npm - fengming - Versions diffs - 0.3.4 → 0.3.5 - Mend

fengming 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2016) hide show

package/CHANGELOG.md +3 -2
package/dist/abort-CjCDVBbH.js +277 -0
package/dist/abort.runtime-DxJ8129J.js +2 -0
package/dist/abort.runtime.js +1 -1
package/dist/accounts-Cyn0sm_v.js +423 -0
package/dist/accounts-DzcLKcN5.js +2 -0
package/dist/acp/control-plane/manager.js +1 -1
package/dist/acp-spawn-4lfz_3K9.js +1286 -0
package/dist/acp-spawn-BCUjuO6L.js +2 -0
package/dist/acp-stateful-target-driver-Bv99uwEA.js +89 -0
package/dist/action-info-CP-p6RHS.js +75 -0
package/dist/active-runtime-registry-DjKe53a5.js +62 -0
package/dist/active-tool-schema-warnings-p7CqUnu1.js +105 -0
package/dist/active-tool-schema-warnings-pGI92yka.js +2 -0
package/dist/agent-B77yluip.js +1825 -0
package/dist/agent-BooUvZnR.js +2 -0
package/dist/agent-bundle-lsp-runtime-3ieSgTgo.js +389 -0
package/dist/agent-bundle-lsp-runtime-CkJ0XJK7.js +2 -0
package/dist/agent-bundle-mcp-materialize-BH-esGZL.js +124 -0
package/dist/agent-bundle-mcp-tools-DkixTTnL.js +3 -0
package/dist/agent-command-BJKcnQy6.js +1435 -0
package/dist/agent-delivery-CEfe_Zzt.js +117 -0
package/dist/agent-harness-runtime-R_Ae6o9C.js +207 -0
package/dist/agent-kWSaRcQt.js +3 -0
package/dist/agent-model-discovery-C49swEgd.js +238 -0
package/dist/agent-model-discovery-DZbixJQs.js +3 -0
package/dist/agent-runner-utils-BChpi9Ec.js +267 -0
package/dist/agent-runner.runtime-3LOdt215.js +3784 -0
package/dist/agent-runner.runtime.js +1 -1
package/dist/agent-runtime-3jsv8b7Y.js +199 -0
package/dist/agent-runtime-label-uoFI4ovH.js +30 -0
package/dist/agent-runtime-metadata-BhFt6kLt.js +53 -0
package/dist/agent-tool-result-middleware-loader-BxYJNC1i.js +55 -0
package/dist/agent-tools-COLEG7aL.js +2506 -0
package/dist/agent-tools.before-tool-call--rMZI5Rd.js +1274 -0
package/dist/agent-tools.before-tool-call-CbX2sfP4.js +2 -0
package/dist/agent-via-gateway-DfKij3De.js +486 -0
package/dist/agent-wait-dedupe-BAUSJotw.js +180 -0
package/dist/agents/agent-bundle-mcp-materialize.js +1 -1
package/dist/agents/auth-profiles.runtime.js +1 -1
package/dist/agents/compaction-planning.worker.js +1 -1
package/dist/agents/embedded-agent-runner/effective-tool-policy.js +1 -1
package/dist/agents/embedded-agent-runner/tool-split.js +1 -1
package/dist/agents/model-catalog.runtime.js +1 -1
package/dist/agents/model-provider-auth.worker.js +3 -3
package/dist/agents/models-config.runtime.js +1 -1
package/dist/agents-CZSNDJWD.js +632 -0
package/dist/agents.command-shared-DgbjfH23.js +16 -0
package/dist/agents.commands.add-DknGM1oz.js +304 -0
package/dist/agents.commands.bind-DDVI0yDe.js +265 -0
package/dist/agents.commands.delete-Dv4RHEhc.js +128 -0
package/dist/agents.commands.identity-BSZbc1QR.js +143 -0
package/dist/agents.commands.list-CA0OTw59.js +235 -0
package/dist/aliases-EY1GbfwT.js +97 -0
package/dist/api-CY0oKcRz.js +3 -0
package/dist/api-DgjY0gIl.js +6 -0
package/dist/api-VyMyAYze.js +2 -0
package/dist/api-key-rotation-DxPKIdmC.js +167 -0
package/dist/app-registration-BBDxCbFo.js +194 -0
package/dist/apply-DMYy7tc3.js +544 -0
package/dist/apply-Dd0n97MD.js +2 -0
package/dist/apply-bHIT1nMp.js +416 -0
package/dist/apply-g8x7Z83S.js +510 -0
package/dist/apply-nnbx9TaB.js +2 -0
package/dist/approval-native-helpers-CjaYvOaZ.js +398 -0
package/dist/artifacts-B55YR-uA.js +368 -0
package/dist/assistant-hJaOgfKl.js +291 -0
package/dist/attachment-normalize-COsastJx.js +213 -0
package/dist/attempt-execution-fDWDWcWe.js +584 -0
package/dist/attempt-execution.helpers-Cze5xPim.js +969 -0
package/dist/attempt-execution.runtime-B1iCG6LN.js +3 -0
package/dist/attempt-execution.runtime.js +1 -1
package/dist/attempt.prompt-helpers-CkBYHBBo.js +543 -0
package/dist/attempt.tool-run-context-DzfRK5pV.js +1240 -0
package/dist/audio-preflight.runtime-rjWd9uyk.js +7 -0
package/dist/audio-preflight.runtime.js +1 -1
package/dist/audit-DgFtNg3U.js +1108 -0
package/dist/audit-L8EC3WhV.js +477 -0
package/dist/audit.nondeep.runtime-D0sQ6bO2.js +1416 -0
package/dist/audit.nondeep.runtime.js +1 -1
package/dist/audit.runtime-CiG82F31.js +7 -0
package/dist/audit.runtime.js +1 -1
package/dist/auth-CzPdsZVM.js +567 -0
package/dist/auth-choice-BNzS9QBI.js +3 -0
package/dist/auth-choice-Cwr5kgcD.js +110 -0
package/dist/auth-choice-DW9qPpMS.js +400 -0
package/dist/auth-choice.apply.api-providers-C68tOdqj.js +34 -0
package/dist/auth-choice.apply.api-providers-DSRK0gYo.js +2 -0
package/dist/auth-choice.plugin-providers.runtime-BJ9VyO1C.js +11 -0
package/dist/auth-choice.plugin-providers.runtime.js +1 -1
package/dist/auth-health-BanKwsTW.js +219 -0
package/dist/auth-list-Dq8obVno.js +115 -0
package/dist/auth-order-VXqoAroP.js +105 -0
package/dist/auth-profiles-6VFEdgC-.js +73 -0
package/dist/auth-profiles-a0M4JYYg.js +14 -0
package/dist/backend-config-COaTdVnN.js +259 -0
package/dist/bash-tools-BMAquSiM.js +3 -0
package/dist/bash-tools-DLiUXfaS.js +3497 -0
package/dist/binding-routing-Bwvdx_7S.js +113 -0
package/dist/binding-targets-Z_d0mK_1.js +121 -0
package/dist/bootstrap-files-CoCV_zqu.js +202 -0
package/dist/bootstrap-files-_T3VoTrV.js +3 -0
package/dist/bridge-server-BIaNurGa.js +113 -0
package/dist/browser-cli-D4wL8NU9.js +230 -0
package/dist/browser-cli-actions-input-z40PGiYI.js +522 -0
package/dist/browser-cli-actions-observe-C4TeyNke.js +81 -0
package/dist/browser-cli-debug-Dv0gH-c8.js +137 -0
package/dist/browser-cli-inspect-BUXeITYc.js +117 -0
package/dist/browser-cli-manage-qMb3Yw5Y.js +446 -0
package/dist/browser-cli-resize-CZWnGwGz.js +32 -0
package/dist/browser-cli-shared-BpinhvE3.js +69 -0
package/dist/browser-cli-state-CBbKqqgP.js +371 -0
package/dist/browser-cli-uI5GGX51.js +2 -0
package/dist/browser-control-auth-CFPJXdN_.js +2 -0
package/dist/browser-profiles-D4ni3t4J.js +2 -0
package/dist/browser-runtime-Dm5D_PLf.js +389 -0
package/dist/browser-tool.schema-Bek02ox5.js +132 -0
package/dist/btw-command-DdrwvCK4.js +18 -0
package/dist/build-DkEeJ9sO.js +261 -0
package/dist/build-info.json +2 -2
package/dist/bundled/boot-md/handler.js +2 -2
package/dist/bundled/session-memory/handler.js +1 -1
package/dist/bundled-channel-config-schema-BeowdkHi.d.ts +3168 -0
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/capability-cli-DTRuKZJC.js +1809 -0
package/dist/capability-provider-runtime-Cpp-Jq9g.js +346 -0
package/dist/cdp.helpers-GfQkB-B5.js +637 -0
package/dist/channel-BRehZ4Cg.js +2309 -0
package/dist/channel-actions-hdQKe_se.js +46 -0
package/dist/channel-bootstrap.runtime-BzjlNG_j.js +38 -0
package/dist/channel-bootstrap.runtime-CmNNVl40.js +2 -0
package/dist/channel-bootstrap.runtime.js +1 -1
package/dist/channel-core-BLcWqSk-.js +5 -0
package/dist/channel-inbound-pR1B7HTU.js +121 -0
package/dist/channel-message-W0VurpjH.js +12 -0
package/dist/channel-outbound-DO4HI6E_.js +436 -0
package/dist/channel-plugin-resolution-CLA7S5_A.js +2 -0
package/dist/channel-plugin-resolution-DzwVj01h.js +135 -0
package/dist/channel-resolution-DOPyiG4k.js +46 -0
package/dist/channel-selection-kwoWZDQ3.js +171 -0
package/dist/channel-selection.runtime-LiDliif9.js +2 -0
package/dist/channel-selection.runtime.js +1 -1
package/dist/channel.runtime-DDt3PayH.js +697 -0
package/dist/channel.runtime.js +1 -1
package/dist/channels-CKJd4eUz.js +1004 -0
package/dist/channels-cli-DLAPi8pX.js +331 -0
package/dist/chat-6WsYrS9m.js +3 -0
package/dist/chat-DpsCEXAx.js +2940 -0
package/dist/chrome-BWHc9vYG.js +1517 -0
package/dist/chrome-mcp-BGKgR8A_.js +2 -0
package/dist/chrome-mcp-Bg5D5PDc.js +864 -0
package/dist/claude-live-session-BLCZnv-A.js +2 -0
package/dist/claude-live-session-CGnB64D6.js +1338 -0
package/dist/clawbot-cli-ynXzgp8B.js +9 -0
package/dist/cli/daemon-cli.js +3 -3
package/dist/cli/gateway-lifecycle.runtime.js +4 -4
package/dist/cli/run-main.js +12 -12
package/dist/cli-B4Ttnj0P.js +2 -0
package/dist/cli-BjVgdamH.js +2 -0
package/dist/cli-CNqBrHLU.js +293 -0
package/dist/cli-backends.runtime-DoxtCrow.js +7 -0
package/dist/cli-backends.runtime.js +1 -1
package/dist/cli-compaction-BCuLbs75.js +363 -0
package/dist/cli-mthNIkji.js +141 -0
package/dist/cli-registry-loader-B2sNTdgY.js +2 -0
package/dist/cli-registry-loader-Dz9YFrjw.js +193 -0
package/dist/cli-runner-C9t-9-Io.js +597 -0
package/dist/cli-runner-D21qMGk7.js +2 -0
package/dist/cli-runner.runtime-BNqbJFgu.js +3 -0
package/dist/cli-runner.runtime-Dv50IEvH.js +4 -0
package/dist/cli-runner.runtime.js +1 -1
package/dist/cli-session-jBtClYfT.js +119 -0
package/dist/cli-startup-metadata.json +9 -9
package/dist/cli.runtime-CGBzSGAG.js +1276 -0
package/dist/cli.runtime.js +1 -1
package/dist/codex-native-web-search-B3C-srtm.js +20 -0
package/dist/codex-native-web-search-B7xh2Xcb.js +4 -0
package/dist/codex-native-web-search-core-CrwANQg5.js +106 -0
package/dist/command-auth-Dz_pdczs.js +135 -0
package/dist/command-config-resolution-XCA63Yv8.js +25 -0
package/dist/command-config-resolution-xtKMDTG9.js +2 -0
package/dist/command-config-resolution.runtime-xtKMDTG9.js +2 -0
package/dist/command-config-resolution.runtime.js +1 -1
package/dist/command-execution-startup-CasEqEXh.js +90 -0
package/dist/command-primitives-runtime-DC9gtSI3.js +3 -0
package/dist/command-registry-BQnMdca9.js +9 -0
package/dist/command-registry-core-hx2t1jQP.js +114 -0
package/dist/command-registry-rbKA-L_8.js +4 -0
package/dist/command-secret-gateway-7oveYQCx.js +589 -0
package/dist/command-secret-targets-B7M1Us_C.js +2 -0
package/dist/command-status-builders-DrSoZhiI.js +147 -0
package/dist/command-status.runtime-By0071-y.js +90 -0
package/dist/command-status.runtime.js +1 -1
package/dist/commands/status.summary.runtime.js +3 -3
package/dist/commands-B1MnUj5-.js +161 -0
package/dist/commands-compact.runtime-DELj3JaW.js +10 -0
package/dist/commands-compact.runtime.js +1 -1
package/dist/commands-core.runtime-Zw0grrkC.js +2 -0
package/dist/commands-core.runtime.js +1 -1
package/dist/commands-handlers.runtime-BCl_ZHJZ.js +6327 -0
package/dist/commands-handlers.runtime.js +1 -1
package/dist/commands-models-Uurm-0C3.js +448 -0
package/dist/commands-registry-Bo1AeDcq.js +195 -0
package/dist/commands-registry.runtime-C9DBHyhh.js +4 -0
package/dist/commands-registry.runtime.js +1 -1
package/dist/commands-status-BoAXH-wg.js +16 -0
package/dist/commands-status-CNALMTN9.js +3 -0
package/dist/commands-status.runtime-CNALMTN9.js +3 -0
package/dist/commands-status.runtime.js +1 -1
package/dist/commands-subagents-control.runtime-Dl4IuTzV.js +2 -0
package/dist/commands-subagents-control.runtime.js +1 -1
package/dist/commands-system-prompt-BPzpLmUp.js +2 -0
package/dist/commands-system-prompt-DCOZSNh5.js +161 -0
package/dist/commands.runtime-bfCLM0Sg.js +175 -0
package/dist/commands.runtime.js +1 -1
package/dist/commitments/runtime.js +1 -1
package/dist/common-CoOYhmSg.js +286 -0
package/dist/compact-yqaUOESq.js +1165 -0
package/dist/compact.runtime-Y91AFZVE.js +12 -0
package/dist/compact.runtime.js +1 -1
package/dist/compaction-planning-DVnykwzd.js +202 -0
package/dist/completion-cli-BJjq_g_B.js +393 -0
package/dist/config-CsmSEaNn.js +374 -0
package/dist/config-CtNXZ0iy.js +610 -0
package/dist/config-cli-CNpIVdqp.js +1703 -0
package/dist/config-mutation-B-SErGM0.js +5 -0
package/dist/config-mutations-Bu3ahkX8.js +161 -0
package/dist/config-utils-Bv0Nisds.js +141 -0
package/dist/config-validation-DitvTYD8.js +33 -0
package/dist/configure-CdjbRKTg.js +771 -0
package/dist/configure-Cvi-5ml4.js +3 -0
package/dist/configure.commands-BJii4733.js +1253 -0
package/dist/configure.commands-tJzVFJ0o.js +2 -0
package/dist/context-D1N9oPds.js +2 -0
package/dist/context-XMtJ9b3v.js +248 -0
package/dist/context-engine-host-compat-3QznbSaW.js +280 -0
package/dist/context-engine-host-compat-DquSpnKD.js +2 -0
package/dist/context-engine-lifecycle-Bqdhy9JU.js +627 -0
package/dist/control-auth-CMW_9jmY.js +114 -0
package/dist/control-service-D-r3k91q.js +40 -0
package/dist/control-service-uIPYrp9F.js +3 -0
package/dist/control-ui/assets/activity-DgMhyllD.js +124 -0
package/dist/control-ui/assets/agents-CsRhxO2O.js +1030 -0
package/dist/control-ui/assets/channels-Dq8bzpMg.js +120 -0
package/dist/control-ui/assets/cron-Dk5bqYwg.js +1016 -0
package/dist/control-ui/assets/debug-CNIwFEQO.js +97 -0
package/dist/control-ui/assets/index-CV2NsPlu.js +7214 -0
package/dist/control-ui/assets/instances-DLr0iEvT.js +57 -0
package/dist/control-ui/assets/nodes-D3JEksjl.js +444 -0
package/dist/control-ui/assets/sessions-nbXWGlHZ.js +425 -0
package/dist/control-ui/assets/skills-tBOi8OBq.js +362 -0
package/dist/control-ui/assets/workboard-ClTo7wmK.js +402 -0
package/dist/control-ui/index.html +1 -1
package/dist/control-ui/sw.js +1 -1
package/dist/control-ui-AkRMsk9S.js +750 -0
package/dist/conversation-label-generator-DHtcgSBn.js +72 -0
package/dist/conversation-runtime-BEgHW4ta.js +31 -0
package/dist/core-Bslrvfnp.js +284 -0
package/dist/core-api-BOlUb7G8.js +5 -0
package/dist/core-api-CiBoGa2I.js +2 -0
package/dist/crestodian/crestodian.js +1 -1
package/dist/crestodian/rescue-message.js +1 -1
package/dist/crestodian-mXnyuHx9.js +55 -0
package/dist/cron-PbdpyFrD.js +453 -0
package/dist/daemon-install-C-d4dFvn.js +66 -0
package/dist/daemon-install-auth-profiles-store.runtime-CvE2EVVo.js +2 -0
package/dist/daemon-install-auth-profiles-store.runtime.js +1 -1
package/dist/dashboard-Ey5dnvMI.js +263 -0
package/dist/defaults-CsRAv-qE.js +130 -0
package/dist/defaults-DHZBSNHC.js +3 -0
package/dist/defaults.constants-CR4S_tvw.js +76 -0
package/dist/deliver-BkuuFBlm.js +1399 -0
package/dist/deliver-P4upyes7.js +3 -0
package/dist/deliver-runtime-CjnLI_nC.js +2 -0
package/dist/delivery-outbound.runtime-fcJ-M8qj.js +7 -0
package/dist/delivery-outbound.runtime.js +1 -1
package/dist/delivery-queue-BqgHvNlY.js +863 -0
package/dist/delivery-queue-CfsRscJb.js +2 -0
package/dist/delivery-queue-runtime-D0PKG1Bv.js +16 -0
package/dist/delivery-target.runtime-C5e8d0WH.js +45 -0
package/dist/delivery-target.runtime.js +1 -1
package/dist/delivery.runtime-2Ut8xM3P.js +470 -0
package/dist/delivery.runtime.js +1 -1
package/dist/detached-task-runtime-OOZBqRy-.js +86 -0
package/dist/diagnostics-zf6WQ2h7.js +168 -0
package/dist/dialogue-C8IOya-l.js +37 -0
package/dist/direct-dm-wPF-KfNb.js +81 -0
package/dist/directive-handling.defaults-C-1lmFYo.js +22 -0
package/dist/directive-handling.fast-lane-DENPMtYI.js +70 -0
package/dist/directive-handling.impl-C1p5t3qA.js +2 -0
package/dist/directive-handling.impl-DOo2Sa7C.js +823 -0
package/dist/directive-handling.model-selection-6gC-fr_g.js +122 -0
package/dist/directive-handling.persist.runtime-CuhUd2kW.js +274 -0
package/dist/directive-handling.persist.runtime.js +1 -1
package/dist/directives-BIKSyN8C.js +319 -0
package/dist/directory-cli-DZ0PU0Rv.js +239 -0
package/dist/dispatch-DQLImAqt.js +2057 -0
package/dist/dispatch-acp-DzyX7wsq.js +1102 -0
package/dist/dispatch-acp-manager.runtime-CoAfs4O1.js +3 -0
package/dist/dispatch-acp-manager.runtime.js +1 -1
package/dist/dispatch-acp-media.runtime-7uUP_jr9.js +4 -0
package/dist/dispatch-acp-media.runtime.js +1 -1
package/dist/dispatch-acp-transcript.runtime-BUlmV_h0.js +40 -0
package/dist/dispatch-acp-transcript.runtime.js +1 -1
package/dist/dispatch-acp-tts.runtime-ChBnVkNt.js +3 -0
package/dist/dispatch-acp-tts.runtime.js +1 -1
package/dist/dispatch-acp.runtime-DAexFaBu.js +18 -0
package/dist/dispatch-acp.runtime.js +1 -1
package/dist/dispatcher-D3IQEbf9.js +106 -0
package/dist/doctor-BSqEqfb6.js +760 -0
package/dist/doctor-auth-flat-profiles-BIZ4wsYP.js +2 -0
package/dist/doctor-auth-flat-profiles-DXtD5LfC.js +516 -0
package/dist/doctor-auth-legacy-oauth-DwFbRYTP.js +48 -0
package/dist/doctor-auth-oauth-sidecar-6I3FEJbi.js +2 -0
package/dist/doctor-auth-oauth-sidecar-BSC3rnDM.js +177 -0
package/dist/doctor-auth-tVGsUiM6.js +216 -0
package/dist/doctor-bootstrap-size-B0q6bdkO.js +57 -0
package/dist/doctor-claude-cli-Bn79OuBT.js +150 -0
package/dist/doctor-config-flow-CCwocXpV.js +1819 -0
package/dist/doctor-core-checks-D7-1l8jy.js +666 -0
package/dist/doctor-core-checks-eM8FNi8B.js +2 -0
package/dist/doctor-core-checks.runtime-Dc03aeoU.js +278 -0
package/dist/doctor-core-checks.runtime.js +1 -1
package/dist/doctor-gRYfpEbB.js +6 -0
package/dist/doctor-gateway-daemon-flow-KTnHAdeV.js +349 -0
package/dist/doctor-gateway-services-BByDQtjY.js +465 -0
package/dist/doctor-health-CnoM718z.js +65 -0
package/dist/doctor-health-contributions-flVKMQwr.js +874 -0
package/dist/doctor-lint-BBm6gtBa.js +95 -0
package/dist/doctor-memory-search-DjHVDCGo.js +407 -0
package/dist/doctor-state-integrity-Bgw25cz1.js +1257 -0
package/dist/doctor-tool-result-cap-advice-B8wTpiTO.js +27 -0
package/dist/doctor-workspace-status-DcjeJIpT.js +76 -0
package/dist/dreaming-BE4t8DVf.js +523 -0
package/dist/dreaming-command-DWm1lB-Z.js +101 -0
package/dist/dreaming-narrative-8DM-OMrm.js +721 -0
package/dist/dreaming-narrative-CcFfheQI.js +2 -0
package/dist/dreaming-phases-CqOhhTdZ.js +2 -0
package/dist/dreaming-phases-D9eT6Kk0.js +1162 -0
package/dist/drive-D2M5B7-2.js +899 -0
package/dist/echo-transcript-B-wl5MoX.js +52 -0
package/dist/effective-tool-policy-Cx8mC5aA.js +89 -0
package/dist/embedded-agent-BTvtoOe_.js +4 -0
package/dist/embedded-agent-CGmSKuNM.js +4074 -0
package/dist/embedded-agent-helpers-CboIPx57.js +6 -0
package/dist/embedded-agent-helpers-cw0InMDZ.js +1037 -0
package/dist/embedded-agent.runtime-Bfe4bjyF.js +4 -0
package/dist/embedded-agent.runtime.js +1 -1
package/dist/embedded-backend-D-EshN85.js +744 -0
package/dist/embedded-gateway-stub.runtime-Cx9qs0KV.js +12 -0
package/dist/embedded-gateway-stub.runtime.js +1 -1
package/dist/embedding-provider-runtime-DaXfsUPo.js +86 -0
package/dist/embedding-providers-CdU99clu.js +2 -0
package/dist/embeddings-http-BQnlTr-1.js +222 -0
package/dist/engine-qmd-5jbjGywA.js +708 -0
package/dist/engine-storage-CfAgwoDp.js +203 -0
package/dist/entry.js +1 -1
package/dist/errors-C0AUxo3P.js +2 -0
package/dist/exec-approval-forwarder.runtime-BvR47p5Z.js +4 -0
package/dist/exec-approval-forwarder.runtime.js +1 -1
package/dist/exec-approval-session-target-CCqYgaVa.js +177 -0
package/dist/exec-auto-reviewer-BfJaNkNy.js +2 -0
package/dist/exec-auto-reviewer-Dqx7I88Z.js +241 -0
package/dist/execute.runtime-Qb6Z75sG.js +579 -0
package/dist/execute.runtime.js +1 -1
package/dist/extensionAPI.js +2 -2
package/dist/extensions/active-memory/index.js +3 -3
package/dist/extensions/admin-http-rpc/index.js +1 -1
package/dist/extensions/alibaba/index.js +1 -1
package/dist/extensions/alibaba/video-generation-provider.js +1 -1
package/dist/extensions/baichuan/index.js +1 -1
package/dist/extensions/browser/browser-bridge.js +1 -1
package/dist/extensions/browser/browser-cdp.js +1 -1
package/dist/extensions/browser/browser-config.js +5 -5
package/dist/extensions/browser/browser-control-auth.js +2 -2
package/dist/extensions/browser/browser-doctor.js +3 -3
package/dist/extensions/browser/browser-maintenance.js +1 -1
package/dist/extensions/browser/browser-profiles.js +3 -3
package/dist/extensions/browser/browser-runtime-api.js +14 -14
package/dist/extensions/browser/cli-metadata.js +1 -1
package/dist/extensions/browser/index.js +1 -1
package/dist/extensions/browser/plugin-registration.js +1 -1
package/dist/extensions/browser/register.runtime.js +4 -4
package/dist/extensions/browser/runtime-api.js +16 -16
package/dist/extensions/byteplus/index.js +3 -3
package/dist/extensions/byteplus/video-generation-provider.js +1 -1
package/dist/extensions/canvas/index.js +3 -3
package/dist/extensions/canvas/runtime-api.js +2 -2
package/dist/extensions/deepseek/index.js +1 -1
package/dist/extensions/device-pair/api.js +2 -2
package/dist/extensions/device-pair/pair-command-approve.js +1 -1
package/dist/extensions/device-pair/qr-image.js +2 -2
package/dist/extensions/longcat/index.js +1 -1
package/dist/extensions/memory-core/api.js +3 -3
package/dist/extensions/memory-core/cli-metadata.js +1 -1
package/dist/extensions/memory-core/cli.js +2 -2
package/dist/extensions/memory-core/index.js +11 -11
package/dist/extensions/memory-core/manager-runtime.js +1 -1
package/dist/extensions/memory-core/runtime-api.js +6 -6
package/dist/extensions/minimax/image-generation-provider.js +1 -1
package/dist/extensions/minimax/index.js +7 -7
package/dist/extensions/minimax/media-understanding-provider.js +1 -1
package/dist/extensions/minimax/music-generation-provider.js +1 -1
package/dist/extensions/minimax/oauth.js +1 -1
package/dist/extensions/minimax/oauth.runtime.js +1 -1
package/dist/extensions/minimax/provider-registration.js +1 -1
package/dist/extensions/minimax/speech-provider.js +1 -1
package/dist/extensions/minimax/video-generation-provider.js +1 -1
package/dist/extensions/minimax/web-search-provider.js +1 -1
package/dist/extensions/moonshot/index.js +5 -5
package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
package/dist/extensions/moonshot/web-search-provider.js +1 -1
package/dist/extensions/qianfan/index.js +1 -1
package/dist/extensions/qwen/index.js +5 -5
package/dist/extensions/qwen/media-understanding-provider.js +1 -1
package/dist/extensions/qwen/video-generation-provider.js +1 -1
package/dist/extensions/sensenova/index.js +1 -1
package/dist/extensions/skill-workshop/api.js +2 -2
package/dist/extensions/skill-workshop/index.js +4 -4
package/dist/extensions/stepfun/index.js +2 -2
package/dist/extensions/tavily/index.js +1 -1
package/dist/extensions/tavily/web-search-provider.js +1 -1
package/dist/extensions/tencent/index.js +2 -2
package/dist/extensions/tiangong/index.js +1 -1
package/dist/extensions/volcengine/index.js +3 -3
package/dist/extensions/volcengine/speech-provider.js +1 -1
package/dist/extensions/webhooks/api.js +1 -1
package/dist/extensions/webhooks/index.js +1 -1
package/dist/extensions/weixin/index.js +3 -3
package/dist/extensions/workboard/index.js +2 -2
package/dist/extensions/xiaomi/index.js +4 -4
package/dist/extensions/xiaomi/speech-provider.js +1 -1
package/dist/extensions/xingchen/index.js +1 -1
package/dist/extensions/yi/index.js +1 -1
package/dist/extensions/zai/index.js +4 -4
package/dist/extensions/zai/media-understanding-provider.js +1 -1
package/dist/extensions/zhinao/index.js +1 -1
package/dist/external-cli-auth-selection-CM_aOUJw.js +113 -0
package/dist/extra-params-Bm1eLWN9.js +615 -0
package/dist/fallback-notice-state-v1kyWACv.js +15 -0
package/dist/fallbacks-CDllk2g1.js +31 -0
package/dist/fallbacks-shared-DdMKEmAC.js +116 -0
package/dist/fengming-runtime-DSv30J04.js +33 -0
package/dist/fengming-runtime-config-BE-DquuY.js +2 -0
package/dist/fengming-runtime-memory-BE-DquuY.js +2 -0
package/dist/fengming-runtime-session-BE-DquuY.js +2 -0
package/dist/fengming-tools-DHb-ZeDC.js +12221 -0
package/dist/flows-Cz3y10A9.js +189 -0
package/dist/fs-utils-D05rps7O.js +9 -0
package/dist/gateway/protocol/index.d.ts +1 -1
package/dist/gateway-DTi2D7ZS.js +133 -0
package/dist/gateway-cli-DT2fL2fX.js +443 -0
package/dist/gateway-install-token-CJhAycOA.js +136 -0
package/dist/gateway-method-runtime-BuiYTDQk.js +21 -0
package/dist/gateway-runtime-C5_cVlSW.js +23 -0
package/dist/get-reply-Cz-dUrWm.js +5198 -0
package/dist/get-reply-from-config.runtime-BC1HT67i.js +2 -0
package/dist/get-reply-from-config.runtime.js +1 -1
package/dist/github-copilot-token-09lxV3kH.js +2 -0
package/dist/health-CmihbcqN.js +621 -0
package/dist/health-D8L37hBZ.js +111 -0
package/dist/health-DU7I9RrJ.js +3 -0
package/dist/health-state-QZ2E6xGQ.js +106 -0
package/dist/heartbeat-runner-Bz5PMzEI.js +1930 -0
package/dist/heartbeat-runner-DfqqQ_8w.js +5 -0
package/dist/heartbeat-runner.runtime-8BshUhoS.js +3 -0
package/dist/heartbeat-runner.runtime.js +1 -1
package/dist/helpers-Bkq4POdX.js +406 -0
package/dist/hook-helpers-nmDwt3Fa.js +44 -0
package/dist/hooks-9FOcRqfu.js +536 -0
package/dist/hooks-cli-CrQelcwo.js +465 -0
package/dist/http-endpoint-helpers-BD5u6YsT.js +37 -0
package/dist/http-utils-RcKuBJ0I.js +98 -0
package/dist/image-DwNoypK2.js +385 -0
package/dist/image-fallbacks-BUyDnmUX.js +31 -0
package/dist/image-generation-core.auth.runtime-CA8miEMh.js +2 -0
package/dist/image-generation-core.auth.runtime.js +1 -1
package/dist/image-generation-provider-DXMW5EmB.js +152 -0
package/dist/image-runtime-D5QpNNzz.js +9 -0
package/dist/image-tool.helpers-6vGxo1Y0.js +150 -0
package/dist/images-BGWLzQEJ.js +416 -0
package/dist/images-Db4UB3JG.js +2 -0
package/dist/inbound-reply-dispatch-DRF6ZmQg.js +2 -0
package/dist/inbound-reply-dispatch-RAKLqow4.js +147 -0
package/dist/index-DhOQs6M_.d.ts +1497 -0
package/dist/index.js +1 -1
package/dist/infra-runtime-BFrpRc_V.js +32 -0
package/dist/init-sR7bCS9D.js +59 -0
package/dist/install-BzdJbOUx.js +262 -0
package/dist/install.runtime-Zye6pbZ6.js +2 -0
package/dist/internal-DL_vFx8C.js +399 -0
package/dist/isolated-agent-Qif8Llbt.js +2 -0
package/dist/isolated-agent-aqEjxqs-.js +1097 -0
package/dist/kernel-B-i4c2IK.js +979 -0
package/dist/kernel-DYDJ_hLb.js +3 -0
package/dist/kimi-web-search-provider.runtime-95HAkvHY.js +307 -0
package/dist/kimi-web-search-provider.runtime.js +1 -1
package/dist/library-CZVbE5hF.js +45 -0
package/dist/lifecycle-C8M3YLbT.js +2 -0
package/dist/lifecycle-CPDNQnUN.js +570 -0
package/dist/lifecycle-DpuP7n3J.js +355 -0
package/dist/lifecycle.runtime-C8M3YLbT.js +2 -0
package/dist/lifecycle.runtime.js +1 -1
package/dist/link-understanding/apply.runtime.js +3 -3
package/dist/list-B_ALwpPl.js +2 -0
package/dist/list-Bda_GYFy.js +207 -0
package/dist/list.list-command-W9OGfAIU.js +429 -0
package/dist/list.model-row-LV4AaX0H.js +39 -0
package/dist/list.probe-CrZm6BH2.js +451 -0
package/dist/list.probe-Dfdmb8bC.js +2 -0
package/dist/list.provider-catalog-7T1jKk0n.js +211 -0
package/dist/list.provider-catalog-DjGyZVEj.js +2 -0
package/dist/list.registry-load-DkCS8JZQ.js +152 -0
package/dist/list.row-sources-B1vjo_Y9.js +474 -0
package/dist/list.source-plan-C9Sa6zRK.js +81 -0
package/dist/list.status-command-9daSZZDm.js +815 -0
package/dist/live-model-switch-Dy-UFUMS.js +119 -0
package/dist/llm-slug-generator-DEmh5-_1.js +78 -0
package/dist/llm-slug-generator.js +1 -1
package/dist/load-config-CvQpC8k6.js +27 -0
package/dist/load-context-_qSHpZ5S.js +82 -0
package/dist/loader-CntMt07B.js +7008 -0
package/dist/local-dispatch.runtime-BSN_gqNS.js +10 -0
package/dist/local-dispatch.runtime.js +1 -1
package/dist/main-session-restart-recovery-Db7366lt.js +2 -0
package/dist/main-session-restart-recovery-n87NTooQ.js +389 -0
package/dist/managed-image-attachments-BTBBHlKl.js +2 -0
package/dist/managed-image-attachments-C6_V1yX0.js +616 -0
package/dist/manager-CKrWxjV6.js +3737 -0
package/dist/manager-Dvb1FVnx.js +2314 -0
package/dist/mcp/plugin-tools-serve.js +2 -2
package/dist/mcp-http-CSoGXOa_.js +583 -0
package/dist/mcp-http-D4ieDB3W.js +2 -0
package/dist/media-runtime-GeQTQkkK.js +391 -0
package/dist/media-services-CWbIUZDe.js +416 -0
package/dist/media-understanding/apply.runtime.js +1 -1
package/dist/media-understanding-DXc2BD2L.js +87 -0
package/dist/media-understanding-provider-BkdUiVWU.js +70 -0
package/dist/media-understanding-provider-BlgmLViW.js +13 -0
package/dist/media-understanding-provider-C9P2VjkC.js +29 -0
package/dist/media-understanding-provider-CJlbgAvl.js +69 -0
package/dist/memory-CnC2jM1l.js +437 -0
package/dist/memory-core-host-engine-embeddings-Dy9vN-Ce.js +667 -0
package/dist/memory-core-host-engine-foundation-C-pGGQnm.js +15 -0
package/dist/memory-core-host-engine-qmd-DLJDON9w.js +2 -0
package/dist/memory-core-host-engine-storage-Bzf-C8XE.js +2 -0
package/dist/memory-core-host-runtime-cli-_LWA6G3x.js +10 -0
package/dist/memory-core-host-runtime-core-CromkNBr.js +12 -0
package/dist/memory-core-host-runtime-files-DpbviC1b.js +4 -0
package/dist/memory-embedding-provider-runtime-CaVVaYC5.js +36 -0
package/dist/memory-host-core-B5dWHwBF.js +78 -0
package/dist/memory-host-search.runtime-DqlCFac1.js +2 -0
package/dist/memory-host-search.runtime.js +1 -1
package/dist/memory-runtime-BCeeWb1G.js +2 -0
package/dist/memory-runtime-pR9KGin0.js +57 -0
package/dist/memory-search-CpDEEY2Q.js +235 -0
package/dist/message-BeGCG-D8.js +284 -0
package/dist/message-YGMOyqP5.js +2 -0
package/dist/message-action-runner-ByMT3_eb.js +1922 -0
package/dist/message-action-runner-VXmKO_W7.js +2 -0
package/dist/message-handler-MZ0DMbCx.js +1806 -0
package/dist/metadata-registry-loader-BH9D1UOx.js +2 -0
package/dist/metadata-registry-loader-BK1cHCas.js +22 -0
package/dist/migrate-BA6w0hd3.js +2 -0
package/dist/migrate-BGuQC-1W.js +458 -0
package/dist/migration-provider-runtime-BBdDegWG.js +2 -0
package/dist/migration-provider-runtime-C5WUjrQz.js +68 -0
package/dist/minimax-web-search-provider.runtime-suVFk3Zx.js +148 -0
package/dist/minimax-web-search-provider.runtime.js +1 -1
package/dist/model-BJZXR9dq.js +1302 -0
package/dist/model-BL7xlN5h.js +2 -0
package/dist/model-auth-C-6dYVob.js +6 -0
package/dist/model-auth-DJz7R41W.js +705 -0
package/dist/model-auth-label-DKNXktIu.js +67 -0
package/dist/model-catalog-BjiK5rtT.js +3 -0
package/dist/model-catalog-DM1CTjkW.js +434 -0
package/dist/model-catalog-visibility-DEJZG0In.js +76 -0
package/dist/model-config.helpers-BKcUeE_P.js +95 -0
package/dist/model-context-tokens-5y_PQELY.js +572 -0
package/dist/model-fallback-BDdBR053.js +1288 -0
package/dist/model-fallback-auth.runtime-pcWfkIUF.js +5 -0
package/dist/model-fallback-auth.runtime.js +1 -1
package/dist/model-picker-Bpvp4_N4.js +1135 -0
package/dist/model-picker-DWPPtq6d.js +3 -0
package/dist/model-picker-visibility-BtdqVF80.js +22 -0
package/dist/model-picker.runtime-CYlqts2z.js +48 -0
package/dist/model-picker.runtime.js +1 -1
package/dist/model-pricing-cache-BmmncDqL.js +856 -0
package/dist/model-pricing-cache-CEwRyWw2.js +3 -0
package/dist/model-pricing-cache-state-B8Aspp85.js +83 -0
package/dist/model-provider-auth-B3KXoKkE.js +2 -0
package/dist/model-provider-auth-Bo_8T7of.js +375 -0
package/dist/model-runtime-aliases-Br-ZlhrL.js +133 -0
package/dist/model-selection-D5-ERakL.js +254 -0
package/dist/model-selection-DrzgktRu.js +7 -0
package/dist/model-selection-ibwsPgIw.js +352 -0
package/dist/model-selection.runtime-BRkOZejt.js +7 -0
package/dist/model-selection.runtime.js +1 -1
package/dist/models-RPAH3ZBn.js +57 -0
package/dist/models-auth-status-Cwu9OXU8.js +280 -0
package/dist/models-cli-CrYkSUoa.js +257 -0
package/dist/models-config-Ayzj9gDz.js +1189 -0
package/dist/models-config-BFcjB7nN.js +2 -0
package/dist/models-config.providers.secrets-CCRUW7gL.js +2 -0
package/dist/models-config.providers.secrets-DdX_XSRo.js +382 -0
package/dist/models-http-jLFnelH7.js +88 -0
package/dist/monitor-CqWICrjO.js +60 -0
package/dist/monitor-DwccYPfp.js +1024 -0
package/dist/monitor.account-e9EVttpP.js +5382 -0
package/dist/music-generation-provider-Dfc--R-x.js +308 -0
package/dist/native-hook-relay-Cioqiqv8.js +1378 -0
package/dist/native-hook-relay-DRwJIspI.js +19 -0
package/dist/node-cli-CrG3LH9J.js +2806 -0
package/dist/node-command-policy-CkBTEmhl.js +295 -0
package/dist/nodes-BxrWFA09.js +1483 -0
package/dist/nodes-DFPTGZjc.js +3 -0
package/dist/nodes-cli-Czwyt6r1.js +960 -0
package/dist/nodes-pending-B_4QHyB2.js +211 -0
package/dist/nodes-utils-c4k31OaG.js +85 -0
package/dist/oauth-BXncC0JP.js +852 -0
package/dist/oauth-Ba1O2vqP.js +207 -0
package/dist/oauth-CGQkfxbJ.js +746 -0
package/dist/onboard-I5tQlVm6.js +768 -0
package/dist/onboard-channels-BleKfB1D.js +2 -0
package/dist/onboard-channels-jVaUjGYX.js +1534 -0
package/dist/onboard-custom-BR_5oqUr.js +3 -0
package/dist/onboard-custom-Ss0DThuP.js +280 -0
package/dist/onboard-custom-config-B-knjQm7.js +422 -0
package/dist/onboard-search-BsIztGYF.js +412 -0
package/dist/openai-compat-errors-UkLkk8Q9.js +136 -0
package/dist/openai-http-mTQB44gu.js +836 -0
package/dist/openai-transport-stream-CZSs3SIi.js +3427 -0
package/dist/openresponses-http-BA1Shmj-.js +1175 -0
package/dist/operations-DhgPih1F.js +805 -0
package/dist/order-CaXafMPG.js +218 -0
package/dist/outbound-attachment-BAp7DXDc.js +19 -0
package/dist/param-readers-De-m2SoB.js +2 -0
package/dist/payloads-Dg9aAEOC.js +256 -0
package/dist/persistent-bindings.lifecycle-BkLOz501.js +2 -0
package/dist/persistent-bindings.lifecycle-e2MLbBCo.js +85 -0
package/dist/plugin-enabled-CGSENjXc.js +232 -0
package/dist/plugin-install-BI9_bsVT.js +118 -0
package/dist/plugin-install-an4V2iXO.js +2 -0
package/dist/plugin-install-config-policy-C66Nss3D.js +169 -0
package/dist/plugin-registration-DMerQktl.js +97 -0
package/dist/plugin-registry-BZfdCw65.js +3 -0
package/dist/plugin-registry-I1fegSdK.js +2 -0
package/dist/plugin-runtime-B3XMLJka.js +102 -0
package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
package/dist/plugin-sdk/acp-runtime-backend.js +1 -1
package/dist/plugin-sdk/acp-runtime.js +2 -2
package/dist/plugin-sdk/agent-harness-runtime.js +16 -16
package/dist/plugin-sdk/agent-harness-task-runtime.js +4 -4
package/dist/plugin-sdk/agent-harness.js +17 -17
package/dist/plugin-sdk/agent-runtime.js +17 -17
package/dist/plugin-sdk/agent-sessions.js +1 -1
package/dist/plugin-sdk/approval-native-runtime.js +2 -2
package/dist/plugin-sdk/approval-reaction-runtime.js +1 -1
package/dist/plugin-sdk/approval-runtime.js +2 -2
package/dist/plugin-sdk/bundled-channel-config-schema-BsOWCrJT.d.ts +3169 -0
package/dist/plugin-sdk/bundled-channel-config-schema.d.ts +1 -1
package/dist/plugin-sdk/channel-actions.js +2 -2
package/dist/plugin-sdk/channel-config-schema-legacy.d.ts +1 -1
package/dist/plugin-sdk/channel-core.js +2 -2
package/dist/plugin-sdk/channel-envelope.js +1 -1
package/dist/plugin-sdk/channel-inbound-roots.js +1 -1
package/dist/plugin-sdk/channel-inbound.js +4 -4
package/dist/plugin-sdk/channel-location.js +1 -1
package/dist/plugin-sdk/channel-message-runtime.js +5 -5
package/dist/plugin-sdk/channel-message.js +5 -5
package/dist/plugin-sdk/channel-outbound.js +2 -2
package/dist/plugin-sdk/channel-reply-options-runtime.js +1 -1
package/dist/plugin-sdk/command-auth-native.js +2 -2
package/dist/plugin-sdk/command-auth.js +4 -4
package/dist/plugin-sdk/command-primitives-runtime.js +2 -2
package/dist/plugin-sdk/command-status-runtime.js +1 -1
package/dist/plugin-sdk/command-status.js +1 -1
package/dist/plugin-sdk/compat.js +2 -2
package/dist/plugin-sdk/config-mutation.js +2 -2
package/dist/plugin-sdk/config-runtime.js +1 -1
package/dist/plugin-sdk/config-schema.d.ts +2 -2
package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
package/dist/plugin-sdk/conversation-runtime.js +3 -3
package/dist/plugin-sdk/core.js +3 -3
package/dist/plugin-sdk/delivery-queue-runtime.js +1 -1
package/dist/plugin-sdk/direct-dm.js +1 -1
package/dist/plugin-sdk/discord.d.ts +1 -1
package/dist/plugin-sdk/embedding-providers.js +2 -2
package/dist/plugin-sdk/gateway-method-runtime.js +1 -1
package/dist/plugin-sdk/gateway-runtime.js +2 -2
package/dist/plugin-sdk/health.js +1 -1
package/dist/plugin-sdk/image-generation-core.js +3 -3
package/dist/plugin-sdk/image-generation-runtime.js +1 -1
package/dist/plugin-sdk/image-generation.js +2 -2
package/dist/plugin-sdk/inbound-reply-dispatch.js +3 -3
package/dist/plugin-sdk/index.js +1 -1
package/dist/plugin-sdk/infra-runtime.js +3 -3
package/dist/plugin-sdk/mattermost.js +1 -1
package/dist/plugin-sdk/media-generation-runtime-shared.js +1 -1
package/dist/plugin-sdk/media-generation-runtime.js +1 -1
package/dist/plugin-sdk/media-runtime.js +7 -7
package/dist/plugin-sdk/media-understanding-runtime.js +1 -1
package/dist/plugin-sdk/media-understanding.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-embeddings.js +4 -4
package/dist/plugin-sdk/memory-core-host-engine-foundation.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-qmd.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-storage.js +6 -6
package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
package/dist/plugin-sdk/memory-core-host-runtime-core.js +3 -3
package/dist/plugin-sdk/memory-core-host-runtime-files.js +4 -4
package/dist/plugin-sdk/memory-core.js +3 -3
package/dist/plugin-sdk/memory-host-core.js +3 -3
package/dist/plugin-sdk/memory-host-files.js +4 -4
package/dist/plugin-sdk/memory-host-search.js +1 -1
package/dist/plugin-sdk/models-provider-runtime.js +1 -1
package/dist/plugin-sdk/music-generation-core.js +1 -1
package/dist/plugin-sdk/native-command-registry.js +1 -1
package/dist/plugin-sdk/outbound-media.js +2 -2
package/dist/plugin-sdk/outbound-runtime.js +3 -3
package/dist/plugin-sdk/param-readers.js +2 -2
package/dist/plugin-sdk/plugin-runtime.js +2 -2
package/dist/plugin-sdk/provider-auth-api-key.js +4 -4
package/dist/plugin-sdk/provider-auth-login.js +1 -1
package/dist/plugin-sdk/provider-auth-runtime.js +2 -2
package/dist/plugin-sdk/provider-auth.js +6 -6
package/dist/plugin-sdk/provider-catalog-runtime.js +2 -2
package/dist/plugin-sdk/provider-entry.js +1 -1
package/dist/plugin-sdk/provider-setup.js +1 -1
package/dist/plugin-sdk/provider-stream-family.js +3 -3
package/dist/plugin-sdk/provider-stream.js +2 -2
package/dist/plugin-sdk/provider-transport-runtime.js +1 -1
package/dist/plugin-sdk/provider-web-fetch.js +2 -2
package/dist/plugin-sdk/provider-web-search.js +4 -4
package/dist/plugin-sdk/realtime-bootstrap-context.js +2 -2
package/dist/plugin-sdk/realtime-transcription.js +1 -1
package/dist/plugin-sdk/realtime-voice.js +2 -2
package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
package/dist/plugin-sdk/reply-runtime.js +6 -6
package/dist/plugin-sdk/runtime-secret-resolution.js +2 -2
package/dist/plugin-sdk/runtime.js +3 -3
package/dist/plugin-sdk/self-hosted-provider-setup.js +1 -1
package/dist/plugin-sdk/simple-completion-runtime.js +1 -1
package/dist/plugin-sdk/speech-core.js +2 -2
package/dist/plugin-sdk/speech.js +1 -1
package/dist/plugin-sdk/tool-plugin.js +1 -1
package/dist/plugin-sdk/transcripts.js +1 -1
package/dist/plugin-sdk/tts-runtime.js +1 -1
package/dist/plugin-sdk/video-generation-core.js +2 -2
package/dist/plugin-sdk/video-generation-runtime.js +1 -1
package/dist/plugin-sdk/web-media.js +3 -3
package/dist/plugin-sdk/zalouser.js +1 -1
package/dist/plugin-service-2XF6Lu_a.js +1249 -0
package/dist/plugins/build-smoke-entry.js +2 -2
package/dist/plugins/loader.js +1 -1
package/dist/plugins/provider-discovery.runtime.js +1 -1
package/dist/plugins/provider-runtime.runtime.js +1 -1
package/dist/plugins/runtime/index.js +19 -19
package/dist/plugins/tools.js +1 -1
package/dist/plugins-authoring-command-CCX6tJwd.js +304 -0
package/dist/plugins-cli-HX8nTV2h.js +63 -0
package/dist/plugins-cli.runtime-BYn4VsLP.js +339 -0
package/dist/plugins-cli.runtime.js +1 -1
package/dist/plugins-command-helpers-ByuW-yNj.js +2 -0
package/dist/plugins-command-helpers-DaaxGnCD.js +164 -0
package/dist/plugins-inspect-command-C9NDk23X.js +248 -0
package/dist/plugins-install-command-B0NfUxeA.js +993 -0
package/dist/plugins-install-command-BmuScfLI.js +2 -0
package/dist/plugins-install-persist-CfwO876P.js +252 -0
package/dist/plugins-list-command-Bx8X908n.js +184 -0
package/dist/plugins-uninstall-command-p6h44-Ft.js +118 -0
package/dist/postinstall-inventory.json +862 -862
package/dist/prepare.runtime-8DdQ4k9k.js +798 -0
package/dist/prepare.runtime.js +1 -1
package/dist/presentation-card-DeAf3jYW.js +164 -0
package/dist/preview-warnings-BF7nlTo8.js +618 -0
package/dist/profiles-DUhMLnqX.js +194 -0
package/dist/program-C7f_U7fr.js +131 -0
package/dist/provider-adapters-CWLwE9KS.js +104 -0
package/dist/provider-api-key-auth-CshQbUPZ.js +117 -0
package/dist/provider-api-key-auth.runtime-B64jPCKn.js +14 -0
package/dist/provider-api-key-auth.runtime.js +1 -1
package/dist/provider-auth-D-I3YLSn.js +281 -0
package/dist/provider-auth-api-key-Bub0Rjak.js +5 -0
package/dist/provider-auth-choice-DpNAEScm.js +311 -0
package/dist/provider-auth-choice-helpers-Bof937LW.js +210 -0
package/dist/provider-auth-choice.runtime-B3spikLY.js +18 -0
package/dist/provider-auth-choice.runtime-vVgz7FKq.js +2 -0
package/dist/provider-auth-choice.runtime.js +1 -1
package/dist/provider-auth-guidance-DcCL0Q2U.js +2 -0
package/dist/provider-auth-guidance-rWRMN4Jn.js +34 -0
package/dist/provider-auth-helpers-Cp8L-Xha.js +177 -0
package/dist/provider-auth-login.runtime-BJUzc4iH.js +156 -0
package/dist/provider-auth-login.runtime.js +1 -1
package/dist/provider-auth-runtime-DmcWtzbb.js +186 -0
package/dist/provider-discovery-JyAJi97k.js +95 -0
package/dist/provider-discovery.runtime-D_0WTYr8.js +290 -0
package/dist/provider-discovery.runtime.js +1 -1
package/dist/provider-dispatcher-C8Jt94Xl.js +22 -0
package/dist/provider-dispatcher.runtime.js +1 -1
package/dist/provider-entry-By0ggZuI.js +134 -0
package/dist/provider-hook-runtime-B8AUbQxf.js +255 -0
package/dist/provider-openai-codex-oauth-C9Mmnt7d.js +2 -0
package/dist/provider-openai-codex-oauth-CH5Jg1vk.js +44 -0
package/dist/provider-registration-C1zvaHQP.js +235 -0
package/dist/provider-registry-B9diJyLv.js +31 -0
package/dist/provider-registry-BXSxmPGA.js +61 -0
package/dist/provider-registry-CoE-sxbq.js +61 -0
package/dist/provider-registry-DLth_GdI.js +61 -0
package/dist/provider-registry-J4LRd5Rg.js +36 -0
package/dist/provider-runtime-B4cw16pt.js +3 -0
package/dist/provider-runtime-DNNbfwOK.js +386 -0
package/dist/provider-runtime.runtime-98mAe_ni.js +26 -0
package/dist/provider-runtime.runtime.js +1 -1
package/dist/provider-self-hosted-setup-Dysv2Kwt.js +373 -0
package/dist/provider-stream-BLaC8bqO.js +1084 -0
package/dist/provider-stream-Caa5YOx2.js +313 -0
package/dist/provider-stream-family-CvvfxLyP.js +2 -0
package/dist/provider-usage-CVNosTP3.js +71 -0
package/dist/provider-usage-D2NudXbO.js +4 -0
package/dist/provider-usage.load-DG6R3lkG.js +357 -0
package/dist/provider-web-search-DmgTaxRU.js +58 -0
package/dist/provider-wizard-Cw-5H3tX.js +125 -0
package/dist/providers.runtime-DF0T9lFz.js +240 -0
package/dist/providers.runtime-oM9Vn1wr.js +2 -0
package/dist/providers.runtime.js +1 -1
package/dist/proxy-BxGnVyJu.js +662 -0
package/dist/public-artifacts-BMP9hZfh.js +7 -0
package/dist/pw-ai-CD52qfYo.js +3064 -0
package/dist/qmd-manager-BYbvU4YC.js +2040 -0
package/dist/qr-cli-Btz2ZdO3.js +2 -0
package/dist/qr-cli-eyTRwMm2.js +371 -0
package/dist/qr-image-BCwiO6tL.js +2 -0
package/dist/queue-CJRoTOBi.js +923 -0
package/dist/read-file-ogB-HjbK.js +183 -0
package/dist/register-service-commands-D_gQ3b6_.js +77 -0
package/dist/register.agent-DXQLn-r0.js +152 -0
package/dist/register.configure-FavQPGce.js +16 -0
package/dist/register.crestodian-Cbfmnl6h.js +24 -0
package/dist/register.maintenance-B8xODEMU.js +85 -0
package/dist/register.message-B8PYgZ-j.js +404 -0
package/dist/register.migrate-CieoN8zZ.js +106 -0
package/dist/register.onboard-BqWDIDKH.js +115 -0
package/dist/register.setup-CgeTBW4T.js +40 -0
package/dist/register.status-health-sessions-C99aHa5h.js +293 -0
package/dist/register.subclis-79SvyMFt.js +31 -0
package/dist/register.subclis-CXrO8_TO.js +3 -0
package/dist/register.subclis-core-GoXV1yMG.js +273 -0
package/dist/rem-harness-laL5luQa.js +649 -0
package/dist/repair-sequencing-DGY2mBg6.js +652 -0
package/dist/reply-media-paths.runtime-BeWVPkgy.js +2 -0
package/dist/reply-media-paths.runtime-rzAV_Kee.js +154 -0
package/dist/reply-media-paths.runtime.js +1 -1
package/dist/reply-payloads-D_JHMviC.js +79 -0
package/dist/reply-payloads-dedupe-B9GGGaL-.js +176 -0
package/dist/reply-payloads-dedupe.runtime--C3jHs9y.js +2 -0
package/dist/reply-payloads-dedupe.runtime.js +1 -1
package/dist/reply-timing-tracker-DPjlETUb.js +205 -0
package/dist/reply-turn-admission-DdfIwcMK.js +2056 -0
package/dist/reply.runtime-BC1HT67i.js +2 -0
package/dist/reply.runtime.js +1 -1
package/dist/reset-preserved-selection-Czd80hug.js +45 -0
package/dist/resolve-COJFlAZT.js +106 -0
package/dist/restart-B9GMMIZt.js +121 -0
package/dist/result-fallback-classifier-By0Z6b8r.js +98 -0
package/dist/root-help-Bp0kGaUZ.js +43 -0
package/dist/route-CgG9Z7OI.js +475 -0
package/dist/route-reply-D9_9oRg1.js +174 -0
package/dist/route-reply.runtime-BwNl3h2m.js +2 -0
package/dist/route-reply.runtime.js +1 -1
package/dist/routes-Cz2NHUV4.js +2 -0
package/dist/routes-DMo6Eacc.js +3701 -0
package/dist/run-SFRSThMI.js +1162 -0
package/dist/run-auth-profile.runtime-BxLM8m_2.js +2 -0
package/dist/run-auth-profile.runtime.js +1 -1
package/dist/run-command-Cd5iN7eN.js +2 -0
package/dist/run-command-ah46O06U.js +23 -0
package/dist/run-context-DGCQJldA.js +66 -0
package/dist/run-context.runtime-CSBHDAd5.js +2 -0
package/dist/run-context.runtime.js +1 -1
package/dist/run-delivery.runtime-C9xoiZ3h.js +762 -0
package/dist/run-delivery.runtime.js +1 -1
package/dist/run-embedded.runtime-D8bz5vfV.js +4 -0
package/dist/run-embedded.runtime.js +1 -1
package/dist/run-execution-cli.runtime-BAa8KPn7.js +4 -0
package/dist/run-execution-cli.runtime.js +1 -1
package/dist/run-executor.runtime-CNnemqSa.js +330 -0
package/dist/run-executor.runtime.js +1 -1
package/dist/run-model-catalog.runtime-Dh7EghXr.js +2 -0
package/dist/run-model-catalog.runtime.js +1 -1
package/dist/run-session-state-cMlTFwT_.js +159 -0
package/dist/run-subagent-registry.runtime-BgQU86-E.js +2 -0
package/dist/run-subagent-registry.runtime.js +1 -1
package/dist/runner-B3YXRJOB.js +704 -0
package/dist/runner.entries-DMTKpRDP.js +1485 -0
package/dist/runtime-BHReFHE2.js +2 -0
package/dist/runtime-BiQZ6Usw.js +615 -0
package/dist/runtime-CAeriu2O.js +10 -0
package/dist/runtime-CAnCRCX3.js +224 -0
package/dist/runtime-CV_2NqSY.js +300 -0
package/dist/runtime-CmpnvXo3.js +245 -0
package/dist/runtime-D2fci1Ey.js +2 -0
package/dist/runtime-DAsYmYeA.js +3 -0
package/dist/runtime-DeA45VKG.js +210 -0
package/dist/runtime-DvkZ8tHI.js +436 -0
package/dist/runtime-DxVUR2Xg.js +2 -0
package/dist/runtime-api-B88le0UE.js +12 -0
package/dist/runtime-channel-AubRWvnH.js +2 -0
package/dist/runtime-channel-DdclSuEu.js +148 -0
package/dist/runtime-config-collectors-DukTj2va.js +525 -0
package/dist/runtime-embedded-agent.runtime-BpLweeFv.js +2 -0
package/dist/runtime-embedded-agent.runtime.js +1 -1
package/dist/runtime-internal-CaoUylZw.js +2 -0
package/dist/runtime-llm.runtime-DlpqGc7S.js +307 -0
package/dist/runtime-llm.runtime.js +1 -1
package/dist/runtime-model-auth.runtime-CLAaWzxY.js +46 -0
package/dist/runtime-model-auth.runtime-DxVvqRTd.js +2 -0
package/dist/runtime-model-auth.runtime.js +1 -1
package/dist/runtime-options-TTtN01-I.js +275 -0
package/dist/runtime-plugin-ClqxJSbp.js +92 -0
package/dist/runtime-plugins-Bq01wLXP.js +32 -0
package/dist/runtime-plugins.runtime-cwCvl1TR.js +2 -0
package/dist/runtime-plugins.runtime.js +1 -1
package/dist/runtime-prepare.runtime-Cz_hV_k5.js +81 -0
package/dist/runtime-prepare.runtime.js +1 -1
package/dist/runtime-provider-QCJq90av.js +24 -0
package/dist/runtime-provider-Wllc3jC6.js +2 -0
package/dist/runtime-registry-loader-BM1mQBJr.js +2 -0
package/dist/runtime-registry-loader-DzhYCt4s.js +117 -0
package/dist/runtime-shared-BfqOW-Vb.js +365 -0
package/dist/runtime-web-channel-plugin-BcVPgD14.js +204 -0
package/dist/runtime-web-tools-fallback.runtime.js +1 -1
package/dist/scan-ldbaD8jq.js +573 -0
package/dist/sdk-security-runtime-Bxhq2O1G.js +86 -0
package/dist/sdk-setup-tools-CsQM9pF0.js +8 -0
package/dist/secrets-cli-DbpIf4-z.js +150 -0
package/dist/security-cli-BK4Xpa6h.js +520 -0
package/dist/selection-BXKik6Ps.js +3 -0
package/dist/selection-D4O3gK3Q.js +18365 -0
package/dist/send-DaoGIay5.js +1222 -0
package/dist/send-DzNjJGJX.js +178 -0
package/dist/send-f5w9krNS.js +711 -0
package/dist/send-media-cOciBxcg.js +2072 -0
package/dist/send-result-DMFwBuOl.js +141 -0
package/dist/server-BoC1mxZ-.js +24 -0
package/dist/server-DZnI6w5k.js +72 -0
package/dist/server-aux-handlers-BwRdYdub.js +1347 -0
package/dist/server-chat-Q95f4ywD.js +827 -0
package/dist/server-close.runtime.js +3 -3
package/dist/server-context-CnXNaarB.js +2 -0
package/dist/server-context-DRBebo7Y.js +955 -0
package/dist/server-cron-C0o0ZvqF.js +3173 -0
package/dist/server-cron-CLeBvurR.js +2 -0
package/dist/server-maintenance-CqHfTnFD.js +152 -0
package/dist/server-methods-BmlBQJMD.js +497 -0
package/dist/server-middleware-DJhnR6jl.js +122 -0
package/dist/server-model-catalog-CoSSk_Gy.js +2 -0
package/dist/server-model-catalog-D32oDTQp.js +73 -0
package/dist/server-node-events-DX9a4etQ.js +597 -0
package/dist/server-plugin-bootstrap-Vco-EpxY.js +71 -0
package/dist/server-plugins-WBX2fZRp.js +435 -0
package/dist/server-reload-handlers-DGJLH8bg.js +719 -0
package/dist/server-restart-sentinel-Bvon7f8K.js +700 -0
package/dist/server-runtime-services-BNcH4vhR.js +3 -0
package/dist/server-runtime-services-BjcQG5y7.js +147 -0
package/dist/server-runtime-subscriptions-W39HeyoT.js +67 -0
package/dist/server-session-events-CO73dMU-.js +244 -0
package/dist/server-session-key-D8V67lDk.js +2 -0
package/dist/server-session-key-v-KYSmRS.js +75 -0
package/dist/server-startup-config-u54lUdWN.js +305 -0
package/dist/server-startup-early-Cy5kArJG.js +87 -0
package/dist/server-startup-memory-DvINFAYn.js +72 -0
package/dist/server-startup-plugins-CerpbOSQ.js +127 -0
package/dist/server-startup-post-attach-COUCwhNa.js +793 -0
package/dist/server-ws-runtime-BfznAnbI.js +374 -0
package/dist/server.impl-dQXccj0z.js +2622 -0
package/dist/session-cost-usage-Bs5yIOBH.js +1600 -0
package/dist/session-kill-http-DVleb3RW.js +121 -0
package/dist/session-log-runtime-OG7J4j9m.js +1258 -0
package/dist/session-override-LIWl5a9T.js +134 -0
package/dist/session-reset-model.runtime-BpnTi4sa.js +144 -0
package/dist/session-reset-model.runtime.js +1 -1
package/dist/session-reset-service-HA07zS8L.js +651 -0
package/dist/session-status.runtime-D6_clH8l.js +2 -0
package/dist/session-status.runtime.js +1 -1
package/dist/session-store-Cj4Rh6qc.js +273 -0
package/dist/session-store.runtime-DSCxACdZ.js +4 -0
package/dist/session-store.runtime.js +1 -1
package/dist/session-subagent-reactivation.runtime-CcwaHAxg.js +2 -0
package/dist/session-subagent-reactivation.runtime.js +1 -1
package/dist/session-tab-registry-C-9uI2Wi.js +551 -0
package/dist/session-utils-BRtPESA4.js +1508 -0
package/dist/sessions-Beltl3Ra.js +1917 -0
package/dist/sessions-DR-X-j8D.js +316 -0
package/dist/sessions-cleanup-CR1CFcJb.js +165 -0
package/dist/sessions-history-http-CjyHWYEv.js +432 -0
package/dist/sessions-patch-peSeltuF.js +401 -0
package/dist/sessions-resolve-D9ULr95s.js +180 -0
package/dist/sessions-table-Da6bua9d.js +161 -0
package/dist/sessions-uKpnhod0.js +12736 -0
package/dist/sessions.runtime-C1mVNaU3.js +2 -0
package/dist/sessions.runtime.js +1 -1
package/dist/set-DVj21EuB.js +31 -0
package/dist/set-image-JChDCaAP.js +17 -0
package/dist/setup-5I-zpID3.js +614 -0
package/dist/setup-CjtY6cli.js +2 -0
package/dist/setup-onboard-configure-help-fast-path-C5GcSuXb.js +64 -0
package/dist/setup.finalize-Bf10PNbl.js +586 -0
package/dist/setup.gateway-config-EH5Rvwzy.js +281 -0
package/dist/setup.migration-import-CoeV4Kc1.js +200 -0
package/dist/setup.migration-import-DFFGw4DI.js +2 -0
package/dist/setup.post-install-migration-DcQmWTE7.js +128 -0
package/dist/shared-BFSJZ6B3.js +212 -0
package/dist/shared-CVM-dYkO.js +5 -0
package/dist/shared-fvgcmCsj.js +71 -0
package/dist/simple-completion-runtime-C_TXe4M1.js +2 -0
package/dist/simple-completion-runtime-DREq-fcF.js +206 -0
package/dist/simple-completion-transport-DtD1fEvJ.js +83 -0
package/dist/snapshot-urls-B-wkwDI9.js +317 -0
package/dist/speech-core-KQg6oKcR.js +119 -0
package/dist/speech-provider-DfyLYitQ.js +171 -0
package/dist/speech-provider-oDvTumNW.js +227 -0
package/dist/speech-provider-yL-TQ3Em.js +233 -0
package/dist/stale-oauth-profile-shadows-CW11VYMM.js +2 -0
package/dist/stale-oauth-profile-shadows-DFl6Lyf1.js +186 -0
package/dist/standalone-runtime-registry-loader-BiponY-y.js +59 -0
package/dist/startup-context-PVXYM-X3.js +314 -0
package/dist/status-BA_0z83w.js +249 -0
package/dist/status-Bc7BGlRt.js +2 -0
package/dist/status-BwPWg9eQ.js +3 -0
package/dist/status-CLQ66eml.js +4 -0
package/dist/status-Ci2gChtY.js +466 -0
package/dist/status-CmtBWJEE.js +2 -0
package/dist/status-DdnMnPNs.js +73 -0
package/dist/status-all-BpTvkYrt.js +573 -0
package/dist/status-json-CizozZCr.js +15 -0
package/dist/status-json-command-FzKa2t6O.js +84 -0
package/dist/status-message-BHbnxwmt.js +495 -0
package/dist/status-message.runtime-Df5WBBAk.js +6 -0
package/dist/status-message.runtime.js +1 -1
package/dist/status-queue.runtime-CXnZV4Bj.js +2 -0
package/dist/status-queue.runtime.js +1 -1
package/dist/status-runtime-shared-D3Hz8WZ_.js +289 -0
package/dist/status-subagents.runtime-PoDdwwaw.js +32 -0
package/dist/status-subagents.runtime.js +1 -1
package/dist/status-text-DNxXSCuI.js +301 -0
package/dist/status.command-C_e9GcMg.js +2 -0
package/dist/status.command-DjVKDmt_.js +425 -0
package/dist/status.command.text-runtime-BeHlqL8b.js +15 -0
package/dist/status.runtime-h--fx9HY.js +2 -0
package/dist/status.scan-WyR8TeJz.js +72 -0
package/dist/status.scan-overview-CMzUAQMQ.js +460 -0
package/dist/status.scan.deps.runtime-1JTrdyHk.js +19 -0
package/dist/status.scan.deps.runtime.js +1 -1
package/dist/status.scan.fast-json-D2jw1wKO.js +163 -0
package/dist/status.scan.fast-json-DbN1KxJT.js +2 -0
package/dist/status.summary-6ZijZM1g.js +2 -0
package/dist/status.summary-CiCsChO-.js +276 -0
package/dist/store-CdBPITcg.js +2302 -0
package/dist/store-D0l2NCdn.js +3 -0
package/dist/stored-model-override-HEgnFh6b.js +79 -0
package/dist/subagent-announce-BUv_kA1W.js +353 -0
package/dist/subagent-announce-delivery-Ci2Y_p--.js +1369 -0
package/dist/subagent-control-BM3vNgsQ.js +492 -0
package/dist/subagent-control.runtime-Df3pVQL9.js +3 -0
package/dist/subagent-control.runtime.js +1 -1
package/dist/subagent-hooks-CN2fLez2.js +2 -0
package/dist/subagent-hooks-CeOmTJBf.js +230 -0
package/dist/subagent-hooks-api-Cfe4DAT9.js +23 -0
package/dist/subagent-registry-B9RPAXUs.js +2627 -0
package/dist/subagent-registry-C7tedtVB.js +3 -0
package/dist/subagent-registry.runtime.js +2 -2
package/dist/subagent-session-cleanup-y0ijZ-LQ.js +390 -0
package/dist/system-DVtrOGbV.js +111 -0
package/dist/system-prompt-config-BVmrcmmr.js +918 -0
package/dist/talk-CrdgqTCl.js +2454 -0
package/dist/target-id-CrUyi-Uq.js +107 -0
package/dist/targets-KZ2ezPwx.js +267 -0
package/dist/targets.runtime-iZ8KdQ1C.js +2 -0
package/dist/targets.runtime.js +1 -1
package/dist/task-executor-893pMqzn.js +349 -0
package/dist/task-owner-access-DC7MKz3n.js +74 -0
package/dist/task-registry-control.runtime.js +2 -2
package/dist/task-registry-delivery-runtime-YGMOyqP5.js +2 -0
package/dist/task-registry-uaYJfgXF.js +2362 -0
package/dist/task-registry.maintenance-Dx0m2NYh.js +2 -0
package/dist/task-registry.maintenance-gApg-XOt.js +764 -0
package/dist/task-status-access-CFhD_ieY.js +18 -0
package/dist/tasks-B_Qoz38D.js +153 -0
package/dist/tasks-DtV85zJT.js +548 -0
package/dist/tasks-audit-system-Con3yYnm.js +210 -0
package/dist/tasks-json-BM3pauZl.js +73 -0
package/dist/tavily-web-search-provider.runtime-Cmyyc5kX.js +112 -0
package/dist/tavily-web-search-provider.runtime.js +1 -1
package/dist/text-report-CKxmVmt5.js +695 -0
package/dist/text-transforms.runtime-DVwVsBRS.js +113 -0
package/dist/text-transforms.runtime.js +1 -1
package/dist/thread-bindings-B6UEVp9q.js +228 -0
package/dist/tool-KOZc7TIF.js +143 -0
package/dist/tool-dispatch-Ca4z2GEr.js +155 -0
package/dist/tool-images-CzDwHeDR.js +247 -0
package/dist/tool-plugin-BvQBJ2gU.js +93 -0
package/dist/tool-resolution-Ddxl6tjh.js +153 -0
package/dist/tool-result-truncation-BSKuIhd5.js +498 -0
package/dist/tool-schema-nB27q-vb.js +40 -0
package/dist/tool-schema-projection-COrMarLR.js +215 -0
package/dist/tool-split-BjPHBFrv.js +323 -0
package/dist/tools-CV40BWkc.js +901 -0
package/dist/tools-catalog-5stC7W2V.js +156 -0
package/dist/tools-effective-BVjqz2FV.js +442 -0
package/dist/tools-effective-inventory-esPY5jRB.js +379 -0
package/dist/tools-invoke-Czk_NM9G.js +51 -0
package/dist/tools-invoke-http-D7PbsODz.js +68 -0
package/dist/tools-invoke-shared-CzrEn0Dm.js +200 -0
package/dist/tools-rSjgf61B.js +579 -0
package/dist/tools.runtime-DiChCSGI.js +5 -0
package/dist/tools.runtime.js +1 -1
package/dist/transcript-rewrite-4IQefjvK.js +688 -0
package/dist/transcripts-tool-BXTS8tE5.js +2 -0
package/dist/transcripts-tool-CeWGgz5k.js +656 -0
package/dist/tts-BS8EeM8p.js +2 -0
package/dist/tts-BlTZjsaE.js +194 -0
package/dist/tts-runtime-BfRdJDyY.js +1337 -0
package/dist/tts-vRSvSw-t.js +3 -0
package/dist/tts.runtime-ChBnVkNt.js +3 -0
package/dist/tts.runtime-CmVCUbzq.js +2 -0
package/dist/tts.runtime.js +1 -1
package/dist/tui-BoQVBgWB.js +4860 -0
package/dist/tui-DBYK9BeQ.js +2 -0
package/dist/tui-backend-X0NI7rAv.js +256 -0
package/dist/tui-cli-BpUtjV38.js +40 -0
package/dist/typing-policy-CBwyAQh4.js +199 -0
package/dist/usage-Bl-tgGx-.js +623 -0
package/dist/usage-Cj_ektBl.js +1113 -0
package/dist/usage-format-DWO9ckX3.js +394 -0
package/dist/usage-format-DnCIXsqG.js +2 -0
package/dist/video-generation-provider-B7ib4AeI.js +297 -0
package/dist/video-generation-provider-CXQ6fqJx.js +64 -0
package/dist/video-generation-provider-DXjl05T6.js +325 -0
package/dist/video-generation-provider-Db8h71jA.js +77 -0
package/dist/web-fetch/runtime.js +1 -1
package/dist/web-fetch-providers.runtime-DhPkYjgB.js +41 -0
package/dist/web-fetch-providers.runtime.js +1 -1
package/dist/web-guarded-fetch-BdsVyvDS.js +58 -0
package/dist/web-guarded-fetch-CJR3JCwT.js +2 -0
package/dist/web-media-BzzQJAwk.js +4 -0
package/dist/web-media-DViZjNBa.js +2 -0
package/dist/web-media-inHawfBU.js +651 -0
package/dist/web-provider-runtime-shared-Cc08Lt9p.js +142 -0
package/dist/web-search-provider-common-CtbtmUL-.js +252 -0
package/dist/web-search-providers.runtime-B7x_cRVn.js +41 -0
package/dist/web-search-providers.runtime.js +1 -1
package/dist/zod-schema.core-Cuz0lz6m.d.ts +166 -0
package/package.json +1 -1
package/dist/abort-CR0u3VsG.js +0 -277
package/dist/abort.runtime-CXUxanGg.js +0 -2
package/dist/accounts-BxBaquAf.js +0 -423
package/dist/accounts-vQjpoqEe.js +0 -2
package/dist/acp-spawn-2elSoS0E.js +0 -1286
package/dist/acp-spawn-DtKOHNO1.js +0 -2
package/dist/acp-stateful-target-driver-BqeA5j0h.js +0 -89
package/dist/action-info-B8NotHFw.js +0 -75
package/dist/active-runtime-registry-BO9mpPuB.js +0 -62
package/dist/active-tool-schema-warnings-C8vGj5FX.js +0 -105
package/dist/active-tool-schema-warnings-CVeFJuWI.js +0 -2
package/dist/agent-BgEaDMdp.js +0 -1825
package/dist/agent-_V5GbziF.js +0 -2
package/dist/agent-bundle-lsp-runtime-0jBcDEHh.js +0 -389
package/dist/agent-bundle-lsp-runtime-CQ6dZLs_.js +0 -2
package/dist/agent-bundle-mcp-materialize-Cu6JqMzC.js +0 -124
package/dist/agent-bundle-mcp-tools-BGL827cn.js +0 -3
package/dist/agent-command-CMJdGr16.js +0 -1435
package/dist/agent-delivery-DMu1MOeq.js +0 -117
package/dist/agent-harness-runtime-BKSW2E1O.js +0 -207
package/dist/agent-model-discovery-Cu4YL31r.js +0 -3
package/dist/agent-model-discovery-DdmVtkZo.js +0 -238
package/dist/agent-runner-utils-DXNDhwkI.js +0 -267
package/dist/agent-runner.runtime-Cym4Odfd.js +0 -3784
package/dist/agent-runtime-BkbhevY3.js +0 -199
package/dist/agent-runtime-label-DNP06p76.js +0 -30
package/dist/agent-runtime-metadata-JaTKc7mA.js +0 -53
package/dist/agent-tool-result-middleware-loader-FbZE0Qpk.js +0 -55
package/dist/agent-tools-Nwh8BlKX.js +0 -2506
package/dist/agent-tools.before-tool-call-BwY-FYFl.js +0 -1274
package/dist/agent-tools.before-tool-call-DwUmYhE3.js +0 -2
package/dist/agent-u5NDWrw9.js +0 -3
package/dist/agent-via-gateway-DMtOMwZa.js +0 -486
package/dist/agent-wait-dedupe-CLuKbI_7.js +0 -180
package/dist/agents-CiW7UEuB.js +0 -632
package/dist/agents.command-shared-CXGSQscb.js +0 -16
package/dist/agents.commands.add-BYBrZDXD.js +0 -304
package/dist/agents.commands.bind-nfg3AlVc.js +0 -265
package/dist/agents.commands.delete-pRj6vIrn.js +0 -128
package/dist/agents.commands.identity-Ci2PnDDl.js +0 -143
package/dist/agents.commands.list-Crj3BmqB.js +0 -235
package/dist/aliases-BFspFx3-.js +0 -97
package/dist/api-BiXhdPle.js +0 -3
package/dist/api-Cptkjys5.js +0 -6
package/dist/api-D3vT4ZVi.js +0 -2
package/dist/api-key-rotation-CQgW8LEx.js +0 -167
package/dist/app-registration-YW276fZC.js +0 -194
package/dist/apply-BRxKrOiK.js +0 -510
package/dist/apply-D0fWCa-U.js +0 -2
package/dist/apply-DIR8y0ZA.js +0 -2
package/dist/apply-DNUIV0Lt.js +0 -416
package/dist/apply-Dux9jI7f.js +0 -544
package/dist/approval-native-helpers-BMT-5X47.js +0 -398
package/dist/artifacts-CTrtIv9T.js +0 -368
package/dist/assistant-ClfI8Kho.js +0 -291
package/dist/attachment-normalize-DAW86mZY.js +0 -213
package/dist/attempt-execution-DTi2UfET.js +0 -584
package/dist/attempt-execution.helpers-DrX0QToi.js +0 -969
package/dist/attempt-execution.runtime-BCmAxwGy.js +0 -3
package/dist/attempt.prompt-helpers-BE6kGRtT.js +0 -543
package/dist/attempt.tool-run-context-J9O2yjbV.js +0 -1240
package/dist/audio-preflight.runtime-D3GXVYBI.js +0 -7
package/dist/audit-5T20D-xm.js +0 -1108
package/dist/audit-CWuV5GlP.js +0 -477
package/dist/audit.nondeep.runtime-DeYwRDYj.js +0 -1416
package/dist/audit.runtime-rUlvK4Rb.js +0 -7
package/dist/auth-DunUSatn.js +0 -567
package/dist/auth-choice--eBzca8Y.js +0 -3
package/dist/auth-choice-DJ9jsFUq.js +0 -400
package/dist/auth-choice-_pLkIdVh.js +0 -110
package/dist/auth-choice.apply.api-providers-CALcopRP.js +0 -2
package/dist/auth-choice.apply.api-providers-Dzzm1snk.js +0 -34
package/dist/auth-choice.plugin-providers.runtime-BHKTeZZc.js +0 -11
package/dist/auth-health-Cs4OjiF2.js +0 -219
package/dist/auth-list-bwJ4QDs0.js +0 -115
package/dist/auth-order-BoHN3Dc_.js +0 -105
package/dist/auth-profiles-BOLncVgy.js +0 -73
package/dist/auth-profiles-BiQRkULt.js +0 -14
package/dist/backend-config-B5yga5ay.js +0 -259
package/dist/bash-tools-BWvldguc.js +0 -3
package/dist/bash-tools-DEAAO5np.js +0 -3497
package/dist/binding-routing-BbtHmU_l.js +0 -113
package/dist/binding-targets-DSNv3-QA.js +0 -121
package/dist/bootstrap-files-DD8V2dLe.js +0 -202
package/dist/bootstrap-files-_6u1uJW2.js +0 -3
package/dist/bridge-server-v1-XPnAZ.js +0 -113
package/dist/browser-cli-CnpuO4KR.js +0 -230
package/dist/browser-cli-DPbIn8SK.js +0 -2
package/dist/browser-cli-actions-input-DoGR6LI-.js +0 -522
package/dist/browser-cli-actions-observe-CYMpgmtF.js +0 -81
package/dist/browser-cli-debug-ChJjSq-h.js +0 -137
package/dist/browser-cli-inspect-Bbci-WPG.js +0 -117
package/dist/browser-cli-manage-Bnscjb7b.js +0 -446
package/dist/browser-cli-resize-D1MJdvZI.js +0 -32
package/dist/browser-cli-shared-BCQwqz51.js +0 -69
package/dist/browser-cli-state-BWkPsvUg.js +0 -371
package/dist/browser-control-auth-CEP_ExeC.js +0 -2
package/dist/browser-profiles-SvnqnHVN.js +0 -2
package/dist/browser-runtime-0mRxjFpp.js +0 -389
package/dist/browser-tool.schema--CLR3nDv.js +0 -132
package/dist/btw-command-DV6HfrRV.js +0 -18
package/dist/build-DiRmljCi.js +0 -261
package/dist/bundled-channel-config-schema-Bte--ZlY.d.ts +0 -3168
package/dist/capability-cli-ATfwTYFe.js +0 -1809
package/dist/capability-provider-runtime-l3nnLGvn.js +0 -346
package/dist/cdp.helpers-IIuc0KGS.js +0 -637
package/dist/channel-CzTD2ouI.js +0 -2309
package/dist/channel-actions-B5Yk5Axf.js +0 -46
package/dist/channel-bootstrap.runtime-C9F-Pq1o.js +0 -38
package/dist/channel-bootstrap.runtime-TPyY5Ngv.js +0 -2
package/dist/channel-core-XMZJ-ZGF.js +0 -5
package/dist/channel-inbound-DvqkKmiH.js +0 -121
package/dist/channel-message-CnJ4vUyt.js +0 -12
package/dist/channel-outbound-BhefGAqY.js +0 -436
package/dist/channel-plugin-resolution-BiaJ8aRa.js +0 -2
package/dist/channel-plugin-resolution-D_CxkMVc.js +0 -135
package/dist/channel-resolution-DzI28gIM.js +0 -46
package/dist/channel-selection-CLFO4-eQ.js +0 -171
package/dist/channel-selection.runtime-Beb2-bMH.js +0 -2
package/dist/channel.runtime-By5T5eGw.js +0 -697
package/dist/channels-BrRY9Mag.js +0 -1004
package/dist/channels-cli-CF--e2RU.js +0 -331
package/dist/chat-BTMPilpx.js +0 -2940
package/dist/chat-DnC7XCWK.js +0 -3
package/dist/chrome-C3_dN9jE.js +0 -1517
package/dist/chrome-mcp-5jjDHIgn.js +0 -864
package/dist/chrome-mcp-DFAa-WzK.js +0 -2
package/dist/claude-live-session-BUPeOzLE.js +0 -1338
package/dist/claude-live-session-Bprgmr1-.js +0 -2
package/dist/clawbot-cli-5UVkLT1Y.js +0 -9
package/dist/cli-6a6sMEUB.js +0 -2
package/dist/cli-COCN9B5e.js +0 -2
package/dist/cli-CpI4dBXy.js +0 -141
package/dist/cli-YLx-ekdH.js +0 -293
package/dist/cli-backends.runtime-CsBjr7ag.js +0 -7
package/dist/cli-compaction-Bh0oMwUa.js +0 -363
package/dist/cli-registry-loader-DDbaAJgY.js +0 -2
package/dist/cli-registry-loader-xc2Ah8S4.js +0 -193
package/dist/cli-runner-BfSrIn-9.js +0 -597
package/dist/cli-runner-D_FAjNbR.js +0 -2
package/dist/cli-runner.runtime-BJetQDu1.js +0 -3
package/dist/cli-runner.runtime-BKJQkc7C.js +0 -4
package/dist/cli-session-Cy3IeH0g.js +0 -119
package/dist/cli.runtime-BpOz0s3N.js +0 -1276
package/dist/codex-native-web-search-BDtKRV3F.js +0 -4
package/dist/codex-native-web-search-C0TrfoMX.js +0 -20
package/dist/codex-native-web-search-core-CzlK1GfN.js +0 -106
package/dist/command-auth-CFnvdYX2.js +0 -135
package/dist/command-config-resolution-B_86rG8v.js +0 -2
package/dist/command-config-resolution-BbadcA2M.js +0 -25
package/dist/command-config-resolution.runtime-B_86rG8v.js +0 -2
package/dist/command-execution-startup-Rrwwdg_5.js +0 -90
package/dist/command-primitives-runtime-C9bTt5IV.js +0 -3
package/dist/command-registry-CbpdQKmu.js +0 -9
package/dist/command-registry-Dw-XC_Zk.js +0 -4
package/dist/command-registry-core-rvEDki6p.js +0 -114
package/dist/command-secret-gateway-BX6BIiFn.js +0 -589
package/dist/command-secret-targets-DCzlTkb5.js +0 -2
package/dist/command-status-builders-DIsZN9aY.js +0 -147
package/dist/command-status.runtime-C2x4yMRd.js +0 -90
package/dist/commands-FYCxWqIx.js +0 -161
package/dist/commands-compact.runtime-BTMQfx1k.js +0 -10
package/dist/commands-core.runtime-CuNLz2wm.js +0 -2
package/dist/commands-handlers.runtime-DyNuPOmY.js +0 -6327
package/dist/commands-models-s7BRmLQh.js +0 -448
package/dist/commands-registry-BxEq-3UJ.js +0 -195
package/dist/commands-registry.runtime-CbXW33S_.js +0 -4
package/dist/commands-status-BRJMba4h.js +0 -16
package/dist/commands-status-DCXEwlSF.js +0 -3
package/dist/commands-status.runtime-DCXEwlSF.js +0 -3
package/dist/commands-subagents-control.runtime-CduLQJFD.js +0 -2
package/dist/commands-system-prompt-B3LD8CDs.js +0 -161
package/dist/commands-system-prompt-DPsXTqOQ.js +0 -2
package/dist/commands.runtime-3sVz8Qgo.js +0 -175
package/dist/common-CZvBLb3w.js +0 -286
package/dist/compact-DxU_9XEc.js +0 -1165
package/dist/compact.runtime-CqQTypVl.js +0 -12
package/dist/compaction-planning-DArTi9SN.js +0 -202
package/dist/completion-cli-CiKl5HhI.js +0 -393
package/dist/config--yllOaSC.js +0 -374
package/dist/config-Yt5UcD91.js +0 -610
package/dist/config-cli-BeXS3R6k.js +0 -1703
package/dist/config-mutation-cQeWhUqy.js +0 -5
package/dist/config-mutations-Cg04LH_S.js +0 -161
package/dist/config-utils-Dhq_UKMC.js +0 -141
package/dist/config-validation-BANohTKD.js +0 -33
package/dist/configure-CWxhlx9G.js +0 -771
package/dist/configure-Jejkc6dn.js +0 -3
package/dist/configure.commands-BYy1bz8G.js +0 -2
package/dist/configure.commands-C3hDvZse.js +0 -1253
package/dist/context-DptQ59DZ.js +0 -248
package/dist/context-_ZshNBhD.js +0 -2
package/dist/context-engine-host-compat-C_eflvRw.js +0 -2
package/dist/context-engine-host-compat-s15Pu845.js +0 -280
package/dist/context-engine-lifecycle-COHFLnj4.js +0 -627
package/dist/control-auth-CQJpLoIb.js +0 -114
package/dist/control-service-BFSgA0Py.js +0 -40
package/dist/control-service-D7GZv-GS.js +0 -3
package/dist/control-ui/assets/activity-CCu43qU8.js +0 -124
package/dist/control-ui/assets/agents-DCvsB0yO.js +0 -1030
package/dist/control-ui/assets/channels-CpM2j5xT.js +0 -120
package/dist/control-ui/assets/cron-CLXNfwYa.js +0 -1016
package/dist/control-ui/assets/debug-BcJ34lrC.js +0 -97
package/dist/control-ui/assets/index-CuBn2YpX.js +0 -7214
package/dist/control-ui/assets/instances-Bu6NM_Hs.js +0 -57
package/dist/control-ui/assets/nodes-Bd1WzVLK.js +0 -444
package/dist/control-ui/assets/sessions-C2r8pbt7.js +0 -425
package/dist/control-ui/assets/skills-DIjn93ee.js +0 -362
package/dist/control-ui/assets/workboard-CHb0if1l.js +0 -402
package/dist/control-ui-ChfTPXZo.js +0 -750
package/dist/conversation-label-generator-CTfnInQF.js +0 -72
package/dist/conversation-runtime-B7oAN9Tq.js +0 -31
package/dist/core-api-CBD0dvTQ.js +0 -5
package/dist/core-api-ClCm_yM8.js +0 -2
package/dist/core-wuoxL08a.js +0 -284
package/dist/crestodian--iYeGB8u.js +0 -55
package/dist/cron-D2SzQyqo.js +0 -453
package/dist/daemon-install-B6CAkU3V.js +0 -66
package/dist/daemon-install-auth-profiles-store.runtime-Cpt5LSD6.js +0 -2
package/dist/dashboard-ChYOQjM2.js +0 -263
package/dist/defaults-CCopehWw.js +0 -130
package/dist/defaults-H4kBp17N.js +0 -3
package/dist/defaults.constants-CjB9HP6f.js +0 -76
package/dist/deliver-BzPhWO_F.js +0 -3
package/dist/deliver-DGyKH3Qi.js +0 -1399
package/dist/deliver-runtime-Ca2kcQoZ.js +0 -2
package/dist/delivery-outbound.runtime-D7ycPxY-.js +0 -7
package/dist/delivery-queue-CnLv30ko.js +0 -863
package/dist/delivery-queue-CuaDjNMh.js +0 -2
package/dist/delivery-queue-runtime-DO2vqOIJ.js +0 -16
package/dist/delivery-target.runtime-QcBVk_j8.js +0 -45
package/dist/delivery.runtime-L09v4tys.js +0 -470
package/dist/detached-task-runtime-BqU7YXYT.js +0 -86
package/dist/diagnostics-T-Hk_Qzi.js +0 -168
package/dist/dialogue-C0VnTMMn.js +0 -37
package/dist/direct-dm-BWn67tDD.js +0 -81
package/dist/directive-handling.defaults-DO6Snm4_.js +0 -22
package/dist/directive-handling.fast-lane-BemYRfPn.js +0 -70
package/dist/directive-handling.impl-BMVh1pMh.js +0 -823
package/dist/directive-handling.impl-vr4MsYbt.js +0 -2
package/dist/directive-handling.model-selection-DegP9exp.js +0 -122
package/dist/directive-handling.persist.runtime-BUdU6_zm.js +0 -274
package/dist/directives-1xk_ZcMf.js +0 -319
package/dist/directory-cli-D83WEjEG.js +0 -239
package/dist/dispatch-Ck2tvRYH.js +0 -2057
package/dist/dispatch-acp-GdaHNdvf.js +0 -1102
package/dist/dispatch-acp-manager.runtime-BGSrJqrW.js +0 -3
package/dist/dispatch-acp-media.runtime-DQ8dYQh8.js +0 -4
package/dist/dispatch-acp-transcript.runtime-CsJZGhnu.js +0 -40
package/dist/dispatch-acp-tts.runtime-Bo-QxKgx.js +0 -3
package/dist/dispatch-acp.runtime-C_u7sGcQ.js +0 -18
package/dist/dispatcher-GtuYO6Ni.js +0 -106
package/dist/doctor-B2qP9g8d.js +0 -760
package/dist/doctor-D9wCez5t.js +0 -6
package/dist/doctor-auth-XnseqtS7.js +0 -216
package/dist/doctor-auth-flat-profiles-B6cL-TiJ.js +0 -516
package/dist/doctor-auth-flat-profiles-Birb7qIk.js +0 -2
package/dist/doctor-auth-legacy-oauth-CXO3OtyG.js +0 -48
package/dist/doctor-auth-oauth-sidecar-BSgQPbcS.js +0 -177
package/dist/doctor-auth-oauth-sidecar-CzzyNwxc.js +0 -2
package/dist/doctor-bootstrap-size-BlVcO5D6.js +0 -57
package/dist/doctor-claude-cli-_MTVnCQ-.js +0 -150
package/dist/doctor-config-flow-0kxzjUjK.js +0 -1819
package/dist/doctor-core-checks-C_g9REOd.js +0 -666
package/dist/doctor-core-checks-CahzmM1L.js +0 -2
package/dist/doctor-core-checks.runtime-Bi_oTiTZ.js +0 -278
package/dist/doctor-gateway-daemon-flow-UAIWsI9w.js +0 -349
package/dist/doctor-gateway-services-BiMEGiw_.js +0 -465
package/dist/doctor-health-C69GVfMl.js +0 -65
package/dist/doctor-health-contributions-Bz19QhI4.js +0 -874
package/dist/doctor-lint-BVW4E6Qf.js +0 -95
package/dist/doctor-memory-search-D2PWzDCY.js +0 -407
package/dist/doctor-state-integrity-DuJIszQj.js +0 -1257
package/dist/doctor-tool-result-cap-advice-Dpn4zNH3.js +0 -27
package/dist/doctor-workspace-status-nW9TcIWi.js +0 -76
package/dist/dreaming-CcOWzGN5.js +0 -523
package/dist/dreaming-command-sxm3FQGb.js +0 -101
package/dist/dreaming-narrative-BSRwiUPL.js +0 -2
package/dist/dreaming-narrative-BskwmYdC.js +0 -721
package/dist/dreaming-phases-BuHjGyPw.js +0 -2
package/dist/dreaming-phases-ChVT8Ovk.js +0 -1162
package/dist/drive-C_u5W4ln.js +0 -899
package/dist/echo-transcript-tnZWH4EO.js +0 -52
package/dist/effective-tool-policy-CeHdL2D7.js +0 -89
package/dist/embedded-agent-CGULn3lb.js +0 -4
package/dist/embedded-agent-DZTa1YiK.js +0 -4074
package/dist/embedded-agent-helpers-B65K9o55.js +0 -6
package/dist/embedded-agent-helpers-BPXCvWBb.js +0 -1037
package/dist/embedded-agent.runtime-TfBgXcUV.js +0 -4
package/dist/embedded-backend-BAaFwayA.js +0 -744
package/dist/embedded-gateway-stub.runtime-CNyrjvgT.js +0 -12
package/dist/embedding-provider-runtime-EnkHdROJ.js +0 -86
package/dist/embedding-providers-CDkDb0kv.js +0 -2
package/dist/embeddings-http-ClIu4_mP.js +0 -222
package/dist/engine-qmd-DZRiT9i4.js +0 -708
package/dist/engine-storage-BEqlN8TR.js +0 -203
package/dist/errors-Co8auIlv.js +0 -2
package/dist/exec-approval-forwarder.runtime-C7QvfWQ6.js +0 -4
package/dist/exec-approval-session-target-ChuH1nXL.js +0 -177
package/dist/exec-auto-reviewer-Bm7380HF.js +0 -2
package/dist/exec-auto-reviewer-BrrdGleK.js +0 -241
package/dist/execute.runtime-B-8jUqDB.js +0 -579
package/dist/external-cli-auth-selection-0BxmRUps.js +0 -113
package/dist/extra-params-BgyvpEpv.js +0 -615
package/dist/fallback-notice-state-BXk_kRWM.js +0 -15
package/dist/fallbacks-CPdVRP81.js +0 -31
package/dist/fallbacks-shared-CSGf1oaf.js +0 -116
package/dist/fengming-runtime-NUA51sEw.js +0 -33
package/dist/fengming-runtime-config-CIZ-SHPt.js +0 -2
package/dist/fengming-runtime-memory-CIZ-SHPt.js +0 -2
package/dist/fengming-runtime-session-CIZ-SHPt.js +0 -2
package/dist/fengming-tools-MvRSt0JA.js +0 -12221
package/dist/flows-BocRit8D.js +0 -189
package/dist/fs-utils-DSXeBcjj.js +0 -9
package/dist/gateway-BCrUxrVw.js +0 -133
package/dist/gateway-cli-B8bXBd_L.js +0 -443
package/dist/gateway-install-token-pngTMc-f.js +0 -136
package/dist/gateway-method-runtime-ueZTz7WH.js +0 -21
package/dist/gateway-runtime-DbsoThML.js +0 -23
package/dist/get-reply-DUuaxcBz.js +0 -5198
package/dist/get-reply-from-config.runtime-B4Dgs3Hg.js +0 -2
package/dist/github-copilot-token-7AfRRF7J.js +0 -2
package/dist/health-7Yq5zpoZ.js +0 -3
package/dist/health-DlZqxm2f.js +0 -621
package/dist/health-DxesUuur.js +0 -111
package/dist/health-state-BMG8kOby.js +0 -106
package/dist/heartbeat-runner-Bq7A_Cjm.js +0 -5
package/dist/heartbeat-runner-DVwbVyft.js +0 -1930
package/dist/heartbeat-runner.runtime-DQ2NPXMD.js +0 -3
package/dist/helpers-PCu2RivJ.js +0 -406
package/dist/hook-helpers-DLEnCRO7.js +0 -44
package/dist/hooks-Bv-otcl7.js +0 -536
package/dist/hooks-cli-C5ve0nzF.js +0 -465
package/dist/http-endpoint-helpers-w2SagsQz.js +0 -37
package/dist/http-utils-CVvn0ZA-.js +0 -98
package/dist/image-BeixBis4.js +0 -385
package/dist/image-fallbacks-CPbmIMn9.js +0 -31
package/dist/image-generation-core.auth.runtime-Co38iRxQ.js +0 -2
package/dist/image-generation-provider-BA4Ar91S.js +0 -152
package/dist/image-runtime-7ZsfioS1.js +0 -9
package/dist/image-tool.helpers-upjA3ksB.js +0 -150
package/dist/images-ChLi1Uog.js +0 -2
package/dist/images-nB0XAnTa.js +0 -416
package/dist/inbound-reply-dispatch-DglobJ8j.js +0 -2
package/dist/inbound-reply-dispatch-QKOgNx-m.js +0 -147
package/dist/index-AZzJCgph.d.ts +0 -1497
package/dist/infra-runtime-CGD3RE_2.js +0 -32
package/dist/init-poVZDCAM.js +0 -59
package/dist/install-Dn9oPGmU.js +0 -262
package/dist/install.runtime-D5sllsjl.js +0 -2
package/dist/internal-CnOL_Roa.js +0 -399
package/dist/isolated-agent-CNw6E3F0.js +0 -1097
package/dist/isolated-agent-DjkHhEyR.js +0 -2
package/dist/kernel-B5Y5IQ-A.js +0 -3
package/dist/kernel-CMuO4VJy.js +0 -979
package/dist/kimi-web-search-provider.runtime-V4m_MHsk.js +0 -307
package/dist/library-B-1EZjtY.js +0 -45
package/dist/lifecycle-B-5gEZ7O.js +0 -570
package/dist/lifecycle-Bzh5Jo09.js +0 -2
package/dist/lifecycle-DvbcJYMl.js +0 -355
package/dist/lifecycle.runtime-Bzh5Jo09.js +0 -2
package/dist/list-B4xSHRdU.js +0 -2
package/dist/list-BnhZHpxx.js +0 -207
package/dist/list.list-command-DAz-Ws_6.js +0 -429
package/dist/list.model-row-DtdX9KDu.js +0 -39
package/dist/list.probe-CY6lxq51.js +0 -2
package/dist/list.probe-DPuE1GOH.js +0 -451
package/dist/list.provider-catalog-BHc9WXI6.js +0 -211
package/dist/list.provider-catalog-CFbrroys.js +0 -2
package/dist/list.registry-load-C1_sr3gb.js +0 -152
package/dist/list.row-sources-BMtHc9oi.js +0 -474
package/dist/list.source-plan-Dth72qPP.js +0 -81
package/dist/list.status-command-BXCnEq8Q.js +0 -815
package/dist/live-model-switch-Dxav22vq.js +0 -119
package/dist/llm-slug-generator-6o8RXL11.js +0 -78
package/dist/load-config-EF3n0Dyo.js +0 -27
package/dist/load-context-CI_ogQt_.js +0 -82
package/dist/loader-DtwEzpp-.js +0 -7008
package/dist/local-dispatch.runtime-21liE3rA.js +0 -10
package/dist/main-session-restart-recovery-D1g62iJ5.js +0 -2
package/dist/main-session-restart-recovery-v2I9CEXi.js +0 -389
package/dist/managed-image-attachments-BEl5qfCT.js +0 -616
package/dist/managed-image-attachments-D5KqX2Qy.js +0 -2
package/dist/manager-DZc3xiNq.js +0 -2314
package/dist/manager-Vf3vLTGe.js +0 -3737
package/dist/mcp-http-BaJoPKF9.js +0 -583
package/dist/mcp-http-CpEaJIGJ.js +0 -2
package/dist/media-runtime-DtP_Ff8m.js +0 -391
package/dist/media-services-CXYbyIIp.js +0 -416
package/dist/media-understanding-DvTIsIyr.js +0 -87
package/dist/media-understanding-provider-DBBAvuwG.js +0 -13
package/dist/media-understanding-provider-DOf_uZrx.js +0 -70
package/dist/media-understanding-provider-DdRfNh9h.js +0 -69
package/dist/media-understanding-provider-mqpQDt8V.js +0 -29
package/dist/memory-BNk25Hi6.js +0 -437
package/dist/memory-core-host-engine-embeddings-XsK5xS70.js +0 -667
package/dist/memory-core-host-engine-foundation-BYkoOLXl.js +0 -15
package/dist/memory-core-host-engine-qmd-0JuUCKCK.js +0 -2
package/dist/memory-core-host-engine-storage-MCFGjDwW.js +0 -2
package/dist/memory-core-host-runtime-cli-fVGH65E8.js +0 -10
package/dist/memory-core-host-runtime-core-JtXIAdlM.js +0 -12
package/dist/memory-core-host-runtime-files-BGw_ypoN.js +0 -4
package/dist/memory-embedding-provider-runtime-3UBzs4sx.js +0 -36
package/dist/memory-host-core-Y_O5V-mu.js +0 -78
package/dist/memory-host-search.runtime-B4TzyvmR.js +0 -2
package/dist/memory-runtime-9kEPAeKV.js +0 -2
package/dist/memory-runtime-BU4t85uu.js +0 -57
package/dist/memory-search-CVX--mSz.js +0 -235
package/dist/message-BVXoNpWP.js +0 -284
package/dist/message-HaiKqj0A.js +0 -2
package/dist/message-action-runner-Chwzn02r.js +0 -2
package/dist/message-action-runner-tEEliptt.js +0 -1922
package/dist/message-handler-CHDS_NF-.js +0 -1806
package/dist/metadata-registry-loader-Croa1pgR.js +0 -22
package/dist/metadata-registry-loader-w0p86vis.js +0 -2
package/dist/migrate-CPCZJ4H5.js +0 -2
package/dist/migrate-CUj6m6Cx.js +0 -458
package/dist/migration-provider-runtime-4r4WGtf2.js +0 -2
package/dist/migration-provider-runtime-TxrH_mM7.js +0 -68
package/dist/minimax-web-search-provider.runtime-Dr2GJiWj.js +0 -148
package/dist/model-BQSouNOa.js +0 -2
package/dist/model-CAk0bcuO.js +0 -1302
package/dist/model-auth-BF7w9Fiv.js +0 -705
package/dist/model-auth-label-r729wcPk.js +0 -67
package/dist/model-auth-us8b_D5d.js +0 -6
package/dist/model-catalog-BGykBGxx.js +0 -434
package/dist/model-catalog-BVXrqFbI.js +0 -3
package/dist/model-catalog-visibility-Bsup46vy.js +0 -76
package/dist/model-config.helpers-wzD1EEfE.js +0 -95
package/dist/model-context-tokens-DrIU9eJc.js +0 -572
package/dist/model-fallback-GySPjr3J.js +0 -1288
package/dist/model-fallback-auth.runtime-Dg_Jmguu.js +0 -5
package/dist/model-picker-BI6jXOjt.js +0 -3
package/dist/model-picker-DYyJHhfH.js +0 -1135
package/dist/model-picker-visibility-D_IMZfxd.js +0 -22
package/dist/model-picker.runtime-B70kQMyc.js +0 -48
package/dist/model-pricing-cache-CSpUDzSt.js +0 -856
package/dist/model-pricing-cache-dkPwTUVJ.js +0 -3
package/dist/model-pricing-cache-state-C6shoEWy.js +0 -83
package/dist/model-provider-auth-BfZHbTaj.js +0 -2
package/dist/model-provider-auth-CPCBWvqL.js +0 -375
package/dist/model-runtime-aliases-DUzusc9_.js +0 -133
package/dist/model-selection-8UzO5mgF.js +0 -254
package/dist/model-selection-Cb7azWw1.js +0 -7
package/dist/model-selection-jDYEo0WI.js +0 -352
package/dist/model-selection.runtime-D_yHZLbs.js +0 -7
package/dist/models-BxA2IU3W.js +0 -57
package/dist/models-auth-status-yG7yyRcv.js +0 -280
package/dist/models-cli-DUt4uiMH.js +0 -257
package/dist/models-config-B5bkuh6A.js +0 -1189
package/dist/models-config-Xj8vG_x2.js +0 -2
package/dist/models-config.providers.secrets-DNBB440Z.js +0 -2
package/dist/models-config.providers.secrets-DNIQlBSE.js +0 -382
package/dist/models-http-DMILRsry.js +0 -88
package/dist/monitor-2_c2Ttjf.js +0 -1024
package/dist/monitor-7tD_FE_5.js +0 -60
package/dist/monitor.account-D0F9tnWD.js +0 -5382
package/dist/music-generation-provider-3ykPaUwR.js +0 -308
package/dist/native-hook-relay-BJKHIhWd.js +0 -1378
package/dist/native-hook-relay-V8Kappw1.js +0 -19
package/dist/node-cli-BLVyQ93e.js +0 -2806
package/dist/node-command-policy-B0ezpI_O.js +0 -295
package/dist/nodes-DnWH_15m.js +0 -3
package/dist/nodes-RkB4ZmP6.js +0 -1483
package/dist/nodes-cli-upwPs91b.js +0 -960
package/dist/nodes-pending--sojaxpI.js +0 -211
package/dist/nodes-utils-Yks_uDZK.js +0 -85
package/dist/oauth-CQN2efEy.js +0 -207
package/dist/oauth-DApi3OI9.js +0 -746
package/dist/oauth-DkUWBub2.js +0 -852
package/dist/onboard-CiQSBSrz.js +0 -768
package/dist/onboard-channels-DaWYXiLv.js +0 -1534
package/dist/onboard-channels-DnwM2_IL.js +0 -2
package/dist/onboard-custom-BQPckD0V.js +0 -3
package/dist/onboard-custom-config-BmbThk2-.js +0 -422
package/dist/onboard-custom-xInFj1Rs.js +0 -280
package/dist/onboard-search-DSfmthe5.js +0 -412
package/dist/openai-compat-errors-VR4SN1MV.js +0 -136
package/dist/openai-http-DV95ynPi.js +0 -836
package/dist/openai-transport-stream-BwpzqR-b.js +0 -3427
package/dist/openresponses-http-DPchx8IC.js +0 -1175
package/dist/operations-f9R8j-r9.js +0 -805
package/dist/order-BQx8mNGZ.js +0 -218
package/dist/outbound-attachment-C4yojK6p.js +0 -19
package/dist/param-readers-BIXyd5la.js +0 -2
package/dist/payloads-DrY1bKyF.js +0 -256
package/dist/persistent-bindings.lifecycle-BiPN7luW.js +0 -85
package/dist/persistent-bindings.lifecycle-X3wfan2Z.js +0 -2
package/dist/plugin-enabled-CqsBObeO.js +0 -232
package/dist/plugin-install-CfB1_kpX.js +0 -118
package/dist/plugin-install-DzMraXHH.js +0 -2
package/dist/plugin-install-config-policy-BD_elPNg.js +0 -169
package/dist/plugin-registration-Dy58ncPf.js +0 -97
package/dist/plugin-registry-BlmODeop.js +0 -3
package/dist/plugin-registry-k5OK18l5.js +0 -2
package/dist/plugin-runtime-B3t53CKr.js +0 -102
package/dist/plugin-sdk/bundled-channel-config-schema-UtIBjviA.d.ts +0 -3169
package/dist/plugin-service-sKF4gWFm.js +0 -1249
package/dist/plugins-authoring-command-I72k2cuv.js +0 -304
package/dist/plugins-cli-DMQRbPsU.js +0 -63
package/dist/plugins-cli.runtime-CvDuKFJj.js +0 -339
package/dist/plugins-command-helpers-C5WMM4bk.js +0 -164
package/dist/plugins-command-helpers-DDt_pMQ4.js +0 -2
package/dist/plugins-inspect-command-ka7Hpld3.js +0 -248
package/dist/plugins-install-command-BHSgof-_.js +0 -2
package/dist/plugins-install-command-t5caX9q_.js +0 -993
package/dist/plugins-install-persist-Bah1m3x7.js +0 -252
package/dist/plugins-list-command-BXLWwXHM.js +0 -184
package/dist/plugins-uninstall-command-C_3m6CrW.js +0 -118
package/dist/prepare.runtime-COZaHg5E.js +0 -798
package/dist/presentation-card-CciJv4ru.js +0 -164
package/dist/preview-warnings-L4VuEOyB.js +0 -618
package/dist/profiles-CM2xoUYX.js +0 -194
package/dist/program-B-4C7bC-.js +0 -131
package/dist/provider-adapters-Eh8mS2Fd.js +0 -104
package/dist/provider-api-key-auth-DTh2cbmS.js +0 -117
package/dist/provider-api-key-auth.runtime-DrTYYfxK.js +0 -14
package/dist/provider-auth-Bnaijzmv.js +0 -281
package/dist/provider-auth-api-key-CNP8o5E7.js +0 -5
package/dist/provider-auth-choice-Devw4sQf.js +0 -311
package/dist/provider-auth-choice-helpers-DmVudRp6.js +0 -210
package/dist/provider-auth-choice.runtime-C337IQ3W.js +0 -2
package/dist/provider-auth-choice.runtime-DqGYalFo.js +0 -18
package/dist/provider-auth-guidance-Bk4WV6Lg.js +0 -2
package/dist/provider-auth-guidance-C7NCKuKn.js +0 -34
package/dist/provider-auth-helpers-r7mC8I5l.js +0 -177
package/dist/provider-auth-login.runtime-BFJgAAS6.js +0 -156
package/dist/provider-auth-runtime-BiLPGiMW.js +0 -186
package/dist/provider-discovery-uxRmAIf_.js +0 -95
package/dist/provider-discovery.runtime-mwbSivDS.js +0 -290
package/dist/provider-dispatcher-CtKWj3r-.js +0 -22
package/dist/provider-entry-DjACqdrB.js +0 -134
package/dist/provider-hook-runtime-CpJsM7Dk.js +0 -255
package/dist/provider-openai-codex-oauth-DWGmVUYg.js +0 -2
package/dist/provider-openai-codex-oauth-ctxd00JW.js +0 -44
package/dist/provider-registration-l8EX4voM.js +0 -235
package/dist/provider-registry-BgIQXJle.js +0 -31
package/dist/provider-registry-CVuzobHN.js +0 -36
package/dist/provider-registry-DmdDbSQs.js +0 -61
package/dist/provider-registry-LqtLqheu.js +0 -61
package/dist/provider-registry-pTYVjODc.js +0 -61
package/dist/provider-runtime-BQZSuC9l.js +0 -3
package/dist/provider-runtime-D9Q-7VuO.js +0 -386
package/dist/provider-runtime.runtime-C6YZ8YI0.js +0 -26
package/dist/provider-self-hosted-setup-BIAD2ISe.js +0 -373
package/dist/provider-stream-DScdaoRo.js +0 -313
package/dist/provider-stream-PE0IxmpZ.js +0 -1084
package/dist/provider-stream-family-S2fhlydZ.js +0 -2
package/dist/provider-usage-DVKHMF6l.js +0 -4
package/dist/provider-usage-EEjx1av0.js +0 -71
package/dist/provider-usage.load-Cu11xbrw.js +0 -357
package/dist/provider-web-search-Dbk7MO-1.js +0 -58
package/dist/provider-wizard-DS2Xb2eu.js +0 -125
package/dist/providers.runtime-BPhGcupv.js +0 -240
package/dist/providers.runtime-DoylK-ht.js +0 -2
package/dist/proxy-BxacG0p3.js +0 -662
package/dist/public-artifacts-Dq3y7bBv.js +0 -7
package/dist/pw-ai-DlSSqerW.js +0 -3064
package/dist/qmd-manager-B_SG-ejE.js +0 -2040
package/dist/qr-cli-CT-sE_j9.js +0 -2
package/dist/qr-cli-DPlDCXJQ.js +0 -371
package/dist/qr-image--VmmvuDB.js +0 -2
package/dist/queue-Be2Y7PcO.js +0 -923
package/dist/read-file-hhemkDfq.js +0 -183
package/dist/register-service-commands-CeVpCQU3.js +0 -77
package/dist/register.agent-JLsb-giw.js +0 -152
package/dist/register.configure-CP0Q-ost.js +0 -16
package/dist/register.crestodian-CBXyXEix.js +0 -24
package/dist/register.maintenance-DGIPQ2Vo.js +0 -85
package/dist/register.message-BBQwz0Ld.js +0 -404
package/dist/register.migrate-CkgNlvLD.js +0 -106
package/dist/register.onboard-CS9gRK0c.js +0 -115
package/dist/register.setup-DhqDOer9.js +0 -40
package/dist/register.status-health-sessions-CiwQN_lw.js +0 -293
package/dist/register.subclis-86Md7P0P.js +0 -3
package/dist/register.subclis-CTVI8zvZ.js +0 -31
package/dist/register.subclis-core-Cy4AnRCu.js +0 -273
package/dist/rem-harness-vSsq3HiK.js +0 -649
package/dist/repair-sequencing-SHADYdcA.js +0 -652
package/dist/reply-media-paths.runtime-Bf5nxPuP.js +0 -154
package/dist/reply-media-paths.runtime-sLsMpKGO.js +0 -2
package/dist/reply-payloads-CJ3w8rSA.js +0 -79
package/dist/reply-payloads-dedupe-DDFXWCVR.js +0 -176
package/dist/reply-payloads-dedupe.runtime-DbXPzKmG.js +0 -2
package/dist/reply-timing-tracker-DjVIBsVb.js +0 -205
package/dist/reply-turn-admission-nEW5QbY5.js +0 -2056
package/dist/reply.runtime-B4Dgs3Hg.js +0 -2
package/dist/reset-preserved-selection-CVD1yeVC.js +0 -45
package/dist/resolve-DidlinMh.js +0 -106
package/dist/restart-DzTrO95c.js +0 -121
package/dist/result-fallback-classifier-BqsFUDvP.js +0 -98
package/dist/root-help-QGs0dCCN.js +0 -43
package/dist/route-B3R-uzFG.js +0 -475
package/dist/route-reply-CdfhgIoY.js +0 -174
package/dist/route-reply.runtime-DwuU2WjH.js +0 -2
package/dist/routes-ChXmJocl.js +0 -3701
package/dist/routes-D-ZF4AdA.js +0 -2
package/dist/run-ClmVDTET.js +0 -1162
package/dist/run-auth-profile.runtime-CTxrwz0y.js +0 -2
package/dist/run-command-CqZJQ0Im.js +0 -2
package/dist/run-command-GClW75NL.js +0 -23
package/dist/run-context-BOdGeRg5.js +0 -66
package/dist/run-context.runtime-CwuKVYPj.js +0 -2
package/dist/run-delivery.runtime-BQ39dm34.js +0 -762
package/dist/run-embedded.runtime-e1K4Bt1_.js +0 -4
package/dist/run-execution-cli.runtime-Cjrgt4cV.js +0 -4
package/dist/run-executor.runtime-C2JE6JGb.js +0 -330
package/dist/run-model-catalog.runtime-DkrLKopr.js +0 -2
package/dist/run-session-state-C5YdQs7o.js +0 -159
package/dist/run-subagent-registry.runtime-Dl_lXi6y.js +0 -2
package/dist/runner-CNGHdaIg.js +0 -704
package/dist/runner.entries-dckPkeld.js +0 -1485
package/dist/runtime-9LxcVCyw.js +0 -615
package/dist/runtime-BCOtBS5G.js +0 -3
package/dist/runtime-C-pgjoJr.js +0 -210
package/dist/runtime-CyF0vJXG.js +0 -10
package/dist/runtime-D-7lMvGV.js +0 -2
package/dist/runtime-D17OmF9G.js +0 -224
package/dist/runtime-D6SweufG.js +0 -245
package/dist/runtime-DVAM7AFd.js +0 -2
package/dist/runtime-DX2ClrP-.js +0 -436
package/dist/runtime-FOOWuiYX.js +0 -300
package/dist/runtime-api-B0F0JsV1.js +0 -12
package/dist/runtime-cREKSBYC.js +0 -2
package/dist/runtime-channel-BmD4hoCR.js +0 -148
package/dist/runtime-channel-BsebQSPL.js +0 -2
package/dist/runtime-config-collectors-BjYeQ0Tk.js +0 -525
package/dist/runtime-embedded-agent.runtime-A4r23Bn8.js +0 -2
package/dist/runtime-internal-DkV-EMTK.js +0 -2
package/dist/runtime-llm.runtime-BQKNnuRc.js +0 -307
package/dist/runtime-model-auth.runtime-BbGqHVM5.js +0 -2
package/dist/runtime-model-auth.runtime-rtJH4LBB.js +0 -46
package/dist/runtime-options-B0EGb1Wq.js +0 -275
package/dist/runtime-plugin-Bdqm44bH.js +0 -92
package/dist/runtime-plugins-rZk1eAK_.js +0 -32
package/dist/runtime-plugins.runtime-DApiYzny.js +0 -2
package/dist/runtime-prepare.runtime-DWxvnbyY.js +0 -81
package/dist/runtime-provider-B0slPjtk.js +0 -2
package/dist/runtime-provider-DLgupOKt.js +0 -24
package/dist/runtime-registry-loader-Cf2HuMjd.js +0 -2
package/dist/runtime-registry-loader-DLzDrA7e.js +0 -117
package/dist/runtime-shared-Bg-OiD4u.js +0 -365
package/dist/runtime-web-channel-plugin-DrMjRaqi.js +0 -204
package/dist/scan-DA7Oqxuv.js +0 -573
package/dist/sdk-security-runtime-WjOaCbga.js +0 -86
package/dist/sdk-setup-tools-DaYT6_jD.js +0 -8
package/dist/secrets-cli-fJQ0geWO.js +0 -150
package/dist/security-cli-CJMwGp8U.js +0 -520
package/dist/selection-BNwLQzqJ.js +0 -3
package/dist/selection-Cj-l80pO.js +0 -18365
package/dist/send-DstYcrDW.js +0 -711
package/dist/send-aTxtLkJm.js +0 -178
package/dist/send-media-OG5Gd31l.js +0 -2072
package/dist/send-qwDMMnM6.js +0 -1222
package/dist/send-result-BWRKr16H.js +0 -141
package/dist/server-CMtA1S09.js +0 -24
package/dist/server-DIRaYiiH.js +0 -72
package/dist/server-aux-handlers-BRO-9-Jf.js +0 -1347
package/dist/server-chat-0J_ke0ph.js +0 -827
package/dist/server-context-DWOSX34k.js +0 -2
package/dist/server-context-R7MFLFdI.js +0 -955
package/dist/server-cron-2FuFg2j8.js +0 -2
package/dist/server-cron-ChPAVQtg.js +0 -3173
package/dist/server-maintenance-ZvS7Id6T.js +0 -152
package/dist/server-methods-DSbhPK3k.js +0 -497
package/dist/server-middleware-CYxFU-e5.js +0 -122
package/dist/server-model-catalog-B22UhmRr.js +0 -73
package/dist/server-model-catalog-BJIHPP3P.js +0 -2
package/dist/server-node-events-tNWJnXQM.js +0 -597
package/dist/server-plugin-bootstrap-Ccu97zi8.js +0 -71
package/dist/server-plugins-ByXwKPnj.js +0 -435
package/dist/server-reload-handlers-ConGiT9Q.js +0 -719
package/dist/server-restart-sentinel-mPHo61LL.js +0 -700
package/dist/server-runtime-services-BR1icaUW.js +0 -3
package/dist/server-runtime-services-Bx8n34dj.js +0 -147
package/dist/server-runtime-subscriptions-CZklTkRG.js +0 -67
package/dist/server-session-events-DxdiZYM2.js +0 -244
package/dist/server-session-key-CYvLslFO.js +0 -75
package/dist/server-session-key-D9GQut81.js +0 -2
package/dist/server-startup-config-Byb0vR8j.js +0 -305
package/dist/server-startup-early-a65fHTQS.js +0 -87
package/dist/server-startup-memory-ClwzC9jX.js +0 -72
package/dist/server-startup-plugins-CaBj0Nt2.js +0 -127
package/dist/server-startup-post-attach-B7TcxkmO.js +0 -793
package/dist/server-ws-runtime-Cxk_CqMr.js +0 -374
package/dist/server.impl-CQ6dnx43.js +0 -2622
package/dist/session-cost-usage-GsYDNvka.js +0 -1600
package/dist/session-kill-http-CKkxZhhd.js +0 -121
package/dist/session-log-runtime-Bwc2Oijk.js +0 -1258
package/dist/session-override-CWbKiXiC.js +0 -134
package/dist/session-reset-model.runtime-CDFMjwWA.js +0 -144
package/dist/session-reset-service-SE0aK4cw.js +0 -651
package/dist/session-status.runtime-Df89I7Fk.js +0 -2
package/dist/session-store-RkvjJPMQ.js +0 -273
package/dist/session-store.runtime-C7P5asx7.js +0 -4
package/dist/session-subagent-reactivation.runtime-BhGUZG1Z.js +0 -2
package/dist/session-tab-registry-9rSuQ0Yz.js +0 -551
package/dist/session-utils-De8TIM0h.js +0 -1508
package/dist/sessions-6b9a00Tl.js +0 -1917
package/dist/sessions-CEPHczjC.js +0 -316
package/dist/sessions-CEojHc8b.js +0 -12736
package/dist/sessions-cleanup-BkG7_sq9.js +0 -165
package/dist/sessions-history-http-BjJEfjJa.js +0 -432
package/dist/sessions-patch-PwG5sknc.js +0 -401
package/dist/sessions-resolve-CSIrd_fi.js +0 -180
package/dist/sessions-table-8CbU7jXa.js +0 -161
package/dist/sessions.runtime-BYHMD0M7.js +0 -2
package/dist/set-BJDpe28W.js +0 -31
package/dist/set-image-CwTFx7PX.js +0 -17
package/dist/setup-B6LmeIms.js +0 -614
package/dist/setup-B_zxHfYu.js +0 -2
package/dist/setup-onboard-configure-help-fast-path-Bck3SKEH.js +0 -64
package/dist/setup.finalize-CmLYX-Rf.js +0 -586
package/dist/setup.gateway-config-H_89Msro.js +0 -281
package/dist/setup.migration-import-DVzyUjX6.js +0 -2
package/dist/setup.migration-import-DmJpqoqf.js +0 -200
package/dist/setup.post-install-migration-WPFWKXXg.js +0 -128
package/dist/shared-CUhu8NTs.js +0 -5
package/dist/shared-D-BN2JhY.js +0 -71
package/dist/shared-ES8nDIcn.js +0 -212
package/dist/simple-completion-runtime-BGZkWvKr.js +0 -206
package/dist/simple-completion-runtime-CM_IISYW.js +0 -2
package/dist/simple-completion-transport-Bo0u9dhp.js +0 -83
package/dist/snapshot-urls-C1KjRQD5.js +0 -317
package/dist/speech-core-Bas7e4h0.js +0 -119
package/dist/speech-provider-BonJQv5S.js +0 -227
package/dist/speech-provider-CwdKQmDv.js +0 -171
package/dist/speech-provider-DcQRnYhZ.js +0 -233
package/dist/stale-oauth-profile-shadows-C3aeAWfv.js +0 -186
package/dist/stale-oauth-profile-shadows-m5rb8dPc.js +0 -2
package/dist/standalone-runtime-registry-loader-B9n2LBKC.js +0 -59
package/dist/startup-context-DY7C4riM.js +0 -314
package/dist/status-6EPKat7p.js +0 -73
package/dist/status-C6Fa7Dsf.js +0 -2
package/dist/status-CNnxDQlM.js +0 -4
package/dist/status-D2Scvbc0.js +0 -3
package/dist/status-Ducanro3.js +0 -2
package/dist/status-_XX_6QVA.js +0 -466
package/dist/status-all-BP1u6vou.js +0 -573
package/dist/status-json-DPlOJ_ue.js +0 -15
package/dist/status-json-command-BT7EwVKj.js +0 -84
package/dist/status-message-Dzr9-MX-.js +0 -495
package/dist/status-message.runtime-DFezIt1d.js +0 -6
package/dist/status-prBlcUV5.js +0 -249
package/dist/status-queue.runtime-C1bmg2rl.js +0 -2
package/dist/status-runtime-shared-RjKIPEQ0.js +0 -289
package/dist/status-subagents.runtime-tsCCe4Ny.js +0 -32
package/dist/status-text-Bkeyg8Bf.js +0 -301
package/dist/status.command-D06_4ATq.js +0 -425
package/dist/status.command-dDEZM84a.js +0 -2
package/dist/status.command.text-runtime-WH9tP7yg.js +0 -15
package/dist/status.runtime-B76GaBIR.js +0 -2
package/dist/status.scan-Bc6clx0F.js +0 -72
package/dist/status.scan-overview-v_-AaFhC.js +0 -460
package/dist/status.scan.deps.runtime-BkH1HAb4.js +0 -19
package/dist/status.scan.fast-json-CrlfKKI3.js +0 -2
package/dist/status.scan.fast-json-D8v6zfP8.js +0 -163
package/dist/status.summary-DBhvgOPr.js +0 -276
package/dist/status.summary-hQV0PKFO.js +0 -2
package/dist/store-BClomp_4.js +0 -3
package/dist/store-BHqDPtNw.js +0 -2302
package/dist/stored-model-override-vm4CtQWX.js +0 -79
package/dist/subagent-announce-D244Q4w2.js +0 -353
package/dist/subagent-announce-delivery-qKZfF7Bs.js +0 -1369
package/dist/subagent-control-c87mVGUE.js +0 -492
package/dist/subagent-control.runtime-DfQtIsDb.js +0 -3
package/dist/subagent-hooks-B_UW5Len.js +0 -2
package/dist/subagent-hooks-CYvFWt_r.js +0 -230
package/dist/subagent-hooks-api-DZgaJf19.js +0 -23
package/dist/subagent-registry-BlcoCggo.js +0 -2627
package/dist/subagent-registry-CuObhNeO.js +0 -3
package/dist/subagent-session-cleanup-hFF8Z34s.js +0 -390
package/dist/system-CN_Knfqq.js +0 -111
package/dist/system-prompt-config-BmZlhYK9.js +0 -918
package/dist/talk-DrjGczYs.js +0 -2454
package/dist/target-id-BNpbyWkq.js +0 -107
package/dist/targets-CQcGo6u4.js +0 -267
package/dist/targets.runtime-DwcxNI-x.js +0 -2
package/dist/task-executor-CZg-qt4u.js +0 -349
package/dist/task-owner-access-Duem5jjb.js +0 -74
package/dist/task-registry-Cw8pc3Ry.js +0 -2362
package/dist/task-registry-delivery-runtime-HaiKqj0A.js +0 -2
package/dist/task-registry.maintenance-BLv3wpK9.js +0 -764
package/dist/task-registry.maintenance-CvlIcxE-.js +0 -2
package/dist/task-status-access-C5nDJSI4.js +0 -18
package/dist/tasks-D3CfEAlq.js +0 -548
package/dist/tasks-WKnE5fvr.js +0 -153
package/dist/tasks-audit-system-okJjcOjU.js +0 -210
package/dist/tasks-json-C-iUgWNu.js +0 -73
package/dist/tavily-web-search-provider.runtime-jpagljrA.js +0 -112
package/dist/text-report-BTsF3Pv3.js +0 -695
package/dist/text-transforms.runtime-CgH_pbcQ.js +0 -113
package/dist/thread-bindings-BWxpUE9U.js +0 -228
package/dist/tool-DhJbbm91.js +0 -143
package/dist/tool-dispatch-CpFUfblu.js +0 -155
package/dist/tool-images-C-tFlXjE.js +0 -247
package/dist/tool-plugin-3NejWxZW.js +0 -93
package/dist/tool-resolution-oW8Cbamd.js +0 -153
package/dist/tool-result-truncation-CWFGf7Eu.js +0 -498
package/dist/tool-schema-CMtc7PdZ.js +0 -40
package/dist/tool-schema-projection-DJRPEEvY.js +0 -215
package/dist/tool-split-E4RdK5jS.js +0 -323
package/dist/tools-BAl3JiNw.js +0 -901
package/dist/tools-DC8tCPxR.js +0 -579
package/dist/tools-catalog-Dzv9zaBD.js +0 -156
package/dist/tools-effective-CGvzyIL2.js +0 -442
package/dist/tools-effective-inventory-GI5N5Q9v.js +0 -379
package/dist/tools-invoke-CU2U0hNH.js +0 -51
package/dist/tools-invoke-http-8s3FiUy4.js +0 -68
package/dist/tools-invoke-shared-DIETrEY7.js +0 -200
package/dist/tools.runtime-Bnm8CI7w.js +0 -5
package/dist/transcript-rewrite-Buv2ITw4.js +0 -688
package/dist/transcripts-tool-BCFlLCFd.js +0 -2
package/dist/transcripts-tool-CWgNd0Uw.js +0 -656
package/dist/tts-Aguo4zC5.js +0 -3
package/dist/tts-Bf77cURn.js +0 -2
package/dist/tts-DnADOKOP.js +0 -194
package/dist/tts-runtime-MBSH-nOM.js +0 -1337
package/dist/tts.runtime-B-NR9osE.js +0 -2
package/dist/tts.runtime-Bo-QxKgx.js +0 -3
package/dist/tui-B0CdNmCz.js +0 -4860
package/dist/tui-ByRcXM3Z.js +0 -2
package/dist/tui-backend-C52BUoZI.js +0 -256
package/dist/tui-cli-BQHpZ4n0.js +0 -40
package/dist/typing-policy-XspVOezC.js +0 -199
package/dist/usage-BOYwzimH.js +0 -1113
package/dist/usage-BSmLrVWB.js +0 -623
package/dist/usage-format-CfzICmvv.js +0 -2
package/dist/usage-format-DPJKCPic.js +0 -394
package/dist/video-generation-provider-CdCTztQ7.js +0 -77
package/dist/video-generation-provider-MUUshUzz.js +0 -325
package/dist/video-generation-provider-XmzzTa6e.js +0 -297
package/dist/video-generation-provider-weiQUJE5.js +0 -64
package/dist/web-fetch-providers.runtime-tD9zqAS2.js +0 -41
package/dist/web-guarded-fetch-CyhQZ1yD.js +0 -2
package/dist/web-guarded-fetch-DIXHI-yJ.js +0 -58
package/dist/web-media-BPnTMYE5.js +0 -4
package/dist/web-media-DV_tCQiQ.js +0 -2
package/dist/web-media-DYydVGCK.js +0 -651
package/dist/web-provider-runtime-shared-h3M6Bqyg.js +0 -142
package/dist/web-search-provider-common-CEYWuDcp.js +0 -252
package/dist/web-search-providers.runtime-YrayP296.js +0 -41
package/dist/zod-schema.core-BGLctDlK.d.ts +0 -166
/package/dist/{acp-runtime-backend-CHZtaM6t.js → acp-runtime-backend-B83JR5Zf.js} +0 -0
/package/dist/{agent-turn-attachments-BYCRK86s.js → agent-turn-attachments-D5uJijuK.js} +0 -0
/package/dist/{auth-install-policy-t46tJ8jV.js → auth-install-policy-BIpdwrZ9.js} +0 -0
/package/dist/{cli-backends-BHXnrVN_.js → cli-backends-79CCRQ2a.js} +0 -0
/package/dist/{command-secret-targets-DZ0J2Wm3.js → command-secret-targets-BOJlcBil.js} +0 -0
/package/dist/{commands-DWp49Exc.js → commands-Dw9hwmVt.js} +0 -0
/package/dist/{commands-reset-hooks-MMq2dvff.js → commands-reset-hooks-epArfNOY.js} +0 -0
/package/dist/{delegate-Dkj_5OvH.js → delegate-Bw8NQXVr.js} +0 -0
/package/dist/{jobs-BGELIHcx.js → jobs-BIOTaq7l.js} +0 -0
/package/dist/{kimi-web-search-provider-4PlMYsPx.js → kimi-web-search-provider-Bzg_DiXO.js} +0 -0
/package/dist/{memory-host-search-Ds9GiNpf.js → memory-host-search-Dph0Mq-v.js} +0 -0
/package/dist/{minimax-web-search-provider-d5gTJUNg.js → minimax-web-search-provider-CETxDkkI.js} +0 -0
/package/dist/{model-selection-cli-CO6BHPiL.js → model-selection-cli-DizUvxeY.js} +0 -0
/package/dist/{provider-auth-choice-preference-f7Us6TQL.js → provider-auth-choice-preference-uJn1811S.js} +0 -0
/package/dist/{runtime-wfO9bV5y.js → runtime-BEVbpIgZ.js} +0 -0
/package/dist/{runtime-web-tools-B6vr1LZs.js → runtime-web-tools-Bf0aEe-F.js} +0 -0
/package/dist/{runtime-web-tools-fallback.runtime-Crs7KfH5.js → runtime-web-tools-fallback.runtime-DU6rTj6l.js} +0 -0
/package/dist/{session-subagent-reactivation-H5Rdwkyy.js → session-subagent-reactivation-Bb5SCi9J.js} +0 -0
/package/dist/{tavily-web-search-provider-DbdIzpMv.js → tavily-web-search-provider-CIEhV60D.js} +0 -0

package/dist/message-handler-MZ0DMbCx.js ADDED Viewed

@@ -0,0 +1,1806 @@
+import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString } from "./string-coerce-DKw2K5wM.js";
+import { S as resolveIntegerOption } from "./number-coercion-D1aDmIZp.js";
+import { y as resolveStateDir } from "./paths-9MqJt9oL.js";
+import { _ as uniqueStrings } from "./string-normalization-B8G0vlWE.js";
+import { s as resolveRuntimeServiceVersion } from "./version-DbEUUfgr.js";
+import { E as runWithDiagnosticTraceContext, _ as createDiagnosticTraceContext } from "./diagnostic-events-Bwqd0ZOT.js";
+import { a as isPrivateOrLoopbackAddress, c as isTrustedProxyAddress, f as resolveClientIp, h as resolveHostName, i as isLoopbackHost, n as isLocalishHost, o as isPrivateOrLoopbackHost, r as isLoopbackAddress } from "./net-BK5OVE9D.js";
+import { i as AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET, n as AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN } from "./auth-rate-limit-DdDWBtkA.js";
+import { a as hasForwardedRequestHeaders, i as authorizeWsControlUiGatewayConnect, o as isLocalDirectRequest, r as authorizeHttpGatewayConnect, s as checkBrowserOrigin } from "./auth-zd4y6lgs.js";
+import { i as getRuntimeConfig } from "./io-DAZXanmU.js";
+import { n as GATEWAY_CLIENT_IDS, r as GATEWAY_CLIENT_MODES } from "./client-info-D6_UASoA.js";
+import { At as validateRequestFrame, M as validateConnectParams, Ri as ErrorCodes, t as formatValidationErrors, zi as errorShape } from "./src-B1Y482-m.js";
+import "./version-D5ISQOpk.js";
+import { c as buildDeviceAuthPayloadV3, l as normalizeDeviceMetadataForAuth, s as buildDeviceAuthPayload } from "./client-mK_ev15j.js";
+import { i as normalizeDevicePublicKeyBase64Url, s as verifyDeviceSignature, t as deriveDeviceIdFromPublicKey } from "./device-identity-CdQCTTc_.js";
+import { a as isOperatorUiClient, n as isGatewayCliClient, o as isWebchatClient, t as isBrowserOperatorUiClient } from "./message-channel-DcN_7tYD.js";
+import { i as buildPairingConnectErrorMessage, m as resolveDeviceAuthConnectErrorDetailCode, n as buildPairingConnectCloseReason, p as resolveAuthConnectErrorDetailCode, r as buildPairingConnectErrorDetails, t as ConnectErrorDetailCodes } from "./connect-error-details-BqV3wdWQ.js";
+import { i as gatewayStartupUnavailableDetails, n as GATEWAY_STARTUP_CLOSE_REASON, r as GATEWAY_STARTUP_PENDING_CLOSE_CAUSE, t as GATEWAY_STARTUP_CLOSE_CODE } from "./startup-unavailable-WFvkTNiD.js";
+import { t as ADMIN_SCOPE } from "./operator-scopes-DGvgHuOd.js";
+import "./method-scopes-CTk-6mpm.js";
+import { n as isOperatorApprovalRuntimeToken } from "./operator-approval-runtime-token-C5pv_wEb.js";
+import { t as rawDataToString } from "./ws-C3qhmaFC.js";
+import { l as roleScopesAllow } from "./pairing-token-z_j9TFu2.js";
+import { c as updatePairedNodeMetadata, d as sameNodeApprovalSurfaceSet, f as sameNodePermissionSurface, n as getPairedNode, s as requestNodePairing, u as normalizeNodeApprovalSurfaceList } from "./node-pairing-BexWuBNg.js";
+import { i as recordRemoteNodeInfo, o as refreshRemoteNodeBins } from "./remote-WDAIVkOO.js";
+import { n as logRejectedLargePayload } from "./diagnostic-payload-BP1TpHgP.js";
+import { a as MAX_PAYLOAD_BYTES, i as MAX_BUFFERED_BYTES, o as MAX_PREAUTH_PAYLOAD_BYTES, s as TICK_INTERVAL_MS } from "./server-constants-BGwLM6XN.js";
+import { a as indexPluginNodeCapabilitySurfaces, l as resolvePluginNodeCapabilityTtlMs, o as mintPluginNodeCapabilityToken, r as buildPluginNodeCapabilityScopedHostUrl, u as setClientPluginNodeCapability } from "./plugin-node-capability-DH-ae5Gb.js";
+import { a as normalizeDeclaredNodeCommands, o as resolveNodeCommandAllowlist, s as resolveNodePairingCommandAllowlist } from "./node-command-policy-CkBTEmhl.js";
+import { n as logWs, t as formatForLog } from "./ws-log-tuDbcNZH.js";
+import { a as redeemDeviceBootstrapTokenProfile, d as isPairingSetupBootstrapProfile, l as verifyDeviceBootstrapToken, m as resolveBootstrapProfileScopesForRoles, n as getBoundDeviceBootstrapProfile, o as restoreDeviceBootstrapToken, p as resolveBootstrapProfileScopesForRole, r as getDeviceBootstrapTokenProfile, s as revokeDeviceBootstrapToken } from "./device-bootstrap-B-eNOZPx.js";
+import { _ as updatePairedDeviceMetadata, a as getPairedDevice, c as listApprovedPairedDeviceRoles, l as listDevicePairing, n as approveDevicePairing, p as requestDevicePairing, r as ensureDeviceToken, s as hasEffectivePairedDeviceRole, t as approveBootstrapDevicePairing, u as listEffectivePairedDeviceRoles, v as verifyDeviceToken } from "./device-pairing-D3dagM-f.js";
+import { t as resolveSharedGatewaySessionGeneration } from "./ws-shared-generation-Bp5l7wzu.js";
+import { r as loadVoiceWakeConfig, t as formatError } from "./server-utils-Ca_6k9LO.js";
+import { r as upsertPresence } from "./system-presence-DDIgg9qn.js";
+import { a as incrementPresenceVersion, n as getHealthCache, r as getHealthVersion, t as buildGatewaySnapshot } from "./health-state-QZ2E6xGQ.js";
+import { n as parseGatewayRole, r as roleCanSkipDeviceIdentity } from "./role-policy-DLlx6KCe.js";
+import { t as loadVoiceWakeRoutingConfig } from "./voicewake-routing-Hlporigi.js";
+import { n as buildHandshakeAuthLogKey, r as shouldLimitMissingCredentialAuthLog, t as HandshakeAuthLogLimiter } from "./handshake-auth-log-limiter-ImTDtQlH.js";
+import { t as truncateCloseReason } from "./close-reason-f7R6T5LC.js";
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+//#region src/gateway/node-connect-reconcile.ts
+function resolveApprovedReconnectCommands(params) {
+	return normalizeDeclaredNodeCommands({
+		declaredCommands: Array.isArray(params.pairedCommands) ? params.pairedCommands : [],
+		allowlist: params.allowlist
+	});
+}
+function normalizePermissionMap(value) {
+	if (!value) return;
+	const entries = Object.entries(value).toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey));
+	return entries.length > 0 ? Object.fromEntries(entries) : void 0;
+}
+function intersectApprovalSurfaceList(params) {
+	const approved = new Set(normalizeNodeApprovalSurfaceList(params.approved));
+	return normalizeNodeApprovalSurfaceList(params.declared).filter((entry) => approved.has(entry));
+}
+function intersectPermissionSurface(params) {
+	const entries = [];
+	for (const [key, declaredValue] of Object.entries(params.declared ?? {})) {
+		const approvedValue = params.approved?.[key];
+		if (!declaredValue) {
+			entries.push([key, false]);
+			continue;
+		}
+		if (approvedValue === true) {
+			entries.push([key, true]);
+			continue;
+		}
+		if (approvedValue === false) entries.push([key, false]);
+	}
+	return entries.length > 0 ? Object.fromEntries(entries) : void 0;
+}
+function buildNodePairingRequestInput(params) {
+	return {
+		nodeId: params.nodeId,
+		displayName: params.connectParams.client.displayName,
+		platform: params.connectParams.client.platform,
+		version: params.connectParams.client.version,
+		deviceFamily: params.connectParams.client.deviceFamily,
+		modelIdentifier: params.connectParams.client.modelIdentifier,
+		caps: params.caps,
+		commands: params.commands,
+		permissions: params.permissions,
+		remoteIp: params.remoteIp
+	};
+}
+async function reconcileNodePairingOnConnect(params) {
+	const nodeId = params.connectParams.device?.id ?? params.connectParams.client.id;
+	const policyNode = {
+		platform: params.connectParams.client.platform,
+		deviceFamily: params.connectParams.client.deviceFamily,
+		caps: params.connectParams.caps,
+		commands: params.connectParams.commands
+	};
+	const pairingAllowlist = resolveNodePairingCommandAllowlist(params.cfg, policyNode);
+	const declared = normalizeDeclaredNodeCommands({
+		declaredCommands: Array.isArray(params.connectParams.commands) ? params.connectParams.commands : [],
+		allowlist: pairingAllowlist
+	});
+	const declaredCaps = normalizeNodeApprovalSurfaceList(params.connectParams.caps);
+	const declaredPermissions = normalizePermissionMap(params.connectParams.permissions);
+	if (!params.pairedNode) return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: [],
+		declaredCommands: declared,
+		effectiveCommands: [],
+		declaredPermissions,
+		effectivePermissions: void 0,
+		pendingPairing: await params.requestPairing(buildNodePairingRequestInput({
+			nodeId,
+			connectParams: params.connectParams,
+			caps: declaredCaps,
+			commands: declared,
+			permissions: declaredPermissions,
+			remoteIp: params.reportedClientIp
+		}))
+	};
+	const runtimeAllowlist = resolveNodeCommandAllowlist(params.cfg, {
+		...policyNode,
+		approvedCommands: params.pairedNode.commands
+	});
+	const approvedCommands = resolveApprovedReconnectCommands({
+		pairedCommands: params.pairedNode.commands,
+		allowlist: runtimeAllowlist
+	});
+	const approvedCaps = normalizeNodeApprovalSurfaceList(params.pairedNode.caps);
+	const approvedPermissions = normalizePermissionMap(params.pairedNode.permissions);
+	const hasCommandUpgrade = declared.some((command) => !approvedCommands.includes(command));
+	const hasCapabilityChange = !sameNodeApprovalSurfaceSet(params.pairedNode.caps, declaredCaps);
+	const hasPermissionChange = !sameNodePermissionSurface(params.pairedNode.permissions, declaredPermissions);
+	const effectiveApprovedDeclaredCaps = intersectApprovalSurfaceList({
+		approved: approvedCaps,
+		declared: declaredCaps
+	});
+	const effectiveApprovedDeclaredCommands = intersectApprovalSurfaceList({
+		approved: approvedCommands,
+		declared
+	});
+	const effectiveApprovedDeclaredPermissions = intersectPermissionSurface({
+		approved: approvedPermissions,
+		declared: declaredPermissions
+	});
+	if (hasCommandUpgrade || hasCapabilityChange || hasPermissionChange) return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: effectiveApprovedDeclaredCaps,
+		declaredCommands: declared,
+		effectiveCommands: effectiveApprovedDeclaredCommands,
+		declaredPermissions,
+		effectivePermissions: effectiveApprovedDeclaredPermissions,
+		pendingPairing: await params.requestPairing(buildNodePairingRequestInput({
+			nodeId,
+			connectParams: params.connectParams,
+			caps: declaredCaps,
+			commands: declared,
+			permissions: declaredPermissions ?? (hasPermissionChange ? {} : void 0),
+			remoteIp: params.reportedClientIp
+		}))
+	};
+	return {
+		nodeId,
+		declaredCaps,
+		effectiveCaps: declaredCaps,
+		declaredCommands: declared,
+		effectiveCommands: declared,
+		declaredPermissions,
+		effectivePermissions: declaredPermissions
+	};
+}
+//#endregion
+//#region src/gateway/node-pairing-auto-approve.ts
+function resolveNodePairingClientIpSource(params) {
+	if (!params.reportedClientIp) return "none";
+	if (!params.hasProxyHeaders || !params.remoteIsTrustedProxy) return "direct";
+	return params.remoteIsLoopback ? "loopback-trusted-proxy" : "trusted-proxy";
+}
+function shouldAutoApproveNodePairingFromTrustedCidrs(params) {
+	if (params.existingPairedDevice) return false;
+	if (params.role !== "node") return false;
+	if (params.reason !== "not-paired") return false;
+	if (params.scopes.length > 0) return false;
+	if (params.hasBrowserOriginHeader || params.isControlUi || params.isWebchat) return false;
+	if (params.reportedClientIpSource === "none" || params.reportedClientIpSource === "loopback-trusted-proxy") return false;
+	if (!params.reportedClientIp) return false;
+	const autoApproveCidrs = params.autoApproveCidrs?.map((entry) => entry.trim()).filter((entry) => entry.length > 0);
+	if (!autoApproveCidrs || autoApproveCidrs.length === 0) return false;
+	return isTrustedProxyAddress(params.reportedClientIp, autoApproveCidrs);
+}
+//#endregion
+//#region src/gateway/server/ws-connection/auth-context.ts
+function mapDeviceTokenAuthFailureReason(params) {
+	if (params.tokenCheckReason === "scope-mismatch" || params.tokenCheckReason === "scope_mismatch") return "scope_mismatch";
+	if (params.candidateSource === "explicit-device-token") return "device_token_mismatch";
+	return params.fallbackReason ?? "device_token_mismatch";
+}
+function resolveSharedConnectAuth(connectAuth) {
+	const token = normalizeOptionalString(connectAuth?.token);
+	const password = normalizeOptionalString(connectAuth?.password);
+	if (!token && !password) return;
+	return {
+		token,
+		password
+	};
+}
+function resolveDeviceTokenCandidate(connectAuth) {
+	const explicitDeviceToken = normalizeOptionalString(connectAuth?.deviceToken);
+	if (explicitDeviceToken) return {
+		token: explicitDeviceToken,
+		source: "explicit-device-token"
+	};
+	const fallbackToken = normalizeOptionalString(connectAuth?.token);
+	if (!fallbackToken) return {};
+	return {
+		token: fallbackToken,
+		source: "shared-token-fallback"
+	};
+}
+async function resolveConnectAuthState(params) {
+	const sharedConnectAuth = resolveSharedConnectAuth(params.connectAuth);
+	const sharedAuthProvided = Boolean(sharedConnectAuth);
+	const bootstrapTokenCandidate = params.hasDeviceIdentity ? normalizeOptionalString(params.connectAuth?.bootstrapToken) : void 0;
+	const { token: deviceTokenCandidate, source: deviceTokenCandidateSource } = params.hasDeviceIdentity ? resolveDeviceTokenCandidate(params.connectAuth) : {};
+	let authResult = await authorizeWsControlUiGatewayConnect({
+		auth: params.resolvedAuth,
+		connectAuth: sharedConnectAuth,
+		req: params.req,
+		trustedProxies: params.trustedProxies,
+		allowRealIpFallback: params.allowRealIpFallback,
+		rateLimiter: sharedAuthProvided ? params.rateLimiter : void 0,
+		clientIp: params.clientIp,
+		rateLimitScope: AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET
+	});
+	const sharedAuthResult = sharedConnectAuth && await authorizeHttpGatewayConnect({
+		auth: {
+			...params.resolvedAuth,
+			allowTailscale: false
+		},
+		connectAuth: sharedConnectAuth,
+		req: params.req,
+		trustedProxies: params.trustedProxies,
+		allowRealIpFallback: params.allowRealIpFallback,
+		rateLimitScope: "shared-secret"
+	});
+	const sharedAuthOk = sharedAuthResult?.ok === true && (sharedAuthResult.method === "token" || sharedAuthResult.method === "password") || authResult.ok && authResult.method === "trusted-proxy";
+	return {
+		authResult,
+		authOk: authResult.ok,
+		authMethod: authResult.method ?? (params.resolvedAuth.mode === "password" ? "password" : "token"),
+		sharedAuthOk,
+		sharedAuthProvided,
+		bootstrapTokenCandidate,
+		deviceTokenCandidate,
+		deviceTokenCandidateSource
+	};
+}
+async function resolveConnectAuthDecision(params) {
+	let authResult = params.state.authResult;
+	let authOk = params.state.authOk;
+	let authMethod = params.state.authMethod;
+	let deviceTokenSharedGatewaySessionGeneration;
+	const bootstrapTokenCandidate = params.state.bootstrapTokenCandidate;
+	if (params.hasDeviceIdentity && params.deviceId && params.publicKey && bootstrapTokenCandidate) {
+		const tokenCheck = await params.verifyBootstrapToken({
+			deviceId: params.deviceId,
+			publicKey: params.publicKey,
+			token: bootstrapTokenCandidate,
+			role: params.role,
+			scopes: params.scopes
+		});
+		if (tokenCheck.ok) {
+			authOk = true;
+			authMethod = "bootstrap-token";
+		} else if (!authOk) authResult = {
+			ok: false,
+			reason: tokenCheck.reason ?? "bootstrap_token_invalid"
+		};
+	}
+	const deviceTokenCandidate = params.state.deviceTokenCandidate;
+	if (!params.hasDeviceIdentity || !params.deviceId || authOk || !deviceTokenCandidate) return {
+		authResult,
+		authOk,
+		authMethod
+	};
+	let deviceTokenRateLimited = false;
+	if (params.rateLimiter) {
+		const deviceRateCheck = params.rateLimiter.check(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+		if (!deviceRateCheck.allowed) {
+			deviceTokenRateLimited = true;
+			authResult = {
+				ok: false,
+				reason: "rate_limited",
+				rateLimited: true,
+				retryAfterMs: deviceRateCheck.retryAfterMs
+			};
+		}
+	}
+	if (!deviceTokenRateLimited) {
+		const tokenCheck = await params.verifyDeviceToken({
+			deviceId: params.deviceId,
+			token: deviceTokenCandidate,
+			role: params.role,
+			scopes: params.scopes
+		});
+		if (tokenCheck.ok) {
+			authOk = true;
+			authMethod = "device-token";
+			if (tokenCheck.issuer?.kind === "shared-gateway-auth") deviceTokenSharedGatewaySessionGeneration = tokenCheck.issuer.generation;
+			params.rateLimiter?.reset(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+			if (params.state.sharedAuthProvided) params.rateLimiter?.reset(params.clientIp, AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET);
+		} else {
+			authResult = {
+				ok: false,
+				reason: mapDeviceTokenAuthFailureReason({
+					tokenCheckReason: tokenCheck.reason,
+					candidateSource: params.state.deviceTokenCandidateSource,
+					fallbackReason: authResult.reason
+				})
+			};
+			params.rateLimiter?.recordFailure(params.clientIp, AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN);
+		}
+	}
+	return {
+		authResult,
+		authOk,
+		authMethod,
+		deviceTokenSharedGatewaySessionGeneration
+	};
+}
+//#endregion
+//#region src/gateway/server/ws-connection/auth-messages.ts
+function formatGatewayAuthFailureMessage(params) {
+	const { authMode, authProvided, reason, client } = params;
+	const isCli = isGatewayCliClient(client);
+	const isControlUi = isOperatorUiClient(client);
+	const isWebchat = isWebchatClient(client);
+	const tokenHint = isCli ? "set gateway.remote.token to match gateway.auth.token" : isControlUi || isWebchat ? "open the dashboard URL and paste the token in Control UI settings" : "provide gateway auth token";
+	const passwordHint = isCli ? "set gateway.remote.password to match gateway.auth.password" : isControlUi || isWebchat ? "enter the password in Control UI settings" : "provide gateway auth password";
+	switch (reason) {
+		case "token_missing": return `unauthorized: gateway token missing (${tokenHint})`;
+		case "token_mismatch": return `unauthorized: gateway token mismatch (${tokenHint})`;
+		case "token_missing_config": return "unauthorized: gateway token not configured on gateway (set gateway.auth.token)";
+		case "password_missing": return `unauthorized: gateway password missing (${passwordHint})`;
+		case "password_mismatch": return `unauthorized: gateway password mismatch (${passwordHint})`;
+		case "password_missing_config": return "unauthorized: gateway password not configured on gateway (set gateway.auth.password)";
+		case "bootstrap_token_invalid": return "unauthorized: bootstrap token invalid or expired (scan a fresh setup code)";
+		case "tailscale_user_missing": return "unauthorized: tailscale identity missing (use Tailscale Serve auth or gateway token/password)";
+		case "tailscale_proxy_missing": return "unauthorized: tailscale proxy headers missing (use Tailscale Serve or gateway token/password)";
+		case "tailscale_whois_failed": return "unauthorized: tailscale identity check failed (use Tailscale Serve auth or gateway token/password)";
+		case "tailscale_user_mismatch": return "unauthorized: tailscale identity mismatch (use Tailscale Serve auth or gateway token/password)";
+		case "rate_limited": return "unauthorized: too many failed authentication attempts (retry later)";
+		case "device_token_mismatch": return "unauthorized: device token mismatch (rotate/reissue device token)";
+		case "scope_mismatch": return "unauthorized: device token scope mismatch (re-pair or approve scope upgrade)";
+		default: break;
+	}
+	if (authMode === "token" && authProvided === "none") return `unauthorized: gateway token missing (${tokenHint})`;
+	if (authMode === "token" && authProvided === "device-token") return "unauthorized: device token rejected (pair/repair this device, or provide gateway token)";
+	if (authProvided === "bootstrap-token") return "unauthorized: bootstrap token invalid or expired (scan a fresh setup code)";
+	if (authMode === "password" && authProvided === "none") return `unauthorized: gateway password missing (${passwordHint})`;
+	return "unauthorized";
+}
+//#endregion
+//#region src/gateway/server/ws-connection/connect-policy.ts
+function resolveControlUiAuthPolicy(params) {
+	const allowInsecureAuthConfigured = params.isControlUi && params.controlUiConfig?.allowInsecureAuth === true;
+	const dangerouslyDisableDeviceAuth = params.isControlUi && params.controlUiConfig?.dangerouslyDisableDeviceAuth === true;
+	return {
+		isControlUi: params.isControlUi,
+		allowInsecureAuthConfigured,
+		dangerouslyDisableDeviceAuth,
+		allowBypass: dangerouslyDisableDeviceAuth,
+		device: dangerouslyDisableDeviceAuth ? null : params.deviceRaw
+	};
+}
+function shouldSkipControlUiPairing(policy, role, _trustedProxyAuthOk = false, authMode, authMethod) {
+	if (policy.isControlUi && role === "operator" && authMethod === "tailscale" && policy.device) return true;
+	if (policy.isControlUi && role === "operator" && authMode === "none") return true;
+	return role === "operator" && policy.allowBypass;
+}
+function isTrustedProxyControlUiOperatorAuth(params) {
+	return params.isControlUi && params.role === "operator" && params.authMode === "trusted-proxy" && params.authOk && params.authMethod === "trusted-proxy";
+}
+function shouldClearUnboundScopesForMissingDeviceIdentity(params) {
+	return params.decision.kind !== "allow" || !params.controlUiAuthPolicy.allowBypass && !params.preserveInsecureLocalControlUiScopes && (params.authMethod === "token" || params.authMethod === "password" || params.authMethod === "trusted-proxy");
+}
+function evaluateMissingDeviceIdentity(params) {
+	if (params.hasDeviceIdentity) return { kind: "allow" };
+	if (params.isControlUi && params.trustedProxyAuthOk) return { kind: "allow" };
+	if (params.isControlUi && params.controlUiAuthPolicy.allowBypass && params.role === "operator") return { kind: "allow" };
+	if (params.localBackendSelfPairingOk && params.role === "operator") return { kind: "allow" };
+	if (params.isControlUi && !params.controlUiAuthPolicy.allowBypass) {
+		if (!params.controlUiAuthPolicy.allowInsecureAuthConfigured || !params.isLocalClient) return { kind: "reject-control-ui-insecure-auth" };
+	}
+	if (roleCanSkipDeviceIdentity(params.role, params.sharedAuthOk)) return { kind: "allow" };
+	if (!params.authOk && params.hasSharedAuth) return { kind: "reject-unauthorized" };
+	return { kind: "reject-device-required" };
+}
+//#endregion
+//#region src/gateway/server/ws-connection/handshake-auth-helpers.ts
+const BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP = "198.18.0.1";
+const BROWSER_ORIGIN_RATE_LIMIT_KEY_PREFIX = "browser-origin:";
+function resolveBrowserOriginRateLimitKey(requestOrigin) {
+	const trimmedOrigin = requestOrigin?.trim();
+	if (!trimmedOrigin) return BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP;
+	try {
+		return `${BROWSER_ORIGIN_RATE_LIMIT_KEY_PREFIX}${normalizeLowercaseStringOrEmpty(new URL(trimmedOrigin).origin)}`;
+	} catch {
+		return BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP;
+	}
+}
+function resolveHandshakeBrowserSecurityContext(params) {
+	const hasBrowserOriginHeader = Boolean(params.requestOrigin && params.requestOrigin.trim() !== "");
+	return {
+		hasBrowserOriginHeader,
+		enforceOriginCheckForAnyClient: hasBrowserOriginHeader,
+		rateLimitClientIp: hasBrowserOriginHeader && isLoopbackAddress(params.clientIp) ? resolveBrowserOriginRateLimitKey(params.requestOrigin) : params.clientIp,
+		authRateLimiter: hasBrowserOriginHeader && params.browserRateLimiter ? params.browserRateLimiter : params.rateLimiter
+	};
+}
+function shouldAllowSilentLocalPairing(params) {
+	if (params.locality === "remote") return false;
+	if (params.hasBrowserOriginHeader && !params.isControlUi && !params.isWebchat) return false;
+	if (params.reason === "not-paired" || params.reason === "scope-upgrade" || params.reason === "role-upgrade") return true;
+	if (params.reason === "metadata-upgrade" && !params.hasBrowserOriginHeader && !params.isControlUi && !params.isWebchat && (params.locality === "direct_local" && params.isNativeAppUi === true || params.locality === "cli_container_local" || params.locality === "shared_secret_loopback_local")) return true;
+	return false;
+}
+function isCliContainerLocalEquivalent(params) {
+	const isCliClient = params.connectParams.client.id === GATEWAY_CLIENT_IDS.CLI && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.CLI;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return isCliClient && params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && !params.hasBrowserOriginHeader && isLoopbackAddress(params.remoteAddress) && isPrivateOrLoopbackHost(resolveHostName(params.requestHost));
+}
+function isSharedSecretLoopbackLocalEquivalent(params) {
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && !params.hasBrowserOriginHeader && isLoopbackAddress(params.remoteAddress) && isPrivateOrLoopbackHost(resolveHostName(params.requestHost));
+}
+function resolveOriginHost(origin) {
+	const trimmed = origin?.trim();
+	if (!trimmed) return "";
+	try {
+		return new URL(trimmed).hostname;
+	} catch {
+		return "";
+	}
+}
+function isControlUiBrowserContainerLocalEquivalent(params) {
+	const isControlUiBrowser = params.connectParams.client.id === GATEWAY_CLIENT_IDS.CONTROL_UI && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.WEBCHAT;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	return isControlUiBrowser && params.sharedAuthOk && usesSharedSecretAuth && !params.hasProxyHeaders && params.hasBrowserOriginHeader && isPrivateOrLoopbackAddress(params.remoteAddress) && isLoopbackHost(resolveHostName(params.requestHost)) && isLoopbackHost(resolveOriginHost(params.requestOrigin));
+}
+function resolvePairingLocality(params) {
+	if (params.isLocalClient) return "direct_local";
+	if (isControlUiBrowserContainerLocalEquivalent({
+		connectParams: params.connectParams,
+		requestHost: params.requestHost,
+		requestOrigin: params.requestOrigin,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "browser_container_local";
+	if (isCliContainerLocalEquivalent({
+		connectParams: params.connectParams,
+		requestHost: params.requestHost,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "cli_container_local";
+	if (isSharedSecretLoopbackLocalEquivalent({
+		requestHost: params.requestHost,
+		remoteAddress: params.remoteAddress,
+		hasProxyHeaders: params.hasProxyHeaders,
+		hasBrowserOriginHeader: params.hasBrowserOriginHeader,
+		sharedAuthOk: params.sharedAuthOk,
+		authMethod: params.authMethod
+	})) return "shared_secret_loopback_local";
+	return "remote";
+}
+function shouldSkipLocalBackendSelfPairing(params) {
+	if (!(params.connectParams.client.id === GATEWAY_CLIENT_IDS.GATEWAY_CLIENT && params.connectParams.client.mode === GATEWAY_CLIENT_MODES.BACKEND)) return false;
+	if (!(params.locality === "direct_local" || params.locality === "shared_secret_loopback_local") || params.hasBrowserOriginHeader) return false;
+	if (params.authMethod === "none") return true;
+	const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+	const usesDeviceTokenAuth = params.authMethod === "device-token";
+	return params.sharedAuthOk && usesSharedSecretAuth || usesDeviceTokenAuth;
+}
+function resolveSignatureToken(connectParams) {
+	return connectParams.auth?.token ?? connectParams.auth?.deviceToken ?? connectParams.auth?.bootstrapToken ?? null;
+}
+function buildUnauthorizedHandshakeContext(params) {
+	return {
+		authProvided: params.authProvided,
+		canRetryWithDeviceToken: params.canRetryWithDeviceToken,
+		recommendedNextStep: params.recommendedNextStep
+	};
+}
+function resolveDeviceSignaturePayloadVersion(params) {
+	const signatureToken = resolveSignatureToken(params.connectParams);
+	const basePayload = {
+		deviceId: params.device.id,
+		clientId: params.connectParams.client.id,
+		clientMode: params.connectParams.client.mode,
+		role: params.role,
+		scopes: params.scopes,
+		signedAtMs: params.signedAtMs,
+		token: signatureToken,
+		nonce: params.nonce
+	};
+	const payloadV3 = buildDeviceAuthPayloadV3({
+		...basePayload,
+		platform: params.connectParams.client.platform,
+		deviceFamily: params.connectParams.client.deviceFamily
+	});
+	if (verifyDeviceSignature(params.device.publicKey, payloadV3, params.device.signature)) return "v3";
+	const payloadV2 = buildDeviceAuthPayload(basePayload);
+	if (verifyDeviceSignature(params.device.publicKey, payloadV2, params.device.signature)) return "v2";
+	return null;
+}
+function resolveAuthProvidedKind(connectAuth) {
+	return connectAuth?.password ? "password" : connectAuth?.token ? "token" : connectAuth?.bootstrapToken ? "bootstrap-token" : connectAuth?.deviceToken ? "device-token" : "none";
+}
+function resolveUnauthorizedHandshakeContext(params) {
+	const authProvided = resolveAuthProvidedKind(params.connectAuth);
+	const canRetryWithDeviceToken = params.failedAuth.reason === "token_mismatch" && params.hasDeviceIdentity && authProvided === "token" && !params.connectAuth?.deviceToken;
+	if (canRetryWithDeviceToken) return buildUnauthorizedHandshakeContext({
+		authProvided,
+		canRetryWithDeviceToken,
+		recommendedNextStep: "retry_with_device_token"
+	});
+	switch (params.failedAuth.reason) {
+		case "token_missing":
+		case "token_missing_config":
+		case "password_missing":
+		case "password_missing_config": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "update_auth_configuration"
+		});
+		case "token_mismatch":
+		case "password_mismatch":
+		case "device_token_mismatch": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "update_auth_credentials"
+		});
+		case "scope_mismatch": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "review_auth_configuration"
+		});
+		case "rate_limited": return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "wait_then_retry"
+		});
+		default: return buildUnauthorizedHandshakeContext({
+			authProvided,
+			canRetryWithDeviceToken,
+			recommendedNextStep: "review_auth_configuration"
+		});
+	}
+}
+//#endregion
+//#region src/gateway/server/ws-connection/unauthorized-flood-guard.ts
+const DEFAULT_CLOSE_AFTER = 10;
+const DEFAULT_LOG_EVERY = 100;
+var UnauthorizedFloodGuard = class {
+	constructor(options) {
+		this.count = 0;
+		this.suppressedSinceLastLog = 0;
+		this.closeAfter = resolveIntegerOption(options?.closeAfter, DEFAULT_CLOSE_AFTER, { min: 1 });
+		this.logEvery = resolveIntegerOption(options?.logEvery, DEFAULT_LOG_EVERY, { min: 1 });
+	}
+	registerUnauthorized() {
+		this.count += 1;
+		const shouldClose = this.count > this.closeAfter;
+		if (!(this.count === 1 || this.count % this.logEvery === 0 || shouldClose)) {
+			this.suppressedSinceLastLog += 1;
+			return {
+				shouldClose,
+				shouldLog: false,
+				count: this.count,
+				suppressedSinceLastLog: 0
+			};
+		}
+		const suppressedSinceLastLog = this.suppressedSinceLastLog;
+		this.suppressedSinceLastLog = 0;
+		return {
+			shouldClose,
+			shouldLog: true,
+			count: this.count,
+			suppressedSinceLastLog
+		};
+	}
+	reset() {
+		this.count = 0;
+		this.suppressedSinceLastLog = 0;
+	}
+};
+function isUnauthorizedRoleError(error) {
+	if (!error) return false;
+	return error.code === ErrorCodes.INVALID_REQUEST && typeof error.message === "string" && error.message.startsWith("unauthorized role:");
+}
+//#endregion
+//#region src/gateway/server/ws-connection/message-handler.ts
+const DEVICE_SIGNATURE_SKEW_MS = 120 * 1e3;
+const DEVICE_CREDENTIAL_INVALIDATING_METHODS = new Set([
+	"device.pair.remove",
+	"device.token.rotate",
+	"device.token.revoke"
+]);
+const unauthorizedHandshakeLogLimiter = new HandshakeAuthLogLimiter();
+/** Match production release versions (YYYY.M.D or YYYY.M.D-beta.N). */
+const RELEASED_VERSION_RE = /^\d{4}\.\d+\.\d+/;
+function isReleasedVersion(version) {
+	return RELEASED_VERSION_RE.test(version);
+}
+/**
+* Lazily resolve the local node host's nodeId from ~/.fengming/node.json.
+* Process-stable: only changes on `fengming node install`, which requires restart.
+*/
+let cachedLocalNodeId;
+function resolveLocalNodeId() {
+	if (cachedLocalNodeId !== void 0) return cachedLocalNodeId;
+	try {
+		const raw = fs.readFileSync(path.join(resolveStateDir(), "node.json"), "utf8");
+		const parsed = JSON.parse(raw);
+		cachedLocalNodeId = typeof parsed.nodeId === "string" ? parsed.nodeId.trim() || null : null;
+	} catch {
+		cachedLocalNodeId = null;
+	}
+	return cachedLocalNodeId;
+}
+function firstHeaderValue(value) {
+	return Array.isArray(value) ? value[0] : value;
+}
+function resolveTrustedProxyControlUiScopes(params) {
+	const rawHeader = firstHeaderValue(params.upgradeReq.headers["x-fengming-scopes"]);
+	if (rawHeader === void 0) return params.requestedScopes;
+	const declaredScopes = new Set(rawHeader.split(",").map((scope) => scope.trim()).filter((scope) => scope.length > 0));
+	if (declaredScopes.size === 0) return [];
+	return params.requestedScopes.filter((scope) => declaredScopes.has(scope));
+}
+function resolvePinnedClientMetadata(params) {
+	function normalizeLegacyNodeHostPlatformPin(value) {
+		switch (value) {
+			case "darwin":
+			case "macos": return "macos";
+			case "win32":
+			case "windows": return "windows";
+			default: return value;
+		}
+	}
+	function normalizeMobileAppPlatformPin(clientId, value) {
+		if (clientId === GATEWAY_CLIENT_IDS.IOS_APP && /^(?:ios|ipados)(?:\s|$)/.test(value)) return "ios-family";
+		if (clientId === GATEWAY_CLIENT_IDS.ANDROID_APP && /^android(?:\s|$)/.test(value)) return "android";
+		return value;
+	}
+	const claimedPlatform = normalizeDeviceMetadataForAuth(params.claimedPlatform);
+	const claimedDeviceFamily = normalizeDeviceMetadataForAuth(params.claimedDeviceFamily);
+	const pairedPlatform = normalizeDeviceMetadataForAuth(params.pairedPlatform);
+	const pairedDeviceFamily = normalizeDeviceMetadataForAuth(params.pairedDeviceFamily);
+	const hasPinnedPlatform = pairedPlatform !== "";
+	const hasPinnedDeviceFamily = pairedDeviceFamily !== "";
+	const isLegacyNodeHostPlatformPin = params.clientId === GATEWAY_CLIENT_IDS.NODE_HOST && params.clientMode === GATEWAY_CLIENT_MODES.NODE && hasPinnedPlatform && claimedPlatform !== "" && normalizeLegacyNodeHostPlatformPin(claimedPlatform) === normalizeLegacyNodeHostPlatformPin(pairedPlatform);
+	const isMobileAppPlatformVersionRefresh = hasPinnedPlatform && claimedPlatform !== "" && claimedPlatform !== pairedPlatform && normalizeMobileAppPlatformPin(params.clientId, claimedPlatform) === normalizeMobileAppPlatformPin(params.clientId, pairedPlatform);
+	const platformMismatch = hasPinnedPlatform && claimedPlatform !== pairedPlatform && !isLegacyNodeHostPlatformPin && !isMobileAppPlatformVersionRefresh;
+	const deviceFamilyMismatch = hasPinnedDeviceFamily && claimedDeviceFamily !== pairedDeviceFamily;
+	const pinnedPlatform = claimedPlatform === pairedPlatform ? params.pairedPlatform : isLegacyNodeHostPlatformPin ? normalizeLegacyNodeHostPlatformPin(pairedPlatform) : isMobileAppPlatformVersionRefresh ? params.claimedPlatform : void 0;
+	return {
+		platformMismatch,
+		deviceFamilyMismatch,
+		pinnedPlatform: hasPinnedPlatform ? pinnedPlatform : void 0,
+		pinnedDeviceFamily: hasPinnedDeviceFamily ? params.pairedDeviceFamily : void 0,
+		...isMobileAppPlatformVersionRefresh ? { refreshPairedPlatform: params.claimedPlatform } : {}
+	};
+}
+function attachGatewayWsMessageHandler(params) {
+	const { socket, upgradeReq, connId, remoteAddr, remotePort, localAddr, localPort, endpoint, forwardedFor, realIp, requestHost, requestOrigin, requestUserAgent, pluginSurfaceBaseUrl, pluginNodeCapabilities = [], connectNonce, getResolvedAuth, getRequiredSharedGatewaySessionGeneration, rateLimiter, browserRateLimiter, isStartupPending, gatewayMethods, events, extraHandlers, getMethodRegistry, buildRequestContext, refreshHealthSnapshot, send, close, isClosed, clearHandshakeTimer, getClient, setClient, setHandshakeState, setCloseCause, setLastFrameMeta, originCheckMetrics, logGateway, logHealth, logWsControl } = params;
+	const sendFrame = async (obj) => await new Promise((resolve, reject) => {
+		socket.send(JSON.stringify(obj), (err) => {
+			if (err) {
+				reject(err);
+				return;
+			}
+			resolve();
+		});
+	});
+	const configSnapshot = getRuntimeConfig();
+	const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+	const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
+	const clientIp = resolveClientIp({
+		remoteAddr,
+		forwardedFor,
+		realIp,
+		trustedProxies,
+		allowRealIpFallback
+	});
+	const peerLabel = endpoint ?? remoteAddr ?? "n/a";
+	const hasProxyHeaders = hasForwardedRequestHeaders(upgradeReq);
+	const remoteIsTrustedProxy = isTrustedProxyAddress(remoteAddr, trustedProxies);
+	const hasUntrustedProxyHeaders = hasProxyHeaders && !remoteIsTrustedProxy;
+	const hostIsLocalish = isLocalishHost(requestHost);
+	const isLocalClient = isLocalDirectRequest(upgradeReq, trustedProxies, allowRealIpFallback);
+	const reportedClientIp = isLocalClient || hasUntrustedProxyHeaders ? void 0 : clientIp && !isLoopbackAddress(clientIp) ? clientIp : void 0;
+	const reportedClientIpSource = resolveNodePairingClientIpSource({
+		reportedClientIp,
+		hasProxyHeaders,
+		remoteIsTrustedProxy,
+		remoteIsLoopback: isLoopbackAddress(remoteAddr)
+	});
+	if (hasUntrustedProxyHeaders) logWsControl.warn("Proxy headers detected from untrusted address. Connection will not be treated as local. Configure gateway.trustedProxies to restore local client detection behind your proxy.");
+	if (!hostIsLocalish && isLoopbackAddress(remoteAddr) && !hasProxyHeaders) logWsControl.warn("Loopback connection with non-local Host header. Treating it as remote. If you're behind a reverse proxy, set gateway.trustedProxies and forward X-Forwarded-For/X-Real-IP.");
+	const isWebchatConnect = (p) => isWebchatClient(p?.client);
+	const unauthorizedFloodGuard = new UnauthorizedFloodGuard();
+	let deviceCredentialMutationBarrier;
+	const { hasBrowserOriginHeader, enforceOriginCheckForAnyClient, rateLimitClientIp: browserRateLimitClientIp, authRateLimiter } = resolveHandshakeBrowserSecurityContext({
+		requestOrigin,
+		clientIp,
+		rateLimiter,
+		browserRateLimiter
+	});
+	const closeInvalidatedClient = (client, method) => {
+		if (!client.invalidated) return false;
+		const reason = client.invalidatedReason ?? "invalidated";
+		setCloseCause("client-invalidated", {
+			reason,
+			method
+		});
+		close(4001, `client invalidated: ${reason}`);
+		return true;
+	};
+	const handleMessage = async (data) => {
+		if (isClosed()) return;
+		const preauthPayloadBytes = !getClient() ? getRawDataByteLength(data) : void 0;
+		if (preauthPayloadBytes !== void 0 && preauthPayloadBytes > 65536) {
+			logRejectedLargePayload({
+				surface: "gateway.ws.preauth",
+				bytes: preauthPayloadBytes,
+				limitBytes: MAX_PREAUTH_PAYLOAD_BYTES,
+				reason: "preauth_frame_limit"
+			});
+			setHandshakeState("failed");
+			setCloseCause("preauth-payload-too-large", {
+				payloadBytes: preauthPayloadBytes,
+				limitBytes: MAX_PREAUTH_PAYLOAD_BYTES
+			});
+			close(1009, "preauth payload too large");
+			return;
+		}
+		const text = rawDataToString(data);
+		try {
+			const parsed = JSON.parse(text);
+			const frameType = parsed && typeof parsed === "object" && "type" in parsed ? typeof parsed.type === "string" ? String(parsed.type) : void 0 : void 0;
+			const frameMethod = parsed && typeof parsed === "object" && "method" in parsed ? typeof parsed.method === "string" ? String(parsed.method) : void 0 : void 0;
+			const frameId = parsed && typeof parsed === "object" && "id" in parsed ? typeof parsed.id === "string" ? String(parsed.id) : void 0 : void 0;
+			if (frameType || frameMethod || frameId) setLastFrameMeta({
+				type: frameType,
+				method: frameMethod,
+				id: frameId
+			});
+			const client = getClient();
+			if (!client) {
+				const isRequestFrame = validateRequestFrame(parsed);
+				if (!isRequestFrame || parsed.method !== "connect" || !validateConnectParams(parsed.params)) {
+					const handshakeError = isRequestFrame ? parsed.method === "connect" ? `invalid connect params: ${formatValidationErrors(validateConnectParams.errors)}` : "invalid handshake: first request must be connect" : "invalid request frame";
+					setHandshakeState("failed");
+					setCloseCause("invalid-handshake", {
+						frameType,
+						frameMethod,
+						frameId,
+						handshakeError
+					});
+					if (isRequestFrame) send({
+						type: "res",
+						id: parsed.id,
+						ok: false,
+						error: errorShape(ErrorCodes.INVALID_REQUEST, handshakeError)
+					});
+					else logWsControl.warn(`invalid handshake conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} fwd=${formatForLog(forwardedFor ?? "n/a")} origin=${formatForLog(requestOrigin ?? "n/a")} host=${formatForLog(requestHost ?? "n/a")} ua=${formatForLog(requestUserAgent ?? "n/a")}`);
+					const closeReason = truncateCloseReason(handshakeError || "invalid handshake");
+					if (isRequestFrame) queueMicrotask(() => close(1008, closeReason));
+					else close(1008, closeReason);
+					return;
+				}
+				const frame = parsed;
+				const connectParams = frame.params;
+				const resolvedAuth = getResolvedAuth();
+				const clientLabel = connectParams.client.displayName ?? connectParams.client.id;
+				const clientMeta = {
+					client: connectParams.client.id,
+					clientDisplayName: connectParams.client.displayName,
+					mode: connectParams.client.mode,
+					version: connectParams.client.version,
+					platform: connectParams.client.platform,
+					deviceFamily: connectParams.client.deviceFamily,
+					modelIdentifier: connectParams.client.modelIdentifier,
+					instanceId: connectParams.client.instanceId
+				};
+				const markHandshakeFailure = (cause, meta) => {
+					setHandshakeState("failed");
+					setCloseCause(cause, {
+						...meta,
+						...clientMeta
+					});
+				};
+				const sendHandshakeErrorResponse = (code, message, options) => {
+					send({
+						type: "res",
+						id: frame.id,
+						ok: false,
+						error: errorShape(code, message, options)
+					});
+				};
+				if (isStartupPending?.()) {
+					markHandshakeFailure(GATEWAY_STARTUP_PENDING_CLOSE_CAUSE);
+					await sendFrame({
+						type: "res",
+						id: frame.id,
+						ok: false,
+						error: errorShape(ErrorCodes.UNAVAILABLE, "gateway starting; retry shortly", {
+							retryable: true,
+							retryAfterMs: 500,
+							details: gatewayStartupUnavailableDetails()
+						})
+					}).catch(() => {});
+					queueMicrotask(() => close(GATEWAY_STARTUP_CLOSE_CODE, GATEWAY_STARTUP_CLOSE_REASON));
+					return;
+				}
+				const { minProtocol, maxProtocol } = connectParams;
+				const supportsCurrentProtocol = maxProtocol >= 4 && minProtocol <= 4;
+				const supportsProbeRestartProtocol = connectParams.client.mode === GATEWAY_CLIENT_MODES.PROBE && maxProtocol >= 4 && minProtocol <= 4;
+				if (!supportsCurrentProtocol && !supportsProbeRestartProtocol) {
+					markHandshakeFailure("protocol-mismatch", {
+						minProtocol,
+						maxProtocol,
+						expectedProtocol: 4,
+						minimumProbeProtocol: 4
+					});
+					logWsControl.warn(`protocol mismatch conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} remotePort=${remotePort ?? "?"} client=${formatForLog(clientLabel)} ${connectParams.client.mode} v${formatForLog(connectParams.client.version)} min=${minProtocol} max=${maxProtocol} expected=4 probeMin=4 instance=${formatForLog(connectParams.client.instanceId ?? "n/a")}`);
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "protocol mismatch", { details: {
+						code: ConnectErrorDetailCodes.PROTOCOL_MISMATCH,
+						clientMinProtocol: minProtocol,
+						clientMaxProtocol: maxProtocol,
+						expectedProtocol: 4,
+						minimumProbeProtocol: 4
+					} });
+					close(1002, "protocol mismatch");
+					return;
+				}
+				const roleRaw = connectParams.role ?? "operator";
+				const role = parseGatewayRole(roleRaw);
+				if (!role) {
+					markHandshakeFailure("invalid-role", { role: roleRaw });
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "invalid role");
+					close(1008, "invalid role");
+					return;
+				}
+				let scopes = Array.isArray(connectParams.scopes) ? connectParams.scopes : [];
+				connectParams.role = role;
+				connectParams.scopes = scopes;
+				const isControlUi = isOperatorUiClient(connectParams.client);
+				const isBrowserOperatorUi = isBrowserOperatorUiClient(connectParams.client);
+				const isWebchat = isWebchatConnect(connectParams);
+				const isNativeAppUi = connectParams.client.mode === GATEWAY_CLIENT_MODES.UI && (connectParams.client.id === GATEWAY_CLIENT_IDS.MACOS_APP || connectParams.client.id === GATEWAY_CLIENT_IDS.IOS_APP || connectParams.client.id === GATEWAY_CLIENT_IDS.ANDROID_APP);
+				if (enforceOriginCheckForAnyClient || isBrowserOperatorUi || isWebchat) {
+					const hostHeaderOriginFallbackEnabled = configSnapshot.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true;
+					const originCheck = checkBrowserOrigin({
+						requestHost,
+						origin: requestOrigin,
+						allowedOrigins: configSnapshot.gateway?.controlUi?.allowedOrigins,
+						allowHostHeaderOriginFallback: hostHeaderOriginFallbackEnabled,
+						isLocalClient
+					});
+					if (!originCheck.ok) {
+						const errorMessage = "origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)";
+						markHandshakeFailure("origin-mismatch", {
+							origin: requestOrigin ?? "n/a",
+							host: requestHost ?? "n/a",
+							reason: originCheck.reason
+						});
+						sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage, { details: {
+							code: ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+							reason: originCheck.reason
+						} });
+						close(1008, truncateCloseReason(errorMessage));
+						return;
+					}
+					if (originCheck.matchedBy === "host-header-fallback") {
+						originCheckMetrics.hostHeaderFallbackAccepted += 1;
+						logWsControl.warn(`security warning: websocket origin accepted via Host-header fallback conn=${connId} count=${originCheckMetrics.hostHeaderFallbackAccepted} host=${requestHost ?? "n/a"} origin=${requestOrigin ?? "n/a"}`);
+						if (hostHeaderOriginFallbackEnabled) logGateway.warn("security metric: gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback accepted a websocket connect request");
+					}
+				}
+				const deviceRaw = connectParams.device;
+				let devicePublicKey = null;
+				let deviceAuthPayloadVersion = null;
+				const hasTokenAuth = Boolean(connectParams.auth?.token);
+				const hasPasswordAuth = Boolean(connectParams.auth?.password);
+				const hasSharedAuth = hasTokenAuth || hasPasswordAuth;
+				const controlUiAuthPolicy = resolveControlUiAuthPolicy({
+					isControlUi,
+					controlUiConfig: configSnapshot.gateway?.controlUi,
+					deviceRaw
+				});
+				const device = controlUiAuthPolicy.device;
+				let { authResult, authOk, authMethod, sharedAuthOk, bootstrapTokenCandidate, deviceTokenCandidate, deviceTokenCandidateSource } = await resolveConnectAuthState({
+					resolvedAuth,
+					connectAuth: connectParams.auth,
+					hasDeviceIdentity: Boolean(device),
+					req: upgradeReq,
+					trustedProxies,
+					allowRealIpFallback,
+					rateLimiter: authRateLimiter,
+					clientIp: browserRateLimitClientIp
+				});
+				const rejectUnauthorized = (failedAuth) => {
+					const { authProvided, canRetryWithDeviceToken, recommendedNextStep } = resolveUnauthorizedHandshakeContext({
+						connectAuth: connectParams.auth,
+						failedAuth,
+						hasDeviceIdentity: Boolean(device)
+					});
+					markHandshakeFailure("unauthorized", {
+						authMode: resolvedAuth.mode,
+						authProvided,
+						authReason: failedAuth.reason,
+						allowTailscale: resolvedAuth.allowTailscale,
+						peer: peerLabel,
+						remoteAddr,
+						remotePort,
+						localAddr,
+						localPort,
+						role,
+						scopeCount: scopes.length,
+						hasDeviceIdentity: Boolean(device)
+					});
+					const authLogDecision = shouldLimitMissingCredentialAuthLog({
+						reason: failedAuth.reason,
+						authProvided
+					}) ? unauthorizedHandshakeLogLimiter.register(buildHandshakeAuthLogKey({
+						reason: failedAuth.reason,
+						remoteAddr,
+						client: clientLabel,
+						mode: connectParams.client.mode,
+						authProvided
+					})) : {
+						shouldLog: true,
+						suppressedSinceLastLog: 0
+					};
+					if (authLogDecision.shouldLog) {
+						const suppressedText = authLogDecision.suppressedSinceLastLog > 0 ? ` suppressed=${authLogDecision.suppressedSinceLastLog}` : "";
+						logWsControl.warn(`unauthorized conn=${connId} peer=${formatForLog(peerLabel)} remote=${remoteAddr ?? "?"} client=${formatForLog(clientLabel)} ${connectParams.client.mode} v${formatForLog(connectParams.client.version)} role=${role} scopes=${scopes.length} auth=${authProvided} device=${device ? "yes" : "no"} platform=${formatForLog(connectParams.client.platform)} instance=${formatForLog(connectParams.client.instanceId ?? "n/a")} host=${formatForLog(requestHost ?? "n/a")} origin=${formatForLog(requestOrigin ?? "n/a")} ua=${formatForLog(requestUserAgent ?? "n/a")} reason=${failedAuth.reason ?? "unknown"}${suppressedText}`);
+					}
+					const authMessage = formatGatewayAuthFailureMessage({
+						authMode: resolvedAuth.mode,
+						authProvided,
+						reason: failedAuth.reason,
+						client: connectParams.client
+					});
+					sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, authMessage, { details: {
+						code: resolveAuthConnectErrorDetailCode(failedAuth.reason),
+						authReason: failedAuth.reason,
+						canRetryWithDeviceToken,
+						recommendedNextStep
+					} });
+					close(1008, truncateCloseReason(authMessage));
+				};
+				const clearUnboundScopes = () => {
+					if (scopes.length > 0) {
+						scopes = [];
+						connectParams.scopes = scopes;
+					}
+				};
+				let pairingLocality = resolvePairingLocality({
+					connectParams,
+					isLocalClient,
+					requestHost,
+					requestOrigin,
+					remoteAddress: remoteAddr,
+					hasProxyHeaders,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				let skipLocalBackendSelfPairing = shouldSkipLocalBackendSelfPairing({
+					connectParams,
+					locality: pairingLocality,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				const handleMissingDeviceIdentity = () => {
+					const trustedProxyAuthOk = isTrustedProxyControlUiOperatorAuth({
+						isControlUi,
+						role,
+						authMode: resolvedAuth.mode,
+						authOk,
+						authMethod
+					});
+					const preserveInsecureLocalControlUiScopes = isControlUi && controlUiAuthPolicy.allowInsecureAuthConfigured && isLocalClient && (authMethod === "token" || authMethod === "password");
+					const decision = evaluateMissingDeviceIdentity({
+						hasDeviceIdentity: Boolean(device),
+						role,
+						isControlUi,
+						controlUiAuthPolicy,
+						trustedProxyAuthOk,
+						localBackendSelfPairingOk: skipLocalBackendSelfPairing,
+						sharedAuthOk,
+						authOk,
+						hasSharedAuth,
+						isLocalClient
+					});
+					if (!device && !skipLocalBackendSelfPairing && shouldClearUnboundScopesForMissingDeviceIdentity({
+						decision,
+						controlUiAuthPolicy,
+						preserveInsecureLocalControlUiScopes,
+						authMethod,
+						trustedProxyAuthOk
+					})) clearUnboundScopes();
+					if (authMethod === "none" && isLocalClient && scopes.length === 0) {
+						scopes = ["operator.admin"];
+						connectParams.scopes = scopes;
+					}
+					if (decision.kind === "allow") return true;
+					if (decision.kind === "reject-control-ui-insecure-auth") {
+						const errorMessage = "control ui requires device identity (use HTTPS or localhost secure context)";
+						markHandshakeFailure("control-ui-insecure-auth", { insecureAuthConfigured: controlUiAuthPolicy.allowInsecureAuthConfigured });
+						sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage, { details: { code: ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED } });
+						close(1008, errorMessage);
+						return false;
+					}
+					if (decision.kind === "reject-unauthorized") {
+						rejectUnauthorized(authResult);
+						return false;
+					}
+					markHandshakeFailure("device-required");
+					sendHandshakeErrorResponse(ErrorCodes.NOT_PAIRED, "device identity required", { details: { code: ConnectErrorDetailCodes.DEVICE_IDENTITY_REQUIRED } });
+					close(1008, "device identity required");
+					return false;
+				};
+				if (!handleMissingDeviceIdentity()) return;
+				if (device) {
+					const rejectDeviceAuthInvalid = (reason, message) => {
+						setHandshakeState("failed");
+						setCloseCause("device-auth-invalid", {
+							reason,
+							client: connectParams.client.id,
+							deviceId: device.id
+						});
+						send({
+							type: "res",
+							id: frame.id,
+							ok: false,
+							error: errorShape(ErrorCodes.INVALID_REQUEST, message, { details: {
+								code: resolveDeviceAuthConnectErrorDetailCode(reason),
+								reason
+							} })
+						});
+						close(1008, message);
+					};
+					const derivedId = deriveDeviceIdFromPublicKey(device.publicKey);
+					if (!derivedId || derivedId !== device.id) {
+						rejectDeviceAuthInvalid("device-id-mismatch", "device identity mismatch");
+						return;
+					}
+					const signedAt = device.signedAt;
+					if (typeof signedAt !== "number" || Math.abs(Date.now() - signedAt) > DEVICE_SIGNATURE_SKEW_MS) {
+						rejectDeviceAuthInvalid("device-signature-stale", "device signature expired");
+						return;
+					}
+					const providedNonce = typeof device.nonce === "string" ? device.nonce.trim() : "";
+					if (!providedNonce) {
+						rejectDeviceAuthInvalid("device-nonce-missing", "device nonce required");
+						return;
+					}
+					if (providedNonce !== connectNonce) {
+						rejectDeviceAuthInvalid("device-nonce-mismatch", "device nonce mismatch");
+						return;
+					}
+					const rejectDeviceSignatureInvalid = () => rejectDeviceAuthInvalid("device-signature", "device signature invalid");
+					const payloadVersion = resolveDeviceSignaturePayloadVersion({
+						device,
+						connectParams,
+						role,
+						scopes,
+						signedAtMs: signedAt,
+						nonce: providedNonce
+					});
+					if (!payloadVersion) {
+						rejectDeviceSignatureInvalid();
+						return;
+					}
+					deviceAuthPayloadVersion = payloadVersion;
+					devicePublicKey = normalizeDevicePublicKeyBase64Url(device.publicKey);
+					if (!devicePublicKey) {
+						rejectDeviceAuthInvalid("device-public-key", "device public key invalid");
+						return;
+					}
+				}
+				const authDecision = await resolveConnectAuthDecision({
+					state: {
+						authResult,
+						authOk,
+						authMethod,
+						sharedAuthOk,
+						sharedAuthProvided: hasSharedAuth,
+						bootstrapTokenCandidate,
+						deviceTokenCandidate,
+						deviceTokenCandidateSource
+					},
+					hasDeviceIdentity: Boolean(device),
+					deviceId: device?.id,
+					publicKey: device?.publicKey,
+					role,
+					scopes,
+					rateLimiter: authRateLimiter,
+					clientIp: browserRateLimitClientIp,
+					verifyBootstrapToken: async ({ deviceId, publicKey, token, role, scopes }) => await verifyDeviceBootstrapToken({
+						deviceId,
+						publicKey,
+						token,
+						role,
+						scopes
+					}),
+					verifyDeviceToken: async (params) => await verifyDeviceToken({
+						...params,
+						requiredSharedGatewaySessionGeneration: getRequiredSharedGatewaySessionGeneration?.()
+					})
+				});
+				({authResult, authOk, authMethod} = authDecision);
+				const deviceTokenSharedGatewaySessionGeneration = authDecision.deviceTokenSharedGatewaySessionGeneration;
+				pairingLocality = resolvePairingLocality({
+					connectParams,
+					isLocalClient,
+					requestHost,
+					requestOrigin,
+					remoteAddress: remoteAddr,
+					hasProxyHeaders,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				skipLocalBackendSelfPairing = shouldSkipLocalBackendSelfPairing({
+					connectParams,
+					locality: pairingLocality,
+					hasBrowserOriginHeader,
+					sharedAuthOk,
+					authMethod
+				});
+				if (!authOk) {
+					rejectUnauthorized(authResult);
+					return;
+				}
+				const usesSharedGatewayAuth = authMethod === "token" || authMethod === "password" || authMethod === "trusted-proxy";
+				const sharedGatewaySessionGeneration = usesSharedGatewayAuth ? resolveSharedGatewaySessionGeneration(resolvedAuth, trustedProxies) : void 0;
+				const sessionUsesSharedGatewayAuth = usesSharedGatewayAuth || deviceTokenSharedGatewaySessionGeneration !== void 0;
+				const sessionSharedGatewaySessionGeneration = sharedGatewaySessionGeneration ?? deviceTokenSharedGatewaySessionGeneration;
+				if (sessionUsesSharedGatewayAuth) {
+					const requiredSharedGatewaySessionGeneration = getRequiredSharedGatewaySessionGeneration?.();
+					if (requiredSharedGatewaySessionGeneration !== void 0 && sessionSharedGatewaySessionGeneration !== requiredSharedGatewaySessionGeneration) {
+						setCloseCause("gateway-auth-rotated", { authGenerationStale: true });
+						close(4001, "gateway auth changed");
+						return;
+					}
+				}
+				const issuedBootstrapProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate ? await getDeviceBootstrapTokenProfile({ token: bootstrapTokenCandidate }) : null;
+				let handoffBootstrapProfile = null;
+				const trustedProxyAuthOk = isTrustedProxyControlUiOperatorAuth({
+					isControlUi,
+					role,
+					authMode: resolvedAuth.mode,
+					authOk,
+					authMethod
+				});
+				if (trustedProxyAuthOk) {
+					scopes = resolveTrustedProxyControlUiScopes({
+						requestedScopes: scopes,
+						upgradeReq
+					});
+					connectParams.scopes = scopes;
+				}
+				const skipControlUiPairingForDevice = shouldSkipControlUiPairing(controlUiAuthPolicy, role, trustedProxyAuthOk, resolvedAuth.mode, authMethod);
+				let hasServerApprovedDeviceTokenBaseline = false;
+				if (device && devicePublicKey) {
+					const formatAuditList = (items) => {
+						if (!items || items.length === 0) return "<none>";
+						const out = /* @__PURE__ */ new Set();
+						for (const item of items) {
+							const trimmed = item.trim();
+							if (trimmed) out.add(trimmed);
+						}
+						if (out.size === 0) return "<none>";
+						return [...out].toSorted().join(",");
+					};
+					const logUpgradeAudit = (reason, currentRoles, currentScopes) => {
+						logGateway.warn(`security audit: device access upgrade requested reason=${reason} device=${device.id} ip=${reportedClientIp ?? "unknown-ip"} auth=${authMethod} roleFrom=${formatAuditList(currentRoles)} roleTo=${role} scopesFrom=${formatAuditList(currentScopes)} scopesTo=${formatAuditList(scopes)} client=${connectParams.client.id} conn=${connId}`);
+					};
+					const clientPairingMetadata = {
+						displayName: connectParams.client.displayName,
+						platform: connectParams.client.platform,
+						deviceFamily: connectParams.client.deviceFamily,
+						clientId: connectParams.client.id,
+						clientMode: connectParams.client.mode,
+						role,
+						scopes,
+						remoteIp: reportedClientIp
+					};
+					const clientAccessMetadata = {
+						displayName: connectParams.client.displayName,
+						remoteIp: reportedClientIp
+					};
+					const requirePairing = async (reason, existingPairedDevice = null) => {
+						const pairingStateAllowsRequestedAccess = (pairedCandidate) => {
+							if (!pairedCandidate || pairedCandidate.publicKey !== devicePublicKey) return false;
+							if (!hasEffectivePairedDeviceRole(pairedCandidate, role)) return false;
+							if (scopes.length === 0) return true;
+							const pairedScopes = Array.isArray(pairedCandidate.approvedScopes) ? pairedCandidate.approvedScopes : Array.isArray(pairedCandidate.scopes) ? pairedCandidate.scopes : [];
+							if (pairedScopes.length === 0) return false;
+							return roleScopesAllow({
+								role,
+								requestedScopes: scopes,
+								allowedScopes: pairedScopes
+							});
+						};
+						const allowSilentLocalPairing = !(existingPairedDevice && role !== "operator") && shouldAllowSilentLocalPairing({
+							locality: pairingLocality,
+							hasBrowserOriginHeader,
+							isControlUi,
+							isWebchat,
+							isNativeAppUi,
+							reason
+						});
+						const allowSilentTrustedCidrsNodePairing = shouldAutoApproveNodePairingFromTrustedCidrs({
+							existingPairedDevice: Boolean(existingPairedDevice),
+							role,
+							reason,
+							scopes,
+							hasBrowserOriginHeader,
+							isControlUi,
+							isWebchat,
+							reportedClientIpSource,
+							reportedClientIp,
+							autoApproveCidrs: configSnapshot.gateway?.nodes?.pairing?.autoApproveCidrs
+						});
+						const boundBootstrapProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate && reason === "not-paired" && role === "node" && scopes.length === 0 && !existingPairedDevice && !isControlUi && !isBrowserOperatorUi && !isWebchat && connectParams.client.mode === GATEWAY_CLIENT_MODES.NODE ? await getBoundDeviceBootstrapProfile({
+							token: bootstrapTokenCandidate,
+							deviceId: device.id,
+							publicKey: devicePublicKey
+						}) : null;
+						const allowSilentBootstrapPairing = boundBootstrapProfile !== null && isPairingSetupBootstrapProfile(boundBootstrapProfile);
+						const bootstrapPairingRoles = allowSilentBootstrapPairing ? uniqueStrings([role, ...boundBootstrapProfile.roles]) : void 0;
+						const bootstrapPairingScopes = allowSilentBootstrapPairing && bootstrapPairingRoles ? resolveBootstrapProfileScopesForRoles(bootstrapPairingRoles, boundBootstrapProfile.scopes) : void 0;
+						const pairing = await requestDevicePairing({
+							deviceId: device.id,
+							publicKey: devicePublicKey,
+							...clientPairingMetadata,
+							...bootstrapPairingRoles ? {
+								roles: bootstrapPairingRoles,
+								scopes: bootstrapPairingScopes ?? []
+							} : {},
+							silent: reason === "scope-upgrade" ? false : allowSilentLocalPairing || allowSilentTrustedCidrsNodePairing || allowSilentBootstrapPairing
+						});
+						const context = buildRequestContext();
+						let approved;
+						let resolvedByConcurrentApproval = false;
+						let recoveryRequestId = pairing.request.requestId;
+						const resolveLivePendingRequestId = async () => {
+							const pendingList = await listDevicePairing();
+							const exactPending = pendingList.pending.find((pending) => pending.requestId === pairing.request.requestId);
+							if (exactPending) return exactPending.requestId;
+							return pendingList.pending.find((pending) => pending.deviceId === device.id && pending.publicKey === devicePublicKey)?.requestId;
+						};
+						if (pairing.request.silent === true) {
+							approved = allowSilentBootstrapPairing && boundBootstrapProfile ? await approveBootstrapDevicePairing(pairing.request.requestId, boundBootstrapProfile) : await approveDevicePairing(pairing.request.requestId, { callerScopes: scopes });
+							if (approved?.status === "approved") {
+								if (allowSilentBootstrapPairing && boundBootstrapProfile) handoffBootstrapProfile = boundBootstrapProfile;
+								logGateway.info(`device pairing auto-approved device=${approved.device.deviceId} role=${approved.device.role ?? "unknown"}`);
+								context.broadcast("device.pair.resolved", {
+									requestId: pairing.request.requestId,
+									deviceId: approved.device.deviceId,
+									decision: "approved",
+									ts: Date.now()
+								}, { dropIfSlow: true });
+							} else {
+								resolvedByConcurrentApproval = pairingStateAllowsRequestedAccess(await getPairedDevice(device.id));
+								let requestStillPending = false;
+								if (!resolvedByConcurrentApproval) {
+									recoveryRequestId = await resolveLivePendingRequestId();
+									requestStillPending = recoveryRequestId === pairing.request.requestId;
+								}
+								if (requestStillPending) context.broadcast("device.pair.requested", pairing.request, { dropIfSlow: true });
+							}
+						} else if (pairing.created) context.broadcast("device.pair.requested", pairing.request, { dropIfSlow: true });
+						recoveryRequestId = await resolveLivePendingRequestId();
+						if (!(pairing.request.silent === true && (approved?.status === "approved" || resolvedByConcurrentApproval))) {
+							const exposeApprovedAccess = existingPairedDevice?.publicKey === devicePublicKey;
+							const approvedRoles = exposeApprovedAccess ? listApprovedPairedDeviceRoles(existingPairedDevice) : [];
+							const approvedScopes = exposeApprovedAccess ? Array.isArray(existingPairedDevice.approvedScopes) ? existingPairedDevice.approvedScopes : Array.isArray(existingPairedDevice.scopes) ? existingPairedDevice.scopes : [] : [];
+							const retryAfterBootstrapPairingApproval = authMethod === "bootstrap-token" && reason === "not-paired" && role === "node" && scopes.length === 0 && !existingPairedDevice;
+							const pairingErrorDetails = buildPairingConnectErrorDetails({
+								reason,
+								requestId: recoveryRequestId,
+								...retryAfterBootstrapPairingApproval ? {
+									recommendedNextStep: "wait_then_retry",
+									retryable: true,
+									pauseReconnect: false
+								} : {},
+								deviceId: device.id,
+								requestedRole: role,
+								requestedScopes: scopes,
+								...approvedRoles.length > 0 ? { approvedRoles } : {},
+								...approvedScopes.length > 0 ? { approvedScopes } : {}
+							});
+							const pairingErrorMessage = buildPairingConnectErrorMessage(reason);
+							setHandshakeState("failed");
+							setCloseCause("pairing-required", {
+								deviceId: device.id,
+								...recoveryRequestId ? { requestId: recoveryRequestId } : {},
+								reason
+							});
+							send({
+								type: "res",
+								id: frame.id,
+								ok: false,
+								error: errorShape(ErrorCodes.NOT_PAIRED, pairingErrorMessage, { details: pairingErrorDetails })
+							});
+							close(1008, truncateCloseReason(buildPairingConnectCloseReason({
+								reason,
+								requestId: recoveryRequestId
+							})));
+							return false;
+						}
+						return true;
+					};
+					const paired = await getPairedDevice(device.id);
+					if (!(paired?.publicKey === devicePublicKey)) {
+						if (!(skipLocalBackendSelfPairing || skipControlUiPairingForDevice)) {
+							if (!await requirePairing("not-paired", paired)) return;
+							hasServerApprovedDeviceTokenBaseline = true;
+						} else if (skipControlUiPairingForDevice || skipLocalBackendSelfPairing && authMethod !== "device-token") hasServerApprovedDeviceTokenBaseline = true;
+					} else {
+						hasServerApprovedDeviceTokenBaseline = true;
+						const claimedPlatform = connectParams.client.platform;
+						const pairedPlatform = paired.platform;
+						const claimedDeviceFamily = connectParams.client.deviceFamily;
+						const pairedDeviceFamily = paired.deviceFamily;
+						const metadataPinning = resolvePinnedClientMetadata({
+							clientId: connectParams.client.id,
+							clientMode: connectParams.client.mode,
+							claimedPlatform,
+							claimedDeviceFamily,
+							pairedPlatform,
+							pairedDeviceFamily
+						});
+						const { platformMismatch, deviceFamilyMismatch } = metadataPinning;
+						if (platformMismatch || deviceFamilyMismatch) {
+							if (!shouldAllowSilentLocalPairing({
+								locality: pairingLocality,
+								hasBrowserOriginHeader,
+								isControlUi,
+								isWebchat,
+								isNativeAppUi,
+								reason: "metadata-upgrade"
+							})) logGateway.warn(`security audit: device metadata upgrade requested reason=metadata-upgrade device=${device.id} ip=${reportedClientIp ?? "unknown-ip"} auth=${authMethod} payload=${deviceAuthPayloadVersion ?? "unknown"} claimedPlatform=${claimedPlatform ?? "<none>"} pinnedPlatform=${pairedPlatform ?? "<none>"} claimedDeviceFamily=${claimedDeviceFamily ?? "<none>"} pinnedDeviceFamily=${pairedDeviceFamily ?? "<none>"} client=${connectParams.client.id} conn=${connId}`);
+							if (!await requirePairing("metadata-upgrade", paired)) return;
+						} else {
+							if (metadataPinning.pinnedPlatform) connectParams.client.platform = metadataPinning.pinnedPlatform;
+							if (metadataPinning.pinnedDeviceFamily) connectParams.client.deviceFamily = metadataPinning.pinnedDeviceFamily;
+						}
+						const pairedRoles = listEffectivePairedDeviceRoles(paired);
+						const pairedScopes = Array.isArray(paired.approvedScopes) ? paired.approvedScopes : Array.isArray(paired.scopes) ? paired.scopes : [];
+						const allowedRoles = new Set(pairedRoles);
+						if (allowedRoles.size === 0) {
+							logUpgradeAudit("role-upgrade", pairedRoles, pairedScopes);
+							if (!await requirePairing("role-upgrade", paired)) return;
+						} else if (!allowedRoles.has(role)) {
+							logUpgradeAudit("role-upgrade", pairedRoles, pairedScopes);
+							if (!await requirePairing("role-upgrade", paired)) return;
+						}
+						if (scopes.length > 0) {
+							if (pairedScopes.length === 0) {
+								logUpgradeAudit("scope-upgrade", pairedRoles, pairedScopes);
+								if (!await requirePairing("scope-upgrade", paired)) return;
+							} else if (!roleScopesAllow({
+								role,
+								requestedScopes: scopes,
+								allowedScopes: pairedScopes
+							})) {
+								logUpgradeAudit("scope-upgrade", pairedRoles, pairedScopes);
+								if (!await requirePairing("scope-upgrade", paired)) return;
+							}
+						}
+						const retryBootstrapHandoffProfile = authMethod === "bootstrap-token" && bootstrapTokenCandidate && role === "node" && scopes.length === 0 && !isControlUi && !isBrowserOperatorUi && !isWebchat && connectParams.client.mode === GATEWAY_CLIENT_MODES.NODE && pairedRoles.includes("operator") ? await getBoundDeviceBootstrapProfile({
+							token: bootstrapTokenCandidate,
+							deviceId: device.id,
+							publicKey: devicePublicKey
+						}) : null;
+						if (retryBootstrapHandoffProfile) {
+							const retryBootstrapOperatorScopes = resolveBootstrapProfileScopesForRole("operator", retryBootstrapHandoffProfile.scopes);
+							if (isPairingSetupBootstrapProfile(retryBootstrapHandoffProfile) && roleScopesAllow({
+								role: "operator",
+								requestedScopes: retryBootstrapOperatorScopes,
+								allowedScopes: pairedScopes
+							})) handoffBootstrapProfile = retryBootstrapHandoffProfile;
+						}
+						await updatePairedDeviceMetadata(device.id, {
+							...clientAccessMetadata,
+							...metadataPinning.refreshPairedPlatform ? { platform: metadataPinning.refreshPairedPlatform } : {}
+						});
+					}
+				}
+				const shouldIssueDeviceToken = !trustedProxyAuthOk;
+				const sharedGatewayAuthIssuer = sessionSharedGatewaySessionGeneration && (deviceTokenSharedGatewaySessionGeneration !== void 0 || usesSharedGatewayAuth && (isBrowserOperatorUi || isWebchat)) ? {
+					kind: "shared-gateway-auth",
+					generation: sessionSharedGatewaySessionGeneration
+				} : void 0;
+				const deviceToken = shouldIssueDeviceToken && device && hasServerApprovedDeviceTokenBaseline ? await ensureDeviceToken({
+					deviceId: device.id,
+					role,
+					scopes,
+					issuer: sharedGatewayAuthIssuer
+				}) : null;
+				const bootstrapDeviceTokens = [];
+				if (deviceToken) bootstrapDeviceTokens.push({
+					deviceToken: deviceToken.token,
+					role: deviceToken.role,
+					scopes: deviceToken.scopes,
+					issuedAtMs: deviceToken.rotatedAtMs ?? deviceToken.createdAtMs
+				});
+				const approvedHandoffBootstrapProfile = handoffBootstrapProfile;
+				if (device && approvedHandoffBootstrapProfile) for (const bootstrapRole of approvedHandoffBootstrapProfile.roles) {
+					if (bootstrapDeviceTokens.some((entry) => entry.role === bootstrapRole)) continue;
+					const bootstrapRoleScopes = bootstrapRole === "operator" ? resolveBootstrapProfileScopesForRole(bootstrapRole, approvedHandoffBootstrapProfile.scopes) : [];
+					const extraToken = await ensureDeviceToken({
+						deviceId: device.id,
+						role: bootstrapRole,
+						scopes: bootstrapRoleScopes
+					});
+					if (!extraToken) continue;
+					bootstrapDeviceTokens.push({
+						deviceToken: extraToken.token,
+						role: extraToken.role,
+						scopes: extraToken.scopes,
+						issuedAtMs: extraToken.rotatedAtMs ?? extraToken.createdAtMs
+					});
+				}
+				if (role === "node") {
+					const reconciliation = await reconcileNodePairingOnConnect({
+						cfg: getRuntimeConfig(),
+						connectParams,
+						pairedNode: await getPairedNode(connectParams.device?.id ?? connectParams.client.id),
+						reportedClientIp,
+						requestPairing: async (input) => await requestNodePairing(input)
+					});
+					if (reconciliation.pendingPairing?.created) {
+						const requestContext = buildRequestContext();
+						const resolvedAt = Date.now();
+						for (const superseded of reconciliation.pendingPairing.superseded ?? []) requestContext.broadcast("node.pair.resolved", {
+							requestId: superseded.requestId,
+							nodeId: superseded.nodeId,
+							decision: "rejected",
+							ts: resolvedAt
+						}, { dropIfSlow: true });
+						requestContext.broadcast("node.pair.requested", reconciliation.pendingPairing.request, { dropIfSlow: true });
+					}
+					const nodeConnectParams = connectParams;
+					nodeConnectParams.declaredCaps = reconciliation.declaredCaps;
+					nodeConnectParams.declaredCommands = reconciliation.declaredCommands;
+					nodeConnectParams.declaredPermissions = reconciliation.declaredPermissions;
+					connectParams.caps = reconciliation.effectiveCaps;
+					connectParams.commands = reconciliation.effectiveCommands;
+					connectParams.permissions = reconciliation.effectivePermissions;
+				}
+				const shouldTrackPresence = !isGatewayCliClient(connectParams.client);
+				const clientId = connectParams.client.id;
+				const instanceId = connectParams.client.instanceId;
+				const presenceKey = shouldTrackPresence ? device?.id ?? instanceId ?? connId : void 0;
+				if (isClosed()) {
+					setCloseCause("connect-aborted-before-register", {
+						...clientMeta,
+						auth: authMethod
+					});
+					return;
+				}
+				const pluginSurfaceUrls = {};
+				const pluginNodeCapabilitySurfaces = indexPluginNodeCapabilitySurfaces(pluginNodeCapabilities);
+				const pendingPluginNodeCapabilities = [];
+				if (pluginSurfaceBaseUrl) for (const pluginCapabilitySurface of Object.values(pluginNodeCapabilitySurfaces)) {
+					const capability = mintPluginNodeCapabilityToken();
+					const expiresAtMs = Date.now() + resolvePluginNodeCapabilityTtlMs(pluginCapabilitySurface);
+					const scopedUrl = buildPluginNodeCapabilityScopedHostUrl(pluginSurfaceBaseUrl, capability) ?? pluginSurfaceBaseUrl;
+					pluginSurfaceUrls[pluginCapabilitySurface.surface] = scopedUrl;
+					pendingPluginNodeCapabilities.push({
+						surface: pluginCapabilitySurface,
+						capability,
+						expiresAtMs
+					});
+				}
+				const isTrustedApprovalRuntime = scopes.includes("operator.approvals") && connectParams.client.id === GATEWAY_CLIENT_IDS.GATEWAY_CLIENT && connectParams.client.mode === GATEWAY_CLIENT_MODES.BACKEND && isOperatorApprovalRuntimeToken(connectParams.auth?.approvalRuntimeToken);
+				clearHandshakeTimer();
+				const nextClient = {
+					socket,
+					connect: connectParams,
+					connId,
+					isDeviceTokenAuth: authMethod === "device-token",
+					usesSharedGatewayAuth: sessionUsesSharedGatewayAuth,
+					sharedGatewaySessionGeneration: sessionSharedGatewaySessionGeneration,
+					presenceKey,
+					clientIp: reportedClientIp,
+					...isTrustedApprovalRuntime ? { internal: { approvalRuntime: true } } : {},
+					...Object.keys(pluginSurfaceUrls).length > 0 ? { pluginSurfaceUrls } : {},
+					...Object.keys(pluginNodeCapabilitySurfaces).length > 0 ? { pluginNodeCapabilitySurfaces } : {}
+				};
+				for (const entry of pendingPluginNodeCapabilities) setClientPluginNodeCapability({
+					client: nextClient,
+					surface: entry.surface,
+					capability: entry.capability,
+					expiresAtMs: entry.expiresAtMs
+				});
+				setSocketMaxPayload(socket, MAX_PAYLOAD_BYTES);
+				if (role === "node" && isLocalClient) {
+					const localNodeId = resolveLocalNodeId();
+					const clientInstanceId = connectParams.client.instanceId?.trim();
+					if (localNodeId && clientInstanceId && clientInstanceId === localNodeId) {
+						const gatewayVersion = resolveRuntimeServiceVersion(process.env);
+						const clientVersion = connectParams.client.version;
+						if (clientVersion && gatewayVersion && clientVersion !== gatewayVersion && isReleasedVersion(gatewayVersion) && isReleasedVersion(clientVersion)) {
+							logWsControl.info(`node version mismatch conn=${connId} client=${formatForLog(clientLabel)} clientVersion=${formatForLog(clientVersion)} gatewayVersion=${gatewayVersion}; closing for supervisor restart`);
+							sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "client version mismatch", { details: {
+								code: ConnectErrorDetailCodes.CLIENT_VERSION_MISMATCH,
+								clientVersion,
+								gatewayVersion
+							} });
+							close(1008, "client version mismatch");
+							return;
+						}
+					}
+				}
+				if (!setClient(nextClient)) {
+					setCloseCause("connect-aborted-before-register", {
+						...clientMeta,
+						auth: authMethod
+					});
+					return;
+				}
+				setHandshakeState("connected");
+				logWs("in", "connect", {
+					connId,
+					client: connectParams.client.id,
+					clientDisplayName: connectParams.client.displayName,
+					version: connectParams.client.version,
+					mode: connectParams.client.mode,
+					clientId,
+					platform: connectParams.client.platform,
+					auth: authMethod
+				});
+				if (isWebchatConnect(connectParams)) logWsControl.info(`webchat connected conn=${connId} remote=${remoteAddr ?? "?"} client=${clientLabel} ${connectParams.client.mode} v${connectParams.client.version}`);
+				if (presenceKey) {
+					upsertPresence(presenceKey, {
+						host: connectParams.client.displayName ?? connectParams.client.id ?? os.hostname(),
+						ip: isLocalClient ? void 0 : reportedClientIp,
+						version: connectParams.client.version,
+						platform: connectParams.client.platform,
+						deviceFamily: connectParams.client.deviceFamily,
+						modelIdentifier: connectParams.client.modelIdentifier,
+						mode: connectParams.client.mode,
+						deviceId: device?.id,
+						roles: [role],
+						scopes,
+						instanceId: device?.id ?? instanceId,
+						reason: "connect"
+					});
+					incrementPresenceVersion();
+				}
+				if (role === "node") {
+					const context = buildRequestContext();
+					const nodeSession = context.nodeRegistry.register(nextClient, { remoteIp: reportedClientIp });
+					const instanceIdRaw = connectParams.client.instanceId;
+					const instanceId = typeof instanceIdRaw === "string" ? instanceIdRaw.trim() : "";
+					const nodeIdsForPairing = new Set([nodeSession.nodeId]);
+					if (instanceId) nodeIdsForPairing.add(instanceId);
+					for (const nodeId of nodeIdsForPairing) updatePairedNodeMetadata(nodeId, { lastConnectedAtMs: nodeSession.connectedAtMs }).catch((err) => logGateway.warn(`failed to record last connect for ${nodeId}: ${formatForLog(err)}`));
+					recordRemoteNodeInfo({
+						nodeId: nodeSession.nodeId,
+						displayName: nodeSession.displayName,
+						platform: nodeSession.platform,
+						deviceFamily: nodeSession.deviceFamily,
+						commands: nodeSession.commands,
+						remoteIp: nodeSession.remoteIp
+					});
+					refreshRemoteNodeBins({
+						nodeId: nodeSession.nodeId,
+						platform: nodeSession.platform,
+						deviceFamily: nodeSession.deviceFamily,
+						commands: nodeSession.commands,
+						cfg: getRuntimeConfig()
+					}).catch((err) => logGateway.warn(`remote bin probe failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+					loadVoiceWakeConfig().then((cfg) => {
+						context.nodeRegistry.sendEvent(nodeSession.nodeId, "voicewake.changed", { triggers: cfg.triggers });
+					}).catch((err) => logGateway.warn(`voicewake snapshot failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+					loadVoiceWakeRoutingConfig().then((routing) => {
+						context.nodeRegistry.sendEvent(nodeSession.nodeId, "voicewake.routing.changed", { config: routing });
+					}).catch((err) => logGateway.warn(`voicewake routing snapshot failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+				}
+				const snapshot = buildGatewaySnapshot({ includeSensitive: scopes.includes(ADMIN_SCOPE) });
+				const cachedHealth = getHealthCache();
+				if (cachedHealth) {
+					snapshot.health = cachedHealth;
+					snapshot.stateVersion.health = getHealthVersion();
+				}
+				const helloOkAuthScopes = deviceToken ? deviceToken.scopes : scopes;
+				const helloOk = {
+					type: "hello-ok",
+					protocol: 4,
+					server: {
+						version: resolveRuntimeServiceVersion(process.env),
+						connId
+					},
+					features: {
+						methods: gatewayMethods,
+						events
+					},
+					snapshot,
+					...Object.keys(pluginSurfaceUrls).length > 0 ? { pluginSurfaceUrls } : {},
+					auth: {
+						role,
+						scopes: helloOkAuthScopes,
+						...deviceToken ? {
+							deviceToken: deviceToken.token,
+							issuedAtMs: deviceToken.rotatedAtMs ?? deviceToken.createdAtMs,
+							...bootstrapDeviceTokens.length > 1 ? { deviceTokens: bootstrapDeviceTokens.slice(1) } : {}
+						} : {}
+					},
+					policy: {
+						maxPayload: MAX_PAYLOAD_BYTES,
+						maxBufferedBytes: MAX_BUFFERED_BYTES,
+						tickIntervalMs: TICK_INTERVAL_MS
+					}
+				};
+				let revokedBootstrapTokenRecord;
+				if (authMethod === "bootstrap-token" && bootstrapTokenCandidate && device) try {
+					if (handoffBootstrapProfile || issuedBootstrapProfile) {
+						const redemption = await redeemDeviceBootstrapTokenProfile({
+							token: bootstrapTokenCandidate,
+							role,
+							scopes
+						});
+						if (handoffBootstrapProfile || redemption.fullyRedeemed) {
+							const revoked = await revokeDeviceBootstrapToken({ token: bootstrapTokenCandidate });
+							if (!revoked.removed) logGateway.warn(`bootstrap token revoke skipped after profile redemption device=${device.id}`);
+							else revokedBootstrapTokenRecord = revoked.record;
+						}
+					}
+				} catch (err) {
+					logGateway.warn(`bootstrap token post-connect bookkeeping failed device=${device.id}: ${formatForLog(err)}`);
+				}
+				try {
+					await sendFrame({
+						type: "res",
+						id: frame.id,
+						ok: true,
+						payload: helloOk
+					});
+				} catch (err) {
+					if (revokedBootstrapTokenRecord) try {
+						await restoreDeviceBootstrapToken({ record: revokedBootstrapTokenRecord });
+					} catch (restoreErr) {
+						logGateway.warn(`bootstrap token restore after hello-send failure failed device=${device?.id ?? "unknown"}: ${formatForLog(restoreErr)}`);
+					}
+					setCloseCause("hello-send-failed", { error: formatForLog(err) });
+					close();
+					return;
+				}
+				logWs("out", "hello-ok", {
+					connId,
+					methods: gatewayMethods.length,
+					events: events.length,
+					presence: snapshot.presence.length,
+					stateVersion: snapshot.stateVersion.presence
+				});
+				refreshHealthSnapshot({ probe: false }).catch((err) => logHealth.error(`post-connect health refresh failed: ${formatError(err)}`));
+				return;
+			}
+			if (!validateRequestFrame(parsed)) {
+				send({
+					type: "res",
+					id: parsed?.id ?? "invalid",
+					ok: false,
+					error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid request frame: ${formatValidationErrors(validateRequestFrame.errors)}`)
+				});
+				return;
+			}
+			const req = parsed;
+			logWs("in", "req", {
+				connId,
+				id: req.id,
+				method: req.method
+			});
+			for (;;) {
+				const barrier = deviceCredentialMutationBarrier;
+				if (!barrier) break;
+				await barrier.catch(() => void 0);
+				if (isClosed()) return;
+			}
+			if (closeInvalidatedClient(client, req.method)) return;
+			if (client.usesSharedGatewayAuth) {
+				const requiredSharedGatewaySessionGeneration = getRequiredSharedGatewaySessionGeneration?.();
+				if (requiredSharedGatewaySessionGeneration !== void 0 && client.sharedGatewaySessionGeneration !== requiredSharedGatewaySessionGeneration) {
+					setCloseCause("gateway-auth-rotated", {
+						authGenerationStale: true,
+						method: req.method
+					});
+					close(4001, "gateway auth changed");
+					return;
+				}
+			}
+			const respond = (ok, payload, error, meta) => {
+				send({
+					type: "res",
+					id: req.id,
+					ok,
+					payload,
+					error
+				});
+				const unauthorizedRoleError = isUnauthorizedRoleError(error);
+				let logMeta = meta;
+				if (unauthorizedRoleError) {
+					const unauthorizedDecision = unauthorizedFloodGuard.registerUnauthorized();
+					if (unauthorizedDecision.suppressedSinceLastLog > 0) logMeta = {
+						...logMeta,
+						suppressedUnauthorizedResponses: unauthorizedDecision.suppressedSinceLastLog
+					};
+					if (!unauthorizedDecision.shouldLog) return;
+					if (unauthorizedDecision.shouldClose) {
+						setCloseCause("repeated-unauthorized-requests", {
+							unauthorizedCount: unauthorizedDecision.count,
+							method: req.method
+						});
+						queueMicrotask(() => close(1008, "repeated unauthorized calls"));
+					}
+					logMeta = {
+						...logMeta,
+						unauthorizedCount: unauthorizedDecision.count
+					};
+				} else unauthorizedFloodGuard.reset();
+				logWs("out", "res", {
+					connId,
+					id: req.id,
+					ok,
+					method: req.method,
+					errorCode: error?.code,
+					errorMessage: error?.message,
+					...logMeta
+				});
+			};
+			const dispatch = (async () => {
+				const { handleGatewayRequest } = await import("./server-methods-BmlBQJMD.js");
+				await handleGatewayRequest({
+					req,
+					respond,
+					client,
+					isWebchatConnect,
+					extraHandlers,
+					methodRegistry: getMethodRegistry?.(),
+					context: buildRequestContext()
+				});
+			})().catch((err) => {
+				logGateway.error(`request handler failed: ${formatForLog(err)}`);
+				respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err)));
+			});
+			if (DEVICE_CREDENTIAL_INVALIDATING_METHODS.has(req.method)) {
+				const barrier = dispatch.finally(() => {
+					if (deviceCredentialMutationBarrier === barrier) deviceCredentialMutationBarrier = void 0;
+				});
+				deviceCredentialMutationBarrier = barrier;
+			}
+		} catch (err) {
+			logGateway.error(`parse/handle error: ${String(err)}`);
+			logWs("out", "parse-error", {
+				connId,
+				error: formatForLog(err)
+			});
+			if (!getClient()) close();
+		}
+	};
+	socket.on("message", (data) => {
+		runWithDiagnosticTraceContext(createDiagnosticTraceContext(), () => handleMessage(data));
+	});
+}
+function getRawDataByteLength(data) {
+	if (Buffer.isBuffer(data)) return data.byteLength;
+	if (Array.isArray(data)) return data.reduce((total, chunk) => total + chunk.byteLength, 0);
+	if (data instanceof ArrayBuffer) return data.byteLength;
+	return Buffer.byteLength(String(data));
+}
+function setSocketMaxPayload(socket, maxPayload) {
+	const receiver = socket["_receiver"];
+	if (receiver) receiver["_maxPayload"] = maxPayload;
+}
+//#endregion
+export { attachGatewayWsMessageHandler };