comisai 1.0.34 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
  2. package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
  3. package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
  4. package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
  5. package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
  6. package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
  7. package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
  8. package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
  9. package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
  10. package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
  11. package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
  12. package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
  13. package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
  14. package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
  15. package/node_modules/@comis/agent/dist/background/index.js +4 -0
  16. package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
  17. package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
  18. package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
  19. package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
  20. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
  21. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
  22. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
  23. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
  24. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
  25. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
  26. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
  27. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
  28. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
  29. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
  30. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
  31. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
  32. package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
  33. package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
  34. package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
  35. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
  36. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
  37. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
  38. package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
  39. package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
  40. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
  41. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
  42. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
  43. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
  44. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
  45. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
  46. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
  47. package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
  48. package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
  49. package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
  50. package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
  51. package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
  52. package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
  53. package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
  54. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
  55. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
  56. package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
  57. package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
  58. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
  59. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
  60. package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
  61. package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
  62. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
  63. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
  64. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
  65. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
  66. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
  67. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
  68. package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
  69. package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
  70. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
  71. package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
  72. package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
  73. package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
  74. package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
  75. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
  76. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
  77. package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
  78. package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
  79. package/node_modules/@comis/agent/dist/index.d.ts +17 -0
  80. package/node_modules/@comis/agent/dist/index.js +32 -11
  81. package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
  82. package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
  83. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
  84. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
  85. package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
  86. package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
  87. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
  88. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
  89. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
  90. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
  91. package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
  92. package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
  93. package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
  94. package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
  95. package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
  96. package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
  97. package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
  98. package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
  99. package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
  100. package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
  101. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
  102. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
  103. package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
  104. package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
  105. package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
  106. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
  107. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
  108. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
  109. package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
  110. package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
  111. package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
  112. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
  113. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
  114. package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
  115. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
  116. package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
  117. package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
  118. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
  119. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
  120. package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
  121. package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
  122. package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
  123. package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
  124. package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
  125. package/node_modules/@comis/agent/package.json +1 -1
  126. package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
  127. package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
  128. package/node_modules/@comis/channels/dist/index.d.ts +1 -1
  129. package/node_modules/@comis/channels/dist/index.js +1 -1
  130. package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
  131. package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
  132. package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
  133. package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
  134. package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
  135. package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
  136. package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
  137. package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
  138. package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
  139. package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
  140. package/node_modules/@comis/channels/package.json +1 -1
  141. package/node_modules/@comis/cli/dist/cli.js +2 -0
  142. package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
  143. package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
  144. package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
  145. package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
  146. package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
  147. package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
  148. package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
  149. package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
  150. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
  151. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
  152. package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
  153. package/node_modules/@comis/cli/dist/index.d.ts +1 -0
  154. package/node_modules/@comis/cli/dist/index.js +10 -4
  155. package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
  156. package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
  157. package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
  158. package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
  159. package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
  160. package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
  161. package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
  162. package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
  163. package/node_modules/@comis/cli/package.json +1 -1
  164. package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
  165. package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
  166. package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
  167. package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
  168. package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
  169. package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
  170. package/node_modules/@comis/core/dist/config/index.js +4 -1
  171. package/node_modules/@comis/core/dist/config/loader.js +61 -0
  172. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
  173. package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
  174. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
  175. package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
  176. package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
  177. package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
  178. package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
  179. package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
  180. package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
  181. package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
  182. package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
  183. package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
  184. package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
  185. package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
  186. package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
  187. package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
  188. package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
  189. package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
  190. package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
  191. package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
  192. package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
  193. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
  194. package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
  195. package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
  196. package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
  197. package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
  198. package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
  199. package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
  200. package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
  201. package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
  202. package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
  203. package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
  204. package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
  205. package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
  206. package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
  207. package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
  208. package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
  209. package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
  210. package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
  211. package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
  212. package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
  213. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
  214. package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
  215. package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
  216. package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
  217. package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
  218. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
  219. package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
  220. package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
  221. package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
  222. package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
  223. package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
  224. package/node_modules/@comis/core/dist/config/schema.js +9 -0
  225. package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
  226. package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
  227. package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
  228. package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
  229. package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
  230. package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
  231. package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
  232. package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
  233. package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
  234. package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
  235. package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
  236. package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
  237. package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
  238. package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
  239. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
  240. package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
  241. package/node_modules/@comis/core/dist/exports/config.js +3 -1
  242. package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
  243. package/node_modules/@comis/core/dist/exports/domain.js +1 -0
  244. package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
  245. package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
  246. package/node_modules/@comis/core/dist/exports/ports.js +1 -1
  247. package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
  248. package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
  249. package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
  250. package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
  251. package/node_modules/@comis/core/dist/ports/index.js +5 -0
  252. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
  253. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
  254. package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
  255. package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
  256. package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
  257. package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
  258. package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
  259. package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
  260. package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
  261. package/node_modules/@comis/core/package.json +1 -1
  262. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
  263. package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
  264. package/node_modules/@comis/daemon/dist/daemon.js +168 -30
  265. package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
  266. package/node_modules/@comis/daemon/dist/index.js +5 -0
  267. package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
  268. package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
  269. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
  270. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
  271. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
  272. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
  273. package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
  274. package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
  275. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
  276. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
  277. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
  278. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
  279. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
  280. package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
  281. package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
  282. package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
  283. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
  284. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
  285. package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
  286. package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
  287. package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
  288. package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
  289. package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
  290. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
  291. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
  292. package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
  293. package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
  294. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
  295. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
  296. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
  297. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
  298. package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
  299. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
  300. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
  301. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
  302. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
  303. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
  304. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
  305. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
  306. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
  307. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
  308. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
  309. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
  310. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
  311. package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
  312. package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
  313. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
  314. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
  315. package/node_modules/@comis/daemon/package.json +1 -1
  316. package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
  317. package/node_modules/@comis/gateway/dist/index.js +2 -0
  318. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
  319. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
  320. package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
  321. package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
  322. package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
  323. package/node_modules/@comis/gateway/package.json +1 -1
  324. package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
  325. package/node_modules/@comis/infra/package.json +1 -1
  326. package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
  327. package/node_modules/@comis/memory/dist/compaction.js +2 -3
  328. package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
  329. package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
  330. package/node_modules/@comis/memory/dist/index.d.ts +2 -0
  331. package/node_modules/@comis/memory/dist/index.js +3 -0
  332. package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
  333. package/node_modules/@comis/memory/dist/memory-api.js +1 -1
  334. package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
  335. package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
  336. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
  337. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
  338. package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
  339. package/node_modules/@comis/memory/dist/session-store.js +1 -1
  340. package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
  341. package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
  342. package/node_modules/@comis/memory/package.json +1 -1
  343. package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
  344. package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
  345. package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
  346. package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
  347. package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
  348. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
  349. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
  350. package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
  351. package/node_modules/@comis/scheduler/dist/index.js +2 -0
  352. package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
  353. package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
  354. package/node_modules/@comis/scheduler/package.json +1 -1
  355. package/node_modules/@comis/shared/dist/index.d.ts +3 -0
  356. package/node_modules/@comis/shared/dist/index.js +4 -0
  357. package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
  358. package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
  359. package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
  360. package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
  361. package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
  362. package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
  363. package/node_modules/@comis/shared/package.json +1 -1
  364. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
  365. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
  366. package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
  367. package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
  368. package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
  369. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
  370. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
  371. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
  372. package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
  373. package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
  374. package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
  375. package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
  376. package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
  377. package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
  378. package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
  379. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
  380. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
  381. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
  382. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
  383. package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
  384. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
  385. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
  386. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
  387. package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
  388. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
  389. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
  390. package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
  391. package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
  392. package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
  393. package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
  394. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
  395. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
  396. package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
  397. package/node_modules/@comis/skills/dist/index.d.ts +4 -1
  398. package/node_modules/@comis/skills/dist/index.js +3 -1
  399. package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
  400. package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
  401. package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
  402. package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
  403. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
  404. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
  405. package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
  406. package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
  407. package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
  408. package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
  409. package/node_modules/@comis/skills/package.json +1 -1
  410. package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
  411. package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
  412. package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
  413. package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
  414. package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
  415. package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
  416. package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
  417. package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
  418. package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
  419. package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
  420. package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
  421. package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
  422. package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
  423. package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
  424. package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
  425. package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
  426. package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
  427. package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
  428. package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
  429. package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
  430. package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
  431. package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
  432. package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
  433. package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
  434. package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
  435. package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
  436. package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
  437. package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
  438. package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
  439. package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
  440. package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
  441. package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
  442. package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
  443. package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
  444. package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
  445. package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
  446. package/node_modules/@comis/web/dist/index.html +1 -1
  447. package/node_modules/@comis/web/package.json +1 -1
  448. package/package.json +25 -24
@@ -101,13 +101,16 @@ export declare function resolveModelTier(contextWindow: number): ModelTier;
101
101
  */
102
102
  export declare function resolveToolCallingTemperature(modelTier: ModelTier): number;
103
103
  /**
104
- * Anthropic models that support server-side tool_search_tool_regex
105
- * (defer_loading). Sonnet 4.x+, Opus 4.x+; NOT Haiku.
104
+ * Anthropic models that support server-side tool-search via defer_loading.
105
+ * Sonnet 4.x+, Opus 4.x+; NOT Haiku.
106
106
  *
107
- * When this returns true, request-body-injector strips client-side
108
- * `discover_tools` from the API payload and appends `tool_search_tool_regex`
109
- * instead -- so any model-facing teaching string about `discover_tools`
110
- * contradicts the actual tool list and must be suppressed (260428-oyc).
107
+ * **Surviving caller:** `request-body-injector.ts` (the
108
+ * `if (supportsToolSearch(model.id)) {...}` gate inside the Anthropic
109
+ * `onPayload` handler). Used to gate the API-payload reshape that strips
110
+ * the client-side discovery tool, appends the server-side tool-search
111
+ * regex tool, and marks deferred tools `defer_loading: true`. This is a
112
+ * runtime API-payload concern, distinct from the deferred-tool prompt
113
+ * teaching emitted by `buildDeferredToolsContext`.
111
114
  *
112
115
  * Lowercase-normalize so provider-prefixed model ids
113
116
  * (`anthropic/claude-sonnet-4`, `bedrock/anthropic.claude-opus-4`) resolve
@@ -135,31 +138,19 @@ export declare function resolveToolDescription(tool: ToolDefinition): string;
135
138
  * Lists deferred tool names and descriptions so the LLM knows what's
136
139
  * available behind a discovery mechanism.
137
140
  *
138
- * The third line (the instruction line) is conditional on `useToolSearch`:
139
- *
140
- * - `useToolSearch=false` (default, every non-Anthropic provider + Haiku):
141
- * teaches the model to call the client-side `discover_tools` tool, which
142
- * IS present in those payloads.
143
- *
144
- * - `useToolSearch=true` (Anthropic Sonnet/Opus 4.x): the API payload no
145
- * longer contains a client-side `discover_tools` tool -- the
146
- * request-body-injector replaces it with the server-side
147
- * `tool_search_tool_regex` and marks deferred tools `defer_loading: true`,
148
- * meaning Anthropic auto-loads them on first direct invocation. The
149
- * teaching string therefore points at direct invocation + tool-search by
150
- * regex, never at `discover_tools`. Without this conditional, the model
151
- * reads its own preamble ("call discover_tools") against a tool list that
152
- * doesn't contain that tool and gives up (260428-oyc production repro).
141
+ * The instruction line is mechanism-neutral: it tells the model these
142
+ * tools are available but not loaded, and points it at "the discovery
143
+ * mechanism available in your active toolspace" without naming a specific
144
+ * tool. Provider-specific payload reshaping (stripping the client-side
145
+ * discovery tool and appending the server-side tool-search regex tool for
146
+ * Anthropic Sonnet/Opus 4.x) lives entirely in `request-body-injector.ts`
147
+ * and is gated by `supportsToolSearch(modelId)`. This separation is
148
+ * enforced by architecture-grep tests.
153
149
  *
154
150
  * @param entries - Deferred tool entries (remaining after discovery re-inclusion)
155
- * @param options - Optional flags. `useToolSearch=true` switches the third
156
- * line to the tool-search-aware variant. Defaults to false (backward-
157
- * compatible with the discover_tools teaching).
158
151
  * @returns XML block string, or empty string when no entries
159
152
  */
160
- export declare function buildDeferredToolsContext(entries: DeferredToolEntry[], options?: {
161
- useToolSearch?: boolean;
162
- }): string;
153
+ export declare function buildDeferredToolsContext(entries: DeferredToolEntry[]): string;
163
154
  /**
164
155
  * Apply unified tool deferral: rule-based, budget-based, small-model,
165
156
  * lifecycle merge, and operator overrides.
@@ -15,7 +15,7 @@
15
15
  * @module
16
16
  */
17
17
  import { getToolMetadata } from "@comis/core";
18
- import { extractMcpServerName } from "../bridge/bridge-event-handlers.js";
18
+ import { extractMcpServerName } from "@comis/shared";
19
19
  import { PRIVILEGED_TOOL_NAMES } from "../bootstrap/sections/tooling-sections.js";
20
20
  import { LEAN_TOOL_DESCRIPTIONS } from "../bootstrap/sections/tool-descriptions.js";
21
21
  // ---------------------------------------------------------------------------
@@ -96,13 +96,16 @@ export function resolveToolCallingTemperature(modelTier) {
96
96
  return modelTier === "small" ? 0.0 : 0.1;
97
97
  }
98
98
  /**
99
- * Anthropic models that support server-side tool_search_tool_regex
100
- * (defer_loading). Sonnet 4.x+, Opus 4.x+; NOT Haiku.
99
+ * Anthropic models that support server-side tool-search via defer_loading.
100
+ * Sonnet 4.x+, Opus 4.x+; NOT Haiku.
101
101
  *
102
- * When this returns true, request-body-injector strips client-side
103
- * `discover_tools` from the API payload and appends `tool_search_tool_regex`
104
- * instead -- so any model-facing teaching string about `discover_tools`
105
- * contradicts the actual tool list and must be suppressed (260428-oyc).
102
+ * **Surviving caller:** `request-body-injector.ts` (the
103
+ * `if (supportsToolSearch(model.id)) {...}` gate inside the Anthropic
104
+ * `onPayload` handler). Used to gate the API-payload reshape that strips
105
+ * the client-side discovery tool, appends the server-side tool-search
106
+ * regex tool, and marks deferred tools `defer_loading: true`. This is a
107
+ * runtime API-payload concern, distinct from the deferred-tool prompt
108
+ * teaching emitted by `buildDeferredToolsContext`.
106
109
  *
107
110
  * Lowercase-normalize so provider-prefixed model ids
108
111
  * (`anthropic/claude-sonnet-4`, `bedrock/anthropic.claude-opus-4`) resolve
@@ -169,32 +172,21 @@ export function resolveToolDescription(tool) {
169
172
  * Lists deferred tool names and descriptions so the LLM knows what's
170
173
  * available behind a discovery mechanism.
171
174
  *
172
- * The third line (the instruction line) is conditional on `useToolSearch`:
173
- *
174
- * - `useToolSearch=false` (default, every non-Anthropic provider + Haiku):
175
- * teaches the model to call the client-side `discover_tools` tool, which
176
- * IS present in those payloads.
177
- *
178
- * - `useToolSearch=true` (Anthropic Sonnet/Opus 4.x): the API payload no
179
- * longer contains a client-side `discover_tools` tool -- the
180
- * request-body-injector replaces it with the server-side
181
- * `tool_search_tool_regex` and marks deferred tools `defer_loading: true`,
182
- * meaning Anthropic auto-loads them on first direct invocation. The
183
- * teaching string therefore points at direct invocation + tool-search by
184
- * regex, never at `discover_tools`. Without this conditional, the model
185
- * reads its own preamble ("call discover_tools") against a tool list that
186
- * doesn't contain that tool and gives up (260428-oyc production repro).
175
+ * The instruction line is mechanism-neutral: it tells the model these
176
+ * tools are available but not loaded, and points it at "the discovery
177
+ * mechanism available in your active toolspace" without naming a specific
178
+ * tool. Provider-specific payload reshaping (stripping the client-side
179
+ * discovery tool and appending the server-side tool-search regex tool for
180
+ * Anthropic Sonnet/Opus 4.x) lives entirely in `request-body-injector.ts`
181
+ * and is gated by `supportsToolSearch(modelId)`. This separation is
182
+ * enforced by architecture-grep tests.
187
183
  *
188
184
  * @param entries - Deferred tool entries (remaining after discovery re-inclusion)
189
- * @param options - Optional flags. `useToolSearch=true` switches the third
190
- * line to the tool-search-aware variant. Defaults to false (backward-
191
- * compatible with the discover_tools teaching).
192
185
  * @returns XML block string, or empty string when no entries
193
186
  */
194
- export function buildDeferredToolsContext(entries, options) {
187
+ export function buildDeferredToolsContext(entries) {
195
188
  if (entries.length === 0)
196
189
  return "";
197
- const useToolSearch = options?.useToolSearch === true;
198
190
  // Separate MCP tools (group by server) from non-MCP tools (individual listing)
199
191
  const mcpByServer = new Map();
200
192
  const nonMcpEntries = [];
@@ -220,9 +212,9 @@ export function buildDeferredToolsContext(entries, options) {
220
212
  const shortNames = tools.map(t => t.name.startsWith(prefix) ? t.name.slice(prefix.length) : t.name);
221
213
  lines.push(`[${server}] (${tools.length} tools): ${shortNames.join(", ")}`);
222
214
  }
223
- const instruction = useToolSearch
224
- ? "These tools auto-load on first invocation -- call them directly by name with the right arguments. To preview a tool's schema before calling, use tool_search_tool_regex with a regex matching the tool name (e.g., tool_search_tool_regex(pattern: \"agents_manage\"))."
225
- : "Call discover_tools to search by keyword or server name (e.g., discover_tools(\"yfinance\")).";
215
+ const instruction = "These tools are connected but not currently loaded into your active context. " +
216
+ "To use one, invoke the discovery mechanism available in your active toolspace, " +
217
+ "then call the loaded tool with the appropriate arguments.";
226
218
  return [
227
219
  "<deferred-tools>",
228
220
  "The following tools are available but not loaded.",
@@ -257,7 +249,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
257
249
  for (const t of tools) {
258
250
  originalToolMap.set(t.name, t);
259
251
  }
260
- // Phase 1: Rule-based deferral
252
+ // Rule-based deferral
261
253
  for (const rule of DEFERRAL_RULES) {
262
254
  if (!rule.activeWhen(deferralContext)) {
263
255
  for (const toolName of rule.tools) {
@@ -267,7 +259,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
267
259
  }
268
260
  }
269
261
  }
270
- // Phase 2: MCP tools deferred by default (only for providers with mid-turn injection)
262
+ // MCP tools deferred by default (only for providers with mid-turn injection)
271
263
  // Providers without mid-turn injection (OpenAI, xAI, etc.) get MCP tools from the start,
272
264
  // because sub-agents only call execute() once and there is no "next execution" for
273
265
  // discovered tools to appear in.
@@ -282,7 +274,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
282
274
  }
283
275
  }
284
276
  }
285
- // Phase 3: Small model aggressive deferral
277
+ // Small model aggressive deferral
286
278
  if (deferralContext.modelTier === "small") {
287
279
  for (const t of tools) {
288
280
  if (!deferredSet.has(t.name) && !CORE_TOOLS.has(t.name) && !deferralContext.recentlyUsedToolNames.has(t.name)) {
@@ -290,7 +282,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
290
282
  }
291
283
  }
292
284
  }
293
- // Phase 4: Merge lifecycle-demoted tools into deferral set for unified discover_tools
285
+ // Merge lifecycle-demoted tools into deferral set for unified discover_tools
294
286
  // Clear discovery state for lifecycle-demoted tools (prevents appearing
295
287
  // in both discoveredTools and deferredEntries simultaneously)
296
288
  if (deferralContext.lifecycleDemotedNames) {
@@ -301,7 +293,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
301
293
  }
302
294
  }
303
295
  }
304
- // Phase 5: Operator overrides (neverDefer / alwaysDefer from DeferredToolsConfigSchema)
296
+ // Operator overrides (neverDefer / alwaysDefer from DeferredToolsConfigSchema)
305
297
  if (deferralContext.neverDefer) {
306
298
  for (const name of deferralContext.neverDefer) {
307
299
  deferredSet.delete(name);
@@ -428,7 +420,7 @@ function structuredSearch(deferredTools, query, maxResults) {
428
420
  if (prefixMatches.length > 0)
429
421
  return prefixMatches;
430
422
  }
431
- // Mode 4: Server name match (e.g., "yfinance" -> all mcp__yfinance--* tools)
423
+ // Mode 4: Server name match (e.g., bare server token -> all mcp__<server>--* tools)
432
424
  const serverPrefix = `mcp__${q}--`;
433
425
  const serverMatches = deferredTools.filter(t => t.name.toLowerCase().startsWith(serverPrefix));
434
426
  if (serverMatches.length > 0)
@@ -622,7 +614,7 @@ export function createDiscoverTool(deferredEntries, logger, embeddingPort, score
622
614
  return {
623
615
  content: [{
624
616
  type: "text",
625
- text: "No matching tools found. Try an exact tool name, MCP server name (e.g. 'yfinance'), or select:tool1,tool2 syntax.",
617
+ text: "No matching tools found. Try an exact tool name, MCP server name, or select:tool1,tool2 syntax.",
626
618
  }],
627
619
  isError: false,
628
620
  details: undefined,
@@ -648,12 +640,11 @@ export function createDiscoverTool(deferredEntries, logger, embeddingPort, score
648
640
  * Match modes (checked in order, first non-empty wins):
649
641
  * 1. Exact name match (case-insensitive) against the full query.
650
642
  * 2. `mcp__` / `mcp:` prefix match against the full query.
651
- * 3. Bare server-name match on full query (`"yfinance"` -> all `mcp__yfinance--*`).
643
+ * 3. Bare server-name match on full query (e.g., bare server token -> all `mcp__<server>--*`).
652
644
  * 4. Per-token server-name fallback: for multi-word queries like
653
- * `"yfinance get_stock"`, check each whitespace-separated token as a
654
- * potential MCP server name. Catches the srv1593437 08:06:39Z scenario
655
- * where the agent emits `{query: "yfinance get_stock"}` rather than just
656
- * `{query: "yfinance"}`.
645
+ * `"<server> <verb>"`, check each whitespace-separated token as a
646
+ * potential MCP server name. Catches the case where the agent emits
647
+ * `{query: "<server> <verb>"}` rather than just `{query: "<server>"}`.
657
648
  */
658
649
  function findActiveToolMatches(query, activeToolNames) {
659
650
  const q = query.toLowerCase().trim();
@@ -679,7 +670,7 @@ function findActiveToolMatches(query, activeToolNames) {
679
670
  // Mode 4: per-token server fallback for multi-word queries.
680
671
  // Each whitespace-separated token is probed as a server name. The first
681
672
  // token that resolves to >= 1 active tool wins. This handles the common
682
- // "{server} {verb}" pattern like "yfinance get_stock".
673
+ // "<server> <verb>" pattern like "<bare-server-token> <verb>".
683
674
  const tokens = q.split(/\s+/).filter(t => /^[a-z0-9_-]+$/.test(t));
684
675
  for (const token of tokens) {
685
676
  const tokenServerPrefix = `mcp__${token}--`;
@@ -50,6 +50,23 @@ export { createModelScanner } from "./model/model-scanner.js";
50
50
  export type { ScanResult, ModelScanner, ModelScannerDeps } from "./model/model-scanner.js";
51
51
  export { createOAuthTokenManager } from "./model/oauth-token-manager.js";
52
52
  export type { OAuthTokenManager, OAuthTokenManagerDeps, OAuthError } from "./model/oauth-token-manager.js";
53
+ export { resolveProviderApiKey } from "./model/resolve-provider-api-key.js";
54
+ export type { ResolveProviderApiKeyDeps } from "./model/resolve-provider-api-key.js";
55
+ export { decodeCodexJwtPayload, resolveCodexAuthIdentity, resolveCodexStableSubject, resolveCodexAccessTokenExpiry, redactEmailForLog } from "./model/oauth-identity.js";
56
+ export { createOAuthCredentialStoreFile } from "./model/oauth-credential-store-file.js";
57
+ export type { OAuthCredentialStoreFileConfig } from "./model/oauth-credential-store-file.js";
58
+ export { selectOAuthCredentialStore } from "./model/oauth-credential-store-selector.js";
59
+ export type { SelectOAuthCredentialStoreInput, OAuthStorageMode, } from "./model/oauth-credential-store-selector.js";
60
+ export { isRemoteEnvironment } from "./model/oauth-env.js";
61
+ export type { IsRemoteEnvironmentInput } from "./model/oauth-env.js";
62
+ export { loginOpenAICodexOAuth } from "./model/oauth-login-runner.js";
63
+ export type { LoginError, LoginRunnerSuccess, LoginRunnerParams, RunnerPrompter, } from "./model/oauth-login-runner.js";
64
+ export { loginOpenAICodexDeviceCode } from "./model/oauth-device-code.js";
65
+ export type { DeviceCodeVerificationPrompt, LoginOpenAICodexDeviceCodeOptions, } from "./model/oauth-device-code.js";
66
+ export { runOAuthTlsPreflight } from "./model/oauth-tls-preflight.js";
67
+ export type { TlsPreflightResult, TlsPreflightFailureKind, RunOAuthTlsPreflightOptions, } from "./model/oauth-tls-preflight.js";
68
+ export { rewriteOAuthError } from "./model/oauth-errors.js";
69
+ export type { OAuthErrorCode, RewrittenOAuthError, } from "./model/oauth-errors.js";
53
70
  export { createAuthUsageTracker } from "./model/auth-usage-tracker.js";
54
71
  export type { AuthUsageTracker, ProfileStats, ProfileUsageInput } from "./model/auth-usage-tracker.js";
55
72
  export { createLastKnownModelTracker } from "./model/last-known-model.js";
@@ -26,7 +26,7 @@ export { createAuthProvider } from "./model/auth-provider.js";
26
26
  export { createAuthProfileManager } from "./model/auth-profile.js";
27
27
  // Auth rotation adapter (key rotation with cooldown)
28
28
  export { createAuthRotationAdapter } from "./model/auth-rotation-adapter.js";
29
- // Image-aware model routing (existing + image fallback chain from 62-05)
29
+ // Image-aware model routing (existing + image fallback chain)
30
30
  export { resolveModelForMessage, isVisionCapable, createImageFallbackChain } from "./model/image-router.js";
31
31
  // Model allowlist
32
32
  export { createModelAllowlist } from "./model/model-allowlist.js";
@@ -40,9 +40,30 @@ export { createModelCatalog, resolveModelPricing, ZERO_COST } from "./model/mode
40
40
  export { getCacheProviderInfo } from "./executor/cache-usage-helpers.js";
41
41
  // Model scanner
42
42
  export { createModelScanner } from "./model/model-scanner.js";
43
- // OAuth token manager (from 62-03)
43
+ // OAuth token manager
44
44
  export { createOAuthTokenManager } from "./model/oauth-token-manager.js";
45
- // Auth usage tracker (from 62-05)
45
+ // Per-LLM-call OAuth dispatch helper — shared helper used by PiExecutor.execute()
46
+ // pre-hook and the two compaction getApiKey callbacks. Re-exported so the
47
+ // integration test can drive the same resolver hook the executor uses.
48
+ export { resolveProviderApiKey } from "./model/resolve-provider-api-key.js";
49
+ // OAuth identity — pure-function JWT decoder + identity resolver + redaction helper
50
+ export { decodeCodexJwtPayload, resolveCodexAuthIdentity, resolveCodexStableSubject, resolveCodexAccessTokenExpiry, redactEmailForLog } from "./model/oauth-identity.js";
51
+ // OAuth credential store — file adapter (plaintext file-backed adapter with atomic write + per-profile lock + schema versioning)
52
+ export { createOAuthCredentialStoreFile } from "./model/oauth-credential-store-file.js";
53
+ // OAuth credential store selector — lives here so the CLI process can
54
+ // instantiate the same adapter the daemon uses
55
+ export { selectOAuthCredentialStore } from "./model/oauth-credential-store-selector.js";
56
+ // OAuth env detection — pure function for VPS/headless heuristic
57
+ export { isRemoteEnvironment } from "./model/oauth-env.js";
58
+ // OAuth login runner — interactive login orchestrator
59
+ export { loginOpenAICodexOAuth } from "./model/oauth-login-runner.js";
60
+ // Device-code OAuth flow
61
+ export { loginOpenAICodexDeviceCode } from "./model/oauth-device-code.js";
62
+ // OAuth TLS preflight
63
+ export { runOAuthTlsPreflight } from "./model/oauth-tls-preflight.js";
64
+ // OAuth error catalogue
65
+ export { rewriteOAuthError } from "./model/oauth-errors.js";
66
+ // Auth usage tracker
46
67
  export { createAuthUsageTracker } from "./model/auth-usage-tracker.js";
47
68
  // Last-known-working model tracker (auth-failure fallback)
48
69
  export { createLastKnownModelTracker } from "./model/last-known-model.js";
@@ -107,15 +128,15 @@ export { withPromptTimeout, withResettablePromptTimeout, PromptTimeoutError } fr
107
128
  // Error classification (user-safe error messages)
108
129
  export { classifyError, classifyPromptTimeout } from "./executor/error-classifier.js";
109
130
  export { composeStreamWrappers, createConfigResolver, createRequestBodyInjector, createCacheTraceWriter, createApiPayloadTraceWriter, createToolResultSizeBouncer, clearSessionRenderedToolCache } from "./executor/stream-wrappers/index.js";
110
- // Active run registry (-- tracks running sessions for mid-stream steering)
131
+ // Active run registry (tracks running sessions for mid-stream steering)
111
132
  export { createActiveRunRegistry } from "./executor/active-run-registry.js";
112
133
  // Cache break detection
113
134
  export { clearCacheBreakDetectorSession, extractGeminiPromptState } from "./executor/cache-break-detection.js";
114
- // Cache break diff writer ()
135
+ // Cache break diff writer
115
136
  export { createCacheBreakDiffWriter } from "./executor/cache-break-diff-writer.js";
116
137
  // Gemini cache injector
117
138
  export { createGeminiCacheInjector } from "./executor/gemini-cache-injector.js";
118
- // Gemini cache manager ()
139
+ // Gemini cache manager
119
140
  export { createGeminiCacheManager, computeCacheContentHash } from "./executor/gemini-cache-manager.js";
120
141
  // Gemini cache lifecycle
121
142
  export { wireGeminiCacheCleanup } from "./executor/gemini-cache-lifecycle.js";
@@ -166,24 +187,24 @@ export { createResultCondenser } from "./spawn/index.js";
166
187
  export { createNarrativeCaster } from "./spawn/index.js";
167
188
  export { createLifecycleHooks, deriveSubagentContextEngineConfig } from "./spawn/index.js";
168
189
  export { createEphemeralComisSessionManager } from "./spawn/index.js";
169
- // Context engine (, )
190
+ // Context engine
170
191
  export { createContextEngine } from "./context-engine/index.js";
171
192
  export { createThinkingBlockCleaner } from "./context-engine/index.js";
172
193
  export { computeTokenBudget } from "./context-engine/index.js";
173
- // DAG reconciliation, compaction, integrity, and assembler (Phases 411-414)
194
+ // DAG reconciliation, compaction, integrity, and assembler
174
195
  export { reconcileJsonlToDag, installDagIngestionHook, createDagContextEngine, runLeafPass, runCondensedPass, resolveFreshTailBoundary, shouldCompact, markAncestorsDirty, recomputeDescendantCounts, runDagCompaction, checkIntegrity, CHARS_PER_TOKEN_RATIO, } from "./context-engine/index.js";
175
196
  // Provider capabilities
176
197
  export { DEFAULTS as PROVIDER_CAPABILITY_DEFAULTS, resolveProviderCapabilities, normalizeProviderId, isAnthropicFamily, isOpenAiFamily, shouldDropThinkingBlocks, resolveToolCallIdMode, validateProviderOverrides, } from "./provider/capabilities.js";
177
198
  // Model compatibility auto-detection (xAI compat flags)
178
199
  export { normalizeModelCompat } from "./provider/model-compat.js";
179
- // Model ID normalization ()
200
+ // Model ID normalization
180
201
  export { normalizeModelId } from "./provider/model-id-normalize.js";
181
202
  // Response sanitization pipeline
182
203
  export { sanitizeAssistantResponse, setSanitizeLogger, extractFinalTagContent } from "./provider/response/sanitize-pipeline.js";
183
- // Response filter utilities ( -- used by ThinkingTagFilter)
204
+ // Response filter utilities (used by ThinkingTagFilter)
184
205
  export { stripReasoningTagsFromText } from "./response-filter/reasoning-tags.js";
185
206
  export { findCodeRegions, isInsideCode } from "./response-filter/code-regions.js";
186
- // Thinking tag filter ( -- moved from @comis/channels)
207
+ // Thinking tag filter (moved from @comis/channels)
187
208
  export { createThinkingTagFilter } from "./response-filter/thinking-tag-filter.js";
188
209
  // Operation model resolver
189
210
  export { resolveOperationModel, resolveProviderFamily } from "./model/operation-model-resolver.js";
@@ -12,7 +12,8 @@
12
12
  */
13
13
  import type { AuthStorage } from "@mariozechner/pi-coding-agent";
14
14
  import type { SecretManager } from "@comis/core";
15
- import type { TypedEventBus } from "@comis/core";
15
+ import type { TypedEventBus, OAuthCredentialStorePort } from "@comis/core";
16
+ import type { ComisLogger } from "@comis/infra";
16
17
  import { type AuthProfileManager, type AuthProfile, type OrderingStrategy } from "./auth-profile.js";
17
18
  import { type AuthRotationAdapter } from "./auth-rotation-adapter.js";
18
19
  import { type AuthUsageTracker } from "./auth-usage-tracker.js";
@@ -35,10 +36,32 @@ export interface AuthProviderConfig {
35
36
  cooldownCapMs?: number;
36
37
  /** OAuth configuration. When provided, creates an OAuthTokenManager. */
37
38
  oauth?: {
38
- /** EventBus for emitting auth:token_rotated events. */
39
+ /** EventBus for emitting auth events (token_rotated, profile_bootstrapped, refresh_failed). */
39
40
  eventBus: TypedEventBus;
41
+ /** Credential store for persistent refresh — REQUIRED. */
42
+ credentialStore: OAuthCredentialStorePort;
43
+ /** Logger for OAuth log events — REQUIRED. */
44
+ logger: ComisLogger;
45
+ /** Data directory for lock-file path resolution — REQUIRED. */
46
+ dataDir: string;
40
47
  /** Prefix for SecretManager key names (default: "OAUTH_"). */
41
48
  keyPrefix?: string;
49
+ /**
50
+ * Absolute path to auth-profiles.json for the chokidar watcher. When set,
51
+ * OAuthTokenManager registers a file watcher that invalidates its in-memory
52
+ * cache on external rewrites (CLI auth login). Pass `undefined` for
53
+ * encrypted-store mode (documented limitation).
54
+ */
55
+ watchPath?: string;
56
+ /**
57
+ * Getter for the agent's oauthProfiles map. Called fresh on every
58
+ * OAuthTokenManager.getApiKey() invocation. Optional — falls back to a
59
+ * no-agent-level-preference contract when absent. The closure implementation
60
+ * should dereference the daemon's stable
61
+ * `container.config.agents[agentId]?.oauthProfiles` so the value is observed
62
+ * across `agents.update` reference-replacements without a daemon restart.
63
+ */
64
+ getAgentOauthProfiles?: () => Record<string, string> | undefined;
42
65
  };
43
66
  }
44
67
  /** Unified auth provider exposing all composed auth modules. */
@@ -69,7 +69,13 @@ export function createAuthProvider(config) {
69
69
  const oauthDeps = {
70
70
  secretManager,
71
71
  eventBus: oauth.eventBus,
72
+ credentialStore: oauth.credentialStore,
73
+ logger: oauth.logger,
74
+ dataDir: oauth.dataDir,
72
75
  keyPrefix: oauth.keyPrefix,
76
+ watchPath: oauth.watchPath,
77
+ // Thread the agent oauthProfiles getter through.
78
+ getAgentOauthProfiles: oauth.getAgentOauthProfiles,
73
79
  };
74
80
  oauthManager = createOAuthTokenManager(oauthDeps);
75
81
  }
@@ -10,9 +10,9 @@
10
10
  * still routed to Claude Haiku, defeating the cost-tiering intent and
11
11
  * causing cross-provider auth confusion (no Anthropic API key configured).
12
12
  *
13
- * Phase 2C-2 changes the schema default to "" and resolves at runtime:
14
- * pick the fast-tier model from `resolveOperationDefaults(primaryProvider)`,
15
- * with `getModels(primaryProvider)[0]` as the catalog-fallback.
13
+ * The schema default is "" and the value is resolved at runtime: pick the
14
+ * fast-tier model from `resolveOperationDefaults(primaryProvider)`, with
15
+ * `getModels(primaryProvider)[0]` as the catalog-fallback.
16
16
  *
17
17
  * Note: explicit `compactionModel` values from existing YAML configs win
18
18
  * unchanged (length > 0 short-circuits the resolver). No backward-compat
@@ -11,9 +11,9 @@
11
11
  * still routed to Claude Haiku, defeating the cost-tiering intent and
12
12
  * causing cross-provider auth confusion (no Anthropic API key configured).
13
13
  *
14
- * Phase 2C-2 changes the schema default to "" and resolves at runtime:
15
- * pick the fast-tier model from `resolveOperationDefaults(primaryProvider)`,
16
- * with `getModels(primaryProvider)[0]` as the catalog-fallback.
14
+ * The schema default is "" and the value is resolved at runtime: pick the
15
+ * fast-tier model from `resolveOperationDefaults(primaryProvider)`, with
16
+ * `getModels(primaryProvider)[0]` as the catalog-fallback.
17
17
  *
18
18
  * Note: explicit `compactionModel` values from existing YAML configs win
19
19
  * unchanged (length > 0 short-circuits the resolver). No backward-compat
@@ -113,7 +113,7 @@ export function registerCustomProviders(registry, entries, secretManager, logger
113
113
  if (isBuiltInType && providerName !== entry.type) {
114
114
  providerAliases.set(providerName, entry.type);
115
115
  }
116
- // Layer 1B (260430-vwt): catalog-aware model enrichment.
116
+ // Catalog-aware model enrichment.
117
117
  //
118
118
  // Before computing customModels, decide whether to inherit the full
119
119
  // pi-ai catalog or to enrich the user's sparse list with catalog
@@ -14,7 +14,7 @@
14
14
  */
15
15
  import { getModels, getProviders } from "@mariozechner/pi-ai";
16
16
  // ---------------------------------------------------------------------------
17
- // Catalog-driven endpoint resolution (Layer 1E -- 260430-vwt)
17
+ // Catalog-driven endpoint resolution
18
18
  // ---------------------------------------------------------------------------
19
19
  /**
20
20
  * Native pi-ai providers from the live catalog. Used to source baseUrls
@@ -0,0 +1,37 @@
1
+ /**
2
+ * Plaintext file-backed OAuthCredentialStorePort adapter.
3
+ *
4
+ * Default storage backend for OAuth credentials (derives from existing
5
+ * dataDir, no separate config key). Stores all profiles in a single JSON
6
+ * file at ${dataDir}/auth-profiles.json with mode 0o600.
7
+ *
8
+ * Atomic write sequence (full POSIX crash safety on ext4):
9
+ * write tmp 0o600 → fsync(tmpFd) → close(tmpFd) → rename(tmp, canonical)
10
+ * → fsync(parentDirFd) → close(parentDirFd)
11
+ *
12
+ * cron-store.ts does NOT fsync the parent directory; this adapter MUST
13
+ * because OAuth credentials are security-critical (a lost rename due to
14
+ * power-loss-after-data-write would silently log the user out).
15
+ *
16
+ * Per-profile-ID locking via withExecutionLock: different providers and
17
+ * different identities for the same provider can refresh in parallel.
18
+ *
19
+ * Schema versioning: single integer version at top level. Hard-fail on
20
+ * mismatch — pre-1.0 software, no migration plumbing.
21
+ *
22
+ * @module
23
+ */
24
+ import { type OAuthCredentialStorePort } from "@comis/core";
25
+ export interface OAuthCredentialStoreFileConfig {
26
+ /** Comis data directory (e.g. ~/.comis). The adapter writes to ${dataDir}/auth-profiles.json. */
27
+ dataDir: string;
28
+ }
29
+ /**
30
+ * Create a plaintext file-backed OAuthCredentialStorePort adapter.
31
+ *
32
+ * Atomic, lock-protected, version-validated. Lifecycle:
33
+ * - On factory call: ensures dataDir exists (mkdir 0o700 recursive); cleans up stale .tmp files.
34
+ * - On every set/delete: per-profile-ID file lock → load → mutate → atomic-write.
35
+ * - On every get/has/list: load (no lock — readers see snapshot per POSIX rename atomicity).
36
+ */
37
+ export declare function createOAuthCredentialStoreFile(config: OAuthCredentialStoreFileConfig): OAuthCredentialStorePort;