === "string" && entry.length > 0);
+}
+function isAutoloopAttachEvalHarnessFile(file) {
+  return /(^|\/)archal(\/|$)/i.test(file) || /(^|\/)(evals?|evaluations?|harness)(\/|$)/i.test(file) || /(^|\/)run-[^/]*eval\.[cm]?[jt]s$/i.test(file) || /(^|\/)scripts\/.*(?:archal|eval|harness).*$/i.test(file);
+}
+function isDisallowedAutoloopEvalHarnessOnlyPatch(implementationFiles, runtimeEntrypointFiles) {
+  if (!implementationFiles.every(isAutoloopAttachEvalHarnessFile)) return false;
+  const runtimeEntrypoints = new Set(runtimeEntrypointFiles.map(normalizeAutoloopFixPrEvidencePath));
+  return !implementationFiles.some(
+    (file) => runtimeEntrypoints.has(normalizeAutoloopFixPrEvidencePath(file))
+  );
+}
+function normalizeAutoloopFixPrEvidencePath(file) {
+  return file.replace(/\\/g, "/").replace(/^\.\//, "").trim();
+}
+function autoloopFixPrEvidenceString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function autoloopFixPrEvidenceBoolean(value) {
+  return typeof value === "boolean" ? value : null;
+}
+function autoloopFixPrEvidenceNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : 0;
+}
+function autoloopFixPrEvidenceSha(value) {
+  if (!value) return null;
+  return /^[a-f0-9]{6,40}$/i.test(value) ? value : null;
+}
+function isAutoloopFixPrEvidenceRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+
+// ../packages/node-auth/src/constants.ts
+var CREDENTIALS_FILE = "credentials.json";
+var CREDENTIALS_KEY_FILE = "credentials.key";
+var AUTH_TOKEN_ENV_VAR = "ARCHAL_TOKEN";
+var TOKEN_ENCRYPTION_PREFIX = "enc-v1";
+var CREDENTIALS_MASTER_KEY_ENV_VAR = "ARCHAL_CREDENTIALS_MASTER_KEY";
+var KEYCHAIN_SERVICE = "archal-cli";
+var KEYCHAIN_ACCOUNT = "credentials-master-key";
+var ENV_TOKEN_FALLBACK_TTL_SECONDS = 24 * 60 * 60;
+
+// ../packages/node-auth/src/types.ts
+function isPlan(value) {
+  return value === "free" || value === "pro" || value === "enterprise";
+}
+
+// ../packages/node-auth/src/errors.ts
+var ExpiredEnvTokenError = class extends Error {
+  constructor(envVar = AUTH_TOKEN_ENV_VAR) {
+    super(`${envVar} is expired. Remove it or replace it with a valid token.`);
+    this.name = "ExpiredEnvTokenError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+
+// ../packages/node-auth/src/credential-store.ts
+var import_node_child_process = require("child_process");
+var import_node_crypto = require("crypto");
+var import_node_fs = require("fs");
+var import_node_os = require("os");
+var import_node_path2 = require("path");
+
+// ../packages/clone-catalog/src/generated-catalog.ts
+var GENERATED_CLONE_CATALOG = [
+  {
+    id: "apify",
+    icon: "AP",
+    name: "Apify",
+    description: "Actors, runs, datasets, key-value stores, and request queues.",
+    stage: "preview",
+    toolCount: 59,
+    transport: "rest",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "Apify upstream error and pagination envelopes",
+      "dataset, key-value store, and request-queue stateful projections",
+      "fixture-backed fallback semantics for uncovered REST paths"
+    ],
+    behaviorOwner: "src/upstream.ts",
+    opsCoverage: null
+  },
+  {
+    id: "calcom",
+    icon: "CC",
+    name: "Cal.com",
+    description: "Event types, schedules, availability slots, bookings, calendars, and webhooks.",
+    stage: "preview",
+    toolCount: 18,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "schedule and event-type availability projection",
+      "booking create, cancel, and reschedule lifecycle",
+      "host-wide busy interval and slot computation",
+      "webhook summary/detail lifecycle projection"
+    ],
+    behaviorOwner: "src/state/relationships.ts",
+    opsCoverage: null
+  },
+  {
+    id: "clickup",
+    icon: "CU",
+    name: "ClickUp",
+    description: "Teams, spaces, folders, lists, tasks, comments, tags, time tracking, and checklists.",
+    stage: "preview",
+    toolCount: 40,
+    transport: "both",
+    architectureClass: "standard-core",
+    domainPrimitives: [],
+    behaviorOwner: null,
+    opsCoverage: null
+  },
+  {
+    id: "customerio",
+    icon: "CI",
+    name: "Customer.io",
+    description: "Messaging automation across campaigns, broadcasts, transactional email, segments, customers, and message delivery.",
+    stage: "preview",
+    toolCount: 22,
+    transport: "rest",
+    architectureClass: "standard-core",
+    domainPrimitives: [],
+    behaviorOwner: null,
+    opsCoverage: null
+  },
+  {
+    id: "datadog",
+    icon: "DD",
+    name: "Datadog",
+    description: "Observability REST API \u2014 metrics, logs, monitors, dashboards, SLOs, incidents, teams, users, and service definitions.",
+    stage: "preview",
+    toolCount: 63,
+    transport: "rest",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "time-series query windows",
+      "log query filtering",
+      "monitor evaluation and alert state"
+    ],
+    behaviorOwner: "src/domain/simulator.ts",
+    opsCoverage: null
+  },
+  {
+    id: "discord",
+    icon: "DC",
+    name: "Discord",
+    description: "Guilds, channels, messages, webhooks, threads, commands, and interaction responses.",
+    stage: "preview",
+    toolCount: 67,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "channel membership",
+      "message timeline ordering",
+      "thread and event delivery semantics"
+    ],
+    behaviorOwner: "src/domain/discord-simulator.ts",
+    opsCoverage: 14
+  },
+  {
+    id: "github",
+    icon: "GH",
+    name: "GitHub",
+    description: "Repos, issues, pull requests, branches, and commits.",
+    stage: "public",
+    toolCount: 26,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "repository branch, commit, tree, and diff projection",
+      "issue and pull-request lifecycle projection",
+      "review, comment, and status/check aggregation",
+      "permission-scoped reads and webhook event delivery"
+    ],
+    behaviorOwner: "src/state/transition-rules.ts",
+    opsCoverage: 96
+  },
+  {
+    id: "gitlab",
+    icon: "GL",
+    name: "GitLab",
+    description: "Projects, branches, commits, issues, merge requests, pipelines, labels, milestones, releases, and webhooks.",
+    stage: "preview",
+    toolCount: 46,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "issue and merge-request state transitions",
+      "note/comment ordering and count projection",
+      "repository branch, commit, merge, and diff projection",
+      "GitLab webhook subscription, payload, and header emission"
+    ],
+    behaviorOwner: "src/state/webhook-delivery-config.ts",
+    opsCoverage: null
+  },
+  {
+    id: "google-workspace",
+    icon: "GW",
+    name: "Google Workspace",
+    description: "Gmail, Calendar, Drive, Sheets, and Contacts.",
+    stage: "preview",
+    toolCount: 249,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "Gmail thread/history engine",
+      "Drive changes and permissions",
+      "Calendar recurrence and watch sync"
+    ],
+    behaviorOwner: "src/domain/google-workspace-simulator.ts",
+    opsCoverage: 64
+  },
+  {
+    id: "hubspot",
+    icon: "HS",
+    name: "HubSpot",
+    description: "CRM contacts, companies, deals, tickets, and engagements.",
+    stage: "preview",
+    toolCount: 41,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "CRM object state and associations",
+      "Pipeline and property schema state",
+      "Recording-backed REST/MCP aliases awaiting stateful lift"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 99
+  },
+  {
+    id: "jira",
+    icon: "JR",
+    name: "Jira",
+    description: "Issues, projects, boards, sprints, and versions.",
+    stage: "preview",
+    toolCount: 49,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "issue workflow transitions and mutation history",
+      "JQL/search and issue field projection",
+      "sprint, board, version, and SLA time-based transitions",
+      "permission-scoped reads and Jira webhook event delivery"
+    ],
+    behaviorOwner: "src/state/transition-rules.ts",
+    opsCoverage: 80
+  },
+  {
+    id: "linear",
+    icon: "LN",
+    name: "Linear",
+    description: "Issues, projects, teams, cycles, and workflows.",
+    stage: "public",
+    toolCount: 50,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "GraphQL operation dispatch",
+      "issue workflow transitions",
+      "comment and history projection",
+      "cycle and project progress projection"
+    ],
+    behaviorOwner: "src/rest/graphql-dispatch.ts",
+    opsCoverage: 98
+  },
+  {
+    id: "ownerrez",
+    icon: "OR",
+    name: "OwnerRez",
+    description: "Vacation-rental PMS \u2014 properties, bookings, guests, quotes, financial reads, tags, fields, and webhook subscriptions.",
+    stage: "preview",
+    toolCount: 25,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "recording replay cursor",
+      "tag and guest stateful overlays",
+      "booking/payment read projections"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 100
+  },
+  {
+    id: "pricelabs",
+    icon: "PL",
+    name: "PriceLabs",
+    description: "Dynamic pricing \u2014 listings, overrides, neighborhood data, rate plans, and reservations.",
+    stage: "preview",
+    toolCount: 11,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "recording replay cursor",
+      "listing settings overlay",
+      "pricing and reservation projections"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 100
+  },
+  {
+    id: "ramp",
+    icon: "RP",
+    name: "Ramp",
+    description: "Cards, funds, expenses, reimbursements, bills, and travel.",
+    stage: "preview",
+    toolCount: 46,
+    transport: "mcp",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "checked-in Ramp CLI fixture corpus",
+      "CLI-native command routing",
+      "seeded approval and comment overlays"
+    ],
+    behaviorOwner: null,
+    opsCoverage: null
+  },
+  {
+    id: "sentry",
+    icon: "SN",
+    name: "Sentry",
+    description: "Error monitoring across organizations, projects, teams, issues, events, releases, and DSN keys.",
+    stage: "preview",
+    toolCount: 25,
+    transport: "rest",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "event grouping",
+      "issue state transitions",
+      "release and time-window projections"
+    ],
+    behaviorOwner: "src/domain/sentry-simulator.ts",
+    opsCoverage: null
+  },
+  {
+    id: "slack",
+    icon: "SL",
+    name: "Slack",
+    description: "Channels, messages, threads, users, and reactions.",
+    stage: "public",
+    toolCount: 9,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "channel membership and visibility",
+      "message/thread ordering",
+      "event delivery semantics"
+    ],
+    behaviorOwner: "src/domain/slack-simulator.ts",
+    opsCoverage: 100
+  },
+  {
+    id: "stripe",
+    icon: "ST",
+    name: "Stripe",
+    description: "Customers, payments, subscriptions, invoices, and refunds.",
+    stage: "preview",
+    toolCount: 28,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "payment object lifecycle",
+      "balance and ledger projection",
+      "webhook/idempotency semantics"
+    ],
+    behaviorOwner: "src/domain/stripe-simulator.ts",
+    opsCoverage: null
+  },
+  {
+    id: "supabase",
+    icon: "SB",
+    name: "Supabase",
+    description: "SQL, migrations, logs, branches, and project metadata.",
+    stage: "public",
+    toolCount: 29,
+    transport: "both",
+    architectureClass: "domain-simulator",
+    domainPrimitives: [
+      "Postgres schema and SQL execution",
+      "RLS and API projections",
+      "realtime row changes"
+    ],
+    behaviorOwner: "src/pg-engine.ts",
+    opsCoverage: 100
+  },
+  {
+    id: "tavily",
+    icon: "TV",
+    name: "Tavily",
+    description: "Search, extract, crawl, map, research, usage, and API key operations.",
+    stage: "preview",
+    toolCount: 11,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "recording-backed REST/tool response replay",
+      "deterministic search/extract response helpers",
+      "research request state overlay"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 100
+  },
+  {
+    id: "unipile",
+    icon: "UP",
+    name: "Unipile",
+    description: "LinkedIn and email messaging, accounts, and chats.",
+    stage: "preview",
+    toolCount: 31,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "authenticated account and chat reads",
+      "single WhatsApp send mutation",
+      "future account, chat, and webhook simulator"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 100
+  },
+  {
+    id: "webflow",
+    icon: "WF",
+    name: "Webflow",
+    description: "Sites, pages, CMS collections, items, assets, forms, and webhooks.",
+    stage: "preview",
+    toolCount: 19,
+    transport: "rest",
+    architectureClass: "replay-shell",
+    domainPrimitives: [
+      "recording replay cursor",
+      "CMS collection/item overlays",
+      "publish lifecycle captures"
+    ],
+    behaviorOwner: null,
+    opsCoverage: 100
+  }
+];
+var GENERATED_STARTABLE_CLONE_IDS = [
+  "apify",
+  "calcom",
+  "clickup",
+  "customerio",
+  "datadog",
+  "discord",
+  "github",
+  "gitlab",
+  "google-workspace",
+  "hubspot",
+  "jira",
+  "linear",
+  "ownerrez",
+  "pricelabs",
+  "ramp",
+  "sentry",
+  "slack",
+  "stripe",
+  "supabase",
+  "tavily",
+  "unipile",
+  "webflow"
+];
+
+// ../clones/core/src/clone-architecture-values.mjs
+var CLONE_ARCHITECTURE_CLASSES = [
+  "standard-core",
+  "domain-simulator",
+  "replay-shell",
+  "redesign-before-expansion"
+];
+var CLONE_ARCHITECTURE_PREVIEW_CLASSES = [
+  "replay-shell",
+  "redesign-before-expansion"
+];
+var CLONE_ARCHITECTURE_CLASS_SET = new Set(CLONE_ARCHITECTURE_CLASSES);
+var CLONE_ARCHITECTURE_PREVIEW_CLASS_SET = new Set(CLONE_ARCHITECTURE_PREVIEW_CLASSES);
+
+// ../clones/core/src/clone-architecture-field-policy.mjs
+var FIELD_POLICY = {
+  behaviorOwner: {
+    required: /* @__PURE__ */ new Set(["domain-simulator"]),
+    allowed: /* @__PURE__ */ new Set(["domain-simulator"])
+  },
+  domainPrimitives: {
+    required: /* @__PURE__ */ new Set(["domain-simulator", "replay-shell", "redesign-before-expansion"]),
+    allowed: /* @__PURE__ */ new Set(["domain-simulator", "replay-shell", "redesign-before-expansion"])
+  },
+  promotionEvidence: {
+    required: /* @__PURE__ */ new Set(["replay-shell"]),
+    allowed: /* @__PURE__ */ new Set(["replay-shell"])
+  },
+  redesignContract: {
+    required: /* @__PURE__ */ new Set(["redesign-before-expansion"]),
+    allowed: /* @__PURE__ */ new Set(["redesign-before-expansion"])
+  }
+};
+var CLONE_ARCHITECTURE_POLICY_FIELDS = Object.freeze(Object.keys(FIELD_POLICY));
+var CLONE_ARCHITECTURE_MANIFEST_FIELDS = Object.freeze([
+  "class",
+  "summary",
+  ...CLONE_ARCHITECTURE_POLICY_FIELDS
+]);
+var CLONE_ARCHITECTURE_MANIFEST_FIELD_SET = new Set(CLONE_ARCHITECTURE_MANIFEST_FIELDS);
+
+// ../clones/core/src/clone-runtime-source-files.mjs
+var import_node_path = require("path");
+var CLONE_RUNTIME_SOURCE_EXTENSIONS = Object.freeze([
+  ".cjs",
+  ".cts",
+  ".js",
+  ".jsx",
+  ".mjs",
+  ".mts",
+  ".ts",
+  ".tsx"
+]);
+var RUNTIME_SOURCE_EXTENSIONS = new Set(CLONE_RUNTIME_SOURCE_EXTENSIONS);
+
+// ../clones/core/src/clone-launch-metadata-values.mjs
+var CLONE_STAGES = ["wip", "internal", "preview", "public", "retired"];
+var CLONE_TRANSPORTS = ["mcp", "rest", "both"];
+var CLONE_SMOKE_PROFILES = ["none", "health-and-seed", "clone-surface"];
+var STARTABLE_CLONE_STAGES = ["public", "preview"];
+var CATALOG_VISIBLE_CLONE_STAGES = ["public", "preview"];
+var CLONE_STAGE_SET = new Set(CLONE_STAGES);
+var CLONE_TRANSPORT_SET = new Set(CLONE_TRANSPORTS);
+var CLONE_SMOKE_PROFILE_SET = new Set(CLONE_SMOKE_PROFILES);
+var STARTABLE_CLONE_STAGE_SET = new Set(STARTABLE_CLONE_STAGES);
+var CATALOG_VISIBLE_CLONE_STAGE_SET = new Set(CATALOG_VISIBLE_CLONE_STAGES);
+
+// ../packages/clone-catalog/src/index.ts
+var CLONE_CATALOG = GENERATED_CLONE_CATALOG;
+var ALL_CLONE_IDS = CLONE_CATALOG.map((entry) => entry.id);
+var ALL_STARTABLE_CLONE_IDS = [...GENERATED_STARTABLE_CLONE_IDS];
+var CLONE_ID_SET = new Set(ALL_CLONE_IDS);
+var STARTABLE_CLONE_ID_SET = new Set(ALL_STARTABLE_CLONE_IDS);
+var STARTABLE_CLONE_CATALOG = CLONE_CATALOG.filter(
+  (entry) => STARTABLE_CLONE_ID_SET.has(entry.id)
+);
+
+// ../packages/billing-constants/src/credit-catalog.ts
+var CREDIT_COGS_MARKUP = 3;
+var CREDIT_TARGET_GROSS_MARGIN_PERCENT = Math.round(
+  (1 - 1 / CREDIT_COGS_MARKUP) * 100
+);
+
+// ../packages/billing-constants/src/index.ts
+var PLAN_MONTHLY_TWIN_MINUTE_LIMITS = {
+  free: 500,
+  pro: 5e3,
+  enterprise: null
+};
+var PLAN_CONCURRENT_SESSION_LIMITS = {
+  free: 3,
+  pro: 10,
+  enterprise: 50
+};
+var FREE_WORKSPACE_MEMBER_LIMIT = 2;
+var PRO_PLAN_PRICE_USD = 199;
+function formatMinutesLabel(minutes) {
+  return minutes.toLocaleString("en-US");
+}
+var FREE_MINUTES = PLAN_MONTHLY_TWIN_MINUTE_LIMITS.free;
+var PRO_MINUTES = PLAN_MONTHLY_TWIN_MINUTE_LIMITS.pro;
+if (FREE_MINUTES == null || PRO_MINUTES == null) {
+  throw new Error("PLAN_MONTHLY_TWIN_MINUTE_LIMITS: free and pro must be non-null");
+}
+var PRO_EVALS_PER_SEAT = 500;
+var PRO_SESSION_MINUTES_PER_SEAT = 5e3;
+var PRO_MAX_SEATS = 5;
+var FREE_EVALS_PER_MONTH = 100;
+var PLAN_DISPLAY = {
+  free: {
+    tag: "Free",
+    priceLabel: "$0",
+    periodLabel: "",
+    included: [
+      `${formatMinutesLabel(FREE_MINUTES)} session-minutes / account`,
+      `${FREE_EVALS_PER_MONTH} evals / account`,
+      `1 workspace (${FREE_WORKSPACE_MEMBER_LIMIT} users max)`,
+      `${PLAN_CONCURRENT_SESSION_LIMITS.free} concurrent sessions / workspace`,
+      "All clones included"
+    ]
+  },
+  pro: {
+    tag: "Pro",
+    priceLabel: `$${PRO_PLAN_PRICE_USD}`,
+    periodLabel: "/mo per seat",
+    included: [
+      `${formatMinutesLabel(PRO_SESSION_MINUTES_PER_SEAT)} session-minutes / seat / month`,
+      `${PRO_EVALS_PER_SEAT} evals / seat / month`,
+      "All clones included",
+      `${PLAN_CONCURRENT_SESSION_LIMITS.pro} concurrent sessions / workspace`,
+      `1 workspace, up to ${PRO_MAX_SEATS} seats with pooled usage`
+    ]
+  },
+  enterprise: {
+    tag: "Enterprise",
+    priceLabel: "Contact us",
+    periodLabel: "",
+    included: [
+      "Unlimited session-minutes",
+      "Unlimited seats per workspace",
+      "Unlimited workspaces",
+      `${PLAN_CONCURRENT_SESSION_LIMITS.enterprise} concurrent sessions / workspace`,
+      "SSO / SAML",
+      "SOC 2 (in progress)",
+      "Custom clones & eval support",
+      "Dedicated onboarding & support"
+    ]
+  }
+};
+var PLAN_MAX_SESSION_TTL_SECONDS = {
+  free: 30 * 60,
+  // 30 minutes
+  pro: 60 * 60,
+  // 60 minutes
+  enterprise: 90 * 60
+  // 90 minutes
+};
+var MAX_ABSOLUTE_SESSION_LIFETIME_SECONDS = 4 * 60 * 60;
+var LIFETIME_PERIOD_RESETS_AT = new Date(Date.UTC(9999, 11, 31));
+var ALL_ENTITLED_CLONES = ALL_STARTABLE_CLONE_IDS;
+var SCENARIO_USAGE_WINDOW_DAYS = 7;
+var SCENARIO_USAGE_WINDOW_MS = SCENARIO_USAGE_WINDOW_DAYS * 24 * 60 * 60 * 1e3;
+var SCENARIO_USAGE_WINDOW_SECONDS = SCENARIO_USAGE_WINDOW_DAYS * 24 * 60 * 60;
+var LLM_PRICING_USD_PER_M_TOKENS = {
+  // Google Gemini (verified 2026-05-05, standard tier <=200K input tokens)
+  "gemini-2.5-pro": { input: 1.25, output: 10 },
+  "gemini-2.5-flash": { input: 0.3, output: 2.5 },
+  // OpenAI flagship text models (verified 2026-05-21, standard short-context tier)
+  "gpt-5.5": { input: 5, output: 30 },
+  "gpt-5.5-pro": { input: 30, output: 180 },
+  "gpt-5.4": { input: 2.5, output: 15 },
+  "gpt-5.4-mini": { input: 0.75, output: 4.5 },
+  "gpt-5.4-nano": { input: 0.2, output: 1.25 },
+  "gpt-5.4-pro": { input: 30, output: 180 },
+  "gpt-4o-mini": { input: 0.15, output: 0.6 },
+  "gpt-4o": { input: 2.5, output: 10 },
+  "gpt-4.1-mini": { input: 0.4, output: 1.6 },
+  "gpt-4.1-nano": { input: 0.1, output: 0.4 },
+  "gpt-4.1": { input: 2, output: 8 },
+  // DeepSeek (verified 2026-05-05; legacy names map to v4-flash per vendor)
+  "deepseek-chat": { input: 0.14, output: 0.28 },
+  "deepseek-reasoner": { input: 0.14, output: 0.28 },
+  "deepseek-v4-flash": { input: 0.14, output: 0.28 }
+};
+var LLM_PRICING_FAMILY_RATES = [
+  { match: /^gemini-2\.5-pro/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gemini-2.5-pro"] },
+  { match: /^gemini-2\.5-flash/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gemini-2.5-flash"] },
+  { match: /^gpt-5\.5-pro/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.5-pro"] },
+  { match: /^gpt-5\.5/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.5"] },
+  { match: /^gpt-5\.4-pro/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.4-pro"] },
+  { match: /^gpt-5\.4-mini/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.4-mini"] },
+  { match: /^gpt-5\.4-nano/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.4-nano"] },
+  { match: /^gpt-5\.4/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-5.4"] },
+  { match: /^gpt-4o-mini/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-4o-mini"] },
+  { match: /^gpt-4o(?!-mini)/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-4o"] },
+  { match: /^gpt-4\.1-mini/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-4.1-mini"] },
+  { match: /^gpt-4\.1-nano/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-4.1-nano"] },
+  { match: /^gpt-4\.1(?!-mini|-nano)/i, rate: LLM_PRICING_USD_PER_M_TOKENS["gpt-4.1"] },
+  // Anthropic Claude 4.x list prices (verified 2026): Opus $5/$25, Sonnet
+  // $3/$15, Haiku 4.5 $1/$5 per 1M tokens (input/output).
+  { match: /^claude-opus-/i, rate: { input: 5, output: 25 } },
+  { match: /^claude-haiku-/i, rate: { input: 1, output: 5 } },
+  { match: /^claude-sonnet-/i, rate: { input: 3, output: 15 } },
+  { match: /^opus-/i, rate: { input: 5, output: 25 } },
+  { match: /^haiku-/i, rate: { input: 1, output: 5 } },
+  { match: /^sonnet-/i, rate: { input: 3, output: 15 } },
+  { match: /^deepseek-chat/i, rate: LLM_PRICING_USD_PER_M_TOKENS["deepseek-chat"] },
+  { match: /^deepseek-reasoner/i, rate: LLM_PRICING_USD_PER_M_TOKENS["deepseek-reasoner"] },
+  { match: /^deepseek-v4-flash/i, rate: LLM_PRICING_USD_PER_M_TOKENS["deepseek-v4-flash"] }
+];
+
+// ../packages/node-auth/src/clone-entitlements.ts
+var ENTITLED_CLONE_SET = new Set(ALL_ENTITLED_CLONES);
+function normalizeEntitledCloneIds(cloneIds) {
+  if (!cloneIds) {
+    return [];
+  }
+  const normalized = /* @__PURE__ */ new Set();
+  for (const cloneId of cloneIds) {
+    if (typeof cloneId !== "string") {
+      continue;
+    }
+    const trimmed = cloneId.trim();
+    if (ENTITLED_CLONE_SET.has(trimmed)) {
+      normalized.add(trimmed);
+    }
+  }
+  return [...normalized];
+}
+
+// ../packages/node-auth/src/credential-store.ts
+var KEYCHAIN_COMMAND_TIMEOUT_MS = 1500;
+var ARCHAL_DIR_NAME = ".archal";
+var TEST_SANDBOX_ID_ENV_VAR = "ARCHAL_TEST_SANDBOX_ID";
+var VITEST_CONFIG_ENV_VAR = "ARCHAL_VITEST_CONFIG";
+function debug(message) {
+  if (process.env["ARCHAL_DEBUG"] !== "1") {
+    return;
+  }
+  process.stderr.write(`[archal-node-auth] ${message}
+`);
+}
+function getWarn(options) {
+  return options?.warn ?? console.warn;
+}
+function isExpired(expiresAt) {
+  return expiresAt <= Math.floor(Date.now() / 1e3);
+}
+function isRunningUnderTests() {
+  return process.env["VITEST"] === "true" || process.env["VITEST_WORKER_ID"] !== void 0 || process.env["JEST_WORKER_ID"] !== void 0 || process.env["NODE_TEST_CONTEXT"] !== void 0;
+}
+function getRealArchalDir() {
+  return (0, import_node_path2.join)((0, import_node_os.homedir)(), ARCHAL_DIR_NAME);
+}
+function normalizeSandboxId(raw) {
+  const trimmed = raw.trim();
+  if (/^[A-Za-z0-9][A-Za-z0-9._-]{0,63}$/.test(trimmed)) {
+    return trimmed;
+  }
+  return (0, import_node_crypto.createHash)("sha256").update(trimmed).digest("hex").slice(0, 16);
+}
+function getTestSandboxDir() {
+  const sharedSandboxId = process.env[VITEST_CONFIG_ENV_VAR]?.trim() || process.env[TEST_SANDBOX_ID_ENV_VAR]?.trim();
+  if (sharedSandboxId) {
+    return (0, import_node_path2.join)((0, import_node_os.tmpdir)(), `archal-test-sandbox-${normalizeSandboxId(sharedSandboxId)}`);
+  }
+  const workerId = process.env["VITEST_WORKER_ID"] ?? process.env["JEST_WORKER_ID"] ?? String(process.pid);
+  return (0, import_node_path2.join)((0, import_node_os.tmpdir)(), `archal-test-sandbox-${workerId}-${process.pid}`);
+}
+function getArchalDir() {
+  const explicit = process.env["ARCHAL_HOME"];
+  if (explicit) {
+    return explicit;
+  }
+  if (isRunningUnderTests()) {
+    return getTestSandboxDir();
+  }
+  return getRealArchalDir();
+}
+function getCredentialsPath() {
+  return (0, import_node_path2.join)(getArchalDir(), CREDENTIALS_FILE);
+}
+function ensureDir(dir) {
+  if (!(0, import_node_fs.existsSync)(dir)) {
+    (0, import_node_fs.mkdirSync)(dir, { recursive: true });
+    debug(`Created archal directory at ${dir}`);
+  }
+  return dir;
+}
+function getCredentialsKeyPathForDir(dir) {
+  return (0, import_node_path2.join)(dir, CREDENTIALS_KEY_FILE);
+}
+function readCredentialsKeyFromEnv() {
+  const raw = process.env[CREDENTIALS_MASTER_KEY_ENV_VAR]?.trim();
+  if (!raw) {
+    return null;
+  }
+  if (/^[a-fA-F0-9]{64}$/.test(raw)) {
+    return Buffer.from(raw, "hex");
+  }
+  try {
+    const decoded = Buffer.from(raw, "base64");
+    if (decoded.length === 32) {
+      return decoded;
+    }
+  } catch (err) {
+    debug(`Base64 master key decode failed: ${errorMessage(err)}`);
+  }
+  return (0, import_node_crypto.createHash)("sha256").update(raw, "utf8").digest();
+}
+function readCredentialsKeyFromMacKeychain() {
+  if (process.platform !== "darwin") return null;
+  try {
+    const result = (0, import_node_child_process.spawnSync)(
+      "security",
+      ["find-generic-password", "-s", KEYCHAIN_SERVICE, "-a", KEYCHAIN_ACCOUNT, "-w"],
+      { encoding: "utf-8", timeout: KEYCHAIN_COMMAND_TIMEOUT_MS }
+    );
+    if (!result || result.error || result.status !== 0 || typeof result.stdout !== "string" || result.stdout.length === 0) {
+      if (result?.error) {
+        debug(`Keychain lookup failed: ${result.error.message}`);
+      }
+      return null;
+    }
+    const raw = result.stdout.trim();
+    if (!/^[a-fA-F0-9]{64}$/.test(raw)) {
+      return null;
+    }
+    return Buffer.from(raw, "hex");
+  } catch (err) {
+    debug(`Keychain lookup threw: ${errorMessage(err)}`);
+    return null;
+  }
+}
+function readCredentialsKeyFromFile(dir = getArchalDir()) {
+  const keyPath = getCredentialsKeyPathForDir(dir);
+  if (!(0, import_node_fs.existsSync)(keyPath)) {
+    return null;
+  }
+  try {
+    const raw = (0, import_node_fs.readFileSync)(keyPath, "utf-8").trim();
+    const key = Buffer.from(raw, "hex");
+    if (key.length === 32) {
+      return key;
+    }
+  } catch (err) {
+    debug(`Failed to read credentials key file: ${errorMessage(err)}`);
+  }
+  return null;
+}
+function collectCredentialKeysForDecrypt(dir = getArchalDir()) {
+  const keys = [];
+  for (const candidate of [
+    readCredentialsKeyFromEnv(),
+    readCredentialsKeyFromMacKeychain(),
+    readCredentialsKeyFromFile(dir)
+  ]) {
+    if (!candidate) continue;
+    if (!keys.some((entry) => entry.equals(candidate))) {
+      keys.push(candidate);
+    }
+  }
+  return keys;
+}
+function writeCredentialsKeyToMacKeychain(key) {
+  if (process.platform !== "darwin") return false;
+  try {
+    const result = (0, import_node_child_process.spawnSync)(
+      "security",
+      [
+        "add-generic-password",
+        "-U",
+        "-s",
+        KEYCHAIN_SERVICE,
+        "-a",
+        KEYCHAIN_ACCOUNT,
+        "-w",
+        key.toString("hex")
+      ],
+      { encoding: "utf-8", timeout: KEYCHAIN_COMMAND_TIMEOUT_MS }
+    );
+    if (result?.error) {
+      debug(`Keychain write failed: ${result.error.message}`);
+    }
+    return !!result && !result.error && result.status === 0;
+  } catch (err) {
+    debug(`Keychain write threw: ${errorMessage(err)}`);
+    return false;
+  }
+}
+function getOrCreateCredentialsKey(dir = getArchalDir()) {
+  const envKey = readCredentialsKeyFromEnv();
+  if (envKey) {
+    return envKey;
+  }
+  const keychainKey = readCredentialsKeyFromMacKeychain();
+  if (keychainKey) {
+    return keychainKey;
+  }
+  const fileKey = readCredentialsKeyFromFile(dir);
+  if (fileKey) {
+    if (writeCredentialsKeyToMacKeychain(fileKey)) {
+      try {
+        (0, import_node_fs.unlinkSync)(getCredentialsKeyPathForDir(dir));
+      } catch {
+      }
+    }
+    return fileKey;
+  }
+  const generated = (0, import_node_crypto.randomBytes)(32);
+  if (!writeCredentialsKeyToMacKeychain(generated)) {
+    ensureDir(dir);
+    (0, import_node_fs.writeFileSync)(getCredentialsKeyPathForDir(dir), `${generated.toString("hex")}
+`, {
+      encoding: "utf-8",
+      mode: 384
+    });
+  }
+  return generated;
+}
+function encryptToken(token, dir = getArchalDir()) {
+  const key = getOrCreateCredentialsKey(dir);
+  const iv = (0, import_node_crypto.randomBytes)(12);
+  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-gcm", key, iv);
+  const encrypted = Buffer.concat([cipher.update(token, "utf-8"), cipher.final()]);
+  return `${TOKEN_ENCRYPTION_PREFIX}:${iv.toString("hex")}:${cipher.getAuthTag().toString("hex")}:${encrypted.toString("hex")}`;
+}
+function decryptToken(ciphertext, dir = getArchalDir()) {
+  const parts = ciphertext.split(":");
+  if (parts.length !== 4 || parts[0] !== TOKEN_ENCRYPTION_PREFIX) {
+    return null;
+  }
+  const [, ivHex, tagHex, dataHex] = parts;
+  if (!ivHex || !tagHex || !dataHex) {
+    return null;
+  }
+  const iv = Buffer.from(ivHex, "hex");
+  const tag = Buffer.from(tagHex, "hex");
+  const data = Buffer.from(dataHex, "hex");
+  const keys = collectCredentialKeysForDecrypt(dir);
+  for (const key of keys) {
+    try {
+      const decipher = (0, import_node_crypto.createDecipheriv)("aes-256-gcm", key, iv);
+      decipher.setAuthTag(tag);
+      return Buffer.concat([decipher.update(data), decipher.final()]).toString("utf-8");
+    } catch {
+    }
+  }
+  debug("Token decryption failed with all available credential keys.");
+  return null;
+}
+function decodeJwtPayload(token) {
+  try {
+    const payloadPart = token.split(".")[1];
+    if (!payloadPart) return null;
+    const normalized = payloadPart.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
+    return JSON.parse(Buffer.from(padded, "base64").toString("utf-8"));
+  } catch (err) {
+    debug(`JWT payload decode failed (expected for non-JWT tokens): ${errorMessage(err)}`);
+    return null;
+  }
+}
+function hasValidSelectedClones(value) {
+  return value === void 0 || Array.isArray(value) && value.every((twin) => typeof twin === "string");
+}
+function resolveStoredToken(parsed, dir = getArchalDir()) {
+  if (typeof parsed.token === "string") {
+    const token = parsed.token.trim();
+    return { token: token.length > 0 ? token : null, source: "legacy" };
+  }
+  if (typeof parsed.accessToken === "string") {
+    const token = parsed.accessToken.trim();
+    return { token: token.length > 0 ? token : null, source: "legacy" };
+  }
+  if (typeof parsed.tokenEncrypted === "string") {
+    const token = decryptToken(parsed.tokenEncrypted, dir)?.trim() || null;
+    return { token: token?.length ? token : null, source: "encrypted" };
+  }
+  return { token: null, source: "legacy" };
+}
+function resolveStoredRefreshToken(parsed, dir = getArchalDir()) {
+  if (typeof parsed.refreshTokenEncrypted === "string") {
+    const refreshToken = decryptToken(parsed.refreshTokenEncrypted, dir)?.trim() || null;
+    if (refreshToken !== null) {
+      return { refreshToken, source: "encrypted" };
+    }
+    if (typeof parsed.refreshToken === "string") {
+      return { refreshToken: parsed.refreshToken.trim(), source: "legacy" };
+    }
+    return { refreshToken: null, source: "encrypted" };
+  }
+  if (typeof parsed.refreshToken === "string") {
+    return { refreshToken: parsed.refreshToken.trim(), source: "legacy" };
+  }
+  return { refreshToken: "", source: "none" };
+}
+function buildStoredCredentials(parsed, path, warn2, options) {
+  const dir = (0, import_node_path2.dirname)(path);
+  const { token, source: tokenSource } = resolveStoredToken(parsed, dir);
+  const { refreshToken, source: refreshTokenSource } = resolveStoredRefreshToken(parsed, dir);
+  if (token === null || refreshToken === null || parsed.refreshToken !== void 0 && typeof parsed.refreshToken !== "string" || parsed.refreshTokenEncrypted !== void 0 && typeof parsed.refreshTokenEncrypted !== "string" || !hasValidSelectedClones(parsed.selectedCloneIds)) {
+    warn2(
+      `Credentials file at ${path} has missing or invalid fields. Run \`archal login\` to re-authenticate.`
+    );
+    return null;
+  }
+  const { email, plan, expiresAt } = parsed;
+  if (typeof email !== "string" || !isPlan(plan) || typeof expiresAt !== "number") {
+    warn2(
+      `Credentials file at ${path} has missing or invalid fields. Run \`archal login\` to re-authenticate.`
+    );
+    return null;
+  }
+  const creds = {
+    token,
+    refreshToken,
+    email,
+    plan,
+    selectedCloneIds: normalizeEntitledCloneIds(parsed.selectedCloneIds),
+    expiresAt
+  };
+  if (options?.migrateLegacyCredentials && (tokenSource === "legacy" || refreshTokenSource === "legacy")) {
+    try {
+      writeCredentialsAtPath(path, creds);
+    } catch (err) {
+      debug(`Credential migration failed: ${errorMessage(err)}`);
+    }
+  }
+  return creds;
+}
+function readCredentialsFileAtPath(path, options) {
+  if (!(0, import_node_fs.existsSync)(path)) {
+    return null;
+  }
+  try {
+    const warn2 = getWarn(options);
+    const parsed = JSON.parse((0, import_node_fs.readFileSync)(path, "utf-8"));
+    return buildStoredCredentials(parsed, path, warn2, options);
+  } catch {
+    const warn2 = getWarn(options);
+    warn2(
+      `Credentials file at ${path} exists but could not be parsed. Delete it and run \`archal login\` to re-authenticate.`
+    );
+    return null;
+  }
+}
+function readCredentialsFile(options) {
+  return readCredentialsFileAtPath(getCredentialsPath(), options);
+}
+function isWorkspaceApiKey(token) {
+  return token.startsWith("archal_ws_") || token.startsWith("archal_") && !token.includes(".");
+}
+function readCredentialsFromEnv(options) {
+  const raw = process.env[AUTH_TOKEN_ENV_VAR];
+  if (typeof raw !== "string") {
+    return null;
+  }
+  const token = raw.trim();
+  if (token.length === 0) {
+    return null;
+  }
+  if (isWorkspaceApiKey(token)) {
+    debug("ARCHAL_TOKEN is a workspace API key -- skipping JWT validation.");
+    return {
+      token,
+      refreshToken: "",
+      email: "(workspace-api-key)",
+      // Local-only default; the server enforces the workspace's real plan.
+      // Use 'pro' rather than 'enterprise' so the CLI never grants elevated
+      // local entitlements that the workspace hasn't actually purchased.
+      plan: "pro",
+      selectedCloneIds: [],
+      // Workspace keys have no local expiry -- the server enforces lifetime.
+      // Use a far-future sentinel so the CLI never rejects the token locally.
+      expiresAt: Math.floor(Date.now() / 1e3) + 365 * 24 * 60 * 60
+    };
+  }
+  const claims = decodeJwtPayload(token);
+  const nowSeconds = Math.floor(Date.now() / 1e3);
+  if (claims === null) {
+    getWarn(options)(
+      "ARCHAL_TOKEN must be a JWT or a workspace API key (archal_ws_...). Ignoring environment token.\nFor CI, set ARCHAL_TOKEN to a workspace API key created via `archal workspace api-key create`."
+    );
+    return null;
+  }
+  const email = typeof claims["email"] === "string" ? claims["email"] : "(from ARCHAL_TOKEN)";
+  if (!isPlan(claims["plan"])) {
+    getWarn(options)("ARCHAL_TOKEN JWT does not contain a valid plan claim. Ignoring environment token.");
+    return null;
+  }
+  const plan = claims["plan"];
+  if (typeof claims["exp"] !== "number" || !Number.isFinite(claims["exp"])) {
+    getWarn(options)("ARCHAL_TOKEN JWT does not contain a valid exp claim. Ignoring environment token.");
+    return null;
+  }
+  const expiresAt = claims["exp"];
+  if (expiresAt <= nowSeconds) {
+    if (options?.onExpiredEnvToken === "throw") {
+      throw new ExpiredEnvTokenError();
+    }
+    debug("Ignoring expired ARCHAL_TOKEN from environment.");
+    return null;
+  }
+  return {
+    token,
+    refreshToken: "",
+    email,
+    plan,
+    selectedCloneIds: [],
+    expiresAt
+  };
+}
+function getCredentials(options) {
+  const envValue = process.env[AUTH_TOKEN_ENV_VAR];
+  const hasExplicitEnvToken = String(envValue ?? "").trim().length > 0;
+  const envCredentials = readCredentialsFromEnv(options);
+  const creds = envCredentials ?? (hasExplicitEnvToken ? null : getStoredCredentials(options));
+  if (!creds) {
+    return null;
+  }
+  return isExpired(creds.expiresAt) ? null : creds;
+}
+function getStoredCredentials(options) {
+  const creds = readCredentialsFile(options);
+  if (!creds) {
+    return null;
+  }
+  if (options?.includeExpired) {
+    return creds;
+  }
+  return isExpired(creds.expiresAt) ? null : creds;
+}
+function writeCredentialsAtPath(path, creds) {
+  const dir = (0, import_node_path2.dirname)(path);
+  ensureDir(dir);
+  const payload = {
+    email: creds.email,
+    plan: creds.plan,
+    selectedCloneIds: normalizeEntitledCloneIds(creds.selectedCloneIds),
+    expiresAt: creds.expiresAt,
+    tokenEncrypted: encryptToken(creds.token.trim(), dir),
+    refreshTokenEncrypted: creds.refreshToken.trim().length > 0 ? encryptToken(creds.refreshToken.trim(), dir) : void 0
+  };
+  const tmpPath = `${path}.${(0, import_node_crypto.randomBytes)(4).toString("hex")}.tmp`;
+  (0, import_node_fs.writeFileSync)(tmpPath, `${JSON.stringify(payload, null, 2)}
+`, {
+    encoding: "utf-8",
+    mode: 384
+  });
+  (0, import_node_fs.renameSync)(tmpPath, path);
+}
+
+// ../packages/node-auth/src/loopback.ts
+var import_node_net = require("net");
+
+// ../packages/node-auth/src/secure-token.ts
+var import_node_crypto2 = require("crypto");
+
+// ../packages/log/src/ansi.ts
+var NO_COLOR = "NO_COLOR" in process.env || process.env["TERM"] === "dumb";
+var RESET = NO_COLOR ? "" : "\x1B[0m";
+var BOLD = NO_COLOR ? "" : "\x1B[1m";
+var DIM = NO_COLOR ? "" : "\x1B[2m";
+var RED = NO_COLOR ? "" : "\x1B[31m";
+var YELLOW = NO_COLOR ? "" : "\x1B[33m";
+var CYAN = NO_COLOR ? "" : "\x1B[36m";
+var GRAY = NO_COLOR ? "" : "\x1B[90m";
+
+// ../packages/log/src/logger.ts
+var LOG_LEVEL_PRIORITY = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+var LOG_LEVEL_COLORS = {
+  debug: GRAY,
+  info: CYAN,
+  warn: YELLOW,
+  error: RED
+};
+var globalOptions = {
+  level: "info",
+  quiet: false,
+  json: false,
+  verbose: false
+};
+var ANSI_ESCAPE_RE = new RegExp(`${String.fromCodePoint(27)}\\[[0-9;]*m`, "g");
+function shouldLog(level) {
+  if (globalOptions.quiet && level !== "error") {
+    return false;
+  }
+  return LOG_LEVEL_PRIORITY[level] >= LOG_LEVEL_PRIORITY[globalOptions.level];
+}
+function formatTimestamp() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function formatLogEntry(entry) {
+  if (globalOptions.json) {
+    return JSON.stringify(entry);
+  }
+  const color = LOG_LEVEL_COLORS[entry.level];
+  if (globalOptions.verbose || entry.level === "warn" || entry.level === "error") {
+    const levelTag = `${color}${BOLD}${entry.level.toUpperCase().padEnd(5)}${RESET}`;
+    const timestamp = `${DIM}${entry.timestamp}${RESET}`;
+    let line = `${timestamp} ${levelTag} ${entry.message}`;
+    if (entry.data && Object.keys(entry.data).length > 0) {
+      const dataStr = Object.entries(entry.data).map(([k, v]) => `${DIM}${k}=${RESET}${typeof v === "string" ? v : JSON.stringify(v)}`).join(" ");
+      line += ` ${dataStr}`;
+    }
+    return line;
+  }
+  return `${DIM}${entry.message}${RESET}`;
+}
+function log(level, message, data) {
+  if (!shouldLog(level)) {
+    return;
+  }
+  const entry = {
+    level,
+    message,
+    timestamp: formatTimestamp(),
+    data
+  };
+  const formatted = formatLogEntry(entry);
+  process.stderr.write(formatted + "\n");
+}
+function warn(message, data) {
+  log("warn", message, data);
+}
+
+// src/utils/version.ts
+var import_node_fs2 = require("fs");
+var import_node_path3 = require("path");
+var CLI_PACKAGE_NAMES = /* @__PURE__ */ new Set(["@archal/cli", "archal"]);
+function resolvePackageJsonCandidates() {
+  const candidates = /* @__PURE__ */ new Set();
+  if (typeof __dirname === "string") {
+    candidates.add((0, import_node_path3.join)(__dirname, "..", "package.json"));
+    candidates.add((0, import_node_path3.join)(__dirname, "..", "..", "package.json"));
+  }
+  return [...candidates];
+}
+function readPackageJson(path) {
+  try {
+    return JSON.parse((0, import_node_fs2.readFileSync)(path, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function loadVersion() {
+  let fallbackVersion = null;
+  for (const pkgPath of resolvePackageJsonCandidates()) {
+    const pkg = readPackageJson(pkgPath);
+    if (!pkg) {
+      continue;
+    }
+    if (typeof pkg.name === "string" && CLI_PACKAGE_NAMES.has(pkg.name) && typeof pkg.version === "string") {
+      return pkg.version;
+    }
+    if (fallbackVersion === null && typeof pkg.version === "string") {
+      fallbackVersion = pkg.version;
+    }
+  }
+  return fallbackVersion ?? "0.0.0";
+}
+var CLI_VERSION = loadVersion();
+var CLI_USER_AGENT = `archal-cli/${CLI_VERSION}`;
+
+// src/auth/credential-store.ts
+var READ_OPTIONS = { onExpiredEnvToken: "throw", warn };
+var cachedEnvToken = null;
+var cachedEnvCredentials = null;
+var cachedEnvCredentialsResolved = false;
+function readExplicitEnvToken() {
+  const raw = process.env["ARCHAL_TOKEN"];
+  if (typeof raw !== "string") return null;
+  const token = raw.trim();
+  return token.length > 0 ? token : null;
+}
+function getCredentials2() {
+  const envToken = readExplicitEnvToken();
+  if (!envToken) {
+    return getCredentials(READ_OPTIONS);
+  }
+  if (!cachedEnvCredentialsResolved || cachedEnvToken !== envToken) {
+    cachedEnvToken = envToken;
+    cachedEnvCredentials = getCredentials(READ_OPTIONS);
+    cachedEnvCredentialsResolved = true;
+  }
+  return cachedEnvCredentials;
+}
+
+// src/auth/require-auth.ts
+var import_node_child_process2 = require("child_process");
+
+// src/telemetry/posthog.ts
+var import_node_fs4 = require("fs");
+var import_node_path4 = require("path");
+var import_node_crypto3 = require("crypto");
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/utils/type-utils.mjs
+var nativeIsArray = Array.isArray;
+var ObjProto = Object.prototype;
+var type_utils_hasOwnProperty = ObjProto.hasOwnProperty;
+var type_utils_toString = ObjProto.toString;
+var isArray = nativeIsArray || function(obj) {
+  return "[object Array]" === type_utils_toString.call(obj);
+};
+var isObject = (x) => x === Object(x) && !isArray(x);
+var isUndefined = (x) => void 0 === x;
+var isString = (x) => "[object String]" == type_utils_toString.call(x);
+var isEmptyString = (x) => isString(x) && 0 === x.trim().length;
+var isNumber = (x) => "[object Number]" == type_utils_toString.call(x) && x === x;
+var isPlainError = (x) => x instanceof Error;
+function isPrimitive(value) {
+  return null === value || "object" != typeof value;
+}
+function isBuiltin(candidate, className) {
+  return Object.prototype.toString.call(candidate) === `[object ${className}]`;
+}
+function isErrorEvent(event) {
+  return isBuiltin(event, "ErrorEvent");
+}
+function isEvent(candidate) {
+  return "undefined" != typeof Event && isInstanceOf(candidate, Event);
+}
+function isInstanceOf(candidate, base) {
+  try {
+    return candidate instanceof base;
+  } catch {
+    return false;
+  }
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/utils/user-agent-utils.mjs
+var MOBILE = "Mobile";
+var IOS = "iOS";
+var ANDROID = "Android";
+var TABLET = "Tablet";
+var ANDROID_TABLET = ANDROID + " " + TABLET;
+var APPLE = "Apple";
+var APPLE_WATCH = APPLE + " Watch";
+var SAFARI = "Safari";
+var BLACKBERRY = "BlackBerry";
+var SAMSUNG = "Samsung";
+var SAMSUNG_BROWSER = SAMSUNG + "Browser";
+var SAMSUNG_INTERNET = SAMSUNG + " Internet";
+var CHROME = "Chrome";
+var CHROME_OS = CHROME + " OS";
+var CHROME_IOS = CHROME + " " + IOS;
+var INTERNET_EXPLORER = "Internet Explorer";
+var INTERNET_EXPLORER_MOBILE = INTERNET_EXPLORER + " " + MOBILE;
+var OPERA = "Opera";
+var OPERA_MINI = OPERA + " Mini";
+var EDGE = "Edge";
+var MICROSOFT_EDGE = "Microsoft " + EDGE;
+var FIREFOX = "Firefox";
+var FIREFOX_IOS = FIREFOX + " " + IOS;
+var NINTENDO = "Nintendo";
+var PLAYSTATION = "PlayStation";
+var XBOX = "Xbox";
+var ANDROID_MOBILE = ANDROID + " " + MOBILE;
+var MOBILE_SAFARI = MOBILE + " " + SAFARI;
+var WINDOWS = "Windows";
+var WINDOWS_PHONE = WINDOWS + " Phone";
+var GENERIC = "Generic";
+var GENERIC_MOBILE = GENERIC + " " + MOBILE.toLowerCase();
+var GENERIC_TABLET = GENERIC + " " + TABLET.toLowerCase();
+var KONQUEROR = "Konqueror";
+var OCULUS_BROWSER = "Oculus Browser";
+var VIVALDI = "Vivaldi";
+var YANDEX = "Yandex";
+var WHALE = "Whale";
+var DUCKDUCKGO = "DuckDuckGo";
+var PALE_MOON = "Pale Moon";
+var WATERFOX = "Waterfox";
+var BRAVE = "Brave";
+var GOOGLE_SEARCH_APP = "Google Search App";
+var BROWSER_VERSION_REGEX_SUFFIX = "(\\d+(\\.\\d+)?)";
+var DEFAULT_BROWSER_VERSION_REGEX = new RegExp("Version/" + BROWSER_VERSION_REGEX_SUFFIX);
+var XBOX_REGEX = new RegExp(XBOX, "i");
+var PLAYSTATION_REGEX = new RegExp(PLAYSTATION + " \\w+", "i");
+var NINTENDO_REGEX = new RegExp(NINTENDO + " \\w+", "i");
+var BLACKBERRY_REGEX = new RegExp(BLACKBERRY + "|PlayBook|BB10", "i");
+var windowsVersionMap = {
+  "NT3.51": "NT 3.11",
+  "NT4.0": "NT 4.0",
+  "5.0": "2000",
+  "5.1": "XP",
+  "5.2": "XP",
+  "6.0": "Vista",
+  "6.1": "7",
+  "6.2": "8",
+  "6.3": "8.1",
+  "6.4": "10",
+  "10.0": "10"
+};
+var versionRegexes = {
+  [INTERNET_EXPLORER_MOBILE]: [
+    new RegExp("rv:" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [MICROSOFT_EDGE]: [
+    new RegExp(EDGE + "?\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [CHROME]: [
+    new RegExp("(" + CHROME + "|CrMo)\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [CHROME_IOS]: [
+    new RegExp("CriOS\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  "UC Browser": [
+    new RegExp("(UCBrowser|UCWEB)\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [SAFARI]: [
+    DEFAULT_BROWSER_VERSION_REGEX
+  ],
+  [MOBILE_SAFARI]: [
+    DEFAULT_BROWSER_VERSION_REGEX
+  ],
+  [OPERA]: [
+    new RegExp("(" + OPERA + "|OPR)\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [FIREFOX]: [
+    new RegExp(FIREFOX + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [FIREFOX_IOS]: [
+    new RegExp("FxiOS\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [KONQUEROR]: [
+    new RegExp("Konqueror[:/]?" + BROWSER_VERSION_REGEX_SUFFIX, "i")
+  ],
+  [BLACKBERRY]: [
+    new RegExp(BLACKBERRY + " " + BROWSER_VERSION_REGEX_SUFFIX),
+    DEFAULT_BROWSER_VERSION_REGEX
+  ],
+  [ANDROID_MOBILE]: [
+    new RegExp("android\\s" + BROWSER_VERSION_REGEX_SUFFIX, "i")
+  ],
+  [SAMSUNG_INTERNET]: [
+    new RegExp(SAMSUNG_BROWSER + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [OCULUS_BROWSER]: [
+    new RegExp("OculusBrowser\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [VIVALDI]: [
+    new RegExp(VIVALDI + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [YANDEX]: [
+    new RegExp("YaBrowser\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [WHALE]: [
+    new RegExp(WHALE + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [BRAVE]: [
+    new RegExp(BRAVE + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [DUCKDUCKGO]: [
+    new RegExp("(DuckDuckGo|Ddg)\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [PALE_MOON]: [
+    new RegExp("PaleMoon\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [WATERFOX]: [
+    new RegExp(WATERFOX + "\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [GOOGLE_SEARCH_APP]: [
+    new RegExp("GSA\\/" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  [INTERNET_EXPLORER]: [
+    new RegExp("(rv:|MSIE )" + BROWSER_VERSION_REGEX_SUFFIX)
+  ],
+  Mozilla: [
+    new RegExp("rv:" + BROWSER_VERSION_REGEX_SUFFIX)
+  ]
+};
+var osMatchers = [
+  [
+    new RegExp(XBOX + "; " + XBOX + " (.*?)[);]", "i"),
+    (match) => [
+      XBOX,
+      match && match[1] || ""
+    ]
+  ],
+  [
+    new RegExp(NINTENDO, "i"),
+    [
+      NINTENDO,
+      ""
+    ]
+  ],
+  [
+    new RegExp(PLAYSTATION, "i"),
+    [
+      PLAYSTATION,
+      ""
+    ]
+  ],
+  [
+    BLACKBERRY_REGEX,
+    [
+      BLACKBERRY,
+      ""
+    ]
+  ],
+  [
+    new RegExp(WINDOWS, "i"),
+    (_, user_agent) => {
+      if (/Phone/.test(user_agent) || /WPDesktop/.test(user_agent)) return [
+        WINDOWS_PHONE,
+        ""
+      ];
+      if (new RegExp(MOBILE).test(user_agent) && !/IEMobile\b/.test(user_agent)) return [
+        WINDOWS + " " + MOBILE,
+        ""
+      ];
+      const match = /Windows NT ([0-9.]+)/i.exec(user_agent);
+      if (match && match[1]) {
+        const version2 = match[1];
+        let osVersion = windowsVersionMap[version2] || "";
+        if (/arm/i.test(user_agent)) osVersion = "RT";
+        return [
+          WINDOWS,
+          osVersion
+        ];
+      }
+      return [
+        WINDOWS,
+        ""
+      ];
+    }
+  ],
+  [
+    /((iPhone|iPad|iPod).*?OS (\d+)_(\d+)_?(\d+)?|iPhone)/,
+    (match) => {
+      if (match && match[3]) {
+        const versionParts = [
+          match[3],
+          match[4],
+          match[5] || "0"
+        ];
+        return [
+          IOS,
+          versionParts.join(".")
+        ];
+      }
+      return [
+        IOS,
+        ""
+      ];
+    }
+  ],
+  [
+    /(watch.*\/(\d+\.\d+\.\d+)|watch os,(\d+\.\d+),)/i,
+    (match) => {
+      let version2 = "";
+      if (match && match.length >= 3) version2 = isUndefined(match[2]) ? match[3] : match[2];
+      return [
+        "watchOS",
+        version2
+      ];
+    }
+  ],
+  [
+    new RegExp("(" + ANDROID + " (\\d+)\\.(\\d+)\\.?(\\d+)?|" + ANDROID + ")", "i"),
+    (match) => {
+      if (match && match[2]) {
+        const versionParts = [
+          match[2],
+          match[3],
+          match[4] || "0"
+        ];
+        return [
+          ANDROID,
+          versionParts.join(".")
+        ];
+      }
+      return [
+        ANDROID,
+        ""
+      ];
+    }
+  ],
+  [
+    /Mac OS X (\d+)[_.](\d+)[_.]?(\d+)?/i,
+    (match) => {
+      const result = [
+        "Mac OS X",
+        ""
+      ];
+      if (match && match[1]) {
+        const versionParts = [
+          match[1],
+          match[2],
+          match[3] || "0"
+        ];
+        result[1] = versionParts.join(".");
+      }
+      return result;
+    }
+  ],
+  [
+    /Mac/i,
+    [
+      "Mac OS X",
+      ""
+    ]
+  ],
+  [
+    /CrOS/,
+    [
+      CHROME_OS,
+      ""
+    ]
+  ],
+  [
+    /Linux|debian/i,
+    [
+      "Linux",
+      ""
+    ]
+  ]
+];
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/utils/index.mjs
+var isError = (x) => x instanceof Error;
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/logs/logs-utils.mjs
+var OTLP_SEVERITY_MAP = {
+  trace: {
+    text: "TRACE",
+    number: 1
+  },
+  debug: {
+    text: "DEBUG",
+    number: 5
+  },
+  info: {
+    text: "INFO",
+    number: 9
+  },
+  warn: {
+    text: "WARN",
+    number: 13
+  },
+  error: {
+    text: "ERROR",
+    number: 17
+  },
+  fatal: {
+    text: "FATAL",
+    number: 21
+  }
+};
+var DEFAULT_OTLP_SEVERITY = OTLP_SEVERITY_MAP.info;
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/index.mjs
+var error_tracking_exports = {};
+__export(error_tracking_exports, {
+  DEFAULT_EXCEPTION_STEPS_CONFIG: () => DEFAULT_EXCEPTION_STEPS_CONFIG,
+  DOMExceptionCoercer: () => DOMExceptionCoercer,
+  EXCEPTION_STEP_INTERNAL_FIELDS: () => EXCEPTION_STEP_INTERNAL_FIELDS,
+  ErrorCoercer: () => ErrorCoercer,
+  ErrorEventCoercer: () => ErrorEventCoercer,
+  ErrorPropertiesBuilder: () => ErrorPropertiesBuilder,
+  EventCoercer: () => EventCoercer,
+  ExceptionStepsBuffer: () => ExceptionStepsBuffer,
+  ObjectCoercer: () => ObjectCoercer,
+  PrimitiveCoercer: () => PrimitiveCoercer,
+  PromiseRejectionEventCoercer: () => PromiseRejectionEventCoercer,
+  ReduceableCache: () => ReduceableCache,
+  StringCoercer: () => StringCoercer,
+  chromeStackLineParser: () => chromeStackLineParser,
+  createDefaultStackParser: () => createDefaultStackParser,
+  createStackParser: () => createStackParser,
+  geckoStackLineParser: () => geckoStackLineParser,
+  getUtf8ByteLength: () => getUtf8ByteLength,
+  nodeStackLineParser: () => nodeStackLineParser,
+  opera10StackLineParser: () => opera10StackLineParser,
+  opera11StackLineParser: () => opera11StackLineParser,
+  resolveExceptionStepsConfig: () => resolveExceptionStepsConfig,
+  reverseAndStripFrames: () => reverseAndStripFrames,
+  stripReservedExceptionStepFields: () => stripReservedExceptionStepFields,
+  winjsStackLineParser: () => winjsStackLineParser
+});
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/chunk-ids.mjs
+var parsedStackResults;
+var lastKeysCount;
+var cachedFilenameChunkIds;
+function getFilenameToChunkIdMap(stackParser) {
+  const chunkIdMap = globalThis._posthogChunkIds;
+  if (!chunkIdMap) return;
+  const chunkIdKeys = Object.keys(chunkIdMap);
+  if (cachedFilenameChunkIds && chunkIdKeys.length === lastKeysCount) return cachedFilenameChunkIds;
+  lastKeysCount = chunkIdKeys.length;
+  cachedFilenameChunkIds = chunkIdKeys.reduce((acc, stackKey) => {
+    if (!parsedStackResults) parsedStackResults = {};
+    const result = parsedStackResults[stackKey];
+    if (result) acc[result[0]] = result[1];
+    else {
+      const parsedStack = stackParser(stackKey);
+      for (let i = parsedStack.length - 1; i >= 0; i--) {
+        const stackFrame = parsedStack[i];
+        const filename = stackFrame?.filename;
+        const chunkId = chunkIdMap[stackKey];
+        if (filename && chunkId) {
+          acc[filename] = chunkId;
+          parsedStackResults[stackKey] = [
+            filename,
+            chunkId
+          ];
+          break;
+        }
+      }
+    }
+    return acc;
+  }, {});
+  return cachedFilenameChunkIds;
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/error-properties-builder.mjs
+var MAX_CAUSE_RECURSION = 4;
+var ErrorPropertiesBuilder = class {
+  constructor(coercers, stackParser, modifiers = []) {
+    this.coercers = coercers;
+    this.stackParser = stackParser;
+    this.modifiers = modifiers;
+  }
+  buildFromUnknown(input, hint = {}) {
+    const providedMechanism = hint && hint.mechanism;
+    const mechanism = providedMechanism || {
+      handled: true,
+      type: "generic"
+    };
+    const coercingContext = this.buildCoercingContext(mechanism, hint, 0);
+    const exceptionWithCause = coercingContext.apply(input);
+    const parsingContext = this.buildParsingContext(hint);
+    const exceptionWithStack = this.parseStacktrace(exceptionWithCause, parsingContext);
+    const exceptionList = this.convertToExceptionList(exceptionWithStack, mechanism);
+    return {
+      $exception_list: exceptionList,
+      $exception_level: "error"
+    };
+  }
+  async modifyFrames(exceptionList) {
+    for (const exc of exceptionList) if (exc.stacktrace && exc.stacktrace.frames && isArray(exc.stacktrace.frames)) exc.stacktrace.frames = await this.applyModifiers(exc.stacktrace.frames);
+    return exceptionList;
+  }
+  coerceFallback(ctx) {
+    return {
+      type: "Error",
+      value: "Unknown error",
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+  }
+  parseStacktrace(err, ctx) {
+    let cause;
+    if (null != err.cause) cause = this.parseStacktrace(err.cause, ctx);
+    let stack;
+    if ("" != err.stack && null != err.stack) stack = this.applyChunkIds(this.stackParser(err.stack, err.synthetic ? ctx.skipFirstLines : 0), ctx.chunkIdMap);
+    return {
+      ...err,
+      cause,
+      stack
+    };
+  }
+  applyChunkIds(frames, chunkIdMap) {
+    return frames.map((frame) => {
+      if (frame.filename && chunkIdMap) frame.chunk_id = chunkIdMap[frame.filename];
+      return frame;
+    });
+  }
+  applyCoercers(input, ctx) {
+    for (const adapter of this.coercers) if (adapter.match(input)) return adapter.coerce(input, ctx);
+    return this.coerceFallback(ctx);
+  }
+  async applyModifiers(frames) {
+    let newFrames = frames;
+    for (const modifier of this.modifiers) newFrames = await modifier(newFrames);
+    return newFrames;
+  }
+  convertToExceptionList(exceptionWithStack, mechanism) {
+    const currentException = {
+      type: exceptionWithStack.type,
+      value: exceptionWithStack.value,
+      mechanism: {
+        type: mechanism.type ?? "generic",
+        handled: mechanism.handled ?? true,
+        synthetic: exceptionWithStack.synthetic ?? false
+      }
+    };
+    if (exceptionWithStack.stack) currentException.stacktrace = {
+      type: "raw",
+      frames: exceptionWithStack.stack
+    };
+    const exceptionList = [
+      currentException
+    ];
+    if (null != exceptionWithStack.cause) exceptionList.push(...this.convertToExceptionList(exceptionWithStack.cause, {
+      ...mechanism,
+      handled: true
+    }));
+    return exceptionList;
+  }
+  buildParsingContext(hint) {
+    const context = {
+      chunkIdMap: getFilenameToChunkIdMap(this.stackParser),
+      skipFirstLines: hint.skipFirstLines ?? 1
+    };
+    return context;
+  }
+  buildCoercingContext(mechanism, hint, depth = 0) {
+    const coerce = (input, depth2) => {
+      if (!(depth2 <= MAX_CAUSE_RECURSION)) return;
+      {
+        const ctx = this.buildCoercingContext(mechanism, hint, depth2);
+        return this.applyCoercers(input, ctx);
+      }
+    };
+    const context = {
+      ...hint,
+      syntheticException: 0 == depth ? hint.syntheticException : void 0,
+      mechanism,
+      apply: (input) => coerce(input, depth),
+      next: (input) => coerce(input, depth + 1)
+    };
+    return context;
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/base.mjs
+var UNKNOWN_FUNCTION = "?";
+function createFrame(platform, filename, func, lineno, colno) {
+  const frame = {
+    platform,
+    filename,
+    function: "<anonymous>" === func ? UNKNOWN_FUNCTION : func,
+    in_app: true
+  };
+  if (!isUndefined(lineno)) frame.lineno = lineno;
+  if (!isUndefined(colno)) frame.colno = colno;
+  return frame;
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/safari.mjs
+var extractSafariExtensionDetails = (func, filename) => {
+  const isSafariExtension = -1 !== func.indexOf("safari-extension");
+  const isSafariWebExtension = -1 !== func.indexOf("safari-web-extension");
+  return isSafariExtension || isSafariWebExtension ? [
+    -1 !== func.indexOf("@") ? func.split("@")[0] : UNKNOWN_FUNCTION,
+    isSafariExtension ? `safari-extension:${filename}` : `safari-web-extension:${filename}`
+  ] : [
+    func,
+    filename
+  ];
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/chrome.mjs
+var chromeRegexNoFnName = /^\s*at (\S+?)(?::(\d+))(?::(\d+))\s*$/i;
+var chromeRegex = /^\s*at (?:(.+?\)(?: \[.+\])?|.*?) ?\((?:address at )?)?(?:async )?((?:<anonymous>|[-a-z]+:|.*bundle|\/)?.*?)(?::(\d+))?(?::(\d+))?\)?\s*$/i;
+var chromeEvalRegex = /\((\S*)(?::(\d+))(?::(\d+))\)/;
+var chromeStackLineParser = (line, platform) => {
+  const noFnParts = chromeRegexNoFnName.exec(line);
+  if (noFnParts) {
+    const [, filename, line2, col] = noFnParts;
+    return createFrame(platform, filename, UNKNOWN_FUNCTION, +line2, +col);
+  }
+  const parts = chromeRegex.exec(line);
+  if (parts) {
+    const isEval = parts[2] && 0 === parts[2].indexOf("eval");
+    if (isEval) {
+      const subMatch = chromeEvalRegex.exec(parts[2]);
+      if (subMatch) {
+        parts[2] = subMatch[1];
+        parts[3] = subMatch[2];
+        parts[4] = subMatch[3];
+      }
+    }
+    const [func, filename] = extractSafariExtensionDetails(parts[1] || UNKNOWN_FUNCTION, parts[2]);
+    return createFrame(platform, filename, func, parts[3] ? +parts[3] : void 0, parts[4] ? +parts[4] : void 0);
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/gecko.mjs
+var geckoREgex = /^\s*(.*?)(?:\((.*?)\))?(?:^|@)?((?:[-a-z]+)?:\/.*?|\[native code\]|[^@]*(?:bundle|\d+\.js)|\/[\w\-. /=]+)(?::(\d+))?(?::(\d+))?\s*$/i;
+var geckoEvalRegex = /(\S+) line (\d+)(?: > eval line \d+)* > eval/i;
+var geckoStackLineParser = (line, platform) => {
+  const parts = geckoREgex.exec(line);
+  if (parts) {
+    const isEval = parts[3] && parts[3].indexOf(" > eval") > -1;
+    if (isEval) {
+      const subMatch = geckoEvalRegex.exec(parts[3]);
+      if (subMatch) {
+        parts[1] = parts[1] || "eval";
+        parts[3] = subMatch[1];
+        parts[4] = subMatch[2];
+        parts[5] = "";
+      }
+    }
+    let filename = parts[3];
+    let func = parts[1] || UNKNOWN_FUNCTION;
+    [func, filename] = extractSafariExtensionDetails(func, filename);
+    return createFrame(platform, filename, func, parts[4] ? +parts[4] : void 0, parts[5] ? +parts[5] : void 0);
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/winjs.mjs
+var winjsRegex = /^\s*at (?:((?:\[object object\])?.+) )?\(?((?:[-a-z]+):.*?):(\d+)(?::(\d+))?\)?\s*$/i;
+var winjsStackLineParser = (line, platform) => {
+  const parts = winjsRegex.exec(line);
+  return parts ? createFrame(platform, parts[2], parts[1] || UNKNOWN_FUNCTION, +parts[3], parts[4] ? +parts[4] : void 0) : void 0;
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/opera.mjs
+var opera10Regex = / line (\d+).*script (?:in )?(\S+)(?:: in function (\S+))?$/i;
+var opera10StackLineParser = (line, platform) => {
+  const parts = opera10Regex.exec(line);
+  return parts ? createFrame(platform, parts[2], parts[3] || UNKNOWN_FUNCTION, +parts[1]) : void 0;
+};
+var opera11Regex = / line (\d+), column (\d+)\s*(?:in (?:<anonymous function: ([^>]+)>|([^)]+))\(.*\))? in (.*):\s*$/i;
+var opera11StackLineParser = (line, platform) => {
+  const parts = opera11Regex.exec(line);
+  return parts ? createFrame(platform, parts[5], parts[3] || parts[4] || UNKNOWN_FUNCTION, +parts[1], +parts[2]) : void 0;
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/node.mjs
+var FILENAME_MATCH = /^\s*[-]{4,}$/;
+var FULL_MATCH = /at (?:async )?(?:(.+?)\s+\()?(?:(.+):(\d+):(\d+)?|([^)]+))\)?/;
+var nodeStackLineParser = (line, platform) => {
+  const lineMatch = line.match(FULL_MATCH);
+  if (lineMatch) {
+    let object;
+    let method;
+    let functionName;
+    let typeName;
+    let methodName;
+    if (lineMatch[1]) {
+      functionName = lineMatch[1];
+      let methodStart = functionName.lastIndexOf(".");
+      if ("." === functionName[methodStart - 1]) methodStart--;
+      if (methodStart > 0) {
+        object = functionName.slice(0, methodStart);
+        method = functionName.slice(methodStart + 1);
+        const objectEnd = object.indexOf(".Module");
+        if (objectEnd > 0) {
+          functionName = functionName.slice(objectEnd + 1);
+          object = object.slice(0, objectEnd);
+        }
+      }
+      typeName = void 0;
+    }
+    if (method) {
+      typeName = object;
+      methodName = method;
+    }
+    if ("<anonymous>" === method) {
+      methodName = void 0;
+      functionName = void 0;
+    }
+    if (void 0 === functionName) {
+      methodName = methodName || UNKNOWN_FUNCTION;
+      functionName = typeName ? `${typeName}.${methodName}` : methodName;
+    }
+    let filename = lineMatch[2]?.startsWith("file://") ? lineMatch[2].slice(7) : lineMatch[2];
+    const isNative = "native" === lineMatch[5];
+    if (filename?.match(/\/[A-Z]:/)) filename = filename.slice(1);
+    if (!filename && lineMatch[5] && !isNative) filename = lineMatch[5];
+    return {
+      filename: filename ? decodeURI(filename) : void 0,
+      module: void 0,
+      function: functionName,
+      lineno: _parseIntOrUndefined(lineMatch[3]),
+      colno: _parseIntOrUndefined(lineMatch[4]),
+      in_app: filenameIsInApp(filename || "", isNative),
+      platform
+    };
+  }
+  if (line.match(FILENAME_MATCH)) return {
+    filename: line,
+    platform
+  };
+};
+function filenameIsInApp(filename, isNative = false) {
+  const isInternal = isNative || filename && !filename.startsWith("/") && !filename.match(/^[A-Z]:/) && !filename.startsWith(".") && !filename.match(/^[a-zA-Z]([a-zA-Z0-9.\-+])*:\/\//);
+  return !isInternal && void 0 !== filename && !filename.includes("node_modules/");
+}
+function _parseIntOrUndefined(input) {
+  return parseInt(input || "", 10) || void 0;
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/parsers/index.mjs
+var WEBPACK_ERROR_REGEXP = /\(error: (.*)\)/;
+var STACKTRACE_FRAME_LIMIT = 50;
+function reverseAndStripFrames(stack) {
+  if (!stack.length) return [];
+  const localStack = Array.from(stack);
+  localStack.reverse();
+  return localStack.slice(0, STACKTRACE_FRAME_LIMIT).map((frame) => ({
+    ...frame,
+    filename: frame.filename || getLastStackFrame(localStack).filename,
+    function: frame.function || UNKNOWN_FUNCTION
+  }));
+}
+function getLastStackFrame(arr) {
+  return arr[arr.length - 1] || {};
+}
+function createDefaultStackParser() {
+  return createStackParser("web:javascript", chromeStackLineParser, geckoStackLineParser);
+}
+function createStackParser(platform, ...parsers) {
+  return (stack, skipFirstLines = 0) => {
+    const frames = [];
+    const lines = stack.split("\n");
+    for (let i = skipFirstLines; i < lines.length; i++) {
+      const line = lines[i];
+      if (line.length > 1024) continue;
+      const cleanedLine = WEBPACK_ERROR_REGEXP.test(line) ? line.replace(WEBPACK_ERROR_REGEXP, "$1") : line;
+      if (!cleanedLine.match(/\S*Error: /)) {
+        for (const parser of parsers) {
+          const frame = parser(cleanedLine, platform);
+          if (frame) {
+            frames.push(frame);
+            break;
+          }
+        }
+        if (frames.length >= STACKTRACE_FRAME_LIMIT) break;
+      }
+    }
+    return reverseAndStripFrames(frames);
+  };
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/dom-exception-coercer.mjs
+var DOMExceptionCoercer = class {
+  match(err) {
+    return this.isDOMException(err) || this.isDOMError(err);
+  }
+  coerce(err, ctx) {
+    const hasStack = isString(err.stack);
+    return {
+      type: this.getType(err),
+      value: this.getValue(err),
+      stack: hasStack ? err.stack : void 0,
+      cause: err.cause ? ctx.next(err.cause) : void 0,
+      synthetic: false
+    };
+  }
+  getType(candidate) {
+    return this.isDOMError(candidate) ? "DOMError" : "DOMException";
+  }
+  getValue(err) {
+    const name = err.name || (this.isDOMError(err) ? "DOMError" : "DOMException");
+    const message = err.message ? `${name}: ${err.message}` : name;
+    return message;
+  }
+  isDOMException(err) {
+    return isBuiltin(err, "DOMException");
+  }
+  isDOMError(err) {
+    return isBuiltin(err, "DOMError");
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/error-coercer.mjs
+var ErrorCoercer = class {
+  match(err) {
+    return isPlainError(err);
+  }
+  coerce(err, ctx) {
+    return {
+      type: this.getType(err),
+      value: this.getMessage(err, ctx),
+      stack: this.getStack(err),
+      cause: err.cause ? ctx.next(err.cause) : void 0,
+      synthetic: false
+    };
+  }
+  getType(err) {
+    return err.name || err.constructor.name;
+  }
+  getMessage(err, _ctx) {
+    const message = err.message;
+    if (message.error && "string" == typeof message.error.message) return String(message.error.message);
+    return String(message);
+  }
+  getStack(err) {
+    return err.stacktrace || err.stack || void 0;
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/error-event-coercer.mjs
+var ErrorEventCoercer = class {
+  constructor() {
+  }
+  match(err) {
+    return isErrorEvent(err) && void 0 != err.error;
+  }
+  coerce(err, ctx) {
+    const exceptionLike = ctx.apply(err.error);
+    if (!exceptionLike) return {
+      type: "ErrorEvent",
+      value: err.message,
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+    return exceptionLike;
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/string-coercer.mjs
+var ERROR_TYPES_PATTERN = /^(?:[Uu]ncaught (?:exception: )?)?(?:((?:Eval|Internal|Range|Reference|Syntax|Type|URI|)Error): )?(.*)$/i;
+var StringCoercer = class {
+  match(input) {
+    return "string" == typeof input;
+  }
+  coerce(input, ctx) {
+    const [type, value] = this.getInfos(input);
+    return {
+      type: type ?? "Error",
+      value: value ?? input,
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+  }
+  getInfos(candidate) {
+    let type = "Error";
+    let value = candidate;
+    const groups = candidate.match(ERROR_TYPES_PATTERN);
+    if (groups) {
+      type = groups[1];
+      value = groups[2];
+    }
+    return [
+      type,
+      value
+    ];
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/types.mjs
+var severityLevels = [
+  "fatal",
+  "error",
+  "warning",
+  "log",
+  "info",
+  "debug"
+];
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/utils.mjs
+function extractExceptionKeysForMessage(err, maxLength = 40) {
+  const keys = Object.keys(err);
+  keys.sort();
+  if (!keys.length) return "[object has no keys]";
+  for (let i = keys.length; i > 0; i--) {
+    const serialized = keys.slice(0, i).join(", ");
+    if (!(serialized.length > maxLength)) {
+      if (i === keys.length) return serialized;
+      return serialized.length <= maxLength ? serialized : `${serialized.slice(0, maxLength)}...`;
+    }
+  }
+  return "";
+}
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/object-coercer.mjs
+var ObjectCoercer = class {
+  match(candidate) {
+    return "object" == typeof candidate && null !== candidate;
+  }
+  coerce(candidate, ctx) {
+    const errorProperty = this.getErrorPropertyFromObject(candidate);
+    if (errorProperty) return ctx.apply(errorProperty);
+    return {
+      type: this.getType(candidate),
+      value: this.getValue(candidate),
+      stack: ctx.syntheticException?.stack,
+      level: this.isSeverityLevel(candidate.level) ? candidate.level : "error",
+      synthetic: true
+    };
+  }
+  getType(err) {
+    return isEvent(err) ? err.constructor.name : "Error";
+  }
+  getValue(err) {
+    if ("name" in err && "string" == typeof err.name) {
+      let message = `'${err.name}' captured as exception`;
+      if ("message" in err && "string" == typeof err.message) message += ` with message: '${err.message}'`;
+      return message;
+    }
+    if ("message" in err && "string" == typeof err.message) return err.message;
+    const className = this.getObjectClassName(err);
+    const keys = extractExceptionKeysForMessage(err);
+    return `${className && "Object" !== className ? `'${className}'` : "Object"} captured as exception with keys: ${keys}`;
+  }
+  isSeverityLevel(x) {
+    return isString(x) && !isEmptyString(x) && severityLevels.indexOf(x) >= 0;
+  }
+  getErrorPropertyFromObject(obj) {
+    for (const prop in obj) if (Object.prototype.hasOwnProperty.call(obj, prop)) {
+      const value = obj[prop];
+      if (isError(value)) return value;
+    }
+  }
+  getObjectClassName(obj) {
+    try {
+      const prototype = Object.getPrototypeOf(obj);
+      return prototype ? prototype.constructor.name : void 0;
+    } catch (e) {
+      return;
+    }
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/event-coercer.mjs
+var EventCoercer = class {
+  match(err) {
+    return isEvent(err);
+  }
+  coerce(evt, ctx) {
+    const constructorName = evt.constructor.name;
+    return {
+      type: constructorName,
+      value: `${constructorName} captured as exception with keys: ${extractExceptionKeysForMessage(evt)}`,
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/primitive-coercer.mjs
+var PrimitiveCoercer = class {
+  match(candidate) {
+    return isPrimitive(candidate);
+  }
+  coerce(value, ctx) {
+    return {
+      type: "Error",
+      value: `Primitive value captured as exception: ${String(value)}`,
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/coercers/promise-rejection-event.mjs
+var PromiseRejectionEventCoercer = class {
+  match(err) {
+    return isBuiltin(err, "PromiseRejectionEvent") || this.isCustomEventWrappingRejection(err);
+  }
+  isCustomEventWrappingRejection(err) {
+    if (!isEvent(err)) return false;
+    try {
+      const detail = err.detail;
+      return null != detail && "object" == typeof detail && "reason" in detail;
+    } catch {
+      return false;
+    }
+  }
+  coerce(err, ctx) {
+    const reason = this.getUnhandledRejectionReason(err);
+    if (isPrimitive(reason)) return {
+      type: "UnhandledRejection",
+      value: `Non-Error promise rejection captured with value: ${String(reason)}`,
+      stack: ctx.syntheticException?.stack,
+      synthetic: true
+    };
+    return ctx.apply(reason);
+  }
+  getUnhandledRejectionReason(error) {
+    try {
+      if ("reason" in error) return error.reason;
+      if ("detail" in error && null != error.detail && "object" == typeof error.detail && "reason" in error.detail) return error.detail.reason;
+    } catch {
+    }
+    return error;
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/utils.mjs
+var ReduceableCache = class {
+  constructor(_maxSize) {
+    this._maxSize = _maxSize;
+    this._cache = /* @__PURE__ */ new Map();
+  }
+  get(key) {
+    const value = this._cache.get(key);
+    if (void 0 === value) return;
+    this._cache.delete(key);
+    this._cache.set(key, value);
+    return value;
+  }
+  set(key, value) {
+    this._cache.set(key, value);
+  }
+  reduce() {
+    while (this._cache.size >= this._maxSize) {
+      const value = this._cache.keys().next().value;
+      if (value) this._cache.delete(value);
+    }
+  }
+};
+
+// ../node_modules/.pnpm/@posthog+core@1.31.1/node_modules/@posthog/core/dist/error-tracking/exception-steps.mjs
+var EXCEPTION_STEP_INTERNAL_FIELDS = {
+  MESSAGE: "$message",
+  TIMESTAMP: "$timestamp"
+};
+var RESERVED_EXCEPTION_STEP_KEYS = /* @__PURE__ */ new Set([
+  EXCEPTION_STEP_INTERNAL_FIELDS.MESSAGE,
+  EXCEPTION_STEP_INTERNAL_FIELDS.TIMESTAMP
+]);
+var DEFAULT_EXCEPTION_STEPS_CONFIG = {
+  enabled: true,
+  max_bytes: 32768
+};
+function resolveExceptionStepsConfig(config) {
+  if (!config) return {
+    ...DEFAULT_EXCEPTION_STEPS_CONFIG
+  };
+  return {
+    enabled: config.enabled ?? DEFAULT_EXCEPTION_STEPS_CONFIG.enabled,
+    max_bytes: normalizePositiveInteger(config.max_bytes, DEFAULT_EXCEPTION_STEPS_CONFIG.max_bytes)
+  };
+}
+function stripReservedExceptionStepFields(properties) {
+  if (!properties) return {
+    sanitizedProperties: {},
+    droppedKeys: []
+  };
+  const droppedKeys = [];
+  const sanitizedProperties = Object.keys(properties).reduce((acc, key) => {
+    if (RESERVED_EXCEPTION_STEP_KEYS.has(key)) {
+      droppedKeys.push(key);
+      return acc;
+    }
+    acc[key] = properties[key];
+    return acc;
+  }, {});
+  return {
+    sanitizedProperties,
+    droppedKeys
+  };
+}
+var ExceptionStepsBuffer = class {
+  constructor(config) {
+    this._entries = [];
+    this._totalBytes = 0;
+    this._config = resolveExceptionStepsConfig(config);
+  }
+  setConfig(config) {
+    this._config = resolveExceptionStepsConfig(config);
+    this._trimToMaxBytes();
+  }
+  add(step) {
+    const serialized = normalizeAndSerializeStep(step);
+    if (!serialized) return;
+    const bytes = getUtf8ByteLength(serialized.json);
+    if (bytes > this._config.max_bytes) return;
+    this._entries.push({
+      step: serialized.step,
+      bytes
+    });
+    this._totalBytes += bytes;
+    this._trimToMaxBytes();
+  }
+  getAttachable() {
+    return this._entries.map((e) => e.step);
+  }
+  clear() {
+    this._entries = [];
+    this._totalBytes = 0;
+  }
+  size() {
+    return this._entries.length;
+  }
+  _trimToMaxBytes() {
+    while (this._totalBytes > this._config.max_bytes && this._entries.length > 0) {
+      const evicted = this._entries.shift();
+      if (evicted) this._totalBytes -= evicted.bytes;
+    }
+  }
+};
+function normalizePositiveInteger(input, fallback) {
+  if (!isNumber(input) || input === 1 / 0 || input === -1 / 0) return fallback;
+  const normalized = Math.floor(input);
+  if (normalized < 0) return fallback;
+  return normalized;
+}
+function normalizeAndSerializeStep(step) {
+  const json = safeStringify(step);
+  if (!json) return;
+  try {
+    const parsed = JSON.parse(json);
+    if (!isObject(parsed)) return;
+    const parsedStep = parsed;
+    const message = parsedStep[EXCEPTION_STEP_INTERNAL_FIELDS.MESSAGE];
+    const timestamp = parsedStep[EXCEPTION_STEP_INTERNAL_FIELDS.TIMESTAMP];
+    if (!isString(message) || 0 === message.trim().length) return;
+    if (!isString(timestamp) && !isNumber(timestamp)) return;
+    return {
+      step: parsedStep,
+      json
+    };
+  } catch {
+    return;
+  }
+}
+function safeStringify(value) {
+  const seen = /* @__PURE__ */ new WeakSet();
+  try {
+    return JSON.stringify(value, (_key, replacementValue) => {
+      if ("bigint" == typeof replacementValue) return replacementValue.toString();
+      if ("function" == typeof replacementValue || "symbol" == typeof replacementValue) return;
+      if (replacementValue instanceof Date) return replacementValue.toISOString();
+      if (replacementValue instanceof Error) return {
+        name: replacementValue.name,
+        message: replacementValue.message,
+        stack: replacementValue.stack
+      };
+      if (replacementValue && "object" == typeof replacementValue) {
+        if (seen.has(replacementValue)) return "[Circular]";
+        seen.add(replacementValue);
+      }
+      return replacementValue;
+    });
+  } catch {
+    return;
+  }
+}
+function getUtf8ByteLength(value) {
+  if ("undefined" != typeof TextEncoder) return new TextEncoder().encode(value).length;
+  const encoded = encodeURIComponent(value);
+  let byteLength = 0;
+  for (let i = 0; i < encoded.length; i++) if ("%" === encoded[i]) {
+    byteLength += 1;
+    i += 2;
+  } else byteLength += 1;
+  return byteLength;
+}
+
+// ../node_modules/.pnpm/posthog-node@5.36.10/node_modules/posthog-node/dist/extensions/error-tracking/modifiers/context-lines.node.mjs
+var import_node_fs3 = require("fs");
+var import_node_readline = require("readline");
+var LRU_FILE_CONTENTS_CACHE = new error_tracking_exports.ReduceableCache(25);
+var LRU_FILE_CONTENTS_FS_READ_FAILED = new error_tracking_exports.ReduceableCache(20);
+
+// ../node_modules/.pnpm/posthog-node@5.36.10/node_modules/posthog-node/dist/extensions/context/context.mjs
+var import_node_async_hooks = require("async_hooks");
+
+// ../node_modules/.pnpm/posthog-node@5.36.10/node_modules/posthog-node/dist/extensions/sentry-integration.mjs
+var NAME = "posthog-node";
+function createEventProcessor(_posthog, { organization, projectId, prefix, severityAllowList = [
+  "error"
+], sendExceptionsToPostHog = true } = {}) {
+  return (event) => {
+    const shouldProcessLevel = "*" === severityAllowList || severityAllowList.includes(event.level);
+    if (!shouldProcessLevel) return event;
+    if (!event.tags) event.tags = {};
+    const userId = event.tags[PostHogSentryIntegration.POSTHOG_ID_TAG];
+    if (void 0 === userId) return event;
+    const uiHost = _posthog.options.host ?? "https://us.i.posthog.com";
+    const personUrl = new URL(`/project/${_posthog.apiKey}/person/${userId}`, uiHost).toString();
+    event.tags["PostHog Person URL"] = personUrl;
+    const exceptions = event.exception?.values || [];
+    const exceptionList = exceptions.map((exception) => ({
+      ...exception,
+      stacktrace: exception.stacktrace ? {
+        ...exception.stacktrace,
+        type: "raw",
+        frames: (exception.stacktrace.frames || []).map((frame) => ({
+          ...frame,
+          platform: "node:javascript"
+        }))
+      } : void 0
+    }));
+    const properties = {
+      $exception_message: exceptions[0]?.value || event.message,
+      $exception_type: exceptions[0]?.type,
+      $exception_level: event.level,
+      $exception_list: exceptionList,
+      $sentry_event_id: event.event_id,
+      $sentry_exception: event.exception,
+      $sentry_exception_message: exceptions[0]?.value || event.message,
+      $sentry_exception_type: exceptions[0]?.type,
+      $sentry_tags: event.tags
+    };
+    if (organization && projectId) properties["$sentry_url"] = (prefix || "https://sentry.io/organizations/") + organization + "/issues/?project=" + projectId + "&query=" + event.event_id;
+    if (sendExceptionsToPostHog) _posthog.capture({
+      event: "$exception",
+      distinctId: userId,
+      properties
+    });
+    return event;
+  };
+}
+var PostHogSentryIntegration = class {
+  static #_ = this.POSTHOG_ID_TAG = "posthog_distinct_id";
+  constructor(_posthog, organization, prefix, severityAllowList, sendExceptionsToPostHog) {
+    this.name = NAME;
+    this.name = NAME;
+    this.setupOnce = function(addGlobalEventProcessor, getCurrentHub) {
+      const projectId = getCurrentHub()?.getClient()?.getDsn()?.projectId;
+      addGlobalEventProcessor(createEventProcessor(_posthog, {
+        organization,
+        projectId,
+        prefix,
+        severityAllowList,
+        sendExceptionsToPostHog: sendExceptionsToPostHog ?? true
+      }));
+    };
+  }
+};
+
+// src/telemetry/posthog.ts
+var POSTHOG_KEY = process.env["ARCHAL_POSTHOG_KEY"] ?? "phc_OEdBZlIiJUhnj5dOBsCf9qyXQmbf6RGYIl7k5BcNKn4";
+var baseProperties = {
+  cli_version: CLI_VERSION,
+  os_platform: process.platform,
+  node_version: process.version,
+  source: "cli"
+};
+
+// src/commands/autoloop-github-app.ts
+var import_node_crypto4 = require("crypto");
+
+// src/trace-source/redaction.ts
+var TRACE_REDACTED = "[REDACTED]";
+var DEFAULT_SENSITIVE_TRACE_KEY_PARTS = [
+  "token",
+  "secret",
+  "password",
+  "authorization",
+  "apikey",
+  "api-key",
+  "api_key",
+  "credential",
+  "cookie",
+  "privatekey",
+  "private-key",
+  "private_key",
+  "accesskey",
+  "access-key",
+  "access_key",
+  "databaseurl",
+  "database-url",
+  "database_url",
+  "dburl",
+  "db-url",
+  "db_url",
+  "connectionstring",
+  "connection-string",
+  "connection_string",
+  "dsn",
+  "card",
+  "cardnumber",
+  "creditcard",
+  "pan"
+];
+var DEFAULT_SECRET_TRACE_STRING_PATTERNS = [
+  {
+    pattern: /\b(Bearer\s+)[A-Za-z0-9._~+/=-]{8,}\b/gi,
+    replacement: `$1${TRACE_REDACTED}`
+  },
+  {
+    pattern: /\bgh[pousr]_[A-Za-z0-9]{16,}\b/g
+  },
+  {
+    pattern: /\bgithub_pat_[A-Za-z0-9_]{16,}\b/g
+  },
+  {
+    pattern: /\bsk_(?:live|test)_[A-Za-z0-9]{16,}\b/g
+  },
+  {
+    pattern: /\bsk-proj-[A-Za-z0-9_-]{16,}\b/g
+  },
+  {
+    pattern: /\bsk-ant-[A-Za-z0-9_-]{8,}\b/g
+  },
+  {
+    pattern: /\bsk-[A-Za-z0-9_-]{16,}\b/g
+  },
+  {
+    pattern: /\b(?:postgres(?:ql)?|mysql|mariadb|mongodb(?:\+srv)?|redis|rediss):\/\/[^\s"'<>]+/gi,
+    replacement: "[CONNECTION_URL_REDACTED]"
+  },
+  {
+    pattern: /\b(https?:\/\/)[^/\s"'<>@]+@/gi,
+    replacement: `$1${TRACE_REDACTED}@`
+  },
+  {
+    pattern: /\bAIza[0-9A-Za-z_-]{12,}\b/g
+  },
+  {
+    pattern: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/g
+  },
+  {
+    pattern: /\bx(?:app|oxa|oxc|oxp|oxs)-[A-Za-z0-9-]{10,}\b/g
+  },
+  {
+    pattern: /\b(?:AKIA|ASIA)[0-9A-Z]{16}\b/g
+  },
+  {
+    pattern: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}\.[A-Za-z0-9._-]{10,}\b/g
+  },
+  {
+    pattern: /-----BEGIN(?:[ A-Z]+)?PRIVATE KEY-----[\s\S]*?-----END(?:[ A-Z]+)?PRIVATE KEY-----/g
+  },
+  {
+    pattern: /(^|[?&])((?:token|access_token|refresh_token|client_secret|secret|api_key|apikey|password|signature|sig|x-amz-signature|x-goog-signature|awsaccesskeyid|sv|se|sp)=)[^&\s]+/gi,
+    replacement: `$1$2${TRACE_REDACTED}`
+  },
+  {
+    pattern: /\b((?:"?(?:authorization|token|access_token|refresh_token|client_secret|secret|api_key|apikey|password|private_key|privatekey|database_url|databaseurl|db_url|dburl|connection_string|connectionstring|dsn)"?\s*[:=]\s*)(?!\[[A-Za-z0-9_ -]+\]))(?:"[^"]+"|'[^']+'|Bearer\s+\[[A-Za-z0-9_ -]+\]|Bearer\s+[^\s,}\]]+|[^\s,}\]]+)/gi,
+    replacement: `$1${TRACE_REDACTED}`
+  },
+  {
+    pattern: /\b([A-Z0-9_]*(?:API_KEY|SECRET_KEY|ACCESS_KEY|ACCESS_TOKEN|REFRESH_TOKEN|AUTH_TOKEN|BEARER_TOKEN|TOKEN|PASSWORD|SECRET|PRIVATE_KEY)[A-Z0-9_]*\s*[:=]\s*)(?!\[[A-Za-z0-9_ -]+\])(?:"[^"]+"|'[^']+'|[^\s,}\]]+)/g,
+    replacement: `$1${TRACE_REDACTED}`
+  }
+];
+var DEFAULT_TRACE_REDACTION_POLICY = {
+  enabled: true,
+  mode: "mask",
+  replacement: TRACE_REDACTED,
+  sensitiveKeyParts: DEFAULT_SENSITIVE_TRACE_KEY_PARTS,
+  stringPatterns: DEFAULT_SECRET_TRACE_STRING_PATTERNS,
+  maxDepth: 24
+};
+function normalizeTraceRedactionPolicy(policy) {
+  return {
+    ...DEFAULT_TRACE_REDACTION_POLICY,
+    ...policy,
+    sensitiveKeyParts: policy?.sensitiveKeyParts ?? DEFAULT_TRACE_REDACTION_POLICY.sensitiveKeyParts,
+    stringPatterns: policy?.stringPatterns ?? DEFAULT_TRACE_REDACTION_POLICY.stringPatterns
+  };
+}
+function redactTraceString(value, policy = DEFAULT_TRACE_REDACTION_POLICY) {
+  const normalizedPolicy = normalizeTraceRedactionPolicy(policy);
+  if (!normalizedPolicy.enabled) {
+    return value;
+  }
+  let redacted = value;
+  for (const { pattern, replacement } of normalizedPolicy.stringPatterns) {
+    const effectiveReplacement = replacement ? replacement.replaceAll(TRACE_REDACTED, normalizedPolicy.replacement) : normalizedPolicy.replacement;
+    redacted = redacted.replace(pattern, effectiveReplacement);
+  }
+  return redacted;
+}
+
+// src/commands/github-rest.ts
+function normalizeRepositoryFullName(value) {
+  const trimmed = value?.trim();
+  if (!trimmed || !/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/.test(trimmed)) return void 0;
+  return trimmed;
+}
+
+// src/commands/autoloop-github-app.ts
+var GITHUB_APP_INSTALLATION_PERMISSIONS = {
+  actions: "read",
+  checks: "read",
+  contents: "write",
+  issues: "write",
+  metadata: "read",
+  pull_requests: "write",
+  statuses: "read"
+};
+var DEFAULT_GITHUB_APP_TOKEN_TIMEOUT_MS = 1e4;
+function isDirectGithubAppKeyAllowed(env = process.env) {
+  return (env["ARCHAL_AUTOLOOP_ALLOW_DIRECT_GITHUB_APP_KEY"] ?? "").trim().toLowerCase() === "true";
+}
+async function resolveAutoloopInstallationToken(input, options = {}) {
+  const resolution = await resolveAutoloopInstallationTokenWithDiagnostics(input, options);
+  return resolution?.token;
+}
+async function resolveAutoloopInstallationTokenWithDiagnostics(input, options = {}) {
+  const env = options.env ?? process.env;
+  const explicitToken = env["GITHUB_INSTALLATION_TOKEN"]?.trim();
+  if (explicitToken) return { token: explicitToken };
+  const fetchImpl = withGithubAppTokenTimeout(options.fetchImpl ?? fetch, env);
+  const archalToken = options.archalToken ?? env["ARCHAL_TOKEN"]?.trim();
+  const archalBaseUrl = options.archalBaseUrl ?? env["ARCHAL_GITHUB_APP_BASE_URL"]?.trim() ?? env["ARCHAL_AUTH_BASE_URL"]?.trim() ?? env["ARCHAL_API_BASE_URL"]?.trim();
+  const hosted = await resolveArchalGithubAppInstallationTokenWithDiagnostics({
+    repository: input.repository,
+    archalToken,
+    archalBaseUrl,
+    fetchImpl
+  });
+  if (hosted?.token) return hosted;
+  if (isDirectGithubAppKeyAllowed(env)) {
+    const direct = await resolveGithubAppInstallationToken({
+      repository: input.repository,
+      installationId: input.installationId,
+      env,
+      fetchImpl
+    });
+    if (direct?.token) return direct;
+  }
+  return hosted?.failure ? { failure: hosted.failure } : void 0;
+}
+async function resolveGithubAppInstallationToken(input) {
+  const repository = normalizeRepositoryFullName(input.repository);
+  if (!repository) return void 0;
+  const env = input.env ?? process.env;
+  const appId = env["ARCHAL_GITHUB_APP_ID"]?.trim();
+  const privateKey = env["ARCHAL_GITHUB_APP_PRIVATE_KEY"]?.trim();
+  if (!appId || !privateKey) return void 0;
+  const installationId = input.installationId?.trim();
+  if (!installationId || !/^\d+$/.test(installationId)) return void 0;
+  const [, repo] = repository.split("/");
+  const fetchImpl = withGithubAppTokenTimeout(input.fetchImpl ?? fetch, env);
+  const jwt = buildGithubAppJwt({ appId, privateKey });
+  const tokenResponse = await fetchImpl(
+    `https://api.github.com/app/installations/${installationId}/access_tokens`,
+    {
+      method: "POST",
+      headers: githubHeaders(jwt, { "content-type": "application/json" }),
+      body: JSON.stringify({
+        repositories: [repo],
+        permissions: GITHUB_APP_INSTALLATION_PERMISSIONS
+      })
+    }
+  );
+  if (!tokenResponse.ok) return void 0;
+  const payload = await tokenResponse.json().catch(() => ({}));
+  const token = String(payload["token"] ?? "").trim();
+  const expiresAt = String(payload["expires_at"] ?? "").trim();
+  return token ? { token, expiresAt: expiresAt || void 0 } : void 0;
+}
+async function resolveArchalGithubAppInstallationTokenWithDiagnostics(input) {
+  const repository = normalizeRepositoryFullName(input.repository);
+  if (!repository || !input.archalToken || !input.archalBaseUrl) return void 0;
+  const fetchImpl = withGithubAppTokenTimeout(input.fetchImpl ?? fetch);
+  const response = await fetchImpl(
+    new URL("/api/workspaces/current/integrations/github/installation-token", input.archalBaseUrl),
+    {
+      method: "POST",
+      headers: { authorization: `Bearer ${input.archalToken}`, "content-type": "application/json" },
+      body: JSON.stringify({ repository })
+    }
+  );
+  const payload = await response.json().catch(() => ({}));
+  const token = String(payload["token"] ?? "").trim();
+  const expiresAt = String(payload["expiresAt"] ?? "").trim();
+  if (response.ok && token) {
+    return { token, expiresAt: expiresAt || void 0 };
+  }
+  return {
+    failure: hostedGithubAppTokenFailure(response, payload)
+  };
+}
+function withGithubAppTokenTimeout(fetchImpl, env = process.env) {
+  return (async (input, init) => {
+    const timeoutMs = resolveGithubAppTokenTimeoutMs(env);
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    timeout.unref?.();
+    try {
+      return await fetchImpl(input, { ...init, signal: controller.signal });
+    } catch (error) {
+      if (controller.signal.aborted) {
+        throw new Error("autoloop_github_app_token_request_timeout");
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  });
+}
+function resolveGithubAppTokenTimeoutMs(env) {
+  const raw = env["ARCHAL_AUTOLOOP_GITHUB_APP_TOKEN_TIMEOUT_MS"]?.trim();
+  if (!raw) return DEFAULT_GITHUB_APP_TOKEN_TIMEOUT_MS;
+  const timeoutMs = Number(raw);
+  return Number.isInteger(timeoutMs) && timeoutMs >= 100 ? timeoutMs : DEFAULT_GITHUB_APP_TOKEN_TIMEOUT_MS;
+}
+function githubHeaders(jwt, extra = {}) {
+  return {
+    accept: "application/vnd.github+json",
+    authorization: `Bearer ${jwt}`,
+    "x-github-api-version": "2022-11-28",
+    ...extra
+  };
+}
+function hostedGithubAppTokenFailure(response, payload) {
+  const record = isRecord(payload) ? payload : {};
+  const code = safeHostedFailurePart(
+    stringField(record, "error") ?? stringField(record, "code") ?? (response.ok ? "missing_token" : `http_${response.status}`),
+    "unknown"
+  );
+  const message = safeHostedFailurePart(
+    stringField(record, "detail") ?? stringField(record, "message") ?? (response.ok ? "hosted minter response did not include a token" : void 0),
+    ""
+  );
+  return {
+    source: "hosted",
+    code,
+    status: response.status,
+    ...message ? { message } : {}
+  };
+}
+function stringField(record, key) {
+  const value = record[key];
+  return typeof value === "string" && value.trim() ? value : void 0;
+}
+function safeHostedFailurePart(value, fallback) {
+  const redacted = redactTraceString(value ?? "").replace(/\s+/g, " ").trim();
+  if (!redacted) return fallback;
+  return redacted.length > 220 ? `${redacted.slice(0, 217)}...` : redacted;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function buildGithubAppJwt(input) {
+  const now = Math.floor(Date.now() / 1e3);
+  const header = base64UrlJson({ alg: "RS256", typ: "JWT" });
+  const payload = base64UrlJson({
+    iat: now - 60,
+    exp: now + 9 * 60,
+    iss: input.appId
+  });
+  const signingInput = `${header}.${payload}`;
+  const signature = (0, import_node_crypto4.createSign)("RSA-SHA256").update(signingInput).end().sign(normalizePem2(input.privateKey), "base64url");
+  return `${signingInput}.${signature}`;
+}
+function base64UrlJson(value) {
+  return Buffer.from(JSON.stringify(value)).toString("base64url");
+}
+function normalizePem2(value) {
+  return value.replace(/\\n/g, "\n").replace(/\\\r?\n/g, "\n").replace(/\\/g, "\n");
+}
+
+// src/shared/evidence-redaction.ts
+var import_node_crypto5 = require("crypto");
+var EVIDENCE_REDACTED = "[REDACTED]";
+var EVIDENCE_SENSITIVE_KEY_PARTS = /* @__PURE__ */ new Set([
+  "token",
+  "secret",
+  "password",
+  "authorization",
+  "apikey",
+  "api_key",
+  "credential",
+  "cookie",
+  "privatekey",
+  "private_key",
+  "accesskey",
+  "access_key",
+  "databaseurl",
+  "database_url",
+  "dburl",
+  "db_url",
+  "redisurl",
+  "redis_url",
+  "mongodburi",
+  "mongo_uri",
+  "connectionstring",
+  "connection_string",
+  "dsn",
+  "workspacekey",
+  "workspace_key",
+  "workspacetoken",
+  "workspace_token",
+  "secretref",
+  "secret_ref",
+  "secretname",
+  "secret_name"
+]);
+var EVIDENCE_SENSITIVE_ENV_KEY_PARTS = /* @__PURE__ */ new Set([
+  ...EVIDENCE_SENSITIVE_KEY_PARTS,
+  "apikey",
+  "api_key",
+  "secretkey",
+  "secret_key",
+  "accesstoken",
+  "access_token",
+  "refreshtoken",
+  "refresh_token",
+  "authtoken",
+  "auth_token",
+  "bearertoken",
+  "bearer_token",
+  "privatekey",
+  "private_key",
+  "databaseurl",
+  "database_url",
+  "dburl",
+  "db_url",
+  "redisurl",
+  "redis_url",
+  "mongodburi",
+  "mongo_uri",
+  "connectionstring",
+  "connection_string",
+  "dsn"
+]);
+var EVIDENCE_SERVICE_STRING_PATTERNS = [
+  {
+    pattern: /https?:\/\/[^\s"'<>]+\/runtime\/session\/[^\s"'<>]*/gi,
+    replacement: "[SERVICE_ENDPOINT_REDACTED]"
+  },
+  {
+    pattern: /\/runtime\/session\/[^\s"'<>]*/gi,
+    replacement: "[SERVICE_ENDPOINT_REDACTED]"
+  },
+  {
+    pattern: /\bx-archal-[\w-]+(?::|=)\s*["']?[^"',\s}]+/gi,
+    replacement: "[SERVICE_HEADER_REDACTED]"
+  },
+  {
+    pattern: /\barchal_mcp_servers\b/gi,
+    replacement: "service_tool_servers"
+  },
+  {
+    pattern: /\bARCHAL_(?:CLONE_URLS_PATH|TWIN_URLS_PATH|PROXY_EVENTS_PATH|METRICS_FILE|AGENT_TRACE_FILE|ENABLE_PROVIDER_EGRESS_PROXY)\b/g,
+    replacement: "[SERVICE_RUNTIME_CONFIG_REDACTED]"
+  },
+  {
+    pattern: /\/archal-artifacts\/[^\s"'<>]*/gi,
+    replacement: "[SERVICE_ARTIFACT_PATH_REDACTED]"
+  },
+  {
+    pattern: /\b(?:host\.docker\.internal|localhost|127\.0\.0\.1):9100\b/gi,
+    replacement: "[SERVICE_PROXY_ENDPOINT_REDACTED]"
+  },
+  {
+    pattern: /\b(?:aws-secretsmanager:\/\/|arn:aws:secretsmanager:[^\s"'<>:]+:\d{12}:secret:)[^\s"'<>]+/gi,
+    replacement: "[SECRET_REF_REDACTED]"
+  },
+  {
+    pattern: /\benv:[A-Z0-9_]*(?:API_KEY|SECRET_KEY|SECRET_NAME|SECRET_REF|ACCESS_KEY|ACCESS_TOKEN|REFRESH_TOKEN|AUTH_TOKEN|BEARER_TOKEN|TOKEN|PASSWORD|SECRET|PRIVATE_KEY|DATABASE_URL|DB_URL|REDIS_URL|MONGO_URI|CONNECTION_STRING|DSN|WORKSPACE_TOKEN|WORKSPACE_KEY)[A-Z0-9_]*\b/g,
+    replacement: "[SECRET_REF_REDACTED]"
+  },
+  {
+    pattern: /(?:file:\/\/)?(?:\/Users\/[^/\s"'<>]+|\/home\/[^/\s"'<>]+|\/private\/tmp|\/tmp|\/var\/folders|\/workspace|\/workspaces)(?:\/[^\s"'<>]*)?/g,
+    replacement: "[LOCAL_PATH_REDACTED]"
+  },
+  {
+    pattern: /\b[A-Za-z]:\\Users\\[^\\\s"'<>]+(?:\\[^\s"'<>]*)?/g,
+    replacement: "[LOCAL_PATH_REDACTED]"
+  }
+];
+var EVIDENCE_SECRET_LITERAL_STRING_PATTERNS = [
+  {
+    pattern: /\b(Bearer\s+)[A-Za-z0-9._~+/=-]+\b/gi,
+    replacement: `$1${EVIDENCE_REDACTED}`
+  },
+  {
+    pattern: /\b(gh[pousr]_[A-Za-z0-9]{16,})\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bgithub_pat_[A-Za-z0-9_]{16,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bsk_(?:live|test)_[A-Za-z0-9]{16,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bsk-proj-[A-Za-z0-9_-]{16,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bsk-ant-[A-Za-z0-9_-]{8,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bsk-[A-Za-z0-9_-]{16,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\barchal_(?:ws|workspace|token|key|pat|secret)_[A-Za-z0-9_.-]{8,}\b/gi,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bsb_(?:secret|publishable)_[A-Za-z0-9_-]{16,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bpostgres(?:ql)?:\/\/[^\s"'<>]+/gi,
+    replacement: "[DATABASE_URL_REDACTED]"
+  },
+  {
+    pattern: /\b(?:redis|rediss|mysql|mariadb|mongodb(?:\+srv)?|amqp|amqps):\/\/[^\s"'<>]+/gi,
+    replacement: "[CONNECTION_STRING_REDACTED]"
+  },
+  {
+    pattern: /\b[A-Za-z][A-Za-z0-9+.-]*:\/\/[^:\s/@]+:[^@\s/]+@[^\s"'<>]+/gi,
+    replacement: "[BASIC_AUTH_URL_REDACTED]"
+  },
+  {
+    pattern: /\bAIza[0-9A-Za-z_-]{12,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\b(?:xox[baprs]-[A-Za-z0-9-]{10,})\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\bx(?:app|oxa|oxc|oxp|oxs)-[A-Za-z0-9-]{10,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\b(?:AKIA|ASIA)[0-9A-Z]{16}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}\.[A-Za-z0-9._-]{10,}\b/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /-----BEGIN(?:[ A-Z]+)?PRIVATE KEY-----[\s\S]*?-----END(?:[ A-Z]+)?PRIVATE KEY-----/g,
+    replacement: EVIDENCE_REDACTED
+  },
+  {
+    pattern: /(^|[?&])((?:token|access_token|refresh_token|client_secret|secret|api_key|apikey|password)=)[^&\s]+/gi,
+    replacement: `$1$2${EVIDENCE_REDACTED}`
+  }
+];
+var EVIDENCE_KEY_VALUE_STRING_PATTERNS = [
+  {
+    pattern: /\b((?:"?(?:authorization|token|access_token|refresh_token|client_secret|secret|secret_ref|secretref|secret_name|secretname|api_key|apikey|password|private_key|privatekey|database_url|databaseurl|db_url|dburl|redis_url|redisurl|mongo_uri|mongodburi|connection_string|connectionstring|dsn|workspace_token|workspacetoken|workspace_key|workspacekey)"?\s*[:=]\s*)(?!\[[A-Z0-9_]+\]))(?:"[^"]+"|'[^']+'|Bearer\s+\[REDACTED\]|Bearer\s+[^\s,}\]]+|[^\s,}\]]+)/gi,
+    replacement: `$1${EVIDENCE_REDACTED}`
+  },
+  {
+    pattern: /\b([A-Z0-9_]*(?:API_KEY|SECRET_KEY|SECRET_NAME|SECRET_REF|ACCESS_KEY|ACCESS_TOKEN|REFRESH_TOKEN|AUTH_TOKEN|BEARER_TOKEN|TOKEN|PASSWORD|SECRET|PRIVATE_KEY|DATABASE_URL|DB_URL|REDIS_URL|MONGO_URI|CONNECTION_STRING|DSN|WORKSPACE_TOKEN|WORKSPACE_KEY)[A-Z0-9_]*\s*[:=]\s*)(?!\[[A-Z0-9_]+\])(?:"[^"]+"|'[^']+'|[^\s,}\]]+)/g,
+    replacement: `$1${EVIDENCE_REDACTED}`
+  }
+];
+var EVIDENCE_SECRET_NAME_STRING_PATTERNS = [
+  {
+    pattern: /(?<!\[)\b[A-Z0-9_]*(?:API_KEY|SECRET_KEY|SECRET_NAME|SECRET_REF|ACCESS_KEY|ACCESS_TOKEN|REFRESH_TOKEN|AUTH_TOKEN|BEARER_TOKEN|TOKEN|PASSWORD|SECRET|PRIVATE_KEY|DATABASE_URL|DB_URL|REDIS_URL|MONGO_URI|CONNECTION_STRING|DSN|WORKSPACE_TOKEN|WORKSPACE_KEY)[A-Z0-9_]*\b/g,
+    replacement: "[SECRET_NAME_REDACTED]"
+  }
+];
+var EVIDENCE_STRING_PATTERNS = [
+  ...EVIDENCE_SERVICE_STRING_PATTERNS,
+  ...EVIDENCE_SECRET_LITERAL_STRING_PATTERNS,
+  ...EVIDENCE_KEY_VALUE_STRING_PATTERNS,
+  ...EVIDENCE_SECRET_NAME_STRING_PATTERNS
+];
+
+// src/commands/autoloop-fix-pr-quality.ts
+function assessFixPrPayload(payload, input = {}) {
+  const assessment = assessAutoloopStoredFixPrEvidence(payload, {
+    expectedCommitSha: input.prHeadSha ?? null
+  });
+  return {
+    passed: assessment.passed,
+    reason: assessment.reason,
+    fixQuality: assessment.fixQuality,
+    postFixReproduction: assessment.postFixReproduction,
+    prBodyQuality: prBodyQualityWithIssues(assessment.prBodyQuality)
+  };
+}
+function prBodyQualityWithIssues(evidence) {
+  return {
+    ...evidence,
+    issues: evidence.status === "passed" ? [] : [evidence.reason]
+  };
+}
+
+// src/commands/autoloop-pr-verification.ts
+async function verifyFixResult(result, input) {
+  if (!result.prUrl) return result;
+  const pr = parseGithubPrUrl(result.prUrl);
+  if (!pr || `${pr.owner}/${pr.repo}`.toLowerCase() !== input.repositoryFullName.toLowerCase()) {
+    return {
+      ...result,
+      status: "blocked",
+      prUrl: null,
+      latestCheckState: "blocked",
+      blockingReason: "reported_pr_repository_mismatch",
+      summary: `${result.summary} Reported PR URL does not belong to ${input.repositoryFullName}.`
+    };
+  }
+  if (result.status !== "checks_passing") {
+    if (result.status === "pr_open") {
+      const token2 = await resolveVerificationToken(input);
+      const verdict = await confirmPrIsOpen(pr, token2);
+      if (verdict.state === "not_open") {
+        return {
+          ...result,
+          status: "blocked",
+          prUrl: null,
+          latestCheckState: "blocked",
+          blockingReason: "reported_pr_not_found",
+          summary: `${result.summary} Reported open PR could not be confirmed.`
+        };
+      }
+      if (verdict.state === "unverifiable") {
+        return {
+          ...result,
+          status: "blocked",
+          prUrl: null,
+          latestCheckState: "blocked",
+          blockingReason: "reported_pr_unverifiable",
+          summary: `${result.summary} Reported open PR could not be verified.`
+        };
+      }
+      const postFixReproduction2 = autoloopPostFixReproductionEvidenceFromPayload(result.payload, {
+        expectedCommitSha: verdict.headSha
+      });
+      if (!postFixReproduction2.passed) {
+        return {
+          ...result,
+          status: "blocked",
+          prUrl: null,
+          latestCheckState: "blocked",
+          blockingReason: postFixReproduction2.reason,
+          summary: `${result.summary} PR not surfaced as post-fix clone reproduction evidence is insufficient: ${postFixReproduction2.reason}.`
+        };
+      }
+      const mismatch2 = prReferenceMatchFailure(result, input.repositoryFullName, verdict, input);
+      if (mismatch2) {
+        return blockedFixResult(
+          result,
+          mismatch2,
+          `Reported PR repository or branch is not verified: ${mismatch2}.`
+        );
+      }
+    }
+    return result;
+  }
+  const initialPostFixReproduction = autoloopPostFixReproductionEvidenceFromPayload(result.payload);
+  if (!initialPostFixReproduction.passed) {
+    return {
+      ...result,
+      status: "blocked",
+      prUrl: null,
+      latestCheckState: "blocked",
+      blockingReason: initialPostFixReproduction.reason,
+      summary: `${result.summary} Post-fix clone reproduction evidence is insufficient: ${initialPostFixReproduction.reason}.`
+    };
+  }
+  const token = await resolveVerificationToken(input);
+  const checks = token ? await fetchGithubPrChecks(pr, token).catch(() => unverifiedGithubPrChecks()) : unverifiedGithubPrChecks();
+  if (checks.state === "unverified") {
+    return {
+      ...result,
+      status: "pr_open",
+      latestCheckState: "unknown",
+      summary: `${result.summary} PR checks could not be verified yet.`
+    };
+  }
+  if (checks.state === "not_open") {
+    return blockedFixResult(result, "reported_pr_not_found", "Reported PR is not open.");
+  }
+  const postFixReproduction = autoloopPostFixReproductionEvidenceFromPayload(result.payload, {
+    expectedCommitSha: checks.headSha
+  });
+  if (!postFixReproduction.passed) {
+    return {
+      ...result,
+      status: "blocked",
+      prUrl: null,
+      latestCheckState: "blocked",
+      blockingReason: postFixReproduction.reason,
+      summary: `${result.summary} Post-fix clone reproduction evidence is insufficient: ${postFixReproduction.reason}.`
+    };
+  }
+  const mismatch = prReferenceMatchFailure(result, input.repositoryFullName, checks, input);
+  if (mismatch) {
+    return blockedFixResult(
+      result,
+      mismatch,
+      `Reported PR repository or branch is not verified: ${mismatch}.`
+    );
+  }
+  if (checks.blockingReason) {
+    return blockedFixResult(
+      result,
+      checks.blockingReason,
+      `Reported PR required-check protection is not verified: ${checks.blockingReason}.`
+    );
+  }
+  if (checks.passing) return verifiedQualityResult(result, checks);
+  if (checks.state === "no_checks" && localValidationPassed(result.payload)) {
+    const qualityResult = verifiedQualityResult(result, checks, "no_checks");
+    if (qualityResult.status === "blocked") return qualityResult;
+    return {
+      ...qualityResult,
+      status: "checks_passing",
+      latestCheckState: "no_checks",
+      summary: `${result.summary} No remote PR checks are configured; local validation and post-fix clone reproduction are verified.`
+    };
+  }
+  return {
+    ...result,
+    status: "pr_open",
+    latestCheckState: checks.state,
+    summary: `${result.summary} PR checks are not verified green yet.`
+  };
+}
+async function verifyOpenFixPrPoll(result, input) {
+  if (result.status !== "pr_open" || !result.prUrl) return result;
+  const pr = parseGithubPrUrl(result.prUrl);
+  if (!pr || `${pr.owner}/${pr.repo}`.toLowerCase() !== input.repositoryFullName.toLowerCase()) {
+    return blockedFixResult(
+      { ...result, prUrl: null },
+      "reported_pr_repository_mismatch",
+      `Reported PR URL does not belong to ${input.repositoryFullName}.`
+    );
+  }
+  const token = await resolveVerificationToken(input);
+  if (!token) return { ...result, latestCheckState: "unknown" };
+  const checks = await fetchGithubPrChecks(pr, token).catch(() => unverifiedGithubPrChecks());
+  if (checks.state === "unverified") return { ...result, latestCheckState: "unknown" };
+  if (checks.state === "not_open") {
+    return blockedFixResult(result, "reported_pr_not_found", "Reported PR is not open.");
+  }
+  const postFixReproduction = autoloopPostFixReproductionEvidenceFromPayload(result.payload, {
+    expectedCommitSha: checks.headSha
+  });
+  if (!postFixReproduction.passed) {
+    return {
+      ...result,
+      status: "blocked",
+      prUrl: null,
+      latestCheckState: "blocked",
+      blockingReason: postFixReproduction.reason,
+      summary: `${result.summary} Open PR cannot become ready because post-fix clone reproduction evidence is insufficient: ${postFixReproduction.reason}.`
+    };
+  }
+  const branchReason = prReferenceMatchFailure(result, input.repositoryFullName, checks, input);
+  if (branchReason) {
+    return blockedFixResult(
+      result,
+      branchReason,
+      `Reported PR repository or branch is not verified: ${branchReason}.`
+    );
+  }
+  if (checks.blockingReason) {
+    return blockedFixResult(
+      result,
+      checks.blockingReason,
+      `Reported PR required-check protection is not verified: ${checks.blockingReason}.`
+    );
+  }
+  if (checks.passing) {
+    const qualityResult = verifiedQualityResult(result, checks);
+    if (qualityResult.status === "blocked") return qualityResult;
+    return {
+      ...qualityResult,
+      status: "checks_passing",
+      latestCheckState: "passing",
+      summary: `${result.summary} PR checks are verified green.`
+    };
+  }
+  if (checks.state === "no_checks" && localValidationPassed(result.payload)) {
+    const qualityResult = verifiedQualityResult(result, checks, "no_checks");
+    if (qualityResult.status === "blocked") return qualityResult;
+    return {
+      ...qualityResult,
+      status: "checks_passing",
+      latestCheckState: "no_checks",
+      summary: `${result.summary} No remote PR checks are configured; local validation and post-fix clone reproduction are verified.`
+    };
+  }
+  return {
+    ...result,
+    latestCheckState: checks.state,
+    summary: `${result.summary} PR checks are not verified green yet.`
+  };
+}
+function verifiedQualityResult(result, checks, latestCheckState = "passing") {
+  const quality = assessFixPrPayload(result.payload, { prHeadSha: checks.headSha });
+  if (quality.passed) return { ...result, latestCheckState };
+  return blockedFixResult(
+    result,
+    quality.reason,
+    `Generated PR evidence is insufficient: ${quality.reason}.`
+  );
+}
+function localValidationPassed(payload) {
+  return isRecord2(payload) && payload["localValidationStatus"] === "passed";
+}
+async function resolveVerificationToken(input) {
+  if (input.githubToken?.trim()) return input.githubToken.trim();
+  const token = await resolveAutoloopInstallationToken(
+    { repository: input.repositoryFullName, installationId: input.githubInstallationId },
+    {
+      archalToken: process.env["ARCHAL_TOKEN"] ?? getCredentials2()?.token,
+      archalBaseUrl: input.authBaseUrl
+    }
+  );
+  return token ?? null;
+}
+async function confirmPrIsOpen(pr, token) {
+  if (!token) return unverifiedGithubPrOpenResult();
+  try {
+    const response = await fetch(
+      `https://api.github.com/repos/${pr.owner}/${pr.repo}/pulls/${pr.number}`,
+      {
+        headers: {
+          authorization: `Bearer ${token}`,
+          accept: "application/vnd.github+json",
+          "x-github-api-version": "2022-11-28"
+        }
+      }
+    );
+    if (response.status === 404)
+      return notOpenGithubPrOpenResult();
+    if (!response.ok) return unverifiedGithubPrOpenResult();
+    const body = await response.json().catch(() => ({}));
+    const head = isRecord2(body["head"]) ? body["head"] : {};
+    const headRepo = isRecord2(head["repo"]) ? head["repo"] : {};
+    const base = isRecord2(body["base"]) ? body["base"] : {};
+    const baseRepo = isRecord2(base["repo"]) ? base["repo"] : {};
+    return {
+      state: body["state"] === "open" ? "open" : "not_open",
+      headRefName: typeof head["ref"] === "string" ? head["ref"] : null,
+      headSha: typeof head["sha"] === "string" ? head["sha"] : null,
+      headRepoFullName: typeof headRepo["full_name"] === "string" ? headRepo["full_name"] : null,
+      baseRefName: typeof base["ref"] === "string" ? base["ref"] : null,
+      baseRepoFullName: typeof baseRepo["full_name"] === "string" ? baseRepo["full_name"] : null
+    };
+  } catch {
+    return unverifiedGithubPrOpenResult();
+  }
+}
+function unverifiedGithubPrOpenResult() {
+  return {
+    state: "unverifiable",
+    headRefName: null,
+    headSha: null,
+    headRepoFullName: null,
+    baseRefName: null,
+    baseRepoFullName: null
+  };
+}
+function notOpenGithubPrOpenResult() {
+  return {
+    state: "not_open",
+    headRefName: null,
+    headSha: null,
+    headRepoFullName: null,
+    baseRefName: null,
+    baseRepoFullName: null
+  };
+}
+function unverifiedGithubPrChecks() {
+  return {
+    passing: false,
+    state: "unverified",
+    headSha: null,
+    headRefName: null,
+    headRepoFullName: null,
+    baseRefName: null,
+    baseRepoFullName: null
+  };
+}
+function parseGithubPrUrl(prUrl) {
+  const match = prUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)$/);
+  if (!match) return null;
+  const owner = match[1];
+  const repo = match[2];
+  const number = match[3];
+  if (!owner || !repo || !number) return null;
+  return { owner, repo, number };
+}
+async function fetchGithubPrChecks(pr, token) {
+  const headers = {
+    authorization: `Bearer ${token}`,
+    accept: "application/vnd.github+json",
+    "x-github-api-version": "2022-11-28"
+  };
+  const pull = await githubJson(
+    `https://api.github.com/repos/${pr.owner}/${pr.repo}/pulls/${pr.number}`,
+    headers
+  );
+  const head = isRecord2(pull["head"]) ? pull["head"] : {};
+  const headRepo = isRecord2(head["repo"]) ? head["repo"] : {};
+  const baseRef = isRecord2(pull["base"]) ? pull["base"] : {};
+  const baseRepo = isRecord2(baseRef["repo"]) ? baseRef["repo"] : {};
+  const sha = typeof head["sha"] === "string" ? head["sha"] : null;
+  const headRefName = typeof head["ref"] === "string" ? head["ref"] : null;
+  const headRepoFullName = typeof headRepo["full_name"] === "string" ? headRepo["full_name"] : null;
+  const base = {
+    headSha: sha,
+    headRefName,
+    headRepoFullName,
+    baseRefName: typeof baseRef["ref"] === "string" ? baseRef["ref"] : null,
+    baseRepoFullName: typeof baseRepo["full_name"] === "string" ? baseRepo["full_name"] : null
+  };
+  if (pull["state"] !== "open") return { passing: false, state: "not_open", ...base };
+  if (!sha) return { passing: false, state: "unknown", ...base };
+  const status = await githubJson(
+    `https://api.github.com/repos/${pr.owner}/${pr.repo}/commits/${sha}/status`,
+    headers
+  );
+  const runs = await fetchGithubCheckRuns(
+    `https://api.github.com/repos/${pr.owner}/${pr.repo}/commits/${sha}/check-runs`,
+    headers
+  );
+  const state = githubCommitStatusState(status["state"]);
+  const statuses = Array.isArray(status["statuses"]) ? status["statuses"] : [];
+  const hasSignal = runs.length > 0 || statuses.length > 0;
+  if (!hasSignal) return { passing: false, state: "no_checks", ...base };
+  if (state === "failure" || state === "error" || runs.some(
+    (run) => ["failure", "timed_out", "cancelled", "action_required"].includes(String(run["conclusion"]))
+  )) {
+    return { passing: false, state: "failing", ...base };
+  }
+  if (statuses.length > 0 && state === "pending" || runs.some((run) => run["status"] !== void 0 && String(run["status"]) !== "completed")) {
+    return { passing: false, state: "pending", ...base };
+  }
+  const statusesPass = statuses.length === 0 || state === "success";
+  const statusSuccessSignal = statuses.length > 0 && state === "success";
+  const checkRunsPass = runs.length === 0 || runs.every((run) => ["success", "skipped", "neutral"].includes(String(run["conclusion"])));
+  const checkRunSuccessSignal = runs.some((run) => String(run["conclusion"]) === "success");
+  if (hasSignal && statusesPass && checkRunsPass && (statusSuccessSignal || checkRunSuccessSignal)) {
+    const requiredChecks = await fetchGithubRequiredCheckContexts({
+      owner: pr.owner,
+      repo: pr.repo,
+      baseRefName: base.baseRefName,
+      token
+    });
+    const requiredBlocker = evaluateRequiredCheckProtection(requiredChecks, status, runs);
+    if (requiredBlocker) {
+      return { passing: false, state: "pending", blockingReason: requiredBlocker, ...base };
+    }
+    return { passing: true, state: "passing", ...base };
+  }
+  if (state === "unknown") return { passing: false, state: "unknown", ...base };
+  return { passing: false, state: "pending", ...base };
+}
+function prReferenceMatchFailure(result, repositoryFullName, checks, input) {
+  const branchName = result.branchName ?? payloadString(result.payload, "branchName", "branch_name", "branch");
+  if (!branchName) return "reported_pr_branch_missing";
+  if (!checks.headRefName) return "reported_pr_branch_missing";
+  if (checks.headRefName !== branchName) return "reported_pr_branch_mismatch";
+  if (!checks.headRepoFullName) return "reported_pr_head_repository_missing";
+  if (checks.headRepoFullName.toLowerCase() !== repositoryFullName.toLowerCase()) {
+    return "reported_pr_head_repository_mismatch";
+  }
+  if (!checks.baseRepoFullName) return "reported_pr_base_repository_missing";
+  if (checks.baseRepoFullName.toLowerCase() !== repositoryFullName.toLowerCase()) {
+    return "reported_pr_base_repository_mismatch";
+  }
+  const expectedBaseBranch = input.expectedBaseBranch ?? payloadString(result.payload, "baseBranch", "base_branch");
+  if (!expectedBaseBranch) return "reported_pr_base_branch_missing";
+  if (!checks.baseRefName) return "reported_pr_base_branch_missing";
+  if (checks.baseRefName !== expectedBaseBranch) return "reported_pr_base_branch_mismatch";
+  return null;
+}
+function blockedFixResult(result, reason, message) {
+  return {
+    ...result,
+    status: "blocked",
+    latestCheckState: "blocked",
+    blockingReason: reason,
+    summary: `${result.summary} ${message}`
+  };
+}
+function githubCommitStatusState(value) {
+  return value === "success" || value === "failure" || value === "error" || value === "pending" ? value : "unknown";
+}
+async function githubJson(url, headers) {
+  const response = await fetch(url, { headers });
+  if (!response.ok) throw new Error(`github_api_${response.status}`);
+  return await response.json();
+}
+async function fetchGithubRequiredCheckContexts(input) {
+  if (!input.baseRefName) {
+    return { requiredContexts: [], blockingReason: "reported_pr_base_branch_missing" };
+  }
+  const source = { ...input, baseRefName: input.baseRefName };
+  const branchProtection = await fetchGithubBranchProtectionRequiredCheckContexts(source).catch(
+    () => ({
+      requiredContexts: [],
+      blockingReason: "reported_pr_required_checks_unverified"
+    })
+  );
+  const ruleset = await fetchGithubRulesetRequiredCheckContexts(source).catch(() => ({
+    requiredContexts: [],
+    blockingReason: "reported_pr_required_checks_unverified"
+  }));
+  if (branchProtection.blockingReason === "reported_pr_required_checks_unverified") {
+    return branchProtection;
+  }
+  if (ruleset.blockingReason === "reported_pr_required_checks_unverified") {
+    return ruleset;
+  }
+  const requiredContexts = [.../* @__PURE__ */ new Set([...branchProtection.requiredContexts, ...ruleset.requiredContexts])];
+  if (requiredContexts.length > 0) return { requiredContexts };
+  return { requiredContexts };
+}
+async function fetchGithubBranchProtectionRequiredCheckContexts(input) {
+  const response = await fetch("https://api.github.com/graphql", {
+    method: "POST",
+    headers: {
+      authorization: `Bearer ${input.token}`,
+      accept: "application/vnd.github+json",
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      query: `
+        query ArchalRequiredChecks($owner: String!, $repo: String!, $ref: String!) {
+          repository(owner: $owner, name: $repo) {
+            ref(qualifiedName: $ref) {
+              branchProtectionRule {
+                requiresStatusChecks
+                requiredStatusCheckContexts
+                requiredStatusChecks {
+                  context
+                }
+              }
+            }
+          }
+        }
+      `,
+      variables: {
+        owner: input.owner,
+        repo: input.repo,
+        ref: input.baseRefName
+      }
+    })
+  });
+  if (!response.ok) throw new Error(`github_graphql_${response.status}`);
+  const body = await response.json();
+  if (Array.isArray(body["errors"]) && body["errors"].length > 0) {
+    throw new Error("github_graphql_errors");
+  }
+  const data = isRecord2(body["data"]) ? body["data"] : {};
+  const repository = isRecord2(data["repository"]) ? data["repository"] : {};
+  const ref = isRecord2(repository["ref"]) ? repository["ref"] : {};
+  const rule = isRecord2(ref["branchProtectionRule"]) ? ref["branchProtectionRule"] : null;
+  if (!rule) {
+    return { requiredContexts: [], blockingReason: "reported_pr_branch_protection_missing" };
+  }
+  if (rule["requiresStatusChecks"] !== true) {
+    return { requiredContexts: [], blockingReason: "reported_pr_required_checks_missing" };
+  }
+  const contexts = /* @__PURE__ */ new Set();
+  const legacyContexts = rule["requiredStatusCheckContexts"];
+  if (Array.isArray(legacyContexts)) {
+    for (const context of legacyContexts) {
+      if (typeof context === "string" && context.trim()) contexts.add(context.trim());
+    }
+  } else if (legacyContexts !== void 0) {
+    return { requiredContexts: [], blockingReason: "reported_pr_required_checks_unverified" };
+  }
+  const requiredStatusChecks = rule["requiredStatusChecks"];
+  const nodes = Array.isArray(requiredStatusChecks) ? requiredStatusChecks : isRecord2(requiredStatusChecks) && Array.isArray(requiredStatusChecks["nodes"]) ? requiredStatusChecks["nodes"] : requiredStatusChecks === void 0 ? [] : null;
+  if (!nodes) {
+    return { requiredContexts: [], blockingReason: "reported_pr_required_checks_unverified" };
+  }
+  for (const node of nodes) {
+    if (!isRecord2(node)) continue;
+    const context = node["context"];
+    if (typeof context === "string" && context.trim()) contexts.add(context.trim());
+  }
+  const requiredContexts = [...contexts];
+  if (requiredContexts.length === 0) {
+    return { requiredContexts, blockingReason: "reported_pr_required_checks_missing" };
+  }
+  return { requiredContexts };
+}
+async function fetchGithubRulesetRequiredCheckContexts(input) {
+  const branch = encodeURIComponent(input.baseRefName);
+  const response = await fetch(
+    `https://api.github.com/repos/${input.owner}/${input.repo}/rules/branches/${branch}?per_page=100`,
+    {
+      headers: {
+        authorization: `Bearer ${input.token}`,
+        accept: "application/vnd.github+json",
+        "x-github-api-version": "2022-11-28"
+      }
+    }
+  );
+  if (response.status === 404) return { requiredContexts: [] };
+  if (!response.ok) {
+    return { requiredContexts: [], blockingReason: "reported_pr_required_checks_unverified" };
+  }
+  const body = await response.json().catch(() => null);
+  if (!Array.isArray(body)) {
+    return { requiredContexts: [], blockingReason: "reported_pr_required_checks_unverified" };
+  }
+  const contexts = /* @__PURE__ */ new Set();
+  for (const item of body) {
+    if (!isRecord2(item)) continue;
+    const type = typeof item["type"] === "string" ? item["type"] : "";
+    if (type === "required_workflows") continue;
+    if (type !== "required_status_checks") continue;
+    const parameters = isRecord2(item["parameters"]) ? item["parameters"] : {};
+    const requiredStatusChecks = parameters["required_status_checks"] ?? parameters["requiredStatusChecks"];
+    if (!Array.isArray(requiredStatusChecks)) {
+      return { requiredContexts: [], blockingReason: "reported_pr_required_checks_unverified" };
+    }
+    for (const check of requiredStatusChecks) {
+      if (typeof check === "string" && check.trim()) {
+        contexts.add(check.trim());
+      } else if (isRecord2(check)) {
+        const context = check["context"];
+        if (typeof context === "string" && context.trim()) contexts.add(context.trim());
+      }
+    }
+  }
+  return { requiredContexts: [...contexts] };
+}
+function evaluateRequiredCheckProtection(protection, status, runs) {
+  if (protection.blockingReason) return protection.blockingReason;
+  const required = protection.requiredContexts.map((context) => context.toLowerCase());
+  const seen = /* @__PURE__ */ new Set();
+  const statuses = Array.isArray(status["statuses"]) ? status["statuses"] : [];
+  for (const item of statuses) {
+    if (!isRecord2(item)) continue;
+    const context = item["context"];
+    if (typeof context !== "string" || !context.trim()) continue;
+    seen.add(context.trim().toLowerCase());
+  }
+  for (const run of runs) {
+    const name = run["name"];
+    if (typeof name !== "string" || !name.trim()) continue;
+    seen.add(name.trim().toLowerCase());
+  }
+  return required.every((context) => seen.has(context)) ? null : "reported_pr_required_checks_unverified";
+}
+async function fetchGithubCheckRuns(url, headers) {
+  const runs = [];
+  let nextUrl = url;
+  for (let page = 0; nextUrl && page < 20; page += 1) {
+    const response = await fetch(nextUrl, { headers });
+    if (!response.ok) throw new Error(`github_api_${response.status}`);
+    const body = await response.json();
+    if (Array.isArray(body["check_runs"])) {
+      runs.push(
+        ...body["check_runs"].filter((run) => isRecord2(run))
+      );
+    }
+    nextUrl = parseGithubNextLink(response.headers.get("link"));
+  }
+  if (nextUrl) throw new Error("github_check_runs_page_limit");
+  return runs;
+}
+function parseGithubNextLink(linkHeader) {
+  if (!linkHeader) return null;
+  for (const part of linkHeader.split(",")) {
+    const match = part.match(/<([^>]+)>;\s*rel="next"/);
+    if (!match?.[1]) continue;
+    try {
+      const url = new URL(match[1]);
+      return url.hostname === "api.github.com" ? url.toString() : null;
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function isRecord2(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function payloadString(payload, ...keys) {
+  if (!isRecord2(payload)) return null;
+  for (const key of keys) {
+    const value = payload[key];
+    if (typeof value === "string" && value.trim().length > 0 && value.trim() === value)
+      return value;
+  }
+  return null;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifyFixResult,
+  verifyOpenFixPrPoll
+});
+/*! Bundled license information:
+
+@posthog/core/dist/vendor/uuidv7.mjs:
+  (*! For license information please see uuidv7.mjs.LICENSE.txt *)
+  (**
+   * uuidv7: An experimental implementation of the proposed UUID Version 7
+   *
+   * @license Apache-2.0
+   * @copyright 2021-2023 LiosK
+   * @packageDocumentation
+   *)
+*/