experimental-ash 0.25.1 → 0.26.0

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # experimental-ash
 
+## 0.26.0
+
+### Minor Changes
+
+- 3553354: Add a native Discord channel for HTTP Interactions. The channel verifies Discord Ed25519 signatures, dispatches application commands, supports HITL buttons/selects/modals, sends deferred replies and followups, falls back to bot-token channel messages, supports proactive `receive(...)` sessions, and exposes a best-effort `ctx.discord.startTyping()` helper.
+
+## 0.25.2
+
+### Patch Changes
+
+- 2ba4206: Limit MCP SSE fallback to retryable transport errors. The HTTP-streaming → SSE fallback now retries on HTTP 400, 404, and 405 per the MCP transport spec, and surfaces other failures (auth, 5xx) directly instead of masking them behind a confusing fallback error.
+
 ## 0.25.1
 
 ### Patch Changes

package/bin/ash.d.ts

@@ -5,14 +5,14 @@ export interface BootstrapOptions {
   cliEntrypointPath?: string;
 
   /**
-   * Absolute path to the script that copies static assets after compilation.
+   * Absolute path to the ash package root.
    */
-  copyAssetsScriptPath?: string;
+  packageRoot?: string;
 
   /**
-   * Absolute path to the ash package root.
+   * Absolute paths to scripts that run after workspace bootstrap compilation.
    */
-  packageRoot?: string;
+  postBuildScriptPaths?: readonly string[];
 
   /**
    * Absolute path to the tsgo CLI entrypoint used for bootstrap builds.

package/bin/ash.js

@@ -16,9 +16,11 @@ function createBootstrapOptions(overrides = {}) {
   return {
     cliEntrypointPath:
       overrides.cliEntrypointPath ?? resolve(packageRoot, "dist", "src", "cli", "run.js"),
-    copyAssetsScriptPath:
-      overrides.copyAssetsScriptPath ?? resolve(packageRoot, "scripts", "copy-static-assets.mjs"),
     packageRoot,
+    postBuildScriptPaths: overrides.postBuildScriptPaths ?? [
+      resolve(packageRoot, "scripts", "copy-docs.mjs"),
+      resolve(packageRoot, "scripts", "stamp-version-tokens.mjs"),
+    ],
     tsgoCliPath: overrides.tsgoCliPath,
   };
 }
@@ -85,14 +87,14 @@ async function getLatestBuildInputMtimeMs({ packageRoot }) {
   return latestMtimeMs;
 }
 
-async function canBuildWorkspaceCli({ copyAssetsScriptPath, exists, packageRoot }) {
+async function canBuildWorkspaceCli({ exists, packageRoot, postBuildScriptPaths }) {
   for (const requiredPath of [
     resolve(packageRoot, "bin"),
     inputTsconfigPath({
       packageRoot,
     }),
     resolve(packageRoot, "src"),
-    copyAssetsScriptPath,
+    ...postBuildScriptPaths,
   ]) {
     if (!(await exists(requiredPath))) {
       return false;
@@ -175,9 +177,9 @@ export async function ensureBuiltCli(overrides = {}, dependencies = {}) {
   const getEntrypointMtimeMs = dependencies.getPathMtimeMs ?? getPathMtimeMs;
   const executeCommand = dependencies.runCommand ?? runCommand;
   const packageCanBuildCli = await canBuildWorkspaceCli({
-    copyAssetsScriptPath: options.copyAssetsScriptPath,
     exists,
     packageRoot: options.packageRoot,
+    postBuildScriptPaths: options.postBuildScriptPaths,
   });
 
   if (await exists(options.cliEntrypointPath)) {
@@ -210,9 +212,11 @@ export async function ensureBuiltCli(overrides = {}, dependencies = {}) {
       cwd: options.packageRoot,
     },
   );
-  await executeCommand(process.execPath, [options.copyAssetsScriptPath], {
-    cwd: options.packageRoot,
-  });
+  for (const scriptPath of options.postBuildScriptPaths) {
+    await executeCommand(process.execPath, [scriptPath], {
+      cwd: options.packageRoot,
+    });
+  }
 
   if (await exists(options.cliEntrypointPath)) {
     return options.cliEntrypointPath;

package/dist/docs/public/channels/README.md

@@ -1,6 +1,6 @@
 ---
 title: "Channels"
-description: "Deliver your agent over HTTP, Slack, and custom transports."
+description: "Deliver your agent over HTTP, Slack, Discord, Twilio, and custom transports."
 url: /channels
 ---
 
@@ -23,7 +23,7 @@ Ash ships the public HTTP protocol as channels:
 - `ashChannel({ auth })` for the built-in Ash protocol channel
 
 Ash also supports authored channels under `agent/channels/` for platform-specific integrations such
-as Slack or custom webhooks.
+as Slack, Discord, Twilio, or custom webhooks.
 
 ## Filesystem Shape
 
@@ -232,6 +232,30 @@ dispatch for app mentions, direct messages, and interactions.
 For a Slack app backed by Vercel Connect, see [Slack channel setup](./slack.md) to create the Connect client
 and channel file.
 
+## Discord Channels
+
+Discord channels are authored with `discordChannel()`:
+
+```ts
+import { discordChannel } from "experimental-ash/channels/discord";
+
+export default discordChannel();
+```
+
+The channel verifies Discord's Ed25519 interaction signature headers, accepts HTTP Interactions at
+`/ash/v1/discord`, responds to `PING`, dispatches application commands, and resolves HITL button,
+select, and modal submissions back into Ash input responses. The default command parser uses a
+string option named `message` as the agent prompt and derives auth from the invoking Discord user.
+
+Default delivery edits the original deferred interaction response for the first agent reply, sends
+followups after that, and falls back to bot-token channel messages when the interaction token can no
+longer be used. Proactive `receive(discord, { channelId })` sessions also use bot-token channel
+messages. Default progress handlers trigger Discord's short-lived typing indicator when bot auth is
+available.
+
+See [Discord channel setup](./discord.md) for endpoint setup, environment variables, command
+registration, and overrides.
+
 ## Twilio Channels
 
 Twilio channels are authored with `twilioChannel()`:

package/dist/docs/public/channels/discord.md

@@ -0,0 +1,159 @@
+---
+title: "Discord channel setup"
+description: "Create a Discord-backed Ash channel for HTTP Interactions."
+---
+
+# Discord Channel Setup
+
+The Discord channel accepts HTTP Interactions: slash/application commands, message components, and
+modal submissions. It verifies Discord's Ed25519 signature headers before parsing the request,
+acknowledges commands immediately, and continues Ash work in the background.
+
+## Add The Channel
+
+Create `agent/channels/discord.ts`:
+
+```ts
+import { discordChannel } from "experimental-ash/channels/discord";
+
+export default discordChannel();
+```
+
+Set the credentials Ash needs for inbound verification and outbound replies:
+
+```bash
+DISCORD_PUBLIC_KEY=...
+DISCORD_APPLICATION_ID=...
+DISCORD_BOT_TOKEN=...
+```
+
+- `DISCORD_PUBLIC_KEY` verifies `X-Signature-Ed25519` and `X-Signature-Timestamp`.
+- `DISCORD_APPLICATION_ID` lets Ash edit the original deferred interaction response and send
+  followups.
+- `DISCORD_BOT_TOKEN` lets Ash send proactive channel messages and fall back after an interaction
+  token expires. It also powers best-effort channel typing indicators.
+
+You can also pass the same values in config:
+
+```ts
+export default discordChannel({
+  credentials: {
+    applicationId: "123456789012345678",
+    botToken: process.env.DISCORD_BOT_TOKEN,
+    publicKey: process.env.DISCORD_PUBLIC_KEY,
+  },
+});
+```
+
+By default, the channel mounts `POST /ash/v1/discord`. Paste that public URL into your Discord
+application's **Interactions Endpoint URL**.
+
+## Register A Command
+
+The channel does not register commands for you. Create a command with Discord's application command
+API or the Developer Portal. A simple command with a string option named `message` maps cleanly to
+the default Ash prompt extraction:
+
+```bash
+curl -X PUT \
+  "https://discord.com/api/v10/applications/$DISCORD_APPLICATION_ID/commands" \
+  -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '[
+    {
+      "name": "ask",
+      "description": "Ask the Ash agent",
+      "type": 1,
+      "options": [
+        {
+          "name": "message",
+          "description": "What should the agent do?",
+          "type": 3,
+          "required": true
+        }
+      ]
+    }
+  ]'
+```
+
+Discord may take time to propagate global command changes. Use guild commands during development if
+you need faster iteration.
+
+## Hooks And Delivery
+
+`onCommand(ctx, interaction)` decides whether to dispatch a command and what auth to use. Return
+`{ auth }` to dispatch or `null` to acknowledge without running the agent. The default derives auth
+from the invoking Discord user.
+
+```ts
+import { discordChannel } from "experimental-ash/channels/discord";
+
+export default discordChannel({
+  onCommand(ctx, interaction) {
+    return {
+      auth: {
+        principalId: interaction.user.id,
+        principalType: "user",
+        authenticator: "discord",
+        attributes: {
+          channel_id: interaction.channelId,
+          guild_id: interaction.guildId ?? "",
+        },
+      },
+    };
+  },
+  events: {
+    "message.completed"(event, ctx) {
+      if (event.finishReason === "tool-calls") return;
+      if (event.message) ctx.discord.post(event.message);
+    },
+  },
+});
+```
+
+The default `"message.completed"` handler edits the original deferred response for the first reply,
+then sends followups. If Discord rejects the interaction-token write, Ash falls back to a
+bot-authenticated channel message. Outbound text is split to Discord's 2000-character content limit,
+and generated messages default to `allowed_mentions: { parse: [] }`.
+
+The default `"turn.started"` and `"actions.requested"` handlers trigger Discord's short-lived
+channel typing indicator when a bot token is available. You can call `ctx.discord.startTyping()` in
+custom hooks or event handlers; failures are logged and swallowed because typing is only a UX hint.
+
+## Human Input
+
+Pending Ash input requests render as Discord components:
+
+- confirmation/options render as buttons;
+- `display: "select"` renders as a string select;
+- freeform questions render a button that opens a Discord modal.
+
+Component and modal submissions resume the parked Ash session automatically.
+
+## Proactive Sessions
+
+Use `receive(discord, args)` from schedules or another channel to start a Discord session:
+
+```ts
+import { defineSchedule, receive } from "experimental-ash/schedules";
+import discord from "../channels/discord.js";
+
+export default defineSchedule({
+  cron: "0 9 * * 1-5",
+  markdown: "Post the daily summary.",
+  channel: receive(discord, {
+    channelId: "123456789012345678",
+    initialMessage: "Daily summary",
+  }),
+});
+```
+
+Proactive delivery requires `DISCORD_BOT_TOKEN` or `credentials.botToken`.
+
+## Discord References
+
+- [Interactions overview](https://docs.discord.com/developers/interactions/overview)
+- [Receiving and responding to interactions](https://docs.discord.com/developers/interactions/receiving-and-responding)
+- [Application commands](https://docs.discord.com/developers/interactions/application-commands)
+- [Create message](https://docs.discord.com/developers/resources/message#create-message)
+- [Trigger typing indicator](https://docs.discord.com/developers/resources/channel#trigger-typing-indicator)

package/dist/docs/public/channels/slack.md

@@ -71,12 +71,24 @@ If you are using an AI coding agent, install the Connect skill first:
 npx skills add https://github.com/vercel/connect --skill vercel-connect
 ```
 
-Then create the Slack client from the project or agent folder that will use it:
+Then create the Slack client from the project or agent folder that will use it, and attach this
+project as the trigger destination so Slack events are forwarded to your deployment:
 
 ```bash
-vercel connect create slack
+vercel connect create slack --triggers
+vercel connect detach <uid> --yes
+vercel connect attach <uid> --triggers --trigger-path /ash/v1/slack --yes
 ```
 
+`--triggers` on `create` is what turns on Slack Event Subscriptions — without it the bot installs
+but Slack never delivers `app_mention` or `message.im` events to the Connect webhook. The create
+step also auto-attaches the linked project at Connect's default trigger path, so detach it before
+attaching the Ash path. `attach --triggers` then registers the currently-linked Vercel project as
+the destination Connect forwards verified webhooks to. The `--trigger-path /ash/v1/slack` value
+must match Ash's Slack channel route; the default Connect trigger path is not served by Ash. These
+commands target your project's production deployment, so make sure you have run
+`vercel deploy --prod` before attaching.
+
 Run Connect commands from the directory containing the agent's `package.json` or `vercel.json`.
 Connect uses that project context to configure project access, webhooks, and triggers. The command
 may open a browser for Slack installation or OAuth consent; finish that flow before continuing.

package/dist/src/channel/routes.d.ts

@@ -1,8 +1,9 @@
 import type { ModelMessage, UserContent } from "ai";
 import type { CrossChannelReceiveFn } from "#channel/cross-channel-receive.js";
-import type { SessionAuthContext } from "#channel/types.js";
+import type { SessionAuthContext, SessionCallback } from "#channel/types.js";
 import type { InputResponse } from "#runtime/input/types.js";
 import type { Session } from "#channel/session.js";
+import type { RunMode } from "#shared/run-mode.js";
 export interface RouteHandlerArgs<TState = undefined> {
     send: SendFn<TState>;
     getSession: GetSessionFn;
@@ -40,10 +41,14 @@ export type SendFn<TState = undefined> = (input: string | UserContent | SendPayl
  */
 export type SendOptions<TState = undefined> = TState extends undefined ? {
     auth: SessionAuthContext | null;
+    callback?: SessionCallback;
     continuationToken: string;
+    mode?: RunMode;
 } : {
     auth: SessionAuthContext | null;
+    callback?: SessionCallback;
     continuationToken: string;
+    mode?: RunMode;
     state: TState;
 };
 export type GetSessionFn = (sessionId: string) => Session;

package/dist/src/channel/send.js

@@ -7,6 +7,8 @@ const log = createLogger("channel.send");
 export function createSendFn(runtime, adapter, channelName) {
     return async (input, options) => {
         const auth = options.auth;
+        const callback = options.callback;
+        const mode = options.mode ?? "conversation";
         const state = options.state;
         const rawToken = options.continuationToken;
         const continuationToken = `${channelName}:${rawToken}`;
@@ -40,10 +42,11 @@ export function createSendFn(runtime, adapter, channelName) {
         const handle = await runtime.run({
             adapter: sessionAdapter,
             auth,
-            capabilities: { requestInput: true },
+            capabilities: mode === "conversation" ? { requestInput: true } : undefined,
+            callback,
             continuationToken,
             input: { message: message ?? "", modelContext },
-            mode: "conversation",
+            mode,
         });
         return createSession(handle.sessionId, rawToken, runtime);
     };

package/dist/src/channel/session-callback.d.ts

@@ -0,0 +1,10 @@
+import type { SessionCallback } from "#channel/types.js";
+export type SessionCallbackParseResult = {
+    readonly callback: SessionCallback;
+    readonly ok: true;
+} | {
+    readonly cause: unknown;
+    readonly message: string;
+    readonly ok: false;
+};
+export declare function parseSessionCallback(value: unknown): SessionCallbackParseResult;

package/dist/src/channel/session-callback.js

@@ -0,0 +1,65 @@
+import { z } from "#compiled/zod/index.js";
+import { createAshCallbackRoutePath } from "#protocol/routes.js";
+const sessionCallbackSchema = z
+    .object({
+    callId: z.string().min(1),
+    subagentName: z.string().min(1),
+    token: z.string().min(1),
+    url: z.string().min(1),
+})
+    .strict()
+    .superRefine((callback, ctx) => {
+    let url;
+    try {
+        url = new URL(callback.url);
+    }
+    catch {
+        ctx.addIssue({
+            code: "custom",
+            message: "Callback url must be absolute.",
+            path: ["url"],
+        });
+        return;
+    }
+    if (readCallbackUrlToken(url) !== callback.token) {
+        ctx.addIssue({
+            code: "custom",
+            message: "Callback url token must match callback token.",
+            path: ["url"],
+        });
+    }
+});
+export function parseSessionCallback(value) {
+    const parsed = sessionCallbackSchema.safeParse(value);
+    if (parsed.success) {
+        return { callback: parsed.data, ok: true };
+    }
+    return {
+        cause: parsed.error,
+        message: formatSessionCallbackParseError(parsed.error),
+        ok: false,
+    };
+}
+function readCallbackUrlToken(url) {
+    const tokenPrefix = createAshCallbackRoutePath("");
+    if (!url.pathname.startsWith(tokenPrefix)) {
+        return null;
+    }
+    const encodedToken = url.pathname.slice(tokenPrefix.length);
+    if (encodedToken.length === 0 || encodedToken.includes("/")) {
+        return null;
+    }
+    try {
+        return decodeURIComponent(encodedToken);
+    }
+    catch {
+        return null;
+    }
+}
+function formatSessionCallbackParseError(error) {
+    const messages = error.issues.map((issue) => {
+        const path = issue.path.length === 0 ? "callback" : `callback.${issue.path.join(".")}`;
+        return `${path}: ${issue.message}`;
+    });
+    return `Invalid callback metadata: ${messages.join("; ")}`;
+}

package/dist/src/channel/types.d.ts

@@ -114,6 +114,20 @@ export interface SubagentInputRequestHookPayload {
  * Serializable payload sent through the workflow `resumeHook`.
  */
 export type HookPayload = DeliverHookPayload | RuntimeActionResultHookPayload | SubagentInputRequestHookPayload;
+/**
+ * Terminal callback metadata attached to a session at creation.
+ *
+ * `url` is the absolute callback endpoint. `token` is the capability token
+ * embedded in the framework-owned callback route. `callId` and
+ * `subagentName` correlate the callee's terminal callback back to the
+ * pending parent tool call.
+ */
+export interface SessionCallback {
+    readonly callId: string;
+    readonly subagentName: string;
+    readonly token: string;
+    readonly url: string;
+}
 /**
  * Declares runtime capabilities granted to one Ash session.
  *
@@ -160,6 +174,11 @@ export interface RunInput {
      * leave this undefined.
      */
     readonly capabilities?: SessionCapabilities;
+    /**
+     * Optional terminal callback. When present, the runtime posts a single
+     * callback when the session completes or fails.
+     */
+    readonly callback?: SessionCallback;
     /**
      * Session continuation token for delivery and hook creation. Channels
      * can re-key the session during the first turn by calling

package/dist/src/chunks/{client-BShLWzR6.js → client-ZqNLLMZB.js}

@@ -1,4 +1,4 @@
-import{i as e,r as t,t as n}from"./chunk-DSjMdhoD.js";import{_ as r,c as i,d as a,f as o,g as s,h as c}from"./types-CjIyrcYo.js";var l=class extends Error{status;body;constructor(e,t){super(t||`Server returned ${e}.`),this.name=`ClientError`,this.status=e,this.body=t}};function u(e){if(e instanceof DOMException)return e.name===`AbortError`;if(!(e instanceof Error))return!1;let t=`code`in e&&typeof e.code==`string`?e.code:void 0;return e.name===`AbortError`||e.message===`terminated`||t===`UND_ERR_SOCKET`||/abort|cancel|disconnect|premature close|socket|terminated/i.test(e.message)}async function*d(e){let t=e.getReader(),n=new TextDecoder,r=``;try{for(;;){let e=await t.read();if(e.done){r+=n.decode();break}e.value&&(r+=n.decode(e.value,{stream:!0}));let i=r.indexOf(`
+import{i as e,r as t,t as n}from"./chunk-DSjMdhoD.js";import{c as r,f as i,g as a,p as o,v as s,y as c}from"./types-BJSR0JNV.js";var l=class extends Error{status;body;constructor(e,t){super(t||`Server returned ${e}.`),this.name=`ClientError`,this.status=e,this.body=t}};function u(e){if(e instanceof DOMException)return e.name===`AbortError`;if(!(e instanceof Error))return!1;let t=`code`in e&&typeof e.code==`string`?e.code:void 0;return e.name===`AbortError`||e.message===`terminated`||t===`UND_ERR_SOCKET`||/abort|cancel|disconnect|premature close|socket|terminated/i.test(e.message)}async function*d(e){let t=e.getReader(),n=new TextDecoder,r=``;try{for(;;){let e=await t.read();if(e.done){r+=n.decode();break}e.value&&(r+=n.decode(e.value,{stream:!0}));let i=r.indexOf(`
 `);for(;i!==-1;){let e=r.slice(0,i).trim();r=r.slice(i+1),e.length>0&&(yield JSON.parse(e)),i=r.indexOf(`
-`)}}let e=r.trim();e.length>0&&(yield JSON.parse(e))}finally{t.releaseLock()}}function f(e,t,n){let r=t.startsWith(`/`)?t:`/${t}`,i=h(n);if(p(e)){let t=new URL(e);return t.pathname=`${m(t.pathname)}${r}`,t.search=i,t.hash=``,t.toString()}return`${m(e)}${r}${i}`}function p(e){return/^[a-z][a-z\d+\-.]*:/i.test(e)}function m(e){return e===`/`?``:e.endsWith(`/`)?e.slice(0,-1):e}function h(e){return!e||Object.keys(e).length===0?``:`?${new URLSearchParams(e).toString()}`}async function*g(e){let t=e.startIndex,n=e.maxReconnectAttempts;for(;;){let i=f(e.host,r(e.sessionId),t>0?{startIndex:String(t)}:void 0),a=await e.resolveHeaders(),o=await fetch(i,{headers:a,signal:e.signal??null});if(!o.ok){let e=await o.text();throw new l(o.status,e)}if(!o.body)throw new l(o.status,`Response body is null.`);let s=!1;try{for await(let e of d(o.body))t+=1,yield e}catch(e){if(!u(e))throw e;s=!0}if(!s||n<=0)return;--n}}var _=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{SYMBOL_FOR_REQ_CONTEXT:()=>u,getContext:()=>d}),t.exports=c(l);let u=Symbol.for(`@vercel/request-context`);function d(){return globalThis[u]?.get?.()??{}}})),v=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{VercelOidcTokenError:()=>u}),t.exports=c(l);var u=class extends Error{constructor(e,t){super(e),this.name=`VercelOidcTokenError`,this.cause=t}toString(){return this.cause?`${this.name}: ${this.message}: ${this.cause}`:`${this.name}: ${this.message}`}}})),y=n(((t,n)=>{var r=Object.defineProperty,i=Object.getOwnPropertyDescriptor,a=Object.getOwnPropertyNames,o=Object.prototype.hasOwnProperty,s=(e,t)=>{for(var n in t)r(e,n,{get:t[n],enumerable:!0})},c=(e,t,n,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of a(t))!o.call(e,c)&&c!==n&&r(e,c,{get:()=>t[c],enumerable:!(s=i(t,c))||s.enumerable});return e},l=e=>c(r({},`__esModule`,{value:!0}),e),u={};s(u,{getVercelOidcToken:()=>p,getVercelOidcTokenSync:()=>m}),n.exports=l(u);var d=_(),f=v();async function p(t){let n=``,r;try{n=m()}catch(e){r=e}try{let[{getTokenPayload:r,isExpired:i},{refreshToken:a}]=await Promise.all([await Promise.resolve().then(()=>e(w())),await import(`./token-BOkIxJeV.js`).then(t=>e(t.default))]);(!n||i(r(n),t?.expirationBufferMs))&&(await a(t),n=m())}catch(e){let t=r instanceof Error?r.message:``;throw e instanceof Error&&(t=`${t}
-${e.message}`),t?new f.VercelOidcTokenError(t):e}return n}function m(){let e=(0,d.getContext)().headers?.[`x-vercel-oidc-token`]??process.env.VERCEL_OIDC_TOKEN;if(!e)throw Error(`The 'x-vercel-oidc-token' header is missing from the request. Do you have the OIDC option enabled in the Vercel project settings?`);return e}})),b=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{AccessTokenMissingError:()=>u,RefreshAccessTokenFailedError:()=>d}),t.exports=c(l);var u=class extends Error{constructor(){super(`No authentication found. Please log in with the Vercel CLI (vercel login).`),this.name=`AccessTokenMissingError`}},d=class extends Error{constructor(e){super(`Failed to refresh authentication token.`,{cause:e}),this.name=`RefreshAccessTokenFailedError`}}})),x=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{findRootDir:()=>y,getUserDataDir:()=>b}),n.exports=f(p);var m=d(t(`path`)),h=d(t(`fs`)),g=d(t(`os`)),_=v();function y(){try{let e=process.cwd();for(;e!==m.default.dirname(e);){let t=m.default.join(e,`.vercel`);if(h.default.existsSync(t))return e;e=m.default.dirname(e)}}catch{throw new _.VercelOidcTokenError(`Token refresh only supported in node server environments`)}return null}function b(){if(process.env.XDG_DATA_HOME)return process.env.XDG_DATA_HOME;switch(g.default.platform()){case`darwin`:return m.default.join(g.default.homedir(),`Library/Application Support`);case`linux`:return m.default.join(g.default.homedir(),`.local/share`);case`win32`:return process.env.LOCALAPPDATA?process.env.LOCALAPPDATA:null;default:return null}}})),S=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{isValidAccessToken:()=>b,readAuthConfig:()=>v,writeAuthConfig:()=>y}),n.exports=f(p);var m=d(t(`fs`)),h=d(t(`path`)),g=w();function _(){let e=(0,g.getVercelDataDir)();if(!e)throw Error(`Unable to find Vercel CLI data directory. Your platform: ${process.platform}. Supported: darwin, linux, win32.`);return h.join(e,`auth.json`)}function v(){try{let e=_();if(!m.existsSync(e))return null;let t=m.readFileSync(e,`utf8`);return t?JSON.parse(t):null}catch{return null}}function y(e){let t=_(),n=h.dirname(t);m.existsSync(n)||m.mkdirSync(n,{mode:504,recursive:!0}),m.writeFileSync(t,JSON.stringify(e,null,2),{mode:384})}function b(e,t=0){if(!e.token)return!1;if(typeof e.expiresAt!=`number`)return!0;let n=Math.floor(Date.now()/1e3),r=t/1e3;return e.expiresAt>=n+r}})),C=n(((e,n)=>{var r=Object.defineProperty,i=Object.getOwnPropertyDescriptor,a=Object.getOwnPropertyNames,o=Object.prototype.hasOwnProperty,s=(e,t)=>{for(var n in t)r(e,n,{get:t[n],enumerable:!0})},c=(e,t,n,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of a(t))!o.call(e,c)&&c!==n&&r(e,c,{get:()=>t[c],enumerable:!(s=i(t,c))||s.enumerable});return e},l=e=>c(r({},`__esModule`,{value:!0}),e),u={};s(u,{processTokenResponse:()=>g,refreshTokenRequest:()=>h}),n.exports=l(u);var d=t(`os`);let f=`@vercel/oidc node-${process.version} ${(0,d.platform)()} (${(0,d.arch)()}) ${(0,d.hostname)()}`,p=null;async function m(){if(p)return p;let e=await fetch(`https://vercel.com/.well-known/openid-configuration`,{headers:{"user-agent":f}});if(!e.ok)throw Error(`Failed to discover OAuth endpoints`);let t=await e.json();if(!t||typeof t.token_endpoint!=`string`)throw Error(`Invalid OAuth discovery response`);let n=t.token_endpoint;return p=n,n}async function h(e){let t=await m();return await fetch(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded`,"user-agent":f},body:new URLSearchParams({client_id:`cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp`,grant_type:`refresh_token`,...e})})}async function g(e){let t=await e.json();if(!e.ok){let e=typeof t==`object`&&t&&`error`in t?String(t.error):`Token refresh failed`;return[Error(e)]}return typeof t!=`object`||!t?[Error(`Invalid token response`)]:typeof t.access_token==`string`?t.token_type===`Bearer`?typeof t.expires_in==`number`?[null,t]:[Error(`Missing expires_in in response`)]:[Error(`Invalid token_type in response`)]:[Error(`Missing access_token in response`)]}})),w=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{assertVercelOidcTokenResponse:()=>k,findProjectInfo:()=>A,getTokenPayload:()=>N,getVercelDataDir:()=>E,getVercelOidcToken:()=>O,getVercelToken:()=>D,isExpired:()=>P,loadToken:()=>M,saveToken:()=>j}),n.exports=f(p);var m=d(t(`path`)),h=d(t(`fs`)),g=v(),_=x(),y=S(),w=C(),T=b();function E(){let e=(0,_.getUserDataDir)();return e?m.join(e,`com.vercel.cli`):null}async function D(e){let t=(0,y.readAuthConfig)();if(!t?.token)throw new T.AccessTokenMissingError;if((0,y.isValidAccessToken)(t,e?.expirationBufferMs))return t.token;if(!t.refreshToken)throw(0,y.writeAuthConfig)({}),new T.RefreshAccessTokenFailedError(`No refresh token available`);try{let e=await(0,w.refreshTokenRequest)({refresh_token:t.refreshToken}),[n,r]=await(0,w.processTokenResponse)(e);if(n||!r)throw(0,y.writeAuthConfig)({}),new T.RefreshAccessTokenFailedError(n);let i={token:r.access_token,expiresAt:Math.floor(Date.now()/1e3)+r.expires_in};return r.refresh_token&&(i.refreshToken=r.refresh_token),(0,y.writeAuthConfig)(i),i.token}catch(e){throw(0,y.writeAuthConfig)({}),e instanceof T.AccessTokenMissingError||e instanceof T.RefreshAccessTokenFailedError?e:new T.RefreshAccessTokenFailedError(e)}}async function O(e,t,n){let r=`https://api.vercel.com/v1/projects/${t}/token?source=vercel-oidc-refresh${n?`&teamId=${n}`:``}`,i=await fetch(r,{method:`POST`,headers:{Authorization:`Bearer ${e}`}});if(!i.ok)throw new g.VercelOidcTokenError(`Failed to refresh OIDC token: ${i.statusText}`);let a=await i.json();return k(a),a}function k(e){if(!e||typeof e!=`object`)throw TypeError("Vercel OIDC token is malformed. Expected an object. Please run `vc env pull` and try again");if(!(`token`in e)||typeof e.token!=`string`)throw TypeError("Vercel OIDC token is malformed. Expected a string-valued token property. Please run `vc env pull` and try again")}function A(){let e=(0,_.findRootDir)();if(!e)throw new g.VercelOidcTokenError("Unable to find project root directory. Have you linked your project with `vc link?`");let t=m.join(e,`.vercel`,`project.json`);if(!h.existsSync(t))throw new g.VercelOidcTokenError("project.json not found, have you linked your project with `vc link?`");let n=JSON.parse(h.readFileSync(t,`utf8`));if(typeof n.projectId!=`string`&&typeof n.orgId!=`string`)throw TypeError("Expected a string-valued projectId property. Try running `vc link` to re-link your project.");return{projectId:n.projectId,teamId:n.orgId}}function j(e,t){let n=(0,_.getUserDataDir)();if(!n)throw new g.VercelOidcTokenError(`Unable to find user data directory. Please reach out to Vercel support.`);let r=m.join(n,`com.vercel.token`,`${t}.json`),i=JSON.stringify(e);h.mkdirSync(m.dirname(r),{mode:504,recursive:!0}),h.writeFileSync(r,i),h.chmodSync(r,432)}function M(e){let t=(0,_.getUserDataDir)();if(!t)throw new g.VercelOidcTokenError(`Unable to find user data directory. Please reach out to Vercel support.`);let n=m.join(t,`com.vercel.token`,`${e}.json`);if(!h.existsSync(n))return null;let r=JSON.parse(h.readFileSync(n,`utf8`));return k(r),r}function N(e){let t=e.split(`.`);if(t.length!==3)throw new g.VercelOidcTokenError("Invalid token. Please run `vc env pull` and try again");let n=t[1].replace(/-/g,`+`).replace(/_/g,`/`),r=n.padEnd(n.length+(4-n.length%4)%4,`=`);return JSON.parse(Buffer.from(r,`base64`).toString(`utf8`))}function P(e,t=0){return e.exp*1e3<Date.now()+t}})),T=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{AccessTokenMissingError:()=>f.AccessTokenMissingError,RefreshAccessTokenFailedError:()=>f.RefreshAccessTokenFailedError,getContext:()=>d.getContext,getVercelOidcToken:()=>u.getVercelOidcToken,getVercelOidcTokenSync:()=>u.getVercelOidcTokenSync,getVercelToken:()=>p.getVercelToken}),t.exports=c(l);var u=y(),d=_(),f=b(),p=w()})),E=T();const D=`${c}/`,O=new Set([`localhost`,`127.0.0.1`,`0.0.0.0`,`::1`,`[::1]`]);function k(e){return O.has(e.hostname)}function A(e){try{return k(new URL(e))}catch{return!1}}async function j(){try{let e=(await(0,E.getVercelOidcToken)()).trim();if(e.length>0)return e}catch{}return process.env.VERCEL_OIDC_TOKEN?.trim()??``}const M=`x-vercel-protection-bypass`,N=`x-vercel-trusted-oidc-idp-token`;function P(e){return e.pathname.endsWith(`/ash/v1`)||e.pathname.includes(D)}async function F(e){let t=I(e),n=await R(t,e.resourceUrl);return n!==null&&L(t,n),t}function I(e){let t=new Headers(V(e.headers)),n=process.env.VERCEL_AUTOMATION_BYPASS_SECRET?.trim();return n&&P(e.resourceUrl)&&t.set(M,n),t}function L(e,t){e.has(`authorization`)||e.set(`authorization`,`Bearer ${t}`),e.set(N,t)}async function R(e,t){return z(t)?e.get(`x-vercel-oidc-token`)?.trim()||await B():null}function z(e){return!(!P(e)||k(e))}async function B(){let e=await j();return e.length>0?e:null}function V(e){if(e!==void 0)return e instanceof Headers?e:Array.isArray(e)?e.map(([e,t])=>[e,t]):e}async function H(e){let t={},n=process.env.VERCEL_AUTOMATION_BYPASS_SECRET?.trim();if(n&&(t[M]=n),!A(e.serverUrl)){let e=await j();e.length>0&&(t[N]=e)}return t}function U(){return{streamIndex:0}}function W(e){let t=q(e.events),n=e.session.streamIndex+e.events.length;return t?.type===`session.waiting`?{continuationToken:e.continuationToken??e.session.continuationToken,sessionId:e.sessionId,streamIndex:n}:U()}function G(e){let t;for(let n of e)J(n)&&(t=n.data.message??void 0);return t}function K(e){let t=q(e);return t?.type===`session.waiting`?`waiting`:t?.type===`session.failed`?`failed`:`completed`}function q(e){for(let t=e.length-1;t>=0;t--){let n=e[t];if(n!==void 0&&i(n))return n}}function J(e){return e.type===`message.completed`&&e.data.finishReason!==`tool-calls`}var Y=class{continuationToken;sessionId;#e=!1;#t;constructor(e){this.continuationToken=e.continuationToken,this.sessionId=e.sessionId,this.#t=e.createStream}async result(){let e=[];for await(let t of this)e.push(t);return{events:e,message:G(e),sessionId:this.sessionId,status:K(e)}}[Symbol.asyncIterator](){if(this.#e)throw Error(`MessageResponse has already been consumed.`);return this.#e=!0,this.#t()}},X=class{#e;#t;constructor(e,t){this.#e=e,this.#t=t}get state(){return this.#t}async sendMessage(e,t){return this.send({message:e},t)}async send(e,t){let n=this.#t,{continuationToken:r,sessionId:i}=await this.#n(e,n,t);return new Y({continuationToken:r,createStream:()=>this.#r(i,r,n,t),sessionId:i})}openStream(e){let t=this.#t.sessionId;if(!t)throw Error(`Session has no session ID. Send a message first.`);return g({host:this.#e.host,maxReconnectAttempts:this.#e.maxReconnectAttempts,resolveHeaders:()=>this.#e.resolveHeaders(),sessionId:t,signal:e?.signal,startIndex:e?.startIndex??this.#t.streamIndex})}async#n(e,t,n){let r=t.sessionId?s(t.sessionId):a,i=f(this.#e.host,r),o=await this.#e.resolveHeaders(n?.headers);o.set(`content-type`,`application/json`);let c=Z({input:e,session:t});if(c===null)throw Error(`Session.send requires a non-empty message, inputResponses, or both.`);let u=await fetch(i,{body:JSON.stringify(c),headers:o,method:`POST`,signal:n?.signal??null});if(!u.ok){let e=await u.text();throw new l(u.status,e)}let d=await u.json(),p=(typeof d.sessionId==`string`?d.sessionId:void 0)??u.headers.get(`x-ash-session-id`)?.trim()??t.sessionId;if(!p)throw Error(`Message route did not return a session id.`);return{continuationToken:typeof d.continuationToken==`string`?d.continuationToken:void 0,sessionId:p}}async*#r(e,t,n,r){let a=[];try{let t=n.sessionId===e?n.streamIndex:0,o=this.#e.maxReconnectAttempts;for(;;){let n=await this.#i(e,t,r?.signal),s=!1;try{for await(let e of d(n))if(a.push(e),t+=1,yield e,i(e)){s=!0;break}}catch(e){if(!u(e))throw e}if(s||o<=0)break;--o}}finally{this.#t=W({continuationToken:t,events:a,sessionId:e,session:n})}}async#i(e,t,n){let i=f(this.#e.host,r(e),t>0?{startIndex:String(t)}:void 0),a=await this.#e.resolveHeaders(),o=await fetch(i,{headers:a,signal:n??null});if(!o.ok){let e=await o.text();throw new l(o.status,e)}if(!o.body)throw new l(o.status,`Response body is null.`);return o.body}};function Z(e){let t={};return e.input.message!==void 0&&(t.message=e.input.message),e.input.inputResponses!==void 0&&e.input.inputResponses.length>0&&(t.inputResponses=e.input.inputResponses),e.input.clientContext!==void 0&&(t.clientContext=e.input.clientContext),e.session.continuationToken!==void 0&&(t.continuationToken=e.session.continuationToken),Object.keys(t).length===0||e.session.continuationToken===void 0&&t.message===void 0||e.session.continuationToken!==void 0&&t.message===void 0&&t.inputResponses===void 0?null:t}var Q=class{#e;#t;#n;#r;constructor(e){this.#n=e.host,this.#e=e.auth,this.#t=e.headers,this.#r=e.maxReconnectAttempts??3}async health(){let e=f(this.#n,o),t=await this.#i(),n=await fetch(e,{headers:t});if(!n.ok){let e=await n.text();throw new l(n.status,e)}return await n.json()}session(e){let t;return t=typeof e==`string`?{continuationToken:e,streamIndex:0}:e||U(),new X({host:this.#n,maxReconnectAttempts:this.#r,resolveHeaders:e=>this.#i(e)},t)}async#i(e){let t=new Headers,n=await ee(this.#t);for(let[e,r]of Object.entries(n))t.set(e,r);if(e)for(let[n,r]of Object.entries(e))t.set(n,r);let r=await this.#a();return r&&t.set(`authorization`,r),t}async#a(){let e=this.#e;if(e){if(`bearer`in e){let t=(await $(e.bearer)).trim();return t.length===0?void 0:`Bearer ${t}`}if(`basic`in e){let t=await $(e.basic.password);return`Basic ${te(e.basic.username,t)}`}}}};async function $(e){return typeof e==`function`?e():e}async function ee(e){return e===void 0?{}:typeof e==`function`?await e():e}function te(e,t){let n=new TextEncoder().encode(`${e}:${t}`),r=Array.from(n,e=>String.fromCodePoint(e)).join(``);return btoa(r)}export{H as a,w as c,l as d,A as i,v as l,M as n,j as o,F as r,T as s,Q as t,g as u};
+`)}}let e=r.trim();e.length>0&&(yield JSON.parse(e))}finally{t.releaseLock()}}function f(e,t,n){let r=t.startsWith(`/`)?t:`/${t}`,i=h(n);if(p(e)){let t=new URL(e);return t.pathname=`${m(t.pathname)}${r}`,t.search=i,t.hash=``,t.toString()}return`${m(e)}${r}${i}`}function p(e){return/^[a-z][a-z\d+\-.]*:/i.test(e)}function m(e){return e===`/`?``:e.endsWith(`/`)?e.slice(0,-1):e}function h(e){return!e||Object.keys(e).length===0?``:`?${new URLSearchParams(e).toString()}`}async function*g(e){let t=e.startIndex,n=e.maxReconnectAttempts;for(;;){let r=f(e.host,c(e.sessionId),t>0?{startIndex:String(t)}:void 0),i=await e.resolveHeaders(),a=await fetch(r,{headers:i,signal:e.signal??null});if(!a.ok){let e=await a.text();throw new l(a.status,e)}if(!a.body)throw new l(a.status,`Response body is null.`);let o=!1;try{for await(let e of d(a.body))t+=1,yield e}catch(e){if(!u(e))throw e;o=!0}if(!o||n<=0)return;--n}}var _=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{SYMBOL_FOR_REQ_CONTEXT:()=>u,getContext:()=>d}),t.exports=c(l);let u=Symbol.for(`@vercel/request-context`);function d(){return globalThis[u]?.get?.()??{}}})),v=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{VercelOidcTokenError:()=>u}),t.exports=c(l);var u=class extends Error{constructor(e,t){super(e),this.name=`VercelOidcTokenError`,this.cause=t}toString(){return this.cause?`${this.name}: ${this.message}: ${this.cause}`:`${this.name}: ${this.message}`}}})),y=n(((t,n)=>{var r=Object.defineProperty,i=Object.getOwnPropertyDescriptor,a=Object.getOwnPropertyNames,o=Object.prototype.hasOwnProperty,s=(e,t)=>{for(var n in t)r(e,n,{get:t[n],enumerable:!0})},c=(e,t,n,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of a(t))!o.call(e,c)&&c!==n&&r(e,c,{get:()=>t[c],enumerable:!(s=i(t,c))||s.enumerable});return e},l=e=>c(r({},`__esModule`,{value:!0}),e),u={};s(u,{getVercelOidcToken:()=>p,getVercelOidcTokenSync:()=>m}),n.exports=l(u);var d=_(),f=v();async function p(t){let n=``,r;try{n=m()}catch(e){r=e}try{let[{getTokenPayload:r,isExpired:i},{refreshToken:a}]=await Promise.all([await Promise.resolve().then(()=>e(w())),await import(`./token-YW4VSeBB.js`).then(t=>e(t.default))]);(!n||i(r(n),t?.expirationBufferMs))&&(await a(t),n=m())}catch(e){let t=r instanceof Error?r.message:``;throw e instanceof Error&&(t=`${t}
+${e.message}`),t?new f.VercelOidcTokenError(t):e}return n}function m(){let e=(0,d.getContext)().headers?.[`x-vercel-oidc-token`]??process.env.VERCEL_OIDC_TOKEN;if(!e)throw Error(`The 'x-vercel-oidc-token' header is missing from the request. Do you have the OIDC option enabled in the Vercel project settings?`);return e}})),b=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{AccessTokenMissingError:()=>u,RefreshAccessTokenFailedError:()=>d}),t.exports=c(l);var u=class extends Error{constructor(){super(`No authentication found. Please log in with the Vercel CLI (vercel login).`),this.name=`AccessTokenMissingError`}},d=class extends Error{constructor(e){super(`Failed to refresh authentication token.`,{cause:e}),this.name=`RefreshAccessTokenFailedError`}}})),x=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{findRootDir:()=>y,getUserDataDir:()=>b}),n.exports=f(p);var m=d(t(`path`)),h=d(t(`fs`)),g=d(t(`os`)),_=v();function y(){try{let e=process.cwd();for(;e!==m.default.dirname(e);){let t=m.default.join(e,`.vercel`);if(h.default.existsSync(t))return e;e=m.default.dirname(e)}}catch{throw new _.VercelOidcTokenError(`Token refresh only supported in node server environments`)}return null}function b(){if(process.env.XDG_DATA_HOME)return process.env.XDG_DATA_HOME;switch(g.default.platform()){case`darwin`:return m.default.join(g.default.homedir(),`Library/Application Support`);case`linux`:return m.default.join(g.default.homedir(),`.local/share`);case`win32`:return process.env.LOCALAPPDATA?process.env.LOCALAPPDATA:null;default:return null}}})),S=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{isValidAccessToken:()=>b,readAuthConfig:()=>v,writeAuthConfig:()=>y}),n.exports=f(p);var m=d(t(`fs`)),h=d(t(`path`)),g=w();function _(){let e=(0,g.getVercelDataDir)();if(!e)throw Error(`Unable to find Vercel CLI data directory. Your platform: ${process.platform}. Supported: darwin, linux, win32.`);return h.join(e,`auth.json`)}function v(){try{let e=_();if(!m.existsSync(e))return null;let t=m.readFileSync(e,`utf8`);return t?JSON.parse(t):null}catch{return null}}function y(e){let t=_(),n=h.dirname(t);m.existsSync(n)||m.mkdirSync(n,{mode:504,recursive:!0}),m.writeFileSync(t,JSON.stringify(e,null,2),{mode:384})}function b(e,t=0){if(!e.token)return!1;if(typeof e.expiresAt!=`number`)return!0;let n=Math.floor(Date.now()/1e3),r=t/1e3;return e.expiresAt>=n+r}})),C=n(((e,n)=>{var r=Object.defineProperty,i=Object.getOwnPropertyDescriptor,a=Object.getOwnPropertyNames,o=Object.prototype.hasOwnProperty,s=(e,t)=>{for(var n in t)r(e,n,{get:t[n],enumerable:!0})},c=(e,t,n,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of a(t))!o.call(e,c)&&c!==n&&r(e,c,{get:()=>t[c],enumerable:!(s=i(t,c))||s.enumerable});return e},l=e=>c(r({},`__esModule`,{value:!0}),e),u={};s(u,{processTokenResponse:()=>g,refreshTokenRequest:()=>h}),n.exports=l(u);var d=t(`os`);let f=`@vercel/oidc node-${process.version} ${(0,d.platform)()} (${(0,d.arch)()}) ${(0,d.hostname)()}`,p=null;async function m(){if(p)return p;let e=await fetch(`https://vercel.com/.well-known/openid-configuration`,{headers:{"user-agent":f}});if(!e.ok)throw Error(`Failed to discover OAuth endpoints`);let t=await e.json();if(!t||typeof t.token_endpoint!=`string`)throw Error(`Invalid OAuth discovery response`);let n=t.token_endpoint;return p=n,n}async function h(e){let t=await m();return await fetch(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded`,"user-agent":f},body:new URLSearchParams({client_id:`cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp`,grant_type:`refresh_token`,...e})})}async function g(e){let t=await e.json();if(!e.ok){let e=typeof t==`object`&&t&&`error`in t?String(t.error):`Token refresh failed`;return[Error(e)]}return typeof t!=`object`||!t?[Error(`Invalid token response`)]:typeof t.access_token==`string`?t.token_type===`Bearer`?typeof t.expires_in==`number`?[null,t]:[Error(`Missing expires_in in response`)]:[Error(`Invalid token_type in response`)]:[Error(`Missing access_token in response`)]}})),w=n(((e,n)=>{var r=Object.create,i=Object.defineProperty,a=Object.getOwnPropertyDescriptor,o=Object.getOwnPropertyNames,s=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty,l=(e,t)=>{for(var n in t)i(e,n,{get:t[n],enumerable:!0})},u=(e,t,n,r)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let s of o(t))!c.call(e,s)&&s!==n&&i(e,s,{get:()=>t[s],enumerable:!(r=a(t,s))||r.enumerable});return e},d=(e,t,n)=>(n=e==null?{}:r(s(e)),u(t||!e||!e.__esModule?i(n,`default`,{value:e,enumerable:!0}):n,e)),f=e=>u(i({},`__esModule`,{value:!0}),e),p={};l(p,{assertVercelOidcTokenResponse:()=>k,findProjectInfo:()=>A,getTokenPayload:()=>N,getVercelDataDir:()=>E,getVercelOidcToken:()=>O,getVercelToken:()=>D,isExpired:()=>P,loadToken:()=>M,saveToken:()=>j}),n.exports=f(p);var m=d(t(`path`)),h=d(t(`fs`)),g=v(),_=x(),y=S(),w=C(),T=b();function E(){let e=(0,_.getUserDataDir)();return e?m.join(e,`com.vercel.cli`):null}async function D(e){let t=(0,y.readAuthConfig)();if(!t?.token)throw new T.AccessTokenMissingError;if((0,y.isValidAccessToken)(t,e?.expirationBufferMs))return t.token;if(!t.refreshToken)throw(0,y.writeAuthConfig)({}),new T.RefreshAccessTokenFailedError(`No refresh token available`);try{let e=await(0,w.refreshTokenRequest)({refresh_token:t.refreshToken}),[n,r]=await(0,w.processTokenResponse)(e);if(n||!r)throw(0,y.writeAuthConfig)({}),new T.RefreshAccessTokenFailedError(n);let i={token:r.access_token,expiresAt:Math.floor(Date.now()/1e3)+r.expires_in};return r.refresh_token&&(i.refreshToken=r.refresh_token),(0,y.writeAuthConfig)(i),i.token}catch(e){throw(0,y.writeAuthConfig)({}),e instanceof T.AccessTokenMissingError||e instanceof T.RefreshAccessTokenFailedError?e:new T.RefreshAccessTokenFailedError(e)}}async function O(e,t,n){let r=`https://api.vercel.com/v1/projects/${t}/token?source=vercel-oidc-refresh${n?`&teamId=${n}`:``}`,i=await fetch(r,{method:`POST`,headers:{Authorization:`Bearer ${e}`}});if(!i.ok)throw new g.VercelOidcTokenError(`Failed to refresh OIDC token: ${i.statusText}`);let a=await i.json();return k(a),a}function k(e){if(!e||typeof e!=`object`)throw TypeError("Vercel OIDC token is malformed. Expected an object. Please run `vc env pull` and try again");if(!(`token`in e)||typeof e.token!=`string`)throw TypeError("Vercel OIDC token is malformed. Expected a string-valued token property. Please run `vc env pull` and try again")}function A(){let e=(0,_.findRootDir)();if(!e)throw new g.VercelOidcTokenError("Unable to find project root directory. Have you linked your project with `vc link?`");let t=m.join(e,`.vercel`,`project.json`);if(!h.existsSync(t))throw new g.VercelOidcTokenError("project.json not found, have you linked your project with `vc link?`");let n=JSON.parse(h.readFileSync(t,`utf8`));if(typeof n.projectId!=`string`&&typeof n.orgId!=`string`)throw TypeError("Expected a string-valued projectId property. Try running `vc link` to re-link your project.");return{projectId:n.projectId,teamId:n.orgId}}function j(e,t){let n=(0,_.getUserDataDir)();if(!n)throw new g.VercelOidcTokenError(`Unable to find user data directory. Please reach out to Vercel support.`);let r=m.join(n,`com.vercel.token`,`${t}.json`),i=JSON.stringify(e);h.mkdirSync(m.dirname(r),{mode:504,recursive:!0}),h.writeFileSync(r,i),h.chmodSync(r,432)}function M(e){let t=(0,_.getUserDataDir)();if(!t)throw new g.VercelOidcTokenError(`Unable to find user data directory. Please reach out to Vercel support.`);let n=m.join(t,`com.vercel.token`,`${e}.json`);if(!h.existsSync(n))return null;let r=JSON.parse(h.readFileSync(n,`utf8`));return k(r),r}function N(e){let t=e.split(`.`);if(t.length!==3)throw new g.VercelOidcTokenError("Invalid token. Please run `vc env pull` and try again");let n=t[1].replace(/-/g,`+`).replace(/_/g,`/`),r=n.padEnd(n.length+(4-n.length%4)%4,`=`);return JSON.parse(Buffer.from(r,`base64`).toString(`utf8`))}function P(e,t=0){return e.exp*1e3<Date.now()+t}})),T=n(((e,t)=>{var n=Object.defineProperty,r=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.prototype.hasOwnProperty,o=(e,t)=>{for(var r in t)n(e,r,{get:t[r],enumerable:!0})},s=(e,t,o,s)=>{if(t&&typeof t==`object`||typeof t==`function`)for(let c of i(t))!a.call(e,c)&&c!==o&&n(e,c,{get:()=>t[c],enumerable:!(s=r(t,c))||s.enumerable});return e},c=e=>s(n({},`__esModule`,{value:!0}),e),l={};o(l,{AccessTokenMissingError:()=>f.AccessTokenMissingError,RefreshAccessTokenFailedError:()=>f.RefreshAccessTokenFailedError,getContext:()=>d.getContext,getVercelOidcToken:()=>u.getVercelOidcToken,getVercelOidcTokenSync:()=>u.getVercelOidcTokenSync,getVercelToken:()=>p.getVercelToken}),t.exports=c(l);var u=y(),d=_(),f=b(),p=w()})),E=T();const D=`${a}/`,O=new Set([`localhost`,`127.0.0.1`,`0.0.0.0`,`::1`,`[::1]`]);function k(e){return O.has(e.hostname)}function A(e){try{return k(new URL(e))}catch{return!1}}async function j(){try{let e=(await(0,E.getVercelOidcToken)()).trim();if(e.length>0)return e}catch{}return process.env.VERCEL_OIDC_TOKEN?.trim()??``}const M=`x-vercel-protection-bypass`,N=`x-vercel-trusted-oidc-idp-token`;function P(e){return e.pathname.endsWith(`/ash/v1`)||e.pathname.includes(D)}async function F(e){let t=I(e),n=await R(t,e.resourceUrl);return n!==null&&L(t,n),t}function I(e){let t=new Headers(V(e.headers)),n=process.env.VERCEL_AUTOMATION_BYPASS_SECRET?.trim();return n&&P(e.resourceUrl)&&t.set(M,n),t}function L(e,t){e.has(`authorization`)||e.set(`authorization`,`Bearer ${t}`),e.set(N,t)}async function R(e,t){return z(t)?e.get(`x-vercel-oidc-token`)?.trim()||await B():null}function z(e){return!(!P(e)||k(e))}async function B(){let e=await j();return e.length>0?e:null}function V(e){if(e!==void 0)return e instanceof Headers?e:Array.isArray(e)?e.map(([e,t])=>[e,t]):e}async function H(e){let t={},n=process.env.VERCEL_AUTOMATION_BYPASS_SECRET?.trim();if(n&&(t[M]=n),!A(e.serverUrl)){let e=await j();e.length>0&&(t[N]=e)}return t}function U(){return{streamIndex:0}}function W(e){let t=q(e.events),n=e.session.streamIndex+e.events.length;return t?.type===`session.waiting`?{continuationToken:e.continuationToken??e.session.continuationToken,sessionId:e.sessionId,streamIndex:n}:U()}function G(e){let t;for(let n of e)J(n)&&(t=n.data.message??void 0);return t}function K(e){let t=q(e);return t?.type===`session.waiting`?`waiting`:t?.type===`session.failed`?`failed`:`completed`}function q(e){for(let t=e.length-1;t>=0;t--){let n=e[t];if(n!==void 0&&r(n))return n}}function J(e){return e.type===`message.completed`&&e.data.finishReason!==`tool-calls`}var Y=class{continuationToken;sessionId;#e=!1;#t;constructor(e){this.continuationToken=e.continuationToken,this.sessionId=e.sessionId,this.#t=e.createStream}async result(){let e=[];for await(let t of this)e.push(t);return{events:e,message:G(e),sessionId:this.sessionId,status:K(e)}}[Symbol.asyncIterator](){if(this.#e)throw Error(`MessageResponse has already been consumed.`);return this.#e=!0,this.#t()}},X=class{#e;#t;constructor(e,t){this.#e=e,this.#t=t}get state(){return this.#t}async sendMessage(e,t){return this.send({message:e},t)}async send(e,t){let n=this.#t,{continuationToken:r,sessionId:i}=await this.#n(e,n,t);return new Y({continuationToken:r,createStream:()=>this.#r(i,r,n,t),sessionId:i})}openStream(e){let t=this.#t.sessionId;if(!t)throw Error(`Session has no session ID. Send a message first.`);return g({host:this.#e.host,maxReconnectAttempts:this.#e.maxReconnectAttempts,resolveHeaders:()=>this.#e.resolveHeaders(),sessionId:t,signal:e?.signal,startIndex:e?.startIndex??this.#t.streamIndex})}async#n(e,t,n){let r=t.sessionId?s(t.sessionId):i,a=f(this.#e.host,r),o=await this.#e.resolveHeaders(n?.headers);o.set(`content-type`,`application/json`);let c=Z({input:e,session:t});if(c===null)throw Error(`Session.send requires a non-empty message, inputResponses, or both.`);let u=await fetch(a,{body:JSON.stringify(c),headers:o,method:`POST`,signal:n?.signal??null});if(!u.ok){let e=await u.text();throw new l(u.status,e)}let d=await u.json(),p=(typeof d.sessionId==`string`?d.sessionId:void 0)??u.headers.get(`x-ash-session-id`)?.trim()??t.sessionId;if(!p)throw Error(`Message route did not return a session id.`);return{continuationToken:typeof d.continuationToken==`string`?d.continuationToken:void 0,sessionId:p}}async*#r(e,t,n,i){let a=[];try{let t=n.sessionId===e?n.streamIndex:0,o=this.#e.maxReconnectAttempts;for(;;){let n=await this.#i(e,t,i?.signal),s=!1;try{for await(let e of d(n))if(a.push(e),t+=1,yield e,r(e)){s=!0;break}}catch(e){if(!u(e))throw e}if(s||o<=0)break;--o}}finally{this.#t=W({continuationToken:t,events:a,sessionId:e,session:n})}}async#i(e,t,n){let r=f(this.#e.host,c(e),t>0?{startIndex:String(t)}:void 0),i=await this.#e.resolveHeaders(),a=await fetch(r,{headers:i,signal:n??null});if(!a.ok){let e=await a.text();throw new l(a.status,e)}if(!a.body)throw new l(a.status,`Response body is null.`);return a.body}};function Z(e){let t={};return e.input.message!==void 0&&(t.message=e.input.message),e.input.inputResponses!==void 0&&e.input.inputResponses.length>0&&(t.inputResponses=e.input.inputResponses),e.input.clientContext!==void 0&&(t.clientContext=e.input.clientContext),e.session.continuationToken!==void 0&&(t.continuationToken=e.session.continuationToken),Object.keys(t).length===0||e.session.continuationToken===void 0&&t.message===void 0||e.session.continuationToken!==void 0&&t.message===void 0&&t.inputResponses===void 0?null:t}var Q=class{#e;#t;#n;#r;constructor(e){this.#n=e.host,this.#e=e.auth,this.#t=e.headers,this.#r=e.maxReconnectAttempts??3}async health(){let e=f(this.#n,o),t=await this.#i(),n=await fetch(e,{headers:t});if(!n.ok){let e=await n.text();throw new l(n.status,e)}return await n.json()}session(e){let t;return t=typeof e==`string`?{continuationToken:e,streamIndex:0}:e||U(),new X({host:this.#n,maxReconnectAttempts:this.#r,resolveHeaders:e=>this.#i(e)},t)}async#i(e){let t=new Headers,n=await ee(this.#t);for(let[e,r]of Object.entries(n))t.set(e,r);if(e)for(let[n,r]of Object.entries(e))t.set(n,r);let r=await this.#a();return r&&t.set(`authorization`,r),t}async#a(){let e=this.#e;if(e){if(`bearer`in e){let t=(await $(e.bearer)).trim();return t.length===0?void 0:`Bearer ${t}`}if(`basic`in e){let t=await $(e.basic.password);return`Basic ${te(e.basic.username,t)}`}}}};async function $(e){return typeof e==`function`?e():e}async function ee(e){return e===void 0?{}:typeof e==`function`?await e():e}function te(e,t){let n=new TextEncoder().encode(`${e}:${t}`),r=Array.from(n,e=>String.fromCodePoint(e)).join(``);return btoa(r)}export{H as a,w as c,l as d,A as i,v as l,M as n,j as o,F as r,T as s,Q as t,g as u};